Merge branch 'main' into shamir-secret-splitting

Author: gefeili

CONTRIBUTORS.html

@@ -447,7 +447,7 @@
 <li>Adam Vartanian &lt;https://github.com/flooey&gt; use of ShortBuffer exception and buffer size pre-check in Cipher.doFinal().</li>
 <li>Bernd &lt;https://github.com/ecki&gt; Fix to make PGPUtil.pipeFileContents use buffer and not leak file handle.</li>
 <li>Shartung &lt;https://github.com/shartung&gt; Additional EC Key Agreement algorithms in support of German BSI TR-03111.</li>
-<li>Paul Schaub &lt;https://github.com/vanitasvitae&gt; bringing PGPSecretKey.getUserIds() into line with PGPPublicKey.getUserIds(). Exception message fix in BcPublicKeyDataDecryptorFactory. Additional tests on PGP key ring generation. Improved functionality of PGPSignatureSubpacketGenerator, PGPPublicKeyRing. Tweaks to PGPDataEncryptorBuilder interface, fix for JcaPGP/BcPGP Ed25519 private key conversion. Added configurable CRC detection to ArmoredInputStream, additional control character skipping in ArmoredInputStream. Rewind code for PGPPBEEncryptedData, addition of PGPSignature.getDigestPrefix(). Wrong list traversal fix in PGPSecretKeyRing. Further improvement to use of generics in PGP API. General interop improvements. PGP Public / Secure keyring ignore marker packets when reading. Initial work on PGP session key handling, filtering literal data for canoncialization. Addition of direct key identified key-ring construction. PGPSecretKeyRing.insertOrReplacePublicKey addition. Addition of utility methods for joining/merging signatures and public keys. Addition of PGP regexp packet, PolicyURI packet handling, UTF8 comment testing. Efficiency improvements to TruncatedStream. Initial Argon2 support for OpenPGP. General cleanups. Fast CRC24 implementation, SHA3 addtions to BcImplProvider, improvements to One Pass Signature support, signatue validation, read() consistency in BCPGInputStream. Contributions to AEAD support (v6 & v5) in PGP API. Addition of PGP WildCard ID, moving the PGP example code into the 21st century. Security patches for encrypted data generation, initial thread safe certification verification. Support for V6 EC keys, PGP packet criticality, and Preferred AEAD CipherSuites sigsubpacket support.</li>
+<li>Paul Schaub &lt;https://github.com/vanitasvitae&gt; bringing PGPSecretKey.getUserIds() into line with PGPPublicKey.getUserIds(). Exception message fix in BcPublicKeyDataDecryptorFactory. Additional tests on PGP key ring generation. Improved functionality of PGPSignatureSubpacketGenerator, PGPPublicKeyRing. Tweaks to PGPDataEncryptorBuilder interface, fix for JcaPGP/BcPGP Ed25519 private key conversion. Added configurable CRC detection to ArmoredInputStream, additional control character skipping in ArmoredInputStream. Rewind code for PGPPBEEncryptedData, addition of PGPSignature.getDigestPrefix(). Wrong list traversal fix in PGPSecretKeyRing. Further improvement to use of generics in PGP API. General interop improvements. PGP Public / Secure keyring ignore marker packets when reading. Initial work on PGP session key handling, filtering literal data for canoncialization. Addition of direct key identified key-ring construction. PGPSecretKeyRing.insertOrReplacePublicKey addition. Addition of utility methods for joining/merging signatures and public keys. Addition of PGP regexp packet, PolicyURI packet handling, UTF8 comment testing. Efficiency improvements to TruncatedStream. Initial Argon2 support for OpenPGP. General cleanups. Fast CRC24 implementation, SHA3 addtions to BcImplProvider, improvements to One Pass Signature support, signatue validation, read() consistency in BCPGInputStream. Contributions to AEAD support (v6 & v5) in PGP API. Addition of PGP WildCard ID, moving the PGP example code into the 21st century. Security patches for encrypted data generation, initial thread safe certification verification. Support for V6 EC keys, V6 signatures, PGP packet criticality, and Preferred AEAD CipherSuites sigsubpacket support.</li>
 <li>Nick of Nexxar &lt;https://github.com/nros&gt; update to OpenPGP package to handle a broader range of EC curves.</li>
 <li>catbref &lt;https://github.com/catbref&gt; sample implementation of RFC 7748/Ed25519 (incorporated work from github users Valodim and str4d as well).</li>
 <li>gerlion &lt;https://github.com/gerlion&gt; detection of concurrency issue with pre-1.60 EC math library.</li>
@@ -549,6 +549,7 @@
 <li>Jan Oupick&yacute; &lt;https://github.com/Honzaik&gt; - update to draft 13 of composite PQC signatures.</li>
 <li>Karsten Otto &lt;https://github.com/ottoka&gt; - finished the support for jdk.tls.server.defaultDHEParameters.</li>
 <li>Markus Sommer &lt;https://github.com/marsom&gt; - BCStyle lookup table fix for jurisdiction values.</li>
+<li>Jared Crawford &lt;https://github.com/jmcrawford45&gt; - Abstracting cire KEM functionality out of DHKEM to allow for use of alternative KEMs with HPKE.</li>
 <li>TaZbon &lt;https://github.com/TaZbon&gt; - Optional lax parsing patch for PEM parser.</li>
 <li>han-ji &lt;https://github.com/han-jl&gt; - Fix to sign extension issue in CTR random seek code.</li>
 <li>https://github.com/crlorentzen &lt;https://github.com/crlorentzen&gt; - Addition of system property for configuring GCM ciphers in 1.2 FIPS mode in the JSSE.</li>

ant/bc+-build.xml

@@ -1012,7 +1012,7 @@
         <property name="test.target.src.dir" value="${test.target.dir}/src" />
 
         <mkdir dir="${basedir}/${build.dir}/${target.prefix}" />
-        <junit fork="yes" dir="${basedir}/${build.dir}/${target.prefix}" failureProperty="test.failed" printsummary="${junit.printsummary}" maxmemory="1536m">
+        <junit fork="yes" dir="${basedir}/${build.dir}/${target.prefix}" failureProperty="test.failed" printsummary="${junit.printsummary}" maxmemory="${junit.maxmemory}">
             <classpath>
                 <path refid="project.classpath" /> 
                 <fileset dir="${artifacts.jars.dir}">

ant/jdk13.xml

@@ -13,6 +13,7 @@
     <property name="artifacts.dir" value="${build.dir}/artifacts/${jdk.name}" />
     <property name="target.prefix" value="jdk13" />
     <property name="javadoc.args" value="-protected" />
+    <property name="junit.maxmemory" value="1536m" />
 
     <target name="init">
         <mkdir dir="${src.dir}" />
@@ -55,6 +56,7 @@
                 <exclude name="**/asymmetric/dstu/*.java" />
                 <exclude name="**/Logging*.java" />
                 <exclude name="**/provider/config/PKCS12StoreParameter.java" />
+                <exclude name="**/COMPOSITE.java"/>
                 <exclude name="**/gemss/*.java"/>
                 <exclude name="**/rainbow/*.java"/>
                 <exclude name="**/Rainbow*.java"/>
@@ -89,6 +91,7 @@
                 <exclude name="**/gemss/*.java" />
                 <exclude name="**/CertPathReviewer*.java" />
                 <exclude name="**/PKIXCertPathReviewer.java" />
+                <exclude name="**/COMPOSITE.java"/>
                 <exclude name="**/PKIXAttrCert*.java" />
                 <exclude name="**/PKIXNameConstraints*.java" />
                 <exclude name="**/PKCS12StoreParameter.java" />
@@ -248,6 +251,7 @@
                 <exclude name="**/jce/provider/test/CertLocaleTest.java" />
             </fileset>
             <fileset dir="pkix/src/test/java">
+                <exclude name="**/CheckNameConstraintsTest.java"/>
                 <exclude name="**/pkix/test/RevocationTest.java"/>
                 <exclude name="**/SunProviderTest.java" />
                 <exclude name="**/NullProviderTest.java" />
@@ -328,19 +332,29 @@
 
         <replaceregexp match="${regexp}" replace=" " flags="g" byline="true">
             <fileset dir="${src.dir}">
-              <include name="**/*.java"/>
+                <include name="**/*.java"/>
+                <exclude name="**/SICBlockCipher.java"/>
             </fileset>
         </replaceregexp>
         <replaceregexp match="(List|Map|Set) >" replace="\1" flags="g" byline="true">
             <fileset dir="${src.dir}">
                 <include name="**/*.java"/>
                 <exclude name="**/MultipartParserTest.java"/>
+                <exclude name="**/SICBlockCipher.java"/>
+            </fileset>
+        </replaceregexp>
+        <replaceregexp match="StringBuilder" replace="StringBuffer" flags="g" byline="true">
+            <fileset dir="${src.dir}">
+                <include name="**/*.java"/>
+                <exclude name="**/MultipartParserTest.java"/>
+                <exclude name="**/SICBlockCipher.java"/>
             </fileset>
         </replaceregexp>
         <replaceregexp match="LinkedHashSet" replace="HashSet" flags="g" byline="true">
             <fileset dir="${src.dir}">
                 <include name="**/*.java"/>
                 <exclude name="**/MultipartParserTest.java"/>
+                <exclude name="**/SICBlockCipher.java"/>
             </fileset>
         </replaceregexp>
         <replaceregexp match="\.\.\." replace="[]" flags="g" byline="true">

ant/jdk14.xml

@@ -12,6 +12,7 @@
     <property name="artifacts.dir" value="${build.dir}/artifacts/${jdk.name}"/>
     <property name="target.prefix" value="jdk14"/>
     <property name="javadoc.args" value="-breakiterator"/>
+    <property name="junit.maxmemory" value="1536m" />
 
     <target name="init">
         <mkdir dir="${src.dir}"/>

ant/jdk15+.xml

@@ -10,6 +10,8 @@
     <property name="src.dir" value="${build.dir}/${jdk.name}" />
     <property name="target.prefix" value="jdk15to18" />
     <property name="javadoc.args" value="-breakiterator" />
+    <property name="jmail.present" value="true" />
+    <property name="junit.maxmemory" value="1536m" />
 
     <target name="clean">
         <delete dir="${build.dir}" />

ant/jdk18+.xml

@@ -10,6 +10,7 @@
     <property name="src.dir" value="${build.dir}/${jdk.name}" />
     <property name="target.prefix" value="jdk18on" />
     <property name="javadoc.args" value="-breakiterator -Xdoclint:none -quiet" />
+    <property name="junit.maxmemory" value="4096m" />
 
     <target name="clean">
         <delete dir="${build.dir}" />

bc-build.properties

@@ -6,7 +6,7 @@
 release.suffix: 1.79
 release.name: 1.79
 release.version: 1.79
-release.debug: false
+release.debug: true
 
 mail.jar.home: ./libs/javax.mail-1.4.7.jar
 activation.jar.home:  ./libs/activation-1.1.1.jar

build.gradle

@@ -266,7 +266,7 @@ subprojects {
     }
 
     tasks.withType(JavaCompile).configureEach {
-        options.debug = false;
+        options.debug = true;
     }
 
     tasks.withType(Test).configureEach {

build1-1

@@ -9,7 +9,7 @@
 JDK11PATH=/opt/jdk1.1.8   # JDK 1.1 location
 
 base=$1
-version=`echo $base | sed -e "s/\([0-9]\)\([0-9a-z]*\)/\1.\2/"`
+version=`echo $base | sed -e "s/\([0-9]\).\([0-9a-z]*\)/\1.\2/"`
 
 WINDOWTITLE="Bouncy Castle Cryptography $version API Specification"
 HEADER="<b>Bouncy Castle Cryptography $version</b>"
@@ -48,6 +48,7 @@ mkdir -p $jdk11src
 ((cd pg/src/main/jdk1.5 && tar cf - * ) | (cd $jdk11src && tar xf -))
 ((cd pg/src/main/jdk1.4 && tar cf - * ) | (cd $jdk11src && tar xf -))
 ((cd pg/src/main/jdk1.3 && tar cf - * ) | (cd $jdk11src && tar xf -))
+((cd pg/src/main/jdk1.2 && tar cf - * ) | (cd $jdk11src && tar xf -))
 ((cd pg/src/main/jdk1.1 && tar cf - * ) | (cd $jdk11src && tar xf -))
 ((cd pkix/src/main/jdk1.4 && tar cf - * ) | (cd $jdk11src && tar xf -))
 ((cd pkix/src/test/jdk1.4 && tar cf - * ) | (cd $jdk11src && tar xf -))
@@ -75,11 +76,8 @@ find $jdk11src -name "*.java" -exec scripts/useseccert.sh \{\} \;
     rm -rf org/bouncycastle/math/ec/rfc8032/test
     rm -rf org/bouncycastle/crypto/test/ntru
     rm -rf org/bouncycastle/pqc/crypto/lms
-    rm -rf org/bouncycastle/pqc/jcajce/provider/lms
-    rm -rf org/bouncycastle/pqc/jcajce/provider/LMS*
+    rm -rf org/bouncycastle/pqc/jcajce
     rm -rf org/bouncycastle/pqc/crypto/*/LMS*
-    rm org/bouncycastle/pqc/jcajce/spec/LMS*
-    rm org/bouncycastle/pqc/jcajce/*/Rainbow*
     rm -rf org/bouncycastle/pqc/crypto/*/HSS*
     rm -rf org/bouncycastle/pqc/math/ntru
     rm -rf org/bouncycastle/pqc/crypto/ntru
@@ -177,6 +175,7 @@ find $jdk11src -name "*.java" -exec scripts/useseccert.sh \{\} \;
     rm org/bouncycastle/asn1/test/ASN1SequenceParserTest.java
     rm org/bouncycastle/asn1/cms/test/OctetStringTest.java
     rm org/bouncycastle/asn1/cms/test/ParseTest.java
+    rm org/bouncycastle/asn1/cms/test/KEMRecipientInfoTest.java
     rm org/bouncycastle/asn1/cmc/test/CMCFailInfoTest.java
     rm org/bouncycastle/asn1/cmc/test/CMCStatusTest.java
     rm org/bouncycastle/asn1/test/ASN1IntegerTest.java
@@ -186,7 +185,6 @@ find $jdk11src -name "*.java" -exec scripts/useseccert.sh \{\} \;
     rm -rf org/bouncycastle/jcajce/provider/asymmetric/util/EC5*.java
     rm -rf org/bouncycastle/jcajce/provider/drbg
     rm org/bouncycastle/asn1/test/EnumeratedTest.java
-    rm -rf org/bouncycastle/pqc/jcajce
     rm -rf org/bouncycastle/pqc/crypto/qtesla/QTeslaKeyEncodingTests.java
     rm -r org/bouncycastle/crypto/test/speedy
     rm -r org/bouncycastle/crypto/test/cavp
@@ -243,6 +241,7 @@ find $jdk11src -name "*.java" -exec scripts/useseccert.sh \{\} \;
     rm org/bouncycastle/pqc/crypto/test/XWingTest.java
     rm org/bouncycastle/cert/test/GOSTR3410_2012_256GenerateCertificate.java
     rm org/bouncycastle/cert/cmp/test/InvalidMessagesTest.java
+    rm org/bouncycastle/cert/cmp/test/TestUtils.java
     rm org/bouncycastle/test/JVMVersionTest.java
     rm org/bouncycastle/cms/jcajce/JceAADStream.java
     rm org/bouncycastle/cms/jcajce/JceCMSKEM*.java
@@ -261,6 +260,9 @@ find $jdk11src -name "*.java" -exec scripts/useseccert.sh \{\} \;
     rm -rf org/bouncycastle/pqc/crypto/test/BIKE*
     rm -rf org/bouncycastle/pqc/crypto/test/Rainbow*
     rm -rf org/bouncycastle/pqc/crypto/test/GeMSS*
+    rm -rf org/bouncycastle/pqc/crypto/test/MLKEM*
+    rm -rf org/bouncycastle/pqc/crypto/test/MLDSA*
+    rm -rf org/bouncycastle/pqc/crypto/test/SLHDSA*
     rm -rf org/bouncycastle/pqc/crypto/*/SIKE*
     rm -rf org/bouncycastle/pqc/crypto/sike
     rm -rf org/bouncycastle/pqc/legacy/crypto/sike
@@ -277,7 +279,9 @@ find $jdk11src -name "*.java" -exec scripts/useseccert.sh \{\} \;
     rm org/bouncycastle/pkix/jcajce/PKIXCRLUtil.java
     rm -r org/bouncycastle/pkix/util
     rm -rf org/bouncycastle/pkix/test/Revocation*
+    rm -rf org/bouncycastle/pkix/test/CheckNameConstraintsTest*
     rm -rf org/bouncycastle/pkix/test/TestUtil*
+    rm -rf org/bouncycastle/jce/provider/test/PKIXNameConstraintsTest.java
     rm org/bouncycastle/pkix/test/CheckerTest.java
     rm org/bouncycastle/cms/jcajce/JceKeyTransAuthEnvelopedRecipient.java
     rm -rf org/bouncycastle/mime/
@@ -299,6 +303,7 @@ find $jdk11src -name "*.java" -exec scripts/useseccert.sh \{\} \;
     rm -rf org/bouncycastle/asn1/test/CMCFailInfoTest.java
     rm -rf org/bouncycastle/asn1/test/CMCStatusTest.java
     rm -rf org/bouncycastle/jce/provider/test/SM2SignatureTest.java
+    rm -f  org/bouncycastle/jcajce/provider/asymmetric/COMPOSITE.java
     rm -f  org/bouncycastle/jcajce/provider/drbg/EntropyGatherer.java
     rm -f  org/bouncycastle/jcajce/provider/drbg/EntropyDaemon.java
     rm -f  org/bouncycastle/jcajce/provider/asymmetric/Dilithium.java
@@ -311,6 +316,7 @@ find $jdk11src -name "*.java" -exec scripts/useseccert.sh \{\} \;
     rm -f  org/bouncycastle/openpgp/test/BcpgGeneralTest.java
     rm -f  org/bouncycastle/openpgp/test/OpenPGPTest.java
 
+
     sh ../../scripts/jdk1.2ed.sh > /dev/null 2>&1
     sh ../../scripts/jdk1.1ed.sh > /dev/null 2>&1
 
@@ -397,7 +403,7 @@ then
 
         (cd src/java/; javac -d ../../classes -classpath ../../classes:../../src:$JDK11PATH/lib/classes.zip */*.java)
         (cd src/org/bouncycastle; javac -J-mx768m -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip *.java ; javac -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip */*.java; javac -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip */p*/*.java
-javac -J-mx768m -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip */a*/*.java 
+javac -J-mx768m -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip */a*/*.java */util/*.java
 javac -J-mx768m -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip */d*/*.java 
 javac -J-mx768m -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip a*/e*/*.java 
 javac -J-mx768m -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip c*/e*/*.java 
@@ -448,10 +454,42 @@ then
     mkdir $artifacts/jce-jdk11-$base
     mkdir $artifacts/jce-jdk11-$base/src
     tar cf - index.html LICENSE.html CONTRIBUTORS.html docs | (cd $artifacts/jce-jdk11-$base; tar xf -)
+    mkdir -p $jdk11src/org/bouncycastle/pqc/jcajce/provider/util
+    cp prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/BaseKeyFactorySpi.java $jdk11src/org/bouncycastle/pqc/jcajce/provider/util/BaseKeyFactorySpi.java
+    cp prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/KeyUtil.java $jdk11src/org/bouncycastle/pqc/jcajce/provider/util/KeyUtil.java
+    cp prov/src/main/jdk1.1/org/bouncycastle/pqc/jcajce/provider/util/SpecUtil.java $jdk11src/org/bouncycastle/pqc/jcajce/provider/util/SpecUtil.java
+    cp prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/WrapUtil.java $jdk11src/org/bouncycastle/pqc/jcajce/provider/util/WrapUtil.java
+    cp prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/KdfUtil.java $jdk11src/org/bouncycastle/pqc/jcajce/provider/util/KdfUtil.java
+    ed $jdk11src/org/bouncycastle/pqc/jcajce/provider/util/BaseKeyFactorySpi.java <<%%
+g/<ASN1ObjectIdentifier>/s///g
+w
+q
+%%
+    ed $jdk11src/org/bouncycastle/jcajce/provider/asymmetric/util/BaseDeterministicOrRandom*.java <<%%
+1
+/private final/
+a
+    protected SecureRandom appRandom = null;
+.
+w
+q
+g/<ASN1ObjectIdentifier>/s///g
+w
+q
+%%
+    for i in $jdk11src/org/bouncycastle/jcajce/provider/asymmetric/slhdsa/*.java $jdk11src/org/bouncycastle/jcajce/provider/asymmetric/mldsa/*.java $jdk11src/org/bouncycastle/jcajce/provider/asymmetric/mlkem/*.java
+    do
+    ed $i <<%%
+g/final /s///
+w
+q
+%%
+    done
     (cd $jdk11src && tar cf - java javax org/bouncycastle/LICENSE.java \
     org/bouncycastle/test org/bouncycastle/math org/bouncycastle/internal org/bouncycastle/crypto org/bouncycastle/util org/bouncycastle/asn1 org/bouncycastle/pqc/math org/bouncycastle/pqc org/bouncycastle/jce org/bouncycastle/jcajce org/bouncycastle/x509 ) \
     | (cd $artifacts/jce-jdk11-$base/src && tar xf -)
 
+
     (
     cd $artifacts/jce-jdk11-$base; mkdir classes; mkdir javadoc;
 
@@ -690,6 +728,7 @@ then
     rm -rf src/org/bouncycastle/asn1/*/test
     rm -rf src/org/bouncycastle/gpg/keybox
     rm -rf src/org/bouncycastle/gpg/test
+    rm -rf src/org/bouncycastle/bcpg/test/SignatureSubpacketsTest.java
     rm -f src/org/bouncycastle/openpgp/test/PGPCanonicalizedDataGeneratorTest.java
     rm -f src/org/bouncycastle/openpgp/test/DSA2Test.java
     rm -f src/org/bouncycastle/openpgp/test/PGPUnicodeTest.java
@@ -704,6 +743,15 @@ then
     rm -f  src/org/bouncycastle/openpgp/test/OpenPGPTest.java
     rm -f  src/org/bouncycastle/openpgp/test/OperatorBcTest.java
     rm -f  src/org/bouncycastle/openpgp/test/PGPGeneralTest.java
+    rm  src/org/bouncycastle/openpgp/test/EdDSAKeyC*.java
+    rm  src/org/bouncycastle/openpgp/test/ECDSAKeyPairTest.java
+    rm  src/org/bouncycastle/openpgp/test/Legacy*KeyPairTest.java
+    rm  src/org/bouncycastle/openpgp/test/Dedicated*KeyPairTest.java
+    rm  src/org/bouncycastle/openpgp/test/AEADProtected*Test.java
+    rm  src/org/bouncycastle/openpgp/test/*Argon2*.java
+    rm  src/org/bouncycastle/openpgp/test/Curve*PrivateKeyEncoding*.java
+    rm  src/org/bouncycastle/openpgp/test/OperatorJcajceTest.java
+    rm  src/org/bouncycastle/openpgp/test/PGPPaddingTest.java
 
     find src -name AllTests.java -exec rm {} \;
 
@@ -818,6 +866,20 @@ w
 q
 %
 
+    for i in src/org/bouncycastle/bcpg/UnknownPacket.java src/org/bouncycastle/bcpg/PacketFormat.java src/org/bouncycastle/bcpg/KeyIdentifier.java src/org/bouncycastle/bcpg/OnePassSignaturePacket.java
+do
+ed $i <<%
+g/private.*final.*;/s/final//
+w
+q
+%
+done
+
+    ed src/org/bouncycastle/bcpg/AEADEncDataPacket.java <<%
+g/private.*final.*;/s/final//
+w
+q
+%
     ed src/org/bouncycastle/openpgp/operator/bc/BcPublicKeyDataDecryptorFactory.java <<%
 g/private.*final.*;/s/final//
 w