Support Central Marketplace and increase verifeir version to support DCQL

charts/data-space-connector/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: data-space-connector
 description: Umbrella Chart for the FIWARE Data Space Connector, combining all essential parts to be used by a participant.
 type: application
-version: 8.2.22
+version: 8.3.0
 dependencies:
   - name: postgresql
     condition: postgresql.enabled
@@ -11,11 +11,11 @@ dependencies:
   # authentication
   - name: vcverifier
     condition: vcverifier.enabled
-    version: 4.1.2
+    version: 4.3.0
     repository: https://fiware.github.io/helm-charts
   - name: credentials-config-service
     condition: credentials-config-service.enabled
-    version: 2.1.12
+    version: 2.3.0
     repository: https://fiware.github.io/helm-charts
   - name: trusted-issuers-list
     condition: trusted-issuers-list.enabled
@@ -33,7 +33,7 @@ dependencies:
   # authorization
   - name: odrl-pap
     condition: odrl-pap.enabled
-    version: 2.0.2
+    version: 2.3.0
     repository: https://fiware.github.io/helm-charts
   - name: apisix
     condition: apisix.enabled
@@ -53,16 +53,16 @@ dependencies:
   # issuance
   - name: keycloak
     condition: keycloak.enabled
-    version: 24.5.2
+    version: 25.2.0
     repository: oci://registry-1.docker.io/bitnamicharts
   # contract management
   - name: tm-forum-api
     condition: tm-forum-api.enabled
-    version: 0.14.11
+    version: 0.14.14
     repository: https://fiware.github.io/helm-charts
   - name: contract-management
     condition: contract-management.enabled
-    version: 3.2.0
+    version: 3.5.6
     repository: https://fiware.github.io/helm-charts
   # marketplace
   - name: business-api-ecosystem

charts/data-space-connector/templates/did-cm.yaml

@@ -22,8 +22,15 @@ data:
             {{- else }}
             "kty: "RSA",
             {{- end }}
+            {{- if eq .Values.didJson.key.kty "RSA" }}
             "e": {{ .Values.didJson.key.exponent | quote }},
             "n": {{ .Values.didJson.key.modulus | quote }},
+            {{- end }}
+            {{- if eq .Values.didJson.key.kty "EC" }}
+            "crv": {{ .Values.didJson.key.crv | quote }},
+            "x": {{ .Values.didJson.key.xCoord | quote }},
+            "y": {{ .Values.didJson.key.yCoord | quote }},
+            {{- end }}
             {{- if .Values.didJson.key.x5u }}
             "x5u": {{ .Values.didJson.key.x5u | quote }}
             {{- else }}

charts/data-space-connector/templates/did-ingress.yaml

@@ -4,10 +4,39 @@ kind: Ingress
 metadata:
   name: did-json
   namespace: {{ $.Release.Namespace | quote }}
-{{- if .Values.didJson.ingress.annotations }}
   annotations:
-{{- toYaml .Values.didJson.ingress.annotations | nindent 4 }}
-{{- end }}
+    {{- with .Values.didJson.ingress.annotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+    traefik.ingress.kubernetes.io/service.passhostheader: "true"
+  labels:
+    {{ include "dsc.labels" . | nindent 4 }}
+spec:
+  {{- if .Values.didJson.ingress.tlsSecret }}
+  tls:
+    - hosts:
+      - {{ .Values.didJson.ingress.host }}
+      secretName: {{ .Values.didJson.ingress.tlsSecret }}
+  {{- end }}
+  rules:
+    - host: {{ .Values.didJson.ingress.host }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: did-json
+                port:
+                  name: http
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: did-json-unsecured
+  namespace: {{ $.Release.Namespace | quote }}
+  annotations:
+    traefik.ingress.kubernetes.io/service.passhostheader: "true"
   labels:
     {{ include "dsc.labels" . | nindent 4 }}
 spec:

charts/data-space-connector/templates/participant-registration.yaml

@@ -13,9 +13,7 @@ data:
     {{ .Values.registration.prepScript }} 
     {{- end }}
     {{- $registration := .Values.registration}}
-    {{- range $index, $credentialType := .Values.registration.credentialTypes }}
 
-    # credentials config service registration
     curl -v -X 'POST' \
       '{{ $registration.til }}/issuer' \
       -H 'accept: */*' \
@@ -31,6 +29,5 @@ data:
         {{- end }}
       ]
     }"
-    {{- end }}
 
