7021789: Remove jarsigner -crl option

Reviewed-by: mullan

7021789: Remove jarsigner -crl option
Reviewed-by: mullan
a02ce6b9 · weijun · 60919efd · a02ce6b9 · a02ce6b9 · 60919efd
10 changed file
--- a/src/share/classes/com/sun/jarsigner/ContentSignerParameters.java
+++ b/src/share/classes/com/sun/jarsigner/ContentSignerParameters.java
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -26,9 +26,7 @@
 package com.sun.jarsigner;
 import java.net.URI;
-import java.security.cert.X509CRL;
 import java.security.cert.X509Certificate;
-import java.util.Set;
 import java.util.zip.ZipFile;
 /**
@@ -82,13 +80,6 @@ public interface ContentSignerParameters {
     */
    public X509Certificate[] getSignerCertificateChain();
-    /**
-     * Retrieves the signer's X.509 CRLs.
-     *
-     * @return An unmodifiable set of X.509 CRLs (never <code>null</code>)
-     */
-    public Set<X509CRL> getCRLs();
    /**
     * Retrieves the content that was signed.
     * The content is the JAR file's signature file.

--- a/src/share/classes/java/security/CodeSigner.java
+++ b/src/share/classes/java/security/CodeSigner.java
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -26,10 +26,7 @@
 package java.security;
 import java.io.*;
-import java.security.cert.CRL;
 import java.security.cert.CertPath;
-import sun.misc.JavaSecurityCodeSignerAccess;
-import sun.misc.SharedSecrets;
 /**
 * This class encapsulates information about a code signer.
@@ -167,44 +164,6 @@ public final class CodeSigner implements Serializable {
        return sb.toString();
    }
-    // A private attribute attached to this CodeSigner object. Can be accessed
-    // through SharedSecrets.getJavaSecurityCodeSignerAccess().[g|s]etCRLs
-    //
-    // Currently called in SignatureFileVerifier.getSigners
-    private transient CRL[] crls;
-    /**
-     * Sets the CRLs attached
-     * @param crls, null to clear
-     */
-    void setCRLs(CRL[] crls) {
-        this.crls = crls;
-    }
-    /**
-     * Returns the CRLs attached
-     * @return the crls, initially null
-     */
-    CRL[] getCRLs() {
-        return crls;
-    }
-    // Set up JavaSecurityCodeSignerAccess in SharedSecrets
-    static {
-        SharedSecrets.setJavaSecurityCodeSignerAccess(
-                new JavaSecurityCodeSignerAccess() {
-            @Override
-            public void setCRLs(CodeSigner signer, CRL[] crls) {
-                signer.setCRLs(crls);
-            }
-            @Override
-            public CRL[] getCRLs(CodeSigner signer) {
-                return signer.getCRLs();
-            }
-        });
-    }
    // Explicitly reset hash code value to -1
    private void readObject(ObjectInputStream ois)
        throws IOException, ClassNotFoundException {

--- a/src/share/classes/sun/misc/JavaSecurityCodeSignerAccess.java
+++ b/src/share/classes/sun/misc/JavaSecurityCodeSignerAccess.java
-/*
- * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-package sun.misc;
-import java.security.CodeSigner;
-import java.security.cert.CRL;
-public interface JavaSecurityCodeSignerAccess {
-    void setCRLs(CodeSigner signer, CRL[] crls);
-    CRL[] getCRLs(CodeSigner signer);
-}
--- a/src/share/classes/sun/misc/SharedSecrets.java
+++ b/src/share/classes/sun/misc/SharedSecrets.java
 /*
- * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -28,7 +28,6 @@ package sun.misc;
 import java.util.jar.JarFile;
 import java.io.Console;
 import java.io.FileDescriptor;
-import java.security.CodeSigner;
 import java.security.ProtectionDomain;
 /** A repository of "shared secrets", which are a mechanism for
@@ -49,7 +48,6 @@ public class SharedSecrets {
    private static JavaNioAccess javaNioAccess;
    private static JavaIOFileDescriptorAccess javaIOFileDescriptorAccess;
    private static JavaSecurityProtectionDomainAccess javaSecurityProtectionDomainAccess;
-    private static JavaSecurityCodeSignerAccess javaSecurityCodeSignerAccess;
    public static JavaUtilJarAccess javaUtilJarAccess() {
        if (javaUtilJarAccess == null) {
@@ -127,16 +125,4 @@ public class SharedSecrets {
                unsafe.ensureClassInitialized(ProtectionDomain.class);
            return javaSecurityProtectionDomainAccess;
