+ * This implementation is less than industrial strength: + *
this and
+ * that, as specified by Comparable. The timestamp is most
+ * significant; that is, if the timestamps are different, return 1 or
+ * -1. If this contains only a timestamp (with no nonce
+ * etc.), return -1 or 0. The treatment of the nonce etc. is murky,
+ * although 0 is returned only if they're all equal.
+ */
+ public int compareTo(UsedNonce that) {
+ return (that == null) ? 1 : sortKey.compareTo(that.sortKey);
+ }
+
+ @Override
+ public int hashCode() {
+ return sortKey.hashCode();
+ }
+
+ /**
+ * Return true iff this and that contain equal
+ * timestamps, nonce etc., in the same order.
+ */
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that == this)
+ return true;
+ if (that.getClass() != getClass())
+ return false;
+ return sortKey.equals(((UsedNonce) that).sortKey);
+ }
+
+ @Override
+ public String toString() {
+ return sortKey;
+ }
+ }
+}
Index: 3rdParty_sources/oauth-provider/net/oauth/server/HttpRequestMessage.java
===================================================================
diff -u
--- 3rdParty_sources/oauth-provider/net/oauth/server/HttpRequestMessage.java (revision 0)
+++ 3rdParty_sources/oauth-provider/net/oauth/server/HttpRequestMessage.java (revision 92d4f7d34c60b79bfec1ca66a0fa5239fedd082c)
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2008 Netflix, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.oauth.server;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Map;
+import javax.servlet.http.HttpServletRequest;
+import net.oauth.OAuth;
+import net.oauth.OAuthMessage;
+
+/**
+ * An HttpServletRequest, encapsulated as an OAuthMessage.
+ *
+ * @author John Kristian
+ */
+public class HttpRequestMessage extends OAuthMessage {
+
+ public HttpRequestMessage(HttpServletRequest request, String URL) {
+ super(request.getMethod(), URL, getParameters(request));
+ this.request = request;
+ copyHeaders(request, getHeaders());
+ }
+
+ private final HttpServletRequest request;
+
+ @Override
+ public InputStream getBodyAsStream() throws IOException {
+ return request.getInputStream();
+ }
+
+ @Override
+ public String getBodyEncoding() {
+ return request.getCharacterEncoding();
+ }
+
+ private static void copyHeaders(HttpServletRequest request, Collection
+ * The parameters in this class are not percent-encoded. Methods like
+ * OAuthClient.invoke and OAuthResponseMessage.completeParameters are
+ * responsible for percent-encoding parameters before transmission and decoding
+ * them after reception.
+ *
+ * @author John Kristian
+ */
+public class OAuthMessage {
+
+ private static Logger log = Logger.getLogger(OAuthMessage.class);
+
+ public OAuthMessage(String method, String URL, Collection parameters) {
+ this(method, URL, parameters, null);
+ }
+
+ public OAuthMessage(String method, String URL, Collection parameters,
+ InputStream bodyAsStream) {
+ this.method = method;
+ this.URL = URL;
+ this.bodyAsStream = bodyAsStream;
+ if (parameters == null) {
+ this.parameters = new ArrayList
+ * This class implements section 6.8. Base64 Content-Transfer-Encoding from RFC 2045 Multipurpose
+ * Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies by Freed and Borenstein.
+ *
+ * The {@value} character limit does not count the trailing CRLF, but counts all other characters, including any
+ * equal signs.
+ *
+ * Consumer can use this constructor to choose a different lineLength
+ * when encoding (lineSeparator is still CRLF). All forms of data can
+ * be decoded.
+ *
+ * Note: lineLengths that aren't multiples of 4 will still essentially
+ * end up being multiples of 4 in the encoded data.
+ *
+ * Consumer can use this constructor to choose a different lineLength
+ * and lineSeparator when encoding. All forms of data can
+ * be decoded.
+ *
+ * Note: lineLengths that aren't multiples of 4 will still essentially
+ * end up being multiples of 4 in the encoded data.
+ *
+ * Encodes all of the provided data, starting at inPos, for inAvail bytes.
+ * Must be called at least twice: once with the data to encode, and once
+ * with inAvail set to "-1" to alert encoder that EOF has been reached,
+ * so flush last remaining bytes (if not multiple of 3).
+ *
+ * Thanks to "commons" project in ws.apache.org for the bitwise operations,
+ * and general approach.
+ * http://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/
+ *
+ * Decodes all of the provided data, starting at inPos, for inAvail bytes.
+ * Should be called at least twice: once with the data to decode, and once
+ * with inAvail set to "-1" to alert decoder that EOF has been reached.
+ * The "-1" call is not necessary when decoding, but it doesn't hurt, either.
+ *
+ * Ignores all non-base64 characters. This is how chunked (e.g. 76 character)
+ * data is handled, since CR and LF are silently ignored, but has implications
+ * for other bytes, too. This method subscribes to the garbage-in, garbage-out
+ * philosophy: it will not check the provided data for validity.
+ *
+ * Thanks to "commons" project in ws.apache.org for the bitwise operations,
+ * and general approach.
+ * http://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/
+ *
+ * Static methods of this class implement a registry of signature methods. It's
+ * pre-populated with the standard OAuth algorithms. Appliations can replace
+ * them or add new ones.
+ *
+ * @author John Kristian
+ */
+public abstract class OAuthSignatureMethod {
+
+ private static Logger log = Logger.getLogger(OAuthSignatureMethod.class);
+
+ /** Add a signature to the message.
+ * @throws URISyntaxException
+ * @throws IOException */
+ public void sign(OAuthMessage message)
+ throws OAuthException, IOException, URISyntaxException {
+ message.addParameter(new OAuth.Parameter("oauth_signature",
+ getSignature(message)));
+ }
+
+ /**
+ * Check whether the message has a valid signature.
