package iaik.pki;

import iaik.asn1.structures.Name;
import iaik.logging.Log;
import iaik.logging.LogFactory;
import iaik.logging.TransactionId;
import iaik.pki.pathconstruction.CertPath;
import iaik.pki.pathconstruction.CertPathConstructor;
import iaik.pki.pathconstruction.ConstructionResult;
import iaik.pki.pathvalidation.ValidationFactory;
import iaik.pki.pathvalidation.ValidationProfile;
import iaik.pki.pathvalidation.ValidationResult;
import iaik.pki.pathvalidation.ValidationResultInvalid;
import iaik.pki.pathvalidation.ValidationResultValid;
import iaik.pki.revocation.RevocationSourceTypes;
import iaik.pki.store.certinfo.CertInfo;
import iaik.pki.store.certinfo.CertInfoStore;
import iaik.pki.store.certinfo.CertInfoStoreException;
import iaik.pki.store.certinfo.CertInfoStoreFactory;
import iaik.pki.store.certstore.CertStore;
import iaik.pki.store.certstore.CertStoreFactory;
import iaik.pki.store.revocation.CRLRevocationSource;
import iaik.pki.store.revocation.MemoryCRLRevocationSource;
import iaik.pki.store.revocation.OCSPRevocationSource;
import iaik.pki.store.revocation.RevocationFactory;
import iaik.pki.store.revocation.SupplementalRevocationSources;
import iaik.pki.store.truststore.TrustStore;
import iaik.pki.store.truststore.TrustStoreFactory;
import iaik.pki.store.truststore.TrustStoreProfile;
import iaik.pki.utils.ByteArrayContainer;
import iaik.pki.utils.Constants;
import iaik.pki.utils.DBTypeParser;
import iaik.pki.utils.NameUtils;
import iaik.pki.utils.UtilsException;
import iaik.x509.X509CRL;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
import iaik.x509.extensions.IssuingDistributionPoint;
import iaik.x509.ocsp.BasicOCSPResponse;
import iaik.x509.ocsp.CertID;
import iaik.x509.ocsp.OCSPResponse;
import iaik.x509.ocsp.ReqCert;
import iaik.x509.ocsp.SingleResponse;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Stack;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BKULocal.war:WEB-INF/lib/iaik_pki-2.00-MOA-MOCCA.jar:iaik/pki/C.class */
public class C implements PKIModule {
    protected static final String F = "Temporary memory store";
    protected static Log J = LogFactory.getLog(Constants.MODULE_NAME);
    protected static boolean D;
    protected PKIProfile I;
    protected CertPathConstructor H;
    protected ValidationFactory C;
    protected CertInfoStore A;
    protected CertInfoStore G;
    protected boolean B = false;
    protected Stack<ByteArrayContainer> E;

    /* JADX INFO: Access modifiers changed from: protected */
    public C(PKIProfile pKIProfile) {
        if (pKIProfile == null) {
            throw new NullPointerException("Profile mustn't be null");
        }
        this.I = pKIProfile;
        this.E = new Stack<>();
    }

    @Override // iaik.pki.PKIModule
    public void setValidationFactory(ValidationFactory validationFactory) {
        if (validationFactory == null) {
            throw new NullPointerException("Validation factory must not be null");
        }
        this.C = validationFactory;
    }

    @Override // iaik.pki.PKIModule
    public void setPathConstructor(CertPathConstructor certPathConstructor) {
        if (certPathConstructor == null) {
            throw new NullPointerException("Path constructor must not be null");
        }
        this.H = certPathConstructor;
    }

    @Override // iaik.pki.PKIModule
    public void setDefaultCertInfoStore(CertInfoStore certInfoStore) {
        if (certInfoStore == null) {
            throw new NullPointerException("Default CertInfoStore must not be null");
        }
        this.A = certInfoStore;
    }

    protected ConstructionResult A(TrustStore trustStore, CertInfo certInfo, boolean z, Date date, int i, TransactionId transactionId) throws PKIException {
        if (i == 0) {
            J.debug(transactionId, "Constructing path using supplemental certificates only.", null);
        }
        return this.H.constructCertPath(new ConstructionParametersImpl(trustStore, certInfo, D ? null : date, true, i, z), transactionId);
    }

