commit 6eca3c6d2b08d8e9cce1efeaa38772508793a7f1 Author: Jörg Prante Date: Mon Nov 29 15:44:33 2021 +0100 initial commit diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..f663f18 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +gradlew.bat text eol=crlf diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..798c009 --- /dev/null +++ b/.gitignore @@ -0,0 +1,20 @@ +data +work +out +logs +/.idea +/target +/.settings +/.classpath +/.project +/.gradle +/plugins +/sessions +.DS_Store +*.iml +*~ +.secret +build +**/*.crt +**/*.pkcs8 +**/*.gz diff --git a/build.gradle b/build.gradle new file mode 100644 index 0000000..613f6e4 --- /dev/null +++ b/build.gradle @@ -0,0 +1,34 @@ +plugins { + id "de.marcphilipp.nexus-publish" version "0.4.0" + id "io.codearte.nexus-staging" version "0.21.1" +} + +wrapper { + gradleVersion = "${rootProject.property('gradle.wrapper.version')}" + distributionType = Wrapper.DistributionType.ALL +} + +ext { + user = 'jprante' + nme = 'files' + description = 'Java Filesystem implementations (FTP, SFTP, WebDAV)' + inceptionYear = '2012' + url = 'https://github.com/' + user + '/' + name + scmUrl = 'https://github.com/' + user + '/' + name + scmConnection = 'scm:git:git://github.com/' + user + '/' + name + '.git' + scmDeveloperConnection = 'scm:git:ssh://git@github.com:' + user + '/' + name + '.git' + issueManagementSystem = 'Github' + issueManagementUrl = ext.scmUrl + '/issues' + licenseName = 'The Apache License, Version 2.0' + licenseUrl = 'http://www.apache.org/licenses/LICENSE-2.0.txt' +} + +subprojects { + apply plugin: 'java-library' + apply from: rootProject.file('gradle/ide/idea.gradle') + apply from: rootProject.file('gradle/compile/java.gradle') + apply from: rootProject.file('gradle/test/junit5.gradle') + apply from: rootProject.file('gradle/publishing/publication.gradle') +} + +apply from: rootProject.file('gradle/publishing/sonatype.gradle') diff --git a/files-eddsa/NOTICE.txt b/files-eddsa/NOTICE.txt new file mode 100644 index 0000000..834f1bf --- /dev/null +++ b/files-eddsa/NOTICE.txt @@ -0,0 +1,5 @@ +This work is derived from + +https://github.com/str4d/ed25519-java/ + +released under Creative Commons Legal Code, CC0 1.0 Universal diff --git a/files-eddsa/build.gradle b/files-eddsa/build.gradle new file mode 100644 index 0000000..0542224 --- /dev/null +++ b/files-eddsa/build.gradle @@ -0,0 +1,4 @@ +dependencies { + testRuntimeOnly "org.junit.vintage:junit-vintage-engine:${project.property('junit.version')}" + testImplementation "junit:junit:${project.property('junit4.version')}" +} diff --git a/files-eddsa/src/main/java/module-info.java b/files-eddsa/src/main/java/module-info.java new file mode 100644 index 0000000..ead51e4 --- /dev/null +++ b/files-eddsa/src/main/java/module-info.java @@ -0,0 +1,6 @@ +module org.xbib.eddsa { + exports org.xbib.io.sshd.eddsa; + exports org.xbib.io.sshd.eddsa.spec; + provides java.security.Provider + with org.xbib.io.sshd.eddsa.EdDSASecurityProvider; +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/EdDSAEngine.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/EdDSAEngine.java new file mode 100644 index 0000000..e391a1a --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/EdDSAEngine.java @@ -0,0 +1,455 @@ +package org.xbib.io.sshd.eddsa; + +import org.xbib.io.sshd.eddsa.math.Curve; +import org.xbib.io.sshd.eddsa.math.GroupElement; +import org.xbib.io.sshd.eddsa.math.ScalarOps; + +import java.io.ByteArrayOutputStream; +import java.nio.ByteBuffer; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.Signature; +import java.security.SignatureException; +import java.security.spec.AlgorithmParameterSpec; +import java.util.Arrays; + +/** + * Signing and verification for EdDSA. + *

+ * The EdDSA sign and verify algorithms do not interact well with + * the Java Signature API, as one or more update() methods must be + * called before sign() or verify(). Using the standard API, + * this implementation must copy and buffer all data passed in + * via update(). + *

+ * This implementation offers two ways to avoid this copying, + * but only if all data to be signed or verified is available + * in a single byte array. + *

+ * Option 1: + *

    + *
  1. Call initSign() or initVerify() as usual. + *
  2. Call setParameter(ONE_SHOT_MODE) + *
  3. Call update(byte[]) or update(byte[], int, int) exactly once + *
  4. Call sign() or verify() as usual. + *
  5. If doing additional one-shot signs or verifies with this object, you must + * call setParameter(ONE_SHOT_MODE) each time + *
+ *

+ * Option 2: + *

    + *
  1. Call initSign() or initVerify() as usual. + *
  2. Call one of the signOneShot() or verifyOneShot() methods. + *
  3. If doing additional one-shot signs or verifies with this object, + * just call signOneShot() or verifyOneShot() again. + *
+ */ +public final class EdDSAEngine extends Signature { + public static final String SIGNATURE_ALGORITHM = "NONEwithEdDSA"; + /** + * To efficiently sign or verify data in one shot, pass this to setParameters() + * after initSign() or initVerify() but BEFORE THE FIRST AND ONLY + * update(data) or update(data, off, len). The data reference will be saved + * and then used in sign() or verify() without copying the data. + * Violate these rules and you will get a SignatureException. + */ + public static final AlgorithmParameterSpec ONE_SHOT_MODE = new OneShotSpec(); + private MessageDigest digest; + private ByteArrayOutputStream baos; + private EdDSAKey key; + private boolean oneShotMode; + private byte[] oneShotBytes; + private int oneShotOffset; + private int oneShotLength; + + /** + * No specific EdDSA-internal hash requested, allows any EdDSA key. + */ + public EdDSAEngine() { + super(SIGNATURE_ALGORITHM); + } + + /** + * Specific EdDSA-internal hash requested, only matching keys will be allowed. + * + * @param digest the hash algorithm that keys must have to sign or verify. + */ + public EdDSAEngine(MessageDigest digest) { + this(); + this.digest = digest; + } + + private void reset() { + if (digest != null) { + digest.reset(); + } + if (baos != null) { + baos.reset(); + } + oneShotMode = false; + oneShotBytes = null; + } + + @Override + protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException { + reset(); + if (privateKey instanceof EdDSAPrivateKey) { + EdDSAPrivateKey privKey = (EdDSAPrivateKey) privateKey; + key = privKey; + if (digest == null) { + try { + digest = MessageDigest.getInstance(key.getParams().getHashAlgorithm()); + } catch (NoSuchAlgorithmException e) { + throw new InvalidKeyException("cannot get required digest " + key.getParams().getHashAlgorithm() + " for private key."); + } + } else if (!key.getParams().getHashAlgorithm().equals(digest.getAlgorithm())) + throw new InvalidKeyException("Key hash algorithm does not match chosen digest"); + digestInitSign(privKey); + } else { + throw new InvalidKeyException("cannot identify EdDSA private key: " + privateKey.getClass()); + } + } + + private void digestInitSign(EdDSAPrivateKey privKey) { + // Preparing for hash + // r = H(h_b,...,h_2b-1,M) + int b = privKey.getParams().getCurve().getField().getb(); + digest.update(privKey.getH(), b / 8, b / 4 - b / 8); + } + + @Override + protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException { + reset(); + if (publicKey instanceof EdDSAPublicKey) { + key = (EdDSAPublicKey) publicKey; + if (digest == null) { + try { + digest = MessageDigest.getInstance(key.getParams().getHashAlgorithm()); + } catch (NoSuchAlgorithmException e) { + throw new InvalidKeyException("cannot get required digest " + key.getParams().getHashAlgorithm() + " for private key."); + } + } else if (!key.getParams().getHashAlgorithm().equals(digest.getAlgorithm())) + throw new InvalidKeyException("Key hash algorithm does not match chosen digest"); + } else { + throw new InvalidKeyException("cannot identify EdDSA public key: " + publicKey.getClass()); + } + } + + /** + * @throws SignatureException if in one-shot mode + */ + @Override + protected void engineUpdate(byte b) throws SignatureException { + if (oneShotMode) + throw new SignatureException("unsupported in one-shot mode"); + if (baos == null) + baos = new ByteArrayOutputStream(256); + baos.write(b); + } + + /** + * @throws SignatureException if one-shot rules are violated + */ + @Override + protected void engineUpdate(byte[] b, int off, int len) + throws SignatureException { + if (oneShotMode) { + if (oneShotBytes != null) + throw new SignatureException("update() already called"); + oneShotBytes = b; + oneShotOffset = off; + oneShotLength = len; + } else { + if (baos == null) + baos = new ByteArrayOutputStream(256); + baos.write(b, off, len); + } + } + + @Override + protected byte[] engineSign() throws SignatureException { + try { + return x_engineSign(); + } finally { + reset(); + // must leave the object ready to sign again with + // the same key, as required by the API + EdDSAPrivateKey privKey = (EdDSAPrivateKey) key; + digestInitSign(privKey); + } + } + + private byte[] x_engineSign() throws SignatureException { + Curve curve = key.getParams().getCurve(); + ScalarOps sc = key.getParams().getScalarOps(); + byte[] a = ((EdDSAPrivateKey) key).geta(); + + byte[] message; + int offset, length; + if (oneShotMode) { + if (oneShotBytes == null) + throw new SignatureException("update() not called first"); + message = oneShotBytes; + offset = oneShotOffset; + length = oneShotLength; + } else { + if (baos == null) + message = new byte[0]; + else + message = baos.toByteArray(); + offset = 0; + length = message.length; + } + // r = H(h_b,...,h_2b-1,M) + digest.update(message, offset, length); + byte[] r = digest.digest(); + + // r mod l + // Reduces r from 64 bytes to 32 bytes + r = sc.reduce(r); + + // R = rB + GroupElement R = key.getParams().getB().scalarMultiply(r); + byte[] Rbyte = R.toByteArray(); + + // S = (r + H(Rbar,Abar,M)*a) mod l + digest.update(Rbyte); + digest.update(((EdDSAPrivateKey) key).getAbyte()); + digest.update(message, offset, length); + byte[] h = digest.digest(); + h = sc.reduce(h); + byte[] S = sc.multiplyAndAdd(h, a, r); + + // R+S + int b = curve.getField().getb(); + ByteBuffer out = ByteBuffer.allocate(b / 4); + out.put(Rbyte).put(S); + return out.array(); + } + + @Override + protected boolean engineVerify(byte[] sigBytes) throws SignatureException { + try { + return x_engineVerify(sigBytes); + } finally { + reset(); + } + } + + private boolean x_engineVerify(byte[] sigBytes) throws SignatureException { + Curve curve = key.getParams().getCurve(); + int b = curve.getField().getb(); + if (sigBytes.length != b / 4) + throw new SignatureException("signature length is wrong"); + + // R is first b/8 bytes of sigBytes, S is second b/8 bytes + digest.update(sigBytes, 0, b / 8); + digest.update(((EdDSAPublicKey) key).getAbyte()); + // h = H(Rbar,Abar,M) + byte[] message; + int offset, length; + if (oneShotMode) { + if (oneShotBytes == null) + throw new SignatureException("update() not called first"); + message = oneShotBytes; + offset = oneShotOffset; + length = oneShotLength; + } else { + if (baos == null) + message = new byte[0]; + else + message = baos.toByteArray(); + offset = 0; + length = message.length; + } + digest.update(message, offset, length); + byte[] h = digest.digest(); + + // h mod l + h = key.getParams().getScalarOps().reduce(h); + + byte[] Sbyte = Arrays.copyOfRange(sigBytes, b / 8, b / 4); + // R = SB - H(Rbar,Abar,M)A + GroupElement R = key.getParams().getB().doubleScalarMultiplyVariableTime( + ((EdDSAPublicKey) key).getNegativeA(), h, Sbyte); + + // Variable time. This should be okay, because there are no secret + // values used anywhere in verification. + byte[] Rcalc = R.toByteArray(); + for (int i = 0; i < Rcalc.length; i++) { + if (Rcalc[i] != sigBytes[i]) + return false; + } + return true; + } + + /** + * To efficiently sign all the data in one shot, if it is available, + * use this method, which will avoid copying the data. + *

+ * Same as: + * 

+     *  setParameter(ONE_SHOT_MODE)
+     *  update(data)
+     *  sig = sign()
+     *
+ * + * @param data the message to be signed + * @return the signature + * @throws SignatureException if update() already called + * @see #ONE_SHOT_MODE + */ + public byte[] signOneShot(byte[] data) throws SignatureException { + return signOneShot(data, 0, data.length); + } + + /** + * To efficiently sign all the data in one shot, if it is available, + * use this method, which will avoid copying the data. + *

+ * Same as: + * 

+     *  setParameter(ONE_SHOT_MODE)
+     *  update(data, off, len)
+     *  sig = sign()
+     *
+ * + * @param data byte array containing the message to be signed + * @param off the start of the message inside data + * @param len the length of the message + * @return the signature + * @throws SignatureException if update() already called + * @see #ONE_SHOT_MODE + */ + public byte[] signOneShot(byte[] data, int off, int len) throws SignatureException { + oneShotMode = true; + update(data, off, len); + return sign(); + } + + /** + * To efficiently verify all the data in one shot, if it is available, + * use this method, which will avoid copying the data. + *

+ * Same as: + * 

+     *  setParameter(ONE_SHOT_MODE)
+     *  update(data)
+     *  ok = verify(signature)
+     *
+ * + * @param data the message that was signed + * @param signature of the message + * @return true if the signature is valid, false otherwise + * @throws SignatureException if update() already called + * @see #ONE_SHOT_MODE + */ + public boolean verifyOneShot(byte[] data, byte[] signature) throws SignatureException { + return verifyOneShot(data, 0, data.length, signature, 0, signature.length); + } + + /** + * To efficiently verify all the data in one shot, if it is available, + * use this method, which will avoid copying the data. + *

+ * Same as: + * 

+     *  setParameter(ONE_SHOT_MODE)
+     *  update(data, off, len)
+     *  ok = verify(signature)
+     *
+ * + * @param data byte array containing the message that was signed + * @param off the start of the message inside data + * @param len the length of the message + * @param signature of the message + * @return true if the signature is valid, false otherwise + * @throws SignatureException if update() already called + * @see #ONE_SHOT_MODE + */ + public boolean verifyOneShot(byte[] data, int off, int len, byte[] signature) throws SignatureException { + return verifyOneShot(data, off, len, signature, 0, signature.length); + } + + /** + * To efficiently verify all the data in one shot, if it is available, + * use this method, which will avoid copying the data. + *

+ * Same as: + * 

+     *  setParameter(ONE_SHOT_MODE)
+     *  update(data)
+     *  ok = verify(signature, sigoff, siglen)
+     *
+ * + * @param data the message that was signed + * @param signature byte array containing the signature + * @param sigoff the start of the signature + * @param siglen the length of the signature + * @return true if the signature is valid, false otherwise + * @throws SignatureException if update() already called + * @see #ONE_SHOT_MODE + */ + public boolean verifyOneShot(byte[] data, byte[] signature, int sigoff, int siglen) throws SignatureException { + return verifyOneShot(data, 0, data.length, signature, sigoff, siglen); + } + + /** + * To efficiently verify all the data in one shot, if it is available, + * use this method, which will avoid copying the data. + *

+ * Same as: + * 

+     *  setParameter(ONE_SHOT_MODE)
+     *  update(data, off, len)
+     *  ok = verify(signature, sigoff, siglen)
+     *
+ * + * @param data byte array containing the message that was signed + * @param off the start of the message inside data + * @param len the length of the message + * @param signature byte array containing the signature + * @param sigoff the start of the signature + * @param siglen the length of the signature + * @return true if the signature is valid, false otherwise + * @throws SignatureException if update() already called + * @see #ONE_SHOT_MODE + */ + public boolean verifyOneShot(byte[] data, int off, int len, byte[] signature, int sigoff, int siglen) throws SignatureException { + oneShotMode = true; + update(data, off, len); + return verify(signature, sigoff, siglen); + } + + /** + * @throws InvalidAlgorithmParameterException if spec is ONE_SHOT_MODE and update() already called + * @see #ONE_SHOT_MODE + */ + @Override + protected void engineSetParameter(AlgorithmParameterSpec spec) throws InvalidAlgorithmParameterException { + if (spec.equals(ONE_SHOT_MODE)) { + if (oneShotBytes != null || (baos != null && baos.size() > 0)) + throw new InvalidAlgorithmParameterException("update() already called"); + oneShotMode = true; + } else { + super.engineSetParameter(spec); + } + } + + @Override + protected void engineSetParameter(String param, Object value) { + throw new UnsupportedOperationException("engineSetParameter unsupported"); + } + + @Override + protected Object engineGetParameter(String param) { + throw new UnsupportedOperationException("engineSetParameter unsupported"); + } + + private static class OneShotSpec implements AlgorithmParameterSpec { + } +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/EdDSAKey.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/EdDSAKey.java new file mode 100644 index 0000000..6200b64 --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/EdDSAKey.java @@ -0,0 +1,19 @@ +package org.xbib.io.sshd.eddsa; + +import org.xbib.io.sshd.eddsa.spec.EdDSAParameterSpec; + +/** + * Common interface for all EdDSA keys. + */ +public interface EdDSAKey { + /** + * The reported key algorithm for all EdDSA keys + */ + String KEY_ALGORITHM = "EdDSA"; + + /** + * @return a parameter specification representing the EdDSA domain + * parameters for the key. + */ + EdDSAParameterSpec getParams(); +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/EdDSAPrivateKey.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/EdDSAPrivateKey.java new file mode 100644 index 0000000..d4a9af9 --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/EdDSAPrivateKey.java @@ -0,0 +1,321 @@ +package org.xbib.io.sshd.eddsa; + +import org.xbib.io.sshd.eddsa.math.GroupElement; +import org.xbib.io.sshd.eddsa.spec.EdDSANamedCurveTable; +import org.xbib.io.sshd.eddsa.spec.EdDSAParameterSpec; +import org.xbib.io.sshd.eddsa.spec.EdDSAPrivateKeySpec; + +import java.security.PrivateKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.PKCS8EncodedKeySpec; +import java.util.Arrays; + +/** + * An EdDSA private key. + *

+ * Warning: Private key encoding is based on the current curdle WG draft, + * and is subject to change. See getEncoded(). + *

+ * For compatibility with older releases, decoding supports both the old and new + * draft specifications. See decode(). + *

+ * Ref: https://tools.ietf.org/html/draft-ietf-curdle-pkix-04 + *

+ * Old Ref: https://tools.ietf.org/html/draft-josefsson-pkix-eddsa-04 + *

+ */ +public class EdDSAPrivateKey implements EdDSAKey, PrivateKey { + + // compatible with JDK 1.1 + private static final long serialVersionUID = 23495873459878957L; + // OID 1.3.101.xxx + private static final int OID_OLD = 100; + private static final int OID_ED25519 = 112; + private static final int OID_BYTE = 11; + private static final int IDLEN_BYTE = 6; + private final byte[] seed; + private final byte[] h; + private final byte[] a; + private final GroupElement A; + private final byte[] Abyte; + private final EdDSAParameterSpec edDsaSpec; + + public EdDSAPrivateKey(EdDSAPrivateKeySpec spec) { + this.seed = spec.getSeed(); + this.h = spec.getH(); + this.a = spec.geta(); + this.A = spec.getA(); + this.Abyte = this.A.toByteArray(); + this.edDsaSpec = spec.getParams(); + } + + public EdDSAPrivateKey(PKCS8EncodedKeySpec spec) throws InvalidKeySpecException { + this(new EdDSAPrivateKeySpec(decode(spec.getEncoded()), + EdDSANamedCurveTable.getByName("Ed25519"))); + } + + /** + * Extracts the private key bytes from the provided encoding. + *

+ * This will decode data conforming to the current spec at + * https://tools.ietf.org/html/draft-ietf-curdle-pkix-04 + * or as inferred from the old spec at + * https://tools.ietf.org/html/draft-josefsson-pkix-eddsa-04. + *

+ * Contrary to draft-ietf-curdle-pkix-04, it WILL accept a parameter value + * of NULL, as it is required for interoperability with the default Java + * keystore. Other implementations MUST NOT copy this behaviour from here + * unless they also need to read keys from the default Java keystore. + *

+ * This is really dumb for now. It does not use a general-purpose ASN.1 decoder. + * See also getEncoded(). + * + * @return 32 bytes for Ed25519, throws for other curves + */ + private static byte[] decode(byte[] d) throws InvalidKeySpecException { + try { + // + // Setup and OID check + // + int totlen = 48; + int idlen = 5; + int doid = d[OID_BYTE]; + if (doid == OID_OLD) { + totlen = 49; + idlen = 8; + } else if (doid == OID_ED25519) { + // Detect parameter value of NULL + if (d[IDLEN_BYTE] == 7) { + totlen = 50; + idlen = 7; + } + } else { + throw new InvalidKeySpecException("unsupported key spec"); + } + + // + // Pre-decoding check + // + if (d.length != totlen) { + throw new InvalidKeySpecException("invalid key spec length"); + } + + // + // Decoding + // + int idx = 0; + if (d[idx++] != 0x30 || + d[idx++] != (totlen - 2) || + d[idx++] != 0x02 || + d[idx++] != 1 || + d[idx++] != 0 || + d[idx++] != 0x30 || + d[idx++] != idlen || + d[idx++] != 0x06 || + d[idx++] != 3 || + d[idx++] != (1 * 40) + 3 || + d[idx++] != 101) { + throw new InvalidKeySpecException("unsupported key spec"); + } + idx++; // OID, checked above + // parameters only with old OID + if (doid == OID_OLD) { + if (d[idx++] != 0x0a || + d[idx++] != 1 || + d[idx++] != 1) { + throw new InvalidKeySpecException("unsupported key spec"); + } + } else { + // Handle parameter value of NULL + // + // Quote https://tools.ietf.org/html/draft-ietf-curdle-pkix-04 : + // For all of the OIDs, the parameters MUST be absent. + // Regardless of the defect in the original 1997 syntax, + // implementations MUST NOT accept a parameters value of NULL. + // + // But Java's default keystore puts it in (when decoding as + // PKCS8 and then re-encoding to pass on), so we must accept it. + if (idlen == 7) { + if (d[idx++] != 0x05 || + d[idx++] != 0) { + throw new InvalidKeySpecException("unsupported key spec"); + } + } + // PrivateKey wrapping the CurvePrivateKey + if (d[idx++] != 0x04 || + d[idx++] != 34) { + throw new InvalidKeySpecException("unsupported key spec"); + } + } + if (d[idx++] != 0x04 || + d[idx++] != 32) { + throw new InvalidKeySpecException("unsupported key spec"); + } + byte[] rv = new byte[32]; + System.arraycopy(d, idx, rv, 0, 32); + return rv; + } catch (IndexOutOfBoundsException ioobe) { + throw new InvalidKeySpecException(ioobe); + } + } + + @Override + public String getAlgorithm() { + return KEY_ALGORITHM; + } + + @Override + public String getFormat() { + return "PKCS#8"; + } + + /** + * Returns the public key in its canonical encoding. + * This implements the following specs: + *

+ *

+ * This encodes the seed. It will return null if constructed from + * a spec which was directly constructed from H, in which case seed is null. + *

+ * For keys in older formats, decoding and then re-encoding is sufficient to + * migrate them to the canonical encoding. + *

+ * Relevant spec quotes: + * 
+     *  OneAsymmetricKey ::= SEQUENCE {
+     *    version Version,
+     *    privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
+     *    privateKey PrivateKey,
+     *    attributes [0] Attributes OPTIONAL,
+     *    ...,
+     *    [[2: publicKey [1] PublicKey OPTIONAL ]],
+     *    ...
+     *  }
+     *
+     *  Version ::= INTEGER
+     *  PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
+     *  PrivateKey ::= OCTET STRING
+     *  PublicKey ::= OCTET STRING
+     *  Attributes ::= SET OF Attribute
+     *
+ * 
+     *  ... when encoding a OneAsymmetricKey object, the private key is wrapped
+     *  in a CurvePrivateKey object and wrapped by the OCTET STRING of the
+     *  'privateKey' field.
+     *
+     *  CurvePrivateKey ::= OCTET STRING
+     *
+ * 
+     *  AlgorithmIdentifier  ::=  SEQUENCE  {
+     *    algorithm   OBJECT IDENTIFIER,
+     *    parameters  ANY DEFINED BY algorithm OPTIONAL
+     *  }
+     *
+     *  For all of the OIDs, the parameters MUST be absent.
+     *
+ * 
+     *  id-Ed25519   OBJECT IDENTIFIER ::= { 1 3 101 112 }
+     *
+ * + * @return 48 bytes for Ed25519, null for other curves + */ + @Override + public byte[] getEncoded() { + if (!edDsaSpec.equals(EdDSANamedCurveTable.getByName("Ed25519"))) + return null; + if (seed == null) + return null; + int totlen = 16 + seed.length; + byte[] rv = new byte[totlen]; + int idx = 0; + // sequence + rv[idx++] = 0x30; + rv[idx++] = (byte) (totlen - 2); + // version + rv[idx++] = 0x02; + rv[idx++] = 1; + // v1 - no public key included + rv[idx++] = 0; + // Algorithm Identifier + // sequence + rv[idx++] = 0x30; + rv[idx++] = 5; + // OID + // https://msdn.microsoft.com/en-us/library/windows/desktop/bb540809%28v=vs.85%29.aspx + rv[idx++] = 0x06; + rv[idx++] = 3; + rv[idx++] = (1 * 40) + 3; + rv[idx++] = 101; + rv[idx++] = (byte) OID_ED25519; + // params - absent + // PrivateKey + rv[idx++] = 0x04; // octet string + rv[idx++] = (byte) (2 + seed.length); + // CurvePrivateKey + rv[idx++] = 0x04; // octet string + rv[idx++] = (byte) seed.length; + // the key + System.arraycopy(seed, 0, rv, idx, seed.length); + return rv; + } + + @Override + public EdDSAParameterSpec getParams() { + return edDsaSpec; + } + + /** + * @return will be null if constructed from a spec which was + * directly constructed from H + */ + public byte[] getSeed() { + return seed; + } + + /** + * @return the hash of the seed + */ + public byte[] getH() { + return h; + } + + /** + * @return the private key + */ + public byte[] geta() { + return a; + } + + /** + * @return the public key + */ + public GroupElement getA() { + return A; + } + + /** + * @return the public key + */ + public byte[] getAbyte() { + return Abyte; + } + + @Override + public int hashCode() { + return Arrays.hashCode(seed); + } + + @Override + public boolean equals(Object o) { + if (o == this) + return true; + if (!(o instanceof EdDSAPrivateKey)) + return false; + EdDSAPrivateKey pk = (EdDSAPrivateKey) o; + return Arrays.equals(seed, pk.getSeed()) && + edDsaSpec.equals(pk.getParams()); + } +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/EdDSAPublicKey.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/EdDSAPublicKey.java new file mode 100644 index 0000000..8b671a0 --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/EdDSAPublicKey.java @@ -0,0 +1,257 @@ +package org.xbib.io.sshd.eddsa; + +import org.xbib.io.sshd.eddsa.math.GroupElement; +import org.xbib.io.sshd.eddsa.spec.EdDSANamedCurveTable; +import org.xbib.io.sshd.eddsa.spec.EdDSAParameterSpec; +import org.xbib.io.sshd.eddsa.spec.EdDSAPublicKeySpec; + +import java.security.PublicKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.X509EncodedKeySpec; +import java.util.Arrays; + +/** + * An EdDSA public key. + *

+ * Warning: Public key encoding is is based on the current curdle WG draft, + * and is subject to change. See getEncoded(). + *

+ * For compatibility with older releases, decoding supports both the old and new + * draft specifications. See decode(). + *

+ * Ref: https://tools.ietf.org/html/draft-ietf-curdle-pkix-04 + *

+ * Old Ref: https://tools.ietf.org/html/draft-josefsson-pkix-eddsa-04 + *

+ */ +public class EdDSAPublicKey implements EdDSAKey, PublicKey { + private static final long serialVersionUID = 9837459837498475L; + // OID 1.3.101.xxx + private static final int OID_OLD = 100; + private static final int OID_ED25519 = 112; + private static final int OID_BYTE = 8; + private static final int IDLEN_BYTE = 3; + private final GroupElement A; + private final GroupElement Aneg; + private final byte[] Abyte; + private final EdDSAParameterSpec edDsaSpec; + + public EdDSAPublicKey(EdDSAPublicKeySpec spec) { + this.A = spec.getA(); + this.Aneg = spec.getNegativeA(); + this.Abyte = this.A.toByteArray(); + this.edDsaSpec = spec.getParams(); + } + + public EdDSAPublicKey(X509EncodedKeySpec spec) throws InvalidKeySpecException { + this(new EdDSAPublicKeySpec(decode(spec.getEncoded()), + EdDSANamedCurveTable.getByName("Ed25519"))); + } + + /** + * Extracts the public key bytes from the provided encoding. + *

+ * This will decode data conforming to the current spec at + * https://tools.ietf.org/html/draft-ietf-curdle-pkix-04 + * or the old spec at + * https://tools.ietf.org/html/draft-josefsson-pkix-eddsa-04. + *

+ * Contrary to draft-ietf-curdle-pkix-04, it WILL accept a parameter value + * of NULL, as it is required for interoperability with the default Java + * keystore. Other implementations MUST NOT copy this behaviour from here + * unless they also need to read keys from the default Java keystore. + *

+ * This is really dumb for now. It does not use a general-purpose ASN.1 decoder. + * See also getEncoded(). + *

+ * + * @return 32 bytes for Ed25519, throws for other curves + */ + private static byte[] decode(byte[] d) throws InvalidKeySpecException { + try { + // + // Setup and OID check + // + int totlen = 44; + int idlen = 5; + int doid = d[OID_BYTE]; + if (doid == OID_OLD) { + totlen = 47; + idlen = 8; + } else if (doid == OID_ED25519) { + // Detect parameter value of NULL + if (d[IDLEN_BYTE] == 7) { + totlen = 46; + idlen = 7; + } + } else { + throw new InvalidKeySpecException("unsupported key spec"); + } + + // + // Pre-decoding check + // + if (d.length != totlen) { + throw new InvalidKeySpecException("invalid key spec length"); + } + + // + // Decoding + // + int idx = 0; + if (d[idx++] != 0x30 || + d[idx++] != (totlen - 2) || + d[idx++] != 0x30 || + d[idx++] != idlen || + d[idx++] != 0x06 || + d[idx++] != 3 || + d[idx++] != (1 * 40) + 3 || + d[idx++] != 101) { + throw new InvalidKeySpecException("unsupported key spec"); + } + idx++; // OID, checked above + // parameters only with old OID + if (doid == OID_OLD) { + if (d[idx++] != 0x0a || + d[idx++] != 1 || + d[idx++] != 1) { + throw new InvalidKeySpecException("unsupported key spec"); + } + } else { + // Handle parameter value of NULL + // + // Quote https://tools.ietf.org/html/draft-ietf-curdle-pkix-04 : + // For all of the OIDs, the parameters MUST be absent. + // Regardless of the defect in the original 1997 syntax, + // implementations MUST NOT accept a parameters value of NULL. + // + // But Java's default keystore puts it in (when decoding as + // PKCS8 and then re-encoding to pass on), so we must accept it. + if (idlen == 7) { + if (d[idx++] != 0x05 || + d[idx++] != 0) { + throw new InvalidKeySpecException("unsupported key spec"); + } + } + } + if (d[idx++] != 0x03 || + d[idx++] != 33 || + d[idx++] != 0) { + throw new InvalidKeySpecException("unsupported key spec"); + } + byte[] rv = new byte[32]; + System.arraycopy(d, idx, rv, 0, 32); + return rv; + } catch (IndexOutOfBoundsException ioobe) { + throw new InvalidKeySpecException(ioobe); + } + } + + @Override + public String getAlgorithm() { + return KEY_ALGORITHM; + } + + @Override + public String getFormat() { + return "X.509"; + } + + /** + * Returns the public key in its canonical encoding. + * This implements the following specs: + * + *

+ * For keys in older formats, decoding and then re-encoding is sufficient to + * migrate them to the canonical encoding. + *

+ * Relevant spec quotes: + * 
+     *  In the X.509 certificate, the subjectPublicKeyInfo field has the
+     *  SubjectPublicKeyInfo type, which has the following ASN.1 syntax:
+     *
+     *  SubjectPublicKeyInfo  ::=  SEQUENCE  {
+     *    algorithm         AlgorithmIdentifier,
+     *    subjectPublicKey  BIT STRING
+     *  }
+     *
+ * 
+     *  AlgorithmIdentifier  ::=  SEQUENCE  {
+     *    algorithm   OBJECT IDENTIFIER,
+     *    parameters  ANY DEFINED BY algorithm OPTIONAL
+     *  }
+     *
+     *  For all of the OIDs, the parameters MUST be absent.
+     *
+ * 
+     *  id-Ed25519   OBJECT IDENTIFIER ::= { 1 3 101 112 }
+     *
+ * + * @return 44 bytes for Ed25519, null for other curves + */ + @Override + public byte[] getEncoded() { + if (!edDsaSpec.equals(EdDSANamedCurveTable.getByName("Ed25519"))) + return null; + int totlen = 12 + Abyte.length; + byte[] rv = new byte[totlen]; + int idx = 0; + // sequence + rv[idx++] = 0x30; + rv[idx++] = (byte) (totlen - 2); + // Algorithm Identifier + // sequence + rv[idx++] = 0x30; + rv[idx++] = 5; + // OID + // https://msdn.microsoft.com/en-us/library/windows/desktop/bb540809%28v=vs.85%29.aspx + rv[idx++] = 0x06; + rv[idx++] = 3; + rv[idx++] = (1 * 40) + 3; + rv[idx++] = 101; + rv[idx++] = (byte) OID_ED25519; + // params - absent + // the key + rv[idx++] = 0x03; // bit string + rv[idx++] = (byte) (1 + Abyte.length); + rv[idx++] = 0; // number of trailing unused bits + System.arraycopy(Abyte, 0, rv, idx, Abyte.length); + return rv; + } + + @Override + public EdDSAParameterSpec getParams() { + return edDsaSpec; + } + + public GroupElement getA() { + return A; + } + + public GroupElement getNegativeA() { + return Aneg; + } + + public byte[] getAbyte() { + return Abyte; + } + + @Override + public int hashCode() { + return Arrays.hashCode(Abyte); + } + + @Override + public boolean equals(Object o) { + if (o == this) + return true; + if (!(o instanceof EdDSAPublicKey)) + return false; + EdDSAPublicKey pk = (EdDSAPublicKey) o; + return Arrays.equals(Abyte, pk.getAbyte()) && + edDsaSpec.equals(pk.getParams()); + } +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/EdDSASecurityProvider.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/EdDSASecurityProvider.java new file mode 100644 index 0000000..e07c6ce --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/EdDSASecurityProvider.java @@ -0,0 +1,45 @@ +package org.xbib.io.sshd.eddsa; + +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.security.Provider; +import java.security.Security; + +/** + * A security {@link Provider} that can be registered via {@link Security#addProvider(Provider)}. + */ +public class EdDSASecurityProvider extends Provider { + + public static final String PROVIDER_NAME = "EdDSA"; + + private static final long serialVersionUID = 1210027906682292307L; + + public EdDSASecurityProvider() { + super(PROVIDER_NAME, 0.1, "xbib " + PROVIDER_NAME + " security provider wrapper"); + + AccessController.doPrivileged((PrivilegedAction) () -> { + setup(); + return null; + }); + } + + protected void setup() { + // See https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/HowToImplAProvider.html + put("KeyFactory." + EdDSAKey.KEY_ALGORITHM, "org.xbib.io.sshd.eddsa.KeyFactory"); + put("KeyPairGenerator." + EdDSAKey.KEY_ALGORITHM, "org.xbib.io.sshd.eddsa.KeyPairGenerator"); + put("Signature." + EdDSAEngine.SIGNATURE_ALGORITHM, "org.xbib.io.sshd.eddsa.EdDSAEngine"); + + // OID Mappings + // See section "Mapping from OID to name". + // The Key* -> OID mappings correspond to the default algorithm in KeyPairGenerator. + // + // From draft-ieft-curdle-pkix-04: + // id-Ed25519 OBJECT IDENTIFIER ::= { 1 3 101 112 } + put("Alg.Alias.KeyFactory.1.3.101.112", EdDSAKey.KEY_ALGORITHM); + put("Alg.Alias.KeyFactory.OID.1.3.101.112", EdDSAKey.KEY_ALGORITHM); + put("Alg.Alias.KeyPairGenerator.1.3.101.112", EdDSAKey.KEY_ALGORITHM); + put("Alg.Alias.KeyPairGenerator.OID.1.3.101.112", EdDSAKey.KEY_ALGORITHM); + put("Alg.Alias.Signature.1.3.101.112", EdDSAEngine.SIGNATURE_ALGORITHM); + put("Alg.Alias.Signature.OID.1.3.101.112", EdDSAEngine.SIGNATURE_ALGORITHM); + } +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/KeyFactory.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/KeyFactory.java new file mode 100644 index 0000000..2ab1570 --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/KeyFactory.java @@ -0,0 +1,62 @@ +package org.xbib.io.sshd.eddsa; + +import org.xbib.io.sshd.eddsa.spec.EdDSAPrivateKeySpec; +import org.xbib.io.sshd.eddsa.spec.EdDSAPublicKeySpec; + +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.KeyFactorySpi; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; + +/** + */ +public final class KeyFactory extends KeyFactorySpi { + + protected PrivateKey engineGeneratePrivate(KeySpec keySpec) + throws InvalidKeySpecException { + if (keySpec instanceof EdDSAPrivateKeySpec) { + return new EdDSAPrivateKey((EdDSAPrivateKeySpec) keySpec); + } + if (keySpec instanceof PKCS8EncodedKeySpec) { + return new EdDSAPrivateKey((PKCS8EncodedKeySpec) keySpec); + } + throw new InvalidKeySpecException("key spec not recognised: " + keySpec.getClass()); + } + + protected PublicKey engineGeneratePublic(KeySpec keySpec) + throws InvalidKeySpecException { + if (keySpec instanceof EdDSAPublicKeySpec) { + return new EdDSAPublicKey((EdDSAPublicKeySpec) keySpec); + } + if (keySpec instanceof X509EncodedKeySpec) { + return new EdDSAPublicKey((X509EncodedKeySpec) keySpec); + } + throw new InvalidKeySpecException("key spec not recognised: " + keySpec.getClass()); + } + + @SuppressWarnings("unchecked") + protected T engineGetKeySpec(Key key, Class keySpec) + throws InvalidKeySpecException { + if (keySpec.isAssignableFrom(EdDSAPublicKeySpec.class) && key instanceof EdDSAPublicKey) { + EdDSAPublicKey k = (EdDSAPublicKey) key; + if (k.getParams() != null) { + return (T) new EdDSAPublicKeySpec(k.getA(), k.getParams()); + } + } else if (keySpec.isAssignableFrom(EdDSAPrivateKeySpec.class) && key instanceof EdDSAPrivateKey) { + EdDSAPrivateKey k = (EdDSAPrivateKey) key; + if (k.getParams() != null) { + return (T) new EdDSAPrivateKeySpec(k.getSeed(), k.getH(), k.geta(), k.getA(), k.getParams()); + } + } + throw new InvalidKeySpecException("not implemented yet " + key + " " + keySpec); + } + + protected Key engineTranslateKey(Key key) throws InvalidKeyException { + throw new InvalidKeyException("No other EdDSA key providers known"); + } +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/KeyPairGenerator.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/KeyPairGenerator.java new file mode 100644 index 0000000..04bf42f --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/KeyPairGenerator.java @@ -0,0 +1,86 @@ +package org.xbib.io.sshd.eddsa; + +import org.xbib.io.sshd.eddsa.spec.EdDSAGenParameterSpec; +import org.xbib.io.sshd.eddsa.spec.EdDSANamedCurveSpec; +import org.xbib.io.sshd.eddsa.spec.EdDSANamedCurveTable; +import org.xbib.io.sshd.eddsa.spec.EdDSAParameterSpec; +import org.xbib.io.sshd.eddsa.spec.EdDSAPrivateKeySpec; +import org.xbib.io.sshd.eddsa.spec.EdDSAPublicKeySpec; + +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidParameterException; +import java.security.KeyPair; +import java.security.KeyPairGeneratorSpi; +import java.security.SecureRandom; +import java.security.spec.AlgorithmParameterSpec; +import java.util.Hashtable; + +/** + * Default keysize is 256 (Ed25519). + */ +public final class KeyPairGenerator extends KeyPairGeneratorSpi { + private static final int DEFAULT_KEYSIZE = 256; + private static final Hashtable edParameters; + + static { + edParameters = new Hashtable<>(); + edParameters.put(256, new EdDSAGenParameterSpec("Ed25519")); + } + + private EdDSAParameterSpec edParams; + private SecureRandom random; + private boolean initialized; + + public void initialize(int keysize, SecureRandom random) { + AlgorithmParameterSpec edParams = edParameters.get(keysize); + if (edParams == null) + throw new InvalidParameterException("unknown key type."); + try { + initialize(edParams, random); + } catch (InvalidAlgorithmParameterException e) { + throw new InvalidParameterException("key type not configurable."); + } + } + + @Override + public void initialize(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException { + if (params instanceof EdDSAParameterSpec) { + edParams = (EdDSAParameterSpec) params; + } else if (params instanceof EdDSAGenParameterSpec) { + edParams = createNamedCurveSpec(((EdDSAGenParameterSpec) params).getName()); + } else + throw new InvalidAlgorithmParameterException("parameter object not a EdDSAParameterSpec"); + + this.random = random; + initialized = true; + } + + public KeyPair generateKeyPair() { + if (!initialized) + initialize(DEFAULT_KEYSIZE, new SecureRandom()); + + byte[] seed = new byte[edParams.getCurve().getField().getb() / 8]; + random.nextBytes(seed); + + EdDSAPrivateKeySpec privKey = new EdDSAPrivateKeySpec(seed, edParams); + EdDSAPublicKeySpec pubKey = new EdDSAPublicKeySpec(privKey.getA(), edParams); + + return new KeyPair(new EdDSAPublicKey(pubKey), new EdDSAPrivateKey(privKey)); + } + + /** + * Create an EdDSANamedCurveSpec from the provided curve name. The current + * implementation fetches the pre-created curve spec from a table. + * + * @param curveName the EdDSA named curve. + * @return the specification for the named curve. + * @throws InvalidAlgorithmParameterException if the named curve is unknown. + */ + protected EdDSANamedCurveSpec createNamedCurveSpec(String curveName) throws InvalidAlgorithmParameterException { + EdDSANamedCurveSpec spec = EdDSANamedCurveTable.getByName(curveName); + if (spec == null) { + throw new InvalidAlgorithmParameterException("unknown curve name: " + curveName); + } + return spec; + } +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/Utils.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/Utils.java new file mode 100644 index 0000000..05fb4b4 --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/Utils.java @@ -0,0 +1,95 @@ +package org.xbib.io.sshd.eddsa; + +/** + * Basic utilities for EdDSA. + * Not for external use, not maintained as a public API. + */ +public class Utils { + /** + * Constant-time byte comparison. + * + * @param b a byte + * @param c a byte + * @return 1 if b and c are equal, 0 otherwise. + */ + public static int equal(int b, int c) { + int result = 0; + int xor = b ^ c; + for (int i = 0; i < 8; i++) { + result |= xor >> i; + } + return (result ^ 0x01) & 0x01; + } + + /** + * Constant-time byte[] comparison. + * + * @param b a byte[] + * @param c a byte[] + * @return 1 if b and c are equal, 0 otherwise. + */ + public static int equal(byte[] b, byte[] c) { + int result = 0; + for (int i = 0; i < 32; i++) { + result |= b[i] ^ c[i]; + } + + return equal(result, 0); + } + + /** + * Constant-time determine if byte is negative. + * + * @param b the byte to check. + * @return 1 if the byte is negative, 0 otherwise. + */ + public static int negative(int b) { + return (b >> 8) & 1; + } + + /** + * Get the i'th bit of a byte array. + * + * @param h the byte array. + * @param i the bit index. + * @return 0 or 1, the value of the i'th bit in h + */ + public static int bit(byte[] h, int i) { + return (h[i >> 3] >> (i & 7)) & 1; + } + + /** + * Converts a hex string to bytes. + * + * @param s the hex string to be converted. + * @return the byte[] + */ + public static byte[] hexToBytes(String s) { + int len = s.length(); + byte[] data = new byte[len / 2]; + for (int i = 0; i < len; i += 2) { + data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4) + + Character.digit(s.charAt(i + 1), 16)); + } + return data; + } + + /** + * Converts bytes to a hex string. + * + * @param raw the byte[] to be converted. + * @return the hex representation as a string. + */ + public static String bytesToHex(byte[] raw) { + if (raw == null) { + return null; + } + final StringBuilder hex = new StringBuilder(2 * raw.length); + for (final byte b : raw) { + hex.append(Character.forDigit((b & 0xF0) >> 4, 16)) + .append(Character.forDigit((b & 0x0F), 16)); + } + return hex.toString(); + } + +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/Constants.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/Constants.java new file mode 100644 index 0000000..4d146d5 --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/Constants.java @@ -0,0 +1,15 @@ +package org.xbib.io.sshd.eddsa.math; + +import org.xbib.io.sshd.eddsa.Utils; + +/** + * + */ +final class Constants { + public static final byte[] ZERO = Utils.hexToBytes("0000000000000000000000000000000000000000000000000000000000000000"); + public static final byte[] ONE = Utils.hexToBytes("0100000000000000000000000000000000000000000000000000000000000000"); + public static final byte[] TWO = Utils.hexToBytes("0200000000000000000000000000000000000000000000000000000000000000"); + public static final byte[] FOUR = Utils.hexToBytes("0400000000000000000000000000000000000000000000000000000000000000"); + public static final byte[] FIVE = Utils.hexToBytes("0500000000000000000000000000000000000000000000000000000000000000"); + public static final byte[] EIGHT = Utils.hexToBytes("0800000000000000000000000000000000000000000000000000000000000000"); +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/Curve.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/Curve.java new file mode 100644 index 0000000..75701cc --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/Curve.java @@ -0,0 +1,87 @@ +package org.xbib.io.sshd.eddsa.math; + +//import java.io.Serializable; + +/** + * A twisted Edwards curve. + * Points on the curve satisfy $-x^2 + y^2 = 1 + d x^2y^2$ + */ +public class Curve /*implements Serializable*/ { + //private static final long serialVersionUID = 4578920872509827L; + private final Field f; + private final FieldElement d; + private final FieldElement d2; + private final FieldElement I; + + private final GroupElement zeroP2; + private final GroupElement zeroP3; + private final GroupElement zeroPrecomp; + + public Curve(Field f, byte[] d, FieldElement I) { + this.f = f; + this.d = f.fromByteArray(d); + this.d2 = this.d.add(this.d); + this.I = I; + + FieldElement zero = f.ZERO; + FieldElement one = f.ONE; + zeroP2 = GroupElement.p2(this, zero, one, one); + zeroP3 = GroupElement.p3(this, zero, one, one, zero); + zeroPrecomp = GroupElement.precomp(this, one, one, zero); + } + + public Field getField() { + return f; + } + + public FieldElement getD() { + return d; + } + + public FieldElement get2D() { + return d2; + } + + public FieldElement getI() { + return I; + } + + public GroupElement getZero(GroupElement.Representation repr) { + switch (repr) { + case P2: + return zeroP2; + case P3: + return zeroP3; + case PRECOMP: + return zeroPrecomp; + default: + return null; + } + } + + public GroupElement createPoint(byte[] P, boolean precompute) { + GroupElement ge = new GroupElement(this, P); + if (precompute) + ge.precompute(true); + return ge; + } + + @Override + public int hashCode() { + return f.hashCode() ^ + d.hashCode() ^ + I.hashCode(); + } + + @Override + public boolean equals(Object o) { + if (o == this) + return true; + if (!(o instanceof Curve)) + return false; + Curve c = (Curve) o; + return f.equals(c.getField()) && + d.equals(c.getD()) && + I.equals(c.getI()); + } +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/Encoding.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/Encoding.java new file mode 100644 index 0000000..8236f90 --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/Encoding.java @@ -0,0 +1,43 @@ +package org.xbib.io.sshd.eddsa.math; + +/** + * Common interface for all $(b-1)$-bit encodings of elements of EdDSA finite fields. + */ +public abstract class Encoding { + protected Field f; + + public synchronized void setField(Field f) { + if (this.f != null) + throw new IllegalStateException("already set"); + this.f = f; + } + + /** + * Encode a FieldElement in its $(b-1)$-bit encoding. + * + * @param x the FieldElement to encode + * @return the $(b-1)$-bit encoding of this FieldElement. + */ + public abstract byte[] encode(FieldElement x); + + /** + * Decode a FieldElement from its $(b-1)$-bit encoding. + * The highest bit is masked out. + * + * @param in the $(b-1)$-bit encoding of a FieldElement. + * @return the FieldElement represented by 'val'. + */ + public abstract FieldElement decode(byte[] in); + + /** + * From the Ed25519 paper:
+ * $x$ is negative if the $(b-1)$-bit encoding of $x$ is lexicographically larger + * than the $(b-1)$-bit encoding of -x. If $q$ is an odd prime and the encoding + * is the little-endian representation of $\{0, 1,\dots, q-1\}$ then the negative + * elements of $F_q$ are $\{1, 3, 5,\dots, q-2\}$. + * + * @param x the FieldElement to check + * @return true if negative + */ + public abstract boolean isNegative(FieldElement x); +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/Field.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/Field.java new file mode 100644 index 0000000..3040b4c --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/Field.java @@ -0,0 +1,84 @@ +package org.xbib.io.sshd.eddsa.math; + +/** + * An EdDSA finite field. Includes several pre-computed values. + */ +public class Field /*implements Serializable*/ { + //private static final long serialVersionUID = 8746587465875676L; + + public final FieldElement ZERO; + public final FieldElement ONE; + public final FieldElement TWO; + public final FieldElement FOUR; + public final FieldElement FIVE; + public final FieldElement EIGHT; + + private final int b; + private final FieldElement q; + /** + * q-2 + */ + private final FieldElement qm2; + /** + * (q-5) / 8 + */ + private final FieldElement qm5d8; + private final Encoding enc; + + public Field(int b, byte[] q, Encoding enc) { + this.b = b; + this.enc = enc; + this.enc.setField(this); + + this.q = fromByteArray(q); + + // Set up constants + ZERO = fromByteArray(Constants.ZERO); + ONE = fromByteArray(Constants.ONE); + TWO = fromByteArray(Constants.TWO); + FOUR = fromByteArray(Constants.FOUR); + FIVE = fromByteArray(Constants.FIVE); + EIGHT = fromByteArray(Constants.EIGHT); + + // Precompute values + qm2 = this.q.subtract(TWO); + qm5d8 = this.q.subtract(FIVE).divide(EIGHT); + } + + public FieldElement fromByteArray(byte[] x) { + return enc.decode(x); + } + + public int getb() { + return b; + } + + public FieldElement getQ() { + return q; + } + + public FieldElement getQm2() { + return qm2; + } + + public FieldElement getQm5d8() { + return qm5d8; + } + + public Encoding getEncoding() { + return enc; + } + + @Override + public int hashCode() { + return q.hashCode(); + } + + @Override + public boolean equals(Object obj) { + if (!(obj instanceof Field)) + return false; + Field f = (Field) obj; + return b == f.b && q.equals(f.q); + } +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/FieldElement.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/FieldElement.java new file mode 100644 index 0000000..d0e08c0 --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/FieldElement.java @@ -0,0 +1,66 @@ +package org.xbib.io.sshd.eddsa.math; + +//import java.io.Serializable; + +/** + * Note: concrete subclasses must implement hashCode() and equals() + */ +public abstract class FieldElement /*implements Serializable*/ { + //private static final long serialVersionUID = 1239527465875676L; + + protected final Field f; + + public FieldElement(Field f) { + if (null == f) { + throw new IllegalArgumentException("field cannot be null"); + } + this.f = f; + } + + /** + * Encode a FieldElement in its $(b-1)$-bit encoding. + * + * @return the $(b-1)$-bit encoding of this FieldElement. + */ + public byte[] toByteArray() { + return f.getEncoding().encode(this); + } + + public abstract boolean isNonZero(); + + public boolean isNegative() { + return f.getEncoding().isNegative(this); + } + + public abstract FieldElement add(FieldElement val); + + public FieldElement addOne() { + return add(f.ONE); + } + + public abstract FieldElement subtract(FieldElement val); + + public FieldElement subtractOne() { + return subtract(f.ONE); + } + + public abstract FieldElement negate(); + + public FieldElement divide(FieldElement val) { + return multiply(val.invert()); + } + + public abstract FieldElement multiply(FieldElement val); + + public abstract FieldElement square(); + + public abstract FieldElement squareAndDouble(); + + public abstract FieldElement invert(); + + public abstract FieldElement pow22523(); + + public abstract FieldElement cmov(FieldElement val, final int b); + + // Note: concrete subclasses must implement hashCode() and equals() +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/GroupElement.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/GroupElement.java new file mode 100644 index 0000000..b1b9064 --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/GroupElement.java @@ -0,0 +1,1028 @@ +package org.xbib.io.sshd.eddsa.math; + +import org.xbib.io.sshd.eddsa.Utils; + +import java.util.Arrays; + +//import java.io.Serializable; + +/** + * A point $(x,y)$ on an EdDSA curve. + *

+ * Reviewed/commented by Bloody Rookie (nemproject@gmx.de) + *

+ * Literature:
+ * [1] Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe and Bo-Yin Yang : High-speed high-security signatures
+ * [2] Huseyin Hisil, Kenneth Koon-Ho Wong, Gary Carter, Ed Dawson: Twisted Edwards Curves Revisited
+ * [3] Daniel J. Bernsteina, Tanja Lange: A complete set of addition laws for incomplete Edwards curves
+ * [4] Daniel J. Bernstein, Peter Birkner, Marc Joye, Tanja Lange and Christiane Peters: Twisted Edwards Curves
+ * [5] Christiane Pascale Peters: Curves, Codes, and Cryptography (PhD thesis)
+ * [6] Daniel J. Bernstein, Peter Birkner, Tanja Lange and Christiane Peters: Optimizing double-base elliptic-curve single-scalar multiplication
+ */ +public class GroupElement /*implements Serializable*/ { + //private static final long serialVersionUID = 2395879087349587L; + + /** + * Variable is package private only so that tests run. + */ + final Curve curve; + /** + * Variable is package private only so that tests run. + */ + final Representation repr; + /** + * Variable is package private only so that tests run. + */ + final FieldElement X; + /** + * Variable is package private only so that tests run. + */ + final FieldElement Y; + /** + * Variable is package private only so that tests run. + */ + final FieldElement Z; + /** + * Variable is package private only so that tests run. + */ + final FieldElement T; + /** + * Precomputed table for {@link #scalarMultiply(byte[])}, + * filled if necessary. + *

+ * Variable is package private only so that tests run. + */ + GroupElement[][] precmp; + /** + * Precomputed table for {@link #doubleScalarMultiplyVariableTime(GroupElement, byte[], byte[])}, + * filled if necessary. + *

+ * Variable is package private only so that tests run. + */ + GroupElement[] dblPrecmp; + + /** + * Creates a group element for a curve. + * + * @param curve The curve. + * @param repr The representation used to represent the group element. + * @param X The $X$ coordinate. + * @param Y The $Y$ coordinate. + * @param Z The $Z$ coordinate. + * @param T The $T$ coordinate. + */ + public GroupElement( + final Curve curve, + final Representation repr, + final FieldElement X, + final FieldElement Y, + final FieldElement Z, + final FieldElement T) { + this.curve = curve; + this.repr = repr; + this.X = X; + this.Y = Y; + this.Z = Z; + this.T = T; + } + + /** + * Creates a group element for a curve from a given encoded point. + *

+ * A point $(x,y)$ is encoded by storing $y$ in bit 0 to bit 254 and the sign of $x$ in bit 255. + * $x$ is recovered in the following way: + *

    + *
  • $x = sign(x) * \sqrt{(y^2 - 1) / (d * y^2 + 1)} = sign(x) * \sqrt{u / v}$ with $u = y^2 - 1$ and $v = d * y^2 + 1$. + *
  • Setting $β = (u * v^3) * (u * v^7)^{((q - 5) / 8)}$ one has $β^2 = \pm(u / v)$. + *
  • If $v * β = -u$ multiply $β$ with $i=\sqrt{-1}$. + *
  • Set $x := β$. + *
  • If $sign(x) \ne$ bit 255 of $s$ then negate $x$. + *
+ * + * @param curve The curve. + * @param s The encoded point. + */ + public GroupElement(final Curve curve, final byte[] s) { + FieldElement x, y, yy, u, v, v3, vxx, check; + y = curve.getField().fromByteArray(s); + yy = y.square(); + + // u = y^2-1 + u = yy.subtractOne(); + + // v = dy^2+1 + v = yy.multiply(curve.getD()).addOne(); + + // v3 = v^3 + v3 = v.square().multiply(v); + + // x = (v3^2)vu, aka x = uv^7 + x = v3.square().multiply(v).multiply(u); + + // x = (uv^7)^((q-5)/8) + x = x.pow22523(); + + // x = uv^3(uv^7)^((q-5)/8) + x = v3.multiply(u).multiply(x); + + vxx = x.square().multiply(v); + check = vxx.subtract(u); // vx^2-u + if (check.isNonZero()) { + check = vxx.add(u); // vx^2+u + + if (check.isNonZero()) + throw new IllegalArgumentException("not a valid GroupElement"); + x = x.multiply(curve.getI()); + } + + if ((x.isNegative() ? 1 : 0) != Utils.bit(s, curve.getField().getb() - 1)) { + x = x.negate(); + } + + this.curve = curve; + this.repr = Representation.P3; + this.X = x; + this.Y = y; + this.Z = curve.getField().ONE; + this.T = this.X.multiply(this.Y); + } + + /** + * Creates a new group element in P2 representation. + * + * @param curve The curve. + * @param X The $X$ coordinate. + * @param Y The $Y$ coordinate. + * @param Z The $Z$ coordinate. + * @return The group element in P2 representation. + */ + public static GroupElement p2( + final Curve curve, + final FieldElement X, + final FieldElement Y, + final FieldElement Z) { + return new GroupElement(curve, Representation.P2, X, Y, Z, null); + } + + /** + * Creates a new group element in P3 representation. + * + * @param curve The curve. + * @param X The $X$ coordinate. + * @param Y The $Y$ coordinate. + * @param Z The $Z$ coordinate. + * @param T The $T$ coordinate. + * @return The group element in P3 representation. + */ + public static GroupElement p3( + final Curve curve, + final FieldElement X, + final FieldElement Y, + final FieldElement Z, + final FieldElement T) { + return new GroupElement(curve, Representation.P3, X, Y, Z, T); + } + + /** + * Creates a new group element in P1P1 representation. + * + * @param curve The curve. + * @param X The $X$ coordinate. + * @param Y The $Y$ coordinate. + * @param Z The $Z$ coordinate. + * @param T The $T$ coordinate. + * @return The group element in P1P1 representation. + */ + public static GroupElement p1p1( + final Curve curve, + final FieldElement X, + final FieldElement Y, + final FieldElement Z, + final FieldElement T) { + return new GroupElement(curve, Representation.P1P1, X, Y, Z, T); + } + + /** + * Creates a new group element in PRECOMP representation. + * + * @param curve The curve. + * @param ypx The $y + x$ value. + * @param ymx The $y - x$ value. + * @param xy2d The $2 * d * x * y$ value. + * @return The group element in PRECOMP representation. + */ + public static GroupElement precomp( + final Curve curve, + final FieldElement ypx, + final FieldElement ymx, + final FieldElement xy2d) { + return new GroupElement(curve, Representation.PRECOMP, ypx, ymx, xy2d, null); + } + + /** + * Creates a new group element in CACHED representation. + * + * @param curve The curve. + * @param YpX The $Y + X$ value. + * @param YmX The $Y - X$ value. + * @param Z The $Z$ coordinate. + * @param T2d The $2 * d * T$ value. + * @return The group element in CACHED representation. + */ + public static GroupElement cached( + final Curve curve, + final FieldElement YpX, + final FieldElement YmX, + final FieldElement Z, + final FieldElement T2d) { + return new GroupElement(curve, Representation.CACHED, YpX, YmX, Z, T2d); + } + + /** + * Convert a to radix 16. + *

+ * Method is package private only so that tests run. + * + * @param a $= a[0]+256*a[1]+...+256^{31} a[31]$ + * @return 64 bytes, each between -8 and 7 + */ + static byte[] toRadix16(final byte[] a) { + final byte[] e = new byte[64]; + int i; + // Radix 16 notation + for (i = 0; i < 32; i++) { + e[2 * i + 0] = (byte) (a[i] & 15); + e[2 * i + 1] = (byte) ((a[i] >> 4) & 15); + } + /* each e[i] is between 0 and 15 */ + /* e[63] is between 0 and 7 */ + int carry = 0; + for (i = 0; i < 63; i++) { + e[i] += carry; + carry = e[i] + 8; + carry >>= 4; + e[i] -= carry << 4; + } + e[63] += carry; + /* each e[i] is between -8 and 7 */ + return e; + } + + /** + * Calculates a sliding-windows base 2 representation for a given value $a$. + * To learn more about it see [6] page 8. + *

+ * Output: $r$ which satisfies + * $a = r0 * 2^0 + r1 * 2^1 + \dots + r255 * 2^{255}$ with $ri$ in $\{-15, -13, -11, -9, -7, -5, -3, -1, 0, 1, 3, 5, 7, 9, 11, 13, 15\}$ + *

+ * Method is package private only so that tests run. + * + * @param a $= a[0]+256*a[1]+\dots+256^{31} a[31]$. + * @return The byte array $r$ in the above described form. + */ + static byte[] slide(final byte[] a) { + byte[] r = new byte[256]; + + // Put each bit of 'a' into a separate byte, 0 or 1 + for (int i = 0; i < 256; ++i) { + r[i] = (byte) (1 & (a[i >> 3] >> (i & 7))); + } + + // Note: r[i] will always be odd. + for (int i = 0; i < 256; ++i) { + if (r[i] != 0) { + for (int b = 1; b <= 6 && i + b < 256; ++b) { + // Accumulate bits if possible + if (r[i + b] != 0) { + if (r[i] + (r[i + b] << b) <= 15) { + r[i] += r[i + b] << b; + r[i + b] = 0; + } else if (r[i] - (r[i + b] << b) >= -15) { + r[i] -= r[i + b] << b; + for (int k = i + b; k < 256; ++k) { + if (r[k] == 0) { + r[k] = 1; + break; + } + r[k] = 0; + } + } else + break; + } + } + } + } + + return r; + } + + /** + * Gets the curve of the group element. + * + * @return The curve. + */ + public Curve getCurve() { + return this.curve; + } + + /** + * Gets the representation of the group element. + * + * @return The representation. + */ + public Representation getRepresentation() { + return this.repr; + } + + /** + * Gets the $X$ value of the group element. + * This is for most representation the projective $X$ coordinate. + * + * @return The $X$ value. + */ + public FieldElement getX() { + return this.X; + } + + /** + * Gets the $Y$ value of the group element. + * This is for most representation the projective $Y$ coordinate. + * + * @return The $Y$ value. + */ + public FieldElement getY() { + return this.Y; + } + + /** + * Gets the $Z$ value of the group element. + * This is for most representation the projective $Z$ coordinate. + * + * @return The $Z$ value. + */ + public FieldElement getZ() { + return this.Z; + } + + /** + * Gets the $T$ value of the group element. + * This is for most representation the projective $T$ coordinate. + * + * @return The $T$ value. + */ + public FieldElement getT() { + return this.T; + } + + /** + * Converts the group element to an encoded point on the curve. + * + * @return The encoded point as byte array. + */ + public byte[] toByteArray() { + switch (this.repr) { + case P2: + case P3: + FieldElement recip = Z.invert(); + FieldElement x = X.multiply(recip); + FieldElement y = Y.multiply(recip); + byte[] s = y.toByteArray(); + s[s.length - 1] |= (x.isNegative() ? (byte) 0x80 : 0); + return s; + default: + return toP2().toByteArray(); + } + } + + /** + * Converts the group element to the P2 representation. + * + * @return The group element in the P2 representation. + */ + public GroupElement toP2() { + return toRep(Representation.P2); + } + + /** + * Converts the group element to the P3 representation. + * + * @return The group element in the P3 representation. + */ + public GroupElement toP3() { + return toRep(Representation.P3); + } + + /** + * Converts the group element to the CACHED representation. + * + * @return The group element in the CACHED representation. + */ + public GroupElement toCached() { + return toRep(Representation.CACHED); + } + + /** + * Convert a GroupElement from one Representation to another. + * TODO-CR: Add additional conversion? + * $r = p$ + *

+ * Supported conversions: + *

    + *
  • P3 $\rightarrow$ P2 + *
  • P3 $\rightarrow$ CACHED (1 multiply, 1 add, 1 subtract) + *
  • P1P1 $\rightarrow$ P2 (3 multiply) + *
  • P1P1 $\rightarrow$ P3 (4 multiply) + * + * @param repr The representation to convert to. + * @return A new group element in the given representation. + */ + private GroupElement toRep(final Representation repr) { + switch (this.repr) { + case P2: + switch (repr) { + case P2: + return p2(this.curve, this.X, this.Y, this.Z); + default: + throw new IllegalArgumentException(); + } + case P3: + switch (repr) { + case P2: + return p2(this.curve, this.X, this.Y, this.Z); + case P3: + return p3(this.curve, this.X, this.Y, this.Z, this.T); + case CACHED: + return cached(this.curve, this.Y.add(this.X), this.Y.subtract(this.X), this.Z, this.T.multiply(this.curve.get2D())); + default: + throw new IllegalArgumentException(); + } + case P1P1: + switch (repr) { + case P2: + return p2(this.curve, this.X.multiply(this.T), Y.multiply(this.Z), this.Z.multiply(this.T)); + case P3: + return p3(this.curve, this.X.multiply(this.T), Y.multiply(this.Z), this.Z.multiply(this.T), this.X.multiply(this.Y)); + case P1P1: + return p1p1(this.curve, this.X, this.Y, this.Z, this.T); + default: + throw new IllegalArgumentException(); + } + case PRECOMP: + switch (repr) { + case PRECOMP: + return precomp(this.curve, this.X, this.Y, this.Z); + default: + throw new IllegalArgumentException(); + } + case CACHED: + switch (repr) { + case CACHED: + return cached(this.curve, this.X, this.Y, this.Z, this.T); + default: + throw new IllegalArgumentException(); + } + default: + throw new UnsupportedOperationException(); + } + } + + /** + * Precomputes several tables. + *

    + * The precomputed tables are used for {@link #scalarMultiply(byte[])} + * and {@link #doubleScalarMultiplyVariableTime(GroupElement, byte[], byte[])}. + * + * @param precomputeSingle should the matrix for scalarMultiply() be precomputed? + */ + public synchronized void precompute(final boolean precomputeSingle) { + GroupElement Bi; + + if (precomputeSingle && this.precmp == null) { + // Precomputation for single scalar multiplication. + this.precmp = new GroupElement[32][8]; + // TODO-CR BR: check that this == base point when the method is called. + Bi = this; + for (int i = 0; i < 32; i++) { + GroupElement Bij = Bi; + for (int j = 0; j < 8; j++) { + final FieldElement recip = Bij.Z.invert(); + final FieldElement x = Bij.X.multiply(recip); + final FieldElement y = Bij.Y.multiply(recip); + this.precmp[i][j] = precomp(this.curve, y.add(x), y.subtract(x), x.multiply(y).multiply(this.curve.get2D())); + Bij = Bij.add(Bi.toCached()).toP3(); + } + // Only every second summand is precomputed (16^2 = 256) + for (int k = 0; k < 8; k++) { + Bi = Bi.add(Bi.toCached()).toP3(); + } + } + } + + // Precomputation for double scalar multiplication. + // P,3P,5P,7P,9P,11P,13P,15P + if (this.dblPrecmp != null) + return; + this.dblPrecmp = new GroupElement[8]; + Bi = this; + for (int i = 0; i < 8; i++) { + final FieldElement recip = Bi.Z.invert(); + final FieldElement x = Bi.X.multiply(recip); + final FieldElement y = Bi.Y.multiply(recip); + this.dblPrecmp[i] = precomp(this.curve, y.add(x), y.subtract(x), x.multiply(y).multiply(this.curve.get2D())); + // Bi = edwards(B,edwards(B,Bi)) + Bi = this.add(this.add(Bi.toCached()).toP3().toCached()).toP3(); + } + } + + /** + * Doubles a given group element $p$ in $P^2$ or $P^3$ representation and returns the result in $P \times P$ representation. + * $r = 2 * p$ where $p = (X : Y : Z)$ or $p = (X : Y : Z : T)$ + *

    + * $r$ in $P \times P$ representation: + *

    + * $r = ((X' : Z'), (Y' : T'))$ where + *

      + *
    • $X' = (X + Y)^2 - (Y^2 + X^2)$ + *
    • $Y' = Y^2 + X^2$ + *
    • $Z' = y^2 - X^2$ + *
    • $T' = 2 * Z^2 - (y^2 - X^2)$ + *

    + * $r$ converted from $P \times P$ to $P^2$ representation: + *

    + * $r = (X'' : Y'' : Z'')$ where + *

      + *
    • $X'' = X' * Z' = ((X + Y)^2 - Y^2 - X^2) * (2 * Z^2 - (y^2 - X^2))$ + *
    • $Y'' = Y' * T' = (Y^2 + X^2) * (2 * Z^2 - (y^2 - X^2))$ + *
    • $Z'' = Z' * T' = (y^2 - X^2) * (2 * Z^2 - (y^2 - X^2))$ + *

    + * Formula for the $P^2$ representation is in agreement with the formula given in [4] page 12 (with $a = -1$) + * up to a common factor -1 which does not matter: + *

    + * $$ + * B = (X + Y)^2; C = X^2; D = Y^2; E = -C = -X^2; F := E + D = Y^2 - X^2; H = Z^2; J = F − 2 * H; \\ + * X3 = (B − C − D) · J = X' * (-T'); \\ + * Y3 = F · (E − D) = Z' * (-Y'); \\ + * Z3 = F · J = Z' * (-T'). + * $$ + * + * @return The P1P1 representation + */ + public GroupElement dbl() { + switch (this.repr) { + case P2: + case P3: // Ignore T for P3 representation + FieldElement XX, YY, B, A, AA, Yn, Zn; + XX = this.X.square(); + YY = this.Y.square(); + B = this.Z.squareAndDouble(); + A = this.X.add(this.Y); + AA = A.square(); + Yn = YY.add(XX); + Zn = YY.subtract(XX); + return p1p1(this.curve, AA.subtract(Yn), Yn, Zn, B.subtract(Zn)); + default: + throw new UnsupportedOperationException(); + } + } + + /** + * GroupElement addition using the twisted Edwards addition law with + * extended coordinates (Hisil2008). + *

    + * this must be in $P^3$ representation and $q$ in PRECOMP representation. + * $r = p + q$ where $p = this = (X1 : Y1 : Z1 : T1), q = (q.X, q.Y, q.Z) = (Y2/Z2 + X2/Z2, Y2/Z2 - X2/Z2, 2 * d * X2/Z2 * Y2/Z2)$ + *

    + * $r$ in $P \times P$ representation: + *

    + * $r = ((X' : Z'), (Y' : T'))$ where + *

      + *
    • $X' = (Y1 + X1) * q.X - (Y1 - X1) * q.Y = ((Y1 + X1) * (Y2 + X2) - (Y1 - X1) * (Y2 - X2)) * 1/Z2$ + *
    • $Y' = (Y1 + X1) * q.X + (Y1 - X1) * q.Y = ((Y1 + X1) * (Y2 + X2) + (Y1 - X1) * (Y2 - X2)) * 1/Z2$ + *
    • $Z' = 2 * Z1 + T1 * q.Z = 2 * Z1 + T1 * 2 * d * X2 * Y2 * 1/Z2^2 = (2 * Z1 * Z2 + 2 * d * T1 * T2) * 1/Z2$ + *
    • $T' = 2 * Z1 - T1 * q.Z = 2 * Z1 - T1 * 2 * d * X2 * Y2 * 1/Z2^2 = (2 * Z1 * Z2 - 2 * d * T1 * T2) * 1/Z2$ + *

    + * Setting $A = (Y1 - X1) * (Y2 - X2), B = (Y1 + X1) * (Y2 + X2), C = 2 * d * T1 * T2, D = 2 * Z1 * Z2$ we get + *

      + *
    • $X' = (B - A) * 1/Z2$ + *
    • $Y' = (B + A) * 1/Z2$ + *
    • $Z' = (D + C) * 1/Z2$ + *
    • $T' = (D - C) * 1/Z2$ + *

    + * $r$ converted from $P \times P$ to $P^2$ representation: + *

    + * $r = (X'' : Y'' : Z'' : T'')$ where + *

      + *
    • $X'' = X' * Z' = (B - A) * (D + C) * 1/Z2^2$ + *
    • $Y'' = Y' * T' = (B + A) * (D - C) * 1/Z2^2$ + *
    • $Z'' = Z' * T' = (D + C) * (D - C) * 1/Z2^2$ + *
    • $T'' = X' * Y' = (B - A) * (B + A) * 1/Z2^2$ + *

    + * TODO-CR BR: Formula for the $P^2$ representation is not in agreement with the formula given in [2] page 6
    + * TODO-CR BR: (the common factor $1/Z2^2$ does not matter):
    + * $$ + * E = B - A, F = D - C, G = D + C, H = B + A \\ + * X3 = E * F = (B - A) * (D - C); \\ + * Y3 = G * H = (D + C) * (B + A); \\ + * Z3 = F * G = (D - C) * (D + C); \\ + * T3 = E * H = (B - A) * (B + A); + * $$ + * + * @param q the PRECOMP representation of the GroupElement to add. + * @return the P1P1 representation of the result. + */ + private GroupElement madd(GroupElement q) { + if (this.repr != Representation.P3) + throw new UnsupportedOperationException(); + if (q.repr != Representation.PRECOMP) + throw new IllegalArgumentException(); + + FieldElement YpX, YmX, A, B, C, D; + YpX = this.Y.add(this.X); + YmX = this.Y.subtract(this.X); + A = YpX.multiply(q.X); // q->y+x + B = YmX.multiply(q.Y); // q->y-x + C = q.Z.multiply(this.T); // q->2dxy + D = this.Z.add(this.Z); + return p1p1(this.curve, A.subtract(B), A.add(B), D.add(C), D.subtract(C)); + } + + /** + * GroupElement subtraction using the twisted Edwards addition law with + * extended coordinates (Hisil2008). + *

    + * this must be in $P^3$ representation and $q$ in PRECOMP representation. + * $r = p - q$ where $p = this = (X1 : Y1 : Z1 : T1), q = (q.X, q.Y, q.Z) = (Y2/Z2 + X2/Z2, Y2/Z2 - X2/Z2, 2 * d * X2/Z2 * Y2/Z2)$ + *

    + * Negating $q$ means negating the value of $X2$ and $T2$ (the latter is irrelevant here). + * The formula is in accordance to {@link #madd the above addition}. + * + * @param q the PRECOMP representation of the GroupElement to subtract. + * @return the P1P1 representation of the result. + */ + private GroupElement msub(GroupElement q) { + if (this.repr != Representation.P3) + throw new UnsupportedOperationException(); + if (q.repr != Representation.PRECOMP) + throw new IllegalArgumentException(); + + FieldElement YpX, YmX, A, B, C, D; + YpX = this.Y.add(this.X); + YmX = this.Y.subtract(this.X); + A = YpX.multiply(q.Y); // q->y-x + B = YmX.multiply(q.X); // q->y+x + C = q.Z.multiply(this.T); // q->2dxy + D = this.Z.add(this.Z); + return p1p1(this.curve, A.subtract(B), A.add(B), D.subtract(C), D.add(C)); + } + + /** + * GroupElement addition using the twisted Edwards addition law with + * extended coordinates (Hisil2008). + *

    + * this must be in $P^3$ representation and $q$ in CACHED representation. + * $r = p + q$ where $p = this = (X1 : Y1 : Z1 : T1), q = (q.X, q.Y, q.Z, q.T) = (Y2 + X2, Y2 - X2, Z2, 2 * d * T2)$ + *

    + * $r$ in $P \times P$ representation: + *

      + *
    • $X' = (Y1 + X1) * (Y2 + X2) - (Y1 - X1) * (Y2 - X2)$ + *
    • $Y' = (Y1 + X1) * (Y2 + X2) + (Y1 - X1) * (Y2 - X2)$ + *
    • $Z' = 2 * Z1 * Z2 + 2 * d * T1 * T2$ + *
    • $T' = 2 * Z1 * T2 - 2 * d * T1 * T2$ + *

    + * Setting $A = (Y1 - X1) * (Y2 - X2), B = (Y1 + X1) * (Y2 + X2), C = 2 * d * T1 * T2, D = 2 * Z1 * Z2$ we get + *

      + *
    • $X' = (B - A)$ + *
    • $Y' = (B + A)$ + *
    • $Z' = (D + C)$ + *
    • $T' = (D - C)$ + *

    + * Same result as in {@link #madd} (up to a common factor which does not matter). + * + * @param q the CACHED representation of the GroupElement to add. + * @return the P1P1 representation of the result. + */ + public GroupElement add(GroupElement q) { + if (this.repr != Representation.P3) + throw new UnsupportedOperationException(); + if (q.repr != Representation.CACHED) + throw new IllegalArgumentException(); + + FieldElement YpX, YmX, A, B, C, ZZ, D; + YpX = this.Y.add(this.X); + YmX = this.Y.subtract(this.X); + A = YpX.multiply(q.X); // q->Y+X + B = YmX.multiply(q.Y); // q->Y-X + C = q.T.multiply(this.T); // q->2dT + ZZ = this.Z.multiply(q.Z); + D = ZZ.add(ZZ); + return p1p1(this.curve, A.subtract(B), A.add(B), D.add(C), D.subtract(C)); + } + + /** + * GroupElement subtraction using the twisted Edwards addition law with + * extended coordinates (Hisil2008). + *

    + * $r = p - q$ + *

    + * Negating $q$ means negating the value of the coordinate $X2$ and $T2$. + * The formula is in accordance to {@link #add the above addition}. + * + * @param q the PRECOMP representation of the GroupElement to subtract. + * @return the P1P1 representation of the result. + */ + public GroupElement sub(GroupElement q) { + if (this.repr != Representation.P3) + throw new UnsupportedOperationException(); + if (q.repr != Representation.CACHED) + throw new IllegalArgumentException(); + + FieldElement YpX, YmX, A, B, C, ZZ, D; + YpX = Y.add(X); + YmX = Y.subtract(X); + A = YpX.multiply(q.Y); // q->Y-X + B = YmX.multiply(q.X); // q->Y+X + C = q.T.multiply(T); // q->2dT + ZZ = Z.multiply(q.Z); + D = ZZ.add(ZZ); + return p1p1(curve, A.subtract(B), A.add(B), D.subtract(C), D.add(C)); + } + + /** + * Negates this group element by subtracting it from the neutral group element. + *

    + * TODO-CR BR: why not simply negate the coordinates $X$ and $T$? + * + * @return The negative of this group element. + */ + public GroupElement negate() { + if (this.repr != Representation.P3) + throw new UnsupportedOperationException(); + return this.curve.getZero(Representation.P3).sub(toCached()).toP3(); + } + + @Override + public int hashCode() { + return Arrays.hashCode(this.toByteArray()); + } + + @Override + public boolean equals(Object obj) { + if (obj == this) + return true; + if (!(obj instanceof GroupElement)) + return false; + GroupElement ge = (GroupElement) obj; + if (!this.repr.equals(ge.repr)) { + try { + ge = ge.toRep(this.repr); + } catch (RuntimeException e) { + return false; + } + } + switch (this.repr) { + case P2: + case P3: + // Try easy way first + if (this.Z.equals(ge.Z)) + return this.X.equals(ge.X) && this.Y.equals(ge.Y); + // X1/Z1 = X2/Z2 --> X1*Z2 = X2*Z1 + final FieldElement x1 = this.X.multiply(ge.Z); + final FieldElement y1 = this.Y.multiply(ge.Z); + final FieldElement x2 = ge.X.multiply(this.Z); + final FieldElement y2 = ge.Y.multiply(this.Z); + return x1.equals(x2) && y1.equals(y2); + case P1P1: + return toP2().equals(ge); + case PRECOMP: + // Compare directly, PRECOMP is derived directly from x and y + return this.X.equals(ge.X) && this.Y.equals(ge.Y) && this.Z.equals(ge.Z); + case CACHED: + // Try easy way first + if (this.Z.equals(ge.Z)) + return this.X.equals(ge.X) && this.Y.equals(ge.Y) && this.T.equals(ge.T); + // (Y+X)/Z = y+x etc. + final FieldElement x3 = this.X.multiply(ge.Z); + final FieldElement y3 = this.Y.multiply(ge.Z); + final FieldElement t3 = this.T.multiply(ge.Z); + final FieldElement x4 = ge.X.multiply(this.Z); + final FieldElement y4 = ge.Y.multiply(this.Z); + final FieldElement t4 = ge.T.multiply(this.Z); + return x3.equals(x4) && y3.equals(y4) && t3.equals(t4); + default: + return false; + } + } + + /** + * Constant-time conditional move. + *

    + * Replaces this with $u$ if $b == 1$.
    + * Replaces this with this if $b == 0$. + *

    + * Method is package private only so that tests run. + * + * @param u The group element to return if $b == 1$. + * @param b in $\{0, 1\}$ + * @return $u$ if $b == 1$; this if $b == 0$. Results undefined if $b$ is not in $\{0, 1\}$. + */ + GroupElement cmov(final GroupElement u, final int b) { + return precomp(curve, X.cmov(u.X, b), Y.cmov(u.Y, b), Z.cmov(u.Z, b)); + } + + /** + * Look up $16^i r_i B$ in the precomputed table. + *

    + * No secret array indices, no secret branching. + * Constant time. + *

    + * Must have previously precomputed. + *

    + * Method is package private only so that tests run. + * + * @param pos $= i/2$ for $i$ in $\{0, 2, 4,..., 62\}$ + * @param b $= r_i$ + * @return the GroupElement + */ + GroupElement select(final int pos, final int b) { + // Is r_i negative? + final int bnegative = Utils.negative(b); + // |r_i| + final int babs = b - (((-bnegative) & b) << 1); + + // 16^i |r_i| B + final GroupElement t = this.curve.getZero(Representation.PRECOMP) + .cmov(this.precmp[pos][0], Utils.equal(babs, 1)) + .cmov(this.precmp[pos][1], Utils.equal(babs, 2)) + .cmov(this.precmp[pos][2], Utils.equal(babs, 3)) + .cmov(this.precmp[pos][3], Utils.equal(babs, 4)) + .cmov(this.precmp[pos][4], Utils.equal(babs, 5)) + .cmov(this.precmp[pos][5], Utils.equal(babs, 6)) + .cmov(this.precmp[pos][6], Utils.equal(babs, 7)) + .cmov(this.precmp[pos][7], Utils.equal(babs, 8)); + // -16^i |r_i| B + final GroupElement tminus = precomp(curve, t.Y, t.X, t.Z.negate()); + // 16^i r_i B + return t.cmov(tminus, bnegative); + } + + /** + * $h = a * B$ where $a = a[0]+256*a[1]+\dots+256^{31} a[31]$ and + * $B$ is this point. If its lookup table has not been precomputed, it + * will be at the start of the method (and cached for later calls). + * Constant time. + *

    + * Preconditions: (TODO: Check this applies here) + * $a[31] \le 127$ + * + * @param a $= a[0]+256*a[1]+\dots+256^{31} a[31]$ + * @return the GroupElement + */ + public GroupElement scalarMultiply(final byte[] a) { + GroupElement t; + int i; + + final byte[] e = toRadix16(a); + + GroupElement h = this.curve.getZero(Representation.P3); + synchronized (this) { + // TODO: Get opinion from a crypto professional. + // This should in practice never be necessary, the only point that + // this should get called on is EdDSA's B. + //precompute(); + for (i = 1; i < 64; i += 2) { + t = select(i / 2, e[i]); + h = h.madd(t).toP3(); + } + + h = h.dbl().toP2().dbl().toP2().dbl().toP2().dbl().toP3(); + + for (i = 0; i < 64; i += 2) { + t = select(i / 2, e[i]); + h = h.madd(t).toP3(); + } + } + + return h; + } + + /** + * $r = a * A + b * B$ where $a = a[0]+256*a[1]+\dots+256^{31} a[31]$, + * $b = b[0]+256*b[1]+\dots+256^{31} b[31]$ and $B$ is this point. + *

    + * $A$ must have been previously precomputed. + * + * @param A in P3 representation. + * @param a $= a[0]+256*a[1]+\dots+256^{31} a[31]$ + * @param b $= b[0]+256*b[1]+\dots+256^{31} b[31]$ + * @return the GroupElement + */ + public GroupElement doubleScalarMultiplyVariableTime(final GroupElement A, final byte[] a, final byte[] b) { + // TODO-CR BR: A check that this is the base point is needed. + final byte[] aslide = slide(a); + final byte[] bslide = slide(b); + + GroupElement r = this.curve.getZero(Representation.P2); + + int i; + for (i = 255; i >= 0; --i) { + if (aslide[i] != 0 || bslide[i] != 0) break; + } + + synchronized (this) { + // TODO-CR BR strange comment below. + // TODO: Get opinion from a crypto professional. + // This should in practice never be necessary, the only point that + // this should get called on is EdDSA's B. + //precompute(); + for (; i >= 0; --i) { + GroupElement t = r.dbl(); + + if (aslide[i] > 0) { + t = t.toP3().madd(A.dblPrecmp[aslide[i] / 2]); + } else if (aslide[i] < 0) { + t = t.toP3().msub(A.dblPrecmp[(-aslide[i]) / 2]); + } + + if (bslide[i] > 0) { + t = t.toP3().madd(this.dblPrecmp[bslide[i] / 2]); + } else if (bslide[i] < 0) { + t = t.toP3().msub(this.dblPrecmp[(-bslide[i]) / 2]); + } + + r = t.toP2(); + } + } + + return r; + } + + /** + * Verify that a point is on its curve. + * + * @return true if the point lies on its curve. + */ + public boolean isOnCurve() { + return isOnCurve(curve); + } + + /** + * Verify that a point is on the curve. + * + * @param curve The curve to check. + * @return true if the point lies on the curve. + */ + public boolean isOnCurve(Curve curve) { + switch (repr) { + case P2: + case P3: + FieldElement recip = Z.invert(); + FieldElement x = X.multiply(recip); + FieldElement y = Y.multiply(recip); + FieldElement xx = x.square(); + FieldElement yy = y.square(); + FieldElement dxxyy = curve.getD().multiply(xx).multiply(yy); + return curve.getField().ONE.add(dxxyy).add(xx).equals(yy); + + default: + return toP2().isOnCurve(curve); + } + } + + @Override + public String toString() { + return "[GroupElement\nX=" + X + "\nY=" + Y + "\nZ=" + Z + "\nT=" + T + "\n]"; + } + + /** + * Available representations for a group element. + *

      + *
    • P2: Projective representation $(X:Y:Z)$ satisfying $x=X/Z, y=Y/Z$. + *
    • P3: Extended projective representation $(X:Y:Z:T)$ satisfying $x=X/Z, y=Y/Z, XY=ZT$. + *
    • P1P1: Completed representation $((X:Z), (Y:T))$ satisfying $x=X/Z, y=Y/T$. + *
    • PRECOMP: Precomputed representation $(y+x, y-x, 2dxy)$. + *
    • CACHED: Cached representation $(Y+X, Y-X, Z, 2dT)$ + *
    + */ + public enum Representation { + /** + * Projective ($P^2$): $(X:Y:Z)$ satisfying $x=X/Z, y=Y/Z$ + */ + P2, + /** + * Extended ($P^3$): $(X:Y:Z:T)$ satisfying $x=X/Z, y=Y/Z, XY=ZT$ + */ + P3, + /** + * Completed ($P \times P$): $((X:Z),(Y:T))$ satisfying $x=X/Z, y=Y/T$ + */ + P1P1, + /** + * Precomputed (Duif): $(y+x,y-x,2dxy)$ + */ + PRECOMP, + /** + * Cached: $(Y+X,Y-X,Z,2dT)$ + */ + CACHED + } +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/ScalarOps.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/ScalarOps.java new file mode 100644 index 0000000..256deb8 --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/ScalarOps.java @@ -0,0 +1,27 @@ +package org.xbib.io.sshd.eddsa.math; + +/** + * + */ +public interface ScalarOps { + /** + * Reduce the given scalar mod $l$. + * From the Ed25519 paper: + * Here we interpret $2b$-bit strings in little-endian form as integers in + * $\{0, 1,..., 2^{(2b)}-1\}$. + * + * @param s the scalar to reduce + * @return $s \bmod l$ + */ + byte[] reduce(byte[] s); + + /** + * $r = (a * b + c) \bmod l$ + * + * @param a a scalar + * @param b a scalar + * @param c a scalar + * @return $(a*b + c) \bmod l$ + */ + byte[] multiplyAndAdd(byte[] a, byte[] b, byte[] c); +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/bigint/BigIntegerFieldElement.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/bigint/BigIntegerFieldElement.java new file mode 100644 index 0000000..4105377 --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/bigint/BigIntegerFieldElement.java @@ -0,0 +1,118 @@ +package org.xbib.io.sshd.eddsa.math.bigint; + +import org.xbib.io.sshd.eddsa.math.Field; +import org.xbib.io.sshd.eddsa.math.FieldElement; + +import java.io.Serializable; +import java.math.BigInteger; + +/** + * A particular element of the field \Z/(2^255-19). + */ +public class BigIntegerFieldElement extends FieldElement implements Serializable { + private static final long serialVersionUID = 4890398908392808L; + /** + * Variable is package private for encoding. + */ + final BigInteger bi; + + public BigIntegerFieldElement(Field f, BigInteger bi) { + super(f); + this.bi = bi; + } + + public boolean isNonZero() { + return !bi.equals(BigInteger.ZERO); + } + + public FieldElement add(FieldElement val) { + return new BigIntegerFieldElement(f, bi.add(((BigIntegerFieldElement) val).bi)).mod(f.getQ()); + } + + @Override + public FieldElement addOne() { + return new BigIntegerFieldElement(f, bi.add(BigInteger.ONE)).mod(f.getQ()); + } + + public FieldElement subtract(FieldElement val) { + return new BigIntegerFieldElement(f, bi.subtract(((BigIntegerFieldElement) val).bi)).mod(f.getQ()); + } + + @Override + public FieldElement subtractOne() { + return new BigIntegerFieldElement(f, bi.subtract(BigInteger.ONE)).mod(f.getQ()); + } + + public FieldElement negate() { + return f.getQ().subtract(this); + } + + @Override + public FieldElement divide(FieldElement val) { + return divide(((BigIntegerFieldElement) val).bi); + } + + public FieldElement divide(BigInteger val) { + return new BigIntegerFieldElement(f, bi.divide(val)).mod(f.getQ()); + } + + public FieldElement multiply(FieldElement val) { + return new BigIntegerFieldElement(f, bi.multiply(((BigIntegerFieldElement) val).bi)).mod(f.getQ()); + } + + public FieldElement square() { + return multiply(this); + } + + public FieldElement squareAndDouble() { + FieldElement sq = square(); + return sq.add(sq); + } + + public FieldElement invert() { + // Euler's theorem + //return modPow(f.getQm2(), f.getQ()); + return new BigIntegerFieldElement(f, bi.modInverse(((BigIntegerFieldElement) f.getQ()).bi)); + } + + public FieldElement mod(FieldElement m) { + return new BigIntegerFieldElement(f, bi.mod(((BigIntegerFieldElement) m).bi)); + } + + public FieldElement modPow(FieldElement e, FieldElement m) { + return new BigIntegerFieldElement(f, bi.modPow(((BigIntegerFieldElement) e).bi, ((BigIntegerFieldElement) m).bi)); + } + + public FieldElement pow(FieldElement e) { + return modPow(e, f.getQ()); + } + + public FieldElement pow22523() { + return pow(f.getQm5d8()); + } + + @Override + public FieldElement cmov(FieldElement val, int b) { + // Not constant-time, but it doesn't really matter because none of the underlying BigInteger operations + // are either, so there's not much point in trying hard here ... + return b == 0 ? this : val; + } + + @Override + public int hashCode() { + return bi.hashCode(); + } + + @Override + public boolean equals(Object obj) { + if (!(obj instanceof BigIntegerFieldElement)) + return false; + BigIntegerFieldElement fe = (BigIntegerFieldElement) obj; + return bi.equals(fe.bi); + } + + @Override + public String toString() { + return "[BigIntegerFieldElement val=" + bi + "]"; + } +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/bigint/BigIntegerLittleEndianEncoding.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/bigint/BigIntegerLittleEndianEncoding.java new file mode 100644 index 0000000..5d46c38 --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/bigint/BigIntegerLittleEndianEncoding.java @@ -0,0 +1,95 @@ +package org.xbib.io.sshd.eddsa.math.bigint; + +import org.xbib.io.sshd.eddsa.math.Encoding; +import org.xbib.io.sshd.eddsa.math.Field; +import org.xbib.io.sshd.eddsa.math.FieldElement; + +import java.io.Serializable; +import java.math.BigInteger; + +/** + * + */ +public class BigIntegerLittleEndianEncoding extends Encoding implements Serializable { + private static final long serialVersionUID = 3984579843759837L; + /** + * Mask where only the first b-1 bits are set. + */ + private BigInteger mask; + + @Override + public synchronized void setField(Field f) { + super.setField(f); + mask = BigInteger.ONE.shiftLeft(f.getb() - 1).subtract(BigInteger.ONE); + } + + public byte[] encode(FieldElement x) { + return encode(((BigIntegerFieldElement) x).bi.and(mask)); + } + + /** + * Convert $x$ to little endian. + * Constant time. + * + * @param x the BigInteger value to encode + * @return array of length $b/8$ + * @throws IllegalStateException if field not set + */ + public byte[] encode(BigInteger x) { + if (f == null) + throw new IllegalStateException("field not set"); + byte[] in = x.toByteArray(); + byte[] out = new byte[f.getb() / 8]; + for (int i = 0; i < in.length; i++) { + out[i] = in[in.length - 1 - i]; + } + for (int i = in.length; i < out.length; i++) { + out[i] = 0; + } + return out; + } + + /** + * Decode a FieldElement from its $(b-1)$-bit encoding. + * The highest bit is masked out. + * + * @param in the $(b-1)$-bit encoding of a FieldElement. + * @return the FieldElement represented by 'val'. + * @throws IllegalStateException if field not set + * @throws IllegalArgumentException if encoding is invalid + */ + public FieldElement decode(byte[] in) { + if (f == null) + throw new IllegalStateException("field not set"); + if (in.length != f.getb() / 8) + throw new IllegalArgumentException("Not a valid encoding"); + return new BigIntegerFieldElement(f, toBigInteger(in).and(mask)); + } + + /** + * Convert in to big endian + * + * @param in the $(b-1)$-bit encoding of a FieldElement. + * @return the decoded value as a BigInteger + */ + public BigInteger toBigInteger(byte[] in) { + byte[] out = new byte[in.length]; + for (int i = 0; i < in.length; i++) { + out[i] = in[in.length - 1 - i]; + } + return new BigInteger(1, out); + } + + /** + * From the Ed25519 paper:
    + * $x$ is negative if the $(b-1)$-bit encoding of $x$ is lexicographically larger + * than the $(b-1)$-bit encoding of $-x$. If $q$ is an odd prime and the encoding + * is the little-endian representation of $\{0, 1,\dots, q-1\}$ then the negative + * elements of $F_q$ are $\{1, 3, 5,\dots, q-2\}$. + * + * @return true if negative + */ + public boolean isNegative(FieldElement x) { + return ((BigIntegerFieldElement) x).bi.testBit(0); + } +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/bigint/BigIntegerScalarOps.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/bigint/BigIntegerScalarOps.java new file mode 100644 index 0000000..ced27dd --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/bigint/BigIntegerScalarOps.java @@ -0,0 +1,36 @@ +/** + * EdDSA-Java by str4d + *

    + * To the extent possible under law, the person who associated CC0 with + * EdDSA-Java has waived all copyright and related or neighboring rights + * to EdDSA-Java. + *

    + * You should have received a copy of the CC0 legalcode along with this + * work. If not, see . + */ +package org.xbib.io.sshd.eddsa.math.bigint; + +import org.xbib.io.sshd.eddsa.math.Field; +import org.xbib.io.sshd.eddsa.math.ScalarOps; + +import java.math.BigInteger; + +public class BigIntegerScalarOps implements ScalarOps { + private final BigInteger l; + private final BigIntegerLittleEndianEncoding enc; + + public BigIntegerScalarOps(Field f, BigInteger l) { + this.l = l; + enc = new BigIntegerLittleEndianEncoding(); + enc.setField(f); + } + + public byte[] reduce(byte[] s) { + return enc.encode(enc.toBigInteger(s).mod(l)); + } + + public byte[] multiplyAndAdd(byte[] a, byte[] b, byte[] c) { + return enc.encode(enc.toBigInteger(a).multiply(enc.toBigInteger(b)).add(enc.toBigInteger(c)).mod(l)); + } + +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/bigint/package-info.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/bigint/package-info.java new file mode 100644 index 0000000..85f4521 --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/bigint/package-info.java @@ -0,0 +1,4 @@ +/** + * Low-level, non-optimized implementation using BigIntegers for any curve. + */ +package org.xbib.io.sshd.eddsa.math.bigint; \ No newline at end of file diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/ed25519/Ed25519FieldElement.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/ed25519/Ed25519FieldElement.java new file mode 100644 index 0000000..19466da --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/ed25519/Ed25519FieldElement.java @@ -0,0 +1,1046 @@ +package org.xbib.io.sshd.eddsa.math.ed25519; + +import org.xbib.io.sshd.eddsa.Utils; +import org.xbib.io.sshd.eddsa.math.Field; +import org.xbib.io.sshd.eddsa.math.FieldElement; + +import java.util.Arrays; + +/** + * Class to represent a field element of the finite field $p = 2^{255} - 19$ elements. + * An element $t$, entries $t[0] \dots t[9]$, represents the integer + * $t[0]+2^{26} t[1]+2^{51} t[2]+2^{77} t[3]+2^{102} t[4]+\dots+2^{230} t[9]$. + * Bounds on each $t[i]$ vary depending on context. + */ +public class Ed25519FieldElement extends FieldElement { + private static final byte[] ZERO = new byte[32]; + /** + * Variable is package private for encoding. + */ + final int[] t; + + /** + * Creates a field element. + * + * @param f The underlying field, must be the finite field with $p = 2^{255} - 19$ elements + * @param t The $2^{25.5}$ bit representation of the field element. + */ + public Ed25519FieldElement(Field f, int[] t) { + super(f); + if (t.length != 10) + throw new IllegalArgumentException("Invalid radix-2^51 representation"); + this.t = t; + } + + /** + * Gets a value indicating whether or not the field element is non-zero. + * + * @return 1 if it is non-zero, 0 otherwise. + */ + public boolean isNonZero() { + final byte[] s = toByteArray(); + return Utils.equal(s, ZERO) == 0; + } + + /** + * $h = f + g$ + *

    + * TODO-CR BR: $h$ is allocated via new, probably not a good idea. Do we need the copying into temp variables if we do that? + *

    + * Preconditions: + *

      + *
    • $|f|$ bounded by $1.1*2^{25},1.1*2^{24},1.1*2^{25},1.1*2^{24},$ etc. + *
    • $|g|$ bounded by $1.1*2^{25},1.1*2^{24},1.1*2^{25},1.1*2^{24},$ etc. + *

    + * Postconditions: + *

      + *
    • $|h|$ bounded by $1.1*2^{26},1.1*2^{25},1.1*2^{26},1.1*2^{25},$ etc. + *
    + * + * @param val The field element to add. + * @return The field element this + val. + */ + public FieldElement add(FieldElement val) { + int[] g = ((Ed25519FieldElement) val).t; + int[] h = new int[10]; + for (int i = 0; i < 10; i++) { + h[i] = t[i] + g[i]; + } + return new Ed25519FieldElement(f, h); + } + + /** + * $h = f - g$ + *

    + * Can overlap $h$ with $f$ or $g$. + *

    + * TODO-CR BR: See above. + *

    + * Preconditions: + *

      + *
    • $|f|$ bounded by $1.1*2^{25},1.1*2^{24},1.1*2^{25},1.1*2^{24},$ etc. + *
    • $|g|$ bounded by $1.1*2^{25},1.1*2^{24},1.1*2^{25},1.1*2^{24},$ etc. + *

    + * Postconditions: + *

      + *
    • $|h|$ bounded by $1.1*2^{26},1.1*2^{25},1.1*2^{26},1.1*2^{25},$ etc. + *
    + * + * @param val The field element to subtract. + * @return The field element this - val. + **/ + public FieldElement subtract(FieldElement val) { + int[] g = ((Ed25519FieldElement) val).t; + int[] h = new int[10]; + for (int i = 0; i < 10; i++) { + h[i] = t[i] - g[i]; + } + return new Ed25519FieldElement(f, h); + } + + /** + * $h = -f$ + *

    + * TODO-CR BR: see above. + *

    + * Preconditions: + *

      + *
    • $|f|$ bounded by $1.1*2^{25},1.1*2^{24},1.1*2^{25},1.1*2^{24},$ etc. + *

    + * Postconditions: + *

      + *
    • $|h|$ bounded by $1.1*2^{25},1.1*2^{24},1.1*2^{25},1.1*2^{24},$ etc. + *
    + * + * @return The field element (-1) * this. + */ + public FieldElement negate() { + int[] h = new int[10]; + for (int i = 0; i < 10; i++) { + h[i] = -t[i]; + } + return new Ed25519FieldElement(f, h); + } + + /** + * $h = f * g$ + *

    + * Can overlap $h$ with $f$ or $g$. + *

    + * Preconditions: + *

      + *
    • $|f|$ bounded by + * $1.65*2^{26},1.65*2^{25},1.65*2^{26},1.65*2^{25},$ etc. + *
    • $|g|$ bounded by + * $1.65*2^{26},1.65*2^{25},1.65*2^{26},1.65*2^{25},$ etc. + *

    + * Postconditions: + *

      + *
    • $|h|$ bounded by + * $1.01*2^{25},1.01*2^{24},1.01*2^{25},1.01*2^{24},$ etc. + *

    + * Notes on implementation strategy: + *

    + * Using schoolbook multiplication. Karatsuba would save a little in some + * cost models. + *

    + * Most multiplications by 2 and 19 are 32-bit precomputations; cheaper than + * 64-bit postcomputations. + *

    + * There is one remaining multiplication by 19 in the carry chain; one *19 + * precomputation can be merged into this, but the resulting data flow is + * considerably less clean. + *

    + * There are 12 carries below. 10 of them are 2-way parallelizable and + * vectorizable. Can get away with 11 carries, but then data flow is much + * deeper. + *

    + * With tighter constraints on inputs can squeeze carries into int32. + * + * @param val The field element to multiply. + * @return The (reasonably reduced) field element this * val. + */ + public FieldElement multiply(FieldElement val) { + int[] g = ((Ed25519FieldElement) val).t; + int g1_19 = 19 * g[1]; /* 1.959375*2^29 */ + int g2_19 = 19 * g[2]; /* 1.959375*2^30; still ok */ + int g3_19 = 19 * g[3]; + int g4_19 = 19 * g[4]; + int g5_19 = 19 * g[5]; + int g6_19 = 19 * g[6]; + int g7_19 = 19 * g[7]; + int g8_19 = 19 * g[8]; + int g9_19 = 19 * g[9]; + int f1_2 = 2 * t[1]; + int f3_2 = 2 * t[3]; + int f5_2 = 2 * t[5]; + int f7_2 = 2 * t[7]; + int f9_2 = 2 * t[9]; + long f0g0 = t[0] * (long) g[0]; + long f0g1 = t[0] * (long) g[1]; + long f0g2 = t[0] * (long) g[2]; + long f0g3 = t[0] * (long) g[3]; + long f0g4 = t[0] * (long) g[4]; + long f0g5 = t[0] * (long) g[5]; + long f0g6 = t[0] * (long) g[6]; + long f0g7 = t[0] * (long) g[7]; + long f0g8 = t[0] * (long) g[8]; + long f0g9 = t[0] * (long) g[9]; + long f1g0 = t[1] * (long) g[0]; + long f1g1_2 = f1_2 * (long) g[1]; + long f1g2 = t[1] * (long) g[2]; + long f1g3_2 = f1_2 * (long) g[3]; + long f1g4 = t[1] * (long) g[4]; + long f1g5_2 = f1_2 * (long) g[5]; + long f1g6 = t[1] * (long) g[6]; + long f1g7_2 = f1_2 * (long) g[7]; + long f1g8 = t[1] * (long) g[8]; + long f1g9_38 = f1_2 * (long) g9_19; + long f2g0 = t[2] * (long) g[0]; + long f2g1 = t[2] * (long) g[1]; + long f2g2 = t[2] * (long) g[2]; + long f2g3 = t[2] * (long) g[3]; + long f2g4 = t[2] * (long) g[4]; + long f2g5 = t[2] * (long) g[5]; + long f2g6 = t[2] * (long) g[6]; + long f2g7 = t[2] * (long) g[7]; + long f2g8_19 = t[2] * (long) g8_19; + long f2g9_19 = t[2] * (long) g9_19; + long f3g0 = t[3] * (long) g[0]; + long f3g1_2 = f3_2 * (long) g[1]; + long f3g2 = t[3] * (long) g[2]; + long f3g3_2 = f3_2 * (long) g[3]; + long f3g4 = t[3] * (long) g[4]; + long f3g5_2 = f3_2 * (long) g[5]; + long f3g6 = t[3] * (long) g[6]; + long f3g7_38 = f3_2 * (long) g7_19; + long f3g8_19 = t[3] * (long) g8_19; + long f3g9_38 = f3_2 * (long) g9_19; + long f4g0 = t[4] * (long) g[0]; + long f4g1 = t[4] * (long) g[1]; + long f4g2 = t[4] * (long) g[2]; + long f4g3 = t[4] * (long) g[3]; + long f4g4 = t[4] * (long) g[4]; + long f4g5 = t[4] * (long) g[5]; + long f4g6_19 = t[4] * (long) g6_19; + long f4g7_19 = t[4] * (long) g7_19; + long f4g8_19 = t[4] * (long) g8_19; + long f4g9_19 = t[4] * (long) g9_19; + long f5g0 = t[5] * (long) g[0]; + long f5g1_2 = f5_2 * (long) g[1]; + long f5g2 = t[5] * (long) g[2]; + long f5g3_2 = f5_2 * (long) g[3]; + long f5g4 = t[5] * (long) g[4]; + long f5g5_38 = f5_2 * (long) g5_19; + long f5g6_19 = t[5] * (long) g6_19; + long f5g7_38 = f5_2 * (long) g7_19; + long f5g8_19 = t[5] * (long) g8_19; + long f5g9_38 = f5_2 * (long) g9_19; + long f6g0 = t[6] * (long) g[0]; + long f6g1 = t[6] * (long) g[1]; + long f6g2 = t[6] * (long) g[2]; + long f6g3 = t[6] * (long) g[3]; + long f6g4_19 = t[6] * (long) g4_19; + long f6g5_19 = t[6] * (long) g5_19; + long f6g6_19 = t[6] * (long) g6_19; + long f6g7_19 = t[6] * (long) g7_19; + long f6g8_19 = t[6] * (long) g8_19; + long f6g9_19 = t[6] * (long) g9_19; + long f7g0 = t[7] * (long) g[0]; + long f7g1_2 = f7_2 * (long) g[1]; + long f7g2 = t[7] * (long) g[2]; + long f7g3_38 = f7_2 * (long) g3_19; + long f7g4_19 = t[7] * (long) g4_19; + long f7g5_38 = f7_2 * (long) g5_19; + long f7g6_19 = t[7] * (long) g6_19; + long f7g7_38 = f7_2 * (long) g7_19; + long f7g8_19 = t[7] * (long) g8_19; + long f7g9_38 = f7_2 * (long) g9_19; + long f8g0 = t[8] * (long) g[0]; + long f8g1 = t[8] * (long) g[1]; + long f8g2_19 = t[8] * (long) g2_19; + long f8g3_19 = t[8] * (long) g3_19; + long f8g4_19 = t[8] * (long) g4_19; + long f8g5_19 = t[8] * (long) g5_19; + long f8g6_19 = t[8] * (long) g6_19; + long f8g7_19 = t[8] * (long) g7_19; + long f8g8_19 = t[8] * (long) g8_19; + long f8g9_19 = t[8] * (long) g9_19; + long f9g0 = t[9] * (long) g[0]; + long f9g1_38 = f9_2 * (long) g1_19; + long f9g2_19 = t[9] * (long) g2_19; + long f9g3_38 = f9_2 * (long) g3_19; + long f9g4_19 = t[9] * (long) g4_19; + long f9g5_38 = f9_2 * (long) g5_19; + long f9g6_19 = t[9] * (long) g6_19; + long f9g7_38 = f9_2 * (long) g7_19; + long f9g8_19 = t[9] * (long) g8_19; + long f9g9_38 = f9_2 * (long) g9_19; + + /** + * Remember: 2^255 congruent 19 modulo p. + * h = h0 * 2^0 + h1 * 2^26 + h2 * 2^(26+25) + h3 * 2^(26+25+26) + ... + h9 * 2^(5*26+5*25). + * So to get the real number we would have to multiply the coefficients with the corresponding powers of 2. + * To get an idea what is going on below, look at the calculation of h0: + * h0 is the coefficient to the power 2^0 so it collects (sums) all products that have the power 2^0. + * f0 * g0 really is f0 * 2^0 * g0 * 2^0 = (f0 * g0) * 2^0. + * f1 * g9 really is f1 * 2^26 * g9 * 2^230 = f1 * g9 * 2^256 = 2 * f1 * g9 * 2^255 congruent 2 * 19 * f1 * g9 * 2^0 modulo p. + * f2 * g8 really is f2 * 2^51 * g8 * 2^204 = f2 * g8 * 2^255 congruent 19 * f2 * g8 * 2^0 modulo p. + * and so on... + */ + long h0 = f0g0 + f1g9_38 + f2g8_19 + f3g7_38 + f4g6_19 + f5g5_38 + f6g4_19 + f7g3_38 + f8g2_19 + f9g1_38; + long h1 = f0g1 + f1g0 + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 + f7g4_19 + f8g3_19 + f9g2_19; + long h2 = f0g2 + f1g1_2 + f2g0 + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 + f7g5_38 + f8g4_19 + f9g3_38; + long h3 = f0g3 + f1g2 + f2g1 + f3g0 + f4g9_19 + f5g8_19 + f6g7_19 + f7g6_19 + f8g5_19 + f9g4_19; + long h4 = f0g4 + f1g3_2 + f2g2 + f3g1_2 + f4g0 + f5g9_38 + f6g8_19 + f7g7_38 + f8g6_19 + f9g5_38; + long h5 = f0g5 + f1g4 + f2g3 + f3g2 + f4g1 + f5g0 + f6g9_19 + f7g8_19 + f8g7_19 + f9g6_19; + long h6 = f0g6 + f1g5_2 + f2g4 + f3g3_2 + f4g2 + f5g1_2 + f6g0 + f7g9_38 + f8g8_19 + f9g7_38; + long h7 = f0g7 + f1g6 + f2g5 + f3g4 + f4g3 + f5g2 + f6g1 + f7g0 + f8g9_19 + f9g8_19; + long h8 = f0g8 + f1g7_2 + f2g6 + f3g5_2 + f4g4 + f5g3_2 + f6g2 + f7g1_2 + f8g0 + f9g9_38; + long h9 = f0g9 + f1g8 + f2g7 + f3g6 + f4g5 + f5g4 + f6g3 + f7g2 + f8g1 + f9g0; + long carry0; + long carry1; + long carry2; + long carry3; + long carry4; + long carry5; + long carry6; + long carry7; + long carry8; + long carry9; + + /* + |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38)) + i.e. |h0| <= 1.4*2^60; narrower ranges for h2, h4, h6, h8 + |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19)) + i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9 + */ + + carry0 = (h0 + (long) (1 << 25)) >> 26; + h1 += carry0; + h0 -= carry0 << 26; + carry4 = (h4 + (long) (1 << 25)) >> 26; + h5 += carry4; + h4 -= carry4 << 26; + /* |h0| <= 2^25 */ + /* |h4| <= 2^25 */ + /* |h1| <= 1.71*2^59 */ + /* |h5| <= 1.71*2^59 */ + + carry1 = (h1 + (long) (1 << 24)) >> 25; + h2 += carry1; + h1 -= carry1 << 25; + carry5 = (h5 + (long) (1 << 24)) >> 25; + h6 += carry5; + h5 -= carry5 << 25; + /* |h1| <= 2^24; from now on fits into int32 */ + /* |h5| <= 2^24; from now on fits into int32 */ + /* |h2| <= 1.41*2^60 */ + /* |h6| <= 1.41*2^60 */ + + carry2 = (h2 + (long) (1 << 25)) >> 26; + h3 += carry2; + h2 -= carry2 << 26; + carry6 = (h6 + (long) (1 << 25)) >> 26; + h7 += carry6; + h6 -= carry6 << 26; + /* |h2| <= 2^25; from now on fits into int32 unchanged */ + /* |h6| <= 2^25; from now on fits into int32 unchanged */ + /* |h3| <= 1.71*2^59 */ + /* |h7| <= 1.71*2^59 */ + + carry3 = (h3 + (long) (1 << 24)) >> 25; + h4 += carry3; + h3 -= carry3 << 25; + carry7 = (h7 + (long) (1 << 24)) >> 25; + h8 += carry7; + h7 -= carry7 << 25; + /* |h3| <= 2^24; from now on fits into int32 unchanged */ + /* |h7| <= 2^24; from now on fits into int32 unchanged */ + /* |h4| <= 1.72*2^34 */ + /* |h8| <= 1.41*2^60 */ + + carry4 = (h4 + (long) (1 << 25)) >> 26; + h5 += carry4; + h4 -= carry4 << 26; + carry8 = (h8 + (long) (1 << 25)) >> 26; + h9 += carry8; + h8 -= carry8 << 26; + /* |h4| <= 2^25; from now on fits into int32 unchanged */ + /* |h8| <= 2^25; from now on fits into int32 unchanged */ + /* |h5| <= 1.01*2^24 */ + /* |h9| <= 1.71*2^59 */ + + carry9 = (h9 + (long) (1 << 24)) >> 25; + h0 += carry9 * 19; + h9 -= carry9 << 25; + /* |h9| <= 2^24; from now on fits into int32 unchanged */ + /* |h0| <= 1.1*2^39 */ + + carry0 = (h0 + (long) (1 << 25)) >> 26; + h1 += carry0; + h0 -= carry0 << 26; + /* |h0| <= 2^25; from now on fits into int32 unchanged */ + /* |h1| <= 1.01*2^24 */ + + int[] h = new int[10]; + h[0] = (int) h0; + h[1] = (int) h1; + h[2] = (int) h2; + h[3] = (int) h3; + h[4] = (int) h4; + h[5] = (int) h5; + h[6] = (int) h6; + h[7] = (int) h7; + h[8] = (int) h8; + h[9] = (int) h9; + return new Ed25519FieldElement(f, h); + } + + /** + * $h = f * f$ + *

    + * Can overlap $h$ with $f$. + *

    + * Preconditions: + *

      + *
    • $|f|$ bounded by $1.65*2^{26},1.65*2^{25},1.65*2^{26},1.65*2^{25},$ etc. + *

    + * Postconditions: + *

      + *
    • $|h|$ bounded by $1.01*2^{25},1.01*2^{24},1.01*2^{25},1.01*2^{24},$ etc. + *

    + * See {@link #multiply(FieldElement)} for discussion + * of implementation strategy. + * + * @return The (reasonably reduced) square of this field element. + */ + public FieldElement square() { + int f0 = t[0]; + int f1 = t[1]; + int f2 = t[2]; + int f3 = t[3]; + int f4 = t[4]; + int f5 = t[5]; + int f6 = t[6]; + int f7 = t[7]; + int f8 = t[8]; + int f9 = t[9]; + int f0_2 = 2 * f0; + int f1_2 = 2 * f1; + int f2_2 = 2 * f2; + int f3_2 = 2 * f3; + int f4_2 = 2 * f4; + int f5_2 = 2 * f5; + int f6_2 = 2 * f6; + int f7_2 = 2 * f7; + int f5_38 = 38 * f5; /* 1.959375*2^30 */ + int f6_19 = 19 * f6; /* 1.959375*2^30 */ + int f7_38 = 38 * f7; /* 1.959375*2^30 */ + int f8_19 = 19 * f8; /* 1.959375*2^30 */ + int f9_38 = 38 * f9; /* 1.959375*2^30 */ + long f0f0 = f0 * (long) f0; + long f0f1_2 = f0_2 * (long) f1; + long f0f2_2 = f0_2 * (long) f2; + long f0f3_2 = f0_2 * (long) f3; + long f0f4_2 = f0_2 * (long) f4; + long f0f5_2 = f0_2 * (long) f5; + long f0f6_2 = f0_2 * (long) f6; + long f0f7_2 = f0_2 * (long) f7; + long f0f8_2 = f0_2 * (long) f8; + long f0f9_2 = f0_2 * (long) f9; + long f1f1_2 = f1_2 * (long) f1; + long f1f2_2 = f1_2 * (long) f2; + long f1f3_4 = f1_2 * (long) f3_2; + long f1f4_2 = f1_2 * (long) f4; + long f1f5_4 = f1_2 * (long) f5_2; + long f1f6_2 = f1_2 * (long) f6; + long f1f7_4 = f1_2 * (long) f7_2; + long f1f8_2 = f1_2 * (long) f8; + long f1f9_76 = f1_2 * (long) f9_38; + long f2f2 = f2 * (long) f2; + long f2f3_2 = f2_2 * (long) f3; + long f2f4_2 = f2_2 * (long) f4; + long f2f5_2 = f2_2 * (long) f5; + long f2f6_2 = f2_2 * (long) f6; + long f2f7_2 = f2_2 * (long) f7; + long f2f8_38 = f2_2 * (long) f8_19; + long f2f9_38 = f2 * (long) f9_38; + long f3f3_2 = f3_2 * (long) f3; + long f3f4_2 = f3_2 * (long) f4; + long f3f5_4 = f3_2 * (long) f5_2; + long f3f6_2 = f3_2 * (long) f6; + long f3f7_76 = f3_2 * (long) f7_38; + long f3f8_38 = f3_2 * (long) f8_19; + long f3f9_76 = f3_2 * (long) f9_38; + long f4f4 = f4 * (long) f4; + long f4f5_2 = f4_2 * (long) f5; + long f4f6_38 = f4_2 * (long) f6_19; + long f4f7_38 = f4 * (long) f7_38; + long f4f8_38 = f4_2 * (long) f8_19; + long f4f9_38 = f4 * (long) f9_38; + long f5f5_38 = f5 * (long) f5_38; + long f5f6_38 = f5_2 * (long) f6_19; + long f5f7_76 = f5_2 * (long) f7_38; + long f5f8_38 = f5_2 * (long) f8_19; + long f5f9_76 = f5_2 * (long) f9_38; + long f6f6_19 = f6 * (long) f6_19; + long f6f7_38 = f6 * (long) f7_38; + long f6f8_38 = f6_2 * (long) f8_19; + long f6f9_38 = f6 * (long) f9_38; + long f7f7_38 = f7 * (long) f7_38; + long f7f8_38 = f7_2 * (long) f8_19; + long f7f9_76 = f7_2 * (long) f9_38; + long f8f8_19 = f8 * (long) f8_19; + long f8f9_38 = f8 * (long) f9_38; + long f9f9_38 = f9 * (long) f9_38; + + /** + * Same procedure as in multiply, but this time we have a higher symmetry leading to less summands. + * e.g. f1f9_76 really stands for f1 * 2^26 * f9 * 2^230 + f9 * 2^230 + f1 * 2^26 congruent 2 * 2 * 19 * f1 * f9 2^0 modulo p. + */ + long h0 = f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38; + long h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38; + long h2 = f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19; + long h3 = f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38; + long h4 = f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38; + long h5 = f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38; + long h6 = f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19; + long h7 = f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38; + long h8 = f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38; + long h9 = f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2; + long carry0; + long carry1; + long carry2; + long carry3; + long carry4; + long carry5; + long carry6; + long carry7; + long carry8; + long carry9; + + carry0 = (h0 + (long) (1 << 25)) >> 26; + h1 += carry0; + h0 -= carry0 << 26; + carry4 = (h4 + (long) (1 << 25)) >> 26; + h5 += carry4; + h4 -= carry4 << 26; + + carry1 = (h1 + (long) (1 << 24)) >> 25; + h2 += carry1; + h1 -= carry1 << 25; + carry5 = (h5 + (long) (1 << 24)) >> 25; + h6 += carry5; + h5 -= carry5 << 25; + + carry2 = (h2 + (long) (1 << 25)) >> 26; + h3 += carry2; + h2 -= carry2 << 26; + carry6 = (h6 + (long) (1 << 25)) >> 26; + h7 += carry6; + h6 -= carry6 << 26; + + carry3 = (h3 + (long) (1 << 24)) >> 25; + h4 += carry3; + h3 -= carry3 << 25; + carry7 = (h7 + (long) (1 << 24)) >> 25; + h8 += carry7; + h7 -= carry7 << 25; + + carry4 = (h4 + (long) (1 << 25)) >> 26; + h5 += carry4; + h4 -= carry4 << 26; + carry8 = (h8 + (long) (1 << 25)) >> 26; + h9 += carry8; + h8 -= carry8 << 26; + + carry9 = (h9 + (long) (1 << 24)) >> 25; + h0 += carry9 * 19; + h9 -= carry9 << 25; + + carry0 = (h0 + (long) (1 << 25)) >> 26; + h1 += carry0; + h0 -= carry0 << 26; + + int[] h = new int[10]; + h[0] = (int) h0; + h[1] = (int) h1; + h[2] = (int) h2; + h[3] = (int) h3; + h[4] = (int) h4; + h[5] = (int) h5; + h[6] = (int) h6; + h[7] = (int) h7; + h[8] = (int) h8; + h[9] = (int) h9; + return new Ed25519FieldElement(f, h); + } + + /** + * $h = 2 * f * f$ + *

    + * Can overlap $h$ with $f$. + *

    + * Preconditions: + *

      + *
    • $|f|$ bounded by $1.65*2^{26},1.65*2^{25},1.65*2^{26},1.65*2^{25},$ etc. + *

    + * Postconditions: + *

      + *
    • $|h|$ bounded by $1.01*2^{25},1.01*2^{24},1.01*2^{25},1.01*2^{24},$ etc. + *

    + * See {@link #multiply(FieldElement)} for discussion + * of implementation strategy. + * + * @return The (reasonably reduced) square of this field element times 2. + */ + public FieldElement squareAndDouble() { + int f0 = t[0]; + int f1 = t[1]; + int f2 = t[2]; + int f3 = t[3]; + int f4 = t[4]; + int f5 = t[5]; + int f6 = t[6]; + int f7 = t[7]; + int f8 = t[8]; + int f9 = t[9]; + int f0_2 = 2 * f0; + int f1_2 = 2 * f1; + int f2_2 = 2 * f2; + int f3_2 = 2 * f3; + int f4_2 = 2 * f4; + int f5_2 = 2 * f5; + int f6_2 = 2 * f6; + int f7_2 = 2 * f7; + int f5_38 = 38 * f5; /* 1.959375*2^30 */ + int f6_19 = 19 * f6; /* 1.959375*2^30 */ + int f7_38 = 38 * f7; /* 1.959375*2^30 */ + int f8_19 = 19 * f8; /* 1.959375*2^30 */ + int f9_38 = 38 * f9; /* 1.959375*2^30 */ + long f0f0 = f0 * (long) f0; + long f0f1_2 = f0_2 * (long) f1; + long f0f2_2 = f0_2 * (long) f2; + long f0f3_2 = f0_2 * (long) f3; + long f0f4_2 = f0_2 * (long) f4; + long f0f5_2 = f0_2 * (long) f5; + long f0f6_2 = f0_2 * (long) f6; + long f0f7_2 = f0_2 * (long) f7; + long f0f8_2 = f0_2 * (long) f8; + long f0f9_2 = f0_2 * (long) f9; + long f1f1_2 = f1_2 * (long) f1; + long f1f2_2 = f1_2 * (long) f2; + long f1f3_4 = f1_2 * (long) f3_2; + long f1f4_2 = f1_2 * (long) f4; + long f1f5_4 = f1_2 * (long) f5_2; + long f1f6_2 = f1_2 * (long) f6; + long f1f7_4 = f1_2 * (long) f7_2; + long f1f8_2 = f1_2 * (long) f8; + long f1f9_76 = f1_2 * (long) f9_38; + long f2f2 = f2 * (long) f2; + long f2f3_2 = f2_2 * (long) f3; + long f2f4_2 = f2_2 * (long) f4; + long f2f5_2 = f2_2 * (long) f5; + long f2f6_2 = f2_2 * (long) f6; + long f2f7_2 = f2_2 * (long) f7; + long f2f8_38 = f2_2 * (long) f8_19; + long f2f9_38 = f2 * (long) f9_38; + long f3f3_2 = f3_2 * (long) f3; + long f3f4_2 = f3_2 * (long) f4; + long f3f5_4 = f3_2 * (long) f5_2; + long f3f6_2 = f3_2 * (long) f6; + long f3f7_76 = f3_2 * (long) f7_38; + long f3f8_38 = f3_2 * (long) f8_19; + long f3f9_76 = f3_2 * (long) f9_38; + long f4f4 = f4 * (long) f4; + long f4f5_2 = f4_2 * (long) f5; + long f4f6_38 = f4_2 * (long) f6_19; + long f4f7_38 = f4 * (long) f7_38; + long f4f8_38 = f4_2 * (long) f8_19; + long f4f9_38 = f4 * (long) f9_38; + long f5f5_38 = f5 * (long) f5_38; + long f5f6_38 = f5_2 * (long) f6_19; + long f5f7_76 = f5_2 * (long) f7_38; + long f5f8_38 = f5_2 * (long) f8_19; + long f5f9_76 = f5_2 * (long) f9_38; + long f6f6_19 = f6 * (long) f6_19; + long f6f7_38 = f6 * (long) f7_38; + long f6f8_38 = f6_2 * (long) f8_19; + long f6f9_38 = f6 * (long) f9_38; + long f7f7_38 = f7 * (long) f7_38; + long f7f8_38 = f7_2 * (long) f8_19; + long f7f9_76 = f7_2 * (long) f9_38; + long f8f8_19 = f8 * (long) f8_19; + long f8f9_38 = f8 * (long) f9_38; + long f9f9_38 = f9 * (long) f9_38; + long h0 = f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38; + long h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38; + long h2 = f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19; + long h3 = f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38; + long h4 = f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38; + long h5 = f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38; + long h6 = f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19; + long h7 = f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38; + long h8 = f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38; + long h9 = f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2; + long carry0; + long carry1; + long carry2; + long carry3; + long carry4; + long carry5; + long carry6; + long carry7; + long carry8; + long carry9; + + h0 += h0; + h1 += h1; + h2 += h2; + h3 += h3; + h4 += h4; + h5 += h5; + h6 += h6; + h7 += h7; + h8 += h8; + h9 += h9; + + carry0 = (h0 + (long) (1 << 25)) >> 26; + h1 += carry0; + h0 -= carry0 << 26; + carry4 = (h4 + (long) (1 << 25)) >> 26; + h5 += carry4; + h4 -= carry4 << 26; + + carry1 = (h1 + (long) (1 << 24)) >> 25; + h2 += carry1; + h1 -= carry1 << 25; + carry5 = (h5 + (long) (1 << 24)) >> 25; + h6 += carry5; + h5 -= carry5 << 25; + + carry2 = (h2 + (long) (1 << 25)) >> 26; + h3 += carry2; + h2 -= carry2 << 26; + carry6 = (h6 + (long) (1 << 25)) >> 26; + h7 += carry6; + h6 -= carry6 << 26; + + carry3 = (h3 + (long) (1 << 24)) >> 25; + h4 += carry3; + h3 -= carry3 << 25; + carry7 = (h7 + (long) (1 << 24)) >> 25; + h8 += carry7; + h7 -= carry7 << 25; + + carry4 = (h4 + (long) (1 << 25)) >> 26; + h5 += carry4; + h4 -= carry4 << 26; + carry8 = (h8 + (long) (1 << 25)) >> 26; + h9 += carry8; + h8 -= carry8 << 26; + + carry9 = (h9 + (long) (1 << 24)) >> 25; + h0 += carry9 * 19; + h9 -= carry9 << 25; + + carry0 = (h0 + (long) (1 << 25)) >> 26; + h1 += carry0; + h0 -= carry0 << 26; + + int[] h = new int[10]; + h[0] = (int) h0; + h[1] = (int) h1; + h[2] = (int) h2; + h[3] = (int) h3; + h[4] = (int) h4; + h[5] = (int) h5; + h[6] = (int) h6; + h[7] = (int) h7; + h[8] = (int) h8; + h[9] = (int) h9; + return new Ed25519FieldElement(f, h); + } + + /** + * Invert this field element. + *

    + * The inverse is found via Fermat's little theorem:
    + * $a^p \cong a \mod p$ and therefore $a^{(p-2)} \cong a^{-1} \mod p$ + * + * @return The inverse of this field element. + */ + public FieldElement invert() { + FieldElement t0, t1, t2, t3; + + // 2 == 2 * 1 + t0 = square(); + + // 4 == 2 * 2 + t1 = t0.square(); + + // 8 == 2 * 4 + t1 = t1.square(); + + // 9 == 8 + 1 + t1 = multiply(t1); + + // 11 == 9 + 2 + t0 = t0.multiply(t1); + + // 22 == 2 * 11 + t2 = t0.square(); + + // 31 == 22 + 9 + t1 = t1.multiply(t2); + + // 2^6 - 2^1 + t2 = t1.square(); + + // 2^10 - 2^5 + for (int i = 1; i < 5; ++i) { + t2 = t2.square(); + } + + // 2^10 - 2^0 + t1 = t2.multiply(t1); + + // 2^11 - 2^1 + t2 = t1.square(); + + // 2^20 - 2^10 + for (int i = 1; i < 10; ++i) { + t2 = t2.square(); + } + + // 2^20 - 2^0 + t2 = t2.multiply(t1); + + // 2^21 - 2^1 + t3 = t2.square(); + + // 2^40 - 2^20 + for (int i = 1; i < 20; ++i) { + t3 = t3.square(); + } + + // 2^40 - 2^0 + t2 = t3.multiply(t2); + + // 2^41 - 2^1 + t2 = t2.square(); + + // 2^50 - 2^10 + for (int i = 1; i < 10; ++i) { + t2 = t2.square(); + } + + // 2^50 - 2^0 + t1 = t2.multiply(t1); + + // 2^51 - 2^1 + t2 = t1.square(); + + // 2^100 - 2^50 + for (int i = 1; i < 50; ++i) { + t2 = t2.square(); + } + + // 2^100 - 2^0 + t2 = t2.multiply(t1); + + // 2^101 - 2^1 + t3 = t2.square(); + + // 2^200 - 2^100 + for (int i = 1; i < 100; ++i) { + t3 = t3.square(); + } + + // 2^200 - 2^0 + t2 = t3.multiply(t2); + + // 2^201 - 2^1 + t2 = t2.square(); + + // 2^250 - 2^50 + for (int i = 1; i < 50; ++i) { + t2 = t2.square(); + } + + // 2^250 - 2^0 + t1 = t2.multiply(t1); + + // 2^251 - 2^1 + t1 = t1.square(); + + // 2^255 - 2^5 + for (int i = 1; i < 5; ++i) { + t1 = t1.square(); + } + + // 2^255 - 21 + return t1.multiply(t0); + } + + /** + * Gets this field element to the power of $(2^{252} - 3)$. + * This is a helper function for calculating the square root. + *

    + * TODO-CR BR: I think it makes sense to have a sqrt function. + * + * @return This field element to the power of $(2^{252} - 3)$. + */ + public FieldElement pow22523() { + FieldElement t0, t1, t2; + + // 2 == 2 * 1 + t0 = square(); + + // 4 == 2 * 2 + t1 = t0.square(); + + // 8 == 2 * 4 + t1 = t1.square(); + + // z9 = z1*z8 + t1 = multiply(t1); + + // 11 == 9 + 2 + t0 = t0.multiply(t1); + + // 22 == 2 * 11 + t0 = t0.square(); + + // 31 == 22 + 9 + t0 = t1.multiply(t0); + + // 2^6 - 2^1 + t1 = t0.square(); + + // 2^10 - 2^5 + for (int i = 1; i < 5; ++i) { + t1 = t1.square(); + } + + // 2^10 - 2^0 + t0 = t1.multiply(t0); + + // 2^11 - 2^1 + t1 = t0.square(); + + // 2^20 - 2^10 + for (int i = 1; i < 10; ++i) { + t1 = t1.square(); + } + + // 2^20 - 2^0 + t1 = t1.multiply(t0); + + // 2^21 - 2^1 + t2 = t1.square(); + + // 2^40 - 2^20 + for (int i = 1; i < 20; ++i) { + t2 = t2.square(); + } + + // 2^40 - 2^0 + t1 = t2.multiply(t1); + + // 2^41 - 2^1 + t1 = t1.square(); + + // 2^50 - 2^10 + for (int i = 1; i < 10; ++i) { + t1 = t1.square(); + } + + // 2^50 - 2^0 + t0 = t1.multiply(t0); + + // 2^51 - 2^1 + t1 = t0.square(); + + // 2^100 - 2^50 + for (int i = 1; i < 50; ++i) { + t1 = t1.square(); + } + + // 2^100 - 2^0 + t1 = t1.multiply(t0); + + // 2^101 - 2^1 + t2 = t1.square(); + + // 2^200 - 2^100 + for (int i = 1; i < 100; ++i) { + t2 = t2.square(); + } + + // 2^200 - 2^0 + t1 = t2.multiply(t1); + + // 2^201 - 2^1 + t1 = t1.square(); + + // 2^250 - 2^50 + for (int i = 1; i < 50; ++i) { + t1 = t1.square(); + } + + // 2^250 - 2^0 + t0 = t1.multiply(t0); + + // 2^251 - 2^1 + t0 = t0.square(); + + // 2^252 - 2^2 + t0 = t0.square(); + + // 2^252 - 3 + return multiply(t0); + } + + /** + * Constant-time conditional move. Well, actually it is a conditional copy. + * Logic is inspired by the SUPERCOP implementation at: + * https://github.com/floodyberry/supercop/blob/master/crypto_sign/ed25519/ref10/fe_cmov.c + * + * @param val the other field element. + * @param b must be 0 or 1, otherwise results are undefined. + * @return a copy of this if $b == 0$, or a copy of val if $b == 1$. + */ + @Override + public FieldElement cmov(FieldElement val, int b) { + Ed25519FieldElement that = (Ed25519FieldElement) val; + b = -b; + int[] result = new int[10]; + for (int i = 0; i < 10; i++) { + result[i] = this.t[i]; + int x = this.t[i] ^ that.t[i]; + x &= b; + result[i] ^= x; + } + return new Ed25519FieldElement(this.f, result); + } + + @Override + public int hashCode() { + return Arrays.hashCode(t); + } + + @Override + public boolean equals(Object obj) { + if (!(obj instanceof Ed25519FieldElement)) + return false; + Ed25519FieldElement fe = (Ed25519FieldElement) obj; + return 1 == Utils.equal(toByteArray(), fe.toByteArray()); + } + + @Override + public String toString() { + return "[Ed25519FieldElement val=" + Utils.bytesToHex(toByteArray()) + "]"; + } +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/ed25519/Ed25519LittleEndianEncoding.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/ed25519/Ed25519LittleEndianEncoding.java new file mode 100644 index 0000000..f195df8 --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/ed25519/Ed25519LittleEndianEncoding.java @@ -0,0 +1,284 @@ +package org.xbib.io.sshd.eddsa.math.ed25519; + +import org.xbib.io.sshd.eddsa.math.Encoding; +import org.xbib.io.sshd.eddsa.math.FieldElement; + +/** + * Helper class for encoding/decoding from/to the 32 byte representation. + * Reviewed/commented by Bloody Rookie (nemproject@gmx.de) + */ +public class Ed25519LittleEndianEncoding extends Encoding { + static int load_3(byte[] in, int offset) { + int result = in[offset++] & 0xff; + result |= (in[offset++] & 0xff) << 8; + result |= (in[offset] & 0xff) << 16; + return result; + } + + static long load_4(byte[] in, int offset) { + int result = in[offset++] & 0xff; + result |= (in[offset++] & 0xff) << 8; + result |= (in[offset++] & 0xff) << 16; + result |= in[offset] << 24; + return ((long) result) & 0xffffffffL; + } + + /** + * Encodes a given field element in its 32 byte representation. This is done in two steps: + *

      + *
    1. Reduce the value of the field element modulo $p$. + *
    2. Convert the field element to the 32 byte representation. + *

    + * The idea for the modulo $p$ reduction algorithm is as follows: + *

    + *

    Assumption:

    + *
      + *
    • $p = 2^{255} - 19$ + *
    • $h = h_0 + 2^{25} * h_1 + 2^{(26+25)} * h_2 + \dots + 2^{230} * h_9$ where $0 \le |h_i| \lt 2^{27}$ for all $i=0,\dots,9$. + *
    • $h \cong r \mod p$, i.e. $h = r + q * p$ for some suitable $0 \le r \lt p$ and an integer $q$. + *

    + * Then $q = [2^{-255} * (h + 19 * 2^{-25} * h_9 + 1/2)]$ where $[x] = floor(x)$. + *

    + *

    Proof:

    + *

    + * We begin with some very raw estimation for the bounds of some expressions: + *

    + * $$ + * \begin{equation} + * |h| \lt 2^{230} * 2^{30} = 2^{260} \Rightarrow |r + q * p| \lt 2^{260} \Rightarrow |q| \lt 2^{10}. \\ + * \Rightarrow -1/4 \le a := 19^2 * 2^{-255} * q \lt 1/4. \\ + * |h - 2^{230} * h_9| = |h_0 + \dots + 2^{204} * h_8| \lt 2^{204} * 2^{30} = 2^{234}. \\ + * \Rightarrow -1/4 \le b := 19 * 2^{-255} * (h - 2^{230} * h_9) \lt 1/4 + * \end{equation} + * $$ + *

    + * Therefore $0 \lt 1/2 - a - b \lt 1$. + *

    + * Set $x := r + 19 * 2^{-255} * r + 1/2 - a - b$. Then: + *

    + * $$ + * 0 \le x \lt 255 - 20 + 19 + 1 = 2^{255} \\ + * \Rightarrow 0 \le 2^{-255} * x \lt 1. + * $$ + *

    + * Since $q$ is an integer we have + *

    + * $$ + * [q + 2^{-255} * x] = q \quad (1) + * $$ + *

    + * Have a closer look at $x$: + *

    + * $$ + * \begin{align} + * x &= h - q * (2^{255} - 19) + 19 * 2^{-255} * (h - q * (2^{255} - 19)) + 1/2 - 19^2 * 2^{-255} * q - 19 * 2^{-255} * (h - 2^{230} * h_9) \\ + * &= h - q * 2^{255} + 19 * q + 19 * 2^{-255} * h - 19 * q + 19^2 * 2^{-255} * q + 1/2 - 19^2 * 2^{-255} * q - 19 * 2^{-255} * h + 19 * 2^{-25} * h_9 \\ + * &= h + 19 * 2^{-25} * h_9 + 1/2 - q^{255}. + * \end{align} + * $$ + *

    + * Inserting the expression for $x$ into $(1)$ we get the desired expression for $q$. + */ + public byte[] encode(FieldElement x) { + int[] h = ((Ed25519FieldElement) x).t; + int h0 = h[0]; + int h1 = h[1]; + int h2 = h[2]; + int h3 = h[3]; + int h4 = h[4]; + int h5 = h[5]; + int h6 = h[6]; + int h7 = h[7]; + int h8 = h[8]; + int h9 = h[9]; + int q; + int carry0; + int carry1; + int carry2; + int carry3; + int carry4; + int carry5; + int carry6; + int carry7; + int carry8; + int carry9; + + // Step 1: + // Calculate q + q = (19 * h9 + (1 << 24)) >> 25; + q = (h0 + q) >> 26; + q = (h1 + q) >> 25; + q = (h2 + q) >> 26; + q = (h3 + q) >> 25; + q = (h4 + q) >> 26; + q = (h5 + q) >> 25; + q = (h6 + q) >> 26; + q = (h7 + q) >> 25; + q = (h8 + q) >> 26; + q = (h9 + q) >> 25; + + // r = h - q * p = h - 2^255 * q + 19 * q + // First add 19 * q then discard the bit 255 + h0 += 19 * q; + + carry0 = h0 >> 26; + h1 += carry0; + h0 -= carry0 << 26; + carry1 = h1 >> 25; + h2 += carry1; + h1 -= carry1 << 25; + carry2 = h2 >> 26; + h3 += carry2; + h2 -= carry2 << 26; + carry3 = h3 >> 25; + h4 += carry3; + h3 -= carry3 << 25; + carry4 = h4 >> 26; + h5 += carry4; + h4 -= carry4 << 26; + carry5 = h5 >> 25; + h6 += carry5; + h5 -= carry5 << 25; + carry6 = h6 >> 26; + h7 += carry6; + h6 -= carry6 << 26; + carry7 = h7 >> 25; + h8 += carry7; + h7 -= carry7 << 25; + carry8 = h8 >> 26; + h9 += carry8; + h8 -= carry8 << 26; + carry9 = h9 >> 25; + h9 -= carry9 << 25; + + // Step 2 (straight forward conversion): + byte[] s = new byte[32]; + s[0] = (byte) h0; + s[1] = (byte) (h0 >> 8); + s[2] = (byte) (h0 >> 16); + s[3] = (byte) ((h0 >> 24) | (h1 << 2)); + s[4] = (byte) (h1 >> 6); + s[5] = (byte) (h1 >> 14); + s[6] = (byte) ((h1 >> 22) | (h2 << 3)); + s[7] = (byte) (h2 >> 5); + s[8] = (byte) (h2 >> 13); + s[9] = (byte) ((h2 >> 21) | (h3 << 5)); + s[10] = (byte) (h3 >> 3); + s[11] = (byte) (h3 >> 11); + s[12] = (byte) ((h3 >> 19) | (h4 << 6)); + s[13] = (byte) (h4 >> 2); + s[14] = (byte) (h4 >> 10); + s[15] = (byte) (h4 >> 18); + s[16] = (byte) h5; + s[17] = (byte) (h5 >> 8); + s[18] = (byte) (h5 >> 16); + s[19] = (byte) ((h5 >> 24) | (h6 << 1)); + s[20] = (byte) (h6 >> 7); + s[21] = (byte) (h6 >> 15); + s[22] = (byte) ((h6 >> 23) | (h7 << 3)); + s[23] = (byte) (h7 >> 5); + s[24] = (byte) (h7 >> 13); + s[25] = (byte) ((h7 >> 21) | (h8 << 4)); + s[26] = (byte) (h8 >> 4); + s[27] = (byte) (h8 >> 12); + s[28] = (byte) ((h8 >> 20) | (h9 << 6)); + s[29] = (byte) (h9 >> 2); + s[30] = (byte) (h9 >> 10); + s[31] = (byte) (h9 >> 18); + return s; + } + + /** + * Decodes a given field element in its 10 byte $2^{25.5}$ representation. + * + * @param in The 32 byte representation. + * @return The field element in its $2^{25.5}$ bit representation. + */ + public FieldElement decode(byte[] in) { + long h0 = load_4(in, 0); + long h1 = load_3(in, 4) << 6; + long h2 = load_3(in, 7) << 5; + long h3 = load_3(in, 10) << 3; + long h4 = load_3(in, 13) << 2; + long h5 = load_4(in, 16); + long h6 = load_3(in, 20) << 7; + long h7 = load_3(in, 23) << 5; + long h8 = load_3(in, 26) << 4; + long h9 = (load_3(in, 29) & 0x7FFFFF) << 2; + long carry0; + long carry1; + long carry2; + long carry3; + long carry4; + long carry5; + long carry6; + long carry7; + long carry8; + long carry9; + + // Remember: 2^255 congruent 19 modulo p + carry9 = (h9 + (long) (1 << 24)) >> 25; + h0 += carry9 * 19; + h9 -= carry9 << 25; + carry1 = (h1 + (long) (1 << 24)) >> 25; + h2 += carry1; + h1 -= carry1 << 25; + carry3 = (h3 + (long) (1 << 24)) >> 25; + h4 += carry3; + h3 -= carry3 << 25; + carry5 = (h5 + (long) (1 << 24)) >> 25; + h6 += carry5; + h5 -= carry5 << 25; + carry7 = (h7 + (long) (1 << 24)) >> 25; + h8 += carry7; + h7 -= carry7 << 25; + + carry0 = (h0 + (long) (1 << 25)) >> 26; + h1 += carry0; + h0 -= carry0 << 26; + carry2 = (h2 + (long) (1 << 25)) >> 26; + h3 += carry2; + h2 -= carry2 << 26; + carry4 = (h4 + (long) (1 << 25)) >> 26; + h5 += carry4; + h4 -= carry4 << 26; + carry6 = (h6 + (long) (1 << 25)) >> 26; + h7 += carry6; + h6 -= carry6 << 26; + carry8 = (h8 + (long) (1 << 25)) >> 26; + h9 += carry8; + h8 -= carry8 << 26; + + int[] h = new int[10]; + h[0] = (int) h0; + h[1] = (int) h1; + h[2] = (int) h2; + h[3] = (int) h3; + h[4] = (int) h4; + h[5] = (int) h5; + h[6] = (int) h6; + h[7] = (int) h7; + h[8] = (int) h8; + h[9] = (int) h9; + return new Ed25519FieldElement(f, h); + } + + /** + * Is the FieldElement negative in this encoding? + *

    + * Return true if $x$ is in $\{1,3,5,\dots,q-2\}$
    + * Return false if $x$ is in $\{0,2,4,\dots,q-1\}$ + *

    + * Preconditions: + *

      + *
    • $|x|$ bounded by $1.1*2^{26},1.1*2^{25},1.1*2^{26},1.1*2^{25}$, etc. + *
    + * + * @return true if $x$ is in $\{1,3,5,\dots,q-2\}$, false otherwise. + */ + public boolean isNegative(FieldElement x) { + byte[] s = encode(x); + return (s[0] & 1) != 0; + } + +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/ed25519/Ed25519ScalarOps.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/ed25519/Ed25519ScalarOps.java new file mode 100644 index 0000000..a94e6ea --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/ed25519/Ed25519ScalarOps.java @@ -0,0 +1,913 @@ +package org.xbib.io.sshd.eddsa.math.ed25519; + +import org.xbib.io.sshd.eddsa.math.ScalarOps; + +import static org.xbib.io.sshd.eddsa.math.ed25519.Ed25519LittleEndianEncoding.load_3; +import static org.xbib.io.sshd.eddsa.math.ed25519.Ed25519LittleEndianEncoding.load_4; + +/** + * Class for reducing a huge integer modulo the group order q and + * doing a combined multiply plus add plus reduce operation. + *

    + * $q = 2^{252} + 27742317777372353535851937790883648493$. + *

    + * Reviewed/commented by Bloody Rookie (nemproject@gmx.de) + */ +public class Ed25519ScalarOps implements ScalarOps { + + /** + * Reduction modulo the group order $q$. + *

    + * Input: + * $s[0]+256*s[1]+\dots+256^{63}*s[63] = s$ + *

    + * Output: + * $s[0]+256*s[1]+\dots+256^{31}*s[31] = s \bmod q$ + * where $q = 2^{252} + 27742317777372353535851937790883648493$. + */ + public byte[] reduce(byte[] s) { + // s0,..., s22 have 21 bits, s23 has 29 bits + long s0 = 0x1FFFFF & load_3(s, 0); + long s1 = 0x1FFFFF & (load_4(s, 2) >> 5); + long s2 = 0x1FFFFF & (load_3(s, 5) >> 2); + long s3 = 0x1FFFFF & (load_4(s, 7) >> 7); + long s4 = 0x1FFFFF & (load_4(s, 10) >> 4); + long s5 = 0x1FFFFF & (load_3(s, 13) >> 1); + long s6 = 0x1FFFFF & (load_4(s, 15) >> 6); + long s7 = 0x1FFFFF & (load_3(s, 18) >> 3); + long s8 = 0x1FFFFF & load_3(s, 21); + long s9 = 0x1FFFFF & (load_4(s, 23) >> 5); + long s10 = 0x1FFFFF & (load_3(s, 26) >> 2); + long s11 = 0x1FFFFF & (load_4(s, 28) >> 7); + long s12 = 0x1FFFFF & (load_4(s, 31) >> 4); + long s13 = 0x1FFFFF & (load_3(s, 34) >> 1); + long s14 = 0x1FFFFF & (load_4(s, 36) >> 6); + long s15 = 0x1FFFFF & (load_3(s, 39) >> 3); + long s16 = 0x1FFFFF & load_3(s, 42); + long s17 = 0x1FFFFF & (load_4(s, 44) >> 5); + long s18 = 0x1FFFFF & (load_3(s, 47) >> 2); + long s19 = 0x1FFFFF & (load_4(s, 49) >> 7); + long s20 = 0x1FFFFF & (load_4(s, 52) >> 4); + long s21 = 0x1FFFFF & (load_3(s, 55) >> 1); + long s22 = 0x1FFFFF & (load_4(s, 57) >> 6); + long s23 = (load_4(s, 60) >> 3); + long carry0; + long carry1; + long carry2; + long carry3; + long carry4; + long carry5; + long carry6; + long carry7; + long carry8; + long carry9; + long carry10; + long carry11; + long carry12; + long carry13; + long carry14; + long carry15; + long carry16; + + /** + * Lots of magic numbers :) + * To understand what's going on below, note that + * + * (1) q = 2^252 + q0 where q0 = 27742317777372353535851937790883648493. + * (2) s11 is the coefficient of 2^(11*21), s23 is the coefficient of 2^(^23*21) and 2^252 = 2^((23-11) * 21)). + * (3) 2^252 congruent -q0 modulo q. + * (4) -q0 = 666643 * 2^0 + 470296 * 2^21 + 654183 * 2^(2*21) - 997805 * 2^(3*21) + 136657 * 2^(4*21) - 683901 * 2^(5*21) + * + * Thus + * s23 * 2^(23*11) = s23 * 2^(12*21) * 2^(11*21) = s3 * 2^252 * 2^(11*21) congruent + * s23 * (666643 * 2^0 + 470296 * 2^21 + 654183 * 2^(2*21) - 997805 * 2^(3*21) + 136657 * 2^(4*21) - 683901 * 2^(5*21)) * 2^(11*21) modulo q = + * s23 * (666643 * 2^(11*21) + 470296 * 2^(12*21) + 654183 * 2^(13*21) - 997805 * 2^(14*21) + 136657 * 2^(15*21) - 683901 * 2^(16*21)). + * + * The same procedure is then applied for s22,...,s18. + */ + s11 += s23 * 666643; + s12 += s23 * 470296; + s13 += s23 * 654183; + s14 -= s23 * 997805; + s15 += s23 * 136657; + s16 -= s23 * 683901; + // not used again + //s23 = 0; + + s10 += s22 * 666643; + s11 += s22 * 470296; + s12 += s22 * 654183; + s13 -= s22 * 997805; + s14 += s22 * 136657; + s15 -= s22 * 683901; + // not used again + //s22 = 0; + + s9 += s21 * 666643; + s10 += s21 * 470296; + s11 += s21 * 654183; + s12 -= s21 * 997805; + s13 += s21 * 136657; + s14 -= s21 * 683901; + // not used again + //s21 = 0; + + s8 += s20 * 666643; + s9 += s20 * 470296; + s10 += s20 * 654183; + s11 -= s20 * 997805; + s12 += s20 * 136657; + s13 -= s20 * 683901; + // not used again + //s20 = 0; + + s7 += s19 * 666643; + s8 += s19 * 470296; + s9 += s19 * 654183; + s10 -= s19 * 997805; + s11 += s19 * 136657; + s12 -= s19 * 683901; + // not used again + //s19 = 0; + + s6 += s18 * 666643; + s7 += s18 * 470296; + s8 += s18 * 654183; + s9 -= s18 * 997805; + s10 += s18 * 136657; + s11 -= s18 * 683901; + // not used again + //s18 = 0; + + /** + * Time to reduce the coefficient in order not to get an overflow. + */ + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 << 21; + carry12 = (s12 + (1 << 20)) >> 21; + s13 += carry12; + s12 -= carry12 << 21; + carry14 = (s14 + (1 << 20)) >> 21; + s15 += carry14; + s14 -= carry14 << 21; + carry16 = (s16 + (1 << 20)) >> 21; + s17 += carry16; + s16 -= carry16 << 21; + + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry11 = (s11 + (1 << 20)) >> 21; + s12 += carry11; + s11 -= carry11 << 21; + carry13 = (s13 + (1 << 20)) >> 21; + s14 += carry13; + s13 -= carry13 << 21; + carry15 = (s15 + (1 << 20)) >> 21; + s16 += carry15; + s15 -= carry15 << 21; + + /** + * Continue with above procedure. + */ + s5 += s17 * 666643; + s6 += s17 * 470296; + s7 += s17 * 654183; + s8 -= s17 * 997805; + s9 += s17 * 136657; + s10 -= s17 * 683901; + // not used again + //s17 = 0; + + s4 += s16 * 666643; + s5 += s16 * 470296; + s6 += s16 * 654183; + s7 -= s16 * 997805; + s8 += s16 * 136657; + s9 -= s16 * 683901; + // not used again + //s16 = 0; + + s3 += s15 * 666643; + s4 += s15 * 470296; + s5 += s15 * 654183; + s6 -= s15 * 997805; + s7 += s15 * 136657; + s8 -= s15 * 683901; + // not used again + //s15 = 0; + + s2 += s14 * 666643; + s3 += s14 * 470296; + s4 += s14 * 654183; + s5 -= s14 * 997805; + s6 += s14 * 136657; + s7 -= s14 * 683901; + // not used again + //s14 = 0; + + s1 += s13 * 666643; + s2 += s13 * 470296; + s3 += s13 * 654183; + s4 -= s13 * 997805; + s5 += s13 * 136657; + s6 -= s13 * 683901; + // not used again + //s13 = 0; + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + // set below + //s12 = 0; + + /** + * Reduce coefficients again. + */ + carry0 = (s0 + (1 << 20)) >> 21; + s1 += carry0; + s0 -= carry0 << 21; + carry2 = (s2 + (1 << 20)) >> 21; + s3 += carry2; + s2 -= carry2 << 21; + carry4 = (s4 + (1 << 20)) >> 21; + s5 += carry4; + s4 -= carry4 << 21; + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 << 21; + + carry1 = (s1 + (1 << 20)) >> 21; + s2 += carry1; + s1 -= carry1 << 21; + carry3 = (s3 + (1 << 20)) >> 21; + s4 += carry3; + s3 -= carry3 << 21; + carry5 = (s5 + (1 << 20)) >> 21; + s6 += carry5; + s5 -= carry5 << 21; + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 << 21; + //carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21; + carry11 = (s11 + (1 << 20)) >> 21; + s12 = carry11; + s11 -= carry11 << 21; + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + // set below + //s12 = 0; + + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 << 21; + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 << 21; + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 << 21; + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 << 21; + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 << 21; + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 << 21; + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 << 21; + //carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21; + carry11 = s11 >> 21; + s12 = carry11; + s11 -= carry11 << 21; + + // TODO-CR BR: Is it really needed to do it TWO times? (it doesn't hurt, just a question). + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + // not used again + //s12 = 0; + + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 << 21; + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 << 21; + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 << 21; + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 << 21; + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 << 21; + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 << 21; + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 << 21; + + // s0, ..., s11 got 21 bits each. + byte[] result = new byte[32]; + result[0] = (byte) s0; + result[1] = (byte) (s0 >> 8); + result[2] = (byte) ((s0 >> 16) | (s1 << 5)); + result[3] = (byte) (s1 >> 3); + result[4] = (byte) (s1 >> 11); + result[5] = (byte) ((s1 >> 19) | (s2 << 2)); + result[6] = (byte) (s2 >> 6); + result[7] = (byte) ((s2 >> 14) | (s3 << 7)); + result[8] = (byte) (s3 >> 1); + result[9] = (byte) (s3 >> 9); + result[10] = (byte) ((s3 >> 17) | (s4 << 4)); + result[11] = (byte) (s4 >> 4); + result[12] = (byte) (s4 >> 12); + result[13] = (byte) ((s4 >> 20) | (s5 << 1)); + result[14] = (byte) (s5 >> 7); + result[15] = (byte) ((s5 >> 15) | (s6 << 6)); + result[16] = (byte) (s6 >> 2); + result[17] = (byte) (s6 >> 10); + result[18] = (byte) ((s6 >> 18) | (s7 << 3)); + result[19] = (byte) (s7 >> 5); + result[20] = (byte) (s7 >> 13); + result[21] = (byte) s8; + result[22] = (byte) (s8 >> 8); + result[23] = (byte) ((s8 >> 16) | (s9 << 5)); + result[24] = (byte) (s9 >> 3); + result[25] = (byte) (s9 >> 11); + result[26] = (byte) ((s9 >> 19) | (s10 << 2)); + result[27] = (byte) (s10 >> 6); + result[28] = (byte) ((s10 >> 14) | (s11 << 7)); + result[29] = (byte) (s11 >> 1); + result[30] = (byte) (s11 >> 9); + result[31] = (byte) (s11 >> 17); + return result; + } + + + /** + * $(ab+c) \bmod q$ + *

    + * Input: + *

      + *
    • $a[0]+256*a[1]+\dots+256^{31}*a[31] = a$ + *
    • $b[0]+256*b[1]+\dots+256^{31}*b[31] = b$ + *
    • $c[0]+256*c[1]+\dots+256^{31}*c[31] = c$ + *

    + * Output: + * $result[0]+256*result[1]+\dots+256^{31}*result[31] = (ab+c) \bmod q$ + * where $q = 2^{252} + 27742317777372353535851937790883648493$. + *

    + * See the comments in {@link #reduce(byte[])} for an explanation of the algorithm. + */ + public byte[] multiplyAndAdd(byte[] a, byte[] b, byte[] c) { + long a0 = 0x1FFFFF & load_3(a, 0); + long a1 = 0x1FFFFF & (load_4(a, 2) >> 5); + long a2 = 0x1FFFFF & (load_3(a, 5) >> 2); + long a3 = 0x1FFFFF & (load_4(a, 7) >> 7); + long a4 = 0x1FFFFF & (load_4(a, 10) >> 4); + long a5 = 0x1FFFFF & (load_3(a, 13) >> 1); + long a6 = 0x1FFFFF & (load_4(a, 15) >> 6); + long a7 = 0x1FFFFF & (load_3(a, 18) >> 3); + long a8 = 0x1FFFFF & load_3(a, 21); + long a9 = 0x1FFFFF & (load_4(a, 23) >> 5); + long a10 = 0x1FFFFF & (load_3(a, 26) >> 2); + long a11 = (load_4(a, 28) >> 7); + long b0 = 0x1FFFFF & load_3(b, 0); + long b1 = 0x1FFFFF & (load_4(b, 2) >> 5); + long b2 = 0x1FFFFF & (load_3(b, 5) >> 2); + long b3 = 0x1FFFFF & (load_4(b, 7) >> 7); + long b4 = 0x1FFFFF & (load_4(b, 10) >> 4); + long b5 = 0x1FFFFF & (load_3(b, 13) >> 1); + long b6 = 0x1FFFFF & (load_4(b, 15) >> 6); + long b7 = 0x1FFFFF & (load_3(b, 18) >> 3); + long b8 = 0x1FFFFF & load_3(b, 21); + long b9 = 0x1FFFFF & (load_4(b, 23) >> 5); + long b10 = 0x1FFFFF & (load_3(b, 26) >> 2); + long b11 = (load_4(b, 28) >> 7); + long c0 = 0x1FFFFF & load_3(c, 0); + long c1 = 0x1FFFFF & (load_4(c, 2) >> 5); + long c2 = 0x1FFFFF & (load_3(c, 5) >> 2); + long c3 = 0x1FFFFF & (load_4(c, 7) >> 7); + long c4 = 0x1FFFFF & (load_4(c, 10) >> 4); + long c5 = 0x1FFFFF & (load_3(c, 13) >> 1); + long c6 = 0x1FFFFF & (load_4(c, 15) >> 6); + long c7 = 0x1FFFFF & (load_3(c, 18) >> 3); + long c8 = 0x1FFFFF & load_3(c, 21); + long c9 = 0x1FFFFF & (load_4(c, 23) >> 5); + long c10 = 0x1FFFFF & (load_3(c, 26) >> 2); + long c11 = (load_4(c, 28) >> 7); + long s0; + long s1; + long s2; + long s3; + long s4; + long s5; + long s6; + long s7; + long s8; + long s9; + long s10; + long s11; + long s12; + long s13; + long s14; + long s15; + long s16; + long s17; + long s18; + long s19; + long s20; + long s21; + long s22; + long s23; + long carry0; + long carry1; + long carry2; + long carry3; + long carry4; + long carry5; + long carry6; + long carry7; + long carry8; + long carry9; + long carry10; + long carry11; + long carry12; + long carry13; + long carry14; + long carry15; + long carry16; + long carry17; + long carry18; + long carry19; + long carry20; + long carry21; + long carry22; + + s0 = c0 + a0 * b0; + s1 = c1 + a0 * b1 + a1 * b0; + s2 = c2 + a0 * b2 + a1 * b1 + a2 * b0; + s3 = c3 + a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0; + s4 = c4 + a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0; + s5 = c5 + a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0; + s6 = c6 + a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0; + s7 = c7 + a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 + a6 * b1 + a7 * b0; + s8 = c8 + a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 + a6 * b2 + a7 * b1 + a8 * b0; + s9 = c9 + a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 + a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0; + s10 = c10 + a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 + a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0; + s11 = c11 + a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 + a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0; + s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + a7 * b5 + a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1; + s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + a8 * b5 + a9 * b4 + a10 * b3 + a11 * b2; + s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + a9 * b5 + a10 * b4 + a11 * b3; + s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + a10 * b5 + a11 * b4; + s16 = a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5; + s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6; + s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7; + s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8; + s20 = a9 * b11 + a10 * b10 + a11 * b9; + s21 = a10 * b11 + a11 * b10; + s22 = a11 * b11; + // set below + //s23 = 0; + + carry0 = (s0 + (1 << 20)) >> 21; + s1 += carry0; + s0 -= carry0 << 21; + carry2 = (s2 + (1 << 20)) >> 21; + s3 += carry2; + s2 -= carry2 << 21; + carry4 = (s4 + (1 << 20)) >> 21; + s5 += carry4; + s4 -= carry4 << 21; + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 << 21; + carry12 = (s12 + (1 << 20)) >> 21; + s13 += carry12; + s12 -= carry12 << 21; + carry14 = (s14 + (1 << 20)) >> 21; + s15 += carry14; + s14 -= carry14 << 21; + carry16 = (s16 + (1 << 20)) >> 21; + s17 += carry16; + s16 -= carry16 << 21; + carry18 = (s18 + (1 << 20)) >> 21; + s19 += carry18; + s18 -= carry18 << 21; + carry20 = (s20 + (1 << 20)) >> 21; + s21 += carry20; + s20 -= carry20 << 21; + //carry22 = (s22 + (1<<20)) >> 21; s23 += carry22; s22 -= carry22 << 21; + carry22 = (s22 + (1 << 20)) >> 21; + s23 = carry22; + s22 -= carry22 << 21; + + carry1 = (s1 + (1 << 20)) >> 21; + s2 += carry1; + s1 -= carry1 << 21; + carry3 = (s3 + (1 << 20)) >> 21; + s4 += carry3; + s3 -= carry3 << 21; + carry5 = (s5 + (1 << 20)) >> 21; + s6 += carry5; + s5 -= carry5 << 21; + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry11 = (s11 + (1 << 20)) >> 21; + s12 += carry11; + s11 -= carry11 << 21; + carry13 = (s13 + (1 << 20)) >> 21; + s14 += carry13; + s13 -= carry13 << 21; + carry15 = (s15 + (1 << 20)) >> 21; + s16 += carry15; + s15 -= carry15 << 21; + carry17 = (s17 + (1 << 20)) >> 21; + s18 += carry17; + s17 -= carry17 << 21; + carry19 = (s19 + (1 << 20)) >> 21; + s20 += carry19; + s19 -= carry19 << 21; + carry21 = (s21 + (1 << 20)) >> 21; + s22 += carry21; + s21 -= carry21 << 21; + + s11 += s23 * 666643; + s12 += s23 * 470296; + s13 += s23 * 654183; + s14 -= s23 * 997805; + s15 += s23 * 136657; + s16 -= s23 * 683901; + // not used again + //s23 = 0; + + s10 += s22 * 666643; + s11 += s22 * 470296; + s12 += s22 * 654183; + s13 -= s22 * 997805; + s14 += s22 * 136657; + s15 -= s22 * 683901; + // not used again + //s22 = 0; + + s9 += s21 * 666643; + s10 += s21 * 470296; + s11 += s21 * 654183; + s12 -= s21 * 997805; + s13 += s21 * 136657; + s14 -= s21 * 683901; + // not used again + //s21 = 0; + + s8 += s20 * 666643; + s9 += s20 * 470296; + s10 += s20 * 654183; + s11 -= s20 * 997805; + s12 += s20 * 136657; + s13 -= s20 * 683901; + // not used again + //s20 = 0; + + s7 += s19 * 666643; + s8 += s19 * 470296; + s9 += s19 * 654183; + s10 -= s19 * 997805; + s11 += s19 * 136657; + s12 -= s19 * 683901; + // not used again + //s19 = 0; + + s6 += s18 * 666643; + s7 += s18 * 470296; + s8 += s18 * 654183; + s9 -= s18 * 997805; + s10 += s18 * 136657; + s11 -= s18 * 683901; + // not used again + //s18 = 0; + + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 << 21; + carry12 = (s12 + (1 << 20)) >> 21; + s13 += carry12; + s12 -= carry12 << 21; + carry14 = (s14 + (1 << 20)) >> 21; + s15 += carry14; + s14 -= carry14 << 21; + carry16 = (s16 + (1 << 20)) >> 21; + s17 += carry16; + s16 -= carry16 << 21; + + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry11 = (s11 + (1 << 20)) >> 21; + s12 += carry11; + s11 -= carry11 << 21; + carry13 = (s13 + (1 << 20)) >> 21; + s14 += carry13; + s13 -= carry13 << 21; + carry15 = (s15 + (1 << 20)) >> 21; + s16 += carry15; + s15 -= carry15 << 21; + + s5 += s17 * 666643; + s6 += s17 * 470296; + s7 += s17 * 654183; + s8 -= s17 * 997805; + s9 += s17 * 136657; + s10 -= s17 * 683901; + // not used again + //s17 = 0; + + s4 += s16 * 666643; + s5 += s16 * 470296; + s6 += s16 * 654183; + s7 -= s16 * 997805; + s8 += s16 * 136657; + s9 -= s16 * 683901; + // not used again + //s16 = 0; + + s3 += s15 * 666643; + s4 += s15 * 470296; + s5 += s15 * 654183; + s6 -= s15 * 997805; + s7 += s15 * 136657; + s8 -= s15 * 683901; + // not used again + //s15 = 0; + + s2 += s14 * 666643; + s3 += s14 * 470296; + s4 += s14 * 654183; + s5 -= s14 * 997805; + s6 += s14 * 136657; + s7 -= s14 * 683901; + // not used again + //s14 = 0; + + s1 += s13 * 666643; + s2 += s13 * 470296; + s3 += s13 * 654183; + s4 -= s13 * 997805; + s5 += s13 * 136657; + s6 -= s13 * 683901; + // not used again + //s13 = 0; + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + // set below + //s12 = 0; + + carry0 = (s0 + (1 << 20)) >> 21; + s1 += carry0; + s0 -= carry0 << 21; + carry2 = (s2 + (1 << 20)) >> 21; + s3 += carry2; + s2 -= carry2 << 21; + carry4 = (s4 + (1 << 20)) >> 21; + s5 += carry4; + s4 -= carry4 << 21; + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 << 21; + + carry1 = (s1 + (1 << 20)) >> 21; + s2 += carry1; + s1 -= carry1 << 21; + carry3 = (s3 + (1 << 20)) >> 21; + s4 += carry3; + s3 -= carry3 << 21; + carry5 = (s5 + (1 << 20)) >> 21; + s6 += carry5; + s5 -= carry5 << 21; + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 << 21; + //carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21; + carry11 = (s11 + (1 << 20)) >> 21; + s12 = carry11; + s11 -= carry11 << 21; + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + // set below + //s12 = 0; + + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 << 21; + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 << 21; + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 << 21; + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 << 21; + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 << 21; + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 << 21; + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 << 21; + //carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21; + carry11 = s11 >> 21; + s12 = carry11; + s11 -= carry11 << 21; + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + // not used again + //s12 = 0; + + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 << 21; + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 << 21; + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 << 21; + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 << 21; + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 << 21; + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 << 21; + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 << 21; + + byte[] result = new byte[32]; + result[0] = (byte) s0; + result[1] = (byte) (s0 >> 8); + result[2] = (byte) ((s0 >> 16) | (s1 << 5)); + result[3] = (byte) (s1 >> 3); + result[4] = (byte) (s1 >> 11); + result[5] = (byte) ((s1 >> 19) | (s2 << 2)); + result[6] = (byte) (s2 >> 6); + result[7] = (byte) ((s2 >> 14) | (s3 << 7)); + result[8] = (byte) (s3 >> 1); + result[9] = (byte) (s3 >> 9); + result[10] = (byte) ((s3 >> 17) | (s4 << 4)); + result[11] = (byte) (s4 >> 4); + result[12] = (byte) (s4 >> 12); + result[13] = (byte) ((s4 >> 20) | (s5 << 1)); + result[14] = (byte) (s5 >> 7); + result[15] = (byte) ((s5 >> 15) | (s6 << 6)); + result[16] = (byte) (s6 >> 2); + result[17] = (byte) (s6 >> 10); + result[18] = (byte) ((s6 >> 18) | (s7 << 3)); + result[19] = (byte) (s7 >> 5); + result[20] = (byte) (s7 >> 13); + result[21] = (byte) s8; + result[22] = (byte) (s8 >> 8); + result[23] = (byte) ((s8 >> 16) | (s9 << 5)); + result[24] = (byte) (s9 >> 3); + result[25] = (byte) (s9 >> 11); + result[26] = (byte) ((s9 >> 19) | (s10 << 2)); + result[27] = (byte) (s10 >> 6); + result[28] = (byte) ((s10 >> 14) | (s11 << 7)); + result[29] = (byte) (s11 >> 1); + result[30] = (byte) (s11 >> 9); + result[31] = (byte) (s11 >> 17); + return result; + } +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/ed25519/package-info.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/ed25519/package-info.java new file mode 100644 index 0000000..d1ee1fd --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/ed25519/package-info.java @@ -0,0 +1,4 @@ +/** + * Low-level, optimized implementation using Radix $2^{51}$ for Curve 25519. + */ +package org.xbib.io.sshd.eddsa.math.ed25519; diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/package-info.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/package-info.java new file mode 100644 index 0000000..1f1d1e7 --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/math/package-info.java @@ -0,0 +1,6 @@ +/** + * Data structures that definie curves and fields, and the mathematical operaions on them. + * Low-level implementation in bigint for any curve using BigIntegers, + * and in ed25519 for Curve 25519 using Radix $2^{51}$. + */ +package org.xbib.io.sshd.eddsa.math; diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/spec/EdDSAGenParameterSpec.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/spec/EdDSAGenParameterSpec.java new file mode 100644 index 0000000..9744447 --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/spec/EdDSAGenParameterSpec.java @@ -0,0 +1,19 @@ +package org.xbib.io.sshd.eddsa.spec; + +import java.security.spec.AlgorithmParameterSpec; + +/** + * Implementation of AlgorithmParameterSpec that holds the name of a named + * EdDSA curve specification. + */ +public class EdDSAGenParameterSpec implements AlgorithmParameterSpec { + private final String name; + + public EdDSAGenParameterSpec(String stdName) { + name = stdName; + } + + public String getName() { + return name; + } +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/spec/EdDSANamedCurveSpec.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/spec/EdDSANamedCurveSpec.java new file mode 100644 index 0000000..5d5764a --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/spec/EdDSANamedCurveSpec.java @@ -0,0 +1,23 @@ +package org.xbib.io.sshd.eddsa.spec; + +import org.xbib.io.sshd.eddsa.math.Curve; +import org.xbib.io.sshd.eddsa.math.GroupElement; +import org.xbib.io.sshd.eddsa.math.ScalarOps; + +/** + * EdDSA Curve specification that can also be referred to by name. + */ +public class EdDSANamedCurveSpec extends EdDSAParameterSpec { + + private final String name; + + public EdDSANamedCurveSpec(String name, Curve curve, + String hashAlgo, ScalarOps sc, GroupElement B) { + super(curve, hashAlgo, sc, B); + this.name = name; + } + + public String getName() { + return name; + } +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/spec/EdDSANamedCurveTable.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/spec/EdDSANamedCurveTable.java new file mode 100644 index 0000000..aa65885 --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/spec/EdDSANamedCurveTable.java @@ -0,0 +1,56 @@ +package org.xbib.io.sshd.eddsa.spec; + +import org.xbib.io.sshd.eddsa.Utils; +import org.xbib.io.sshd.eddsa.math.Curve; +import org.xbib.io.sshd.eddsa.math.Field; +import org.xbib.io.sshd.eddsa.math.ed25519.Ed25519LittleEndianEncoding; +import org.xbib.io.sshd.eddsa.math.ed25519.Ed25519ScalarOps; + +import java.util.Hashtable; +import java.util.Locale; + +/** + * The named EdDSA curves. + */ +public class EdDSANamedCurveTable { + private static final Field ed25519field = new Field( + 256, // b + Utils.hexToBytes("edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f"), // q + new Ed25519LittleEndianEncoding()); + + private static final Curve ed25519curve = new Curve(ed25519field, + Utils.hexToBytes("a3785913ca4deb75abd841414d0a700098e879777940c78c73fe6f2bee6c0352"), // d + ed25519field.fromByteArray(Utils.hexToBytes("b0a00e4a271beec478e42fad0618432fa7d7fb3d99004d2b0bdfc14f8024832b"))); // I + + private static final EdDSANamedCurveSpec ed25519 = new EdDSANamedCurveSpec( + "Ed25519", + ed25519curve, + "SHA-512", // H + new Ed25519ScalarOps(), // l + ed25519curve.createPoint( // B + Utils.hexToBytes("5866666666666666666666666666666666666666666666666666666666666666"), + true)); // Precompute tables for B + + private static final Hashtable curves = new Hashtable(); + + static { + // RFC 8032 + defineCurve(ed25519); + } + + public static void defineCurve(EdDSANamedCurveSpec curve) { + curves.put(curve.getName().toLowerCase(Locale.ENGLISH), curve); + } + + static void defineCurveAlias(String name, String alias) { + EdDSANamedCurveSpec curve = curves.get(name.toLowerCase(Locale.ENGLISH)); + if (curve == null) { + throw new IllegalStateException(); + } + curves.put(alias.toLowerCase(Locale.ENGLISH), curve); + } + + public static EdDSANamedCurveSpec getByName(String name) { + return curves.get(name.toLowerCase(Locale.ENGLISH)); + } +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/spec/EdDSAParameterSpec.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/spec/EdDSAParameterSpec.java new file mode 100644 index 0000000..2e50bd9 --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/spec/EdDSAParameterSpec.java @@ -0,0 +1,84 @@ +package org.xbib.io.sshd.eddsa.spec; + +import org.xbib.io.sshd.eddsa.math.Curve; +import org.xbib.io.sshd.eddsa.math.GroupElement; +import org.xbib.io.sshd.eddsa.math.ScalarOps; + +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.spec.AlgorithmParameterSpec; + +//import java.io.Serializable; + +/** + * Parameter specification for an EdDSA algorithm. + */ +public class EdDSAParameterSpec implements AlgorithmParameterSpec/*, Serializable*/ { + // private static final long serialVersionUID = 8274987108472012L; + private final Curve curve; + private final String hashAlgo; + private final ScalarOps sc; + private final GroupElement B; + + /** + * @param curve the curve + * @param hashAlgo the JCA string for the hash algorithm + * @param sc the parameter L represented as ScalarOps + * @param B the parameter B + * @throws IllegalArgumentException if hash algorithm is unsupported or length is wrong + */ + public EdDSAParameterSpec(Curve curve, String hashAlgo, + ScalarOps sc, GroupElement B) { + try { + MessageDigest hash = MessageDigest.getInstance(hashAlgo); + // EdDSA hash function must produce 2b-bit output + if (curve.getField().getb() / 4 != hash.getDigestLength()) + throw new IllegalArgumentException("Hash output is not 2b-bit"); + } catch (NoSuchAlgorithmException e) { + throw new IllegalArgumentException("Unsupported hash algorithm"); + } + + this.curve = curve; + this.hashAlgo = hashAlgo; + this.sc = sc; + this.B = B; + } + + public Curve getCurve() { + return curve; + } + + public String getHashAlgorithm() { + return hashAlgo; + } + + public ScalarOps getScalarOps() { + return sc; + } + + /** + * @return the base (generator) + */ + public GroupElement getB() { + return B; + } + + @Override + public int hashCode() { + return hashAlgo.hashCode() ^ + curve.hashCode() ^ + B.hashCode(); + } + + @Override + public boolean equals(Object o) { + if (o == this) + return true; + if (!(o instanceof EdDSAParameterSpec)) + return false; + EdDSAParameterSpec s = (EdDSAParameterSpec) o; + return hashAlgo.equals(s.getHashAlgorithm()) && + curve.equals(s.getCurve()) && + B.equals(s.getB()); + } +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/spec/EdDSAPrivateKeySpec.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/spec/EdDSAPrivateKeySpec.java new file mode 100644 index 0000000..af1b501 --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/spec/EdDSAPrivateKeySpec.java @@ -0,0 +1,120 @@ +package org.xbib.io.sshd.eddsa.spec; + +import org.xbib.io.sshd.eddsa.math.GroupElement; + +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.spec.KeySpec; +import java.util.Arrays; + +/** + * + */ +public class EdDSAPrivateKeySpec implements KeySpec { + private final byte[] seed; + private final byte[] h; + private final byte[] a; + private final GroupElement A; + private final EdDSAParameterSpec spec; + + /** + * @param seed the private key + * @param spec the parameter specification for this key + * @throws IllegalArgumentException if seed length is wrong or hash algorithm is unsupported + */ + public EdDSAPrivateKeySpec(byte[] seed, EdDSAParameterSpec spec) { + if (seed.length != spec.getCurve().getField().getb() / 8) + throw new IllegalArgumentException("seed length is wrong"); + + this.spec = spec; + this.seed = seed; + + try { + MessageDigest hash = MessageDigest.getInstance(spec.getHashAlgorithm()); + int b = spec.getCurve().getField().getb(); + + // H(k) + h = hash.digest(seed); + + /*a = BigInteger.valueOf(2).pow(b-2); + for (int i=3;i<(b-2);i++) { + a = a.add(BigInteger.valueOf(2).pow(i).multiply(BigInteger.valueOf(Utils.bit(h,i)))); + }*/ + // Saves ~0.4ms per key when running signing tests. + // TODO: are these bitflips the same for any hash function? + h[0] &= 248; + h[(b / 8) - 1] &= 63; + h[(b / 8) - 1] |= 64; + a = Arrays.copyOfRange(h, 0, b / 8); + + A = spec.getB().scalarMultiply(a); + } catch (NoSuchAlgorithmException e) { + throw new IllegalArgumentException("Unsupported hash algorithm"); + } + } + + /** + * Initialize directly from the hash. + * getSeed() will return null if this constructor is used. + * + * @param spec the parameter specification for this key + * @param h the private key + * @throws IllegalArgumentException if hash length is wrong + */ + public EdDSAPrivateKeySpec(EdDSAParameterSpec spec, byte[] h) { + if (h.length != spec.getCurve().getField().getb() / 4) + throw new IllegalArgumentException("hash length is wrong"); + + this.seed = null; + this.h = h; + this.spec = spec; + int b = spec.getCurve().getField().getb(); + + h[0] &= 248; + h[(b / 8) - 1] &= 63; + h[(b / 8) - 1] |= 64; + a = Arrays.copyOfRange(h, 0, b / 8); + + A = spec.getB().scalarMultiply(a); + } + + public EdDSAPrivateKeySpec(byte[] seed, byte[] h, byte[] a, GroupElement A, EdDSAParameterSpec spec) { + this.seed = seed; + this.h = h; + this.a = a; + this.A = A; + this.spec = spec; + } + + /** + * @return will be null if constructed directly from the private key + */ + public byte[] getSeed() { + return seed; + } + + /** + * @return the hash + */ + public byte[] getH() { + return h; + } + + /** + * @return the private key + */ + public byte[] geta() { + return a; + } + + /** + * @return the public key + */ + public GroupElement getA() { + return A; + } + + public EdDSAParameterSpec getParams() { + return spec; + } +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/spec/EdDSAPublicKeySpec.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/spec/EdDSAPublicKeySpec.java new file mode 100644 index 0000000..bb1bca6 --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/spec/EdDSAPublicKeySpec.java @@ -0,0 +1,49 @@ +package org.xbib.io.sshd.eddsa.spec; + +import org.xbib.io.sshd.eddsa.math.GroupElement; + +import java.security.spec.KeySpec; + +/** + * + */ +public class EdDSAPublicKeySpec implements KeySpec { + private final GroupElement A; + private final GroupElement Aneg; + private final EdDSAParameterSpec spec; + + /** + * @param pk the public key + * @param spec the parameter specification for this key + * @throws IllegalArgumentException if key length is wrong + */ + public EdDSAPublicKeySpec(byte[] pk, EdDSAParameterSpec spec) { + if (pk.length != spec.getCurve().getField().getb() / 8) + throw new IllegalArgumentException("public-key length is wrong"); + + this.A = new GroupElement(spec.getCurve(), pk); + // Precompute -A for use in verification. + this.Aneg = A.negate(); + Aneg.precompute(false); + this.spec = spec; + } + + public EdDSAPublicKeySpec(GroupElement A, EdDSAParameterSpec spec) { + this.A = A; + this.Aneg = A.negate(); + Aneg.precompute(false); + this.spec = spec; + } + + public GroupElement getA() { + return A; + } + + public GroupElement getNegativeA() { + return Aneg; + } + + public EdDSAParameterSpec getParams() { + return spec; + } +} diff --git a/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/spec/package-info.java b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/spec/package-info.java new file mode 100644 index 0000000..74decab --- /dev/null +++ b/files-eddsa/src/main/java/org/xbib/io/sshd/eddsa/spec/package-info.java @@ -0,0 +1,5 @@ +/** + * Specifications for curves and keys, and a table for named curves. + * Contains the following curves: Ed25519 + */ +package org.xbib.io.sshd.eddsa.spec; diff --git a/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/Ed25519TestVectors.java b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/Ed25519TestVectors.java new file mode 100644 index 0000000..103a588 --- /dev/null +++ b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/Ed25519TestVectors.java @@ -0,0 +1,54 @@ +package org.xbib.io.sshd.eddsa; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + +/** + * + */ +public class Ed25519TestVectors { + public static class TestTuple { + public static int numCases; + public int caseNum; + public byte[] seed; + public byte[] pk; + public byte[] message; + public byte[] sig; + + public TestTuple(String line) { + caseNum = ++numCases; + String[] x = line.split(":"); + seed = Utils.hexToBytes(x[0].substring(0, 64)); + pk = Utils.hexToBytes(x[1]); + message = Utils.hexToBytes(x[2]); + sig = Utils.hexToBytes(x[3].substring(0, 128)); + } + } + + public static Collection testCases = getTestData("test.data"); + + public static Collection getTestData(String fileName) { + List testCases = new ArrayList(); + BufferedReader file = null; + try { + InputStream is = Ed25519TestVectors.class.getResourceAsStream(fileName); + if (is == null) + throw new IOException("Resource not found: " + fileName); + file = new BufferedReader(new InputStreamReader(is)); + String line; + while ((line = file.readLine()) != null) { + testCases.add(new TestTuple(line)); + } + } catch (IOException e) { + e.printStackTrace(); + } finally { + if (file != null) try { file.close(); } catch (IOException e) {} + } + return testCases; + } +} diff --git a/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/EdDSAEngineTest.java b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/EdDSAEngineTest.java new file mode 100644 index 0000000..17b3139 --- /dev/null +++ b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/EdDSAEngineTest.java @@ -0,0 +1,204 @@ +package org.xbib.io.sshd.eddsa; + +import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.is; +import static org.junit.Assert.assertThat; + +import java.nio.charset.Charset; +import java.security.MessageDigest; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.Signature; +import java.security.SignatureException; + +import org.xbib.io.sshd.eddsa.spec.EdDSANamedCurveTable; +import org.xbib.io.sshd.eddsa.spec.EdDSAParameterSpec; +import org.xbib.io.sshd.eddsa.spec.EdDSAPrivateKeySpec; +import org.xbib.io.sshd.eddsa.spec.EdDSAPublicKeySpec; + +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.ExpectedException; + +/** + * + */ +public class EdDSAEngineTest { + static final byte[] TEST_SEED = Utils.hexToBytes("0000000000000000000000000000000000000000000000000000000000000000"); + static final byte[] TEST_PK = Utils.hexToBytes("3b6a27bcceb6a42d62a3a8d02a6f0d73653215771de243a63ac048a18b59da29"); + static final byte[] TEST_MSG = "This is a secret message".getBytes(Charset.forName("UTF-8")); + static final byte[] TEST_MSG_SIG = Utils.hexToBytes("94825896c7075c31bcb81f06dba2bdcd9dcf16e79288d4b9f87c248215c8468d475f429f3de3b4a2cf67fe17077ae19686020364d6d4fa7a0174bab4a123ba0f"); + + @Rule + public ExpectedException exception = ExpectedException.none(); + + @Test + public void testSign() throws Exception { + EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName("Ed25519"); + //Signature sgr = Signature.getInstance("EdDSA", "I2P"); + Signature sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm())); + + for (Ed25519TestVectors.TestTuple testCase : Ed25519TestVectors.testCases) { + EdDSAPrivateKeySpec privKey = new EdDSAPrivateKeySpec(testCase.seed, spec); + PrivateKey sKey = new EdDSAPrivateKey(privKey); + sgr.initSign(sKey); + + sgr.update(testCase.message); + + assertThat("Test case " + testCase.caseNum + " failed", + sgr.sign(), is(equalTo(testCase.sig))); + } + } + + @Test + public void testVerify() throws Exception { + EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName("Ed25519"); + //Signature sgr = Signature.getInstance("EdDSA", "I2P"); + Signature sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm())); + for (Ed25519TestVectors.TestTuple testCase : Ed25519TestVectors.testCases) { + EdDSAPublicKeySpec pubKey = new EdDSAPublicKeySpec(testCase.pk, spec); + PublicKey vKey = new EdDSAPublicKey(pubKey); + sgr.initVerify(vKey); + + sgr.update(testCase.message); + + assertThat("Test case " + testCase.caseNum + " failed", + sgr.verify(testCase.sig), is(true)); + } + } + + /** + * Checks that a wrong-length signature throws an IAE. + */ + @Test + public void testVerifyWrongSigLength() throws Exception { + EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName("Ed25519"); + //Signature sgr = Signature.getInstance("EdDSA", "I2P"); + Signature sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm())); + EdDSAPublicKeySpec pubKey = new EdDSAPublicKeySpec(TEST_PK, spec); + PublicKey vKey = new EdDSAPublicKey(pubKey); + sgr.initVerify(vKey); + + sgr.update(TEST_MSG); + + exception.expect(SignatureException.class); + exception.expectMessage("signature length is wrong"); + sgr.verify(new byte[] {0}); + } + + @Test + public void testSignResetsForReuse() throws Exception { + EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName("Ed25519"); + Signature sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm())); + EdDSAPrivateKeySpec privKey = new EdDSAPrivateKeySpec(TEST_SEED, spec); + PrivateKey sKey = new EdDSAPrivateKey(privKey); + sgr.initSign(sKey); + + // First usage + sgr.update(new byte[] {0}); + sgr.sign(); + + // Second usage + sgr.update(TEST_MSG); + assertThat("Second sign failed", sgr.sign(), is(equalTo(TEST_MSG_SIG))); + } + + @Test + public void testVerifyResetsForReuse() throws Exception { + EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName("Ed25519"); + Signature sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm())); + EdDSAPublicKeySpec pubKey = new EdDSAPublicKeySpec(TEST_PK, spec); + PublicKey vKey = new EdDSAPublicKey(pubKey); + sgr.initVerify(vKey); + + // First usage + sgr.update(new byte[] {0}); + sgr.verify(TEST_MSG_SIG); + + // Second usage + sgr.update(TEST_MSG); + assertThat("Second verify failed", sgr.verify(TEST_MSG_SIG), is(true)); + } + + @Test + public void testSignOneShotMode() throws Exception { + EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName("Ed25519"); + Signature sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm())); + EdDSAPrivateKeySpec privKey = new EdDSAPrivateKeySpec(TEST_SEED, spec); + PrivateKey sKey = new EdDSAPrivateKey(privKey); + sgr.initSign(sKey); + sgr.setParameter(EdDSAEngine.ONE_SHOT_MODE); + + sgr.update(TEST_MSG); + + assertThat("One-shot mode sign failed", sgr.sign(), is(equalTo(TEST_MSG_SIG))); + } + + @Test + public void testVerifyOneShotMode() throws Exception { + EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName("Ed25519"); + Signature sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm())); + EdDSAPublicKeySpec pubKey = new EdDSAPublicKeySpec(TEST_PK, spec); + PublicKey vKey = new EdDSAPublicKey(pubKey); + sgr.initVerify(vKey); + sgr.setParameter(EdDSAEngine.ONE_SHOT_MODE); + + sgr.update(TEST_MSG); + + assertThat("One-shot mode verify failed", sgr.verify(TEST_MSG_SIG), is(true)); + } + + @Test + public void testSignOneShotModeMultipleUpdates() throws Exception { + EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName("Ed25519"); + Signature sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm())); + EdDSAPrivateKeySpec privKey = new EdDSAPrivateKeySpec(TEST_SEED, spec); + PrivateKey sKey = new EdDSAPrivateKey(privKey); + sgr.initSign(sKey); + sgr.setParameter(EdDSAEngine.ONE_SHOT_MODE); + + sgr.update(TEST_MSG); + + exception.expect(SignatureException.class); + exception.expectMessage("update() already called"); + sgr.update(TEST_MSG); + } + + @Test + public void testVerifyOneShotModeMultipleUpdates() throws Exception { + EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName("Ed25519"); + EdDSAPublicKeySpec pubKey = new EdDSAPublicKeySpec(TEST_PK, spec); + Signature sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm())); + PublicKey vKey = new EdDSAPublicKey(pubKey); + sgr.initVerify(vKey); + sgr.setParameter(EdDSAEngine.ONE_SHOT_MODE); + + sgr.update(TEST_MSG); + + exception.expect(SignatureException.class); + exception.expectMessage("update() already called"); + sgr.update(TEST_MSG); + } + + @Test + public void testSignOneShot() throws Exception { + EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName("Ed25519"); + EdDSAPrivateKeySpec privKey = new EdDSAPrivateKeySpec(TEST_SEED, spec); + EdDSAEngine sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm())); + PrivateKey sKey = new EdDSAPrivateKey(privKey); + sgr.initSign(sKey); + + assertThat("signOneShot() failed", sgr.signOneShot(TEST_MSG), is(equalTo(TEST_MSG_SIG))); + } + + @Test + public void testVerifyOneShot() throws Exception { + EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName("Ed25519"); + EdDSAPublicKeySpec pubKey = new EdDSAPublicKeySpec(TEST_PK, spec); + EdDSAEngine sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm())); + PublicKey vKey = new EdDSAPublicKey(pubKey); + sgr.initVerify(vKey); + + assertThat("verifyOneShot() failed", sgr.verifyOneShot(TEST_MSG, TEST_MSG_SIG), is(true)); + } +} diff --git a/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/EdDSAPrivateKeyTest.java b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/EdDSAPrivateKeyTest.java new file mode 100644 index 0000000..96634fe --- /dev/null +++ b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/EdDSAPrivateKeyTest.java @@ -0,0 +1,81 @@ +package org.xbib.io.sshd.eddsa; + +import static org.hamcrest.Matchers.*; +import static org.junit.Assert.*; + +import java.security.spec.PKCS8EncodedKeySpec; + +import org.xbib.io.sshd.eddsa.spec.EdDSAPrivateKeySpec; + +import org.junit.Test; + +/** + * + */ +public class EdDSAPrivateKeyTest { + /** + * The example private key MC4CAQAwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC + * from https://tools.ietf.org/html/draft-ietf-curdle-pkix-04#section-10.3 + */ + static final byte[] TEST_PRIVKEY = Utils.hexToBytes("302e020100300506032b657004220420d4ee72dbf913584ad5b6d8f1f769f8ad3afe7c28cbf1d4fbe097a88f44755842"); + + static final byte[] TEST_PRIVKEY_NULL_PARAMS = Utils.hexToBytes("3030020100300706032b6570050004220420d4ee72dbf913584ad5b6d8f1f769f8ad3afe7c28cbf1d4fbe097a88f44755842"); + static final byte[] TEST_PRIVKEY_OLD = Utils.hexToBytes("302f020100300806032b65640a01010420d4ee72dbf913584ad5b6d8f1f769f8ad3afe7c28cbf1d4fbe097a88f44755842"); + + @Test + public void testDecodeAndEncode() throws Exception { + // Decode + PKCS8EncodedKeySpec encoded = new PKCS8EncodedKeySpec(TEST_PRIVKEY); + EdDSAPrivateKey keyIn = new EdDSAPrivateKey(encoded); + + // Encode + EdDSAPrivateKeySpec decoded = new EdDSAPrivateKeySpec( + keyIn.getSeed(), + keyIn.getH(), + keyIn.geta(), + keyIn.getA(), + keyIn.getParams()); + EdDSAPrivateKey keyOut = new EdDSAPrivateKey(decoded); + + // Check + assertThat(keyOut.getEncoded(), is(equalTo(TEST_PRIVKEY))); + } + + @Test + public void testDecodeWithNullAndEncode() throws Exception { + // Decode + PKCS8EncodedKeySpec encoded = new PKCS8EncodedKeySpec(TEST_PRIVKEY_NULL_PARAMS); + EdDSAPrivateKey keyIn = new EdDSAPrivateKey(encoded); + + // Encode + EdDSAPrivateKeySpec decoded = new EdDSAPrivateKeySpec( + keyIn.getSeed(), + keyIn.getH(), + keyIn.geta(), + keyIn.getA(), + keyIn.getParams()); + EdDSAPrivateKey keyOut = new EdDSAPrivateKey(decoded); + + // Check + assertThat(keyOut.getEncoded(), is(equalTo(TEST_PRIVKEY))); + } + + @Test + public void testReEncodeOldEncoding() throws Exception { + // Decode + PKCS8EncodedKeySpec encoded = new PKCS8EncodedKeySpec(TEST_PRIVKEY_OLD); + EdDSAPrivateKey keyIn = new EdDSAPrivateKey(encoded); + + // Encode + EdDSAPrivateKeySpec decoded = new EdDSAPrivateKeySpec( + keyIn.getSeed(), + keyIn.getH(), + keyIn.geta(), + keyIn.getA(), + keyIn.getParams()); + EdDSAPrivateKey keyOut = new EdDSAPrivateKey(decoded); + + // Check + assertThat(keyOut.getEncoded(), is(equalTo(TEST_PRIVKEY))); + } +} diff --git a/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/EdDSAPublicKeyTest.java b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/EdDSAPublicKeyTest.java new file mode 100644 index 0000000..57ba80e --- /dev/null +++ b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/EdDSAPublicKeyTest.java @@ -0,0 +1,72 @@ +package org.xbib.io.sshd.eddsa; + +import static org.hamcrest.Matchers.*; +import static org.junit.Assert.*; + +import java.security.spec.X509EncodedKeySpec; + +import org.xbib.io.sshd.eddsa.spec.EdDSAPublicKeySpec; + +import org.junit.Test; + +/** + * + */ +public class EdDSAPublicKeyTest { + /** + * The example public key MCowBQYDK2VwAyEAGb9ECWmEzf6FQbrBZ9w7lshQhqowtrbLDFw4rXAxZuE= + * from https://tools.ietf.org/html/draft-ietf-curdle-pkix-04#section-10.1 + */ + static final byte[] TEST_PUBKEY = Utils.hexToBytes("302a300506032b657003210019bf44096984cdfe8541bac167dc3b96c85086aa30b6b6cb0c5c38ad703166e1"); + + static final byte[] TEST_PUBKEY_NULL_PARAMS = Utils.hexToBytes("302c300706032b6570050003210019bf44096984cdfe8541bac167dc3b96c85086aa30b6b6cb0c5c38ad703166e1"); + static final byte[] TEST_PUBKEY_OLD = Utils.hexToBytes("302d300806032b65640a010103210019bf44096984cdfe8541bac167dc3b96c85086aa30b6b6cb0c5c38ad703166e1"); + + @Test + public void testDecodeAndEncode() throws Exception { + // Decode + X509EncodedKeySpec encoded = new X509EncodedKeySpec(TEST_PUBKEY); + EdDSAPublicKey keyIn = new EdDSAPublicKey(encoded); + + // Encode + EdDSAPublicKeySpec decoded = new EdDSAPublicKeySpec( + keyIn.getA(), + keyIn.getParams()); + EdDSAPublicKey keyOut = new EdDSAPublicKey(decoded); + + // Check + assertThat(keyOut.getEncoded(), is(equalTo(TEST_PUBKEY))); + } + + @Test + public void testDecodeWithNullAndEncode() throws Exception { + // Decode + X509EncodedKeySpec encoded = new X509EncodedKeySpec(TEST_PUBKEY_NULL_PARAMS); + EdDSAPublicKey keyIn = new EdDSAPublicKey(encoded); + + // Encode + EdDSAPublicKeySpec decoded = new EdDSAPublicKeySpec( + keyIn.getA(), + keyIn.getParams()); + EdDSAPublicKey keyOut = new EdDSAPublicKey(decoded); + + // Check + assertThat(keyOut.getEncoded(), is(equalTo(TEST_PUBKEY))); + } + + @Test + public void testReEncodeOldEncoding() throws Exception { + // Decode + X509EncodedKeySpec encoded = new X509EncodedKeySpec(TEST_PUBKEY_OLD); + EdDSAPublicKey keyIn = new EdDSAPublicKey(encoded); + + // Encode + EdDSAPublicKeySpec decoded = new EdDSAPublicKeySpec( + keyIn.getA(), + keyIn.getParams()); + EdDSAPublicKey keyOut = new EdDSAPublicKey(decoded); + + // Check + assertThat(keyOut.getEncoded(), is(equalTo(TEST_PUBKEY))); + } +} diff --git a/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/EdDSASecurityProviderTest.java b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/EdDSASecurityProviderTest.java new file mode 100644 index 0000000..198afc6 --- /dev/null +++ b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/EdDSASecurityProviderTest.java @@ -0,0 +1,37 @@ +package org.xbib.io.sshd.eddsa; + +import java.security.KeyFactory; +import java.security.KeyPairGenerator; +import java.security.NoSuchProviderException; +import java.security.Security; +import java.security.Signature; + +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.ExpectedException; + +/** + * + */ +public class EdDSASecurityProviderTest { + + @Rule + public ExpectedException exception = ExpectedException.none(); + + @Test + public void canGetInstancesWhenProviderIsPresent() throws Exception { + Security.addProvider(new EdDSASecurityProvider()); + + KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EdDSA", "EdDSA"); + KeyFactory keyFac = KeyFactory.getInstance("EdDSA", "EdDSA"); + Signature sgr = Signature.getInstance("NONEwithEdDSA", "EdDSA"); + + Security.removeProvider("EdDSA"); + } + + @Test + public void cannotGetInstancesWhenProviderIsNotPresent() throws Exception { + exception.expect(NoSuchProviderException.class); + KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EdDSA", "EdDSA"); + } +} diff --git a/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/UtilsTest.java b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/UtilsTest.java new file mode 100644 index 0000000..1558d4f --- /dev/null +++ b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/UtilsTest.java @@ -0,0 +1,121 @@ +package org.xbib.io.sshd.eddsa; + +import org.hamcrest.core.IsEqual; +import org.junit.Assert; +import org.junit.Test; + +import java.security.SecureRandom; + +import static org.hamcrest.Matchers.is; +import static org.junit.Assert.assertThat; + +/** + * additional test by the NEM project team. + * + */ +public class UtilsTest { + private static final String hex1 = "3b6a27bcceb6a42d62a3a8d02a6f0d73653215771de243a63ac048a18b59da29"; + private static final String hex2 = "47a3f5b71494bcd961f3a4e859a238d6eaf8e648746d2f56a89b5e236f98d45f"; + private static final String hex3 = "5fd396e4a2b5dc9078f57e3ab5a87c28fd128e5f78cc4a97f4122dc45f6e4bb9"; + private static final byte[] bytes1 = { 59, 106, 39, -68, -50, -74, -92, 45, 98, -93, -88, -48, 42, 111, 13, 115, + 101, 50, 21, 119, 29, -30, 67, -90, 58, -64, 72, -95, -117, 89, -38, 41 }; + private static final byte[] bytes2 = { 71, -93, -11, -73, 20, -108, -68, -39, 97, -13, -92, -24, 89, -94, 56, -42, + -22, -8, -26, 72, 116, 109, 47, 86, -88, -101, 94, 35, 111, -104, -44, 95 }; + private static final byte[] bytes3 = { 95, -45, -106, -28, -94, -75, -36, -112, 120, -11, 126, 58, -75, -88, 124, 40, + -3, 18, -114, 95, 120, -52, 74, -105, -12, 18, 45, -60, 95, 110, 75, -71 }; + + /** + * Test method for {@link Utils#equal(int, int)}. + */ + @Test + public void testIntEqual() { + assertThat(Utils.equal(0, 0), is(1)); + assertThat(Utils.equal(1, 1), is(1)); + assertThat(Utils.equal(1, 0), is(0)); + assertThat(Utils.equal(1, 127), is(0)); + assertThat(Utils.equal(-127, 127), is(0)); + assertThat(Utils.equal(-42, -42), is(1)); + assertThat(Utils.equal(255, 255), is(1)); + assertThat(Utils.equal(-255, -256), is(0)); + } + + @Test + public void equalsReturnsOneForEqualByteArrays() { + final SecureRandom random = new SecureRandom(); + final byte[] bytes1 = new byte[32]; + final byte[] bytes2 = new byte[32]; + for (int i=0; i<100; i++) { + random.nextBytes(bytes1); + System.arraycopy(bytes1, 0, bytes2, 0, 32); + Assert.assertThat(Utils.equal(bytes1, bytes2), IsEqual.equalTo(1)); + } + } + + @Test + public void equalsReturnsZeroForUnequalByteArrays() { + final SecureRandom random = new SecureRandom(); + final byte[] bytes1 = new byte[32]; + final byte[] bytes2 = new byte[32]; + random.nextBytes(bytes1); + for (int i=0; i<32; i++) { + System.arraycopy(bytes1, 0, bytes2, 0, 32); + bytes2[i] = (byte)(bytes2[i] ^ 0xff); + Assert.assertThat(Utils.equal(bytes1, bytes2), IsEqual.equalTo(0)); + } + } + + /** + * Test method for {@link Utils#equal(byte[], byte[])}. + */ + @Test + public void testByteArrayEqual() { + byte[] zero = new byte[32]; + byte[] one = new byte[32]; + one[0] = 1; + + assertThat(Utils.equal(zero, zero), is(1)); + assertThat(Utils.equal(one, one), is(1)); + assertThat(Utils.equal(one, zero), is(0)); + assertThat(Utils.equal(zero, one), is(0)); + } + + /** + * Test method for {@link Utils#negative(int)}. + */ + @Test + public void testNegative() { + assertThat(Utils.negative(0), is(0)); + assertThat(Utils.negative(1), is(0)); + assertThat(Utils.negative(-1), is(1)); + assertThat(Utils.negative(32), is(0)); + assertThat(Utils.negative(-100), is(1)); + assertThat(Utils.negative(127), is(0)); + assertThat(Utils.negative(-255), is(1)); + } + + /** + * Test method for {@link Utils#bit(byte[], int)}. + */ + @Test + public void testBit() { + assertThat(Utils.bit(new byte[] {0}, 0), is(0)); + assertThat(Utils.bit(new byte[] {8}, 3), is(1)); + assertThat(Utils.bit(new byte[] {1, 2, 3}, 9), is(1)); + assertThat(Utils.bit(new byte[] {1, 2, 3}, 15), is(0)); + assertThat(Utils.bit(new byte[] {1, 2, 3}, 16), is(1)); + } + + @Test + public void hexToBytesReturnsCorrectByteArray() { + Assert.assertThat(Utils.hexToBytes(hex1), IsEqual.equalTo(bytes1)); + Assert.assertThat(Utils.hexToBytes(hex2), IsEqual.equalTo(bytes2)); + Assert.assertThat(Utils.hexToBytes(hex3), IsEqual.equalTo(bytes3)); + } + + @Test + public void bytesToHexReturnsCorrectHexString() { + Assert.assertThat(Utils.bytesToHex(bytes1), IsEqual.equalTo(hex1)); + Assert.assertThat(Utils.bytesToHex(bytes2), IsEqual.equalTo(hex2)); + Assert.assertThat(Utils.bytesToHex(bytes3), IsEqual.equalTo(hex3)); + } +} diff --git a/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/AbstractFieldElementTest.java b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/AbstractFieldElementTest.java new file mode 100644 index 0000000..e70700e --- /dev/null +++ b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/AbstractFieldElementTest.java @@ -0,0 +1,183 @@ +package org.xbib.io.sshd.eddsa.math; + +import org.hamcrest.core.IsEqual; +import org.hamcrest.core.IsNot; +import org.junit.Assert; +import org.junit.Test; + +import java.math.BigInteger; + +/** + * Tests rely on the BigInteger class. + */ +public abstract class AbstractFieldElementTest { + + protected abstract FieldElement getRandomFieldElement(); + protected abstract BigInteger toBigInteger(FieldElement f); + protected abstract BigInteger getQ(); + protected abstract Field getField(); + + protected abstract FieldElement getZeroFieldElement(); + protected abstract FieldElement getNonZeroFieldElement(); + + @Test + public void isNonZeroReturnsFalseIfFieldElementIsZero() { + final FieldElement f = getZeroFieldElement(); + Assert.assertThat(f.isNonZero(), IsEqual.equalTo(false)); + } + + @Test + public void isNonZeroReturnsTrueIfFieldElementIsNonZero() { + final FieldElement f = getNonZeroFieldElement(); + Assert.assertThat(f.isNonZero(), IsEqual.equalTo(true)); + } + + @Test + public void addReturnsCorrectResult() { + for (int i=0; i<1000; i++) { + final FieldElement f1 = getRandomFieldElement(); + final FieldElement f2 = getRandomFieldElement(); + final BigInteger b1 = toBigInteger(f1); + final BigInteger b2 = toBigInteger(f2); + + final FieldElement f3 = f1.add(f2); + final BigInteger b3 = toBigInteger(f3).mod(getQ()); + Assert.assertThat(b3, IsEqual.equalTo(b1.add(b2).mod(getQ()))); + } + } + + @Test + public void subtractReturnsCorrectResult() { + for (int i=0; i<1000; i++) { + final FieldElement f1 = getRandomFieldElement(); + final FieldElement f2 = getRandomFieldElement(); + final BigInteger b1 = toBigInteger(f1); + final BigInteger b2 = toBigInteger(f2); + + final FieldElement f3 = f1.subtract(f2); + final BigInteger b3 = toBigInteger(f3).mod(getQ()); + + Assert.assertThat(b3, IsEqual.equalTo(b1.subtract(b2).mod(getQ()))); + } + } + + @Test + public void negateReturnsCorrectResult() { + for (int i=0; i<1000; i++) { + final FieldElement f1 = getRandomFieldElement(); + final BigInteger b1 = toBigInteger(f1); + + final FieldElement f2 = f1.negate(); + final BigInteger b2 = toBigInteger(f2).mod(getQ()); + + Assert.assertThat(b2, IsEqual.equalTo(b1.negate().mod(getQ()))); + } + } + + @Test + public void multiplyReturnsCorrectResult() { + for (int i=0; i<1000; i++) { + final FieldElement f1 = getRandomFieldElement(); + final FieldElement f2 = getRandomFieldElement(); + final BigInteger b1 = toBigInteger(f1); + final BigInteger b2 = toBigInteger(f2); + + final FieldElement f3 = f1.multiply(f2); + final BigInteger b3 = toBigInteger(f3).mod(getQ()); + + Assert.assertThat(b3, IsEqual.equalTo(b1.multiply(b2).mod(getQ()))); + } + } + + @Test + public void squareReturnsCorrectResult() { + for (int i=0; i<1000; i++) { + final FieldElement f1 = getRandomFieldElement(); + final BigInteger b1 = toBigInteger(f1); + + final FieldElement f2 = f1.square(); + final BigInteger b2 = toBigInteger(f2).mod(getQ()); + + Assert.assertThat(b2, IsEqual.equalTo(b1.multiply(b1).mod(getQ()))); + } + } + + @Test + public void squareAndDoubleReturnsCorrectResult() { + for (int i=0; i<1000; i++) { + final FieldElement f1 = getRandomFieldElement(); + final BigInteger b1 = toBigInteger(f1); + + final FieldElement f2 = f1.squareAndDouble(); + final BigInteger b2 = toBigInteger(f2).mod(getQ()); + + Assert.assertThat(b2, IsEqual.equalTo(b1.multiply(b1).multiply(new BigInteger("2")).mod(getQ()))); + } + } + + @Test + public void invertReturnsCorrectResult() { + for (int i=0; i<1000; i++) { + final FieldElement f1 = getRandomFieldElement(); + final BigInteger b1 = toBigInteger(f1); + + final FieldElement f2 = f1.invert(); + final BigInteger b2 = toBigInteger(f2).mod(getQ()); + + Assert.assertThat(b2, IsEqual.equalTo(b1.modInverse(getQ()))); + } + } + + @Test + public void pow22523ReturnsCorrectResult() { + for (int i=0; i<1000; i++) { + final FieldElement f1 = getRandomFieldElement(); + final BigInteger b1 = toBigInteger(f1); + + final FieldElement f2 = f1.pow22523(); + final BigInteger b2 = toBigInteger(f2).mod(getQ()); + + Assert.assertThat(b2, IsEqual.equalTo(b1.modPow(BigInteger.ONE.shiftLeft(252).subtract(new BigInteger("3")), getQ()))); + } + } + + @Test + public void cmovReturnsCorrectResult() { + final FieldElement zero = getZeroFieldElement(); + final FieldElement nz = getNonZeroFieldElement(); + final FieldElement f = getRandomFieldElement(); + + Assert.assertThat(zero.cmov(nz, 0), IsEqual.equalTo(zero)); + Assert.assertThat(zero.cmov(nz, 1), IsEqual.equalTo(nz)); + + Assert.assertThat(f.cmov(nz, 0), IsEqual.equalTo(f)); + Assert.assertThat(f.cmov(nz, 1), IsEqual.equalTo(nz)); + } + + @Test + public void equalsOnlyReturnsTrueForEquivalentObjects() { + final FieldElement f1 = getRandomFieldElement(); + final FieldElement f2 = getField().getEncoding().decode(f1.toByteArray()); + final FieldElement f3 = getRandomFieldElement(); + final FieldElement f4 = getRandomFieldElement(); + + Assert.assertThat(f1, IsEqual.equalTo(f2)); + Assert.assertThat(f1, IsNot.not(IsEqual.equalTo(f3))); + Assert.assertThat(f1, IsNot.not(IsEqual.equalTo(f4))); + Assert.assertThat(f3, IsNot.not(IsEqual.equalTo(f4))); + } + + @Test + public void hashCodesAreEqualForEquivalentObjects() { + final FieldElement f1 = getRandomFieldElement(); + final FieldElement f2 = getField().getEncoding().decode(f1.toByteArray()); + final FieldElement f3 = getRandomFieldElement(); + final FieldElement f4 = getRandomFieldElement(); + + Assert.assertThat(f1.hashCode(), IsEqual.equalTo(f2.hashCode())); + Assert.assertThat(f1.hashCode(), IsNot.not(IsEqual.equalTo(f3.hashCode()))); + Assert.assertThat(f1.hashCode(), IsNot.not(IsEqual.equalTo(f4.hashCode()))); + Assert.assertThat(f3.hashCode(), IsNot.not(IsEqual.equalTo(f4.hashCode()))); + } + +} diff --git a/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/ConstantsTest.java b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/ConstantsTest.java new file mode 100644 index 0000000..854ddcf --- /dev/null +++ b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/ConstantsTest.java @@ -0,0 +1,78 @@ +package org.xbib.io.sshd.eddsa.math; + +import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.greaterThanOrEqualTo; +import static org.hamcrest.Matchers.is; +import static org.junit.Assert.assertThat; +import static org.junit.Assert.fail; + +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + +import org.xbib.io.sshd.eddsa.spec.EdDSANamedCurveSpec; +import org.xbib.io.sshd.eddsa.spec.EdDSANamedCurveTable; + +import org.junit.Test; + +/** + * Based on the tests in checkparams.py from the Python Ed25519 implementation. + * + */ +public class ConstantsTest { + static final EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName("Ed25519"); + static final Curve curve = ed25519.getCurve(); + + static final FieldElement ZERO = curve.getField().ZERO; + static final FieldElement ONE = curve.getField().ONE; + static final FieldElement TWO = curve.getField().TWO; + + static final GroupElement P3_ZERO = GroupElement.p3(curve, ZERO, ONE, ONE, ZERO); + + @Test + public void testb() { + int b = curve.getField().getb(); + assertThat(b, is(greaterThanOrEqualTo(10))); + try { + MessageDigest h = MessageDigest.getInstance(ed25519.getHashAlgorithm()); + assertThat(8 * h.getDigestLength(), is(equalTo(2 * b))); + } catch (NoSuchAlgorithmException e) { + fail(e.getMessage()); + } + } + + /*@Test + public void testq() { + FieldElement q = curve.getField().getQ(); + assertThat(TWO.modPow(q.subtractOne(), q), is(equalTo(ONE))); + assertThat(q.mod(curve.getField().FOUR), is(equalTo(ONE))); + } + + @Test + public void testl() { + int b = curve.getField().getb(); + BigInteger l = ed25519.getL(); + assertThat(TWO.modPow(l.subtract(BigInteger.ONE), l), is(equalTo(ONE))); + assertThat(l, is(greaterThanOrEqualTo(BigInteger.valueOf(2).pow(b-4)))); + assertThat(l, is(lessThanOrEqualTo(BigInteger.valueOf(2).pow(b-3)))); + } + + @Test + public void testd() { + FieldElement q = curve.getField().getQ(); + FieldElement qm1 = q.subtractOne(); + assertThat(curve.getD().modPow(qm1.divide(curve.getField().TWO), q), is(equalTo(qm1))); + } + + @Test + public void testI() { + FieldElement q = curve.getField().getQ(); + assertThat(curve.getI().modPow(curve.getField().TWO, q), is(equalTo(q.subtractOne()))); + }*/ + + @Test + public void testB() { + GroupElement B = ed25519.getB(); + assertThat(B.isOnCurve(curve), is(true)); + //assertThat(B.scalarMultiply(new BigIntegerLittleEndianEncoding().encode(ed25519.getL(), curve.getField().getb()/8)), is(equalTo(P3_ZERO))); + } +} diff --git a/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/GroupElementTest.java b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/GroupElementTest.java new file mode 100644 index 0000000..a7b3595 --- /dev/null +++ b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/GroupElementTest.java @@ -0,0 +1,865 @@ +package org.xbib.io.sshd.eddsa.math; + +import org.xbib.io.sshd.eddsa.Ed25519TestVectors; +import org.xbib.io.sshd.eddsa.Utils; +import org.xbib.io.sshd.eddsa.spec.EdDSANamedCurveSpec; +import org.xbib.io.sshd.eddsa.spec.EdDSANamedCurveTable; +import org.hamcrest.core.IsEqual; +import org.hamcrest.core.IsNot; +import org.junit.Assert; +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.ExpectedException; + +import java.math.BigInteger; +import java.util.Arrays; + +import static org.hamcrest.Matchers.*; +import static org.junit.Assert.assertThat; + +/** + * Additional tests by NEM project team. + * + */ +public class GroupElementTest { + static final byte[] BYTES_ZEROZERO = Utils.hexToBytes("0000000000000000000000000000000000000000000000000000000000000000"); + static final byte[] BYTES_ONEONE = Utils.hexToBytes("0100000000000000000000000000000000000000000000000000000000000080"); + static final byte[] BYTES_TENZERO = Utils.hexToBytes("0000000000000000000000000000000000000000000000000000000000000000"); + static final byte[] BYTES_ONETEN = Utils.hexToBytes("0a00000000000000000000000000000000000000000000000000000000000080"); + + static final EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName("Ed25519"); + static final Curve curve = ed25519.getCurve(); + + static final FieldElement ZERO = curve.getField().ZERO; + static final FieldElement ONE = curve.getField().ONE; + static final FieldElement TWO = curve.getField().TWO; + static final FieldElement TEN = curve.getField().fromByteArray(Utils.hexToBytes("0a00000000000000000000000000000000000000000000000000000000000000")); + + static final GroupElement P2_ZERO = GroupElement.p2(curve, ZERO, ONE, ONE); + + static final FieldElement[] PKR = new FieldElement[] { + curve.getField().fromByteArray(Utils.hexToBytes("5849722e338aced7b50c7f0e9328f9a10c847b08e40af5c5b0577b0fd8984f15")), + curve.getField().fromByteArray(Utils.hexToBytes("3b6a27bcceb6a42d62a3a8d02a6f0d73653215771de243a63ac048a18b59da29")) + }; + static final byte[] BYTES_PKR = Utils.hexToBytes("3b6a27bcceb6a42d62a3a8d02a6f0d73653215771de243a63ac048a18b59da29"); + + @Rule + public ExpectedException exception = ExpectedException.none(); + + /** + * Test method for {@link GroupElement#p2(Curve, FieldElement, FieldElement, FieldElement)}. + */ + @Test + public void testP2() { + final GroupElement t = GroupElement.p2(curve, ZERO, ONE, ONE); + assertThat(t.curve, is(equalTo(curve))); + assertThat(t.repr, is(GroupElement.Representation.P2)); + assertThat(t.X, is(ZERO)); + assertThat(t.Y, is(ONE)); + assertThat(t.Z, is(ONE)); + assertThat(t.T, is((FieldElement) null)); + } + + /** + * Test method for {@link GroupElement#p3(Curve, FieldElement, FieldElement, FieldElement, FieldElement)}. + */ + @Test + public void testP3() { + final GroupElement t = GroupElement.p3(curve, ZERO, ONE, ONE, ZERO); + assertThat(t.curve, is(equalTo(curve))); + assertThat(t.repr, is(GroupElement.Representation.P3)); + assertThat(t.X, is(ZERO)); + assertThat(t.Y, is(ONE)); + assertThat(t.Z, is(ONE)); + assertThat(t.T, is(ZERO)); + } + + /** + * Test method for {@link GroupElement#p1p1(Curve, FieldElement, FieldElement, FieldElement, FieldElement)}. + */ + @Test + public void testP1p1() { + final GroupElement t = GroupElement.p1p1(curve, ZERO, ONE, ONE, ONE); + assertThat(t.curve, is(equalTo(curve))); + assertThat(t.repr, is(GroupElement.Representation.P1P1)); + assertThat(t.X, is(ZERO)); + assertThat(t.Y, is(ONE)); + assertThat(t.Z, is(ONE)); + assertThat(t.T, is(ONE)); + } + + /** + * Test method for {@link GroupElement#precomp(Curve, FieldElement, FieldElement, FieldElement)}. + */ + @Test + public void testPrecomp() { + final GroupElement t = GroupElement.precomp(curve, ONE, ONE, ZERO); + assertThat(t.curve, is(equalTo(curve))); + assertThat(t.repr, is(GroupElement.Representation.PRECOMP)); + assertThat(t.X, is(ONE)); + assertThat(t.Y, is(ONE)); + assertThat(t.Z, is(ZERO)); + assertThat(t.T, is((FieldElement) null)); + } + + /** + * Test method for {@link GroupElement#cached(Curve, FieldElement, FieldElement, FieldElement, FieldElement)}. + */ + @Test + public void testCached() { + final GroupElement t = GroupElement.cached(curve, ONE, ONE, ONE, ZERO); + assertThat(t.curve, is(equalTo(curve))); + assertThat(t.repr, is(GroupElement.Representation.CACHED)); + assertThat(t.X, is(ONE)); + assertThat(t.Y, is(ONE)); + assertThat(t.Z, is(ONE)); + assertThat(t.T, is(ZERO)); + } + + /** + * Test method for {@link GroupElement#GroupElement(Curve, GroupElement.Representation, FieldElement, FieldElement, FieldElement, FieldElement)}. + */ + @Test + public void testGroupElementCurveRepresentationFieldElementFieldElementFieldElementFieldElement() { + final GroupElement t = new GroupElement(curve, GroupElement.Representation.P3, ZERO, ONE, ONE, ZERO); + assertThat(t.curve, is(equalTo(curve))); + assertThat(t.repr, is(GroupElement.Representation.P3)); + assertThat(t.X, is(ZERO)); + assertThat(t.Y, is(ONE)); + assertThat(t.Z, is(ONE)); + assertThat(t.T, is(ZERO)); + } + + /** + * Tests {@link GroupElement#GroupElement(Curve, byte[])} and + * {@link GroupElement#toByteArray()} against valid public keys. + */ + @Test + public void testToAndFromByteArray() { + GroupElement t; + for (Ed25519TestVectors.TestTuple testCase : Ed25519TestVectors.testCases) { + t = new GroupElement(curve, testCase.pk); + assertThat("Test case " + testCase.caseNum + " failed", + t.toByteArray(), is(equalTo(testCase.pk))); + } + } + + /** + * Test method for {@link GroupElement#GroupElement(Curve, byte[])}. + */ + @Test + public void testGroupElementByteArray() { + final GroupElement t = new GroupElement(curve, BYTES_PKR); + final GroupElement s = GroupElement.p3(curve, PKR[0], PKR[1], ONE, PKR[0].multiply(PKR[1])); + assertThat(t, is(equalTo(s))); + } + + @Test + public void constructorUsingByteArrayReturnsExpectedResult() { + for (int i=0; i<100; i++) { + // Arrange: + final GroupElement g = MathUtils.getRandomGroupElement(); + final byte[] bytes = g.toByteArray(); + + // Act: + final GroupElement h1 = new GroupElement(curve, bytes); + final GroupElement h2 = MathUtils.toGroupElement(bytes); + + // Assert: + Assert.assertThat(h1, IsEqual.equalTo(h2)); + } + } + + /** + * Test method for {@link GroupElement#toByteArray()}. + *

    + * TODO 20141001 BR: why test with points which are not on the curve? + */ + @Test + public void testToByteArray() { + byte[] zerozero = GroupElement.p2(curve, ZERO, ZERO, ONE).toByteArray(); + assertThat(zerozero.length, is(equalTo(BYTES_ZEROZERO.length))); + assertThat(zerozero, is(equalTo(BYTES_ZEROZERO))); + + byte[] oneone = GroupElement.p2(curve, ONE, ONE, ONE).toByteArray(); + assertThat(oneone.length, is(equalTo(BYTES_ONEONE.length))); + assertThat(oneone, is(equalTo(BYTES_ONEONE))); + + byte[] tenzero = GroupElement.p2(curve, TEN, ZERO, ONE).toByteArray(); + assertThat(tenzero.length, is(equalTo(BYTES_TENZERO.length))); + assertThat(tenzero, is(equalTo(BYTES_TENZERO))); + + byte[] oneten = GroupElement.p2(curve, ONE, TEN, ONE).toByteArray(); + assertThat(oneten.length, is(equalTo(BYTES_ONETEN.length))); + assertThat(oneten, is(equalTo(BYTES_ONETEN))); + + byte[] pkr = GroupElement.p2(curve, PKR[0], PKR[1], ONE).toByteArray(); + assertThat(pkr.length, is(equalTo(BYTES_PKR.length))); + assertThat(pkr, is(equalTo(BYTES_PKR))); + } + + @Test + public void toByteArrayReturnsExpectedResult() { + for (int i=0; i<100; i++) { + // Arrange: + final GroupElement g = MathUtils.getRandomGroupElement(); + + // Act: + final byte[] gBytes = g.toByteArray(); + final byte[] bytes = MathUtils.toByteArray(MathUtils.toBigInteger(g.getY())); + if (MathUtils.toBigInteger(g.getX()).mod(new BigInteger("2")).equals(BigInteger.ONE)) { + bytes[31] |= 0x80; + } + + // Assert: + Assert.assertThat(Arrays.equals(gBytes, bytes), IsEqual.equalTo(true)); + } + } + + // region toX where X is the representation + + /** + * Test method for {@link GroupElement#toP2()}. + */ + @Test + public void testToP2() { + GroupElement p3zero = curve.getZero(GroupElement.Representation.P3); + GroupElement t = p3zero.toP2(); + assertThat(t.repr, is(GroupElement.Representation.P2)); + assertThat(t.X, is(p3zero.X)); + assertThat(t.Y, is(p3zero.Y)); + assertThat(t.Z, is(p3zero.Z)); + assertThat(t.T, is((FieldElement) null)); + + GroupElement B = ed25519.getB(); + t = B.toP2(); + assertThat(t.repr, is(GroupElement.Representation.P2)); + assertThat(t.X, is(B.X)); + assertThat(t.Y, is(B.Y)); + assertThat(t.Z, is(B.Z)); + assertThat(t.T, is((FieldElement) null)); + } + + @Test (expected = IllegalArgumentException.class) + public void toP2ThrowsIfGroupElementHasPrecompRepresentation() { + // Arrange: + final GroupElement g = MathUtils.toRepresentation(MathUtils.getRandomGroupElement(), GroupElement.Representation.PRECOMP); + + // Assert: + g.toP2(); + } + + @Test (expected = IllegalArgumentException.class) + public void toP2ThrowsIfGroupElementHasCachedRepresentation() { + // Arrange: + final GroupElement g = MathUtils.toRepresentation(MathUtils.getRandomGroupElement(), GroupElement.Representation.CACHED); + + // Assert: + g.toP2(); + } + + @Test + public void toP2ReturnsExpectedResultIfGroupElementHasP2Representation() { + for (int i=0; i<10; i++) { + // Arrange: + final GroupElement g = MathUtils.toRepresentation(MathUtils.getRandomGroupElement(), GroupElement.Representation.P2); + + // Act: + final GroupElement h = g.toP2(); + + // Assert: + Assert.assertThat(h, IsEqual.equalTo(g)); + Assert.assertThat(h.getRepresentation(), IsEqual.equalTo(GroupElement.Representation.P2)); + Assert.assertThat(h.getX(), IsEqual.equalTo(g.getX())); + Assert.assertThat(h.getY(), IsEqual.equalTo(g.getY())); + Assert.assertThat(h.getZ(), IsEqual.equalTo(g.getZ())); + Assert.assertThat(h.getT(), IsEqual.equalTo(null)); + } + } + + @Test + public void toP2ReturnsExpectedResultIfGroupElementHasP3Representation() { + for (int i=0; i<10; i++) { + // Arrange: + final GroupElement g = MathUtils.getRandomGroupElement(); + + // Act: + final GroupElement h1 = g.toP2(); + final GroupElement h2 = MathUtils.toRepresentation(g, GroupElement.Representation.P2); + + // Assert: + Assert.assertThat(h1, IsEqual.equalTo(h2)); + Assert.assertThat(h1.getRepresentation(), IsEqual.equalTo(GroupElement.Representation.P2)); + Assert.assertThat(h1.getX(), IsEqual.equalTo(g.getX())); + Assert.assertThat(h1.getY(), IsEqual.equalTo(g.getY())); + Assert.assertThat(h1.getZ(), IsEqual.equalTo(g.getZ())); + Assert.assertThat(h1.getT(), IsEqual.equalTo(null)); + } + } + + @Test + public void toP2ReturnsExpectedResultIfGroupElementHasP1P1Representation() { + for (int i=0; i<10; i++) { + // Arrange: + final GroupElement g = MathUtils.toRepresentation(MathUtils.getRandomGroupElement(), GroupElement.Representation.P1P1); + + // Act: + final GroupElement h1 = g.toP2(); + final GroupElement h2 = MathUtils.toRepresentation(g, GroupElement.Representation.P2); + + // Assert: + Assert.assertThat(h1, IsEqual.equalTo(h2)); + Assert.assertThat(h1.getRepresentation(), IsEqual.equalTo(GroupElement.Representation.P2)); + Assert.assertThat(h1.getX(), IsEqual.equalTo(g.getX().multiply(g.getT()))); + Assert.assertThat(h1.getY(), IsEqual.equalTo(g.getY().multiply(g.getZ()))); + Assert.assertThat(h1.getZ(), IsEqual.equalTo(g.getZ().multiply(g.getT()))); + Assert.assertThat(h1.getT(), IsEqual.equalTo(null)); + } + } + + @Test (expected = IllegalArgumentException.class) + public void toP3ThrowsIfGroupElementHasP2Representation() { + // Arrange: + final GroupElement g = MathUtils.toRepresentation(MathUtils.getRandomGroupElement(), GroupElement.Representation.P2); + + // Assert: + g.toP3(); + } + + @Test (expected = IllegalArgumentException.class) + public void toP3ThrowsIfGroupElementHasPrecompRepresentation() { + // Arrange: + final GroupElement g = MathUtils.toRepresentation(MathUtils.getRandomGroupElement(), GroupElement.Representation.PRECOMP); + + // Assert: + g.toP3(); + } + + @Test (expected = IllegalArgumentException.class) + public void toP3ThrowsIfGroupElementHasCachedRepresentation() { + // Arrange: + final GroupElement g = MathUtils.toRepresentation(MathUtils.getRandomGroupElement(), GroupElement.Representation.CACHED); + + // Assert: + g.toP3(); + } + + @Test + public void toP3ReturnsExpectedResultIfGroupElementHasP1P1Representation() { + for (int i=0; i<10; i++) { + // Arrange: + final GroupElement g = MathUtils.toRepresentation(MathUtils.getRandomGroupElement(), GroupElement.Representation.P1P1); + + // Act: + final GroupElement h1 = g.toP3(); + final GroupElement h2 = MathUtils.toRepresentation(g, GroupElement.Representation.P3); + + // Assert: + Assert.assertThat(h1, IsEqual.equalTo(h2)); + Assert.assertThat(h1.getRepresentation(), IsEqual.equalTo(GroupElement.Representation.P3)); + Assert.assertThat(h1.getX(), IsEqual.equalTo(g.getX().multiply(g.getT()))); + Assert.assertThat(h1.getY(), IsEqual.equalTo(g.getY().multiply(g.getZ()))); + Assert.assertThat(h1.getZ(), IsEqual.equalTo(g.getZ().multiply(g.getT()))); + Assert.assertThat(h1.getT(), IsEqual.equalTo(g.getX().multiply(g.getY()))); + } + } + + @Test + public void toP3ReturnsExpectedResultIfGroupElementHasP3Representation() { + for (int i=0; i<10; i++) { + // Arrange: + final GroupElement g = MathUtils.getRandomGroupElement(); + + // Act: + final GroupElement h = g.toP3(); + + // Assert: + Assert.assertThat(h, IsEqual.equalTo(g)); + Assert.assertThat(h.getRepresentation(), IsEqual.equalTo(GroupElement.Representation.P3)); + Assert.assertThat(h, IsEqual.equalTo(g)); + Assert.assertThat(h.getX(), IsEqual.equalTo(g.getX())); + Assert.assertThat(h.getY(), IsEqual.equalTo(g.getY())); + Assert.assertThat(h.getZ(), IsEqual.equalTo(g.getZ())); + Assert.assertThat(h.getT(), IsEqual.equalTo(g.getT())); + } + } + + @Test (expected = IllegalArgumentException.class) + public void toCachedThrowsIfGroupElementHasP2Representation() { + // Arrange: + final GroupElement g = MathUtils.toRepresentation(MathUtils.getRandomGroupElement(), GroupElement.Representation.P2); + + // Assert: + g.toCached(); + } + + @Test (expected = IllegalArgumentException.class) + public void toCachedThrowsIfGroupElementHasPrecompRepresentation() { + // Arrange: + final GroupElement g = MathUtils.toRepresentation(MathUtils.getRandomGroupElement(), GroupElement.Representation.PRECOMP); + + // Assert: + g.toCached(); + } + + @Test (expected = IllegalArgumentException.class) + public void toCachedThrowsIfGroupElementHasP1P1Representation() { + // Arrange: + final GroupElement g = MathUtils.toRepresentation(MathUtils.getRandomGroupElement(), GroupElement.Representation.P1P1); + + // Assert: + g.toCached(); + } + + @Test + public void toCachedReturnsExpectedResultIfGroupElementHasCachedRepresentation() { + for (int i=0; i<10; i++) { + // Arrange: + final GroupElement g = MathUtils.toRepresentation(MathUtils.getRandomGroupElement(), GroupElement.Representation.CACHED); + + // Act: + final GroupElement h = g.toCached(); + + // Assert: + Assert.assertThat(h, IsEqual.equalTo(g)); + Assert.assertThat(h.getRepresentation(), IsEqual.equalTo(GroupElement.Representation.CACHED)); + Assert.assertThat(h, IsEqual.equalTo(g)); + Assert.assertThat(h.getX(), IsEqual.equalTo(g.getX())); + Assert.assertThat(h.getY(), IsEqual.equalTo(g.getY())); + Assert.assertThat(h.getZ(), IsEqual.equalTo(g.getZ())); + Assert.assertThat(h.getT(), IsEqual.equalTo(g.getT())); + } + } + + @Test + public void toCachedReturnsExpectedResultIfGroupElementHasP3Representation() { + for (int i=0; i<10; i++) { + // Arrange: + final GroupElement g = MathUtils.getRandomGroupElement(); + + // Act: + final GroupElement h1 = g.toCached(); + final GroupElement h2 = MathUtils.toRepresentation(g, GroupElement.Representation.CACHED); + + // Assert: + Assert.assertThat(h1, IsEqual.equalTo(h2)); + Assert.assertThat(h1.getRepresentation(), IsEqual.equalTo(GroupElement.Representation.CACHED)); + Assert.assertThat(h1, IsEqual.equalTo(g)); + Assert.assertThat(h1.getX(), IsEqual.equalTo(g.getY().add(g.getX()))); + Assert.assertThat(h1.getY(), IsEqual.equalTo(g.getY().subtract(g.getX()))); + Assert.assertThat(h1.getZ(), IsEqual.equalTo(g.getZ())); + Assert.assertThat(h1.getT(), IsEqual.equalTo(g.getT().multiply(curve.get2D()))); + } + } + + // endregion + + /** + * Test method for {@link GroupElement#precompute(boolean)}. + */ + @Test + public void testPrecompute() { + GroupElement B = ed25519.getB(); + assertThat(B.precmp, is(equalTo(PrecomputationTestVectors.testPrecmp))); + assertThat(B.dblPrecmp, is(equalTo(PrecomputationTestVectors.testDblPrecmp))); + } + + @Test + public void precomputedTableContainsExpectedGroupElements() { + // Arrange: + GroupElement g = ed25519.getB(); + + // Act + Assert: + for (int i = 0; i < 32; i++) { + GroupElement h = g; + for (int j = 0; j < 8; j++) { + Assert.assertThat(MathUtils.toRepresentation(h, GroupElement.Representation.PRECOMP), IsEqual.equalTo(ed25519.getB().precmp[i][j])); + h = MathUtils.addGroupElements(h, g); + } + for (int k = 0; k < 8; k++) { + g = MathUtils.addGroupElements(g, g); + } + } + } + + @Test + public void dblPrecomputedTableContainsExpectedGroupElements() { + // Arrange: + GroupElement g = ed25519.getB(); + GroupElement h = MathUtils.addGroupElements(g, g); + + // Act + Assert: + for (int i=0; i<8; i++) { + Assert.assertThat(MathUtils.toRepresentation(g, GroupElement.Representation.PRECOMP), IsEqual.equalTo(ed25519.getB().dblPrecmp[i])); + g = MathUtils.addGroupElements(g, h); + } + } + + /** + * Test method for {@link GroupElement#dbl()}. + */ + @Test + public void testDbl() { + GroupElement B = ed25519.getB(); + // 2 * B = B + B + assertThat(B.dbl(), is(equalTo(B.add(B.toCached())))); + } + + @Test + public void dblReturnsExpectedResult() { + for (int i=0; i<1000; i++) { + // Arrange: + final GroupElement g = MathUtils.getRandomGroupElement(); + + // Act: + final GroupElement h1 = g.dbl(); + final GroupElement h2 = MathUtils.doubleGroupElement(g); + + // Assert: + Assert.assertThat(h2, IsEqual.equalTo(h1)); + } + } + + @Test + public void addingNeutralGroupElementDoesNotChangeGroupElement() { + final GroupElement neutral = GroupElement.p3(curve, curve.getField().ZERO, curve.getField().ONE, curve.getField().ONE, curve.getField().ZERO); + for (int i=0; i<1000; i++) { + // Arrange: + final GroupElement g = MathUtils.getRandomGroupElement(); + + // Act: + final GroupElement h1 = g.add(neutral.toCached()); + final GroupElement h2 = neutral.add(g.toCached()); + + // Assert: + Assert.assertThat(g, IsEqual.equalTo(h1)); + Assert.assertThat(g, IsEqual.equalTo(h2)); + } + } + + @Test + public void addReturnsExpectedResult() { + for (int i=0; i<1000; i++) { + // Arrange: + final GroupElement g1 = MathUtils.getRandomGroupElement(); + final GroupElement g2 = MathUtils.getRandomGroupElement(); + + // Act: + final GroupElement h1 = g1.add(g2.toCached()); + final GroupElement h2 = MathUtils.addGroupElements(g1, g2); + + // Assert: + Assert.assertThat(h2, IsEqual.equalTo(h1)); + } + } + + @Test + public void subReturnsExpectedResult() { + for (int i=0; i<1000; i++) { + // Arrange: + final GroupElement g1 = MathUtils.getRandomGroupElement(); + final GroupElement g2 = MathUtils.getRandomGroupElement(); + + // Act: + final GroupElement h1 = g1.sub(g2.toCached()); + final GroupElement h2 = MathUtils.addGroupElements(g1, MathUtils.negateGroupElement(g2)); + + // Assert: + Assert.assertThat(h2, IsEqual.equalTo(h1)); + } + } + + // region hashCode / equals + /** + * Test method for {@link GroupElement#equals(Object)}. + */ + @Test + public void testEqualsObject() { + assertThat(GroupElement.p2(curve, ZERO, ONE, ONE), + is(equalTo(P2_ZERO))); + } + + @Test + public void equalsOnlyReturnsTrueForEquivalentObjects() { + // Arrange: + final GroupElement g1 = MathUtils.getRandomGroupElement(); + final GroupElement g2 = MathUtils.toRepresentation(g1, GroupElement.Representation.P2); + final GroupElement g3 = MathUtils.toRepresentation(g1, GroupElement.Representation.CACHED); + final GroupElement g4 = MathUtils.toRepresentation(g1, GroupElement.Representation.P1P1); + final GroupElement g5 = MathUtils.getRandomGroupElement(); + + // Assert + Assert.assertThat(g2, IsEqual.equalTo(g1)); + Assert.assertThat(g3, IsEqual.equalTo(g1)); + Assert.assertThat(g1, IsEqual.equalTo(g4)); + Assert.assertThat(g1, IsNot.not(IsEqual.equalTo(g5))); + Assert.assertThat(g2, IsNot.not(IsEqual.equalTo(g5))); + Assert.assertThat(g3, IsNot.not(IsEqual.equalTo(g5))); + Assert.assertThat(g5, IsNot.not(IsEqual.equalTo(g4))); + } + + @Test + public void hashCodesAreEqualForEquivalentObjects() { + // Arrange: + final GroupElement g1 = MathUtils.getRandomGroupElement(); + final GroupElement g2 = MathUtils.toRepresentation(g1, GroupElement.Representation.P2); + final GroupElement g3 = MathUtils.toRepresentation(g1, GroupElement.Representation.P1P1); + final GroupElement g4 = MathUtils.getRandomGroupElement(); + + // Assert + Assert.assertThat(g2.hashCode(), IsEqual.equalTo(g1.hashCode())); + Assert.assertThat(g3.hashCode(), IsEqual.equalTo(g1.hashCode())); + Assert.assertThat(g1.hashCode(), IsNot.not(IsEqual.equalTo(g4.hashCode()))); + Assert.assertThat(g2.hashCode(), IsNot.not(IsEqual.equalTo(g4.hashCode()))); + Assert.assertThat(g3.hashCode(), IsNot.not(IsEqual.equalTo(g4.hashCode()))); + } + + // endregion + + static final byte[] BYTES_ZERO = Utils.hexToBytes("0000000000000000000000000000000000000000000000000000000000000000"); + static final byte[] BYTES_ONE = Utils.hexToBytes("0100000000000000000000000000000000000000000000000000000000000000"); + static final byte[] BYTES_42 = Utils.hexToBytes("2A00000000000000000000000000000000000000000000000000000000000000"); + static final byte[] BYTES_1234567890 = Utils.hexToBytes("D202964900000000000000000000000000000000000000000000000000000000"); + + static final byte[] RADIX16_ZERO = Utils.hexToBytes("00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"); + static final byte[] RADIX16_ONE = Utils.hexToBytes("01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"); + static final byte[] RADIX16_42 = Utils.hexToBytes("FA030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"); + + /** + * Test method for {@link GroupElement#toRadix16(byte[])}. + */ + @Test + public void testToRadix16() { + assertThat(GroupElement.toRadix16(BYTES_ZERO), is(RADIX16_ZERO)); + assertThat(GroupElement.toRadix16(BYTES_ONE), is(RADIX16_ONE)); + assertThat(GroupElement.toRadix16(BYTES_42), is(RADIX16_42)); + + byte[] from1234567890 = GroupElement.toRadix16(BYTES_1234567890); + int total = 0; + for (int i = 0; i < from1234567890.length; i++) { + assertThat(from1234567890[i], is(greaterThanOrEqualTo((byte)-8))); + assertThat(from1234567890[i], is(lessThanOrEqualTo((byte)8))); + total += from1234567890[i] * Math.pow(16, i); + } + assertThat(total, is(1234567890)); + + byte[] pkrR16 = GroupElement.toRadix16(BYTES_PKR); + for (int i = 0; i < pkrR16.length; i++) { + assertThat(pkrR16[i], is(greaterThanOrEqualTo((byte)-8))); + assertThat(pkrR16[i], is(lessThanOrEqualTo((byte)8))); + } + } + + /** + * Test method for {@link GroupElement#cmov(GroupElement, int)}. + */ + @Test + public void testCmov() { + GroupElement a = curve.getZero(GroupElement.Representation.PRECOMP); + GroupElement b = GroupElement.precomp(curve, TWO, ZERO, TEN); + assertThat(a.cmov(b, 0), is(equalTo(a))); + assertThat(a.cmov(b, 1), is(equalTo(b))); + } + + /** + * Test method for {@link GroupElement#select(int, int)}. + */ + @Test + public void testSelect() { + GroupElement B = ed25519.getB(); + for (int i = 0; i < 32; i++) { + // 16^i 0 B + assertThat(i + ",0", B.select(i, 0), + is(equalTo(GroupElement.precomp(curve, ONE, ONE, ZERO)))); + for (int j = 1; j < 8; j++) { + // 16^i r_i B + GroupElement t = B.select(i, j); + assertThat(i + "," + j, + t, is(equalTo(B.precmp[i][j-1]))); + // -16^i r_i B + t = B.select(i, -j); + GroupElement neg = GroupElement.precomp(curve, + B.precmp[i][j-1].Y, + B.precmp[i][j-1].X, + B.precmp[i][j-1].Z.negate()); + assertThat(i + "," + -j, + t, is(equalTo(neg))); + } + } + } + + // region scalar multiplication + /** + * Test method for {@link GroupElement#scalarMultiply(byte[])}. + * Test values generated with Python Ed25519 implementation. + */ + @Test + public void testScalarMultiplyByteArray() { + // Little-endian + byte[] zero = Utils.hexToBytes("0000000000000000000000000000000000000000000000000000000000000000"); + byte[] one = Utils.hexToBytes("0100000000000000000000000000000000000000000000000000000000000000"); + byte[] two = Utils.hexToBytes("0200000000000000000000000000000000000000000000000000000000000000"); + byte[] a = Utils.hexToBytes("d072f8dd9c07fa7bc8d22a4b325d26301ee9202f6db89aa7c3731529e37e437c"); + GroupElement A = new GroupElement(curve, Utils.hexToBytes("d4cf8595571830644bd14af416954d09ab7159751ad9e0f7a6cbd92379e71a66")); + + assertThat("scalarMultiply(0) failed", + ed25519.getB().scalarMultiply(zero), is(equalTo(curve.getZero(GroupElement.Representation.P3)))); + assertThat("scalarMultiply(1) failed", + ed25519.getB().scalarMultiply(one), is(equalTo(ed25519.getB()))); + assertThat("scalarMultiply(2) failed", + ed25519.getB().scalarMultiply(two), is(equalTo(ed25519.getB().dbl()))); + + assertThat("scalarMultiply(a) failed", + ed25519.getB().scalarMultiply(a), is(equalTo(A))); + } + + @Test + public void scalarMultiplyBasePointWithZeroReturnsNeutralElement() { + // Arrange: + final GroupElement basePoint = ed25519.getB(); + + // Act: + final GroupElement g = basePoint.scalarMultiply(curve.getField().ZERO.toByteArray()); + + // Assert: + Assert.assertThat(curve.getZero(GroupElement.Representation.P3), IsEqual.equalTo(g)); + } + + @Test + public void scalarMultiplyBasePointWithOneReturnsBasePoint() { + // Arrange: + final GroupElement basePoint = ed25519.getB(); + + // Act: + final GroupElement g = basePoint.scalarMultiply(curve.getField().ONE.toByteArray()); + + // Assert: + Assert.assertThat(basePoint, IsEqual.equalTo(g)); + } + + // This test is slow (~6s) due to math utils using an inferior algorithm to calculate the result. + @Test + public void scalarMultiplyBasePointReturnsExpectedResult() { + for (int i=0; i<10; i++) { + // Arrange: + final GroupElement basePoint = ed25519.getB(); + final FieldElement f = MathUtils.getRandomFieldElement(); + + // Act: + final GroupElement g = basePoint.scalarMultiply(f.toByteArray()); + final GroupElement h = MathUtils.scalarMultiplyGroupElement(basePoint, f); + + // Assert: + Assert.assertThat(g, IsEqual.equalTo(h)); + } + } + + @Test + public void testDoubleScalarMultiplyVariableTime() { + // Little-endian + byte[] zero = Utils.hexToBytes("0000000000000000000000000000000000000000000000000000000000000000"); + byte[] one = Utils.hexToBytes("0100000000000000000000000000000000000000000000000000000000000000"); + byte[] two = Utils.hexToBytes("0200000000000000000000000000000000000000000000000000000000000000"); + byte[] a = Utils.hexToBytes("d072f8dd9c07fa7bc8d22a4b325d26301ee9202f6db89aa7c3731529e37e437c"); + GroupElement A = new GroupElement(curve, Utils.hexToBytes("d4cf8595571830644bd14af416954d09ab7159751ad9e0f7a6cbd92379e71a66")); + GroupElement B = ed25519.getB(); + GroupElement geZero = curve.getZero(GroupElement.Representation.P3); + geZero.precompute(false); + + // 0 * GE(0) + 0 * GE(0) = GE(0) + assertThat(geZero.doubleScalarMultiplyVariableTime(geZero, zero, zero), + is(equalTo(geZero))); + // 0 * GE(0) + 0 * B = GE(0) + assertThat(B.doubleScalarMultiplyVariableTime(geZero, zero, zero), + is(equalTo(geZero))); + // 1 * GE(0) + 0 * B = GE(0) + assertThat(B.doubleScalarMultiplyVariableTime(geZero, one, zero), + is(equalTo(geZero))); + // 1 * GE(0) + 1 * B = B + assertThat(B.doubleScalarMultiplyVariableTime(geZero, one, one), + is(equalTo(B))); + // 1 * B + 1 * B = 2 * B + assertThat(B.doubleScalarMultiplyVariableTime(B, one, one), + is(equalTo(B.dbl()))); + // 1 * B + 2 * B = 3 * B + assertThat(B.doubleScalarMultiplyVariableTime(B, one, two), + is(equalTo(B.dbl().toP3().add(B.toCached())))); + // 2 * B + 2 * B = 4 * B + assertThat(B.doubleScalarMultiplyVariableTime(B, two, two), + is(equalTo(B.dbl().toP3().dbl()))); + + // 0 * B + a * B = A + assertThat(B.doubleScalarMultiplyVariableTime(B, zero, a), + is(equalTo(A))); + // a * B + 0 * B = A + assertThat(B.doubleScalarMultiplyVariableTime(B, a, zero), + is(equalTo(A))); + // a * B + a * B = 2 * A + assertThat(B.doubleScalarMultiplyVariableTime(B, a, a), + is(equalTo(A.dbl()))); + } + + // This test is slow (~6s) due to math utils using an inferior algorithm to calculate the result. + @Test + public void doubleScalarMultiplyVariableTimeReturnsExpectedResult() { + for (int i=0; i<10; i++) { + // Arrange: + final GroupElement basePoint = ed25519.getB(); + final GroupElement g = MathUtils.getRandomGroupElement(); + g.precompute(false); + final FieldElement f1 = MathUtils.getRandomFieldElement(); + final FieldElement f2 = MathUtils.getRandomFieldElement(); + + // Act: + final GroupElement h1 = basePoint.doubleScalarMultiplyVariableTime(g, f2.toByteArray(), f1.toByteArray()); + final GroupElement h2 = MathUtils.doubleScalarMultiplyGroupElements(basePoint, f1, g, f2); + + // Assert: + Assert.assertThat(h1, IsEqual.equalTo(h2)); + } + } + + // endregion + + /** + * Test method for {@link GroupElement#isOnCurve(Curve)}. + */ + @Test + public void testIsOnCurve() { + assertThat(P2_ZERO.isOnCurve(curve), + is(true)); + assertThat(GroupElement.p2(curve, ZERO, ZERO, ONE).isOnCurve(curve), + is(false)); + assertThat(GroupElement.p2(curve, ONE, ONE, ONE).isOnCurve(curve), + is(false)); + assertThat(GroupElement.p2(curve, TEN, ZERO, ONE).isOnCurve(curve), + is(false)); + assertThat(GroupElement.p2(curve, ONE, TEN, ONE).isOnCurve(curve), + is(false)); + assertThat(GroupElement.p2(curve, PKR[0], PKR[1], ONE).isOnCurve(curve), + is(true)); + } + + @Test + public void isOnCurveReturnsTrueForPointsOnTheCurve() { + for (int i=0; i<100; i++) { + // Arrange: + final GroupElement g = MathUtils.getRandomGroupElement(); + + // Assert: + Assert.assertThat(g.isOnCurve(), IsEqual.equalTo(true)); + } + } + + @Test + public void isOnCurveReturnsFalseForPointsNotOnTheCurve() { + for (int i=0; i<100; i++) { + // Arrange: + final GroupElement g = MathUtils.getRandomGroupElement(); + final GroupElement h = GroupElement.p2(curve, g.getX(), g.getY(), g.getZ().multiply(curve.getField().TWO)); + + // Assert (can only fail for 5*Z^2=1): + Assert.assertThat(h.isOnCurve(), IsEqual.equalTo(false)); + } + } +} diff --git a/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/MathUtils.java b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/MathUtils.java new file mode 100644 index 0000000..517b01d --- /dev/null +++ b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/MathUtils.java @@ -0,0 +1,472 @@ +package org.xbib.io.sshd.eddsa.math; + +import org.xbib.io.sshd.eddsa.Utils; +import org.xbib.io.sshd.eddsa.math.ed25519.Ed25519FieldElement; +import org.xbib.io.sshd.eddsa.math.ed25519.Ed25519LittleEndianEncoding; +import org.xbib.io.sshd.eddsa.spec.EdDSANamedCurveSpec; +import org.xbib.io.sshd.eddsa.spec.EdDSANamedCurveTable; +import org.hamcrest.core.IsEqual; +import org.junit.Assert; +import org.junit.Test; + +import java.math.BigInteger; +import java.security.SecureRandom; + +/** + * Utility class to help with calculations. + */ +public class MathUtils { + private static final int[] exponents = {0, 26, 26 + 25, 2*26 + 25, 2*26 + 2*25, 3*26 + 2*25, 3*26 + 3*25, 4*26 + 3*25, 4*26 + 4*25, 5*26 + 4*25}; + private static final SecureRandom random = new SecureRandom(); + private static final EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName("Ed25519"); + private static final Curve curve = ed25519.getCurve(); + private static final BigInteger d = new BigInteger("-121665").multiply(new BigInteger("121666").modInverse(getQ())); + private static final BigInteger groupOrder = BigInteger.ONE.shiftLeft(252).add(new BigInteger("27742317777372353535851937790883648493")); + + /** + * Gets q = 2^255 - 19 as BigInteger. + */ + public static BigInteger getQ() { + return new BigInteger("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed", 16); + } + + /** + * Gets group order = 2^252 + 27742317777372353535851937790883648493 as BigInteger. + */ + public static BigInteger getGroupOrder() { + return groupOrder; + } + + /** + * Gets the underlying finite field with q=2^255 - 19 elements. + * + * @return The finite field. + */ + public static Field getField() { + return new Field( + 256, // b + Utils.hexToBytes("edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f"), // q + new Ed25519LittleEndianEncoding()); + } + + // region field element + + /** + * Converts a 2^25.5 bit representation to a BigInteger. + *

