{"id":35411413,"url":"https://github.com/smartdccinnovation/dccboxed-signing-tool","last_synced_at":"2026-02-01T17:01:02.364Z","repository":{"id":57764358,"uuid":"511511349","full_name":"SmartDCCInnovation/dccboxed-signing-tool","owner":"SmartDCCInnovation","description":"DCC Boxed DUIS Validation and Signing Tool","archived":false,"fork":false,"pushed_at":"2026-01-19T09:00:08.000Z","size":277,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-19T16:47:57.428Z","etag":null,"topics":["backend","duis","java","smartdcc","smartmeter","smets2","xml","xmldsig","xsd"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SmartDCCInnovation.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-07-07T12:05:07.000Z","updated_at":"2026-01-19T08:59:02.000Z","dependencies_parsed_at":"2023-02-14T15:46:36.755Z","dependency_job_id":"fa0bdd39-7f40-4b77-a4c0-678f120f7e9f","html_url":"https://github.com/SmartDCCInnovation/dccboxed-signing-tool","commit_stats":{"total_commits":108,"total_committers":4,"mean_commits":27.0,"dds":0.25,"last_synced_commit":"682115ba911846627acd3cce1af6191e94b061e3"},"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/SmartDCCInnovation/dccboxed-signing-tool","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SmartDCCInnovation%2Fdccboxed-signing-tool","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SmartDCCInnovation%2Fdccboxed-signing-tool/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SmartDCCInnovation%2Fdccboxed-signing-tool/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SmartDCCInnovation%2Fdccboxed-signing-tool/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SmartDCCInnovation","download_url":"https://codeload.github.com/SmartDCCInnovation/dccboxed-signing-tool/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SmartDCCInnovation%2Fdccboxed-signing-tool/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28983424,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-01T16:29:42.054Z","status":"ssl_error","status_checked_at":"2026-02-01T16:29:41.428Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backend","duis","java","smartdcc","smartmeter","smets2","xml","xmldsig","xsd"],"created_at":"2026-01-02T14:11:01.211Z","updated_at":"2026-02-01T17:01:02.357Z","avatar_url":"https://github.com/SmartDCCInnovation.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"![GitHub banner](https://user-images.githubusercontent.com/527411/192760138-a1f61694-f705-4358-b419-e5eeb78c2ea0.png)\n\n# DCC Boxed DUIS Validation and Signing Tool\n\n[![License: GPL v3](https://img.shields.io/badge/License-GPLv3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0)\n[![Tests](https://github.com/SmartDCCInnovation/dccboxed-signing-tool/actions/workflows/maven.yml/badge.svg?branch=main\u0026event=push)](https://github.com/SmartDCCInnovation/dccboxed-signing-tool/actions/workflows/maven.yml)\n[![codecov](https://codecov.io/gh/SmartDCCInnovation/dccboxed-signing-tool/branch/main/graph/badge.svg?token=LAEIG9E8UN)](https://codecov.io/gh/SmartDCCInnovation/dccboxed-signing-tool)\n\nThis command line tool is aimed at supporting [DCC Boxed][boxed] by simplifying\nthe XML signing and validation. DCC Boxed communicates using [DUIS][duis] (an\nXML language defined in appendix AD of previous link), this tool signs DUIS\nrequests (i.e. adding an XML digital signature) and validating DUIS responses\n(i.e. validating the XML digital signature and removing it). In addition, it\nperforms XSD validation.\n\nDCC Boxed is a test tool. It is made available with a standard set of test Smart\nMeter Key Infrastructure (SMKI) organisation certificates known as `ZAZ1`. So\nthat it is possible to sign and validate signatures, this tool ships with the\nsame test certificates and associated private keys. This same set of test\ncertificates and private keys are available with [GFI][gfi].\n\nFinally, to reduce the work needed to sign the DUIS command the originator\ncounter will be automatically set to `System.currentTimeMillis` before the DUIS\nis signed. This is to ensure that a strictly incrementing value is present in\neach command and aligns with how DCC Boxed computes this internally for\nDUIS commands it issues.\n\n## Building\n\nA standard maven build:\n\n```\nmvn package\n```\n\nThis should result in a jar file being created in the `./target/` folder.\n\n### Testing\n\nTo generate test coverage:\n\n```\nmvn clean test\n```\n\n## Running\n\nThe tool can be run in one of two modes, Sign or Validate. In both cases \nthe tool will print out logging information to `stderr`.\n\n### Sign DUIS\n\nTo sign a DUIS message (XML without digital signature) from a file and print to\n`stdout` the signed message (i.e. the XML with the digital signature) issue the\nfollowing:\n\n```\njava -cp ./target/xmldsig-1.0-3.jar uk.co.smartdcc.boxed.xmldsig.Sign message.xml\n```\n\nOr to read the DUIS message from `stdin`\n\n```\njava -cp ./target/xmldsig-1.0-3.jar uk.co.smartdcc.boxed.xmldsig.Sign -\n```\n\nFor example, its possible to chain this with `cURL` to sign and submit a DUIS\ncommand to a DCC Boxed instance:\n\n```\njava -cp xmldsig-1.0-3.jar uk.co.smartdcc.boxed.xmldsig.Sign CS08_11.2_SUCCESS_REQUEST_DUIS.XML | curl http://dccboxed-server:8079/api/v1/serviceS -H 'Content-Type: application/xml' --data-binary -\n```\n\n#### Posix Return Codes\n\n* **0**: Successful.\n* **1** Generic `java` or OS error.\n* **2** An exception raised in the app.\n* **3** Missing public or private key material.\n* **10** XSD validation failed. \n\n#### Advanced Signing\n\n##### Key Material\n\nBy default the tool will inspect the DUIS request to determine which private key\ncorresponds to the message to sign. This should cover the majority of the use\ncases of the tool. However, it is also possible to provide the signers\ncredentials as command line arguments (`jar` file name might vary):\n\n```\njava -cp ./target/xmldsig-1.0-3.jar uk.co.smartdcc.boxed.xmldsig.Sign message.xml user.pem user.key\n```\n\nHere the `user.pem` and `user.key` are the associated certificate and private\nkey for the signer. These should both be of the correct format as defined by\nSMKI, especially they need to be formatted as `pem` and the private key is both\nEC prime256v1 and in the PKCS8 format.\n\n##### Counters\n\nDCC Boxed internally generates counters for any message sent from its GUI\ndevices using `System.currentMillis`. Thus, to ensure compatibility this tool\nwill by default also do the same and overwrite the counter provided in the\nrequest id of the DUIS message. If this behaviour is not desired, then the\n`--preserveCounter` option can be given to the signing tool.\n\n### Validate DUIS\n\nTo validate a DUIS message (XML with digital signature) from a file and print to\n`stdout` the validated message (i.e. the XML without the digital signature)\nissue the following (`jar` file name might vary):\n\n```\njava -cp ./target/xmldsig-1.0-3.jar uk.co.smartdcc.boxed.xmldsig.Validate message.xml\n```\n\nOr to read the DUIS message from `stdin`\n\n```\njava -cp ./target/xmldsig-1.0-3.jar uk.co.smartdcc.boxed.xmldsig.Validate -\n```\n\n#### Posix Return Codes\n\n* **0**: Successful.\n* **1** Generic `java` or OS error.\n* **2** An exception raised in the app.\n* **3** Missing public or private key material.\n* **10** XSD validation or signature check failed. \n\n#### Advanced Validation\n\nBy default the tool will inspect the DUIS request to determine which certificate\ncorresponds to the sender of the message. This should cover the majority of the\nuse cases of the tool. However, it is also possible to provide the signers\ncredentials as command line arguments:\n\n```\njava -cp ./target/xmldsig-1.0-3.jar uk.co.smartdcc.boxed.xmldsig.Validate message.xml user.pem\n```\n\nHere the `user.pem` is the associated users certificate. This should be of the\ncorrect format as defined by SMKI, especially it need to be formatted as `pem`.\n\n## API\n\nThe tool can be used as a library in Java applications. The main API methods are:\n\n### Sign.verify_and_sign_input_stream\n\nSigns a DUIS request from an InputStream, writes the signed XML to an OutputStream, and returns the certificate used for signing.\n\n```java\nimport uk.co.smartdcc.boxed.xmldsig.Sign;\nimport uk.co.smartdcc.boxed.xmldsig.CertificateLibrary;\nimport java.io.FileInputStream;\nimport java.io.FileOutputStream;\nimport java.security.cert.X509Certificate;\n\nFileInputStream is = new FileInputStream(\"request.xml\");\nFileOutputStream os = new FileOutputStream(\"signed-request.xml\");\nX509Certificate cert = Sign.verify_and_sign_input_stream(\n    false,  // preserveCounter\n    is,\n    os,\n    CertificateLibrary.getInstance()\n);\nis.close();\nos.close();\n```\n\n### Validate.validate_input_stream\n\nValidates a signed DUIS response from an InputStream and returns the unsigned XML as bytes.\n\n```java\nimport uk.co.smartdcc.boxed.xmldsig.Validate;\nimport uk.co.smartdcc.boxed.xmldsig.CertificateLibrary;\nimport java.io.FileInputStream;\n\nFileInputStream is = new FileInputStream(\"response.xml\");\nbyte[] unsignedXml = Validate.validate_input_stream(\n    is,\n    CertificateLibrary.getInstance()\n);\n```\n\n## Contributing\n\nContributions are welcome!\n\nWhen submitting a pull request, please ensure:\n\n  1. Each PR is concise and provides only one feature/bug fix.\n  2. Unit test are provided to cover feature. The project uses `junit5`. To test,\n     run `mvn test` to generate code coverage metrics.\n  3. Bugfixes include reference the GitHub issue.\n  4. If appropriate, update documentation.\n  5. Before committing, run `mvn checkstyle:check` and `mvn formatter:validate`.\n\nIf you are planning a new non-trivial feature, please first raise a GitHub issue\nto discuss it to before investing your time to avoid disappointment.\n\nAny contributions will be expected to be licensable under GPLv3.\n\nAs a convenience, to ensure code is correctly formatted it is possible to run\n`mvn formatter:format` to automatically format files as required.\n\n## Releasing\n\nThere are no GitHub actions to automate the process, thus the following should be\nfollowed:\n\n  1. Switch to `main` branch (after changes have been included)\n  2. Increment the version in [pom.xml](./pom.xml)\n  3. Commit: `git commit -m 'maint: bump [patch/minor/major] version'`\n  4. Tag: `git tag v1.2.3` (must be aligned to version in pom.xml)\n  5. Push HEAD: `git push origin HEAD:main`\n  6. Confirm GitHub Action tests complete.\n  7. Push TAG: `git push origin v1.2.3`\n  8. Confirm [release package][releases] has been created by a GitHub Action.\n\n## Other Info\n\nCopyright 2026, Smart DCC Limited, All rights reserved. Project is licensed under GPLv3.\n\n[boxed]: https://www.smartdcc.co.uk/our-smart-network/network-products-services/dcc-boxed/ \"DCC Boxed\"\n[gfi]: https://www.smartdcc.co.uk/our-smart-network/network-products-services/gfi/ \"GFI\"\n[duis]: https://smartenergycodecompany.co.uk/the-smart-energy-code-2/ \"Smart Energy Code, see Appendix AD\"\n[releases]: https://github.com/SmartDCCInnovation/dccboxed-signing-tool/releases \"Release Packages\"","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsmartdccinnovation%2Fdccboxed-signing-tool","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsmartdccinnovation%2Fdccboxed-signing-tool","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsmartdccinnovation%2Fdccboxed-signing-tool/lists"}