From 3709489b3a2bc22173a000500c874390aae644e0 Mon Sep 17 00:00:00 2001 From: topjohnwu Date: Mon, 4 Dec 2017 15:16:41 +0800 Subject: [PATCH] Massive project restructure --- .gitignore | 15 +- .gitmodules | 18 +- app | 1 + build.gradle | 27 + build.py | 59 +- core/.gitignore | 1 + core/build.gradle | 20 + {jni => core/jni}/Android.mk | 9 +- {jni => core/jni}/Application.mk | 0 {jni => core/jni}/b64xz.c | 0 {jni => core/jni}/core/bootstages.c | 0 {jni => core/jni}/core/daemon.c | 0 {jni => core/jni}/core/log_monitor.c | 0 {jni => core/jni}/core/magisk.c | 0 {jni => core/jni}/core/magiskinit.c | 0 {jni => core/jni}/core/socket.c | 0 {jni => core/jni}/external/Android.mk | 0 {jni => core/jni}/external/busybox | 0 {jni => core/jni}/external/bzip2 | 0 {jni => core/jni}/external/dtc | 0 {jni => core/jni}/external/include/sha1.h | 0 {jni => core/jni}/external/include/sqlite3.h | 0 .../jni}/external/include/xz_config/config.h | 0 {jni => core/jni}/external/lz4 | 0 {jni => core/jni}/external/selinux | 0 {jni => core/jni}/external/sha1/sha1.c | 0 .../jni}/external/stubs/selinux_stub.c | 0 .../jni}/external/stubs/sqlite3_stub.c | 0 {jni => core/jni}/external/xz | 0 {jni => core/jni}/include/cpio.h | 0 {jni => core/jni}/include/daemon.h | 0 {jni => core/jni}/include/list.h | 0 {jni => core/jni}/include/logging.h | 0 {jni => core/jni}/include/magisk.h | 0 {jni => core/jni}/include/magiskrc.h | 0 {jni => core/jni}/include/resetprop.h | 0 {jni => core/jni}/include/utils.h | 0 {jni => core/jni}/include/vector.h | 0 {jni => core/jni}/magiskboot/bootimg.c | 0 {jni => core/jni}/magiskboot/bootimg.h | 0 {jni => core/jni}/magiskboot/compress.c | 0 {jni => core/jni}/magiskboot/dtb.c | 0 {jni => core/jni}/magiskboot/hexpatch.c | 0 {jni => core/jni}/magiskboot/magiskboot.h | 0 {jni => core/jni}/magiskboot/main.c | 0 {jni => core/jni}/magiskboot/ramdisk.c | 0 {jni => core/jni}/magiskboot/types.c | 0 {jni => core/jni}/magiskboot/types.h | 0 {jni => core/jni}/magiskhide/hide_utils.c | 0 {jni => core/jni}/magiskhide/magiskhide.c | 0 {jni => core/jni}/magiskhide/magiskhide.h | 0 {jni => core/jni}/magiskhide/proc_monitor.c | 0 {jni => core/jni}/magiskpolicy | 0 {jni => core/jni}/resetprop/ErrnoRestorer.h | 0 .../jni}/resetprop/_system_properties.h | 0 {jni => core/jni}/resetprop/bionic_futex.h | 0 {jni => core/jni}/resetprop/bionic_lock.h | 0 {jni => core/jni}/resetprop/bionic_macros.h | 0 {jni => core/jni}/resetprop/resetprop.cpp | 0 .../jni}/resetprop/system_properties.cpp | 0 .../jni}/resetprop/system_properties.h | 0 {jni => core/jni}/su | 0 {jni => core/jni}/utils/cpio.c | 0 {jni => core/jni}/utils/file.c | 0 {jni => core/jni}/utils/img.c | 0 {jni => core/jni}/utils/list.c | 0 {jni => core/jni}/utils/misc.c | 0 {jni => core/jni}/utils/vector.c | 0 {jni => core/jni}/utils/xwrap.c | 0 core/src/main/AndroidManifest.xml | 1 + crypto/.gitignore | 1 + crypto/build.gradle | 38 ++ .../com/topjohnwu/crypto/ByteArrayStream.java | 34 ++ .../com/topjohnwu/crypto/CryptoUtils.java | 136 +++++ .../java/com/topjohnwu/crypto/JarMap.java | 122 +++++ .../java/com/topjohnwu/crypto/SignAPK.java | 502 ++++++++++++++++++ .../java/com/topjohnwu/crypto/SignBoot.java | 231 ++++++++ .../java/com/topjohnwu/crypto/ZipSigner.java | 42 ++ gradle.properties | 22 + gradle/wrapper/gradle-wrapper.jar | Bin 0 -> 53636 bytes gradle/wrapper/gradle-wrapper.properties | 6 + gradlew | 160 ++++++ gradlew.bat | 90 ++++ java | 1 - settings.gradle | 1 + snet/.gitignore | 1 + snet/build.gradle | 30 ++ snet/proguard-rules.pro | 24 + snet/src/main/AndroidManifest.xml | 7 + .../com/topjohnwu/snet/SafetyNetCallback.java | 5 + .../com/topjohnwu/snet/SafetyNetHelper.java | 124 +++++ 91 files changed, 1675 insertions(+), 53 deletions(-) create mode 160000 app create mode 100644 build.gradle create mode 100644 core/.gitignore create mode 100644 core/build.gradle rename {jni => core/jni}/Android.mk (96%) rename {jni => core/jni}/Application.mk (100%) rename {jni => core/jni}/b64xz.c (100%) rename {jni => core/jni}/core/bootstages.c (100%) rename {jni => core/jni}/core/daemon.c (100%) rename {jni => core/jni}/core/log_monitor.c (100%) rename {jni => core/jni}/core/magisk.c (100%) rename {jni => core/jni}/core/magiskinit.c (100%) rename {jni => core/jni}/core/socket.c (100%) rename {jni => core/jni}/external/Android.mk (100%) rename {jni => core/jni}/external/busybox (100%) rename {jni => core/jni}/external/bzip2 (100%) rename {jni => core/jni}/external/dtc (100%) rename {jni => core/jni}/external/include/sha1.h (100%) rename {jni => core/jni}/external/include/sqlite3.h (100%) rename {jni => core/jni}/external/include/xz_config/config.h (100%) rename {jni => core/jni}/external/lz4 (100%) rename {jni => core/jni}/external/selinux (100%) rename {jni => core/jni}/external/sha1/sha1.c (100%) rename {jni => core/jni}/external/stubs/selinux_stub.c (100%) rename {jni => core/jni}/external/stubs/sqlite3_stub.c (100%) rename {jni => core/jni}/external/xz (100%) rename {jni => core/jni}/include/cpio.h (100%) rename {jni => core/jni}/include/daemon.h (100%) rename {jni => core/jni}/include/list.h (100%) rename {jni => core/jni}/include/logging.h (100%) rename {jni => core/jni}/include/magisk.h (100%) rename {jni => core/jni}/include/magiskrc.h (100%) rename {jni => core/jni}/include/resetprop.h (100%) rename {jni => core/jni}/include/utils.h (100%) rename {jni => core/jni}/include/vector.h (100%) rename {jni => core/jni}/magiskboot/bootimg.c (100%) rename {jni => core/jni}/magiskboot/bootimg.h (100%) rename {jni => core/jni}/magiskboot/compress.c (100%) rename {jni => core/jni}/magiskboot/dtb.c (100%) rename {jni => core/jni}/magiskboot/hexpatch.c (100%) rename {jni => core/jni}/magiskboot/magiskboot.h (100%) rename {jni => core/jni}/magiskboot/main.c (100%) rename {jni => core/jni}/magiskboot/ramdisk.c (100%) rename {jni => core/jni}/magiskboot/types.c (100%) rename {jni => core/jni}/magiskboot/types.h (100%) rename {jni => core/jni}/magiskhide/hide_utils.c (100%) rename {jni => core/jni}/magiskhide/magiskhide.c (100%) rename {jni => core/jni}/magiskhide/magiskhide.h (100%) rename {jni => core/jni}/magiskhide/proc_monitor.c (100%) rename {jni => core/jni}/magiskpolicy (100%) rename {jni => core/jni}/resetprop/ErrnoRestorer.h (100%) rename {jni => core/jni}/resetprop/_system_properties.h (100%) rename {jni => core/jni}/resetprop/bionic_futex.h (100%) rename {jni => core/jni}/resetprop/bionic_lock.h (100%) rename {jni => core/jni}/resetprop/bionic_macros.h (100%) rename {jni => core/jni}/resetprop/resetprop.cpp (100%) rename {jni => core/jni}/resetprop/system_properties.cpp (100%) rename {jni => core/jni}/resetprop/system_properties.h (100%) rename {jni => core/jni}/su (100%) rename {jni => core/jni}/utils/cpio.c (100%) rename {jni => core/jni}/utils/file.c (100%) rename {jni => core/jni}/utils/img.c (100%) rename {jni => core/jni}/utils/list.c (100%) rename {jni => core/jni}/utils/misc.c (100%) rename {jni => core/jni}/utils/vector.c (100%) rename {jni => core/jni}/utils/xwrap.c (100%) create mode 100644 core/src/main/AndroidManifest.xml create mode 100644 crypto/.gitignore create mode 100644 crypto/build.gradle create mode 100644 crypto/src/main/java/com/topjohnwu/crypto/ByteArrayStream.java create mode 100644 crypto/src/main/java/com/topjohnwu/crypto/CryptoUtils.java create mode 100644 crypto/src/main/java/com/topjohnwu/crypto/JarMap.java create mode 100644 crypto/src/main/java/com/topjohnwu/crypto/SignAPK.java create mode 100644 crypto/src/main/java/com/topjohnwu/crypto/SignBoot.java create mode 100644 crypto/src/main/java/com/topjohnwu/crypto/ZipSigner.java create mode 100644 gradle.properties create mode 100644 gradle/wrapper/gradle-wrapper.jar create mode 100644 gradle/wrapper/gradle-wrapper.properties create mode 100755 gradlew create mode 100644 gradlew.bat delete mode 160000 java create mode 100644 settings.gradle create mode 100644 snet/.gitignore create mode 100644 snet/build.gradle create mode 100644 snet/proguard-rules.pro create mode 100644 snet/src/main/AndroidManifest.xml create mode 100644 snet/src/main/java/com/topjohnwu/snet/SafetyNetCallback.java create mode 100644 snet/src/main/java/com/topjohnwu/snet/SafetyNetHelper.java diff --git a/.gitignore b/.gitignore index 7b7d0aa31..2865ee369 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,18 @@ -out/ -obj/ -libs/ +/out +/obj +/libs *.zip *.jks *.apk # Built binaries ziptools/zipadjust + +# Android Studio / Gradle +*.iml +.gradle +/local.properties +/.idea +/build +/captures +.externalNativeBuild diff --git a/.gitmodules b/.gitmodules index 1c63eaa4c..cdc9d7a6e 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,27 +1,27 @@ [submodule "jni/selinux"] - path = jni/external/selinux + path = core/jni/external/selinux url = https://github.com/topjohnwu/selinux.git [submodule "jni/su"] - path = jni/su + path = core/jni/su url = https://github.com/topjohnwu/MagiskSU.git [submodule "jni/magiskpolicy"] - path = jni/magiskpolicy + path = core/jni/magiskpolicy url = https://github.com/topjohnwu/magiskpolicy.git [submodule "MagiskManager"] - path = java + path = app url = https://github.com/topjohnwu/MagiskManager.git [submodule "jni/busybox"] - path = jni/external/busybox + path = core/jni/external/busybox url = https://github.com/topjohnwu/ndk-busybox.git [submodule "jni/external/dtc"] - path = jni/external/dtc + path = core/jni/external/dtc url = https://github.com/dgibson/dtc [submodule "jni/external/lz4"] - path = jni/external/lz4 + path = core/jni/external/lz4 url = https://github.com/lz4/lz4.git [submodule "jni/external/bzip2"] - path = jni/external/bzip2 + path = core/jni/external/bzip2 url = https://github.com/nemequ/bzip2.git [submodule "jni/external/xz"] - path = jni/external/xz + path = core/jni/external/xz url = https://github.com/xz-mirror/xz.git diff --git a/app b/app new file mode 160000 index 000000000..863b13a69 --- /dev/null +++ b/app @@ -0,0 +1 @@ +Subproject commit 863b13a6946c851a4df1043acb8c5003a1b0f3c0 diff --git a/build.gradle b/build.gradle new file mode 100644 index 000000000..e6b32bc78 --- /dev/null +++ b/build.gradle @@ -0,0 +1,27 @@ +// Top-level build file where you can add configuration options common to all sub-projects/modules. + +buildscript { + + repositories { + google() + jcenter() + } + dependencies { + classpath 'com.android.tools.build:gradle:3.0.1' + + + // NOTE: Do not place your application dependencies here; they belong + // in the individual module build.gradle files + } +} + +allprojects { + repositories { + google() + jcenter() + } +} + +task clean(type: Delete) { + delete rootProject.buildDir +} diff --git a/build.py b/build.py index cc82e1bd1..b3027eecc 100755 --- a/build.py +++ b/build.py @@ -43,6 +43,11 @@ import lzma import base64 import tempfile +if 'ANDROID_NDK' in os.environ: + ndk_build = os.path.join(os.environ['ANDROID_NDK'], 'ndk-build') +else: + ndk_build = os.path.join(os.environ['ANDROID_HOME'], 'ndk-bundle', 'ndk-build') + def mv(source, target): print('mv: {} -> {}'.format(source, target)) shutil.move(source, target) @@ -84,18 +89,13 @@ def build_binary(args): header('* Building Magisk binaries') # Force update Android.mk timestamp to trigger recompilation - os.utime(os.path.join('jni', 'Android.mk')) + os.utime(os.path.join('core', 'jni', 'Android.mk')) debug_flag = '' if args.release else '-DMAGISK_DEBUG' cflag = 'MAGISK_FLAGS=\"-DMAGISK_VERSION=\\\"{}\\\" -DMAGISK_VER_CODE={} {}\"'.format(args.versionString, args.versionCode, debug_flag) - if 'ANDROID_NDK' in os.environ: - ndk_build = os.path.join(os.environ['ANDROID_NDK'], 'ndk-build') - else: - ndk_build = os.path.join(os.environ['ANDROID_HOME'], 'ndk-bundle', 'ndk-build') - # Prebuild - proc = subprocess.run('{} PRECOMPILE=true {} -j{}'.format(ndk_build, cflag, multiprocessing.cpu_count()), shell=True) + proc = subprocess.run('{} -C core PRECOMPILE=true {} -j{}'.format(ndk_build, cflag, multiprocessing.cpu_count()), shell=True) if proc.returncode != 0: error('Build Magisk binary failed!') @@ -104,7 +104,7 @@ def build_binary(args): mkdir_p(os.path.join('out', arch)) with open(os.path.join('out', arch, 'dump.h'), 'w') as dump: dump.write('#include "stdlib.h"\n') - mv(os.path.join('libs', arch, 'magisk'), os.path.join('out', arch, 'magisk')) + mv(os.path.join('core', 'libs', arch, 'magisk'), os.path.join('out', arch, 'magisk')) with open(os.path.join('out', arch, 'magisk'), 'rb') as bin: dump.write('const uint8_t magisk_dump[] = "') dump.write(''.join("\\x{:02X}".format(c) for c in lzma.compress(bin.read(), preset=9))) @@ -112,7 +112,7 @@ def build_binary(args): print('') - proc = subprocess.run('{} {} -j{}'.format(ndk_build, cflag, multiprocessing.cpu_count()), shell=True) + proc = subprocess.run('{} -C core {} -j{}'.format(ndk_build, cflag, multiprocessing.cpu_count()), shell=True) if proc.returncode != 0: error('Build Magisk binary failed!') @@ -120,7 +120,7 @@ def build_binary(args): for arch in ['arm64-v8a', 'armeabi-v7a', 'x86', 'x86_64']: for binary in ['magiskinit', 'magiskboot', 'b64xz', 'busybox']: try: - mv(os.path.join('libs', arch, binary), os.path.join('out', arch, binary)) + mv(os.path.join('core', 'libs', arch, binary), os.path.join('out', arch, binary)) except: pass @@ -129,18 +129,16 @@ def build_apk(args): for key in ['public.certificate.x509.pem', 'private.key.pk8']: source = os.path.join('ziptools', key) - target = os.path.join('java', 'app', 'src', 'main', 'assets', key) + target = os.path.join('app', 'src', 'main', 'assets', key) cp(source, target) for script in ['magisk_uninstaller.sh', 'util_functions.sh']: source = os.path.join('scripts', script) - target = os.path.join('java', 'app', 'src', 'main', 'assets', script) + target = os.path.join('app', 'src', 'main', 'assets', script) cp(source, target) - os.chdir('java') - if args.release: - if not os.path.exists(os.path.join('..', 'release_signature.jks')): + if not os.path.exists('release_signature.jks'): error('Please generate a java keystore and place it in \'release_signature.jks\'') proc = subprocess.run('{} app:assembleRelease'.format(os.path.join('.', 'gradlew')), shell=True) @@ -173,17 +171,15 @@ def build_apk(args): error('Cannot find apksigner.jar in Android SDK build tools') proc = subprocess.run('java -jar {} sign --ks {} --out {} {}'.format( - apksigner, - os.path.join('..', 'release_signature.jks'), - release, aligned), shell=True) + apksigner, 'release_signature.jks', release, aligned), shell=True) if proc.returncode != 0: error('Release sign Magisk Manager failed!') rm(unsigned) rm(aligned) - mkdir(os.path.join('..', 'out')) - target = os.path.join('..', 'out', 'app-release.apk') + mkdir('out') + target = os.path.join('out', 'app-release.apk') print('') mv(release, target) else: @@ -192,25 +188,20 @@ def build_apk(args): error('Build Magisk Manager failed!') source = os.path.join('app', 'build', 'outputs', 'apk', 'debug', 'app-debug.apk') - mkdir(os.path.join('..', 'out')) - target = os.path.join('..', 'out', 'app-debug.apk') + mkdir('out') + target = os.path.join('out', 'app-debug.apk') print('') mv(source, target) - # Return to upper directory - os.chdir('..') - def build_snet(args): - os.chdir('java') proc = subprocess.run('{} snet:assembleRelease'.format(os.path.join('.', 'gradlew')), shell=True) if proc.returncode != 0: error('Build snet extention failed!') source = os.path.join('snet', 'build', 'outputs', 'apk', 'release', 'snet-release-unsigned.apk') - mkdir(os.path.join('..', 'out')) - target = os.path.join('..', 'out', 'snet.apk') + mkdir('out') + target = os.path.join('out', 'snet.apk') print('') mv(source, target) - os.chdir('..') def gen_update_binary(): update_bin = [] @@ -342,8 +333,8 @@ def zip_uninstaller(args): sign_adjust_zip(unsigned, output) def sign_adjust_zip(unsigned, output): - signer_name = 'zipsigner-1.0.jar' - jarsigner = os.path.join('java', 'crypto', 'build', 'libs', signer_name) + signer_name = 'zipsigner-1.1.jar' + jarsigner = os.path.join('crypto', 'build', 'libs', signer_name) if os.name != 'nt' and not os.path.exists(os.path.join('ziptools', 'zipadjust')): header('* Building zipadjust') @@ -353,11 +344,9 @@ def sign_adjust_zip(unsigned, output): error('Build zipadjust failed!') if not os.path.exists(jarsigner): header('* Building ' + signer_name) - os.chdir('java') proc = subprocess.run('{} crypto:shadowJar'.format(os.path.join('.', 'gradlew')), shell=True) if proc.returncode != 0: error('Build {} failed!'