    protected ValidationResult A(ValidationProfile validationProfile, List<CertInfo> list, Date date, SupplementalRevocationSources supplementalRevocationSources, boolean z, TransactionId transactionId) throws PKIException {
        return this.C.getPathValidator(validationProfile, transactionId).validateChain(list, date, this, this.I.getRevocationProfile(), supplementalRevocationSources, z, transactionId);
    }

    protected boolean A(boolean[] zArr, X509Certificate x509Certificate, TransactionId transactionId) throws PKIException {
        if (zArr == null) {
            J.debug(transactionId, "EE cert key usage checked disabled.", null);
            return true;
        }
        if (zArr.length != 9) {
            throw new PKIException("Key usage boolean[] must be of length 9.", null, getClass().getName() + ":1");
        }
        J.debug(transactionId, "Checking EE cert key usage.", null);
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage == null) {
            throw new PKIException("Certificate does not have any key usage extension.", null, getClass().getName() + ":2");
        }
        for (int i = 0; i < zArr.length; i++) {
            if (zArr[i] != (zArr[i] && keyUsage[i])) {
                J.info(transactionId, "Key usage check failed.", null);
                return false;
            }
        }
        return true;
    }

    @Override // iaik.pki.PKIModule
    public synchronized PKIResult validateCertificate(Date date, X509Certificate x509Certificate, X509Certificate[] x509CertificateArr, boolean[] zArr, TransactionId transactionId) throws PKIException {
        return validateCertificate(date, x509Certificate, x509CertificateArr, null, null, false, zArr, transactionId);
    }

    @Override // iaik.pki.PKIModule
    public synchronized PKIResult validateCertificate(Date date, X509Certificate x509Certificate, X509Certificate[] x509CertificateArr, X509CRL[] x509crlArr, OCSPResponse[] oCSPResponseArr, boolean z, boolean[] zArr, TransactionId transactionId) throws PKIException {
        if (x509Certificate != null) {
            return A(date, x509Certificate, A(date, x509CertificateArr, x509crlArr, oCSPResponseArr, z, false, transactionId), zArr, false, false, false, transactionId);
        }
        J.error(transactionId, "End entity certificate must not be null.", null);
        throw new NullPointerException("End entity certificate must not be null.");
    }

    @Override // iaik.pki.PKIModule
    public PKIResult validateCertificateChain(Date date, boolean z, X509Certificate[] x509CertificateArr, boolean[] zArr, TransactionId transactionId) throws PKIException {
        return validateCertificateChain(date, z, x509CertificateArr, null, null, null, false, zArr, transactionId);
    }

