infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-05-20 02:17:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge

Browse Source
This commit is contained in:
Alan Bateman 2011-04-11 12:52:39 +01:00
commit 4eb37f220f
15 changed files with 2246 additions and 410 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
jdk/src/share/classes/java/lang/Character.java
View File

@ -4184,9 +4184,11 @@ class Character implements java.io.Serializable, Comparable<Character> {
aliases.put("AVST", AVESTAN);
aliases.put("BALI", BALINESE);
aliases.put("BAMU", BAMUM);
aliases.put("BATK", BATAK);
aliases.put("BENG", BENGALI);
aliases.put("BOPO", BOPOMOFO);
aliases.put("BRAI", BRAILLE);
aliases.put("BRAH", BRAHMI);
aliases.put("BUGI", BUGINESE);
aliases.put("BUHD", BUHID);
aliases.put("CANS", CANADIAN_ABORIGINAL);
@ -4230,6 +4232,7 @@ class Character implements java.io.Serializable, Comparable<Character> {
aliases.put("LISU", LISU);
aliases.put("LYCI", LYCIAN);
aliases.put("LYDI", LYDIAN);
aliases.put("MAND", MANDAIC);
aliases.put("MLYM", MALAYALAM);
aliases.put("MONG", MONGOLIAN);
aliases.put("MTEI", MEETEI_MAYEK);

32
jdk/src/share/classes/java/util/concurrent/ForkJoinPool.java
View File

@ -791,18 +791,19 @@ public class ForkJoinPool extends AbstractExecutorService {
/**
* Tries to enqueue worker w in wait queue and await change in
* worker's eventCount. If the pool is quiescent, possibly
* terminates worker upon exit. Otherwise, before blocking,
* rescans queues to avoid missed signals. Upon finding work,
* releases at least one worker (which may be the current
* worker). Rescans restart upon detected staleness or failure to
* release due to contention. Note the unusual conventions about
* Thread.interrupt here and elsewhere: Because interrupts are
* used solely to alert threads to check termination, which is
* checked here anyway, we clear status (using Thread.interrupted)
* before any call to park, so that park does not immediately
* return due to status being set via some other unrelated call to
* interrupt in user code.
* worker's eventCount. If the pool is quiescent and there is
* more than one worker, possibly terminates worker upon exit.
* Otherwise, before blocking, rescans queues to avoid missed
* signals. Upon finding work, releases at least one worker
* (which may be the current worker). Rescans restart upon
* detected staleness or failure to release due to
* contention. Note the unusual conventions about Thread.interrupt
* here and elsewhere: Because interrupts are used solely to alert
* threads to check termination, which is checked here anyway, we
* clear status (using Thread.interrupted) before any call to
* park, so that park does not immediately return due to status
* being set via some other unrelated call to interrupt in user
* code.
*
* @param w the calling worker
* @param c the ctl value on entry
@ -823,7 +824,7 @@ public class ForkJoinPool extends AbstractExecutorService {
else if (w.eventCount != v)
return true; // update next time
}
if (parallelism + (int)(nc >> AC_SHIFT) == 0 &&
if ((int)c != 0 && parallelism + (int)(nc >> AC_SHIFT) == 0 &&
blockedCount == 0 && quiescerCount == 0)
idleAwaitWork(w, nc, c, v); // quiescent
for (boolean rescanned = false;;) {
@ -893,7 +894,8 @@ public class ForkJoinPool extends AbstractExecutorService {
w.parked = false;
if (w.eventCount != v)
break;
else if (System.nanoTime() - startTime < SHRINK_RATE)
else if (System.nanoTime() - startTime <
SHRINK_RATE - (SHRINK_RATE / 10)) // timing slop
Thread.interrupted(); // spurious wakeup
else if (UNSAFE.compareAndSwapLong(this, ctlOffset,
currentCtl, prevCtl)) {
@ -1175,7 +1177,7 @@ public class ForkJoinPool extends AbstractExecutorService {
ws[k] = w;
nextWorkerIndex = k + 1;
int m = g & SMASK;
g = k >= m? ((m << 1) + 1) & SMASK : g + (SG_UNIT<<1);
g = k > m? ((m << 1) + 1) & SMASK : g + (SG_UNIT<<1);
}
} finally {
scanGuard = g;

22
jdk/src/share/classes/java/util/jar/JarFile.java
View File

@ -37,6 +37,7 @@ import java.security.CodeSource;
import sun.security.action.GetPropertyAction;
import sun.security.util.ManifestEntryVerifier;
import sun.misc.SharedSecrets;
import sun.security.util.SignatureFileVerifier;
/**
* The <code>JarFile</code> class is used to read the contents of a jar file
@ -178,7 +179,7 @@ class JarFile extends ZipFile {
byte[] b = getBytes(manEntry);
man = new Manifest(new ByteArrayInputStream(b));
if (!jvInitialized) {
jv = new JarVerifier(b);
jv = new JarVerifier(b, man);
}
} else {
man = new Manifest(super.getInputStream(manEntry));
@ -297,10 +298,7 @@ class JarFile extends ZipFile {
if (names != null) {
for (int i = 0; i < names.length; i++) {
String name = names[i].toUpperCase(Locale.ENGLISH);
if (name.endsWith(".DSA") ||
name.endsWith(".RSA") ||
name.endsWith(".EC") ||
name.endsWith(".SF")) {
if (SignatureFileVerifier.isBlockOrSF(name)) {
// Assume since we found a signature-related file
// that the jar is signed and that we therefore
// need a JarVerifier and Manifest
@ -329,17 +327,17 @@ class JarFile extends ZipFile {
if (names != null) {
for (int i = 0; i < names.length; i++) {
JarEntry e = getJarEntry(names[i]);
if (!e.isDirectory()) {
if (!e.isDirectory() &&
SignatureFileVerifier.isBlock(names[i])) {
if (mev == null) {
mev = new ManifestEntryVerifier
(getManifestFromReference());
}
byte[] b = getBytes(e);
if (b != null && b.length > 0) {
jv.beginEntry(e, mev);
jv.update(b.length, b, 0, b.length, mev);
jv.update(-1, null, 0, 0, mev);
}
String key = names[i].substring(
0, names[i].lastIndexOf("."));
jv.verifyBlock(names[i],
getBytes(e),
super.getInputStream(getJarEntry(key + ".SF")));
}
}
}

4
jdk/src/share/classes/java/util/jar/JarInputStream.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -95,7 +95,7 @@ class JarInputStream extends ZipInputStream {
man.read(new ByteArrayInputStream(bytes));
closeEntry();
if (doVerify) {
jv = new JarVerifier(bytes);
jv = new JarVerifier(bytes, man);
mev = new ManifestEntryVerifier(man);
}
return (JarEntry)super.getNextEntry();

