From dd07940e6ae74b77d1cf5d42a94054da423f58e5 Mon Sep 17 00:00:00 2001 From: Leon Poyyayil Date: Sat, 25 Oct 2025 08:02:34 +0200 Subject: [PATCH] imported scripts from intellicastle project and adapted to bordercastle --- .gitignore | 12 +- bin/bordercastle-compile.sh | 46 ++++ bin/bordercastle-javadoc.sh | 95 +++++++ bin/bordercastle-obfuscate.sh | 55 ++++ bin/bordercastle-post-build-cleanup.sh | 36 +++ bin/bordercastle-repack.sh | 56 +++++ bin/bordercastle-sign.sh | 104 ++++++++ bin/bouncycastle-to-bordercastle.sh | 80 ++++++ bin/bouncycastle-to-maven-layout.sh | 74 ++++++ bordercastle.conf | 45 ++++ bordercastle.sh | 143 ++++++++++- bordercastle/MANIFEST.MF | 9 + bordercastle/Version.java | 48 ++++ bordercastle/proguard-base.conf | 92 +++++++ bordercastle/proguard-jce.conf | 100 ++++++++ bordercastle/proguard-tls.conf | 26 ++ bouncycastle/.gitignore | 1 + bouncycastle/crypto-1.81.patch | 331 +++++++++++++++++++++++++ maven/pom/boca-light.xml | 18 ++ maven/pom/boca-mail.xml | 36 +++ maven/pom/boca-mls.xml | 74 ++++++ maven/pom/boca-parent.xml | 116 +++++++++ maven/pom/boca-pg.xml | 30 +++ maven/pom/boca-pkix.xml | 30 +++ maven/pom/boca-prov.xml | 24 ++ maven/pom/boca-tls.xml | 30 +++ maven/pom/boca-util.xml | 31 +++ maven/user.home/.m2/.gitignore | 1 + maven/user.home/.m2/settings.xml.tpl | 3 + 29 files changed, 1744 insertions(+), 2 deletions(-) create mode 100755 bin/bordercastle-compile.sh create mode 100755 bin/bordercastle-javadoc.sh create mode 100755 bin/bordercastle-obfuscate.sh create mode 100755 bin/bordercastle-post-build-cleanup.sh create mode 100755 bin/bordercastle-repack.sh create mode 100755 bin/bordercastle-sign.sh create mode 100755 bin/bouncycastle-to-bordercastle.sh create mode 100755 bin/bouncycastle-to-maven-layout.sh create mode 100644 bordercastle.conf create mode 100644 bordercastle/MANIFEST.MF create mode 100644 bordercastle/Version.java create mode 100644 bordercastle/proguard-base.conf create mode 100644 bordercastle/proguard-jce.conf create mode 100644 bordercastle/proguard-tls.conf create mode 100644 bouncycastle/.gitignore create mode 100644 bouncycastle/crypto-1.81.patch create mode 100644 maven/pom/boca-light.xml create mode 100644 maven/pom/boca-mail.xml create mode 100644 maven/pom/boca-mls.xml create mode 100644 maven/pom/boca-parent.xml create mode 100644 maven/pom/boca-pg.xml create mode 100644 maven/pom/boca-pkix.xml create mode 100644 maven/pom/boca-prov.xml create mode 100644 maven/pom/boca-tls.xml create mode 100644 maven/pom/boca-util.xml create mode 100644 maven/user.home/.m2/.gitignore create mode 100644 maven/user.home/.m2/settings.xml.tpl diff --git a/.gitignore b/.gitignore index 78cacc4..ecb7190 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,12 @@ +/boca-light/ +/boca-mail/ +/boca-pg/ +/boca-pkix/ +/boca-prov/ +/boca-tls/ +/boca-util/ +/crypto/ +/libs/* +/log/* /private/* - +pom.xml diff --git a/bin/bordercastle-compile.sh b/bin/bordercastle-compile.sh new file mode 100755 index 0000000..515a26b --- /dev/null +++ b/bin/bordercastle-compile.sh @@ -0,0 +1,46 @@ +#!/bin/bash +## -- FILE ------------------------------------------------------------------ +## name : bordercastle-compile.sh +## project : BoarderZone: BorderCastle +## created : Leon Poyyayil - 2013-07-14 +## language : Linux shell script +## environment: GNU bash +## copyright : (c) 1990-2025 by Leon Poyyayil (private), Switzerland +## license : Bouncy Castle License. see LICENSE +## -------------------------------------------------------------------------- + +SCRIPT_DIR="$( cd -P "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +MAIN_DIR=$(readlink -f $( dirname "$SCRIPT_DIR") ) +pushd $MAIN_DIR > /dev/null +. bordercastle.conf + +MAVEN_CONFIG=$USER_HOME/.m2/settings.xml + +MAVEN_REPO_SED_ARG=$(echo "$MAVEN_REPO" | sed "s,/,\\\\/,g") +if [ ! -f "$MAVEN_CONFIG" ]; then + sed "s,\${maven.repo},$MAVEN_REPO_SED_ARG,g" "${MAVEN_CONFIG}.tpl" > "$MAVEN_CONFIG" +fi + +if [ ! -d $DIST_DIR ]; then + mkdir $DIST_DIR +else + rm -rf $DIST_DIR/* +fi + +mvn --settings $MAVEN_CONFIG clean install | tee $DIST_DIR/build-maven.log + +BUILD_DIR_SED_ARG=$(pwd | sed "s,/,\\\\/,g") +sed "s,$MAVEN_REPO_SED_ARG,\$REPO,g" $DIST_DIR/build-maven.log > $DIST_DIR/build-maven.log.tmp +sed "s,$BUILD_DIR_SED_ARG,.,g" $DIST_DIR/build-maven.log.tmp > $DIST_DIR/build-maven.log +rm -f $DIST_DIR/build-maven.log.tmp + +TARGETS=$(ls) +for TARGET in $TARGETS +do + if [[ -d $TARGET && -d $TARGET/target ]]; then + cp $TARGET/target/*.jar $DIST_DIR + fi +done + +popd > /dev/null +## -- EOF ------------------------------------------------------------------- diff --git a/bin/bordercastle-javadoc.sh b/bin/bordercastle-javadoc.sh new file mode 100755 index 0000000..b61da01 --- /dev/null +++ b/bin/bordercastle-javadoc.sh @@ -0,0 +1,95 @@ +#!/bin/bash +## -- FILE ------------------------------------------------------------------ +## name : bordercastle-javadoc.sh +## project : BoarderZone: BorderCastle +## created : Leon Poyyayil - 2020-05-01 +## language : Linux shell script +## environment: GNU bash +## copyright : (c) 1990-2025 by Leon Poyyayil (private), Switzerland +## license : Bouncy Castle License. see LICENSE +## -------------------------------------------------------------------------- + +SCRIPT_DIR="$( cd -P "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +MAIN_DIR=$(readlink -f $( dirname "$SCRIPT_DIR") ) +pushd $MAIN_DIR > /dev/null +. bordercastle.conf + +pushd $DIST_DIR > /dev/null + +echo "- collecting source code" +mkdir -p tmp/src +cd tmp/src +for TARGET in light mail pg pkix prov tls util +do + echo " - boca-$TARGET" + cp -r ../../../boca-$TARGET/src/main/java/* . + cp -r ../../../boca-$TARGET/src/main/javadoc/* . +done + +echo "- removing unused/unneeded classes" +rm -rf org/bordercastle/cert/dane/fetcher +rm -rf org/bordercastle/crypto/examples +rm -rf org/bordercastle/mail/smime/examples +rm -rf org/bordercastle/openpgp/examples +rm org/bordercastle/jce/provider/X509LDAPCertStoreSpi.java +rm org/bordercastle/jce/provider/X509StoreLDAP*.java +rm -rf org/bordercastle/util/test +rm org/bordercastle/x509/util/LDAPStoreHelper.java +cd .. + +# avoid javadoc warning: Multiple sources of package comments found for package "org.bordercastle.xxx" +echo "- removing duplicate package info sources" +for PKG_INFO in $(find src -name package-info.java) +do + PKG_DIR=$(dirname $PKG_INFO) + PKG_HTML="$PKG_DIR/package.html" + if [[ -f "$PKG_HTML" ]]; then + rm "$PKG_HTML" + fi +done + +echo "- preparing classpath" +CLASSPATH=$JAVA_CLASSPATH + +echo "- preparing output directory" +mkdir api + +echo "- preparing javadoc options" +TITLE="BorderCastle $BC_VER" +echo "-sourcepath src" > opts.txt +echo "-d api" >> opts.txt +echo "-classpath $CLASSPATH" >> opts.txt +echo "-protected" >> opts.txt +echo "-splitindex" >> opts.txt +echo "-nosince" >> opts.txt +echo "-notimestamp" >> opts.txt +echo "-notree" >> opts.txt +echo "-nohelp" >> opts.txt +echo "-nodeprecatedlist" >> opts.txt +echo "-encoding UTF8" >> opts.txt +echo "-quiet" >> opts.txt +echo "-Xdoclint:-missing" >> opts.txt +echo "-Xdoclint:-html" >> opts.txt +echo "-windowtitle '$TITLE'" >> opts.txt +echo "-header '$TITLE'" >> opts.txt +echo "-footer '$TITLE'" >> opts.txt + +echo "- listing source code to document" +find src -name *.java >> opts.txt + +echo "- generating javadoc" +javadoc @opts.txt + +echo "- packing javadoc" +cd api +jar cfM ../../bordercastle-jce-javadoc.zip * +cd .. + +echo "- cleaning up" +cd .. +rm -rf tmp + +popd > /dev/null + +popd > /dev/null +## -- EOF ------------------------------------------------------------------- diff --git a/bin/bordercastle-obfuscate.sh b/bin/bordercastle-obfuscate.sh new file mode 100755 index 0000000..9a1a28f --- /dev/null +++ b/bin/bordercastle-obfuscate.sh @@ -0,0 +1,55 @@ +#!/bin/bash +## -- FILE ------------------------------------------------------------------ +## name : bordercastle-obfuscate.sh +## project : BoarderZone: BorderCastle +## created : Leon Poyyayil - 2013-07-15 +## language : Linux shell script +## environment: GNU bash +## copyright : (c) 1990-2025 by Leon Poyyayil (private), Switzerland +## license : Bouncy Castle License. see LICENSE +## -------------------------------------------------------------------------- + +SCRIPT_DIR="$( cd -P "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +MAIN_DIR=$(readlink -f $( dirname "$SCRIPT_DIR") ) +pushd $MAIN_DIR > /dev/null +. bordercastle.conf + +LIBRARY_JARS=$JAVA_RUNTIME:$JAVAX_MAIL_JAR + +pushd $DIST_DIR > /dev/null + +PROGUARD_OPTS= +PROGUARD_OPTS="$PROGUARD_OPTS -verbose" +PROGUARD_OPTS="$PROGUARD_OPTS -include ../bordercastle/proguard-base.conf" +PROGUARD_OPTS="$PROGUARD_OPTS -libraryjars $LIBRARY_JARS" +PROGUARD_OPTS="$PROGUARD_OPTS " + +obfuscate() { + SUFFIX=$1 + LIB_JAR=$2 + OPTS="$PROGUARD_OPTS" + OPTS="$OPTS -include ../bordercastle/proguard-${SUFFIX}.conf" + OPTS="$OPTS -injars bordercastle-${SUFFIX}.jar" + OPTS="$OPTS -outjars bordercastle-${SUFFIX}-obfuscated.jar" + if [[ -n "$LIB_JAR" ]]; then + OPTS="$OPTS -libraryjars $LIB_JAR" + fi + echo "- obfuscating $SUFFIX" + java -jar $PROGUARD_JAR $OPTS + PROGUARD_EXIT_CODE=$? + if [[ "$PROGUARD_EXIT_CODE" != "0" ]]; then + echo "proguard failed with exit code: $PROGUARD_EXIT_CODE" + exit $PROGUARD_EXIT_CODE + fi + echo "- packing $SUFFIX" + cp bordercastle-${SUFFIX}-obfuscated.jar bordercastle-${SUFFIX}-obfuscated-packed.jar + pack200 -G -r bordercastle-${SUFFIX}-obfuscated-packed.jar +} + +obfuscate jce +obfuscate tls bordercastle-jce.jar + +popd > /dev/null + +popd > /dev/null +## -- EOF ------------------------------------------------------------------- diff --git a/bin/bordercastle-post-build-cleanup.sh b/bin/bordercastle-post-build-cleanup.sh new file mode 100755 index 0000000..52b0eaa --- /dev/null +++ b/bin/bordercastle-post-build-cleanup.sh @@ -0,0 +1,36 @@ +#!/bin/bash +## -- FILE ------------------------------------------------------------------ +## name : bordercastle-post-build-cleanup.sh +## project : BoarderZone: BorderCastle +## created : Leon Poyyayil - 2014-08-09 +## language : Linux shell script +## environment: GNU bash +## copyright : (c) 1990-2025 by Leon Poyyayil (private), Switzerland +## license : Bouncy Castle License. see LICENSE +## -------------------------------------------------------------------------- + +# this script simply removes all stuff that has been created during a full build + +SCRIPT_DIR="$( cd -P "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +MAIN_DIR=$(readlink -f $( dirname "$SCRIPT_DIR") ) +pushd $MAIN_DIR > /dev/null +. bordercastle.conf + +for TARGET in light mail pg pkix prov tls util +do + echo "- boca-$TARGET ..." + rm -rf boca-$TARGET/src/ boca-$TARGET/target/ boca-$TARGET/pom.xml + if [ "$TARGET" == "test" ]; then + # remove generated test output files ... + rm -f boca-$TARGET/* + fi + rmdir boca-$TARGET +done + +rm -rf private/patch/bouncycastle/* +rm -rf private/patch/bordercastle/* + +rm pom.xml + +popd >/dev/null +## -- EOF ------------------------------------------------------------------- diff --git a/bin/bordercastle-repack.sh b/bin/bordercastle-repack.sh new file mode 100755 index 0000000..991f587 --- /dev/null +++ b/bin/bordercastle-repack.sh @@ -0,0 +1,56 @@ +#!/bin/bash +## -- FILE ------------------------------------------------------------------ +## name : bordercastle-repack.sh +## project : BoarderZone: BorderCastle +## created : Leon Poyyayil - 2013-07-15 +## language : Linux shell script +## environment: GNU bash +## copyright : (c) 1990-2025 by Leon Poyyayil (private), Switzerland +## license : Bouncy Castle License. see LICENSE +## -------------------------------------------------------------------------- + +SCRIPT_DIR="$( cd -P "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +MAIN_DIR=$(readlink -f $( dirname "$SCRIPT_DIR") ) +pushd $MAIN_DIR > /dev/null +. bordercastle.conf + +pushd $DIST_DIR > /dev/null + +# now re-pack the provider into a single jar for more convenient usage: +cd $DIST_DIR +mkdir tmp +cd tmp +unzip -q ../boca-light-*.jar +rm -rf META-INF/* +unzip -q ../boca-mail-*.jar +rm -rf META-INF/* +unzip -q ../boca-prov-*.jar +rm -rf META-INF/* +unzip -q ../boca-pkix-*.jar +rm -rf META-INF/* +unzip -q ../boca-util-*.jar +rm -rf META-INF/* + +# remove classes which we don't use +rm -rf org/bordercastle/cert/dane/fetcher +rm -rf org/bordercastle/crypto/examples +rm -rf org/bordercastle/jce/examples +rm org/bordercastle/jce/provider/X509LDAPCertStoreSpi.class +rm org/bordercastle/jce/provider/X509StoreLDAP*.class +rm -rf org/bordercastle/util/test +rm -rf org/bordercastle/x509/examples +rm org/bordercastle/x509/util/LDAPStoreHelper.class +cd .. +cd tmp + +sed "s/-Version: \$.*\.version./-Version: $BC_VER/g" $MAIN_DIR/bordercastle/MANIFEST.MF > META-INF/MANIFEST.MF +jar -cMf ../bordercastle-jce.jar * +cd .. +rm -rf tmp + +cp boca-tls-*.jar bordercastle-tls.jar + +popd > /dev/null + +popd > /dev/null +## -- EOF ------------------------------------------------------------------- diff --git a/bin/bordercastle-sign.sh b/bin/bordercastle-sign.sh new file mode 100755 index 0000000..1d479f3 --- /dev/null +++ b/bin/bordercastle-sign.sh @@ -0,0 +1,104 @@ +#!/bin/bash +## -- FILE ------------------------------------------------------------------ +## name : bordercastle-sign.sh +## project : BoarderZone: BorderCastle +## created : Leon Poyyayil - 2013-07-15 +## language : Linux shell script +## environment: GNU bash +## copyright : (c) 1990-2025 by Leon Poyyayil (private), Switzerland +## license : Bouncy Castle License. see LICENSE +## -------------------------------------------------------------------------- + +SCRIPT_DIR="$( cd -P "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +MAIN_DIR=$(readlink -f $( dirname "$SCRIPT_DIR") ) +pushd $MAIN_DIR > /dev/null +. bordercastle.conf + +check_env() { + VAR_NAME=$1 + VAR_VALUE=$2 + IS_FILE=$3 + if [[ -z "$VAR_NAME" ]]; then + echo "undefined env var: $VAR_NAME" + exit -1 + fi + if [[ -z "$VAR_VALUE" ]]; then + echo "empty env var: $VAR_NAME" + exit -1 + fi + if [[ "$IS_FILE" == "true" ]]; then + if [[ ! -f "$VAR_VALUE" ]]; then + echo "missing file: $VAR_NAME: $VAR_VALUE" + exit -1 + fi + fi +} + +load_config() { + CFG=$1 + if [[ ! -f "$CFG" ]]; then + echo "missing signing config: $CFG" + exit -1 + fi + . "$CFG" + check_env JARSIGNER_STORE_FILE "$JARSIGNER_STORE_FILE" true + check_env JARSIGNER_STORE_PASS "$JARSIGNER_STORE_PASS" false + check_env JARSIGNER_KEY_NAME "$JARSIGNER_KEY_NAME" false + check_env JARSIGNER_KEY_PASS "$JARSIGNER_KEY_PASS" false + check_env JARSIGNER_TSA_URL "$JARSIGNER_TSA_URL" false +} + +sign_jar() { + JAR_BASE=$1 + OUT_BASE=$2 + if [[ "$OUT_BASE" == "" ]]; then + OUT_BASE=$JAR_BASE + fi + RAW_JAR=${JAR_BASE}.jar + SIGNED=signed/${OUT_BASE}.jar + echo "- $RAW_JAR => $SIGNED" + BASE_OPTS= + BASE_OPTS="$BASE_OPTS -keystore $JARSIGNER_STORE_FILE" + BASE_OPTS="$BASE_OPTS -storepass:env JARSIGNER_STORE_PASS" + SIGN_OPTS="$BASE_OPTS" + SIGN_OPTS="$SIGN_OPTS -keypass:env JARSIGNER_KEY_PASS" + SIGN_OPTS="$SIGN_OPTS -tsa $JARSIGNER_TSA_URL" + SIGN_OPTS="$SIGN_OPTS -strict" + SIGN_OPTS="$SIGN_OPTS -sigfile BOCASIGN" + SIGN_OPTS="$SIGN_OPTS -digestalg SHA-384" + jarsigner $SIGN_OPTS -signedjar "$SIGNED" "$RAW_JAR" "$JARSIGNER_KEY_NAME" + RET_VAL=$? + if [[ "$RET_VAL" != "0" ]]; then + echo "failed to sign: jarsigner returned $RET_VAL" + exit $RET_VAL + fi + VERIFY_OPTS="$BASE_OPTS" + #VERIFY_OPTS="$VERIFY_OPTS -verbose" + jarsigner $VERIFY_OPTS -verify "$SIGNED" + RET_VAL=$? + if [[ "$RET_VAL" != "0" ]]; then + echo "failed to verify: jarsigner returned $RET_VAL" + exit $RET_VAL + fi +} + +load_config private/sign.conf + +pushd $DIST_DIR > /dev/null + +mkdir -p signed + +sign_jar boca-light-$BC_VER +sign_jar boca-mail-$BC_VER +sign_jar boca-pg-$BC_VER +sign_jar boca-pkix-$BC_VER +sign_jar boca-prov-$BC_VER +sign_jar boca-tls-$BC_VER +sign_jar boca-util-$BC_VER +sign_jar bordercastle-jce-obfuscated-packed bordercastle-jce-$BC_VER +sign_jar bordercastle-tls-obfuscated-packed bordercastle-tls-$BC_VER + +popd > /dev/null + +popd > /dev/null +## -- EOF ------------------------------------------------------------------- diff --git a/bin/bouncycastle-to-bordercastle.sh b/bin/bouncycastle-to-bordercastle.sh new file mode 100755 index 0000000..29d6f8a --- /dev/null +++ b/bin/bouncycastle-to-bordercastle.sh @@ -0,0 +1,80 @@ +#!/bin/bash +## -- FILE ------------------------------------------------------------------ +## name : bouncycastle-to-bordercastle.sh +## project : BoarderZone: BorderCastle +## created : Leon Poyyayil - 2013-08-01 +## language : Linux shell script +## environment: GNU bash +## copyright : (c) 1990-2025 by Leon Poyyayil (private), Switzerland +## license : Bouncy Castle License. see LICENSE +## -------------------------------------------------------------------------- + +# this script is based on the become-spongy.sh script from spongycastle +# but cleaned up and enhanced to support later versions than 1.47 and to +# properly function with filenames that contain spaces. + +SCRIPT_DIR="$( cd -P "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +MAIN_DIR=$(readlink -f $( dirname "$SCRIPT_DIR") ) +pushd $MAIN_DIR > /dev/null +. bordercastle.conf + +# Package rename org.bouncycastle to org.bordercastle + +# 1) rename directories: +echo "- renaming directories ..." +find bc* -name bouncycastle | xargs rename s/bouncycastle/bordercastle/ + +# 2) replace package and import statements: +echo "- replacing package names and imports ..." +find bc* -type f -print0 | while read -d '' -r FILENAME +do + TMPFILENAME=$FILENAME.sed.tmp + sed s/bouncycastle/bordercastle/g "$FILENAME" > "$TMPFILENAME" + # keep the web address pointing to the original: + sed s/www.bordercastle.org/www.bouncycastle.org/g "$TMPFILENAME" > "$FILENAME" + rm -f "$TMPFILENAME" +done + +# BC to BoCa (resp. BCPQC to BoCaPQC) for provider name +echo "- renaming provider ..." +find bc* -type f -print0 | while read -d '' -r FILENAME +do + TMPFILENAME1=$FILENAME.sed1.tmp + TMPFILENAME2=$FILENAME.sed2.tmp + sed s/\"BC\"/\"BoCa\"/g "$FILENAME" > "$TMPFILENAME1" + sed s/\"BCPQC\"/\"BoCaPQC\"/g "$TMPFILENAME1" > "$TMPFILENAME2" + sed s/\"BCJSSE\"/\"BoCaJSSE\"/g "$TMPFILENAME2" > "$FILENAME" + rm -f "$TMPFILENAME1" "$TMPFILENAME2" +done + +# Rename 'bc-' artifacts to 'boca-' +echo "- renaming artifacts ..." +rename s/^bc/boca/ * + +echo "- adding version info class ..." +sed s/\"\$\{bordercastle.version\}\"/\"$BC_VER\"/g "bordercastle/Version.java" > "boca-light/src/main/java/org/bordercastle/Version.java" + +# add the maven pom files +echo "- generating maven pom files ..." +cp maven/pom/boca-parent.xml pom.xml +for TARGET in light mail pg pkix prov tls util +do + cp maven/pom/boca-$TARGET.xml boca-$TARGET/pom.xml + mkdir -p boca-$TARGET/src/main/java + mkdir -p boca-$TARGET/src/main/resources + mkdir -p boca-$TARGET/src/test/java + mkdir -p boca-$TARGET/src/test/resources +done + +# fill in the version +echo "- expanding version in maven pom files ..." +find -type f -name 'pom.xml' | while read -r FILENAME +do + TMPFILENAME=$FILENAME.sed.tmp + sed s/\>\$\{bordercastle.version\}\$BC_VER\ "$TMPFILENAME" + cat "$TMPFILENAME" > "$FILENAME" + rm -f "$TMPFILENAME" +done + +popd >/dev/null +## -- EOF ------------------------------------------------------------------- diff --git a/bin/bouncycastle-to-maven-layout.sh b/bin/bouncycastle-to-maven-layout.sh new file mode 100755 index 0000000..74e1d3e --- /dev/null +++ b/bin/bouncycastle-to-maven-layout.sh @@ -0,0 +1,74 @@ +#!/bin/bash +## -- FILE ------------------------------------------------------------------ +## name : bouncycastle-to-maven-layout.sh +## project : BoarderZone: BorderCastle +## created : Leon Poyyayil - 2013-08-01 +## language : Linux shell script +## environment: GNU bash +## copyright : (c) 1990-2025 by Leon Poyyayil (private), Switzerland +## license : Bouncy Castle License. see LICENSE +## -------------------------------------------------------------------------- + +# this script is based on the use-maven-layout.sh script from spongycastle +# but cleaned up and enhanced to support later versions than 1.47 and to +# properly function with filenames that contain spaces. + +SCRIPT_DIR="$( cd -P "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +MAIN_DIR=$(readlink -f $( dirname "$SCRIPT_DIR") ) +pushd $MAIN_DIR > /dev/null +. bordercastle.conf + +function move_file { + # echo Moving $1 to $2 + mkdir -p `dirname "$2"` + mv "$1" "$2" +} + +function move_files { + if [ -d "$1" ]; then + echo " $1/**/*.* => $2" + find "$1" -type f -print0 | while read -d '' -r FILENAME + do + NEWFILENAME=`echo "$FILENAME" | sed -e "s,$1,$2,"` + move_file "$FILENAME" "$NEWFILENAME" + done + fi +} + +echo "- java source files ..." +move_files crypto/mail/src/main/java bc-mail/src/main/java +move_files crypto/pg/src/main/java bc-pg/src/main/java +move_files crypto/pkix/src/main/java bc-pkix/src/main/java +move_files crypto/prov/src/main/java bc-prov/src/main/java +move_files crypto/core/src/main/java bc-light/src/main/java +#move_files crypto/mls/src/main/java bc-mls/src/main/java +move_files crypto/tls/src/main/java bc-tls/src/main/java +move_files crypto/tls/src/main/jdk1.5 bc-tls/src/main/java +move_files crypto/util/src/main/java bc-util/src/main/java + +echo "- javadoc resource files ..." +move_files crypto/mail/src/main/javadoc bc-mail/src/main/javadoc +move_files crypto/pg/src/main/javadoc bc-pg/src/main/javadoc +move_files crypto/pkix/src/main/javadoc bc-pkix/src/main/javadoc +move_files crypto/prov/src/main/javadoc bc-prov/src/main/javadoc +move_files crypto/core/src/main/javadoc bc-light/src/main/javadoc +#move_files crypto/mls/src/main/javadoc bc-mls/src/main/javadoc +move_files crypto/tls/src/main/javadoc bc-tls/src/main/javadoc +move_files crypto/util/src/main/javadoc bc-util/src/main/javadoc + +echo "- resource files ..." +move_files crypto/mail/src/main/resources bc-mail/src/main/resources +move_files crypto/pkix/src/main/resources bc-pkix/src/main/resources +move_files crypto/prov/src/main/resources bc-prov/src/main/resources + +echo "- documentation" +mkdir -p doc +mv crypto/*.html doc +mv crypto/docs/releasenotes.html doc +mv crypto/docs/specifications.html doc + +echo "- cleanup" +rm -rf crypto + +popd >/dev/null +## -- EOF ------------------------------------------------------------------- diff --git a/bordercastle.conf b/bordercastle.conf new file mode 100644 index 0000000..9f4c6cd --- /dev/null +++ b/bordercastle.conf @@ -0,0 +1,45 @@ + +VERSION_MAJOR=1 +VERSION_MINOR=81 +BC_VER=${VERSION_MAJOR}.${VERSION_MINOR} + +FORCED=false +VERBOSE=true +INFO=true + +JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64 +M2_HOME=/data/dev/tool/maven/3.0.5 +MAVEN_REPO=/data/dev/tool/maven/repo +USER_HOME=$MAIN_DIR/maven/user.home +PROGUARD_JAR=/data/java/libs/ProGuard/7.7.0/lib/proguard.jar +PATH=$JAVA_HOME/bin:$M2_HOME/bin:$PATH + +export JAVA_HOME M2_HOME USER_HOME HOME PATH + +DIST_DIR=$MAIN_DIR/libs + +JAVA_RUNTIME=$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/jre/lib/jce.jar + +JAVAX_ACTIVATION_JAR=$MAVEN_REPO/javax/activation/activation/1.1/activation-1.1.jar +JAVAX_MAIL_JAR=$MAVEN_REPO/javax/mail/mail/1.4.5/mail-1.4.5.jar +if [[ ! -f $JAVAX_ACTIVATION_JAR ]]; then + echo "missing JAVAX_ACTIVATION_JAR: $JAVAX_ACTIVATION_JAR" + exit -1 +fi +if [[ ! -f $JAVAX_MAIL_JAR ]]; then + echo "missing JAVAX_MAIL_JAR: $JAVAX_MAIL_JAR" + exit -1 +fi +JAVA_CLASSPATH=$JAVAX_ACTIVATION_JAR:$JAVAX_MAIL_JAR + +verbose() { + if [[ "$VERBOSE" == "true" ]]; then + echo "$@" + fi +} + +info() { + if [[ "$VERBOSE" == "true" || "$INFO" == "true" ]]; then + echo "$@" + fi +} diff --git a/bordercastle.sh b/bordercastle.sh index ba7f2f3..90212ff 100755 --- a/bordercastle.sh +++ b/bordercastle.sh @@ -1,3 +1,144 @@ #!/bin/bash -echo "building BorderCastle JCE provider ..." +## -- FILE ------------------------------------------------------------------ +## name : bordercastle.sh +## project : BoarderZone: BorderCastle +## created : Leon Poyyayil - 2013-08-01 +## language : Linux shell script +## environment: GNU bash +## copyright : (c) 1990-2025 by Leon Poyyayil (private), Switzerland +## license : Bouncy Castle License. see LICENSE +## -------------------------------------------------------------------------- +# this script builds the Bouncy Castle JCE provider from scratch with changed +# package names to allow for independency of other Bouncy/Spongy Castle users. + +SCRIPT_DIR="$( cd -P "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +MAIN_DIR=$(readlink -f "$SCRIPT_DIR") +pushd $MAIN_DIR >/dev/null +. bordercastle.conf + +BC_PKG="r${VERSION_MAJOR}rv${VERSION_MINOR}" +BC_DIR="bc-java-${BC_PKG}" +BC_URL="https://github.com/bcgit/bc-java/archive/refs/tags/${BC_PKG}.zip" +BC_ZIP=bouncycastle/crypto-${BC_VER}.zip +PATCH=bouncycastle/crypto-$BC_VER.patch + +DELIMITER=$'\n==========\n' + +if [[ "$FORCED" == "true" ]]; then + verbose "cleaning up old stuff ..." + rm -rf bc* boca* crypto crypto-$BC_VER log/*.done + rm -rf private/patch/bouncycastle/* + rm -rf private/patch/bordercastle/* +fi + +if [ -f "$BC_ZIP" ]; then + verbose "BouncyCastle v. $BC_VER already downloaded" +else + info "downloading BouncyCastle v. $BC_VER ..." + wget -O "$BC_ZIP" "$BC_URL" -nv -o log/bouncycastle-download.log +fi + +if [[ ! -d crypto && ! -d bc-light && ! -d boca-light ]]; then + info "extracting original BouncyCastle v. $BC_VER sources ..." + unzip -o -b $BC_ZIP 2>&1 > log/crypto-$BC_VER.zip.log + mv $BC_DIR crypto + chmod -R u+w crypto/* + rm -f log/*.done +else + verbose "BouncyCastle already unpacked" +fi + +if [[ -d crypto && ! -d bc-light && ! -d boca-light ]]; then + info "${DELIMITER}converting original BouncyCastle source tree to maven layout ..." + bin/bouncycastle-to-maven-layout.sh 2>&1 | tee log/bouncycastle-to-maven-layout.sh.log + rm -f log/*.done +else + verbose "BouncyCastle already converted to maven layout" +fi + +if [[ -d bc-light && ! -d boca-light ]]; then + info "${DELIMITER}converting BouncyCastle source tree to BorderCastle packages ..." + bin/bouncycastle-to-bordercastle.sh 2>&1 | tee log/bouncycastle-to-bordercastle.sh.log + rm -f log/*.done +else + verbose "BouncyCastle already converted to BorderCastle" +fi + +if [[ ! -d private/patch/bouncycastle/boca-light ]]; then + info "${DELIMITER}preparing patch creation ..." + mkdir -p private/patch/bouncycastle + cp -a boca-* private/patch/bouncycastle/ +else + verbose "BorderCastle patch already prepared" +fi + +if [[ -f "$PATCH" && ! -f log/crypto-$BC_VER.patch.done ]]; then + info "${DELIMITER}applying BorderCastle source code patch ..." + patch -p1 < "$PATCH" 2>&1 | tee log/crypto-$BC_VER.patch.log + touch log/crypto-$BC_VER.patch.done +else + verbose "BorderCastle already patched" +fi + +if [[ ! -d private/patch/bordercastle/boca-light ]]; then + info "${DELIMITER}updating patch ..." + mkdir -p private/patch/bordercastle + cp -a boca-* private/patch/bordercastle/ + pushd private/patch >/dev/null + diff -rupN bouncycastle bordercastle > ../../bouncycastle/crypto-${BC_VER}-new.patch + popd >/dev/null + info "=> examine new patch: bouncycastle/crypto-${BC_VER}-new.patch" +else + verbose "BorderCastle patch already updated" +fi + +if [[ ! -f log/bordercastle-compile.done ]]; then + info "${DELIMITER}compiling BorderCastle source code with maven ..." + LOGFILE=log/bordercastle-compile.sh.log + bin/bordercastle-compile.sh 2>&1 | tee "$LOGFILE" + SEARCH_QUERY="\[INFO\] BUILD FAILURE" + if grep -q "$SEARCH_QUERY" "$LOGFILE"; then + echo "${DELIMITER}maven build failed, aborting" + exit -1 + fi + touch log/bordercastle-compile.done +else + verbose "BorderCastle already compiled" +fi + +if [[ ! -f libs/bordercastle-jce-javadoc.zip ]]; then + info "${DELIMITER}generating BorderCastle javadoc ..." + bin/bordercastle-javadoc.sh 2>&1 | tee log/bordercastle-javadoc.sh.log +else + verbose "BorderCastle javadoc already generated" +fi + +if [[ ! -f libs/bordercastle-jce.jar ]]; then + info "${DELIMITER}re-packing BorderCastle JCE provider .jar ..." + bin/bordercastle-repack.sh 2>&1 | tee log/bordercastle-repack.sh.log +else + verbose "BorderCastle JCE provider already re-packed" +fi + +if [[ ! -f libs/bordercastle-jce-obfuscated.jar ]]; then + info "${DELIMITER}obfuscating BorderCastle JCE provider .jar ..." + bin/bordercastle-obfuscate.sh 2>&1 | tee log/bordercastle-obfuscate.sh.log +else + verbose "BorderCastle JCE provider already obfuscated" +fi + +if [[ ! -f libs/signed/bordercastle-jce-$BC_VER.jar ]]; then + info "${DELIMITER}signing BorderCastle libraries .jar ..." + bin/bordercastle-sign.sh 2>&1 | tee log/bordercastle-sign.sh.log +else + verbose "BorderCastle libraries already signed" +fi + +if [[ "$FORCED" == "true" ]]; then + info "${DELIMITER}cleaning intermediate build files ..." + bin/bordercastle-post-build-cleanup.sh 2>&1 | tee log/bordercastle-post-build-cleanup.sh.log +fi + +popd >/dev/null +## -- EOF ------------------------------------------------------------------- diff --git a/bordercastle/MANIFEST.MF b/bordercastle/MANIFEST.MF new file mode 100644 index 0000000..0ffaf26 --- /dev/null +++ b/bordercastle/MANIFEST.MF @@ -0,0 +1,9 @@ +Manifest-Version: 1.0 + +Name: org/bordercastle +Specification-Title: BouncyCastle JCE Provider +Specification-Vendor: bouncycastle.org +Specification-Version: ${bouncycastle.version} +Implementation-Title: BorderCastle JCE Provider +Implementation-Vendor: bordercastle.org +Implementation-Version: ${bordercastle.version} diff --git a/bordercastle/Version.java b/bordercastle/Version.java new file mode 100644 index 0000000..d4f332d --- /dev/null +++ b/bordercastle/Version.java @@ -0,0 +1,48 @@ +// -- FILE ------------------------------------------------------------------ +// name : Version.java +// project : BoarderZone: BorderCastle +// created : Leon Poyyayil - 2013-08-06 +// language : java +// environment: JDK 1.6.0 +// copyright : (c) 1990-2025 by Leon Poyyayil (private), Switzerland +// license : Bouncy Castle License. see LICENSE +// -------------------------------------------------------------------------- +package org.bordercastle; + + +// -- CLASS ----------------------------------------------------------------- +/** Simple version information. +*///------------------------------------------------------------------------- +public final class Version { + + +// ----- constants ----- +/** the version of this library */ +private static final String VERSION = "${bordercastle.version}"; + + +// -- METHOD ---------------------------------------------------------------- +/** Prevent instantiation. +*///------------------------------------------------------------------------- +private Version() +{ +} // Version + + +// -- METHOD ---------------------------------------------------------------- +/** Provides access to the version. Intentionally only available through a +method call for public use to prevent the java compiler from copying the +constant value to the call sites at compile time. +@return the version +*///------------------------------------------------------------------------- +public static String getVersion() +{ + return VERSION; +} // getVersion + + +} // class Version +// -------------------------------------------------------------------------- + + +// -- EOF ------------------------------------------------------------------- diff --git a/bordercastle/proguard-base.conf b/bordercastle/proguard-base.conf new file mode 100644 index 0000000..47b5c45 --- /dev/null +++ b/bordercastle/proguard-base.conf @@ -0,0 +1,92 @@ +## -- FILE ------------------------------------------------------------------ +## name : proguard-base.conf +## project : BoarderZone: BorderCastle +## created : Leon Poyyayil - 2013-07-15 +## language : ProGuard obfuscator configuration +## environment: ProGuard 5.3.2 +## copyright : (c) 1990-2025 by Leon Poyyayil (private), Switzerland +## license : Bouncy Castle License. see LICENSE +## -------------------------------------------------------------------------- + +# ProGuard configuration file to process the BorderCastle JCE provider +# library, such that it remains usable as a library. + +# based on examples/library.pro from the ProGuard 4.9 distribution +# with the following changes: +# - removed all definitions in regard to library, input and output jars +# - removed definitions to control runtime output of proguard itself +# - disabled renaming of SourceFile attributes +# - turned off keeping of parameter names +# - removed all commented sections +# - added specific settings at end for BorderCastle + + +# Keep a fixed source file attribute and all line number +# tables to get line numbers in the stack traces. + +#-keepparameternames +#-renamesourcefileattribute SourceFile +-keepattributes Exceptions,InnerClasses,Signature,Deprecated, + SourceFile,LineNumberTable,EnclosingMethod + +# Preserve all annotations. + +-keepattributes *Annotation* + +# Preserve all public classes, and their public and protected fields and +# methods. + +-keep public class * { + public protected *; +} + +# Preserve all .class method names. + +-keepclassmembernames class * { + java.lang.Class class$(java.lang.String); + java.lang.Class class$(java.lang.String, boolean); +} + +# Preserve all native method names and the names of their classes. + +-keepclasseswithmembernames class * { + native ; +} + +# Preserve the special static methods that are required in all enumeration +# classes. + +-keepclassmembers class * extends java.lang.Enum { + public static **[] values(); + public static ** valueOf(java.lang.String); +} + +# Explicitly preserve all serialization members. The Serializable interface +# is only a marker interface, so it wouldn't save them. +# You can comment this out if your library doesn't use serialization. +# If your code contains serializable classes that have to be backward +# compatible, please refer to the manual. + +-keepclassmembers class * implements java.io.Serializable { + static final long serialVersionUID; + static final java.io.ObjectStreamField[] serialPersistentFields; + private void writeObject(java.io.ObjectOutputStream); + private void readObject(java.io.ObjectInputStream); + java.lang.Object writeReplace(); + java.lang.Object readResolve(); +} + +############################################################################# +# now for some specific bordercastle classes: + +# prevent warning about reflection use of the ubiquituous getInstance method: +-keepclassmembers class * { + public static *** getInstance(java.lang.Object); +} + +# prevent warning about reflection use of any string arg constructors +-keepclassmembers class * { + public (java.lang.String); +} + +## -- EOF ------------------------------------------------------------------- diff --git a/bordercastle/proguard-jce.conf b/bordercastle/proguard-jce.conf new file mode 100644 index 0000000..264decd --- /dev/null +++ b/bordercastle/proguard-jce.conf @@ -0,0 +1,100 @@ +## -- FILE ------------------------------------------------------------------ +## name : proguard.conf +## project : BoarderZone: BorderCastle +## created : Leon Poyyayil - 2013-07-15 +## language : ProGuard obfuscator configuration +## environment: ProGuard 5.3.2 +## copyright : (c) 1990-2025 by Leon Poyyayil (private), Switzerland +## license : Bouncy Castle License. see LICENSE +## -------------------------------------------------------------------------- + +# ProGuard configuration file to process the BorderCastle JCE provider +# library, such that it remains usable as a library. + +############################################################################# +# specific bordercastle JCE classes: + +# need to keep some package-protected classes because they are used as parameter +# in methods which remain un-obfuscated ... +-keep class org.bordercastle.cert.crmf.PKMACValueGenerator { + public protected *; +} +-keep class org.bordercastle.crypto.engines.AEADBaseEngine { + public protected *; +} +-keep class org.bordercastle.crypto.util.SSHBuffer { + public protected *; +} +-keep class org.bordercastle.oer.OERDefinition$ExtensionList { + public protected *; +} +-keep class org.bordercastle.oer.OERDefinition$OptionalList { + public protected *; +} +-keep class org.bordercastle.pkix.jcajce.CertStatus { + public protected *; +} +-keep class org.bordercastle.pkix.jcajce.X509CertStoreSelector { + public protected *; +} +-keep class org.bordercastle.pqc.crypto.frodo.FrodoMatrixGenerator { + public protected *; +} +-keep class org.bordercastle.pqc.legacy.crypto.gemss.Pointer { + public protected *; +} +-keep class org.bordercastle.pqc.legacy.crypto.gemss.PointerUnion { + public protected *; +} +-keep class org.bordercastle.pqc.crypto.lms.LMOtsPrivateKey { + public protected *; +} +-keep class org.bordercastle.pqc.crypto.lms.LMOtsPublicKey { + public protected *; +} +-keep class org.bordercastle.pqc.crypto.lms.LMOtsSignature { + public protected *; +} +-keep class org.bordercastle.pqc.crypto.lms.LMSSignature { + public protected *; +} +-keep class org.bordercastle.pqc.crypto.lms.LMSSignedPubKey { + public protected *; +} +-keep class org.bordercastle.pqc.crypto.picnic.PicnicEngine { + public protected *; +} +-keep class org.bordercastle.pqc.crypto.picnic.Tape { + public protected *; +} +-keep class org.bordercastle.pqc.crypto.xmss.OTSHashAddress { + public protected *; +} +-keep class org.bordercastle.pqc.crypto.xmss.WOTSPlusParameters { + public protected *; +} +-keep class org.bordercastle.pqc.crypto.xmss.WOTSPlusSignature { + public protected *; +} +-keep class org.bordercastle.tsp.ers.IndexedHash { + public protected *; +} +-keep class org.bordercastle.x509.CertStatus { + public protected *; +} + +# this method is being accessed dynamically as it is only available since JDK 1.8 +# by org.bordercastle.jcajce.provider.drbg.DRBG. +# it is actually about java.security.SecureRandom but we don't want to see a ProGuard +# warning about not needing to specify a library class for being kept ... +-keep public class *SecureRandom { + java.security.SecureRandom getInstanceStrong(); +} + +# the same as above for the use of method AlgorithmParameterSpec.getName() from +# org.bordercastle.jcajce.provider.asymmetric.util.ECUtil.getNameFrom() +-keep public class *AlgorithmParameterSpec { + java.lang.String getName(); +} + +## -- EOF ------------------------------------------------------------------- diff --git a/bordercastle/proguard-tls.conf b/bordercastle/proguard-tls.conf new file mode 100644 index 0000000..6456bc4 --- /dev/null +++ b/bordercastle/proguard-tls.conf @@ -0,0 +1,26 @@ +## -- FILE ------------------------------------------------------------------ +## name : proguard-tls.conf +## project : BoarderZone: BorderCastle +## created : Leon Poyyayil - 2025-10-25 +## language : ProGuard obfuscator configuration +## environment: ProGuard 5.3.2 +## copyright : (c) 1990-2025 by Leon Poyyayil (private), Switzerland +## license : Bouncy Castle License. see LICENSE +## -------------------------------------------------------------------------- + +# ProGuard configuration file to process the BorderCastle JCE provider +# library, such that it remains usable as a library. + +############################################################################# +# specific bordercastle TLS classes: + +# need to keep some package-protected classes because they are used as parameter +# in methods which remain un-obfuscated ... +-keep class org.bordercastle.tls.DTLSRecordLayer { + public protected *; +} +-keep class org.bordercastle.tls.DTLSReliableHandshake { + public protected *; +} + +## -- EOF ------------------------------------------------------------------- diff --git a/bouncycastle/.gitignore b/bouncycastle/.gitignore new file mode 100644 index 0000000..e3f9aee --- /dev/null +++ b/bouncycastle/.gitignore @@ -0,0 +1 @@ +crypto-*.zip diff --git a/bouncycastle/crypto-1.81.patch b/bouncycastle/crypto-1.81.patch new file mode 100644 index 0000000..9158ef3 --- /dev/null +++ b/bouncycastle/crypto-1.81.patch @@ -0,0 +1,331 @@ +diff -rupN bouncycastle/boca-light/src/main/java/org/bordercastle/crypto/util/DerUtil.java bordercastle/boca-light/src/main/java/org/bordercastle/crypto/util/DerUtil.java +--- bouncycastle/boca-light/src/main/java/org/bordercastle/crypto/util/DerUtil.java 2025-10-25 07:40:23.182387118 +0200 ++++ bordercastle/boca-light/src/main/java/org/bordercastle/crypto/util/DerUtil.java 2025-10-25 07:40:47.173482490 +0200 +@@ -27,13 +27,8 @@ class DerUtil + } + catch (final IOException e) + { +- throw new IllegalStateException("Cannot get encoding: " + e.getMessage()) +- { +- public Throwable getCause() +- { +- return e; +- } +- }; ++ // TODO: BorderCastle: prevent problems later with android .dex files on obfuscated inner class ++ throw new IllegalStateException("Cannot get encoding: " + e.getMessage(), e); + } + } + } +diff -rupN bouncycastle/boca-light/src/main/java/org/bordercastle/pqc/math/ntru/parameters/NTRUHPSParameterSet.java bordercastle/boca-light/src/main/java/org/bordercastle/pqc/math/ntru/parameters/NTRUHPSParameterSet.java +--- bouncycastle/boca-light/src/main/java/org/bordercastle/pqc/math/ntru/parameters/NTRUHPSParameterSet.java 2025-10-25 07:40:28.278407368 +0200 ++++ bordercastle/boca-light/src/main/java/org/bordercastle/pqc/math/ntru/parameters/NTRUHPSParameterSet.java 2025-10-25 07:40:47.174482494 +0200 +@@ -11,7 +11,7 @@ import org.bordercastle.pqc.math.ntru.Po + * @see NTRUHPS2048509 + * @see NTRUHPS2048677 + * @see NTRUHPS4096821 +- * @see NTRU specification document section 1.3.2 ++ * @see NTRU specification document, section 1.3.2 + */ + public abstract class NTRUHPSParameterSet + extends NTRUParameterSet +diff -rupN bouncycastle/boca-light/src/main/java/org/bordercastle/pqc/math/ntru/parameters/NTRUHRSSParameterSet.java bordercastle/boca-light/src/main/java/org/bordercastle/pqc/math/ntru/parameters/NTRUHRSSParameterSet.java +--- bouncycastle/boca-light/src/main/java/org/bordercastle/pqc/math/ntru/parameters/NTRUHRSSParameterSet.java 2025-10-25 07:40:28.316407519 +0200 ++++ bordercastle/boca-light/src/main/java/org/bordercastle/pqc/math/ntru/parameters/NTRUHRSSParameterSet.java 2025-10-25 07:40:47.174482494 +0200 +@@ -10,7 +10,7 @@ import org.bordercastle.pqc.math.ntru.Po + * The naming convention for the classes is {@code NTRUHRSS[n]}. e.g. {@link NTRUHRSS701} has n = 701. + * + * @see NTRUHRSS701 +- * @see NTRU specification document section 1.3.3 ++ * @see NTRU specification document, section 1.3.3 + */ + public abstract class NTRUHRSSParameterSet + extends NTRUParameterSet +diff -rupN bouncycastle/boca-light/src/main/java/org/bordercastle/pqc/math/ntru/Polynomial.java bordercastle/boca-light/src/main/java/org/bordercastle/pqc/math/ntru/Polynomial.java +--- bouncycastle/boca-light/src/main/java/org/bordercastle/pqc/math/ntru/Polynomial.java 2025-10-25 07:40:28.335407594 +0200 ++++ bordercastle/boca-light/src/main/java/org/bordercastle/pqc/math/ntru/Polynomial.java 2025-10-25 07:40:47.173482490 +0200 +@@ -80,7 +80,7 @@ public abstract class Polynomial + * + * @param len array length of packed polynomial + * @return +- * @see NTRU specification section 1.8.5 ++ * @see NTRU specification, section 1.8.5 + */ + // defined in packq.c + public abstract byte[] sqToBytes(int len); +@@ -90,7 +90,7 @@ public abstract class Polynomial + * Unpack a Sq polynomial + * + * @param a byte array of packed polynomial +- * @see NTRU specification section 1.8.6 ++ * @see NTRU specification, section 1.8.6 + */ + // defined in packq.c + public abstract void sqFromBytes(byte[] a); +@@ -101,7 +101,7 @@ public abstract class Polynomial + * + * @param len array length of packed polynomial + * @return +- * @see NTRU specification section 1.8.3 ++ * @see NTRU specification, section 1.8.3 + */ + // defined in packq.c + public byte[] rqSumZeroToBytes(int len) +@@ -114,7 +114,7 @@ public abstract class Polynomial + * Unpack a Rq0 polynomial + * + * @param a byte array of packed polynomial +- * @see NTRU specification section 1.8.4 ++ * @see NTRU specification, section 1.8.4 + */ + // defined in packq.c + public void rqSumZeroFromBytes(byte[] a) +@@ -135,7 +135,7 @@ public abstract class Polynomial + * + * @param messageSize array length of packed polynomial + * @return +- * @see NTRU specification section 1.8.7 ++ * @see NTRU specification, section 1.8.7 + */ + // defined in pack3.c + public byte[] s3ToBytes(int messageSize) +@@ -181,7 +181,7 @@ public abstract class Polynomial + * Unpack a S3 polynomial + * + * @param msg byte array of packed polynomial +- * @see NTRU specification section 1.8.8 ++ * @see NTRU specification, section 1.8.8 + */ + // defined in pack3.c + public void s3FromBytes(byte[] msg) +@@ -248,7 +248,7 @@ public abstract class Polynomial + + /** + * @param a +- * @see NTRU specification section 1.9.3 ++ * @see NTRU specification, section 1.9.3 + */ + // defined in poly_lift.c + public abstract void lift(Polynomial a); +diff -rupN bouncycastle/boca-pkix/src/main/java/org/bordercastle/cert/cmp/package-info.java bordercastle/boca-pkix/src/main/java/org/bordercastle/cert/cmp/package-info.java +--- bouncycastle/boca-pkix/src/main/java/org/bordercastle/cert/cmp/package-info.java 2025-10-25 07:40:36.887441590 +0200 ++++ bordercastle/boca-pkix/src/main/java/org/bordercastle/cert/cmp/package-info.java 2025-10-25 07:40:47.174482494 +0200 +@@ -1,6 +1,4 @@ + /** +- * + * Basic support package for handling and creating CMP (RFC 4210) certificate management messages. + */ + package org.bordercastle.cert.cmp; +diff -rupN bouncycastle/boca-pkix/src/main/java/org/bordercastle/cert/crmf/jcajce/package-info.java bordercastle/boca-pkix/src/main/java/org/bordercastle/cert/crmf/jcajce/package-info.java +--- bouncycastle/boca-pkix/src/main/java/org/bordercastle/cert/crmf/jcajce/package-info.java 2025-10-25 07:40:36.373439547 +0200 ++++ bordercastle/boca-pkix/src/main/java/org/bordercastle/cert/crmf/jcajce/package-info.java 2025-10-25 07:40:47.174482494 +0200 +@@ -1,6 +1,4 @@ + /** +- * + * JCA extensions to the CRMF online certificate request package. + */ + package org.bordercastle.cert.crmf.jcajce; +diff -rupN bouncycastle/boca-pkix/src/main/java/org/bordercastle/cert/crmf/package-info.java bordercastle/boca-pkix/src/main/java/org/bordercastle/cert/crmf/package-info.java +--- bouncycastle/boca-pkix/src/main/java/org/bordercastle/cert/crmf/package-info.java 2025-10-25 07:40:36.419439730 +0200 ++++ bordercastle/boca-pkix/src/main/java/org/bordercastle/cert/crmf/package-info.java 2025-10-25 07:40:47.175482498 +0200 +@@ -1,6 +1,4 @@ + /** +- * + * Basic support package for handling and creating CRMF (RFC 4211) certificate request messages. + */ + package org.bordercastle.cert.crmf; +diff -rupN bouncycastle/boca-pkix/src/main/java/org/bordercastle/cert/jcajce/package-info.java bordercastle/boca-pkix/src/main/java/org/bordercastle/cert/jcajce/package-info.java +--- bouncycastle/boca-pkix/src/main/java/org/bordercastle/cert/jcajce/package-info.java 2025-10-25 07:40:36.573440342 +0200 ++++ bordercastle/boca-pkix/src/main/java/org/bordercastle/cert/jcajce/package-info.java 2025-10-25 07:40:47.175482498 +0200 +@@ -1,6 +1,4 @@ + /** +- * + * JCA extensions to the certificate building and processing package. + */ + package org.bordercastle.cert.jcajce; +diff -rupN bouncycastle/boca-pkix/src/main/java/org/bordercastle/cert/ocsp/jcajce/package-info.java bordercastle/boca-pkix/src/main/java/org/bordercastle/cert/ocsp/jcajce/package-info.java +--- bouncycastle/boca-pkix/src/main/java/org/bordercastle/cert/ocsp/jcajce/package-info.java 2025-10-25 07:40:36.749441041 +0200 ++++ bordercastle/boca-pkix/src/main/java/org/bordercastle/cert/ocsp/jcajce/package-info.java 2025-10-25 07:40:47.175482498 +0200 +@@ -1,6 +1,4 @@ + /** +- * + * JCA extensions to the OCSP online certificate status package. + */ + package org.bordercastle.cert.ocsp.jcajce; +diff -rupN bouncycastle/boca-pkix/src/main/java/org/bordercastle/cert/ocsp/package-info.java bordercastle/boca-pkix/src/main/java/org/bordercastle/cert/ocsp/package-info.java +--- bouncycastle/boca-pkix/src/main/java/org/bordercastle/cert/ocsp/package-info.java 2025-10-25 07:40:36.764441101 +0200 ++++ bordercastle/boca-pkix/src/main/java/org/bordercastle/cert/ocsp/package-info.java 2025-10-25 07:40:47.175482498 +0200 +@@ -1,6 +1,4 @@ + /** +- * + * Basic support package for handling and creating OCSP (RFC 2560) online certificate status requests. + */ + package org.bordercastle.cert.ocsp; +diff -rupN bouncycastle/boca-pkix/src/main/java/org/bordercastle/cert/selector/package-info.java bordercastle/boca-pkix/src/main/java/org/bordercastle/cert/selector/package-info.java +--- bouncycastle/boca-pkix/src/main/java/org/bordercastle/cert/selector/package-info.java 2025-10-25 07:40:36.690440807 +0200 ++++ bordercastle/boca-pkix/src/main/java/org/bordercastle/cert/selector/package-info.java 2025-10-25 07:40:47.175482498 +0200 +@@ -1,6 +1,4 @@ + /** +- * + * Specialised Selector classes for certificates, CRLs, and attribute certificates. + */ + package org.bordercastle.cert.selector; +diff -rupN bouncycastle/boca-pkix/src/main/java/org/bordercastle/pkcs/bc/package-info.java bordercastle/boca-pkix/src/main/java/org/bordercastle/pkcs/bc/package-info.java +--- bouncycastle/boca-pkix/src/main/java/org/bordercastle/pkcs/bc/package-info.java 2025-10-25 07:40:33.882429643 +0200 ++++ bordercastle/boca-pkix/src/main/java/org/bordercastle/pkcs/bc/package-info.java 2025-10-25 07:40:47.175482498 +0200 +@@ -1,6 +1,4 @@ + /** +- * + * BC lightweight API extensions and operators for the PKCS#10 certification request package. + */ + package org.bordercastle.pkcs.bc; +diff -rupN bouncycastle/boca-pkix/src/main/java/org/bordercastle/pkcs/jcajce/package-info.java bordercastle/boca-pkix/src/main/java/org/bordercastle/pkcs/jcajce/package-info.java +--- bouncycastle/boca-pkix/src/main/java/org/bordercastle/pkcs/jcajce/package-info.java 2025-10-25 07:40:33.790429277 +0200 ++++ bordercastle/boca-pkix/src/main/java/org/bordercastle/pkcs/jcajce/package-info.java 2025-10-25 07:40:47.176482502 +0200 +@@ -1,6 +1,4 @@ + /** +- * + * JCA extensions and operators for the PKCS#10 certification request package. + */ + package org.bordercastle.pkcs.jcajce; +diff -rupN bouncycastle/boca-pkix/src/main/java/org/bordercastle/pkcs/package-info.java bordercastle/boca-pkix/src/main/java/org/bordercastle/pkcs/package-info.java +--- bouncycastle/boca-pkix/src/main/java/org/bordercastle/pkcs/package-info.java 2025-10-25 07:40:33.847429504 +0200 ++++ bordercastle/boca-pkix/src/main/java/org/bordercastle/pkcs/package-info.java 2025-10-25 07:40:47.176482502 +0200 +@@ -1,6 +1,4 @@ + /** +- * + * Basic support package for handling and creating PKCS#10 certification requests, PKCS#8 encrypted keys and PKCS#12 keys stores. + */ + package org.bordercastle.pkcs; +diff -rupN bouncycastle/boca-prov/src/main/java/org/bordercastle/jce/provider/BouncyCastleProvider.java bordercastle/boca-prov/src/main/java/org/bordercastle/jce/provider/BouncyCastleProvider.java +--- bouncycastle/boca-prov/src/main/java/org/bordercastle/jce/provider/BouncyCastleProvider.java 2025-10-25 07:40:40.980457864 +0200 ++++ bordercastle/boca-prov/src/main/java/org/bordercastle/jce/provider/BouncyCastleProvider.java 2025-10-25 07:40:47.176482502 +0200 +@@ -151,7 +151,7 @@ public final class BouncyCastleProvider + private static final String KEYSTORE_PACKAGE = "org.bordercastle.jcajce.provider.keystore."; + private static final String[] KEYSTORES = + { +- "BoCa", "BCFKS", "PKCS12" ++ "BC", "BCFKS", "PKCS12" + }; + + /* +@@ -172,7 +172,22 @@ public final class BouncyCastleProvider + */ + public BouncyCastleProvider() + { +- super(PROVIDER_NAME, 1.81, info); ++ this(PROVIDER_NAME); ++ } ++ ++ /** ++ * Construct a new provider with a custom name. This should only be required when ++ * using runtime registration of the provider using the ++ * Security.addProvider() mechanism. ++ * This constructor allows to give a distinct name to the new provider and thus allows ++ * to register multiple instances with separate names. This is helpful in environments ++ * where classloader problems would occur when one classloader installs the provider ++ * but another classloader attempts to cast objects created by the first provider ++ * (e.g. in webapp containers where each webapp wants to install the provider). ++ */ ++ public BouncyCastleProvider(final String providerName) ++ { ++ super(providerName, 1.81, info); + + AccessController.doPrivileged(new PrivilegedAction() + { +@@ -184,6 +199,19 @@ public final class BouncyCastleProvider + }); + } + ++ @Override public String toString() ++ { ++ // the java.security.Provider class in Android doesn't support the ++ // c'tor with a string version argument ++ // => was only introduced in JDK-9 ++ // => but Android is based on JDK-8 ++ // => must instead override the base class' toString() method ++ // to output the version in string form instead of as double ++ // (which would truncate trailing zeroes) ++ // => output "1.80" instead of "1.8" ... ++ return getName() + " version " + org.bordercastle.Version.getVersion(); ++ } ++ + private void setup() + { + loadAlgorithms(DIGEST_PACKAGE, DIGESTS); +diff -rupN bouncycastle/boca-prov/src/main/java/org/bordercastle/pqc/jcajce/provider/BouncyCastlePQCProvider.java bordercastle/boca-prov/src/main/java/org/bordercastle/pqc/jcajce/provider/BouncyCastlePQCProvider.java +--- bouncycastle/boca-prov/src/main/java/org/bordercastle/pqc/jcajce/provider/BouncyCastlePQCProvider.java 2025-10-25 07:40:40.159454599 +0200 ++++ bordercastle/boca-prov/src/main/java/org/bordercastle/pqc/jcajce/provider/BouncyCastlePQCProvider.java 2025-10-25 07:40:47.176482502 +0200 +@@ -51,7 +51,22 @@ public class BouncyCastlePQCProvider + */ + public BouncyCastlePQCProvider() + { +- super(PROVIDER_NAME, 1.81, info); ++ this(PROVIDER_NAME); ++ } ++ ++ /** ++ * Construct a new provider with a custom name. This should only be required when ++ * using runtime registration of the provider using the ++ * Security.addProvider() mechanism. ++ * This constructor allows to give a distinct name to the new provider and thus allows ++ * to register multiple instances with separate names. This is helpful in environments ++ * where classloader problems would occur when one classloader installs the provider ++ * but another classloader attempts to cast objects created by the first provider ++ * (e.g. in webapp containers where each webapp wants to install the provider). ++ */ ++ public BouncyCastlePQCProvider(final String providerName) ++ { ++ super(providerName, 1.81, info); + + AccessController.doPrivileged(new PrivilegedAction() + { +@@ -63,6 +78,19 @@ public class BouncyCastlePQCProvider + }); + } + ++ @Override public String toString() ++ { ++ // the java.security.Provider class in Android doesn't support the ++ // c'tor with a string version argument ++ // => was only introduced in JDK-9 ++ // => but Android is based on JDK-8 ++ // => must instead override the base class' toString() method ++ // to output the version in string form instead of as double ++ // (which would truncate trailing zeroes) ++ // => output "1.80" instead of "1.8" ... ++ return getName() + " version " + org.bordercastle.Version.getVersion(); ++ } ++ + private void setup() + { + loadAlgorithms(ALGORITHM_PACKAGE, ALGORITHMS); +diff -rupN bouncycastle/boca-util/src/main/java/org/bordercastle/asn1/tsp/ArchiveTimeStamp.java bordercastle/boca-util/src/main/java/org/bordercastle/asn1/tsp/ArchiveTimeStamp.java +--- bouncycastle/boca-util/src/main/java/org/bordercastle/asn1/tsp/ArchiveTimeStamp.java 2025-10-25 07:40:44.480471784 +0200 ++++ bordercastle/boca-util/src/main/java/org/bordercastle/asn1/tsp/ArchiveTimeStamp.java 2025-10-25 07:40:47.177482506 +0200 +@@ -17,7 +17,6 @@ import org.bordercastle.asn1.x509.Algori + + /** + * Implementation of the Archive Timestamp type defined in RFC4998. +- * @see RFC 4998 + *

+ * ASN.1 Archive Timestamp + *

+@@ -30,6 +29,7 @@ import org.bordercastle.asn1.x509.Algori + * PartialHashtree ::= SEQUENCE OF OCTET STRING + *

+ * Attributes ::= SET SIZE (1..MAX) OF Attribute ++ * @see RFC 4998 + */ + public class ArchiveTimeStamp + extends ASN1Object diff --git a/maven/pom/boca-light.xml b/maven/pom/boca-light.xml new file mode 100644 index 0000000..7e54fa2 --- /dev/null +++ b/maven/pom/boca-light.xml @@ -0,0 +1,18 @@ + + + 4.0.0 + boca-light + jar + + org.bordercastle + boca-parent + ${bordercastle.version} + + BorderCastle Lightweight Crypto API + + The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. + + This jar contains the lightweight API for the Bouncy Castle Cryptography APIs + for JDK 1.8 and onwards. + + diff --git a/maven/pom/boca-mail.xml b/maven/pom/boca-mail.xml new file mode 100644 index 0000000..08eb9b3 --- /dev/null +++ b/maven/pom/boca-mail.xml @@ -0,0 +1,36 @@ + + + 4.0.0 + boca-mail + jar + + org.bordercastle + boca-parent + ${bordercastle.version} + + BorderCastle S/MIME API + + The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. + + This jar contains S/MIME APIs for JDK 1.8 and onwards. The APIs can be used in conjunction + with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. + The JavaMail API and the Java activation framework will also be needed. + + + + org.bordercastle + boca-util + ${bordercastle.version} + + + org.bordercastle + boca-pkix + ${bordercastle.version} + + + javax.mail + mail + 1.4.5 + + + diff --git a/maven/pom/boca-mls.xml b/maven/pom/boca-mls.xml new file mode 100644 index 0000000..6cc99bf --- /dev/null +++ b/maven/pom/boca-mls.xml @@ -0,0 +1,74 @@ + + + 4.0.0 + boca-mls + jar + + org.bordercastle + boca-parent + ${bordercastle.version} + + BorderCastle MLS + + The Bouncy Castle MLS implementation. + + This jar contains APIs for JDK 1.8 and onwards. The APIs can be used in conjunction with a JCE/JCA + provider such as the one provided with the Bouncy Castle Cryptography APIs. + + + + org.bordercastle + boca-prov + ${bordercastle.version} + + + org.bordercastle + boca-util + ${bordercastle.version} + + + + com.google.protobuf + protobuf-java + 3.22.3 + + + io.grpc + grpc-api + 1.58.0 + + + io.grpc + grpc-core + 1.58.0 + + + io.grpc + grpc-netty-shaded + 1.58.0 + + + io.grpc + grpc-protobuf + 1.58.0 + + + io.grpc + grpc-protobuf-lite + 1.58.0 + + + io.grpc + grpc-services + 1.58.0 + runtime + + + io.grpc + grpc-stub + 1.58.0 + + + diff --git a/maven/pom/boca-parent.xml b/maven/pom/boca-parent.xml new file mode 100644 index 0000000..6fa48f5 --- /dev/null +++ b/maven/pom/boca-parent.xml @@ -0,0 +1,116 @@ + + + 4.0.0 + + + central + Central Repository + https://repo.maven.apache.org/maven2 + default + + false + + + never + + + + + + central + Central Repository + https://repo.maven.apache.org/maven2 + default + + false + + + + + org.sonatype.oss + oss-parent + 7 + + org.bordercastle + boca-parent + ${bordercastle.version} + pom + BorderCastle parent POM project + http://www.bordercastle.org/ + + BorderCastle is a package-rename (org.bouncycastle.* to org.bordercastle.*) of Bouncy Castle + intended for the Android platform. Android unfortunately ships with a stripped-down version of + Bouncy Castle, which prevents easy upgrades - BorderCastle overcomes this and provides a full, + up-to-date version of the Bouncy Castle cryptographic libs. + + The project was inspired by Spongy Castle (http://rtyley.github.com/spongycastle/) but forked + from it to have a documented and well established build process, directly from the Bouncy Castle + sources. + + + + Bouncy Castle Licence + http://www.bouncycastle.org/licence.html + repo + + + + + bouncy-castle-dev + Bouncy Castle contributors + http://www.bouncycastle.org/contributors.html + + + lepoy + Leon Poyyayil + 0 + + + dincalza + Dario Incalza + 0 + + + + UTF-8 + + + boca-light + boca-prov + boca-pg + boca-pkix + boca-mail + + boca-util + boca-tls + + + + junit + junit + 4.13 + test + + + com.unboundid + unboundid-ldapsdk + 6.0.8 + test + + + + + + org.apache.maven.plugins + maven-compiler-plugin + 2.3.2 + + 1.8 + 1.8 + + + + + diff --git a/maven/pom/boca-pg.xml b/maven/pom/boca-pg.xml new file mode 100644 index 0000000..28a625c --- /dev/null +++ b/maven/pom/boca-pg.xml @@ -0,0 +1,30 @@ + + + 4.0.0 + boca-pg + jar + + org.bordercastle + boca-parent + ${bordercastle.version} + + BorderCastle OpenPGP API + + The Bouncy Castle Java API for handling the OpenPGP protocol. + + This jar contains APIs for JDK 1.8 and onwards. The APIs can be used in conjunction with a JCE/JCA + provider such as the one provided with the Bouncy Castle Cryptography APIs. + + + + org.bordercastle + boca-prov + ${bordercastle.version} + + + org.bordercastle + boca-util + ${bordercastle.version} + + + diff --git a/maven/pom/boca-pkix.xml b/maven/pom/boca-pkix.xml new file mode 100644 index 0000000..90717b5 --- /dev/null +++ b/maven/pom/boca-pkix.xml @@ -0,0 +1,30 @@ + + + 4.0.0 + boca-pkix + jar + + org.bordercastle + boca-parent + ${bordercastle.version} + + BorderCastle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs + + The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. + + This jar contains APIs for JDK 1.8 and onwards. The APIs can be used in conjunction with a JCE/JCA + provider such as the one provided with the Bouncy Castle Cryptography APIs. + + + + org.bordercastle + boca-prov + ${bordercastle.version} + + + org.bordercastle + boca-util + ${bordercastle.version} + + + diff --git a/maven/pom/boca-prov.xml b/maven/pom/boca-prov.xml new file mode 100644 index 0000000..e87d851 --- /dev/null +++ b/maven/pom/boca-prov.xml @@ -0,0 +1,24 @@ + + + 4.0.0 + boca-prov + jar + + org.bordercastle + boca-parent + ${bordercastle.version} + + BorderCastle Provider + + The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. + + This jar contains the JCE provider for the Bouncy Castle Cryptography APIs for JDK 1.8 and onwards. + + + + org.bordercastle + boca-light + ${bordercastle.version} + + + diff --git a/maven/pom/boca-tls.xml b/maven/pom/boca-tls.xml new file mode 100644 index 0000000..5f2ba64 --- /dev/null +++ b/maven/pom/boca-tls.xml @@ -0,0 +1,30 @@ + + + 4.0.0 + boca-tls + jar + + org.bordercastle + boca-parent + ${bordercastle.version} + + BorderCastle TLS/JSSE + + The Bouncy Castle TLS/JSSE implementation. + + This jar contains APIs for JDK 1.8 and onwards. The APIs can be used in conjunction with a JCE/JCA + provider such as the one provided with the Bouncy Castle Cryptography APIs. + + + + org.bordercastle + boca-prov + ${bordercastle.version} + + + org.bordercastle + boca-util + ${bordercastle.version} + + + diff --git a/maven/pom/boca-util.xml b/maven/pom/boca-util.xml new file mode 100644 index 0000000..7361dff --- /dev/null +++ b/maven/pom/boca-util.xml @@ -0,0 +1,31 @@ + + + 4.0.0 + boca-util + jar + + org.bordercastle + boca-parent + ${bordercastle.version} + + BorderCastle Utilities + + The Bouncy Castle utility classes. + + This jar contains a collection of classes which do not need to be in the JCE provider + jar, but are used by the other APIs. The APIs can be used in conjunction with a JCE/JCA + provider such as the one provided with the Bouncy Castle Cryptography APIs. + + + + org.bordercastle + boca-light + ${bordercastle.version} + + + org.bordercastle + boca-prov + ${bordercastle.version} + + + diff --git a/maven/user.home/.m2/.gitignore b/maven/user.home/.m2/.gitignore new file mode 100644 index 0000000..92eb240 --- /dev/null +++ b/maven/user.home/.m2/.gitignore @@ -0,0 +1 @@ +settings.xml diff --git a/maven/user.home/.m2/settings.xml.tpl b/maven/user.home/.m2/settings.xml.tpl new file mode 100644 index 0000000..b8fa1a3 --- /dev/null +++ b/maven/user.home/.m2/settings.xml.tpl @@ -0,0 +1,3 @@ + + ${maven.repo} +