+ * @throws URISyntaxException
+ *
+ * @throws OAuthProblemException
+ * the signature is invalid
+ */
+ public void validate(OAuthMessage message)
+ throws IOException, OAuthException, URISyntaxException {
+ message.requireParameters("oauth_signature");
+ String signature = message.getSignature();
+ String baseString = getBaseString(message);
+ if (!isValid(signature, baseString)) {
+
+ // *LAMS* added by LAMS
+ log.debug("Error. Signature invalid. oauth_signature=" + signature + ", oauth_signature_base_string="
+ + baseString + ", oauth_signature_method=" + message.getSignatureMethod());
+
+ OAuthProblemException problem = new OAuthProblemException(
+ "signature_invalid");
+ problem.setParameter("oauth_signature", signature);
+ problem.setParameter("oauth_signature_base_string", baseString);
+ problem.setParameter("oauth_signature_method", message
+ .getSignatureMethod());
+ throw problem;
+ }
+ }
+
+ protected String getSignature(OAuthMessage message)
+ throws OAuthException, IOException, URISyntaxException {
+ String baseString = getBaseString(message);
+ String signature = getSignature(baseString);
+ // Logger log = Logger.getLogger(getClass().getName());
+ // if (log.isLoggable(Level.FINE)) {
+ // log.fine(signature + "=getSignature(" + baseString + ")");
+ // }
+ return signature;
+ }
+
+ protected void initialize(String name, OAuthAccessor accessor)
+ throws OAuthException {
+ String secret = accessor.consumer.consumerSecret;
+ if (name.endsWith(_ACCESSOR)) {
+ // This code supports the 'Accessor Secret' extensions
+ // described in http://oauth.pbwiki.com/AccessorSecret
+ final String key = OAuthConsumer.ACCESSOR_SECRET;
+ Object accessorSecret = accessor.getProperty(key);
+ if (accessorSecret == null) {
+ accessorSecret = accessor.consumer.getProperty(key);
+ }
+ if (accessorSecret != null) {
+ secret = accessorSecret.toString();
+ }
+ }
+ if (secret == null) {
+ secret = "";
+ }
+ setConsumerSecret(secret);
+ }
+
+ public static final String _ACCESSOR = "-Accessor";
+
+ /** Compute the signature for the given base string. */
+ protected abstract String getSignature(String baseString) throws OAuthException;
+
+ /** Decide whether the signature is valid. */
+ protected abstract boolean isValid(String signature, String baseString)
+ throws OAuthException;
+
+ private String consumerSecret;
+
+ private String tokenSecret;
+
+ protected String getConsumerSecret() {
+ return consumerSecret;
+ }
+
+ protected void setConsumerSecret(String consumerSecret) {
+ this.consumerSecret = consumerSecret;
+ }
+
+ public String getTokenSecret() {
+ return tokenSecret;
+ }
+
+ public void setTokenSecret(String tokenSecret) {
+ this.tokenSecret = tokenSecret;
+ }
+
+ public static String getBaseString(OAuthMessage message)
+ throws IOException, URISyntaxException {
+ ListdecodeSize = 3 + lineSeparator.length;
+ */
+ private final int decodeSize;
+
+ /**
+ * Convenience variable to help us determine when our buffer is going to run out of
+ * room and needs resizing. encodeSize = 4 + lineSeparator.length;
+ */
+ private final int encodeSize;
+
+ /**
+ * Buffer for streaming.
+ */
+ private byte[] buf;
+
+ /**
+ * Position where next character should be written in the buffer.
+ */
+ private int pos;
+
+ /**
+ * Position where next character should be read from the buffer.
+ */
+ private int readPos;
+
+ /**
+ * Variable tracks how many characters have been written to the current line.
+ * Only used when encoding. We use it to make sure each encoded line never
+ * goes beyond lineLength (if lineLength > 0).
+ */
+ private int currentLinePos;
+
+ /**
+ * Writes to the buffer only occur after every 3 reads when encoding, an
+ * every 4 reads when decoding. This variable helps track that.
+ */
+ private int modulus;
+
+ /**
+ * Boolean flag to indicate the EOF has been reached. Once EOF has been
+ * reached, this Base64 object becomes useless, and must be thrown away.
+ */
+ private boolean eof;
+
+ /**
+ * Place holder for the 3 bytes we're dealing with for our base64 logic.
+ * Bitwise operations store and extract the base64 encoding or decoding from
+ * this variable.
+ */
+ private int x;
+
+ /**
+ * Default constructor: lineLength is 76, and the lineSeparator is CRLF
+ * when encoding, and all forms can be decoded.
+ */
+ public Base64() {
+ this(CHUNK_SIZE, CHUNK_SEPARATOR);
+ }
+
+ /**
+ * octet is in the base 64 alphabet.
+ *
+ * @param octet
+ * The value to test
+ * @return true if the value is defined in the the base 64 alphabet, false otherwise.
+ */
+ public static boolean isBase64(byte octet) {
+ return octet == PAD || (octet >= 0 && octet < base64ToInt.length && base64ToInt[octet] != -1);
+ }
+
+ /**
+ * Tests a given byte array to see if it contains only valid characters within the Base64 alphabet.
+ * Currently the method treats whitespace as valid.
+ *
+ * @param arrayOctet
+ * byte array to test
+ * @return true if all bytes are valid characters in the Base64 alphabet or if the byte array is
+ * empty; false, otherwise
+ */
+ public static boolean isArrayByteBase64(byte[] arrayOctet) {
+ for (int i = 0; i < arrayOctet.length; i++) {
+ if (!isBase64(arrayOctet[i]) && !isWhiteSpace(arrayOctet[i])) {
+ return false;
+ }
+ }
+ return true;
+ }
+
+ /*
+ * Tests a given byte array to see if it contains only valid characters within the Base64 alphabet.