224
jdk/src/share/classes/java/util/jar/JarVerifier.java
View File

@ -48,35 +48,18 @@ class JarVerifier {
/* a table mapping names to code signers, for jar entries that have
had their actual hashes verified */
private Hashtable verifiedSigners;
private Map verifiedSigners;
/* a table mapping names to code signers, for jar entries that have
passed the .SF/.DSA/.EC -> MANIFEST check */
private Hashtable sigFileSigners;
/* a hash table to hold .SF bytes */
private Hashtable sigFileData;
/** "queue" of pending PKCS7 blocks that we couldn't parse
* until we parsed the .SF file */
private ArrayList pendingBlocks;
private Map sigFileSigners;
/* cache of CodeSigner objects */
private ArrayList signerCache;
/* Are we parsing a block? */
private boolean parsingBlockOrSF = false;
/* Are we done parsing META-INF entries? */
private boolean parsingMeta = true;
/* Are there are files to verify? */
private boolean anyToVerify = true;
/* The output stream to use when keeping track of files we are interested
in */
private ByteArrayOutputStream baos;
/** The ManifestDigester object */
private volatile ManifestDigester manDig;
@ -92,20 +75,20 @@ class JarVerifier {
/** collect -DIGEST-MANIFEST values for blacklist */
private List manifestDigests;
public JarVerifier(byte rawBytes[]) {
/** The manifest object */
Manifest man = null;
public JarVerifier(byte rawBytes[], Manifest man) {
this.man = man;
manifestRawBytes = rawBytes;
sigFileSigners = new Hashtable();
verifiedSigners = new Hashtable();
sigFileData = new Hashtable(11);
pendingBlocks = new ArrayList();
baos = new ByteArrayOutputStream();
sigFileSigners = new HashMap();
verifiedSigners = new HashMap();
manifestDigests = new ArrayList();
}
/**
* This method scans to see which entry we're parsing and
* keeps various state information depending on what type of
* file is being parsed.
* This method scans to see which entry we're parsing and keeps
* various state information depending on the file being parsed.
*/
public void beginEntry(JarEntry je, ManifestEntryVerifier mev)
throws IOException
@ -129,30 +112,6 @@ class JarVerifier {
* b. digest mismatch between the actual jar entry and the manifest
*/
if (parsingMeta) {
String uname = name.toUpperCase(Locale.ENGLISH);
if ((uname.startsWith("META-INF/") ||
uname.startsWith("/META-INF/"))) {
if (je.isDirectory()) {
mev.setEntry(null, je);
return;
}
if (SignatureFileVerifier.isBlockOrSF(uname)) {
/* We parse only DSA, RSA or EC PKCS7 blocks. */
parsingBlockOrSF = true;
baos.reset();
mev.setEntry(null, je);
}
return;
}
}
if (parsingMeta) {
doneWithMeta();
}
if (je.isDirectory()) {
mev.setEntry(null, je);
return;
@ -188,11 +147,7 @@ class JarVerifier {
throws IOException
{
if (b != -1) {
if (parsingBlockOrSF) {
baos.write(b);
} else {
mev.update((byte)b);
}
mev.update((byte)b);
} else {
processEntry(mev);
}
@ -207,11 +162,7 @@ class JarVerifier {
throws IOException
{
if (n != -1) {
if (parsingBlockOrSF) {
baos.write(b, off, n);
} else {
mev.update(b, off, n);
}
mev.update(b, off, n);
} else {
processEntry(mev);
}
@ -223,101 +174,10 @@ class JarVerifier {
private void processEntry(ManifestEntryVerifier mev)
throws IOException
{
if (!parsingBlockOrSF) {
JarEntry je = mev.getEntry();
if ((je != null) && (je.signers == null)) {
je.signers = mev.verify(verifiedSigners, sigFileSigners);
je.certs = mapSignersToCertArray(je.signers);
}
} else {
try {
parsingBlockOrSF = false;
if (debug != null) {
debug.println("processEntry: processing block");
}
String uname = mev.getEntry().getName()
.toUpperCase(Locale.ENGLISH);
if (uname.endsWith(".SF")) {
String key = uname.substring(0, uname.length()-3);
byte bytes[] = baos.toByteArray();
// add to sigFileData in case future blocks need it
sigFileData.put(key, bytes);
// check pending blocks, we can now process
// anyone waiting for this .SF file
Iterator it = pendingBlocks.iterator();
while (it.hasNext()) {
SignatureFileVerifier sfv =
(SignatureFileVerifier) it.next();
if (sfv.needSignatureFile(key)) {
if (debug != null) {
debug.println(
"processEntry: processing pending block");
}
sfv.setSignatureFile(bytes);
sfv.process(sigFileSigners, manifestDigests);
}
}
return;
}
// now we are parsing a signature block file
String key = uname.substring(0, uname.lastIndexOf("."));
if (signerCache == null)
signerCache = new ArrayList();
if (manDig == null) {
synchronized(manifestRawBytes) {
if (manDig == null) {
manDig = new ManifestDigester(manifestRawBytes);
manifestRawBytes = null;
}
}
}
SignatureFileVerifier sfv =
new SignatureFileVerifier(signerCache,
manDig, uname, baos.toByteArray());
if (sfv.needSignatureFileBytes()) {
// see if we have already parsed an external .SF file
byte[] bytes = (byte[]) sigFileData.get(key);
if (bytes == null) {
// put this block on queue for later processing
// since we don't have the .SF bytes yet
// (uname, block);
if (debug != null) {
debug.println("adding pending block");
}
pendingBlocks.add(sfv);
return;
} else {
sfv.setSignatureFile(bytes);
}
}
sfv.process(sigFileSigners, manifestDigests);
} catch (IOException ioe) {
// e.g. sun.security.pkcs.ParsingException
if (debug != null) debug.println("processEntry caught: "+ioe);
// ignore and treat as unsigned
} catch (SignatureException se) {
if (debug != null) debug.println("processEntry caught: "+se);
// ignore and treat as unsigned
} catch (NoSuchAlgorithmException nsae) {
if (debug != null) debug.println("processEntry caught: "+nsae);
// ignore and treat as unsigned
} catch (CertificateException ce) {
if (debug != null) debug.println("processEntry caught: "+ce);
// ignore and treat as unsigned
}
JarEntry je = mev.getEntry();
if ((je != null) && (je.signers == null)) {
je.signers = mev.verify(verifiedSigners, sigFileSigners);
je.certs = mapSignersToCertArray(je.signers);
}
}
@ -354,15 +214,15 @@ class JarVerifier {
* Force a read of the entry data to generate the
* verification hash.
*/
try {
InputStream s = jar.getInputStream(entry);
try (InputStream s = jar.getInputStream(entry)) {
byte[] buffer = new byte[1024];
int n = buffer.length;
while (n != -1) {
n = s.read(buffer, 0, buffer.length);
}
s.close();
} catch (IOException e) {
// Ignore. When an exception is thrown, code signer
// will not be assigned.
}
}
return getCodeSigners(name);
@ -408,11 +268,7 @@ class JarVerifier {
*/
void doneWithMeta()
{
parsingMeta = false;
anyToVerify = !sigFileSigners.isEmpty();
baos = null;
sigFileData = null;
pendingBlocks = null;
signerCache = null;
manDig = null;
// MANIFEST.MF is always treated as signed and verified,
@ -423,6 +279,41 @@ class JarVerifier {
}
}
/**
* Verifies a PKCS7 SignedData block
* @param key name of block
* @param block the pkcs7 file
* @param ins the clear data
*/
void verifyBlock(String key, byte[] block, InputStream ins) {
try {
if (signerCache == null)
signerCache = new ArrayList();
if (manDig == null) {
synchronized(manifestRawBytes) {
if (manDig == null) {
manDig = new ManifestDigester(manifestRawBytes);
manifestRawBytes = null;
}
}
}
SignatureFileVerifier sfv =
new SignatureFileVerifier(signerCache, man,
manDig, key, block);
if (sfv.needSignatureFile()) {
// see if we have already parsed an external .SF file
sfv.setSignatureFile(ins);
}
sfv.process(sigFileSigners, manifestDigests);
} catch (Exception e) {
if (debug != null) {
e.printStackTrace();
}
}
}
static class VerifierStream extends java.io.InputStream {
private InputStream is;
@ -553,10 +444,7 @@ class JarVerifier {
* but this handles a CodeSource of any type, just in case.
*/
CodeSource[] sources = mapSignersToCodeSources(cs.getLocation(), getJarCodeSigners(), true);
List sourceList = new ArrayList();
for (int i = 0; i < sources.length; i++) {
sourceList.add(sources[i]);
}
List sourceList = Arrays.asList(sources);
int j = sourceList.indexOf(cs);
if (j != -1) {
CodeSigner[] match;

6
jdk/src/share/classes/sun/security/jgss/krb5/InitSecContextToken.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -127,8 +127,8 @@ class InitSecContextToken extends InitialToken {
//System.out.println("Sub-Session Key Missing in Authenticator.\n");
}
OverloadedChecksum gssChecksum =
new OverloadedChecksum(context, apReq.getChecksum(), sessionKey);
OverloadedChecksum gssChecksum = new OverloadedChecksum(
context, apReq.getChecksum(), sessionKey, subKey);
gssChecksum.setContextFlags(context);
Credentials delegCred = gssChecksum.getDelegatedCreds();
if (delegCred != null) {

20
jdk/src/share/classes/sun/security/jgss/krb5/InitialToken.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -210,8 +210,8 @@ abstract class InitialToken extends Krb5Token {
// be passed in if this checksum type denotes a
// raw_checksum. In that case, make Checksum class krb5
// internal.
public OverloadedChecksum(Krb5Context context,
Checksum checksum, EncryptionKey key)
public OverloadedChecksum(Krb5Context context, Checksum checksum,
EncryptionKey key, EncryptionKey subKey)
throws GSSException, KrbException, IOException {
int pos = 0;
@ -283,9 +283,17 @@ abstract class InitialToken extends Krb5Token {
new KrbCred(credBytes, EncryptionKey.NULL_KEY).
getDelegatedCreds()[0];
} else {
delegCreds =
new KrbCred(credBytes, key).
getDelegatedCreds()[0];
KrbCred cred;
try {
cred = new KrbCred(credBytes, key);
} catch (KrbException e) {
if (subKey != null) {
cred = new KrbCred(credBytes, subKey);
} else {
throw e;
}
}
delegCreds = cred.getDelegatedCreds()[0];
}
}
}

178
jdk/src/share/classes/sun/security/pkcs/PKCS7.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -38,6 +38,7 @@ import java.security.*;
import sun.security.util.*;
import sun.security.x509.AlgorithmId;
import sun.security.x509.CertificateIssuerName;
import sun.security.x509.KeyUsageExtension;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;
import sun.security.x509.X509CRLImpl;
@ -492,7 +493,7 @@ public class PKCS7 {
// CRLs (optional)
if (crls != null && crls.length != 0) {
// cast to X509CRLImpl[] since X509CRLImpl implements DerEncoder
Set<X509CRLImpl> implCRLs = new HashSet<X509CRLImpl>(crls.length);
Set<X509CRLImpl> implCRLs = new HashSet<>(crls.length);
for (X509CRL crl: crls) {
if (crl instanceof X509CRLImpl)
implCRLs.add((X509CRLImpl) crl);
@ -529,6 +530,168 @@ public class PKCS7 {
block.encode(out);
}
/**
* Verifying signed data using an external chunked data source.
*/
public static class PKCS7Verifier {
private final SignerInfo si; // Signer to verify
private final MessageDigest md; // MessageDigest object for chunks
private final Signature sig; // Signature object for chunks
private PKCS7Verifier(SignerInfo si, MessageDigest md, Signature sig) {
this.si = si;
this.md = md;
this.sig = sig;
}
public static PKCS7Verifier from(PKCS7 block, SignerInfo si) throws
SignatureException, NoSuchAlgorithmException {
try {
MessageDigest md = null;
Signature sig;
ContentInfo content = block.getContentInfo();
String digestAlgname = si.getDigestAlgorithmId().getName();
// if there are authenticate attributes, feed data chunks to
// the message digest. In this case, pv.md is not null
if (si.authenticatedAttributes != null) {
// first, check content type
ObjectIdentifier contentType = (ObjectIdentifier)
si.authenticatedAttributes.getAttributeValue(
PKCS9Attribute.CONTENT_TYPE_OID);
if (contentType == null ||
!contentType.equals(content.contentType))
return null; // contentType does not match, bad SignerInfo
// now, check message digest
byte[] messageDigest = (byte[])
si.authenticatedAttributes.getAttributeValue(
PKCS9Attribute.MESSAGE_DIGEST_OID);
if (messageDigest == null) // fail if there is no message digest
return null;
md = MessageDigest.getInstance(digestAlgname);
}
// put together digest algorithm and encryption algorithm
// to form signing algorithm
String encryptionAlgname =
si.getDigestEncryptionAlgorithmId().getName();
// Workaround: sometimes the encryptionAlgname is actually
// a signature name
String tmp = AlgorithmId.getEncAlgFromSigAlg(encryptionAlgname);
if (tmp != null) encryptionAlgname = tmp;
String algname = AlgorithmId.makeSigAlg(
digestAlgname, encryptionAlgname);
sig = Signature.getInstance(algname);
X509Certificate cert = si.getCertificate(block);
if (cert == null) {
return null;
}
if (cert.hasUnsupportedCriticalExtension()) {
throw new SignatureException("Certificate has unsupported "
+ "critical extension(s)");
}
// Make sure that if the usage of the key in the certificate is
// restricted, it can be used for digital signatures.
// XXX We may want to check for additional extensions in the
// future.
boolean[] keyUsageBits = cert.getKeyUsage();
if (keyUsageBits != null) {
KeyUsageExtension keyUsage;
try {
// We don't care whether or not this extension was marked
// critical in the certificate.
// We're interested only in its value (i.e., the bits set)
// and treat the extension as critical.
keyUsage = new KeyUsageExtension(keyUsageBits);
} catch (IOException ioe) {
throw new SignatureException("Failed to parse keyUsage "
+ "extension");
}
boolean digSigAllowed = ((Boolean)keyUsage.get(
KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue();
boolean nonRepuAllowed = ((Boolean)keyUsage.get(
KeyUsageExtension.NON_REPUDIATION)).booleanValue();
if (!digSigAllowed && !nonRepuAllowed) {
throw new SignatureException("Key usage restricted: "
+ "cannot be used for "
+ "digital signatures");
}
}
PublicKey key = cert.getPublicKey();
sig.initVerify(key);
return new PKCS7Verifier(si, md, sig);
} catch (IOException e) {
throw new SignatureException("IO error verifying signature:\n" +
e.getMessage());
} catch (InvalidKeyException e) {
throw new SignatureException("InvalidKey: " + e.getMessage());
}
}
public void update(byte[] data, int off, int end)
throws SignatureException {
if (md != null) {
md.update(data, off, end-off);
} else {
sig.update(data, off, end-off);
}
}
public SignerInfo verify() throws SignatureException {
try {
// if there are authenticate attributes, get the message
// digest and compare it with the digest of data
if (md != null) {
// now, check message digest
byte[] messageDigest = (byte[])
si.authenticatedAttributes.getAttributeValue(
PKCS9Attribute.MESSAGE_DIGEST_OID);
byte[] computedMessageDigest = md.digest();
if (!MessageDigest.isEqual(
messageDigest, computedMessageDigest)) {
return null;
}
// message digest attribute matched
// digest of original data
// the data actually signed is the DER encoding of
// the authenticated attributes (tagged with
// the "SET OF" tag, not 0xA0).
byte[] dataSigned = si.authenticatedAttributes.getDerEncoding();
sig.update(dataSigned);
}
if (sig.verify(si.getEncryptedDigest())) {
return si;
}
} catch (IOException e) {
throw new SignatureException("IO error verifying signature:\n" +
e.getMessage());
}
return null;
}
}
/**
* This verifies a given SignerInfo.
*
@ -554,19 +717,16 @@ public class PKCS7 {
public SignerInfo[] verify(byte[] bytes)
throws NoSuchAlgorithmException, SignatureException {
Vector<SignerInfo> intResult = new Vector<SignerInfo>();
List<SignerInfo> intResult = new ArrayList<>();
for (int i = 0; i < signerInfos.length; i++) {
SignerInfo signerInfo = verify(signerInfos[i], bytes);
if (signerInfo != null) {
intResult.addElement(signerInfo);
intResult.add(signerInfo);
}
}
if (intResult.size() != 0) {
SignerInfo[] result = new SignerInfo[intResult.size()];
intResult.copyInto(result);
return result;
if (!intResult.isEmpty()) {
return intResult.toArray(new SignerInfo[intResult.size()]);
}
return null;
}

138
jdk/src/share/classes/sun/security/pkcs/SignerInfo.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -230,7 +230,7 @@ public class SignerInfo implements DerEncoder {
if (userCert == null)
return null;
ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
ArrayList<X509Certificate> certList = new ArrayList<>();
certList.add(userCert);
X509Certificate[] pkcsCerts = block.getCertificates();
@ -276,132 +276,20 @@ public class SignerInfo implements DerEncoder {
/* Returns null if verify fails, this signerInfo if
verify succeeds. */
SignerInfo verify(PKCS7 block, byte[] data)
throws NoSuchAlgorithmException, SignatureException {
throws NoSuchAlgorithmException, SignatureException {
try {
ContentInfo content = block.getContentInfo();
if (data == null) {
data = content.getContentBytes();
PKCS7.PKCS7Verifier p7v = PKCS7.PKCS7Verifier.from(block, this);
if (p7v == null) return null;
if (data == null) {
try {
data = block.getContentInfo().getContentBytes();
} catch (IOException e) {
throw new SignatureException("IO error verifying signature:\n" +
e.getMessage());
}
String digestAlgname = getDigestAlgorithmId().getName();
byte[] dataSigned;
// if there are authenticate attributes, get the message
// digest and compare it with the digest of data
if (authenticatedAttributes == null) {
dataSigned = data;
} else {
// first, check content type
ObjectIdentifier contentType = (ObjectIdentifier)
authenticatedAttributes.getAttributeValue(
PKCS9Attribute.CONTENT_TYPE_OID);
if (contentType == null ||
!contentType.equals(content.contentType))
return null; // contentType does not match, bad SignerInfo
// now, check message digest
byte[] messageDigest = (byte[])
authenticatedAttributes.getAttributeValue(
PKCS9Attribute.MESSAGE_DIGEST_OID);
if (messageDigest == null) // fail if there is no message digest
return null;
MessageDigest md = MessageDigest.getInstance(digestAlgname);
byte[] computedMessageDigest = md.digest(data);
if (messageDigest.length != computedMessageDigest.length)
return null;
for (int i = 0; i < messageDigest.length; i++) {
if (messageDigest[i] != computedMessageDigest[i])
return null;
}
// message digest attribute matched
// digest of original data
// the data actually signed is the DER encoding of
// the authenticated attributes (tagged with
// the "SET OF" tag, not 0xA0).
dataSigned = authenticatedAttributes.getDerEncoding();
}
// put together digest algorithm and encryption algorithm
// to form signing algorithm
String encryptionAlgname =
getDigestEncryptionAlgorithmId().getName();
// Workaround: sometimes the encryptionAlgname is actually
// a signature name
String tmp = AlgorithmId.getEncAlgFromSigAlg(encryptionAlgname);
if (tmp != null) encryptionAlgname = tmp;
String algname = AlgorithmId.makeSigAlg(
digestAlgname, encryptionAlgname);
Signature sig = Signature.getInstance(algname);
X509Certificate cert = getCertificate(block);
if (cert == null) {
return null;
}
if (cert.hasUnsupportedCriticalExtension()) {
throw new SignatureException("Certificate has unsupported "
+ "critical extension(s)");
}
// Make sure that if the usage of the key in the certificate is
// restricted, it can be used for digital signatures.
// XXX We may want to check for additional extensions in the
// future.
boolean[] keyUsageBits = cert.getKeyUsage();
if (keyUsageBits != null) {
KeyUsageExtension keyUsage;
try {
// We don't care whether or not this extension was marked
// critical in the certificate.
// We're interested only in its value (i.e., the bits set)
// and treat the extension as critical.
keyUsage = new KeyUsageExtension(keyUsageBits);
} catch (IOException ioe) {
throw new SignatureException("Failed to parse keyUsage "
+ "extension");
}
boolean digSigAllowed = ((Boolean)keyUsage.get(
KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue();
boolean nonRepuAllowed = ((Boolean)keyUsage.get(
KeyUsageExtension.NON_REPUDIATION)).booleanValue();
if (!digSigAllowed && !nonRepuAllowed) {
throw new SignatureException("Key usage restricted: "
+ "cannot be used for "
+ "digital signatures");
}
}
PublicKey key = cert.getPublicKey();
sig.initVerify(key);
sig.update(dataSigned);
if (sig.verify(encryptedDigest)) {
return this;
}
} catch (IOException e) {
throw new SignatureException("IO error verifying signature:\n" +
e.getMessage());
} catch (InvalidKeyException e) {
throw new SignatureException("InvalidKey: " + e.getMessage());
}
return null;
p7v.update(data, 0, data.length);
return p7v.verify();
}
/* Verify the content of the pkcs7 block. */

6
jdk/src/share/classes/sun/security/util/ManifestEntryVerifier.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -191,8 +191,8 @@ public class ManifestEntryVerifier {
*
*
*/
public CodeSigner[] verify(Hashtable<String, CodeSigner[]> verifiedSigners,
Hashtable<String, CodeSigner[]> sigFileSigners)
public CodeSigner[] verify(Map<String, CodeSigner[]> verifiedSigners,
Map<String, CodeSigner[]> sigFileSigners)
throws JarException
{
if (skip) {

251
jdk/src/share/classes/sun/security/util/SignatureFileManifest.java Normal file
View File

@ -0,0 +1,251 @@
/*
* Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.util;
import java.io.IOException;
import java.io.InputStream;
import java.util.Arrays;
import java.util.jar.Attributes;
import java.util.jar.Manifest;
/**
* This class provides streaming mode reading of manifest files.
* Used by {@link SignatureFileVerifier}.
*/
class SignatureFileManifest extends Manifest {
/*
* Reading a manifest into this object by calling update(byte[]) on chunks.
* During the reading, the bytes are saved in (@code current} until a line
* is complete and the key-value pair is saved in {@code currentAttr}. When
* a section is complete, {@code consumeAttr} is called to merge
* {@code currentAttr} into main attributes or a named entry.
*/
// Internal state during update() style reading
// 0. not in update mode
// 1, in update mode but main attributes not completed yet
// 2. main attributes completed, still reading the entries
private int state = 0;
// The partial line read
private byte[] current;
// Number of bytes in current
private int currentPos = 0;
// The current Attribute
private Attributes currentAttr;
/**
* Reads a manifest in chunks.
* <p>
* This method must be called in a row, reading chunks from a single
* manifest file by order. After all chunks are read, caller must call
* {@code update(null)} to fully consume the manifest.
* <p>
* The entry names and attributes read will be merged in with the current
* manifest entries. The {@link #read} method cannot be called inside a
* row of update calls.
* <p>
* Along with the calls, caller can call {@link #getMainAttributes()},
* {@link #getAttributes(java.lang.String)} or {@link #getEntries()}
* to get already available contents. However, in order not to return
* partial result, when the main attributes in the new manifest is not
* consumed completely, {@link #getMainAttributes()} throws an
* {@code IllegalStateException}. When a certain named entry is not
* consumed completely, {@link #getAttributes(java.lang.String)}
* returns the old {@code Attributes} for the name (if it exists).
*
* @param data null for last call, otherwise, feeding chunks
* @param offset offset into data to begin read
* @param length length of data after offset to read
* @exception IOException if an I/O error has occurred
* @exception IllegalStateException if {@code update(null)} is called
* without any previous {@code update(non-null)} call
*/
public void update(byte[] data, int offset, int length) throws IOException {
// The last call
if (data == null) {
if (state == 0) {
throw new IllegalStateException("No data to update");
}
// We accept manifest not ended with \n or \n\n
if (hasLastByte()) {
consumeCurrent();
}
// We accept empty lines at the end
if (!currentAttr.isEmpty()) {
consumeAttr();
}
state = 0; // back to non-update state
current = null;
currentAttr = null;
return;
}
// The first call
if (state == 0) {
current = new byte[1024];
currentAttr = super.getMainAttributes(); // the main attribute
state = 1;
}
int end = offset + length;
while (offset < end) {
switch (data[offset]) {
case '\r':
break; // always skip
case '\n':
if (hasLastByte() && lastByte() == '\n') { // new section
consumeCurrent();
consumeAttr();
if (state == 1) {
state = 2;
}
currentAttr = new Attributes(2);
} else {
if (hasLastByte()) {
// save \n into current but do not parse,
// there might be a continuation later
ensureCapacity();
current[currentPos++] = data[offset];
} else if (state == 1) {
// there can be multiple empty lines between
// sections, but cannot be at the beginning
throw new IOException("invalid manifest format");
}
}
break;
case ' ':
if (!hasLastByte()) {
throw new IOException("invalid manifest format");
} else if (lastByte() == '\n') {
currentPos--; // continuation, remove last \n
} else { // a very normal ' '
ensureCapacity();
current[currentPos++] = data[offset];
}
break;
default:
if (hasLastByte() && lastByte() == '\n') {
// The start of a new pair, not continuation
consumeCurrent(); // the last line read
}
ensureCapacity();
current[currentPos++] = data[offset];
break;
}
offset++;
}
}
/**
* Returns the main Attributes for the Manifest.
* @exception IllegalStateException the main attributes is being read
* @return the main Attributes for the Manifest
*/
public Attributes getMainAttributes() {
if (state == 1) {
throw new IllegalStateException();
}
return super.getMainAttributes();
}
/**
* Reads the Manifest from the specified InputStream. The entry
* names and attributes read will be merged in with the current
* manifest entries.
*
* @param is the input stream
* @exception IOException if an I/O error has occurred
* @exception IllegalStateException if called between two {@link #update}
* calls
*/
public void read(InputStream is) throws IOException {
if (state != 0) {
throw new IllegalStateException("Cannot call read between updates");
}
super.read(is);
}
/*
* ---------- Helper methods -----------------
*/
private void ensureCapacity() {
if (currentPos >= current.length-1) {
current = Arrays.copyOf(current, current.length*2);
}
}
private boolean hasLastByte() {
return currentPos > 0;
}
private byte lastByte() {
return current[currentPos-1];
}
// Parse current as key:value and save into currentAttr.
// There MUST be something inside current.
private void consumeCurrent() throws IOException {
// current normally has a \n end, except for the last line
if (current[currentPos-1] == '\n') currentPos--;
for (int i=0; i<currentPos; i++) {
if (current[i] == ':') {
String key = new String(current, 0, 0, i);
i++;
while (i < currentPos && current[i] == ' ') { i++; }
String value = new String(current, i, currentPos-i, "UTF-8");
currentAttr.putValue(key, value);
currentPos = 0;
return;
}
}
throw new IOException("invalid header field");
}
// Merge currentAttr into Manifest
private void consumeAttr() throws IOException {
// Only needed for named entries. For the main attribute, key/value
// is added into attr directly, but since getMainAttributes() throws
// an exception, the partial data is not leaked.
if (state != 1) {
String name = currentAttr.getValue("Name");
if (name != null) {
currentAttr.remove(new Attributes.Name("Name"));
Attributes old = getAttributes(name);
if (old != null) old.putAll(currentAttr);
else getEntries().put(name, currentAttr);
} else {
throw new IOException("invalid manifest format");
}
}
}
}

172
jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java
View File

@ -55,8 +55,8 @@ public class SignatureFileVerifier {
/** the PKCS7 block for this .DSA/.RSA/.EC file */
private PKCS7 block;
/** the raw bytes of the .SF file */
private byte sfBytes[];
// the content of the raw .SF file as an InputStream
private InputStream sfStream;
/** the name of the signature block file, uppercased and without
* the extension (.DSA/.RSA/.EC)
@ -66,6 +66,9 @@ public class SignatureFileVerifier {
/** the ManifestDigester */
private ManifestDigester md;
/** The MANIFEST.MF */
private Manifest man;
/** cache of created MessageDigest objects */
private HashMap<String, MessageDigest> createdDigests;
@ -83,6 +86,7 @@ public class SignatureFileVerifier {
* @param rawBytes the raw bytes of the signature block file
*/
public SignatureFileVerifier(ArrayList<CodeSigner[]> signerCache,
Manifest man,
ManifestDigester md,
String name,
byte rawBytes[])
@ -94,13 +98,18 @@ public class SignatureFileVerifier {
try {
obj = Providers.startJarVerification();
block = new PKCS7(rawBytes);
sfBytes = block.getContentInfo().getData();
byte[] contentData = block.getContentInfo().getData();
if (contentData != null) {
sfStream = new ByteArrayInputStream(contentData);
}
certificateFactory = CertificateFactory.getInstance("X509");
} finally {
Providers.stopJarVerification(obj);
}
this.name = name.substring(0, name.lastIndexOf("."))
.toUpperCase(Locale.ENGLISH);
this.man = man;
this.md = md;
this.signerCache = signerCache;
}
@ -108,31 +117,13 @@ public class SignatureFileVerifier {
/**
* returns true if we need the .SF file
*/
public boolean needSignatureFileBytes()
public boolean needSignatureFile()
{
return sfBytes == null;
return sfStream == null;
}
/**
* returns true if we need this .SF file.
*
* @param name the name of the .SF file without the extension
*
*/
public boolean needSignatureFile(String name)
{
return this.name.equalsIgnoreCase(name);
}
/**
* used to set the raw bytes of the .SF file when it
* is external to the signature block file.
*/
public void setSignatureFile(byte sfBytes[])
{
this.sfBytes = sfBytes;
public void setSignatureFile(InputStream ins) {
this.sfStream = ins;
}
/**
@ -145,12 +136,18 @@ public class SignatureFileVerifier {
* Signature File or PKCS7 block file name
*/
public static boolean isBlockOrSF(String s) {
// we currently only support DSA and RSA PKCS7 blocks
if (s.endsWith(".SF") || s.endsWith(".DSA") ||
s.endsWith(".RSA") || s.endsWith(".EC")) {
return true;
}
return false;
return s.endsWith(".SF") || isBlock(s);
}
/**
* Utility method used by JarVerifier to determine PKCS7 block
* files names that are supported
*
* @param s file name
* @return true if the input file name is a PKCS7 block file name
*/
public static boolean isBlock(String s) {
return s.endsWith(".DSA") || s.endsWith(".RSA") || s.endsWith(".EC");
}
/** get digest from cache */
@ -180,7 +177,7 @@ public class SignatureFileVerifier {
*
*
*/
public void process(Hashtable<String, CodeSigner[]> signers,
public void process(Map<String, CodeSigner[]> signers,
List manifestDigests)
throws IOException, SignatureException, NoSuchAlgorithmException,
JarException, CertificateException
@ -197,31 +194,86 @@ public class SignatureFileVerifier {
}
private void processImpl(Hashtable<String, CodeSigner[]> signers,
private void processImpl(Map<String, CodeSigner[]> signers,
List manifestDigests)
throws IOException, SignatureException, NoSuchAlgorithmException,
JarException, CertificateException
{
Manifest sf = new Manifest();
sf.read(new ByteArrayInputStream(sfBytes));
SignatureFileManifest sf = new SignatureFileManifest();
InputStream ins = sfStream;
String version =
sf.getMainAttributes().getValue(Attributes.Name.SIGNATURE_VERSION);
byte[] buffer = new byte[4096];
int sLen = block.getSignerInfos().length;
boolean mainOK = false; // main attributes of SF is available...
boolean manifestSigned = false; // and it matches MANIFEST.MF
BASE64Decoder decoder = new BASE64Decoder();
if ((version == null) || !(version.equalsIgnoreCase("1.0"))) {
// XXX: should this be an exception?
// for now we just ignore this signature file
return;
PKCS7.PKCS7Verifier[] pvs = new PKCS7.PKCS7Verifier[sLen];
for (int i=0; i<sLen; i++) {
pvs[i] = PKCS7.PKCS7Verifier.from(block, block.getSignerInfos()[i]);
}
SignerInfo[] infos = block.verify(sfBytes);
/*
* Verify SF in streaming mode. The chunks of the file are fed into
* the Manifest object sf and all PKCS7Verifiers. As soon as the main
* attributes is available, we'll check if manifestSigned is true. If
* yes, there is no need to fill in sf's entries field, since it should
* be identical to entries in man.
*/
while (true) {
int len = ins.read(buffer);
if (len < 0) {
if (!manifestSigned) {
sf.update(null, 0, 0);
}
break;
} else {
for (int i=0; i<sLen; i++) {
if (pvs[i] != null) pvs[i].update(buffer, 0, len);
}
// Continue reading if verifyManifestHash fails (or, the
// main attributes is not available yet)
if (!manifestSigned) {
sf.update(buffer, 0, len);
if (!mainOK) {
try {
Attributes attr = sf.getMainAttributes();
String version = attr.getValue(
Attributes.Name.SIGNATURE_VERSION);
if (infos == null) {
if ((version == null) ||
!(version.equalsIgnoreCase("1.0"))) {
// XXX: should this be an exception?
// for now we just ignore this signature file
return;
}
mainOK = true;
manifestSigned = verifyManifestHash(
sf, md, decoder, manifestDigests);
} catch (IllegalStateException ise) {
// main attributes not available yet
}
}
}
}
}
List<SignerInfo> intResult = new ArrayList<>(sLen);
for (int i = 0; i < sLen; i++) {
if (pvs[i] != null) {
SignerInfo signerInfo = pvs[i].verify();
if (signerInfo != null) {
intResult.add(signerInfo);
}
}
}
if (intResult.isEmpty()) {
throw new SecurityException("cannot verify signature block file " +
name);
}
BASE64Decoder decoder = new BASE64Decoder();
SignerInfo[] infos =
intResult.toArray(new SignerInfo[intResult.size()]);
CodeSigner[] newSigners = getSigners(infos, block);
@ -229,26 +281,37 @@ public class SignatureFileVerifier {
if (newSigners == null)
return;
Iterator<Map.Entry<String,Attributes>> entries =
sf.getEntries().entrySet().iterator();
// see if we can verify the whole manifest first
boolean manifestSigned = verifyManifestHash(sf, md, decoder, manifestDigests);
// verify manifest main attributes
if (!manifestSigned && !verifyManifestMainAttrs(sf, md, decoder)) {
throw new SecurityException
("Invalid signature file digest for Manifest main attributes");
}
// go through each section in the signature file
Iterator<Map.Entry<String,Attributes>> entries;
if (manifestSigned) {
if (debug != null) {
debug.println("full manifest signature match, "
+ "update signer info from MANIFEST.MF");
}
entries = man.getEntries().entrySet().iterator();
} else {
if (debug != null) {
debug.println("full manifest signature unmatch, "
+ "update signer info from SF file");
}
entries = sf.getEntries().entrySet().iterator();
}
// go through each section
while(entries.hasNext()) {
Map.Entry<String,Attributes> e = entries.next();
String name = e.getKey();
if (manifestSigned ||
(verifySection(e.getValue(), name, md, decoder))) {
(verifySection(e.getValue(), name, md, decoder))) {
if (name.startsWith("./"))
name = name.substring(2);
@ -593,7 +656,6 @@ public class SignatureFileVerifier {
if (set == subset)
return true;
boolean match;
for (int i = 0; i < subset.length; i++) {
if (!contains(set, subset[i]))
return false;
@ -613,8 +675,6 @@ public class SignatureFileVerifier {
if ((oldSigners == null) && (signers == newSigners))
return true;
boolean match;
// make sure all oldSigners are in signers
if ((oldSigners != null) && !isSubSet(oldSigners, signers))
return false;
@ -638,7 +698,7 @@ public class SignatureFileVerifier {
}
void updateSigners(CodeSigner[] newSigners,
Hashtable<String, CodeSigner[]> signers, String name) {
Map<String, CodeSigner[]> signers, String name) {
CodeSigner[] oldSigners = signers.get(name);

70
jdk/test/java/lang/Character/CheckScript.java
View File

@ -1,34 +1,58 @@
/*
* Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* @test
* @bug 6945564 6959267
* @bug 6945564 6959267 7033561
* @summary Check that the j.l.Character.UnicodeScript
*/
import java.io.*;
import java.lang.reflect.*;
import java.util.*;
import java.util.regex.*;
import java.lang.Character.UnicodeScript;
public class CheckScript {
static BufferedReader open(String[] args) throws FileNotFoundException {
public static void main(String[] args) throws Exception {
File fScripts;
File fAliases;
if (args.length == 0) {
return new BufferedReader(new FileReader(new File(System.getProperty("test.src", "."), "Scripts.txt")));
} else if (args.length == 1) {
return new BufferedReader(new FileReader(args[0]));
fScripts = new File(System.getProperty("test.src", "."), "Scripts.txt");
fAliases = new File(System.getProperty("test.src", "."), "PropertyValueAliases.txt");
} else if (args.length == 2) {
fScripts = new File(args[0]);
fAliases = new File(args[1]);
} else {
System.out.println("java CharacterScript Scripts.txt");
System.out.println("java CharacterScript Scripts.txt PropertyValueAliases.txt");
throw new RuntimeException("Datafile name should be specified.");
}
}
public static void main(String[] args) throws Exception {
Matcher m = Pattern.compile("(\\p{XDigit}+)(?:\\.{2}(\\p{XDigit}+))?\\s+;\\s+(\\w+)\\s+#.*").matcher("");
String line = null;
HashMap<String,ArrayList<Integer>> scripts = new HashMap<>();
try (BufferedReader sbfr = open(args)) {
try (BufferedReader sbfr = new BufferedReader(new FileReader(fScripts))) {
while ((line = sbfr.readLine()) != null) {
if (line.length() <= 1 || line.charAt(0) == '#') {
continue;
@ -107,5 +131,29 @@ public class CheckScript {
}
}
}
// check all aliases
m = Pattern.compile("sc\\s*;\\s*(\\p{Alpha}{4})\\s*;\\s*([\\p{Alpha}|_]+)\\s*.*").matcher("");
line = null;
try (BufferedReader sbfr = new BufferedReader(new FileReader(fAliases))) {
while ((line = sbfr.readLine()) != null) {
if (line.length() <= 1 || line.charAt(0) == '#') {
continue;
}
m.reset(line);
if (m.matches()) {
String alias = m.group(1);
String name = m.group(2);
// HRKT -> Katakana_Or_Hiragana not supported
if ("HRKT".equals(alias.toUpperCase(Locale.ENGLISH)))
continue;
if (Character.UnicodeScript.forName(alias) !=
Character.UnicodeScript.forName(name)) {
throw new RuntimeException(
"UnicodeScript failed: alias<" + alias +
"> does not map to <" + name + ">");
}
}
}
}
}
}

1178
jdk/test/java/lang/Character/PropertyValueAliases.txt Normal file
View File

File diff suppressed because it is too large Load Diff

352
jdk/test/sun/security/krb5/KrbCredSubKey.java Normal file
View File

@ -0,0 +1,352 @@
/*
* Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* @test
* @bug 7030180
* @run main/othervm KrbCredSubKey
* @summary AES 128/256 decrypt exception
*/
import java.io.FileOutputStream;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSManager;
import sun.security.jgss.GSSUtil;
import sun.security.krb5.Config;
import sun.security.krb5.EncryptedData;
public class KrbCredSubKey {
public static void main(String[] args) throws Exception {
// We don't care about clock difference
new FileOutputStream("krb5.conf").write(
"[libdefaults]\nclockskew=999999999".getBytes());
System.setProperty("java.security.krb5.conf", "krb5.conf");
Config.refresh();
Subject subj = new Subject();
KerberosPrincipal kp = new KerberosPrincipal(princ);
KerberosKey kk = new KerberosKey(
kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
subj.getPrincipals().add(kp);
subj.getPrivateCredentials().add(kk);
Subject.doAs(subj, new PrivilegedExceptionAction() {
public Object run() throws Exception {
GSSManager man = GSSManager.getInstance();
GSSContext ctxt = man.createContext(man.createCredential(
null, GSSCredential.INDEFINITE_LIFETIME,
GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
return ctxt.acceptSecContext(token, 0, token.length);
}
});
}
// All following data generated by myself on a test machine
private static String princ = "server/host.rabbit.hole@RABBIT.HOLE";
// A aes-128 key for princ
private static byte[] key = {
(byte)0x83, (byte)0xA1, (byte)0xD6, (byte)0xE2,
(byte)0xC7, (byte)0x76, (byte)0xD5, (byte)0x24,
(byte)0x63, (byte)0x9F, (byte)0xF9, (byte)0xFF,
(byte)0x76, (byte)0x6D, (byte)0x26, (byte)0x30,
};
// A JGSS token generated by the first call of an initiator's
// initSecContext, targetting princ, using the authenticator
// subkey to encrypt the KRB_CRED inside AP_REQ
private static byte[] token = {
(byte)0x60, (byte)0x82, (byte)0x04, (byte)0x1C,
(byte)0x06, (byte)0x09, (byte)0x2A, (byte)0x86,
(byte)0x48, (byte)0x86, (byte)0xF7, (byte)0x12,
(byte)0x01, (byte)0x02, (byte)0x02, (byte)0x01,
(byte)0x00, (byte)0x6E, (byte)0x82, (byte)0x04,
(byte)0x0B, (byte)0x30, (byte)0x82, (byte)0x04,
(byte)0x07, (byte)0xA0, (byte)0x03, (byte)0x02,
(byte)0x01, (byte)0x05, (byte)0xA1, (byte)0x03,
(byte)0x02, (byte)0x01, (byte)0x0E, (byte)0xA2,
(byte)0x07, (byte)0x03, (byte)0x05, (byte)0x00,
(byte)0x20, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0xA3, (byte)0x82, (byte)0x01, (byte)0x04,
(byte)0x61, (byte)0x82, (byte)0x01, (byte)0x00,
(byte)0x30, (byte)0x81, (byte)0xFD, (byte)0xA0,
(byte)0x03, (byte)0x02, (byte)0x01, (byte)0x05,
(byte)0xA1, (byte)0x0D, (byte)0x1B, (byte)0x0B,
(byte)0x52, (byte)0x41, (byte)0x42, (byte)0x42,
(byte)0x49, (byte)0x54, (byte)0x2E, (byte)0x48,
(byte)0x4F, (byte)0x4C, (byte)0x45, (byte)0xA2,
(byte)0x25, (byte)0x30, (byte)0x23, (byte)0xA0,
(byte)0x03, (byte)0x02, (byte)0x01, (byte)0x00,
(byte)0xA1, (byte)0x1C, (byte)0x30, (byte)0x1A,
(byte)0x1B, (byte)0x06, (byte)0x73, (byte)0x65,
(byte)0x72, (byte)0x76, (byte)0x65, (byte)0x72,
(byte)0x1B, (byte)0x10, (byte)0x68, (byte)0x6F,
(byte)0x73, (byte)0x74, (byte)0x2E, (byte)0x72,
(byte)0x61, (byte)0x62, (byte)0x62, (byte)0x69,
(byte)0x74, (byte)0x2E, (byte)0x68, (byte)0x6F,
(byte)0x6C, (byte)0x65, (byte)0xA3, (byte)0x81,
(byte)0xBF, (byte)0x30, (byte)0x81, (byte)0xBC,
(byte)0xA0, (byte)0x03, (byte)0x02, (byte)0x01,
(byte)0x11, (byte)0xA2, (byte)0x81, (byte)0xB4,
(byte)0x04, (byte)0x81, (byte)0xB1, (byte)0xA7,
(byte)0xE8, (byte)0x58, (byte)0xBA, (byte)0x98,
(byte)0x69, (byte)0x45, (byte)0xB3, (byte)0x68,
(byte)0xBF, (byte)0xFD, (byte)0x25, (byte)0x74,
(byte)0xC4, (byte)0x2E, (byte)0x09, (byte)0x7B,
(byte)0x3C, (byte)0x7F, (byte)0xA5, (byte)0x6C,
(byte)0xC3, (byte)0x86, (byte)0xC9, (byte)0xEE,
(byte)0x58, (byte)0xD3, (byte)0x7C, (byte)0xD6,
(byte)0x19, (byte)0xA1, (byte)0x3B, (byte)0xF7,
(byte)0x17, (byte)0xD6, (byte)0x18, (byte)0xA9,
(byte)0x58, (byte)0x43, (byte)0x55, (byte)0xD6,
(byte)0xBA, (byte)0x85, (byte)0xF7, (byte)0x6B,
(byte)0x20, (byte)0x01, (byte)0xEF, (byte)0xB4,
(byte)0x74, (byte)0x0B, (byte)0x31, (byte)0x07,
(byte)0x55, (byte)0xD8, (byte)0x8C, (byte)0x85,
(byte)0x25, (byte)0x12, (byte)0x66, (byte)0x85,
(byte)0xA8, (byte)0x5A, (byte)0x84, (byte)0xB2,
(byte)0x6C, (byte)0xDE, (byte)0xEE, (byte)0xF9,
(byte)0x15, (byte)0xF2, (byte)0xBC, (byte)0xB0,
(byte)0x43, (byte)0xA5, (byte)0x21, (byte)0x31,
(byte)0xFA, (byte)0x2F, (byte)0x2C, (byte)0x37,
(byte)0x39, (byte)0xD8, (byte)0xAA, (byte)0xE0,
(byte)0x78, (byte)0x08, (byte)0x18, (byte)0xFB,
(byte)0x03, (byte)0x43, (byte)0x22, (byte)0xE6,
(byte)0x2C, (byte)0xF2, (byte)0x98, (byte)0xDC,
(byte)0x2A, (byte)0xDE, (byte)0x8C, (byte)0x95,
(byte)0x0B, (byte)0xB6, (byte)0xE6, (byte)0x0F,
(byte)0xB5, (byte)0x4E, (byte)0xAD, (byte)0xAC,
(byte)0xD1, (byte)0x4C, (byte)0xE8, (byte)0x22,
(byte)0x93, (byte)0x38, (byte)0xA2, (byte)0x44,
(byte)0x0E, (byte)0x83, (byte)0x9E, (byte)0x4D,
(byte)0xC0, (byte)0x1A, (byte)0x02, (byte)0xB2,
(byte)0xB8, (byte)0xCE, (byte)0xDF, (byte)0xB5,
(byte)0xFB, (byte)0xF2, (byte)0x75, (byte)0x5E,
(byte)0x74, (byte)0xC1, (byte)0x90, (byte)0x82,
(byte)0x60, (byte)0x00, (byte)0xA5, (byte)0xC3,
(byte)0xBF, (byte)0x66, (byte)0x97, (byte)0x0E,
(byte)0xF3, (byte)0x9F, (byte)0xB3, (byte)0xD9,
(byte)0x51, (byte)0x51, (byte)0x38, (byte)0xBC,
(byte)0xD9, (byte)0xC1, (byte)0xD0, (byte)0x1E,
(byte)0x90, (byte)0x9B, (byte)0x43, (byte)0xEE,
(byte)0xD9, (byte)0xD6, (byte)0x3E, (byte)0x31,
(byte)0xEA, (byte)0x8E, (byte)0xB1, (byte)0xDC,
(byte)0xDE, (byte)0xFD, (byte)0xA4, (byte)0x77,
(byte)0x6C, (byte)0x4A, (byte)0x81, (byte)0x1F,
(byte)0xA4, (byte)0x82, (byte)0x02, (byte)0xE8,
(byte)0x30, (byte)0x82, (byte)0x02, (byte)0xE4,
(byte)0xA0, (byte)0x03, (byte)0x02, (byte)0x01,
(byte)0x11, (byte)0xA2, (byte)0x82, (byte)0x02,
(byte)0xDB, (byte)0x04, (byte)0x82, (byte)0x02,
(byte)0xD7, (byte)0x81, (byte)0x78, (byte)0x25,
(byte)0x75, (byte)0x92, (byte)0x7A, (byte)0xEC,
(byte)0xBE, (byte)0x31, (byte)0xF1, (byte)0x50,
(byte)0xE7, (byte)0xC1, (byte)0x32, (byte)0xA5,
(byte)0xCB, (byte)0x34, (byte)0x46, (byte)0x95,
(byte)0x2B, (byte)0x84, (byte)0xB7, (byte)0x06,
(byte)0x0E, (byte)0x15, (byte)0x02, (byte)0x74,
(byte)0xCA, (byte)0x18, (byte)0x5D, (byte)0xE8,
(byte)0x0E, (byte)0x1B, (byte)0xB7, (byte)0x77,
(byte)0x5A, (byte)0x6C, (byte)0xFB, (byte)0x94,
(byte)0x82, (byte)0x2B, (byte)0xE6, (byte)0x14,
(byte)0x0C, (byte)0xDA, (byte)0x22, (byte)0xA2,
(byte)0x42, (byte)0xD7, (byte)0xB0, (byte)0xFC,
(byte)0xCA, (byte)0x4A, (byte)0xEA, (byte)0xB8,
(byte)0x92, (byte)0xB5, (byte)0x8C, (byte)0x71,
(byte)0xED, (byte)0x2B, (byte)0x46, (byte)0xC5,
(byte)0xE5, (byte)0x47, (byte)0x76, (byte)0x29,
(byte)0x27, (byte)0x0F, (byte)0xFF, (byte)0x03,
(byte)0x72, (byte)0x13, (byte)0xAA, (byte)0xDB,
(byte)0x4E, (byte)0xFF, (byte)0x48, (byte)0x36,
(byte)0xAB, (byte)0x73, (byte)0xD7, (byte)0xDA,
(byte)0xF1, (byte)0x80, (byte)0x1B, (byte)0x5B,
(byte)0x9A, (byte)0x88, (byte)0x07, (byte)0x47,
(byte)0x43, (byte)0x27, (byte)0xD5, (byte)0x00,
(byte)0x04, (byte)0xEE, (byte)0xAF, (byte)0x53,
(byte)0x5C, (byte)0xCC, (byte)0x2C, (byte)0xC7,
(byte)0x2F, (byte)0x94, (byte)0x12, (byte)0x86,
(byte)0xEF, (byte)0xAC, (byte)0xB1, (byte)0x6C,