    @Override // iaik.pki.PKIModule
    public synchronized PKIResult validateCertificateChain(Date date, boolean z, X509Certificate[] x509CertificateArr, X509Certificate[] x509CertificateArr2, X509CRL[] x509crlArr, OCSPResponse[] oCSPResponseArr, boolean z2, boolean[] zArr, TransactionId transactionId) throws PKIException {
        if (x509CertificateArr == null) {
            J.error(transactionId, "Argument \"certificateChain\" must not be null.", null);
            throw new NullPointerException("Argument \"certificateChain\" must not be null.");
        }
        if (x509CertificateArr.length != 0) {
            return A(date, z, x509CertificateArr, A(date, x509CertificateArr2, x509crlArr, oCSPResponseArr, z2, true, transactionId), zArr, false, false, transactionId);
        }
        J.error(transactionId, "Certificate chain to be validated must not be empty.", null);
        throw new IllegalArgumentException("Certificate chain to be validated must not be empty.");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized PKIResult A(Date date, X509Certificate x509Certificate, SupplementalRevocationSources supplementalRevocationSources, boolean[] zArr, boolean z, boolean z2, boolean z3, TransactionId transactionId) throws PKIException {
        TrustStoreProfile trustStoreProfile;
        if (date == null) {
            throw new NullPointerException("Argument \"concernedDate\" is null.");
        }
        if (!A(zArr, x509Certificate, transactionId)) {
            return new B(false, null, null);
        }
        boolean useSupplementalRevocationSourcesOnly = supplementalRevocationSources == null ? false : supplementalRevocationSources.useSupplementalRevocationSourcesOnly();
        CertInfoStore certInfoStore = this.G;
        boolean z4 = z2;
        if (!z4) {
            z4 = this.I.autoAddCertificates() == 2;
        }
        CertInfo createCertInfo = certInfoStore.createCertInfo(x509Certificate, z4, transactionId);
        if (!z3 || this.I.getIndirectRevocationTrustStoreProfile() == null) {
            trustStoreProfile = this.I.getTrustStoreProfile();
        } else {
            trustStoreProfile = this.I.getIndirectRevocationTrustStoreProfile();
            J.debug(transactionId, "Using trust profile for indirect revocation sources.", null);
        }
        if (trustStoreProfile == null) {
            throw new NullPointerException("Truststore profile mustn't be null");
        }
        TrustStore trustStoreFactory = TrustStoreFactory.getInstance(trustStoreProfile, transactionId);
        ValidationProfile validationProfile = this.I.getValidationProfile();
        if (validationProfile == null) {
            throw new NullPointerException("validation profile mustn't be null");
        }
        this.B = false;
        ConstructionResult A = A(trustStoreFactory, createCertInfo, this.I.useAuthorityInfoAccess(), date, useSupplementalRevocationSourcesOnly ? 0 : 1, transactionId);
        if (A.getChainsCount() == 0) {
            J.info(transactionId, "No certification path found", null);
            return new B(true, A, null);
        }
        ValidationResult validationResult = null;
        B b = null;
        int i = 0;
        J.debug(transactionId, "found " + A.getChainsCount() + " chains", null);
        Iterator<CertPath> chainIterator = A.getChainIterator();
        while (chainIterator.hasNext()) {
            i++;
            CertPath next = chainIterator.next();
            iaik.pki.pathconstruction.B chain = next.getChain();
            A(chain, i, transactionId);
            ByteArrayContainer byteArrayContainer = new ByteArrayContainer(x509Certificate.getFingerprintSHA());
            if (this.E.contains(byteArrayContainer)) {
                J.error(transactionId, "Cycling chain validation dependency", null);
                throw new PKIException("Cyclic chain validating dependency.", null, getClass().getName() + ":5");
            }
            this.E.push(byteArrayContainer);
            validationResult = A(validationProfile, chain, date, supplementalRevocationSources, z, transactionId);
            if (validationResult.getValidationResult().equals(ValidationResult.VALID)) {
                J.info(transactionId, "Found valid cert chain", null);
                if (this.E.size() > 0) {
                    this.E.pop();
                }
                List<Object> additionalInfoList = next.getAdditionalInfoList();
                if (additionalInfoList != null && !additionalInfoList.isEmpty()) {
                    validationResult = new ValidationResultValidImpl((ValidationResultValid) validationResult, additionalInfoList);
                }
                return new B(true, A, validationResult);
            }
            if (validationResult.getValidationResult().equals(ValidationResult.INVALID)) {
                ValidationResultInvalid validationResultInvalid = (ValidationResultInvalid) validationResult;
                J.debug(transactionId, "Chain validation failed: " + validationResultInvalid.getFailedReason() + " error", null);
                if (this.E.size() > 0) {
                    this.E.pop();
                }
                if (validationResultInvalid.getFailedReason().equals(ValidationResultInvalid.REVOCATION_FAILED)) {
                    b = new B(true, A, validationResult);
                }
            }
        }
        if (!validationResult.getValidationResult().equals(ValidationResult.VALID)) {
            J.info(transactionId, "Certificate validation failed", null);
            return b == null ? new B(true, A, validationResult) : b;
        }
        if (this.E.size() > 0) {
            this.E.pop();
        }
        J.info(transactionId, "Found valid cert chain", null);
        return new B(true, A, validationResult);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized PKIResult A(Date date, boolean z, X509Certificate[] x509CertificateArr, SupplementalRevocationSources supplementalRevocationSources, boolean[] zArr, boolean z2, boolean z3, TransactionId transactionId) throws PKIException {
        if (x509CertificateArr == null) {
            J.error(transactionId, "Argument \"certificateChain\" must not be null.", null);
            throw new NullPointerException("Argument \"certificateChain\" must not be null.");
        }
        int length = x509CertificateArr.length;
        if (length == 0) {
            J.error(transactionId, "Certificate chain to be validated must not be empty.", null);
            throw new IllegalArgumentException("Certificate chain to be validated must not be empty.");
        }
        TrustStoreProfile trustStoreProfile = this.I.getTrustStoreProfile();
        if (trustStoreProfile == null) {
            throw new NullPointerException("Truststore profile mustn't be null");
        }
        if (z && !TrustStoreFactory.getInstance(trustStoreProfile, transactionId).isCertificateTrusted(x509CertificateArr[length - 1], date, transactionId).isCertificateTrusted()) {
            J.info(transactionId, "Last certificate in chain is not a trusted certificate.", null);
            return new B(true, null, null);
        }
        X509Certificate x509Certificate = x509CertificateArr[0];
        if (!A(zArr, x509Certificate, transactionId)) {
            return new B(false, null, null);
        }
        CertInfoStore certInfoStore = this.G;
        boolean z4 = z3;
        if (!z4) {
            z4 = this.I.autoAddCertificates() == 2;
        }
        CertInfo createCertInfo = certInfoStore.createCertInfo(x509Certificate, z4, transactionId);
        ArrayList arrayList = new ArrayList(length);
        arrayList.add(createCertInfo);
        boolean z5 = this.I.autoAddCertificates() > 0;
        for (int i = 1; i < length; i++) {
            arrayList.add(certInfoStore.createCertIssuer(certInfoStore.createCertInfo(x509CertificateArr[i], z5, transactionId), 0, transactionId));
        }
        ValidationProfile validationProfile = this.I.getValidationProfile();
        if (validationProfile == null) {
            throw new NullPointerException("validation profile mustn't be null");
        }
        this.B = false;
        A(arrayList, 1, transactionId);
        ByteArrayContainer byteArrayContainer = new ByteArrayContainer(x509Certificate.getFingerprintSHA());
        if (this.E.contains(byteArrayContainer)) {
            J.error(transactionId, "Cycling chain validation dependency", null);
            throw new PKIException("Cyclic chain validating dependency.", null, getClass().getName() + ":5");
        }
        this.E.push(byteArrayContainer);
        ValidationResult A = A(validationProfile, arrayList, date, supplementalRevocationSources, z2, transactionId);
        if (A.getValidationResult().equals(ValidationResult.VALID)) {
            J.info(transactionId, "Found valid cert chain", null);
        }
        if (A.getValidationResult().equals(ValidationResult.INVALID)) {
            J.debug(transactionId, "Chain validation failed: " + ((ValidationResultInvalid) A).getFailedReason() + " error", null);
        }
        if (this.E.size() > 0) {
            this.E.pop();
        }
        return new B(true, null, A);
    }