+ *
+ * @param arrayOctet
+ * byte array to test
+ * @return true if any byte is a valid character in the Base64 alphabet; false herwise
+ */
+ private static boolean containsBase64Byte(byte[] arrayOctet) {
+ for (int i = 0; i < arrayOctet.length; i++) {
+ if (isBase64(arrayOctet[i])) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Encodes binary data using the base64 algorithm but does not chunk the output.
+ *
+ * @param binaryData
+ * binary data to encode
+ * @return Base64 characters
+ */
+ public static byte[] encodeBase64(byte[] binaryData) {
+ return encodeBase64(binaryData, false);
+ }
+
+ /**
+ * Encodes binary data using the base64 algorithm and chunks the encoded output into 76 character blocks
+ *
+ * @param binaryData
+ * binary data to encode
+ * @return Base64 characters chunked in 76 character blocks
+ */
+ public static byte[] encodeBase64Chunked(byte[] binaryData) {
+ return encodeBase64(binaryData, true);
+ }
+
+ /**
+ * Decodes a byte[] containing containing characters in the Base64 alphabet.
+ *
+ * @param pArray
+ * A byte array containing Base64 character data
+ * @return a byte array containing binary data
+ */
+ public byte[] decode(byte[] pArray) {
+ return decodeBase64(pArray);
+ }
+
+ /**
+ * Encodes binary data using the base64 algorithm, optionally chunking the output into 76 character blocks.
+ *
+ * @param binaryData
+ * Array containing binary data to encode.
+ * @param isChunked
+ * if true this encoder will chunk the base64 output into 76 character blocks
+ * @return Base64-encoded data.
+ * @throws IllegalArgumentException
+ * Thrown when the input array needs an output array bigger than {@link Integer#MAX_VALUE}
+ */
+ public static byte[] encodeBase64(byte[] binaryData, boolean isChunked) {
+ if (binaryData == null || binaryData.length == 0) {
+ return binaryData;
+ }
+ Base64 b64 = isChunked ? new Base64() : new Base64(0);
+
+ long len = (binaryData.length * 4) / 3;
+ long mod = len % 4;
+ if (mod != 0) {
+ len += 4 - mod;
+ }
+ if (isChunked) {
+ len += (1 + (len / CHUNK_SIZE)) * CHUNK_SEPARATOR.length;
+ }
+
+ if (len > Integer.MAX_VALUE) {
+ throw new IllegalArgumentException(
+ "Input array too big, output array would be bigger than Integer.MAX_VALUE=" + Integer.MAX_VALUE);
+ }
+ byte[] buf = new byte[(int) len];
+ b64.setInitialBuffer(buf, 0, buf.length);
+ b64.encode(binaryData, 0, binaryData.length);
+ b64.encode(binaryData, 0, -1); // Notify encoder of EOF.
+
+ // Encoder might have resized, even though it was unnecessary.
+ if (b64.buf != buf) {
+ b64.readResults(buf, 0, buf.length);
+ }
+ return buf;
+ }
+
+ /**
+ * Decodes Base64 data into octets
+ *
+ * @param base64Data Byte array containing Base64 data
+ * @return Array containing decoded data.
+ */
+ public static byte[] decodeBase64(byte[] base64Data) {
+ if (base64Data == null || base64Data.length == 0) {
+ return base64Data;
+ }
+ Base64 b64 = new Base64();
+
+ long len = (base64Data.length * 3) / 4;
+ byte[] buf = new byte[(int) len];
+ b64.setInitialBuffer(buf, 0, buf.length);
+ b64.decode(base64Data, 0, base64Data.length);
+ b64.decode(base64Data, 0, -1); // Notify decoder of EOF.
+
+ // We have no idea what the line-length was, so we
+ // cannot know how much of our array wasn't used.
+ byte[] result = new byte[b64.pos];
+ b64.readResults(result, 0, result.length);
+ return result;
+ }
+
+ /**
+ * Check if a byte value is whitespace or not.
+ *
+ * @param byteToCheck the byte to check
+ * @return true if byte is whitespace, false otherwise
+ */
+ private static boolean isWhiteSpace(byte byteToCheck){
+ switch (byteToCheck) {
+ case ' ' :
+ case '\n' :
+ case '\r' :
+ case '\t' :
+ return true;
+ default :
+ return false;
+ }
+ }
+
+ /**
+ * Discards any characters outside of the base64 alphabet, per the requirements on page 25 of RFC 2045 - "Any
+ * characters outside of the base64 alphabet are to be ignored in base64 encoded data."
+ *
+ * @param data
+ * The base-64 encoded data to groom
+ * @return The data, less non-base64 characters (see RFC 2045).
+ */
+ static byte[] discardNonBase64(byte[] data) {
+ byte groomedData[] = new byte[data.length];
+ int bytesCopied = 0;
+
+ for (int i = 0; i < data.length; i++) {
+ if (isBase64(data[i])) {
+ groomedData[bytesCopied++] = data[i];
+ }
+ }
+
+ byte packedData[] = new byte[bytesCopied];
+
+ System.arraycopy(groomedData, 0, packedData, 0, bytesCopied);
+
+ return packedData;
+ }
+
+ // Implementation of the Encoder Interface
+
+ /**
+ * Encodes a byte[] containing binary data, into a byte[] containing characters in the Base64 alphabet.
