FIWARE
diff --git a/‎charts/data-space-connector/Chart.yaml
Lines changed: 7 additions & 2 deletions b/‎charts/data-space-connector/Chart.yaml
Lines changed: 7 additions & 2 deletions
diff --git a/‎charts/data-space-connector/templates/crl-provider-secret.yaml
Lines changed: 11 additions & 0 deletions b/‎charts/data-space-connector/templates/crl-provider-secret.yaml
Lines changed: 11 additions & 0 deletions
diff --git a/‎charts/data-space-connector/templates/elsi-secret.yaml
Lines changed: 11 additions & 0 deletions b/‎charts/data-space-connector/templates/elsi-secret.yaml
Lines changed: 11 additions & 0 deletions
diff --git a/‎charts/data-space-connector/templates/realm.yaml
Lines changed: 87 additions & 1 deletion b/‎charts/data-space-connector/templates/realm.yaml
Lines changed: 87 additions & 1 deletion
diff --git a/‎charts/data-space-connector/values.yaml
Lines changed: 47 additions & 2 deletions b/‎charts/data-space-connector/values.yaml
Lines changed: 47 additions & 2 deletions
@@ -2,7 +2,7 @@ apiVersion: v2
 name: data-space-connector
 description: Umbrella Chart for the FIWARE Data Space Connector, combining all essential parts to be used by a participant.
 type: application
-version: 7.17.2
+version: 7.22.0
 dependencies:
   - name: postgresql
     condition: postgresql.enabled
@@ -11,7 +11,7 @@ dependencies:
   # authentication
   - name: vcverifier
     condition: vcverifier.enabled
-    version: 2.9.2
+    version: 2.11.0
     repository: https://fiware.github.io/helm-charts
   - name: credentials-config-service
     condition: credentials-config-service.enabled
@@ -25,6 +25,11 @@ dependencies:
     condition: mysql.enabled
     version: 9.4.4
     repository: https://charts.bitnami.com/bitnami
+  - name: dss-validation-service
+    alias: dss
+    condition: dss.enabled
+    version: 0.0.14
+    repository: https://fiware.github.io/helm-charts
   # authorization
   - name: odrl-pap
     condition: odrl-pap.enabled
 
@@ -0,0 +1,11 @@
+{{- if eq .Values.dss.crl.enabled true }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: crl-provider
+  namespace: {{ $.Release.Namespace | quote }}
+  labels:
+    {{ include "dsc.labels" . | nindent 4 }}
+data:
+  {{- toYaml .Values.dss.crl.secret | nindent 2 }}
+{{- end }}
@@ -0,0 +1,11 @@
+{{- if .Values.elsi.keystore }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: elsi-secret
+  namespace: {{ $.Release.Namespace | quote }}
+  labels:
+    {{ include "dsc.labels" . | nindent 4 }}
+data:
+  {{- toYaml .Values.elsi.keystore | nindent 2 }}
+{{- end }}
@@ -16,7 +16,13 @@ data:
       "enabled": true,
       "attributes": {
         "frontendUrl": "{{ .Values.keycloak.realm.frontendUrl }}",
+        {{- if eq .Values.elsi.enabled  true }}
+        "issuerDid": {{ .Values.elsi.did | quote }}
+        {{- else if .Values.keycloak.signingKey }}
+        "issuerDid": {{ .Values.keycloak.signingKey.did | quote }}
+        {{- else }}
         "issuerDid": "${DID}"
+        {{- end }}
       },
       "sslRequired": "none",
       "roles": {
@@ -103,24 +109,103 @@ data:
           {
             "id": "jwt-signing",
             "name": "jwt-signing-service",
-            "providerId": "jwt_vc",
+            "providerId": "jades-jws-signing",
             "subComponents": {},
             "config": {
               "keyId": [
+                {{- if eq .Values.elsi.enabled  true }}
+                {{ .Values.elsi.did | quote }}
+                {{- else if .Values.keycloak.signingKey }}
+                {{ .Values.keycloak.signingKey.did | quote }}
+                {{- else }}
                 "${DID}"
+                {{- end }}
               ],
               "algorithmType": [
+                {{- if eq .Values.elsi.enabled  true }}
+                {{ .Values.elsi.keyAlgorithm | quote }}
+                {{- else if .Values.keycloak.signingKey }}
+                {{ .Values.keycloak.signingKey.keyAlgorithm | quote }}
+                {{- else }}
                 "ES256"
+                {{- end }}
               ],
               "issuerDid": [
+                {{- if eq .Values.elsi.enabled  true }}
+                {{ .Values.elsi.did | quote }}
+                {{- else if .Values.keycloak.signingKey }}
+                {{ .Values.keycloak.signingKey.did | quote }}
+                {{- else }}
                 "${DID}"
+                {{- end }}
               ],
               "tokenType": [
                 "JWT"
               ]
             }
           }
         ],
+        {{- if eq .Values.elsi.enabled  true }}
+        "org.keycloak.keys.KeyProvider": [
+          {
+            "id": "a4589e8f-7f82-4345-b2ea-ccc9d4366600",
+            "name": {{ .Values.elsi.keyAlias | quote }},
+            "providerId": "java-keystore",
+            "subComponents": {},
+            "config": {
+              "keystore": [ {{ .Values.elsi.storePath | quote }} ],
+              "keystorePassword": [ {{ .Values.elsi.storePassword | quote }} ],
+              "keyAlias": [ {{ .Values.elsi.keyAlias | quote }} ],
+              "keyPassword": [ {{ .Values.elsi.keyPassword | quote }} ],
+              "kid": [ {{ .Values.elsi.did | quote }} ],
+              "active": [
+                "true"
+              ],
+              "priority": [
+                "0"
+              ],
+              "enabled": [
+                "true"
+              ],
+              "algorithm": [
+                {{ .Values.elsi.keyAlgorithm | quote }}
+              ]
+            }
+          }
+        ]
+        {{- else if .Values.keycloak.signingKey }}
+        "org.keycloak.keys.KeyProvider": [
+          {
+            "id": "a4589e8f-7f82-4345-b2ea-ccc9d4366600",
+            "name": "signing-key",
+            "providerId": "java-keystore",
+            "subComponents": {},
+            "config": {
+              "keystore": [ {{ .Values.keycloak.signingKey.storePath | quote }} ],
+              "keystorePassword": [ {{ .Values.keycloak.signingKey.storePassword | quote }} ],
+              "keyAlias": [ {{ .Values.keycloak.signingKey.keyAlias | quote }} ],
+              "keyPassword": [ {{ .Values.keycloak.signingKey.keyPassword | quote }} ],
+              {{- if .Values.keycloak.signingKey.did }}
+              "kid": [ {{ .Values.keycloak.signingKey.did | quote }} ],
+              {{- else }}
+              "kid": [ "${DID}" ],
+              {{- end }}
+              "active": [
+                "true"
+              ],
+              "priority": [
+                "0"
+              ],
+              "enabled": [
+                "true"
+              ],
+              "algorithm": [
+                {{ .Values.keycloak.signingKey.keyAlgorithm | quote }}
+              ]
+            }
+          }
+        ]
+        {{ else }}
         "org.keycloak.keys.KeyProvider": [
           {
             "id": "a4589e8f-7f82-4345-b2ea-ccc9d4366600",
@@ -148,6 +233,7 @@ data:
             }
           }
         ]
+        {{- end }}
       }
     }
 
