Add dcql support (#17)

* extend api

* support dcql

* run on test

* fix tests

Author: wistefan

.github/workflows/test.yml

@@ -2,6 +2,7 @@ name: Test
 
 on:
   push:
+  pull_request:
 
 jobs:
   test:

api/credentials-config-service.yaml

@@ -290,10 +290,16 @@ components:
             $ref: '#/components/schemas/Credential'
         presentationDefinition:
           $ref: '#/components/schemas/PresentationDefinition'
+          nullable: true
+        dcql:
+          $ref: '#/components/schemas/DCQL'
+          nullable: true
         flatClaims:
           type: boolean
           default: false
           description: When set, the claim are flatten to plain JWT-claims before beeing included, instead of keeping the credential/presentation structure, where the claims are under the key vc or vp
+      required:
+        - credentials
     Service:
       type: object
       description: Configuration of a service and its credentials
@@ -311,6 +317,13 @@ components:
           description: A specific OIDC scope for that service, specifying the necessary VC types (credentials)
           additionalProperties:
             $ref: '#/components/schemas/ServiceScopesEntry'
+        authorizationType:
+          type: string
+          description: The authorization redirect to be created.
+          default: FRONTEND_V2
+          enum:
+            - FRONTEND_V2
+            - DEEPLINK
       required:
         - oidcScopes
         - defaultOidcScope
@@ -335,6 +348,165 @@ components:
           description: The list of services
           items:
             $ref: '#/components/schemas/Service'
+    DCQL:
+      type: object
+      description: JSON encoded query to request the credentials to be included in the presentation
+      properties:
+        credentials:
+          type: array
+          description: A non-empty array of Credential Queries that specify the requested Credentials.
+          items:
+            $ref: '#/components/schemas/CredentialQuery'
+        credential_sets:
+          type: array
+          description: A non-empty array of Credential Set Queries that specifies additional constraints on which of the requested Credentials to return.
+          items:
+            $ref: '#/components/schemas/CredentialSetQuery'
+      required:
+        - credentials
+    CredentialQuery:
+      type: object
+      description: A Credential Query is an object representing a request for a presentation of one or more matching Credentials
+      properties:
+        id:
+          type: string
+          description: A string identifying the Credential in the response and, if provided, the constraints in credential_sets. The value MUST be a non-empty string consisting of alphanumeric, underscore (_), or hyphen (-) characters. Within the Authorization Request, the same id MUST NOT be present more than once.
+          example: my-credential-query-id
+        format:
+          type: string
+          description: A string that specifies the format of the requested Credential.
+          enum:
+            - mso_mdoc
+            - vc+sd-jwt
+            - dc+sd-jwt
+            - ldp_vc
+            - jwt_vc_json
+          example: jwt_vc_json
+        multiple:
+          type: boolean
+          default: false
+          description: A boolean which indicates whether multiple Credentials can be returned for this Credential Query. If omitted, the default value is false.
+          example: false
+        claims:
+          type: array
+          description: A non-empty array of objects  that specifies claims in the requested Credential. Verifiers MUST NOT point to the same claim more than once in a single query. Wallets SHOULD ignore such duplicate claim queries.
+          items:
+            $ref: '#/components/schemas/ClaimsQuery'
+        meta:
+          $ref: '#/components/schemas/MetaDataQuery'
+        require_cryptographic_holder_binding:
+          type: boolean
+          default: true
+          description: A boolean which indicates whether the Verifier requires a Cryptographic Holder Binding proof. The default value is true, i.e., a Verifiable Presentation with Cryptographic Holder Binding is required. If set to false, the Verifier accepts a Credential without Cryptographic Holder Binding proof.
+          example: true
+        claim_sets:
+          type: array
+          description: A non-empty array containing arrays of identifiers for elements in claims that specifies which combinations of claims for the Credential are requested.
+          items:
+            $ref: '#/components/schemas/ClaimSet'
+        trusted_authorities:
+          type: array
+          description: A non-empty array of objects  that specifies expected authorities or trust frameworks that certify Issuers, that the Verifier will accept. Every Credential returned by the Wallet SHOULD match at least one of the conditions present in the corresponding trusted_authorities array if present.
+          items:
+            $ref: '#/components/schemas/TrustedAuthorityQuery'
+    ClaimsQuery:
+      type: object
+      description: A query to specifies claims in the requested Credential.
+      properties:
+        id:
+          type: string
+          description: REQUIRED if claim_sets is present in the Credential Query; OPTIONAL otherwise. A string identifying the particular claim. The value MUST be a non-empty string consisting of alphanumeric, underscore (_), or hyphen (-) characters. Within the particular claims array, the same id MUST NOT be present more than once.
+          example: my-claim-query-id
+        path:
+          type: array