    protected SupplementalRevocationSources A(Date date, X509Certificate[] x509CertificateArr, X509CRL[] x509crlArr, OCSPResponse[] oCSPResponseArr, boolean z, boolean z2, TransactionId transactionId) throws PKIException {
        if (date == null) {
            J.error(transactionId, "Parameter \"concernedDate\" must not be null.", null);
            throw new NullPointerException("Parameter \"concernedDate\" must not be null.");
        }
        if (this.I == null) {
            J.error(transactionId, "Profile must't be null", null);
            throw new NullPointerException("Profile mustn't be null");
        }
        this.E.clear();
        this.G = null;
        A(z, transactionId);
        A(x509CertificateArr, z, z2, transactionId);
        return A(x509crlArr, oCSPResponseArr, z, transactionId);
    }

    protected void A(boolean z, TransactionId transactionId) throws PKIException {
        if (this.I.autoAddCertificates() != 0 && !z) {
            if (!this.A.hasWriteableCertStore(transactionId)) {
                throw new PKIException("Can not auto add certificates, no writeable certstore configured", null, getClass().getName() + ":3");
            }
            this.G = this.A;
        } else {
            this.G = CertInfoStoreFactory.getInstance(new CertStore[]{CertStoreFactory.getInstance(new GenericCertStoreParameters(F, false, "memory"), transactionId)});
            if (z) {
                return;
            }
            Iterator<CertStore> it = this.A.getCertStores(transactionId).iterator();
            while (it.hasNext()) {
                this.G.addCertStore(it.next(), transactionId);
            }
        }
    }

