package com.evolveum.midpoint.model.impl.lens.projector.credentials;

import com.evolveum.midpoint.model.api.context.SynchronizationPolicyDecision;
import com.evolveum.midpoint.model.common.stringpolicy.ObjectValuePolicyEvaluator;
import com.evolveum.midpoint.model.common.stringpolicy.ShadowValuePolicyOriginResolver;
import com.evolveum.midpoint.model.common.stringpolicy.ValuePolicyProcessor;
import com.evolveum.midpoint.model.impl.ModelObjectResolver;
import com.evolveum.midpoint.model.impl.lens.ClockworkMedic;
import com.evolveum.midpoint.model.impl.lens.LensContext;
import com.evolveum.midpoint.model.impl.lens.LensFocusContext;
import com.evolveum.midpoint.model.impl.lens.LensProjectionContext;
import com.evolveum.midpoint.model.impl.lens.LensUtil;
import com.evolveum.midpoint.model.impl.lens.OperationalDataManager;
import com.evolveum.midpoint.model.impl.lens.projector.ContextLoader;
import com.evolveum.midpoint.model.impl.lens.projector.ProjectorProcessor;
import com.evolveum.midpoint.model.impl.lens.projector.focus.ProjectionMappingSetEvaluator;
import com.evolveum.midpoint.model.impl.lens.projector.mappings.MappingEvaluatorParams;
import com.evolveum.midpoint.model.impl.lens.projector.mappings.MappingInitializer;
import com.evolveum.midpoint.model.impl.lens.projector.mappings.MappingOutputProcessor;
import com.evolveum.midpoint.model.impl.lens.projector.mappings.MappingTimeEval;
import com.evolveum.midpoint.model.impl.lens.projector.mappings.ProjectionMappingLoader;
import com.evolveum.midpoint.model.impl.lens.projector.util.ProcessorExecution;
import com.evolveum.midpoint.model.impl.lens.projector.util.ProcessorMethod;
import com.evolveum.midpoint.model.impl.util.ModelImplUtils;
import com.evolveum.midpoint.prism.Item;
import com.evolveum.midpoint.prism.ItemFactory;
import com.evolveum.midpoint.prism.OriginType;
import com.evolveum.midpoint.prism.PrismContainerValue;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismProperty;
import com.evolveum.midpoint.prism.PrismPropertyDefinition;
import com.evolveum.midpoint.prism.PrismPropertyValue;
import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.prism.crypto.Protector;
import com.evolveum.midpoint.prism.delta.ChangeType;
import com.evolveum.midpoint.prism.delta.ItemDelta;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.delta.PrismValueDeltaSetTriple;
import com.evolveum.midpoint.prism.delta.PropertyDelta;
import com.evolveum.midpoint.prism.util.ItemDeltaItem;
import com.evolveum.midpoint.prism.util.ObjectDeltaObject;
import com.evolveum.midpoint.repo.common.expression.ConfigurableValuePolicySupplier;
import com.evolveum.midpoint.repo.common.expression.Source;
import com.evolveum.midpoint.schema.CapabilityUtil;
import com.evolveum.midpoint.schema.ResourceShadowDiscriminator;
import com.evolveum.midpoint.schema.constants.ExpressionConstants;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.processor.ResourceObjectDefinition;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.ResourceTypeUtil;
import com.evolveum.midpoint.security.api.SecurityUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.LocalizableMessageBuilder;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MappingKindType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MappingType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MetadataType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.VariableBindingDefinitionType;
import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.CredentialsCapabilityType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import javax.xml.datatype.XMLGregorianCalendar;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@ProcessorExecution(focusRequired = true, focusType = FocusType.class, skipWhenProjectionDeleted = true)
@Component
/* loaded from: input_file:WEB-INF/lib/model-impl-4.5.1-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/lens/projector/credentials/ProjectionCredentialsProcessor.class */
public class ProjectionCredentialsProcessor implements ProjectorProcessor {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) ProjectionCredentialsProcessor.class);

    @Autowired
    private PrismContext prismContext;

    @Autowired
    private ProjectionMappingSetEvaluator projectionMappingSetEvaluator;

    @Autowired
    private ValuePolicyProcessor valuePolicyProcessor;

    @Autowired
    private Protector protector;

    @Autowired
    private OperationalDataManager operationalDataManager;

    @Autowired
    private ModelObjectResolver modelObjectResolver;

    @Autowired
    private ClockworkMedic medic;

    @Autowired
    private ContextLoader contextLoader;