+ *
+ * @param pArray
+ * a byte array containing binary data
+ * @return A byte array containing only Base64 character data
+ */
+ public byte[] encode(byte[] pArray) {
+ return encodeBase64(pArray, false);
+ }
+
+ // Implementation of integer encoding used for crypto
+ /**
+ * Decode a byte64-encoded integer according to crypto
+ * standards such as W3C's XML-Signature
+ *
+ * @param pArray a byte array containing base64 character data
+ * @return A BigInteger
+ */
+ public static BigInteger decodeInteger(byte[] pArray) {
+ return new BigInteger(1, decodeBase64(pArray));
+ }
+
+ /**
+ * Encode to a byte64-encoded integer according to crypto
+ * standards such as W3C's XML-Signature
+ *
+ * @param bigInt a BigInteger
+ * @return A byte array containing base64 character data
+ * @throws NullPointerException if null is passed in
+ */
+ public static byte[] encodeInteger(BigInteger bigInt) {
+ if(bigInt == null) {
+ throw new NullPointerException("encodeInteger called with null parameter");
+ }
+
+ return encodeBase64(toIntegerBytes(bigInt), false);
+ }
+
+ /**
+ * Returns a byte-array representation of a BigInteger
+ * without sign bit.
+ *
+ * @param bigInt BigInteger to be converted
+ * @return a byte array representation of the BigInteger parameter
+ */
+ static byte[] toIntegerBytes(BigInteger bigInt) {
+ int bitlen = bigInt.bitLength();
+ // round bitlen
+ bitlen = ((bitlen + 7) >> 3) << 3;
+ byte[] bigBytes = bigInt.toByteArray();
+
+ if(((bigInt.bitLength() % 8) != 0) &&
+ (((bigInt.bitLength() / 8) + 1) == (bitlen / 8))) {
+ return bigBytes;
+ }
+
+ // set up params for copying everything but sign bit
+ int startSrc = 0;
+ int len = bigBytes.length;
+
+ // if bigInt is exactly byte-aligned, just skip signbit in copy
+ if((bigInt.bitLength() % 8) == 0) {
+ startSrc = 1;
+ len--;
+ }
+
+ int startDst = bitlen / 8 - len; // to pad w/ nulls as per spec
+ byte[] resizedBytes = new byte[bitlen / 8];
+
+ System.arraycopy(bigBytes, startSrc, resizedBytes, startDst, len);
+
+ return resizedBytes;
+ }
+}
Index: 3rdParty_sources/oauth/net/oauth/signature/HMAC_SHA1.java
===================================================================
diff -u
--- 3rdParty_sources/oauth/net/oauth/signature/HMAC_SHA1.java (revision 0)
+++ 3rdParty_sources/oauth/net/oauth/signature/HMAC_SHA1.java (revision 92d4f7d34c60b79bfec1ca66a0fa5239fedd082c)
@@ -0,0 +1,104 @@
+/*
+ * Copyright 2007 Netflix, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.oauth.signature;
+
+import java.io.UnsupportedEncodingException;
+import java.security.GeneralSecurityException;
+import java.util.Arrays;
+
+import javax.crypto.Mac;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthException;
+
+/**
+ * The HMAC-SHA1 signature method.
+ *
+ * @author John Kristian
+ */
+class HMAC_SHA1 extends OAuthSignatureMethod {
+
+ @Override
+ protected String getSignature(String baseString) throws OAuthException {
+ try {
+ String signature = base64Encode(computeSignature(baseString));
+ return signature;
+ } catch (GeneralSecurityException e) {
+ throw new OAuthException(e);
+ } catch (UnsupportedEncodingException e) {
+ throw new OAuthException(e);
+ }
+ }
+
+ @Override
+ protected boolean isValid(String signature, String baseString)
+ throws OAuthException {
+ try {
+ byte[] expected = computeSignature(baseString);
+ byte[] actual = decodeBase64(signature);
+ return equals(expected, actual);
+ } catch (GeneralSecurityException e) {
+ throw new OAuthException(e);
+ } catch (UnsupportedEncodingException e) {
+ throw new OAuthException(e);
+ }
+ }
+
+ private byte[] computeSignature(String baseString)
+ throws GeneralSecurityException, UnsupportedEncodingException {
+ SecretKey key = null;
+ synchronized (this) {
+ if (this.key == null) {
+ String keyString = OAuth.percentEncode(getConsumerSecret())
+ + '&' + OAuth.percentEncode(getTokenSecret());
+ byte[] keyBytes = keyString.getBytes(ENCODING);
+ this.key = new SecretKeySpec(keyBytes, MAC_NAME);
+ }
+ key = this.key;
+ }
+ Mac mac = Mac.getInstance(MAC_NAME);
+ mac.init(key);
+ byte[] text = baseString.getBytes(ENCODING);
+ return mac.doFinal(text);
+ }
+
+ /** ISO-8859-1 or US-ASCII would work, too. */
+ private static final String ENCODING = OAuth.ENCODING;
+
+ private static final String MAC_NAME = "HmacSHA1";
+
+ private SecretKey key = null;
+
+ @Override
+ public void setConsumerSecret(String consumerSecret) {
+ synchronized (this) {
+ key = null;
+ }
+ super.setConsumerSecret(consumerSecret);
+ }
+
+ @Override
+ public void setTokenSecret(String tokenSecret) {
+ synchronized (this) {
+ key = null;
+ }
+ super.setTokenSecret(tokenSecret);
+ }
+
+}
Index: 3rdParty_sources/oauth/net/oauth/signature/OAuthSignatureMethod.java
===================================================================
diff -u
--- 3rdParty_sources/oauth/net/oauth/signature/OAuthSignatureMethod.java (revision 0)
+++ 3rdParty_sources/oauth/net/oauth/signature/OAuthSignatureMethod.java (revision 92d4f7d34c60b79bfec1ca66a0fa5239fedd082c)
@@ -0,0 +1,384 @@
+/*
+ * Copyright 2007 Netflix, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.oauth.signature;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.apache.log4j.Logger;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthAccessor;
+import net.oauth.OAuthConsumer;
+import net.oauth.OAuthException;
+import net.oauth.OAuthMessage;
+import net.oauth.OAuthProblemException;
+
+/**
+ * A pair of algorithms for computing and verifying an OAuth digital signature.