    + * Value: 2^exponents[0] * t[0] + 2^exponents[1] * t[1] + ... + 2^exponents[9] * t[9] + * + * @param t The 2^25.5 bit representation. + * @return The BigInteger. + */ + public static BigInteger toBigInteger(final int[] t) { + BigInteger b = BigInteger.ZERO; + for (int i=0; i<10; i++) { + b = b.add(BigInteger.ONE.multiply(BigInteger.valueOf(t[i])).shiftLeft(exponents[i])); + } + + return b; + } + + /** + * Converts a 2^8 bit representation to a BigInteger. + *

    + * Value: bytes[0] + 2^8 * bytes[1] + ... + * + * @param bytes The 2^8 bit representation. + * @return The BigInteger. + */ + public static BigInteger toBigInteger(final byte[] bytes) { + BigInteger b = BigInteger.ZERO; + for (int i=0; i= 0) { + throw new RuntimeException("only numbers < 2^256 are allowed"); + } + final byte[] bytes = new byte[32]; + final byte[] original = b.toByteArray(); + + // Although b < 2^256, original can have length > 32 with some bytes set to 0. + final int offset = original.length > 32? original.length - 32 : 0; + for (int i=0; i + * a, b and c are given in 2^8 bit representation. + * + * @param a The first integer. + * @param b The second integer. + * @param c The third integer. + * @return The mod group order reduced result. + */ + public static byte[] multiplyAndAddModGroupOrder(final byte[] a, final byte[] b, final byte[] c) { + final BigInteger result = toBigInteger(a).multiply(toBigInteger(b)).add(toBigInteger(c)).mod(groupOrder); + return toByteArray(result); + } + + public static byte[] getRandomByteArray(final int length) { + final byte[] bytes = new byte[length]; + random.nextBytes(bytes); + return bytes; + } + + /** + * Gets a random field element where |t[i]| <= 2^24 for 0 <= i <= 9. + * + * @return The field element. + */ + public static FieldElement getRandomFieldElement() { + final int[] t = new int[10]; + for (int j=0; j<10; j++) { + t[j] = random.nextInt(1 << 25) - (1 << 24); + } + return new Ed25519FieldElement(getField(), t); + } + + // endregion + + // region group element + + /** + * Gets a random group element in P3 representation. + * + * @return The group element. + */ + public static GroupElement getRandomGroupElement() { + final byte[] bytes = new byte[32]; + while (true) { + try { + random.nextBytes(bytes); + return new GroupElement(curve, bytes); + } catch (IllegalArgumentException e) { + // Will fail in about 87.5%, so try again. + } + } + } + + /** + * Creates a group element from a byte array. + *