    @ProcessorMethod
    public <F extends FocusType> void processProjectionCredentials(LensContext<F> lensContext, LensProjectionContext lensProjectionContext, String str, XMLGregorianCalendar xMLGregorianCalendar, Task task, OperationResult operationResult) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, PolicyViolationException, CommunicationException, ConfigurationException, SecurityViolationException {
        processProjectionCredentials(lensContext, lensProjectionContext, xMLGregorianCalendar, task, operationResult);
        lensContext.checkConsistenceIfNeeded();
        lensProjectionContext.recompute();
        lensContext.checkConsistenceIfNeeded();
        this.medic.traceContext(LOGGER, str, "projection values and credentials of " + lensProjectionContext.getDescription(), false, lensContext, true);
    }

    private <F extends FocusType> void processProjectionCredentials(LensContext<F> lensContext, LensProjectionContext lensProjectionContext, XMLGregorianCalendar xMLGregorianCalendar, Task task, OperationResult operationResult) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, PolicyViolationException, CommunicationException, ConfigurationException, SecurityViolationException {
        SecurityPolicyType determineSecurityPolicy = determineSecurityPolicy(lensContext, lensProjectionContext);
        processProjectionPasswordMapping(lensContext, lensProjectionContext, determineSecurityPolicy, xMLGregorianCalendar, task, operationResult);
        validateProjectionPassword(lensProjectionContext, determineSecurityPolicy, xMLGregorianCalendar, task, operationResult);
        applyMetadata(lensContext, lensProjectionContext, xMLGregorianCalendar, task);
    }