+          description:  The value MUST be a non-empty array representing a claims path pointer that specifies the path to a claim within the Credential. See https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-claims-path-pointer
+          items:
+            type: object
+          example: ["path", "to", "claim"]
+        values:
+          type: array
+          description: A non-empty array of strings, integers or boolean values that specifies the expected values of the claim. If the values property is present, the Wallet SHOULD return the claim only if the type and value of the claim both match exactly for at least one of the elements in the array.
+          items:
+            type: object
+          example: ["supported-value-1", "supported-value-2"]
+        intent_to_retain:
+          type: boolean
+          description: MDoc specific parameter, ignored for all other types. The flag can be set to inform that the reader wishes to keep(store) the data. In case of false, its data is only used to be dispalyed and verified.
+          example: false
+        namespace:
+          type: string
+          description: MDoc specific parameter, ignored for all other types. Refers to a namespace inside an mdoc.
+          example: "org.iso.7367.1"
+        claim_name:
+          type: string
+          description: MDoc specific parameter, ignored for all other types. Identifier for the data-element in the namespace.
+          example: "first_name"
+    MetaDataQuery:
+      type: object
+      description: Defines additional properties requested by the Verifier that apply to the metadata and validity data of the Credential. The properties of this object are defined per Credential Format. If empty, no specific constraints are placed on the metadata or validity of the requested Credential.
+      properties:
+        vct_values:
+          type: array
+          description: SD-JWT and JWT specific parameter. A non-empty array of strings that specifies allowed values for the type of the requested Verifiable Credential.The Wallet MAY return Credentials that inherit from any of the specified types, following the inheritance logic defined in https://datatracker.ietf.org/doc/html/draft-ietf-oauth-sd-jwt-vc-10
+          items:
+            type: string
+        doctype_value:
+          type: string
+          description: Required for MDoc. String that specifies an allowed value for the doctype of the requested Verifiable Credential. It MUST be a valid doctype identifier as defined in https://www.iso.org/standard/69084.html
+          example: "org.iso.7367.1.mVRC"
+        type_values:
+          type: array
+          description: Required for ldp_vc. A non-empty array of string arrays. The Type value of the credential needs to be a subset of at least one of the string-arrays.
+          items:
+            type: array
+            items:
+              type: string
+    ClaimSet:
+      type: array
+      description: An array contain identifiers of elements in the claims, that specifies wich combination of claims is requested
+      items:
+        type: string
+      example: ["claim-id-a","claim-id-b"]
+    TrustedAuthorityQuery:
+      type: object
+      description: An object representing information that helps to identify an authority or the trust framework that certifies Issuers. A Credential is identified as a match to a Trusted Authorities Query if it matches with one of the provided values in one of the provided types.
+      properties:
+        type:
+          type: string
+          description:  A string uniquely identifying the type of information about the issuer trust framework.
+            - aki
+            - etsi_tl
+            - openid_federation
+          example: "aki"
+        values:
+          type: array
+          description: A non-empty array of strings, where each string (value) contains information specific to the used Trusted Authorities Query type that allows the identification of an issuer, a trust framework, or a federation that an issuer belongs to.
+          items:
+            type: string
+          example: ["s9tIpPmhxdiuNkHMEWNpYim8S8Y"]
+      required:
+        - type
+        - values
+    CredentialSetQuery:
+      type: object
+      description: A Credential Set Query is an object representing a request for one or more Credentials to satisfy a particular use case with the Verifier.
+      properties:
+        options:
+          type: array
+          description: A non-empty array, where each value in the array is a list of Credential Query identifiers representing one set of Credentials that satisfies the use case. The value of each element in the options array is a non-empty array of identifiers which reference elements in credentials.
+          items:
+            type: array
+            items:
+              type: string
+        required:
+          type: boolean
+          description: A boolean which indicates whether this set of Credentials is required to satisfy the particular use case at the Verifier.
+          default: true
+          example: true
+        purpose:
+          type: object
+          description: A string, number or object specifying the purpose of the query. This specification does not define a specific structure or specific values for this property. The purpose is intended to be used by the Verifier to communicate the reason for the query to the Wallet. The Wallet MAY use this information to show the user the reason for the request.
+          example: "Identification"
     PresentationDefinition:
       type: object
       description: Proofs required by the service - see https://identity.foundation/presentation-exchange/#presentation-definition

