A small library of (hopefully) useful Java classes.
<dependency>
<groupId>org.leplus</groupId>
<artifactId>ristretto</artifactId>
<version>2.0.0</version>
</dependency><dependency org="org.leplus" name="ristretto" rev="2.0.0">
<artifact name="ristretto" type="jar" />
</dependency>@Grapes(
@Grab(group='org.leplus', module='ristretto', version='2.0.0')
)If you use ristretto in your implementation only:
dependencies {
implementation 'org.leplus:ristretto:2.0.0'
}If you expose ristretto types in your public API:
dependencies {
api("org.leplus:ristretto:2.0.0")
}libraryDependencies += "org.leplus" % "ristretto" % "2.0.0"[org.leplus/ristretto "2.0.0"]This class provides utility method to convert different primitives from/to UUID. All the methods in this class are reversible. While this is not a recommended way to generate UUIDs in general, it can be useful in situations where you need to temporarily assign a UUID to an object based on another unique ID.
For example if you need to convert a legacy object that has a integer or long ID
into a new object that uses UUIDs, you could just generate a new UUID
for the new object using java.util.UUID.randomUUID() but if you need to later link back
the legacy object from the new one, you might not have a place to store the legacy ID
on the new object. If you use this class's toUUID() methods to convert the legacy
object's ID into the new object's UUID, you will be able to later convert back
the UUID into the legacy ID. Provided the legacy IDs are unique (at least for the legacy
object type), the new UUIDs produced will be as unique.
Another use case could be to temporarily convert a legacy object into a new object temporarily (for example for processing via a new method) and then need to convert the result back into a legacy object. Then you can similarly use the methods in this class to go back and forth between legacy IDs and UUIDs.
This class contains utility methods that generate deterministic UUIDs.
Meaning that given the same input, these methods will always return the
same UUID, as opposed to java.util.UUID.randomUUID(). The produced
UUIDs may not be universally unique (since other code using the same method
on the same input would have produce the same UUIDs) but it can still be
useful in situations where you need exactly that: be able to generate a UUID
and now that other parts of a system will be able to generate a matching UUID
for the same input.
For example if two parts of a system receive a file and need to independently produce pieces of data that will later have to be reconciled. Then each piece of data could have it's own unique UUID plus a reference UUID generated from the file using one of the methods below. Then both part of the system will have generated the same reference UUID allowing for easier reconciliation.
This class is a singleton. It supports serialization and cloning. In both case the unique instance of IdentityObject remains the same object.
This java.util.Set relies on identity (==) to compare the objects it
contains. It does not matter what the objects' equals methods say.
This enum is a very efficient singleton. It supports serialization but not cloning.
This adapter class extends java.util.Vector to make it easier to replace java.util.Vector uses by
another java.util.List implementation.
An java.util.ArrayList<E>-backed implementation of
org.leplus.ristretto.util.VectorAdapter.
Using this class introduces a small memory overhead compared to using an
java.util.ArrayList<E> directly. Typically that overhead is the size of an empty java.util.Vector,
e.g. 48 bytes on Oracle Java HotSpot 1.8.0 for Windows (64-Bit).
Releases of Ristretto are digitally signed in two different ways: using Sigstore and using PGP.
Sigstore is trying to improve supply chain security by allowing you to verify the origin of an artifcat. You can verify that the jar that you use was actually produced by this repository. This means that if you verify the signature of the ristretto jar, you can trust the integrity of the whole supply chain from code source, to CI/CD build, to distribution on Maven Central or whever you got the jar from.
To verify the jar using its sigstore signature, you need to download
them both locally and then use the cosign tool to verify the
signature. The whole process can be done using the following 3
commands (replacing all 9 occurrences of x.y.z with the version that
you want to check):
curl -s -S 'https://repo1.maven.org/maven2/org/leplus/ristretto/x.y.z/ristretto-x.y.z.jar' -o ristretto-x.y.z.jar
curl -s -S 'https://repo1.maven.org/maven2/org/leplus/ristretto/x.y.z/ristretto-x.y.z.jar.sigstore.json' -o ristretto-x.y.z.jar.sigstore.json
cosign verify-blob --bundle ristretto-x.y.z.jar.sigstore.json --certificate-identity 'https://github.com/leplusorg/ristretto/.github/workflows/publish.yml@refs/tags/vx.y.z' --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' ristretto-x.y.z.jarThe only output that you should get is a message saying Verified OK.
For instructions on how to install cosign, please read this documentation.
Having GPG signature is a requirement to publish artifacts to Maven Central. You can verify the GPG signature using the following public key 3F147B345EADE8C92DA0C0006B1B9BE54C155617. I recommend that you verify the GPG signature of all your dependencies:
To verify only Ristretto, you can run the following command (replacing x.y.z with the version that you want to check) and check that the displayed keyId matches the public key mentioned above:
mvn org.simplify4u.plugins:pgpverify-maven-plugin:show -Dartifact=org.leplus:ristretto:x.y.z
You can also use my convenient docker image (shameless plug):
docker run --rm leplusorg/pgp-verify-jar org.leplus:ristretto:x.y.z
See here for details.
Copyright 2016-present Thomas Leplus
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.