    private <F extends FocusType> void processProjectionPasswordMapping(LensContext<F> lensContext, LensProjectionContext lensProjectionContext, SecurityPolicyType securityPolicyType, XMLGregorianCalendar xMLGregorianCalendar, Task task, OperationResult operationResult) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException {
        LensFocusContext<F> focusContext = lensContext.getFocusContext();
        if (focusContext.getObjectNew() == null) {
            LOGGER.trace("focusNew is null, skipping credentials processing");
            return;
        }
        PrismPropertyDefinition findPropertyDefinition = this.prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(ShadowType.class).findPropertyDefinition(SchemaConstants.PATH_PASSWORD_VALUE);
        ResourceShadowDiscriminator resourceShadowDiscriminator = lensProjectionContext.getResourceShadowDiscriminator();
        ResourceObjectDefinition structuralObjectDefinition = lensProjectionContext.getStructuralObjectDefinition();
        if (structuralObjectDefinition == null) {
            LOGGER.trace("No ResourceObjectTypeDefinition, therefore also no password outbound definition, skipping credentials processing for projection {}", resourceShadowDiscriminator);
            return;
        }
        List<MappingType> passwordOutbound = structuralObjectDefinition.getPasswordOutbound();
        if (passwordOutbound.isEmpty()) {
            LOGGER.trace("No outbound password mapping for {}, skipping credentials processing", resourceShadowDiscriminator);
            return;
        }
        ObjectDeltaObject<F> objectDeltaObjectAbsolute = focusContext.getObjectDeltaObjectAbsolute();
        if (!lensProjectionContext.isDoReconciliation() && !lensProjectionContext.isAdd() && !isActivated(passwordOutbound, objectDeltaObjectAbsolute.getObjectDelta())) {
            LOGGER.trace("Outbound password mappings not activated for type {}, skipping credentials processing", resourceShadowDiscriminator);
            return;
        }
        ObjectDelta<ShadowType> currentDelta = lensProjectionContext.getCurrentDelta();
        checkExistingDeltaSanity(lensProjectionContext, (currentDelta == null || currentDelta.getChangeType() != ChangeType.MODIFY) ? null : currentDelta.findPropertyDelta(SchemaConstants.PATH_PASSWORD_VALUE));
        boolean evaluateWeak = getEvaluateWeak(lensProjectionContext);
        ItemDeltaItem<IV, ID> findIdi = objectDeltaObjectAbsolute.findIdi(SchemaConstants.PATH_PASSWORD_VALUE);
        ConfigurableValuePolicySupplier configurableValuePolicySupplier = operationResult2 -> {
            return SecurityUtil.getPasswordPolicy(securityPolicyType);
        };
        MappingInitializer mappingInitializer = mappingBuilder -> {
            mappingBuilder.mappingKind(MappingKindType.OUTBOUND).implicitSourcePath(SchemaConstants.PATH_PASSWORD_VALUE).implicitTargetPath(SchemaConstants.PATH_PASSWORD_VALUE);
            mappingBuilder.defaultTargetDefinition(findPropertyDefinition);
            mappingBuilder.defaultSource(new Source<>(findIdi, ExpressionConstants.VAR_INPUT_QNAME));
            mappingBuilder.valuePolicySupplier(configurableValuePolicySupplier);
            return mappingBuilder;
        };
        MappingOutputProcessor mappingOutputProcessor = (itemPath, mappingOutputStruct) -> {
            ObjectDelta<ShadowType> primaryDelta;
            PrismValueDeltaSetTriple outputTriple = mappingOutputStruct.getOutputTriple();
            if (outputTriple == null) {
                LOGGER.trace("Credentials 'password' expression resulted in null output triple, skipping credentials processing for {}", resourceShadowDiscriminator);
                return false;
            }
            if (!canGetCleartext(currentDelta != null && (currentDelta.getChangeType() == ChangeType.ADD || lensProjectionContext.getSynchronizationPolicyDecision() == SynchronizationPolicyDecision.ADD) ? outputTriple.getNonNegativeValues() : outputTriple.getPlusSet()) && (primaryDelta = lensProjectionContext.getPrimaryDelta()) != null && primaryDelta.findPropertyDelta(SchemaConstants.PATH_PASSWORD_VALUE) != null) {
                LOGGER.trace("We have primary password delta in projection, skipping credentials processing");
                return false;
            }
            Collection<PrismPropertyValue<ProtectedStringType>> minusSet = outputTriple.getMinusSet();
            if (minusSet.isEmpty() || canGetCleartext(minusSet)) {
                return true;
            }
            ProtectedStringType realValue = minusSet.iterator().next().getRealValue();
            Collection<PrismPropertyValue<T>> estimatedOldValues = ((PropertyDelta) findIdi.getDelta()).getEstimatedOldValues();
            if (estimatedOldValues == 0 || estimatedOldValues.isEmpty()) {
                return true;
            }
            ProtectedStringType protectedStringType = (ProtectedStringType) Objects.requireNonNull((ProtectedStringType) ((PrismPropertyValue) estimatedOldValues.iterator().next()).getRealValue());
            try {
                if (protectedStringType.canGetCleartext() && this.protector.compareCleartext(protectedStringType, realValue)) {
                    outputTriple.clearMinusSet();
                    outputTriple.addToMinusSet(this.prismContext.itemFactory().createPropertyValue((ItemFactory) protectedStringType));
                }
                return true;
            } catch (EncryptionException e) {
                throw new SystemException(e.getMessage(), e);
            }
        };
        String humanReadableString = lensProjectionContext.toHumanReadableString();
        PrismObject<ShadowType> objectNew = lensProjectionContext.getObjectNew();
        MappingInitializer mappingInitializer2 = mappingBuilder2 -> {
            mappingBuilder2.addVariableDefinitions(ModelImplUtils.getDefaultVariablesMap(lensContext, lensProjectionContext, true));
            mappingBuilder2.mappingKind(MappingKindType.OUTBOUND);
            mappingBuilder2.originType(OriginType.OUTBOUND);
            mappingBuilder2.implicitTargetPath(SchemaConstants.PATH_PASSWORD_VALUE);
            mappingBuilder2.originObject(lensProjectionContext.getResource());
            mappingInitializer.initialize(mappingBuilder2);
            return mappingBuilder2;
        };
        MappingEvaluatorParams mappingEvaluatorParams = new MappingEvaluatorParams();
        mappingEvaluatorParams.setMappingTypes(passwordOutbound);
        mappingEvaluatorParams.setMappingDesc("password mapping in projection " + humanReadableString);
        mappingEvaluatorParams.setNow(xMLGregorianCalendar);
        mappingEvaluatorParams.setInitializer(mappingInitializer2);
        mappingEvaluatorParams.setProcessor(mappingOutputProcessor);
        mappingEvaluatorParams.setTargetLoader(new ProjectionMappingLoader(lensProjectionContext, this.contextLoader));
        mappingEvaluatorParams.setAPrioriTargetObject(objectNew);
        mappingEvaluatorParams.setAPrioriTargetDelta(LensUtil.findAPrioriDelta(lensContext, lensProjectionContext));
        mappingEvaluatorParams.setTargetContext(lensProjectionContext);
        mappingEvaluatorParams.setDefaultTargetItemPath(SchemaConstants.PATH_PASSWORD_VALUE);
        if (lensContext.getFocusContext() != null) {
            mappingEvaluatorParams.setSourceContext(lensContext.getFocusContext().getObjectDeltaObjectAbsolute());
        }
        mappingEvaluatorParams.setEvaluateCurrent(MappingTimeEval.CURRENT);
        mappingEvaluatorParams.setEvaluateWeak(evaluateWeak);
        mappingEvaluatorParams.setContext(lensContext);
        mappingEvaluatorParams.setHasFullTargetObject(lensProjectionContext.hasFullShadow());
        this.projectionMappingSetEvaluator.evaluateMappingsToTriples(mappingEvaluatorParams, task, operationResult);
    }