.format(signer_name)) - os.chdir('..') header('* Signing / Adjusting Zip') @@ -396,15 +385,13 @@ def cleanup(args): if 'binary' in args.target: header('* Cleaning binaries') - subprocess.run(os.path.join(os.environ['ANDROID_HOME'], 'ndk-bundle', 'ndk-build') + ' clean', shell=True) + subprocess.run(ndk_build + ' -C core COMPILEALL=true clean', shell=True) for arch in ['arm64-v8a', 'armeabi-v7a', 'x86', 'x86_64']: shutil.rmtree(os.path.join('out', arch), ignore_errors=True) if 'java' in args.target: header('* Cleaning java') - os.chdir('java') subprocess.run('{} clean'.format(os.path.join('.', 'gradlew')), shell=True) - os.chdir('..') for f in os.listdir('out'): if '.apk' in f: rm(os.path.join('out', f)) diff --git a/core/.gitignore b/core/.gitignore new file mode 100644 index 000000000..796b96d1c --- /dev/null +++ b/core/.gitignore @@ -0,0 +1 @@ +/build diff --git a/core/build.gradle b/core/build.gradle new file mode 100644 index 000000000..6fb33987b --- /dev/null +++ b/core/build.gradle @@ -0,0 +1,20 @@ +apply plugin: 'com.android.library' + +android { + compileSdkVersion 27 + + externalNativeBuild { + ndkBuild { + path 'jni/Android.mk' + } + } + + defaultConfig { + externalNativeBuild { + ndkBuild { + // Passes an optional argument to ndk-build. + arguments "COMPILEALL=true" + } + } + } +} diff --git a/jni/Android.mk b/core/jni/Android.mk similarity index 96% rename from jni/Android.mk rename to core/jni/Android.mk index 8263025d7..8f5d728cd 100644 --- a/jni/Android.mk +++ b/core/jni/Android.mk @@ -14,7 +14,7 @@ LIBFDT := $(EXT_PATH)/dtc/libfdt # Binaries ######################## -ifdef PRECOMPILE +ifneq "$(or $(PRECOMPILE), $(COMPILEALL))" "" # magisk main binary include $(CLEAR_VARS) @@ -54,8 +54,9 @@ LOCAL_CFLAGS := -DIS_DAEMON -DSELINUX LOCAL_LDLIBS := -llog include $(BUILD_EXECUTABLE) -# precompile -else +endif + +ifndef PRECOMPILE # magiskinit include $(CLEAR_VARS) @@ -64,7 +65,7 @@ LOCAL_STATIC_LIBRARIES := libsepol liblzma LOCAL_C_INCLUDES := \ jni/include \ jni/magiskpolicy \ - out/$(TARGET_ARCH_ABI) \ + ../out/$(TARGET_ARCH_ABI) \ $(LIBSEPOL) \ $(LIBLZMA) diff --git a/jni/Application.mk b/core/jni/Application.mk similarity index 100% rename from jni/Application.mk rename to core/jni/Application.mk diff --git a/jni/b64xz.c b/core/jni/b64xz.c similarity index 100% rename from jni/b64xz.c rename to core/jni/b64xz.c diff --git a/jni/core/bootstages.c b/core/jni/core/bootstages.c similarity index 100% rename from jni/core/bootstages.c rename to core/jni/core/bootstages.c diff --git a/jni/core/daemon.c b/core/jni/core/daemon.c similarity index 100% rename from jni/core/daemon.c rename to core/jni/core/daemon.c diff --git a/jni/core/log_monitor.c b/core/jni/core/log_monitor.c similarity index 100% rename from jni/core/log_monitor.c rename to core/jni/core/log_monitor.c diff --git a/jni/core/magisk.c b/core/jni/core/magisk.c similarity index 100% rename from jni/core/magisk.c rename to core/jni/core/magisk.c diff --git a/jni/core/magiskinit.c b/core/jni/core/magiskinit.c similarity index 100% rename from jni/core/magiskinit.c rename to core/jni/core/magiskinit.c diff --git a/jni/core/socket.c b/core/jni/core/socket.c similarity index 100% rename from jni/core/socket.c rename to core/jni/core/socket.c diff --git a/jni/external/Android.mk b/core/jni/external/Android.mk similarity index 100% rename from jni/external/Android.mk rename to core/jni/external/Android.mk diff --git a/jni/external/busybox b/core/jni/external/busybox similarity index 100% rename from jni/external/busybox rename to core/jni/external/busybox diff --git a/jni/external/bzip2 b/core/jni/external/bzip2 similarity index 100% rename from jni/external/bzip2 rename to core/jni/external/bzip2 diff --git a/jni/external/dtc b/core/jni/external/dtc similarity index 100% rename from jni/external/dtc rename to core/jni/external/dtc diff --git a/jni/external/include/sha1.h b/core/jni/external/include/sha1.h similarity index 100% rename from jni/external/include/sha1.h rename to core/jni/external/include/sha1.h diff --git a/jni/external/include/sqlite3.h b/core/jni/external/include/sqlite3.h similarity index 100% rename from jni/external/include/sqlite3.h rename to core/jni/external/include/sqlite3.h diff --git a/jni/external/include/xz_config/config.h b/core/jni/external/include/xz_config/config.h similarity index 100% rename from jni/external/include/xz_config/config.h rename to core/jni/external/include/xz_config/config.h diff --git a/jni/external/lz4 b/core/jni/external/lz4 similarity index 100% rename from jni/external/lz4 rename to core/jni/external/lz4 diff --git a/jni/external/selinux b/core/jni/external/selinux similarity index 100% rename from jni/external/selinux rename to core/jni/external/selinux diff --git a/jni/external/sha1/sha1.c b/core/jni/external/sha1/sha1.c similarity index 100% rename from jni/external/sha1/sha1.c rename to core/jni/external/sha1/sha1.c diff --git a/jni/external/stubs/selinux_stub.c b/core/jni/external/stubs/selinux_stub.c similarity index 100% rename from jni/external/stubs/selinux_stub.c rename to core/jni/external/stubs/selinux_stub.c diff --git a/jni/external/stubs/sqlite3_stub.c b/core/jni/external/stubs/sqlite3_stub.c similarity index 100% rename from jni/external/stubs/sqlite3_stub.c rename to core/jni/external/stubs/sqlite3_stub.c diff --git a/jni/external/xz b/core/jni/external/xz similarity index 100% rename from jni/external/xz rename to core/jni/external/xz diff --git a/jni/include/cpio.h b/core/jni/include/cpio.h similarity index 100% rename from jni/include/cpio.h rename to core/jni/include/cpio.h diff --git a/jni/include/daemon.h b/core/jni/include/daemon.h similarity index 100% rename from jni/include/daemon.h rename to core/jni/include/daemon.h diff --git a/jni/include/list.h b/core/jni/include/list.h similarity index 100% rename from jni/include/list.h rename to core/jni/include/list.h diff --git a/jni/include/logging.h b/core/jni/include/logging.h similarity index 100% rename from jni/include/logging.h rename to core/jni/include/logging.h diff --git a/jni/include/magisk.h b/core/jni/include/magisk.h similarity index 100% rename from jni/include/magisk.h rename to core/jni/include/magisk.h diff --git a/jni/include/magiskrc.h b/core/jni/include/magiskrc.h similarity index 100% rename from jni/include/magiskrc.h rename to core/jni/include/magiskrc.h diff --git a/jni/include/resetprop.h b/core/jni/include/resetprop.h similarity index 100% rename from jni/include/resetprop.h rename to core/jni/include/resetprop.h diff --git a/jni/include/utils.h b/core/jni/include/utils.h similarity index 100% rename from jni/include/utils.h rename to core/jni/include/utils.h diff --git a/jni/include/vector.h b/core/jni/include/vector.h similarity index 100% rename from jni/include/vector.h rename to core/jni/include/vector.h diff --git a/jni/magiskboot/bootimg.c b/core/jni/magiskboot/bootimg.c similarity index 100% rename from jni/magiskboot/bootimg.c rename to core/jni/magiskboot/bootimg.c diff --git a/jni/magiskboot/bootimg.h b/core/jni/magiskboot/bootimg.h similarity index 100% rename from jni/magiskboot/bootimg.h rename to core/jni/magiskboot/bootimg.h diff --git a/jni/magiskboot/compress.c b/core/jni/magiskboot/compress.c similarity index 100% rename from jni/magiskboot/compress.c rename to core/jni/magiskboot/compress.c diff --git a/jni/magiskboot/dtb.c b/core/jni/magiskboot/dtb.c similarity index 100% rename from jni/magiskboot/dtb.c rename to core/jni/magiskboot/dtb.c diff --git a/jni/magiskboot/hexpatch.c b/core/jni/magiskboot/hexpatch.c similarity index 100% rename from jni/magiskboot/hexpatch.c rename to core/jni/magiskboot/hexpatch.c diff --git a/jni/magiskboot/magiskboot.h b/core/jni/magiskboot/magiskboot.h similarity index 100% rename from jni/magiskboot/magiskboot.h rename to core/jni/magiskboot/magiskboot.h diff --git a/jni/magiskboot/main.c b/core/jni/magiskboot/main.c similarity index 100% rename from jni/magiskboot/main.c rename to core/jni/magiskboot/main.c diff --git a/jni/magiskboot/ramdisk.c b/core/jni/magiskboot/ramdisk.c similarity index 100% rename from jni/magiskboot/ramdisk.c rename to core/jni/magiskboot/ramdisk.c diff --git a/jni/magiskboot/types.c b/core/jni/magiskboot/types.c similarity index 100% rename from jni/magiskboot/types.c rename to core/jni/magiskboot/types.c diff --git a/jni/magiskboot/types.h b/core/jni/magiskboot/types.h similarity index 100% rename from jni/magiskboot/types.h rename to core/jni/magiskboot/types.h diff --git a/jni/magiskhide/hide_utils.c b/core/jni/magiskhide/hide_utils.c similarity index 100% rename from jni/magiskhide/hide_utils.c rename to core/jni/magiskhide/hide_utils.c diff --git a/jni/magiskhide/magiskhide.c b/core/jni/magiskhide/magiskhide.c similarity index 100% rename from jni/magiskhide/magiskhide.c rename to core/jni/magiskhide/magiskhide.c diff --git a/jni/magiskhide/magiskhide.h b/core/jni/magiskhide/magiskhide.h similarity index 100% rename from jni/magiskhide/magiskhide.h rename to core/jni/magiskhide/magiskhide.h diff --git a/jni/magiskhide/proc_monitor.c b/core/jni/magiskhide/proc_monitor.c similarity index 100% rename from jni/magiskhide/proc_monitor.c rename to core/jni/magiskhide/proc_monitor.c diff --git a/jni/magiskpolicy b/core/jni/magiskpolicy similarity index 100% rename from jni/magiskpolicy rename to core/jni/magiskpolicy diff --git a/jni/resetprop/ErrnoRestorer.h b/core/jni/resetprop/ErrnoRestorer.h similarity index 100% rename from jni/resetprop/ErrnoRestorer.h rename to core/jni/resetprop/ErrnoRestorer.h diff --git a/jni/resetprop/_system_properties.h b/core/jni/resetprop/_system_properties.h similarity index 100% rename from jni/resetprop/_system_properties.h rename to core/jni/resetprop/_system_properties.h diff --git a/jni/resetprop/bionic_futex.h b/core/jni/resetprop/bionic_futex.h similarity index 100% rename from jni/resetprop/bionic_futex.h rename to core/jni/resetprop/bionic_futex.h diff --git a/jni/resetprop/bionic_lock.h b/core/jni/resetprop/bionic_lock.h similarity index 100% rename from jni/resetprop/bionic_lock.h rename to core/jni/resetprop/bionic_lock.h diff --git a/jni/resetprop/bionic_macros.h b/core/jni/resetprop/bionic_macros.h similarity index 100% rename from jni/resetprop/bionic_macros.h rename to core/jni/resetprop/bionic_macros.h diff --git a/jni/resetprop/resetprop.cpp b/core/jni/resetprop/resetprop.cpp similarity index 100% rename from jni/resetprop/resetprop.cpp rename to core/jni/resetprop/resetprop.cpp diff --git a/jni/resetprop/system_properties.cpp b/core/jni/resetprop/system_properties.cpp similarity index 100% rename from jni/resetprop/system_properties.cpp rename to core/jni/resetprop/system_properties.cpp diff --git a/jni/resetprop/system_properties.h b/core/jni/resetprop/system_properties.h similarity index 100% rename from jni/resetprop/system_properties.h rename to core/jni/resetprop/system_properties.h diff --git a/jni/su b/core/jni/su similarity index 100% rename from jni/su rename to core/jni/su diff --git a/jni/utils/cpio.c b/core/jni/utils/cpio.c similarity index 100% rename from jni/utils/cpio.c rename to core/jni/utils/cpio.c diff --git a/jni/utils/file.c b/core/jni/utils/file.c similarity index 100% rename from jni/utils/file.c rename to core/jni/utils/file.c diff --git a/jni/utils/img.c b/core/jni/utils/img.c similarity index 100% rename from jni/utils/img.c rename to core/jni/utils/img.c diff --git a/jni/utils/list.c b/core/jni/utils/list.c similarity index 100% rename from jni/utils/list.c rename to core/jni/utils/list.c diff --git a/jni/utils/misc.c b/core/jni/utils/misc.c similarity index 100% rename from jni/utils/misc.c rename to core/jni/utils/misc.c diff --git a/jni/utils/vector.c b/core/jni/utils/vector.c similarity index 100% rename from jni/utils/vector.c rename to core/jni/utils/vector.c diff --git a/jni/utils/xwrap.c b/core/jni/utils/xwrap.c similarity index 100% rename from jni/utils/xwrap.c rename to core/jni/utils/xwrap.c diff --git a/core/src/main/AndroidManifest.xml b/core/src/main/AndroidManifest.xml new file mode 100644 index 000000000..1d9dded58 --- /dev/null +++ b/core/src/main/AndroidManifest.xml @@ -0,0 +1 @@ + diff --git a/crypto/.gitignore b/crypto/.gitignore new file mode 100644 index 000000000..796b96d1c --- /dev/null +++ b/crypto/.gitignore @@ -0,0 +1 @@ +/build diff --git a/crypto/build.gradle b/crypto/build.gradle new file mode 100644 index 000000000..edfb254cd --- /dev/null +++ b/crypto/build.gradle @@ -0,0 +1,38 @@ +apply plugin: 'java-library' + +apply plugin: 'com.github.johnrengelman.shadow' +apply plugin: 'java' + +sourceCompatibility = "1.8" +targetCompatibility = "1.8" + +jar { + manifest { + attributes 'Main-Class': 'com.topjohnwu.crypto.ZipSigner' + } +} + +shadowJar { + baseName = 'zipsigner' + classifier = null + version = 1.1 +} + +buildscript { + repositories { + jcenter() + } + dependencies { + classpath 'com.github.jengelman.gradle.plugins:shadow:2.0.1' + } +} + +repositories { + jcenter() +} + +dependencies { + implementation fileTree(include: ['*.jar'], dir: 'libs') + implementation 'org.bouncycastle:bcprov-jdk15on:1.58' + implementation 'org.bouncycastle:bcpkix-jdk15on:1.58' +} diff --git a/crypto/src/main/java/com/topjohnwu/crypto/ByteArrayStream.java b/crypto/src/main/java/com/topjohnwu/crypto/ByteArrayStream.java new file mode 100644 index 000000000..ef6c7bc6d --- /dev/null +++ b/crypto/src/main/java/com/topjohnwu/crypto/ByteArrayStream.java @@ -0,0 +1,34 @@ +package com.topjohnwu.crypto; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; + +public class ByteArrayStream extends ByteArrayOutputStream { + public byte[] getBuf() { + return buf; + } + public synchronized void readFrom(InputStream is) { + readFrom(is, Integer.MAX_VALUE); + } + public synchronized void readFrom(InputStream is, int len) { + int read; + byte buffer[] = new byte[4096]; + try { + while ((read = is.read(buffer, 0, len < buffer.length ? len : buffer.length)) > 0) { + write(buffer, 0, read); + len -= read; + } + } catch (IOException e) { + e.printStackTrace(); + } + } + public synchronized void writeTo(OutputStream out, int off, int len) throws IOException { + out.write(buf, off, len); + } + public ByteArrayInputStream getInputStream() { + return new ByteArrayInputStream(buf, 0, count); + } +} diff --git a/crypto/src/main/java/com/topjohnwu/crypto/CryptoUtils.java b/crypto/src/main/java/com/topjohnwu/crypto/CryptoUtils.java new file mode 100644 index 000000000..45bf1655c --- /dev/null +++ b/crypto/src/main/java/com/topjohnwu/crypto/CryptoUtils.java @@ -0,0 +1,136 @@ +package com.topjohnwu.crypto; + +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.security.GeneralSecurityException; +import java.security.Key; +import java.security.KeyFactory; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.Signature; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.security.spec.ECPrivateKeySpec; +import java.security.spec.ECPublicKeySpec; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.PKCS8EncodedKeySpec; +import java.util.Arrays; +import java.util.HashMap; +import java.util.Map; + +class CryptoUtils { + + private static final Map ID_TO_ALG; + private static final Map ALG_TO_ID; + + static { + ID_TO_ALG = new HashMap<>(); + ALG_TO_ID = new HashMap<>(); + ID_TO_ALG.put(X9ObjectIdentifiers.ecdsa_with_SHA256.getId(), "SHA256withECDSA"); + ID_TO_ALG.put(X9ObjectIdentifiers.ecdsa_with_SHA384.getId(), "SHA384withECDSA"); + ID_TO_ALG.put(X9ObjectIdentifiers.ecdsa_with_SHA512.getId(), "SHA512withECDSA"); + ID_TO_ALG.put(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), "SHA1withRSA"); + ID_TO_ALG.put(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId(), "SHA256withRSA"); + ID_TO_ALG.put(PKCSObjectIdentifiers.sha512WithRSAEncryption.getId(), "SHA512withRSA"); + ALG_TO_ID.put("SHA256withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256.getId()); + ALG_TO_ID.put("SHA384withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384.getId()); + ALG_TO_ID.put("SHA512withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512.getId()); + ALG_TO_ID.put("SHA1withRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); + ALG_TO_ID.put("SHA256withRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption.getId()); + ALG_TO_ID.put("SHA512withRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption.getId()); + } + + private static String getSignatureAlgorithm(Key key) throws Exception { + if ("EC".equals(key.getAlgorithm())) { + int curveSize; + KeyFactory factory = KeyFactory.getInstance("EC"); + if (key instanceof PublicKey) { + ECPublicKeySpec spec = factory.getKeySpec(key, ECPublicKeySpec.class); + curveSize = spec.getParams().getCurve().getField().getFieldSize(); + } else if (key instanceof PrivateKey) { + ECPrivateKeySpec spec = factory.getKeySpec(key, ECPrivateKeySpec.class); + curveSize = spec.getParams().getCurve().getField().getFieldSize(); + } else { + throw new InvalidKeySpecException(); + } + if (curveSize <= 256) { + return "SHA256withECDSA"; + } else if (curveSize <= 384) { + return "SHA384withECDSA"; + } else { + return "SHA512withECDSA"; + } + } else if ("RSA".equals(key.getAlgorithm())) { + return "SHA256withRSA"; + } else { + throw new IllegalArgumentException("Unsupported key type " + key.getAlgorithm()); + } + } + + static AlgorithmIdentifier getSignatureAlgorithmIdentifier(Key key) throws Exception { + String id = ALG_TO_ID.get(getSignatureAlgorithm(key)); + if (id == null) { + throw new IllegalArgumentException("Unsupported key type " + key.getAlgorithm()); + } + return new AlgorithmIdentifier(new ASN1ObjectIdentifier(id)); + } + + static boolean verify(PublicKey key, byte[] input, byte[] signature, + AlgorithmIdentifier algId) throws Exception { + String algName = ID_TO_ALG.get(algId.getAlgorithm().getId()); + if (algName == null) { + throw new IllegalArgumentException("Unsupported algorithm " + algId.getAlgorithm()); + } + Signature verifier = Signature.getInstance(algName); + verifier.initVerify(key); + verifier.update(input); + return verifier.verify(signature); + } + + static byte[] sign(PrivateKey privateKey, byte[] input) throws Exception { + Signature signer = Signature.getInstance(getSignatureAlgorithm(privateKey)); + signer.initSign(privateKey); + signer.update(input); + return signer.sign(); + } + + static X509Certificate readPublicKey(InputStream input) + throws IOException, GeneralSecurityException { + try { + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + return (X509Certificate) cf.generateCertificate(input); + } finally { + input.close(); + } + } + + /** Read a PKCS#8 format private key. */ + static PrivateKey readPrivateKey(InputStream input) + throws IOException, GeneralSecurityException { + try { + byte[] buffer = new byte[4096]; + int size = input.read(buffer); + byte[] bytes = Arrays.copyOf(buffer, size); + /* Check to see if this is in an EncryptedPrivateKeyInfo structure. */ + PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(bytes); + /* + * Now it's in a PKCS#8 PrivateKeyInfo structure. Read its Algorithm + * OID and use that to construct a KeyFactory. + */ + ASN1InputStream bIn = new ASN1InputStream(new ByteArrayInputStream(spec.getEncoded())); + PrivateKeyInfo pki = PrivateKeyInfo.getInstance(bIn.readObject()); + String algOid = pki.getPrivateKeyAlgorithm().getAlgorithm().getId(); + return KeyFactory.getInstance(algOid).generatePrivate(spec); + } finally { + input.close(); + } + } +} diff --git a/crypto/src/main/java/com/topjohnwu/crypto/JarMap.java b/crypto/src/main/java/com/topjohnwu/crypto/JarMap.java new file mode 100644 index 000000000..9db773949 --- /dev/null +++ b/crypto/src/main/java/com/topjohnwu/crypto/JarMap.java @@ -0,0 +1,122 @@ +package com.topjohnwu.crypto; + +import java.io.Closeable; +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.util.Collections; +import java.util.Enumeration; +import java.util.LinkedHashMap; +import java.util.jar.JarEntry; +import java.util.jar.JarFile; +import java.util.jar.JarInputStream; +import java.util.jar.Manifest; +import java.util.zip.ZipEntry; +import java.util.zip.ZipFile; + +/* +* A universal random access interface for both JarFile and JarInputStream +* +* In the case when JarInputStream is provided to constructor, the whole stream +* will be loaded into memory for random access purposes. +* On the other hand, when a JarFile is provided, it simply works as a wrapper. +* */ + +public class JarMap implements Closeable, AutoCloseable { + private JarFile jarFile; + private JarInputStream jis; + private boolean isInputStream = false; + private LinkedHashMap bufMap; + + public JarMap(File file) throws IOException { + this(file, true); + } + + public JarMap(File file, boolean verify) throws IOException { + this(file, verify, ZipFile.OPEN_READ); + } + + public JarMap(File file, boolean verify, int mode) throws IOException { + jarFile = new JarFile(file, verify, mode); + } + + public JarMap(String name) throws IOException { + this(new File(name)); + } + + public JarMap(String name, boolean verify) throws IOException { + this(new File(name), verify); + } + + public JarMap(InputStream is) throws IOException { + this(is, true); + } + + public JarMap(InputStream is, boolean verify) throws IOException { + isInputStream = true; + bufMap = new LinkedHashMap<>(); + jis = new JarInputStream(is, verify); + JarEntry entry; + while ((entry = jis.getNextJarEntry()) != null) { + bufMap.put(entry.getName(), new JarMapEntry(entry, jis)); + } + } + + public File getFile() { + return isInputStream ? null : new File(jarFile.getName()); + } + + public Manifest getManifest() throws IOException { + return isInputStream ? jis.getManifest() : jarFile.getManifest(); + } + + public InputStream getInputStream(ZipEntry ze) throws IOException { + return isInputStream ? ((JarMapEntry) bufMap.get(ze.getName())).data.getInputStream() : + jarFile.getInputStream(ze); + } + + public OutputStream getOutputStream(ZipEntry ze) { + if (!isInputStream) // Only support InputStream mode + return null; + ByteArrayStream bs = ((JarMapEntry) bufMap.get(ze.getName())).data; + bs.reset(); + return bs; + } + + public byte[] getRawData(ZipEntry ze) throws IOException { + if (isInputStream) { + return ((JarMapEntry) bufMap.get(ze.getName())).data.toByteArray(); + } else { + ByteArrayStream bytes = new ByteArrayStream(); + bytes.readFrom(jarFile.getInputStream(ze)); + return bytes.toByteArray(); + } + } + + public Enumeration entries() { + return isInputStream ? Collections.enumeration(bufMap.values()) : jarFile.entries(); + } + + public ZipEntry getEntry(String name) { + return getJarEntry(name); + } + + public JarEntry getJarEntry(String name) { + return isInputStream ? bufMap.get(name) : jarFile.getJarEntry(name); + } + + @Override + public void close() throws IOException { + (isInputStream ? jis : jarFile).close(); + } + + private static class JarMapEntry extends JarEntry { + ByteArrayStream data; + JarMapEntry(JarEntry je, InputStream is) { + super(je); + data = new ByteArrayStream(); + data.readFrom(is); + } + } +} diff --git a/crypto/src/main/java/com/topjohnwu/crypto/SignAPK.java b/crypto/src/main/java/com/topjohnwu/crypto/SignAPK.java new file mode 100644 index 000000000..96c2aca5a --- /dev/null +++ b/crypto/src/main/java/com/topjohnwu/crypto/SignAPK.java @@ -0,0 +1,502 @@ +package com.topjohnwu.crypto; + +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.DEROutputStream; +import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; +import org.bouncycastle.cert.jcajce.JcaCertStore; +import org.bouncycastle.cms.CMSException; +import org.bouncycastle.cms.CMSProcessableByteArray; +import org.bouncycastle.cms.CMSSignedData; +import org.bouncycastle.cms.CMSSignedDataGenerator; +import org.bouncycastle.cms.CMSTypedData; +import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.OperatorCreationException; +import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; +import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; +import org.bouncycastle.util.encoders.Base64; + +import java.io.BufferedOutputStream; +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.FileNotFoundException; +import java.io.FileOutputStream; +import java.io.FilterOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.PrintStream; +import java.io.RandomAccessFile; +import java.security.DigestOutputStream; +import java.security.GeneralSecurityException; +import java.security.MessageDigest; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.Security; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Enumeration; +import java.util.Locale; +import java.util.Map; +import java.util.TreeMap; +import java.util.jar.Attributes; +import java.util.jar.JarEntry; +import java.util.jar.JarFile; +import java.util.jar.JarOutputStream; +import java.util.jar.Manifest; +import java.util.regex.Pattern; + +/* +* Modified from from AOSP(Marshmallow) SignAPK.java +* */ + +public class SignAPK { + + private static final String CERT_SF_NAME = "META-INF/CERT.SF"; + private static final String CERT_SIG_NAME = "META-INF/CERT.%s"; + + public static Provider sBouncyCastleProvider; + // bitmasks for which hash algorithms we need the manifest to include. + private static final int USE_SHA1 = 1; + private static final int USE_SHA256 = 2; + + static { + sBouncyCastleProvider = new BouncyCastleProvider(); + Security.insertProviderAt(sBouncyCastleProvider, 1); + } + + public static void signZip(InputStream publicIn, InputStream privateIn, + JarMap input, File output, boolean minSign) throws Exception { + int alignment = 4; + BufferedOutputStream outputFile; + int hashes = 0; + X509Certificate publicKey = CryptoUtils.readPublicKey(publicIn); + hashes |= getDigestAlgorithm(publicKey); + + // Set the ZIP file timestamp to the starting valid time + // of the 0th certificate plus one hour (to match what + // we've historically done). + long timestamp = publicKey.getNotBefore().getTime() + 3600L * 1000; + PrivateKey privateKey = CryptoUtils.readPrivateKey(privateIn); + + outputFile = new BufferedOutputStream(new FileOutputStream(output)); + if (minSign) { + signWholeFile(input.getFile(), publicKey, privateKey, outputFile); + } else { + JarOutputStream outputJar = new JarOutputStream(outputFile); + // For signing .apks, use the maximum compression to make + // them as small as possible (since they live forever on + // the system partition). For OTA packages, use the + // default compression level, which is much much faster + // and produces output that is only a tiny bit larger + // (~0.1% on full OTA packages I tested). + outputJar.setLevel(9); + Manifest manifest = addDigestsToManifest(input, hashes); + copyFiles(manifest, input, outputJar, timestamp, alignment); + signFile(manifest, input, publicKey, privateKey, outputJar); + outputJar.close(); + } + input.close(); + outputFile.close(); + } + + /** + * Return one of USE_SHA1 or USE_SHA256 according to the signature + * algorithm specified in the cert. + */ + private static int getDigestAlgorithm(X509Certificate cert) { + String sigAlg = cert.getSigAlgName().toUpperCase(Locale.US); + if ("SHA1WITHRSA".equals(sigAlg) || + "MD5WITHRSA".equals(sigAlg)) { // see "HISTORICAL NOTE" above. + return USE_SHA1; + } else if (sigAlg.startsWith("SHA256WITH")) { + return USE_SHA256; + } else { + throw new IllegalArgumentException("unsupported signature algorithm \"" + sigAlg + + "\" in cert [" + cert.getSubjectDN()); + } + } + /** Returns the expected signature algorithm for this key type. */ + private static String getSignatureAlgorithm(X509Certificate cert) { + String sigAlg = cert.getSigAlgName().toUpperCase(Locale.US); + String keyType = cert.getPublicKey().getAlgorithm().toUpperCase(Locale.US); + if ("RSA".equalsIgnoreCase(keyType)) { + if (getDigestAlgorithm(cert) == USE_SHA256) { + return "SHA256withRSA"; + } else { + return "SHA1withRSA"; + } + } else if ("EC".equalsIgnoreCase(keyType)) { + return "SHA256withECDSA"; + } else { + throw new IllegalArgumentException("unsupported key type: " + keyType); + } + } + // Files matching this pattern are not copied to the output. + private static Pattern stripPattern = + Pattern.compile("^(META-INF/((.*)[.](SF|RSA|DSA|EC)|com/android/otacert))|(" + + Pattern.quote(JarFile.MANIFEST_NAME) + ")$"); + + /** + * Add the hash(es) of every file to the manifest, creating it if + * necessary. + */ + private static Manifest addDigestsToManifest(JarMap jar, int hashes) + throws IOException, GeneralSecurityException { + Manifest input = jar.getManifest(); + Manifest output = new Manifest(); + Attributes main = output.getMainAttributes(); + if (input != null) { + main.putAll(input.getMainAttributes()); + } else { + main.putValue("Manifest-Version", "1.0"); + main.putValue("Created-By", "1.0 (Android SignApk)"); + } + MessageDigest md_sha1 = null; + MessageDigest md_sha256 = null; + if ((hashes & USE_SHA1) != 0) { + md_sha1 = MessageDigest.getInstance("SHA1"); + } + if ((hashes & USE_SHA256) != 0) { + md_sha256 = MessageDigest.getInstance("SHA256"); + } + byte[] buffer = new byte[4096]; + int num; + // We sort the input entries by name, and add them to the + // output manifest in sorted order. We expect that the output + // map will be deterministic. + TreeMap byName = new TreeMap(); + for (Enumeration e = jar.entries(); e.hasMoreElements(); ) { + JarEntry entry = e.nextElement(); + byName.put(entry.getName(), entry); + } + for (JarEntry entry: byName.values()) { + String name = entry.getName(); + if (!entry.isDirectory() && + (stripPattern == null || !stripPattern.matcher(name).matches())) { + InputStream data = jar.getInputStream(entry); + while ((num = data.read(buffer)) > 0) { + if (md_sha1 != null) md_sha1.update(buffer, 0, num); + if (md_sha256 != null) md_sha256.update(buffer, 0, num); + } + Attributes attr = null; + if (input != null) attr = input.getAttributes(name); + attr = attr != null ? new Attributes(attr) : new Attributes(); + if (md_sha1 != null) { + attr.putValue("SHA1-Digest", + new String(Base64.encode(md_sha1.digest()), "ASCII")); + } + if (md_sha256 != null) { + attr.putValue("SHA-256-Digest", + new String(Base64.encode(md_sha256.digest()), "ASCII")); + } + output.getEntries().put(name, attr); + } + } + return output; + } + + /** Write to another stream and track how many bytes have been + * written. + */ + private static class CountOutputStream extends FilterOutputStream { + private int mCount; + public CountOutputStream(OutputStream out) { + super(out); + mCount = 0; + } + @Override + public void write(int b) throws IOException { + super.write(b); + mCount++; + } + @Override + public void write(byte[] b, int off, int len) throws IOException { + super.write(b, off, len); + mCount += len; + } + public int size() { + return mCount; + } + } + /** Write a .SF file with a digest of the specified manifest. */ + private static void writeSignatureFile(Manifest manifest, OutputStream out, + int hash) + throws IOException, GeneralSecurityException { + Manifest sf = new Manifest(); + Attributes main = sf.getMainAttributes(); + main.putValue("Signature-Version", "1.0"); + main.putValue("Created-By", "1.0 (Android SignApk)"); + MessageDigest md = MessageDigest.getInstance( + hash == USE_SHA256 ? "SHA256" : "SHA1"); + PrintStream print = new PrintStream( + new DigestOutputStream(new ByteArrayOutputStream(), md), + true, "UTF-8"); + // Digest of the entire manifest + manifest.write(print); + print.flush(); + main.putValue(hash == USE_SHA256 ? "SHA-256-Digest-Manifest" : "SHA1-Digest-Manifest", + new String(Base64.encode(md.digest()), "ASCII")); + Map entries = manifest.getEntries(); + for (Map.Entry entry : entries.entrySet()) { + // Digest of the manifest stanza for this entry. + print.print("Name: " + entry.getKey() + "\r\n"); + for (Map.Entry att : entry.getValue().entrySet()) { + print.print(att.getKey() + ": " + att.getValue() + "\r\n"); + } + print.print("\r\n"); + print.flush(); + Attributes sfAttr = new Attributes(); + sfAttr.putValue(hash == USE_SHA256 ? "SHA-256-Digest" : "SHA1-Digest-Manifest", + new String(Base64.encode(md.digest()), "ASCII")); + sf.getEntries().put(entry.getKey(), sfAttr); + } + CountOutputStream cout = new CountOutputStream(out); + sf.write(cout); + // A bug in the java.util.jar implementation of Android platforms + // up to version 1.6 will cause a spurious IOException to be thrown + // if the length of the signature file is a multiple of 1024 bytes. + // As a workaround, add an extra CRLF in this case. + if ((cout.size() % 1024) == 0) { + cout.write('\r'); + cout.write('\n'); + } + } + /** Sign data and write the digital signature to 'out'. */ + private static void writeSignatureBlock( + CMSTypedData data, X509Certificate publicKey, PrivateKey privateKey, + OutputStream out) + throws IOException, + CertificateEncodingException, + OperatorCreationException, + CMSException { + ArrayList certList = new ArrayList<>(1); + certList.add(publicKey); + JcaCertStore certs = new JcaCertStore(certList); + CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); + ContentSigner signer = new JcaContentSignerBuilder(getSignatureAlgorithm(publicKey)) + .setProvider(sBouncyCastleProvider) + .build(privateKey); + gen.addSignerInfoGenerator( + new JcaSignerInfoGeneratorBuilder( + new JcaDigestCalculatorProviderBuilder() + .setProvider(sBouncyCastleProvider) + .build()) + .setDirectSignature(true) + .build(signer, publicKey)); + gen.addCertificates(certs); + CMSSignedData sigData = gen.generate(data, false); + ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded()); + DEROutputStream dos = new DEROutputStream(out); + dos.writeObject(asn1.readObject()); + } + /** + * Copy all the files in a manifest from input to output. We set + * the modification times in the output to a fixed time, so as to + * reduce variation in the output file and make incremental OTAs + * more efficient. + */ + private static void copyFiles(Manifest manifest, JarMap in, JarOutputStream out, + long timestamp, int alignment) throws IOException { + byte[] buffer = new byte[4096]; + int num; + Map entries = manifest.getEntries(); + ArrayList names = new ArrayList<>(entries.keySet()); + Collections.sort(names); + boolean firstEntry = true; + long offset = 0L; + // We do the copy in two passes -- first copying all the + // entries that are STORED, then copying all the entries that + // have any other compression flag (which in practice means + // DEFLATED). This groups all the stored entries together at + // the start of the file and makes it easier to do alignment + // on them (since only stored entries are aligned). + for (String name : names) { + JarEntry inEntry = in.getJarEntry(name); + JarEntry outEntry = null; + if (inEntry.getMethod() != JarEntry.STORED) continue; + // Preserve the STORED method of the input entry. + outEntry = new JarEntry(inEntry); + outEntry.setTime(timestamp); + // 'offset' is the offset into the file at which we expect + // the file data to begin. This is the value we need to + // make a multiple of 'alignement'. + offset += JarFile.LOCHDR + outEntry.getName().length(); + if (firstEntry) { + // The first entry in a jar file has an extra field of + // four bytes that you can't get rid of; any extra + // data you specify in the JarEntry is appended to + // these forced four bytes. This is JAR_MAGIC in + // JarOutputStream; the bytes are 0xfeca0000. + offset += 4; + firstEntry = false; + } + if (alignment > 0 && (offset % alignment != 0)) { + // Set the "extra data" of the entry to between 1 and + // alignment-1 bytes, to make the file data begin at + // an aligned offset. + int needed = alignment - (int)(offset % alignment); + outEntry.setExtra(new byte[needed]); + offset += needed; + } + out.putNextEntry(outEntry); + InputStream data = in.getInputStream(inEntry); + while ((num = data.read(buffer)) > 0) { + out.write(buffer, 0, num); + offset += num; + } + out.flush(); + } + // Copy all the non-STORED entries. We don't attempt to + // maintain the 'offset' variable past this point; we don't do + // alignment on these entries. + for (String name : names) { + JarEntry inEntry = in.getJarEntry(name); + JarEntry outEntry = null; + if (inEntry.getMethod() == JarEntry.STORED) continue; + // Create a new entry so that the compressed len is recomputed. + outEntry = new JarEntry(name); + outEntry.setTime(timestamp); + out.putNextEntry(outEntry); + InputStream data = in.getInputStream(inEntry); + while ((num = data.read(buffer)) > 0) { + out.write(buffer, 0, num); + } + out.flush(); + } + } + + // This class is to provide a file's content, but trimming out the last two bytes + // Used for signWholeFile + private static class CMSProcessableFile implements CMSTypedData { + + private ASN1ObjectIdentifier type; + private RandomAccessFile file; + + CMSProcessableFile(File file) throws FileNotFoundException { + this.file = new RandomAccessFile(file, "r"); + type = new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId()); + } + + @Override + public ASN1ObjectIdentifier getContentType() { + return type; + } + + @Override + public void write(OutputStream out) throws IOException, CMSException { + file.seek(0); + int read; + byte buffer[] = new byte[4096]; + int len = (int) file.length() - 2; + while ((read = file.read(buffer, 0, len < buffer.length ? len : buffer.length)) > 0) { + out.write(buffer, 0, read); + len -= read; + } + } + + @Override + public Object getContent() { + return file; + } + + byte[] getTail() throws IOException { + byte tail[] = new byte[22]; + file.seek(file.length() - 22); + file.readFully(tail); + return tail; + } + } + + private static void signWholeFile(File input, X509Certificate publicKey, + PrivateKey privateKey, OutputStream outputStream) + throws Exception { + ByteArrayOutputStream temp = new ByteArrayOutputStream(); + // put a readable message and a null char at the start of the + // archive comment, so that tools that display the comment + // (hopefully) show something sensible. + // TODO: anything more useful we can put in this message? + byte[] message = "signed by SignApk".getBytes("UTF-8"); + temp.write(message); + temp.write(0); + + CMSProcessableFile cmsFile = new CMSProcessableFile(input); + writeSignatureBlock(cmsFile, publicKey, privateKey, temp); + + // For a zip with no archive comment, the + // end-of-central-directory record will be 22 bytes long, so + // we expect to find the EOCD marker 22 bytes from the end. + byte[] zipData = cmsFile.getTail(); + if (zipData[zipData.length-22] != 0x50 || + zipData[zipData.length-21] != 0x4b || + zipData[zipData.length-20] != 0x05 || + zipData[zipData.length-19] != 0x06) { + throw new IllegalArgumentException("zip data already has an archive comment"); + } + int total_size = temp.size() + 6; + if (total_size > 0xffff) { + throw new IllegalArgumentException("signature is too big for ZIP file comment"); + } + // signature starts this many bytes from the end of the file + int signature_start = total_size - message.length - 1; + temp.write(signature_start & 0xff); + temp.write((signature_start >> 8) & 0xff); + // Why the 0xff bytes? In a zip file with no archive comment, + // bytes [-6:-2] of the file are the little-endian offset from + // the start of the file to the central directory. So for the + // two high bytes to be 0xff 0xff, the archive would have to + // be nearly 4GB in size. So it's unlikely that a real + // commentless archive would have 0xffs here, and lets us tell + // an old signed archive from a new one. + temp.write(0xff); + temp.write(0xff); + temp.write(total_size & 0xff); + temp.write((total_size >> 8) & 0xff); + temp.flush(); + // Signature verification checks that the EOCD header is the + // last such sequence in the file (to avoid minzip finding a + // fake EOCD appended after the signature in its scan). The + // odds of producing this sequence by chance are very low, but + // let's catch it here if it does. + byte[] b = temp.toByteArray(); + for (int i = 0; i < b.length-3; ++i) { + if (b[i] == 0x50 && b[i+1] == 0x4b && b[i+2] == 0x05 && b[i+3] == 0x06) { + throw new IllegalArgumentException("found spurious EOCD header at " + i); + } + } + cmsFile.write(outputStream); + outputStream.write(total_size & 0xff); + outputStream.write((total_size >> 8) & 0xff); + temp.writeTo(outputStream); + } + private static void signFile(Manifest manifest, JarMap inputJar, + X509Certificate publicKey, PrivateKey privateKey, + JarOutputStream outputJar) + throws Exception { + // Assume the certificate is valid for at least an hour. + long timestamp = publicKey.getNotBefore().getTime() + 3600L * 1000; + // MANIFEST.MF + JarEntry je = new JarEntry(JarFile.MANIFEST_NAME); + je.setTime(timestamp); + outputJar.putNextEntry(je); + manifest.write(outputJar); + je = new JarEntry(CERT_SF_NAME); + je.setTime(timestamp); + outputJar.putNextEntry(je); + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + writeSignatureFile(manifest, baos, getDigestAlgorithm(publicKey)); + byte[] signedData = baos.toByteArray(); + outputJar.write(signedData); + // CERT.{EC,RSA} / CERT#.{EC,RSA} + final String keyType = publicKey.getPublicKey().getAlgorithm(); + je = new JarEntry(String.format(CERT_SIG_NAME, keyType)); + je.setTime(timestamp); + outputJar.putNextEntry(je); + writeSignatureBlock(new CMSProcessableByteArray(signedData), + publicKey, privateKey, outputJar); + } +} diff --git a/crypto/src/main/java/com/topjohnwu/crypto/SignBoot.java b/crypto/src/main/java/com/topjohnwu/crypto/SignBoot.java new file mode 100644 index 000000000..beb434274 --- /dev/null +++ b/crypto/src/main/java/com/topjohnwu/crypto/SignBoot.java @@ -0,0 +1,231 @@ +package com.topjohnwu.crypto; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.DEROctetString; +import org.bouncycastle.asn1.DERPrintableString; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.jce.provider.BouncyCastleProvider; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.nio.ByteBuffer; +import java.nio.ByteOrder; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.Security; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.Arrays; + +public class SignBoot { + + static { + Security.addProvider(new BouncyCastleProvider()); + } + + public static boolean doSignature(String target, InputStream imgIn, OutputStream imgOut, + InputStream keyIn, InputStream certIn) { + try { + ByteArrayStream bas = new ByteArrayStream(); + bas.readFrom(imgIn); + byte[] image = bas.toByteArray(); + bas.close(); + int signableSize = getSignableImageSize(image); + if (signableSize < image.length) { + System.err.println("NOTE: truncating input from " + + image.length + " to " + signableSize + " bytes"); + image = Arrays.copyOf(image, signableSize); + } else if (signableSize > image.length) { + throw new IllegalArgumentException("Invalid image: too short, expected " + + signableSize + " bytes"); + } + BootSignature bootsig = new BootSignature(target, image.length); + X509Certificate cert = CryptoUtils.readPublicKey(certIn); + bootsig.setCertificate(cert); + PrivateKey key = CryptoUtils.readPrivateKey(keyIn); + bootsig.setSignature(bootsig.sign(image, key), + CryptoUtils.getSignatureAlgorithmIdentifier(key)); + byte[] encoded_bootsig = bootsig.getEncoded(); + imgOut.write(image); + imgOut.write(encoded_bootsig); + imgOut.flush(); + return true; + } catch (Exception e) { + e.printStackTrace(System.err); + return false; + } + } + + public static boolean verifySignature(InputStream imgIn, InputStream certPath) { + try { + ByteArrayStream bas = new ByteArrayStream(); + bas.readFrom(imgIn); + byte[] image = bas.toByteArray(); + bas.close(); + int signableSize = getSignableImageSize(image); + if (signableSize >= image.length) { + System.err.println("Invalid image: not signed"); + return false; + } + byte[] signature = Arrays.copyOfRange(image, signableSize, image.length); + BootSignature bootsig = new BootSignature(signature); + if (certPath != null) { + bootsig.setCertificate(CryptoUtils.readPublicKey(certPath)); + } + if (bootsig.verify(Arrays.copyOf(image, signableSize))) { + System.err.println("Signature is VALID"); + return true; + } else { + System.err.println("Signature is INVALID"); + } + } catch (Exception e) { + e.printStackTrace(System.err); + System.err.println("Invalid image: not signed"); + } + return false; + } + + public static int getSignableImageSize(byte[] data) throws Exception { + if (!Arrays.equals(Arrays.copyOfRange(data, 0, 8), + "ANDROID!".getBytes("US-ASCII"))) { + throw new IllegalArgumentException("Invalid image header: missing magic"); + } + ByteBuffer image = ByteBuffer.wrap(data); + image.order(ByteOrder.LITTLE_ENDIAN); + image.getLong(); // magic + int kernelSize = image.getInt(); + image.getInt(); // kernel_addr + int ramdskSize = image.getInt(); + image.getInt(); // ramdisk_addr + int secondSize = image.getInt(); + image.getLong(); // second_addr + tags_addr + int pageSize = image.getInt(); + int length = pageSize // include the page aligned image header + + ((kernelSize + pageSize - 1) / pageSize) * pageSize + + ((ramdskSize + pageSize - 1) / pageSize) * pageSize + + ((secondSize + pageSize - 1) / pageSize) * pageSize; + length = ((length + pageSize - 1) / pageSize) * pageSize; + if (length <= 0) { + throw new IllegalArgumentException("Invalid image header: invalid length"); + } + return length; + } + + static class BootSignature extends ASN1Object { + private ASN1Integer formatVersion; + private ASN1Encodable certificate; + private AlgorithmIdentifier algorithmIdentifier; + private DERPrintableString target; + private ASN1Integer length; + private DEROctetString signature; + private PublicKey publicKey; + private static final int FORMAT_VERSION = 1; + + /** + * Initializes the object for signing an image file + * @param target Target name, included in the signed data + * @param length Length of the image, included in the signed data + */ + public BootSignature(String target, int length) { + this.formatVersion = new ASN1Integer(FORMAT_VERSION); + this.target = new DERPrintableString(target); + this.length = new ASN1Integer(length); + } + + /** + * Initializes the object for verifying a signed image file + * @param signature Signature footer + */ + public BootSignature(byte[] signature) + throws Exception { + ASN1InputStream stream = new ASN1InputStream(signature); + ASN1Sequence sequence = (ASN1Sequence) stream.readObject(); + formatVersion = (ASN1Integer) sequence.getObjectAt(0); + if (formatVersion.getValue().intValue() != FORMAT_VERSION) { + throw new IllegalArgumentException("Unsupported format version"); + } + certificate = sequence.getObjectAt(1); + byte[] encoded = ((ASN1Object) certificate).getEncoded(); + ByteArrayInputStream bis = new ByteArrayInputStream(encoded); + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + X509Certificate c = (X509Certificate) cf.generateCertificate(bis); + publicKey = c.getPublicKey(); + ASN1Sequence algId = (ASN1Sequence) sequence.getObjectAt(2); + algorithmIdentifier = new AlgorithmIdentifier( + (ASN1ObjectIdentifier) algId.getObjectAt(0)); + ASN1Sequence attrs = (ASN1Sequence) sequence.getObjectAt(3); + target = (DERPrintableString) attrs.getObjectAt(0); + length = (ASN1Integer) attrs.getObjectAt(1); + this.signature = (DEROctetString) sequence.getObjectAt(4); + } + + public ASN1Object getAuthenticatedAttributes() { + ASN1EncodableVector attrs = new ASN1EncodableVector(); + attrs.add(target); + attrs.add(length); + return new DERSequence(attrs); + } + + public byte[] getEncodedAuthenticatedAttributes() throws IOException { + return getAuthenticatedAttributes().getEncoded(); + } + + public void setSignature(byte[] sig, AlgorithmIdentifier algId) { + algorithmIdentifier = algId; + signature = new DEROctetString(sig); + } + + public void setCertificate(X509Certificate cert) + throws Exception, IOException, CertificateEncodingException { + ASN1InputStream s = new ASN1InputStream(cert.getEncoded()); + certificate = s.readObject(); + publicKey = cert.getPublicKey(); + } + + public byte[] generateSignableImage(byte[] image) throws IOException { + byte[] attrs = getEncodedAuthenticatedAttributes(); + byte[] signable = Arrays.copyOf(image, image.length + attrs.length); + for (int i=0; i < attrs.length; i++) { + signable[i+image.length] = attrs[i]; + } + return signable; + } + + public byte[] sign(byte[] image, PrivateKey key) throws Exception { + byte[] signable = generateSignableImage(image); + return CryptoUtils.sign(key, signable); + } + + public boolean verify(byte[] image) throws Exception { + if (length.getValue().intValue() != image.length) { + throw new IllegalArgumentException("Invalid image length"); + } + byte[] signable = generateSignableImage(image); + return CryptoUtils.verify(publicKey, signable, signature.getOctets(), + algorithmIdentifier); + } + + @Override + public ASN1Primitive toASN1Primitive() { + ASN1EncodableVector v = new ASN1EncodableVector(); + v.add(formatVersion); + v.add(certificate); + v.add(algorithmIdentifier); + v.add(getAuthenticatedAttributes()); + v.add(signature); + return new DERSequence(v); + } + + } +} diff --git a/crypto/src/main/java/com/topjohnwu/crypto/ZipSigner.java b/crypto/src/main/java/com/topjohnwu/crypto/ZipSigner.java new file mode 100644 index 000000000..6b4599dbf --- /dev/null +++ b/crypto/src/main/java/com/topjohnwu/crypto/ZipSigner.java @@ -0,0 +1,42 @@ +package com.topjohnwu.crypto; + +import org.bouncycastle.jce.provider.BouncyCastleProvider; + +import java.io.File; +import java.io.FileInputStream; +import java.io.InputStream; +import java.security.Security; + +public class ZipSigner { + public static void main(String[] args) { + boolean minSign = false; + int argStart = 0; + + if (args.length < 4) { + System.err.println("Usage: zipsigner [-m] publickey.x509[.pem] privatekey.pk8 input.jar output.jar"); + System.exit(2); + } + + if (args[0].equals("-m")) { + minSign = true; + argStart = 1; + } + + SignAPK.sBouncyCastleProvider = new BouncyCastleProvider(); + Security.insertProviderAt(SignAPK.sBouncyCastleProvider, 1); + + File pubKey = new File(args[argStart]); + File privKey = new File(args[argStart + 1]); + File input = new File(args[argStart + 2]); + File output = new File(args[argStart + 3]); + + try (InputStream pub = new FileInputStream(pubKey); + InputStream priv = new FileInputStream(privKey); + JarMap jar = new JarMap(input, false)) { + SignAPK.signZip(pub, priv, jar, output, minSign); + } catch (Exception e) { + e.printStackTrace(); + System.exit(1); + } + } +} diff --git a/gradle.properties b/gradle.properties new file mode 100644 index 000000000..d13e92712 --- /dev/null +++ b/gradle.properties @@ -0,0 +1,22 @@ +# Project-wide Gradle settings. + +# IDE (e.g. Android Studio) users: +# Gradle settings configured through the IDE *will override* +# any settings specified in this file. + +# For more details on how to configure your build environment visit +# http://www.gradle.org/docs/current/userguide/build_environment.html + +# Specifies the JVM arguments used for the daemon process. +# The setting is particularly useful for tweaking memory settings. +# Default value: -Xmx10248m -XX:MaxPermSize=256m +org.gradle.jvmargs=-Xmx2560m -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8 + +# When configured, Gradle will run in incubating parallel mode. +# This option should only be used with decoupled projects. More details, visit +# http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects +org.gradle.parallel=true + +# When set to true the Gradle daemon is used to run the build. For local developer builds this is our favorite property. +# The developer environment is optimized for speed and feedback so we nearly always run Gradle jobs with the daemon. +org.gradle.daemon=true diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar new file mode 100644 index 0000000000000000000000000000000000000000..13372aef5e24af05341d49695ee84e5f9b594659 GIT binary patch literal 53636 zcmafaW0a=B^559DjdyHo$F^PVt zzd|cWgMz^T0YO0lQ8%TE1O06v|NZl~LH{LLQ58WtNjWhFP#}eWVO&eiP!jmdp!%24 z{&z-MK{-h=QDqf+S+Pgi=_wg$I{F28X*%lJ>A7Yl#$}fMhymMu?R9TEB?#6@|Q^e^AHhxcRL$z1gsc`-Q`3j+eYAd<4@z^{+?JM8bmu zSVlrVZ5-)SzLn&LU9GhXYG{{I+u(+6ES+tAtQUanYC0^6kWkks8cG;C&r1KGs)Cq}WZSd3k1c?lkzwLySimkP5z)T2Ox3pNs;PdQ=8JPDkT7#0L!cV? zzn${PZs;o7UjcCVd&DCDpFJvjI=h(KDmdByJuDYXQ|G@u4^Kf?7YkE67fWM97kj6F z973tGtv!k$k{<>jd~D&c(x5hVbJa`bILdy(00%lY5}HZ2N>)a|))3UZ&fUa5@uB`H z+LrYm@~t?g`9~@dFzW5l>=p0hG%rv0>(S}jEzqQg6-jImG%Pr%HPtqIV_Ym6yRydW z4L+)NhcyYp*g#vLH{1lK-hQQSScfvNiNx|?nSn-?cc8}-9~Z_0oxlr~(b^EiD`Mx< zlOLK)MH?nl4dD|hx!jBCIku-lI(&v~bCU#!L7d0{)h z;k4y^X+=#XarKzK*)lv0d6?kE1< zmCG^yDYrSwrKIn04tG)>>10%+ zEKzs$S*Zrl+GeE55f)QjY$ zD5hi~J17k;4VSF_`{lPFwf^Qroqg%kqM+Pdn%h#oOPIsOIwu?JR717atg~!)*CgXk zERAW?c}(66rnI+LqM^l7BW|9dH~5g1(_w$;+AAzSYlqop*=u5}=g^e0xjlWy0cUIT7{Fs2Xqx*8% zW71JB%hk%aV-wjNE0*$;E-S9hRx5|`L2JXxz4TX3nf8fMAn|523ssV;2&145zh{$V z#4lt)vL2%DCZUgDSq>)ei2I`*aeNXHXL1TB zC8I4!uq=YYVjAdcCjcf4XgK2_$y5mgsCdcn2U!VPljXHco>+%`)6W=gzJk0$e%m$xWUCs&Ju-nUJjyQ04QF_moED2(y6q4l+~fo845xm zE5Esx?~o#$;rzpCUk2^2$c3EBRNY?wO(F3Pb+<;qfq;JhMFuSYSxiMejBQ+l8(C-- zz?Xufw@7{qvh$;QM0*9tiO$nW(L>83egxc=1@=9Z3)G^+*JX-z92F((wYiK>f;6 zkc&L6k4Ua~FFp`x7EF;ef{hb*n8kx#LU|6{5n=A55R4Ik#sX{-nuQ}m7e<{pXq~8#$`~6| zi{+MIgsBRR-o{>)CE8t0Bq$|SF`M0$$7-{JqwFI1)M^!GMwq5RAWMP!o6G~%EG>$S zYDS?ux;VHhRSm*b^^JukYPVb?t0O%^&s(E7Rb#TnsWGS2#FdTRj_SR~YGjkaRFDI=d)+bw$rD;_!7&P2WEmn zIqdERAbL&7`iA^d?8thJ{(=)v>DgTF7rK-rck({PpYY$7uNY$9-Z< ze4=??I#p;$*+-Tm!q8z}k^%-gTm59^3$*ByyroqUe02Dne4?Fc%JlO>*f9Zj{++!^ zBz0FxuS&7X52o6-^CYq>jkXa?EEIfh?xdBPAkgpWpb9Tam^SXoFb3IRfLwanWfskJ zIbfU-rJ1zPmOV)|%;&NSWIEbbwj}5DIuN}!m7v4($I{Rh@<~-sK{fT|Wh?<|;)-Z; zwP{t@{uTsmnO@5ZY82lzwl4jeZ*zsZ7w%a+VtQXkigW$zN$QZnKw4F`RG`=@eWowO zFJ6RC4e>Y7Nu*J?E1*4*U0x^>GK$>O1S~gkA)`wU2isq^0nDb`);Q(FY<8V6^2R%= zDY}j+?mSj{bz2>F;^6S=OLqiHBy~7h4VVscgR#GILP!zkn68S^c04ZL3e$lnSU_(F zZm3e`1~?eu1>ys#R6>Gu$`rWZJG&#dsZ?^)4)v(?{NPt+_^Ak>Ap6828Cv^B84fa4 z_`l$0SSqkBU}`f*H#<14a)khT1Z5Z8;=ga^45{l8y*m|3Z60vgb^3TnuUKaa+zP;m zS`za@C#Y;-LOm&pW||G!wzr+}T~Q9v4U4ufu*fLJC=PajN?zN=?v^8TY}wrEeUygdgwr z7szml+(Bar;w*c^!5txLGKWZftqbZP`o;Kr1)zI}0Kb8yr?p6ZivtYL_KA<+9)XFE z=pLS5U&476PKY2aKEZh}%|Vb%!us(^qf)bKdF7x_v|Qz8lO7Ro>;#mxG0gqMaTudL zi2W!_#3@INslT}1DFJ`TsPvRBBGsODklX0`p-M6Mrgn~6&fF`kdj4K0I$<2Hp(YIA z)fFdgR&=qTl#sEFj6IHzEr1sYM6 zNfi!V!biByA&vAnZd;e_UfGg_={}Tj0MRt3SG%BQYnX$jndLG6>ssgIV{T3#=;RI% zE}b!9z#fek19#&nFgC->@!IJ*Fe8K$ZOLmg|6(g}ccsSBpc`)3;Ar8;3_k`FQ#N9&1tm>c|2mzG!!uWvelm zJj|oDZ6-m(^|dn3em(BF&3n12=hdtlb@%!vGuL*h`CXF?^=IHU%Q8;g8vABm=U!vX zT%Ma6gpKQC2c;@wH+A{)q+?dAuhetSxBDui+Z;S~6%oQq*IwSMu-UhMDy{pP z-#GB-a0`0+cJ%dZ7v0)3zfW$eV>w*mgU4Cma{P$DY3|w364n$B%cf()fZ;`VIiK_O zQ|q|(55+F$H(?opzr%r)BJLy6M&7Oq8KCsh`pA5^ohB@CDlMKoDVo5gO&{0k)R0b(UOfd>-(GZGeF}y?QI_T+GzdY$G{l!l% zHyToqa-x&X4;^(-56Lg$?(KYkgJn9W=w##)&CECqIxLe@+)2RhO*-Inpb7zd8txFG6mY8E?N8JP!kRt_7-&X{5P?$LAbafb$+hkA*_MfarZxf zXLpXmndnV3ubbXe*SYsx=eeuBKcDZI0bg&LL-a8f9>T(?VyrpC6;T{)Z{&|D5a`Aa zjP&lP)D)^YYWHbjYB6ArVs+4xvrUd1@f;;>*l zZH``*BxW+>Dd$be{`<&GN(w+m3B?~3Jjz}gB8^|!>pyZo;#0SOqWem%xeltYZ}KxOp&dS=bg|4 zY-^F~fv8v}u<7kvaZH`M$fBeltAglH@-SQres30fHC%9spF8Ld%4mjZJDeGNJR8+* zl&3Yo$|JYr2zi9deF2jzEC) zl+?io*GUGRp;^z+4?8gOFA>n;h%TJC#-st7#r&-JVeFM57P7rn{&k*z@+Y5 zc2sui8(gFATezp|Te|1-Q*e|Xi+__8bh$>%3|xNc2kAwTM!;;|KF6cS)X3SaO8^z8 zs5jV(s(4_NhWBSSJ}qUzjuYMKlkjbJS!7_)wwVsK^qDzHx1u*sC@C1ERqC#l%a zk>z>m@sZK{#GmsB_NkEM$$q@kBrgq%=NRBhL#hjDQHrI7(XPgFvP&~ZBJ@r58nLme zK4tD}Nz6xrbvbD6DaDC9E_82T{(WRQBpFc+Zb&W~jHf1MiBEqd57}Tpo8tOXj@LcF zwN8L-s}UO8%6piEtTrj@4bLH!mGpl5mH(UJR1r9bBOrSt0tSJDQ9oIjcW#elyMAxl7W^V(>8M~ss0^>OKvf{&oUG@uW{f^PtV#JDOx^APQKm& z{*Ysrz&ugt4PBUX@KERQbycxP%D+ApR%6jCx7%1RG2YpIa0~tqS6Xw6k#UN$b`^l6d$!I z*>%#Eg=n#VqWnW~MurJLK|hOQPTSy7G@29g@|g;mXC%MF1O7IAS8J^Q6D&Ra!h^+L&(IBYg2WWzZjT-rUsJMFh@E)g)YPW_)W9GF3 zMZz4RK;qcjpnat&J;|MShuPc4qAc)A| zVB?h~3TX+k#Cmry90=kdDoPYbhzs#z96}#M=Q0nC{`s{3ZLU)c(mqQQX;l~1$nf^c zFRQ~}0_!cM2;Pr6q_(>VqoW0;9=ZW)KSgV-c_-XdzEapeLySavTs5-PBsl-n3l;1jD z9^$^xR_QKDUYoeqva|O-+8@+e??(pRg@V|=WtkY!_IwTN~ z9Rd&##eWt_1w$7LL1$-ETciKFyHnNPjd9hHzgJh$J(D@3oYz}}jVNPjH!viX0g|Y9 zDD`Zjd6+o+dbAbUA( zEqA9mSoX5p|9sDVaRBFx_8)Ra4HD#xDB(fa4O8_J2`h#j17tSZOd3%}q8*176Y#ak zC?V8Ol<*X{Q?9j{Ys4Bc#sq!H;^HU$&F_`q2%`^=9DP9YV-A!ZeQ@#p=#ArloIgUH%Y-s>G!%V3aoXaY=f<UBrJTN+*8_lMX$yC=Vq+ zrjLn-pO%+VIvb~>k%`$^aJ1SevcPUo;V{CUqF>>+$c(MXxU12mxqyFAP>ki{5#;Q0 zx7Hh2zZdZzoxPY^YqI*Vgr)ip0xnpQJ+~R*UyFi9RbFd?<_l8GH@}gGmdB)~V7vHg z>Cjy78TQTDwh~+$u$|K3if-^4uY^|JQ+rLVX=u7~bLY29{lr>jWV7QCO5D0I>_1?; zx>*PxE4|wC?#;!#cK|6ivMzJ({k3bT_L3dHY#h7M!ChyTT`P#%3b=k}P(;QYTdrbe z+e{f@we?3$66%02q8p3;^th;9@y2vqt@LRz!DO(WMIk?#Pba85D!n=Ao$5NW0QVgS zoW)fa45>RkjU?H2SZ^#``zs6dG@QWj;MO4k6tIp8ZPminF`rY31dzv^e-3W`ZgN#7 z)N^%Rx?jX&?!5v`hb0-$22Fl&UBV?~cV*{hPG6%ml{k;m+a-D^XOF6DxPd$3;2VVY zT)E%m#ZrF=D=84$l}71DK3Vq^?N4``cdWn3 zqV=mX1(s`eCCj~#Nw4XMGW9tK>$?=cd$ule0Ir8UYzhi?%_u0S?c&j7)-~4LdolkgP^CUeE<2`3m)I^b ztV`K0k$OS^-GK0M0cNTLR22Y_eeT{<;G(+51Xx}b6f!kD&E4; z&Op8;?O<4D$t8PB4#=cWV9Q*i4U+8Bjlj!y4`j)^RNU#<5La6|fa4wLD!b6?RrBsF z@R8Nc^aO8ty7qzlOLRL|RUC-Bt-9>-g`2;@jfNhWAYciF{df9$n#a~28+x~@x0IWM zld=J%YjoKm%6Ea>iF){z#|~fo_w#=&&HRogJmXJDjCp&##oVvMn9iB~gyBlNO3B5f zXgp_1I~^`A0z_~oAa_YBbNZbDsnxLTy0@kkH!=(xt8|{$y<+|(wSZW7@)#|fs_?gU5-o%vpsQPRjIxq;AED^oG%4S%`WR}2(*!84Pe8Jw(snJ zq~#T7+m|w#acH1o%e<+f;!C|*&_!lL*^zRS`;E}AHh%cj1yR&3Grv&0I9k9v0*w8^ zXHEyRyCB`pDBRAxl;ockOh6$|7i$kzCBW$}wGUc|2bo3`x*7>B@eI=-7lKvI)P=gQ zf_GuA+36kQb$&{ZH)6o^x}wS}S^d&Xmftj%nIU=>&j@0?z8V3PLb1JXgHLq)^cTvB zFO6(yj1fl1Bap^}?hh<>j?Jv>RJdK{YpGjHxnY%d8x>A{k+(18J|R}%mAqq9Uzm8^Us#Ir_q^w9-S?W07YRD`w%D(n;|8N%_^RO`zp4 z@`zMAs>*x0keyE)$dJ8hR37_&MsSUMlGC*=7|wUehhKO)C85qoU}j>VVklO^TxK?! zO!RG~y4lv#W=Jr%B#sqc;HjhN={wx761vA3_$S>{j+r?{5=n3le|WLJ(2y_r>{)F_ z=v8Eo&xFR~wkw5v-{+9^JQukxf8*CXDWX*ZzjPVDc>S72uxAcY+(jtg3ns_5R zRYl2pz`B)h+e=|7SfiAAP;A zk0tR)3u1qy0{+?bQOa17SpBRZ5LRHz(TQ@L0%n5xJ21ri>^X420II1?5^FN3&bV?( zCeA)d9!3FAhep;p3?wLPs`>b5Cd}N!;}y`Hq3ppDs0+><{2ey0yq8o7m-4|oaMsWf zsLrG*aMh91drd-_QdX6t&I}t2!`-7$DCR`W2yoV%bcugue)@!SXM}fJOfG(bQQh++ zjAtF~zO#pFz})d8h)1=uhigDuFy`n*sbxZ$BA^Bt=Jdm}_KB6sCvY(T!MQnqO;TJs zVD{*F(FW=+v`6t^6{z<3-fx#|Ze~#h+ymBL^^GKS%Ve<)sP^<4*y_Y${06eD zH_n?Ani5Gs4&1z)UCL-uBvq(8)i!E@T_*0Sp5{Ddlpgke^_$gukJc_f9e=0Rfpta@ ze5~~aJBNK&OJSw!(rDRAHV0d+eW#1?PFbr==uG-$_fu8`!DWqQD~ef-Gx*ZmZx33_ zb0+I(0!hIK>r9_S5A*UwgRBKSd6!ieiYJHRigU@cogJ~FvJHY^DSysg)ac=7#wDBf zNLl!E$AiUMZC%%i5@g$WsN+sMSoUADKZ}-Pb`{7{S>3U%ry~?GVX!BDar2dJHLY|g zTJRo#Bs|u#8ke<3ohL2EFI*n6adobnYG?F3-#7eZZQO{#rmM8*PFycBR^UZKJWr(a z8cex$DPOx_PL^TO<%+f^L6#tdB8S^y#+fb|acQfD(9WgA+cb15L+LUdHKv)wE6={i zX^iY3N#U7QahohDP{g`IHS?D00eJC9DIx0V&nq!1T* z4$Bb?trvEG9JixrrNRKcjX)?KWR#Y(dh#re_<y*=5!J+-Wwb*D>jKXgr5L8_b6pvSAn3RIvI5oj!XF^m?otNA=t^dg z#V=L0@W)n?4Y@}49}YxQS=v5GsIF3%Cp#fFYm0Bm<}ey& zOfWB^vS8ye?n;%yD%NF8DvOpZqlB++#4KnUj>3%*S(c#yACIU>TyBG!GQl7{b8j#V z;lS})mrRtT!IRh2B-*T58%9;!X}W^mg;K&fb7?2#JH>JpCZV5jbDfOgOlc@wNLfHN z8O92GeBRjCP6Q9^Euw-*i&Wu=$>$;8Cktx52b{&Y^Ise-R1gTKRB9m0*Gze>$k?$N zua_0Hmbcj8qQy{ZyJ%`6v6F+yBGm>chZxCGpeL@os+v&5LON7;$tb~MQAbSZKG$k z8w`Mzn=cX4Hf~09q8_|3C7KnoM1^ZGU}#=vn1?1^Kc-eWv4x^T<|i9bCu;+lTQKr- zRwbRK!&XrWRoO7Kw!$zNQb#cJ1`iugR(f_vgmu!O)6tFH-0fOSBk6$^y+R07&&B!(V#ZV)CX42( zTC(jF&b@xu40fyb1=_2;Q|uPso&Gv9OSM1HR{iGPi@JUvmYM;rkv#JiJZ5-EFA%Lu zf;wAmbyclUM*D7>^nPatbGr%2aR5j55qSR$hR`c?d+z z`qko8Yn%vg)p=H`1o?=b9K0%Blx62gSy)q*8jWPyFmtA2a+E??&P~mT@cBdCsvFw4 zg{xaEyVZ|laq!sqN}mWq^*89$e6%sb6Thof;ml_G#Q6_0-zwf80?O}D0;La25A0C+ z3)w-xesp6?LlzF4V%yA9Ryl_Kq*wMk4eu&)Tqe#tmQJtwq`gI^7FXpToum5HP3@;N zpe4Y!wv5uMHUu`zbdtLys5)(l^C(hFKJ(T)z*PC>7f6ZRR1C#ao;R&_8&&a3)JLh* zOFKz5#F)hJqVAvcR#1)*AWPGmlEKw$sQd)YWdAs_W-ojA?Lm#wCd}uF0^X=?AA#ki zWG6oDQZJ5Tvifdz4xKWfK&_s`V*bM7SVc^=w7-m}jW6U1lQEv_JsW6W(| zkKf>qn^G!EWn~|7{G-&t0C6C%4)N{WRK_PM>4sW8^dDkFM|p&*aBuN%fg(I z^M-49vnMd%=04N95VO+?d#el>LEo^tvnQsMop70lNqq@%cTlht?e+B5L1L9R4R(_6 z!3dCLeGXb+_LiACNiqa^nOELJj%q&F^S+XbmdP}`KAep%TDop{Pz;UDc#P&LtMPgH zy+)P1jdgZQUuwLhV<89V{3*=Iu?u#v;v)LtxoOwV(}0UD@$NCzd=id{UuDdedeEp| z`%Q|Y<6T?kI)P|8c!K0Za&jxPhMSS!T`wlQNlkE(2B*>m{D#`hYYD>cgvsKrlcOcs7;SnVCeBiK6Wfho@*Ym9 zr0zNfrr}0%aOkHd)d%V^OFMI~MJp+Vg-^1HPru3Wvac@-QjLX9Dx}FL(l>Z;CkSvC zOR1MK%T1Edv2(b9$ttz!E7{x4{+uSVGz`uH&)gG`$)Vv0^E#b&JSZp#V)b6~$RWwe zzC3FzI`&`EDK@aKfeqQ4M(IEzDd~DS>GB$~ip2n!S%6sR&7QQ*=Mr(v*v-&07CO%# zMBTaD8-EgW#C6qFPPG1Ph^|0AFs;I+s|+A@WU}%@WbPI$S0+qFR^$gim+Fejs2f!$ z@Xdlb_K1BI;iiOUj`j+gOD%mjq^S~J0cZZwuqfzNH9}|(vvI6VO+9ZDA_(=EAo;( zKKzm`k!s!_sYCGOm)93Skaz+GF7eY@Ra8J$C)`X)`aPKym?7D^SI}Mnef4C@SgIEB z>nONSFl$qd;0gSZhNcRlq9VVHPkbakHlZ1gJ1y9W+@!V$TLpdsbKR-VwZrsSM^wLr zL9ob&JG)QDTaf&R^cnm5T5#*J3(pSpjM5~S1 z@V#E2syvK6wb?&h?{E)CoI~9uA(hST7hx4_6M(7!|BW3TR_9Q zLS{+uPoNgw(aK^?=1rFcDO?xPEk5Sm=|pW%-G2O>YWS^(RT)5EQ2GSl75`b}vRcD2 z|HX(x0#Qv+07*O|vMIV(0?KGjOny#Wa~C8Q(kF^IR8u|hyyfwD&>4lW=)Pa311caC zUk3aLCkAFkcidp@C%vNVLNUa#1ZnA~ZCLrLNp1b8(ndgB(0zy{Mw2M@QXXC{hTxr7 zbipeHI-U$#Kr>H4}+cu$#2fG6DgyWgq{O#8aa)4PoJ^;1z7b6t&zt zPei^>F1%8pcB#1`z`?f0EAe8A2C|}TRhzs*-vN^jf(XNoPN!tONWG=abD^=Lm9D?4 zbq4b(in{eZehKC0lF}`*7CTzAvu(K!eAwDNC#MlL2~&gyFKkhMIF=32gMFLvKsbLY z1d$)VSzc^K&!k#2Q?(f>pXn){C+g?vhQ0ijV^Z}p5#BGrGb%6n>IH-)SA$O)*z3lJ z1rtFlovL`cC*RaVG!p!4qMB+-f5j^1)ALf4Z;2X&ul&L!?`9Vdp@d(%(>O=7ZBV;l z?bbmyPen>!P{TJhSYPmLs759b1Ni1`d$0?&>OhxxqaU|}-?Z2c+}jgZ&vCSaCivx| z-&1gw2Lr<;U-_xzlg}Fa_3NE?o}R-ZRX->__}L$%2ySyiPegbnM{UuADqwDR{C2oS zPuo88%DNfl4xBogn((9j{;*YGE0>2YoL?LrH=o^SaAcgO39Ew|vZ0tyOXb509#6{7 z0<}CptRX5(Z4*}8CqCgpT@HY3Q)CvRz_YE;nf6ZFwEje^;Hkj0b1ESI*8Z@(RQrW4 z35D5;S73>-W$S@|+M~A(vYvX(yvLN(35THo!yT=vw@d(=q8m+sJyZMB7T&>QJ=jkwQVQ07*Am^T980rldC)j}}zf!gq7_z4dZ zHwHB94%D-EB<-^W@9;u|(=X33c(G>q;Tfq1F~-Lltp|+uwVzg?e$M96ndY{Lcou%w zWRkjeE`G*i)Bm*|_7bi+=MPm8by_};`=pG!DSGBP6y}zvV^+#BYx{<>p0DO{j@)(S zxcE`o+gZf8EPv1g3E1c3LIbw+`rO3N+Auz}vn~)cCm^DlEi#|Az$b z2}Pqf#=rxd!W*6HijC|u-4b~jtuQS>7uu{>wm)PY6^S5eo=?M>;tK`=DKXuArZvaU zHk(G??qjKYS9G6Du)#fn+ob=}C1Hj9d?V$_=J41ljM$CaA^xh^XrV-jzi7TR-{{9V zZZI0;aQ9YNEc`q=Xvz;@q$eqL<}+L(>HR$JA4mB6~g*YRSnpo zTofY;u7F~{1Pl=pdsDQx8Gg#|@BdoWo~J~j%DfVlT~JaC)he>he6`C`&@@#?;e(9( zgKcmoidHU$;pi{;VXyE~4>0{kJ>K3Uy6`s*1S--*mM&NY)*eOyy!7?9&osK*AQ~vi z{4qIQs)s#eN6j&0S()cD&aCtV;r>ykvAzd4O-fG^4Bmx2A2U7-kZR5{Qp-R^i4H2yfwC7?9(r3=?oH(~JR4=QMls>auMv*>^^!$}{}R z;#(gP+O;kn4G|totqZGdB~`9yzShMze{+$$?9%LJi>4YIsaPMwiJ{`gocu0U}$Q$vI5oeyKrgzz>!gI+XFt!#n z7vs9Pn`{{5w-@}FJZn?!%EQV!PdA3hw%Xa2#-;X4*B4?`WM;4@bj`R-yoAs_t4!!` zEaY5OrYi`3u3rXdY$2jZdZvufgFwVna?!>#t#DKAD2;U zqpqktqJ)8EPY*w~yj7r~#bNk|PDM>ZS?5F7T5aPFVZrqeX~5_1*zTQ%;xUHe#li?s zJ*5XZVERVfRjwX^s=0<%nXhULK+MdibMjzt%J7#fuh?NXyJ^pqpfG$PFmG!h*opyi zmMONjJY#%dkdRHm$l!DLeBm#_0YCq|x17c1fYJ#5YMpsjrFKyU=y>g5QcTgbDm28X zYL1RK)sn1@XtkGR;tNb}(kg#9L=jNSbJizqAgV-TtK2#?LZXrCIz({ zO^R|`ZDu(d@E7vE}df5`a zNIQRp&mDFbgyDKtyl@J|GcR9!h+_a$za$fnO5Ai9{)d7m@?@qk(RjHwXD}JbKRn|u z=Hy^z2vZ<1Mf{5ihhi9Y9GEG74Wvka;%G61WB*y7;&L>k99;IEH;d8-IR6KV{~(LZ zN7@V~f)+yg7&K~uLvG9MAY+{o+|JX?yf7h9FT%7ZrW7!RekjwgAA4jU$U#>_!ZC|c zA9%tc9nq|>2N1rg9uw-Qc89V}I5Y`vuJ(y`Ibc_?D>lPF0>d_mB@~pU`~)uWP48cT@fTxkWSw{aR!`K{v)v zpN?vQZZNPgs3ki9h{An4&Cap-c5sJ!LVLtRd=GOZ^bUpyDZHm6T|t#218}ZA zx*=~9PO>5IGaBD^XX-_2t7?7@WN7VfI^^#Csdz9&{1r z9y<9R?BT~-V8+W3kzWWQ^)ZSI+R zt^Lg`iN$Z~a27)sC_03jrD-%@{ArCPY#Pc*u|j7rE%}jF$LvO4vyvAw3bdL_mg&ei zXys_i=Q!UoF^Xp6^2h5o&%cQ@@)$J4l`AG09G6Uj<~A~!xG>KjKSyTX)zH*EdHMK0 zo;AV-D+bqWhtD-!^+`$*P0B`HokilLd1EuuwhJ?%3wJ~VXIjIE3tj653PExvIVhE& zFMYsI(OX-Q&W$}9gad^PUGuKElCvXxU_s*kx%dH)Bi&$*Q(+9j>(Q>7K1A#|8 zY!G!p0kW29rP*BNHe_wH49bF{K7tymi}Q!Vc_Ox2XjwtpM2SYo7n>?_sB=$c8O5^? z6as!fE9B48FcE`(ruNXP%rAZlDXrFTC7^aoXEX41k)tIq)6kJ*(sr$xVqsh_m3^?? zOR#{GJIr6E0Sz{-( z-R?4asj|!GVl0SEagNH-t|{s06Q3eG{kZOoPHL&Hs0gUkPc&SMY=&{C0&HDI)EHx9 zm#ySWluxwp+b~+K#VG%21%F65tyrt9RTPR$eG0afer6D`M zTW=y!@y6yi#I5V#!I|8IqU=@IfZo!@9*P+f{yLxGu$1MZ%xRY(gRQ2qH@9eMK0`Z> zgO`4DHfFEN8@m@dxYuljsmVv}c4SID+8{kr>d_dLzF$g>urGy9g+=`xAfTkVtz56G zrKNsP$yrDyP=kIqPN9~rVmC-wH672NF7xU>~j5M06Xr&>UJBmOV z%7Ie2d=K=u^D`~i3(U7x?n=h!SCSD1`aFe-sY<*oh+=;B>UVFBOHsF=(Xr(Cai{dL z4S7Y>PHdfG9Iav5FtKzx&UCgg)|DRLvq7!0*9VD`e6``Pgc z1O!qSaNeBBZnDXClh(Dq@XAk?Bd6+_rsFt`5(E+V2c)!Mx4X z47X+QCB4B7$B=Fw1Z1vnHg;x9oDV1YQJAR6Q3}_}BXTFg$A$E!oGG%`Rc()-Ysc%w za(yEn0fw~AaEFr}Rxi;if?Gv)&g~21UzXU9osI9{rNfH$gPTTk#^B|irEc<8W+|9$ zc~R${X2)N!npz1DFVa%nEW)cgPq`MSs)_I*Xwo<+ZK-2^hD(Mc8rF1+2v7&qV;5SET-ygMLNFsb~#u+LpD$uLR1o!ha67gPV5Q{v#PZK5X zUT4aZ{o}&*q7rs)v%*fDTl%}VFX?Oi{i+oKVUBqbi8w#FI%_5;6`?(yc&(Fed4Quy8xsswG+o&R zO1#lUiA%!}61s3jR7;+iO$;1YN;_*yUnJK=$PT_}Q%&0T@2i$ zwGC@ZE^A62YeOS9DU9me5#`(wv24fK=C)N$>!!6V#6rX3xiHehfdvwWJ>_fwz9l)o`Vw9yi z0p5BgvIM5o_ zgo-xaAkS_mya8FXo1Ke4;U*7TGSfm0!fb4{E5Ar8T3p!Z@4;FYT8m=d`C@4-LM121 z?6W@9d@52vxUT-6K_;1!SE%FZHcm0U$SsC%QB zxkTrfH;#Y7OYPy!nt|k^Lgz}uYudos9wI^8x>Y{fTzv9gfTVXN2xH`;Er=rTeAO1x znaaJOR-I)qwD4z%&dDjY)@s`LLSd#FoD!?NY~9#wQRTHpD7Vyyq?tKUHKv6^VE93U zt_&ePH+LM-+9w-_9rvc|>B!oT>_L59nipM-@ITy|x=P%Ezu@Y?N!?jpwP%lm;0V5p z?-$)m84(|7vxV<6f%rK3!(R7>^!EuvA&j@jdTI+5S1E{(a*wvsV}_)HDR&8iuc#>+ zMr^2z*@GTnfDW-QS38OJPR3h6U&mA;vA6Pr)MoT7%NvA`%a&JPi|K8NP$b1QY#WdMt8-CDA zyL0UXNpZ?x=tj~LeM0wk<0Dlvn$rtjd$36`+mlf6;Q}K2{%?%EQ+#FJy6v5cS+Q-~ ztk||Iwr$(CZQHi38QZF;lFFBNt+mg2*V_AhzkM<8#>E_S^xj8%T5tXTytD6f)vePG z^B0Ne-*6Pqg+rVW?%FGHLhl^ycQM-dhNCr)tGC|XyES*NK%*4AnZ!V+Zu?x zV2a82fs8?o?X} zjC1`&uo1Ti*gaP@E43NageV^$Xue3%es2pOrLdgznZ!_a{*`tfA+vnUv;^Ebi3cc$?-kh76PqA zMpL!y(V=4BGPQSU)78q~N}_@xY5S>BavY3Sez-+%b*m0v*tOz6zub9%*~%-B)lb}t zy1UgzupFgf?XyMa+j}Yu>102tP$^S9f7;b7N&8?_lYG$okIC`h2QCT_)HxG1V4Uv{xdA4k3-FVY)d}`cmkePsLScG&~@wE?ix2<(G7h zQ7&jBQ}Kx9mm<0frw#BDYR7_HvY7En#z?&*FurzdDNdfF znCL1U3#iO`BnfPyM@>;#m2Lw9cGn;(5*QN9$zd4P68ji$X?^=qHraP~Nk@JX6}S>2 zhJz4MVTib`OlEAqt!UYobU0-0r*`=03)&q7ubQXrt|t?^U^Z#MEZV?VEin3Nv1~?U zuwwSeR10BrNZ@*h7M)aTxG`D(By$(ZP#UmBGf}duX zhx;7y1x@j2t5sS#QjbEPIj95hV8*7uF6c}~NBl5|hgbB(}M3vnt zu_^>@s*Bd>w;{6v53iF5q7Em>8n&m&MXL#ilSzuC6HTzzi-V#lWoX zBOSBYm|ti@bXb9HZ~}=dlV+F?nYo3?YaV2=N@AI5T5LWWZzwvnFa%w%C<$wBkc@&3 zyUE^8xu<=k!KX<}XJYo8L5NLySP)cF392GK97(ylPS+&b}$M$Y+1VDrJa`GG7+%ToAsh z5NEB9oVv>as?i7f^o>0XCd%2wIaNRyejlFws`bXG$Mhmb6S&shdZKo;p&~b4wv$ z?2ZoM$la+_?cynm&~jEi6bnD;zSx<0BuCSDHGSssT7Qctf`0U!GDwG=+^|-a5%8Ty z&Q!%m%geLjBT*#}t zv1wDzuC)_WK1E|H?NZ&-xr5OX(ukXMYM~_2c;K}219agkgBte_#f+b9Al8XjL-p}1 z8deBZFjplH85+Fa5Q$MbL>AfKPxj?6Bib2pevGxIGAG=vr;IuuC%sq9x{g4L$?Bw+ zvoo`E)3#bpJ{Ij>Yn0I>R&&5B$&M|r&zxh+q>*QPaxi2{lp?omkCo~7ibow#@{0P> z&XBocU8KAP3hNPKEMksQ^90zB1&&b1Me>?maT}4xv7QHA@Nbvt-iWy7+yPFa9G0DP zP82ooqy_ku{UPv$YF0kFrrx3L=FI|AjG7*(paRLM0k1J>3oPxU0Zd+4&vIMW>h4O5G zej2N$(e|2Re z@8xQ|uUvbA8QVXGjZ{Uiolxb7c7C^nW`P(m*Jkqn)qdI0xTa#fcK7SLp)<86(c`A3 zFNB4y#NHe$wYc7V)|=uiW8gS{1WMaJhDj4xYhld;zJip&uJ{Jg3R`n+jywDc*=>bW zEqw(_+j%8LMRrH~+M*$V$xn9x9P&zt^evq$P`aSf-51`ZOKm(35OEUMlO^$>%@b?a z>qXny!8eV7cI)cb0lu+dwzGH(Drx1-g+uDX;Oy$cs+gz~?LWif;#!+IvPR6fa&@Gj zwz!Vw9@-Jm1QtYT?I@JQf%`=$^I%0NK9CJ75gA}ff@?I*xUD7!x*qcyTX5X+pS zAVy4{51-dHKs*OroaTy;U?zpFS;bKV7wb}8v+Q#z<^$%NXN(_hG}*9E_DhrRd7Jqp zr}2jKH{avzrpXj?cW{17{kgKql+R(Ew55YiKK7=8nkzp7Sx<956tRa(|yvHlW zNO7|;GvR(1q}GrTY@uC&ow0me|8wE(PzOd}Y=T+Ih8@c2&~6(nzQrK??I7DbOguA9GUoz3ASU%BFCc8LBsslu|nl>q8Ag(jA9vkQ`q2amJ5FfA7GoCdsLW znuok(diRhuN+)A&`rH{$(HXWyG2TLXhVDo4xu?}k2cH7QsoS>sPV)ylb45Zt&_+1& zT)Yzh#FHRZ-z_Q^8~IZ+G~+qSw-D<{0NZ5!J1%rAc`B23T98TMh9ylkzdk^O?W`@C??Z5U9#vi0d<(`?9fQvNN^ji;&r}geU zSbKR5Mv$&u8d|iB^qiLaZQ#@)%kx1N;Og8Js>HQD3W4~pI(l>KiHpAv&-Ev45z(vYK<>p6 z6#pU(@rUu{i9UngMhU&FI5yeRub4#u=9H+N>L@t}djC(Schr;gc90n%)qH{$l0L4T z;=R%r>CuxH!O@+eBR`rBLrT0vnP^sJ^+qE^C8ZY0-@te3SjnJ)d(~HcnQw@`|qAp|Trrs^E*n zY1!(LgVJfL?@N+u{*!Q97N{Uu)ZvaN>hsM~J?*Qvqv;sLnXHjKrtG&x)7tk?8%AHI zo5eI#`qV1{HmUf-Fucg1xn?Kw;(!%pdQ)ai43J3NP4{%x1D zI0#GZh8tjRy+2{m$HyI(iEwK30a4I36cSht3MM85UqccyUq6$j5K>|w$O3>`Ds;`0736+M@q(9$(`C6QZQ-vAKjIXKR(NAH88 zwfM6_nGWlhpy!_o56^BU``%TQ%tD4hs2^<2pLypjAZ;W9xAQRfF_;T9W-uidv{`B z{)0udL1~tMg}a!hzVM0a_$RbuQk|EG&(z*{nZXD3hf;BJe4YxX8pKX7VaIjjDP%sk zU5iOkhzZ&%?A@YfaJ8l&H;it@;u>AIB`TkglVuy>h;vjtq~o`5NfvR!ZfL8qS#LL` zD!nYHGzZ|}BcCf8s>b=5nZRYV{)KK#7$I06s<;RyYC3<~`mob_t2IfR*dkFJyL?FU zvuo-EE4U(-le)zdgtW#AVA~zjx*^80kd3A#?vI63pLnW2{j*=#UG}ISD>=ZGA$H&` z?Nd8&11*4`%MQlM64wfK`{O*ad5}vk4{Gy}F98xIAsmjp*9P=a^yBHBjF2*Iibo2H zGJAMFDjZcVd%6bZ`dz;I@F55VCn{~RKUqD#V_d{gc|Z|`RstPw$>Wu+;SY%yf1rI=>51Oolm>cnjOWHm?ydcgGs_kPUu=?ZKtQS> zKtLS-v$OMWXO>B%Z4LFUgw4MqA?60o{}-^6tf(c0{Y3|yF##+)RoXYVY-lyPhgn{1 z>}yF0Ab}D#1*746QAj5c%66>7CCWs8O7_d&=Ktu!SK(m}StvvBT1$8QP3O2a*^BNA z)HPhmIi*((2`?w}IE6Fo-SwzI_F~OC7OR}guyY!bOQfpNRg3iMvsFPYb9-;dT6T%R zhLwIjgiE^-9_4F3eMHZ3LI%bbOmWVe{SONpujQ;3C+58=Be4@yJK>3&@O>YaSdrevAdCLMe_tL zl8@F}{Oc!aXO5!t!|`I zdC`k$5z9Yf%RYJp2|k*DK1W@AN23W%SD0EdUV^6~6bPp_HZi0@dku_^N--oZv}wZA zH?Bf`knx%oKB36^L;P%|pf#}Tp(icw=0(2N4aL_Ea=9DMtF})2ay68V{*KfE{O=xL zf}tcfCL|D$6g&_R;r~1m{+)sutQPKzVv6Zw(%8w&4aeiy(qct1x38kiqgk!0^^X3IzI2ia zxI|Q)qJNEf{=I$RnS0`SGMVg~>kHQB@~&iT7+eR!Ilo1ZrDc3TVW)CvFFjHK4K}Kh z)dxbw7X%-9Ol&Y4NQE~bX6z+BGOEIIfJ~KfD}f4spk(m62#u%k<+iD^`AqIhWxtKGIm)l$7=L`=VU0Bz3-cLvy&xdHDe-_d3%*C|Q&&_-n;B`87X zDBt3O?Wo-Hg6*i?f`G}5zvM?OzQjkB8uJhzj3N;TM5dSM$C@~gGU7nt-XX_W(p0IA6$~^cP*IAnA<=@HVqNz=Dp#Rcj9_6*8o|*^YseK_4d&mBY*Y&q z8gtl;(5%~3Ehpz)bLX%)7|h4tAwx}1+8CBtu9f5%^SE<&4%~9EVn4*_!r}+{^2;} zwz}#@Iw?&|8F2LdXUIjh@kg3QH69tqxR_FzA;zVpY=E zcHnWh(3j3UXeD=4m_@)Ea4m#r?axC&X%#wC8FpJPDYR~@65T?pXuWdPzEqXP>|L`S zKYFF0I~%I>SFWF|&sDsRdXf$-TVGSoWTx7>7mtCVUrQNVjZ#;Krobgh76tiP*0(5A zs#<7EJ#J`Xhp*IXB+p5{b&X3GXi#b*u~peAD9vr0*Vd&mvMY^zxTD=e(`}ybDt=BC(4q)CIdp>aK z0c?i@vFWjcbK>oH&V_1m_EuZ;KjZSiW^i30U` zGLK{%1o9TGm8@gy+Rl=-5&z`~Un@l*2ne3e9B+>wKyxuoUa1qhf?-Pi= zZLCD-b7*(ybv6uh4b`s&Ol3hX2ZE<}N@iC+h&{J5U|U{u$XK0AJz)!TSX6lrkG?ris;y{s zv`B5Rq(~G58?KlDZ!o9q5t%^E4`+=ku_h@~w**@jHV-+cBW-`H9HS@o?YUUkKJ;AeCMz^f@FgrRi@?NvO3|J zBM^>4Z}}!vzNum!R~o0)rszHG(eeq!#C^wggTgne^2xc9nIanR$pH1*O;V>3&#PNa z7yoo?%T(?m-x_ow+M0Bk!@ow>A=skt&~xK=a(GEGIWo4AW09{U%(;CYLiQIY$bl3M zxC_FGKY%J`&oTS{R8MHVe{vghGEshWi!(EK*DWmoOv|(Ff#(bZ-<~{rc|a%}Q4-;w z{2gca97m~Nj@Nl{d)P`J__#Zgvc@)q_(yfrF2yHs6RU8UXxcU(T257}E#E_A}%2_IW?%O+7v((|iQ{H<|$S7w?;7J;iwD>xbZc$=l*(bzRXc~edIirlU0T&0E_EXfS5%yA zs0y|Sp&i`0zf;VLN=%hmo9!aoLGP<*Z7E8GT}%)cLFs(KHScNBco(uTubbxCOD_%P zD7XlHivrSWLth7jf4QR9`jFNk-7i%v4*4fC*A=;$Dm@Z^OK|rAw>*CI%E z3%14h-)|Q%_$wi9=p!;+cQ*N1(47<49TyB&B*bm_m$rs+*ztWStR~>b zE@V06;x19Y_A85N;R+?e?zMTIqdB1R8>(!4_S!Fh={DGqYvA0e-P~2DaRpCYf4$-Q z*&}6D!N_@s`$W(|!DOv%>R0n;?#(HgaI$KpHYpnbj~I5eeI(u4CS7OJajF%iKz)*V zt@8=9)tD1ML_CrdXQ81bETBeW!IEy7mu4*bnU--kK;KfgZ>oO>f)Sz~UK1AW#ZQ_ic&!ce~@(m2HT@xEh5u%{t}EOn8ET#*U~PfiIh2QgpT z%gJU6!sR2rA94u@xj3%Q`n@d}^iMH#X>&Bax+f4cG7E{g{vlJQ!f9T5wA6T`CgB%6 z-9aRjn$BmH=)}?xWm9bf`Yj-f;%XKRp@&7?L^k?OT_oZXASIqbQ#eztkW=tmRF$~% z6(&9wJuC-BlGrR*(LQKx8}jaE5t`aaz#Xb;(TBK98RJBjiqbZFyRNTOPA;fG$;~e` zsd6SBii3^(1Y`6^#>kJ77xF{PAfDkyevgox`qW`nz1F`&w*DH5Oh1idOTLES>DToi z8Qs4|?%#%>yuQO1#{R!-+2AOFznWo)e3~_D!nhoDgjovB%A8< zt%c^KlBL$cDPu!Cc`NLc_8>f?)!FGV7yudL$bKj!h;eOGkd;P~sr6>r6TlO{Wp1%xep8r1W{`<4am^(U} z+nCDP{Z*I?IGBE&*KjiaR}dpvM{ZFMW%P5Ft)u$FD373r2|cNsz%b0uk1T+mQI@4& zFF*~xDxDRew1Bol-*q>F{Xw8BUO;>|0KXf`lv7IUh%GgeLUzR|_r(TXZTbfXFE0oc zmGMwzNFgkdg><=+3MnncRD^O`m=SxJ6?}NZ8BR)=ag^b4Eiu<_bN&i0wUaCGi60W6 z%iMl&`h8G)y`gfrVw$={cZ)H4KSQO`UV#!@@cDx*hChXJB7zY18EsIo1)tw0k+8u; zg(6qLysbxVbLFbkYqKbEuc3KxTE+%j5&k>zHB8_FuDcOO3}FS|eTxoUh2~|Bh?pD| zsmg(EtMh`@s;`(r!%^xxDt(5wawK+*jLl>_Z3shaB~vdkJ!V3RnShluzmwn7>PHai z3avc`)jZSAvTVC6{2~^CaX49GXMtd|sbi*swkgoyLr=&yp!ASd^mIC^D;a|<=3pSt zM&0u%#%DGzlF4JpMDs~#kU;UCtyW+d3JwNiu`Uc7Yi6%2gfvP_pz8I{Q<#25DjM_D z(>8yI^s@_tG@c=cPoZImW1CO~`>l>rs=i4BFMZT`vq5bMOe!H@8q@sEZX<-kiY&@u3g1YFc zc@)@OF;K-JjI(eLs~hy8qOa9H1zb!3GslI!nH2DhP=p*NLHeh^9WF?4Iakt+b( z-4!;Q-8c|AX>t+5I64EKpDj4l2x*!_REy9L_9F~i{)1?o#Ws{YG#*}lg_zktt#ZlN zmoNsGm7$AXLink`GWtY*TZEH!J9Qv+A1y|@>?&(pb(6XW#ZF*}x*{60%wnt{n8Icp zq-Kb($kh6v_voqvA`8rq!cgyu;GaWZ>C2t6G5wk! zcKTlw=>KX3ldU}a1%XESW71))Z=HW%sMj2znJ;fdN${00DGGO}d+QsTQ=f;BeZ`eC~0-*|gn$9G#`#0YbT(>O(k&!?2jI z&oi9&3n6Vz<4RGR}h*1ggr#&0f%Op(6{h>EEVFNJ0C>I~~SmvqG+{RXDrexBz zw;bR@$Wi`HQ3e*eU@Cr-4Z7g`1R}>3-Qej(#Dmy|CuFc{Pg83Jv(pOMs$t(9vVJQJ zXqn2Ol^MW;DXq!qM$55vZ{JRqg!Q1^Qdn&FIug%O3=PUr~Q`UJuZ zc`_bE6i^Cp_(fka&A)MsPukiMyjG$((zE$!u>wyAe`gf-1Qf}WFfi1Y{^ zdCTTrxqpQE#2BYWEBnTr)u-qGSVRMV7HTC(x zb(0FjYH~nW07F|{@oy)rlK6CCCgyX?cB;19Z(bCP5>lwN0UBF}Ia|L0$oGHl-oSTZ zr;(u7nDjSA03v~XoF@ULya8|dzH<2G=n9A)AIkQKF0mn?!BU(ipengAE}6r`CE!jd z=EcX8exgDZZQ~~fgxR-2yF;l|kAfnjhz|i_o~cYRdhnE~1yZ{s zG!kZJ<-OVnO{s3bOJK<)`O;rk>=^Sj3M76Nqkj<_@Jjw~iOkWUCL+*Z?+_Jvdb!0cUBy=(5W9H-r4I zxAFts>~r)B>KXdQANyaeKvFheZMgoq4EVV0|^NR@>ea* zh%<78{}wsdL|9N1!jCN-)wH4SDhl$MN^f_3&qo?>Bz#?c{ne*P1+1 z!a`(2Bxy`S^(cw^dv{$cT^wEQ5;+MBctgPfM9kIQGFUKI#>ZfW9(8~Ey-8`OR_XoT zflW^mFO?AwFWx9mW2-@LrY~I1{dlX~jBMt!3?5goHeg#o0lKgQ+eZcIheq@A&dD}GY&1c%hsgo?z zH>-hNgF?Jk*F0UOZ*bs+MXO(dLZ|jzKu5xV1v#!RD+jRrHdQ z>>b){U(I@i6~4kZXn$rk?8j(eVKYJ2&k7Uc`u01>B&G@c`P#t#x@>Q$N$1aT514fK zA_H8j)UKen{k^ehe%nbTw}<JV6xN_|| z(bd-%aL}b z3VITE`N~@WlS+cV>C9TU;YfsU3;`+@hJSbG6aGvis{Gs%2K|($)(_VfpHB|DG8Nje+0tCNW%_cu3hk0F)~{-% zW{2xSu@)Xnc`Dc%AOH)+LT97ImFR*WekSnJ3OYIs#ijP4TD`K&7NZKsfZ;76k@VD3py?pSw~~r^VV$Z zuUl9lF4H2(Qga0EP_==vQ@f!FLC+Y74*s`Ogq|^!?RRt&9e9A&?Tdu=8SOva$dqgYU$zkKD3m>I=`nhx-+M;-leZgt z8TeyQFy`jtUg4Ih^JCUcq+g_qs?LXSxF#t+?1Jsr8c1PB#V+f6aOx@;ThTIR4AyF5 z3m$Rq(6R}U2S}~Bn^M0P&Aaux%D@ijl0kCCF48t)+Y`u>g?|ibOAJoQGML@;tn{%3IEMaD(@`{7ByXQ`PmDeK*;W?| zI8%%P8%9)9{9DL-zKbDQ*%@Cl>Q)_M6vCs~5rb(oTD%vH@o?Gk?UoRD=C-M|w~&vb z{n-B9>t0EORXd-VfYC>sNv5vOF_Wo5V)(Oa%<~f|EU7=npanpVX^SxPW;C!hMf#kq z*vGNI-!9&y!|>Zj0V<~)zDu=JqlQu+ii387D-_U>WI_`3pDuHg{%N5yzU zEulPN)%3&{PX|hv*rc&NKe(bJLhH=GPuLk5pSo9J(M9J3v)FxCo65T%9x<)x+&4Rr2#nu2?~Glz|{28OV6 z)H^`XkUL|MG-$XE=M4*fIPmeR2wFWd>5o*)(gG^Y>!P4(f z68RkX0cRBOFc@`W-IA(q@p@m>*2q-`LfujOJ8-h$OgHte;KY4vZKTxO95;wh#2ZDL zKi8aHkz2l54lZd81t`yY$Tq_Q2_JZ1d(65apMg}vqwx=ceNOWjFB)6m3Q!edw2<{O z4J6+Un(E8jxs-L-K_XM_VWahy zE+9fm_ZaxjNi{fI_AqLKqhc4IkqQ4`Ut$=0L)nzlQw^%i?bP~znsbMY3f}*nPWqQZ zz_CQDpZ?Npn_pEr`~SX1`OoSkS;bmzQ69y|W_4bH3&U3F7EBlx+t%2R02VRJ01cfX zo$$^ObDHK%bHQaOcMpCq@@Jp8!OLYVQO+itW1ZxlkmoG#3FmD4b61mZjn4H|pSmYi2YE;I#@jtq8Mhjdgl!6({gUsQA>IRXb#AyWVt7b=(HWGUj;wd!S+q z4S+H|y<$yPrrrTqQHsa}H`#eJFV2H5Dd2FqFMA%mwd`4hMK4722|78d(XV}rz^-GV(k zqsQ>JWy~cg_hbp0=~V3&TnniMQ}t#INg!o2lN#H4_gx8Tn~Gu&*ZF8#kkM*5gvPu^ zw?!M^05{7q&uthxOn?%#%RA_%y~1IWly7&_-sV!D=Kw3DP+W)>YYRiAqw^d7vG_Q%v;tRbE1pOBHc)c&_5=@wo4CJTJ1DeZErEvP5J(kc^GnGYX z|LqQjTkM{^gO2cO#-(g!7^di@$J0ibC(vsnVkHt3osnWL8?-;R1BW40q5Tmu_9L-s z7fNF5fiuS-%B%F$;D97N-I@!~c+J>nv%mzQ5vs?1MgR@XD*Gv`A{s8 z5Cr>z5j?|sb>n=c*xSKHpdy667QZT?$j^Doa%#m4ggM@4t5Oe%iW z@w~j_B>GJJkO+6dVHD#CkbC(=VMN8nDkz%44SK62N(ZM#AsNz1KW~3(i=)O;q5JrK z?vAVuL}Rme)OGQuLn8{3+V352UvEBV^>|-TAAa1l-T)oiYYD&}Kyxw73shz?Bn})7 z_a_CIPYK(zMp(i+tRLjy4dV#CBf3s@bdmwXo`Y)dRq9r9-c@^2S*YoNOmAX%@OYJOXs zT*->in!8Ca_$W8zMBb04@|Y)|>WZ)-QGO&S7Zga1(1#VR&)X+MD{LEPc%EJCXIMtr z1X@}oNU;_(dfQ_|kI-iUSTKiVzcy+zr72kq)TIp(GkgVyd%{8@^)$%G)pA@^Mfj71FG%d?sf(2Vm>k%X^RS`}v0LmwIQ7!_7cy$Q8pT?X1VWecA_W68u==HbrU& z@&L6pM0@8ZHL?k{6+&ewAj%grb6y@0$3oamTvXsjGmPL_$~OpIyIq%b$(uI1VKo zk_@{r>1p84UK3}B>@d?xUZ}dJk>uEd+-QhwFQ`U?rA=jj+$w8sD#{492P}~R#%z%0 z5dlltiAaiPKv9fhjmuy{*m!C22$;>#85EduvdSrFES{QO$bHpa7E@&{bWb@<7VhTF zXCFS_wB>7*MjJ3$_i4^A2XfF2t7`LOr3B@??OOUk=4fKkaHne4RhI~Lm$JrHfUU*h zgD9G66;_F?3>0W{pW2A^DR7Bq`ZUiSc${S8EM>%gFIqAw0du4~kU#vuCb=$I_PQv? zZfEY7X6c{jJZ@nF&T>4oyy(Zr_XqnMq)ZtGPASbr?IhZOnL|JKY()`eo=P5UK9(P-@ zOJKFogtk|pscVD+#$7KZs^K5l4gC}*CTd0neZ8L(^&1*bPrCp23%{VNp`4Ld*)Fly z)b|zb*bCzp?&X3_=qLT&0J+=p01&}9*xbk~^hd^@mV!Ha`1H+M&60QH2c|!Ty`RepK|H|Moc5MquD z=&$Ne3%WX+|7?iiR8=7*LW9O3{O%Z6U6`VekeF8lGr5vd)rsZu@X#5!^G1;nV60cz zW?9%HgD}1G{E(YvcLcIMQR65BP50)a;WI*tjRzL7diqRqh$3>OK{06VyC=pj6OiardshTnYfve5U>Tln@y{DC99f!B4> zCrZa$B;IjDrg}*D5l=CrW|wdzENw{q?oIj!Px^7DnqAsU7_=AzXxoA;4(YvN5^9ag zwEd4-HOlO~R0~zk>!4|_Z&&q}agLD`Nx!%9RLC#7fK=w06e zOK<>|#@|e2zjwZ5aB>DJ%#P>k4s0+xHJs@jROvoDQfSoE84l8{9y%5^POiP+?yq0> z7+Ymbld(s-4p5vykK@g<{X*!DZt1QWXKGmj${`@_R~=a!qPzB357nWW^KmhV!^G3i zsYN{2_@gtzsZH*FY!}}vNDnqq>kc(+7wK}M4V*O!M&GQ|uj>+8!Q8Ja+j3f*MzwcI z^s4FXGC=LZ?il4D+Y^f89wh!d7EU-5dZ}}>_PO}jXRQ@q^CjK-{KVnmFd_f&IDKmx zZ5;PDLF%_O);<4t`WSMN;Ec^;I#wU?Z?_R|Jg`#wbq;UM#50f@7F?b7ySi-$C-N;% zqXowTcT@=|@~*a)dkZ836R=H+m6|fynm#0Y{KVyYU=_*NHO1{=Eo{^L@wWr7 zjz9GOu8Fd&v}a4d+}@J^9=!dJRsCO@=>K6UCM)Xv6};tb)M#{(k!i}_0Rjq z2kb7wPcNgov%%q#(1cLykjrxAg)By+3QueBR>Wsep&rWQHq1wE!JP+L;q+mXts{j@ zOY@t9BFmofApO0k@iBFPeKsV3X=|=_t65QyohXMSfMRr7Jyf8~ogPVmJwbr@`nmml zov*NCf;*mT(5s4K=~xtYy8SzE66W#tW4X#RnN%<8FGCT{z#jRKy@Cy|!yR`7dsJ}R z!eZzPCF+^b0qwg(mE=M#V;Ud9)2QL~ z-r-2%0dbya)%ui_>e6>O3-}4+Q!D+MU-9HL2tH)O`cMC1^=rA=q$Pcc;Zel@@ss|K zH*WMdS^O`5Uv1qNTMhM(=;qjhaJ|ZC41i2!kt4;JGlXQ$tvvF8Oa^C@(q6(&6B^l) zNG{GaX?`qROHwL-F1WZDEF;C6Inuv~1&ZuP3j53547P38tr|iPH#3&hN*g0R^H;#) znft`cw0+^Lwe{!^kQat+xjf_$SZ05OD6~U`6njelvd+4pLZU(0ykS5&S$)u?gm!;} z+gJ8g12b1D4^2HH!?AHFAjDAP^q)Juw|hZfIv{3Ryn%4B^-rqIF2 zeWk^za4fq#@;re{z4_O|Zj&Zn{2WsyI^1%NW=2qA^iMH>u>@;GAYI>Bk~u0wWQrz* zdEf)7_pSYMg;_9^qrCzvv{FZYwgXK}6e6ceOH+i&+O=x&{7aRI(oz3NHc;UAxMJE2 zDb0QeNpm$TDcshGWs!Zy!shR$lC_Yh-PkQ`{V~z!AvUoRr&BAGS#_*ZygwI2-)6+a zq|?A;+-7f0Dk4uuht z6sWPGl&Q$bev1b6%aheld88yMmBp2j=z*egn1aAWd?zN=yEtRDGRW&nmv#%OQwuJ; zqKZ`L4DsqJwU{&2V9f>2`1QP7U}`6)$qxTNEi`4xn!HzIY?hDnnJZw+mFnVSry=bLH7ar+M(e9h?GiwnOM?9ZJcTJ08)T1-+J#cr&uHhXkiJ~}&(}wvzCo33 zLd_<%rRFQ3d5fzKYQy41<`HKk#$yn$Q+Fx-?{3h72XZrr*uN!5QjRon-qZh9-uZ$rWEKZ z!dJMP`hprNS{pzqO`Qhx`oXGd{4Uy0&RDwJ`hqLw4v5k#MOjvyt}IkLW{nNau8~XM z&XKeoVYreO=$E%z^WMd>J%tCdJx5-h+8tiawu2;s& zD7l`HV!v@vcX*qM(}KvZ#%0VBIbd)NClLBu-m2Scx1H`jyLYce;2z;;eo;ckYlU53 z9JcQS+CvCwj*yxM+e*1Vk6}+qIik2VzvUuJyWyO}piM1rEk%IvS;dsXOIR!#9S;G@ zPcz^%QTf9D<2~VA5L@Z@FGQqwyx~Mc-QFzT4Em?7u`OU!PB=MD8jx%J{<`tH$Kcxz zjIvb$x|`s!-^^Zw{hGV>rg&zb;=m?XYAU0LFw+uyp8v@Y)zmjj&Ib7Y1@r4`cfrS%cVxJiw`;*BwIU*6QVsBBL;~nw4`ZFqs z1YSgLVy=rvA&GQB4MDG+j^)X1N=T;Ty2lE-`zrg(dNq?=Q`nCM*o8~A2V~UPArX<| zF;e$5B0hPSo56=ePVy{nah#?e-Yi3g*z6iYJ#BFJ-5f0KlQ-PRiuGwe29fyk1T6>& zeo2lvb%h9Vzi&^QcVNp}J!x&ubtw5fKa|n2XSMlg#=G*6F|;p)%SpN~l8BaMREDQN z-c9O}?%U1p-ej%hzIDB!W_{`9lS}_U==fdYpAil1E3MQOFW^u#B)Cs zTE3|YB0bKpXuDKR9z&{4gNO3VHDLB!xxPES+)yaJxo<|}&bl`F21};xsQnc!*FPZA zSct2IU3gEu@WQKmY-vA5>MV?7W|{$rAEj4<8`*i)<%fj*gDz2=ApqZ&MP&0UmO1?q!GN=di+n(#bB_mHa z(H-rIOJqamMfwB%?di!TrN=x~0jOJtvb0e9uu$ZCVj(gJyK}Fa5F2S?VE30P{#n3eMy!-v7e8viCooW9cfQx%xyPNL*eDKL zB=X@jxulpkLfnar7D2EeP*0L7c9urDz{XdV;@tO;u`7DlN7#~ zAKA~uM2u8_<5FLkd}OzD9K zO5&hbK8yakUXn8r*H9RE zO9Gsipa2()=&x=1mnQtNP#4m%GXThu8Ccqx*qb;S{5}>bU*V5{SY~(Hb={cyTeaTM zMEaKedtJf^NnJrwQ^Bd57vSlJ3l@$^0QpX@_1>h^+js8QVpwOiIMOiSC_>3@dt*&| zV?0jRdlgn|FIYam0s)a@5?0kf7A|GD|dRnP1=B!{ldr;N5s)}MJ=i4XEqlC}w)LEJ}7f9~c!?It(s zu>b=YBlFRi(H-%8A!@Vr{mndRJ z_jx*?BQpK>qh`2+3cBJhx;>yXPjv>dQ0m+nd4nl(L;GmF-?XzlMK zP(Xeyh7mFlP#=J%i~L{o)*sG7H5g~bnL2Hn3y!!r5YiYRzgNTvgL<(*g5IB*gcajK z86X3LoW*5heFmkIQ-I_@I_7b!Xq#O;IzOv(TK#(4gd)rmCbv5YfA4koRfLydaIXUU z8(q?)EWy!sjsn-oyUC&uwJqEXdlM}#tmD~*Ztav=mTQyrw0^F=1I5lj*}GSQTQOW{ z=O12;?fJfXxy`)ItiDB@0sk43AZo_sRn*jc#S|(2*%tH84d|UTYN!O4R(G6-CM}84 zpiyYJ^wl|w@!*t)dwn0XJv2kuHgbfNL$U6)O-k*~7pQ?y=sQJdKk5x`1>PEAxjIWn z{H$)fZH4S}%?xzAy1om0^`Q$^?QEL}*ZVQK)NLgmnJ`(we z21c23X1&=^>k;UF-}7}@nzUf5HSLUcOYW&gsqUrj7%d$)+d8ZWwTZq)tOgc%fz95+ zl%sdl)|l|jXfqIcjKTFrX74Rbq1}osA~fXPSPE?XO=__@`7k4Taa!sHE8v-zfx(AM zXT_(7u;&_?4ZIh%45x>p!(I&xV|IE**qbqCRGD5aqLpCRvrNy@uT?iYo-FPpu`t}J zSTZ}MDrud+`#^14r`A%UoMvN;raizytxMBV$~~y3i0#m}0F}Dj_fBIz+)1RWdnctP z>^O^vd0E+jS+$V~*`mZWER~L^q?i-6RPxxufWdrW=%prbCYT{5>Vgu%vPB)~NN*2L zB?xQg2K@+Xy=sPh$%10LH!39p&SJG+3^i*lFLn=uY8Io6AXRZf;p~v@1(hWsFzeKzx99_{w>r;cypkPVJCKtLGK>?-K0GE zGH>$g?u`)U_%0|f#!;+E>?v>qghuBwYZxZ*Q*EE|P|__G+OzC-Z+}CS(XK^t!TMoT zc+QU|1C_PGiVp&_^wMxfmMAuJDQ%1p4O|x5DljN6+MJiO%8s{^ts8$uh5`N~qK46c`3WY#hRH$QI@*i1OB7qBIN*S2gK#uVd{ zik+wwQ{D)g{XTGjKV1m#kYhmK#?uy)g@idi&^8mX)Ms`^=hQGY)j|LuFr8SJGZjr| zzZf{hxYg)-I^G|*#dT9Jj)+wMfz-l7ixjmwHK9L4aPdXyD-QCW!2|Jn(<3$pq-BM; zs(6}egHAL?8l?f}2FJSkP`N%hdAeBiD{3qVlghzJe5s9ZUMd`;KURm_eFaK?d&+TyC88v zCv2R(Qg~0VS?+p+l1e(aVq`($>|0b{{tPNbi} zaZDffTZ7N|t2D5DBv~aX#X+yGagWs1JRsqbr4L8a`B`m) z1p9?T`|*8ZXHS7YD8{P1Dk`EGM`2Yjsy0=7M&U6^VO30`Gx!ZkUoqmc3oUbd&)V*iD08>dk=#G!*cs~^tOw^s8YQqYJ z!5=-4ZB7rW4mQF&YZw>T_in-c9`0NqQ_5Q}fq|)%HECgBd5KIo`miEcJ>~a1e2B@) zL_rqoQ;1MowD34e6#_U+>D`WcnG5<2Q6cnt4Iv@NC$*M+i3!c?6hqPJLsB|SJ~xo! zm>!N;b0E{RX{d*in3&0w!cmB&TBNEjhxdg!fo+}iGE*BWV%x*46rT@+cXU;leofWy zxst{S8m!_#hIhbV7wfWN#th8OI5EUr3IR_GOIzBgGW1u4J*TQxtT7PXp#U#EagTV* zehVkBFF06`@5bh!t%L)-)`p|d7D|^kED7fsht#SN7*3`MKZX};Jh0~nCREL_BGqNR zxpJ4`V{%>CAqEE#Dt95u=;Un8wLhrac$fao`XlNsOH%&Ey2tK&vAcriS1kXnntDuttcN{%YJz@!$T zD&v6ZQ>zS1`o!qT=JK-Y+^i~bZkVJpN8%<4>HbuG($h9LP;{3DJF_Jcl8CA5M~<3s^!$Sg62zLEnJtZ z0`)jwK75Il6)9XLf(64~`778D6-#Ie1IR2Ffu+_Oty%$8u+bP$?803V5W6%(+iZzp zp5<&sBV&%CJcXUIATUakP1czt$&0x$lyoLH!ueNaIpvtO z*eCijxOv^-D?JaLzH<3yhOfDENi@q#4w(#tl-19(&Yc2K%S8Y&r{3~-)P17sC1{rQ zOy>IZ6%814_UoEi+w9a4XyGXF66{rgE~UT)oT4x zg9oIx@|{KL#VpTyE=6WK@Sbd9RKEEY)5W{-%0F^6(QMuT$RQRZ&yqfyF*Z$f8>{iT zq(;UzB-Ltv;VHvh4y%YvG^UEkvpe9ugiT97ErbY0ErCEOWs4J=kflA!*Q}gMbEP`N zY#L`x9a?E)*~B~t+7c8eR}VY`t}J;EWuJ-6&}SHnNZ8i0PZT^ahA@@HXk?c0{)6rC zP}I}_KK7MjXqn1E19gOwWvJ3i9>FNxN67o?lZy4H?n}%j|Dq$p%TFLUPJBD;R|*0O z3pLw^?*$9Ax!xy<&fO@;E2w$9nMez{5JdFO^q)B0OmGwkxxaDsEU+5C#g+?Ln-Vg@ z-=z4O*#*VJa*nujGnGfK#?`a|xfZsuiO+R}7y(d60@!WUIEUt>K+KTI&I z9YQ6#hVCo}0^*>yr-#Lisq6R?uI=Ms!J7}qm@B}Zu zp%f-~1Cf!-5S0xXl`oqq&fS=tt0`%dDWI&6pW(s zJXtYiY&~t>k5I0RK3sN;#8?#xO+*FeK#=C^%{Y>{k{~bXz%(H;)V5)DZRk~(_d0b6 zV!x54fwkl`1y;%U;n|E#^Vx(RGnuN|T$oJ^R%ZmI{8(9>U-K^QpDcT?Bb@|J0NAfvHtL#wP ziYupr2E5=_KS{U@;kyW7oy*+UTOiF*e+EhYqVcV^wx~5}49tBNSUHLH1=x}6L2Fl^4X4633$k!ZHZTL50Vq+a5+ z<}uglXQ<{x&6ey)-lq6;4KLHbR)_;Oo^FodsYSw3M-)FbLaBcPI=-ao+|))T2ksKb z{c%Fu`HR1dqNw8%>e0>HI2E_zNH1$+4RWfk}p-h(W@)7LC zwVnUO17y+~kw35CxVtokT44iF$l8XxYuetp)1Br${@lb(Q^e|q*5%7JNxp5B{r<09 z-~8o#rI1(Qb9FhW-igcsC6npf5j`-v!nCrAcVx5+S&_V2D>MOWp6cV$~Olhp2`F^Td{WV`2k4J`djb#M>5D#k&5XkMu*FiO(uP{SNX@(=)|Wm`@b> z_D<~{ip6@uyd7e3Rn+qM80@}Cl35~^)7XN?D{=B-4@gO4mY%`z!kMIZizhGtCH-*7 z{a%uB4usaUoJwbkVVj%8o!K^>W=(ZzRDA&kISY?`^0YHKe!()(*w@{w7o5lHd3(Us zUm-K=z&rEbOe$ackQ3XH=An;Qyug2g&vqf;zsRBldxA+=vNGoM$Zo9yT?Bn?`Hkiq z&h@Ss--~+=YOe@~JlC`CdSHy zcO`;bgMASYi6`WSw#Z|A;wQgH@>+I3OT6(*JgZZ_XQ!LrBJfVW2RK%#02|@V|H4&8DqslU6Zj(x!tM{h zRawG+Vy63_8gP#G!Eq>qKf(C&!^G$01~baLLk#)ov-Pqx~Du>%LHMv?=WBx2p2eV zbj5fjTBhwo&zeD=l1*o}Zs%SMxEi9yokhbHhY4N!XV?t8}?!?42E-B^Rh&ABFxovs*HeQ5{{*)SrnJ%e{){Z_#JH+jvwF7>Jo zE+qzWrugBwVOZou~oFa(wc7?`wNde>~HcC@>fA^o>ll?~aj-e|Ju z+iJzZg0y1@eQ4}rm`+@hH(|=gW^;>n>ydn!8%B4t7WL)R-D>mMw<7Wz6>ulFnM7QA ze2HEqaE4O6jpVq&ol3O$46r+DW@%glD8Kp*tFY#8oiSyMi#yEpVIw3#t?pXG?+H>v z$pUwT@0ri)_Bt+H(^uzp6qx!P(AdAI_Q?b`>0J?aAKTPt>73uL2(WXws9+T|%U)Jq zP?Oy;y6?{%J>}?ZmfcnyIQHh_jL;oD$`U#!v@Bf{5%^F`UiOX%)<0DqQ^nqA5Ac!< z1DPO5C>W0%m?MN*x(k>lDT4W3;tPi=&yM#Wjwc5IFNiLkQf`7GN+J*MbB4q~HVePM zeDj8YyA*btY&n!M9$tuOxG0)2um))hsVsY+(p~JnDaT7x(s2If0H_iRSju7!z7p|8 zzI`NV!1hHWX3m)?t68k6yNKvop{Z>kl)f5GV(~1InT4%9IxqhDX-rgj)Y|NYq_NTlZgz-)=Y$=x9L7|k0=m@6WQ<4&r=BX@pW25NtCI+N{e&`RGSpR zeb^`@FHm5?pWseZ6V08{R(ki}--13S2op~9Kzz;#cPgL}Tmrqd+gs(fJLTCM8#&|S z^L+7PbAhltJDyyxAVxqf(2h!RGC3$;hX@YNz@&JRw!m5?Q)|-tZ8u0D$4we+QytG^ zj0U_@+N|OJlBHdWPN!K={a$R1Zi{2%5QD}s&s-Xn1tY1cwh)8VW z$pjq>8sj4)?76EJs6bA0E&pfr^Vq`&Xc;Tl2T!fm+MV%!H|i0o;7A=zE?dl)-Iz#P zSY7QRV`qRc6b&rON`BValC01zSLQpVemH5y%FxK8m^PeNN(Hf1(%C}KPfC*L?Nm!nMW0@J3(J=mYq3DPk;TMs%h`-amWbc%7{1Lg3$ z^e=btuqch-lydbtLvazh+fx?87Q7!YRT(=-Vx;hO)?o@f1($e5B?JB9jcRd;zM;iE zu?3EqyK`@_5Smr#^a`C#M>sRwq2^|ym)X*r;0v6AM`Zz1aK94@9Ti)Lixun2N!e-A z>w#}xPxVd9AfaF$XTTff?+#D(xwOpjZj9-&SU%7Z-E2-VF-n#xnPeQH*67J=j>TL# z<v}>AiTXrQ(fYa%82%qlH=L z6Fg8@r4p+BeTZ!5cZlu$iR?EJpYuTx>cJ~{{B7KODY#o*2seq=p2U0Rh;3mX^9sza zk^R_l7jzL5BXWlrVkhh!+LQ-Nc0I`6l1mWkp~inn)HQWqMTWl4G-TBLglR~n&6J?4 z7J)IO{wkrtT!Csntw3H$Mnj>@;QbrxC&Shqn^VVu$Ls*_c~TTY~fri6fO-=eJsC*8(3(H zSyO>=B;G`qA398OvCHRvf3mabrPZaaLhn*+jeA`qI!gP&i8Zs!*bBqMXDJpSZG$N) zx0rDLvcO>EoqCTR)|n7eOp-jmd>`#w`6`;+9+hihW2WnKVPQ20LR94h+(p)R$Y!Q zj_3ZEY+e@NH0f6VjLND)sh+Cvfo3CpcXw?`$@a^@CyLrAKIpjL8G z`;cDLqvK=ER)$q)+6vMKlxn!!SzWl>Ib9Ys9L)L0IWr*Ox;Rk#(Dpqf;wapY_EYL8 zKFrV)Q8BBKO4$r2hON%g=r@lPE;kBUVYVG`uxx~QI>9>MCXw_5vnmDsm|^KRny929 zeKx>F(LDs#K4FGU*k3~GX`A!)l8&|tyan-rBHBm6XaB5hc5sGKWwibAD7&3M-gh1n z2?eI7E2u{(^z#W~wU~dHSfy|m)%PY454NBxED)y-T3AO`CLQxklcC1I@Y`v4~SEI#Cm> z-cjqK6I?mypZapi$ZK;y&G+|#D=woItrajg69VRD+Fu8*UxG6KdfFmFLE}HvBJ~Y) zC&c-hr~;H2Idnsz7_F~MKpBZldh)>itc1AL0>4knbVy#%pUB&9vqL1Kg*^aU`k#(p z=A%lur(|$GWSqILaWZ#2xj(&lheSiA|N6DOG?A|$!aYM)?oME6ngnfLw0CA79WA+y zhUeLbMw*VB?drVE_D~3DWVaD>8x?_q>f!6;)i3@W<=kBZBSE=uIU60SW)qct?AdM zXgti8&O=}QNd|u%Fpxr172Kc`sX^@fm>Fxl8fbFalJYci_GGoIzU*~U*I!QLz? z4NYk^=JXBS*Uph@51da-v;%?))cB^(ps}y8yChu7CzyC9SX{jAq13zdnqRHRvc{ha zcPmgCUqAJ^1RChMCCz;ZN*ap{JPoE<1#8nNObDbAt6Jr}Crq#xGkK@w2mLhIUecvy z#?s~?J()H*?w9K`_;S+8TNVkHSk}#yvn+|~jcB|he}OY(zH|7%EK%-Tq=)18730)v zM3f|=oFugXq3Lqn={L!wx|u(ycZf(Te11c3?^8~aF; zNMC)gi?nQ#S$s{46yImv_7@4_qu|XXEza~);h&cr*~dO@#$LtKZa@@r$8PD^jz{D6 zk~5;IJBuQjsKk+8i0wzLJ2=toMw4@rw7(|6`7*e|V(5-#ZzRirtkXBO1oshQ&0>z&HAtSF8+871e|ni4gLs#`3v7gnG#^F zDv!w100_HwtU}B2T!+v_YDR@-9VmoGW+a76oo4yy)o`MY(a^GcIvXW+4)t{lK}I-& zl-C=(w_1Z}tsSFjFd z3iZjkO6xnjLV3!EE?ex9rb1Zxm)O-CnWPat4vw08!GtcQ3lHD+ySRB*3zQu-at$rj zzBn`S?5h=JlLXX8)~Jp%1~YS6>M8c-Mv~E%s7_RcvIYjc-ia`3r>dvjxZ6=?6=#OM zfsv}?hGnMMdi9C`J9+g)5`M9+S79ug=!xE_XcHdWnIRr&hq$!X7aX5kJV8Q(6Lq?|AE8N2H z37j{DPDY^Jw!J>~>Mwaja$g%q1sYfH4bUJFOR`x=pZQ@O(-4b#5=_Vm(0xe!LW>YF zO4w`2C|Cu%^C9q9B>NjFD{+qt)cY3~(09ma%mp3%cjFsj0_93oVHC3)AsbBPuQNBO z`+zffU~AgGrE0K{NVR}@oxB4&XWt&pJ-mq!JLhFWbnXf~H%uU?6N zWJ7oa@``Vi$pMWM#7N9=sX1%Y+1qTGnr_G&h3YfnkHPKG}p>i{fAG+(klE z(g~u_rJXF48l1D?;;>e}Ra{P$>{o`jR_!s{hV1Wk`vURz`W2c$-#r9GM7jgs2>um~ zouGlCm92rOiLITzf`jgl`v2qYw^!Lh0YwFHO1|3Krp8ztE}?#2+>c)yQlNw%5e6w5 zIm9BKZN5Q9b!tX`Zo$0RD~B)VscWp(FR|!a!{|Q$={;ZWl%10vBzfgWn}WBe!%cug z^G%;J-L4<6&aCKx@@(Grsf}dh8fuGT+TmhhA)_16uB!t{HIAK!B-7fJLe9fsF)4G- zf>(~ⅅ8zCNKueM5c!$)^mKpZNR!eIlFST57ePGQcqCqedAQ3UaUEzpjM--5V4YO zY22VxQm%$2NDnwfK+jkz=i2>NjAM6&P1DdcO<*Xs1-lzdXWn#LGSxwhPH7N%D8-zCgpFWt@`LgNYI+Fh^~nSiQmwH0^>E>*O$47MqfQza@Ce z1wBw;igLc#V2@y-*~Hp?jA1)+MYYyAt|DV_8RQCrRY@sAviO}wv;3gFdO>TE(=9o? z=S(r=0oT`w24=ihA=~iFV5z$ZG74?rmYn#eanx(!Hkxcr$*^KRFJKYYB&l6$WVsJ^ z-Iz#HYmE)Da@&seqG1fXsTER#adA&OrD2-T(z}Cwby|mQf{0v*v3hq~pzF`U`jenT z=XHXeB|fa?Ws$+9ADO0rco{#~+`VM?IXg7N>M0w1fyW1iiKTA@p$y zSiAJ%-Mg{m>&S4r#Tw@?@7ck}#oFo-iZJCWc`hw_J$=rw?omE{^tc59ftd`xq?jzf zo0bFUI=$>O!45{!c4?0KsJmZ#$vuYpZLo_O^oHTmmLMm0J_a{Nn`q5tG1m=0ecv$T z5H7r0DZGl6be@aJ+;26EGw9JENj0oJ5K0=^f-yBW2I0jqVIU};NBp*gF7_KlQnhB6 z##d$H({^HXj@il`*4^kC42&3)(A|tuhs;LygA-EWFSqpe+%#?6HG6}mE215Z4mjO2 zY2^?5$<8&k`O~#~sSc5Fy`5hg5#e{kG>SAbTxCh{y32fHkNryU_c0_6h&$zbWc63T z7|r?X7_H!9XK!HfZ+r?FvBQ$x{HTGS=1VN<>Ss-7M3z|vQG|N}Frv{h-q623@Jz*@ ziXlZIpAuY^RPlu&=nO)pFhML5=ut~&zWDSsn%>mv)!P1|^M!d5AwmSPIckoY|0u9I zTDAzG*U&5SPf+@c_tE_I!~Npfi$?gX(kn=zZd|tUZ_ez(xP+)xS!8=k(<{9@<+EUx zYQgZhjn(0qA#?~Q+EA9oh_Jx5PMfE3#KIh#*cFIFQGi)-40NHbJO&%ZvL|LAqU=Rw zf?Vr4qkUcKtLr^g-6*N-tfk+v8@#Lpl~SgKyH!+m9?T8B>WDWK22;!i5&_N=%f{__ z-LHb`v-LvKqTJZCx~z|Yg;U_f)VZu~q7trb%C6fOKs#eJosw&b$nmwGwP;Bz`=zK4 z>U3;}T_ptP)w=vJaL8EhW;J#SHA;fr13f=r#{o)`dRMOs-T;lp&Toi@u^oB_^pw=P zp#8Geo2?@!h2EYHY?L;ayT}-Df0?TeUCe8Cto{W0_a>!7Gxmi5G-nIIS;X{flm2De z{SjFG%knZoVa;mtHR_`*6)KEf=dvOT3OgT7C7&-4P#4X^B%VI&_57cBbli()(%zZC?Y0b;?5!f22UleQ=9h4_LkcA!Xsqx@q{ko&tvP_V@7epFs}AIpM{g??PA>U(sk$Gum>2Eu zD{Oy{$OF%~?B6>ixQeK9I}!$O0!T3#Ir8MW)j2V*qyJ z8Bg17L`rg^B_#rkny-=<3fr}Y42+x0@q6POk$H^*p3~Dc@5uYTQ$pfaRnIT}Wxb;- zl!@kkZkS=l)&=y|21veY8yz$t-&7ecA)TR|=51BKh(@n|d$EN>18)9kSQ|GqP?aeM ztXd9C&Md$PPF*FVs*GhoHM2L@D$(Qf%%x zwQBUt!jM~GgwluBcwkgwQ!249uPkNz3u@LSYZgmpHgX|P#8!iKk^vSKZ;?)KE$92d z2U>y}VWJ0&zjrIqddM3dz-nU%>bL&KU%SA|LiiUU7Ka|c=jF|vQ1V)Jz`JZe*j<5U6~RVuBEVJoY~ z&GE+F$f>4lN=X4-|9v*5O*Os>>r87u z!_1NSV?_X&HeFR1fOFb8_P)4lybJ6?1BWK`Tv2;4t|x1<#@17UO|hLGnrB%nu)fDk zfstJ4{X4^Y<8Lj<}g2^kksSefQTMuTo?tJLCh zC~>CR#a0hADw!_Vg*5fJwV{~S(j8)~sn>Oyt(ud2$1YfGck77}xN@3U_#T`q)f9!2 zf>Ia;Gwp2_C>WokU%(z2ec8z94pZyhaK+e>3a9sj^-&*V494;p9-xk+u1Jn#N_&xs z59OI2w=PuTErv|aNcK*>3l^W*p3}fjXJjJAXtBA#%B(-0--s;1U#f8gFYW!JL+iVG zV0SSx5w8eVgE?3Sg@eQv)=x<+-JgpVixZQNaZr}3b8sVyVs$@ndkF5FYKka@b+YAh z#nq_gzlIDKEs_i}H4f)(VQ!FSB}j>5znkVD&W0bOA{UZ7h!(FXrBbtdGA|PE1db>s z$!X)WY)u#7P8>^7Pjjj-kXNBuJX3(pJVetTZRNOnR5|RT5D>xmwxhAn)9KF3J05J; z-Mfb~dc?LUGqozC2p!1VjRqUwwDBnJhOua3vCCB-%ykW_ohSe?$R#dz%@Gym-8-RA zjMa_SJSzIl8{9dV+&63e9$4;{=1}w2=l+_j_Dtt@<(SYMbV-18&%F@Zl7F_5! z@xwJ0wiDdO%{}j9PW1(t+8P7Ud79yjY>x>aZYWJL_NI?bI6Y02`;@?qPz_PRqz(7v``20`- z033Dy|4;y6di|>cz|P-z|6c&3f&g^OAt8aN0Zd&0yZ>dq2aFCsE<~Ucf$v{sL=*++ zBxFSa2lfA+Y%U@B&3D=&CBO&u`#*nNc|PCY7XO<}MnG0VR764XrHtrb5zwC*2F!Lp zE<~Vj0;z!S-|3M4DFxuQ=`ShTf28<9p!81(0hFbGNqF%0gg*orez9!qt8e%o@Yfl@ zhvY}{@3&f??}7<`p>FyU;7?VkKbh8_=csozU=|fH&szgZ{=NDCylQ>EH^x5!K3~-V z)_2Y>0uJ`Z0Pb58y`RL+&n@m9tJ)O<%q#&u#DAIt+-rRt0eSe1MTtMl@W)H$b3D)@ z*A-1bUgZI)>HdcI4&W>P4W5{-j=s5p5`cbQ+{(g0+RDnz!TR^mxSLu_y#SDVKrj8i zA^hi6>jMGM;`$9Vfb-Yf!47b)Ow`2OKtNB=z|Kxa$5O}WPo;(Dc^`q(7X8kkeFyO8 z{XOq^07=u|7*P2`m;>PIFf=i80MKUxsN{d2cX0M+REsE*20+WQ79T9&cqT>=I_U% z{=8~^Isg(Nzo~`4iQfIb_#CVCD>#5h>=-Z#5dH}WxYzn%0)GAm6L2WdUdP=0_h>7f z(jh&7%1i(ZOn+}D8$iGK4Vs{pmHl_w4Qm-46H9>4^{3dz^DZDh+dw)6Xd@CpQNK$j z{CU;-cmpK=egplZ3y3%y=sEnCJ^eYVKXzV8H2_r*fJ*%*B;a1_lOpt6)IT1IAK2eB z{rie|uDJUrbgfUE>~C>@RO|m5ex55F{=~Bb4Cucp{ok7Yf9V}QuZ`#Gc|WaqsQlK- zKaV)iMRR__&Ak2Z=IM9R9g5$WM4u{a^C-7uX*!myEym z#_#p^T!P~#Dx$%^K>Y_nj_3J*E_LwJ60-5Xu=LkJAwcP@|0;a&+|+ZX`Jbj9P5;T% z|KOc}4*#4o{U?09`9Hz`Xo-I!P=9XfIrr*MQ}y=$!qgv?_J38^bNb4kM&_OVg^_=Eu-qG5U(fw0KMgH){C8pazq~51rN97hf#20-7=aK0)N|UM H-+%o-(+5aQ literal 0 HcmV?d00001 diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties new file mode 100644 index 000000000..b4802acf3 --- /dev/null +++ b/gradle/wrapper/gradle-wrapper.properties @@ -0,0 +1,6 @@ +#Mon Dec 04 11:24:34 CST 2017 +distributionBase=GRADLE_USER_HOME +distributionPath=wrapper/dists +zipStoreBase=GRADLE_USER_HOME +zipStorePath=wrapper/dists +distributionUrl=https\://services.gradle.org/distributions/gradle-4.1-all.zip diff --git a/gradlew b/gradlew new file mode 100755 index 000000000..9d82f7891 --- /dev/null +++ b/gradlew @@ -0,0 +1,160 @@ +#!/usr/bin/env bash + +############################################################################## +## +## Gradle start up script for UN*X +## +############################################################################## + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS="" + +APP_NAME="Gradle" +APP_BASE_NAME=`basename "$0"` + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD="maximum" + +warn ( ) { + echo "$*" +} + +die ( ) { + echo + echo "$*" + echo + exit 1 +} + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +case "`uname`" in + CYGWIN* ) + cygwin=true + ;; + Darwin* ) + darwin=true + ;; + MINGW* ) + msys=true + ;; +esac + +# Attempt to set APP_HOME +# Resolve links: $0 may be a link +PRG="$0" +# Need this for relative symlinks. +while [ -h "$PRG" ] ; do + ls=`ls -ld "$PRG"` + link=`expr "$ls" : '.*-> \(.*\)$'` + if expr "$link" : '/.*' > /dev/null; then + PRG="$link" + else + PRG=`dirname "$PRG"`"/$link" + fi +done +SAVED="`pwd`" +cd "`dirname \"$PRG\"`/" >/dev/null +APP_HOME="`pwd -P`" +cd "$SAVED" >/dev/null + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + else + JAVACMD="$JAVA_HOME/bin/java" + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD="java" + which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." +fi + +# Increase the maximum file descriptors if we can. +if [ "$cygwin" = "false" -a "$darwin" = "false" ] ; then + MAX_FD_LIMIT=`ulimit -H -n` + if [ $? -eq 0 ] ; then + if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then + MAX_FD="$MAX_FD_LIMIT" + fi + ulimit -n $MAX_FD + if [ $? -ne 0 ] ; then + warn "Could not set maximum file descriptor limit: $MAX_FD" + fi + else + warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" + fi +fi + +# For Darwin, add options to specify how the application appears in the dock +if $darwin; then + GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" +fi + +# For Cygwin, switch paths to Windows format before running java +if $cygwin ; then + APP_HOME=`cygpath --path --mixed "$APP_HOME"` + CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` + JAVACMD=`cygpath --unix "$JAVACMD"` + + # We build the pattern for arguments to be converted via cygpath + ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` + SEP="" + for dir in $ROOTDIRSRAW ; do + ROOTDIRS="$ROOTDIRS$SEP$dir" + SEP="|" + done + OURCYGPATTERN="(^($ROOTDIRS))" + # Add a user-defined pattern to the cygpath arguments + if [ "$GRADLE_CYGPATTERN" != "" ] ; then + OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" + fi + # Now convert the arguments - kludge to limit ourselves to /bin/sh + i=0 + for arg in "$@" ; do + CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` + CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option + + if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition + eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` + else + eval `echo args$i`="\"$arg\"" + fi + i=$((i+1)) + done + case $i in + (0) set -- ;; + (1) set -- "$args0" ;; + (2) set -- "$args0" "$args1" ;; + (3) set -- "$args0" "$args1" "$args2" ;; + (4) set -- "$args0" "$args1" "$args2" "$args3" ;; + (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; + (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; + (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; + (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; + (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; + esac +fi + +# Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules +function splitJvmOpts() { + JVM_OPTS=("$@") +} +eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS +JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME" + +exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@" diff --git a/gradlew.bat b/gradlew.bat new file mode 100644 index 000000000..8a0b282aa --- /dev/null +++ b/gradlew.bat @@ -0,0 +1,90 @@ +@if "%DEBUG%" == "" @echo off +@rem ########################################################################## +@rem +@rem Gradle startup script for Windows +@rem +@rem ########################################################################## + +@rem Set local scope for the variables with windows NT shell +if "%OS%"=="Windows_NT" setlocal + +@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +set DEFAULT_JVM_OPTS= + +set DIRNAME=%~dp0 +if "%DIRNAME%" == "" set DIRNAME=. +set APP_BASE_NAME=%~n0 +set APP_HOME=%DIRNAME% + +@rem Find java.exe +if defined JAVA_HOME goto findJavaFromJavaHome + +set JAVA_EXE=java.exe +%JAVA_EXE% -version >NUL 2>&1 +if "%ERRORLEVEL%" == "0" goto init + +echo. +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:findJavaFromJavaHome +set JAVA_HOME=%JAVA_HOME:"=% +set JAVA_EXE=%JAVA_HOME%/bin/java.exe + +if exist "%JAVA_EXE%" goto init + +echo. +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:init +@rem Get command-line arguments, handling Windowz variants + +if not "%OS%" == "Windows_NT" goto win9xME_args +if "%@eval[2+2]" == "4" goto 4NT_args + +:win9xME_args +@rem Slurp the command line arguments. +set CMD_LINE_ARGS= +set _SKIP=2 + +:win9xME_args_slurp +if "x%~1" == "x" goto execute + +set CMD_LINE_ARGS=%* +goto execute + +:4NT_args +@rem Get arguments from the 4NT Shell from JP Software +set CMD_LINE_ARGS=%$ + +:execute +@rem Setup the command line + +set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + +@rem Execute Gradle +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% + +:end +@rem End local scope for the variables with windows NT shell +if "%ERRORLEVEL%"=="0" goto mainEnd + +:fail +rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of +rem the _cmd.exe /c_ return code! +if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 +exit /b 1 + +:mainEnd +if "%OS%"=="Windows_NT" endlocal + +:omega diff --git a/java b/java deleted file mode 160000 index f5ceee547..000000000 --- a/java +++ /dev/null @@ -1 +0,0 @@ -Subproject commit f5ceee547c294b8e188860c451882dd71a5909df diff --git a/settings.gradle b/settings.gradle new file mode 100644 index 000000000..5e6d2d084 --- /dev/null +++ b/settings.gradle @@ -0,0 +1 @@ +include ':app', ':native', ':crypto', ':snet' diff --git a/snet/.gitignore b/snet/.gitignore new file mode 100644 index 000000000..796b96d1c --- /dev/null +++ b/snet/.gitignore @@ -0,0 +1 @@ +/build diff --git a/snet/build.gradle b/snet/build.gradle new file mode 100644 index 000000000..5267cb9ae --- /dev/null +++ b/snet/build.gradle @@ -0,0 +1,30 @@ +apply plugin: 'com.android.application' + +android { + compileSdkVersion 27 + buildToolsVersion "27.0.1" + + defaultConfig { + applicationId "com.topjohnwu.snet" + minSdkVersion 21 + targetSdkVersion 27 + versionCode 1 + versionName "1.0" + } + + buildTypes { + release { + minifyEnabled true + proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro' + } + } +} + +repositories { + google() +} + +dependencies { + implementation fileTree(dir: 'libs', include: ['*.jar']) + implementation 'com.google.android.gms:play-services-safetynet:11.6.0' +} diff --git a/snet/proguard-rules.pro b/snet/proguard-rules.pro new file mode 100644 index 000000000..d6e59f6f5 --- /dev/null +++ b/snet/proguard-rules.pro @@ -0,0 +1,24 @@ +# Add project specific ProGuard rules here. +# You can control the set of applied configuration files using the +# proguardFiles setting in build.gradle. +# +# For more details, see +# http://developer.android.com/guide/developing/tools/proguard.html + +# If your project uses WebView with JS, uncomment the following +# and specify the fully qualified class name to the JavaScript interface +# class: +#-keepclassmembers class fqcn.of.javascript.interface.for.webview { +# public *; +#} + +# Uncomment this to preserve the line number information for +# debugging stack traces. +#-keepattributes SourceFile,LineNumberTable + +# If you keep the line number information, uncomment this to +# hide the original source file name. +#-renamesourcefileattribute SourceFile + +-keep class com.topjohnwu.snet.SafetyNet* { *; } +-dontwarn java.lang.invoke** diff --git a/snet/src/main/AndroidManifest.xml b/snet/src/main/AndroidManifest.xml new file mode 100644 index 000000000..4fa18362e --- /dev/null +++ b/snet/src/main/AndroidManifest.xml @@ -0,0 +1,7 @@ + + + + diff --git a/snet/src/main/java/com/topjohnwu/snet/SafetyNetCallback.java b/snet/src/main/java/com/topjohnwu/snet/SafetyNetCallback.java new file mode 100644 index 000000000..fa680422d --- /dev/null +++ b/snet/src/main/java/com/topjohnwu/snet/SafetyNetCallback.java @@ -0,0 +1,5 @@ +package com.topjohnwu.snet; + +public interface SafetyNetCallback { + void onResponse(int responseCode); +} diff --git a/snet/src/main/java/com/topjohnwu/snet/SafetyNetHelper.java b/snet/src/main/java/com/topjohnwu/snet/SafetyNetHelper.java new file mode 100644 index 000000000..a66634160 --- /dev/null +++ b/snet/src/main/java/com/topjohnwu/snet/SafetyNetHelper.java @@ -0,0 +1,124 @@ +package com.topjohnwu.snet; + +import android.app.Activity; +import android.content.Context; +import android.os.Bundle; +import android.support.annotation.NonNull; +import android.support.annotation.Nullable; +import android.util.Base64; + +import com.google.android.gms.common.ConnectionResult; +import com.google.android.gms.common.GoogleApiAvailability; +import com.google.android.gms.common.api.GoogleApiClient; +import com.google.android.gms.common.api.ResultCallback; +import com.google.android.gms.common.api.Status; +import com.google.android.gms.safetynet.SafetyNet; +import com.google.android.gms.safetynet.SafetyNetApi; + +import org.json.JSONException; +import org.json.JSONObject; + +import java.lang.reflect.Field; +import java.security.SecureRandom; + +public class SafetyNetHelper + implements GoogleApiClient.ConnectionCallbacks, GoogleApiClient.OnConnectionFailedListener { + + public static final int CAUSE_SERVICE_DISCONNECTED = 0x01; + public static final int CAUSE_NETWORK_LOST = 0x02; + public static final int RESPONSE_ERR = 0x04; + public static final int CONNECTION_FAIL = 0x08; + + public static final int BASIC_PASS = 0x10; + public static final int CTS_PASS = 0x20; + + private GoogleApiClient mGoogleApiClient; + private Activity mActivity; + private int responseCode; + private SafetyNetCallback cb; + private String dexPath; + private boolean isDarkTheme; + + public SafetyNetHelper(Activity activity, String dexPath, SafetyNetCallback cb) { + mActivity = activity; + this.cb = cb; + this.dexPath = dexPath; + responseCode = 0; + + // Get theme + try { + Context context = activity.getApplicationContext(); + Field theme = context.getClass().getField("isDarkTheme"); + isDarkTheme = (boolean) theme.get(context); + } catch (Exception e) { + e.printStackTrace(); + } + } + + // Entry point to start test + public void attest() { + // Connect Google Service + mGoogleApiClient = new GoogleApiClient.Builder(mActivity) + .addApi(SafetyNet.API) + .addOnConnectionFailedListener(this) + .addConnectionCallbacks(this) + .build(); + mGoogleApiClient.connect(); + } + + @Override + public void onConnectionSuspended(int i) { + cb.onResponse(i); + } + + @Override + public void onConnectionFailed(@NonNull ConnectionResult result) { + Class clazz = mActivity.getClass(); + try { + // Use external resources + clazz.getMethod("swapResources", String.class, int.class).invoke(mActivity, dexPath, + isDarkTheme ? android.R.style.Theme_Material : android.R.style.Theme_Material_Light); + try { + GoogleApiAvailability.getInstance().getErrorDialog(mActivity, result.getErrorCode(), 0).show(); + } catch (Exception e) { + e.printStackTrace(); + } + clazz.getMethod("restoreResources").invoke(mActivity); + } catch (Exception e) { + e.printStackTrace(); + } + cb.onResponse(CONNECTION_FAIL); + } + + @Override + public void onConnected(@Nullable Bundle bundle) { + // Create nonce + byte[] nonce = new byte[24]; + new SecureRandom().nextBytes(nonce); + + // Call SafetyNet + SafetyNet.SafetyNetApi.attest(mGoogleApiClient, nonce) + .setResultCallback(new ResultCallback() { + @Override + public void onResult(@NonNull SafetyNetApi.AttestationResult result) { + Status status = result.getStatus(); + try { + if (!status.isSuccess()) throw new JSONException(""); + String json = new String(Base64.decode( + result.getJwsResult().split("\\.")[1], Base64.DEFAULT)); + JSONObject decoded = new JSONObject(json); + responseCode |= decoded.getBoolean("ctsProfileMatch") ? CTS_PASS : 0; + responseCode |= decoded.getBoolean("basicIntegrity") ? BASIC_PASS : 0; + } catch (JSONException e) { + responseCode = RESPONSE_ERR; + } + + // Disconnect + mGoogleApiClient.disconnect(); + + // Return results + cb.onResponse(responseCode); + } + }); + } +}