 
@@ -71,6 +71,18 @@ vcverifier:
     # -- we do not need authentication here
     authEnabled: false
 
+# -- configuration for the digital-signature.service to be deployed as part of the connector in case of did:elsi support
+dss:
+  # -- should it be enabled?
+  enabled: false
+  # -- allows to set a fixed name for the services
+  fullnameOverride: dss
+  # -- can be used to provide the crl for ca's provided as truststore to the dss
+  crl:
+    # -- should it be enabled?
+    enabled: false
+
+
 # -- configuration for the credentials-config-service to be deployed as part of the connector, see https://github.com/FIWARE/helm-charts/tree/main/charts/credentials-config-service for all options
 credentials-config-service:
   # -- should it be enabled? set to false if one outside the chart is used.
@@ -162,7 +174,7 @@ opa:
   data:
     minDelay: 1
     maxDelay: 15
-
+  
 # -- configuration for apisix to be deployed as part of the connector, see https://github.com/bitnami/charts/tree/main/bitnami/apisix for all options
 apisix:
   # -- should it be enabled? set to false if one outside the chart is used.
@@ -369,6 +381,26 @@ scorpio:
         name: scorpio-registration
         defaultMode: 0755
 
+# -- configuration to issue credentials, using a did:elsi
+elsi:
+  # -- should a did:elsi be used
+  enabled: false
+  # -- keystore to be used for signing the credentials 
+  # keystore: 
+    # store.p12: <THE_ENCODED_CONTENT>
+  # -- the did to be used
+  did:
+  # -- algorithm of the signing key
+  keyAlgorithm:
+  # -- path to the keystore 
+  storePath:
+  # -- password for the keystore
+  storePassword:
+  # -- alias of the key
+  keyAlias: 
+  # -- password of the key
+  keyPassword:
+
 ## configuration of the keycloak - see https://github.com/bitnami/charts/tree/main/bitnami/keycloak for details
 keycloak:
   # -- should it be enabled? set to false if one outside the chart is used.
@@ -542,7 +574,20 @@ keycloak:
         "defaultClientScopes": [],
         "optionalClientScopes": []
       }
-
+  # -- configuration for the signing key to be used for issuing credentials
+  # signingKey:
+    # -- path to the keystore containing the signing key
+    # storePath:
+    # -- password for the keystore containing the signing key
+    # storePassword:
+    # -- alias of the signing key
+    # keyAlias:
+    # -- password of the signing key
+    # keyPassword:
+    # -- algorithm of the signing key
+    # keyAlgorithm: 
+    # -- did that the key belongs to 
+    # did: 
 
 ## configuration of the tm-forum-api - see https://github.com/FIWARE/helm-charts/tree/main/charts/tm-forum-api for details
 tm-forum-api: