Utility library that can sign and verify java objects.
If you like this project put a ⭐ and donate
The source code comes under the liberal MIT License, making sign-and-verify great for all types of applications.
Maven dependency is now on sonatype. Check out sonatype repository for latest snapshots and releases.
Add the following maven dependency to your project pom.xml
if you want to import the core
functionality of sign-and-verify:
For development with jdk 1.8 use following version:
Than you can add the dependency to your dependencies:
<properties>
...
<!-- sign-and-verify version -->
<sign-and-verify.version>1.2</sign-and-verify.version>
...
</properties>
...
<dependencies>
...
<!-- sign-and-verify DEPENDENCY -->
<dependency>
<groupId>de.alpharogroup</groupId>
<artifactId>sign-and-verify</artifactId>
<version>${sign-and-verify.version}</version>
</dependency>
...
</dependencies>
You can first define the version in the ext section and add than the following gradle dependency
to your project build.gradle
if you want to import the core functionality:
define version in file gradle.properties
signAndVerifyVersion=1.2
or in build.gradle ext area
ext {
...
signAndVerifyVersion = "1.2"
...
}
and add to
dependencies {
...
implementation("de.alpharogroup:sign-and-verify:$signAndVerifyVersion")
...
}
In some situation we have to create a digitale signature of objects, for check against unauthorized manipulation by third-party. In this case the first step is to sign the specific object. For simple sign you can use the Signer class that provides one method for sign a byte array. But before you start signing and verifying objects you need a KeyPair object and get the private key from it. As second, we need a signature algorithm. As an alternative you can use a private key file and extract the private key from it.
For that this library provides model classes that can encapsulate the needed objects. For the Signature we need to create a SignatureBean that can be given as argument to the contructor of the Signer object that can then sign the given byte array as you can see in the following unit test.
public class SignerTest
{
@Test
public void testSign() throws Exception
{
byte[] actual;
byte[] expected;
byte[] valueBytes;
String signatureAlgorithm;
Charset charset;
File publickeyDerDir;
File privatekeyDerFile;
PrivateKey privateKey;
publickeyDerDir = new File(PathFinder.getSrcTestResourcesDir(), "/der");
privatekeyDerFile = new File(publickeyDerDir, "private.der");
charset = StandardCharsets.UTF_8;
valueBytes = "foo".getBytes(charset);
privateKey = PrivateKeyReader.readPrivateKey(privatekeyDerFile);
signatureAlgorithm = CompoundAlgorithm.SHA256_WITH_RSA.getAlgorithm(); // SHA256withRSA
SignatureBean bean = SignatureBean.builder().privateKey(privateKey)
.signatureAlgorithm(signatureAlgorithm).build();
Signer signer = new Signer(bean);
actual = signer.sign(valueBytes);
expected = TestObjectFactory.newTestSignByteArray();
assertArrayEquals(actual, expected);
}
}
When the object have a digitale signature, and the appropriate field have been set you can then afterwards verify the object this object. To do the verification process you can use the Verifier class that have one verify method with the bytes to verify and the signature as byte array to verify against.
public class VerifierTest
{
@Test
public void testVerifyWithCertificate() throws Exception
{
boolean actual;
boolean expected;
byte[] valueBytes;
String signatureAlgorithm;
Charset charset;
File publickeyDerDir;
File publickeyDerFile;
File privatekeyDerFile;
PrivateKey privateKey;
PublicKey publicKey;
Certificate certificate;
publickeyDerDir = new File(PathFinder.getSrcTestResourcesDir(), "/der");
publickeyDerFile = new File(publickeyDerDir, "public.der");
privatekeyDerFile = new File(publickeyDerDir, "private.der");
privateKey = PrivateKeyReader.readPrivateKey(privatekeyDerFile);
publicKey = PublicKeyReader.readPublicKey(publickeyDerFile);
signatureAlgorithm = CompoundAlgorithm.SHA256_WITH_RSA.getAlgorithm(); // SHA256withRSA
charset = StandardCharsets.UTF_8;
valueBytes = "foo".getBytes(charset);
certificate = TestObjectFactory.newCertificateForTests(publicKey, privateKey,
signatureAlgorithm);
VerifyBean verifyBean = VerifyBean.builder().certificate(certificate)
.signatureAlgorithm(signatureAlgorithm).build();
Verifier verifier = new Verifier(verifyBean);
actual = verifier.verify(valueBytes, TestObjectFactory.newTestSignByteArray());
expected = true;
assertTrue(actual);
assertEquals(actual, expected);
}
}
For more examples you can have a look at the unit test classes for JsonSigner, JsonVerifier, ObjectSigner and ObjectVerifier.
The versions of sign-and-verify are maintained with the Simplified Semantic Versioning guidelines.
Release version numbers will be incremented in the following format:
<major>.<minor>.<patch>
For detailed information on versioning for this project you can visit this wiki page.
The source code for sign-and-verify are on GitHub. Please feel free to fork and send pull requests!
Create your own fork of astrapi69/sign-and-verify/fork
To share your changes, submit a pull request.
Don't forget to add new units tests on your changes.
Do not hesitate to contact the sign-and-verify developers with your questions, concerns, comments, bug reports, or feature requests.
- Feature requests, questions and bug reports can be reported at the issues page.
No animals were harmed in the making of this library.
If you like this library, please consider a donation through bitcoin or over bitcoin-cash with:
36JxRRDfRazLNqUV6NsywCw1q7TK38ukpC
or over ether with:
0x588Aa02De98B1Ef70afeDC3ec5290130a3E5e273
or over flattr:
Here is a list of awesome similar projects:
Open Source:
- commons-math The Apache Commons Mathematics Library
- Colt Colt provides a set of Open Source Libraries for High Performance Scientific and Technical Computing in Java.
Travis CI |
---|
Special thanks to Travis CI for providing a free continuous integration service for open source projects |
Nexus Sonatype repositories |
---|
Special thanks to sonatype repository for providing a free maven repository service for open source projects |
codecov.io |
---|
Special thanks to codecov.io for providing a free code coverage for open source projects |
javadoc.io |
---|
Special thanks to javadoc.io for providing a free javadoc documentation for open source projects |