From f313b9a7b2a5080ea7a6a09b022709ab70f2620a Mon Sep 17 00:00:00 2001 From: hayleycd Date: Wed, 6 Nov 2024 15:17:55 -0800 Subject: [PATCH 1/2] Java client information. Signed-off-by: hayleycd --- content/en/language_clients/java/_index.html | 11 ++ content/en/language_clients/java/overview.md | 105 ++++++++++++++++++ .../language_client_overview.md | 2 +- 3 files changed, 117 insertions(+), 1 deletion(-) create mode 100644 content/en/language_clients/java/_index.html create mode 100644 content/en/language_clients/java/overview.md diff --git a/content/en/language_clients/java/_index.html b/content/en/language_clients/java/_index.html new file mode 100644 index 00000000..14bf149d --- /dev/null +++ b/content/en/language_clients/java/_index.html @@ -0,0 +1,11 @@ +--- +type: docs +title: "Java" +description: "Java Language Client" +lead: "Java Language Client" +date: 2024-10-06T08:49:15+00:00 +lastmod: 2024-10-06T08:49:15+00:00 +draft: false +images: [] +weight: 70 +--- \ No newline at end of file diff --git a/content/en/language_clients/java/overview.md b/content/en/language_clients/java/overview.md new file mode 100644 index 00000000..97ddada9 --- /dev/null +++ b/content/en/language_clients/java/overview.md @@ -0,0 +1,105 @@ +--- +type: docs +category: Java +title: Java Client Overview +weight: 5 +--- + +[`sigstore-java`](https://github.com/sigstore/sigstore-java#sigstore-java) is a java client for interacting with the Sigstore infrastructure. + +## Features + +- Includes both [Maven](https://github.com/sigstore/sigstore-java/tree/main/sigstore-maven-plugin) and [Gradle](https://github.com/sigstore/sigstore-java/tree/main/sigstore-gradle) build plugins +- Keyless signing and verifying +- [API](https://javadoc.io/doc/dev.sigstore/sigstore-java) + +## Installation + +### Maven + +Requires Java 11 + +```java + + dev.sigstore + sigstore-maven-plugin + 1.0.0 + + + sign + + sign + + + + +``` + +More information on the Maven build plugin is available in the [project repository](https://github.com/sigstore/sigstore-java/tree/main/sigstore-maven-plugin#sigstore-maven-plugin). + +### Gradle + +Requires Java 11 and Gradle 7.5. + +```java +plugins { + id("dev.sigstore.sign") version "1.0.0" +} +``` + +More information on the Gradle build plugin is available in the [project repository](https://github.com/sigstore/sigstore-java/tree/main/sigstore-gradle#sigstore-gradle). + +## Example + +### Signing example + +```java +Path testArtifact = Paths.get("path/to/my/file.jar") + +// sign using the sigstore public instance +var signer = KeylessSigner.builder().sigstorePublicDefaults().build(); +Bundle result = signer.signFile(testArtifact); + +// sigstore bundle format (serialized as .sigstore.json) +String bundleJson = result.toJson(); +``` + +### Verifying example + +#### Get artifact and bundle + +```java +Path artifact = Paths.get("path/to/my-artifact"); + +// import a json formatted sigstore bundle +Path bundleFile = Paths.get("path/to/my-artifact.sigstore.json"); +Bundle bundle = Bundle.from(bundleFile, StandardCharsets.UTF_8); +``` + +#### Configure verification options + +```java +// add certificate policy to verify the identity of the signer +VerificationOptions options = VerificationOptions.builder().addCertificateMatchers( + CertificateMatcher.fulcio() + .subjectAlternativeName(StringMatcher.string("test@example.com")) + .issuer(StringMatcher.string("https://accounts.example.com")) + .build()); +``` + +#### Do verification + +```java +try { + // verify using the sigstore public instance + var verifier = new KeylessVerifier.builder().sigstorePublicDefaults().build(); + verifier.verify(artifact, bundle, verificationOptions); + // verification passed! +} catch (KeylessVerificationException e) { + // verification failed +} +``` + +### Additional examples + +[Additional](https://github.com/sigstore/sigstore-java/tree/main/examples/hello-world#sigstore-examples) [examples](https://github.com/sigstore/sigstore-java/tree/main/examples/pgp#pgp-test-keys-for-examples) are available in the project repository. diff --git a/content/en/language_clients/language_client_overview.md b/content/en/language_clients/language_client_overview.md index a974704f..7ae4f868 100644 --- a/content/en/language_clients/language_client_overview.md +++ b/content/en/language_clients/language_client_overview.md @@ -13,7 +13,7 @@ Sigstore has clients for the following language ecosystems: - [Rust](https://github.com/sigstore/sigstore-rs#features) - [Ruby](https://github.com/sigstore/sigstore-ruby#sigstore) - [JavaScript](https://github.com/sigstore/sigstore-js#sigstore-js---) -- [Java](https://github.com/sigstore/sigstore-java#sigstore-java) +- [Java](../java/overview) - [Go](https://github.com/sigstore/sigstore-go#sigstore-go) Language client documentation is hosted in the individual project repositories. Project summaries are currently being added to the main Sigstore documentation. From 67ad22c71bc981597cbf2191d5e34ec136c46262 Mon Sep 17 00:00:00 2001 From: hayleycd Date: Wed, 6 Nov 2024 15:20:48 -0800 Subject: [PATCH 2/2] Fixing linter issue. Signed-off-by: hayleycd --- content/en/language_clients/java/overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/language_clients/java/overview.md b/content/en/language_clients/java/overview.md index 97ddada9..f3d54a69 100644 --- a/content/en/language_clients/java/overview.md +++ b/content/en/language_clients/java/overview.md @@ -102,4 +102,4 @@ try { ### Additional examples -[Additional](https://github.com/sigstore/sigstore-java/tree/main/examples/hello-world#sigstore-examples) [examples](https://github.com/sigstore/sigstore-java/tree/main/examples/pgp#pgp-test-keys-for-examples) are available in the project repository. +[Additional](https://github.com/sigstore/sigstore-java/tree/main/examples/hello-world#sigstore-examples) [examples](https://github.com/sigstore/sigstore-java/tree/main/examples/pgp#pgp-test-keys-for-examples) are available in the project repository.