pom.xml

@@ -70,6 +70,9 @@
         <version.org.openapitools.generator-maven-plugin>6.6.0</version.org.openapitools.generator-maven-plugin>
         <version.io.kokuwa.micronaut.codegen>3.4.6</version.io.kokuwa.micronaut.codegen>
 
+        <!-- dcql -->
+        <version.io.github.wistefan.dcql-java>0.0.1</version.io.github.wistefan.dcql-java>
+
         <!-- test -->
         <version.org.mockito.mocktio-all>1.10.19</version.org.mockito.mocktio-all>
 
@@ -82,7 +85,6 @@
         <jacoco.utReportFile>${jacoco.reportFolder}/test.exec</jacoco.utReportFile>
     </properties>
 
-
     <dependencyManagement>
         <dependencies>
             <dependency>
@@ -140,6 +142,13 @@
             <artifactId>micronaut-jackson-databind</artifactId>
         </dependency>
 
+        <!-- dcql -->
+        <dependency>
+            <groupId>io.github.wistefan</groupId>
+            <artifactId>dcql-java</artifactId>
+            <version>${version.io.github.wistefan.dcql-java}</version>
+        </dependency>
+
         <!-- required for config micronaut > 4.x -->
         <dependency>
             <groupId>org.yaml</groupId>
@@ -262,7 +271,7 @@
                 <version>${version.org.openapitools.generator-maven-plugin}</version>
                 <executions>
                     <execution>
-                        <id>til</id>
+                        <id>ccs</id>
                         <phase>generate-sources</phase>
                         <goals>
                             <goal>generate</goal>
@@ -272,7 +281,7 @@
                             <apiPackage>org.fiware.iam.ccs.api</apiPackage>
                             <strictSpec>true</strictSpec>
                             <modelPackage>org.fiware.iam.ccs.model</modelPackage>
-                            <generateAliasAsModel>true</generateAliasAsModel>
+                            <generateAliasAsModel>false</generateAliasAsModel>
                             <generateModels>true</generateModels>
                             <generateApiTests>true</generateApiTests>
                             <generatorName>micronaut</generatorName>
@@ -286,7 +295,7 @@
                                 <introspected>true</introspected>
                                 <useBeanValidation>false</useBeanValidation>
                                 <supportAsync>false</supportAsync>
-                                <jacksonDatabindNullable>false</jacksonDatabindNullable>
+                                <jacksonDatabindNullable>true</jacksonDatabindNullable>
                                 <generateExamples>true</generateExamples>
                             </configOptions>
                             <typeMappings>