feat: impl stampler, tek manager, etc

[andysim3d]

Pull Request Checklist

• Did you add new tests and confirm existing tests pass? (yarn test)
• Did you update relevant docs? (docs are found in the site folder, and guidelines for updating/adding docs can be found in the contribution guide)
• Do your commits follow the Conventional Commits standard?
• Does your PR title also follow the Conventional Commits standard?
• If you have a breaking change, is it correctly reflected in your commit message? (e.g. feat!: breaking change)
• Did you run lint (yarn lint:check) and fix any issues? (yarn lint:write)
• Did you follow the contribution guidelines?

---

PR-Codex overview

This PR introduces a new Signer Java SDK for handling cryptographic operations, including signing and verification of payloads. It adds essential classes for exception handling, key management, and testing, while updating the project configuration and dependencies.

Detailed summary

• Added NoTEKException, NoInjectedBundleException, and StamperNotInitializedException classes for error handling.
• Introduced TEKManager class for managing encryption keys.
• Created Stamper class for signing payloads.
• Added StamperTests for unit testing functionality.
• Updated pom.xml with new dependencies and project metadata.
• Added build instructions in README.md.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
aa-sdk-site	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Mar 7, 2025 3:22pm
aa-sdk-ui-demo	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Mar 7, 2025 3:22pm

[graphite-app]

How to use the Graphite Merge Queue

Add the label graphite-merge-queue to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

[moldy530]

Nice yea this looks good to me mostly. Only feedback is around making sure we can handle the case where someone might want to:

1. use our code to generate a KeysetHandle for a TEK that they then would store externally
2. use externally stored TEK to get an instance of the stamper / signer later

[moldy530]

this should probably be static. One possible flow is creating a TEK and storing it somewhere, so it could be that this stamper is initialized with a TEK that's externally managed

[moldy530]

is it more convenient / efficient to just skip this conversion and store the keys as byte[] in this class?

[moldy530]

ah yea here is what I was thinking we could skip if the stamper just stores the keys as bytes

[moldy530]

LGTM with a few comments. will let @mokok123 comment as well

[moldy530]

is this a construction flow we want to enable? you kinda always need a TEK manager to make this work.

I think we should have the following in addition to the one above:

public Stamper(targetPrivateKeyHex: String) {}

public Stamper(targetPrivateKey: byte[]) {}

public Stamper(targetKeySet: KeysetHandle) {}

// maybe these too?
public Stamper(targetPrivateKeyHex: String, bundle: String) {}

public Stamper(targetPrivateKey: byte[], bundle: String) {}

public Stamper(targetKeySet: KeysetHandle, bundle: String) {}

[moldy530]

nit:

Suggested change