+ *
+ *
+ * @param privateKeyObject
+ * @return The private key
+ * @throws IOException
+ * @throws GeneralSecurityException
+ */
+ private PrivateKey loadPrivateKey(Object privateKeyObject)
+ throws IOException, GeneralSecurityException {
+
+ PrivateKey privateKey;
+
+ if (privateKeyObject instanceof PrivateKey) {
+ privateKey = (PrivateKey)privateKeyObject;
+ } else if (privateKeyObject instanceof String) {
+ try {
+ // PEM Reader's native string constructor is for filename.
+ privateKey = getPrivateKeyFromPem((String)privateKeyObject);
+ } catch (IOException e) {
+ // Check if it's PEM with markers stripped
+ privateKey = getPrivateKeyFromDer(
+ decodeBase64((String)privateKeyObject));
+ }
+ } else if (privateKeyObject instanceof byte[]) {
+ privateKey = getPrivateKeyFromDer((byte[])privateKeyObject);
+ } else {
+ throw new IllegalArgumentException(
+ "Private key set through RSA_SHA1.PRIVATE_KEY must be of " +
+ "type PrivateKey, String or byte[] and not " +
+ privateKeyObject.getClass().getName());
+ }
+
+ return privateKey;
+ }
+
+ /**
+ * Load a public key from key file or certificate. It can load from
+ * different sources depending on the type of the input,
+ *
+ *
+ *
+ * @param publicKeyObject The object for public key or certificate
+ * @param isCert True if this object is provided as Certificate
+ * @return The public key
+ * @throws IOException
+ * @throws GeneralSecurityException
+ */
+ private PublicKey loadPublicKey(Object publicKeyObject, boolean isCert)
+ throws IOException, GeneralSecurityException {
+
+ PublicKey publicKey;
+
+ if (publicKeyObject instanceof PublicKey) {
+ publicKey = (PublicKey)publicKeyObject;
+ } else if (publicKeyObject instanceof X509Certificate) {
+ publicKey = ((X509Certificate) publicKeyObject).getPublicKey();
+ } else if (publicKeyObject instanceof String) {
+ try {
+ publicKey = getPublicKeyFromPem((String)publicKeyObject);
+ } catch (IOException e) {
+ // Check if it's marker-stripped PEM for public key
+ if (isCert)
+ throw e;
+ publicKey = getPublicKeyFromDer(
+ decodeBase64((String)publicKeyObject));
+ }
+ } else if (publicKeyObject instanceof byte[]) {
+ if (isCert)
+ publicKey = getPublicKeyFromDerCert((byte[])publicKeyObject);
+ else
+ publicKey = getPublicKeyFromDer((byte[])publicKeyObject);
+ } else {
+ String source;
+ if (isCert)
+ source = "RSA_SHA1.X509_CERTIFICATE";
+ else
+ source = "RSA_SHA1.PUBLIC_KEY";
+ throw new IllegalArgumentException(
+ "Public key or certificate set through " + source + " must be of " +
+ "type PublicKey, String or byte[], and not " +
+ publicKeyObject.getClass().getName());
+ }
+
+ return publicKey;
+ }
+}
Index: 3rdParty_sources/oauth/net/oauth/signature/package-info.java
===================================================================
diff -u
--- 3rdParty_sources/oauth/net/oauth/signature/package-info.java (revision 0)
+++ 3rdParty_sources/oauth/net/oauth/signature/package-info.java (revision 92d4f7d34c60b79bfec1ca66a0fa5239fedd082c)
@@ -0,0 +1,4 @@
+/**
+ * Classes to compute and verify digital signatures.
+ */
+package net.oauth.signature;
Index: 3rdParty_sources/oauth/net/oauth/signature/pem/Asn1Object.java
===================================================================
diff -u
--- 3rdParty_sources/oauth/net/oauth/signature/pem/Asn1Object.java (revision 0)
+++ 3rdParty_sources/oauth/net/oauth/signature/pem/Asn1Object.java (revision 92d4f7d34c60b79bfec1ca66a0fa5239fedd082c)
@@ -0,0 +1,150 @@
+/****************************************************************************
+ * Copyright (c) 1998-2009 AOL LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ ****************************************************************************/
+package net.oauth.signature.pem;
+
+import java.io.IOException;
+import java.math.BigInteger;
+
+/**
+ * An ASN.1 TLV. The object is not parsed. It can
+ * only handle integers and strings.
+ *
+ * @author zhang
+ *
+ */
+class Asn1Object {
+
+ protected final int type;
+ protected final int length;
+ protected final byte[] value;
+ protected final int tag;
+
+ /**
+ * Construct a ASN.1 TLV. The TLV could be either a
+ * constructed or primitive entity.
+ *
+ * The first byte in DER encoding is made of following fields,
+ *
+ *-------------------------------------------------
+ *|Bit 8|Bit 7|Bit 6|Bit 5|Bit 4|Bit 3|Bit 2|Bit 1|
+ *-------------------------------------------------
+ *| Class | CF | + Type |
+ *-------------------------------------------------
+ *
+ *
+ *
+ *
+ * @param tag Tag or Identifier
+ * @param length Length of the field
+ * @param value Encoded octet string for the field.