    }
-    public static void setJavaSecurityCodeSignerAccess
-            (JavaSecurityCodeSignerAccess jscsa) {
-        javaSecurityCodeSignerAccess = jscsa;
-    }
-    public static JavaSecurityCodeSignerAccess
-            getJavaSecurityCodeSignerAccess() {
-        if (javaSecurityCodeSignerAccess == null)
-            unsafe.ensureClassInitialized(CodeSigner.class);
-        return javaSecurityCodeSignerAccess;
-    }
 }
--- a/src/share/classes/sun/security/tools/JarSigner.java
+++ b/src/share/classes/sun/security/tools/JarSigner.java
 /*
- * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,6 @@
 package sun.security.tools;
 import java.io.*;
-import java.security.cert.X509CRL;
 import java.util.*;
 import java.util.zip.*;
 import java.util.jar.*;
@@ -36,7 +35,6 @@ import java.net.URISyntaxException;
 import java.text.Collator;
 import java.text.MessageFormat;
 import java.security.cert.Certificate;
-import java.security.cert.CRL;
 import java.security.cert.X509Certificate;
 import java.security.cert.CertificateException;
 import java.security.*;
@@ -58,7 +56,6 @@ import java.util.Map.Entry;
 import sun.security.x509.*;
 import sun.security.util.*;
 import sun.misc.BASE64Encoder;
-import sun.misc.SharedSecrets;
 /**
@@ -117,13 +114,11 @@ public class JarSigner {
    static final int SIGNED_BY_ALIAS = 0x08;    // signer is in alias list
    X509Certificate[] certChain;    // signer's cert chain (when composing)
-    Set<X509CRL> crls;                 // signer provided CRLs
    PrivateKey privateKey;          // private key
    KeyStore store;                 // the keystore specified by -keystore
                                    // or the default keystore, never null
    String keystore; // key store file
-    List<String> crlfiles = new ArrayList<>();  // CRL files to add
    boolean nullStream = false; // null keystore input stream (NONE)
    boolean token = false; // token-based keystore
    String jarfile;  // jar files to sign or verify
@@ -151,7 +146,6 @@ public class JarSigner {
    boolean signManifest = true; // "sign" the whole manifest
    boolean externalSF = true; // leave the .SF out of the PKCS7 block
    boolean strict = false;  // treat warnings as error
-    boolean autoCRL = false;    // Automatcially add CRL defined in cert
    // read zip entry raw bytes
    private ByteArrayOutputStream baos = new ByteArrayOutputStream(2048);
@@ -232,29 +226,6 @@ public class JarSigner {
            } else {
                loadKeyStore(keystore, true);
                getAliasInfo(alias);
-                crls = new HashSet<X509CRL>();
-                if (crlfiles.size() > 0 || autoCRL) {
-                    CertificateFactory fac =
-                            CertificateFactory.getInstance("X509");
-                    List<CRL> list = new ArrayList<>();
-                    for (String file: crlfiles) {
-                        Collection<? extends CRL> tmp = KeyTool.loadCRLs(file);
-                        for (CRL crl: tmp) {
-                            if (crl instanceof X509CRL) {
-                                crls.add((X509CRL)crl);
-                            }
-                        }
-                    }
-                    if (autoCRL) {
-                        List<CRL> crlsFromCert =
-                                KeyTool.readCRLsFromCert(certChain[0]);
-                        for (CRL crl: crlsFromCert) {
-                            if (crl instanceof X509CRL) {
-                                crls.add((X509CRL)crl);
-                            }
-                        }
-                    }
-                }
                // load the alternative signing mechanism
                if (altSignerClass != null) {
@@ -396,13 +367,6 @@ public class JarSigner {
            } else if (collator.compare(flags, "-digestalg") ==0) {
                if (++n == args.length) usageNoArg();
                digestalg = args[n];
-            } else if (collator.compare(flags, "-crl") ==0) {
-                if ("auto".equals(modifier)) {
-                    autoCRL = true;
-                } else {
-                    if (++n == args.length) usageNoArg();
