Init

.github/workflows/check.yml

@@ -0,0 +1,50 @@
+name: Check PR
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - labeled
+      - unlabeled
+    branches:
+      - main
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: actions/setup-java@v1
+        with:
+          java-version: '17'
+          java-package: jdk
+
+      - id: bump
+        uses: zwaldowski/match-label-action@v1
+        with:
+          allowed: major,minor,patch
+
+      - uses: zwaldowski/semver-release-action@v2
+        with:
+          dry_run: true
+          bump: ${{ steps.bump.outputs.match }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+  comment:
+    runs-on: ubuntu-latest
+    if: always()
+    steps:
+      - uses: technote-space/workflow-conclusion-action@v2
+      - name: Checkout
+        uses: actions/checkout@v1
+
+      - name: Comment PR
+        if: env.WORKFLOW_CONCLUSION == 'failure'
+        uses: thollander/actions-comment-pull-request@1.0.2
+        with:
+          message: "Please apply one of the following labels to the PR: 'patch', 'minor', 'major'."
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

@@ -0,0 +1,97 @@
+name: Release
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+
+  generate-version:
+    runs-on: ubuntu-latest
+
+    outputs:
+      version: ${{ steps.out.outputs.version }}
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: actions/setup-java@v1
+        with:
+          java-version: '11'
+          java-package: jdk
+
+      - id: pr
+        uses: actions-ecosystem/action-get-merged-pull-request@v1.0.1
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: zwaldowski/semver-release-action@v2
+        with:
+          dry_run: true
+          bump: patch
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set version output
+        id: out
+        run: echo "::set-output name=version::$(echo ${VERSION})"
+
+  build-and-deploy:
+
+    needs: [ "generate-version" ]
+    runs-on: ubuntu-latest
+
+    steps:
+
+      - uses: actions/checkout@v2
+
+      - uses: crazy-max/ghaction-import-gpg@v5
+        with:
+          gpg_private_key: ${{ secrets.GPG_SECRET_KEY }}
+          passphrase: ${{ secrets.GPG_SECRET_KEY_PASSWORD }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+
+      - uses: actions/setup-java@v3
+        with:
+          distribution: temurin
+          java-version: 17
+          cache: maven
+          server-id: sonatype.org
+          server-username: SONATYPE_ORG_USERNAME
+          server-password: SONATYPE_ORG_PASSWORD
+          gpg-private-key: ${{ secrets.GPG_SECRET_KEY }}
+          gpg-passphrase: GPG_PASSPHRASE
+
+      - name: Set version
+        run: |
+          mvn versions:set -DnewVersion=${{ needs.generate-version.outputs.version }}
+
+      - name: Run tests
+        run: |
+          mvn clean test
+
+      - name: Build and release it
+        env:
+          SONATYPE_ORG_USERNAME: ${{ secrets.SONATYPE_ORG_USERNAME }}
+          SONATYPE_ORG_PASSWORD: ${{ secrets.SONATYPE_ORG_PASSWORD }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_SECRET_KEY_PASSWORD }}
+        run: |
+          mvn install deploy -Prelease -Dgpg.keyname=563C5DE0C079D6AD
+
+
+  git-release:
+    needs: [ "generate-version", "build-and-deploy" ]
+
+    runs-on: ubuntu-latest
+
+    steps:
+
+      - uses: actions/checkout@v2
+
+      - uses: "marvinpinto/action-automatic-releases@latest"
+        with:
+          repo_token: "${{ secrets.GITHUB_TOKEN }}"
+          automatic_release_tag: ${{ needs.generate-version.outputs.version }}
+          prerelease: false
+          title: ${{ needs.generate-version.outputs.version }}

.github/workflows/test.yml

@@ -0,0 +1,21 @@
+name: Test
+
+on:
+  push:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push'
+
+    steps:
+
+      - uses: actions/checkout@v2
+
+      - uses: actions/setup-java@v1
+        with:
+          java-version: '21'
+          java-package: jdk
+
+      - name: Run tests
+        run: mvn clean test

README.md

@@ -0,0 +1,69 @@
+# DCQL-Java
+
+A Java implementation of the [Digital Credentials Query Language(DCQL)](https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-digital-credentials-query-l).
+
+## Maven
+
+The library is avaliable at maven central:
+
+## Example usage
+
+In order to evaluate DCQL-Queries, a list of [VerifiableCredentials](https://en.wikipedia.org/wiki/Verifiable_credentials) has to be provided.
+The library itself uses a minimum of dependencies, therefor parsing of credentials and queries needs to be done by the caller.
+A possible option is [Jackson](https://github.com/FasterXML/jackson). In order to properly deserialize a query, the [ObjectMapper](https://www.baeldung.com/jackson-object-mapper-tutorial)
+needs to be configured as following:
+
+```java
+    ObjectMapper objectMapper = new ObjectMapper();
+    // future and backwards compatible, just ignore unsupported parts
+    objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+    // properties should be translated following snake-case, e.g. `claimSet` becomes `claim_set`and vice versa
+    objectMapper.setPropertyNamingStrategy(PropertyNamingStrategies.SNAKE_CASE);
+    SimpleModule deserializerModule = new SimpleModule();
+    // help deserialization of the enums. See test/java/io/github/wistefan/dcql/helper for their implementations
+    deserializerModule.addDeserializer(CredentialFormat.class, new CredentialFormatDeserializer());
+    deserializerModule.addDeserializer(TrustedAuthorityType.class, new TrustedAuthorityTypeDeserializer());
+    objectMapper.registerModule(deserializerModule);
+```
+
+Since credentials are usually not standard json-format, additional helper might be required. In case of sd-jwt and jwt credentials, 
+a library like [Nimbus JOSE+JWT](https://mvnrepository.com/artifact/com.nimbusds/nimbus-jose-jwt) can be used. See examples for loading SD and JWT credentials
+in the [ParseCredentialTest](./src/test/java/io/github/wistefan/dcql/example/ParseCredentialTest.java)
+
+After loading the credentials and providing query, evaluation is straight-forward:
+```java
+    // this configuration would support all CredentialFormats currently included in DCQL.
+    DCQLEvaluator dcqlEvaluator = new DCQLEvaluator(List.of(
+        new JwtCredentialEvaluator(),
+        new DcSdJwtCredentialEvaluator(),
+        new VcSdJwtCredentialEvaluator(),
+        new MDocCredentialEvaluator(),
+        new LdpCredentialEvaluator()));
+    QueryResult queryResult = dcqlEvaluator.evaluateDCQLQuery(dcqlQuery, credentialsList);
+```
+
+The [QueryResult](./src/main/java/io/github/wistefan/dcql/QueryResult.java) provides a quick success indicator and the filtered list of credentials to be used.
+In case of SD-JWT Credentials, only the requested elements are disclosed.
+
+## Limitations
+
+As of now, DCQL-Java only supports querying for trusted authorities of type [Authority Key Identifier("aki")](https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-authority-key-identifier). 
+In order to do so, a [bouncycastle](https://www.bouncycastle.org/) implementation needs to be provided:
+
+```xml
+    <dependency>
+        <groupId>org.bouncycastle</groupId>
+        <artifactId>bcprov-jdk18on</artifactId>
+        <version>${version.org.bouncycastle}</version>
+    </dependency>
+    <dependency>
+        <groupId>org.bouncycastle</groupId>
+        <artifactId>bcpkix-jdk18on</artifactId>
+        <version>${version.org.bouncycastle}</version>
+    </dependency>
+```
+
+## License
+
+DCQL-Java is licensed under the Apache License, Version 2.0. See [LICENSE](LICENSE) for the full license text.
+