+ */
+ public Asn1Object(int tag, int length, byte[] value) {
+ this.tag = tag;
+ this.type = tag & 0x1F;
+ this.length = length;
+ this.value = value;
+ }
+
+ public int getType() {
+ return type;
+ }
+
+ public int getLength() {
+ return length;
+ }
+
+ public byte[] getValue() {
+ return value;
+ }
+
+ public boolean isConstructed() {
+ return (tag & DerParser.CONSTRUCTED) == DerParser.CONSTRUCTED;
+ }
+
+ /**
+ * For constructed field, return a parser for its content.
+ *
+ * @return A parser for the construct.
+ * @throws IOException
+ */
+ public DerParser getParser() throws IOException {
+ if (!isConstructed())
+ throw new IOException("Invalid DER: can't parse primitive entity"); //$NON-NLS-1$
+
+ return new DerParser(value);
+ }
+
+ /**
+ * Get the value as integer
+ *
+ * @return BigInteger
+ * @throws IOException
+ */
+ public BigInteger getInteger() throws IOException {
+ if (type != DerParser.INTEGER)
+ throw new IOException("Invalid DER: object is not integer"); //$NON-NLS-1$
+
+ return new BigInteger(value);
+ }
+
+ /**
+ * Get value as string. Most strings are treated
+ * as Latin-1.
+ *
+ * @return Java string
+ * @throws IOException
+ */
+ public String getString() throws IOException {
+
+ String encoding;
+
+ switch (type) {
+
+ // Not all are Latin-1 but it's the closest thing
+ case DerParser.NUMERIC_STRING:
+ case DerParser.PRINTABLE_STRING:
+ case DerParser.VIDEOTEX_STRING:
+ case DerParser.IA5_STRING:
+ case DerParser.GRAPHIC_STRING:
+ case DerParser.ISO646_STRING:
+ case DerParser.GENERAL_STRING:
+ encoding = "ISO-8859-1"; //$NON-NLS-1$
+ break;
+
+ case DerParser.BMP_STRING:
+ encoding = "UTF-16BE"; //$NON-NLS-1$
+ break;
+
+ case DerParser.UTF8_STRING:
+ encoding = "UTF-8"; //$NON-NLS-1$
+ break;
+
+ case DerParser.UNIVERSAL_STRING:
+ throw new IOException("Invalid DER: can't handle UCS-4 string"); //$NON-NLS-1$
+
+ default:
+ throw new IOException("Invalid DER: object is not a string"); //$NON-NLS-1$
+ }
+
+ return new String(value, encoding);
+ }
+}
Index: 3rdParty_sources/oauth/net/oauth/signature/pem/DerParser.java
===================================================================
diff -u
--- 3rdParty_sources/oauth/net/oauth/signature/pem/DerParser.java (revision 0)
+++ 3rdParty_sources/oauth/net/oauth/signature/pem/DerParser.java (revision 92d4f7d34c60b79bfec1ca66a0fa5239fedd082c)
@@ -0,0 +1,170 @@
+/****************************************************************************
+ * Copyright (c) 1998-2009 AOL LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ ****************************************************************************/
+package net.oauth.signature.pem;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+
+/**
+ * A bare-minimum ASN.1 DER decoder, just having enough functions to
+ * decode PKCS#1 private keys. Especially, it doesn't handle explicitly
+ * tagged types with an outer tag.
+ *
+ * This parser can only handle one layer. To parse nested constructs,
+ * get a new parser for each layer using Asn1Object.getParser().
+ *
+ * There are many DER decoders in JRE but using them will tie this
+ * program to a specific JCE/JVM.
+ *
+ * @author zhang
+ *
+ */
+class DerParser {
+
+ // Classes
+ public final static int UNIVERSAL = 0x00;
+ public final static int APPLICATION = 0x40;
+ public final static int CONTEXT = 0x80;
+ public final static int PRIVATE = 0xC0;
+
+ // Constructed Flag
+ public final static int CONSTRUCTED = 0x20;
+
+ // Tag and data types
+ public final static int ANY = 0x00;
+ public final static int BOOLEAN = 0x01;
+ public final static int INTEGER = 0x02;
+ public final static int BIT_STRING = 0x03;
+ public final static int OCTET_STRING = 0x04;
+ public final static int NULL = 0x05;
+ public final static int OBJECT_IDENTIFIER = 0x06;
+ public final static int REAL = 0x09;
+ public final static int ENUMERATED = 0x0a;
+ public final static int RELATIVE_OID = 0x0d;
+
+ public final static int SEQUENCE = 0x10;
+ public final static int SET = 0x11;
+
+ public final static int NUMERIC_STRING = 0x12;
+ public final static int PRINTABLE_STRING = 0x13;
+ public final static int T61_STRING = 0x14;
+ public final static int VIDEOTEX_STRING = 0x15;
+ public final static int IA5_STRING = 0x16;
+ public final static int GRAPHIC_STRING = 0x19;
+ public final static int ISO646_STRING = 0x1A;
+ public final static int GENERAL_STRING = 0x1B;
+
+ public final static int UTF8_STRING = 0x0C;
+ public final static int UNIVERSAL_STRING = 0x1C;
+ public final static int BMP_STRING = 0x1E;
+
+ public final static int UTC_TIME = 0x17;
+ public final static int GENERALIZED_TIME = 0x18;
+
+ protected InputStream in;
+
+ /**
+ * Create a new DER decoder from an input stream.
+ *
+ * @param in
+ * The DER encoded stream
+ */
+ public DerParser(InputStream in) throws IOException {
+ this.in = in;
+ }
+
+ /**
+ * Create a new DER decoder from a byte array.
+ *
+ * @param The
+ * encoded bytes
+ * @throws IOException
+ */
+ public DerParser(byte[] bytes) throws IOException {
+ this(new ByteArrayInputStream(bytes));
+ }
+
+ /**
+ * Read next object. If it's constructed, the value holds
+ * encoded content and it should be parsed by a new
+ * parser from Asn1Object.getParser.
+ *
+ * @return A object
+ * @throws IOException
+ */
+ public Asn1Object read() throws IOException {
+ int tag = in.read();
+
+ if (tag == -1)
+ throw new IOException("Invalid DER: stream too short, missing tag"); //$NON-NLS-1$
+
+ int length = getLength();
+
+ byte[] value = new byte[length];
+ int n = in.read(value);
+ if (n < length)
+ throw new IOException("Invalid DER: stream too short, missing value"); //$NON-NLS-1$
+
+ Asn1Object o = new Asn1Object(tag, length, value);
+
+ return o;
+ }
+
+ /**
+ * Decode the length of the field. Can only support length
+ * encoding up to 4 octets.
+ *
+ * In BER/DER encoding, length can be encoded in 2 forms,
+ *
+ *
+ * @return The length as integer
+ * @throws IOException
+ */
+ private int getLength() throws IOException {
+
+ int i = in.read();
+ if (i == -1)
+ throw new IOException("Invalid DER: length missing"); //$NON-NLS-1$
+
+ // A single byte short length
+ if ((i & ~0x7F) == 0)
+ return i;
+
+ int num = i & 0x7F;
+
+ // We can't handle length longer than 4 bytes
+ if ( i >= 0xFF || num > 4)
+ throw new IOException("Invalid DER: length field too big (" //$NON-NLS-1$
+ + i + ")"); //$NON-NLS-1$
+
+ byte[] bytes = new byte[num];
+ int n = in.read(bytes);
+ if (n < num)
+ throw new IOException("Invalid DER: length too short"); //$NON-NLS-1$
+
+ return new BigInteger(1, bytes).intValue();
+ }
+
+}
Index: 3rdParty_sources/oauth/net/oauth/signature/pem/PEMReader.java
===================================================================
diff -u
--- 3rdParty_sources/oauth/net/oauth/signature/pem/PEMReader.java (revision 0)
+++ 3rdParty_sources/oauth/net/oauth/signature/pem/PEMReader.java (revision 92d4f7d34c60b79bfec1ca66a0fa5239fedd082c)
@@ -0,0 +1,134 @@
+/****************************************************************************
+ * Copyright (c) 1998-2009 AOL LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ ****************************************************************************
+ *
+ * @author: zhang
+ * @version: $Revision$
+ * @created: Apr 24, 2009
+ *
+ * Description: A class to decode PEM files
+ *
+ ****************************************************************************/
+package net.oauth.signature.pem;
+
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import net.oauth.signature.OAuthSignatureMethod;
+
+/**
+ * This class convert PEM into byte array. The begin marker
+ * is saved and it can be used to determine the type of the
+ * PEM file.
+ *
+ * @author zhang
+ */
+public class PEMReader {
+
+ // Begin markers for all supported PEM files
+ public static final String PRIVATE_PKCS1_MARKER =
+ "-----BEGIN RSA PRIVATE KEY-----";
+ public static final String PRIVATE_PKCS8_MARKER =
+ "-----BEGIN PRIVATE KEY-----";
+ public static final String CERTIFICATE_X509_MARKER =
+ "-----BEGIN CERTIFICATE-----";
+ public static final String PUBLIC_X509_MARKER =
+ "-----BEGIN PUBLIC KEY-----";
+
+ private static final String BEGIN_MARKER = "-----BEGIN ";
+
+ private InputStream stream;
+ private byte[] derBytes;
+ private String beginMarker;
+
+ public PEMReader(InputStream inStream) throws IOException {
+ stream = inStream;
+ readFile();
+ }
+
+ public PEMReader(byte[] buffer) throws IOException {
+ this(new ByteArrayInputStream(buffer));
+ }
+
+ public PEMReader(String fileName) throws IOException {
+ this(new FileInputStream(fileName));
+ }
+
+ public byte[] getDerBytes() {
+ return derBytes;
+ }
+
+ public String getBeginMarker() {
+ return beginMarker;
+ }
+
+ /**
+ * Read the PEM file and save the DER encoded octet
+ * stream and begin marker.
+ *
+ * @throws IOException
+ */
+ protected void readFile() throws IOException {
+
+ String line;
+ BufferedReader reader = new BufferedReader(
+ new InputStreamReader(stream));
+ try {
+ while ((line = reader.readLine()) != null)
+ {
+ if (line.indexOf(BEGIN_MARKER) != -1)
+ {
+ beginMarker = line.trim();
+ String endMarker = beginMarker.replace("BEGIN", "END");
+ derBytes = readBytes(reader, endMarker);
+ return;
+ }
+ }
+ throw new IOException("Invalid PEM file: no begin marker");
+ } finally {
+ reader.close();
+ }
+ }
+
+
+ /**
+ * Read the lines between BEGIN and END marker and convert
+ * the Base64 encoded content into binary byte array.