-                    crlfiles.add(args[n]);
-                }
            } else if (collator.compare(flags, "-certs") ==0) {
                showcerts = true;
            } else if (collator.compare(flags, "-strict") ==0) {
@@ -548,9 +512,6 @@ public class JarSigner {
        System.out.println(rb.getString
                (".sigalg.algorithm.name.of.signature.algorithm"));
        System.out.println();
-        System.out.println(rb.getString
-                (".crl.auto.file.include.CRL.in.signed.jar"));
-        System.out.println();
        System.out.println(rb.getString
                (".verify.verify.a.signed.JAR.file"));
        System.out.println();
@@ -691,20 +652,6 @@ public class JarSigner {
                            if (showcerts) {
                                sb.append(si);
                                sb.append('\n');
-                                CRL[] crls = SharedSecrets
-                                        .getJavaSecurityCodeSignerAccess()
-                                        .getCRLs(signer);
-                                if (crls != null) {
-                                    for (CRL crl: crls) {
-                                        if (crl instanceof X509CRLImpl) {
-                                            sb.append(tab).append("[");
-                                            sb.append(String.format(
-                                                    rb.getString("with.a.CRL.including.d.entries"),
-                                                    ((X509CRLImpl)crl).getRevokedCertificates().size()))
-                                                .append("]\n");
-                                        }
-                                    }
-                                }
                            }
                        }
                    } else if (showcerts && !verbose.equals("all")) {
@@ -1284,7 +1231,7 @@ public class JarSigner {
            try {
                block =
-                    sf.generateBlock(privateKey, sigalg, certChain, crls,
+                    sf.generateBlock(privateKey, sigalg, certChain,
                        externalSF, tsaUrl, tsaCert, signingMechanism, args,
                        zipFile);
            } catch (SocketTimeoutException e) {
@@ -2249,7 +2196,6 @@ class SignatureFile {
    public Block generateBlock(PrivateKey privateKey,
                               String sigalg,
                               X509Certificate[] certChain,
-                               Set<X509CRL> crls,
                               boolean externalSF, String tsaUrl,
                               X509Certificate tsaCert,
                               ContentSigner signingMechanism,
@@ -2257,7 +2203,7 @@ class SignatureFile {
        throws NoSuchAlgorithmException, InvalidKeyException, IOException,
            SignatureException, CertificateException
    {
-        return new Block(this, privateKey, sigalg, certChain, crls, externalSF,
+        return new Block(this, privateKey, sigalg, certChain, externalSF,
                tsaUrl, tsaCert, signingMechanism, args, zipFile);
    }
@@ -2271,8 +2217,7 @@ class SignatureFile {
         * Construct a new signature block.
         */
        Block(SignatureFile sfg, PrivateKey privateKey, String sigalg,
-            X509Certificate[] certChain, Set<X509CRL> crls,
+            X509Certificate[] certChain, boolean externalSF, String tsaUrl,
-            boolean externalSF, String tsaUrl,
            X509Certificate tsaCert, ContentSigner signingMechanism,
            String[] args, ZipFile zipFile)
            throws NoSuchAlgorithmException, InvalidKeyException, IOException,
@@ -2359,7 +2304,7 @@ class SignatureFile {
            // Assemble parameters for the signing mechanism
            ContentSignerParameters params =
                new JarSignerParameters(args, tsaUri, tsaCert, signature,
-                    signatureAlgorithm, certChain, crls, content, zipFile);
+                    signatureAlgorithm, certChain, content, zipFile);
            // Generate the signature block
            block = signingMechanism.generateSignedData(
@@ -2400,7 +2345,6 @@ class JarSignerParameters implements ContentSignerParameters {
    private byte[] signature;
    private String signatureAlgorithm;
    private X509Certificate[] signerCertificateChain;
-    private Set<X509CRL> crls;
    private byte[] content;
    private ZipFile source;
@@ -2409,8 +2353,7 @@ class JarSignerParameters implements ContentSignerParameters {
     */
    JarSignerParameters(String[] args, URI tsa, X509Certificate tsaCertificate,
        byte[] signature, String signatureAlgorithm,
-        X509Certificate[] signerCertificateChain, Set<X509CRL> crls,
+        X509Certificate[] signerCertificateChain, byte[] content,
-        byte[] content,
        ZipFile source) {
        if (signature == null || signatureAlgorithm == null ||
@@ -2423,7 +2366,6 @@ class JarSignerParameters implements ContentSignerParameters {
        this.signature = signature;
        this.signatureAlgorithm = signatureAlgorithm;
        this.signerCertificateChain = signerCertificateChain;
-        this.crls = crls;
        this.content = content;
        this.source = source;
    }
@@ -2499,13 +2441,4 @@ class JarSignerParameters implements ContentSignerParameters {
    public ZipFile getSource() {
        return source;
    }
-    @Override
-    public Set<X509CRL> getCRLs() {
-        if (crls == null) {
-            return Collections.emptySet();
-        } else {
-            return Collections.unmodifiableSet(crls);
-        }
-    }
 }
--- a/src/share/classes/sun/security/tools/JarSignerResources.java
+++ b/src/share/classes/sun/security/tools/JarSignerResources.java
 /*
- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -74,8 +74,6 @@ public class JarSignerResources extends java.util.ListResourceBundle {
                "[-digestalg <algorithm>]    name of digest algorithm"},
        {".sigalg.algorithm.name.of.signature.algorithm",
                "[-sigalg <algorithm>]       name of signature algorithm"},
-        {".crl.auto.file.include.CRL.in.signed.jar",
-                "[-crl[:auto| <file>]        include CRL in signed jar"},
        {".verify.verify.a.signed.JAR.file",
                "[-verify]                   verify a signed JAR file"},
        {".verbose.suboptions.verbose.output.when.signing.verifying.",
@@ -193,7 +191,6 @@ public class JarSignerResources extends java.util.ListResourceBundle {
        {"using.an.alternative.signing.mechanism",
                "using an alternative signing mechanism"},
        {"entry.was.signed.on", "entry was signed on {0}"},
-        {"with.a.CRL.including.d.entries", "with a CRL including %d entries"},
        {"Warning.", "Warning: "},
        {"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.",
                "This jar contains unsigned entries which have not been integrity-checked. "},

--- a/src/share/classes/sun/security/tools/KeyTool.java
+++ b/src/share/classes/sun/security/tools/KeyTool.java
 /*
- * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 package sun.security.tools;
-import sun.misc.SharedSecrets;
 import java.io.*;
 import java.security.CodeSigner;
 import java.security.KeyStore;
@@ -2311,16 +2310,6 @@ public final class KeyTool {
                                    out.println();
                                }
                            }
-                            CRL[] crls = SharedSecrets
-                                    .getJavaSecurityCodeSignerAccess()
-                                    .getCRLs(signer);
-                            if (crls != null) {
-                                out.println(rb.getString("CRLs."));
-                                out.println();
-                                for (CRL crl: crls) {
-                                    printCRL(crl, out);
-                                }
-                            }
                        }
                    }
                }

--- a/src/share/classes/sun/security/tools/TimestampedSigner.java
+++ b/src/share/classes/sun/security/tools/TimestampedSigner.java
 /*
- * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -38,7 +38,6 @@ import java.security.cert.X509Certificate;
 import java.util.List;
 import com.sun.jarsigner.*;
-import java.security.cert.X509CRL;
 import java.util.Arrays;
 import sun.security.pkcs.*;
 import sun.security.timestamp.*;
@@ -238,9 +237,8 @@ public final class TimestampedSigner extends ContentSigner {
        AlgorithmId[] algorithms = {digestAlgorithmId};
        // Create the PKCS #7 signed data message
-        PKCS7 p7 =
+        PKCS7 p7 = new PKCS7(algorithms, contentInfo, signerCertificateChain,
-            new PKCS7(algorithms, contentInfo, signerCertificateChain,
+                null, signerInfos);
-                    parameters.getCRLs().toArray(new X509CRL[parameters.getCRLs().size()]), signerInfos);
        ByteArrayOutputStream p7out = new ByteArrayOutputStream();
        p7.encodeSignedData(p7out);

--- a/src/share/classes/sun/security/util/SignatureFileVerifier.java
+++ b/src/share/classes/sun/security/util/SignatureFileVerifier.java
@@ -37,7 +37,6 @@ import java.util.jar.*;
 import sun.security.pkcs.*;
 import sun.security.timestamp.TimestampToken;
 import sun.misc.BASE64Decoder;
-import sun.misc.SharedSecrets;
 import sun.security.jca.Providers;
@@ -486,12 +485,7 @@ public class SignatureFileVerifier {
                signers = new ArrayList<CodeSigner>();
            }
            // Append the new code signer
-            CodeSigner signer = new CodeSigner(certChain, getTimestamp(info));
+            signers.add(new CodeSigner(certChain, getTimestamp(info)));
-            if (block.getCRLs() != null) {
-                SharedSecrets.getJavaSecurityCodeSignerAccess().setCRLs(
-                        signer, block.getCRLs());
-            }
-            signers.add(signer);
            if (debug != null) {
                debug.println("Signature Block Certificate: " +

--- a/test/sun/security/tools/jarsigner/crl.sh
+++ b/test/sun/security/tools/jarsigner/crl.sh
 #
-# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -32,9 +32,6 @@ if [ "${TESTJAVA}" = "" ] ; then
 fi
 # set platform-dependent variables
-# PF: platform name, say, solaris-sparc
-PF=""
 OS=`uname -s`
 case "$OS" in
@@ -47,54 +44,28 @@ case "$OS" in
 esac
 KS=crl.jks
-JFILE=crl.jar
 KT="$TESTJAVA${FS}bin${FS}keytool -storepass changeit -keypass changeit -keystore $KS"
-JAR=$TESTJAVA${FS}bin${FS}jar
-JARSIGNER=$TESTJAVA${FS}bin${FS}jarsigner
-rm $KS $JFILE 2> /dev/null
+rm $KS 2> /dev/null
-# Generates some crl files, each containing two entries
+# Test keytool -gencrl
 $KT -alias a -dname CN=a -keyalg rsa -genkey -validity 300
-$KT -alias a -gencrl -id 1:1 -id 2:2 -file crl1
+$KT -alias a -gencrl -id 1:1 -id 2:2 -file crl1 || exit 1
-$KT -alias a -gencrl -id 3:3 -id 4:4 -file crl2
+$KT -alias a -gencrl -id 3:3 -id 4:4 -file crl2 || exit 2
-$KT -alias b -dname CN=b -keyalg rsa -genkey -validity 300
+$KT -alias a -gencrl -id 5:1 -id 6:2 -file crl3 || exit 4
-$KT -alias b -gencrl -id 5:1 -id 6:2 -file crl3
-cat > ToURI.java <<EOF
-class ToURI {
-    public static void main(String[] args) throws Exception {
-        System.out.println(new java.io.File("crl1").toURI());
-    }
-}
-EOF
-$TESTJAVA${FS}bin${FS}javac ToURI.java
-$TESTJAVA${FS}bin${FS}java ToURI > uri
-$KT -alias c -dname CN=c -keyalg rsa -genkey -validity 300 \
-    -ext crl=uri:`cat uri`
-echo A > A
+# Test keytool -printcrl
-# Test -crl:auto, cRLDistributionPoints is a local file
+$KT -printcrl -file crl1 || exit 5
+$KT -printcrl -file crl2 || exit 6
+$KT -printcrl -file crl3 || exit 7
-$JAR cvf $JFILE A
-$JARSIGNER -keystore $KS -storepass changeit $JFILE c \
-        -crl:auto || exit 1
-$JARSIGNER -keystore $KS -verify -debug -strict $JFILE || exit 6
-$KT -printcert -jarfile $JFILE | grep CRLs || exit 7
-# Test -crl <file>
+# Test keytool -ext crl
-$JAR cvf $JFILE A
+$KT -alias b -dname CN=c -keyalg rsa -genkey -validity 300 \
-$JARSIGNER -keystore $KS -storepass changeit $JFILE a \
+    -ext crl=uri:http://www.example.com/crl || exit 10
-        -crl crl1 -crl crl2 || exit 2
-$JARSIGNER -keystore $KS -storepass changeit $JFILE b \
-        -crl crl3 -crl crl2 || exit 3
-$JARSIGNER -keystore $KS -verify -debug -strict $JFILE || exit 3
-$KT -printcert -jarfile $JFILE | grep CRLs || exit 4
-CRLCOUNT=`$KT -printcert -jarfile $JFILE | grep SerialNumber | wc -l`
-if [ $CRLCOUNT != 8 ]; then exit 5; fi
 exit 0