(byte)0xB0, (byte)0xB5, (byte)0x3D, (byte)0x92,
(byte)0xBD, (byte)0xBE, (byte)0x7B, (byte)0x1A,
(byte)0x39, (byte)0x4A, (byte)0x1E, (byte)0x91,
(byte)0xA4, (byte)0xDF, (byte)0x82, (byte)0x12,
(byte)0x2E, (byte)0x67, (byte)0x17, (byte)0x92,
(byte)0xB3, (byte)0x93, (byte)0x38, (byte)0x32,
(byte)0x94, (byte)0xF5, (byte)0xF7, (byte)0x09,
(byte)0x07, (byte)0x5E, (byte)0x21, (byte)0x12,
(byte)0x70, (byte)0x37, (byte)0xAF, (byte)0x5A,
(byte)0x2D, (byte)0xAC, (byte)0xFF, (byte)0x22,
(byte)0x46, (byte)0xA0, (byte)0x12, (byte)0x74,
(byte)0x1C, (byte)0xA1, (byte)0x68, (byte)0xC3,
(byte)0x64, (byte)0xDB, (byte)0xC3, (byte)0x9F,
(byte)0xAB, (byte)0x0E, (byte)0x19, (byte)0xFE,
(byte)0xD9, (byte)0xA4, (byte)0xAA, (byte)0x7B,
(byte)0x73, (byte)0xAD, (byte)0xC8, (byte)0xA8,
(byte)0xD5, (byte)0x29, (byte)0xAD, (byte)0x1F,
(byte)0xEF, (byte)0x54, (byte)0xAE, (byte)0x72,
(byte)0x02, (byte)0xD9, (byte)0x06, (byte)0x0D,
(byte)0x1A, (byte)0x94, (byte)0x7B, (byte)0xBC,
(byte)0x32, (byte)0x9A, (byte)0xBC, (byte)0x4B,
(byte)0x33, (byte)0xC2, (byte)0x02, (byte)0xA3,
(byte)0xF4, (byte)0xB1, (byte)0xED, (byte)0x76,
(byte)0x0D, (byte)0x59, (byte)0xCD, (byte)0x56,
(byte)0xCB, (byte)0xDC, (byte)0xCE, (byte)0xED,
(byte)0xFF, (byte)0x25, (byte)0x84, (byte)0x5E,
(byte)0x41, (byte)0xF9, (byte)0x42, (byte)0xBE,
(byte)0x73, (byte)0xAC, (byte)0xA2, (byte)0x20,
(byte)0x97, (byte)0xB7, (byte)0x88, (byte)0x77,
(byte)0x65, (byte)0x43, (byte)0x9F, (byte)0xEE,
(byte)0xF4, (byte)0x3A, (byte)0x7E, (byte)0x9B,
(byte)0x5B, (byte)0x54, (byte)0xD3, (byte)0x0D,
(byte)0x50, (byte)0x6D, (byte)0xF6, (byte)0x14,
(byte)0xB7, (byte)0x5A, (byte)0x34, (byte)0x0F,
(byte)0x1F, (byte)0xC7, (byte)0x39, (byte)0x99,
(byte)0x9B, (byte)0x96, (byte)0xE3, (byte)0xAD,
(byte)0x86, (byte)0xE3, (byte)0x6A, (byte)0x71,
(byte)0x63, (byte)0x04, (byte)0xAD, (byte)0x9C,
(byte)0x17, (byte)0x68, (byte)0x44, (byte)0xFE,
(byte)0x21, (byte)0x62, (byte)0xD5, (byte)0x99,
(byte)0x4A, (byte)0xDF, (byte)0x48, (byte)0xDE,
(byte)0x9A, (byte)0xD4, (byte)0xBB, (byte)0xA1,
(byte)0x9B, (byte)0xE7, (byte)0x2A, (byte)0x08,
(byte)0x80, (byte)0x3A, (byte)0x08, (byte)0xA4,
(byte)0xBA, (byte)0xBE, (byte)0x1E, (byte)0x81,
(byte)0x63, (byte)0x20, (byte)0xAC, (byte)0x9C,
(byte)0x42, (byte)0x2F, (byte)0xCA, (byte)0x06,
(byte)0x95, (byte)0x92, (byte)0x97, (byte)0x09,
(byte)0x3C, (byte)0x0C, (byte)0x5A, (byte)0x99,
(byte)0xFB, (byte)0xAB, (byte)0xEB, (byte)0xDE,
(byte)0xC4, (byte)0x09, (byte)0xD3, (byte)0xA3,
(byte)0xF0, (byte)0x65, (byte)0xDC, (byte)0x5F,
(byte)0xAA, (byte)0xBB, (byte)0x28, (byte)0xC0,
(byte)0x3E, (byte)0xBF, (byte)0x77, (byte)0xAE,
(byte)0xCC, (byte)0x3A, (byte)0xD3, (byte)0x31,
(byte)0x0D, (byte)0x9B, (byte)0x96, (byte)0xEF,
(byte)0x2C, (byte)0xED, (byte)0x60, (byte)0x63,
(byte)0xC5, (byte)0x8F, (byte)0xCA, (byte)0xB0,
(byte)0xA2, (byte)0x0B, (byte)0x49, (byte)0x5A,
(byte)0xB2, (byte)0x8F, (byte)0xEF, (byte)0xE4,
(byte)0x19, (byte)0xC0, (byte)0xC6, (byte)0x2D,
(byte)0xD3, (byte)0x4F, (byte)0xB2, (byte)0xED,
(byte)0xA3, (byte)0xA4, (byte)0x6F, (byte)0xAE,
(byte)0xD4, (byte)0xE9, (byte)0xA2, (byte)0x5A,
(byte)0xFB, (byte)0xB0, (byte)0x14, (byte)0xBD,
(byte)0x06, (byte)0x12, (byte)0xD7, (byte)0x91,
(byte)0x15, (byte)0x46, (byte)0x78, (byte)0xE4,
(byte)0xD1, (byte)0x73, (byte)0xCA, (byte)0xA5,
(byte)0xA5, (byte)0x64, (byte)0xC8, (byte)0x6F,
(byte)0xD1, (byte)0xBD, (byte)0xEA, (byte)0x74,
(byte)0xE4, (byte)0xCA, (byte)0x40, (byte)0x16,
(byte)0x9E, (byte)0x46, (byte)0x7C, (byte)0x25,
(byte)0x6C, (byte)0x32, (byte)0xB4, (byte)0x14,
(byte)0xF9, (byte)0x26, (byte)0x8A, (byte)0x3A,
(byte)0xDD, (byte)0x51, (byte)0x26, (byte)0x79,
(byte)0x43, (byte)0x27, (byte)0x2E, (byte)0xED,
(byte)0xC7, (byte)0x82, (byte)0x7C, (byte)0xCE,
(byte)0x43, (byte)0x03, (byte)0x60, (byte)0x2A,
(byte)0x9C, (byte)0xB2, (byte)0x71, (byte)0x41,
(byte)0xAB, (byte)0x3D, (byte)0xA6, (byte)0xB5,
(byte)0x51, (byte)0xBC, (byte)0x80, (byte)0x1F,
(byte)0x96, (byte)0x73, (byte)0x23, (byte)0x11,
(byte)0xED, (byte)0xC0, (byte)0x1D, (byte)0x0B,
(byte)0xA0, (byte)0x13, (byte)0xB3, (byte)0x2F,
(byte)0x16, (byte)0x59, (byte)0x64, (byte)0x45,
(byte)0xE8, (byte)0x68, (byte)0xFB, (byte)0xF9,
(byte)0x6F, (byte)0xB0, (byte)0x2B, (byte)0xFB,
(byte)0x39, (byte)0xBB, (byte)0x53, (byte)0x8F,
(byte)0xD2, (byte)0xAF, (byte)0x38, (byte)0x5E,
(byte)0xEF, (byte)0x5B, (byte)0xE2, (byte)0x98,
(byte)0xE8, (byte)0x46, (byte)0x3C, (byte)0x03,
(byte)0x71, (byte)0x46, (byte)0x8D, (byte)0x41,
(byte)0x92, (byte)0x32, (byte)0x85, (byte)0x8D,
(byte)0xBA, (byte)0x33, (byte)0x05, (byte)0xB1,
(byte)0xE4, (byte)0x56, (byte)0x3E, (byte)0xF5,
(byte)0x20, (byte)0x35, (byte)0xA6, (byte)0x74,
(byte)0xA2, (byte)0xBE, (byte)0x54, (byte)0x08,
(byte)0xB4, (byte)0xFC, (byte)0x1D, (byte)0x13,
(byte)0x84, (byte)0xBE, (byte)0x1C, (byte)0xC5,
(byte)0x3E, (byte)0x43, (byte)0x14, (byte)0x6F,
(byte)0xC0, (byte)0x3D, (byte)0xF4, (byte)0xDC,
(byte)0x66, (byte)0x4E, (byte)0xF0, (byte)0x3E,
(byte)0xD4, (byte)0xC6, (byte)0xE9, (byte)0x8D,
(byte)0x7D, (byte)0xB9, (byte)0xDC, (byte)0x9F,
(byte)0xBE, (byte)0x54, (byte)0x63, (byte)0x93,
(byte)0x49, (byte)0x2F, (byte)0x6A, (byte)0xC3,
(byte)0x34, (byte)0xC5, (byte)0xF7, (byte)0x76,
(byte)0xE8, (byte)0xD5, (byte)0x5B, (byte)0xD9,
(byte)0x41, (byte)0xCA, (byte)0x74, (byte)0x25,
(byte)0x25, (byte)0x09, (byte)0xF4, (byte)0xD3,
(byte)0x00, (byte)0x9F, (byte)0x7D, (byte)0xFB,
(byte)0x3D, (byte)0xAB, (byte)0x87, (byte)0xF7,
(byte)0xCE, (byte)0x42, (byte)0x0F, (byte)0x60,
(byte)0xEB, (byte)0x03, (byte)0x47, (byte)0x98,
(byte)0x0F, (byte)0xEB, (byte)0xA4, (byte)0x05,
(byte)0xE2, (byte)0x58, (byte)0x8F, (byte)0x44,
(byte)0x09, (byte)0xD3, (byte)0x66, (byte)0x1E,
(byte)0x69, (byte)0x89, (byte)0xB7, (byte)0xEE,
(byte)0x8B, (byte)0xA4, (byte)0x8E, (byte)0x05,
(byte)0x2D, (byte)0x2E, (byte)0xB3, (byte)0x5A,
(byte)0xAE, (byte)0xAB, (byte)0x80, (byte)0xD6,
(byte)0x5C, (byte)0x93, (byte)0x40, (byte)0x91,
(byte)0x53, (byte)0xE6, (byte)0x13, (byte)0xD5,
(byte)0x2F, (byte)0x64, (byte)0xF0, (byte)0x68,
(byte)0xD2, (byte)0x85, (byte)0x94, (byte)0xE5,
(byte)0x2D, (byte)0x73, (byte)0x10, (byte)0x59,
(byte)0x18, (byte)0xCD, (byte)0xED, (byte)0xBC,
(byte)0x05, (byte)0x97, (byte)0xFD, (byte)0xE7,
(byte)0x6F, (byte)0x5D, (byte)0x7C, (byte)0x46,
(byte)0x28, (byte)0x5F, (byte)0xC2, (byte)0xB4,
(byte)0x31, (byte)0xA5, (byte)0x2B, (byte)0x82,
(byte)0xAB, (byte)0x32, (byte)0x49, (byte)0xA5,
(byte)0xCD, (byte)0x91, (byte)0x37, (byte)0x97,
(byte)0xA1, (byte)0x85, (byte)0x8F, (byte)0xBB,
(byte)0x6E, (byte)0x1E, (byte)0x9F, (byte)0xFC,
(byte)0x10, (byte)0x3B, (byte)0x8A, (byte)0xF6,
(byte)0x9A, (byte)0x66, (byte)0xBD, (byte)0x75,
(byte)0x4F, (byte)0x1D, (byte)0xBA, (byte)0x64,
(byte)0x15, (byte)0xDD, (byte)0x9F, (byte)0x00,
(byte)0x6C, (byte)0x2F, (byte)0x87, (byte)0x20,
(byte)0x25, (byte)0xA2, (byte)0x09, (byte)0x9F,
(byte)0x5D, (byte)0x64, (byte)0xC9, (byte)0xA8,
(byte)0x32, (byte)0x59, (byte)0x90, (byte)0x1D,
(byte)0x78, (byte)0xFE, (byte)0x5A, (byte)0xA2,
(byte)0x1F, (byte)0x9B, (byte)0x22, (byte)0xBE,
(byte)0x8F, (byte)0xEA, (byte)0x59, (byte)0x5B,
(byte)0x96, (byte)0xE3, (byte)0x4A, (byte)0xB2,
(byte)0x71, (byte)0x65, (byte)0xB7, (byte)0x3C,
(byte)0xC6, (byte)0x1B, (byte)0xD6, (byte)0x80,
(byte)0x90, (byte)0xD2, (byte)0xF2, (byte)0x6F,
(byte)0xA2, (byte)0x68, (byte)0x53, (byte)0xC0,
(byte)0x44, (byte)0xAF, (byte)0xD4, (byte)0x68,
(byte)0x12, (byte)0xFF, (byte)0xB4, (byte)0x36,
(byte)0x34, (byte)0x43, (byte)0xAC, (byte)0x1C,
};
}