    protected void A(X509Certificate[] x509CertificateArr, boolean z, boolean z2, TransactionId transactionId) throws CertInfoStoreException {
        if (z && !z2) {
            if (x509CertificateArr == null) {
                J.error(transactionId, "Should use supplemental certificate data only, but no supplemental certificate data available.", null);
                throw new IllegalArgumentException("Should use supplemental certificate data only, but no supplemental certificate data available.");
            }
            if (x509CertificateArr != null && x509CertificateArr.length == 0) {
                J.error(transactionId, "Should use supplemental certificate data only, but no supplemental certificate data available.", null);
                throw new IllegalArgumentException("Should use supplemental certificate data only, but no supplemental certificate data available.");
            }
        }
        if (x509CertificateArr != null) {
            for (int i = 0; i < x509CertificateArr.length; i++) {
                X509Certificate x509Certificate = x509CertificateArr[i];
                if (x509Certificate != null) {
                    this.G.createCertInfo(x509Certificate, true, transactionId);
                    if (z && this.I.autoAddCertificates() > 0 && this.A != null && this.A.hasWriteableCertStore(transactionId)) {
                        this.A.createCertInfo(x509Certificate, true, transactionId);
                    }
                } else {
                    J.warn(transactionId, "Entry number " + i + " in array \"supplementalCertificates\" is null, ignoring ...", null);
                }
            }
        }
    }

