For a an incoming professional project, I needed to be able to secure webhooks. To achieve that I published xhub4j a library to compute, generate and consume http signature headers à la github X-Hub-Signature, example of generated header: ~~~~ X-Hub-Signature:sha1=fa0902542a12dbf43ef081c0cc4794fd438e172d ~~~~

The library comes in 3 sub projects depending on your need:

  • xhub4j-core: provide the core API to generate the headers
  • xhub4j-servlet: jee servlet filter able to control jee web resources
  • xhub4j-jaxrs-client: jaxrs client extensions to automatically generate the signature headers depending on the content sent.

I’ll also propose an extension to gitbucket to integrate those webhook header signatures.

Feel free to comment.