Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Java client information.
Browse files Browse the repository at this point in the history
Signed-off-by: hayleycd <[email protected]>
hayleycd committed Nov 6, 2024
1 parent d93d652 commit f313b9a
Showing 3 changed files with 117 additions and 1 deletion.
11 changes: 11 additions & 0 deletions content/en/language_clients/java/_index.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---
type: docs
title: "Java"
description: "Java Language Client"
lead: "Java Language Client"
date: 2024-10-06T08:49:15+00:00
lastmod: 2024-10-06T08:49:15+00:00
draft: false
images: []
weight: 70
---
105 changes: 105 additions & 0 deletions content/en/language_clients/java/overview.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
---
type: docs
category: Java
title: Java Client Overview
weight: 5
---

[`sigstore-java`](https://github.com/sigstore/sigstore-java#sigstore-java) is a java client for interacting with the Sigstore infrastructure.

## Features

- Includes both [Maven](https://github.com/sigstore/sigstore-java/tree/main/sigstore-maven-plugin) and [Gradle](https://github.com/sigstore/sigstore-java/tree/main/sigstore-gradle) build plugins
- Keyless signing and verifying
- [API](https://javadoc.io/doc/dev.sigstore/sigstore-java)

## Installation

### Maven

Requires Java 11

```java
<plugin>
<groupId>dev.sigstore</groupId>
<artifactId>sigstore-maven-plugin</artifactId>
<version>1.0.0</version>
<executions>
<execution>
<id>sign</id>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
```

More information on the Maven build plugin is available in the [project repository](https://github.com/sigstore/sigstore-java/tree/main/sigstore-maven-plugin#sigstore-maven-plugin).

### Gradle

Requires Java 11 and Gradle 7.5.

```java
plugins {
id("dev.sigstore.sign") version "1.0.0"
}
```

More information on the Gradle build plugin is available in the [project repository](https://github.com/sigstore/sigstore-java/tree/main/sigstore-gradle#sigstore-gradle).

## Example

### Signing example

```java
Path testArtifact = Paths.get("path/to/my/file.jar")

// sign using the sigstore public instance
var signer = KeylessSigner.builder().sigstorePublicDefaults().build();
Bundle result = signer.signFile(testArtifact);

// sigstore bundle format (serialized as <artifact>.sigstore.json)
String bundleJson = result.toJson();
```

### Verifying example

#### Get artifact and bundle

```java
Path artifact = Paths.get("path/to/my-artifact");

// import a json formatted sigstore bundle
Path bundleFile = Paths.get("path/to/my-artifact.sigstore.json");
Bundle bundle = Bundle.from(bundleFile, StandardCharsets.UTF_8);
```

#### Configure verification options

```java
// add certificate policy to verify the identity of the signer
VerificationOptions options = VerificationOptions.builder().addCertificateMatchers(
CertificateMatcher.fulcio()
.subjectAlternativeName(StringMatcher.string("[email protected]"))
.issuer(StringMatcher.string("https://accounts.example.com"))
.build());
```

#### Do verification

```java
try {
// verify using the sigstore public instance
var verifier = new KeylessVerifier.builder().sigstorePublicDefaults().build();
verifier.verify(artifact, bundle, verificationOptions);
// verification passed!
} catch (KeylessVerificationException e) {
// verification failed
}
```

### Additional examples

[Additional](https://github.com/sigstore/sigstore-java/tree/main/examples/hello-world#sigstore-examples) [examples](https://github.com/sigstore/sigstore-java/tree/main/examples/pgp#pgp-test-keys-for-examples) are available in the project repository.

Check failure on line 105 in content/en/language_clients/java/overview.md

GitHub Actions / markdownlint

Trailing spaces

content/en/language_clients/java/overview.md:105:250 MD009/no-trailing-spaces Trailing spaces [Expected: 0 or 2; Actual: 1] https://github.com/DavidAnson/markdownlint/blob/v0.29.0/doc/md009.md
2 changes: 1 addition & 1 deletion content/en/language_clients/language_client_overview.md
Original file line number Diff line number Diff line change
@@ -13,7 +13,7 @@ Sigstore has clients for the following language ecosystems:
- [Rust](https://github.com/sigstore/sigstore-rs#features)
- [Ruby](https://github.com/sigstore/sigstore-ruby#sigstore)
- [JavaScript](https://github.com/sigstore/sigstore-js#sigstore-js---)
- [Java](https://github.com/sigstore/sigstore-java#sigstore-java)
- [Java](../java/overview)
- [Go](https://github.com/sigstore/sigstore-go#sigstore-go)

Language client documentation is hosted in the individual project repositories. Project summaries are currently being added to the main Sigstore documentation.

0 comments on commit f313b9a

Please sign in to comment.