 {{- end }}

charts/data-space-connector/templates/realm.yaml

@@ -11,8 +11,8 @@ data:
     {
       "id": "{{ .Values.keycloak.realm.name }}",
       "realm": "{{ .Values.keycloak.realm.name }}",
-      "displayName": "Keycloak",
-      "displayNameHtml": "<div class=\"kc-logo-text\"><span>Keycloak</span></div>",
+      "displayName": "{{ .Values.keycloak.realm.name }}",
+      "displayNameHtml": "<div class=\"kc-logo-text\"><span>{{ .Values.keycloak.realm.name }}</span></div>",
       "verifiableCredentialsEnabled": true,
       "enabled": true,
       "attributes": {
@@ -630,9 +630,33 @@ data:
             "providerId": "jwt_vc"
           } 
         ],
-
-        {{- if eq .Values.elsi.enabled  true }}
         "org.keycloak.keys.KeyProvider": [
+          {
+            "name": "ecdh-generated",
+            "providerId": "ecdh-generated",
+            "subComponents": {},
+            "config": {
+              "ecGenerateCertificate": [
+                "false"
+              ],
+              "active": [
+                "true"
+              ],
+              "priority": [
+                "0"
+              ],
+              "ecdhAlgorithm": [
+                "ECDH-ES"
+              ],
+              "ecdhEllipticCurveKey": [
+                "P-256"
+              ],
+              "enabled": [
+                "true"
+              ]
+            }
+          },
+        {{- if eq .Values.elsi.enabled  true }}
           {
             "id": "a4589e8f-7f82-4345-b2ea-ccc9d4366600",
             "name": {{ .Values.elsi.keyAlias | quote }},
@@ -658,9 +682,7 @@ data:
               ]
             }
           }
-        ]
         {{- else if .Values.keycloak.signingKey }}
-        "org.keycloak.keys.KeyProvider": [
           {
             "id": "a4589e8f-7f82-4345-b2ea-ccc9d4366600",
             "name": "signing-key",
@@ -690,9 +712,7 @@ data:
               ]
             }
           }
-        ]
         {{ else }}
-        "org.keycloak.keys.KeyProvider": [
           {
             "id": "a4589e8f-7f82-4345-b2ea-ccc9d4366600",
             "name": "test-key",
@@ -718,8 +738,8 @@ data:
               ]
             }
           }
-        ]
         {{- end }}
+        ]
       }
     }
 

charts/data-space-connector/values.yaml

@@ -479,12 +479,15 @@ keycloak:
   image:
     # -- repository where the image is held, see https://github.com/bitnami/charts/issues/35164 for further info
     repository: bitnamilegacy/keycloak
-    tag: 26.3.2-debian-12-r0
   # -- disable the security context, required by the current quarkus container, will be solved in the future chart versions of keycloak
   containerSecurityContext:
     enabled: false
   proxyHeaders: xforwarded
   proxy: edge
+  logging:
+    level: DEBUG
+  tls:
+    enabled: false
   service:
     ports:
       http: 8080
@@ -523,8 +526,6 @@ keycloak:
 
   # -- extra env vars to be set. we require them at the moment, since some of the chart config mechanisms only work with the bitnami-image
   extraEnvVars:
-    - name: KEYCLOAK_LOG_LEVEL
-      value: INFO
     - name: KEYCLOAK_EXTRA_ARGS
       value: "--import-realm"
     - name: KC_FEATURES
@@ -611,6 +612,7 @@ keycloak:
         "frontchannelLogout": false,
         "protocol": "oid4vc",
         "attributes": {
+          "oid4vci.enabled": true,
           "client.secret.creation.time": "1675260539",
           "vc.natural-person.format": "jwt_vc",
           "vc.natural-person.scope": "NaturalPersonCredential",
@@ -851,6 +853,8 @@ contract-management:
   # -- should it be enabled? set to false if one outside the chart is used.
   enabled: true
   fullnameOverride: contract-management
+  til:
+    credentialType: OperatorCredential
   services:
     ## Config for Trusted Issuers List
     trusted-issuers-list:
@@ -881,6 +885,7 @@ contract-management:
     odrl:
       ## URL to the ODRL-PAP
       url: http://odrl-pap:8080
+
 
 # -- configuration for the did-helper, should only be used for demonstrational deployments, see https://github.com/wistefan/did-helper
 did:
@@ -889,7 +894,6 @@ did:
 # -- configuration for registering a participant at the til, will most probably only be used in demonstrational enviornments
 registration:
   enabled: false
-  prepScript: "test"
 
 # -- configuration for the .well-known/data-space-configuration endpoint document
 dataSpaceConfig: