fix(java): fix disallowed.txt check in windows (#2128)

## What does this PR do?
- add windows ci for java21
- Fix sha256 check error on windows:

![Image](https://github.com/user-attachments/assets/b082fc7a-c929-42fc-a910-707f604251f4)
## Related issues

Closes #2100

## Does this PR introduce any user-facing change?

<!--
If any user-facing interface changes, please [open an
issue](https://github.com/apache/fury/issues/new/choose) describing the
need to do so and update the document if necessary.
-->

- [ ] Does this PR introduce any public API change?
- [ ] Does this PR introduce any binary protocol compatibility change?

## Benchmark

<!--
When the PR has an impact on performance (if you don't know whether the
PR will have an impact on performance, you can submit the PR first, and
if it will have impact on performance, the code reviewer will explain
it), be sure to attach a benchmark data here.
-->

Author: chaokunyang

.github/workflows/ci.yml

@@ -94,6 +94,26 @@ jobs:
         run: ./ci/run_ci.sh install_pyfury
       - name: Run CI with Maven
         run: ./ci/run_ci.sh java${{ matrix.java-version }}
+
+  java21_windows:
+    name: Windows Java 21 CI
+    runs-on: windows-2022
+    env:
+      MY_VAR: "PATH"
+    strategy:
+      matrix:
+        java-version: ["21"]
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK ${{ matrix.java-version }}
+        uses: actions/setup-java@v4
+        with:
+          java-version: ${{ matrix.java-version }}
+          distribution: "temurin"
+      - name: Run CI with Maven
+        shell: bash
+        run: ./ci/run_ci.sh windows_java21
+
   graalvm:
     name: GraalVM CI
     runs-on: ubuntu-latest
@@ -113,6 +133,7 @@ jobs:
         with:
           python-version: 3.8
       - name: Build native image and run
+        shell: bash
         run: ./ci/run_ci.sh graalvm_test
 
   scala:

ci/run_ci.sh

@@ -162,6 +162,19 @@ jdk17_plus_tests() {
   echo "Executing latest_jdk_tests succeeds"
 }
 
+windows_java21_test() {
+  java -version
+  echo "Executing fury java tests"
+  cd "$ROOT/java"
+  set +e
+  mvn -T10 --batch-mode --no-transfer-progress test -Dtest=!org.apache.fury.CrossLanguageTest install -pl '!fury-format,!fury-testsuite'
+  testcode=$?
+  if [[ $testcode -ne 0 ]]; then
+    exit $testcode
+  fi
+  echo "Executing fury java tests succeeds"
+}
+
 case $1 in
     java8)
       echo "Executing fury java tests"
@@ -192,6 +205,9 @@ case $1 in
     java21)
       jdk17_plus_tests
     ;;
+    windows_java21)
+      windows_java21_test
+    ;;
     integration_tests)
       echo "Install jdk"
       install_jdks

java/fury-core/src/main/java/org/apache/fury/resolver/DisallowedList.java

@@ -27,32 +27,37 @@
 import java.security.NoSuchAlgorithmException;
 import java.util.Arrays;
 import java.util.Set;
+import java.util.TreeSet;
 import java.util.stream.Collectors;
 import org.apache.fury.exception.InsecureException;
 
 /** A class to record which classes are not allowed for serialization. */
 class DisallowedList {
   private static final String DISALLOWED_LIST_TXT_PATH = "fury/disallowed.txt";
-  // when disallowed.txt changed, update this hash by result of `sha256sum disallowed.txt`
+  // When the disallowed.txt file is modified, update this hash using the following steps:
+  // 1. Run the DisallowedListTest#testCalculateSHA256 test method
+  // 2. Copy the output hash from the test result
+  // 3. Replace the value of SHA256_HASH below with the new hash
+  // 4. Rerun all tests to ensure everything is working correctly with the new hash
   private static final String SHA256_HASH =
-      "30dc5228f52b02f61aff35a94d29ccd903abbf490d8231810c5e1c0321c56557";
+      "53ecb405085d795d45ce033cd4f1055ae06247a5dbaa617ecd20e4aac4303f60";
   private static final Set<String> DEFAULT_DISALLOWED_LIST_SET;
 
   static {
     try (InputStream is =
         DisallowedList.class.getClassLoader().getResourceAsStream(DISALLOWED_LIST_TXT_PATH)) {
       if (is != null) {
         byte[] fileBytes = readAllBytes(is);
-        String calculatedHash = calculateSHA256(fileBytes);
-        if (!SHA256_HASH.equals(calculatedHash)) {
-          // add a check to avoid some malicious overwrite disallowed.txt
-          throw new SecurityException("Disallowed list has been tampered");
-        }
         DEFAULT_DISALLOWED_LIST_SET =
             Arrays.stream(
                     new String(fileBytes, StandardCharsets.UTF_8).split(System.lineSeparator()))
                 .filter(line -> !line.isEmpty() && !line.startsWith("#"))
                 .collect(Collectors.toSet());
+        String calculatedHash = calculateSHA256(new TreeSet<>(DEFAULT_DISALLOWED_LIST_SET));
+        if (!SHA256_HASH.equals(calculatedHash)) {
+          // add a check to avoid some malicious overwrite disallowed.txt
+          throw new SecurityException("Disallowed list has been tampered");
+        }
       } else {
         throw new IllegalStateException(
             String.format("Read disallowed list %s failed", DISALLOWED_LIST_TXT_PATH));
@@ -74,10 +79,10 @@ private static byte[] readAllBytes(InputStream inputStream) throws IOException {
     return buffer.toByteArray();
   }
 
-  private static String calculateSHA256(byte[] input) {
+  private static String calculateSHA256(TreeSet<String> set) {
     try {
       MessageDigest digest = MessageDigest.getInstance("SHA-256");
-      byte[] hashBytes = digest.digest(input);
+      byte[] hashBytes = digest.digest(String.join(",", set).getBytes(StandardCharsets.UTF_8));
       StringBuilder hexString = new StringBuilder();
       for (byte b : hashBytes) {
         String hex = Integer.toHexString(0xff & b);

java/fury-core/src/test/java/org/apache/fury/resolver/DisallowedListTest.java

@@ -19,7 +19,15 @@
 
 package org.apache.fury.resolver;
 
+import java.io.BufferedReader;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.nio.charset.StandardCharsets;
 import java.rmi.server.UnicastRemoteObject;
+import java.security.MessageDigest;
+import java.util.Set;
+import java.util.TreeSet;
+import java.util.stream.Collectors;
 import org.apache.fury.Fury;
 import org.apache.fury.FuryTestBase;
 import org.apache.fury.config.Language;
@@ -30,6 +38,33 @@
 
 public class DisallowedListTest extends FuryTestBase {
 
+  @Test
+  public void testCalculateSHA256() throws Exception {
+    try (InputStream is =
+        DisallowedList.class.getClassLoader().getResourceAsStream("fury/disallowed.txt")) {
+      assert is != null;
+      Set<String> set =
+          new BufferedReader(new InputStreamReader(is, StandardCharsets.UTF_8))
+              .lines()
+              .filter(line -> !line.isEmpty() && !line.startsWith("#"))
+              .collect(Collectors.toSet());
+      MessageDigest digest = MessageDigest.getInstance("SHA-256");
+      byte[] hashBytes =
+          digest.digest(String.join(",", new TreeSet<>(set)).getBytes(StandardCharsets.UTF_8));
+      StringBuilder hexString = new StringBuilder();
+      for (byte b : hashBytes) {
+        String hex = Integer.toHexString(0xff & b);
+        if (hex.length() == 1) {
+          hexString.append('0');
+        }
+        hexString.append(hex);
+      }
+      System.out.println("SHA256 HASH for disallowed.txt is " + hexString);
+      Assert.assertEquals(
+          hexString.toString(), "53ecb405085d795d45ce033cd4f1055ae06247a5dbaa617ecd20e4aac4303f60");
+    }
+  }
+
   @Test
   public void testCheckHitDisallowedList() {
     // Hit the disallowed list.