+ *
+ * @return DER encoded octet stream
+ * @throws IOException
+ */
+ private byte[] readBytes(BufferedReader reader, String endMarker) throws IOException
+ {
+ String line = null;
+ StringBuffer buf = new StringBuffer();
+
+ while ((line = reader.readLine()) != null)
+ {
+ if (line.indexOf(endMarker) != -1) {
+
+ return OAuthSignatureMethod.decodeBase64(buf.toString());
+ }
+
+ buf.append(line.trim());
+ }
+
+ throw new IOException("Invalid PEM file: No end marker");
+ }
+}
Index: 3rdParty_sources/oauth/net/oauth/signature/pem/PKCS1EncodedKeySpec.java
===================================================================
diff -u
--- 3rdParty_sources/oauth/net/oauth/signature/pem/PKCS1EncodedKeySpec.java (revision 0)
+++ 3rdParty_sources/oauth/net/oauth/signature/pem/PKCS1EncodedKeySpec.java (revision 92d4f7d34c60b79bfec1ca66a0fa5239fedd082c)
@@ -0,0 +1,116 @@
+/****************************************************************************
+ * Copyright (c) 1998-2009 AOL LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ ****************************************************************************
+ *
+ * @author: zhang
+ * @version: $Revision$
+ * @created: Apr 24, 2009
+ *
+ * Description: A KeySpec for PKCS#1 encoded RSA private key
+ *
+ ****************************************************************************/
+package net.oauth.signature.pem;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.spec.RSAPrivateCrtKeySpec;
+
+/**
+ * PKCS#1 encoded private key is commonly used with OpenSSL. It provides CRT parameters
+ * so the private key operation can be much faster than using exponent/modulus alone,
+ * which is the case for PKCS#8 encoded key.
+ *
+ * Unfortunately, JCE doesn't have an API to decode the DER. This class takes DER
+ * buffer and decoded into CRT key.
+ *
+ * @author zhang
+ */
+public class PKCS1EncodedKeySpec {
+
+ private RSAPrivateCrtKeySpec keySpec;
+
+ /**
+ * Create a PKCS#1 keyspec from DER encoded buffer
+ *
+ * @param keyBytes DER encoded octet stream
+ * @throws IOException
+ */
+ public PKCS1EncodedKeySpec(byte[] keyBytes) throws IOException {
+ decode(keyBytes);
+ }
+
+ /**
+ * Get the key spec that JCE understands.
+ *
+ * @return CRT keyspec defined by JCE
+ */
+ public RSAPrivateCrtKeySpec getKeySpec() {
+ return keySpec;
+ }
+
+ /**
+ * Decode PKCS#1 encoded private key into RSAPrivateCrtKeySpec.
+ *
+ * The ASN.1 syntax for the private key with CRT is
+ *
+ *
+ * --
+ * -- Representation of RSA private key with information for the CRT algorithm.
+ * --
+ * RSAPrivateKey ::= SEQUENCE {
+ * version Version,
+ * modulus INTEGER, -- n
+ * publicExponent INTEGER, -- e
+ * privateExponent INTEGER, -- d
+ * prime1 INTEGER, -- p
+ * prime2 INTEGER, -- q
+ * exponent1 INTEGER, -- d mod (p-1)
+ * exponent2 INTEGER, -- d mod (q-1)
+ * coefficient INTEGER, -- (inverse of q) mod p
+ * otherPrimeInfos OtherPrimeInfos OPTIONAL
+ * }
+ *
+ *
+ * @param keyBytes PKCS#1 encoded key
+ * @throws IOException
+ */
+
+ private void decode(byte[] keyBytes) throws IOException {
+
+ DerParser parser = new DerParser(keyBytes);
+
+ Asn1Object sequence = parser.read();
+ if (sequence.getType() != DerParser.SEQUENCE)
+ throw new IOException("Invalid DER: not a sequence"); //$NON-NLS-1$
+
+ // Parse inside the sequence
+ parser = sequence.getParser();
+
+ parser.read(); // Skip version
+ BigInteger modulus = parser.read().getInteger();
+ BigInteger publicExp = parser.read().getInteger();
+ BigInteger privateExp = parser.read().getInteger();
+ BigInteger prime1 = parser.read().getInteger();
+ BigInteger prime2 = parser.read().getInteger();
+ BigInteger exp1 = parser.read().getInteger();
+ BigInteger exp2 = parser.read().getInteger();
+ BigInteger crtCoef = parser.read().getInteger();
+
+ keySpec = new RSAPrivateCrtKeySpec(
+ modulus, publicExp, privateExp, prime1, prime2,
+ exp1, exp2, crtCoef);
+ }
+}
Index: 3rdParty_sources/oauth/net/oauth/signature/pem/package-info.java
===================================================================
diff -u
--- 3rdParty_sources/oauth/net/oauth/signature/pem/package-info.java (revision 0)
+++ 3rdParty_sources/oauth/net/oauth/signature/pem/package-info.java (revision 92d4f7d34c60b79bfec1ca66a0fa5239fedd082c)
@@ -0,0 +1,4 @@
+/**
+ * Classes to handle cryptographic data in PEM formats.
+ */
+package net.oauth.signature.pem;
Index: 3rdParty_sources/versions.txt
===================================================================
diff -u -r61e489a64fd46325ed8b232df23b9ee923ca9217 -r92d4f7d34c60b79bfec1ca66a0fa5239fedd082c
--- 3rdParty_sources/versions.txt (.../versions.txt) (revision 61e489a64fd46325ed8b232df23b9ee923ca9217)
+++ 3rdParty_sources/versions.txt (.../versions.txt) (revision 92d4f7d34c60b79bfec1ca66a0fa5239fedd082c)
@@ -32,6 +32,10 @@
MySQL Connector/J 5.1.38
+oauth 20100527
+
+oauth-provider 20100527
+
opensaml 2.6.0
openws 1.5.0
Index: lams_build/lib/basiclti-util/oauth-20100527.jar
===================================================================
diff -u -r37286da230b2bacd7f7764d630c639c6b51dcf24 -r92d4f7d34c60b79bfec1ca66a0fa5239fedd082c
Binary files differ
Index: lams_build/lib/basiclti-util/oauth-provider-20100527.jar
===================================================================
diff -u -r37286da230b2bacd7f7764d630c639c6b51dcf24 -r92d4f7d34c60b79bfec1ca66a0fa5239fedd082c
Binary files differ