Skip to content

astrapi69/sign-and-verify

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits

.github

.github

 
 

.idea/runConfigurations

.idea/runConfigurations

 
 

gradle/wrapper

gradle/wrapper

 
 

src

src

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

CHANGELOG.md

CHANGELOG.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

build.gradle

build.gradle

 
 

codecov.yml

codecov.yml

 
 

gradle.properties

gradle.properties

 
 

gradlew

gradlew

 
 

gradlew.bat

gradlew.bat

 
 

settings.gradle

settings.gradle

 
 

Repository files navigation

Overview

Build Status Coverage Status Open Issues Maven Central Javadocs MIT license Donate

Utility library that can sign and verify java objects.

If you like this project put a ⭐ and donate

License

The source code comes under the liberal MIT License, making sign-and-verify great for all types of applications.

Maven dependency

Maven dependency is now on sonatype. Check out sonatype repository for latest snapshots and releases.

Add the following maven dependency to your project pom.xml if you want to import the core functionality of sign-and-verify:

For development with jdk 1.8 use following version:

Than you can add the dependency to your dependencies:

<properties>
		...
	<!-- sign-and-verify version -->
	<sign-and-verify.version>1.2</sign-and-verify.version>
		...
</properties>
		...
	<dependencies>
		...
		<!-- sign-and-verify DEPENDENCY -->
		<dependency>
			<groupId>de.alpharogroup</groupId>
			<artifactId>sign-and-verify</artifactId>
			<version>${sign-and-verify.version}</version>
		</dependency>
		...
	</dependencies>

gradle dependency

You can first define the version in the ext section and add than the following gradle dependency to your project build.gradle if you want to import the core functionality:

define version in file gradle.properties

signAndVerifyVersion=1.2

or in build.gradle ext area
ext {
			...
    signAndVerifyVersion = "1.2"
			...
}

and add to  

dependencies {
			...
implementation("de.alpharogroup:sign-and-verify:$signAndVerifyVersion")
			...
}

Usage

In some situation we have to create a digitale signature of objects, for check against unauthorized manipulation by third-party. In this case the first step is to sign the specific object. For simple sign you can use the Signer class that provides one method for sign a byte array. But before you start signing and verifying objects you need a KeyPair object and get the private key from it. As second, we need a signature algorithm. As an alternative you can use a private key file and extract the private key from it.

For that this library provides model classes that can encapsulate the needed objects. For the Signature we need to create a SignatureBean that can be given as argument to the contructor of the Signer object that can then sign the given byte array as you can see in the following unit test.

public class SignerTest
{

	@Test
	public void testSign() throws Exception
	{
		byte[] actual;
		byte[] expected;
		byte[] valueBytes;
		String signatureAlgorithm;
		Charset charset;
		File publickeyDerDir;
		File privatekeyDerFile;
		PrivateKey privateKey;

		publickeyDerDir = new File(PathFinder.getSrcTestResourcesDir(), "/der");
		privatekeyDerFile = new File(publickeyDerDir, "private.der");

		charset = StandardCharsets.UTF_8;
		valueBytes = "foo".getBytes(charset);

		privateKey = PrivateKeyReader.readPrivateKey(privatekeyDerFile);
		signatureAlgorithm = CompoundAlgorithm.SHA256_WITH_RSA.getAlgorithm(); // SHA256withRSA

		SignatureBean bean = SignatureBean.builder().privateKey(privateKey)
			.signatureAlgorithm(signatureAlgorithm).build();
		Signer signer = new Signer(bean);
		actual = signer.sign(valueBytes);
		expected = TestObjectFactory.newTestSignByteArray();
		assertArrayEquals(actual, expected);
    }
}

When the object have a digitale signature, and the appropriate field have been set you can then afterwards verify the object this object. To do the verification process you can use the Verifier class that have one verify method with the bytes to verify and the signature as byte array to verify against.

public class VerifierTest
{

	@Test
	public void testVerifyWithCertificate() throws Exception
	{
		boolean actual;
		boolean expected;
		byte[] valueBytes;
		String signatureAlgorithm;
		Charset charset;
		File publickeyDerDir;
		File publickeyDerFile;
		File privatekeyDerFile;
		PrivateKey privateKey;
		PublicKey publicKey;
		Certificate certificate;

		publickeyDerDir = new File(PathFinder.getSrcTestResourcesDir(), "/der");
		publickeyDerFile = new File(publickeyDerDir, "public.der");
		privatekeyDerFile = new File(publickeyDerDir, "private.der");

		privateKey = PrivateKeyReader.readPrivateKey(privatekeyDerFile);
		publicKey = PublicKeyReader.readPublicKey(publickeyDerFile);
		signatureAlgorithm = CompoundAlgorithm.SHA256_WITH_RSA.getAlgorithm(); // SHA256withRSA

		charset = StandardCharsets.UTF_8;
		valueBytes = "foo".getBytes(charset);

		certificate = TestObjectFactory.newCertificateForTests(publicKey, privateKey,
			signatureAlgorithm);

		VerifyBean verifyBean = VerifyBean.builder().certificate(certificate)
			.signatureAlgorithm(signatureAlgorithm).build();

		Verifier verifier = new Verifier(verifyBean);
		actual = verifier.verify(valueBytes, TestObjectFactory.newTestSignByteArray());
		expected = true;
		assertTrue(actual);
		assertEquals(actual, expected);
	}
	
}

For more examples you can have a look at the unit test classes for JsonSigner, JsonVerifier, ObjectSigner and ObjectVerifier.

Semantic Versioning

The versions of sign-and-verify are maintained with the Simplified Semantic Versioning guidelines.

Release version numbers will be incremented in the following format:

<major>.<minor>.<patch>

For detailed information on versioning for this project you can visit this wiki page.

Want to Help and improve it?

The source code for sign-and-verify are on GitHub. Please feel free to fork and send pull requests!

Create your own fork of astrapi69/sign-and-verify/fork

To share your changes, submit a pull request.

Don't forget to add new units tests on your changes.

Contacting the Developers

Do not hesitate to contact the sign-and-verify developers with your questions, concerns, comments, bug reports, or feature requests.

  • Feature requests, questions and bug reports can be reported at the issues page.

Note

No animals were harmed in the making of this library.

Donations

If you like this library, please consider a donation through bitcoin or over bitcoin-cash with:

36JxRRDfRazLNqUV6NsywCw1q7TK38ukpC

or over ether with:

0x588Aa02De98B1Ef70afeDC3ec5290130a3E5e273

or over flattr:

Flattr this

Similar projects

Here is a list of awesome similar projects:

Open Source:

  • commons-math The Apache Commons Mathematics Library
  • Colt Colt provides a set of Open Source Libraries for High Performance Scientific and Technical Computing in Java.

Credits

Travis CI
Travis CI
Special thanks to Travis CI for providing a free continuous integration service for open source projects
Nexus Sonatype repositories
sonatype repository
Special thanks to sonatype repository for providing a free maven repository service for open source projects
codecov.io
Coverage Status
Special thanks to codecov.io for providing a free code coverage for open source projects
javadoc.io
Javadocs
Special thanks to javadoc.io for providing a free javadoc documentation for open source projects

About

Simple sign and verify java objects

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity

Stars

1 star

Watchers

3 watching

Forks

1 fork
Report repository

Releases

1 tags

Sponsor this project

Packages

No packages published

Languages