A Java implementation of the Digital Credentials Query Language(DCQL).
The library is available at maven central:
<dependency>
<groupId>io.github.wistefan</groupId>
<artifactId>dcql-java</artifactId>
</dependency>In order to evaluate DCQL-Queries, a list of VerifiableCredentials has to be provided. The library itself uses a minimum of dependencies, therefor parsing of credentials and queries needs to be done by the caller. A possible option is Jackson. In order to properly deserialize a query, the ObjectMapper needs to be configured as following:
ObjectMapper objectMapper = new ObjectMapper();
// future and backwards compatible, just ignore unsupported parts
objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
// properties should be translated following snake-case, e.g. `claimSet` becomes `claim_set`and vice versa
objectMapper.setPropertyNamingStrategy(PropertyNamingStrategies.SNAKE_CASE);
SimpleModule deserializerModule = new SimpleModule();
// help deserialization of the enums. See test/java/io/github/wistefan/dcql/helper for their implementations
deserializerModule.addDeserializer(CredentialFormat.class, new CredentialFormatDeserializer());
deserializerModule.addDeserializer(TrustedAuthorityType.class, new TrustedAuthorityTypeDeserializer());
objectMapper.registerModule(deserializerModule);Since credentials are usually not standard json-format, additional helper might be required. In case of sd-jwt and jwt credentials, a library like Nimbus JOSE+JWT can be used. See examples for loading SD and JWT credentials in the ParseCredentialTest
After loading the credentials and providing query, evaluation is straight-forward:
// this configuration would support all CredentialFormats currently included in DCQL.
DCQLEvaluator dcqlEvaluator = new DCQLEvaluator(List.of(
new JwtCredentialEvaluator(),
new DcSdJwtCredentialEvaluator(),
new VcSdJwtCredentialEvaluator(),
new MDocCredentialEvaluator(),
new LdpCredentialEvaluator()));
QueryResult queryResult = dcqlEvaluator.evaluateDCQLQuery(dcqlQuery, credentialsList);The QueryResult provides a quick success indicator and the filtered list of credentials to be used. In case of SD-JWT Credentials, only the requested elements are disclosed.
As of now, DCQL-Java only supports querying for trusted authorities of type Authority Key Identifier("aki"). In order to do so, a bouncycastle implementation needs to be provided:
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk18on</artifactId>
<version>${version.org.bouncycastle}</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk18on</artifactId>
<version>${version.org.bouncycastle}</version>
</dependency>DCQL-Java is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.