    private <F extends FocusType> boolean isActivated(List<MappingType> list, ObjectDelta<F> objectDelta) {
        if (objectDelta == null) {
            return false;
        }
        Iterator<MappingType> it = list.iterator();
        while (it.hasNext()) {
            List<VariableBindingDefinitionType> source = it.next().getSource();
            if (source.isEmpty() && objectDelta.hasItemDelta(SchemaConstants.PATH_PASSWORD_VALUE)) {
                return true;
            }
            Iterator<VariableBindingDefinitionType> it2 = source.iterator();
            while (it2.hasNext()) {
                if (objectDelta.hasItemDelta(it2.next().getPath().getItemPath().stripVariableSegment())) {
                    return true;
                }
            }
        }
        return false;
    }

    private boolean canGetCleartext(Collection<PrismPropertyValue<ProtectedStringType>> collection) {
        if (collection == null) {
            return false;
        }
        Iterator<PrismPropertyValue<ProtectedStringType>> it = collection.iterator();
        while (it.hasNext()) {
            if (it.next().getValue().canGetCleartext()) {
                return true;
            }
        }
        return false;
    }

    private boolean getEvaluateWeak(LensProjectionContext lensProjectionContext) {
        if (CapabilityUtil.isPasswordReadable((CredentialsCapabilityType) ResourceTypeUtil.getEffectiveCapability(lensProjectionContext.getResource(), CredentialsCapabilityType.class))) {
            return true;
        }
        return lensProjectionContext.isAdd();
    }

    private <F extends FocusType> void validateProjectionPassword(LensProjectionContext lensProjectionContext, SecurityPolicyType securityPolicyType, XMLGregorianCalendar xMLGregorianCalendar, Task task, OperationResult operationResult) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, PolicyViolationException, CommunicationException, ConfigurationException, SecurityViolationException {
        if (securityPolicyType == null) {
            LOGGER.trace("Skipping processing password policies. Security policy not specified.");
            return;
        }
        ObjectDelta<ShadowType> currentDelta = lensProjectionContext.getCurrentDelta();
        if (currentDelta == null) {
            LOGGER.trace("Skipping processing password policies. Shadow delta not specified.");
            return;
        }
        if (currentDelta.isDelete()) {
            return;
        }
        PrismObject<ShadowType> prismObject = null;
        PrismProperty<ProtectedStringType> prismProperty = null;
        if (currentDelta.isAdd()) {
            prismObject = currentDelta.getObjectToAdd();
            if (prismObject != null) {
                prismProperty = prismObject.findProperty(SchemaConstants.PATH_PASSWORD_VALUE);
            }
        }
        if (currentDelta.isModify() || prismProperty == null) {
            ItemDelta findPropertyDelta = currentDelta.findPropertyDelta(SchemaConstants.PATH_PASSWORD_VALUE);
            if (currentDelta.getChangeType() == ChangeType.MODIFY && findPropertyDelta != null && (findPropertyDelta.isAdd() || findPropertyDelta.isDelete())) {
                throw new SchemaException("Shadow password value cannot be added or deleted, it can only be replaced");
            }
            if (findPropertyDelta == null) {
                LOGGER.trace("Skipping processing password policies. Shadow delta does not contain password change.");
                return;
            }
            prismProperty = (PrismProperty) findPropertyDelta.getItemNewMatchingPath(null);
        }
        if (prismObject == null) {
            prismObject = lensProjectionContext.getObjectNew();
        }
        OperationResult validateStringValue = new ObjectValuePolicyEvaluator.Builder().now(xMLGregorianCalendar).originResolver(getOriginResolver(prismObject)).protector(this.protector).securityPolicy(securityPolicyType).shortDesc("password for " + prismObject).task(task).valueItemPath(SchemaConstants.PATH_PASSWORD_VALUE).valuePolicyProcessor(this.valuePolicyProcessor).build().validateStringValue(determinePasswordValue(prismProperty), operationResult);
        if (validateStringValue.isSuccess()) {
            return;
        }
        LOGGER.debug("Password for projection {} is not valid (policy={}): {}", lensProjectionContext.getHumanReadableName(), securityPolicyType, validateStringValue.getUserFriendlyMessage());
        operationResult.computeStatus();
        throw new PolicyViolationException(new LocalizableMessageBuilder().key("PolicyViolationException.message.projectionPassword").arg(lensProjectionContext.getHumanReadableName()).arg(validateStringValue.getUserFriendlyMessage()).build());
    }