    protected SupplementalRevocationSources A(X509CRL[] x509crlArr, OCSPResponse[] oCSPResponseArr, boolean z, TransactionId transactionId) throws PKIException {
        SupplementalRevocationSources createSupplementalRevocationSources = RevocationFactory.getInstance(transactionId).createSupplementalRevocationSources(z);
        if (this.I.getValidationProfile().getRevocationChecking()) {
            if (z) {
                if (x509crlArr == null && oCSPResponseArr == null) {
                    J.error(transactionId, "Should use supplemental revocation data only, but no supplemental revocation data available.", null);
                    throw new IllegalArgumentException("Should use supplemental revocation data only, but no supplemental revocation data available.");
                }
                if (x509crlArr != null && x509crlArr.length == 0 && oCSPResponseArr != null && oCSPResponseArr.length == 0) {
                    J.error(transactionId, "Should use supplemental revocation data only, but no supplemental revocation data available.", null);
                    throw new IllegalArgumentException("Should use supplemental revocation data only, but no supplemental revocation data available.");
                }
            }
            if (x509crlArr != null) {
                int length = x509crlArr.length;
                Hashtable<String, CRLRevocationSource> hashtable = new Hashtable<>(length);
                for (int i = 0; i < length; i++) {
                    X509CRL x509crl = x509crlArr[i];
                    if (x509crl != null) {
                        try {
                            IssuingDistributionPoint issuingDistributionPoint = (IssuingDistributionPoint) x509crl.getExtension(IssuingDistributionPoint.oid);
                            int reasonFlags = issuingDistributionPoint != null ? issuingDistributionPoint.getReasonFlags() : -1;
                            try {
                                Name name = (Name) x509crl.getIssuerDN();
                                String str = NameUtils.getNormalizedName(name) + reasonFlags;
                                MemoryCRLRevocationSource memoryCRLRevocationSource = (MemoryCRLRevocationSource) hashtable.get(str);
                                if (memoryCRLRevocationSource == null) {
                                    CRLRevocationSource cRLRevocationSource = (CRLRevocationSource) RevocationFactory.getInstance(transactionId).createRevocationSource(Constants.DUMMY_URI, "crl");
                                    ((MemoryCRLRevocationSource) cRLRevocationSource).setCRL(x509crl, transactionId);
                                    cRLRevocationSource.setIsSupplemental();
                                    hashtable.put(str, cRLRevocationSource);
                                } else {
                                    if (!memoryCRLRevocationSource.getCRL().equals(x509crl)) {
                                        throw new PKIException("Two different supplemental CRLs for same issuer and reason code (issuer: " + name + ", reason code: " + reasonFlags + ").", null, getClass().getName() + ":6");
                                    }
                                    J.warn(transactionId, "Same crl is passed twice in supplemntal crls.", null);
                                }
                            } catch (UtilsException e) {
                                throw new PKIException("Error on normalizing issuer name of supplemental CRL.", e, getClass().getName() + ":4");
                            }
                        } catch (X509ExtensionInitException e2) {
                            throw new PKIException("Error when trying to read Issuing distribution point extension of supplemental crl.", null, getClass().getName() + ":8");
                        }
                    } else {
                        J.warn(transactionId, "Entry number " + i + " in array \"supplementalCrls\" is null, ignoring ...", null);
                    }
                }
                createSupplementalRevocationSources.setCrlRevocationSources(hashtable);
                J.debug(transactionId, "Built supplemental CRL revocation sources table. Size: " + hashtable.size(), null);
            }
            if (oCSPResponseArr != null) {
                int length2 = oCSPResponseArr.length;
                Hashtable<CertID, OCSPRevocationSource> hashtable2 = new Hashtable<>(length2);
                for (int i2 = 0; i2 < length2; i2++) {
                    OCSPResponse oCSPResponse = oCSPResponseArr[i2];
                    if (oCSPResponse != null) {
                        for (SingleResponse singleResponse : ((BasicOCSPResponse) oCSPResponse.getResponse()).getSingleResponses()) {
                            ReqCert reqCert = singleResponse.getReqCert();
                            CertID certID = (CertID) reqCert.getReqCert();
                            OCSPRevocationSource oCSPRevocationSource = hashtable2.get(certID);
                            if (oCSPRevocationSource == null) {
                                OCSPRevocationSource oCSPRevocationSource2 = (OCSPRevocationSource) RevocationFactory.getInstance(transactionId).createRevocationSource(Constants.DUMMY_URI, RevocationSourceTypes.OCSP);
                                oCSPRevocationSource2.setReqCert(reqCert);
                                oCSPRevocationSource2.setOCSPResponse(oCSPResponse, transactionId);
                                oCSPRevocationSource2.setIsSupplemental();
                                hashtable2.put(certID, oCSPRevocationSource2);
                                createSupplementalRevocationSources.addOcspRequestHashAlgorithmId(certID.getHashAlgorithm());
                            } else {
                                if (!Arrays.equals(oCSPRevocationSource.getOCSPResponse().getEncoded(), oCSPResponse.getEncoded())) {
                                    throw new PKIException("Two different supplemental OCSP responses for the same certificate.", null, getClass().getName() + ":7");
                                }
                                J.warn(transactionId, "Same ocsp response is passed twice in supplemntal ocsp responses.", null);
                            }
                        }
                    } else {
                        J.warn(transactionId, "Entry number " + i2 + " in array \"supplementalOCSPResponses\" is null, ignoring ...", null);
                    }
                }
                createSupplementalRevocationSources.setOcspRevocationSources(hashtable2);
                J.debug(transactionId, "Built supplemental OCSP revocation sources table. Size: " + hashtable2.size(), null);
            }
        }
        return createSupplementalRevocationSources;
    }

    protected void A(List<CertInfo> list, int i, TransactionId transactionId) {
        if (J.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder("Validating chain number " + i + DBTypeParser.SEPARATOR);
            int i2 = 1;
            try {
                Iterator<CertInfo> it = list.iterator();
                while (it.hasNext()) {
                    X509Certificate certificate = it.next().getCertificate(transactionId);
                    sb.append(Constants.LINE_SEPARATOR);
                    sb.append("cert ");
                    sb.append(i2);
                    sb.append(": srlNr: ");
                    sb.append(certificate.getSerialNumber());
                    sb.append(", subjectDN: ");
                    sb.append(certificate.getSubjectDN());
                    i2++;
                }
                J.debug(transactionId, sb.toString(), null);
            } catch (CertInfoStoreException e) {
                J.debug(transactionId, "Validating chain number " + i + DBTypeParser.SEPARATOR, null);
            }
        }
    }

    static {
        D = System.getProperty(CertPathConstructor.USE_NO_DATE_FOR_PATH_CONSTRUCTION, "false").equalsIgnoreCase("true");
    }
}
