From 822be545bf8f2d654152e59879ba6735248d0365 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cs=C3=B3ti=20Istv=C3=A1n?=
 <109945490+csotiistvan@users.noreply.github.com>
Date: Tue, 11 Jun 2024 13:52:10 +0200
Subject: [PATCH 1/2] Added secrets to Helm charts, incremented chart versions
 to trigger releaser workflow

---
 k8s/helm/tngkds/Chart.yaml                             |  2 +-
 k8s/helm/tngkds/charts/tngkds-backend/Chart.yaml       |  2 +-
 k8s/helm/tngkds/charts/tngkds-postgres/Chart.yaml      |  2 +-
 k8s/helm/tngkds/templates/did-signer-secret.yaml       |  8 ++++++++
 k8s/helm/tngkds/templates/mtls-secret.yaml             | 10 ++++++++++
 .../tngkds/templates/tng-distribution-pull-secret.yaml |  8 ++++++++
 k8s/helm/tngkds/templates/truststore-secret.yaml       |  8 ++++++++
 k8s/helm/tngkds/values.yaml                            |  8 ++++++++
 8 files changed, 45 insertions(+), 3 deletions(-)
 create mode 100644 k8s/helm/tngkds/templates/did-signer-secret.yaml
 create mode 100644 k8s/helm/tngkds/templates/mtls-secret.yaml
 create mode 100644 k8s/helm/tngkds/templates/tng-distribution-pull-secret.yaml
 create mode 100644 k8s/helm/tngkds/templates/truststore-secret.yaml

diff --git a/k8s/helm/tngkds/Chart.yaml b/k8s/helm/tngkds/Chart.yaml
index 93b8365..6a0f5bf 100644
--- a/k8s/helm/tngkds/Chart.yaml
+++ b/k8s/helm/tngkds/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/k8s/helm/tngkds/charts/tngkds-backend/Chart.yaml b/k8s/helm/tngkds/charts/tngkds-backend/Chart.yaml
index ef2337c..0d4f241 100644
--- a/k8s/helm/tngkds/charts/tngkds-backend/Chart.yaml
+++ b/k8s/helm/tngkds/charts/tngkds-backend/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.1.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/Chart.yaml b/k8s/helm/tngkds/charts/tngkds-postgres/Chart.yaml
index f138934..8e1d514 100644
--- a/k8s/helm/tngkds/charts/tngkds-postgres/Chart.yaml
+++ b/k8s/helm/tngkds/charts/tngkds-postgres/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.1.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/k8s/helm/tngkds/templates/did-signer-secret.yaml b/k8s/helm/tngkds/templates/did-signer-secret.yaml
new file mode 100644
index 0000000..a1918d9
--- /dev/null
+++ b/k8s/helm/tngkds/templates/did-signer-secret.yaml
@@ -0,0 +1,8 @@
+kind: Secret
+apiVersion: v1
+metadata:
+  name: did-signer-secret
+  namespace: {{ .Release.Namespace }}
+data:
+	did-signer.p12: {{ .Values.secrets.didSigner }}
+type: Opaque
diff --git a/k8s/helm/tngkds/templates/mtls-secret.yaml b/k8s/helm/tngkds/templates/mtls-secret.yaml
new file mode 100644
index 0000000..44fa91f
--- /dev/null
+++ b/k8s/helm/tngkds/templates/mtls-secret.yaml
@@ -0,0 +1,10 @@
+kind: Secret
+apiVersion: v1
+metadata:
+  name: mtls-secret
+  namespace: {{ .Release.Namespace }}
+data:
+	tls_key_store.p12: {{ .Values.secrets.mtls.tlsKeyStore }}
+  tng_tls_server_truststore.p12: {{ .Values.secrets.mtls.tlsServerTrustStore }}
+	trustanchor_store.jks: {{ .Values.secrets.mtls.tlsTrustAnchorStore }}
+type: Opaque
\ No newline at end of file
diff --git a/k8s/helm/tngkds/templates/tng-distribution-pull-secret.yaml b/k8s/helm/tngkds/templates/tng-distribution-pull-secret.yaml
new file mode 100644
index 0000000..a0e8869
--- /dev/null
+++ b/k8s/helm/tngkds/templates/tng-distribution-pull-secret.yaml
@@ -0,0 +1,8 @@
+kind: Secret
+apiVersion: v1
+metadata:
+  name: tng-distribution-pull-secret
+  namespace: {{ .Release.Namespace }}
+data:
+	.dockerconfigjson: {{ .Values.secrets.dockerPull }}
+type: kubernetes.io/dockerconfigjson
\ No newline at end of file
diff --git a/k8s/helm/tngkds/templates/truststore-secret.yaml b/k8s/helm/tngkds/templates/truststore-secret.yaml
new file mode 100644
index 0000000..a9ce58d
--- /dev/null
+++ b/k8s/helm/tngkds/templates/truststore-secret.yaml
@@ -0,0 +1,8 @@
+kind: Secret
+apiVersion: v1
+metadata:
+  name: truststore-secret
+  namespace: {{ .Release.Namespace }}
+data:
+	tls_trust_store.jks: {{ .Values.secrets.trustStore }}
+type: Opaque
\ No newline at end of file
diff --git a/k8s/helm/tngkds/values.yaml b/k8s/helm/tngkds/values.yaml
index 0d6c767..4a785c0 100644
--- a/k8s/helm/tngkds/values.yaml
+++ b/k8s/helm/tngkds/values.yaml
@@ -41,3 +41,11 @@ tngkds-backend:
         alias: trustanchor
         password: <password of trustanchor_store>
         path: /certs/trustanchor_store.jks
+  secrets: # Below are all b64 encoded
+	  didSigner: <DID signer cert>
+	  dockerPull: <docker pull secret>
+	  trustStore: <trust store jks>
+	  mtls:
+		  tlsKeyStore: <tls trust store>
+		  tlsServerTrustStore: <tls server trust store>
+		  tlsTrustAnchorStore: <tls trustanchor store>
\ No newline at end of file

From 8c068b0834c2369c3f764f66d0baf2fbd17ff642 Mon Sep 17 00:00:00 2001
From: Torsten Egenolf <torsten.egenolf@t-systems.com>
Date: Thu, 13 Jun 2024 17:58:32 +0200
Subject: [PATCH 2/2] fix(did): signing alogrithm

---
 .../keydistribution/service/did/LocalKeystoreByteSigner.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/did/LocalKeystoreByteSigner.java b/src/main/java/tng/trustnetwork/keydistribution/service/did/LocalKeystoreByteSigner.java
index bd5b2e3..6c3e250 100644
--- a/src/main/java/tng/trustnetwork/keydistribution/service/did/LocalKeystoreByteSigner.java
+++ b/src/main/java/tng/trustnetwork/keydistribution/service/did/LocalKeystoreByteSigner.java
@@ -49,7 +49,7 @@ public LocalKeystoreByteSigner(KdsConfigProperties kdsConfigProperties)
         throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException,
                UnrecoverableKeyException {
 
-        super("EC");
+        super("ES256");
 
         KeyStore keyStore = KeyStore.getInstance("JKS");