    private ShadowValuePolicyOriginResolver getOriginResolver(PrismObject<ShadowType> prismObject) {
        return new ShadowValuePolicyOriginResolver(prismObject, this.modelObjectResolver);
    }

    private <F extends FocusType> void applyMetadata(LensContext<F> lensContext, LensProjectionContext lensProjectionContext, XMLGregorianCalendar xMLGregorianCalendar, Task task) throws SchemaException {
        if (lensProjectionContext.isDelete()) {
            return;
        }
        ObjectDelta currentDelta = lensProjectionContext.getCurrentDelta();
        if (currentDelta == null) {
            LOGGER.trace("Skipping application of password metadata. Shadow delta not specified.");
            return;
        }
        if (currentDelta.findPropertyDelta(SchemaConstants.PATH_PASSWORD_VALUE) == null) {
            LOGGER.trace("Skipping application of password metadata. No password change.");
            return;
        }
        if (lensProjectionContext.isAdd()) {
            MetadataType createCreateMetadata = this.operationalDataManager.createCreateMetadata(lensContext, xMLGregorianCalendar, task);
            ItemDelta<?, ?> createDelta = this.prismContext.deltaFactory().container().createDelta(SchemaConstants.PATH_PASSWORD_METADATA, lensProjectionContext.getObjectDefinition());
            createCreateMetadata.asPrismContainerValue().setOriginTypeRecursive(OriginType.OUTBOUND);
            createDelta.addValuesToAdd(createCreateMetadata.asPrismContainerValue());
            lensProjectionContext.swallowToSecondaryDelta(createDelta);
            return;
        }
        if (lensProjectionContext.isModify() && currentDelta.findContainerDelta(SchemaConstants.PATH_PASSWORD_METADATA) == null) {
            for (ItemDelta<?, ?> itemDelta : this.operationalDataManager.createModifyMetadataDeltas(lensContext, getCurrentPasswordMetadata(lensProjectionContext), SchemaConstants.PATH_PASSWORD_METADATA, lensProjectionContext.getObjectTypeClass(), xMLGregorianCalendar, task)) {
                itemDelta.setOriginTypeRecursive(OriginType.OUTBOUND);
                lensProjectionContext.swallowToSecondaryDelta(itemDelta);
            }
        }
    }

    private MetadataType getCurrentPasswordMetadata(LensProjectionContext lensProjectionContext) {
        Item findContainer;
        PrismObject<ShadowType> objectCurrent = lensProjectionContext.getObjectCurrent();
        if (objectCurrent == null || (findContainer = objectCurrent.findContainer(SchemaConstants.PATH_PASSWORD_METADATA)) == null || !findContainer.hasAnyValue()) {
            return null;
        }
        return (MetadataType) PrismContainerValue.asContainerable(findContainer.getValue());
    }

    private <F extends FocusType> SecurityPolicyType determineSecurityPolicy(LensContext<F> lensContext, LensProjectionContext lensProjectionContext) {
        SecurityPolicyType projectionSecurityPolicy = lensProjectionContext.getProjectionSecurityPolicy();
        return projectionSecurityPolicy != null ? projectionSecurityPolicy : lensContext.getGlobalSecurityPolicy();
    }

    private String determinePasswordValue(PrismProperty<ProtectedStringType> prismProperty) {
        if (prismProperty == null || prismProperty.getValue(ProtectedStringType.class) == null) {
            return null;
        }
        return determinePasswordValue(prismProperty.getRealValue());
    }

    private String determinePasswordValue(ProtectedStringType protectedStringType) {
        if (protectedStringType == null) {
            return null;
        }
        String clearValue = protectedStringType.getClearValue();
        if (clearValue == null && protectedStringType.getEncryptedDataType() != null) {
            try {
                clearValue = this.protector.decryptString(protectedStringType);
            } catch (EncryptionException e) {
                throw new SystemException("Failed to process password for focus: " + e.getMessage(), e);
            }
        }
        return clearValue;
    }

    private void checkExistingDeltaSanity(LensProjectionContext lensProjectionContext, PropertyDelta<ProtectedStringType> propertyDelta) throws SchemaException {
        if (propertyDelta != null) {
            if (propertyDelta.isAdd() || propertyDelta.isDelete()) {
                throw new SchemaException("Password for projection " + lensProjectionContext.getResourceShadowDiscriminator() + " cannot be added or deleted, it can only be replaced");
            }
        }
    }
}