    + * Bit 0 to 254 are the affine y-coordinate, bit 255 is the sign of the affine x-coordinate. + * + * @param bytes the byte array. + * @return The group element. + */ + public static GroupElement toGroupElement(final byte[] bytes) { + final boolean shouldBeNegative = (bytes[31] >> 7) != 0; + bytes[31] &= 0x7f; + final BigInteger y = MathUtils.toBigInteger(bytes); + + // x = sign(x) * sqrt((y^2 - 1) / (d * y^2 + 1)) + final BigInteger u = y.multiply(y).subtract(BigInteger.ONE).mod(getQ()); + final BigInteger v = d.multiply(y).multiply(y).add(BigInteger.ONE).mod(getQ()); + final BigInteger tmp = u.multiply(v.pow(7)).modPow(BigInteger.ONE.shiftLeft(252).subtract(new BigInteger("3")), getQ()).mod(getQ()); + BigInteger x = tmp.multiply(u).multiply(v.pow(3)).mod(getQ()); + if (!v.multiply(x).multiply(x).subtract(u).mod(getQ()).equals(BigInteger.ZERO)) { + if (!v.multiply(x).multiply(x).add(u).mod(getQ()).equals(BigInteger.ZERO)) { + throw new IllegalArgumentException("not a valid GroupElement"); + } + x = x.multiply(toBigInteger(curve.getI())).mod(getQ()); + } + final boolean isNegative = x.mod(new BigInteger("2")).equals(BigInteger.ONE); + if ((shouldBeNegative && !isNegative) || (!shouldBeNegative && isNegative)) { + x = x.negate().mod(getQ()); + } + + return GroupElement.p3(curve, toFieldElement(x), toFieldElement(y), getField().ONE, toFieldElement(x.multiply(y).mod(getQ()))); + } + + /** + * Converts a group element from one representation to another. + * This method is a helper used to test various methods in GroupElement. + * + * @param g The group element. + * @param repr The desired representation. + * @return The same group element in the new representation. + */ + public static GroupElement toRepresentation(final GroupElement g, final GroupElement.Representation repr) { + BigInteger x; + BigInteger y; + final BigInteger gX = toBigInteger(g.getX().toByteArray()); + final BigInteger gY = toBigInteger(g.getY().toByteArray()); + final BigInteger gZ = toBigInteger(g.getZ().toByteArray()); + final BigInteger gT = null == g.getT()? null : toBigInteger(g.getT().toByteArray()); + + // Switch to affine coordinates. + switch (g.getRepresentation()) { + case P2: + case P3: + x = gX.multiply(gZ.modInverse(getQ())).mod(getQ()); + y = gY.multiply(gZ.modInverse(getQ())).mod(getQ()); + break; + case P1P1: + x = gX.multiply(gZ.modInverse(getQ())).mod(getQ()); + y = gY.multiply(gT.modInverse(getQ())).mod(getQ()); + break; + case CACHED: + x = gX.subtract(gY).multiply(gZ.multiply(new BigInteger("2")).modInverse(getQ())).mod(getQ()); + y = gX.add(gY).multiply(gZ.multiply(new BigInteger("2")).modInverse(getQ())).mod(getQ()); + break; + case PRECOMP: + x = gX.subtract(gY).multiply(new BigInteger("2").modInverse(getQ())).mod(getQ()); + y = gX.add(gY).multiply(new BigInteger("2").modInverse(getQ())).mod(getQ()); + break; + default: + throw new UnsupportedOperationException(); + } + + // Now back to the desired representation. + switch (repr) { + case P2: + return GroupElement.p2( + curve, + toFieldElement(x), + toFieldElement(y), + getField().ONE); + case P3: + return GroupElement.p3( + curve, + toFieldElement(x), + toFieldElement(y), + getField().ONE, + toFieldElement(x.multiply(y).mod(getQ()))); + case P1P1: + return GroupElement.p1p1( + curve, + toFieldElement(x), + toFieldElement(y), + getField().ONE, + getField().ONE); + case CACHED: + return GroupElement.cached( + curve, + toFieldElement(y.add(x).mod(getQ())), + toFieldElement(y.subtract(x).mod(getQ())), + getField().ONE, + toFieldElement(d.multiply(new BigInteger("2")).multiply(x).multiply(y).mod(getQ()))); + case PRECOMP: + return GroupElement.precomp( + curve, + toFieldElement(y.add(x).mod(getQ())), + toFieldElement(y.subtract(x).mod(getQ())), + toFieldElement(d.multiply(new BigInteger("2")).multiply(x).multiply(y).mod(getQ()))); + default: + throw new UnsupportedOperationException(); + } + } + + /** + * Adds two group elements and returns the result in P3 representation. + * It uses BigInteger arithmetic and the affine representation. + * This method is a helper used to test the projective group addition formulas in GroupElement. + * + * @param g1 The first group element. + * @param g2 The second group element. + * @return The result of the addition. + */ + public static GroupElement addGroupElements(final GroupElement g1, final GroupElement g2) { + // Relying on a special representation of the group elements. + if ((g1.getRepresentation() != GroupElement.Representation.P2 && g1.getRepresentation() != GroupElement.Representation.P3) || + (g2.getRepresentation() != GroupElement.Representation.P2 && g2.getRepresentation() != GroupElement.Representation.P3)) { + throw new IllegalArgumentException("g1 and g2 must have representation P2 or P3"); + } + + // Projective coordinates + final BigInteger g1X = toBigInteger(g1.getX().toByteArray()); + final BigInteger g1Y = toBigInteger(g1.getY().toByteArray()); + final BigInteger g1Z = toBigInteger(g1.getZ().toByteArray()); + final BigInteger g2X = toBigInteger(g2.getX().toByteArray()); + final BigInteger g2Y = toBigInteger(g2.getY().toByteArray()); + final BigInteger g2Z = toBigInteger(g2.getZ().toByteArray()); + + // Affine coordinates + final BigInteger g1x = g1X.multiply(g1Z.modInverse(getQ())).mod(getQ()); + final BigInteger g1y = g1Y.multiply(g1Z.modInverse(getQ())).mod(getQ()); + final BigInteger g2x = g2X.multiply(g2Z.modInverse(getQ())).mod(getQ()); + final BigInteger g2y = g2Y.multiply(g2Z.modInverse(getQ())).mod(getQ()); + + // Addition formula for affine coordinates. The formula is complete in our case. + // + // (x3, y3) = (x1, y1) + (x2, y2) where + // + // x3 = (x1 * y2 + x2 * y1) / (1 + d * x1 * x2 * y1 * y2) and + // y3 = (x1 * x2 + y1 * y2) / (1 - d * x1 * x2 * y1 * y2) and + // d = -121665/121666 + BigInteger dx1x2y1y2 = d.multiply(g1x).multiply(g2x).multiply(g1y).multiply(g2y).mod(getQ()); + BigInteger x3 = g1x.multiply(g2y).add(g2x.multiply(g1y)) + .multiply(BigInteger.ONE.add(dx1x2y1y2).modInverse(getQ())).mod(getQ()); + BigInteger y3 = g1x.multiply(g2x).add(g1y.multiply(g2y)) + .multiply(BigInteger.ONE.subtract(dx1x2y1y2).modInverse(getQ())).mod(getQ()); + BigInteger t3 = x3.multiply(y3).mod(getQ()); + + return GroupElement.p3(g1.getCurve(), toFieldElement(x3), toFieldElement(y3), getField().ONE, toFieldElement(t3)); + } + + /** + * Doubles a group element and returns the result in P3 representation. + * It uses BigInteger arithmetic and the affine representation. + * This method is a helper used to test the projective group doubling formula in GroupElement. + * + * @param g The group element. + * @return g+g. + */ + public static GroupElement doubleGroupElement(final GroupElement g) { + return addGroupElements(g, g); + } + + /** + * Scalar multiply the group element by the field element. + * + * @param g The group element. + * @param f The field element. + * @return The resulting group element. + */ + public static GroupElement scalarMultiplyGroupElement(final GroupElement g, final FieldElement f) { + final byte[] bytes = f.toByteArray(); + GroupElement h = curve.getZero(GroupElement.Representation.P3); + for (int i=254; i>=0; i--) { + h = doubleGroupElement(h); + if (Utils.bit(bytes, i) == 1) { + h = addGroupElements(h, g); + } + } + + return h; + } + + /** + * Calculates f1 * g1 + f2 * g2. + * + * @param g1 The first group element. + * @param f1 The first multiplier. + * @param g2 The second group element. + * @param f2 The second multiplier. + * @return The resulting group element. + */ + public static GroupElement doubleScalarMultiplyGroupElements( + final GroupElement g1, + final FieldElement f1, + final GroupElement g2, + final FieldElement f2) { + final GroupElement h1 = scalarMultiplyGroupElement(g1, f1); + final GroupElement h2 = scalarMultiplyGroupElement(g2, f2); + return addGroupElements(h1, h2); + } + + /** + * Negates a group element. + * + * @param g The group element. + * @return The negated group element. + */ + public static GroupElement negateGroupElement(final GroupElement g) { + if (g.getRepresentation() != GroupElement.Representation.P3) { + throw new IllegalArgumentException("g must have representation P3"); + } + + return GroupElement.p3(g.getCurve(), g.getX().negate(), g.getY(), g.getZ(), g.getT().negate()); + } + + // Start TODO BR: Remove when finished! + @Test + public void mathUtilsWorkAsExpected() { + final GroupElement neutral = GroupElement.p3(curve, curve.getField().ZERO, curve.getField().ONE, curve.getField().ONE, curve.getField().ZERO); + for (int i=0; i<1000; i++) { + final GroupElement g = getRandomGroupElement(); + + // Act: + final GroupElement h1 = addGroupElements(g, neutral); + final GroupElement h2 = addGroupElements(neutral, g); + + // Assert: + Assert.assertThat(g, IsEqual.equalTo(h1)); + Assert.assertThat(g, IsEqual.equalTo(h2)); + } + + for (int i=0; i<1000; i++) { + GroupElement g = getRandomGroupElement(); + + // P3 -> P2. + GroupElement h = toRepresentation(g, GroupElement.Representation.P2); + Assert.assertThat(h, IsEqual.equalTo(g)); + // P3 -> P1P1. + h = toRepresentation(g, GroupElement.Representation.P1P1); + Assert.assertThat(g, IsEqual.equalTo(h)); + + // P3 -> CACHED. + h = toRepresentation(g, GroupElement.Representation.CACHED); + Assert.assertThat(h, IsEqual.equalTo(g)); + + // P3 -> P2 -> P3. + g = toRepresentation(g, GroupElement.Representation.P2); + h = toRepresentation(g, GroupElement.Representation.P3); + Assert.assertThat(g, IsEqual.equalTo(h)); + + // P3 -> P2 -> P1P1. + g = toRepresentation(g, GroupElement.Representation.P2); + h = toRepresentation(g, GroupElement.Representation.P1P1); + Assert.assertThat(g, IsEqual.equalTo(h)); + } + + for (int i=0; i<10; i++) { + // Arrange: + final GroupElement g = MathUtils.getRandomGroupElement(); + + // Act: + final GroupElement h = MathUtils.scalarMultiplyGroupElement(g, curve.getField().ZERO); + + // Assert: + Assert.assertThat(curve.getZero(GroupElement.Representation.P3), IsEqual.equalTo(h)); + } + } + // End TODO BR: Remove when finished! +} diff --git a/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/PrecomputationTestVectors.java b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/PrecomputationTestVectors.java new file mode 100644 index 0000000..9226437 --- /dev/null +++ b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/PrecomputationTestVectors.java @@ -0,0 +1,103 @@ +package org.xbib.io.sshd.eddsa.math; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; + +import org.xbib.io.sshd.eddsa.Utils; +import org.xbib.io.sshd.eddsa.spec.EdDSANamedCurveSpec; +import org.xbib.io.sshd.eddsa.spec.EdDSANamedCurveTable; + +/** + * + */ +public class PrecomputationTestVectors { + // Test files were generated using base.py and base2.py from ref10 + // (by printing hex(x%q) instead of the radix-255 representation). + static GroupElement[][] testPrecmp = getPrecomputation("basePrecmp"); + static GroupElement[] testDblPrecmp = getDoublePrecomputation("baseDblPrecmp"); + + public static GroupElement[][] getPrecomputation(String fileName) { + EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName("Ed25519"); + Curve curve = ed25519.getCurve(); + Field field = curve.getField(); + GroupElement[][] precmp = new GroupElement[32][8]; + BufferedReader file = null; + int row = 0, col = 0; + try { + InputStream is = PrecomputationTestVectors.class.getResourceAsStream(fileName); + if (is == null) + throw new IOException("Resource not found: " + fileName); + file = new BufferedReader(new InputStreamReader(is)); + String line; + while ((line = file.readLine()) != null) { + if (line.equals(" },")) + col += 1; + else if (line.equals("},")) { + col = 0; + row += 1; + } else if (line.startsWith(" { ")) { + String ypxStr = line.substring(4, line.lastIndexOf(' ')); + FieldElement ypx = field.fromByteArray( + Utils.hexToBytes(ypxStr)); + line = file.readLine(); + String ymxStr = line.substring(4, line.lastIndexOf(' ')); + FieldElement ymx = field.fromByteArray( + Utils.hexToBytes(ymxStr)); + line = file.readLine(); + String xy2dStr = line.substring(4, line.lastIndexOf(' ')); + FieldElement xy2d = field.fromByteArray( + Utils.hexToBytes(xy2dStr)); + precmp[row][col] = GroupElement.precomp(curve, + ypx, ymx, xy2d); + } + } + } catch (IOException e) { + e.printStackTrace(); + } finally { + if (file != null) try { file.close(); } catch (IOException e) {} + } + return precmp; + } + + public static GroupElement[] getDoublePrecomputation(String fileName) { + EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName("Ed25519"); + Curve curve = ed25519.getCurve(); + Field field = curve.getField(); + GroupElement[] dblPrecmp = new GroupElement[8]; + BufferedReader file = null; + int row = 0; + try { + InputStream is = PrecomputationTestVectors.class.getResourceAsStream(fileName); + if (is == null) + throw new IOException("Resource not found: " + fileName); + file = new BufferedReader(new InputStreamReader(is)); + String line; + while ((line = file.readLine()) != null) { + if (line.equals(" },")) { + row += 1; + } else if (line.startsWith(" { ")) { + String ypxStr = line.substring(4, line.lastIndexOf(' ')); + FieldElement ypx = field.fromByteArray( + Utils.hexToBytes(ypxStr)); + line = file.readLine(); + String ymxStr = line.substring(4, line.lastIndexOf(' ')); + FieldElement ymx = field.fromByteArray( + Utils.hexToBytes(ymxStr)); + line = file.readLine(); + String xy2dStr = line.substring(4, line.lastIndexOf(' ')); + FieldElement xy2d = field.fromByteArray( + Utils.hexToBytes(xy2dStr)); + dblPrecmp[row] = GroupElement.precomp(curve, + ypx, ymx, xy2d); + } + } + } catch (IOException e) { + e.printStackTrace(); + } finally { + if (file != null) try { file.close(); } catch (IOException e) {} + } + return dblPrecmp; + } +} diff --git a/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/bigint/BigIntegerFieldElementTest.java b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/bigint/BigIntegerFieldElementTest.java new file mode 100644 index 0000000..a0a5e62 --- /dev/null +++ b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/bigint/BigIntegerFieldElementTest.java @@ -0,0 +1,104 @@ +package org.xbib.io.sshd.eddsa.math.bigint; + +import static org.hamcrest.Matchers.*; +import static org.junit.Assert.*; + +import java.math.BigInteger; +import java.util.Random; + +import org.xbib.io.sshd.eddsa.Utils; +import org.xbib.io.sshd.eddsa.math.Field; +import org.xbib.io.sshd.eddsa.math.FieldElement; +import org.xbib.io.sshd.eddsa.math.MathUtils; +import org.xbib.io.sshd.eddsa.math.AbstractFieldElementTest; +import org.junit.Test; + +/** + * + */ +public class BigIntegerFieldElementTest extends AbstractFieldElementTest { + static final byte[] BYTES_ZERO = Utils.hexToBytes("0000000000000000000000000000000000000000000000000000000000000000"); + static final byte[] BYTES_ONE = Utils.hexToBytes("0100000000000000000000000000000000000000000000000000000000000000"); + static final byte[] BYTES_TEN = Utils.hexToBytes("0a00000000000000000000000000000000000000000000000000000000000000"); + + static final Field ed25519Field = new Field( + 256, // b + Utils.hexToBytes("edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f"), // q + new BigIntegerLittleEndianEncoding()); + + static final FieldElement ZERO = new BigIntegerFieldElement(ed25519Field, BigInteger.ZERO); + static final FieldElement ONE = new BigIntegerFieldElement(ed25519Field, BigInteger.ONE); + static final FieldElement TWO = new BigIntegerFieldElement(ed25519Field, BigInteger.valueOf(2)); + + protected FieldElement getRandomFieldElement() { + BigInteger r; + Random rnd = new Random(); + do { + r = new BigInteger(255, rnd); + } while (r.compareTo(getQ()) >= 0); + return new BigIntegerFieldElement(ed25519Field, r); + } + + protected BigInteger toBigInteger(FieldElement f) { + return ((BigIntegerFieldElement)f).bi; + } + + protected BigInteger getQ() { + return MathUtils.getQ(); + } + + protected Field getField() { + return ed25519Field; + } + + /** + * Test method for {@link BigIntegerFieldElement#BigIntegerFieldElement(Field, BigInteger)}. + */ + @Test + public void testFieldElementBigInteger() { + assertThat(new BigIntegerFieldElement(ed25519Field, BigInteger.ZERO).bi, is(BigInteger.ZERO)); + assertThat(new BigIntegerFieldElement(ed25519Field, BigInteger.ONE).bi, is(BigInteger.ONE)); + assertThat(new BigIntegerFieldElement(ed25519Field, BigInteger.valueOf(2)).bi, is(BigInteger.valueOf(2))); + } + + /** + * Test method for {@link FieldElement#toByteArray()}. + */ + @Test + public void testToByteArray() { + byte[] zero = ZERO.toByteArray(); + assertThat(zero.length, is(equalTo(BYTES_ZERO.length))); + assertThat(zero, is(equalTo(BYTES_ZERO))); + + byte[] one = ONE.toByteArray(); + assertThat(one.length, is(equalTo(BYTES_ONE.length))); + assertThat(one, is(equalTo(BYTES_ONE))); + + byte[] ten = new BigIntegerFieldElement(ed25519Field, BigInteger.TEN).toByteArray(); + assertThat(ten.length, is(equalTo(BYTES_TEN.length))); + assertThat(ten, is(equalTo(BYTES_TEN))); + } + + // region isNonZero + + protected FieldElement getZeroFieldElement() { + return ZERO; + } + + protected FieldElement getNonZeroFieldElement() { + return TWO; + } + + // endregion + + /** + * Test method for {@link FieldElement#equals(Object)}. + */ + @Test + public void testEqualsObject() { + assertThat(new BigIntegerFieldElement(ed25519Field, BigInteger.ZERO), is(equalTo(ZERO))); + assertThat(new BigIntegerFieldElement(ed25519Field, BigInteger.valueOf(1000)), is(equalTo(new BigIntegerFieldElement(ed25519Field, BigInteger.valueOf(1000))))); + assertThat(ONE, is(not(equalTo(TWO)))); + } + +} diff --git a/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/bigint/BigIntegerScalarOpsTest.java b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/bigint/BigIntegerScalarOpsTest.java new file mode 100644 index 0000000..9c3776e --- /dev/null +++ b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/bigint/BigIntegerScalarOpsTest.java @@ -0,0 +1,61 @@ +package org.xbib.io.sshd.eddsa.math.bigint; + +import static org.hamcrest.Matchers.*; +import static org.junit.Assert.*; + +import java.math.BigInteger; + +import org.xbib.io.sshd.eddsa.Utils; +import org.xbib.io.sshd.eddsa.math.Field; +import org.xbib.io.sshd.eddsa.math.ScalarOps; +import org.xbib.io.sshd.eddsa.spec.EdDSANamedCurveSpec; +import org.xbib.io.sshd.eddsa.spec.EdDSANamedCurveTable; + +import org.junit.Test; + +/** + * + */ +public class BigIntegerScalarOpsTest { + + static final EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName("Ed25519"); + static final Field ed25519Field = ed25519.getCurve().getField(); + + /** + * Test method for {@link BigIntegerScalarOps#reduce(byte[])}. + */ + @Test + public void testReduce() { + ScalarOps sc = new BigIntegerScalarOps(ed25519Field, + new BigInteger("5")); + assertThat(sc.reduce(new byte[] {7}), + is(equalTo(Utils.hexToBytes("0200000000000000000000000000000000000000000000000000000000000000")))); + + ScalarOps sc2 = new BigIntegerScalarOps(ed25519Field, + new BigInteger("7237005577332262213973186563042994240857116359379907606001950938285454250989")); + // Example from test case 1 + byte[] r = Utils.hexToBytes("b6b19cd8e0426f5983fa112d89a143aa97dab8bc5deb8d5b6253c928b65272f4044098c2a990039cde5b6a4818df0bfb6e40dc5dee54248032962323e701352d"); + assertThat(sc2.reduce(r), is(equalTo(Utils.hexToBytes("f38907308c893deaf244787db4af53682249107418afc2edc58f75ac58a07404")))); + } + + /** + * Test method for {@link BigIntegerScalarOps#multiplyAndAdd(byte[], byte[], byte[])}. + */ + @Test + public void testMultiplyAndAdd() { + ScalarOps sc = new BigIntegerScalarOps(ed25519Field, + new BigInteger("5")); + assertThat(sc.multiplyAndAdd(new byte[] {7}, new byte[] {2}, new byte[] {5}), + is(equalTo(Utils.hexToBytes("0400000000000000000000000000000000000000000000000000000000000000")))); + + ScalarOps sc2 = new BigIntegerScalarOps(ed25519Field, + new BigInteger("7237005577332262213973186563042994240857116359379907606001950938285454250989")); + // Example from test case 1 + byte[] h = Utils.hexToBytes("86eabc8e4c96193d290504e7c600df6cf8d8256131ec2c138a3e7e162e525404"); + byte[] a = Utils.hexToBytes("307c83864f2833cb427a2ef1c00a013cfdff2768d980c0a3a520f006904de94f"); + byte[] r = Utils.hexToBytes("f38907308c893deaf244787db4af53682249107418afc2edc58f75ac58a07404"); + byte[] S = Utils.hexToBytes("5fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b"); + assertThat(sc2.multiplyAndAdd(h, a, r), is(equalTo(S))); + } + +} diff --git a/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/ed25519/Ed25519FieldElementTest.java b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/ed25519/Ed25519FieldElementTest.java new file mode 100644 index 0000000..e9f50c3 --- /dev/null +++ b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/ed25519/Ed25519FieldElementTest.java @@ -0,0 +1,78 @@ +package org.xbib.io.sshd.eddsa.math.ed25519; + +import org.xbib.io.sshd.eddsa.math.AbstractFieldElementTest; +import org.xbib.io.sshd.eddsa.math.Field; +import org.xbib.io.sshd.eddsa.math.FieldElement; +import org.xbib.io.sshd.eddsa.math.MathUtils; +import org.hamcrest.core.IsEqual; +import org.junit.Assert; +import org.junit.Test; + +import java.math.BigInteger; + +/** + * Tests rely on the BigInteger class. + */ +public class Ed25519FieldElementTest extends AbstractFieldElementTest { + + protected FieldElement getRandomFieldElement() { + return MathUtils.getRandomFieldElement(); + } + + protected BigInteger toBigInteger(FieldElement f) { + return MathUtils.toBigInteger(f); + } + + protected BigInteger getQ() { + return MathUtils.getQ(); + } + + protected Field getField() { + return MathUtils.getField(); + } + + @Test + public void canConstructFieldElementFromArrayWithCorrectLength() { + new Ed25519FieldElement(MathUtils.getField(), new int[10]); + } + + @Test (expected = IllegalArgumentException.class) + public void cannotConstructFieldElementFromArrayWithIncorrectLength() { + new Ed25519FieldElement(MathUtils.getField(), new int[9]); + } + + @Test (expected = IllegalArgumentException.class) + public void cannotConstructFieldElementWithoutField() { + new Ed25519FieldElement(null, new int[9]); + } + + protected FieldElement getZeroFieldElement() { + return new Ed25519FieldElement(MathUtils.getField(), new int[10]); + } + + protected FieldElement getNonZeroFieldElement() { + final int[] t = new int[10]; + t[0] = 5; + return new Ed25519FieldElement(MathUtils.getField(), t); + } + + @Test + public void toStringReturnsCorrectRepresentation() { + final byte[] bytes = new byte[32]; + for (int i=0; i<32; i++) { + bytes[i] = (byte)(i+1); + } + final FieldElement f = MathUtils.getField().getEncoding().decode(bytes); + + final String fAsString = f.toString(); + final StringBuilder builder = new StringBuilder(); + builder.append("[Ed25519FieldElement val="); + for (byte b : bytes) { + builder.append(String.format("%02x", b)); + } + builder.append("]"); + + Assert.assertThat(fAsString, IsEqual.equalTo(builder.toString())); + } + +} diff --git a/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/ed25519/Ed25519LittleEndianEncodingTest.java b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/ed25519/Ed25519LittleEndianEncodingTest.java new file mode 100644 index 0000000..a836921 --- /dev/null +++ b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/ed25519/Ed25519LittleEndianEncodingTest.java @@ -0,0 +1,107 @@ +package org.xbib.io.sshd.eddsa.math.ed25519; + +import org.xbib.io.sshd.eddsa.math.FieldElement; +import org.xbib.io.sshd.eddsa.math.MathUtils; +import org.hamcrest.core.IsEqual; +import org.junit.Assert; +import org.junit.Test; + +import java.math.BigInteger; +import java.security.SecureRandom; + +/** + * Tests rely on the BigInteger class. + */ +public class Ed25519LittleEndianEncodingTest { + + private static final SecureRandom random = new SecureRandom(); + + @Test + public void encodeReturnsCorrectByteArrayForSimpleFieldElements() { + // Arrange: + final int[] t1 = new int[10]; + final int[] t2 = new int[10]; + t2[0] = 1; + final FieldElement fieldElement1 = new Ed25519FieldElement(MathUtils.getField(), t1); + final FieldElement fieldElement2 = new Ed25519FieldElement(MathUtils.getField(), t2); + + // Act: + final byte[] bytes1 = MathUtils.getField().getEncoding().encode(fieldElement1); + final byte[] bytes2 = MathUtils.getField().getEncoding().encode(fieldElement2); + + // Assert: + Assert.assertThat(bytes1, IsEqual.equalTo(MathUtils.toByteArray(BigInteger.ZERO))); + Assert.assertThat(bytes2, IsEqual.equalTo(MathUtils.toByteArray(BigInteger.ONE))); + } + + @Test + public void encodeReturnsCorrectByteArray() { + for (int i=0; i<10000; i++){ + // Arrange: + final int[] t = new int[10]; + for (int j=0; j<10; j++) { + t[j] = random.nextInt(1 << 28) - (1 << 27); + } + final FieldElement fieldElement1 = new Ed25519FieldElement(MathUtils.getField(), t); + final BigInteger b = MathUtils.toBigInteger(t); + + // Act: + final byte[] bytes = MathUtils.getField().getEncoding().encode(fieldElement1); + + // Assert: + Assert.assertThat(bytes, IsEqual.equalTo(MathUtils.toByteArray(b.mod(MathUtils.getQ())))); + } + } + + @Test + public void decodeReturnsCorrectFieldElementForSimpleByteArrays() { + // Arrange: + final byte[] bytes1 = new byte[32]; + final byte[] bytes2 = new byte[32]; + bytes2[0] = 1; + + // Act: + final Ed25519FieldElement f1 = (Ed25519FieldElement)MathUtils.getField().getEncoding().decode(bytes1); + final Ed25519FieldElement f2 = (Ed25519FieldElement)MathUtils.getField().getEncoding().decode(bytes2); + final BigInteger b1 = MathUtils.toBigInteger(f1.t); + final BigInteger b2 = MathUtils.toBigInteger(f2.t); + + // Assert: + Assert.assertThat(b1, IsEqual.equalTo(BigInteger.ZERO)); + Assert.assertThat(b2, IsEqual.equalTo(BigInteger.ONE)); + } + + @Test + public void decodeReturnsCorrectFieldElement() { + for (int i=0; i<10000; i++) { + // Arrange: + final byte[] bytes = new byte[32]; + random.nextBytes(bytes); + bytes[31] = (byte)(bytes[31] & 0x7f); + final BigInteger b1 = MathUtils.toBigInteger(bytes); + + // Act: + final Ed25519FieldElement f = (Ed25519FieldElement)MathUtils.getField().getEncoding().decode(bytes); + final BigInteger b2 = MathUtils.toBigInteger(f.t).mod(MathUtils.getQ()); + + // Assert: + Assert.assertThat(b2, IsEqual.equalTo(b1)); + } + } + + @Test + public void isNegativeReturnsCorrectResult() { + for (int i=0; i<10000; i++) { + // Arrange: + final int[] t = new int[10]; + for (int j=0; j<10; j++) { + t[j] = random.nextInt(1 << 28) - (1 << 27); + } + final boolean isNegative = MathUtils.toBigInteger(t).mod(MathUtils.getQ()).mod(new BigInteger("2")).equals(BigInteger.ONE); + final FieldElement f = new Ed25519FieldElement(MathUtils.getField(), t); + + // Assert: + Assert.assertThat(MathUtils.getField().getEncoding().isNegative(f), IsEqual.equalTo(isNegative)); + } + } +} diff --git a/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/ed25519/Ed25519ScalarOpsTest.java b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/ed25519/Ed25519ScalarOpsTest.java new file mode 100644 index 0000000..3a1e18e --- /dev/null +++ b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/math/ed25519/Ed25519ScalarOpsTest.java @@ -0,0 +1,72 @@ +package org.xbib.io.sshd.eddsa.math.ed25519; + +import org.xbib.io.sshd.eddsa.Utils; +import org.xbib.io.sshd.eddsa.math.MathUtils; +import org.hamcrest.core.IsEqual; +import org.junit.Assert; +import org.junit.Test; + +import java.math.BigInteger; + +import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.is; +import static org.junit.Assert.assertThat; + +/** + * Additional tests by the NEM project team. + * + */ +public class Ed25519ScalarOpsTest { + + private static final Ed25519ScalarOps scalarOps = new Ed25519ScalarOps(); + + /** + * Test method for {@link org.xbib.io.sshd.eddsa.math.bigint.BigIntegerScalarOps#reduce(byte[])}. + */ + @Test + public void testReduce() { + // Example from test case 1 + byte[] r = Utils.hexToBytes("b6b19cd8e0426f5983fa112d89a143aa97dab8bc5deb8d5b6253c928b65272f4044098c2a990039cde5b6a4818df0bfb6e40dc5dee54248032962323e701352d"); + assertThat(scalarOps.reduce(r), is(equalTo(Utils.hexToBytes("f38907308c893deaf244787db4af53682249107418afc2edc58f75ac58a07404")))); + } + + @Test + public void reduceReturnsExpectedResult() { + for (int i=0; i<1000; i++) { + final byte[] bytes = MathUtils.getRandomByteArray(64); + final byte[] reduced1 = scalarOps.reduce(bytes); + final byte[] reduced2 = MathUtils.reduceModGroupOrder(bytes); + Assert.assertThat(MathUtils.toBigInteger(reduced1).compareTo(MathUtils.getGroupOrder()), IsEqual.equalTo(-1)); + Assert.assertThat(MathUtils.toBigInteger(reduced1).compareTo(new BigInteger("-1")), IsEqual.equalTo(1)); + Assert.assertThat(reduced1, IsEqual.equalTo(reduced2)); + } + } + + /** + * Test method for {@link org.xbib.io.sshd.eddsa.math.bigint.BigIntegerScalarOps#multiplyAndAdd(byte[], byte[], byte[])}. + */ + @Test + public void testMultiplyAndAdd() { + byte[] h = Utils.hexToBytes("86eabc8e4c96193d290504e7c600df6cf8d8256131ec2c138a3e7e162e525404"); + byte[] a = Utils.hexToBytes("307c83864f2833cb427a2ef1c00a013cfdff2768d980c0a3a520f006904de94f"); + byte[] r = Utils.hexToBytes("f38907308c893deaf244787db4af53682249107418afc2edc58f75ac58a07404"); + byte[] S = Utils.hexToBytes("5fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b"); + assertThat(scalarOps.multiplyAndAdd(h, a, r), is(equalTo(S))); + } + + @Test + public void multiplyAndAddReturnsExpectedResult() { + for (int i=0; i<1000; i++) { + final byte[] bytes1 = MathUtils.getRandomByteArray(32); + final byte[] bytes2 = MathUtils.getRandomByteArray(32); + final byte[] bytes3 = MathUtils.getRandomByteArray(32); + + final byte[] result1 = scalarOps.multiplyAndAdd(bytes1, bytes2, bytes3); + final byte[] result2 = MathUtils.multiplyAndAddModGroupOrder(bytes1, bytes2, bytes3); + + Assert.assertThat(MathUtils.toBigInteger(result1).compareTo(MathUtils.getGroupOrder()), IsEqual.equalTo(-1)); + Assert.assertThat(MathUtils.toBigInteger(result1).compareTo(new BigInteger("-1")), IsEqual.equalTo(1)); + Assert.assertThat(result1, IsEqual.equalTo(result2)); + } + } +} diff --git a/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/spec/EdDSANamedCurveTableTest.java b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/spec/EdDSANamedCurveTableTest.java new file mode 100644 index 0000000..caca919 --- /dev/null +++ b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/spec/EdDSANamedCurveTableTest.java @@ -0,0 +1,24 @@ +package org.xbib.io.sshd.eddsa.spec; + +import static org.hamcrest.Matchers.*; +import static org.junit.Assert.*; + +import org.junit.Test; + +/** + * + */ +public class EdDSANamedCurveTableTest { + /** + * Ensure curve names are case-inspecific + */ + @Test + public void curveNamesAreCaseInspecific() { + EdDSANamedCurveSpec mixed = EdDSANamedCurveTable.getByName("Ed25519"); + EdDSANamedCurveSpec lower = EdDSANamedCurveTable.getByName("ed25519"); + EdDSANamedCurveSpec upper = EdDSANamedCurveTable.getByName("ED25519"); + + assertThat(lower, is(equalTo(mixed))); + assertThat(upper, is(equalTo(mixed))); + } +} diff --git a/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/spec/EdDSAPrivateKeySpecTest.java b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/spec/EdDSAPrivateKeySpecTest.java new file mode 100644 index 0000000..95b2004 --- /dev/null +++ b/files-eddsa/src/test/java/org/xbib/io/sshd/eddsa/spec/EdDSAPrivateKeySpecTest.java @@ -0,0 +1,59 @@ +package org.xbib.io.sshd.eddsa.spec; + +import static org.hamcrest.Matchers.*; +import static org.junit.Assert.*; +import org.xbib.io.sshd.eddsa.Utils; + +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.ExpectedException; + +/** + * + */ +public class EdDSAPrivateKeySpecTest { + static final byte[] ZERO_SEED = Utils.hexToBytes("0000000000000000000000000000000000000000000000000000000000000000"); + static final byte[] ZERO_H = Utils.hexToBytes("5046adc1dba838867b2bbbfdd0c3423e58b57970b5267a90f57960924a87f1960a6a85eaa642dac835424b5d7c8d637c00408c7a73da672b7f498521420b6dd3"); + static final byte[] ZERO_PK = Utils.hexToBytes("3b6a27bcceb6a42d62a3a8d02a6f0d73653215771de243a63ac048a18b59da29"); + + static final EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName("Ed25519"); + + @Rule + public ExpectedException exception = ExpectedException.none(); + + /** + * Test method for {@link EdDSAPrivateKeySpec#EdDSAPrivateKeySpec(byte[], EdDSAParameterSpec)}. + */ + @Test + public void testEdDSAPrivateKeySpecFromSeed() { + EdDSAPrivateKeySpec key = new EdDSAPrivateKeySpec(ZERO_SEED, ed25519); + assertThat(key.getSeed(), is(equalTo(ZERO_SEED))); + assertThat(key.getH(), is(equalTo(ZERO_H))); + assertThat(key.getA().toByteArray(), is(equalTo(ZERO_PK))); + } + + @Test + public void incorrectSeedLengthThrows() { + exception.expect(IllegalArgumentException.class); + exception.expectMessage("seed length is wrong"); + EdDSAPrivateKeySpec key = new EdDSAPrivateKeySpec(new byte[2], ed25519); + } + + /** + * Test method for {@link EdDSAPrivateKeySpec#EdDSAPrivateKeySpec(EdDSAParameterSpec, byte[])}. + */ + @Test + public void testEdDSAPrivateKeySpecFromH() { + EdDSAPrivateKeySpec key = new EdDSAPrivateKeySpec(ed25519, ZERO_H); + assertThat(key.getSeed(), is(nullValue())); + assertThat(key.getH(), is(equalTo(ZERO_H))); + assertThat(key.getA().toByteArray(), is(equalTo(ZERO_PK))); + } + + @Test + public void incorrectHashLengthThrows() { + exception.expect(IllegalArgumentException.class); + exception.expectMessage("hash length is wrong"); + EdDSAPrivateKeySpec key = new EdDSAPrivateKeySpec(ed25519, new byte[2]); + } +} diff --git a/files-eddsa/src/test/resources/org/xbib/io/sshd/eddsa/math/baseDblPrecmp b/files-eddsa/src/test/resources/org/xbib/io/sshd/eddsa/math/baseDblPrecmp new file mode 100644 index 0000000..1e6fd93 --- /dev/null +++ b/files-eddsa/src/test/resources/org/xbib/io/sshd/eddsa/math/baseDblPrecmp @@ -0,0 +1,40 @@ + { + { 853b8cf5c693bc2f190e8cfbc62d93cfc2423d6498480b2765bad4333a9dcf07 }, + { 3e9140d70539109db3be40d1059f39fd098a8f683484c1a56712f898922ffd44 }, + { 68aa7a870512c9ab9ec4aacc23e8d9268c5943ddcb7d1b5aa8650c9f687b116f }, + }, + { + { 3097ee4ca8b025af8a4b86e830845a023267019f02501bc1f4f8809a1b4e167a }, + { 65d2fca4e81f61567dbac1e5fd53d33bbdd64b211af3318162da5b558715b92a }, + { 89d8d00d3f93ae1462da351c222394584cdbf28c45e570d1c6b4b912af26285a }, + }, + { + { 33bba50844bc12a202ed5ec7c348508d44ecbf5a0ceb1bddeb06e246f1cc4529 }, + { bad647a4c382917fb729274bd11400d587a064b81cf13ce3f3551beb737e4a15 }, + { 85822a81f1dbbbbcfcd1bdd007080e272da7bd1b0b671bb49ab63b6b69beaa43 }, + }, + { + { bfa34e94d05c1a6bd2c09db33a357074492e54288252b2717e923c2869ea1b46 }, + { b12132aa9a2c6fbaa723ba3b5321a06c3a2c19924f76ea9de017532e5ddd6e1d }, + { a2b3b801c86d83f19aa43e05475f03b3f3ad7758ba419c52a7900f6a1cbb9f7a }, + }, + { + { 2f63a8a68a672e9bc546bc516f9e50a6b5f586c6c933b2ce597fdd8a33edb934 }, + { 64809d037e216ef39b4120f5b681a09844b05ee708c6cb968f9cdcfa515ac049 }, + { 1baf4590bfe8b4062fd219a7e883ffe216cfd49329fcf6aa068b001b0272c173 }, + }, + { + { de2a808a8400bf2f272e3002cffed9e50634701771843e11af8f6d54e2aa7542 }, + { 48438649025b5f318183087769b3d63e95eb8d6a5575a0a37fc7d5298059ab18 }, + { e98960fdc52c2bd8a4e48232a1b41e0322861ab59911314448f93db52255c63d }, + }, + { + { 6d7f00a222c270bfdbdebcb59ab384bf07ba07fb120e7a5341f246c3eed74f23 }, + { 93bf7f323b016f506b6f779bc9ebfcae6859adaa32b2129da72460172d886702 }, + { 78a32e7319a1605371d48ddfb1e6372433e5a791f837efa2637809aafda67b49 }, + }, + { + { a0eacf1303ccce246d249c188dc24886d0d4f2c1fabdbd2d2be72df11729e261 }, + { 0bcf8c4686cd0b04d610992aa49b82d39251b20708300875bf5ed01842cdb543 }, + { 16b5d09b2f769a5deede3f374eaf38eb7042d6937d5a2e0342d8e40a21611d51 }, + }, diff --git a/files-eddsa/src/test/resources/org/xbib/io/sshd/eddsa/math/basePrecmp b/files-eddsa/src/test/resources/org/xbib/io/sshd/eddsa/math/basePrecmp new file mode 100644 index 0000000..208136b --- /dev/null +++ b/files-eddsa/src/test/resources/org/xbib/io/sshd/eddsa/math/basePrecmp @@ -0,0 +1,1344 @@ +{ + { + { 853b8cf5c693bc2f190e8cfbc62d93cfc2423d6498480b2765bad4333a9dcf07 }, + { 3e9140d70539109db3be40d1059f39fd098a8f683484c1a56712f898922ffd44 }, + { 68aa7a870512c9ab9ec4aacc23e8d9268c5943ddcb7d1b5aa8650c9f687b116f }, + }, + { + { d7713c93fce72492b5f50f7a969d469f0207d6e1659aa65a2e2e7da83f060c59 }, + { a8d5b44260a5998af6ac604e0c812b8faa376eb16b239ee05525c969a695b56b }, + { 5f7a9ba5b3a8fa4378cf9a5ddd6bc136316a3d0b84a00f50730ba53eb1f51a70 }, + }, + { + { 3097ee4ca8b025af8a4b86e830845a023267019f02501bc1f4f8809a1b4e167a }, + { 65d2fca4e81f61567dbac1e5fd53d33bbdd64b211af3318162da5b558715b92a }, + { 89d8d00d3f93ae1462da351c222394584cdbf28c45e570d1c6b4b912af26285a }, + }, + { + { 9f09fc8eb95173283825fd7df4c6656765920afb3d8d34ca2787e52103910e68 }, + { bf1868050a05fe95a9fa605671897e327350a006cde3e8c39aa445744c3f9327 }, + { 09ff76c4e9fb135a72c15c7b45399e6e94442b10f9dcdb5d2b3e5563bf0c9d7f }, + }, + { + { 33bba50844bc12a202ed5ec7c348508d44ecbf5a0ceb1bddeb06e246f1cc4529 }, + { bad647a4c382917fb729274bd11400d587a064b81cf13ce3f3551beb737e4a15 }, + { 85822a81f1dbbbbcfcd1bdd007080e272da7bd1b0b671bb49ab63b6b69beaa43 }, + }, + { + { 31711577ebee0c3a88afc8008915279b36a759da68b66580bd38cca2b67be551 }, + { a48c7d7bb60698493927d22784e25b57b9534520e75c08bb847841ae414cb638 }, + { 714bea026732ac8501bba14103e070be44c13b084ba2e453e3610d9f1ae9b810 }, + }, + { + { bfa34e94d05c1a6bd2c09db33a357074492e54288252b2717e923c2869ea1b46 }, + { b12132aa9a2c6fbaa723ba3b5321a06c3a2c19924f76ea9de017532e5ddd6e1d }, + { a2b3b801c86d83f19aa43e05475f03b3f3ad7758ba419c52a7900f6a1cbb9f7a }, + }, + { + { 8f3edd046659b7592c7088e27703b36c23c3d95e669c33b12fe5bc6160e71509 }, + { d93492f3ed5da7e2f958b5e180763d96fb233c6eac41272cc3010e32a124903a }, + { 1a91a2c9d9f5c1e7d7a7cc8b7871a3b8322ab60e19126463954ecc2e5c7c9026 }, + }, +}, +{ + { + { 1d9c2f630eddcc2e1531897696b6d051587a63a86bb7df5239ef0ea0497dd36d }, + { 5e51aa4954635bed3a82c60b9fc465a8c4d1425be91f0c85b915d3036f6dd730 }, + { c7e406211744446c697f8d9280d653fb263f4d69a49e73b4b04b862e1197c610 }, + }, + { + { 05c85883a02aa60c4742207ae34a3d6adced113ba6d36474ef060855af9bbf03 }, + { de5fbe7d27c49364a27ead19ad4f5d2690453046c8df000e09fe66edab1ce625 }, + { 046658cc28e1133f7e7459b4ec73586ff56812cced3db6a02ce2864563786d56 }, + }, + { + { d02f5ac6854205a1c36716f32a11646c58ee1a7340e20a682ab29347f3a5fb14 }, + { 3408c19c9fa4371651c49ba8d5568ebcdbd27f7f0fecb51cd935cc5eca5b9733 }, + { d4f785691646d73c5700c8c9845e3e591e13617bb6f2c32f6c52fc83ea9c8214 }, + }, + { + { b8ec714e2f0be721e377a440b9dd56e6804f1dcece5665bf7e7b5d53c43bfc05 }, + { c295dd97847b43ffa7b54eaa304e746c8be8853c615d0c9e7381755f1ec7d92f }, + { dddeaf52aeb3b824cf303bed8c6395349581bea983bca433041f655c47673737 }, + }, + { + { 90652414cb9540633555c116401412ef60bc10890c14389e8c7c90305790f56b }, + { d9add140fd99ba2f27d0f4966f1607b3ae3bf01552f0634399f9183b6ca5be1f }, + { 8a5b41e1f178a70f7ea7c3baf79f4006509aa29ab8d7526f565a637af61c5202 }, + }, + { + { e45e2f77206714b1ce9a0796b194f8e84a82ac004d22f84ac46ccdf7d9531700 }, + { 94529d0a0bee3f51665adf0f5ce7988fce07e1bf888661d4ed2c38717e0aa03f }, + { 34db3d962d23693c583897b4da87de1d85f291a0f9d1d7aab6ed48a02ffeb512 }, + }, + { + { 921e6fad267c2bdf13894b5023d3664bc38b1c75c09d408cb8c79607c2937e6f }, + { 4de3fc96c4fbf071ed5bf3ad6b82b97361c528ff617204d26f20b16ff9769b74 }, + { 05aea6ae04f65a1f999ce4bef15123c1666bffeeb508a8615121e0010fc1ce0f }, + }, + { + { 454e24c49dd2f23d0aded893740e022b4d210c827e06c86c0ab9ea6f16793741 }, + { 441efe49a6584d647e77ad31a2aefc21d2d07f885a1c4402f311c58371aa0149 }, + { f0f81a8c54b7b108b49962247c7a0fce39d9061ef9b060f713126d727b88bb41 }, + }, +}, +{ + { + { ae91667c594c237ec8b4850a3d9d8864e7fa4a350cc9e2da1d9e6a0c071e870a }, + { be464374447de840252bb515d4da481d3e603ba1188a3a7cf7bdcd2fc128b74e }, + { 8989bc4b99b501336042dd5b3aae6b733c9ed519e2ad610d64d485260f30e73e }, + }, + { + { 18751e844779fa43d7469c6359fac6e5742b05e31d5e06a13090b8cfa2c6477d }, + { b7d67d9ee455d2f5ac1e0b615c111680ca87e1925d97993cc225919762578113 }, + { e0d6f08e14d0da3f3c6f54919a743e9d5781bb261062ec7180ecc9348df58c14 }, + }, + { + { 6d75e49a7d2f57e27f48f388bb45c3568da860696d0bd19fb9a1ae4eadeb8f27 }, + { 27f03479f692a446a90a84f6be849946541861892abca15cd4bb5dbd1efaf23f }, + { 6639938c1f68aab1980c29209c94218c523c9d21915211397b679cfe02dd0441 }, + }, + { + { b86a09db064e2181354fe40cc9b6a821f52a9e402ac1246581a4fc8ea4b56501 }, + { 2a4224115ebfb272b53aa398330cfaa166b652fa0161cb94d553afaf003b862c }, + { 766a84a074a490f1c07c2fcd84f9ef128f2baa5806295e69b8c8febfd9671b59 }, + }, + { + { 5db5189f71b3b9991e648ca1fae565e4ed059fc2361108618b123070864f9b48 }, + { fa9bb4801c0d2f318aecf3ab5e517959881cf09ec0337072cb7b8fcac72ee03d }, + { ef92eb3a2d1032d261a81661b45362e124aa0b19e7ab7e3dbfbe6c49bafbf549 }, + }, + { + { 2e579c1e8c625d15414788c5ac864d8aeb635751f652a3915b516788c2a6a106 }, + { d4cf5b8a109a9430eb7364bc70dd40dc1c0d7c30c194c292746efacb6da80456 }, + { b664177cd4d18872518b41e040115472d1f6ac18601a039fc64227fe899e9820 }, + }, + { + { 2eecea858b277416df2bcb7a07dc21565af4cb61164c0a64d39505f750990b73 }, + { 7fcc2d3afd77974992d84fa52c7c8532a0e307d264d879a2297ea60c1ded0304 }, + { 52c54e87352d4bc98d6f2498cfc8e6c5ce35c016fa46cbf7cc3d30084345d75b }, + }, + { + { 2a79e7152193c485c9ddcdbda2894cc662d7a3ada83d1e9d2cf8673012dbb75b }, + { c24cb22895d19a7f81c1356365546b7f3672c04f6eb6b86683ad807300783a13 }, + { be62cac667f46109ee521921d621ec047047d59b77602318d2e0f0586dca0d74 }, + }, +}, +{ + { + { 3c437804578c1a239d4381c20e27b5b79f07d9e3ea99aadbd9032b6c25f5032c }, + { 4ececf5207ee48dfb708ec06f3faffc3c45954b92a0b71058da33e96fa251d16 }, + { 7da4537b75180f7979580ccf30017b30f9f77e25773d9031afbb96bdbd689469 }, + }, + { + { 4819a96ae63dddd8ccd2c02fc26450482feafd346624489b3a2e4a6c4e1c3e29 }, + { cffedaf4462f1fbdf7d67fa41401ef7c7fb3474adafd1fd385579073a4195252 }, + { e11251924b136e37a05da1dcb578377011311c46af8945b02328037f445c605b }, + }, + { + { 4cf0e7f0c6fee93b6249e3759e576a861ae61d1e16ef4255d5bd5accf4fe122f }, + { 897cc420598065b9cc8f3b920c10f0e777efe20265250100eeb3aea8ce6da724 }, + { 40c7c0dfb222450a07a4c9407f6ed01068f6cf784114cfc69037a418257b605e }, + }, + { + { 14cf96a51c432ca000e4d3ae402dc4e3db260f2e802645d26870459e13331f20 }, + { 1818df6c8f1db358a25862c34fa7cf356e1de6664fffb3e1f7d5cd6cabac6750 }, + { 519d03086b7f52fd06007c016449b118a8a4252eb00e22d57503466288ba7c39 }, + }, + { + { e77913c8fbc31578f12ae1dd209461a6d5fda885f8c0a9ff52c2e1c122401b77 }, + { b25959f09330c1307679a9e98da13ae2265e1d7291d42f223a6c6e7620d33923 }, + { a72f3a5186d97dd808cfd4f9719bacf5b383a21e1bc36bd0761a971992181a33 }, + }, + { + { af72759d3a2f51269e4a076888e2cb5bc4f78011c1c1ed847ba649f69f61c91a }, + { c6804ffb456f16f5cf75c761dec7369c1cd941901be8d4e321febd836b7c1631 }, + { 68104b5242382bf287e99cee3b346850c850624a84719dfc11b1081f34362461 }, + }, + { + { 38262d1ae349638b35fdd39b00b7df9da46ba0a3b8f18b7f4504d97831aa2215 }, + { 8d894e87db419dd920dc076cf1a5fe09bc9b0fd0672c3d7940ff5e9e30e2eb46 }, + { 38496169532f382c106d2db79a40feda27f246b69133c8e86c302405f570fe45 }, + }, + { + { 911495c82049f262a20c633fc807f005b8d4c9f5d245bb6f45227ab56d9f6116 }, + { 8c0b0c96a67548da202f0eef76d0685bd48f0b3dcf51fb07d492e3a023168d42 }, + { fd08a301444a4f08accaa576c31922a87dbcd14346deb8dec638bd602d59811d }, + }, +}, +{ + { + { e8c5857b9fb66587b2ba68d18b67f06f9b0f331d7ce7703a7c8eafb0516d5f3a }, + { 5fac0da65687366157dcabeb6a2fe0177d0fce4c2d3f197ff0dcec89774a2320 }, + { 52b27871b60dd27660d11ed5f9341c077011e4b3204a2af666e3ff3c3582d67c }, + }, + { + { f3f4ac6860cd65a6d3e3d73c182dd942d92560339d385957ffd82c2b3b25f03e }, + { b6fa87d85ba4e10b6e3b40ba326a842a00606ee9121092d94309dc3b86c83828 }, + { 3050464acfb06bd1ab77c515416b49fa9d41abf48aaecf821228a806a6b8dc21 }, + }, + { + { ba3177befa008d9a89189e627e6003827fd9f3433702ccb28b676f6cbf0d845d }, + { c89f9d8c4604605ccba32ad46e0940259c2fee124c4d5b12ab1da39481d0c30b }, + { 8be19f300d386e70c765e1b9a62db06eab20ae7d99babb57dd96c12a2376423a }, + }, + { + { cb7e44db72c1f83bbd2d28c61fc4cf5ffe15aa75c0ffac80f9a9e124e8c97007 }, + { fa84708a2c43424b45e5b9dfe3198a895de4589c21009fbed1eb6da1ce77f11f }, + { fdb5b5459ad961cf24793a1be9840986893e3e30190930e71e0b5041fd64f239 }, + }, + { + { e17b09feab4a9bd12919e0dfe1fc6da4fff1a62c9408c9c34ef1352c2721c665 }, + { 9ce2e7db1734ada79c139c2b6a3794bda97b59938e1be9a04098886834d71217 }, + { dd9331cef8892be7bbc025a15633104d83fe1c2e3da9190472e29cb10a80f922 }, + }, + { + { acfd6e9add9f02424149a534bece12b97bf3bd87b9640f64b4ca9885d3a47141 }, + { cbf89e3e8a365a60154750a522c0e9e38f24245fb0483d55e5267664cd16f413 }, + { 8c4cc999aa5827fa07b800b06f6f00239253daaddd91d2fbabd14b57fa148250 }, + }, + { + { d603d053bb151a4665c9f3bc882810b25a3a686c7576c52747b46cc8a458773a }, + { 4bfed63e156902c2c4771d5139675aa694af142c4626decb4ba7ab6fec60f922 }, + { 7650ae93f6118154a654fd1ddf21ae1d655e11f3908c241294f4e78d5fd19f5d }, + }, + { + { 1e52d7ee2a4d243f15962e4328903a8ed4169c2e77ba64e1d898eb47fa87c13b }, + { 7f72636dd308140333b5c7d7ef9a376a4be2aeccc58fe1a9d3be8f4f91352f33 }, + { 0cc286ea1501476d25d1466ccbb78a998801663ab53278d703ba6f90ce810d45 }, + }, +}, +{ + { + { 3f74ae1c96d874d0ed631ceef5186df829edf4e75bc5bd9708b13a6679d2ba4c }, + { 755220a6a1b67b6e838e3c41d7214faab25c8fe855d1566fe15b34a64b5de22d }, + { cd1fd7a02490d180f88a28fb0ac225c519643a5f4b97a3b1337200e2efbc7f7d }, + }, + { + { 9490c2f3c55d7ccdab05912a9aa281c758301c42361dc680d7d4d8dc96d19c4f }, + { 01286b266a1eeffa169f73d5c4686c862c76031bbc2f8af68d5ab7875e437559 }, + { 68377b6ad8979219637ad11a2458d0d0170c1c5cad9c02ba07037a3884d0cd7c }, + }, + { + { 93cc606718840c9b992ab31a7a00aecd18da0b6286ec8da844ca908184ca9335 }, + { 1704266d2c42a6dcbd408294503d15ae77c668fbb4c1c0a953cfd061edd08b42 }, + { a79a845e9a181392cdfad86535c3d8d4d1bbfd535b54528ce6632dda08833927 }, + }, + { + { 5324700a4c0ea1b9de1b7dd56658a20ff7da27cdb5d9b9fffd332c4945292c57 }, + { 13d45e43288dc342c9cc783260f350bdef03da791aab07bb55338cbeae979526 }, + { be30cdd645c77fc7fbaebae3d3e8dfe40cda5daa30882ca280ca5bc09854987f }, + }, + { + { 6363bf0f521556d3a6fb4dcf455a0408c2a03f87bc4fc2eee7129bd63c65f230 }, + { 17e10b9f88ce493888a2547b1bad05801c92fc239fc3a33d04f3310a47ecc276 }, + { 850cc1aa38c9088acb6b27db609b174670ac6f0e1ec020a9da736459f173122f }, + }, + { + { c00ba755d78b4830e742d4f1a4b5d606626159bc9ea6d1ea84f7c5ed9719ac38 }, + { 111ee08a7cfc39479fab6a4a907452fd2e8f7287828ad941f2695bd82a579e5d }, + { 3bb151a717b566068c859b7e86067d7449de4d4511c0acac9ce6e9bf9ccddf22 }, + }, + { + { a1e03b10b459ec5669f959d2ecbae32e32cdf51394b27c7972e4cd247887e90f }, + { d90c0dc3e0d2db8d3343bbac5f668ead1f962a328c256b8fc7c14854c016296b }, + { 3b91ba0ad134db7e0eac6d2e82cda34e15f87865ff3d0866170af07f303f304c }, + }, + { + { 0045d90d5803fc2993ecbb6fa47ad2ecf8a7e2c25f150a13d5a106b71a156b41 }, + { 858cb217d63b0ad3ea3b7739b777d3c5bf5c6a1e8ce7c6c6c4b72a8bf7b8610d }, + { b036c1e9efd7a856204be458cde507bdabe0571bda2fe6afd2e87742f72a1a19 }, + }, +}, +{ + { + { fb0e464f432be69fd60736a6d403d3de24daa0b70e2152f0935b5400be7d7e23 }, + { 31143cc54bf716cedeed7220ce25972be73eb2b56fc3b9b808c95c0b450e2e7e }, + { 30b40167ed75350110fd0b9fe6941023227fe483150f3275e35511b199a6af71 }, + }, + { + { d6503b471c3c42ea10ef383b1f7ae85195bec9b25fbf849b1c9af878bc1f7300 }, + { 1db653399b6fce65e641a1afea3958c6fe59f7a9fd5f430f8ec2b1c2e9421102 }, + { 8018f84818c730e419c1ce5e220c96bfe315ba6b83e0dab60858e147336f4d4c }, + }, + { + { 70198f98fcdd0c2f1bf5b9b02762916bbe769177c4b6c76ea89f8fa80095bf38 }, + { c91f7dc1cfecf718143c4051a6f5756cdf0ceef72b71dedb227ae4a7aadd3f19 }, + { 6f87e8373cc9d21f2c46d1185a1ef6a27612243982f5805069490dbf9eb96f6a }, + }, + { + { c623e4b6b522b1ee8eff86f210709d938c5dcf1d832aa99010ebc5429fda6f13 }, + { eb550856bbc1466a9df093f838bb1624c1ac718f37111dd7ea9618a31469f775 }, + { d1bd05a3b1df4cf9082cf89f9d4b360f8a58bbc3a5d8872abadce80b51832102 }, + }, + { + { 7f7a304301715a9d5fa47dc49ede63b0d37a92be52febb226c4240fd41c48713 }, + { 142dad5e3866f74a30587cca80d88ea03d1e2110e6a6130d036c807be11c076a }, + { f88a9787d1c3d3b513440e7f3d5a2b72a07c47bb48487b0d92dc1eaf6ab27131 }, + }, + { + { d1478ab2d8b70da6f1a47017d614bfa658bddd5393f8a1d4e9434234634a516c }, + { a84c569790312fa919e175224cb87bff505187a437fe554f5a83f03c87d41f22 }, + { 4163153a4f2022232d030abae9e073fb0e030f414cdde0fcaa4a92fb96a5da48 }, + }, + { + { 93974cc85d1df614068241efe3f94199ac7762348fb8f5cda9798a0efa37c858 }, + { c79ca55c668eca6ea0ac382e4b2547a8ce171ed208c7af31f74ad8cafcd66d67 }, + { 5890fc968568f90c1ba0567bf3bbdc1d6ad635497de7c2dc0a7fa5c6f2734f1c }, + }, + { + { 84347cfc6e706eb361cfc1c3b4c9df73e5c71c78c9791deb5c67af7ddb9a4570 }, + { bba05f30bd4f7a0ead63c654e04c9d824838e32f83c321f4424cf61b0dc85a79 }, + { b32bb49149db911bcadc024b23962657dc788c1fe59edf9fd31fe28c8462e15f }, + }, +}, +{ + { + { 08b27c5d2d857928e7f27d6870dddeb891786821abff0bdc35aa7d6743c0442b }, + { 1a9694e14f21594e4fcd710dc77dbe492df2503bd2cf0093327291fc46d48947 }, + { 8eb74e07ab871c1a67f4da998ed1c6fa67904f48cdbbac3ee4a4b92bef2ec560 }, + }, + { + { 116dae7cc2c52b70ab8ca4549b69c744b22e49ba5640bcef6d67b6d94872d770 }, + { f18bfd3bbc895d0b1a55f3c937926bb0f52830d5b0164c0eabcacf2c319cbc10 }, + { 5ba0c23e4be88aaae08117edf49e6998d1858e70e413457913f476a9d35b7563 }, + }, + { + { b7acf1971810c73dd8bb65c15e7dda5d0f02a10f9c5b8e50562ac53717756327 }, + { 5308d12a3ea05fb56935e69e90756f3590b869befdf1f99f846fc18bc4c18c0d }, + { a919b46ed3029402a560b4777e4eb4f056493cd43062a8cfe766d17a8addc270 }, + }, + { + { 137eedb87d96d4917a8176d70a2f25746425850de08209e4e53ca5163861b832 }, + { 0eec6f9f509461658d51c646a97e2eee5c9be067f3c133979584946363ac0f2e }, + { 64cd48e4bef7e779d0867808673ac86a2edbe4a0d9d49ff8414f5a735c217941 }, + }, + { + { 34cd6b28b933aee4dcd69d55b67eefb71f8ed3b31f148b2786c241226685fa31 }, + { 2aeddcd7e794708c709cd347c38afb9702d906a933e03be1769dd90ca3440370 }, + { f422362e426c82af2d503398872920c12391382be1b7c19b892495a91223bb24 }, + }, + { + { 6b5cf8f52a0cf8419467fa04c3847268ad1bbaa399df4589165debfff92a1d0d }, + { c367de3217eda8b148491b461894b43cd2bccf764343bd8e0880181e873eee0f }, + { df1e6232a18adaa979652259a122b83093c19aa77b190440761d531897d7ac16 }, + }, + { + { adb68778c5c659c9bafe905fad9ee19404f542a3624ee216001716184bd34e16 }, + { 3d1d9b2daf72df725a2432a4362a46633796b31679a0ce3e092330b9f60e3e12 }, + { 9ae62f194cd97e481315913aea2cae6127dea4b9d3f67b87ebf37310c60fda78 }, + }, + { + { 943a0c68f1809fa2e6e7e91a157ef7717379014858f10011dd8db316b3a44a05 }, + { 6ac62be5285df15b8e1af07018e3472cdd8bc206bcaf19243a176b25ebde252d }, + { b87c26198d46c8dfaf4de5669c78280b17ec6e662a1deb2a60a77daba6104613 }, + }, +}, +{ + { + { 15f5d177e7652acdf160aa8f87918954e506bcdabc3bb7b1fbc97ca9cb784865 }, + { feb0f68dc78e13511bf575e589da9753b9f17a711d7a200950d6202bbafd0221 }, + { a1e65c0505e49e9629ad511268a7bc3615a47daa17f51a3abab2ec29db25d70a }, + }, + { + { 856f059b0cbcc7fed7fff5e768527d53faae124362c6af77d99f3902535f674f }, + { 57244e83b16742dcc51bce70b54475b6d75ed1f70b7af01a5036a071fbcfef4a }, + { 1e17150436362dc33b48988911ef2bcd105194d0ad6e0a876165a8a272bbcc0b }, + }, + { + { 9612fe504c5e6d187e9fe8fe827b39e0b0317050c5f6c73bc2378f1069fd7866 }, + { c8a9b1ea2f965e18cd7d146535e6e786f26d5bbb31e092b03eb7d659abf02440 }, + { c263686331fa8615f2332d57488cf607fcae9e789fcc734f0147ad8e10e2422d }, + }, + { + { 9375530f0d7b71214c061e130b694e919fe02a75ae87b61b6e3c429ba7f30b42 }, + { 9bd2df941513f5976a4c3f315d98556110504508073fa1eb22d3d2b808266b67 }, + { 472b5b1c65ba3881801b1b31ecb67186b03531bcb10cff7be0f10c9cfa2f5d74 }, + }, + { + { 6a4ed32157df3660d0b37b992788dbb1fa6a75c8c309c2d339c81d4ce55be106 }, + { bdc8c92b1e5a52bf819d472608265beadb5501df0ec711d5d0f50c96eb3ce21a }, + { 4a993219875d725bb0dab1ceb51c353205cab7da4915c47df7c18e2761d8de58 }, + }, + { + { a8c9c2b6a85bfb2d8c592cf58eefee4873152df107918033d85b1d536b69ba08 }, + { 5cc566f2933717d8494e45ccc576c9c8a8c326bcf882e35cf9f68554e89df32f }, + { 7ac5efc3ee3eed771148ffd41755e004cb71a6f13f7a3dea54fe7c94b4330612 }, + }, + { + { 0a1012494731bd8206be6f7e6d7b23dec679ea1119761ee1de3b39cbe33b4307 }, + { 420061917898940be8faebec3cb1e74ec0a4f0949573be708591d5b4990ad335 }, + { f497e95cc04479ffa3515cb0e43d5d577c84765afd8133589fdaf67ade3e872d }, + }, + { + { 81f95d4ee10262aaf5e1155017590da26c1de2bad375a218530260018a614305 }, + { 0934374364317a15d981aaf4eeb7b8fa0648a6f5e6fe93b0b6a77f705436772e }, + { c1234c97f4bdea0d9346ce9d250a6faa2cba9aa2b82c20040d96072d3643144b }, + }, +}, +{ + { + { cb9c521ce9547c96fb35c6649226f63065191278f4af47275c6ff6ea18840317 }, + { 7a1f6eb6c7b7c4cc7e2f0cf5257e15441caf3e71fc6df03ef763da5267442f58 }, + { e44c3220d37b31c6c48b48a4e84210a864135a4e8bf11eb2c98da2cd4b1c2a0c }, + }, + { + { 4569bd694881c4ed228d1cbe7d906d0dabc55cd512d23bc683dc14a3309b6a5a }, + { 47041f6fd0c74dd259c087db3e9e26b28fd2b2fb72025bd17748f6c6d18b557c }, + { 3d4696d32415ecd0f0245ac38a62bb12a45fbc1c793a0ca5c3affb0acaa50404 }, + }, + { + { d16f412a1b9ebc628b5950e328f7c6b567695d3dd83f340498eef8e716755239 }, + { d643a70a07401f8ce85e265bcbd0baccded28f666b044b573396ddcafd5b3946 }, + { 9c9a5d1a2ddb7f112a5c00d1bc45779cea6fd554f1bed4ef16d022e8299a5776 }, + }, + { + { f234b45213b53c33e180de93492832d8ce350d75872851b5c177272abb14c502 }, + { 172ac0497e8eb6457fa3a9bca251cd231b4c22ec115fd63eb1bd059edc84a343 }, + { 45b6f18bdad54b68534bb5f67ed38bfb53d2b0a9d71639315980546109926011 }, + }, + { + { cd4d9b361656387a63355c65a72cc0752180f1d4f91bc27d42e0e691747d632f }, + { aacfda2969164db48f5913844c9f52da59553d45ca63efe90b8e69c55b121e35 }, + { be7bf61a469bb4d46189abc87a0303d6fb99a6f99fe1de719a2acee7062d187f }, + }, + { + { 2275218e724b4509d8b884d4f4e858aa3c90467f4d2558d317521c2443c0ac44 }, + { ec6801ab648e7c7a43c5ed15554a5acbda0ecd47d3195509b0933e348cacd467 }, + { 77577a4fbb6b7d1ce1138391d4fe358b84466bc9c6a1dc4abd71ad12831c6d55 }, + }, + { + { 21e81bb15667f081ddf3a31023f8af0f5d46996a55d0b2f8057f8ccc38be7a09 }, + { 82398d0ce340ef1734faa3153e07f7316e647307cbf3214fff4e821d6d6c6c74 }, + { a42da57e87c9490c431ddc9b5569434cd2ebccf709382c02bd84ee4ba3147e57 }, + }, + { + { 2bd74dbdbecefe9411220f06da4f6af4ffd1c8c077594a12959200fbb8045370 }, + { 0a3ba761ac68e2f0f5a5913710fafaf2e9006d6b823ee1c1428fd76fe97efa60 }, + { c66e294d351d3db6d831ad5f3e05c3f3ec42bdb48c950b67fd5363a10c8e3921 }, + }, +}, +{ + { + { 0156b7b4f9aa982772ad8d5c1372ac5e23a0b76161aaced24e7d8fe984b2bf1b }, + { f3332b388a05f589b4c048ad0bbae25a6eb33da503b5938fe632a2959deda35a }, + { 6165d9c7e97767653680c77254122bcbee6e50d999320565cc57895e4ee1074a }, + }, + { + { 9ba477c4cd580b2417f04764deda38fdad6ac8a7328d921981a0af84ed7aaf50 }, + { 99f90d98cb12e44e71c76e3c6fd715a3fd775c92deeda5bb0234311d39ac0b3f }, + { e55bf61501de4f6eb209612121269829d9d6ad0b8105027806d0ebba16a32119 }, + }, + { + { 8bc1f3d99aad5ad79cc1b160ef0e6a56d90e5c25ac0b9a3ef5c762a0ec9d047b }, + { fc70b8df7e2f4289bdb3764feb6b292cf74dc236d4f13807b0ae73e241df5864 }, + { 834444357ae3cbdc93beed0f3379887587ddc512c3046078640e95c2cbdc9360 }, + }, + { + { 4b038460beeede6b54b80f78b6c2993195062db6ab763397907d648bc980316e }, + { 6d70e085859af31f3339e7b3d8a5d0363b458f71e1f2b9437ca9274808ead157 }, + { 71b028a1e7b67aeeaa8ba8936d59c1a4306121b282deb4f718bd97dd9d993e36 }, + }, + { + { c6ae4be2dc48182f60afbcba55729b7631e9ef3c6e3ccb9055b3f9c69b971f23 }, + { c41fee35c143a896cfc8e40855b36e9730d38cb501682fb42b053a69789bee48 }, + { c6f32acc4bde315c1f8d20fe30b04bb066b44fc109708db7132479089bfa9b07 }, + }, + { + { 4542d5a280edc9f35239f677788ba00a755408d163ac6dd76b63709415fbf41e }, + { f40d30da513a90e3b05aa93d236439848064350b2df13ced94718184f6778c03 }, + { ec7b165be65e4e85c2cdd096420a59599921109834dfb27256ff0b4a2ae95e57 }, + }, + { + { 01d8a40a45bc465dd8b933a52712afc3c206892b263b9e381b582f387e1e0a20 }, + { cf2f188a9080c0d4bd9d4899c270e130de33f75257bdba0500fdd32c11e7d443 }, + { c53af9ea67b98d51c05266059b98bc71f5977156d9852bfe384e1e6552ca0e05 }, + }, + { + { ea68e6607639ac9797b43a15febb199b9fa7ec34b579b14c57ae31a19fc05161 }, + { 9c0c3f45de1a43c39b3b70ff5e04f5e93d7b84edc97ad9fcc6f4581cc2e60e4b }, + { 965df0fd0d5cf53a7aeeb42ae02e26dd0917171287bbb2110b030f80fa24ef1f }, + }, +}, +{ + { + { 866b9730f5afd2220446d2c206b8908de5bae54d6c89a1dc170c34c8e65f0028 }, + { 9631a71afb53d6371864d73f3095940fb2173afb090b20ad3e61c82f29494d54 }, + { 888652349fbaef6aa17d102594ff1b5c364bd966cdbb5bf7fa6d310f9372e472 }, + }, + { + { 27762ad335f6f307f066655f864daa7a5044d02897e7853c3864e00f007fee1f }, + { 4f0881978c209526e10e45230b2a50b102deef03a6ae9dfd4ca333278c2e9d5a }, + { e5f7db03da055376bdcd341449f2daa4ec884ad2cdd54a7b430504ee5140f900 }, + }, + { + { 5397af07bb93efd7a766b73dcfd03e58c51e0b6ebf9869ce5204d45dd2ffb747 }, + { b230d3c3236b358d061b47b09b8b1cf23cb8426e6c316cb30db1ea8b7e9cd707 }, + { 12dd08bc9cfbfb879bc2eee13a6b068abfc11fdb2b24570db64ba65ea320351c }, + }, + { + { 59c06b21406fa8cd7ed8bc121d23bb1f9009c7179e6a95b4552ed1663b0c7538 }, + { 4aa3cbbca653d2809b213838a1c3613e96e3829801b6c3906fe60e5d77053d1c }, + { 1ae5229440f12e6971f65d2b3cc7c0cb29e04c74e74f01217c4830d3c7e22106 }, + }, + { + { f3f0dbb09617aeb796e17ce1b9afdf54b4a3aae9713092259d2e00a19c588e5d }, + { 8d835982cc6098afdc9a9fc6c148ea90301e586537482665bca5d37b09d60700 }, + { 4ba94208951dbfc03e2e8f5863c3d3b2efe251bb3814960a86bf1c3c78d78315 }, + }, + { + { c7289dcc044703908fc52cf79e671b1d26875bbe5f2be1160a58c5834e065849 }, + { e17aa25defa2eeec74016755143a7c597a160966122aa6c9708fed812e5f2a25 }, + { 0de866502694280d6b8c7c3085f7c3fcfd12110c78da531b88b343d80b179c07 }, + }, + { + { 56d0d5c050cdd6cd3b5703bb6d68f79a48efc3f33f72a63ccc8a7b31d7c06867 }, + { ff6ffa64e4ec060523e505621e43e3be42eab8512442793500fbc94ae305ec6d }, + { b3c155f1e525b694917b7b99a7f37b4100266b6ddcbd2cc2f452cddd145e4451 }, + }, + { + { 55a4be2bab473189299107924fa2538ca7f730be48f9494b3dd44f6e0890e912 }, + { 5149143b4b2b5057b3bc4b446bff678edb8563162769bdb8c89592e3316f1813 }, + { 2ebbdf7fb3960cf1f9ea1c125e939a9f3f985b3ac43611dfaf993e5df0e3b277 }, + }, +}, +{ + { + { a4b0dd129c6398d56b8624c0309fd1a560e4fc58032f7cd18a5e092e1595a107 }, + { dec42e9cc5a96f29cbf3844fbf618bbc08f9a817d906771c5d25d37afc95b763 }, + { c85f9e38028f36a83be48dcf023b4390432641c55dfda1af37012f033de88f3e }, + }, + { + { 3cd1efe88d4c70083137e0338e1ac5dfe3cd6012a55d9da5868c25a69908d622 }, + { 94a27005b9158b2f494508677042f29484fdbb61e15a1cde0740ac7f793bba75 }, + { 96d1cd70c0db39629a8a7d6c8b8afe60601240ebbc4788b35e9e77877bd00409 }, + }, + { + { b940f948662d32f4390c2dbd0c2f950631f981a0ad9776166c2af7baceaa4062 }, + { 9c91baddd41fceb4aa8d4cc73edb31cf51cc86ad63cc632c07de1dbc3f14e243 }, + { a095a25b9c7434f85ad237ca5b7c94d66a31c9e7a73bf166ac0cb48d23afbd56 }, + }, + { + { b23b9dc16cd31013b9862362b76b2a065c4fa1d791859b7c54571e7e5031aa03 }, + { eb3335f5e3b92a36403db96ed568853372555a1d52140e9e181374836da8241d }, + { 1fced4ff4876ecf41c8cac54f0ea45e07c35091d8225d2885948eb9adc61b243 }, + }, + { + { 6413956c8b3d51197bf40b002671fe9467954fd5dd108d0264099442e2d5b402 }, + { bb79bb88191e5be59d357ac17dd09ea033ea3d60e22e2cb0c26b275bcf556032 }, + { f28dd128cb55a1b408e56c184646ccea8943826c93f49cc410345dae09c8a627 }, + }, + { + { 54693dc40a272ccdb2ca666a573e4add6c03d7692459fa7999258c3d60031522 }, + { 88b10d1fcdeba68be85b5a673ad7d3375a58f515a3df2ef27ea160ff7471b62c }, + { d0e10b39f9cdee59f1e38c72442042a9f4f0947a661c898236f49038b7f41d7b }, + }, + { + { 8cf5f80718222e5fd40994d49f5c55e330a6b61f8da8aab23de052d345826968 }, + { 24a2b2b3e0f292e46011552b069e6c7c0e7b7f0de28feb159259fc5826effc61 }, + { 7a18182a855db1dbd7acdd86d3aae4f382c4f60f81e2ba44cf01af3d474ccf46 }, + }, + { + { 408149f1a76e3c2154482b39f87e1e7cbace29568cc38824bbc58c0de5aa6510 }, + { f9e5c49eed2565420333901601da5e0edccae5cbf2a7b172405feb14cd7b3829 }, + { 570d20df25452c1c4a67cabfd62d3b5c304083e1b1e7070a16e71c4fe698a169 }, + }, +}, +{ + { + { edcac5dc344401e133fb843c965ded47e7a086ed76950170e4f967d27b69b225 }, + { bc781ad9e0b26290679650c89c88c947b8705040664af59dbfa19324a9e66973 }, + { 64689813fb3f679db8c75d41d9fba53c5e3b27df3bcc4ee0d24c4eb53d682014 }, + }, + { + { d05accc16fbbee348bac4696e90c1b6a53de6ba649dab0d3c181d061413be831 }, + { 97d19d241ebd78b402c1585e00350c625cacbacc2fd302fb2da708f5eb3bb660 }, + { 4f2b069e12c7e897d80a32294f8fe4493f68186f4be1ec5b1703552db61ecf55 }, + }, + { + { 528cf57de3b5763036cc99e7ddb93ad720ee1349e31c83bd3301ba62aafb561a }, + { 583dc265101079589c8194506d089d8ba75fc512a92f40e2d491085764659a66 }, + { ecc99d5c506b3e941a377ca7bb5725305176344156ae73985c8ac5996783c413 }, + }, + { + { 80d08b5d6afbdcc442481a57ecc4ebde6553e5b883e8b2d427b8e5c87dc8bd50 }, + { b9e1b35a465d3a42613ff1c787c113fcb6b9b5ec6436f81907b637a6930cf866 }, + { 11e1df6e83376d60d9ab11f0153e3532963bb725c33ab064aed55f724464d51d }, + }, + { + { 9ac8ba0800e697c2e0c3e1ea11ea4c7d7c97e79fe18be3f3cd05a3630f453a3a }, + { 7d126233f87fa48f157ccd71c46a9fbc8b0c22494345716e2e739f211259640e }, + { 274639d8312f8f0710a594de83319d38806f99176d6ce3d17ba8a993938d8c31 }, + }, + { + { 98d31dab299e665d3b9e2d34581692fccd7359f3fd1d8555f60a9525c3419a50 }, + { 19feff2a035d74f266db247f493c9f0cef9885bae3d398bc14531d9a677c4c22 }, + { e925f9a6dc6ec0bd331f1b64f4f33e79893e839d8012ec828913a12823f0bf05 }, + }, + { + { e412c50ddda08168fefaa544c80de74f40524a8f6b8e741feaa301eecd776257 }, + { 0be0ca237013323659cfacd10acf4a54881c1ad249107496a7442afac38c0b78 }, + { 5f304f23bc8af31e08de0514bd7f579a0d2ae63414a5825ea1b771627218f45f }, + }, + { + { 4095b613e847dbe5e11026433b2a5df376127838e9261fac69cba0a08cdbd429 }, + { 9ddb89170c088e39f578e7f3252060a75d03bd064c8998fabe66a925dc036a10 }, + { d0533333af0aadd9e509d3aca59d6638f0f788c88a65573cfabe2c05518ab34a }, + }, +}, +{ + { + { 9cc0dd5fefd1cfd6ce5d57f7fd3e2be8c23416205d6bd5259b2bed04bbc64130 }, + { 93d56867252b7cda13ca224457c0c1981dce0acad50ba8f190a688c0add1cd29 }, + { 48e156d9f9f2f20f2e6b359f7597e7ad5c026c5fbb98461a7b9a041468bd4b10 }, + }, + { + { 63f17fd65f9a5da98156c74c9de62be957f220de4c02f8b7f52d07fb202a4f20 }, + { 67edf16831fdf051c23b6fd8cd1d812cdef2d204435cdc4449712a0957cce85b }, + { 79b0eb303d3b14c8302e65bd5a158975315c6d8f313c3c651f1679c217fb7025 }, + }, + { + { 5a24b80b55a92e19d150908fa8fbe6c835c9a4882dea8679688601de915f1c24 }, + { 7515b62c7f36fa3e6c02d61c766ff9f56225b5652a14c7e8cd0a0353ea65cb3d }, + { aa6cde402917d8283a73d922f02cbf8fd1015b23ddfcd716e5f0cd5fdd0e4208 }, + }, + { + { ce10f4044ec3580385066e275a5b13b62115b9ebc770965d9c88db21f354d604 }, + { 4afa6283ab20ffcd6e3e1ae2d418e1572be639fc179617e3fd6917bcef539a0d }, + { d5b5bddd16c17d5e2ddda58db6de542992a234331708b61cd71a9918264f7a4a }, + }, + { + { 4b2a37af91b2c324f24781717082da93f29e8986648584dd33eee0234231964a }, + { 955fb15f0218a7f48f1b5c6b345ff63d1211e00085f0fccd4818d3dd4c0cb511 }, + { d6ffa4084427e8a6d976159c7e178e73f2b3023db648337751cc6bce4dce4b4f }, + }, + { + { 6f0b9dc46e61e2301723ecca8f7156e4a64f6bf29b40eb48375f5961e5ce4230 }, + { 842524e25ace1fa79e8af5925672ea26f43cea1cd7091ad2e6011cb714ddfc73 }, + { 41ac9b4479707e420a31e2bc6de35a857c1a845f2176ae4cd6e19c9a0c749e38 }, + }, + { + { 28ac0e57f678bdc9e19c9127320b5be5ed919ba1ab3efc65903626d6e525c425 }, + { ceb9dc34aeb3fc64add048e3230350971b38c6627df0b34588675a4679535461 }, + { 6eded7f1a6063e3f0823068e2776f93e776c8a4e26f6148c5947481589a03965 }, + }, + { + { 194abb14d4dbc4dd8e4f42983cbcb2196971ca36d79fa84890bd19f00e32650f }, + { 73f7d2c3741fd2e94568c425415450c1339eb9f9e85c4e626c18cdc5aae4c511 }, + { c6e0fdcab1d186d481513b16e3e63f4f9a93f2fa0dafa8592a0733ecbdc7ab4c }, + }, +}, +{ + { + { 89d2783f8f788fc09f4d40a12ca730fe9dcc65cffc8b77f22120cb5a1698e47e }, + { 2e0a9c0824969e233847fe3ac0c448c72aa14f762aeddb1782851c32f0939b63 }, + { c3a11191e308d57b89749080d4902b2b19fd72aec2aed2e7a602b6853c49df0e }, + }, + { + { 13417684d2c4676735f8f5f73f4090a0debee6cafacf8f1c69a3dfd1540cc004 }, + { 685a9b595881ccae0ee2adeb0f4f57ea077fb622741de44fb44f9d01e3923b40 }, + { f85c468b812fc24df8ef80145af3a07157d6c704adbfe8aef47661b22ab15b35 }, + }, + { + { 18738c5ac7da01a311aaceb39d0390ed2d3fae3bbf7c076f8ead52e0f8ea1875 }, + { f4bb9374cc641ea7c3b0a3ecd984bde585e705fa0cc56b0a12c32e1832819b0f }, + { 326c7f1bc45988a4983238f4bc602d0fd9d1b1c929a91518c45517bb1b87c347 }, + }, + { + { b06650c8505de6fbb099a2b3b0c4ec62e0e81a44ea5437e55f8dd4e82ca0fe08 }, + { 484fec71975344516e5d8cc97db105f86bc6c3471ac162f7dc994676859bb800 }, + { d0eade6876dd4d82235d684b204564c865d6895dcdcf14b537d5754fa7293847 }, + }, + { + { c90239ad3a53d9238f5803efceddc264b42fe1cf9073251590d3e4444d8b666c }, + { 18c4794675dad282f08d61b2d8d73be60aeb47ac24ef5e35b4c633484c687820 }, + { 0c82787a21cf483b973e2781b20a6af77bed8e8ca7656ca93f438a4f05a61174 }, + }, + { + { b475b1183de59a5702a192f359317168f535ef1ebaec55848f398c4572a8c91e }, + { 6dc89db9329d654d15f13a6075dc4c0488e4c2dc2c714cb3ff3481fb7465137c }, + { 9b50a200d4a4e6b8b482c80b02d7819b617595f19bcce7576064cdc7a588dd3a }, + }, + { + { 46303959d498c285ec59f65f98357e8f3a6ef6f22aa22c1d20a706a43111ba61 }, + { f2dc35b6705789abbc1f6cf66cefdf0287d1b6be68025385749e87ccfc299924 }, + { 29909516f1a0d0a389bd7eba6c6b3b02073378263e5af17be7ecd8bb0c312056 }, + }, + { + { d685e277f4b5466693618f6c67ffe840dd94b5ab1173eca64dec8c65f346c87e }, + { 43d6344943938952f52212a506f8dbb9221cf4c38f876d8f30979d4d2a6a6737 }, + { c72ea21d3f8f5e9b13cd016c771d0f13b89f98a2cf8f4c21d59d9b3923f7aa6d }, + }, +}, +{ + { + { a28eadacbf043b5884e88b14e843b729dbc510083b581e2baabbb38ee549542b }, + { 47be3deb62753a5fb8a0bd8e5438eaf79972744531e5c30051d52716e7e90413 }, + { fe9cdc6ad21498780bdd488b3fab1b3c0ac679f9ffe10fda93d62d7c2dde6844 }, + }, + { + { ce0763f8c6d89a4b280c5d43313511212c777a65c566a8d4527324637e42a65d }, + { 9e4619945e35bb5154c7dd234cdce63362997f44d6b6a59363bd44fb6f7cce6c }, + { ca22acde88c6941af81faebbf76e06b90f58598d388cad88a82c9fe7bf9af258 }, + }, + { + { f6cd0e71bf645a4b3c292c4638e54cb1b93a0bd556d0433670485b182437f96a }, + { 683ee78dabcf0ee9a5767e379f6f0354825901be0b5b49f0361ef4a7c4297657 }, + { 88a8c609450220327389554b1336e0d29f28333c2336e2838fc1ae0cbb251f70 }, + }, + { + { 13c1be7cd9f6189de4dbbf74e6064a84d6604eac22b5f520515e9550c05b0a72 }, + { ed6c61e4f8b0a8c37da8259e0e6600f79ca5bcf41f06e361e90bc4bdbf920c2e }, + { 355a809b43093f0cfcab4262378b4ee84693225cf3171469ecf04e14bb9c9b0e }, + }, + { + { eebeb15dd59bee8db93f720a37abc3c991d7681cbff1a844de3cfd1c19446d36 }, + { ad2057fb8fd4bafb0e0df9db6b9181eebf435563523181d4d87b333feb041122 }, + { 148cbcf243173c9e3b6c85b5fc26da2e97fba7680e2fb8cc443259bce6a46741 }, + }, + { + { ee8fcef86526bec22cd680e814ff67e9ee4e362f7e6e2ef1f6d27ecb7033b334 }, + { 0027f676289d3b64eb68760e409d1d5d8406fc2103434b1b6a2455227ebb3879 }, + { ccd68186ee91c5cd53a785ed9c1002ce83888058c18574ede465fe2d6efc7611 }, + }, + { + { b80e774989e290dba340f4ac2accfb989b87d7defe4f3521b60669f2543e6a1f }, + { 9b619c5bd06cafb48084a5b2f4c9df2dc44de9eb02a54f3d345f7d674c3afc08 }, + { ea3407d399c1a460d65c1631b685c040958259f7233e33e2d100b91601ad2f4f }, + }, + { + { 38b63bb71dd92c96089c12fcaa7705e68916b6f3399b616f81ee44295f995134 }, + { 544eae9441b2be446cef5718511c545f98048d362d6b1ea6abf72e97a4845444 }, + { 7c7dea9fd0fc5291f65c93b0946c814a405c2847aa9a8e25b7932804a69cb810 }, + }, +}, +{ + { + { 6ef0455abe413975655f9c6dedae7cd0b651ff729c6b7711a94d0defd9d1d217 }, + { 9c2818974947593d263f5324c5f8eb1215efc314cbbf62028e51b777d578b820 }, + { 6a3e3f0718aff227691052d719e53ffd2200a63c2cb7e322a7c665cc634f2172 }, + }, + { + { c9293bf4b9b79d1d758f514f4a8205d6c49d2f31bd72c0f2b045155a85ac241f }, + { 93a60753407fe3b49567332fd714a7ab99107673a7d0fbd6c9cb7181c548df5f }, + { aa05958e3208d624ee20140cd1c14847a225fb065ce4ffc7e695e32a9e73ba00 }, + }, + { + { 26bb88eaf52644aefb3b9784d9790636504e69260c039f5c26d218d5e77d2972 }, + { d690875cde982e59dfa2c245d3b7bfe52299b4f9603b5a11f378ad673e3a2803 }, + { 39b90cbec71d24488030638b4d9bf132089328020dc9dfd3451927466829e105 }, + }, + { + { 50452c24c8bbbfadd98130d0ec0cc8bc92dfc8f5a66635844cce5882d325cf78 }, + { 5a499c2db3ee82ba7cb92bf1fcc8efcee0d1b593aeab2db09b8d69139c0cc039 }, + { 689d48318e6bae1587f02b9cab1c85aa05fa4ef0975aa7c932f83f6b07526b00 }, + }, + { + { 2d08ceb9167ecbf529bc7a414cf10734aba7f42bce6bb3d4ce759f1a56e9e27d }, + { 1c78959de1cfe029e210639618df81b6396b5170d339df572261c73b44e3574d }, + { cb5ea5b6f4d470de99db855d7f520148819aeed340c4c9dbed29601aaf902a6b }, + }, + { + { 0ad8b25b24f3eb779b07b92f471b30d83373ee4cf2e647c609216c27c8125846 }, + { 971ee69afcf42369d15f3fe01d2835572dd1ede643ae64a74a3e2dd1e9f4d85f }, + { d962102ab2be434d16dc313875fb6570d76829de7b4a0d189067b11c2b2cb305 }, + }, + { + { 9581d57a2ca4fcf7ccf333436e2814329d970b340d9dc2b6e1077356481a7731 }, + { fda84dd2cc5ec0c883efdf05ac1acfa161cdf97df2efbedb991e477ba356553b }, + { 82d44de124c5b032b6a42b1a5451b3edf35a2b284860d1a3eb36737ad279c04f }, + }, + { + { 0dc5860c448b34dc51e694ccc9cb3713b93c3e644df7226408cde3bac2701124 }, + { 7f2fbf89b038c951a7e9df0265bd972453e480789cc0ffff928ef9cace674512 }, + { b473c40a86abf93f35e41301ee1d91f0afc4c6eb6050e74a0d00876c9612863f }, + }, +}, +{ + { + { 138d0436fafc189cdd9d8973b39d1529aad0929f0b359fdcd4198a87ee7ef526 }, + { de0d2a78c90c9a55858371eab2cd1d558c23ef315b86627f3d61737976a74a50 }, + { b1ef8756d52cab0c7bf17a2462d1805167245a4f345ac1856930ba9d3d944140 }, + }, + { + { ddaa6ca24377214bceb78a6424b4a647e3c9fb037a4f1dcb19d000984231d912 }, + { 96cceb43baeec0c3af9cea269c9c748dc6cc771cee95fad90f348476d9a12014 }, + { 4f5937d39977c6007ba43ab240513c5e95f35fe35428184412a0594331924f1b }, + }, + { + { b16698a43030cf3359485f21d2731f25f6f4de5140aa82abf6239a6fd591f15f }, + { 510915899d105c3e6a69e92d91face3920305f973fe4ea20ae2d137f2a579b23 }, + { 68902dac33d49e812385c95f79ab83283deb9355807245efcb368f756a520c02 }, + }, + { + { 89cc42f059ef31e9b64b128e9d9c582c9759c7ae8ae1c8ad0cc502560afe2c45 }, + { bcdbd89ef83498776ca47cdcf9aaf2c874b0e1a3dc4c52a97738311546ccaa02 }, + { df777864a0f7a0869f7c600e2764c4bbc911fbf125ea17ab7b874b307b7dfb4c }, + }, + { + { 12ef8997c29986e20d1957df71cd6e2bd070c9ec57c843c3c53a4d43bc4c1d5b }, + { fe759bb86c3db47280dc6a9cd994c6549f4ce33e37aac3b8645307392b62b414 }, + { 269f0acc1526fbb6e5cc8db82b0e4f3a05a769338b490113d12d595812f7982f }, + }, + { + { 01a7544f44ae122eded7cba9f03efefce05d83750d89bfce544561e7e962801d }, + { 569e0fb54ca7940c20138e8ea9f41f5b670f308221cc2a9af9aa06d849e26a3a }, + { 5a7c90a985da7a65620fb991b5a80e1ae9b434dffb1d0e8df35ff2aee88c8b29 }, + }, + { + { de65210aea727a83f679cf0bb407ab3f70ae3877c7361652dcd7a7031827a66b }, + { b20cf7ef5379922a767015792ac9894b6acfa7307a45189485e45c4d40a8b834 }, + { 35336983b5ec6ec2fdfeb563df13a8d57325b2a49aaa93a26a1c5e46dd2bd671 }, + }, + { + { f55ef7b1dab52dcdf565b016cf957fd785f0493fea1f57143d2b2b262136331c }, + { 80df78d328cc3365b4a40f0a7943dbf65ada01f7f95f64e3a42b17f317f3d574 }, + { 81cad96754e56fa8378c292b757c8b393b62ace392086dda8cd9e94745cceb4a }, + }, +}, +{ + { + { 10b654739e8d400b6e5ba85b53326b8007a2584a033ae6db2cdfa1c9ddd93b17 }, + { c9016d271b07f012708cc486c5bab8e7a9fbd6719b12085392b73d5af9fb885d }, + { df7258fe1e0f502bc11839d42e58d658e03a67c98e27ede619a39eb113cde106 }, + }, + { + { 53035b9e62af2b4747048d27900baa3b27bf4396465f780c137b838d1a6a3a7f }, + { 236f166f51add040be6aab1f93328e118e084da0145ee33f6662e12635608030 }, + { 0b803d5d3944e6f7f6ed01c955d5a89539632c593078cd687e30512eedfdd030 }, + }, + { + { 5047b8681e97b49ccfbb6466297295a02b41fa7226e78d5cd989c55143081546 }, + { b33312f21a4d59e09c4dccf08ee7db1b779a498f7f1865696898092c2014920a }, + { 2ea0b9aec01990bcae4c03160d11c755ec32996501f56d0efe5dca95280dca3b }, + }, + { + { bf01cc9eb68e689c6f8944a6ad83bcf0e29f7a5f5f952dca4182f28d03b4a84e }, + { a4625d3cbc31f040607af0cf3e8bfc1945b50f13a23d1898cd138faeddde3156 }, + { 02d2caf10a46ed2a83ee8ca4055330465f1af1494577219163a42c543009ce24 }, + }, + { + { 850bf3fd55a1cf3fa42e37368e16f7d244f89264de64e0b280424f32a7289954 }, + { 06c106fdf590e81ff210885d3568c4b53eaf8c6efe0878824bd7068ac2e3d441 }, + { 2e1aee63a7326ef2eafd5fd2b7e491ae694d7fd13bd33bbc6affdcc0de661b49 }, + }, + { + { a164dad08e4af0754b28e267af2c22eda47b7b1f79a33482678b01b7b0b8f64c }, + { a732eac73db1f59898db167eccf8d5e347d9f8cb52bf0aacace45ec8d038f308 }, + { bd731a9921a883c37a0c32df01bc27ab637077841b333dc1998a07eb824a0d53 }, + }, + { + { 9ebf9a6c4573696d80a80049fcb27f2550b8cfc812f4ac2b5bbdbf0ce0e7b30d }, + { 2548f9e130364c005a53ab8c26782d7e8bff84cc232348c7b97017103f75ea65 }, + { 636309e23efc663d6bcbb5617f2cd6811a3b44134204be0fdba1e12119eca402 }, + }, + { + { 5f79cff16261c8f5f257ee2619868c117835061c85242117cf7f06ec5d2bd136 }, + { a2b8243b9a25e65cb8a0af45cc7a57b83770a08be8e6cbccbf097812513c143d }, + { 5745157991276d120a3a78fc5c8fe4d5ac9b17dfe8b6bd365928a85b8817f52e }, + }, +}, +{ + { + { 512f5b30fbbfee96b8969588ad38f9d325ddd546c72df5f095003abb90829657 }, + { dcae588c4e973746a441f0abfb22efb98a7180e956d985e1a6a843b1fa781b2f }, + { 01e1200a43b81af747ecf0248d6593f3d1eee26ea80975cfe1a32adc353ec47d }, + }, + { + { 18973e275c2a785a94fd4e5e99c676353e7d231f05d82e0f990ad5821db84f04 }, + { c3d97d88656696855553b04b319b0fc9b17920eff88de0c62fc18c751620f77e }, + { d9e307a9c518dfc159634cce1d37b35749bb01b2344570ca2edd309c3f82797f }, + }, + { + { ba87f568f01f9c6adec850004e892708e75bed7d5599bf3cf0d6061c43b0a964 }, + { e813b5a339d23483d8a81fb9d47036c133bd90f53641b512b4d984d773034e0a }, + { 19297d5ba1d6b32e35823ad5a0f6b4b0475da48943ce56716c3418ce0a7d1a07 }, + }, + { + { 3144e12052350ccc4151b1090795650d365f9d201b62f59ad3557761f7bc697c }, + { 0bba87c8aa2d07d3ee62a5bf052926018b76efc0023054cf9c7eea4671cc3b2c }, + { 5f29e804ebd7f0077df3502f2518db10d7981717a3a951e91da5ac22739a5a6f }, + }, + { + { be44d9a3ebd429e79eaf788040099e8d039c86477a562545243b8dee8096ab02 }, + { c5c6412f0c00a18b9bfbfe0cc1799fc49f1cc53c7047fa4ecaaf47e1a2214e49 }, + { 9a0de5dd858aa4ef49a2b90f4e229a21d9f61ed91d1f09fa34bb46eacb765d6b }, + }, + { + { 2225781e1741f9e0d336690374aee6f146c7fcd0a23e8b403e31dd039c86fb16 }, + { 94d90cec6c555788ba1dd05c6fdc726477b4428f146901af54732785f633e30a }, + { 6209b63397198e2833e1abd8b472fc243ed09109edf7114875d0708f8be3813f }, + }, + { + { 24c8175f357fdb0aa49942d7c323b974f7eaf8cb8b3e7cd53ddcde4cd3e2d30a }, + { feafd97ecc0f917f4b876524a1b85c5404470c4bd27e39a89309f504c10f5150 }, + { 9d246e33c50f0c6fd9cf31c319de5e741cfeee0900fdd6f2be1efaf08b157c12 }, + }, + { + { 74b951aec48fa2de96fe4d74d373991da84838870b68406295df67d17924d84e }, + { a279982e427c19f64736ca52d4dd4aa4cbac4e4bc13f419b684fef077df84e35 }, + { 75d9c56022b5e3feb8b041ebfc2e35503c65f6a930ac08886d233905d2922d30 }, + }, +}, +{ + { + { 77f1e0e4b66fbc2d936abda429bfe104e8f67a78d466195e60d026b45e5fdc0e }, + { 3d28a4bca2c11378d93d86a191f062ed86fa68c2b8bcc7ae4cae1c6fb7d3e510 }, + { 678eda53d6bf535441f6a924ec1edce9238a57033b2687bf72ba1c36516cb445 }, + }, + { + { e4e37f8add4d9dce300e6276566413ab58990eb37b4f594bdf291232ef0a1c5c }, + { a17f4f31bf2a40a950f48c8edcf157e284bea8234bd5bb1d3b71cb6da3bf7721 }, + { 8fdb79fabc1b0837b3595fc21e8148608724839c65767a08bbb58a7d3819e64a }, + }, + { + { 83fb5b98447e1161363196712a46e0fc4b9025d44834ac83643da45bbe5a6875 }, + { 2ea34453aaf6db8d78401bb4b4ea887d600d134a97ebb05e033ebf171bd9001a }, + { b2f261eb3309966e5249ffc9a80f3d546965f67a107572dfaae6b023b6295513 }, + }, + { + { fe832ee2bc16c7f5c18509e819eb2bb4ae4a251437a69dec13a6901505ea7259 }, + { 18d5d1add7dbf018111fc1cf88789f979b751471f0e13287013aca651ab8b579 }, + { 11788fdc20acd40fa84f4dac94d29a9a340436b3642d1bc0db3b5f90959c7e4f }, + }, + { + { fe9952353d44c871d7eaebdb1c3bcd8b6694a4f19e499280c8ad44a1c4ee4219 }, + { 2e308157bc4b67620fdcad89390f52d8c6d9fb53ae99298c4c8e632ed93a9931 }, + { 924923ae1953ac7d923eea0c913d1b2c22113c2594e43c5575caf94e31650a2a }, + }, + { + { 3a791c3ccd1a36cf3bbc355aacbc9e2faba6cda8e960e860131aea6d9bc35d05 }, + { c227f9f77f93b72d35a6d017061f74db76af5511a2f38259ed2d7c6418e2f64c }, + { b65b8dc27c2219b1abff4d77bc4ee207892ca3e4ce783ca8b624aa1077301a12 }, + }, + { + { c98374c73e7159d6af962bb877e0bf88d3bc971023289e289b3aed6c4ab97b52 }, + { 974a039f5e5ddbe42dbc343009fc53e1b1d35195914605462de5407a6cc73f33 }, + { 2e485b992a993d560138386e7cd00534e5d8642fde355048f7a9a7209b06896b }, + }, + { + { 77dbc7b58cfa824055c134c7f88686067ea5e7f6d9c8e629cf9b63a708d37304 }, + { 0d22706241a02a814e5b24f9fa895a9905ef7250cec4adff73eb73aa0321bc23 }, + { 059e58032679eeca92c4dc4612424b2b4fa901e674efa1021a3404debf732f10 }, + }, +}, +{ + { + { 9a1c51b5e0dab4a206ffff2b2960c87a344250f55d371f982da14eda25d76b3f }, + { c645577fabb918eb90c68757ee8a3a02a9aff72dda1227b73d015cea257d5936 }, + { ac5860107b8d4d735f90c66f9e5740d92d930292f9f86664d0d660da19cc7e7b }, + }, + { + { 9bfa7ca7514aae6d5086a3e754362682db822d8fcdffbb09bacaf51b66dcbe03 }, + { 0d695c693c37c2786e904206662e25ddd22be14a44441d955639740176ad3542 }, + { f57589070dcb586298f2899154422949e46ee3e223b4caa0a166f0cdb0e27c0e }, + }, + { + { f9704bd9dffea6fe2dbafcc151c030f189ab2f7f7ed48248b5eeec8a13565261 }, + { a3858cc43a6494c4ad39613cf41d36fd484de93add17db094a67b48f5d0a6e66 }, + { 0dcb70484ef6bb2a6b8b45aaf0bc65cd5d98e875ba4ebe9ae4de14d510c80b7f }, + }, + { + { a0137273ad9dac83982ef72ebaf8f69f5769ec43dd2e1e3175abc5de7d903a1d }, + { 6f13f426a46b00b93530e0579e36678d283c464fd9dfc8cbf5dbeef8bc8d1f0d }, + { dc81d03e319316ba80341b85ad9f3229cb2103033c012801e3fd1ba3441b0100 }, + }, + { + { 5ca70a6a691f56166abd52585c72bfc1ad66799a7fdda811261085d2a288d963 }, + { 0c6cc63f6ca0df3fd20dd64d8ee3405d714d8e26388be37ae157836e918dc43a }, + { 2e23bdaf5307120083f6d8fdb8ce2be9912be784b36916f866a068232bd5fa33 }, + }, + { + { e8cf22c4d0c82c8dcb3aa1057b4f2b076fa5f6ece6b6fea3e2710ab9cc55c33c }, + { 161ee4c5c649065435773f333064f80a46e705f3d2fcacb2a7dc56a229f4c016 }, + { 31913e904394b6e9ce37567acb94a4b84492babaa4d17cc86875ae6b42af1e63 }, + }, + { + { e80d70a3b975d9475205f8e2fbc58072e15de432278f6553b5805f667f2c1f43 }, + { 9ffe66da1004e9b3a6e5166c524bdd8583bff91e61973dbcb519a91e8b649955 }, + { 197b8f85446302d64a51eaa12f35ab14d7a990201a440089263b25915f71047b }, + }, + { + { c6bae6c480c276b30b9b1d6dddd30e9744f90b4558959ab023e2cd57faacd048 }, + { 43aef6ac28bded83b47a5c7d8b7c3586442cebb7694740c03f58f6c2f57bb359 }, + { 71e6ab7de4260fb6373a2f6297a1d1f1940396e97ece0842db3b6d3391412316 }, + }, +}, +{ + { + { 4086f31fd69c49dda0253606c39bcd29c33dd73d02d8e25131923b207a70254a }, + { f67f26f6de99e4b943082c747bca7277b1f2a4e93f15a0230650d0d5ecdfdf2c }, + { 6aedf6538a66b72aa170d11d584242306101e23a4c140040fc498e246d892157 }, + }, + { + { 4edad0a191505d28083efeb5a76faa4bb39393e17c17e563fd30b0c4af35c903 }, + { ae1b18fd17556e0bb463b92b9f62229025460632e9bc0955da133cf674dd8e57 }, + { 3d0c2b49c6767299fc05e2dfc4c2cc473c3a62dd849bd2dca2c7880259abc23e }, + }, + { + { cbd132ae093a21a7d5c2f540df872b0f29ab1ee8c6a4ae0b5eacdb6a6cf61b0e }, + { b97bd8e47bd2a0a1ed1a3961eb4d8ba9839bcb73d0dda099ceca0f205ac2d52d }, + { 7e882c79e9d5abe25d6d92cb1800021a1e5faebacd69babf5f8fe85ab3480573 }, + }, + { + { 34e3d6a14b095b80193f350977f13ebf2b702206cb063f42dd4578d877225a58 }, + { eeb8a8cba35135c4165f11b21d6fa26550388cab524f0f76cab81d413b444330 }, + { 6289d433825f8aa17f2578ecb5c49866ff413e37a56f8ea71f98ef5089275676 }, + }, + { + { 9dcf86eaa37370e1dc5f1507b7fb8c3a8e8a8331fce7534816f613b684f4bb28 }, + { c0c81fd559cfc338f2b60605fdd2ed9b8f0e57ab9f10bf26a646b8c1a860413f }, + { 7c6c136f5c2f61f2be11ddf607d1eaaf336fde13d29a7e525df7888135cb791e }, + }, + { + { 8181e0f5d853e977d9de9d29440ca584e52545860c2d6cdcf4f2d1392db58a47 }, + { f1e3f7eec3363401f8109efe7f6a8b82fcdef9bce508f97f31383b3a1b95d765 }, + { 59d15292d3a4a66607c81a87bce1dde56fc9c1a6406b2cb81422211a417ad816 }, + }, + { + { 83054ed5e2d5a4fbfa99bd2ed7af1fe28f77e96e73c27a49de6d5a7a570b991f }, + { 156206425a7ebdb3c1245a0ccde39b87b794f9d6b15dc057a68cf365817cf828 }, + { d6f7e81bad4e34a38f79eaaceb501e7d52e00d529e56c6773e6d4d53e12f8845 }, + }, + { + { e46f3c942999acd8a29283a361f1f9b5f39ac8be13db992674f005e43c84cf7d }, + { d68379755d346966a611aa1711edb6628f125e985718dd7dddf626f6b8e58f68 }, + { c032474a48d6906c993256cafd4321d5e1c65d91c328beb31b1927737e683967 }, + }, +}, +{ + { + { c01a0cc89dcc6da636a4381bf45ca097c6d7db95bef3eba7ab7d7e8df6b8a07d }, + { a6755638142078efe8a9fdaa309f64a2cba8df5c50ebd14cb3c04d1dba5a1146 }, + { 76dab5c353190fd49b9e1121736fac1d6059b2fe2160cc034b4b67837e885f5a }, + }, + { + { b943a6a0d328969e6420c3e600cbc3b532ec2d7c8902539b0cc7d1d5e27ae343 }, + { 113da170cf01638fc4d00d3515b8cecf7ea4bca4d49702f734144de456b66936 }, + { 33e1a6ed063f7e38c03aa199511d306711382636f8d85abdbee9d54fcde6216a }, + }, + { + { e3b29966122941ef01138d704708d371bdb08211d0325432368b1e00071b3745 }, + { 5fe646300a17c6f12435d2002a2a715855b7828c3cbddb6957ff95a1f1f96b58 }, + { 0b79f85e8d08dba6e5370961dcf07852b86ea161d24903ac7921e59037b0af0e }, + }, + { + { 1dae750f5e80405130cc6226e3fb02ec6d3992ea1edfeb2cb35b43c54433ae44 }, + { 2f044837c155059611aa0b82e6419a210c6d487338f7811c61c6025a67cc9a30 }, + { ee43a5bbb989f29c4271c95a9d0e76f3aa60934fc6e5821d8f67947f1b22d562 }, + }, + { + { 3c7af73a26d485754d14e9fe117baedf3d19f759807006a537209283539af214 }, + { 6d93d0189c294c520c1a0c8a6cb56bc831864adb2e0575a3624575bce4fd0e5c }, + { f5d7b225dc7e71df4030b599db70f921624cedc3b73492da3e09ee7b5c36725e }, + }, + { + { 3eb3082f0639937dbe329fdfe559965bfdbd9e1fad3dffacb74973cb5505b270 }, + { 7f21714507fc5b575bd994065d677937331e19f4bb370a9abceab4474c10f177 }, + { 4c2c1155c51351becd1f889a3a428866473b505e857766444a40064a8f39340e }, + }, + { + { 28194b3e090b931840f6f3730ee1e37d6f5d3973da1732f43e9c37cad6de8a6f }, + { e8bdce3ed9227db6072f822741e8b3098d6d5bb01fa63f747223368a3605545e }, + { 9ab2b7fd3d1240e391b21aa2e1977b489e94e6fd027d96f997ded3c82ee70d78 }, + }, + { + { 7227f400f3ea1f67aa418c2a2aeb728f92323797d77fa129a687b532adc6ef1d }, + { bce79a084585e20a064d7f1ccfde8d38b811480a5115ac38e48c9271f68bb20e }, + { a79551ef1abe5bafed157b9177128c142edae57afbf791296728ddf81b207d46 }, + }, +}, +{ + { + { a9e77a56bdf41ebcbd9844d6b24c623fc84e1f2cd26410e4014038baa5c5f92e }, + { ad4fef749a91fe95a208a3f6ec7b823a017ba409d3014e9697c7a35b4f3cc471 }, + { cd749efaf66dfdb67a26afe4bc7882f10e99eff1d0b3558293f2c590a38c755a }, + }, + { + { 94dc611d8b91e08c6630819a4636ed8dd3aae8af29a8e6d43fd439f62780730a }, + { 952446d91027b7a203507dd5d2c6a83aca87b4a0bf00d4e3ec72ebb344e2ba2d }, + { cce1ff572f4a0f98439883e10d0d6700fd15fb494a3f5c109ca6265163ca9826 }, + }, + { + { 0ed93d5e2f703d2e8653d2e418093f9e6aa94d02f63e775e3233fa4a0c4b003c }, + { 78bab032883165e78bff5c92f7311838cc1f29a0911ba80807ebca49cc3db41f }, + { 2bb8f406ac46a99af3c406a8a584a21c8747cdc65f26d33e17d21fcd01fd436b }, + }, + { + { f30e763e5842c7b590b90aeeb952dc753f922b07c22714bff0d9f06f2d0b4273 }, + { 44c597464b5da7c7bfff0fdf48f8fd155a7846aaebb9682814f7525b10d7685a }, + { 061e859ecbf62cafc43822c61339598f73f3fb9996b88ada9ebc34ea2f63b53d }, + }, + { + { d5259882b190492e91899a3e87ebeaedf84a704c393df0ee0e2bdf95a47e1959 }, + { d8d95df72bee6ef4a5596739f6b1170d73729e4931d1f21b135fd749df1a3204 }, + { ae5ae5e41960e104e9922f7e7a437be7a49a156fc12dcec7c00cd7f4c1fdea45 }, + }, + { + { edb1cccf24460eb695035cbd92c2db59c98104dc1d9da03140d9565deace733f }, + { 2bd745808501846951062fcfa2fa224cc62d226b65361a94deda6203c8eb5e5a }, + { c68d4e0ad1bfa7b739b3c9447e0057befaae57157f20c160db18622691880526 }, + }, + { + { 42e576c63c8e814cadccce03932c425e089f12b4cacc07ecb84344b210faed0d }, + { 04ff6083a604f759f4e66176de3fd9c351358712732a1b83575d614e2e0cad54 }, + { 2a522bb8d5673beeebc1a59f4663f136d39fc16ef2d2b4a508947aa7bab2ec62 }, + }, + { + { 7428b6af36280792a504e179855ecd5f4aa130c6ad01ad5a983f6675503d9161 }, + { 3d2b15615279ede5d1d7dd0e7d356249714c6bb9d0c88274bed866a919f9592e }, + { da31321a362dc60d70022094325847face94953f5101d8025c5dc031a1c2db3d }, + }, +}, +{ + { + { 14bb9627a257aaf321da079bb7ba3a881c39a03118e24be5f90532d838fbe75e }, + { 4bc55ecef90fdc9a0d132f8c6b2a9c031595f8f0c70780026bb304ac14839678 }, + { 8e6a4441cbfd8d53f9374943a9fdaca5788c3c268d90af46090dca9b3c63d061 }, + }, + { + { df73fcf8bc28a3adfc37f0a65d6984ee09a9c238dbb47f63dc7b06f82dac235b }, + { 6625dbff35497463bb680b78896bbdc503ec3e5580321b6ff5d7ae47d85f966e }, + { 7b5280ee53b9d29a8d6ddefaaa198fe8cf820e150417710edcde95ddb9bbb979 }, + }, + { + { 74739f8eae7d99d11608bbcff8a232a00a5f446d12ba6ccd34b8cc0a4611a81b }, + { c226316a4055b3eb93c3c868a88363d2827ab9e529640c6c4721fdc958f16550 }, + { 5499420cfb69817067cf6ed7ac0046e1ba45e6708ab9aa2ef2faa4589ef38139 }, + }, + { + { de6fe66da5df45c83a48402c00a552e132f6b4c763e1d2e9651bbcdc2e45f430 }, + { 930a2359758afb185df4e660698f161db53ca91445a9853afdd0ac053708dc38 }, + { 409775c582276d85ccbe9cf9694513fa714eeac073fc448869243f591a9a2d63 }, + }, + { + { a7840ced11fd09bf3a699f0d8171f0637987cf572d8c9021a24bf68af27d5a3a }, + { a6cb07b8156bbbf6d7f054bcdfc723180b67296e03971dbb574aed4788f4240b }, + { c7ea1b51bed4dadcf2cc26ed758053a4659a5f009fff9ce1631f487544f7fc34 }, + }, + { + { 98aacf78ab1dbba5f2720b1967a2ed5c8e60920a11c90993b074b32f04a31901 }, + { ca6797784ce097c17d46d938cb4d71b8a85ff9838288de55f763fa4d16dc3b3d }, + { 7d17c2e89cd8a267c1d09568f6a59d66b0a282b2e59865f5730ae2edf188c056 }, + }, + { + { 028ff324ac5f1b58bd0ce3bafee90ba9f092cf8a0269219a8f035983a47e8b03 }, + { 176ea810113d6d33fab2750b3288f3d788290725763315f9878b10996b4c6709 }, + { f86f319921f84e9f4f8da7ea82d2492f7431ef5aaba5710965eb695902315e6e }, + }, + { + { 226206630efb04333fbaac87890635fba361108c772419bd208683d143ad5830 }, + { fb93e587f5626cb1713e5dcadeed99496d3ecc14e0c191b4a8dba8894711f508 }, + { d06376e5fd0f3c3210a62ea238dfc3059a4f99acbd8ac7bd99dce3efa49f5426 }, + }, +}, +{ + { + { 6e663faf498546dba50e4af104cf7fd7470cbaa4f73ff23d853cce32e1df103a }, + { d6f96b1e465a1d7481a57777fcb30523d9d37464a27455d4ffe00164dce12619 }, + { a0ce17ea8a4e7fe0fdc11f3a4615d52ff1c0f231fd225317155d1e861dd0a11f }, + }, + { + { ab94dfd100acdc38e90d08d1dd2b712e62e2d5fd3ee9137fe5019aee18edfc73 }, + { 3298597d945580cc2055f137da56461e2093054e74f7f69933cf756abc633577 }, + { b39c136308e9b106cd3ea0c567da93a4328963adc8ce778d444f861b706b421f }, + }, + { + { 5225a191c8357ef1769c5e5753816bb73e729b0d6f4083fa38e4a73f1bbb760b }, + { 011c91414c26c9ef252ca217b8b7a3f147140ff36bda755890b0311d27f51a4e }, + { 9b93927ff9c1b8086eab44d4cb7167be1780bb996364e52255a972b71ed66d7b }, + }, + { + { c7d201abf9ab3057183b1440dc76fb1681b2cba065be6c86fe6aff9b659bfa53 }, + { 923df350e8c1adb7cfd58c604ffa9879db5bfc8dbd2d96ad4f2f1dafce9b3e70 }, + { 55548894e9c8146ce5d4ae65665d3a84f15ad6bc3eb71b18501fc6c4e5938d39 }, + }, + { + { f2e3e7d2607c87c3b18b8230a0aa343b38f19e73e7263e287705c302909c9c69 }, + { f348e23367d14b1c5f0abf1587129ebd76030ba1f08c3fd4131b19df5d9bb053 }, + { ccf1465923a706f37dd9e5ccb518179275e9b48147d2cd2807d9cd6f0cf3ca51 }, + }, + { + { c754ac189af97a730fb31cc5dc783390c70ce14c33bc892b9ae9f889c129ae12 }, + { 0ae0747642a70ba6f37b7aa170850e63cc2433cf3d565837aafd832329aa0455 }, + { cf010d1fcbc09ea9aef7343accefd10d224e9cd02175ca55eaa5eb58e94fd15f }, + }, + { + { 8ecb93bf5efe423c5f56d43651a8dfbee82042889e85f0e028d12507963fd77d }, + { 2cab4528df2ddcb593e97f0ab191940646e30240d6f3aa4dd17464586ef23f09 }, + { 29980568fe240db1e523afdb7206737529ac57b43a256713a470b486bcbc592f }, + }, + { + { 01c391b660d541701ee7d7ad3f1b20858555331163e1c216b12808013d5ea52a }, + { 5f131799427d8483d7037d561f911badd1aa77bed948777e4aaf512e2eb45854 }, + { 4f44070ce69251ed101d42742d4ec54264c8b5fd824c2b356486768a4a00e913 }, + }, +}, +{ + { + { 7f873b19c9002ebb6b50dce090a8e3ec9f64de36c0b7f3ec1a9ede980804465f }, + { dbce2f8345889d7363f86baec9d638faf7fe4fb7ca0dbc325ee4bc14887e9373 }, + { 8df47b29167103b93468f0d4223bd1a9c6bd9646571597e135e8d591e8a4f82c }, + }, + { + { a26bd0177e48b52c6b1950391c38d224308a9785819c65d7f6a4d691287f6f7a }, + { 670f110787fd936d49b5387cd3094cdd866a73c24c6ab17c092a25586ebd4920 }, + { 49ef9a6a8dfd097d0bb93d5bbe60eef0d4bf9e512cb5214c1d9445c5dfaa1160 }, + }, + { + { 90f8cb02c8d0de63aa6aff0dca98d0fb99edb6b9fd0a4d621e0b3479b718ce69 }, + { 3cf895cf6d92675f7190287161857e7c5b7a8f99f3e7a1d6e0f9620b1bccc56f }, + { cb7998b22855efd192907ed43cae1add52239f1842047e12f10171e53a6b5915 }, + }, + { + { ca24517e1631ff09df45c7d98b15e40be556f57e227d2b2938d1b6af41e2a43a }, + { a279913fd2392746cfddd697311283ff8a14f253b5de0713da4d5f7b6837220d }, + { f505332abf38c12cc326e9a28f3f5848ebd24955a2b13a086ca387466eaafc32 }, + }, + { + { dfcc872773a40732f8e313f20819e3174e960df6d7ecb2d5e90b60c236636f74 }, + { f59a7dc58d6ec57bf2bdf09dedd20b3ea3e4ef22de14c0aa5c6abdfecee92746 }, + { 1c976cab45f34a3f1f73439972eb88e26d1844038a6a59339362d67e0017497b }, + }, + { + { dda253dd281b34543ffc42df5b9017aaf4f8d24dd992f50f7dd38ce00f62031d }, + { 64b084ab5cfb852d14bcf389d21078490cce157b44dc6a477bfd44f876a32b12 }, + { 54e5b4a2cd3202c27f185d1142fdd09ed979d47dbeb4ab2e4cec682bf50bc702 }, + }, + { + { e1728d45bf32e5acb53cb77ce068e75be7bd8bee947dcf56033ab4fee397066b }, + { bb2f0b5d4bec87a2ca82480790575c415c81d0c11ea644e0e0f59e400a4f3326 }, + { c0a362df4af0c8b65da46d07ef00f03ea9d2f04958b99c9cae2f1b44437fc31c }, + }, + { + { b9aecec9f15666d76a65e518f8155b1c34234c843228e7263868192f776f343a }, + { 4f32c75c5a568f5022a906e5c0c461d019ac455cdbab18fb4a318003c109686c }, + { c86adae21251d5d2ed51e8b13103bde96272c68edd460796d0c5f76e9f1b9105 }, + }, +}, +{ + { + { efea2e51f3ac495349cbc11cd341c1208d689aa9070c1824172d4bc6d1f95e55 }, + { bb0edff5839933c1ac4c2c518f75f3c0e198b30b0a13f12c620c27aaf9ec3c6b }, + { 08bd733bba70a7360cbfafa308ef4a62f24609b498ff37579d748133e14d5f67 }, + }, + { + { 1db3da3bd9f62fa1fe2d659d0fd825078794be9af34f9c01433ccd82b850f460 }, + { fc82176b03522c0eb483ad6c816c81643e076469d9bddcd020c56401f79dd913 }, + { cac0e521c35e4b01a2bf19d7c969cb4fa0230075181c5f4e80aced559ede061c }, + }, + { + { aa696dff402bd5ffbb4940dc180b533497984da32f5c4a5e2dba327d8e6f0978 }, + { e2c43ea3d67a0f998ee02ebe38f9086615452863c543a19c0db62dec1f8af34c }, + { e75cfa0d65aaaaa08c47b5482a9ec4f95b7203707dcc094fbe1a09263aad3c37 }, + }, + { + { adbbdd89fba8bef1cbaeae61bc2ccb3b9d8d9b1fbba7588f86a61251da7e5421 }, + { 7cf5c9824d6394b236459324e1fdcb1f5adb8c41b34d9c9efc194445d9f34000 }, + { d38659fd39e9fdde0c380a51892c27f4b91931bb07a42bb7f44d254a330a5563 }, + }, + { + { 497b54724558ba9be008c4e2fac605f38df134c769fae8607a767daaaf2ba939 }, + { 37cf69b5edd60765e12ea50cb02984175dd66beb90007cea518ff7dac762ea3e }, + { 4e2793e613c7249d75d3db687785635f9ab38aeb60555270cdc4c965066a4368 }, + }, + { + { 7c1020e817d3561e65e90a84446826c57afc0f32c6a1e0c1721461919c667353 }, + { 273f2f20e83502bcb075f964e2005cc716248ca3d5e9a491f989b78af6e7b617 }, + { 57520e9aab14285dfcb3cac984208f90ca1e2d5b88f5caaf117df878a6b5b41c }, + }, + { + { e707a0a262aa746bb1c771f0b0e011f323e20b0038e40757ac6eef822dfdc02d }, + { 6cfc4a396bc064b6b15fda9824de880c34d8ca4b16038d4fa23474de78ca0b33 }, + { 4e74191184ff2e982447072b965e69f9fb53c9bf4fc18ac5f51c9f361bbe313c }, + }, + { + { 7242cbf993bc68c198dbcec71f71b8ae7a8dac34aa520e7fbb557d7e09c1ce41 }, + { ee8a94084d86f4b06f1cba91ee19dc0758a1aca6aecd7579bbd4624213610b33 }, + { 8a806da2d71996f76d159e1d9ed41fbb27dfa1db6cc3d7737d77281fd94cb426 }, + }, +}, +{ + { + { 8303736293f2b7e12c8acaebff79524b1413d4bf8a77fcda0f61729c1410eb7d }, + { 7574388f4748f0513ccbbe9cf4bc5db255209fd94412ab9ad6a5101c6c9e702c }, + { 7aee66876aaf62cb0ecd535504eccb66b5e40b0f38018058eae22cf69f8ee608 }, + }, + { + { f9f2b80ad5092d2fdf2359c58d21b9acb96c767326348f4af519f738d73bb14c }, + { ad30c14b0a50ad349cd40b3d49db388dbe890a50983d5ca2093bbaee873f1f2f }, + { 4ab615e5758c84f738904adbba0195a5501b753f3f310dc2e82eaec053e3a119 }, + }, + { + { bdbd96d5cd7221b440fcee984345e093b50941b44753b19f34ae660299d36b73 }, + { c305faba60751c7d615ee5c6a0a0e1b37364d6c0189752e386340cc2116b5441 }, + { b4b33493502d5385736581604b11fd4675835c42305f5fcc5cab7fb8a2952241 }, + }, + { + { c6ea93e26152652edbac332103925a846b990079cb75094680dd5a198dbb6007 }, + { e9d67ef5889bc91925c8f86d26cb935373d20ab31332ee5c342e2db5eb53e114 }, + { 8a81e6cd171a3e4184a069eda96d1557b1ccca468f26bf2cf2c53ac39bbe346b }, + }, + { + { d3f271656569fc117a730e5345e8c9c63550fed4a2e73ae30bd36d2eb6c7b901 }, + { b2c0783a642fdff37c022ef21e973e4ca3b5c1495e1c7dec2ddd22098fc11220 }, + { 299dc85ae5550b8863a7a0451f2483141f6ce7c2dfef363de8ad4b4e785baf08 }, + }, + { + { 4b2ccc89d21473e28d1787a211bde44bce6433fad628d5186e82d9afd5c12364 }, + { 33251f88dc993428b6239377da25059df4413467fbdd7a898d163a16719db732 }, + { 6ab3fcedd9f885ccf9e546378fc2bc22cdd3e5f938e39de4cc2d3ec1fb5e0a48 }, + }, + { + { 1f22ce42e44c61b62839054ccc9d196e03be1cdca4b43f66068e1c69471db324 }, + { 712062010be7510bc5af1d8bcf05b506cdab5aef61b06b2c31bfb70c6027aa47 }, + { c3f815c0ed1e542a7c3f697c7efea411d678a24e1366aff094a0dd145d585b54 }, + }, + { + { e121b3e3d0e40462951eff287a63aa3b9ebd995bfdcf0c0b71d0c8643edc224d }, + { 0f3ad4a05e27bf67beee9b08348ee6ad2ee779d44c1389425454ba32c3f9620f }, + { 395f3bd68965b4fc61cfcb573f6aae5c05fa3a95d2c2bafe361437361aa00f1c }, + }, +}, +{ + { + { 506a938c0e2b0869b6c5dac135a0c9f934b6dfc4543eb76f40c12b1d9b410540 }, + { ff3d9422b604c6d2a0b3cf44cebe8cbc78868097f34f255dbfa61c3b4f61a30f }, + { f082beb9bdfe03a090ac443aafc189208efa5419919f49f842ab40ef8a21ba1f }, + }, + { + { 94017b3e04573e4f7fafda08ee3e1da8f1dedc99abc639c8d56177ff135d536c }, + { 3ef5c8fa489454ab4137a67b9ae8f681015e2b6c7d6cfd74426ec8a8ca3a2e39 }, + { af358a3ee934bd4c16e887584481072eabb09af2769c31193bc10ad5e47fe125 }, + }, + { + { a721f176f57f5f91e387cd2f27324ac326e51b4dde2fbacc9b8969898f82ba6b }, + { 76f6041ed79b280a950f42d6521c8e20ab1f6934b0d8865151b39f2a44515725 }, + { 0139fe9066bcd1e2d57a99a0184ab54cd46084af14691d97e47b6b7f4f509d55 }, + }, + { + { fd66d2f6e791489c1b7807039ba144073be261601d8f38880ed54b35a3a63e12 }, + { d554ebb3788373a77c3c55a566d3691dba0028f962cf260a17327e80d512ab01 }, + { 962de34190188d11485831d8c2e3edb9d94532d87142ab1e54a118c9e261394a }, + }, + { + { 1e3f23f344d6270316f0fc340e269a4979b9daf216a7b5831f11d49badeeac68 }, + { a0bbe6f8e03bdc710ae3ff7e34f8ced66a473ae15f4292a963b71dfbe3bcd62c }, + { 10c2d7f30ec9b4380c04adb7246e8e30233ee7b7f1d9603897f508b5d5605759 }, + }, + { + { 902702fdebcb2a88605711c40533af89f473347de392f4652b5a5154dfc5b22c }, + { 9763aa04e1bf2961cbfca7a40800968f5894907d89c08b3fa991b2dc3ea49f70 }, + { ca2afd638c5d0aebff4e692e66c12bd23ab0cbf86ef323271f13c8f0ec29f070 }, + }, + { + { b9b0105eaaaf6a2aa91a04ef70a3f0781fd63aaa77fb3e77e1d94ba7a2a5ec44 }, + { 333eed2eb3071346e78155a4332f04ae66035f19d34944c95848316c8a5d7d0b }, + { 43d5957b3248d4251d0f34a30083d3702bc5e1601c531cdee4e97d2c51242227 }, + }, + { + { fc75a9428abb7bbf58a3ad9677395c8c48aaedcd6fc77fe2a620bcf6d75f7319 }, + { 2e34c549af92bc1ad0fae6b211d8eeff294ec8fc8d8ca2ef43c54ca418dfb511 }, + { 6642c842d090abe37e54197f0f8e84ebb997a465d0a103255f89df911191ef0f }, + }, +}, diff --git a/files-eddsa/src/test/resources/org/xbib/io/sshd/eddsa/test.data b/files-eddsa/src/test/resources/org/xbib/io/sshd/eddsa/test.data new file mode 100644 index 0000000..bbab0e6 --- /dev/null +++ b/files-eddsa/src/test/resources/org/xbib/io/sshd/eddsa/test.data @@ -0,0 +1,1024 @@ +9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a:d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a::e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b: +4ccd089b28ff96da9db6c346ec114e0f5b8a319f35aba624da8cf6ed4fb8a6fb3d4017c3e843895a92b70aa74d1b7ebc9c982ccf2ec4968cc0cd55f12af4660c:3d4017c3e843895a92b70aa74d1b7ebc9c982ccf2ec4968cc0cd55f12af4660c:72:92a009a9f0d4cab8720e820b5f642540a2b27b5416503f8fb3762223ebdb69da085ac1e43e15996e458f3613d0f11d8c387b2eaeb4302aeeb00d291612bb0c0072: +c5aa8df43f9f837bedb7442f31dcb7b166d38535076f094b85ce3a2e0b4458f7fc51cd8e6218a1a38da47ed00230f0580816ed13ba3303ac5deb911548908025:fc51cd8e6218a1a38da47ed00230f0580816ed13ba3303ac5deb911548908025:af82:6291d657deec24024827e69c3abe01a30ce548a284743a445e3680d7db5ac3ac18ff9b538d16f290ae67f760984dc6594a7c15e9716ed28dc027beceea1ec40aaf82: +0d4a05b07352a5436e180356da0ae6efa0345ff7fb1572575772e8005ed978e9e61a185bcef2613a6c7cb79763ce945d3b245d76114dd440bcf5f2dc1aa57057:e61a185bcef2613a6c7cb79763ce945d3b245d76114dd440bcf5f2dc1aa57057:cbc77b:d9868d52c2bebce5f3fa5a79891970f309cb6591e3e1702a70276fa97c24b3a8e58606c38c9758529da50ee31b8219cba45271c689afa60b0ea26c99db19b00ccbc77b: +6df9340c138cc188b5fe4464ebaa3f7fc206a2d55c3434707e74c9fc04e20ebbc0dac102c4533186e25dc43128472353eaabdb878b152aeb8e001f92d90233a7:c0dac102c4533186e25dc43128472353eaabdb878b152aeb8e001f92d90233a7:5f4c8989:124f6fc6b0d100842769e71bd530664d888df8507df6c56dedfdb509aeb93416e26b918d38aa06305df3095697c18b2aa832eaa52edc0ae49fbae5a85e150c075f4c8989: +b780381a65edf8b78f6945e8dbec7941ac049fd4c61040cf0c324357975a293ce253af0766804b869bb1595be9765b534886bbaab8305bf50dbc7f899bfb5f01:e253af0766804b869bb1595be9765b534886bbaab8305bf50dbc7f899bfb5f01:18b6bec097:b2fc46ad47af464478c199e1f8be169f1be6327c7f9a0a6689371ca94caf04064a01b22aff1520abd58951341603faed768cf78ce97ae7b038abfe456aa17c0918b6bec097: +78ae9effe6f245e924a7be63041146ebc670dbd3060cba67fbc6216febc44546fbcfbfa40505d7f2be444a33d185cc54e16d615260e1640b2b5087b83ee3643d:fbcfbfa40505d7f2be444a33d185cc54e16d615260e1640b2b5087b83ee3643d:89010d855972:6ed629fc1d9ce9e1468755ff636d5a3f40a5d9c91afd93b79d241830f7e5fa29854b8f20cc6eecbb248dbd8d16d14e99752194e4904d09c74d639518839d230089010d855972: +691865bfc82a1e4b574eecde4c7519093faf0cf867380234e3664645c61c5f7998a5e3a36e67aaba89888bf093de1ad963e774013b3902bfab356d8b90178a63:98a5e3a36e67aaba89888bf093de1ad963e774013b3902bfab356d8b90178a63:b4a8f381e70e7a:6e0af2fe55ae377a6b7a7278edfb419bd321e06d0df5e27037db8812e7e3529810fa5552f6c0020985ca17a0e02e036d7b222a24f99b77b75fdd16cb05568107b4a8f381e70e7a: +3b26516fb3dc88eb181b9ed73f0bcd52bcd6b4c788e4bcaf46057fd078bee073f81fb54a825fced95eb033afcd64314075abfb0abd20a970892503436f34b863:f81fb54a825fced95eb033afcd64314075abfb0abd20a970892503436f34b863:4284abc51bb67235:d6addec5afb0528ac17bb178d3e7f2887f9adbb1ad16e110545ef3bc57f9de2314a5c8388f723b8907be0f3ac90c6259bbe885ecc17645df3db7d488f805fa084284abc51bb67235: +edc6f5fbdd1cee4d101c063530a30490b221be68c036f5b07d0f953b745df192c1a49c66e617f9ef5ec66bc4c6564ca33de2a5fb5e1464062e6d6c6219155efd:c1a49c66e617f9ef5ec66bc4c6564ca33de2a5fb5e1464062e6d6c6219155efd:672bf8965d04bc5146:2c76a04af2391c147082e33faacdbe56642a1e134bd388620b852b901a6bc16ff6c9cc9404c41dea12ed281da067a1513866f9d964f8bdd24953856c50042901672bf8965d04bc5146: +4e7d21fb3b1897571a445833be0f9fd41cd62be3aa04040f8934e1fcbdcacd4531b2524b8348f7ab1dfafa675cc538e9a84e3fe5819e27c12ad8bbc1a36e4dff:31b2524b8348f7ab1dfafa675cc538e9a84e3fe5819e27c12ad8bbc1a36e4dff:33d7a786aded8c1bf691:28e4598c415ae9de01f03f9f3fab4e919e8bf537dd2b0cdf6e79b9e6559c9409d9151a4c40f083193937627c369488259e99da5a9f0a87497fa6696a5dd6ce0833d7a786aded8c1bf691: +a980f892db13c99a3e8971e965b2ff3d41eafd54093bc9f34d1fd22d84115bb644b57ee30cdb55829d0a5d4f046baef078f1e97a7f21b62d75f8e96ea139c35f:44b57ee30cdb55829d0a5d4f046baef078f1e97a7f21b62d75f8e96ea139c35f:3486f68848a65a0eb5507d:77d389e599630d934076329583cd4105a649a9292abc44cd28c40000c8e2f5ac7660a81c85b72af8452d7d25c070861dae91601c7803d656531650dd4e5c41003486f68848a65a0eb5507d: +5b5a619f8ce1c66d7ce26e5a2ae7b0c04febcd346d286c929e19d0d5973bfef96fe83693d011d111131c4f3fbaaa40a9d3d76b30012ff73bb0e39ec27ab18257:6fe83693d011d111131c4f3fbaaa40a9d3d76b30012ff73bb0e39ec27ab18257:5a8d9d0a22357e6655f9c785:0f9ad9793033a2fa06614b277d37381e6d94f65ac2a5a94558d09ed6ce922258c1a567952e863ac94297aec3c0d0c8ddf71084e504860bb6ba27449b55adc40e5a8d9d0a22357e6655f9c785: +940c89fe40a81dafbdb2416d14ae469119869744410c3303bfaa0241dac57800a2eb8c0501e30bae0cf842d2bde8dec7386f6b7fc3981b8c57c9792bb94cf2dd:a2eb8c0501e30bae0cf842d2bde8dec7386f6b7fc3981b8c57c9792bb94cf2dd:b87d3813e03f58cf19fd0b6395:d8bb64aad8c9955a115a793addd24f7f2b077648714f49c4694ec995b330d09d640df310f447fd7b6cb5c14f9fe9f490bcf8cfadbfd2169c8ac20d3b8af49a0cb87d3813e03f58cf19fd0b6395: +9acad959d216212d789a119252ebfe0c96512a23c73bd9f3b202292d6916a738cf3af898467a5b7a52d33d53bc037e2642a8da996903fc252217e9c033e2f291:cf3af898467a5b7a52d33d53bc037e2642a8da996903fc252217e9c033e2f291:55c7fa434f5ed8cdec2b7aeac173:6ee3fe81e23c60eb2312b2006b3b25e6838e02106623f844c44edb8dafd66ab0671087fd195df5b8f58a1d6e52af42908053d55c7321010092748795ef94cf0655c7fa434f5ed8cdec2b7aeac173: +d5aeee41eeb0e9d1bf8337f939587ebe296161e6bf5209f591ec939e1440c300fd2a565723163e29f53c9de3d5e8fbe36a7ab66e1439ec4eae9c0a604af291a5:fd2a565723163e29f53c9de3d5e8fbe36a7ab66e1439ec4eae9c0a604af291a5:0a688e79be24f866286d4646b5d81c:f68d04847e5b249737899c014d31c805c5007a62c0a10d50bb1538c5f35503951fbc1e08682f2cc0c92efe8f4985dec61dcbd54d4b94a22547d24451271c8b000a688e79be24f866286d4646b5d81c: +0a47d10452ae2febec518a1c7c362890c3fc1a49d34b03b6467d35c904a8362d34e5a8508c4743746962c066e4badea2201b8ab484de5c4f94476ccd2143955b:34e5a8508c4743746962c066e4badea2201b8ab484de5c4f94476ccd2143955b:c942fa7ac6b23ab7ff612fdc8e68ef39:2a3d27dc40d0a8127949a3b7f908b3688f63b7f14f651aacd715940bdbe27a0809aac142f47ab0e1e44fa490ba87ce5392f33a891539caf1ef4c367cae54500cc942fa7ac6b23ab7ff612fdc8e68ef39: +f8148f7506b775ef46fdc8e8c756516812d47d6cfbfa318c27c9a22641e56f170445e456dacc7d5b0bbed23c8200cdb74bdcb03e4c7b73f0a2b9b46eac5d4372:0445e456dacc7d5b0bbed23c8200cdb74bdcb03e4c7b73f0a2b9b46eac5d4372:7368724a5b0efb57d28d97622dbde725af:3653ccb21219202b8436fb41a32ba2618c4a133431e6e63463ceb3b6106c4d56e1d2ba165ba76eaad3dc39bffb130f1de3d8e6427db5b71938db4e272bc3e20b7368724a5b0efb57d28d97622dbde725af: +77f88691c4eff23ebb7364947092951a5ff3f10785b417e918823a552dab7c7574d29127f199d86a8676aec33b4ce3f225ccb191f52c191ccd1e8cca65213a6b:74d29127f199d86a8676aec33b4ce3f225ccb191f52c191ccd1e8cca65213a6b:bd8e05033f3a8bcdcbf4beceb70901c82e31:fbe929d743a03c17910575492f3092ee2a2bf14a60a3fcacec74a58c7334510fc262db582791322d6c8c41f1700adb80027ecabc14270b703444ae3ee7623e0abd8e05033f3a8bcdcbf4beceb70901c82e31: +ab6f7aee6a0837b334ba5eb1b2ad7fcecfab7e323cab187fe2e0a95d80eff1325b96dca497875bf9664c5e75facf3f9bc54bae913d66ca15ee85f1491ca24d2c:5b96dca497875bf9664c5e75facf3f9bc54bae913d66ca15ee85f1491ca24d2c:8171456f8b907189b1d779e26bc5afbb08c67a:73bca64e9dd0db88138eedfafcea8f5436cfb74bfb0e7733cf349baa0c49775c56d5934e1d38e36f39b7c5beb0a836510c45126f8ec4b6810519905b0ca07c098171456f8b907189b1d779e26bc5afbb08c67a: +8d135de7c8411bbdbd1b31e5dc678f2ac7109e792b60f38cd24936e8a898c32d1ca281938529896535a7714e3584085b86ef9fec723f42819fc8dd5d8c00817f:1ca281938529896535a7714e3584085b86ef9fec723f42819fc8dd5d8c00817f:8ba6a4c9a15a244a9c26bb2a59b1026f21348b49:a1adc2bc6a2d980662677e7fdff6424de7dba50f5795ca90fdf3e96e256f3285cac71d3360482e993d0294ba4ec7440c61affdf35fe83e6e04263937db93f1058ba6a4c9a15a244a9c26bb2a59b1026f21348b49: +0e765d720e705f9366c1ab8c3fa84c9a44370c06969f803296884b2846a652a47fae45dd0a05971026d410bc497af5be7d0827a82a145c203f625dfcb8b03ba8:7fae45dd0a05971026d410bc497af5be7d0827a82a145c203f625dfcb8b03ba8:1d566a6232bbaab3e6d8804bb518a498ed0f904986:bb61cf84de61862207c6a455258bc4db4e15eea0317ff88718b882a06b5cf6ec6fd20c5a269e5d5c805bafbcc579e2590af414c7c227273c102a10070cdfe80f1d566a6232bbaab3e6d8804bb518a498ed0f904986: +db36e326d676c2d19cc8fe0c14b709202ecfc761d27089eb6ea4b1bb021ecfa748359b850d23f0715d94bb8bb75e7e14322eaf14f06f28a805403fbda002fc85:48359b850d23f0715d94bb8bb75e7e14322eaf14f06f28a805403fbda002fc85:1b0afb0ac4ba9ab7b7172cddc9eb42bba1a64bce47d4:b6dcd09989dfbac54322a3ce87876e1d62134da998c79d24b50bd7a6a797d86a0e14dc9d7491d6c14a673c652cfbec9f962a38c945da3b2f0879d0b68a9213001b0afb0ac4ba9ab7b7172cddc9eb42bba1a64bce47d4: +c89955e0f7741d905df0730b3dc2b0ce1a13134e44fef3d40d60c020ef19df77fdb30673402faf1c8033714f3517e47cc0f91fe70cf3836d6c23636e3fd2287c:fdb30673402faf1c8033714f3517e47cc0f91fe70cf3836d6c23636e3fd2287c:507c94c8820d2a5793cbf3442b3d71936f35fe3afef316:7ef66e5e86f2360848e0014e94880ae2920ad8a3185a46b35d1e07dea8fa8ae4f6b843ba174d99fa7986654a0891c12a794455669375bf92af4cc2770b579e0c507c94c8820d2a5793cbf3442b3d71936f35fe3afef316: +4e62627fc221142478aee7f00781f817f662e3b75db29bb14ab47cf8e84104d6b1d39801892027d58a8c64335163195893bfc1b61dbeca3260497e1f30371107:b1d39801892027d58a8c64335163195893bfc1b61dbeca3260497e1f30371107:d3d615a8472d9962bb70c5b5466a3d983a4811046e2a0ef5:836afa764d9c48aa4770a4388b654e97b3c16f082967febca27f2fc47ddfd9244b03cfc729698acf5109704346b60b230f255430089ddc56912399d1122de70ad3d615a8472d9962bb70c5b5466a3d983a4811046e2a0ef5: +6b83d7da8908c3e7205b39864b56e5f3e17196a3fc9c2f5805aad0f5554c142dd0c846f97fe28585c0ee159015d64c56311c886eddcc185d296dbb165d2625d6:d0c846f97fe28585c0ee159015d64c56311c886eddcc185d296dbb165d2625d6:6ada80b6fa84f7034920789e8536b82d5e4678059aed27f71c:16e462a29a6dd498685a3718b3eed00cc1598601ee47820486032d6b9acc9bf89f57684e08d8c0f05589cda2882a05dc4c63f9d0431d6552710812433003bc086ada80b6fa84f7034920789e8536b82d5e4678059aed27f71c: +19a91fe23a4e9e33ecc474878f57c64cf154b394203487a7035e1ad9cd697b0d2bf32ba142ba4622d8f3e29ecd85eea07b9c47be9d64412c9b510b27dd218b23:2bf32ba142ba4622d8f3e29ecd85eea07b9c47be9d64412c9b510b27dd218b23:82cb53c4d5a013bae5070759ec06c3c6955ab7a4050958ec328c:881f5b8c5a030df0f75b6634b070dd27bd1ee3c08738ae349338b3ee6469bbf9760b13578a237d5182535ede121283027a90b5f865d63a6537dca07b44049a0f82cb53c4d5a013bae5070759ec06c3c6955ab7a4050958ec328c: +1d5b8cb6215c18141666baeefcf5d69dad5bea9a3493dddaa357a4397a13d4de94d23d977c33e49e5e4992c68f25ec99a27c41ce6b91f2bfa0cd8292fe962835:94d23d977c33e49e5e4992c68f25ec99a27c41ce6b91f2bfa0cd8292fe962835:a9a8cbb0ad585124e522abbfb40533bdd6f49347b55b18e8558cb0:3acd39bec8c3cd2b44299722b5850a0400c1443590fd4861d59aae7496acb3df73fc3fdf7969ae5f50ba47dddc435246e5fd376f6b891cd4c2caf5d614b6170ca9a8cbb0ad585124e522abbfb40533bdd6f49347b55b18e8558cb0: +6a91b3227c472299089bdce9356e726a40efd840f11002708b7ee55b64105ac29d084aa8b97a6b9bafa496dbc6f76f3306a116c9d917e681520a0f914369427e:9d084aa8b97a6b9bafa496dbc6f76f3306a116c9d917e681520a0f914369427e:5cb6f9aa59b80eca14f6a68fb40cf07b794e75171fba96262c1c6adc:f5875423781b66216cb5e8998de5d9ffc29d1d67107054ace3374503a9c3ef811577f269de81296744bd706f1ac478caf09b54cdf871b3f802bd57f9a6cb91015cb6f9aa59b80eca14f6a68fb40cf07b794e75171fba96262c1c6adc: +93eaa854d791f05372ce72b94fc6503b2ff8ae6819e6a21afe825e27ada9e4fb16cee8a3f2631834c88b670897ff0b08ce90cc147b4593b3f1f403727f7e7ad5:16cee8a3f2631834c88b670897ff0b08ce90cc147b4593b3f1f403727f7e7ad5:32fe27994124202153b5c70d3813fdee9c2aa6e7dc743d4d535f1840a5:d834197c1a3080614e0a5fa0aaaa808824f21c38d692e6ffbd200f7dfb3c8f44402a7382180b98ad0afc8eec1a02acecf3cb7fde627b9f18111f260ab1db9a0732fe27994124202153b5c70d3813fdee9c2aa6e7dc743d4d535f1840a5: +941cac69fb7b1815c57bb987c4d6c2ad2c35d5f9a3182a79d4ba13eab253a8ad23be323c562dfd71ce65f5bba56a74a3a6dfc36b573d2f94f635c7f9b4fd5a5b:23be323c562dfd71ce65f5bba56a74a3a6dfc36b573d2f94f635c7f9b4fd5a5b:bb3172795710fe00054d3b5dfef8a11623582da68bf8e46d72d27cece2aa:0f8fad1e6bde771b4f5420eac75c378bae6db5ac6650cd2bc210c1823b432b48e016b10595458ffab92f7a8989b293ceb8dfed6c243a2038fc06652aaaf16f02bb3172795710fe00054d3b5dfef8a11623582da68bf8e46d72d27cece2aa: +1acdbb793b0384934627470d795c3d1dd4d79cea59ef983f295b9b59179cbb283f60c7541afa76c019cf5aa82dcdb088ed9e4ed9780514aefb379dabc844f31a:3f60c7541afa76c019cf5aa82dcdb088ed9e4ed9780514aefb379dabc844f31a:7cf34f75c3dac9a804d0fcd09eba9b29c9484e8a018fa9e073042df88e3c56:be71ef4806cb041d885effd9e6b0fbb73d65d7cdec47a89c8a994892f4e55a568c4cc78d61f901e80dbb628b86a23ccd594e712b57fa94c2d67ec266348785077cf34f75c3dac9a804d0fcd09eba9b29c9484e8a018fa9e073042df88e3c56: +8ed7a797b9cea8a8370d419136bcdf683b759d2e3c6947f17e13e2485aa9d420b49f3a78b1c6a7fca8f3466f33bc0e929f01fba04306c2a7465f46c3759316d9:b49f3a78b1c6a7fca8f3466f33bc0e929f01fba04306c2a7465f46c3759316d9:a750c232933dc14b1184d86d8b4ce72e16d69744ba69818b6ac33b1d823bb2c3:04266c033b91c1322ceb3446c901ffcf3cc40c4034e887c9597ca1893ba7330becbbd8b48142ef35c012c6ba51a66df9308cb6268ad6b1e4b03e70102495790ba750c232933dc14b1184d86d8b4ce72e16d69744ba69818b6ac33b1d823bb2c3: +f2ab396fe8906e3e5633e99cabcd5b09df0859b516230b1e0450b580b65f616c8ea074245159a116aa7122a25ec16b891d625a68f33660423908f6bdc44f8c1b:8ea074245159a116aa7122a25ec16b891d625a68f33660423908f6bdc44f8c1b:5a44e34b746c5fd1898d552ab354d28fb4713856d7697dd63eb9bd6b99c280e187:a06a23d982d81ab883aae230adbc368a6a9977f003cebb00d4c2e4018490191a84d3a282fdbfb2fc88046e62de43e15fb575336b3c8b77d19ce6a009ce51f50c5a44e34b746c5fd1898d552ab354d28fb4713856d7697dd63eb9bd6b99c280e187: +550a41c013f79bab8f06e43ad1836d51312736a9713806fafe6645219eaa1f9daf6b7145474dc9954b9af93a9cdb34449d5b7c651c824d24e230b90033ce59c0:af6b7145474dc9954b9af93a9cdb34449d5b7c651c824d24e230b90033ce59c0:8bc4185e50e57d5f87f47515fe2b1837d585f0aae9e1ca383b3ec908884bb900ff27:16dc1e2b9fa909eefdc277ba16ebe207b8da5e91143cde78c5047a89f681c33c4e4e3428d5c928095903a811ec002d52a39ed7f8b3fe1927200c6dd0b9ab3e048bc4185e50e57d5f87f47515fe2b1837d585f0aae9e1ca383b3ec908884bb900ff27: +19ac3e272438c72ddf7b881964867cb3b31ff4c793bb7ea154613c1db068cb7ef85b80e050a1b9620db138bfc9e100327e25c257c59217b601f1f6ac9a413d3f:f85b80e050a1b9620db138bfc9e100327e25c257c59217b601f1f6ac9a413d3f:95872d5f789f95484e30cbb0e114028953b16f5c6a8d9f65c003a83543beaa46b38645:ea855d781cbea4682e350173cb89e8619ccfddb97cdce16f9a2f6f6892f46dbe68e04b12b8d88689a7a31670cdff409af98a93b49a34537b6aa009d2eb8b470195872d5f789f95484e30cbb0e114028953b16f5c6a8d9f65c003a83543beaa46b38645: +ca267de96c93c238fafb1279812059ab93ac03059657fd994f8fa5a09239c821017370c879090a81c7f272c2fc80e3aac2bc603fcb379afc98691160ab745b26:017370c879090a81c7f272c2fc80e3aac2bc603fcb379afc98691160ab745b26:e05f71e4e49a72ec550c44a3b85aca8f20ff26c3ee94a80f1b431c7d154ec9603ee02531:ac957f82335aa7141e96b59d63e3ccee95c3a2c47d026540c2af42dc9533d5fd81827d1679ad187aeaf37834915e75b147a9286806c8017516ba43dd051a5e0ce05f71e4e49a72ec550c44a3b85aca8f20ff26c3ee94a80f1b431c7d154ec9603ee02531: +3dff5e899475e7e91dd261322fab09980c52970de1da6e2e201660cc4fce7032f30162bac98447c4042fac05da448034629be2c6a58d30dfd578ba9fb5e3930b:f30162bac98447c4042fac05da448034629be2c6a58d30dfd578ba9fb5e3930b:938f0e77621bf3ea52c7c4911c5157c2d8a2a858093ef16aa9b107e69d98037ba139a3c382:5efe7a92ff9623089b3e3b78f352115366e26ba3fb1a416209bc029e9cadccd9f4affa333555a8f3a35a9d0f7c34b292cae77ec96fa3adfcaadee2d9ced8f805938f0e77621bf3ea52c7c4911c5157c2d8a2a858093ef16aa9b107e69d98037ba139a3c382: +9a6b847864e70cfe8ba6ab22fa0ca308c0cc8bec7141fbcaa3b81f5d1e1cfcfc34ad0fbdb2566507a81c2b1f8aa8f53dccaa64cc87ada91b903e900d07eee930:34ad0fbdb2566507a81c2b1f8aa8f53dccaa64cc87ada91b903e900d07eee930:838367471183c71f7e717724f89d401c3ad9863fd9cc7aa3cf33d3c529860cb581f3093d87da:2ab255169c489c54c732232e37c87349d486b1eba20509dbabe7fed329ef08fd75ba1cd145e67b2ea26cb5cc51cab343eeb085fe1fd7b0ec4c6afcd9b979f905838367471183c71f7e717724f89d401c3ad9863fd9cc7aa3cf33d3c529860cb581f3093d87da: +575be07afca5d063c238cd9b8028772cc49cda34471432a2e166e096e2219efc94e5eb4d5024f49d7ebf79817c8de11497dc2b55622a51ae123ffc749dbb16e0:94e5eb4d5024f49d7ebf79817c8de11497dc2b55622a51ae123ffc749dbb16e0:33e5918b66d33d55fe717ca34383eae78f0af82889caf6696e1ac9d95d1ffb32cba755f9e3503e:58271d44236f3b98c58fd7ae0d2f49ef2b6e3affdb225aa3ba555f0e11cc53c23ad19baf24346590d05d7d5390582082cf94d39cad6530ab93d13efb3927950633e5918b66d33d55fe717ca34383eae78f0af82889caf6696e1ac9d95d1ffb32cba755f9e3503e: +15ffb45514d43444d61fcb105e30e135fd268523dda20b82758b1794231104411772c5abc2d23fd2f9d1c3257be7bc3c1cd79cee40844b749b3a7743d2f964b8:1772c5abc2d23fd2f9d1c3257be7bc3c1cd79cee40844b749b3a7743d2f964b8:da9c5559d0ea51d255b6bd9d7638b876472f942b330fc0e2b30aea68d77368fce4948272991d257e:6828cd7624e793b8a4ceb96d3c2a975bf773e5ff6645f353614058621e58835289e7f31f42dfe6af6d736f2644511e320c0fa698582a79778d18730ed3e8cb08da9c5559d0ea51d255b6bd9d7638b876472f942b330fc0e2b30aea68d77368fce4948272991d257e: +fe0568642943b2e1afbfd1f10fe8df87a4236bea40dce742072cb21886eec1fa299ebd1f13177dbdb66a912bbf712038fdf73b06c3ac020c7b19126755d47f61:299ebd1f13177dbdb66a912bbf712038fdf73b06c3ac020c7b19126755d47f61:c59d0862ec1c9746abcc3cf83c9eeba2c7082a036a8cb57ce487e763492796d47e6e063a0c1feccc2d:d59e6dfcc6d7e3e2c58dec81e985d245e681acf6594a23c59214f7bed8015d813c7682b60b3583440311e72a8665ba2c96dec23ce826e160127e18132b030404c59d0862ec1c9746abcc3cf83c9eeba2c7082a036a8cb57ce487e763492796d47e6e063a0c1feccc2d: +5ecb16c2df27c8cf58e436a9d3affbd58e9538a92659a0f97c4c4f994635a8cada768b20c437dd3aa5f84bb6a077ffa34ab68501c5352b5cc3fdce7fe6c2398d:da768b20c437dd3aa5f84bb6a077ffa34ab68501c5352b5cc3fdce7fe6c2398d:56f1329d9a6be25a6159c72f12688dc8314e85dd9e7e4dc05bbecb7729e023c86f8e0937353f27c7ede9:1c723a20c6772426a670e4d5c4a97c6ebe9147f71bb0a415631e44406e290322e4ca977d348fe7856a8edc235d0fe95f7ed91aefddf28a77e2c7dbfd8f552f0a56f1329d9a6be25a6159c72f12688dc8314e85dd9e7e4dc05bbecb7729e023c86f8e0937353f27c7ede9: +d599d637b3c30a82a9984e2f758497d144de6f06b9fba04dd40fd949039d7c846791d8ce50a44689fc178727c5c3a1c959fbeed74ef7d8e7bd3c1ab4da31c51f:6791d8ce50a44689fc178727c5c3a1c959fbeed74ef7d8e7bd3c1ab4da31c51f:a7c04e8ba75d0a03d8b166ad7a1d77e1b91c7aaf7befdd99311fc3c54a684ddd971d5b3211c3eeaff1e54e:ebf10d9ac7c96108140e7def6fe9533d727646ff5b3af273c1df95762a66f32b65a09634d013f54b5dd6011f91bc336ca8b355ce33f8cfbec2535a4c427f8205a7c04e8ba75d0a03d8b166ad7a1d77e1b91c7aaf7befdd99311fc3c54a684ddd971d5b3211c3eeaff1e54e: +30ab8232fa7018f0ce6c39bd8f782fe2e159758bb0f2f4386c7f28cfd2c85898ecfb6a2bd42f31b61250ba5de7e46b4719afdfbc660db71a7bd1df7b0a3abe37:ecfb6a2bd42f31b61250ba5de7e46b4719afdfbc660db71a7bd1df7b0a3abe37:63b80b7956acbecf0c35e9ab06b914b0c7014fe1a4bbc0217240c1a33095d707953ed77b15d211adaf9b97dc:9af885344cc7239498f712df80bc01b80638291ed4a1d28baa5545017a72e2f65649ccf9603da6eb5bfab9f5543a6ca4a7af3866153c76bf66bf95def615b00c63b80b7956acbecf0c35e9ab06b914b0c7014fe1a4bbc0217240c1a33095d707953ed77b15d211adaf9b97dc: +0ddcdc872c7b748d40efe96c2881ae189d87f56148ed8af3ebbbc80324e38bdd588ddadcbcedf40df0e9697d8bb277c7bb1498fa1d26ce0a835a760b92ca7c85:588ddadcbcedf40df0e9697d8bb277c7bb1498fa1d26ce0a835a760b92ca7c85:65641cd402add8bf3d1d67dbeb6d41debfbef67e4317c35b0a6d5bbbae0e034de7d670ba1413d056f2d6f1de12:c179c09456e235fe24105afa6e8ec04637f8f943817cd098ba95387f9653b2add181a31447d92d1a1ddf1ceb0db62118de9dffb7dcd2424057cbdff5d41d040365641cd402add8bf3d1d67dbeb6d41debfbef67e4317c35b0a6d5bbbae0e034de7d670ba1413d056f2d6f1de12: +89f0d68299ba0a5a83f248ae0c169f8e3849a9b47bd4549884305c9912b46603aba3e795aab2012acceadd7b3bd9daeeed6ff5258bdcd7c93699c2a3836e3832:aba3e795aab2012acceadd7b3bd9daeeed6ff5258bdcd7c93699c2a3836e3832:4f1846dd7ad50e545d4cfbffbb1dc2ff145dc123754d08af4e44ecc0bc8c91411388bc7653e2d893d1eac2107d05:2c691fa8d487ce20d5d2fa41559116e0bbf4397cf5240e152556183541d66cf753582401a4388d390339dbef4d384743caa346f55f8daba68ba7b9131a8a6e0b4f1846dd7ad50e545d4cfbffbb1dc2ff145dc123754d08af4e44ecc0bc8c91411388bc7653e2d893d1eac2107d05: +0a3c1844e2db070fb24e3c95cb1cc6714ef84e2ccd2b9dd2f1460ebf7ecf13b172e409937e0610eb5c20b326dc6ea1bbbc0406701c5cd67d1fbde09192b07c01:72e409937e0610eb5c20b326dc6ea1bbbc0406701c5cd67d1fbde09192b07c01:4c8274d0ed1f74e2c86c08d955bde55b2d54327e82062a1f71f70d536fdc8722cdead7d22aaead2bfaa1ad00b82957:87f7fdf46095201e877a588fe3e5aaf476bd63138d8a878b89d6ac60631b3458b9d41a3c61a588e1db8d29a5968981b018776c588780922f5aa732ba6379dd054c8274d0ed1f74e2c86c08d955bde55b2d54327e82062a1f71f70d536fdc8722cdead7d22aaead2bfaa1ad00b82957: +c8d7a8818b98dfdb20839c871cb5c48e9e9470ca3ad35ba2613a5d3199c8ab2390d2efbba4d43e6b2b992ca16083dbcfa2b322383907b0ee75f3e95845d3c47f:90d2efbba4d43e6b2b992ca16083dbcfa2b322383907b0ee75f3e95845d3c47f:783e33c3acbdbb36e819f544a7781d83fc283d3309f5d3d12c8dcd6b0b3d0e89e38cfd3b4d0885661ca547fb9764abff:fa2e994421aef1d5856674813d05cbd2cf84ef5eb424af6ecd0dc6fdbdc2fe605fe985883312ecf34f59bfb2f1c9149e5b9cc9ecda05b2731130f3ed28ddae0b783e33c3acbdbb36e819f544a7781d83fc283d3309f5d3d12c8dcd6b0b3d0e89e38cfd3b4d0885661ca547fb9764abff: +b482703612d0c586f76cfcb21cfd2103c957251504a8c0ac4c86c9c6f3e429fffd711dc7dd3b1dfb9df9704be3e6b26f587fe7dd7ba456a91ba43fe51aec09ad:fd711dc7dd3b1dfb9df9704be3e6b26f587fe7dd7ba456a91ba43fe51aec09ad:29d77acfd99c7a0070a88feb6247a2bce9984fe3e6fbf19d4045042a21ab26cbd771e184a9a75f316b648c6920db92b87b:58832bdeb26feafc31b46277cf3fb5d7a17dfb7ccd9b1f58ecbe6feb979666828f239ba4d75219260ecac0acf40f0e5e2590f4caa16bbbcd8a155d347967a60729d77acfd99c7a0070a88feb6247a2bce9984fe3e6fbf19d4045042a21ab26cbd771e184a9a75f316b648c6920db92b87b: +84e50dd9a0f197e3893c38dbd91fafc344c1776d3a400e2f0f0ee7aa829eb8a22c50f870ee48b36b0ac2f8a5f336fb090b113050dbcc25e078200a6e16153eea:2c50f870ee48b36b0ac2f8a5f336fb090b113050dbcc25e078200a6e16153eea:f3992cde6493e671f1e129ddca8038b0abdb77bb9035f9f8be54bd5d68c1aeff724ff47d29344391dc536166b8671cbbf123:69e6a4491a63837316e86a5f4ba7cd0d731ecc58f1d0a264c67c89befdd8d3829d8de13b33cc0bf513931715c7809657e2bfb960e5c764c971d733746093e500f3992cde6493e671f1e129ddca8038b0abdb77bb9035f9f8be54bd5d68c1aeff724ff47d29344391dc536166b8671cbbf123: +b322d46577a2a991a4d1698287832a39c487ef776b4bff037a05c7f1812bdeeceb2bcadfd3eec2986baff32b98e7c4dbf03ff95d8ad5ff9aa9506e5472ff845f:eb2bcadfd3eec2986baff32b98e7c4dbf03ff95d8ad5ff9aa9506e5472ff845f:19f1bf5dcf1750c611f1c4a2865200504d82298edd72671f62a7b1471ac3d4a30f7de9e5da4108c52a4ce70a3e114a52a3b3c5:c7b55137317ca21e33489ff6a9bfab97c855dc6f85684a70a9125a261b56d5e6f149c5774d734f2d8debfc77b721896a8267c23768e9badb910eef83ec25880219f1bf5dcf1750c611f1c4a2865200504d82298edd72671f62a7b1471ac3d4a30f7de9e5da4108c52a4ce70a3e114a52a3b3c5: +960cab5034b9838d098d2dcbf4364bec16d388f6376d73a6273b70f82bbc98c05e3c19f2415acf729f829a4ebd5c40e1a6bc9fbca95703a9376087ed0937e51a:5e3c19f2415acf729f829a4ebd5c40e1a6bc9fbca95703a9376087ed0937e51a:f8b21962447b0a8f2e4279de411bea128e0be44b6915e6cda88341a68a0d818357db938eac73e0af6d31206b3948f8c48a447308:27d4c3a1811ef9d4360b3bdd133c2ccc30d02c2f248215776cb07ee4177f9b13fc42dd70a6c2fed8f225c7663c7f182e7ee8eccff20dc7b0e1d5834ec5b1ea01f8b21962447b0a8f2e4279de411bea128e0be44b6915e6cda88341a68a0d818357db938eac73e0af6d31206b3948f8c48a447308: +eb77b2638f23eebc82efe45ee9e5a0326637401e663ed029699b21e6443fb48e9ef27608961ac711de71a6e2d4d4663ea3ecd42fb7e4e8627c39622df4af0bbc:9ef27608961ac711de71a6e2d4d4663ea3ecd42fb7e4e8627c39622df4af0bbc:99e3d00934003ebafc3e9fdb687b0f5ff9d5782a4b1f56b9700046c077915602c3134e22fc90ed7e690fddd4433e2034dcb2dc99ab:18dc56d7bd9acd4f4daa78540b4ac8ff7aa9815f45a0bba370731a14eaabe96df8b5f37dbf8eae4cb15a64b244651e59d6a3d6761d9e3c50f2d0cbb09c05ec0699e3d00934003ebafc3e9fdb687b0f5ff9d5782a4b1f56b9700046c077915602c3134e22fc90ed7e690fddd4433e2034dcb2dc99ab: +b625aa89d3f7308715427b6c39bbac58effd3a0fb7316f7a22b99ee5922f2dc965a99c3e16fea894ec33c6b20d9105e2a04e2764a4769d9bbd4d8bacfeab4a2e:65a99c3e16fea894ec33c6b20d9105e2a04e2764a4769d9bbd4d8bacfeab4a2e:e07241dbd3adbe610bbe4d005dd46732a4c25086ecb8ec29cd7bca116e1bf9f53bfbf3e11fa49018d39ff1154a06668ef7df5c678e6a:01bb901d83b8b682d3614af46a807ba2691358feb775325d3423f549ff0aa5757e4e1a74e9c70f9721d8f354b319d4f4a1d91445c870fd0ffb94fed64664730de07241dbd3adbe610bbe4d005dd46732a4c25086ecb8ec29cd7bca116e1bf9f53bfbf3e11fa49018d39ff1154a06668ef7df5c678e6a: +b1c9f8bd03fe82e78f5c0fb06450f27dacdf716434db268275df3e1dc177af427fc88b1f7b3f11c629be671c21621f5c10672fafc8492da885742059ee6774cf:7fc88b1f7b3f11c629be671c21621f5c10672fafc8492da885742059ee6774cf:331da7a9c1f87b2ac91ee3b86d06c29163c05ed6f8d8a9725b471b7db0d6acec7f0f702487163f5eda020ca5b493f399e1c8d308c3c0c2:4b229951ef262f16978f7914bc672e7226c5f8379d2778c5a2dc0a2650869f7acfbd0bcd30fdb0619bb44fc1ae5939b87cc318133009c20395b6c7eb98107701331da7a9c1f87b2ac91ee3b86d06c29163c05ed6f8d8a9725b471b7db0d6acec7f0f702487163f5eda020ca5b493f399e1c8d308c3c0c2: +6d8cdb2e075f3a2f86137214cb236ceb89a6728bb4a200806bf3557fb78fac6957a04c7a5113cddfe49a4c124691d46c1f9cdc8f343f9dcb72a1330aeca71fda:57a04c7a5113cddfe49a4c124691d46c1f9cdc8f343f9dcb72a1330aeca71fda:7f318dbd121c08bfddfeff4f6aff4e45793251f8abf658403358238984360054f2a862c5bb83ed89025d2014a7a0cee50da3cb0e76bbb6bf:a6cbc947f9c87d1455cf1a708528c090f11ecee4855d1dbaadf47454a4de55fa4ce84b36d73a5b5f8f59298ccf21992df492ef34163d87753b7e9d32f2c3660b7f318dbd121c08bfddfeff4f6aff4e45793251f8abf658403358238984360054f2a862c5bb83ed89025d2014a7a0cee50da3cb0e76bbb6bf: +47adc6d6bf571ee9570ca0f75b604ac43e303e4ab339ca9b53cacc5be45b2ccba3f527a1c1f17dfeed92277347c9f98ab475de1755b0ab546b8a15d01b9bd0be:a3f527a1c1f17dfeed92277347c9f98ab475de1755b0ab546b8a15d01b9bd0be:ce497c5ff5a77990b7d8f8699eb1f5d8c0582f70cb7ac5c54d9d924913278bc654d37ea227590e15202217fc98dac4c0f3be2183d133315739:4e8c318343c306adbba60c92b75cb0569b9219d8a86e5d57752ed235fc109a43c2cf4e942cacf297279fbb28675347e08027722a4eb7395e00a17495d32edf0bce497c5ff5a77990b7d8f8699eb1f5d8c0582f70cb7ac5c54d9d924913278bc654d37ea227590e15202217fc98dac4c0f3be2183d133315739: +3c19b50b0fe47961719c381d0d8da9b9869d312f13e3298b97fb22f0af29cbbe0f7eda091499625e2bae8536ea35cda5483bd16a9c7e416b341d6f2c83343612:0f7eda091499625e2bae8536ea35cda5483bd16a9c7e416b341d6f2c83343612:8ddcd63043f55ec3bfc83dceae69d8f8b32f4cdb6e2aebd94b4314f8fe7287dcb62732c9052e7557fe63534338efb5b6254c5d41d2690cf5144f:efbd41f26a5d62685516f882b6ec74e0d5a71830d203c231248f26e99a9c6578ec900d68cdb8fa7216ad0d24f9ecbc9ffa655351666582f626645395a31fa7048ddcd63043f55ec3bfc83dceae69d8f8b32f4cdb6e2aebd94b4314f8fe7287dcb62732c9052e7557fe63534338efb5b6254c5d41d2690cf5144f: +34e1e9d539107eb86b393a5ccea1496d35bc7d5e9a8c5159d957e4e5852b3eb00ecb2601d5f7047428e9f909883a12420085f04ee2a88b6d95d3d7f2c932bd76:0ecb2601d5f7047428e9f909883a12420085f04ee2a88b6d95d3d7f2c932bd76:a6d4d0542cfe0d240a90507debacabce7cbbd48732353f4fad82c7bb7dbd9df8e7d9a16980a45186d8786c5ef65445bcc5b2ad5f660ffc7c8eaac0:32d22904d3e7012d6f5a441b0b4228064a5cf95b723a66b048a087ecd55920c31c204c3f2006891a85dd1932e3f1d614cfd633b5e63291c6d8166f3011431e09a6d4d0542cfe0d240a90507debacabce7cbbd48732353f4fad82c7bb7dbd9df8e7d9a16980a45186d8786c5ef65445bcc5b2ad5f660ffc7c8eaac0: +49dd473ede6aa3c866824a40ada4996c239a20d84c9365e4f0a4554f8031b9cf788de540544d3feb0c919240b390729be487e94b64ad973eb65b4669ecf23501:788de540544d3feb0c919240b390729be487e94b64ad973eb65b4669ecf23501:3a53594f3fba03029318f512b084a071ebd60baec7f55b028dc73bfc9c74e0ca496bf819dd92ab61cd8b74be3c0d6dcd128efc5ed3342cba124f726c:d2fde02791e720852507faa7c3789040d9ef86646321f313ac557f4002491542dd67d05c6990cdb0d495501fbc5d5188bfbb84dc1bf6098bee0603a47fc2690f3a53594f3fba03029318f512b084a071ebd60baec7f55b028dc73bfc9c74e0ca496bf819dd92ab61cd8b74be3c0d6dcd128efc5ed3342cba124f726c: +331c64da482b6b551373c36481a02d8136ecadbb01ab114b4470bf41607ac57152a00d96a3148b4726692d9eff89160ea9f99a5cc4389f361fed0bb16a42d521:52a00d96a3148b4726692d9eff89160ea9f99a5cc4389f361fed0bb16a42d521:20e1d05a0d5b32cc8150b8116cef39659dd5fb443ab15600f78e5b49c45326d9323f2850a63c3808859495ae273f58a51e9de9a145d774b40ba9d753d3:22c99aa946ead39ac7997562810c01c20b46bd610645bd2d56dcdcbaacc5452c74fbf4b8b1813b0e94c30d808ce5498e61d4f7ccbb4cc5f04dfc6140825a960020e1d05a0d5b32cc8150b8116cef39659dd5fb443ab15600f78e5b49c45326d9323f2850a63c3808859495ae273f58a51e9de9a145d774b40ba9d753d3: +5c0b96f2af8712122cf743c8f8dc77b6cd5570a7de13297bb3dde1886213cce20510eaf57d7301b0e1d527039bf4c6e292300a3a61b4765434f3203c100351b1:0510eaf57d7301b0e1d527039bf4c6e292300a3a61b4765434f3203c100351b1:54e0caa8e63919ca614b2bfd308ccfe50c9ea888e1ee4446d682cb5034627f97b05392c04e835556c31c52816a48e4fb196693206b8afb4408662b3cb575:06e5d8436ac7705b3a90f1631cdd38ec1a3fa49778a9b9f2fa5ebea4e7d560ada7dd26ff42fafa8ba420323742761aca6904940dc21bbef63ff72daab45d430b54e0caa8e63919ca614b2bfd308ccfe50c9ea888e1ee4446d682cb5034627f97b05392c04e835556c31c52816a48e4fb196693206b8afb4408662b3cb575: +de84f2435f78dedb87da18194ff6a336f08111150def901c1ac418146eb7b54ad3a92bbaa4d63af79c2226a7236e6427428df8b362427f873023b22d2f5e03f2:d3a92bbaa4d63af79c2226a7236e6427428df8b362427f873023b22d2f5e03f2:205135ec7f417c858072d5233fb36482d4906abd60a74a498c347ff248dfa2722ca74e879de33169fadc7cd44d6c94a17d16e1e630824ba3e0df22ed68eaab:471ebc973cfdaceec07279307368b73be35bc6f8d8312b70150567369096706dc471126c3576f9f0eb550df5ac6a525181110029dd1fc11174d1aaced48d630f205135ec7f417c858072d5233fb36482d4906abd60a74a498c347ff248dfa2722ca74e879de33169fadc7cd44d6c94a17d16e1e630824ba3e0df22ed68eaab: +ba4d6e67b2ce67a1e44326494044f37a442f3b81725bc1f9341462718b55ee20f73fa076f84b6db675a5fda5ad67e351a41e8e7f29add16809ca010387e9c6cc:f73fa076f84b6db675a5fda5ad67e351a41e8e7f29add16809ca010387e9c6cc:4bafdac9099d4057ed6dd08bcaee8756e9a40f2cb9598020eb95019528409bbea38b384a59f119f57297bfb2fa142fc7bb1d90dbddde772bcde48c5670d5fa13:57b9d2a711207f837421bae7dd48eaa18eab1a9a70a0f1305806fee17b458f3a0964b302d1834d3e0ac9e8496f000b77f0083b41f8a957e632fbc7840eee6a064bafdac9099d4057ed6dd08bcaee8756e9a40f2cb9598020eb95019528409bbea38b384a59f119f57297bfb2fa142fc7bb1d90dbddde772bcde48c5670d5fa13: +0d131c45aea6f3a4e1b9a2cf60c55104587efaa846b222bf0a7b74ce7a3f63b63c6729dbe93b499c4e614a2f21beb729438d498e1ac8d14cbad9717a5dbd97cd:3c6729dbe93b499c4e614a2f21beb729438d498e1ac8d14cbad9717a5dbd97cd:b4291d08b88fb2f7b8f99d0dce40079fcbab718bbd8f4e8eabc3c1428b6a071fb2a3c8eba1cacccfa871b365c708bef2685bc13e6b80bc14a5f249170ffc56d014:a9c5ee86fb06d9e46b379c32dda7c92c9c13db274dc24116fbdd878696045488cc75a52fff67d1a5113d06e333ac67ff664b3f2a405fa1d14dd5bbb97409b606b4291d08b88fb2f7b8f99d0dce40079fcbab718bbd8f4e8eabc3c1428b6a071fb2a3c8eba1cacccfa871b365c708bef2685bc13e6b80bc14a5f249170ffc56d014: +a75e3b6b4170e444781be4eeac3e0fdaa4b4356f705486bcb071a325ae071fba993d38a7d72f0aee15ff6f4fdc37ca7724fd1373a3766b275dbc77e647980e0a:993d38a7d72f0aee15ff6f4fdc37ca7724fd1373a3766b275dbc77e647980e0a:4037866f6548b01cc6bcf3a940e3945aa2d188b4b7f182aa77ec4d6b0428ab5b84d85df192a5a38ada089d76fa26bf67736a7041a5eb8f0c5719eb396693c45160f8:a5db4d3d3329abe3697959e6b5947ea8601b03ef8e1d6fe202144931272ca0a09b5eb0f390572ea7ef03c6131e9de5f16bf0b034244f7e104ff5311bbf663a0d4037866f6548b01cc6bcf3a940e3945aa2d188b4b7f182aa77ec4d6b0428ab5b84d85df192a5a38ada089d76fa26bf67736a7041a5eb8f0c5719eb396693c45160f8: +bcbcf561ecc05a41c7d7e55e696d32ce39b4d03c1f5f3f3a8927fe5e62e844b24ddf53fad6a7a9ed30f3afecca136fd7843b72c243090891ae4021a32cadff1a:4ddf53fad6a7a9ed30f3afecca136fd7843b72c243090891ae4021a32cadff1a:6f6716b6784740980aebc3248807e31c1286ac7b681c00b66c88ff7a336d441fa5c3eb256d20cf6d1ac92ccfe4be6dcc41b1aff846d360c243001cabdfbf1a9b240455:9ff15115f6661f3211d7a40764967629ba6a5263951bdc3c6a4c90d070f7be00024b80d83b6bc27587fcff5f5ccc0eb3cde1497cf56895147a063f61f08adf0b6f6716b6784740980aebc3248807e31c1286ac7b681c00b66c88ff7a336d441fa5c3eb256d20cf6d1ac92ccfe4be6dcc41b1aff846d360c243001cabdfbf1a9b240455: +210532805fa9cc9be916d213cac374e3cd6fc2602a544d0c1ce29d30105d69ab10699e499be99e2b11b98f6f86b67cdc4ccf69f3c53ce094875647d2d0d0ecc5:10699e499be99e2b11b98f6f86b67cdc4ccf69f3c53ce094875647d2d0d0ecc5:9fc4d28cfd25e6c0c5e724e19ca39d71e53bf4aa2796c54c3351f108fc70f2611a62e0ab90af6ade5216788e9eb2a873059b1e79d7d59debd68f2d4d80ffe31bf74b928c:4c2d31d5bbc42e026dc1e079ecc4dd072c5d2cce65e3db8d8a1dd9057faa0371727f727231a0f060fa27097533b6db3b8f6252f2793d75662caadf5f0fcc710e9fc4d28cfd25e6c0c5e724e19ca39d71e53bf4aa2796c54c3351f108fc70f2611a62e0ab90af6ade5216788e9eb2a873059b1e79d7d59debd68f2d4d80ffe31bf74b928c: +185d64b69479e0ba0a5844a10ad84125ba11c4b40d63eda2c57afc7e019c8e0ca5764f6398a5ae2266a38f9714533c4bbd8d07826f63e204cbac374b0acef1bd:a5764f6398a5ae2266a38f9714533c4bbd8d07826f63e204cbac374b0acef1bd:4a0824fe70d4315413d0a0cafbf4f5fe117d5e07e1c3a4effb9d0ae91490234878ccf6792a91f68c6a520de16071f08abe35dc5ea428f1957b663371ce24c609dd55b8f493:43e0387da5ba09a190f6e7b2680578d889769bcc445e5ef571b492871c155c5b9f620bfacfbf2df1fd87444604b71b2e237baaa7ee2093ede4a601edf883e3074a0824fe70d4315413d0a0cafbf4f5fe117d5e07e1c3a4effb9d0ae91490234878ccf6792a91f68c6a520de16071f08abe35dc5ea428f1957b663371ce24c609dd55b8f493: +cfa9d9164b3c4f6f722635d2066cd7ea5e5533d2c74f8add669c371faa47642641169a66f9a63f285782a6c2db81cc3f70b3ada21a68c84745c88a74c3b0a2de:41169a66f9a63f285782a6c2db81cc3f70b3ada21a68c84745c88a74c3b0a2de:757621b1675db7cacef7f2782587ff3af51a3ef2f4bcf9279c4ce94002e1f00424bf0eb621982cc85cb4d171e564a0c2f6e3567a1aae2cddb7e9b25f47dc20a51050542969ca:01d7c9b5701af71e2f4877ffc9b7b5305f52816d4458e37e41c7719fac1d76a01fff3f50fe1a5875ccc3fb70001c947a33fc8b207de13572ccdb8ba98933ab01757621b1675db7cacef7f2782587ff3af51a3ef2f4bcf9279c4ce94002e1f00424bf0eb621982cc85cb4d171e564a0c2f6e3567a1aae2cddb7e9b25f47dc20a51050542969ca: +1acb4a256c2f8993ca24de1e0014606d668b5e756032d269f1d24d351c8eea4acbbdcd8cbc885ab43a057e5f9579f1161954159e7b562ea26cd9a43c88d3f96d:cbbdcd8cbc885ab43a057e5f9579f1161954159e7b562ea26cd9a43c88d3f96d:c46a6d61aa0aed1c1d8547a70b89b7196475d5a4870881b1ecd0f0cb9c745f8a2adc8024e2dc55b53aa5d383a81aabc1a47e8d07d00b7f0b56ceddbfb1f424bb5c02184678a666:05aa76f7fe51892303d78914715995e7d768ff7714ce270f175e56af17ae018d3fa939f5f620de82bcd1549687b205c7871203e624238c4e309fab7f92fbaa05c46a6d61aa0aed1c1d8547a70b89b7196475d5a4870881b1ecd0f0cb9c745f8a2adc8024e2dc55b53aa5d383a81aabc1a47e8d07d00b7f0b56ceddbfb1f424bb5c02184678a666: +ace3c46424823622979fc3a84a7da69c1d527d8312e8fb018375bd3a96c29c18937cf34136d9e1cce0de11b12c70cbfb7455448421e92c82e7c40934bff8c676:937cf34136d9e1cce0de11b12c70cbfb7455448421e92c82e7c40934bff8c676:a9f137bc9021bf105aee25be21cd9ee5b3547cf10cc5f98476fb588bd70e2d6d6b0834e842e4ee94303cf96b09c1715381b36e14a491b80f895ea421b8ec2b1d3c187e02935c5526:feb8896dd3fe6001ffea171b37b788a69f7f850193a63406f56376dd263d099aef80ece67e2c43f40eca462c6b71e79406b18db74ae5d49844e3b132bc2a1307a9f137bc9021bf105aee25be21cd9ee5b3547cf10cc5f98476fb588bd70e2d6d6b0834e842e4ee94303cf96b09c1715381b36e14a491b80f895ea421b8ec2b1d3c187e02935c5526: +88f681934e33c35c07dc6e5a832942ae3d59903ccde2f76ccb7587cea7ec41b66a4e8aa5adb63d22fd7b14a26fdb03b7c8aa6ccd5a196f2c54b0465adb5092e1:6a4e8aa5adb63d22fd7b14a26fdb03b7c8aa6ccd5a196f2c54b0465adb5092e1:6e8bac1f853b81fef94707e18cc61c6f0a9cbc2a41d078dcc83fc0229c7f8dbe6dbdd90854b1f1ae2b9f2b120b86a8786b4e78ce23ab86baaf88754af0f3d88881dae0bc5261bfd038:45b27bf1b9eac06b62b686f6d546563b2dfe5b175dbef32bf78c35a16c958a9d4f26d291de9bb2066c0a286113cc09172d40a36d4cbd951708860226eb30cd056e8bac1f853b81fef94707e18cc61c6f0a9cbc2a41d078dcc83fc0229c7f8dbe6dbdd90854b1f1ae2b9f2b120b86a8786b4e78ce23ab86baaf88754af0f3d88881dae0bc5261bfd038: +48050a6e0158f6ad253412e4497cff62d5ee555edffe59e4dc401522813295ce975e010abb9a3e56659137b0506057f283982f886ca172c7bc2c500ed9bd26c1:975e010abb9a3e56659137b0506057f283982f886ca172c7bc2c500ed9bd26c1:ed6eec29fb7049dff707f0a4426ebc8f5b350e95870b9d6198c8139e9c3e1e409937d1a858a0dea482a5cb1a854ed3b5a9397acb63bff6b64039ef2eb1159e99858310bbbd86125c3e0e:7216ab60c35168187d0fce4753c86e80058d540b76bf95843a5898841060a99a44de6f439625a3f6365f59c377bf45909bbfef5c50b25f3194e5fbd34ea5e706ed6eec29fb7049dff707f0a4426ebc8f5b350e95870b9d6198c8139e9c3e1e409937d1a858a0dea482a5cb1a854ed3b5a9397acb63bff6b64039ef2eb1159e99858310bbbd86125c3e0e: +18d13d0c00e8e3386a5cfb30a9e79fe88b1861ed2d1201eb170038e194770403a4afc833401876090d9b880c41267d68cbbeeaa38afb20884e27328f3b7f535e:a4afc833401876090d9b880c41267d68cbbeeaa38afb20884e27328f3b7f535e:910f6c272dd97931ac47310d244cadb43251365e02ba9f6a5b3c3226be9d7d3a74a2ba4906e8e71a4bf3d3556ebdfc666cd6b12f20c4a00834b88fbb244575199286b0b9344cf334aff007:033988154c5d79d2510be83e778015dfe2fb85b8111f7ec139918b5400e3d656ee80a9f5c9072b5b467a5cc5a57cc8ad1062b5bff10862d9d369dde2cc966701910f6c272dd97931ac47310d244cadb43251365e02ba9f6a5b3c3226be9d7d3a74a2ba4906e8e71a4bf3d3556ebdfc666cd6b12f20c4a00834b88fbb244575199286b0b9344cf334aff007: +4adc8c28646a93a817293a14d29b48e2c6d712a68993547a5c5e4d1452acbc3a7f40473628f23fc0dff0021afd487740d4916a9122e6c97d36433e5ebf04f88c:7f40473628f23fc0dff0021afd487740d4916a9122e6c97d36433e5ebf04f88c:09fb5501f1688f80a0ab9e22d778ae130acaf74d7f5185b4da198c6b9edac4302e2b753e578766e17d4056dc40d95cf4ca8bcc6565795e97d68bcda79fa77c493397716356164caab5d19cfd:6d3b4e90ec408311f9b15b9253d3d95c5d152620c260d56302555a8804a5104ba5e8d29ee108e764a64219297298ab7674bbca784dee28773b34e185a386c20809fb5501f1688f80a0ab9e22d778ae130acaf74d7f5185b4da198c6b9edac4302e2b753e578766e17d4056dc40d95cf4ca8bcc6565795e97d68bcda79fa77c493397716356164caab5d19cfd: +f26e1c84697a4908151b447dcf6c7c7a38b04081db9e7c7738e6fec900bed0c1a86e1422c1235ff8e1aa083470d5e42288cb007ab50e795dd0b4ff87394966c4:a86e1422c1235ff8e1aa083470d5e42288cb007ab50e795dd0b4ff87394966c4:54ed47606a1487c2f900cefb6e899dbaf6c31cc88ebe3558b83b93f6d422c31e888e48e520eeaedd7e554a9cd40c2c519d533b6144cee484c389e976b1e4022b50e7dbb87ead7e541a2004daf7:44f3344b9566c9dfd22d6198e1cbf95d9e28f2982fc7f166ab25dda30c46f768c558e0394fb9ab3e1d4db4cf487c17641a13f3f48939e0c64827a75103c5740654ed47606a1487c2f900cefb6e899dbaf6c31cc88ebe3558b83b93f6d422c31e888e48e520eeaedd7e554a9cd40c2c519d533b6144cee484c389e976b1e4022b50e7dbb87ead7e541a2004daf7: +cc0c33f3a86f5a17d30c186ce0f3b740bafa5fe3c7090f143541e2b2c1e534bc967a71c7cf9b82cc78cbe109104d8b438a8d1fd71d260d029046a9a4526866ff:967a71c7cf9b82cc78cbe109104d8b438a8d1fd71d260d029046a9a4526866ff:1944e5e155d75e0d0be92e1be14cec370ad13791f2bfd40f271214e94fcf213c71bc20d7ce0c7584421ac4efc451883cc3f4956f21f73a4216720438bc38ff2cfdf3709905a50a9d94b1d9e7932b:e277b3dd655c33ff75fa920af1fcc859401e6c7a6ef4c6bfbfac5069638f19ca115baf13c09c82af793facb6abd0cd58e8481b08c1b68ad7a2665c4a614a28061944e5e155d75e0d0be92e1be14cec370ad13791f2bfd40f271214e94fcf213c71bc20d7ce0c7584421ac4efc451883cc3f4956f21f73a4216720438bc38ff2cfdf3709905a50a9d94b1d9e7932b: +f0bc979375a7073068dba7f6c094db6598b4e45df7d549583c22fded8048fa2eb42b6c57a78f1d90090a7181ab2ae09f426cbc2be96eb2cf27abc70d7d32a4b3:b42b6c57a78f1d90090a7181ab2ae09f426cbc2be96eb2cf27abc70d7d32a4b3:27ab3049b5c6351f6cfe38b13a059f5037257ee3d65d6079656856edc876ea081fd8a9480466f8839478088466f51ecbfaf2d65def25f0c4dd8d08588202812232f57945df8a6fa161ed8c0343b583:19dbc3027f9fae707deb76f588f9fd07aa8eae29bd4e1d04c2c984388286b3b122248a6c03ed67eca35df4db3dc1e4237f267892518497d9552a21de19b5140f27ab3049b5c6351f6cfe38b13a059f5037257ee3d65d6079656856edc876ea081fd8a9480466f8839478088466f51ecbfaf2d65def25f0c4dd8d08588202812232f57945df8a6fa161ed8c0343b583: +3022975f298c0ad5ddbe90954f20e63ae0c0d2704cf13c221f5b3720af4dba32b845bce38e26ab027b8247463d437a71bbddca2a2381d81fad4c297df9140bd5:b845bce38e26ab027b8247463d437a71bbddca2a2381d81fad4c297df9140bd5:9aa19a595d989378cdc06891887ef5f9c246e5f83c0b658710673e4e7db760c76354c4f5d1e90db04a23b4fb434c69384593d010e312b11d299c9f97482de887cecfe82ea723bca79a1bd64d03ef19ee:ae14a860fad0051b3eb72b3721a82f7b9546b2867261e2b7b638979e2561bdeb89b600768f82450a66c8b0481283fa21cb6c53bde350effb68a7d1114bfdb2039aa19a595d989378cdc06891887ef5f9c246e5f83c0b658710673e4e7db760c76354c4f5d1e90db04a23b4fb434c69384593d010e312b11d299c9f97482de887cecfe82ea723bca79a1bd64d03ef19ee: +0f710b6c481f71449589753312ef64932b4652ebe0e07597f7da1c4f3dcffb806973ff2932ccddfc1d16c4c0da50c8b29fe6452d1ee84d52064ebf3d628d403e:6973ff2932ccddfc1d16c4c0da50c8b29fe6452d1ee84d52064ebf3d628d403e:85d85744ad55e9ef9a65ca91e85c8a4f80e4c58f8e4e9354e833986098b7d9fe9fdc0dedb0d75d2539fba00034fc0c2e84344d1edaa09d4f63d5546d67803dd6b54ddcc0b1d3f2582dd75289e31de42e69:02a8d26aee11420fb4f09d1163e14b867df7c6f6c8f8dc7a78034659f0401cad0aa90397efdd0704b798db1936503026e2a1adc297e27974d4be312a3753f80485d85744ad55e9ef9a65ca91e85c8a4f80e4c58f8e4e9354e833986098b7d9fe9fdc0dedb0d75d2539fba00034fc0c2e84344d1edaa09d4f63d5546d67803dd6b54ddcc0b1d3f2582dd75289e31de42e69: +7a05f121f60112dd16fee8c91bc2a11479f4b67ee33456042c8de167fc588017b3b05be989cea7197505d4b54335e5e1d77a4b52ba7282604bbc1cf6c4e87a6c:b3b05be989cea7197505d4b54335e5e1d77a4b52ba7282604bbc1cf6c4e87a6c:d9c59e8cc4ede537be2122ab492a5b915a9b0a114b2ade356fc0457ef98722d5f567b86211e28369d14168ec4a3c804076e154adc70a668cf64a20d13cf190d115cd688d036e46938251df4964dc3517b10c:d30ce8a322b450a2fb1afd329cec8559ccf112bd83965f9ec4736270a0914e061196bf5209778c9f8ccf39c4668bbf0e1363f81afe45dd74e80d5875ddbf6f01d9c59e8cc4ede537be2122ab492a5b915a9b0a114b2ade356fc0457ef98722d5f567b86211e28369d14168ec4a3c804076e154adc70a668cf64a20d13cf190d115cd688d036e46938251df4964dc3517b10c: +bf381f8dfb5d0c6d64e416ac23e0d0fcb86ebb899b1d146abd911b92a7808eb6863fad8d1f1bc630a15f6fe8ecefe6b4497b60b21ae8830da46742045fef156f:863fad8d1f1bc630a15f6fe8ecefe6b4497b60b21ae8830da46742045fef156f:8654f2f5c6dcd2cfcbb6ed8d2bc5fb5fec53e3effb0de65aac507fa56c897732395aa09946d3b6586a92edd6dc99315e1ba74c6a0247c4ba7760b948eb3c0932d9fe1f0e9fea6eb61a548a9ab48ffdf1547329:99b75378738fcac8067669e8509b5d2607e1ef76af9004e13fe5d3932df60b168216f58565340fa4d638055a89044ee7d45e2bd082a53382289a34700648980e8654f2f5c6dcd2cfcbb6ed8d2bc5fb5fec53e3effb0de65aac507fa56c897732395aa09946d3b6586a92edd6dc99315e1ba74c6a0247c4ba7760b948eb3c0932d9fe1f0e9fea6eb61a548a9ab48ffdf1547329: +36983241a0a8e60ce02a61b3fafab15a7313a5a270d015b9c9ec070dc42deeda6647984d42b9a5b3b1afa3b7f8f49d4c2b05e38984e99cea8fd68235d2ae4627:6647984d42b9a5b3b1afa3b7f8f49d4c2b05e38984e99cea8fd68235d2ae4627:cebb9e404451818253c0392a4554ee7323c5d5b8b226775700b806ed5b91337916ea7ecbc3d4103fc65e5372ae7e5f9ba2d8f5aee24ccf6e631ae20c4af9b5f728cdf89e8189def1a5b3d35347aa203525ea1d2e:ee37df8af422f91f85dfe43efe79f62378068ccdbaf3916eecbc3adfed0508bdebaf5ce06b3bc279f78087f0db8db3c6823edfb32c12217830be723d8872b30ccebb9e404451818253c0392a4554ee7323c5d5b8b226775700b806ed5b91337916ea7ecbc3d4103fc65e5372ae7e5f9ba2d8f5aee24ccf6e631ae20c4af9b5f728cdf89e8189def1a5b3d35347aa203525ea1d2e: +d06899f93a408dacb41c969718346f1e289bb5ea65e283ff79c705a074517c3546bf2a08a076c47d7f11b733f8141c355363ed85d7def26ba6a0ce15ac5f2be8:46bf2a08a076c47d7f11b733f8141c355363ed85d7def26ba6a0ce15ac5f2be8:0864c39ac4fda8eb9048597bd40be0401021fd2dd3a3390a8facce984b260a13fa2c7cfc00d192fadf134a0ad5a181ee89eff0c795eaa0fbfe2f3b26115d07168db42ed21a51303b1958e4a42dc065b22ce48f17a6:6f89de92a66bc5f4144339124950bdf588144cb372f6736245351c9476becc59a258f9a933ffff2bef4b46cd1057395225799fd09dede6823db0e325dbc8140d0864c39ac4fda8eb9048597bd40be0401021fd2dd3a3390a8facce984b260a13fa2c7cfc00d192fadf134a0ad5a181ee89eff0c795eaa0fbfe2f3b26115d07168db42ed21a51303b1958e4a42dc065b22ce48f17a6: +eebca7966970ee9f2cc4d74c6f1d8e0ebff7c45aebad349fb9f86df628dfff0e89101e0309f767e64ae9c98c4a5d8d2328fb3ef262d082f49b64ca209e1990f6:89101e0309f767e64ae9c98c4a5d8d2328fb3ef262d082f49b64ca209e1990f6:0fac790adb9f59e5cb0ddcb2b667172f2a21034d93bcaddf188606fa9e776db33a8fcc6bd7f5567883fc0de351aa9afaa36d2075b1ba853bada849b8661d5c8154e7b0afea656dd15e01a9c5ba21589b02f8fc5481c2:7d447ee5328c9fe7f11936cc42998754a56cd1d2a6951af4fee7c4a8eb319d4923707c793c55d79067f822d5b16bb5776e38dffabc67237a916a81a63339b0030fac790adb9f59e5cb0ddcb2b667172f2a21034d93bcaddf188606fa9e776db33a8fcc6bd7f5567883fc0de351aa9afaa36d2075b1ba853bada849b8661d5c8154e7b0afea656dd15e01a9c5ba21589b02f8fc5481c2: +3820b6b15939d0afe18c9cb3d9a2a08f167dd458eb6c7e3f1558b0c6db4c689080b85c6559fea8b400e1999cc5bfed507ad7fc294cd9ba0ce2dd2584a91089b0:80b85c6559fea8b400e1999cc5bfed507ad7fc294cd9ba0ce2dd2584a91089b0:3e5ad92d44b40e8614d8087c9c743de0c0861a07f1f5146d71cac2f3740024e841cc2d46027cf5d261d3ee7c1875b39551017b5fb1468114fc3e098a899cdbd558b39f098e156b6e9801ebcdd65fed56dbfcaf2c8c787b:823ee2c0c8d87faa0ec0141e9ce08b51e57c839792d1fbd97a967207fd415849ebfb5dadb5a1dc2c0a8b7fc63fc354857b8c90c44720e13f45cd01e7aa23140c3e5ad92d44b40e8614d8087c9c743de0c0861a07f1f5146d71cac2f3740024e841cc2d46027cf5d261d3ee7c1875b39551017b5fb1468114fc3e098a899cdbd558b39f098e156b6e9801ebcdd65fed56dbfcaf2c8c787b: +0d20fa4a37ff30c4dcc3e44ea7ac501137e5807e9781330ac310982cc3d39dbd67bb0a01bc8617b491eff1a326c1c70f7d0c5b95a5ad48241aedce1c6f0883cf:67bb0a01bc8617b491eff1a326c1c70f7d0c5b95a5ad48241aedce1c6f0883cf:35e0f4b4a517f9c7aa4514f03e6d65f19b27c62cc069f6bf07dd6378bd6afe2b766560006cbd5730a00919ed11191fb0c8dac56e153fc1cea4bdce5046cccb717759a4083e1c16f740763264cc804de0d0e1a4b5a23067af:deab12ed82ba94b469ca98b66fa20444b4b7881c4f0f853409c9a1504a5b2b6d7860f26ada6bf73459b9cdb573c8017121338efa60f4148086d7a3a8ed59bb0735e0f4b4a517f9c7aa4514f03e6d65f19b27c62cc069f6bf07dd6378bd6afe2b766560006cbd5730a00919ed11191fb0c8dac56e153fc1cea4bdce5046cccb717759a4083e1c16f740763264cc804de0d0e1a4b5a23067af: +bee161881d819b370d240d509ba46b06fb828e20310d9f6b309780703e98927b10854380de89162bfb9f7835a2716a3a6e0265671b250b389d01c3bcc03736b8:10854380de89162bfb9f7835a2716a3a6e0265671b250b389d01c3bcc03736b8:5a6fe599b6b09b05c0ba6a622df3a92b3d376d24d04ea85ebe767bc2ec4d14e83e6937dc0b914b4809fdb607906841a6fd1dcdf61aaea8f9bb81b2ccaa32df412989ae53646680a71a211c8440eab0f1aec5e4fc00e6a2c96d:b07d072eb3831fae8a06effa9201797496dce126b8e11fef2fa07f664dc5cf3d4bf9c38a8b3c09fb5f14fa2deb219e7d852fdd27c7ba32d309942f2746dfe4045a6fe599b6b09b05c0ba6a622df3a92b3d376d24d04ea85ebe767bc2ec4d14e83e6937dc0b914b4809fdb607906841a6fd1dcdf61aaea8f9bb81b2ccaa32df412989ae53646680a71a211c8440eab0f1aec5e4fc00e6a2c96d: +70150e9516164a3d7b7e8b6f255b65cac9f07459b32d11bb94b3d277208abc992328bec8e40351047882e8b43bc1ab085386fa47987e46ea87608814c5da713c:2328bec8e40351047882e8b43bc1ab085386fa47987e46ea87608814c5da713c:77be8eceaab431a13c2a28d0d1556489d8c392fd7ae41157f7caf082cb54e45f08626be0076be844d38fde901a5eab0e8832d69dac22fb8507fb8ec4faf7c88fd26da308461afe385987972b5e760a34a5e18b9a82b4aaa529b7:eda3f5033ea7953a0d583c6457522e84ad78445304d48e577d4d69e8641febe15248d8d90ce0944a8f801d39099bc77494bac4ce2a20b38369c6adfb71e03d0f77be8eceaab431a13c2a28d0d1556489d8c392fd7ae41157f7caf082cb54e45f08626be0076be844d38fde901a5eab0e8832d69dac22fb8507fb8ec4faf7c88fd26da308461afe385987972b5e760a34a5e18b9a82b4aaa529b7: +3f87fcfdb421422a9c5fb98268313c15128c78844ef9eb3b3713fa77b6718903533ec59228374bd03a4699e3a8896b86182fcf8fc3085fdb8f5c4671524d6fe0:533ec59228374bd03a4699e3a8896b86182fcf8fc3085fdb8f5c4671524d6fe0:c00fed2d689468bcbacccd446e8d8f299e2a86925e62e59709afaf4857469ff1e006d00fa3e18a3615f8f06b6ebdff785dde58851d2c239038a0c344dce985bd1fc8deb4779ae5f8932e2f9ed5990b6472dbe4e6fef6917657e0b5:f6519d7edb6134111974033f03b8d89e9c76caec8965a8e17cd45fff19de2615d73eccdb4a6664a8f0e23adf98988e96251bf26eb7a4ccaac1079f0a772f9b05c00fed2d689468bcbacccd446e8d8f299e2a86925e62e59709afaf4857469ff1e006d00fa3e18a3615f8f06b6ebdff785dde58851d2c239038a0c344dce985bd1fc8deb4779ae5f8932e2f9ed5990b6472dbe4e6fef6917657e0b5: +44ceef044ff998d4abeaaf374eb41d086718b63097b1e35f89634c14897132eae83c86677d03ed3a5e8c95f41f0b325ff4333702f2ff6936f57ff30aa31485c7:e83c86677d03ed3a5e8c95f41f0b325ff4333702f2ff6936f57ff30aa31485c7:8d3e2dec4644c7b51633b13e6375ca42ff9138465f43d7800c7313199f67c9cf1b520b1820bd630ecf1c992e2767b38eb5bbc441a4ab8d317db441db35a0fe3abe7a9e4541881c2d7b1a2612306959815d1da41267d9649dd4494ace:554552d6b790d421d06b0a67f8e002ad7a1ed01c06cf00cbeaec2a268bda29f1183f0ceafc625fa5fdb847dc86fae1a20406e459d4a0177cb515220a568e08008d3e2dec4644c7b51633b13e6375ca42ff9138465f43d7800c7313199f67c9cf1b520b1820bd630ecf1c992e2767b38eb5bbc441a4ab8d317db441db35a0fe3abe7a9e4541881c2d7b1a2612306959815d1da41267d9649dd4494ace: +98ef2a44d4c8476dff05aa78dcf9c6dc086cb2f622a06745d60cbf223faaba6642fdb1daa39f0159119beec1bedf6f0394b26a2a29bd1fde081eccdadecc226a:42fdb1daa39f0159119beec1bedf6f0394b26a2a29bd1fde081eccdadecc226a:c8b5fcfc3c18c7d95957b668e91c731d50c7fcea4f9575bbf784625870e238df546e2cb1a19d2808dd5b230d3871fdec16100ee1fbf9b722fa3744a750a3b396b05f9c21b8c0f61ead57a78c5ecf72b579cfe88a3f404c8acf524f9ab9:ab5e8724a3e6ff76058cfb214d574e04d05574ecdd4ffe8c07c7af396e882687c5d79ef1e62fbb4c5f1bd06b9bd897826edde0d111d918e8ef961ff2a00d7700c8b5fcfc3c18c7d95957b668e91c731d50c7fcea4f9575bbf784625870e238df546e2cb1a19d2808dd5b230d3871fdec16100ee1fbf9b722fa3744a750a3b396b05f9c21b8c0f61ead57a78c5ecf72b579cfe88a3f404c8acf524f9ab9: +93a8c792a239c931917c114824a0174f8bc4ebbf98af8c7e321e0f5bea4015ec9b2eaa8a9c2c25ff4f6e13bb12bae5d06fda0eb1105fafae5880ff168740bb74:9b2eaa8a9c2c25ff4f6e13bb12bae5d06fda0eb1105fafae5880ff168740bb74:901bf4e041caf16e04f2ffde8d6fe97e93d0900f6bc0fc09a9a0179d137b4b7788e57eb92766a9c634f35adb5c2988af1e86208f461998f59cfec99204b484fbcad3951e7ee4405523705d9739b44307db03f713fda78db421ef3121b3ba:cfe32c4435d911d772dc0727e78d689d0164c5069597cb441b22c1d26236479f1afd7089121b9ab4f61bbb1fae1ab42f7635a92a53784d7170916b703aa5cc09901bf4e041caf16e04f2ffde8d6fe97e93d0900f6bc0fc09a9a0179d137b4b7788e57eb92766a9c634f35adb5c2988af1e86208f461998f59cfec99204b484fbcad3951e7ee4405523705d9739b44307db03f713fda78db421ef3121b3ba: +7001fa0c4404c28aa5b5fcff30a961f21a22f5b85a9e382e07aea8a8924d0ec1daebb63c4d8f40ceba8ec35e3dd946a6b75bc74fcb29ade7b55eee3cc3aea5ca:daebb63c4d8f40ceba8ec35e3dd946a6b75bc74fcb29ade7b55eee3cc3aea5ca:44f48cfb02f08777a57873855f96be4c0291323f2739b275d90757a15472e5750436e0107408fe3026c00625689983f990eba9becbfce403ccd56356ad2741fd21445dfb23d76112e578b3395cf9d960955f1da8f399ca286f21390e25a59a:64eac9ce87460618636b41fd2decc1673bfc48c5f479dfacb51e86686407374b1d10bf65d6d7474214d7770c9e5c7f806c80d53d48b720870e5e78f32e3a7e0544f48cfb02f08777a57873855f96be4c0291323f2739b275d90757a15472e5750436e0107408fe3026c00625689983f990eba9becbfce403ccd56356ad2741fd21445dfb23d76112e578b3395cf9d960955f1da8f399ca286f21390e25a59a: +3adce3a3d3fbc977dd4b300a74749f13a3b04a5d73a2cd75a994e3195efebdac6ff19b1f18d64851d5c74845c6407f0bf596a52e385e020127e83e54cff5ac19:6ff19b1f18d64851d5c74845c6407f0bf596a52e385e020127e83e54cff5ac19:fe6c1a31068e332d12aab37d99406568deaa36bdb277cee55304633bd0a267a850e203bb3fabe5110bcc1ca4316698ab1cf00f0b0f1d97ef2180887f0ec0991e8c1111f0c0e1d2b712433ad2b3071bd66e1d81f7fa47bb4bb31ac0f059bb3cb8:7dda89f85b40539f5ad8c6de4953f7094a715b63dda30ec7cf65a785ceae5fc688707ee00be682cecbe7ee37d8fc39ee6d83c64409681708a0898a183b288a06fe6c1a31068e332d12aab37d99406568deaa36bdb277cee55304633bd0a267a850e203bb3fabe5110bcc1ca4316698ab1cf00f0b0f1d97ef2180887f0ec0991e8c1111f0c0e1d2b712433ad2b3071bd66e1d81f7fa47bb4bb31ac0f059bb3cb8: +14803c1f23a47fcdd35e5d146e20ca630cd712c047d5330b652e31857acbc9e836f2d5bd6d8324fa6e9db7f7d854ebe48c0e6299998122e9d44b8adbef54f093:36f2d5bd6d8324fa6e9db7f7d854ebe48c0e6299998122e9d44b8adbef54f093:555983679d026e5354b4cc055ae1bc14653c7281ec722372f3feb778e841da821b3d0b8ee7a9a9129ea06824be8379fbbdcb0748f423721ccb172a1bafa1d5ae9fc1c51e93d41dd551c3086079b620286c1c40c1223bbcbb76722e92ca21d8410a:07a7de6ce97664b3ea0928e1385c3309be08a47cbf4daa9186a1b948c86fbba39c4efcfcb7a0a3866bc94c6788ffe6be0d4972e56d0c3292d1cc6e25447b9904555983679d026e5354b4cc055ae1bc14653c7281ec722372f3feb778e841da821b3d0b8ee7a9a9129ea06824be8379fbbdcb0748f423721ccb172a1bafa1d5ae9fc1c51e93d41dd551c3086079b620286c1c40c1223bbcbb76722e92ca21d8410a: +1a61154d3472cd96b328ee674beb4fc86763a969fb410494e0678414e31a46a67576d93ac85d0fc61f258c55cf90bd87a635099c0e810ed0b937258d13b42559:7576d93ac85d0fc61f258c55cf90bd87a635099c0e810ed0b937258d13b42559:64c565efbcb8b9528ed47253f3c6a4035db781d6f0976b5e5ba8447d4ed54b04105293ef4c000d8b2e1b5b75e727e5d2a077743b50d183b491764801a2504d16ee6d7d8ac4fe40e6bfc2a8129c7285a5ac691c35e642ed162cf7fbc64516733a23b3:ada1666c9c3b8284b8a21c4f2618ef0808a646f3f10941e470f738e1785e2de9fdd9c8cb526f945c7a8c6994f151b7d066581b1d755307947c62befc8ab7070f64c565efbcb8b9528ed47253f3c6a4035db781d6f0976b5e5ba8447d4ed54b04105293ef4c000d8b2e1b5b75e727e5d2a077743b50d183b491764801a2504d16ee6d7d8ac4fe40e6bfc2a8129c7285a5ac691c35e642ed162cf7fbc64516733a23b3: +f215d34fe2d757cff9cf5c05430994de587987ce45cb0459f61ec6c825c622591ed506485b09a6450be7c9337d9fe87ef99c96f8bd11cd631ca160d0fd73067e:1ed506485b09a6450be7c9337d9fe87ef99c96f8bd11cd631ca160d0fd73067e:fbed2a7df418ec0e8036312ec239fcee6ef97dc8c2df1f2e14adee287808b788a6072143b851d975c8e8a0299df846b19113e38cee83da71ea8e9bd6f57bdcd3557523f4feb616caa595aea01eb0b3d490b99b525ea4fbb9258bc7fbb0deea8f568cb2:cbef65b6f3fd580969fc3340cfae4f7c99df1340cce54626183144ef468871634b0a5c0033534108e1c67c0dc99d3014f01084e98c95e1014b309b1dbb2e6704fbed2a7df418ec0e8036312ec239fcee6ef97dc8c2df1f2e14adee287808b788a6072143b851d975c8e8a0299df846b19113e38cee83da71ea8e9bd6f57bdcd3557523f4feb616caa595aea01eb0b3d490b99b525ea4fbb9258bc7fbb0deea8f568cb2: +8c9f95083075a43fe426d19f1e87719b40043de88eb0ee971f70e10c7694ce4ee91d167aa3ebc23e70aab45dabe905e416262f910e2a955dd8619efc74c24e85:e91d167aa3ebc23e70aab45dabe905e416262f910e2a955dd8619efc74c24e85:b69d70e860f55c427ef2a71df36e05bbc43bb2e06463aa5de34419c6a614eea6695335a87526c1226488d842891d0574df343c9c1e17aed6958ecee87474221eb77a599ecb059344c0d052c0002a66e5a6013185af69a01ba5dbc660d36cae235f67fe0e:cac555222dafec76a0b47b9d2c586b3b3b9b3b9c8364beb3cae1e8dd7f1ae9dd74f22b8dd4ad2b290f81351a415a99f030f10778be4cda85d1d353331e70f109b69d70e860f55c427ef2a71df36e05bbc43bb2e06463aa5de34419c6a614eea6695335a87526c1226488d842891d0574df343c9c1e17aed6958ecee87474221eb77a599ecb059344c0d052c0002a66e5a6013185af69a01ba5dbc660d36cae235f67fe0e: +d7eb1fba424feed100777eedb4874bf20810ad686b67e31d27ecf610609a33f5a25acb11a6c825713a085fa754692886a87d07fb9be1a53eb961728bb66c9060:a25acb11a6c825713a085fa754692886a87d07fb9be1a53eb961728bb66c9060:a1d0f81e3d59089cc2b19e07d2fce43db4cf171faa642f3b0bbde77ae3d53af5c02bf8fc12ffb4e57f7c8a015d6c2d178944fae9f7c8fc969d4b77bea51876ae99d59e94ad2456e0ed72c52cf4e5340da17c44dbff86457a519b6fffe269066290d629fe69:2bf719682b07cc5ecc0480f37e9d123ff6f44c26e6958e59f080466f9cd373a16500daf123dc3f1334774bfc9fa84503b16dbf21a815c1ada6ebef4920461702a1d0f81e3d59089cc2b19e07d2fce43db4cf171faa642f3b0bbde77ae3d53af5c02bf8fc12ffb4e57f7c8a015d6c2d178944fae9f7c8fc969d4b77bea51876ae99d59e94ad2456e0ed72c52cf4e5340da17c44dbff86457a519b6fffe269066290d629fe69: +4f6aeb35fce14fbcbb9aa8a4f6451bf95b98df047fa8c43f1ead3b404d3f928fbf66a9edd09481db8444a176c8ce0578d2934f0cdc9734e86fcaac05bf3330f1:bf66a9edd09481db8444a176c8ce0578d2934f0cdc9734e86fcaac05bf3330f1:2dfbb3f59e19ea17d44a5bde4ad227a1a351dda17af840ee0a75da21a5cca89b6d1c567c333e9cc910e2157e05e86ad5d931145064594c47baeea8663a34649c43e90eb95ca10f7d51597b378a722f1f704adf9f22e9f885b89d1f938006a2efcdb42aaff5e3:6adb07e364f2a455cb05867abc511acd9d658977f0cacafc92828e7b724f6bbf98bf0bfb29f4e5e6c74738d4fdd816d9252407ae4f3afc574c4f00614824e2032dfbb3f59e19ea17d44a5bde4ad227a1a351dda17af840ee0a75da21a5cca89b6d1c567c333e9cc910e2157e05e86ad5d931145064594c47baeea8663a34649c43e90eb95ca10f7d51597b378a722f1f704adf9f22e9f885b89d1f938006a2efcdb42aaff5e3: +ef4a6762b400975204ccc13abb47344015454906850ff14940cbb83aa22414aeeaca450996f50cfaf2bd7f9d7fa7087f09ad49664206a80bc2e5bbbb85bb668e:eaca450996f50cfaf2bd7f9d7fa7087f09ad49664206a80bc2e5bbbb85bb668e:a4b63eaed5a64a94f2cad212ce2ae71092fd3ea744f5bd89562b2fc2a6c9e4d7aa27add56264a5a55016610be6c19ff7d4989e9504740853012715a79ece9e12c301b3317c7d9b6730db862a4a1d28058e0f8b5ddd9738c7c62ea572cfe59eae08e2b8b6593b58:02697d44cad862f1daf5708205f450d408525b10c01ffd06cfee80374f3db16fa9a49c19a9844b345f2f9559ea74aab173baa078c54370a5166700c6dafb780aa4b63eaed5a64a94f2cad212ce2ae71092fd3ea744f5bd89562b2fc2a6c9e4d7aa27add56264a5a55016610be6c19ff7d4989e9504740853012715a79ece9e12c301b3317c7d9b6730db862a4a1d28058e0f8b5ddd9738c7c62ea572cfe59eae08e2b8b6593b58: +55017e5f61f0c5bafbcde6f849f42a31e5e7a878c1d3f9126fc569fd417ea9f266914f74ed932fc881ff0166683f675a7c28a926fddd6469cdb3f28e6dec42cc:66914f74ed932fc881ff0166683f675a7c28a926fddd6469cdb3f28e6dec42cc:2fc84a0998fa6e168a866410bb68105df249a28cfc76604be94fd7dffff2fc1dedd220199465575e8df860190f16aca4084169be16c6ba32eb67042ffd4f230316a26b2624a42f8f90ad57f6916486fa91fd94ed68aded4e632430ef719446979bfaf345409c387f:b1a5e7c49b8fc6b4331e0416ce7e4ed59edd56300b802e0d72abca4a6fcb876c03bf331579124ae0d3fe43f7898bc87e93fc2da3970fc8638957d18c6613c8082fc84a0998fa6e168a866410bb68105df249a28cfc76604be94fd7dffff2fc1dedd220199465575e8df860190f16aca4084169be16c6ba32eb67042ffd4f230316a26b2624a42f8f90ad57f6916486fa91fd94ed68aded4e632430ef719446979bfaf345409c387f: +0553fba866942341217cf278ac57cb21acd09d9916cc6af0ac46941ea139d545840c66e57c2d4f52a4a2796d2a53c5709b96a628c2e063fe6efd47f283ef5e82:840c66e57c2d4f52a4a2796d2a53c5709b96a628c2e063fe6efd47f283ef5e82:c1fae6262a0e98a6b1235fcb62283b7f0a097f9d002416d318fefc60c5a1584f900ad0ab26ccfae0d6d84aa9aa2df16d4c117ea2724676cb866d4870a872fc829a7c2a5d21ba83340adb339a34c5184c7f5ead0f077289b33677ed6a1ba34be1994e25763bd1d9faec:bc3364c152ee5c808ac340f49ea2cc404e93517121220cce6f7c30a22500e41bcdb6e820480f8fccdd22ff9ad96da532802f431e94240fb83d4bceaa09b92b0dc1fae6262a0e98a6b1235fcb62283b7f0a097f9d002416d318fefc60c5a1584f900ad0ab26ccfae0d6d84aa9aa2df16d4c117ea2724676cb866d4870a872fc829a7c2a5d21ba83340adb339a34c5184c7f5ead0f077289b33677ed6a1ba34be1994e25763bd1d9faec: +7a5ac602de19f3c21040bcddbff42f6aee6f95c1b093868f48e50482dbf4f9c7fbb6c7531cda21e7d17ea903c4d14be6c68b4ca803a16bd87120f5aaf7dce1d4:fbb6c7531cda21e7d17ea903c4d14be6c68b4ca803a16bd87120f5aaf7dce1d4:bd1685419279eb81e4cf3c909031f0f09c5ffae7e2ce6ba9d96c2bce87b8ba0dd763231001e532c7ddd62103abf701288e19dd8f5302e8f5d31b64cc339bd8b7a95550c8a116fd486948772bd5af8dfd46001c59767b0d6bdce383a7078992d1022fbcaf90710687b9aa:84101dd4b5e8ca3ed98c1e8a06e11d7e424b0d12ca714ee7374b64c29d51a2021cc77ac75389d9b0a646a447623d7d04d1241866b0ca6edd1b7ac015666b700dbd1685419279eb81e4cf3c909031f0f09c5ffae7e2ce6ba9d96c2bce87b8ba0dd763231001e532c7ddd62103abf701288e19dd8f5302e8f5d31b64cc339bd8b7a95550c8a116fd486948772bd5af8dfd46001c59767b0d6bdce383a7078992d1022fbcaf90710687b9aa: +50414cf549bcc55b5b6b75ea3782b2ea7c087b6a0106175e469ca2cc764aeb01d0f30c12e997f96e7aeecd1bff6a012ec388ebf8f3f4af664804d1638e4c346a:d0f30c12e997f96e7aeecd1bff6a012ec388ebf8f3f4af664804d1638e4c346a:75ad77e8c54b0b05fb2d162e7cadb8a7528081b863f76a441b374469413e5714edf54f800496af0157c17e425583414d4361f2134171c0b87c22ce6820a4850ab49d99a9badce9e36110e7f3060118b3590f82b43771e9fbb081afe62227e024d98de6cdec028d7c49490d:b309800160de43a63a89a0acb8a6050059589b3eaecac20b256fece438042f69415d8a56883ee3836d3134a7fc1de64fa8c8cecc3ce27589f606058820857a0c75ad77e8c54b0b05fb2d162e7cadb8a7528081b863f76a441b374469413e5714edf54f800496af0157c17e425583414d4361f2134171c0b87c22ce6820a4850ab49d99a9badce9e36110e7f3060118b3590f82b43771e9fbb081afe62227e024d98de6cdec028d7c49490d: +93cb00d8fe9c9777a683631f39ba0f48761482cf1c366bd863cf71510153255587e94a1ea5258d61180cb828590ff1418a87d01e702686ba8abc2692c8dc3c91:87e94a1ea5258d61180cb828590ff1418a87d01e702686ba8abc2692c8dc3c91:88d8538d31867813d88fef7228d49a7e950d738396f116dda1025f7913547c5d1dc5677a6de4b4a5880507b361780b61b43f7795263db22ff341645f2f5914fd6088c2811211ed4756ac019a6035d66e3170c1d82bfaa30596b396b3260cc1d10d413dd47ebe6daa0c30dc42:09824fa2dfbc4d6ef76a9e4145961116769130553b3edffa50d04f39b8b79facbd237acf71354a53a6e5fee754e823b0b290f9619320a13d561269a221639f0388d8538d31867813d88fef7228d49a7e950d738396f116dda1025f7913547c5d1dc5677a6de4b4a5880507b361780b61b43f7795263db22ff341645f2f5914fd6088c2811211ed4756ac019a6035d66e3170c1d82bfaa30596b396b3260cc1d10d413dd47ebe6daa0c30dc42: +2b4cae380e95ce694c26ac7957447347f98e31b4bf02d744e131529071e2301de6fc705a79c98e115b4e28d3aa1506b74ee74276c5fc1109a7f4d89c6fafb889:e6fc705a79c98e115b4e28d3aa1506b74ee74276c5fc1109a7f4d89c6fafb889:e0b8250e27b7c0291dbc47a6da6f1268987afdf0a1e90be69bcbc4370865217830d5208693be7b7045099a22ea27f952eb3f79a9a0f1b5a87b19367790788d34c219c2e2a6b834020fb4fd149dc56b544fddbb42071a162fc7cb33c146cac05a31b183e9daadc616f3af449b17:555e45656ba9cfbf5155d0e52576e5197abbbc9dd233993eec2a1ee7f6a86409c0b71b0a661978ff5e0acdc9463dc449906f474f8e79bb86168bf70741e34b02e0b8250e27b7c0291dbc47a6da6f1268987afdf0a1e90be69bcbc4370865217830d5208693be7b7045099a22ea27f952eb3f79a9a0f1b5a87b19367790788d34c219c2e2a6b834020fb4fd149dc56b544fddbb42071a162fc7cb33c146cac05a31b183e9daadc616f3af449b17: +b56491e54999bb5a1715ebfa2feb14a545a3a43c2fdfd4be0c95fc11819ad695cd42bf414f9bfc72ec069882a800557cdf31bc3464fb102c310e6dbd3ae20863:cd42bf414f9bfc72ec069882a800557cdf31bc3464fb102c310e6dbd3ae20863:eb4418ba30683ec7959bdb1ec7b263f83e81f054ddcdbe0a6738ca7763e246935bac419026c22bfbdd1236336cc16107c53513e3ddf34e120846962c3bdd54f5ad5749597208f15a8bb56667baa895f08340db89b85c435e770931928d8abc99262f839aedd9be2aa138c9259adf:e3be3e71a89852df3cffd72d68207869dd3eceb49b1f029493eccbb932444ebe8c8c6db5f0a5a67e2194408df9841913a5ac1a606896419a668f4f47c56c2b08eb4418ba30683ec7959bdb1ec7b263f83e81f054ddcdbe0a6738ca7763e246935bac419026c22bfbdd1236336cc16107c53513e3ddf34e120846962c3bdd54f5ad5749597208f15a8bb56667baa895f08340db89b85c435e770931928d8abc99262f839aedd9be2aa138c9259adf: +6579c247dd2cd02ba2f7d7a950a330752681e92c0dc62984bbea279ea521c3810b087bea1a1b3d15805cb604f4bb8d68edde274faf521fe6df50c55f8ad4a70d:0b087bea1a1b3d15805cb604f4bb8d68edde274faf521fe6df50c55f8ad4a70d:df7c552ffc89374b9571a6024a8d0471d7eb6be8dfca6f4166b581b65479015a0568129074cc04d6342c758ca18f7987dec536b7033d5f9681504340e20986f027b8cf1f263be76db3525d173422950ea8dceddc585640918aa9d25ca89cba701c2020153873f46108c772cb388d55:eccaf801ae0a912e21c6b83a5f0e4e88d4b2713459ff93449fc0b21a9f416050113cbae4e814d20c0a798f76d2f9d326ed83959ea02abdc1ab350a467123f709df7c552ffc89374b9571a6024a8d0471d7eb6be8dfca6f4166b581b65479015a0568129074cc04d6342c758ca18f7987dec536b7033d5f9681504340e20986f027b8cf1f263be76db3525d173422950ea8dceddc585640918aa9d25ca89cba701c2020153873f46108c772cb388d55: +18fba60c5026f3c9dd7aedc04209d5260361de400e190aeb60169e05a3367c9fdfff347f3dd255530bf7fb34d02ba486d112bb46e950e2ef80e517014cc95734:dfff347f3dd255530bf7fb34d02ba486d112bb46e950e2ef80e517014cc95734:34f08a804d7829cc3914f000ce1a3288acce2149c8a02086b9f67afccd83a178b0bcfd4970c056997da7dc3d47562f16663cedc52f82d710850cf4050379efdac23bee17c330a383ad137f788473b2b0723603b6deb1fdbf6c523fc948a0ccc4ff100fb946d874c1f990436ae8c4f3b2:4bc011e40f0f59c618f6bbe230b6f7bc2f50e3617c7faab7f4c21cb84f77eba994cb7c2a1bf10b01bb20084497fdf0a6ab5d9bcd22c4a2c5a78f79926825940f34f08a804d7829cc3914f000ce1a3288acce2149c8a02086b9f67afccd83a178b0bcfd4970c056997da7dc3d47562f16663cedc52f82d710850cf4050379efdac23bee17c330a383ad137f788473b2b0723603b6deb1fdbf6c523fc948a0ccc4ff100fb946d874c1f990436ae8c4f3b2: +073cc15b0536285933b2be39253cf4fd696b81610f5dd3adac2e9cbf338ef2f600b551d371544375dac5c4e96cd1f0215207e8e166a1fe49d5b0a51ac18443ec:00b551d371544375dac5c4e96cd1f0215207e8e166a1fe49d5b0a51ac18443ec:c285362bc8ef628f7aedf654231ee51acdf2cf69a886b942bb9bfed8155105d9209ded2af24f169ad5fcd451370f5827a85111c7a52e032c5038617c0c0170e2a6c231dc401d12062edb186036114e38793b79089077581b9783f40007103ef17472491c00e7138aecc5084d3c85010470:3aa52a83062a8f28a5d6b7607f484b66cc374896b766123126333c579581316c742806f627b5bc55cad705cc1d4782b044080c8ac840f38c0c50d35e345c7803c285362bc8ef628f7aedf654231ee51acdf2cf69a886b942bb9bfed8155105d9209ded2af24f169ad5fcd451370f5827a85111c7a52e032c5038617c0c0170e2a6c231dc401d12062edb186036114e38793b79089077581b9783f40007103ef17472491c00e7138aecc5084d3c85010470: +fd894a1e8232203b289505d5c68c68791ffc0e54f2a87530fbba5b3a3f2caf00e95ab565945c7ae5d533df5d0cccc7e9abbc838e20a0b61c930f5d41d81a6fe7:e95ab565945c7ae5d533df5d0cccc7e9abbc838e20a0b61c930f5d41d81a6fe7:2669624a94f2c44a05b7dc3ebf93e58a4bf3a01c273657e7e7878976f6b6ea737fa3f22cc8365b8b220c007d5b642726a408fe2fab69ebb3bd072b349f4dc3377ee7cc752934254215d23989bd3cd02ce999adec9784993f4c19940815f39c9e229247f5205c36cba44e714266369289b4a7:f51102219e8804be713e556df4e4afa2f8866fe86541a1c2a0934d24c3c9beb280a70dd8d527fe8b7e0b948214d5f2f9638619914b72d55dc198b0229a8487082669624a94f2c44a05b7dc3ebf93e58a4bf3a01c273657e7e7878976f6b6ea737fa3f22cc8365b8b220c007d5b642726a408fe2fab69ebb3bd072b349f4dc3377ee7cc752934254215d23989bd3cd02ce999adec9784993f4c19940815f39c9e229247f5205c36cba44e714266369289b4a7: +18ef464e28f87ffcfa4d3a9c09a22910951b8c719fdacdb56de62c4b406df00cc5064c9d43ee2da75b06bb09c77267dbd0d39128f1cdc6bfa451a03e93af4a70:c5064c9d43ee2da75b06bb09c77267dbd0d39128f1cdc6bfa451a03e93af4a70:9c825707d9358365ab9d38f7e728d628aa722a4f1a20a38e47c999fff8fc32417fbe072f96eb6a0e11e4da9b6de9615445280e93c77a3634d3d2c6879856c248f9800f60a0d38dc1cea8b7f31f286cb0374827b4c6ba144a6694f2b908ead68d18340124cb59cf1701863bd4f3efc709f3627a:d1e7f16e8e597d428adea65591d551b54b667aff2020c464f7f4e53c4773f70433249a3c71b4d11c89c3faa892809227b9f29ef4f7f5d020d4674d40213594059c825707d9358365ab9d38f7e728d628aa722a4f1a20a38e47c999fff8fc32417fbe072f96eb6a0e11e4da9b6de9615445280e93c77a3634d3d2c6879856c248f9800f60a0d38dc1cea8b7f31f286cb0374827b4c6ba144a6694f2b908ead68d18340124cb59cf1701863bd4f3efc709f3627a: +c911bdf2f9e7cc5fff35c96e15cc12eafd05ab0db31f649f7408acd0cada76e0de44696cd6bd2cbe9b11a0ef18b88164801a969d5e06ed453eb4008cce9a5725:de44696cd6bd2cbe9b11a0ef18b88164801a969d5e06ed453eb4008cce9a5725:76c471241d17192984b00362696e4d9d4d2b7f839c2064117e50a1598f3a1172b16c55e5396866084752024f3a7eb68bb3ffdb80979a0af6d0f6af26b6f0bc0c0384433bcfd44c75eb654a8a8225cb9c4a7fb3c824c3af6125fd46db287e70492d154632cb8f62432659d958d6281d04a54f5f5f:d584b5da371ae4f5c9859b25f70dc56c1b7b4e02d1ae6636283b1b7b11217afdcdf65d1b49ca2c8ef17966e9bc65f10c310b77bb5df7aff5ec1b379a2ce55d0d76c471241d17192984b00362696e4d9d4d2b7f839c2064117e50a1598f3a1172b16c55e5396866084752024f3a7eb68bb3ffdb80979a0af6d0f6af26b6f0bc0c0384433bcfd44c75eb654a8a8225cb9c4a7fb3c824c3af6125fd46db287e70492d154632cb8f62432659d958d6281d04a54f5f5f: +d3703299c41db36d77dd3a49541f3fb21d0b2bad1f6e074affd96f1c40d0f927862c5ef616a5f066fd87758a56ab45056fea4bd33f008be24f7b540e095e148e:862c5ef616a5f066fd87758a56ab45056fea4bd33f008be24f7b540e095e148e:ac92edbe22257bb06d94aa950e62d18ca2ac0a8fc106000d2231f8a13b8d7a209ccd8cc49a6cd68a7f36c02fb8f728d15595167f0ba8cfe95c8a1e435f327513014ac428b75d4f72e7c834dd70e1a448f1847d3498475f74e3d9334dc7dcc4fed72bf6c7fe3b1d4f53d429616f1df44f19733158b6:df28277121eac44630084cce75917ae9f6bec65af5572dc30719bde661cf696b85b8672dd4983cab30bd05cc3a119d7db9babd522d7b3a6bcf3886ecd25e080fac92edbe22257bb06d94aa950e62d18ca2ac0a8fc106000d2231f8a13b8d7a209ccd8cc49a6cd68a7f36c02fb8f728d15595167f0ba8cfe95c8a1e435f327513014ac428b75d4f72e7c834dd70e1a448f1847d3498475f74e3d9334dc7dcc4fed72bf6c7fe3b1d4f53d429616f1df44f19733158b6: +d411cd33576d0efe9ec413ccdaabd4fcbafec01a3af4b3cbe34f8b05ef8b59bae870344df98dd3a8702c4519bf9e8b35a9d189e746f7203dbbf9bbfab22d6f63:e870344df98dd3a8702c4519bf9e8b35a9d189e746f7203dbbf9bbfab22d6f63:11d2c2a7f0190988126696431b4bbcd90ab7b56a32da6404ae446aa762a4ddc66094971538eeb85bde0470a510be0d6d85780ee730a9854138728ae6816162268da852858eaed4ec74c7ac62e6e7096dc002df0bdf5fa40da565b41d181a3f0ad0c5e0b976743e315d9db8ed4160abe69c13a2b3f09a:83460d15461d6717710bafd6a47a1eaa900a80f2bf8b8aae2468773614ee84bd628c9717476368ef3640cf760acac83ad60232a76963b7d52588b11dc004d70d11d2c2a7f0190988126696431b4bbcd90ab7b56a32da6404ae446aa762a4ddc66094971538eeb85bde0470a510be0d6d85780ee730a9854138728ae6816162268da852858eaed4ec74c7ac62e6e7096dc002df0bdf5fa40da565b41d181a3f0ad0c5e0b976743e315d9db8ed4160abe69c13a2b3f09a: +e10a2f1380c3e4720e8a8707a9bcb25a0f58270d7059cd7626c7153447edfb87a3c717acab366a40b51187bbf35b2d15e97cfeacd7349c06ef1c91ac93e90656:a3c717acab366a40b51187bbf35b2d15e97cfeacd7349c06ef1c91ac93e90656:135212a9cf00d0a05220be7323bfa4a5ba7fc5465514007702121a9c92e46bd473062f00841af83cb7bc4b2cd58dc4d5b151244cc8293e795796835ed36822c6e09893ec991b38ada4b21a06e691afa887db4e9d7b1d2afc65ba8d2f5e6926ff53d2d44d55fa095f3fad62545c714f0f3f59e4bfe91af8:094bf6f953ca0eb77df45129b7bf10d192cf6ddeae94ad6202b8eacfbec119e5291578fe64a084ae600fe07efdb8a782610dbdb0b49eb5f2a46c432355552f01135212a9cf00d0a05220be7323bfa4a5ba7fc5465514007702121a9c92e46bd473062f00841af83cb7bc4b2cd58dc4d5b151244cc8293e795796835ed36822c6e09893ec991b38ada4b21a06e691afa887db4e9d7b1d2afc65ba8d2f5e6926ff53d2d44d55fa095f3fad62545c714f0f3f59e4bfe91af8: +b2e697b3d3efec976ef3369530c792717bdbb428d9ed0c11ec0ea9b2e5f39f82c4d2e4b3c236d6c9b8c74fa384612c4710d83aa16ad7ef01fbb7421d4fb3f0f6:c4d2e4b3c236d6c9b8c74fa384612c4710d83aa16ad7ef01fbb7421d4fb3f0f6:7b436232ac2111a84059510c48362588fcb7383426be5e6f62f372e4f7cca83c81c2357f9b54f4a15291065b6d41aad1ea93cffa776b9acaa58afe2b51644b97af9a3e53f84e40aa6d86051e6914cd039d4170a9a526dd69955ff507c33f74e2176591fb0b3cd7f00ee418f2c258a9981cccee72f01c8430:5047fa38197b8328e78dd8a10e966afb7bd3d43608280f1c257d25ca43bc1c06e94a5747ab6215ece54cdeff8c56567d70d2f91f9ec8c260aa1080a6ab5a7a027b436232ac2111a84059510c48362588fcb7383426be5e6f62f372e4f7cca83c81c2357f9b54f4a15291065b6d41aad1ea93cffa776b9acaa58afe2b51644b97af9a3e53f84e40aa6d86051e6914cd039d4170a9a526dd69955ff507c33f74e2176591fb0b3cd7f00ee418f2c258a9981cccee72f01c8430: +19a679a7a905a1e2b3038e6e418b3da97c3089c7cd351ea07bc8d1af64eacc4619f08361f469b4ae1e0ceb94f47a7de7317410a92dd013b16ae0d0532fa4b3ef:19f08361f469b4ae1e0ceb94f47a7de7317410a92dd013b16ae0d0532fa4b3ef:980c7b4d2939061ac7b9ba441117a19485661781a4083067c55acf93026c082a93cc124f095e1b4f2c3f6c135412a5096228e8a071e8b4b668ba9d9644ea9f4dabfc54a9856c3e965e6363395ab709037dda229baf927cd01f9af5e039afc42f3cec634f5d832d2ab7c7cad3ad7b8cf27ebdac698431ad8236:4347b7b4f7c3c4dd315b8384a0b0caeed84bdabe24b2915f12512dfd04770fc996a1bfb729afef9edd611447081a5330617eaea1c1dab1bf13cea8997204910c980c7b4d2939061ac7b9ba441117a19485661781a4083067c55acf93026c082a93cc124f095e1b4f2c3f6c135412a5096228e8a071e8b4b668ba9d9644ea9f4dabfc54a9856c3e965e6363395ab709037dda229baf927cd01f9af5e039afc42f3cec634f5d832d2ab7c7cad3ad7b8cf27ebdac698431ad8236: +f03b8363ee5b0eef7018a49bc02adf731da54ee50a7f03b88a29a2082b189c4331287ef5a2e64104ab7790b312f35c7ad4af6beb0d7ceb8a58f36a54ce272c3e:31287ef5a2e64104ab7790b312f35c7ad4af6beb0d7ceb8a58f36a54ce272c3e:24191b5464b35ac7bcf4a375f033efba8943b09b9ff0fc403ca7aae702a3cbf396c5131bc008132cf5f12910d586dc1db9c084574a96babee95642f922371c0382ec0402a26feb142e4146bbd3360c2b36834fe45af5e2868d4d56fdd504cebf0c2d7f5791b4429417c8b65a98e0b15c466c137f410524fce737:e8fa967e6afadf6a877d87e5f5c52bb634b75a7804199a2bc9d027b63a35654d9ddd06830455641dbfb49edce42e20e7d4104a071c2cbbec23018c297ced990824191b5464b35ac7bcf4a375f033efba8943b09b9ff0fc403ca7aae702a3cbf396c5131bc008132cf5f12910d586dc1db9c084574a96babee95642f922371c0382ec0402a26feb142e4146bbd3360c2b36834fe45af5e2868d4d56fdd504cebf0c2d7f5791b4429417c8b65a98e0b15c466c137f410524fce737: +11086b0d11e415ab1ce02aaf8f0621b54430f6fb135c74f40d38e8c64737064b7166dfbc691eb8c201114ba0d1a2c7b87f7a1fd8d0b36058b0d7dcabe1ae30da:7166dfbc691eb8c201114ba0d1a2c7b87f7a1fd8d0b36058b0d7dcabe1ae30da:4b5b2936c5e360a38455503721078f8adb404a7ee7ecc14801dc87a67a152b769569fbeac0afa25a2070a1686b900ac1633d499808cdb2e81ce3916d5a3c04d19c5bb2699a662b8aba4af94d390bac7ccc8ec910ed2acdf86ebb71adb601877885eef3c91662fc30738e352cc74353ccf8d8edeefacc042c10a0e5:e907459d5adcd0d0c36418581f19d0eebda7138ebd9faa0b262201f458c856310bb77f4c7de922495dcfe8b248eda2ad0df6a73f47bbfb894baa7d88698758024b5b2936c5e360a38455503721078f8adb404a7ee7ecc14801dc87a67a152b769569fbeac0afa25a2070a1686b900ac1633d499808cdb2e81ce3916d5a3c04d19c5bb2699a662b8aba4af94d390bac7ccc8ec910ed2acdf86ebb71adb601877885eef3c91662fc30738e352cc74353ccf8d8edeefacc042c10a0e5: +efce7667a8ef91228caed14eb477a345e5e8239234080848760ed0970713fa869193055a84df1eacca28ce2a08c2a07a50f04c024ecf1fe4a47d2efbaf63ed58:9193055a84df1eacca28ce2a08c2a07a50f04c024ecf1fe4a47d2efbaf63ed58:aa1bc80d7bcc1d94a23a57cedf5027482477dc46b86890bc0e5ac29ae6c91bbc43130348797305f75543580a8a069b348a7bd8fc3e015230b7c1940c7f80a82b12900910dbcf0630da03f081d44c7f955d4a1172f56ecc7c5ac646696bffdf4eb6d88bdd9cc3843528b72583abb3bad02e56ef7646eed5139551cdeb:e5a63124db1696b64140b6e9612fa9587b3eef710109398d44ba0ca63c0ebad06f0a6c8994ea34b3a2af91a89bf41ae614d7727d716fd42f8b92e1ac64fdbf03aa1bc80d7bcc1d94a23a57cedf5027482477dc46b86890bc0e5ac29ae6c91bbc43130348797305f75543580a8a069b348a7bd8fc3e015230b7c1940c7f80a82b12900910dbcf0630da03f081d44c7f955d4a1172f56ecc7c5ac646696bffdf4eb6d88bdd9cc3843528b72583abb3bad02e56ef7646eed5139551cdeb: +88fccaa96ad884d1165be71dd0c4f5f8f4421c60fbfa498bfee9b967462443bdc75cb0e0237b45b8656eea9f3d1a9d4acd01a103aa269bb24fd54122fd81f2ac:c75cb0e0237b45b8656eea9f3d1a9d4acd01a103aa269bb24fd54122fd81f2ac:9d0eac98556bfa8672c35705d1d61ac4d0fca19dc0d993015877857d27fd80f74acace666c563485d81e53603a6aef40875fa551cc105f2cc10b39694679cdf4a6b073bc88645fc51a36da179d3d1e3c7722454c5e73577c61aa7d148c4ba50ea46c56a1c3b3b3c470f93100494e08bc5514ac763a85483c42c7cdc27c:27d3a197cc9994212063bce8d799e77b6853b7355ebe369bcf1889a418a82caa3a7987a663f621defe86b3ac4ad44faeed16c9116ace28fccf915557fa7799039d0eac98556bfa8672c35705d1d61ac4d0fca19dc0d993015877857d27fd80f74acace666c563485d81e53603a6aef40875fa551cc105f2cc10b39694679cdf4a6b073bc88645fc51a36da179d3d1e3c7722454c5e73577c61aa7d148c4ba50ea46c56a1c3b3b3c470f93100494e08bc5514ac763a85483c42c7cdc27c: +670b30626fe367d8b45f43733d6f25b37eccbcb551963f0ac8b666b48041c72d65aa4c6d4ba0ab34bc75b39f09527ca6f2425f52415cdffdf2dff273f8ea612c:65aa4c6d4ba0ab34bc75b39f09527ca6f2425f52415cdffdf2dff273f8ea612c:d00bcca7e184d10e1f1fe420b50639e1d5deba52a751236e68c59bb4bff9802f5fc165ed42fd6d534670a7c6fb60e4307d947915a248bf2f93465c2cb44d8f453d2c015afbc8ed58818ea51726a25177930e9ea192ef4514f4bb0eb4e0f5d4ae3c46e357c81187f7ed174733fff959c3f9fae6486cfa1356a95699211de5:1b6b4377d2b98e0f9d24ae8dfe30e2396e2004380d3431488e5843cf8d2d7a0070ab21f8a3b51ce84d2f4ba209f739f922bebf798096693f5622873d79ae6f04d00bcca7e184d10e1f1fe420b50639e1d5deba52a751236e68c59bb4bff9802f5fc165ed42fd6d534670a7c6fb60e4307d947915a248bf2f93465c2cb44d8f453d2c015afbc8ed58818ea51726a25177930e9ea192ef4514f4bb0eb4e0f5d4ae3c46e357c81187f7ed174733fff959c3f9fae6486cfa1356a95699211de5: +813c4daed67a190d68bb635d73af6da74f32fdf7c48cca6e59262946b8e8c71fa2095457d7697020e2b884d95a96578c2a900a7666ac0dc7bd38f1931d7945d8:a2095457d7697020e2b884d95a96578c2a900a7666ac0dc7bd38f1931d7945d8:ce54cb0450e689a0dbef785308b3177472fcd6d38203e58a0590b31fa253f9ea590be5368a922de88b63450102684443fb8189e601282003323b89c81e92eaef2b5ddc4a55c53fa3cfad4160248b3c286ff80d31d161b7b8dee713552b56f1507fb72eadfa89054e9d1600ac874c4b0a961004eb6d0d4bfd2ecb9c734f00ba:b446574ff6a4bd2b572e487c4ab443ca641075168aa4e1092f71f30bdb068ce46a395efee1ee660b9fac26d54109722c15cdb791bfb87fff63c6596ad4f2270cce54cb0450e689a0dbef785308b3177472fcd6d38203e58a0590b31fa253f9ea590be5368a922de88b63450102684443fb8189e601282003323b89c81e92eaef2b5ddc4a55c53fa3cfad4160248b3c286ff80d31d161b7b8dee713552b56f1507fb72eadfa89054e9d1600ac874c4b0a961004eb6d0d4bfd2ecb9c734f00ba: +8400962bb769f63868cae5a3fec8db6a9c8d3f1c846c8dceeb642b6946efa8e398be21001993a7eb1a1277ff74c15504183d25fdfcc05f0d4dea892f6e301890:98be21001993a7eb1a1277ff74c15504183d25fdfcc05f0d4dea892f6e301890:f7e67d982a2ff93ecda4087152b4864c943b1ba7021f5407043ccb4253d348c27b9283acb26c194fd1cbb79e6afc32ff686b55b0b3617218dcf39316b4b66b3c8c0d67267a86db8adf3750801bcf9327d4c25441b96197832b4cde0eac3ff22892a2f0bc17c2c213c02377a333e308ed271658049383b7e2e57b6b8b125512e0:0ad71b0025f3d9a50db338414d6d670e7799b7270a8444f6ae7f12ae7eb71bd03ffd3c4f36631f69fdcc4061468ff582ede495243ef1361a3b3295fa813ba205f7e67d982a2ff93ecda4087152b4864c943b1ba7021f5407043ccb4253d348c27b9283acb26c194fd1cbb79e6afc32ff686b55b0b3617218dcf39316b4b66b3c8c0d67267a86db8adf3750801bcf9327d4c25441b96197832b4cde0eac3ff22892a2f0bc17c2c213c02377a333e308ed271658049383b7e2e57b6b8b125512e0: +6288722035d1ea699bc7cfdf18d89625423180b683fa74639f4f30f15359cc85e17faa019572861a064e1bc571256dea1468f3a48590a89138aaa85925080cd7:e17faa019572861a064e1bc571256dea1468f3a48590a89138aaa85925080cd7:8b6caacac51d8949fb86acbcb1b99d859ff67c64147bc1216909dcab07ee6ef09f403863327394689dc34abc778fcb5c1f5091acf5a08f9d842211d1ae2eb40be9bb8d6679077471547a6c71ff77b519d4b7108e32bc46251c60dee8e332b6229316e6d57c22ab826ff1bc33f2b0213807c19280af110fd26ee27468201cff49cb:9dec92b6e89adbe8f4e1b5e93ac4fcf957de7d1970a226770ec4eda647c8e3b3dffb2731a39e16e4a0119d3662a937e560522491ec7a1696be04c076b12e35018b6caacac51d8949fb86acbcb1b99d859ff67c64147bc1216909dcab07ee6ef09f403863327394689dc34abc778fcb5c1f5091acf5a08f9d842211d1ae2eb40be9bb8d6679077471547a6c71ff77b519d4b7108e32bc46251c60dee8e332b6229316e6d57c22ab826ff1bc33f2b0213807c19280af110fd26ee27468201cff49cb: +13038a3a65ef32759a9cd903acb554b252de00e7cdb77bbed1970b20680ee17bb6a308e67f9b46c66499456ab5cd135cb2fe84a32eb045358626604da4122c8f:b6a308e67f9b46c66499456ab5cd135cb2fe84a32eb045358626604da4122c8f:ddf00b4033a2a088022dabe93356432f50ddc6c6e1a659dc1a93124a4c2ffffd182765a2f56c43ea0bfd8de8015060889ae6941c3f3e255d4421a1c36201be846a2738a71f120cad598ca8527d70ff8d5a0993b55cb5153517110a41962daff42250158f2096d1ddaf7186e50298cbe51fcb429cbea411293f8a7bd9cf069fa237e4:5261558ecc3c98ff36351f42f504cad4a32ffda5a744560960b4c106e4492f02e20478887afee4f770f05597a7e388caceae805ae351e0e45e8e578e6a6ff20cddf00b4033a2a088022dabe93356432f50ddc6c6e1a659dc1a93124a4c2ffffd182765a2f56c43ea0bfd8de8015060889ae6941c3f3e255d4421a1c36201be846a2738a71f120cad598ca8527d70ff8d5a0993b55cb5153517110a41962daff42250158f2096d1ddaf7186e50298cbe51fcb429cbea411293f8a7bd9cf069fa237e4: +b9de5b063d3ca3a773f114941b2e4227c07511c0f5c06017b9c8845018f234325295243c8646e096674dda15979b322b9dd0faf27d024a0ed5771334e1179ed2:5295243c8646e096674dda15979b322b9dd0faf27d024a0ed5771334e1179ed2:9493cc23896b84096046ae1053afe39499e9424254b366fe143f4da321e2dc9e4784208e12a542d899828dde7eff625a7f12416990c2841ffb095bf94c0c610e5a663918b689031ccd6b519349d04de1c212ca2a9d7abf52e1b4fd467bb665b6919ef8f91617e205565bf56647e5f8d508ea200a84467f8fa122e74bc3b9979f1174e5:92ba760d14d1415cfaf218ca847014088ae51ad821113a6f8630356f7ba85c005e2330f1066d0df464806052a4174610050462f3e013d702e7c77185a032580b9493cc23896b84096046ae1053afe39499e9424254b366fe143f4da321e2dc9e4784208e12a542d899828dde7eff625a7f12416990c2841ffb095bf94c0c610e5a663918b689031ccd6b519349d04de1c212ca2a9d7abf52e1b4fd467bb665b6919ef8f91617e205565bf56647e5f8d508ea200a84467f8fa122e74bc3b9979f1174e5: +8ff0297cc08842b5e67552ec2843e04353a34d74ef89b8565d97205b74ca133a0f7ef98c5ba4af984dfb77bc4e537b2b39e6273bb3e7b95fe1b7e6781952bd4a:0f7ef98c5ba4af984dfb77bc4e537b2b39e6273bb3e7b95fe1b7e6781952bd4a:2bdc3a486c5e4ea62dcfec8a9d4fcf9ea9490dbcc715615d58490a72ce833fa22387ca50a0052508cf0aff1ca727f0fed46ffa7d3c8e23c5bb01d47e90ff06d3858a557d9926481579daf4384aea50e96ec615d2a3bf3c1122f1f24dd6ed98a5de421883589c213998ca5432373e68bbbe89428ca9885d0593d5e6215116b8266386452b:0783737f706e6ff36614f850074fca1f485f24fcde2a28af544f37abd69b7a581defd8c771b031e108d19d788c74c5f20bb3f1c21cd92be317bacd8f650b49052bdc3a486c5e4ea62dcfec8a9d4fcf9ea9490dbcc715615d58490a72ce833fa22387ca50a0052508cf0aff1ca727f0fed46ffa7d3c8e23c5bb01d47e90ff06d3858a557d9926481579daf4384aea50e96ec615d2a3bf3c1122f1f24dd6ed98a5de421883589c213998ca5432373e68bbbe89428ca9885d0593d5e6215116b8266386452b: +050d553d282dca3269c83c181768ec067b81c9fe0c94f2a0ebbb0c942d0fcd7c63e230b003c53a5672e832ff7f24430be223e497de840233f595a3e200c7127e:63e230b003c53a5672e832ff7f24430be223e497de840233f595a3e200c7127e:15e13b8c01004f6aa5b236dbb281677f746d81e548e0aa80f0e414521521d856cd694e7c9152bb5e43776b60f6b560ed1ad3e4b390dbf3e46ef9257443f39c149e0240a02d021e1e3d7d046b26fd004eee7ca16a8059e126c74cb3f2194db47bf60465ecef5c704d2e2c75e2e50060ea2a31cb72b7b3c6b1b5ec72ab38004085281a22fe86:3f0e83765b31bbe8e1fb92e9678d6cde571a03ba7f1dcc1128461f708525457f4e0e2353aa2b598c063ff1bffdac916b5a2200655156904b0585577a1628560d15e13b8c01004f6aa5b236dbb281677f746d81e548e0aa80f0e414521521d856cd694e7c9152bb5e43776b60f6b560ed1ad3e4b390dbf3e46ef9257443f39c149e0240a02d021e1e3d7d046b26fd004eee7ca16a8059e126c74cb3f2194db47bf60465ecef5c704d2e2c75e2e50060ea2a31cb72b7b3c6b1b5ec72ab38004085281a22fe86: +69497cd7b4e868cfa0328d92bd6052d772b2767395c14595b279851a9cdd31aa5d276d626e230d18e7bcd61141cb93c90ef0f79e01321212d838ec71457b1aac:5d276d626e230d18e7bcd61141cb93c90ef0f79e01321212d838ec71457b1aac:53cd080a0c61f1a093d3b3a74571c296303f363b4107edbe880b7aa9dfe44ab5d5dc5f74be9c8d876f04d754653491ab51b135fc953f71287b62ff41b67c742bd3445671a9d4f2dc174ca1b0335f78627a0dd4b30650504178039e7393638510ffe84091b57298d3ac9001c367c1452fbcb33dc54a5dc316fb2a5270764a2ac820a0b63fbdc6:beafa58340960908e8d86e40329e3a4523fc7be770addb86e34c3772f84cd9fb338d1f3b65bfcdb09f35c6da36d1a3adf8f91f1ffd5782cc830206433a08410d53cd080a0c61f1a093d3b3a74571c296303f363b4107edbe880b7aa9dfe44ab5d5dc5f74be9c8d876f04d754653491ab51b135fc953f71287b62ff41b67c742bd3445671a9d4f2dc174ca1b0335f78627a0dd4b30650504178039e7393638510ffe84091b57298d3ac9001c367c1452fbcb33dc54a5dc316fb2a5270764a2ac820a0b63fbdc6: +2165a486b612bbff529cd00346964a3cb8cdcffa51dc3d524dd5adc5ac936d687ebc839a465e14f5892476e4a13b3988f83b3cd27ef79e193f86fa16f34a1ce1:7ebc839a465e14f5892476e4a13b3988f83b3cd27ef79e193f86fa16f34a1ce1:b728da7a36167c6085bd2d962cf63959facd95c9ad4542028afba90ec9c6c0760bdae935429c3feb3933e2f00042c672ad2cd7348d92bc33f81751e294ae9171b945b193144ef8acb9a1bd9abf0475ce0d0ac789b200c32e9c9a2736b168369ce5f97b1e8d2e7900e1a759178441f1fc430564ae129bae7857740511a668f32c0a3b077a9d8b19:7ec6fba56ba52460a1b4f2738689c1883dda9aaffc8bde17cb6029bdce3a0ebe2fffda55939b70bbd07fdbf6fc5cda87fed8ba58575f894a366e45e5705eea09b728da7a36167c6085bd2d962cf63959facd95c9ad4542028afba90ec9c6c0760bdae935429c3feb3933e2f00042c672ad2cd7348d92bc33f81751e294ae9171b945b193144ef8acb9a1bd9abf0475ce0d0ac789b200c32e9c9a2736b168369ce5f97b1e8d2e7900e1a759178441f1fc430564ae129bae7857740511a668f32c0a3b077a9d8b19: +1c64ad63dd147034598e128f7406ec0530746ea1c5b72ecf79e888065486fa1bbaa6bcc1c3d8d3b11ffc1587adddc58bfd96c2b992b6c6f59fcc50ccbcdd0eb9:baa6bcc1c3d8d3b11ffc1587adddc58bfd96c2b992b6c6f59fcc50ccbcdd0eb9:9ebd8e337893bb053ef2b9e3269df54848494f03cd63576b33e64b1080be4be015264a403fb9602bbf90ca19b241a9b66863909b9008ce1b2ffcf236efa4c2668f0f47db9ff5fa157d9cb605412be7dd8b07ea878cccae6bf50f935b86d19e1b648b69e528553a56d8afb78221ad53307b7a4ec8d2fd4861b55dc5dae8e93ef387fbbe0b4ce7f788:7477e54158f13b7128c0a110ca6b65f42514fb70cd5cf28a8b1cc6110ea06fcf94290da13f85a11c2351d3bbccbb4c64e0215d6d0f0099e7f27bc94e949b150b9ebd8e337893bb053ef2b9e3269df54848494f03cd63576b33e64b1080be4be015264a403fb9602bbf90ca19b241a9b66863909b9008ce1b2ffcf236efa4c2668f0f47db9ff5fa157d9cb605412be7dd8b07ea878cccae6bf50f935b86d19e1b648b69e528553a56d8afb78221ad53307b7a4ec8d2fd4861b55dc5dae8e93ef387fbbe0b4ce7f788: +55abbc5dac4128134dc8c6018a213ed4b60fcc8e90cbd41db2d21eda5373e936251afaa2646926b2a371f2a09d5865b98c9a5eb6ca047cd0d8ee36e5e0416974:251afaa2646926b2a371f2a09d5865b98c9a5eb6ca047cd0d8ee36e5e0416974:47010e1398ad55fabe371dd8648f768d90df4b965a3b396100b303b40a17518bed6d86b09f734ab7c10b5f3a01b53deec5f8534b70c79f3f29b284fdec486f22f44c22ccd5c6463594415267baa611f70b1b316caa1b68b5e0e99b31c5bb0ce13679a23c31a63999698164cbf37d103ba92490188be59937f123043ec786efe3d411f9b0623a6ad972:f6a61c2e661a9eb7bde182e38ec99af985f61698a5d7fa430d16e3f1a93709b75522320de48afcc595ab209122ae0ce132cdf4b0391746e7ff341177570c810847010e1398ad55fabe371dd8648f768d90df4b965a3b396100b303b40a17518bed6d86b09f734ab7c10b5f3a01b53deec5f8534b70c79f3f29b284fdec486f22f44c22ccd5c6463594415267baa611f70b1b316caa1b68b5e0e99b31c5bb0ce13679a23c31a63999698164cbf37d103ba92490188be59937f123043ec786efe3d411f9b0623a6ad972: +f2dcf4a1a0d46ddb2d72f8fdd80bbec5b7dea5913da4966c2f4d12c261f0bf98d39570a25ca59f2257f93f96600df4f63e684bf63ae8dffd914e4629c3d5095f:d39570a25ca59f2257f93f96600df4f63e684bf63ae8dffd914e4629c3d5095f:3b00e808fca4c11651d853d6b90f952ccf5647e102d4ee0ad7a5d181d5b4258c523cd39e3d9825298d84c8cba09f43dbba119988222c76059caf17b4bf9931c45e617448aeade151181497b24552367e52bc45ac79088806d3368207aafefd3057845dce819d5aaaa77b218e2aed3da76d40c1f07699f8172e4a5c803f7a2aceb9a47a8952e1b2f053f2:42882a811dad2d851885e4cbe9044708d91a86f15dfa1d66c3eb304314531f3015208c711b9bdbc5fb233951e569b59d34e415eec4b37ffd374d412c9a360d0c3b00e808fca4c11651d853d6b90f952ccf5647e102d4ee0ad7a5d181d5b4258c523cd39e3d9825298d84c8cba09f43dbba119988222c76059caf17b4bf9931c45e617448aeade151181497b24552367e52bc45ac79088806d3368207aafefd3057845dce819d5aaaa77b218e2aed3da76d40c1f07699f8172e4a5c803f7a2aceb9a47a8952e1b2f053f2: +2246bfb06155859e10a748ff8f5919ad5d1daab756f01057b790d07474775f4ffa6349b62dc8c6a2feeef6ffc33ae085c649795c1c9d9898e75c13ae1625db34:fa6349b62dc8c6a2feeef6ffc33ae085c649795c1c9d9898e75c13ae1625db34:63ee1c7bbb15cebe1c22532d481682754bdaf58b8bc997ae30a34c9d23c33f1690c346ab0a7365ff62457424b6105f8421eca0ce3c630acfeb9a1cc416390edf4920e22b2367e9fb5d2ab25bee56da03ea55e3f57882d48b89229314d734cb83c79f4e17ee64bae6f7addbe9b525fcd03a91409a2dde907751db8cc97e08d0ea89c4d18718d26d0b897b64:2be4915a352f7785483046d8ae9625b8b63257af57c073691256ee076d6e1b972a101f551c705d3f96157c33b56ea049be4af4dc561cbe3c1ec5072d7f134e0763ee1c7bbb15cebe1c22532d481682754bdaf58b8bc997ae30a34c9d23c33f1690c346ab0a7365ff62457424b6105f8421eca0ce3c630acfeb9a1cc416390edf4920e22b2367e9fb5d2ab25bee56da03ea55e3f57882d48b89229314d734cb83c79f4e17ee64bae6f7addbe9b525fcd03a91409a2dde907751db8cc97e08d0ea89c4d18718d26d0b897b64: +c088a3dd2cb8bd5d684db8538dc22473b6f014f64fe86af168b4bb01b90a1dd0aad615a9c28759f03d373abe666691dead8b84f9b8b50a67f8f0aa4a701580d1:aad615a9c28759f03d373abe666691dead8b84f9b8b50a67f8f0aa4a701580d1:74906ae05a5af8e9968b6feb498569d6345a24f9711befb136e6c3b5ed49339e59a7938b4ba1a118f169b9ace0f7842a26a645f14c0ad22ebbcda93e67e4c348efc3d9ecbb1419e6262d0436a58ea82c2202389065ccf67c4f550e45b5f6a12a6c011b2e0a30101d5c62328bbf99c8c95563a6e33bdd9cce72b1f720139c2fd3e04913146ae5bac5288e0e3e:3bb459d1ac575a180c1728d8b8924970492a0c8d2a378c29d1d41785c8379a58e2ba3606785e1c5da29e5527552bc6dc89a2b69c27fe51ed253a9f3b565b270074906ae05a5af8e9968b6feb498569d6345a24f9711befb136e6c3b5ed49339e59a7938b4ba1a118f169b9ace0f7842a26a645f14c0ad22ebbcda93e67e4c348efc3d9ecbb1419e6262d0436a58ea82c2202389065ccf67c4f550e45b5f6a12a6c011b2e0a30101d5c62328bbf99c8c95563a6e33bdd9cce72b1f720139c2fd3e04913146ae5bac5288e0e3e: +45667d1e7b5910979c4a328317968371c864d564a661c5cce557c9ecc61bab9eedcdf5e1a170e00c8c687e7e9c18f9893b5fe495cd2977ceb7f446c0149aa9d3:edcdf5e1a170e00c8c687e7e9c18f9893b5fe495cd2977ceb7f446c0149aa9d3:cd66cec476c87c8dbf47ec91dac48fb5b42db1282a573e0a5cf0b91768986608e1d7ebd05f5251bcf8b47a17093229acefbd44beb21c0c0c928dd3cd3f8966ecce6910331c508ea76baf904d8c21f6c17c2c58d00afd3259b8bf794c146b12b995cddd1c4289c5be3168ebd616b384c281ce1b38a10e1807808853c681a640a009b4d2acd7934f8c6d07578161:6de668f1ca6f292814625289a0808020c87c89ac94f5b0508e557bdf8000a5ca808f021c9679b50ee2f320064c95a464a8439379828c3b76cfa766455e128c0bcd66cec476c87c8dbf47ec91dac48fb5b42db1282a573e0a5cf0b91768986608e1d7ebd05f5251bcf8b47a17093229acefbd44beb21c0c0c928dd3cd3f8966ecce6910331c508ea76baf904d8c21f6c17c2c58d00afd3259b8bf794c146b12b995cddd1c4289c5be3168ebd616b384c281ce1b38a10e1807808853c681a640a009b4d2acd7934f8c6d07578161: +24897428ae6546d85b3190ebe3f1f7bf7c712528ac851a588b07d5c8f94eecd15f348fe3ea5b2c023d0af7ede60e55f91aa55199699da15a11c3791d68d710bd:5f348fe3ea5b2c023d0af7ede60e55f91aa55199699da15a11c3791d68d710bd:5201d9725f1dffa1863fa4d84c301861141acdfb64be1fbfdd5b9386db20ef394099eebcfdfecc62c6268607a84d55c55cd0efdc372ecf3067343e7b0731c2685461e24b953f99949e59ba3e67ed0f0848313793962a292c459814c5e28690ec1f45171f1abab86fdd14568b00caf48581115ee5ea83b000282fbbf0c0b2a1116039a35cfa3f201422207a3d4948:1b5e75def49f51d6b2de008c71fc1a909bd42ca813298dce4eeef717815d7a6c078c2f3d9a3fce1ab5b3ad8ef8d45cdf2eb4901c32eea2d5e018dcf2833cad0c5201d9725f1dffa1863fa4d84c301861141acdfb64be1fbfdd5b9386db20ef394099eebcfdfecc62c6268607a84d55c55cd0efdc372ecf3067343e7b0731c2685461e24b953f99949e59ba3e67ed0f0848313793962a292c459814c5e28690ec1f45171f1abab86fdd14568b00caf48581115ee5ea83b000282fbbf0c0b2a1116039a35cfa3f201422207a3d4948: +7b04aca7cf926216cb960a3890786339d0a615967680190123fda3b60c6aeb11cdbc3e70e4e8fd13d0cce2852a3b9372c3a6160cd6deaba90f9b3022f70c91f9:cdbc3e70e4e8fd13d0cce2852a3b9372c3a6160cd6deaba90f9b3022f70c91f9:1cb09624b1f14a0260c7f56d8c60b5fe45837114232551ef5966386e0c2b441b75cfdb8df2185785d22cf526fa9df7fd45d9d83881b66c1feee0913e238121eedbb7ab504da0bee8998016684535031991f11bfcd9b95690aad2d19bd6a9de1844ed1362302df4217230b25c0552ce277534c650cae526577f25d8b1fe9f9febca2c814670d4805b21adef852daf94:25d2d361751d52b4fe66ea18e4b9866bde3d121a7312fd9e28a1e295e087e3176c94c874a2e81600f24c4654f43d1b67d47b64822648590ce5ce44f3b5ddc5021cb09624b1f14a0260c7f56d8c60b5fe45837114232551ef5966386e0c2b441b75cfdb8df2185785d22cf526fa9df7fd45d9d83881b66c1feee0913e238121eedbb7ab504da0bee8998016684535031991f11bfcd9b95690aad2d19bd6a9de1844ed1362302df4217230b25c0552ce277534c650cae526577f25d8b1fe9f9febca2c814670d4805b21adef852daf94: +ea73bf64a1a97877c3c3e7ca4644b71aaa66314c8f1b66bafaebd5edfb888bcdcaac93902e5764ade47294edd51faa14620940c668b5c1c392a6928325d4c3fd:caac93902e5764ade47294edd51faa14620940c668b5c1c392a6928325d4c3fd:362eec68b912852786bb4f9afff9ecf7cb28c9de6b18422a8ca940b0d7e6dcb83aa44be0afb5f1806d43f0e31d71f922f853615a26e287a27f08a04fbce3d45a0c6c311d4b7cb17e425bbeb0a6b410b5d6dbb7ac11df9850a131a691e3b60b0b214ebe044106e982433287595267b031b5d4a09262ded8934fdfdf964d868ef9a2c842f804eafddefcb71d9f16a59bf8:bd86cb9c70a055279a86a9e64870988b8a7345c3cd2948a0fabcfb38abce3c420b4d5521618e11d2de827d9de569f6bc3be66aad40636cdaa64760ded3b7c209362eec68b912852786bb4f9afff9ecf7cb28c9de6b18422a8ca940b0d7e6dcb83aa44be0afb5f1806d43f0e31d71f922f853615a26e287a27f08a04fbce3d45a0c6c311d4b7cb17e425bbeb0a6b410b5d6dbb7ac11df9850a131a691e3b60b0b214ebe044106e982433287595267b031b5d4a09262ded8934fdfdf964d868ef9a2c842f804eafddefcb71d9f16a59bf8: +b8123c116b33bad0dcbc2c4dc06a3d66850dab360cdb5a033c14895c4ee31bfbbdca151ba32c6bb31531b05fdf86c6d78c8cd1935611d5ff111a0f00635b1885:bdca151ba32c6bb31531b05fdf86c6d78c8cd1935611d5ff111a0f00635b1885:7970f6666634548c848bb52338817b26a4d0ca68df3d28afff207c2d028067a18e4c9543025f5b0228aa691e5088513151a94494e15d1f54210328e0df159b352c30aaa7a844f18a9f4c395dcbb3fb9fcfbed1103e0706fbf9c35fe2666848fa35dc2cf5227ebee89e7d3bcfae2721b25fdec3d3174ea7ce267a55dd61d58201e96bda303cf418edf6e32fb92f5dc1a0b1:9cf13eba3dcc37b8fc70ccb2327436b9f08855e726aa7ed82bd5cb7df45fdf9ec1f96afad193f47572d770444b65b74a37cc034fc514cb3f91b2d8ada5b020067970f6666634548c848bb52338817b26a4d0ca68df3d28afff207c2d028067a18e4c9543025f5b0228aa691e5088513151a94494e15d1f54210328e0df159b352c30aaa7a844f18a9f4c395dcbb3fb9fcfbed1103e0706fbf9c35fe2666848fa35dc2cf5227ebee89e7d3bcfae2721b25fdec3d3174ea7ce267a55dd61d58201e96bda303cf418edf6e32fb92f5dc1a0b1: +b18e1d0045995ec3d010c387ccfeb984d783af8fbb0f40fa7db126d889f6dadd77f48b59caeda77751ed138b0ec667ff50f8768c25d48309a8f386a2bad187fb:77f48b59caeda77751ed138b0ec667ff50f8768c25d48309a8f386a2bad187fb:916c7d1d268fc0e77c1bef238432573c39be577bbea0998936add2b50a653171ce18a542b0b7f96c1691a3be6031522894a8634183eda38798a0c5d5d79fbd01dd04a8646d71873b77b221998a81922d8105f892316369d5224c9983372d2313c6b1f4556ea26ba49d46e8b561e0fc76633ac9766e68e21fba7edca93c4c7460376d7f3ac22ff372c18f613f2ae2e856af40:6bd710a368c1249923fc7a1610747403040f0cc30815a00f9ff548a896bbda0b4eb2ca19ebcf917f0f34200a9edbad3901b64ab09cc5ef7b9bcc3c40c0ff7509916c7d1d268fc0e77c1bef238432573c39be577bbea0998936add2b50a653171ce18a542b0b7f96c1691a3be6031522894a8634183eda38798a0c5d5d79fbd01dd04a8646d71873b77b221998a81922d8105f892316369d5224c9983372d2313c6b1f4556ea26ba49d46e8b561e0fc76633ac9766e68e21fba7edca93c4c7460376d7f3ac22ff372c18f613f2ae2e856af40: +93649c63910b35718e48c590d261c48e4ef8336613f6aa077b462676b3ba882906a685898b855212ebc289915d105a4320d620d85771b8c6b15bf10a1be6e9b8:06a685898b855212ebc289915d105a4320d620d85771b8c6b15bf10a1be6e9b8:2cd1a951056c9ebae1399b6bd2d82c0ae277856290d06920ac56cac8fb42435101c72aa9c08dd2d12426325562c2f0a49cd821b11b939aafa593b4095c021bcb4827b107b9664d68282888bc4a44af3e3bdc861be6af309044c3daab57b77023dc902d47ebc326f9bdd02dbc02cd540ff81b2ddf7cf679a41193dfe5f8c8ca1aaefc41ef740280d9823e30a354717c8431f5d8:6274f2d4f431d5affefa35e7cf584a599017193da99094ca908b75acb608d1bf981857be93a7dafb0fadb3ff0906f48a5ee950456f782c2d605b14095ba0ff0f2cd1a951056c9ebae1399b6bd2d82c0ae277856290d06920ac56cac8fb42435101c72aa9c08dd2d12426325562c2f0a49cd821b11b939aafa593b4095c021bcb4827b107b9664d68282888bc4a44af3e3bdc861be6af309044c3daab57b77023dc902d47ebc326f9bdd02dbc02cd540ff81b2ddf7cf679a41193dfe5f8c8ca1aaefc41ef740280d9823e30a354717c8431f5d8: +1c15cbeb89362d69476a2aa4a5f3ef2089cf87286349e0dfe0e72d9e3e5a66c713a882a1064182582c211847e19b4dac59722c9ffd34826d96f33113400fac7a:13a882a1064182582c211847e19b4dac59722c9ffd34826d96f33113400fac7a:091c9b9b116ae83d23d01a6295211785d446b6228dd687ddf79bd0d5a4daa8c79d2cbfc37365f1f285e361738123e34e2bcbfc664ce1253a11d9e4a7982e58cf9468e1017ea14d2cc6d0865d40fde8cb560241e96ac1617c791f0ca7c6410cadf328611b18aef333d8350ac497f0a4ae2d03fdf0e23e426d34f4514780d1474e113583541f3c043672057172618cb2059eaaed56:5998b2808adfdeeaebe2c3eac026d3f825f9c7f2af97ca324fbd57aac1bedff78a8ee621d037ee3ad2a712e9a009c58ea3e6f2a828f74b86da275a44a4b1e50b091c9b9b116ae83d23d01a6295211785d446b6228dd687ddf79bd0d5a4daa8c79d2cbfc37365f1f285e361738123e34e2bcbfc664ce1253a11d9e4a7982e58cf9468e1017ea14d2cc6d0865d40fde8cb560241e96ac1617c791f0ca7c6410cadf328611b18aef333d8350ac497f0a4ae2d03fdf0e23e426d34f4514780d1474e113583541f3c043672057172618cb2059eaaed56: +11241ffdf34ae8ab875475e94c6cc3291f0b8820dc85e20f32fc53b24ae6897809c045e4bd5137314c0ec1d031faf914910c45a4676f5a3cd8f581bcccb03c97:09c045e4bd5137314c0ec1d031faf914910c45a4676f5a3cd8f581bcccb03c97:3b89deccb7023e4b2b7aff2c3951870af413a9b04dd86ac78b7c8fd887492d8dde49d8fda149edd54781ae2b508030d14416a9a38bed2b9aebbbb20250b3c931acd4e32fbeeec5a26501beab7268d144fce8951a101c4b5178166fbb5927b1dfb1e1ce90d1d123068e3f472c888fdb01fdf70e7f8de9b0adb284b7119f55354316f84ed090030f9c2662061ca48447cc0aef964126:72ce9f91be2e66cfc90f952595946ffc90bfce53087d49e5dd7c087f3faa8f18f2356de971e4429d985a99194b4f92ced3ef47cd7114379e0b3267a9f8b1e7063b89deccb7023e4b2b7aff2c3951870af413a9b04dd86ac78b7c8fd887492d8dde49d8fda149edd54781ae2b508030d14416a9a38bed2b9aebbbb20250b3c931acd4e32fbeeec5a26501beab7268d144fce8951a101c4b5178166fbb5927b1dfb1e1ce90d1d123068e3f472c888fdb01fdf70e7f8de9b0adb284b7119f55354316f84ed090030f9c2662061ca48447cc0aef964126: +3bdb162465eaceff98d69c86f70039c517d168aefe6bb101b4f769a86b17c972d76cb7be74328289fd1c64be747cca5bb30295dfaccd0f2e43f51703fd5d3683:d76cb7be74328289fd1c64be747cca5bb30295dfaccd0f2e43f51703fd5d3683:fbf368feaeba87918b1b8c7b8a26832be6e7fc1cbdb8902519281a0654ec73de0bb07101a9d603f745d4ec2357aee9870cb19a56cb44fbd9c91fc34752612fbd83d6fc1a16bf8a85a215d0148e4af37d298467e5cc486b131352ce092182ce8284159a3812b30bacbff595863811bf9a30a9da494565c3ac1814430018ea0eeed39cdbca27f93140e46949db570bfa2ed4f4073f8833:6f1362a402063791f950984f544928e616a4ef79bbeb6854e9615aab9cdbaec483fb9a04bf22de5d97a15bda2d390483c7f61dbee07bb5141fc173b1aa47650dfbf368feaeba87918b1b8c7b8a26832be6e7fc1cbdb8902519281a0654ec73de0bb07101a9d603f745d4ec2357aee9870cb19a56cb44fbd9c91fc34752612fbd83d6fc1a16bf8a85a215d0148e4af37d298467e5cc486b131352ce092182ce8284159a3812b30bacbff595863811bf9a30a9da494565c3ac1814430018ea0eeed39cdbca27f93140e46949db570bfa2ed4f4073f8833: +d5efe51d5cd8e108bd922fc0ea126190a94628ffa53c433a518022792ddc78ef426b01cc61ff5e0e724da1d3b297f5325c18c62f64d5eb48d4a5216a8e9a4073:426b01cc61ff5e0e724da1d3b297f5325c18c62f64d5eb48d4a5216a8e9a4073:9d17bcfe2dfc742f411cb53a94f359c001abf096c741f34af48679f281e7ce6bbd9e87709fc0728a563db2b9cf8ea4fbdcc344c1848e653ce970c6ce29de2ccd520300649adcddfc753971f846aac1ba42ae4528952d94980aa7c6cfa2142907647f894ae974a74d59035a73ef56a10b6612624809520190ace661c3a47095e0322efd781d50d1163598f2da32f31bc9c4f913d1b14861:2306f58fcd4cff2222d81b05a475532b8b19dc67e6d78ddb4205a3b7621cc5aef0b393d5d24dd96c88ccbc53a3208da323be4587d5ec067c820f0723aa44e90e9d17bcfe2dfc742f411cb53a94f359c001abf096c741f34af48679f281e7ce6bbd9e87709fc0728a563db2b9cf8ea4fbdcc344c1848e653ce970c6ce29de2ccd520300649adcddfc753971f846aac1ba42ae4528952d94980aa7c6cfa2142907647f894ae974a74d59035a73ef56a10b6612624809520190ace661c3a47095e0322efd781d50d1163598f2da32f31bc9c4f913d1b14861: +18af89025ebfa76bd557cfb2dff148245214641fd5bda159f73da04b08e87c880c584459b9ebcccad587b272160bc60b27f4f772b4321de7723afef577edc7b4:0c584459b9ebcccad587b272160bc60b27f4f772b4321de7723afef577edc7b4:e82f46652ab914af535d8fb720b557ac95018d9f2a3fcce85771bb40ab14cb9a986e096f3afe5bee829dfd8b97335c536ac971a21655af16a2f8fdba183a4e18564c21492956537a419abbbbb02a4bbdc01481f5c6e658ecf3c34f011ad846f5edcd4939195df85e41303fb9a88fdfbd704396f7559a327318b952b3e60ce8ddde56378579232faf950c78e7f0b17c3b8dece36b788a8473:26bb0882297c2c08a752d3981145dcde55893a11df77f8aa4c19d0b9ed6e5220ed12e9fac3af13d0f0c71568f4a547d30114a6599a236806c4beee6765284408e82f46652ab914af535d8fb720b557ac95018d9f2a3fcce85771bb40ab14cb9a986e096f3afe5bee829dfd8b97335c536ac971a21655af16a2f8fdba183a4e18564c21492956537a419abbbbb02a4bbdc01481f5c6e658ecf3c34f011ad846f5edcd4939195df85e41303fb9a88fdfbd704396f7559a327318b952b3e60ce8ddde56378579232faf950c78e7f0b17c3b8dece36b788a8473: +0c93d99815fff8fe22b9e45aa02b3e6445ce1d6bf5a65dce3da107aa1055940e4d27a47b0fc80800d84d244eebb1deb4436d97633a83e67125ad52ea01685057:4d27a47b0fc80800d84d244eebb1deb4436d97633a83e67125ad52ea01685057:11e877de58c134eaf4c9f1b53c3dc451d3c055f16b09622725b279768512fe10a7adb0765b689ec21d5b6efaa19f1b9d36254df0a9367f441b26bdb90b28cbc403e5074082fa1fed58e140dac97aeaf483e2c13f3cc560abffaba05b763feedb51e60698151cf56efdf1d37d6ce0564486210f052e937f2ea26f63efa5d247ff188329bb1aa83ce3f4f35a3d7dec14599e5feb7b6d5fe4296a:7dc4467abcf6431adb7ccfe868eac8cd8a615a0ff65f6a9e338375b1aae3c49a126c9eba79426d1641c6b97c3e92c194e5ee4431efa2439fd450f2cd018c870011e877de58c134eaf4c9f1b53c3dc451d3c055f16b09622725b279768512fe10a7adb0765b689ec21d5b6efaa19f1b9d36254df0a9367f441b26bdb90b28cbc403e5074082fa1fed58e140dac97aeaf483e2c13f3cc560abffaba05b763feedb51e60698151cf56efdf1d37d6ce0564486210f052e937f2ea26f63efa5d247ff188329bb1aa83ce3f4f35a3d7dec14599e5feb7b6d5fe4296a: +989e99945635192c023cc5186fc25bbaef47240775d15a56195d88cd07c3748eca0beafdf731d89301f7723c5bb7e5a1c3ff3eab27c97d711bcd76e42054bee4:ca0beafdf731d89301f7723c5bb7e5a1c3ff3eab27c97d711bcd76e42054bee4:c48414f5c757d03c523ef3f3b8510771b0ff3b4b97de279625d349ec185a29927a66b9593ba19338c2f5e4131f1ac07ea46d2c1b6e4ab5229280b2e2bb9d140d1ef7af7b1692bf2d097b80f811adcfa95d5cbf9eee92a1641c552b4be4a0d734f0afd470b9d7f4e45778951e21fc534f200a128b96adb8373f10cecec2dac2996a062fb3c294315965a9d5d7b077c4b013c64a38429769d23eab:aef756bfb8a7266e17d15f3f11ee50ed25be420e95a0742271ebd12294e2cb96ead083b8ff0b829d2edeb14da86e402ef25e6d4a5a7958c184ed10c176cb570bc48414f5c757d03c523ef3f3b8510771b0ff3b4b97de279625d349ec185a29927a66b9593ba19338c2f5e4131f1ac07ea46d2c1b6e4ab5229280b2e2bb9d140d1ef7af7b1692bf2d097b80f811adcfa95d5cbf9eee92a1641c552b4be4a0d734f0afd470b9d7f4e45778951e21fc534f200a128b96adb8373f10cecec2dac2996a062fb3c294315965a9d5d7b077c4b013c64a38429769d23eab: +6bdbbe06d9f4219eea6403a357b25e561992fae0f0f614561dd86d23de415a43ed52dd1cce32d9b485e0940746421d36b9fde6cdf0211545b634044d4b3cb8f1:ed52dd1cce32d9b485e0940746421d36b9fde6cdf0211545b634044d4b3cb8f1:582ada13d69293e49bbd461032dfea1ca2025b52e013a33a0387fcfc5f7c0b8ec955982607fc901e1b7f636a9d371e1f91fe476bdd44856e275d67efa14238164354c231124c84de8f5b89d5a58ea6744b4d3b3d7906905233cce694a64d696f5a7024fc9033b1ce390899a3b441a48e53c7c9b30ba12e7d61f35f15e658c7cc4407e2f689ea8a55d01bf5dbacb11954754f920f09dbd48409bbb5:950206605b0f417c90843e2c8d8e66c828bb10b99b36eeeee8caf2e0e5484d93fe02bf533405f4bb74a50e5585fa0daef4821f0301d01b46321baa31e1f08d03582ada13d69293e49bbd461032dfea1ca2025b52e013a33a0387fcfc5f7c0b8ec955982607fc901e1b7f636a9d371e1f91fe476bdd44856e275d67efa14238164354c231124c84de8f5b89d5a58ea6744b4d3b3d7906905233cce694a64d696f5a7024fc9033b1ce390899a3b441a48e53c7c9b30ba12e7d61f35f15e658c7cc4407e2f689ea8a55d01bf5dbacb11954754f920f09dbd48409bbb5: +d761c8c5a9601b9145b7d051249b004107e452e563100c6c788038c9ee8adad7e6488775d6407efc7b2bca890a7fc62266fc54cdac893343b4f59a196d948898:e6488775d6407efc7b2bca890a7fc62266fc54cdac893343b4f59a196d948898:84ead5eabd2fd4b7c79a9a928ab8ee0a16a5fd667a057f8a254663d56daae156d1a49affb2996137b9d8b340e635732f9d2b4c60218442541e72d2b00e1ee7a73c3f67caa499fa9d070b57d076dcde96b0764723c3c659c7a00c1b78b15ccc2223890b51067fc81e23e9458ab0683ba626a53d0c3793a58a9857bb44b3bd85bb6ce53a85694e7f53cc1bd46d50eda37d81f5381b513d1f38339d291b:7ab78b64e6db359a2dc8302e1092ed66fa736b536253a1cd90fdb8c10efd78300225e191963599ba549cc859209df0ff61cd069b03d254e6e7d76c798440f90784ead5eabd2fd4b7c79a9a928ab8ee0a16a5fd667a057f8a254663d56daae156d1a49affb2996137b9d8b340e635732f9d2b4c60218442541e72d2b00e1ee7a73c3f67caa499fa9d070b57d076dcde96b0764723c3c659c7a00c1b78b15ccc2223890b51067fc81e23e9458ab0683ba626a53d0c3793a58a9857bb44b3bd85bb6ce53a85694e7f53cc1bd46d50eda37d81f5381b513d1f38339d291b: +c5e0c7a7bb8b7ca07bf0a05ea67eff6deebfe3714ee3e1a227f4dc8e242a2fa05135efcd9052bec57a4431caabe82680eec0a33afd59b30203b280ba12be485c:5135efcd9052bec57a4431caabe82680eec0a33afd59b30203b280ba12be485c:3770a6786652c4b78a043edce07f3e204d81997c42afc22331f75a5494a826d7cb69ab4314a473721058a1839981d5b7022d0cd8670377daf3320476d25b9f559561d66ee0a709fe17361e2a52898f5753c4fb43bd0c98b368f512adc09cd927c6622676926d8c2d91a14aca32f226f70036c1c858bcffc2b59f54c1c37bf81eb52ecb3f00da602c94361b52a5afddbfd7e05036e377503050333be512:2e7fdeb3484d0a5e8dce94448979496b0642cabc3733a51f8c3c5c51c19ae319018da91091c2385f2f4e9a59edbca2abd0d085ee40d3f0d42061a5a9832a370c3770a6786652c4b78a043edce07f3e204d81997c42afc22331f75a5494a826d7cb69ab4314a473721058a1839981d5b7022d0cd8670377daf3320476d25b9f559561d66ee0a709fe17361e2a52898f5753c4fb43bd0c98b368f512adc09cd927c6622676926d8c2d91a14aca32f226f70036c1c858bcffc2b59f54c1c37bf81eb52ecb3f00da602c94361b52a5afddbfd7e05036e377503050333be512: +11bb4748d2547e6196be823c9be7aa18150c204b12ca8d73c1bd46b11a54b475efeb42da28d764966403dd300d9f9451b258ab1c80df06fe5943153f5301cccb:efeb42da28d764966403dd300d9f9451b258ab1c80df06fe5943153f5301cccb:f4b765b258ba35b427525c7f10a46f0bccd357ec1ad52a5b139417a9d3894c512d89eb88e681b1f30aac4c115ccf36545e83f37834c82e8300cc1eb289af4375968c29c0ffefb40e156c20c0432669ac8dc0a83c13b1e855a84ad0133c40c82c87ee1e7dd4084d741c80de8a7a9f7759e843a562099c4d7df875352039ff4d3824651386c97759ff7dba52064e6d3112e080819aee8ce723a1a2aa464d8a:44c58da49d2365d27029d1eebb3bebf7c032d858aa07e0756b1c26a5412d22691176031341ad37d7bb7843289eb39db491584c1b2a1da2e4a2649c2293826606f4b765b258ba35b427525c7f10a46f0bccd357ec1ad52a5b139417a9d3894c512d89eb88e681b1f30aac4c115ccf36545e83f37834c82e8300cc1eb289af4375968c29c0ffefb40e156c20c0432669ac8dc0a83c13b1e855a84ad0133c40c82c87ee1e7dd4084d741c80de8a7a9f7759e843a562099c4d7df875352039ff4d3824651386c97759ff7dba52064e6d3112e080819aee8ce723a1a2aa464d8a: +7452a00156d794edebff4adb1f7a7eec26217fef67c3d268352b2b5460a7dc255f4dc338cfbd384b5f1c14c226701446b52b1e3e2a3cba1a40ee2825080d1de6:5f4dc338cfbd384b5f1c14c226701446b52b1e3e2a3cba1a40ee2825080d1de6:8c4ee2867656e33f5269414d77b42d8e4750dba93c418bacca10938cc3b570c6603d52c2344488607b2f934f6d269fcb2ad966219b1ab11472f42c672ce20592490ec5baf6a2d2fc8a3ee35374b1902fdefc7870b1b626fa46b12b6cee241f601a9b3fe4c50812e573e6752ce2c7644e3367a6a6b77758d8e4934b58af23abae8fecac25edd734030ee7cf39907e3eed8186a19a807103a9fc49d38f4c8460:a8f9fa24a3dea1022e73f0d88b1c37d06d0f0b20bbff0ecdb4a40c86d7e475617c03570a7419d74ba0f1327096bf19f0d0cf9f51d483112f26922378682f48078c4ee2867656e33f5269414d77b42d8e4750dba93c418bacca10938cc3b570c6603d52c2344488607b2f934f6d269fcb2ad966219b1ab11472f42c672ce20592490ec5baf6a2d2fc8a3ee35374b1902fdefc7870b1b626fa46b12b6cee241f601a9b3fe4c50812e573e6752ce2c7644e3367a6a6b77758d8e4934b58af23abae8fecac25edd734030ee7cf39907e3eed8186a19a807103a9fc49d38f4c8460: +880ef106733f04e76195eba280b3fadda0f25dcf96a6a99c8ccf842c68afdae570cee33d41c728ce7b141931e6e8524567d7601eb79f67fdcd07b9d682c650f0:70cee33d41c728ce7b141931e6e8524567d7601eb79f67fdcd07b9d682c650f0:f4f38d077f2b03da821bd36fde673d666e52f4832e1c0dcfeef049328acb7bd71ad2bfc49c123516e196c470df0847b3848a45a2c69bea03e2afa7e58205b63b523814fc8e242f059c69ff7e40f97be8125b70a54fdaf35aeafac79114a7b419e6bb9e70bf07adb559819600dc25e51b4b700d27ca5472a0e7cbbfd14e099faa3a72002da538cbe45d621ef0d5252ba29d83f8b3ec8389c9ceb6c6b2e8d8a20f:ff6caedd8a468aa07d4c6e7131bbda76182ba958649376e711f44c7bbacba6077bea878ba5949cdeeef05cfd4983b0057d275ea3e18c32659468c30c47ac8f0bf4f38d077f2b03da821bd36fde673d666e52f4832e1c0dcfeef049328acb7bd71ad2bfc49c123516e196c470df0847b3848a45a2c69bea03e2afa7e58205b63b523814fc8e242f059c69ff7e40f97be8125b70a54fdaf35aeafac79114a7b419e6bb9e70bf07adb559819600dc25e51b4b700d27ca5472a0e7cbbfd14e099faa3a72002da538cbe45d621ef0d5252ba29d83f8b3ec8389c9ceb6c6b2e8d8a20f: +a2d88f37ecc2b2c05dd6cb3159962c5f646a9815b2fb37791fc7b606e2913ed558dd67d7a15d4ca0341a4c869566cad8c4ee16e583a10b4824173b08290d92d1:58dd67d7a15d4ca0341a4c869566cad8c4ee16e583a10b4824173b08290d92d1:d1b87e9e886dfbbdc8ca8ab9010ecf9bbaf23f72ab3cbe769db1d43c2a474a81651c464e9fb92734634641c9485a0239b3110771e7f75e05252e4d8f4c0aa1ba08626d7e96317c20acde2ad99b23bdadfd6f17468eb402ec5eefa57b47caf972b3dd21d89f0e2989ff87d51ed2e2d639c1644e698cbe0221b8e179f3cfb04a20cb2470216a6882fb4ff799e11536cf64219f0c075176bc7cf0f6c5b7925fcd6155:ccf2400cd673e1effd20161d7b68a5fb87c1e99d3635d78c2da1b509fac33346c069163a6c46c7826a48bbbd03b05e6e2351fa62bf89bf7ccf9a9024bd157d07d1b87e9e886dfbbdc8ca8ab9010ecf9bbaf23f72ab3cbe769db1d43c2a474a81651c464e9fb92734634641c9485a0239b3110771e7f75e05252e4d8f4c0aa1ba08626d7e96317c20acde2ad99b23bdadfd6f17468eb402ec5eefa57b47caf972b3dd21d89f0e2989ff87d51ed2e2d639c1644e698cbe0221b8e179f3cfb04a20cb2470216a6882fb4ff799e11536cf64219f0c075176bc7cf0f6c5b7925fcd6155: +42aafd0ae26df1e7aa0276860d752783af97280439bb23eae46e3f84caac78dedaa2350adb55dba9df7d7af5101998fe515d311c3cba3eeab9138233190c3b4e:daa2350adb55dba9df7d7af5101998fe515d311c3cba3eeab9138233190c3b4e:72131b80ad599b6f5ff698547d16e7499d71275e4e9b30526a5aac0b0c8b14fa4a540cfb1145fc004418bcd318c1a70e6269a3fb69baed86f363f5b8f97f569c20d4f4990e7bb4d0c39921268d636ed0554bd62acfcacd3b8e030217aafac3044c037e0f94da18c6b9a0932c3c5875d3a93fbdadcf67964eec9ec2be69b48f020f6c9874de5f8a5167b5ee024a2c2efd0cdcd2acd8c1f787814141e30b38b163175b:116143650b6c133d617859db2429c2913579790b2197d7b7b1b4962b328721032ceeca58b2d56439e233bb84dc525e284ff8df2bde1db4986fafd21b3d7d6a0a72131b80ad599b6f5ff698547d16e7499d71275e4e9b30526a5aac0b0c8b14fa4a540cfb1145fc004418bcd318c1a70e6269a3fb69baed86f363f5b8f97f569c20d4f4990e7bb4d0c39921268d636ed0554bd62acfcacd3b8e030217aafac3044c037e0f94da18c6b9a0932c3c5875d3a93fbdadcf67964eec9ec2be69b48f020f6c9874de5f8a5167b5ee024a2c2efd0cdcd2acd8c1f787814141e30b38b163175b: +b69c33b11ba67841c3d4e6f9234e35370a28b47662ac560b27c078b66ab1b0219df68e9acf67379261744db5d1e377892f2b692ed5a38b37073c04de5d226737:9df68e9acf67379261744db5d1e377892f2b692ed5a38b37073c04de5d226737:f9ea126d3ab21961aa2433900a3982b83e0ef86d52d13440afa4817f9b822fb582cc3932bf450d4677c9188181fe7526ad6fe5abc61d0ae759f215013c0b2b41064cb6278ba7e39e2f4c10d6cc9605b3869e169d7da42e88eb857870fe6118bb02bc08c8055f0c189b62f79fb146b4c543aa30cc0cd57f037e9ef7a63711f66e6f2878931702202702614277d513f0850b758549336b30cf40ab8bd460e60e12deed04:24368fee5bd848b4c661a3be4f310cfc436e79ec4a78501b81095fe51614231b6ca1ab1269996ad2e98e299781af8e29804b24fe5679ca3ba650c5c4cc58ce01f9ea126d3ab21961aa2433900a3982b83e0ef86d52d13440afa4817f9b822fb582cc3932bf450d4677c9188181fe7526ad6fe5abc61d0ae759f215013c0b2b41064cb6278ba7e39e2f4c10d6cc9605b3869e169d7da42e88eb857870fe6118bb02bc08c8055f0c189b62f79fb146b4c543aa30cc0cd57f037e9ef7a63711f66e6f2878931702202702614277d513f0850b758549336b30cf40ab8bd460e60e12deed04: +7b63613f6dae01cdcd5e6b37686971cd8d8a99542f6329a12854a9d8ff8105ac72ec43faf34d8730177d1f0743c74c20bf72c2394b8a7d471ffe2a04ab00811c:72ec43faf34d8730177d1f0743c74c20bf72c2394b8a7d471ffe2a04ab00811c:1816488f1fc83e1ed5911637dd42ba2077657dfe1ae422ad0aee59df9dd56a2763c2dd0ef61a12bb825b0dac1eda5fbb691c5ed58f3fb325050b4563a4042099982fffa5d6ed742d95823da8e1787cf746ef63b3fbb0e88a6c0beae4f7318366936b4917f507336068b194680900a7bf4a6fb69a5c387b97e31bc7f9be53c2a89e3651ce1de41b10e921b206ebf32e5621ef8081616dcd7a2059437efad014bb8e2c8221:76f50b2b9c2ad97bfb9499ee41928ac072da5e8bc71d0212550942332b62e70c8bfe1c722542394688decd917aec8f95353e1d72624b70ebed5d17f6c54977021816488f1fc83e1ed5911637dd42ba2077657dfe1ae422ad0aee59df9dd56a2763c2dd0ef61a12bb825b0dac1eda5fbb691c5ed58f3fb325050b4563a4042099982fffa5d6ed742d95823da8e1787cf746ef63b3fbb0e88a6c0beae4f7318366936b4917f507336068b194680900a7bf4a6fb69a5c387b97e31bc7f9be53c2a89e3651ce1de41b10e921b206ebf32e5621ef8081616dcd7a2059437efad014bb8e2c8221: +3558d3a74395bdcba560e2c45a91960cec6cb3edbcd30e722f7f055210f37b51534f43eba403a84f25967c152d93a0175ec8293e6f4375319eadf957401fbbd2:534f43eba403a84f25967c152d93a0175ec8293e6f4375319eadf957401fbbd2:be75444f9ce6be1d83af622a8c478d510127db56f1de6eb8a5126522b09fdc6ca0862cec0b8b2aafa31c17a2cc477da533d276a1ae4f8e0759d6afa0b17411b5170b52f20547c72f3e88d48cb456fe625b62feb0f81317edf1ec09ece534b9f500d4e1b1bda2db21982aa95094226ee9f5b0a65da83f91121c96b3b4010ae7826c9e80636cba00f70c3c8a279b01b95294cb850f91709f4376662a580b15ac2981afe9f854:b365b5561a13a54517cf90d88b35eb0967d6d58414b8c1547e693159e01378563654c50fb42323f09dd78ffe28056ddfa54febf44891e8a741b6a1687d728605be75444f9ce6be1d83af622a8c478d510127db56f1de6eb8a5126522b09fdc6ca0862cec0b8b2aafa31c17a2cc477da533d276a1ae4f8e0759d6afa0b17411b5170b52f20547c72f3e88d48cb456fe625b62feb0f81317edf1ec09ece534b9f500d4e1b1bda2db21982aa95094226ee9f5b0a65da83f91121c96b3b4010ae7826c9e80636cba00f70c3c8a279b01b95294cb850f91709f4376662a580b15ac2981afe9f854: +a35b92f244063a19bb5e3ed4d699ed2069607116d2bd08113f0d8373613f35b77ec93601864ee4995a4f7abcd3dfc101e9e7f369e63de1ae68a07aa7f075b329:7ec93601864ee4995a4f7abcd3dfc101e9e7f369e63de1ae68a07aa7f075b329:65cd36dae0168d69974f95f09dd9a59db799f911e1a15b85a00893b8c9a3d48a2f58ac126bfaa0a606c05d94701d273abf7d68817f2c71b1c541795c4f6095e26c9dff803f032f75663fd1698edd97ff3a0e72e1b7c9948b08bacb5f7de502b2fea67ca2fef190d60eae92d15158da444a49d2e9d5a573e8e177e8bbf7e6c49f907136e71d2a66cb07636d48768ff417c8beccf4323181fefb3124e434049ea45dd5019e40b4:a23dbe3757e478dbc84d3db3a933b0428cedb6b01b86d8d73f3959878dae6f0588f505cd4d39f2ab4677b64805d629652a22529825c3a91d043749fc71f0370665cd36dae0168d69974f95f09dd9a59db799f911e1a15b85a00893b8c9a3d48a2f58ac126bfaa0a606c05d94701d273abf7d68817f2c71b1c541795c4f6095e26c9dff803f032f75663fd1698edd97ff3a0e72e1b7c9948b08bacb5f7de502b2fea67ca2fef190d60eae92d15158da444a49d2e9d5a573e8e177e8bbf7e6c49f907136e71d2a66cb07636d48768ff417c8beccf4323181fefb3124e434049ea45dd5019e40b4: +72d4a564ca15499b5e4e75d8ac0f28217d32114a0c649a7c8eaadd0cc78c520bc766bd73837c4faa5215502f1efc90c003f711bbef55170091028a34493408a9:c766bd73837c4faa5215502f1efc90c003f711bbef55170091028a34493408a9:6c7e7b62eb244a45d78436e2970dcd6c0f7db82297a86140ea58dd22c2195adbc956d4c4ec05354b21efe24cfcfe10e17622368848180d2c4680cc215e8ceea6cce222161f1e092239253b9746f7887df2425ab5a880bdba98153be786dc838cbeca016b1d06524bd6bfba809a8bb37adab15d42415f86ec0358365ea87b8150b05441d9d49846871485caae6de359736c27189736d8f1765f3e5c5f6b92168396390bee94cfbd:8fc4f179330b642dd86ca9362651b83b006d8375ccef811d3c6706f91594651df2769953723046ccb9bfe66a667e0d11fc3ea2d8226234fdd5164765260f7b056c7e7b62eb244a45d78436e2970dcd6c0f7db82297a86140ea58dd22c2195adbc956d4c4ec05354b21efe24cfcfe10e17622368848180d2c4680cc215e8ceea6cce222161f1e092239253b9746f7887df2425ab5a880bdba98153be786dc838cbeca016b1d06524bd6bfba809a8bb37adab15d42415f86ec0358365ea87b8150b05441d9d49846871485caae6de359736c27189736d8f1765f3e5c5f6b92168396390bee94cfbd: +2e5aaab298e66c2dc1d77ea7421ff895255f9d900db0450d63f9f79c1a7013cf0381f3f19045719b9e8ceb562f0e965dc07b09f371a963a281c749c2532f654a:0381f3f19045719b9e8ceb562f0e965dc07b09f371a963a281c749c2532f654a:3df0e54c711e3132d7ae953deb7b66869ee531ee40b63ce693206cdb2f4bda0a2569e913ac3e6532c5d9648efd4627780fb8a31d107e033f054d19ed8b7c49dc407d2e949de25f99307221d35843f6d5eb7de5cdf41b91dbbf34cb6c9c530021014b56abc44ac2300313615608a7b4a235e99c14cef8050887032209488b9eaeaa82c09405fc75bec94dd42d6ff1b599a63ee5742f3364093ac92cabab3035822aa867ae56dcc99d:7c7430305b361a9e35b2780c4d4408071b2130931d39830ec8d313aafbc83a65dae19cb747d9d1c4ce3f359cc824ea8c92f66a42b8614e7848b884ac8aa4ae023df0e54c711e3132d7ae953deb7b66869ee531ee40b63ce693206cdb2f4bda0a2569e913ac3e6532c5d9648efd4627780fb8a31d107e033f054d19ed8b7c49dc407d2e949de25f99307221d35843f6d5eb7de5cdf41b91dbbf34cb6c9c530021014b56abc44ac2300313615608a7b4a235e99c14cef8050887032209488b9eaeaa82c09405fc75bec94dd42d6ff1b599a63ee5742f3364093ac92cabab3035822aa867ae56dcc99d: +b636a02448003543db864b40b5d8d6dd9ad611624c9b0fc6890c51ea5592c7901ef360495968e56e6d3fe740b1c84c4e4490ed682deb4305afd596efb280223b:1ef360495968e56e6d3fe740b1c84c4e4490ed682deb4305afd596efb280223b:4aa85aac25034f614ed44f7adcdbeeec25fcc2a9eea32ab6a8699506f7a1cad3bc892e9dce934e75b0a8cd14642b778599286cfd8f50a9e4f2edf9f9d6291a2e2979cf1806b93ed8c9a78fae199b2854a03ec406ab3f720835ee263fbbc91cb4ef0758d775fc784c7d5b251ac8937919a9e67be88c9e44cf2ec7f560269aa0f1113d91b84401db15a3c48c7dacff4939ee01babb982fb95625c6c3ad78749060551bfde8cce4fb8a29:d4ba80300d5cb51353c03f28c44fd0a424ffe1e40d78ed7bb1133e8fe4e187505293b20a391da962c6a8ac0acec9c67226af3b6195dabe39b3662294da3e0e094aa85aac25034f614ed44f7adcdbeeec25fcc2a9eea32ab6a8699506f7a1cad3bc892e9dce934e75b0a8cd14642b778599286cfd8f50a9e4f2edf9f9d6291a2e2979cf1806b93ed8c9a78fae199b2854a03ec406ab3f720835ee263fbbc91cb4ef0758d775fc784c7d5b251ac8937919a9e67be88c9e44cf2ec7f560269aa0f1113d91b84401db15a3c48c7dacff4939ee01babb982fb95625c6c3ad78749060551bfde8cce4fb8a29: +5ca0543c71f568a00eedf50a9520f4c15b526e3fb0da816c29ea3d50b2f62a12d4a2933ce19454e331b5280100209a6ce8e569f993c2acab51dbe864c5cb2563:d4a2933ce19454e331b5280100209a6ce8e569f993c2acab51dbe864c5cb2563:4ef8496978d28c10abd54a26356ee55921ceb350dd4b742c4161fbeba8a1601f8ad0484b21a8cf5a294fac00ec8a6f59e3362e47bfae1e28a2e6d017c5caa75fb0f48482808037ca21476954d778ff1a0586da3ef69d6cef6d2d8df4ae7a85442a1e46c998cf407a6ad4c5463a43c248f3b6937fdbc845b60c6d85e0563cc16ba9675d364f525f669aaac95f428bb58205099f9e4a6dbbd0151fb65babe123e5393ad64026935cb488aa:436823eeff3edce5d8587d68e5473ef3d8dc9465b558b6e8e7cd3137eccc80b4c4e806edf13619d8e717e69f48d7061b68de02c8209be1f7ac26ba8edf606d024ef8496978d28c10abd54a26356ee55921ceb350dd4b742c4161fbeba8a1601f8ad0484b21a8cf5a294fac00ec8a6f59e3362e47bfae1e28a2e6d017c5caa75fb0f48482808037ca21476954d778ff1a0586da3ef69d6cef6d2d8df4ae7a85442a1e46c998cf407a6ad4c5463a43c248f3b6937fdbc845b60c6d85e0563cc16ba9675d364f525f669aaac95f428bb58205099f9e4a6dbbd0151fb65babe123e5393ad64026935cb488aa: +5f87117da9bbb6091c94da6b230b7d8f6de0ed2a076413b92eacdc43abbc6897aa786a146226832aa73c434b0edc2d41d2558f820ab8f87e09e6cda91072b9b6:aa786a146226832aa73c434b0edc2d41d2558f820ab8f87e09e6cda91072b9b6:2297c40a2e8365bae4c5f0630c50b13bdd9ad9770a5d9a9451d00874b023d25ecd468b96571b2f16dcb1b0d3d756c1f044fcddd1c51f27727a0369c9cf25bd6aa59551b5b07cf8f807d92b159198639704740fe6eda0f26dba7e75d4530b2800f03fb6aa677d84df75d68d4fbb64ad21001e3fc87b609b9c251e8ccb12bbca927447e2054e07688eb8a20521a52249e7b943bed60e6a93c01e3eb621f0460c18a690b6f6b66edc6e8743a6:0f19e6ea0c05f38185c01c2d6477995daf5065ba9d80173fa6bb23a774dc88b3aae879d8a62471d2d304cc3dc66278a7abcb0bb0771cd278e11e7b932e9f9b0f2297c40a2e8365bae4c5f0630c50b13bdd9ad9770a5d9a9451d00874b023d25ecd468b96571b2f16dcb1b0d3d756c1f044fcddd1c51f27727a0369c9cf25bd6aa59551b5b07cf8f807d92b159198639704740fe6eda0f26dba7e75d4530b2800f03fb6aa677d84df75d68d4fbb64ad21001e3fc87b609b9c251e8ccb12bbca927447e2054e07688eb8a20521a52249e7b943bed60e6a93c01e3eb621f0460c18a690b6f6b66edc6e8743a6: +b53a644c92ba2dc7108b16833f09ad5917846437225a773d32d79c97733c0a58515818c69c0e0a1706b04143842f3e9e271448fbaf3a899119c32f42566ffd33:515818c69c0e0a1706b04143842f3e9e271448fbaf3a899119c32f42566ffd33:13036daaee45fcfde0c53e06d05aa9c01ea94a67e86c6c538ccb283b368daf7078d3fbab580c76ecf82b4e9660f068dcbb500b80595017c5be3c448fbd8a17d97c5643197890e167b35345bf65e75b82c8d65229f2f60aae2772581bc99c49d416bc3d78746ef830f1af944f4a6715ab4ffb01591bac2857f1a9c9d1700888780006a31607338f7af7bedf6efe0b57299ac915526fe5e1e101298708c6e61b84220afe95b53f895987456152:13d2cbac7976ad27f0bf669ad588efb2c91bab8507d57fb16bfea9caff2b0964e75625c4d808d7bbb78c5b464edffe4949ecfbc8b95ff6fdb1bdca274206810013036daaee45fcfde0c53e06d05aa9c01ea94a67e86c6c538ccb283b368daf7078d3fbab580c76ecf82b4e9660f068dcbb500b80595017c5be3c448fbd8a17d97c5643197890e167b35345bf65e75b82c8d65229f2f60aae2772581bc99c49d416bc3d78746ef830f1af944f4a6715ab4ffb01591bac2857f1a9c9d1700888780006a31607338f7af7bedf6efe0b57299ac915526fe5e1e101298708c6e61b84220afe95b53f895987456152: +d27c9eafcf88151990bb5b2fa8443e709b5fd8d78d233803322dc86d93d9329508e0eff529776714686196d817fdf71eb5b6e8326516ef489bfe186ac5c5bf6d:08e0eff529776714686196d817fdf71eb5b6e8326516ef489bfe186ac5c5bf6d:77c35bda32a5967d8b302fa7a47583ceab89c9a609a667b753155fa6996f8631d0ebedfe0ac364c77e85ba37311f0de57a0dc2c1e9e400d58b424a322e1d5771e0a9fd9502ad0232ce544f07d8c66e7c3147f8607ac6189bb69066f2fad631185f457f467eba33228ecc40e894a77b571698a9bfac841a54eac5219da99c6a9125c469a22fe81f3b951433896f19ce39b373fd7e5c7b650a5ef2365ae7510b0da5e49d7c07073cf166a98387e8:c254e371445633137442eefe40ad4a82e69b1ebf48a685a2bc6ffbac126d228487b2e3537c97ef7410342091962e50c0cb85de7b39ceb41ac4078d40f340710677c35bda32a5967d8b302fa7a47583ceab89c9a609a667b753155fa6996f8631d0ebedfe0ac364c77e85ba37311f0de57a0dc2c1e9e400d58b424a322e1d5771e0a9fd9502ad0232ce544f07d8c66e7c3147f8607ac6189bb69066f2fad631185f457f467eba33228ecc40e894a77b571698a9bfac841a54eac5219da99c6a9125c469a22fe81f3b951433896f19ce39b373fd7e5c7b650a5ef2365ae7510b0da5e49d7c07073cf166a98387e8: +70213d3a79c65d6dbba542a3679635003a682af5fa58de6b0d65bfa24184901c4402fb92cc1249dd1ae1690f03b3ec4f1e9bdab0de5bfd289f10296830fd403e:4402fb92cc1249dd1ae1690f03b3ec4f1e9bdab0de5bfd289f10296830fd403e:cd6e1cd9c90f566de043d75d7244ecfdb38e8bde2f9a6cd5a4fdac72b5ede6af62d981918c5e610a38789274fa10e527f85fad209b76ca1c281ad5890f9c96d35de522f1ddccb539b8798a0067acdd45b6e344a5d9a97731f545ffa4b17b875c67b48e9d4c4ba72c98a4505583fdbf1e12f22b5a7a494746cc9b6c1b571906c67fcc883a9c15a3806875b659e5816b4276c3190e25cc1ac3de47bf99c49965388f54f3ef8eb569906c6008e5fbbd:5b6ce2774d400ecea8a808f5fd0a797ffc6116752376cd7bfa3b2cca3a84d5593f5c03ad3eec1d89532275c47b7ce2a0e9c59cc4028a8a65e5bb9097ea71c208cd6e1cd9c90f566de043d75d7244ecfdb38e8bde2f9a6cd5a4fdac72b5ede6af62d981918c5e610a38789274fa10e527f85fad209b76ca1c281ad5890f9c96d35de522f1ddccb539b8798a0067acdd45b6e344a5d9a97731f545ffa4b17b875c67b48e9d4c4ba72c98a4505583fdbf1e12f22b5a7a494746cc9b6c1b571906c67fcc883a9c15a3806875b659e5816b4276c3190e25cc1ac3de47bf99c49965388f54f3ef8eb569906c6008e5fbbd: +5d540b3b14f0c0175c047eaf026c9070659ef13e9d28e0c5c516a428269b14eb1d2d4d551a57c6fb2b04181049d4039d575cf80c0bc6ec7033067f27309344de:1d2d4d551a57c6fb2b04181049d4039d575cf80c0bc6ec7033067f27309344de:e4c9e8706898cad4ac68d73c130efa04a54f8ca25919ea6bfaa54c8c720ced854c5e9509102c7b885aeddffbd1b7f2c5922583677ac9eea9a108c7e83e8871aed5a084f5440b0f391ad7ffc6bab4574af1b96770f4370e8e988e85ecb1a8d6034fc3d7f49f7422023b9dab5d0c16beab5f5d37b0a4d7de197ad87cd4ff8ce78eb12e1daf739d8b47ab380abe9093356db5b59717751a49e1948472fdacc259ffffc8c1dbae592607d4ec71cc6a8f6b:32527da755312889935dd5ee91b1bb117a5d377dd23ef5b7e15baffae9a54391a3fd234bdce073e098c58d05bf195b4c3cc63972383ba4b51072971aebcb620de4c9e8706898cad4ac68d73c130efa04a54f8ca25919ea6bfaa54c8c720ced854c5e9509102c7b885aeddffbd1b7f2c5922583677ac9eea9a108c7e83e8871aed5a084f5440b0f391ad7ffc6bab4574af1b96770f4370e8e988e85ecb1a8d6034fc3d7f49f7422023b9dab5d0c16beab5f5d37b0a4d7de197ad87cd4ff8ce78eb12e1daf739d8b47ab380abe9093356db5b59717751a49e1948472fdacc259ffffc8c1dbae592607d4ec71cc6a8f6b: +ca41769caf1717b4e45c93c121dc82a534fbc6ec0986662c3222d71492bd1176af3f89f6187dbcf9217750c67ef89ed47b039f9eb062ffec9df64ab52b0b45cb:af3f89f6187dbcf9217750c67ef89ed47b039f9eb062ffec9df64ab52b0b45cb:9de8476c5813848ab1451537841cc178002181a2182af305b12e5f7c3b1d56b22cf46ae6276d1826ec0a8c9a7d9f68083b7225bbfaefce82b3b64594052a7700f309233a79fffdfccc5c21400c91cc0e418d5141d486b5219901d6dd2447c1f7b7cf5a0879e70e1dd658d0f2ecf31ebeee11a5c74440c63b9d8b45318c3465d7ff03365edd0385edf80d4fded51f0f7533ee4099f19e93bc9d08dadcd13485db239522ffc81e2c051f8796d62e979fcf:5cda872f7ed6d7c90218ac10bee8e214f3b34d15d25c39255ec9e6b0177aa3cb7368d11cb8ed6ff5cf0c04281d06bc4272b8bc09c23f6f4cd5a810ddc7b9c1039de8476c5813848ab1451537841cc178002181a2182af305b12e5f7c3b1d56b22cf46ae6276d1826ec0a8c9a7d9f68083b7225bbfaefce82b3b64594052a7700f309233a79fffdfccc5c21400c91cc0e418d5141d486b5219901d6dd2447c1f7b7cf5a0879e70e1dd658d0f2ecf31ebeee11a5c74440c63b9d8b45318c3465d7ff03365edd0385edf80d4fded51f0f7533ee4099f19e93bc9d08dadcd13485db239522ffc81e2c051f8796d62e979fcf: +fedd63ffd4cfbf618894962e121a9025eea318a80a1adf169d6490445d2e02a0542f2244bdb7d84b87e628a8e6a12f17bf74a9a6d0ea46c595dbfdc680c04b26:542f2244bdb7d84b87e628a8e6a12f17bf74a9a6d0ea46c595dbfdc680c04b26:2e2ae584641be03dd48f9c618077aeaa18212a4241f0c0194ed23e370d741a3ae11a5fec3b040c16eafa4ac8d18abaa7ce8f286967337189f0495ffdd61995cde31dd8dfc3df5700b57a7a29980e9c823fee85d61451176729e72787c6109b47359b93dfd62e1e5a2d642c057242dae500a94ca1a93bc57be1ade76fe4501c0f6377ed0e9246179aecdd9946b671e8190e1ed23f966e96409b948222d8ea5839de904fc51348073b8f40edbd9b4a4b2275:ed59d9e23dec3494b0fbc5d10cd02bab86b3eb35abbf9e4d4a926479f134583a44ce72dc4122aca377a4072b7156462b74e8df46b686698636836ef203179c072e2ae584641be03dd48f9c618077aeaa18212a4241f0c0194ed23e370d741a3ae11a5fec3b040c16eafa4ac8d18abaa7ce8f286967337189f0495ffdd61995cde31dd8dfc3df5700b57a7a29980e9c823fee85d61451176729e72787c6109b47359b93dfd62e1e5a2d642c057242dae500a94ca1a93bc57be1ade76fe4501c0f6377ed0e9246179aecdd9946b671e8190e1ed23f966e96409b948222d8ea5839de904fc51348073b8f40edbd9b4a4b2275: +38f2184eaa553656ee2902706bcec4acb5af25157ca0f6a2d48de85285fa3bc07ff03fb4c82e9c15d659df424b3e73ed1d78006f3e0b79eb64d98c13aec6ba37:7ff03fb4c82e9c15d659df424b3e73ed1d78006f3e0b79eb64d98c13aec6ba37:c2df77c9e479f61983b6c7483ef93fb85a103b213923926523065ebff2257e85427e05cdc27582ef6c16be353a3b250372d6370eecb6c8962917eb656f2641690189d172a111051557abc2494e32cab65ed0633affe92408b55c4ed8af65e2c5e7aab887a3cc8d28c52e9e1336d0b7bb3fe2cd843e7fa1680342f8a4aafa02c4ab252f08c3d46d5f00fd01484263ee635284f6db26d6298de5b0dd238da40a8d2a93376da0302783a0e3be23d9e7f990d25b:4a6413c2c87f2b3856a8decbce493adeae0c69c94134707fb0f18f3049fd3e3d051abdb9d4bee253c6107c02d57ad7cc9f3101db660afac2b7981938e9564f01c2df77c9e479f61983b6c7483ef93fb85a103b213923926523065ebff2257e85427e05cdc27582ef6c16be353a3b250372d6370eecb6c8962917eb656f2641690189d172a111051557abc2494e32cab65ed0633affe92408b55c4ed8af65e2c5e7aab887a3cc8d28c52e9e1336d0b7bb3fe2cd843e7fa1680342f8a4aafa02c4ab252f08c3d46d5f00fd01484263ee635284f6db26d6298de5b0dd238da40a8d2a93376da0302783a0e3be23d9e7f990d25b: +8bfca48462d2536f74b84f6af59f5d8582ff8f7ec28745d672e72eb72e79d3e99d10d275c3d3fe459f7fe2901bce389191cc8483c0f51140d9c62b08fade81bb:9d10d275c3d3fe459f7fe2901bce389191cc8483c0f51140d9c62b08fade81bb:81ee4cb9c45da691dacd7dd09aff59737267bb55c3ade1ba32c17b7d0d2d0c6079c39d5fd5b29ba5f9c1762097709843eee5612bd20bc8185bf64d5c934184e13624e6f877a2a5dda15c0df62afbb97057cc91cac9a18406a0e0109cc39b2e3f812e227a4062d5ef81c92c22a7dc797c845d71eb6ea9e42ec8417fba90a96d2bb1439418330b4bb2f99c6d63d304a0e506dca9653e5de0dd56e309db1a76a0faabab163774f000088cef3d1b7a6cf661d2e1d9:44d77e439ef6ca5eb940c60ff8732ddc16269ea023bb2613bd447eba7fd69851226c4819ce8d44985a49f3f41ac7af33c47ffe5f89304a3256e445f8d686e30781ee4cb9c45da691dacd7dd09aff59737267bb55c3ade1ba32c17b7d0d2d0c6079c39d5fd5b29ba5f9c1762097709843eee5612bd20bc8185bf64d5c934184e13624e6f877a2a5dda15c0df62afbb97057cc91cac9a18406a0e0109cc39b2e3f812e227a4062d5ef81c92c22a7dc797c845d71eb6ea9e42ec8417fba90a96d2bb1439418330b4bb2f99c6d63d304a0e506dca9653e5de0dd56e309db1a76a0faabab163774f000088cef3d1b7a6cf661d2e1d9: +d7480d4272bcb1557b1bbee04915c126a52ca6d6a8bb5314a0e1a52b59bfc99c99c839d36d8f5b8652618ed7b0fe9ec3d94efff4c453c540631476a5979bbbe0:99c839d36d8f5b8652618ed7b0fe9ec3d94efff4c453c540631476a5979bbbe0:615cc19f942017365ba8bfa256ceccc85ee289a1c34bb1442acc0716c7fc2caeb76a9de19adec106371e47a30d2e1239ce1f7dca25526d604bdd647659d942bcbac368911349c3b946a97da10a42dbcf3c73416d2e6ba22bd29d9f705672e9e338944cef01ad21f009742e07bcd888ca31e1ee953e8c1b1fd954b7dcf1a0b1d5a069065a66cb721adc020f4efe1abdd16742746939285780d753137ae0140bb410fb6ce33676c27aeec593a88cbc73afd9f40511:e04dc8442d352173e931818e290858de85688a4649ea3e3c3ae74edaa54ad01b64622ad8a090b6ad60adfd01881882828d39078bb5b2714fd3ea8397a342fd04615cc19f942017365ba8bfa256ceccc85ee289a1c34bb1442acc0716c7fc2caeb76a9de19adec106371e47a30d2e1239ce1f7dca25526d604bdd647659d942bcbac368911349c3b946a97da10a42dbcf3c73416d2e6ba22bd29d9f705672e9e338944cef01ad21f009742e07bcd888ca31e1ee953e8c1b1fd954b7dcf1a0b1d5a069065a66cb721adc020f4efe1abdd16742746939285780d753137ae0140bb410fb6ce33676c27aeec593a88cbc73afd9f40511: +3c2d3650735b41ef9006bb45e4be2e0aa5cde851aeac421ee9c1b492d87aa18a3e46ddce298844fcafa00a1b47eaf3de70596df1bbee3c809d1be7dd94080e34:3e46ddce298844fcafa00a1b47eaf3de70596df1bbee3c809d1be7dd94080e34:1425d8d218da1a10a80b6a9c3c2750efe41657984abd5100f451ba949db01046b7126be8402334ed57528bac05622553a86b726722695a8fb331d8565417c4ff0f251a320ad06dedbb750def35d521c3c4cd571a45ada8450653d5e81fe0beb53aaae787b3eb653c2381ed55aaf2590ee5ed8b6626f1c4b0430a54f39658624e6635fefc98fee8fc3e1cc7ff3dd420de9da11a62fcae0e0cb454fc6f7df03954291d26202f1b188b657b3bae07389449b75e67422f:3f2af01ad5377ac39040d41a41e36e7b93fa7235b841791f432ecd7f91a3b21ab7196c883ad5a7db446f6c06672460f3f63ef863d9432be9caeabb79e87e22081425d8d218da1a10a80b6a9c3c2750efe41657984abd5100f451ba949db01046b7126be8402334ed57528bac05622553a86b726722695a8fb331d8565417c4ff0f251a320ad06dedbb750def35d521c3c4cd571a45ada8450653d5e81fe0beb53aaae787b3eb653c2381ed55aaf2590ee5ed8b6626f1c4b0430a54f39658624e6635fefc98fee8fc3e1cc7ff3dd420de9da11a62fcae0e0cb454fc6f7df03954291d26202f1b188b657b3bae07389449b75e67422f: +74965996268cdc4c09220bd31ce07b217a03826ee981fa89f3a2359ced095ef14096d027c1c5ee4cbfc04b9d534174029fdb50cf5610d3021ef933b4caf33985:4096d027c1c5ee4cbfc04b9d534174029fdb50cf5610d3021ef933b4caf33985:45b2f064615bf774fce97f51c464685d7b3e4fefff9231240a719b3b0621cd4ad83305675cd6eaaebff791000b0b1fa31d82d8181b7fe57c5e00cec56ff9022e9ce8db66356e408e3ee262fe627789e65535ef1a63e8fec933be3dee34d2facdb8928cc456abf2f3e8cab47eff1ca42e8b0e48d2c73e7bcc5de3f1056fc523dfef6b0023f32889ed394eeda032abf6bcaadaa7f3ee74118760ab6d91df528bdc5807972c85fa7cb56e387d7332e779e52d0dd7db0cfb:8c6628344317a63aca6f78cfaea965b3aa5522ce914195141c08870a1b8dacf34b79c7abc693cd9e5ebe1a2e86f0332d2048db3cbdef01687962d6df249e380045b2f064615bf774fce97f51c464685d7b3e4fefff9231240a719b3b0621cd4ad83305675cd6eaaebff791000b0b1fa31d82d8181b7fe57c5e00cec56ff9022e9ce8db66356e408e3ee262fe627789e65535ef1a63e8fec933be3dee34d2facdb8928cc456abf2f3e8cab47eff1ca42e8b0e48d2c73e7bcc5de3f1056fc523dfef6b0023f32889ed394eeda032abf6bcaadaa7f3ee74118760ab6d91df528bdc5807972c85fa7cb56e387d7332e779e52d0dd7db0cfb: +0abf069c08b2691c3a26f79dc8ed05cb71d220ff78f3a5c5780ae9da18e456439ef3b5cc016cc82dbdda705766aa448bd61fa1aaf1170efe9149daa9fe64a1ae:9ef3b5cc016cc82dbdda705766aa448bd61fa1aaf1170efe9149daa9fe64a1ae:0d055291b2e861eae19ea0fb2069d8c9eef4f1347f3576d78411ae7c0b1c1caf31fde736dc8accacb662df76b620b62ce90b9f92c83309128621d057cf845805949088e938ddbc3d41c5e5541fec8298687ad2f79acda01aa215d25821436eac9d268716d4cd6050260cb4ef6aada4835e073a845821ff211ae2baadceb6e57f06f88345edbf93bfdf54fb74123b57c0fb4a79608d8db6740889e15733507799f7a1fd3017bcd77b28a2bb6c91ecd154e9c5a5ffa0eb62:c7566fb3b4d8def667e040f276d3ed98d36dff460126a75b4cc2100386bb01c642f6d8de7e649be6e0818b08d77ce60f4ee5e7717a50884bdee02034ecf1cd0c0d055291b2e861eae19ea0fb2069d8c9eef4f1347f3576d78411ae7c0b1c1caf31fde736dc8accacb662df76b620b62ce90b9f92c83309128621d057cf845805949088e938ddbc3d41c5e5541fec8298687ad2f79acda01aa215d25821436eac9d268716d4cd6050260cb4ef6aada4835e073a845821ff211ae2baadceb6e57f06f88345edbf93bfdf54fb74123b57c0fb4a79608d8db6740889e15733507799f7a1fd3017bcd77b28a2bb6c91ecd154e9c5a5ffa0eb62: +f3fd5ec5e230b6dad1ac3d3aebadc7863ff89de2a1317f424d15989a3efb0afdf99e5d5eeeaed1205cfb5c2cc4e5e9f6b4e7f64129f860104ca6244eb9feb564:f99e5d5eeeaed1205cfb5c2cc4e5e9f6b4e7f64129f860104ca6244eb9feb564:71f28973ed3df05945fa0bdb23e9beca651d3ee6bf9fa45ffdc6061e42fa2e8d76235f0e9e2daa65e52631fc3bead33da055bb492e4758e598a030a33b3c40b34371459b233ccc043cccc3a3cbce549e20e0b2b43305b64aec661aadba6556b17d76e3bbed62c4a4eac4f88603996752d2363c8d4a2789d128f6e959945c68c30146d194ccb6839ec65344601652c18b0074e2bc7668311697d960c7066597924d704d02a0193fafbfdf571ee0dfe414dc2f52896912bc32:44b0124663adb0c73aed49f73403461fcb19111b0ba17aa996566f477e37d524b0e1f107612fc52a7c767b181fbf4d629bddc08f30584dec6124c5d39d42310271f28973ed3df05945fa0bdb23e9beca651d3ee6bf9fa45ffdc6061e42fa2e8d76235f0e9e2daa65e52631fc3bead33da055bb492e4758e598a030a33b3c40b34371459b233ccc043cccc3a3cbce549e20e0b2b43305b64aec661aadba6556b17d76e3bbed62c4a4eac4f88603996752d2363c8d4a2789d128f6e959945c68c30146d194ccb6839ec65344601652c18b0074e2bc7668311697d960c7066597924d704d02a0193fafbfdf571ee0dfe414dc2f52896912bc32: +738f1310a4e08f917a0a5c1fbaf4ef72f95ee62fcded50868a3daf98856a448d42272c2c8b08470ee5dd8af8849c01b7508d3a3c65b0330e695c841d5dccb2f5:42272c2c8b08470ee5dd8af8849c01b7508d3a3c65b0330e695c841d5dccb2f5:f0e7ef6782d04c6943b19eb66ff6226b736e3b0940c09bb126bfc4c4ca7a5e7016c286b7bfd73aa6a79a96031bc81cb5da68cec71a6a0d39780cbe6a0cd4774d3aa06a881610444a8c9d19102294e5f635187aa6f48d11912c7094b38833028d570cb110db60625bb1bdc37affa25ea3c8f8dbfc2514f4365c62b2989a66d27c80384e74ae5fba8c1c2af9c72c4971e64fa6a1dc2517b31ea57ccb0815a7fe2da0f146caa08431d25d151662d9d26e95229d0c62823664123c:ce1e3577b6a21016b9dd0b517baa0ccb107bc199b8bbaef68f950c8ed58013c853b4d338eedc675079ab1390462ffefa6a959b043f8b5651c6ca375ce0b4a403f0e7ef6782d04c6943b19eb66ff6226b736e3b0940c09bb126bfc4c4ca7a5e7016c286b7bfd73aa6a79a96031bc81cb5da68cec71a6a0d39780cbe6a0cd4774d3aa06a881610444a8c9d19102294e5f635187aa6f48d11912c7094b38833028d570cb110db60625bb1bdc37affa25ea3c8f8dbfc2514f4365c62b2989a66d27c80384e74ae5fba8c1c2af9c72c4971e64fa6a1dc2517b31ea57ccb0815a7fe2da0f146caa08431d25d151662d9d26e95229d0c62823664123c: +8841d22aded69c131ef5ee0a10ab0a9b77cb754ede8d257a5372726e2b499c6e715ecca63681bc6e9e31d18848902f4d96feaf43b95d008642903b1763bc9fb8:715ecca63681bc6e9e31d18848902f4d96feaf43b95d008642903b1763bc9fb8:087ca6be2a950c024b3e7467fe00a7d364555d5dc6770f5ebd260642525bd3c0f965db36d7b229a57421eec64e4d991cdde59123034470553f4eb0be81ad2936c8ca26bcab4e5d79040e29798728601684a468323cf3baae4d948d0a1fd905effe16dc44642088df53f6388bc480edf4aa207d0ed161eda345712b4c00cb05fcf635ec2588785bfb8a27cdc28996a1db3e6787023393c075d83c9038fed7899c55fec307de3249c14bda49e8b895860942c36d640bb893779142:bb2bab7003f1311be9b8c883fc4fd528adfd51a9c99db3dca8da0fca958da19a10eb22332667b1a0065d3dbc0d06269a1259b6a890484aa2143a52695f145b0a087ca6be2a950c024b3e7467fe00a7d364555d5dc6770f5ebd260642525bd3c0f965db36d7b229a57421eec64e4d991cdde59123034470553f4eb0be81ad2936c8ca26bcab4e5d79040e29798728601684a468323cf3baae4d948d0a1fd905effe16dc44642088df53f6388bc480edf4aa207d0ed161eda345712b4c00cb05fcf635ec2588785bfb8a27cdc28996a1db3e6787023393c075d83c9038fed7899c55fec307de3249c14bda49e8b895860942c36d640bb893779142: +c02135e7b65aac72f63c32bf5bef5b68c7f3b8ed56208e59e4752070e9d07095dcf600f244037a75203ae11ac316e8dbe9986f0dce23473939334bf5cea48b0d:dcf600f244037a75203ae11ac316e8dbe9986f0dce23473939334bf5cea48b0d:86d9491350d2566e708ed356185d610c73465b2a5c7012919958af2cf76af995230d360de400b7137170dd0835f10fcbec224ee4e42c7d1cebb7f580fea8ed6223163bacdd1923a572cbb6dc26ca8b17ade68c6d2808c4ca1eca28eae9a145f68d4079d8d59d140e958228e7e99520e342dbd7457a9159740f48bdc27b93bdabeba465cbf0c8df5ef2c0f9386eebe656f5d749d5f9147f525266910d7b80396a90be5cc188a9a945f93e753fc99bafa18ee0a6dff79bf8484898ef:dd5cbae479eb5e229574c21ec3bed911113a57a1916d3313457515d55cc5b6e6ebc52c93f821d13988dbba8df5096d55ff9c39e7f9d561cb58930c96a7a5d60b86d9491350d2566e708ed356185d610c73465b2a5c7012919958af2cf76af995230d360de400b7137170dd0835f10fcbec224ee4e42c7d1cebb7f580fea8ed6223163bacdd1923a572cbb6dc26ca8b17ade68c6d2808c4ca1eca28eae9a145f68d4079d8d59d140e958228e7e99520e342dbd7457a9159740f48bdc27b93bdabeba465cbf0c8df5ef2c0f9386eebe656f5d749d5f9147f525266910d7b80396a90be5cc188a9a945f93e753fc99bafa18ee0a6dff79bf8484898ef: +154a47eba1b8c38362ea61faeb0c0ad7e61e412a3cba4688af0db2a487208b1c16de2c894a50cbd4ca90419a4ca64942cb14bd335c5d3f4a53e239c280bda725:16de2c894a50cbd4ca90419a4ca64942cb14bd335c5d3f4a53e239c280bda725:bf607e8b6e14d9c8acd96815af0c035ac73c4104c93786ccc1c9f859395dd781900320ebf356aa991cdc9f503fcee9f83675888a7d592002d2a54a573a96994b3fa865538c617ed8ad1ff62018288a674f449be0aab5222f74c4fd475ed6a8dfb27f45287b22b2b6c3bd15179f267d157d7d8a4159679be85b25c2bb2ba850aaed9ae3ae571be4f75836329cf36f412c1c80f1413b7661eab4a8e11b6024244fc62323ff02e38aceb1737bd474bf1e98015dbc788b027bbe217cf4e7:f4b6eb1a8d950e887fd2f30f70a23b41871495bfa5b8a4ad3996cd9bf51eb742e07f4c4d2da4b01ab087367a50e2b65b3cef514e40d837540b8c89966485910fbf607e8b6e14d9c8acd96815af0c035ac73c4104c93786ccc1c9f859395dd781900320ebf356aa991cdc9f503fcee9f83675888a7d592002d2a54a573a96994b3fa865538c617ed8ad1ff62018288a674f449be0aab5222f74c4fd475ed6a8dfb27f45287b22b2b6c3bd15179f267d157d7d8a4159679be85b25c2bb2ba850aaed9ae3ae571be4f75836329cf36f412c1c80f1413b7661eab4a8e11b6024244fc62323ff02e38aceb1737bd474bf1e98015dbc788b027bbe217cf4e7: +d3028431ce2eef73bd940ab84ca29f13fb26436aa25e1b7bf26cb33f17fdf81763df203e2860bac4d352e722c1c91fe3776e1cbcae8553a4f19890260bf0e457:63df203e2860bac4d352e722c1c91fe3776e1cbcae8553a4f19890260bf0e457:086335d61275d168eaac0540477f50d4b15f9e50b9be693921ed54a9941bc40643cda62e1d805d0250a81146bd5fe2d39e81444d21e2b21b031c111306cacbf52717f6fb4cd3416f1215f8dddcedd2f0096b0fcfa0a6cc2cde7a2bab7f1e32790b5361df3671424cc722f231bf71895bcdcb7b22ee074e8fb4a9678504e735366c172f07637b7a93149bb21f38883378a1db273fc23239e35337f9ce566d8ddf3b3133cad7f2ce81edb503ce1d27c5a657160b78dca9aeaea379be9c85:ce9729a96c3ed28943b27839c73382ecd572960c1f9e90c5eff9dd499ff48f17d25edd1268effe41ee6a81ce48d84de513df9c41442621b2f5491e346be18c04086335d61275d168eaac0540477f50d4b15f9e50b9be693921ed54a9941bc40643cda62e1d805d0250a81146bd5fe2d39e81444d21e2b21b031c111306cacbf52717f6fb4cd3416f1215f8dddcedd2f0096b0fcfa0a6cc2cde7a2bab7f1e32790b5361df3671424cc722f231bf71895bcdcb7b22ee074e8fb4a9678504e735366c172f07637b7a93149bb21f38883378a1db273fc23239e35337f9ce566d8ddf3b3133cad7f2ce81edb503ce1d27c5a657160b78dca9aeaea379be9c85: +ee8985dc27504440a8758d4c53e4225215797a00cd8631d59bd93bc66f373d5ecd647bb065693d486589156a9fa261437534dc86f46f72d0a800399a7af010f7:cd647bb065693d486589156a9fa261437534dc86f46f72d0a800399a7af010f7:f2220485addfebce02a833aca33381d1df917ed609950ed24f85e3b02b2b994b4d939784e332f41064c8b4a2630ab36961742aa1cffdcb08c144eeaedeafd48b5dbe96bf24350e14fd68286bc08eeaef8bc6ad9e195d1484afcd30afa8ced4848126d56c81b43c27a5dbbdec1a50c11062ce21c61d860c25a862fbb75c3bd51c8dc07636668669bbf751eacaccb3b51d2c0d4140316cfce2eb18d2908cecd5a188679bc5f5de290f548e7ebc57d41b589a24ce88ee48d97e8d0c7c769960:5bd60ad5e9bad9932ca9c75f231a76889ae7a8b864b91d1fcba5c5d4bfa1d92838adb974842a0710779b3e3094044909e92c7cf046ce519f4c68e8f19ec03c02f2220485addfebce02a833aca33381d1df917ed609950ed24f85e3b02b2b994b4d939784e332f41064c8b4a2630ab36961742aa1cffdcb08c144eeaedeafd48b5dbe96bf24350e14fd68286bc08eeaef8bc6ad9e195d1484afcd30afa8ced4848126d56c81b43c27a5dbbdec1a50c11062ce21c61d860c25a862fbb75c3bd51c8dc07636668669bbf751eacaccb3b51d2c0d4140316cfce2eb18d2908cecd5a188679bc5f5de290f548e7ebc57d41b589a24ce88ee48d97e8d0c7c769960: +80dfe2bf7387bad4654eb076f8dae9595163e40127f5df492dad7df04c7221c4d1783ceeb9cf8e4d07764c473fa4061b8274397103f2076d703249d758b8fbd5:d1783ceeb9cf8e4d07764c473fa4061b8274397103f2076d703249d758b8fbd5:aa09d784bb09dc999931ebb4c00e424cefeca104818d8eaf0661f09728ad025ef47393210571f17404e9aa6d8cbd5fd88cd7dfb8e2e8a108c05de206f3408234a3b463dbe71a07d05587324524b7326ee79d3348ddbed7871b86fcb488031dc9ea93f6b8d7fda6239348a562444faf1e72d31af35443e9df53e762f3e56b48668f9784b3368ab278a48ef4546a26cfad0d0a5161698f26ee8d34fc2b3d6dfb93b009ac296f6afe487ee335eac9f02cfcae5fcbd1a16ba4e71be1b112562fc2:27279e3cdcb03ef557a5defc2f6c58128a6dc3f8b0385958014e709c1f61b0ae6b403576f0e454d5e4c64c173138ee4bbd5fe7b60d06c5abe23fe99ee3b46a00aa09d784bb09dc999931ebb4c00e424cefeca104818d8eaf0661f09728ad025ef47393210571f17404e9aa6d8cbd5fd88cd7dfb8e2e8a108c05de206f3408234a3b463dbe71a07d05587324524b7326ee79d3348ddbed7871b86fcb488031dc9ea93f6b8d7fda6239348a562444faf1e72d31af35443e9df53e762f3e56b48668f9784b3368ab278a48ef4546a26cfad0d0a5161698f26ee8d34fc2b3d6dfb93b009ac296f6afe487ee335eac9f02cfcae5fcbd1a16ba4e71be1b112562fc2: +da1f868542cd7cce7a5ca3fa3c24081b4d2344b21a157f0264a347132d19659dcb3a25a53f272ea813804468d6500e96a1eaf822705b7790a8ac3e98cc4e524b:cb3a25a53f272ea813804468d6500e96a1eaf822705b7790a8ac3e98cc4e524b:c6987ef380d5d0e74196443aaa3a32356cbc02636c5a4b6d62a8114b2111bc1abddd9e44b3672c18b58d4ef591af4562e020049f8e1274688e1f8e5296d2f9252e7fc84cd1d0c58e98f0f160530aa22c871eef652e71974ce91b4a65fc25fd09fa1b6c32086e98ec708d9abcb1d9cc8e1a089ed8db2206ee9570236ad69b3de6821862fd2c70cd83a32a68b0486229553d928de48d03a104e87381964abea76683976d527c84163a12eee0a55986cf1431e9c86cba8182ca94689bacd165fbce:75c517ade4f08d7746305743d1a776c3c55eb5eedfdfcb5eb1d5634a1bdaf7a4b8d24187d6c8850e3ced6567a03c4c59389a4cf47114ce5473160f230546e60dc6987ef380d5d0e74196443aaa3a32356cbc02636c5a4b6d62a8114b2111bc1abddd9e44b3672c18b58d4ef591af4562e020049f8e1274688e1f8e5296d2f9252e7fc84cd1d0c58e98f0f160530aa22c871eef652e71974ce91b4a65fc25fd09fa1b6c32086e98ec708d9abcb1d9cc8e1a089ed8db2206ee9570236ad69b3de6821862fd2c70cd83a32a68b0486229553d928de48d03a104e87381964abea76683976d527c84163a12eee0a55986cf1431e9c86cba8182ca94689bacd165fbce: +f13daec0ef33ddd133c7d244d10fd27ddb23705280ff5f1815f0f656d836fe842dc7f1367de672c51e005c74f876f982593996873acba079292734c209c2b111:2dc7f1367de672c51e005c74f876f982593996873acba079292734c209c2b111:ec02ff1804b2b309af3158b66272a14a3aad83c41a719846f7088ca9792af575c78913c432759f0b9a748bdc5568496e41658cc1cdb8da6c91d07c3ec2f4af504249b996aa00c0071cdfa793f82d0ec5d267262f518fc029b88e20b6201fb9e05abd3f9524c5da2fa8978ff2efd48120cf00822d1bee90df816125d8edc0cfb5de66d16be63896a412a62b031b7118ac13fe2c9faa6b1a3342f9ccf7884166cf489a84de26b5ce5b21856a3af289bc6622c0aab9f2142d393f5d4b236779dbb066:db771833f7fdbacdab2b5cc80eed50afdf13783b7fe5e903d5dbb4c2e535316a6eef4c34f004d2b9a4e2700bd6e2acdd564c3c80cc68a303f5fb091cb4340f0aec02ff1804b2b309af3158b66272a14a3aad83c41a719846f7088ca9792af575c78913c432759f0b9a748bdc5568496e41658cc1cdb8da6c91d07c3ec2f4af504249b996aa00c0071cdfa793f82d0ec5d267262f518fc029b88e20b6201fb9e05abd3f9524c5da2fa8978ff2efd48120cf00822d1bee90df816125d8edc0cfb5de66d16be63896a412a62b031b7118ac13fe2c9faa6b1a3342f9ccf7884166cf489a84de26b5ce5b21856a3af289bc6622c0aab9f2142d393f5d4b236779dbb066: +42dc16c57fb6f128945fa101e05bbf548ef7d97726b692fe404069cc57ccefa00a1ba5df523996f954b34ddcfabad3f3dee21a5fa7a4ce322d216bd8ccaf438c:0a1ba5df523996f954b34ddcfabad3f3dee21a5fa7a4ce322d216bd8ccaf438c:f2714c23a3a6fc11ad15c980b7350fc84217877661188055ff750d82c49c5fef7bc8e6aac574a1b79a3f26d16969c0f406eeab3e9e12850a55709745e30dffa62a69dfb2b64b3c1bd2bc3586e26d4eea714d2a7b71cf79fb8ffbf2aaad00ca3e4f2b6f503cc1fef2eab3656fb44f8d62a8db8ab58f394693949eea57fafecf005f6ebf1287dba4d2d623c02ea171f567e526add20709ebcab962f83d98ef668ebd01ef20488b3665e3a446fbfb13d34050942c749bb2dffc766367fd452e68e5b0c6:c75977e83bcfe9df7292a860ed972555b5c24416fd4b7ee3285388fa5b1447608e4a347813cfe093512a7651e422e9867db7b97c0b0867f0b8c7b7f4f02c310df2714c23a3a6fc11ad15c980b7350fc84217877661188055ff750d82c49c5fef7bc8e6aac574a1b79a3f26d16969c0f406eeab3e9e12850a55709745e30dffa62a69dfb2b64b3c1bd2bc3586e26d4eea714d2a7b71cf79fb8ffbf2aaad00ca3e4f2b6f503cc1fef2eab3656fb44f8d62a8db8ab58f394693949eea57fafecf005f6ebf1287dba4d2d623c02ea171f567e526add20709ebcab962f83d98ef668ebd01ef20488b3665e3a446fbfb13d34050942c749bb2dffc766367fd452e68e5b0c6: +90b455c6bb9cec83e137357065339d030525d0ea7f5b923a2d5972c3c12aa37b5cef038c16bfa4b4c923a0fe70cd7f25c8bc837fdf5a7efb9d95f21b96be925a:5cef038c16bfa4b4c923a0fe70cd7f25c8bc837fdf5a7efb9d95f21b96be925a:c62cfdb9d21eee6be47f30727aaee51f0703789a431d32228533350217a93a18900669c95956f3f2ae90dc745a71e18340d058d16b4c6fe33b64af8dad973fe5dc02e8520705c7a8bb3ccbe1838c6c249337f9b6a4c0e1f8a4e5d103196fa79998923d0422e9d079a72cc2a8f86d659031a607d4cca0b947b3abeeeef64c28da420d05de665a5510fe55f77598ecad7faa0ac284800b53829394c4ae90be66678ff04ab46da265ae06402d8c83cad84d61a051de0260559888e779f74b72a5d71c132f:c9345eec2c4a0aec732386494a69a3fce8b8a1be366bbed1659f131fe97cc037fb1b7c1b68b0f3023945d20090a0cd2c1553a47faec4d66fd816ce121168f309c62cfdb9d21eee6be47f30727aaee51f0703789a431d32228533350217a93a18900669c95956f3f2ae90dc745a71e18340d058d16b4c6fe33b64af8dad973fe5dc02e8520705c7a8bb3ccbe1838c6c249337f9b6a4c0e1f8a4e5d103196fa79998923d0422e9d079a72cc2a8f86d659031a607d4cca0b947b3abeeeef64c28da420d05de665a5510fe55f77598ecad7faa0ac284800b53829394c4ae90be66678ff04ab46da265ae06402d8c83cad84d61a051de0260559888e779f74b72a5d71c132f: +dc185c2ba0b378dfe5dda510c32feff535ca2e8a02434b326e0158bc878e884833d6cc05a434e419280d5864a1af209a2c676814b70f72f8141ac7e0573ee63e:33d6cc05a434e419280d5864a1af209a2c676814b70f72f8141ac7e0573ee63e:e276b11912cca5a84bba650c172aef3a4d5f91ac722913bb891a3ab0424ab07ea709cb8bba3a3d11f82f51c2af0162a82f7219ce27b35a30507d536a930817e40f85a22a5a432b94d192c3c8911777cfdb7fe937a67502770d6d75753d3ae88229e08f1ed23b4328d862ac61863c063ea9848f8ab96a0213d7b936c48fe754836c98487859d199b3d940392716a1d569e6c0cb1ba918932cf88525e256c8abb11aaf0b454655d5db55713cebba287ae202651ac872bfc80feaa7e00d47c0be38e658f7c5:f1e44514d2ecbcc8d1a7e84bf584ce731835e9894f88974f098d456b60718f575ef4d8062f2182504250cf83bb2af2a79b1f58a6a97bd98da467132d7bec2f05e276b11912cca5a84bba650c172aef3a4d5f91ac722913bb891a3ab0424ab07ea709cb8bba3a3d11f82f51c2af0162a82f7219ce27b35a30507d536a930817e40f85a22a5a432b94d192c3c8911777cfdb7fe937a67502770d6d75753d3ae88229e08f1ed23b4328d862ac61863c063ea9848f8ab96a0213d7b936c48fe754836c98487859d199b3d940392716a1d569e6c0cb1ba918932cf88525e256c8abb11aaf0b454655d5db55713cebba287ae202651ac872bfc80feaa7e00d47c0be38e658f7c5: +90721c43bc366f24bf4e8c993e138024682f1029dba35abeb0d60c7fa710021c7c63a2f13b7b220a0bb752e3800753b8b6b32669378ce131bb77a9a8d230e9ae:7c63a2f13b7b220a0bb752e3800753b8b6b32669378ce131bb77a9a8d230e9ae:651c9617cac958c7edd4a5f3fedfb83dc971abfbb69a31e898cca8472ef068034a6d2376ee0e72d0a9bfee275796c3795adac8ebe1d12b66ec268f6b75fa3941154f99e223faf2cbab5b92e2b3ba7b79be7700ef9dba69253cce5356b0c4e74703cfcafdb5546850b46232675c90c02d5e426d33d60cebf0c7930182379dbb007f536163c8ddbbd3157bb2da62340133f00ae2682ec6baa6416b5a01521cc10e04695295f2e5b94c05f00383ffe954830797f6df823172532f98165fe314ab325929af8385:d2064a6d6c99c6c3f152d2d435f24e34b5459b082ef11e944a77ff54ddf9862737ecb2ac8d54207d36c51ad41f36490a111ba80e126bfecb09def6accbdf880e651c9617cac958c7edd4a5f3fedfb83dc971abfbb69a31e898cca8472ef068034a6d2376ee0e72d0a9bfee275796c3795adac8ebe1d12b66ec268f6b75fa3941154f99e223faf2cbab5b92e2b3ba7b79be7700ef9dba69253cce5356b0c4e74703cfcafdb5546850b46232675c90c02d5e426d33d60cebf0c7930182379dbb007f536163c8ddbbd3157bb2da62340133f00ae2682ec6baa6416b5a01521cc10e04695295f2e5b94c05f00383ffe954830797f6df823172532f98165fe314ab325929af8385: +9cec246758e412e7378b4579eafe9fac5a25d5405f9270b5d7e543414ec3d5da975a9e6a152caebb2f9dd0deb76dd922b6dc77055dda03fbae9e7c685d073aa1:975a9e6a152caebb2f9dd0deb76dd922b6dc77055dda03fbae9e7c685d073aa1:17ec9bd47add6ccfbd787af0d9013e9cc979aaf850e09426d3b28edfd71296eb31ff8b21c5fe7be050f536324c3ec48850e0b508a36bb4cb7e754b327183a1b394d88a7941d1ce8dac62a5d8291874d78485e51f29ed05865a206e52ecb12c5d107d4ff96f25d3c5d181d2c4ba6463600db1cca32857fcf597cbdfb2fda2708a8aba281b43c3d28c4a4e7983361509f61a1074e6f0ad6101c7b567ee4078e9839c47f46531b729ff0efeef7c9d1a8d833d9c0f42812a34187c3a778c165c09d6459c9c7ceaa2:9bad1e3b1279ef658f4d071644c63ae2b7a780357e9dc426f1650ec0634dfc520f8eda9dc8f10aa7324c5942d2347ff8802bd90e95fcec313352cdae64f32a0417ec9bd47add6ccfbd787af0d9013e9cc979aaf850e09426d3b28edfd71296eb31ff8b21c5fe7be050f536324c3ec48850e0b508a36bb4cb7e754b327183a1b394d88a7941d1ce8dac62a5d8291874d78485e51f29ed05865a206e52ecb12c5d107d4ff96f25d3c5d181d2c4ba6463600db1cca32857fcf597cbdfb2fda2708a8aba281b43c3d28c4a4e7983361509f61a1074e6f0ad6101c7b567ee4078e9839c47f46531b729ff0efeef7c9d1a8d833d9c0f42812a34187c3a778c165c09d6459c9c7ceaa2: +d1403f63202e080525843bde255eeb6b6783c1caae9d6ed00ba60805bed1941f238aea3ad6d6f27783e70516bbfcca4770366b50ed0fe6a4e966b53af121a721:238aea3ad6d6f27783e70516bbfcca4770366b50ed0fe6a4e966b53af121a721:c4f17d442fba4ca0df8dc1d0628d7d7f36b60b5758d7c13b80b8f97a62124d96a23b279565495a8accab5997115b13a4ba220a73957eb7930520acbbfb6f54cf68726b6450c6ffa9470b055ea262914e2bc612633f1ac3d0618a23dff188a733d76bcbcc460f52ab61e19938f9c8caaa792c208d1f6c754728905fda51d881a347a53da744d3baadc0a76c474c558680269095f9084a74471d5c09ffc29141b5bfaf4954dfacbca663d037b17ebf9559882233e5ca5a8bf75cca4fc9c5a4109f32e145f3853b17:8e60e73c063816795e29f5d64ece1159f1b5d5021a6f8f655e261a4d0026f5b94ff2923250499d995298480512e4126276aa4a226d015a95827b3ce692e23302c4f17d442fba4ca0df8dc1d0628d7d7f36b60b5758d7c13b80b8f97a62124d96a23b279565495a8accab5997115b13a4ba220a73957eb7930520acbbfb6f54cf68726b6450c6ffa9470b055ea262914e2bc612633f1ac3d0618a23dff188a733d76bcbcc460f52ab61e19938f9c8caaa792c208d1f6c754728905fda51d881a347a53da744d3baadc0a76c474c558680269095f9084a74471d5c09ffc29141b5bfaf4954dfacbca663d037b17ebf9559882233e5ca5a8bf75cca4fc9c5a4109f32e145f3853b17: +bdf6bdc31ab0b5313784483abeca6ea5e9cdc68f81b21f350d09c3907bb9b6a103627712b755e5069fb9ab8f9e899724029a7f268af9398821eeec9360c9285b:03627712b755e5069fb9ab8f9e899724029a7f268af9398821eeec9360c9285b:90a66aafa5642a98e79f0d88147080167b11e4466518f195cddd8940d12ee4918d31a6d4cb77d0bf5af29983bbe5085610a79daf0c75a78ccbcffbbdab2189c394ae24e265bd8c55fd3f4098e1b175577549518e7a4dcf7452086dd1278dd58ea4c0aa690e917951ef39fcff60cbfa1e90910bab5374928d4722f702bf5ad6028ffda6541fa5ba1a3779ec78b0a95fe3850c748b6c8f42f330ec79541a52a1cf57db72df4f92ce7f748aeef1af33bc5ae0a82c89dff216f23aec168a7dbb510aa632daabcc971b3f:38fac603ed246f833f1c0fd4585698b0a71305eff0d14a0049b3cef073bd036dd451b3dabadaaeaea2aeaf83d395746f4e86866ada971cbe482edb0419332f0e90a66aafa5642a98e79f0d88147080167b11e4466518f195cddd8940d12ee4918d31a6d4cb77d0bf5af29983bbe5085610a79daf0c75a78ccbcffbbdab2189c394ae24e265bd8c55fd3f4098e1b175577549518e7a4dcf7452086dd1278dd58ea4c0aa690e917951ef39fcff60cbfa1e90910bab5374928d4722f702bf5ad6028ffda6541fa5ba1a3779ec78b0a95fe3850c748b6c8f42f330ec79541a52a1cf57db72df4f92ce7f748aeef1af33bc5ae0a82c89dff216f23aec168a7dbb510aa632daabcc971b3f: +57b3b14ace1cd0cd603e6328bd219ee7d9d094487fa668f28aeec02b43c909a724e6b6395f97ea0e237186d469b71923d2113adf403beeeb4a2d27909aaf3eda:24e6b6395f97ea0e237186d469b71923d2113adf403beeeb4a2d27909aaf3eda:b2e0dedd802eed996dbd5836bf8688b0d1201bf5442ff9bbd351aeefe1a0c21fea2b5c9fe5edee47e921099b05aedaa80367c1ce08821d783a5b64cf059c0f4335083986a5a6ecff8c84fd40e0ba5dd5e5d2f01112a84ce5cf8e0db78beb182d9139c0b0f3e0060a3fa73869e96423f170df9af1cb9c35566d87dff542223f6d439bdb54729d366aff637b0f36a5d14b15d612bd03076cc4d04c1f25b3ba84e0d1fe474e5718d1a17d5a488465662ee4c3f664b4c9274b649d78cea4e85243f3713239048a908ce3e1:fc79fdc6d090887a61e43c6b9187b657d2e4d9cbafd6e7caeb7ebdea842825b78fb949d2c49a0cf38b6c73296d82c8ddeb1fe2d40aaddd7964da68acf8c66f0eb2e0dedd802eed996dbd5836bf8688b0d1201bf5442ff9bbd351aeefe1a0c21fea2b5c9fe5edee47e921099b05aedaa80367c1ce08821d783a5b64cf059c0f4335083986a5a6ecff8c84fd40e0ba5dd5e5d2f01112a84ce5cf8e0db78beb182d9139c0b0f3e0060a3fa73869e96423f170df9af1cb9c35566d87dff542223f6d439bdb54729d366aff637b0f36a5d14b15d612bd03076cc4d04c1f25b3ba84e0d1fe474e5718d1a17d5a488465662ee4c3f664b4c9274b649d78cea4e85243f3713239048a908ce3e1: +018a2c3deea50ab506751f9c2adaadfd9e2192121609931684eb265e193e7f89af410bdddefc644ef12c9899ff71b9e1d0dfa3d69d8c2cd676c1916b34591cfd:af410bdddefc644ef12c9899ff71b9e1d0dfa3d69d8c2cd676c1916b34591cfd:cf7813efac12ad1c7c7322ccbe54aa0e9a8ba4fd4345b06e4ce7a35c8b1cd5e3f7f0688533849ba2cf4c75b6f20926a1194a72df0e1b1b34456a2133112d006722fe811d5e40c4121159ded88990c0ac2bfd34f35af4f07cc402e9a381a675d03fec7ec438c4ad9d929aec8f242def023c993c9e8ba18c7428e88fde68a4711e506d7969f63c8e0bc83ff0de4e1336106c05e09d5922400e8a81bf54885667899785882b70f20dd8fb1e75f5855b765a256da4341bf23ea0ffa18aadda381816946001045669c8d04df0:7a44e6a31932dee6dc2d8394e29a6551d13e6c6ffdfa218fa5b998668d8439db5e05379fbfa0da5b563ed966435ae2c54e3ad16e1a9fca1f5a157a080704ab03cf7813efac12ad1c7c7322ccbe54aa0e9a8ba4fd4345b06e4ce7a35c8b1cd5e3f7f0688533849ba2cf4c75b6f20926a1194a72df0e1b1b34456a2133112d006722fe811d5e40c4121159ded88990c0ac2bfd34f35af4f07cc402e9a381a675d03fec7ec438c4ad9d929aec8f242def023c993c9e8ba18c7428e88fde68a4711e506d7969f63c8e0bc83ff0de4e1336106c05e09d5922400e8a81bf54885667899785882b70f20dd8fb1e75f5855b765a256da4341bf23ea0ffa18aadda381816946001045669c8d04df0: +bea445e9b6d3f21235912cd6c42ec0577297ca20a10357880c2b846dd8e2cc77024174966221699ea4b0a37e517ff9b16598ae4d4e83bfa3ca50bc616841f595:024174966221699ea4b0a37e517ff9b16598ae4d4e83bfa3ca50bc616841f595:4743c7c099ab815927b3674d0054b6de59af2811abc2cf7fde08f62929185adc238fadd5e75ae3ba0036ff565a79405b424f6552331e2789d9709ac1ecbd839aa1e91c854817597958cc4bd91d07377507c2c8d3c006cfeb6c0a6c5a50eee115e21153dd198ea0a3aff62b7075d5a461788783f050e659c572963d7a59e5afaa2b9c501f43c6ac08ab4797c4566d22b93cdf65a99a2a1d638e79f72b5f4631fe5e9e5f968f6db7a1880df51d8febc14942672f8ea6fc3a72814a44d66d148420a69000f68c330de5b80fc6:6964b9c5903e74e99328acef036558eecd3369150a52e2cbad4bbb97d461b3dfc6b3e8455813a4f4bdca46302e02e683ecea1820171c538e54c3de6c954aa4074743c7c099ab815927b3674d0054b6de59af2811abc2cf7fde08f62929185adc238fadd5e75ae3ba0036ff565a79405b424f6552331e2789d9709ac1ecbd839aa1e91c854817597958cc4bd91d07377507c2c8d3c006cfeb6c0a6c5a50eee115e21153dd198ea0a3aff62b7075d5a461788783f050e659c572963d7a59e5afaa2b9c501f43c6ac08ab4797c4566d22b93cdf65a99a2a1d638e79f72b5f4631fe5e9e5f968f6db7a1880df51d8febc14942672f8ea6fc3a72814a44d66d148420a69000f68c330de5b80fc6: +6447540ed7be0a11c2a8de793d83c6e244983db18d78ec9d75f1729c92e0fdf1391212c8edc4d334a5bec860ef0f5ebb5ec44e8bb51c0f6741998959b2b379fc:391212c8edc4d334a5bec860ef0f5ebb5ec44e8bb51c0f6741998959b2b379fc:a4381c7638c48799e9b5c43f67fc3aa3cbb5ec4234f37e70ccccced1627a57683d1e53f4e0883d8b462bf83f1308630368c89b491533ddb8c9a5b9e8155002fdd581a9a5be0e430b9086a6beac4720210f87b14e862d97e5cc69286786a7586723f231ef0e3e1b932dbba3a18a0cb221cb07f80e6a8e1300056c13e702b23bfb3250ec7cc864d5c7ec5786240709c56024ea6be5f7b15a4fa5555e39a744a1dc557df5b948db220b3d5745746691dacb4421641cdcc12e7ec0450293f19ec57b09cff135847aabe446a61332:3ab5f88e2f7276b5b6583dffba5639993a905dbf9b88ceeaaaae3335800e4a5f10f83da6d6225a8dbe99ae80075009dd508786b3975113db478e14ba101bee0fa4381c7638c48799e9b5c43f67fc3aa3cbb5ec4234f37e70ccccced1627a57683d1e53f4e0883d8b462bf83f1308630368c89b491533ddb8c9a5b9e8155002fdd581a9a5be0e430b9086a6beac4720210f87b14e862d97e5cc69286786a7586723f231ef0e3e1b932dbba3a18a0cb221cb07f80e6a8e1300056c13e702b23bfb3250ec7cc864d5c7ec5786240709c56024ea6be5f7b15a4fa5555e39a744a1dc557df5b948db220b3d5745746691dacb4421641cdcc12e7ec0450293f19ec57b09cff135847aabe446a61332: +0c587a811add88b994458c3c808ac4e3a83afab26d4cff5c961b9df0b5c8334406783b0cdcc5028c5638bd748f0bc76f7e94d1aa2015ca948738a3500460aca0:06783b0cdcc5028c5638bd748f0bc76f7e94d1aa2015ca948738a3500460aca0:f56dc6b76076325b2126ed11d1f09decef9d15c31d0e90cdb1a27e089cc56329f6ec3f665eb6739ec5678b3f37ee1fb37deb9e240092b7a88fd25525acd55e294eb1046f9b1b69a847eb9ceb7b1593b9f6978ef618c15de4e059ecc3bfda3297a19c2df202adf72155cf21eabd03948df15198e8a68b0884f93ad5e36eb0983cca30e45a8b4b5fb8136fdea8a3341dd7877540a557debf7530cc33aeeef6271c3f0af6d09787e815f2f1dd25ce4d2fd09ffa9f53081b469c500da4d44180c04eb1869329cbf2d823187e831c24:33b4f4274f20008a721d1e8d054a2b4e95327e38bb07b33c4bee7e1ce020a442fb2627eda3b7ac93cd3ab0b12b99935a1a9233111604da4acffb5315b907120bf56dc6b76076325b2126ed11d1f09decef9d15c31d0e90cdb1a27e089cc56329f6ec3f665eb6739ec5678b3f37ee1fb37deb9e240092b7a88fd25525acd55e294eb1046f9b1b69a847eb9ceb7b1593b9f6978ef618c15de4e059ecc3bfda3297a19c2df202adf72155cf21eabd03948df15198e8a68b0884f93ad5e36eb0983cca30e45a8b4b5fb8136fdea8a3341dd7877540a557debf7530cc33aeeef6271c3f0af6d09787e815f2f1dd25ce4d2fd09ffa9f53081b469c500da4d44180c04eb1869329cbf2d823187e831c24: +66cf401a2142fcf4a8018046cf4140bca18d76ef6266e7a024757df172a5d65367d48dfd23743cc2ca40e4dfd6b8cc5d84be82dd2b1120cc476e6af6f25ecc98:67d48dfd23743cc2ca40e4dfd6b8cc5d84be82dd2b1120cc476e6af6f25ecc98:daa8efb3fd41f12fbc55bd60464157a26d718632d882aedb6bf98e47dd2337879e0b46452e062e6dfbff3e7bca7289e4ef6b3f41d4b03bdc2c842afe97f3029883ed45f6054dde9690649abb2b8dc28f5fe8cecf80fc1ea411bfc40bbf4fd20b218cf47ea8ee118d4d5aefa5c1bfa08a8fb1b30d6de0977cd15e50292c501f2e71ce2740ff828b8432da5a594bab5223760b64792ed3a69dd75e2829234943656513df1a17a2a067a9a8eaa64e19569f46939d34b99271ae50a47d7dbca3620c81255b0e1fd1f3cec851f1b11b35:d6b0e80e60bc1b29ab8f74808fc460847795ccb887bac0ecaa8e135297a85097712b24b0a1fbaf7a67c5d530a47d0643fc8702c059d215fb112dbe475e5bca0ddaa8efb3fd41f12fbc55bd60464157a26d718632d882aedb6bf98e47dd2337879e0b46452e062e6dfbff3e7bca7289e4ef6b3f41d4b03bdc2c842afe97f3029883ed45f6054dde9690649abb2b8dc28f5fe8cecf80fc1ea411bfc40bbf4fd20b218cf47ea8ee118d4d5aefa5c1bfa08a8fb1b30d6de0977cd15e50292c501f2e71ce2740ff828b8432da5a594bab5223760b64792ed3a69dd75e2829234943656513df1a17a2a067a9a8eaa64e19569f46939d34b99271ae50a47d7dbca3620c81255b0e1fd1f3cec851f1b11b35: +5dbf885aa598e895571f5f65090b72323e9d70b0f58110687afbbc383afedcacfa17eba76e3bc3ea6dab3a5b120dc5ecb9ae6f00138f7d36dda9268bc4722174:fa17eba76e3bc3ea6dab3a5b120dc5ecb9ae6f00138f7d36dda9268bc4722174:1e0b6cf15ce03337179c02d65408df5be9200c3782b6004af94ea4decb257999d6fdff301d11d00c98c372fac0d026cb56dfefe3def7eb99ac68d6968e17124d8446f53e8d2d3dd890d37a23c7e0b83a484b3c93bddf6c118e0281959d27bd87d37e843d5785f4a40771398494e6c4322fbb675c1d479321032148f7fe52564ddf7ae7ac269d0cd2e552fec589aeae0fb93fe3eeaef0856096cf4f6b3497e7235cc8494d810a0b46c5eac87f187e505bb7764f8045c9541983f7b025698009a23d9df0bd1a473cbee4cf5e9488ecbc:e1429dab2e42cd035b7fc602efd6baf94706f16eaf2f8b5fed329239e875605fb172f5dd9ae2bc2eb42eb474567e292f5206e82e694bca0d6d433b867634cb0d1e0b6cf15ce03337179c02d65408df5be9200c3782b6004af94ea4decb257999d6fdff301d11d00c98c372fac0d026cb56dfefe3def7eb99ac68d6968e17124d8446f53e8d2d3dd890d37a23c7e0b83a484b3c93bddf6c118e0281959d27bd87d37e843d5785f4a40771398494e6c4322fbb675c1d479321032148f7fe52564ddf7ae7ac269d0cd2e552fec589aeae0fb93fe3eeaef0856096cf4f6b3497e7235cc8494d810a0b46c5eac87f187e505bb7764f8045c9541983f7b025698009a23d9df0bd1a473cbee4cf5e9488ecbc: +84b3aedd4797a565c351de7dfa0700b9ff7c4d7291c8808d8a8ae505cdd22590d7ad72caa7c22209ec4678d11d5590a6cb28a07117fe5aef57b50751583201a5:d7ad72caa7c22209ec4678d11d5590a6cb28a07117fe5aef57b50751583201a5:532567ffa53b5c0fcd29c39499d2e78ecd20e63123499240e775088b394dc65c8baaa0fe8f6aa7e70181f9e10add8b4a8beb0b2ec38a43309f100cd4be91c6f48e79dc0aee93a15c9403773b354a8d42ed48d8f276230fa6de5ada501ee0a653b4458f0ecf6d5b3c33e2141c662f6ea055f741e54586917d2e0c4eb2b56621f9665fef3246f0bd800b533e3bc615c4021f8d0e2ad233a11e7736c493acc31faee76a097dc40db9efc22446eacf1cc18f51fd10236a2f942d0a53c3ce209108b5938c0a9e536b89ef0ad6b405a10f22c3:9220f0edaaaee1b876350dbe9266061767b86296c351d4cac99d07cd612c6efb24f8f9b0b975f95c42c5b6afedc892f87efedd39d5160294c27658bdcf42850b532567ffa53b5c0fcd29c39499d2e78ecd20e63123499240e775088b394dc65c8baaa0fe8f6aa7e70181f9e10add8b4a8beb0b2ec38a43309f100cd4be91c6f48e79dc0aee93a15c9403773b354a8d42ed48d8f276230fa6de5ada501ee0a653b4458f0ecf6d5b3c33e2141c662f6ea055f741e54586917d2e0c4eb2b56621f9665fef3246f0bd800b533e3bc615c4021f8d0e2ad233a11e7736c493acc31faee76a097dc40db9efc22446eacf1cc18f51fd10236a2f942d0a53c3ce209108b5938c0a9e536b89ef0ad6b405a10f22c3: +6950bfcf480b98ea18a2d5ae5ba6e7668f4c283ff2711357740ffe32cf25819a8e4c6f233f7b86321c9d6799bac28aafcd2503d7aa0a7bded8722727fbbcaeb8:8e4c6f233f7b86321c9d6799bac28aafcd2503d7aa0a7bded8722727fbbcaeb8:a401b922aba57ee0c6ac1c8f1b48296a8562eef137526893886a08306e2203667788618b939864467a31f16edce152a42c25546b640ea8bed189a4f89886a37f106911eae1f50081bf795e70c6504437d2a80cb839479ecbb87c129bcc5fe31d716ef978c206d7f08a793466594f4d75e215bb6374596f8e7d00eea724780943e89bd3863c951bbd24efee23c97c2c797c7fafbf8f2c8b43f37a5f881129a09573fa7a034a285e80dc4ba4bc9564a4dcedeb33167e0b30c5a00b9a109a2231cfa0012b29b2b3450b892eccef0808e503f8:94de5df7a25ecd70205d40bc9499fc7cd7136568060a419a93be6e318664bb6dfce60e2d4e633f7ec148fe4f834ed277c1fec4c4e2a86f44c4589c817888db00a401b922aba57ee0c6ac1c8f1b48296a8562eef137526893886a08306e2203667788618b939864467a31f16edce152a42c25546b640ea8bed189a4f89886a37f106911eae1f50081bf795e70c6504437d2a80cb839479ecbb87c129bcc5fe31d716ef978c206d7f08a793466594f4d75e215bb6374596f8e7d00eea724780943e89bd3863c951bbd24efee23c97c2c797c7fafbf8f2c8b43f37a5f881129a09573fa7a034a285e80dc4ba4bc9564a4dcedeb33167e0b30c5a00b9a109a2231cfa0012b29b2b3450b892eccef0808e503f8: +61b260f5b848b271ef48e5a56d297432d89f2ab85bd538fa668870d0560220e56086fe8735f399f1af2e395e0fdfb5629ebcb04b6ed4a54a9e47052c6e8191d4:6086fe8735f399f1af2e395e0fdfb5629ebcb04b6ed4a54a9e47052c6e8191d4:2826295d79945f675476bc4d45ef800d80b1f0398e4be60e3de4571ed108df989f032de6c2345d9948d677927ea0b8cf1a5ca36fd5f23c25dc0d2ab5bd565a54af46fd97d338d770e3a7b47efb54c07a1664707771eb4e37d9d70ba779251dcdcd3bf6d1248adec53f787259c4d594d5fd4ced8e3db7621d4965d48298178124931a3d0cd269b2d53b7cd261b96d370c5d9693c8ad133ed58945ee3540e10625d924aeba9bdafc656100aab276fa996b1db477bf85ea559081d5b4c7307dc1595654aca82f7b6d2ddaf7357c15a4d7d8b908:9828fec8ff5cf85a98f450770b5bdb4b80daca44379d8f53c91c348e22df64ac48f2b6e2a7b3b642bc8193a194316229e69447ed241cd423d83b6fe7b2d44b002826295d79945f675476bc4d45ef800d80b1f0398e4be60e3de4571ed108df989f032de6c2345d9948d677927ea0b8cf1a5ca36fd5f23c25dc0d2ab5bd565a54af46fd97d338d770e3a7b47efb54c07a1664707771eb4e37d9d70ba779251dcdcd3bf6d1248adec53f787259c4d594d5fd4ced8e3db7621d4965d48298178124931a3d0cd269b2d53b7cd261b96d370c5d9693c8ad133ed58945ee3540e10625d924aeba9bdafc656100aab276fa996b1db477bf85ea559081d5b4c7307dc1595654aca82f7b6d2ddaf7357c15a4d7d8b908: +936dc1cef6a310747f350088055a39aa762d9a4b52c8c8e4c682794380c2725c03b31800412df4d56f1532c05828c0b72528a67a781bef4c06c1fb6ff2ce324b:03b31800412df4d56f1532c05828c0b72528a67a781bef4c06c1fb6ff2ce324b:eb58fe86c4ef349c29ae6fb04f10850e38c6823dbe64a09a5bf1e0ce600d394efa6fb96ed6a8f2c9d4bec05e6a5ebd5a1bf4d0c51db934e57b79e5c6a879d975197dbb10475f65c7f8a8c6a77a420384b5062a2740f1401740ee0f5e043aad7a2a2b4260c5d907f705edaf65b0e375dfc7b00bd660db6147f2ebe870a0ee18dc2ba3c92b0b76fae2b90932cdb6c149e46f3feecf4c26f0441f3a9e006678aecff8ccaecaeda73a18a68ac988b62e83a9bb5188aede38df77a9a164abbdd9d58e52a6caf7222389f198e85fbf966236dcdbd4c1:3f994b8ef528f6421c6a6a22e977ade5cee887263de38b719acd12d469bfd8c3f68e7ac07d2fae80a2092778df0b463537ad3a0551997a3d5b51f832d9c8230beb58fe86c4ef349c29ae6fb04f10850e38c6823dbe64a09a5bf1e0ce600d394efa6fb96ed6a8f2c9d4bec05e6a5ebd5a1bf4d0c51db934e57b79e5c6a879d975197dbb10475f65c7f8a8c6a77a420384b5062a2740f1401740ee0f5e043aad7a2a2b4260c5d907f705edaf65b0e375dfc7b00bd660db6147f2ebe870a0ee18dc2ba3c92b0b76fae2b90932cdb6c149e46f3feecf4c26f0441f3a9e006678aecff8ccaecaeda73a18a68ac988b62e83a9bb5188aede38df77a9a164abbdd9d58e52a6caf7222389f198e85fbf966236dcdbd4c1: +f89eed09dec551361fa46f375973d4fbfa5c5c12f1b5e5abf45cfa05ff31a3403e0efdca3919fa10d4a849cef1de428851bd08efd248594fd89cdeb9deee43b0:3e0efdca3919fa10d4a849cef1de428851bd08efd248594fd89cdeb9deee43b0:4cf9773da05fd322fc147be900ef5cf256c88afdad4b08c230dfc8981fb69f476f7d45ef7c9006bc10032ba53436ac22843e0d76289cf68f9818fa64031d4b40955059aa69110915889f5e22732a1343912581ab3b11a3bae7a471359508596575f888160beef966e5708f0e3147eacfcec1caa3ef240c5e0a14c186546c8eeb64658350b1affc0cfd2ac213af670afca7bbc9dddd28a465b586e69c388cd73478d68efb322bdf86d9213011e711b2b95fefa7bb9b5939761706aa7121024906420bddf1d8800a4338d938fa137cf27e9ffc51c6:897e6f2797c3f326d2cdb1d2673d360631f063304580ff5b4eb43d39ad6851834c9cf891d9f0905bf8de075f7635dfca601adc0f14e7b2c76f7571bfa468ed0c4cf9773da05fd322fc147be900ef5cf256c88afdad4b08c230dfc8981fb69f476f7d45ef7c9006bc10032ba53436ac22843e0d76289cf68f9818fa64031d4b40955059aa69110915889f5e22732a1343912581ab3b11a3bae7a471359508596575f888160beef966e5708f0e3147eacfcec1caa3ef240c5e0a14c186546c8eeb64658350b1affc0cfd2ac213af670afca7bbc9dddd28a465b586e69c388cd73478d68efb322bdf86d9213011e711b2b95fefa7bb9b5939761706aa7121024906420bddf1d8800a4338d938fa137cf27e9ffc51c6: +400796ef60c5cf4084dee1801c4a1975e482e70aef961cd42e2fd5a3fa1a0fbef47da38128f2d012cc5797571d479c83e7d8a3409802f9a7d976c27067cbbe43:f47da38128f2d012cc5797571d479c83e7d8a3409802f9a7d976c27067cbbe43:c473325e785b27df4471eefb9ebebd6461d570800181100ff36caf3c38f67c1921b157ec8e6126f955aebd90ea3fe5385f8042cd704b27cc1d6978c0e2a296695f5ef97b7c2e16ae4ff4d063c688d7f46e964e1f0a00503f357345977683d6e4c3423d56bdb6ce864b6987e085e83e70c7c1a14e0e413f592a72a71e017d505b64c24f1a1a6b813e064e6e0cf8bd4571d0ff2f267a6a13e0cd430463b6ca3b88f0cd40b0fb83d5bedf6f7d47e170e87d0a750093693eda232a6daf98125727b9588ecb894ae373bae3a445a106306469a4c2cd77ff:84d3aa3f361844396754d80d9fa05b8b2fa4abf3a0f36b639bee9cfb5c8530a3a9cc34677f92a913c41e800f2e8041f7666d07ed85f16a57d817b1241fc5ee04c473325e785b27df4471eefb9ebebd6461d570800181100ff36caf3c38f67c1921b157ec8e6126f955aebd90ea3fe5385f8042cd704b27cc1d6978c0e2a296695f5ef97b7c2e16ae4ff4d063c688d7f46e964e1f0a00503f357345977683d6e4c3423d56bdb6ce864b6987e085e83e70c7c1a14e0e413f592a72a71e017d505b64c24f1a1a6b813e064e6e0cf8bd4571d0ff2f267a6a13e0cd430463b6ca3b88f0cd40b0fb83d5bedf6f7d47e170e87d0a750093693eda232a6daf98125727b9588ecb894ae373bae3a445a106306469a4c2cd77ff: +6703a6232c5e2e65e0ab3b92e2aaf9f5fbd33fb46988047d6f4d0ff5387fa029047cffca8b7b11ac6eacc0eaa0c5b73c75b9c637956973af9d97b2dd5b605d6f:047cffca8b7b11ac6eacc0eaa0c5b73c75b9c637956973af9d97b2dd5b605d6f:a26b30a769197932a3a62854968d760151612366778dc994576a2e0e0355496b46200e506948a0d102b6651b2e7334ca6c6eaef8bca44b425970a0b37d6bde0da9d3c1b9f51cbb25bc335cd6fa928a74f2c0dc2c6e99d37a12863a474d4df43aad35415ffcaa24d8c29f914572ab2abec3892db49e679c5ea220c2f519a7d033ac1a2c5a467869e30eda3d2635ca863431473f958d552bdc5582352c290d0ce4fa9cfd0ad42799c227ec90b7c9e5db9f5a7b6d569212eed94d323326805f2b3a0010d6c11eb4107c8283037652f50dc067b6dc81f4db:cae96879e5b603be866609d4a053bfa12a51378e99b2a2812e4789267d8f32f473243f8af74b9be73f47dea50f0d165ebf49458b73e53d88580c191a182d1904a26b30a769197932a3a62854968d760151612366778dc994576a2e0e0355496b46200e506948a0d102b6651b2e7334ca6c6eaef8bca44b425970a0b37d6bde0da9d3c1b9f51cbb25bc335cd6fa928a74f2c0dc2c6e99d37a12863a474d4df43aad35415ffcaa24d8c29f914572ab2abec3892db49e679c5ea220c2f519a7d033ac1a2c5a467869e30eda3d2635ca863431473f958d552bdc5582352c290d0ce4fa9cfd0ad42799c227ec90b7c9e5db9f5a7b6d569212eed94d323326805f2b3a0010d6c11eb4107c8283037652f50dc067b6dc81f4db: +e0e72f8f178633626733bcbda2ad2a50e653890f15359b6c22fc7345ad333109d13cee540d84b5667d516fe7ec7239bf8da91546ee791f84edd8ffcf3a083e76:d13cee540d84b5667d516fe7ec7239bf8da91546ee791f84edd8ffcf3a083e76:791fd613c1095292c8a4a2c86b47ae026155b8465b607dbb416477ef79a297c9d7758ce34af9dcbf1c68474f30909fbe74b7ba429632f2403aad832b486b72c23054ad42f7653a9ddb456cc791f348886a7ae5dcec7c0ba815f7a93a10fe331e903b970f7b5028be49d14bc5620d63792672b98b9488c67ae16646693e112047f0ac8921ff561c92dd0596d32df0a6e507ac1b07de516c98428d570a37db9bcd7c7e61c6948ab3fe91250dd1d5bd671275df9a972f22c2ba36804747aec1ea2416c1f41ab87befde31629b2d43317ce41cda03626286c0:14552171b95245ac0f0e5a6e7a2f541721068db650c6dada04c28cab7c49195f6436712144cb31913c562e30c39d8a8549fb64ffea81c7445143b5f23286da05791fd613c1095292c8a4a2c86b47ae026155b8465b607dbb416477ef79a297c9d7758ce34af9dcbf1c68474f30909fbe74b7ba429632f2403aad832b486b72c23054ad42f7653a9ddb456cc791f348886a7ae5dcec7c0ba815f7a93a10fe331e903b970f7b5028be49d14bc5620d63792672b98b9488c67ae16646693e112047f0ac8921ff561c92dd0596d32df0a6e507ac1b07de516c98428d570a37db9bcd7c7e61c6948ab3fe91250dd1d5bd671275df9a972f22c2ba36804747aec1ea2416c1f41ab87befde31629b2d43317ce41cda03626286c0: +544dafd9960d829756c6d4b3eadd44375fe78051876bf978a381b0decaaa8096ae4f6425c1b67ccb77f9aacfea28eaef769c8cacee035205cdcd787e8d07629d:ae4f6425c1b67ccb77f9aacfea28eaef769c8cacee035205cdcd787e8d07629d:447fe7344cad1fae09d6a7d05f09d503c1b3d3d5dfa584810c35bc41e4955693706154e2d751b2f1b525e1a14547ba7f8b232088a6fc922702d93a11cd82949c27bed645dc351fb4c1242cf41d01575412e792aed214531d94fd66e03dd32e972fd77f6947a353e1ae5e00f5a6ca77992472f096b6e7475fe534e913a77bcb0d681fdfb3a7a0dcb56d274df4aa109d4a8a37794a9276f50006696ff12ca4d0254039df0fb3f72a960da05c9872f2e33ee81d1cf7a6f48bbce0aa18c7c0f06ba55e67689e0af587b500eab79cc7f9640bca104b7fbf31f08e:a2ae117c8de4ca6d6fe75e466023bd550c26fedd3e74ca13adb625f272e175f14d5df550ace7d82288efefabf96311a123bee23889ad3711bff2b8087946bf0e447fe7344cad1fae09d6a7d05f09d503c1b3d3d5dfa584810c35bc41e4955693706154e2d751b2f1b525e1a14547ba7f8b232088a6fc922702d93a11cd82949c27bed645dc351fb4c1242cf41d01575412e792aed214531d94fd66e03dd32e972fd77f6947a353e1ae5e00f5a6ca77992472f096b6e7475fe534e913a77bcb0d681fdfb3a7a0dcb56d274df4aa109d4a8a37794a9276f50006696ff12ca4d0254039df0fb3f72a960da05c9872f2e33ee81d1cf7a6f48bbce0aa18c7c0f06ba55e67689e0af587b500eab79cc7f9640bca104b7fbf31f08e: +bfbcd867027a199978d53e359d70318fc78c7cc7bb5c7996ba797c8554f3f0f07c5ae3bab9201199dfbe74b7d1ec157125bdbaa4520f501da3f248579dc6c22d:7c5ae3bab9201199dfbe74b7d1ec157125bdbaa4520f501da3f248579dc6c22d:117fae13e78777b6219f020214c1b87c57046d1c09ce82ee2b5629898d9b0de74a15cfe99f80548ba913d7036c56285a4cba493b52d2cb70d6365ace3da12b1f34a2778af36ef52ab82ede04cacaf2793f5f89831e3b205a9ee4c1d6fbdab4ba4d9fae65dd79a5fe76b4b39a3092cc7148d211e85ee82ab463d34dcee9061d9c21ded2051bbd50b413f0e21a0e48d1ffa8dcae240b3495be25d93151b57aa271ab99aa708ca28080cab4804fcefa929f5f1ef3f4c6c0fbfb40bef7ea1b509b36ba1260323512379d7bc3fdbb5d3faac9b00e21f12ea1ca2e29:e48615b65633e61993b0aaa1fafb74b9629c384fd592bd735fa1f62c5cad11291fcd8c2e91a50bfe0b03b43502fff3a5c382b9c2821907efc34da5ba054af00e117fae13e78777b6219f020214c1b87c57046d1c09ce82ee2b5629898d9b0de74a15cfe99f80548ba913d7036c56285a4cba493b52d2cb70d6365ace3da12b1f34a2778af36ef52ab82ede04cacaf2793f5f89831e3b205a9ee4c1d6fbdab4ba4d9fae65dd79a5fe76b4b39a3092cc7148d211e85ee82ab463d34dcee9061d9c21ded2051bbd50b413f0e21a0e48d1ffa8dcae240b3495be25d93151b57aa271ab99aa708ca28080cab4804fcefa929f5f1ef3f4c6c0fbfb40bef7ea1b509b36ba1260323512379d7bc3fdbb5d3faac9b00e21f12ea1ca2e29: +df2df8a9d66d5638cdee09324e7b10f8ed29ab91387e3147b7dc03f7cd8005085c042e157fb7fb12d4d4fef2847141ecfb57c1253e14eaf3004d6513f52fe625:5c042e157fb7fb12d4d4fef2847141ecfb57c1253e14eaf3004d6513f52fe625:21576615c9346a63dccf0c50ecbd7c6d72ad452cfed43ea73202cc7a98576056b9664b54622905a1e7221720730ac685d3bd3977ec3959d446bfa941e725b6fe16afe5432c4b4bdee7aa0fd8030948ed6fcba7c0bdb40c2e517da97456e74e1f93d5ed676de0f4a8b0aea449404bd15b6da79dc1b813965fe5572410d76f5b5eac663050570311dc9842b6fbf8806aec03151715cacf7f21802e8bf5e98a89c0d7d0d098b73c6efc09962e36b4e030c1a64b5d349f5f2042c74428671e4a2c7fea0caee2422d85c4fcddfed32213859a69955d4e3ebb7e1b2022:9a1074531ed43d07bffc7f2b6c13b8838fc75cba02c7d1ec7ba38bca3cef20dc9badf3a3064a2c93b1842441420b6a8d421a960d70dfb7c70eec295f21f83f0a21576615c9346a63dccf0c50ecbd7c6d72ad452cfed43ea73202cc7a98576056b9664b54622905a1e7221720730ac685d3bd3977ec3959d446bfa941e725b6fe16afe5432c4b4bdee7aa0fd8030948ed6fcba7c0bdb40c2e517da97456e74e1f93d5ed676de0f4a8b0aea449404bd15b6da79dc1b813965fe5572410d76f5b5eac663050570311dc9842b6fbf8806aec03151715cacf7f21802e8bf5e98a89c0d7d0d098b73c6efc09962e36b4e030c1a64b5d349f5f2042c74428671e4a2c7fea0caee2422d85c4fcddfed32213859a69955d4e3ebb7e1b2022: +e8ee065f9907f1efa2daecb23a0425f353094da02bc2c931f0a587efc0d13de1c72651b7fb7ac0337a172977496fd7f2a72aea889385835e563c6b6053a32dc1:c72651b7fb7ac0337a172977496fd7f2a72aea889385835e563c6b6053a32dc1:a2f0c1373473a305d8f1d99138b06b9a9694ffaa8a88222de9f729bee1305175dfb17001cc77f67b6d40c90c1a28fb226c11286db4a13e45e69211242bcdd01cb6e2c454e76c0cab881b4d2d9d3ab100a5d61d1725d866e4fdb66d93d77f5b308693b9b5a333e57fa25d1e5d2e38df6e4e9ec84159bbee1ffea926836a0101c91483bd5bc88a6f1cc4d4e7f008ad08453a0123429dd335781c7cbf8d685a8999ed1177607004a13c4cb5ea4908c542607d3f2cd6690cf1f2a7455bbd38f538f07a103964317efbcee37eb46931c027cf153ef86e43d78281ebd710:a510dff42d4559a19a7bf0fe0bea53d3e1f22dfa6be55039895e12a5d07da5f2e37713ccb2eb216011628f6983f871fee286e66fff4be7582c961a1ed7568404a2f0c1373473a305d8f1d99138b06b9a9694ffaa8a88222de9f729bee1305175dfb17001cc77f67b6d40c90c1a28fb226c11286db4a13e45e69211242bcdd01cb6e2c454e76c0cab881b4d2d9d3ab100a5d61d1725d866e4fdb66d93d77f5b308693b9b5a333e57fa25d1e5d2e38df6e4e9ec84159bbee1ffea926836a0101c91483bd5bc88a6f1cc4d4e7f008ad08453a0123429dd335781c7cbf8d685a8999ed1177607004a13c4cb5ea4908c542607d3f2cd6690cf1f2a7455bbd38f538f07a103964317efbcee37eb46931c027cf153ef86e43d78281ebd710: +c72e67d8c3fec004ff618718a9099eb8ad7b06ff3b8c542a7e8b9847313475e14eb002d3cceb188c6658fec51cb479a65264ac555c75cdc2249cf1ce3defc16d:4eb002d3cceb188c6658fec51cb479a65264ac555c75cdc2249cf1ce3defc16d:a8f34135c0132ec95b64b0cbf51d66900143370406791fbb55f2b8ca953cc74a46e08b002fa2da21b951b8871f7a29bc6d38790afc66a329c397d9f9250bae0e30ae3426e08d8ead0179a3b313c908839192f289a3f3b6e960b4c5cebef0a09daa9c7a15c19d4ebc6fc2ac3cd02232e832b234edd7965d687bfeb758f70fa7963841b7859bb97c971bd557bc8769524ac4c6eeb3579793334b522d176bc62f86b4d5c0d4017036d2b6bd4e4384416ef8263139691a8606170d73c93d6417dcc1a08a537c9ed4400471a46f52907b46b10a8b6889dbb4647a8bbc7149:2d7bab8ebda7fca5bb3c25f51dc51b73e6ff6a3bb1b52acc7811a7d2595cd6fdaf730494418e2f57efdc5617b066fd7b6207680d94fb8c43d3d4740b41cb6901a8f34135c0132ec95b64b0cbf51d66900143370406791fbb55f2b8ca953cc74a46e08b002fa2da21b951b8871f7a29bc6d38790afc66a329c397d9f9250bae0e30ae3426e08d8ead0179a3b313c908839192f289a3f3b6e960b4c5cebef0a09daa9c7a15c19d4ebc6fc2ac3cd02232e832b234edd7965d687bfeb758f70fa7963841b7859bb97c971bd557bc8769524ac4c6eeb3579793334b522d176bc62f86b4d5c0d4017036d2b6bd4e4384416ef8263139691a8606170d73c93d6417dcc1a08a537c9ed4400471a46f52907b46b10a8b6889dbb4647a8bbc7149: +696450b557ec3c94cf1af1326475634aa81def3814ff30a02ba7f2044b59c0fe8584773c566b0eed3f43281705b575a434e47d6cf6b251b89803fef53534cb29:8584773c566b0eed3f43281705b575a434e47d6cf6b251b89803fef53534cb29:cc257829f30a5f90dfdbc247d42e388738b76c41ef8a82a5e0225ddf1e386d77080b3b9df86c54b85cdf2c32f367aba0c3b6bf888a5a6903529b6aeb4d5407a10180149114130228fc4356ccf366b77be89796a9e71a0c693f31e584a4f143097ba370363b67b2f2e2fd8d6fe8b4e8dbf0d7dcc1a8360041158aa2aff7e2a325b8e518f193a28bae05e3d52b26621af402026d7f250e86dcee301a58b631eadf4527e958f02a61587f0bb516cefac009fe51052fff53336dbd94e7266d3b43caba8a1b38e5d871c2a24a4c412fff3f7a9a52a8ab23bac9791b2b5a669a:ce8b0a5779f4f5f401e84d65927a0c28df829e95d09bfa97111b8700078ff894cf7277e34a716144d55306fc9e2f64cd287583cc8003be0e8faf26af7640140ecc257829f30a5f90dfdbc247d42e388738b76c41ef8a82a5e0225ddf1e386d77080b3b9df86c54b85cdf2c32f367aba0c3b6bf888a5a6903529b6aeb4d5407a10180149114130228fc4356ccf366b77be89796a9e71a0c693f31e584a4f143097ba370363b67b2f2e2fd8d6fe8b4e8dbf0d7dcc1a8360041158aa2aff7e2a325b8e518f193a28bae05e3d52b26621af402026d7f250e86dcee301a58b631eadf4527e958f02a61587f0bb516cefac009fe51052fff53336dbd94e7266d3b43caba8a1b38e5d871c2a24a4c412fff3f7a9a52a8ab23bac9791b2b5a669a: +a8dd35f054fb6ff6f0ab094a0d3d1c262832181df35ccd5192545ebd6a9cf529ca412338d3814b886d964b71925e1aabb3ffd07834dbe7dc512568882b53e4a3:ca412338d3814b886d964b71925e1aabb3ffd07834dbe7dc512568882b53e4a3:55a7ad9132d63ac161e7adb132b9189fdd84c361c1e4f5419a6df73df4d7aeb29a8dc4bf01490d4f484e2d12077517f5fc7ad0bdeda20a6cb0227942290b08c3fe33ab9b2135bc38a6579a54bd982f7d1417ce867117aea918dbd3dd476e7eb5b5d3c3e48a864a2f942a31501aa2b29b53b80513c95d6a411844f0dedf16a29ac267d331e53bdc2539bfcf32dc9b5d640f1231e2cafb0ae94bb5189426863364262efb47b5b5ccdbbc93324216a799b6f50d3704f15ed59af6cc7d910cf062d1be632dca5df213d487d8564f2b2bd7d818bba27c364013d92d7f72625462:fa709fbc8382af83d11812618dfaca452eab83e4c53fe9e5858467d07b6767e17975c1e06393d6dde15a34d9473d1cf4d6d8c2d57394520080fac4e43448be0755a7ad9132d63ac161e7adb132b9189fdd84c361c1e4f5419a6df73df4d7aeb29a8dc4bf01490d4f484e2d12077517f5fc7ad0bdeda20a6cb0227942290b08c3fe33ab9b2135bc38a6579a54bd982f7d1417ce867117aea918dbd3dd476e7eb5b5d3c3e48a864a2f942a31501aa2b29b53b80513c95d6a411844f0dedf16a29ac267d331e53bdc2539bfcf32dc9b5d640f1231e2cafb0ae94bb5189426863364262efb47b5b5ccdbbc93324216a799b6f50d3704f15ed59af6cc7d910cf062d1be632dca5df213d487d8564f2b2bd7d818bba27c364013d92d7f72625462: +ae1d2c6b171be24c2e413d364dcda97fa476aaf9123d3366b0be03a142fe6e7dd437f57542c681dd543487408ec7a44bd42a5fd545ce2f4c8297d67bb0b3aa7b:d437f57542c681dd543487408ec7a44bd42a5fd545ce2f4c8297d67bb0b3aa7b:9e6c2fc76e30f17cd8b498845da44f22d55bec150c6130b411c6339d14b39969ab1033be687569a991a06f70b2a8a6931a777b0e4be6723cd75e5aa7532813ef50b3d37271640fa2fb287c0355257641ea935c851c0b6ac68be72c88dfc5856fb53543fb377b0dbf64808afcc4274aa456855ad28f61267a419bc72166b9ca73cd3bb79bf7dd259baa75911440974b68e8ba95a78cbbe1cb6ad807a33a1cce2f406ff7bcbd058b44a311b38ab4d4e61416c4a74d883d6a6a794abd9cf1c039028bf1b20e3d4990aae86f32bf06cd8349a7a884cce0165e36a0640e987b9d51:909008f3fcfff43988aee1314b15b1822caaa8dab120bd452af494e08335b44a94c313c4b145eadd5166eaac034e29b7e6ac7941d5961fc49d260e1c4820b00e9e6c2fc76e30f17cd8b498845da44f22d55bec150c6130b411c6339d14b39969ab1033be687569a991a06f70b2a8a6931a777b0e4be6723cd75e5aa7532813ef50b3d37271640fa2fb287c0355257641ea935c851c0b6ac68be72c88dfc5856fb53543fb377b0dbf64808afcc4274aa456855ad28f61267a419bc72166b9ca73cd3bb79bf7dd259baa75911440974b68e8ba95a78cbbe1cb6ad807a33a1cce2f406ff7bcbd058b44a311b38ab4d4e61416c4a74d883d6a6a794abd9cf1c039028bf1b20e3d4990aae86f32bf06cd8349a7a884cce0165e36a0640e987b9d51: +0265a7944baccfebf417b87ae1e6df2ff2a544ffb58225a08e092be03f02609763d327615ea0139be0740b618aff1acfa818d4b0c2cfeaf0da93cdd5245fb5a9:63d327615ea0139be0740b618aff1acfa818d4b0c2cfeaf0da93cdd5245fb5a9:874ed712a2c41c26a2d9527c55233fde0a4ffb86af8e8a1dd0a820502c5a26932bf87ee0de72a8874ef2eebf83384d443f7a5f46a1233b4fb514a2469981824894f325bf86aa0fe1217153d40f3556c43a8ea9269444e149fb70e9415ae0766c565d93d1d6368f9a23a0ad76f9a09dbf79634aa97178677734d04ef1a5b3f87ce1ee9fc5a9ac4e7a72c9d7d31ec89e28a845d2e1103c15d6410ce3c723b0cc2209f698aa9fa288bbbecfd9e5f89cdcb09d3c215feb47a58b71ea70e2abead67f1b08ea6f561fb93ef05232eedabfc1c7702ab039bc465cf57e207f1093fc8208:b6c445b7eddca5935c61708d44ea5906bd19cc54224eae3c8e46ce99f5cbbd341f26623938f5fe04070b1b02e71fbb7c78a90c0dda66cb143fab02e6a0bae306874ed712a2c41c26a2d9527c55233fde0a4ffb86af8e8a1dd0a820502c5a26932bf87ee0de72a8874ef2eebf83384d443f7a5f46a1233b4fb514a2469981824894f325bf86aa0fe1217153d40f3556c43a8ea9269444e149fb70e9415ae0766c565d93d1d6368f9a23a0ad76f9a09dbf79634aa97178677734d04ef1a5b3f87ce1ee9fc5a9ac4e7a72c9d7d31ec89e28a845d2e1103c15d6410ce3c723b0cc2209f698aa9fa288bbbecfd9e5f89cdcb09d3c215feb47a58b71ea70e2abead67f1b08ea6f561fb93ef05232eedabfc1c7702ab039bc465cf57e207f1093fc8208: +6bce4dfd53bfa5506f2f554d2d994a0dc40cafcdec7e1be050006e5c5a4b38a1c890023728d8397070291771e65e034d34d4aae5e247653e4ff4c074591da702:c890023728d8397070291771e65e034d34d4aae5e247653e4ff4c074591da702:3239190747ee33d40bf870ac9ad49d88ee320f63c05257e8ab2c60306597ce76d1f1e792ab6a65caa544fbec20892fd4960594f31b3763ef07d4982eae4a2dbf3377dcc1e3f95e46ed39b7f0222f04bb5c3b434c8f9f310de9f122a29f8241e81e206549ae628d2b8ad768972c98847c1188ad04c835356378bef79cd126869405b129fdbdc3bc489cbd1399505dadef7617b5be5da173d3e80e5838c99e349276242729e0219bd7476ae5c4f81a12878fb483a6c0e9b0df2962eb0bf00157782cf768a1b71c010169ee8522def0024ad7e45775a290639c53aaf48198c42de75c:99ae6782ff27646c27f61e23636ae1881521cfa5ed256f70bce7ce00b68280ce8e0c82aa765afb8b5a1ff2fe42c57441e458e443dc8b123477ae33d884888c0b3239190747ee33d40bf870ac9ad49d88ee320f63c05257e8ab2c60306597ce76d1f1e792ab6a65caa544fbec20892fd4960594f31b3763ef07d4982eae4a2dbf3377dcc1e3f95e46ed39b7f0222f04bb5c3b434c8f9f310de9f122a29f8241e81e206549ae628d2b8ad768972c98847c1188ad04c835356378bef79cd126869405b129fdbdc3bc489cbd1399505dadef7617b5be5da173d3e80e5838c99e349276242729e0219bd7476ae5c4f81a12878fb483a6c0e9b0df2962eb0bf00157782cf768a1b71c010169ee8522def0024ad7e45775a290639c53aaf48198c42de75c: +17861a8d4154acd4fa9c8fc947c1886c11290be222872ff4f8cd25939e4d136143773f4449065eaebaf8937baf758560b0c4d2de46977839b3b873d5d7d5fd8f:43773f4449065eaebaf8937baf758560b0c4d2de46977839b3b873d5d7d5fd8f:184df5ea3215ebe180390b0ff042ba2381155a038dc732f76a01c7e70f82d1ccc9de9a0596b3fee447209c992684f643df21f4cf9d179262790e8623e42472dc351997e6da189c07e1e8882c07f86c6337ec0113912cf92215c8de1982b8fc57bfabc55a3e8736f73610429d97feb51d794f505d0c5a0b3abd48ef7f55a628f90b8567a1c15ea9d190d7bf4ec2bc9334ada6cb92808dfc2064836fcfa46b96fd7a5d6f4b054dab09b73595feb89ed005b9ec9d3188121de69696d64e7c7bbdfc1c469faf148c38a7785970afe1acd06a92c99478fe44974e3bb2095e4467e9b2e996:a5ee024ccdbdd4c21a24709ec53dccb7ee17626dd00a093d0884f5b45c4c9d1691840151c33c8aa07b69b34e16f61647ebe793ae4daa70cff48e6ab42ffdbc00184df5ea3215ebe180390b0ff042ba2381155a038dc732f76a01c7e70f82d1ccc9de9a0596b3fee447209c992684f643df21f4cf9d179262790e8623e42472dc351997e6da189c07e1e8882c07f86c6337ec0113912cf92215c8de1982b8fc57bfabc55a3e8736f73610429d97feb51d794f505d0c5a0b3abd48ef7f55a628f90b8567a1c15ea9d190d7bf4ec2bc9334ada6cb92808dfc2064836fcfa46b96fd7a5d6f4b054dab09b73595feb89ed005b9ec9d3188121de69696d64e7c7bbdfc1c469faf148c38a7785970afe1acd06a92c99478fe44974e3bb2095e4467e9b2e996: +0a84baa54f11cf17090fec61f3f9401508a3a03887aca1a7939394b1ee40a925309a73c62d23d740f2e93c18587ac15e7ec480d25ac0794e10f8cd461cc2b130:309a73c62d23d740f2e93c18587ac15e7ec480d25ac0794e10f8cd461cc2b130:fe70017b14678b0d3ad03e183d6f53314378379ab3da65b3511257b3d54086e86f2031139021391af9d72085ff7c3dc8c1e2d91e53333855423d0f785e2cc5f8b7799fcf1b70e6becb788e53e9020f2995ddb0c383a1f81038fc3d543ce0a38c9c288a9bc4077f4277dcc6c5642263fcfe19688005a603f57675d2434f3ed1f46d32f14eaeb073e83ee7086da2fb67659d3fb68c62320b7727b3b8ea006576bc2c7e6b5f1ecefa8b92e70c92c88951d0c12d91de801c38b7ca5a0a04b4c3429aba86386e96e06afd20d4c5c2fe2b9b4273eb05201a79273abdbeb37ed1830d226b6bdb:4d870bd53af8f13f214d9934ec903ac48284092cd9b162a44ccec851fa942de715ccda07b7991d712723e7a4d5b4f0374ab85ac3867e0b53ebc46b530f9fed05fe70017b14678b0d3ad03e183d6f53314378379ab3da65b3511257b3d54086e86f2031139021391af9d72085ff7c3dc8c1e2d91e53333855423d0f785e2cc5f8b7799fcf1b70e6becb788e53e9020f2995ddb0c383a1f81038fc3d543ce0a38c9c288a9bc4077f4277dcc6c5642263fcfe19688005a603f57675d2434f3ed1f46d32f14eaeb073e83ee7086da2fb67659d3fb68c62320b7727b3b8ea006576bc2c7e6b5f1ecefa8b92e70c92c88951d0c12d91de801c38b7ca5a0a04b4c3429aba86386e96e06afd20d4c5c2fe2b9b4273eb05201a79273abdbeb37ed1830d226b6bdb: +38379423dafdbf25e19d7231bddd80b4cefcfe2aed932584dfa0cc3c9f9232de597e81dcee9448b77de6829e7921c8a390535d89a0849430aed66364ee140d8b:597e81dcee9448b77de6829e7921c8a390535d89a0849430aed66364ee140d8b:36125ca66668802906237e63a2fe5ae610f11a7cf92520d19e6690a3adfafd5d07a784bc1a0e185273d11d340d5eff901597dedf450c4699d43f3fb168d557f6c9c03077c3cdc370d34832ccdf2a8e3d75796490ed0242899d25ddf44bfc66f329cf4c45168703c31bc9202d890f3969ffd3ac35a12818dca751ceb8808fe81efa26a5e0d200c5ec1d94a5097ea74b6498fe288f30c48d727e9d3d35c8e12d85420702556f2861484ffd09b4f12265cc9abafeb82cf590028895a7d050ff57ccf5f28022d016ab4094b062e48b66fd36d1e19626e5215efa40fb7e3b7062f81e954830c9:d8b50a88aed6f2a96d082213adf8b2519f6a0bbd30dd3cb0f3fd3ce1c643fc029946cd43462ed22513f1d65fca24bde3818166baa86daa798792afafe0c1a10a36125ca66668802906237e63a2fe5ae610f11a7cf92520d19e6690a3adfafd5d07a784bc1a0e185273d11d340d5eff901597dedf450c4699d43f3fb168d557f6c9c03077c3cdc370d34832ccdf2a8e3d75796490ed0242899d25ddf44bfc66f329cf4c45168703c31bc9202d890f3969ffd3ac35a12818dca751ceb8808fe81efa26a5e0d200c5ec1d94a5097ea74b6498fe288f30c48d727e9d3d35c8e12d85420702556f2861484ffd09b4f12265cc9abafeb82cf590028895a7d050ff57ccf5f28022d016ab4094b062e48b66fd36d1e19626e5215efa40fb7e3b7062f81e954830c9: +f925d274aaf1fe1a21656237385e97f7783e78090c5d4217fece7057c80f426d3b0fc370be3a4b19a88ab998c59504ffb59a87606338e673df5b3fab4d9bfb8d:3b0fc370be3a4b19a88ab998c59504ffb59a87606338e673df5b3fab4d9bfb8d:143caafa5f62b13e43dffa49d420fa99f771b1926d40d6cb2bbb427f27b6c266eb3deb2d8bbbd47b8214ad40251cb1907ad65eb94193e54ad85c6700b4189e80f1cc0154c63ed151a8bbbd30e01637ca58e70aa3ee52ef75d0873078a405014f786eb2d77b7f4422f927823e475e05b24245f9068a67f14f4f3cfb1eb30bfede7b3262230ced9e31361db19636b2c12fdf1b9c14510acd5bc18c0ddf7635e003503e6f71e1c365cdfb4c65ee75b4de0694af87076374d631e6c4b8e240fa51dab5e1f80ca2a06c49f42ea09e0475defb184d9cde9f58f959e64092aac8f2027e468126f2fb:79549a317d10a0be322a94a151ad11e77efc4836cc8006a85081273d7602a638963a9caf19c3edf1e25fad1e9d68701a71dea727da6a5c5bcac9339589224b05143caafa5f62b13e43dffa49d420fa99f771b1926d40d6cb2bbb427f27b6c266eb3deb2d8bbbd47b8214ad40251cb1907ad65eb94193e54ad85c6700b4189e80f1cc0154c63ed151a8bbbd30e01637ca58e70aa3ee52ef75d0873078a405014f786eb2d77b7f4422f927823e475e05b24245f9068a67f14f4f3cfb1eb30bfede7b3262230ced9e31361db19636b2c12fdf1b9c14510acd5bc18c0ddf7635e003503e6f71e1c365cdfb4c65ee75b4de0694af87076374d631e6c4b8e240fa51dab5e1f80ca2a06c49f42ea09e0475defb184d9cde9f58f959e64092aac8f2027e468126f2fb: +971f806be6f07d41be8830ff8dae704b08638ad6cff722d8432538127b769625af6ac98dce2078a6c73f6097bab63f205caf6953afa284d042bd50a4fce96cb4:af6ac98dce2078a6c73f6097bab63f205caf6953afa284d042bd50a4fce96cb4:013455d049aa54ed995fbd94e6369955495395e4438822259b1060e9a34779042a1a69211f6ea2077399dd234806ba0b353cd79a57e1c49b250ab27106dcde576ecfa115eae461febb12d2da25ffcf17b715f8d95c2f0c425d5a81f700115b70d49e1cfe49fcaa14fa205e28ec85247f1a6e7128bf3bb3060dc08464bda6538540d0ac472093e5a0720fde2f3dc4788e0e9b0dbfe2a2b5f1a0f3f80de984025b15c65af77f671e1c5e2840444de5c7eda025e6dc1a3ff16e26cc54cdeed56be73f9b01ab2b1bc16c8ef58a5b76dd47287807e5c50f0d7c0a5b8120dfde645a012c5cf11491bc:2037a0a7674b84ff27d0b22f62b4bac65e2dc0f5fdc899feb7800f25c29981dee641c5a50f8b9410970b49d2d53658c89ee16961dccf5391a6918f2a84eada0b013455d049aa54ed995fbd94e6369955495395e4438822259b1060e9a34779042a1a69211f6ea2077399dd234806ba0b353cd79a57e1c49b250ab27106dcde576ecfa115eae461febb12d2da25ffcf17b715f8d95c2f0c425d5a81f700115b70d49e1cfe49fcaa14fa205e28ec85247f1a6e7128bf3bb3060dc08464bda6538540d0ac472093e5a0720fde2f3dc4788e0e9b0dbfe2a2b5f1a0f3f80de984025b15c65af77f671e1c5e2840444de5c7eda025e6dc1a3ff16e26cc54cdeed56be73f9b01ab2b1bc16c8ef58a5b76dd47287807e5c50f0d7c0a5b8120dfde645a012c5cf11491bc: +2bb0652f8fff6901991148c68a3267877271006ae9589149bb206850cdf52fb0c03b77be983e74a234c1986496b292e139992eb7529e70b3afad7ae4fdcf8a66:c03b77be983e74a234c1986496b292e139992eb7529e70b3afad7ae4fdcf8a66:b923ca67e396d8656fa3dbce8289a38bd3c128cefb30efc1862bb944b4507805419824ce2b83d690ef4cf107492817143bf64c024989af1a7d2e1f5ac97874f86bb0d3773ff840f514d9a1394a3959b011d3a6b816a3fae5de17b2a9ff349863d27fbbb50cca734108751000d6358ca0647a93eb49e2e7af06287d48f2c09d5c1c73e4d8f77ea2bcaa7356795b26728719bed5ffdb821578bd5d66bf92edaf8b238b2bbd7d1e2c30a787f901a33d0a76669a9c3c7f2b552ccb8349c7ded5e1a46170cf28e359e2fdd54b05a562f528c68a56974df82d466637c8e53246a7217e4386801e0e3266:4e158deaaec3d88941296af2d27341012b0241d4e0f46e435e375c9875e89f5e32c057b527bc3411af096a77bfceb45b983efe455e3f03155d6bc7b0acc8e60cb923ca67e396d8656fa3dbce8289a38bd3c128cefb30efc1862bb944b4507805419824ce2b83d690ef4cf107492817143bf64c024989af1a7d2e1f5ac97874f86bb0d3773ff840f514d9a1394a3959b011d3a6b816a3fae5de17b2a9ff349863d27fbbb50cca734108751000d6358ca0647a93eb49e2e7af06287d48f2c09d5c1c73e4d8f77ea2bcaa7356795b26728719bed5ffdb821578bd5d66bf92edaf8b238b2bbd7d1e2c30a787f901a33d0a76669a9c3c7f2b552ccb8349c7ded5e1a46170cf28e359e2fdd54b05a562f528c68a56974df82d466637c8e53246a7217e4386801e0e3266: +db9b812cb3c7c03b977f487d3d65ccd9cd2f3dee11602067dbfb72b589ff3f79ffa038ad8c3b378ce75d65844d08e3d6a92d194a1b7862e9d9720d20679b2944:ffa038ad8c3b378ce75d65844d08e3d6a92d194a1b7862e9d9720d20679b2944:a70092c7697cd4a209567c38ba7fb71aa8f15e5827a20876923943fd6adc659c9867ac6f58a61dc7cec3d362411682000c1a9ad1295eb8b70f242d86b5865eb76b87e3f2c6941d2612ee3bcde8f19765566733152ef54e95690943285f78b375f4036585d4739deedeef6d946db61ca458ef4f650da963c385e29dfdee415fe495845f55197a870f8cdeb5a010ba6bbb32bf1a588cc774d4890184c4b2924a5b8073313bce226585f1adfc229c90bc6cc9d212e62f05d33bedac961d77cf8c2620e451de817f8c1bb16a2c59ff804b635a73a8cf8c181b3f9401c3b643d18a2f706ea9cae47071a6:a628a77421b2abab576eed35d2ee3d14561b21fa14a6e2fac263c3eadd79f2fc0669f9429b910b8422b4b29ac026a42e98d181be3507c5ed7c748a1fdcf1d807a70092c7697cd4a209567c38ba7fb71aa8f15e5827a20876923943fd6adc659c9867ac6f58a61dc7cec3d362411682000c1a9ad1295eb8b70f242d86b5865eb76b87e3f2c6941d2612ee3bcde8f19765566733152ef54e95690943285f78b375f4036585d4739deedeef6d946db61ca458ef4f650da963c385e29dfdee415fe495845f55197a870f8cdeb5a010ba6bbb32bf1a588cc774d4890184c4b2924a5b8073313bce226585f1adfc229c90bc6cc9d212e62f05d33bedac961d77cf8c2620e451de817f8c1bb16a2c59ff804b635a73a8cf8c181b3f9401c3b643d18a2f706ea9cae47071a6: +ce379bbe2fa8abcba51c7a7543de5b7180771b3c44bc6b41892e7b88979bab907f3cff89f41babf4fa64cba33a5bb17f413bbf2a1e112b50a8e9b1f821d849bf:7f3cff89f41babf4fa64cba33a5bb17f413bbf2a1e112b50a8e9b1f821d849bf:001a74f095c814d3beed67a8d15fc18efe235dc3f6457812a4039b7a46fe9a0e9de81a7a4e5fbab5ebe9e1e4801bd11b45c9f7ad0636a09bff42164be5749a04c02f0ab61f0ecfdfef799b827da6a274c8d3b39f2e3805a6791287eedb2314d3f842b558b9b489afe1ed37bbbcfc5e60a431d5ac60b39e946d903d6bf6b140e12c7e07f9ed7ac46a3999c6245c8ab1bdb21879a317a3dcd257a5c4f349b7f59e4e43d62d9f1cd16f518f1ca6cad37e2cb20f2598c4134291c6b8a98aae5247e26eefb76aa38c9c8231c17e9dbf271cec80fba5b4a834bd9be81ea841637aa9cdd4c4bf26d7ad24ca3c:da98dfb189385b2c853b6cf375738046a8f27ef27974abcecea1db02989b951fe433a6ce1e225b3fa82032fe060a7d3f6c183fd1157f791a064b407650571600001a74f095c814d3beed67a8d15fc18efe235dc3f6457812a4039b7a46fe9a0e9de81a7a4e5fbab5ebe9e1e4801bd11b45c9f7ad0636a09bff42164be5749a04c02f0ab61f0ecfdfef799b827da6a274c8d3b39f2e3805a6791287eedb2314d3f842b558b9b489afe1ed37bbbcfc5e60a431d5ac60b39e946d903d6bf6b140e12c7e07f9ed7ac46a3999c6245c8ab1bdb21879a317a3dcd257a5c4f349b7f59e4e43d62d9f1cd16f518f1ca6cad37e2cb20f2598c4134291c6b8a98aae5247e26eefb76aa38c9c8231c17e9dbf271cec80fba5b4a834bd9be81ea841637aa9cdd4c4bf26d7ad24ca3c: +2b2ee809d647023e7b77fc541f44875a35fa941d37f7c5b21fd34934d23919352c29d53e1bf2c7879d73d20ba88ca07a0b216d7f6d05d93663a65c3d9e10633a:2c29d53e1bf2c7879d73d20ba88ca07a0b216d7f6d05d93663a65c3d9e10633a:c4147d64ebfda41a1be5977262958104e940c3876bcd5b6956acfdec32c660914d62623c210663cb2cbe6249d7f5274991c60e950e8e2809049953c69581d2469f4fe982c7434fedd9d4e00ae08896d62cc1fb984dd233150cc2483e159cff4097df8c036bb633003abbfbe18c8fa79b5a22270838123fc9be39b8892c80384a385028c1a81ec58c8f21060e78afd2c04bfd2d30ca3977c6edad518cc1e2004cdc14bf3d15f5f528e5af277fa182275870e5c012f5f82fb1afd04edde4578ddd2160a1a3dbc050e80bdd811bc88ead79bf93f010cd0fd4433d0bc348dacfd0947cceda62bfa49711d013:12d90685775572c9eabc9be2574ca9ae66f0e652e578b21736cd6e654f7c6b1545883d56bf760ccfc3cf87544e0004c798061257e130030cb997a788369a9a05c4147d64ebfda41a1be5977262958104e940c3876bcd5b6956acfdec32c660914d62623c210663cb2cbe6249d7f5274991c60e950e8e2809049953c69581d2469f4fe982c7434fedd9d4e00ae08896d62cc1fb984dd233150cc2483e159cff4097df8c036bb633003abbfbe18c8fa79b5a22270838123fc9be39b8892c80384a385028c1a81ec58c8f21060e78afd2c04bfd2d30ca3977c6edad518cc1e2004cdc14bf3d15f5f528e5af277fa182275870e5c012f5f82fb1afd04edde4578ddd2160a1a3dbc050e80bdd811bc88ead79bf93f010cd0fd4433d0bc348dacfd0947cceda62bfa49711d013: +4ea18d6b4af8053b885ec188be48deb86ffb2a69a4cec86637bbd7b41b807c46e5986059976233ed77382c3d9959f34e317962696553e86ed1e5902c4bedd167:e5986059976233ed77382c3d9959f34e317962696553e86ed1e5902c4bedd167:e9c89a1a1119373206ce40ede3b89a82f89462a1dee9e789e9845eec21f571c0faefd430ad338e4a72c047a39a4259580387fb9aacaddc36a2b51e7b60a87ca1321ff806794cd6dd4549a4df45c2dae3e539c4d7d06b6e6e9f466ffca2fa4978ce3dc792e44a6283880cd138a75a226f985da41ffdc0e32a5a85c85fe9a43ae78fcfe57f4dd7540a6dd3924a49ab39eb69950d421151d96b1e4fd3935890f634cd52a73a755f5c2fb72f9cd5a2e67ea930915e133b47cf6b7c10a9d889c6af6b5f1f4f51094d27fbba228ac2268b344027fd49e426343cc0134399b4b510aaea50234df42c37fa1c4f4d0e:27570c002a487d000ca3928b83cb4319722c46dfb4cca260de790ec0e3c1932688f87362952818b54f51bc7aeeb263f960bc0da8964bf312ef93e81f06c80b04e9c89a1a1119373206ce40ede3b89a82f89462a1dee9e789e9845eec21f571c0faefd430ad338e4a72c047a39a4259580387fb9aacaddc36a2b51e7b60a87ca1321ff806794cd6dd4549a4df45c2dae3e539c4d7d06b6e6e9f466ffca2fa4978ce3dc792e44a6283880cd138a75a226f985da41ffdc0e32a5a85c85fe9a43ae78fcfe57f4dd7540a6dd3924a49ab39eb69950d421151d96b1e4fd3935890f634cd52a73a755f5c2fb72f9cd5a2e67ea930915e133b47cf6b7c10a9d889c6af6b5f1f4f51094d27fbba228ac2268b344027fd49e426343cc0134399b4b510aaea50234df42c37fa1c4f4d0e: +fc1b75d17d3807217351d2aa40d9b04f525b89ed3f5fcdb311bec2aec5cb7ece55e484e774a4392a9d6eeff835a8fbb232cf6276a89c74fc0d1bb2045a8b21be:55e484e774a4392a9d6eeff835a8fbb232cf6276a89c74fc0d1bb2045a8b21be:d031bd11da308097e3beb6ffdb2600ee6a193ca6d8324501c972b1a25166fa7a369f5bc882ea45612cf02580254d21b40b0363237e835dae2656c1b7f4736e88be53d6b119c07f5729bbd82f67de03588322879243c5990a7e61f56907b24171a57cbb0bbefba2316277af9326f9cbf3538bcbf6780be41825a2ca774b41bdb1cd5c608851ec2339eb2f4feeddaa891a6326b29d97d7fbf311e3bb749c5d4c058dcc14f452f9334991e271c16d6508c818633927f429804ca7a38170f1b9f6bd73ed675e11e8c0d321fac912730b4ba2f7c428534adcaa4dad314c55807e6c642d494c6b2f0e8cd129775cc0:9a68d151fea3909893359e60b96b68b2a3e2946f2b47b875398a1e39eb01463d35eae7d976f833a762b51f2726ee0dccad5ce3600564fd9dd58c23807fdffd05d031bd11da308097e3beb6ffdb2600ee6a193ca6d8324501c972b1a25166fa7a369f5bc882ea45612cf02580254d21b40b0363237e835dae2656c1b7f4736e88be53d6b119c07f5729bbd82f67de03588322879243c5990a7e61f56907b24171a57cbb0bbefba2316277af9326f9cbf3538bcbf6780be41825a2ca774b41bdb1cd5c608851ec2339eb2f4feeddaa891a6326b29d97d7fbf311e3bb749c5d4c058dcc14f452f9334991e271c16d6508c818633927f429804ca7a38170f1b9f6bd73ed675e11e8c0d321fac912730b4ba2f7c428534adcaa4dad314c55807e6c642d494c6b2f0e8cd129775cc0: +0d0bf4d42ef810b179eb841771de6dbde76361caf894e42a14b1e09787ea3e067171510b43fc17efa80b15e320b1b0a408332542e0d36e4ab9a649cd941b5aed:7171510b43fc17efa80b15e320b1b0a408332542e0d36e4ab9a649cd941b5aed:8e2179975d0a8e5a69fe875a3cb1e79aec49c3853e30dd0320fe3ebfb638b82f89ad1643036b37e56e0b55e0a9e22a4e283d7a27485ce9102db6787d6628b77913e10896774e495c26e8bab26e7f9a94d29aaa36aec9c26ad3f50e5d8c0b7698bb5f01b876d0d65fcf5e9e32cd7b89829ed05b0b8f63a93858985bc9569fce429fd37a211abed650f585c3b55900443b6c5d6e8a48ba67deeed07b76e969fc88430fce2709c0bb5ce926ab7f44e0cd79f4ec359ef76748883fcc3d026edd06c8b9cba54b990d30aa41f1448a10893fb0539280c599d42361433a34cdafd8ebdd92efb9c38a36daf4c74060c696:24446bdf03416a4d08614466fb851db50e91a623cacd1b0b35660f3cf933200e15308708da3499a5ad25f0f0306b7942762e20a765b7ca9b901c750b3a95320a8e2179975d0a8e5a69fe875a3cb1e79aec49c3853e30dd0320fe3ebfb638b82f89ad1643036b37e56e0b55e0a9e22a4e283d7a27485ce9102db6787d6628b77913e10896774e495c26e8bab26e7f9a94d29aaa36aec9c26ad3f50e5d8c0b7698bb5f01b876d0d65fcf5e9e32cd7b89829ed05b0b8f63a93858985bc9569fce429fd37a211abed650f585c3b55900443b6c5d6e8a48ba67deeed07b76e969fc88430fce2709c0bb5ce926ab7f44e0cd79f4ec359ef76748883fcc3d026edd06c8b9cba54b990d30aa41f1448a10893fb0539280c599d42361433a34cdafd8ebdd92efb9c38a36daf4c74060c696: +57b5194d26abe4ab2116c0f03d23dbe116d48825a25e77d64648b43692ae25bf499c02dbad2a4eab3b6ff1aba3944b91c3f273a382c548a6f3a19c83f0a86724:499c02dbad2a4eab3b6ff1aba3944b91c3f273a382c548a6f3a19c83f0a86724:b4813c9d13215fe9f63a78ff7ac95173eb810b4613f0f48d6876b2bd3b2c72bc7d98cb1ac32bc41ca47f09896f79204ecfb8264ce8f3c3e76dc124da8ddc6e0dfc1e13b5a529f20c82613fb9a82e5f5d77326a861faedabc7325c59af33dae6744025e649774fc4f79134bf9f6e3d5875dd91bc8a14cc36a66283d01d8d108c13327eca53057ba50bf210c19f139de6494982646198a1246c271b0a368c10aab95cd8961235d742df4545be68bd010dc0db23b673e623609e420ee76b1056c520f9ce8fbe8ee1863df97d17b7174636c3a2b612295091948810d1d4b8a5843760a2887dc55ef512af041ec54fad3:4c7345960c8fd48a7dead71dbd61908468efa865a135568c8f9ca0055483468617a7e335840f57c6cd8f2c9805cd47a9d7cdfde53da8ef4f1adbb6f698aaf100b4813c9d13215fe9f63a78ff7ac95173eb810b4613f0f48d6876b2bd3b2c72bc7d98cb1ac32bc41ca47f09896f79204ecfb8264ce8f3c3e76dc124da8ddc6e0dfc1e13b5a529f20c82613fb9a82e5f5d77326a861faedabc7325c59af33dae6744025e649774fc4f79134bf9f6e3d5875dd91bc8a14cc36a66283d01d8d108c13327eca53057ba50bf210c19f139de6494982646198a1246c271b0a368c10aab95cd8961235d742df4545be68bd010dc0db23b673e623609e420ee76b1056c520f9ce8fbe8ee1863df97d17b7174636c3a2b612295091948810d1d4b8a5843760a2887dc55ef512af041ec54fad3: +068d27b21e2acfcc19c3e9673dd44142d98aacae894930e20ca067439e749a79e22ddd396f955bb90e284776aa76e921e50699d0ca8914a9b7b841eb5ff47d6d:e22ddd396f955bb90e284776aa76e921e50699d0ca8914a9b7b841eb5ff47d6d:1c6815423d1a2c5ebe8828d1646527c17b2006e547f016b5350f010d79b13df4fb8c6ed57ba9c26c3cb0e0a64178b650a3ea5444a4fad5b20a3eb8caa702634011cf7892a0727b6e8150b0770429a37a8a0bb3a7edb891a7c90240bc0360b14e6dd770a990b31b31f33ddbf653988f82742e5eec31b27368eb0e4f1ecf4d676f49214a520d1e5b2bbb59ac2e13267e07a0cbacbed9f94d7473ed697828b0928fcc616ee02e51fcd8db4d8f7533b7b139a05e06f9e0eae32993e3025aef0590b3fbb4292a3ac40765e8584ead00266acdcbdde1457a03b7d57bd5c9e64fb06b64a50f35f0a1ec34b6ddbde767b96ffd:0c173c488ad001cbb9c43d7b30a7c071a2fdb08cf7f37daf71d7ae7128dc0d43f0f095b2929c54b773ed4a1f0bf0dc4f364f0601e8d5ae062f5b78c05bfbc7021c6815423d1a2c5ebe8828d1646527c17b2006e547f016b5350f010d79b13df4fb8c6ed57ba9c26c3cb0e0a64178b650a3ea5444a4fad5b20a3eb8caa702634011cf7892a0727b6e8150b0770429a37a8a0bb3a7edb891a7c90240bc0360b14e6dd770a990b31b31f33ddbf653988f82742e5eec31b27368eb0e4f1ecf4d676f49214a520d1e5b2bbb59ac2e13267e07a0cbacbed9f94d7473ed697828b0928fcc616ee02e51fcd8db4d8f7533b7b139a05e06f9e0eae32993e3025aef0590b3fbb4292a3ac40765e8584ead00266acdcbdde1457a03b7d57bd5c9e64fb06b64a50f35f0a1ec34b6ddbde767b96ffd: +a34d52563159e0723e9f3fd133bd96e20adae623f8c798013bc36b441489bdc21fb658e645de6d3efdb083a73fbd592fcd4b800e03c7bd681aeae6576bfbbe2f:1fb658e645de6d3efdb083a73fbd592fcd4b800e03c7bd681aeae6576bfbbe2f:1d215f85c089f35f307a746c66c7c1e41d6ba37730d759e6e5622d6c6a198e40f63d37873b715df7518b3c6bb5e95a467726b97c9a0f8f5dfcdbfd1e0de357661ddeab555042b945fd899fad6d382d7917da9e12dfbda0d69900b3975165a73d0ac9de01fd3048b8fe5f0b90be67e03dc22f653a0a13eb4b0b753f3f3bbf787369ebd8bf5e00eb78bf0b3515a91e68b1d5fc6920bf4f4259f8a730efc7f1016d501ef6fb7cb8366fc8e716cfa50ea8b203cca1a316707e0b0fc57eafce82d62f7ff3ae04ac8fd041b55b19a352a69e6d4b79d0e650175168e34fa3358eac816cecf2c8dd1bf2a589113e91bb818f91f8:5fab5a7140d47873684305aa6353d3862f5fc13e54a40c9563cceac8f74008c6c445631fa864e0f1c345b5954f80056aeba25662b78827b5e8e3a9437813720f1d215f85c089f35f307a746c66c7c1e41d6ba37730d759e6e5622d6c6a198e40f63d37873b715df7518b3c6bb5e95a467726b97c9a0f8f5dfcdbfd1e0de357661ddeab555042b945fd899fad6d382d7917da9e12dfbda0d69900b3975165a73d0ac9de01fd3048b8fe5f0b90be67e03dc22f653a0a13eb4b0b753f3f3bbf787369ebd8bf5e00eb78bf0b3515a91e68b1d5fc6920bf4f4259f8a730efc7f1016d501ef6fb7cb8366fc8e716cfa50ea8b203cca1a316707e0b0fc57eafce82d62f7ff3ae04ac8fd041b55b19a352a69e6d4b79d0e650175168e34fa3358eac816cecf2c8dd1bf2a589113e91bb818f91f8: +58dfe768bf52118494b29975154cf452bd9746dc7de1d6bcd18ee6a05acfd8580f1476c6cc2a1b4764af75805e77341f14a0d8b09c6a5b2ea287fd517c3fa6b9:0f1476c6cc2a1b4764af75805e77341f14a0d8b09c6a5b2ea287fd517c3fa6b9:609794201c4f6faf488790d61dbff3f41b328c5b0695cbe9aa8a136d72b4977b21b500f216e9f32168ada8c13bff25327647e30d8a244d74d88303abc90b7f71aa07ca04d17bc8a0167d6e63fb88baa1dab81d50f1e91f46f5af77f2e8408b826336a35052efffdf4af79596af1bb2259f83c1bc109cfdc3dd50fd96d310f27ea4c6c7690f21815ea92bd79389680cfe3ed40c80181190688d24222d9a1ed52ce6a16b41dbd9107eb6d2e3594e4494d75dd7c089e3b26ffd00d1003c92c4c39ae5382ef9291491a880ca4ec3ac2b86e66719b92b6f7cea2cb0bbb1cf624d0d1abeae556e5f73909dd546277037ec972fd4:977137a38af44f4b262abff7e07282433c58926d562fbc6180bde6cd9497861fb6d955cf383d999fa1037b8b1754ce888c9ffc1560a451d0e9db8d74d2940604609794201c4f6faf488790d61dbff3f41b328c5b0695cbe9aa8a136d72b4977b21b500f216e9f32168ada8c13bff25327647e30d8a244d74d88303abc90b7f71aa07ca04d17bc8a0167d6e63fb88baa1dab81d50f1e91f46f5af77f2e8408b826336a35052efffdf4af79596af1bb2259f83c1bc109cfdc3dd50fd96d310f27ea4c6c7690f21815ea92bd79389680cfe3ed40c80181190688d24222d9a1ed52ce6a16b41dbd9107eb6d2e3594e4494d75dd7c089e3b26ffd00d1003c92c4c39ae5382ef9291491a880ca4ec3ac2b86e66719b92b6f7cea2cb0bbb1cf624d0d1abeae556e5f73909dd546277037ec972fd4: +5a63ef9bd7dbf0e89fef155983659e8a0a6ca002bc42fad5a45af8e0281923f4e632f4dc994231cc1790c21afadaa977a589b0eb0da19fcb2792911b15ecf8af:e632f4dc994231cc1790c21afadaa977a589b0eb0da19fcb2792911b15ecf8af:796bc8361c6e8eec39838b24f53971e820f82361e0510eb4def1db2512387d6bf35bbdfa318879209435d6887b1410b3ebc1455f91f985e0fab1ce1c505c455576bca03539d048ad3a0ed1f11c73bac6809e2ea147975bee27c65261aca117df0fae7008e2c3c130bec5533ab89351c2140c9d1a62bdf688629787f954e1c610cbb75edb86209d7c357cd06ef41931dd5dfd1c7d407fa4ee1ef29393beab5713173802cce2d56229cfa76b601662c4d9a84a4936c52abb1981378b717eb55cb604a68d34f03b219f32226ca0e669348a2d8d2453930eb6e9c2bf66fa4e92c75136e148cdb034130d3f646382e1c71579ac70:75461f99650c0368058113a15ba16bd2337b2e633da38112878c4834fac9ba2e307c866c02af79bea33659614cbb4465c57ec3effd4c478ae38a34a05cf1ed07796bc8361c6e8eec39838b24f53971e820f82361e0510eb4def1db2512387d6bf35bbdfa318879209435d6887b1410b3ebc1455f91f985e0fab1ce1c505c455576bca03539d048ad3a0ed1f11c73bac6809e2ea147975bee27c65261aca117df0fae7008e2c3c130bec5533ab89351c2140c9d1a62bdf688629787f954e1c610cbb75edb86209d7c357cd06ef41931dd5dfd1c7d407fa4ee1ef29393beab5713173802cce2d56229cfa76b601662c4d9a84a4936c52abb1981378b717eb55cb604a68d34f03b219f32226ca0e669348a2d8d2453930eb6e9c2bf66fa4e92c75136e148cdb034130d3f646382e1c71579ac70: +8b2f06141e401163f90f674b04dc90dcb6dd3386419339662ecb0dffadf2500b54da934a659119198553fd4566b660d8d610adc3290cb84829c894148cf3f67e:54da934a659119198553fd4566b660d8d610adc3290cb84829c894148cf3f67e:1deb25d43458690323a7d26a26695090993474f467c6fde5ddb34da945be3cea2f6b75652ae21cbc4fd22763a1b45583e1c3e88bbb5fea2049b7336c91159988c01526824ca3bef16b362b9202b8b9754185bd61bea8f539aadf4a1ab135fbc31d2a8e33178073106cbbc02d4cd0d3c8feaa8eb733084356251795afbd78ac3c4f8a3ba19aed755c646f35569c7a6c675b6d6918e834969aca03f71a2e72ccb17003bb75b62e852aaf58b3baea89bcd64a32eb14a6b9e10de48971e53d0e9ac99a78f42de0382ef0e80ed3cfa343f35e4a9983b9aeed986d3a57f47e5e46d40e9d677302809a2d37e4ec011f051b4d031ed600:d68e3750dc56432397401c98ff1529db9ed48fea246dd4ed383ec74c1a463aeb784c87b1fda8bbce970fc97aa9807ddbe95d41fb022ea68c1e311654fa1da2071deb25d43458690323a7d26a26695090993474f467c6fde5ddb34da945be3cea2f6b75652ae21cbc4fd22763a1b45583e1c3e88bbb5fea2049b7336c91159988c01526824ca3bef16b362b9202b8b9754185bd61bea8f539aadf4a1ab135fbc31d2a8e33178073106cbbc02d4cd0d3c8feaa8eb733084356251795afbd78ac3c4f8a3ba19aed755c646f35569c7a6c675b6d6918e834969aca03f71a2e72ccb17003bb75b62e852aaf58b3baea89bcd64a32eb14a6b9e10de48971e53d0e9ac99a78f42de0382ef0e80ed3cfa343f35e4a9983b9aeed986d3a57f47e5e46d40e9d677302809a2d37e4ec011f051b4d031ed600: +dc649fbb1bee0a44814d6d9e9080d5d90c1fc173ab5fefed826a74723a774e0a0214c89f3867ad2e8870e50f8c2a6254986d9c220e3338411300cd9c6404d4b1:0214c89f3867ad2e8870e50f8c2a6254986d9c220e3338411300cd9c6404d4b1:328700a8ae581c1edc4e2c00c78bf4606097f9bd75aade205a243c5fd7434d6222da937e2881a2e3c574356d4d5679301da99e11cf749c27921c8caa2ab2a564d87c5df8ecf1a72b680184824f6986022e3fc98bd2a21c3455abf1154954fb30c89882947b02f35af7b1bfad05237d242e2b74832fc536196f2e59d1acd0c1db6f1943d0f6043bbd6a769083ed66ba0e05a50feb0acf72b6c16ba9af039afb7fe2a4aaeb4d06181c5a1878689e67a3f5d0ad39e794d6239a7e0a12ce820c5be60fd5f1dd79702f49d02b79755fe873f5785c72f74625cd7e2428262597d31482c2c0508801fd96319d61b91ba253a5e722f414cf:0e0c5e4e184375da4ef7e2a2e4888050cd84e2fe21d08e84a852db2be3fbc372c472de0954dcd1dc11aec493c569f40fc6f77f03ee524fb06ec40faa1d6cc10f328700a8ae581c1edc4e2c00c78bf4606097f9bd75aade205a243c5fd7434d6222da937e2881a2e3c574356d4d5679301da99e11cf749c27921c8caa2ab2a564d87c5df8ecf1a72b680184824f6986022e3fc98bd2a21c3455abf1154954fb30c89882947b02f35af7b1bfad05237d242e2b74832fc536196f2e59d1acd0c1db6f1943d0f6043bbd6a769083ed66ba0e05a50feb0acf72b6c16ba9af039afb7fe2a4aaeb4d06181c5a1878689e67a3f5d0ad39e794d6239a7e0a12ce820c5be60fd5f1dd79702f49d02b79755fe873f5785c72f74625cd7e2428262597d31482c2c0508801fd96319d61b91ba253a5e722f414cf: +39b8062da43e64e1676765d62c7fb8e0a99c4fd417d6f7e3319bb13044205f3b6227cefe88ea4fb27b37b5f797778bd72fdafeadccd9aeb67ad437ce08fba6a8:6227cefe88ea4fb27b37b5f797778bd72fdafeadccd9aeb67ad437ce08fba6a8:740af679e3069fad059fa4825fa41c59fbd484aa649303c27c4f7a94711c5b713b2a6b8987859e2271a6a71eb0b4a15abde4f5168f6cb9dbdc6a27a2a13d52c9720896a1f4ce3a5345ee793b6cc3ad80d7d58163d5455b9cbd073e2b7adbff95590c7172271bd91fefdbd01657ee1750651036cdc3560b444ca2184bf4f3ea89fc973aab6fb4a8ee5704bbe5a71c99fa3b5ef0d0396249758297699ae202b819690dc7ac4692770346907845e2210d5363adeec03f0fc7761b7e0ec0fea1bcf6b04fc54b3e4c40d19b8fa649ac8479e8f80730c0c94e9f4a1ad506f2bcab0c49540f6decaa77b3d657dc38a02b28a977ece482545a:c5f626490c0ef4e1efc3edeb0cbc3f7de267057fb7b6eb8f0c813584965bc5c421feedf54241cae001ec6d5e25c9b1fba0385e5dbd95a06ec1d8ae519144960d740af679e3069fad059fa4825fa41c59fbd484aa649303c27c4f7a94711c5b713b2a6b8987859e2271a6a71eb0b4a15abde4f5168f6cb9dbdc6a27a2a13d52c9720896a1f4ce3a5345ee793b6cc3ad80d7d58163d5455b9cbd073e2b7adbff95590c7172271bd91fefdbd01657ee1750651036cdc3560b444ca2184bf4f3ea89fc973aab6fb4a8ee5704bbe5a71c99fa3b5ef0d0396249758297699ae202b819690dc7ac4692770346907845e2210d5363adeec03f0fc7761b7e0ec0fea1bcf6b04fc54b3e4c40d19b8fa649ac8479e8f80730c0c94e9f4a1ad506f2bcab0c49540f6decaa77b3d657dc38a02b28a977ece482545a: +52f4675d8ccd0eb909df0a516648db26fa033ba41d43fc3845896d456e14265ff39e7dafc97b0a84dcbf7fa14a9403ee1fa92b85e5a7e5d05f031b44ddf1f794:f39e7dafc97b0a84dcbf7fa14a9403ee1fa92b85e5a7e5d05f031b44ddf1f794:74427110857cb4af0a3342c2b52997bce1a0db6405c74e9651c5b85979acb071e567fe70412c4e0d8c9fa421914f6a62f2ae420b7b2f4cf80c90574221222288b65867eaa66e7e0a0557a26c549f9a7a4e70838ba4074b4cd7a9d758b378b88dd49441df802a444dcbc30624933b59922f33c20f019fe78ee24b8fba79a682f388505ac9c97f4eb87c611880026b4c23306b865173f5d716abc6cd9a9906db3430136f754129c443b20c42be2fbcbcd44034d714f58a4ba8e756607a02b608ef49648f2ad0cea99e7ab30a8dd7814004f725f49301d7b304dcda625c296d928cb581736ab739c86b469241a8259351fd37b4780a9993:4bf668827a720af68898a06ea7b44545a34ca896ecf311feea47e0686d911fadaa03118997153c65361fea15de9bb891b8909872045508ffad0cd9eab21a970274427110857cb4af0a3342c2b52997bce1a0db6405c74e9651c5b85979acb071e567fe70412c4e0d8c9fa421914f6a62f2ae420b7b2f4cf80c90574221222288b65867eaa66e7e0a0557a26c549f9a7a4e70838ba4074b4cd7a9d758b378b88dd49441df802a444dcbc30624933b59922f33c20f019fe78ee24b8fba79a682f388505ac9c97f4eb87c611880026b4c23306b865173f5d716abc6cd9a9906db3430136f754129c443b20c42be2fbcbcd44034d714f58a4ba8e756607a02b608ef49648f2ad0cea99e7ab30a8dd7814004f725f49301d7b304dcda625c296d928cb581736ab739c86b469241a8259351fd37b4780a9993: +bad73c9fda4ceb9da6c701c2a6e2efc0467afa0a74f8750c52cf1fd4c8e7489abb0f027a9035376e1aa3206c3d774475e351f5767ef86ef48a72c037c24cce62:bb0f027a9035376e1aa3206c3d774475e351f5767ef86ef48a72c037c24cce62:74b966cb780771aee63d734df3756702d1d5fdeddf32136c6358b836318a4f984fe71e7716adddbd649eba44cd4282e0055d8c1ed2d35123d66e5a98f1c0838ded563b9a20eb8007538fc7b0713e7e485e3c28f6ebc421a29dce2524db7f29205761036ada62e5b0b7d5b7f294ff17f338232fa5fd42b6f7253304092d848f50735248595da0f7ef28e568e9916bfc56d7ed0d811b59d5d891ae43e1b198071306bf525c678c6343998005fbb7869d1c40f8cac807fe2ef03f3d5b933f58978ef2906fccf7444a2936e63d928c690926c9c994ed3d666263e956fdfea27764bc5f74125bc46bc102dd3e5ff93b5e123e4b38bdef697e15:197d6b6cc88a98c06dfca0c01225edfe38a0b2289f29f8a44ec0816a952d585e2d59b5b08de100c0606296ccf5e92a99e093623144b8b22db87d92922554600574b966cb780771aee63d734df3756702d1d5fdeddf32136c6358b836318a4f984fe71e7716adddbd649eba44cd4282e0055d8c1ed2d35123d66e5a98f1c0838ded563b9a20eb8007538fc7b0713e7e485e3c28f6ebc421a29dce2524db7f29205761036ada62e5b0b7d5b7f294ff17f338232fa5fd42b6f7253304092d848f50735248595da0f7ef28e568e9916bfc56d7ed0d811b59d5d891ae43e1b198071306bf525c678c6343998005fbb7869d1c40f8cac807fe2ef03f3d5b933f58978ef2906fccf7444a2936e63d928c690926c9c994ed3d666263e956fdfea27764bc5f74125bc46bc102dd3e5ff93b5e123e4b38bdef697e15: +707327a431dba77639b3966b2bc095f8eedf57f7a200e3b0077ce420389c92feee2496910864189fdaa3c7757eb3cda9ab1e70fc9e7f71a38a0bfc845931c95a:ee2496910864189fdaa3c7757eb3cda9ab1e70fc9e7f71a38a0bfc845931c95a:32ef31b64eee700fca2ab21a267f8d9d3bdc689c7538fe959bf713fa995db2c0ad36dde430a8417d437b72c74e26dbe31d93701d4617fe51825cff7a544fc9f44e4345e14b4b11e15f26ffc2af8035f3f970e4dda44c0ebc0363c2b56fde218663bf78839092538fc2f39153d4eb29da0c1a08aa966601cc68ca96e993b01b173a261b2ef327650382f568fe944855b0f4fd9d15e752ac74dcfd37b3786fffcef23339c21e9270dce8891dd5eeeba9608fdc7b6fbcc99fa1b5903daa0968e1b691d19d06f215ded047ef9d76610f5de220f5041b313faf9e96c9fd7db54b5225726af435f9cbd9fd87ab40ce8f2c6940b55f0faae87850ca:fb99029feca387a5d765961e361d7172b98b7e0f11290bb1e5b57b51bc2123d0bce29020392a4fec9ae6a72c4c386cea1857cb8f9c50aa9a76d7f1687fcf290032ef31b64eee700fca2ab21a267f8d9d3bdc689c7538fe959bf713fa995db2c0ad36dde430a8417d437b72c74e26dbe31d93701d4617fe51825cff7a544fc9f44e4345e14b4b11e15f26ffc2af8035f3f970e4dda44c0ebc0363c2b56fde218663bf78839092538fc2f39153d4eb29da0c1a08aa966601cc68ca96e993b01b173a261b2ef327650382f568fe944855b0f4fd9d15e752ac74dcfd37b3786fffcef23339c21e9270dce8891dd5eeeba9608fdc7b6fbcc99fa1b5903daa0968e1b691d19d06f215ded047ef9d76610f5de220f5041b313faf9e96c9fd7db54b5225726af435f9cbd9fd87ab40ce8f2c6940b55f0faae87850ca: +6aa5c9f008f990473ba4a6286a416614026661f11e1a24efa81ac35852d1d070605ac9b4dbdd5033d6c828bfafa93c0039440aa11ca724ae834043e07bd032d5:605ac9b4dbdd5033d6c828bfafa93c0039440aa11ca724ae834043e07bd032d5:b5165d3963f6e6f9ea5657e9f07ff3a321eb338f9a8c3d3c42306b2b278978b31c623a631be3b04c41edfdeddf538e1b765bc8785401c1af29d0467a64411c497395d755dca03ae3272f4bc1fb1918dcc1ed6f04d6498404a8ce1409d447f570a4359522cc54629202ebe507ab693843141bd5ea0573b20f321a483ff383a46897f5926fe0b8afc25572707b63eeed283532928a4144196497942c572ac547605139256b0aa0eaf04db1a256012ed453b173ee19ad6e9b1af3f45ff3044a641f8c8eb0ac7bb45abbded47286b2a069d3908694ee06f2fbd0ef605a7911026ea9ea3c4913f38c04d8b69565a7027867ab3092d05f4cfb18fc7c:9756303b90655e935251032ab19cfc95ca1c2a2c3ea28b033bd47066cbd4c7d8982a8b9886f1b9cd02e88a65564da8dcc34f308ba9f10144ba469c2efa49e004b5165d3963f6e6f9ea5657e9f07ff3a321eb338f9a8c3d3c42306b2b278978b31c623a631be3b04c41edfdeddf538e1b765bc8785401c1af29d0467a64411c497395d755dca03ae3272f4bc1fb1918dcc1ed6f04d6498404a8ce1409d447f570a4359522cc54629202ebe507ab693843141bd5ea0573b20f321a483ff383a46897f5926fe0b8afc25572707b63eeed283532928a4144196497942c572ac547605139256b0aa0eaf04db1a256012ed453b173ee19ad6e9b1af3f45ff3044a641f8c8eb0ac7bb45abbded47286b2a069d3908694ee06f2fbd0ef605a7911026ea9ea3c4913f38c04d8b69565a7027867ab3092d05f4cfb18fc7c: +8efb8b79742be21e6d31de678bc81450ba8621082cd6f0003e22861e2291c48133381e356c4fd386a3f7b969afd9f5c00d2067b698b3f1f00f3784202d3084cf:33381e356c4fd386a3f7b969afd9f5c00d2067b698b3f1f00f3784202d3084cf:6b750325d3a0f08a147700b51a9b3725571094818ed69d1f761013eb86f323f73c49f5e439877c2783b336d1f1a674ef3e431fc1ae0180082df5fca69f848139fe6ab6739a0592ebd6d4705c7f0136b22189a11d60d4d3c9bc80fe7d7c00952d5742f9c0c2121fe792df133f221db991fc960ee64b9d32e0178e542bce8efa8d03ac8026cd77ba8bf0b24215b9faed2eaec920e925d5ec46fff6bde725e91c8280e4ada232a5433ae9680ebb53eb55553147c93370574854896154514299c093219a111dca4e637ad5001338c6d4d5ee9098c65832f7af835bcb622128423036c79a5737738a7539f8d4a6b8b221b56d1401aeb74d4571bc009d:923005cb4848402aa8f9d5da74030b009444924c214ad600ddbab4c153a6ff022b53cf6364cd7ee99bef34fe144da964edfc38a0ba633312650ebf0e55a060096b750325d3a0f08a147700b51a9b3725571094818ed69d1f761013eb86f323f73c49f5e439877c2783b336d1f1a674ef3e431fc1ae0180082df5fca69f848139fe6ab6739a0592ebd6d4705c7f0136b22189a11d60d4d3c9bc80fe7d7c00952d5742f9c0c2121fe792df133f221db991fc960ee64b9d32e0178e542bce8efa8d03ac8026cd77ba8bf0b24215b9faed2eaec920e925d5ec46fff6bde725e91c8280e4ada232a5433ae9680ebb53eb55553147c93370574854896154514299c093219a111dca4e637ad5001338c6d4d5ee9098c65832f7af835bcb622128423036c79a5737738a7539f8d4a6b8b221b56d1401aeb74d4571bc009d: +ed046d688b2b0a1bc3daf2119dd321a607b16d2a2d1d963add1209c665b5ccba8734f1ffcbd71cfde290017ea6253e580d59e65b541b46521f5e5ec1451eaec6:8734f1ffcbd71cfde290017ea6253e580d59e65b541b46521f5e5ec1451eaec6:b9cc90fd8de2a141f95116db3b04be83e98522597ec2174964245180b9a473767d6d470a217db5ff5a1ab777e1e28a0b16975e2bacb873020444b47ed8326421b90ebb503688f090c11b3b13617c5c5052c297a41e2893775e34d59ada49d994c0e4a9f5220e9f0315a67705a3ec08af0dc724b5cf67ff34fada8ba7109ed2b5a8907bb403fb1a838b4b059f18c792d7bfec05dee0c9cbbf1753409d7db3aceaf47b4c61398497b0eca6c1f8ac08a7ea1eb9c40bc4e92e888212f7d9ee14fdb73158160944ff9bcdfef1a7469cc70f9474e5f24dfffea585f09eaaab4be2afebbe8e6cf86d35680dc5d1b92913e848256ec736316fd0a2142063b0:721bfd4776cfba13330fd37269e979c1d7b6ce54a51b82f456e137378e582f192a12089da5aba76a7b161813dce56b72892a35330c94f7ff21d09cf09e553504b9cc90fd8de2a141f95116db3b04be83e98522597ec2174964245180b9a473767d6d470a217db5ff5a1ab777e1e28a0b16975e2bacb873020444b47ed8326421b90ebb503688f090c11b3b13617c5c5052c297a41e2893775e34d59ada49d994c0e4a9f5220e9f0315a67705a3ec08af0dc724b5cf67ff34fada8ba7109ed2b5a8907bb403fb1a838b4b059f18c792d7bfec05dee0c9cbbf1753409d7db3aceaf47b4c61398497b0eca6c1f8ac08a7ea1eb9c40bc4e92e888212f7d9ee14fdb73158160944ff9bcdfef1a7469cc70f9474e5f24dfffea585f09eaaab4be2afebbe8e6cf86d35680dc5d1b92913e848256ec736316fd0a2142063b0: +76ac8e570a39b3a0232c45497537fb2155acec3617865ed1df210f00b49d1b8d312a3ad899ae6a25507ae6e4524e10b63a6e7ae53d9cffd39cf28521d93533d6:312a3ad899ae6a25507ae6e4524e10b63a6e7ae53d9cffd39cf28521d93533d6:53ced9db2b479e59d3ed643f7cc3784c24b8bd4c63206c72e23fa850028899a41ce1a8bdc003f12b7c29972c9a08bcd231fe0e1a0fef0bafbfa4e0e027d72004075ba37d490eb9964e783bb98f9e503e9c1fd3d23fb0017cc7c7a9f86d171f041e2355d8c5e6229d34c7eeacb6358cf3060d5d265bae2004a558878659a30dfed5f2ec788b4e14397b5d00c29db5d4ebf16639a8df292a3d24f6983cbca760d903e976f5b698642ba1fed49e79c38f4bb3946efccc9d6aefad336d558f78e4f205422e10384a4e531e75807efb389d2af4cab43825fb87f196a9080769fe7585782970a6918affe10d20d629b705845597418d699de3f1de854f94bd:cf03f525913c44303b2f80079393c21c1158146ecf99636f5d97adfdd9f35839804c23804cbf1e553cfd4b73f689a9143aec298f8276e1e4ee0891f1ba75de0453ced9db2b479e59d3ed643f7cc3784c24b8bd4c63206c72e23fa850028899a41ce1a8bdc003f12b7c29972c9a08bcd231fe0e1a0fef0bafbfa4e0e027d72004075ba37d490eb9964e783bb98f9e503e9c1fd3d23fb0017cc7c7a9f86d171f041e2355d8c5e6229d34c7eeacb6358cf3060d5d265bae2004a558878659a30dfed5f2ec788b4e14397b5d00c29db5d4ebf16639a8df292a3d24f6983cbca760d903e976f5b698642ba1fed49e79c38f4bb3946efccc9d6aefad336d558f78e4f205422e10384a4e531e75807efb389d2af4cab43825fb87f196a9080769fe7585782970a6918affe10d20d629b705845597418d699de3f1de854f94bd: +f64a66ba0f0819f3001416c220bf52d860130a19764aa8ab38d15b2aa75ac0228125253cd337e00d45b45079b585349561e5f542a81f6d2fcfd985c10feab2af:8125253cd337e00d45b45079b585349561e5f542a81f6d2fcfd985c10feab2af:8072862ed0ab35921db5ec2cba8e6aedb0441fdf47491006c01e6456ad70fae3c4152dcfbfdbb8f0fddec5e96b12bf67989ba96793f4861a11b63909ce8d19b8ca64a544b31ce051fbc88e062806d9965cbd2967b01614e86b532fbf59843218dc9c19c80315f044731719371092a3da38878bc4cf77de972e860466b8fc45e465dc3d0ebf94bdea60ef0b9891ced41b997b11b31ee4167db60c9cfc8b85beacfe223cc1829213774085d7c06d2b2e632cc21cd9660df47c4fa918bdd596ddf622dcb652642b67527ba8ed15a819a8e21f48d7ee70247f5200e37c259dffd17eec8c232f970cb03182fe3964132993f6ecb7c4db18ccef390c9eb3639e:4de6f5250822d7c9d5bb98582500b5c085f541ebdc450ed1acaf83684827ed1dc77147aae4b19e14a7dc5bbe1f1e4f5771d8a6e4f2351739afb08c806d5587018072862ed0ab35921db5ec2cba8e6aedb0441fdf47491006c01e6456ad70fae3c4152dcfbfdbb8f0fddec5e96b12bf67989ba96793f4861a11b63909ce8d19b8ca64a544b31ce051fbc88e062806d9965cbd2967b01614e86b532fbf59843218dc9c19c80315f044731719371092a3da38878bc4cf77de972e860466b8fc45e465dc3d0ebf94bdea60ef0b9891ced41b997b11b31ee4167db60c9cfc8b85beacfe223cc1829213774085d7c06d2b2e632cc21cd9660df47c4fa918bdd596ddf622dcb652642b67527ba8ed15a819a8e21f48d7ee70247f5200e37c259dffd17eec8c232f970cb03182fe3964132993f6ecb7c4db18ccef390c9eb3639e: +8439b1d60aa48460135eb1002cc112792995079a77e6e8ab020b9abaca8920b4eadc3e0c5bddbc3052c3b2f8b0a94566c2b2c879ed17034ac0e6a45f2b3e32d2:eadc3e0c5bddbc3052c3b2f8b0a94566c2b2c879ed17034ac0e6a45f2b3e32d2:5419f6d24eb46635d4a7f8eab803cfd0d04de092afbd86f2a6961a8d1eb8c0d197ba55ee08c991822a5aa702bae0337abd5ca7faa15e1f1ae369946e9b81216c0f5fc22bbd4433c3de93c5caa2741683bbd0e1a78df28dda19174101876334d40339659f021ae766162c6cc5421b79cf9d5c090ed4af07ec84493035bd0b2421b533684295bbe76a70fec596ef8c89c5c9dda3c33b7735d2d2f20b28f1a5402e72d04ba291dd59f14af08adf56eeb086d769c6bec3451891372345fd6bd02dcf95e803af0353150e182e323aaf683e036d9a135d2e6f98cb4d327e2ce7d54247f3592ed067b4ce7627174f996f28165c9c11f07e5ee9cee63851c6b68ea2:62da81e16440821b593b6ee6540e15d1aea75d23e0a1bbfedc808c9548f87e8bbf36915a39a74716f645cca5714d170af907576d4f3705e543d2adddc5ff23035419f6d24eb46635d4a7f8eab803cfd0d04de092afbd86f2a6961a8d1eb8c0d197ba55ee08c991822a5aa702bae0337abd5ca7faa15e1f1ae369946e9b81216c0f5fc22bbd4433c3de93c5caa2741683bbd0e1a78df28dda19174101876334d40339659f021ae766162c6cc5421b79cf9d5c090ed4af07ec84493035bd0b2421b533684295bbe76a70fec596ef8c89c5c9dda3c33b7735d2d2f20b28f1a5402e72d04ba291dd59f14af08adf56eeb086d769c6bec3451891372345fd6bd02dcf95e803af0353150e182e323aaf683e036d9a135d2e6f98cb4d327e2ce7d54247f3592ed067b4ce7627174f996f28165c9c11f07e5ee9cee63851c6b68ea2: +3a046397f0afc072bc7f907c74d38fd1b9afdf27e14a3534768b0dd2df3a1c2299cd70ef3be342493393872f54c47deaa081021892d11a3268f3145ed4f3abe5:99cd70ef3be342493393872f54c47deaa081021892d11a3268f3145ed4f3abe5:f08ddef46cc6c34179820c9861375172fddf774f8dc3f7d64aa432da8e5fae644c0a8a9e6908517d505debd612868ac6daf95cd7e1699750022ccd4b88dbae2bbf73546ee4b835d319a842dae8b9ed683323f31e5cc57919bc9dbe3bcfffb2ada48072697ff4a7d310c91adbca81faf26a0eb7bb0c404ac9d8dfec63e9c64e2f420c07d323b7c0dc3b73507283aeb1cee51db4e1a83a692c7c1ea398f6f30940fab85e2138d4b85aa4e231e5424f5b064ed026f0ccb99d1c85a9eb15f5934a11359d411cf94ae8ffa3361a224f46bab852d184a248b4c31fe3a7e7f5134c051031a9f328a7be4a7cbbb1d8d863a400fd2d58daa44f1b9d8e9ddf961ce6322f:5024ce60257965687080c5b1fc7d1301c32aa6fcc835497d9cb23a74a6ca2724f55353c1b757827ca5440c9ef8f8c1050913e20aabec35c497b56041b5deb209f08ddef46cc6c34179820c9861375172fddf774f8dc3f7d64aa432da8e5fae644c0a8a9e6908517d505debd612868ac6daf95cd7e1699750022ccd4b88dbae2bbf73546ee4b835d319a842dae8b9ed683323f31e5cc57919bc9dbe3bcfffb2ada48072697ff4a7d310c91adbca81faf26a0eb7bb0c404ac9d8dfec63e9c64e2f420c07d323b7c0dc3b73507283aeb1cee51db4e1a83a692c7c1ea398f6f30940fab85e2138d4b85aa4e231e5424f5b064ed026f0ccb99d1c85a9eb15f5934a11359d411cf94ae8ffa3361a224f46bab852d184a248b4c31fe3a7e7f5134c051031a9f328a7be4a7cbbb1d8d863a400fd2d58daa44f1b9d8e9ddf961ce6322f: +124f7416a80453e4cf1cd7b5e050a9761418258bf7d27beb7f23238c4540be2d0da34ab173990150df7399b6bcddba93c6dbcbf4d176941cb5071e8734c5dc92:0da34ab173990150df7399b6bcddba93c6dbcbf4d176941cb5071e8734c5dc92:9dcb9873ff054db11d0a9b19de6885ffba7f0e681cf7fb8f6cd950c48328d1f919ca46054eeee6c9e57843ebdda7b24bc3503c4d612abb1a314f39f58221d2b54dc755acca7969740e7fa8b1a9523b8c7379fd395253f4e6cd054ee24b75613c3581d49e19246a7b3be1cecb334be44f3d626fe3b7b269e628d44580c20636eba2642f2744b959e65757d0ee601843f188e95d17253fef567068a5405a3a9e677fea3d7d55f7ead19a3f30c5f985671b55fa120cb9d05f471b6e1e8d779a2c803a19e6d0d7cd507887ed647c2a95483f933991ed45ae301a2b0e954a5703d248c78810aa0b199cc2bebb2f1d71cc40487dbd42eee0f745f7d285685b1fb31b15:b0572104aa69e529e3465a6fd28f404a4ec20276a993b1725eb8c5f650b4a216f1871b24e368cc46cd1ee0174cda1b5e4ae2200aa9fc44522d975a9c518149089dcb9873ff054db11d0a9b19de6885ffba7f0e681cf7fb8f6cd950c48328d1f919ca46054eeee6c9e57843ebdda7b24bc3503c4d612abb1a314f39f58221d2b54dc755acca7969740e7fa8b1a9523b8c7379fd395253f4e6cd054ee24b75613c3581d49e19246a7b3be1cecb334be44f3d626fe3b7b269e628d44580c20636eba2642f2744b959e65757d0ee601843f188e95d17253fef567068a5405a3a9e677fea3d7d55f7ead19a3f30c5f985671b55fa120cb9d05f471b6e1e8d779a2c803a19e6d0d7cd507887ed647c2a95483f933991ed45ae301a2b0e954a5703d248c78810aa0b199cc2bebb2f1d71cc40487dbd42eee0f745f7d285685b1fb31b15: +25d13b3837601b07a975693e5a33d5337c34c1127fe4c27490612aaf7f642e9a3a07cd68ee2692d51cfad1a80e7763b18a043c74f4e1b01edc55ba9a9e07795a:3a07cd68ee2692d51cfad1a80e7763b18a043c74f4e1b01edc55ba9a9e07795a:115b3220b45ca8f36c7ff5b53887d47e669b78dac13b98cc7aaca5c2e19fce81ec8617ca410e11c9a9118a668453b329ffb718eaec739172f0a849a0848192a5bdea18ab4f60d8d1a0d338952d77b2cc13efe83c76e8dd58803b1d8b3c9729ef102b20835b7de872bef3010f15a4caddf07cf7bdd222d84b174bc21527cffb1b7ffde81e281d30cb7bce25ea3dffb6ea1fbb06cb70569a95ed1a07e97ca42de70aa218159efd608fa9b0896e0b58518a322f251d133e58c8fc1428ab0a170ed845c75fb403f1ffb97d2d2a6d4f277911d326c1cabbb8516cbc17908ab81ff8d79af44611ea1d05879c1ec81d06936e0f4a0aef6d5748e181d30ec25236597a973d:20cbf08392fea6a99cf446a95c199caa0c0f9813cc217b8d228e2ed90bab95ea92cd73ac95834764d33e42243c80a7603491c8d3e49ac715fd8a5b9e4789bb03115b3220b45ca8f36c7ff5b53887d47e669b78dac13b98cc7aaca5c2e19fce81ec8617ca410e11c9a9118a668453b329ffb718eaec739172f0a849a0848192a5bdea18ab4f60d8d1a0d338952d77b2cc13efe83c76e8dd58803b1d8b3c9729ef102b20835b7de872bef3010f15a4caddf07cf7bdd222d84b174bc21527cffb1b7ffde81e281d30cb7bce25ea3dffb6ea1fbb06cb70569a95ed1a07e97ca42de70aa218159efd608fa9b0896e0b58518a322f251d133e58c8fc1428ab0a170ed845c75fb403f1ffb97d2d2a6d4f277911d326c1cabbb8516cbc17908ab81ff8d79af44611ea1d05879c1ec81d06936e0f4a0aef6d5748e181d30ec25236597a973d: +7b3a76decaea60c41e95b05877a7da82064c27278c8d7df5f0bb95f0ad2d0435f80db5c28721b1c611bd87eb145a98bbf383b068045df2458d1a6fda099f7fc2:f80db5c28721b1c611bd87eb145a98bbf383b068045df2458d1a6fda099f7fc2:375fadaedd9cac49b64e1574028046069f4c83654c8a7011abdb64db16b47fa311798172f9072217b0a6a43e5df6ffcc1154bcec1c68e1d35ec05880d012ce76e4cebf301bb2ec983d00b4a0540c937ff1c6df9441c61bdb3be8e0c7c11a35d49b6f55c381269a0e768efbd453447fe48b75ac39646ca82eca7d149304423491871c10dbcfc5973a57fab8371c30cbc4e90becc0b67152226ee177b4ff368ec879b391eb95e36dcbb07b2c16ba395545d4529f727b1a11ef65d120976b7ccc86af4bd204cb9489c921e43ba5e850cfe59899f1c1ec4aa5c92b6dac6914b1952b53dcb540b409231381568987bb2236bc40895df3f17eab7c0274f2244f958612e88e:2cd26fb3c4f7440a72affe93564f6f6559adb15cc7a2ba10879fb7d67e47d4ebd02fe4823698a5fbd4a907fd69184c255a170e5f1747fce968102dc219b50d02375fadaedd9cac49b64e1574028046069f4c83654c8a7011abdb64db16b47fa311798172f9072217b0a6a43e5df6ffcc1154bcec1c68e1d35ec05880d012ce76e4cebf301bb2ec983d00b4a0540c937ff1c6df9441c61bdb3be8e0c7c11a35d49b6f55c381269a0e768efbd453447fe48b75ac39646ca82eca7d149304423491871c10dbcfc5973a57fab8371c30cbc4e90becc0b67152226ee177b4ff368ec879b391eb95e36dcbb07b2c16ba395545d4529f727b1a11ef65d120976b7ccc86af4bd204cb9489c921e43ba5e850cfe59899f1c1ec4aa5c92b6dac6914b1952b53dcb540b409231381568987bb2236bc40895df3f17eab7c0274f2244f958612e88e: +5ff8d4052608eb033a5e94b603ce384d8452f60a26498b9112567f3410c18666c4900de24d9af2482763109926af7c481380fabcda9440c1a53ea1cdc27e6568:c4900de24d9af2482763109926af7c481380fabcda9440c1a53ea1cdc27e6568:138c60557c2e9008afc03d45bec71f961149a0835926751c8ff3935c7d652d83e1b0b1da7d5bbe0b8e171a4e49aae06fd8a9deff78dcde4d25b1aa899998a0f99e1df6f9337a3ea2f24b76c317a7014db4e5283191795a70d8821d217846490f958701d39dc2c8ce47d928938874d87b3558989bc77af820979a351eef9594aa5b94f3341eded4ea20b08c3e7c5610d43267818dfac0a87ddf527fbce8512bbf85b66c9bb5d62f0fe84048f23b19604a5c8d82b1f25a8da02731feb2ecae489b8475f7bd326ddf1a08189e46c08cf50538c2a363e2f4eb2c01a204c7ffbc0b981adc0fd997aafdf2a222ee84c309f6e95ec7de4fa85d4768d5c003165028225e22e09e:b737d4e5be27deb6d87729c636dff7a406c013f313c38cf683fe14f75a3b3005d9535d7e5815c8f8b37c51d6927111c979f7d9d81a347aa9cc09ed4e6c18e90f138c60557c2e9008afc03d45bec71f961149a0835926751c8ff3935c7d652d83e1b0b1da7d5bbe0b8e171a4e49aae06fd8a9deff78dcde4d25b1aa899998a0f99e1df6f9337a3ea2f24b76c317a7014db4e5283191795a70d8821d217846490f958701d39dc2c8ce47d928938874d87b3558989bc77af820979a351eef9594aa5b94f3341eded4ea20b08c3e7c5610d43267818dfac0a87ddf527fbce8512bbf85b66c9bb5d62f0fe84048f23b19604a5c8d82b1f25a8da02731feb2ecae489b8475f7bd326ddf1a08189e46c08cf50538c2a363e2f4eb2c01a204c7ffbc0b981adc0fd997aafdf2a222ee84c309f6e95ec7de4fa85d4768d5c003165028225e22e09e: +eedefc1757e3a7e5ed3946dbedc396a362f683d2c51b0b9f60765d4bfc5134dea9872bc2192fc02b189ceed403ab9f270a032a835fdebfaf1c9d6934ed8304bc:a9872bc2192fc02b189ceed403ab9f270a032a835fdebfaf1c9d6934ed8304bc:b194db73f994cbdc3cbe630ba72c47c2249bc0592ab547942b1d1b882b44f5b3855e568bdddf92ef05022d88fcfc294e76b64a00e9c74355373763e49a4ebc47243d48a9ad588994a518f80f8615c2b31da587a53e529d435a8697350dfcde02d20cce7d5eeefe3f5ab2aac601259cda38538a1b8301f9832e75ab90f8a932f267eac181003965d5266f206180c6c380ece803577ccb46176bf607159486f24259747e2ca6fb1912db7b78a973b2846387c1208030ee1f400d0c5b5e8bde9635ae55638ba17c734de8638bb85dfcd76629a7f9f40d6ab954d55bf8575fc9c9a595097e0893db5a7b8a6c455ecbd3d22d725e19de2941f467f9eb93d66a0e2bbdbf92ed1c:d5bea8ea9a5fe9ed6d2bf839930c0c6cd5039e988f551fdedb5437e1c1af0ed7b3897c035711c3c51926be8d1b32024d5cd582f5f8369ad84d18b12502652f07b194db73f994cbdc3cbe630ba72c47c2249bc0592ab547942b1d1b882b44f5b3855e568bdddf92ef05022d88fcfc294e76b64a00e9c74355373763e49a4ebc47243d48a9ad588994a518f80f8615c2b31da587a53e529d435a8697350dfcde02d20cce7d5eeefe3f5ab2aac601259cda38538a1b8301f9832e75ab90f8a932f267eac181003965d5266f206180c6c380ece803577ccb46176bf607159486f24259747e2ca6fb1912db7b78a973b2846387c1208030ee1f400d0c5b5e8bde9635ae55638ba17c734de8638bb85dfcd76629a7f9f40d6ab954d55bf8575fc9c9a595097e0893db5a7b8a6c455ecbd3d22d725e19de2941f467f9eb93d66a0e2bbdbf92ed1c: +09d22bbaa5956cfacbbf9fd5510975128686c40c6ea96b89ef4c0f0c649bcd7fe559ea8acbdc61b6709a7d83ae15849a6c78b203923dd0a299239ee4886930ba:e559ea8acbdc61b6709a7d83ae15849a6c78b203923dd0a299239ee4886930ba:1c26a0f3a1a5b2d7d5b297af8a6a689d7c62a25267e197d23becd2f2b816c4de92fbdaffb941c3fc8db7a84335a84cfbc92cb3ac806ed58df16b6b8e119a48df4f27c71e931a5938e7d002734885e13a258a15b6e1136efba72f1d096b689f7618f49c968063e8f991fa0b55601e430eee13492a1b09413eb23813591a7a9f070cc396ca9d1facdd4f4ce37c40f7245f55035e10fad6b85b5f01a1daacc0df94069f7de8f6467f96d1fb98648e8a0520a8cd723c98e9dc2dd4b2934d8228f0ae1a415bd3a7cda38d7a9983ce1af6f8c970a2a591635fe12b917536ef815eaf1a3138d70ce70a794264d7c986d9ee3290445f15a9248f2765271e5a992196ae331abd4164bf:e65275c4328a70ad62408ed7fb1728be87a73a814fee8ebd94f2665c71bc66ab0c1b07a600b30bc081a74c536857c20610384be268d9af3e3ecddd3eb0c14c0c1c26a0f3a1a5b2d7d5b297af8a6a689d7c62a25267e197d23becd2f2b816c4de92fbdaffb941c3fc8db7a84335a84cfbc92cb3ac806ed58df16b6b8e119a48df4f27c71e931a5938e7d002734885e13a258a15b6e1136efba72f1d096b689f7618f49c968063e8f991fa0b55601e430eee13492a1b09413eb23813591a7a9f070cc396ca9d1facdd4f4ce37c40f7245f55035e10fad6b85b5f01a1daacc0df94069f7de8f6467f96d1fb98648e8a0520a8cd723c98e9dc2dd4b2934d8228f0ae1a415bd3a7cda38d7a9983ce1af6f8c970a2a591635fe12b917536ef815eaf1a3138d70ce70a794264d7c986d9ee3290445f15a9248f2765271e5a992196ae331abd4164bf: +77826ed351a3f09254ae5692885d774cb3f24410a4809fd90f8a00da9aee99033eac8f41ee73e6ef136821f7957a1c27e15638d0e3916e6caac6fb7beb7bcfb0:3eac8f41ee73e6ef136821f7957a1c27e15638d0e3916e6caac6fb7beb7bcfb0:1ff06c0b3999cecb1900a47d267beafbb35d93d14cb2c8925e3e3fe5d967586925ee4baa41998edd0103205810aad5c0bbdc77874476810246d13089a64db576424fae0bed9664a42a491147d1ee3b9c3b1ba4875be15462392540f9978d9a4630ba4c525499751a45efc299ec7d73b17f9ad275ee71a687e72690d7320242d2dc2bd4d5c5cf0f17a465185dcf60f8efff53903f20b0c2ab2192d44368f2f2fb36048af071f7aa857b14ad1d11461205bebe17e02be2e3ccb6092821885c4e0d4811be3f45b1fea088453e022432f562562b43a355cb56270cedb6c2c42dbf9be850e77192fdc65cfd36834be988dbe9a93e2518c138b090fb9da827cb1c91c8fe52fe7c57f7:977adccdb829b40bbd8e53856a783db346a39dff62041a2972d29009f1c9ff81b8ad54cb901e497c1d3021b50b6c69ee73558fd7be05d625f5727f9af2ce87021ff06c0b3999cecb1900a47d267beafbb35d93d14cb2c8925e3e3fe5d967586925ee4baa41998edd0103205810aad5c0bbdc77874476810246d13089a64db576424fae0bed9664a42a491147d1ee3b9c3b1ba4875be15462392540f9978d9a4630ba4c525499751a45efc299ec7d73b17f9ad275ee71a687e72690d7320242d2dc2bd4d5c5cf0f17a465185dcf60f8efff53903f20b0c2ab2192d44368f2f2fb36048af071f7aa857b14ad1d11461205bebe17e02be2e3ccb6092821885c4e0d4811be3f45b1fea088453e022432f562562b43a355cb56270cedb6c2c42dbf9be850e77192fdc65cfd36834be988dbe9a93e2518c138b090fb9da827cb1c91c8fe52fe7c57f7: +99a99531c3cd6e3e9c900a9eeb26267e72f09d11b651a897ebb79be016f64c6e9bf9f8b48a2728e02608fc19899d219656839d1cc1e9a8984df674ec26662f41:9bf9f8b48a2728e02608fc19899d219656839d1cc1e9a8984df674ec26662f41:7a89c0c1952fdc4298dcaea854efc134656be147e9e8e82fc9a449059d80570f75676b81c4a94f76a968200cdeb0988c73f59afc72ad4c3103e19fe63b7e95e140b5cb2efc7b97a6ffbb6c298ddace3be6d2ed3d598b8bdf0c2fe6c97602142a76e978514c196c1b9a88efdc1925fc506155cff9a2f21ab634e2b93e96928a5d8f7ce4cb7326d9689469242ba9c6a01b77496badef87578f5a17284e900a72df141c6199b0e71ab5da4375037617ec6196d4f4e23ae2916a72d0fce796022305ac9fbbbbe4705b340e42b78e1c02bb1001860cdcaf71ed89255dd56cc0b31c59d4596dcef84e22234be562bd801e94111d83a78064c90f9d82fce91f68abb03c73b6bd8d7e02d4:0e89da5d949cf2bf40c7e17c2d0f9ceabc88a092eb4d49cfbfeab7c8bff43245c67b9e2e92f9bcb9b34b3fcf8b01fa2ea7a9649f814c3aa98b3dd04540c31d097a89c0c1952fdc4298dcaea854efc134656be147e9e8e82fc9a449059d80570f75676b81c4a94f76a968200cdeb0988c73f59afc72ad4c3103e19fe63b7e95e140b5cb2efc7b97a6ffbb6c298ddace3be6d2ed3d598b8bdf0c2fe6c97602142a76e978514c196c1b9a88efdc1925fc506155cff9a2f21ab634e2b93e96928a5d8f7ce4cb7326d9689469242ba9c6a01b77496badef87578f5a17284e900a72df141c6199b0e71ab5da4375037617ec6196d4f4e23ae2916a72d0fce796022305ac9fbbbbe4705b340e42b78e1c02bb1001860cdcaf71ed89255dd56cc0b31c59d4596dcef84e22234be562bd801e94111d83a78064c90f9d82fce91f68abb03c73b6bd8d7e02d4: +aa58403e763bac405db065eb11eb6be3e3b6cf00ec4a222b52bff4b6e3d156ac167f9b9a4665f93f5d7d3016ace6fbd13420b2e51e72bde59eedf26993b66cae:167f9b9a4665f93f5d7d3016ace6fbd13420b2e51e72bde59eedf26993b66cae:3baa0998ff02b32b90b51f9a840c7b5c5870cfb1810a9b0f77b55909d47ad335147a991c29fbebfc592e9307175c1964129a2d5efc6215807453bcd726969781222bcad1c99a49748b9ee667c4d0c82889e2f50064c115dbd8fb483d72ab0ccadf76bddb2dc727dbc3fa5c4624c283d8921c8aa4425110dcdd69c05e5ed59b359625eeaaec1e27eafe9d9a5ce736c3f9c527ea547818b9bca6811be4cc15058a6f5b683303b80c90c94a83b8b15869713a66b1e0f656331b286d1ef7698834ab3e138417aad6bb3ab3bd9fc78761a482dfc654f3f8628c8d9fc16018898f1641e8622bd272e38d41706cb9cebe6ee5e173576bf61bb1188cf2f39c62220bba88fcb4de4898b25b04:64b598ca5b8f9ae742e46ee0d8c1aaf31458b50c25d267a677e44be5b755f14d51801a30399bfcc38d14071aa0ae93da825a581ab6c20725a0a910b4735dfa0b3baa0998ff02b32b90b51f9a840c7b5c5870cfb1810a9b0f77b55909d47ad335147a991c29fbebfc592e9307175c1964129a2d5efc6215807453bcd726969781222bcad1c99a49748b9ee667c4d0c82889e2f50064c115dbd8fb483d72ab0ccadf76bddb2dc727dbc3fa5c4624c283d8921c8aa4425110dcdd69c05e5ed59b359625eeaaec1e27eafe9d9a5ce736c3f9c527ea547818b9bca6811be4cc15058a6f5b683303b80c90c94a83b8b15869713a66b1e0f656331b286d1ef7698834ab3e138417aad6bb3ab3bd9fc78761a482dfc654f3f8628c8d9fc16018898f1641e8622bd272e38d41706cb9cebe6ee5e173576bf61bb1188cf2f39c62220bba88fcb4de4898b25b04: +1044ee3708c0b0e909a8cb2ba2cd0af8d28a5de01d962e826087fb232df7b2d246d241ea0c702c1889d44655824629b67284d4e644a48fa45455d27ac5f62529:46d241ea0c702c1889d44655824629b67284d4e644a48fa45455d27ac5f62529:b8a445455fb66e17e3143d35204c9ea93474eebeef93963ee5c1d377ca217acd4ca63e5755da08fbffdbd4352bf165193896c8d6f76bb4cd3bc2d3a476a4e320824a1210ce74d0014d747f111eec310c5c89ed4d0850e811f80a8bb28dcaf6f411df83e2c1dfd90c4ad23561454eb5d756b63b4ea7f37dc5d466c16ef70d11190c4f5316fe2aa8597440e88bbebaeb35ea5f04f07b0339264158ef909ad5163bfc248cd724133e274f812695f290e57176a96b9393d07bb310299f5d2a6b6dd1dabcb51bf29c5afa7ebb0701c6c84767ac137793091fe0ed6e47d780628a32c84f83e00e9c16742a523ecb63c24f4a338ed299a06194924f44c5a5d3c937ff9b0945982ad24a2d1c79:7d6bed7f87d090abe013c31e1203903bac9c93445d06c7b53d31d15f970d88647a7ed2c3a63050ba19d68043aadd18bd861de1ac4715b8e828b2b16f8a92b001b8a445455fb66e17e3143d35204c9ea93474eebeef93963ee5c1d377ca217acd4ca63e5755da08fbffdbd4352bf165193896c8d6f76bb4cd3bc2d3a476a4e320824a1210ce74d0014d747f111eec310c5c89ed4d0850e811f80a8bb28dcaf6f411df83e2c1dfd90c4ad23561454eb5d756b63b4ea7f37dc5d466c16ef70d11190c4f5316fe2aa8597440e88bbebaeb35ea5f04f07b0339264158ef909ad5163bfc248cd724133e274f812695f290e57176a96b9393d07bb310299f5d2a6b6dd1dabcb51bf29c5afa7ebb0701c6c84767ac137793091fe0ed6e47d780628a32c84f83e00e9c16742a523ecb63c24f4a338ed299a06194924f44c5a5d3c937ff9b0945982ad24a2d1c79: +95dd1a5e658fa6c8d42507b3e5b8edb5baeca62deb00fc5d4dca8e1ab5835e593a5323dd1e07f323bb6d83e9c2db92a29f62e2e003ee0deacd7e2e4e030d8d27:3a5323dd1e07f323bb6d83e9c2db92a29f62e2e003ee0deacd7e2e4e030d8d27:9b7afd48c474604c26367531556840c388668b0f3840063dfc9869ad5b901274b931293d04f3c8e8f7f8eab815a641d7c351284e8bb0437ac551bb29438964e6a7c7ba772344b333f9eda5a77568c8931ddcaf21e32e07b10bf4820fb859bcf87b81c4bff426f24a4d468f2e9aeda8f17d939709970db11df76247e98a39eb8b38f5949f349f2ae05ab48c018517c48fa0205dc7f1566453e105e48c52eb455c0c40802f797b3eefb1e2f3b1f84315aed5b0711c6499a691b74b91f12ef70f76c4c05c1aa1a993e2f3e528ab343dd2368162f4036a61a13a88045dcdefa85d68532275bcf5b8f5f00efdea999a95783175d9ee95a925d48a544934d8c6b262225b6ebea35415dd44df1f:d02a7523dcbd29576ba809b531037774df41734a41175813119c6a6a788cd9b8ad780865678667699ae66d010919a966a051c08163df67a977ee6e220d0dc30f9b7afd48c474604c26367531556840c388668b0f3840063dfc9869ad5b901274b931293d04f3c8e8f7f8eab815a641d7c351284e8bb0437ac551bb29438964e6a7c7ba772344b333f9eda5a77568c8931ddcaf21e32e07b10bf4820fb859bcf87b81c4bff426f24a4d468f2e9aeda8f17d939709970db11df76247e98a39eb8b38f5949f349f2ae05ab48c018517c48fa0205dc7f1566453e105e48c52eb455c0c40802f797b3eefb1e2f3b1f84315aed5b0711c6499a691b74b91f12ef70f76c4c05c1aa1a993e2f3e528ab343dd2368162f4036a61a13a88045dcdefa85d68532275bcf5b8f5f00efdea999a95783175d9ee95a925d48a544934d8c6b262225b6ebea35415dd44df1f: +1abc0b9aa01dc57ca53efe7380962b1a88d50a964f5cd98640982c74393f29268d4fd14394d7c1405700306983fbf76ea9f171b15a6b56612a1feb1cbdae5dd5:8d4fd14394d7c1405700306983fbf76ea9f171b15a6b56612a1feb1cbdae5dd5:da2dd940d5e1db6e80bf7e2b782e7e745cd4fd252e981517975887dd05ac77ed837d082961575efedf301fdf24b70718b991b8d92bdd2e6bee17c8aa4bc694a727bcfc78fd85195c42caf883a2c38d161cadd79cfda9a39110e1264d30bd4c5c4a5876777f233b071b1b0b408935f0468954cc744af8063b004ede56cd981c4dd5608abffeaec9e58f3fafaa671467804b7fa2558f4f95174201f183d80a5914065fed53115b41ebc338f78df050053b8a4e75ea7c6fdc354dad27bfd8a2e66fcd7ae2f587d24be0d4a33da30a220e51bc05fa4e412b959fd95d89ea6ec0162516c096a9433a9e7cf599c928bd5305c2173bf7493ed0c1c603cd03f082cce44237a79ffd8be9a672c2ebaa:f738af2d3e290b3d23d9aff7414bfc5ffa47235dc053687a8ba5c8541b8511f781566cdaa130e0677db55fa8be9d81a092cb58923a8628494d2f62d95c167100da2dd940d5e1db6e80bf7e2b782e7e745cd4fd252e981517975887dd05ac77ed837d082961575efedf301fdf24b70718b991b8d92bdd2e6bee17c8aa4bc694a727bcfc78fd85195c42caf883a2c38d161cadd79cfda9a39110e1264d30bd4c5c4a5876777f233b071b1b0b408935f0468954cc744af8063b004ede56cd981c4dd5608abffeaec9e58f3fafaa671467804b7fa2558f4f95174201f183d80a5914065fed53115b41ebc338f78df050053b8a4e75ea7c6fdc354dad27bfd8a2e66fcd7ae2f587d24be0d4a33da30a220e51bc05fa4e412b959fd95d89ea6ec0162516c096a9433a9e7cf599c928bd5305c2173bf7493ed0c1c603cd03f082cce44237a79ffd8be9a672c2ebaa: +cbffce2c9bd3e23e406e5f66e632dcfa726654d29a955cec983173235fa359d049653edd64a55f7cd40eaf3f8e72eb96dbcdee398f34817f2c95867949710b14:49653edd64a55f7cd40eaf3f8e72eb96dbcdee398f34817f2c95867949710b14:1ffde6826e4f0c24a7961f191e74cc0bbc928e3f1aec3efab32765c2501cbc1620e7ee6f61fccfb00cfca9fb98143b529bcc8c3d0fdf89ee7c342f101815fabf7deaf9f302a288fe175826d590d99ee6fd92da74f9596b783c0e7d47d711a32f39ea4165e5212431441b498c6b70db3b09d1f4e4a14a6bae39da5088bb85b3285ce9df2f90681af2c74dece439aeb91e1c1b0712eddbee8d72569828f37cb720c509d02aec476070484e9b16ec7179947ac96caf0e1be8b6b74f372d7235fe6e3999df733bccd482dfe2e631f56b582667dce5e3121763adfacf3b18cf2095f7394dee4927fc2bea6b5824d90cd59e854ec5872b4551b02efaba5ad54a9b7a8f6de5d7cda5825b325b076ded:e7ced4fa2a7dff73f1068bbad0ec9a1109043c97a62effa148876f0969ed4dc608e28bce797af3b82532c94dec4d6811b7f563679129facf17bb73d69375eb051ffde6826e4f0c24a7961f191e74cc0bbc928e3f1aec3efab32765c2501cbc1620e7ee6f61fccfb00cfca9fb98143b529bcc8c3d0fdf89ee7c342f101815fabf7deaf9f302a288fe175826d590d99ee6fd92da74f9596b783c0e7d47d711a32f39ea4165e5212431441b498c6b70db3b09d1f4e4a14a6bae39da5088bb85b3285ce9df2f90681af2c74dece439aeb91e1c1b0712eddbee8d72569828f37cb720c509d02aec476070484e9b16ec7179947ac96caf0e1be8b6b74f372d7235fe6e3999df733bccd482dfe2e631f56b582667dce5e3121763adfacf3b18cf2095f7394dee4927fc2bea6b5824d90cd59e854ec5872b4551b02efaba5ad54a9b7a8f6de5d7cda5825b325b076ded: +9f91231497484cab39b9e20f861181d397908577bbb2968242d071bca4813ffb8824bc6cd6a6f15a5f41668f2b3bae8fc4967383078d08b51d6d1b2b93a1071f:8824bc6cd6a6f15a5f41668f2b3bae8fc4967383078d08b51d6d1b2b93a1071f:21d4fbc98163c3fb6e09f775c2ab7b18b18792340bafedacb49605622e3c08aa3b2b8d0e0902f361aa1c0f652e2732b10a0c5c6a05098996b588267cc8951a78b5d431e7222bbb508eeef1b5e8b8d01d3991e18dddc6ca8d222ef177ce62938d1810eecf06f4738b28f440946ccad2a12e39d38611bed3a39f93419a179ec2b1b52d5fe5c80c23b84d8803755f5146092cc199b4bdcea5bcf2037bd53ff6346694155f027d8ce2baffe30a5666596c00783aaeade9c77fc8637942ece017d6484c2899b1918d3a480bd5157678d4772d271f9b99768ee1bcc46b2489ae87cd030f47d1333c7672cb902cb4f5fe746e853de57940ba2264d3e629644d653a5b7af78ce64a993f36250f8cb7cb45:0a1c706dd8a13077ab18386c65fa97cf9dfc43542d1846ecbddeb7b3c93f3c66f3ccd0447aacdd4dad8fbf736c4ff9dbdb62bfc14d8883e385bce9bac56a350c21d4fbc98163c3fb6e09f775c2ab7b18b18792340bafedacb49605622e3c08aa3b2b8d0e0902f361aa1c0f652e2732b10a0c5c6a05098996b588267cc8951a78b5d431e7222bbb508eeef1b5e8b8d01d3991e18dddc6ca8d222ef177ce62938d1810eecf06f4738b28f440946ccad2a12e39d38611bed3a39f93419a179ec2b1b52d5fe5c80c23b84d8803755f5146092cc199b4bdcea5bcf2037bd53ff6346694155f027d8ce2baffe30a5666596c00783aaeade9c77fc8637942ece017d6484c2899b1918d3a480bd5157678d4772d271f9b99768ee1bcc46b2489ae87cd030f47d1333c7672cb902cb4f5fe746e853de57940ba2264d3e629644d653a5b7af78ce64a993f36250f8cb7cb45: +1e2bd5487c5f5ced461f604dccb4e78eb91608f0b821f5afc4e3e534f7960392ef825475cf2051a2017ae532f077d96774347d2767ea7b45f9c1b860ab993506:ef825475cf2051a2017ae532f077d96774347d2767ea7b45f9c1b860ab993506:1dbbbb13cdad88854b809ceded273343d306a8deabf3ff02c9cec6f002b8e9e10ef5d1b0f5711f33267aa91c171b61e960f740457b81d751a473f44f750a080cab80af7ccca7dffcfac9ee4c39dc85cbdf51259ccd3470d9bad3ad30f4ee5dbd4fac6bd5c6c4df7311a470044695a7e1a7e18572207588afa57eebcd4d575b6d424457ee92465ce1863e3c677cf875fdb98d4078ebe7144260807052577144cb8e0359aa42ad155d79dae3deb99c4632c191c799cbfe587d954787068d663bdfc0fab1334f1876bf498c4db5c53db7b0204ed5a521c62f09eaca8d0189f3b394143f29c421cb5c8d07bd751baf4cbe3bf4be1701df4b2207dfb2904d84f4dbda51cba576d5a5bb16efe698edd608:4d33c96a2e3a5db7391adf65c1cc3565fe76eeafd0b5c7abb0b492a0b51e1fa33639946a243b2ddef357552298ce0aa95eac6fbfe660988271877eb2a7da18061dbbbb13cdad88854b809ceded273343d306a8deabf3ff02c9cec6f002b8e9e10ef5d1b0f5711f33267aa91c171b61e960f740457b81d751a473f44f750a080cab80af7ccca7dffcfac9ee4c39dc85cbdf51259ccd3470d9bad3ad30f4ee5dbd4fac6bd5c6c4df7311a470044695a7e1a7e18572207588afa57eebcd4d575b6d424457ee92465ce1863e3c677cf875fdb98d4078ebe7144260807052577144cb8e0359aa42ad155d79dae3deb99c4632c191c799cbfe587d954787068d663bdfc0fab1334f1876bf498c4db5c53db7b0204ed5a521c62f09eaca8d0189f3b394143f29c421cb5c8d07bd751baf4cbe3bf4be1701df4b2207dfb2904d84f4dbda51cba576d5a5bb16efe698edd608: +f78db14d6d1a643dd7735baf2635321244e7ec8ca72c5c38c98c809db9cb5a555414f75f52f3864afb0c79c2c5c1d06b4bce400fbddf17fe9cfb2a8bac47a0dd:5414f75f52f3864afb0c79c2c5c1d06b4bce400fbddf17fe9cfb2a8bac47a0dd:05caf1b8edc3b173fbc1ed29b95e2bf06d814ba2407d4b31c728d04ec273d25394423ac7d4fff2ca36ee90273093c756e2bd13c96d4a3dc7f5be1759fcd328eb66c5882b58fa4588e5b2a3713a4154a2340d0b06ad019601b0e028e497f898256b028af95cd8168df5e58a57cd1ebfc0a0c91ced61dbb480aca7df8dca91eb16e98007cd2cd1a2045b0e4477d12d5a4072f365426567c9d61577f3485c8f46605e7f475ef04a3948f60dba8c5508d14bfddb9b11dd044ef2d84c16b9a9038d8e78eda43b91297df35f4361a383b41d49677a687d5b344ad1ab0fc73017b3bebf32306fb3fd7b3d5071f3ab5f6e49aa15540cad6503bea7784cf9421801ce1385839893362a97fae121300d6783af0f:d7cbd4181f67712007b7f0e18452e0a024464d9dc9b5ff9cf669d1b91169d7573262f83336b97c861bfab3fcf669223ce8caf319f21d23f1fa331a2d89b6ca0b05caf1b8edc3b173fbc1ed29b95e2bf06d814ba2407d4b31c728d04ec273d25394423ac7d4fff2ca36ee90273093c756e2bd13c96d4a3dc7f5be1759fcd328eb66c5882b58fa4588e5b2a3713a4154a2340d0b06ad019601b0e028e497f898256b028af95cd8168df5e58a57cd1ebfc0a0c91ced61dbb480aca7df8dca91eb16e98007cd2cd1a2045b0e4477d12d5a4072f365426567c9d61577f3485c8f46605e7f475ef04a3948f60dba8c5508d14bfddb9b11dd044ef2d84c16b9a9038d8e78eda43b91297df35f4361a383b41d49677a687d5b344ad1ab0fc73017b3bebf32306fb3fd7b3d5071f3ab5f6e49aa15540cad6503bea7784cf9421801ce1385839893362a97fae121300d6783af0f: +7dfa328e90a1b849c219e3da832df9ed77448234f0d89ea5d17a3d64e7883dafe30ce6fd5f5800389a70cd117364f59945afb180f229927360b06b4835f8dc91:e30ce6fd5f5800389a70cd117364f59945afb180f229927360b06b4835f8dc91:e5e495d663f47236714532687a24308f942ca9c33e088f7f106a5a723518cacbbef4a68c939a6950b2dc2589f82d354e575272d42b1383d315ab8a20aa0cdc9d4df678ab3b26612b5dca66e71f9f3fa7d9e731dc481e2bc7127cea3b6203ca6cd8162e90886a73dc46c83ddefc4b9e2d53d29dd387c624e08bd8d53be928a40a9aa8ae8b1c8d0fb6a7bd6dce5f62315b7a2181f627f256bbe7e2a95bf464e6132204c174209629840235b2c39913301a4b40325d118d384bc7ac028cd4f12702e161191b149e4209058a55122bbb8b22b24683ba4f8e2e6ccfc08dc8c8b1bcfb6d60bd8f062196933df319ab16906d085730eba1720d4b02c67daf38cce6aba38e25d68ef95b2f521913a1d77d5eb650:1c61d53b872f8cde598609682c79f6c5df007c513a71cfb3a06dcb82d85c4b00ccc40b00e59f595393088b4cd0432855c67a207da71f87e72c409b3e50279507e5e495d663f47236714532687a24308f942ca9c33e088f7f106a5a723518cacbbef4a68c939a6950b2dc2589f82d354e575272d42b1383d315ab8a20aa0cdc9d4df678ab3b26612b5dca66e71f9f3fa7d9e731dc481e2bc7127cea3b6203ca6cd8162e90886a73dc46c83ddefc4b9e2d53d29dd387c624e08bd8d53be928a40a9aa8ae8b1c8d0fb6a7bd6dce5f62315b7a2181f627f256bbe7e2a95bf464e6132204c174209629840235b2c39913301a4b40325d118d384bc7ac028cd4f12702e161191b149e4209058a55122bbb8b22b24683ba4f8e2e6ccfc08dc8c8b1bcfb6d60bd8f062196933df319ab16906d085730eba1720d4b02c67daf38cce6aba38e25d68ef95b2f521913a1d77d5eb650: +6ce13d3c2ec71fed83131a69d5d030314ab49e6565ef68163fff09ac5d9b47e79c7b1118fab91e0e7b192a23d95fb877cb7936cc6c8a330592f48e6784edc292:9c7b1118fab91e0e7b192a23d95fb877cb7936cc6c8a330592f48e6784edc292:10bbc311eb2a765e0167ff37618ff70e13f02d7b0617ae4ac06befbbe149c972a994f680ca4dc9a92ec7efa53997fad356b9ff4ebdee629541d1f4dea62ed0d2494f9ccfdf07a9310491f61c4b3e2700b4a3c668d678329a38c2eff9d8cba431fb959e7f7655bd0fbd77d53bbbc2eb8dc51dd718ed98728a181686be122b844d3da331e329d3959b5923f7734325a021026e2754e17a15108be801465ad958dbcf21df890cfe5d5b883ca43c61cedccbdb58b849ea75374f1e918e803e577a5dc7a1c17936eccfcd3481bd2b1eb075b83237ca6f3c07c19e9af9731267be82d4898eee96ebc900d48b059d51b0dd415b1c890660a88d25f5c5f35d8e45e523e0ce3336923ab43670e35c5057d56c758876:608b2bf6f6da05c2ac5bbfd795a2ac32c79c74153f9431dea59768ff4c225e3b693b645a506766b860850ee97ea43032b05b69e56767e8eb9d1918df9afba80510bbc311eb2a765e0167ff37618ff70e13f02d7b0617ae4ac06befbbe149c972a994f680ca4dc9a92ec7efa53997fad356b9ff4ebdee629541d1f4dea62ed0d2494f9ccfdf07a9310491f61c4b3e2700b4a3c668d678329a38c2eff9d8cba431fb959e7f7655bd0fbd77d53bbbc2eb8dc51dd718ed98728a181686be122b844d3da331e329d3959b5923f7734325a021026e2754e17a15108be801465ad958dbcf21df890cfe5d5b883ca43c61cedccbdb58b849ea75374f1e918e803e577a5dc7a1c17936eccfcd3481bd2b1eb075b83237ca6f3c07c19e9af9731267be82d4898eee96ebc900d48b059d51b0dd415b1c890660a88d25f5c5f35d8e45e523e0ce3336923ab43670e35c5057d56c758876: +d45ee69a5f1a7cfdd0343f8770d1c6bc026f067a70dbe839a86f2aa068c33f81fc8d9fb0e4f34793090755e0328096e01e281ea351b8d95cd9116e131a5ca54e:fc8d9fb0e4f34793090755e0328096e01e281ea351b8d95cd9116e131a5ca54e:eb5ed8ab79cbfe61c25981b9d1d6b70f10b60194b4161fe17d11aff1767994aa0813e9ece2f4c5d531b99e8adf1888c30a63893eb451aaf55acd5a52ad8c401faa88d6eacf3e49470566114fd0c6a274e9544846b0ae9bfa124d7951eb26715e19253ff7edc8a70965776f23ce46031e034a200723ba3d11e11d353d7e7cd84aede267ff64bed418cb9f28c61cd0f63b6ce2ecae14b20bc6bdaed8c428bad18be4b7d66338364acd8042a8256f258a69969b8d3ca2eab3aea3706e5f21c3b1efcc254a824bb4e7ea7aba8827c8eb82786c665aa973821931ff990a63fd34a74a6d8c22a882b0b935152ccb36fcc76f4eca65d67c8680942f75dfad073439c0916065e83877f7ba209303f33548d9e40d4a6b:156c51c5f915d89b8d1400350f8f217a5c02e2629ede9f4a30b6e71d1ea7a953cc6db31ba5c778c269920b649fb4221c6d38cf2cea2a7de3ad423e04faaa0607eb5ed8ab79cbfe61c25981b9d1d6b70f10b60194b4161fe17d11aff1767994aa0813e9ece2f4c5d531b99e8adf1888c30a63893eb451aaf55acd5a52ad8c401faa88d6eacf3e49470566114fd0c6a274e9544846b0ae9bfa124d7951eb26715e19253ff7edc8a70965776f23ce46031e034a200723ba3d11e11d353d7e7cd84aede267ff64bed418cb9f28c61cd0f63b6ce2ecae14b20bc6bdaed8c428bad18be4b7d66338364acd8042a8256f258a69969b8d3ca2eab3aea3706e5f21c3b1efcc254a824bb4e7ea7aba8827c8eb82786c665aa973821931ff990a63fd34a74a6d8c22a882b0b935152ccb36fcc76f4eca65d67c8680942f75dfad073439c0916065e83877f7ba209303f33548d9e40d4a6b: +8a76eaab3a21ec5a975c8b9e197a989e8e030899eb45d78968d0fb697b92e46d2d9c813d2d81e2730b0d17d8512bb8b5d33f436cabaa13e141ca1cb785014344:2d9c813d2d81e2730b0d17d8512bb8b5d33f436cabaa13e141ca1cb785014344:c6c78f2e2080461aed9f12b4f77c989b19716780fab60e6ecb9793b4bc7ed69e5f70fa6bdba16e9bd3194969eea6665abfd630deeefa3d717b6d254dd24bc97dde21f0f29f9ed34b8bd7a013380f4f82c984fdbd95af9805b744bcd952c5a71fbb57d11f411c18cc30bc3594f7ad8228cb6099394a1b6b0a818581bdf93cce58f3a4a23e55db3e69ca9d60cfb3a907fb68329e2ffb6c65f1e828d28127109c9e9fb70160f2ef82a2ee9f9bd170c51e13fd3fc1866b22c79fe6d5101217979dbe2724dcad8a9bc69acc42c112dc697bd271eea550e9e50406bfd28245b83b8f012d34db6dbdd55ae6e575745c153d6e7534901027eadc2fcc33a5287ddbca6d3aeab8972294dc6c712b9942547277340e7ad19e:fceecca4b014fecd90b921b0fa3b15aeaa4e62caa1fb22729c70269232c33cef0d0aeea66432c128afb9a3646bc7f03a12774da8758398c2a0dcce0bbbf6740ac6c78f2e2080461aed9f12b4f77c989b19716780fab60e6ecb9793b4bc7ed69e5f70fa6bdba16e9bd3194969eea6665abfd630deeefa3d717b6d254dd24bc97dde21f0f29f9ed34b8bd7a013380f4f82c984fdbd95af9805b744bcd952c5a71fbb57d11f411c18cc30bc3594f7ad8228cb6099394a1b6b0a818581bdf93cce58f3a4a23e55db3e69ca9d60cfb3a907fb68329e2ffb6c65f1e828d28127109c9e9fb70160f2ef82a2ee9f9bd170c51e13fd3fc1866b22c79fe6d5101217979dbe2724dcad8a9bc69acc42c112dc697bd271eea550e9e50406bfd28245b83b8f012d34db6dbdd55ae6e575745c153d6e7534901027eadc2fcc33a5287ddbca6d3aeab8972294dc6c712b9942547277340e7ad19e: +18a8f93648cdcf47133630af1e11c0ceea3de07327314c96580df775597d7a9c2912f41ab4c87e3937a03331802cba87716b4eea14b9fba6f546d0ac2c0973df:2912f41ab4c87e3937a03331802cba87716b4eea14b9fba6f546d0ac2c0973df:592093ac7cd671d6070b0027edac1fb015cc205d78bb603f378eb9f8aa388ca830db3cb23420c7e852db0b55241eb88a02cc627aa94143be439aab4bf2634757470406e842f20eb10f0700e3c2da364f588a8000f23850c12ce976f326d2df1bac13e95020b412b175bf74bd7ebbacf3ae55c0daebb5c010bf804feee1d7d49fae050bea55996f53cfe1f15a0cf20727db4ee311c260bad9682d7b965e27a9491f471d4a473aff646c7d424d5a0bdcbb8a0233f4b3060dd04c98ec98dfd05ec7247884e2d8e152d4ae52b3d5865d9efd6706a60e088e1e7c9f624510abc7a2045a2c7a7588e2535e73191dd5cf05421563f556a13e8236670343cd5ba4d466e245c4ee3b5a41e70c9a0f5e6ea2c559ebe61ba81e:3b77394cd69f8b45d00cfe3a79a7900628a56518b379ed8a11581fc3a376e5d66807df11e70904f696c741d21d139310fa1b89a93bdc4d2c3997991f5220ee00592093ac7cd671d6070b0027edac1fb015cc205d78bb603f378eb9f8aa388ca830db3cb23420c7e852db0b55241eb88a02cc627aa94143be439aab4bf2634757470406e842f20eb10f0700e3c2da364f588a8000f23850c12ce976f326d2df1bac13e95020b412b175bf74bd7ebbacf3ae55c0daebb5c010bf804feee1d7d49fae050bea55996f53cfe1f15a0cf20727db4ee311c260bad9682d7b965e27a9491f471d4a473aff646c7d424d5a0bdcbb8a0233f4b3060dd04c98ec98dfd05ec7247884e2d8e152d4ae52b3d5865d9efd6706a60e088e1e7c9f624510abc7a2045a2c7a7588e2535e73191dd5cf05421563f556a13e8236670343cd5ba4d466e245c4ee3b5a41e70c9a0f5e6ea2c559ebe61ba81e: +206cd2b8114aae188d81862ccec4cb92c4ef5fc78c24435a19f9ed9b8a22f47e97a67ac2811f529456df532737d76bed7e387da83bd55459372fdfb27ffacff3:97a67ac2811f529456df532737d76bed7e387da83bd55459372fdfb27ffacff3:480c4800f68c79f5dfc0c3666c0ac429b30fe0c5fe848750db2171380b80c8e9fec0a054b16d08674cefe2f64ec28bb6b0596b35235575f189bee259aca766c222ac0a46cf2af75774da4e34a0b54fc2ac49ec8bedf4887cd9b7be4fdb7f686902ddfab04627e26ea2dc3d97d62a4b1546180218ed8fa113334819b5275cc54afdee44309008596507971675e6d8b8a8edec4718f2d4bd735213cbbd18791faa8054174907a7ac17d7143a4757e493beeec4849d0b836f18bb2b3c9016f25af47fb96199251720549f15d149503d41095e25f26209daac39154485c3ded7cb1a8c3e83a52f5a06ec09cf83df00726b7968f64c0cbae299512fb438560f04b3b644346f938ac8e90486614cd844b54eae078bf678b3:73a40d9da08fb98ea25b67e721557a1a51225294d316b53149af895fa4d63cb4a3f56f688566ef6da42fd2941dffa06d497aa902165d50213a6214116299a90c480c4800f68c79f5dfc0c3666c0ac429b30fe0c5fe848750db2171380b80c8e9fec0a054b16d08674cefe2f64ec28bb6b0596b35235575f189bee259aca766c222ac0a46cf2af75774da4e34a0b54fc2ac49ec8bedf4887cd9b7be4fdb7f686902ddfab04627e26ea2dc3d97d62a4b1546180218ed8fa113334819b5275cc54afdee44309008596507971675e6d8b8a8edec4718f2d4bd735213cbbd18791faa8054174907a7ac17d7143a4757e493beeec4849d0b836f18bb2b3c9016f25af47fb96199251720549f15d149503d41095e25f26209daac39154485c3ded7cb1a8c3e83a52f5a06ec09cf83df00726b7968f64c0cbae299512fb438560f04b3b644346f938ac8e90486614cd844b54eae078bf678b3: +59b144a708abec972729a04a6c13f0ea020b4ed4a48298023a568958c21215ecc4f4720092ed6179a082ae4d6145df3771786efca9bd9bb79c9f6667d2cb56b3:c4f4720092ed6179a082ae4d6145df3771786efca9bd9bb79c9f6667d2cb56b3:3857bd260b8aad9d073f06765d37fe893a3f53e23de866ddac33495a39ad33ee9e9d5c22502bc1c4b5470d0e3f3a585223fe4cb93cc4ad2b5ba6d78826a53fc0253dc580a2018cc9ff1cfedbd3ac0b53292deefbc14e589acf496cb5f7670130fdbb6cf38d208953c015a0474675b724bd109f7cb89c33016751fe7aa785d099d09ab20dd5258cd764ac8daf343ce4790ead0863af43121aa527a37a11628f47869668f8eac00d80b6bf9906663d7a2899c1cb678cd7b3eb3bc80226b8b13b6e46877f38f07c3d9c86d3368baac4a6f6b93ccebcec9811474b6a6a4da5c3a5966571eed05edcc0e3fe7cd15915c91f44eee8c149ae451f375518a79fb600a971a39b9433dfa19f91931b1932275747c262eedcbd27f1:1a80850fcbd6e643c6ba8eb684dbef7df015159228daedcf0604709186054db185aa7baacb09d6caad01638eff8e468735a60124de0c5376e94340e541a980073857bd260b8aad9d073f06765d37fe893a3f53e23de866ddac33495a39ad33ee9e9d5c22502bc1c4b5470d0e3f3a585223fe4cb93cc4ad2b5ba6d78826a53fc0253dc580a2018cc9ff1cfedbd3ac0b53292deefbc14e589acf496cb5f7670130fdbb6cf38d208953c015a0474675b724bd109f7cb89c33016751fe7aa785d099d09ab20dd5258cd764ac8daf343ce4790ead0863af43121aa527a37a11628f47869668f8eac00d80b6bf9906663d7a2899c1cb678cd7b3eb3bc80226b8b13b6e46877f38f07c3d9c86d3368baac4a6f6b93ccebcec9811474b6a6a4da5c3a5966571eed05edcc0e3fe7cd15915c91f44eee8c149ae451f375518a79fb600a971a39b9433dfa19f91931b1932275747c262eedcbd27f1: +8d1621eeab83270de857335c665bbf5726e3722225fd016e23bf90ab47aeec3dbecdbc024dae6a94ed4e29c80f2aff796aed8feb2c1b3790a8c72d7b048a2c61:becdbc024dae6a94ed4e29c80f2aff796aed8feb2c1b3790a8c72d7b048a2c61:97facddc82cccccf788c31b3305e93eba956f89613e6e53542b043267fee544c2b0a8ae8886a31b9d321a63c27623baefea840b2a8af5b2330193ffb5baf873c335528afeae2160163c851c5a2e58154a1b0569c2d1366c0710437623b0e08c686e54fc279ed4c45f3e856868375f78224c777b13d75de10d79173552425d15a561904155f2117b2f14713eb0b04648a3bdeb3302167d1973e788a06cb00d48ccb269fa71af8ba68eae55dbbfd9594d5c2b4dc13ae0321718561acdf67dc8cfcc25bc46bb66e096a1941d9335207d3f7d11e8904904fabe3a50a3883e7078047df252f38b67cd28a6ac45c7d7a1d2a1de8d45747cf09301e01cdafd0cd99a6e91b704d509fce692fbdef2f71a5ce0b35bc15c65f876824:e08d6caa5f39327d6e6652ed74dd1a37844b979f5cce747a606f5679f4898bbb7643df7e931b54a2b40ebdefe83003f61ca0f11112f023c6a3e8cc18cafe5f0d97facddc82cccccf788c31b3305e93eba956f89613e6e53542b043267fee544c2b0a8ae8886a31b9d321a63c27623baefea840b2a8af5b2330193ffb5baf873c335528afeae2160163c851c5a2e58154a1b0569c2d1366c0710437623b0e08c686e54fc279ed4c45f3e856868375f78224c777b13d75de10d79173552425d15a561904155f2117b2f14713eb0b04648a3bdeb3302167d1973e788a06cb00d48ccb269fa71af8ba68eae55dbbfd9594d5c2b4dc13ae0321718561acdf67dc8cfcc25bc46bb66e096a1941d9335207d3f7d11e8904904fabe3a50a3883e7078047df252f38b67cd28a6ac45c7d7a1d2a1de8d45747cf09301e01cdafd0cd99a6e91b704d509fce692fbdef2f71a5ce0b35bc15c65f876824: +f2735d50ee3a9a65b58c8acf551663e98809ec406f73e3e7f4e73bc4ea923874df48a5b94a07af3c2c99b8388762243233c850dc175317d602638e5b86ab49ed:df48a5b94a07af3c2c99b8388762243233c850dc175317d602638e5b86ab49ed:ae31e94e7197e4e4d0239348025ed6681e513ce1a6e0aa0e5b979373912150ef113e50ef0569c483f7568c4bbc4703c5dacaa80a0de4e738383fa1f10d6d4071a31b99e6485143972316c86522e37c6887a1c307b29b0dd6f9f1b438310af9d8d7346fb41f9b2dd2e80b14c45eb87d4ed48e37a5260b52257b3e99787a13c55392ba930c08e0240e960def0c29b8550745cf149dee53a5d174ec065d2d6677dee1fc42057062c34e27ea5dbcdb861b9f670c6032c7846cec8e87a7c9520e27967b0186ee71b77ed6d029bbdd70949cec4a709329fa37fee002490cc1bc4c2df6f763f9858f33d750c5b505a67e237063c0486f9456d3c620d9ac7c98f1381de0effe41c18259504a150d68a6a28b0a3eea803b855315c9e0:6942a7696417efaa591b95e11f02d763bef5279b932a8e2a7cbb9f583695c14ce5cc556bec66799b33cb592da4df2735f9eef2c3ceca4362164b6cc93da4e105ae31e94e7197e4e4d0239348025ed6681e513ce1a6e0aa0e5b979373912150ef113e50ef0569c483f7568c4bbc4703c5dacaa80a0de4e738383fa1f10d6d4071a31b99e6485143972316c86522e37c6887a1c307b29b0dd6f9f1b438310af9d8d7346fb41f9b2dd2e80b14c45eb87d4ed48e37a5260b52257b3e99787a13c55392ba930c08e0240e960def0c29b8550745cf149dee53a5d174ec065d2d6677dee1fc42057062c34e27ea5dbcdb861b9f670c6032c7846cec8e87a7c9520e27967b0186ee71b77ed6d029bbdd70949cec4a709329fa37fee002490cc1bc4c2df6f763f9858f33d750c5b505a67e237063c0486f9456d3c620d9ac7c98f1381de0effe41c18259504a150d68a6a28b0a3eea803b855315c9e0: +cad9d21a01c7e1d15df2fbd79c516eb8c3401e9fe28467cc7b21679d4e331a3da7b55c15d6790b40536fcae5ad2892cd66b18689f499c1fdeea66d4a7df39424:a7b55c15d6790b40536fcae5ad2892cd66b18689f499c1fdeea66d4a7df39424:70702bf19c919f9836defd7b846fd9992d8b7eb2e106aeb71e60a31b4ea25a41b212dc7de7c91cbd613d58d0595db833cfe7e50584f25569602c7744fa675d156d0f63cd2b7c089c8a00686a437169826a12dc485b38c068a8007142e5163747011a07a415683622ab1e23ce577c732ba14f401fbc3043e0693a9205c19a92298a3d9b08fb7afafae0a9f016bc750ee631a5f5da5db6f9ba2692c74caaaeb4d097e90e3c02d2e3a7fb3aa000040b7c17b74564e646bea16bad611ebc0859a3828804ab4f5cfba417d254515ca3620a3ad683c46ca6267bb49539bb30e369087e67438e9489562750dccba3aa0b1b0a6c267032d20c2adb75e68df1123b5259bfe4eac6cadca6778138a37318adb30e8d669f3bc9692cc74b68:31927d01db9f2472f4df6f63c18ebd83c2b1aaf88d580e848854df8cba6395d3da7bd6bb9edc1fce1c7d7e1360558fcddfa93915be076efb8ea2dc5ea7b20d0a70702bf19c919f9836defd7b846fd9992d8b7eb2e106aeb71e60a31b4ea25a41b212dc7de7c91cbd613d58d0595db833cfe7e50584f25569602c7744fa675d156d0f63cd2b7c089c8a00686a437169826a12dc485b38c068a8007142e5163747011a07a415683622ab1e23ce577c732ba14f401fbc3043e0693a9205c19a92298a3d9b08fb7afafae0a9f016bc750ee631a5f5da5db6f9ba2692c74caaaeb4d097e90e3c02d2e3a7fb3aa000040b7c17b74564e646bea16bad611ebc0859a3828804ab4f5cfba417d254515ca3620a3ad683c46ca6267bb49539bb30e369087e67438e9489562750dccba3aa0b1b0a6c267032d20c2adb75e68df1123b5259bfe4eac6cadca6778138a37318adb30e8d669f3bc9692cc74b68: +d9be842255e9a16b0a51a8674218cee7cd9a8bdf343508397f4ddb05f3fa00827931bc6dfa3324943aab183d1285515919399ffe0b710677f0915d3a5be51e92:7931bc6dfa3324943aab183d1285515919399ffe0b710677f0915d3a5be51e92:ac6c55b134663e41f02a6dcb8549eaa1c013f59658d81d812f95b74009513723671945e1324f90f8a3f971369181b587bab45665f788d663ab78140c5a22c1c18d4afedc7448a748afe5bf2387003c1d65ab18482ef98922b470da80ad14c944951ce4aed37390cce79a8e01b24c7dfc1141c0eca2c7f773ed4b11806a34615513486e4ee11af08078a1b4054cf9880298608dd9b3faa1a242a452fe511604b3102c313d14cc27c6f0f8471d94555317eaa264cdf52c69e18f461e47903d21298716b172ee9cb178f08ff2d3c9c162121c2ed21d8734b2f0630d399146cbf76e028a143f2bf7bb50af0f57b9ba8021d264b00c6662f84c86cb6d5952b3d241f7dc3e700c96616cbcfb0d0e753ffd5d21ee320e65e97e25cb8609:c93845658c9560d2c0e28f282adbd4652bafd3bb2edec17c94878f7b94d3c77afec906ed292a8dfbf5f8e7c118e8f2ca33dda7909d9b695b8ff5a1c0e97ac807ac6c55b134663e41f02a6dcb8549eaa1c013f59658d81d812f95b74009513723671945e1324f90f8a3f971369181b587bab45665f788d663ab78140c5a22c1c18d4afedc7448a748afe5bf2387003c1d65ab18482ef98922b470da80ad14c944951ce4aed37390cce79a8e01b24c7dfc1141c0eca2c7f773ed4b11806a34615513486e4ee11af08078a1b4054cf9880298608dd9b3faa1a242a452fe511604b3102c313d14cc27c6f0f8471d94555317eaa264cdf52c69e18f461e47903d21298716b172ee9cb178f08ff2d3c9c162121c2ed21d8734b2f0630d399146cbf76e028a143f2bf7bb50af0f57b9ba8021d264b00c6662f84c86cb6d5952b3d241f7dc3e700c96616cbcfb0d0e753ffd5d21ee320e65e97e25cb8609: +cfc48cc6f65811fe7d7bba85d1cd84858fd6f7edd638f4f552363ee7685f69cad29c10694c5e8e3f3447ed78d34dbd74a2b301373ba871b5850c333dff7bf8d0:d29c10694c5e8e3f3447ed78d34dbd74a2b301373ba871b5850c333dff7bf8d0:8e7defb9d16d036bd642cf226e32773e605361c5ec4b951255788db0a042c63e5a4367d61524f10e6258991325a39ab6b03612260c3fe3df20b34202d34395bd4ed40bd61373df781a4c8bcfbd15301060f07437732333d8e49736322dee6b22438e787d8856b70c26ec57d6dade9c3c28e27220c5670e393544ed095937298dc3adc73865f777e90037bdef834716476d78f4e6cb4961a4c68a8a836338a9f5da179c4d5e93c3f70dd35eec709653dd8de37996b12056d4eefcb4b6b3c13ba984d832275c4386ebf4a8ff7f078be3d428c1e0d9b162381f06a5b7bb12704003d91f25d1d8fd43626ce70fff59d2927768a76bf7f9ef76ff95489f38edcd1c9e9b8a8b0ef66c32805776d5ae9fbd84a7af4fa6563ec70ac5733a44:80c5d51e96d1cac8efd3459825e79c1e9f65af701d1d29e1f95b036707113b77984b7b3350f04077333c957f8fbc7d9b040c362651417b9899027cd33edb11038e7defb9d16d036bd642cf226e32773e605361c5ec4b951255788db0a042c63e5a4367d61524f10e6258991325a39ab6b03612260c3fe3df20b34202d34395bd4ed40bd61373df781a4c8bcfbd15301060f07437732333d8e49736322dee6b22438e787d8856b70c26ec57d6dade9c3c28e27220c5670e393544ed095937298dc3adc73865f777e90037bdef834716476d78f4e6cb4961a4c68a8a836338a9f5da179c4d5e93c3f70dd35eec709653dd8de37996b12056d4eefcb4b6b3c13ba984d832275c4386ebf4a8ff7f078be3d428c1e0d9b162381f06a5b7bb12704003d91f25d1d8fd43626ce70fff59d2927768a76bf7f9ef76ff95489f38edcd1c9e9b8a8b0ef66c32805776d5ae9fbd84a7af4fa6563ec70ac5733a44: +15c9f7c4d84a5a479041952e6a8cac24e76fd2d275c197e6b521929b43ba6c5d8633c1829d29091df71fd5c0ef640572e4b64974cd097dbebbcddeba041647c0:8633c1829d29091df71fd5c0ef640572e4b64974cd097dbebbcddeba041647c0:11730dd45dda80d84d080d92e9bddaeea6878e4a0b3b512d9ea733808e1cef51d49048d6c78116a4bde3c64aceaa52beca86b331ab59e9185c70286a02bb5dd04f5c7f4e9c7e445e77458565f159c783dfd4d976a910e937789d2141d416ed3a7f608d26737a86b20b624e3c36af18d25c7d59b8d7427ec6c4d3d438d7ae0949dd7d748c1ffd6f28e8285d440422d22a3761202e9584f5cdb3504547aa4b685730c982cba213de08020a5e4e46a95fac4b481bea0b630abd030ddd335a20fe2cf7094aef4813956991913c6821f4b5410df4f133fe63e22c08092a0a65972722a27ae42011a807c327b417237c540114eecb9f0e96cda5dcf0246f1d2717f49b9cea9dc6a3da9b396f0270529226f5dcba6499918a6c289fe055fec8:1e36bea5a583767ebd80306cab233155b7b42814b43473cf45cdc5039c939744a9694b87220daf4ccd29f25cea405e7c08db2ef17f3f034dbb49cff60283e30611730dd45dda80d84d080d92e9bddaeea6878e4a0b3b512d9ea733808e1cef51d49048d6c78116a4bde3c64aceaa52beca86b331ab59e9185c70286a02bb5dd04f5c7f4e9c7e445e77458565f159c783dfd4d976a910e937789d2141d416ed3a7f608d26737a86b20b624e3c36af18d25c7d59b8d7427ec6c4d3d438d7ae0949dd7d748c1ffd6f28e8285d440422d22a3761202e9584f5cdb3504547aa4b685730c982cba213de08020a5e4e46a95fac4b481bea0b630abd030ddd335a20fe2cf7094aef4813956991913c6821f4b5410df4f133fe63e22c08092a0a65972722a27ae42011a807c327b417237c540114eecb9f0e96cda5dcf0246f1d2717f49b9cea9dc6a3da9b396f0270529226f5dcba6499918a6c289fe055fec8: +6d2d0d823f294746b9a5512e14e73c1d855b5e4bca65fe817729810cc5ef840d1b6480a6a90dfb472984855cef6f1ab31eb7b3f13c8ac00fa556d20b53e5ae17:1b6480a6a90dfb472984855cef6f1ab31eb7b3f13c8ac00fa556d20b53e5ae17:8772721f72eaf7f73040c068a7c3753bffca7dc2d0930c6525f425e6005c25cd4c0ff5095c9c61a5d8a1967b8c86010c884e509e6b1670f79046e22979ebd354734090d3ada21435c1f8254f7b5222cd5564f064e977640366449f4e5008f870f9c4840565bf4fb5f574c9774ba2568e71a9ccd82ffc59b694f26e7de4ce2e3fd880a0eef387931333ede00dcb065e6d0f79591a2aa956df1948a265cb95750d8a233b15c288a05487c515663f93e740fb1570fbe4bd80c68e8d9297345a8a01cdbd88f4a39bed9c5ef09f144bce5de568bf3733bc53b2039a29cb3e194501adc1c10e86383aac8b0f85c67a6689bbe1470a392476313439ca88d98c021c0eaec25fb2f9a160ce5c786170be0238fb8785dd33bfa9059a6c3702d0de05:b515f49eb32ad478692df88f07b7802c6e0e5327aa08a6366e4cb1d1e26f9e65fc81abebe2215d649100f27598273a412b624e842d8130403797e57dec975a0a8772721f72eaf7f73040c068a7c3753bffca7dc2d0930c6525f425e6005c25cd4c0ff5095c9c61a5d8a1967b8c86010c884e509e6b1670f79046e22979ebd354734090d3ada21435c1f8254f7b5222cd5564f064e977640366449f4e5008f870f9c4840565bf4fb5f574c9774ba2568e71a9ccd82ffc59b694f26e7de4ce2e3fd880a0eef387931333ede00dcb065e6d0f79591a2aa956df1948a265cb95750d8a233b15c288a05487c515663f93e740fb1570fbe4bd80c68e8d9297345a8a01cdbd88f4a39bed9c5ef09f144bce5de568bf3733bc53b2039a29cb3e194501adc1c10e86383aac8b0f85c67a6689bbe1470a392476313439ca88d98c021c0eaec25fb2f9a160ce5c786170be0238fb8785dd33bfa9059a6c3702d0de05: +c0cf799af7395bf27bafa36cab437045e39c903bf807548319ce44f287494fbbafbf550ca290c905bdd92fc8831ebe3dfeb6daae4f56005253cc50951e50edc2:afbf550ca290c905bdd92fc8831ebe3dfeb6daae4f56005253cc50951e50edc2:dbe65780e968de9e40ffb57cf59a60fd93b3f9a5e7d8ed5180adbc578ca1bc48bd9fb60a1324c9c2c1141479a0dcf0f1d07e84936526df42333c0d773e3fed9e4038de5b95ad905c92cbe040487bf55e10e1edb429a0ecc4e0e8d00a988a9cd53e2eb372f4fc4cd9537b269ba3a23cefbc8df6476e75434b81d93e8891bf417c82e363f3e4abf80a4f73aca84ac7df6337f536d63d939d92cba64be742221116069ef251abba0b00af01718bb580ddbeb79973ef10a68b4d0fa023d6ebd3079d6b32a1aa20a21e9202f27590c3f0c0cc253073c3f822aac459d39f50758b70c00710a3c98438416508522e512adaa0afd503a7ceb04fb94a4a932ce80cd5a7f11bb861263f58e5749d542a110de7c7689dfcb0c51afa9d54a58ff89f3f67:5bba01a4c7b25542d06912de70aa1e220423fdf8338a9e693395cb6f0dc1fbfd018e3c77e50aef90a9080f30f1f5792b2431078fe6e3e00464245e17cd8dc107dbe65780e968de9e40ffb57cf59a60fd93b3f9a5e7d8ed5180adbc578ca1bc48bd9fb60a1324c9c2c1141479a0dcf0f1d07e84936526df42333c0d773e3fed9e4038de5b95ad905c92cbe040487bf55e10e1edb429a0ecc4e0e8d00a988a9cd53e2eb372f4fc4cd9537b269ba3a23cefbc8df6476e75434b81d93e8891bf417c82e363f3e4abf80a4f73aca84ac7df6337f536d63d939d92cba64be742221116069ef251abba0b00af01718bb580ddbeb79973ef10a68b4d0fa023d6ebd3079d6b32a1aa20a21e9202f27590c3f0c0cc253073c3f822aac459d39f50758b70c00710a3c98438416508522e512adaa0afd503a7ceb04fb94a4a932ce80cd5a7f11bb861263f58e5749d542a110de7c7689dfcb0c51afa9d54a58ff89f3f67: +cdaa50e8527dc7a50fb37e28fa8b9568c37e8567e0b499997b9aed676180c3b07c56e164510268c182b423747904f1d3a5809330f6e1b29266ec46e73be1550f:7c56e164510268c182b423747904f1d3a5809330f6e1b29266ec46e73be1550f:94fcfbaaa303dece7b908f874cc5f095061f1754bb35780db666b63ab8290811bf1c521a7f8f785ea270dfb39d0d6ed95ab71955a11ffaeaa268e081ff3e4f2425b41880a987151e678e89111350942d820c3eec36212426663be175e5286b4ad1cc804e3e3a03b9fa3e82838ebbc2615a645f2ca1468ac4a1cdbe523761e83f4381b0c8550ae5e8c8cd1fda57191436e27cb883bc64be86a9dc6110ef3401d88a7debd1b701d9c257a6826cf01e9e2922e3ae577f2834275fb0ecda80ed8cf1801e0bc5e01e26a77c48bdf46a5c4894d22ab53e741827e24bed5f0750ffad05e53f1d5e61dfd316b191d9797ef713131a8b430abe3fac5f3c4a2ca021878b15adc8c5f542114260e687a9d199d230c4e0d3fc696993b59ccfa3ffa9d8d2fb:137bd10a50ef609384fe668768fb871de741ca0f53ff8477d7ebfa90aafd5e2681fdf1b89250463c15db8e17a58825fe9427de089c34de13cd07bba18d4aa40d94fcfbaaa303dece7b908f874cc5f095061f1754bb35780db666b63ab8290811bf1c521a7f8f785ea270dfb39d0d6ed95ab71955a11ffaeaa268e081ff3e4f2425b41880a987151e678e89111350942d820c3eec36212426663be175e5286b4ad1cc804e3e3a03b9fa3e82838ebbc2615a645f2ca1468ac4a1cdbe523761e83f4381b0c8550ae5e8c8cd1fda57191436e27cb883bc64be86a9dc6110ef3401d88a7debd1b701d9c257a6826cf01e9e2922e3ae577f2834275fb0ecda80ed8cf1801e0bc5e01e26a77c48bdf46a5c4894d22ab53e741827e24bed5f0750ffad05e53f1d5e61dfd316b191d9797ef713131a8b430abe3fac5f3c4a2ca021878b15adc8c5f542114260e687a9d199d230c4e0d3fc696993b59ccfa3ffa9d8d2fb: +0fdea9bee6288f947e0adbdda4dfb2baa03891af25024a5e138ac77984d0050770abd86430d7e8d63209c8b373ec4e4b79e989e6725facefbade3c7574d23cd0:70abd86430d7e8d63209c8b373ec4e4b79e989e6725facefbade3c7574d23cd0:cf72c1a180a2bc37d8478d9a7a39acf03bf2a50790f7902f81121222d31d3ec916f4f24cef9d7c41dc021b0e8487bb892e47305e54520303e89b30b263dac4a9ba375d46c40fcf400535c959d2b746a7fc970cf65b472e84b5f1d0ebadcfa1aed6fc47facce16a366a3b1d6e516813c1960975f8f2b43042fb4eeaabe63c6f65db45ddb7db888a19a9d7ba6ca479fcd70c5d1e970f12c14f4d24fb7e2f357bd3a94aa1b868ccc0847f2eef21853e253bafbf07c4e6176a1ef077167841ebbe5629337157f39f75c71d21e7e96c51a1b16fa8dc60f0b1279fcda2641fc8591e3c492f15bf83caf1d95b2cd91332f1b4202fe72862ca2ea2ef92c11db831d82f8fc3d41fe29a76c211a758e2f71bd89d2c6610f201429f348d56e10e3b7af53e27:80c42dd5df03b285a86ac95ce6669f786a978a813a9d7b8c6a23de76fbd09bdb66c5dd1cc9f1a176cba388d5051764a32fa27f0028ba4898068bd01a3ee17208cf72c1a180a2bc37d8478d9a7a39acf03bf2a50790f7902f81121222d31d3ec916f4f24cef9d7c41dc021b0e8487bb892e47305e54520303e89b30b263dac4a9ba375d46c40fcf400535c959d2b746a7fc970cf65b472e84b5f1d0ebadcfa1aed6fc47facce16a366a3b1d6e516813c1960975f8f2b43042fb4eeaabe63c6f65db45ddb7db888a19a9d7ba6ca479fcd70c5d1e970f12c14f4d24fb7e2f357bd3a94aa1b868ccc0847f2eef21853e253bafbf07c4e6176a1ef077167841ebbe5629337157f39f75c71d21e7e96c51a1b16fa8dc60f0b1279fcda2641fc8591e3c492f15bf83caf1d95b2cd91332f1b4202fe72862ca2ea2ef92c11db831d82f8fc3d41fe29a76c211a758e2f71bd89d2c6610f201429f348d56e10e3b7af53e27: +03d5e466f8298ab5438a30976d1322a7215a642dd5fb4c3f8519409a7522f0924b3ed4db080e2a452e16912c14504424920a60975604e4f379258d1c8b193d6f:4b3ed4db080e2a452e16912c14504424920a60975604e4f379258d1c8b193d6f:1b47b70013cb53e1f8f4971e0f39563ce87edbc2cedd99e5a35585df8b00a852f7b9c97c7e4a5465fc5605ae8c5c36570a99201a7ad6031287ef0c7b2ba6e57b056d0fc8d6ca43bf6cbdab098934b403197b525d22d45e6b29c78f8d6183e41ffe197dae25ba22b06669ae05badd7e1da6932a7d054cbab3f54e5146223ad8671231bc16fe62679bd2817a6b80e653998c4949f81ff53b6173163e11da3e6d3c76d84c713225b4173d6bf06a85b6988a48be4359cb515503ca563f4353f8e7d45e4d94462c89a04a00f1b3b0ca6422d5db029c507d464834a20c78a713661d84edffc496d69282619894437b4487954cbea2aa7261e6a62b6851154a5d25fb6b4f09c59473d385ce03e91ba865eab66c58c0abb0b7a78e4be927e55460ccd70d82:6d7e4658f26f337c98e03f13542e2f39440ff7bf8d88f3f6dfa4d64948cd96b79051492fc28f65f2cc0d23a0c4d5e2307bb1c47e11e53b371f091b69f80dbd051b47b70013cb53e1f8f4971e0f39563ce87edbc2cedd99e5a35585df8b00a852f7b9c97c7e4a5465fc5605ae8c5c36570a99201a7ad6031287ef0c7b2ba6e57b056d0fc8d6ca43bf6cbdab098934b403197b525d22d45e6b29c78f8d6183e41ffe197dae25ba22b06669ae05badd7e1da6932a7d054cbab3f54e5146223ad8671231bc16fe62679bd2817a6b80e653998c4949f81ff53b6173163e11da3e6d3c76d84c713225b4173d6bf06a85b6988a48be4359cb515503ca563f4353f8e7d45e4d94462c89a04a00f1b3b0ca6422d5db029c507d464834a20c78a713661d84edffc496d69282619894437b4487954cbea2aa7261e6a62b6851154a5d25fb6b4f09c59473d385ce03e91ba865eab66c58c0abb0b7a78e4be927e55460ccd70d82: +76cc18a1dafffa100586c06a7b40f79c35fe558c339c2999a5f43875cfade03e4b9da8d2f137dc6c857a99a5998dd89dd5f05971a21e8c776670eb47bc1270a5:4b9da8d2f137dc6c857a99a5998dd89dd5f05971a21e8c776670eb47bc1270a5:4522b1d82373f7a318221e7e57617503ddf44fd53997522a1d963c85b708d0b245de372ad52ec7f54f6213d271f7c91d5a1d36d134db389df0b081a06bc0c7a4875f724092793172c9115641c6d054f1d992e0fae4df58695f0ea3449d7a4b3a8857e19803fe49b6d52c9ff3746a574a2756956579f9fb809a0edec92c55e95ffefa3d05f165822f464a21999f29691f6744ac5a3ee49017880645e837edebfd2e0f24997f041145a72e2376ada283186ca2b836362977195baee30a3acc81b243f3ee376a2c4764c783667a4b1177e7951d3e3c7be4f1bd7ae8c60fd5fb0fd91f0c1c14d0d2327e8f20d92c0dfcc53870e9d99fdbf9dd9a17e882509ae7baa8653e39edc8ee569000d624cb93a0754a798d1f811f6a0ef5501a17bcf25fd0f91626:db74751c66e6b1866044dd9ae99f19e6334f179e79d8b8e0c8cd71d22cefb9eab7e3e7a9c2da225f2a9d93a313d1cbf1b7fe2597b8d702bf3017a6a6bc7b7b064522b1d82373f7a318221e7e57617503ddf44fd53997522a1d963c85b708d0b245de372ad52ec7f54f6213d271f7c91d5a1d36d134db389df0b081a06bc0c7a4875f724092793172c9115641c6d054f1d992e0fae4df58695f0ea3449d7a4b3a8857e19803fe49b6d52c9ff3746a574a2756956579f9fb809a0edec92c55e95ffefa3d05f165822f464a21999f29691f6744ac5a3ee49017880645e837edebfd2e0f24997f041145a72e2376ada283186ca2b836362977195baee30a3acc81b243f3ee376a2c4764c783667a4b1177e7951d3e3c7be4f1bd7ae8c60fd5fb0fd91f0c1c14d0d2327e8f20d92c0dfcc53870e9d99fdbf9dd9a17e882509ae7baa8653e39edc8ee569000d624cb93a0754a798d1f811f6a0ef5501a17bcf25fd0f91626: +71ad980d58ad8e7d33306689358936a372d5190b24ec7f9bde749cb81150efdafd35a75fe5abc20104691a24a4659440b55aeaea902ac3be274af27aa8312869:fd35a75fe5abc20104691a24a4659440b55aeaea902ac3be274af27aa8312869:e87ae073ff5dcc5485a19940e4e3ff263a0618a9025ad4032dfb36d171ce881f71c18a49210eb45819806142e2f00db3041835bf2c3bccf1dba02b8b5a5bdaf8fea316c0623dd48a564ec166f037d587c8c01684e5e5c0ba9dba4d23b49a0309244e282a51408622edb05704747e0cdeec976893777071098972c113a8ab639c31f1613233ee460eea8a8c10e1e6e152214529878cf1adaeaf78cf19bac71361815bf57955498fab4f0f2b7586c86f9f4c2ddf8972f9b9e0eb636d84bcc14385b2d038be55a963702efe225a50bdd0c4da92a2a6a09100ea04a211d396458dceb4487116837d139eb0f122538ed3986ad0af4da2dffc89f3269ca88538086e691e5beae9581e7c63d8e612da2c47f74dde1d94951eadb0df60c3897d2a3095c506093b:81670b1029e481e9ff3c171f05c16861c846ee79cdf2e21e3bf952bcfac97565f2b1dcedf69d2e7eb35caf5662e8bc671fbb96756a63a596264d1b7f4af97e06e87ae073ff5dcc5485a19940e4e3ff263a0618a9025ad4032dfb36d171ce881f71c18a49210eb45819806142e2f00db3041835bf2c3bccf1dba02b8b5a5bdaf8fea316c0623dd48a564ec166f037d587c8c01684e5e5c0ba9dba4d23b49a0309244e282a51408622edb05704747e0cdeec976893777071098972c113a8ab639c31f1613233ee460eea8a8c10e1e6e152214529878cf1adaeaf78cf19bac71361815bf57955498fab4f0f2b7586c86f9f4c2ddf8972f9b9e0eb636d84bcc14385b2d038be55a963702efe225a50bdd0c4da92a2a6a09100ea04a211d396458dceb4487116837d139eb0f122538ed3986ad0af4da2dffc89f3269ca88538086e691e5beae9581e7c63d8e612da2c47f74dde1d94951eadb0df60c3897d2a3095c506093b: +61594e24e75f996b4fb6b3e563f6a4f9915cfa65ddb199b01fed7f8ed7824ecb8627d2141579cd2521aa076800ac354b9e3a47d71cedc8547434268225e33005:8627d2141579cd2521aa076800ac354b9e3a47d71cedc8547434268225e33005:bc01b08c7caa236100a012a726477d0ec389dbfadac73d5106424c5d1f3d1cef1695cfd93a7062ec8bf1067047854920162f651357bedf1cd5a92ec29bdb5dff716e8f6025515a9549ba36cdc35ced7c5c0c368e6cd92f2f10ae146a20728c374bba509641ce88cb42fff0cedfd9fd67f310f9d01a3f3690eb21db17bce67ae35c4cd24c209f09f044759d8d5a7d248e2bd966524ba8c0c28974726b43bd05de843433cc400598922974623d9acbfdc761c4c04375a952ce54caffaa96acff6d9dc278742af476e1865cb8c20d13d1c1900863bca231e44c6b0d47cb41d510f7958f48f304d03da033484a3e1f273faf6983375b7d3be03d8a0a002def6365beb2fa8ccf1a94987adcd33d0da1177fc5159b6e56d004301e921dbc12ec0a73f413cf2c48:6302b3ff2710be306c92b9aae30d23c3d4beff394e63201e6ad11713345c4fcb5cc8d3dd10adfb82bb11a189ce7ec3e4222727624fc17881c14788d2710e1608bc01b08c7caa236100a012a726477d0ec389dbfadac73d5106424c5d1f3d1cef1695cfd93a7062ec8bf1067047854920162f651357bedf1cd5a92ec29bdb5dff716e8f6025515a9549ba36cdc35ced7c5c0c368e6cd92f2f10ae146a20728c374bba509641ce88cb42fff0cedfd9fd67f310f9d01a3f3690eb21db17bce67ae35c4cd24c209f09f044759d8d5a7d248e2bd966524ba8c0c28974726b43bd05de843433cc400598922974623d9acbfdc761c4c04375a952ce54caffaa96acff6d9dc278742af476e1865cb8c20d13d1c1900863bca231e44c6b0d47cb41d510f7958f48f304d03da033484a3e1f273faf6983375b7d3be03d8a0a002def6365beb2fa8ccf1a94987adcd33d0da1177fc5159b6e56d004301e921dbc12ec0a73f413cf2c48: +54e6bbfbf8c06ff2c066318c2ebf03d506547bf43c2d7a5d4df305a3032b71383b71aa1def666d9188f403f82ed30454aba5bc9f470f6eb988da187c92523284:3b71aa1def666d9188f403f82ed30454aba5bc9f470f6eb988da187c92523284:0318d7cb4805af9821dd3f914b0e076fea04a7d2db3a59a00affead3325a2be40c1f87f53276a8552604f228b976e288b9be906a7bd25b2ffab8a8af5d0f6e08786fd034e2fe1eb7ee033979860dd1e5327287e9e615f5dc5a960f17026b56842fc8d44cad002edc8501cfb956001502e4ddc81a7700d9c0be88eb4aaa64a6cbc39de82f13c11086de1a4270d3af97284bac1caef1d3edaa1071666bd83b2ede3962d98b9d93497ddfd8e97dab3089950cf30ed11db77ad1437a0af5889d8efc44e612420e3907267df3acff4bd3fb6e8ca5badf8e72f9de39528653058524456a81da5f84982afac34bef5f71e91f8f90938a6f5f1f287716de56a0946d261e87bc775ce189e41a77baede7320a3c608fc971e55d0a773c4d848d428637f11b4e4460390c:3df4d09079f830e3f982283681ba37b50f3c73de2c5d22a291358ebb1fb854e510f63f9a48e9fff7fd8311302ea3e969394e6d49c9e3182054942f6a744cee030318d7cb4805af9821dd3f914b0e076fea04a7d2db3a59a00affead3325a2be40c1f87f53276a8552604f228b976e288b9be906a7bd25b2ffab8a8af5d0f6e08786fd034e2fe1eb7ee033979860dd1e5327287e9e615f5dc5a960f17026b56842fc8d44cad002edc8501cfb956001502e4ddc81a7700d9c0be88eb4aaa64a6cbc39de82f13c11086de1a4270d3af97284bac1caef1d3edaa1071666bd83b2ede3962d98b9d93497ddfd8e97dab3089950cf30ed11db77ad1437a0af5889d8efc44e612420e3907267df3acff4bd3fb6e8ca5badf8e72f9de39528653058524456a81da5f84982afac34bef5f71e91f8f90938a6f5f1f287716de56a0946d261e87bc775ce189e41a77baede7320a3c608fc971e55d0a773c4d848d428637f11b4e4460390c: +6862061be0de9dfd998118204b2b98db3ce7d7e819dbc10794af0ab2b06e84349c5f7c2265dde1b25e4f27ec71580d52dc89f2c3a712bc1ad5d6d69e711e08d4:9c5f7c2265dde1b25e4f27ec71580d52dc89f2c3a712bc1ad5d6d69e711e08d4:1740dde8434a0d689925679b0c180300cdbd0cf6a89ad8fde34653316cee4c571a4105c9e9e0284238fef2c38a09157c5db94340571b390adfb69ff4c0dc5053253a679d42cc1f1bf1ff429229ea0a5044c6f79564e0dd287f53f015b83187d9ad27d91039af062c437b1575a0eab6aeb8aa0d27b27665d6dea9041ff9963a3118b3298a8544e3fd69ac6877e3e4052fe4422bf03560b2c57ec531ee8b5ff53c28dbde35bb45c35077636e6f841b59d7eb77bc7791b6093858a3a80a3aa6d778dbf53db9d06119c50b71c791c0495c576d1b59d396873ed871485352c8299a359da5ee9d7f36ed1455f89851a30851bea719685aecd08f25562609dd106630735277e1d6519bb1687de8b8c68b9671452edbb3491da264cdfa0017c512d2769759cb925fb664:965edb34e8ab8bc3204a3201d22186372de4242600297cfdb57aa1df074ec50ddf10105e9d4c89a266c34db7772aa94cba946429e68ba62bf9a0ac90f5f05b021740dde8434a0d689925679b0c180300cdbd0cf6a89ad8fde34653316cee4c571a4105c9e9e0284238fef2c38a09157c5db94340571b390adfb69ff4c0dc5053253a679d42cc1f1bf1ff429229ea0a5044c6f79564e0dd287f53f015b83187d9ad27d91039af062c437b1575a0eab6aeb8aa0d27b27665d6dea9041ff9963a3118b3298a8544e3fd69ac6877e3e4052fe4422bf03560b2c57ec531ee8b5ff53c28dbde35bb45c35077636e6f841b59d7eb77bc7791b6093858a3a80a3aa6d778dbf53db9d06119c50b71c791c0495c576d1b59d396873ed871485352c8299a359da5ee9d7f36ed1455f89851a30851bea719685aecd08f25562609dd106630735277e1d6519bb1687de8b8c68b9671452edbb3491da264cdfa0017c512d2769759cb925fb664: +b2250bbcb268d2477c8312b1900fd99982baa29a68974fbf8778a1228dc9755044aa8df1181674b05ade980f7eddbaf3bd7422a920287cb2d2db59a063eebf74:44aa8df1181674b05ade980f7eddbaf3bd7422a920287cb2d2db59a063eebf74:7ef0ae1336a6fab37f99da5fa7d0dec7409c072623ead84f241d53d0596b461705fb1b3c537d36b89e8960febb4cdc0d427ce2fc1be58dbbce151e35acd8b6ace40a19822914a4bd8c4af632f136418ac49b184d55193ebcc32d0d798709b1a8fe294fba8a1fe72d976b4400d4a393242311b0f8cc994e89475b0038ae5d8914938e8f6e87c6f50b9d656c45d7b14231efed97f3c90668913670bf5be2efd5c270c7cbaf01e8572e9800978dfe2e10a2fc0440b855629bf9cd409ea941cb69226cac771b15ea77c0326848806ff8d2e201e6e26cd5f45430dadcff8f59c321c1c9c6a29b94882935447d3e6c2e8804b1161576bdf0320fe53c307d9cde426077a7677cde3c1bc83e18e60a0c4ee6dccd877c213a8e4cca640ee04929804570ae1f96157c04357a:f2b8d92ed51ebd1000bf9dd3411a9fa9e7aee54c4c86e24ad0f9ad5c55643a12d680019ca03f216bd4bd32c9ce1cd8a528c3ffaa5d5b1dc91a4be56f0e2c5e067ef0ae1336a6fab37f99da5fa7d0dec7409c072623ead84f241d53d0596b461705fb1b3c537d36b89e8960febb4cdc0d427ce2fc1be58dbbce151e35acd8b6ace40a19822914a4bd8c4af632f136418ac49b184d55193ebcc32d0d798709b1a8fe294fba8a1fe72d976b4400d4a393242311b0f8cc994e89475b0038ae5d8914938e8f6e87c6f50b9d656c45d7b14231efed97f3c90668913670bf5be2efd5c270c7cbaf01e8572e9800978dfe2e10a2fc0440b855629bf9cd409ea941cb69226cac771b15ea77c0326848806ff8d2e201e6e26cd5f45430dadcff8f59c321c1c9c6a29b94882935447d3e6c2e8804b1161576bdf0320fe53c307d9cde426077a7677cde3c1bc83e18e60a0c4ee6dccd877c213a8e4cca640ee04929804570ae1f96157c04357a: +b809361f55cfe8137fbda880fc62cbe44c216e141893346302b336045de21878fd23e42ff06644ead347abcc1b3e03b0e88593b61254981dd8ae59454e61b3e0:fd23e42ff06644ead347abcc1b3e03b0e88593b61254981dd8ae59454e61b3e0:17ace197d083aaf1726f53e5ef81b5a8c09222f260ee5f1f5404ab78d900d489688449b843bad3c498aac6d80b4639b76e6e81c55276a6f9c7cecd70b71aaaf2018ef76c0e30154aae86a5c86d4e8d0e4ec68cc427060bd56514f7238086bbef5bfca1f5671b18041838fd013572443dba48fbdd95ca740b0daa4327164a1e34677249708f77bd793e7caa6638b5dc9fbe6f0dfd4120209097209c93cedfaf21b6bf59ca6e99e6209639444f0e827bbcc0a61c3a237ca22a283213223ab658e712c7556238d3a5fe31722d65f5706ef6d64d73232d3043220f14e5cfd3c2c83a83d68e20274b6f96b29de040cec8475030b6a8a87d29808dd381795c3d22acf5dc193b720d95a752d9f123c209ffba004e48dd06dd8c9e172bc9e087d80bc5216c0b0b6e77031241:b5b5950d3772d2eef88e1b0f5df5ffae2f2103885e71446d346fbb5daef94967a6b7b6e4be885110065876c665b7812de46ad31ec3bfcbeaee13ed0c1e0b300e17ace197d083aaf1726f53e5ef81b5a8c09222f260ee5f1f5404ab78d900d489688449b843bad3c498aac6d80b4639b76e6e81c55276a6f9c7cecd70b71aaaf2018ef76c0e30154aae86a5c86d4e8d0e4ec68cc427060bd56514f7238086bbef5bfca1f5671b18041838fd013572443dba48fbdd95ca740b0daa4327164a1e34677249708f77bd793e7caa6638b5dc9fbe6f0dfd4120209097209c93cedfaf21b6bf59ca6e99e6209639444f0e827bbcc0a61c3a237ca22a283213223ab658e712c7556238d3a5fe31722d65f5706ef6d64d73232d3043220f14e5cfd3c2c83a83d68e20274b6f96b29de040cec8475030b6a8a87d29808dd381795c3d22acf5dc193b720d95a752d9f123c209ffba004e48dd06dd8c9e172bc9e087d80bc5216c0b0b6e77031241: +eeef8074c2eb9a1cee2f2d3bb05325546a9fb7cbe44b599461fc5885f5fd9cac9b892941a0573b7a1673ef480f081168d9b7496a81f9177dc427ca1f84cbbf7d:9b892941a0573b7a1673ef480f081168d9b7496a81f9177dc427ca1f84cbbf7d:9ae39feade905affcbedd2e72a6f2429b3d1108e5bc1a9dbaf490a6299bccd94acc413adacc918b14afa85c78bc168cc00740c3da0e08183915f79b7fe3868ce2a7e886b32ad45009805bfb81b8c07b3b1022420c0f009b889d7fc22fd1997ae34198438ca94778575122fcaaf96e6502c33a75a129a2d0dbb073d93820d9c96683db318990be3fef4cafc890afbd9b1504c7439a08a065e7814ee4f9b6f57ee16baed3f0e3aa35dd23d3528a458919ad77048b4e2e6172346be249a50af02bc6c853304c208ae0ba02771262a0d8a465f71fa0635e53eb2ef0a847d56a0bcd7dd3fe077c92bcdca3069a4a682a2859928315ce3eb445c6072a71492ee82e172a20be0b648b756e6c775376f0c7c3df8e64288089c2f81ce9593c6e08bb1cc1b27fcbd392fc7952c55:6f7101984fd6892e2144b7d45619830caeb6713bfab4eebbe217c5becd249bd9d752eb76e9fa995e7c71ff7df86bb260cdda173ff5deec6af204b7dde011de099ae39feade905affcbedd2e72a6f2429b3d1108e5bc1a9dbaf490a6299bccd94acc413adacc918b14afa85c78bc168cc00740c3da0e08183915f79b7fe3868ce2a7e886b32ad45009805bfb81b8c07b3b1022420c0f009b889d7fc22fd1997ae34198438ca94778575122fcaaf96e6502c33a75a129a2d0dbb073d93820d9c96683db318990be3fef4cafc890afbd9b1504c7439a08a065e7814ee4f9b6f57ee16baed3f0e3aa35dd23d3528a458919ad77048b4e2e6172346be249a50af02bc6c853304c208ae0ba02771262a0d8a465f71fa0635e53eb2ef0a847d56a0bcd7dd3fe077c92bcdca3069a4a682a2859928315ce3eb445c6072a71492ee82e172a20be0b648b756e6c775376f0c7c3df8e64288089c2f81ce9593c6e08bb1cc1b27fcbd392fc7952c55: +61faeb15f857f6557862c8b8c7ef41f80545520996fcc1127b8c2491822201ae60a290c0fc425a0874673d94f9bb1400f9dacde9954f9f5b05dd48ab747a3950:60a290c0fc425a0874673d94f9bb1400f9dacde9954f9f5b05dd48ab747a3950:253b566eccb563bd6e480c69739b8e372519a3437254e0e5029cac86c71638f2df2a6cf9e56db2569934deba90db75547e3671747df64d6f2aaf3c110fa67a7094ccbe4cc5355f0d43235136ee26dbe37f4225d3bbfe245595280585fb548f894e86c516102580291fa7a02859557fb98eb588870828b0990ae9d74f3831da58946bc7a5ce1ba498b4e8be8989a3b50d7e8789f56b8b4fecbc2a33bfa3ef591a0fbcd932fa93e19f3a812ae5e4e3b4b242be7705a5874af73be310b0058266a378f23c1348524715b0ccc18d6634b23636c316ba6a1dd2fd5092c06716a717b54d0eb9fc7f636f85bbf225a2cf035b4b7cfddd75351682c0576c6b3ba5a1c0b25ec594e7709dd09a0079772ff3acc67fb6c1b37bb3742b726e77e80561d9ab73160b73362581da5b9c7f:31f90f50b2dc705f1d92f12ca9975d76f1b2826ada3cc185b0ed6c83860777bd8c489b59855a91f64839d49ba467985abb376c47a4908b271b8f77c58d01fd04253b566eccb563bd6e480c69739b8e372519a3437254e0e5029cac86c71638f2df2a6cf9e56db2569934deba90db75547e3671747df64d6f2aaf3c110fa67a7094ccbe4cc5355f0d43235136ee26dbe37f4225d3bbfe245595280585fb548f894e86c516102580291fa7a02859557fb98eb588870828b0990ae9d74f3831da58946bc7a5ce1ba498b4e8be8989a3b50d7e8789f56b8b4fecbc2a33bfa3ef591a0fbcd932fa93e19f3a812ae5e4e3b4b242be7705a5874af73be310b0058266a378f23c1348524715b0ccc18d6634b23636c316ba6a1dd2fd5092c06716a717b54d0eb9fc7f636f85bbf225a2cf035b4b7cfddd75351682c0576c6b3ba5a1c0b25ec594e7709dd09a0079772ff3acc67fb6c1b37bb3742b726e77e80561d9ab73160b73362581da5b9c7f: +e6b9cd4da07cb34f30391cf68f0d87c7cfcf68f810ffa40f9739c95deb037f71569ede0f04630b43a04c5a66b6a5636b766c75965984a7477e15491960fdd864:569ede0f04630b43a04c5a66b6a5636b766c75965984a7477e15491960fdd864:69def0523afda696f8448f9c1143abc26533e68695a090df0d9e43d0c0eff43583e6f709d2043c815fbb3f96ba2b0dc3be6fecad5dd38148788e4a0385a9fe7a921fcb8ccee0e4d3aed4bc3d216d84b414f9580b02820c03d92e675e685c4b5851f363bb4df97b417c3fd90022eeafa20dfbe82964f2ff073d255758fbe567c76b2c35e2b09f8a8d7afa32c6f5ad01bc3ebf6e210606db038ecb6820ce1ea4dd529fc1adfbc2a138565ac6d0f4a4109bdd47b8aa6ef4b8bede454680d1dbdb75fe1eb2e548d5de7cb6d792fef3aa0d8480a6030b30f104d7e76b58e9f476ebf2cc832923b50c50c111c3515fc518852323426ca778a596d3195da8585d8c3aa92083313a6e6585b70c98b185b472798a61cde77e62ec272f14b0d9eb4f22f9c7c05817da6fdefe7879a584:1e375c94bd809ca0cdd02f89ecec4e437732dd20a0a84b254eae889d8070e682d113b0be22e41e6cdc3be877680e7eeb7f0995e6622dc0b434fb0949dd994b0c69def0523afda696f8448f9c1143abc26533e68695a090df0d9e43d0c0eff43583e6f709d2043c815fbb3f96ba2b0dc3be6fecad5dd38148788e4a0385a9fe7a921fcb8ccee0e4d3aed4bc3d216d84b414f9580b02820c03d92e675e685c4b5851f363bb4df97b417c3fd90022eeafa20dfbe82964f2ff073d255758fbe567c76b2c35e2b09f8a8d7afa32c6f5ad01bc3ebf6e210606db038ecb6820ce1ea4dd529fc1adfbc2a138565ac6d0f4a4109bdd47b8aa6ef4b8bede454680d1dbdb75fe1eb2e548d5de7cb6d792fef3aa0d8480a6030b30f104d7e76b58e9f476ebf2cc832923b50c50c111c3515fc518852323426ca778a596d3195da8585d8c3aa92083313a6e6585b70c98b185b472798a61cde77e62ec272f14b0d9eb4f22f9c7c05817da6fdefe7879a584: +4d9044f17b5a0977dc5aa9916a924300a244a1ef7f060277ad4978351ea64291ab9c0692a606b2567c19c30f9faa3b4cfe72fb237077767b76d3b2ae1490a6d4:ab9c0692a606b2567c19c30f9faa3b4cfe72fb237077767b76d3b2ae1490a6d4:7c8c7189af67327af1c6dd2c30e975f190e3b38d008b4585167e0d450740d46734587f6d208784245cc5cb062a2a277f17ebb2746f9bdf4a8237ca479ab0a430177e19ed7dd3622576b14cdc08282214fe5ee4d76b43c16ac90864c51be8aed45d7b980df7917f290fdf795846465f27fcb7e5730637944f0577c92f32375e995bc0cda9d7196f2c0c1ac8b80d12a0439963ebd2254c347703575816e7964c13d44d629280c312ea265344de38f3b18d9150f8f924afb44b6bfb9eda513d59e65e2ef18666e6c2a21c4018665befe92cae581d3cb14e23e97d830002cb90931ae0210068af394ebe351be5b817f3674bfbf40049030e4fe505d34a1d502a2c50d8e638e926c230676b7edefb6bec77b1c0ce609325287ba5fdd7a9976987bd07fc6a4344956ebf818f08586c:6fa48aea4d5b9af65af964cdb709443a11fa84f7d44acddab16e04a6fcefb27ae33c05b36da13c23de517d6e6ac574a03ea630ba4fbb958131129aa7f1354c017c8c7189af67327af1c6dd2c30e975f190e3b38d008b4585167e0d450740d46734587f6d208784245cc5cb062a2a277f17ebb2746f9bdf4a8237ca479ab0a430177e19ed7dd3622576b14cdc08282214fe5ee4d76b43c16ac90864c51be8aed45d7b980df7917f290fdf795846465f27fcb7e5730637944f0577c92f32375e995bc0cda9d7196f2c0c1ac8b80d12a0439963ebd2254c347703575816e7964c13d44d629280c312ea265344de38f3b18d9150f8f924afb44b6bfb9eda513d59e65e2ef18666e6c2a21c4018665befe92cae581d3cb14e23e97d830002cb90931ae0210068af394ebe351be5b817f3674bfbf40049030e4fe505d34a1d502a2c50d8e638e926c230676b7edefb6bec77b1c0ce609325287ba5fdd7a9976987bd07fc6a4344956ebf818f08586c: +75ad76bb4c0c229a5adc79e444b13f88a96459862c8cf0ba498d0c996af94a7af074dd2b9c1c309105ec951bb5812a91ddb54023b3809ab379c56af0461af617:f074dd2b9c1c309105ec951bb5812a91ddb54023b3809ab379c56af0461af617:0ca8c1c74128d74e9d0a7bf8964291d074917f2f9920efb911520567642a50a615abcbd00aed4abbfef1a983cce333e1d0df3e6404fb9043c6803914cd5fffbc66a0790c7878a24089a571f895662a1d18be3f01ff97fb3323334b6f5baf96551448e4090d033c464294d09133b151d5b5c6321b50e2241de0ef6f882889ccf4ad3540d5a1e3f7548fb13be71c16516606e79d0449c2a08e5dc23148843c84e97ed24069161c8e75208f33e95b3e10d1d49a2faef9d986ab62809f62ad39c7cc871f375a4f5a6faf104d7e11b890cfb0589902685216ec07cb8e8e9e7a7c43635e23212b69ca3b7ed54f0b97949e3d9a6662f8e4b3ab09cd495294c331c047d86ee785ff658bcd7fcf9c480605ce05e810068d60fc9b26b5f063eb9000d2657a5094284ac80f1375d0b66d6f5f:0c4643a8be6dc22f4beb6bcc70c6172ec7608378653cb4e99f3ae795eadf4e982a297609ca7938f5df632b095628cb75062d3d51fc0f3323bfa7b22ec4d472050ca8c1c74128d74e9d0a7bf8964291d074917f2f9920efb911520567642a50a615abcbd00aed4abbfef1a983cce333e1d0df3e6404fb9043c6803914cd5fffbc66a0790c7878a24089a571f895662a1d18be3f01ff97fb3323334b6f5baf96551448e4090d033c464294d09133b151d5b5c6321b50e2241de0ef6f882889ccf4ad3540d5a1e3f7548fb13be71c16516606e79d0449c2a08e5dc23148843c84e97ed24069161c8e75208f33e95b3e10d1d49a2faef9d986ab62809f62ad39c7cc871f375a4f5a6faf104d7e11b890cfb0589902685216ec07cb8e8e9e7a7c43635e23212b69ca3b7ed54f0b97949e3d9a6662f8e4b3ab09cd495294c331c047d86ee785ff658bcd7fcf9c480605ce05e810068d60fc9b26b5f063eb9000d2657a5094284ac80f1375d0b66d6f5f: +adc6e9b2e103b62c24ad4346410e83a1a0bd253e4abf77911850c6d9666e09f9fce316e33c910821beeddd634bedc58ee57999a76ece384605283b99b543b78b:fce316e33c910821beeddd634bedc58ee57999a76ece384605283b99b543b78b:8cccd98ebbf2439ffdfac41687638faa444e1ca4b63d13e898eaa8355492f28813ab813fd01510e112be106b2045d30f63335d248904d521de181abac03e3d2cb2d16c44b3b012a0c51f9901aef9056c724d7a2c6b2acb0a07555940e4c6e21154890611adeb6489f461d3e5ecd1af5a4d2b0adaf41747436eb414757a8fe4775674e3c6e5de4569d6fc6c788e10905eba32c270a393e6f721a765294e2ac99a9b6e534d3df08d1db97d602ac3195cb0b77f5bd4acaf737fadd6991f0688abc74918047574eac28289739a664e0e0e20574a2c25fde49d14539db1cedd4a9204a70acff0a62c8f25cd768ffab15c4db316840a4d1bc92e212670be07c5bdcf537590607dfbbbb4d9f98b89da0b4df7d88f3eca4814d16bfa20c8d2fa94f9f259f2ee2d3a83c9e4171b1a262c4b99:cb017d6d2682c9854366259aa35f30d491cfaa930998c297dbddc6aded5b3d401cf76d80d8a2764de131718b6e0c481d7196bc72579716b0c0f6ff053e68c50c8cccd98ebbf2439ffdfac41687638faa444e1ca4b63d13e898eaa8355492f28813ab813fd01510e112be106b2045d30f63335d248904d521de181abac03e3d2cb2d16c44b3b012a0c51f9901aef9056c724d7a2c6b2acb0a07555940e4c6e21154890611adeb6489f461d3e5ecd1af5a4d2b0adaf41747436eb414757a8fe4775674e3c6e5de4569d6fc6c788e10905eba32c270a393e6f721a765294e2ac99a9b6e534d3df08d1db97d602ac3195cb0b77f5bd4acaf737fadd6991f0688abc74918047574eac28289739a664e0e0e20574a2c25fde49d14539db1cedd4a9204a70acff0a62c8f25cd768ffab15c4db316840a4d1bc92e212670be07c5bdcf537590607dfbbbb4d9f98b89da0b4df7d88f3eca4814d16bfa20c8d2fa94f9f259f2ee2d3a83c9e4171b1a262c4b99: +37fc1beda4060b6c57883ddba0776c2bcf5ac28a651326021cca97723730fbb07bd7bf1c99dc82e06f08bb454d8fb288a57927e07ff1b12af15ee2c12fbb6b3d:7bd7bf1c99dc82e06f08bb454d8fb288a57927e07ff1b12af15ee2c12fbb6b3d:3dfcac0265a024a83cb932674489a163aac314bf3d969f27596e451733b99deba5eeb779210baf95bf545a1ae6b8a915860693ee890f939320e06a844483d18c6a1bcd03c638bb7d1fe2a82eb448a311b1302ea6428f54a39f45a4d560be1557a2b254c45c137f45cc68356836e21bed0b7f73a518ce09db0be393927c339bf2a4b5987539404ce650284de12e3b553b262efe23848332ccfdc35e791a0ab43f139c71ed0fcb2d173bb377ee46b1a9dca9277e77df855f2830251e31e26acd86763c8d7eac22c882fc174f2b5e75ca6ad1ade03f942bb2a13bf541906159158c68363c7480c5b27a99320f8283a2699d4369c071c50dbd90b7792e4772efbc0b195bce84cc4dcfff7072a48968db69f9feddd0f9ced659eb5db7167f35f988cec114887dcbfdf27d02d300b3e1abec:a01dd65fada27039f168b123419d8abfbda48c572ece24fda06e1a5ec31e084f4ee1cbf9961e88ed51e189fcb7f5f235de1e5b28d08f2bfca190b0f019ecc2073dfcac0265a024a83cb932674489a163aac314bf3d969f27596e451733b99deba5eeb779210baf95bf545a1ae6b8a915860693ee890f939320e06a844483d18c6a1bcd03c638bb7d1fe2a82eb448a311b1302ea6428f54a39f45a4d560be1557a2b254c45c137f45cc68356836e21bed0b7f73a518ce09db0be393927c339bf2a4b5987539404ce650284de12e3b553b262efe23848332ccfdc35e791a0ab43f139c71ed0fcb2d173bb377ee46b1a9dca9277e77df855f2830251e31e26acd86763c8d7eac22c882fc174f2b5e75ca6ad1ade03f942bb2a13bf541906159158c68363c7480c5b27a99320f8283a2699d4369c071c50dbd90b7792e4772efbc0b195bce84cc4dcfff7072a48968db69f9feddd0f9ced659eb5db7167f35f988cec114887dcbfdf27d02d300b3e1abec: +8d42f4ddd2bbd2b827b0a0d31d8f758ebd13a1b9b3712228948ca610bb8858e5b7354898794f9db0a8af6eeafcdbdf011d3fbef0212ad938a4a4ad27ab16ebbf:b7354898794f9db0a8af6eeafcdbdf011d3fbef0212ad938a4a4ad27ab16ebbf:e3a2bebc0496d8974a8f4061880369314ed9e440c1b77e26fe5071ce694ffd2136db0c4d5e880e6000083a75c90d3cf72b9cf5a2b1a9002c2701a2ff59b0699a8f42d79dd8a5fb71a8125453d91fb80080a3f0a16584282f17ec7dfdc2e5c69c4d9bdf484d55944dae273f211cfb76ad37da45871365439af35eea1fbecd4ca679b59b5e01bacf49c7f4e5efaa406ba1daeb085482af5ded89dc6885ffbe3d14d2931b83897e28ad06e5564e2789baea81bd932aa279fe8e324b9a8ef111c2abe2f137d4bb50d8ab76cebc0bd982a23919751ad4d49e88eb14173d3310289a872317e4a451e88d54320891870f15b2d53324430877a9fb5b49bb929f211c5b89764dd9c3a595a1451e9f85a238540002566e53a99ed1e6ddc9b4853f455edb4cf1980d56bbdc1313a36e76ea9cbb048a:70764be39c6dca0f067abe1eca490fda951fd4e9499695266e270b9b05eae706ca8d1ca6a92d7c488ec6ad8ba11457a42a5e31702a9c2bce892dc40535c09f01e3a2bebc0496d8974a8f4061880369314ed9e440c1b77e26fe5071ce694ffd2136db0c4d5e880e6000083a75c90d3cf72b9cf5a2b1a9002c2701a2ff59b0699a8f42d79dd8a5fb71a8125453d91fb80080a3f0a16584282f17ec7dfdc2e5c69c4d9bdf484d55944dae273f211cfb76ad37da45871365439af35eea1fbecd4ca679b59b5e01bacf49c7f4e5efaa406ba1daeb085482af5ded89dc6885ffbe3d14d2931b83897e28ad06e5564e2789baea81bd932aa279fe8e324b9a8ef111c2abe2f137d4bb50d8ab76cebc0bd982a23919751ad4d49e88eb14173d3310289a872317e4a451e88d54320891870f15b2d53324430877a9fb5b49bb929f211c5b89764dd9c3a595a1451e9f85a238540002566e53a99ed1e6ddc9b4853f455edb4cf1980d56bbdc1313a36e76ea9cbb048a: +b62de5a1acfe4ca2d1f0c132afcbdae66fb29a02f297fbc2407fadbbf2454200b63b2d0bf355f7b6d0bac07403411c40afbbb2f707503b3fc2cee8a1c7d0a838:b63b2d0bf355f7b6d0bac07403411c40afbbb2f707503b3fc2cee8a1c7d0a838:e659e51d7b193c4b8e2b3ed73a9d7557ed2bab6153883ab723592f730a914567142b3fa435db3219f83a542dc7a4bd805af666ea865b853146f8e3a9fe870711f90d12b0693492af2a1edf99a16458f781f1266ec437a5296a822ca9d69ce844b5c59097a2a56f3eb8fd273a636116db774300922d45b744657a692f5e8bfbcb06d2422818aeb51e7cda68acfbeda16e7c79580dcccde24e8e3d601b16e063b43a6d0d1407552f7504f5be19882e4ffe32344f5f473e73a8f6ed37b0d8d9e5e0a0dc9828395bcbd8f3a4e3124869249d058be0e045de0b1e12b1c83ba0aa227c95b82bf742c3eac0152b33e6d19be8b33a35bf705daab10622a90aed022ea6e439ed50a9308437929924ba3ab111ad0caa6feb0a6eb165824ebdb0866571efc07e5222ed8686b14d9270bf76b945d52014:5cdb00e98de73eab480be42f8a8a6163809a0d37101b6a5a4eed6a0c92030d09a5562c729080ce6f6594c8fafb1f594772db7a90a9e7da15896e82f70569390de659e51d7b193c4b8e2b3ed73a9d7557ed2bab6153883ab723592f730a914567142b3fa435db3219f83a542dc7a4bd805af666ea865b853146f8e3a9fe870711f90d12b0693492af2a1edf99a16458f781f1266ec437a5296a822ca9d69ce844b5c59097a2a56f3eb8fd273a636116db774300922d45b744657a692f5e8bfbcb06d2422818aeb51e7cda68acfbeda16e7c79580dcccde24e8e3d601b16e063b43a6d0d1407552f7504f5be19882e4ffe32344f5f473e73a8f6ed37b0d8d9e5e0a0dc9828395bcbd8f3a4e3124869249d058be0e045de0b1e12b1c83ba0aa227c95b82bf742c3eac0152b33e6d19be8b33a35bf705daab10622a90aed022ea6e439ed50a9308437929924ba3ab111ad0caa6feb0a6eb165824ebdb0866571efc07e5222ed8686b14d9270bf76b945d52014: +9732059d7bf0200f5f30412430336be4ef1e3cae62938ad08729ce3ba714cfd40de8425f5e30b2b8aebb8072009a30cf0411c3c8238f4e4208760c56c33e434f:0de8425f5e30b2b8aebb8072009a30cf0411c3c8238f4e4208760c56c33e434f:1a13e7ab603b48eb896fe17173fb31950b0dcd5a35ffdbe1371c7a5bfba593317589d9652d88797729180b8d0e515abfe6548f160421e537d5c94aef2b34c7ebb097420003bc0f361b423e7e14630a803c118202540049f68c9cf46fae0368d162e400d77bb4523cf6c753b975c245bc99ed2f413a9d06c2da6ce0cc0987b6406b809e8eb319033d2de9131dee3b1b7b5c95d653ced8fccf998da1768511eca4d3c5f735adab96503b3551803e4922635095ef811be4c08a6cbac917cbe6cd91a4ae5a330ccec0e8e815371217a3de62f2d2d61466219833f33447132f4d43350c58cbaf422475edb128c56d80a495726b1fdbc56551eb72d0f4fec26ba8bff5eed6774b85039a5292834b5d1cc1b09ba0a3954d29323673f5e71276a12ac4c579355bf1ecca48e6a716b9fcecdc565c51b9:fba1749b641dd4df34664bc43c00468c7d75e84afad72de473fd1e9c87da15ea604fc2549a1a867fa80850e9c2a59cd99053886760a8d9764b84dd672676720d1a13e7ab603b48eb896fe17173fb31950b0dcd5a35ffdbe1371c7a5bfba593317589d9652d88797729180b8d0e515abfe6548f160421e537d5c94aef2b34c7ebb097420003bc0f361b423e7e14630a803c118202540049f68c9cf46fae0368d162e400d77bb4523cf6c753b975c245bc99ed2f413a9d06c2da6ce0cc0987b6406b809e8eb319033d2de9131dee3b1b7b5c95d653ced8fccf998da1768511eca4d3c5f735adab96503b3551803e4922635095ef811be4c08a6cbac917cbe6cd91a4ae5a330ccec0e8e815371217a3de62f2d2d61466219833f33447132f4d43350c58cbaf422475edb128c56d80a495726b1fdbc56551eb72d0f4fec26ba8bff5eed6774b85039a5292834b5d1cc1b09ba0a3954d29323673f5e71276a12ac4c579355bf1ecca48e6a716b9fcecdc565c51b9: +9c7f6f379e3857007e2ac6324cbbced57ac9eee4477813f83a81fc8cefa964d5a54ba396d687634d3eccf41c5782494f5f10a521a1e5d388523d80eeba5b0b2b:a54ba396d687634d3eccf41c5782494f5f10a521a1e5d388523d80eeba5b0b2b:3f2d3072fe7383e541551ea9abdbaeae6a464ae6b9f0ba786a441b2d08da5bcada3c5424dc6931d6b39523e2de0a0c2e4e6b5b8cda925e5eac938416a2c51bf13d49531d7ec7114b1c82feaf90f3f87591e397d02702f8ec1b30d99f5be7d2203e4fe4db2ea47e7b4589d8ac506248d7347466edbc96ea32bf3a6ea7502dd60c9e84902715ab2c6ca68f5b00e1d909d83aa6ab662d8aea870ecd861fec69f2eec0ae677d2995b0ed688faa8ef78244e0d1195697b07122ceaa11f5a6ea58fbdfa2e2ec2df9d18693ae96d47127556e91f0864982c13419b04a63f208e730d26951882aefe001bca3408bd9862748c6cc876c28cac3bb2eb3395818c2091e0fbd7a0b4468c6b0d00cd008c11c3c3ad01080a1f5a40ae2e4b0c3a071efc8e1d1ba6ace6d4df0ff19829b0c680b3aeb759177ed34:65685f9ca5982e15a22ba3c83a0348348482dfae57cea178f0780c057baebe4af632f984540a26019a7fb34253c9ece7ff308ada233ce0686347ab5b21ce570b3f2d3072fe7383e541551ea9abdbaeae6a464ae6b9f0ba786a441b2d08da5bcada3c5424dc6931d6b39523e2de0a0c2e4e6b5b8cda925e5eac938416a2c51bf13d49531d7ec7114b1c82feaf90f3f87591e397d02702f8ec1b30d99f5be7d2203e4fe4db2ea47e7b4589d8ac506248d7347466edbc96ea32bf3a6ea7502dd60c9e84902715ab2c6ca68f5b00e1d909d83aa6ab662d8aea870ecd861fec69f2eec0ae677d2995b0ed688faa8ef78244e0d1195697b07122ceaa11f5a6ea58fbdfa2e2ec2df9d18693ae96d47127556e91f0864982c13419b04a63f208e730d26951882aefe001bca3408bd9862748c6cc876c28cac3bb2eb3395818c2091e0fbd7a0b4468c6b0d00cd008c11c3c3ad01080a1f5a40ae2e4b0c3a071efc8e1d1ba6ace6d4df0ff19829b0c680b3aeb759177ed34: +a478f35abb73727b6be6ee5e56eec323c9517882fd6919360ebbbf5d5cb8b83a7a6e266a54d135dda0009ccda8a94a4712ae5cb14761e8436e97c4b7814d8e8c:7a6e266a54d135dda0009ccda8a94a4712ae5cb14761e8436e97c4b7814d8e8c:0173a34050b43748061ff8f5a3d7c43b6360847786e8bb75e536fb47b645b214f221ba24d83d28bc025024663e534f90f6e83a93d8bddeda2cd8808155652a908c437c2db6f3ed4912f57ca5b97928a73be964af59df4439854bb006fc295a87b7b72239c7fadfec40715509d98579daadfb8d524b4cec6620705efd4104c297144aea722974e12c5ecee5391ef2d93ac2b124e4ac496147c8b70363585d7078ccc53e2ae593350bc25548a0542526ab00afe477a0f4b27397c72bc74a8a8ab156e62b8bb47c3fbb4b34913e459687476bf33142c614702107ffe2cc01e25fa30275e1e2e63cea9168e4a47c02de097d4d853b27675c5bb330b94a974ead85e2bdee8ee17cbb5653346658df2f91f6bd739491dd71988b3a976a3e2e7a9d137410f4acba9feb5f11798c9a43b6adce14365a7c6d:9d16fd40b9f8dd9b4a1a8c6d703b9fccbb940b1e0ae77a5970374af0cf726f4479fd30d7dff5cf53494d9a296ab6b9e46ea6c136b4db2c71c21b97c1c8254d0a0173a34050b43748061ff8f5a3d7c43b6360847786e8bb75e536fb47b645b214f221ba24d83d28bc025024663e534f90f6e83a93d8bddeda2cd8808155652a908c437c2db6f3ed4912f57ca5b97928a73be964af59df4439854bb006fc295a87b7b72239c7fadfec40715509d98579daadfb8d524b4cec6620705efd4104c297144aea722974e12c5ecee5391ef2d93ac2b124e4ac496147c8b70363585d7078ccc53e2ae593350bc25548a0542526ab00afe477a0f4b27397c72bc74a8a8ab156e62b8bb47c3fbb4b34913e459687476bf33142c614702107ffe2cc01e25fa30275e1e2e63cea9168e4a47c02de097d4d853b27675c5bb330b94a974ead85e2bdee8ee17cbb5653346658df2f91f6bd739491dd71988b3a976a3e2e7a9d137410f4acba9feb5f11798c9a43b6adce14365a7c6d: +ffe825148c0959b3a68de86ad8e8af7fa5e078f363dc124213c90020da0c9089139152a0bd22962dd919ae3e0b1620e03c033c2ad0a3979ec6bcd1705e23d598:139152a0bd22962dd919ae3e0b1620e03c033c2ad0a3979ec6bcd1705e23d598:f125780d0cd088530f0c87b70bd42ebab56adb5ad4345f929ae5deae07fb55322153a8f023d38843bf5d6a93fe993eee71bc2ee563b25a50918f03efdb5dbf7269add69ded3e66953895620d9b6cf46ba2348f8d66d7f092235e378c1e3edfebeb78084bc8dea013f9933aae14a041948276d01f1cb5834b0e590e13d931d19292bb1d8041ff2fe2e1171a2e0b9a059821d0924dde7f3b1bb59813f5e3c63520aafb8801ba62c7097d4d8cf437a568a7f0087c6ea0fce6e568c4883f1cd12c749d06a6feb278f1086a8b04769921f78a9959062ab06f98ee80c2c7854ffa760f86a89ee1a51266053d195e61bb1dbd18dd89ff394e408ace0f641a395d56118ea72b7d8adf78b1655ecece7e8250e8a3a91cb8fca0d9ce0baf8980a387c5ed4318663280e5b4531f3187c47eaea7c329728ddd0e40:fe4e89ee31786c0a3d3de3649bb93f0b8aef1caf5a832ec5e4067810705adddf539b8f4e05ad08cf3479e45b42c96528f6d59a4625703ddbf15b63093965d80df125780d0cd088530f0c87b70bd42ebab56adb5ad4345f929ae5deae07fb55322153a8f023d38843bf5d6a93fe993eee71bc2ee563b25a50918f03efdb5dbf7269add69ded3e66953895620d9b6cf46ba2348f8d66d7f092235e378c1e3edfebeb78084bc8dea013f9933aae14a041948276d01f1cb5834b0e590e13d931d19292bb1d8041ff2fe2e1171a2e0b9a059821d0924dde7f3b1bb59813f5e3c63520aafb8801ba62c7097d4d8cf437a568a7f0087c6ea0fce6e568c4883f1cd12c749d06a6feb278f1086a8b04769921f78a9959062ab06f98ee80c2c7854ffa760f86a89ee1a51266053d195e61bb1dbd18dd89ff394e408ace0f641a395d56118ea72b7d8adf78b1655ecece7e8250e8a3a91cb8fca0d9ce0baf8980a387c5ed4318663280e5b4531f3187c47eaea7c329728ddd0e40: +49aff421a7cd12722aa84c48c1fb1c5f8d9e277d0a99ecbc9348c3aaa74be42288d2c26266f493bc67578ca0b1f51160cf0fdb6a09a906db9faa686f11f8208d:88d2c26266f493bc67578ca0b1f51160cf0fdb6a09a906db9faa686f11f8208d:70a1ac144b75fda75586a79c36fd39cce5f5cae2e6375852d3b62a9630336a293ea6d2ac6e5b57da21ef364a595bb0750f5bf4d2b320676423870e4b8e0869601f16680619048c4ede276da69f205a70176e25ea04bd089763e709ba343fc8831e52044eabf9441e6997f8ba1aeb9ef0f491170667a7f5fc9627cbd0551b76be27283a4b0c5f667846688226a115ee8020df08042b19b59fe551316a6cb6916860b9ecd74154b4051038a17352372ec14d3c957d2ef50ff786189a8aeb9c08f45eeb5eb8b040339974aa9798c425d7becb228c447a6d0b3cef271893e0f7076e223a7e87c6a3d270a033bc97a4565edce0aa91ffc3f7801775a6f29b230245bd71fa034353de372395d1bfcbdebba081330f7c076be99c2cf4867f15b78d52f46fc7391c9cb95e5d64643baffe72a8e3a650667fbb3e:749181284df05dbe5974b91782a1a76ea08642cb0f0c98db586c575c210cdc8b651bd34b757ae38e4b6be9465235bd0eca430e26c3eede561c6e824dfa200e0a70a1ac144b75fda75586a79c36fd39cce5f5cae2e6375852d3b62a9630336a293ea6d2ac6e5b57da21ef364a595bb0750f5bf4d2b320676423870e4b8e0869601f16680619048c4ede276da69f205a70176e25ea04bd089763e709ba343fc8831e52044eabf9441e6997f8ba1aeb9ef0f491170667a7f5fc9627cbd0551b76be27283a4b0c5f667846688226a115ee8020df08042b19b59fe551316a6cb6916860b9ecd74154b4051038a17352372ec14d3c957d2ef50ff786189a8aeb9c08f45eeb5eb8b040339974aa9798c425d7becb228c447a6d0b3cef271893e0f7076e223a7e87c6a3d270a033bc97a4565edce0aa91ffc3f7801775a6f29b230245bd71fa034353de372395d1bfcbdebba081330f7c076be99c2cf4867f15b78d52f46fc7391c9cb95e5d64643baffe72a8e3a650667fbb3e: +703a6e2b62d0090c61d8659b6a963e03c9d62c1b38f7d70e5f9ff05590cd0360370c21de6ef2fab534ada999869c90bc9b92ccbf249b79d39d95441d1ede210a:370c21de6ef2fab534ada999869c90bc9b92ccbf249b79d39d95441d1ede210a:d42a1756e84df4b4e9773f86f7674a2cd78e71e40aa8f644e6702dfbc2c2c5ca90fc242e9cb0099cc8f2c2d3136baafc0ff695482fdacdef9f565610b6e1900722f435c6385b35e9f6c436ca037e03f64e2233dffa58db3b91cc1daa0bb0c54c8a43e469d2cff7fa2bf8f5d1d877931089c82ed89aba42f2ee2b86e445cfd09f4cd78b35191bf467e784eef75dc987e046d37d4d4e8e9bbe14af80d03a1f40898384b9d3279fac9c57fd9c7eecbe19a5acc15033b84e07fd0e409bdbd5a57f65641183a6c0a8ec426d1f1d223166ff0a1900b2e92b7d85835d019d17775e5093ccd126f90f63cb7d15cbeb531324219cd64ded6714b21a65371af07210dfdf0e4e58ddc7d59f4cfa65c421d814ee2c9bf6dbf64873d579b09ee5dcedd733063e039ac9a5f9ca4c2525a4cc8e984da7185e2d64fad81c8a:e5fd64da028800c6ceed068a5e596f1621c70a8cb138b31b32647eb4b07bd2ecc5942c18844f367033f67398e314ba2c7ccf299c069787777025d845f2aad60ed42a1756e84df4b4e9773f86f7674a2cd78e71e40aa8f644e6702dfbc2c2c5ca90fc242e9cb0099cc8f2c2d3136baafc0ff695482fdacdef9f565610b6e1900722f435c6385b35e9f6c436ca037e03f64e2233dffa58db3b91cc1daa0bb0c54c8a43e469d2cff7fa2bf8f5d1d877931089c82ed89aba42f2ee2b86e445cfd09f4cd78b35191bf467e784eef75dc987e046d37d4d4e8e9bbe14af80d03a1f40898384b9d3279fac9c57fd9c7eecbe19a5acc15033b84e07fd0e409bdbd5a57f65641183a6c0a8ec426d1f1d223166ff0a1900b2e92b7d85835d019d17775e5093ccd126f90f63cb7d15cbeb531324219cd64ded6714b21a65371af07210dfdf0e4e58ddc7d59f4cfa65c421d814ee2c9bf6dbf64873d579b09ee5dcedd733063e039ac9a5f9ca4c2525a4cc8e984da7185e2d64fad81c8a: +76849c188e3edd0ff5f8fb874dc0456645518445e41a7d6833e616c3c48c9868d670e2ea07db60c22ab79a93ebf49d22a6245ee3af07b3be584eda694c37729e:d670e2ea07db60c22ab79a93ebf49d22a6245ee3af07b3be584eda694c37729e:1eccb0bc8eca3ab5bee68c5f8caa34536766c705f50827db7ac375d4fe30b58ffb7e2fe490cc71a8ff86c006d6174d05793ab8a55dd51b06de417bc0ac452cdc7cfb0bb00362b6765d20db23eb1848027064a1d9091d3b10ed776f28b76768bdfc08f0bc511f76faeba76cfc4cb5c83dc9ebe8a8d79edca923eccd524009cafedc90e3ad87d1392e1fccf4e60ccab95dc0ab54bf44245a007a96d46634b1b2965b829c3d7daa765972b54a7b365b6f34d77d7176acd8d894f6b417091b6c00edb7a4e81379988bfcecb692e9c3c4310a7e240e5c1063cde113f22a684a50a112ff47d3898812efb92637072b86163ad89316d221195acbfad0a03a1fbc2d967fe83f84c8459fccd490b9c5b3e55d27e9484e943c417f2128d73701da28f49fd3683f33a39cdee234bd305b9491e2f3eb621be3dd1dbbb31b:7141399d51daa6eb4519bf3f01b233920fa908fefa612f0cd7d5af8a9a3c44190e3f6384a8d14d37c97030ef5018cf8aee8aeb1569a73d84862a59b7df72fe091eccb0bc8eca3ab5bee68c5f8caa34536766c705f50827db7ac375d4fe30b58ffb7e2fe490cc71a8ff86c006d6174d05793ab8a55dd51b06de417bc0ac452cdc7cfb0bb00362b6765d20db23eb1848027064a1d9091d3b10ed776f28b76768bdfc08f0bc511f76faeba76cfc4cb5c83dc9ebe8a8d79edca923eccd524009cafedc90e3ad87d1392e1fccf4e60ccab95dc0ab54bf44245a007a96d46634b1b2965b829c3d7daa765972b54a7b365b6f34d77d7176acd8d894f6b417091b6c00edb7a4e81379988bfcecb692e9c3c4310a7e240e5c1063cde113f22a684a50a112ff47d3898812efb92637072b86163ad89316d221195acbfad0a03a1fbc2d967fe83f84c8459fccd490b9c5b3e55d27e9484e943c417f2128d73701da28f49fd3683f33a39cdee234bd305b9491e2f3eb621be3dd1dbbb31b: +83ae48ad70da0bb3cdf87481ee2c0c8571c2ca986712f8bc2329e9a3e33383c5b785309000df95f5a04f7d89c4113301057adaeeb29bcd28d99371b537bba2f6:b785309000df95f5a04f7d89c4113301057adaeeb29bcd28d99371b537bba2f6:b7521d3f71c679fa7037fe7488a641f6b97c49454acc8e36b903d8f9ebb54d89cb56efd19e04ba6a7c8f48a7d3ec9decd3f1cd0faf6e978118e6adce9c6c6be63c6a6a1ae21651828479a46bc9a0f7943040f940a0d470c8e577c5d575cb53c1bf3ab1feb050dcb6fef0ba4447f299fdb9f27ecb0714ecfefd74bad7b122a462c24a209848a03389074578c5bdc36396d809b0f14018da64917e6bf87ef405c8f3e333ff9c3baf6339667620794bb4743f0514b5de7d7fdd947a7e3501ee88efad159e33a1072fbb99c7c71e9d13a502d5a07c4f817eeb7f0c5319aa41a96d5ff4f15a73c29b571fe211090e172c8db518624612a5c371a9d7cef6de35ebef96e88e1a78af3bd5dd35251ab54d73718f3e70d2d59021531dc73184f0fc69c2e92965844ec27c1c02af5e9a3469de355db2256e0ec2a4eba30a:43332351d3fb7b45fcf37c607d442ea80dbda2cb69c2884f424e65ea3a331ed8472d4368405cb736b2d6685ad782e239fe833ed789a2923185166f608342ee05b7521d3f71c679fa7037fe7488a641f6b97c49454acc8e36b903d8f9ebb54d89cb56efd19e04ba6a7c8f48a7d3ec9decd3f1cd0faf6e978118e6adce9c6c6be63c6a6a1ae21651828479a46bc9a0f7943040f940a0d470c8e577c5d575cb53c1bf3ab1feb050dcb6fef0ba4447f299fdb9f27ecb0714ecfefd74bad7b122a462c24a209848a03389074578c5bdc36396d809b0f14018da64917e6bf87ef405c8f3e333ff9c3baf6339667620794bb4743f0514b5de7d7fdd947a7e3501ee88efad159e33a1072fbb99c7c71e9d13a502d5a07c4f817eeb7f0c5319aa41a96d5ff4f15a73c29b571fe211090e172c8db518624612a5c371a9d7cef6de35ebef96e88e1a78af3bd5dd35251ab54d73718f3e70d2d59021531dc73184f0fc69c2e92965844ec27c1c02af5e9a3469de355db2256e0ec2a4eba30a: +39e56a65623a0aebade0da12ce1df378bc924073f73a549effaebc465d1a78e283da8ad50bad09eb3e94c725df3cc3a119736adc859ca1a10503f48ff2fec596:83da8ad50bad09eb3e94c725df3cc3a119736adc859ca1a10503f48ff2fec596:a96dc2ea3fa1351492a4619d9194681f8ec400a97158244482653838ccb7e156a82d564368f83a6ee1be46bc34b817200e8464c3d12b5ef2c50b19565b881c4c3d4563fb947eb47c3ee9c1ee7853269874455bfacba305f307d1ac5309eeae5c07fa5c4d428edbc8b9528c4415243a9ef580aff8fcfb12000a71fceee89de97f90279529bcc822ed3cb34c82ba5fec15f4945663636d67b5feceacc31d25f98aea07f7800d5a1034251cb91dd0963ec2c1a54773a4d96c18357f8d101de58e932f8c6cdde8e3cfcef5a7443fdba7b78320403c0196844724a612183e34bdd808ce7b958861ca37115730eaede1fd0baabe976efefd0365fdf926776c536f47ff80de5c18291bb7e9f1b913ffd1d94468b789752fae6ca897c0cca53ef1e731d00c8bdbe8929ea6b1dce1f31a20688d37b0f3a2b4153b306bdba1:398e8260011f57d8ac8c58d5457bc652c7414aaf6fb2f426b7899056605c0afc28392423b2b571f5e6c3c7f6d60245e53ebd03bdc5ad3c1ad8738cb32214d00fa96dc2ea3fa1351492a4619d9194681f8ec400a97158244482653838ccb7e156a82d564368f83a6ee1be46bc34b817200e8464c3d12b5ef2c50b19565b881c4c3d4563fb947eb47c3ee9c1ee7853269874455bfacba305f307d1ac5309eeae5c07fa5c4d428edbc8b9528c4415243a9ef580aff8fcfb12000a71fceee89de97f90279529bcc822ed3cb34c82ba5fec15f4945663636d67b5feceacc31d25f98aea07f7800d5a1034251cb91dd0963ec2c1a54773a4d96c18357f8d101de58e932f8c6cdde8e3cfcef5a7443fdba7b78320403c0196844724a612183e34bdd808ce7b958861ca37115730eaede1fd0baabe976efefd0365fdf926776c536f47ff80de5c18291bb7e9f1b913ffd1d94468b789752fae6ca897c0cca53ef1e731d00c8bdbe8929ea6b1dce1f31a20688d37b0f3a2b4153b306bdba1: +4b9921852f409a323ae38175e8d76a211fc4d9c654178eea3baa7a767a6fda064c723e436b6bd97f44af52503b21cc50d5f6ad6cfc8288345dde8054e995582e:4c723e436b6bd97f44af52503b21cc50d5f6ad6cfc8288345dde8054e995582e:3f33d8fb83e68741090a37bedd745cf141aaaed8c92ffa742a52561777885805ace14246ab98a8cb598c9ce3de9b29bae5fa04b1cf828de11aff80a7ef8a3a38aede4f3c3563a25d049badcad5ed7e47fdbba6e111307eebe9ef4906bc989728b76e84afe808e6653b271e21104aa665f1898dd2aab23090e22b4e344a2616fbd8ee4ad8ed8108395eba817fbd14fec5c17dcf56b8220856b2b833e091407d5089b35ddf34b86ff7dc9fde52b21ef12176ef3370b7f3a0a8cb1b058a51aefff3d279d80f51a68bfb592587b45c5c63a7e4d625b887de486a118316c3b6a238575f92ac5b1c94c3f5dbbd96686000d6d39cccd558d420e4d447a8cbc4bc7b8c6a03af0f0034fb3518d93800f0f713e4b13732e16ada51801d7e559cf839d1058f64955698311399345416850dddcc5601a684fd09e6afd3944f5e19:cbf1f1642df950eb71fd09590d34c265922c58bd8026bba3fc0e594a6bb1f2b90da3dc1d5f6b6d5b405a896d1dbb71b8685c4dfc444acaffe65ab8331789f5073f33d8fb83e68741090a37bedd745cf141aaaed8c92ffa742a52561777885805ace14246ab98a8cb598c9ce3de9b29bae5fa04b1cf828de11aff80a7ef8a3a38aede4f3c3563a25d049badcad5ed7e47fdbba6e111307eebe9ef4906bc989728b76e84afe808e6653b271e21104aa665f1898dd2aab23090e22b4e344a2616fbd8ee4ad8ed8108395eba817fbd14fec5c17dcf56b8220856b2b833e091407d5089b35ddf34b86ff7dc9fde52b21ef12176ef3370b7f3a0a8cb1b058a51aefff3d279d80f51a68bfb592587b45c5c63a7e4d625b887de486a118316c3b6a238575f92ac5b1c94c3f5dbbd96686000d6d39cccd558d420e4d447a8cbc4bc7b8c6a03af0f0034fb3518d93800f0f713e4b13732e16ada51801d7e559cf839d1058f64955698311399345416850dddcc5601a684fd09e6afd3944f5e19: +1bff652a2c8309a393ac11da3aa97fb078bb284ed5e1b8ccc983652ef8556cd0aaabdc091fc3682354201744e9b73fd2a6cfb281914bf2c70ec3dc1dec7216b0:aaabdc091fc3682354201744e9b73fd2a6cfb281914bf2c70ec3dc1dec7216b0:48d02698a97bdcb3ef078dcfcf5750005f1702d300e7e89bc436e381113401f852b8b4acff60ffbd4ab46d202168d98b8735e79cb350e35b070ff6bdcafd954b551969b6b1a70c9131ebd40d96140291d8d2b091540a8b18d8e5465915c25dbc6b5c9a687942533c372c8b4e95a953677169b950edd3464375cd43132ff9bd541ee22bd418ce23195f65d8b289f633ec8d71e1a801b06c3c827f627e723d2199100ce73e8e4a4440e778317a474910793b47b10ffb55db7f281c7d7a033bd80048b82673b87cf95e99422ba628688f3c971890ca15d12f572fa1977a17307069da304ead3026eb01042668890d17008cd1e92c46cbe9c857e7193de3aba3911e4f86fe0a1698ab7cdb9251a8424b2848b96ad81ea239d365fdea92ea5c0473d0a6bb1e371356bdfad2d0350336d3e1947c936fd0c25195445011731b:93c9c33493fc64172d51e16a0a1cd729a0d99e3cb864e89a42987f39dd8cd26545fdfe37581911e803677da4c55b0a683ddf62b728f8f30685ae58f628ebe60948d02698a97bdcb3ef078dcfcf5750005f1702d300e7e89bc436e381113401f852b8b4acff60ffbd4ab46d202168d98b8735e79cb350e35b070ff6bdcafd954b551969b6b1a70c9131ebd40d96140291d8d2b091540a8b18d8e5465915c25dbc6b5c9a687942533c372c8b4e95a953677169b950edd3464375cd43132ff9bd541ee22bd418ce23195f65d8b289f633ec8d71e1a801b06c3c827f627e723d2199100ce73e8e4a4440e778317a474910793b47b10ffb55db7f281c7d7a033bd80048b82673b87cf95e99422ba628688f3c971890ca15d12f572fa1977a17307069da304ead3026eb01042668890d17008cd1e92c46cbe9c857e7193de3aba3911e4f86fe0a1698ab7cdb9251a8424b2848b96ad81ea239d365fdea92ea5c0473d0a6bb1e371356bdfad2d0350336d3e1947c936fd0c25195445011731b: +002fdd1f7641793ab064bb7aa848f762e7ec6e332ffc26eeacda141ae33b178377d1d8ebacd13f4e2f8a40e28c4a63bc9ce3bfb69716334bcb28a33eb134086c:77d1d8ebacd13f4e2f8a40e28c4a63bc9ce3bfb69716334bcb28a33eb134086c:5ac1dfc324f43e6cb79a87ab0470fa857b51fb944982e19074ca44b1e40082c1d07b92efa7ea55ad42b7c027e0b9e33756d95a2c1796a7c2066811dc41858377d4b835c1688d638884cd2ad8970b74c1a54aadd27064163928a77988b24403aa85af82ceab6b728e554761af7175aeb99215b7421e4474c04d213e01ff03e3529b11077cdf28964b8c49c5649e3a46fa0a09dcd59dcad58b9b922a83210acd5e65065531400234f5e40cddcf9804968e3e9ac6f5c44af65001e158067fc3a660502d13fa8874fa93332138d9606bc41b4cee7edc39d753dae12a873941bb357f7e92a4498847d6605456cb8c0b425a47d7d3ca37e54e903a41e6450a35ebe5237c6f0c1bbbc1fd71fb7cd893d189850295c199b7d88af26bc8548975fda1099ffefee42a52f3428ddff35e0173d3339562507ac5d2c45bbd2c19cfe89b:0df3aa0d0999ad3dc580378f52d152700d5b3b057f56a66f92112e441e1cb9123c66f18712c87efe22d2573777296241216904d7cdd7d5ea433928bd2872fa0c5ac1dfc324f43e6cb79a87ab0470fa857b51fb944982e19074ca44b1e40082c1d07b92efa7ea55ad42b7c027e0b9e33756d95a2c1796a7c2066811dc41858377d4b835c1688d638884cd2ad8970b74c1a54aadd27064163928a77988b24403aa85af82ceab6b728e554761af7175aeb99215b7421e4474c04d213e01ff03e3529b11077cdf28964b8c49c5649e3a46fa0a09dcd59dcad58b9b922a83210acd5e65065531400234f5e40cddcf9804968e3e9ac6f5c44af65001e158067fc3a660502d13fa8874fa93332138d9606bc41b4cee7edc39d753dae12a873941bb357f7e92a4498847d6605456cb8c0b425a47d7d3ca37e54e903a41e6450a35ebe5237c6f0c1bbbc1fd71fb7cd893d189850295c199b7d88af26bc8548975fda1099ffefee42a52f3428ddff35e0173d3339562507ac5d2c45bbd2c19cfe89b: +25b0f0bb3dcb422a6f3c6c220eaadb11dbfe489c2d455b276cefe8cba057f9f3fe03c9c4394adc74b13f47654bead8bc855958b4194fdab2097ac1b157933c05:fe03c9c4394adc74b13f47654bead8bc855958b4194fdab2097ac1b157933c05:54d99f969efa8870fc20fa9a962bb372619c324439728af3139c2a07e8c1b29c1e4eedc2d40ba722f63ce37670362af6f5202add668c4fb4d62fa8bacbc7d07ff3bd38c15a01064259cc34134861632967460541a99b8d5182bf59347b5a59879aa3b091a1f3e04135bd6301be5226d4895e5e9c2b15e48e5ecdf44129e6122853a606fc118466fa720b5ab165635c3bde04d74289274fa03547accbde780e1fa0bf2c56f8436a53e73878a424a29aa9de385dba419ae6a5d12e004276152b58d325b302400a55333c38cde4908ae1d0121cbeca950809c543314277c1485e68d9f9c0a962d1b1e0dda1d4a52b56f8308a80b92acc9f4ebc3ed45d91a129da8675621af676703def3b84113183b2e3a8c56157f243f13980f3d1756fea7668c91503d35c839a2120c79ec954fb546d7b542f987289534ffdef62d47fd5ec:da50d5242bf51c3951780cafd926d67bdf5640d5d3bb08433831d56e48e2592a1c375968bb4d2fbea56145abf2d82991363b1565fa1effe214011a686e39950e54d99f969efa8870fc20fa9a962bb372619c324439728af3139c2a07e8c1b29c1e4eedc2d40ba722f63ce37670362af6f5202add668c4fb4d62fa8bacbc7d07ff3bd38c15a01064259cc34134861632967460541a99b8d5182bf59347b5a59879aa3b091a1f3e04135bd6301be5226d4895e5e9c2b15e48e5ecdf44129e6122853a606fc118466fa720b5ab165635c3bde04d74289274fa03547accbde780e1fa0bf2c56f8436a53e73878a424a29aa9de385dba419ae6a5d12e004276152b58d325b302400a55333c38cde4908ae1d0121cbeca950809c543314277c1485e68d9f9c0a962d1b1e0dda1d4a52b56f8308a80b92acc9f4ebc3ed45d91a129da8675621af676703def3b84113183b2e3a8c56157f243f13980f3d1756fea7668c91503d35c839a2120c79ec954fb546d7b542f987289534ffdef62d47fd5ec: +bf5ba5d6a49dd5ef7b4d5d7d3e4ecc505c01f6ccee4c54b5ef7b40af6a4541401be034f813017b900d8990af45fad5b5214b573bd303ef7a75ef4b8c5c5b9842:1be034f813017b900d8990af45fad5b5214b573bd303ef7a75ef4b8c5c5b9842:16152c2e037b1c0d3219ced8e0674aee6b57834b55106c5344625322da638ecea2fc9a424a05ee9512d48fcf75dd8bd4691b3c10c28ec98ee1afa5b863d1c36795ed18105db3a9aabd9d2b4c1747adbaf1a56ffcc0c533c1c0faef331cdb79d961fa39f880a1b8b1164741822efb15a7259a465bef212855751fab66a897bfa211abe0ea2f2e1cd8a11d80e142cde1263eec267a3138ae1fcf4099db0ab53d64f336f4bcd7a363f6db112c0a2453051a0006f813aaf4ae948a2090619374fa58052409c28ef76225687df3cb2d1b0bfb43b09f47f1232f790e6d8dea759e57942099f4c4bd3390f28afc2098244961465c643fc8b29766af2bcbc5440b86e83608cfc937be98bb4827fd5e6b689adc2e26513db531076a6564396255a09975b7034dac06461b255642e3a7ed75fa9fc265011f5f6250382a84ac268d63ba64:279cace6fdaf3945e3837df474b28646143747632bede93e7a66f5ca291d2c24978512ca0cb8827c8c322685bd605503a5ec94dbae61bbdcae1e49650602bc0716152c2e037b1c0d3219ced8e0674aee6b57834b55106c5344625322da638ecea2fc9a424a05ee9512d48fcf75dd8bd4691b3c10c28ec98ee1afa5b863d1c36795ed18105db3a9aabd9d2b4c1747adbaf1a56ffcc0c533c1c0faef331cdb79d961fa39f880a1b8b1164741822efb15a7259a465bef212855751fab66a897bfa211abe0ea2f2e1cd8a11d80e142cde1263eec267a3138ae1fcf4099db0ab53d64f336f4bcd7a363f6db112c0a2453051a0006f813aaf4ae948a2090619374fa58052409c28ef76225687df3cb2d1b0bfb43b09f47f1232f790e6d8dea759e57942099f4c4bd3390f28afc2098244961465c643fc8b29766af2bcbc5440b86e83608cfc937be98bb4827fd5e6b689adc2e26513db531076a6564396255a09975b7034dac06461b255642e3a7ed75fa9fc265011f5f6250382a84ac268d63ba64: +65de297b70cbe80980500af0561a24db50001000125f4490366d8300d3128592ba8e2ad929bdcea538741042b57f2067d3153707a453770db9f3c4ca75504d24:ba8e2ad929bdcea538741042b57f2067d3153707a453770db9f3c4ca75504d24:131d8f4c2c94b153565b86592e770c987a443461b39aa2408b29e213ab057affc598b583739d6603a83fef0afc514721db0e76f9bd1b72b98c565cc8881af5747c0ba6f58c53dd2377da6c0d3aa805620cc4e75d52aabcba1f9b2849e08bd1b6b92e6f06615b814519606a02dc65a8609f5b29e9c2af5a894f7116ef28cfd1e7b76b64061732f7a5a3f8aa4c2e569e627a3f9749aa597be49d6b94436c352dd5fa7b83c92d2610faa32095ca302152d91a3c9776750e758ee8e9e402c6f5385eaa5df23850e54beb1be437a416c7115ed6aa6de13b55482532787e0bee34b83f3084406765635497c931b62a0518f1fbc2b891dc7262c7c6b67eda594fa530d74c9329bad5be94c287fbcde53aa80272b83322613d9368e5904076fdbcc88b2c0e59c10b02c448e00d1b3e7a9c9640feffb9523a8a60e1d83f04a4b8df69153b:7a9b736b01cc92a3349f1a3c32dbd91959825394ff443c567405e899c8185ce8fad9500e1fce89d95a6253c00477435acf04bff993de1b00495def0834ee1f07131d8f4c2c94b153565b86592e770c987a443461b39aa2408b29e213ab057affc598b583739d6603a83fef0afc514721db0e76f9bd1b72b98c565cc8881af5747c0ba6f58c53dd2377da6c0d3aa805620cc4e75d52aabcba1f9b2849e08bd1b6b92e6f06615b814519606a02dc65a8609f5b29e9c2af5a894f7116ef28cfd1e7b76b64061732f7a5a3f8aa4c2e569e627a3f9749aa597be49d6b94436c352dd5fa7b83c92d2610faa32095ca302152d91a3c9776750e758ee8e9e402c6f5385eaa5df23850e54beb1be437a416c7115ed6aa6de13b55482532787e0bee34b83f3084406765635497c931b62a0518f1fbc2b891dc7262c7c6b67eda594fa530d74c9329bad5be94c287fbcde53aa80272b83322613d9368e5904076fdbcc88b2c0e59c10b02c448e00d1b3e7a9c9640feffb9523a8a60e1d83f04a4b8df69153b: +0826e7333324e7ec8c764292f6015d4670e9b8d7c4a89e8d909e8ef435d18d15ffb2348ca8a018058be71d1512f376f91e8b0d552581254e107602217395e662:ffb2348ca8a018058be71d1512f376f91e8b0d552581254e107602217395e662:7f9e3e2f03c9df3d21b990f5a4af8295734afe783accc34fb1e9b8e95a0fd837af7e05c13cda0de8fadac9205265a0792b52563bdc2fee766348befcc56b88bbb95f154414fb186ec436aa62ea6fcabb11c017a9d2d15f67e595980e04c9313bc94fbc8c1134c2f40332bc7e311ac1ce11b505f8572ada7fbe196fba822d9a914492fa7185e9f3bea4687200a524c673a1cdf87eb3a140dcdb6a8875613488a2b00adf7175341c1c257635fa1a53a3e21d60c228399eea0991f112c60f653d7148e2c5ceb98f940831f070db1084d79156cc82c46bc9b8e884f3fa81be2da4cdda46bcaa24cc461f76ee647bb0f0f8c15ac5daa795b945e6f85bb310362e48d8095c782c61c52b481b4b002ad06ea74b8d306eff71abf21db710a8913cbe48332be0a0b3f31e0c7a6eba85ce33f357c7aeccd30bfb1a6574408b66fe404d31c3c5:4bac7fabec8724d81ab09ae130874d70b5213492104372f601ae5abb10532799373c4dad215876441f474e2c006be37c3c8f5f6f017d0870414fd276a8f428087f9e3e2f03c9df3d21b990f5a4af8295734afe783accc34fb1e9b8e95a0fd837af7e05c13cda0de8fadac9205265a0792b52563bdc2fee766348befcc56b88bbb95f154414fb186ec436aa62ea6fcabb11c017a9d2d15f67e595980e04c9313bc94fbc8c1134c2f40332bc7e311ac1ce11b505f8572ada7fbe196fba822d9a914492fa7185e9f3bea4687200a524c673a1cdf87eb3a140dcdb6a8875613488a2b00adf7175341c1c257635fa1a53a3e21d60c228399eea0991f112c60f653d7148e2c5ceb98f940831f070db1084d79156cc82c46bc9b8e884f3fa81be2da4cdda46bcaa24cc461f76ee647bb0f0f8c15ac5daa795b945e6f85bb310362e48d8095c782c61c52b481b4b002ad06ea74b8d306eff71abf21db710a8913cbe48332be0a0b3f31e0c7a6eba85ce33f357c7aeccd30bfb1a6574408b66fe404d31c3c5: +00ad6227977b5f38ccda994d928bba9086d2daeb013f8690db986648b90c1d4591a4ea005752b92cbebf99a8a5cbecd240ae3f016c44ad141b2e57ddc773dc8e:91a4ea005752b92cbebf99a8a5cbecd240ae3f016c44ad141b2e57ddc773dc8e:cb5bc5b98b2efce43543e91df041e0dbb53ed8f67bf0f197c52b2211e7a45e2e1ec818c1a80e10abf6a43535f5b79d974d8ae28a2295c0a6521763b607d5103c6aef3b2786bd5afd7563695660684337bc3090739fb1cd53a9d644139b6d4caec75bda7f2521fbfe676ab45b98cb317aa7ca79fc54a3d7c578466a6aa64e434e923465a7f211aa0c61681bb8486e90206a25250d3fdae6fb03299721e99e2a914910d91760089b5d281e131e6c836bc2de08f7e02c48d323c647e9536c00ec1039201c0362618c7d47aa8e7b9715ffc439987ae1d31154a6198c5aa11c128f4082f556c99baf103ecadc3b2f3b2ec5b469623bc03a53caf3814b16300aedbda538d676d1f607102639db2a62c446707ce6469bd873a0468225be88b0aef5d4020459b94b32fe2b0133e92e7ba54dd2a5397ed85f966ab39ed0730cca8e7dacb8a336:dc501db79fd782bc88cae792557d5d273f9ba560c7d90037fe84ac879d684f612a77452c4443e95c07b8be192c35769b17bbdfca42280de796d92119d833670dcb5bc5b98b2efce43543e91df041e0dbb53ed8f67bf0f197c52b2211e7a45e2e1ec818c1a80e10abf6a43535f5b79d974d8ae28a2295c0a6521763b607d5103c6aef3b2786bd5afd7563695660684337bc3090739fb1cd53a9d644139b6d4caec75bda7f2521fbfe676ab45b98cb317aa7ca79fc54a3d7c578466a6aa64e434e923465a7f211aa0c61681bb8486e90206a25250d3fdae6fb03299721e99e2a914910d91760089b5d281e131e6c836bc2de08f7e02c48d323c647e9536c00ec1039201c0362618c7d47aa8e7b9715ffc439987ae1d31154a6198c5aa11c128f4082f556c99baf103ecadc3b2f3b2ec5b469623bc03a53caf3814b16300aedbda538d676d1f607102639db2a62c446707ce6469bd873a0468225be88b0aef5d4020459b94b32fe2b0133e92e7ba54dd2a5397ed85f966ab39ed0730cca8e7dacb8a336: +1521c6dbd6f724de73eaf7b56264f01035c04e01c1f3eb3cbe83efd26c439ada2f61a26ffb68ba4f6e141529dc2617e8531c7151404808093b4fa7fedaea255d:2f61a26ffb68ba4f6e141529dc2617e8531c7151404808093b4fa7fedaea255d:3e3c7c490788e4b1d42f5cbcae3a9930bf617ebdff447f7be2ac2ba7cd5bcfc015760963e6fe5b956fb7cdb35bd5a17f5429ca664f437f08753a741c2bc8692b71a9115c582a25b2f74d329854d60b7817c079b3523aaff8793c2f72fff8cd10592c54e738df1d6452fb72da131c6731ea5c953c62ea177ac1f4735e5154477387109afae15f3ed6eeb08606e28c81d4386f03b9376924b6ef8d221ee29547f82a7ede48e1dc17723e3d42171eeaf96ac84bedc2a01dd86f4d085734fd69f91b5263e439083ff0318536adff4147308e3aafd1b58bb74f6fb0214a46fdcd3524f18df5a719ce57319e791b4ea606b499bfa57a60e707f94e18f1fed22f91bc79e6364a843f9cbf93825c465e9cae9072bc9d3ec4471f21ab2f7e99a633f587aac3db78ae9666a89a18008dd61d60218554411a65740ffd1ae3adc06595e3b7876407b6:a817ed23ec398a128601c1832dc6af7643bf3a5f517bcc579450fdb4759028f4966164125f6ebd0d6bf86ff298a39c766d0c21fdb0cbfdf81cd0eb1f03cd8a083e3c7c490788e4b1d42f5cbcae3a9930bf617ebdff447f7be2ac2ba7cd5bcfc015760963e6fe5b956fb7cdb35bd5a17f5429ca664f437f08753a741c2bc8692b71a9115c582a25b2f74d329854d60b7817c079b3523aaff8793c2f72fff8cd10592c54e738df1d6452fb72da131c6731ea5c953c62ea177ac1f4735e5154477387109afae15f3ed6eeb08606e28c81d4386f03b9376924b6ef8d221ee29547f82a7ede48e1dc17723e3d42171eeaf96ac84bedc2a01dd86f4d085734fd69f91b5263e439083ff0318536adff4147308e3aafd1b58bb74f6fb0214a46fdcd3524f18df5a719ce57319e791b4ea606b499bfa57a60e707f94e18f1fed22f91bc79e6364a843f9cbf93825c465e9cae9072bc9d3ec4471f21ab2f7e99a633f587aac3db78ae9666a89a18008dd61d60218554411a65740ffd1ae3adc06595e3b7876407b6: +17e5f0a8f34751babc5c723ecf339306992f39ea065ac140fcbc397d2dd32c4b4f1e23cc0f2f69c88ef9162ab5f8c59fb3b8ab2096b77e782c63c07c8c4f2b60:4f1e23cc0f2f69c88ef9162ab5f8c59fb3b8ab2096b77e782c63c07c8c4f2b60:c0fad790024019bd6fc08a7a92f5f2ac35cf6432e2eaa53d482f6e1204935336cb3ae65a63c24d0ec6539a10ee18760f2f520537774cdec6e96b55536011daa8f8bcb9cdaf6df5b34648448ac7d7cb7c6bd80d67fbf330f8765297766046a925ab52411d1604c3ed6a85173040125658a32cf4c854ef2813df2be6f3830e5eee5a6163a83ca8849f612991a31e9f88028e50bf8535e11755fad029d94cf25959f6695d09c1ba4315d40f7cf51b3f8166d02faba7511ecd8b1dded5f10cd6843455cff707ed225396c61d0820d20ada70d0c3619ff679422061c9f7c76e97d5a37af61fd62212d2dafc647ebbb979e61d9070ec03609a07f5fc57d119ae64b7a6ef92a5afae660a30ed48d702cc3128c633b4f19060a0578101729ee979f790f45bdbb5fe1a8a62f01a61a31d61af07030450fa0417323e9407bc76e73130e7c69d62e6a7:efe2cb63fe7b4fc98946dc82fb6998e741ed9ce6b9c1a93bb45bc0a7d8396d7405282b43fe363ba5b23589f8e1fae130e157ce888cd72d053d0cc19d257a4300c0fad790024019bd6fc08a7a92f5f2ac35cf6432e2eaa53d482f6e1204935336cb3ae65a63c24d0ec6539a10ee18760f2f520537774cdec6e96b55536011daa8f8bcb9cdaf6df5b34648448ac7d7cb7c6bd80d67fbf330f8765297766046a925ab52411d1604c3ed6a85173040125658a32cf4c854ef2813df2be6f3830e5eee5a6163a83ca8849f612991a31e9f88028e50bf8535e11755fad029d94cf25959f6695d09c1ba4315d40f7cf51b3f8166d02faba7511ecd8b1dded5f10cd6843455cff707ed225396c61d0820d20ada70d0c3619ff679422061c9f7c76e97d5a37af61fd62212d2dafc647ebbb979e61d9070ec03609a07f5fc57d119ae64b7a6ef92a5afae660a30ed48d702cc3128c633b4f19060a0578101729ee979f790f45bdbb5fe1a8a62f01a61a31d61af07030450fa0417323e9407bc76e73130e7c69d62e6a7: +0cd7aa7d605e44d5ffb97966b2cb93c189e4c5a85db87fad7ab8d62463c59b594889855fe4116b4913927f47f2273bf559c3b394a983631a25ae597033185e46:4889855fe4116b4913927f47f2273bf559c3b394a983631a25ae597033185e46:28a55dda6cd0844b6577c9d6da073a4dc35cbc98ac158ab54cf88fd20cc87e83c4bba2d74d82ce0f4854ec4db513de400465aaa5eee790bc84f16337072d3a91cde40d6e0df1ba0cc0645f5d5cbbb642381d7b9e211d25267a8acf77d1edb69c3a630f5b133d24f046a81bf22ff03b31d8447e12c3f7b77114a70cbd20bbd08b0b3827a6bbcf90409e344447a7fbc59bdd97d729071f8d71dcc33e6ef2cbab1d411edf13734db1dd9703276f5eb2d6aa2cb8952dd6712bfae809ce08c3aa502b8135713fac0a9c25b1d45b6a5831e02421bba65b81a596efa24b0576bd1dc7fdfb49be762875e81bd540722bc06140b9aa2ef7b84a801e41ded68d4546ac4873d9e7ced649b64fadaf0b5c4b6eb8d036315233f4326ca01e03393050cd027c24f67303fb846bd2c6b3dba06bed0d59a36289d24bd648f7db0b3a81346612593e3ddd18c557:bf9115fd3d02706e398d4bf3b02a82674ff3041508fd39d29f867e501634b9261f516a794f98738d7c7013a3f2f858ffdd08047fb6bf3dddfb4b4f4cbeef300328a55dda6cd0844b6577c9d6da073a4dc35cbc98ac158ab54cf88fd20cc87e83c4bba2d74d82ce0f4854ec4db513de400465aaa5eee790bc84f16337072d3a91cde40d6e0df1ba0cc0645f5d5cbbb642381d7b9e211d25267a8acf77d1edb69c3a630f5b133d24f046a81bf22ff03b31d8447e12c3f7b77114a70cbd20bbd08b0b3827a6bbcf90409e344447a7fbc59bdd97d729071f8d71dcc33e6ef2cbab1d411edf13734db1dd9703276f5eb2d6aa2cb8952dd6712bfae809ce08c3aa502b8135713fac0a9c25b1d45b6a5831e02421bba65b81a596efa24b0576bd1dc7fdfb49be762875e81bd540722bc06140b9aa2ef7b84a801e41ded68d4546ac4873d9e7ced649b64fadaf0b5c4b6eb8d036315233f4326ca01e03393050cd027c24f67303fb846bd2c6b3dba06bed0d59a36289d24bd648f7db0b3a81346612593e3ddd18c557: +33371d9e892f9875052ac8e325ba505e7477c1ace24ba7822643d43d0acef3de35929bded27c249c87d8b8d82f59260a575327b546c3a167c69f5992d5b8e006:35929bded27c249c87d8b8d82f59260a575327b546c3a167c69f5992d5b8e006:27a32efba28204be59b7ff5fe488ca158a91d5986091ecc4458b49e090dd37cbfede7c0f46186fabcbdff78d2844155808efffd873ed9c9261526e04e4f7050b8d7bd267a0fe3d5a449378d54a4febbd2f26824338e2aaaf35a32ff0f62504bda5c2e44abc63159f336cf25e6bb40ddb7d8825dff18fd51fc01951eaedcd33707007e1203ca58b4f7d242f8166a907e099932c001bfb1ec9a61e0ef2da4e8446af208201315d69681710d425d2400c387d7b9df321a4aec602b9c656c3e2310bff8756d18b802134b15604f4edc111149a9879e31241dd34f702f4c349617b13529769a772f5e52a89c098e0dca5920667893a250061b17991626eb9319298685be46b6a8b68422444fa5a36bcf3a687e2eccb9322c87dc80165da898930850b98fc863cada1aa99c6d61c451b9ccf4874c7f0e75b0a0c602f044812c71765adaf02025395b0:985ca446ddc007827cc8f2852cbd8115ef8c5975e9d7ce96d74dfed859aa14a4c15254006bea5e08359efe2625d715e0897ee5a16f151203be5010418637de0527a32efba28204be59b7ff5fe488ca158a91d5986091ecc4458b49e090dd37cbfede7c0f46186fabcbdff78d2844155808efffd873ed9c9261526e04e4f7050b8d7bd267a0fe3d5a449378d54a4febbd2f26824338e2aaaf35a32ff0f62504bda5c2e44abc63159f336cf25e6bb40ddb7d8825dff18fd51fc01951eaedcd33707007e1203ca58b4f7d242f8166a907e099932c001bfb1ec9a61e0ef2da4e8446af208201315d69681710d425d2400c387d7b9df321a4aec602b9c656c3e2310bff8756d18b802134b15604f4edc111149a9879e31241dd34f702f4c349617b13529769a772f5e52a89c098e0dca5920667893a250061b17991626eb9319298685be46b6a8b68422444fa5a36bcf3a687e2eccb9322c87dc80165da898930850b98fc863cada1aa99c6d61c451b9ccf4874c7f0e75b0a0c602f044812c71765adaf02025395b0: +beedb8073df58f8c1bffbdbd77ec7decb2c82a9babecefc0331507bdc2c2a7e7b27e908b805e296fc30d2e474b060cd50c0f6f520b3671712183bd89d4e733e9:b27e908b805e296fc30d2e474b060cd50c0f6f520b3671712183bd89d4e733e9:35ca57f0f915e5209d54ea4b871ffb585354df1b4a4a1796fbe4d6227d3e1aba5171ed0391a79e83e24d82fdafd15c17b28bf6c94d618c74d65264e58faaacd2902872fdd0efa22e8d2d7ce8e3b8197f0c3615b0a385235fa9fd8e4564ee6e6b1650b4cfb94d872c805c32d4f3a18f966461d3adbb605fa525884f8eb197627396ba4d995d78ac02948a0eaabb58519b9a8e2e7985cd1de2c71d8918d96a0168660ce17cddf364e3ec0d4bd90f2104751a1927ee1d23f3e7a69840ed040b00e5f6e4866ec58813149cc382aebf6162608c79574d553f47230e924a0ef1ebf55d8e1a52abb62a2d7ac86027c7c03cc83fa1949da29e2f3037ab986fd2fffe650e3149babae5a50b1ee9696f3babec72e29697c82422814d272085500fd837fe3c7a973ef4c169af12dd7f02700620bb045bdbf84623f326350570b3cadbc9aea4200b28287e17ab:8c890cccadc7760e1e82e43c44b3dc0b685a48b479ae13cc0a6b0557d0fb1cbabba63d2a96843412ea8d36c50acbf52b92cfb2dce49dc48af6ddcf8ee47a860835ca57f0f915e5209d54ea4b871ffb585354df1b4a4a1796fbe4d6227d3e1aba5171ed0391a79e83e24d82fdafd15c17b28bf6c94d618c74d65264e58faaacd2902872fdd0efa22e8d2d7ce8e3b8197f0c3615b0a385235fa9fd8e4564ee6e6b1650b4cfb94d872c805c32d4f3a18f966461d3adbb605fa525884f8eb197627396ba4d995d78ac02948a0eaabb58519b9a8e2e7985cd1de2c71d8918d96a0168660ce17cddf364e3ec0d4bd90f2104751a1927ee1d23f3e7a69840ed040b00e5f6e4866ec58813149cc382aebf6162608c79574d553f47230e924a0ef1ebf55d8e1a52abb62a2d7ac86027c7c03cc83fa1949da29e2f3037ab986fd2fffe650e3149babae5a50b1ee9696f3babec72e29697c82422814d272085500fd837fe3c7a973ef4c169af12dd7f02700620bb045bdbf84623f326350570b3cadbc9aea4200b28287e17ab: +9184ef618816832592bc8eb35f4ffd4ff98dfbf7776c90f2aad212ce7e03351e687b7726010d9bde2c90e573cd2a2a702ff28c4a2af70afc7315c94d575601e5:687b7726010d9bde2c90e573cd2a2a702ff28c4a2af70afc7315c94d575601e5:729eb7e54a9d00c58617af18c345b8dc6e5b4e0f57de2f3c02e54a2ec8f1425ec2e240775b5ab0c10f84ac8bafda4584f7e21c655faecd8030a98906bd68398f26b5d58d92b6cf045e9bd9743c74c9a342ec61ce57f37b981eac4d8bf034608866e985bb68686a68b4a2af88b992a2a6d2dc8ce88bfb0a36cf28bbab7024abfa2bea53313b66c906f4f7cf66970f540095bd0104aa4924dd82e15413c22679f847e48cd0c7ec1f677e005fec0177fbd5c559fc39add613991fbaeae4d24d39d309ef74647f8192cc4c62d0642028c76a1b951f6bc9639deb91ecc08be6043f2109705a42c7eae712649d91d96ccbbfb63d8d0dd6dd112160f61361ecdc6793929ca9aef9ab56944a6fa4a7df1e279eaf58ce8323a9cf62c94279fff7440fbc936baa61489c999330badcb9fc0e184bc5093f330cbb242f71fb378738fea10511dd438364d7f76bcc:b3c24e75132c563475422d5ea412b5c1e8e6e5ea1c08ead1393c412da134c9a1638284ea7e2ca032fe3d3e32a9066a8c8839903f6ef46e966bb5e492d8c2aa00729eb7e54a9d00c58617af18c345b8dc6e5b4e0f57de2f3c02e54a2ec8f1425ec2e240775b5ab0c10f84ac8bafda4584f7e21c655faecd8030a98906bd68398f26b5d58d92b6cf045e9bd9743c74c9a342ec61ce57f37b981eac4d8bf034608866e985bb68686a68b4a2af88b992a2a6d2dc8ce88bfb0a36cf28bbab7024abfa2bea53313b66c906f4f7cf66970f540095bd0104aa4924dd82e15413c22679f847e48cd0c7ec1f677e005fec0177fbd5c559fc39add613991fbaeae4d24d39d309ef74647f8192cc4c62d0642028c76a1b951f6bc9639deb91ecc08be6043f2109705a42c7eae712649d91d96ccbbfb63d8d0dd6dd112160f61361ecdc6793929ca9aef9ab56944a6fa4a7df1e279eaf58ce8323a9cf62c94279fff7440fbc936baa61489c999330badcb9fc0e184bc5093f330cbb242f71fb378738fea10511dd438364d7f76bcc: +354e13152ee1fe748a1252204c6527bdc1b1eb2eb53678150e6359924708d812d45ff6c5fb83e7bb9669aa8960deb7dbc665c988439b6c9ef672c6811dc8bcf6:d45ff6c5fb83e7bb9669aa8960deb7dbc665c988439b6c9ef672c6811dc8bcf6:8e5fccf66b1ba6169cb685733d9d0e0190361c90bcab95c163285a97fe356d2bdcde3c9380268805a384d063da09ccd9969cc3ff7431e60a8e9f869cd62faa0e356151b280bc526e577c2c538c9a724dc48bf88b70321d7e1eeedb3c4af706748c942e67bdabdb41bec2977b1523069e31e29b76300288f88a51b384b80cc2526f1679340ddec3881f5cd28b0378d9cd0a812b68dd3f68f7a23e1b54bee7466ac765cf38df04d67441dfa498c4bffc52045fa6d2dbcdbfa33dfaa77644ffccef0decdb6790c70a0d734ec287cc338cb5a909c0055189301169c4f7702c05c0911a27b16ef9ed934fa6a0ca7b13e413523422535647968030edc40cd73e7d6b345b7581f438316d68e3cd292b846d3f4f7c4862bc7e6b3fb89a27f6f60cd7db2e34ec9aae1013fe37acff8ad888cb9a593ef5e621eae5186c58b31dcfde22870e336d33f440f6b8d49a:de2b46e65f3decef34332e500f2e11306fbdcf1be85a1c1ee68ba3045dcec2c7be608d22927da1f44c0e2083ae622cf3c29d893887994efcfa2ca594f5051f038e5fccf66b1ba6169cb685733d9d0e0190361c90bcab95c163285a97fe356d2bdcde3c9380268805a384d063da09ccd9969cc3ff7431e60a8e9f869cd62faa0e356151b280bc526e577c2c538c9a724dc48bf88b70321d7e1eeedb3c4af706748c942e67bdabdb41bec2977b1523069e31e29b76300288f88a51b384b80cc2526f1679340ddec3881f5cd28b0378d9cd0a812b68dd3f68f7a23e1b54bee7466ac765cf38df04d67441dfa498c4bffc52045fa6d2dbcdbfa33dfaa77644ffccef0decdb6790c70a0d734ec287cc338cb5a909c0055189301169c4f7702c05c0911a27b16ef9ed934fa6a0ca7b13e413523422535647968030edc40cd73e7d6b345b7581f438316d68e3cd292b846d3f4f7c4862bc7e6b3fb89a27f6f60cd7db2e34ec9aae1013fe37acff8ad888cb9a593ef5e621eae5186c58b31dcfde22870e336d33f440f6b8d49a: +7ff62d4b3c4d99d342d4bb401d726b21e99f4ef592149fc311b68761f5567ff67fdfdb9eca29d3f01d9486d7e112ce03aa37b91326a4283b9c03999c5eda099a:7fdfdb9eca29d3f01d9486d7e112ce03aa37b91326a4283b9c03999c5eda099a:99c44c796572a4823fc6c3807730839173774c05dbfc1492ed0d00509a95a1de37274b3135ed0456a1718e576597dc13f2a2ab37a45c06cbb4a2d22afad4d5f3d90ab3d8da4dcdaa06d44f2219088401c5dceee26055c4782f78d7d63a380608e1bef89eeef338c2f0897da106fafce2fb2ebc5db669c7c172c9cfe77d3109d239fe5d005c8ee751511b5a88317c729b0d8b70b52f6bd3cda2fe865c77f36e4f1b635f336e036bd718bec90ee78a802811510c4058c1ba364017253aa842922e1dd7d7a0f0fc9c69e43fc4eaeffaaf1ae5fa5d2d73b43079617baba030923fe5b13d2c1c4fe6fac3f2db74e2020a734b6121a0302fce820ba0580ce6135348fdf0632e0008df03ee112168f5cfa0037a26a1f69b1f1317edf2a3ab367455a77e00691215d7aa3133c2159d3da2b134cf04f0defbf07a6064011e64dd14d4f8f064356655428804c2771a:058f79927fbf6178724815c7b11c63baaa90bcc15d7272be082f8a9141861c816433055f6cf6491424853f9ec78bb91ace913a93411b4e5ed58bc4ba5715c60a99c44c796572a4823fc6c3807730839173774c05dbfc1492ed0d00509a95a1de37274b3135ed0456a1718e576597dc13f2a2ab37a45c06cbb4a2d22afad4d5f3d90ab3d8da4dcdaa06d44f2219088401c5dceee26055c4782f78d7d63a380608e1bef89eeef338c2f0897da106fafce2fb2ebc5db669c7c172c9cfe77d3109d239fe5d005c8ee751511b5a88317c729b0d8b70b52f6bd3cda2fe865c77f36e4f1b635f336e036bd718bec90ee78a802811510c4058c1ba364017253aa842922e1dd7d7a0f0fc9c69e43fc4eaeffaaf1ae5fa5d2d73b43079617baba030923fe5b13d2c1c4fe6fac3f2db74e2020a734b6121a0302fce820ba0580ce6135348fdf0632e0008df03ee112168f5cfa0037a26a1f69b1f1317edf2a3ab367455a77e00691215d7aa3133c2159d3da2b134cf04f0defbf07a6064011e64dd14d4f8f064356655428804c2771a: +6cabadd03f8a2e6ebab96a74f80e18164e4d1b6baa678f5a82e25604af989aaf2a4a3179564194e00100c18bc35351d8b135bbae5b32b28fce1d7b6766ca4b32:2a4a3179564194e00100c18bc35351d8b135bbae5b32b28fce1d7b6766ca4b32:279f78cf3b9ccfc6e1b01e1a82f50ed172e9a8e1e702bb15661dd7dc3a456ff7a7a7fdfb081db3867079630c7f70fd753292ec60ecbf50632e9aa45b996505c66e6dc3c6ae892e21b6a8705e4bbae8f16a3378554b31fdb0139dcd15c96a8a7e4b88756a86d18db5dc74fd7691197dd88e2c7d5df52b049344cdc477c9cd7e89eda99ccfb1d00814d0152b9654df3279372ca5f18b1c946f2894a76b079ddb1c3cd61fbb969aeec9193a6b88fb7d136c07f9821e5c1074b4e93bcaf6fa14d0d1d7e1707589d77ec1337206e53a1f06cc26672ff95c13d5ff444766931ba30a0afdcdadd2098e9c41fd87a3f23cd16dbb0efbf8092ce33e327f42610990e1cee6cb8e54951aa081e69765ae4009aeed758e768de50c23d9a22b4a06dc4d19fc8cbd0cdef4c983461755d0a3b5d6a9c12253e09568339ff7e5f78c5fdf7ec89f9186a621a8c0eed11b67022e:4e65c6c1d493045e8a9250e397c1d1d30ffed24db66a8961aa458f8f0fcb760c39fe8657d7ab8f84000b96d519717cff71f926522c1efec7f8b2624eae55f60c279f78cf3b9ccfc6e1b01e1a82f50ed172e9a8e1e702bb15661dd7dc3a456ff7a7a7fdfb081db3867079630c7f70fd753292ec60ecbf50632e9aa45b996505c66e6dc3c6ae892e21b6a8705e4bbae8f16a3378554b31fdb0139dcd15c96a8a7e4b88756a86d18db5dc74fd7691197dd88e2c7d5df52b049344cdc477c9cd7e89eda99ccfb1d00814d0152b9654df3279372ca5f18b1c946f2894a76b079ddb1c3cd61fbb969aeec9193a6b88fb7d136c07f9821e5c1074b4e93bcaf6fa14d0d1d7e1707589d77ec1337206e53a1f06cc26672ff95c13d5ff444766931ba30a0afdcdadd2098e9c41fd87a3f23cd16dbb0efbf8092ce33e327f42610990e1cee6cb8e54951aa081e69765ae4009aeed758e768de50c23d9a22b4a06dc4d19fc8cbd0cdef4c983461755d0a3b5d6a9c12253e09568339ff7e5f78c5fdf7ec89f9186a621a8c0eed11b67022e: +0fa0c32c3ae34be51b92f91945405981a8e202488558a8e220c288c7d6a5532dd6aee62bd91fc9453635ffcc02b2f38dcab13285140380580ccdff0865df0492:d6aee62bd91fc9453635ffcc02b2f38dcab13285140380580ccdff0865df0492:53f44be0e5997ff07264cb64ba1359e2801def8755e64a2362bddaf597e672d021d34fface6d97e0f2b1f6ae625fd33d3c4f6e9ff7d0c73f1da8defb23f324975e921bb2473258177a16612567edf7d5760f3f3e3a6d26aaabc5fde4e2043f73fa70f128020933b1ba3b6bd69498e9503ea670f1ed880d3651f2e4c59e79cabc86e9b703394294112d5d8e213c317423b525a6df70106a9d658a262028b5f45100cb77d1150d8fe461eed434f241015f3276ad7b09a291b4a7f35e3c30051cbf13b1d4a7fa0c81a50f939e7c49673afdc87883c9e3e61f5a1df03755470fda74bf23ea88676b258a97a280d5f90b52b714b596035bae08c8d0fe6d94f8949559b1f27d7116cf59dd3cfbf18202a09c13f5c4fbc8d97225492887d32870c2297e34debd9876d6d01ac27a16b088b079079f2b20feb02537cda314c43cb2dca371b9df37ed11ec97e1a7a6993a:7e9ab85ee94fe4b35dcb545329a0ef25923de5c9dc23e7df1a7e77ab0dcfb89e03f4e785ca6429cb2b0df50da6230f733f00f33a45c4e576cd40bdb84f1ae00153f44be0e5997ff07264cb64ba1359e2801def8755e64a2362bddaf597e672d021d34fface6d97e0f2b1f6ae625fd33d3c4f6e9ff7d0c73f1da8defb23f324975e921bb2473258177a16612567edf7d5760f3f3e3a6d26aaabc5fde4e2043f73fa70f128020933b1ba3b6bd69498e9503ea670f1ed880d3651f2e4c59e79cabc86e9b703394294112d5d8e213c317423b525a6df70106a9d658a262028b5f45100cb77d1150d8fe461eed434f241015f3276ad7b09a291b4a7f35e3c30051cbf13b1d4a7fa0c81a50f939e7c49673afdc87883c9e3e61f5a1df03755470fda74bf23ea88676b258a97a280d5f90b52b714b596035bae08c8d0fe6d94f8949559b1f27d7116cf59dd3cfbf18202a09c13f5c4fbc8d97225492887d32870c2297e34debd9876d6d01ac27a16b088b079079f2b20feb02537cda314c43cb2dca371b9df37ed11ec97e1a7a6993a: +7b06f88026fa86f39fce2426f67cc5996bedd0cfc4b5ebb1b5e3edbb47e080aa3f1469ee6a2e7867e2e9012d402cf5a4861497c01df879a1deb1c539830b58de:3f1469ee6a2e7867e2e9012d402cf5a4861497c01df879a1deb1c539830b58de:71175d4e21721297d9176d817f4e785d9600d923f987fe0b26fd79d33a5ea5d1e818b71f0f92b8c73afddabdcc27f6d16e26aafa874cfd77a00e06c36b041487582bb933760f88b419127345776ea418f83522254fed33819bc5c95f8f8404cc144ebf1486c88515409d3433aaf519d9920f5256e629419e9a95580a35b069b8d25533dfcbc98ad36404a951808e01378c03266326d120046975fde07daef3266caacd821c1403499d7fdf17c033c8d8c3f28f162b5f09dfdaca06285f00c6cb986dfdf5151aa6639608b5b13e78d65a4368585b16138754fbd113835a686cd066c2b89bb0953c24d50e77bf0fc457c1e0fcf5d44da8db9a88f062be3b688d5cdcff1d1c00e81ec9d413882295b341fee8fa427dc109adeb5f284eec202f1bef115bf96b1782d3ccdeb682b69bf92d170c007d5df80e1ed962f677dc24a145a1e4e829e8dec0104e5f78365944:42f133e34e3eb7032a133ed781537ec62e44a5ce8381e5e0bf9e13a914a4b2c757811d6d3b1e86672424ea4230d10f7c610abb7069e61e319b4066a2bd7bc90071175d4e21721297d9176d817f4e785d9600d923f987fe0b26fd79d33a5ea5d1e818b71f0f92b8c73afddabdcc27f6d16e26aafa874cfd77a00e06c36b041487582bb933760f88b419127345776ea418f83522254fed33819bc5c95f8f8404cc144ebf1486c88515409d3433aaf519d9920f5256e629419e9a95580a35b069b8d25533dfcbc98ad36404a951808e01378c03266326d120046975fde07daef3266caacd821c1403499d7fdf17c033c8d8c3f28f162b5f09dfdaca06285f00c6cb986dfdf5151aa6639608b5b13e78d65a4368585b16138754fbd113835a686cd066c2b89bb0953c24d50e77bf0fc457c1e0fcf5d44da8db9a88f062be3b688d5cdcff1d1c00e81ec9d413882295b341fee8fa427dc109adeb5f284eec202f1bef115bf96b1782d3ccdeb682b69bf92d170c007d5df80e1ed962f677dc24a145a1e4e829e8dec0104e5f78365944: +c3f5e149968a24f4de9119531975f443015ccca305d7119ed4749e8bf6d94fc739aaccdb948a4038538a4588322f806bb129b5876c4bec51271afe4f49690045:39aaccdb948a4038538a4588322f806bb129b5876c4bec51271afe4f49690045:c46370e37f2e0cadcf93402f1f0cb048f52881ba750b7a43f56ab11ce348732fb57e7f9aaf8dfcbe455e14e983c248d026a27e7f148d5db5a53f94635702b895127771047a876d14107386c5e0ff8933345bbd7a936d990d33efa28c2ec4e4864ffd2ff576f7c88f954cfc1c459e883bb712dae3cdf6632066f1f4d13a509615b3360cadc5a307f23e52a51b40a6feebe0b18d0e9ee4e348f33cd81a8def222f6a59b12861d335bd9af85cc004be46f1d3a424f4870ae9dc587e5a4ade136b9370649348c33ac3bf1febeebffea37085ed59cac9d9e696470b234609e9a10a9d431ff91e69cb5135fd117ff58a36539744ebe70cea6973c00c7a4d57b62f4a7136d731b8e46ff18ec0ed69070031905075d8541d568cfce6eeb76242b7819a7b6a93552111bb88f165527cfa6966d39fcbe0a7dea008e39c7a3e577ab307cd1d0ea326833d52654e172955f3fcd4:5fa2b531677b00b85b0a313cbd479f55f4ab3ec5cfce5e454d2b74176ccc3399c899f9d6b51ed4c1e76185ac9fe730c4b4014044f7041185bc3c85722eb2ea02c46370e37f2e0cadcf93402f1f0cb048f52881ba750b7a43f56ab11ce348732fb57e7f9aaf8dfcbe455e14e983c248d026a27e7f148d5db5a53f94635702b895127771047a876d14107386c5e0ff8933345bbd7a936d990d33efa28c2ec4e4864ffd2ff576f7c88f954cfc1c459e883bb712dae3cdf6632066f1f4d13a509615b3360cadc5a307f23e52a51b40a6feebe0b18d0e9ee4e348f33cd81a8def222f6a59b12861d335bd9af85cc004be46f1d3a424f4870ae9dc587e5a4ade136b9370649348c33ac3bf1febeebffea37085ed59cac9d9e696470b234609e9a10a9d431ff91e69cb5135fd117ff58a36539744ebe70cea6973c00c7a4d57b62f4a7136d731b8e46ff18ec0ed69070031905075d8541d568cfce6eeb76242b7819a7b6a93552111bb88f165527cfa6966d39fcbe0a7dea008e39c7a3e577ab307cd1d0ea326833d52654e172955f3fcd4: +42305c9302f45ea6f87e26e2208fd94b3c4ad037b1b6c83cf6677aa1096a013c3b97b1f11ce45ba46ffbb25b76bfc5ad7b77f90cc69ed76115dea4029469d587:3b97b1f11ce45ba46ffbb25b76bfc5ad7b77f90cc69ed76115dea4029469d587:d110828d449198d675e74e8e39439fd15e75bf2cc1f430abfb245836885bafc420f754b89d2fbbf6dd3490792e7a4f766073cfe3b302d089831ace869e2730fde45c2121ec3ef217aa9c43fa7cc7e9ed0a01ad9f1d2fc3613638ca9fc193c98b37455bf5dbf8f38b64708dfdca6c21f0975f1017c5da5f6434bda9f033cec2a631ab50318e017b170b240bf01eb8b36c7e1cb59e7736ac34444208132a8f59e4f313d65d849c6a4fdf13e20ecaee3823e589a171b39b2489497b06e6ff58c2c9f1dc5d3aa3bd10e6443e22d42d07b783f79fd43a46e1cde314b663a95f7246dea131fcd46d1dc333c5454f86b2c4e2e424dea405cc2230d4dcd39a2eab2f92845cf6a7994192063f1202749ef52dcb96f2b79ed6a98118ca0b99ba2285490860eb4c61ab78b9ddc6acc7ad883fa5e96f9d029171223abf7573e36230e0a81f6c1311151473ee264f4b842e923dcb3b:18d05e5d01668e83f40fa3bbee28b388acf318d1b0b5ad668c672f345c8eda14c2f884cd2a9039459ce0810bc5b580fe70d3964a43edb49e73a6ff914bbf040cd110828d449198d675e74e8e39439fd15e75bf2cc1f430abfb245836885bafc420f754b89d2fbbf6dd3490792e7a4f766073cfe3b302d089831ace869e2730fde45c2121ec3ef217aa9c43fa7cc7e9ed0a01ad9f1d2fc3613638ca9fc193c98b37455bf5dbf8f38b64708dfdca6c21f0975f1017c5da5f6434bda9f033cec2a631ab50318e017b170b240bf01eb8b36c7e1cb59e7736ac34444208132a8f59e4f313d65d849c6a4fdf13e20ecaee3823e589a171b39b2489497b06e6ff58c2c9f1dc5d3aa3bd10e6443e22d42d07b783f79fd43a46e1cde314b663a95f7246dea131fcd46d1dc333c5454f86b2c4e2e424dea405cc2230d4dcd39a2eab2f92845cf6a7994192063f1202749ef52dcb96f2b79ed6a98118ca0b99ba2285490860eb4c61ab78b9ddc6acc7ad883fa5e96f9d029171223abf7573e36230e0a81f6c1311151473ee264f4b842e923dcb3b: +c57a43dcd7bab8516009546918d71ad459b7345efdca8d4f19929875c839d7222083b444236b9ab31d4e00c89d55c6260fee71ac1a47c4b5ba227404d382b82d:2083b444236b9ab31d4e00c89d55c6260fee71ac1a47c4b5ba227404d382b82d:a4f6d9c281cf81a28a0b9e77499aa24bde96cc1264374491c008294ee0af6f6e4bbb686396f59068d358e30fe9992db0c6f16680a1c71e27a4a907ac607d39bdc3258c7956482fb37996f4beb3e5051b8148019a1c256e2ee999ebc8ce64c54e07fedb4fbd8953ebd93b7d69ce5a0082edd6209d12d3619b4fd2eae916461f72a4ce727157251a19209bbff9fbdbd289436f3fcacc6b4e1318521a47839cba4b14f7d7a21e7b5d6b6a753d5804afcd2b1eb7779b92abab8afa8aa4fa51caec0b85dcd0fc2a0676036d3f56630a831ffeb502861dd89161c708a9c006c73c930ce5b94756426ff18aa112fb4eb9a68500b48d4eedbd4167b6ffd0a11d49443a173ce9d949436748fc0634f06bb08b8f3423f4463dba7b4d199b64df578117f0a2645f0b2a1e2ada27d286f76733f25b82ed1d48a5c3898d4ad621e50ed9060daad40a39532e4d1bf162ce36804d5d4e2d:1edef9bc036971f1fa88edf45393c802e6c1a1631c8a06871a09a320821dce40beca97e53a0361a955a4c6d60b8ca8e400c81340911ccb4f56284041cdbb1804a4f6d9c281cf81a28a0b9e77499aa24bde96cc1264374491c008294ee0af6f6e4bbb686396f59068d358e30fe9992db0c6f16680a1c71e27a4a907ac607d39bdc3258c7956482fb37996f4beb3e5051b8148019a1c256e2ee999ebc8ce64c54e07fedb4fbd8953ebd93b7d69ce5a0082edd6209d12d3619b4fd2eae916461f72a4ce727157251a19209bbff9fbdbd289436f3fcacc6b4e1318521a47839cba4b14f7d7a21e7b5d6b6a753d5804afcd2b1eb7779b92abab8afa8aa4fa51caec0b85dcd0fc2a0676036d3f56630a831ffeb502861dd89161c708a9c006c73c930ce5b94756426ff18aa112fb4eb9a68500b48d4eedbd4167b6ffd0a11d49443a173ce9d949436748fc0634f06bb08b8f3423f4463dba7b4d199b64df578117f0a2645f0b2a1e2ada27d286f76733f25b82ed1d48a5c3898d4ad621e50ed9060daad40a39532e4d1bf162ce36804d5d4e2d: +2dddb6b8fd04fa90ece1a709f8418f2e5d0c9c43afe7cfce19e6ad15a73476f78059de6a7c4776489ecc2e7d707ffce30285bf30a23f78d72db49cfd6ed0d492:8059de6a7c4776489ecc2e7d707ffce30285bf30a23f78d72db49cfd6ed0d492:474baa590a4cd72d5424e51d8257b3d44325bc4c5063a0033c86ebbe99ed7212184c19944d082a115379dd4cece973faa0bca6485bd25f3744a719e70aa0291e1b5a96e637c140616a98263357c76b6eb0083fe51414e386870d0fdc7dd9abe4ff6fb5bbf1e7b15dac3e08e2615f655c3104ceb32a4cc2c9e9c43cf282d346ac253ccc46b635ae040973b49735720ffb890469a567c5824e0c00d7ccd5509a718092a906461c4d6163eaf422418f5fc6e009fc3f529ac61a2f89bb8e0ed45d940c4c2331ff8d8e1d6d58d417d8fc2656a02e8701aee75aed918724eebe4a2cf4744c5c401e217023df68a6f6a0228bd05a679a697d8de7036b9ed269090d3c65486afb91e27954eb15b964665ede7ad008f12fb3a9d0e69c13b4254f43819e0818a4195f68b8a38ae81f3fcb1879c95ab4cd0ffc38e381089260cca967ace5a085b457ab5eb363852101377570f9ac9e38:c634ea7bf72e895a2e796e2834201415b8b45e05e045559284eb9052c0e84f62a5a9f0c9764f7576788c7228b19ef517c195497325a48a9344b147c12fd75509474baa590a4cd72d5424e51d8257b3d44325bc4c5063a0033c86ebbe99ed7212184c19944d082a115379dd4cece973faa0bca6485bd25f3744a719e70aa0291e1b5a96e637c140616a98263357c76b6eb0083fe51414e386870d0fdc7dd9abe4ff6fb5bbf1e7b15dac3e08e2615f655c3104ceb32a4cc2c9e9c43cf282d346ac253ccc46b635ae040973b49735720ffb890469a567c5824e0c00d7ccd5509a718092a906461c4d6163eaf422418f5fc6e009fc3f529ac61a2f89bb8e0ed45d940c4c2331ff8d8e1d6d58d417d8fc2656a02e8701aee75aed918724eebe4a2cf4744c5c401e217023df68a6f6a0228bd05a679a697d8de7036b9ed269090d3c65486afb91e27954eb15b964665ede7ad008f12fb3a9d0e69c13b4254f43819e0818a4195f68b8a38ae81f3fcb1879c95ab4cd0ffc38e381089260cca967ace5a085b457ab5eb363852101377570f9ac9e38: +5547f1004baedfce5cfc0850b05302374aad24f6163994ecd751df3af3c106207ce620787385ee1951ac49a77352ee0d6f8c5cd47df74e9e3216a6324fc7cf7f:7ce620787385ee1951ac49a77352ee0d6f8c5cd47df74e9e3216a6324fc7cf7f:a6c17eeb5b8066c2cd9a89667317a945a0c7c96996e77ae854c509c6cd0631e922ad04503af87a3c4628adafed7600d071c078a22e7f64bda08a362b38b26ca15006d38acf532d0dedea4177a2d33f06956d80e963848ec791b2762fa99449b4f1a1ed9b3f2580be3ac7d7f52fb14421d6222ba76f807750c6cbb0b16f0895fc73d9dfc587e1a9e5d1e58375fbab705b8f0c1fd7df8b3ad446f2f08459e7ed1af59556fbc966dc249c1cf604f3e677c8a09d4363608774bf3811bef0642748c55c516c7a580fa3499050acb30eed870d0d91174cb623e98c3ad121cf81f04e57d49b008424a98a31eeaaf5f38e000f903d48d215ed52f862d636a5a73607de85760167267efe30f8a26ebc5aa0c09f5b258d3361ca69d1d7ee07b59648179ab2170ec50c07f6616f216872529421a6334a4a1ed3d2671ef47bc9a92afb58314e832db8a9003408a0487503fe4f67770dd4b6:29df3ad589009c667baa5e72dabb4e53cb7876de4e7efe5cc21ead7fa878db57f97c1103ddb39a861eb88653c1d4ec3b4306e4584b47b8bc90423119e7e4af00a6c17eeb5b8066c2cd9a89667317a945a0c7c96996e77ae854c509c6cd0631e922ad04503af87a3c4628adafed7600d071c078a22e7f64bda08a362b38b26ca15006d38acf532d0dedea4177a2d33f06956d80e963848ec791b2762fa99449b4f1a1ed9b3f2580be3ac7d7f52fb14421d6222ba76f807750c6cbb0b16f0895fc73d9dfc587e1a9e5d1e58375fbab705b8f0c1fd7df8b3ad446f2f08459e7ed1af59556fbc966dc249c1cf604f3e677c8a09d4363608774bf3811bef0642748c55c516c7a580fa3499050acb30eed870d0d91174cb623e98c3ad121cf81f04e57d49b008424a98a31eeaaf5f38e000f903d48d215ed52f862d636a5a73607de85760167267efe30f8a26ebc5aa0c09f5b258d3361ca69d1d7ee07b59648179ab2170ec50c07f6616f216872529421a6334a4a1ed3d2671ef47bc9a92afb58314e832db8a9003408a0487503fe4f67770dd4b6: +3dd7203c237aefe9e38a201ff341490179905f9f100828da18fcbe58768b5760f067d7b2ff3a957e8373a7d42ef0832bcda84ebf287249a184a212a94c99ea5b:f067d7b2ff3a957e8373a7d42ef0832bcda84ebf287249a184a212a94c99ea5b:db28ed31ac04b0c2decee7a6b24fc9a082cc262ca7ccf2a247d6372ec3e9120ecedb4542ea593fea30335c5ab9dd318a3b4fd5834299cf3f53d9ef46137b273c390ec3c26a0b4470d0d94b77d82cae4b24587837b167bb7f8166710baeb3ee70af797316cb7d05fa57e468ae3f0bd449404d8528808b41fcca62f5e0a2aa5d8f3acab008cc5f6e5ab02777bdcde87f0a10ef06a4bb37fe02c94815cf76bfb8f5cdd865cc26dcb5cf492edfd547b535e2e6a6d8540956dcba62cfea19a9474406e934337e454270e01036ac45793b6b8aceda187a08d56a2ce4e98f42ea375b101a6b9fcb4231d171aa463eeb43586a4b82a387bcddaf71a80fd5c1f7292efc2bd8e70c11eaa817106061b6c461c4883d613cc06c7e2a03f73d90fc55cdc07265eefd36be72270383d6c676cae37c93691f1ae3d927b3a1cd963e4229757ae5231eea73a9f71515628305410ac2593b325cc631:4c036935a96abc0d050d907bedbe9946fb97439f039c742e051ccf09add7df44d17da98c2ca01bdc2424da1e4debf347f8fff48ac8030d2cc07f9575c044be04db28ed31ac04b0c2decee7a6b24fc9a082cc262ca7ccf2a247d6372ec3e9120ecedb4542ea593fea30335c5ab9dd318a3b4fd5834299cf3f53d9ef46137b273c390ec3c26a0b4470d0d94b77d82cae4b24587837b167bb7f8166710baeb3ee70af797316cb7d05fa57e468ae3f0bd449404d8528808b41fcca62f5e0a2aa5d8f3acab008cc5f6e5ab02777bdcde87f0a10ef06a4bb37fe02c94815cf76bfb8f5cdd865cc26dcb5cf492edfd547b535e2e6a6d8540956dcba62cfea19a9474406e934337e454270e01036ac45793b6b8aceda187a08d56a2ce4e98f42ea375b101a6b9fcb4231d171aa463eeb43586a4b82a387bcddaf71a80fd5c1f7292efc2bd8e70c11eaa817106061b6c461c4883d613cc06c7e2a03f73d90fc55cdc07265eefd36be72270383d6c676cae37c93691f1ae3d927b3a1cd963e4229757ae5231eea73a9f71515628305410ac2593b325cc631: +282775df9ebbd7c5a65f3a2b096e36ee64a8f8ea719da77758739e4e7476111da2b49646033a13937cad6b0e914e3cec54989c252ca5643d076555d8c55e56e0:a2b49646033a13937cad6b0e914e3cec54989c252ca5643d076555d8c55e56e0:14cc50c2973ea9d0187a73f71cb9f1ce07e739e049ec2b27e6613c10c26b73a2a966e01ac3be8b505aeaad1485c1c2a3c6c2b00f81b9e5f927b73bfd498601a7622e8544837aad02e72bf72196dc246902e58af253ad7e025e3666d3bfc46b5b02f0eb4a37c9554992abc8651de12fd813177379bb0ce172cd8aaf937f979642bc2ed7c7a430cb14c3cd3101b9f6b91ee3f542acdf017f8c2116297f4564768f4db95dad8a9bcdc8da4d8fb13ef6e2da0b1316d3c8c2f3ed836b35fe2fd33effb409e3bc1b0f85225d2a1de3bfc2d20563946475c4d7ca9fddbaf59ad8f8961d287ae7dd803e7af1fa612329b1bdc04e225600ae731bc01ae0925aed62ac50d46086f3646cf47b072f0d3b044b36f85cec729a8bb2b92883ca4dfb34a8ee8a0273b31af50982bb6131bfa11d55504b1f6f1a0a00438ca26d8ab4f48bcddc9d5a38851abede4151d5b70d720732a00abea2c8b979:15763973859402907d8dcb86adc24a2a168ba3abf2246173d6348afed51ef60b0c0edeff4e10bcef4c6e5778c8bc1f5e9ee0237373445b455155d23de127a20214cc50c2973ea9d0187a73f71cb9f1ce07e739e049ec2b27e6613c10c26b73a2a966e01ac3be8b505aeaad1485c1c2a3c6c2b00f81b9e5f927b73bfd498601a7622e8544837aad02e72bf72196dc246902e58af253ad7e025e3666d3bfc46b5b02f0eb4a37c9554992abc8651de12fd813177379bb0ce172cd8aaf937f979642bc2ed7c7a430cb14c3cd3101b9f6b91ee3f542acdf017f8c2116297f4564768f4db95dad8a9bcdc8da4d8fb13ef6e2da0b1316d3c8c2f3ed836b35fe2fd33effb409e3bc1b0f85225d2a1de3bfc2d20563946475c4d7ca9fddbaf59ad8f8961d287ae7dd803e7af1fa612329b1bdc04e225600ae731bc01ae0925aed62ac50d46086f3646cf47b072f0d3b044b36f85cec729a8bb2b92883ca4dfb34a8ee8a0273b31af50982bb6131bfa11d55504b1f6f1a0a00438ca26d8ab4f48bcddc9d5a38851abede4151d5b70d720732a00abea2c8b979: +4730a5cf9772d7d6665ba787bea4c95252e6ecd63ec62390547bf100c0a46375f9f094f7cc1d40f1926b5b22dce465784468b20ab349bc6d4fdf78d0042bbc5b:f9f094f7cc1d40f1926b5b22dce465784468b20ab349bc6d4fdf78d0042bbc5b:e7476d2e668420e1b0fadfbaa54286fa7fa890a87b8280e26078152295e1e6e55d1241435cc430a8693bb10cde4643f59cbfcc256f45f5090c909a14c7fc49d37bfc25af11e8f4c83f4c32d4aabf43b20fa382bb6622a1848f8ffc4dff3408bb4ec7c67a35b4cdaee5e279c0fc0a66093a9f36a60fdd65e6334a804e845c8530b6fda363b5640337d027243ccfb3c177f43e717896e46ead7f72ca06aa0ff1e77247121baf48be9a445f729ca1390fc46151cbd33fcbd7373f27a6ba55c92cbf6945b09b44b9a4e5800d403070ae66048997b2197f02181a097e563f9b9acc841139258a258bc610d3bd891637356b2edc8c184c35c65af91aaf7b1c16d74a5f5f862548139254ecf550631d5f8849afdb5b64cf366ff2633a93f3a18c39b5150245fb5f33c9e4e2d94af6963a70b88f9e7e519f8fa2a0f2e3749de883d0e6f052a949d0fc7153a8693f6d801d7352eb2f7a465c0e:552c7347bdfe131646ce0932d82a36d2c1b76d7c30ee890e0592e19f9d18b9a56f48d7a9b68c017da6b550c943af4a907baf317e419fbbc96f6cf4bfad42de00e7476d2e668420e1b0fadfbaa54286fa7fa890a87b8280e26078152295e1e6e55d1241435cc430a8693bb10cde4643f59cbfcc256f45f5090c909a14c7fc49d37bfc25af11e8f4c83f4c32d4aabf43b20fa382bb6622a1848f8ffc4dff3408bb4ec7c67a35b4cdaee5e279c0fc0a66093a9f36a60fdd65e6334a804e845c8530b6fda363b5640337d027243ccfb3c177f43e717896e46ead7f72ca06aa0ff1e77247121baf48be9a445f729ca1390fc46151cbd33fcbd7373f27a6ba55c92cbf6945b09b44b9a4e5800d403070ae66048997b2197f02181a097e563f9b9acc841139258a258bc610d3bd891637356b2edc8c184c35c65af91aaf7b1c16d74a5f5f862548139254ecf550631d5f8849afdb5b64cf366ff2633a93f3a18c39b5150245fb5f33c9e4e2d94af6963a70b88f9e7e519f8fa2a0f2e3749de883d0e6f052a949d0fc7153a8693f6d801d7352eb2f7a465c0e: +2770aadd1d123e9547832dfb2a837eba089179ef4f23abc4a53f2a714e423ee23c5fbb07530dd3a20ff35a500e3708926310fed8a899690232b42c15bd86e5dc:3c5fbb07530dd3a20ff35a500e3708926310fed8a899690232b42c15bd86e5dc:a5cc2055eba3cf6f0c6332c1f2ab5854870913b03ff7093bc94f335add44332231d9869f027d82efd5f1227144ab56e3222dc3ddccf062d9c1b0c1024d9b416dfa3ee8a7027923003465e0ffaefb75b9f29dc6bcf213adc5e318fd8ba93a7aa5bfb495de9d7c5e1a196cd3a2d7721f8ba785aa9052a1811c7fcc8f93932765059cab9c9b718945895ef26f3ac048d4cabf91a9e6aa83ac14d43156827837914eb763a23cba53f60f150f4b70203ec1833ff105849457a8da7327661fb23a554164e05fcf0146b10674964be6f6aa0acc94c41ad57180e5180d199bd9102f55d740e81789b15671bbd0670e6de5d97e1ae626d8a0ebc32c8fd9d24737274e47d2dd5941a272e72a598928ad109cde937bf248d57f5d2942983c51e2a89f8f054d5c48dfad8fcf1ffa97f7de6a3a43ca15fc6720efaec69f0836d84223f9776d111ec2bbc69b2dfd58be8ca12c072164b718cd7c246d64:f267715e9a84c7314f2d5869ef4ab8d2149a13f7e8e1c728c423906293b49ce6283454dd1c7b04741df2eabedc4d6ab1397dc95a679df04d2c17d66c79bb7601a5cc2055eba3cf6f0c6332c1f2ab5854870913b03ff7093bc94f335add44332231d9869f027d82efd5f1227144ab56e3222dc3ddccf062d9c1b0c1024d9b416dfa3ee8a7027923003465e0ffaefb75b9f29dc6bcf213adc5e318fd8ba93a7aa5bfb495de9d7c5e1a196cd3a2d7721f8ba785aa9052a1811c7fcc8f93932765059cab9c9b718945895ef26f3ac048d4cabf91a9e6aa83ac14d43156827837914eb763a23cba53f60f150f4b70203ec1833ff105849457a8da7327661fb23a554164e05fcf0146b10674964be6f6aa0acc94c41ad57180e5180d199bd9102f55d740e81789b15671bbd0670e6de5d97e1ae626d8a0ebc32c8fd9d24737274e47d2dd5941a272e72a598928ad109cde937bf248d57f5d2942983c51e2a89f8f054d5c48dfad8fcf1ffa97f7de6a3a43ca15fc6720efaec69f0836d84223f9776d111ec2bbc69b2dfd58be8ca12c072164b718cd7c246d64: +4fdab7c1600e70114b11f533242376af7614b4d5da046ac4bedea21d8a361598a25c9a94d6e4ecd95a4bd6805f762eb1c457a8d45d243238b1839cbba8f441cc:a25c9a94d6e4ecd95a4bd6805f762eb1c457a8d45d243238b1839cbba8f441cc:da405890d11a872c119dab5efcbff61e931f38eccca457edc626d3ea29ed4fe3154fafec1444da74343c06ad90ac9d17b511bcb73bb49d90bafb7c7ea800bd58411df1275c3cae71b700a5dab491a4261678587956aa4a219e1ac6dd3fb2cb8c46197218e726dc7ed234526a6b01c0d72cb93ab3f4f38a08e5940b3f61a72ad2789a0532000fac1d2d2e3ad632ac8b62bb3ff5b99d53597bf4d44b19674924df9b3db3d0253f74627ccab30031c85e291c58b5fa9167522a46746fc307036745d4f9817786e5d300e6c5d503125fea01dec3e3fedbf3861ca2627a0518fb2b24e5a7a014178719e9b345f7b249ce3a413280c8deb674f59a25be92a8ab6400c7c52b0728ae34e22b2ec200c1cbaba2ccd8af29249d17af60c36007a722fc80258a7bebab1cdaad7462a8b7588c2f7e27c6d07afcf60117fed11bd6859e75e3b4fcee3981881e95dd116827dd4b369af069d3c8f2676f8a:5075c090cfbeb6b01802af7f4da5aa4f434d5ee2f3530eebb75c85e08621f83edc08aa96693894a4277633ba81e19e9e55af5c495daa5e1a6f8cbb79c01c7207da405890d11a872c119dab5efcbff61e931f38eccca457edc626d3ea29ed4fe3154fafec1444da74343c06ad90ac9d17b511bcb73bb49d90bafb7c7ea800bd58411df1275c3cae71b700a5dab491a4261678587956aa4a219e1ac6dd3fb2cb8c46197218e726dc7ed234526a6b01c0d72cb93ab3f4f38a08e5940b3f61a72ad2789a0532000fac1d2d2e3ad632ac8b62bb3ff5b99d53597bf4d44b19674924df9b3db3d0253f74627ccab30031c85e291c58b5fa9167522a46746fc307036745d4f9817786e5d300e6c5d503125fea01dec3e3fedbf3861ca2627a0518fb2b24e5a7a014178719e9b345f7b249ce3a413280c8deb674f59a25be92a8ab6400c7c52b0728ae34e22b2ec200c1cbaba2ccd8af29249d17af60c36007a722fc80258a7bebab1cdaad7462a8b7588c2f7e27c6d07afcf60117fed11bd6859e75e3b4fcee3981881e95dd116827dd4b369af069d3c8f2676f8a: +264504604e70d72dc4474dbb34913e9c0f806dfe18c7879a41762a9e4390ec61eb2b518ce7dc71c91f3665581651fd03af84c46bf1fed2433222353bc7ec511d:eb2b518ce7dc71c91f3665581651fd03af84c46bf1fed2433222353bc7ec511d:901d70e67ed242f2ec1dda813d4c052cfb31fd00cfe5446bf3b93fdb950f952d94ef9c99d1c264a6b13c3554a264beb97ed20e6b5d66ad84db5d8f1de35c496f947a23270954051f8e4dbe0d3ef9ab3003dd47b859356cecb81c50affa68c15dadb5f864d5e1bb4d3bada6f3aba1c83c438d79a94bfb50b43879e9cef08a2bfb22fad943dbf7683779746e31c486f01fd644905048b112ee258042153f46d1c7772a0624bcd6941e9062cfda75dc8712533f4057335c298038cbca29ebdb560a295a88339692808eb3481fd9735ea414f620c143b2133f57bb64e44778a8ca70918202d157426102e1dfc0a8f7b1ae487b74f02792633154dfe74caa1b7088fda22fa8b9bc354c585f1567706e2955493870f54169e0d7691159df43897961d24a852ea970c514948f3b48f71ee586e72ec78db820f253e08db84f6f312c4333bd0b732fe75883507783e9a1fd4fbab8e5870f9bf7ad58aa:eea439a00f7e459b402b835150a779eed171ab971bd1b58dcc7f9386dadd583de8dc69e267121dde41f0f9493d450b16219cdf3c22f09482ce402fe17ca49e08901d70e67ed242f2ec1dda813d4c052cfb31fd00cfe5446bf3b93fdb950f952d94ef9c99d1c264a6b13c3554a264beb97ed20e6b5d66ad84db5d8f1de35c496f947a23270954051f8e4dbe0d3ef9ab3003dd47b859356cecb81c50affa68c15dadb5f864d5e1bb4d3bada6f3aba1c83c438d79a94bfb50b43879e9cef08a2bfb22fad943dbf7683779746e31c486f01fd644905048b112ee258042153f46d1c7772a0624bcd6941e9062cfda75dc8712533f4057335c298038cbca29ebdb560a295a88339692808eb3481fd9735ea414f620c143b2133f57bb64e44778a8ca70918202d157426102e1dfc0a8f7b1ae487b74f02792633154dfe74caa1b7088fda22fa8b9bc354c585f1567706e2955493870f54169e0d7691159df43897961d24a852ea970c514948f3b48f71ee586e72ec78db820f253e08db84f6f312c4333bd0b732fe75883507783e9a1fd4fbab8e5870f9bf7ad58aa: +2ca7447a3668b748b1fd3d52d2080d30e34d397bb2846caf8f659ac168788ca5ab331cd40a31d0173c0c8c1c17002532807bf89e3edb6d34c2dd8294632b9fbc:ab331cd40a31d0173c0c8c1c17002532807bf89e3edb6d34c2dd8294632b9fbc:a82bcd9424bffda0f2f5e9eae17835dbe468f61b785aab82934737a91c5f602cb7c617cdffe87cad726a4972e15a7b8ee147f062d2a5a4d89706b571fa8aa2b95981c78abeaaae86203fa2c0e07297406ea8c27111a86dbe1d5a7c3b7ae930904d9890f6d4abebd1412a73ad5feea64acf065d3e63b5cbe20cf20bbd2d8b94f9053ed5f66633482530124446605918de66455e8cf4b101a127233c4e27d5d55bf95bd3195d0340d43531fc75faf8dded5275bf89750de838fd10c31745be4ca41fa871cb0f9b016706a1a7e3c44bb90ac7a8ad51e272389292fd6c98ad7a069e76e3f5f3e0cc770b9e9b35a765d0d93712d7cdabd17e5d01dd8183af4ad9365db0a0fa41381fce60a081df1c5ab0f8c18f95a7a8b582dfff7f149ea579df0623b33b7508f0c663f01e3a2dcd9dfbee51cc615220fdaffdab51bdae42cb9f7fa9e3b7c69cc8ada5ccd642529ba514fdc54fcf2720b8f5d08b95:f93ada15ae9cd2b54f26f86f0c28392aed5eb6b6b44d01a4e33a54e7da37c38e8d53366f73fd85be642e4ec81236d163f0d025e76c8bbdd65d43df49f09c1f01a82bcd9424bffda0f2f5e9eae17835dbe468f61b785aab82934737a91c5f602cb7c617cdffe87cad726a4972e15a7b8ee147f062d2a5a4d89706b571fa8aa2b95981c78abeaaae86203fa2c0e07297406ea8c27111a86dbe1d5a7c3b7ae930904d9890f6d4abebd1412a73ad5feea64acf065d3e63b5cbe20cf20bbd2d8b94f9053ed5f66633482530124446605918de66455e8cf4b101a127233c4e27d5d55bf95bd3195d0340d43531fc75faf8dded5275bf89750de838fd10c31745be4ca41fa871cb0f9b016706a1a7e3c44bb90ac7a8ad51e272389292fd6c98ad7a069e76e3f5f3e0cc770b9e9b35a765d0d93712d7cdabd17e5d01dd8183af4ad9365db0a0fa41381fce60a081df1c5ab0f8c18f95a7a8b582dfff7f149ea579df0623b33b7508f0c663f01e3a2dcd9dfbee51cc615220fdaffdab51bdae42cb9f7fa9e3b7c69cc8ada5ccd642529ba514fdc54fcf2720b8f5d08b95: +494ea9bcce26885b7d17d1fc114448f239f0ce46e5f247b4c999fa86296924726901e5efae57536ba5fdd96b59657359065f25d391a1aa8cdc0d38bb5d53c139:6901e5efae57536ba5fdd96b59657359065f25d391a1aa8cdc0d38bb5d53c139:3badbfa5f5a8aa2cce0a60e686cdce654d24452f98fd54872e7395b39464380a0e185557ea134d095730864f4254d3dd946970c10c804fcc0899dfa024205be0f80b1c75449523324fe6a0751e47b4ff4822b8c33e9eaf1d1d96e0de3d4acd89696b7fcc03d49f92f82b9725700b350db1a87615369545561b8599f5ea920a310a8bafc0e8d7468cbf6f3820e943594afdd5166e4e3309dddd7694ef67e694f34fc62724ff96ac3364176f34e8a02b4cf569db5b8f77d58512aedabf0bcd1c2df12db3a9473f948c5c3243309aae46c49efd088b60f31a8a72ad7e5a35acc5d89fa66807eb5d3ba9cdf08d4753cb85089ee36f5c96b432b6928352afad58012225d6157f9e3611426df921b6d1d8374628a63031e9ffb90e42ffbba021f174f68503155430152c9155dc98ffa26c4fab065e1f8e4622c2f28a8cb043110b617441140f8e20adc16f799d1d5096b1f50532be5042d21b81ea46c7:548a093a680361b7dc56f14503b55eeec3b3f4fd4ca99d6aedce0830f7f4ae2f7328539b34c48fc9760922333dae9c7c017e7db73b8faa6c06be05e347992b063badbfa5f5a8aa2cce0a60e686cdce654d24452f98fd54872e7395b39464380a0e185557ea134d095730864f4254d3dd946970c10c804fcc0899dfa024205be0f80b1c75449523324fe6a0751e47b4ff4822b8c33e9eaf1d1d96e0de3d4acd89696b7fcc03d49f92f82b9725700b350db1a87615369545561b8599f5ea920a310a8bafc0e8d7468cbf6f3820e943594afdd5166e4e3309dddd7694ef67e694f34fc62724ff96ac3364176f34e8a02b4cf569db5b8f77d58512aedabf0bcd1c2df12db3a9473f948c5c3243309aae46c49efd088b60f31a8a72ad7e5a35acc5d89fa66807eb5d3ba9cdf08d4753cb85089ee36f5c96b432b6928352afad58012225d6157f9e3611426df921b6d1d8374628a63031e9ffb90e42ffbba021f174f68503155430152c9155dc98ffa26c4fab065e1f8e4622c2f28a8cb043110b617441140f8e20adc16f799d1d5096b1f50532be5042d21b81ea46c7: +00d735ebaee75dd579a40dfd82508274d01a1572df99b811d5b01190d82192e4ba02517c0fdd3e2614b3f7bf99ed9b492b80edf0495d230f881730ea45bc17c4:ba02517c0fdd3e2614b3f7bf99ed9b492b80edf0495d230f881730ea45bc17c4:59c0b69af95d074c88fdc8f063bfdc31b5f4a9bc9cecdffa8128e01e7c1937dde5eb0570b51b7b5d0a67a3555b4cdce2bca7a31a4fe8e1d03ab32b4035e6dadbf1532059ee01d3d9a7633a0e706a1154cab22a07cd74c06a3cb601244cf3cf35a35c3100ba47f31372a2da65dcff0d7a80a1055d8aa99212e899aad7f02e949e6fee4d3c9cefa85069eaff1f6ad06fc300c871ab82b2bedb934d20875c2a263242cdb7f9be192a8710b24c7ea98d43daec8baa5553c678a38f0e0adf7d3ff2dcc799a1dbad6eab1c3d9458a9db922f02e75cfab9d65c7336dae71895d5bb15cac203f2b38b9996c410f8655ad22d3c091c20b7f926d45e780128f19747462abc5c58932fbb9e0bc62d53868802f1b083f183b8a1f9434986d5cf97c04e2f3e145730cba98779c7fed0cab1c05d5e4653c6c3f6736260bc78ee4372862ffe9e90371d762c7432781f35ced884a4baca05653ef25f25a6f3d5628308:dcdc54611937d2bd06cacd9818b3be15ce7425427a75f50d197a337a3b8ba6714ef48866f243bd5ac7415e914517a2c1c5a953f432b99db0e620d64f74eb850559c0b69af95d074c88fdc8f063bfdc31b5f4a9bc9cecdffa8128e01e7c1937dde5eb0570b51b7b5d0a67a3555b4cdce2bca7a31a4fe8e1d03ab32b4035e6dadbf1532059ee01d3d9a7633a0e706a1154cab22a07cd74c06a3cb601244cf3cf35a35c3100ba47f31372a2da65dcff0d7a80a1055d8aa99212e899aad7f02e949e6fee4d3c9cefa85069eaff1f6ad06fc300c871ab82b2bedb934d20875c2a263242cdb7f9be192a8710b24c7ea98d43daec8baa5553c678a38f0e0adf7d3ff2dcc799a1dbad6eab1c3d9458a9db922f02e75cfab9d65c7336dae71895d5bb15cac203f2b38b9996c410f8655ad22d3c091c20b7f926d45e780128f19747462abc5c58932fbb9e0bc62d53868802f1b083f183b8a1f9434986d5cf97c04e2f3e145730cba98779c7fed0cab1c05d5e4653c6c3f6736260bc78ee4372862ffe9e90371d762c7432781f35ced884a4baca05653ef25f25a6f3d5628308: +8c34b905440b61911d1d8137c53d46a1a76d4609af973e18eb4c5709295627bbb69a8b2fdf5c20e734c2ffb294bc8ae1011d664f11afe7fbc471925cf72fa99d:b69a8b2fdf5c20e734c2ffb294bc8ae1011d664f11afe7fbc471925cf72fa99d:30b57a389b48a0beb1a48432bff6b314bded79c4a1763a5acb57cea1bfb4c6d016cf090f5bd05bbd114e33ae7c17782dfa264f46c45f8c599c603016fe9ff05b6b5a99e92fe713a4cd5c41b292ed2bb2e9cf33a440542e821ec82cbf665c3f02e3dc337d7fdb58e31b27cb2954541468814698510df18c85c81fad12db11ec6b966f4930da5646b991db97445097da30dab61cda53a41083cb96add19de6c5eec323bca9d3530e38c00b35af7360077601be6ac97f3030f930a27b90fe8b6911bae389065adc15e1882300e2a003274d23182d5efd5ba4b9130c07bd5c65fecb8b5cb7eb38836b318befdfd77de4d6ca0181f77ae5740891683225f549dd8426145c97c5818c319f7ab2d868e1a41ceab64c085116069897bf2ca3667652406155ed0646431b6de1ccc03b4279ae4d326679265dce82048e7298e1f87fcec0768ac0f5d8ff84f7210be54d411af8edea7217f4e59413121e148c60da:3e0b72073dc9375eedcca6c4fc1cd315938a050c92716bd2284f4629a962beec0b7d7cf16ab923d58f5b90d3901a8e5c75c8f17dab9998e007d8c49511973d0e30b57a389b48a0beb1a48432bff6b314bded79c4a1763a5acb57cea1bfb4c6d016cf090f5bd05bbd114e33ae7c17782dfa264f46c45f8c599c603016fe9ff05b6b5a99e92fe713a4cd5c41b292ed2bb2e9cf33a440542e821ec82cbf665c3f02e3dc337d7fdb58e31b27cb2954541468814698510df18c85c81fad12db11ec6b966f4930da5646b991db97445097da30dab61cda53a41083cb96add19de6c5eec323bca9d3530e38c00b35af7360077601be6ac97f3030f930a27b90fe8b6911bae389065adc15e1882300e2a003274d23182d5efd5ba4b9130c07bd5c65fecb8b5cb7eb38836b318befdfd77de4d6ca0181f77ae5740891683225f549dd8426145c97c5818c319f7ab2d868e1a41ceab64c085116069897bf2ca3667652406155ed0646431b6de1ccc03b4279ae4d326679265dce82048e7298e1f87fcec0768ac0f5d8ff84f7210be54d411af8edea7217f4e59413121e148c60da: +77a83e18c9f000eeff7deeac959ecba2206c0aa39d2f0e2aed5729482a7a022962b1b316135596bfbca6037ed847c61fb7f09fa36ce90abb7789b86f768b59dd:62b1b316135596bfbca6037ed847c61fb7f09fa36ce90abb7789b86f768b59dd:f3d5fa2acaefd858f1df26e03059cdcbc2468ad74afc993d0db9c4cde4113f8d55c7da71d38ba06520531c61fddb5f33d5f0353be2376e580711be45c0a30b1fa01b55e228c6fa35e3f95b67909fc7df3fd464d93d661a926f9d11f7550c17fbcc3496526e8f10e0c8916677b2be5b319b688f21e81aaa9482e5c93e64ce8c437b9c1e14fefed70a3fee568811dc31cadab3d5b220254465336dc4d97a3bd096b5e065e0cfbe82849e2c1905aca486533f0da7a61f1e9a55b8e2a83262deeb59f2b13d3a8aef5700845b83b25ae2183c0ddac0ce42f8d25674cb0d0d220a6de7c1858bb07d59a3372344d944602aa451d2b937db0fe6feca0beba81721fc361ea7509e2b6d397e1c191b56f54ab436d0d27ab4c061bd661ad1a4452387e8735754d07fa7ef4d4548b172582425b299046e6301b5ba6b914418f149cf722e10bde2e0d41700f12c8429fc897b7819da92292240cd45565458c9a7b29c12:1eaad8420ac12c99ac1ff4476678e3cbbe94da6a797f174664d5ee0f641433fb1e7cb2f5613e10805df8654cd8e0d45d96230932bc7f20b04eae836435134309f3d5fa2acaefd858f1df26e03059cdcbc2468ad74afc993d0db9c4cde4113f8d55c7da71d38ba06520531c61fddb5f33d5f0353be2376e580711be45c0a30b1fa01b55e228c6fa35e3f95b67909fc7df3fd464d93d661a926f9d11f7550c17fbcc3496526e8f10e0c8916677b2be5b319b688f21e81aaa9482e5c93e64ce8c437b9c1e14fefed70a3fee568811dc31cadab3d5b220254465336dc4d97a3bd096b5e065e0cfbe82849e2c1905aca486533f0da7a61f1e9a55b8e2a83262deeb59f2b13d3a8aef5700845b83b25ae2183c0ddac0ce42f8d25674cb0d0d220a6de7c1858bb07d59a3372344d944602aa451d2b937db0fe6feca0beba81721fc361ea7509e2b6d397e1c191b56f54ab436d0d27ab4c061bd661ad1a4452387e8735754d07fa7ef4d4548b172582425b299046e6301b5ba6b914418f149cf722e10bde2e0d41700f12c8429fc897b7819da92292240cd45565458c9a7b29c12: +73b03373ef1fd849005ecd6270dd9906f19f4439e40376cdbc520902bc976812663719e08ba3ba1666f6069a3f54991866b18cc6be41991b02eb3026ff9e155f:663719e08ba3ba1666f6069a3f54991866b18cc6be41991b02eb3026ff9e155f:d5c2deaba795c30aba321bc7de6996f0d90e4d05c747fb4dae8f3451895def6e16e72f38eace756f36635f8fb0b72a3a0c1f54663817a94d4fd346f835ab0e657f001a6f2cecb86d0825bd02639254f7f7f38ca99dbb86c64a633f73baf933aae3563281f4005e2d0e7cec9fbde8e588a957e211068be65b3d3d35bf4e8d5bb3478333df9ced9b2abaf48697994a145e9321499fc5ee560f4fbb6849e1ae8eb3d1de0083a21a03f6a6b28176f0130d3895e50e75e3d7d0947a7bc2c5b9ff69895d27791442ba8d0f2180712b567f712ea912f3b0d92c19342e0106ff1d87b46ad33af300b90855ba9769d366e79425d98e4de19905a04577707cbe625b84691781cd26bf62260b4a8bd605f77af6f970e1b3a112e8918344bd0d8d2e41dfd2ce9895b0246e50887aa3a577ff73be4b6ae60feb0ca36f6a5f8171ed209e5c566529c0940d9b4bd744ccee56e54a9a0c6e4da520dd315c2872b02db563703e:a40abe98fc69da8a1ff9ff5c2cca93632e975980ee8b82c3c376022d6524ab736d01b072f2b681b5f1cd3ea067012ed6d074e949c42327a366caa9e4750a3c08d5c2deaba795c30aba321bc7de6996f0d90e4d05c747fb4dae8f3451895def6e16e72f38eace756f36635f8fb0b72a3a0c1f54663817a94d4fd346f835ab0e657f001a6f2cecb86d0825bd02639254f7f7f38ca99dbb86c64a633f73baf933aae3563281f4005e2d0e7cec9fbde8e588a957e211068be65b3d3d35bf4e8d5bb3478333df9ced9b2abaf48697994a145e9321499fc5ee560f4fbb6849e1ae8eb3d1de0083a21a03f6a6b28176f0130d3895e50e75e3d7d0947a7bc2c5b9ff69895d27791442ba8d0f2180712b567f712ea912f3b0d92c19342e0106ff1d87b46ad33af300b90855ba9769d366e79425d98e4de19905a04577707cbe625b84691781cd26bf62260b4a8bd605f77af6f970e1b3a112e8918344bd0d8d2e41dfd2ce9895b0246e50887aa3a577ff73be4b6ae60feb0ca36f6a5f8171ed209e5c566529c0940d9b4bd744ccee56e54a9a0c6e4da520dd315c2872b02db563703e: +eab179e41ed5c889ffe6aabdc054faf1307c395e46e313e17a14fe01023ffa3086f34746d3f7a01ddbe322f1aca56d22856d38733a3a6900bb08e776450ec803:86f34746d3f7a01ddbe322f1aca56d22856d38733a3a6900bb08e776450ec803:971095cebe5031530224387c5c31966e389b8566390054cf45264b44e18964b7be52c33c4ffb259af16283438fa15dd66bc7791b7533ef10cb0beab524a6437626f4cc74512851adcc2fb129055a482c61107383fb7c5241831d5551634eef0dc0b8f9053a00971aa8fa1ae0898e4b481b6707e97c0f942040b339d92fc17bbade74675af243d8b2dafb15b1db55d12415b85f3037291930ab61600ba3431f8eb425be4491614728af101e81c091f348bc5ffd1bde6ae6cad5c15b3aa7358078cc4effb54a86e7f0e0c55e4cfe0a54605ed443fdf2aaba016585da617e77341d52889d75dd540d39fe8b7993ed705cfddea0cb0d5a731d6bfcdb816afaff47e963eedebdf241af5593353d6d401a34f029a8cdeb1904cc2caa4f9635cc2ba6b7b1a29da625ffc383be2f5a8f1fa4f39b2d4b4f4c2d8838ce258a04d4a120493fdf07f68c0ffd1c16b768a35c55fea2cac696b5c20efc10865cde8a64627dcd:143cb28027c2f82e375e5f340e7fe6e60ce7bd51000b49c74168af85e26ed2ed630ed2672090164cc54b052da694ebdd21a21b3053f4dcfd7895ea5f6c8aa80d971095cebe5031530224387c5c31966e389b8566390054cf45264b44e18964b7be52c33c4ffb259af16283438fa15dd66bc7791b7533ef10cb0beab524a6437626f4cc74512851adcc2fb129055a482c61107383fb7c5241831d5551634eef0dc0b8f9053a00971aa8fa1ae0898e4b481b6707e97c0f942040b339d92fc17bbade74675af243d8b2dafb15b1db55d12415b85f3037291930ab61600ba3431f8eb425be4491614728af101e81c091f348bc5ffd1bde6ae6cad5c15b3aa7358078cc4effb54a86e7f0e0c55e4cfe0a54605ed443fdf2aaba016585da617e77341d52889d75dd540d39fe8b7993ed705cfddea0cb0d5a731d6bfcdb816afaff47e963eedebdf241af5593353d6d401a34f029a8cdeb1904cc2caa4f9635cc2ba6b7b1a29da625ffc383be2f5a8f1fa4f39b2d4b4f4c2d8838ce258a04d4a120493fdf07f68c0ffd1c16b768a35c55fea2cac696b5c20efc10865cde8a64627dcd: +fbf146ebd51075570ec51ac410ae9f391db75b610ada6362b4dbd949656cfb66be7c2f5b21d746c8ea3245ce6f268e9da74e00fa85c9c475260c68fa1af6361f:be7c2f5b21d746c8ea3245ce6f268e9da74e00fa85c9c475260c68fa1af6361f:cd7ad4f17fcff73acc402dc102d09079b29aaf2a0f4b27cf6beeb1e2b23d19ab47deb3ae1becd68861ea279c46691738f4fff47c43047c4f8b56b6bbcc3fde0723d44120dcd307a6310dc4f366b8f3cd52db19b8266a487f7872391c45fe0d3248a7abf2c20022d3769547f683067dcc363cd22fd7cda3cadc15804056f0e2aa2b795008c598be7a961805e6df291ba3041c47ff5640275f46e6ae82092d21abcbcfba11e730216008822de3ce462400596da79f7ae5d1df8389112ad98868fa94fb0546bfe6a67aa8d28c4d32072d2eadd6256255f18c2382e662dfa922a680e06a43622c4871d27d1807f7b2703070c83db8dd929c06038b2183cb8e2b9ec4c778d7ecf9e9ffac77fa7737b055feac2e7982aeeec0b72f1bbca2424e1a844bbac79cb2e7400f81dc449d0560b521a7c16bb4167e6696586058a9b8ed2e5116690b77f2a17e5c0b16a83dcbd2e24552293e258b32ba7f844944379342698627:6768006fe0f201b217dd10eb05d4b82adcfeb2ecfc8373c3308f4150394811eb60491881a2e53d1289d96478e18a64c34b2a19832cdccfd96a2e4a0c469fdc0bcd7ad4f17fcff73acc402dc102d09079b29aaf2a0f4b27cf6beeb1e2b23d19ab47deb3ae1becd68861ea279c46691738f4fff47c43047c4f8b56b6bbcc3fde0723d44120dcd307a6310dc4f366b8f3cd52db19b8266a487f7872391c45fe0d3248a7abf2c20022d3769547f683067dcc363cd22fd7cda3cadc15804056f0e2aa2b795008c598be7a961805e6df291ba3041c47ff5640275f46e6ae82092d21abcbcfba11e730216008822de3ce462400596da79f7ae5d1df8389112ad98868fa94fb0546bfe6a67aa8d28c4d32072d2eadd6256255f18c2382e662dfa922a680e06a43622c4871d27d1807f7b2703070c83db8dd929c06038b2183cb8e2b9ec4c778d7ecf9e9ffac77fa7737b055feac2e7982aeeec0b72f1bbca2424e1a844bbac79cb2e7400f81dc449d0560b521a7c16bb4167e6696586058a9b8ed2e5116690b77f2a17e5c0b16a83dcbd2e24552293e258b32ba7f844944379342698627: +dff0eb6b426dea2fd33c1d3fc24df9b31b486facb7edb8502954a3e8da99d9fdc245085ece69fb9aa560d0c27fdb634f7a840d41d8463660fbe82483b0f3cc3a:c245085ece69fb9aa560d0c27fdb634f7a840d41d8463660fbe82483b0f3cc3a:e7c9e313d86160f4c74aa0ae07369ee22b27f81b3f69097affae28dae48483fb52a5c062306b59610f5cdbff6332b1960cd6f2b8f7b41578c20f0bc9637a0fdfc739d61f699a573f1c1a0b49294506cf4487965e5bb07bbf81803cb3d5cb3829c66c4bee7fc800ede216150934d277dea50edb097b992f11bb669fdf140bf6ae9fec46c3ea32f888fde9d154ea84f01c51265a7d3fef6eefc1ccdbffd1e2c897f05546a3b1ca11d9517cd667c660ec3960f7a8e5e80202a78d3a388b92f5c1dee14ae6acf8e17c841c9557c35a2eeced6e6af6372148e483ccd06c8fe344924e1019fb91cbf7941b9a176a073415867210670410c5dbd0ac4a50e6c0a509ddfdc555f60d696d41c77db8e6c84d5181f872755e64a721b061fcd68c463db4d32c9e01ea501267de22879d7fc12c8ca0379edb45abaa6e64dda2af6d40ccf24fbebad7b5a8d3e52007945ecd3ddc1e3efeb522581ac80e98c863ba0c590a3ed95cd1:6b48b10f545ddb7a89cd5829f4e5b20146cf6bc96e550d06f65de8bdae7ccdded26cd630f86c9266bccf88e924033e04f83a54f8290d7f734cf8673cca8f9703e7c9e313d86160f4c74aa0ae07369ee22b27f81b3f69097affae28dae48483fb52a5c062306b59610f5cdbff6332b1960cd6f2b8f7b41578c20f0bc9637a0fdfc739d61f699a573f1c1a0b49294506cf4487965e5bb07bbf81803cb3d5cb3829c66c4bee7fc800ede216150934d277dea50edb097b992f11bb669fdf140bf6ae9fec46c3ea32f888fde9d154ea84f01c51265a7d3fef6eefc1ccdbffd1e2c897f05546a3b1ca11d9517cd667c660ec3960f7a8e5e80202a78d3a388b92f5c1dee14ae6acf8e17c841c9557c35a2eeced6e6af6372148e483ccd06c8fe344924e1019fb91cbf7941b9a176a073415867210670410c5dbd0ac4a50e6c0a509ddfdc555f60d696d41c77db8e6c84d5181f872755e64a721b061fcd68c463db4d32c9e01ea501267de22879d7fc12c8ca0379edb45abaa6e64dda2af6d40ccf24fbebad7b5a8d3e52007945ecd3ddc1e3efeb522581ac80e98c863ba0c590a3ed95cd1: +9f32958c7679b90fd5036056a75ec2eb2f56ec1effc7c012461dc89a3a1674201d7269dcb6d1f584e662d4ce251de0aba290ef78b97d448afb1e5333f1976d26:1d7269dcb6d1f584e662d4ce251de0aba290ef78b97d448afb1e5333f1976d26:a56ba86c71360504087e745c41627092ad6b49a71e9daa5640e1044bf04d4f071ad728779e95d1e2460584e6f0773545da82d4814c9189a120f12f3e3819813e5b240d0f26436f70ee353b4d20cea54a1460b5b8f1008d6f95f3aa2d8f1e908fced50d624e3a096938b9353854b96da463a2798a5a312ec790842c10c446e3350c764bf5c972593b9987bf23256daa8894d47f22e85b97607e66fc08a12c789c4746080368d321bb9015a1155b65523ad8e99bb989b44eac756b0734acd7c6357c70b59743246d1652d91b0f9896965141345b9945cf34980452f3502974edb76b9c785fb0f4395266b055f3b5db8aab68e9d7102a1cd9ee3d142504f0e88b282e603a738e051d98de05d1fcc65b5f7e99c4111cc0aec489abd0ecad311bfc13e7d1653b9c31e81c998037f959d5cd980835aa0e0b09bcbed634391151da02bc01a36c9a5800afb984163a7bb815edbc0226eda0595c724ca9b3f8a71178f0d20a5a:9881a5763bdb259a3fefbba3d957162d6c70b804fa94ab613406a6ec42505b8789465ca1a9a33e1895988842270c55e5bdd5483f6b17b31781b593507a6c1808a56ba86c71360504087e745c41627092ad6b49a71e9daa5640e1044bf04d4f071ad728779e95d1e2460584e6f0773545da82d4814c9189a120f12f3e3819813e5b240d0f26436f70ee353b4d20cea54a1460b5b8f1008d6f95f3aa2d8f1e908fced50d624e3a096938b9353854b96da463a2798a5a312ec790842c10c446e3350c764bf5c972593b9987bf23256daa8894d47f22e85b97607e66fc08a12c789c4746080368d321bb9015a1155b65523ad8e99bb989b44eac756b0734acd7c6357c70b59743246d1652d91b0f9896965141345b9945cf34980452f3502974edb76b9c785fb0f4395266b055f3b5db8aab68e9d7102a1cd9ee3d142504f0e88b282e603a738e051d98de05d1fcc65b5f7e99c4111cc0aec489abd0ecad311bfc13e7d1653b9c31e81c998037f959d5cd980835aa0e0b09bcbed634391151da02bc01a36c9a5800afb984163a7bb815edbc0226eda0595c724ca9b3f8a71178f0d20a5a: +f86d6f766f88b00717b7d6327eb26cf3ceeba5385184426f9cfd8295e2421ff2cb1d250504754183704dbe21c323d66f9f9011758f6d8dab6f597b199662145b:cb1d250504754183704dbe21c323d66f9f9011758f6d8dab6f597b199662145b:da8423a6b7a18f20aa1f90ed2331b17b24067c40175bc25d8109e21d87ac00528eb3b2f66a2b52dc7ef2f8cecb75c76099cfa23db8da897043ba1cce31e2dfea46075f5e073203eaeb3d62c84c107b6dab33a14eaf149aa61850c15f5a58d88a15aba9196f9e495e8dbecbcf7e8444f5dd72a08a099d7f6209990b562974ea829ef11d29a920e3a799d0d92cb50d50f817631ab09de97c31e9a05f4d78d649fcd93a83752078ab3bb0e16c564d4fb07ca923c0374ba5bf1eea7e73668e135031feafcbb47cbc2ae30ec16a39b9c337e0a62eecdd80c0b7a04924ac3972da4fa9299c14b5a53d37b08bf02268b3bac9ea9355090eeb04ad87bee0593ba4e4443dda38a97afbf2db9952df63f178f3b4c52bcc132be8d9e26881213abdeb7e1c44c4061548909f0520f0dd7520fc408ea28c2cebc0f53063a2d30570e05350e52b390dd9b67662984847be9ad9b4cd50b069ffd29dd9c62ef14701f8d012a4a70c8431cc:ec61c0b292203a8f1d87235ede92b74723c8d23408423773ae50b1e9bc4464e03e446da9dce4c39f6dd159bea26c009ed00120bc36d4a247dc0d24bcefcc110cda8423a6b7a18f20aa1f90ed2331b17b24067c40175bc25d8109e21d87ac00528eb3b2f66a2b52dc7ef2f8cecb75c76099cfa23db8da897043ba1cce31e2dfea46075f5e073203eaeb3d62c84c107b6dab33a14eaf149aa61850c15f5a58d88a15aba9196f9e495e8dbecbcf7e8444f5dd72a08a099d7f6209990b562974ea829ef11d29a920e3a799d0d92cb50d50f817631ab09de97c31e9a05f4d78d649fcd93a83752078ab3bb0e16c564d4fb07ca923c0374ba5bf1eea7e73668e135031feafcbb47cbc2ae30ec16a39b9c337e0a62eecdd80c0b7a04924ac3972da4fa9299c14b5a53d37b08bf02268b3bac9ea9355090eeb04ad87bee0593ba4e4443dda38a97afbf2db9952df63f178f3b4c52bcc132be8d9e26881213abdeb7e1c44c4061548909f0520f0dd7520fc408ea28c2cebc0f53063a2d30570e05350e52b390dd9b67662984847be9ad9b4cd50b069ffd29dd9c62ef14701f8d012a4a70c8431cc: +a5b34cefab9479df8389d7e6f6c146aa8affb0bec837f78af64624a145cc344e7b0f4f24d9972bc6fe83826c52716ad1e0d7d19f123858cb3e99fa636ac9631a:7b0f4f24d9972bc6fe83826c52716ad1e0d7d19f123858cb3e99fa636ac9631a:e21e98af6c2bac70557eb0e864da2c2b4d6c0a39a059d3477251f6178a39676f4749e7fbea623f148a43a8b0fe0610506fa658abd2f5fa39198f2636b724db22d1aebc2ab07b2b6dbffdee8cece81e1af1493ec1964e16bf86ab258ca0feb77e3c8717e44038abe152c14be15660bf93b2d48d92c4ed7074d2494210621bcf204fba88c654d5ffe01e1a53d08f70bb237089dc807216ff6a85dbec3102237d42590778acf6c1dc566d5a2bb9a63bc21c329c272e5965baeeb0fe891de3cc8cbfa8e541a8881df68942e7ff8dc656bd08575f6aaf924a176d663b1a1f43574d11768c701b269561e55438dbebfd443d2115cb933d1cde4a915b54c325c27f499ef02bd012ff1f9a36390922887600fe712bcdc23eb5974a305372ad52951f83f0e58cc49e289841621917f1fcb0235147240dae4cf3b99b6ac6d8de94efe7c4436714508bcd0114c56068ff1b7c16d51bd906437874d6549ab5d8087896872ec8a09d7412:2fbd899d72b6d39e4f45b8b62cbbd5f3c0acb1ad8540913fa585877e91ccfef7bee50a4b0f9fedf5cc1e0d1953ad399c8389a93391e1b7c929af6d6f3b796c08e21e98af6c2bac70557eb0e864da2c2b4d6c0a39a059d3477251f6178a39676f4749e7fbea623f148a43a8b0fe0610506fa658abd2f5fa39198f2636b724db22d1aebc2ab07b2b6dbffdee8cece81e1af1493ec1964e16bf86ab258ca0feb77e3c8717e44038abe152c14be15660bf93b2d48d92c4ed7074d2494210621bcf204fba88c654d5ffe01e1a53d08f70bb237089dc807216ff6a85dbec3102237d42590778acf6c1dc566d5a2bb9a63bc21c329c272e5965baeeb0fe891de3cc8cbfa8e541a8881df68942e7ff8dc656bd08575f6aaf924a176d663b1a1f43574d11768c701b269561e55438dbebfd443d2115cb933d1cde4a915b54c325c27f499ef02bd012ff1f9a36390922887600fe712bcdc23eb5974a305372ad52951f83f0e58cc49e289841621917f1fcb0235147240dae4cf3b99b6ac6d8de94efe7c4436714508bcd0114c56068ff1b7c16d51bd906437874d6549ab5d8087896872ec8a09d7412: +ad75c9ce299c4d59393367d77a4c9f8df8dcec765c6dbd25b527fb7669913604b9910548fe6312a119c9993eebcfb9dc90030ffb0e4de2b7ccd23cbeb4fef71b:b9910548fe6312a119c9993eebcfb9dc90030ffb0e4de2b7ccd23cbeb4fef71b:62fc5ab67deb1fee9ab6cca3b88a1df1e589f0fd4a88f4aa7738948761fe84372c5b18e4655220c1d84d52acad32e229a5c756c20fc62fe4b4b4e5fd7077ae4ed5397aa796f2307ceedb6505b39297856f4aeb5e70938e36ee24a0ac7d9868306f6b53910623b7dc89a6672ad738576ed5d88831dd338321c8902bc2061f65e94d452fdfa0dc665cefb92308e52301bd4627006b363d06b775a395914d8c863e95a00d6893f3376134c429f56478145e4456f7a12d65bb2b8965d728cb2ddbb708f7125c237095a92195d92fa727a372f3545ae701f3808fee802c8967a76e8a940e55fb2d810bfb47ada156f0eda1829b159cf05c7f36cf3847d7b21de84c3dc0fe658347f79396a01139a508b60022db1c0e5aeef47e445e66f783e62c96597bdb16f209c08a9132c7573136170ee3ebf24261265a89fb4f10333375e20b33ab7403464f5249461c6853c5fddb9f58af816892910393a7077b799fdc3489720998feea86:6b7ef27bcfbf2b714985033764fccff555e3f5bc44610d6c8c62117cb3831a07f4a8bddb0eaed1d46b0289b15de1aa4dcc17d71be96a09e66ba4dc4627c7870562fc5ab67deb1fee9ab6cca3b88a1df1e589f0fd4a88f4aa7738948761fe84372c5b18e4655220c1d84d52acad32e229a5c756c20fc62fe4b4b4e5fd7077ae4ed5397aa796f2307ceedb6505b39297856f4aeb5e70938e36ee24a0ac7d9868306f6b53910623b7dc89a6672ad738576ed5d88831dd338321c8902bc2061f65e94d452fdfa0dc665cefb92308e52301bd4627006b363d06b775a395914d8c863e95a00d6893f3376134c429f56478145e4456f7a12d65bb2b8965d728cb2ddbb708f7125c237095a92195d92fa727a372f3545ae701f3808fee802c8967a76e8a940e55fb2d810bfb47ada156f0eda1829b159cf05c7f36cf3847d7b21de84c3dc0fe658347f79396a01139a508b60022db1c0e5aeef47e445e66f783e62c96597bdb16f209c08a9132c7573136170ee3ebf24261265a89fb4f10333375e20b33ab7403464f5249461c6853c5fddb9f58af816892910393a7077b799fdc3489720998feea86: +1ced574529b9b416977e92eb39448a8717cac2934a243a5c44fb44b73ccc16da85e167d5f062fee82014f3c8b1beaed8eefb2c22d8649c424b86b21b11eb8bda:85e167d5f062fee82014f3c8b1beaed8eefb2c22d8649c424b86b21b11eb8bda:1b3b953cce6d15303c61ca707609f70e7250f6c0deba56a8ce522b5986689651cdb848b842b2229661b8eeabfb8570749ed6c2b10a8fbf515053b5ea7d7a9228349e4646f9505e198029fec9ce0f38e4e0ca73625842d64caf8ced070a6e29c743586aa3db6d82993ac71fd38b783162d8fe04ffd0fa5cbc381d0e219c91937df6c973912fc02fda5377312468274c4bee6dca7f79c8b544861ed5babcf5c50e1473491be01708ac7c9ff58f1e40f855497ce9d7cc47b9410f2edd00f6496740243b8d03b2f5fa742b9c630867f77ac42f2b62c14e5ebddc7b647a05fff43670745f2851eff4909f5d27d57ae87f61e965ee60fdf97724c59267f2610b7ad5de919856d64d7c212659ce8656149b6a6d29d8f92b312be50b6e2a431d36ae022b00a6fe360e3af65432899c43be0427e36d21cfec81f21aa53b33db5ed2c37da8f96ac3e7dc67a1de37546cf7de1008c7e1adbe0f34fa7eb2434d94e6a13f4cf86a98d497622f:e0303aefe08a77738dcc657afbb9b835ed279613a53c73fdc5ddbfb350e5cff4d6c9bb43dc07c95bf4e23b64c40f8804c7169952e3c8d59a7197241bfed0740f1b3b953cce6d15303c61ca707609f70e7250f6c0deba56a8ce522b5986689651cdb848b842b2229661b8eeabfb8570749ed6c2b10a8fbf515053b5ea7d7a9228349e4646f9505e198029fec9ce0f38e4e0ca73625842d64caf8ced070a6e29c743586aa3db6d82993ac71fd38b783162d8fe04ffd0fa5cbc381d0e219c91937df6c973912fc02fda5377312468274c4bee6dca7f79c8b544861ed5babcf5c50e1473491be01708ac7c9ff58f1e40f855497ce9d7cc47b9410f2edd00f6496740243b8d03b2f5fa742b9c630867f77ac42f2b62c14e5ebddc7b647a05fff43670745f2851eff4909f5d27d57ae87f61e965ee60fdf97724c59267f2610b7ad5de919856d64d7c212659ce8656149b6a6d29d8f92b312be50b6e2a431d36ae022b00a6fe360e3af65432899c43be0427e36d21cfec81f21aa53b33db5ed2c37da8f96ac3e7dc67a1de37546cf7de1008c7e1adbe0f34fa7eb2434d94e6a13f4cf86a98d497622f: +f0790d93e2d3b84f61ef4c807147aba410e415e72b71b0d61d01026fed99da3defdf649fb033cf328e0b287796f8a25e9c6e2e871b33c2c21a4028a8a25a4b28:efdf649fb033cf328e0b287796f8a25e9c6e2e871b33c2c21a4028a8a25a4b28:7973e9f32d74805992eb65da0d637335e50eff0ce68ea2d1f3a02de704492b9cfbe7e7ba96fdb42bb821a513d73fc60402e92c855deaed73ffeaf70952029062c833e14ec1b14f144e2207f6a0e727e5a7e3cbab27d5972970f69518a15b093e740cc0ce11bf5248f0826b8a98bde8bf2c7082c97aff158d08371118c89021cc3974ae8f76d86673c3f824b62c79c4b41f40eaa8943738f03300f68cbe175468eb235a9ff0e6537f8714e97e8f08ca444e41191063b5fabd156e85dcf66606b81dad4a95065584b3e0658c20a706eaf4a0777da4d2e0cd2a0fca60109c2b4403db3f03cd4781c1fbb0272202bcb11687808c50cb98f64b7f3fd3d43333bb5a061b9e377090abb1e0a885cb26b73c163e63ff6451ff2f4ec8249c7e152bd03973a1e964e2b5b235281a938399a112a24529e383a560dc50bb1b622ad74ef35658dcb10ffe022568ac3ffae5b465a8ed7643e8561b352ee9944a35d882c712b187788a0abae5a22f:08773a6a78762cbb1e25fcbb29139941bdf16f4e09a1fa08fc701f32f933edd74c0ae983c12a0a5b020b6bcf44bb719dde8ed0781a8298265640e1608c98b3017973e9f32d74805992eb65da0d637335e50eff0ce68ea2d1f3a02de704492b9cfbe7e7ba96fdb42bb821a513d73fc60402e92c855deaed73ffeaf70952029062c833e14ec1b14f144e2207f6a0e727e5a7e3cbab27d5972970f69518a15b093e740cc0ce11bf5248f0826b8a98bde8bf2c7082c97aff158d08371118c89021cc3974ae8f76d86673c3f824b62c79c4b41f40eaa8943738f03300f68cbe175468eb235a9ff0e6537f8714e97e8f08ca444e41191063b5fabd156e85dcf66606b81dad4a95065584b3e0658c20a706eaf4a0777da4d2e0cd2a0fca60109c2b4403db3f03cd4781c1fbb0272202bcb11687808c50cb98f64b7f3fd3d43333bb5a061b9e377090abb1e0a885cb26b73c163e63ff6451ff2f4ec8249c7e152bd03973a1e964e2b5b235281a938399a112a24529e383a560dc50bb1b622ad74ef35658dcb10ffe022568ac3ffae5b465a8ed7643e8561b352ee9944a35d882c712b187788a0abae5a22f: +4cb9df7ce6fae9d62ba09e8eb70e4c969bdeafcb5ec7d7024326e6603b0621bf018069dd0eb44055a35cd8c77c37ca9fb1ad2417271385e134b2f4e81f52033c:018069dd0eb44055a35cd8c77c37ca9fb1ad2417271385e134b2f4e81f52033c:14627d6ea0e7895460759476dc74c42800ceef994327518151490d9df23067914e44788a12768ccb25471b9c3ba9d14fb436dcba38429b3a0456877763c49175d0e082683e07a9058f3685c6279307b2303d1221b9c29793d8a4877f6df51587384dadf751c5f7bfbd207d519622c37b51ceeee2c20d8269f8cb88d3fe43d6d434d5bbd0e203c1532d97ba552147227496c87f67b50bb76193add0144df1c176657585408362ca2ed04ad62acf1c25e341dfd1498d85b4b1349a8b0b9b02c43523c55853419bfed37d5a2cdf17dfbf1a3bd7759d6ae180f9d27dcd9a8933e29a7c0a30771eea7c2e0fa242925d2336dce585629057d844323964f6d3d11ff0b3f829a3be8c9f0468a6823d8e70ab5a2da21e15fa8b041a29812222e9c30b2bd9a12d1fdee6f87876e8ce81009637a8bb2236129a47ca74289ee4aad429ffe29f47430241ca8cc3848b7200fd6e1470651a9a0a6f72c9033e831df051408a6260f65cbaf6e012b18e:e33c07836c537d6bfbd0f4592d6e35b163499ba78dc7ffcec565d04f9a7db781943e29e6ce76763e9baddf57437fd9c6b03239a6e6850e4502a356c2e12c370514627d6ea0e7895460759476dc74c42800ceef994327518151490d9df23067914e44788a12768ccb25471b9c3ba9d14fb436dcba38429b3a0456877763c49175d0e082683e07a9058f3685c6279307b2303d1221b9c29793d8a4877f6df51587384dadf751c5f7bfbd207d519622c37b51ceeee2c20d8269f8cb88d3fe43d6d434d5bbd0e203c1532d97ba552147227496c87f67b50bb76193add0144df1c176657585408362ca2ed04ad62acf1c25e341dfd1498d85b4b1349a8b0b9b02c43523c55853419bfed37d5a2cdf17dfbf1a3bd7759d6ae180f9d27dcd9a8933e29a7c0a30771eea7c2e0fa242925d2336dce585629057d844323964f6d3d11ff0b3f829a3be8c9f0468a6823d8e70ab5a2da21e15fa8b041a29812222e9c30b2bd9a12d1fdee6f87876e8ce81009637a8bb2236129a47ca74289ee4aad429ffe29f47430241ca8cc3848b7200fd6e1470651a9a0a6f72c9033e831df051408a6260f65cbaf6e012b18e: +a136e009d53e5ef59d0946bc175663a86bc0fcd29eadd95cfc9d266037b1e4fb9c1806ec0454f58314eb8397d64287dee386640d8491aba364607688841715a0:9c1806ec0454f58314eb8397d64287dee386640d8491aba364607688841715a0:a49d1c3d49e13c2eda56868a8824aa9f8d2bf72f21955ebafd07b3bdc8e924de20936cee513d8a64a47173a3bd659eff1accff8244b26aae1a0c27fa891bf4d85e8fb1b76a6cab1e7f74c89ee07bb40d714326f09b3fd40632fad208ea816f9072028c14b5b54ecc1c5b7fc809e7e0786e2f11495e76017eb62aa4563f3d00ee84348d9838cd17649f6929a6d206f60e6fc82e0c3464b27e0e6abd22f4469bdfd4cb54f77e329b80f71bf42129ec13c9dfe192adfaa42ee3ddeeda385816fbad5f411938c63b560f4ecd94534be7d98725cd94c99ce492f0f069ba0ec08f877a7812ef27ae19d7a77be63f66bcf8d6cf3a1a61fc9cfef104c7462a21ca7f03afb5bb1ac8c75124b554e8d044b810d95ff8c9dd09a34484d8c4b6c95f95c3c22823f52ce844293724d5259191f1ba0929e2acdbb8b9a7a8adf0c52e78acdfdf057b0985881afbed4dbebdebbdae0a2b63bd4e90f96afdcbbd78f506309f9bdb650013cb73faed73904e:bc094ba91c115dee15d753361a75f3f03d6af45c92157e95dbe8d32194b6c5ce72b9dc66f73df12dca0b639f3e791d478616a1f8d7359a42c8eae0dda16b1606a49d1c3d49e13c2eda56868a8824aa9f8d2bf72f21955ebafd07b3bdc8e924de20936cee513d8a64a47173a3bd659eff1accff8244b26aae1a0c27fa891bf4d85e8fb1b76a6cab1e7f74c89ee07bb40d714326f09b3fd40632fad208ea816f9072028c14b5b54ecc1c5b7fc809e7e0786e2f11495e76017eb62aa4563f3d00ee84348d9838cd17649f6929a6d206f60e6fc82e0c3464b27e0e6abd22f4469bdfd4cb54f77e329b80f71bf42129ec13c9dfe192adfaa42ee3ddeeda385816fbad5f411938c63b560f4ecd94534be7d98725cd94c99ce492f0f069ba0ec08f877a7812ef27ae19d7a77be63f66bcf8d6cf3a1a61fc9cfef104c7462a21ca7f03afb5bb1ac8c75124b554e8d044b810d95ff8c9dd09a34484d8c4b6c95f95c3c22823f52ce844293724d5259191f1ba0929e2acdbb8b9a7a8adf0c52e78acdfdf057b0985881afbed4dbebdebbdae0a2b63bd4e90f96afdcbbd78f506309f9bdb650013cb73faed73904e: +ff0f1c57dd884fbeea6e2917282b79ba67f8a6851267b9f4636dafda33bd2b5bfef6378ad12a7c252fa6eb742b05064b41530ff019dc680ab544c027ea2836e7:fef6378ad12a7c252fa6eb742b05064b41530ff019dc680ab544c027ea2836e7:522a5e5eff5b5e98fad6878a9d72df6eb318622610a1e1a48183f5590ecef5a6df671b28be91c88cdf7ae2881147fe6c37c28b43f64cf981c455c59e765ce94e1b6491631deaeef6d1da9ebca88643c77f83eae2cfdd2d97f604fe45081d1be5c4ae2d875996b8b6fecd707d3fa219a93ba0488e55247b405e330cfb97d31a1361c9b2084bdb13fb0c058925db8c3c649c9a3e937b533cc6310fa3b16126fb3cc9bb2b35c5c8300015488a30fadca3c8871fa70dfdc7055bf8e631f20c9b2528311e324a7c4edd5462079f3441c9ecf55fa999e731372344fdc0d413e417aaa001a1b2d3d9bc000fec1b02bd7a88a812d9d8a66f9464764c070c93041eefb17ce74eff6d4aff75f0cbf6a789a9ecde74abe33130fca0da853aa7c3313ada3f0ae2f595c6796a93685e729dd18a669d6381825ab3f36a391e7525b2a807a52fa5ec2a030a8cf3b77337ac41fceb580e845eed655a48b547238c2e8137c92f8c27e585caad3106eee3814a:d5008486726cce330a29dd7e4d7474d735798201afd1206feb869a112e5b43523c06976761be3cf9b2716378273c94f93572a7d2b8982634e0755c632b449008522a5e5eff5b5e98fad6878a9d72df6eb318622610a1e1a48183f5590ecef5a6df671b28be91c88cdf7ae2881147fe6c37c28b43f64cf981c455c59e765ce94e1b6491631deaeef6d1da9ebca88643c77f83eae2cfdd2d97f604fe45081d1be5c4ae2d875996b8b6fecd707d3fa219a93ba0488e55247b405e330cfb97d31a1361c9b2084bdb13fb0c058925db8c3c649c9a3e937b533cc6310fa3b16126fb3cc9bb2b35c5c8300015488a30fadca3c8871fa70dfdc7055bf8e631f20c9b2528311e324a7c4edd5462079f3441c9ecf55fa999e731372344fdc0d413e417aaa001a1b2d3d9bc000fec1b02bd7a88a812d9d8a66f9464764c070c93041eefb17ce74eff6d4aff75f0cbf6a789a9ecde74abe33130fca0da853aa7c3313ada3f0ae2f595c6796a93685e729dd18a669d6381825ab3f36a391e7525b2a807a52fa5ec2a030a8cf3b77337ac41fceb580e845eed655a48b547238c2e8137c92f8c27e585caad3106eee3814a: +0bc6af64de5709d3dbc28f7ef6d3fe28b6de529f08f5857ccb910695de454f56fb491fc900237bdc7e9a119f27150cd911935cd3628749ff40ef41f3955bc8ac:fb491fc900237bdc7e9a119f27150cd911935cd3628749ff40ef41f3955bc8ac:ac7886e4f4172a22c95e8eea37437b375d72accedcee6cc6e816763301a2d8ef4d6f31a2c1d635818b7026a395ce0dafd71c5180893af76b7ea056c972d680eca01dcbdbae6b26f1c5f33fc988b824fbbe00cacc316469a3bae07aa7c8885af7f65f42e75cef94dbb9aab4825143c85070e7716b7612f64ef0b0166011d23eb5654aa098b02d8d71e57c8fa17bff2fe97dc8193177eadc09fb192d80aa92afa98720d4614817ff3c39d3acce18906fa3de09618931d0d7a60c4429cbfa20cf165c947929ac293ae6c06e7e8f25f1264291e3e1c98f5d93e6ecc2389bc60dbbf4a621b132c552a99c95d26d8d1af61138b570a0de4b497ebe8051c7273a98e6e7876d0b327503af3cb2cc4091ce1925cb2f2957f4ec56ee90f8a09dd57d6e83067a356a4cfe65b1b7a4465da2ab133b0efb5e7d4dbb811bcbbde712afbf0f7dd3f326222284b8c74eac7ad6257fa8c632b7da2559a6266e91e0ef90dbb0aa968f75376b693fcaa5da342221:dbc7134d1cd6b0813b53352714b6df939498e91cf37c324337d9c088a1b998347d26185b430900412929e4f63e910379fc42e355a4e98f6fee27dafad1957206ac7886e4f4172a22c95e8eea37437b375d72accedcee6cc6e816763301a2d8ef4d6f31a2c1d635818b7026a395ce0dafd71c5180893af76b7ea056c972d680eca01dcbdbae6b26f1c5f33fc988b824fbbe00cacc316469a3bae07aa7c8885af7f65f42e75cef94dbb9aab4825143c85070e7716b7612f64ef0b0166011d23eb5654aa098b02d8d71e57c8fa17bff2fe97dc8193177eadc09fb192d80aa92afa98720d4614817ff3c39d3acce18906fa3de09618931d0d7a60c4429cbfa20cf165c947929ac293ae6c06e7e8f25f1264291e3e1c98f5d93e6ecc2389bc60dbbf4a621b132c552a99c95d26d8d1af61138b570a0de4b497ebe8051c7273a98e6e7876d0b327503af3cb2cc4091ce1925cb2f2957f4ec56ee90f8a09dd57d6e83067a356a4cfe65b1b7a4465da2ab133b0efb5e7d4dbb811bcbbde712afbf0f7dd3f326222284b8c74eac7ad6257fa8c632b7da2559a6266e91e0ef90dbb0aa968f75376b693fcaa5da342221: +2f5e83bd5b412e71ae3e9084cd369efcc79bf6037c4b174dfd6a11fb0f5da218a22a6da29a5ef6240c49d8896e3a0f1a4281a266c77d383ee6f9d25ffacbb872:a22a6da29a5ef6240c49d8896e3a0f1a4281a266c77d383ee6f9d25ffacbb872:b766273f060ef3b2ae3340454a391b426bc2e97264f8674553eb00dd6ecfdd59b611d8d662929fec710d0e462020e12cdbf9c1ec8858e85671acf8b7b14424ce92079d7d801e2ad9acac036bc8d2dfaa72aa839bff30c0aa7e414a882c00b645ff9d31bcf5a54382def4d0142efa4f06e823257ff132ee968cdc6738c53f53b84c8df76e9f78dd5056cf3d4d5a80a8f84e3edec48520f2cb4583e708539355ef7aa86fb5a0e87a94dcf14f30a2cca568f139d9ce59eaf459a5c5916cc8f20b26aaf6c7c029379aedb05a07fe585ccac60307c1f58ca9f859157d06d06baa394aace79d51b8cb38cfa2598141e245624e5ab9b9d68731173348905315bf1a5ad61d1e8adaeb810e4e8a86d7c13537b0be860ab2ed35b73399b8808aa91d750f77943f8a8b7e89fdb50728aa3dbbd8a41a6e00756f438c9b9e9d55872df5a9068add8a972b7e43edad9ced2237ca1367be4b7cdb66a54ea12eef129471158610eaf28f99f7f686557dcdf644ea:9f80922bc8db32d0cc43f9936affebe7b2bc35a5d82277cd187b5d50dc7fc4c4832fffa34e9543806b485c04548e7c75429425e14d55d91fc1052efd8667430bb766273f060ef3b2ae3340454a391b426bc2e97264f8674553eb00dd6ecfdd59b611d8d662929fec710d0e462020e12cdbf9c1ec8858e85671acf8b7b14424ce92079d7d801e2ad9acac036bc8d2dfaa72aa839bff30c0aa7e414a882c00b645ff9d31bcf5a54382def4d0142efa4f06e823257ff132ee968cdc6738c53f53b84c8df76e9f78dd5056cf3d4d5a80a8f84e3edec48520f2cb4583e708539355ef7aa86fb5a0e87a94dcf14f30a2cca568f139d9ce59eaf459a5c5916cc8f20b26aaf6c7c029379aedb05a07fe585ccac60307c1f58ca9f859157d06d06baa394aace79d51b8cb38cfa2598141e245624e5ab9b9d68731173348905315bf1a5ad61d1e8adaeb810e4e8a86d7c13537b0be860ab2ed35b73399b8808aa91d750f77943f8a8b7e89fdb50728aa3dbbd8a41a6e00756f438c9b9e9d55872df5a9068add8a972b7e43edad9ced2237ca1367be4b7cdb66a54ea12eef129471158610eaf28f99f7f686557dcdf644ea: +722a2da50e42c11a61c9afac7be1a2fed2267d650f8f7d8e5bc706b807c1b91dfd0b964562f823721e649c3fedb432a76f91e0aead7c61d35f95ed7726d78589:fd0b964562f823721e649c3fedb432a76f91e0aead7c61d35f95ed7726d78589:173e8bb885e1f9081404acac999041d2ecfcb73f945e0db36e631d7cd1ab999eb717f34bf07874bf3d34e2530eb6085f4a9f88ae1b0f7d80f221456a8e9a8890b91a50192deaaacc0a1a615a87841e2c5a9e057957af6e48e78cc86198e32e7aa24dcf6cffa329bc72606d65b11682c8ba736cce22a05785df1146331e41609cf9ca711cf464958297138b58a9073f3bbf06ad8a85d135de66652104d88b49d27ad41e59bcc44c7fab68f53f0502e293ffcabaaf755927dfdffbfde3b35c080b5de4c8b785f4da64ef357bc0d1466a6a96560c3c4f3e3c0b563a003f5f95f237171bce1a001771a04ede7cdd9b8ca770fd36ef90e9fe0000a8d7685fd153cc7282de95920a8f8f0898d00bf0c6c933fe5bb9653ff146c4e2acd1a2e0c23c1244844dacf8652716302c2032f9c114679ed26b3ee3ab4a7b18bc4e3071f0977db57cd0ac68c0727a09b4f125fb64af2850b26c8a484263334e2da902d744737044e79ab1cf5b2f93a022b63d40cd:c2695a57172aaa31bd0890f231ca8eeec0287a87172669a899ad0891cea4c47579b50420e791cdec8c182c8a0e8dde21b2480b0cfd8111e28e5603347a352d04173e8bb885e1f9081404acac999041d2ecfcb73f945e0db36e631d7cd1ab999eb717f34bf07874bf3d34e2530eb6085f4a9f88ae1b0f7d80f221456a8e9a8890b91a50192deaaacc0a1a615a87841e2c5a9e057957af6e48e78cc86198e32e7aa24dcf6cffa329bc72606d65b11682c8ba736cce22a05785df1146331e41609cf9ca711cf464958297138b58a9073f3bbf06ad8a85d135de66652104d88b49d27ad41e59bcc44c7fab68f53f0502e293ffcabaaf755927dfdffbfde3b35c080b5de4c8b785f4da64ef357bc0d1466a6a96560c3c4f3e3c0b563a003f5f95f237171bce1a001771a04ede7cdd9b8ca770fd36ef90e9fe0000a8d7685fd153cc7282de95920a8f8f0898d00bf0c6c933fe5bb9653ff146c4e2acd1a2e0c23c1244844dacf8652716302c2032f9c114679ed26b3ee3ab4a7b18bc4e3071f0977db57cd0ac68c0727a09b4f125fb64af2850b26c8a484263334e2da902d744737044e79ab1cf5b2f93a022b63d40cd: +5fe9c3960ed5bd374cc94d42357e6a24dc7e3060788f726365defacf13cd12da0ce7b155c8b20ebdaacdc2aa23627e34b1f9ace980650a2530c7607d04814eb4:0ce7b155c8b20ebdaacdc2aa23627e34b1f9ace980650a2530c7607d04814eb4:c9490d83d9c3a9370f06c91af001685a02fe49b5ca667733fff189eee853ec1667a6c1b6c787e9244812d2d532866ab74dfc870d6f14033b6bcd39852a3900f8f08cd95a74cb8cbe02b8b8b51e993a06adfebd7fc9854ae5d29f4df9642871d0c5e470d903cfbcbd5adb3275628f28a80bf8c0f0376687dae673bf7a8547e80d4a9855ae2572fc2b205dc8a198016ddc9b50995f5b39f368f540504a551803d6dd5f874828e5541ded052894d9e2dc5e6aa351087e790c0dd5d9c4decb217e4db81c98a184b264e6daeac0f11e074cae2bfc899f54b419c65dcc22664a915fbfffac35cee0f286eb7b144933db933e16c4bcb650d537722489de236373fd8d65fc86118b6def37ca4608bc6ce927b65436ffda7f02bfbf88b045ae7d2c2b45a0b30c8f2a04df953221088c555fe9a5df260982a3d64df194ee952fa9a98c31b96493db6180d13d67c36716f95f8c0bd7a039ad990667ca34a83ac1a18c37dd7c7736aa6b9b6fc2b1ac0ce119ef77:379f9c54c413af0d192e9bc736b29da9d521e7ba7841d309f9bcc1e742ec4308fe9f7ba51e0b22aed487cb4aa3913b9bebfb3aacd38f4039f9bbbebe1ad80002c9490d83d9c3a9370f06c91af001685a02fe49b5ca667733fff189eee853ec1667a6c1b6c787e9244812d2d532866ab74dfc870d6f14033b6bcd39852a3900f8f08cd95a74cb8cbe02b8b8b51e993a06adfebd7fc9854ae5d29f4df9642871d0c5e470d903cfbcbd5adb3275628f28a80bf8c0f0376687dae673bf7a8547e80d4a9855ae2572fc2b205dc8a198016ddc9b50995f5b39f368f540504a551803d6dd5f874828e5541ded052894d9e2dc5e6aa351087e790c0dd5d9c4decb217e4db81c98a184b264e6daeac0f11e074cae2bfc899f54b419c65dcc22664a915fbfffac35cee0f286eb7b144933db933e16c4bcb650d537722489de236373fd8d65fc86118b6def37ca4608bc6ce927b65436ffda7f02bfbf88b045ae7d2c2b45a0b30c8f2a04df953221088c555fe9a5df260982a3d64df194ee952fa9a98c31b96493db6180d13d67c36716f95f8c0bd7a039ad990667ca34a83ac1a18c37dd7c7736aa6b9b6fc2b1ac0ce119ef77: +ec2fa541ac14b414149c3825eaa7001b795aa1957d4040dda92573904afa7ee471b363b2408404d7beecdef1e1f511bb6084658b532f7ea63d4e3f5f01c61d31:71b363b2408404d7beecdef1e1f511bb6084658b532f7ea63d4e3f5f01c61d31:2749fc7c4a729e0e0ad71b5b74eb9f9c534ebd02ffc9df4374d813bdd1ae4eb87f1350d5fdc563934515771763e6c33b50e64e0cd114573031d2186b6eca4fc802cddc7cc51d92a61345a17f6ac38cc74d84707a5156be9202dee3444652e79bae7f0d31bd17567961f65dd01a8e4bee38331938ce4b2b550691b99a4bc3c072d186df4b3344a5c8fbfbb9fd2f355f6107e410c3d0c798b68d3fb9c6f7ab5fe27e70871e86767698fe35b77ead4e435a9402cc9ed6a2657b059be0a21003c048bbf5e0ebd93cbb2e71e923cf5c728d1758cd817ad74b454a887126d653b95a7f25e5293b768c9fc5a9c35a2372e3741bc90fd66301427b10824bb4b1e9110bfba84c21a40eb8fed4497e91dc3ffd0438c514c0a8cb4cac6ad0256bf11d5aa7a9c7c00b669b015b0bf81425a21413e2ffb6edc0bd78e385c44fd74558e511c2c25fee1fec18d3990b8690300fa711e93d9854668f0187065e76e7113ae763c30ddd86720b5546a6c3c6f1c43bc67b14:84d18d56f964e3776759bba92c510c2b6d574555c3cddade212da90374554991e7d77e278d63e34693e1958078cc3685f8c41c1f5342e351899638ef612114012749fc7c4a729e0e0ad71b5b74eb9f9c534ebd02ffc9df4374d813bdd1ae4eb87f1350d5fdc563934515771763e6c33b50e64e0cd114573031d2186b6eca4fc802cddc7cc51d92a61345a17f6ac38cc74d84707a5156be9202dee3444652e79bae7f0d31bd17567961f65dd01a8e4bee38331938ce4b2b550691b99a4bc3c072d186df4b3344a5c8fbfbb9fd2f355f6107e410c3d0c798b68d3fb9c6f7ab5fe27e70871e86767698fe35b77ead4e435a9402cc9ed6a2657b059be0a21003c048bbf5e0ebd93cbb2e71e923cf5c728d1758cd817ad74b454a887126d653b95a7f25e5293b768c9fc5a9c35a2372e3741bc90fd66301427b10824bb4b1e9110bfba84c21a40eb8fed4497e91dc3ffd0438c514c0a8cb4cac6ad0256bf11d5aa7a9c7c00b669b015b0bf81425a21413e2ffb6edc0bd78e385c44fd74558e511c2c25fee1fec18d3990b8690300fa711e93d9854668f0187065e76e7113ae763c30ddd86720b5546a6c3c6f1c43bc67b14: +6132692a5ef27bf476b1e991e6c431a8c764f1aebd470282db3321bb7cb09c207a2d166184f9e5f73bea454486b041ceb5fc2314a7bd59cb718e79f0ec989d84:7a2d166184f9e5f73bea454486b041ceb5fc2314a7bd59cb718e79f0ec989d84:a9c0861665d8c2de06f9301da70afb27b3024b744c6b38b24259294c97b1d1cb4f0dcf7575a8ed454e2f0980f50313a77363415183fe9677a9eb1e06cb6d34a467cb7b0758d6f55c564b5ba15603e202b18856d89e72a23ab07d8853ff77da7aff1caebd7959f2c710ef31f5078a9f2cdae92641a1cc5f74d0c143ec42afbaa5f378a9e10d5bf74587fa5f49c156233247dafd3929acde888dc684337e40cdc5932e7eb73ffcc90b85c0ad460416691aefbd7efd07b657c350946a0e366b37a6c8089aba5c5fe3bbca064afbe9d47fbc83914af1cb43c2b2efa98e0a43be32ba823202001def36817251b65f9b0506cef6683642a46ed612f8ca81ee97bb04d317b517343ade2b77126d1f02a87b7604c8653b6748cf5488fa6d43df809faa19e69292d38c5d397dd8e20c7af7c5334ec977f5010a0f7cb5b89479ca06db4d12627f067d6c42186a6b1f8742f36ae709ba720e3cd898116666d81b190b9b9d2a72202cb690a03f3310429a71dc048cde:eb677f3347e1a1ea929efdf62bf9105a6c8f4993033b4f6d03cb0dbf9c742b270704e383ab7c0676bdb1ad0ce9b16673083c9602ec10ae1dd98e8748b336440ba9c0861665d8c2de06f9301da70afb27b3024b744c6b38b24259294c97b1d1cb4f0dcf7575a8ed454e2f0980f50313a77363415183fe9677a9eb1e06cb6d34a467cb7b0758d6f55c564b5ba15603e202b18856d89e72a23ab07d8853ff77da7aff1caebd7959f2c710ef31f5078a9f2cdae92641a1cc5f74d0c143ec42afbaa5f378a9e10d5bf74587fa5f49c156233247dafd3929acde888dc684337e40cdc5932e7eb73ffcc90b85c0ad460416691aefbd7efd07b657c350946a0e366b37a6c8089aba5c5fe3bbca064afbe9d47fbc83914af1cb43c2b2efa98e0a43be32ba823202001def36817251b65f9b0506cef6683642a46ed612f8ca81ee97bb04d317b517343ade2b77126d1f02a87b7604c8653b6748cf5488fa6d43df809faa19e69292d38c5d397dd8e20c7af7c5334ec977f5010a0f7cb5b89479ca06db4d12627f067d6c42186a6b1f8742f36ae709ba720e3cd898116666d81b190b9b9d2a72202cb690a03f3310429a71dc048cde: +f219b2101164aa9723bde3a7346f68a35061c01f9782072580ba32df903ba891f66b920d5aa1a6085495a1480539beba01ffe60e6a6388d1b2e8eda23355810e:f66b920d5aa1a6085495a1480539beba01ffe60e6a6388d1b2e8eda23355810e:015577d3e4a0ec1ab25930106343ff35ab4f1e0a8a2d844aadbb70e5fc5348ccb679c2295c51d702aaae7f6273ce70297b26cb7a253a3db94332e86a15b4a64491232791f7a8b082ee2834af30400e804647a532e9c454d2a0a7320130ab6d4d860073a34667ac25b7e5e2747ba9f5c94594fb68377ae260369c40713b4e32f23195bf91d3d7f1a2719bf408aad8d8a347b112e84b118817cb06513344021763035272a7db728a0ccdaa949c61715d0764140b3e8c01d20ff1593c7f2d55c4e82a1c0cb1ea58442bf80a741bca91f58ab0581b498ee9fe3c92ca654148ef75313543d1aff382befe1a93b02190ce0102175158e2071d02bacad8dbe9fb940fcb610c105ad52c80feb1ec4e524f4c0ec7983e9ce696fa4fcf4bf0514b8f0432b17d5448fc426fea2b01ac7b26c2aed769927534da22576fc1bba726e9d65be01b59f60a648ace2fc3e5e275789fa637cbbd84be3d6ac24457a6292cd656c7b569a52ffea7916b8d04b4f4a75be7ac95142f:17f0127ca3bafa5f4ee959cd60f772be87a0034961517e39a0a1d0f4b9e26db1336e60c82b352c4cbacdbbd11771c3774f8cc5a1a795d6e4f4ebd51def36770b015577d3e4a0ec1ab25930106343ff35ab4f1e0a8a2d844aadbb70e5fc5348ccb679c2295c51d702aaae7f6273ce70297b26cb7a253a3db94332e86a15b4a64491232791f7a8b082ee2834af30400e804647a532e9c454d2a0a7320130ab6d4d860073a34667ac25b7e5e2747ba9f5c94594fb68377ae260369c40713b4e32f23195bf91d3d7f1a2719bf408aad8d8a347b112e84b118817cb06513344021763035272a7db728a0ccdaa949c61715d0764140b3e8c01d20ff1593c7f2d55c4e82a1c0cb1ea58442bf80a741bca91f58ab0581b498ee9fe3c92ca654148ef75313543d1aff382befe1a93b02190ce0102175158e2071d02bacad8dbe9fb940fcb610c105ad52c80feb1ec4e524f4c0ec7983e9ce696fa4fcf4bf0514b8f0432b17d5448fc426fea2b01ac7b26c2aed769927534da22576fc1bba726e9d65be01b59f60a648ace2fc3e5e275789fa637cbbd84be3d6ac24457a6292cd656c7b569a52ffea7916b8d04b4f4a75be7ac95142f: +fc180035aec0f5ede7bda93bf77ade7a81ed06de07ee2e3aa8576be81608610a4f215e948cae243ee3143b80282ad792c780d2a6b75060ca1d290ca1a8e3151f:4f215e948cae243ee3143b80282ad792c780d2a6b75060ca1d290ca1a8e3151f:b5e8b01625664b222339e0f05f93a990ba48b56ae65439a17520932df011721e284dbe36f98631c066510098a68d7b692a3863e99d58db76ca5667c8043cb10bd7abbaf506529fbb23a5166be038affdb9a234c4f4fcf43bddd6b8d2ce772dd653ed115c095e232b269dd4888d2368cb1c66be29dd383fca67f66765b296564e37555f0c0e484504c591f006ea8533a12583ad2e48318ff6f324ecaf804b1bae04aa896743e67ef61ca383d58e42acfc6410de30776e3ba262373b9e1441943955101a4e768231ad9c6529eff6118dde5df02f94b8d6df2d99f27863b517243a579e7aaff311ea3a0282e47ca876fabc2280fce7adc984dd0b30885b1650f1471dfcb0522d49fec7d042f32a93bc368f076006ea01ec1c7412bf66f62dc88de2c0b74701a5614e855e9fa728fb1f1171385f96afbde70dea02e9aa94dc21848c26302b50ae91f9693a1864e4e095ae03cdc22ad28a0eb7db596779246712fab5f5da327efec3e79612de0a6ccaa536759b8e:a43a71c3a19c35660dae6f31a254b8c0ea3593fc8fca74d13640012b9e9473d4afe070db01e7fb399bf4ca6070e062180011285a67dd6858b761e46c6bd32004b5e8b01625664b222339e0f05f93a990ba48b56ae65439a17520932df011721e284dbe36f98631c066510098a68d7b692a3863e99d58db76ca5667c8043cb10bd7abbaf506529fbb23a5166be038affdb9a234c4f4fcf43bddd6b8d2ce772dd653ed115c095e232b269dd4888d2368cb1c66be29dd383fca67f66765b296564e37555f0c0e484504c591f006ea8533a12583ad2e48318ff6f324ecaf804b1bae04aa896743e67ef61ca383d58e42acfc6410de30776e3ba262373b9e1441943955101a4e768231ad9c6529eff6118dde5df02f94b8d6df2d99f27863b517243a579e7aaff311ea3a0282e47ca876fabc2280fce7adc984dd0b30885b1650f1471dfcb0522d49fec7d042f32a93bc368f076006ea01ec1c7412bf66f62dc88de2c0b74701a5614e855e9fa728fb1f1171385f96afbde70dea02e9aa94dc21848c26302b50ae91f9693a1864e4e095ae03cdc22ad28a0eb7db596779246712fab5f5da327efec3e79612de0a6ccaa536759b8e: +a2836a65427912122d25dcdfc99d7046fe9b53d5c1bb23617f11890e94ca93ed8c12bda214c8abb2286acffbf8112425040aab9f4d8bb7870b98da0159e882f1:8c12bda214c8abb2286acffbf8112425040aab9f4d8bb7870b98da0159e882f1:813d6061c56eae0ff53041c0244aa5e29e13ec0f3fb428d4beb8a99e04bca8c41bddb0db945f487efe38f2fc14a628fafa2462f860e4e34250eb4e93f139ab1b74a2614519e41ee2403be427930ab8bc82ec89ceafb60905bd4ddbbd13bdb19654314fc92373140b962e2258e038d71b9ec66b84ef8319e03551cb707e747f6c40ad476fbefdce71f3a7b67a1af1869bc6440686e7e0855e4f369d1d88b8099fba54714678627bba1aff41e7707bc97eddf890b0c08dce3e9800d24c6f61092ce28d481b5dea5c096c55d72f8946009131fb968e2bc8a054d825adab76740dcf0d758c8bf54ff38659e71b32bfe2e615aaabb0f5293085649cf60b9847bc62011ce3878af628984a5840a4ad5dae3702db367da0f8a165fed0517eb5c442b0145330241b97eeca733ba6688b9c129a61cd1236aff0e27bcf98c28b0fbeea55a3d7c7193d644b2749f986bd46af8938e8faaeafbd9cec3612ab005bd7c3eeafe9a31279ca6102560666ba16136ff1452f850adb:e6a9a6b436559a4320c45c0c2c4a2aedecb90d416d52c82680ac7330d062aebef3e9ac9f2c5ffa455c9be113013a2b282e5600fd306435ada83b1e48ba2a3605813d6061c56eae0ff53041c0244aa5e29e13ec0f3fb428d4beb8a99e04bca8c41bddb0db945f487efe38f2fc14a628fafa2462f860e4e34250eb4e93f139ab1b74a2614519e41ee2403be427930ab8bc82ec89ceafb60905bd4ddbbd13bdb19654314fc92373140b962e2258e038d71b9ec66b84ef8319e03551cb707e747f6c40ad476fbefdce71f3a7b67a1af1869bc6440686e7e0855e4f369d1d88b8099fba54714678627bba1aff41e7707bc97eddf890b0c08dce3e9800d24c6f61092ce28d481b5dea5c096c55d72f8946009131fb968e2bc8a054d825adab76740dcf0d758c8bf54ff38659e71b32bfe2e615aaabb0f5293085649cf60b9847bc62011ce3878af628984a5840a4ad5dae3702db367da0f8a165fed0517eb5c442b0145330241b97eeca733ba6688b9c129a61cd1236aff0e27bcf98c28b0fbeea55a3d7c7193d644b2749f986bd46af8938e8faaeafbd9cec3612ab005bd7c3eeafe9a31279ca6102560666ba16136ff1452f850adb: +f051af426d0c3282fafc8bf912ade1c24211a95ad200e1eef549320e1cb1a252fa87955e0ea13dde49d83dc22e63a2bdf1076725c2cc7f93c76511f28e7944f2:fa87955e0ea13dde49d83dc22e63a2bdf1076725c2cc7f93c76511f28e7944f2:b48d9f84762b3bcc66e96d76a616fa8fe8e01695251f47cfc1b7b17d60dc9f90d576ef64ee7d388504e2c9079638165a889696471c989a876f8f13b63b58d531fea4dd1229fc631668a047bfae2da281feae1b6de3ebe280abe0a82ee00fbfdc22ce2d10e06a0492ff1404dfc094c40b203bf55721dd787ed4e91d5517aaf58d3bdd35d44a65ae6ba75619b339b650518cefcc17493de27a3b5d41788f87edbde72610f181bf06e208e0eb7cdfe881d91a2d6cc77aa19c0fcf330fedb44675d800eb8cff9505d8887544a503cbe373c4847b19e8f3995726efd6649858595c57ccaf0cbc9eb25de83ba046bc9f1838ac7b8953dd81b81ac0f68d0e9338cb55402552afb6bc16949351b926d151a82efc695e8d7da0dd55099366789718ccbf36030bd2c3c109399be26cdb8b9e2a155f3b2cb1bfa71ab69a23625a4ac118fe91cb2c19788cf52a71d730d576b421d96982a51a2991daec440cda7e6cc3282b8312714278b819bfe2387eb96aa91d40173034f428:b8f713578a64466719aceb432fce302a87cf066bf3e102a350616921a840964bfc7e685d8fd17455ac3eb4861edcb8979d35e3a4bd82a078cd707721d733400eb48d9f84762b3bcc66e96d76a616fa8fe8e01695251f47cfc1b7b17d60dc9f90d576ef64ee7d388504e2c9079638165a889696471c989a876f8f13b63b58d531fea4dd1229fc631668a047bfae2da281feae1b6de3ebe280abe0a82ee00fbfdc22ce2d10e06a0492ff1404dfc094c40b203bf55721dd787ed4e91d5517aaf58d3bdd35d44a65ae6ba75619b339b650518cefcc17493de27a3b5d41788f87edbde72610f181bf06e208e0eb7cdfe881d91a2d6cc77aa19c0fcf330fedb44675d800eb8cff9505d8887544a503cbe373c4847b19e8f3995726efd6649858595c57ccaf0cbc9eb25de83ba046bc9f1838ac7b8953dd81b81ac0f68d0e9338cb55402552afb6bc16949351b926d151a82efc695e8d7da0dd55099366789718ccbf36030bd2c3c109399be26cdb8b9e2a155f3b2cb1bfa71ab69a23625a4ac118fe91cb2c19788cf52a71d730d576b421d96982a51a2991daec440cda7e6cc3282b8312714278b819bfe2387eb96aa91d40173034f428: +a103e92672c65f81ea5da1fff1a4038788479e941d503a756f4a755201a57c1dee63a5b69641217acbaf3339da829ec071b9931e5987153514d30140837a7af4:ee63a5b69641217acbaf3339da829ec071b9931e5987153514d30140837a7af4:b1984e9eec085d524c1eb3b95c89c84ae085be5dc65c326e19025e1210a1d50edbbba5d1370cf15d68d687eb113233e0fba50f9433c7d358773950c67931db8296bbcbecec888e87e71a2f7579fad2fa162b85fb97473c456b9a5ce2956676969c7bf4c45679085b62f2c224fc7f458794273f6d12c5f3e0d06951824d1cca3e2f904559ed28e2868b366d79d94dc98667b9b5924268f3e39b1291e5abe4a758f77019dacbb22bd8196e0a83a5677658836e96ca5635055a1e63d65d036a68d87ac2fd283fdda390319909c5cc7680368848873d597f298e0c6172308030ffd452bb1363617b316ed7cd949a165dc8abb53f991aef3f3e9502c5dfe4756b7c6bfdfe89f5e00febdd6afb0402818f11cf8d1d5864fe9da1b86e39aa935831506cf2400ea7ed75bd9533b23e202fe875d7d9638c89d11cb2d6e6021ae6bd27c7754810d35cd3a61494f27b16fc794e2cd2f0d3453ada933865db78c579571f8fc5c5c6be8eaffce6a852e5b3b1c524c49313d427abcb:2aa2035c2ce5b5e6ae161e168f3ad0d6592bcf2c4a049d3ed342fceb56be9c7cb372027573ae0178e8878ebefca7b030327b8aad41857de58cb78e1a00cbac05b1984e9eec085d524c1eb3b95c89c84ae085be5dc65c326e19025e1210a1d50edbbba5d1370cf15d68d687eb113233e0fba50f9433c7d358773950c67931db8296bbcbecec888e87e71a2f7579fad2fa162b85fb97473c456b9a5ce2956676969c7bf4c45679085b62f2c224fc7f458794273f6d12c5f3e0d06951824d1cca3e2f904559ed28e2868b366d79d94dc98667b9b5924268f3e39b1291e5abe4a758f77019dacbb22bd8196e0a83a5677658836e96ca5635055a1e63d65d036a68d87ac2fd283fdda390319909c5cc7680368848873d597f298e0c6172308030ffd452bb1363617b316ed7cd949a165dc8abb53f991aef3f3e9502c5dfe4756b7c6bfdfe89f5e00febdd6afb0402818f11cf8d1d5864fe9da1b86e39aa935831506cf2400ea7ed75bd9533b23e202fe875d7d9638c89d11cb2d6e6021ae6bd27c7754810d35cd3a61494f27b16fc794e2cd2f0d3453ada933865db78c579571f8fc5c5c6be8eaffce6a852e5b3b1c524c49313d427abcb: +d47c1b4b9e50cbb71fd07d096d91d87213d44b024373044761c4822f9d9df880f4e1cb86c8ca2cfee43e58594a8778436d3ea519704e00c1bbe48bbb1c9454f8:f4e1cb86c8ca2cfee43e58594a8778436d3ea519704e00c1bbe48bbb1c9454f8:88d7009d51de3d337eef0f215ea66ab830ec5a9e6823761c3b92ad93ea341db92ece67f4ef4ceb84194ae6926c3d014b2d59781f02e0b32f9a611222cb9a5850c6957cb8079ae64e0832a1f05e5d1a3c572f9d08f1437f76bb3b83b52967c3d48c3576848891c9658d4959eb80656d26cdba0810037c8a18318ff122f8aa8985c773cb317efa2f557f1c3896bcb162df5d87681bb787e7813aa2dea3b0c564d646a92861f444ca1407efbac3d12432cbb70a1d0eaffb11741d3718fedee2b83036189a6fc45a52f74fa487c18fd264a7945f6c9e44b011f5d86613f1939b19f4f4fdf53234057be3f005ad64eebf3c8ffb58cb40956c4336df01d4424b706a0e561d601708d12485e21bcb6d799d8d1d044b400064ec0944501406e70253947006cabbdb2dd6bd8cee4497653d9113a44d4de9b68d4c526fca0b9b0c18fe50fb917fdd9a914fb816108a73a6b3fff9e654e69c9cfe02b05c6c1b9d15c4e65cf31018b8100d784633ee1888eee3572aafa6f189ea22d0:627e7ca7e34ed6331d62b9541c1ea9a9292be7b0a65d805e266b5122272a82db7d765acc7e2a290d685804922f91ed04a3c382c03ff21a1768f584413c4e5f0088d7009d51de3d337eef0f215ea66ab830ec5a9e6823761c3b92ad93ea341db92ece67f4ef4ceb84194ae6926c3d014b2d59781f02e0b32f9a611222cb9a5850c6957cb8079ae64e0832a1f05e5d1a3c572f9d08f1437f76bb3b83b52967c3d48c3576848891c9658d4959eb80656d26cdba0810037c8a18318ff122f8aa8985c773cb317efa2f557f1c3896bcb162df5d87681bb787e7813aa2dea3b0c564d646a92861f444ca1407efbac3d12432cbb70a1d0eaffb11741d3718fedee2b83036189a6fc45a52f74fa487c18fd264a7945f6c9e44b011f5d86613f1939b19f4f4fdf53234057be3f005ad64eebf3c8ffb58cb40956c4336df01d4424b706a0e561d601708d12485e21bcb6d799d8d1d044b400064ec0944501406e70253947006cabbdb2dd6bd8cee4497653d9113a44d4de9b68d4c526fca0b9b0c18fe50fb917fdd9a914fb816108a73a6b3fff9e654e69c9cfe02b05c6c1b9d15c4e65cf31018b8100d784633ee1888eee3572aafa6f189ea22d0: +fc0c32c5eb6c71ea08dc2b300cbcef18fdde3ea20f68f21733237b4ddaab900e47c37d8a080857eb8777a6c0a9a5c927303faf5c320953b5de48e462e12d0062:47c37d8a080857eb8777a6c0a9a5c927303faf5c320953b5de48e462e12d0062:a7b1e2db6bdd96b3d51475603537a76b42b04d7ebd24fe515a887658e4a352e22109335639a59e2534811f4753b70209d0e4698e9d926088826c14689681ea00fa3a2fcaa0047ced3ef287e6172502b215e56497614d86b4cb26bcd77a2e172509360ee58893d01c0d0fb4d4abfe4dbd8d2a2f54190fa2f731c1ceac6829c3ddc9bfb2ffd70c57ba0c2b22d2326fbfe7390db8809f73547ff47b86c36f2bf7454e678c4f1c0fa870bd0e30bbf3278ec8d0c5e9b64aff0af64babc19b70f4cf9a41cb8f95d3cde24f456ba3571c8f021d38e591dec05cb5d1ca7b48f9da4bd734b069a9fd106500c1f408ab7fe8e4a6e6f3ed64da0ed24b01e33df8475f95fa9ed71d04dd30b3cd823755a3401bf5afae10ee7e18ec6fe637c3793fd434b48d7145130447e00299101052558b506554ec9c399f62941c3f414cbc352caa345b930adecfaddac91ee53d1451a65e06201026325de07c931f69bba868a7c87ee23c604ec6794332917dfe2c5b69669b659706917f71eddf96:6887c6e2b98a82af5ee3dfa7ca2cb25d9c10745620a82956acba85cb57c8ec24279fa42f092359a1b6bbeafba050f14b6288209e6ef7bc1e0a2b872c1138f305a7b1e2db6bdd96b3d51475603537a76b42b04d7ebd24fe515a887658e4a352e22109335639a59e2534811f4753b70209d0e4698e9d926088826c14689681ea00fa3a2fcaa0047ced3ef287e6172502b215e56497614d86b4cb26bcd77a2e172509360ee58893d01c0d0fb4d4abfe4dbd8d2a2f54190fa2f731c1ceac6829c3ddc9bfb2ffd70c57ba0c2b22d2326fbfe7390db8809f73547ff47b86c36f2bf7454e678c4f1c0fa870bd0e30bbf3278ec8d0c5e9b64aff0af64babc19b70f4cf9a41cb8f95d3cde24f456ba3571c8f021d38e591dec05cb5d1ca7b48f9da4bd734b069a9fd106500c1f408ab7fe8e4a6e6f3ed64da0ed24b01e33df8475f95fa9ed71d04dd30b3cd823755a3401bf5afae10ee7e18ec6fe637c3793fd434b48d7145130447e00299101052558b506554ec9c399f62941c3f414cbc352caa345b930adecfaddac91ee53d1451a65e06201026325de07c931f69bba868a7c87ee23c604ec6794332917dfe2c5b69669b659706917f71eddf96: +a8d73d639a23cc6a967ef31bcabb5d063e53e1eab8fcc7cab9bc3a17fde9c2f88daa9f4c8b1a44691bf44521f2f7ca45dc7fc61f6a4ce6f98faa41c2a74977d1:8daa9f4c8b1a44691bf44521f2f7ca45dc7fc61f6a4ce6f98faa41c2a74977d1:fd1fac3d53313b11acd29f5a83ac11896dab2530fa47865b2295c0d99dd67c36ed8e5fa549150c794c5549efb5c1d69114d5d607b23285b7212afaab57846a54ae67b9e880e07b6586607cecf6d4eed516a3a75511fe367d88eb871e6d71b7d6aa1367a01421b1088fc2d75e44954b73625c52da8a3a183c60be9da6050f59a453caa53520593671728d431877bfaac913a765fb6a56b75290b2a8aaac34afb9217ba1b0d5850ba0fdabf80969def0feee794ceb60614e3368e63ef20e4c32d341ec9b0328ea9fe139207ed7a626ff08943b415233db7cfcc845c9b63121d4ed52ec3748ab6a1f36b2103c7dc7e9303acea4ba8af7a3e07184fb491e891ede84f0dc41cadc3973028e879acd2031afc29a16092868e2c7f539fc1b792edab195a25ab9830661346b39ef53915de4af52c421eaf172e9da76a08c283a52df907f705d7e8599c5baae0c2af380c1bb46f93484a03f28374324b278992b50b7afa02552cafa503f034f8d866e9b720271dd68ccb685a85fffd1:c4dcef1a2453939b364b340250c3129431431d5ba3f47670ab07ce680c69bf28b678627c76a6360fc40dc109aa7dea371b825e46134f624572182acf3957e70ffd1fac3d53313b11acd29f5a83ac11896dab2530fa47865b2295c0d99dd67c36ed8e5fa549150c794c5549efb5c1d69114d5d607b23285b7212afaab57846a54ae67b9e880e07b6586607cecf6d4eed516a3a75511fe367d88eb871e6d71b7d6aa1367a01421b1088fc2d75e44954b73625c52da8a3a183c60be9da6050f59a453caa53520593671728d431877bfaac913a765fb6a56b75290b2a8aaac34afb9217ba1b0d5850ba0fdabf80969def0feee794ceb60614e3368e63ef20e4c32d341ec9b0328ea9fe139207ed7a626ff08943b415233db7cfcc845c9b63121d4ed52ec3748ab6a1f36b2103c7dc7e9303acea4ba8af7a3e07184fb491e891ede84f0dc41cadc3973028e879acd2031afc29a16092868e2c7f539fc1b792edab195a25ab9830661346b39ef53915de4af52c421eaf172e9da76a08c283a52df907f705d7e8599c5baae0c2af380c1bb46f93484a03f28374324b278992b50b7afa02552cafa503f034f8d866e9b720271dd68ccb685a85fffd1: +79c7dcb7d59a8df6b2b2ba0413059d89680995c20e916da01b8f067dc60cdeb4298743c73918bd556b28f8d4824a09b814752a7aeae7ee04875c53f4d6b108d9:298743c73918bd556b28f8d4824a09b814752a7aeae7ee04875c53f4d6b108d9:5fe202f5b33b7788810d2508a13b3114d69b8596e6eacda05a04a2eb597fa3279c208b5a5b65daacb699f144e1d660e78e139b578331abec5c3c35334454f03e832c8d6e2984df5d450ecb5d33582a78808a9c78f26ebcd1244ef52e3fa6dca115c1f0cb56e38eae0e5b39f5fd863dffd0b2fb5b958f2d739db312fc667a17b031c4c9f8c5a2ad577984cc4146c437580efd2152173fe0d5782cc2ae9831a8d9a04177256018ff7631e0b0d8a99cb28f008b320421e27a74c31359188663456d85e098c1ebd281701097b6ae5a871e5ccc02058a501416cb91c12cef5be6f1914370e563f1a1b2aa41f4b8ee84cd32a1d509e529787d14a445438d807ecd620e2fa26de0da6426864784d4a28f54103e609283b99ee9b2b699c980bbb7882c3ea68ddc90802ac232f2c8e84291987bf3c5240921b59cfa214969317673d0be7f34b1ca0e15ea73c7175401ce550be106b49e62f8db68695e740e0f3a3556a19f3c8e6b91ac1cc23e863fcd0f0d9eb7047aa631e0d2eb9bcc6b:7b7cbe44c771e4371bae13b0722babcc1064155732962f407cba2acd35381d42210bece822f4681121fd4dab745a1f3077922fba1a78045b712902baccac660e5fe202f5b33b7788810d2508a13b3114d69b8596e6eacda05a04a2eb597fa3279c208b5a5b65daacb699f144e1d660e78e139b578331abec5c3c35334454f03e832c8d6e2984df5d450ecb5d33582a78808a9c78f26ebcd1244ef52e3fa6dca115c1f0cb56e38eae0e5b39f5fd863dffd0b2fb5b958f2d739db312fc667a17b031c4c9f8c5a2ad577984cc4146c437580efd2152173fe0d5782cc2ae9831a8d9a04177256018ff7631e0b0d8a99cb28f008b320421e27a74c31359188663456d85e098c1ebd281701097b6ae5a871e5ccc02058a501416cb91c12cef5be6f1914370e563f1a1b2aa41f4b8ee84cd32a1d509e529787d14a445438d807ecd620e2fa26de0da6426864784d4a28f54103e609283b99ee9b2b699c980bbb7882c3ea68ddc90802ac232f2c8e84291987bf3c5240921b59cfa214969317673d0be7f34b1ca0e15ea73c7175401ce550be106b49e62f8db68695e740e0f3a3556a19f3c8e6b91ac1cc23e863fcd0f0d9eb7047aa631e0d2eb9bcc6b: +b9ced0412593fefed95e94ac965e5b23ff9d4b0e797db02bf497994d3b793e60c1629a723189959337f5535201e5d395ba0a03ea8c17660d0f8b6f6e6404bb12:c1629a723189959337f5535201e5d395ba0a03ea8c17660d0f8b6f6e6404bb12:555bb39c1899d57cabe428064c2d925f5fc4cf7059b95fb89a8e9e3a7e426c6c922d9e4d76984ea2383cabb4f2befd89c1f20eaa8a00dbe787cfa70ae2ae6aa90331cbbe580fa5a02184ed05e6c8e89d576af28aeeaf7c4e2500f358a00971a0a75920e854849bf332142975404f598c32e96982043d992bcd1a4fe819bb5634ad03467afc4ce05073f88ba1ba4ae8653a04665cf3f71690fe13343885bc5ebc0e5e62d882f43b7c68900ac9438bf4a81ce90169ec129ee63e2c675a1a5a67e27cc798c48cc23f51078f463b3b7cc14e3bcfd2e9b82c75240934cbdc50c4308f282f193122995606f40135100a291c55afdf8934eb8b61d81421674124dec3b88f9a73110a9e616f5b826b9d343f3ac0e9d7bdf4fd8b648b40f0098b3897a3a1cd65a64570059b8bc5c6743883074c88623c1f5a88c58969e21c692aca236833d3470b3eb09815e1138e9d0650c390eee977422193b00918be8a97cc6199b451b05b5730d1d13358cf74610678f7ac7f7895cc2efc456e03873b:f1b797ded8a6942b12626848340fb719fcddafd98f33e2992d357bfdd35933c7ac561e5b2f939464338c5666854ca885c4d046eb2c54e48a1b5ed266ad34de05555bb39c1899d57cabe428064c2d925f5fc4cf7059b95fb89a8e9e3a7e426c6c922d9e4d76984ea2383cabb4f2befd89c1f20eaa8a00dbe787cfa70ae2ae6aa90331cbbe580fa5a02184ed05e6c8e89d576af28aeeaf7c4e2500f358a00971a0a75920e854849bf332142975404f598c32e96982043d992bcd1a4fe819bb5634ad03467afc4ce05073f88ba1ba4ae8653a04665cf3f71690fe13343885bc5ebc0e5e62d882f43b7c68900ac9438bf4a81ce90169ec129ee63e2c675a1a5a67e27cc798c48cc23f51078f463b3b7cc14e3bcfd2e9b82c75240934cbdc50c4308f282f193122995606f40135100a291c55afdf8934eb8b61d81421674124dec3b88f9a73110a9e616f5b826b9d343f3ac0e9d7bdf4fd8b648b40f0098b3897a3a1cd65a64570059b8bc5c6743883074c88623c1f5a88c58969e21c692aca236833d3470b3eb09815e1138e9d0650c390eee977422193b00918be8a97cc6199b451b05b5730d1d13358cf74610678f7ac7f7895cc2efc456e03873b: +81da168f02d46bb87cda845da43f8a6cba2c016878d6f49c6f061a60f155a04aaff86e98093ca4c71b1b804c5fe451cfdf868250dea30345fa4b89bb09b6a53b:aff86e98093ca4c71b1b804c5fe451cfdf868250dea30345fa4b89bb09b6a53b:6bc6726a34a64aae76ab08c92b179e54ff5d2e65eb2c6c659ae8703cc245cbc2cf45a12b22c468ae61fd9a6627ad0626c9b1e5af412cb483eaee1db11b29f0a510c13e38020e09ae0eee762537a3e9d1a0c7b033d097fdc1f4f82629a9de9ef38da1cf96a940357d5f2e0e7e8dbc29db728a1e6aad876e5e053113d06420272b87cf0c40dfe03a544de96c7aea13ba0029b57b48d99dcc6a650492d78c4cdd1b28e1a115a7e3e7a7cb21333d4ff80858dfb67782c16354b8716596560d7d8e389eb15a052a0bf5d16eb54fb3e4973ad4984e72a187f5347d5b262c32b1647e42b6a53837096cc78c2a05ce1c6e12493a03f1a667584cb97f4fcd57ee944c65b7eed25f7ae0f3f6cede173fdfacf5af1db143730d18096664914ba4cfc6966f392022781c66a9417ca2680b51f63e4fba424ecfdbc6a2f01787d0e7484f8a8ab390aeaa6d1f7ed325d82feaa1692a4984fae43da87329b045da8f0a4f56b695aa935de152ce0385153720979a2b7006d405fcb0fba09e23b85fd19b:4aaca947e3f22cc8b8588ee030ace8f6b5f5711c2974f20cc18c3b655b07a5bc1366b59a1708032d12cae01ab794f8cbcc1a330874a75035db1d69422d2fc00c6bc6726a34a64aae76ab08c92b179e54ff5d2e65eb2c6c659ae8703cc245cbc2cf45a12b22c468ae61fd9a6627ad0626c9b1e5af412cb483eaee1db11b29f0a510c13e38020e09ae0eee762537a3e9d1a0c7b033d097fdc1f4f82629a9de9ef38da1cf96a940357d5f2e0e7e8dbc29db728a1e6aad876e5e053113d06420272b87cf0c40dfe03a544de96c7aea13ba0029b57b48d99dcc6a650492d78c4cdd1b28e1a115a7e3e7a7cb21333d4ff80858dfb67782c16354b8716596560d7d8e389eb15a052a0bf5d16eb54fb3e4973ad4984e72a187f5347d5b262c32b1647e42b6a53837096cc78c2a05ce1c6e12493a03f1a667584cb97f4fcd57ee944c65b7eed25f7ae0f3f6cede173fdfacf5af1db143730d18096664914ba4cfc6966f392022781c66a9417ca2680b51f63e4fba424ecfdbc6a2f01787d0e7484f8a8ab390aeaa6d1f7ed325d82feaa1692a4984fae43da87329b045da8f0a4f56b695aa935de152ce0385153720979a2b7006d405fcb0fba09e23b85fd19b: +af2e60da0f29bb1614fc3f193cc353331986b73f3f9a0aec9421b9473d6a4b6ac8bfe2835822199c6127b806fabeef0cb9ff59f3c81ff0cb89c556f55106af6a:c8bfe2835822199c6127b806fabeef0cb9ff59f3c81ff0cb89c556f55106af6a:7dbb77b88bda94f344416a06b096566c6e8b393931a8243a6cab75c361fde7dc536aec40cded83296a89e8c3bef7d787cfc49401a7b9183f138d5000619ff073c05e2f841d6008358f10a2da7dcfac3d4d70c20d2ec34c7b6d5cd1a734d6bbb11c5fd8d2bce32ac810ef82b4188aa8ea3cfc3032233dc0e2600e9db6e18bc22b10044a31c15baceaf5554de89d2a3466807f244414d080ff2963956c6e83c8e144ed0066088b476ddcb564403447d9159f9089aba2b4d5575c4d8ae66fc8690e7349ed40832e6369c024563ec493bfcc0fc9ac787ac841397fe133167283d80c42f006a99d39e82979da3fa9334bd9ede0d14b41b7466bcebbe8171bc804a645d3723274a1b92bf82fd993358744de92441903d436fd47f23d40052a3829367f202f0553b5e49b76c5e03fa6ce7c3cf5eeb21de967bec4dd355925384ebf96697e823762bac4d43a767c241a4cef724a970d00ff3a8ab3b83eed840075c74e90f306e330013260962161e9d0910de183622ce9a6b8d5144280550fc7:50f9f941a8da9f6240f76d2fa3b06dd6b2292ed32d1c05218097d34d8a19dfe553f76ae3c6b4a2ed20852128461540decf418f52d38e64037eec7771bd1afe007dbb77b88bda94f344416a06b096566c6e8b393931a8243a6cab75c361fde7dc536aec40cded83296a89e8c3bef7d787cfc49401a7b9183f138d5000619ff073c05e2f841d6008358f10a2da7dcfac3d4d70c20d2ec34c7b6d5cd1a734d6bbb11c5fd8d2bce32ac810ef82b4188aa8ea3cfc3032233dc0e2600e9db6e18bc22b10044a31c15baceaf5554de89d2a3466807f244414d080ff2963956c6e83c8e144ed0066088b476ddcb564403447d9159f9089aba2b4d5575c4d8ae66fc8690e7349ed40832e6369c024563ec493bfcc0fc9ac787ac841397fe133167283d80c42f006a99d39e82979da3fa9334bd9ede0d14b41b7466bcebbe8171bc804a645d3723274a1b92bf82fd993358744de92441903d436fd47f23d40052a3829367f202f0553b5e49b76c5e03fa6ce7c3cf5eeb21de967bec4dd355925384ebf96697e823762bac4d43a767c241a4cef724a970d00ff3a8ab3b83eed840075c74e90f306e330013260962161e9d0910de183622ce9a6b8d5144280550fc7: +605f90b53d8e4a3b48b97d745439f2a0807d83b8502e8e2979f03e8d376ac9feaa3fae4cfa6f6bfd14ba0afa36dcb1a2656f36541ad6b3e67f1794b06360a62f:aa3fae4cfa6f6bfd14ba0afa36dcb1a2656f36541ad6b3e67f1794b06360a62f:3bcdcac292ac9519024aaecee2b3e999ff5d3445e9f1eb60940f06b91275b6c5db2722ed4d82fe89605226530f3e6b0737b308cde8956184944f388a80042f6cba274c0f7d1192a0a96b0da6e2d6a61b76518fbee555773a414590a928b4cd545fccf58172f35857120eb96e75c5c8ac9ae3add367d51d34ac403446360ec10f553ea9f14fb2b8b78cba18c3e506b2f04097063a43b2d36431cce02caf11c5a4db8c821752e52985d5af1bfbf4c61572e3fadae3ad424acd81662ea5837a1143b9669391d7b9cfe230cffb3a7bb03f6591c25a4f01c0d2d4aca3e74db1997d3739c851f0327db919ff6e77f6c8a20fdd3e1594e92d01901ab9aef194fc893e70d78c8ae0f480001a515d4f9923ae6278e8927237d05db23e984c92a683882f57b1f1882a74a193ab6912ff241b9ffa662a0d47f29205f084dbde845baaeb5dd36ae6439a437642fa763b57e8dbe84e55813f0151e97e5b9de768b234b8db15c496d4bfcfa1388788972bb50ce030bc6e0ccf4fa7d00d343782f6ba8de0:dd0212e63288cbe14a4569b4d891da3c7f92727c5e7f9a801cf9d6827085e7095b669d7d45f882ca5f0745dccd24d87a57181320191e5b7a47c3f7f2dccbd7073bcdcac292ac9519024aaecee2b3e999ff5d3445e9f1eb60940f06b91275b6c5db2722ed4d82fe89605226530f3e6b0737b308cde8956184944f388a80042f6cba274c0f7d1192a0a96b0da6e2d6a61b76518fbee555773a414590a928b4cd545fccf58172f35857120eb96e75c5c8ac9ae3add367d51d34ac403446360ec10f553ea9f14fb2b8b78cba18c3e506b2f04097063a43b2d36431cce02caf11c5a4db8c821752e52985d5af1bfbf4c61572e3fadae3ad424acd81662ea5837a1143b9669391d7b9cfe230cffb3a7bb03f6591c25a4f01c0d2d4aca3e74db1997d3739c851f0327db919ff6e77f6c8a20fdd3e1594e92d01901ab9aef194fc893e70d78c8ae0f480001a515d4f9923ae6278e8927237d05db23e984c92a683882f57b1f1882a74a193ab6912ff241b9ffa662a0d47f29205f084dbde845baaeb5dd36ae6439a437642fa763b57e8dbe84e55813f0151e97e5b9de768b234b8db15c496d4bfcfa1388788972bb50ce030bc6e0ccf4fa7d00d343782f6ba8de0: +9e2c3d189838f4dd52ef0832886874c5ca493983ddadc07cbc570af2ee9d6209f68d3b81e73557ee1f08bd2d3f46a4718256a0f3cd8d2e03eb8fe882aab65c69:f68d3b81e73557ee1f08bd2d3f46a4718256a0f3cd8d2e03eb8fe882aab65c69:19485f5238ba82eadf5eff14ca75cd42e5d56fea69d5718cfb5b1d40d760899b450e66884558f3f25b7c3de9afc4738d7ac09da5dd4689bbfac07836f5e0be432b1ddcf1b1a075bc9815d0debc865d90bd5a0c5f5604d9b46ace816c57694ecc3d40d8f84df0ede2bc4d577775a027f725de0816f563fa88f88e077720ebb6ac02574604819824db7474d4d0b22cd1bc05768e0fb867ca1c1a7b90b34ab7a41afc66957266ac0c915934aaf31c0cf6927a4f03f23285e6f24afd5813849bb08c203ac2d0336dcbf80d77f6cf7120edfbcdf181db107ec8e00f32449c1d3f5c049a92694b4ea2c6ebe5e2b0f64b5ae50ad3374d246b3270057e724a27cf263b633ab65ecb7f5c266b8007618b10ac9ac83db0febc04fd863d9661ab6e58494766f71b9a867c5a7a4555f667c1af2e54588f162a41ce756407cc4161d607b6e0682980934caa1bef036f7330d9eef01ecc553583fee5994e533a46ca916f60f8b961ae01d20f7abf0df6141b604de733c636b42018cd5f1d1ef4f84cee40fc:38a31b6b465084738262a26c065fe5d9e2886bf9dd35cde05df9bad0cc7db401c750aa19e66090bce25a3c721201e60502c8c10454346648af065eab0ee7d80f19485f5238ba82eadf5eff14ca75cd42e5d56fea69d5718cfb5b1d40d760899b450e66884558f3f25b7c3de9afc4738d7ac09da5dd4689bbfac07836f5e0be432b1ddcf1b1a075bc9815d0debc865d90bd5a0c5f5604d9b46ace816c57694ecc3d40d8f84df0ede2bc4d577775a027f725de0816f563fa88f88e077720ebb6ac02574604819824db7474d4d0b22cd1bc05768e0fb867ca1c1a7b90b34ab7a41afc66957266ac0c915934aaf31c0cf6927a4f03f23285e6f24afd5813849bb08c203ac2d0336dcbf80d77f6cf7120edfbcdf181db107ec8e00f32449c1d3f5c049a92694b4ea2c6ebe5e2b0f64b5ae50ad3374d246b3270057e724a27cf263b633ab65ecb7f5c266b8007618b10ac9ac83db0febc04fd863d9661ab6e58494766f71b9a867c5a7a4555f667c1af2e54588f162a41ce756407cc4161d607b6e0682980934caa1bef036f7330d9eef01ecc553583fee5994e533a46ca916f60f8b961ae01d20f7abf0df6141b604de733c636b42018cd5f1d1ef4f84cee40fc: +31010d1d67eb616348e84792b92d5dc128553cb52f6368159fe7b816cd0e7c37266543d96787ca901fcff06e6e434491ae0970880a5a187d535edb19db5cabeb:266543d96787ca901fcff06e6e434491ae0970880a5a187d535edb19db5cabeb:39f89a5e7aa530b5463d498f8035b9909d55da527cdbd4de6d228379f089e608a9207a2c5b9c42051a60c8ca3fb97a1c06cd747d9d0739970ceb88ce526f971140ea2ec21f090ba075bf8975faa508b1cc10efa494dc172e6d3d3f3f75dc8e0e96f05c0cccb2f96e911cfa7a2c82c9845018bb1f9d75f82e3dfe1139347b2ac058b014ac93760c90f5567ab5c4eba04b49fb09ddadd305be511dfe05c96ebc86fd67b5d0ab57d85f4fe5e2f0fa9d88a68f0f6b6bc8bb944eb3c0b17557e55d5ea187d922a42813e69057c9b6a7f75e49921b7079e58f8a63719ee3e1ad10cf0e8a70c4f1540218b70494bd029ee02ff9727a7d85d377919ec4051479b70f7cd6767723fe42c1c7899c2b7c1f702dd6b4d13b672d488f34a0e969db79cc2cb2524a948a8de4c5b623ecd90d6e82d97033c125637d1cd8c84803d8fbc012846ffe484f6c02149258f9462fa1e99c307dd0062fe0b6f11eee40c2629ef7c0f6a5107259ea5b9ffb6f29f12c32f7b5228cabc986ab66450af9dcc3da09d0e0b9a4:7b1eb677c3e5e6a8b4ba69fcb7f6b1870e42a8d58958a35c674e2db82107481c4c7b37f0f689d39d9f51e181b17b1108c15a3e27b29df3a4315dcc4faf12220539f89a5e7aa530b5463d498f8035b9909d55da527cdbd4de6d228379f089e608a9207a2c5b9c42051a60c8ca3fb97a1c06cd747d9d0739970ceb88ce526f971140ea2ec21f090ba075bf8975faa508b1cc10efa494dc172e6d3d3f3f75dc8e0e96f05c0cccb2f96e911cfa7a2c82c9845018bb1f9d75f82e3dfe1139347b2ac058b014ac93760c90f5567ab5c4eba04b49fb09ddadd305be511dfe05c96ebc86fd67b5d0ab57d85f4fe5e2f0fa9d88a68f0f6b6bc8bb944eb3c0b17557e55d5ea187d922a42813e69057c9b6a7f75e49921b7079e58f8a63719ee3e1ad10cf0e8a70c4f1540218b70494bd029ee02ff9727a7d85d377919ec4051479b70f7cd6767723fe42c1c7899c2b7c1f702dd6b4d13b672d488f34a0e969db79cc2cb2524a948a8de4c5b623ecd90d6e82d97033c125637d1cd8c84803d8fbc012846ffe484f6c02149258f9462fa1e99c307dd0062fe0b6f11eee40c2629ef7c0f6a5107259ea5b9ffb6f29f12c32f7b5228cabc986ab66450af9dcc3da09d0e0b9a4: +8ff2398cd51f51d4c2c57869a2218b8486822031f400729f4ac4d5909c48bafea5a88704b68677be3d16c3dc0052cfee6e2b30e08609059d4cba52c6d96061fb:a5a88704b68677be3d16c3dc0052cfee6e2b30e08609059d4cba52c6d96061fb:993953e47a341188bc592942e1557af29546e4e9368e2f1a5ee9806e2baf66b6190191fc5d2b7e47de37ff054fb2bbb1f031684ada5d607adda3d65433122fa904e0456faa84109bbc517f8ad39660876382adcfed0f7620cf1164622eacd91eb37a8596462ebe9ebe26bdc1e32cc34ad46fb1cea420e73c31215408e6d35425f44a829b132f631a3f6dd4b873a000667e19eb22fffd5903aaa7d4c8fdf21953c3c6178f5f8cb2aa6bff92894ead835888df060a3c9043026e0e2cef275497e7d105df3b644a98f26bf00105c99413ee0af8851954d65ceb8d79ad3071b8bb87f0b19743d2556ffd9819830b6eebf7ecc7e045661f43570ce9fdbbe2d252406fa90d04236f222c429ec16b1287224ada1a532161ae8b481bcab8d47afb3ed0445b3060fd6759179856f4085c1e585fd7c1409799af693cf427bd1d3dc10b5ae3447a8d2a18dc3a12a6860b22175dd5eb53a0950432e2d7aefece8af0ade3d8567743de43690f2d253723c5d7e48bd30d2937593701cecde9154b7665cb611d7d:417a647829c92898e520ff5311daa0a139cd8fffcb25a18e6d9b50cb52cbc35424c39ebbb5d5ac6a6d63f1f53c4df212f7025a8aaef8e36493c874c3ce341a0e993953e47a341188bc592942e1557af29546e4e9368e2f1a5ee9806e2baf66b6190191fc5d2b7e47de37ff054fb2bbb1f031684ada5d607adda3d65433122fa904e0456faa84109bbc517f8ad39660876382adcfed0f7620cf1164622eacd91eb37a8596462ebe9ebe26bdc1e32cc34ad46fb1cea420e73c31215408e6d35425f44a829b132f631a3f6dd4b873a000667e19eb22fffd5903aaa7d4c8fdf21953c3c6178f5f8cb2aa6bff92894ead835888df060a3c9043026e0e2cef275497e7d105df3b644a98f26bf00105c99413ee0af8851954d65ceb8d79ad3071b8bb87f0b19743d2556ffd9819830b6eebf7ecc7e045661f43570ce9fdbbe2d252406fa90d04236f222c429ec16b1287224ada1a532161ae8b481bcab8d47afb3ed0445b3060fd6759179856f4085c1e585fd7c1409799af693cf427bd1d3dc10b5ae3447a8d2a18dc3a12a6860b22175dd5eb53a0950432e2d7aefece8af0ade3d8567743de43690f2d253723c5d7e48bd30d2937593701cecde9154b7665cb611d7d: +ef816c8f5ec34ef41f68831d90cd29e52de8973782d003ee4edada2ada2691d647f9b363a88a45053a05bb72160852bfe8f7dfefc2f37283de346752caf092cc:47f9b363a88a45053a05bb72160852bfe8f7dfefc2f37283de346752caf092cc:9593c35cdec535bebb6965da68eab0b646bffcfbd04883bc4cef90d5d01f018c63c9b0ddfb3cef5e786284d5218caaaf060e9288952f16301ed8a4c1bcee256356a0c8bda359fbaa2782b10c86d18e20f7a0ec99b27a0b4dbefc0a262a3bf68fe81444dcae5f693eb0f16e6ee03f8fcbf3a3398146d20ec4d2657761fd0320fee7ea703c49a6a543bc9bba911e7925038710e8c36552d476d6027f58b2c52ba51ad65ea4f039c78f96b889102bb4bdd69b68e9c3d45b5176a2d82b0b95dc321016370dae30c3936515db0464c41774301c74e42d89b8bf4b9c19ed554b12febac0f60ddb3219ccc5603531dbf2eb5f293425d72ccefa0c7f144aba89347b296be87ff18994b4a0c70c930f059303b5dd4c8fe1e6bbc3cd68c6c0d84246dc6e6140a2abd1780b13f1594a6019d1778b7cbb3a3e3a34bfae7297f0b3edc376941c32352a4be314b84a9d8d6d7f1f38a0ad3798020aa2a331a402be9c704484744a730cbdedcb904b6fde708fbd14bfdc29efd461d1d0b5825de0bc79422b69a2722f:65c5d10ea7bfdbb38d55364a9968f82b548224dff3363b2ddcf585163dea27dc63b0563eb1a8dfbee951d3c9b33fcd6bbf0921c3abb21786b229069bd9ca000a9593c35cdec535bebb6965da68eab0b646bffcfbd04883bc4cef90d5d01f018c63c9b0ddfb3cef5e786284d5218caaaf060e9288952f16301ed8a4c1bcee256356a0c8bda359fbaa2782b10c86d18e20f7a0ec99b27a0b4dbefc0a262a3bf68fe81444dcae5f693eb0f16e6ee03f8fcbf3a3398146d20ec4d2657761fd0320fee7ea703c49a6a543bc9bba911e7925038710e8c36552d476d6027f58b2c52ba51ad65ea4f039c78f96b889102bb4bdd69b68e9c3d45b5176a2d82b0b95dc321016370dae30c3936515db0464c41774301c74e42d89b8bf4b9c19ed554b12febac0f60ddb3219ccc5603531dbf2eb5f293425d72ccefa0c7f144aba89347b296be87ff18994b4a0c70c930f059303b5dd4c8fe1e6bbc3cd68c6c0d84246dc6e6140a2abd1780b13f1594a6019d1778b7cbb3a3e3a34bfae7297f0b3edc376941c32352a4be314b84a9d8d6d7f1f38a0ad3798020aa2a331a402be9c704484744a730cbdedcb904b6fde708fbd14bfdc29efd461d1d0b5825de0bc79422b69a2722f: +45eb0c4dfafa2a7690ef579c095456ceedcd32f0b6144d0c380f87fb744a0b1ffc85632c98384b5f9682aed9cd664cf1f48e588be2d568e5c734494df4c712b8:fc85632c98384b5f9682aed9cd664cf1f48e588be2d568e5c734494df4c712b8:6f66d847405a03d7bd6f8d2897dbdf04e76d7df2d9470a4996b7dd6db88500f8f4f83e960e219a2486e24545add13614550414d827c41a9b08318daf01b15214c64a4266cbf8a5717ada3e62c26729073e16ddbd66f2d520e1e09935de05e4db11c396d477010aec66aafb762e69238d0b9e76b452454bf9e451e76ac79e6990d41b932bc32917093783c91bc9cf0bbe3b514070a1e692ff34fd06b66ea11f39e10af933ee96d8e9b677cb03737e7964eeaa725f121207f9c1b26a96c616df7cb7caef47bda901368ff2ea586e422e65bf21a691bdd2c13e67fff58cfbfed81782049dafa0f727df88623f2f7e8f262daf939542a187b8720a9b6b2b09890e54876b28a43874abbe3bfa981f8138b772c5d51736885f86acac2215a0b010dfc2c6b150845d4f8296252586a3e115f303c3d8a582e20fd2d43f6c446e5d00280ec179823b7fb4c1b0feb94eb4ef1707f5184e3b52461a7562d1f307cb751cdbbf6eae49ffae91862358e74e9548822b8a049fec6bf4c7a99cabbe09206577b657e31f:55851de8e1092f78944f6c6dd95bf07e2dbc8df7f57ad576829b978e3af58a7a8e94ed4dccbc0182467edf0bad4bae7ca84aa9a0c17c61a9e0ddff1d7525d7046f66d847405a03d7bd6f8d2897dbdf04e76d7df2d9470a4996b7dd6db88500f8f4f83e960e219a2486e24545add13614550414d827c41a9b08318daf01b15214c64a4266cbf8a5717ada3e62c26729073e16ddbd66f2d520e1e09935de05e4db11c396d477010aec66aafb762e69238d0b9e76b452454bf9e451e76ac79e6990d41b932bc32917093783c91bc9cf0bbe3b514070a1e692ff34fd06b66ea11f39e10af933ee96d8e9b677cb03737e7964eeaa725f121207f9c1b26a96c616df7cb7caef47bda901368ff2ea586e422e65bf21a691bdd2c13e67fff58cfbfed81782049dafa0f727df88623f2f7e8f262daf939542a187b8720a9b6b2b09890e54876b28a43874abbe3bfa981f8138b772c5d51736885f86acac2215a0b010dfc2c6b150845d4f8296252586a3e115f303c3d8a582e20fd2d43f6c446e5d00280ec179823b7fb4c1b0feb94eb4ef1707f5184e3b52461a7562d1f307cb751cdbbf6eae49ffae91862358e74e9548822b8a049fec6bf4c7a99cabbe09206577b657e31f: +709d2e199006f5369a7a0bdd34e74dc784be33880ea3c5dd10ed5c94451e797206f989202ba2cbc9c150be611262aca00c45f012f89fbaf89f8ceccba0b1934a:06f989202ba2cbc9c150be611262aca00c45f012f89fbaf89f8ceccba0b1934a:62f003140fa09e0387d187a0ff96c4563df9f4e28c2282c0183ac3eede1312354921f780fca5361d3068d29949630b7530cd5914ace0468d014b6f53d839b82e38817dbf2d8392c3ce3424eab86a24d804c7acb1ce7acfe0a1cda4393924283105da4a7741196e027550047f85b7a0a01d454124efc0e299f0ef9ad14350543053482261528baa56e65999ac802c00a336267c635106b26403c19f391d53bd82861d6d48a4380b3043aa91d649536881204eccb0de20d43e5a3755b7f600916eccae42a0c9053b462d9417a13d67d778264a896e8eaf90baf66d29e5438a716781123a89fa9b8beef91d965af2f4a1a5bd5d2e2aaf46d5c94b7709cdd38d05feee4bfb76a359077c16bc4be9116e69001271cda565bc19bf47d4f986bd9c0d184cd8a3520ca1bdb4b505aaf7cb4ec9f94789779d30714e79116dd5019d59b28b17dad96f4e2155ad9c61274addc6b638109504e9ed19f4eda5377762648c4098224e3391043e4c2ad591654c9e7f974efdf0b0504b6fa5f646cecf44cd372412372505:629bf97b0c78ee6a9c8759fbea28224e27abbb6cbe4dea5bb797e6e0fe80c913f953e3a9b623352d13acf4ce6250fb029a1e198d72bd5e7402e60e9e48ca350162f003140fa09e0387d187a0ff96c4563df9f4e28c2282c0183ac3eede1312354921f780fca5361d3068d29949630b7530cd5914ace0468d014b6f53d839b82e38817dbf2d8392c3ce3424eab86a24d804c7acb1ce7acfe0a1cda4393924283105da4a7741196e027550047f85b7a0a01d454124efc0e299f0ef9ad14350543053482261528baa56e65999ac802c00a336267c635106b26403c19f391d53bd82861d6d48a4380b3043aa91d649536881204eccb0de20d43e5a3755b7f600916eccae42a0c9053b462d9417a13d67d778264a896e8eaf90baf66d29e5438a716781123a89fa9b8beef91d965af2f4a1a5bd5d2e2aaf46d5c94b7709cdd38d05feee4bfb76a359077c16bc4be9116e69001271cda565bc19bf47d4f986bd9c0d184cd8a3520ca1bdb4b505aaf7cb4ec9f94789779d30714e79116dd5019d59b28b17dad96f4e2155ad9c61274addc6b638109504e9ed19f4eda5377762648c4098224e3391043e4c2ad591654c9e7f974efdf0b0504b6fa5f646cecf44cd372412372505: +5151617421aadc9c95a442b45e7ff6de06a2c733b85bd789fbad414ee3c91add14941d559761b30ab0a86d47e0f7d1896b33784527c80af41cb84810cbff9dbf:14941d559761b30ab0a86d47e0f7d1896b33784527c80af41cb84810cbff9dbf:216e9d40bcdc3b2650188d121c9f8ef29e914facd022fe01b90ed11225f2eb93538e5fcee5ab8045e9199aa76a16bdd0616805660e247fecd7e22821b69b1f8e8a58ac3fb85691d75d5957a1daf53ff9ee6476d7c4bc541e6ad38e3a34ea90fc52a48b9399f92d17c9bb0d7fc3104c55d0efb4ea5b831ff9490b3f79f4d9d699594b741566f2b50a8fc78cc403fa40f5abb6638a32f449a8b3ef029c402f46931ad2bd3e8e683108714c989ae21689e9c444b9f55b81119bb5035bcf73e97ce43a2218c7bc3e430d1e814f34dee057265d3194b9f43875d8381f525f78576e64ce692584faa30fb743a12d1b77614d2e10a6b856b52be27cdb630ba1f0d3a6f8ea9844542e584ea0a2777527d0c52aca949aacda45ad83d16d5c83d663adb79cad6f3e39e990fe282a14c353aa2379d7f06adab74cea021b8983a57f1d0cf703292eb05ece89c53f3a1265610e0c1ea8ddd444d1ffd6bc3d03f0a6e4d0df5c5b8dc1f95d9f5558b118afe6bea0f6c2931363f03ab34e757d49364174f658efbbf38dc177:fae4773b334460c77bf01ec6366c4fe61c0cab57d8a4b03909c619e11ee3461c13fa21576f63870e423dd04181e4a7013a7524f246fe33853c674162a7815104216e9d40bcdc3b2650188d121c9f8ef29e914facd022fe01b90ed11225f2eb93538e5fcee5ab8045e9199aa76a16bdd0616805660e247fecd7e22821b69b1f8e8a58ac3fb85691d75d5957a1daf53ff9ee6476d7c4bc541e6ad38e3a34ea90fc52a48b9399f92d17c9bb0d7fc3104c55d0efb4ea5b831ff9490b3f79f4d9d699594b741566f2b50a8fc78cc403fa40f5abb6638a32f449a8b3ef029c402f46931ad2bd3e8e683108714c989ae21689e9c444b9f55b81119bb5035bcf73e97ce43a2218c7bc3e430d1e814f34dee057265d3194b9f43875d8381f525f78576e64ce692584faa30fb743a12d1b77614d2e10a6b856b52be27cdb630ba1f0d3a6f8ea9844542e584ea0a2777527d0c52aca949aacda45ad83d16d5c83d663adb79cad6f3e39e990fe282a14c353aa2379d7f06adab74cea021b8983a57f1d0cf703292eb05ece89c53f3a1265610e0c1ea8ddd444d1ffd6bc3d03f0a6e4d0df5c5b8dc1f95d9f5558b118afe6bea0f6c2931363f03ab34e757d49364174f658efbbf38dc177: +38bed445556de74482bf5fec0506f9af330b151e50d4774dfe8591d7b7e0276b4c0f9c49a42f4047bfe6885551c5e4b856cf771a67af3f89dbf602f9db9220f3:4c0f9c49a42f4047bfe6885551c5e4b856cf771a67af3f89dbf602f9db9220f3:0ff0031df0beeff3710c6b763f9b8ec81719bfa1528ce46519adf3d3412d93fb188fd497d5d17091c0f0345960dd0eb0c09fc4005173665d4d97f95c13828bc76b3492b87a4b64253c8b5fa47aa75fa3b86d5abeea8de5959a602289136f60a69b309e773b2255cde19ed2a2e199c33db11c16ade08a319750b851d92c692924fc9859be523431cbe78ec092db1129210ebbeaa7c2a2c000eeb105ca0301a48f3e45fdfb15b275cbab83ca5c99d737a585320e9e3b317179bd86467fa9694fcdb2ac6ad36ed7144843dbc34e423d35afd7d8972a1c43c199a191abd6ceba4936d395c995a3eb13cb057f88a9dc9490fe98845ee5d26a89fb642a2a516dc3056c54d3637213363a8628a42a395d942b954a89e8ef7a744d8ae5adac88c616efaa90e2077205a60baffede5c87bb14dead306229495f698f3e490616966b1636387d0d86183f945b24a9dcfccf4d36722cd12ebb6bd8e78325752afa2b1abd13c4bdbcadd170869136826242acfb721de5ff27ba8aa0c018b225ed3404803ce9fa2d508d8944:f702d0d463282fc7fd5f8f9029b89c626cafd83450c3bb9dd8f6589f0c4b4b71f649ea212e5e33487c59c168ea3ad83150f1fcdfe8c53eba65adc2023c25830f0ff0031df0beeff3710c6b763f9b8ec81719bfa1528ce46519adf3d3412d93fb188fd497d5d17091c0f0345960dd0eb0c09fc4005173665d4d97f95c13828bc76b3492b87a4b64253c8b5fa47aa75fa3b86d5abeea8de5959a602289136f60a69b309e773b2255cde19ed2a2e199c33db11c16ade08a319750b851d92c692924fc9859be523431cbe78ec092db1129210ebbeaa7c2a2c000eeb105ca0301a48f3e45fdfb15b275cbab83ca5c99d737a585320e9e3b317179bd86467fa9694fcdb2ac6ad36ed7144843dbc34e423d35afd7d8972a1c43c199a191abd6ceba4936d395c995a3eb13cb057f88a9dc9490fe98845ee5d26a89fb642a2a516dc3056c54d3637213363a8628a42a395d942b954a89e8ef7a744d8ae5adac88c616efaa90e2077205a60baffede5c87bb14dead306229495f698f3e490616966b1636387d0d86183f945b24a9dcfccf4d36722cd12ebb6bd8e78325752afa2b1abd13c4bdbcadd170869136826242acfb721de5ff27ba8aa0c018b225ed3404803ce9fa2d508d8944: +055460b32dd04d7f4b2311a89807e073fd556565a4771857d882794130a2fe5d260f8fed4bba30b9e12ad8523fbb6f57f0a7a882550061f1da46fbd8ea442221:260f8fed4bba30b9e12ad8523fbb6f57f0a7a882550061f1da46fbd8ea442221:7407f96ee3e79c69d36ce1f64e4f188655ea68b947e7e2be97b05ebc6d4439e950276ef3f0e6a03dd48b24f66929b49c1580eb468807e1e7a25eb9b94da340c53f984f8b81603efb61047bf3f14b686d9798003d2f68589a79ebfad54409c71c90ff67c11fbd76cc72c2d145f458e42f88b75d250eadcafe66bf37ffc837b62ff006685b7f85a9d875fc078c82e61fe35d1922527a551dab62f9e477499146bad912203e664c417c3679c02d872abac0032f8cc77f77bfe54d3326fdee9276a48ea4eb251350406882d08c830e7649fe6854558a7513ab2d8d2ac3e5ced8a808d2aee454779edabd1aa63bb19f718f470bdc8451cd9b294941e3497063b1e39b6ca184562fe838cbfeee922de24ddfcf9882c5e615b11bf904817fbd647139db80b4e8feb37f11e1852d7e876db9cb63c94d7ee34192f7200b5bc77a0311ae43b806ebd4c2896c53f58f7ebc1625cb20d7107ef9db0da28788523de991ef6c5866b18d8de83a954d3281e06dbf27c4f2382e08cd0e0f6ebae3f961b77fce5a95a9b0621b756f:23f4f1627fbabd7891d7d8489631c7231d22de71864e262ab4da84ea8a13a60feac4dcfb1812f1200444b775f121d7266d755ce9b6a9ad796559c0a26b516d027407f96ee3e79c69d36ce1f64e4f188655ea68b947e7e2be97b05ebc6d4439e950276ef3f0e6a03dd48b24f66929b49c1580eb468807e1e7a25eb9b94da340c53f984f8b81603efb61047bf3f14b686d9798003d2f68589a79ebfad54409c71c90ff67c11fbd76cc72c2d145f458e42f88b75d250eadcafe66bf37ffc837b62ff006685b7f85a9d875fc078c82e61fe35d1922527a551dab62f9e477499146bad912203e664c417c3679c02d872abac0032f8cc77f77bfe54d3326fdee9276a48ea4eb251350406882d08c830e7649fe6854558a7513ab2d8d2ac3e5ced8a808d2aee454779edabd1aa63bb19f718f470bdc8451cd9b294941e3497063b1e39b6ca184562fe838cbfeee922de24ddfcf9882c5e615b11bf904817fbd647139db80b4e8feb37f11e1852d7e876db9cb63c94d7ee34192f7200b5bc77a0311ae43b806ebd4c2896c53f58f7ebc1625cb20d7107ef9db0da28788523de991ef6c5866b18d8de83a954d3281e06dbf27c4f2382e08cd0e0f6ebae3f961b77fce5a95a9b0621b756f: +e9f6d31b936942c526e0f9ec4f5a7ac25fa789e0c434bcd9199d720c743c84c432126d26e28231c5b585b13f43a01c6fe542946b07d3a91e57d281523f5cb45c:32126d26e28231c5b585b13f43a01c6fe542946b07d3a91e57d281523f5cb45c:e88133f3d17642d5c22779a85316ba0df34c792b4efee49ed7dd93ca3322ef47c72e5b2e4595c77800434b60719adf54e4c1a34c89fa1e27ee8d35a0921f9755ac4a77a6c1684ea0f5c8ee5f759ce59bfe8315800a67aa6c64ddfaac92eabe6c2c613779784b3affafcc620f2a6dc5cb8d8dc7d74aa4d79494678494e5e6394c433c14809ff40c9a592d0d694a81103b44531e1f48bc13965d15af8bf3340488f8cd58f09ae1a6616bf85ac9de7e0c6696aa2f1bec15e17a44da4a84edb4ec6d77247788ba0de3ae12a155cbedc0da2f568eef0b75a877ea5b0c2c0d4bf2c61d468a46faadfaece35fc263a9be9987f4f7f78f05c707784378c7b8f7daf9ac3a122aad39a1677966da9ef286c9e062c4f439ad0bddea26e54b2f7388e238b2a64928450d34564c5a447e7afbbedd1085f1f24c11ae084322d1a32cf8aa473941f00d56b1618213cab3900aa606463d9f800e926f9f42d4b082d8c5ec3a4a025b45f9aadc8bcbd17091b3da49e9453dc55e89b5b5fe6b31f5eddad10b6601572568d8e205d3251a:7e3b1c4c716c808e90b974458915f3b2239c42077119fe270788fae520578bd7da6488044132e1bef23e3b23c34d9c1862744f28fcaecda6cac0fd72b93b6a0fe88133f3d17642d5c22779a85316ba0df34c792b4efee49ed7dd93ca3322ef47c72e5b2e4595c77800434b60719adf54e4c1a34c89fa1e27ee8d35a0921f9755ac4a77a6c1684ea0f5c8ee5f759ce59bfe8315800a67aa6c64ddfaac92eabe6c2c613779784b3affafcc620f2a6dc5cb8d8dc7d74aa4d79494678494e5e6394c433c14809ff40c9a592d0d694a81103b44531e1f48bc13965d15af8bf3340488f8cd58f09ae1a6616bf85ac9de7e0c6696aa2f1bec15e17a44da4a84edb4ec6d77247788ba0de3ae12a155cbedc0da2f568eef0b75a877ea5b0c2c0d4bf2c61d468a46faadfaece35fc263a9be9987f4f7f78f05c707784378c7b8f7daf9ac3a122aad39a1677966da9ef286c9e062c4f439ad0bddea26e54b2f7388e238b2a64928450d34564c5a447e7afbbedd1085f1f24c11ae084322d1a32cf8aa473941f00d56b1618213cab3900aa606463d9f800e926f9f42d4b082d8c5ec3a4a025b45f9aadc8bcbd17091b3da49e9453dc55e89b5b5fe6b31f5eddad10b6601572568d8e205d3251a: +6bf4caaabb96854a38a572f4ce6c7838f7e750118c73f2723582618e2307f83808126373d056f00e54b8d43d77c35f5f919833e90d8aafd6c8246d27917ad091:08126373d056f00e54b8d43d77c35f5f919833e90d8aafd6c8246d27917ad091:4776e9d60085481fa537bf295bdabd8b1cf632a8cd40bce6bd325c129f977000e88468ebf2dc158ac0f207212db00fb60b8ec8bae229372e9a6b01530a7ed1bc9d389ec8913f59030d5b54af56ae1ccc28f37cc96a8e53204e92a677766adfaada99b0281f867f61ac9ff7d972ee3ed427d72faae75d4aec01b5ffc37061b6f0f7e5714c4cf30d5b731b0746065f19e4c8922dde642f80fe24a3c8dcb2e5f1c266e2af6c37decf55a2baa54f0d5cf0839370c3e0b4e77a4f36bbb3162014933a4a4ebcae8c60961ac6dcf134f30828d31402ae74e7e8513c9d2ad8ee46b7a9d53a1f87ebfce04f461bded1749b6fc4c4f25793525692d7a0e426c84e06082cc3e6abb51368370cbb106c7a0897f66d92c9739cff9f2706d6a2980ecea3ac4945f0f47e656bd9637777e853d2a839104327dc049ebc34f049d6c2f80eca99db7b418424acef752260d2d427949323997cd9617edf50d441d0088b1d47912e35cf542315265829f383f45860d3b45e735bb2f8586dcf58db4f2acfb4a68853a96eed7b89769d365613:d2113f80d6cf928486a250a679d6e74b35ea9d26061fa94d769e1a8fbfa0a734227f55537e4ebff59336db141cf5d6d482a0711f1e9fc72ff70956a11b4fb9094776e9d60085481fa537bf295bdabd8b1cf632a8cd40bce6bd325c129f977000e88468ebf2dc158ac0f207212db00fb60b8ec8bae229372e9a6b01530a7ed1bc9d389ec8913f59030d5b54af56ae1ccc28f37cc96a8e53204e92a677766adfaada99b0281f867f61ac9ff7d972ee3ed427d72faae75d4aec01b5ffc37061b6f0f7e5714c4cf30d5b731b0746065f19e4c8922dde642f80fe24a3c8dcb2e5f1c266e2af6c37decf55a2baa54f0d5cf0839370c3e0b4e77a4f36bbb3162014933a4a4ebcae8c60961ac6dcf134f30828d31402ae74e7e8513c9d2ad8ee46b7a9d53a1f87ebfce04f461bded1749b6fc4c4f25793525692d7a0e426c84e06082cc3e6abb51368370cbb106c7a0897f66d92c9739cff9f2706d6a2980ecea3ac4945f0f47e656bd9637777e853d2a839104327dc049ebc34f049d6c2f80eca99db7b418424acef752260d2d427949323997cd9617edf50d441d0088b1d47912e35cf542315265829f383f45860d3b45e735bb2f8586dcf58db4f2acfb4a68853a96eed7b89769d365613: +5d9585736ab209b0abe8bf74aca4eea4f6d1650b532550a223e044580f8e20dee77729edfd2144b2b12078765417fa21f1594f09b269e9b6706802b4f3bdfe85:e77729edfd2144b2b12078765417fa21f1594f09b269e9b6706802b4f3bdfe85:08693591e6c58a5ead9c85fe8ec58508f81a3467636c2d34fcc1f466e5c6dafdc37c35cbee35589c6997e2b15448132744e5a1e131bb49bf5c2563f87ead3efe01e88cbf24cc1769c78cdfc167e378215b15859c7a28ece70e188fa330267d3fc57b4ace6c1520ec67875067fd33be86f4a1967afb3eb164c797cf28d8072aa69d82afa38374f8e5797c4c28471b7d69f5b9c7b4acdbc19f3c5c5d400808a982a47837aed1b3841d69890eeb31494e10e3e513d12d0ca686c7ce651778092703fef0dcc0214077dfb361251bdea4364dd41b97bceb0fb1475a50e4708f47f7878c74401e9771cc3fceace89169981aa77250850090d181d8358ebba65e290acb0352bece8c579832a601551816d1c05621ccbbee0fbe39ea2f195393199e69c234c2fb1c37e474840860ce609161fcfce2869574be0d38f95e20f4f8725247b9627b46e834905101ac12b934cbf87cb2d190d2f51490a82c4e810eddb81f956a9f36bda497bca506a49ee9cd47fda5b7f2b884a3648cadd12ab61898ada46ecc970f81dc9f876845db:e7b08e1d5809fdd8529443d65ada5dd655ea55b5415a011393be7071676486d358e8d2a460ebe075b0e701b24c9e3ab5f2b033592d4de3b7f37fd541f692090908693591e6c58a5ead9c85fe8ec58508f81a3467636c2d34fcc1f466e5c6dafdc37c35cbee35589c6997e2b15448132744e5a1e131bb49bf5c2563f87ead3efe01e88cbf24cc1769c78cdfc167e378215b15859c7a28ece70e188fa330267d3fc57b4ace6c1520ec67875067fd33be86f4a1967afb3eb164c797cf28d8072aa69d82afa38374f8e5797c4c28471b7d69f5b9c7b4acdbc19f3c5c5d400808a982a47837aed1b3841d69890eeb31494e10e3e513d12d0ca686c7ce651778092703fef0dcc0214077dfb361251bdea4364dd41b97bceb0fb1475a50e4708f47f7878c74401e9771cc3fceace89169981aa77250850090d181d8358ebba65e290acb0352bece8c579832a601551816d1c05621ccbbee0fbe39ea2f195393199e69c234c2fb1c37e474840860ce609161fcfce2869574be0d38f95e20f4f8725247b9627b46e834905101ac12b934cbf87cb2d190d2f51490a82c4e810eddb81f956a9f36bda497bca506a49ee9cd47fda5b7f2b884a3648cadd12ab61898ada46ecc970f81dc9f876845db: +60b142f165114143ca30a604fef51c686436aa1b9afdb266b3e398ccb3c4d855eaf6c5a76ca99bf7306498888c3b7a1feae98bf8988d7f2e1547f8f53a4528aa:eaf6c5a76ca99bf7306498888c3b7a1feae98bf8988d7f2e1547f8f53a4528aa:1815dee1173b78264720d35b7cc2454a000a65fff214e2473e20bc83f3ecde9c04c1e0696ce6e55519dd2a75ce0464bf601adc381e793ecb9f8ce7ab87b6ca2a3e410f639069451978d14873d3390fab8623969713c3dfcd58d86d124073761ee09a652a48767f9646cb726ac454ac9a1bc5faed3026b703982bc2b1e0758210e1d62519230eb2b2f4a486bc55168560c4363df5ff5adfda11ac7ef51b18196c94337c07aef117990f770c0f1e8c0f88eb6ffc40e8ed7c3a80a632db1e7f63b63096e2ac49e57792b31143e2f4faabceae66b27471681c36fc1139007f9b548cdc6e3b8fbbdaba7a8adb843431238bb461ba24f6e09f62c72d6377b4048cb0134c25a5411a20bfcfc13e48d80e36bfb0da7e0185d33f1928636e15dee0e5df8992a16572b13ea8f7cf85cae32d529f66e8f6d2fb2ad0bbfe7199169b2567ba00c781b20a48e1d70df9fa3119cd7e5bbe58884b0b51218940fa815f85625fa203471cee8084780eb0b9356f9f3d4f6df740301d707ef1ffb3519e3f90b8064b98e70f375d071426881718:a621f084ea1a36ef812a9755c9afbb53dadaae6b3a53fa8344ca40d3612a268a35fed0fd398ab75bcd639c547937c94155ab1a7a3467dd4bfddfacab1655e9081815dee1173b78264720d35b7cc2454a000a65fff214e2473e20bc83f3ecde9c04c1e0696ce6e55519dd2a75ce0464bf601adc381e793ecb9f8ce7ab87b6ca2a3e410f639069451978d14873d3390fab8623969713c3dfcd58d86d124073761ee09a652a48767f9646cb726ac454ac9a1bc5faed3026b703982bc2b1e0758210e1d62519230eb2b2f4a486bc55168560c4363df5ff5adfda11ac7ef51b18196c94337c07aef117990f770c0f1e8c0f88eb6ffc40e8ed7c3a80a632db1e7f63b63096e2ac49e57792b31143e2f4faabceae66b27471681c36fc1139007f9b548cdc6e3b8fbbdaba7a8adb843431238bb461ba24f6e09f62c72d6377b4048cb0134c25a5411a20bfcfc13e48d80e36bfb0da7e0185d33f1928636e15dee0e5df8992a16572b13ea8f7cf85cae32d529f66e8f6d2fb2ad0bbfe7199169b2567ba00c781b20a48e1d70df9fa3119cd7e5bbe58884b0b51218940fa815f85625fa203471cee8084780eb0b9356f9f3d4f6df740301d707ef1ffb3519e3f90b8064b98e70f375d071426881718: +734ba47033c6140232dd4a7a14f1a7743eefe9070bad9662491630cc9d28c1f32fa5df3026d60742e2aff6b57842c7126846c8a7bbe9266efa7b3f2398c357ea:2fa5df3026d60742e2aff6b57842c7126846c8a7bbe9266efa7b3f2398c357ea:5d3c659810c3fea52a6df3861e5cdc5b703cc1cef48558c61d8c51d0edea5a1479cfe5063d82ded9ca681e5748887c40ecfb9e1a9a8b7f8509d10776461c3923399693a78189089178d5aabd15f8c846642be47d6d4caf13824edcefb809868fa72ddf035c4de8ef0a9c832264f66f012761ce6955bc3c416e93e29188025ebbb13a553258c1d7c499c9a4aeb10bb36f61d1bb4cec5ae55d175722b9a9696df881951e35200b9653cf6ed4b3d15de087a9d1c319fce8582156bebf3fc91e0e610ff7a15308fd1d2c6069fbbb2947d3110731d245ae2963014bd76dea42db125cecc493c8e9091a76646577729aed4966fce9699fe12e367d665df9e95a9193e1133e143af92f82b66ac7764e5033178690521809a7107d8ae9b88e0ed1f35b1719901b930ad0e1cbce7fb30267b1155204f605f525e49de2988ea7f74be8815177fd976a1bcc126d9c9c135c5b4276d38019c34aefb7a0220f7f5aeff380aed627b070c2c9e21533bb35c08e394c85ae25e6862942599c65dbae5977a584a88180e0c8c71e5a8409e04ef7:9bd074d1d0bd28001baf7d2d4e82435df08c4264d8cbb1c381183c2f01223f79f94923ca178cac75564e16c7f56079088f7ed885de4d509fbc78f438fba3f6075d3c659810c3fea52a6df3861e5cdc5b703cc1cef48558c61d8c51d0edea5a1479cfe5063d82ded9ca681e5748887c40ecfb9e1a9a8b7f8509d10776461c3923399693a78189089178d5aabd15f8c846642be47d6d4caf13824edcefb809868fa72ddf035c4de8ef0a9c832264f66f012761ce6955bc3c416e93e29188025ebbb13a553258c1d7c499c9a4aeb10bb36f61d1bb4cec5ae55d175722b9a9696df881951e35200b9653cf6ed4b3d15de087a9d1c319fce8582156bebf3fc91e0e610ff7a15308fd1d2c6069fbbb2947d3110731d245ae2963014bd76dea42db125cecc493c8e9091a76646577729aed4966fce9699fe12e367d665df9e95a9193e1133e143af92f82b66ac7764e5033178690521809a7107d8ae9b88e0ed1f35b1719901b930ad0e1cbce7fb30267b1155204f605f525e49de2988ea7f74be8815177fd976a1bcc126d9c9c135c5b4276d38019c34aefb7a0220f7f5aeff380aed627b070c2c9e21533bb35c08e394c85ae25e6862942599c65dbae5977a584a88180e0c8c71e5a8409e04ef7: +45e34d0ef4c196fa6d572b6b1774b5218f7c3291304c13500df7070d90e8039e13a7304dff423359177abafa5e6508d26769ca99cf8af45c383f3ff634406003:13a7304dff423359177abafa5e6508d26769ca99cf8af45c383f3ff634406003:3d9ed5c64b75e135df2f5e85300d90f21b363935e2817556fc9311751ba7535477dec8356ec385efb82b414062f35bb6d3edeafde305f9900a25e9813c9ee0237d46409650cdcdb5dfa2301a8e2647f8d3819d86f7b7e3070d33440f82c4054b1ab5edebeb27f95b3c4c6fdd468f21600f03b3494da200bab9293c38d02fc44048e52ff5fd0f7217a04d4ce912a180d1628f368280b6892672e8ff98d4629ac28b60c02a301e6c6026c1b9e9ef21cf0392df225008d5a0e0284b282631ad1710f811615697066c98296519948a7cfed5aeeb454ee7a61cc271bd3d499be17df09d3a0e790ee6b9bd99e1b919bed4a063b8d1a34f1afd2e952b9dfefd770969c8b2fc37977abb0fee6317253a23ecc97578168973334c8f91763ab97f29c49baeee7b35f3ae7f5cd3a4a6e697ef255a3c2ec0c752a3396f69f663ca1fc2b332dfe6c0faf78afe9c68d99571e8e896c5093085e9863a27648a9e58f3a9a84cbbfe2b41ca3633dd5cf6e82cb77cecacad8d78b353f48db42d99c36bcad170ea9e98abb2788c33a3c706268f3631:b42c1f925f4baccd129efb109db354aca31c6898f4f451294749a26a6da1677bd3a5c04119e35f47319f20cfdfc08bb4528b21009e00bd41ebc0f46863bed10b3d9ed5c64b75e135df2f5e85300d90f21b363935e2817556fc9311751ba7535477dec8356ec385efb82b414062f35bb6d3edeafde305f9900a25e9813c9ee0237d46409650cdcdb5dfa2301a8e2647f8d3819d86f7b7e3070d33440f82c4054b1ab5edebeb27f95b3c4c6fdd468f21600f03b3494da200bab9293c38d02fc44048e52ff5fd0f7217a04d4ce912a180d1628f368280b6892672e8ff98d4629ac28b60c02a301e6c6026c1b9e9ef21cf0392df225008d5a0e0284b282631ad1710f811615697066c98296519948a7cfed5aeeb454ee7a61cc271bd3d499be17df09d3a0e790ee6b9bd99e1b919bed4a063b8d1a34f1afd2e952b9dfefd770969c8b2fc37977abb0fee6317253a23ecc97578168973334c8f91763ab97f29c49baeee7b35f3ae7f5cd3a4a6e697ef255a3c2ec0c752a3396f69f663ca1fc2b332dfe6c0faf78afe9c68d99571e8e896c5093085e9863a27648a9e58f3a9a84cbbfe2b41ca3633dd5cf6e82cb77cecacad8d78b353f48db42d99c36bcad170ea9e98abb2788c33a3c706268f3631: +888ce2ecceda9ca2b948ac1443c2aedd7595aacf36edaf27255bde7a6991dcc0016e572b4f98417c6ee297abd784ea48226ff4fbf0050a5ade8806e7046d3ba3:016e572b4f98417c6ee297abd784ea48226ff4fbf0050a5ade8806e7046d3ba3:5c801a8e664e7660760a25a5e1431a62159fc3f3aa713780ae7cbce23b8564782799bf2be4817ee2921965bab7e1d44833824c1628d42dcee3e46ae42b2816d0a432a1ab0bd21fcf30adb63d8dd76569544343d0035c760522ca68bea72c404edda1e9095ec90f3325681c6de0f4c12d1afbcba2c7871a1b1e1f19c35b0bed9ec2a87c043d36d819396bd5d099e1aa090391297c733f65a8c5d2120c67635316fab25b4d4847a45fc3f76f2e2426dbee4629975062fce14e2189dba27fb1ded2453f001debfaa899c11660612d2ce2ad2f762ea5dee7e71e58adcdcefa79e8e8b27fc4ccf89aabf176b5d34f82dd15d889f9f087dc9ae8a42a72f3b83583616e170637cd1adf38aa6551cbacca3602bdc7ae210c4a446b3af8db2720e549bbedb8bed215ae00f19da29d8fb0b642d27b2d88575f0ee84f3d129eb774d20f537a1c0fdcf717bdebcfe47f8331a341864346fa6a1c6bbfd178819e387a0d5499a68e81cc9f82ad39e31e4dfe71952d5ea5cc8052a3ceed1751f59dc7ecc9742fad144e18dda8d0582e74e39ca8c4:99d83f148a236ebbef1cad88cb3c7694f4986c9250e21c3603a0d941bff199cf77d6ce99efdb20533188d68ad133de033a1fb3468abb706d2b8b4fbac08dfe035c801a8e664e7660760a25a5e1431a62159fc3f3aa713780ae7cbce23b8564782799bf2be4817ee2921965bab7e1d44833824c1628d42dcee3e46ae42b2816d0a432a1ab0bd21fcf30adb63d8dd76569544343d0035c760522ca68bea72c404edda1e9095ec90f3325681c6de0f4c12d1afbcba2c7871a1b1e1f19c35b0bed9ec2a87c043d36d819396bd5d099e1aa090391297c733f65a8c5d2120c67635316fab25b4d4847a45fc3f76f2e2426dbee4629975062fce14e2189dba27fb1ded2453f001debfaa899c11660612d2ce2ad2f762ea5dee7e71e58adcdcefa79e8e8b27fc4ccf89aabf176b5d34f82dd15d889f9f087dc9ae8a42a72f3b83583616e170637cd1adf38aa6551cbacca3602bdc7ae210c4a446b3af8db2720e549bbedb8bed215ae00f19da29d8fb0b642d27b2d88575f0ee84f3d129eb774d20f537a1c0fdcf717bdebcfe47f8331a341864346fa6a1c6bbfd178819e387a0d5499a68e81cc9f82ad39e31e4dfe71952d5ea5cc8052a3ceed1751f59dc7ecc9742fad144e18dda8d0582e74e39ca8c4: +617390857dc10cdf82b5c94261f58ce2d44aa2f57d298f08a2d6c74d28147daf89e0c3e0a0f130d1916e0e3849b7286fa2e3ac4c17bd1f716ee5a72f0257fb8d:89e0c3e0a0f130d1916e0e3849b7286fa2e3ac4c17bd1f716ee5a72f0257fb8d:1fd9e7453eaffd7c9b54055622dde170dd58b71cb945de75351d5fceb1f536bde25158f03786155f953dc207a1708f90d95b15aca0aee3097fdcaae85e4ab1c2cdb705c53e6c2ed21a994b304a75caf2ce4fc7d61f561e74e297397e2cde5cc69056940343aa81375d0af18d17d2f34c0a71dcf1de3c4fc488a14c5fa6b3337a3174b1da7958fb00bd5955148221427c60dba04117c80d2488656dbd5343de891287b50ef4df9825eda76b4977f3acd4ab6d3102fa56878306cd76561491bcfdaa1da567e677f7f03bae5dbf4426c3c4a6c3d082f9178b2efdd2bd49eee97ef4dcf3f0f51bbdeffe5ae6601e28019518f827f02e51f6679b8715978bec3e69d577156dd719959371baf034219fbbd17a2369a8541490f6a02013e33e74f4769be37aefa4defb6bfb3f351c2a261482c2fbec49f85f8445456e8f5a474030cd72d095ef6a622030e1e43a0c5debb034731d2f5e8e4ba3990f077d0c162649d1fa3ea4fe1e81d74aa849e21b059d966cbad4c493ca10bafe7a69243e3c0a6ebfd13d697906303392ba65d4fe06b6a5:63e90a6afbbbb0ee696bfb56efd679d68a9851a8947640a97f41f68edfeadd216ed8698e2e43c820c9044caa7adaab5b76762b681831a9f760476a8443c43c061fd9e7453eaffd7c9b54055622dde170dd58b71cb945de75351d5fceb1f536bde25158f03786155f953dc207a1708f90d95b15aca0aee3097fdcaae85e4ab1c2cdb705c53e6c2ed21a994b304a75caf2ce4fc7d61f561e74e297397e2cde5cc69056940343aa81375d0af18d17d2f34c0a71dcf1de3c4fc488a14c5fa6b3337a3174b1da7958fb00bd5955148221427c60dba04117c80d2488656dbd5343de891287b50ef4df9825eda76b4977f3acd4ab6d3102fa56878306cd76561491bcfdaa1da567e677f7f03bae5dbf4426c3c4a6c3d082f9178b2efdd2bd49eee97ef4dcf3f0f51bbdeffe5ae6601e28019518f827f02e51f6679b8715978bec3e69d577156dd719959371baf034219fbbd17a2369a8541490f6a02013e33e74f4769be37aefa4defb6bfb3f351c2a261482c2fbec49f85f8445456e8f5a474030cd72d095ef6a622030e1e43a0c5debb034731d2f5e8e4ba3990f077d0c162649d1fa3ea4fe1e81d74aa849e21b059d966cbad4c493ca10bafe7a69243e3c0a6ebfd13d697906303392ba65d4fe06b6a5: +877d017436369ec2453fed46e977d6acc3a7be60d31395ad6e7ea9e07480e4c94e65422fed334a55e8b673893eba7c181dd724dda002817b0bae28acdc3f7fc0:4e65422fed334a55e8b673893eba7c181dd724dda002817b0bae28acdc3f7fc0:4ed3f5bdbd41d0e3b0a8a7fc3752eea496d6141678cbfe06757f61e1a168d761b6da83052f7994950d24626f004fbe9b8c9562e0c955fb3b5c08fd2d3d258393a349030c8e156205b40483038be1959f1cba490a87fe13899e4f3752063b68fe3e1c5071f7db0002f01494b4a3ee2e07992bdd200db4316629ee8a95ca347f0b28d6402a6da8b53e6b32581c3691e11ae9b6e0f0494894e649a92d03eb49c4d6833fa1f54f8dcd91d06936a6e62d491e2cea46dd07d9f02d3254b850bc9749f258a61ad3b9cc24b03287331b85a24143aaf8fcccac5f18bfc72dec75c0233516aa6e4589c78c665a186ed902091df97b0d04e83a2d74d789891aea2cacf813fffb5efaf78dbcd7af54ef55c77b1c4c8ace9e9278adc23d76c779d64b3bbbd1fb33b09836ea64a71e4711e89e8da0f709213342176ae22c6e7852c3973b60d9f98889b442aa48d7bfdfdef64c36c586c4fb2ad2e27ebe479f6d722f069fd6106b0d08975d5f721547c3b9c52f9fc5f45bb45b5b632188e80626518a79056bdc4ee1d2be6c6542a21fadea92c6dfb776:7688f3f2401eacaf2dd88e170ff1c4d7e94822a77f6b550b569e82152bbbb434057e01230b05ce58ee1dee5226b5c7cdbe5a8ade3b9465f59aed74145d14330c4ed3f5bdbd41d0e3b0a8a7fc3752eea496d6141678cbfe06757f61e1a168d761b6da83052f7994950d24626f004fbe9b8c9562e0c955fb3b5c08fd2d3d258393a349030c8e156205b40483038be1959f1cba490a87fe13899e4f3752063b68fe3e1c5071f7db0002f01494b4a3ee2e07992bdd200db4316629ee8a95ca347f0b28d6402a6da8b53e6b32581c3691e11ae9b6e0f0494894e649a92d03eb49c4d6833fa1f54f8dcd91d06936a6e62d491e2cea46dd07d9f02d3254b850bc9749f258a61ad3b9cc24b03287331b85a24143aaf8fcccac5f18bfc72dec75c0233516aa6e4589c78c665a186ed902091df97b0d04e83a2d74d789891aea2cacf813fffb5efaf78dbcd7af54ef55c77b1c4c8ace9e9278adc23d76c779d64b3bbbd1fb33b09836ea64a71e4711e89e8da0f709213342176ae22c6e7852c3973b60d9f98889b442aa48d7bfdfdef64c36c586c4fb2ad2e27ebe479f6d722f069fd6106b0d08975d5f721547c3b9c52f9fc5f45bb45b5b632188e80626518a79056bdc4ee1d2be6c6542a21fadea92c6dfb776: +4f0b3607d70b0f2698327ef4f1982c5b4b94be78f50c76f43bd642f1f0ede39b942b43089fd031cec0f99e5e550d65307fb6c3e793449fb390ff730fffd7c74b:942b43089fd031cec0f99e5e550d65307fb6c3e793449fb390ff730fffd7c74b:9f700a1d2560f69d9bc105bc83bff539e4258c0248602013a959b978a19cc273280d90c0178089578b50518e06ad1eab790ffe710c63d78887a95569144f3e58a8837f93dd516fcddd22bc97a7f14411d424b2e8e9aa7c280119ad94ce92533fc7fea6c66248644ac3e1beef2553a6f61e91b9379b0fe0c68b40681455b311f40df0c97f53fc954242c375e7708d61bad9f51296247274fa01a7328fa5009d9995f501ae8683552b11a49d2638116723b1319450a90138d278cd9512b80ca5792ed16c683bef92ec87884c9f07f137dc47a13146e511065c2e1b4b80efde88ae12e29431beb7aee365c16d80506b99afa6a1406edb061766875832dba473e519dd7018f402eb1bb3014b7cee4f02e980b1b17127e7d25dfe0c168c5344f1c90044f827707dca03070e4c43cc460047ff62870f075f34591816e4d07ee302e7b2c2ca9255a35e8adec03530e86a13b1bdfa1498813098f9ba59f8187abcafe21ba09d7c4aaa1ad10a2f28334ab53996147c2459c01b6a10839e0301123d91a35ced7af89afbac7d9cf8ac9a38ceebef83:f396a11f2f03c61439684f79001bd4f346a348dcf1d3beb2d3bfe33ea73a5ad4eb97506acfbffb784e77548189cd599f8ccf17355dde80e75024ef2a78d5fa039f700a1d2560f69d9bc105bc83bff539e4258c0248602013a959b978a19cc273280d90c0178089578b50518e06ad1eab790ffe710c63d78887a95569144f3e58a8837f93dd516fcddd22bc97a7f14411d424b2e8e9aa7c280119ad94ce92533fc7fea6c66248644ac3e1beef2553a6f61e91b9379b0fe0c68b40681455b311f40df0c97f53fc954242c375e7708d61bad9f51296247274fa01a7328fa5009d9995f501ae8683552b11a49d2638116723b1319450a90138d278cd9512b80ca5792ed16c683bef92ec87884c9f07f137dc47a13146e511065c2e1b4b80efde88ae12e29431beb7aee365c16d80506b99afa6a1406edb061766875832dba473e519dd7018f402eb1bb3014b7cee4f02e980b1b17127e7d25dfe0c168c5344f1c90044f827707dca03070e4c43cc460047ff62870f075f34591816e4d07ee302e7b2c2ca9255a35e8adec03530e86a13b1bdfa1498813098f9ba59f8187abcafe21ba09d7c4aaa1ad10a2f28334ab53996147c2459c01b6a10839e0301123d91a35ced7af89afbac7d9cf8ac9a38ceebef83: +b8a0010c784d8d002a31da11d022d30188a4197a1d5f14ea4c0dab29a2e406688bdc63e50bede13c91a41e4b4b7857b9e553f484e3c1ec167dc04c281ea86622:8bdc63e50bede13c91a41e4b4b7857b9e553f484e3c1ec167dc04c281ea86622:5c6ccb298be216808b811e56d972f456b69ad39594eee354701ca6b3e38d1f41a359e5512af98a3a0873265fe5191f4f2ecaf66bee75a3ac0b71a4ddf2a759ebdddbd88a6a1c6fd0fcf7d7cb92a84e3307b4a4f98c710abf4f553dee74f652d2ac64bc30f72bf4354ef7e806a19071a051bcfcfb27e37fddd41eceaec1758e94695c670ef4c5a5902178329db9585c65ef0fa3cd62449bb20b1f13aecfdd1c6cf78c51f568ce9fb85259aad05b38c6b485f6b86076928ddb4e2036f45e7b9c6a7ff24ae1776030e2576825019ab463ebf7103a33072033eacbb5b503f53266afb82f9b2454b8dc057d84f30d9d2cb7c3a31a7dbdfba5b8e49231c231396c47ca042c8e48a1a5e3ec9afe4020595390f9990dfb874e0825ae9ae5e752af63af6fd3e787e75e8d8dc4c66302277ac01b30a18a56cb82c8a7ebdc915b7153255a1fedc492e49660262bb249780d173e1fd20d18c4f6b0b69aa2eca024bf3c80d7d5962cc4a129a7943b27f33cc799a36045541275a2cdb92a40e485ba8b737a04b43d29c3e25f76cb3d93a6b94461f88f5696:b3f6cf4c0e0f9074ff2c2c47e163202f1e9d6ee117cf757633e4abe74423aa70008ada1509ec1dc117c1c230e9b23786f3d0f29b73aa284536e9580106a8a70c5c6ccb298be216808b811e56d972f456b69ad39594eee354701ca6b3e38d1f41a359e5512af98a3a0873265fe5191f4f2ecaf66bee75a3ac0b71a4ddf2a759ebdddbd88a6a1c6fd0fcf7d7cb92a84e3307b4a4f98c710abf4f553dee74f652d2ac64bc30f72bf4354ef7e806a19071a051bcfcfb27e37fddd41eceaec1758e94695c670ef4c5a5902178329db9585c65ef0fa3cd62449bb20b1f13aecfdd1c6cf78c51f568ce9fb85259aad05b38c6b485f6b86076928ddb4e2036f45e7b9c6a7ff24ae1776030e2576825019ab463ebf7103a33072033eacbb5b503f53266afb82f9b2454b8dc057d84f30d9d2cb7c3a31a7dbdfba5b8e49231c231396c47ca042c8e48a1a5e3ec9afe4020595390f9990dfb874e0825ae9ae5e752af63af6fd3e787e75e8d8dc4c66302277ac01b30a18a56cb82c8a7ebdc915b7153255a1fedc492e49660262bb249780d173e1fd20d18c4f6b0b69aa2eca024bf3c80d7d5962cc4a129a7943b27f33cc799a36045541275a2cdb92a40e485ba8b737a04b43d29c3e25f76cb3d93a6b94461f88f5696: +efc86cbe40363abfbb2a4b1fcce5fd6084da96e7e814de71aadf9a618f30362522f295cee727d28d2b9317153e7d9412da1065c1b16ae2a251dd1fb431c62b01:22f295cee727d28d2b9317153e7d9412da1065c1b16ae2a251dd1fb431c62b01:9e4fa45dc026710f6bef4ed0f07c544b0bb0d88fa79e7177d8448bc209d71cfe9743c10af0c9937d72e1819e5b531d661c58c63141ce8662c8839e664db79e16c54d113abb02a75bdf11b3453d071825bc415741e99483546b8e1e6819de53017092e4ef871f1ca0d3508f937828a4667db11ffff9416eebb94bf9b84d654603094834a99ca70b90f562a86823624dfe9cb2f9e88c173f13464d4ce255f222db50dd63ab42465734e75295c064b64cc3f15e6237e37f33d615f7c243e4ba308960cfd4393402525500bb7902970b3931d48b35666a2d4d2ab08fa12af366a004346c9dd93d39fb1b7340f104e51fedbb533605b5ff39cf6d59513f12856dcfa198d793b0fc875cdea0741f1455746d8a19c3e9d928f0021b01c25131811e48c3c75c6f41422a8810c6c81f35b454eeae8cd17cf3f2e6f0bcd9f290984f496578623ab8e2738d2d10840eb91d101cb4a23722b72e3dd185440c3b9f44d46a393a34c187a20d610bb698c50531741efe96323512329800772a408065a7ef8e4e4105eb1f5bf6d3fd6b217fd836d89f53b96f45:f8818310228ca76111524ce94bfcb0246ea63508cee9306592b2f77548edefcf76bd1454508ea715042cec169cea5115ab54235cb1097b10702aa38378028e0c9e4fa45dc026710f6bef4ed0f07c544b0bb0d88fa79e7177d8448bc209d71cfe9743c10af0c9937d72e1819e5b531d661c58c63141ce8662c8839e664db79e16c54d113abb02a75bdf11b3453d071825bc415741e99483546b8e1e6819de53017092e4ef871f1ca0d3508f937828a4667db11ffff9416eebb94bf9b84d654603094834a99ca70b90f562a86823624dfe9cb2f9e88c173f13464d4ce255f222db50dd63ab42465734e75295c064b64cc3f15e6237e37f33d615f7c243e4ba308960cfd4393402525500bb7902970b3931d48b35666a2d4d2ab08fa12af366a004346c9dd93d39fb1b7340f104e51fedbb533605b5ff39cf6d59513f12856dcfa198d793b0fc875cdea0741f1455746d8a19c3e9d928f0021b01c25131811e48c3c75c6f41422a8810c6c81f35b454eeae8cd17cf3f2e6f0bcd9f290984f496578623ab8e2738d2d10840eb91d101cb4a23722b72e3dd185440c3b9f44d46a393a34c187a20d610bb698c50531741efe96323512329800772a408065a7ef8e4e4105eb1f5bf6d3fd6b217fd836d89f53b96f45: +33556c60de2f2c9a9303b99add378592060505f8e49861085a4b15f072a7ef28231ec8cd845859f69961275119dbe4f715e5ec5aa98bb8741675b3c2d0c89fee:231ec8cd845859f69961275119dbe4f715e5ec5aa98bb8741675b3c2d0c89fee:96af540ea2b1923f5fd0aad321ac032070c2d65ba13d164e75c3469758fcf31bb31655cb3a721f9cb34be2c90c77eb65be37f606d32a917a4cb9a709ac0705229930ef6eb6fdb0fa3c0fd3a90ce171674ee3ed06354bafc3c7075467a57445b80385640447902be39262894b1f64fea58287dc322d19875972a7c8be91d31f021c70eb682fdf11a10f8f582a126e064794838c69fdf64f5b6e8ba59d48b4384f8e9fb5c087cc7738295cd32344ba3b697ee6b6a8b78ee7a9575c97972a4d1bb18486f9037a0f3c6f471a90f86498dbc0df5232c07e8c01b690bee75302992a7a36fb4437c25a8bf5e34cf7d5b55572c700a079848d381364f9946a91eb1603ff3de5ebdd523bd92564818e237a53e8f522deaa2c29b897e961586e100ed0fc0ad70d160934e694027e5c957920bc0546e901be39a84535597e1f280c222267abe97f41205d8171820dd2faafc0699419321a9160f69b99fd41180945b62d2dd105cc7bbe821d28605e098edfa8b2309aeb0534e756377f59937c67463fd87c8b92ab58119cf4ce6c665af572fbae1de4a2cc71:e06a7a414457bbbef2bac3775ccad087dacb1fa4bf938894e8c929118e09e678dd19938bc88f43ed0f7d31cc6a0e602c4e4d1fee33d41e74a119fa2d1e4e340f96af540ea2b1923f5fd0aad321ac032070c2d65ba13d164e75c3469758fcf31bb31655cb3a721f9cb34be2c90c77eb65be37f606d32a917a4cb9a709ac0705229930ef6eb6fdb0fa3c0fd3a90ce171674ee3ed06354bafc3c7075467a57445b80385640447902be39262894b1f64fea58287dc322d19875972a7c8be91d31f021c70eb682fdf11a10f8f582a126e064794838c69fdf64f5b6e8ba59d48b4384f8e9fb5c087cc7738295cd32344ba3b697ee6b6a8b78ee7a9575c97972a4d1bb18486f9037a0f3c6f471a90f86498dbc0df5232c07e8c01b690bee75302992a7a36fb4437c25a8bf5e34cf7d5b55572c700a079848d381364f9946a91eb1603ff3de5ebdd523bd92564818e237a53e8f522deaa2c29b897e961586e100ed0fc0ad70d160934e694027e5c957920bc0546e901be39a84535597e1f280c222267abe97f41205d8171820dd2faafc0699419321a9160f69b99fd41180945b62d2dd105cc7bbe821d28605e098edfa8b2309aeb0534e756377f59937c67463fd87c8b92ab58119cf4ce6c665af572fbae1de4a2cc71: +7a5c74314e1183334a4b6226b9a82d70fc2a124e3f87db6a2283ee05b68e34e0beae7d3dd97c67f6273bfaa066131fed8ace7f535fe6464e65791c7e5398576c:beae7d3dd97c67f6273bfaa066131fed8ace7f535fe6464e65791c7e5398576c:98bac6724755912992adc2a48b5442376f2d927997a040fb98efe544eb0c8e1866b9616e298d3360316ed976bd946a411fdd3a6b625c0c1a37af0f41cf6569a7884ab8467491a987df3ea7a0b7ebc4692569a34ce3a2ea3503495b2c02d49d7d7db579d13a82cf0cf7a9547a6eaebe68e7267d45a60b8d4772455228cca4036e282e1a1216f34cef7ea68f938270bdb04293c885d005f9f7e638a8b4ead2626c0945174ff2a3e2d6e15a4c0338c09e1260f0928ca9d3499824f3fedc4785da49c5c34a56855e241facc6347a399ddcac4399a8b158198c151461a3b189e58ec1f7efcf2ab2031fb17b6f035ba1f092e9eee2e92c2d6cc2032287f854b41e70fc61c8d11a2e4f0708f02eebd02e8c7e8c7b38a57bfa1a745f3a86c23909f6f89ab16ce7e1813c1d20147f31b4cf2ad0b606fb17e5ac1ab51ef4a7d8093cee9a655f471dc5b146bd1b93e540a3d3d3e2de8105911c10d6ab5ff79c2d06027f7a54561f2071414bd330a8785442251c810e232f83c367f0be7799a93f5238f7f17b5be829fd89123c04833af8b77e5a4363047ceca7:c2ab1f6f5114a84f218502582c567b37a8bdbcdf6340fa4622873be89106f0a90b4829505f72129df0ab3d8513268774a34df3ad21ce254b464488addd6c9b0498bac6724755912992adc2a48b5442376f2d927997a040fb98efe544eb0c8e1866b9616e298d3360316ed976bd946a411fdd3a6b625c0c1a37af0f41cf6569a7884ab8467491a987df3ea7a0b7ebc4692569a34ce3a2ea3503495b2c02d49d7d7db579d13a82cf0cf7a9547a6eaebe68e7267d45a60b8d4772455228cca4036e282e1a1216f34cef7ea68f938270bdb04293c885d005f9f7e638a8b4ead2626c0945174ff2a3e2d6e15a4c0338c09e1260f0928ca9d3499824f3fedc4785da49c5c34a56855e241facc6347a399ddcac4399a8b158198c151461a3b189e58ec1f7efcf2ab2031fb17b6f035ba1f092e9eee2e92c2d6cc2032287f854b41e70fc61c8d11a2e4f0708f02eebd02e8c7e8c7b38a57bfa1a745f3a86c23909f6f89ab16ce7e1813c1d20147f31b4cf2ad0b606fb17e5ac1ab51ef4a7d8093cee9a655f471dc5b146bd1b93e540a3d3d3e2de8105911c10d6ab5ff79c2d06027f7a54561f2071414bd330a8785442251c810e232f83c367f0be7799a93f5238f7f17b5be829fd89123c04833af8b77e5a4363047ceca7: +da8006adc492ca5dc86c2959437a75deb6120ff787d2ecb9c20c30b52c26bc41ff113bf0aa58d546f2385d444ecb7888f8caba43a174a89fd6065f2b7dc17bf0:ff113bf0aa58d546f2385d444ecb7888f8caba43a174a89fd6065f2b7dc17bf0:3eb4324dbc0149d2e7d6df632bb0cbe9a9f6dfa83e227fc07bde1b577b3611fb921c9f8313f068e6295d4913a8196be530f6a01f57c09c028491444b784720e909ea1fb69c1c1dd6304400327b7731b33cc46deb046cdab6ad1b53f1749a0c65cb9a7e376ffa02230f536584aea243c639103adbba764321649d7e0126f82e0b4fd9dcb86c731cbcc517f2016841e916bcd5fde871dc098cd913dc546284d1b2165c63e88f32a2789a500856371b50d22fb8c87d1a3caedcdfd01ee5f870a53c284181d632ec66d48b6bdd5646ac39c9e75338a520212062bc3466ef5c58765570b905f63a93d07f8f1baac3526b016da799f3e9e03a4f7f81355e0f7a76f30a42b807322051b71c626a7a296d75b9d9d1a23bcb13c9ef48a912dc057325d3bcfb3f9fadaf0c249b102aeb854aa3631e34f69ad90c2ab2ed33bacc40b9ed1037fae67cdf799d5a9b43785961127d62f8e0bc1589fd1a06fca2aea7cfc012cbf7b5b207ddc4e677d8ae4aec100045ce36c00b74d1d28250791236dc5dcc1ed313c8c246172666f75217437c6034acd64198cd96df2a:1f5375dcb3ad2baaff956d8554ecb424176be9a6eb9ea54e814e0a73df2a5d848ada26ba8e1805cd51c5e16950c1ff7d4d2764daa6f4c7502fb865cbe55aaf0b3eb4324dbc0149d2e7d6df632bb0cbe9a9f6dfa83e227fc07bde1b577b3611fb921c9f8313f068e6295d4913a8196be530f6a01f57c09c028491444b784720e909ea1fb69c1c1dd6304400327b7731b33cc46deb046cdab6ad1b53f1749a0c65cb9a7e376ffa02230f536584aea243c639103adbba764321649d7e0126f82e0b4fd9dcb86c731cbcc517f2016841e916bcd5fde871dc098cd913dc546284d1b2165c63e88f32a2789a500856371b50d22fb8c87d1a3caedcdfd01ee5f870a53c284181d632ec66d48b6bdd5646ac39c9e75338a520212062bc3466ef5c58765570b905f63a93d07f8f1baac3526b016da799f3e9e03a4f7f81355e0f7a76f30a42b807322051b71c626a7a296d75b9d9d1a23bcb13c9ef48a912dc057325d3bcfb3f9fadaf0c249b102aeb854aa3631e34f69ad90c2ab2ed33bacc40b9ed1037fae67cdf799d5a9b43785961127d62f8e0bc1589fd1a06fca2aea7cfc012cbf7b5b207ddc4e677d8ae4aec100045ce36c00b74d1d28250791236dc5dcc1ed313c8c246172666f75217437c6034acd64198cd96df2a: +a284e26b97e538839c808d45bde6f012a354454aef81caa8c55914624f2b7d665ae46e34695efaf463a4208fc4e35b81f2c63593238a56f2444b850f058c3c5c:5ae46e34695efaf463a4208fc4e35b81f2c63593238a56f2444b850f058c3c5c:9ebfe910b50a5cb719d95b961e5905f00ec7943b55468ab5956692017645b366071f8fbb77eb49ec73ea7d64511405b90de22db98c3eae39c4039c7a133430e8010bdd39a00fd1a528b113dae149cfad3ae340da27dcc507782ecd8929237517afe7463eca2473c7acf6f7aa04efc9f266ae7b6d63bb8cc2a438b344827f0713d1f1736f0cbb65b99353f20355fa0230d4fa707328a8662654e83ad0530a10f9a69e17c099e1e2b5db18e5f6f1dceda5883e8cab79701a5e9089562ed153ad08c674f097c28e4d16633e092969a8f0bdac54527c0ee03bc200e5be612e3d1eabd87091101b4962afa07b310806992f373076d76a58185118137c9d26ee2cd4c618c18283dd19f0e7a089ee37305b6b9518a78d8098436ef62be7d699808acecf67939d61b3e02937cd8c5f1e746d4274334bc9c37fdcba234c166fd712893f3a040832ec5425e57d80f11ef9ca5fbcd6c147fbbf5e2fae746e0ddb605867e3bd050483c3cd1329abe57a60bf88898dc7e80ede0f4517de8fc807e888b621a00f663084ff94b99996628f3b11690a60f0918cb5c9a7ef:bf110e2e9cecbc31fa3e0c2438cd1f4321f92cd287005a48528addf76cad8d88bb22719ef91b139562a1511838682674faa9ff7e7ade6c9d573f845036d189059ebfe910b50a5cb719d95b961e5905f00ec7943b55468ab5956692017645b366071f8fbb77eb49ec73ea7d64511405b90de22db98c3eae39c4039c7a133430e8010bdd39a00fd1a528b113dae149cfad3ae340da27dcc507782ecd8929237517afe7463eca2473c7acf6f7aa04efc9f266ae7b6d63bb8cc2a438b344827f0713d1f1736f0cbb65b99353f20355fa0230d4fa707328a8662654e83ad0530a10f9a69e17c099e1e2b5db18e5f6f1dceda5883e8cab79701a5e9089562ed153ad08c674f097c28e4d16633e092969a8f0bdac54527c0ee03bc200e5be612e3d1eabd87091101b4962afa07b310806992f373076d76a58185118137c9d26ee2cd4c618c18283dd19f0e7a089ee37305b6b9518a78d8098436ef62be7d699808acecf67939d61b3e02937cd8c5f1e746d4274334bc9c37fdcba234c166fd712893f3a040832ec5425e57d80f11ef9ca5fbcd6c147fbbf5e2fae746e0ddb605867e3bd050483c3cd1329abe57a60bf88898dc7e80ede0f4517de8fc807e888b621a00f663084ff94b99996628f3b11690a60f0918cb5c9a7ef: +cc97a96301ceed0f922731b685bad8ad4f06207be340f5a44fd187f29903ec20eb563a7bce12db97f1891d0f610bebd55101a3125ca8dbb50b25a6b5050d3784:eb563a7bce12db97f1891d0f610bebd55101a3125ca8dbb50b25a6b5050d3784:b9ea3b3df7187ea415a3c335e0834e10f440915b2ad41c71f255d6950a4e9120e4d494fd9e672ce53206fdc417d865897b47ac1054e1ca1068195232d4297435e44e1224e66a912d9d7d182946ff5a9f085bb8ba19c54d16b586a9b30461b6773b93950311e1619886f5a5b3f111aaad094bae31c48f1941080968bd0277bb6fa92eebf324b192df5cc969516c78c7b2d12159b4d1c8eb03160c4cd1907f62ed4b854c569ecc481c08e636f44ed7c390e58b5937d2906b2817bc3769dad9da1b0f79391b55942063055da0d6f249a3e452baddaa032998d7f73398ccd0151bfc92c5e2fdfa9b14855e6b0d3746dce248e219672987252ec747df2747fd3fbd8b714c882d707ee302a904950c34754f85350e1aa3f8ea6293cf01f717cefb6b83a22126df5c4f5698aafd06a2244ad7d01f34017ca0ece6f21040048aba6ca4aeb04325b9402bcd43ab130a105788ac3d7b7da01ea9426dd0ea1933a8189933a6c0c6cd648ea316a7469a5fdc6e7c934d9186586097b55dd51ac487bb80ed11d4df8d33626bbce95e4f13bd49922f00c920223f4cbf93cb:ffbdd3244181cdf6034f4a450fdd95dee4971a933f8be022bb0a4106aef39af3055b721881c9b54d1e99b9409096fbe6dc2c9966e3679964bd7ef4c808cabf01b9ea3b3df7187ea415a3c335e0834e10f440915b2ad41c71f255d6950a4e9120e4d494fd9e672ce53206fdc417d865897b47ac1054e1ca1068195232d4297435e44e1224e66a912d9d7d182946ff5a9f085bb8ba19c54d16b586a9b30461b6773b93950311e1619886f5a5b3f111aaad094bae31c48f1941080968bd0277bb6fa92eebf324b192df5cc969516c78c7b2d12159b4d1c8eb03160c4cd1907f62ed4b854c569ecc481c08e636f44ed7c390e58b5937d2906b2817bc3769dad9da1b0f79391b55942063055da0d6f249a3e452baddaa032998d7f73398ccd0151bfc92c5e2fdfa9b14855e6b0d3746dce248e219672987252ec747df2747fd3fbd8b714c882d707ee302a904950c34754f85350e1aa3f8ea6293cf01f717cefb6b83a22126df5c4f5698aafd06a2244ad7d01f34017ca0ece6f21040048aba6ca4aeb04325b9402bcd43ab130a105788ac3d7b7da01ea9426dd0ea1933a8189933a6c0c6cd648ea316a7469a5fdc6e7c934d9186586097b55dd51ac487bb80ed11d4df8d33626bbce95e4f13bd49922f00c920223f4cbf93cb: +679e3e34773abe4ae25cae7d07ccd0eb3b0ec0a35d570257d62570de58ea251618acffce253b27259579ed9924f479cae312167bcd876edba88b5d1d73c43dbe:18acffce253b27259579ed9924f479cae312167bcd876edba88b5d1d73c43dbe:fb2b648ebb16688244f78b2ee9a273599d56b6198900d438a9e99c191425c72bec4f235847e18e47f57c3cb396655f778921f908580e8e83c96c108b20dd416678021bca259b98518fabb2d3532e4851d9d52add2542c0cb3efa3857a17e512438bc0ec4762e2f9baba429c03e99bec4038e6b0ca42bff5b233b24c333b4caead2de374a87b2ab5d80d6e49e4456329d51ae973bc83d7862f3d315e514481b12854a9dfc09e7d14f0d022c0ba3022578eba8f874deba4aa8c833f2b132861d4d51e50fe9aa4b787bd2f051aac50c375390cbbcfba2002b80ad00cdc12980f8ba8bcb7064afc04d5c4682c1029b10a6d45fe6ecd704245faf598c4659597c5d68a192cc1cd4fa45e84b549e8e5e67daa879ae5a520a6b5550519876a562ac49c6db0aa76ec69bb64dd6b5e1a3af2e131e722e7cdd05be34b5fcc6259aa124ccf814cf5b500d176be28ebc40bb21f03e24ccc131e0f41daa1ca02e6b00c9c53fad1248614e940d4b237760ab7569a767b7515dd2d623e57a2841b7d2441cf43049e4698d2f9c9eae7b2910f6ad65edf9cb2bdbd9b29f606e0d:1a51022628ccbb88eae9b21773c3f830b7b6e5bc36c9903ce70fbcf459d6a1ed8a1dceff5b19269ebf5a6fd3d8958860f554461f0e9fc0e29af9b1fb1744a80bfb2b648ebb16688244f78b2ee9a273599d56b6198900d438a9e99c191425c72bec4f235847e18e47f57c3cb396655f778921f908580e8e83c96c108b20dd416678021bca259b98518fabb2d3532e4851d9d52add2542c0cb3efa3857a17e512438bc0ec4762e2f9baba429c03e99bec4038e6b0ca42bff5b233b24c333b4caead2de374a87b2ab5d80d6e49e4456329d51ae973bc83d7862f3d315e514481b12854a9dfc09e7d14f0d022c0ba3022578eba8f874deba4aa8c833f2b132861d4d51e50fe9aa4b787bd2f051aac50c375390cbbcfba2002b80ad00cdc12980f8ba8bcb7064afc04d5c4682c1029b10a6d45fe6ecd704245faf598c4659597c5d68a192cc1cd4fa45e84b549e8e5e67daa879ae5a520a6b5550519876a562ac49c6db0aa76ec69bb64dd6b5e1a3af2e131e722e7cdd05be34b5fcc6259aa124ccf814cf5b500d176be28ebc40bb21f03e24ccc131e0f41daa1ca02e6b00c9c53fad1248614e940d4b237760ab7569a767b7515dd2d623e57a2841b7d2441cf43049e4698d2f9c9eae7b2910f6ad65edf9cb2bdbd9b29f606e0d: +9bfa60923a43ed0c24e2f12f5b86a0716329f93d4d8d3e06238002893278c19afb1c00687781b55b893d6b2f4f49cf5f73d2903c316d1eee75991d983a1868c0:fb1c00687781b55b893d6b2f4f49cf5f73d2903c316d1eee75991d983a1868c0:a99028b0f4a3aa5e79abef6c0df4a783ef470f1a29ba51eba00f6214e840fe19e5b6dc6021ab599bb2ee3699576015d79a7939af823535b630e3938c723f6e0b9229d46bb3379acdba587c238567e3d89bc3bd3519b727fc694fff1118bf22c8bc8bc82c4df7f5ad38de05fe9f762999ecaa795f3ae630a9a316d26dce9f1568ffa3f22b0295214020b3d3f5337c149568192218132a90709279c01d23baefa669e1c4e42038173f1319c212da144f1c4ea4c52c005cbc0b5bc283e74483a0dca69279deb17ae5b29cfafa7d0063f4e1bc93537efd937e58a8aca737228f937ff2a741890e96c5725da11b45c413a9bbb4180a419987bbf046bfd346295d62f081c76daf2b0e1eb4f6712feebe6f0a92e358e7ddb85896507c340a01f68d1b0f085778b7c44b014aa6673e501796959a17a688db0959058488a7112572f23cf9cdb53b5eb4b45f5953ba0c0c690f86bd75e89a047bebaf847c1dfc345a4f3c7d3beec98b84b0219003e819f5c2adb45f8717903d1f5bd5d71914c56fcabc7a290f9c41699c95584d6a3a16340cb17baa1fc5e5467af7ac3221:55f202efb2a57be8b4e4fd894dcc11a4fc5f8276618ef5cd34a4495adb016a298e6480a35cfc53edb25ff1499fc532a33061cc01a250458aa5e4f7f16f51440da99028b0f4a3aa5e79abef6c0df4a783ef470f1a29ba51eba00f6214e840fe19e5b6dc6021ab599bb2ee3699576015d79a7939af823535b630e3938c723f6e0b9229d46bb3379acdba587c238567e3d89bc3bd3519b727fc694fff1118bf22c8bc8bc82c4df7f5ad38de05fe9f762999ecaa795f3ae630a9a316d26dce9f1568ffa3f22b0295214020b3d3f5337c149568192218132a90709279c01d23baefa669e1c4e42038173f1319c212da144f1c4ea4c52c005cbc0b5bc283e74483a0dca69279deb17ae5b29cfafa7d0063f4e1bc93537efd937e58a8aca737228f937ff2a741890e96c5725da11b45c413a9bbb4180a419987bbf046bfd346295d62f081c76daf2b0e1eb4f6712feebe6f0a92e358e7ddb85896507c340a01f68d1b0f085778b7c44b014aa6673e501796959a17a688db0959058488a7112572f23cf9cdb53b5eb4b45f5953ba0c0c690f86bd75e89a047bebaf847c1dfc345a4f3c7d3beec98b84b0219003e819f5c2adb45f8717903d1f5bd5d71914c56fcabc7a290f9c41699c95584d6a3a16340cb17baa1fc5e5467af7ac3221: +6e3af45e66e22890c3f3c934f523a4d69427976e6e52625f8bad558993963219e097364e76ff9f2e1d167f6b20c1bc5830085e7ec993c138f8b1b2175637e741:e097364e76ff9f2e1d167f6b20c1bc5830085e7ec993c138f8b1b2175637e741:5cfc2f4b559f8205b39102087617f4d86c7ce6cb251e5f89601dfc88ed28e8d7a670ec0087d2ea5d893021c7044da2899a22d776fe90170e51c203250690d37a294555e74af9234cbf1ad8f22cee8974828a0d09e9554b71ee3bcf880ab98325f706272194eb2e80c701d441b5f8668561b88849f827af703ab0954105fd3c54b3f6ec5493596d0e3bc67818048310c4a3e0c556bc80675f201f9bb9c6538a41d99aa40c886fc431467218d819c23e78498aed0613fa6f973e2211df9fb87f44116f3fe4c26d6cb2fa334c87f78c08ca8c9b9041d83a1230677e0af788598a42e44cfdf6964a4ee80e38402ba67c73a581e552baa2282425cb2ca17ca92edfbf98299102fba761b9b71a5452141bb9c18dd95febc2a782de9ceec08bd2ee3f7f0c1bd8946dba99cf9ea086abafd37c9ca60213f0de17c61ff9c391c9818ed5cd8571778b7dcc13224962386fb8ca14f861e99f3b18edac8a5f130f7bfcd45d045d0ff34c81572a512363d6530f93813e5fb10e9cb8338a7f93800491006f4463e89f0ed4530e5f12df674f598904780ad0812b1e3521fcd0f83e:26ba562e8a4065708207c25e239b780aee38794cf983a37acbb9d557a65ceed3c0da47d17f3e8b8f4eeb1b65a2c182ea6f29623b63bb0f1c72592683b126b9015cfc2f4b559f8205b39102087617f4d86c7ce6cb251e5f89601dfc88ed28e8d7a670ec0087d2ea5d893021c7044da2899a22d776fe90170e51c203250690d37a294555e74af9234cbf1ad8f22cee8974828a0d09e9554b71ee3bcf880ab98325f706272194eb2e80c701d441b5f8668561b88849f827af703ab0954105fd3c54b3f6ec5493596d0e3bc67818048310c4a3e0c556bc80675f201f9bb9c6538a41d99aa40c886fc431467218d819c23e78498aed0613fa6f973e2211df9fb87f44116f3fe4c26d6cb2fa334c87f78c08ca8c9b9041d83a1230677e0af788598a42e44cfdf6964a4ee80e38402ba67c73a581e552baa2282425cb2ca17ca92edfbf98299102fba761b9b71a5452141bb9c18dd95febc2a782de9ceec08bd2ee3f7f0c1bd8946dba99cf9ea086abafd37c9ca60213f0de17c61ff9c391c9818ed5cd8571778b7dcc13224962386fb8ca14f861e99f3b18edac8a5f130f7bfcd45d045d0ff34c81572a512363d6530f93813e5fb10e9cb8338a7f93800491006f4463e89f0ed4530e5f12df674f598904780ad0812b1e3521fcd0f83e: +5f1f271844d9ed5a6a6f209a21408daea470f6fd53ba6479d7407105b7de4d656085d7fb5a9b2ed806c1fd30a2afde760961f7a36b48f4875246e615a2bd9928:6085d7fb5a9b2ed806c1fd30a2afde760961f7a36b48f4875246e615a2bd9928:eed6b4475dc263bd2207fe9d41d48282b713f680f2e037384f18b4bf224347f5e4c4b060b808d412eaabcf733dc39a40c6bda0505ce71fa823bd1b1794847678dc034e7999c16369340bc60c64d09bb9187b2e326055a053f8e505ea4196861471622db0e46f0f8954d8a1f07332da4d8ac55712626009912f8a15a9cd63a74a03c92f246cb63cc73f92e51dad1bc9715b1ed3fe5f2e1b2959b9b71e0e37360eb29536cf797147fab10864d6146c36b82335a0ce931408479c7ede484ff73e2dbfffc6c9227e16d7a23f4d90f15584514c39594e17bfbb295de9d62adadb589dbbe0b06dc8dac5b3bf517b24c1837b39472a6dd38931ffbbff5b763638805b4e22321f7afe92cdf502fb63d109ddcd9e4051ad6f45598532be179523710851d3931e887d02c345c79c489fc106a4ae162f7df71ab90b751da7038a6df7616cfc11887e21068fb9e33be566402be504f3fc2742b881509bd4fe6a0fc722649883f8cb655598a15a1d4c229dd86b5caeb711a028defd431154bba46b48172a4d8cbd45bc90aaf874b6085fa284f5fed655ad6fa17d67b3b9a796fa3e:319bb4deb2178112241b3fb8f46e105c3b8e4ef721eb200d762ef363e2716f2a89f80b5b9e89970890a09892ad6a58808b477e943b3cfa77774a3645bc745f03eed6b4475dc263bd2207fe9d41d48282b713f680f2e037384f18b4bf224347f5e4c4b060b808d412eaabcf733dc39a40c6bda0505ce71fa823bd1b1794847678dc034e7999c16369340bc60c64d09bb9187b2e326055a053f8e505ea4196861471622db0e46f0f8954d8a1f07332da4d8ac55712626009912f8a15a9cd63a74a03c92f246cb63cc73f92e51dad1bc9715b1ed3fe5f2e1b2959b9b71e0e37360eb29536cf797147fab10864d6146c36b82335a0ce931408479c7ede484ff73e2dbfffc6c9227e16d7a23f4d90f15584514c39594e17bfbb295de9d62adadb589dbbe0b06dc8dac5b3bf517b24c1837b39472a6dd38931ffbbff5b763638805b4e22321f7afe92cdf502fb63d109ddcd9e4051ad6f45598532be179523710851d3931e887d02c345c79c489fc106a4ae162f7df71ab90b751da7038a6df7616cfc11887e21068fb9e33be566402be504f3fc2742b881509bd4fe6a0fc722649883f8cb655598a15a1d4c229dd86b5caeb711a028defd431154bba46b48172a4d8cbd45bc90aaf874b6085fa284f5fed655ad6fa17d67b3b9a796fa3e: +048ac9ec3ecb30a3b1bfda9b3b79a48c0793b490879e3c8a5e23ee2babcd9b7c946c186feafc3580a58ddd526ff229c04720250f4cf6bde0271eef9b12b1c3f3:946c186feafc3580a58ddd526ff229c04720250f4cf6bde0271eef9b12b1c3f3:d68be8ef7b4c7a4289f2b18b16ade97f4e4fa16452976afb581693380cc54de38a07587f32e2d4549f26595fee2393bd062e9b00bae72498e4148c8b882a8840e15b585c82b5c0defb233518409916615deb3a55a5f84e6b3aab93844de3b1e4d86e09f889ac71c324eb12d0fbd861cc31229540e843a34f8d5be47c0ec0d23df43e06813fca309439904c167d1043c0dcd444b004be1ff27b7862b00eba9433b94b0fcdc67521da0c1d5358636c78f530431164dde20a1cf164f51e29b8e63eacdecc869b41392c667664d91680d9ac516af548f09e60564e814e36e0b563dbae55c627ffc14158a56d8eb3609e174381b21de4ba82344466dd577f4d1103c43c27fb83cb833d87afdf7412b4090909b1dde264daddce967f496bf6f17112bf351e417db5953b13b8f0fcccbf30f5bcf376861c12ef20eec89ed23cf384ee78dc6eb40fd5811a7b23927c13e7dc5da3a921b883a9b2b1155970fb0da7d2993dcdfd4343642a9d5a6347e43c193b5793e4453ac1537aa3d04dc9f774e840934881d78a39ba250438c507250eed2f6e07cc953f783d6b72b1cc619981:2ecf5b8a59a8e27d25890a2aa32f4a0673275d539b174afa7b2cebf2e76280dffc338ede85ac8f614039560e2806d9e1e3cf9cce2ceb7874ffe1a7e80cdef40bd68be8ef7b4c7a4289f2b18b16ade97f4e4fa16452976afb581693380cc54de38a07587f32e2d4549f26595fee2393bd062e9b00bae72498e4148c8b882a8840e15b585c82b5c0defb233518409916615deb3a55a5f84e6b3aab93844de3b1e4d86e09f889ac71c324eb12d0fbd861cc31229540e843a34f8d5be47c0ec0d23df43e06813fca309439904c167d1043c0dcd444b004be1ff27b7862b00eba9433b94b0fcdc67521da0c1d5358636c78f530431164dde20a1cf164f51e29b8e63eacdecc869b41392c667664d91680d9ac516af548f09e60564e814e36e0b563dbae55c627ffc14158a56d8eb3609e174381b21de4ba82344466dd577f4d1103c43c27fb83cb833d87afdf7412b4090909b1dde264daddce967f496bf6f17112bf351e417db5953b13b8f0fcccbf30f5bcf376861c12ef20eec89ed23cf384ee78dc6eb40fd5811a7b23927c13e7dc5da3a921b883a9b2b1155970fb0da7d2993dcdfd4343642a9d5a6347e43c193b5793e4453ac1537aa3d04dc9f774e840934881d78a39ba250438c507250eed2f6e07cc953f783d6b72b1cc619981: +2f057d20b1678531611f48f003b7d22eba5dbbd7e2dd41b7c79d09071f85e993620fc4eaa34d787df675ccbf7e893204828db92ead17a1165ac7fa1ab42719d8:620fc4eaa34d787df675ccbf7e893204828db92ead17a1165ac7fa1ab42719d8:6e35f6eaa2bfee06ea6f2b2f7ab15fa97c5180958af2e90af918adfb3db8323f447c7bf26dc534997c38b7fc977f642de288cdf253071cacf3564e3b8ed6dce57ddfba9ff783bad2e76df124828fc1031acfadf01a44d41b42161ad9060301c1af1928b9e5b73b9bd21cac60a842b504dc3cc311c522e3bb048bf221444f53ceb08e77e948590e94ed98f1b604cb9eadc93bbe7431c1149b23193ff93e8569f113e1684d8976ecae6f09e0103614be418a472ef55bb8890d72b341cdd7505b50a45522ab63ed791ce8f82feddd7a620a4f6fb1d2fb0ed0c4560d78446d83b3d1b1bb56b366d196020d0624b1fbdb75ce735dd43e8e8df163c44e236993dca341f5132d825d0a4e393a19d38f61e11e0cf392cb9b646ea23c58099824dd8d9fbe26a49e33b23df80607abf19715799c19acc722ed9bcf94a0c29ad24b78b0b035b3241c64cd86edeac810e66745694b5eb1625060edf2d949de0d34f522df2dc60ae694a193f3b82c1d6f83a0cbb840f46c49a3d7d1cf06deaf96c64f8f9e17bd9ad512ae6309c486d9e2a78dceeca473a0421dd1b643c78754271b53ce:30df7b0b1c04fb1efa3517e928d6d57c2ca0d07f4e04ffb1f08b4792c5937dd271ccabdc00dce850afe50af5990f224e8420a681d95f9f7f515afec102efd10e6e35f6eaa2bfee06ea6f2b2f7ab15fa97c5180958af2e90af918adfb3db8323f447c7bf26dc534997c38b7fc977f642de288cdf253071cacf3564e3b8ed6dce57ddfba9ff783bad2e76df124828fc1031acfadf01a44d41b42161ad9060301c1af1928b9e5b73b9bd21cac60a842b504dc3cc311c522e3bb048bf221444f53ceb08e77e948590e94ed98f1b604cb9eadc93bbe7431c1149b23193ff93e8569f113e1684d8976ecae6f09e0103614be418a472ef55bb8890d72b341cdd7505b50a45522ab63ed791ce8f82feddd7a620a4f6fb1d2fb0ed0c4560d78446d83b3d1b1bb56b366d196020d0624b1fbdb75ce735dd43e8e8df163c44e236993dca341f5132d825d0a4e393a19d38f61e11e0cf392cb9b646ea23c58099824dd8d9fbe26a49e33b23df80607abf19715799c19acc722ed9bcf94a0c29ad24b78b0b035b3241c64cd86edeac810e66745694b5eb1625060edf2d949de0d34f522df2dc60ae694a193f3b82c1d6f83a0cbb840f46c49a3d7d1cf06deaf96c64f8f9e17bd9ad512ae6309c486d9e2a78dceeca473a0421dd1b643c78754271b53ce: +3a3d27970fe2acb6951edd5ca90dda0fc6dd229c0a56df6eb11a9c54d242dbbf564f0dc3dc4720e68e44dd16711e049e6112000098fa62a1b98c288042f7c3bd:564f0dc3dc4720e68e44dd16711e049e6112000098fa62a1b98c288042f7c3bd:4374f61c2cd88a3b8972249bfa79b36ab69e3ed484cc60e5d9541fa7686cf4eed1210c5d0dcf42dd25972501909193ca76ae6eb7f471d8bd0d5fb5a6b431bc3de0e0318d50514524de87c4b83005dfb41245fb1af79b84a97b83d3cac7ad7a53364e2e9b21c97b769bdc57f0703116168380f3cc883689eb4a7fa3b26dbe12bc28f8c40381af64df4b5361d174cf75acbd46428740b0d1322d32bbe94845215966ae588777a8c05336e352306d49278d328e496db65e9ecf6ce6405ed1c893490bc48c13a134e1fb6e80debe6d32fce6ef74783c8d77980a441a26aeb4fd83cc855352cedc188f5279ce211f744a40b23ce7ff24437a1dd3373ec5b290da1f94f43a07a3ffea5b5f67b52c196185bce9e9a858257fcd7a8ebaf9040ed091face5a155aa447fa15e12122d25e8fc36eaee2137c7b3aa30b7e3ff6cc86b6dcb9eaf49c9576f0f462008439cb1a3aba013e897a0faf994cb7d59ede5774bb144774f73ca30e6414a7cc7c74b20c51a1404ddc419ef7624593e9bcfb37c0a762eab68faca5863443e16edb759dbc8788732b9e4f59c11192c3fcc872af55f32d:22eb8ea0507349b6a0ace25cf9180cb08e0357b04502905fbe69b4e21b2bd94e22cfbdb851ae716a5c253c70d5e2b24ea78f35bc213292543d94e14110b241064374f61c2cd88a3b8972249bfa79b36ab69e3ed484cc60e5d9541fa7686cf4eed1210c5d0dcf42dd25972501909193ca76ae6eb7f471d8bd0d5fb5a6b431bc3de0e0318d50514524de87c4b83005dfb41245fb1af79b84a97b83d3cac7ad7a53364e2e9b21c97b769bdc57f0703116168380f3cc883689eb4a7fa3b26dbe12bc28f8c40381af64df4b5361d174cf75acbd46428740b0d1322d32bbe94845215966ae588777a8c05336e352306d49278d328e496db65e9ecf6ce6405ed1c893490bc48c13a134e1fb6e80debe6d32fce6ef74783c8d77980a441a26aeb4fd83cc855352cedc188f5279ce211f744a40b23ce7ff24437a1dd3373ec5b290da1f94f43a07a3ffea5b5f67b52c196185bce9e9a858257fcd7a8ebaf9040ed091face5a155aa447fa15e12122d25e8fc36eaee2137c7b3aa30b7e3ff6cc86b6dcb9eaf49c9576f0f462008439cb1a3aba013e897a0faf994cb7d59ede5774bb144774f73ca30e6414a7cc7c74b20c51a1404ddc419ef7624593e9bcfb37c0a762eab68faca5863443e16edb759dbc8788732b9e4f59c11192c3fcc872af55f32d: +06d498318da456242b9c3b9ab6d532a128fce044f53882682e9262149c165288413517aa63200a17173209a4b3e78ab9383cb4e39efd6794c46a2d13fafa99c0:413517aa63200a17173209a4b3e78ab9383cb4e39efd6794c46a2d13fafa99c0:3fe30ecd55077a6e50df54bb1bf1248bea4063e3fa755f65fcd1159ee046efd0eb5f2fbb38b5c00947c97dc879b36b9e536192286086d0dc12053610386174a7c56f22a85b73ff208c5944f393236c32415809da036e73cad8fc3c30378064a76afa930a3baae9aa357061a8c5e8e756a9cecf94b72df43facd88fa49cb4948c6368318a6b1e5cff52e587ecdfaefdb69081f28c2d13bf8eab81dbaa5e3728c4317fb793dd196bca0fe54a6c242cf26e2d129ba0d82a2c3a45bc8d1dfd6f54f8da4f5189c91ac214fdabf4c597381b2e5c40cc71fa7051cf2ea93906a37d57df12d5c7e5cd77c907e442566315bae51a2222d62e3f42d1767882637d66a1d5305ab4010a0e49c57def69dcea839e1b76a41135ba952cc424950e8d3aac19e1d93de7757c15ff9997b3d2a8613cd9a164781d1be331799fa6109cef614305a1958f62903c8c9ea0b23ba706d49c54baccc1e63cb4bf14785fc7b062a9800349bdb0bb927260b677b60f10e62c8780f3ebb5eb6ff0360263d457ab52fd1125c9ce046a95d89d287350c804cfd4ff2b2ddd18a9e13519f20b4d1e051af624640f:8250f76dc599c5128787e4f6d3da23173330ce3320dba959bd714cc8cc07c67945d63e75662c075e267460ab7bf561f24faae3b41dbf676899191e3b02b5af0a3fe30ecd55077a6e50df54bb1bf1248bea4063e3fa755f65fcd1159ee046efd0eb5f2fbb38b5c00947c97dc879b36b9e536192286086d0dc12053610386174a7c56f22a85b73ff208c5944f393236c32415809da036e73cad8fc3c30378064a76afa930a3baae9aa357061a8c5e8e756a9cecf94b72df43facd88fa49cb4948c6368318a6b1e5cff52e587ecdfaefdb69081f28c2d13bf8eab81dbaa5e3728c4317fb793dd196bca0fe54a6c242cf26e2d129ba0d82a2c3a45bc8d1dfd6f54f8da4f5189c91ac214fdabf4c597381b2e5c40cc71fa7051cf2ea93906a37d57df12d5c7e5cd77c907e442566315bae51a2222d62e3f42d1767882637d66a1d5305ab4010a0e49c57def69dcea839e1b76a41135ba952cc424950e8d3aac19e1d93de7757c15ff9997b3d2a8613cd9a164781d1be331799fa6109cef614305a1958f62903c8c9ea0b23ba706d49c54baccc1e63cb4bf14785fc7b062a9800349bdb0bb927260b677b60f10e62c8780f3ebb5eb6ff0360263d457ab52fd1125c9ce046a95d89d287350c804cfd4ff2b2ddd18a9e13519f20b4d1e051af624640f: +8e8e1db5b1102e22a95c47af3661469f000a33f13b8b87b115d2452a411f6f3956d7b3169a95c22998ec937925bd7cad13cc65808cd5d34a6c4da870eaf32364:56d7b3169a95c22998ec937925bd7cad13cc65808cd5d34a6c4da870eaf32364:b24634fbdd1b7661315d9dc153ba90d66a88622a4158f8bcff25ba9c29e65f297f8e60311800b7331b69fc20c9f85bb7c184bd4086b3a9f9a27102b62362bdb4fa5b201594250fc628fd2e0e0d1be03dcf818c6094c4c29121cb2bf6d908ed8aab427c3771c0c95f0ac1469a0810b603a470282e5980a60729197fe6c20ef681cd1b96932d2058f896ea7416422a7e541f224a5f04253080741c5d4e3eb039db6ba051b4ca5417ce8afdc70214ba4dcc85b623d11e681c6009aee4e6130a83edd0d2c99fb0647e11ede7301ae56b59904ef7025732cde038801ec7e8d90a9a1bba047fe628351b3b89d0bc5ae665a700891f09ebeec05591842adfcc25adc3c71c1ebc4a312e5471be67253b0e9428b0cae37645a0f7ecb89dd79fbd9be2875433667ae07d74a7983c4cea601e72e975c21df993e7fa22a9fabd45455d45e37031558e13a7a4f5f497ea78fb7399f8838c0fd5de4ebb66db290f43a4867d505309f1c1bc27e9fabcbba71302fc1204715ce3fcb0905bfa411c9d1c9ab4a39954e50b8e0cf736c10289563bdfa967553c36cd9e555bc8cc56be594847de9f26f9:f6ee5e13cfaa362c8971d5a4a879a7e36966525ccd86c5a48cba08d913ece1a79c4cd146b8e9c65125fbadf17bac1cabcde8fd17cfd68fa1f9c44ea61c08a405b24634fbdd1b7661315d9dc153ba90d66a88622a4158f8bcff25ba9c29e65f297f8e60311800b7331b69fc20c9f85bb7c184bd4086b3a9f9a27102b62362bdb4fa5b201594250fc628fd2e0e0d1be03dcf818c6094c4c29121cb2bf6d908ed8aab427c3771c0c95f0ac1469a0810b603a470282e5980a60729197fe6c20ef681cd1b96932d2058f896ea7416422a7e541f224a5f04253080741c5d4e3eb039db6ba051b4ca5417ce8afdc70214ba4dcc85b623d11e681c6009aee4e6130a83edd0d2c99fb0647e11ede7301ae56b59904ef7025732cde038801ec7e8d90a9a1bba047fe628351b3b89d0bc5ae665a700891f09ebeec05591842adfcc25adc3c71c1ebc4a312e5471be67253b0e9428b0cae37645a0f7ecb89dd79fbd9be2875433667ae07d74a7983c4cea601e72e975c21df993e7fa22a9fabd45455d45e37031558e13a7a4f5f497ea78fb7399f8838c0fd5de4ebb66db290f43a4867d505309f1c1bc27e9fabcbba71302fc1204715ce3fcb0905bfa411c9d1c9ab4a39954e50b8e0cf736c10289563bdfa967553c36cd9e555bc8cc56be594847de9f26f9: +3884b8b79abfd3be6c13985eb859ab743f157cd9deb81b2fe97ea4d6173e46f5bd7fd9a8def13a542ed2f2fb048886885ba9b5ce59cb7019fb54667986eebc26:bd7fd9a8def13a542ed2f2fb048886885ba9b5ce59cb7019fb54667986eebc26:12adafe30eaf2b9c7203ca5d44b97ffed4bf6517a49988e4e676c8e314adbdbe23d8f2d3e2b081a7024fa525ab5aae26e60057c101e8f368d3addb9376c4682c1f4224d7f149a8474bb9a8f663ef210e9572ce829da388d8aae72a467141adc153473be3653baaa64b5b1e2e30683f6f06dac2784d5bbf0d082aab47305ed8a8efd0886ce63a179315225d1e4d4ffcf1f24ac2f464cf5ed3a8b6d3998454f1c02cdbf0a444ee2b59ddbe0a174a0d937fa62865088ac647499957d281c6949803a5fbdfdd0dd9e91b6976861f3c5f2126f39aac935be09f4b9715bd4f0d5c55df73a6b9f2c0ad26ce49d822bf85bfa2346f3165b03859a71c3d2a7b86db6e9f2e5d7b169a910eeb7ef38fbdfbbec43a9a25f04bc3acfd3b0691542ab6de9db6f03058f9584024f9918edecd90fbb85735d6dcec5bd593ae63e2cc96553599a310f8f2009ba95371196b4d5b80e7559637f22926778be5e1ccef5126e2443fa939c2a53dddb04961eefd34e538cd8d7f0bec2bff1ef0d3a4bdd358317637f42d595538c1122251a94e963d1f81e7b9aeb164f95da9a4ed7529b845ebc961b27b5c19:f4206fcd34502441d54a73323f33a5dbb4c98557319f21246f260ffbbe5844886db567f4b63c47943dbb78fc35657d7c04d4feb042ff8536f672925c319efb0912adafe30eaf2b9c7203ca5d44b97ffed4bf6517a49988e4e676c8e314adbdbe23d8f2d3e2b081a7024fa525ab5aae26e60057c101e8f368d3addb9376c4682c1f4224d7f149a8474bb9a8f663ef210e9572ce829da388d8aae72a467141adc153473be3653baaa64b5b1e2e30683f6f06dac2784d5bbf0d082aab47305ed8a8efd0886ce63a179315225d1e4d4ffcf1f24ac2f464cf5ed3a8b6d3998454f1c02cdbf0a444ee2b59ddbe0a174a0d937fa62865088ac647499957d281c6949803a5fbdfdd0dd9e91b6976861f3c5f2126f39aac935be09f4b9715bd4f0d5c55df73a6b9f2c0ad26ce49d822bf85bfa2346f3165b03859a71c3d2a7b86db6e9f2e5d7b169a910eeb7ef38fbdfbbec43a9a25f04bc3acfd3b0691542ab6de9db6f03058f9584024f9918edecd90fbb85735d6dcec5bd593ae63e2cc96553599a310f8f2009ba95371196b4d5b80e7559637f22926778be5e1ccef5126e2443fa939c2a53dddb04961eefd34e538cd8d7f0bec2bff1ef0d3a4bdd358317637f42d595538c1122251a94e963d1f81e7b9aeb164f95da9a4ed7529b845ebc961b27b5c19: +ecd519f287ad395052b0b30deac341d2a9df13d6567c891c813a0c9ca52e871e8ee94c588e0b343585fc6748fd1b54b5770c64e9937a56357a48d44ae2f51824:8ee94c588e0b343585fc6748fd1b54b5770c64e9937a56357a48d44ae2f51824:aa71be5f557e10c9fb5f091a3a274453947c07a0e25b26f9509224541dff76f4d96effd0d5a41d319bc9321a86667d55cf49432fb5c3e715388f3f106c9174b1610c8f3075d5931c290099385ce9249e235128e907c53390036fbf5da968f8d012336958de90c5e8e6b1016ad43fb57c8e288dafe14e90e64b63791e5cbe557e02df8ac9370642a71faf851075e5565f6f9a267f4f6b454ce4c5474810b804844dda38392939719793246aa47454b9b0e82e9803c09935d0027f3995cca9713069bb31027f7b2af12fe5feec7eeb06843d8296ec5682262a07dae747ed7bc821ec17018d899fd167b36a7e3773b427499d99dc583bbe4b429afa6a26593953f943e4673bdd0d2a844256131603cd0903256f334d4f8ec82de115b6ca5338c75c8baa44b4ba963c7c78510d8de9b2a5852f42f3463c685fb3a6da61a8e0892662d6a250fcaa6fef74d450fc457b9871d08bb5be3011294ac888fce215d535c3b1a43bb47efe3ad25da159191aed55195469c59093ffb24f65d60c4020bfbe647ff5db7ab8a01d5e487b0b1b64ef25da156db142e6ad872a4dc1ee9ba668465265379e:e8f51be73fc4e0235aa153a2e1b354e9c5d2d33a11ae0e333478de1d8e6c4456d2e250824c3246ca0e8d6ae3e16677a97344144108c13b959e1daf51cf0fe501aa71be5f557e10c9fb5f091a3a274453947c07a0e25b26f9509224541dff76f4d96effd0d5a41d319bc9321a86667d55cf49432fb5c3e715388f3f106c9174b1610c8f3075d5931c290099385ce9249e235128e907c53390036fbf5da968f8d012336958de90c5e8e6b1016ad43fb57c8e288dafe14e90e64b63791e5cbe557e02df8ac9370642a71faf851075e5565f6f9a267f4f6b454ce4c5474810b804844dda38392939719793246aa47454b9b0e82e9803c09935d0027f3995cca9713069bb31027f7b2af12fe5feec7eeb06843d8296ec5682262a07dae747ed7bc821ec17018d899fd167b36a7e3773b427499d99dc583bbe4b429afa6a26593953f943e4673bdd0d2a844256131603cd0903256f334d4f8ec82de115b6ca5338c75c8baa44b4ba963c7c78510d8de9b2a5852f42f3463c685fb3a6da61a8e0892662d6a250fcaa6fef74d450fc457b9871d08bb5be3011294ac888fce215d535c3b1a43bb47efe3ad25da159191aed55195469c59093ffb24f65d60c4020bfbe647ff5db7ab8a01d5e487b0b1b64ef25da156db142e6ad872a4dc1ee9ba668465265379e: +193f3c630f0c855b529f34a44e944970f4a6972e6c3859359c2e0c8762ba9eaf3256f2c82e7c801201210140569faf18507e60338c2cc4118bb1ce605b0ebe61:3256f2c82e7c801201210140569faf18507e60338c2cc4118bb1ce605b0ebe61:98623f651698085bde02762e8c3321f14da1619b5c3f7c1a568e8c26ff0c62fdcc412475912eb8e8c4b0d30918b8ffeef3509315e58da359cdc2f26bebfb5703953be16b8f3beb1e54a1abee0aebe24e64dbe873402e156f37dfc168eaf8a114ce08a6795d3f64f5151e9a8b8275cc7b49a6b8d8a66b6d4b7632ef80740dc1c1b0a38d1a28f7c1b29fa44541c1aad354d4590c231dae687a2a8fed09e8c1ebbfcc38f347bf06d94577e49ad139f710ed8bb1fd07663c0320846fbb455ab837ef964ae7d4eceea45fd7bd8d509f821e6eb027494efd8dd8e992b88698eec2ebc5e03025be789c18013f201f77aa2d34f5686460e43fb489e08776f98bcde2ceeb9d4fafdffe0375604371ec32f46b81fec474382908e9d250a0ba2780a7d6df407bd2b1eb126748d72511b9b069eb1cd44270f29fe84b9a717751831d04c2818e408f22789376c61c2ca45e32e788ead3a7536bf09da8af4703902f5516a020d89263e93701a2565eef1270418925f35a288e327bab628ac2f0248cfbca3482e265d1621cc343c31f65493f064bad0d7602460715fa486f29426346af53e333b75f5905:b12510ac5f2f6d33360cddc67291d6c270fd9ee62dc086b38d932d26473fe9a24efbd4248867ea7e915a30c5bfb3b8b19aa01aa2febf0dac6cfd6638a2ba7e0c98623f651698085bde02762e8c3321f14da1619b5c3f7c1a568e8c26ff0c62fdcc412475912eb8e8c4b0d30918b8ffeef3509315e58da359cdc2f26bebfb5703953be16b8f3beb1e54a1abee0aebe24e64dbe873402e156f37dfc168eaf8a114ce08a6795d3f64f5151e9a8b8275cc7b49a6b8d8a66b6d4b7632ef80740dc1c1b0a38d1a28f7c1b29fa44541c1aad354d4590c231dae687a2a8fed09e8c1ebbfcc38f347bf06d94577e49ad139f710ed8bb1fd07663c0320846fbb455ab837ef964ae7d4eceea45fd7bd8d509f821e6eb027494efd8dd8e992b88698eec2ebc5e03025be789c18013f201f77aa2d34f5686460e43fb489e08776f98bcde2ceeb9d4fafdffe0375604371ec32f46b81fec474382908e9d250a0ba2780a7d6df407bd2b1eb126748d72511b9b069eb1cd44270f29fe84b9a717751831d04c2818e408f22789376c61c2ca45e32e788ead3a7536bf09da8af4703902f5516a020d89263e93701a2565eef1270418925f35a288e327bab628ac2f0248cfbca3482e265d1621cc343c31f65493f064bad0d7602460715fa486f29426346af53e333b75f5905: +a88ad0048d38c44cebe735ea3802ca576e37121c7d4d760dfd88de1663064abb14dd8bb306803e5a758ed68ad21d07d88161d50f1c74713777da1209afbaea0b:14dd8bb306803e5a758ed68ad21d07d88161d50f1c74713777da1209afbaea0b:2ce8bca26178913b1676e90ffefd945bc561982660e2a75d482ff30aaba1ba43f82d2e6b909ec10fc09789ff5cf32a5180b601ea80fadece6d7e7baeef481dc6979e2f658ae0f6d8e416b93298f7d34031bb76f716ed991a16d09a582e58ba4003ac17be8b4469e1a889b2fbb2289e98af1c6d5bbee77756713c0778b0dc446a1f6c48c4d40818ec799905f069bc95341657ca5d02b7a539a13a02cd0376a50e8343c0dc20346de5275b1dcd4ad7af725131ac75e954825d30eaa57a68bb98dfc41cafe5710556647b387d9b7fd4e47651e5138050798f6d40f4ee7120b58f74da94d73cacbfd393d1347388ee00b79b8dbfeb57814121bdda60c627dce147d4d568d79052e97b9a5f3eb5407cc46461a55e18a960d8094a5fea48b6937529cc4ec919cdbedf9185456dc00e8d98ad1537ee10a057f4eec4b81dc60392fc9188d3e561785965092e44317f2a48e36605fc583fc173b05db9dcbc7557d06487390fbbba77af3a014e1ac35139caa1c53a8d17347f178e1c54d0f52b40e91042c93e7e481d792e288fc27e4c2fcf111fe97d9e2337d2fc1c3098f06684a31d55ebf362c027:1341a148da4593c88ebc5a58821eef77f92186390ff633e76207084e7874ccf0eb1f9ec70a3a3f96b58934bcb061ff920124f7e580fa2b0b279583adf9232d0c2ce8bca26178913b1676e90ffefd945bc561982660e2a75d482ff30aaba1ba43f82d2e6b909ec10fc09789ff5cf32a5180b601ea80fadece6d7e7baeef481dc6979e2f658ae0f6d8e416b93298f7d34031bb76f716ed991a16d09a582e58ba4003ac17be8b4469e1a889b2fbb2289e98af1c6d5bbee77756713c0778b0dc446a1f6c48c4d40818ec799905f069bc95341657ca5d02b7a539a13a02cd0376a50e8343c0dc20346de5275b1dcd4ad7af725131ac75e954825d30eaa57a68bb98dfc41cafe5710556647b387d9b7fd4e47651e5138050798f6d40f4ee7120b58f74da94d73cacbfd393d1347388ee00b79b8dbfeb57814121bdda60c627dce147d4d568d79052e97b9a5f3eb5407cc46461a55e18a960d8094a5fea48b6937529cc4ec919cdbedf9185456dc00e8d98ad1537ee10a057f4eec4b81dc60392fc9188d3e561785965092e44317f2a48e36605fc583fc173b05db9dcbc7557d06487390fbbba77af3a014e1ac35139caa1c53a8d17347f178e1c54d0f52b40e91042c93e7e481d792e288fc27e4c2fcf111fe97d9e2337d2fc1c3098f06684a31d55ebf362c027: +3f59d6a018f50a822117e5b473609e30cd64920ca1c2750dcb09eaab807a3eac457d0e59c11f348f3bfbdd3f327de78c0a7577c0aeef42d4c1e56700d108808b:457d0e59c11f348f3bfbdd3f327de78c0a7577c0aeef42d4c1e56700d108808b:7d103a6c6ba2d09087eef2254c1c903f067695a54c4515e4d13bc1fbfb54d6e7a167349c14809976da04a7e58d96b40aac3b2bdd14b9b50322bb11645f05e5e978bc7fbd02492ef88f87d668280fd708373207ff670fcda97df8485d5e46dc3bd04347f4d7527eab2718f7d93d132ba7758218894e75a7deabe693335ba0dc73bf26c288bfe9be8a736d75e5e0eaa7bbe8d0b77abdd5146e0fc9b30db9f07cf4bf36260a1f41410331f8b47c6b38338c6dc9e801ffe1d585f9b7fc31e9778bca3027c232c074cb18e5b72997005ffeee4bf37c8f874b1b246a6345415dacaca7075a60443ac3319236e23cf6b7544740807052114984b8d8f7e857dcc6faec8869cf96b997dfa9af9184ad623f1d90b8ca759b448eabfce18c17cfdf9a3e3312e63e5f084cea904c1c909913cc4b19d044a3720034973c7384949bd6f9ba9256f98cd394c566da83c31180109f16d10347b7e3e9dd6be3bd3c77ff1a7996a078dcf89dcdce2d1b615695f4cc9f8f4f2a08804641bca82662ce88faa53145b6a45955aec8cc2af81cccb5d7c64f9ece1c9983326484a1e5ece4ce36544d63735f7776f21a20:d7425ea194a6715c452ec4f6d6c76e6dd374d3ca7ae7a11995d02b942d4a31870dd734c12fca89a8eb0213eb139c14a87a6a33e818603b2e313023fa58737d0e7d103a6c6ba2d09087eef2254c1c903f067695a54c4515e4d13bc1fbfb54d6e7a167349c14809976da04a7e58d96b40aac3b2bdd14b9b50322bb11645f05e5e978bc7fbd02492ef88f87d668280fd708373207ff670fcda97df8485d5e46dc3bd04347f4d7527eab2718f7d93d132ba7758218894e75a7deabe693335ba0dc73bf26c288bfe9be8a736d75e5e0eaa7bbe8d0b77abdd5146e0fc9b30db9f07cf4bf36260a1f41410331f8b47c6b38338c6dc9e801ffe1d585f9b7fc31e9778bca3027c232c074cb18e5b72997005ffeee4bf37c8f874b1b246a6345415dacaca7075a60443ac3319236e23cf6b7544740807052114984b8d8f7e857dcc6faec8869cf96b997dfa9af9184ad623f1d90b8ca759b448eabfce18c17cfdf9a3e3312e63e5f084cea904c1c909913cc4b19d044a3720034973c7384949bd6f9ba9256f98cd394c566da83c31180109f16d10347b7e3e9dd6be3bd3c77ff1a7996a078dcf89dcdce2d1b615695f4cc9f8f4f2a08804641bca82662ce88faa53145b6a45955aec8cc2af81cccb5d7c64f9ece1c9983326484a1e5ece4ce36544d63735f7776f21a20: +a1212b34dbca63b7093612d05dab7b4cc8f7b676a934ad01f659851b3bb44e4eba2fccea9a080591be71268d7e951f250dedc00416e5f3f908db6cc571254925:ba2fccea9a080591be71268d7e951f250dedc00416e5f3f908db6cc571254925:07c37c46be3c68d05689577aa64a932b906446b29baf12f6174a6b42bbaefd1f1f373e0bccc473ddfcee1a7f21b96a6260ef0aa1f2d8b2959e71d12c953358a2774cc5e6f379a313e435ed69dfd6d4a59adee3cc7ec4bacbdbb3fee5430b73f6051a6096c60e9bc92cc8fa059fac2a93ef7007d64fbe50064964d5a0ad601175cd9caba453f9103b25485545d301f03c5f9f9478bdf9d414bf1dca3b1c1d9daa9971f9e617fbfaf5b02a7fbd5d4fb894c0975c54592b49a0fc85dd0853f30c51502d98fc1ab85a17cc58961aae9764570ba5cbdbc96dfceb8d11da53364b4025fe0b8ba8a353ad23686720169fe973432ffe291a4b11dedda0aac79a5e42620a64587d2059e787013b40ceec599208f66ed0ca6e1be9092ec27db216ee6dadfebc21705bc4a85aee577e57d239af586efeec22cf38d1cfb3cd74dd0d9a3381aa81e6a297e39b819137ad27d475e2bf54aa426dc29c4ca8176df343137a2d79d12ef9aa7be1cf6775e5d8a4430a85c33db61cd2f35187b4f6ea9ebdd753d1c4ef72471159ff07b77870906496249d4278e3f3ca6bcbf37a265b896539190f9a31f1e7b4b65cd1:fa93ed6595bc958dc042ce1645167b79e8f6734c46f80f631fd5484908f5e51a22427ee686f564ff982f6ef4d2ca1f0ca5624910cdd63c11a3c2b16d40973c0707c37c46be3c68d05689577aa64a932b906446b29baf12f6174a6b42bbaefd1f1f373e0bccc473ddfcee1a7f21b96a6260ef0aa1f2d8b2959e71d12c953358a2774cc5e6f379a313e435ed69dfd6d4a59adee3cc7ec4bacbdbb3fee5430b73f6051a6096c60e9bc92cc8fa059fac2a93ef7007d64fbe50064964d5a0ad601175cd9caba453f9103b25485545d301f03c5f9f9478bdf9d414bf1dca3b1c1d9daa9971f9e617fbfaf5b02a7fbd5d4fb894c0975c54592b49a0fc85dd0853f30c51502d98fc1ab85a17cc58961aae9764570ba5cbdbc96dfceb8d11da53364b4025fe0b8ba8a353ad23686720169fe973432ffe291a4b11dedda0aac79a5e42620a64587d2059e787013b40ceec599208f66ed0ca6e1be9092ec27db216ee6dadfebc21705bc4a85aee577e57d239af586efeec22cf38d1cfb3cd74dd0d9a3381aa81e6a297e39b819137ad27d475e2bf54aa426dc29c4ca8176df343137a2d79d12ef9aa7be1cf6775e5d8a4430a85c33db61cd2f35187b4f6ea9ebdd753d1c4ef72471159ff07b77870906496249d4278e3f3ca6bcbf37a265b896539190f9a31f1e7b4b65cd1: +d9682086fe7dda30b87111060193d847566ab94cfd9c97ab6b43e7a8d3f793828b0b1372d88733ef7233f6379790d1e46e1e07e9d3fb8b0be252ed04c5fa163d:8b0b1372d88733ef7233f6379790d1e46e1e07e9d3fb8b0be252ed04c5fa163d:e8814be124be3c63cc9adb03af493d442ff20d8b200b20cd249367f417f9a9d893fbbbe85a642be2701d1d1b3cd48a85cf58f159a197273143a578f42e8bcc8b6240f93271900538ffc187c0afc8dbcc492bcd679baaef3af5088434a94586f94b49970bba18f5ea0ebf0d27ee482aa83ad0dd0ee609df59d37f818b2c8d7c15f0f6f544dd4c7e7cb3a16724324f77d58948f8475a60d53e5bd510c17137c99e1cfa515af9bc85569d212a21190729f2817de8c46915e021df70ff6d60215f614fc21139904df3b292b749dc4dea02518b62d15862c92d2a4c996701cdecaed84ab628ee984fc111eecb59e48444efc0d456e2c852518441c3db7630ddd5156249a28730983838ae59ac4cc7110fd6de68101ea5b2ff69fd364e3c9448defefe175bcbe117cc11b4ff7549c33e1025b6b592048a8e31969e818dcc188bb19d7a2440a3baba4eb1b81c45679db46b31bcde7776757d9931ec2063fc6f1fcd761ecc57a7d030a85ea273ef1825b05092ab9645359a444ff7d166b575fac298308d9faa68463d1d0f7b7df8a51c6815d37159adc0b593224a818321d7219f09686cfc952259718dfc:1793e497eb521ca74e35d14a63868cbe9499da2f21b4eb5260340fca3c1feca78dbe5b14ac10f3fa76fa2e71e4c91461aa75977e5e70792670ef7ff0e6a28708e8814be124be3c63cc9adb03af493d442ff20d8b200b20cd249367f417f9a9d893fbbbe85a642be2701d1d1b3cd48a85cf58f159a197273143a578f42e8bcc8b6240f93271900538ffc187c0afc8dbcc492bcd679baaef3af5088434a94586f94b49970bba18f5ea0ebf0d27ee482aa83ad0dd0ee609df59d37f818b2c8d7c15f0f6f544dd4c7e7cb3a16724324f77d58948f8475a60d53e5bd510c17137c99e1cfa515af9bc85569d212a21190729f2817de8c46915e021df70ff6d60215f614fc21139904df3b292b749dc4dea02518b62d15862c92d2a4c996701cdecaed84ab628ee984fc111eecb59e48444efc0d456e2c852518441c3db7630ddd5156249a28730983838ae59ac4cc7110fd6de68101ea5b2ff69fd364e3c9448defefe175bcbe117cc11b4ff7549c33e1025b6b592048a8e31969e818dcc188bb19d7a2440a3baba4eb1b81c45679db46b31bcde7776757d9931ec2063fc6f1fcd761ecc57a7d030a85ea273ef1825b05092ab9645359a444ff7d166b575fac298308d9faa68463d1d0f7b7df8a51c6815d37159adc0b593224a818321d7219f09686cfc952259718dfc: +b52b249a7aeae0fbd94ffcf9a9fde10de61c3f4cbda14b289fe01f82707334ca735163bfcfd54f9d352e1c2f3c0170c95c1842ccc7421623ae0496980cee791c:735163bfcfd54f9d352e1c2f3c0170c95c1842ccc7421623ae0496980cee791c:1d445e8ee36f6e1064ee1281e6b4a4cec50a91c2b667c8305d1e9a5f7b73a3445882581fb0c11e64f6ee92e811f9f2d6c59c6344be7691d116dda493cade51c0ce77372b61a7c4fbb633401333cbf71372ad2f044e992ac035f5879c053004f8223f237a24a409b7894f6ad518e046b8a84c3f4c6260e6169fd944d57fbcf9ba2775f2d60ed772c46ccd63c850b80d587c5208dfb1a25878c02dece3e602e9632fc3c2c79b25ab41034c6e26b869255357a686781dfe6e644beba9b627da1fcb5ec0be497cf188e1ef1af0601bf16b2911fd9ff34f0e97ac95a7fe2cf90ea6ced33ccb0ed1ef2d4160efb07c591a5cb16c70ca1694fb36f2ca19eba52be3d4ad895abcada4b36f0261d65f59e0cfd2a6148a8892ddbb45810db3bf4a9e26e92c15ea2618cfeeb462d8628f254f54d2af27113bab4f9a7d06791811942bdc32f845922d7b2ddba959140928f8c28d98b44e1d19b97fd39cc0f9a5236d349fc835ac492192462e40ac629bebffd2eba72d2788b244bb777ad0f7b7f96f23412399fc1d87a1d087ba089027eabbc05edafee43379e893291331b460bfa7332e0842ec2573393de95306:6f48a9f7f0fa192b66d12175a333612303e180b9fab18edabebcdf6674fdfcc53607089bf980ce35894c2f9babdc4438667ab3297a6248ec0269faa99c7248071d445e8ee36f6e1064ee1281e6b4a4cec50a91c2b667c8305d1e9a5f7b73a3445882581fb0c11e64f6ee92e811f9f2d6c59c6344be7691d116dda493cade51c0ce77372b61a7c4fbb633401333cbf71372ad2f044e992ac035f5879c053004f8223f237a24a409b7894f6ad518e046b8a84c3f4c6260e6169fd944d57fbcf9ba2775f2d60ed772c46ccd63c850b80d587c5208dfb1a25878c02dece3e602e9632fc3c2c79b25ab41034c6e26b869255357a686781dfe6e644beba9b627da1fcb5ec0be497cf188e1ef1af0601bf16b2911fd9ff34f0e97ac95a7fe2cf90ea6ced33ccb0ed1ef2d4160efb07c591a5cb16c70ca1694fb36f2ca19eba52be3d4ad895abcada4b36f0261d65f59e0cfd2a6148a8892ddbb45810db3bf4a9e26e92c15ea2618cfeeb462d8628f254f54d2af27113bab4f9a7d06791811942bdc32f845922d7b2ddba959140928f8c28d98b44e1d19b97fd39cc0f9a5236d349fc835ac492192462e40ac629bebffd2eba72d2788b244bb777ad0f7b7f96f23412399fc1d87a1d087ba089027eabbc05edafee43379e893291331b460bfa7332e0842ec2573393de95306: +782a93efe0ef06cb2534330efd0e9684e9969b5258123e490239bf24bf9f6523942fa1406ee2683e29377e49f7ba757cf50ef0723707d4403d2862257045de87:942fa1406ee2683e29377e49f7ba757cf50ef0723707d4403d2862257045de87:46a4e319a670ac993994a53300c3f79144c2f7fec1116eeeb3621c76ac35da79dbff6e189ca9dbfc9abbda054847b2971b02facebbe926d469eb0a860389ac744162bf6fb13b42cb9bb8c9d72607138e7800121ee0cd633ed535c7ae5f4060bbdd271c9d110abff5e060ea6ee83890b1e92a9256d7b2ba982a3114bb6deffee2696f0a2f9c21aaa5b2defa11aab7076de6e57e86f284bb67f5a49ee685921032c95b74e7e3eac723f175af082c858e0dfa01728c38fbbb4c83581f81ace6c63c6bdaac5620eb9a568e7ebb7b72b3d1a164ef524e7b9f00799ab086715976c14d0df65f7b96bf9ebcda7feeef113422001a03a7633df5e49939a121db899d9b8ac2db4fad0c30cf0b8bdbc9e9802a797c8238e46511ff24068cadcff2448cc0bff92769223348d45d6b6f2c8f1593388c0bbbf44b6ddb50b98cd7f09c730f7de4d008156cb3cde0cab3ad0a58a83954e234a0a8a04b573c9a8e9b929ed38b8b228bf55a3c6e2c6b51f682652fbb708e74640e3313e17b4694d7fdf0111f90608c1b5af422dcdecad9ddb7f50d1bf5bc6378ccaffc3201e6c787b48c443ba240d9d50ff6c0e9df7f1a5b:93e7405a4044510166c8ac264ce3b5ba6665d68bad458712dc93c2c390568d7402ef7d57f549b8a1042f7f69a679aa855f34f801d57d79895deb8deadb35230846a4e319a670ac993994a53300c3f79144c2f7fec1116eeeb3621c76ac35da79dbff6e189ca9dbfc9abbda054847b2971b02facebbe926d469eb0a860389ac744162bf6fb13b42cb9bb8c9d72607138e7800121ee0cd633ed535c7ae5f4060bbdd271c9d110abff5e060ea6ee83890b1e92a9256d7b2ba982a3114bb6deffee2696f0a2f9c21aaa5b2defa11aab7076de6e57e86f284bb67f5a49ee685921032c95b74e7e3eac723f175af082c858e0dfa01728c38fbbb4c83581f81ace6c63c6bdaac5620eb9a568e7ebb7b72b3d1a164ef524e7b9f00799ab086715976c14d0df65f7b96bf9ebcda7feeef113422001a03a7633df5e49939a121db899d9b8ac2db4fad0c30cf0b8bdbc9e9802a797c8238e46511ff24068cadcff2448cc0bff92769223348d45d6b6f2c8f1593388c0bbbf44b6ddb50b98cd7f09c730f7de4d008156cb3cde0cab3ad0a58a83954e234a0a8a04b573c9a8e9b929ed38b8b228bf55a3c6e2c6b51f682652fbb708e74640e3313e17b4694d7fdf0111f90608c1b5af422dcdecad9ddb7f50d1bf5bc6378ccaffc3201e6c787b48c443ba240d9d50ff6c0e9df7f1a5b: +6fe7bcf7a684423de1076fd76da783423373b381329efd6157424ec4b2655a947740e91afe45324f8bb990ca2a341279ddaf232c3bb415f178b6092fba195fec:7740e91afe45324f8bb990ca2a341279ddaf232c3bb415f178b6092fba195fec:0baf0ad440612b4c5a136c3a42be1ca2b7c319862a44a9fd50c4ee73541c5e6457efa81825b6dd4a72194a2968688bd49e5a8f4c04dbafc2e7884c0c70c208d4e954cd1675da8e74c65c497cf9dc69424965bdcba5de52936f925f62e201f99505d3777beb3c2e08b2ec9a873e5a9c21fb4a2f3e861f3cf4d6b5dcd1c88bcd9163539ac62cd0659f4ef232c2ce57fc77f90285eb350169edc6a806ff50f61c7e0beeebecec63bfc9d3983f5bb4b261c746471fcbf2892c6108970b68db5e43c4504ddae2d0ffffa28b6759ae1128e16f66d492ad61e3722c960f88692be81a9f412890ffa346e702c867dfa259703b73f525074f3227c49cec1b645a103bd4471f33f9f1bac327d7917861d0ad91abee60222ea2a3c8cac052ae9a2cbd90855d733d5319133f9541bd0b61f0995268351e2863c1ca2ca51e3c976383f5c4c11ff410036fd51d5ac56b023ce9029c620f22557019ad9b4264ed4d71b434f4a4d17a7d5769fa1e14a69f7ae419ccf5947f8c7682697116c2405f5a1959c54b48f0872f596ed45964488ddec12bdb636d0b349e749eb66092ff4511fba59b5962cb93cc85515cc86ab0c6b2:9914cc50fef0935efb89b3d64e3c1c3412aed659b90166222c0d13ec1ce3a68ae6281b7efd9d4ec64b82e73e14479f03fbac8fa3abdb41ea4215c4a4d4949d090baf0ad440612b4c5a136c3a42be1ca2b7c319862a44a9fd50c4ee73541c5e6457efa81825b6dd4a72194a2968688bd49e5a8f4c04dbafc2e7884c0c70c208d4e954cd1675da8e74c65c497cf9dc69424965bdcba5de52936f925f62e201f99505d3777beb3c2e08b2ec9a873e5a9c21fb4a2f3e861f3cf4d6b5dcd1c88bcd9163539ac62cd0659f4ef232c2ce57fc77f90285eb350169edc6a806ff50f61c7e0beeebecec63bfc9d3983f5bb4b261c746471fcbf2892c6108970b68db5e43c4504ddae2d0ffffa28b6759ae1128e16f66d492ad61e3722c960f88692be81a9f412890ffa346e702c867dfa259703b73f525074f3227c49cec1b645a103bd4471f33f9f1bac327d7917861d0ad91abee60222ea2a3c8cac052ae9a2cbd90855d733d5319133f9541bd0b61f0995268351e2863c1ca2ca51e3c976383f5c4c11ff410036fd51d5ac56b023ce9029c620f22557019ad9b4264ed4d71b434f4a4d17a7d5769fa1e14a69f7ae419ccf5947f8c7682697116c2405f5a1959c54b48f0872f596ed45964488ddec12bdb636d0b349e749eb66092ff4511fba59b5962cb93cc85515cc86ab0c6b2: +dda48a0d15a29eba9a76305d360e466e72d8040efe2e89c04b6461315a9b8bf44f5cc36a809416b58e15d24cc57968cb573b76ad90887a8ef36cde7eca400fcc:4f5cc36a809416b58e15d24cc57968cb573b76ad90887a8ef36cde7eca400fcc:f5ac19b81f2111a0db0ae30d1513ed343e7f57f7f77d65b8ac7ce3a601174baed9bfa136035976f516d5a870f45db1919f1eb1cbecbe88ec32d191e9248821a7e7681fe3abec11584bdb33de1b4ca94891eb66dcb8539ac41163736ccfd69abb83814dd38cd60381318728052a25cb665471058650ccc75756dbee688ab826ecad4ad5a7db57e8f65f1b64abff82dd53334b797ac40228dd817f239d3ee804a19aeac8cfe33eb657ec9ce923d6b388914cfba2e72bfc2bc3d6f985c0d97534db958eede57b16491ffb755c1a58d78ab377faec0d311818e899260e3ebd1ccd29246fa82d0b76622b2c4bc52f549fee72a30f554f331f36d2a74d999ec10a08294f002b4361e590279c2fb1bda4312ccb24d75282ce7c061a0ca5520c74f6f6333b18c4b541cb6c51e01575ba80512ffa7ce0accd22d14027c53aba1f7437835f1114d68e3acf3ff8de94c8e4ef6d3ab312c91d02970157508f54a5816f467a214e9b1284300289e65f365a610a8ea284666cfe5518e435bccd21627501c725f0b8eb5725e0e06e0cef5db201b48ec91ebf878dd57ce8dac7334848a1bc82c18b065955e4f59be3398594dc:ce71bc82d531d0f93b57bfdc2f7316cf404ee09af88f33bf806c7cad6b8ffa366236ba74e75c15096ddaa6e3a62a8f5eb1c8c3f6b6c94a6a349fc7c0cbfb190df5ac19b81f2111a0db0ae30d1513ed343e7f57f7f77d65b8ac7ce3a601174baed9bfa136035976f516d5a870f45db1919f1eb1cbecbe88ec32d191e9248821a7e7681fe3abec11584bdb33de1b4ca94891eb66dcb8539ac41163736ccfd69abb83814dd38cd60381318728052a25cb665471058650ccc75756dbee688ab826ecad4ad5a7db57e8f65f1b64abff82dd53334b797ac40228dd817f239d3ee804a19aeac8cfe33eb657ec9ce923d6b388914cfba2e72bfc2bc3d6f985c0d97534db958eede57b16491ffb755c1a58d78ab377faec0d311818e899260e3ebd1ccd29246fa82d0b76622b2c4bc52f549fee72a30f554f331f36d2a74d999ec10a08294f002b4361e590279c2fb1bda4312ccb24d75282ce7c061a0ca5520c74f6f6333b18c4b541cb6c51e01575ba80512ffa7ce0accd22d14027c53aba1f7437835f1114d68e3acf3ff8de94c8e4ef6d3ab312c91d02970157508f54a5816f467a214e9b1284300289e65f365a610a8ea284666cfe5518e435bccd21627501c725f0b8eb5725e0e06e0cef5db201b48ec91ebf878dd57ce8dac7334848a1bc82c18b065955e4f59be3398594dc: +ec57b941adf3ca13e77a780577cfd0df5b49edc85351052da34e99f8a9bf32082859c071978a04b7f5407b6d22401a78efd0394bb966b9a04da6b5ef819de3fa:2859c071978a04b7f5407b6d22401a78efd0394bb966b9a04da6b5ef819de3fa:d2bcbd1bc361ab32c66d72fd48a8e227dc6b8d6b150848ba715ff47dd35c8e49381bb4e2933f42cd26b75b14d9c0039282b62b8556aaa11cd691e828382be306889fc9205137b169d3bf17b7f37693fce286039f03809d7d9d98c8fde46f1101942a279c516706f50191a9112f6a24630e1a26c321e46c9ccc85b6ef942f353a642b9e7ef998c0fce2d3a75b999eeb77f31f9b0813a97e3014c3a86e2558734621a3066dae35845031e35665f1922907dbb739786a8b7658ab60276f2d921d1a51230fc74d19e80184a4f10e9e834abc9a36c429726bc055dc8c063f0eca9c61a8a970bd4bb5f424ee4d04bfc295e3bb1f34becbd9920fe2e77fcf36763f32fc9cfd5e465979c167cabf5a1244b491fc06b8946419046ba516c5b233c414ddefb6da04f2e13daff7a9a0c02a518ede57ad9521de64eddf6f49a9670f632d3f7d42425207d053604fe39d13b9f52c8bc292b0076ea42a560056df25de51ad35881d08543224d7fa5d70b8603ef23ce06339d6cd09e22a95749e50dfbd3b8ad69fd30496b984d1c0a199c8594805f38ba44631a2c59eadc6554d19f9bc98366dfdec2a121d0e4814d2cd3f5871:118e1462126b45b8c6803523755c56dfc4e123e4acbb66ba0ba6fe3e053da4119f5719295e0c82ac64d7c5cb1ac898df263ddfd360f3008d91018b26f6a1730ad2bcbd1bc361ab32c66d72fd48a8e227dc6b8d6b150848ba715ff47dd35c8e49381bb4e2933f42cd26b75b14d9c0039282b62b8556aaa11cd691e828382be306889fc9205137b169d3bf17b7f37693fce286039f03809d7d9d98c8fde46f1101942a279c516706f50191a9112f6a24630e1a26c321e46c9ccc85b6ef942f353a642b9e7ef998c0fce2d3a75b999eeb77f31f9b0813a97e3014c3a86e2558734621a3066dae35845031e35665f1922907dbb739786a8b7658ab60276f2d921d1a51230fc74d19e80184a4f10e9e834abc9a36c429726bc055dc8c063f0eca9c61a8a970bd4bb5f424ee4d04bfc295e3bb1f34becbd9920fe2e77fcf36763f32fc9cfd5e465979c167cabf5a1244b491fc06b8946419046ba516c5b233c414ddefb6da04f2e13daff7a9a0c02a518ede57ad9521de64eddf6f49a9670f632d3f7d42425207d053604fe39d13b9f52c8bc292b0076ea42a560056df25de51ad35881d08543224d7fa5d70b8603ef23ce06339d6cd09e22a95749e50dfbd3b8ad69fd30496b984d1c0a199c8594805f38ba44631a2c59eadc6554d19f9bc98366dfdec2a121d0e4814d2cd3f5871: +cbfd91d7695c1f270f69246ab3df90edb21401101ca7f8f26c6d00f4dcb7233e513879cf79d2f46df4b85a5c0949eb2116abf981735a303164cbd85adf20b752:513879cf79d2f46df4b85a5c0949eb2116abf981735a303164cbd85adf20b752:264a933f7d0aecbac13eef644b0b53dd53a1280904100dbc1ab87b51148998f9da0b3a0a6337f5e3486c2b7e548d211259397aaa194ee4695bf98c2d5f4487699f7397e5d3a7e6d5f628fbd05497c556a50a4d05e2b712cdbc351068e42af19538901b8825310e343e1a17a1867dde0eb47ddab456d316f3521554937bf808ae4e4bc1c3c5b4756e4a165ad9e8827f5316f748cac6998ed2d2104f268407c135e62f26a922460eab6d851639a00e5f08b34765ea0244f475bbfeac183e3b5bd1aab798522798a08ec6bf2257d4692f5b03cdd0a2133de970603e3251475aad8d934af6b2bfc7a650b91bdec143f8ad254cfa506bbff28a03beb659ef5e5ddffe76e23230c4ccd46310b37dd91fa6aa68167f62a55c8a69f9ed1ec6cdb144dd81ab0bcbd62643420bcae67869f64c0b169f3cdf3c905895b7d35b6fafda25ccf23c3d10de32e7f271e300d39597da8f843722ef08364a5f7a105b9655172df7c82d7374f98264c9cdccb496f2e10fd8262fb1a9a9965b0b841ac0d0e9c1a3d9493ea7aa600205b8f900be0d7abb4d98a06583d2295c276318be28d421982dedd5bfc33b8865d94ef747d626af99:f336137dfe6f42a6669b55f74b80b3035a040367f90656fcef0a644c52272ddc39273cd7726010ebcd8a30a05201ab70b8ff97d0288a2cb94cbc49020647390b264a933f7d0aecbac13eef644b0b53dd53a1280904100dbc1ab87b51148998f9da0b3a0a6337f5e3486c2b7e548d211259397aaa194ee4695bf98c2d5f4487699f7397e5d3a7e6d5f628fbd05497c556a50a4d05e2b712cdbc351068e42af19538901b8825310e343e1a17a1867dde0eb47ddab456d316f3521554937bf808ae4e4bc1c3c5b4756e4a165ad9e8827f5316f748cac6998ed2d2104f268407c135e62f26a922460eab6d851639a00e5f08b34765ea0244f475bbfeac183e3b5bd1aab798522798a08ec6bf2257d4692f5b03cdd0a2133de970603e3251475aad8d934af6b2bfc7a650b91bdec143f8ad254cfa506bbff28a03beb659ef5e5ddffe76e23230c4ccd46310b37dd91fa6aa68167f62a55c8a69f9ed1ec6cdb144dd81ab0bcbd62643420bcae67869f64c0b169f3cdf3c905895b7d35b6fafda25ccf23c3d10de32e7f271e300d39597da8f843722ef08364a5f7a105b9655172df7c82d7374f98264c9cdccb496f2e10fd8262fb1a9a9965b0b841ac0d0e9c1a3d9493ea7aa600205b8f900be0d7abb4d98a06583d2295c276318be28d421982dedd5bfc33b8865d94ef747d626af99: +51a4197ab7686f82f6003a0c32f39d0f2e47555f4e9f8deee75bcb1bd1ef69e506386df86b61f1f8f4dc45b73edaa841920968bbd131cc5ca1c5294eeed5c8ba:06386df86b61f1f8f4dc45b73edaa841920968bbd131cc5ca1c5294eeed5c8ba:2aedb7e82f1fe4ce469ada48345d006d1b3bff40eb21867f51fce965640c409ec13ad4d52f891bd79066d6b4d944ca868d8986d242b57eccc4c4a488291b159c8de4392be4b86febaa75eac5d22d3c4f8d6bef79adb9b92b4914d5ea07c7f021e2c29f58d07be8a084100bc152d51ca897d7c131644d0895322e9440a8339e1aa390a7f4fcb51ddfb6df48aaf5676337d87ddd85b1d925e1a9c29fe0818f514ef72f747a674946476907a7ca99e9db8d209641057a7f44a317b90974bc86f9617a968a76a6b8387cf5853e608190c1a79f1e1d686e0de22db6cd9aeb8532c5c85cc90b5a018579f28e502a770a4ec675263d0dd781b4fa53c9dbf8098d57b33ae2afbaeb3e68266ad9aab7174ba68c6479883992670ccf3e5ac6a17e65e31e1fdc85e269c80935ef574f20d239568486e7d94a4f724ab7006098b24f3f61587691435c7f29ce4e5ca71b2b1874556433a358c8c5ef3c880843030c2d13d51b78c9bf1a8824e62e111844396f5af2e25c3126ef3626e26efafacf99830aa41212332f378a167233a0b42213afe36d83dc4582a79693b9d571a57712a08b8566d361ac902647afc886603e24283efb:2c072969ff4719212a121938b506c602995b4d02a22e6198d6e87dd6ae076225ac70bb25ef8c0ee81eb6fe953df6b1815949e8ed0506cb012e873cd36cd09b0a2aedb7e82f1fe4ce469ada48345d006d1b3bff40eb21867f51fce965640c409ec13ad4d52f891bd79066d6b4d944ca868d8986d242b57eccc4c4a488291b159c8de4392be4b86febaa75eac5d22d3c4f8d6bef79adb9b92b4914d5ea07c7f021e2c29f58d07be8a084100bc152d51ca897d7c131644d0895322e9440a8339e1aa390a7f4fcb51ddfb6df48aaf5676337d87ddd85b1d925e1a9c29fe0818f514ef72f747a674946476907a7ca99e9db8d209641057a7f44a317b90974bc86f9617a968a76a6b8387cf5853e608190c1a79f1e1d686e0de22db6cd9aeb8532c5c85cc90b5a018579f28e502a770a4ec675263d0dd781b4fa53c9dbf8098d57b33ae2afbaeb3e68266ad9aab7174ba68c6479883992670ccf3e5ac6a17e65e31e1fdc85e269c80935ef574f20d239568486e7d94a4f724ab7006098b24f3f61587691435c7f29ce4e5ca71b2b1874556433a358c8c5ef3c880843030c2d13d51b78c9bf1a8824e62e111844396f5af2e25c3126ef3626e26efafacf99830aa41212332f378a167233a0b42213afe36d83dc4582a79693b9d571a57712a08b8566d361ac902647afc886603e24283efb: +b1119c36118b7a065a195bfb8b79a5c287e09bd287c2daac5e6b01164c5d737f88f218ecba99e770ed214a8d01a92a10400acaf1f6eed420067e136ee2c0c670:88f218ecba99e770ed214a8d01a92a10400acaf1f6eed420067e136ee2c0c670:8816b1eb206d5f6dcc2e4cc391d23209006de935e318152e93fc8c2cf08e26432bad9adb3203d898df0a2e7f1f83dc2f3ed3205bec8efcfd31adc1aca5755db9bd4efe54cc17073077de4a3fdd11996e84b6a052f034b41099226c9c272eae12528f16581b91b812850c207144dbff3e850cca848ec2b1dd164744d7b59337d7e3efef008162e680bd4a0899ced60b171f8cbeb48c5158df6cbfdb26240881bd58ebb8b6a079587279679cb5ad82f371b53c8013804c35596c887e436d23926f994e09d98fbb8ce2704174ef38b68262a7f1a712da0ef0dec639606814b3bdcaf253ff31c48e8a752c111bd7101031cc3d38efb0c9c7f19c59081584a0e015ee7c75b10a4c51ff543a30e52d5f94d8188c6b08e9df1e84a4e2c807170ac124a771b99465a0d38b1f1c6330403c82543582c5bb61b220de1b9e0ef69bdae26023181ba4cc077a5f0d425732ace132ae0c6ff0bb18baea83e8877afbe650fe0bd02093f00a7b5365728dcb66fbb881f592945058a5b350665af91c557a547250ad295e68b4fb72457cfb9d5ea1a7b2a39c9ab7d7ace0af5d51669cb6c2c4c07b2256d10e5ffc6b97c660006313c4eb8d:24ec1e54fc7e722d37551d02cf135d33f5d3ff535773e02991ee85ffd3aa29997f9c464470197fee81dce110609f870b27c18dfbcfd9320548525e93148e22058816b1eb206d5f6dcc2e4cc391d23209006de935e318152e93fc8c2cf08e26432bad9adb3203d898df0a2e7f1f83dc2f3ed3205bec8efcfd31adc1aca5755db9bd4efe54cc17073077de4a3fdd11996e84b6a052f034b41099226c9c272eae12528f16581b91b812850c207144dbff3e850cca848ec2b1dd164744d7b59337d7e3efef008162e680bd4a0899ced60b171f8cbeb48c5158df6cbfdb26240881bd58ebb8b6a079587279679cb5ad82f371b53c8013804c35596c887e436d23926f994e09d98fbb8ce2704174ef38b68262a7f1a712da0ef0dec639606814b3bdcaf253ff31c48e8a752c111bd7101031cc3d38efb0c9c7f19c59081584a0e015ee7c75b10a4c51ff543a30e52d5f94d8188c6b08e9df1e84a4e2c807170ac124a771b99465a0d38b1f1c6330403c82543582c5bb61b220de1b9e0ef69bdae26023181ba4cc077a5f0d425732ace132ae0c6ff0bb18baea83e8877afbe650fe0bd02093f00a7b5365728dcb66fbb881f592945058a5b350665af91c557a547250ad295e68b4fb72457cfb9d5ea1a7b2a39c9ab7d7ace0af5d51669cb6c2c4c07b2256d10e5ffc6b97c660006313c4eb8d: +cbb587514e0a34ffc34cbc04f28c9b4f6465f1eb225cca19b864876daef37d7f6b705d4677d2d849b6744b1ebed167dbcbf645924b1ff2e6360794bdd0e09788:6b705d4677d2d849b6744b1ebed167dbcbf645924b1ff2e6360794bdd0e09788:bdf7d17c706796efd3489559b527b1c0584b9022c9cbda3aac5146da340d9cea69f916037cd21b3eb1104348880fd5c5b7c65ff820f7499346016951cb715d8df2b41c88cd3c66105458b7b590c21c1ae2f6ea9ddea7470f25e02027d171e0e574a2bb21642f8f9da508e21d8e7335b5ace5935299407bd1b01bdd1423133ef045234e701f55549434ade94a60be1e1406ca5c758c36799ce1703084476e484fb1740530aee84266d07adfb4cc689f3265133a59cdf992fbb9a4b12defbe241ddbf65d12b2fbddfc05af0fb8de42080775bad29c6b0459841cbb648a9a95e48d6e36ac514480a3deb4b36554d8da620808ae9d47329710d20aaa6e5d7f547d81ad30f84c0e3d239cde5b169d9ddf294832d67a8060ba329c4ef39be94ac46434dd2185931d1231f9b6df878a5af0831e0e9d8a08d08069ded6a961ef7f39fad501ffd17d6d9b7c654653c1f58fcee1a6cd803d2aef166c78ef5514a3276d6998dc7c09a3fa982e427c785aa6a9e256f7ba72d5a6ba33eb46f1f9fe9be2bfc14109f64773c00c063b4d5cb4f4f8a0beca92a9a016c4f540feea9c3a31e313bbcbc2ff5eca9967857f5f8a909a29d7f20d:1274d6f356eb641472b6b9e5b3ce65d2654e6cb87d3a83fb49d0f7da9c44be2b532604465f6089d680d2d94b0edd2b6b2b805c5e84c379efc059673d31007a09bdf7d17c706796efd3489559b527b1c0584b9022c9cbda3aac5146da340d9cea69f916037cd21b3eb1104348880fd5c5b7c65ff820f7499346016951cb715d8df2b41c88cd3c66105458b7b590c21c1ae2f6ea9ddea7470f25e02027d171e0e574a2bb21642f8f9da508e21d8e7335b5ace5935299407bd1b01bdd1423133ef045234e701f55549434ade94a60be1e1406ca5c758c36799ce1703084476e484fb1740530aee84266d07adfb4cc689f3265133a59cdf992fbb9a4b12defbe241ddbf65d12b2fbddfc05af0fb8de42080775bad29c6b0459841cbb648a9a95e48d6e36ac514480a3deb4b36554d8da620808ae9d47329710d20aaa6e5d7f547d81ad30f84c0e3d239cde5b169d9ddf294832d67a8060ba329c4ef39be94ac46434dd2185931d1231f9b6df878a5af0831e0e9d8a08d08069ded6a961ef7f39fad501ffd17d6d9b7c654653c1f58fcee1a6cd803d2aef166c78ef5514a3276d6998dc7c09a3fa982e427c785aa6a9e256f7ba72d5a6ba33eb46f1f9fe9be2bfc14109f64773c00c063b4d5cb4f4f8a0beca92a9a016c4f540feea9c3a31e313bbcbc2ff5eca9967857f5f8a909a29d7f20d: +8bde3ff61a16995ab9d539f6053219081bcaea1d458ec33684fc1c01fb565bfacd9d782a356e847b7a04c885a9b0907cc33ba97ad5390d4ea5fee5eb198d08b3:cd9d782a356e847b7a04c885a9b0907cc33ba97ad5390d4ea5fee5eb198d08b3:a1f40ec5807e7a27069a43b1aebff583ef037028c02c859525eb8fa4c3ba95a901ff3aed78c4f87752fb795522f5bf715be7e3defac10fcf17e3fa5c54b20089a472333327252ec945718fb455e3f27ccfdef823d12d406e62a4aeba3cb9d1c61b2b17e49e200a8418f935f26eeb57602c7aa3b3a24f7e6238d3e08d2d609f2eada0332bc8cb12916cb03b0d4f9cd602002586d3e4cc7e0e0381c045ad2e1ee28298ae7fcf0c10f212808565296f158d2c32e8cb28156581af52bfc3470c3c9582138d2255e8426d648ca237d7aad2856f171638558241d8ae3f62ba92db596568edee3ec0ef370f83626aa0445af08f967863660e8fba5a41c8e8ede1c960514a14687a4a81e776ae0e8e777fb0f250d51a83b55f8c1ffdd78df3bdc97ff177afeca046c72d72af924ad0d0ab2bfc11b7f4abded51c3987a8bb94d640c8710e5fc9a4190e8a008363d7419cea17c40dea20ea5156029f3debf05241918f54af5039e2c4cf2ca2e139f60e45cc65595cdf54a67d92b6ac66fc0c5a290495ca57b07ef5750d05f57d87d0c228f7e4e15ad0ba0178730f951c697583481c66cbfcd48032544aa8d50908304bd81940308706:7464df0b67eb90b4b73ff082ad0d60ebfe0660dae97069b52c3727223bf70e29e48711a2bbb438f5f8d8a33bb9c48fe7b628fa8a542ff0b5ae36269d4007a505a1f40ec5807e7a27069a43b1aebff583ef037028c02c859525eb8fa4c3ba95a901ff3aed78c4f87752fb795522f5bf715be7e3defac10fcf17e3fa5c54b20089a472333327252ec945718fb455e3f27ccfdef823d12d406e62a4aeba3cb9d1c61b2b17e49e200a8418f935f26eeb57602c7aa3b3a24f7e6238d3e08d2d609f2eada0332bc8cb12916cb03b0d4f9cd602002586d3e4cc7e0e0381c045ad2e1ee28298ae7fcf0c10f212808565296f158d2c32e8cb28156581af52bfc3470c3c9582138d2255e8426d648ca237d7aad2856f171638558241d8ae3f62ba92db596568edee3ec0ef370f83626aa0445af08f967863660e8fba5a41c8e8ede1c960514a14687a4a81e776ae0e8e777fb0f250d51a83b55f8c1ffdd78df3bdc97ff177afeca046c72d72af924ad0d0ab2bfc11b7f4abded51c3987a8bb94d640c8710e5fc9a4190e8a008363d7419cea17c40dea20ea5156029f3debf05241918f54af5039e2c4cf2ca2e139f60e45cc65595cdf54a67d92b6ac66fc0c5a290495ca57b07ef5750d05f57d87d0c228f7e4e15ad0ba0178730f951c697583481c66cbfcd48032544aa8d50908304bd81940308706: +da59bbc523404f07646add7908294977e46645bc8a38bad2809641a23de3b15ab22c0f21aa1c2d45f4b2e56cc9b5e02f9e31a2eaa367ecb482f874cbd8e9fe34:b22c0f21aa1c2d45f4b2e56cc9b5e02f9e31a2eaa367ecb482f874cbd8e9fe34:097106c3624d774dde2551e0c27e19504e6518cc86369ab26ff810969e7de24abc68b4b53f11d945d49ef078eb4f6ba6bf257ff7b608afdcb30a5c59a756fd77a6c1247f6f2a41100d99fc5206af3bcc6de1d3e4968e28fba0123f6045a1b54d693a42bdfa071b2b914b3c3c0c29b2593d07e8bdc86ca42ac555b7dcd9439df9fbd4bbec730d6327bfae4fc41ed498b4f04a0eb14cee608283aaa6e6aa46676bc88aed5d9939037aad4915661af94bb5f6e653a2cac123287073270e0b13fda1dd4871af6a92f992f539df881712fefb038540d41191123b6b3b4b6ff87ffc929a6be53c6cef02f48f2f0cf2fe64a45fd66025cc2d7ee55ebe2316c000855661165e2a5ba41afc2097957b6fe4c55221204b6fc1f317dd3ba13cac39924026bdb66be4542268875631d277f210107a33767f6d9596e25742d7a90ea791ea4bc9ee84a67fd328b80f791ede96d89663e937f0b755baa9d52bda210cee1db339ff1d3c4b000b653b9bde338049af84364e2177f80dd51e2a1672ee555d6317589f6f1d5abe6c2877358bf94b0b808ff857363fbfbe32e97337e4b8a8c221a9e75962a8dc9b5a3d7ca5f9c9b61c73c1469a72bd:1472459cbbae2cf21ce44a15bae9fc85dca40b8182da7d52cbf56ed538d18e03477c140a3ddd0efba43c96aa92f5f9bcdf3481286ce762a7e2bd1e779ba99b0d097106c3624d774dde2551e0c27e19504e6518cc86369ab26ff810969e7de24abc68b4b53f11d945d49ef078eb4f6ba6bf257ff7b608afdcb30a5c59a756fd77a6c1247f6f2a41100d99fc5206af3bcc6de1d3e4968e28fba0123f6045a1b54d693a42bdfa071b2b914b3c3c0c29b2593d07e8bdc86ca42ac555b7dcd9439df9fbd4bbec730d6327bfae4fc41ed498b4f04a0eb14cee608283aaa6e6aa46676bc88aed5d9939037aad4915661af94bb5f6e653a2cac123287073270e0b13fda1dd4871af6a92f992f539df881712fefb038540d41191123b6b3b4b6ff87ffc929a6be53c6cef02f48f2f0cf2fe64a45fd66025cc2d7ee55ebe2316c000855661165e2a5ba41afc2097957b6fe4c55221204b6fc1f317dd3ba13cac39924026bdb66be4542268875631d277f210107a33767f6d9596e25742d7a90ea791ea4bc9ee84a67fd328b80f791ede96d89663e937f0b755baa9d52bda210cee1db339ff1d3c4b000b653b9bde338049af84364e2177f80dd51e2a1672ee555d6317589f6f1d5abe6c2877358bf94b0b808ff857363fbfbe32e97337e4b8a8c221a9e75962a8dc9b5a3d7ca5f9c9b61c73c1469a72bd: +40ea82da41fd15b06ffeb99cd616dc6bc8c1b21477ea239466088e2849bf10165910e580bf412c31a87451d9ddf32b3ab713f9e4a22c590c641c14a5dfbbe0d7:5910e580bf412c31a87451d9ddf32b3ab713f9e4a22c590c641c14a5dfbbe0d7:a06c4e02b83ab7e191ad818cb8187b52a8da004fe838db333c4e02548db6bdf791444642e57fdbc8594e59d7023280bbae82986f399805434bb072c8a27a2dcd5aa62f065bc58b0621fcd365f6cdbf4d57d577d91150301fa48f182f87e8dca7ce45a7d64845ff434d1bab0534ccc83aa0974e88b38fc2508cefcbbc82135b73b384c80eccb8a09e2873cc07129021d81ce129a9df65e613410af950197dbf9afc28edc4e65c3e84da40d2ef841b886bc44719a5d59db2c6dc776401c895e2b3c83783d7817bba68baff59470d6015bba8d975f0eb712f3b8902912805523aa71c90499de689d31ae44e210b8446f2484727cc491b92a8e8b199d628e1df79a28c561e5a7d882e30787d08fb2d5196ba61196309b3bf0c5824a3548c700003fe9913befe12223150012685e90720e9ec6bc4db607425aec531c4fa36086d3b9be391a3f04635a8077a447a16a6fd89afbb9a72d0d355cb0b22d562f43f59d4e37128b3e2d906c8ae23d0aa599c70d3778a076c1a39728f1d6937bd48b978740850566138d34852b63075e89a8e2280edba6f4ee8f61511e9b768e95c78d197b693b109e88818b486a9dfdb74b4c5550acdfbd5:d298fcc9a8ecb76a98d4a71dfb01d276ab2d9670a95bab34cf1d8364516d1ebdb23903460215307125afd09c758e981a452da95c0ac2c0b958c6917e6874190da06c4e02b83ab7e191ad818cb8187b52a8da004fe838db333c4e02548db6bdf791444642e57fdbc8594e59d7023280bbae82986f399805434bb072c8a27a2dcd5aa62f065bc58b0621fcd365f6cdbf4d57d577d91150301fa48f182f87e8dca7ce45a7d64845ff434d1bab0534ccc83aa0974e88b38fc2508cefcbbc82135b73b384c80eccb8a09e2873cc07129021d81ce129a9df65e613410af950197dbf9afc28edc4e65c3e84da40d2ef841b886bc44719a5d59db2c6dc776401c895e2b3c83783d7817bba68baff59470d6015bba8d975f0eb712f3b8902912805523aa71c90499de689d31ae44e210b8446f2484727cc491b92a8e8b199d628e1df79a28c561e5a7d882e30787d08fb2d5196ba61196309b3bf0c5824a3548c700003fe9913befe12223150012685e90720e9ec6bc4db607425aec531c4fa36086d3b9be391a3f04635a8077a447a16a6fd89afbb9a72d0d355cb0b22d562f43f59d4e37128b3e2d906c8ae23d0aa599c70d3778a076c1a39728f1d6937bd48b978740850566138d34852b63075e89a8e2280edba6f4ee8f61511e9b768e95c78d197b693b109e88818b486a9dfdb74b4c5550acdfbd5: +28bb81a17d4584754d52818cd0f1f21baa777e695844a15122ac05344dddc027d5f61d519944d13b84bfa7cd67cb0bea4ef2281efa461f22ade4ba882d11b252:d5f61d519944d13b84bfa7cd67cb0bea4ef2281efa461f22ade4ba882d11b252:92e84c7a55b0bea03e17cfb65f7085ce3f445b1542bae997de5f092a24ff243380286d137091a598f35e6dae1a1c648f5a494c819dfb240652ff908381f32d70bc513100aca16fe7220295b1c71835f16d9310a9d27a04a980ace297d5af3f7cb7c78b24997ccb41f54ecbab507eb73ea6a3ed470e49590509f5d1e6032a2605db87f4a9b9ec91602583f14e2fe1bdb900ecb8971196b55c0d433489f26be9ca157cbd56572887ba859f39674a8e0ca08f2dbb0f27073551d0b1990685178b1ae9e7885499143d9d72c8571d11e0d85bf58df94e2a74d9b6846557f9125ca0944ce5718d2cbae1672ba02b847c17a6f6b445634d2f0175a75cf6883c62e5b521c57141f218b2fb0994b372a716c4a217434beab75740b8e91c622187d03c85da001e00247312a465225f5d6af232064a427d3018700ded774b9026777a5275fc04754606c86600297bf7b71aaff8b9a746677a3662f3750e81b50166f6237000051ffa15868defdf090057722ae229964a4ea085e0dbc04ce1997722c5bb65d2b47ecb746fd83a9f6a69c81545a9b502f5e76d3130c5afcb1c9af99d918740837ce89d7cd213fef2fd062ce8850f69659e4ad327:9ce45a07dbd28d3f6f1b35630a3fd56f1d548f84ffb1c6ae64b21498ae38e596916e77f79905e609fb1ae0da36138a80f242122167068092cc605796c5669e0692e84c7a55b0bea03e17cfb65f7085ce3f445b1542bae997de5f092a24ff243380286d137091a598f35e6dae1a1c648f5a494c819dfb240652ff908381f32d70bc513100aca16fe7220295b1c71835f16d9310a9d27a04a980ace297d5af3f7cb7c78b24997ccb41f54ecbab507eb73ea6a3ed470e49590509f5d1e6032a2605db87f4a9b9ec91602583f14e2fe1bdb900ecb8971196b55c0d433489f26be9ca157cbd56572887ba859f39674a8e0ca08f2dbb0f27073551d0b1990685178b1ae9e7885499143d9d72c8571d11e0d85bf58df94e2a74d9b6846557f9125ca0944ce5718d2cbae1672ba02b847c17a6f6b445634d2f0175a75cf6883c62e5b521c57141f218b2fb0994b372a716c4a217434beab75740b8e91c622187d03c85da001e00247312a465225f5d6af232064a427d3018700ded774b9026777a5275fc04754606c86600297bf7b71aaff8b9a746677a3662f3750e81b50166f6237000051ffa15868defdf090057722ae229964a4ea085e0dbc04ce1997722c5bb65d2b47ecb746fd83a9f6a69c81545a9b502f5e76d3130c5afcb1c9af99d918740837ce89d7cd213fef2fd062ce8850f69659e4ad327: +24bfd4fc45d5093585678101cf563ab8011fd6430de155f2a425f0633ee3b7cd9cf5c5fc0ccfaeb28a08ba67707b18dc84ea0698ffbdbc169a09c28123e6c2ac:9cf5c5fc0ccfaeb28a08ba67707b18dc84ea0698ffbdbc169a09c28123e6c2ac:ba54128f45be2001dbb060d5dcc47144997415d4294f6eba8dceba4f6cf2234683c4265f88032205296e9b27d68506232d57b688407648f87ceb342052bde9d0065542ff1715c942027e67482af4bc278ff71966fb3f62a2a5323cb1b4bae1e7b8fedcbc73ea05b4076421b0b4fae8bc3337416a17fe124e7ee465ebb38d8792306429d8279a1bd54c37bee8f9c85eebe3afd1f64489d4e53ac5f50657bb6ffb97120744b75d47c6226d5a9c9c264ee3e6a6ded05062ca1006669118454550010919c2633cf086950345e514af3843148e5c64352e69037dfe60d4a8eab3eb8cb54bd39af2f353d5ded2e2bc8b11c09f612e128c6efa41f6eb2c958087be34c6335a43005d11a9d3b5a529c2d1b0642f77afdd8c6b1d6fb2a9dcb65f42f4eca8ea9a054058be8613667610e3eed8d1df0739eca171954117989d1b12189ab57904aa960b0ca85541746385efa985be9d97b5a9029989a9c71498dfabdb813681f57e276b64db491b8f082a885145469a531b7f9f04ca0a2c2f8dff20ccb99c2861f54e5eafa962cc53eaf18d3d5e50d337af485f19975f05930700a8a7253f11f184130d0aee70969d96fe08f216951d9dced52388:dc935b60fde44359af8f50ed7f919f483ce3f24e2320c55ba92f3e7617c19bfb54701903ff183b42cbedfef0875f42b12875d36a0aeec73ffd09509d92b28b0dba54128f45be2001dbb060d5dcc47144997415d4294f6eba8dceba4f6cf2234683c4265f88032205296e9b27d68506232d57b688407648f87ceb342052bde9d0065542ff1715c942027e67482af4bc278ff71966fb3f62a2a5323cb1b4bae1e7b8fedcbc73ea05b4076421b0b4fae8bc3337416a17fe124e7ee465ebb38d8792306429d8279a1bd54c37bee8f9c85eebe3afd1f64489d4e53ac5f50657bb6ffb97120744b75d47c6226d5a9c9c264ee3e6a6ded05062ca1006669118454550010919c2633cf086950345e514af3843148e5c64352e69037dfe60d4a8eab3eb8cb54bd39af2f353d5ded2e2bc8b11c09f612e128c6efa41f6eb2c958087be34c6335a43005d11a9d3b5a529c2d1b0642f77afdd8c6b1d6fb2a9dcb65f42f4eca8ea9a054058be8613667610e3eed8d1df0739eca171954117989d1b12189ab57904aa960b0ca85541746385efa985be9d97b5a9029989a9c71498dfabdb813681f57e276b64db491b8f082a885145469a531b7f9f04ca0a2c2f8dff20ccb99c2861f54e5eafa962cc53eaf18d3d5e50d337af485f19975f05930700a8a7253f11f184130d0aee70969d96fe08f216951d9dced52388: +2fc2f9b2050ad7d139273e93e2a0451c7b5cce57599aa6b08d3edc5bb07590c8ffe5a17880d718cc7988c2fd9825b03b93450ac1deb8fbd1f1bf3b8f87805954:ffe5a17880d718cc7988c2fd9825b03b93450ac1deb8fbd1f1bf3b8f87805954:dc1297990cc027d56d1fee265c09bcf207a9583e6bab8d32478228e0bc305b9818154c338ceec34b04c4ade7ac61dcb09bfac8ade00d1f29de317060b8a4daf1987de409ca2c3fe4380088073ccf485e9a69516b5bbb4130f20be69b2dd6a9b465159cca1ac88b328b80c51b66af7f4c50f6228772f28734693ce4805a4163dff14b4d039811ee3fce65935444a6ea9a72d78b915c9c3b766c60b7e0329e43c9c57ede94b91525ce5a075a7297219772ef3c029649b586a95a73bbdf16d8fc20368de4ba44de1064be5826b376be31a86ca478a52efb98f1fa333157719bd6e0da80ed68d0efeafee5a13bcc3b457525258f1f7e031f7b403a461506927b1e6c7d4a0c8d84b5f3dd0eb8bdb13edc2b514a81d088eb077a52c8a831861feee8110e41a325dce206b2d67d25f90ef57e0fde709f3e5a39c04eed31e57c193b283e2da7279ee3f1eed482b3bbcd373902c1df811ac33e1de06429e8f8443f602019650bdc2ee8d7f650036a7a22b8fd88517511229c729a3269b3a3e8fc72b01b5a4b3e33f5272f3ad21629d08b1f717935e9e104add2f0f2033432bec82e2121d98c9c1a58e0daba25536a1be8e5088347f4a14e48d8e3:7aff162a3c0d28dff41715a974af07ecac2132fc18bc43a198fe664659050da19ae22758d52c9cbb94f1358bb02610a8a351c2116279e7245adf69675dfd360adc1297990cc027d56d1fee265c09bcf207a9583e6bab8d32478228e0bc305b9818154c338ceec34b04c4ade7ac61dcb09bfac8ade00d1f29de317060b8a4daf1987de409ca2c3fe4380088073ccf485e9a69516b5bbb4130f20be69b2dd6a9b465159cca1ac88b328b80c51b66af7f4c50f6228772f28734693ce4805a4163dff14b4d039811ee3fce65935444a6ea9a72d78b915c9c3b766c60b7e0329e43c9c57ede94b91525ce5a075a7297219772ef3c029649b586a95a73bbdf16d8fc20368de4ba44de1064be5826b376be31a86ca478a52efb98f1fa333157719bd6e0da80ed68d0efeafee5a13bcc3b457525258f1f7e031f7b403a461506927b1e6c7d4a0c8d84b5f3dd0eb8bdb13edc2b514a81d088eb077a52c8a831861feee8110e41a325dce206b2d67d25f90ef57e0fde709f3e5a39c04eed31e57c193b283e2da7279ee3f1eed482b3bbcd373902c1df811ac33e1de06429e8f8443f602019650bdc2ee8d7f650036a7a22b8fd88517511229c729a3269b3a3e8fc72b01b5a4b3e33f5272f3ad21629d08b1f717935e9e104add2f0f2033432bec82e2121d98c9c1a58e0daba25536a1be8e5088347f4a14e48d8e3: +8afe33a0c08aa3487a97df9f01f05b23277df0bb7e4ce39522aec3d17816e467d004370e6edc34b3e8818667216f5b226b0ff75a58484c8616e1a866444cab57:d004370e6edc34b3e8818667216f5b226b0ff75a58484c8616e1a866444cab57:86fb741f1b9708929195031aa1645fb709a8ae323fff85e5470194452e11b7b1279194b5e2427ce23e1d749c3ddf910b017e4f2dff86dbe482c91bd994e8493f2e6824bba3bc7d7a845f217ae9760b3cd00226d9ff2616d452751a90c3d0d3c36d4ab4b2520f67288171bd3a34b2eacae8d44c1e153dda1f90bcd3595dad37713b8d340156ea90a4e135951ba7169ac175578b81e97a541ab9bfb76328798d7d631c14df2ad613e9c6e1147a0e84062ddba035859d46bade5fadd9b32b43dad483c6b8023b32391e51ef1520c68c6191326c494423080c623dc4ad0aa074748d826c29644c38986a77002f0cab9068e6c9ec73cc2e0c584b80e0bc375721f7a8fc35317a5e240e8c66092fb6305b012c70e17aeaff13386d5e28d06430ca585b0c85b274e7fcbb63e3423a982579e5a64a0262c41908e55dbe43dac1e5cc1bb7298be428720a12e3b072559ec2675d457aaf8f13252e28aad63c1513f5f239564d363c8505ffa4e50f6648c1cb82bba852bff0acb030cbe73f059dd87bbd7318c5586e708618a4f4c9f3bec3f4f07c609eebb24ba878c6bf1e4f2d0fd1450ab94e31755217786fb15182760ffbe5a267cbe998a4ff90a2:63a8aeac025f2dde9a73286e56c2d62dcb79a241ba0b2e2dbaca8752ed2fc8cc7ab8e6600b67645fb5e818a4e82c29180a6b2c3f58d099cb635ce52bdc15700486fb741f1b9708929195031aa1645fb709a8ae323fff85e5470194452e11b7b1279194b5e2427ce23e1d749c3ddf910b017e4f2dff86dbe482c91bd994e8493f2e6824bba3bc7d7a845f217ae9760b3cd00226d9ff2616d452751a90c3d0d3c36d4ab4b2520f67288171bd3a34b2eacae8d44c1e153dda1f90bcd3595dad37713b8d340156ea90a4e135951ba7169ac175578b81e97a541ab9bfb76328798d7d631c14df2ad613e9c6e1147a0e84062ddba035859d46bade5fadd9b32b43dad483c6b8023b32391e51ef1520c68c6191326c494423080c623dc4ad0aa074748d826c29644c38986a77002f0cab9068e6c9ec73cc2e0c584b80e0bc375721f7a8fc35317a5e240e8c66092fb6305b012c70e17aeaff13386d5e28d06430ca585b0c85b274e7fcbb63e3423a982579e5a64a0262c41908e55dbe43dac1e5cc1bb7298be428720a12e3b072559ec2675d457aaf8f13252e28aad63c1513f5f239564d363c8505ffa4e50f6648c1cb82bba852bff0acb030cbe73f059dd87bbd7318c5586e708618a4f4c9f3bec3f4f07c609eebb24ba878c6bf1e4f2d0fd1450ab94e31755217786fb15182760ffbe5a267cbe998a4ff90a2: +6dc7ccf329378e8131b6defcd89370301068946336b0b762ac5ea51487dbd39e04e90d275e79df5f2b6ef4a31505aac05a69459baf2c581b3ce3db29f0f1fc14:04e90d275e79df5f2b6ef4a31505aac05a69459baf2c581b3ce3db29f0f1fc14:20cebbe98401ac8934c3e65a5738cb0ec0cdc75fdb09dc96312894b187c0a46d2c38f4855be3eeccdcdcc56d926a8c08ce6e748e2a858f53532e7e5fc5f7014c8c6f86310cc26efef30ae525a5157940ab535ed8e403112b08e35e2bb3dd91a9ae8f772d2aff37d8c40d2b5cc887a6f15050a0f5bcf0360c3a9d12d5918655edc3c13c86ba6f4a2fa3bfcd405ed38f871cf7dff0f75daf2c321084ee9fa81211adb105b25c2288f0f2f7f93ef656b2de190122e7a4bfd4a1bd9893a8485b509ff0bc46cc961051c1db5a12490c7e741922ccc0a665496470276f69c7b77098c1e670af6b9f851252996875eb8035a817fa9be07f2be0bbb12025e0565414c817e9421ac700373893862f24cb165f9a271a64fd2305c6672c46767f8f075be5d2d4079bfadc3956288b0215605311b5bf32f0037b7c5ad502013e82ae3419d9d8f39c545b5888f47106c94d5fd6084d26034a99f5dcbf26a84eb4ee149c62a0410d8c707b1a9b071f74ed23932585072ce6cbd33d4d54ee917916f5dfc64d26a498018438b455739345dd60ae0f4750625915cc829ab6822d6f05f6d2bda0a7bf5601e9a2ed6de960371d17e6f43709c9678ca743adfbdb45:04509db003a1a6ed3fbcec21ac44ec10cc06d79f2714960882170316275df80423a1c1a112d881fc24d2812526079058aa8b608bfc6b5e57632240c636d6eb0020cebbe98401ac8934c3e65a5738cb0ec0cdc75fdb09dc96312894b187c0a46d2c38f4855be3eeccdcdcc56d926a8c08ce6e748e2a858f53532e7e5fc5f7014c8c6f86310cc26efef30ae525a5157940ab535ed8e403112b08e35e2bb3dd91a9ae8f772d2aff37d8c40d2b5cc887a6f15050a0f5bcf0360c3a9d12d5918655edc3c13c86ba6f4a2fa3bfcd405ed38f871cf7dff0f75daf2c321084ee9fa81211adb105b25c2288f0f2f7f93ef656b2de190122e7a4bfd4a1bd9893a8485b509ff0bc46cc961051c1db5a12490c7e741922ccc0a665496470276f69c7b77098c1e670af6b9f851252996875eb8035a817fa9be07f2be0bbb12025e0565414c817e9421ac700373893862f24cb165f9a271a64fd2305c6672c46767f8f075be5d2d4079bfadc3956288b0215605311b5bf32f0037b7c5ad502013e82ae3419d9d8f39c545b5888f47106c94d5fd6084d26034a99f5dcbf26a84eb4ee149c62a0410d8c707b1a9b071f74ed23932585072ce6cbd33d4d54ee917916f5dfc64d26a498018438b455739345dd60ae0f4750625915cc829ab6822d6f05f6d2bda0a7bf5601e9a2ed6de960371d17e6f43709c9678ca743adfbdb45: +ccae07d2a021fe3e6ee23836a711b97b04e0a441f169607572731cb08c269488a32265e5328a4f49cf06b467a98b9f9d5b997b85dfb7523ca6a0a1d627d32891:a32265e5328a4f49cf06b467a98b9f9d5b997b85dfb7523ca6a0a1d627d32891:a4bf8297d0dc5e4c92bd00ad5b9c09b1238b503d619116ef74260378349a9282b41f3f4676a6215e3ce6d02238480a96043b2942b3feed12620b1fa97f7703b3eb683c1601bd2f51825c450df4fd1f33b0bf9c23c03223789e06e24cf136d3b557403a66981f4b777dcfe890d2ba96da4a4742aeeddd6a611d05fc215694a5d89a5de6760b1d9415155044c049cb02291a1514faa2e77d2ae33d44585bdac6365bf481d9c97833937eab636ed65742a0d5973b24d54089b2daf084d5414765105e4eca14aaadd1053338a8470505232e4ac633345c5cdee1e4653d1d93583af11854b1d9b65fc20281838c56df1148f35ccf9bfe2f3f80ab73f5b791cbed2d920644cf0316f0cb5d3662b9120647da56afbeb47a952953bc1a37de857e4b39fd92b632b85159f46cd05b6abc2338d4632d48e9a178860de8f65d9bc23f24507b7c5629e0bdaac067c476c9c3941d86f788944d744852a61da716f95f3b04f0783a562941bcdda439590fd186b2a8ebf19a5a7e4f4a3aaab7a87a434524fbc9799c9931eb8ce4e34e99b608cac94ab7e74495668df136185f487d9fbcb6605ad725345403ec57f3f6db364a87f38fea4b4c271552e9f2e4a1be:0eec754105447f97d4a9cd246c7eede3fd069018f0d01a41dfabca3e90a741835ea4a9d682342267b250fc1c8c547c89632d9f689af536c7929004ded0d96f09a4bf8297d0dc5e4c92bd00ad5b9c09b1238b503d619116ef74260378349a9282b41f3f4676a6215e3ce6d02238480a96043b2942b3feed12620b1fa97f7703b3eb683c1601bd2f51825c450df4fd1f33b0bf9c23c03223789e06e24cf136d3b557403a66981f4b777dcfe890d2ba96da4a4742aeeddd6a611d05fc215694a5d89a5de6760b1d9415155044c049cb02291a1514faa2e77d2ae33d44585bdac6365bf481d9c97833937eab636ed65742a0d5973b24d54089b2daf084d5414765105e4eca14aaadd1053338a8470505232e4ac633345c5cdee1e4653d1d93583af11854b1d9b65fc20281838c56df1148f35ccf9bfe2f3f80ab73f5b791cbed2d920644cf0316f0cb5d3662b9120647da56afbeb47a952953bc1a37de857e4b39fd92b632b85159f46cd05b6abc2338d4632d48e9a178860de8f65d9bc23f24507b7c5629e0bdaac067c476c9c3941d86f788944d744852a61da716f95f3b04f0783a562941bcdda439590fd186b2a8ebf19a5a7e4f4a3aaab7a87a434524fbc9799c9931eb8ce4e34e99b608cac94ab7e74495668df136185f487d9fbcb6605ad725345403ec57f3f6db364a87f38fea4b4c271552e9f2e4a1be: +db5d5f41fddd6768709747ab8239bb4f42a31d34b4fa88824d94bf78d314926403858ce6b2d24079eead66ca0dfe772ecda9af4d46bc9b5edfdc286b95fe9716:03858ce6b2d24079eead66ca0dfe772ecda9af4d46bc9b5edfdc286b95fe9716:67ee03de45c3e7030db5246ee5b51bf298bba3e4d0934937fc12d9a629604c53c070e30d611999a9cddaf2d9acda6a9f67202b352369d48260eebce0e78e4d5ae54f677521f84a7be0017fab278b2b57275efc5fa57c617186fc1ba49edfbd3308634878d864f2da1583ca8d56ce9fae77c462039abc32d0539c0a60b7bbba5029e9329d275683d9c4ce77d0b908ade98b0e32b4420d9aee2cc10e4be922f9572582dd8967141c1d402e215f20aee0a890e2368e406dea11bd11177f2e038aa2f1a0dff51a128d955d5e5f8d5d0009aaa82440a96864d6c697f910d1df230f467f0e02a2e02bf9e45da95f255410cc5aab8d85f449a5de99aabd44fd763ec14629f3dbab1a247bffb7174648e43b9fb1eb0df5e4109b7a88e05512b20865bad39f9ea79d52f5188e7ca5194405bfb1a09727617f3f6c88192008edbc0c6585dbf261f149dffb593d42716e5a5777f5462beeb1e9a56a2c76e6cb735117cc1183a38d1e00b303d174aa9cf5c731b2c70edd79cc5dc96f4018f1d71d7198bbb7d134cd2ff8c15f9a04280db26a8fa9997eb86b133c022eda15d8ad5e77cc9f62615960bac2f9bbc3ebbd198f72c572b97156fa7fa229a98014e170:5b3d0da7102355486be4d69cfd65886c9d9c8738b293cafb23b2104bfdac8d7d01298eeb18fde3ded6491d41b419cc663752c4e67dbe8986833d20e4ef34180b67ee03de45c3e7030db5246ee5b51bf298bba3e4d0934937fc12d9a629604c53c070e30d611999a9cddaf2d9acda6a9f67202b352369d48260eebce0e78e4d5ae54f677521f84a7be0017fab278b2b57275efc5fa57c617186fc1ba49edfbd3308634878d864f2da1583ca8d56ce9fae77c462039abc32d0539c0a60b7bbba5029e9329d275683d9c4ce77d0b908ade98b0e32b4420d9aee2cc10e4be922f9572582dd8967141c1d402e215f20aee0a890e2368e406dea11bd11177f2e038aa2f1a0dff51a128d955d5e5f8d5d0009aaa82440a96864d6c697f910d1df230f467f0e02a2e02bf9e45da95f255410cc5aab8d85f449a5de99aabd44fd763ec14629f3dbab1a247bffb7174648e43b9fb1eb0df5e4109b7a88e05512b20865bad39f9ea79d52f5188e7ca5194405bfb1a09727617f3f6c88192008edbc0c6585dbf261f149dffb593d42716e5a5777f5462beeb1e9a56a2c76e6cb735117cc1183a38d1e00b303d174aa9cf5c731b2c70edd79cc5dc96f4018f1d71d7198bbb7d134cd2ff8c15f9a04280db26a8fa9997eb86b133c022eda15d8ad5e77cc9f62615960bac2f9bbc3ebbd198f72c572b97156fa7fa229a98014e170: +7f048dfcc2650cda59491d4ce2b2533aecc89cc4b336885194b7ad917db5cd1408001b5d40958bcb270beea9baba3387e3a4b900fc42275657c6c691a2e264f2:08001b5d40958bcb270beea9baba3387e3a4b900fc42275657c6c691a2e264f2:917519cdb33519680bcae04faa790771ce7d1397c345f1b03dd7625776f3f195809932618b1c64acd93ad000ead09654a33d14f748b46b67aae0ff12df3cc163280f47cedc16a8579034e49884296772ecbdbb71ca29c166233533c8de54012b412ca13cc258f7c5465d83422f524e4c05f806313478319fd143cf5088e69837697d3615d80a7fa7e7443fca65e753ac1b11d8eff3476636ae02d7a20f4b2388dad684002f5ce957caddd2053d0ed533132a81ca19bb080bd43be932028cb5f6b964f008b5b1c1c5993bc9b5485b22bbef701f0a26a3e675ea31122bbae91d864b54d895afdc79ca58d4fe449213353b149f3143b5144d747c5b4697479ae68528485384044aa2c99ba4b17b184e94982269bde2de0b17705d0bfc46d6906a90edefe89195de6bb8f3fb6a374186c7cd086d13d1b3525a3994dc8020e1a00554ac8a82d6047c5bff5e7f12450f4865da161e1a021fd9be8bd33a32bb54a4ddf874512e74b5cfd3fc3cd9ac11edd878433668e3fcc782b97b6d905adb0ebec42c9254ac90f35822c00f97ff3f0c7c39ed3c7cb3920f5608bb45838bb242a52a8637d7cecdcf489fa183b45451c6c9fcbbbf914f5f7e6b223bcb4675:583370971d24652ad213c42615911938fa9aa3d9b7196940e6eb08151200c7b6729d1eff8f4f0904074dab3ddda6af1e4e562b7d6220c1a562683beab268f80e917519cdb33519680bcae04faa790771ce7d1397c345f1b03dd7625776f3f195809932618b1c64acd93ad000ead09654a33d14f748b46b67aae0ff12df3cc163280f47cedc16a8579034e49884296772ecbdbb71ca29c166233533c8de54012b412ca13cc258f7c5465d83422f524e4c05f806313478319fd143cf5088e69837697d3615d80a7fa7e7443fca65e753ac1b11d8eff3476636ae02d7a20f4b2388dad684002f5ce957caddd2053d0ed533132a81ca19bb080bd43be932028cb5f6b964f008b5b1c1c5993bc9b5485b22bbef701f0a26a3e675ea31122bbae91d864b54d895afdc79ca58d4fe449213353b149f3143b5144d747c5b4697479ae68528485384044aa2c99ba4b17b184e94982269bde2de0b17705d0bfc46d6906a90edefe89195de6bb8f3fb6a374186c7cd086d13d1b3525a3994dc8020e1a00554ac8a82d6047c5bff5e7f12450f4865da161e1a021fd9be8bd33a32bb54a4ddf874512e74b5cfd3fc3cd9ac11edd878433668e3fcc782b97b6d905adb0ebec42c9254ac90f35822c00f97ff3f0c7c39ed3c7cb3920f5608bb45838bb242a52a8637d7cecdcf489fa183b45451c6c9fcbbbf914f5f7e6b223bcb4675: +9feb3df88c494a99849c6fca194201477a2fa7564e29fb06cb44c1154e8cea3ac35628ca6ee28ec1c239ddc5bba2a9e09e4846816b143c74dfa2aec1f62551b6:c35628ca6ee28ec1c239ddc5bba2a9e09e4846816b143c74dfa2aec1f62551b6:95fb7581bd25ffd442c3ae38a19bea7349c7b7683ba6767e148f0afc15373f67c16d471781202e6da8054ed7fb9ee204cc0f63c210a670a5f9ced4294588196330d31b8e8392bef6b48fe3c92078fae11284b4c3ba20d937e2719de7bf67c00669ad23e61384ebdf8c6e60735428c084fe217fdb4709ccb6083fc0ae4a05273eef739023d34bb73f662dacdf110b6dbd3e74fc1491e8c96596075fae5c36aabe2a0a53052bf77c4462438063aa7bc0c50ab920c9eb288671560ca5ba7af44a53db2e2ff43ca56069ea5517cb214e76faa53dbda100003c4f6175414041be74de22ce155d2281b6f4035be39841afdb96dd89aa808e6865bae62d6bedd919d3e86510b9fa5fedd1977c4131b2b86e0f48d7215eb13d5498ca5d2368f81895ed855a527124657ec9539efe3b2499a3b0b338262f26340e22554c79f4fad2b4e419c70bc1a2107d206456b6368781be4b5e2c54da42d336040fb7ba49c32d752321adcd92986e78bedb226ceac50292089bb579027f702217745afe06a5be136b3998a3604c9ff2acd6fa3f3f71633d3102fbf03047c5486f84c4dc2447d863796383d55f08c981fd4dd7dc1cb72b8ba4435af6abdd74e6f6e6798f1ae2:a1c2607835bec1a1d87872fd8ee488d0ae9ed23d49fd6786fc4996725e49b3262118babb4834877c7f78fbeac02df40ab091b8b420dc9951381e3bcda067050295fb7581bd25ffd442c3ae38a19bea7349c7b7683ba6767e148f0afc15373f67c16d471781202e6da8054ed7fb9ee204cc0f63c210a670a5f9ced4294588196330d31b8e8392bef6b48fe3c92078fae11284b4c3ba20d937e2719de7bf67c00669ad23e61384ebdf8c6e60735428c084fe217fdb4709ccb6083fc0ae4a05273eef739023d34bb73f662dacdf110b6dbd3e74fc1491e8c96596075fae5c36aabe2a0a53052bf77c4462438063aa7bc0c50ab920c9eb288671560ca5ba7af44a53db2e2ff43ca56069ea5517cb214e76faa53dbda100003c4f6175414041be74de22ce155d2281b6f4035be39841afdb96dd89aa808e6865bae62d6bedd919d3e86510b9fa5fedd1977c4131b2b86e0f48d7215eb13d5498ca5d2368f81895ed855a527124657ec9539efe3b2499a3b0b338262f26340e22554c79f4fad2b4e419c70bc1a2107d206456b6368781be4b5e2c54da42d336040fb7ba49c32d752321adcd92986e78bedb226ceac50292089bb579027f702217745afe06a5be136b3998a3604c9ff2acd6fa3f3f71633d3102fbf03047c5486f84c4dc2447d863796383d55f08c981fd4dd7dc1cb72b8ba4435af6abdd74e6f6e6798f1ae2: +bff68955dd6ae0e8ba85ab0d0cdaf04a9f5befd5ef6014f49994a78363dc17f70ad9493af80b15f07a521ccd674fe9e5212a4a28c17c74f6605ffef78a4aed72:0ad9493af80b15f07a521ccd674fe9e5212a4a28c17c74f6605ffef78a4aed72:d8f5650aa3581c4d39bd1b8afc96c1ad7c4bf723426f9d7fabd1a5c8ac1d2fe54a971fac765e05af6e407d7269bab661b3432292a484f952c11095bbd20a15d77c41f8f3731a504d518ee10cd006c96ee57372de5bea348ec8ba159162170c63e970f1c7a3465a3d592e1d56c6540fbdb60228e340909646320c95f25698cd4896bdff58e2561e3b3d9a73b89747912a1cf467d63e41455fda77477f46fe6937bb0e79d92ccd52e82dba908a05a57c7ecf49554ab44c0b718e3bdd5fc0bf7070d9c58f860591c18bca8b3a9a148a06548e0f01602b1e6f686037c94ff732e155d52d5b0b44703b3d11163e3f56e3b9c1b86476e4dcbfc53fa05984e8c75dd21843cf96f9e494abbae7184aa42736633e3811aeff402b2fcb7d7f702e447241e22a58842fd6d0c03d33ff5b8c792200e173daa7b217e4b2f4433e6c020acce501b9323aa0241144434b08e9d2469139ff67342208900546200fd971a65dbd6db6c21e3ef9172abba1ea9ea2a249addf1a1eaa3ce11938b13e30913cd0dad491fcbb3285ea378b8ef9227f3fa80b586ecfeae137066f8448acdfb78d6d3e9ef4a6b362df4241ad9ae253b8e1597d656e000cea447a02fa4933328609bba0:9319eef740633ada1af0e137644c61fb3e11ba4b01d3c6f25392dc9367872a23be56310d312efcb91bdbab78a75e576ebe9081972415f562db41baf5e2338b07d8f5650aa3581c4d39bd1b8afc96c1ad7c4bf723426f9d7fabd1a5c8ac1d2fe54a971fac765e05af6e407d7269bab661b3432292a484f952c11095bbd20a15d77c41f8f3731a504d518ee10cd006c96ee57372de5bea348ec8ba159162170c63e970f1c7a3465a3d592e1d56c6540fbdb60228e340909646320c95f25698cd4896bdff58e2561e3b3d9a73b89747912a1cf467d63e41455fda77477f46fe6937bb0e79d92ccd52e82dba908a05a57c7ecf49554ab44c0b718e3bdd5fc0bf7070d9c58f860591c18bca8b3a9a148a06548e0f01602b1e6f686037c94ff732e155d52d5b0b44703b3d11163e3f56e3b9c1b86476e4dcbfc53fa05984e8c75dd21843cf96f9e494abbae7184aa42736633e3811aeff402b2fcb7d7f702e447241e22a58842fd6d0c03d33ff5b8c792200e173daa7b217e4b2f4433e6c020acce501b9323aa0241144434b08e9d2469139ff67342208900546200fd971a65dbd6db6c21e3ef9172abba1ea9ea2a249addf1a1eaa3ce11938b13e30913cd0dad491fcbb3285ea378b8ef9227f3fa80b586ecfeae137066f8448acdfb78d6d3e9ef4a6b362df4241ad9ae253b8e1597d656e000cea447a02fa4933328609bba0: +1ba919c066bb56e640c3335968e1d1b5bcc093383e2d7cf8b5fff5c61ec47a77804c90bdc2b3618b01f075e041fa971b83c5b6cfa3b6b3974f3fa43599beacab:804c90bdc2b3618b01f075e041fa971b83c5b6cfa3b6b3974f3fa43599beacab:87c5c75d8ad07d52acd781d1bb95f78c70e21c2dd66f7aa44234152f98234d128358a8aee98ea903a77b441db1447ae6ff3432ddd4570f7f58036122c1fdcc93cb21573739c19ccaa411508e08de2606f3d8f2db89df6a44a46133d57018462627e22f57ef36d1de024de3d4ae41b752df4821155934b447b2effe512487521be0356832a74ce0e2d8301b79f93175e8b6b961b1df637d8acadc884543c6864f8025ececec7c6e4fe0fecfc40dcd95e8d6ab93ce25595384436b598b73c74b03d49ed5002c0f858cfd9d0df61ede937cc41659d6708b96fc5aaadee109e2a68846baf2c246dfcf3d27c28bd1371e35fc9412631442ee75f38c6e4958070a74f6e6a220f75c7280eab4737d97e37882f3624811675f16caf60cb944bce92e75884c56483c61f26b6371b1b51237621a06543eb4abea7becc4fc31dbb5475b3deb9bb3c8992387104830c6072afe1af244bf681a40329c9b37772b09c5e88e78f7dffbc04549ffa13b4144ddfa538fc4b3300540ad830215e25f11446d289f33122c2c880de3da71c453d7e88f7ca4ea3d1255e82f4bc9e5533dc401c33040e16940b2cf9cf21feaca1c2c6c33337cf75e1884b483bf801536d304089115a0:503eb7ed6de1b776c952f255bbd4bcfb0e48bc70c2cc2f1f72bf6881479040c47524ec542ae13f6005ca5016b58b736a50898dd0569d4d38ad298630d68adb0b87c5c75d8ad07d52acd781d1bb95f78c70e21c2dd66f7aa44234152f98234d128358a8aee98ea903a77b441db1447ae6ff3432ddd4570f7f58036122c1fdcc93cb21573739c19ccaa411508e08de2606f3d8f2db89df6a44a46133d57018462627e22f57ef36d1de024de3d4ae41b752df4821155934b447b2effe512487521be0356832a74ce0e2d8301b79f93175e8b6b961b1df637d8acadc884543c6864f8025ececec7c6e4fe0fecfc40dcd95e8d6ab93ce25595384436b598b73c74b03d49ed5002c0f858cfd9d0df61ede937cc41659d6708b96fc5aaadee109e2a68846baf2c246dfcf3d27c28bd1371e35fc9412631442ee75f38c6e4958070a74f6e6a220f75c7280eab4737d97e37882f3624811675f16caf60cb944bce92e75884c56483c61f26b6371b1b51237621a06543eb4abea7becc4fc31dbb5475b3deb9bb3c8992387104830c6072afe1af244bf681a40329c9b37772b09c5e88e78f7dffbc04549ffa13b4144ddfa538fc4b3300540ad830215e25f11446d289f33122c2c880de3da71c453d7e88f7ca4ea3d1255e82f4bc9e5533dc401c33040e16940b2cf9cf21feaca1c2c6c33337cf75e1884b483bf801536d304089115a0: +9b36247c17710e95261a7d702f57fe81f2971117a50c87920193b386d494ca9729ae39f273e35fb3f611da091600650efbc4fc4d1e7b4c76aced5a83f82634f3:29ae39f273e35fb3f611da091600650efbc4fc4d1e7b4c76aced5a83f82634f3:e8d9d53ba27e98edd55df3c6b245eacddc8a40e3efb007bc918ec5a869178a170bb4a635b7f8f742e37ad45d14a74344a6b522830a522106eb960daf192dc1e0fd70f16160e122516892d0e2abd0d4ae0f0d2e5adcc99ad55302e251b3e7a4d0cb33774a497049905c33de1fbbc1ad2b6c645295fe416b4d12b232efe0a33cd2ad8732eba1c3cb0eaeb0b2a57fa03ec567ca29210bf6ff9542a766f496fe68058aa983806cbe7ab10a47920bac8248818e54a41551c9a0959e8994cac60fc868ad48b5a24d5f24a7a5a3fd90b847e817ad3dd5d0d6f8de2d204f642483bd53585a92ef925415a9b38fbbf07fc0f35e707569cf488b205453ce5433eba6fde8781af72b52bfbcab85ead385d9d3175e21ad3373ad535cf0e357ed6b5383ef3829a9d5095b87dc9aadbe0ca7abadf33ec3b6ffd6eb94afdcc12e8d66a6fc05acf97368db0f69565dcd8fef4d1e49d7dd4ac053c218f5240c812d4ebba440dc54cacddb1c39329e5bd0c3c80dc3259a80f059f94679aa0794ca0115cc62af25e124cb8a9d4160eace6d22c7b1c44544f81142a19ebb02a9bda6429c50e783db4a07f0219e857c8d3c5655a582831c8eabc3f19b59ad8d2c714adeaf4039d5cf70:035970a672e93f87eb42cc396f6ea7e1b3dd5c5951572826d1075a15c2d7e454df195b51aae8dc61ef7ab895485f64e5989573d98a062e67ae7356fe5c9e3b0fe8d9d53ba27e98edd55df3c6b245eacddc8a40e3efb007bc918ec5a869178a170bb4a635b7f8f742e37ad45d14a74344a6b522830a522106eb960daf192dc1e0fd70f16160e122516892d0e2abd0d4ae0f0d2e5adcc99ad55302e251b3e7a4d0cb33774a497049905c33de1fbbc1ad2b6c645295fe416b4d12b232efe0a33cd2ad8732eba1c3cb0eaeb0b2a57fa03ec567ca29210bf6ff9542a766f496fe68058aa983806cbe7ab10a47920bac8248818e54a41551c9a0959e8994cac60fc868ad48b5a24d5f24a7a5a3fd90b847e817ad3dd5d0d6f8de2d204f642483bd53585a92ef925415a9b38fbbf07fc0f35e707569cf488b205453ce5433eba6fde8781af72b52bfbcab85ead385d9d3175e21ad3373ad535cf0e357ed6b5383ef3829a9d5095b87dc9aadbe0ca7abadf33ec3b6ffd6eb94afdcc12e8d66a6fc05acf97368db0f69565dcd8fef4d1e49d7dd4ac053c218f5240c812d4ebba440dc54cacddb1c39329e5bd0c3c80dc3259a80f059f94679aa0794ca0115cc62af25e124cb8a9d4160eace6d22c7b1c44544f81142a19ebb02a9bda6429c50e783db4a07f0219e857c8d3c5655a582831c8eabc3f19b59ad8d2c714adeaf4039d5cf70: +6fede7396c462033189acd23d2f9d02b68898d35f3a01a798fc24d488de93a78b34062060b2c20076a98fea939b3b3a50451a5f49f8351c0ad7591dbbebb130f:b34062060b2c20076a98fea939b3b3a50451a5f49f8351c0ad7591dbbebb130f:5abcc14b9d8578de08321de0d415e3d40e9de31e1888137475ce62bc6fbee8fdd03b9d47c7b88bbceb804444490bf6a3ccb7a273261e24004ea67cefa3d5d173576d01e38f76c1e0e515083c97e79914acf2be4160ef9360bbe986b36e9ff93346b0e70691d934e47f8a503fa933ab2a50426947cda8e810c9ebe3b36982f09aee6092739fa2358b613c7f129db0dcbe368bee52f2f7f1dfe3d2434605b5afcf256071717d924fd0803bbd0dd1f9555ce834dac781df4cc7aa19e7f11da9fb99cb9e6b9e1e6fb4f7e8dcb2236c28aeb6cbc55a130e03c1b17a991cca1b794e6c13732d5b0a66f6eba860ecb98555aa4c218d112b116bce238295de142741f687be0b2487f58ffc5c12a0a519f1e23793242ef857ed398a20699d4351453fc2f092762abde34f4da2dbe0ce2aabaf6bc4c0159f3fe1aea16a036f7eaecd629538f3e0eed83c9a4dc1abc238f90daaf489fd61b34d937b6f4607a788baa82061943dbab26c1d384d8d49f99348800bf361f871f5d6cda18f689918cec31ad158f1863d13ffac5405c162c32de06e32994cc4106f95bb4fffdbefe7d629ec7797394609fdbfeadb46927370a11fb38471540f951b93c6eb238668dc006c21660ba2:88a83e2012d209ca03b8ebf6de5bb7ef4ccb5e3df5cac78954aa694930e4de82544ef5083c4892db9f05d77bf63f4fdfce15a4d1c3f85bae8077062bec0e7b075abcc14b9d8578de08321de0d415e3d40e9de31e1888137475ce62bc6fbee8fdd03b9d47c7b88bbceb804444490bf6a3ccb7a273261e24004ea67cefa3d5d173576d01e38f76c1e0e515083c97e79914acf2be4160ef9360bbe986b36e9ff93346b0e70691d934e47f8a503fa933ab2a50426947cda8e810c9ebe3b36982f09aee6092739fa2358b613c7f129db0dcbe368bee52f2f7f1dfe3d2434605b5afcf256071717d924fd0803bbd0dd1f9555ce834dac781df4cc7aa19e7f11da9fb99cb9e6b9e1e6fb4f7e8dcb2236c28aeb6cbc55a130e03c1b17a991cca1b794e6c13732d5b0a66f6eba860ecb98555aa4c218d112b116bce238295de142741f687be0b2487f58ffc5c12a0a519f1e23793242ef857ed398a20699d4351453fc2f092762abde34f4da2dbe0ce2aabaf6bc4c0159f3fe1aea16a036f7eaecd629538f3e0eed83c9a4dc1abc238f90daaf489fd61b34d937b6f4607a788baa82061943dbab26c1d384d8d49f99348800bf361f871f5d6cda18f689918cec31ad158f1863d13ffac5405c162c32de06e32994cc4106f95bb4fffdbefe7d629ec7797394609fdbfeadb46927370a11fb38471540f951b93c6eb238668dc006c21660ba2: +d559580134ab050aca446ea7750ef6b371d92d7645ec7635fe7851100bc4e51ede5020cd21a8b32339decbedff24664d9580326327aedf09c5ec6b3fe5405226:de5020cd21a8b32339decbedff24664d9580326327aedf09c5ec6b3fe5405226:6842e3190a110eee96c507d4bcb4c548c3a0ed7b1a8ed77dd93b38613b23c73e830b205e62651921ad8296b08d1e1008ad78f2996e3c7f38032e467cffecd77b8525e243cec021f85296afd545d7be1a62568bb0cfcdb90d614ed798bfb7efc655326816a61082251df01613aac88efcea1e0ea2961b8f921ebe1558dee83374a0113a78c55857ce2055bb2c48badbd3d8f4cb19734d00d0604b619073020d72a99a1923e6160a09946567fd4bda66442ef5a7360786d178dae44922f350ce2edc6af73d1bd80dc03ec3ca7005f4109d10c6d4f7d8fa61735110f8dbaedf91a0bad7d7fb5c04d706373c15c645063ff4b4fbd2d559b0afad432d4c496cd8abfea286fa675dc076726ec522b3a3c2f47aecc539f48a792169c4cc8cd41cd2cb6b63ddbc19373ac9691c2bc2f78f22603d5513715a16d4574e7acc4bea6dcd8ca7f19865a49d3664a210dfad290774b10b7188f255b3be4dc8fa86f8da3f73a4e7c929951df30fe66a17c8cee23e4f2ed2063f0b02ab40372cbe54b9a708df7c48a06566d39b19434c6c766987b3ebb00675f44c4b3c1e9f4504e7a9270589c0d0f4cb734235a58ef074cf9decf3601aeeca9f1d8e356cb2db5fce79cbc36143f34b:6fcb1ac9290ab767d59b598c9a24ecdb6c05bb023ec36014a40d908ef0dc378a4528b3760d889a79174e21cae35df45d427ba6ea812bddca16e35a69b5e79f0a6842e3190a110eee96c507d4bcb4c548c3a0ed7b1a8ed77dd93b38613b23c73e830b205e62651921ad8296b08d1e1008ad78f2996e3c7f38032e467cffecd77b8525e243cec021f85296afd545d7be1a62568bb0cfcdb90d614ed798bfb7efc655326816a61082251df01613aac88efcea1e0ea2961b8f921ebe1558dee83374a0113a78c55857ce2055bb2c48badbd3d8f4cb19734d00d0604b619073020d72a99a1923e6160a09946567fd4bda66442ef5a7360786d178dae44922f350ce2edc6af73d1bd80dc03ec3ca7005f4109d10c6d4f7d8fa61735110f8dbaedf91a0bad7d7fb5c04d706373c15c645063ff4b4fbd2d559b0afad432d4c496cd8abfea286fa675dc076726ec522b3a3c2f47aecc539f48a792169c4cc8cd41cd2cb6b63ddbc19373ac9691c2bc2f78f22603d5513715a16d4574e7acc4bea6dcd8ca7f19865a49d3664a210dfad290774b10b7188f255b3be4dc8fa86f8da3f73a4e7c929951df30fe66a17c8cee23e4f2ed2063f0b02ab40372cbe54b9a708df7c48a06566d39b19434c6c766987b3ebb00675f44c4b3c1e9f4504e7a9270589c0d0f4cb734235a58ef074cf9decf3601aeeca9f1d8e356cb2db5fce79cbc36143f34b: +9d4ce975547876636fea25437c2880c9aa8ee6b270d1b2da197c8d7f95e7dcccbde4993c030477c35890aae82bb5087e914e64b94ffc64e2d7a5a7c919e2d902:bde4993c030477c35890aae82bb5087e914e64b94ffc64e2d7a5a7c919e2d902:ea0fa32a4a288811301b9ee533fa351fdfbf6bc1d0555a7402767a3a9198558f74bba7031857995b9f326226f1dd5df107b06342203eb8d40c5f1dc95b4f3f88975aa24af8769e2670c46671bebb7a0f1b7568729aee477e8988af9c749f3202708171fd94b337ae67ed21a6c44174014b0b0eb5ba71c277978d488c24c4a7841309846b4e30a4fbbcfc45078d7e14014114b1ac64f7c33c9ac25ea5626c2c819fbaa2a4de8a2bf5f1365d6b70407e8094f99197ce1f0c35e11a98fbe372414ea2064a3a12d1cd5c8df8fc0e79f5b770b58f477f91976ca0139895120e246baab5a026f2d39c687dc0788334b5c626d52cdebe05eaf30864b413eebdc5581ef00d439276e52f479c9c05b116395826b60490b3ce700cc0027f61e46ca2f6fbc2c9de2e800806550afb06d4a08eac7a758e24582a4d6d428b433d365fc31d4444607afb64f15e370794005a3a2244e666d5d4c38ad2009c769a51cdbf738d235942f412d07feeb73b3657d0b0c91cb5940bad6a706e14edcdc34225b1c1f38b1abecb2adcaf819155a94fe190fd556822d559d9c470854d3a43bfb868dadd6e443d98ee87e4d8284f5cf3a6dafaf295b902836c640511e610ae7d0cb1b1d3d6079fe6:be17444cd465a87a971df84eb102f9c7a626a7c4ff7aea51d32c81353d5dbc07393ca03db897d1ff09945c4d91d98c9d91acbdc7cc7f34144d4d69eb04d81f0cea0fa32a4a288811301b9ee533fa351fdfbf6bc1d0555a7402767a3a9198558f74bba7031857995b9f326226f1dd5df107b06342203eb8d40c5f1dc95b4f3f88975aa24af8769e2670c46671bebb7a0f1b7568729aee477e8988af9c749f3202708171fd94b337ae67ed21a6c44174014b0b0eb5ba71c277978d488c24c4a7841309846b4e30a4fbbcfc45078d7e14014114b1ac64f7c33c9ac25ea5626c2c819fbaa2a4de8a2bf5f1365d6b70407e8094f99197ce1f0c35e11a98fbe372414ea2064a3a12d1cd5c8df8fc0e79f5b770b58f477f91976ca0139895120e246baab5a026f2d39c687dc0788334b5c626d52cdebe05eaf30864b413eebdc5581ef00d439276e52f479c9c05b116395826b60490b3ce700cc0027f61e46ca2f6fbc2c9de2e800806550afb06d4a08eac7a758e24582a4d6d428b433d365fc31d4444607afb64f15e370794005a3a2244e666d5d4c38ad2009c769a51cdbf738d235942f412d07feeb73b3657d0b0c91cb5940bad6a706e14edcdc34225b1c1f38b1abecb2adcaf819155a94fe190fd556822d559d9c470854d3a43bfb868dadd6e443d98ee87e4d8284f5cf3a6dafaf295b902836c640511e610ae7d0cb1b1d3d6079fe6: +0273868232f5be48592cfa05134e8d5554ed1f9a57bc7e3982a330c57e5a7f3af172208782db66d466cbe4f4417f6fc477b7349f2a98db56c03a47227546bc5a:f172208782db66d466cbe4f4417f6fc477b7349f2a98db56c03a47227546bc5a:f7a1d4614cc64a3bc48f00c6276304f34d4dfd15e0617b93ccef126c5c638c9d9953aabb7df42df4e0aaa7eac96a4b38c7ba758d860c90d05e3d14e479e545f319b0e5a85ad8f0991b43d6e49c24fa060e3e5df95c98d9451ab833e12aa97f404611bba359496265a6db11917d0da5c6a702d0b102de36dd0c98df5b54806ce626bb96374475f68a6060eb350a7d2aae3204b3dfdf9f1e31be81f7170f8a1b9385413ff8f6881e10c1e8da4c88afb50639ab44887aca2abeecedf110d2958c13fd3390d1b96a762d16ce196920ce85f6c415bed545b1445302a6f001eb8d00e97c751887868d481a0b1e4dfa04b6f761086ee8e697b019e017104bafb98fca242e334c6f18f1db5b6f295f05c559361c6831dabc42c2110703f9d1f64e12ddf26a8679854e9f8ef8479e1f12c35447aac02ea7f242e58632cf2fd063fe665070445b80f3dc6a3303bba96e05fa88eec201c5c2d00ca81b8da6969d0a4dd0483b3477d325a71facd6fa2209b48cb4f6525da73c9c05b2d9789b01448e1527e56a09a9bc6136d9837243c2077b925bbb933f8fb1daac963398c5802aeda3bbca8ae3b8f4a9a871f7ea8e2c0ce898c566217b5c06ff55ff9f4fe78398ae7973641eafb521:15e8d8dc7d5d25359d6a10d04ee41918a9c9df4c87be269fa832434d5301db022481bfa395a3e3466f9554ceee0532a8183a0d0550e7d1abe99fc694c6ff9301f7a1d4614cc64a3bc48f00c6276304f34d4dfd15e0617b93ccef126c5c638c9d9953aabb7df42df4e0aaa7eac96a4b38c7ba758d860c90d05e3d14e479e545f319b0e5a85ad8f0991b43d6e49c24fa060e3e5df95c98d9451ab833e12aa97f404611bba359496265a6db11917d0da5c6a702d0b102de36dd0c98df5b54806ce626bb96374475f68a6060eb350a7d2aae3204b3dfdf9f1e31be81f7170f8a1b9385413ff8f6881e10c1e8da4c88afb50639ab44887aca2abeecedf110d2958c13fd3390d1b96a762d16ce196920ce85f6c415bed545b1445302a6f001eb8d00e97c751887868d481a0b1e4dfa04b6f761086ee8e697b019e017104bafb98fca242e334c6f18f1db5b6f295f05c559361c6831dabc42c2110703f9d1f64e12ddf26a8679854e9f8ef8479e1f12c35447aac02ea7f242e58632cf2fd063fe665070445b80f3dc6a3303bba96e05fa88eec201c5c2d00ca81b8da6969d0a4dd0483b3477d325a71facd6fa2209b48cb4f6525da73c9c05b2d9789b01448e1527e56a09a9bc6136d9837243c2077b925bbb933f8fb1daac963398c5802aeda3bbca8ae3b8f4a9a871f7ea8e2c0ce898c566217b5c06ff55ff9f4fe78398ae7973641eafb521: +336a83b55abf4c02e25e540329b5275843c2ecb8df69395b5a5e241bd0d8c10ddd60569844570c9f0a82643f446478b5ac6fc542214231a7ca656a92b5fdaa54:dd60569844570c9f0a82643f446478b5ac6fc542214231a7ca656a92b5fdaa54:9afee8ab482010e29264b406d9b49453d1ce6d550939072182863e4665284ab05d86258e0623b18754c4785238f697f075adfb9e1d31a42e85934ec071ddddecc2e6c2f61334a79526788b4952190716906dde17fba556eea4c8b59727514f6f5615a19ca36da358fae6a6c54f7f4b7a929e31ba7cc71bde7882fa9ffd87300136409caf3ca64eefea616aed58da5dfbf28b668ec1cccffcef6e2e14f8109e9cbf76cfa414f91ac00f48e93eada385dd3d5c16e1a39ea3dd55c761fca361b428f516c05e694fe5c3c345cd94457187a8e604b200a1a0f937ae89f4d6b5421dffcf7ca15f2e2c25378a4113233f7613f4570aa4b909a9135eae4c7b9ead458007ae17126a11d145258af9563db2f7e8925431878b0eeca8affc01ac5913bf5bac4fa3a857c54cc8906d6af77de6b9326b6506151099e87e99b1e819c6fbe082688f34b803d588e416d853169765d62f7e0bdf72c5cd66669a0335562336735e7efb734a2fada327f858bec602d0da08eba4479e7f6dc4def6e4ebdbb730ee91a33445cadc9df52c825ad36149cefbc51ab102033530814bafa7e87961b06367ff896f08ae334a9b1aad703da686706c11a04943ea75e12992dcf6106e372077cd0311029f:d263f56d59cb9b2896a947267c2ed78a945bac5abdbf3c14dc3ad092b2308cb9315c464942a0a20b2024511d766e85c936499a149cd0bbb209150a16432652009afee8ab482010e29264b406d9b49453d1ce6d550939072182863e4665284ab05d86258e0623b18754c4785238f697f075adfb9e1d31a42e85934ec071ddddecc2e6c2f61334a79526788b4952190716906dde17fba556eea4c8b59727514f6f5615a19ca36da358fae6a6c54f7f4b7a929e31ba7cc71bde7882fa9ffd87300136409caf3ca64eefea616aed58da5dfbf28b668ec1cccffcef6e2e14f8109e9cbf76cfa414f91ac00f48e93eada385dd3d5c16e1a39ea3dd55c761fca361b428f516c05e694fe5c3c345cd94457187a8e604b200a1a0f937ae89f4d6b5421dffcf7ca15f2e2c25378a4113233f7613f4570aa4b909a9135eae4c7b9ead458007ae17126a11d145258af9563db2f7e8925431878b0eeca8affc01ac5913bf5bac4fa3a857c54cc8906d6af77de6b9326b6506151099e87e99b1e819c6fbe082688f34b803d588e416d853169765d62f7e0bdf72c5cd66669a0335562336735e7efb734a2fada327f858bec602d0da08eba4479e7f6dc4def6e4ebdbb730ee91a33445cadc9df52c825ad36149cefbc51ab102033530814bafa7e87961b06367ff896f08ae334a9b1aad703da686706c11a04943ea75e12992dcf6106e372077cd0311029f: +88409172618b490393db27d960171cbc187eaf4dd8b320b3d2f824980043718fce2e7c5839ef5632a123dc373dc14b1f0505766e9675407604ca7cf54e8d44b2:ce2e7c5839ef5632a123dc373dc14b1f0505766e9675407604ca7cf54e8d44b2:fb3e82f11bc286267e123817ad8864e077d9f7a8e7a163ac7eeaf93d55dd111de8083b66b53ce7bc771fc5071a2d7ac2f85d6fc6adcfcec446e16aa1046df37209ad7a29cf9665b439a54d6f8d942f89bdaa56f2f11260cc95993038b0e8fbdb3214f142e6c90b61a1d2b142076206af30ac35784a6dc15a1e79251a8c7731a1c53978038f8d76d70c6c1cdf529fbdb84d1507dcffdd42873dfa6a8fe6bd6f7fd29c80e4b2f933d2b6c9e62c9457e665472655059b63b618e2a9a8e5b9e41c3646173a892b8e6d4bcad6a62a6fccd3455890b58ec2681a95cc9776a9fce83c54a9ef312a331959c7ef3f79ee576eb7b79469c9234b1eaef609884708fe4bb0efac662da871ba61ddabb3fcbdeb8f635657dd9a5d7311e639a824858b9a9868d3f9384da612c7f2e771a46bd2624c99ea2b6ccbca996c1d9c375554f2a551619ce6d5e6e4d6b844a4dbea83ba732331fcf46572c1fb0e257ce1041b265df02e690a92814bbf3b5ecac69ee998766a02b0d2f908b3c15f952699616f2c07d589198989e6056c16319aab6cf8771902c078046a88b2570c13bc5edeba2ed1e3ba131daf94e6891862bb3de7d1063fe405307a5cd975693e9d58e17c690eeef4a2603cafc68c2b:93b6e29d63945d5c427387d006c7f0b01956a95fc0436ed42b46d0f17b5bb193ea8c0ebbf3d6d13bb539e35c91f3f0f9fa3414a0223c9060bac83653c6fcd906fb3e82f11bc286267e123817ad8864e077d9f7a8e7a163ac7eeaf93d55dd111de8083b66b53ce7bc771fc5071a2d7ac2f85d6fc6adcfcec446e16aa1046df37209ad7a29cf9665b439a54d6f8d942f89bdaa56f2f11260cc95993038b0e8fbdb3214f142e6c90b61a1d2b142076206af30ac35784a6dc15a1e79251a8c7731a1c53978038f8d76d70c6c1cdf529fbdb84d1507dcffdd42873dfa6a8fe6bd6f7fd29c80e4b2f933d2b6c9e62c9457e665472655059b63b618e2a9a8e5b9e41c3646173a892b8e6d4bcad6a62a6fccd3455890b58ec2681a95cc9776a9fce83c54a9ef312a331959c7ef3f79ee576eb7b79469c9234b1eaef609884708fe4bb0efac662da871ba61ddabb3fcbdeb8f635657dd9a5d7311e639a824858b9a9868d3f9384da612c7f2e771a46bd2624c99ea2b6ccbca996c1d9c375554f2a551619ce6d5e6e4d6b844a4dbea83ba732331fcf46572c1fb0e257ce1041b265df02e690a92814bbf3b5ecac69ee998766a02b0d2f908b3c15f952699616f2c07d589198989e6056c16319aab6cf8771902c078046a88b2570c13bc5edeba2ed1e3ba131daf94e6891862bb3de7d1063fe405307a5cd975693e9d58e17c690eeef4a2603cafc68c2b: +e571189b5cd9e788302de3919d850c227dcbb615022e568bdaeb37ac5b2939c5edda890f42dd5fbc7316a5fadfbec38556f23f51b8efd2625437f6b5069f1ee5:edda890f42dd5fbc7316a5fadfbec38556f23f51b8efd2625437f6b5069f1ee5:b62c867ad6227435bfa6dab830684e38d196e1f861aade0fd6a7699b6d60901fefb2d799c35c6f3d8bb94deee834403981866bab84946ae9476c75e9f1d3602b42cb2db437bff33a775822f0d6a257d4b75400eba5b8abb314b71fc6b46f8a34e861a9a62abf33de8482f63f9d7169e773a2dcebee03705dac117fd1499b68e7414f51ff9437f253a1d9901ec3b0bba86965a19383655487b58010f804909de1ffb2212c0252ddd9bf2a56ac46bd59c0c34dd59e46598b6babd4e5f3fffde55e48dab0398c22af9e26baddf77275e5f017b35a9b8f8435f9631936b391cb95d7adf35d1d8545a0fd066412d508967bbe9a20245a269e3be2777117e75fbac170dba352be69b254d353b3b2cb3b7e21b721aa9fe044f8916b4b2a6f8c28f8abe66ac92b91323ac73afd93dfbeeaeef26d19bd9f67e99d48cd2ad2d3e55e45d24d54b50f44a39b90e242ebe9b42bebdb230c470bdfde1bc7721c3120008477393dcc2e15fd22b251feb0e18b02883c078aee4fb760655a671dc7b8aadb9a562420a3c2efa2d342e1e0099d951b42242984f594e6914fe282b1ee128735984ef93a669e6ecba26c9fcb9f09f09256645617f1392d35908917cb8d29e0897c7503cddd5de1959686:7f797a31715d7c356f8f1f783700aa9974bb936d661661ad968c7cde1ac9e767be56a2dd49b9230e90110c67c0ed187cb7e75c3053ece844984d296f0d85cb07b62c867ad6227435bfa6dab830684e38d196e1f861aade0fd6a7699b6d60901fefb2d799c35c6f3d8bb94deee834403981866bab84946ae9476c75e9f1d3602b42cb2db437bff33a775822f0d6a257d4b75400eba5b8abb314b71fc6b46f8a34e861a9a62abf33de8482f63f9d7169e773a2dcebee03705dac117fd1499b68e7414f51ff9437f253a1d9901ec3b0bba86965a19383655487b58010f804909de1ffb2212c0252ddd9bf2a56ac46bd59c0c34dd59e46598b6babd4e5f3fffde55e48dab0398c22af9e26baddf77275e5f017b35a9b8f8435f9631936b391cb95d7adf35d1d8545a0fd066412d508967bbe9a20245a269e3be2777117e75fbac170dba352be69b254d353b3b2cb3b7e21b721aa9fe044f8916b4b2a6f8c28f8abe66ac92b91323ac73afd93dfbeeaeef26d19bd9f67e99d48cd2ad2d3e55e45d24d54b50f44a39b90e242ebe9b42bebdb230c470bdfde1bc7721c3120008477393dcc2e15fd22b251feb0e18b02883c078aee4fb760655a671dc7b8aadb9a562420a3c2efa2d342e1e0099d951b42242984f594e6914fe282b1ee128735984ef93a669e6ecba26c9fcb9f09f09256645617f1392d35908917cb8d29e0897c7503cddd5de1959686: +371744ab63c115613929a343709bb019b7357dff72d2a149f1d0f71d3a201efee58abfad4a13859f0acb05d0e47d59638f7b1b4936100b988d61e6e70e22667d:e58abfad4a13859f0acb05d0e47d59638f7b1b4936100b988d61e6e70e22667d:c219de1e8d7ad8df08c49377396fe7c1f2d57bd2170633a00d708faadee180ceba92849a7778506cbb366875bf9124701894cecdb3385147d0671843922a649aff7c435eb5a9c74927503072d0067978716dc80be1545a2dbf5a1c38536e12bd7720c1965d3803a4e8aa55765192a13b705ca1059ded0e806362fc5bbe6c76a1c9674bb853790f7e90af00753e00436da48cd082ead64fddb689890162082f8482924f33acd604640f69927352b43f64402d27a883fa6b72aa70d241dffaa1701a25cf1079358260793875f76a2978e9f9f9d68634eb3f5f01bde1ce49e5921252f949f082795e4eafed7be5b49a9f95edbb4a13532e3f3b3be62e2652231253a20c1d5477e8f4bc57ed76fa19eaf03a11bba429b6496ce76246170e043bc14f2d2f703d968f1deb09388715c37cb4752da8d464e348e0313c8993e24133a7c545284e3c9c907d01b260c4883f9cb3e3dc5b6f7fb6d75536365f2132eaeddab570e7273afac0bff5c9fc0b820f2078e0336052e1fe7bdec86674d0998ec78da1c3f34751f886727695f35eca1304b14734766ab05c1186306ded9db3eef65d3c0456cdae8181afee04b296c6722a88c7ef3088d26f7fe74bc89cf5285c688f027b7e68600486af:5eae4ac72af0174ab256527b7cd337a0e5482e615af068db21dae35a64640742604df73fd4ca02ed9515a5608d73195230fadca7b426f02a2fbfd02061af3600c219de1e8d7ad8df08c49377396fe7c1f2d57bd2170633a00d708faadee180ceba92849a7778506cbb366875bf9124701894cecdb3385147d0671843922a649aff7c435eb5a9c74927503072d0067978716dc80be1545a2dbf5a1c38536e12bd7720c1965d3803a4e8aa55765192a13b705ca1059ded0e806362fc5bbe6c76a1c9674bb853790f7e90af00753e00436da48cd082ead64fddb689890162082f8482924f33acd604640f69927352b43f64402d27a883fa6b72aa70d241dffaa1701a25cf1079358260793875f76a2978e9f9f9d68634eb3f5f01bde1ce49e5921252f949f082795e4eafed7be5b49a9f95edbb4a13532e3f3b3be62e2652231253a20c1d5477e8f4bc57ed76fa19eaf03a11bba429b6496ce76246170e043bc14f2d2f703d968f1deb09388715c37cb4752da8d464e348e0313c8993e24133a7c545284e3c9c907d01b260c4883f9cb3e3dc5b6f7fb6d75536365f2132eaeddab570e7273afac0bff5c9fc0b820f2078e0336052e1fe7bdec86674d0998ec78da1c3f34751f886727695f35eca1304b14734766ab05c1186306ded9db3eef65d3c0456cdae8181afee04b296c6722a88c7ef3088d26f7fe74bc89cf5285c688f027b7e68600486af: +498b6ee6492d53231b3532d193578ba75d6a894e2e530034e21ab8ad8d2c0d1fd124665b28facd2d17946a04dfe3d129a4561a2b24eb326d84b62b422e44dbcf:d124665b28facd2d17946a04dfe3d129a4561a2b24eb326d84b62b422e44dbcf:0498a59b87cdae28695547e10863bce804d97de0ac8008f3d5fb652c1757419fdc9e0f9736f4c59a34f21cfc74599fa788fcc10c6730c7df8c3d2c1b6a786d1230b65585719d1cb5c490359b94435d6dd671f54d6e9a19b9b5aaad7e0f233f8797df997828d88cd92ef089ef7dbf1e95277894a2f7c2fd0c8e4dfdfa6d3d14589ff01916dbf9ddd811c2f5e01e94298990a145a6cfc26895614c7c963fef308a4e3856c32dd3e359bc56d2cca496ad199ff1a568d6430ac5cd208e0e2d07803ca523e0d813ad3733ab50bdcadcb988aee758ea50439bf38ee649997604f151c602c82900a8205d8f6f670c8684bf5abb5f75ff29a37eb9bf8105199fbbfb4707e162e64c715270f853e648b0aa26fea0f6db562896bf424a9ffcb292fae85b76cefb8bd5a4b3ce1fb39bd2a50d0c9e6d933e167ff629b8a494f2a9b774eb303c781ea02aff1a8afadc2465cc616968015ed6a5a33c3120b945ed5351981e32fb9fb96b2212dcf8fe9ac56e3cf41dc524f800631020b025919178ce074eef078d6842012a276efa628db54058d1eb5b5b705f1e1818d2df5164baabb0c61956ecdb8c706e562fc4fd64052870530ae425b221f89dd6f90dab882e763e7a7ffa141bbaa8bf7a3f21b0:112f5c6d3bcb3dd99346d32ad69cbfac3e653bef29c68a33f43231f66cea1d0a195427d6e10c0e77c5d55fe2794287ee32e5e22bafbbd8052ad3606b90f945050498a59b87cdae28695547e10863bce804d97de0ac8008f3d5fb652c1757419fdc9e0f9736f4c59a34f21cfc74599fa788fcc10c6730c7df8c3d2c1b6a786d1230b65585719d1cb5c490359b94435d6dd671f54d6e9a19b9b5aaad7e0f233f8797df997828d88cd92ef089ef7dbf1e95277894a2f7c2fd0c8e4dfdfa6d3d14589ff01916dbf9ddd811c2f5e01e94298990a145a6cfc26895614c7c963fef308a4e3856c32dd3e359bc56d2cca496ad199ff1a568d6430ac5cd208e0e2d07803ca523e0d813ad3733ab50bdcadcb988aee758ea50439bf38ee649997604f151c602c82900a8205d8f6f670c8684bf5abb5f75ff29a37eb9bf8105199fbbfb4707e162e64c715270f853e648b0aa26fea0f6db562896bf424a9ffcb292fae85b76cefb8bd5a4b3ce1fb39bd2a50d0c9e6d933e167ff629b8a494f2a9b774eb303c781ea02aff1a8afadc2465cc616968015ed6a5a33c3120b945ed5351981e32fb9fb96b2212dcf8fe9ac56e3cf41dc524f800631020b025919178ce074eef078d6842012a276efa628db54058d1eb5b5b705f1e1818d2df5164baabb0c61956ecdb8c706e562fc4fd64052870530ae425b221f89dd6f90dab882e763e7a7ffa141bbaa8bf7a3f21b0: +cefcfcd1cff4d8910749279131830b1da19dfc5245f78ca68b8c3c1b622b45511d394abd1b4ed1aedf966a60efd3ff882140a7e56b428374ecb443289a9c7f00:1d394abd1b4ed1aedf966a60efd3ff882140a7e56b428374ecb443289a9c7f00:5ec94ed06fc1257ae9c183ce56271207aca37a23fdb4b0e74ac9307a1bb112e05ed5a5d047c93109e2e59477b03378346422de36714c2961bb9736a513ca3671c603a68c2be7317b1b52a076dae2aff7bc88cd5eea0aa268faaadae539c938bb4fd4b6069b1945eb6af0c9e6c8aa5ee4a4af37e90c67e248e8d27bd7f9589c4d30e905651baf45364fa049957ea5d9b7146ca68204e5e973d0f1c91a1c4bded66115028a71114f0f4f851bd115faeb954e3f71a01470b2481a0098d99f9d74898c8ba0287cc7834155214173d1fcbafcfe9b08250384439476055883833816c9524cfd5744aaa259db7ebd3a6aa20b5a6546dadefd140668eb0eccb5f668db9fc62983df980850c9d19882a17550d5dca3542cd36003a0d03cffb04575a3e8e1d07015c7b30eca9115cd2b72e46dfddf6a4dda1faa2dbdc89000d433f6ec9adc46146d939f32121b99b28983d98b9dde8c3f6e5779f2b0700cb023db13de656e0aed1da2d5c6ba2652343648ad420f6ab9e55a97482a1a22b3bc2ee598629abad9547edb5ff790990564bd871f81b24b12f2bf8dbdfe7a88375fad9ccbd9fc0ba1d3bba5e3c4813c18a0348aad83fb1b82689054d99b4600dd1760d0dcce44757467bec1946406d530:7d83ff66ec79307b1c0c093fda3968a96cf6044f5c802888584018845e7caf2a135ac6f1677e84d22e458e227e4f930209919bc11b12f7aaf2b8c94302d642005ec94ed06fc1257ae9c183ce56271207aca37a23fdb4b0e74ac9307a1bb112e05ed5a5d047c93109e2e59477b03378346422de36714c2961bb9736a513ca3671c603a68c2be7317b1b52a076dae2aff7bc88cd5eea0aa268faaadae539c938bb4fd4b6069b1945eb6af0c9e6c8aa5ee4a4af37e90c67e248e8d27bd7f9589c4d30e905651baf45364fa049957ea5d9b7146ca68204e5e973d0f1c91a1c4bded66115028a71114f0f4f851bd115faeb954e3f71a01470b2481a0098d99f9d74898c8ba0287cc7834155214173d1fcbafcfe9b08250384439476055883833816c9524cfd5744aaa259db7ebd3a6aa20b5a6546dadefd140668eb0eccb5f668db9fc62983df980850c9d19882a17550d5dca3542cd36003a0d03cffb04575a3e8e1d07015c7b30eca9115cd2b72e46dfddf6a4dda1faa2dbdc89000d433f6ec9adc46146d939f32121b99b28983d98b9dde8c3f6e5779f2b0700cb023db13de656e0aed1da2d5c6ba2652343648ad420f6ab9e55a97482a1a22b3bc2ee598629abad9547edb5ff790990564bd871f81b24b12f2bf8dbdfe7a88375fad9ccbd9fc0ba1d3bba5e3c4813c18a0348aad83fb1b82689054d99b4600dd1760d0dcce44757467bec1946406d530: +d107cf26f527db71a206e41d17955321013225bb20f93e12df3dc7399e720ca3186bf453c95dc0a2fd589a78e2c80040b3f6ddf9a6f8681d146036cf2146e8fc:186bf453c95dc0a2fd589a78e2c80040b3f6ddf9a6f8681d146036cf2146e8fc:78eb9e13789928a74f360141728ede98389685c836b91fafbf1a7e8c19cfbe21bd3c3d6c6ed83c409ef693f1d735da3fa466497e19f38e30fba2a1023785459070e6e92c1cb7c9bd0c9ba61220157866c3bed2b01e6e6b9b8dd3f0c47c02f181346a0a9b9b5d3d7e18a94d6956855e16e8eaaaab71b10302f35bd8fb1f9b5847304160324926645b0582c2f2f1533a24281461514241db2850ef31c5763b2e3d4fb18fc6d8c1d7e52f7c13392c17e27019ff60008e431f1714370bc0efd9452a61f5c56488d91a185037f1f647f72fa785010d5d78f0a11587ccf66b8088e0e635fff3774193b2edeffd92d6e8a0321128ae64cdb862e631e2ee5ba0da44bbd589dc392b5a113b86a727a8ddb698a334cc668b39b1cde199b88837ca5f00f553f89c622834273641d39bc10c6a24e1eb42587542f03fc1627524ed6b749391f11028706c42364425b2caf20180e1b802c744b49b7bcd9bf7b15c23a0bf1c6965960d341554e1966b6ef82fcfbbe41d1e09d741e309254446777f13c29a67b8bdebc5f7f04d160d60e332e3d0441a0f2f7b192c3e2bdf6dadec2a424f88669806236ee04dea692bd8bb6f91ca0682ece349142575358b9b7be70600b3cb81e1456ba0799fdc01ffd68623:8071d97f324f10358f13ac8c61d424b4f300dd0419571c39e40d99aea5f03140e62ab4c97127ab33e98269966ae1d4557e459bf7f597b313f351a20122f0660e78eb9e13789928a74f360141728ede98389685c836b91fafbf1a7e8c19cfbe21bd3c3d6c6ed83c409ef693f1d735da3fa466497e19f38e30fba2a1023785459070e6e92c1cb7c9bd0c9ba61220157866c3bed2b01e6e6b9b8dd3f0c47c02f181346a0a9b9b5d3d7e18a94d6956855e16e8eaaaab71b10302f35bd8fb1f9b5847304160324926645b0582c2f2f1533a24281461514241db2850ef31c5763b2e3d4fb18fc6d8c1d7e52f7c13392c17e27019ff60008e431f1714370bc0efd9452a61f5c56488d91a185037f1f647f72fa785010d5d78f0a11587ccf66b8088e0e635fff3774193b2edeffd92d6e8a0321128ae64cdb862e631e2ee5ba0da44bbd589dc392b5a113b86a727a8ddb698a334cc668b39b1cde199b88837ca5f00f553f89c622834273641d39bc10c6a24e1eb42587542f03fc1627524ed6b749391f11028706c42364425b2caf20180e1b802c744b49b7bcd9bf7b15c23a0bf1c6965960d341554e1966b6ef82fcfbbe41d1e09d741e309254446777f13c29a67b8bdebc5f7f04d160d60e332e3d0441a0f2f7b192c3e2bdf6dadec2a424f88669806236ee04dea692bd8bb6f91ca0682ece349142575358b9b7be70600b3cb81e1456ba0799fdc01ffd68623: +af7ea8e41c8937a4ec475ad81371a171d3d0f9fd7519a04c751ed4ad8ff8fef915dfc71585bac71ef20f374987c555a3f2f07d6b9c787066c10d63cf06e02ab0:15dfc71585bac71ef20f374987c555a3f2f07d6b9c787066c10d63cf06e02ab0:05f2263f0245ecb9faeb14e57aca436668308c8125df3116c4ee20501d0cde701b366e2b50a1c5edf484144ce16bfb1f7d26dc4275ea9732e264ba4d4a362b40275ba47377dbc332cb65e2f4c8853894aa878a4c175dc5b3b2a757ff3c8d7de660973b89dadf076e2e4fc76239b7bc752a229d44e000ceb667104cb0746bfcf59d69603ae7fc1bcf11d2e33f61dc497ec1b0bd5e4f1dbef435f2f291f30b00a85e833946c8b10484e4abd7d60bdbb1fe6dff5807a53bb89382153013b70ca08efc91b7e9fc5b5dbbb6af123b57be2e140fc471a45d89fa8284cc27e0a1fe771f55598bbdcf068d506dad0a592179ceca39ee9526f9e4fe47bf2bb14fb1486a677d4d7b99a520545676a0f1fa809049aa2414ae7b817d9a036e5c157886e8341d4e819c092a3b48b3606b03acb727c6c2217d0af30121546a94af6b49caa2a8c9b1786fa0c2a524ec7a023e924b5f8a89a53780c7f8781c5b8e869430caa0e6d0437967e3aed44f45c901cbcf1026fbbd4e3dd9a091ecf8b34f7dd5038e543dc7eb6ad5494efb145cf63ec0d355bb8e172f455d8a6b13dacaaddbc56e47de3cf762a1a738ef092f1436680467b5cd82e9e36e2d2b6842b3bd5dce77180ddaf0b643378e698599dd47f5cdbb:c0f1739167274bf91831c74beb645af790459b28bb3f21325365130f409acb66df1d223759a9758e08fd7253737484e285a6fb47404abe2eba5ef249fd025c0a05f2263f0245ecb9faeb14e57aca436668308c8125df3116c4ee20501d0cde701b366e2b50a1c5edf484144ce16bfb1f7d26dc4275ea9732e264ba4d4a362b40275ba47377dbc332cb65e2f4c8853894aa878a4c175dc5b3b2a757ff3c8d7de660973b89dadf076e2e4fc76239b7bc752a229d44e000ceb667104cb0746bfcf59d69603ae7fc1bcf11d2e33f61dc497ec1b0bd5e4f1dbef435f2f291f30b00a85e833946c8b10484e4abd7d60bdbb1fe6dff5807a53bb89382153013b70ca08efc91b7e9fc5b5dbbb6af123b57be2e140fc471a45d89fa8284cc27e0a1fe771f55598bbdcf068d506dad0a592179ceca39ee9526f9e4fe47bf2bb14fb1486a677d4d7b99a520545676a0f1fa809049aa2414ae7b817d9a036e5c157886e8341d4e819c092a3b48b3606b03acb727c6c2217d0af30121546a94af6b49caa2a8c9b1786fa0c2a524ec7a023e924b5f8a89a53780c7f8781c5b8e869430caa0e6d0437967e3aed44f45c901cbcf1026fbbd4e3dd9a091ecf8b34f7dd5038e543dc7eb6ad5494efb145cf63ec0d355bb8e172f455d8a6b13dacaaddbc56e47de3cf762a1a738ef092f1436680467b5cd82e9e36e2d2b6842b3bd5dce77180ddaf0b643378e698599dd47f5cdbb: +0c57cbfcebde10ede02d1cb01df360d41f2e66a50443d58b5d4f0828c9a18bb7c4d761ba189971b9462c61bf46a765f88e2ecaa5bf2211220afb00ac657f7ce5:c4d761ba189971b9462c61bf46a765f88e2ecaa5bf2211220afb00ac657f7ce5:337703243ab5b4e4d3481ee8dd1f4494507174412658a93988b5c30403a7b7ed8522ceb46fa1ee02753a874ef0675d397c575da0b08caa8cee3393784d0f0db8459837af90b9056df4e38e417f3ad2eb1a100ef207ce2ca6c610018021661e307099f2b7c4ae875991140bdd3f0f99ad2c5d55aacb84cc1cdcd579e08072b6951fd45ed289ac9ff7f0986ac88a4fbb9dc9203d9baf180c90edf937258c9d0a6d48e220f72d250c7f2c777eaa7fb9fa11d50a5798772f9fd976b00599f1f0276f3a2e4d988ae92125467a8dedb7a16f9e3a56e8d00662b3eb67a35b9b60e73bd935077ee238df8f6e833b9a5523386826c1f2917b1c3ec98e0a5fde89c48b1d446da5d0c885fef0e374bff30a997c7bafd5e743c85d0c6aaa6ef10a061211a2327c6d84eb747a56e9bf60fcd5b553b798834d0c5ccadb9d4b54e7237d12c679c193a287bb2f511cd4ee2a2d8549b44b21c11fbe5723381c6c5f784687fd90cebc5b495af9e414f2961b06a1c8433b9aa3292bcff4241c227167f8d1de054ba33ad81da3eb3ec6e40a6e26854af349540171b75d75fb9a8d12937827fd594d317b7a8d9f1c2fcabda56375568c3e9e514c2efffc3878363dcfad9fd95436b022e8772a88cb71e803bf90381962:8af7bbe01b8ab93951d16fca05a9c967d1c52c974bea151ea72e4cebaa20cc783bb61d8d69385cac5bc6d72dbd162beef1fcb5dd0e0a08b48ca0b9f6d9a9880c337703243ab5b4e4d3481ee8dd1f4494507174412658a93988b5c30403a7b7ed8522ceb46fa1ee02753a874ef0675d397c575da0b08caa8cee3393784d0f0db8459837af90b9056df4e38e417f3ad2eb1a100ef207ce2ca6c610018021661e307099f2b7c4ae875991140bdd3f0f99ad2c5d55aacb84cc1cdcd579e08072b6951fd45ed289ac9ff7f0986ac88a4fbb9dc9203d9baf180c90edf937258c9d0a6d48e220f72d250c7f2c777eaa7fb9fa11d50a5798772f9fd976b00599f1f0276f3a2e4d988ae92125467a8dedb7a16f9e3a56e8d00662b3eb67a35b9b60e73bd935077ee238df8f6e833b9a5523386826c1f2917b1c3ec98e0a5fde89c48b1d446da5d0c885fef0e374bff30a997c7bafd5e743c85d0c6aaa6ef10a061211a2327c6d84eb747a56e9bf60fcd5b553b798834d0c5ccadb9d4b54e7237d12c679c193a287bb2f511cd4ee2a2d8549b44b21c11fbe5723381c6c5f784687fd90cebc5b495af9e414f2961b06a1c8433b9aa3292bcff4241c227167f8d1de054ba33ad81da3eb3ec6e40a6e26854af349540171b75d75fb9a8d12937827fd594d317b7a8d9f1c2fcabda56375568c3e9e514c2efffc3878363dcfad9fd95436b022e8772a88cb71e803bf90381962: +fe7172278364194bcfefb4783142b79f59d5fd978b1e47c314d78d4cb3f61c8a2e82cce47910c7e2a79bc1f419dc3c3df54f23291fc8193e8258ccd2fd38d548:2e82cce47910c7e2a79bc1f419dc3c3df54f23291fc8193e8258ccd2fd38d548:23509451a059969f2b4bdfcee5388957e9456d1fc0cd857e4f4d3c25a4155d5ee91c2053d558062eea6827950de863bc9c3df9672cde8ba741744ebbddb45ec1f4284570fd0aacd07ea58c581be2afc95ae444e678edc2a02439f387cec982ea3a44814a8a302bb3bfe8228d58de039debdf7c2a7eddb4e71ca474f94f7e2bd89dc65b1610733c91fff89bd499f40154a6198fdf5ec7ad3722d925b292196c429499075be0c5b6da9c090c0791a7019eb5e7366be6ce58ab2f04fecd9127c42718047bf47030691521312c0877aa3f36cc5fbc9caae0fde3945d2a868ee2502a3833208eb850a163cfcbf6da9ee6ad9fe067fe241986fe4436d6ae4edc61561938e2a33f4a33db63f69d3f1a8850ed40028869164103488fb795cd82ca067fe1b4897caa49a7ca9a80f3a8151fd13bbb7ff350e8579f565dc1c4a9ca938d27b15b3f858ef45d3dd78b2c358635356315f55a97528ecfec5d11a5b721503107faa406c17034e601474b3b60cf48692e269261158fc353d4df4274381357790b7756087b00cc79e3b9d28a3f2439febf199e64a8b37c91b5a4334e3354e8faf3a361e856c54bdaa43bfdcd6ee6c9f9679588f6069950832348aacba2bfeebacaa2071ddc7d77898ef0f68793cd25:f6c2a4296b9a3407c6d7a5679dae8666b503d1a17eacf71df493791b8ff0c0aa8eed36b327a29ab7828f46f22de868b628b1cfd501e8599fa31693b15f61080f23509451a059969f2b4bdfcee5388957e9456d1fc0cd857e4f4d3c25a4155d5ee91c2053d558062eea6827950de863bc9c3df9672cde8ba741744ebbddb45ec1f4284570fd0aacd07ea58c581be2afc95ae444e678edc2a02439f387cec982ea3a44814a8a302bb3bfe8228d58de039debdf7c2a7eddb4e71ca474f94f7e2bd89dc65b1610733c91fff89bd499f40154a6198fdf5ec7ad3722d925b292196c429499075be0c5b6da9c090c0791a7019eb5e7366be6ce58ab2f04fecd9127c42718047bf47030691521312c0877aa3f36cc5fbc9caae0fde3945d2a868ee2502a3833208eb850a163cfcbf6da9ee6ad9fe067fe241986fe4436d6ae4edc61561938e2a33f4a33db63f69d3f1a8850ed40028869164103488fb795cd82ca067fe1b4897caa49a7ca9a80f3a8151fd13bbb7ff350e8579f565dc1c4a9ca938d27b15b3f858ef45d3dd78b2c358635356315f55a97528ecfec5d11a5b721503107faa406c17034e601474b3b60cf48692e269261158fc353d4df4274381357790b7756087b00cc79e3b9d28a3f2439febf199e64a8b37c91b5a4334e3354e8faf3a361e856c54bdaa43bfdcd6ee6c9f9679588f6069950832348aacba2bfeebacaa2071ddc7d77898ef0f68793cd25: +a951e4e6ba9f1f0b354831c986942448faede37e11b0f247da2706dceef73ac730362014974bf75c8495c2e271e713d57384384d0a5da88edeea79279c0c58ec:30362014974bf75c8495c2e271e713d57384384d0a5da88edeea79279c0c58ec:20577dcac89174885eedb062489cd512fa72863ec5438e31e95878b75ce2772aee6290a0ba3c8f642c1d0ef55da8d5bc1484f83bb9876c7a8c0b6b609b94d112a06fc83ce8d2c1e08ed6c735e57b244aad6ecf7075363d565ba47865695c8423510909e0a3db4b61ed7aa67a7471331e83a0c58b8220a6245f65661549c1a12d4c0d50c326fb94917cbd07be51e83fe8bb3e46ca01b0a260daaf1d6abe3703d6a925113bb4d57ea1a48b4c7dbdaa03eea814a4b5f02e1dfb545cc623fe17a3bb18e4373f5f7ec2fb5217d23e4fed54a772e11323e730aad7efca8c464400e7679055fcc125a876ef7b8b9de186e229a7abf191d0c56d91815f67872e957bfbc7634aac403576a58f427bdbb30e8c4b6fc6c447741024ebb503a5a9025124a4887f825a43ee940f210a1bd5ae4f6732d60f95f2b83201c4c6dfe279412d7502a5211f8f48f800db30fc3776c4ed3a38bb4634822c98a6d6dd3233be60e42cca45a3163cc84e9e8da647c0711bc4c6ccd65aa1e972c07404d103e74bcc31a7e2c3eea5ac9257ab428947ab3dd3fb153d90694a4073373c4dd9ceb131154fe877473fd996f424f33e316e4eb02b8c7513be6998e516cbba54d94cd0a435e0ffcc2c0a8ef72b630ec24781066aa5efb9:0278c86a15208d9be5b1e1574761861b8af72ae08d40cdcbec354e65a9c3d0a06b5fcbb297d09bef397462395986c3093eeb22644c003c3078178cdf674e990a20577dcac89174885eedb062489cd512fa72863ec5438e31e95878b75ce2772aee6290a0ba3c8f642c1d0ef55da8d5bc1484f83bb9876c7a8c0b6b609b94d112a06fc83ce8d2c1e08ed6c735e57b244aad6ecf7075363d565ba47865695c8423510909e0a3db4b61ed7aa67a7471331e83a0c58b8220a6245f65661549c1a12d4c0d50c326fb94917cbd07be51e83fe8bb3e46ca01b0a260daaf1d6abe3703d6a925113bb4d57ea1a48b4c7dbdaa03eea814a4b5f02e1dfb545cc623fe17a3bb18e4373f5f7ec2fb5217d23e4fed54a772e11323e730aad7efca8c464400e7679055fcc125a876ef7b8b9de186e229a7abf191d0c56d91815f67872e957bfbc7634aac403576a58f427bdbb30e8c4b6fc6c447741024ebb503a5a9025124a4887f825a43ee940f210a1bd5ae4f6732d60f95f2b83201c4c6dfe279412d7502a5211f8f48f800db30fc3776c4ed3a38bb4634822c98a6d6dd3233be60e42cca45a3163cc84e9e8da647c0711bc4c6ccd65aa1e972c07404d103e74bcc31a7e2c3eea5ac9257ab428947ab3dd3fb153d90694a4073373c4dd9ceb131154fe877473fd996f424f33e316e4eb02b8c7513be6998e516cbba54d94cd0a435e0ffcc2c0a8ef72b630ec24781066aa5efb9: +38a9b2d49ba8b82f301a5772cea0efc2218455c8b218b22cbaa2aad2d7ad3b359df5ea1f78f810a521774602bbba4942f0459238966c8bcd21900afbf3d84293:9df5ea1f78f810a521774602bbba4942f0459238966c8bcd21900afbf3d84293:1778167c49b3a44d4a5ba838b7388553b1e13d36ea4f86d30242e1a822a3bbaff5cea63e2ae2a4635be236fef2b8135d14fb621c0bb773c9c17753f80926eb55d0f115bd09a885d844b818c9f04489a331bb5e032b8e58cda36949c5a8d08b55bb8de965e1f90d3b9cfeecfc6ad9a4ee5cb4047e9450acdc64640166a8c069ea849aebddac1ae4afec91ddd17fa5553fa87c56f7e51ec1cd6b5cc23351d057a4ce4a8923c8ae6ac7a8afdcc0881c0e74ebb024ef7296162cb93c68e50bbb074e651ac87dac9ea59d4c3fbf0fe379f3e97a24566ecae54303bcfb6f0cc9f15f6639430e66b19a427849fdfff833df02689e9de44006c903c559183459b9f4a97f54a0f2a28df7b0e9deeda8239d7b516977f5e7d6971b4502e9885f750af8d1a6669e25e77d5f327c77c87a86e0a1872bc96a76060f5f8a0c40cc973bfc7fe6ed9bca78f884e6a2828b94d489d32a0fd337e69db83fb8789afd4e8ef54c22a78c2587468b9ae071bae3b202d3183ad5f0f8e842e5a8de85bfff49e03c8381bca7fd4278ddccaf0134fb5593a395a77a5cbd434593bc4ad0ff4b8400ec674c4ecaf1d57754be0cb2fa9a6441a9abad7b42197ad82e50827e4a4245573a8f0ef87f58228a2867f4b3b834b6635037940a:e19e62ac539a9ca251d12d4c71055b0a3f581d19f2682e672404c78ac1f12bbefc91519276a5cbe16f520cf7a7f687a240f0329157c59f50026a58dcdc50fc081778167c49b3a44d4a5ba838b7388553b1e13d36ea4f86d30242e1a822a3bbaff5cea63e2ae2a4635be236fef2b8135d14fb621c0bb773c9c17753f80926eb55d0f115bd09a885d844b818c9f04489a331bb5e032b8e58cda36949c5a8d08b55bb8de965e1f90d3b9cfeecfc6ad9a4ee5cb4047e9450acdc64640166a8c069ea849aebddac1ae4afec91ddd17fa5553fa87c56f7e51ec1cd6b5cc23351d057a4ce4a8923c8ae6ac7a8afdcc0881c0e74ebb024ef7296162cb93c68e50bbb074e651ac87dac9ea59d4c3fbf0fe379f3e97a24566ecae54303bcfb6f0cc9f15f6639430e66b19a427849fdfff833df02689e9de44006c903c559183459b9f4a97f54a0f2a28df7b0e9deeda8239d7b516977f5e7d6971b4502e9885f750af8d1a6669e25e77d5f327c77c87a86e0a1872bc96a76060f5f8a0c40cc973bfc7fe6ed9bca78f884e6a2828b94d489d32a0fd337e69db83fb8789afd4e8ef54c22a78c2587468b9ae071bae3b202d3183ad5f0f8e842e5a8de85bfff49e03c8381bca7fd4278ddccaf0134fb5593a395a77a5cbd434593bc4ad0ff4b8400ec674c4ecaf1d57754be0cb2fa9a6441a9abad7b42197ad82e50827e4a4245573a8f0ef87f58228a2867f4b3b834b6635037940a: +9a1717873689a03c112dd6b4d76ae73b89b416a598ceec209e27961e7bb1ee8aeecad1e0e4b863291881a8c241db9ccfffe4e55d8b5a42f307b4436acd0649a6:eecad1e0e4b863291881a8c241db9ccfffe4e55d8b5a42f307b4436acd0649a6:e26580470901a07ab0931aa23829802ce04da59fdc2f773bc567f1e65b4f2e2d4a1a6aec1f54158adfce9b099790b503a13d22097ae23ebccf923f3bb1986d6e49111a8cf0d4eb8236bfe0d7c9e93a5efc7feb8e6a9cd1b8d921efa21e449ff49e06c1ccfea31f93e033c3c2a54ddb0f653a09fbd18a70b56315f193e7be56e5168f59563821d4bc3bbb0eaa2048286bbeee5aa3f3e7536cf2b750fd322602bb3847ceca39b75474322d76b1de80fa2eadba152d6f8f020d4d931c53f0a2801224d35deb6ec13b014873e689903607de96d9b7a743a887d2f48daf2ed2eefb202abf6082796981123b966e936dcf3483e2d24d694ecb865fbeb6969f347027fb8b175d24a4c045c0bb4ab5e02ddcbe77d4756c46d137b094473a02307a108340acad9d03bae8403af199cb75cae3162f3815813cc68bf2a5e499e594921149f3bbd214da5137e756521559dc80d9a4b74a0f4943022c7cd5fca42315e0bceeae9069615ce67a04382412313a31d67b346c329ad82e742c0a6ce0a6a02454c113e52022f3cc03fda691ebdfe14c53c8ce5ca9b932ca1a386e3eb4e90a4dc6e8ad8533b5af1aaef5003128655ca64f67fcd97c6ac803002404900bc0fae98463bcc31409f9981748789ade2d07783bc32b:1af8be095538965800d8eff6d723d028d65d0e9c6eb5e9d125bb3b1783f11ef7079a49a807e27ef1260be26a3b231d03b2ae151e49f6f189f15b1c83eab01c02e26580470901a07ab0931aa23829802ce04da59fdc2f773bc567f1e65b4f2e2d4a1a6aec1f54158adfce9b099790b503a13d22097ae23ebccf923f3bb1986d6e49111a8cf0d4eb8236bfe0d7c9e93a5efc7feb8e6a9cd1b8d921efa21e449ff49e06c1ccfea31f93e033c3c2a54ddb0f653a09fbd18a70b56315f193e7be56e5168f59563821d4bc3bbb0eaa2048286bbeee5aa3f3e7536cf2b750fd322602bb3847ceca39b75474322d76b1de80fa2eadba152d6f8f020d4d931c53f0a2801224d35deb6ec13b014873e689903607de96d9b7a743a887d2f48daf2ed2eefb202abf6082796981123b966e936dcf3483e2d24d694ecb865fbeb6969f347027fb8b175d24a4c045c0bb4ab5e02ddcbe77d4756c46d137b094473a02307a108340acad9d03bae8403af199cb75cae3162f3815813cc68bf2a5e499e594921149f3bbd214da5137e756521559dc80d9a4b74a0f4943022c7cd5fca42315e0bceeae9069615ce67a04382412313a31d67b346c329ad82e742c0a6ce0a6a02454c113e52022f3cc03fda691ebdfe14c53c8ce5ca9b932ca1a386e3eb4e90a4dc6e8ad8533b5af1aaef5003128655ca64f67fcd97c6ac803002404900bc0fae98463bcc31409f9981748789ade2d07783bc32b: +43bd924db8156008c6b3994a8130d427d514db8a613b84dfb0b8e0de6ac306761b3461c269d5b0062d5df6fa654a2586f647a0684218a06e5e2f7badfb394131:1b3461c269d5b0062d5df6fa654a2586f647a0684218a06e5e2f7badfb394131:6184e6480c42e96cc877269b16371545ff9523c45ea88e76a1348c68ae7f318b088fe4610928239185b6b55bfa0f43644c4a4c97c56ed77d08b1f4aad2f4aa069994abeca96b7bf81b8064ea4350d8a8b02297a51308b61c57c8f1873c6f97007aca3180429e730a6643f28733547bcf7b9adfe327e85736bd04af7f1d9f4fb84a7f3affdf4e22b574ecb4bc8836b10b8453aeaa5c1bf132248b826cc5230f75e075fac9f037561136e00643d08253e7ad652f702c0d15b6d7d48aa6f8e9b5f5cc146e3f156fb2522751c3710041bd922f37a50377e028b0c4e4bc3465d7c84af6a5fb427acb3b41378b102bda46d8f6f203a5ffcf395d435e93458a0b0a4c2e7782fafe119f769f67058c6677f6d10d9cf5cb8748e1805798ed233f6f930eee0e5075bc58b97af9177fda75d53708beb04dc4f19a43e768074609f14065f48fdad5077ce109bacc357174a6b7956f6e7f32e38415be526370fa58c3c0b31f51e6cd4b2cf27f8bcbc21259d9e5c3b5c2946a9fc1b00d9d15c3b7d80bfd9d05db91d249d3e42d8956682044548d83bda8d5cc9212442f30b45cf4aead80cce9b3512c39c5c737d3f8d747afbab265af5eeef8ca9362ec76e943b0a0d7a39f3db11eca14458a7b592e5e4ff2275dd48b2853:d2a05d88d9d543d94d57ec88ae55681750f20b9be9c1e918cdaf457767f2948dd629e94f068edcf3d9927e330234badc3a02fa5ad3d9d85e948cb0b0cb3cd70a6184e6480c42e96cc877269b16371545ff9523c45ea88e76a1348c68ae7f318b088fe4610928239185b6b55bfa0f43644c4a4c97c56ed77d08b1f4aad2f4aa069994abeca96b7bf81b8064ea4350d8a8b02297a51308b61c57c8f1873c6f97007aca3180429e730a6643f28733547bcf7b9adfe327e85736bd04af7f1d9f4fb84a7f3affdf4e22b574ecb4bc8836b10b8453aeaa5c1bf132248b826cc5230f75e075fac9f037561136e00643d08253e7ad652f702c0d15b6d7d48aa6f8e9b5f5cc146e3f156fb2522751c3710041bd922f37a50377e028b0c4e4bc3465d7c84af6a5fb427acb3b41378b102bda46d8f6f203a5ffcf395d435e93458a0b0a4c2e7782fafe119f769f67058c6677f6d10d9cf5cb8748e1805798ed233f6f930eee0e5075bc58b97af9177fda75d53708beb04dc4f19a43e768074609f14065f48fdad5077ce109bacc357174a6b7956f6e7f32e38415be526370fa58c3c0b31f51e6cd4b2cf27f8bcbc21259d9e5c3b5c2946a9fc1b00d9d15c3b7d80bfd9d05db91d249d3e42d8956682044548d83bda8d5cc9212442f30b45cf4aead80cce9b3512c39c5c737d3f8d747afbab265af5eeef8ca9362ec76e943b0a0d7a39f3db11eca14458a7b592e5e4ff2275dd48b2853: +8fb086206dd95a2621f598560ccb281f8273c8fc72e23611089baac89d3c3c7820276ef479f4d4523ab77420d424e8819c33c83779ed80c7f666e8f4403f94d7:20276ef479f4d4523ab77420d424e8819c33c83779ed80c7f666e8f4403f94d7:f02903ed4266e849a4485205954fffa8a108c323b7e3f84331043514e48556ab019497233a5a127bff3cd7c97086becef538b3f339d7d06e532dc7325e597ae357f816dea42a6a22c79d22074a2e1ad8023c424b7e096e5ad8897b05ef7d00d30a04aaf2981eddff2b347f1e27e20aabbe7e7a9544978e092b00cce420aba06187374ffbb37b4c22d75f04e57590f610a27347286c298312a6c9b1bdf24fbda8513c4f8356ccf757068ffc11bc65113783a5dde7722faf4ceb19fbb62f40702e2c6e6a8bb49ef40446450c4c59a2990944da4744f6ee770b930c246669813ce5a9f5a47dd80388981bfcc3a56b5be2c4c7e659a2e9182dec0aaafe9031aa3954d4fe7c431196a561a5b78eaba64f3db1b586c53b16f679a84921a642c260e4653a61de108ebde6f7053afa2cb3f3668ede121020dd1bace8418aebac3a5bd5142f105ac26fe49e5fb140c19b22d54a6291dfc954670247881646874defad814995519f6260e9774a8d185c37881b4f2543c4b63fbf1985016ab41c4d728cbc90b3ab876267bed41d0c0902f6b50e8fa906fc4788f7b820467306e0fe9e036a0a00f804f91c3ca718b95ff6d9e2204bc3161bf70fcc17b2964b56bc612e29402d96f50986514bc7d831d58e42793786d5806f:a9305e001600d597d05ef671699bf09f0dcc0c44475d3ca31e7ff1bffedc0c67daa1f3b76a035948c59cd87f82453a40950a1c9703c2e7d9280e7303966da301f02903ed4266e849a4485205954fffa8a108c323b7e3f84331043514e48556ab019497233a5a127bff3cd7c97086becef538b3f339d7d06e532dc7325e597ae357f816dea42a6a22c79d22074a2e1ad8023c424b7e096e5ad8897b05ef7d00d30a04aaf2981eddff2b347f1e27e20aabbe7e7a9544978e092b00cce420aba06187374ffbb37b4c22d75f04e57590f610a27347286c298312a6c9b1bdf24fbda8513c4f8356ccf757068ffc11bc65113783a5dde7722faf4ceb19fbb62f40702e2c6e6a8bb49ef40446450c4c59a2990944da4744f6ee770b930c246669813ce5a9f5a47dd80388981bfcc3a56b5be2c4c7e659a2e9182dec0aaafe9031aa3954d4fe7c431196a561a5b78eaba64f3db1b586c53b16f679a84921a642c260e4653a61de108ebde6f7053afa2cb3f3668ede121020dd1bace8418aebac3a5bd5142f105ac26fe49e5fb140c19b22d54a6291dfc954670247881646874defad814995519f6260e9774a8d185c37881b4f2543c4b63fbf1985016ab41c4d728cbc90b3ab876267bed41d0c0902f6b50e8fa906fc4788f7b820467306e0fe9e036a0a00f804f91c3ca718b95ff6d9e2204bc3161bf70fcc17b2964b56bc612e29402d96f50986514bc7d831d58e42793786d5806f: +afa1b846c210b52300e97696f81b8ea774d1df12e612527c55747f29c1937396b609566bbd1947bd7afaceb14389e836227169215fab66851aa5d70d6e2e3b89:b609566bbd1947bd7afaceb14389e836227169215fab66851aa5d70d6e2e3b89:4cac1b1f4bd48284dcc9afc8b5955b64b436db704b0335d9755cc1f97477f8d323cb6410ef146ab8a9efb9526d8b62e3bbad1f7295f47ba9f0de958f8ec9b77ab42232437ed974856444cd22e20be35e91813bff4b016f810d0f61d89f6b614db33f34bd09985b593fe3e06e065b7bc6cd39d55c2cfbec7b6d59c0b37dd1d0d35135ab1d1b04f2f30c2f04f4ba2b36582738081cf59190f528363db944ed612931d1d514c6214f9ab92abb1833926183ac52fba2a4551e20e4c0ac959a49ddb167a381e0241d40c086e90e52aca017258975dbab2ba451ee539a718f076a58709c6697418d9c6f13e4d391368bf0e8bd8f2932dd95ceaf7aaca1241147d341a3acd08dc32905483572b89a80cc47231468ab8de359dd525a6257cf196c2ecb82fa8a78aa3a851c7c96ca25bf7ca3dcf3ca21453d0dfd3323d5a422dec84316102f684c359f226bb53779c0b9950939281ef79a58c011993eace085497afa4daf64c9687b0a11aa116cfa7b03936241a5567b646e7e42e9fb592405b8fa3c0a821fc3121b45b1753cec9a83947d211a45499bd63790b87f01472fe566d87696efedbb74ed00048c384ba7f027b3aa4298dc4110349fedf52a96cd05d08bd635771ed4510738d8f07a6021244d1903579a3ea739:98b0c6313cecaf7c82cbdeb3d0280641c61a060f65e563aa93ce18300a9b58272dc8680b485e8cd11cf80fdca868fab365378384a142727f2f844f87cfdf19054cac1b1f4bd48284dcc9afc8b5955b64b436db704b0335d9755cc1f97477f8d323cb6410ef146ab8a9efb9526d8b62e3bbad1f7295f47ba9f0de958f8ec9b77ab42232437ed974856444cd22e20be35e91813bff4b016f810d0f61d89f6b614db33f34bd09985b593fe3e06e065b7bc6cd39d55c2cfbec7b6d59c0b37dd1d0d35135ab1d1b04f2f30c2f04f4ba2b36582738081cf59190f528363db944ed612931d1d514c6214f9ab92abb1833926183ac52fba2a4551e20e4c0ac959a49ddb167a381e0241d40c086e90e52aca017258975dbab2ba451ee539a718f076a58709c6697418d9c6f13e4d391368bf0e8bd8f2932dd95ceaf7aaca1241147d341a3acd08dc32905483572b89a80cc47231468ab8de359dd525a6257cf196c2ecb82fa8a78aa3a851c7c96ca25bf7ca3dcf3ca21453d0dfd3323d5a422dec84316102f684c359f226bb53779c0b9950939281ef79a58c011993eace085497afa4daf64c9687b0a11aa116cfa7b03936241a5567b646e7e42e9fb592405b8fa3c0a821fc3121b45b1753cec9a83947d211a45499bd63790b87f01472fe566d87696efedbb74ed00048c384ba7f027b3aa4298dc4110349fedf52a96cd05d08bd635771ed4510738d8f07a6021244d1903579a3ea739: +c85913a6877877131001623ccda9cdc12b9d4043b8a83793c44696632cd6421c9cc67c6948f7bf6e556d0849d3b8d203457a7b61549b36681d754f1dc0841e96:9cc67c6948f7bf6e556d0849d3b8d203457a7b61549b36681d754f1dc0841e96:91b5009e83d0f6103399c2d3feec0084973a305bf4176ec782537560472db187a11b4dcb4b2ffb7f0644feb394b28e5bfe97247c4a4a231cf6e916bf99344ccda88a7f5d831d6de3d563dd102eaeb108c5bdce44e0632d17e6fa55b18067df2fa8d200a9869f6aff920c51d46a1ced2d903b1d9b6b075facbf91cd05eb41ad811a8ef40d9118261012c72b8979f15153dbb8561293da9f8b77c8ff14f75387536f0036d1713a72ce8c35b1062f2c6732aebf32936799b51c2cbcd6572413e7dfaab8641a02c150237381cf7a14e22c74c6c20009de7d3b7e69cd1b4584ac2c01babaf973c56b3814bb0089720e41968106cf26509d4aa546fcad5534af303ffca42b16ae6c93ee06bc3cace12e4ec718844bd30d2224cc486d106d1c456bfa165ea0120fab3df2c5ab3a523bbfa789deed44032ab0be86eb7cc09cdb7c07aa948dd5277c3df1d9d1843567dec84f9288e085b05ae4b8af2cea5d9a184d50bef85550c836613d5d3af5f9c2928e6a89660fa62719ebff773e46b77e34bc0470da4d2cdbc7071da758c4d39fe65201c88aaa8e6603d0bbe7c3e9b2d9e41b634682092f147341ad6d667f20c64e81a68d629467a54dd86e1ce12c560a6f9b64512d6f3886cbb9f37c37eb3985c8ac38dd6682f48fe1:01fccfdb1fb6888b0310a913170f7e366816daebe7650d72513d9506e66f7d62208a49ece0af1871497f4541ef605bde711c9e0a1205ef48f26c03dc1ad4af0391b5009e83d0f6103399c2d3feec0084973a305bf4176ec782537560472db187a11b4dcb4b2ffb7f0644feb394b28e5bfe97247c4a4a231cf6e916bf99344ccda88a7f5d831d6de3d563dd102eaeb108c5bdce44e0632d17e6fa55b18067df2fa8d200a9869f6aff920c51d46a1ced2d903b1d9b6b075facbf91cd05eb41ad811a8ef40d9118261012c72b8979f15153dbb8561293da9f8b77c8ff14f75387536f0036d1713a72ce8c35b1062f2c6732aebf32936799b51c2cbcd6572413e7dfaab8641a02c150237381cf7a14e22c74c6c20009de7d3b7e69cd1b4584ac2c01babaf973c56b3814bb0089720e41968106cf26509d4aa546fcad5534af303ffca42b16ae6c93ee06bc3cace12e4ec718844bd30d2224cc486d106d1c456bfa165ea0120fab3df2c5ab3a523bbfa789deed44032ab0be86eb7cc09cdb7c07aa948dd5277c3df1d9d1843567dec84f9288e085b05ae4b8af2cea5d9a184d50bef85550c836613d5d3af5f9c2928e6a89660fa62719ebff773e46b77e34bc0470da4d2cdbc7071da758c4d39fe65201c88aaa8e6603d0bbe7c3e9b2d9e41b634682092f147341ad6d667f20c64e81a68d629467a54dd86e1ce12c560a6f9b64512d6f3886cbb9f37c37eb3985c8ac38dd6682f48fe1: +fa1e11dc8364208d8e1cb66a361be7e84c5e368166587d4fdb06aced7f62e17c4d8e6f4b3415df6cedabfb295c1984fd419923c6ac41764e32d22daf372c50fc:4d8e6f4b3415df6cedabfb295c1984fd419923c6ac41764e32d22daf372c50fc:294e63bacccb801bbf04c1f19d0aee16f5650a6e8eea6fe41110663ec01532bd4960a527f15eca4af2f4e6b7b0fc340cf97aa234e92cf7d69d50e4009c2496e3ed4d9aff000f9e185275b817d26a0bab69b7f7ee1ea30daec8bcee387ae46b4b299c27bdc06eea63f24dbee955a6c0969037eef91c34321e3c5c972fde993183b7d23f6e019c3e0cac7589ae4a1521af87ea42df8c22c2270ec23d6d140f9cf6d4d52fac1b9d6c8939ef8131cb62a035c5261538bcdfd6db419a55ef9fe5d7a5ac44579de700858d74a3434844f28342c565892722e27f407d7f17b74a5934be915b20c2400643235f8ab5795f324e33c50644a04033542cb3816d770fa899e7311c14301c1bd0f5aa60a2eb3165680c720e1efa8096fc25d2779275f1842b2db53b4da0ad3e59c07540c28460cec1fdd3cdb7a3478b91a9caf9ac891cdf3aeaeeca9a9656ac1307259922fca74c5cc69f7e25c6bf587973a4b7d3e3ac0635b0db22a0093a79076881c71736ee1d4d45f8ed2d29a0671a64e6ca2f7a5ef404b1edeb842034f571b699bc59e5a37df02054e8482bf1e7b77d8e8397da15d89d7355a5dce86b1683a9ac4e406c08a94a6eb00e5ae16d96722972e5c50c7bee4a84d0697bbe67ceb7ef295f06aaea5abba44466be0f67:e857db087e28d6750bf54e53797251d8439989576c12da2d9c811a14877c3bd46c4efab861a10eebe7da04c0b0b445c7a390a50c13de36f3a3c7ae0157022c0e294e63bacccb801bbf04c1f19d0aee16f5650a6e8eea6fe41110663ec01532bd4960a527f15eca4af2f4e6b7b0fc340cf97aa234e92cf7d69d50e4009c2496e3ed4d9aff000f9e185275b817d26a0bab69b7f7ee1ea30daec8bcee387ae46b4b299c27bdc06eea63f24dbee955a6c0969037eef91c34321e3c5c972fde993183b7d23f6e019c3e0cac7589ae4a1521af87ea42df8c22c2270ec23d6d140f9cf6d4d52fac1b9d6c8939ef8131cb62a035c5261538bcdfd6db419a55ef9fe5d7a5ac44579de700858d74a3434844f28342c565892722e27f407d7f17b74a5934be915b20c2400643235f8ab5795f324e33c50644a04033542cb3816d770fa899e7311c14301c1bd0f5aa60a2eb3165680c720e1efa8096fc25d2779275f1842b2db53b4da0ad3e59c07540c28460cec1fdd3cdb7a3478b91a9caf9ac891cdf3aeaeeca9a9656ac1307259922fca74c5cc69f7e25c6bf587973a4b7d3e3ac0635b0db22a0093a79076881c71736ee1d4d45f8ed2d29a0671a64e6ca2f7a5ef404b1edeb842034f571b699bc59e5a37df02054e8482bf1e7b77d8e8397da15d89d7355a5dce86b1683a9ac4e406c08a94a6eb00e5ae16d96722972e5c50c7bee4a84d0697bbe67ceb7ef295f06aaea5abba44466be0f67: +24a914ceb499e375e5c66777c1ed2043be56549d5e502a844710364042ba9acb20d21ee764b1f35f94568200d63bd5828aca8c5d3e9047d23f478b925295fa2e:20d21ee764b1f35f94568200d63bd5828aca8c5d3e9047d23f478b925295fa2e:3ff9f66fa2646ec66a1bf933c2b4cc0fbf912b4d6db50534257f97d01e698d05485747de2544e9f5a4a4a075388cf4400ab89b0353ce86198202db3a903767b879a2af9daa155843111af15a2bc35efe41bcc92c8207e00113b04f1303007949ffb6ce8df4b0b34248fedf5d9cb2cee94b812ed58ece2a0ce0454cf14c20e49e09fe664d6e25762e87895932cd5cd32eb6a3abb38ee163078c133e93588791dbf6af499a31ea4453bbcc7a85e406c9848a664052f11113fbb4ffa760dee4c261e396942491119da29a33582f821d4125e0b4162f28beb066031a652d05749aa7244dd4f3d3bb15d268328d6a02fce2501815257f8ad5af4ecbe7cb8ae9661e344f9072318791f3e859091121e08aefca8982eaaf66259d9de4f46a31e716dc033d0f95d1fa936b6c6079b137dd1158d1def113018c73f8ebb9807e0f7415404ea9c78544ace7ce463cd1d1c57e31f4091bc091804cbcddad0e15a40ca91acbe1c6224ed13cafb4df2c84ac9f0c3c9b546007d9dd6e524c467072563d4ac0d700cc1bf30febb334313dae5761745ec0a5e9e8815025958f00fa2e58060d7e9a5f2b727f48699f929c8459930892573f784fef5692518b5ca268e2a73ebead6ebdeb7ec24eac92aa7dcb41b598bd6eff3632d069726291:3ae0cc7bca8d73be83a9b809b13338c12706aaef75c4d1a478178f9dc565514c7529e298043ea78d21a5a09dd04f10ae87441e5686a933c92c75548427ad3a033ff9f66fa2646ec66a1bf933c2b4cc0fbf912b4d6db50534257f97d01e698d05485747de2544e9f5a4a4a075388cf4400ab89b0353ce86198202db3a903767b879a2af9daa155843111af15a2bc35efe41bcc92c8207e00113b04f1303007949ffb6ce8df4b0b34248fedf5d9cb2cee94b812ed58ece2a0ce0454cf14c20e49e09fe664d6e25762e87895932cd5cd32eb6a3abb38ee163078c133e93588791dbf6af499a31ea4453bbcc7a85e406c9848a664052f11113fbb4ffa760dee4c261e396942491119da29a33582f821d4125e0b4162f28beb066031a652d05749aa7244dd4f3d3bb15d268328d6a02fce2501815257f8ad5af4ecbe7cb8ae9661e344f9072318791f3e859091121e08aefca8982eaaf66259d9de4f46a31e716dc033d0f95d1fa936b6c6079b137dd1158d1def113018c73f8ebb9807e0f7415404ea9c78544ace7ce463cd1d1c57e31f4091bc091804cbcddad0e15a40ca91acbe1c6224ed13cafb4df2c84ac9f0c3c9b546007d9dd6e524c467072563d4ac0d700cc1bf30febb334313dae5761745ec0a5e9e8815025958f00fa2e58060d7e9a5f2b727f48699f929c8459930892573f784fef5692518b5ca268e2a73ebead6ebdeb7ec24eac92aa7dcb41b598bd6eff3632d069726291: +5532e09b937ffd3d5f4c1d9f1ffcded26ee74d4da075264844690bd9c86139945093969f377bec3e35f59efda01ab4186c5d2a36740cf022675e01096b1a3f0a:5093969f377bec3e35f59efda01ab4186c5d2a36740cf022675e01096b1a3f0a:add4d7a9ce3f63d1f946e8679065545d8c7bf0a2cc3a4c00b8f142f0945ae362c4c9462a7576a4059d57861662884bd80b96d90d279a952eda952d37d4f95cf0d70da98f4fbaca39e169f9d945d41f872397bbdd5701454303d77d31e86348271da40a1b8f1e57c36fcd803e14fa17716c5631efa01d3a795dc20b2bde36ab73ff6a2d533bc15cce22328713c3c9ccd072c3e450d7f22c0c9f94919752cbfe45ee655d1b53676593cdb448704102631caaa976952eaa1f6c2e876564e420f0c646a0f88365f76415b4085f60a338b29c51633e540f0bf32d4087e7d0fb685be88c7595dc531c99b489584560ad8234b18e39a107cf5d842dabd421e77d26ea5e0f1405ce35fe792714eb4ee1a8017648ac1ae739a33d7b1e089105d1e5add27a62ce64154570340af9eb14e7fdfc2f9a2c2fcfcdac3cc4227763f4d629497479f849216e5d90ec16dfa36b72517f7b5486baee7fda4450c352cffbbae73926c843224f8ce44b38dae53f3ead21890b52a7801075291684fd5910ed86ad33e8a007f6c3f85c16b209293740184f5890874d431cd4e0ea4087c49c3471d789c813c6dc9a78699363a1d87197d3b92c0286689311823f4df22ce8035e75732cdea7f5621f67db0e2a4ca6616193221c0aa3d6de50d85282ee:d527ff0d4a219d61f418121206a54ae4985854a310482744486e4d130a7de97c319df8372c82828c936e6a8afd9c5de1828573d8261ae9365b8f237676182402add4d7a9ce3f63d1f946e8679065545d8c7bf0a2cc3a4c00b8f142f0945ae362c4c9462a7576a4059d57861662884bd80b96d90d279a952eda952d37d4f95cf0d70da98f4fbaca39e169f9d945d41f872397bbdd5701454303d77d31e86348271da40a1b8f1e57c36fcd803e14fa17716c5631efa01d3a795dc20b2bde36ab73ff6a2d533bc15cce22328713c3c9ccd072c3e450d7f22c0c9f94919752cbfe45ee655d1b53676593cdb448704102631caaa976952eaa1f6c2e876564e420f0c646a0f88365f76415b4085f60a338b29c51633e540f0bf32d4087e7d0fb685be88c7595dc531c99b489584560ad8234b18e39a107cf5d842dabd421e77d26ea5e0f1405ce35fe792714eb4ee1a8017648ac1ae739a33d7b1e089105d1e5add27a62ce64154570340af9eb14e7fdfc2f9a2c2fcfcdac3cc4227763f4d629497479f849216e5d90ec16dfa36b72517f7b5486baee7fda4450c352cffbbae73926c843224f8ce44b38dae53f3ead21890b52a7801075291684fd5910ed86ad33e8a007f6c3f85c16b209293740184f5890874d431cd4e0ea4087c49c3471d789c813c6dc9a78699363a1d87197d3b92c0286689311823f4df22ce8035e75732cdea7f5621f67db0e2a4ca6616193221c0aa3d6de50d85282ee: +eb36511009d37a9c46c4d1374d0bbd0d9981e78cee7d188c5aab983ec239e10cb1cc212b4521bbe7b19a7693878a558440eec36205d8439d040a46a9902fbf55:b1cc212b4521bbe7b19a7693878a558440eec36205d8439d040a46a9902fbf55:ba2466e56c1df77f22b6f0241fc7952ae9bc24756419a9446dd2b49e2cb9df594e5b6c77a95aa5fbd9dc57fec83962c7751eebb4ba218253f916a922a5139663e3203e3be482be379ca151c463d9ada21446135f356994fa5449f084478f5bb4f5ba6145c5158eb7b1c43c32ebea25e09c900f01ef91e92f88c03c76504ace9646016ffc2789559d0f3cc9d00fb61bdc6af7d3940f302e588e04f79f7b3d4b91a5d193a4f8222bfeb69bf0347d98ad81ef99d130ebc7b36b0783394eea92a38ddd5e7480d2add4e4def53eb99c449bff94e4718b09f2ea9b1f2b886594a95c33a69e0333154e440ab34b7b6c1134d8179b6f0c56251a9ad8e1b6b0f9b8a5c97081a7f8fd05d0b0affc82dbddc8b0c0ab7e833f300626d4b973b3f60feac55571e89cda0f2b441ed2faa669a70d556cb48f9b1d1cbce32ede5d166b1143e264b11ea327681cb559edd13c364bd2baf1fd54bb781807bd59c868b0e4795a779e67f0bd0d14b5a6b9e440b57a5823328b59affbd027eda7dd785079c5f02b5e32890b038730986a39a5a9834a3fed868b6f45cbdd28acb2709aff556263864f9ae1e757b3278c288dbe2932825712773e431f7c29329857fdaea798ed93920893631402e6b13bab62b4855461edb94620f2d1751865f445c466:9f583724de552eae82f254ac6e2ed483ec1a07346266735c490920690c1e3fb2a9e9a34194ed6473733b300d4f23c9aec0da5a2022054ca43885a15a2984320eba2466e56c1df77f22b6f0241fc7952ae9bc24756419a9446dd2b49e2cb9df594e5b6c77a95aa5fbd9dc57fec83962c7751eebb4ba218253f916a922a5139663e3203e3be482be379ca151c463d9ada21446135f356994fa5449f084478f5bb4f5ba6145c5158eb7b1c43c32ebea25e09c900f01ef91e92f88c03c76504ace9646016ffc2789559d0f3cc9d00fb61bdc6af7d3940f302e588e04f79f7b3d4b91a5d193a4f8222bfeb69bf0347d98ad81ef99d130ebc7b36b0783394eea92a38ddd5e7480d2add4e4def53eb99c449bff94e4718b09f2ea9b1f2b886594a95c33a69e0333154e440ab34b7b6c1134d8179b6f0c56251a9ad8e1b6b0f9b8a5c97081a7f8fd05d0b0affc82dbddc8b0c0ab7e833f300626d4b973b3f60feac55571e89cda0f2b441ed2faa669a70d556cb48f9b1d1cbce32ede5d166b1143e264b11ea327681cb559edd13c364bd2baf1fd54bb781807bd59c868b0e4795a779e67f0bd0d14b5a6b9e440b57a5823328b59affbd027eda7dd785079c5f02b5e32890b038730986a39a5a9834a3fed868b6f45cbdd28acb2709aff556263864f9ae1e757b3278c288dbe2932825712773e431f7c29329857fdaea798ed93920893631402e6b13bab62b4855461edb94620f2d1751865f445c466: +7dbc81902e4eaab3077540f559995c387403cac306d486e959c5eb59e431c0a8e03066139082f613448bdbc27fe53aa3f88994c31ddce002e36bbb2963df3ec8:e03066139082f613448bdbc27fe53aa3f88994c31ddce002e36bbb2963df3ec8:dff798b1557b17085a0634371ded5ddf7a5acb996ef9035475e6826336f64ad8b84b882e30badec2b4a711998752f4a1574bc1f89d4325cf2b39861044dd03691e71d07768b5933a3052cc7c81d571a9de061dc19026c2f1e701f2dcf26a88d3401bc99fb81559dca76d8a31a92044a273587d622a08d1cce61c8f948a34ded1acb318881c9b49f6f37c30a65d495b02d5429e7ab4040d8bebeb78794ff736d1511031a6d67a22cdf341b980811c9d775fb19c6478f05ed98430103ea24c0f414d4cc07d860b72dc542ff22d83845a42f8ba45ca7ff3aab0b1e7de2b1094deac08d16eee01969f91bc16fec29ccc061c54db5345ba64842dacc99ee7729468d80a3f095583d8e8012408519d582cc3ff9a2eb7aebaa22db81ffc78ee90ef4ec589dcce87118dab31a6328e409ad5059a5132c82df3cefe2e4014e476f04c3a7018e45267ec5018ecd7bff1dda9267e90666b6b1417e89ddacb5085943befc7ad2f4df5f1ee0af9431aeeb6b24a5515b93dbcf68640f7daf8c961e567d7534900205c3df2184b6ac2da961c4c1d2bc49b4ea96b8154ffd4efffdc5e55a7119cb8af429e85105dffd41fe4a2ebba48168aa05fa7df27c4298735ff868f1496beb4b2ed0b8980c75ffd939ddd1a17e44a44fe3b02795339b08c8d:5b7f652f08f229fda1b0bd759377b3fb726c1b9c9a10ef63426d352dd0869bd54d876c3092f1cd411c3757d3c6b6ea942aa70c3aaeb4217a4c7364d18e76e50fdff798b1557b17085a0634371ded5ddf7a5acb996ef9035475e6826336f64ad8b84b882e30badec2b4a711998752f4a1574bc1f89d4325cf2b39861044dd03691e71d07768b5933a3052cc7c81d571a9de061dc19026c2f1e701f2dcf26a88d3401bc99fb81559dca76d8a31a92044a273587d622a08d1cce61c8f948a34ded1acb318881c9b49f6f37c30a65d495b02d5429e7ab4040d8bebeb78794ff736d1511031a6d67a22cdf341b980811c9d775fb19c6478f05ed98430103ea24c0f414d4cc07d860b72dc542ff22d83845a42f8ba45ca7ff3aab0b1e7de2b1094deac08d16eee01969f91bc16fec29ccc061c54db5345ba64842dacc99ee7729468d80a3f095583d8e8012408519d582cc3ff9a2eb7aebaa22db81ffc78ee90ef4ec589dcce87118dab31a6328e409ad5059a5132c82df3cefe2e4014e476f04c3a7018e45267ec5018ecd7bff1dda9267e90666b6b1417e89ddacb5085943befc7ad2f4df5f1ee0af9431aeeb6b24a5515b93dbcf68640f7daf8c961e567d7534900205c3df2184b6ac2da961c4c1d2bc49b4ea96b8154ffd4efffdc5e55a7119cb8af429e85105dffd41fe4a2ebba48168aa05fa7df27c4298735ff868f1496beb4b2ed0b8980c75ffd939ddd1a17e44a44fe3b02795339b08c8d: +91b095c8a999e03f3ed749cd9f2faacc0076c3b477a87ab5ccd6631738767446dad174d359daecca9c6b389ba096452ab5ca91e6383c6d042a284ece16ba97b6:dad174d359daecca9c6b389ba096452ab5ca91e6383c6d042a284ece16ba97b6:9b0d8b00299852d68bbf497fe603961a485466a99a5484005db73d4e4bad814e8574efd54d648bd5c91ae8483c54b2f998b02e1abd6f401a25526843a5f2a23a97bd589d1f7e1ab14915b1e359a396d352c360ae6584325ae4bb7d624f61255c5c7bf0a67acab46c3b57b34534c0ee8431d260576606cbd84d8d1839e73da6fe4b0b8b78f0f958827c2f1d93ba7a346dcc75cb563dffde26f997598e8b5c2f1617c6fefc9be4b28b5401b0006413a251690d1203aaae4f6d8a3fb21f24009ab3bff13737a8a7e6646c02732d9ec5a4a510469e2d299e4cc1ad6480a482aa956f89ddcccc64a136fb15b876b6ecd88c7c86a4dfc60e666207c604167d163440ca9ab9cf87a5e0f7bbc5517de4dee876c037f8cc9d959c8ff5dbe944ff54cd91a771e29231f8b5f17d61de904c955fe2025dc52ed480fb3cc90f232459c607ef7e2adb52c7482becd67ad2149a4128f984038b58aa90176782393604aac74c18209a3d6a78630c01955a7cece5da8384da3baf63aa2ddf5963fae05ba3b81c6a03d86a00ef78edb4184fdc89b1d6bfeb310fd1b5fcce1e219524a3cfb2e972577f06b1dddeba00865dae4979000c008ad99f3b638cceb8e8c7a0f998d34d92143d81c0e1c096a925ceba65c43003ee18d494d003e9c61f77d65759:64ee9efdb0c2601a835f418520641e436c7dd47c333d9fc30cfbb9e390fe764530654708b40b03581899a9ac870efd766ffbb4637152f8ff277964fe354252099b0d8b00299852d68bbf497fe603961a485466a99a5484005db73d4e4bad814e8574efd54d648bd5c91ae8483c54b2f998b02e1abd6f401a25526843a5f2a23a97bd589d1f7e1ab14915b1e359a396d352c360ae6584325ae4bb7d624f61255c5c7bf0a67acab46c3b57b34534c0ee8431d260576606cbd84d8d1839e73da6fe4b0b8b78f0f958827c2f1d93ba7a346dcc75cb563dffde26f997598e8b5c2f1617c6fefc9be4b28b5401b0006413a251690d1203aaae4f6d8a3fb21f24009ab3bff13737a8a7e6646c02732d9ec5a4a510469e2d299e4cc1ad6480a482aa956f89ddcccc64a136fb15b876b6ecd88c7c86a4dfc60e666207c604167d163440ca9ab9cf87a5e0f7bbc5517de4dee876c037f8cc9d959c8ff5dbe944ff54cd91a771e29231f8b5f17d61de904c955fe2025dc52ed480fb3cc90f232459c607ef7e2adb52c7482becd67ad2149a4128f984038b58aa90176782393604aac74c18209a3d6a78630c01955a7cece5da8384da3baf63aa2ddf5963fae05ba3b81c6a03d86a00ef78edb4184fdc89b1d6bfeb310fd1b5fcce1e219524a3cfb2e972577f06b1dddeba00865dae4979000c008ad99f3b638cceb8e8c7a0f998d34d92143d81c0e1c096a925ceba65c43003ee18d494d003e9c61f77d65759: +8c568b310ace7d1f0edecefd603a884000544c792565d481c3d3e06e2d82ca965fa6e267c766736841411072d1983d1900acf01d48c3ce11770b26f78da979f7:5fa6e267c766736841411072d1983d1900acf01d48c3ce11770b26f78da979f7:b59f5fe9bb4ecff9289594721f2647047b0da5e0e4941bbe57c5b722b476723f0ac5970b4111f893bcaa411f28fceb4f585a2a7187018a904b70ef8fe1f6569a54d00ada37b69cb5e9c9d26c16a903518148e04a1b936a32329c94ee1a8fb6b591892c3aff00bf6e44dd0a762babe89d7060c17b90390d23bf9d360a293b8308383086916e1182b1ba4336f001b8d20deae9a029f7e85397a9ae5cf3ca10c7f3875588b8ffabb063c00ca26f580f69edc527a1accf4f41397b33766bcf6d55eb8de081a48c981d05c066617b80d8f6f5e60e59dd9b930bc4d04586403bb868df75933bdd86230e447036c175a10de9bb39953dcb1966a1f11912078e358f48c5b209a636c7f783f4d36a93ad2cc2e3244519078e99de1d5158b3961e0fc5a4f260c25f45f5e8585e601db08ba058d2909a1bf4995f4813460d369503c6873685ebcd3330a130b75f2365fb2a5a34ea63d958a2a867e90552d2cec8c390084be0c108b0fd2d83cb9284db5b842cbb5d0c3f6f1e2603c9c30c0f6a9b118e1a143a15e319fd1b607152b7cc0547497954c1f729199d0b23e53865403b0ad680e9b45369a6aa38d6685abd397f07fbca40627ecaf8d8d30133a6d9d5af009192751c9c45f77c0bc011268800bf552512730e69973c5bf362ab164894bf:debdd8e5d3112fd77b394aa0e36e9426bac91df126fa9c317cea7c9d45957cdd96a45ae3ad760413ee1205afd71a29f9c3cb586cd2d7cd1e93bc1652fc34dc04b59f5fe9bb4ecff9289594721f2647047b0da5e0e4941bbe57c5b722b476723f0ac5970b4111f893bcaa411f28fceb4f585a2a7187018a904b70ef8fe1f6569a54d00ada37b69cb5e9c9d26c16a903518148e04a1b936a32329c94ee1a8fb6b591892c3aff00bf6e44dd0a762babe89d7060c17b90390d23bf9d360a293b8308383086916e1182b1ba4336f001b8d20deae9a029f7e85397a9ae5cf3ca10c7f3875588b8ffabb063c00ca26f580f69edc527a1accf4f41397b33766bcf6d55eb8de081a48c981d05c066617b80d8f6f5e60e59dd9b930bc4d04586403bb868df75933bdd86230e447036c175a10de9bb39953dcb1966a1f11912078e358f48c5b209a636c7f783f4d36a93ad2cc2e3244519078e99de1d5158b3961e0fc5a4f260c25f45f5e8585e601db08ba058d2909a1bf4995f4813460d369503c6873685ebcd3330a130b75f2365fb2a5a34ea63d958a2a867e90552d2cec8c390084be0c108b0fd2d83cb9284db5b842cbb5d0c3f6f1e2603c9c30c0f6a9b118e1a143a15e319fd1b607152b7cc0547497954c1f729199d0b23e53865403b0ad680e9b45369a6aa38d6685abd397f07fbca40627ecaf8d8d30133a6d9d5af009192751c9c45f77c0bc011268800bf552512730e69973c5bf362ab164894bf: +3d09afcee3c432fdfb6bdcead54e3da5b1b4165c50d6d310b7fad787b444d680b0d9028c4d1487d293ed585a76bc94fffbafe2c65d980c494e141e4810a35cb9:b0d9028c4d1487d293ed585a76bc94fffbafe2c65d980c494e141e4810a35cb9:767165caae0e578f16537e1750be7de87a789a51ff2de11838f564e2580b2391362d2868a5a4708af15d2e2db7b9be39c16adcc1200b34e6b4d4027ddffc1a2a3595e29e855ec5261b20bd55c428b01309badb59e2ca3edb967fc2f4bac0729ddf54fb6c20057bdda9e7af7cbfc092fba865fd3275b9d3bcb0c346b951d170ac9aa650a86df49855d48a1b37ce56c9f27389f5c8b15f5c2c900c4f107c064f603e4f867ef2e9c10a1b74210e6b89bb011793aa85ded43b51b749ba7f70287b6bc1b89434db8b8c8b5d73b214b41e36b528005bfbfe002e21b1006fb9d24babd72106d093e3c7093b3138aea719d69479084647498cd6c9bbb744509cd7da8dd61a627100f03c21e750acb3fcf4631d7c0f618154d2e5fa6656fb76f74c24795047bbce4579eb110643fa98e1f776ca76d7a2b7b7b8678173c773f4be7e182fd24dd76291ac67d9f26a28c5e3cb025c6813a378b383224642b4aefad0c76a6579517b8f360797dd22613ee682b179381950fb71609a5fb5494d2d57dcb00f26d1e72956f4d6672830e05c01b3779677c07ea00953c6b8f0dc204c8dbdccb381bc01b89c5c261db189ab1f54e46bc3edc4de5ad4f0eb29c0a120e437cd8f37ac67d48c7f0e730278708f02b54aee62b72952bc1c0eb437ca8bd5655437:89739fe441ca0ced08a6eb5796e9bdda0e74fb473528fd4907edb659aab44d3343229046716368faf88e85c1644af66ff2dcaf0b17ac93ca13819f3f241dd300767165caae0e578f16537e1750be7de87a789a51ff2de11838f564e2580b2391362d2868a5a4708af15d2e2db7b9be39c16adcc1200b34e6b4d4027ddffc1a2a3595e29e855ec5261b20bd55c428b01309badb59e2ca3edb967fc2f4bac0729ddf54fb6c20057bdda9e7af7cbfc092fba865fd3275b9d3bcb0c346b951d170ac9aa650a86df49855d48a1b37ce56c9f27389f5c8b15f5c2c900c4f107c064f603e4f867ef2e9c10a1b74210e6b89bb011793aa85ded43b51b749ba7f70287b6bc1b89434db8b8c8b5d73b214b41e36b528005bfbfe002e21b1006fb9d24babd72106d093e3c7093b3138aea719d69479084647498cd6c9bbb744509cd7da8dd61a627100f03c21e750acb3fcf4631d7c0f618154d2e5fa6656fb76f74c24795047bbce4579eb110643fa98e1f776ca76d7a2b7b7b8678173c773f4be7e182fd24dd76291ac67d9f26a28c5e3cb025c6813a378b383224642b4aefad0c76a6579517b8f360797dd22613ee682b179381950fb71609a5fb5494d2d57dcb00f26d1e72956f4d6672830e05c01b3779677c07ea00953c6b8f0dc204c8dbdccb381bc01b89c5c261db189ab1f54e46bc3edc4de5ad4f0eb29c0a120e437cd8f37ac67d48c7f0e730278708f02b54aee62b72952bc1c0eb437ca8bd5655437: +41c1a2df9369cdc927164aa5adf7757136abe51395604266334cc5460ad5683e40557834cce8e043580a4272a8804d4f926e88cb10d1df0c5e28b9b67e1b63da:40557834cce8e043580a4272a8804d4f926e88cb10d1df0c5e28b9b67e1b63da:b64b14ba77d239e6f81abe060accef85f0442b650c44015efc43a0aa2ba10bf48d3018b1953ddfffbcda5bf3bbe0b6b3e4b0d9a32c6b725bbb231e0a2704471ee8bc1d594f5c54226f5dd9dfa163cfc1452c61f93e4f8139ab4ce4476f07ec933661eae91b6d500bf508ac63e4baaf1ffc8f0007d802e005f1b4fc1c88bee4d5e9e76384f5a7043bd660cce71f3b67f01f6ab844298531aac73a39d045370088855005a09c6d04238ea478dfacad1e6b22b2be4c46b0d59b1eba1f060bf7da5d1566cf1fdb5c543a33926af63f01a0db86e1a6711c473dc795ab283c8d93facfb5701fa2f2f6bb99f9b7e3749b071d58607be44a7089bcb503ec1495b5feedb399961fd3677d7493eaa3b3e9cc5e3642f40d47de9bfee7c20b0e519c4eb4a40f4da446ed6ac7aaca053e759c97dabe0a8ec2f58e7f2f9b2072762f9f794a6a4e36060b8872bd2c18d06a85c2c141a78293773ee8cfbf154b9930cd39da31b497e737a7750c90a13f5aaa147cd0dc4311f2e34941252ef198b0c1f50827e56c9f16f595aced6d2a69346531495a6499774d360766ca9be5ed8881c0db26ed7c5e6ff3a4f9b73cd8b654640dc96bf43bd426a0f28c9b25fa704d62ff0288fcceffaaebd3ea3097bcbbd778420ebc520a417730a1b5b3b8c96cda9f4e177d:b8b2752a097196c289849d78f811d9a62fc767278f0c46628b521f62ed2759d74462a175da22403f15020445cae06da3ed61cca6203b7006362a0e198963d20eb64b14ba77d239e6f81abe060accef85f0442b650c44015efc43a0aa2ba10bf48d3018b1953ddfffbcda5bf3bbe0b6b3e4b0d9a32c6b725bbb231e0a2704471ee8bc1d594f5c54226f5dd9dfa163cfc1452c61f93e4f8139ab4ce4476f07ec933661eae91b6d500bf508ac63e4baaf1ffc8f0007d802e005f1b4fc1c88bee4d5e9e76384f5a7043bd660cce71f3b67f01f6ab844298531aac73a39d045370088855005a09c6d04238ea478dfacad1e6b22b2be4c46b0d59b1eba1f060bf7da5d1566cf1fdb5c543a33926af63f01a0db86e1a6711c473dc795ab283c8d93facfb5701fa2f2f6bb99f9b7e3749b071d58607be44a7089bcb503ec1495b5feedb399961fd3677d7493eaa3b3e9cc5e3642f40d47de9bfee7c20b0e519c4eb4a40f4da446ed6ac7aaca053e759c97dabe0a8ec2f58e7f2f9b2072762f9f794a6a4e36060b8872bd2c18d06a85c2c141a78293773ee8cfbf154b9930cd39da31b497e737a7750c90a13f5aaa147cd0dc4311f2e34941252ef198b0c1f50827e56c9f16f595aced6d2a69346531495a6499774d360766ca9be5ed8881c0db26ed7c5e6ff3a4f9b73cd8b654640dc96bf43bd426a0f28c9b25fa704d62ff0288fcceffaaebd3ea3097bcbbd778420ebc520a417730a1b5b3b8c96cda9f4e177d: +a00611489467122c4c164bfb6a616e6a619b9f83c4367206b85d3fbec38cd62c57ab58babb41dc0da0bcd506059aac9f46eca91cd35a61f1ba049a9ac227f3d9:57ab58babb41dc0da0bcd506059aac9f46eca91cd35a61f1ba049a9ac227f3d9:34db02ed7512bf8c67d359e7203a2ea441e20e729766c15aa00fa249a3518fc29ef8905aa5b4670958c6a460d77b3a80efcb473859bbaff862223eee52fe58acfd3315f150f3c6c27ff48fca76552f98f6585b5e793308bf5976bad6ee327b4a7a313214b9ae04b9651b63cd8d9f5b3bec689e0fd000dd501770dd0e99b8f99eafa09c396a245a4a96e56896a29b24190b1ef11063f39b63ee3a586b07627dd3500c4e170b835dc0ec236fa5a35c44184707565c4a50662d8dbccfff7f9a7a68d021b4af64d532b7c3d2747418c2d717bb6aca6b58747ae4dd5641d826f79a8a315c38211a538a929e5b451f623f4fcbbcacdb86c8752ea13a617ab414ab653eb2e68d5420df7c6df92438168dcf9c066581dfe7b2c468194a23707de4659bd67eb634ff024741c5fc8698fd4dc41fe5dfc6299b7a08e6ffca37109c0210c8f94ea2d3ddc977ffc0b3794fe6ba4337c7aab434a68ac665484ea8243a84b79aa181ee6ab5aa37a32d879725edc018f8552181816d7d272ca8818a7b92e6ee4454d1f7828dd8afba1a790364b4ff28d84e028597353ebbef24837bc319e1ae8f2b0b6a851b489c3e170eef53e065f7032653cd6b46d8e57e4e111b789ba950c4230aba35e569e06615403407bce0369aaab4eafaef0cae109ac4cb838fb6c1:c771ba0a3d3c4a7b064bd51ad05c9ff27fd326610fbfa09183039e5edf35472dded8fc2275bbcc5df1bf129860c01a2c1311da602fbaffc8b79c249c9cc9550234db02ed7512bf8c67d359e7203a2ea441e20e729766c15aa00fa249a3518fc29ef8905aa5b4670958c6a460d77b3a80efcb473859bbaff862223eee52fe58acfd3315f150f3c6c27ff48fca76552f98f6585b5e793308bf5976bad6ee327b4a7a313214b9ae04b9651b63cd8d9f5b3bec689e0fd000dd501770dd0e99b8f99eafa09c396a245a4a96e56896a29b24190b1ef11063f39b63ee3a586b07627dd3500c4e170b835dc0ec236fa5a35c44184707565c4a50662d8dbccfff7f9a7a68d021b4af64d532b7c3d2747418c2d717bb6aca6b58747ae4dd5641d826f79a8a315c38211a538a929e5b451f623f4fcbbcacdb86c8752ea13a617ab414ab653eb2e68d5420df7c6df92438168dcf9c066581dfe7b2c468194a23707de4659bd67eb634ff024741c5fc8698fd4dc41fe5dfc6299b7a08e6ffca37109c0210c8f94ea2d3ddc977ffc0b3794fe6ba4337c7aab434a68ac665484ea8243a84b79aa181ee6ab5aa37a32d879725edc018f8552181816d7d272ca8818a7b92e6ee4454d1f7828dd8afba1a790364b4ff28d84e028597353ebbef24837bc319e1ae8f2b0b6a851b489c3e170eef53e065f7032653cd6b46d8e57e4e111b789ba950c4230aba35e569e06615403407bce0369aaab4eafaef0cae109ac4cb838fb6c1: +de1634f3460e02898db53298d6d3821c60853adee2d7f3e8edd8b0239a48cfaf9dc1465b3383f37de00ea2d3c70f2c8fac815f0172029c3f579579c984a5895e:9dc1465b3383f37de00ea2d3c70f2c8fac815f0172029c3f579579c984a5895e:d10c3e4de7fa2989dba87537e00593d0eed4d75ee65846dab1498b4749d64f40e34b5911c5ce3b53a7e37d2d02bb0dae38ed962a4edc86c00207bee9a8e456eccae8bdf4d87a76746014201af6caffe10566f08d10daaf077160f011feaca25b9c1f6eca9fc53314a80547951754355525257d09a7fdad5bc321b72aa28d1e02d8696d4f9eb0ad3b2196f8bcfaeb1d6148287a3faefef91a7a3e0609c28ce59d0ca14d0b3050dd4f096b7bc2513988ba212128d5026daaa7188846db21c5c1d179ab9487c1a5bd346588127c20398d362d4c759cfab2a677750b9e45676a1e7e092ef02edbf278fb19a58e9bf6c9e996e24edad73f3ce31fa04b6d8533436bf80b4b2f805ed91e7fcda3bc2bab3b2bb157158af0ea8e3f0731dfad459d2e79b6d3715fe7bf1eafc5397593208857e57b7feb2f7387943a8e0913470c161aef4fe205d3637f23177ff26304a4f64eba3fe6f7f272d234a67206a388ddd0366e894eaa4bb05d73a475f1b34ca222bbce1685b1b56e034e43b3c40e81fff79682c19f32aa3f2a895c0709f9f74a4d59d3a49029ecfcb283082b067f1a0d9505750fd867321999484249efa725f52c94c7596206a911f3f505d63f0313254bd445f05be3996b58fe1819af87352e7f0a2ca320d9cc00a5fe77ad41640d50be8436:d20506eb846923a0b16ff82fb2c3923b00c1b3bcc6e2f6482fba24807521e8e0223f692e62eac993f498f67102a04fd1acf9c7e3888d857c9a080b8af6361006d10c3e4de7fa2989dba87537e00593d0eed4d75ee65846dab1498b4749d64f40e34b5911c5ce3b53a7e37d2d02bb0dae38ed962a4edc86c00207bee9a8e456eccae8bdf4d87a76746014201af6caffe10566f08d10daaf077160f011feaca25b9c1f6eca9fc53314a80547951754355525257d09a7fdad5bc321b72aa28d1e02d8696d4f9eb0ad3b2196f8bcfaeb1d6148287a3faefef91a7a3e0609c28ce59d0ca14d0b3050dd4f096b7bc2513988ba212128d5026daaa7188846db21c5c1d179ab9487c1a5bd346588127c20398d362d4c759cfab2a677750b9e45676a1e7e092ef02edbf278fb19a58e9bf6c9e996e24edad73f3ce31fa04b6d8533436bf80b4b2f805ed91e7fcda3bc2bab3b2bb157158af0ea8e3f0731dfad459d2e79b6d3715fe7bf1eafc5397593208857e57b7feb2f7387943a8e0913470c161aef4fe205d3637f23177ff26304a4f64eba3fe6f7f272d234a67206a388ddd0366e894eaa4bb05d73a475f1b34ca222bbce1685b1b56e034e43b3c40e81fff79682c19f32aa3f2a895c0709f9f74a4d59d3a49029ecfcb283082b067f1a0d9505750fd867321999484249efa725f52c94c7596206a911f3f505d63f0313254bd445f05be3996b58fe1819af87352e7f0a2ca320d9cc00a5fe77ad41640d50be8436: +c738ef5f0935281ba625fa4014d4a4d0be7e28fed779a9cf658e21dba43cebc195799faf706d195e544c76cafddf09d02d1beafc42c9d6c9ead4c1845587d39e:95799faf706d195e544c76cafddf09d02d1beafc42c9d6c9ead4c1845587d39e:168d0bc5598be02f5443bfe7dfb8829985ca5d282af9cf1b1482602f243d486bd82ba039a0750909e9b3c7d4d5f8b8baf45718af0311854f4d1c7837f31d8ee68d3558e7e51e0c646a4a637596ee90057b01ed0a17daa3950b81ab47ae8b94c17d40746913c46ba1478bfca51b167628fc3ee1e22f2f19d6d8daf93df6540cedb7a859d1a2ba5911ba71766e8b7fce0c0e8663616d0180697d78ce3040d438131982f3f8112acca29ae53e539ff8c9ec4106d132f402018518308485f2aa6c9e8d1e62fed60cb249457db33c6fd1fe07445361f08194a2b5a057cb03cc754e5c7d4a7eea53a7f7d207cacca5e68cafa969a3521dbb810399a17f328ee767cf55926b2bd5f029549d3b464579c42655265398472e1c77cc8dd9aff187f7ac34dd456ace999a736ecca6d405d4922c779c600c47b84c9c1df5e5f8ed3b2811d351339113f8453cca4c4411688cb0388258ebbd1872b83610042249494ed560d4cda6a68455d957e806dd0bdd83004c4ca80774b8a0a1665866f17085014eadb3eae7382fa870deb29dd8c931b53019625740e28392f38575c0e2a9e504fc35bd95df56439a898230a2398cd2225c766ef36f12ae7e49b30a9c0aad469d5895bbf721cc0ff51d840c802d4a7eefba84fe5205a2c2f14011922dde561456f79e6161:f44371e6c3391639d457ed14648184809411e80a3201f8811670e500fcad92f300aabf7fc68e440191e881d6c3474efd6d28f09dc44312fcfcb82701ba3c290a168d0bc5598be02f5443bfe7dfb8829985ca5d282af9cf1b1482602f243d486bd82ba039a0750909e9b3c7d4d5f8b8baf45718af0311854f4d1c7837f31d8ee68d3558e7e51e0c646a4a637596ee90057b01ed0a17daa3950b81ab47ae8b94c17d40746913c46ba1478bfca51b167628fc3ee1e22f2f19d6d8daf93df6540cedb7a859d1a2ba5911ba71766e8b7fce0c0e8663616d0180697d78ce3040d438131982f3f8112acca29ae53e539ff8c9ec4106d132f402018518308485f2aa6c9e8d1e62fed60cb249457db33c6fd1fe07445361f08194a2b5a057cb03cc754e5c7d4a7eea53a7f7d207cacca5e68cafa969a3521dbb810399a17f328ee767cf55926b2bd5f029549d3b464579c42655265398472e1c77cc8dd9aff187f7ac34dd456ace999a736ecca6d405d4922c779c600c47b84c9c1df5e5f8ed3b2811d351339113f8453cca4c4411688cb0388258ebbd1872b83610042249494ed560d4cda6a68455d957e806dd0bdd83004c4ca80774b8a0a1665866f17085014eadb3eae7382fa870deb29dd8c931b53019625740e28392f38575c0e2a9e504fc35bd95df56439a898230a2398cd2225c766ef36f12ae7e49b30a9c0aad469d5895bbf721cc0ff51d840c802d4a7eefba84fe5205a2c2f14011922dde561456f79e6161: +5fea38739c61ca83bf7b4ad175a2117627b971a634a305a84fa57fecb8035624ddd14b0fc06768d5104c50764bfd3b952352a34007c50d5ddd224ff51afcdf9c:ddd14b0fc06768d5104c50764bfd3b952352a34007c50d5ddd224ff51afcdf9c:1013c60a73953549e5ed105bdea150b91e60ec39200d43721304bfc8ec439d39609613c2d878044a9da01b26d86d6d65db93d91a137e9c4808a97d4ef286a903f3f1382cc6d1294216b9fafc013c86b9ff68b55a50ea3766e61dc1ce38348e91d62ce732c152d766b9335c68d6cad77be2b4a0cd50b9a1ec632ba55648a6e7e11a14c06853c02aec4809bd147a5ddd9fbc3be9f0c8158d84ab6795d771b42b1814a17a3c7a6ca0f4a8f7b3a0db1c73ba13b16400dfecbd03d216650e4d69704a707246444d5791fa273752f59cb5ae9fd416a5186613d66afdbd1ce691a87bd7d8b67190e9ac687062a080d2ec39fe76ed8335058251872839e85eb62f18ece187caba55b5f7d5edcade01cdc543cc677e50238b89c5635ad5c8fc220f5e0be1bc667d20989753a6d616fa69f8b12940b8ca9e2c48577132d8691b053779a152cbacff3b8b1bd7af692e56c73bbae4634776cfc213c99b9ae458df1befc8c877742664b0a0bb1f6915c8dae3b3f55dd75aba6a3bcc4176b4e3ba03d0c1c04c3c6408778b2b8e5a8a3eb52ed32a7428c00a98a589d8ca9390a210f4a7ac004fa1fe4c6da694f12276e320b41b0b59f75d264a396d450b631ab353f1612709e7a2e6a50d01cb110e53040546dd3b1e11d25732813aa76be5e81fcf7a5773f6815bbd:f4e274823f2c396f3a329486aa6410c5ff19266f0770fd04fb14a7602d2b69a4a2b00928e9e1d92389f8033359ed6fb2146467aa154cba597dec6a84173f8d071013c60a73953549e5ed105bdea150b91e60ec39200d43721304bfc8ec439d39609613c2d878044a9da01b26d86d6d65db93d91a137e9c4808a97d4ef286a903f3f1382cc6d1294216b9fafc013c86b9ff68b55a50ea3766e61dc1ce38348e91d62ce732c152d766b9335c68d6cad77be2b4a0cd50b9a1ec632ba55648a6e7e11a14c06853c02aec4809bd147a5ddd9fbc3be9f0c8158d84ab6795d771b42b1814a17a3c7a6ca0f4a8f7b3a0db1c73ba13b16400dfecbd03d216650e4d69704a707246444d5791fa273752f59cb5ae9fd416a5186613d66afdbd1ce691a87bd7d8b67190e9ac687062a080d2ec39fe76ed8335058251872839e85eb62f18ece187caba55b5f7d5edcade01cdc543cc677e50238b89c5635ad5c8fc220f5e0be1bc667d20989753a6d616fa69f8b12940b8ca9e2c48577132d8691b053779a152cbacff3b8b1bd7af692e56c73bbae4634776cfc213c99b9ae458df1befc8c877742664b0a0bb1f6915c8dae3b3f55dd75aba6a3bcc4176b4e3ba03d0c1c04c3c6408778b2b8e5a8a3eb52ed32a7428c00a98a589d8ca9390a210f4a7ac004fa1fe4c6da694f12276e320b41b0b59f75d264a396d450b631ab353f1612709e7a2e6a50d01cb110e53040546dd3b1e11d25732813aa76be5e81fcf7a5773f6815bbd: +60f9a14cce5d43fd9aab4ee8cc8379d575949152693bf29a6790b035e42a44debd4a70740d5acabe49f9a2152082fa2025330e6440437f1d047f313de490dca5:bd4a70740d5acabe49f9a2152082fa2025330e6440437f1d047f313de490dca5:dd7f44f9eb728ab48de54ecde6b6184bd5ddd8707545a0129f2e905905b55d3e7fd57e28485d258148f6605e2377d5b267d2eaf4cd4b46e454962219868232b6f41f88a797f9cdd5c39ada51a641214fb9db2c2a9b5a5b16e303575318b625cca970b74348727902a1cf268bd16e107113161c8cbc99303c2b9f235541a7b31e433120feba14febe4bcb0f5b936c7edddd0ecfc72c8d38f64cdb6cfc2910bc29a521c50a51abcbc2aabf789de822cb04f5728fee153dd5501b2db59c59f50cab17c29216d66951019e145b36fd7e841bfbb0a328554b44dd7ef51468c3d5b7d3a1f7b9def58d8cf9d9bcafe92c86cf6d6119e98dba6f38ea57e322ddc9c2198d4bbc3b94ea1329db0d458e01c7081b33925a3e287f599a858c50c3a8f18cc2aa634df63e7f10e403adeab2f41db5578790c3b4f041a8b7a4f69cd6e06215df8201ae5b3e1d1d25a0a39bfc3d041a2f98213ef4141245792a76f06d4de25f6467a0e56f2f5cf69400d22117de7b46149554b70c75b9f99484a4f6f035ad3f10e3753cb14f4f398dcf6a64d10cf6c4fac07c91193cc0f54f0de58c6343e9caaa6b4f475ef91a59e083f9f211f5bc8e7e4516b45cf06bf50beb8fc4ab579d86d4a4190eeac748d06e0852c4b9ba8cfc50dd0a037a7bad7fad55af309a5f13d4c91ed3e0:72f54bb8bdd17e9e422cd339631dd39f57355015d4cbd15acab7542efd784a321c1f6125764c0d154045b32e70dc2e03fbfe1117468ac3e73127b5fac8d42102dd7f44f9eb728ab48de54ecde6b6184bd5ddd8707545a0129f2e905905b55d3e7fd57e28485d258148f6605e2377d5b267d2eaf4cd4b46e454962219868232b6f41f88a797f9cdd5c39ada51a641214fb9db2c2a9b5a5b16e303575318b625cca970b74348727902a1cf268bd16e107113161c8cbc99303c2b9f235541a7b31e433120feba14febe4bcb0f5b936c7edddd0ecfc72c8d38f64cdb6cfc2910bc29a521c50a51abcbc2aabf789de822cb04f5728fee153dd5501b2db59c59f50cab17c29216d66951019e145b36fd7e841bfbb0a328554b44dd7ef51468c3d5b7d3a1f7b9def58d8cf9d9bcafe92c86cf6d6119e98dba6f38ea57e322ddc9c2198d4bbc3b94ea1329db0d458e01c7081b33925a3e287f599a858c50c3a8f18cc2aa634df63e7f10e403adeab2f41db5578790c3b4f041a8b7a4f69cd6e06215df8201ae5b3e1d1d25a0a39bfc3d041a2f98213ef4141245792a76f06d4de25f6467a0e56f2f5cf69400d22117de7b46149554b70c75b9f99484a4f6f035ad3f10e3753cb14f4f398dcf6a64d10cf6c4fac07c91193cc0f54f0de58c6343e9caaa6b4f475ef91a59e083f9f211f5bc8e7e4516b45cf06bf50beb8fc4ab579d86d4a4190eeac748d06e0852c4b9ba8cfc50dd0a037a7bad7fad55af309a5f13d4c91ed3e0: +a39053c5c58bf31d462b27a620b0b37b8052c6b1c4102b6145663aa15e9787183642ac2a3280dce52ad8dfcfd3709436edc4e7e4ae1b452d9b220780b08679fa:3642ac2a3280dce52ad8dfcfd3709436edc4e7e4ae1b452d9b220780b08679fa:f65540d3abeb1ee5ea987062c1b579516d3c29c39cbc6b09d60e18fe274c2befe0f5fe7dbd57c2d5835229bb754ec4341394765776d6a9178c4e6a312cd74bdbaca0e88270628cd84100f472b075f93692830122f00f9bd91ac582836c8bfa714aa48e977003556e1b696df328ef584f413f8ab614760699c4d147c3eea1da0435835c9bf7ad54606f0213eb74a1b476141506ae2cd124cd51d66e7e7e579560576305c5fbe8430be3ebebaacba3f9989dd7d199f5a455a50cdb3755037e1a70674a4fef40b4a3aaf7bd3c95b1ab41bb206211c3a1276d3e37d8a3a5c3d5d0f36ef5b4f3de26b7f20f6b2900716dcc22ab734ebaf1e8d00020e5f019551653b9c2f70a4038dfb2f12d25d6d84e79073a6548fe15e4828fe5de83ac3d8d98b7daf92710482c37f7bd2431a8114c6137657bb177882d8a3c76babf1c671a7055365fe90866167a2d1dbc870be83b3601f09d4a317ae254cac9f98dcc7aead9224cd9c9d8a200abc80a2dd108af28fd46ad7080ae741b50054b9b9a9201efb7838bc4c5c2cc3d76ba0fcc49c46e792c26292b7d0312aff955a9f8edf0c696a70a614f3553ad3869bfde48d26a4d367b6cec057e62a4e548554b48b53ecda790ba7a0ab2e3de587bdc22b02f5947634d73099f547db22ec1bbf82343f9a2ca38bce4eb59be:f7383e966cb2309deedf860100183aaefac672ca16d5419cd6422ca70e16b3976f5f165afc2786117c868234ba1109ede031f8979b50e567358bd4f8bd958202f65540d3abeb1ee5ea987062c1b579516d3c29c39cbc6b09d60e18fe274c2befe0f5fe7dbd57c2d5835229bb754ec4341394765776d6a9178c4e6a312cd74bdbaca0e88270628cd84100f472b075f93692830122f00f9bd91ac582836c8bfa714aa48e977003556e1b696df328ef584f413f8ab614760699c4d147c3eea1da0435835c9bf7ad54606f0213eb74a1b476141506ae2cd124cd51d66e7e7e579560576305c5fbe8430be3ebebaacba3f9989dd7d199f5a455a50cdb3755037e1a70674a4fef40b4a3aaf7bd3c95b1ab41bb206211c3a1276d3e37d8a3a5c3d5d0f36ef5b4f3de26b7f20f6b2900716dcc22ab734ebaf1e8d00020e5f019551653b9c2f70a4038dfb2f12d25d6d84e79073a6548fe15e4828fe5de83ac3d8d98b7daf92710482c37f7bd2431a8114c6137657bb177882d8a3c76babf1c671a7055365fe90866167a2d1dbc870be83b3601f09d4a317ae254cac9f98dcc7aead9224cd9c9d8a200abc80a2dd108af28fd46ad7080ae741b50054b9b9a9201efb7838bc4c5c2cc3d76ba0fcc49c46e792c26292b7d0312aff955a9f8edf0c696a70a614f3553ad3869bfde48d26a4d367b6cec057e62a4e548554b48b53ecda790ba7a0ab2e3de587bdc22b02f5947634d73099f547db22ec1bbf82343f9a2ca38bce4eb59be: +e0c29df4de45c47539e0896b3a59bc3de6b802fd14dbdc9f25e717ac82c328f3a69002b0f5ef354ce3b2d6b8d8ba70ab778432b22f144dc9c2eb92d99d99dd2a:a69002b0f5ef354ce3b2d6b8d8ba70ab778432b22f144dc9c2eb92d99d99dd2a:6a37cb4c749c583590c8d849bce3fa657f10009190cad9be41ede19bf2fdb3c562a6101f27bd37f223cab13ced245a1cedf852f551f857aad9727f62c967c0a921df116f48a80a6040b3c723ab5cb594c4507a3d20cd60514e22164a82b74f19dcfdd83c57bc3652375517414af5d18e0a64ccab36699768d07cf40b7063a83e43d5f607964b1bf0840a45ad50abf83dbc849f40e5b4cfb6a3347b29fec50774046a4b50041032aa4d567e8564b3eed1642040682dd8ae7d7179286cf6e1853dc87d27c3e9e60fa47cf8cb2da0181d53eec40614b07331a4fb7028086d0b1ce2e1115b73a162c527bdd7cab5335b863d108be047bdbca112cc6e776bb453c317314388bb9653efb4444bf5cf1ec8da23b711ba71796c0ae02ba1dcc838455078c3897f07e9e13b76e49274c2e207506b00a0b558883aa122b667db9d670508606a3f54320636cd19f973917fb1875f4363e220f1e12398cc6afd79094743338456813a5826ad3f1aba7cd7beab1fe183859c0cc9ef40a5eab912caf515a8d4c3b93d641b7ab3e76b16c12971ace88ff33e5a1ed9b44e45db8f3085dbf070b256b0d7512ee1069432603d73095db8749ca547963bd71a8a684ab8516b146c4187176386afdf6cb1368a3dd8fcb2cfff77056aaf7823f800b266acce72bf643c6d0c28f0ab:bb3b8c5c27591fd8b9c5ba489d6b6ee5b0fb4a7b0de51f1639afc673d0e5f75e313aa7e1d0009081dbca7435b687ccd12f64f74a386e772b9e24781b925c8c0c6a37cb4c749c583590c8d849bce3fa657f10009190cad9be41ede19bf2fdb3c562a6101f27bd37f223cab13ced245a1cedf852f551f857aad9727f62c967c0a921df116f48a80a6040b3c723ab5cb594c4507a3d20cd60514e22164a82b74f19dcfdd83c57bc3652375517414af5d18e0a64ccab36699768d07cf40b7063a83e43d5f607964b1bf0840a45ad50abf83dbc849f40e5b4cfb6a3347b29fec50774046a4b50041032aa4d567e8564b3eed1642040682dd8ae7d7179286cf6e1853dc87d27c3e9e60fa47cf8cb2da0181d53eec40614b07331a4fb7028086d0b1ce2e1115b73a162c527bdd7cab5335b863d108be047bdbca112cc6e776bb453c317314388bb9653efb4444bf5cf1ec8da23b711ba71796c0ae02ba1dcc838455078c3897f07e9e13b76e49274c2e207506b00a0b558883aa122b667db9d670508606a3f54320636cd19f973917fb1875f4363e220f1e12398cc6afd79094743338456813a5826ad3f1aba7cd7beab1fe183859c0cc9ef40a5eab912caf515a8d4c3b93d641b7ab3e76b16c12971ace88ff33e5a1ed9b44e45db8f3085dbf070b256b0d7512ee1069432603d73095db8749ca547963bd71a8a684ab8516b146c4187176386afdf6cb1368a3dd8fcb2cfff77056aaf7823f800b266acce72bf643c6d0c28f0ab: +198b5fd1c03827e0994ad5bfee9b5b7be9966c9c3a267e4d7430343767403c676682c6f1a866b49b2f8ee97f2e532fa91666bf38da1b4dd65543a1777794cbee:6682c6f1a866b49b2f8ee97f2e532fa91666bf38da1b4dd65543a1777794cbee:3fdaa15c46f25143db972079d7013c7f69a136f45f3f6ba2ced8b828468eb3daa6b50b4f8d3380fec64a0343be116f6f83b6ee64cc4c1b1d08d54fd42029e4285cfc6c6dd5cd181ab533ffcd411f23a1003da94ec9340e2ec71199d678540d5182e139ffcbc505a170b8f07f4a7e694ca92f58320c0a078564ce9de99b0fa8e66b0d822e467a5aeb83567996a48b89db25cade6457794e5414d67e9d4ab7cd6cc2058bb7a513abd709f4caf24bb67ce1c03ab62dbdfe309ec7db0fa3ea7aae8236f259b922d4536115a63bc89acb2051d09e731cbb0df157d9d345bd9109973c2b594f148efc6f3377de5163b7f69869ffef853eaefeb402e23529594fbd65ca05fe4062c529d8e321abc05200cac1e839e87b1fd3fdf021d68cbb3a4142b69cc3af6f632edd65b83f5aa4cb17da5b6ba3fc03edb17c2a3cb5b04836e7660e63c8a0483e243983371dfa9839f9164ad4da0d5953655e3a9518e136da745737c79243c355fc125cbdcc76aec92216846c4574f4f7f298bcde54fd2444ad3025955c100315de5a4e27c333a00284b2f702fdd3de22ac6c240dbc14bf71e62d131b62f2db992473f2f913f60c916ecf57df5f3f021fb330834395b79472caff19fcfa0a271795c76d69b4db3f85b8d2e5c3441965484dcc39aba59b701274f7fc425246856069:f454f35b18538f877e5d614a76b5276a27fc0b433f215dc4e963b3f047694c780c515c6ef6fe2db4b009009bc2733aec4fd46e615357cc0bcc9f1f7fc21e3c023fdaa15c46f25143db972079d7013c7f69a136f45f3f6ba2ced8b828468eb3daa6b50b4f8d3380fec64a0343be116f6f83b6ee64cc4c1b1d08d54fd42029e4285cfc6c6dd5cd181ab533ffcd411f23a1003da94ec9340e2ec71199d678540d5182e139ffcbc505a170b8f07f4a7e694ca92f58320c0a078564ce9de99b0fa8e66b0d822e467a5aeb83567996a48b89db25cade6457794e5414d67e9d4ab7cd6cc2058bb7a513abd709f4caf24bb67ce1c03ab62dbdfe309ec7db0fa3ea7aae8236f259b922d4536115a63bc89acb2051d09e731cbb0df157d9d345bd9109973c2b594f148efc6f3377de5163b7f69869ffef853eaefeb402e23529594fbd65ca05fe4062c529d8e321abc05200cac1e839e87b1fd3fdf021d68cbb3a4142b69cc3af6f632edd65b83f5aa4cb17da5b6ba3fc03edb17c2a3cb5b04836e7660e63c8a0483e243983371dfa9839f9164ad4da0d5953655e3a9518e136da745737c79243c355fc125cbdcc76aec92216846c4574f4f7f298bcde54fd2444ad3025955c100315de5a4e27c333a00284b2f702fdd3de22ac6c240dbc14bf71e62d131b62f2db992473f2f913f60c916ecf57df5f3f021fb330834395b79472caff19fcfa0a271795c76d69b4db3f85b8d2e5c3441965484dcc39aba59b701274f7fc425246856069: +4392f7d4fbd68fe154e4ba38ad5207612a0648556056c39ac116ad468f89bd2dcbeaef41acac02bf1f780ce934aabd631364b369567be1be28e3906f9db120fa:cbeaef41acac02bf1f780ce934aabd631364b369567be1be28e3906f9db120fa:cf1709dc9a0867ee908721b136cb93a84229e83b46204777ca8194d08b7a3ca9c912eb243e5bdabfeed352349d20be801b722af0892238e72edf190e6361f57572781ad3c2590b197357641c805383baa1d4972f76c65448532c110834a0baa8f48863e166b706653708cd4057d3a4f9fcb2ceb4120001277d38c43847d822822b777c2bb4da4015a1c24d416d5062a8718491d855aaa5dbf5579c164d8e524a9f2fa3f22eb09861ffe6ad659fe36eb40431222c22d7137a6cabca8db786e39d81f661afde4e39589b4db4d3c51ca53590a14e115d0afc3a877b839a9638bece80c32c19e51b7532024845f76cfe9bfb2ac05130f6758bf7fe993aa93aa272e4e6bd0c75c14099d43e652a223e5bcd64c362d4b8f4b95e016f9350c7fa74e653525d08011558b2c6e9bf4fdf9dbd5ef9b09bbc846afc2bcbc86c4ccc315f6d1ccd489b0cf8ed0d93f2f532a426265c590ba3a59023347d819d9b281ef85310b05316d46c8a8c0365d068a8708664ea4d77ac0cd150a65a56586babd34b74365bb8fe3e6187262284d64432e4c81ea4c0e57c1d71ae980c7f4d1d871032e188bbf9d1758cdc1dff989f2d1288fef4e205e99e7cbf2cc324b8c93046f476c59d3d0a59db6fe37382dc79c5ec16056ab3934a52f7d2880d0471a377b6a8ae84d56ac22d1d54551c:86e7ccf06e79362d40cdb7fb75a98978bbd334a1db7590367d60849bd53e2fb1a4bdae590d1f47b5490d8702e7c1a87268b8ee9db612de7bdc2e38fa6deb7e05cf1709dc9a0867ee908721b136cb93a84229e83b46204777ca8194d08b7a3ca9c912eb243e5bdabfeed352349d20be801b722af0892238e72edf190e6361f57572781ad3c2590b197357641c805383baa1d4972f76c65448532c110834a0baa8f48863e166b706653708cd4057d3a4f9fcb2ceb4120001277d38c43847d822822b777c2bb4da4015a1c24d416d5062a8718491d855aaa5dbf5579c164d8e524a9f2fa3f22eb09861ffe6ad659fe36eb40431222c22d7137a6cabca8db786e39d81f661afde4e39589b4db4d3c51ca53590a14e115d0afc3a877b839a9638bece80c32c19e51b7532024845f76cfe9bfb2ac05130f6758bf7fe993aa93aa272e4e6bd0c75c14099d43e652a223e5bcd64c362d4b8f4b95e016f9350c7fa74e653525d08011558b2c6e9bf4fdf9dbd5ef9b09bbc846afc2bcbc86c4ccc315f6d1ccd489b0cf8ed0d93f2f532a426265c590ba3a59023347d819d9b281ef85310b05316d46c8a8c0365d068a8708664ea4d77ac0cd150a65a56586babd34b74365bb8fe3e6187262284d64432e4c81ea4c0e57c1d71ae980c7f4d1d871032e188bbf9d1758cdc1dff989f2d1288fef4e205e99e7cbf2cc324b8c93046f476c59d3d0a59db6fe37382dc79c5ec16056ab3934a52f7d2880d0471a377b6a8ae84d56ac22d1d54551c: +0bea98abe7d63f158390ee668aa050e84a25d2893e49fc83f079f9bba6a55a7522192ec0d32ef9835665a61bc88bcf4e1604637921152c116af503365bf6be42:22192ec0d32ef9835665a61bc88bcf4e1604637921152c116af503365bf6be42:c178e38d4e83ed2be57ce1c3ab64253a8171e610008181fbfc6d752269f7f1c5a9ec62cb27f19ad99ce1f5116a363d96fdc5a42f358b6dbe7cabdfc9f60718e4012c1bb1f842c5560811ba8374a0637747ff92eac21ca65ddeaf43e9989b7de2d432520afee364ecfba4da669ad4893d0bf69f9f81e7df69657be22b92069745f216c242ccd46d02d35616e16c755e0e37f961a6f3637752534f6dfab8805ab759a032a4e7e4c81953325a2f686bb69a029ce4e03becb3605637c5a65b52e331c26c926ed4711a504d3733bb53c97b80eafe4e75ddd9f415362888c3d4d37bae0e63fa11bf755666437d72f58c91d7a2f8cb619b7620a070b26b18b4d50184c5818712110e36d3e2830f6a8576ba57f9cccb8fff4028bf8ef9cb814825bbca827d649547bf6f2bef931704ca7f6df15f780155ed46eaa7ca7d72e22434ca0483bfb2f7902dc787f617eb9bd41ed4520adfd430948c710805a73c1ba5492e96484c4baa7da24c7435c46a052bf3515d33e42dcef517caa45f36c879121078c688dd10d76656a119762b6a834136fa1f8a643224b9224c543cf0470b3f8ee017d620dbdcc84d985154e9d1ae80e5f14387b88a0f6a5c35905aa57fb3abeb0ea6eccddb004474633cc483b56b8a8e20e8f2e09e979aa09893087875c6b117b5f13847ad8fc05604c4:7eb3139b880fdf66376a2090818840049767c837f3ad0036b141667052b33609817ca5e240ed8cdf3ccf3aee29274534594db0b4ccc5c6e5bba3280b873f2901c178e38d4e83ed2be57ce1c3ab64253a8171e610008181fbfc6d752269f7f1c5a9ec62cb27f19ad99ce1f5116a363d96fdc5a42f358b6dbe7cabdfc9f60718e4012c1bb1f842c5560811ba8374a0637747ff92eac21ca65ddeaf43e9989b7de2d432520afee364ecfba4da669ad4893d0bf69f9f81e7df69657be22b92069745f216c242ccd46d02d35616e16c755e0e37f961a6f3637752534f6dfab8805ab759a032a4e7e4c81953325a2f686bb69a029ce4e03becb3605637c5a65b52e331c26c926ed4711a504d3733bb53c97b80eafe4e75ddd9f415362888c3d4d37bae0e63fa11bf755666437d72f58c91d7a2f8cb619b7620a070b26b18b4d50184c5818712110e36d3e2830f6a8576ba57f9cccb8fff4028bf8ef9cb814825bbca827d649547bf6f2bef931704ca7f6df15f780155ed46eaa7ca7d72e22434ca0483bfb2f7902dc787f617eb9bd41ed4520adfd430948c710805a73c1ba5492e96484c4baa7da24c7435c46a052bf3515d33e42dcef517caa45f36c879121078c688dd10d76656a119762b6a834136fa1f8a643224b9224c543cf0470b3f8ee017d620dbdcc84d985154e9d1ae80e5f14387b88a0f6a5c35905aa57fb3abeb0ea6eccddb004474633cc483b56b8a8e20e8f2e09e979aa09893087875c6b117b5f13847ad8fc05604c4: +c25878b0d1e0925c8f5f04a1e5799080963c413a1399c118afb1687c797f483913ac2cad41908c255f671f93934ae5d7be325346725c8b40dc39ea80d70ddf34:13ac2cad41908c255f671f93934ae5d7be325346725c8b40dc39ea80d70ddf34:6856cc7144b6bddcc4b58954d1a2e7101d6584b5d5e719a0aea0fbbdf221c2a2aacbacdc4020c5c8ce681ff7381acd607b0f5239692335700655be2d94c53d7b5148e92a2bc16338c2f4c1a7d1c595af622c240ce579a5e0f5b651bf562518cec8aa2ce4b4aadb1f2fda6cf6295bc37803b5377dab65c9b9a2949fdd49bf9ddc8f96d260ff951bf8e8ccf9827e6869c44bfd973358cefdb010db5e1fe5dbd9f5d2b2ca393c17d446f637059e692d7a91aadcc7689f5f9e1b3052175d9b6b208f9026787fdb66783f45372a24946b1bd1687bf0cfcc8174ebe4d32e43284fc78d7844de0fa22e2065e07528baabaf015cb34d629c3596ad040de31c5620eb266defa7533ac0401998e5673a754365047debfcf7e137a20d16cdd6a5521982f444cfc3429397c641bd7e74a770bb11fcb29483e337bae5169ee82da9a91adf3af67cd814c2825d29018ef035ea86f8de4c7563aaf66e0c75d17ca68f49f0758ec2d9c5179d01aaed7d4515e91a222b0b06fbde4f07a7d9df2de3bcae37ca2c8460c2a6b3749e9bda36d08e66bcc356b390434b4a18cfa45af557dca3d857ff3ad347cfb07e2358c2acfd5cd53b3b0ea2a41ee5c0802fd473db5f30526334da41eb4bc7518383898a0b7507ad4ca289d66c5e2eb75cf255dff312cb1e04eebeb47f2930b90d5e002eb0:06f55198b4191914b74306f38e381316eac40b5b5adb8a312464f67175ecf612e0147b1cef46c2518750a5606bb03bc6467bb9321514f69dcbebce8f690580026856cc7144b6bddcc4b58954d1a2e7101d6584b5d5e719a0aea0fbbdf221c2a2aacbacdc4020c5c8ce681ff7381acd607b0f5239692335700655be2d94c53d7b5148e92a2bc16338c2f4c1a7d1c595af622c240ce579a5e0f5b651bf562518cec8aa2ce4b4aadb1f2fda6cf6295bc37803b5377dab65c9b9a2949fdd49bf9ddc8f96d260ff951bf8e8ccf9827e6869c44bfd973358cefdb010db5e1fe5dbd9f5d2b2ca393c17d446f637059e692d7a91aadcc7689f5f9e1b3052175d9b6b208f9026787fdb66783f45372a24946b1bd1687bf0cfcc8174ebe4d32e43284fc78d7844de0fa22e2065e07528baabaf015cb34d629c3596ad040de31c5620eb266defa7533ac0401998e5673a754365047debfcf7e137a20d16cdd6a5521982f444cfc3429397c641bd7e74a770bb11fcb29483e337bae5169ee82da9a91adf3af67cd814c2825d29018ef035ea86f8de4c7563aaf66e0c75d17ca68f49f0758ec2d9c5179d01aaed7d4515e91a222b0b06fbde4f07a7d9df2de3bcae37ca2c8460c2a6b3749e9bda36d08e66bcc356b390434b4a18cfa45af557dca3d857ff3ad347cfb07e2358c2acfd5cd53b3b0ea2a41ee5c0802fd473db5f30526334da41eb4bc7518383898a0b7507ad4ca289d66c5e2eb75cf255dff312cb1e04eebeb47f2930b90d5e002eb0: +0b2ec62763f687593135da1961ef29a288089696d944b265a5f96893cd2d8225c1e234fa8bc96d268e7aad028b03f0a911b697715db3a21c2fc7df48ecda8875:c1e234fa8bc96d268e7aad028b03f0a911b697715db3a21c2fc7df48ecda8875:a83434c68693d5fced91bda10213fcd50c48920b90cee9b73a9c61081a0974933f4fdb0a67e671f8351b0ed5ec0fe7b5fb0c87586fe582ffb1bfa2db5fcedd3302428234b2bb0e726dedf45b13a70cd35ab3e299d13f34503508278c4458eea5b7351b05836bdad5b05f60e445fc65737ae27d2e52df9c39e5da0286392d08fff7ecb7066820fc90fc8a44d5616561c50b52714702302bca5874de85dba045045f9f0e604eb86d6d7fbd775f72ea493b2c4ef7c3be16db2ca7e4d8bd79eb20cfb5f0f6f05336b75cc86d219f3b8f2e91ba7d52b64fdd6a6664f04f2fbab758cdf984168691c32f53e8616b49f76ab7b192b900903082cc89656a9705804cc9b9288a3e42170984f8dc454e0864b9341672686a178c060050178a36c6d906b2ce070d8faaacd9a58c794a5ea4108b4a485c65811c2dca2ee7bb10bffff75d4586b990f43763a16fbc0b48ae1fafb08a9a36fa4326845dba5ba2fbd32bbf66505c5e8657ed0107e3e16144ef31fa6aae72e774097483f5480aa45540568fd08cba0d577768004f58ae9b95be374ed7f0299fe721275e476e0b9ab72dc06ea328384e39bf3ac331c625484312cd9b06b15a2954d33e7aaba6be2261886ca811db96b1143d06dd6e0f3cba7a1ae9b94eaf67771bb2d24e2f94de9c470fcde7bfdb32f410198b5aa9698e32:ff701f34b3594de3b80045f429e5e32dd88d6051d4195f1685be783766e80119368f56b3749725b913f1223f87fb0fb24d9dfa0841d6a0e2eb1fddf775c2d205a83434c68693d5fced91bda10213fcd50c48920b90cee9b73a9c61081a0974933f4fdb0a67e671f8351b0ed5ec0fe7b5fb0c87586fe582ffb1bfa2db5fcedd3302428234b2bb0e726dedf45b13a70cd35ab3e299d13f34503508278c4458eea5b7351b05836bdad5b05f60e445fc65737ae27d2e52df9c39e5da0286392d08fff7ecb7066820fc90fc8a44d5616561c50b52714702302bca5874de85dba045045f9f0e604eb86d6d7fbd775f72ea493b2c4ef7c3be16db2ca7e4d8bd79eb20cfb5f0f6f05336b75cc86d219f3b8f2e91ba7d52b64fdd6a6664f04f2fbab758cdf984168691c32f53e8616b49f76ab7b192b900903082cc89656a9705804cc9b9288a3e42170984f8dc454e0864b9341672686a178c060050178a36c6d906b2ce070d8faaacd9a58c794a5ea4108b4a485c65811c2dca2ee7bb10bffff75d4586b990f43763a16fbc0b48ae1fafb08a9a36fa4326845dba5ba2fbd32bbf66505c5e8657ed0107e3e16144ef31fa6aae72e774097483f5480aa45540568fd08cba0d577768004f58ae9b95be374ed7f0299fe721275e476e0b9ab72dc06ea328384e39bf3ac331c625484312cd9b06b15a2954d33e7aaba6be2261886ca811db96b1143d06dd6e0f3cba7a1ae9b94eaf67771bb2d24e2f94de9c470fcde7bfdb32f410198b5aa9698e32: +8960d7bee8c6b39ca5934d7cddd16f16b3663e6e03e833c057e2181e4597cb6843409095d4f50f5eddbd5cd4d2012298cb41a40e99492d5a2db08be5377ea183:43409095d4f50f5eddbd5cd4d2012298cb41a40e99492d5a2db08be5377ea183:308d84c7a5f786e563e5c1ea57aab5e555c00997749d15aee35439efa645da2c3967703115c6c63ed7f94785c5478f38467b86e7626e8fffa4d51a2dc45e6df2a35cec99555eabc9f7a93e2e2b689459b4e0c92b351562c417b1997113754ea59e4a91510728ff3071a2bbd1f465a687f67dae955615031a8ad551fe738a260bbc446b48dca1d979051ab5840832e19d473b666217a9183980d6b27e3d3c76d93665ba2393e6ab1a42c3904d4025932d601a202a59a4c49fdb77f0e02868247de5afdfaa1b894208ac00d77c6bb54c6b2a73a47657e44c85137963b57521af20976248eb261482147cdf7a145c3643e29e0588bfdae6a082904853ce5a10d24970ebdfb7f59d5efdd6a5e7e0d287971c846acd54d84dd45468a4110bab6ef8d9a5b4b2426788900b7e1adfe0624344f98fe59ef8a1e6c405b344eb97bb204773744b6a2d8c6e65d17cea07de03b7f0fe49f1a55c33d5f15ce55df7c9561b251c6ac807a92553e1ce917012dccfd69e7dbd038c7eeecae98623f18fbb650e2218a0bc0fff43a75a116448bb7362f527ee6bc8e10761cccf9bcfc0d000f2127b4cc19211d095a0bdaa4e4be4519e6c8445eab9b3144a45cab9996135bf7f75a78d22275900f4ce1f0a9eac136364103062893dad4390422b77e5f5d1d94d7029c6097b35ca64a7a476fcc7:7213dd4a79fd54dec0c548ef42e6cae015be77802bf515cd2582768f72f563ebb2da36af4aaeac56bbffc9932c2e24ec95daff00a5f7a0acab9c8bd3c23bb40c308d84c7a5f786e563e5c1ea57aab5e555c00997749d15aee35439efa645da2c3967703115c6c63ed7f94785c5478f38467b86e7626e8fffa4d51a2dc45e6df2a35cec99555eabc9f7a93e2e2b689459b4e0c92b351562c417b1997113754ea59e4a91510728ff3071a2bbd1f465a687f67dae955615031a8ad551fe738a260bbc446b48dca1d979051ab5840832e19d473b666217a9183980d6b27e3d3c76d93665ba2393e6ab1a42c3904d4025932d601a202a59a4c49fdb77f0e02868247de5afdfaa1b894208ac00d77c6bb54c6b2a73a47657e44c85137963b57521af20976248eb261482147cdf7a145c3643e29e0588bfdae6a082904853ce5a10d24970ebdfb7f59d5efdd6a5e7e0d287971c846acd54d84dd45468a4110bab6ef8d9a5b4b2426788900b7e1adfe0624344f98fe59ef8a1e6c405b344eb97bb204773744b6a2d8c6e65d17cea07de03b7f0fe49f1a55c33d5f15ce55df7c9561b251c6ac807a92553e1ce917012dccfd69e7dbd038c7eeecae98623f18fbb650e2218a0bc0fff43a75a116448bb7362f527ee6bc8e10761cccf9bcfc0d000f2127b4cc19211d095a0bdaa4e4be4519e6c8445eab9b3144a45cab9996135bf7f75a78d22275900f4ce1f0a9eac136364103062893dad4390422b77e5f5d1d94d7029c6097b35ca64a7a476fcc7: +ef6b9b51fd4f8586ca62658e042fc09a83b943033526ffc326c65eb3a5fb594b1d6eece805e0887821876b7ed6ed5b0714d646fbecda38764f94c8155e61d004:1d6eece805e0887821876b7ed6ed5b0714d646fbecda38764f94c8155e61d004:a8f3f19665de2390d5cc52b064b4851273677486d8f5563bb7c95fa94db3356161ee622221f10cbb1fa195aac7231ea716d74b46b37bc85a70dba3dfaa1675217b351199e74a971028f729b7ae2b74ae8c6b3a0679c3e3296802844ad5bba343f6f9f7c4661b4a29b44f17e89e114fb220e984cd980e94c3d2bf9873e0605c92301744a3035ef046bad2666b5c63ebecf93cc140291946c0fa170340ce395092deed79841352fbfee03a927eb458f2a633ed3271652f5b0f9960cdf9015d56fdabd89ee71e259af6eb514b4c1bd4a666f5b5a35c90f35b149457af2944dd0aa8d9b542283a7e5412b775e421d2126f89bebc3ca37f73071621f1321eee52e9690486a33cd7ff9c9967fb65ee4e907b6b852211473d21e9d91a93362ac761760e8c7bbea486c3d605f9e11b86136819a7ab3f32f13ffca16817fed197ff880b4d6d9a808f7f878763a045728df72faaa963e4cb1c09cc2b2da920280c8366b7d18bf8972df16cc23448fbe6b2e6e16cbbf0745129854053189637ce115d2398433c15d6f116a205334824af282fa758494c47868ea8f4dfadc705e861aad2eb8ef3dbbed2a4569e15834a760cce0cbbc84b289e779b988346b9069c744c97ab2bf42b086d2fb0a411f5ce99f0819a3086b4fe9d96c7c9908dce28df1ddd30f3501ddaf78110734f9dcdfec3:71d171071cd0fea1c6a9cfad1f7fd835e85ff906778bc6345a4dec4313ecc2bff755a717ebd912a5e02840ac073842f9bfcaa58913e260e3c73393d36685c70ea8f3f19665de2390d5cc52b064b4851273677486d8f5563bb7c95fa94db3356161ee622221f10cbb1fa195aac7231ea716d74b46b37bc85a70dba3dfaa1675217b351199e74a971028f729b7ae2b74ae8c6b3a0679c3e3296802844ad5bba343f6f9f7c4661b4a29b44f17e89e114fb220e984cd980e94c3d2bf9873e0605c92301744a3035ef046bad2666b5c63ebecf93cc140291946c0fa170340ce395092deed79841352fbfee03a927eb458f2a633ed3271652f5b0f9960cdf9015d56fdabd89ee71e259af6eb514b4c1bd4a666f5b5a35c90f35b149457af2944dd0aa8d9b542283a7e5412b775e421d2126f89bebc3ca37f73071621f1321eee52e9690486a33cd7ff9c9967fb65ee4e907b6b852211473d21e9d91a93362ac761760e8c7bbea486c3d605f9e11b86136819a7ab3f32f13ffca16817fed197ff880b4d6d9a808f7f878763a045728df72faaa963e4cb1c09cc2b2da920280c8366b7d18bf8972df16cc23448fbe6b2e6e16cbbf0745129854053189637ce115d2398433c15d6f116a205334824af282fa758494c47868ea8f4dfadc705e861aad2eb8ef3dbbed2a4569e15834a760cce0cbbc84b289e779b988346b9069c744c97ab2bf42b086d2fb0a411f5ce99f0819a3086b4fe9d96c7c9908dce28df1ddd30f3501ddaf78110734f9dcdfec3: +bad47cd4bd89849067cce1e63c3d91e9b787aea8584edb07f3451ef67e7bd79bab0ce9ba1d29bdfb85a0e66b76b5e2e05ff732569e4375ccd75098e9e71d17bf:ab0ce9ba1d29bdfb85a0e66b76b5e2e05ff732569e4375ccd75098e9e71d17bf:b5a61e19e4863e0bb5f3fab6c4970d878596895521fa1e7f678cafa2de53322fd458a98aa6e35805429f651291b95bd9950e155f3ada0b609159a4abda5990c04bc2e764422fb49ef42f12529ff6f6a82029ff0185662e658f83c546eed09f06b5a68e857cdad0eb9ec4eecbfd88f34bc80990f8644a9bfdde1d9f3a90d557a8b828d5ce06a64e3b238582bb4cbeba30edc49e8122c55e95badcf502cc567869c09e9f46c6ff3f6878986b1de00b72a1858046fcd3a6e9cdaf5b073c56f2025063a2d178bd4c1e8cbc1e6e671aa97fb2cb4cc8a62c20be41c776372c8e7be63b482e6c63fa85d7cffbc1b2820bae1fc128343a1e20fcf1bc3502eee81358cc9a74c72af63530f96a25a604648ff570df1eb89d1fddbab28679ba2e9b41977e9a9c1caecdbfc361a1dd055ec51620a9bbdbbaf718c9cc136d2007710399536d13332485ec38879785e0c9ce9915a80251373990a59bce440326031ab1b458bfa5b8a4793da4ee11ab7af20de2a118c9ae521a417b68207fc885e109d8463e9f022787cc730db0b1faaed257bed901710885b74e994f54f6f2aeb64f0f60b59efbf2e3bb6515424603a113c0b8a31ba3c1e9a9b8118c87ec6949b75f49627ea7b1328889391104d4f4a3892cf00f26a73cda2a40f9b7157afc40667f4a04f647dbf93906b84c9a35164e1bc902:e5724a1dd463a97d1222c518c4925d322202d10f04cd078e771e0fb3951dbc1493a234460754c3aae3df93008dbbfb310c99592bede735a4aeab0323a1210d0eb5a61e19e4863e0bb5f3fab6c4970d878596895521fa1e7f678cafa2de53322fd458a98aa6e35805429f651291b95bd9950e155f3ada0b609159a4abda5990c04bc2e764422fb49ef42f12529ff6f6a82029ff0185662e658f83c546eed09f06b5a68e857cdad0eb9ec4eecbfd88f34bc80990f8644a9bfdde1d9f3a90d557a8b828d5ce06a64e3b238582bb4cbeba30edc49e8122c55e95badcf502cc567869c09e9f46c6ff3f6878986b1de00b72a1858046fcd3a6e9cdaf5b073c56f2025063a2d178bd4c1e8cbc1e6e671aa97fb2cb4cc8a62c20be41c776372c8e7be63b482e6c63fa85d7cffbc1b2820bae1fc128343a1e20fcf1bc3502eee81358cc9a74c72af63530f96a25a604648ff570df1eb89d1fddbab28679ba2e9b41977e9a9c1caecdbfc361a1dd055ec51620a9bbdbbaf718c9cc136d2007710399536d13332485ec38879785e0c9ce9915a80251373990a59bce440326031ab1b458bfa5b8a4793da4ee11ab7af20de2a118c9ae521a417b68207fc885e109d8463e9f022787cc730db0b1faaed257bed901710885b74e994f54f6f2aeb64f0f60b59efbf2e3bb6515424603a113c0b8a31ba3c1e9a9b8118c87ec6949b75f49627ea7b1328889391104d4f4a3892cf00f26a73cda2a40f9b7157afc40667f4a04f647dbf93906b84c9a35164e1bc902: +caba8e0533113a4be173408ba83c0db74260802f9186c391402655acde6015cb2d7bef6164c279fa1028a9788e3e8ee8ac15edcf92a5855062952310b4684547:2d7bef6164c279fa1028a9788e3e8ee8ac15edcf92a5855062952310b4684547:2413a32bca5ce6e230e565eb858493d5d04e6d2e2a7ab1f89a3b423311676bfa93c67daafd1cfc7109e040bac52cbfe07c28280bb6acf6e3a31073dab2965378dd77f61fe9247135c1a631b79ad668c9ea1cd4112d8d3a064cc21df32aeac7dd718b091fb6915b8bc063bb5815c376e01476312a2e5433417a7a9315d65999b02ff464a474a597e53988773670eca46a6e26cf96e9488e9e6344bc783ddfb535e76bb3b9a603ff4c59c7dbe2d8b6198d5b24490b4ea96c95959ffbf3d8218e760daf20e01e2f36c84bb097115abddee92bed82d16b15a9e192e9893ac638461df507207b0cf595884d8a99fb9c7045f9bff7b73f00ca3fd595a5cec292adb458bd9463be1204d01678d2f4389b8720115fa597c402b4ff694b71ce4f3d330d5e2f3c3ad6d96a9b3439230fc53a44794cda595557c406ca1589bc7be81e2d79636033253fa7bdd600c67fc55936bd96ce0428c3eb97bad1de0a5fbb9b675157de5f18bc62a7c22c9483e2802e679b5b8f89db0fc37f7c7150ad5ac8722ceb999b2435e6997217092336ef1c8a2292dab9a46ff8a9e10d3355765cac9d6598770f4f01ea639125fd031609dd1a507d96280c7d01a3ee987e9b210ec8744cd48c74f8afee961e8ef221f826a1fe6e7df0cb15ad7c7ef4a91f9d0f4c2e1bdea635d275fac8c4bc0601f490dbdbc734:ec35ec32c8a4008827e178492b3b8bee22a4954fc6b25f4f225dd7ed23698900de8156756a8edc35c51d10f82b830a2a659676eac911f960244766e0c3c607052413a32bca5ce6e230e565eb858493d5d04e6d2e2a7ab1f89a3b423311676bfa93c67daafd1cfc7109e040bac52cbfe07c28280bb6acf6e3a31073dab2965378dd77f61fe9247135c1a631b79ad668c9ea1cd4112d8d3a064cc21df32aeac7dd718b091fb6915b8bc063bb5815c376e01476312a2e5433417a7a9315d65999b02ff464a474a597e53988773670eca46a6e26cf96e9488e9e6344bc783ddfb535e76bb3b9a603ff4c59c7dbe2d8b6198d5b24490b4ea96c95959ffbf3d8218e760daf20e01e2f36c84bb097115abddee92bed82d16b15a9e192e9893ac638461df507207b0cf595884d8a99fb9c7045f9bff7b73f00ca3fd595a5cec292adb458bd9463be1204d01678d2f4389b8720115fa597c402b4ff694b71ce4f3d330d5e2f3c3ad6d96a9b3439230fc53a44794cda595557c406ca1589bc7be81e2d79636033253fa7bdd600c67fc55936bd96ce0428c3eb97bad1de0a5fbb9b675157de5f18bc62a7c22c9483e2802e679b5b8f89db0fc37f7c7150ad5ac8722ceb999b2435e6997217092336ef1c8a2292dab9a46ff8a9e10d3355765cac9d6598770f4f01ea639125fd031609dd1a507d96280c7d01a3ee987e9b210ec8744cd48c74f8afee961e8ef221f826a1fe6e7df0cb15ad7c7ef4a91f9d0f4c2e1bdea635d275fac8c4bc0601f490dbdbc734: +9bf3fbc7308b46f6036bade0c3ca199fac662b07f103bf75181d52ba6a58be052f6ac6fc33bc060c1dc3cb9d1a2b9115845addb16c4b84be37ed33adb3b3d3a8:2f6ac6fc33bc060c1dc3cb9d1a2b9115845addb16c4b84be37ed33adb3b3d3a8:d65e36a6a38195ecb91de3c848b51f639245fa2baba8a6f85947159dec0ed3fae80c5a0f8c66ff24793c89c0c687543bc633547a1f37f730d97012ebbdc7ac339c4890c0856bbfe2ba29b25a7aa6b089c033fecb76db62dd3c00f6421b9e76dd0ea366eb2d4a052ee6cc736e3819191d5ad7a66d2be042cc6539e5f35652b155a727f3888d93f93a9102598f7538a9ab7c777eec79426a6075d6f38d64c485520f6413ff4d358a8a9cbdab01adf4db02adaea26494d1f5d617637f277f8b0e6e7e61e2eeccdd337de2baf0ca264c14c8cb8368000b9c714385f413737d6816e212cae2aecfffc32fd16d46c3ecee6ab074c0d768bdfe99b86cbbc8df9c47cd586d465871268d4a9d1c877236ab78f8859c114e251cabc4be0f8bc25d148c5f543e290745d11803e49f5b53193fe39969c039b3f249b32f2b8598b6acf4ed64d5752bb772ff4ee00ce0f85ecbb4cfc4ce07daf2809868c2903b781e12a274105f06181029e47f2bfb21f49480aa1e444715c0b9ff07ead88975d93585d2ff424832a9783d94906a60f877ae1c85ff15317badca1e61317433c7ce96279b678ec9d174dd0870080b234154f626a53462cfd547842eab8705605b8ee885729ee78d1833aa43f55ac22731989fdeda7dc5fa9c01985f2661e6c7326d346e6db27e6f921fae7c93a2170e10dd0c460bdc:0c3136e01f9bcd99e10d3d124b0cdb0772bec18a864be81bd1daa44d818c3d470dfaa8ab6e9a761cf03f93ef9cc78291096ed6d10c08fa2fba3bac04dde20f0cd65e36a6a38195ecb91de3c848b51f639245fa2baba8a6f85947159dec0ed3fae80c5a0f8c66ff24793c89c0c687543bc633547a1f37f730d97012ebbdc7ac339c4890c0856bbfe2ba29b25a7aa6b089c033fecb76db62dd3c00f6421b9e76dd0ea366eb2d4a052ee6cc736e3819191d5ad7a66d2be042cc6539e5f35652b155a727f3888d93f93a9102598f7538a9ab7c777eec79426a6075d6f38d64c485520f6413ff4d358a8a9cbdab01adf4db02adaea26494d1f5d617637f277f8b0e6e7e61e2eeccdd337de2baf0ca264c14c8cb8368000b9c714385f413737d6816e212cae2aecfffc32fd16d46c3ecee6ab074c0d768bdfe99b86cbbc8df9c47cd586d465871268d4a9d1c877236ab78f8859c114e251cabc4be0f8bc25d148c5f543e290745d11803e49f5b53193fe39969c039b3f249b32f2b8598b6acf4ed64d5752bb772ff4ee00ce0f85ecbb4cfc4ce07daf2809868c2903b781e12a274105f06181029e47f2bfb21f49480aa1e444715c0b9ff07ead88975d93585d2ff424832a9783d94906a60f877ae1c85ff15317badca1e61317433c7ce96279b678ec9d174dd0870080b234154f626a53462cfd547842eab8705605b8ee885729ee78d1833aa43f55ac22731989fdeda7dc5fa9c01985f2661e6c7326d346e6db27e6f921fae7c93a2170e10dd0c460bdc: +64e89304a335e903cb36c0bdf1a6412ef368468006b73d3d2d61cb030cc5f8d1a180ef3a661c3c479d5f69807c902748e35e7f725121e37a5d91b8bec88d83a6:a180ef3a661c3c479d5f69807c902748e35e7f725121e37a5d91b8bec88d83a6:2f51074d981bdafafb02a40fe826c45f3171c1b3184d8c260b82b8411fc625cb02ccfe755dc29dc7895bf759e61b2450da1a656a38d4f70d2ee748c518c6420306e5f01ec7a0ffe0e9dceb93f6c077b12662881584f98ce6ab945f87fc6d123c45d6cdfd8237a1ce3635b623a79d020df44c74b89ac14a321fbf33a8c0a2559fea1c2b156076b813908f842ebe4c2b949089e52b1ae40dc6e4b2abbc439a0bf72369679aab6f4c00018be147f7c0a67b9679ee88a53819c49f7b675e30a8b5af39661ee8db21010411294968f88e5d604d0d88d76a7e4864fad3a56f5f624ba1b34ea9cb720850aad3bd4f0a882a7d25fbec2bb7ca86da616da96c1562c6d6a1abcc641e1b58b2c178e1c3bc8a3b36ec9e144dd2e75b0bc8c08ccb0d6e3427b0322b3d6ab93f3f60b9cc5b61dad02385a14949f9b87a8e3af1e0e0fab7a9a928c753fc6110444af7ccaf8027ed641b9ed87fa5d8e1f76cae465d57a70dad9ebfdd3ce7576ac4de89d98f42e282ad87ad6a5042577cbbbc4d951e2a8676fedc8cb1b1bdf76c3a38846385a85aa24706c20a8b38465fe2ae0e41f78e614b8e9642fe2471a9015747db976e0c7848c23ff3f417cb05a8d5ef40130adf855c998a62104d7e2fb7c0f9aa2a496075623ced2c0f7eec10147ff9608a8a042ef98117459b93837fd1b8d5ef03978eada74cac:92eb4454814001ecfc18025d6421f64645a5bcbb5cb8fd85c14d772617c503e8be7d3bcf117f5e6801d1c3b96f9090a66ddc67f8cf8ff0f1c125b16b15e2ce072f51074d981bdafafb02a40fe826c45f3171c1b3184d8c260b82b8411fc625cb02ccfe755dc29dc7895bf759e61b2450da1a656a38d4f70d2ee748c518c6420306e5f01ec7a0ffe0e9dceb93f6c077b12662881584f98ce6ab945f87fc6d123c45d6cdfd8237a1ce3635b623a79d020df44c74b89ac14a321fbf33a8c0a2559fea1c2b156076b813908f842ebe4c2b949089e52b1ae40dc6e4b2abbc439a0bf72369679aab6f4c00018be147f7c0a67b9679ee88a53819c49f7b675e30a8b5af39661ee8db21010411294968f88e5d604d0d88d76a7e4864fad3a56f5f624ba1b34ea9cb720850aad3bd4f0a882a7d25fbec2bb7ca86da616da96c1562c6d6a1abcc641e1b58b2c178e1c3bc8a3b36ec9e144dd2e75b0bc8c08ccb0d6e3427b0322b3d6ab93f3f60b9cc5b61dad02385a14949f9b87a8e3af1e0e0fab7a9a928c753fc6110444af7ccaf8027ed641b9ed87fa5d8e1f76cae465d57a70dad9ebfdd3ce7576ac4de89d98f42e282ad87ad6a5042577cbbbc4d951e2a8676fedc8cb1b1bdf76c3a38846385a85aa24706c20a8b38465fe2ae0e41f78e614b8e9642fe2471a9015747db976e0c7848c23ff3f417cb05a8d5ef40130adf855c998a62104d7e2fb7c0f9aa2a496075623ced2c0f7eec10147ff9608a8a042ef98117459b93837fd1b8d5ef03978eada74cac: +6f634387ca2c0cb167a740d6afd89e2a28f5307184e81cba3c037046a5ede23c011f2a9a111c38f3490cad1685be78eceedc6fac4a3221301c69c84b1ec7b3a7:011f2a9a111c38f3490cad1685be78eceedc6fac4a3221301c69c84b1ec7b3a7:865c20a94ac3f2e3bd5cb85bec9d33726671fe01f9c537017d59c8d5106e43360bf76fc06186705980c8a87ba3633a4a170426ecc0defb6db2670f5f592533774cda50052ae597d48deacc2637063bfd519f2e79bac81775beccb1ab2f5b39712e2e829469b75a2d2dbd08aa6d24723404b25eb948a4834c55246c8079a82ec64354e8c2388f8c5a616b3cdc371e6263fabc9f6099219e861585fe82a67d610dd1eb5c81c96b5cb354a689fd8aac8db76c433f0cb0b31cf1d855b6a30a3d2a212e9b4f7d7afe619951f98d2f1ba2c101085ba81f49b36037cd6457a7eaa8f4f3bedf68d09fc9fa25a9d754db65360285412d1a6da53788905fcf4efa8a80cd86ca48b845633d8c31c2ae06f16c4c6bbbe9cd1afb59e101be50e03535dd8a65e45bba46d45cb14badfc8e93ab5267f4e492ab1f9a95e61fcab81cbf2bd867a3ec7b4baa189a0f08567075596129dcf9ff1c502d3279e8aa6ce56eaf134582a9e430a5aa8ca10c3da8bc793d0256ad19aea7149f0ea7ea95facfac1c5cfd29d7a3fe1a417975739e14da8edc819900472ca8c69716328e8a299f974edff741aabc1c074a761b3ec8761dda2e7eed7af33ef00409849d415497c5ed5dfaa2259a31d076398170b2d9d210208b4a4c7db8c626d1c533562a1f95489f9819e4985fc4e1d1a707be5e82b005481d86377f424e:fd17c618cdbb5d459ea2aca886f0512c623251284aae3a83eb5d7f60da1d9b2ba083c455a5e2583a3cba736e7b961ba19c1cc8dd90745da82a15dfc662e8e10d865c20a94ac3f2e3bd5cb85bec9d33726671fe01f9c537017d59c8d5106e43360bf76fc06186705980c8a87ba3633a4a170426ecc0defb6db2670f5f592533774cda50052ae597d48deacc2637063bfd519f2e79bac81775beccb1ab2f5b39712e2e829469b75a2d2dbd08aa6d24723404b25eb948a4834c55246c8079a82ec64354e8c2388f8c5a616b3cdc371e6263fabc9f6099219e861585fe82a67d610dd1eb5c81c96b5cb354a689fd8aac8db76c433f0cb0b31cf1d855b6a30a3d2a212e9b4f7d7afe619951f98d2f1ba2c101085ba81f49b36037cd6457a7eaa8f4f3bedf68d09fc9fa25a9d754db65360285412d1a6da53788905fcf4efa8a80cd86ca48b845633d8c31c2ae06f16c4c6bbbe9cd1afb59e101be50e03535dd8a65e45bba46d45cb14badfc8e93ab5267f4e492ab1f9a95e61fcab81cbf2bd867a3ec7b4baa189a0f08567075596129dcf9ff1c502d3279e8aa6ce56eaf134582a9e430a5aa8ca10c3da8bc793d0256ad19aea7149f0ea7ea95facfac1c5cfd29d7a3fe1a417975739e14da8edc819900472ca8c69716328e8a299f974edff741aabc1c074a761b3ec8761dda2e7eed7af33ef00409849d415497c5ed5dfaa2259a31d076398170b2d9d210208b4a4c7db8c626d1c533562a1f95489f9819e4985fc4e1d1a707be5e82b005481d86377f424e: +4b2e1ae60fa5d383baba54edc168b9b05e0d05ee9c181321dbfddd198395915436c020b18552345619ef8837eb8d5494840e85f46809343b4d6f406125da557d:36c020b18552345619ef8837eb8d5494840e85f46809343b4d6f406125da557d:fab98b2bbf86aeb05086812a4b0049a1042abb76df9cd2908755706303efedb1ad21e8bc8d7562349e1e98ce0d752f4b3d99e677368bd08c78fe7425ec3b560e383bd42af6499886c35add80a5828b61d6644d7dc443ba2c06f9bad2eccb983d24458f6ada1b10bb5b77172c5cdd56d273d1e41010b25cf48a7d58d7255702ac12f2a6fe2918466395f460d15236d035ae9410ca86c4605128299faaf09015f1adee7768ee1a8f8ca06d10dd7f95c46fa10253065f9d6f90295908809fd779571be29e0ae66e0bcbdeb7913d2bbb76ac302f3452c55ef199a48eceb0e3596c7b4c0386dae7101ea244a33c4cdc830672df83655b35338052307b94d223cab1af69e07f78e58cbb0cb3c5351e3a6b0c4a927f7562c598d2d3df90569f61db1a3cb0140b56ea02cf7745fbeec2028673d67f1ec5f7daf9715f754a9d8ed46a7a63ef722ee0d5899331b63c974fa880429435767f96254ef46c9968f3fedaafeaf3e8f45634b54f5e0a5fc2d2373ab9e98d9acfe3697e642a18e0dfd9fbc2f094866d401f0a4ca2a456edf6a1a77b9c296c3922067eb3d5a5ca0a77f430e4c8611d8f05a1baac1635ef7ba83dfc69d301949856be4d2c8ab61de29cf39250c5794cbf5750cda95d0468afa2b7f23dba4ef5f5295a3bf4140018b7ed061884444f5bb1b7d239312dd739999536c684456ea06b:2220119e83d69a6a3eed95fa166d1d1128a3f232ca1b78bc94b4d476c4779443614b8772aa2232cb0720a055eb71d8407f3ab19baa1d962c052c84c0bd589608fab98b2bbf86aeb05086812a4b0049a1042abb76df9cd2908755706303efedb1ad21e8bc8d7562349e1e98ce0d752f4b3d99e677368bd08c78fe7425ec3b560e383bd42af6499886c35add80a5828b61d6644d7dc443ba2c06f9bad2eccb983d24458f6ada1b10bb5b77172c5cdd56d273d1e41010b25cf48a7d58d7255702ac12f2a6fe2918466395f460d15236d035ae9410ca86c4605128299faaf09015f1adee7768ee1a8f8ca06d10dd7f95c46fa10253065f9d6f90295908809fd779571be29e0ae66e0bcbdeb7913d2bbb76ac302f3452c55ef199a48eceb0e3596c7b4c0386dae7101ea244a33c4cdc830672df83655b35338052307b94d223cab1af69e07f78e58cbb0cb3c5351e3a6b0c4a927f7562c598d2d3df90569f61db1a3cb0140b56ea02cf7745fbeec2028673d67f1ec5f7daf9715f754a9d8ed46a7a63ef722ee0d5899331b63c974fa880429435767f96254ef46c9968f3fedaafeaf3e8f45634b54f5e0a5fc2d2373ab9e98d9acfe3697e642a18e0dfd9fbc2f094866d401f0a4ca2a456edf6a1a77b9c296c3922067eb3d5a5ca0a77f430e4c8611d8f05a1baac1635ef7ba83dfc69d301949856be4d2c8ab61de29cf39250c5794cbf5750cda95d0468afa2b7f23dba4ef5f5295a3bf4140018b7ed061884444f5bb1b7d239312dd739999536c684456ea06b: +b216cebf878024c20dfc86ce4b37bdc47aa28f29203b5b44925065d993a259fec36edbb6254a913f08fe259e238780638f72ec0b3007264bcc60a9e81ee9298f:c36edbb6254a913f08fe259e238780638f72ec0b3007264bcc60a9e81ee9298f:9c8717cc86fe02480bfd9e922bd76bffee2170c4cb1b13df834ac01d45006086297f1b8a26f2ba674d33e1d162f19367feba97352b7df2e75b309d4b6f8b07cc0eb6777e81e268e02d07f2a08f8f39d5a8320bfc01fc8c9227d2cf05e12891ff4de885a1c93371a0910ba53392aff9ba2eed9a2055977ec4157bd65b34df79372f4d50edbc48924353cfa1692319d88a7a5bb726254c209291e9b1d2c1a6c8236398109c59ed42a0ac9e7633c520734eccfea4fea95a47a8f0a068b4275000439cc97c57871e105cc0790e9dcc9c25d5af7063ffd05c4f3780e7bca4c456d0170da709fc6cb3faa72bdcf562908ae9340aef4d0c8b91f0fbccbcf1cd898b1c716f4f1474c3aa316242abdf6368e57a247ff2fd5ce23d187f694f11e38dfbfbc3d9db20903b4ebb449b9049ee020f6e2f508e8b2b165bad7464dbdd178cbd423233765d371e7ae1c3e878cdb5b824b20cb309867c0e473c067e6744008527b6bc076d077f4867622aeed1c253dbde7c6a76c7015962fb73391698600bb318ffa7b0136ee4ccb07daaf01f40ff9c194f98681f9faef8b6f9e99f95df0080da8966a8ba7a9474c537b92df9799e2fd16f788dad7a7bcc745226e1e6371f52ebcdbd144044ddfe632dfc0a43d3a450923170ebc7ae219e50e078a511bc12ef14cd14b5309f38abd65db2b2a7af2243b229c9fd2e:b7389ee78dd9763f9d2892912edcbe3e8a236b8bdc25f44b9cfdc8c47cd58168ab56eb0402a5bd752ac8f4978d2ea2b65d2fa85265966b9f57227ef4a59ae0099c8717cc86fe02480bfd9e922bd76bffee2170c4cb1b13df834ac01d45006086297f1b8a26f2ba674d33e1d162f19367feba97352b7df2e75b309d4b6f8b07cc0eb6777e81e268e02d07f2a08f8f39d5a8320bfc01fc8c9227d2cf05e12891ff4de885a1c93371a0910ba53392aff9ba2eed9a2055977ec4157bd65b34df79372f4d50edbc48924353cfa1692319d88a7a5bb726254c209291e9b1d2c1a6c8236398109c59ed42a0ac9e7633c520734eccfea4fea95a47a8f0a068b4275000439cc97c57871e105cc0790e9dcc9c25d5af7063ffd05c4f3780e7bca4c456d0170da709fc6cb3faa72bdcf562908ae9340aef4d0c8b91f0fbccbcf1cd898b1c716f4f1474c3aa316242abdf6368e57a247ff2fd5ce23d187f694f11e38dfbfbc3d9db20903b4ebb449b9049ee020f6e2f508e8b2b165bad7464dbdd178cbd423233765d371e7ae1c3e878cdb5b824b20cb309867c0e473c067e6744008527b6bc076d077f4867622aeed1c253dbde7c6a76c7015962fb73391698600bb318ffa7b0136ee4ccb07daaf01f40ff9c194f98681f9faef8b6f9e99f95df0080da8966a8ba7a9474c537b92df9799e2fd16f788dad7a7bcc745226e1e6371f52ebcdbd144044ddfe632dfc0a43d3a450923170ebc7ae219e50e078a511bc12ef14cd14b5309f38abd65db2b2a7af2243b229c9fd2e: +afcecea92439e44a43ed61b673043dcbc4e360f2f30cd07896cda20cb988d4e3d231f69235a2e3a1dd5f6c2a9aaf20c03454b9a29f4e3a29ab94689d0d723e50:d231f69235a2e3a1dd5f6c2a9aaf20c03454b9a29f4e3a29ab94689d0d723e50:0b05f89ebb3397947687afbef0ede87cf3810676277037521d952a3bbbbdc8565988a095d8d4f6f59be572d3d821dd789977ef77a2fd7110ceeed9f3756ed8e188267b97a30ef8957c78aea3a2963deca61860545e0c40824881ebb1db10f607e10ddbddce400ea236ba4745aa99a05641976766789ed0da7db55fdab459ebd4b441a6282f7cfd5a20ea06effa335955e5fd29181671bc92c00052f7f75c39277c9a43b787ac9fb1516e996232a509774d1dc21d8c0513f7844b0a5b5f18957581f99044a14223ccda8a284de12fd424265fe57b270215f8fa9ff2bea517934e4800a47d346fb6c361cfbabeffabd9c4164f45156e245c977edb473642c3940be5ad6fd1a7119a7b18e98d6dc843e0d254c93d0146d18e5c62ede1490f89a605eb454f974778cfae20932e95477bd03bcdb97d5bcb76335942e92ee668f231e69c570ac5446d0f774066737fdf49f10ceb1b52d6d8a4639846a3373a7c6f3b4b3159fe2e7af7eee2f0df172d94d255d017651da3009005e5eac3176c09389ee40d70383bd37117eca083598a1801f592d057186e568e247c252be4b14f723ab7ddb97ae9768c2682fd63acc300779fe04e2b88874751346c9e0f97a2a216772ff9625c33bd7e29fed8003a08dbd33b5d17899c943c25e95ad754fb632e047c112af7f7ceba72362e1a3ddd2935aaf7f818a27c:a65545cf3df456b28d83a6d94c036a19d0d29fb065edc27e5e93a1f40279897e1c6f25959a725ababc87cf2ae727f3467b79570e902711917191d9cb0d2d660c0b05f89ebb3397947687afbef0ede87cf3810676277037521d952a3bbbbdc8565988a095d8d4f6f59be572d3d821dd789977ef77a2fd7110ceeed9f3756ed8e188267b97a30ef8957c78aea3a2963deca61860545e0c40824881ebb1db10f607e10ddbddce400ea236ba4745aa99a05641976766789ed0da7db55fdab459ebd4b441a6282f7cfd5a20ea06effa335955e5fd29181671bc92c00052f7f75c39277c9a43b787ac9fb1516e996232a509774d1dc21d8c0513f7844b0a5b5f18957581f99044a14223ccda8a284de12fd424265fe57b270215f8fa9ff2bea517934e4800a47d346fb6c361cfbabeffabd9c4164f45156e245c977edb473642c3940be5ad6fd1a7119a7b18e98d6dc843e0d254c93d0146d18e5c62ede1490f89a605eb454f974778cfae20932e95477bd03bcdb97d5bcb76335942e92ee668f231e69c570ac5446d0f774066737fdf49f10ceb1b52d6d8a4639846a3373a7c6f3b4b3159fe2e7af7eee2f0df172d94d255d017651da3009005e5eac3176c09389ee40d70383bd37117eca083598a1801f592d057186e568e247c252be4b14f723ab7ddb97ae9768c2682fd63acc300779fe04e2b88874751346c9e0f97a2a216772ff9625c33bd7e29fed8003a08dbd33b5d17899c943c25e95ad754fb632e047c112af7f7ceba72362e1a3ddd2935aaf7f818a27c: +b834c6e0facbff580dd3b23753959a4c2154c219521b3d27035d071f6599bd02d1c384715e3b3d02c13e090605534c7db740da2aa560f53200a3ced8beae8cf8:d1c384715e3b3d02c13e090605534c7db740da2aa560f53200a3ced8beae8cf8:6cf147b1605528a36be75716a14b420bcf067c03f1cfe9c4402f14987fbfc9d3ecc3ccf4f8d2d03a55900b8dc79af3b6e77436f69b1417ad4b68fd44e5e333ed90ea7943fbd1122609ec8ff6bb25e42e9914f5920fc72c4d013b6a9685c996fbd8352aafb184c22d9e47871a5280e4ab7dd6a5cfd10a5994a200f670e0b622a9394d4793d0a420e7d8806cb127c7ac690d45a2e94166cea672bcd982b0e9baad56312d2570ddde7e0b9e7f47136f0481d00f66a2aaca4d1b09d7ce6c5a98a76b68cd97d5793968d667073f8217f9054735340f9b149c0dce845b099e88d0709680f0f77603ff0a2331c558fc36d5f24da9a62d69af5190d21b5c857a1e08f014c6d456468665a7f845c66f9111f9c098c68940efcd87b657070cb9164bc9743aceb7439a0d01c0062a11af2e11349397f5d152872b13c5ab32f51cc58f1475ec82ac671561dcbd343cfb3c5f78d0fc73053c6004b0a4ca3f2043ff4b0c54275c4fcb9cadc6baabe57b1d5acd531e972ef9335136cd1d65512ba1f5b6ccc4b66b4250aafa2967dd4211a2742e0f177d8f4063899f61815cbe6d8fbfcdf74812bd40cc10084e46a99ac128058eaf16a49a24b6ae228ecf0109c52dfc06e37d6a333bcb24aba312164c6c0290485d251280538ce9541c0916640e36d6929dcd9588eb99577f5f6d82bcbb198826267e49f5daff2c0d:0f19b7066d5792328a9800d9d4f8f67d5b089b541226a167dacd439fa485b0025a5dc7f2c7e23fc4a5c6869e7619d356399700c93650e89cd25b90fb9925e3046cf147b1605528a36be75716a14b420bcf067c03f1cfe9c4402f14987fbfc9d3ecc3ccf4f8d2d03a55900b8dc79af3b6e77436f69b1417ad4b68fd44e5e333ed90ea7943fbd1122609ec8ff6bb25e42e9914f5920fc72c4d013b6a9685c996fbd8352aafb184c22d9e47871a5280e4ab7dd6a5cfd10a5994a200f670e0b622a9394d4793d0a420e7d8806cb127c7ac690d45a2e94166cea672bcd982b0e9baad56312d2570ddde7e0b9e7f47136f0481d00f66a2aaca4d1b09d7ce6c5a98a76b68cd97d5793968d667073f8217f9054735340f9b149c0dce845b099e88d0709680f0f77603ff0a2331c558fc36d5f24da9a62d69af5190d21b5c857a1e08f014c6d456468665a7f845c66f9111f9c098c68940efcd87b657070cb9164bc9743aceb7439a0d01c0062a11af2e11349397f5d152872b13c5ab32f51cc58f1475ec82ac671561dcbd343cfb3c5f78d0fc73053c6004b0a4ca3f2043ff4b0c54275c4fcb9cadc6baabe57b1d5acd531e972ef9335136cd1d65512ba1f5b6ccc4b66b4250aafa2967dd4211a2742e0f177d8f4063899f61815cbe6d8fbfcdf74812bd40cc10084e46a99ac128058eaf16a49a24b6ae228ecf0109c52dfc06e37d6a333bcb24aba312164c6c0290485d251280538ce9541c0916640e36d6929dcd9588eb99577f5f6d82bcbb198826267e49f5daff2c0d: +2269a5d8f7ac2cd9048f5f49e349e5c435a159b319fe3b30bfac8d0d505943f41c817943dc39c24b01da38a487b175482460c609e4726349a9aa7aea9bc0fb34:1c817943dc39c24b01da38a487b175482460c609e4726349a9aa7aea9bc0fb34:7153d4d9e641aa61920db0ff4bd537a6d6130a396554cc94537698f9cad16b99eebefa5f2776f2feaff6bd9a6904120c67e0883f6b96bbbb195e95aec753b699bab3d03944c13c72fc84e3f2cbf6296f645549111c93fae1a759bfcd16fc09e60bb9785535ad27da244ef2f857f2de99a6e92188890e452c7f5b9e3a4b968e11743b6fc7faf1275e5360a5468941797894d770fa7da364a337302239fe83ae0b0d084aa12acdc63462524e0eb10fefe81ba96f71f275f3449a3f8db21d58749a38853d39b0ad8e69891bd204dfca8f6c239dc9a0ac27f54db4238d4706df11d607369dc7f704da1d39f2e82af8c283d220c12431f56d803069b4acb77081c031ae3319fc77fca7845097fd727ad0d080895bba23e873d2def8cdc216c3eed61b08761bb9ebce0282cf502aaf6ce7e8c058637958c3ea1b72fe6e8df8d37ac055db6992587fabbdc467f52475644f918863af620492f34680f2056cbcab75e2323626c094759c0e0e99ef19759527250646ad760120ba386699d53934f956b8bbc7395bb496ceb2dd223c7b501b92d36a95f8f0a02eb5ba4dddf166b9b95b4a59e72a30c63cf21e6085751923d54b30281e52a09618e6f023ba0a21675e7f989b8991588c96c2b56a78f5d2945a7baeb6a0c1bbd5d95af3ee830f5809c794a15ab4b5f89dd2be2dfdcd8fe0520fda2b3f02a1ac0155:be0fb3308a076a61a4a92a97f6ac55327190e1341d6dd410d86b41bdaf2d3374093ef720bdb77feb7014e0f77d3b809623c7ca53e2ae4b097113e96db77a2d087153d4d9e641aa61920db0ff4bd537a6d6130a396554cc94537698f9cad16b99eebefa5f2776f2feaff6bd9a6904120c67e0883f6b96bbbb195e95aec753b699bab3d03944c13c72fc84e3f2cbf6296f645549111c93fae1a759bfcd16fc09e60bb9785535ad27da244ef2f857f2de99a6e92188890e452c7f5b9e3a4b968e11743b6fc7faf1275e5360a5468941797894d770fa7da364a337302239fe83ae0b0d084aa12acdc63462524e0eb10fefe81ba96f71f275f3449a3f8db21d58749a38853d39b0ad8e69891bd204dfca8f6c239dc9a0ac27f54db4238d4706df11d607369dc7f704da1d39f2e82af8c283d220c12431f56d803069b4acb77081c031ae3319fc77fca7845097fd727ad0d080895bba23e873d2def8cdc216c3eed61b08761bb9ebce0282cf502aaf6ce7e8c058637958c3ea1b72fe6e8df8d37ac055db6992587fabbdc467f52475644f918863af620492f34680f2056cbcab75e2323626c094759c0e0e99ef19759527250646ad760120ba386699d53934f956b8bbc7395bb496ceb2dd223c7b501b92d36a95f8f0a02eb5ba4dddf166b9b95b4a59e72a30c63cf21e6085751923d54b30281e52a09618e6f023ba0a21675e7f989b8991588c96c2b56a78f5d2945a7baeb6a0c1bbd5d95af3ee830f5809c794a15ab4b5f89dd2be2dfdcd8fe0520fda2b3f02a1ac0155: +e965b3f257356685c98b42b964a253fc495399cc94b099c2445fc81c759c68e5689f5410c8e0f4d37bc07c85d7cce6c9b63601f9bdafecaa448a5eed64afc8c6:689f5410c8e0f4d37bc07c85d7cce6c9b63601f9bdafecaa448a5eed64afc8c6:6f20a9ad27e30dac76b30d4c19a5bd6dfd6d049213f4becdd963d72b8b2dad687b003808201d50f7dd6e599ef58ceb6068c545ed99b9e763f9b0ec1db5fcbd7d490a121ecec6bba1eb5edbd6de85364707c55e300c8b16bb2530f70898136689c988591d5391d9cc347d7931061a9b7696e2c9f35bc0d304a81c2cf954d9c3a88a22e1d67bbe0a85308477f62918c25db504e4762f0e3b4246007908ac701779006b77d72510edc69e17d0f6394c77e5551875a446f81233415d0a91a0460b51c413d644e850f8557281c46699e53b22a7c73b068ea38652cff3b0a7b8ba30971eab18fdbbd8739ee1ee0cd5cbfb7d5d41757b6331271fb7809751e203513c9970f66d91bc0ce062f4fcb28be0a699867b79594c6458a0d307acac91f413c4615877dc53e1b018da5cfce1b63f40be1e55274c4374cdfc21524499a683a231adef779d1921440e5d3fdbd5033dc983cfc931abe638c35d5a95869e9fe3d93eb90bd1861f855ce1f608b7bcad6b5e1bd97edc95ed5ddcbcb715d919f5ff77df2da438f7a3a98286dbd5b6e043fc7372f69704f09d865530f4f0edd3300f185b6d73d8716d32d32b1c9ac2ddf4f902d3f216d35a33f368095ded10be94bb53d6f256560fac2f4af0edf5c5c702143777126e7de32d07493932662129ba0e7fc7cfb36fd2ca531646e8cd2211854fc510af3b1e8cafde7a:8d2bc4e1cd256aad8a151dec010dc93a5e5cca58298dec49cbc9c4717b5cfb5460d430be726b0f302cbd926beea19aa3c93aeb452a44f6007af49adf2f05bb046f20a9ad27e30dac76b30d4c19a5bd6dfd6d049213f4becdd963d72b8b2dad687b003808201d50f7dd6e599ef58ceb6068c545ed99b9e763f9b0ec1db5fcbd7d490a121ecec6bba1eb5edbd6de85364707c55e300c8b16bb2530f70898136689c988591d5391d9cc347d7931061a9b7696e2c9f35bc0d304a81c2cf954d9c3a88a22e1d67bbe0a85308477f62918c25db504e4762f0e3b4246007908ac701779006b77d72510edc69e17d0f6394c77e5551875a446f81233415d0a91a0460b51c413d644e850f8557281c46699e53b22a7c73b068ea38652cff3b0a7b8ba30971eab18fdbbd8739ee1ee0cd5cbfb7d5d41757b6331271fb7809751e203513c9970f66d91bc0ce062f4fcb28be0a699867b79594c6458a0d307acac91f413c4615877dc53e1b018da5cfce1b63f40be1e55274c4374cdfc21524499a683a231adef779d1921440e5d3fdbd5033dc983cfc931abe638c35d5a95869e9fe3d93eb90bd1861f855ce1f608b7bcad6b5e1bd97edc95ed5ddcbcb715d919f5ff77df2da438f7a3a98286dbd5b6e043fc7372f69704f09d865530f4f0edd3300f185b6d73d8716d32d32b1c9ac2ddf4f902d3f216d35a33f368095ded10be94bb53d6f256560fac2f4af0edf5c5c702143777126e7de32d07493932662129ba0e7fc7cfb36fd2ca531646e8cd2211854fc510af3b1e8cafde7a: +bc3b1e0bf8d69ea5b4cbbf10bb33fc955adcbe13fc20af8a10872ce9df39d6bdaccd2628155919bbc7f9d86f91dafec35c711a78c79ad360eddb88fa8a180b2d:accd2628155919bbc7f9d86f91dafec35c711a78c79ad360eddb88fa8a180b2d:4c73e04abe0819de1f84d70541eb1bb61c4f42920e1f2d1d9e6281a8a2e8b3eb45537d83969027f99ef0ea27ca085b13f9db480f00c02f3fd7429dd567708953bbf3b9e8e2c6ac4d321ff8f9e4a3154723085a54e9c9573cc7350c09f8973f948b08730373597a5fd0349821ae0a3cd6c84992b189128f3490987e1e9ad4f6574ca538fdfd83284c1eb0953f24c08f74932d4364dbbef922542440dae80424a92eaef27c1889bd08c44f9df03a3af30dffb48fae445e625f4d9265cf387a1da35fe4c231504535db72ea81a186805f856ebe6a6a65241432530fe6c960c5f9be6c22957060304e9dd8efbc1e482e7ddbd8af03bf2382899c986d916611e4f27ae52f817ef01b6a141fe4f685d94dc8cd52830043934587704c1e642e8fe56be6d6b85bf4a6feb2b6858f1f007f99d39ea04c9fe5fa7ef1b91f495ed0e7fa4213dd68cea42b6729f95031907e27c44098094386fabfb04ab9b4de3d6861de462312c59b27c76f7b6a4fc71ea0d5daf6b7320521a67e5cb37504976ad73dae2d649feb75e2eadd3401a7f2f36e16dfbfbdb2af5716cba1bce20cd47ce1c1d7be00697001fbbeb4915aa6e5393b5ab20e0f31f5119149a2cb4c4d452c8156113ac7824f84f09aeb81202e8dd3dac0aa89399b5a38b1e218301960a37d52632eeaefe3687455464288eb17d9e19a3a72ed9de32c17be79a3b9:6ef7f0e91f2cc6715f8e5a98574b4400c261a643e0545ff26747f8e1739899d76640b6451c43c1d03a4775b54fcf9bce18ed3fccad338b7764024fdfa2de82014c73e04abe0819de1f84d70541eb1bb61c4f42920e1f2d1d9e6281a8a2e8b3eb45537d83969027f99ef0ea27ca085b13f9db480f00c02f3fd7429dd567708953bbf3b9e8e2c6ac4d321ff8f9e4a3154723085a54e9c9573cc7350c09f8973f948b08730373597a5fd0349821ae0a3cd6c84992b189128f3490987e1e9ad4f6574ca538fdfd83284c1eb0953f24c08f74932d4364dbbef922542440dae80424a92eaef27c1889bd08c44f9df03a3af30dffb48fae445e625f4d9265cf387a1da35fe4c231504535db72ea81a186805f856ebe6a6a65241432530fe6c960c5f9be6c22957060304e9dd8efbc1e482e7ddbd8af03bf2382899c986d916611e4f27ae52f817ef01b6a141fe4f685d94dc8cd52830043934587704c1e642e8fe56be6d6b85bf4a6feb2b6858f1f007f99d39ea04c9fe5fa7ef1b91f495ed0e7fa4213dd68cea42b6729f95031907e27c44098094386fabfb04ab9b4de3d6861de462312c59b27c76f7b6a4fc71ea0d5daf6b7320521a67e5cb37504976ad73dae2d649feb75e2eadd3401a7f2f36e16dfbfbdb2af5716cba1bce20cd47ce1c1d7be00697001fbbeb4915aa6e5393b5ab20e0f31f5119149a2cb4c4d452c8156113ac7824f84f09aeb81202e8dd3dac0aa89399b5a38b1e218301960a37d52632eeaefe3687455464288eb17d9e19a3a72ed9de32c17be79a3b9: +10718fa6e2d7f6ed38fd66cb6dbfa087e8f1e8a8a24fab58d79d7954b8720c3e870d4f666d06fda9f9511b58602eec050d754ea6d8e79cdd19f601c477df1aa0:870d4f666d06fda9f9511b58602eec050d754ea6d8e79cdd19f601c477df1aa0:41259b6eef13d6ffe33cdde799b995c40be782cf978440b66be51c440582abd42f526696bb3cb92265b1ed0e4bba764cae2839830a252635dc80ce5f73d521b3d6ff03ac30e198ad20567e75a34fa825ebf9841508da84cd674236ca7b43de3564c94ab079408fd94137ce3f90a5dd5d3ac39a05ec86715a8f025e4539a7640ab88836f4efbabd5e1652c49ea21613acfe343a880ee5a42f2f9134ef4e3716b16d134a9c4c71c39b3c1a857d3c89439783eef1edd71bf4492d05fd18673a5242ff4187b9de47ad4968da49dba5a6092e95ea27ddfc7448dcf5972d9d228d63e5291ba6e6fbd07e3241f9366ca4976bb04b22d01f0dbae794fa9c1d9029f88a83602b0e0ec55e22c37b201125cadb5341ef73f6da1abbe2b1c475f0750345b1be4259d8c28531ffe7788667c410dac339918c869b00ab80f20bf7990d366f9b3d5e8eb2f48d7ed0e64b85dc9fe3bb998b1eecd1231e902d2d152e09da2d2592bdb32c8cd2e2c489496b2980c03dbb09ec7f8a4ea2c7020f2a0faa657cd6ced48d6da27864cf5e97eea9b3c2f0f34abf8d87bd2adeb60c7272fc4306d955bdc8023d7d3dc2f3dafe9ebe8a8d138965a7f6ce93517cd2099663f67c34552176ddb595ac6ea5609febcf24c7d69d412709e578670a21ac8afccb8bf2b18ff3af7de21dc71d50d60d37b6ed729db04beff7d34b2920d87551ce15:e1659186f1f76fe43ac8a11703360fbeff53b5e57b5974aaa08e2575579c27084cf6802e7c206347314475b603197494e7d61fe4b1ee7b78e18d94469352df0c41259b6eef13d6ffe33cdde799b995c40be782cf978440b66be51c440582abd42f526696bb3cb92265b1ed0e4bba764cae2839830a252635dc80ce5f73d521b3d6ff03ac30e198ad20567e75a34fa825ebf9841508da84cd674236ca7b43de3564c94ab079408fd94137ce3f90a5dd5d3ac39a05ec86715a8f025e4539a7640ab88836f4efbabd5e1652c49ea21613acfe343a880ee5a42f2f9134ef4e3716b16d134a9c4c71c39b3c1a857d3c89439783eef1edd71bf4492d05fd18673a5242ff4187b9de47ad4968da49dba5a6092e95ea27ddfc7448dcf5972d9d228d63e5291ba6e6fbd07e3241f9366ca4976bb04b22d01f0dbae794fa9c1d9029f88a83602b0e0ec55e22c37b201125cadb5341ef73f6da1abbe2b1c475f0750345b1be4259d8c28531ffe7788667c410dac339918c869b00ab80f20bf7990d366f9b3d5e8eb2f48d7ed0e64b85dc9fe3bb998b1eecd1231e902d2d152e09da2d2592bdb32c8cd2e2c489496b2980c03dbb09ec7f8a4ea2c7020f2a0faa657cd6ced48d6da27864cf5e97eea9b3c2f0f34abf8d87bd2adeb60c7272fc4306d955bdc8023d7d3dc2f3dafe9ebe8a8d138965a7f6ce93517cd2099663f67c34552176ddb595ac6ea5609febcf24c7d69d412709e578670a21ac8afccb8bf2b18ff3af7de21dc71d50d60d37b6ed729db04beff7d34b2920d87551ce15: +c1d4724c6cb1bc6723b2b43034278b3c5b48fed7f8a3cc2318033e7552047351c27e392e7c3664b9061ea76d2575dd7c41eaf1da3a65f3a986e0a57f6c40c17e:c27e392e7c3664b9061ea76d2575dd7c41eaf1da3a65f3a986e0a57f6c40c17e:deee99d7a77d4300c17aec1ab323c571c6e9e73a43491a3c7888b76fc03ec43d07af42a05a2aa322d00c8560acef314106b10b9bd12654357ffa26f2390050da63d668c9e2df548f87639e096a35853f82e761fd711d2a265438f5d4db5e32775708150da6cb686a2b4ca211d7f00dc0abcb2ca150e791116a10a5efcff3514dab8ed80a7092c3a015152cb25d9f86ec0d1ca67ddab44d64eeb1f931bfab2ab188956c743db4814808c5cde1b0745b3edd340eb03ffcc80a78f3db310f4f5c20009fc0279c2c1bcb3cedf990bd0e20c6f9fb7515ad6e933b07e99da6ac32b97141187ef63bdb1062e37220a4dcd419d6244cdcc34ea41d0bcbc3138b1d54aefc0190e30b187db073aa7d6cfe04bd3fd2ac00313e3ddd64a181935ca4b8b2a85d36bc27d97b7626767b93ee38def8b6b2c8da9b00263614342faa9d3e738d2713c45ffbeef8c84bcdbc8da4309c8445530f5c617dc866251f548950a14f075aa3117f96e41f899dbe7340b1d90a1352d3b8fb41b79f16a82bc2e4a193b8a7232400996b73b1fc00b2ec1c667577f82824d39fb7f6e7692dcd97b1d8ce94083ca197e9a5d40fadff0b9ac57e9de761c156e6d31d52c332d513e9f58697dcbdd80a5e42c551702c3de7beccc3db845b1a04c8cbd41695ea7428abba89e0dce3e3d9e70230ae9147c2b88559dc695d6809a51ccbc1dd9e089c585f:d37a6ec82ed45ca9b4855de9cb942564e883ff70a79b8e712d5f604ec8974de5363ac849cbab28e7aeeff28ed3f2d14b608b3146c2efe0735ad815c7d75a1a01deee99d7a77d4300c17aec1ab323c571c6e9e73a43491a3c7888b76fc03ec43d07af42a05a2aa322d00c8560acef314106b10b9bd12654357ffa26f2390050da63d668c9e2df548f87639e096a35853f82e761fd711d2a265438f5d4db5e32775708150da6cb686a2b4ca211d7f00dc0abcb2ca150e791116a10a5efcff3514dab8ed80a7092c3a015152cb25d9f86ec0d1ca67ddab44d64eeb1f931bfab2ab188956c743db4814808c5cde1b0745b3edd340eb03ffcc80a78f3db310f4f5c20009fc0279c2c1bcb3cedf990bd0e20c6f9fb7515ad6e933b07e99da6ac32b97141187ef63bdb1062e37220a4dcd419d6244cdcc34ea41d0bcbc3138b1d54aefc0190e30b187db073aa7d6cfe04bd3fd2ac00313e3ddd64a181935ca4b8b2a85d36bc27d97b7626767b93ee38def8b6b2c8da9b00263614342faa9d3e738d2713c45ffbeef8c84bcdbc8da4309c8445530f5c617dc866251f548950a14f075aa3117f96e41f899dbe7340b1d90a1352d3b8fb41b79f16a82bc2e4a193b8a7232400996b73b1fc00b2ec1c667577f82824d39fb7f6e7692dcd97b1d8ce94083ca197e9a5d40fadff0b9ac57e9de761c156e6d31d52c332d513e9f58697dcbdd80a5e42c551702c3de7beccc3db845b1a04c8cbd41695ea7428abba89e0dce3e3d9e70230ae9147c2b88559dc695d6809a51ccbc1dd9e089c585f: +37c070d4a53b13be760635110d1bd4f01920225afabec576faaec910f2926d1a0aa85f2ab1dff895d1fad0c119f2bf57126aab601c528d37698e97702d35f525:0aa85f2ab1dff895d1fad0c119f2bf57126aab601c528d37698e97702d35f525:10c646447f81ad94d015d86d0d98b2452dca60a47ab35264035e33a0942b954e3e23b91d8123b8593c6af7c8d3ecd290e0e5ee36fd4e53b7be633a6cf027a5ac3f0f679eb1bdd210a38ea6e48b0558e303010af474e7f6df2a4e457699fc38e36938b05ffcaa1b694e32f3d1b2cc5d00cf256f12184c873e519089ec1df15b0dc76e7bfe90780df58136fe597fce894ca563e08efa0f2d4d208bede9a874882873d251baf019fe46d1d6504b3bcd243b795351f34d2e7606aa975528ee50d59efb6ee6992a89b2426956c2ca4247e0df0129852983e9767a8eed1bc7335ffca8d0289f04807f67ca7da971f58db8b9bc9fdbe4f83cfe9a00f1ca584798bc71d851ff7cd6c51b8990aaba4d38b416b92240dfb70ee3c12b5e731057762ef90823fbf683ca06d05c20d3ae2b97a83ebe70ae17afff9d16609d546d8d3c74bc281884894f3d49e083f10ae7c11c1dca0effefcfa6e0f1535081fac3a2819fd2e3265527182ae9d391b232bb7542e68455cd267760db652d19e22fb2ed11cd1305ba8d98c1ebf2d1969b24d64f3e319af74e092006d2a3ff744872a20ebf18d17748ab7110805096ea136bce2f968b205e650b803c531d06775ae5ceea28bb92e9a0edec8951ce2009a88ee1b64d9b9e89f69051203384210a102a44d2d6703173b68507dceadd3bf6510df2a5cefd9c80e4f385b2f9e6215813ed32:9da60cc4a64d07dee1346bd3d3010995ce2738208ab35b34c2a8fd1787ae3a1e207fe784525154fae4f5794cd8503045fea85cf77fd92f6a70cd0c5a52c0810e10c646447f81ad94d015d86d0d98b2452dca60a47ab35264035e33a0942b954e3e23b91d8123b8593c6af7c8d3ecd290e0e5ee36fd4e53b7be633a6cf027a5ac3f0f679eb1bdd210a38ea6e48b0558e303010af474e7f6df2a4e457699fc38e36938b05ffcaa1b694e32f3d1b2cc5d00cf256f12184c873e519089ec1df15b0dc76e7bfe90780df58136fe597fce894ca563e08efa0f2d4d208bede9a874882873d251baf019fe46d1d6504b3bcd243b795351f34d2e7606aa975528ee50d59efb6ee6992a89b2426956c2ca4247e0df0129852983e9767a8eed1bc7335ffca8d0289f04807f67ca7da971f58db8b9bc9fdbe4f83cfe9a00f1ca584798bc71d851ff7cd6c51b8990aaba4d38b416b92240dfb70ee3c12b5e731057762ef90823fbf683ca06d05c20d3ae2b97a83ebe70ae17afff9d16609d546d8d3c74bc281884894f3d49e083f10ae7c11c1dca0effefcfa6e0f1535081fac3a2819fd2e3265527182ae9d391b232bb7542e68455cd267760db652d19e22fb2ed11cd1305ba8d98c1ebf2d1969b24d64f3e319af74e092006d2a3ff744872a20ebf18d17748ab7110805096ea136bce2f968b205e650b803c531d06775ae5ceea28bb92e9a0edec8951ce2009a88ee1b64d9b9e89f69051203384210a102a44d2d6703173b68507dceadd3bf6510df2a5cefd9c80e4f385b2f9e6215813ed32: +1126496a582ce58d3d618dd8a3933547aa7a8a30fb54063b8dfdd31671c6c73de10229c623fa8ad8982c3e4c36ff52df0f219b57915b6e980e5fe72ea0962e22:e10229c623fa8ad8982c3e4c36ff52df0f219b57915b6e980e5fe72ea0962e22:6a4b52d730ddab829b2a179590cbd4c372498e9f439977c0a10dc13c0ae1736eaaff063371434fd0da80360ec5890607d2fae1c9a2e1ab0b7f3d667f5b1b9c418f18b10c9e6fd669d3ebec168efef44163e577a2ebd0f2cb768f80c23188e86069e4d10f410306cedd7a341a61e0f4f3bc25041bc2f922ed073e1e2f1b709c579d10630f33071754d707894a1c62190de18882c564dc4c01dc545dd8966404ed78fa3267a9469f63b6120abb65f9b3ba3eee28d79c2eb4e7020cc6987dfc5c29672f8c0fa3e690d584fe000c64f352610179621bfd5ff3eb30d18f1a0250416db93b1c1e93cf8a3646517560d1cc8fff822b51ef27b200e987b592390753453ef138bd3d29db7cb1b5f45e4795b89c53f49704192752237c6ab274849f9594ee9777f6efe70483129d067f97199d9ae36090703864f7ca4750a6f3b6ff83824c910484394d1e2eceba18446fe4e994ce07433a740ddd05f0e396d482894e6f14acf7b97bae6c7eb88703039fa785d60a3af78b13243a4f88dde1d998617f2e3fa7eafc2f435dd4ac1ea9c238407aa09b4eea8ed434927b406674ac270458cfb3bf29c347f94559613179b9502192321b88e9af0a90e9a4ab9eddaae382e3734d1415ebe32499c34e6fdeaf15b0d9787985e08dfe495460c54f6743d81ff16881e5e30c51f4b092373783f12423c3e1ae8591130a269980caa1cb5c:b30eb56ca9b120bf849a3a9d56af033de8a590c9e1240c1e36dbc6cf0a71b78a11ec143fb9959a8f25b57711d6a90a67e01be3a4da2b69394869bb8d64b87e0f6a4b52d730ddab829b2a179590cbd4c372498e9f439977c0a10dc13c0ae1736eaaff063371434fd0da80360ec5890607d2fae1c9a2e1ab0b7f3d667f5b1b9c418f18b10c9e6fd669d3ebec168efef44163e577a2ebd0f2cb768f80c23188e86069e4d10f410306cedd7a341a61e0f4f3bc25041bc2f922ed073e1e2f1b709c579d10630f33071754d707894a1c62190de18882c564dc4c01dc545dd8966404ed78fa3267a9469f63b6120abb65f9b3ba3eee28d79c2eb4e7020cc6987dfc5c29672f8c0fa3e690d584fe000c64f352610179621bfd5ff3eb30d18f1a0250416db93b1c1e93cf8a3646517560d1cc8fff822b51ef27b200e987b592390753453ef138bd3d29db7cb1b5f45e4795b89c53f49704192752237c6ab274849f9594ee9777f6efe70483129d067f97199d9ae36090703864f7ca4750a6f3b6ff83824c910484394d1e2eceba18446fe4e994ce07433a740ddd05f0e396d482894e6f14acf7b97bae6c7eb88703039fa785d60a3af78b13243a4f88dde1d998617f2e3fa7eafc2f435dd4ac1ea9c238407aa09b4eea8ed434927b406674ac270458cfb3bf29c347f94559613179b9502192321b88e9af0a90e9a4ab9eddaae382e3734d1415ebe32499c34e6fdeaf15b0d9787985e08dfe495460c54f6743d81ff16881e5e30c51f4b092373783f12423c3e1ae8591130a269980caa1cb5c: +9c167aff3b1b788f133d422de8ca9a64316409f9e35bfe22032ec417ae9abc6defb534f0d47c068e77b28a906d95ad8d213a4d4fc1c70542f01e596d57b5f019:efb534f0d47c068e77b28a906d95ad8d213a4d4fc1c70542f01e596d57b5f019:68ac0fc2b607ba38e377fae845c808c8f9fa614eb1f31158a9620a937d3e301e85acaa69144bc349a39dfb582041c4a197ae99b4d4d59b7a2ca3d16228b5591cbf57c18a781efd19193c47b16c6023a3a8ba3d668f05a37f1e83b0d7febdd10f63e48ef7a20e015b1c6725d4c300a986c60e3a115469c8e52ba05b51c05d0af40d89fd9ed76f36950aee3c7819898a903cfe0361a91c69100b495141e86ee79d63d17403fb1a1629ef63cb7e9d2720cbfff0002b190bcdc26794124dd38d42bcaa7175405eb0bbcf8e37d65d05a37195b479371fa2bbbb167d91cee88235dd72ea88fc73ce3ce43d33b715f25f192ec215dac124899c5e7586e86340d8cbe53735defbe02e4cc9fde69fb9794d1db72b98c0f19766ee5138bbfa78909aa299b4913c499deaf54b4841d5044829984936700dcf92f36542b2fc7e86441b9925f5d0b78c17a85cfcfcb20b0fd751349c27463abde4d27df74265288713f96dea013b945521808b4996b1b2dc0338b6d236efd6d2b27dafda46ec5fa32b965e8bb5e8bb61bd966edeb774681e0ea8c17b8c99fa7d660f0f66c9bc6d95cbd7dc094724098eb05191b53a3df6566b9c90e0d7dff2943848b61a20d48c22b6d3c958e293d709c8f48110230ff51918562877daf6d920c85a82e07c451fe7ae9759c0a77e97bb298b5d0592a41d08f67a4ed5a1bb41e937b6a68aeb38fd5be9:c9ae67fd6415dcbab292fab394ca6c3b7d90ca244dc6a7764e74fd202bf4b2905bd2030e6beb914c3c238db371b1cba6d9261aa392ec871a4b8b12fe9c1c970e68ac0fc2b607ba38e377fae845c808c8f9fa614eb1f31158a9620a937d3e301e85acaa69144bc349a39dfb582041c4a197ae99b4d4d59b7a2ca3d16228b5591cbf57c18a781efd19193c47b16c6023a3a8ba3d668f05a37f1e83b0d7febdd10f63e48ef7a20e015b1c6725d4c300a986c60e3a115469c8e52ba05b51c05d0af40d89fd9ed76f36950aee3c7819898a903cfe0361a91c69100b495141e86ee79d63d17403fb1a1629ef63cb7e9d2720cbfff0002b190bcdc26794124dd38d42bcaa7175405eb0bbcf8e37d65d05a37195b479371fa2bbbb167d91cee88235dd72ea88fc73ce3ce43d33b715f25f192ec215dac124899c5e7586e86340d8cbe53735defbe02e4cc9fde69fb9794d1db72b98c0f19766ee5138bbfa78909aa299b4913c499deaf54b4841d5044829984936700dcf92f36542b2fc7e86441b9925f5d0b78c17a85cfcfcb20b0fd751349c27463abde4d27df74265288713f96dea013b945521808b4996b1b2dc0338b6d236efd6d2b27dafda46ec5fa32b965e8bb5e8bb61bd966edeb774681e0ea8c17b8c99fa7d660f0f66c9bc6d95cbd7dc094724098eb05191b53a3df6566b9c90e0d7dff2943848b61a20d48c22b6d3c958e293d709c8f48110230ff51918562877daf6d920c85a82e07c451fe7ae9759c0a77e97bb298b5d0592a41d08f67a4ed5a1bb41e937b6a68aeb38fd5be9: +e9948805eb341b2867479c668fd3532c309941c0ad4cb2e54231756e6a1bdecb5447a8e34d6a640002d8d60bcf1ddc711e4c465c94c34b50bdef358960ff81f1:5447a8e34d6a640002d8d60bcf1ddc711e4c465c94c34b50bdef358960ff81f1:91cffd7eb1cf6bd4756bce6a30af9dfba26ddd1cce0394c194a3e39cc3d1cbc221b7eb70bea18d29c267457176a3c9e53c18e47d10a67c464505197702e6b2470d38869db5174b158f9992e4435d02246f540258dedd3ce33df582555a681fb76ecaccb1c2989b177e3b7e454aaa529de59bf5a03123d571df2e7f7cb830805c58b74a653bac0e5a888e08dc2236d6cd496aa06d0d67cf3b335e218c49dedad82fc1be9ef20cac61905c30eb132d739b16ca8a8c906619c0e0d8b33985327e36f3d4b8fda387c186cc50443104db761f7ff9301270204a713e58902101fad000ce931647c577fdec148dca95cdc08918ebed037c60332fadf088f036083ebc92e173b7ddcc30c493f27e69cd17a20d30b78f83a72e4f5a747d86d96c5e1bb7a438166204013e2164d6aabc0d562f54015c365c80445607145e5692ee34f6353077fab7452d88ce3eb01d2b3797dc91b341a3a726301516baae18e851f74dfbdf0866bb2376867de55231e362c472c52116544cd4f81e93571c4ec820e7e653f4e21be0a942576c9de91e7d1251683d859de448f822dcf3d2cf55ede2f9c71b6063d1373061f8f5936b698d1384e65459ea2bc26ec96775ef425207432dda0ac1fe28526c5e4559349c3d8df9918230f4044683cc2c1b858d141ab8d0805bb9336067522aa89c810f3eaa7ac2d8dd28c3751225a19ecec8bcca52439946:d3dc62d6ce9c766f2abaf9a7fbe09d6bdb07a4747b56080db09beb4a4e804a70d7ddf4119475c7be834f31956f4a71dad029cdf2363dd0365ce22dc27f07800391cffd7eb1cf6bd4756bce6a30af9dfba26ddd1cce0394c194a3e39cc3d1cbc221b7eb70bea18d29c267457176a3c9e53c18e47d10a67c464505197702e6b2470d38869db5174b158f9992e4435d02246f540258dedd3ce33df582555a681fb76ecaccb1c2989b177e3b7e454aaa529de59bf5a03123d571df2e7f7cb830805c58b74a653bac0e5a888e08dc2236d6cd496aa06d0d67cf3b335e218c49dedad82fc1be9ef20cac61905c30eb132d739b16ca8a8c906619c0e0d8b33985327e36f3d4b8fda387c186cc50443104db761f7ff9301270204a713e58902101fad000ce931647c577fdec148dca95cdc08918ebed037c60332fadf088f036083ebc92e173b7ddcc30c493f27e69cd17a20d30b78f83a72e4f5a747d86d96c5e1bb7a438166204013e2164d6aabc0d562f54015c365c80445607145e5692ee34f6353077fab7452d88ce3eb01d2b3797dc91b341a3a726301516baae18e851f74dfbdf0866bb2376867de55231e362c472c52116544cd4f81e93571c4ec820e7e653f4e21be0a942576c9de91e7d1251683d859de448f822dcf3d2cf55ede2f9c71b6063d1373061f8f5936b698d1384e65459ea2bc26ec96775ef425207432dda0ac1fe28526c5e4559349c3d8df9918230f4044683cc2c1b858d141ab8d0805bb9336067522aa89c810f3eaa7ac2d8dd28c3751225a19ecec8bcca52439946: +b01753efa73bb3de7aa778be7afcbff66a5d3e2c2f8b5aa2b048844050996965d0cc6cf109c999fbf6d16f471fafd0232b0a68d4c46406ec7545dbaba8194158:d0cc6cf109c999fbf6d16f471fafd0232b0a68d4c46406ec7545dbaba8194158:684e612f27eead0d34844cc81ba911c28aaf6d66e71229e8cc3462f7c7a050daa30cb74471150f07dad459b5a91358476c0598255d8a642dd7c0802811bd88e4cac597efe41ebd96cd0f3b5ce72db4be1a3dbd6b84f5446e3da600d3b1d2b460a009bd31cacd98a91518ce33e9a703d404288736ccc43103fc69e67974f31652fa3dadef3337f6c897a3d201303c8f03597b4a87c98f291ccd58a3f1e898332aa5993b47fcb5ddaa1c0868b643742d0e4a4b9cd427038b3b74999bc89ac3484c0ca13f25aae8e78ae1ccee6218accab81a4f694f5324a347629d49b55e4037504a9acc8df58c6841dddcd4fc4347f7b6f1fd9de0564577e6f329ed951a0a6b9124ff63e22eb36d3a8863bc1bf69cea24c605967e7d8948953f27d5c4c75f0849f872a3e3d16d422fa5a11e1b9a74df6f38b90f277d81fce8437a14d99d2bef189d7cac83ddc61377ed348b3c4fc09ec2b9005925d04a71e26d641667bdf549294331c6ea01cd5c0bd1b6a7ecfda20b0f1929582b74697cb262c3927d6b223f4b5f3043aa6eb4571a78e9da11c2b36f64552580caa7b5fa6b90f929e0162e608d1240d7242cd2f47025c03debe059b1dc94770232bc6765148480bb1d9f50da1ee6448cf9c88b19dd459932c06ed811c4a64a12d5938bd1c757bcfaeaee8933fe5fff21763de740482bcf1ba59afdc8fcf873c3d507bb394e32e45f736519:16b7421227ae09130685cbb1a0c60aa57a5e1afe1bbe6bacea0c281bcc8998e6824a772c3208a6b6b4d236695505c9be82700cf93a783985a39e16e377a7410e684e612f27eead0d34844cc81ba911c28aaf6d66e71229e8cc3462f7c7a050daa30cb74471150f07dad459b5a91358476c0598255d8a642dd7c0802811bd88e4cac597efe41ebd96cd0f3b5ce72db4be1a3dbd6b84f5446e3da600d3b1d2b460a009bd31cacd98a91518ce33e9a703d404288736ccc43103fc69e67974f31652fa3dadef3337f6c897a3d201303c8f03597b4a87c98f291ccd58a3f1e898332aa5993b47fcb5ddaa1c0868b643742d0e4a4b9cd427038b3b74999bc89ac3484c0ca13f25aae8e78ae1ccee6218accab81a4f694f5324a347629d49b55e4037504a9acc8df58c6841dddcd4fc4347f7b6f1fd9de0564577e6f329ed951a0a6b9124ff63e22eb36d3a8863bc1bf69cea24c605967e7d8948953f27d5c4c75f0849f872a3e3d16d422fa5a11e1b9a74df6f38b90f277d81fce8437a14d99d2bef189d7cac83ddc61377ed348b3c4fc09ec2b9005925d04a71e26d641667bdf549294331c6ea01cd5c0bd1b6a7ecfda20b0f1929582b74697cb262c3927d6b223f4b5f3043aa6eb4571a78e9da11c2b36f64552580caa7b5fa6b90f929e0162e608d1240d7242cd2f47025c03debe059b1dc94770232bc6765148480bb1d9f50da1ee6448cf9c88b19dd459932c06ed811c4a64a12d5938bd1c757bcfaeaee8933fe5fff21763de740482bcf1ba59afdc8fcf873c3d507bb394e32e45f736519: +4f4b20d899366f2f23ee628f229b236cf80f43ba183177c97ee34829546f1742c94576641f4a893cdfcee7b39fc21929b86b349976d7b0a46d39a588bcfe4357:c94576641f4a893cdfcee7b39fc21929b86b349976d7b0a46d39a588bcfe4357:db8ef02e3033e6b96a56cab05082fb4695f4a1c916250dd75173f430a10c9468817709d37623346ae8245b42bda0da6b60462ccfdfc75a9ab994e66c9ab9fecdd8599610910affe4f10215cb280bf8f9f2700a444796dae93e06c6bea7d8b4fe1301baa79ccec769368feb2442c7de84f095e6b3bff63d388cbafb2b9809dc38e9b12ebd039c0a57f4d522e91ec8d1f2b8d23a4a0ae059af85393bb0a15f749110f6774a1fd731a6ec213e4ff435daab546d31ed9ec3b6d8cc2edacebf4facc5566556eea92e5b3f2542239b25e28012dd4ef40072eebf83ed2a255181f3a442189d68c6c609f4dfdf3db7d67d087a2fcd6d2dc50bbfed8bfbbfcb74d3c41f02a87865b13b8efcf5c3581257be0aa913f60c370527bde11a475c136a17c5eefeb03f5bff28693ed841e8ed1f7c29102f5599dd444009bcea6a92d5574152458e0caf8a36aa72b5dc4908a6461c9b741453005c8fbcc68113ae184208ee14b835480c6efafed18a76000b38e5858290f4d51f52f096cbe490e1eb5cacb226ec495a55a7fa457843d57fab67f8be7e209334785bdd665d7b63e4daf57b6e78928b603c8c0f9bc85464733b61273ef9e2b8a0cd7c3bf8ee0a6872e34d5a27a625e35eaf7ff5440b8b141af704df70c9c18623bd11209513192505105cd7bcfa5f0d919da706948fbe1f761f315846aa3b4813dd9ba3d81b9204e5409c0382b6eb:0f80ff5d17488fe26f93c543b04ed959b5f0643fc61c7f2c3bc60132ba9c6210c8b250ea5e84d07b01de68bc174414eeeb31fdc2ba6823e231e312a91ededd02db8ef02e3033e6b96a56cab05082fb4695f4a1c916250dd75173f430a10c9468817709d37623346ae8245b42bda0da6b60462ccfdfc75a9ab994e66c9ab9fecdd8599610910affe4f10215cb280bf8f9f2700a444796dae93e06c6bea7d8b4fe1301baa79ccec769368feb2442c7de84f095e6b3bff63d388cbafb2b9809dc38e9b12ebd039c0a57f4d522e91ec8d1f2b8d23a4a0ae059af85393bb0a15f749110f6774a1fd731a6ec213e4ff435daab546d31ed9ec3b6d8cc2edacebf4facc5566556eea92e5b3f2542239b25e28012dd4ef40072eebf83ed2a255181f3a442189d68c6c609f4dfdf3db7d67d087a2fcd6d2dc50bbfed8bfbbfcb74d3c41f02a87865b13b8efcf5c3581257be0aa913f60c370527bde11a475c136a17c5eefeb03f5bff28693ed841e8ed1f7c29102f5599dd444009bcea6a92d5574152458e0caf8a36aa72b5dc4908a6461c9b741453005c8fbcc68113ae184208ee14b835480c6efafed18a76000b38e5858290f4d51f52f096cbe490e1eb5cacb226ec495a55a7fa457843d57fab67f8be7e209334785bdd665d7b63e4daf57b6e78928b603c8c0f9bc85464733b61273ef9e2b8a0cd7c3bf8ee0a6872e34d5a27a625e35eaf7ff5440b8b141af704df70c9c18623bd11209513192505105cd7bcfa5f0d919da706948fbe1f761f315846aa3b4813dd9ba3d81b9204e5409c0382b6eb: +d2e01d2578b625a7060aabc25765f168c680cef767aa97ca0e5eb3d667474b2a191ac223575424aa354b255b812dd3025d70ed829e0826c01629f9df3545082b:191ac223575424aa354b255b812dd3025d70ed829e0826c01629f9df3545082b:20d5dd699b2853302a6817094d5ea512bdf8534504cb289c602467410740ec7eb8ea6442c80f145935068f9122fdf4a39f2010f33db55b814d97bf2e5872329f1126d4eb95b806ca1973113165b116be8716371f81331779dc79a5cb3942081ab5f207f6b53db0e0038107d63ca97708181982dcb5f3b93010ec6edfb2cfd31cab00090b3c38515f9781769686cb17ab81d54a8b775754d42fbad086b80b28d636f78b7eb77ed9ca35b6843a510f0ad0ac1b20267a000301b3c707a20f0214d59b5b8199c2f9ee25d32060ace3e0f2594650416a00716cd3f98604a5e104b33310fdae94c314013cdca5ba2414409eb7f1901394f007d6fa0a29dbe8ec3df98c393c8d72695877cc9baf491ef30ef7db3371608ca97cc621562520ee581d5d1cdbc78232d6c7e43937b2cc8549e6f1e08df5f2eac844fe0f822b2483ad0a5de33be64089490e77d69800fae2589ee58712ac15a3f19e6ffdbca42fe1894e889b94c04b04240dafb0b2730c236b8cceb2cb97afd1d515dc19d1067fd4aba8ce297fd6d110b35a21bd3c075c577d93fe1df77d648f7119492099b017af44eba09c807f11a4c3f4a11a2fff306a728ba78983323c92a2fd5fcc80c18d423426f823a73fe04094955284293f5f6b3ca4ff1080dbb1e4c6f74c1d935ed21e30094c7de336b82dd8200b0d659583c5bfd5470f9db342e70ec4000742c5640a214e3c2e:87a010394a9f2c904effefca9fb4d5ce13793301a4925ba51db119123a4d730abf764ce065e48d90a79d907d7254c40cc358987a46949e928bbb3cd085dfab0620d5dd699b2853302a6817094d5ea512bdf8534504cb289c602467410740ec7eb8ea6442c80f145935068f9122fdf4a39f2010f33db55b814d97bf2e5872329f1126d4eb95b806ca1973113165b116be8716371f81331779dc79a5cb3942081ab5f207f6b53db0e0038107d63ca97708181982dcb5f3b93010ec6edfb2cfd31cab00090b3c38515f9781769686cb17ab81d54a8b775754d42fbad086b80b28d636f78b7eb77ed9ca35b6843a510f0ad0ac1b20267a000301b3c707a20f0214d59b5b8199c2f9ee25d32060ace3e0f2594650416a00716cd3f98604a5e104b33310fdae94c314013cdca5ba2414409eb7f1901394f007d6fa0a29dbe8ec3df98c393c8d72695877cc9baf491ef30ef7db3371608ca97cc621562520ee581d5d1cdbc78232d6c7e43937b2cc8549e6f1e08df5f2eac844fe0f822b2483ad0a5de33be64089490e77d69800fae2589ee58712ac15a3f19e6ffdbca42fe1894e889b94c04b04240dafb0b2730c236b8cceb2cb97afd1d515dc19d1067fd4aba8ce297fd6d110b35a21bd3c075c577d93fe1df77d648f7119492099b017af44eba09c807f11a4c3f4a11a2fff306a728ba78983323c92a2fd5fcc80c18d423426f823a73fe04094955284293f5f6b3ca4ff1080dbb1e4c6f74c1d935ed21e30094c7de336b82dd8200b0d659583c5bfd5470f9db342e70ec4000742c5640a214e3c2e: +7cd7ec99dd03aede1ff1073ec2ca7010276e947e2aa9b0e65f877e4ccf1b3a14e4c39dbe9493176b8213f1422a9de7c74fb6a59190fcdbf637c7ad5ee165c04f:e4c39dbe9493176b8213f1422a9de7c74fb6a59190fcdbf637c7ad5ee165c04f:a6034aa3c2484923e80e90e5a8e1748350b4f2c3c8319faf1a2e3295150a68e1eeca1bc84954cc89d4731a7f6512af01464fdbce5df68ee8066ad9a2fd21c0835a76559ca1c7449a933bcb15af90223d925ff61cd83eb935698347a57072709a86b4e5a7a626e07a3f2e7e341c7783a540f84aa73e917e867bb80bace6254705a9d1a1185de56e1a4e78aaf539e749b8f765bd052c4cd15b638bf8ecf87d9814606fed5a69f4dae9da47f3806dd90be64fccd3365cbe9e01c588fe65d6b603280740962aa8ddb95a3f4f674c03bc4043092c544595568270a2c2a8aa06e3f67c31998c50b9a58acad00690d3848114cb193293c8ac21016fd996f5c64214064f82167b2c920cd8a839755852ac77c3d90526dd3adb96837cf4e726f34bd02955cbac5b82c92cf4aa8b54bb6e436dae9bf893ef050c6f135a7e62fcd834dac1d2be8b8e59d696131811701c4318bb6e9b5a20bec656fd2ba192e2732f422963bed4a4fd1ec9326398dce290e0848c70ea236c04c7dbb3b67921440c98d72753f6a332eaad59fd0f57742923fb625fef070f34225ea06c2363d123666b99ac7d5e550da1e404e526b5b229cb130b84b1903e431cdb15b33770f5811d49fbd50d60a3474c0c35fc021d8681819ec794cc32a634bc46a955aa0246b4ff1124623cbafb3cb9d3b92a90fde648e414636192952a92291e5f86efddb89ca078aea7717fc7:6f99202770964535e483a0ee01a529442eb321303fa805d475604d7fc728a9103fb7b558b955f4d03719eefaa3b7ed5b0da75710bb98787f5c2282ed66e9f60ca6034aa3c2484923e80e90e5a8e1748350b4f2c3c8319faf1a2e3295150a68e1eeca1bc84954cc89d4731a7f6512af01464fdbce5df68ee8066ad9a2fd21c0835a76559ca1c7449a933bcb15af90223d925ff61cd83eb935698347a57072709a86b4e5a7a626e07a3f2e7e341c7783a540f84aa73e917e867bb80bace6254705a9d1a1185de56e1a4e78aaf539e749b8f765bd052c4cd15b638bf8ecf87d9814606fed5a69f4dae9da47f3806dd90be64fccd3365cbe9e01c588fe65d6b603280740962aa8ddb95a3f4f674c03bc4043092c544595568270a2c2a8aa06e3f67c31998c50b9a58acad00690d3848114cb193293c8ac21016fd996f5c64214064f82167b2c920cd8a839755852ac77c3d90526dd3adb96837cf4e726f34bd02955cbac5b82c92cf4aa8b54bb6e436dae9bf893ef050c6f135a7e62fcd834dac1d2be8b8e59d696131811701c4318bb6e9b5a20bec656fd2ba192e2732f422963bed4a4fd1ec9326398dce290e0848c70ea236c04c7dbb3b67921440c98d72753f6a332eaad59fd0f57742923fb625fef070f34225ea06c2363d123666b99ac7d5e550da1e404e526b5b229cb130b84b1903e431cdb15b33770f5811d49fbd50d60a3474c0c35fc021d8681819ec794cc32a634bc46a955aa0246b4ff1124623cbafb3cb9d3b92a90fde648e414636192952a92291e5f86efddb89ca078aea7717fc7: +e3ca3713a2fd412ad5336bc356b77be027d5b70815b3ac2aecd8340ef5f889b11d516cb8bef116a0c1b6929009933f6eb62c23050745fe7e8d3c631623778111:1d516cb8bef116a0c1b6929009933f6eb62c23050745fe7e8d3c631623778111:dd99baf295e013eed107ba8af81121aaf1835a3cca24f8e464b4cfcaa3c7bffe6f9536016d1c8cf375038c9327e8e21b004066f5eac0f76a3e8edfb07be8bd2f6bc79c3b456de82595e2c2105bb1b0aaba5eeee1adef752167d633b322ebf8f7cd5fbf59508fdbdbecf25e657a9c7050af26a80a085b0817c6217e39acd54cb9fa09540fc7bdc5226d6a276d492cc8a3dffc2abc6d0b9fb08cbccdd9432e449821a5dc98cfb3a418e539c890fe5a0446b9f81d306700927ade61cfdcc0624f13b5840748774604805731d92e77d5def66be44cc817946f1cd758196cf480f99e7117835c4c87cbd64077a562a80cf11d8ca65be7a94d92b9ddaea997e93f1448577ed6d8436b2f3144692c1fd7d28a03e9274bc9e8669d8575f5de20cfbdbcb04e9f39f3451d7048375e2698e722846cb4f2d19a810c53d4c1a6c3b770fb402df0530e7b2907223fd0899e00cb188ca80c1531b4e37fba176c17a2b8f5a3ddc7a9188d48ffc2b272c3da9c9b89dfe53f2fe7e3672f91d11818491ace140adcae98502e114f4b352b90e2e7fbd333b2459e7f15dd0764c9c34e4cb7cc095500cda035e8e2e4e3c8fd5df5f3aa579a735dd8a9f19ef336fa971114e46618734a4c13d30c81128ca21def47330103d23d80ffe67421a6ccf9f36a93f05603c599ee10b03451f36b2133c187a79ad9e6fdfbb12595ab73bb3e2e2e43030fd37e591cf55d:b3857ea61baa9e62838c4e3a996502d3364fe1ec594258355073dd10e497c600befb1f8f233fd6e3b2c87f10dcb7261aaf3481bfd0902605accc900fef84d407dd99baf295e013eed107ba8af81121aaf1835a3cca24f8e464b4cfcaa3c7bffe6f9536016d1c8cf375038c9327e8e21b004066f5eac0f76a3e8edfb07be8bd2f6bc79c3b456de82595e2c2105bb1b0aaba5eeee1adef752167d633b322ebf8f7cd5fbf59508fdbdbecf25e657a9c7050af26a80a085b0817c6217e39acd54cb9fa09540fc7bdc5226d6a276d492cc8a3dffc2abc6d0b9fb08cbccdd9432e449821a5dc98cfb3a418e539c890fe5a0446b9f81d306700927ade61cfdcc0624f13b5840748774604805731d92e77d5def66be44cc817946f1cd758196cf480f99e7117835c4c87cbd64077a562a80cf11d8ca65be7a94d92b9ddaea997e93f1448577ed6d8436b2f3144692c1fd7d28a03e9274bc9e8669d8575f5de20cfbdbcb04e9f39f3451d7048375e2698e722846cb4f2d19a810c53d4c1a6c3b770fb402df0530e7b2907223fd0899e00cb188ca80c1531b4e37fba176c17a2b8f5a3ddc7a9188d48ffc2b272c3da9c9b89dfe53f2fe7e3672f91d11818491ace140adcae98502e114f4b352b90e2e7fbd333b2459e7f15dd0764c9c34e4cb7cc095500cda035e8e2e4e3c8fd5df5f3aa579a735dd8a9f19ef336fa971114e46618734a4c13d30c81128ca21def47330103d23d80ffe67421a6ccf9f36a93f05603c599ee10b03451f36b2133c187a79ad9e6fdfbb12595ab73bb3e2e2e43030fd37e591cf55d: +29a63dcd48a351771411fddcab46bb071e91498576e8d02f8b6044f5bdd3ed903923fdcc2a9fe5cabf6e9932e46dbd2b7f3632500f9d95552db2b045bc41166f:3923fdcc2a9fe5cabf6e9932e46dbd2b7f3632500f9d95552db2b045bc41166f:ff18ca0c204c8386a4aa74ec4573c7b69216b31470daedd96a4f2302116c7955d72dacc88e3714550c09e6f7b9a8586260dc7e63da4c633bae0162e116e5c1797b78d87d47ffeea3d7819df9c852f0ff30936a105d3af5531a8f89549711c14c2d3ee11564e7c8525bd58864009762a05541d8e07ad841a55a6a9a007ef209ccec4b5640babe35651b61df42de4d910ee73a933c0b74e995757e84a99eb034f41807183c90ca4ea8d84cdba478613c8e587cb5f8fb6a055081da6e90220d5d86e34e5f91e488bd12c7a1a6b3c9fce5305e85346658effa810d0e8a2a039db4a4c94965be4011f9d5e5da266233e6c4e18ed4f8a25a57e40a591c7ed590c0f8b1a119c7c9747f691b02196cd18e6945213f1d4c8c9579c6e0a2ac45924128d6d92c8e4c66065320353d48d1d5e13194d905f837078f8dac0b68cf96ae9e70554c14b2fa29b19630e4b0f5d2a767e190efbc5992c709dcc99aa0b5aaf4c49d5513e174fd604236b05b48fcfb55c9af10596927bcfad30bacc99b2e0261f97cf297c177f1929da1f68db9f99ac62ff2de3bb40b186aa7e8c5d6123980d759927a3a07aa208beeb736795ae5b849d5dae5e3573710aaa24e96d5791e2730d0270f5b0a2705ba515d14aa7e6fa6622375377f9aba64d02569a209d33de686e089ec60118e4814ffc6c0778c6427bce2b6b844cfcd5a7ced0e35303f50a0dfe5df5dde1a2f23:12bf629593e2caadc910ec40bfe2b7a62514126b16ba3a438d88e2d21f595aaee8abfa4af2ec870361d0ea04dfc8c6a330fb2841c2d8211a64fa1e7e7d273800ff18ca0c204c8386a4aa74ec4573c7b69216b31470daedd96a4f2302116c7955d72dacc88e3714550c09e6f7b9a8586260dc7e63da4c633bae0162e116e5c1797b78d87d47ffeea3d7819df9c852f0ff30936a105d3af5531a8f89549711c14c2d3ee11564e7c8525bd58864009762a05541d8e07ad841a55a6a9a007ef209ccec4b5640babe35651b61df42de4d910ee73a933c0b74e995757e84a99eb034f41807183c90ca4ea8d84cdba478613c8e587cb5f8fb6a055081da6e90220d5d86e34e5f91e488bd12c7a1a6b3c9fce5305e85346658effa810d0e8a2a039db4a4c94965be4011f9d5e5da266233e6c4e18ed4f8a25a57e40a591c7ed590c0f8b1a119c7c9747f691b02196cd18e6945213f1d4c8c9579c6e0a2ac45924128d6d92c8e4c66065320353d48d1d5e13194d905f837078f8dac0b68cf96ae9e70554c14b2fa29b19630e4b0f5d2a767e190efbc5992c709dcc99aa0b5aaf4c49d5513e174fd604236b05b48fcfb55c9af10596927bcfad30bacc99b2e0261f97cf297c177f1929da1f68db9f99ac62ff2de3bb40b186aa7e8c5d6123980d759927a3a07aa208beeb736795ae5b849d5dae5e3573710aaa24e96d5791e2730d0270f5b0a2705ba515d14aa7e6fa6622375377f9aba64d02569a209d33de686e089ec60118e4814ffc6c0778c6427bce2b6b844cfcd5a7ced0e35303f50a0dfe5df5dde1a2f23: +c7188fdd80f4cd31839ec958671e6dd08b21f9d7528c9159143734f94b169883019752ff829b6859b9058d00c2795e835655440675753f37e85eb7bc5839c4ca:019752ff829b6859b9058d00c2795e835655440675753f37e85eb7bc5839c4ca:4af5dfe3feaabe7f8fcd38308e0bd385cad3811cbdc79c944ebfe3cd675cf3afbef4542f542975c2e2a6e66e26b32ac3d7e19ef74c39fa2a61c56841c2d8212e2bd7fb49cfb25cc3609a693a6f2b9d4e22e2099f80b777d3d05f33ba7db3c5ab55766ceb1a1322af726c565516ce566329b98fc5dc4cbd93cefb627688c977af9367b5c69659e43cb7ee754711d665c0032ae22934f44c71d31178ef3d9810912874b62fa5e4020e6d5d6458183732c19e2e89685e0464e91a9b1c8d5251e24e5f91813f5019a740a04b5d91cbb8309e5161bba79dcab38239a091f50e099ff819e3a7b5205fe907cdfe9c0dc3ee85e32d7bcd3ce02635e2058388031e317fbf22ab9f39f7f7e3cd1a11a9c1f45f4e1e42d2536c122c591837911847108ceafd990813c2b6344cffc34be37161dd815626900e8fcb85c21afb4f6be8ad01516a31c2a6580315857c6a216735ca991009dbc2ea5034160747a869d5cadb0b47ffbd5d3ac97fdd0526cae6eaa35cff7a16eaf4fb950ca31511346fea6141999a3f754e6281cfba15e8a826932c589c5d247c909d94b4eab7ebcb09077648af065c2d86611eb588453ed7c24780d73c689c8744afd533a86d9ee9e3365732cbd0c351e436f898b7043292097e03e6081a23ac865e19dc8858969b999d01fa65ef200c3f269c818e30b9365ecc683bcfe69c203b4e0ab6fe0bb871e8ecaaae82d3acd35d5b50:35c170dd0c6dc2920a595775d8e2dd65243e9c1bf96ef42779001ed45f01b7dfebd6f6a7dc2d386ef4d2a56779ebe77f54e5aecfda2d54a068476b24dbd78b0c4af5dfe3feaabe7f8fcd38308e0bd385cad3811cbdc79c944ebfe3cd675cf3afbef4542f542975c2e2a6e66e26b32ac3d7e19ef74c39fa2a61c56841c2d8212e2bd7fb49cfb25cc3609a693a6f2b9d4e22e2099f80b777d3d05f33ba7db3c5ab55766ceb1a1322af726c565516ce566329b98fc5dc4cbd93cefb627688c977af9367b5c69659e43cb7ee754711d665c0032ae22934f44c71d31178ef3d9810912874b62fa5e4020e6d5d6458183732c19e2e89685e0464e91a9b1c8d5251e24e5f91813f5019a740a04b5d91cbb8309e5161bba79dcab38239a091f50e099ff819e3a7b5205fe907cdfe9c0dc3ee85e32d7bcd3ce02635e2058388031e317fbf22ab9f39f7f7e3cd1a11a9c1f45f4e1e42d2536c122c591837911847108ceafd990813c2b6344cffc34be37161dd815626900e8fcb85c21afb4f6be8ad01516a31c2a6580315857c6a216735ca991009dbc2ea5034160747a869d5cadb0b47ffbd5d3ac97fdd0526cae6eaa35cff7a16eaf4fb950ca31511346fea6141999a3f754e6281cfba15e8a826932c589c5d247c909d94b4eab7ebcb09077648af065c2d86611eb588453ed7c24780d73c689c8744afd533a86d9ee9e3365732cbd0c351e436f898b7043292097e03e6081a23ac865e19dc8858969b999d01fa65ef200c3f269c818e30b9365ecc683bcfe69c203b4e0ab6fe0bb871e8ecaaae82d3acd35d5b50: +38ba0621704d2155fc2f78555196575de06d80255c35e9dc965b6fe96a4d53894388f7f68a9effbc366e42d907015604daced1727cd1d89d74adcc789fd7e6e1:4388f7f68a9effbc366e42d907015604daced1727cd1d89d74adcc789fd7e6e1:ed4c2683d644b05b39b048ef1f8b7025f280ca7e8ff72cb7eda99329fb7954b700400705275f20b858cf7e349a3510665b630609c5e2e62069263ab9c55e4123a564dca6348c8a01332075e7a5bec9c20a03807957fefa910e60c35ae579778ce2ce42e6a69a1b647681e43ec4b63bd5fbefabb31712cb3d6419ead78dd41c8a92aaceb63cbfa89d2af39606de010a397e302053a615c16e5e95ad9935c079a0b8103125789471a1e3574f429b29e4d225c7723fbb3cf88cbd73823d9f0b6c7d05d00bdeb0fb0ad3d7132033183e21f6c1e8d8e4c0a3e4f52f5001da687171345c6dc8b42c42a60d1f1ffa8fe3e7bcece59a035878f9d4d81127e22496a49bfcf6bf8b46a80bd562e65255071f9d11a9eb0481f4626d4d71ffc38afe6e358a4b289179cbce9764d86b57ac0a0c827e8ff078813306a1d5fadd32b46a1fbcd789ff8754063eecfe45313beb6601c3a3010e8eb97c8effbd140f1e688311092d273c4defca47da6f1f0825744676f9a280b6c2a814fa47fabc1980d0b37f087a53ca8778f39ffb474ff5f1171b442c76dd008d92182f644a714a0f011e215a78b97af37b33520ebf43372a5ab0cf70dcc1dc2f99d9e4436658f8e07cdf0b9ea4dd6224c209e7521b981ee351c3c2df3a50040527fcd72804176046405db7f6734e85c5d390f520b0c08dcbfa98b8742480d5e46f9be893f6d6614340f8161611d5053df41ce4:42bed6a98786f664715f39bb643c405ae1750056460e700469c810389504c51cffd9e1a94c38f692fb316265316d8f4dc3ad1cdd8a6d5991ef010cd1489d7c09ed4c2683d644b05b39b048ef1f8b7025f280ca7e8ff72cb7eda99329fb7954b700400705275f20b858cf7e349a3510665b630609c5e2e62069263ab9c55e4123a564dca6348c8a01332075e7a5bec9c20a03807957fefa910e60c35ae579778ce2ce42e6a69a1b647681e43ec4b63bd5fbefabb31712cb3d6419ead78dd41c8a92aaceb63cbfa89d2af39606de010a397e302053a615c16e5e95ad9935c079a0b8103125789471a1e3574f429b29e4d225c7723fbb3cf88cbd73823d9f0b6c7d05d00bdeb0fb0ad3d7132033183e21f6c1e8d8e4c0a3e4f52f5001da687171345c6dc8b42c42a60d1f1ffa8fe3e7bcece59a035878f9d4d81127e22496a49bfcf6bf8b46a80bd562e65255071f9d11a9eb0481f4626d4d71ffc38afe6e358a4b289179cbce9764d86b57ac0a0c827e8ff078813306a1d5fadd32b46a1fbcd789ff8754063eecfe45313beb6601c3a3010e8eb97c8effbd140f1e688311092d273c4defca47da6f1f0825744676f9a280b6c2a814fa47fabc1980d0b37f087a53ca8778f39ffb474ff5f1171b442c76dd008d92182f644a714a0f011e215a78b97af37b33520ebf43372a5ab0cf70dcc1dc2f99d9e4436658f8e07cdf0b9ea4dd6224c209e7521b981ee351c3c2df3a50040527fcd72804176046405db7f6734e85c5d390f520b0c08dcbfa98b8742480d5e46f9be893f6d6614340f8161611d5053df41ce4: +ae331fc2a14759b73f1cd965e48514e12b29f63b06ccfc0ad49f36820e57ec7208803d48238eda3f9cebb628530121de00f0f0468c202d88528b8bcec687a903:08803d48238eda3f9cebb628530121de00f0f0468c202d88528b8bcec687a903:5716003390e4f5216598a03d7c430dbf495ee3a7557b580632ba59f15198b6180a42469c237db5bc81f29cfaab0aff3c9966309ab06958c9d7126add78e3b32459ff8a0e0bdef874b58e6083668f38ad7d63aae1f12e26a613348f9f03ea5d205f045d78cc8902d47f81e8b52293e70e86c9803d4dacea86c3b67458ae3579bc11113b5490bcf3e1cd4e7979c264d835161fd55efe953b4c26395dd92ca4930920e904fadc0889bb7822b1dfc4452604840df024db0821d2d5e96785a5c37dbfd2c375983283e9b5b43a3207a6a9b833948329d5de41e45008bcbad493de5754dd83decc440e5166edaae0208f000c5f6d9c372153209e5b7578116f89cf2f8b1004d1307ea79ed37480f3194a7e17983a230465ccc30fcc1a62d280fbbaccf006dc4dee0ea796b81accc61a063e2c083daec039bd9a64a77024af82ec1b0898a3154329fdf61673c36e4cc81f7a4126e56290e4b456819bdebf48cb5a40955bab297c2bbcb018adbf24828660a5d12a0613bf3ccb5eeb9a17fb0a0547db8da24d2efb87ba1b843142a75e4ca0b0a333e4a14fab35a62669329ca8753f016ac70cd997e8bc19ee448aeaf0f4bf3ce5230550578ab64c19019446ce2d9c01a03d889a9909860aef76f067c50b61c3d0f12cc8686f5c31bf032a841015cfeff1cfdae94f6b21dae941b335dc821f3284ce31508f5db5c448ffaa3773e9be1a4c85a1c58b009fa3:75f739088877e06dc56daec8f1e4d211b754e3c3edbfa7eda444f18c49b69c5a142db45a0a7650e47d10550ba681ff45dd4463c4ac48bf44b73034bd5659220e5716003390e4f5216598a03d7c430dbf495ee3a7557b580632ba59f15198b6180a42469c237db5bc81f29cfaab0aff3c9966309ab06958c9d7126add78e3b32459ff8a0e0bdef874b58e6083668f38ad7d63aae1f12e26a613348f9f03ea5d205f045d78cc8902d47f81e8b52293e70e86c9803d4dacea86c3b67458ae3579bc11113b5490bcf3e1cd4e7979c264d835161fd55efe953b4c26395dd92ca4930920e904fadc0889bb7822b1dfc4452604840df024db0821d2d5e96785a5c37dbfd2c375983283e9b5b43a3207a6a9b833948329d5de41e45008bcbad493de5754dd83decc440e5166edaae0208f000c5f6d9c372153209e5b7578116f89cf2f8b1004d1307ea79ed37480f3194a7e17983a230465ccc30fcc1a62d280fbbaccf006dc4dee0ea796b81accc61a063e2c083daec039bd9a64a77024af82ec1b0898a3154329fdf61673c36e4cc81f7a4126e56290e4b456819bdebf48cb5a40955bab297c2bbcb018adbf24828660a5d12a0613bf3ccb5eeb9a17fb0a0547db8da24d2efb87ba1b843142a75e4ca0b0a333e4a14fab35a62669329ca8753f016ac70cd997e8bc19ee448aeaf0f4bf3ce5230550578ab64c19019446ce2d9c01a03d889a9909860aef76f067c50b61c3d0f12cc8686f5c31bf032a841015cfeff1cfdae94f6b21dae941b335dc821f3284ce31508f5db5c448ffaa3773e9be1a4c85a1c58b009fa3: +82435f39790106b3af72f91f14c928d2465f98cdd10084c4a44d19af71a1927cc52a92646f5adb21c6dde0de58786837f8a3414c09aedfc27c812218a7e7239e:c52a92646f5adb21c6dde0de58786837f8a3414c09aedfc27c812218a7e7239e:f3d6c46ac5248d5386b6b68462597d647039f544bb01ac2d1067daaaa397d2dbaf125a1cf8fdf280a6afec324d5311f543688a156c849819bb046b911c42ea3ca01b99808c4d1f3b8b15da3efe2f32523ec3b09c84b48cffd13c17c9e26c912d9c3e9346dfae3fd0c56c8858780782f61a4c4dbfff1e9cb4b362cd8001f9cdfeb1a72082dce9c9ade52effc9744688ac0b86c88266b53d895c17ead9e89ed8d24d40642f3ad3b9bf9bbc4dda7966ef8328289fb31e17c81fd028ef1bd9a1d4c792e86ec2dbdce3f937eecc3eeb5188d325941919bbf75b4388e2399507a3d7fb387502a95f421c85826c1c9176c923e316310a4ba45c8a5ef7557cf87b77020b24f5ba2bfd1228109566307fea65ec015019691217bce69aee16f76249c58bb3e52171cfefd5254e5e0f397169186dc7cd9c1a85c81034e037183d6ea22aee8bb74720d34ac7a5af1e92fb8185ace01d9bf0f0f9006101fcfac8bbad171b437036ef16cdae1881fc3255ca359bba1e94f79f645555950c4783bab0a944f7de8df69258b6afe2b5932217195da245fee12ac343824a0b6403dfe462d43d288db31f99097ec3edc6e76547a3742f03c777efb158f58d4053fa6cc8d68b196af4f9de516fd9fb7a6d5d9ee4a89f9b9bce1e4dee357a1e52c0544cfb35b7092d1aa5a6f7f4c7602610e9c00ef5b8761bc72279ba228a18b8400bd76d5b2bfd7c3c04aac4436dae2e98:1daa44ef06d4c10ddb48678423c5f103a1b568d42b20cc64af110fce9d7679a2dee412b4980585c26c320dbaa601c472defc3c85415daecdd6d2d9eacac85e07f3d6c46ac5248d5386b6b68462597d647039f544bb01ac2d1067daaaa397d2dbaf125a1cf8fdf280a6afec324d5311f543688a156c849819bb046b911c42ea3ca01b99808c4d1f3b8b15da3efe2f32523ec3b09c84b48cffd13c17c9e26c912d9c3e9346dfae3fd0c56c8858780782f61a4c4dbfff1e9cb4b362cd8001f9cdfeb1a72082dce9c9ade52effc9744688ac0b86c88266b53d895c17ead9e89ed8d24d40642f3ad3b9bf9bbc4dda7966ef8328289fb31e17c81fd028ef1bd9a1d4c792e86ec2dbdce3f937eecc3eeb5188d325941919bbf75b4388e2399507a3d7fb387502a95f421c85826c1c9176c923e316310a4ba45c8a5ef7557cf87b77020b24f5ba2bfd1228109566307fea65ec015019691217bce69aee16f76249c58bb3e52171cfefd5254e5e0f397169186dc7cd9c1a85c81034e037183d6ea22aee8bb74720d34ac7a5af1e92fb8185ace01d9bf0f0f9006101fcfac8bbad171b437036ef16cdae1881fc3255ca359bba1e94f79f645555950c4783bab0a944f7de8df69258b6afe2b5932217195da245fee12ac343824a0b6403dfe462d43d288db31f99097ec3edc6e76547a3742f03c777efb158f58d4053fa6cc8d68b196af4f9de516fd9fb7a6d5d9ee4a89f9b9bce1e4dee357a1e52c0544cfb35b7092d1aa5a6f7f4c7602610e9c00ef5b8761bc72279ba228a18b8400bd76d5b2bfd7c3c04aac4436dae2e98: +1bea7726d912c55ec78b0c161a1ad3c9dd7bc329f85d26f62b92e31d16d83b48c9ddb42106ccef4e0ef4794551d21df94a6306872f231663e47e241f77cc3e82:c9ddb42106ccef4e0ef4794551d21df94a6306872f231663e47e241f77cc3e82:b11283b1f0ce549e5804730ac3207ac00332d2aacf9c310d3832d879f9634bd8a58adf199e4b863bb17481d28acb2da0e1557b8336a400f6295625031d09e4df4d319bbc1e8f6e9232d23053bb3ffac4fe2c70ce3077fc0060a5cb4692a1cf0b3e62fe454802ae10b83ded61b6bf454ca75e4cdad5532f20b70654f12ba906f003a8b9e986f15a39419deb2ea1ead7598290eeebf9252b0c27605a7a73a6abebb42271d71a3c197a46bcc8db11d9242842f378364a37eecaa34e982135be34182c69ca8e6e3c8c90e1b4b2b475815a178377ae0165a764c8ba2889b5ab290949d8487a88e0d3d2bc7e2520176aa6ff9ff0c409ff80515f4f0b83c5e82c23fd3326cdd6b76252e7fddcd6e4770978cd503ed2d6b480101167d3f191fed8d6d74d74a2007db1092e46a23ddecddcdb984664047b8dd7cc8a576e1a806f52cb027a9480a95cc44b1e6f2e286e9b7a6bf7b396fa5496b7a5b1c03d9c5c27da1a42990d10b12fb8640e1596f26b366d270ba64f99afffe3fece05a9b0254b208c7997cdb512fc77527954a1cb50fdab1cc9a45162741fd6f9d3fd5f2e382853d7335dba1e6b2959dd86e125e67b53dc8e453c810bc01bf20bce7b618dd5d1ed784106ee06a3ecaf6b3bee0b56833b0b813139c5a696000a449c97906a2fbddc2d9de9406ea282ac4ee5ef8bf3854c74a6b7173dd2f79c7a126f3c7b0433fd4ea26e877a14831dd415a19d:f9b04517bd4fd8ef90f2140fc95dc16620d1602ab36c9b165fff3aba978d59767110bb4e07a48f45121447ac0c1abac585d391d4042041898628a2d2dcc2510db11283b1f0ce549e5804730ac3207ac00332d2aacf9c310d3832d879f9634bd8a58adf199e4b863bb17481d28acb2da0e1557b8336a400f6295625031d09e4df4d319bbc1e8f6e9232d23053bb3ffac4fe2c70ce3077fc0060a5cb4692a1cf0b3e62fe454802ae10b83ded61b6bf454ca75e4cdad5532f20b70654f12ba906f003a8b9e986f15a39419deb2ea1ead7598290eeebf9252b0c27605a7a73a6abebb42271d71a3c197a46bcc8db11d9242842f378364a37eecaa34e982135be34182c69ca8e6e3c8c90e1b4b2b475815a178377ae0165a764c8ba2889b5ab290949d8487a88e0d3d2bc7e2520176aa6ff9ff0c409ff80515f4f0b83c5e82c23fd3326cdd6b76252e7fddcd6e4770978cd503ed2d6b480101167d3f191fed8d6d74d74a2007db1092e46a23ddecddcdb984664047b8dd7cc8a576e1a806f52cb027a9480a95cc44b1e6f2e286e9b7a6bf7b396fa5496b7a5b1c03d9c5c27da1a42990d10b12fb8640e1596f26b366d270ba64f99afffe3fece05a9b0254b208c7997cdb512fc77527954a1cb50fdab1cc9a45162741fd6f9d3fd5f2e382853d7335dba1e6b2959dd86e125e67b53dc8e453c810bc01bf20bce7b618dd5d1ed784106ee06a3ecaf6b3bee0b56833b0b813139c5a696000a449c97906a2fbddc2d9de9406ea282ac4ee5ef8bf3854c74a6b7173dd2f79c7a126f3c7b0433fd4ea26e877a14831dd415a19d: +d01a0ead9d694833283b9cd7299a7bd75fa90b1d2d7884e4557b33c998772a68a0f757479ba627efef95d6ec7a931dfac4373df33daaf4ddc4ec6894c8261ed7:a0f757479ba627efef95d6ec7a931dfac4373df33daaf4ddc4ec6894c8261ed7:7627534e9a83d1e406ab948d30d1da9c6a5db08e0feb7fc5ba5cbf76849ee8add4847ef5ca5a0dae411aca097451cb4c2b498c947097407007640dc19ed938e3b91bf51c9581168df860bd94751668dabd721dc73998400be20c9a563d5051ef70e3546fee673312b52a274041057e70848eb7c5a21644c97e448abd7640207d7cdafcf45da6df3494d3585b0e18ac5ac9081cb7a407a39a877705cbaf79a01b915f736eb025c58b4b5d807fb7b7566c5969787c1d6ca4eba97d509ef7fb3550d21d377eceffcf0eb6681895adbd246ee7bf3c935a006478b832ece46de6118b17e466a27fc2a44a896baae272f9ecf018c65cb50cfbfc8d260994a18a832d971928c449675724585131c871533c9897d8f80f9c0416b718786b10fea8eb5bd813a269a1b677b7a2507a44b713d705086530995e59335ddc2855e847e4f4db06c91f1d54023d8a10f69f9e61bdce4b686fb617bd5030e755cadb1f644e1ddd91619b96ecd605b00198b9a6eddb5a84ebd3692b665979766637c677378c1c77041fd4a6b3555c1dc8a83fe9013bb6106cc18a2b037c9377b7a1a5a5d0dcc54918eaad7e32c880767b26fd2ea2d68b0405f5e074f55a19d8a39ffbb7dc32faee6a7f9532aec8a0776c3ff83ae3a4627738496a371eb9e090b74e0eddecfcd41bed0c0ce581275243472d26da8c998e4b6d6b44fc88ba2ab54642225417120294417805742bdb33b7b122:9a0ff7f35174ec3f66d22a6f06df60e09c8f623a5aca810e23a88d0e6a31cb6f1ce1c1f9dccc9e1484b68dd004ac53597e29ad6ab72e8ce2b75ad5b80eb848037627534e9a83d1e406ab948d30d1da9c6a5db08e0feb7fc5ba5cbf76849ee8add4847ef5ca5a0dae411aca097451cb4c2b498c947097407007640dc19ed938e3b91bf51c9581168df860bd94751668dabd721dc73998400be20c9a563d5051ef70e3546fee673312b52a274041057e70848eb7c5a21644c97e448abd7640207d7cdafcf45da6df3494d3585b0e18ac5ac9081cb7a407a39a877705cbaf79a01b915f736eb025c58b4b5d807fb7b7566c5969787c1d6ca4eba97d509ef7fb3550d21d377eceffcf0eb6681895adbd246ee7bf3c935a006478b832ece46de6118b17e466a27fc2a44a896baae272f9ecf018c65cb50cfbfc8d260994a18a832d971928c449675724585131c871533c9897d8f80f9c0416b718786b10fea8eb5bd813a269a1b677b7a2507a44b713d705086530995e59335ddc2855e847e4f4db06c91f1d54023d8a10f69f9e61bdce4b686fb617bd5030e755cadb1f644e1ddd91619b96ecd605b00198b9a6eddb5a84ebd3692b665979766637c677378c1c77041fd4a6b3555c1dc8a83fe9013bb6106cc18a2b037c9377b7a1a5a5d0dcc54918eaad7e32c880767b26fd2ea2d68b0405f5e074f55a19d8a39ffbb7dc32faee6a7f9532aec8a0776c3ff83ae3a4627738496a371eb9e090b74e0eddecfcd41bed0c0ce581275243472d26da8c998e4b6d6b44fc88ba2ab54642225417120294417805742bdb33b7b122: +df648940b578bc31d2a652965f30391caf06d5f251599a737ce10be55f4a9d0d27de920419c186b01be54279fb8f9be4bb4b2cad75ca7e8f792bfa7bb97c7f41:27de920419c186b01be54279fb8f9be4bb4b2cad75ca7e8f792bfa7bb97c7f41:1ae520beeb4ad0722b43067fa7cd2874abcf34dd9237b4478eae9772aea297a67fb79b33070204baee440b9c87e2fbcbeb76801dddea5e4530d89e11583179939a00a32f811332c52291cc7ac91e5a970cd5aa708b1da26be9fe432a9bbda1319e31e4bcc9f1666a05b5c05b876bfd1f766687ccea4e4482e924329aface5ee52e9879fd69b76e0f7e452ec4713bff216d00c82599d27ca481f73aae136f0875c88a66b1b6f34c50523ab602e9d4ebb7eeb9e043a65e41899d79752a279d2ed46993926f3621e7c32c9a9b3b59d8dd57beca39285434de991cbd2dfcbc5ca62a7779f475d0cef2f3e562f29acd474f3c99ec5bd8de01101bed2e0c9b60e2d70fd432c892fc66f8d4619a911b5625163e9a42bf9ea38586d8e764001564d335411225fcb0a06dc2a82da0779a3c444eb7864201b43ebb72b921f34d3c13089df2f4fac366ff1e3c0b96f93d2b4d726a5ce4d6916d82c78be354a1230c2cf0418c78a1913e454f648cc92c8dd0e184645fe3781d263cff69f5c60b1ebb52005a8b78a515c7e8886ffe054dab428e2e221d9d76aff42654168d833b88178293e1fedd15d46cd609483129c4d2d84432a99d31ffe9bdb566f8c75ce65e18288e4df8c16731a0f3fdde1cca6d8ede0435ff7436ca17d0aeb88e98e8065cbcbfd0ff83043a357cd1b082d1703d461881872cdf741e4f99bd146745ba703974be40f579bf5c4dba5bdb8c941bce:62bc991c45ba9b26bf440116264162c34c88597885e9605083c604b5f5d8fa6f662ba214f76e6cf84e5ec04df1beefc5f25d3a3b72f98b5069831916a63296011ae520beeb4ad0722b43067fa7cd2874abcf34dd9237b4478eae9772aea297a67fb79b33070204baee440b9c87e2fbcbeb76801dddea5e4530d89e11583179939a00a32f811332c52291cc7ac91e5a970cd5aa708b1da26be9fe432a9bbda1319e31e4bcc9f1666a05b5c05b876bfd1f766687ccea4e4482e924329aface5ee52e9879fd69b76e0f7e452ec4713bff216d00c82599d27ca481f73aae136f0875c88a66b1b6f34c50523ab602e9d4ebb7eeb9e043a65e41899d79752a279d2ed46993926f3621e7c32c9a9b3b59d8dd57beca39285434de991cbd2dfcbc5ca62a7779f475d0cef2f3e562f29acd474f3c99ec5bd8de01101bed2e0c9b60e2d70fd432c892fc66f8d4619a911b5625163e9a42bf9ea38586d8e764001564d335411225fcb0a06dc2a82da0779a3c444eb7864201b43ebb72b921f34d3c13089df2f4fac366ff1e3c0b96f93d2b4d726a5ce4d6916d82c78be354a1230c2cf0418c78a1913e454f648cc92c8dd0e184645fe3781d263cff69f5c60b1ebb52005a8b78a515c7e8886ffe054dab428e2e221d9d76aff42654168d833b88178293e1fedd15d46cd609483129c4d2d84432a99d31ffe9bdb566f8c75ce65e18288e4df8c16731a0f3fdde1cca6d8ede0435ff7436ca17d0aeb88e98e8065cbcbfd0ff83043a357cd1b082d1703d461881872cdf741e4f99bd146745ba703974be40f579bf5c4dba5bdb8c941bce: +c8ac234558aa69816b368b77b7cccb5c8d2a33ec53aeef2ce2287143bd98c1755364baf1fdb2c63840b30d4031cf83a2e18e620793bae59d1035c0ede55e528b:5364baf1fdb2c63840b30d4031cf83a2e18e620793bae59d1035c0ede55e528b:ce488d26975c1c9328b47fa92e19561330041b23a0e57a4b8bca89eb5f615e73dd7fae69c2380e3212f9b73341c356db75a6256d7a20a97f759d4cba7197178ea724dd932949360e96c50a4b3ba55a953372c397b0969c2b14d3609e0a852d484df70eaab11249ebeb3237921f0a39a55d7dccfef205d94ec80d9e1fd6a2c1efd29844101dfe2c5f668adb7975915dedd086500cee2c1e233e8e48855cc1a6f287d63dce10addd13cac7b7a187efe47e12d1c35bb3974052b23a73668d3e4c87db4841af846e808672c43d0a1522e2965f083951b2b2b0c409548ee6182f0c9850514c9e6c102f54ba4124c92a90274f405891e662f5ebb3771b85783156e9e5836734d09d1baf5b2134c93162eec4be03bd12f603cd27be8b76accc6e8b8bac020cba3479651c9ffa53ce4eb77a77313bc1265ddab803ef7a6563ba6f799d1ef30ef5a0b412965fdac0b9dab842c78ee2cc628e3d7d4061e34ede3797e154b06e8c66cebdf2ded0f81b60f9f5cdda675a435277ba1524557e67f5cefafce929291dce89ecb08a17b67a60c582b487bf2f6169626615f3c2fe3b67388b713d35b9066669960de4db413cd8528ee56ed173e976a3c974ac633a7134cce38319735f857b7d71ba07f477ef85848aa8f39e118118779ed87b4f42aa358a89f7ec844a451e7e8fc0af418b85bc9bf2f26d1ea137d335ec7ee757b70ae2fdd9cc134932f0e5425bf37fb915e79e:32250361df6ed283485f95f3d357a4f1c33a8cf91658327cd453d49c953665510870aa454cfa3b83245220a827d0ec7477f9eceb79c4a29f301f953cc8caac07ce488d26975c1c9328b47fa92e19561330041b23a0e57a4b8bca89eb5f615e73dd7fae69c2380e3212f9b73341c356db75a6256d7a20a97f759d4cba7197178ea724dd932949360e96c50a4b3ba55a953372c397b0969c2b14d3609e0a852d484df70eaab11249ebeb3237921f0a39a55d7dccfef205d94ec80d9e1fd6a2c1efd29844101dfe2c5f668adb7975915dedd086500cee2c1e233e8e48855cc1a6f287d63dce10addd13cac7b7a187efe47e12d1c35bb3974052b23a73668d3e4c87db4841af846e808672c43d0a1522e2965f083951b2b2b0c409548ee6182f0c9850514c9e6c102f54ba4124c92a90274f405891e662f5ebb3771b85783156e9e5836734d09d1baf5b2134c93162eec4be03bd12f603cd27be8b76accc6e8b8bac020cba3479651c9ffa53ce4eb77a77313bc1265ddab803ef7a6563ba6f799d1ef30ef5a0b412965fdac0b9dab842c78ee2cc628e3d7d4061e34ede3797e154b06e8c66cebdf2ded0f81b60f9f5cdda675a435277ba1524557e67f5cefafce929291dce89ecb08a17b67a60c582b487bf2f6169626615f3c2fe3b67388b713d35b9066669960de4db413cd8528ee56ed173e976a3c974ac633a7134cce38319735f857b7d71ba07f477ef85848aa8f39e118118779ed87b4f42aa358a89f7ec844a451e7e8fc0af418b85bc9bf2f26d1ea137d335ec7ee757b70ae2fdd9cc134932f0e5425bf37fb915e79e: +2c47f2b8b9d2cee9e6f654bc24658f9eaf439c23beaa0a79bf35cc8cd2debaf4444af2f34fd32e5a19f61f87d03e107627a3eeb8bd94d2faeaa348b05dea1980:444af2f34fd32e5a19f61f87d03e107627a3eeb8bd94d2faeaa348b05dea1980:044c8faa8c8aaf9f2b8186a6b9b33847ec7b452423b22a91743d2e597ecc1e1e22ae60053e9ee6233b044e775920e4e3d66719901325cfdd39bb532f8aa469aab42e9608c21260c04c27413a7a94e466f63c4952e90ef90c12814b3451b1cad7da9147f8409220f6498cc0a67fef4bc04fc06e1d898a5515591e8be0c43d75a6fe425b7cbefb1b91b1bd78b5bec7829056982efdc5be24af6678006adc6f0446202e7ec3a2d6979cb0df7e25d74233914d9c58b81cf55be06967d3a595c1b9672869994cfba67162833a2143aa91cc93acdafa5b45208df3e88ccc01a2a4d220e360098d9154d225a7ca5f2f1e52b1003d106650a77b283b95e4baf1e7336fa9a747a2b3823d360910412e76db725ce1ab1e1d189d0d3abef82d7666bcf1b76669e0643b44f74e90ceafa0c8371b57c58f3b370a547c60958f0fcf461b3150f848c470fa07e29bf5f0d4b59efa5ab0d0341e0451d0abb29d7414cddc46cc6d74cf3dc233d0d1707387bd8c7780ff78e546fb77294d58a5dda5f05c1297e3d1771156d285635bf7ecedb38a9e5e77449804f3899ea46a50266b255aeb52d18e0fa136e535cc9026f678552fa3ee2146081d999685e24bf7807cc47c130436c544d35b4b875bd8afa312ce3ae17cf1c7f5ea1ececb50f95344720cecf088434ff8e0ba044ec19c98ada7782116304cbeac1c3e35f5a4f44313354dc9a40ece5a0f9ad3a2025acef262c5679d64:8554b01d09ed86e61395b91a2b1ee18715c42f9c7e7f0700d79ff9fb5781293d61c558dd5b431c93718dcc0f98fb652b596f18c30f82215e8e63e4f6568c8800044c8faa8c8aaf9f2b8186a6b9b33847ec7b452423b22a91743d2e597ecc1e1e22ae60053e9ee6233b044e775920e4e3d66719901325cfdd39bb532f8aa469aab42e9608c21260c04c27413a7a94e466f63c4952e90ef90c12814b3451b1cad7da9147f8409220f6498cc0a67fef4bc04fc06e1d898a5515591e8be0c43d75a6fe425b7cbefb1b91b1bd78b5bec7829056982efdc5be24af6678006adc6f0446202e7ec3a2d6979cb0df7e25d74233914d9c58b81cf55be06967d3a595c1b9672869994cfba67162833a2143aa91cc93acdafa5b45208df3e88ccc01a2a4d220e360098d9154d225a7ca5f2f1e52b1003d106650a77b283b95e4baf1e7336fa9a747a2b3823d360910412e76db725ce1ab1e1d189d0d3abef82d7666bcf1b76669e0643b44f74e90ceafa0c8371b57c58f3b370a547c60958f0fcf461b3150f848c470fa07e29bf5f0d4b59efa5ab0d0341e0451d0abb29d7414cddc46cc6d74cf3dc233d0d1707387bd8c7780ff78e546fb77294d58a5dda5f05c1297e3d1771156d285635bf7ecedb38a9e5e77449804f3899ea46a50266b255aeb52d18e0fa136e535cc9026f678552fa3ee2146081d999685e24bf7807cc47c130436c544d35b4b875bd8afa312ce3ae17cf1c7f5ea1ececb50f95344720cecf088434ff8e0ba044ec19c98ada7782116304cbeac1c3e35f5a4f44313354dc9a40ece5a0f9ad3a2025acef262c5679d64: +887fdb4870681d4fb06a936259f75cae0517f501af646bc07a4d72bee7fb1c73c762ebd48b2ce02d06384e38554b825ad322ebea74d259df1547a4d547ce0024:c762ebd48b2ce02d06384e38554b825ad322ebea74d259df1547a4d547ce0024:c5dc779f3f3fac06dd28e5a67e0e524af5b5dc3b34409657b63dface9471e9a41e1132175a0b569c8fea9d2eef2cf5d5962c7e0b6145a9e7a0c1aa33772044f9c3998c5a8c4886458b4e586f9307608361f511e7ab5092ac41ec76e0586ef5b9c236fcf5ca2fc8dd6aaeb789367f2e7c990932555dc52261e44e49423498b524419183b6c1f1d42c45464eccb0c2f7e25177fe5cd463502b403e06d511fcf9dcb64012e0f20b34c2ea7c004d9e484a7ed81f3260c41c8b1953529f47f71e867843cc3c332ad0366a63817ed12dd4730d3dfdbd7572b9ff798045940dd19fad0c8aea0b4ab61c4016de32799c73aa2b92d2c25ee9b72d46fe8f0693c58775efb05e9e17a5c346a81265d35be69a22d095de186066a5c6d8c07a3d38d002a10e5efdb866da4a9bdd54f5092661b6c2d743f5aeaa4c6c318fb59323903057e49c237b45f67542a4f27caf65b57cfcf88b71203d43d7f95322160f95c232dd10abb113b721ddba2226b063229bb44102336b10bf1656551161249786d454f4e0909d500017f6c7564f733c831af4e5ec94dfd3bf8ff5f3021b70a5ca5d28c6dfb8a2c18a1a662a33359f264d169698c1ab55783faca73bd68c0f79d1d04ae0ecdb52ae761892c02493ff35f3d84f66e236fc58134ad6a77d92254905d773900d9ddf2654c70b46f341dacb4793ca51eede45533eaeeb6e3323bc3e6c85a7940651c4f6f98191c618c891ea4e220ea4:410a5af3c59b7c6bdb214b166cb79d96f830cf98bf52dad7b6ff2979c97fea4fed5ef7d3d49f03097279b9a099226e2a08dd30c60786254e2da8dee240bfc308c5dc779f3f3fac06dd28e5a67e0e524af5b5dc3b34409657b63dface9471e9a41e1132175a0b569c8fea9d2eef2cf5d5962c7e0b6145a9e7a0c1aa33772044f9c3998c5a8c4886458b4e586f9307608361f511e7ab5092ac41ec76e0586ef5b9c236fcf5ca2fc8dd6aaeb789367f2e7c990932555dc52261e44e49423498b524419183b6c1f1d42c45464eccb0c2f7e25177fe5cd463502b403e06d511fcf9dcb64012e0f20b34c2ea7c004d9e484a7ed81f3260c41c8b1953529f47f71e867843cc3c332ad0366a63817ed12dd4730d3dfdbd7572b9ff798045940dd19fad0c8aea0b4ab61c4016de32799c73aa2b92d2c25ee9b72d46fe8f0693c58775efb05e9e17a5c346a81265d35be69a22d095de186066a5c6d8c07a3d38d002a10e5efdb866da4a9bdd54f5092661b6c2d743f5aeaa4c6c318fb59323903057e49c237b45f67542a4f27caf65b57cfcf88b71203d43d7f95322160f95c232dd10abb113b721ddba2226b063229bb44102336b10bf1656551161249786d454f4e0909d500017f6c7564f733c831af4e5ec94dfd3bf8ff5f3021b70a5ca5d28c6dfb8a2c18a1a662a33359f264d169698c1ab55783faca73bd68c0f79d1d04ae0ecdb52ae761892c02493ff35f3d84f66e236fc58134ad6a77d92254905d773900d9ddf2654c70b46f341dacb4793ca51eede45533eaeeb6e3323bc3e6c85a7940651c4f6f98191c618c891ea4e220ea4: +88b3b463dfc30d015eefbbbdd50e24a1f7277775bcef14a6be6b73c8c5c7303ef2b6284c930d4ad32d0ac719040ee7886b34722edf53da801acb5f931969e119:f2b6284c930d4ad32d0ac719040ee7886b34722edf53da801acb5f931969e119:17c317fa6bc90c5532328f02ccfb6c099e6fe1000174f2af3a3a9309428506717c5c4335bdd7c367ff4e448a9c047503afba68fd8f7987237be7f7fbdc6d73f24c6421cab422b3fb25f67b2d71042e71570df2af37bfe5c114211fd5524b6c1c6cc52fabc3cd7fb464cd580bb74071cb300f8c9f8a46208e5aa5ddfea5fe90697aa2f14c607950c98f2312a9e16ef6346a8fd129232733827e1501a660c77c29c56d2fdd1c5597f8bc89aaefe3713734fe82858201891a1147efaf1d78a471f920defc880344553eb716cce3260e86a1bc0be28373a6a066116e8ecb10a0c4a70ca2b5364e119f84aec60deced3a4eff1fe688c5e3e251470ab516fa964a4b6f28368dd1e283597934064dc0c5b5691062cb2e267bd15fd422bcfefb83ccef7aa9a2275ef57e473149988c1578fd18708d2ff69f8e5980aa826a82cab7d8b92bb53bdd46db046ecdfc8cd7ae5ce44f3c5b8c0565b5d3c072c76b95ce900ac3ee5510db0e75d3a4150a98f3ccccc69e930c6ba741dbb0eb9fb3196871ba206a58e0dae39c8d6bb72a82399c4b7b9da38577ac17ff1524d653c0bf33679323ca7eef4e9228729031560ed8f2e5193c640b2f5e608075a2ed61428dfccdc00050ba4b99ed6d1536d5ac1e939674b41d16312ae5b07def1bf53589bed4400602ee11b850330f38aad33ef04170a3905c28b50ecc57dccf4f29d0c00f713d32ffc857956588a6326b9549edb0e4fe6185:825aff71f79303bf4592bd8da4d7d9437ff267976f746437655988ddcf29379465a3b48c9fb0f31cef03e6368861c369b4364fb8e4b0c72e26a9a9dded1c250417c317fa6bc90c5532328f02ccfb6c099e6fe1000174f2af3a3a9309428506717c5c4335bdd7c367ff4e448a9c047503afba68fd8f7987237be7f7fbdc6d73f24c6421cab422b3fb25f67b2d71042e71570df2af37bfe5c114211fd5524b6c1c6cc52fabc3cd7fb464cd580bb74071cb300f8c9f8a46208e5aa5ddfea5fe90697aa2f14c607950c98f2312a9e16ef6346a8fd129232733827e1501a660c77c29c56d2fdd1c5597f8bc89aaefe3713734fe82858201891a1147efaf1d78a471f920defc880344553eb716cce3260e86a1bc0be28373a6a066116e8ecb10a0c4a70ca2b5364e119f84aec60deced3a4eff1fe688c5e3e251470ab516fa964a4b6f28368dd1e283597934064dc0c5b5691062cb2e267bd15fd422bcfefb83ccef7aa9a2275ef57e473149988c1578fd18708d2ff69f8e5980aa826a82cab7d8b92bb53bdd46db046ecdfc8cd7ae5ce44f3c5b8c0565b5d3c072c76b95ce900ac3ee5510db0e75d3a4150a98f3ccccc69e930c6ba741dbb0eb9fb3196871ba206a58e0dae39c8d6bb72a82399c4b7b9da38577ac17ff1524d653c0bf33679323ca7eef4e9228729031560ed8f2e5193c640b2f5e608075a2ed61428dfccdc00050ba4b99ed6d1536d5ac1e939674b41d16312ae5b07def1bf53589bed4400602ee11b850330f38aad33ef04170a3905c28b50ecc57dccf4f29d0c00f713d32ffc857956588a6326b9549edb0e4fe6185: +427d6e423917896831601b8f4e21561db6108571be009e29dca49a5960ff314b8d9e6360fdef249975df27b3106a71120587722df3270a85a13a8c3bb8c9809e:8d9e6360fdef249975df27b3106a71120587722df3270a85a13a8c3bb8c9809e:9c2cc7f2462e09c4c58c2709ab4259885a4e887d9fa531881505aaf203c163fb3a0dc028f4ada60670638d4a9727a39083bedbaced58edb779e1ce6ccdfb428c362bb1db0c1053006bd8f4bef89a1a9de01c774e357f910e5c39b22477555e5f7c0498b5b28f369e5d3fa42ab360e4f451c69f81ba0f3cced43a559db600104278f868796b2c911b3b032b729f4b22ac149dc467a0cae48d19e9d985b42b62549de171ff566e1d1e9bb8e56cfd1ae8f7bddcfd8a2341827dbe89c882ab3e498339ff681c7dc1104de738b480316943109f703d471ab86e4ca4287e4cd74c312ff7d037395606fb25f871e7277078a787d02f31cc9e815be8600a7c47c6fdd82331ae9c496a547bdb235b8a56d53259e6296124a32c3b625d202419d064b9a4e83efa87f13537b4f513b916a84fc866d8a899804c7833eaa019e0d7e0e8075bd6b5cb6ffc766479f3f6e20e481e6ab27bd808ad906cdcc7827430e312f740f275ddf51dd83248fa057c43c9cb77557b2fd9c2d52824ff9e146deac1e6691d450213bc590a49bec72d52e38f6b4dc6cca951eef2184d2425031ad59b242effa68b6c72c54c9dfdb419c02eb43ef3f34d338d2a9dd03a78cfdd014098e249259e77282e0c3fc1010b02a67ff851e9cfd9749c1cd8f06cf462e6ade995ac466fab5c795e9eff13e55b4350b94c7316aa498df9fdee9958047793e3bbb89fb81da85f4b9d43e4b0d43b381b94cdc9a99d06:d1c9a01c56e33960f49df37eab963bc5a99f25c600446ce2ca48d9139da5733b718fbf1a987393f6e5823c2d130c7ce60ea3db3543c8854ef12b98d33adde7059c2cc7f2462e09c4c58c2709ab4259885a4e887d9fa531881505aaf203c163fb3a0dc028f4ada60670638d4a9727a39083bedbaced58edb779e1ce6ccdfb428c362bb1db0c1053006bd8f4bef89a1a9de01c774e357f910e5c39b22477555e5f7c0498b5b28f369e5d3fa42ab360e4f451c69f81ba0f3cced43a559db600104278f868796b2c911b3b032b729f4b22ac149dc467a0cae48d19e9d985b42b62549de171ff566e1d1e9bb8e56cfd1ae8f7bddcfd8a2341827dbe89c882ab3e498339ff681c7dc1104de738b480316943109f703d471ab86e4ca4287e4cd74c312ff7d037395606fb25f871e7277078a787d02f31cc9e815be8600a7c47c6fdd82331ae9c496a547bdb235b8a56d53259e6296124a32c3b625d202419d064b9a4e83efa87f13537b4f513b916a84fc866d8a899804c7833eaa019e0d7e0e8075bd6b5cb6ffc766479f3f6e20e481e6ab27bd808ad906cdcc7827430e312f740f275ddf51dd83248fa057c43c9cb77557b2fd9c2d52824ff9e146deac1e6691d450213bc590a49bec72d52e38f6b4dc6cca951eef2184d2425031ad59b242effa68b6c72c54c9dfdb419c02eb43ef3f34d338d2a9dd03a78cfdd014098e249259e77282e0c3fc1010b02a67ff851e9cfd9749c1cd8f06cf462e6ade995ac466fab5c795e9eff13e55b4350b94c7316aa498df9fdee9958047793e3bbb89fb81da85f4b9d43e4b0d43b381b94cdc9a99d06: +be935209f62dea6012ecda6a6156cd166a4d761150deed456816eaf0ce78a7f6d39a89af72293948b13421fb883bbe372af9089c224d42b901979f7e2804e1c0:d39a89af72293948b13421fb883bbe372af9089c224d42b901979f7e2804e1c0:117f427cb68150cafcfa462c42206141427c4dcea1c8eacc2d30bed1e90207d5ae305e1fc16c54e4c54cc6878cdbedc9f51fe18461ec37c557b115d13c8682c4e15f505296a1760e1e75f5ab27a5c15a1357d2c8c40dd5355f7c82fea5d27e28876358c12e9113ee2983ea6f09c64e06e297dd96b34d9b5ed49fc47a8839549c66b002fe945e8f94e7d2315c50ca4dc098be4b3289812fbea96b47ce604540bde0e5ab0b1bc036be9b6a95e09c81e898640c8f05d60ad94218d0e66ceb85a26b78292220bfd061dd073512923b90c79dcf5a1935fafe8e01ef8bf81b4d37c5a571b50c421f9bd2194bef3586fcb8584877bb7e0481655b05c7b643b1e45b04036272841852e31940ef8f3b6d4feb5df079d176f979c18a11a66d1214e52f687e9063c1c2b7277b685d5c72ad569f7873838f910257a053131c83ebce86e69d736362bebc96bbfa35fcba1cb527e748e5f579929fd40c56b1a51a222e863302705c86f7b54ebfbb9482f7e280f7bec8caf3a6b5671ac30cd1be529288797c013ce56bd186de7dfc1828691425c147c5174a290d80cbd59c19da7adf77918882a7b2a9a64e6d76b48b92f2a266eee6e251d2e817652b88b502de7399782d7529a81d0a363996b9df68b15a7630904c8c246081fa4f09299f15757958e089a901c3564615c0f7cf2752b8b9e521338d836e3dae4ce2374642253c4c9831974e5d8c2842f49007b71775093dfe57f44492f0:08e098a749fce6d12354395878a8be35fe9edf72684dd8281224899b1caea4ed687785dff55a19989e03636e1666386f22c3f443ecf6fd34d599ff3ec2faf101117f427cb68150cafcfa462c42206141427c4dcea1c8eacc2d30bed1e90207d5ae305e1fc16c54e4c54cc6878cdbedc9f51fe18461ec37c557b115d13c8682c4e15f505296a1760e1e75f5ab27a5c15a1357d2c8c40dd5355f7c82fea5d27e28876358c12e9113ee2983ea6f09c64e06e297dd96b34d9b5ed49fc47a8839549c66b002fe945e8f94e7d2315c50ca4dc098be4b3289812fbea96b47ce604540bde0e5ab0b1bc036be9b6a95e09c81e898640c8f05d60ad94218d0e66ceb85a26b78292220bfd061dd073512923b90c79dcf5a1935fafe8e01ef8bf81b4d37c5a571b50c421f9bd2194bef3586fcb8584877bb7e0481655b05c7b643b1e45b04036272841852e31940ef8f3b6d4feb5df079d176f979c18a11a66d1214e52f687e9063c1c2b7277b685d5c72ad569f7873838f910257a053131c83ebce86e69d736362bebc96bbfa35fcba1cb527e748e5f579929fd40c56b1a51a222e863302705c86f7b54ebfbb9482f7e280f7bec8caf3a6b5671ac30cd1be529288797c013ce56bd186de7dfc1828691425c147c5174a290d80cbd59c19da7adf77918882a7b2a9a64e6d76b48b92f2a266eee6e251d2e817652b88b502de7399782d7529a81d0a363996b9df68b15a7630904c8c246081fa4f09299f15757958e089a901c3564615c0f7cf2752b8b9e521338d836e3dae4ce2374642253c4c9831974e5d8c2842f49007b71775093dfe57f44492f0: +6818c60bb6439ac2eee2d4e128e9d8691d4ad5d363fed7d6577a62b6569994a47345ec11bccc056fc4effa3e4ef670996aa26a1bb1b83391babc39a1a59601f9:7345ec11bccc056fc4effa3e4ef670996aa26a1bb1b83391babc39a1a59601f9:b2ae658b3c13c3cdeb1dc993b0f45d63a2ea9abd0b7a04f1f5ce5932806c2ca9b7a204fbf8d066b7f0fe6ae0d1da68c885ee11f6f6db7e8320a2ea650b533851cdd99d903aa0b3faa3c950f702f04e86b4eeb3a1c7bc854b2514fa5b4766d375b4f1ad61075378dd92fd626c2b47e01383ea72987959262c562862b45b7557671413b66614bcc9f7bdb9ee46cbed8965bfa505315090c7204bea89175be5f20802e3deddcbd8dd64cfef7ee6a6e3860ce1e5799df5d810d5ecf32e615d16dff87abd4a636ea17aa4ece5b6b2c046b65b5af749862b45790c39176820b36901be649cf4169df7e923956d96064950c555f45acb94507cfd0c3b33b080785e35c0d2b0addc4c0ad3fb216ac2e601c9c7e617dabda333dae603cc9db1fc62ae4e0e45e3ccdd166a6781e243b7daa138806632f538844ee3d140b7a8bb2b540100778c458e066170705e5fb2c88029098b992c39bc9ff6330bfcfe7752320e6ea0949d2c871aedc187be27fef7db5f72a6a773edde0dc52ae2ed931cb26817b85b1545894d92298aaf87ccbc783e8dd6d16493f56ead2ba852ee9c7d10074406440d2a279abc874f15468dd66a717bace37be7b7055dd9681f8be81329ee7af97e3abc434ac1c93aec582f23fd1ec0fa5aafcf7bfbda00ffa97ae317ae918d349d21a7f4619142ba23dacef7b390ae26a17e2e2962ae27005376b72d4da9e2979653a66325a14617638dbe1a5540b683ac0017:1505967a27b9f86e9242444002a1e3197d74ddcd89659ec5140202aac794b8adc193e7d30f3382642990f6fed7a999cac8c61eaa39b7d90816f1d738744be101b2ae658b3c13c3cdeb1dc993b0f45d63a2ea9abd0b7a04f1f5ce5932806c2ca9b7a204fbf8d066b7f0fe6ae0d1da68c885ee11f6f6db7e8320a2ea650b533851cdd99d903aa0b3faa3c950f702f04e86b4eeb3a1c7bc854b2514fa5b4766d375b4f1ad61075378dd92fd626c2b47e01383ea72987959262c562862b45b7557671413b66614bcc9f7bdb9ee46cbed8965bfa505315090c7204bea89175be5f20802e3deddcbd8dd64cfef7ee6a6e3860ce1e5799df5d810d5ecf32e615d16dff87abd4a636ea17aa4ece5b6b2c046b65b5af749862b45790c39176820b36901be649cf4169df7e923956d96064950c555f45acb94507cfd0c3b33b080785e35c0d2b0addc4c0ad3fb216ac2e601c9c7e617dabda333dae603cc9db1fc62ae4e0e45e3ccdd166a6781e243b7daa138806632f538844ee3d140b7a8bb2b540100778c458e066170705e5fb2c88029098b992c39bc9ff6330bfcfe7752320e6ea0949d2c871aedc187be27fef7db5f72a6a773edde0dc52ae2ed931cb26817b85b1545894d92298aaf87ccbc783e8dd6d16493f56ead2ba852ee9c7d10074406440d2a279abc874f15468dd66a717bace37be7b7055dd9681f8be81329ee7af97e3abc434ac1c93aec582f23fd1ec0fa5aafcf7bfbda00ffa97ae317ae918d349d21a7f4619142ba23dacef7b390ae26a17e2e2962ae27005376b72d4da9e2979653a66325a14617638dbe1a5540b683ac0017: +6d1da5b483e64b0365990ff09381fb1702fd8ec3a1a369cd52e4c56713a314a508055c261f26e02a658f66d9ba01fcde53e9ade3edc6bf815e4a6802e1677ab3:08055c261f26e02a658f66d9ba01fcde53e9ade3edc6bf815e4a6802e1677ab3:79a2c37055f189f3247f1f8cea19b2ea40d858db1f5d1392ee6d411c7802ee23de52ad02811725a94d76675da89a96b5d07abcee233a1a2e1fa324fff9e78a4c196147f8570b0b13713d96aa5d750a15d7cd162e7ba2e75333607dd698eb4773c7e91f7668ff8b62f04640eb12ecf122fce6b832e0d0df928eefd2c2002364af6bb55291d3f54929085be338342f09da73e279c87c8324555819ed57e78d7ac40951d33f65b94aa1e555e92a063d11f1ff7b12694341e3fe444933d01aa36753ed3cdda890bdf95a8205b5d893221991c795ad0a4a946f58d40a453451af214fd465e28d3e2f0a56aa56def8dc04aad35713abfc8bd7856d5a9dc3f60a3f2bd3e6366f1f244e941d6aea892f6a88931fe1c313e09078e90bc6392d490533c9ea3ff6deaf3aadfa8dfdc4e90f64af47589ea65a87acd2199602351d3afc2103196e0394ed523aa799d31e11d34fff546d44f436b34859f9cfbc9ce403de5a9830ec3d453f0d45970f572c144f191b2fbb2d0ea6cc9c8e24d9c0b2183b278072ebb0be2d70d037fd2e8ec18dc4c9b21abdc6a4ce8d4668a220eebd6934f04baf0e88a488d2dfc735a7c5a70dbb0166a21ae011fc6e7da10fc320336271d9eead510a6f7032f2296692be508021bc98c170be4235f7ce31f2bcd6341163683376ae2c5662cb4770c96e018ef1bf47913319c9a09b9e965ab5c3e97bbc756a5666b4567f2cff2d0c3a6a4026158cb9f90f950056:a5b8b44a91444c64374b523cb4dcb0cef4ce52408b98126d7e1ae8bdc28cf51470ce4e253e0be62bd68ebf5fa6bce1585eccfa9256c073ee03e54c525bbe2d0a79a2c37055f189f3247f1f8cea19b2ea40d858db1f5d1392ee6d411c7802ee23de52ad02811725a94d76675da89a96b5d07abcee233a1a2e1fa324fff9e78a4c196147f8570b0b13713d96aa5d750a15d7cd162e7ba2e75333607dd698eb4773c7e91f7668ff8b62f04640eb12ecf122fce6b832e0d0df928eefd2c2002364af6bb55291d3f54929085be338342f09da73e279c87c8324555819ed57e78d7ac40951d33f65b94aa1e555e92a063d11f1ff7b12694341e3fe444933d01aa36753ed3cdda890bdf95a8205b5d893221991c795ad0a4a946f58d40a453451af214fd465e28d3e2f0a56aa56def8dc04aad35713abfc8bd7856d5a9dc3f60a3f2bd3e6366f1f244e941d6aea892f6a88931fe1c313e09078e90bc6392d490533c9ea3ff6deaf3aadfa8dfdc4e90f64af47589ea65a87acd2199602351d3afc2103196e0394ed523aa799d31e11d34fff546d44f436b34859f9cfbc9ce403de5a9830ec3d453f0d45970f572c144f191b2fbb2d0ea6cc9c8e24d9c0b2183b278072ebb0be2d70d037fd2e8ec18dc4c9b21abdc6a4ce8d4668a220eebd6934f04baf0e88a488d2dfc735a7c5a70dbb0166a21ae011fc6e7da10fc320336271d9eead510a6f7032f2296692be508021bc98c170be4235f7ce31f2bcd6341163683376ae2c5662cb4770c96e018ef1bf47913319c9a09b9e965ab5c3e97bbc756a5666b4567f2cff2d0c3a6a4026158cb9f90f950056: +5146f5b7f1baa19fc8cd785c896e0f90f9f659b77b1b9bb4adcab5a6267205e4688a8de64eff33ba6bbe36cdd6a384bb67b3f42636db234ff5efe0b31743c7e6:688a8de64eff33ba6bbe36cdd6a384bb67b3f42636db234ff5efe0b31743c7e6:97bd99f518ee0788d576d99c043b449dfc242ac5eeaec344a19432b345962ec412ce55362b3b851d98119fceb9328347f6fcc68dbf56a2814db09e9385843a931189ea3e72da9d79a45693053c035701dc5551240f95b303fba16f89aa53a43882b0f1381202c78f9c7419899f2351eca95e20bfee76351c48d00499f591da56a99524bb74fe1c834ee91077139f1edf67315c07a3fd97f80b7c276b6cf6b5cc36be363b731217f6319f5129ba7b14d054c8d81d8e3a3f3be62ac31ff62df6a3b2ee2596969b991704b31c689997ab4628bc2660c67872132e85da0c4fcf567965f1254a8f432692a17bb86cb3c1dcbaac939552f09e50ec5b0de2ef85e0ac253a4165655db5b5c49803821d859c60961e061d58278b827dd4d3bc47f1c22de094906bdbbf3badbdde22ba24255855eb86d1d7f37082059311dc0728ebeaf26c4473bad1fa9e614b533b811b6bcb0650c06d879a5245788f3401b46197300774a9aa73cd978c0530c81a53bdb3fc932414b3e30440dc127441eff1605e7fd9ac8c632e82bf1b453d4f33a57e4b67b0b6fcf6ed5555b5f5a300a14a00d0385a33750525b00edb312c6bfdd64edd3b5316d19f958c517634f013b008936d34e9b5e1e9283a5f0fd7783377c0e5090641bb9d338cf3133acd0b971e537904f17af92911afad72ee97f9a8283a16a7e26ab428416c1017dae9b1a99c4c3320ad163bdcfc328bfaf9b8d5d7d26d41d1ef21a5208f01:4bdbd7c64f13e278c23969e7eb386bbe499dbdefc3ff4e30cfac5cf86f216c24c9e6cde20e529d147fb7ea08f2593ad50903b5edbf86b4d28f2eb32ef137f00c97bd99f518ee0788d576d99c043b449dfc242ac5eeaec344a19432b345962ec412ce55362b3b851d98119fceb9328347f6fcc68dbf56a2814db09e9385843a931189ea3e72da9d79a45693053c035701dc5551240f95b303fba16f89aa53a43882b0f1381202c78f9c7419899f2351eca95e20bfee76351c48d00499f591da56a99524bb74fe1c834ee91077139f1edf67315c07a3fd97f80b7c276b6cf6b5cc36be363b731217f6319f5129ba7b14d054c8d81d8e3a3f3be62ac31ff62df6a3b2ee2596969b991704b31c689997ab4628bc2660c67872132e85da0c4fcf567965f1254a8f432692a17bb86cb3c1dcbaac939552f09e50ec5b0de2ef85e0ac253a4165655db5b5c49803821d859c60961e061d58278b827dd4d3bc47f1c22de094906bdbbf3badbdde22ba24255855eb86d1d7f37082059311dc0728ebeaf26c4473bad1fa9e614b533b811b6bcb0650c06d879a5245788f3401b46197300774a9aa73cd978c0530c81a53bdb3fc932414b3e30440dc127441eff1605e7fd9ac8c632e82bf1b453d4f33a57e4b67b0b6fcf6ed5555b5f5a300a14a00d0385a33750525b00edb312c6bfdd64edd3b5316d19f958c517634f013b008936d34e9b5e1e9283a5f0fd7783377c0e5090641bb9d338cf3133acd0b971e537904f17af92911afad72ee97f9a8283a16a7e26ab428416c1017dae9b1a99c4c3320ad163bdcfc328bfaf9b8d5d7d26d41d1ef21a5208f01: +5e6fdac9351a637b99f33a264e1287697e2abab0cca16621792484f5606f44c157e5f88acddc8cde7dd07a3146fb1d4f7a9b6383a8f6b2b8d9b07ebc3fc4dd20:57e5f88acddc8cde7dd07a3146fb1d4f7a9b6383a8f6b2b8d9b07ebc3fc4dd20:4d6cd3bc2f86266b8bb1b61d0e1caa9bd2d4a180361aef3a18d390b10f7e860f697e247eb6c3e51d3b976bf0ca183d01a69880f15c94b875668ca30dada0895bedd4d705a0e03304d063dea87c7fdec98b89c06f130dd5bd586b54d9ba737826bb405cd8ac8bbc9500acda3c07461d009440af0b2531e72f3ff5016ae2d86d69b87fb273d1e8dd5f6a264beebb2f885996741ffda277a0fbf8ef08f81f22ee5961d9d3fc938362e1ca12004a91d9b5f7a6833a6c22955ac0cda3390671910cbd51e685fe095973e415fc2db8adf10b147ec7080c3b8ebd07d21bb9556da85430a268eed8486b1e31c94313b01649fe91b222f85adee15eb77707d78ffcb660926544d33be9994a297620dc7aed97f392639053f388b0b3aa3bd0ac5b033cb414be520b43df6826b976890d0c53b97b6c92e7d1a1573d0c7494d747e0cad9bd8ea538d62ad59801ad0716f170193e3009d9959c55d2ff64799bd959359abb94ca9723b5ffc24c9507f8c5fd6e88eaae7a70add84d744ccf8b98363788f0bfb1a02522025751e534710d40a2d38a791194eba293fd2046cc14dd3876d168fc6e236cbe146d6369d225bfa67e53979865f78873a9fcf03c186fa8521f0a5545accee80d1e55107221e21f0f2291c143de023e88d7330cc87d4c51ff29a3090605e9739490c1dcee713495f231c2a36b11ab235547fb6328f747336d9b1ef25a8ab99ceda957b2dccee4075b0d03381b94ae18d041ea:987e32e00a8a1632f47b503194355c980cb22adeb326b4e3115ecab04b704d186cd92e3c3ac7b4e2936cbd07cb794ec0cfe91a97872ff2b41376f5f18f55b8054d6cd3bc2f86266b8bb1b61d0e1caa9bd2d4a180361aef3a18d390b10f7e860f697e247eb6c3e51d3b976bf0ca183d01a69880f15c94b875668ca30dada0895bedd4d705a0e03304d063dea87c7fdec98b89c06f130dd5bd586b54d9ba737826bb405cd8ac8bbc9500acda3c07461d009440af0b2531e72f3ff5016ae2d86d69b87fb273d1e8dd5f6a264beebb2f885996741ffda277a0fbf8ef08f81f22ee5961d9d3fc938362e1ca12004a91d9b5f7a6833a6c22955ac0cda3390671910cbd51e685fe095973e415fc2db8adf10b147ec7080c3b8ebd07d21bb9556da85430a268eed8486b1e31c94313b01649fe91b222f85adee15eb77707d78ffcb660926544d33be9994a297620dc7aed97f392639053f388b0b3aa3bd0ac5b033cb414be520b43df6826b976890d0c53b97b6c92e7d1a1573d0c7494d747e0cad9bd8ea538d62ad59801ad0716f170193e3009d9959c55d2ff64799bd959359abb94ca9723b5ffc24c9507f8c5fd6e88eaae7a70add84d744ccf8b98363788f0bfb1a02522025751e534710d40a2d38a791194eba293fd2046cc14dd3876d168fc6e236cbe146d6369d225bfa67e53979865f78873a9fcf03c186fa8521f0a5545accee80d1e55107221e21f0f2291c143de023e88d7330cc87d4c51ff29a3090605e9739490c1dcee713495f231c2a36b11ab235547fb6328f747336d9b1ef25a8ab99ceda957b2dccee4075b0d03381b94ae18d041ea: +fcfff0932dc86ea5902a8d33073329960cd8188a075dd0bcdfa8382c20b0e78f0c9205a90bbe7f2d505e17fa3d080b522a1d7a152cad2d85d31b34a0471c0d4c:0c9205a90bbe7f2d505e17fa3d080b522a1d7a152cad2d85d31b34a0471c0d4c:3d4b76122373e212a346d19a66bbfc4b623292649bd0ce5cf6bb135648bd01db7403b3d0bdd1697ff4e6e908904116754d370c40d700cdb664c46a91dd84a358b9d2381443e60f2c3f5640261b6b858ba8f828b0971f4122b20288a26ba2090ba14fd276360cc68679cd8419ae19c6d4dc7b6614c06df5e5c0510e2cb686de0ebd75e5210a215562589b28c9ccc7d272b98bd4bf93495efe4fc5b78defecfbcaa9fe126bad30e89b3a389b4256f6a48a76c345de5a36a1449f08345b9a5e6a001da1ff9cd433709348e9aefbc78ba52d3ab3b46986935eba8ecf81edc43c5b2e3b5eb38d9a165e9e7f72f617605463bedba973ebfdcdf2b0889c71412f8f850c7a3b5518ecd89d2e25c0c1c30f085a0ffe540ef9c0e88fc7ec4af1948a4e6f7a6e256b307a1127b71ba686efeadca0e4860947cf674fced6caf7310ccbaa8d9047daed30fd5585d41ddeae4df2fed4b6228032c3e4ae2380e87ec6cd72e4d74b8b4c3813fb043389391e9c13f7d33c3aab5a78fc4c6a634c61a70f02a940548da177c65df6ab17cd9683f37ea821c740889d82e88c834e7d5dc11662ea78b13c6a4b6218d31784219a4767595b1a56216525cd68938b22bdb1f8c5a7f1701afeb961888e2e0ec0c838cd620cb7dd8a1493a02cd56b545125e4700c0889fa2644e644a3af531d1cd6bc95e5df9175f137f28408cb699c7ae66f65d1d2930fac57ca8a60e6311a4078488c9ea404948a9debeb9d5e10:37ddd83f98b057b7cb3208a832c58aa90694563c23548d432291380b73591301f274b04cee2ef78c06d96c3d9b7c17521aae1a8ca50d347c09c3cf703bc8830b3d4b76122373e212a346d19a66bbfc4b623292649bd0ce5cf6bb135648bd01db7403b3d0bdd1697ff4e6e908904116754d370c40d700cdb664c46a91dd84a358b9d2381443e60f2c3f5640261b6b858ba8f828b0971f4122b20288a26ba2090ba14fd276360cc68679cd8419ae19c6d4dc7b6614c06df5e5c0510e2cb686de0ebd75e5210a215562589b28c9ccc7d272b98bd4bf93495efe4fc5b78defecfbcaa9fe126bad30e89b3a389b4256f6a48a76c345de5a36a1449f08345b9a5e6a001da1ff9cd433709348e9aefbc78ba52d3ab3b46986935eba8ecf81edc43c5b2e3b5eb38d9a165e9e7f72f617605463bedba973ebfdcdf2b0889c71412f8f850c7a3b5518ecd89d2e25c0c1c30f085a0ffe540ef9c0e88fc7ec4af1948a4e6f7a6e256b307a1127b71ba686efeadca0e4860947cf674fced6caf7310ccbaa8d9047daed30fd5585d41ddeae4df2fed4b6228032c3e4ae2380e87ec6cd72e4d74b8b4c3813fb043389391e9c13f7d33c3aab5a78fc4c6a634c61a70f02a940548da177c65df6ab17cd9683f37ea821c740889d82e88c834e7d5dc11662ea78b13c6a4b6218d31784219a4767595b1a56216525cd68938b22bdb1f8c5a7f1701afeb961888e2e0ec0c838cd620cb7dd8a1493a02cd56b545125e4700c0889fa2644e644a3af531d1cd6bc95e5df9175f137f28408cb699c7ae66f65d1d2930fac57ca8a60e6311a4078488c9ea404948a9debeb9d5e10: +a1e4fcfde044f1bb0e7bbc631a831a8d07e90ae08a966ad627b620b1e28c42cf25560f31168bd4b72552ededd08bb6bf79a94063c1f1e1d304869dd1ce049b95:25560f31168bd4b72552ededd08bb6bf79a94063c1f1e1d304869dd1ce049b95:8c1454d4e08a1401646bf7a8859e8a145e85eeeb40db38ff0169709641212c81b67390749c01a79807f3ccadbbd2256f36ffc180cf9ba44bf4a7612d441c23b2e25d33c48a73e16ce357562758adb00553c3142fb8176b6ae8fb610a60f923b0911814b10f5679936c3677b70e846e218f587567f2019c7d282a107f3cc84763adaec88993c0cc5003e77af60d67db53f8cb727aa6672de004498c3b3e222aa7082d91f98a1a068374c510ff53a5e559cbe2d6c7c3442d7238907c811d58aa7f5a46b8311244f0dbe1b9c0e944dda1d8010864949c59396c6b346a11f3aa866d6bceadfc909038d22efbc8f1dac810a9f2fafcce7c0389eb0a56c0f68cae24ae3ddbdff7116d2fadeb9b0e7509536fdc3b83e71354da6a1aed16887490dc2f4df57bbaa7244528fa3094b99e867581acef906270b2cf4deda6b8fd9dbb79add7bea8f86fcb1f64dfd50e385b4209ec0b1a9f6d2e519068297a2b5c405c216b4a2ed983ff69c59b530effa60c0367051267dd2bbd1e86a9ab5a114dd4f69b540bfabfe97c0403b8fcbb27625761eda3e2ad8e625cfe4b615b7025531a498918c24e02a00e797bbafd14f9d3f6827e390063c436080688d037a6e2993c56d3a8e95f375c10040bf04f030c972623d9e3801c13b4ec8d01cf183855f5935f10ddb2c54c51c80cbed0c24db56e1ed148931d89161c5ea37c2f9787f88ef7330e5dcd0e43d81bfc8bf23ddf7983cc1d733843a33ccb395dfc:c8001527bd902c15c3dd5ae18180525b5e8202be66711f82885c8222a15f060092a2a6e2f7d7e980311209191b32b8ade48d3ea98cf245f0fad62c009c5a71088c1454d4e08a1401646bf7a8859e8a145e85eeeb40db38ff0169709641212c81b67390749c01a79807f3ccadbbd2256f36ffc180cf9ba44bf4a7612d441c23b2e25d33c48a73e16ce357562758adb00553c3142fb8176b6ae8fb610a60f923b0911814b10f5679936c3677b70e846e218f587567f2019c7d282a107f3cc84763adaec88993c0cc5003e77af60d67db53f8cb727aa6672de004498c3b3e222aa7082d91f98a1a068374c510ff53a5e559cbe2d6c7c3442d7238907c811d58aa7f5a46b8311244f0dbe1b9c0e944dda1d8010864949c59396c6b346a11f3aa866d6bceadfc909038d22efbc8f1dac810a9f2fafcce7c0389eb0a56c0f68cae24ae3ddbdff7116d2fadeb9b0e7509536fdc3b83e71354da6a1aed16887490dc2f4df57bbaa7244528fa3094b99e867581acef906270b2cf4deda6b8fd9dbb79add7bea8f86fcb1f64dfd50e385b4209ec0b1a9f6d2e519068297a2b5c405c216b4a2ed983ff69c59b530effa60c0367051267dd2bbd1e86a9ab5a114dd4f69b540bfabfe97c0403b8fcbb27625761eda3e2ad8e625cfe4b615b7025531a498918c24e02a00e797bbafd14f9d3f6827e390063c436080688d037a6e2993c56d3a8e95f375c10040bf04f030c972623d9e3801c13b4ec8d01cf183855f5935f10ddb2c54c51c80cbed0c24db56e1ed148931d89161c5ea37c2f9787f88ef7330e5dcd0e43d81bfc8bf23ddf7983cc1d733843a33ccb395dfc: +bed1bbcae18643d6f6aac34f3d9b6a1478394d02b931cff006d85f21b7dbc7474f528b38185a424c6fdece46511a0c29b7c04b32eb0483abb52d5f8eb6b352eb:4f528b38185a424c6fdece46511a0c29b7c04b32eb0483abb52d5f8eb6b352eb:ff7c6413e618a056de401ee10c40ade3d7c0e6861495d97c2689ec6abb69dd2ae701fdcac8f08331ea5c5f5d805b5789ee5e241ff4ac8b960f4f2b9fef6a727fad86dcd432de9fad6ba45e00aa3687b0ceeb2c0d430b7d5fde63b4f6b982c4f9e03c430abad9044d06dc49e89df481405d8febbb0653e9686948aad2d9072544df9424fd487f4e24ba7f2455ddec4105828c3981bddbb1b7fbdbac155903e960fcd94c0716e736f519867fbc52c51260f571d7edcb081a23550ad8c70bb268864ab276aa2cc2dbf62383bb66030ebe94354174ccec2d2a907578556444507cbf8488bb23c62423a3a98da7cc968f599d3dc84dca3afad7f14ec306e1db534143216aa22ad18074c719570805ea46bc86b71a8ff58e41e73cb29ad5750fcfc9a1c54292b64b47ec9538f53816e36ed0d0c1ae5ead06d477aa975ecebaf62d9023b77e50e7b6d4abdaa485ea34ec766beb1d9ba03c9c067186e2e38266c6e2531e97480214638a2bb31431ac2086797155fc775b3aad8d5a0b904c381edd0c6bc23c66a1904955ed450a9cbd16459c32f5ca354bbc2da7b1a4d814f1b8710aadb2ccc4f397758b7e9d91f3a91e5825ab8682ff5e41702e07841ac7698c3da9f558edd01f86ce2c506bf4c2149ac9c195a59c7dd7d4ecf93c90b4423b4350588d41672cedc8510a7ad53b4b7edcaf23e43e05669d27a1fe97b78730d3fc060bd4edd9872cffb96285351bef148ef783ab392116bd7b907bad:0fc99dd3b9a0e8b1fc6e635af5c64006b67200fe958f53cce1b9b091a4e70669b593f15594bc0842e5576259f9a6859a0db22d740f9f8024b5baf1ef6f958c05ff7c6413e618a056de401ee10c40ade3d7c0e6861495d97c2689ec6abb69dd2ae701fdcac8f08331ea5c5f5d805b5789ee5e241ff4ac8b960f4f2b9fef6a727fad86dcd432de9fad6ba45e00aa3687b0ceeb2c0d430b7d5fde63b4f6b982c4f9e03c430abad9044d06dc49e89df481405d8febbb0653e9686948aad2d9072544df9424fd487f4e24ba7f2455ddec4105828c3981bddbb1b7fbdbac155903e960fcd94c0716e736f519867fbc52c51260f571d7edcb081a23550ad8c70bb268864ab276aa2cc2dbf62383bb66030ebe94354174ccec2d2a907578556444507cbf8488bb23c62423a3a98da7cc968f599d3dc84dca3afad7f14ec306e1db534143216aa22ad18074c719570805ea46bc86b71a8ff58e41e73cb29ad5750fcfc9a1c54292b64b47ec9538f53816e36ed0d0c1ae5ead06d477aa975ecebaf62d9023b77e50e7b6d4abdaa485ea34ec766beb1d9ba03c9c067186e2e38266c6e2531e97480214638a2bb31431ac2086797155fc775b3aad8d5a0b904c381edd0c6bc23c66a1904955ed450a9cbd16459c32f5ca354bbc2da7b1a4d814f1b8710aadb2ccc4f397758b7e9d91f3a91e5825ab8682ff5e41702e07841ac7698c3da9f558edd01f86ce2c506bf4c2149ac9c195a59c7dd7d4ecf93c90b4423b4350588d41672cedc8510a7ad53b4b7edcaf23e43e05669d27a1fe97b78730d3fc060bd4edd9872cffb96285351bef148ef783ab392116bd7b907bad: +c718823f43db2217c66ab2899704165d208573de60f33bc0b9338d880f193fb52940b879b63f2cb1f6e3ef9c9d333ba91770fe18cc5a347fdf12b0efc5ca2ec9:2940b879b63f2cb1f6e3ef9c9d333ba91770fe18cc5a347fdf12b0efc5ca2ec9:050e6877f65ec726eec701863fab140b994aa1e92a487db1a18701312057db44bfde70911ec26eaa28632d03794d545dfcb2aed4340cab7d092595cd59ed23994043f50ba696e9802bd64990121397286457ae69d76cb8e34d7c1ab245cb07b1b408f2bbbfdf33a1bdd559636702c918f982c2ac0221f7f94db91edefce28118259f89d994dad5bb013c678c1c338b65396b15e8899c169921f278859ce0c856d889b8c63418ebc573d2d625d5b5938839f2b169b6916d8e40dde70d3b72887ad2478ef6fb1284fa0e4fc524e3c6fa1dd22ba6b81def8279f382bcb45048851b17cd659d59409f571fa8a920a20934d9dbe1022d635840965400240f870aceffd5db7c7df08af89e47e1b9e20bb99f96ab073edf53694c7482890e3631340217e687ab27c984b60825169457d435a5409ad8e42da0aa63e20c2bc67bd8b9a267f39673a77f7f3136dc5cb2d24948dbe7bcd7129318c68c6fe95dd4dd4fe942286831ea53352fbb252a1288bcd838921356785d072134cb820f6279cc71461f431be9d3014724321c92fdc576320137705cffb2c23664b705e9be60ae1a190f3e3484f70058e702407b056d7fe5d31cee9c2a6ac6eada3516abc5517256df1243780a03bb00ba00ce248076eeca6fee91d5ef9eb907b801af097f3e9eb256bdcde81efe4baf8189b0399e36f1eaa3ab626617cf3b47dd89caf69c64c5b8f68bd917fe03e4668538460a1be88d9a846cef39934627d474734f:4c9cdb1ad46509560d871d3089afb8734648201b10acc953e8b61f2cce2dbae0fb9b868ac957432b7222dbf7e4cf0bc75309bea360b263abbde188532dda2504050e6877f65ec726eec701863fab140b994aa1e92a487db1a18701312057db44bfde70911ec26eaa28632d03794d545dfcb2aed4340cab7d092595cd59ed23994043f50ba696e9802bd64990121397286457ae69d76cb8e34d7c1ab245cb07b1b408f2bbbfdf33a1bdd559636702c918f982c2ac0221f7f94db91edefce28118259f89d994dad5bb013c678c1c338b65396b15e8899c169921f278859ce0c856d889b8c63418ebc573d2d625d5b5938839f2b169b6916d8e40dde70d3b72887ad2478ef6fb1284fa0e4fc524e3c6fa1dd22ba6b81def8279f382bcb45048851b17cd659d59409f571fa8a920a20934d9dbe1022d635840965400240f870aceffd5db7c7df08af89e47e1b9e20bb99f96ab073edf53694c7482890e3631340217e687ab27c984b60825169457d435a5409ad8e42da0aa63e20c2bc67bd8b9a267f39673a77f7f3136dc5cb2d24948dbe7bcd7129318c68c6fe95dd4dd4fe942286831ea53352fbb252a1288bcd838921356785d072134cb820f6279cc71461f431be9d3014724321c92fdc576320137705cffb2c23664b705e9be60ae1a190f3e3484f70058e702407b056d7fe5d31cee9c2a6ac6eada3516abc5517256df1243780a03bb00ba00ce248076eeca6fee91d5ef9eb907b801af097f3e9eb256bdcde81efe4baf8189b0399e36f1eaa3ab626617cf3b47dd89caf69c64c5b8f68bd917fe03e4668538460a1be88d9a846cef39934627d474734f: +2543d166c9f5f7427ff3034ffa8103cb117bf472331a73d9a2f1bc0a02a6ff1b42678cf3857021aa5567706db031e792715ccaf8abb02a042bad17db3d5fa103:42678cf3857021aa5567706db031e792715ccaf8abb02a042bad17db3d5fa103:746d7abf0bfb2662c25ab5c5e4612c306f16d13e44d0db394a0015676ce609784f0323da1dfa94d2b2f1f6e02444a936d019b143021f73c79df9309e7bdff39daeec4caca00cba4ef31c8310c1a08ef4b36f81c377846b5b90acd411aa671ed7af278a24229b7893c1b415d79888d7637f5cb5c9c6c631ae5ffa29f1340e444096ab533617fdcb80ff81da0a7c6c142ee0fe5ea82f68cc3ea38b56f272b0d80fd5f4f55ca9348c161881435813c3fa9fff66a2ee6d5bd3edba0d2f9aa74b1c44bfd0e64678d3715124963ac575ffb09ee16437da484b3ba58e5aeb8ed8c5c0f47b59908fe580f37ec1de266b295d6be85e62358e9bbdc78964fb837eea29fdb7de86cc56f48bd9a3e6e2be51d8a1dcff3ca4d56ea934c682772bcafb51497be5d0f2a23dd4970c02c44c09ad897b4241acd7d6ab12d8f00c9aadc334b431fec5bb69a285b7550a639ece96952682b7334b68c65152e893b1c8100c694d8c5cfe26ac03c1f3914e65c84f0e777290c76f6acce340bff66da7220f73175e94af52f9f19e61f80dc1f35716b3f48dfa5025c9ebef7382e055830f5bbf15c6f6a95032909c892c0f89c8c15fc3ea40a20ee1a4529b521951df44d9d79d74e0c4c2e0fed849b8785206dbe62bfa2ca21087a912e9b184551659cd8a587e95b04317192596bb0b7fc9f7bbb6ee049c8b02fdd758b4e79882073b71eaab18aa293701c17d55f9ec46c52de1e886b6750fb0fbcd64f4568a210ae451e9:20ea9368a2ccd08bf9cbf48d4a2f7d03f0db08a54b87679cda03e296af9ef378be9b8f04b4065b009da6db016f3df9db64825873e2fb4de30449915cd73c4609746d7abf0bfb2662c25ab5c5e4612c306f16d13e44d0db394a0015676ce609784f0323da1dfa94d2b2f1f6e02444a936d019b143021f73c79df9309e7bdff39daeec4caca00cba4ef31c8310c1a08ef4b36f81c377846b5b90acd411aa671ed7af278a24229b7893c1b415d79888d7637f5cb5c9c6c631ae5ffa29f1340e444096ab533617fdcb80ff81da0a7c6c142ee0fe5ea82f68cc3ea38b56f272b0d80fd5f4f55ca9348c161881435813c3fa9fff66a2ee6d5bd3edba0d2f9aa74b1c44bfd0e64678d3715124963ac575ffb09ee16437da484b3ba58e5aeb8ed8c5c0f47b59908fe580f37ec1de266b295d6be85e62358e9bbdc78964fb837eea29fdb7de86cc56f48bd9a3e6e2be51d8a1dcff3ca4d56ea934c682772bcafb51497be5d0f2a23dd4970c02c44c09ad897b4241acd7d6ab12d8f00c9aadc334b431fec5bb69a285b7550a639ece96952682b7334b68c65152e893b1c8100c694d8c5cfe26ac03c1f3914e65c84f0e777290c76f6acce340bff66da7220f73175e94af52f9f19e61f80dc1f35716b3f48dfa5025c9ebef7382e055830f5bbf15c6f6a95032909c892c0f89c8c15fc3ea40a20ee1a4529b521951df44d9d79d74e0c4c2e0fed849b8785206dbe62bfa2ca21087a912e9b184551659cd8a587e95b04317192596bb0b7fc9f7bbb6ee049c8b02fdd758b4e79882073b71eaab18aa293701c17d55f9ec46c52de1e886b6750fb0fbcd64f4568a210ae451e9: +85e0a80f3b30c20199d9c1ec662e392fdf1546377343f12471db2a0310a705bd540a3a1d83672e495034cff408e1fbe82e538f0917e8a1c7d17aab58e043d3c6:540a3a1d83672e495034cff408e1fbe82e538f0917e8a1c7d17aab58e043d3c6:d2802f1596f8383b64edbdc594060bff0e7013d5b7c85d830fae11aeb34dd594959da624e044474c5409c0059673bdc61a671ef5b0b8a26f30100b3b73968d8e4d83a72f25b513448d2f6b6a4475fdf89e31ca9268a30705af3f649e3fe01dde0cf4b29ec2da5436444af091d62730acd4cab608f0df26f088c6b9b9673794f0747dab2ce190f90592009fdce5464b3661b7e8620bad65509a6c752b727a8dc8d3efa584fde0272c451d65a93bece4f59d87dc6fbeb451401e3e2e003c6aca7b3d3f92719150c6778f015aff2a59bfbf2e91b21b0ad6877536eb54567059f587f54d4e2a6fe1fdcdd6a7fdcb8515575bcc3705d77859352fa0b044166e3c318846a5df33563003cb20bc942d30391093e8d583e8e64dec570ee1c4138762f6483898d32e2032bde9bbe07ec2c3eb47d96876f0fc0f024d753ceb34ff8480b4cf576230bb8263dd80eeac662eba31d8a61f309e175f4c0143e28a852b1c3061ce78efbd16a2873dd28198a46ec0a800b30dc8a93b8dbb81a730de450b864dea7680e509d800e82329c261b07e72aa80ee16ec375ddbbb6fe3d8d47b0e3c5a9f23c4d20b724c1df59835d830dd22d10403d8f15c102c4b3769c41666c3ab8c7e80b940d0bbb58652d10a3ffe8d44df1012a3ddc4e1c518d49019f7c5d3d9f95ed93a319746d1e543ffa69edb49bb3439f8a325ac6a0cb4edd65ba60080a0447c674faa72d8aebdb5d2544f2f2d847c72c2dfa6057a690adc5c441a:185ef2246aba2b1a568032c7df93c667799b8a521a6f97321ead5866b4cb9c65b64a1c40b9b6a910e742dc32a7e66d11ea45dbeaacae9f09511b8101f8af0c0cd2802f1596f8383b64edbdc594060bff0e7013d5b7c85d830fae11aeb34dd594959da624e044474c5409c0059673bdc61a671ef5b0b8a26f30100b3b73968d8e4d83a72f25b513448d2f6b6a4475fdf89e31ca9268a30705af3f649e3fe01dde0cf4b29ec2da5436444af091d62730acd4cab608f0df26f088c6b9b9673794f0747dab2ce190f90592009fdce5464b3661b7e8620bad65509a6c752b727a8dc8d3efa584fde0272c451d65a93bece4f59d87dc6fbeb451401e3e2e003c6aca7b3d3f92719150c6778f015aff2a59bfbf2e91b21b0ad6877536eb54567059f587f54d4e2a6fe1fdcdd6a7fdcb8515575bcc3705d77859352fa0b044166e3c318846a5df33563003cb20bc942d30391093e8d583e8e64dec570ee1c4138762f6483898d32e2032bde9bbe07ec2c3eb47d96876f0fc0f024d753ceb34ff8480b4cf576230bb8263dd80eeac662eba31d8a61f309e175f4c0143e28a852b1c3061ce78efbd16a2873dd28198a46ec0a800b30dc8a93b8dbb81a730de450b864dea7680e509d800e82329c261b07e72aa80ee16ec375ddbbb6fe3d8d47b0e3c5a9f23c4d20b724c1df59835d830dd22d10403d8f15c102c4b3769c41666c3ab8c7e80b940d0bbb58652d10a3ffe8d44df1012a3ddc4e1c518d49019f7c5d3d9f95ed93a319746d1e543ffa69edb49bb3439f8a325ac6a0cb4edd65ba60080a0447c674faa72d8aebdb5d2544f2f2d847c72c2dfa6057a690adc5c441a: +82a2c6493f11ba80e4b8b3b43841be970e2a10a94d2249d8ac6f5414cf5a3cb54c2ee01cdea07db3635f5d4c1082b92f298deb17d0f905df71b66fb2274eae99:4c2ee01cdea07db3635f5d4c1082b92f298deb17d0f905df71b66fb2274eae99:09854d13684950419e0bb16464e09988905c0217183aa1e48adb147bfcc2eb57c2300b0dfc39d4896655a57ae20415408bb5f2c238013955f0a4fc782e0c993fe42cb08cd8cf415ccbd6cf1cee2e8097f04e8f09ae5da5f415b16c2cb30cb2ab6652ba50ebbcae4a59e31fe11e7ef3699ca90aafa586bb242c89cd2e332b2bfa2f8142accaf436f89b6453bb4805a1e7f3ab6270f0daf89389e717d1b70175ec5707c8f512c40ab924c457e9f0914791750dc292bb27d6f63ba8ccf54b90d3eba7f19eb300d9eb8f3b72032ba93037f552b409b580a5f65116faffe0fdfdc6db3881386c3cbc16b67eb25763d7ae3aac0b85aa1e9aa22e4959609d4381e4b6d7159ff3e3b2d37b640f88cfbe4f8a77f8016457228ba6d3af5c4e33125d48bcfcf3678c163b698e52e85617ab1a75ff20c690ab07155ee757598578072d4a09dfc6c6c094ec048567d513ce2b1834e163df1545319d8061e0e57f58ef041b7bffc4966ac1660331b97abbc97be21ae2bc58c6c3274a8adad5fd2c3bc16b92e1f8de877b6a26f0c6ab7162e8aab93af8d85918c13d3e235a273748c62f0d22cb1c93e134a495b1b5ef8f1a1134512d53b7a211263177f7a60bdf474691f224a3b5bac4006db345ca6725f5ee703eca0dea10d712676f63ef3e537e63abd2608cb4fbe200e15f18209153496072908044c95a4e9c5356aae8ed5f0959eac091e227a0b81f5803276b3b3bf4b6865a55fc6782f62ea6d63990f9befe01:68a91d4f8d241c1defbd5ca9e9e1ed8274419506751c967947b10d50118bbfabc765ffd7b31a0167c4fd8b1175332412df19d8aa1a909590861320923dbcb20409854d13684950419e0bb16464e09988905c0217183aa1e48adb147bfcc2eb57c2300b0dfc39d4896655a57ae20415408bb5f2c238013955f0a4fc782e0c993fe42cb08cd8cf415ccbd6cf1cee2e8097f04e8f09ae5da5f415b16c2cb30cb2ab6652ba50ebbcae4a59e31fe11e7ef3699ca90aafa586bb242c89cd2e332b2bfa2f8142accaf436f89b6453bb4805a1e7f3ab6270f0daf89389e717d1b70175ec5707c8f512c40ab924c457e9f0914791750dc292bb27d6f63ba8ccf54b90d3eba7f19eb300d9eb8f3b72032ba93037f552b409b580a5f65116faffe0fdfdc6db3881386c3cbc16b67eb25763d7ae3aac0b85aa1e9aa22e4959609d4381e4b6d7159ff3e3b2d37b640f88cfbe4f8a77f8016457228ba6d3af5c4e33125d48bcfcf3678c163b698e52e85617ab1a75ff20c690ab07155ee757598578072d4a09dfc6c6c094ec048567d513ce2b1834e163df1545319d8061e0e57f58ef041b7bffc4966ac1660331b97abbc97be21ae2bc58c6c3274a8adad5fd2c3bc16b92e1f8de877b6a26f0c6ab7162e8aab93af8d85918c13d3e235a273748c62f0d22cb1c93e134a495b1b5ef8f1a1134512d53b7a211263177f7a60bdf474691f224a3b5bac4006db345ca6725f5ee703eca0dea10d712676f63ef3e537e63abd2608cb4fbe200e15f18209153496072908044c95a4e9c5356aae8ed5f0959eac091e227a0b81f5803276b3b3bf4b6865a55fc6782f62ea6d63990f9befe01: +e55b343a0fa1fb747189cb00dbc3a6aa2dcf5b86e57d7693f30742038976115323a14460ea983cf997c782eb4582ab3c8aa6dde53325b977b78e33d2dc5f27aa:23a14460ea983cf997c782eb4582ab3c8aa6dde53325b977b78e33d2dc5f27aa:36289b5eaff2a85a7c6d575bd15ea594b2fd8510874a469b52109163696d85b68c5b211d2964efdc66e625abe8aafe4cd9220cdb341107ffa8276ed4b370fe376c1482687167dbc8f7b205a3f3301a1664d9072877d9f98b8f69831301df9994717fc88969242391d9b0517d6efb271701eab3f4a9b1204213e8cd13f9d099048b8207562f2e4ebc653cc65e9d5512d65b41022c79b4eb37298769aeaa6efed69e9a8cb445c7012274de62f509f4e4814adcbf4453b4fab85d7c8fd845e00830ef5b7b1e63c67613984caefe915a548e18e505622cb2b39299f427f4d83983ba2aa00d53bee1f59aec8318c5ea345d294252369792762add3e56fcfa6e7797f028c799479045edb2e205eb6dd6ca04eee56f9496d2bf26099357c973835b9936024911e4655d3e22c811c8d4dbd1b04f78973f077523a389b6f28f6f54216142cb93e33d72b4a5052d27e4911e41e6cec7bebe1b0a5113e6b70b479d2abeedf69b7564e5a573b352d16cec890701bb383d3f6656eda0892f8ccc70940f62dbe528a65e31ac538826c138ac66524e331637ba2d37730358e6c732cff8fee940afd22c39ae381e5d8826739b23fdc1b80aea5a62a2cf0ff1525e446cf31046195051d58503eed1befd793eeae1d5d1b62a5c9845157a095cdc08a1d77ba47e84a5a739980f0f5be7aaec9a215b204b4bb7cb1b386ded58d7aaf7285341907c63336ee3e6ef077ad111b974e7504bd989f566fda1b1b59abaa91c78bb40:07266c18650ecf0632e225624ec4c97fc387dc374687a61956dccce72894ee138aabc80cfc90c9eea6dd4c59af4502ee29635a92880786678b14a3931a69f90736289b5eaff2a85a7c6d575bd15ea594b2fd8510874a469b52109163696d85b68c5b211d2964efdc66e625abe8aafe4cd9220cdb341107ffa8276ed4b370fe376c1482687167dbc8f7b205a3f3301a1664d9072877d9f98b8f69831301df9994717fc88969242391d9b0517d6efb271701eab3f4a9b1204213e8cd13f9d099048b8207562f2e4ebc653cc65e9d5512d65b41022c79b4eb37298769aeaa6efed69e9a8cb445c7012274de62f509f4e4814adcbf4453b4fab85d7c8fd845e00830ef5b7b1e63c67613984caefe915a548e18e505622cb2b39299f427f4d83983ba2aa00d53bee1f59aec8318c5ea345d294252369792762add3e56fcfa6e7797f028c799479045edb2e205eb6dd6ca04eee56f9496d2bf26099357c973835b9936024911e4655d3e22c811c8d4dbd1b04f78973f077523a389b6f28f6f54216142cb93e33d72b4a5052d27e4911e41e6cec7bebe1b0a5113e6b70b479d2abeedf69b7564e5a573b352d16cec890701bb383d3f6656eda0892f8ccc70940f62dbe528a65e31ac538826c138ac66524e331637ba2d37730358e6c732cff8fee940afd22c39ae381e5d8826739b23fdc1b80aea5a62a2cf0ff1525e446cf31046195051d58503eed1befd793eeae1d5d1b62a5c9845157a095cdc08a1d77ba47e84a5a739980f0f5be7aaec9a215b204b4bb7cb1b386ded58d7aaf7285341907c63336ee3e6ef077ad111b974e7504bd989f566fda1b1b59abaa91c78bb40: +3973038fa2ef6a278d3c1cff9a225669e465a69d0750503de748c002dbf9278ac75e77c78149d9d2dbc263ddf8ac4d654d1ff455cb1897e1c3ce31b94cfe3210:c75e77c78149d9d2dbc263ddf8ac4d654d1ff455cb1897e1c3ce31b94cfe3210:3392e02f3c84661eaf81a5ff04357f212e92361c5c220739d96b4d3d9c22d18df48be6b55126f581601ffe0da63f38e19cbb12726ca0a6aa325567a003a7849d06783992eb9eb92853297d7228dba980b250bb110f63d0b84670e5ecb319cbfd61278f1f4cabf1fcb3f701f12f6ef8d3cc4282fcbe589eb5659503a2ddd8bba38e5eff092dfaf539fd804f21f73a90adf569a00bf9d25a9ad3a63309cc6093142471a478f0b8992286de023c68efd49987ec270bd946f6db48f684f1c2adeee26d68dce95a55e4cb27bc60523080df6ba2b199996b1f1da6920d1559f79bfde9fa1a02deae1480c76f947f9d213fc43bb2880a1b4d03bb14f5b044a0fd83ce0492f49ca3af25211b86faa5735ad7feaf31a1a7491e708b41829d68e32414f68352b71d1cd23c8e12fb02da711484f6ef97528a00d24fcf91d4e06e9badae9a44dbdb3f778041768d863704d736810400e7f2931efb85c8724a593426aa2af1ec5b664f85c2254896fdcf316db0924e11aae8d683e9a021929d0a9d6fecb4594b1b3fbc16b176d29d1efb1819a4a423fbe0ca0559c57e9e5449f14bce91360dafda6a427ce4a0993dd03082ddee066533f6d3bda5660f42fd7757690d670598ec7096f475a01a519950341a831fc9a281c0947a863f1f6e03bba774de77adc23fbe525cae6ccce47a0ec4979e8bec86f332fc6a5736e3b98fb332e9e8244e68a100455e6499ba8dbae98b92ba3d9c6b4ff980343e4c8ef4d5a4aacf8b1a:fc0c5453839ea99296fffa501d58366628df89f616766942d5040a056056dab18b4405c04abf9059c30868d79c936cccc84c4fbd6fd30b60f8bcbd7a664042023392e02f3c84661eaf81a5ff04357f212e92361c5c220739d96b4d3d9c22d18df48be6b55126f581601ffe0da63f38e19cbb12726ca0a6aa325567a003a7849d06783992eb9eb92853297d7228dba980b250bb110f63d0b84670e5ecb319cbfd61278f1f4cabf1fcb3f701f12f6ef8d3cc4282fcbe589eb5659503a2ddd8bba38e5eff092dfaf539fd804f21f73a90adf569a00bf9d25a9ad3a63309cc6093142471a478f0b8992286de023c68efd49987ec270bd946f6db48f684f1c2adeee26d68dce95a55e4cb27bc60523080df6ba2b199996b1f1da6920d1559f79bfde9fa1a02deae1480c76f947f9d213fc43bb2880a1b4d03bb14f5b044a0fd83ce0492f49ca3af25211b86faa5735ad7feaf31a1a7491e708b41829d68e32414f68352b71d1cd23c8e12fb02da711484f6ef97528a00d24fcf91d4e06e9badae9a44dbdb3f778041768d863704d736810400e7f2931efb85c8724a593426aa2af1ec5b664f85c2254896fdcf316db0924e11aae8d683e9a021929d0a9d6fecb4594b1b3fbc16b176d29d1efb1819a4a423fbe0ca0559c57e9e5449f14bce91360dafda6a427ce4a0993dd03082ddee066533f6d3bda5660f42fd7757690d670598ec7096f475a01a519950341a831fc9a281c0947a863f1f6e03bba774de77adc23fbe525cae6ccce47a0ec4979e8bec86f332fc6a5736e3b98fb332e9e8244e68a100455e6499ba8dbae98b92ba3d9c6b4ff980343e4c8ef4d5a4aacf8b1a: +c71cc10ad2d443e025ad0625686b123503e590193a2bc8cc57a7b9b4158de6cbfc06acaab53ad08e9762dd11cd2122b31599bd2598ce6f248795e732219c2fc7:fc06acaab53ad08e9762dd11cd2122b31599bd2598ce6f248795e732219c2fc7:2e0846536dc6cce19ccf82dc2d0cd21bd4e1ca7bc317067af8d90ee4818c8518bc3ef960ce112a41d2b9979a282ae13d706a005e0034f06b39ff4b0a5afaed70b561bcceb1bbd2ec19f97448eaed4be620e36a962d878c6f80172b9fad43eed07ff93db9b9ca2262d5a3c229c54e30a45e73660892f048e363f37144ed1921f72992b4d01529870cfe373b7e7cbedaf969269fb70aa783d1e74417c7bae0fe03d951fdb8c71c62e9be7fdd5d233e39f46fed057e49b6f34068459148da3d424161ad2c869508602e9c0bb30bfb88acd5f4dfdffd473503cdfedabc4442b743be075e7c6f610e64ffc2e53187745cd719658fc6e62a5be518437c5bd6a4feba94ae3f44f2f29308e831feefed676909ce5e80c84cbdcac47e47d27c9712a01f6bc5daedc02e6414407e911c0a5a53e5328a5a5fd9f040aa7fb70b79b31cd1b6fd9bd5029040bd22ae222fd2f6870d07f435322639cf3193ca5709b882b07a58f952a9963e568f8c5a584a6b9e275c5c07957a4d2cdaa9f1eb444ed1224bac6563b2f9273e80301d44d50ae383b597213b00da5bf27e5d1fe240cc3bb65aa5030d651b6b5b31761d53ce0c6d74a15dad5479f31c915ccf446659853b89a51a28ee8976853553fd2e02fe7243538d00b4ed07d8b8a80b5c165cd46341ffd8163c555702663a4e6ab2952b7e7443d0f6b123b6946721aa63e87b1155eca8a6a1bc9fd25c6762e52742c86bca1ba9d8370415244f0edfdbe0932b5ca0611509c9:2eb33bc2d5deb7f3a2dcc377b0c6a862134bf3191ec40fc128ac28abf2316ef1401649b8f4cfa1a936de79b532dc043b6d36024b4c37bba29290ac9f449ba60d2e0846536dc6cce19ccf82dc2d0cd21bd4e1ca7bc317067af8d90ee4818c8518bc3ef960ce112a41d2b9979a282ae13d706a005e0034f06b39ff4b0a5afaed70b561bcceb1bbd2ec19f97448eaed4be620e36a962d878c6f80172b9fad43eed07ff93db9b9ca2262d5a3c229c54e30a45e73660892f048e363f37144ed1921f72992b4d01529870cfe373b7e7cbedaf969269fb70aa783d1e74417c7bae0fe03d951fdb8c71c62e9be7fdd5d233e39f46fed057e49b6f34068459148da3d424161ad2c869508602e9c0bb30bfb88acd5f4dfdffd473503cdfedabc4442b743be075e7c6f610e64ffc2e53187745cd719658fc6e62a5be518437c5bd6a4feba94ae3f44f2f29308e831feefed676909ce5e80c84cbdcac47e47d27c9712a01f6bc5daedc02e6414407e911c0a5a53e5328a5a5fd9f040aa7fb70b79b31cd1b6fd9bd5029040bd22ae222fd2f6870d07f435322639cf3193ca5709b882b07a58f952a9963e568f8c5a584a6b9e275c5c07957a4d2cdaa9f1eb444ed1224bac6563b2f9273e80301d44d50ae383b597213b00da5bf27e5d1fe240cc3bb65aa5030d651b6b5b31761d53ce0c6d74a15dad5479f31c915ccf446659853b89a51a28ee8976853553fd2e02fe7243538d00b4ed07d8b8a80b5c165cd46341ffd8163c555702663a4e6ab2952b7e7443d0f6b123b6946721aa63e87b1155eca8a6a1bc9fd25c6762e52742c86bca1ba9d8370415244f0edfdbe0932b5ca0611509c9: +0a4f5e1670f1e24bfa37b73c994330b36e7daaf930161b78a4a84866ff25e3d59dcbba903981594c7b677ea8002001d664cff7ce8e5cfae58840cf74aff0d3a9:9dcbba903981594c7b677ea8002001d664cff7ce8e5cfae58840cf74aff0d3a9:f4b05b3efdcb1d5c07da950c46565528440bb48835ee4c13f43d7a1618de119ebbb259ea7480a5048174faecc1055b32dc01ac7156344321e8eba698f302ee1643b5f04b8e7ecca63b91561ce3514abe7851b6fb17fc943bdc94da308c8e4769fec20fadf4fa8e7f62b6ffb5f170d644ed29355ebd22cb3aa1486b1e367c729dd3f79bcd40ffd08af28cebc8d776e1a483e911d79bc613e09cc621cadeb034dd6f72374771985127f7a3a1aa786a523ae6e34ee433dc30c375987cff50bdcbc997fcd51c94567a67aefb6ef5edf9bdd65964d464be9ebdfb88c0e231b07ff6405c00f82531e961bfc5ead266bcc08718878cafb1d37536f183e48bf38d3f6be900252d1fb419e6a2ac5896039f63c31401fff932ce9814b085ab20416972a2b351c815a62de509674628b0d3566fc9c2e0a9237b93f9bbb2deedf02bff83bf6d868b6399326d4809d0419f31b2f3a481285b94078b47061ce91dad583dd5b13bd010fb30f2495bb70420183a930159e4db193df6acd124423e039a67f15688aec50c5927fb271822aaa66f294bc805d3bc7c8341878a541009f30da99fcc0085079ce7fc55e0011685562abdb3a9471ffde6176300ef5b31e0df609a54a1ee6624070da99c8776891fdf6aa78b4d55b1f5dadfc061add5af00fd3adedb448c559bfff204068043a5d1d6214748628c3ebc5f0224326ca18ef048425da9300133fb695d4f263165ac22f3619d405af271a71a9afb198bf631241d3459b95398:dcf353b2b99a4ef45f3fdf6528632e8abdc433342476a8c2b37900404a4e333d387814235757ef7ad03858a0f35d4615e8aba484fd64f1112ec1b1aed2cb640ef4b05b3efdcb1d5c07da950c46565528440bb48835ee4c13f43d7a1618de119ebbb259ea7480a5048174faecc1055b32dc01ac7156344321e8eba698f302ee1643b5f04b8e7ecca63b91561ce3514abe7851b6fb17fc943bdc94da308c8e4769fec20fadf4fa8e7f62b6ffb5f170d644ed29355ebd22cb3aa1486b1e367c729dd3f79bcd40ffd08af28cebc8d776e1a483e911d79bc613e09cc621cadeb034dd6f72374771985127f7a3a1aa786a523ae6e34ee433dc30c375987cff50bdcbc997fcd51c94567a67aefb6ef5edf9bdd65964d464be9ebdfb88c0e231b07ff6405c00f82531e961bfc5ead266bcc08718878cafb1d37536f183e48bf38d3f6be900252d1fb419e6a2ac5896039f63c31401fff932ce9814b085ab20416972a2b351c815a62de509674628b0d3566fc9c2e0a9237b93f9bbb2deedf02bff83bf6d868b6399326d4809d0419f31b2f3a481285b94078b47061ce91dad583dd5b13bd010fb30f2495bb70420183a930159e4db193df6acd124423e039a67f15688aec50c5927fb271822aaa66f294bc805d3bc7c8341878a541009f30da99fcc0085079ce7fc55e0011685562abdb3a9471ffde6176300ef5b31e0df609a54a1ee6624070da99c8776891fdf6aa78b4d55b1f5dadfc061add5af00fd3adedb448c559bfff204068043a5d1d6214748628c3ebc5f0224326ca18ef048425da9300133fb695d4f263165ac22f3619d405af271a71a9afb198bf631241d3459b95398: +b855c81805c7087410e69f96b0240271dc76c1e4ade38c6a9278e3c94fbea2566adb025a40260f569884b8cab3752b4f255c373e2b424b6287ebb510fa06fff0:6adb025a40260f569884b8cab3752b4f255c373e2b424b6287ebb510fa06fff0:85a9bdb70a6c752897e43a91106ee9a99c2ca94ff7b4461a44a39174c17ecd99df46eecd81c3f52513dc9d547dad3721c6d5ee1f8fac0ba5afb3687044739ed535b844008704c09fe1e5d785d4c9c3d0b05889b9c20fc3fd68df12dbeb2c34f6f7ec1c6fb7fa811ff846b5a61fa5fe55379ee63abcd373fed00254ebd06bc8b22f7fbf2f727a5fad88514159e26d78dfdb0957f6efaf51a8e80b585e838b9621d051074a4f5867b4ae2f2ff6d62b85bccec0b4aaa4791637388c0901fd49dcccce7204859f81eefc639fed92280456e69a1509b4b1bd7624447d862c45a0c8b0c5bb2c4ca512cbc037f51b780982b183a5cafa15297585c947a25be8c2240ebfb6868ece5ea2aab2c239c83754c7d594b3725aceef344ba7e6aef49f7f313b0ae82ccacad387a6e9337f05f8c799efe7829b27b4d5b201fd5ae5834351690759f3ea175fd4741be228d807fb54df4a741038faee47edf1f561652598601f27155fc50d9d5011433711c106d4b60785a5cc93b3fdd1dad70c0c8eaa33f1512e35a541745e376c15167fa8f6b3b2c4c3a366fc41497d297357816ae795a804c980e7cbfb0c74d8835d929ae3bb52bab12964566d746bd2c1d132b6233fa34f75e268edee775eb3ce132e6beb2e8d71f0c8762991cde4e26f71439dfa83978f995603861bc0b1d9060bbccaccf86f8745ad96994d5d007d52e83aa5e69412964bdbfbe4780aaa8de41be1298abbe9894c0d57e97fcacc2f9bbd6315d3fcd0eaf82a:3caa813273e753542ffbfeb21bc3e2cf8ca7d920faac7c49dc2aa9911768c7ad43b38b0236db27f3eeae0b1206001e665a607078c522ed7a9dc468853463590085a9bdb70a6c752897e43a91106ee9a99c2ca94ff7b4461a44a39174c17ecd99df46eecd81c3f52513dc9d547dad3721c6d5ee1f8fac0ba5afb3687044739ed535b844008704c09fe1e5d785d4c9c3d0b05889b9c20fc3fd68df12dbeb2c34f6f7ec1c6fb7fa811ff846b5a61fa5fe55379ee63abcd373fed00254ebd06bc8b22f7fbf2f727a5fad88514159e26d78dfdb0957f6efaf51a8e80b585e838b9621d051074a4f5867b4ae2f2ff6d62b85bccec0b4aaa4791637388c0901fd49dcccce7204859f81eefc639fed92280456e69a1509b4b1bd7624447d862c45a0c8b0c5bb2c4ca512cbc037f51b780982b183a5cafa15297585c947a25be8c2240ebfb6868ece5ea2aab2c239c83754c7d594b3725aceef344ba7e6aef49f7f313b0ae82ccacad387a6e9337f05f8c799efe7829b27b4d5b201fd5ae5834351690759f3ea175fd4741be228d807fb54df4a741038faee47edf1f561652598601f27155fc50d9d5011433711c106d4b60785a5cc93b3fdd1dad70c0c8eaa33f1512e35a541745e376c15167fa8f6b3b2c4c3a366fc41497d297357816ae795a804c980e7cbfb0c74d8835d929ae3bb52bab12964566d746bd2c1d132b6233fa34f75e268edee775eb3ce132e6beb2e8d71f0c8762991cde4e26f71439dfa83978f995603861bc0b1d9060bbccaccf86f8745ad96994d5d007d52e83aa5e69412964bdbfbe4780aaa8de41be1298abbe9894c0d57e97fcacc2f9bbd6315d3fcd0eaf82a: +95b9c8a6ef80ebd5cbd47a04ca54387373df4d67a2b475597765ac89fcf93e93f2c947b18adc3ea6a23f7abca364b9853ae85a2b0c8c26f0d3173c2732c3c7ff:f2c947b18adc3ea6a23f7abca364b9853ae85a2b0c8c26f0d3173c2732c3c7ff:7855bc392630ccf531d3061606ddfc81a0fd9294c54791b5f9559b6827254aa1f25c540b7d7df3ec9cdf14256629dbcf9b725feb3412ebf35f0ef9379e4131cc77e0f0fb6f7459a738361a99ae4ccb2b60a99fe92bd6c3a53d6f454ee9005bcec5aedcfa82347392efcf1175e578396a8d800daba0f4c2cf4d4913b0528620e3baa0f6d86e0628e47c0ca26df3b0c788c4e16557f7fc28df820c12fbb6ffbfecb9829ddb65ef8d63e90d68fc7194b5b885913f08edee84567647ffa3f0d0d325d082600ce71a2345c77d65bd96252003e5c125a718a07370c31b5708075cf1837c6925635cc68dd1b751e40ab608b0d9d8852c18d3069219ef807b76d288f92c29a93e3d75b5b2e53681671d3ae0145ac03ccad3162e44703b0401d3eb167cd8ddc1e1a5a326b728b1e0c00a94d86de61352a661e40897175d28d341e4d1d9962e35f4de18a54017611ad05359ce08b97bfedbfbe3992ed58ed40f517aab01c0fefe8b63643da1a454152730bf99af8740adf98a77b8d73adb08e609e00ce9b1ccdfef3e9a9b05aa56e0bc79b6bbba80dd8e461af7cb202892d89b2d05a4458ab3fa54b474b8f8f581795d6c2739e59d0fe062400bae2d2d534b340bb8e2615777a9a5615bb2cf437ba525e00e7038f22a57882ac520b333e75c3c92a8b9f0e37f671c94b15dd8182a08d7c143e94e9262b3cc5544c294f5f335c2b28ac119fea00f9634db063993988b5f150579c7cc25b6a1fb0dde94804fa6ef66ff79fb9107:2c8bf543e2a3e00415ee4f107b2f5a6687176f5d521117759ceb561751bcc77d9b08a6a631f6447cd901de96699aebb168bf97500dc54a0543ef14e4b5a081067855bc392630ccf531d3061606ddfc81a0fd9294c54791b5f9559b6827254aa1f25c540b7d7df3ec9cdf14256629dbcf9b725feb3412ebf35f0ef9379e4131cc77e0f0fb6f7459a738361a99ae4ccb2b60a99fe92bd6c3a53d6f454ee9005bcec5aedcfa82347392efcf1175e578396a8d800daba0f4c2cf4d4913b0528620e3baa0f6d86e0628e47c0ca26df3b0c788c4e16557f7fc28df820c12fbb6ffbfecb9829ddb65ef8d63e90d68fc7194b5b885913f08edee84567647ffa3f0d0d325d082600ce71a2345c77d65bd96252003e5c125a718a07370c31b5708075cf1837c6925635cc68dd1b751e40ab608b0d9d8852c18d3069219ef807b76d288f92c29a93e3d75b5b2e53681671d3ae0145ac03ccad3162e44703b0401d3eb167cd8ddc1e1a5a326b728b1e0c00a94d86de61352a661e40897175d28d341e4d1d9962e35f4de18a54017611ad05359ce08b97bfedbfbe3992ed58ed40f517aab01c0fefe8b63643da1a454152730bf99af8740adf98a77b8d73adb08e609e00ce9b1ccdfef3e9a9b05aa56e0bc79b6bbba80dd8e461af7cb202892d89b2d05a4458ab3fa54b474b8f8f581795d6c2739e59d0fe062400bae2d2d534b340bb8e2615777a9a5615bb2cf437ba525e00e7038f22a57882ac520b333e75c3c92a8b9f0e37f671c94b15dd8182a08d7c143e94e9262b3cc5544c294f5f335c2b28ac119fea00f9634db063993988b5f150579c7cc25b6a1fb0dde94804fa6ef66ff79fb9107: +b786ccfb586d43b8c46bb97b96c918731bc2cc119277f123671e30148158d2ed90c7004600f3dce409fdeadc8ed018f9ea263f75160a74ab54f4c2399a90ca78:90c7004600f3dce409fdeadc8ed018f9ea263f75160a74ab54f4c2399a90ca78:babf48bd55ea91bd0c93b970241b529d9db43d4927fea5f1a1f7082dd6cb50a52b094b3129fcd903a44fec8bfdb5c86c002a2a452887ca25a60eceb5e1f9f5c93dc59423c7afe747c6bf407cacadeccf5d787970cb0617bb3cfe7fd17563d3a0dc91631f71b84be24ae800113750f031d01fd05364b4f27f86f8dc3ad7407e1ae9e768154e3dde58e867129e2474547b408217964844858d056b31c374991b7f161f52f088b806e0f313d68a15c5401ed55b2b77deea586cb054dcd71af2ab6ab11e84b30c539345de3eb43fb7b3a3b48987c3bfa70655d599f2e31d12ad23cc96e86d380bfda812feff3dd3024292916907022891e119bfc3ed9c25546cd19fc992d8a61e6059ca3ce7802af1118756620b87a7242bd83897c94dd5a36ed40fc0f34c2c93110b37d17dd96a22062590bcdb546742ef7218adccc5ad28f4fce6ecf705835f4113d82ea533903aec8c3820fe4b4715f37e20cebc1e71519aa0b240b4840aa4fdcfb52467fedd8f4d1f9bc33ee114f3ef85f5fdb09ca884af388ad3adf84c793f386efe6ff8a46ed81e5d45a37c25cd80f2d7363f43ae45e3772c0df89f11447939806c096ef933a13944f0890d887c2e5bbb6b12ea950b09b8fe425289377352f35f84cc4dcd4d7a449489fa9251c03113489225809cdf3cb63475f10d341709371c6fd4bb7a949483d1bc2b31ddf4d963a07de7ea5c3fee9a0e33f0769f2faa40612a546974bde0b7339179e4124a447bd42879ccda5c8ad1819c53:52ba9658a1a0b3e98ed5209e393e420066a37d3714daa73d5c671d33075a5f5727fe4e081ee0fa3c2133dc953a2da620291371f00ccb57d8792eb596a2ff8101babf48bd55ea91bd0c93b970241b529d9db43d4927fea5f1a1f7082dd6cb50a52b094b3129fcd903a44fec8bfdb5c86c002a2a452887ca25a60eceb5e1f9f5c93dc59423c7afe747c6bf407cacadeccf5d787970cb0617bb3cfe7fd17563d3a0dc91631f71b84be24ae800113750f031d01fd05364b4f27f86f8dc3ad7407e1ae9e768154e3dde58e867129e2474547b408217964844858d056b31c374991b7f161f52f088b806e0f313d68a15c5401ed55b2b77deea586cb054dcd71af2ab6ab11e84b30c539345de3eb43fb7b3a3b48987c3bfa70655d599f2e31d12ad23cc96e86d380bfda812feff3dd3024292916907022891e119bfc3ed9c25546cd19fc992d8a61e6059ca3ce7802af1118756620b87a7242bd83897c94dd5a36ed40fc0f34c2c93110b37d17dd96a22062590bcdb546742ef7218adccc5ad28f4fce6ecf705835f4113d82ea533903aec8c3820fe4b4715f37e20cebc1e71519aa0b240b4840aa4fdcfb52467fedd8f4d1f9bc33ee114f3ef85f5fdb09ca884af388ad3adf84c793f386efe6ff8a46ed81e5d45a37c25cd80f2d7363f43ae45e3772c0df89f11447939806c096ef933a13944f0890d887c2e5bbb6b12ea950b09b8fe425289377352f35f84cc4dcd4d7a449489fa9251c03113489225809cdf3cb63475f10d341709371c6fd4bb7a949483d1bc2b31ddf4d963a07de7ea5c3fee9a0e33f0769f2faa40612a546974bde0b7339179e4124a447bd42879ccda5c8ad1819c53: +dd1a9774f7584d8589b19f92ab6939ac485602fe1644cee2f6f3cd60fbd584004bea7d0b0f4bd590f9e3579f0c5fa4cef4d60a49d2c437a0aaead9d43a73d4a3:4bea7d0b0f4bd590f9e3579f0c5fa4cef4d60a49d2c437a0aaead9d43a73d4a3:e5dc3ed26c1f693cf852465a05e3048b505db5116d9e31592205a9c3d4720bc10b6c20639a0ee2f0e147225b5b19ea511cfba0c21aac10715a2f232f10c2c8aad41112b6b012e75a4155f8c6926253ca2b4ddb7bfe7f86e90a53dbc0cba89e485ceca8fd26e50c7f282a253573cb0a8fa88cc44623e82e8fa2edb6cbc7538ac92c11e4c5b1ea5f68966d15d93c34f396d27572f864382ab76a7be65a557b139766368a207d98bc0c20926370dea27048160363ed85f4099e7cd66d12d0988cfc9e2f16aa565f8f33b39e978c0587371f92db5056317564411bd8a3b6fea09d3487aaf734034918ffed1c9fba7bdec6fe68876fc7360cc5629b92104027fe5759c5ab365354751e7969116c3b9a21b152330a96a9381af730d17822d78ad6ea860006915b5cab447a759372e05d495ebb328e75d248daa02f5d2eb978d2710cf1c5fb824876770e32ca6de2c730564892415bcb53e5981d707add961c5f37fdafa1399af8aea960458d2ca310553f7c9866ccbe8e9d88e08a446872ea66fc308c824514b7dace0334db735e6f14c85b5e619a5d605648a881e876c78dbe0657233d4f7f3bfddf63b445311d6abc476347ec4fb43c8946f9d17c369381d1c564ffcfe2dc7b4726fd57387f0b44db8ef95a0b4e32a7bedf319e53a9e7126c2811f9829d1f4ae9abd9d5f42efef2075f47051c63a4f8202040ec4723686382c6033127c1fbfff4bc82373508752d431dc473f52ddeab0342dc4f5447f8f25738ef65d78556:1959bde0a697a63993ec47d158223739fe65871fa05870d7de0d38086591202a51b174d1c6182808c6ce62631d81dba34ebed4af2f29b06c00a57a3cb6663606e5dc3ed26c1f693cf852465a05e3048b505db5116d9e31592205a9c3d4720bc10b6c20639a0ee2f0e147225b5b19ea511cfba0c21aac10715a2f232f10c2c8aad41112b6b012e75a4155f8c6926253ca2b4ddb7bfe7f86e90a53dbc0cba89e485ceca8fd26e50c7f282a253573cb0a8fa88cc44623e82e8fa2edb6cbc7538ac92c11e4c5b1ea5f68966d15d93c34f396d27572f864382ab76a7be65a557b139766368a207d98bc0c20926370dea27048160363ed85f4099e7cd66d12d0988cfc9e2f16aa565f8f33b39e978c0587371f92db5056317564411bd8a3b6fea09d3487aaf734034918ffed1c9fba7bdec6fe68876fc7360cc5629b92104027fe5759c5ab365354751e7969116c3b9a21b152330a96a9381af730d17822d78ad6ea860006915b5cab447a759372e05d495ebb328e75d248daa02f5d2eb978d2710cf1c5fb824876770e32ca6de2c730564892415bcb53e5981d707add961c5f37fdafa1399af8aea960458d2ca310553f7c9866ccbe8e9d88e08a446872ea66fc308c824514b7dace0334db735e6f14c85b5e619a5d605648a881e876c78dbe0657233d4f7f3bfddf63b445311d6abc476347ec4fb43c8946f9d17c369381d1c564ffcfe2dc7b4726fd57387f0b44db8ef95a0b4e32a7bedf319e53a9e7126c2811f9829d1f4ae9abd9d5f42efef2075f47051c63a4f8202040ec4723686382c6033127c1fbfff4bc82373508752d431dc473f52ddeab0342dc4f5447f8f25738ef65d78556: +66f5ea8cdb95ee1a75e32467d7c83c59447742c85ddd499c43c08673e149053aa8ad04b9c144b97fe867374d4fe57d7ec0c249183e43bdfb5d52644e7fbe1df3:a8ad04b9c144b97fe867374d4fe57d7ec0c249183e43bdfb5d52644e7fbe1df3:c0d01dceb0a2d17191101879abb093fb077571b521be7b93a117c696c0872f70ea1139ab628329ee5655fc0aa77e8111d2fc884748c1f267b9eb09dc26f57fc402d61ba36f63f4d589aae63c76eeee15bf0f9e2dcde4e4e3e78fc6c29e3a93f3ff0e9a6e0b356645953890debf62dbeaf4905178d4f0a5a592c19294eeba7c21cf8f1bb3f4512187376de72f1136a48ac2dfaf32d0f37de064592592b6e1bc0c512cf4d2d85d16797853a80933b09c2f7bfb9e54a69e51a8e423a91c3e5fdeb4790533e87a4b1c0e0e23a9db9573ac17ab6ec7014d8b7c4486e15725f8d264eea3050e835ae0ac449db334502a6d97358fa859106ad0f6f4295f2344920adf9355a6949d8d145c25628a46a104ca099bd9dde941119c83820cdc2cb2d09722694901043c37cf0ae879be2030d0373158b9c4b0718298be45f630f6fcdc190f7b2926d87655a18bb797ac50757fcd3655c9e41d5163293d9a13d984f591f75b7e4e5cadb64c4c9fdfef76cab69381d0f60b483f804bb3b33364df8cffacb3c9b13ff4c8d8d4ea40766a7d42d8256c6b1c11c191daba1b8ef21593e47b18858ec19d817358678d8548ff1535d5fcf4414b6a11d34a3742f8d7149fa681383a9408887f1c0a98ed521e72793277824d6f746d49b63d444e312e6d9b986611258196a5b012b88faa29f9a6c67ed25df87b2dbf0dbd2dc3080c5b8d15a37d34729098ed0de92d75807429b2cae5d7283c4e5c9bd196d1ad436c7c34f3c9466e5cb3196b443f4b:ec5c7e8392fa8b61bc829681866e45ac8be4b5b7b6a822c1bcd0f2cc2c8c44c33cf83fa42d43a2f1884141b4a59aaff47f9be07e632e2018759324eac9d14900c0d01dceb0a2d17191101879abb093fb077571b521be7b93a117c696c0872f70ea1139ab628329ee5655fc0aa77e8111d2fc884748c1f267b9eb09dc26f57fc402d61ba36f63f4d589aae63c76eeee15bf0f9e2dcde4e4e3e78fc6c29e3a93f3ff0e9a6e0b356645953890debf62dbeaf4905178d4f0a5a592c19294eeba7c21cf8f1bb3f4512187376de72f1136a48ac2dfaf32d0f37de064592592b6e1bc0c512cf4d2d85d16797853a80933b09c2f7bfb9e54a69e51a8e423a91c3e5fdeb4790533e87a4b1c0e0e23a9db9573ac17ab6ec7014d8b7c4486e15725f8d264eea3050e835ae0ac449db334502a6d97358fa859106ad0f6f4295f2344920adf9355a6949d8d145c25628a46a104ca099bd9dde941119c83820cdc2cb2d09722694901043c37cf0ae879be2030d0373158b9c4b0718298be45f630f6fcdc190f7b2926d87655a18bb797ac50757fcd3655c9e41d5163293d9a13d984f591f75b7e4e5cadb64c4c9fdfef76cab69381d0f60b483f804bb3b33364df8cffacb3c9b13ff4c8d8d4ea40766a7d42d8256c6b1c11c191daba1b8ef21593e47b18858ec19d817358678d8548ff1535d5fcf4414b6a11d34a3742f8d7149fa681383a9408887f1c0a98ed521e72793277824d6f746d49b63d444e312e6d9b986611258196a5b012b88faa29f9a6c67ed25df87b2dbf0dbd2dc3080c5b8d15a37d34729098ed0de92d75807429b2cae5d7283c4e5c9bd196d1ad436c7c34f3c9466e5cb3196b443f4b: +ed2558e5c56784bcfb4f4ddea3c0dfbef8d96ff1cabf158ec4abe60aff66999e1edc991012ac6f888fa7e6045777e9ba1d4c03c40292d2da6b722b4ad0a3ed74:1edc991012ac6f888fa7e6045777e9ba1d4c03c40292d2da6b722b4ad0a3ed74:2c6433e9bfbf4cfd4e071f15ce6b129d780a4b3de014fac034e0d44ef772e2c8b0d6a3481d7b3ddeb237632673553313deac1efafe3702a7a4411e12bd341e8d8e96c59c5e30c36807a8385a538e9b66907d6a528400bd9f95eedc5216b28fd7437d8f4a029fdbdc7c938e4eb9812fec05ea693229629ace6acc7af6ba4c238e7722f312f7896b004922f7067ede106f8e70154d783fb41291f3c7e2e4826045b5741bcb4a8838f87a32e0049704e9b53234c224ff898a756e529134c1a9bf50fd029819b2238b60b2aec1128f34d21f9d66983bed398659d808b67a2e501b5a1f25f71f0f0c1eb2fea0ab42d82ff3bc9358bb20c27520c144cf2116f4a49cbc61994d2d710546694c4f602dc406e0b0c27e5f5e64667e95c2ec9df2d6529cf53622ea10b956b345ec55b6c39a1e6ed88ae66e5b457179425d1a849037b07c46cf5f363301095837ce811bff4960bf9cbd15201c1b6740bd70102140744c3327aca9d6d6d154936798ac381fa639db436ee8165667d538a6c74a233c124bf604fdad51984c4170b8200d2df73c29bb1e376affc314dde3e86af9d2c2e6c3a6524d321bce93e21fc965564faf77d0cd1accb4d7629485f564c79f4d8a2fdefb465454028c6dd1428042805370743363bb18476a3f2320db2589c72133cf5e29dafb7d07aa69a9b581bab5a83f403eef917afa14b764c39a13c0c5ea7019d2fdfbd7f3f7d40eb63b2a084da921895fe48f4fd594017f82569b467ab901169eb5da9c40171d5f:ab9e01166524fd288e5c689e56d730d4983000551030493334a3984e2223dc9f7a5b910c61760c6157990a4c335e348e3a7bc8223e09c10c5e520c8d61aff5002c6433e9bfbf4cfd4e071f15ce6b129d780a4b3de014fac034e0d44ef772e2c8b0d6a3481d7b3ddeb237632673553313deac1efafe3702a7a4411e12bd341e8d8e96c59c5e30c36807a8385a538e9b66907d6a528400bd9f95eedc5216b28fd7437d8f4a029fdbdc7c938e4eb9812fec05ea693229629ace6acc7af6ba4c238e7722f312f7896b004922f7067ede106f8e70154d783fb41291f3c7e2e4826045b5741bcb4a8838f87a32e0049704e9b53234c224ff898a756e529134c1a9bf50fd029819b2238b60b2aec1128f34d21f9d66983bed398659d808b67a2e501b5a1f25f71f0f0c1eb2fea0ab42d82ff3bc9358bb20c27520c144cf2116f4a49cbc61994d2d710546694c4f602dc406e0b0c27e5f5e64667e95c2ec9df2d6529cf53622ea10b956b345ec55b6c39a1e6ed88ae66e5b457179425d1a849037b07c46cf5f363301095837ce811bff4960bf9cbd15201c1b6740bd70102140744c3327aca9d6d6d154936798ac381fa639db436ee8165667d538a6c74a233c124bf604fdad51984c4170b8200d2df73c29bb1e376affc314dde3e86af9d2c2e6c3a6524d321bce93e21fc965564faf77d0cd1accb4d7629485f564c79f4d8a2fdefb465454028c6dd1428042805370743363bb18476a3f2320db2589c72133cf5e29dafb7d07aa69a9b581bab5a83f403eef917afa14b764c39a13c0c5ea7019d2fdfbd7f3f7d40eb63b2a084da921895fe48f4fd594017f82569b467ab901169eb5da9c40171d5f: +b72798b811e2338431256d2480fe7a3663acecbbe6e6c1b9191e9d9a22447940ce491daad296b55727b09513df02ba5928a371737cd35841e5f735acab7c5df8:ce491daad296b55727b09513df02ba5928a371737cd35841e5f735acab7c5df8:a5d46298b0790610aedc0970fea2a7075081847266f22f12478b93d7e674c6c517f3c14ed061269d170ac31e2a64f9754a565bac1dd9757322c11132e7bbee5f32818e0e3063ab64e552d09b0fd1757639b9b9d1c770016b677465872b669dd48be038665751674dd2f40a966a26748fd3e5dbfd92265eb936f55b094286c010629904347cb4c526e377470aa96e8169a6f211633807a50030e7ff68e38911b3555e728ed8590b2dc45fea69945cc0c9a3d3e6c954b3e80106a5c91d3d22e89e8c0e1de902058e9cd0f8ce806eac4f893ee0429900fb5487b8fd36dbdcb34f2d54fc6cc74a923951b863da70f1b692bf0438484366cd85eeb880b279f8fca9d3242c558330f1ca57c6a58608cdbc0773e16082bca964ddc40347da8a36b2a9328c2f46609e092fd64b4134eee1d099813e1246489e8ee5b19b3d3b891c28f30b38b6a28ec1d3e9b005dec9c63f8b9813bc1de4aaf995f1779dded15c7a430d70ca46e7cafd4e9a543804446ab0807d64f255e201ef428a474dae8a0a75021b62ad3988ffb81cd8221b243085a0ad046fdc16c67f17b9f81820095953a5b98acbdf93ebcf80bc9c99af5fbffacb61a9251c5aafdb22b1129bfc60c98e0f175263bdf93dc9a08b8efc2e8cdaf0f83d6c49ec901645eac5a4ff63385a6f1af2071897662a372219c9301f545a2ebb8f5917db7f29ca13fc861af38d90c35c03ac9184c122e57b057cde426fd76dca79e25e64dbb41c8414a0450da4905b902ae98d2da4ba792801:dcfc6fd47799fec772c2099b3c6437246c3ad07229fc740e05311a206b18b02ecdb026c926f49c6552e347fd35dfde06cb639a797c50612f98e2478a92aaf609a5d46298b0790610aedc0970fea2a7075081847266f22f12478b93d7e674c6c517f3c14ed061269d170ac31e2a64f9754a565bac1dd9757322c11132e7bbee5f32818e0e3063ab64e552d09b0fd1757639b9b9d1c770016b677465872b669dd48be038665751674dd2f40a966a26748fd3e5dbfd92265eb936f55b094286c010629904347cb4c526e377470aa96e8169a6f211633807a50030e7ff68e38911b3555e728ed8590b2dc45fea69945cc0c9a3d3e6c954b3e80106a5c91d3d22e89e8c0e1de902058e9cd0f8ce806eac4f893ee0429900fb5487b8fd36dbdcb34f2d54fc6cc74a923951b863da70f1b692bf0438484366cd85eeb880b279f8fca9d3242c558330f1ca57c6a58608cdbc0773e16082bca964ddc40347da8a36b2a9328c2f46609e092fd64b4134eee1d099813e1246489e8ee5b19b3d3b891c28f30b38b6a28ec1d3e9b005dec9c63f8b9813bc1de4aaf995f1779dded15c7a430d70ca46e7cafd4e9a543804446ab0807d64f255e201ef428a474dae8a0a75021b62ad3988ffb81cd8221b243085a0ad046fdc16c67f17b9f81820095953a5b98acbdf93ebcf80bc9c99af5fbffacb61a9251c5aafdb22b1129bfc60c98e0f175263bdf93dc9a08b8efc2e8cdaf0f83d6c49ec901645eac5a4ff63385a6f1af2071897662a372219c9301f545a2ebb8f5917db7f29ca13fc861af38d90c35c03ac9184c122e57b057cde426fd76dca79e25e64dbb41c8414a0450da4905b902ae98d2da4ba792801: +1fe7327ea907d3ff179b117811d30193fcba4c347b90657feed98deeecda9ac9eef301b16fd7bf3c7b640bf5ee8700ac5a87169eab5f56015b3f499d955e07eb:eef301b16fd7bf3c7b640bf5ee8700ac5a87169eab5f56015b3f499d955e07eb:19a832f26fbb0239f0d9d26a2ebded2403c2a406dd1f68318d677afa64f35043316a5efd729783c7f9d18c09824614652091886cc954be9f9312d4586bf36f3035ac703438b0cfe3dec5077813c710d1447561ab6157bc7ad5eab5b0c0afdcc9db77e66fa8071366829c501096c3d3a938218a6e4207109d1eb81f7d88bd6fbb2aefb1adef3594aae57c46b7b984db9468cd962c6184fb976f0e2aa84152deb1c76aea75ae488442943a80ba7d98a28cb864b5e87cdb284ad6e8d7aadc6b75d69d3bd345783b3ebb676ff95d7b4191e599851c9628835c7c01197e7c8f86f9c8fb49fe3e28458ba9b0236219bd46c28df6532496994ac9ba733c0105a02a269a2be8b7cb40074b881602ef9247052de9d637089188bd4c185ccae258a2ae9856a2cbf8451117683ce341f8096e1d91e874c5cb8a4e0939eb77373a9a0eb791645b8f5460472d669d8014681a5e778706cb5566bbd4727d1716b23c620d228b5d4dc2b352b423931f8a7e8fb59edad8ae42458729861a98e0c850a77ed655e7fcfe4fe36f9772df1ac3c643ad31db5630d571df9fcc9c50de7622108411962bbf72defbf49e997059c7311bd9ddd5b338a9851938d37e7a262108a291e2016803bbeff4f9c776125ceb7e7272b51c7c33461d8089f8408d8dda92506d5002084d4f414d8a4d28d3694c88630e31801990d95271cef47aa5c263f97b7daca1788701436329b5bfaf72653c166db087708130c5c0d78cc4e9064f860680271afe4c409853c2fad675:9c7fdb53fd606bc7c9c223fe9431e1ad009546d00098812a495197f2541e87f8d6f5da22ecefcbb7da56662a7309d10a6c4a4f7f299278d51bbd11e0cc1b870919a832f26fbb0239f0d9d26a2ebded2403c2a406dd1f68318d677afa64f35043316a5efd729783c7f9d18c09824614652091886cc954be9f9312d4586bf36f3035ac703438b0cfe3dec5077813c710d1447561ab6157bc7ad5eab5b0c0afdcc9db77e66fa8071366829c501096c3d3a938218a6e4207109d1eb81f7d88bd6fbb2aefb1adef3594aae57c46b7b984db9468cd962c6184fb976f0e2aa84152deb1c76aea75ae488442943a80ba7d98a28cb864b5e87cdb284ad6e8d7aadc6b75d69d3bd345783b3ebb676ff95d7b4191e599851c9628835c7c01197e7c8f86f9c8fb49fe3e28458ba9b0236219bd46c28df6532496994ac9ba733c0105a02a269a2be8b7cb40074b881602ef9247052de9d637089188bd4c185ccae258a2ae9856a2cbf8451117683ce341f8096e1d91e874c5cb8a4e0939eb77373a9a0eb791645b8f5460472d669d8014681a5e778706cb5566bbd4727d1716b23c620d228b5d4dc2b352b423931f8a7e8fb59edad8ae42458729861a98e0c850a77ed655e7fcfe4fe36f9772df1ac3c643ad31db5630d571df9fcc9c50de7622108411962bbf72defbf49e997059c7311bd9ddd5b338a9851938d37e7a262108a291e2016803bbeff4f9c776125ceb7e7272b51c7c33461d8089f8408d8dda92506d5002084d4f414d8a4d28d3694c88630e31801990d95271cef47aa5c263f97b7daca1788701436329b5bfaf72653c166db087708130c5c0d78cc4e9064f860680271afe4c409853c2fad675: +5f9dcd93fb140610b0e211b39addb1eb87ba97804877afbcc381388cad650845182a237d878c581933332b4178b67ec408b3194d44e4e69392ef800b267c2949:182a237d878c581933332b4178b67ec408b3194d44e4e69392ef800b267c2949:c38b874d3ff010fff1a6613bfa134257b24833cb536de3e74992c3cb01fe3bbdeed97dc3c4596fa44061442bd31a9d4aa8c81e34ad9888718206635509b133b1ba69cb1aa0e75c7a1893c080161d26152acef40f6ef4210e952a49828b5cdde804bcb536cdc349a8e831b4b69d3785a76bd9fb27080565972d0b8fbd16f3f960a6bf3ba0c5b9c404967ec1affe59b8c4ecc650fdde1cb06b70595ad4d325da0fab4c5540a7a8d5ebeacc4e99bd0dc96bde82f2bd7d9586308465e55b1cc388d750486bdd5c7264d54f5614d48726d99e44d7778d9ed0323958ab9858e2b25df2bf994ba3e625e2803b6c6931e7a9926f1e61ed862403ce392ab83b7d1b66085dcc06d82dbf176d016d9f44cdcb5072d004591e92d0459ef05a51b8f54ba17251e16621ebb753e5b1590c02d21e40f4b75eee4602860b9741fbbc0d2e385b8daca83cce68c34a99bde6a60d13ba64347d0a38d64b2ade250f38852c4eda2e2e4f303c3de1a8a9d4ab3300c9e63622879fc8537ffc63b18561fa1fff65531241515a62bb9b08b80af37667a601ae04171793cc83b11adf9c30ca9f4dabc7b401e16a1814cfc750248cc2f77e03f9c4334465ff6a2c83cbb56db4b734751043832c4000972ee3232f929f23337eba5e651e34cbddfe68ba219b632e7acdbd4630a031bf1689fbbc7fbbb210dbf25ee87e2ef2b3cbaf8d9ebd8fc92c3a58d3c05b1385a76c87791d7cd3741b71b6c329de9a9d7508a0c156a9521a9020563099a82b8770ae9a944a7e94:c1915e052b664797e0d5faadc78f2a009d6fbcfde03f3aaad59b9f4588e7fc3b21990c5208d3d76b4aa95bd934e88d3c98c591930a59de2a056701d9f7577400c38b874d3ff010fff1a6613bfa134257b24833cb536de3e74992c3cb01fe3bbdeed97dc3c4596fa44061442bd31a9d4aa8c81e34ad9888718206635509b133b1ba69cb1aa0e75c7a1893c080161d26152acef40f6ef4210e952a49828b5cdde804bcb536cdc349a8e831b4b69d3785a76bd9fb27080565972d0b8fbd16f3f960a6bf3ba0c5b9c404967ec1affe59b8c4ecc650fdde1cb06b70595ad4d325da0fab4c5540a7a8d5ebeacc4e99bd0dc96bde82f2bd7d9586308465e55b1cc388d750486bdd5c7264d54f5614d48726d99e44d7778d9ed0323958ab9858e2b25df2bf994ba3e625e2803b6c6931e7a9926f1e61ed862403ce392ab83b7d1b66085dcc06d82dbf176d016d9f44cdcb5072d004591e92d0459ef05a51b8f54ba17251e16621ebb753e5b1590c02d21e40f4b75eee4602860b9741fbbc0d2e385b8daca83cce68c34a99bde6a60d13ba64347d0a38d64b2ade250f38852c4eda2e2e4f303c3de1a8a9d4ab3300c9e63622879fc8537ffc63b18561fa1fff65531241515a62bb9b08b80af37667a601ae04171793cc83b11adf9c30ca9f4dabc7b401e16a1814cfc750248cc2f77e03f9c4334465ff6a2c83cbb56db4b734751043832c4000972ee3232f929f23337eba5e651e34cbddfe68ba219b632e7acdbd4630a031bf1689fbbc7fbbb210dbf25ee87e2ef2b3cbaf8d9ebd8fc92c3a58d3c05b1385a76c87791d7cd3741b71b6c329de9a9d7508a0c156a9521a9020563099a82b8770ae9a944a7e94: +925ebe04c6eac49b26738d6c1300f31fd4828478cbe97dab18bb889642e1e110cd7231b6eb74e1fe9f926f00d8de2c513d49640525b0795cab893d0c8929e3e0:cd7231b6eb74e1fe9f926f00d8de2c513d49640525b0795cab893d0c8929e3e0:e6c0bad23a92ae8b1d85778288157ac6c617c63363341d777870341bb10a8d3dfc89be4f55ad4f64e83bf2499b69fdf72174d2844e6bd289daaa035fec5bf7cf45522119dc7a8c811d79578c5bb0f6d34db507ad1fb6dbfff997b79dacfb3da50a415e350c998c0a02800aa50ffdfe5f4276d8e6bb82ebf047fe48711daf7a893bdc7537bdaedf3dcb4dec5d24586811f59b25b19e83ca61e5592fedc08ca54473cea2ec121baa0e77fb2d9d765657de67980ed57f2f177858b6decf84ff90212d9647f41eed9b9d0ea3d8d621e4bb4041acc5146e96dfcf14ea962d30c8ccb39ea2be958c9b8774451bfeb7ddce716e94923cc85fbd3a3130780e2b3b2bb76da5341912a4e994cafa19bba19732f2ea402d71d3d8a969679b9d104243d9839c69ee9e955e1c60449788d1f4f6651f4bc9b94d73522ec0cf72cacfcf19f1f03ad6232104b55cbb8b5bb1e21344713d482742d6abc5a957174f623b8495272cc1e2b8315e5c80f947f500c83d8544f7cd4f65348949ef4420d7fc831fa4ae2ee18dbba614925ce1d767c177a626c4527a8154b57292186b044cbf92894253b00fd9343f9e697b1412eba43597eb72a669aaa2d77eacb968c20fe19505a38074158621b606f77d97bc6ebe50e7589293db27fc7dfe631a4bee83b22682a77328c36d9d7d1d891d65217cc47864f680dc8b5fd1a01a0f7c34430f77060b691a1ad213d22868e61bbd38f43f0c8b4da68a58318666c099766170c2db766aaf417f556cc9a0a3934e9fcef1:2c4d69bed5ad8b9584d849cf3df2bac72282b5f30de266b14f533ca96e9550c4b854c154bdc17aa880cf001a6454ffafaa2e50178de21216ed126b63f77f2d02e6c0bad23a92ae8b1d85778288157ac6c617c63363341d777870341bb10a8d3dfc89be4f55ad4f64e83bf2499b69fdf72174d2844e6bd289daaa035fec5bf7cf45522119dc7a8c811d79578c5bb0f6d34db507ad1fb6dbfff997b79dacfb3da50a415e350c998c0a02800aa50ffdfe5f4276d8e6bb82ebf047fe48711daf7a893bdc7537bdaedf3dcb4dec5d24586811f59b25b19e83ca61e5592fedc08ca54473cea2ec121baa0e77fb2d9d765657de67980ed57f2f177858b6decf84ff90212d9647f41eed9b9d0ea3d8d621e4bb4041acc5146e96dfcf14ea962d30c8ccb39ea2be958c9b8774451bfeb7ddce716e94923cc85fbd3a3130780e2b3b2bb76da5341912a4e994cafa19bba19732f2ea402d71d3d8a969679b9d104243d9839c69ee9e955e1c60449788d1f4f6651f4bc9b94d73522ec0cf72cacfcf19f1f03ad6232104b55cbb8b5bb1e21344713d482742d6abc5a957174f623b8495272cc1e2b8315e5c80f947f500c83d8544f7cd4f65348949ef4420d7fc831fa4ae2ee18dbba614925ce1d767c177a626c4527a8154b57292186b044cbf92894253b00fd9343f9e697b1412eba43597eb72a669aaa2d77eacb968c20fe19505a38074158621b606f77d97bc6ebe50e7589293db27fc7dfe631a4bee83b22682a77328c36d9d7d1d891d65217cc47864f680dc8b5fd1a01a0f7c34430f77060b691a1ad213d22868e61bbd38f43f0c8b4da68a58318666c099766170c2db766aaf417f556cc9a0a3934e9fcef1: +4dd3b478ebdc59472bab14a8cdd0c2fdac5723ee04dd8917c7cfe7a536485c775bccb37e68c234bead49337de208afbaf611811d965859a06d31301247d66acf:5bccb37e68c234bead49337de208afbaf611811d965859a06d31301247d66acf:1cdbd28556ec44e8705afda92bd5a53f95d8fe8b0ffe463373633316c52274c11edcd61551e3199e494dff6d906a739e7b324303fc47827e56def0bdcc46b816017c712305370263babd2c71be478f41ce30b1df63bedd3b2e6a519c53df515852c4137bc1aca49bf4c4631fd6564657d11cd83ea73cc3d0cf9e3b3c3e7ca99b4f12a9c9b67c8798148e0a0dc1ef8bf58642a14f97a572135514c10b19aabec25a9c6b35aa4034a57aae1b6d05bde2b6330f251d78db0993f0ca4c26386e3489a2092833b8acbbc4f4917fd3093df582fff71ece219d3672455582609c0db8d96a70fc8aed6798de54bfb2b3ee6c5d328db163593f58019f38f339fd3753f896a4a2cca8c1400a77ea391935f34e2639c560860810bbbe4be1d16e012c11490aa84f2964c877c293b300f43d379f3eba9af391dee510856a4ddcf76e0a0ae06a6a7c0f9c5e3fa1b8354fe8977b4ea3b20661491fa4613ba62f556d5d5da8213d0121de2c8725df0aae048ac891abbc06bdcef3c3effdf5a31749476f814db9457945f0d91e14080056be921a16aa964a9298221b157594973e32969993310c8707e19f3143abc4fda7c8ad0160acf031aba652801aa81a016b3137039e27d6738d02800a93a86f9f5585c518dfa9e7d8ac727f37437e56d2788386e11653a04e165169f903972a01484751e7cb38632590ec80d5fce4541601a0e095785a9ee8d359edf26b9946e798da5998cbb736f94eb713463f79f561759bbcb4c4ac693cabf2e1e036b2d0b0879a:5788e79e843bde9ef11a9dfac970196a567c6308c348e5174b387795046d590a47491fd71d97aeaa78c1615971b83490e8592820f9592ac76269b9d2ba7029011cdbd28556ec44e8705afda92bd5a53f95d8fe8b0ffe463373633316c52274c11edcd61551e3199e494dff6d906a739e7b324303fc47827e56def0bdcc46b816017c712305370263babd2c71be478f41ce30b1df63bedd3b2e6a519c53df515852c4137bc1aca49bf4c4631fd6564657d11cd83ea73cc3d0cf9e3b3c3e7ca99b4f12a9c9b67c8798148e0a0dc1ef8bf58642a14f97a572135514c10b19aabec25a9c6b35aa4034a57aae1b6d05bde2b6330f251d78db0993f0ca4c26386e3489a2092833b8acbbc4f4917fd3093df582fff71ece219d3672455582609c0db8d96a70fc8aed6798de54bfb2b3ee6c5d328db163593f58019f38f339fd3753f896a4a2cca8c1400a77ea391935f34e2639c560860810bbbe4be1d16e012c11490aa84f2964c877c293b300f43d379f3eba9af391dee510856a4ddcf76e0a0ae06a6a7c0f9c5e3fa1b8354fe8977b4ea3b20661491fa4613ba62f556d5d5da8213d0121de2c8725df0aae048ac891abbc06bdcef3c3effdf5a31749476f814db9457945f0d91e14080056be921a16aa964a9298221b157594973e32969993310c8707e19f3143abc4fda7c8ad0160acf031aba652801aa81a016b3137039e27d6738d02800a93a86f9f5585c518dfa9e7d8ac727f37437e56d2788386e11653a04e165169f903972a01484751e7cb38632590ec80d5fce4541601a0e095785a9ee8d359edf26b9946e798da5998cbb736f94eb713463f79f561759bbcb4c4ac693cabf2e1e036b2d0b0879a: +074d9218c1217e75823c90e010484c2adb88ecccd2bdf0120aa3edffcfcbd4bf3735ad1919033d1617b85bda04b16121da1d861b404154fa961d4946e55ecd83:3735ad1919033d1617b85bda04b16121da1d861b404154fa961d4946e55ecd83:6b5aa40e9167bfdb847daa7d2786e28e7533e1d6ac53beb6f69b5953795a2bf59bbf7d141926968f50969bad742a4fb579d3250fb1be4c57ebf4f9112c70cd9f72a00db1c8896fe2b5bda7c7030f497c0b001ea25ba0d447f08c36db8b907c2f2abbbb620d3e8a2c66e4171285adcaadd1c14fe239bc595f098396aa8780ffb80fe1446a07001ec234d82abdcd8100793915b0b3f80d84e20e51eabc797806f3be8108a4f437550b06694050a82931ac40c0a48977edf6ced2428d7cfea8205506de86408065d1a19870fa33a7081037b3ee4491b6e7f3d10b14a30c209159a1c81231a35f0365b47d3e0da04a32c95d98333c44f572cdaaa905d069197f6e861b5dfcdfb9db6c7b0d0cb00f37c916a1c4c0b8985b09f334095e1283edfdd4e62a2941099a2b693696604d994311e3d5f6106683e1d7a1c7e53df7b790947a9a801a0ccd484395f6cbfd9ca4d9804f18d52bb0f946d1a89f97a6fb0680a8c4c057b6062b2b9de7c0374879b8a6a6d2c10aef780508eb28bb569a08350944c82f6ef28db2304db697c3ae1af43a500b0b974803e9f46ea2a02e85ed27dda616d24d6db3cc4f5aed8240b1aea3dcf69dee5f14f95e6e72987bbe6189bc2045f0d783a7b47bfc19830bc7f4e798abe90245fbd43f37c3f036d1cbf1e73dcb1d9daa87379b1106973481a215c1f4f46c1603a5d5cd97b7076f1f5dc789aa6a71e72ef54ed328a4ab64340539ffd164d0ec645f322d1bc37112dc08d8c8079d19d37abb2353f48b5c492f806ed2:b1f71c3bd1b6bec43337e26dee655a8d5f4a8dad84a51184b775b686fad31d8029e3876927f9576e90c3624875fc0029a5c10a8a0af75d7a880c6844a4a83a006b5aa40e9167bfdb847daa7d2786e28e7533e1d6ac53beb6f69b5953795a2bf59bbf7d141926968f50969bad742a4fb579d3250fb1be4c57ebf4f9112c70cd9f72a00db1c8896fe2b5bda7c7030f497c0b001ea25ba0d447f08c36db8b907c2f2abbbb620d3e8a2c66e4171285adcaadd1c14fe239bc595f098396aa8780ffb80fe1446a07001ec234d82abdcd8100793915b0b3f80d84e20e51eabc797806f3be8108a4f437550b06694050a82931ac40c0a48977edf6ced2428d7cfea8205506de86408065d1a19870fa33a7081037b3ee4491b6e7f3d10b14a30c209159a1c81231a35f0365b47d3e0da04a32c95d98333c44f572cdaaa905d069197f6e861b5dfcdfb9db6c7b0d0cb00f37c916a1c4c0b8985b09f334095e1283edfdd4e62a2941099a2b693696604d994311e3d5f6106683e1d7a1c7e53df7b790947a9a801a0ccd484395f6cbfd9ca4d9804f18d52bb0f946d1a89f97a6fb0680a8c4c057b6062b2b9de7c0374879b8a6a6d2c10aef780508eb28bb569a08350944c82f6ef28db2304db697c3ae1af43a500b0b974803e9f46ea2a02e85ed27dda616d24d6db3cc4f5aed8240b1aea3dcf69dee5f14f95e6e72987bbe6189bc2045f0d783a7b47bfc19830bc7f4e798abe90245fbd43f37c3f036d1cbf1e73dcb1d9daa87379b1106973481a215c1f4f46c1603a5d5cd97b7076f1f5dc789aa6a71e72ef54ed328a4ab64340539ffd164d0ec645f322d1bc37112dc08d8c8079d19d37abb2353f48b5c492f806ed2: +d2ea2dff7af0ba2a6bed7f6cc68c0df664a6b10ce801c42ed5bbe617bcc8b84aab44706344026ed35e21982964f7b4dbbbe207fd27c46799701c19a4d88d1d72:ab44706344026ed35e21982964f7b4dbbbe207fd27c46799701c19a4d88d1d72:03ab5daebc6e70d352977932a03107879bd55dafd0c6ba7ad9697a17b127b3a74a3eaebabd0f8eeebfc0483d63fedde52deb46a3752449c9c4495c51a1c91f57e3ad2e6d01a13d0c470c5291b8e912288340970fbb85787b8b376d72175250e8cd90c07888bfef5ebf5086c8ff2abcdd12d214b9c45d120873b4602e57a6aab0b828d1084dffaa3651ee35662695b7f3433f4ab530c29ac6cc5bb43eccd1b6898b9ef7aec6d5aec68d5c1114bb5df7820966594c994d640891b8f2dc5d25638de43549d86d34306ff3f574575116405b9e8e286ee0cd978a76002c4435feaac6e84eae1654f339a567d8d04fcfa3eb6a04b9adc666021300e9ee5972b3df5d4d0dd4bf7921dc98de82cef2d1b1d61b797fc9968e118484c41342416ddc6adc4ee5d687d94a40ce572f42a2048668c175cf7b1f24c4efd020554fc6f642e14a57baec23e95c2514306d0a6d33648841497eac48eabd96d04731bab08bf5ea9d43e0cf9a37faafa732869d68e7d5fe6954f8a319ef55da1e178e43e84a3b9aa3ad00c29b1d161163df4b79f288e9391d70a2f8813d66622e8ac333fa6aa5311eabec383ba4cc122815de008877efbe6e12c322c975434afad173ebe24203d916d57578bd2bcacc78f6e2564513f8d113a833c2c226eb97ba2e23361a5d02664ab377f964c4300be2d77b62d9240823a09884df307eff3be5664d72d11ad513e1bc5610dbfd1009db39f0cbfe470555ec1b56b871670793d3b704fb06ee950b1ad2a4d7297ca58bbad810c3fad4:9abdb9dd2ab77b6f5e1b91ba0b613f5f360efb500d3fe99290ef7ca14bd2b330f405a4f7dcdaef4923d3111d40bf0320353386f634b40de6f04de9190ad51c0803ab5daebc6e70d352977932a03107879bd55dafd0c6ba7ad9697a17b127b3a74a3eaebabd0f8eeebfc0483d63fedde52deb46a3752449c9c4495c51a1c91f57e3ad2e6d01a13d0c470c5291b8e912288340970fbb85787b8b376d72175250e8cd90c07888bfef5ebf5086c8ff2abcdd12d214b9c45d120873b4602e57a6aab0b828d1084dffaa3651ee35662695b7f3433f4ab530c29ac6cc5bb43eccd1b6898b9ef7aec6d5aec68d5c1114bb5df7820966594c994d640891b8f2dc5d25638de43549d86d34306ff3f574575116405b9e8e286ee0cd978a76002c4435feaac6e84eae1654f339a567d8d04fcfa3eb6a04b9adc666021300e9ee5972b3df5d4d0dd4bf7921dc98de82cef2d1b1d61b797fc9968e118484c41342416ddc6adc4ee5d687d94a40ce572f42a2048668c175cf7b1f24c4efd020554fc6f642e14a57baec23e95c2514306d0a6d33648841497eac48eabd96d04731bab08bf5ea9d43e0cf9a37faafa732869d68e7d5fe6954f8a319ef55da1e178e43e84a3b9aa3ad00c29b1d161163df4b79f288e9391d70a2f8813d66622e8ac333fa6aa5311eabec383ba4cc122815de008877efbe6e12c322c975434afad173ebe24203d916d57578bd2bcacc78f6e2564513f8d113a833c2c226eb97ba2e23361a5d02664ab377f964c4300be2d77b62d9240823a09884df307eff3be5664d72d11ad513e1bc5610dbfd1009db39f0cbfe470555ec1b56b871670793d3b704fb06ee950b1ad2a4d7297ca58bbad810c3fad4: +7a60cdf1870460de8ae7781176d5127e71207faf2f210bd4dc547385b667f2f2ead67a9cf34d0ff14e79afa46f2dc996e9ac0e3e076322fbb4009767b133f01b:ead67a9cf34d0ff14e79afa46f2dc996e9ac0e3e076322fbb4009767b133f01b:9dc023a525d01ba3513798b738c79162926ebccc0adf1e57ac47c20dea6ce1375c3d2aaa1733b7f0c3bd945c335ff3576112bbdc10b6783ba654e8c61047f2773aa229bf846922a89c6a73d5f1051e8d96ed36d7d6747e063a7ac602f19fc52e021a4bbc28b03514fbd51c7b3fd659f12d547d0592dd09f873c9ecc6439c7e931ad0e4856be31c605def2ed9b5d13c5942b2f325397dac6c9760e9b1bb0c06f713cb920c234bccfee9f0b85dd020f7988f3be1cc66e9e51babe2fee237eb84ec7eff9409aa91c194e30db1e065015955de9746bba03f7edf9a587512409a4161fa77ea62ccf431602dcdcf365ed6bf0aeddd32f7c844e3a34d266e28382f4062fd4d6f8214252104d643a9bfd8071716371ccbb54c8cc8db79add65bcbcea0d080d8402803fe232df70f76577247a63d5583bbd5642767bc63f3c5a7bb3a47eb12984e4541f41fdb55869a08fade66c20f69a5a9de25f6b36ba18ace5b4ac336bb2a8ebf630ad03e8bb8731d01e84b91d024d117459a74892e93d53b61e6b8068e4f04b4181f0387b4567ccd45e1b8718a2d7d787872f3dcf87a15935ad7daaa744ed68a28666a51a10d39fc139cdfe9a6873076f7c425009c38faee135e513207b06e7ba35685f5072da34b6045b57cd5d1b1a1fdf017b8aa8ebd27522bc95e47908734e41722a767905c5ecc30c72481b6c12bf4ace94d5bb3a3155691b7075b40ebf5968fdd903d8fd3cc50b8d6464859b10f755132c6d9b6dad1d6f14c4185b264d3497a4e549877fe946e:b2e08142bdd62b786592c091f5fe6a9b7f30ce134c3b236fbc6dfe6734f88270ac58f6d74b4fd99c22451ca465a42c006db25af215ed241af1189627c6050f009dc023a525d01ba3513798b738c79162926ebccc0adf1e57ac47c20dea6ce1375c3d2aaa1733b7f0c3bd945c335ff3576112bbdc10b6783ba654e8c61047f2773aa229bf846922a89c6a73d5f1051e8d96ed36d7d6747e063a7ac602f19fc52e021a4bbc28b03514fbd51c7b3fd659f12d547d0592dd09f873c9ecc6439c7e931ad0e4856be31c605def2ed9b5d13c5942b2f325397dac6c9760e9b1bb0c06f713cb920c234bccfee9f0b85dd020f7988f3be1cc66e9e51babe2fee237eb84ec7eff9409aa91c194e30db1e065015955de9746bba03f7edf9a587512409a4161fa77ea62ccf431602dcdcf365ed6bf0aeddd32f7c844e3a34d266e28382f4062fd4d6f8214252104d643a9bfd8071716371ccbb54c8cc8db79add65bcbcea0d080d8402803fe232df70f76577247a63d5583bbd5642767bc63f3c5a7bb3a47eb12984e4541f41fdb55869a08fade66c20f69a5a9de25f6b36ba18ace5b4ac336bb2a8ebf630ad03e8bb8731d01e84b91d024d117459a74892e93d53b61e6b8068e4f04b4181f0387b4567ccd45e1b8718a2d7d787872f3dcf87a15935ad7daaa744ed68a28666a51a10d39fc139cdfe9a6873076f7c425009c38faee135e513207b06e7ba35685f5072da34b6045b57cd5d1b1a1fdf017b8aa8ebd27522bc95e47908734e41722a767905c5ecc30c72481b6c12bf4ace94d5bb3a3155691b7075b40ebf5968fdd903d8fd3cc50b8d6464859b10f755132c6d9b6dad1d6f14c4185b264d3497a4e549877fe946e: +3379d25c1117cf802ec79c06575d18e6bece4c7093dd43fdee03685c70b2fa9f8525156fe29fc2fbf661ba50182be20c8998d941493d5933dca4d8b41fb442d5:8525156fe29fc2fbf661ba50182be20c8998d941493d5933dca4d8b41fb442d5:7acdb39f1226bd3abffa50350a1497d761f8f0aaefbfbbbb925ff563e38976aa172d407b61ffdfb1cd538a4cd000b57818a0bc92c0e0cd0a5abfcf578300f5f4e6cefa267275d17845da7066fd4e18010027960cd395e682ad71af349bbdad5ebaa0f11a7761e19ea1bef6610743164b17141453b472ae2c8f36ce6b080f1c0745352454ce5aeae11c9d75de3c08004265fc4ca80d33b26eae1400dfd8977bf723a616daeb6d42199010b73e193ab72a58bdd248a7f4111ca50c1de646bfea7b4d5baf0f93dd973ee93649e21ec0c6c4fcca8cd6ff69df761612021d85ff1fb2a95337da4805a76d347ee71ef19c0dffb59f15f650293abb9721053f7406905ae683f96c83a3a7447b1afb14e1208c639f37a9750ba21da5552cc204eac453ca036282f7e0961093c39ec118138dcf71cf2d28fb96a24962b52d3393f880653bcba2c9b9d57b77c522f421fcf5ad75fba9cf3389b123aa97521713fff88467deb8c8991d4b57c1438170537cb50cdcc657e50e5c480e12c0d44939b6399944e7c71e186c2abb81fc57348836d5e57b72b224a6b71b6caf721aca73478cb6cf5fb89071ae3a398202dbb38c30812563bb9a23406657a956d305a3449a60cc8641b62175a7170c23bd5a25f0f12e15a7ed91fada6a4a2f0e7b155a3d6485ec03ce6e34df7e216240bb28a2dd732ff790d2286e200b33c29a31a5e19ad2cd02974badc4bc22deb7504c15241fc1060c8acef4fbb25ec7602fce36a27bb87b6e6423e6b4f6e36fc76d125de6be7aef5a:4c36bfc81eef00b9cb3ab514c6d451b993361e09a4be4b5040926feb0e0d9b52f03de468e7bad83f379154bf2c437a71f754f3f40798eeebd62e55f2be7714037acdb39f1226bd3abffa50350a1497d761f8f0aaefbfbbbb925ff563e38976aa172d407b61ffdfb1cd538a4cd000b57818a0bc92c0e0cd0a5abfcf578300f5f4e6cefa267275d17845da7066fd4e18010027960cd395e682ad71af349bbdad5ebaa0f11a7761e19ea1bef6610743164b17141453b472ae2c8f36ce6b080f1c0745352454ce5aeae11c9d75de3c08004265fc4ca80d33b26eae1400dfd8977bf723a616daeb6d42199010b73e193ab72a58bdd248a7f4111ca50c1de646bfea7b4d5baf0f93dd973ee93649e21ec0c6c4fcca8cd6ff69df761612021d85ff1fb2a95337da4805a76d347ee71ef19c0dffb59f15f650293abb9721053f7406905ae683f96c83a3a7447b1afb14e1208c639f37a9750ba21da5552cc204eac453ca036282f7e0961093c39ec118138dcf71cf2d28fb96a24962b52d3393f880653bcba2c9b9d57b77c522f421fcf5ad75fba9cf3389b123aa97521713fff88467deb8c8991d4b57c1438170537cb50cdcc657e50e5c480e12c0d44939b6399944e7c71e186c2abb81fc57348836d5e57b72b224a6b71b6caf721aca73478cb6cf5fb89071ae3a398202dbb38c30812563bb9a23406657a956d305a3449a60cc8641b62175a7170c23bd5a25f0f12e15a7ed91fada6a4a2f0e7b155a3d6485ec03ce6e34df7e216240bb28a2dd732ff790d2286e200b33c29a31a5e19ad2cd02974badc4bc22deb7504c15241fc1060c8acef4fbb25ec7602fce36a27bb87b6e6423e6b4f6e36fc76d125de6be7aef5a: +ef38c3fc74f054ae43e8d29d6ba6dc80b5af848270d4af58844d24bcf987414e0ae1478b05fb329965ea0fa928dcbe81a0bdbb6ff66c811671635e4388888051:0ae1478b05fb329965ea0fa928dcbe81a0bdbb6ff66c811671635e4388888051:bf290db3dda8763937ae4c83746705327295c2c248068f5ab85c8b5d756f4e3e34062b5549387261476bcbd1e7331990f11910d11f94607c2b71f65b771aacabdc10f42ae918dd2594ac71051c85b330779c47af00a5b98191b56cbcf7efe41a27e87c677168c8abe9496eb2e7abbd0b1604286ed1a1b18d264d733de87d0d3f8055528c4d426d7f8e6ed024a74140abd354007962a2a97a5c2ff976546a8d1ac4924c09223d348ddcd8710a3799f91bb870b3f46d51f1e7f6892d6b08b991748a037a867ecc39ee8d6462a7614488edd3c2ba615ca2e37854889441b13dc835c36b38653f6598616f35783e2e158384bb931c901b703acb3991fb7aa5ba69d9a5bd0570242961a71a52470315e982e341a61c64a619bd16fe8119aae0d7503ce7d7e926146b91c2892f131669d1e39e5b75e9c72452618099a57dc2ee377be65875ee01bb88ed526fc394e2f5c8127a5f69125e67385ef94b1f33ad52629d720e31c02ae0b582339ff0f0bb07ff2b030f48fa7b692716501ad7773ad3151204a2a540fa9436bdd4202a157309ec36cecbe58b33eff557fd33e03fd3eb19009bd7a2dea9efeef8785567aab2a4c98bd1f2a81011b343a9f20c44c577a452fd54ba21029d4706813b2987c76bb242ab2620843c2260b669ad358efee7f9830dc9c7d478a2de4a2cf8c43da770e288e2edbb6d73bcf2ecb023de6b2dcc6b166e87a385eb0adc305665c5bfa57f250fe223ad7ff4518de39c79e87dc101a9faa6821a74442bfcfdf0a9e63a509e2a2e76:1d3ac6b6bf18ab5309148799485b276d20401c6af5f9b2f6032395a3c2f4b673b7140c07cc26f4fc56a5ee00b0746b2a80da6fdad17edd114920101d2c89c30ebf290db3dda8763937ae4c83746705327295c2c248068f5ab85c8b5d756f4e3e34062b5549387261476bcbd1e7331990f11910d11f94607c2b71f65b771aacabdc10f42ae918dd2594ac71051c85b330779c47af00a5b98191b56cbcf7efe41a27e87c677168c8abe9496eb2e7abbd0b1604286ed1a1b18d264d733de87d0d3f8055528c4d426d7f8e6ed024a74140abd354007962a2a97a5c2ff976546a8d1ac4924c09223d348ddcd8710a3799f91bb870b3f46d51f1e7f6892d6b08b991748a037a867ecc39ee8d6462a7614488edd3c2ba615ca2e37854889441b13dc835c36b38653f6598616f35783e2e158384bb931c901b703acb3991fb7aa5ba69d9a5bd0570242961a71a52470315e982e341a61c64a619bd16fe8119aae0d7503ce7d7e926146b91c2892f131669d1e39e5b75e9c72452618099a57dc2ee377be65875ee01bb88ed526fc394e2f5c8127a5f69125e67385ef94b1f33ad52629d720e31c02ae0b582339ff0f0bb07ff2b030f48fa7b692716501ad7773ad3151204a2a540fa9436bdd4202a157309ec36cecbe58b33eff557fd33e03fd3eb19009bd7a2dea9efeef8785567aab2a4c98bd1f2a81011b343a9f20c44c577a452fd54ba21029d4706813b2987c76bb242ab2620843c2260b669ad358efee7f9830dc9c7d478a2de4a2cf8c43da770e288e2edbb6d73bcf2ecb023de6b2dcc6b166e87a385eb0adc305665c5bfa57f250fe223ad7ff4518de39c79e87dc101a9faa6821a74442bfcfdf0a9e63a509e2a2e76: +7e7b39af69380cf44660e2c1ff308334e8250feeb88be0d43aabe5e68b8ef171ccef9daed92523533d4a2dab6d2419f6d08604db64ce37e32904ac77b9b4a01c:ccef9daed92523533d4a2dab6d2419f6d08604db64ce37e32904ac77b9b4a01c:d4a3976dbf8320185667b5a8236640f2ebc9e45e6d5f2a8d92997927dd9bc5db95f44634bd654eefece10d99d92b46715791645004accc6d140f32a1c872e54aa9a7493af94588b7bb400d94d458d43292307c5a1a3882a1c8a6a78d9a945f79d64b3294a28c3d59d82022b009cc4d2da93a16b071c9ab8ee9a3663d72ed344f151d68c666a4b49652d97a46d142a4741127f3c57f1551c40976cd1381a82aeae7bc5adb398720eb433f0899487ed2378446b1a8dc6a33fcd4537a05fb603ec0a90a27532300242b2000108621b65ab000bc06381530f690d7e56f81604dacff1910715040410aa1f944c92dd9bbaa5bd08ea00c8442df94f085eb3de97335b6005e6f84f823d43470ab1c67da12ad449936c6b55f9ffd203dfd6e3f33309e8a9945a59320e66734c79c4814dba5a1c14095c62925a1e1733efd94817a25ef9e479dd9ccde6ca8adb7a8053c1b55134697504af8053d595b844640b61e93168075468450eb5de0358697c104afa6a3796a509c26b4c277c23fff42df146de55e95d0d4b80a7aa177d99227ecb2a0594deedebb9cafb1a458aca8072cc7d77c7175f610ca300efd7af9388346498c22991564500e0b0aa4d2946f18e6f5375a848286f36954c1ca22684c6928c2a25c7fe21aba4a7111d7e05bc8d70b3dcb4f6aaec064845eef5525f85024c2570f3b78698c4bcec0d71aad5378d8819e1fac44ee416370212dbaaae54d2af2939b82cbaae7f42ff485d45b3acc21090f5ba41ec0da309e52ef2838d1de471e0b7cf985:1062a2dc9cd5379675c04f5e21338dcfb77dfbabcedd62b2607100d7649a05e80871e96123214f80f4f73b0d9b06e2d31f56119cea69da2347da84a275b7b207d4a3976dbf8320185667b5a8236640f2ebc9e45e6d5f2a8d92997927dd9bc5db95f44634bd654eefece10d99d92b46715791645004accc6d140f32a1c872e54aa9a7493af94588b7bb400d94d458d43292307c5a1a3882a1c8a6a78d9a945f79d64b3294a28c3d59d82022b009cc4d2da93a16b071c9ab8ee9a3663d72ed344f151d68c666a4b49652d97a46d142a4741127f3c57f1551c40976cd1381a82aeae7bc5adb398720eb433f0899487ed2378446b1a8dc6a33fcd4537a05fb603ec0a90a27532300242b2000108621b65ab000bc06381530f690d7e56f81604dacff1910715040410aa1f944c92dd9bbaa5bd08ea00c8442df94f085eb3de97335b6005e6f84f823d43470ab1c67da12ad449936c6b55f9ffd203dfd6e3f33309e8a9945a59320e66734c79c4814dba5a1c14095c62925a1e1733efd94817a25ef9e479dd9ccde6ca8adb7a8053c1b55134697504af8053d595b844640b61e93168075468450eb5de0358697c104afa6a3796a509c26b4c277c23fff42df146de55e95d0d4b80a7aa177d99227ecb2a0594deedebb9cafb1a458aca8072cc7d77c7175f610ca300efd7af9388346498c22991564500e0b0aa4d2946f18e6f5375a848286f36954c1ca22684c6928c2a25c7fe21aba4a7111d7e05bc8d70b3dcb4f6aaec064845eef5525f85024c2570f3b78698c4bcec0d71aad5378d8819e1fac44ee416370212dbaaae54d2af2939b82cbaae7f42ff485d45b3acc21090f5ba41ec0da309e52ef2838d1de471e0b7cf985: +a9048af0c20a125f5d39c50f22b805ae742cf64f1fe8dfbe8dfdaa511aaa576f158655db94b15ca72983877b6db231a5843df5dbca2810a7e496fb59ab7104ca:158655db94b15ca72983877b6db231a5843df5dbca2810a7e496fb59ab7104ca:8eef2d9f5d59709959c924f87c22789767393a155d5c87de488cef50b7bf7da870e3adc300aee6603b2ef08764d99d9e7751e5dce92aaa71aa18a69cc823134e8552d959a0dbb41117e0a593c31833b6ec2172ddafaf7848ddd18d28d0d4ed33237ec804f65938aed8e8a3280d42e353d01be0187b1301f83d89849067b04a9031f7e0f33e3416240c53d9265ed0663959971f417cb5f210cdc5aebcb5e1db7dfb82df435876a6e98f415b0df869f0d8851535375645eef70faec744ee0dc3acbcb040f68d502c2c62c8db45ebe54854a4b36f43feb49a6d1c2c2ea79914a7c23c60baaa67cb47b2178e12dce76b004c87b7b8346efadf380b9e1e41f63148da51781d75cec040e4268820211f3c462501d80899894e79d618de42461d785aeace53ae14b79d33501ed5629bbdd07128156db0725f5b4bed593a952947830384f61df00ee0aa099099c3cd9765a9c1c7e8a6a83430b8d9867c8e17920ad0ff64d8cd2ff5f114388ce6d43eec1715d035f022fa97969e1a5dd9f58d896b17c1221c9e6c8555597235eeda6ec41b0c117612b00c5f0ed1816b057363582707a8aa0d98d4d4be5e8fa32d6c9d278221ef3067b8ba1516d9e051d2f68b7d1b151f74a3534e7812c051e5f2b63b3035f8e5703b5f68fd2d65bb7565e8aa67bfd2a12caf0bc5481197a9ff89d77df7a0e9655ef029b43dd906d0b888e313ae9d1c7e9368a01352d00c6680dd0f1f574a5877348a7ea2c0b9e8e2727510bf0c9ef744f369eb3c6c4fc16adeb6e1945be8287d0f30:18a312b20d86ac339a58ef2b852d467c23bb2cb1227cb15338af07fd04b9a711e856ee5b2c82e366c17f861713d1088c1b2144d1c37d05bdc00d7396738520008eef2d9f5d59709959c924f87c22789767393a155d5c87de488cef50b7bf7da870e3adc300aee6603b2ef08764d99d9e7751e5dce92aaa71aa18a69cc823134e8552d959a0dbb41117e0a593c31833b6ec2172ddafaf7848ddd18d28d0d4ed33237ec804f65938aed8e8a3280d42e353d01be0187b1301f83d89849067b04a9031f7e0f33e3416240c53d9265ed0663959971f417cb5f210cdc5aebcb5e1db7dfb82df435876a6e98f415b0df869f0d8851535375645eef70faec744ee0dc3acbcb040f68d502c2c62c8db45ebe54854a4b36f43feb49a6d1c2c2ea79914a7c23c60baaa67cb47b2178e12dce76b004c87b7b8346efadf380b9e1e41f63148da51781d75cec040e4268820211f3c462501d80899894e79d618de42461d785aeace53ae14b79d33501ed5629bbdd07128156db0725f5b4bed593a952947830384f61df00ee0aa099099c3cd9765a9c1c7e8a6a83430b8d9867c8e17920ad0ff64d8cd2ff5f114388ce6d43eec1715d035f022fa97969e1a5dd9f58d896b17c1221c9e6c8555597235eeda6ec41b0c117612b00c5f0ed1816b057363582707a8aa0d98d4d4be5e8fa32d6c9d278221ef3067b8ba1516d9e051d2f68b7d1b151f74a3534e7812c051e5f2b63b3035f8e5703b5f68fd2d65bb7565e8aa67bfd2a12caf0bc5481197a9ff89d77df7a0e9655ef029b43dd906d0b888e313ae9d1c7e9368a01352d00c6680dd0f1f574a5877348a7ea2c0b9e8e2727510bf0c9ef744f369eb3c6c4fc16adeb6e1945be8287d0f30: +f8c9183f23105fad0c6e5103358b583288f9ff6c7dfc91106d07987ff69ce1eb4c79628c958cde0cc3cf686095b8a2f44b7193c616f51b21b670b038ce6f67ff:4c79628c958cde0cc3cf686095b8a2f44b7193c616f51b21b670b038ce6f67ff:b1d60595323ff3c844874190e1836e4101409cbceae28d5da81fad298fe47f6bdf44745b7cd0d37131c3ec365b92f5a1a69c09fe2d9e81da10cf19d85ff5ff26f9e7db9f0793b25ab26e6a74f44eb8c4f078eb7ad18e65a16210d5c844d3cef75f1daf44eee558f90e524a032b6cae6c8d23367c28ce1c75fc25ac87433977d597533c92ae65f2913a18907ac7d9543df24127743943fefd9cf83ed833f63ec8367233d897bfa12d466d2c4a9ad70d5a672fc10775ea2d204e636de7010788da271df03881a25c8dfa5af73ee559f81b529b35aa127fdc0ee8fd369c7a0436623986aa6407fa67a1420c46f3211ab84f84466dd58bb79508a1feb0a5a5dc3bb0c1b248098262a064f37bb2f019e290c60afaa1206651a2697caacc3ecc02ecfc077f272e8f75cea71c3bc3356d2b5807276f1955001cfe10a61716b4082bd6f84cae4bb0d9a4b75a4b5762f81079f19d7d19eaff8631c924885bd3a64e129f4cf6b79c7a9829665511e9d85c745eb22c1b7cb2a17a49b6285cce37b3de415940328323efe24a1a07ee87468f6510e42dd206fe7f09e3d433fb52156ae348383115648863e45bf6a371b17e70e19f9627d7f0a58b95c6a4788d5fd7862f1612c0347325b797651be30c3e1e60ea4ae60b5745a38b6a9d4eb4935d6f3cb8d71ad3f39adda5e42e2219de0d381909c9cd317dd4379421a2a84268a7ea7180a64c129be1e5e8fcbbf5ed659e9f7e763ce84f630d5407954f9f755750a6dbf9f7660717de8e2adc1e9ac9ee31654d1837cee39795:c6a8bc7a0d5c6185b6ecd6033e42321d5c871bf889be72bd54cc0083ed60a470b2cc0fb4682c894c75b0df95f1ecfbba2d5acef3e1aafe54b9f7e803a1d0150ab1d60595323ff3c844874190e1836e4101409cbceae28d5da81fad298fe47f6bdf44745b7cd0d37131c3ec365b92f5a1a69c09fe2d9e81da10cf19d85ff5ff26f9e7db9f0793b25ab26e6a74f44eb8c4f078eb7ad18e65a16210d5c844d3cef75f1daf44eee558f90e524a032b6cae6c8d23367c28ce1c75fc25ac87433977d597533c92ae65f2913a18907ac7d9543df24127743943fefd9cf83ed833f63ec8367233d897bfa12d466d2c4a9ad70d5a672fc10775ea2d204e636de7010788da271df03881a25c8dfa5af73ee559f81b529b35aa127fdc0ee8fd369c7a0436623986aa6407fa67a1420c46f3211ab84f84466dd58bb79508a1feb0a5a5dc3bb0c1b248098262a064f37bb2f019e290c60afaa1206651a2697caacc3ecc02ecfc077f272e8f75cea71c3bc3356d2b5807276f1955001cfe10a61716b4082bd6f84cae4bb0d9a4b75a4b5762f81079f19d7d19eaff8631c924885bd3a64e129f4cf6b79c7a9829665511e9d85c745eb22c1b7cb2a17a49b6285cce37b3de415940328323efe24a1a07ee87468f6510e42dd206fe7f09e3d433fb52156ae348383115648863e45bf6a371b17e70e19f9627d7f0a58b95c6a4788d5fd7862f1612c0347325b797651be30c3e1e60ea4ae60b5745a38b6a9d4eb4935d6f3cb8d71ad3f39adda5e42e2219de0d381909c9cd317dd4379421a2a84268a7ea7180a64c129be1e5e8fcbbf5ed659e9f7e763ce84f630d5407954f9f755750a6dbf9f7660717de8e2adc1e9ac9ee31654d1837cee39795: +16089a1b932f8d14995688b48dd841edae3da5cfd2cb16555306f3fe8bd3edb99ecd9fdd7e0b923deff5d887b242585d9d41cd2c7c10f9c345b39f633f4ab903:9ecd9fdd7e0b923deff5d887b242585d9d41cd2c7c10f9c345b39f633f4ab903:58500232388d9aa4b5faf85b0233247e717fd16840de9bfd0ef86e01e61302775513e224125e0d20420ea949f6c26425f70077911f9711310cd6fd8bff27cdea11480c73e8f8b3c37641e7e8dd8607c1640218fec80a020928b93d4d557ebe82ec0bb17538867d2cb14d44d3ea727fdd52820b0da944de21cd5da303d776fe99cbc2648365e6a0a98d4db150842661768be84c68507a5c45d207840b033537786cb21dadad5fbab9c5cfc1e3547de550d313631dd4fbb7ca8f71938627608d2ebf655db4325abf3ed504dc183058f9de1e449312d904c846a184a028f364c028b27eb4946427e31c21e1051df364d499f477bf51e7a8893183e5ecf77d513a1a76b1a6fdfb16be90d74be4c4345a4f9f87ee441a1022d67ee844789f21b0c31adcc0d95663cdfb40a895b922dce8069b932c802fd3ab1ef0ce6bffdcc5653b1cd5257e19a0951687e545faf4aa66065a55c4b4191e34e8047d6a4ab52d1b06c369a426ca2d16b51a0271f27f8d744c711fce3aad9d4ac038ee700e4e971b21ca489ff2b8c778a3721adf47c1ae5a41b9a27fa742fd0f18164ef3c26b8ae7d1fa29b7c0cc4683be65025c96537a12d5fcebbd05e930c3693ebbba0a78adf59d8a3b598a348eaa9f47caf531fe449652db5b20d68994e35afec2c25709055a1de26082e3912d497c647720a3f873621456e6a5b9eb613acb43b66d47d0b954c69e8fbf2c5e634c486e5724930e0b56a516940c8cb0e775274deff97cbb7759ce90a2b93e9efaa624e6b38a39849dca1df612736f:7878ab741ebae2747c7897cbb1d105482f37be2f5f91795232cdfbccc526608918e2756ddb7536b3680c162cf8a1ef38a341b9362bfe5d468b4bce21df234f0f58500232388d9aa4b5faf85b0233247e717fd16840de9bfd0ef86e01e61302775513e224125e0d20420ea949f6c26425f70077911f9711310cd6fd8bff27cdea11480c73e8f8b3c37641e7e8dd8607c1640218fec80a020928b93d4d557ebe82ec0bb17538867d2cb14d44d3ea727fdd52820b0da944de21cd5da303d776fe99cbc2648365e6a0a98d4db150842661768be84c68507a5c45d207840b033537786cb21dadad5fbab9c5cfc1e3547de550d313631dd4fbb7ca8f71938627608d2ebf655db4325abf3ed504dc183058f9de1e449312d904c846a184a028f364c028b27eb4946427e31c21e1051df364d499f477bf51e7a8893183e5ecf77d513a1a76b1a6fdfb16be90d74be4c4345a4f9f87ee441a1022d67ee844789f21b0c31adcc0d95663cdfb40a895b922dce8069b932c802fd3ab1ef0ce6bffdcc5653b1cd5257e19a0951687e545faf4aa66065a55c4b4191e34e8047d6a4ab52d1b06c369a426ca2d16b51a0271f27f8d744c711fce3aad9d4ac038ee700e4e971b21ca489ff2b8c778a3721adf47c1ae5a41b9a27fa742fd0f18164ef3c26b8ae7d1fa29b7c0cc4683be65025c96537a12d5fcebbd05e930c3693ebbba0a78adf59d8a3b598a348eaa9f47caf531fe449652db5b20d68994e35afec2c25709055a1de26082e3912d497c647720a3f873621456e6a5b9eb613acb43b66d47d0b954c69e8fbf2c5e634c486e5724930e0b56a516940c8cb0e775274deff97cbb7759ce90a2b93e9efaa624e6b38a39849dca1df612736f: +94d50915144c7e7dd0f85fef87eddc2206c1569ed1431c8c5a153e32e1cb2fb73bb098cf160f3aec3170b57d6add4f56739270e4b3a8ef7966ec30619b299102:3bb098cf160f3aec3170b57d6add4f56739270e4b3a8ef7966ec30619b299102:4d915f27332dd75051719a24ae8d0e9c30da790999e22d9b587ef20321bee4c07d0a12494ffe599f47f96925f5d92517fc3e5f041d0c709f2a9783125eeca6652997201c429aa6f1ce2f07a0d4a0a18cf20b3e9a4f7663ea5262cad8f949411b05ff5c5edd7b30b217d75d8c86c94e5f92c16734374e8cead61b0b27bb4bf5f43a313c1dd5b83e0ea933b6cadfedd7a64aa5dd5b5d02c695ea20e091fdaa72ef4e7ca40f38395be8bf7a255c6d06a632d7d785d9e047f232aa50fa14529f986f9ef9d7b580a03965b0154788822a225bb5ab3438b89a5c28744ab0bc0b2014e5796acb4935a81b02a04632acb88caa7e39e069c7c8e1758291094a53e362fcedaaa583eca766efebf69b38e8cde9ce58e012c60ec88e8c42beadfa838cfe440fa0c01d659c9634576d7d7a2d3a044f99c6e4263d4c0b374a388a2acf38eff29c777e9daa60d598035a7d9edf67a502c3f573207b119cacac3fa71e2a0207c601cc0dd637ef562bacc35c57042738f1f55815a5268082cd6a508292fa29e34e9645d87a1a2b6e58adb7f4a57fbb53e9213ef3dc873f29396258a1ea546fb5952ce343cee9bbb90c1cda72c65a7c8e40312b328e231920c233077dca34d04f9d89daa9a2f43459165fd102ff5643c7175230b39ec7c3c475650ef131609d3220f5a294a403b1e1c42cfa162cd426f0ae43fd6b7ab547a62b7d5f847403c4e5987953877158cfdee23c04f751c7c86d078e824ca63b5e65543e978b6b0cc689ef664412b01b8ff165e7dbde3c099bf4f34ebddcb4c4:59a1ce55f5a6badc1b9391263620542cfcae87a0f2b9502250cfe4bdcbf76c461977c334a48d916edebd56c21ce217c35a6444cfbfd3b11a3d48fa2edb6eb40f4d915f27332dd75051719a24ae8d0e9c30da790999e22d9b587ef20321bee4c07d0a12494ffe599f47f96925f5d92517fc3e5f041d0c709f2a9783125eeca6652997201c429aa6f1ce2f07a0d4a0a18cf20b3e9a4f7663ea5262cad8f949411b05ff5c5edd7b30b217d75d8c86c94e5f92c16734374e8cead61b0b27bb4bf5f43a313c1dd5b83e0ea933b6cadfedd7a64aa5dd5b5d02c695ea20e091fdaa72ef4e7ca40f38395be8bf7a255c6d06a632d7d785d9e047f232aa50fa14529f986f9ef9d7b580a03965b0154788822a225bb5ab3438b89a5c28744ab0bc0b2014e5796acb4935a81b02a04632acb88caa7e39e069c7c8e1758291094a53e362fcedaaa583eca766efebf69b38e8cde9ce58e012c60ec88e8c42beadfa838cfe440fa0c01d659c9634576d7d7a2d3a044f99c6e4263d4c0b374a388a2acf38eff29c777e9daa60d598035a7d9edf67a502c3f573207b119cacac3fa71e2a0207c601cc0dd637ef562bacc35c57042738f1f55815a5268082cd6a508292fa29e34e9645d87a1a2b6e58adb7f4a57fbb53e9213ef3dc873f29396258a1ea546fb5952ce343cee9bbb90c1cda72c65a7c8e40312b328e231920c233077dca34d04f9d89daa9a2f43459165fd102ff5643c7175230b39ec7c3c475650ef131609d3220f5a294a403b1e1c42cfa162cd426f0ae43fd6b7ab547a62b7d5f847403c4e5987953877158cfdee23c04f751c7c86d078e824ca63b5e65543e978b6b0cc689ef664412b01b8ff165e7dbde3c099bf4f34ebddcb4c4: +0d81926f513db4b25dfa1e52b5dca678f828a61c7c913c828247c2eb0422b7d10f32411ef91d4e4b6941dfcaab142ef3bec160983993a5262ccf27fadd2af890:0f32411ef91d4e4b6941dfcaab142ef3bec160983993a5262ccf27fadd2af890:a93837522f7ec2e93a2e4b4c8b46de926a81ada2d248bcd33b39b6c95fb62a61dbbeda1aa85a21d9b96a08510d8d3a658cf320a10928695999d2c0d605c7f95a12f56a8718507db0f497e3ead613132ab092cbf19d2260358630358d9b26e68d50ddae37c8af0bb7d2741fd2929c21279a78d10e2c5f3c5bf4a42a3617036d54743647765afd8cd910f81b38ced72390630ee68944a37d29c2fecada1cc59ec544075bdbc14c63c6234b884049000c27c73406035604fca8760b49a5e2109ef91285adc4ec48c819d62d948faca90f62cfaef0b07d6fe576d762bfd0eef94cf6b5332c4d422511607f2facc7ac046a59b9617e8383d1029cc91ac592b52084413032be841baa9bf96251a6bda671d4cd4b125da658a4e5a50f4428eebf2614fb0ce5febe80f721a5f4c0325506d27a8d31e33d86253870dd63c08edc7302b280e9b9bdc28beef05c7dcb30d4c162e9be832e1c785e37551218421eec852c4298213b2f27f8f8c706d391b9c69a56db7ce5d81548fca5fed456f2d8afd0b75f79f85868316f4a0921f0c6639926516b3c3e52a9cb22554546ef70e14c77ecbdcd5c0d59a81769b30d5d131f2fb449c996b8de8ac7f8084f8499e1a56f7cd29db6aaefccae8a60e75616a1f702c3bc8deaa1004a8dae0392a59cee54810c6e940eee25fb2e5d573267044b893ffde378fe75ac2613373d84a0ca8187af4a3358e50a994ed03367de645e10390fea4c33bb1a6c0c39858b8db4a69fe894a4223d45af69b36c6117c4dc25de49a63017002ba9ae551ef9:e0cb6c71ebf8d705e50cad9f0b8cba3ecf4b9e3793400092aa5b121e7dbbc8bea71df29528ca9b47abf87c198a8dc4e14d5180ce932dd2114a3cdaa5552cc205a93837522f7ec2e93a2e4b4c8b46de926a81ada2d248bcd33b39b6c95fb62a61dbbeda1aa85a21d9b96a08510d8d3a658cf320a10928695999d2c0d605c7f95a12f56a8718507db0f497e3ead613132ab092cbf19d2260358630358d9b26e68d50ddae37c8af0bb7d2741fd2929c21279a78d10e2c5f3c5bf4a42a3617036d54743647765afd8cd910f81b38ced72390630ee68944a37d29c2fecada1cc59ec544075bdbc14c63c6234b884049000c27c73406035604fca8760b49a5e2109ef91285adc4ec48c819d62d948faca90f62cfaef0b07d6fe576d762bfd0eef94cf6b5332c4d422511607f2facc7ac046a59b9617e8383d1029cc91ac592b52084413032be841baa9bf96251a6bda671d4cd4b125da658a4e5a50f4428eebf2614fb0ce5febe80f721a5f4c0325506d27a8d31e33d86253870dd63c08edc7302b280e9b9bdc28beef05c7dcb30d4c162e9be832e1c785e37551218421eec852c4298213b2f27f8f8c706d391b9c69a56db7ce5d81548fca5fed456f2d8afd0b75f79f85868316f4a0921f0c6639926516b3c3e52a9cb22554546ef70e14c77ecbdcd5c0d59a81769b30d5d131f2fb449c996b8de8ac7f8084f8499e1a56f7cd29db6aaefccae8a60e75616a1f702c3bc8deaa1004a8dae0392a59cee54810c6e940eee25fb2e5d573267044b893ffde378fe75ac2613373d84a0ca8187af4a3358e50a994ed03367de645e10390fea4c33bb1a6c0c39858b8db4a69fe894a4223d45af69b36c6117c4dc25de49a63017002ba9ae551ef9: +6c8c53b56bbcb4c0a25dc40c18240b6a5c7576b89dde45ef13fb158ea17f8ed9238e51d6a44fa7ac64268801261ea35b62638a006cc452bddb9f16fc5803060c:238e51d6a44fa7ac64268801261ea35b62638a006cc452bddb9f16fc5803060c:b60df2944ba015759802d3c587bcfebe521a7e77b9985b761c9676454d24a664af0b0d44225a557512e1c1cd7dd8335c8f6adf928e18f89fd5eedf6f411dcdaf996912e8c3e23d1cb95eca4b9e24e7539c3b98bf3d07ec251392096c19ac5374dcba526132b6d9bb8f6c859ce985d584c7bba5b02a81034b6d8b521bd280e50d77daa2b2413ed679834f8161d5d0573bdd476ac3cd0a3a7d8db45334e89c00ab66bc368a07b423e246434636272aa4e4637a5306b2c3397992781f30238de79ec104acc7200defad960883d391443e70efbd22f1cfceec5112fe9e8e13bb941c083468dd71ffca976cd51ce161793110ef00aff5ee2ccb7706a512b85beb94ac49d19afb6333655cf3aea535a6f9c75e034841e763c5a249b4704e1be78b0ecac6802c343c1b7e7b5770de4c93a3a79c46e6835da8ae5db3838e1796b564a480a4f290b60a1c63a725ff3fef434d2a0b3d8931978742b525c83bae6794ae64193794b370c289ba35ed79d37072a8dcfcadb46d5ffaeeba1bfd4f87d766b504e62b4acdd77446e79ba994d6dbf4765ebd74b0365100da56162c36fe5a95077f6b4265e81796b4a57443782970b96cb4569ba985c55fe3a718380bca39f16624f8e47cc63c1b6fa1bde1aeba9c51f94b702b13108cc1481d42e6fa981e3ebfe064d2dca7420c74595792312ae3fb9101d4b66d9916dfd6c13ae883e661c628228be9794cf60345076db26184b617e272298cd4183f27bd52d40510bb015d2097d4cc76e76c0a62bbfdaf53c7268775bbfbdb8870eb9bab:4bf1e7d49cd4d5c3c1fd4a4bc48ff6b6e52fd9510a411812296996e4fec56be44514c567d1d33477bd5dc083c3958bd95bfe599c153f21ae26252967b7326003b60df2944ba015759802d3c587bcfebe521a7e77b9985b761c9676454d24a664af0b0d44225a557512e1c1cd7dd8335c8f6adf928e18f89fd5eedf6f411dcdaf996912e8c3e23d1cb95eca4b9e24e7539c3b98bf3d07ec251392096c19ac5374dcba526132b6d9bb8f6c859ce985d584c7bba5b02a81034b6d8b521bd280e50d77daa2b2413ed679834f8161d5d0573bdd476ac3cd0a3a7d8db45334e89c00ab66bc368a07b423e246434636272aa4e4637a5306b2c3397992781f30238de79ec104acc7200defad960883d391443e70efbd22f1cfceec5112fe9e8e13bb941c083468dd71ffca976cd51ce161793110ef00aff5ee2ccb7706a512b85beb94ac49d19afb6333655cf3aea535a6f9c75e034841e763c5a249b4704e1be78b0ecac6802c343c1b7e7b5770de4c93a3a79c46e6835da8ae5db3838e1796b564a480a4f290b60a1c63a725ff3fef434d2a0b3d8931978742b525c83bae6794ae64193794b370c289ba35ed79d37072a8dcfcadb46d5ffaeeba1bfd4f87d766b504e62b4acdd77446e79ba994d6dbf4765ebd74b0365100da56162c36fe5a95077f6b4265e81796b4a57443782970b96cb4569ba985c55fe3a718380bca39f16624f8e47cc63c1b6fa1bde1aeba9c51f94b702b13108cc1481d42e6fa981e3ebfe064d2dca7420c74595792312ae3fb9101d4b66d9916dfd6c13ae883e661c628228be9794cf60345076db26184b617e272298cd4183f27bd52d40510bb015d2097d4cc76e76c0a62bbfdaf53c7268775bbfbdb8870eb9bab: +69b320fbd4774030a29767a0cc1550d10b749b44d619d41dce1146f7ac80a755dc508a79c6b8ab866cd117a5a84dd9d931fda450bec29335344d0d219216d65e:dc508a79c6b8ab866cd117a5a84dd9d931fda450bec29335344d0d219216d65e:217e33f88622c96f8d092c9e26664fe9efc0d8d2eb59a036fa464cee65ce4489caf903dce17afafbc4f18dc9bbfd6c1a4be7b83485a6ca947defb1d35125d0773962a344a38b6dca9a40c31c1c4eb2d7f6818f978e573d66b990921b92b777471a4f6f05477ebc353ace1d86b00cc251777aaf6af3aa1179bff78df5048e5ef29968670e535483568d6bb16da829568f81c799b9afd4aad6ef085252c0ce3ac01ac21a9ea69bd58eadc66968f55dee386b653f3334efc398ef3c37a38ce93b21f107cc54dec26f53fee5604eb09a36afe6b665b6324a84c7da7b7dd01d9278e472f15a5ce9ff0fd93d0aa0604dd2df8d5bf6a912734ec51de77f0ce099ba11670210a6a206106b0ede2ded858a6bc411e7613e6f80e1aa52c323e30fa849951cc9b776e4cc58c90cfc8f442df64151a7fd4a3dd61a4336da21d03944635d3fd667be741ef45b1f7cb276d9f4de8107de64582f7917c6eab38e0a8890a4bee48bc92617a361cc7b1d25e089453ce0a52544f868dcb3249de761e79df63efa0794e3c4618c554753ee281c52ac8ad78d5338f0dac360a769381bb4a39f190b887b4723806ac4a4f2ff304bc6f9337ab54c866e6ba51df50c43eab52e2b39794c9917e0c31433f03681d2f1d93a0436018caaae20206a3458ad6c037acb511ef128f6dcd05305f07049a13b6c6c3c5b8170f158c8f12d46e160931ba18bd59ae129ec07a0655fa482ebbd3b850d36b832bbb775f538e3c1b3a43ecf94ca630ca15d502813eed3e35e8fd23d2ab638600427d1597cb29da2a5:697d4d897e0e2cc02bc1c2dda57f0dda620b37e861822bb7f1a701935e959ea0d8453f746fb92c087ed65d980eea1d6fdbf23e99b289aae0dcbb128ef836640a217e33f88622c96f8d092c9e26664fe9efc0d8d2eb59a036fa464cee65ce4489caf903dce17afafbc4f18dc9bbfd6c1a4be7b83485a6ca947defb1d35125d0773962a344a38b6dca9a40c31c1c4eb2d7f6818f978e573d66b990921b92b777471a4f6f05477ebc353ace1d86b00cc251777aaf6af3aa1179bff78df5048e5ef29968670e535483568d6bb16da829568f81c799b9afd4aad6ef085252c0ce3ac01ac21a9ea69bd58eadc66968f55dee386b653f3334efc398ef3c37a38ce93b21f107cc54dec26f53fee5604eb09a36afe6b665b6324a84c7da7b7dd01d9278e472f15a5ce9ff0fd93d0aa0604dd2df8d5bf6a912734ec51de77f0ce099ba11670210a6a206106b0ede2ded858a6bc411e7613e6f80e1aa52c323e30fa849951cc9b776e4cc58c90cfc8f442df64151a7fd4a3dd61a4336da21d03944635d3fd667be741ef45b1f7cb276d9f4de8107de64582f7917c6eab38e0a8890a4bee48bc92617a361cc7b1d25e089453ce0a52544f868dcb3249de761e79df63efa0794e3c4618c554753ee281c52ac8ad78d5338f0dac360a769381bb4a39f190b887b4723806ac4a4f2ff304bc6f9337ab54c866e6ba51df50c43eab52e2b39794c9917e0c31433f03681d2f1d93a0436018caaae20206a3458ad6c037acb511ef128f6dcd05305f07049a13b6c6c3c5b8170f158c8f12d46e160931ba18bd59ae129ec07a0655fa482ebbd3b850d36b832bbb775f538e3c1b3a43ecf94ca630ca15d502813eed3e35e8fd23d2ab638600427d1597cb29da2a5: +66da8b254a37067378f68138afedd66496596a0585524c716bde2b3124c3e7d185bde28a922ab5eeaa4a6294521a2ccac0ef2303dcdf8c7fee228fb4552012e7:85bde28a922ab5eeaa4a6294521a2ccac0ef2303dcdf8c7fee228fb4552012e7:3fae36638837d0edc8dcee517e43c488ed57fa6c9853a745aaedfb109ec1409fb8a2fe51d23e0dd9fbfd94f91c18e6114d808901bf617d2667ceebd205c5c66f5d7534fd2ec33dbfe580ad919f504204eaf242af8700b138cfbe0f372919c06b861a27d720d09df20f4fb7b748e718b0fc486dbdfcb694cb3f1420035ac1be55d31f30f997a043d04708a5c542ee37c0f7fe0b3211d18a87033dcb15c79e6681c4970593d32a13c48f0a3af8bfc136e0f9b56a123b86c4c640b650cb7dee9a89e82aeeee773b5cb032fca41c20c407328bfed29244e46055a83114614d3db56581604b115fba14f618e102a1e16cb036ea69df9275b977a0858118c91a34b9a8519bd0dac3b61434ea088f381ba08bc1583189a4a7c8b6ad18f732d74eff3acef4b6904df58c6469432151372df9327ae71a0f356c94468dcfc2e4a5c0e4ec0b166d90cd465f9260ebd6a7a62ce6c715bcc715be0c7e1f28c4456012d33177a7d4113c9a5a22acfaf2d6b63309078fc1b1baa8f36c7e866c1f972a6500a5eea79201651a7305208b6c93c492bc77cacbc99c9cded179e664a2f4e16938cc26fca8b433eb8012f7b3ad19ba1fb858fe4a00fb3d1f8fd0eddf0c37dcdb2e5d35c2546f22e8c0f8ce90e2df8abf24827a019b2c33fc590bbe712f019287002bc2217c0dc0931dc8ed8f50bb442f8b2de27857362ce5a9fd97f0fd1b2b9251cad2a4aca1a94de2e953902d7228142407443b1d517107648a7bab83074987d0978bc61d419bc84591c969c3d6f4e86fc4738737bc0558755c110a:4082a5bc730fb54b6bd0bcd2a044ed5d3d327dc19ceac8825e629b9e6423cb1c614236f097a6b73d473947cb81c4e270852ee5f13a5b03dc18e1c9c27a9a68023fae36638837d0edc8dcee517e43c488ed57fa6c9853a745aaedfb109ec1409fb8a2fe51d23e0dd9fbfd94f91c18e6114d808901bf617d2667ceebd205c5c66f5d7534fd2ec33dbfe580ad919f504204eaf242af8700b138cfbe0f372919c06b861a27d720d09df20f4fb7b748e718b0fc486dbdfcb694cb3f1420035ac1be55d31f30f997a043d04708a5c542ee37c0f7fe0b3211d18a87033dcb15c79e6681c4970593d32a13c48f0a3af8bfc136e0f9b56a123b86c4c640b650cb7dee9a89e82aeeee773b5cb032fca41c20c407328bfed29244e46055a83114614d3db56581604b115fba14f618e102a1e16cb036ea69df9275b977a0858118c91a34b9a8519bd0dac3b61434ea088f381ba08bc1583189a4a7c8b6ad18f732d74eff3acef4b6904df58c6469432151372df9327ae71a0f356c94468dcfc2e4a5c0e4ec0b166d90cd465f9260ebd6a7a62ce6c715bcc715be0c7e1f28c4456012d33177a7d4113c9a5a22acfaf2d6b63309078fc1b1baa8f36c7e866c1f972a6500a5eea79201651a7305208b6c93c492bc77cacbc99c9cded179e664a2f4e16938cc26fca8b433eb8012f7b3ad19ba1fb858fe4a00fb3d1f8fd0eddf0c37dcdb2e5d35c2546f22e8c0f8ce90e2df8abf24827a019b2c33fc590bbe712f019287002bc2217c0dc0931dc8ed8f50bb442f8b2de27857362ce5a9fd97f0fd1b2b9251cad2a4aca1a94de2e953902d7228142407443b1d517107648a7bab83074987d0978bc61d419bc84591c969c3d6f4e86fc4738737bc0558755c110a: +276548290f3e0f900515dc63366c03fe0fc6ee130c21fb60a4df9cf464797cda7e2a3578000a087edcc9e94fde509fc4be05ca0dd090df01ae1121123536f72a:7e2a3578000a087edcc9e94fde509fc4be05ca0dd090df01ae1121123536f72a:f0db442de29a7a1ded550d120002cc12abfff98b1f576d65bde16deaba687e4e0b0d5a8748d7503da2969c64d6a7c28d27b6c93ad257ce32ecdaee375f43fff97c432d453f7196c709c3bdfb7388d4d8eaf139f182940ce17b4552e2d20aed5557ba4d2acbf845730c0a66b45b40950baf6a946437af6c9e3b33a79e04dceae57c2a549542eabd216bf13948d41ffb9483fe29801fc8c1782840deeb3fb4da3192785bca13ed0a9eff57d6136bafbf9dec697b832447b2b6e730fa7f9995bac6b7832eaa09905ee49d465a5ee450f52d1a6d364c618144e886e8ef633dc79d0af893d16b3eeda0fefefd8759f2a0da1930170dd19eb78f0d7a7b74515403375a95bdbcce018bc1edb08d897bb798a95e7e86a52af3d9b8a4a14b0371d63498dcb2016248ebd0be800e9f21d549e5e0e7b4895ca5cb725a0cab27da8a8b1299be38a4260900ae10df5baba11ae2bab7179dd8453969429ccc4d416055f2bcb93c1cac6d7e804cf812df1462f22ee9e833a9769e8e677550402c4094df212fd2c5fcc09a72c7ce0077510073090d0e63db637d43d4c21f8619d34da5db08033f686ce8b8a0821222f95434ac4e6f703094edded6fb1b846e979650979d3c77453f40f7fee7c3e88a96fd1d702e81c2a4f3f3753c7964842dfd9d3958a743da063d1d648e51b210a28ed2487f14d5f1bc6f339b2dd17a661c39736da99e4a4f07360342d237e3813ea3998d66eb31a2d708af065c32b927f757c37a800660674e9717ba58f280eb2aa464fa74402108a5d5662e8d0feaf329687a:88a146261ad111c80fa4299577e710f6859cf0d1ca80e512a552c725b8384037eecf6465ce97585c9d660a41ab9104e5f7c9b2f8ec6fb21f1ddd50d65b9b660ef0db442de29a7a1ded550d120002cc12abfff98b1f576d65bde16deaba687e4e0b0d5a8748d7503da2969c64d6a7c28d27b6c93ad257ce32ecdaee375f43fff97c432d453f7196c709c3bdfb7388d4d8eaf139f182940ce17b4552e2d20aed5557ba4d2acbf845730c0a66b45b40950baf6a946437af6c9e3b33a79e04dceae57c2a549542eabd216bf13948d41ffb9483fe29801fc8c1782840deeb3fb4da3192785bca13ed0a9eff57d6136bafbf9dec697b832447b2b6e730fa7f9995bac6b7832eaa09905ee49d465a5ee450f52d1a6d364c618144e886e8ef633dc79d0af893d16b3eeda0fefefd8759f2a0da1930170dd19eb78f0d7a7b74515403375a95bdbcce018bc1edb08d897bb798a95e7e86a52af3d9b8a4a14b0371d63498dcb2016248ebd0be800e9f21d549e5e0e7b4895ca5cb725a0cab27da8a8b1299be38a4260900ae10df5baba11ae2bab7179dd8453969429ccc4d416055f2bcb93c1cac6d7e804cf812df1462f22ee9e833a9769e8e677550402c4094df212fd2c5fcc09a72c7ce0077510073090d0e63db637d43d4c21f8619d34da5db08033f686ce8b8a0821222f95434ac4e6f703094edded6fb1b846e979650979d3c77453f40f7fee7c3e88a96fd1d702e81c2a4f3f3753c7964842dfd9d3958a743da063d1d648e51b210a28ed2487f14d5f1bc6f339b2dd17a661c39736da99e4a4f07360342d237e3813ea3998d66eb31a2d708af065c32b927f757c37a800660674e9717ba58f280eb2aa464fa74402108a5d5662e8d0feaf329687a: +972c0616556ef22c214868fdd822c55739e1f96a93ae83512afda9ca7aa74cd29e1c6d4107f8ab8161c5db5b88a37ca1de9f4e291367abb1efc84f83f7076953:9e1c6d4107f8ab8161c5db5b88a37ca1de9f4e291367abb1efc84f83f7076953:8689e2f95c8fd50dc44664a18fb1a9f2c8f3ee73c0f9587ee28bfa35c9231c75bfd3d9534174e5ad3fa9f092f259942a0ff0ba2ca2cb59043d192ca8e3c8869bedd2354cbc5ac782d727c0b69407f68d1326df65a60c4d32f87f19a10f3d765ff923434f5511d134d397c4fef6bb1953abfce60827c359aa4b54f912aa8b17b83dcc7e3bcbc505ba046fe57c16dacf4ee2fad538bc06817c9b9d8dbc5f9d9bbf9f4a934f14a42c29e0e2f3a49f46b20ee76cfe20dea1e97450eb6a8fda048168dd827810207f005a3caa93ca11f4ee608a7a9355494313aec8d7075afc94c7cccc75c2319bb458c0ce373e9d007f753b33b52793d58496b2d25cd1dcd7832aac5ddb38f4db19c427219e1a0420ead47ba95ab6d89c65939041cc734c08eb6b476caf7fc76c598d947ff444b10770f62945ae65044f78098299e2626b638a7328d1b7daa5889e8db94bbff2ded62e14463760227c3f326ed493565ddf0a1761b8e4bb7d2410fa0fdbf35684397eefea95895889a0a9dffc5e02c092383b7ce74d2d90939916f26b71afd265f8bec74f0de247c9643905583df3cee23537d6b568c8338ce5fee42f7dd15dad5247f009acbfd5d769b6366959cd0ae150f58f7c80fa10d989ed90119372e5fea5da48a4e8ea9c727875dc4a2005b0dc2e3f697c0ce0a4bdb2f750c04fbc0c27d02dd8286e54c9c3959b6ffbdb1de2affe9e782651e5168a500afed037b3e1790ddd593851a6a6ccca9fffb4a99e27df43818871536ab04f14a06a1c7cb47bed6241ce7430ad3e640a726752fa06a9:54dd06fbb3d7c63f8cdaf783c2d7bac16b4c826e2d1b1807c84e049f64e271b21cfa3e37c344260287805d718806b62c56b47f6d5c508125c9fb5d5ea35fd5018689e2f95c8fd50dc44664a18fb1a9f2c8f3ee73c0f9587ee28bfa35c9231c75bfd3d9534174e5ad3fa9f092f259942a0ff0ba2ca2cb59043d192ca8e3c8869bedd2354cbc5ac782d727c0b69407f68d1326df65a60c4d32f87f19a10f3d765ff923434f5511d134d397c4fef6bb1953abfce60827c359aa4b54f912aa8b17b83dcc7e3bcbc505ba046fe57c16dacf4ee2fad538bc06817c9b9d8dbc5f9d9bbf9f4a934f14a42c29e0e2f3a49f46b20ee76cfe20dea1e97450eb6a8fda048168dd827810207f005a3caa93ca11f4ee608a7a9355494313aec8d7075afc94c7cccc75c2319bb458c0ce373e9d007f753b33b52793d58496b2d25cd1dcd7832aac5ddb38f4db19c427219e1a0420ead47ba95ab6d89c65939041cc734c08eb6b476caf7fc76c598d947ff444b10770f62945ae65044f78098299e2626b638a7328d1b7daa5889e8db94bbff2ded62e14463760227c3f326ed493565ddf0a1761b8e4bb7d2410fa0fdbf35684397eefea95895889a0a9dffc5e02c092383b7ce74d2d90939916f26b71afd265f8bec74f0de247c9643905583df3cee23537d6b568c8338ce5fee42f7dd15dad5247f009acbfd5d769b6366959cd0ae150f58f7c80fa10d989ed90119372e5fea5da48a4e8ea9c727875dc4a2005b0dc2e3f697c0ce0a4bdb2f750c04fbc0c27d02dd8286e54c9c3959b6ffbdb1de2affe9e782651e5168a500afed037b3e1790ddd593851a6a6ccca9fffb4a99e27df43818871536ab04f14a06a1c7cb47bed6241ce7430ad3e640a726752fa06a9: +e0405d37893e89f53811d6d446e1f193f51afa1bbba725f95eb48033424a250945104d595e443e8ce654de9d655054bf0a99d35613d77d57454ca2d1c899b517:45104d595e443e8ce654de9d655054bf0a99d35613d77d57454ca2d1c899b517:df58c4fd0702a20fafa3d1d4fe7d85938b120fc11e8d41b601f0e60e42236a49f126813bd512ee71359061e13eb314d417f56d6d560285fa8991213284c42bc2cef2dc937bdc0b5e9dc2269afab32db30e6849855951cfbc53ecfa01643863e0328995fe850c0db55421bfa564601b8c9db7552c7e6aa7adfa15a58021a84266e9595c65fca4a15fa70f55f5d212c9e277ffb830f4cad1861f3f495a9d672f5691310639c12dcd07e3ef17a23750bcb46b7ad7eac462eb512225f3be7e32f8f4987a11df341166062b43c63ab858a600497667fbb88e93c7e2e0aab41c09c023eb902ec3baf679e25b96e106921a914fd5de200a47889de23e7b65d0ccdf0c29036467a1210c0030309a2d04ec256d5a4d8b97d46a3e15f345b667170803cdacf6cb48add0a13462dd30fa062bd4566641da07d7f61e063686edd96bfe8f97b986b7c0e44249cd2d7317472999b8ee4ea80c902f3b188936712e89d8bf02ce8ae77b6b31abb0632065455ddd9f9d1cd953a4a49aac1a15169e687d4fd3f7c2edfb3aabc3b66155f7d315f8a294faddffdb4951367a0cb870759e85a838af66ba3fc103da2babc3f381696ef8882d85a8278d5fac3a72f16eb119ee9900b1fd986c2a9f94eed8e0d4f273697e4363a975ff6a7b80d5b4ec5355bf63b42b71cd4842401d38b5e00cc97bfda40e456653683bc8e6dade7dcf985a97b0b5776c4d72ca13a1474e4eb2eccfcd428786ddd0246d73a6377a79cb8da720e226c19489bd10cedde74b49fac2cfa207129c6a108aa164be9d809c4d31147360:77ddd491ca662ebffb12f7f492d7fbc1a1b447f6c85998f2f7cc9adce67de63b6eebd08117845a0302f7349714ba9db2af58048b85837d7660ec3debeee2d00fdf58c4fd0702a20fafa3d1d4fe7d85938b120fc11e8d41b601f0e60e42236a49f126813bd512ee71359061e13eb314d417f56d6d560285fa8991213284c42bc2cef2dc937bdc0b5e9dc2269afab32db30e6849855951cfbc53ecfa01643863e0328995fe850c0db55421bfa564601b8c9db7552c7e6aa7adfa15a58021a84266e9595c65fca4a15fa70f55f5d212c9e277ffb830f4cad1861f3f495a9d672f5691310639c12dcd07e3ef17a23750bcb46b7ad7eac462eb512225f3be7e32f8f4987a11df341166062b43c63ab858a600497667fbb88e93c7e2e0aab41c09c023eb902ec3baf679e25b96e106921a914fd5de200a47889de23e7b65d0ccdf0c29036467a1210c0030309a2d04ec256d5a4d8b97d46a3e15f345b667170803cdacf6cb48add0a13462dd30fa062bd4566641da07d7f61e063686edd96bfe8f97b986b7c0e44249cd2d7317472999b8ee4ea80c902f3b188936712e89d8bf02ce8ae77b6b31abb0632065455ddd9f9d1cd953a4a49aac1a15169e687d4fd3f7c2edfb3aabc3b66155f7d315f8a294faddffdb4951367a0cb870759e85a838af66ba3fc103da2babc3f381696ef8882d85a8278d5fac3a72f16eb119ee9900b1fd986c2a9f94eed8e0d4f273697e4363a975ff6a7b80d5b4ec5355bf63b42b71cd4842401d38b5e00cc97bfda40e456653683bc8e6dade7dcf985a97b0b5776c4d72ca13a1474e4eb2eccfcd428786ddd0246d73a6377a79cb8da720e226c19489bd10cedde74b49fac2cfa207129c6a108aa164be9d809c4d31147360: +5756e752dff69e3eed848e4a49c7a8baca12154f9431dec35626ef8d75a445145910ef00a5b354143c46561da62c41aa13d29c18dc6153bf8e502e0114007728:5910ef00a5b354143c46561da62c41aa13d29c18dc6153bf8e502e0114007728:eb2190a3219c792b6666b2752733ad9f86fc390155c4b438be196959383b25f3a749530d5a4b15ebe2c18d99178e6d45bb4aa2120f95a352e0406c63ac867248d9efba124231064873c82fe995dd031c7cbc7d15ec191fbb6c474dc4c777e8f457841eb4624841c152d15ede26e78479a6a25ffa335563f1064ef09558b910e2608418820f49554b670c6bab34d1d60984dea50ed6a375f45a74beadfb04bd9300bd594e2e20ea5d3052bb7ddc51a949a0047972682ebe66d38aac62927270de42150d58221d03b8ace3589933487bf23d29c5c2c843aefa2e1ca22f9d1680f80c766d143ce5ecef253a745cb71e72f6504ad911f7cb4a819cd074863a92706929a3142f8db7ac164102ac2ca0d2e19a725e1b5f81f443c73e0484f26a45a3aef84f1f3fa04a4ac695d2dab6efba456a281a3973cc186e680a66df521a4d1f9edf4dfb274a427097bf863281cfb0ed80f8d7676638d6cdac937843efbcfce91de1df6c52b594571b9315600e4b6552defb8437a807ba21298e3d972212ba314692917f40075311acd009395241b9f1b256c515735dc674f8e866d1eeb4c328548aee71231c4c9d5bd22e39de88d19fabf49f0b9869cbf835214b15522a93d3a5007b11f0b50e5228d4eebb4571b35da84f4f687e3f43793d54f3825b37a509ea564bdf217ff4adf6847bbea4316a1dbcc7448ecd5363eaabc128decf054ee1a0ee2d871979f8a63b2692b09f6e986a138e7f68f60aa426a1c9b01a4902e13b17bc8312410c28bed29b601b0fc9f3bc2d223f875251100f869c6b5844:8157d8334ded1a32699b350ac0d4120028cd8ef8189448934850e50ee4999d8fa2cd257646d92fba5d662a823e62208ab4fbe01714a848a0b90b55adcd246902eb2190a3219c792b6666b2752733ad9f86fc390155c4b438be196959383b25f3a749530d5a4b15ebe2c18d99178e6d45bb4aa2120f95a352e0406c63ac867248d9efba124231064873c82fe995dd031c7cbc7d15ec191fbb6c474dc4c777e8f457841eb4624841c152d15ede26e78479a6a25ffa335563f1064ef09558b910e2608418820f49554b670c6bab34d1d60984dea50ed6a375f45a74beadfb04bd9300bd594e2e20ea5d3052bb7ddc51a949a0047972682ebe66d38aac62927270de42150d58221d03b8ace3589933487bf23d29c5c2c843aefa2e1ca22f9d1680f80c766d143ce5ecef253a745cb71e72f6504ad911f7cb4a819cd074863a92706929a3142f8db7ac164102ac2ca0d2e19a725e1b5f81f443c73e0484f26a45a3aef84f1f3fa04a4ac695d2dab6efba456a281a3973cc186e680a66df521a4d1f9edf4dfb274a427097bf863281cfb0ed80f8d7676638d6cdac937843efbcfce91de1df6c52b594571b9315600e4b6552defb8437a807ba21298e3d972212ba314692917f40075311acd009395241b9f1b256c515735dc674f8e866d1eeb4c328548aee71231c4c9d5bd22e39de88d19fabf49f0b9869cbf835214b15522a93d3a5007b11f0b50e5228d4eebb4571b35da84f4f687e3f43793d54f3825b37a509ea564bdf217ff4adf6847bbea4316a1dbcc7448ecd5363eaabc128decf054ee1a0ee2d871979f8a63b2692b09f6e986a138e7f68f60aa426a1c9b01a4902e13b17bc8312410c28bed29b601b0fc9f3bc2d223f875251100f869c6b5844: +b904acb19e5cf872d3640cd18ddf3c0b6657e0117ce659dbf50259015d3fbf32e04a8aa56d1818483b10d0a7c919e1d5d8001e35510e1ec62f7114dbe81ae0be:e04a8aa56d1818483b10d0a7c919e1d5d8001e35510e1ec62f7114dbe81ae0be:83f4124d5af955139b1bc5441e97c5fac491b4ea911407e15420a0347ed7fa1f8819e36c8ed5740c99d4505a78b619d560749af50b0573510816d61322cda976a5d4ca3205f5f0e60e759a5df1a0bdf36dfe9717906ac57cbfc970ab43b6fa18e6c0006c84fc7254470a0b774727bf5f8e679423a531e41cb5310f9bcbf5a5445ebc39fbd909ce11e97bc2f66a4a1bb6c2f167f2c6e80eb9b8b72df3e8cfd4e51448dc14c0b837f2949693d1d054c8f95bff7f1e364567d034f2223e1594772a43dcfe0597fd6d133b3f2e96ffc5667dd5928f23ec3c750f845993a34e9776159a6830d6fd9013ee7aeaa1fccd69b96df284704fd08888b15b64e2e90d578c5cfc0f95693f6ab65c6947446a857c029c7ca66080b754c7734b78998abe9b7cc6efd09a4418194d88b34ec6c33af630db81de5b99fe65aac8b73362379119c700d107edfc19f270760468ee8e5f155d9a347e57b5930f327a8d11c6674ddd020f9e7d9b761dba5b83a87302f1833e5abd49526d66391e5bf0e35b4453d630bf7d0adbfe501aef81e6c5938f92cb752f5f14d2806f90ae1546051ccc7f913c5d6a38ff3b7b9a23662ef1f00808edb2fa31ecba5c8d3387e87541cd0616edbf3aaa35a537922861f44cbd9f992b8246d9c64c419881701ab43f7fd464210d802ba656d95c0f24a34599b20b1ec20011485cfcb3186b7bcf69d74581a7a3eed6134c4eecd65574a4320d9c57a849c4e78c8a5ce82505004a54f19d4bdc8223401b34946b7d66e47e63cf9d0f57d0945491384bc6868c4b478690e550021df1:9aaf8ac97140d5508d58f5ac82b7fd47e6b1f68a7c78a2ac06f0416ef8e991953f62c47fd5fbc6c1e01bae1c92a33ef52b7efa5f17bb8633bdc1aeebce318f0f83f4124d5af955139b1bc5441e97c5fac491b4ea911407e15420a0347ed7fa1f8819e36c8ed5740c99d4505a78b619d560749af50b0573510816d61322cda976a5d4ca3205f5f0e60e759a5df1a0bdf36dfe9717906ac57cbfc970ab43b6fa18e6c0006c84fc7254470a0b774727bf5f8e679423a531e41cb5310f9bcbf5a5445ebc39fbd909ce11e97bc2f66a4a1bb6c2f167f2c6e80eb9b8b72df3e8cfd4e51448dc14c0b837f2949693d1d054c8f95bff7f1e364567d034f2223e1594772a43dcfe0597fd6d133b3f2e96ffc5667dd5928f23ec3c750f845993a34e9776159a6830d6fd9013ee7aeaa1fccd69b96df284704fd08888b15b64e2e90d578c5cfc0f95693f6ab65c6947446a857c029c7ca66080b754c7734b78998abe9b7cc6efd09a4418194d88b34ec6c33af630db81de5b99fe65aac8b73362379119c700d107edfc19f270760468ee8e5f155d9a347e57b5930f327a8d11c6674ddd020f9e7d9b761dba5b83a87302f1833e5abd49526d66391e5bf0e35b4453d630bf7d0adbfe501aef81e6c5938f92cb752f5f14d2806f90ae1546051ccc7f913c5d6a38ff3b7b9a23662ef1f00808edb2fa31ecba5c8d3387e87541cd0616edbf3aaa35a537922861f44cbd9f992b8246d9c64c419881701ab43f7fd464210d802ba656d95c0f24a34599b20b1ec20011485cfcb3186b7bcf69d74581a7a3eed6134c4eecd65574a4320d9c57a849c4e78c8a5ce82505004a54f19d4bdc8223401b34946b7d66e47e63cf9d0f57d0945491384bc6868c4b478690e550021df1: +8a3501b76953603c9033e3bcbf3ec378d257011a6c50b89762d491eaa72c5e0d778f2019dcd8dbb86c6737cc8dc190c5a04c50b5bf4588bc29fa2a47af252672:778f2019dcd8dbb86c6737cc8dc190c5a04c50b5bf4588bc29fa2a47af252672:e609f1224a6a451140cbc0254d432ce5fddd08a8e912f81c412fdfd5182ff6ac2f13c576c8145b15f25b409d853f914409e4e02cefc39d9bef4a2a060498570b2d3a2838c9b0b8e3af4fc37e1915f804a80188585b30b68a3ffb2e960c7320e827d2fe36e6a328cc6e7806348adb0b773b784de529bb6f64751b2105859494fd49db0bc7f62df46b9d7ce676975cc5f43856498436812e04f26fb8b8ab7eba12f1d56722eb82ebfafa4735977a26681cb03fa4bc6951ab9cbdf787e3278f2f57f29e12095f8ca2a178cfa7571337f0274237669f97657d4badb39436d786492580fd55d86be3a0cd17d16057017baaaea00c1e14552159bcabc0e666bad3418e4ec13bfe163be256f0c89bc2344a8ddf99ca8160b189875ad322d90f581325281d5389965c0a7b7bcae2294a3cbe35a4e4e83b54c4276353960fad118532d49b7076f25ad190ab5694914f7108b0ab6969a19128fb0aef00e65a04fc832d07696167b9342b355ec57737ca37cbff3bb31931cb58712a4c468952c6459d567a26e79501e4e31b1b0953537632029e9b490f72e5a6e057ddb4b31756fd9704218b1b8f4dcb5430c025042f47169bfc7c80d71cab8ca07f340afa008abbe2e3a0abe141da8d41ca6bd69d36fdb11a41ce0b72fabc00d97ea605270010b259df8e10dd22dc17c13990a05f0233e3ca856b40971cb3e21c8b3950b13fc84e1f266c2a6fbece88d59725c3cfb2225dbc1ee95b686db704fc937b766f0a9bfe95a42b9010f1229c610d7ede095712c8f0f1fb0047c040a870306cd8dc74c4da51bf:a8a309ba52125e76a4a61eb43fd4135c41ab11799b91cc54ffc9c6a20f050cc595b28143c874bdb928beed261d9c0f12aa192e6640bfdad54ba0d478426bce09e609f1224a6a451140cbc0254d432ce5fddd08a8e912f81c412fdfd5182ff6ac2f13c576c8145b15f25b409d853f914409e4e02cefc39d9bef4a2a060498570b2d3a2838c9b0b8e3af4fc37e1915f804a80188585b30b68a3ffb2e960c7320e827d2fe36e6a328cc6e7806348adb0b773b784de529bb6f64751b2105859494fd49db0bc7f62df46b9d7ce676975cc5f43856498436812e04f26fb8b8ab7eba12f1d56722eb82ebfafa4735977a26681cb03fa4bc6951ab9cbdf787e3278f2f57f29e12095f8ca2a178cfa7571337f0274237669f97657d4badb39436d786492580fd55d86be3a0cd17d16057017baaaea00c1e14552159bcabc0e666bad3418e4ec13bfe163be256f0c89bc2344a8ddf99ca8160b189875ad322d90f581325281d5389965c0a7b7bcae2294a3cbe35a4e4e83b54c4276353960fad118532d49b7076f25ad190ab5694914f7108b0ab6969a19128fb0aef00e65a04fc832d07696167b9342b355ec57737ca37cbff3bb31931cb58712a4c468952c6459d567a26e79501e4e31b1b0953537632029e9b490f72e5a6e057ddb4b31756fd9704218b1b8f4dcb5430c025042f47169bfc7c80d71cab8ca07f340afa008abbe2e3a0abe141da8d41ca6bd69d36fdb11a41ce0b72fabc00d97ea605270010b259df8e10dd22dc17c13990a05f0233e3ca856b40971cb3e21c8b3950b13fc84e1f266c2a6fbece88d59725c3cfb2225dbc1ee95b686db704fc937b766f0a9bfe95a42b9010f1229c610d7ede095712c8f0f1fb0047c040a870306cd8dc74c4da51bf: +42b53652d08b5d766e66ad8f3ebf693cfd77907cadd98b5466df77dfa2c637ad88463bb8a4b6388d924cb86209834195435d79d77f8c02f46bbd16d82efe42b3:88463bb8a4b6388d924cb86209834195435d79d77f8c02f46bbd16d82efe42b3:9ee913c74ee3c5e8c90d64b8ae3a60049fc765e176060bcd1cd09f0eda60bf23badb8a1caac3d66ebc5268146ee4a54e1eb231ed25eff95b90a6e98337a540a3f48449794a4873bfc2e84728966bb7c6ff676a2ff57311c1c25e15fbf3d40e9f25ab5db91fddb7a0ae436c8ec070754b6d743aa1d6048fb5bd7f5b8e4ccad20328389530f11374a489b1d50531a39c9b32b40369626006d264a99eec4fac1341f4e74679457b418e6bbfba233f1ca158f7b29d40d50301f9d92536fdc5c23fe5dee4d6df0ebf13dfa3754a14c856009adea1dda409304c1f60d25330fb10957947a00508f2fd76422eac694cc39fa8ae7fcc77a02fd9ee5f910d93e8aac68f145dd878876ba8eda0a49fcb209c34ea220d4d0605546fc4a809baf010d533e45d17b0e16a46e91ea6fec2cdc5a8b3ec5014b25e92d8e5c928ab06993d4fe23ac8d45c890378dd133f00edb937c071f75cfc13a402e3e429a848652a175c9b6f6eac86f6188a4448a96ce2872e5f65f9bdb87166c9b87a7e958e80bb6566e3fcf871190cf4a867e612cfc1e4371d2b73d2a0ad0aa400ba69e66336233b0f3c52b8a68bca05125601255046e6f49d688d2db85c7b821270516e3c0613f3f23f9c57cb4c8714285cdf95e106a3b5afcaeb81b72f343e87bd92f1581dcf9aa90a024fa4a1048059e30de8ff0d16794dcd745d2b2d534c520f8278538674a934c6f14a8428e3da018a36e45aa5827cf4b15284346fd69363149219bb0d1bc927d8d193c482692f97dc88d8ed337d0c9dc99c7a5e111dced42250d580e20692bb7b88:30c4b99e68ec3351308fbc76d9caf0af6221b596b7017fe10cc633023ba97f023896fe322baa347660610e05fa493d218fa360f18d93e275d1eff666b63db2049ee913c74ee3c5e8c90d64b8ae3a60049fc765e176060bcd1cd09f0eda60bf23badb8a1caac3d66ebc5268146ee4a54e1eb231ed25eff95b90a6e98337a540a3f48449794a4873bfc2e84728966bb7c6ff676a2ff57311c1c25e15fbf3d40e9f25ab5db91fddb7a0ae436c8ec070754b6d743aa1d6048fb5bd7f5b8e4ccad20328389530f11374a489b1d50531a39c9b32b40369626006d264a99eec4fac1341f4e74679457b418e6bbfba233f1ca158f7b29d40d50301f9d92536fdc5c23fe5dee4d6df0ebf13dfa3754a14c856009adea1dda409304c1f60d25330fb10957947a00508f2fd76422eac694cc39fa8ae7fcc77a02fd9ee5f910d93e8aac68f145dd878876ba8eda0a49fcb209c34ea220d4d0605546fc4a809baf010d533e45d17b0e16a46e91ea6fec2cdc5a8b3ec5014b25e92d8e5c928ab06993d4fe23ac8d45c890378dd133f00edb937c071f75cfc13a402e3e429a848652a175c9b6f6eac86f6188a4448a96ce2872e5f65f9bdb87166c9b87a7e958e80bb6566e3fcf871190cf4a867e612cfc1e4371d2b73d2a0ad0aa400ba69e66336233b0f3c52b8a68bca05125601255046e6f49d688d2db85c7b821270516e3c0613f3f23f9c57cb4c8714285cdf95e106a3b5afcaeb81b72f343e87bd92f1581dcf9aa90a024fa4a1048059e30de8ff0d16794dcd745d2b2d534c520f8278538674a934c6f14a8428e3da018a36e45aa5827cf4b15284346fd69363149219bb0d1bc927d8d193c482692f97dc88d8ed337d0c9dc99c7a5e111dced42250d580e20692bb7b88: +14cfe00fa7190ae810888ae2bbd0ff6412cf1fd408a308294383a19453b590734e61afe8c174b6ee1a29fa09cf87b4008139f1070bc8531b6d06f54c9562a4f3:4e61afe8c174b6ee1a29fa09cf87b4008139f1070bc8531b6d06f54c9562a4f3:bc66f801daa829858e740293d4d2187b8e1a5afba5fd67b10956c65346aca94429d32e4cfb3584ab0e005d0dd742781d47e89447c4e1d81bf7e6154f8f73af03361ad56ea3c06000754b9f327d4edeacc4d348afb54823e1c9d49cd8ff2b19f42021b40d580c39ce3d243661b85421fec915ba9dd2762f850bd208fdbf20ffaba56a468660f17c00fb1c0f4e8527a509dd4eec13360cf6e3cac542b875182f2a7ce7be0a33302fe26d3629629384e35c06789de634e90e964fbda8cbba98111e22e8d0762684266aab76aeba4a380778696814a1e311943cb3505892640c44e3aac4530c50ac604a8d2ccc7ceabffea4aa3d7f48a66dcd7588b80209dbc173f0c663e8fc87a36e892ec9a3ff8f60d2e0d8704e5b6cbb873275151ad4cc0057165031905039651ca10a95c6fda3b27827a657ef9a5fc3eb5b53cac61ddaf5a41704c878570cbc3c41c475b117c05eab0bb196bcb7c43334debd64b9e37450d23f5c10161ec5ab4fccd7cf308e2a9995cc9e578b85e8285a5208b9efd42af9cf2ac2b3b7464254889a2187317e32499709b913953ad46f1c23e1b6b56f024c4a7d48461192c01c56c54c564791ec0a67b61acbf957e6d0d7da8053ed13a41893d767fc5737cd195553da5d5b07065f47d72a35c42b001eb6dbd0f8e77a4b76a6266192647f4155ea11bd1237ba77c87c62bf4b01149fc58bc28f0b5a286485d3717d323964046218e70c7e38b7d5e74ba6b12b022f18197d92c13bca89335c856cbc5756aa3b64ec1f46e396b1161c871cd2dfded1a4ec9192742937c0704531c7:f785a46f69bbd099fa011124ba9032c189742c9e001dbb8781d8223345a9569dc144ca694d90245e0e513e88ab023f7f0f99b7416159758dd034e7a89cff3600bc66f801daa829858e740293d4d2187b8e1a5afba5fd67b10956c65346aca94429d32e4cfb3584ab0e005d0dd742781d47e89447c4e1d81bf7e6154f8f73af03361ad56ea3c06000754b9f327d4edeacc4d348afb54823e1c9d49cd8ff2b19f42021b40d580c39ce3d243661b85421fec915ba9dd2762f850bd208fdbf20ffaba56a468660f17c00fb1c0f4e8527a509dd4eec13360cf6e3cac542b875182f2a7ce7be0a33302fe26d3629629384e35c06789de634e90e964fbda8cbba98111e22e8d0762684266aab76aeba4a380778696814a1e311943cb3505892640c44e3aac4530c50ac604a8d2ccc7ceabffea4aa3d7f48a66dcd7588b80209dbc173f0c663e8fc87a36e892ec9a3ff8f60d2e0d8704e5b6cbb873275151ad4cc0057165031905039651ca10a95c6fda3b27827a657ef9a5fc3eb5b53cac61ddaf5a41704c878570cbc3c41c475b117c05eab0bb196bcb7c43334debd64b9e37450d23f5c10161ec5ab4fccd7cf308e2a9995cc9e578b85e8285a5208b9efd42af9cf2ac2b3b7464254889a2187317e32499709b913953ad46f1c23e1b6b56f024c4a7d48461192c01c56c54c564791ec0a67b61acbf957e6d0d7da8053ed13a41893d767fc5737cd195553da5d5b07065f47d72a35c42b001eb6dbd0f8e77a4b76a6266192647f4155ea11bd1237ba77c87c62bf4b01149fc58bc28f0b5a286485d3717d323964046218e70c7e38b7d5e74ba6b12b022f18197d92c13bca89335c856cbc5756aa3b64ec1f46e396b1161c871cd2dfded1a4ec9192742937c0704531c7: +ac0f7f0418de67e348fa6d5686c46d21ca72622ee69eaabe00d5c9075a34f179feabde08f00a2b682bce9d45990bf45afc958339dc44106dad33b2c490ef7090:feabde08f00a2b682bce9d45990bf45afc958339dc44106dad33b2c490ef7090:e8d0e8325335e0f35a85467beed1e11c6a2078c35ae4a4a10543ede40c1712bc952012d2f8fec105aef7c6c65b3634b4a74b22b498b913507d1f6cfde83858e6830c0af4f464a6899d5c4e279aff36754c21da80a1bbd1dcf46220375b1e112a5a72f1ab6e8f641942f66d9bbdbb179cf0139ea8deb0f4b814f50c513329a1a0e267c4433a233182bc4a2acb2c6d4f00b24094d3bdc0eb81cf37d38260c2107dd9490613d276ee1f72266c6e4acca5249811a0f8a7dae66aedb75c3df4c8ca3cb5d9c567ba541ee5a9140c50587272af34530ab8b08b9ec032eac06039e692630e2d554df77c1a0388b3caaa3be3754a84961fb299e402227158ce363eac26478d479775e5685adbf828bb355e3c89cce241503c15366432ba94cd3cd95479144b636e0de70b3f16d1a3ca518e399009a4c247a7f96367c7146608aacc0014fc35b84af9933f09babb89937abb8ced111891343ddb79f60b78898ab5938f8ba3814bd8002605b1dfd297fa07c475a0d4f8f4451acd707de8af6c0e8818833a3abe5c96d1a8c6c96e2cb63328eba44dd1d34684e412f288e065209d11eb8094d22e4cc802629ccba33926bf1ad36a6285138abee05c5a39a475f3fdd0b3ec8c370cd957a8379ec2cdaf03e895c1ba12b449d6cd8be0f35d99e2b7fbaa92dd54e64e7c35ceb88a71a680527cb373afe14cdd158a0b90bf2daec80d2edbdc3128cd6b63fa532a1c278cdfe0f8ebb4abba5e1a82bc5c3fed15c5795bd9ffb576082cc479fa1b04c5c5afcad269a0f1addfe76042c3a8f1f25377b6cb72ec1614eb6383:7591cf8257bead39a1ad3ba1918d518e6724356bf625a573eae501d1af946c13c290cb63156ec9d362726ee50b39fc0a7a2bbd69d4a81b75932a90f8c7ac7d03e8d0e8325335e0f35a85467beed1e11c6a2078c35ae4a4a10543ede40c1712bc952012d2f8fec105aef7c6c65b3634b4a74b22b498b913507d1f6cfde83858e6830c0af4f464a6899d5c4e279aff36754c21da80a1bbd1dcf46220375b1e112a5a72f1ab6e8f641942f66d9bbdbb179cf0139ea8deb0f4b814f50c513329a1a0e267c4433a233182bc4a2acb2c6d4f00b24094d3bdc0eb81cf37d38260c2107dd9490613d276ee1f72266c6e4acca5249811a0f8a7dae66aedb75c3df4c8ca3cb5d9c567ba541ee5a9140c50587272af34530ab8b08b9ec032eac06039e692630e2d554df77c1a0388b3caaa3be3754a84961fb299e402227158ce363eac26478d479775e5685adbf828bb355e3c89cce241503c15366432ba94cd3cd95479144b636e0de70b3f16d1a3ca518e399009a4c247a7f96367c7146608aacc0014fc35b84af9933f09babb89937abb8ced111891343ddb79f60b78898ab5938f8ba3814bd8002605b1dfd297fa07c475a0d4f8f4451acd707de8af6c0e8818833a3abe5c96d1a8c6c96e2cb63328eba44dd1d34684e412f288e065209d11eb8094d22e4cc802629ccba33926bf1ad36a6285138abee05c5a39a475f3fdd0b3ec8c370cd957a8379ec2cdaf03e895c1ba12b449d6cd8be0f35d99e2b7fbaa92dd54e64e7c35ceb88a71a680527cb373afe14cdd158a0b90bf2daec80d2edbdc3128cd6b63fa532a1c278cdfe0f8ebb4abba5e1a82bc5c3fed15c5795bd9ffb576082cc479fa1b04c5c5afcad269a0f1addfe76042c3a8f1f25377b6cb72ec1614eb6383: +b5a7c767936380b3e98751cafd3ea89b388a32cf828b321c5bd0cc8dd85baf00be7fa65f1f6be51027f8b848db7a8c404961bf1e21a23df23bb8ce05850cdaa1:be7fa65f1f6be51027f8b848db7a8c404961bf1e21a23df23bb8ce05850cdaa1:6b67c795d66fac7bac8442a6c0992cb5758843b3e3939e3c276c6e9008da82007677bf9e67e9ac5a1a0f486beac0d856191fae25a127392bed469bc78deb0c4b893f67f1716d83509077e4a1bfd4136d03152dcc3b76d9524940a6064c669fbf51f6b91034b6d5f2898678a13a2470f6641ec802457c0102c3ebf6345c327e741b80644b3a99bf72b59ab8016f35d25188a085750dc060e5a8d524ae213f078f288c7b34bc41f3ce356bf2dafdd2e0db4fb8d7c2c319f9906005971702e49ca62e8050540d4121d242f2eeab1bd134e60bf11b3ec71f7765a97c0e098455e59d2235d6b37e7c9f5b21fa112c3ba39e4ea200614f58dfb3eb7b836f0bec1ddd438d1422450ae7ded1df9d71e5d9bc8fa3b6e6f78446ce7c79d0bcfb1c2d26c6fece68682dffc60a9c6e0ad05f2a09f21d7523251cb0c3d08efbbf8ac16339d717024d676024c1ee3c1f62c5aeab7fff937c57454df7bd96f9844a2a399958418aaa6f1848bebf7bf1292c24eb5cd8ea56340c5beb2688024a6953275be6efd1b71ba8be6eb77f0c65a7c5111b96c4c1f39cb7aaf83fdaae8d148d7a8af40ae9e651919f7ce28c8b2b6e45e4d3d56fdd54d00c2412790cbd6f80e10819e0b8f37c84fa004988adafccbbc21c63d6bf2e732d9dd63bd49b0412b9674e1e88f6142f7f867f1f26891b22430423cec4db91b61c2abc5c8fbd46b8b93596fc5160683136e21129822796eb5ea088e0a7d8121b25572e3ec37743d1ff6d8d1c3536439a10e84a665f2c75ee73cdc6ffac4cc28724469f7970b47507df3e1b14d477aec2bb20:60e4d23f1f08fce466c9915dded93256b52b327e5f81fbb31d1d10d321c390366ef001fd759aa9d0a55162d5364d918b48c7327e77cf5358bc4319e325cdd6086b67c795d66fac7bac8442a6c0992cb5758843b3e3939e3c276c6e9008da82007677bf9e67e9ac5a1a0f486beac0d856191fae25a127392bed469bc78deb0c4b893f67f1716d83509077e4a1bfd4136d03152dcc3b76d9524940a6064c669fbf51f6b91034b6d5f2898678a13a2470f6641ec802457c0102c3ebf6345c327e741b80644b3a99bf72b59ab8016f35d25188a085750dc060e5a8d524ae213f078f288c7b34bc41f3ce356bf2dafdd2e0db4fb8d7c2c319f9906005971702e49ca62e8050540d4121d242f2eeab1bd134e60bf11b3ec71f7765a97c0e098455e59d2235d6b37e7c9f5b21fa112c3ba39e4ea200614f58dfb3eb7b836f0bec1ddd438d1422450ae7ded1df9d71e5d9bc8fa3b6e6f78446ce7c79d0bcfb1c2d26c6fece68682dffc60a9c6e0ad05f2a09f21d7523251cb0c3d08efbbf8ac16339d717024d676024c1ee3c1f62c5aeab7fff937c57454df7bd96f9844a2a399958418aaa6f1848bebf7bf1292c24eb5cd8ea56340c5beb2688024a6953275be6efd1b71ba8be6eb77f0c65a7c5111b96c4c1f39cb7aaf83fdaae8d148d7a8af40ae9e651919f7ce28c8b2b6e45e4d3d56fdd54d00c2412790cbd6f80e10819e0b8f37c84fa004988adafccbbc21c63d6bf2e732d9dd63bd49b0412b9674e1e88f6142f7f867f1f26891b22430423cec4db91b61c2abc5c8fbd46b8b93596fc5160683136e21129822796eb5ea088e0a7d8121b25572e3ec37743d1ff6d8d1c3536439a10e84a665f2c75ee73cdc6ffac4cc28724469f7970b47507df3e1b14d477aec2bb20: +e136f398a605d13457848cead07c7286f42e2f28df8c128a3d0bb72b29aacc196aa5045a66f772a571fe3e42d117efcdf6c49591996186012fa98f7c48e0cda7:6aa5045a66f772a571fe3e42d117efcdf6c49591996186012fa98f7c48e0cda7:d328579de4c5372f3b382c48011b2d4c6029f904f3a33e07d083d7e2b03756af2c4c97a2d66c10ec4154d874792042b646e4aae5101d501bd1bf6f511751d0aaf821cd7c0b3ee6d0d7c690a2777fe16bdc7e49b7da4bbb4cce3b618ee9b6f2e3a19240cdb70733b984b1c940ec66960b728cbb874b80643123722db9dbbe88322008931b1c894ef5d21099e63e7c65007acd61784db4994a2fb40c3efe9c47fad63763dde06fa017a26b82e71b9daabc4ff0f6c79b8ca7ccb4dc2031bef1087367c7086974a00566de41a71e11d993abe433569892b8f75d7637993245c884478abe3f95f44b0a4bbedefef8906b75e0d34020ae536455b0e06f9bfee11ec9b8604bac2cc6ebe08c8fd5f5cccccbc1617b7cf69a3c512e1f0bdb585df5e12743061f7c2053bc37144361c0b35fd39d56b1efaf92c610360193ec20598b82858050a6d99e082bcefdbd5318ee5efb3b260f3276f3c73f9c24ce0cda33c7acc50ca5dd61bdb85d793825f6732a6e330ce672ac44fe6b2b9afe6e2e965c02d2a1fe0b57cb1b317c1d313efdc356492fe896fd149dae51c95ccdbb7d11f7d610e0c6e2fd3e57fcfef1c57c7119a0af6c7821fecdb89d80302b49fad41743f3d2d7a075154b3143e51aeb947d4b5e8b7e4ca86fec3e80bd9a786e4e46ed1e6e9f7e0b635266d9fa097aa9e20f32e3d2772d7c1f008bcdd3f92c7283c57790c3622cbad3ca35803c45c869dc377ff36bd7c0e6f1bb892f7329a6e08df1dbebc81dc7b115f852e36ae5d928725fa7c6fb9f28b0fb394f9e38fd87625c5fa23aaba47054e8cfea:75a45c6b9566899829b41ee517b7045a473a4f7a2641439b5d7c5673e00d8f5c066f1291f85deada0502bd16e9709f827d4751f2873862e8219e57746a19a900d328579de4c5372f3b382c48011b2d4c6029f904f3a33e07d083d7e2b03756af2c4c97a2d66c10ec4154d874792042b646e4aae5101d501bd1bf6f511751d0aaf821cd7c0b3ee6d0d7c690a2777fe16bdc7e49b7da4bbb4cce3b618ee9b6f2e3a19240cdb70733b984b1c940ec66960b728cbb874b80643123722db9dbbe88322008931b1c894ef5d21099e63e7c65007acd61784db4994a2fb40c3efe9c47fad63763dde06fa017a26b82e71b9daabc4ff0f6c79b8ca7ccb4dc2031bef1087367c7086974a00566de41a71e11d993abe433569892b8f75d7637993245c884478abe3f95f44b0a4bbedefef8906b75e0d34020ae536455b0e06f9bfee11ec9b8604bac2cc6ebe08c8fd5f5cccccbc1617b7cf69a3c512e1f0bdb585df5e12743061f7c2053bc37144361c0b35fd39d56b1efaf92c610360193ec20598b82858050a6d99e082bcefdbd5318ee5efb3b260f3276f3c73f9c24ce0cda33c7acc50ca5dd61bdb85d793825f6732a6e330ce672ac44fe6b2b9afe6e2e965c02d2a1fe0b57cb1b317c1d313efdc356492fe896fd149dae51c95ccdbb7d11f7d610e0c6e2fd3e57fcfef1c57c7119a0af6c7821fecdb89d80302b49fad41743f3d2d7a075154b3143e51aeb947d4b5e8b7e4ca86fec3e80bd9a786e4e46ed1e6e9f7e0b635266d9fa097aa9e20f32e3d2772d7c1f008bcdd3f92c7283c57790c3622cbad3ca35803c45c869dc377ff36bd7c0e6f1bb892f7329a6e08df1dbebc81dc7b115f852e36ae5d928725fa7c6fb9f28b0fb394f9e38fd87625c5fa23aaba47054e8cfea: +97b6702e246805dbcfc7fa424a8caabcf262d466a05e0dd2d4e7c374d57d5251a716c3d5ce78f4d9c5bee3447ddaf4881c986efdf667ac8977b4fb69b5a7110a:a716c3d5ce78f4d9c5bee3447ddaf4881c986efdf667ac8977b4fb69b5a7110a:eaa86cf76fcb65c6f9fc208ac36f28b200d3b403aca73207461d8d96afa246d7c69d17a7a9bf77f05543563a7d3eca1d4079e22938aba1f6e9e04b49fbc8ed6f63b599730de9979831c02f8cba61e55560d7110d4c6e61679706a7155d5a673c54d16fe4d228c2eca7546faa1339f26d7a0bb4ee339611afdec9a68f5ff5b5d203b600533ad5a3b368c85da11563f098cc26871e7fa99aefd38cc26151db3b0bae38db6a87b6789e5840b10884af511f3ecb3ecbf94ff86fdb905505a8c34b2aa61ff2ec9ec8febd1dfed0965b6fc5b9f8869dc3a47559974a8822996706daefbc6c5bf984ce06b0d32b31cf9d8ad136aed4b052586dce7073b767b234e4a37bebbc393dd2e0f7d155173548c38a1583ef94e0aa84e7fce04fcc9b4e300ad099449a49232abdcf3d1a6e6fcab696f5996f9bd1b9485d074755ac5b4297fee3124c7c03976a40d570beaec2fac992339f885f74d40ed4ac87a4f40cefbc4864f44c3683aa8f1026e2c37aeffcebfdfe24dd0b019c36a79888203004b2ad83e89221f3f636f455bb64e17d1754c7c6dd7fc09a0d65dddded4622fc4f9fba072b45103435e10220a586f15226d2eb377f4064d3ff37cbb4705a1faaf5b348f8c0ef7fd1564d428688f58f3392967cf396a8ff2fd9e7b517b7d6a5ede7440373d8cc1a839900e84d42254283d9699c7ca37e477692a3494008b80444c5cf614cbbc169bfb9296303c645e2ce28d168dc6cbaefae9c73191f57151aa473009d29e1800b10f4c498609ba11520985c78092058696fdbca9c020e2dfb8a043a3de8e452d58cd1ad:90005541dcc1d7ab837f4de5393fadd6a92b26a7d93af3f669e0f1bfd621cbd00c8a23056d2da6786557c828a49be1e4021d99311235ac0d4d56eefc7c953605eaa86cf76fcb65c6f9fc208ac36f28b200d3b403aca73207461d8d96afa246d7c69d17a7a9bf77f05543563a7d3eca1d4079e22938aba1f6e9e04b49fbc8ed6f63b599730de9979831c02f8cba61e55560d7110d4c6e61679706a7155d5a673c54d16fe4d228c2eca7546faa1339f26d7a0bb4ee339611afdec9a68f5ff5b5d203b600533ad5a3b368c85da11563f098cc26871e7fa99aefd38cc26151db3b0bae38db6a87b6789e5840b10884af511f3ecb3ecbf94ff86fdb905505a8c34b2aa61ff2ec9ec8febd1dfed0965b6fc5b9f8869dc3a47559974a8822996706daefbc6c5bf984ce06b0d32b31cf9d8ad136aed4b052586dce7073b767b234e4a37bebbc393dd2e0f7d155173548c38a1583ef94e0aa84e7fce04fcc9b4e300ad099449a49232abdcf3d1a6e6fcab696f5996f9bd1b9485d074755ac5b4297fee3124c7c03976a40d570beaec2fac992339f885f74d40ed4ac87a4f40cefbc4864f44c3683aa8f1026e2c37aeffcebfdfe24dd0b019c36a79888203004b2ad83e89221f3f636f455bb64e17d1754c7c6dd7fc09a0d65dddded4622fc4f9fba072b45103435e10220a586f15226d2eb377f4064d3ff37cbb4705a1faaf5b348f8c0ef7fd1564d428688f58f3392967cf396a8ff2fd9e7b517b7d6a5ede7440373d8cc1a839900e84d42254283d9699c7ca37e477692a3494008b80444c5cf614cbbc169bfb9296303c645e2ce28d168dc6cbaefae9c73191f57151aa473009d29e1800b10f4c498609ba11520985c78092058696fdbca9c020e2dfb8a043a3de8e452d58cd1ad: +d1528c1406a6e494a02f635305fa74d745c69327fd31b7d2c2623de2c030ed850cfe369cf93daf6d53ef028ddb9f000443b0972fe2532f83a41ce657c1836ca3:0cfe369cf93daf6d53ef028ddb9f000443b0972fe2532f83a41ce657c1836ca3:abb3673f3fa17a33a7aff76eac54e7687c04bc84f766651a8b24ba22947908b04ca459feb98ace7cab1e7433a6a6beffd8d9504e2991daa0644d61b8b2e45448f54df8813f50c418b48f49e1034e851cbec3ef0a1850ef726733afaf68e1a461041651c138d54e4ef78187af9a7342f7128727f903bf4fc5ef3e40c64ec26f892f59add98fe394765aaa7d09cae81b9f699a9dd8bf2e2fe8e1ec78fc884eaa0d2dbdbfb8c168833ee0d21803cc35dc628d7c07e04404fb60e8c490a8dd34edbcbaaf80ccdae3f7d3739e0e897023eeb5b1a8c00a9673c59258240ddd4420650fe5771f7e28cb2399f5e1e02ad0b6432d9b49608fcf0b1c0d7c412a445255b8badc5321c24c1ac92c79a0baccb9deffed02d12f5536cd595dc66083b33a3603a9d16ecea2bf38c4f2aaf570f30d21162b2efd7e4d5ebf1ecae9588eee36dd9d3d8e3be7bc6d4bc2185622f11d1da7c49c93e623ac56fee7e3706db8313cf926be92e5c8a539fd16b0f438da8e51a51f2d27640356124ef7be2f91ffa1796a91b12301934ddef0c7938a7a45f36f53b6322d9c8f9d275e1cd2c0f129f8ab8d74155b5d9e5c15c015b0b00003b2bddfa0bcfcc693a1dfcb4f53daec126d1669f33f39ad05519ef7c5ce40e6f4573c247a32c4a0162831352f6d558ff5836a5317dbc4515b3df269a8ac76d6436f264b64561e7968b5822108487b045c92d6c6142a1c2855b38beebd642565123cc827cb1831199e6f12a7e4236856b94dad738f69d1106e7735d711f7c6a3a3378041fc7a21103bbf866907d4edddafa0e7f1bb5ffd41a60d64:b8399bc3326cba0a93a42497168bf57f9106ee43d39bf0fc86685199dc6e0a13b9c724ef17e7882af8c2eb70f6c9e42dfa2fbf0c1cb5002b58f1086619733e02abb3673f3fa17a33a7aff76eac54e7687c04bc84f766651a8b24ba22947908b04ca459feb98ace7cab1e7433a6a6beffd8d9504e2991daa0644d61b8b2e45448f54df8813f50c418b48f49e1034e851cbec3ef0a1850ef726733afaf68e1a461041651c138d54e4ef78187af9a7342f7128727f903bf4fc5ef3e40c64ec26f892f59add98fe394765aaa7d09cae81b9f699a9dd8bf2e2fe8e1ec78fc884eaa0d2dbdbfb8c168833ee0d21803cc35dc628d7c07e04404fb60e8c490a8dd34edbcbaaf80ccdae3f7d3739e0e897023eeb5b1a8c00a9673c59258240ddd4420650fe5771f7e28cb2399f5e1e02ad0b6432d9b49608fcf0b1c0d7c412a445255b8badc5321c24c1ac92c79a0baccb9deffed02d12f5536cd595dc66083b33a3603a9d16ecea2bf38c4f2aaf570f30d21162b2efd7e4d5ebf1ecae9588eee36dd9d3d8e3be7bc6d4bc2185622f11d1da7c49c93e623ac56fee7e3706db8313cf926be92e5c8a539fd16b0f438da8e51a51f2d27640356124ef7be2f91ffa1796a91b12301934ddef0c7938a7a45f36f53b6322d9c8f9d275e1cd2c0f129f8ab8d74155b5d9e5c15c015b0b00003b2bddfa0bcfcc693a1dfcb4f53daec126d1669f33f39ad05519ef7c5ce40e6f4573c247a32c4a0162831352f6d558ff5836a5317dbc4515b3df269a8ac76d6436f264b64561e7968b5822108487b045c92d6c6142a1c2855b38beebd642565123cc827cb1831199e6f12a7e4236856b94dad738f69d1106e7735d711f7c6a3a3378041fc7a21103bbf866907d4edddafa0e7f1bb5ffd41a60d64: +512340f961f142d1915e85fe4fa0f551f80892e75accce7cd1869e6e2c9e80150ca02604fa87e2c20506251f0792cd2125856f0ab16d663f2811963b1f2d8172:0ca02604fa87e2c20506251f0792cd2125856f0ab16d663f2811963b1f2d8172:af37b2c7587a8d5bc895cd357746ab03552a0a561a293dc7164e39b6a1333a920bb6daca6006676e99bb7e928f9ea391e54802a8d31596289fb9bfe30000cf52ebf0c124a5895bce3398c1bf5356be82619b8ddc15a77ca922494bdb04f5c2e1b6e8ff77ae749faf2b8a41d822c17c06dfb7a5f9434d8bd715ec8778e80b81d2e8d06298748690c6555283c98bb9b19b9246667bc41046ff98c2c35d161e1f4d69d254ec5a076f25bd5c7e2c98ca3c09d80833962cf9660287884096eb30c46c54174106af4e2979a112f3e8944eaaf7669c40d5afb91a024abbeb14664e308903e4d26d7009446ee2e830ab5eca0dbbc513fb4e04351df2f6741864fb2371b2502be43dc15fc04431fff5eb8d4b68d72462ae322e57ba2d4adddf15a1902c2113aebd3b5d612917c1bb73e708ad5418e7d45e4b7280fc8896ab80853ff5f8e98f26553fc78e30b3b0d727bf6d064a8f32888768c51ebb61b2c600b4028a77060febbb02eb3d201780e74566c86a34031836bce9eada81e5d0f33960cb2df08aff3c974921fc9b7d3aa7c81e9c671ed6d33e7ae5ed03a5417d7e5cd6faac91b54b8f792f48283c60647de3da816ca9756c5bfe1bb8b5979e575401bda34e9cbc4d77e711d6b73b82da19da473b55e8e72d341b2d8503e48609be0fe291444c283669e5deadeaf52aa8ec48da83f5328cc099fb41f82becdd58d04b1d66203d737bed06cf21c97819ac13ed711ca217a57cf7d80ff082aa1a1cf8fea555cd2e47e4ddab5e3f9941ad4f775f49419dcadb5b004b68caf45b27ef49ba14fb52b09f1b185be9f9c7:6bb4d975afaef41ea9ef085a68c568a05da37ef21dad464ed86ac0d4080e7d0129fb023131eca5f7adb2586a18be40562fa2764ca807e670a0596a5c547bc001af37b2c7587a8d5bc895cd357746ab03552a0a561a293dc7164e39b6a1333a920bb6daca6006676e99bb7e928f9ea391e54802a8d31596289fb9bfe30000cf52ebf0c124a5895bce3398c1bf5356be82619b8ddc15a77ca922494bdb04f5c2e1b6e8ff77ae749faf2b8a41d822c17c06dfb7a5f9434d8bd715ec8778e80b81d2e8d06298748690c6555283c98bb9b19b9246667bc41046ff98c2c35d161e1f4d69d254ec5a076f25bd5c7e2c98ca3c09d80833962cf9660287884096eb30c46c54174106af4e2979a112f3e8944eaaf7669c40d5afb91a024abbeb14664e308903e4d26d7009446ee2e830ab5eca0dbbc513fb4e04351df2f6741864fb2371b2502be43dc15fc04431fff5eb8d4b68d72462ae322e57ba2d4adddf15a1902c2113aebd3b5d612917c1bb73e708ad5418e7d45e4b7280fc8896ab80853ff5f8e98f26553fc78e30b3b0d727bf6d064a8f32888768c51ebb61b2c600b4028a77060febbb02eb3d201780e74566c86a34031836bce9eada81e5d0f33960cb2df08aff3c974921fc9b7d3aa7c81e9c671ed6d33e7ae5ed03a5417d7e5cd6faac91b54b8f792f48283c60647de3da816ca9756c5bfe1bb8b5979e575401bda34e9cbc4d77e711d6b73b82da19da473b55e8e72d341b2d8503e48609be0fe291444c283669e5deadeaf52aa8ec48da83f5328cc099fb41f82becdd58d04b1d66203d737bed06cf21c97819ac13ed711ca217a57cf7d80ff082aa1a1cf8fea555cd2e47e4ddab5e3f9941ad4f775f49419dcadb5b004b68caf45b27ef49ba14fb52b09f1b185be9f9c7: +b1b636e957574c21a957a45bd195c6f9fe4cc1c57e84134d39b42e1a84329edb95e77b15dda47caf69b72888dd69961bacbec3bc75353003e8bff0a43ddf4b7a:95e77b15dda47caf69b72888dd69961bacbec3bc75353003e8bff0a43ddf4b7a:e25d329cad8364d2dec24373e92d9d50fc7abe8fdc3d0b4ee57e1cfa5b7cd58c23be918f05179ba841b61e180034ca7e74d49b0a1a2cebb4be65344c913c46d32652336e6bda4efa3f58730d39a633a14ca3d9a62abb0a7398cc29aff916eeea2e7caac80845562f73d4030f9cab0bf1c6407f5401513ef87fe6dc099dbc5dfc3352911c07af6c523bef4cca78379659e8803f585904ee6ef6fde77366d96d2ccf248a5320d9b8298b2a73363879107a02b47f57213a85203abbca5a4195f8af3e3593ed2fa3504bb76a3e1be24b66d355662932cb67dc88503afaf762bff741ba1cace97ac58bafad5d36c3aa02e0cbe20e5f3dc8092c512eaa9c4943474aad41990076721ad3f53fb08ac22982ed9b15c751a9e23382f6a69c72e6e244e0eb681e6dd228d3774fccb37eb6232f825d169a2ac8b7e18a42cdaa4f2cf05890bb0c598cf8c31f829ef8ca2435bdcceb0e6193ada7841ee692f30aedf88b627311b138ac78b3913e06f7c321cafb39d901dfe17430b1a20bc437a555a578fa31e4b6807954456bd4b04d5d887987bdf04e0f14af3141b24c3a7b9ac75aa32e2fcd2171a12609e15e73094fd09221b4d27090e73219b648bcaabf3807c9280b6c4ad750a468be0e1ad3e6e63016cb5cec3aaddc5689c2955a2a8d5b8984d7c44376fdd94d3f5ff1298f78172b565913704e90e5ac038cb1720e19b080f81b53d6a45d4528530711b63dfe1e4781c24d74aeb2bd8a73fd2a993c5b0891392196ac32c523699960d8b23e01664cf9021d93928050caf97fb985554580e33336a4563247df59ef6cae53:763c7d0d46878e5c7ecf7104fc1f2230e46178a27c75f196169c0279edb01c28fcde3b0d5b8635cfe339fb232774b2206dab8a460ce417abf490bbfa785c0205e25d329cad8364d2dec24373e92d9d50fc7abe8fdc3d0b4ee57e1cfa5b7cd58c23be918f05179ba841b61e180034ca7e74d49b0a1a2cebb4be65344c913c46d32652336e6bda4efa3f58730d39a633a14ca3d9a62abb0a7398cc29aff916eeea2e7caac80845562f73d4030f9cab0bf1c6407f5401513ef87fe6dc099dbc5dfc3352911c07af6c523bef4cca78379659e8803f585904ee6ef6fde77366d96d2ccf248a5320d9b8298b2a73363879107a02b47f57213a85203abbca5a4195f8af3e3593ed2fa3504bb76a3e1be24b66d355662932cb67dc88503afaf762bff741ba1cace97ac58bafad5d36c3aa02e0cbe20e5f3dc8092c512eaa9c4943474aad41990076721ad3f53fb08ac22982ed9b15c751a9e23382f6a69c72e6e244e0eb681e6dd228d3774fccb37eb6232f825d169a2ac8b7e18a42cdaa4f2cf05890bb0c598cf8c31f829ef8ca2435bdcceb0e6193ada7841ee692f30aedf88b627311b138ac78b3913e06f7c321cafb39d901dfe17430b1a20bc437a555a578fa31e4b6807954456bd4b04d5d887987bdf04e0f14af3141b24c3a7b9ac75aa32e2fcd2171a12609e15e73094fd09221b4d27090e73219b648bcaabf3807c9280b6c4ad750a468be0e1ad3e6e63016cb5cec3aaddc5689c2955a2a8d5b8984d7c44376fdd94d3f5ff1298f78172b565913704e90e5ac038cb1720e19b080f81b53d6a45d4528530711b63dfe1e4781c24d74aeb2bd8a73fd2a993c5b0891392196ac32c523699960d8b23e01664cf9021d93928050caf97fb985554580e33336a4563247df59ef6cae53: +10ca413d70eb3db6e337f0f11abc075c95859e825f876176076952d2f18880305028ba38afecc242635f6e353d5f4afd123f860a0425220e966552a057880823:5028ba38afecc242635f6e353d5f4afd123f860a0425220e966552a057880823:ea7faf79f6ff5d78a823a754347134f1b3c3e91ce518fdd633feb4f05d125f05cb54336ef560e92deb685112a5ffcd3dfd3964b2758ce4785f6a34bfeb39784f0aee55955aebd12ddda641d05769f74402f706dad201c44c91081c7d7f65e7aa4246de6dc3ed6496d10f4a412060d493bac9aed5be4f6d74229e3c55eb6876e3bb2ed41fa4504b6670dda8c798f6daa280d1aa72021174f6c01aec49b321d87f53acbcadcc4607d5b1e45d63fc481a6d90576c87c1880b2e8ff3e590a96beee1804768c756beb86bf1de8adc408b1b8d666f74ba28630822f92d18b056ae37ce0293ee61b9e80f33ac269671bd62a4059b24f7c1a440807440d5d538a65458adc8158724b25c12127aa0349e55f6e55bc92078fd1ef274c2aa791905766be394a2628f7bbd1a32da5e487446bbefae88fa6cf3f7b499f131fa19313d13b280adca50f77802d17331b381683b5e7edab99473edd31d77443488214135fd6f26445093e9e2aff7d7e892337fdc8779065d4d97d6d673576794958dbfa6c50b1b13ac39607c1e66ef9629761071155fbca6f36eb02ceeae16367feac07476908c847c9a533ef68c94311fa089ff28fbd87809b0d3876b431d9a18b202f9a4049a0577b8177610dd02e5c520eca955e803c3ad4f50976f7c2ea8aa3ee4836a1985df0a4f16ef46981595419897993560af82651c2b494e680b37802e7537ef68a575c34f8588063ee0197206d9a32bb4890e7c216a4d33feca36b549e532fea68556e7540a4fb169d49fc553b2e6700ae42d9a516e68160acf6b270c77ca5ec26e5ad5dc75c2c393e299:6aec02dc6bdfcb67f0efc1fd31e23e69e371ab3802505b3201a95dd525417ed1a128db4e182cb37c28f62806667099a8ad480b0ac9e94c2a7d5a0e96e2a7360dea7faf79f6ff5d78a823a754347134f1b3c3e91ce518fdd633feb4f05d125f05cb54336ef560e92deb685112a5ffcd3dfd3964b2758ce4785f6a34bfeb39784f0aee55955aebd12ddda641d05769f74402f706dad201c44c91081c7d7f65e7aa4246de6dc3ed6496d10f4a412060d493bac9aed5be4f6d74229e3c55eb6876e3bb2ed41fa4504b6670dda8c798f6daa280d1aa72021174f6c01aec49b321d87f53acbcadcc4607d5b1e45d63fc481a6d90576c87c1880b2e8ff3e590a96beee1804768c756beb86bf1de8adc408b1b8d666f74ba28630822f92d18b056ae37ce0293ee61b9e80f33ac269671bd62a4059b24f7c1a440807440d5d538a65458adc8158724b25c12127aa0349e55f6e55bc92078fd1ef274c2aa791905766be394a2628f7bbd1a32da5e487446bbefae88fa6cf3f7b499f131fa19313d13b280adca50f77802d17331b381683b5e7edab99473edd31d77443488214135fd6f26445093e9e2aff7d7e892337fdc8779065d4d97d6d673576794958dbfa6c50b1b13ac39607c1e66ef9629761071155fbca6f36eb02ceeae16367feac07476908c847c9a533ef68c94311fa089ff28fbd87809b0d3876b431d9a18b202f9a4049a0577b8177610dd02e5c520eca955e803c3ad4f50976f7c2ea8aa3ee4836a1985df0a4f16ef46981595419897993560af82651c2b494e680b37802e7537ef68a575c34f8588063ee0197206d9a32bb4890e7c216a4d33feca36b549e532fea68556e7540a4fb169d49fc553b2e6700ae42d9a516e68160acf6b270c77ca5ec26e5ad5dc75c2c393e299: +1f0a10a2cb111917b9a67a2a1f38fb86f8ed52607d1d653a457d7f4718d9a7de70c075b2e94c4c02f45e73044f24399741b161feb6f69eab635417282a4a9368:70c075b2e94c4c02f45e73044f24399741b161feb6f69eab635417282a4a9368:4f6a434bd5fc77f0f1b7049c91853ccbd89439962a6078a674b867543b6b7d10552ec1758c5283042bd6b4cea88c9520db04746f089cf3a260fb0f33858efd6f680de5b72d9876324ba590299138f85a76f5be0e05e8859c02b23512559c8beafc9cfe901b283e15d16c792eb03b92880f6ff97aa38eeead3f4fd6c0a9214323aa39a1c16515e30dbd08b833ee40a814a28809c870e1d0a62c37932d5408fc6afc63e79a655c5fe3d4026ef09e0299fbde5ab34fceab14130dc4be007e8e6444d7aaaec62c873df77e8010743c31e8757f1eae9edb5597a1b5d84bd77ae7642e1aca99873a152ffde068a8e4ad9240b903332795e40bb32865e5ce034307a6c9fe339a1c93770df5ca46329f6b09419785cbf2847b0c6832837123853ad952653265c5b5740d194e00f23f9e966791f005f8bf55c388c2be9e21538925f8555e0dbd83be073df765af4940e59a3790b9836bab7909e5676fbf1c2126fe226d781a44330cc01d32830ff8ae00b9792e398c2cbb4fb83a1005c245549a89063fbe06c62a48dac43c5101249994e95e37f24c1d8b3bc673538c46055f800db1c0f956869b6b297d990f44f05b50c7ad6b856f46212858471dd0d39372b0db751573ddb6b5b56ba01e371c78fe58dcd1be53112a6a73da9a6bac75d3c39a1a705a36f640fcfad8cd04077594d59685f6e30de71dfd4a44c4e7c04d6ec7c2e8be12785bb05b29b39151d329f587fdc381c2df0cef73fe0e3fd9208d7ccb6e08d02f42d1feed27561d5e323aa148624e552abe87532de15b7f42c22c98e40525b1747cbd758bfb26fd3eed3b:a4245aa3395e7bada2bcdf1603147cc5f3f0ba91f40fdad8f6d371c3ebefb4c1501d07875b576f40797806a484c7a3f70569e232b0c99d29ca23a233b68edb0c4f6a434bd5fc77f0f1b7049c91853ccbd89439962a6078a674b867543b6b7d10552ec1758c5283042bd6b4cea88c9520db04746f089cf3a260fb0f33858efd6f680de5b72d9876324ba590299138f85a76f5be0e05e8859c02b23512559c8beafc9cfe901b283e15d16c792eb03b92880f6ff97aa38eeead3f4fd6c0a9214323aa39a1c16515e30dbd08b833ee40a814a28809c870e1d0a62c37932d5408fc6afc63e79a655c5fe3d4026ef09e0299fbde5ab34fceab14130dc4be007e8e6444d7aaaec62c873df77e8010743c31e8757f1eae9edb5597a1b5d84bd77ae7642e1aca99873a152ffde068a8e4ad9240b903332795e40bb32865e5ce034307a6c9fe339a1c93770df5ca46329f6b09419785cbf2847b0c6832837123853ad952653265c5b5740d194e00f23f9e966791f005f8bf55c388c2be9e21538925f8555e0dbd83be073df765af4940e59a3790b9836bab7909e5676fbf1c2126fe226d781a44330cc01d32830ff8ae00b9792e398c2cbb4fb83a1005c245549a89063fbe06c62a48dac43c5101249994e95e37f24c1d8b3bc673538c46055f800db1c0f956869b6b297d990f44f05b50c7ad6b856f46212858471dd0d39372b0db751573ddb6b5b56ba01e371c78fe58dcd1be53112a6a73da9a6bac75d3c39a1a705a36f640fcfad8cd04077594d59685f6e30de71dfd4a44c4e7c04d6ec7c2e8be12785bb05b29b39151d329f587fdc381c2df0cef73fe0e3fd9208d7ccb6e08d02f42d1feed27561d5e323aa148624e552abe87532de15b7f42c22c98e40525b1747cbd758bfb26fd3eed3b: +7f05baacf167583cf2fe9562a506991ed987f68ffb71567c7ccce3fcc59b78b00dec3952852b96fd75587e97743f9e41c09fbe6ba981bfceb4ebb8892d986a16:0dec3952852b96fd75587e97743f9e41c09fbe6ba981bfceb4ebb8892d986a16:a27d1eab05150920ded1b1c2578af582b294f7837fe4fb1a3169c25efb70634ba66c7e2991b3e75cc5124826a03e057259b5cb706228780cbc8275c339f8340e402a665032a4ab657827b1c3481f7566d369735b82db7628c022b212730db1e47c9b2d9bc4d81b2342d89c6eafc3e0b6de50d484ccef11238c8e2d240dd595dcef8b2fc57b54ff9a8a74111f61f8a652f20ea012c1ade3e280ecde294c0e35717190162ec6a2265e7e6f3f0704cf8ab1a03e5cc953e2926291ccd4b0590d5c20568f94f9ff0fe2ab78cf9ae2c38bcd491e518f23e9b636f880615fc56078e512d7577e09497c1183453d5081fd4737f280ec5e267c4586b78b70fffdfd730d809df560f2e3772191847bbc3f604fb7f8ca49eed318b5e7d1f2b83a10da0c8594b339b6871a5772dd64168ecc27e240a45c76725e7d55bef37e135e3d9e0e34e36c16e34d77459a552f4074d067a31a3ed2a48cdea4895b10bdf1656f4b7a413c6a088c649fc9d7bc56abf64435491214192a6670cb8b9c917f8e1bc7b2cfce78d28fbc3afc2a50e98213e7e026378e4ea711d151adaaa719beb8974656c10ebc7de46b19ec82951ef46a8c68e7f436e1b3ebedb2d09b0575c9914ead2796b53e0061e212994ac5026aea81ec37c81378f4ccfc467700087968597da38fed52fa48093ae4ba1066c31e3c7d8508095bb45c280120f4aa69a24f3efef1f767985aa1a30e140856f76d1520732878487be53f712dbd7d779e315101588fd7dbdb132f92c27575ac1486f176c790661b0148394e92ffa3ae6f8afb2faa2b7f4fbd0ad91e759a702b3c702b4d:0deed2df82acf4529c408a02931f676bec5cb7ade84ebdcd578f70f971382cf311bb83097300456a558bc4c09d8983ff13493fd611eb66c043bf019bad6f3302a27d1eab05150920ded1b1c2578af582b294f7837fe4fb1a3169c25efb70634ba66c7e2991b3e75cc5124826a03e057259b5cb706228780cbc8275c339f8340e402a665032a4ab657827b1c3481f7566d369735b82db7628c022b212730db1e47c9b2d9bc4d81b2342d89c6eafc3e0b6de50d484ccef11238c8e2d240dd595dcef8b2fc57b54ff9a8a74111f61f8a652f20ea012c1ade3e280ecde294c0e35717190162ec6a2265e7e6f3f0704cf8ab1a03e5cc953e2926291ccd4b0590d5c20568f94f9ff0fe2ab78cf9ae2c38bcd491e518f23e9b636f880615fc56078e512d7577e09497c1183453d5081fd4737f280ec5e267c4586b78b70fffdfd730d809df560f2e3772191847bbc3f604fb7f8ca49eed318b5e7d1f2b83a10da0c8594b339b6871a5772dd64168ecc27e240a45c76725e7d55bef37e135e3d9e0e34e36c16e34d77459a552f4074d067a31a3ed2a48cdea4895b10bdf1656f4b7a413c6a088c649fc9d7bc56abf64435491214192a6670cb8b9c917f8e1bc7b2cfce78d28fbc3afc2a50e98213e7e026378e4ea711d151adaaa719beb8974656c10ebc7de46b19ec82951ef46a8c68e7f436e1b3ebedb2d09b0575c9914ead2796b53e0061e212994ac5026aea81ec37c81378f4ccfc467700087968597da38fed52fa48093ae4ba1066c31e3c7d8508095bb45c280120f4aa69a24f3efef1f767985aa1a30e140856f76d1520732878487be53f712dbd7d779e315101588fd7dbdb132f92c27575ac1486f176c790661b0148394e92ffa3ae6f8afb2faa2b7f4fbd0ad91e759a702b3c702b4d: +d00c216426710d194a3d11cfc90a17a86212e7a0e54baa49b0169e57fff83d61cfe6ae8903c6c701aa304695c651bfd850331f9ad481633ae370c86d7bd13fb9:cfe6ae8903c6c701aa304695c651bfd850331f9ad481633ae370c86d7bd13fb9:82f97841b3ba22dd9a4450837ea7bf8d27a9731470cabb0c2078034bf24e4c1a6290c03f4002b86fa09f07b5209f1f53d0ecf4d9e9223bec125a954551fe8bff718f5e264868e207f701194e41de39971fd385f49a4b4adda911eba55259fc6836653273f656f4af60b20664956d4f2135d90d09e9037d5366a0253444e022c7212af5fd4fccd74237d2885338e2fd721522de6763c2549028c623b9cf387d234ab5e7fcbe5a47c685b79e75a57b09574082a02221df64a2e841618087e722a21bac1ba4f0d7d87bdc510aaa8fbd10757f6c029ca820371fc74c3bc50bd898c55d8167f73ada377aecc91629d64c360c2c241c5cb42e3a518c5dabf0f418b2a7f3d82eefd92026d31e8b8160358eae821f730ecafe7ace647bff8741de2f6a131d11c969e9787cfe6a2fab37bf8d1c7f4a2f364d2f1a76ef046c1843e63ec00cf7920ffaae561e7370b719fc16fcebca3cfdfaba43f4f090c46f477303a660ee88dd4e89bf14b9f804b6fd495cb1412753474a056a0d8931cd9ccbd64f8fcc7a3123467c5d47f690679e8871288093734fd6a1326038658156413696594c134d73887f34ee67609ae8ffb3266c16d87f15345a476f72950c158796a88bbb444f1aa809cad875b85fb9151a0e2eef2e00e80d6b7a9ba406c0519effdd94126232fdf6f1e7b9bbc0362aa77516fdf939e7906aab01307128cf824c102c09b929c9b2d7af8f85b7d7f9a838b2aed0c697e8bdfee66ee016bb1bf35eff6b2f7ef4b91b1fc04fac9f116e2edff40f95c15b77c31ee522f3937c7fa0047d6225e0c8e55e278c8103911feab2b7f4:15c45c194297e887029f49d8bdf9d610dd8c34799e1e9230269e7a58928938cf396a02cd42205490391e1c64353fb06b9f8e9b818a9a361c204a386995bf3b0382f97841b3ba22dd9a4450837ea7bf8d27a9731470cabb0c2078034bf24e4c1a6290c03f4002b86fa09f07b5209f1f53d0ecf4d9e9223bec125a954551fe8bff718f5e264868e207f701194e41de39971fd385f49a4b4adda911eba55259fc6836653273f656f4af60b20664956d4f2135d90d09e9037d5366a0253444e022c7212af5fd4fccd74237d2885338e2fd721522de6763c2549028c623b9cf387d234ab5e7fcbe5a47c685b79e75a57b09574082a02221df64a2e841618087e722a21bac1ba4f0d7d87bdc510aaa8fbd10757f6c029ca820371fc74c3bc50bd898c55d8167f73ada377aecc91629d64c360c2c241c5cb42e3a518c5dabf0f418b2a7f3d82eefd92026d31e8b8160358eae821f730ecafe7ace647bff8741de2f6a131d11c969e9787cfe6a2fab37bf8d1c7f4a2f364d2f1a76ef046c1843e63ec00cf7920ffaae561e7370b719fc16fcebca3cfdfaba43f4f090c46f477303a660ee88dd4e89bf14b9f804b6fd495cb1412753474a056a0d8931cd9ccbd64f8fcc7a3123467c5d47f690679e8871288093734fd6a1326038658156413696594c134d73887f34ee67609ae8ffb3266c16d87f15345a476f72950c158796a88bbb444f1aa809cad875b85fb9151a0e2eef2e00e80d6b7a9ba406c0519effdd94126232fdf6f1e7b9bbc0362aa77516fdf939e7906aab01307128cf824c102c09b929c9b2d7af8f85b7d7f9a838b2aed0c697e8bdfee66ee016bb1bf35eff6b2f7ef4b91b1fc04fac9f116e2edff40f95c15b77c31ee522f3937c7fa0047d6225e0c8e55e278c8103911feab2b7f4: +dd123972e628584acc46293b8e4ce2b2dd469cc4ede14ef39521cf08373585b33522f7ae596eedb217035d95395e448dbd6ffbf42585eaeb307026541c78a651:3522f7ae596eedb217035d95395e448dbd6ffbf42585eaeb307026541c78a651:2b2857f45280173e2e0ef9d594e6083f1dc7a65492975b837def6cadd8c8545031ee9d68369a9393cc7b792feb98040b21f1eb84665f878537ce412e9db680d29fbd8ffc7731eae91a20b47548996204fb06ad740e78f0fc590b6791dc7a0f2659286cc16d02c5117b565836b4b8738cf40e285c69c50e412911292367352dfdaed9982d0f899a23c0ab51812b3ec678f6882ea427cdc93ab4b24824377054aa25d82246653340078cf11d14a51f0e686d7e018b36741668fce7458d169293361dd16b3debbed19e1bef7c36934e20f33a09ad3e82b53ab4e94c255d041898b97737df99584af14e404058d0c93bcae7bbbc06395a2aefbdefa7b2ed17cebd1513fa390fe9a9b0ce68cecc2b9e129b7a29f49b6d18c28bacd3af39dc39ca972f0e0d06855d57c2b5fcac2f79cb8c05799e4f65734668dad6aa7a43a11856e23b1e732d00e5fe3885b7dad42ec18ac8e096a080f7d55070fdcff607bc0b852d8a080d2a7405d59414695f2eb7fb0aca23c8635742f8ae57f13780316e280872374e6929598d028a33c05d831cdabd029493c3cc859fff1a67d56216f02a2295665365887a350a80afaa0c367a74d3701ae88f59d8a9d3a1dce0cfd2eabe2af5065a1c7fca4aadcf8e51e75612a1371b4dc8ffc0c0b9c4fadb2f081e2e032d96818e55737adde3e1ac121f56cc86fb58a0a582692f62ce58acce17aafec7bcb7e44f839258cd4a851fc01344ee9f1bd03eb94344f4778693c171dd2892b2426a8829ab0cfe33a7d4a36eb4017f7fcfd24134ab8a45f23717cd138aa6000172e37b4064dc9b6d1e1ef3af84971d:8965a889d54cd8076d35bc2e12b009d56b0704c894f912a0d1d30720c232fe4404bf3009541e8f3283e89ea86f678afbdf1c21c924b23a52b4ca6d63f48fc2032b2857f45280173e2e0ef9d594e6083f1dc7a65492975b837def6cadd8c8545031ee9d68369a9393cc7b792feb98040b21f1eb84665f878537ce412e9db680d29fbd8ffc7731eae91a20b47548996204fb06ad740e78f0fc590b6791dc7a0f2659286cc16d02c5117b565836b4b8738cf40e285c69c50e412911292367352dfdaed9982d0f899a23c0ab51812b3ec678f6882ea427cdc93ab4b24824377054aa25d82246653340078cf11d14a51f0e686d7e018b36741668fce7458d169293361dd16b3debbed19e1bef7c36934e20f33a09ad3e82b53ab4e94c255d041898b97737df99584af14e404058d0c93bcae7bbbc06395a2aefbdefa7b2ed17cebd1513fa390fe9a9b0ce68cecc2b9e129b7a29f49b6d18c28bacd3af39dc39ca972f0e0d06855d57c2b5fcac2f79cb8c05799e4f65734668dad6aa7a43a11856e23b1e732d00e5fe3885b7dad42ec18ac8e096a080f7d55070fdcff607bc0b852d8a080d2a7405d59414695f2eb7fb0aca23c8635742f8ae57f13780316e280872374e6929598d028a33c05d831cdabd029493c3cc859fff1a67d56216f02a2295665365887a350a80afaa0c367a74d3701ae88f59d8a9d3a1dce0cfd2eabe2af5065a1c7fca4aadcf8e51e75612a1371b4dc8ffc0c0b9c4fadb2f081e2e032d96818e55737adde3e1ac121f56cc86fb58a0a582692f62ce58acce17aafec7bcb7e44f839258cd4a851fc01344ee9f1bd03eb94344f4778693c171dd2892b2426a8829ab0cfe33a7d4a36eb4017f7fcfd24134ab8a45f23717cd138aa6000172e37b4064dc9b6d1e1ef3af84971d: +3335ea928117cfeefbeeae146003881bdc8889d6580eed1352370820ad1f584fcb20d4fd7561848013111c3e97617f34181d2e7fbcf1bb2a2cd2e8c1775b8b03:cb20d4fd7561848013111c3e97617f34181d2e7fbcf1bb2a2cd2e8c1775b8b03:0fa7f6a6fca981429b572a6704871bed140dab93ee1992006e9a3bb2e6cc9a09d4c9cf17066b32ff7ef5b6b2e7911178ed7462c4c175603171ca613668b3be193d94c3521e588913b5948b550be99d82d966197d710acfd95914cf3e197536e83e68230dc3d67e67dcdbdee04f0d9c480237ecd28f74338db5f3f697d3d07ff33613bbce542acc9a7fed5d12490b9bfe1d109540f863800dd356da841a45a3cd8a08a945bfa3aa98e1712312c4c0f0d9dd64f6efcf736bd97deafca9dcaa3f06d87f2ed72aeb6a94f3280000c4bf728a01c1862dafd9fc5c7d5a46ec7d3a87af59a11d87f7ff84407d37010e1d946cf225d6b3b1edee2e8bbf1e079e47fb1f66669394fbf2fa68fc56fc89820a6809c251dd62f5b865c547b14fbd3a19504244ffbc7e5240f88d4360f9cacaaf5f82433d3344fcaee0acdeb7beb9c0b3c769eac920ef4f09abc2a2095512045943eccc53b1c03ed24e567f3d7a71977cab9840ce898ee58ed5c73f6adea823394c5c8e3658a6bf5acbbf0055992c312c26c79c5cfbea3860b8764a6d8ffe4491f8a5b8a215e0117a9a68164aee25f8c0bb381195b2400bcb4644ebce1cde5a9a26582cab9dc7f43c33eae350db65aa7dd22a079bdddcf56d848deb0cfa50b3bd732d9da9e8d8ab79e93469de5802b6dff5ac2aa8482bb0b036d8f9d595b8ead94bb8d7418e2ea43192efcbfc05c467bde0a868a516a7c14a889b72c5b73e7d85c2bae902e4e68d1f3ceab2b2773af5bbaee6a00d08063e7833cd4e295347e58f5d1b3397f640c159cc60a674a227b4cd8c10f1dbaed516ccacdd295f11b08147:f7c39f9247d22f018999247f0e0005cd63076ccf2fee4163421f86407a41698c405816647351c04e93b54415b62fc03fc8c25e20f7541dab03197dc900b29c0c0fa7f6a6fca981429b572a6704871bed140dab93ee1992006e9a3bb2e6cc9a09d4c9cf17066b32ff7ef5b6b2e7911178ed7462c4c175603171ca613668b3be193d94c3521e588913b5948b550be99d82d966197d710acfd95914cf3e197536e83e68230dc3d67e67dcdbdee04f0d9c480237ecd28f74338db5f3f697d3d07ff33613bbce542acc9a7fed5d12490b9bfe1d109540f863800dd356da841a45a3cd8a08a945bfa3aa98e1712312c4c0f0d9dd64f6efcf736bd97deafca9dcaa3f06d87f2ed72aeb6a94f3280000c4bf728a01c1862dafd9fc5c7d5a46ec7d3a87af59a11d87f7ff84407d37010e1d946cf225d6b3b1edee2e8bbf1e079e47fb1f66669394fbf2fa68fc56fc89820a6809c251dd62f5b865c547b14fbd3a19504244ffbc7e5240f88d4360f9cacaaf5f82433d3344fcaee0acdeb7beb9c0b3c769eac920ef4f09abc2a2095512045943eccc53b1c03ed24e567f3d7a71977cab9840ce898ee58ed5c73f6adea823394c5c8e3658a6bf5acbbf0055992c312c26c79c5cfbea3860b8764a6d8ffe4491f8a5b8a215e0117a9a68164aee25f8c0bb381195b2400bcb4644ebce1cde5a9a26582cab9dc7f43c33eae350db65aa7dd22a079bdddcf56d848deb0cfa50b3bd732d9da9e8d8ab79e93469de5802b6dff5ac2aa8482bb0b036d8f9d595b8ead94bb8d7418e2ea43192efcbfc05c467bde0a868a516a7c14a889b72c5b73e7d85c2bae902e4e68d1f3ceab2b2773af5bbaee6a00d08063e7833cd4e295347e58f5d1b3397f640c159cc60a674a227b4cd8c10f1dbaed516ccacdd295f11b08147: +32a1883eff57a3a7ecdb310221ee83c4de92b722159613ecf816e382437b60b982dd1a03e5852062ba4a8b6b3b93c5e9c43ff6995bd2aac72606fac85802c682:82dd1a03e5852062ba4a8b6b3b93c5e9c43ff6995bd2aac72606fac85802c682:ed2b123b5dd7f5e718e026c79cfa6111924902d189a406ef2b2e56a9ee5573a76ddd1d0629ebcdecf2aaa74e84fcd0208f14eea2e171e7c8608b818feff4dbea52db354227d023250b1f01cb4cc8c52132a98d4acf55a54fee81e094aed66fa0d6b6a200b6b87414402278538b90529a8c603d927eddda97bc4b8cb95d04b5337fa22ceafc8b340c46fef67198d1fd98d89c65cd089e23f53dbdca967798b5cd923205ad511edf706f1225f4648c985e009ef8a2f6a0117cdbe14e75312d8ac1f03d046b37cdee7d69c0f25ccf18145a688a8b3ca8875fe8d90baf86d43969e4d610214f1ac5dbba87a1ef10377e40d7806fd9d23457fc9df29899239fd1d278849681a943ad9c91fd1bbd92b73cb177a878f9059ee07af7a8731613e33d59df3d97796079d5631ed85eb2245106a5ff6a2bca40df5c6e87473b2c08c2212f56fc2933a969a3c958d37c5343ba2760c813a7a5165d231c5feaae62b755df49feca80041a6535f7e03bc48e5f27f9be26ef53673eb7c37a2b64744a6cf17e887734ae010bf40eea03cda212f512fba0585947179640bcc4544b8deb4ead129bc3322800adf98818f99574befd9b0016d4eec81a8e78dc3a2af13cab01649ae2e33d516b9d4208ad6613d8e278c393baa882340ef461ff4f94423d55cf3cedd2a6b56e88365531dd29d68273adbfe369402e6a7cee053da1f100540091a00929252983449024b1c3391110650082f0e7dfddb8edc2042f3c1713c6944ba514ee7407d32bf06c858efec42a78bee97746e5b4879141a13d9fc5cb123b783273b84d57ad3526b7da3c68b839efd23f5f:8309cbe72f804bd9521def5dad4d8bc13886b1d4f662c9bb5b97ba4790f44b801f3195ead0d4ddb660818ecbf9a683cacf85f1dcc9e82c09116d733658091a00ed2b123b5dd7f5e718e026c79cfa6111924902d189a406ef2b2e56a9ee5573a76ddd1d0629ebcdecf2aaa74e84fcd0208f14eea2e171e7c8608b818feff4dbea52db354227d023250b1f01cb4cc8c52132a98d4acf55a54fee81e094aed66fa0d6b6a200b6b87414402278538b90529a8c603d927eddda97bc4b8cb95d04b5337fa22ceafc8b340c46fef67198d1fd98d89c65cd089e23f53dbdca967798b5cd923205ad511edf706f1225f4648c985e009ef8a2f6a0117cdbe14e75312d8ac1f03d046b37cdee7d69c0f25ccf18145a688a8b3ca8875fe8d90baf86d43969e4d610214f1ac5dbba87a1ef10377e40d7806fd9d23457fc9df29899239fd1d278849681a943ad9c91fd1bbd92b73cb177a878f9059ee07af7a8731613e33d59df3d97796079d5631ed85eb2245106a5ff6a2bca40df5c6e87473b2c08c2212f56fc2933a969a3c958d37c5343ba2760c813a7a5165d231c5feaae62b755df49feca80041a6535f7e03bc48e5f27f9be26ef53673eb7c37a2b64744a6cf17e887734ae010bf40eea03cda212f512fba0585947179640bcc4544b8deb4ead129bc3322800adf98818f99574befd9b0016d4eec81a8e78dc3a2af13cab01649ae2e33d516b9d4208ad6613d8e278c393baa882340ef461ff4f94423d55cf3cedd2a6b56e88365531dd29d68273adbfe369402e6a7cee053da1f100540091a00929252983449024b1c3391110650082f0e7dfddb8edc2042f3c1713c6944ba514ee7407d32bf06c858efec42a78bee97746e5b4879141a13d9fc5cb123b783273b84d57ad3526b7da3c68b839efd23f5f: +22ecef6dabe58c0669b804664973e457c05e4777f781c52522af76b95481a914d4784010ef0403eddc5a62d5d45bb243b80b4b9d69c39ca387c6f5cba028640f:d4784010ef0403eddc5a62d5d45bb243b80b4b9d69c39ca387c6f5cba028640f:c535c13d779fc0985973d6bcd552d81734e92bdf10994b00cd4d53ce365fad8c7cfa96206adb62d4567be5e46631323853e38ce4bdc16d7b8f632a3ad9e02619eff37174eac3f0bf2f7a7517d4b82de6aa1af0063819d5e1f9278fb4f24c8cc002afb15f334c04fadb00303013c01667f4932a6c4b97d39cd4a4598506c0bd740ea9f11696357d7d17fe4d75f9d74241a7af71f9d869ef6cd695687c03fc34ad65a68a4888a1a74126cb55cf7da9cb4a6717f6eb88484089d2c5189ae381f25e7b3bc3b23d0c9d9f9cdbbeecfd1e72a05e67bb483a9764d9fc75ad69e4ab1270fb40f3958fea4da559b43980b24681313e8591e68546a3bf76ee34b339709295a8d46fb2432dda2f221812df692895e67cb29cbf6ff4502b439a4e9e43639ec067bc90ae814a293a7bd46968e656787642300a0ff2697e3313f6a418d3d12a5f7c51a4c57b63385f2d2a21d5d1d763fc8d1b93c13435f9e47ee7a425980a6ae6f1a9d007607476783c6d0c7887380f868c65b382d4cc8c04478bbd79a1d9a964b78171d6bcf0b8eec50a06a4ea234d1c23465d3e75b88bc540dade74ed42675b07f7cf078211e907f86d0dc4b978623d9f08738af928695e542ec2980e55a1de49e25247fa0a09678118e3930bc4d24b3214d6dcfb6ebdf4906c928deb37bb9ba29c8de1bb9418db718b2853ba57ad8cae4677addfd18b6c7e8c242621b35c7f0efe8dd5eb26ff75fd5748b1d783f6d68a7d9d56da2c1a978ac25f84fbb2be5568d91e70938221c102aee60409bcbec0c82e12ddb425eeb6ecd11551ecd1d33ddae871ae0c8f24d0d18018732b5e0e:5d0d2af678b3d1b677516d08a79aafd36ec67c14caf5bcdaaeaacc51a14fb805cf2904e8721db271b20df709bee1a4fbfe62565073b2a7e942724461f927930dc535c13d779fc0985973d6bcd552d81734e92bdf10994b00cd4d53ce365fad8c7cfa96206adb62d4567be5e46631323853e38ce4bdc16d7b8f632a3ad9e02619eff37174eac3f0bf2f7a7517d4b82de6aa1af0063819d5e1f9278fb4f24c8cc002afb15f334c04fadb00303013c01667f4932a6c4b97d39cd4a4598506c0bd740ea9f11696357d7d17fe4d75f9d74241a7af71f9d869ef6cd695687c03fc34ad65a68a4888a1a74126cb55cf7da9cb4a6717f6eb88484089d2c5189ae381f25e7b3bc3b23d0c9d9f9cdbbeecfd1e72a05e67bb483a9764d9fc75ad69e4ab1270fb40f3958fea4da559b43980b24681313e8591e68546a3bf76ee34b339709295a8d46fb2432dda2f221812df692895e67cb29cbf6ff4502b439a4e9e43639ec067bc90ae814a293a7bd46968e656787642300a0ff2697e3313f6a418d3d12a5f7c51a4c57b63385f2d2a21d5d1d763fc8d1b93c13435f9e47ee7a425980a6ae6f1a9d007607476783c6d0c7887380f868c65b382d4cc8c04478bbd79a1d9a964b78171d6bcf0b8eec50a06a4ea234d1c23465d3e75b88bc540dade74ed42675b07f7cf078211e907f86d0dc4b978623d9f08738af928695e542ec2980e55a1de49e25247fa0a09678118e3930bc4d24b3214d6dcfb6ebdf4906c928deb37bb9ba29c8de1bb9418db718b2853ba57ad8cae4677addfd18b6c7e8c242621b35c7f0efe8dd5eb26ff75fd5748b1d783f6d68a7d9d56da2c1a978ac25f84fbb2be5568d91e70938221c102aee60409bcbec0c82e12ddb425eeb6ecd11551ecd1d33ddae871ae0c8f24d0d18018732b5e0e: +8de86330b256095e1114b6529bedce182c166f67a91539cebc4bec25add7a4a933cb054b55bb790ac0f3afdd9a6e7c050efe9006c24f60b8044fd08a5c106c11:33cb054b55bb790ac0f3afdd9a6e7c050efe9006c24f60b8044fd08a5c106c11:39e61e0eccec929c87b8b22d4fd18aeabf42e9ce7b015f2a8cac92a52448a42fed4cbadc085bbb4c03712ae72cfcb800b978350669b0990084f2dab76eca606d1a49fc55c529e1e7dadf39122dd5bd733893858b0523ef62df4f134cf6c26eed02fdbcb30ce474b1ada3f060769f934bbe686ccebd60883ecec9ce3ffb8ac4a0678cdc5b005ae3dba7e4fe8bc045739957d849f69c1474057b428c5425f3cc2516e8bbe3be81afd4e7b575abe88c87f2f03b56f69f9e3b61b3788120daa495ef0e50eb970a645c13d213c7cfb7d0ad555c920a1e5dbcb46797d939fe0401f547bfd17543221a53010de01f25b64519c8f03963e4b9ca58b0113627c05b9608eeaa7b9ae6305c96188160000ee3a7ade96e0b4bde9d0ed6a0ced765d786840a48175a6e090a38af6adeaa1486a9cb5c8c8c9223ee0ae4c6c02691a3547e32582a5b7059d2ee66fa9cd965615c315b476fd861279cd1dd7607743fc5561296312f11e465ca40bce3cf0b1f1d5a30af6087de4de96ce43965a46c4fcca15f281149b5c1a0c88fdbf27409a134ed4f1fb730fa191816ea784d986cc9ec4b694402de1dcca9ccc64fbd07b07e54e931de827a842460ca0bf6b04ebb571fa77787e3884be22f1e402cf2b8a96a5d39770ec4a843036142a0be970bb1ab165a6374dcf43deb8b9830b2c49db9cdfe4b5242e36f95e0c3e077e8d238fa6a8ac0d586bf61b8248fb3a79a270ab22be8a9da055ff3d5bb2d1ca9bc25f7014b96407719de344c3e73b8c114f792075a5c22fdd416154d3494ec3f02fb112ee5737f70704c1b6b07eacbf94562ca7b90dd84d98c3edf:6d01d237dd2bb4188d29bfdec387976a71be7adfbf9e23639b216d0aa0c11932235edccb3b42adcdb6291a0d299aed648de8b1957949b9d1cf2e50493030a40f39e61e0eccec929c87b8b22d4fd18aeabf42e9ce7b015f2a8cac92a52448a42fed4cbadc085bbb4c03712ae72cfcb800b978350669b0990084f2dab76eca606d1a49fc55c529e1e7dadf39122dd5bd733893858b0523ef62df4f134cf6c26eed02fdbcb30ce474b1ada3f060769f934bbe686ccebd60883ecec9ce3ffb8ac4a0678cdc5b005ae3dba7e4fe8bc045739957d849f69c1474057b428c5425f3cc2516e8bbe3be81afd4e7b575abe88c87f2f03b56f69f9e3b61b3788120daa495ef0e50eb970a645c13d213c7cfb7d0ad555c920a1e5dbcb46797d939fe0401f547bfd17543221a53010de01f25b64519c8f03963e4b9ca58b0113627c05b9608eeaa7b9ae6305c96188160000ee3a7ade96e0b4bde9d0ed6a0ced765d786840a48175a6e090a38af6adeaa1486a9cb5c8c8c9223ee0ae4c6c02691a3547e32582a5b7059d2ee66fa9cd965615c315b476fd861279cd1dd7607743fc5561296312f11e465ca40bce3cf0b1f1d5a30af6087de4de96ce43965a46c4fcca15f281149b5c1a0c88fdbf27409a134ed4f1fb730fa191816ea784d986cc9ec4b694402de1dcca9ccc64fbd07b07e54e931de827a842460ca0bf6b04ebb571fa77787e3884be22f1e402cf2b8a96a5d39770ec4a843036142a0be970bb1ab165a6374dcf43deb8b9830b2c49db9cdfe4b5242e36f95e0c3e077e8d238fa6a8ac0d586bf61b8248fb3a79a270ab22be8a9da055ff3d5bb2d1ca9bc25f7014b96407719de344c3e73b8c114f792075a5c22fdd416154d3494ec3f02fb112ee5737f70704c1b6b07eacbf94562ca7b90dd84d98c3edf: +bab5fa49187da1cab1d291900019e6cbafeccd27bf7ecbf1262a700516e7c29ff6fb1985ec591f69e3bac807b2eabf263990cdfa09b17809e48e385da065ec21:f6fb1985ec591f69e3bac807b2eabf263990cdfa09b17809e48e385da065ec21:5cf8ff587e52cccd2984f34791ee6843e77017c3b55ad45c44450965b75d836e78fbd7a1d1729eff6d6d340a903f3cf17d9e2aecaaff2a321fcdde0abcfbbcbcc09f4086f812c46efb01b78343afbe48309f917478455f32000c6a69f79fe211b99f037f5956d72275a7fe7b45296b5f739aa451ff0575bc705885aa5631b0d0850bc2b12c4192435ae5d2f52bc54386497c4a24b8b6db516be09d8ccf1eca785bde97e9be1ac064f094e2afcc307c0e06b4c564cd9a9a95305b37b81f434611dca55caaa031e88495d5dc5a04ff5fafdf0a82a0c03aff1bfbf4ffebae71824e35e751b09270007669860b580035659e23ace76b3b369fa306f2bed95799fafabc2e69c141beb0bacac7eaa347e77be5af3fcdbe7b364a7f9a66d5e17a07df6202fd98c14bfee2ca6f0745651f0c8550f9ffffcafb96ffb3f103e652e78f53916cd6f1dd05b3fe99b34201b07eac2652f5253571fd3822c695d265c7dfdd6c6b14a80b6e87183e6e032e5f2401cd238cdd3769bb6e390823438f5673ea9a479e5c63fe07a07f4e14f57757c4d7d22b35d71c44eaad4873c8eca6f6b21dcfa95520ff9614abf7a0e1885309f2ced3bcdfc319363a2da46ded79a5cc7b6f69383f94ab35c250629cb915d667b6281186754895803e4b95e7418289a6ac3bcdb6e1e7f6f1dc38e77d281914cc404f97cff14fb2c4fd81412d101c1bfb368ce59311e892a8b9cdca86936f3bca7ec79163eddf1cee68f49f1ebaa27ec50f490d61601ca35f8d6ed266054aeb9b199f933bffd6e0050f261b4e13d5ebfe2caa6557c32ddeaeebc2a11f0aa233240da1c7e40f76:e316038d6aa15b1c1b61c1a16b36904fe8a289c8d602becc514d99220086b267859f5bf6e9c0863559ac623a56d7532344e8d2f28b3f9df92089708b1b0590085cf8ff587e52cccd2984f34791ee6843e77017c3b55ad45c44450965b75d836e78fbd7a1d1729eff6d6d340a903f3cf17d9e2aecaaff2a321fcdde0abcfbbcbcc09f4086f812c46efb01b78343afbe48309f917478455f32000c6a69f79fe211b99f037f5956d72275a7fe7b45296b5f739aa451ff0575bc705885aa5631b0d0850bc2b12c4192435ae5d2f52bc54386497c4a24b8b6db516be09d8ccf1eca785bde97e9be1ac064f094e2afcc307c0e06b4c564cd9a9a95305b37b81f434611dca55caaa031e88495d5dc5a04ff5fafdf0a82a0c03aff1bfbf4ffebae71824e35e751b09270007669860b580035659e23ace76b3b369fa306f2bed95799fafabc2e69c141beb0bacac7eaa347e77be5af3fcdbe7b364a7f9a66d5e17a07df6202fd98c14bfee2ca6f0745651f0c8550f9ffffcafb96ffb3f103e652e78f53916cd6f1dd05b3fe99b34201b07eac2652f5253571fd3822c695d265c7dfdd6c6b14a80b6e87183e6e032e5f2401cd238cdd3769bb6e390823438f5673ea9a479e5c63fe07a07f4e14f57757c4d7d22b35d71c44eaad4873c8eca6f6b21dcfa95520ff9614abf7a0e1885309f2ced3bcdfc319363a2da46ded79a5cc7b6f69383f94ab35c250629cb915d667b6281186754895803e4b95e7418289a6ac3bcdb6e1e7f6f1dc38e77d281914cc404f97cff14fb2c4fd81412d101c1bfb368ce59311e892a8b9cdca86936f3bca7ec79163eddf1cee68f49f1ebaa27ec50f490d61601ca35f8d6ed266054aeb9b199f933bffd6e0050f261b4e13d5ebfe2caa6557c32ddeaeebc2a11f0aa233240da1c7e40f76: +74ca122ab60de50cdc04a8e2eda45d9631061bf187d316be5b7cc06f020c483e787defd4fb24a399bd2a4e76dff7d603ed0acb3269813e4df690bbf5b2bc696e:787defd4fb24a399bd2a4e76dff7d603ed0acb3269813e4df690bbf5b2bc696e:a80b46079fa775f8c1a19fa0829be666bdfdca079cad43d70e0842183bc0db95468a539f0db2aea3ab9c7073b45d228a9bde232897a6eb6fc9edf7365e7101ba97c446a519a3649cf527c8a6de7251b92806815ac2fa0082eff75e2582cbca7e1e4da2a446ea233e7cf7cedfb0e2398eb6e11bbaefe3f7ec89f5d73dd34bd47fbcb4d7b22f2aaee373785651841135cd8661a701b21084a316deac3074e24a2e35a0330f7d1479b932f285277c18a441787224fbbe46c62e834a1851ed237998d48dce20ba114d11e941be29d56d02f7370c8f6d6d7e50248dcd8ec89d3b22f4f58778129fafd4bb92ede17714bf022a5bf92be479f18e63852ecdcf8c4211f530dd30f79cbf4bfa5737f0bad3b0106067f41327c3189e6f206f0d4f3c704bf2bd0b161f018fd21cddfb418bac4d52ef02c41c8792e413b04f0836cea1f86c92e5d5703bee2b5c5899e285992024f64e0d16c60ad0fd92547932d0c5cb98d8da22feebdbba8d1de1e7e9bb219a92eb6c1c698d3b33a37f9b8197d26b550febd2601e7a643ea7e1d9e448ae037f629a306ce417aeb79f2e3ca44d8db3848a811f1846811cbcb874f8af09e0fd0173cf175f304115476bf2c6c2d2f332eba534f46aae801c2692c2d2faddfeacc0f1dace440abc2ae5e5a49d578fd7f9de2a841ad6b6769c32b144ceea16d0f3c0cb3a8ee694c38c28073595096c813762cc2c5ec4b0d8d723dd660853278fc72fd6bd9d1272933dd2a38ed9d04b1390ffe4b294a6fffa721ee3bba33a03a149c4a0345265c01ce015e94db419cff7049852ee000048a85758f6d7b1c59c5089ee018ed09b52:bcb4b850696011997eb5dfe143f1a3d5628ef1a5407691ee48c79d69abe4d533f817ad7313b5795e46e595f3ae3a9165b1b6fddae86164ffcba376249837f609a80b46079fa775f8c1a19fa0829be666bdfdca079cad43d70e0842183bc0db95468a539f0db2aea3ab9c7073b45d228a9bde232897a6eb6fc9edf7365e7101ba97c446a519a3649cf527c8a6de7251b92806815ac2fa0082eff75e2582cbca7e1e4da2a446ea233e7cf7cedfb0e2398eb6e11bbaefe3f7ec89f5d73dd34bd47fbcb4d7b22f2aaee373785651841135cd8661a701b21084a316deac3074e24a2e35a0330f7d1479b932f285277c18a441787224fbbe46c62e834a1851ed237998d48dce20ba114d11e941be29d56d02f7370c8f6d6d7e50248dcd8ec89d3b22f4f58778129fafd4bb92ede17714bf022a5bf92be479f18e63852ecdcf8c4211f530dd30f79cbf4bfa5737f0bad3b0106067f41327c3189e6f206f0d4f3c704bf2bd0b161f018fd21cddfb418bac4d52ef02c41c8792e413b04f0836cea1f86c92e5d5703bee2b5c5899e285992024f64e0d16c60ad0fd92547932d0c5cb98d8da22feebdbba8d1de1e7e9bb219a92eb6c1c698d3b33a37f9b8197d26b550febd2601e7a643ea7e1d9e448ae037f629a306ce417aeb79f2e3ca44d8db3848a811f1846811cbcb874f8af09e0fd0173cf175f304115476bf2c6c2d2f332eba534f46aae801c2692c2d2faddfeacc0f1dace440abc2ae5e5a49d578fd7f9de2a841ad6b6769c32b144ceea16d0f3c0cb3a8ee694c38c28073595096c813762cc2c5ec4b0d8d723dd660853278fc72fd6bd9d1272933dd2a38ed9d04b1390ffe4b294a6fffa721ee3bba33a03a149c4a0345265c01ce015e94db419cff7049852ee000048a85758f6d7b1c59c5089ee018ed09b52: +65eea9ffb75612bde1d9ba3ea4fb5eda0aa6f2556ab15bf1817cee3b95bbba125b3936dc749b6b9239f15798accafd884c3659ee01b2d17d74fc7da78274e7e6:5b3936dc749b6b9239f15798accafd884c3659ee01b2d17d74fc7da78274e7e6:c06936323ce3253cac5ab4f6b83270cd4cfe85d0bf8bac1e1b8d5f0b153f541c8e8ed95f28d5c85a2315cd931b7cf3edae50f92830599162804b1363d3ac0da0abd09751023bddc16288944e616d21d91271978bb782d3ebed7fa61284c7490d27593ca8a3d5b475623307010abc1fbf793a816aaab5e0924dec79d60498965cf7f80ab59fc029f782166755b72b869075434ab606cc870a7c0bc8bf29aee033fa9cc122ed7c8e069b547dbae25901b9e249b41fea0bf8daf3826866bcaed2753b5e91ae937e717b508a0acf4c3b061ff0cb9cfd380e2494500951a662fd4928fc5fcaf6c18e84b1d378e49bd9d59686d087ebd552d07fa9ba816fa5402ca9e7252a648d106cfe6c431cc2a053e2294637cdb99d96abe689edabc5ca070f77c1ecd1d52d5385289f17ced768c3971671b9c0b2f855b8461c1e746c7b38f77896b85afbbedd08375fe922984614dd849fe2cb89ae7149dcd1d37f4936e67b1440be72e009398be6f083bf9611480b592fe2f0118e253db5d2e9e4b4541c11da00f7161a736e5f0bb934208e3ef4e0b9a52258203f060d18a195159e5e268aa28053c834f7bd5db9bd71f507d91370b3ffcabbd4acb3071d3f6d52c349acf35095348cebf5a86f8c59ddc965eff610ac425804c0e2f6be42853f5b46434a2c31d9ac99539bfdc04ecf2fefd04598fa63c139ff6c6d88410e73bd328cc4349ab4bb86f2e2ed7c73de96520ef7730ef38345e0f972a84c5388103687e68c50f9d8c9af903bc632d43204062a4f502e214c07059c2cbef72a54110dbf73e425402d17e978ec199b518cec0310bfbf7d9ad300434a4a:baa7113155358c924fed57488a6567f8723850a9f5c03a0d7de85fccd8fb4d17d7753523b00c0d8adb884dc0c8a7a44dc2a60083aa5b3c5b94a8d880f2a94d09c06936323ce3253cac5ab4f6b83270cd4cfe85d0bf8bac1e1b8d5f0b153f541c8e8ed95f28d5c85a2315cd931b7cf3edae50f92830599162804b1363d3ac0da0abd09751023bddc16288944e616d21d91271978bb782d3ebed7fa61284c7490d27593ca8a3d5b475623307010abc1fbf793a816aaab5e0924dec79d60498965cf7f80ab59fc029f782166755b72b869075434ab606cc870a7c0bc8bf29aee033fa9cc122ed7c8e069b547dbae25901b9e249b41fea0bf8daf3826866bcaed2753b5e91ae937e717b508a0acf4c3b061ff0cb9cfd380e2494500951a662fd4928fc5fcaf6c18e84b1d378e49bd9d59686d087ebd552d07fa9ba816fa5402ca9e7252a648d106cfe6c431cc2a053e2294637cdb99d96abe689edabc5ca070f77c1ecd1d52d5385289f17ced768c3971671b9c0b2f855b8461c1e746c7b38f77896b85afbbedd08375fe922984614dd849fe2cb89ae7149dcd1d37f4936e67b1440be72e009398be6f083bf9611480b592fe2f0118e253db5d2e9e4b4541c11da00f7161a736e5f0bb934208e3ef4e0b9a52258203f060d18a195159e5e268aa28053c834f7bd5db9bd71f507d91370b3ffcabbd4acb3071d3f6d52c349acf35095348cebf5a86f8c59ddc965eff610ac425804c0e2f6be42853f5b46434a2c31d9ac99539bfdc04ecf2fefd04598fa63c139ff6c6d88410e73bd328cc4349ab4bb86f2e2ed7c73de96520ef7730ef38345e0f972a84c5388103687e68c50f9d8c9af903bc632d43204062a4f502e214c07059c2cbef72a54110dbf73e425402d17e978ec199b518cec0310bfbf7d9ad300434a4a: +08dabd4e5c119ea907ce45f0a7af9e62c0c3f1c9ec61ad10567d79362854c557945406b85d7b32e0b1ab1200b94222de1aaa68624c60bb4716b0bce9df005771:945406b85d7b32e0b1ab1200b94222de1aaa68624c60bb4716b0bce9df005771:6c4719a5a2a6894835c4ac1ed69159e5ebb5692ad8eaada439f79e96684b36cecfb44b89015631663e0644f6c7ab713989d742da27427253318a52432dfab2121d1e9233ead719e2c86a6be07363d002173f205446ca95fc17b24635827fe315f222408e45e833f29ff08ff31dac583a4bec7076d5cc78cfc94451cbf4f7e2fc5b5ed8070f4ef808be1d8a680ecdff59010f39b1de80bef1719f1e218e0ce0a1e393a566c51764d2370d95a61191d8f7af740dc208fa7831b210670512cd73766e609e9b780021ebb20cc8790d8da5f10f5b6a114a1db88f66766501802d9c366ea3fa6f1b1e1e8b0420943413cc6feab28c6b683cd2b333069c8951bc45e8a13bd522578351c882f7c342fe4331b921f533c92ec04a49b292bc569ddcefcab5727f9b5625b167a902dc896d8bc7d8e99920f5db8dd767839c43e3cdf947080dec954214a6fbbe0487a2f32cd17a6b000370bd414484fb73c510ea0124c6cf0fe56c0846a79bfc59779d3b07a1bd2c7fb7e2d0039f0bd21c8a308fb0f58fdbf94efa0857ac3bdddd86d5763e205ee1b221f060cedb8bc05f031b606cc74dadc5db04232748865a73d6ccddb4d5e930d528348c5be9088bfe34458487a67b19a18eca25c0d3fbe2195eb91707b65d9161ea93eddd64a634b23280195fdb0d1388f6998e1858a45b886999b844e6795d83d31837e4411f71699226de1ba0245608000dcf223dd18359b7c6d459a65dbe66c90f5cb8c09122187a3046a16dd179c3f4373e57cf5ee0eab6a212cc9ed8b54bf37f1d27fbd79848e4ec1f567243ab8740a05149d9602eada920a46d610d3cc823b56498:33adbfcd4ed4fa67c58b5cb59e16987148697812660b3531ff6a21c749b9601660baeee2489b82b4cde132b6e62f2f90d8f9927860aaad25281d03eb17a9520f6c4719a5a2a6894835c4ac1ed69159e5ebb5692ad8eaada439f79e96684b36cecfb44b89015631663e0644f6c7ab713989d742da27427253318a52432dfab2121d1e9233ead719e2c86a6be07363d002173f205446ca95fc17b24635827fe315f222408e45e833f29ff08ff31dac583a4bec7076d5cc78cfc94451cbf4f7e2fc5b5ed8070f4ef808be1d8a680ecdff59010f39b1de80bef1719f1e218e0ce0a1e393a566c51764d2370d95a61191d8f7af740dc208fa7831b210670512cd73766e609e9b780021ebb20cc8790d8da5f10f5b6a114a1db88f66766501802d9c366ea3fa6f1b1e1e8b0420943413cc6feab28c6b683cd2b333069c8951bc45e8a13bd522578351c882f7c342fe4331b921f533c92ec04a49b292bc569ddcefcab5727f9b5625b167a902dc896d8bc7d8e99920f5db8dd767839c43e3cdf947080dec954214a6fbbe0487a2f32cd17a6b000370bd414484fb73c510ea0124c6cf0fe56c0846a79bfc59779d3b07a1bd2c7fb7e2d0039f0bd21c8a308fb0f58fdbf94efa0857ac3bdddd86d5763e205ee1b221f060cedb8bc05f031b606cc74dadc5db04232748865a73d6ccddb4d5e930d528348c5be9088bfe34458487a67b19a18eca25c0d3fbe2195eb91707b65d9161ea93eddd64a634b23280195fdb0d1388f6998e1858a45b886999b844e6795d83d31837e4411f71699226de1ba0245608000dcf223dd18359b7c6d459a65dbe66c90f5cb8c09122187a3046a16dd179c3f4373e57cf5ee0eab6a212cc9ed8b54bf37f1d27fbd79848e4ec1f567243ab8740a05149d9602eada920a46d610d3cc823b56498: +e0f7d00824c5f3701e5517a4abc13e2f2c0b138c836977843bbd1eeffabd968a52fddae3e018a68473b3168d0764cfe274dcc834c90a91fb4fe74b939dd238b1:52fddae3e018a68473b3168d0764cfe274dcc834c90a91fb4fe74b939dd238b1:b39e3ac75a221adcced09a8591ac5e2fe15dfed5b919cbaf14c65eb7cd93086ddee3f7472547e66ddc70062b976297d1a3c170ee525c9c53ba93a4c4fdb23572b7ca6ed13853e70db1d72edeb9944bbc354a520e77ae591f318092efd5e66d9c0981c4a4bda98aa4e59045ff9c4b4ca3acb2ffd893201c70b34a77f24eda54549dc84ad134a35532553815888ae3dd9e241ec4ebbff86f8c1e8adbaac4b91afd18228cbbd5dd805acabf0a1e290ce5dda0251adfb37cb714c139b5a3242d88c64484a37655cc8fcbecffa97fbd14d64d512bf8f6305f89c50922de541692158fb547fd539f1e5877cc649495166332ea2b685cfa3f602019df2ab2c25ed96b68745e9ae89c948da11ad8a830df8b00f2e668192dadf2c5620d35c6e81a2853f841e375a0d9fca2d296efce2ac38d40b030b57560ae6e8341339b3d3c2d061164124319598688fca618fc64c9e8f5f831097a053af19d7dbd61218d926742c2e9a42a79cc1b148912722d8cd5ca793a1ad73b5f141b41809c2fc0530b7630e80390c6b338c71868dacc59bf463ffc489016bf67f9c9d5553c1ede17152813fe0b264b65dca1b2b38e4b809f8c9725ac5b1d8d2e56bec9649fe55c7583ff23b043d6f3768628f1f0516337824a5a56b409520a6a6cb77e4f5fc20b9f6899e00ab22db10d182f09b81e94f3ad568a0b81244df3f1855c6ef222a41a51b62a4649bb82690ab65facac0d81d6fe02601170a8db62cbc5ec9955d7711a1c39656a9f6e1fb6bc183d9bea1503531f17362768bb841f9d21f13a2c991e55dff7f2b336e29eb29507638bdcad7bb31c69e909207ebabcc653ff:ccdfe18ad6d0b65d086d632f83cc46ff3b3f2c07bb8e769d0fb4e82df8a3873f9aee35fdd18a5783603180a95c9f74ced9db5146afcfbbdd40df29e04201200cb39e3ac75a221adcced09a8591ac5e2fe15dfed5b919cbaf14c65eb7cd93086ddee3f7472547e66ddc70062b976297d1a3c170ee525c9c53ba93a4c4fdb23572b7ca6ed13853e70db1d72edeb9944bbc354a520e77ae591f318092efd5e66d9c0981c4a4bda98aa4e59045ff9c4b4ca3acb2ffd893201c70b34a77f24eda54549dc84ad134a35532553815888ae3dd9e241ec4ebbff86f8c1e8adbaac4b91afd18228cbbd5dd805acabf0a1e290ce5dda0251adfb37cb714c139b5a3242d88c64484a37655cc8fcbecffa97fbd14d64d512bf8f6305f89c50922de541692158fb547fd539f1e5877cc649495166332ea2b685cfa3f602019df2ab2c25ed96b68745e9ae89c948da11ad8a830df8b00f2e668192dadf2c5620d35c6e81a2853f841e375a0d9fca2d296efce2ac38d40b030b57560ae6e8341339b3d3c2d061164124319598688fca618fc64c9e8f5f831097a053af19d7dbd61218d926742c2e9a42a79cc1b148912722d8cd5ca793a1ad73b5f141b41809c2fc0530b7630e80390c6b338c71868dacc59bf463ffc489016bf67f9c9d5553c1ede17152813fe0b264b65dca1b2b38e4b809f8c9725ac5b1d8d2e56bec9649fe55c7583ff23b043d6f3768628f1f0516337824a5a56b409520a6a6cb77e4f5fc20b9f6899e00ab22db10d182f09b81e94f3ad568a0b81244df3f1855c6ef222a41a51b62a4649bb82690ab65facac0d81d6fe02601170a8db62cbc5ec9955d7711a1c39656a9f6e1fb6bc183d9bea1503531f17362768bb841f9d21f13a2c991e55dff7f2b336e29eb29507638bdcad7bb31c69e909207ebabcc653ff: +6acd939e422226cc5443d4aabf58c11af650cb40b9648b4da38b927bff9a58db4c0b91756b9e206f7863b155ffc5509bb52477ceacd01ca011435153678646cc:4c0b91756b9e206f7863b155ffc5509bb52477ceacd01ca011435153678646cc:8250d531cf2b66aac2b378d54bc57fd329ad5a414a599255898b3c3b45bf9c0d2c77547566b660eecc76a695a2d608abf11a5f6db3e607fd5a21714b0fad5d814c015ebf48bb73ad75da9c03c4af5489e782b6bf7908a1bd528d7ce788a18ba3528e3537aa7bbf75f6524bbd19a5304ba2a4a3ee58c41fec3132ee6501641215eff746d7800c4d33f52be8357e0ee758041d91cfe43c60c3cedc09b0d46d4cfb9ae2a0239b6f33c6941cff35372670eef5c8859ab65b6e9f7ebce32fa15a9a477aecdc9683a1e33a1edcdc90d420a31e78c153d26020871daa4fff28acc3f11a7206788806b6fa023468ea5a3d186d10f0dd567796663ba37c832fe75aae7dccebf319f93600c46a22f57223812ddd0a68d76baf5e27a9fc8bd68cc10b5b5151d62b41f9348e21b715352f2630b617f813b0c28996285904cf294e9c2856b17ba35f9a82198b8214a035e2896d6568be42392ccef32cd4ebfeebf12be0125206bbe89336d3e762991dfab68fc99dc1649b891383db31fab649e628823f4598cb636a38fe1df73e68d7425fc5d2eb55a0fd1bc9f5ceaabd6dd41f23e4f086c692633dc3c4619a97ab0eada171f84adf20ecc8ecd47c51cca3e59dd809b0aeaa730df94be3bacfd8ee888bba9d570850652cd4d5e6c552a57e9f48a2b06aacdc708d84a376fbc6c94ba6bf64a5f018800a7cc851245aedb20378b329acebb2977c1398082b3a0e5e2a9c2484fa301d3037a8224ddcc095b1dbd8a2315b55bf3318c27810efc3d8e25fa7a8789b73a4f55059080b08abb3699b7b8626cb2a780d97cc1ca8032851baf4ed8b64fc4330865f84ccb12a3dae:79995877ed24c791684f2984bdf9609c3f7b576c57d162ee622d4ce8f36d9c5573169d8801216f1c46ffe2f6e2c09048e47d4beb997e9abc4abb129f9b79690a8250d531cf2b66aac2b378d54bc57fd329ad5a414a599255898b3c3b45bf9c0d2c77547566b660eecc76a695a2d608abf11a5f6db3e607fd5a21714b0fad5d814c015ebf48bb73ad75da9c03c4af5489e782b6bf7908a1bd528d7ce788a18ba3528e3537aa7bbf75f6524bbd19a5304ba2a4a3ee58c41fec3132ee6501641215eff746d7800c4d33f52be8357e0ee758041d91cfe43c60c3cedc09b0d46d4cfb9ae2a0239b6f33c6941cff35372670eef5c8859ab65b6e9f7ebce32fa15a9a477aecdc9683a1e33a1edcdc90d420a31e78c153d26020871daa4fff28acc3f11a7206788806b6fa023468ea5a3d186d10f0dd567796663ba37c832fe75aae7dccebf319f93600c46a22f57223812ddd0a68d76baf5e27a9fc8bd68cc10b5b5151d62b41f9348e21b715352f2630b617f813b0c28996285904cf294e9c2856b17ba35f9a82198b8214a035e2896d6568be42392ccef32cd4ebfeebf12be0125206bbe89336d3e762991dfab68fc99dc1649b891383db31fab649e628823f4598cb636a38fe1df73e68d7425fc5d2eb55a0fd1bc9f5ceaabd6dd41f23e4f086c692633dc3c4619a97ab0eada171f84adf20ecc8ecd47c51cca3e59dd809b0aeaa730df94be3bacfd8ee888bba9d570850652cd4d5e6c552a57e9f48a2b06aacdc708d84a376fbc6c94ba6bf64a5f018800a7cc851245aedb20378b329acebb2977c1398082b3a0e5e2a9c2484fa301d3037a8224ddcc095b1dbd8a2315b55bf3318c27810efc3d8e25fa7a8789b73a4f55059080b08abb3699b7b8626cb2a780d97cc1ca8032851baf4ed8b64fc4330865f84ccb12a3dae: +4deff647cbc45ecaedc3f7ddf22c167af24e3d63da22b0e6a5b8439c0f3b19340c27c9d77ac8c725bb0663933ab30d1aad09cbcf2cd7116c6085a8499f701402:0c27c9d77ac8c725bb0663933ab30d1aad09cbcf2cd7116c6085a8499f701402:d6201ebc21cec1e9bc28f957c9d029cc38f9e85e06dfc90bf297e61f2b73b407d982a66b91e94a24e91d06ab8a5c079d0f69be5788ea8feacebd917291192233862e6acda1e8cf9a48bffb5491dd65af541b6c72af681a81823d98a0abeeb6ba9f95465b8411f99e119cd28479da984259bdf86c9fef3cca34e224691f183cf095037727da9cad29f242f83eb4f736e27fdf67018d711b74c45b2955a6a76ec15330df5bad8030c6b3a88d72f28447652ac8902b5b76cbf6b945ceabfec04a9b8cb30f43d9eb773e6705594f0de1b70f1a20c99fc4b1221f8c81b0bc30da12cd5dea8f4d90f13a811a2cc11a96846aafb4c42a00e9ae7da256a0d22b198afc25cc1041d24e056cf387601d7bf7eb3182d605fe5e63b18d531a5f84e5dbd0184a76c6c467a8263a98b5c005fcb2aaf989f5cbd0a9d903fcfc609d6e57d9c439021cea93e4c4e991f193caf3243770b32578748076b7f4cb97f17c17a79b82253c2423db698cd0a33ab33bb09b0b08cb8ceadca1e29c5de2fc12b2407b6cc5af5ae976dd3ec630d8339b7dd11fa34caac150c7c4791d8c427b0ad92e0529067a88d52011e1e0a18299b969896f8b8360f75c45c496da47b09b450f9822bcbcd43f4293c516802bf747c4abeedfaa3e79cb9103d3770f5607b77516e5b1ce0f64b6eec7bec3c647c006956dc55b6c79f6afb39d1fc3ecf11b974b44aedb72aed1316635083c2124502e5c72d86ecab6ac90243eb39a6aa9cb9480da38e1edb8d28ff90924c05d5d21af5af95957b8020781378711a29d0920acad8ccb39a311693278c9900b470da2bd4c12a01d73962644017b6034713b2a:dd5489fde4ba87d1173d4cee0682afdd4bad80dd770ea7d0dcebaf21acc61dd6324aca295ed0e23a915ecfdad50f175ebc516f1be5b6d87d90bbe38622495302d6201ebc21cec1e9bc28f957c9d029cc38f9e85e06dfc90bf297e61f2b73b407d982a66b91e94a24e91d06ab8a5c079d0f69be5788ea8feacebd917291192233862e6acda1e8cf9a48bffb5491dd65af541b6c72af681a81823d98a0abeeb6ba9f95465b8411f99e119cd28479da984259bdf86c9fef3cca34e224691f183cf095037727da9cad29f242f83eb4f736e27fdf67018d711b74c45b2955a6a76ec15330df5bad8030c6b3a88d72f28447652ac8902b5b76cbf6b945ceabfec04a9b8cb30f43d9eb773e6705594f0de1b70f1a20c99fc4b1221f8c81b0bc30da12cd5dea8f4d90f13a811a2cc11a96846aafb4c42a00e9ae7da256a0d22b198afc25cc1041d24e056cf387601d7bf7eb3182d605fe5e63b18d531a5f84e5dbd0184a76c6c467a8263a98b5c005fcb2aaf989f5cbd0a9d903fcfc609d6e57d9c439021cea93e4c4e991f193caf3243770b32578748076b7f4cb97f17c17a79b82253c2423db698cd0a33ab33bb09b0b08cb8ceadca1e29c5de2fc12b2407b6cc5af5ae976dd3ec630d8339b7dd11fa34caac150c7c4791d8c427b0ad92e0529067a88d52011e1e0a18299b969896f8b8360f75c45c496da47b09b450f9822bcbcd43f4293c516802bf747c4abeedfaa3e79cb9103d3770f5607b77516e5b1ce0f64b6eec7bec3c647c006956dc55b6c79f6afb39d1fc3ecf11b974b44aedb72aed1316635083c2124502e5c72d86ecab6ac90243eb39a6aa9cb9480da38e1edb8d28ff90924c05d5d21af5af95957b8020781378711a29d0920acad8ccb39a311693278c9900b470da2bd4c12a01d73962644017b6034713b2a: +5a19bf6c941f394e93bd3625fb81cd9da81c9020b1c531257a7b5957bb07921120e8699d087ce5e8151d28053dce66c23f28081f35bd26819bbe85d38a09d702:20e8699d087ce5e8151d28053dce66c23f28081f35bd26819bbe85d38a09d702:f721ca3a32c1e81c9c6f46d5e1fb50e7ce2f4e709333ca2b550d5213b6773d670ca59a2b5086a443843ac50813b244c9c9fac6d119698927813512c84fe30a89553010138f91e8176f5cf25789d7281ddb83a246705dccb999c4cd0ae219c645f6d71d451ae1f8d2f9891af8ccce03f438559fb83667b8077fbe435a744af019d6d1399fd2137f5afb8ef3f47bcf735e7c9ed8a54ba0c1c656b6650bb30adb1d57ecd2074639494231a2e9e2f985ed8422ee03cb3fd738c735a1b82806047460ed84f7468c3c64b35db06bc58de4bba463e638a94133df106ac4f470361ccde44157299d225b17798891baf5921986a2bae326dda0b89617c677bd1408ba2748baa67c8a2c5a969bc00cb40dbf490e07e22c913afdde6304a07fc9e60846992456bfb0663a09def68def67a16d29e98c7b55351848a8cf92310c7463c475f249c6f7557fd0d755ca88f877847fe0765756ac34a23f7840d95c3d294e663bb1518b75927c410757e0f5c07c5a7fb215dc7207433ebf791edfcec90e930f8e3ba9dbbb985413c223be87873bd323997581804d8896da386a6e9120050a0eaed31240aa17c7b6694c30cbcc3c6956a6820fc9ab21875533963dc3b0d88358271276c6056528910dd989ae0c330d1798f7d8e7d1184b84a81434325b8c302edf601dc5e6f847fbacbdeeff78c6621d1dafdc239b18b8c1afdcb4b9dabd5d3a92a932ea1599546e625f96d6ec6fb1cccb76b476b330ac59259c634fac9b3fa7de7ae7053773b5befa001b04929f74b71241e1b257696d65a26c1b4ac86b7b1fbd6957fb9b95084ce7d70090f55d44534694305e91769a82941304:2a2fd6054ef4e79b72191a0ccbd2b18aebabe8b9a71861ded98b7cdcb6a6255328bc1aecb0c9335721a9a96ee4b5b43f90d322ecf835f78b264dae6e387bfb04f721ca3a32c1e81c9c6f46d5e1fb50e7ce2f4e709333ca2b550d5213b6773d670ca59a2b5086a443843ac50813b244c9c9fac6d119698927813512c84fe30a89553010138f91e8176f5cf25789d7281ddb83a246705dccb999c4cd0ae219c645f6d71d451ae1f8d2f9891af8ccce03f438559fb83667b8077fbe435a744af019d6d1399fd2137f5afb8ef3f47bcf735e7c9ed8a54ba0c1c656b6650bb30adb1d57ecd2074639494231a2e9e2f985ed8422ee03cb3fd738c735a1b82806047460ed84f7468c3c64b35db06bc58de4bba463e638a94133df106ac4f470361ccde44157299d225b17798891baf5921986a2bae326dda0b89617c677bd1408ba2748baa67c8a2c5a969bc00cb40dbf490e07e22c913afdde6304a07fc9e60846992456bfb0663a09def68def67a16d29e98c7b55351848a8cf92310c7463c475f249c6f7557fd0d755ca88f877847fe0765756ac34a23f7840d95c3d294e663bb1518b75927c410757e0f5c07c5a7fb215dc7207433ebf791edfcec90e930f8e3ba9dbbb985413c223be87873bd323997581804d8896da386a6e9120050a0eaed31240aa17c7b6694c30cbcc3c6956a6820fc9ab21875533963dc3b0d88358271276c6056528910dd989ae0c330d1798f7d8e7d1184b84a81434325b8c302edf601dc5e6f847fbacbdeeff78c6621d1dafdc239b18b8c1afdcb4b9dabd5d3a92a932ea1599546e625f96d6ec6fb1cccb76b476b330ac59259c634fac9b3fa7de7ae7053773b5befa001b04929f74b71241e1b257696d65a26c1b4ac86b7b1fbd6957fb9b95084ce7d70090f55d44534694305e91769a82941304: +b506c01d69746eb4bc6358720e438ad330c88b605aad652f4799573ab0a1aaf97ac8b68863bd69151583789d864a7357e3a045fa86522a9daa6e26fb79ed6d23:7ac8b68863bd69151583789d864a7357e3a045fa86522a9daa6e26fb79ed6d23:f7fc18066ed04b30e633d9865da3214beca60bd796019cd7ecc91866f9ef2446c1fab06d8651be7f101aec7bb84ee21e71ad020215fcfb36f2d11e4579ac39f8e2b1290e3896d522bcf513aaa06771f86ee228cff3a20a1f10c564339589bba9605344c0a6e682ad5ba40d1041941bc46f98b9d09ca17f8f044e983b8a4908933df2263cf78811c24c8f4814354f6f4c68b7ee7b78308293bf78fd0ff122f095c14a73a59797172ae05cfcec19563eb18d2bc5300ed4bf6bdc443ea9b8bc1cbede94cab905eda5a6a931597de402146fac9cf8cd6a8d104669f913fa834001ca4d090fb7949d3109a63c0549b03f151b7117c4f46974ba59c68296edfdde7692ee432acef7610647e0957865e62c1a0cf05659823a55452dd5e471b31c5a49ab05b5aafd5a0e530e896b58cc522ecf19e52ec82fa147f9e385174c7ec33d1d9b86934aeb4f6c5700f7d5eb33ff73c9fc6aa47df51e09229e6ae894e86c818bef065f825971a4cb90adfefb31ebd9d1b79422dc9868f9f74e7a32cd4071efb69b27233e6e5c60dedcd5321c030a46cd26f5602cac747ee4b522d857a3321a03f403a6006250406361e48815afba77ce08903441845ba87225d8b24046745d4065645a1b98410cac48d137cbbb8ab1eba50da9c231e9acf322a6dbec0ef416a446c3b610d93569fdf45aa6cdc1b640d8f301d78693b2826cc6ed468568ad9a0f94aa9b9fb92f7e78d484fdf5d8d45c991e28074dcdd680d3b1f189ef6bdc320ee6e64dd1f80d9264d83042d2c43d83581ef0394b1b5d1f69f3bbbf04b7c808ba34c1580f16f76537b6a7ebd0a1908be9494d3fcaa9871db15750:17a19d2691b7b046d7b19669ad73140db92f0c978c7f61bc3867d92ca9d47580a0380b5901bad82af45f676f74287301980f71871a42261dbe0802950336e60bf7fc18066ed04b30e633d9865da3214beca60bd796019cd7ecc91866f9ef2446c1fab06d8651be7f101aec7bb84ee21e71ad020215fcfb36f2d11e4579ac39f8e2b1290e3896d522bcf513aaa06771f86ee228cff3a20a1f10c564339589bba9605344c0a6e682ad5ba40d1041941bc46f98b9d09ca17f8f044e983b8a4908933df2263cf78811c24c8f4814354f6f4c68b7ee7b78308293bf78fd0ff122f095c14a73a59797172ae05cfcec19563eb18d2bc5300ed4bf6bdc443ea9b8bc1cbede94cab905eda5a6a931597de402146fac9cf8cd6a8d104669f913fa834001ca4d090fb7949d3109a63c0549b03f151b7117c4f46974ba59c68296edfdde7692ee432acef7610647e0957865e62c1a0cf05659823a55452dd5e471b31c5a49ab05b5aafd5a0e530e896b58cc522ecf19e52ec82fa147f9e385174c7ec33d1d9b86934aeb4f6c5700f7d5eb33ff73c9fc6aa47df51e09229e6ae894e86c818bef065f825971a4cb90adfefb31ebd9d1b79422dc9868f9f74e7a32cd4071efb69b27233e6e5c60dedcd5321c030a46cd26f5602cac747ee4b522d857a3321a03f403a6006250406361e48815afba77ce08903441845ba87225d8b24046745d4065645a1b98410cac48d137cbbb8ab1eba50da9c231e9acf322a6dbec0ef416a446c3b610d93569fdf45aa6cdc1b640d8f301d78693b2826cc6ed468568ad9a0f94aa9b9fb92f7e78d484fdf5d8d45c991e28074dcdd680d3b1f189ef6bdc320ee6e64dd1f80d9264d83042d2c43d83581ef0394b1b5d1f69f3bbbf04b7c808ba34c1580f16f76537b6a7ebd0a1908be9494d3fcaa9871db15750: +e1ccb80a262ff8af1eda075c972c8e941e77cef57bdb0a82572c28200b493ca33d37e2a5027effdee07fa511e423b2bc56edcea075b41649766725c6b30a10f4:3d37e2a5027effdee07fa511e423b2bc56edcea075b41649766725c6b30a10f4:cfdc5497b023afa62a7fe592caa92b875c7705747834002f7784ff166189398815d4e8a7a0038e1fdadddeba51057327ad1960e859cee56526bbb4127b6a5f90d04d08b15eee66c9ccf88b4b7d1ee9d3b8b8c6f42db3c34e59048a15c6041f142c4079368b7b11e29970118b99e5670ae31fccfdff1399142ee06b2e3e2b3c9707dd64119786e2fab47e0bad2cc8b558d963bb48a49ad2c637dd35b25db54bc5a2630222fa2acece9ce12ab0813077f7659f5074429ca6b494331032ae792a599c425ee297451dcf5ee195290312742e647a7795b84dcc664ddae2a1fbf8c4548a37fd82d810e2145f01df1a6d3bcc42a91a10768e091f3d69329a7bad6c072cac6d89afa31c029056d6b62212165cebcd49ac672e3830267af9f28ea319bd042f6c59de4701e58248736c8d976acf93b99d2f4647a547d392447a48dac11181e16b1501a94c9316e5a67c990b35810b4cda0473a6a4e57614215868e2e002c6058b42e4eeec84139dc19edf5f80aeeffa4f5b07e8fd23139edda31899ebe6fee78643ce686b2963a32072bd3b3bba68485a05c2cc0456c3da50c7c8c651a3066d13a3660bd47ab6dfec49e01557a6742896aa4bc6363a797dbad1a409cd4a50911e70ea007af8e9b1bb7e3ab56215a575c90f739c2d48b3b34694b5acdf07980ae528de0621edfac8b8fa84954d56dbb4d03082b984f13e5dbe9c7112ff9716f55053064662ce0fb81ea35f98fd2cd51137a46f64e0c1caf44e5407dc961760b2597f7f9200617d471340cf15176c3da880fe4e0e93a72fb94926faed865dfdc772e185292c1e36b1211781c3e938e3d4f24e29af517a379683:fda34b652b79746f897e222d37b77aa250d02c527c4833df80ea41d52189d50700e128b78ee8149c9b19f3abf755acef5348f5fbaf1ceb41c038906ac5946001cfdc5497b023afa62a7fe592caa92b875c7705747834002f7784ff166189398815d4e8a7a0038e1fdadddeba51057327ad1960e859cee56526bbb4127b6a5f90d04d08b15eee66c9ccf88b4b7d1ee9d3b8b8c6f42db3c34e59048a15c6041f142c4079368b7b11e29970118b99e5670ae31fccfdff1399142ee06b2e3e2b3c9707dd64119786e2fab47e0bad2cc8b558d963bb48a49ad2c637dd35b25db54bc5a2630222fa2acece9ce12ab0813077f7659f5074429ca6b494331032ae792a599c425ee297451dcf5ee195290312742e647a7795b84dcc664ddae2a1fbf8c4548a37fd82d810e2145f01df1a6d3bcc42a91a10768e091f3d69329a7bad6c072cac6d89afa31c029056d6b62212165cebcd49ac672e3830267af9f28ea319bd042f6c59de4701e58248736c8d976acf93b99d2f4647a547d392447a48dac11181e16b1501a94c9316e5a67c990b35810b4cda0473a6a4e57614215868e2e002c6058b42e4eeec84139dc19edf5f80aeeffa4f5b07e8fd23139edda31899ebe6fee78643ce686b2963a32072bd3b3bba68485a05c2cc0456c3da50c7c8c651a3066d13a3660bd47ab6dfec49e01557a6742896aa4bc6363a797dbad1a409cd4a50911e70ea007af8e9b1bb7e3ab56215a575c90f739c2d48b3b34694b5acdf07980ae528de0621edfac8b8fa84954d56dbb4d03082b984f13e5dbe9c7112ff9716f55053064662ce0fb81ea35f98fd2cd51137a46f64e0c1caf44e5407dc961760b2597f7f9200617d471340cf15176c3da880fe4e0e93a72fb94926faed865dfdc772e185292c1e36b1211781c3e938e3d4f24e29af517a379683: +4fc512efd86e3a63b395eaff1ba011e1590fb9326ad3ffede7876dcc3e9fabdc26c2a22f9bfad90606dc613ff107021fcddbec7237066660b488964349e0c828:26c2a22f9bfad90606dc613ff107021fcddbec7237066660b488964349e0c828:07cd1e9bfa38a7d8853465a93c77ab4f30faf914e48bc4763ba07bf96ba808c1f59ad4ce9b7d921fbbc779659d7ca36edb7dd3acf7a29452a845b49fb6543a3b6c5c1c293aff618485a10eea60ee9649ac9d481e6949967d3938b52fe09c36b9ade07581db4eb542a97f5ac8ac73d3eea184722556760cf483090564553061b90a0b6d2dff4707be763937a10594a82b766bb2cf6daa52fa8d7b48f32127c431ad9aaed3bfdeb99ad42118a1b4de7b992134ed9cdad0b5296d197a485e493ecfeca3653ad2ce0f9241aabc096d7c4ba603ba7ddd07a8b257fe523276417073a65fa4434256fd1f239ec1de5da1a0a8c5e686ee14d9dfa438c53b99c954afab2f79e60b7126f2cb58a26e290da1dccfc301f239748ede7bcf1bb7ccb4720e692f57e53e6f59075399e1080ac8aa9a61a568c4c569d36e76a2d7271f2c44de4e363a8c916a4e446b027b64392e90ceabf6b6071bc47a1379b6aa6344763b2a0e7ff7c4a27bff3106721c253e4c1d67c37fa3d7c1ecd055b8e929d52a8e45ed89fb180f74b552fe06f066c7e4318ca2f915946e8320d5806561472fb8ff7fa8072d8e6fd1ce63cf87382f7b9404540c1d406c70b226853677092645ce996922e7345dc07fb7339f9a54ff07352dd2b993063c2c83d1281a4fd178e5a5f80a5b33c229d0578367d44192e9a4d21e9734d3bda083b70f47103fd125177021df3e53d79986efea2dc04f02c0ac278788319ef3a9132e6232ea6db39ca5870855f9592fff6c209ad2f1c29dd168552898979ecff8c81127248f8310515300656129d9b7acbb7ed1e46bc98c04d1a35b18913738e9dde4d2b065f4184242d8:82c824a7d1139ec73ae1d023adf62811441e968287f1a580b859cd66cb33b58e409bdeb2a874bf4c23610bd44f693147f2f7c29d443a905084f3eaafd9330e0407cd1e9bfa38a7d8853465a93c77ab4f30faf914e48bc4763ba07bf96ba808c1f59ad4ce9b7d921fbbc779659d7ca36edb7dd3acf7a29452a845b49fb6543a3b6c5c1c293aff618485a10eea60ee9649ac9d481e6949967d3938b52fe09c36b9ade07581db4eb542a97f5ac8ac73d3eea184722556760cf483090564553061b90a0b6d2dff4707be763937a10594a82b766bb2cf6daa52fa8d7b48f32127c431ad9aaed3bfdeb99ad42118a1b4de7b992134ed9cdad0b5296d197a485e493ecfeca3653ad2ce0f9241aabc096d7c4ba603ba7ddd07a8b257fe523276417073a65fa4434256fd1f239ec1de5da1a0a8c5e686ee14d9dfa438c53b99c954afab2f79e60b7126f2cb58a26e290da1dccfc301f239748ede7bcf1bb7ccb4720e692f57e53e6f59075399e1080ac8aa9a61a568c4c569d36e76a2d7271f2c44de4e363a8c916a4e446b027b64392e90ceabf6b6071bc47a1379b6aa6344763b2a0e7ff7c4a27bff3106721c253e4c1d67c37fa3d7c1ecd055b8e929d52a8e45ed89fb180f74b552fe06f066c7e4318ca2f915946e8320d5806561472fb8ff7fa8072d8e6fd1ce63cf87382f7b9404540c1d406c70b226853677092645ce996922e7345dc07fb7339f9a54ff07352dd2b993063c2c83d1281a4fd178e5a5f80a5b33c229d0578367d44192e9a4d21e9734d3bda083b70f47103fd125177021df3e53d79986efea2dc04f02c0ac278788319ef3a9132e6232ea6db39ca5870855f9592fff6c209ad2f1c29dd168552898979ecff8c81127248f8310515300656129d9b7acbb7ed1e46bc98c04d1a35b18913738e9dde4d2b065f4184242d8: +0b7dfad05ba665111e1681bdc0bc8ba973767cb85877020a2dbf918325571d9f9505d9e86dcef56c9db76f2862b90e1f2773202f1750405e7ee5aed0fc54f8b9:9505d9e86dcef56c9db76f2862b90e1f2773202f1750405e7ee5aed0fc54f8b9:c43fd34bb1424cca4e4dfba75c28be801844446ca089020885c748382547164a9d4a7f9570d3d171ad6981ab50eeee08a4a6c66d7699d23edbe1faaf44660c72f4552d87d265ace8792823474b90a5d7f7401deb9377627f60b036b36e044eb76bf132fddfcc0ef5704a633d845e962b47517f0baa34d3d6e9a8b9f8168bcdc84c6d2b30c6f343e75357f7f2c0039bd254b244d36cd61675581fb834570ed4113a78e606f145a111992c2c6b61c4267628ec87cd88c36a3c84706e44ae96a96e0c8480318546d6ea6a6df18a2b4f19f8360cfbce4e9d1cf1011ffea5633a66619aa4a65cf69be4459617945e4359a9d43260ca1a20f4ed7c1ae5ffff3bd92294ea70abbae0385b0935cd1c0eb5183029c585a0294b7999e32ef7a290fcb095675dc4f601e8f2c96f35b7349a37057509f4ec70c9f50f6011f1f5e6b061c091d11c0ed5dec8ece881aa340508f696d9e9cc7298e6bccd7c210e2ce0ded83592a3cfa13e8078fdb3258b39f1d11cdfe09670c1e60a3910a4fff51c6c7f7d6624f4c93df8888c526f484f9b13e0a7f62964783978684e292679800ed5eb280e287c7e639e85faa53fba2fa2045ce27d8fb308360726550df9752db305f8f06647970d014691999afa97b6193ffcc6d532f4fa69e133a1d10f3047fc00381f4997bb84e5b6cd6028c62132cfc024bfeb980301f29512bbd109d089ace182cf9c2ffab1b17eb00b6eb46ae198da993f5efe7c1dc22d25047c1ee5246517e7f5758f996abd83f13da22c13dd205ee191b55afd4831ef078bb6ea073a625bc97c81296160bbf2559b275cc37ccf01b91fd87d4d99a367aa9978dadd0689f8a6:415adbb2f2b9840577fd1841f9aae252afe8f5a72236017d50db22d228cdee9f5b3e8fe9a17a4d4e98b7341381e8d8625cdcea956d253b74e02dacb84920a009c43fd34bb1424cca4e4dfba75c28be801844446ca089020885c748382547164a9d4a7f9570d3d171ad6981ab50eeee08a4a6c66d7699d23edbe1faaf44660c72f4552d87d265ace8792823474b90a5d7f7401deb9377627f60b036b36e044eb76bf132fddfcc0ef5704a633d845e962b47517f0baa34d3d6e9a8b9f8168bcdc84c6d2b30c6f343e75357f7f2c0039bd254b244d36cd61675581fb834570ed4113a78e606f145a111992c2c6b61c4267628ec87cd88c36a3c84706e44ae96a96e0c8480318546d6ea6a6df18a2b4f19f8360cfbce4e9d1cf1011ffea5633a66619aa4a65cf69be4459617945e4359a9d43260ca1a20f4ed7c1ae5ffff3bd92294ea70abbae0385b0935cd1c0eb5183029c585a0294b7999e32ef7a290fcb095675dc4f601e8f2c96f35b7349a37057509f4ec70c9f50f6011f1f5e6b061c091d11c0ed5dec8ece881aa340508f696d9e9cc7298e6bccd7c210e2ce0ded83592a3cfa13e8078fdb3258b39f1d11cdfe09670c1e60a3910a4fff51c6c7f7d6624f4c93df8888c526f484f9b13e0a7f62964783978684e292679800ed5eb280e287c7e639e85faa53fba2fa2045ce27d8fb308360726550df9752db305f8f06647970d014691999afa97b6193ffcc6d532f4fa69e133a1d10f3047fc00381f4997bb84e5b6cd6028c62132cfc024bfeb980301f29512bbd109d089ace182cf9c2ffab1b17eb00b6eb46ae198da993f5efe7c1dc22d25047c1ee5246517e7f5758f996abd83f13da22c13dd205ee191b55afd4831ef078bb6ea073a625bc97c81296160bbf2559b275cc37ccf01b91fd87d4d99a367aa9978dadd0689f8a6: +78188df8c754785621e27ae58e100d5080e16e0a15e277051f95f080900ec0d3a1bdeee98b0757ba9c2d8409b87424e64e42f9932acfa9bc71fb3f8ca0e11d52:a1bdeee98b0757ba9c2d8409b87424e64e42f9932acfa9bc71fb3f8ca0e11d52:cf70cca57feb1beefe985ad5af9d4348d3a46a63de1075381fb3639a044fd6e6091f5db9c94d39be0f13ade6d9a074e67ba706b3a8806295f6b654865728c58ca6e9419d5d043f2110814bbf36fc4070e4d9454965c251202ca395efe3fdbd544feb187e34ca3c80795179552fce9aa804430e5b6c8685341e91d5889fbf3f981904620ffe7013f53b939e17443d614e7e6bb57ad674f3b4b001630526cf7302a7d0afe7dc24d6dadef6feba3f96973aa5b8d6275262e430a82f678696971a8b60e38d3b2bcc170d5bc20302a39c596d27fee39e5da5b10ea9f382299e19819717a718d37d155f13923182b5b7a1c54ca109b22ca8e8b26ca5ca3f3b9062219461bace97e890c94e41ca3d84587fbdf6e240c35ccab71d58477d28168e93372686d42aad324a3f16afe0e9b89ee20e485fe6c864b5013ba88399eeaa159835a8b2bb2f25f579ca3bae675c63da1b50d99d4ed978692e5600233f38ab7e7a5ae0fbf8c0b69cc38bd30eabd977efa05ee2c83514302bd40c4bdce7a4110afbb6579c620e97f8cf2e9bab2dcc7c33f196e57fe761a050122894b7a75a929531996ddaad78de1d4d924cd93a61df227776bc1c39fbb8de1c4438868b6a3a2cd94c07b29e3f6b23cc7e0b63689009d9d0bae1606bafc7a808f2d2fa2562b8dc093842c01fdb840da4860aced3fc525ca334edcf65948bc416f98c450f0012a6107dd7f8ede40e1c48c9e8a565a810b9cfd20356db19f1dbde598921332e0d813f0cb87684370388772ff3cbfcbfa299c198c97bfb9617768a05161f4169ff5de5d9f40062090fb882984d9d5c7aa78eddcb9634e466b8853d512b4a546d7423:b94114eda46ccfc22a4471a64d790892e59c5d505618eb0e701392c709613e2d503a5c2b66601e636a3c1c7d49b1ac798d9089b0f9ccd0579bb90634d0bd750ecf70cca57feb1beefe985ad5af9d4348d3a46a63de1075381fb3639a044fd6e6091f5db9c94d39be0f13ade6d9a074e67ba706b3a8806295f6b654865728c58ca6e9419d5d043f2110814bbf36fc4070e4d9454965c251202ca395efe3fdbd544feb187e34ca3c80795179552fce9aa804430e5b6c8685341e91d5889fbf3f981904620ffe7013f53b939e17443d614e7e6bb57ad674f3b4b001630526cf7302a7d0afe7dc24d6dadef6feba3f96973aa5b8d6275262e430a82f678696971a8b60e38d3b2bcc170d5bc20302a39c596d27fee39e5da5b10ea9f382299e19819717a718d37d155f13923182b5b7a1c54ca109b22ca8e8b26ca5ca3f3b9062219461bace97e890c94e41ca3d84587fbdf6e240c35ccab71d58477d28168e93372686d42aad324a3f16afe0e9b89ee20e485fe6c864b5013ba88399eeaa159835a8b2bb2f25f579ca3bae675c63da1b50d99d4ed978692e5600233f38ab7e7a5ae0fbf8c0b69cc38bd30eabd977efa05ee2c83514302bd40c4bdce7a4110afbb6579c620e97f8cf2e9bab2dcc7c33f196e57fe761a050122894b7a75a929531996ddaad78de1d4d924cd93a61df227776bc1c39fbb8de1c4438868b6a3a2cd94c07b29e3f6b23cc7e0b63689009d9d0bae1606bafc7a808f2d2fa2562b8dc093842c01fdb840da4860aced3fc525ca334edcf65948bc416f98c450f0012a6107dd7f8ede40e1c48c9e8a565a810b9cfd20356db19f1dbde598921332e0d813f0cb87684370388772ff3cbfcbfa299c198c97bfb9617768a05161f4169ff5de5d9f40062090fb882984d9d5c7aa78eddcb9634e466b8853d512b4a546d7423: +73cb02b0bf26a015da1dc301fc125d7e6c30b63c9e6eee9e065d4e847132c325ac9e3dd2ceb9b23e748c04ba7577fedf7ceab9ed87dc430b5fe22eac50950e0d:ac9e3dd2ceb9b23e748c04ba7577fedf7ceab9ed87dc430b5fe22eac50950e0d:0a2b61ba35e96e5819b88bfdb28b7ce02e64ae9cf572b21f13552c0db10f3960d44ba3472f43abc4e6295bdf790bd933ba3975fd4465fa3e2fe2db02b6377752223dec98fcb2404f3aba43265a6fa7976b6c6cb6868b881bd6f3d25cd9d6f70e512f8089c8ef26fd58245053779e59c4725aefa26467c9f500e17f3e1573f1a855e9b8b21925ea0527f3ce8d88fb54a47abeed14f399cc2d9f1fe54665fae0a8f0c68872a600046d1dc36397d310ce393fceafe87c17ebe122fdb543aea71085baec98273f41ac96698c150cf911d0e5de2392d84841d01276aefbfe9995e10a6d46efdc2678d456c9f36b2e10114d1187e7aca739037ea51f85fd62a29429ba529cdd8ad91347497487ed7e8709d4776ef68670792d0615bc96da5178d606db63e4e5cb172acfbc1cbe20269350f1b605f35dcd479135bd30fb4b5a39176cff744ddbb306c9e7b4167de0379a6166be5aaa74d7157fac957d88dc57597cfef23eb5108b3ce53fc632dad1b972a29da5de32d20d8ecede67ff00da4a08a0cc1a98bee7a94e3cb32fee94ae25a413544702c37b3e1778a070cdd4840bd39f5f45795192a867863876ed0d130d46e2913935082809f7e15a496710f255d783da3d016a654c15ff5df907a3ccaf37cfe11c8c3d496507d6760c053820f0f594c3d01ca269178aca525ab2821ef55f92d85fe685ea34472ed1398171064d74a422ec91d1a670618fc9f32424bcb11a77f6fb4e2fefd2c4e8a73c452886e931664d1a83bd927329c04d250b83521d7dc13c91cee1ec050e11d42a4b0c8c069b61c4422d3a49c07eff2905b7bc7f4a5b43e6b0d61dfb50e4eea2e90d298a781d05:1a5dd4c891c8e132570187c23b9a1e4b26f05460e875673819396df561c8af0e48333b62c77729d49fc40e174a7f3c21f85ef4d339ceb80bd2e037d803af560e0a2b61ba35e96e5819b88bfdb28b7ce02e64ae9cf572b21f13552c0db10f3960d44ba3472f43abc4e6295bdf790bd933ba3975fd4465fa3e2fe2db02b6377752223dec98fcb2404f3aba43265a6fa7976b6c6cb6868b881bd6f3d25cd9d6f70e512f8089c8ef26fd58245053779e59c4725aefa26467c9f500e17f3e1573f1a855e9b8b21925ea0527f3ce8d88fb54a47abeed14f399cc2d9f1fe54665fae0a8f0c68872a600046d1dc36397d310ce393fceafe87c17ebe122fdb543aea71085baec98273f41ac96698c150cf911d0e5de2392d84841d01276aefbfe9995e10a6d46efdc2678d456c9f36b2e10114d1187e7aca739037ea51f85fd62a29429ba529cdd8ad91347497487ed7e8709d4776ef68670792d0615bc96da5178d606db63e4e5cb172acfbc1cbe20269350f1b605f35dcd479135bd30fb4b5a39176cff744ddbb306c9e7b4167de0379a6166be5aaa74d7157fac957d88dc57597cfef23eb5108b3ce53fc632dad1b972a29da5de32d20d8ecede67ff00da4a08a0cc1a98bee7a94e3cb32fee94ae25a413544702c37b3e1778a070cdd4840bd39f5f45795192a867863876ed0d130d46e2913935082809f7e15a496710f255d783da3d016a654c15ff5df907a3ccaf37cfe11c8c3d496507d6760c053820f0f594c3d01ca269178aca525ab2821ef55f92d85fe685ea34472ed1398171064d74a422ec91d1a670618fc9f32424bcb11a77f6fb4e2fefd2c4e8a73c452886e931664d1a83bd927329c04d250b83521d7dc13c91cee1ec050e11d42a4b0c8c069b61c4422d3a49c07eff2905b7bc7f4a5b43e6b0d61dfb50e4eea2e90d298a781d05: +db05606356bacf23aff6cddd42b2c694352b5a0fec560aff54d9bd9710efe06a32a5c7cc4909786b48a53f31093f549a9f1730ca6690383fdb5f14c2666e3132:32a5c7cc4909786b48a53f31093f549a9f1730ca6690383fdb5f14c2666e3132:1bc9c2833f37cdf1356fad166768642717701b38a0ab0c2f581a26d222d65ccee4bf0f6dfe64d33bc0239f71d4b82644b01625a1a35fe798676239e0ca779ef23138eebe3bd19de2d8f7c15b4d96f13e51bc633bea5d61225bca1d6339ba53e81f7d8d24c5d60f04ce8c726761d264584f1c7e5b5b6992456c1c76892d6352111e3b926fe025c0009db67ce0ddc7f764e0c9adb0481bc2795484d96373a962a7b74a5596f527a73476498c7823dffa6c8543b07971b5aa271c12255e0918dd73f50c30c9a85ac7c2993dd655da59431263f5914be706374be9c07585c2871328b4dbc39401c95707387e6e069d44b9d8fb058f22e315aa0d5b4f1168fc107962b064f7d845af8e2131951d1cd66dc84dba46d200af4f4c5f51221bc9b2196942f8b40e7ddbc9aeb3d9afc071259513135a016f2866099fa10f4c3b73500bd55c477b2415e10a279ba110d294f3dd1842177d0b4bfb1734dd0ccb7e394b43d16f0b7548362280f434764da57f19ed3e302e5370fba49664c230057433cc647eb27cd2c7c18c7d66906f088246c22f7f790399deb4c5fbb906181769bef5afbe8ad1f5de55be588f52f69c54d4ef5a969a0d995c27407b23edd9243d2499fdf29473b1955c84b3f7cbdcd81b7656ec0be9e0fdb3381356960fd0ca70e7ea74b646fcd313948e6ddb47609476fb6fa4842fa788a0d57be3b0a6ca1819f71614760043ec4904881939968a43b5d1928f84a5919093bc3841588171a9cd390f8fcd61538b54e6ef99770573e1986d150fa96b7a07e1d194af1c0b405500acb3d10e3be647c89862006fa78583e76166842920160eb57f0b2a6edf193c44c5eeacf4:53099b766adf2944b6821374842c25d6e67b0ccde9c637fecb11b8b8b07203e3075732805f4f14aeae73bd62e308b5887d689e29cd89b23a476943110717b1001bc9c2833f37cdf1356fad166768642717701b38a0ab0c2f581a26d222d65ccee4bf0f6dfe64d33bc0239f71d4b82644b01625a1a35fe798676239e0ca779ef23138eebe3bd19de2d8f7c15b4d96f13e51bc633bea5d61225bca1d6339ba53e81f7d8d24c5d60f04ce8c726761d264584f1c7e5b5b6992456c1c76892d6352111e3b926fe025c0009db67ce0ddc7f764e0c9adb0481bc2795484d96373a962a7b74a5596f527a73476498c7823dffa6c8543b07971b5aa271c12255e0918dd73f50c30c9a85ac7c2993dd655da59431263f5914be706374be9c07585c2871328b4dbc39401c95707387e6e069d44b9d8fb058f22e315aa0d5b4f1168fc107962b064f7d845af8e2131951d1cd66dc84dba46d200af4f4c5f51221bc9b2196942f8b40e7ddbc9aeb3d9afc071259513135a016f2866099fa10f4c3b73500bd55c477b2415e10a279ba110d294f3dd1842177d0b4bfb1734dd0ccb7e394b43d16f0b7548362280f434764da57f19ed3e302e5370fba49664c230057433cc647eb27cd2c7c18c7d66906f088246c22f7f790399deb4c5fbb906181769bef5afbe8ad1f5de55be588f52f69c54d4ef5a969a0d995c27407b23edd9243d2499fdf29473b1955c84b3f7cbdcd81b7656ec0be9e0fdb3381356960fd0ca70e7ea74b646fcd313948e6ddb47609476fb6fa4842fa788a0d57be3b0a6ca1819f71614760043ec4904881939968a43b5d1928f84a5919093bc3841588171a9cd390f8fcd61538b54e6ef99770573e1986d150fa96b7a07e1d194af1c0b405500acb3d10e3be647c89862006fa78583e76166842920160eb57f0b2a6edf193c44c5eeacf4: +1d139b1ad0c3af1d5b8be31a4ecb878ec667736f7d4fa8363a9809b6d1dabfe32428cf1deb20fbad1fdc665d825b614122df101fbe1473a79996baf6967434b8:2428cf1deb20fbad1fdc665d825b614122df101fbe1473a79996baf6967434b8:8df2d2df9b984da84433486a813c98c5973a696c11624610b23aa438083464f65a76796615b728c2ed4e60715855afc239450d5bc0911ff2a85230205c6f1349ba5bd87ea6f720db6ba70b77421788e0c654aebc23074c5f41d2290772140d981a6bc4fe709a268e64172a026b270118b4db51ab6a13c99b063186d8d5b338e977eddc6bb5fd7dd57d9845a3c3fe76177d5738dca16a8f9102857500174f23ff4c3bf3c8536f11580ef8514a409f5bbc9c0296f12e3478d4087f95efaa6c636071d21157bf11774bbfe7693306ca7213da4713ebaaab3554edf08011a5ff73da120375aed19628670f28ab24b6f5d5a1d570480f65d3c152bff1b47bf0666929cb7c99d9033faae8534fc35da730b811ebcc25ae10a195aab12c326aa45bf805c62dd4cd5f868623c04a8e1c6aa72f1ea4400c60867dff622f316434f1ec89503c6f9f65c137b4944cbcb35f086c74cceafa2242acca6ffe611c4b5587f5b75ffad349f00bf96e4a580a875b92654069b62eeac0bf78e5aedd71869ee05b9a94e1c98e35a97800a4a21220b039cd5ebbb756d40b4042e2c84a2ae98182511dae8ed3b89f4fa00fb8ed946316459710052ad4c02f63df05d3bb1ace33672151bdf5dab46c7b583db373899d4f035b6c111258b4e5a9e707a11d215e44e68ef1a6f053809aa51bd902e13ca99c1b1cecc83b9c235c710e797d2b1a249b2ea079b5c1674ed7169f1b6e67f1ac77f86b743298969335a772440f7fbfa72513500d84166114a8fd54139464d42b995530d32370b69bffc7589d6dcc97e0bf17856cc3bf4164dbeccc8a881d414d6a62029276c5f8137c0b3c68bc8f4bd4e7cff65ef2:dd645e51edab04db31e33172cf27aceeedcc0463a963914a0eac8efd5a34341f6bbc52e042baaf3b40c89a57efb64574e69677fce955246c1fc0f269ef8190008df2d2df9b984da84433486a813c98c5973a696c11624610b23aa438083464f65a76796615b728c2ed4e60715855afc239450d5bc0911ff2a85230205c6f1349ba5bd87ea6f720db6ba70b77421788e0c654aebc23074c5f41d2290772140d981a6bc4fe709a268e64172a026b270118b4db51ab6a13c99b063186d8d5b338e977eddc6bb5fd7dd57d9845a3c3fe76177d5738dca16a8f9102857500174f23ff4c3bf3c8536f11580ef8514a409f5bbc9c0296f12e3478d4087f95efaa6c636071d21157bf11774bbfe7693306ca7213da4713ebaaab3554edf08011a5ff73da120375aed19628670f28ab24b6f5d5a1d570480f65d3c152bff1b47bf0666929cb7c99d9033faae8534fc35da730b811ebcc25ae10a195aab12c326aa45bf805c62dd4cd5f868623c04a8e1c6aa72f1ea4400c60867dff622f316434f1ec89503c6f9f65c137b4944cbcb35f086c74cceafa2242acca6ffe611c4b5587f5b75ffad349f00bf96e4a580a875b92654069b62eeac0bf78e5aedd71869ee05b9a94e1c98e35a97800a4a21220b039cd5ebbb756d40b4042e2c84a2ae98182511dae8ed3b89f4fa00fb8ed946316459710052ad4c02f63df05d3bb1ace33672151bdf5dab46c7b583db373899d4f035b6c111258b4e5a9e707a11d215e44e68ef1a6f053809aa51bd902e13ca99c1b1cecc83b9c235c710e797d2b1a249b2ea079b5c1674ed7169f1b6e67f1ac77f86b743298969335a772440f7fbfa72513500d84166114a8fd54139464d42b995530d32370b69bffc7589d6dcc97e0bf17856cc3bf4164dbeccc8a881d414d6a62029276c5f8137c0b3c68bc8f4bd4e7cff65ef2: +4d22e331e0cf6f6a272db4d20687ffb059f1225d81e41123b8c89b074de76a3bb1e4cfaeadd67b12d7b9dbfc0f88edd0373f9a88c7fa33fb7f2b1e475eccb61b:b1e4cfaeadd67b12d7b9dbfc0f88edd0373f9a88c7fa33fb7f2b1e475eccb61b:9c8e3f5b4d704030e1ba71f02efc4b87d6fffb55bc3d8d03818f915624fcf701c54adfafa2b694b87751cb9f69918c0f050f4c105d5ccb40100b28dfd4f411d591c12019176ac2016bfbfdf0ddf11db8a7e39aa7b9e216f667c0a15fb977eaa9ba3bc455cc58945f3e944b8ac2fbf4d24fe7e1e619cdbeee3e5e12a9a527d28f5fd7cfd9220f1308d897b6d4314a5a0187864a2d621cf1b2844261247bf520bafa9bf226e115681ecd77427980cd12b08c359cecd1de3f5545f807f81ed76302ffd6477f89b958cdf12954cf70c142532993831647eacab0b4807bfdadb4389d7dff2c4ef0ef5a5c61d0df762e2e9080a7181cecd06a53199f0dfef702627adecf5fcd9b3e68c72333161727f871c7d1c43051ff1c921fd53b642238b97880d64e25fac512ab954bedbca540f5b20091ec72e67f88770afc32f2125ca0da4fe87b56aac9177f1f4f67c851725c5e8afe64f664799833fd79100b77ead25838879fff4747aa0d5672ec0a94348134bdbd4bb39b0c67a0cd30602edf4fec6f7af0cc2bdae126cea842dfaa4391dc5ddea938e1792168240c2d8b25352f9f3a644235ce36fefeb6992ad88e287ad2d85bd850396fc2e517a15209f5920ac98c532b1f4d869beb08bb03cf7c91af3ffced68d5fbfef86ff94ece6e2ead3484ce080db17bbe40f1db432ec1650ed24fdd250f3345745c9b7b9198c9109a37261fc5ecbbb12f83a0e1220a1867d45fddfea81dcf75f4ec7fdb5250e57754d6dea270b628a79530ec28b619bca9493e6305cfc4414c1c1de3389e890197c85f28404f3fa96a1e2fd9206b472e8a0a0d32af55606bb083f76a19b8eae3479ae51d98a99a62:c366b802f682fcd70525264fb1a3cbcd0ee35ecff5977c2a554da939229f17819a961ea74c3d7a7881ac5c1fa16bf984d9456a1388d3463c4494429b1dc454029c8e3f5b4d704030e1ba71f02efc4b87d6fffb55bc3d8d03818f915624fcf701c54adfafa2b694b87751cb9f69918c0f050f4c105d5ccb40100b28dfd4f411d591c12019176ac2016bfbfdf0ddf11db8a7e39aa7b9e216f667c0a15fb977eaa9ba3bc455cc58945f3e944b8ac2fbf4d24fe7e1e619cdbeee3e5e12a9a527d28f5fd7cfd9220f1308d897b6d4314a5a0187864a2d621cf1b2844261247bf520bafa9bf226e115681ecd77427980cd12b08c359cecd1de3f5545f807f81ed76302ffd6477f89b958cdf12954cf70c142532993831647eacab0b4807bfdadb4389d7dff2c4ef0ef5a5c61d0df762e2e9080a7181cecd06a53199f0dfef702627adecf5fcd9b3e68c72333161727f871c7d1c43051ff1c921fd53b642238b97880d64e25fac512ab954bedbca540f5b20091ec72e67f88770afc32f2125ca0da4fe87b56aac9177f1f4f67c851725c5e8afe64f664799833fd79100b77ead25838879fff4747aa0d5672ec0a94348134bdbd4bb39b0c67a0cd30602edf4fec6f7af0cc2bdae126cea842dfaa4391dc5ddea938e1792168240c2d8b25352f9f3a644235ce36fefeb6992ad88e287ad2d85bd850396fc2e517a15209f5920ac98c532b1f4d869beb08bb03cf7c91af3ffced68d5fbfef86ff94ece6e2ead3484ce080db17bbe40f1db432ec1650ed24fdd250f3345745c9b7b9198c9109a37261fc5ecbbb12f83a0e1220a1867d45fddfea81dcf75f4ec7fdb5250e57754d6dea270b628a79530ec28b619bca9493e6305cfc4414c1c1de3389e890197c85f28404f3fa96a1e2fd9206b472e8a0a0d32af55606bb083f76a19b8eae3479ae51d98a99a62: +a5228ff9bbb6f232327eb8d879d7f8b277ca72bae1f9a9d0e260dd90571db4f9d82f6a6974f51c8808d9d617f4cec2d8a37eb11a14237c9ab9cf11ebc80ff6c0:d82f6a6974f51c8808d9d617f4cec2d8a37eb11a14237c9ab9cf11ebc80ff6c0:1df7a6835e3310983ee7ec731125f5b5cf117af0e36b3685bf54ace1c48c46300560a45e9f9bdd96a0bc4d14e89d4b5721a2caff6618b182edb1202f3d0c5d118d09b61812c010e8b196344541cdeefe5fd1f961c5dd75459555ab72ef2aa7a759a4f3ad3caed44f4c9a8ef95b76ed9a99b55dd8a260ba08010d29ff819f2af3513c1a640d6ccdde4999205f9fca8857115d8b5db9f70a62e5eea0d5af065de153f2ededeec63e15c8e09a92582182ac07d81ca63ca4aa597a2220e70481957d415264e258bc263e1cc36e53478aac5ca01694ccb09b4ffd84739972c7dccf3defeafdede162ab6c58a1df27371e3f5493067fc9e2067e579623c009fc825eef0e010fd1ccf2a8d3fbbb3156f9dfde0c7cbbaf8433098517491b78db9698614ea40e0b1e6a1e36b900453a16ea276f3442bbd27a7ecb981511f5c9209eb096e28588b65b96b50188c0381ff712bc06b2c655cca0751c095d8016251585851e677434dc3efd087a12680fc22e5b8310a10e32caac9b71c876eed31ef09f7fa012ba08dfd2ad68c1e147f50598e550467ef99f295a318faa507ebe776ce55c4da164323c30a5e72dbe027c3ccf96c70197a6fb1b74af133a8be2b03c1b99fd25b3ced51fe3882021a3afd9229f641bc6cad4e1d3cb6ed9b6b68a25f1e1397289981f78924bff24c8dee6a18a0421fa32ae3ab60a0d933a6af4ff704874b09b0739e2f29d8f252d79055f89d3bff10a22c54ac3d8afeece818353a6abe2b7fb8e8e0da5b7ac1cfc985df97580b18211a4e3edff95afdda061547d3ae0406d3286cd305bdfd2c3abf8f74af9a03420e5b03f825e9c53907e13a5812174be42898645149d:97650fae3f59ca76477f2547167749c5830248883225e354ff46c7e381965220d9bef2c2057c7d1990f08bca4cfde877fff2b4aa813d9c4b84fb79eced81ef051df7a6835e3310983ee7ec731125f5b5cf117af0e36b3685bf54ace1c48c46300560a45e9f9bdd96a0bc4d14e89d4b5721a2caff6618b182edb1202f3d0c5d118d09b61812c010e8b196344541cdeefe5fd1f961c5dd75459555ab72ef2aa7a759a4f3ad3caed44f4c9a8ef95b76ed9a99b55dd8a260ba08010d29ff819f2af3513c1a640d6ccdde4999205f9fca8857115d8b5db9f70a62e5eea0d5af065de153f2ededeec63e15c8e09a92582182ac07d81ca63ca4aa597a2220e70481957d415264e258bc263e1cc36e53478aac5ca01694ccb09b4ffd84739972c7dccf3defeafdede162ab6c58a1df27371e3f5493067fc9e2067e579623c009fc825eef0e010fd1ccf2a8d3fbbb3156f9dfde0c7cbbaf8433098517491b78db9698614ea40e0b1e6a1e36b900453a16ea276f3442bbd27a7ecb981511f5c9209eb096e28588b65b96b50188c0381ff712bc06b2c655cca0751c095d8016251585851e677434dc3efd087a12680fc22e5b8310a10e32caac9b71c876eed31ef09f7fa012ba08dfd2ad68c1e147f50598e550467ef99f295a318faa507ebe776ce55c4da164323c30a5e72dbe027c3ccf96c70197a6fb1b74af133a8be2b03c1b99fd25b3ced51fe3882021a3afd9229f641bc6cad4e1d3cb6ed9b6b68a25f1e1397289981f78924bff24c8dee6a18a0421fa32ae3ab60a0d933a6af4ff704874b09b0739e2f29d8f252d79055f89d3bff10a22c54ac3d8afeece818353a6abe2b7fb8e8e0da5b7ac1cfc985df97580b18211a4e3edff95afdda061547d3ae0406d3286cd305bdfd2c3abf8f74af9a03420e5b03f825e9c53907e13a5812174be42898645149d: +c04dc09f119d670fb1eae0136fcc06085f290f4ad1aa1ffc9c160ea5cf47f09dff498ce8c9db7867f6d0276452a466724887e6172f6681671b8ae035f5865ea3:ff498ce8c9db7867f6d0276452a466724887e6172f6681671b8ae035f5865ea3:1e42297f8aeef29a842e0e21f5dbae068e2c9ddaa6fd348e48881f0d42c50bf0ecf1706b94a5d19817ca02d83e9ab2f99d8bfaaa5c85ad39a150b225ad3eafa067815b74672fe026c3ccc677255440b684a76e128ca2ccc429f152577d25b69f40db582d49479afae680712dc0fd1fe1418839687ca60cdde974140462f96148295df1ce43a977351c77f2f0b09a6b26d6fe965fceae17d7b8620371402428544fdf91690b44e9afc2e9088c83ca48dc8576f628724798dc90323174c44996596502a35df8b982c570a6cb51b9a197d431af33f02b80011567fe50cf45ac111b3d556f8c8ce5ae8c9972f2a9936b1a012b9c339e30c97312b65ea59c100f79d795b8a24b31a0a97dc25cced6b8ff5ae145339a048ca12a579017fae8d5cbcb61d52e314dd7c2e72010c47217b1d06878bf2818ca188e8e307960c1689d7dfc0202973cd29f2f7ba743469e685e0e704b04baca4fab5488448a922eabf40be581c1994d74d13a366ce857fb40a6e05da8553694172cc3fd28062f538250aa8c11f68139e79cd1191ba3314b5cea0864437ed2e4b6fbd75b9ded0987b41c202a58ec0254d9d371a795f1dbecddac112be8d09e2d7b9ca5752f406cffb911ca36450bc05f1ec1ca3ca8d35124d1286c55f10f61334e46ece4183b92219a9dcd0e5e78ef2a76cfe9a9ab3795dfdcb44f63d45f5f48ffb4156133ad2e9950884c5bbd2c1cb8729e40a8787f784969fa880c07ffcc97d5c0d2d488085e9116d7107cd5db16ceccdead55025eea2edee93c1b106427618ee09dc3dad1e05676a2368069c8045c3ebc6c67afa52d59398248efcf15e904c7142304ff61971f4d9bf6460c1d6417:4bd19f3d9c5116ec6ae0024d0f246d2ce250d9e0634a232ba06fd3566aed55cbe59f12332cbad65d4349a9d22e7d6e46d2fbdc71d5c8f9da15dfbf17ba2251071e42297f8aeef29a842e0e21f5dbae068e2c9ddaa6fd348e48881f0d42c50bf0ecf1706b94a5d19817ca02d83e9ab2f99d8bfaaa5c85ad39a150b225ad3eafa067815b74672fe026c3ccc677255440b684a76e128ca2ccc429f152577d25b69f40db582d49479afae680712dc0fd1fe1418839687ca60cdde974140462f96148295df1ce43a977351c77f2f0b09a6b26d6fe965fceae17d7b8620371402428544fdf91690b44e9afc2e9088c83ca48dc8576f628724798dc90323174c44996596502a35df8b982c570a6cb51b9a197d431af33f02b80011567fe50cf45ac111b3d556f8c8ce5ae8c9972f2a9936b1a012b9c339e30c97312b65ea59c100f79d795b8a24b31a0a97dc25cced6b8ff5ae145339a048ca12a579017fae8d5cbcb61d52e314dd7c2e72010c47217b1d06878bf2818ca188e8e307960c1689d7dfc0202973cd29f2f7ba743469e685e0e704b04baca4fab5488448a922eabf40be581c1994d74d13a366ce857fb40a6e05da8553694172cc3fd28062f538250aa8c11f68139e79cd1191ba3314b5cea0864437ed2e4b6fbd75b9ded0987b41c202a58ec0254d9d371a795f1dbecddac112be8d09e2d7b9ca5752f406cffb911ca36450bc05f1ec1ca3ca8d35124d1286c55f10f61334e46ece4183b92219a9dcd0e5e78ef2a76cfe9a9ab3795dfdcb44f63d45f5f48ffb4156133ad2e9950884c5bbd2c1cb8729e40a8787f784969fa880c07ffcc97d5c0d2d488085e9116d7107cd5db16ceccdead55025eea2edee93c1b106427618ee09dc3dad1e05676a2368069c8045c3ebc6c67afa52d59398248efcf15e904c7142304ff61971f4d9bf6460c1d6417: +6791bd74d3b4620ef5f1ff56406432c26ab646f6d5e9dda6842ed69052275392da9915a7552f110faea12d47920a09601443d4000a9c7e218d5ba72b74989fa6:da9915a7552f110faea12d47920a09601443d4000a9c7e218d5ba72b74989fa6:36a20e66bb29155161ad85eefe893b53ac5ade165f089a77190b0c239dec8a201685b076b4ded4a10aa459b980a8cca47d5f8de4d2a662e446d5f7fb70ed9be05db1cceadd130b3346d9409f9d6ef52824c764ac6fb1cd156dbd6a473ae722d0ebb25638c51265a22febbb14967d6dd8253c1d038895c6737f067c8f73c3c1cbe6cda4369632d7f4c9acebe87d0571c81a58cfd72cce4a5cf53a1e75259f4c993e67efc8d9c3576c43af04a5caf33d856f7f2755d3a975ab2b685c6f65680cba9ac879f3a8c9a4765b879c0ade1e4bd0d4a70bb6f92b24d429dc746cc78f84811f076f32c61e3585cc8aade9b0ca15224bfbfe18be10a33643600f6612bf013f0efcca837246a0ee5b03c02f1573624c4a44a90f9e423d4e56061a71d0144f5a887a8cd4a9d6f247904e26795951959da121c83c6c941e2b6b9ab76209ffe9178591ead68230b94ae97df58f9f172428c95067598ac582ffb950840d826630c4625f5deaddec1305203b4db6b945f991ed7cd3d6fabca51e2166adad0aad5117336d52d59422f0135c8fa8cdd0884be73586bf284e5ddddbcb95b411f98568526fbe71a5592b56ad5a7345f2874db1d57beab43e8cc69547520629f0ee76dbf432a376fad28bfc77e14d840f0c02d478f1e2337c23b89e73e5279108b5609b18e80db0de11cfa94ecf7239bcff59c54118e4ede4fbfc0823ae546016f774c52198a963b5545a3489b89df7626fd11ed4658d715a4657994035d403b3370d14eed9718d598db675f042592fea89056544b32e5b9c8062828aaa3cf59cb476ad36db1daa2482227a9b7afbc153ce93253d1b39da95eb96f83128ff2554a547e34eea4a0000:b1e8d481065bd5121bb3bf569600bcc26df40c499fbaa954b39a619dc40b9590c31756b8b63f860151694b95765d697b2e1ade0806e92a06c4a559e90fcfa50636a20e66bb29155161ad85eefe893b53ac5ade165f089a77190b0c239dec8a201685b076b4ded4a10aa459b980a8cca47d5f8de4d2a662e446d5f7fb70ed9be05db1cceadd130b3346d9409f9d6ef52824c764ac6fb1cd156dbd6a473ae722d0ebb25638c51265a22febbb14967d6dd8253c1d038895c6737f067c8f73c3c1cbe6cda4369632d7f4c9acebe87d0571c81a58cfd72cce4a5cf53a1e75259f4c993e67efc8d9c3576c43af04a5caf33d856f7f2755d3a975ab2b685c6f65680cba9ac879f3a8c9a4765b879c0ade1e4bd0d4a70bb6f92b24d429dc746cc78f84811f076f32c61e3585cc8aade9b0ca15224bfbfe18be10a33643600f6612bf013f0efcca837246a0ee5b03c02f1573624c4a44a90f9e423d4e56061a71d0144f5a887a8cd4a9d6f247904e26795951959da121c83c6c941e2b6b9ab76209ffe9178591ead68230b94ae97df58f9f172428c95067598ac582ffb950840d826630c4625f5deaddec1305203b4db6b945f991ed7cd3d6fabca51e2166adad0aad5117336d52d59422f0135c8fa8cdd0884be73586bf284e5ddddbcb95b411f98568526fbe71a5592b56ad5a7345f2874db1d57beab43e8cc69547520629f0ee76dbf432a376fad28bfc77e14d840f0c02d478f1e2337c23b89e73e5279108b5609b18e80db0de11cfa94ecf7239bcff59c54118e4ede4fbfc0823ae546016f774c52198a963b5545a3489b89df7626fd11ed4658d715a4657994035d403b3370d14eed9718d598db675f042592fea89056544b32e5b9c8062828aaa3cf59cb476ad36db1daa2482227a9b7afbc153ce93253d1b39da95eb96f83128ff2554a547e34eea4a0000: +234ce4d39b5ebabe9a2c1e71970d718138dcb530cfd296023427d892bf88f8a4cb73930db421f6d24536837bd0bff6fa75bbd141c98a405d4244a3c424550779:cb73930db421f6d24536837bd0bff6fa75bbd141c98a405d4244a3c424550779:77730cf8c8f96b9187902acff9ff0b21746ccaf0a382a7b343d1c72027ae3c3168a73a6b8f49bc8798141e15c2732b6a6b3f757f8a8e86c7a4bacb39551c54874d6bf716897ee4af13253aa5bb79a192104f44dcb3de960745a8e6aa9880524a629fb510a4ce4cbda7e2957dff1d62e705606a2cc84f91850beaac5e5846e1420bc91dcdd2427b69cfa46ae38a4fef4146eae35f9c22e967cb14a1af9cabf83b180465bed6ef2cda382a84d9994aad655d8952e0fbb0f96fc8089f2e7489497facdcd656a8a451b928c11e7a4075072aafbf17d8f1054c9196288ded3ae21f9afd5810a100d8e4d84c4a35a98b30d3e18524438dd4402dfd8e7675f09d080cd915f14af4372f7ce58384972d5d111079651b2acf39d2a167c6a00b2b17ce0b268791bd2be5178fe0f82d64dacdde377a1e8be9e7d8dfc82b08644537bdc870c5819286fd51f6792dc5f67b54be336d44d54febf81b8df8dec5d8686db12f164d0e8ff1aa2c16bacc9806010ec8e91196597ef06a4cf1707def5067a04889d8e48a9bc2c0bef664f5acd1b4f5bc2da7da43dcb5f963245ba552fd493001d870a9517a179c2f0de85be0c682d057488e35c7816ff4ba529aefd7c66091f206f5f4d75cac8bd209ec2fa55be74af231e2f389dcc2d668bf695ed267c3594bad9efc00217c7a0e9e7b6a56a33079a30e73c3733f2d24efecdde87f72f948d277d6b6d5b035b4c53180d23d66cc0ff17c15dd468585e389d91a4c97fd80110b218a0bf7a5e0353f4609d2cf018a065571001c7888555eedbd3622c3b1769cd13f33374772aa6c8a8f588102017d4ee4e50dcbbdb1d610c32670934a6d9e6d9b784bbfe71862bb38:f6d060ed7d18273f18f7a69cd1d8126e478e88a1d7294ff6040846d46107c3e41a423babb2417139fe587d2910271a357fe5bf57c92ee3a7b77533729d0ac20d77730cf8c8f96b9187902acff9ff0b21746ccaf0a382a7b343d1c72027ae3c3168a73a6b8f49bc8798141e15c2732b6a6b3f757f8a8e86c7a4bacb39551c54874d6bf716897ee4af13253aa5bb79a192104f44dcb3de960745a8e6aa9880524a629fb510a4ce4cbda7e2957dff1d62e705606a2cc84f91850beaac5e5846e1420bc91dcdd2427b69cfa46ae38a4fef4146eae35f9c22e967cb14a1af9cabf83b180465bed6ef2cda382a84d9994aad655d8952e0fbb0f96fc8089f2e7489497facdcd656a8a451b928c11e7a4075072aafbf17d8f1054c9196288ded3ae21f9afd5810a100d8e4d84c4a35a98b30d3e18524438dd4402dfd8e7675f09d080cd915f14af4372f7ce58384972d5d111079651b2acf39d2a167c6a00b2b17ce0b268791bd2be5178fe0f82d64dacdde377a1e8be9e7d8dfc82b08644537bdc870c5819286fd51f6792dc5f67b54be336d44d54febf81b8df8dec5d8686db12f164d0e8ff1aa2c16bacc9806010ec8e91196597ef06a4cf1707def5067a04889d8e48a9bc2c0bef664f5acd1b4f5bc2da7da43dcb5f963245ba552fd493001d870a9517a179c2f0de85be0c682d057488e35c7816ff4ba529aefd7c66091f206f5f4d75cac8bd209ec2fa55be74af231e2f389dcc2d668bf695ed267c3594bad9efc00217c7a0e9e7b6a56a33079a30e73c3733f2d24efecdde87f72f948d277d6b6d5b035b4c53180d23d66cc0ff17c15dd468585e389d91a4c97fd80110b218a0bf7a5e0353f4609d2cf018a065571001c7888555eedbd3622c3b1769cd13f33374772aa6c8a8f588102017d4ee4e50dcbbdb1d610c32670934a6d9e6d9b784bbfe71862bb38: +103d118c7dd65d07e8d5582e45042a75792417c692001ee6bd9a927b2b3d9016b45cc94514a6ad672496cd4eb9fdafc1d4a167072c6874dc8ff16d761fb66986:b45cc94514a6ad672496cd4eb9fdafc1d4a167072c6874dc8ff16d761fb66986:5a8ee079186b51cf4629834de0c6bd7334855039a7631d6887652a7728995972e362c1c409f084f5aaf2986ae3f536be0070c4baf459ef60a015ef9d70dfa3ea96711cbb18e92af50c527d7ed457877a07ab83721518c89f7a864191b1e97433b7c6cd634a832e19891e76c62122a49dbffd83498aa416acccb7737fe75f4fb2c35328e6f6ececaaa42e43dba5bc9689673dab96f0befa3c83eb41d4d887b3a117d055e30bb87fbe7c719472f6c7a4cc45f628f5faddc48ca344f77b733c0e3b9f5079dbd07af3a3847af141719cca2f6a766552b45d0fdcdb9868f2c762b6d4933ba10836f95bff71cb88040024c90534c4d7a95a2303b04c2961012af58bc784a96327bbfed039d0802a05262d8e663b78508e92508bc1f2ea2b9be7580bde10a4d663d0d25b0e973b8c5ded59debf19bb044aff1c60c70ea1aefe85f6d15c2c1b84753b59576a49473d65af3ed941a3d514b5c4522c141bdbeed9cb339695b2e02dc07000867f1bf8ed8cfd3b1afe688fbca80e2f9ba5c0b188a19adaff6686ca0ff0edd444661291fa27ca1fc529429a5d8ff79ed2027c60ffe3b2c03fb8a66a3985417ba4ace7d14fd0e2371edf5d71bc02b9052767c7f72c4e6f3f30e0638276b9c420aa4333095d31313033090582e3ac4d9fd3203120ba2514973ab9d1c7fc42290116b51dae9fd579410ae078ed320a5a1b49aa7b5fefcd756395213af8641e29b0ebb5b83e3780e5d10e9d3d11998148f6c6f86c4d4eb252e28c70fa3a55c43d4d7faafcbcdd45ad2637f215e81549eb8a4cde4715b7107207503a79595060b83ace8feb673b997968469dd9b4ad6a7ea81c6e61810033f3edfc137d974209575c:2fafc13c43afe5054372b923d24f292b283afca3aca3b3e432380684961713c8d23e86b3580495dfbae424b767e4795a0f922f71b50f5d7a369ab8c6e880420c5a8ee079186b51cf4629834de0c6bd7334855039a7631d6887652a7728995972e362c1c409f084f5aaf2986ae3f536be0070c4baf459ef60a015ef9d70dfa3ea96711cbb18e92af50c527d7ed457877a07ab83721518c89f7a864191b1e97433b7c6cd634a832e19891e76c62122a49dbffd83498aa416acccb7737fe75f4fb2c35328e6f6ececaaa42e43dba5bc9689673dab96f0befa3c83eb41d4d887b3a117d055e30bb87fbe7c719472f6c7a4cc45f628f5faddc48ca344f77b733c0e3b9f5079dbd07af3a3847af141719cca2f6a766552b45d0fdcdb9868f2c762b6d4933ba10836f95bff71cb88040024c90534c4d7a95a2303b04c2961012af58bc784a96327bbfed039d0802a05262d8e663b78508e92508bc1f2ea2b9be7580bde10a4d663d0d25b0e973b8c5ded59debf19bb044aff1c60c70ea1aefe85f6d15c2c1b84753b59576a49473d65af3ed941a3d514b5c4522c141bdbeed9cb339695b2e02dc07000867f1bf8ed8cfd3b1afe688fbca80e2f9ba5c0b188a19adaff6686ca0ff0edd444661291fa27ca1fc529429a5d8ff79ed2027c60ffe3b2c03fb8a66a3985417ba4ace7d14fd0e2371edf5d71bc02b9052767c7f72c4e6f3f30e0638276b9c420aa4333095d31313033090582e3ac4d9fd3203120ba2514973ab9d1c7fc42290116b51dae9fd579410ae078ed320a5a1b49aa7b5fefcd756395213af8641e29b0ebb5b83e3780e5d10e9d3d11998148f6c6f86c4d4eb252e28c70fa3a55c43d4d7faafcbcdd45ad2637f215e81549eb8a4cde4715b7107207503a79595060b83ace8feb673b997968469dd9b4ad6a7ea81c6e61810033f3edfc137d974209575c: +47eee2024dbe09953e981f6986520f666082aa9ef4892dfdfbdbd250d2a1df289f13cd8ebf5080347975159f360296a7164014d8d069e831dab0332607997cde:9f13cd8ebf5080347975159f360296a7164014d8d069e831dab0332607997cde:c133f033cf3bec6cd19212ea47dbecb13f2c6018f9e0878ac884bfb575c0f5d3fc5b4999580eb8acbcaac83ae9ac9b443e6d1cff449c3689b433d50900b2e8b71d00e119c8b875094bdab916adaab75bcc852959d8d759795bbd6b360ee484afe47b1ad28391f25afb8d4e3afe0c5b600498a12833fe2a1a5483df940b173ba0d9d8c4d1321fa4b733334b0f6d878a0e5a76f4f180ac119a82082acb1488e49bbca7a0369c191bd6d0c5d445656821a99ccbc945949eca8136cc6e127d9de92ef64f174a6c04c8b5e52495f0dd674bb5ca128a9209968fd450dce319913fd6a30c3382798163e6585f58ef208be4d0c6a2513a752388397a4ae444838c8466dbc36fbc36ae08bec88eeda131c14d06366b673151454100dea1118150fbe441b1e7826e545d9868242e899f5ea53e434c37936ce6fd06146283e8fbd536480de55a16102c44754bc554d5bc2de2f25e19e567a023df4640e74ff3a49e4dd30e0e2558b3dbc2aab92fdd5e79425ecbc4c699fe1f161965f1d0b45d8bdab52ec9bf7a69d8aa0bd171e755ce7b8d0718f7267afb733efca54b213e6f5adab4c9d76c867fcb69ae05c74bd21516cf342c6161f6fc9eccacf970ebce540cd892bc106c6bd563610298b70968f091bcc6e1f7ab4a5b2c6374a1903f4d3ad5e1bd8643a9c2f878c3d7a4dc49ef3197edbcda7bb91e7e06606087d4e981bfab93a6024977962e45262517f338b6857eec2158a297b2aa91524b677a21aac57be0b63a8074fe54e7a9dc70c5a5c3de728b9c17ec1212ab1130eb17622cd7b22ab6eba9185e8d67be6c47a2e5adc663d4642cc120222e299fe134fd7fcd00adabcfaa642fe2e08dd52e2c3f32:5defae0e173ecc18d5f01ec9291be160d5eabff63fd5423f2bc66e3f6408c196353502dcef21effa4b9c14bf27b687d1b6e86b2a205a89eb35c376a3a325690dc133f033cf3bec6cd19212ea47dbecb13f2c6018f9e0878ac884bfb575c0f5d3fc5b4999580eb8acbcaac83ae9ac9b443e6d1cff449c3689b433d50900b2e8b71d00e119c8b875094bdab916adaab75bcc852959d8d759795bbd6b360ee484afe47b1ad28391f25afb8d4e3afe0c5b600498a12833fe2a1a5483df940b173ba0d9d8c4d1321fa4b733334b0f6d878a0e5a76f4f180ac119a82082acb1488e49bbca7a0369c191bd6d0c5d445656821a99ccbc945949eca8136cc6e127d9de92ef64f174a6c04c8b5e52495f0dd674bb5ca128a9209968fd450dce319913fd6a30c3382798163e6585f58ef208be4d0c6a2513a752388397a4ae444838c8466dbc36fbc36ae08bec88eeda131c14d06366b673151454100dea1118150fbe441b1e7826e545d9868242e899f5ea53e434c37936ce6fd06146283e8fbd536480de55a16102c44754bc554d5bc2de2f25e19e567a023df4640e74ff3a49e4dd30e0e2558b3dbc2aab92fdd5e79425ecbc4c699fe1f161965f1d0b45d8bdab52ec9bf7a69d8aa0bd171e755ce7b8d0718f7267afb733efca54b213e6f5adab4c9d76c867fcb69ae05c74bd21516cf342c6161f6fc9eccacf970ebce540cd892bc106c6bd563610298b70968f091bcc6e1f7ab4a5b2c6374a1903f4d3ad5e1bd8643a9c2f878c3d7a4dc49ef3197edbcda7bb91e7e06606087d4e981bfab93a6024977962e45262517f338b6857eec2158a297b2aa91524b677a21aac57be0b63a8074fe54e7a9dc70c5a5c3de728b9c17ec1212ab1130eb17622cd7b22ab6eba9185e8d67be6c47a2e5adc663d4642cc120222e299fe134fd7fcd00adabcfaa642fe2e08dd52e2c3f32: +b6c88b4c90fd19a149d381671953b9b16d428f6361cf503a110477e297f8d2f88ebfb084f997b2ea7932a2353b2c8b16bd825e1af587a8ebc51a6c45aea343ae:8ebfb084f997b2ea7932a2353b2c8b16bd825e1af587a8ebc51a6c45aea343ae:7f4bf4f52173eff072f818d0aa97e6935d8baccf4839663253b2414fe6b1f34cf43ab120155a1a3aea7b4819ddd1031673b8a7a6bd0b9dda4adefe692a56162c646180794264c5122115eb90a6d3054f084302dce3d836ac3de820638bd89a86bf0a4c01547cfdc543d676fe1639ef72c5b845c494e07814cec8a47d03df73be4e33c05afe9a190dda043360496be4cf3a6319da9ab06481677f1a4374d60d3d3b6394f8843c869b0f41a1e81c2b1a54bf5aacbd98207c8dbacb36422a3aa013d5e849e044af928545c046097caf149d970215115dea0b5a85401ff672e02ed40bd0f5a440cd56494053c896c3bd32606349f7cbe7ece2a2230cf236dac59f7817965f3fa80fb48aa30b0b19efa9a96591646bd25e67c185f77e21d6630b288d4e55146b2abc15e95088d936080775618154bbdda115702a2afd6fd5f56b923e188833ec448944d30283e337254242c5812d7245a4e92670bce3546efaed22d274e1e6048b5a0f01efbf895dc42494baf1747185cb1a4b88fdf1e6099baabc6a5ab5a2727b1e248789d170caa2449671a8f6e094c11332ea0ac2afe88132c644ff883d0c499ad76a93df472fa013eaa27ab4dad679d2511b5049c4e98baa2e7b00a534891e290265edb076f7dca8e6fef3f433034a16575f0e53da4577e6b13f0cb0d785870d0d098d5d80f413a268ba84e0431a786923771378cd57b8192258e2633cdbe03cc316a0950970526fd3e09376bcef0d03b7074e59a5a84fc64e795a812156d960567650bb1e1424b3cc9a4d99d57ba858dd1a0cad3532e998146e79264045e28ebbfd75a426b0bb851a244ad6be7bd5765af493dfc44ee378cd04daf3917eef2a6206:7447a20181b02cf1b6ad529569ce437c2a0508116f50205c41e6378b74fe2fc53630aa0dc4b80c31cb26c8f09bf8fab27e3abc8f1f604a5ec06631a84f6f2e067f4bf4f52173eff072f818d0aa97e6935d8baccf4839663253b2414fe6b1f34cf43ab120155a1a3aea7b4819ddd1031673b8a7a6bd0b9dda4adefe692a56162c646180794264c5122115eb90a6d3054f084302dce3d836ac3de820638bd89a86bf0a4c01547cfdc543d676fe1639ef72c5b845c494e07814cec8a47d03df73be4e33c05afe9a190dda043360496be4cf3a6319da9ab06481677f1a4374d60d3d3b6394f8843c869b0f41a1e81c2b1a54bf5aacbd98207c8dbacb36422a3aa013d5e849e044af928545c046097caf149d970215115dea0b5a85401ff672e02ed40bd0f5a440cd56494053c896c3bd32606349f7cbe7ece2a2230cf236dac59f7817965f3fa80fb48aa30b0b19efa9a96591646bd25e67c185f77e21d6630b288d4e55146b2abc15e95088d936080775618154bbdda115702a2afd6fd5f56b923e188833ec448944d30283e337254242c5812d7245a4e92670bce3546efaed22d274e1e6048b5a0f01efbf895dc42494baf1747185cb1a4b88fdf1e6099baabc6a5ab5a2727b1e248789d170caa2449671a8f6e094c11332ea0ac2afe88132c644ff883d0c499ad76a93df472fa013eaa27ab4dad679d2511b5049c4e98baa2e7b00a534891e290265edb076f7dca8e6fef3f433034a16575f0e53da4577e6b13f0cb0d785870d0d098d5d80f413a268ba84e0431a786923771378cd57b8192258e2633cdbe03cc316a0950970526fd3e09376bcef0d03b7074e59a5a84fc64e795a812156d960567650bb1e1424b3cc9a4d99d57ba858dd1a0cad3532e998146e79264045e28ebbfd75a426b0bb851a244ad6be7bd5765af493dfc44ee378cd04daf3917eef2a6206: +7949a9472f725ce7c68d7ea8fc16e13d9e0e0a58f58c24f9228c88e80264090da370f82833f88b4f5f5310b918e6af93bb724bfbdf3c02c503780b2c83ab6cc6:a370f82833f88b4f5f5310b918e6af93bb724bfbdf3c02c503780b2c83ab6cc6:955386b92dd6bf92601bf81e84d25144b5fc0bcd7d23c76e7deb5f5ba6316bb61a5d8e74185b012967f0a4438b531696deb4b8101089e0c0482adf13c0613191b977f77b0419814147f5da64a1d3beb1275b9849d1297ba8532ae0a647a8ace395ae0ed00f67348c5ee5ea19b5f1c5bd2e622818e8adcba3c17c27987e4e3d6d910a56c7e5149d3f5574fc06009bf4dd3e37cfe3ebda2c2116d366dd88ce5ea72ab387490585443b086e8aa38d11d3820b72c658e463cdb59c5393011d4a8f4cb6a195229304e76239fa5e8c2cbe0f39dcad138a0ecb3c51579ec9a120a51607eefebfa59a44620ea5b1916087ea338533fc132ff2e4a43d052fd08b6b1b24fb672f73c9b9ba20b7c1c41ea24d912de9b555b6e5682b970608ff229ad3086f431f9be190ec39224ba2ed8acb4c8eac8582e23aaa79827c44e248c5ba092ddac0f2f79684aa93fc061073e1821a56afb9bfec952df2719a9c7a403e6a93f7a656d74b61c1d19083f8d3f19e659fa2b718e0bd04b693d63dafb86adbee5d87c75b7d129122f178a0e669eb035ca4d8eb45397f1851264e2cf0a0cdd30720c5e139cd6a573f1fa241cae9425805ac79603e8de350efdb0b9bc95ba7b085c1ed92c12acf53f5d4a1137598008f2a3672c84e5f769a25c7a4a16579d86288774972606e4e7d85263ad217e0dbcf343fe554c109c5d9409b7939073ac55a03420fec289b114a5c54c20b45ea69938533ade7b3ae85e1a783dd97897c3ae8254183cc54045c2a18ecbe521691f2619d9b8f1fb347ca055a7b0b4c24f64d1773e01416441efe159923217a84874b9c4ec265cdaab643908068497812c1af15c188071e78f597fedfce91c5d4c6:e02898cc7c30ee01648247497be8a9c6378593dc8820bf7c17ffcd18118af09879a769f539dd9237e96821166634998f946da65e6dbad8271511669e2d6cad02955386b92dd6bf92601bf81e84d25144b5fc0bcd7d23c76e7deb5f5ba6316bb61a5d8e74185b012967f0a4438b531696deb4b8101089e0c0482adf13c0613191b977f77b0419814147f5da64a1d3beb1275b9849d1297ba8532ae0a647a8ace395ae0ed00f67348c5ee5ea19b5f1c5bd2e622818e8adcba3c17c27987e4e3d6d910a56c7e5149d3f5574fc06009bf4dd3e37cfe3ebda2c2116d366dd88ce5ea72ab387490585443b086e8aa38d11d3820b72c658e463cdb59c5393011d4a8f4cb6a195229304e76239fa5e8c2cbe0f39dcad138a0ecb3c51579ec9a120a51607eefebfa59a44620ea5b1916087ea338533fc132ff2e4a43d052fd08b6b1b24fb672f73c9b9ba20b7c1c41ea24d912de9b555b6e5682b970608ff229ad3086f431f9be190ec39224ba2ed8acb4c8eac8582e23aaa79827c44e248c5ba092ddac0f2f79684aa93fc061073e1821a56afb9bfec952df2719a9c7a403e6a93f7a656d74b61c1d19083f8d3f19e659fa2b718e0bd04b693d63dafb86adbee5d87c75b7d129122f178a0e669eb035ca4d8eb45397f1851264e2cf0a0cdd30720c5e139cd6a573f1fa241cae9425805ac79603e8de350efdb0b9bc95ba7b085c1ed92c12acf53f5d4a1137598008f2a3672c84e5f769a25c7a4a16579d86288774972606e4e7d85263ad217e0dbcf343fe554c109c5d9409b7939073ac55a03420fec289b114a5c54c20b45ea69938533ade7b3ae85e1a783dd97897c3ae8254183cc54045c2a18ecbe521691f2619d9b8f1fb347ca055a7b0b4c24f64d1773e01416441efe159923217a84874b9c4ec265cdaab643908068497812c1af15c188071e78f597fedfce91c5d4c6: +d68a5e3c47eedb3099dffc804cf19c5e74bf7bf5f01f54d4d91d7574f3d3dc7c46467fe9ce3acfd0d74346be21c46216db81aece6ce0308fb8dc6386fc3446cf:46467fe9ce3acfd0d74346be21c46216db81aece6ce0308fb8dc6386fc3446cf:596c03d0873f572f45c3b16f0ef4b52ad2bf59ec76d3c0e534d62c1f84164ddaa425fb85c9548485b7064677e99d04c39b6eba04c966397ba6a5f4ebaa69a241df95a6e44502509d6350557ebfea60264b62ad7f74d16e5d25d45970cfebeb33e7b1bac3348dd03a8e99133b26bbfd7aa722c2587f72d5526e980da9eebdf108211dae50bbe8c65f9abee69a1bbf84c03e40448babad03d3cf3b7de4887d2b47737702796482d2265c566b0f623b53c8671bd3719edec0ffd5f49b49b072c1564a57f9bab6b92d1f068d756639a4331452e61aa7b218a88b9db77a19fb82f13e9868edb798d5beeca55d1ab095b316225f3f6390f89578f0160428747bcd21be6ae1d86991b48ef80d569250858febf3276bd5de3db65a245c8bdcf1488c4825968945786bed63f3d13f1409363b948560476858b396bce588e40b311ddfc22ad622ca7d1e69561464dda5009e638aa5ec9f4c039293aaec75001ffc68a7cb3ae01874dc7f39d75027f59a28965fc19530c0752fe99b153da7c0e542bda76ca1e10b7ea158efb4d821fbc65e7271ad9941095315447abcad0880a0075dd04b1325c72633acbcb261fcb407c264a34d70bf1f044feead069af5a87dd352f4bd8110fa178adbd8dbf23c6b575cdd5df22cc9a5cdd37d9c8faab81a4cb3fb5c4fe7ff629dbaa9fc06b80c1fb691c28655955cfe5ca44149b150b3cf140d9acacb14313a72c84098de72bacc0272d79ed6617f72dec88e19b84425492a429ec6d2ec08b86346dfbf20ea2a3619e77b6ac64230ebe25fa0067abb5f33ee49adc7c44bda7046d7f224f2e7a4895683fca8684ed6a031844f5786bcda48b5042394487b52402a09907788a1e140:896fc3caba7fd3fc285d5eddddc0120cd46da7c6efabe66b150b002760b8414a89ac9e7f1f7b7c7b33598f61f45718e4ff4ac368ff129614b4fe9219f237b009596c03d0873f572f45c3b16f0ef4b52ad2bf59ec76d3c0e534d62c1f84164ddaa425fb85c9548485b7064677e99d04c39b6eba04c966397ba6a5f4ebaa69a241df95a6e44502509d6350557ebfea60264b62ad7f74d16e5d25d45970cfebeb33e7b1bac3348dd03a8e99133b26bbfd7aa722c2587f72d5526e980da9eebdf108211dae50bbe8c65f9abee69a1bbf84c03e40448babad03d3cf3b7de4887d2b47737702796482d2265c566b0f623b53c8671bd3719edec0ffd5f49b49b072c1564a57f9bab6b92d1f068d756639a4331452e61aa7b218a88b9db77a19fb82f13e9868edb798d5beeca55d1ab095b316225f3f6390f89578f0160428747bcd21be6ae1d86991b48ef80d569250858febf3276bd5de3db65a245c8bdcf1488c4825968945786bed63f3d13f1409363b948560476858b396bce588e40b311ddfc22ad622ca7d1e69561464dda5009e638aa5ec9f4c039293aaec75001ffc68a7cb3ae01874dc7f39d75027f59a28965fc19530c0752fe99b153da7c0e542bda76ca1e10b7ea158efb4d821fbc65e7271ad9941095315447abcad0880a0075dd04b1325c72633acbcb261fcb407c264a34d70bf1f044feead069af5a87dd352f4bd8110fa178adbd8dbf23c6b575cdd5df22cc9a5cdd37d9c8faab81a4cb3fb5c4fe7ff629dbaa9fc06b80c1fb691c28655955cfe5ca44149b150b3cf140d9acacb14313a72c84098de72bacc0272d79ed6617f72dec88e19b84425492a429ec6d2ec08b86346dfbf20ea2a3619e77b6ac64230ebe25fa0067abb5f33ee49adc7c44bda7046d7f224f2e7a4895683fca8684ed6a031844f5786bcda48b5042394487b52402a09907788a1e140: +31e82bc1cc5ced21cdc8bfc2dbbb976b08780afc6944af7e88e50e67874d84f18df977e2b040acebd3dafd67b87f9216e8c371beced618fef3a496d651a5d7b5:8df977e2b040acebd3dafd67b87f9216e8c371beced618fef3a496d651a5d7b5:69d461b6b7a866e94cd59a5a23bba4a1276602f042baa850d5b29249d6743ada04d3d938219abbc22ada66a1778197f70bf80b597a8b4ae00bdb876812d3ab4ec011df73341c85053eebcc2df0acfc21548283b553ecde0154828ed5af47571985f89767b005b622c9e7c079dde694e49dc0550c7918cc515c274dbd9c5469d2f18ecd90de664e03ca41e53be20b96e25af40c54ab0f7cbe9e05ca3fa5a37c1aa8ebfb6444a32c496efc68157c69f358c15f6ac09d46efef9a685df7e8dd63b304bd3c638ccf532fe901f11cf97c5b1cbed33c70637c721b0289adf6bb6d87c30479fa926e043074302b76f1157d0a81dec493e87a3c643e7a20b7a41525a38db04e78dae5e7797066bfae2cf448a447e9004cce8e41f0987991fad30311ddaa459a2644f4b941c068c0d6c0771afcf42bf9139a684da298486ecf67523bf8509a45ba5cb8b3864ad22c0c6a828c6db72e371de410b47dac49ae9d3b5702b1739b8d760ce98611c07d88df5f04683808a21afc2e61713fc2c025cb25fcc4ee941841083b22f61e2656fb3b8dad41c262c89d2f17610309f2d5c29589a2df61e55149895032ca981e4557e130a237fc0826fc872529861bbb8328d673f39b58b73d060ec596bf22e7ee081f44e92c02a5677679520e2a2b4d22c77f2b212d5aaf050bf2c141e3e28b8571d4321937426235c7a646d647e3efe183c27b7492565ecacd7f43c67a74453f4780e88711ba2dd4a3941b12ddd3909270fb3debd422436ab6166f08c99c886cc0e8e3cecd0642e44285b8864aa416943c5a186974f464535a870a012861bc2e587149cae971624e61c31d8a507e3ad82773e723bcb75df54bef847a407bcb7b1d57:240702ac6c68d597d222da949d0c47d16b390a477d1fb579e9d8948adf9b3b6a7fd4458ae6385b7e2b684a05b55c63fa6cd087bb90113cbab8e4af142fcf810e69d461b6b7a866e94cd59a5a23bba4a1276602f042baa850d5b29249d6743ada04d3d938219abbc22ada66a1778197f70bf80b597a8b4ae00bdb876812d3ab4ec011df73341c85053eebcc2df0acfc21548283b553ecde0154828ed5af47571985f89767b005b622c9e7c079dde694e49dc0550c7918cc515c274dbd9c5469d2f18ecd90de664e03ca41e53be20b96e25af40c54ab0f7cbe9e05ca3fa5a37c1aa8ebfb6444a32c496efc68157c69f358c15f6ac09d46efef9a685df7e8dd63b304bd3c638ccf532fe901f11cf97c5b1cbed33c70637c721b0289adf6bb6d87c30479fa926e043074302b76f1157d0a81dec493e87a3c643e7a20b7a41525a38db04e78dae5e7797066bfae2cf448a447e9004cce8e41f0987991fad30311ddaa459a2644f4b941c068c0d6c0771afcf42bf9139a684da298486ecf67523bf8509a45ba5cb8b3864ad22c0c6a828c6db72e371de410b47dac49ae9d3b5702b1739b8d760ce98611c07d88df5f04683808a21afc2e61713fc2c025cb25fcc4ee941841083b22f61e2656fb3b8dad41c262c89d2f17610309f2d5c29589a2df61e55149895032ca981e4557e130a237fc0826fc872529861bbb8328d673f39b58b73d060ec596bf22e7ee081f44e92c02a5677679520e2a2b4d22c77f2b212d5aaf050bf2c141e3e28b8571d4321937426235c7a646d647e3efe183c27b7492565ecacd7f43c67a74453f4780e88711ba2dd4a3941b12ddd3909270fb3debd422436ab6166f08c99c886cc0e8e3cecd0642e44285b8864aa416943c5a186974f464535a870a012861bc2e587149cae971624e61c31d8a507e3ad82773e723bcb75df54bef847a407bcb7b1d57: +cc56bc7cdfa611924e72b07f68abc6ca5b85ff8bbacdff406e51ba720d09a8665ffee221ab4d0fe6f4c9346c5e5a4b8a636a6a0badce9667be739f4c9e6733c1:5ffee221ab4d0fe6f4c9346c5e5a4b8a636a6a0badce9667be739f4c9e6733c1:088304f22e1a286062defbebb1827a64b76a14e87015e7f646178777aba79704688d7bf32e1efac97a9fc339810ebd3df93e4ea024686953ed91fa6d2ab6e07ec7811a6d91ca91b098db4725df65846a95b808635a8d0c5fe5ace25f0780e896177bc1bba1cdb4449251c01b482f023862f88e072e79cde5dbd6c1d9ad9c07c606f5df85a6eca2966cbfe0a1673968112f26a317053f167f611af297efa802e0a94b3e1f33a27b73e5597abb224115ebe75e294a1bcdcd979255b0a80265c089aaa7d6bed2e3d0c918f56f4a55f448d863365c6c5846fb9b2b9bb55f6b7c6dff5847b71bfdd4bb5b9bb2e4249bc0243a02ab4d22ba78a43d182195aed78fece84cb1ddaeb9eff68156045b2932e638d7731d0e8b4c9c8c383b0d6d392d21fc640762c87d3692b1810bcc4a42392ff13d45169ecbf0135055093105098c869b68887e934e2b9da5232ac6c9373800f70b64ec64a4aa0ca044c0777ca3a3acaa138c14249672a55b24ddfe4dc357573241e14ad0ac16475a8e3867886d41eea35fe7932ba9aeaa0c86c9eb6db7808049ade7b5cc1a40822c66dea93ad22d44b9e42904b5b83684ae2931fe36c608ff7096f1b09f811b02672804406e08ed9e7745676ce047f0f7f64708e49bb78754720b8aa226f5556abf05b56584645292dad08e2473639a8ce5475e0ce9192f8ba2dd32ce14c91975ab602f7c13538c52952d0396158c7cc6b942be7d923eeb523a73b5b411966d14ac96e5b096a52932a416292eccddb91071c88560e70ecd4fe2fe24d523fafcb98e4021502f4190a0515edcb24019eaca09ec2615a9bfdeb60eb354c84a1f3cec7ffd7e65a5515d47959a4c4ec48d8021b1754ae2bf84:9b86a192b64f4f044ffbf87b41c7ee52f7a721aa320e7bad6425995990315cdd502be4e1116019d131a9218d19614ad95543b1889af0a97ed4d256dc33d76e08088304f22e1a286062defbebb1827a64b76a14e87015e7f646178777aba79704688d7bf32e1efac97a9fc339810ebd3df93e4ea024686953ed91fa6d2ab6e07ec7811a6d91ca91b098db4725df65846a95b808635a8d0c5fe5ace25f0780e896177bc1bba1cdb4449251c01b482f023862f88e072e79cde5dbd6c1d9ad9c07c606f5df85a6eca2966cbfe0a1673968112f26a317053f167f611af297efa802e0a94b3e1f33a27b73e5597abb224115ebe75e294a1bcdcd979255b0a80265c089aaa7d6bed2e3d0c918f56f4a55f448d863365c6c5846fb9b2b9bb55f6b7c6dff5847b71bfdd4bb5b9bb2e4249bc0243a02ab4d22ba78a43d182195aed78fece84cb1ddaeb9eff68156045b2932e638d7731d0e8b4c9c8c383b0d6d392d21fc640762c87d3692b1810bcc4a42392ff13d45169ecbf0135055093105098c869b68887e934e2b9da5232ac6c9373800f70b64ec64a4aa0ca044c0777ca3a3acaa138c14249672a55b24ddfe4dc357573241e14ad0ac16475a8e3867886d41eea35fe7932ba9aeaa0c86c9eb6db7808049ade7b5cc1a40822c66dea93ad22d44b9e42904b5b83684ae2931fe36c608ff7096f1b09f811b02672804406e08ed9e7745676ce047f0f7f64708e49bb78754720b8aa226f5556abf05b56584645292dad08e2473639a8ce5475e0ce9192f8ba2dd32ce14c91975ab602f7c13538c52952d0396158c7cc6b942be7d923eeb523a73b5b411966d14ac96e5b096a52932a416292eccddb91071c88560e70ecd4fe2fe24d523fafcb98e4021502f4190a0515edcb24019eaca09ec2615a9bfdeb60eb354c84a1f3cec7ffd7e65a5515d47959a4c4ec48d8021b1754ae2bf84: +7a57f2dda0ad0338ab9a13c9a3497e9c75238c1531589789227cd2749bc6e9506f738dc5e7d9e240c9f4d0c06a5e021747568b69a75d507a2e0be7ea613526c5:6f738dc5e7d9e240c9f4d0c06a5e021747568b69a75d507a2e0be7ea613526c5:8c8575a11d2ff2c238e419ccb00633d04e8b8bd7742901d588dd6a2f00aa12f08ae41dcaa9338f8c47e95312192cf6b245a00ce688a029da56dd1b1deb0d34b5414fe1c21d6b63d06b8534ace8e866c933fd7c5a65eda95a1737a9ecdb17859149ac696951b82c230e8275e96dd02fd455ea675379e67ba63484b6283831fe3ffe52d6ec49b709106705c9d19b859de9fd200887cb44d8fdfe6961fa4ca2340944c764c704491208257e735482af8cb69041dde685241d3fbf46fda057248b8987be1f80b54eb54009f324dc450e886e79f912585b91c9dfafe9012262c471403b1e8b5c31fc5375a1ddf99b68edf9ed70af8594f7d84b2cc4911fe90500c6eebfbac085553550e35bd2e52514e979e7241e9f8e34cdf8513abe72510dff3cfec7e2bc6488641cfd0a65ae0e09ebe99b15b29d45ea67a57aad554d4f8bfce1386ace228839e3a8a534140eec3d37d51be361f5ea1883739f56615f75b055a06a91471be98bc9453783c358382bd0555ae9eb0bdcd66629a611fc1a11c653c82214587dec12ba120e2513070fe69e982f7a80ad159f6a325d977d01d050d116a62a4f8acab6c3d69ff6c878213c60a94845cae106de6c5d6fe2508d94565b7ba75d58d1ad47d76a20defa7568cb7fd66f57cf3774a21d3ffa7d8aa6d86dc284b70e0f17e7630bfc10cd1fc9a8d9c592d39f24a7b5c8e8aff353577e6ac9008690c7a159a7e83be5a6ae8fca9644bddfa37a92b07055f9fac9fa97fb3e8f5f4d917dda5c6dc6ea34b64d302405bc38062e07ce93a1a88aed5fbaf995a09b45b28ad4a6b273dec1413c5404529d825b5edc2e27a390eb7e8c2b43905e116d887ab5fb993dfe150ebdcf817ae62e03:989123761d93563278fd0a78aed64e2de6f4a700fc9a70d2187748ac06d9c2c377d1995f89c7727fe2f120784e4171c42d6353ac3d4e3f620c639c75786c460a8c8575a11d2ff2c238e419ccb00633d04e8b8bd7742901d588dd6a2f00aa12f08ae41dcaa9338f8c47e95312192cf6b245a00ce688a029da56dd1b1deb0d34b5414fe1c21d6b63d06b8534ace8e866c933fd7c5a65eda95a1737a9ecdb17859149ac696951b82c230e8275e96dd02fd455ea675379e67ba63484b6283831fe3ffe52d6ec49b709106705c9d19b859de9fd200887cb44d8fdfe6961fa4ca2340944c764c704491208257e735482af8cb69041dde685241d3fbf46fda057248b8987be1f80b54eb54009f324dc450e886e79f912585b91c9dfafe9012262c471403b1e8b5c31fc5375a1ddf99b68edf9ed70af8594f7d84b2cc4911fe90500c6eebfbac085553550e35bd2e52514e979e7241e9f8e34cdf8513abe72510dff3cfec7e2bc6488641cfd0a65ae0e09ebe99b15b29d45ea67a57aad554d4f8bfce1386ace228839e3a8a534140eec3d37d51be361f5ea1883739f56615f75b055a06a91471be98bc9453783c358382bd0555ae9eb0bdcd66629a611fc1a11c653c82214587dec12ba120e2513070fe69e982f7a80ad159f6a325d977d01d050d116a62a4f8acab6c3d69ff6c878213c60a94845cae106de6c5d6fe2508d94565b7ba75d58d1ad47d76a20defa7568cb7fd66f57cf3774a21d3ffa7d8aa6d86dc284b70e0f17e7630bfc10cd1fc9a8d9c592d39f24a7b5c8e8aff353577e6ac9008690c7a159a7e83be5a6ae8fca9644bddfa37a92b07055f9fac9fa97fb3e8f5f4d917dda5c6dc6ea34b64d302405bc38062e07ce93a1a88aed5fbaf995a09b45b28ad4a6b273dec1413c5404529d825b5edc2e27a390eb7e8c2b43905e116d887ab5fb993dfe150ebdcf817ae62e03: +32ef6d789a1ea393f1bf9f11de34f57d653c4e77d51e6050fef4e8d7bf183db5c1aa181e620f60525c2b17da8d290bae5d339e17eabceab58cd76ae066f41179:c1aa181e620f60525c2b17da8d290bae5d339e17eabceab58cd76ae066f41179:11a9c3c1ba7cfb61ad103305c25886de9f8815c6c21f17a8733a024f9497da0540db3603a671aae837dbbba19e19f82ddfc8af855980a70125fc61cd7ffd10777e366e5e9569927af0f245d4f39b3fd0f45879c253401412855e5761905ed6ef318b6a06ea6e9f906f9bd016bcb694a0df65a016bdfe845a09f23e5086c5aaf375efeb86da51239ddc350bac0cdb03b874db1507e6ad4e2c9f46028ca2388363541493b6cb92c1dfcaa3efd68c6b4e91efb46751d23f4c48a973f0a5c7c6fe2a1269d2a69e9fc4ab8ba3b92f796449ba3dc70245ed505cc0eeee1636647a68c7679d0b6d651bba35c29b81478d17ca3685707ad616e6e5604381f84ee52b25ad02fc0dfb85432efb1fecd090c02ad002c1857fced88fdfb2ff26dd0f5018fb47d813581f6508ca637c7365177c513d1ee05879a65c5b676b3aa873a1935c5437eadcb66dfb052a5e7c3e81d44b3daf698f42244ee2ee4b6ed2b7e6e56e61ff9cb45e719fd746198bf2a7de6d25af3bc6c7b0ed8abe3cb389afd84ffa2a230d93bc0c29d5a9419cbff11b7883329921480b5844655d996c7cab29dfb2a3927b82ba7c306c4577b6f8b5dbe2afaf9bf14a8f9554cd01a69a991bf212828de1e63172e833de06698cdb3b28716380314572bf5bcfd34ef52a6fadda87babe6bacdb20ce63c725cb0ff61fe30c1b51dbda2c2625f99dfeb029a3e58cba7d01905111caf42f27025e720e18eeb07dae9155c55aa300e22eb5e94dc7a0a84ee67d91a960ae08ca632dbb1737fc9a43dbcfb3a879eb9fbffd7299338e264bc1237ab6a5bc2a263cfa99e8544439d96331639fe9408e54a350610ff01de3f85799adeb73d82be938074dea858ea636b63abd:88f3a6e0bbaa3e060bc9d91fe2968c61126b20317f59842e4ae48711cdbaf62c6c0207405d1c4849950271f0aaa7593091109e478d13f356964f7dbab729af0011a9c3c1ba7cfb61ad103305c25886de9f8815c6c21f17a8733a024f9497da0540db3603a671aae837dbbba19e19f82ddfc8af855980a70125fc61cd7ffd10777e366e5e9569927af0f245d4f39b3fd0f45879c253401412855e5761905ed6ef318b6a06ea6e9f906f9bd016bcb694a0df65a016bdfe845a09f23e5086c5aaf375efeb86da51239ddc350bac0cdb03b874db1507e6ad4e2c9f46028ca2388363541493b6cb92c1dfcaa3efd68c6b4e91efb46751d23f4c48a973f0a5c7c6fe2a1269d2a69e9fc4ab8ba3b92f796449ba3dc70245ed505cc0eeee1636647a68c7679d0b6d651bba35c29b81478d17ca3685707ad616e6e5604381f84ee52b25ad02fc0dfb85432efb1fecd090c02ad002c1857fced88fdfb2ff26dd0f5018fb47d813581f6508ca637c7365177c513d1ee05879a65c5b676b3aa873a1935c5437eadcb66dfb052a5e7c3e81d44b3daf698f42244ee2ee4b6ed2b7e6e56e61ff9cb45e719fd746198bf2a7de6d25af3bc6c7b0ed8abe3cb389afd84ffa2a230d93bc0c29d5a9419cbff11b7883329921480b5844655d996c7cab29dfb2a3927b82ba7c306c4577b6f8b5dbe2afaf9bf14a8f9554cd01a69a991bf212828de1e63172e833de06698cdb3b28716380314572bf5bcfd34ef52a6fadda87babe6bacdb20ce63c725cb0ff61fe30c1b51dbda2c2625f99dfeb029a3e58cba7d01905111caf42f27025e720e18eeb07dae9155c55aa300e22eb5e94dc7a0a84ee67d91a960ae08ca632dbb1737fc9a43dbcfb3a879eb9fbffd7299338e264bc1237ab6a5bc2a263cfa99e8544439d96331639fe9408e54a350610ff01de3f85799adeb73d82be938074dea858ea636b63abd: +0a5525a4598f60992f86ba1ab9eee6e2675622f943284fc0553e4446ac5a4c53db60d7ea29f8d60dad33d02ec5f42232057bd1c4bd6180a242cb7ab6f4426781:db60d7ea29f8d60dad33d02ec5f42232057bd1c4bd6180a242cb7ab6f4426781:f787321b42c08d4052449a488593d885b4e0c34a5d64149fa8b9c85ee54bcbecb50909b2a86b88258a10e07e8f8c2d068a89fb165a6ace7e64998ba57d89d9bf2b8b38a1f6d8364aee05ce3348bed48b88c2473bf5f2665f51ca073a5305358eaad4365d58b83bc9814e25f54c37cd9b68a808a57d6c2d7d7b6deb5fe20f4f96fe725f8de65c29a4f1ccefd7c2c6f2fc0116d58676acbc58691c79c2b006785a0975a31d8d3c949161596a068aaf2226ab842550e9c0b2610a29531d1f3f7f00826bb6c7dbe04e28ae1b9ff6f888a49d82812f452e1b32740b234ddd9642e18f32ad9a9af7f8952528674a2cda25b4f7ba867007ffa7f78f163db8f36914956bfaecd50f6d1af4ee133275a8eaab94bbc0ae52b6d9b2832634232ec0e8b5f8022d3ef1ead9b79ef9a16564277194f2380d9021e1f17b184b8d3a7a34d15139a39c7728c22e1a3a67a27a6ca4b8a8a0636c6054d0f741f046673619fc6b070e62ff4862f59d269007f3431339637a89f564c0db3d9bcfcd19fc25138ac66d474d80f4ad79f6d1e7844408e88034eeaff4a790338d546bfcd7424c119e211f363cb89c888749346a89d32f023bb6b0366a1ede4325032aa35f52e9df938a5027ebee9688ae480dde1a9c9b42d1a9c08f719223dfae1cfcd49dd1053aaa381c24cc9c7abfcf8f6d86d6af72eef05304412f3db2585aa9e0f3a4f1b6d710d02ab11db1fc90ad4de25d04299f3129c212e9cb73c0047953455bf98ec8fd2674e47b949957deeda018badc9f2f68a1b18ef5c583b095e08dd906da5f220da029b9c400e3ca91c7cbd87f3430c742337f61cf54745b0622bcb90762c6bafef87e1ec888c364fad646c33acc22af5438b84cd5:8fa6b0aeac71132ad882975868f1bdb8c11f1a6c1b9c54594e0e46286ea6c9a5d6d5b0eaeaca9ae3af74e72326b3b6f2eaa893c0ec42a49c56ef514f75c77f01f787321b42c08d4052449a488593d885b4e0c34a5d64149fa8b9c85ee54bcbecb50909b2a86b88258a10e07e8f8c2d068a89fb165a6ace7e64998ba57d89d9bf2b8b38a1f6d8364aee05ce3348bed48b88c2473bf5f2665f51ca073a5305358eaad4365d58b83bc9814e25f54c37cd9b68a808a57d6c2d7d7b6deb5fe20f4f96fe725f8de65c29a4f1ccefd7c2c6f2fc0116d58676acbc58691c79c2b006785a0975a31d8d3c949161596a068aaf2226ab842550e9c0b2610a29531d1f3f7f00826bb6c7dbe04e28ae1b9ff6f888a49d82812f452e1b32740b234ddd9642e18f32ad9a9af7f8952528674a2cda25b4f7ba867007ffa7f78f163db8f36914956bfaecd50f6d1af4ee133275a8eaab94bbc0ae52b6d9b2832634232ec0e8b5f8022d3ef1ead9b79ef9a16564277194f2380d9021e1f17b184b8d3a7a34d15139a39c7728c22e1a3a67a27a6ca4b8a8a0636c6054d0f741f046673619fc6b070e62ff4862f59d269007f3431339637a89f564c0db3d9bcfcd19fc25138ac66d474d80f4ad79f6d1e7844408e88034eeaff4a790338d546bfcd7424c119e211f363cb89c888749346a89d32f023bb6b0366a1ede4325032aa35f52e9df938a5027ebee9688ae480dde1a9c9b42d1a9c08f719223dfae1cfcd49dd1053aaa381c24cc9c7abfcf8f6d86d6af72eef05304412f3db2585aa9e0f3a4f1b6d710d02ab11db1fc90ad4de25d04299f3129c212e9cb73c0047953455bf98ec8fd2674e47b949957deeda018badc9f2f68a1b18ef5c583b095e08dd906da5f220da029b9c400e3ca91c7cbd87f3430c742337f61cf54745b0622bcb90762c6bafef87e1ec888c364fad646c33acc22af5438b84cd5: +2d5ddffa2e58c90451ea05de47b8c49234e26ced54854e3acef11d8ee6852da77bfd1c8a4a0bbb4606d2e5bc090f56b20d58f2204b6aed831d3df4d406b47605:7bfd1c8a4a0bbb4606d2e5bc090f56b20d58f2204b6aed831d3df4d406b47605:4f1c5b4e6fac3baa3e9010f3bf293c779e61fd7bbe05a586f5aaf08026371627a209acd188afb2dbe0311547940559711640f78aea9a62818962f445a8e7ed6fe6c5f49162e7435d1b625b88ba39dab0ad56fd2c0ad6512661362bf78afe5a1416b647f3b88a056c9e7289c9b0cc3afb43402198563493e737b1da052506b6c9306d75ad6693db6d1571f96f6f52990c4df19665a6bb63073fdd9f55596896a2e9c2622f2b0c2cc99ddd1b649fb0318058d74794e38ec657ebc82abd5bedf8b3f4bba3bb6c9935fdf6826502b769046b36d96dc695d7c85404284d2a2ab7fcf3b02f68a1493dd383ca6339fac1cde47f53c5e026d0869faffe40abdb98195230f17d0cfaa533315afdbfe7d1afc3a615b4f75090233a503f8861e32374e1ea9557674231d9d737d477b33ff82ac0b2c0ba93c11fb523e613618ed370524a60f4d4c83694c033606d1d069d544dccd3900c37a3b3363efbcf6697f9f762b33b1294583953fc53773ef56726eeb470ebe92149b73648a16161d494120a318bfb080cc38e4996f4b263ffe78c7877fe13c2fc55219f44260e8f253bdd379d870e6c91048b1d8d4e88b88218b2b049fef53b2ae1f8c921ed2bcb434669e3975dcc3fe4520ca8024842f7ff2ba1e22cfeb5d4c9e435eada601ff183b26364eee1faa59d19e6aa4f0975238496a709e46bf68336b068bd80b346f11faa3817a07d1cbd84382b2102986f295a1398077ba291d6b5f5bd860ec6177273468f0ee0f2591b575c4366e189b224e9ffa35bc78a4aa8c06954fe33d080ffc0b23e209fd0e79421f1bde818a86890cf172236db211657d1003119fe91d4e27c524ccc11fade0a25f57a7a1d677e1da0b9c043d02fca38:ced9d61010339c471ddf9fefcaa82d1eab3a2e0e60278553b4dd9f395be58149c91594e5618b0b10bf3aab94f159b530f64463eed66fa2ace54fd92572a06a0e4f1c5b4e6fac3baa3e9010f3bf293c779e61fd7bbe05a586f5aaf08026371627a209acd188afb2dbe0311547940559711640f78aea9a62818962f445a8e7ed6fe6c5f49162e7435d1b625b88ba39dab0ad56fd2c0ad6512661362bf78afe5a1416b647f3b88a056c9e7289c9b0cc3afb43402198563493e737b1da052506b6c9306d75ad6693db6d1571f96f6f52990c4df19665a6bb63073fdd9f55596896a2e9c2622f2b0c2cc99ddd1b649fb0318058d74794e38ec657ebc82abd5bedf8b3f4bba3bb6c9935fdf6826502b769046b36d96dc695d7c85404284d2a2ab7fcf3b02f68a1493dd383ca6339fac1cde47f53c5e026d0869faffe40abdb98195230f17d0cfaa533315afdbfe7d1afc3a615b4f75090233a503f8861e32374e1ea9557674231d9d737d477b33ff82ac0b2c0ba93c11fb523e613618ed370524a60f4d4c83694c033606d1d069d544dccd3900c37a3b3363efbcf6697f9f762b33b1294583953fc53773ef56726eeb470ebe92149b73648a16161d494120a318bfb080cc38e4996f4b263ffe78c7877fe13c2fc55219f44260e8f253bdd379d870e6c91048b1d8d4e88b88218b2b049fef53b2ae1f8c921ed2bcb434669e3975dcc3fe4520ca8024842f7ff2ba1e22cfeb5d4c9e435eada601ff183b26364eee1faa59d19e6aa4f0975238496a709e46bf68336b068bd80b346f11faa3817a07d1cbd84382b2102986f295a1398077ba291d6b5f5bd860ec6177273468f0ee0f2591b575c4366e189b224e9ffa35bc78a4aa8c06954fe33d080ffc0b23e209fd0e79421f1bde818a86890cf172236db211657d1003119fe91d4e27c524ccc11fade0a25f57a7a1d677e1da0b9c043d02fca38: +4df5e11dec80ecd882837554fa3135b9d5029df42027aa3b3c929246329fee96efd928898fa144c2d1c8334fa2e6b5b6a325a7102a2c344a145541ee9a6c046d:efd928898fa144c2d1c8334fa2e6b5b6a325a7102a2c344a145541ee9a6c046d:fbd6f371b4c8b152c9ce0c6396a77c0fe480bc02007f336ac58fd4addda9d69855ac9e93a45d3e350f41ff502aa1d8fe159ce89b064802a0a1890f6a40a7ef57c6e5e5ed040280df07e7f48fe819be63176710757cb6e440b4f78b5759dce028bf585b3c3feca1cf5981dadadfd27ea124af45ef638542a8617ff49f9470ac2285943c7c3b1163b903955ab99b6eab17f4d49ffa87207abbfc111c4b91f5413dfc9bea31843d115ddeb1da40b45f58f47c417b5e77d5818934e730eba9c4557bbf48cb7fd4e664558af4fb44ee3d94c16e883631f38476f4837db94d54122fa134ca51a525aad5e24b76018fee9a2e8f60e2bb48d24ab8b146f84ffa9820120e7c50d45c0cfbe35c8c31419b078e90712cfe934c3be3a94ff2158873aefe34dc6e36902b1675e1a47cb608dfe960fb4da8d2a8490cc38ebadc73a1003c4941fda8fae944a1de8e3b10ef6d9e67ceec745977d333ac9e71214121ede8892295e27799f206675a9d54ac12159d3a1f954fd0eeffbd30a31904fb2eee77a8aa9dc4ccbbe2851096146a4ce0e81fb9c62498dbd83bf83b55029a5e900086b9531ce3247a98f8654efd8fe7a836431f75daf0868f0108326e23026d2db4a72124ec4e39d4bbf3d846c9f51ca3cc31eb1d02c2ba321e4619f2b659c0bf0fe5c19b213f3c79124f3643f74dd0ff9ce5d27727be6c6958159c164404f43301fe1742e279de9efd441e73e4ea7a842587a79d115d36eca9c03c90ff0d147474109fc20a91d7b3cc22ebcbb8c7f71bd61e8cae47c5050cec1d4849a1d4a8e7a6f845548437706c25331c9e57c2cc6da117f2e5a0f4b368c4cb206265c4178e0655ff675ffc1d4c58eceb9edb4da3ad2c5f62cd13ab48:62545e6c07801fde95b461e2e753c4b6c84c25124eb330a2725989d5e340dcef0c7456d4c7c6a178a221b6328348253db787a9e5510ab9cc278515ae3e58fb01fbd6f371b4c8b152c9ce0c6396a77c0fe480bc02007f336ac58fd4addda9d69855ac9e93a45d3e350f41ff502aa1d8fe159ce89b064802a0a1890f6a40a7ef57c6e5e5ed040280df07e7f48fe819be63176710757cb6e440b4f78b5759dce028bf585b3c3feca1cf5981dadadfd27ea124af45ef638542a8617ff49f9470ac2285943c7c3b1163b903955ab99b6eab17f4d49ffa87207abbfc111c4b91f5413dfc9bea31843d115ddeb1da40b45f58f47c417b5e77d5818934e730eba9c4557bbf48cb7fd4e664558af4fb44ee3d94c16e883631f38476f4837db94d54122fa134ca51a525aad5e24b76018fee9a2e8f60e2bb48d24ab8b146f84ffa9820120e7c50d45c0cfbe35c8c31419b078e90712cfe934c3be3a94ff2158873aefe34dc6e36902b1675e1a47cb608dfe960fb4da8d2a8490cc38ebadc73a1003c4941fda8fae944a1de8e3b10ef6d9e67ceec745977d333ac9e71214121ede8892295e27799f206675a9d54ac12159d3a1f954fd0eeffbd30a31904fb2eee77a8aa9dc4ccbbe2851096146a4ce0e81fb9c62498dbd83bf83b55029a5e900086b9531ce3247a98f8654efd8fe7a836431f75daf0868f0108326e23026d2db4a72124ec4e39d4bbf3d846c9f51ca3cc31eb1d02c2ba321e4619f2b659c0bf0fe5c19b213f3c79124f3643f74dd0ff9ce5d27727be6c6958159c164404f43301fe1742e279de9efd441e73e4ea7a842587a79d115d36eca9c03c90ff0d147474109fc20a91d7b3cc22ebcbb8c7f71bd61e8cae47c5050cec1d4849a1d4a8e7a6f845548437706c25331c9e57c2cc6da117f2e5a0f4b368c4cb206265c4178e0655ff675ffc1d4c58eceb9edb4da3ad2c5f62cd13ab48: +85d32330e2e073a46030ca0ee2df2f8eb874a9fddf5624c8031775111f11eea26ea7de2ed5ea5cdf50bfffee77f7bd2fcc21d48666bb1f4890c76a69cc7ba4e8:6ea7de2ed5ea5cdf50bfffee77f7bd2fcc21d48666bb1f4890c76a69cc7ba4e8:ae6107f38ff94ed0327903cbaf6c3e3a3498c47abb2989a8b37b3a19df88c6de790accb4b7258177b9151d1fe04063577d3c3acdb4c929968afdad6f252a67ed4ca89d060f1a4653983f7ab58ddb93e2878fbab0637dbbeb95d25c5986839de2748d9f34027aeebf1d9eb936cb6770e08d45b8095bac9cbb71db14e8a34222b1f2237b9f0bc9766a231a6d102799f7c081d500fbeade603cdcdd7d5b965fbace4be5c2cd932dcf5f6ed31722f41d5a363b34babf3f636fb303824aa701dfe1d3e41263078c1ebbdcb1f73f1245b83e3fa70ab8e3f1413e6b06bdae022b714d60a401d57480dc64e7aac6d3de85fc94d853ca13b7e67415579d5c672123a5af194bee14ae35dc2724ff209f1166638661f881b1194aa4e31b42a527964781591504ba76103f97b7f5520315473ec94bb017a16667b22a8576a7cc2ac0b7756303c756f0ddaae9d0189e6c8de349f91957c72a529e9f7e9b9456524840ba02344f55ad3c11a0b259901439f2655ab9f8c6c8e8e960c057d9c7dafe425c75d4a33b801d4547cd0551a6802a8005dd72424764dcf57e4aa22290ea4f5baac51d7939c05342882ee14380ef2d4704b41949b2282a1e1a3fa7ddea9fe83b9fc51d4eefa2ebac722e4c0a7c599b6925f01b8a2066dc0c26f92196f4f503e887c1e6efb093f1531387bd88c691997b9b89e3cdf7da12d3734183a4b6126be9e0774704b529659b5548f1b87512cc1878ca4ef55990b483c9af6aa97635f4f07949727065abf21e21e32990b1a7d07d74e02d9b07ec639931bf9e2ca3941f2ba6b5ef14dcc2a247d2117e9cb41efa3fcca24716641452beed2f92657c2fb731f0b94e8c892a81bba91f639df43796acd3013ac044f608:414363fead6e59a3438ce5a3a277d62bdd00fa2efac6463dd13fcdded93a7f108ae1f528ffc8ff4eca331dab91ae5b1416e2ddb73b6daf853b03c81e9936560aae6107f38ff94ed0327903cbaf6c3e3a3498c47abb2989a8b37b3a19df88c6de790accb4b7258177b9151d1fe04063577d3c3acdb4c929968afdad6f252a67ed4ca89d060f1a4653983f7ab58ddb93e2878fbab0637dbbeb95d25c5986839de2748d9f34027aeebf1d9eb936cb6770e08d45b8095bac9cbb71db14e8a34222b1f2237b9f0bc9766a231a6d102799f7c081d500fbeade603cdcdd7d5b965fbace4be5c2cd932dcf5f6ed31722f41d5a363b34babf3f636fb303824aa701dfe1d3e41263078c1ebbdcb1f73f1245b83e3fa70ab8e3f1413e6b06bdae022b714d60a401d57480dc64e7aac6d3de85fc94d853ca13b7e67415579d5c672123a5af194bee14ae35dc2724ff209f1166638661f881b1194aa4e31b42a527964781591504ba76103f97b7f5520315473ec94bb017a16667b22a8576a7cc2ac0b7756303c756f0ddaae9d0189e6c8de349f91957c72a529e9f7e9b9456524840ba02344f55ad3c11a0b259901439f2655ab9f8c6c8e8e960c057d9c7dafe425c75d4a33b801d4547cd0551a6802a8005dd72424764dcf57e4aa22290ea4f5baac51d7939c05342882ee14380ef2d4704b41949b2282a1e1a3fa7ddea9fe83b9fc51d4eefa2ebac722e4c0a7c599b6925f01b8a2066dc0c26f92196f4f503e887c1e6efb093f1531387bd88c691997b9b89e3cdf7da12d3734183a4b6126be9e0774704b529659b5548f1b87512cc1878ca4ef55990b483c9af6aa97635f4f07949727065abf21e21e32990b1a7d07d74e02d9b07ec639931bf9e2ca3941f2ba6b5ef14dcc2a247d2117e9cb41efa3fcca24716641452beed2f92657c2fb731f0b94e8c892a81bba91f639df43796acd3013ac044f608: +66590d369984c6f5ad3a89c78ddfca10a0a7657995dc0188b6b57ac3164731a498873ab13346ee48677c4f8612db31ebd13db58b2b034fd155afa8720f4e93e8:98873ab13346ee48677c4f8612db31ebd13db58b2b034fd155afa8720f4e93e8:2ec1c6b0829737832c9c798a92eb490b23d334c3bbe627cb582d17a9e42960efcdc7d34750e0b4aa864c204fb8d62b47992e91dbfcfd69f51d937dc06c48c0ad43e8598371cd0e3bbce416bfd44b0944b993aa2993fdea487134cde42277723e0683ec98e69595e9b7b14c8cf9617a1e30ddb8060eacba48d88253b165336108de0cb02ff20f5424b567830869c9b4329c9945f0bf2f3c7acd1e774358930cd890fd9cb864d950935ad8a4a3beccae8f833f6356191371c32633dcf882709b0d98bd807b383aed8d7bb097b6e262ef700c9d768f4b5690e3a1a8f21755d658db2d1bfd2f7071e0caec7c2c5381c5ef5c2c2281c6bcedc867390b90f3b27b0f0f64a33658578a5c0d66e211e6fff6e86488acf82bc0f5e2664b83699046037c0d33d340ff98ed6263354c24273136ff0e4f0f233a6c8254fc0c90764330e3b1057b1e666d5ecd5a2efeaa6a105bfc858431b88ed7fe551eb32ac0af27c66a9803a3bcf87634c66c7066dd0197a3cbd2d6f4e65cfdb8f3daf9f3ca5c4f4e0add45f5541aa18d041f706e4fa87c34e9a223d88572eb50083ee8c7c475df568bc73bd08c0f0deaa374afb1c178d0dddb236e15a8bc2385ed3f52b8761e637887407a20aec3e99ec830dae3167ef0cdb3f3ffd200d83b75b749690b9e25e2171d072ca56f71baecd21f7d45a12c91b2c0fb3fea3b158e54648284bb0095b36244b0b121f9f1384ce9004365e7772fa30828250f51985f1b17b2d2f80a33e8fc6d8565ea15cdaacd42a87bd7c9408b1fe1c770665bdded754bc2ff2ef91b973a86b99f1059c6f227246a698b38541509dd5449fce60d386224183b7dce1b3884f7bae1c2e4eb594510b5ca585279d9041df8817b0619:f0db63a1bc7624161ca0063853b2dee45fccd22471e012366f868a4a9c74654e13f1a315ad83916ebfb8dc31a420f83cf645c4c9d16bb4d5d99d23c7b43e23002ec1c6b0829737832c9c798a92eb490b23d334c3bbe627cb582d17a9e42960efcdc7d34750e0b4aa864c204fb8d62b47992e91dbfcfd69f51d937dc06c48c0ad43e8598371cd0e3bbce416bfd44b0944b993aa2993fdea487134cde42277723e0683ec98e69595e9b7b14c8cf9617a1e30ddb8060eacba48d88253b165336108de0cb02ff20f5424b567830869c9b4329c9945f0bf2f3c7acd1e774358930cd890fd9cb864d950935ad8a4a3beccae8f833f6356191371c32633dcf882709b0d98bd807b383aed8d7bb097b6e262ef700c9d768f4b5690e3a1a8f21755d658db2d1bfd2f7071e0caec7c2c5381c5ef5c2c2281c6bcedc867390b90f3b27b0f0f64a33658578a5c0d66e211e6fff6e86488acf82bc0f5e2664b83699046037c0d33d340ff98ed6263354c24273136ff0e4f0f233a6c8254fc0c90764330e3b1057b1e666d5ecd5a2efeaa6a105bfc858431b88ed7fe551eb32ac0af27c66a9803a3bcf87634c66c7066dd0197a3cbd2d6f4e65cfdb8f3daf9f3ca5c4f4e0add45f5541aa18d041f706e4fa87c34e9a223d88572eb50083ee8c7c475df568bc73bd08c0f0deaa374afb1c178d0dddb236e15a8bc2385ed3f52b8761e637887407a20aec3e99ec830dae3167ef0cdb3f3ffd200d83b75b749690b9e25e2171d072ca56f71baecd21f7d45a12c91b2c0fb3fea3b158e54648284bb0095b36244b0b121f9f1384ce9004365e7772fa30828250f51985f1b17b2d2f80a33e8fc6d8565ea15cdaacd42a87bd7c9408b1fe1c770665bdded754bc2ff2ef91b973a86b99f1059c6f227246a698b38541509dd5449fce60d386224183b7dce1b3884f7bae1c2e4eb594510b5ca585279d9041df8817b0619: +41cf071f4842ecd494191b8cf28cc0923185ef1b07458a79a59a296d3549822e6dc8e446db1da353b58d0c45d8b4d816ba59e25bb680712d62d6d3dbf78d0698:6dc8e446db1da353b58d0c45d8b4d816ba59e25bb680712d62d6d3dbf78d0698:daeb5f0e84f1590bca2b9d9719ef5d1cfa79e0583446332f18e9e4feb0b1f15340297ac9ad6724c85bb16558ea54eb5d702a47248badc6252a804371b74cfe1062d1dba1ec68fd1d4dd029cb55034bbf61068251eff3983636f6debd5727be91993b3e4d0abc96ec196421a47b7893f83986d6c0323f0d19aaf2cde9d3565c104c9d3176ecb5ed5e173fee52b5a0c42b6ab2fcb1ccba9649c2c67c520e9b96cea693df3e58609ad6a0bd522efaaf03858d245dd0a38f84a2fb1020f4dd97c3aeef0e24477d30d256701e900bef26a8a6269ab660d74293a2bf1d20c2cfaebb7c2820f5f5b07453bb69ee769b52391539f0c606d22eb3923ee6f5a1d46050af90f011f851ace76327d3d18c48170a9a25b04b770fd938ef8a30b7bd03391dd36c516b62f0cb78670740e00e69595c418d967253820b754c4fd666e3cce16ee0c94183bbea706fe298e1c99ddb821217ed9008cc8e8b83bc8b819915b07b146fe745024ac3c46116cb4cce5e32ec5d7524a2388d9fe297eb02811af4546fcd5860e14c0d13f03dd75a4249615900078a3c358c5342962bc1beacf68c246821a459ab5321ec9f574f49d10389f40f14ddfc8513ffe3deaa7336035a675fa5858b490c5d247780064adbaf75a76335eec9ab918771b0b1df5147642aef4a166ab172ed601fed210f6c0cffd91869f7490b57e7c65241863e7e8c0a26eba63b5342d0fd8214ac731e1c438d0177115f6a19e0935c7af6bc7dbeb75511d9bd8e63e3e2f47ab0dd1cedd7b180d74a4b44d461197aefdd3620465166a39b45395043ce8874cdd72c602bd3d2eecbad3466b5cb1aa41ae92a8afef2d764cec0c449d27efac437938f280bea9c50a582e57c27f9b3de872f0c:41052bc417b24dc48383966af0143f9c0ba85bbefbdaf791b16a4dad1f570eb80703c0a2cdeb2f7ad6dcd3fa7bdb5c225e869cd8fb278dff0667d38accf3db08daeb5f0e84f1590bca2b9d9719ef5d1cfa79e0583446332f18e9e4feb0b1f15340297ac9ad6724c85bb16558ea54eb5d702a47248badc6252a804371b74cfe1062d1dba1ec68fd1d4dd029cb55034bbf61068251eff3983636f6debd5727be91993b3e4d0abc96ec196421a47b7893f83986d6c0323f0d19aaf2cde9d3565c104c9d3176ecb5ed5e173fee52b5a0c42b6ab2fcb1ccba9649c2c67c520e9b96cea693df3e58609ad6a0bd522efaaf03858d245dd0a38f84a2fb1020f4dd97c3aeef0e24477d30d256701e900bef26a8a6269ab660d74293a2bf1d20c2cfaebb7c2820f5f5b07453bb69ee769b52391539f0c606d22eb3923ee6f5a1d46050af90f011f851ace76327d3d18c48170a9a25b04b770fd938ef8a30b7bd03391dd36c516b62f0cb78670740e00e69595c418d967253820b754c4fd666e3cce16ee0c94183bbea706fe298e1c99ddb821217ed9008cc8e8b83bc8b819915b07b146fe745024ac3c46116cb4cce5e32ec5d7524a2388d9fe297eb02811af4546fcd5860e14c0d13f03dd75a4249615900078a3c358c5342962bc1beacf68c246821a459ab5321ec9f574f49d10389f40f14ddfc8513ffe3deaa7336035a675fa5858b490c5d247780064adbaf75a76335eec9ab918771b0b1df5147642aef4a166ab172ed601fed210f6c0cffd91869f7490b57e7c65241863e7e8c0a26eba63b5342d0fd8214ac731e1c438d0177115f6a19e0935c7af6bc7dbeb75511d9bd8e63e3e2f47ab0dd1cedd7b180d74a4b44d461197aefdd3620465166a39b45395043ce8874cdd72c602bd3d2eecbad3466b5cb1aa41ae92a8afef2d764cec0c449d27efac437938f280bea9c50a582e57c27f9b3de872f0c: +a2c8e161a8d9d6e888c3d09b0b972737307a2cbd2acd7ccd804d2431ac6c58d23a325775886732deca406857a8056010aaea2875545ba6f3df30754571386992:3a325775886732deca406857a8056010aaea2875545ba6f3df30754571386992:83a3bebcac5f28c5433e3c4f1e7bf5d2e4dcd2f5e59dbee0a83b07025715350746f85675f1dfea374aa7d794287b892ef9097ff6d2e122f0a656fba0798cdcfcb3645dfcfd788c740c0fd04520e7a06a02a05829630a2bf0cdfe2ecca009ec44049946bb1d2326ddd61d7ec640bf69eb44fb23cc1ff478c570c75db7e766e35b7c43db73680d1407a94399fb621baf3845745c1c4ed0b9f0b485be2d53c568545ddf18775a837a05d9c9157b084e8cd01fc324f07f116877e4075dba2432c8a7752e9e939586ad93f0c0aa5edac94b8d82e5449997b15b8c8961589c442821aa83b60239ec5f158c3f5e9ec5bea5115d5fed61918e8fcd5bce61c777f20b6bfe803a69c6fc794ab8c57df271da863872a61335b1fa29f4608ff037f712069809ca642a0307c79aa92e10cb893a29d17201a0b6d1b46a7212b3baec9703c0b0392ba6b76e5c9c10f83599b81ea22283f9547aacdaa7f30896d1ff731e11fb9e56ad06030417119805bab63521496c3bb92a12f5e55afcf60ed4217737f3046b16ca506657a6d696d75a6d8e18e9efe2b08c8b1fa0728238e27cfb322166eee4ee76968b777b50ee6a2b804e1e9b46016620132b6588718d978ca2c0026979c400d3c5336751210f0b00d269ec8f4e2f9559e180332dd270e50cc9465c5558936355521bc3c9560fc19ec14242121e6bb2fff8f50337fc264acf1ac1704328334b3b52cba96d9303b1b5db859dae31d80f1711fba251e10b4d122128f9faff6872d0c0b81eef59541f832b0a9df3a4cdd591c87736b1aecf242c275a10c3fd67839dad4ef399b9494ecd77f7ba5b5d4f2ca304e5b22921307cb18fa64aa3d01c4411c8369ccede465ee369ee637d43d28826bf60ddde:560d01b94df11d83347752ff51b3545ef55c5632ae7c8efb11aadd8312def72562e8f5d75ece10ad46bc96c860deece39e634a5f50654d4cdba84a8e6f70240a83a3bebcac5f28c5433e3c4f1e7bf5d2e4dcd2f5e59dbee0a83b07025715350746f85675f1dfea374aa7d794287b892ef9097ff6d2e122f0a656fba0798cdcfcb3645dfcfd788c740c0fd04520e7a06a02a05829630a2bf0cdfe2ecca009ec44049946bb1d2326ddd61d7ec640bf69eb44fb23cc1ff478c570c75db7e766e35b7c43db73680d1407a94399fb621baf3845745c1c4ed0b9f0b485be2d53c568545ddf18775a837a05d9c9157b084e8cd01fc324f07f116877e4075dba2432c8a7752e9e939586ad93f0c0aa5edac94b8d82e5449997b15b8c8961589c442821aa83b60239ec5f158c3f5e9ec5bea5115d5fed61918e8fcd5bce61c777f20b6bfe803a69c6fc794ab8c57df271da863872a61335b1fa29f4608ff037f712069809ca642a0307c79aa92e10cb893a29d17201a0b6d1b46a7212b3baec9703c0b0392ba6b76e5c9c10f83599b81ea22283f9547aacdaa7f30896d1ff731e11fb9e56ad06030417119805bab63521496c3bb92a12f5e55afcf60ed4217737f3046b16ca506657a6d696d75a6d8e18e9efe2b08c8b1fa0728238e27cfb322166eee4ee76968b777b50ee6a2b804e1e9b46016620132b6588718d978ca2c0026979c400d3c5336751210f0b00d269ec8f4e2f9559e180332dd270e50cc9465c5558936355521bc3c9560fc19ec14242121e6bb2fff8f50337fc264acf1ac1704328334b3b52cba96d9303b1b5db859dae31d80f1711fba251e10b4d122128f9faff6872d0c0b81eef59541f832b0a9df3a4cdd591c87736b1aecf242c275a10c3fd67839dad4ef399b9494ecd77f7ba5b5d4f2ca304e5b22921307cb18fa64aa3d01c4411c8369ccede465ee369ee637d43d28826bf60ddde: +d3d188b390baccd95024526146b82b9184e197e46a9340a0e6ec18bf75be7fc5d8f794948aa6986100214e9b7b9024420806b4c67846d5bd506113b353a2ea3d:d8f794948aa6986100214e9b7b9024420806b4c67846d5bd506113b353a2ea3d:5e65658e420375433fd7c1f6be678841e58104f10b4c676359d84fce7992f5c57557d738f830b505fa0c2b9eabf8d1a9f81fe8f315d662e2b84ce95299ebf4e503b5e1f7f8cdb668ae733f3d0cdd4c742ab5f272bea4f18d183e8923847662f9a39cd4b14ec76d11032fe573c26201aef66601cec683e34b89afd964e987801c706a85e27bab33701cd109bcf07b27ca67f022c494a04cbe5a9c6d63aad936cdf1a180fd05865198b96f06a78da95799d3aa4df3b170033c69e8fb04288c3546553b579c0ae3938062d3d8421cfa66268529bec0271e53b4ee7d099e7148a802df80fe5eedee1c903ae8ed4d640ead761262dd4014f25f9397ba3f1c08d83a3c485cfb55f89919aa972d6b7e7711be9e30c1eb96a0c3845309fb23dbc75b6991dd6e48cdde90e04f228e8ccf3ba23f2747cfb9d3381a9305f816f26cdde41c0220fad228ff6a8b095c77b6bae8fa3368142724bf1f5e0f6fbca5320c215b6ba86b91e3a8acf750e93fa7eaa65c4f785ef8421a19c1e27bc24b428e08a90242abac9bd4aa03c656f8f46dc40b36152c1bd0def1acfc0da10a2fa1dc3da7ace5a8fd76227bb1a602390fe57afd32efe281f2ea6b2e4d2545cb88d2308d72691c9a52b4ca25231a0107f25d117cc935397621c683bdc8f22e810340f2cbac4ceaa3468665261879f0074200743e0de5f3e58308b98b04b8c7148a4e004e667e832b0084b5f2bdc6fdc959f2fc28a8d31d9a9e78e5d5f9c0b119e5ff1f68f7c0daf0c0f16947cca5b7ced09601e2ebed282ef2bf8fe9a27ed27fc5bcda8aed6c71bee3e7751004472689bbf6d9d07952a242ff870d7c3f5e1ffc2c1f40fc9ab7579b392b554f3dc588c03ab957431fe5d02cbc711ad489fe:16976b267de96e38dddc8478075f6bdd7159e56334b2d2d1920946294f33cd6b7f9c50f8057f496cab5d94bb4dca262f9f0fdf9b1b64741f4b722d32efa822035e65658e420375433fd7c1f6be678841e58104f10b4c676359d84fce7992f5c57557d738f830b505fa0c2b9eabf8d1a9f81fe8f315d662e2b84ce95299ebf4e503b5e1f7f8cdb668ae733f3d0cdd4c742ab5f272bea4f18d183e8923847662f9a39cd4b14ec76d11032fe573c26201aef66601cec683e34b89afd964e987801c706a85e27bab33701cd109bcf07b27ca67f022c494a04cbe5a9c6d63aad936cdf1a180fd05865198b96f06a78da95799d3aa4df3b170033c69e8fb04288c3546553b579c0ae3938062d3d8421cfa66268529bec0271e53b4ee7d099e7148a802df80fe5eedee1c903ae8ed4d640ead761262dd4014f25f9397ba3f1c08d83a3c485cfb55f89919aa972d6b7e7711be9e30c1eb96a0c3845309fb23dbc75b6991dd6e48cdde90e04f228e8ccf3ba23f2747cfb9d3381a9305f816f26cdde41c0220fad228ff6a8b095c77b6bae8fa3368142724bf1f5e0f6fbca5320c215b6ba86b91e3a8acf750e93fa7eaa65c4f785ef8421a19c1e27bc24b428e08a90242abac9bd4aa03c656f8f46dc40b36152c1bd0def1acfc0da10a2fa1dc3da7ace5a8fd76227bb1a602390fe57afd32efe281f2ea6b2e4d2545cb88d2308d72691c9a52b4ca25231a0107f25d117cc935397621c683bdc8f22e810340f2cbac4ceaa3468665261879f0074200743e0de5f3e58308b98b04b8c7148a4e004e667e832b0084b5f2bdc6fdc959f2fc28a8d31d9a9e78e5d5f9c0b119e5ff1f68f7c0daf0c0f16947cca5b7ced09601e2ebed282ef2bf8fe9a27ed27fc5bcda8aed6c71bee3e7751004472689bbf6d9d07952a242ff870d7c3f5e1ffc2c1f40fc9ab7579b392b554f3dc588c03ab957431fe5d02cbc711ad489fe: +61917a975cb7ec564c708a565388c57236a66b697dcd5a7f10bae671572ac7f0ecc0f0b99276e528f82b42f2efce8579f83e638c6acefd072828c04e434f55af:ecc0f0b99276e528f82b42f2efce8579f83e638c6acefd072828c04e434f55af:6e970e0b1c92a7f496a82d8ae80cfd0ccef1d2c799d41728f35ddcd603b421c2a5ab3b489e78f4b62297de437c5ad1a9683ff87fa28eb3cc38ce242af59419f9fd43fcaa54fc398992f8c8e31f2b33dcccd0ee11ba7b388e8d2a36ead067c6beced5890ab7d4a94f55dab92128a0f814c0e68971df57bd5078a7403175c7c2fdd4a52447153ab37456729aee33e5fc93db8e7f480309875ecf6db07ce7f3cac5de49e361275ca50b6b719f4b715b3e30863cbb3b7164ba9eb96ef3304b19ad4d74dce4bd25e77bbbbeff1ee7d1fb55b9c4f7fc4cd9bd55108afcf99c1a41cd6f6b1adb297b106c8ba24e3134f87dd8efe5cf85492291b94d6600958c28b9122fe6e01bd3e329e42d1926b89f7a8c40a49867e5aa3ad749bd98dae7d006b453609e7dae26364d9172be7283330121ed2b4027e0885118743a6ea0cb7dc27409a9b2820bcc242ea10a00937bf849201e0fb6199421f163e9794f2dd4b332014a09d3ee8071da787747f990f5179919027ddff7cab0f55e9afa8eccb16cc2dd3cbbead7ff7ec818c253393f748741f55407f7408ee33a42ae2d6ecb3fb600a71f30ab630606e553b43678e59854f3a2947bcf4ea0fcfedc314d8370d1266395fda3c9105e975952f60e3086bb82481513d6fe8adb4f95efb9a95b66d480d2bb171078cf40684ac69a789c7fb7fa425333d705db00066755df728de02df25bae34f1d7d49caffc51e9ba2b10b98fe4cd9d22b7764ed931edb5f0b554496e995391e0af0b8d1c7a8295a8d15a7c6556d29cb19e0855ca505ad01d2aa30928a84bc48959576d812d9b27b8e88879faa2806c0841360ecd0fe83f5b848fc12f658f1e7f40e561c2e78d3b0125210a92061c2db21ba660e8608ff5:6abb3e377b5c80b74f77219c1a9e096fba0eb68990817acff12dba7f61c77ccf595fb6608552003cead06ca1317c9cd51ac4724b29f40921fb928433768764016e970e0b1c92a7f496a82d8ae80cfd0ccef1d2c799d41728f35ddcd603b421c2a5ab3b489e78f4b62297de437c5ad1a9683ff87fa28eb3cc38ce242af59419f9fd43fcaa54fc398992f8c8e31f2b33dcccd0ee11ba7b388e8d2a36ead067c6beced5890ab7d4a94f55dab92128a0f814c0e68971df57bd5078a7403175c7c2fdd4a52447153ab37456729aee33e5fc93db8e7f480309875ecf6db07ce7f3cac5de49e361275ca50b6b719f4b715b3e30863cbb3b7164ba9eb96ef3304b19ad4d74dce4bd25e77bbbbeff1ee7d1fb55b9c4f7fc4cd9bd55108afcf99c1a41cd6f6b1adb297b106c8ba24e3134f87dd8efe5cf85492291b94d6600958c28b9122fe6e01bd3e329e42d1926b89f7a8c40a49867e5aa3ad749bd98dae7d006b453609e7dae26364d9172be7283330121ed2b4027e0885118743a6ea0cb7dc27409a9b2820bcc242ea10a00937bf849201e0fb6199421f163e9794f2dd4b332014a09d3ee8071da787747f990f5179919027ddff7cab0f55e9afa8eccb16cc2dd3cbbead7ff7ec818c253393f748741f55407f7408ee33a42ae2d6ecb3fb600a71f30ab630606e553b43678e59854f3a2947bcf4ea0fcfedc314d8370d1266395fda3c9105e975952f60e3086bb82481513d6fe8adb4f95efb9a95b66d480d2bb171078cf40684ac69a789c7fb7fa425333d705db00066755df728de02df25bae34f1d7d49caffc51e9ba2b10b98fe4cd9d22b7764ed931edb5f0b554496e995391e0af0b8d1c7a8295a8d15a7c6556d29cb19e0855ca505ad01d2aa30928a84bc48959576d812d9b27b8e88879faa2806c0841360ecd0fe83f5b848fc12f658f1e7f40e561c2e78d3b0125210a92061c2db21ba660e8608ff5: +7ba25f2797a2836f379d6bbcbe9abf4f2def5e52f72bd9e0b006571022fac2f36c2ed4e8c0124d5d0540796d3945d1de71aa6969e6abea0f1b0e6fc429c7046f:6c2ed4e8c0124d5d0540796d3945d1de71aa6969e6abea0f1b0e6fc429c7046f:171a3409878097b3b22b2c00660b46e542c2164c00bbee54554837940e70f03da9916a40f9bde8288f45e47bef7ffe4e557cd4474045e740fd959d984f4ec81da88d44a373c1eda0cfc6b08e351373d3b82ab0902df8063fd908e703e0cbec410ab5cdfeaae00188ce2ad42b8bf04f7daa5f0ee333a6f9311b4ad9810952d5d5a64b20f37e845415fc3cdd616febec50db296fb3f3bb7f6b366bbe52e4897a05617bf7c981a62edcbbbe5da4c39cafa869aa2b2734e6cfed90ed8be75949390ee44566892455b890cf568b945aabb758d3854be6539f3b86bf01d188e48cf2626a0d7d381703be6ed1290dfb947bc2e0f83dbc58703080d7f5b9ef19aef930908f68f0c80010a9401b303a9f6da805bb8a0ed0f39413eefedf919ffd8ea6391bf95d4229604e49457b8e23bec611484cc7f9832dd95bdc3ad177c050f4ab633dcdb3e691f5902873b38cb0720b9113357fe0cfb98a68cccb5d5f0809d59a375cf7b5a275d43c4c34ff68e448526e8e1aad44e20008a232afbcf532a42b50a025a1b2ee4e077eb0125a593d51a200ec20d872c05838ad36aaaeeccc3ed9ef41f6d122670217d5c08f6e13c172194589acc3c59f7ef790c7c85aa6d5eb69d4c89a72f5e7c9246985c1ac0c5d197f76a73e3774839d4aa2096aca190a30f4aac54057b64f358e0e06400c0df2f876412d34484c4344f4d7c866517d3efba4a90fa7144c9ba5db3361db5769403ec81626a511f93e30f8586eadfcafd9a36ecff8d24b42079ada8e579ac30851177bce9038b0e1300072d68efdd723f6355064843275815a66b9d73a1299aa59a1812f6452fb4115ea2b1f9ff4a99690596e3f2022d81ed874dd67e6189ca0e68b9304e993a95b66665e0d074c:f1f590a907ba980eb0d648ab4ded5f92faf7cb851d81d858a78fa6b77cbbe12f64d20df52771a7d5e539a152d731e1903d4211fdcfef9a48b46c8fd5394ca009171a3409878097b3b22b2c00660b46e542c2164c00bbee54554837940e70f03da9916a40f9bde8288f45e47bef7ffe4e557cd4474045e740fd959d984f4ec81da88d44a373c1eda0cfc6b08e351373d3b82ab0902df8063fd908e703e0cbec410ab5cdfeaae00188ce2ad42b8bf04f7daa5f0ee333a6f9311b4ad9810952d5d5a64b20f37e845415fc3cdd616febec50db296fb3f3bb7f6b366bbe52e4897a05617bf7c981a62edcbbbe5da4c39cafa869aa2b2734e6cfed90ed8be75949390ee44566892455b890cf568b945aabb758d3854be6539f3b86bf01d188e48cf2626a0d7d381703be6ed1290dfb947bc2e0f83dbc58703080d7f5b9ef19aef930908f68f0c80010a9401b303a9f6da805bb8a0ed0f39413eefedf919ffd8ea6391bf95d4229604e49457b8e23bec611484cc7f9832dd95bdc3ad177c050f4ab633dcdb3e691f5902873b38cb0720b9113357fe0cfb98a68cccb5d5f0809d59a375cf7b5a275d43c4c34ff68e448526e8e1aad44e20008a232afbcf532a42b50a025a1b2ee4e077eb0125a593d51a200ec20d872c05838ad36aaaeeccc3ed9ef41f6d122670217d5c08f6e13c172194589acc3c59f7ef790c7c85aa6d5eb69d4c89a72f5e7c9246985c1ac0c5d197f76a73e3774839d4aa2096aca190a30f4aac54057b64f358e0e06400c0df2f876412d34484c4344f4d7c866517d3efba4a90fa7144c9ba5db3361db5769403ec81626a511f93e30f8586eadfcafd9a36ecff8d24b42079ada8e579ac30851177bce9038b0e1300072d68efdd723f6355064843275815a66b9d73a1299aa59a1812f6452fb4115ea2b1f9ff4a99690596e3f2022d81ed874dd67e6189ca0e68b9304e993a95b66665e0d074c: +d1e1b22de5e04c9be4651dd73995a3666cb5352c65ac7b7051b366fe1ac0c31012fe56f1012d5c12f135ed5982f382ae5f1143bc90e8cb8c93051754551ee90a:12fe56f1012d5c12f135ed5982f382ae5f1143bc90e8cb8c93051754551ee90a:c7f218b5aa7aae1799625a56c4d7d7b02637e572f1411a6122f113791aa3c628e819602fb4f0335a6123013fa64e9fdc4e4ae497bd169c2fa77bc236129717f462886b410893fa7809cbfdc892223b40ee041ebd4ec7ddab55be6081a1646643a9120baa46289acba15b3b48af3b7adecd69f43eede79d9b1957e1d8c3129e0fa0579d3d395370461b0e1255c9caa94e4725601cb9d0e2d60244d15b64e1f7bc9015590ad0991f12f8267311206e9eb5d16add0ba5218fce5fffe1c9ce5ffe1f731132f4b12cacb02f97451710846b7f824f4fa9e08919266469789c00ce0d94d38fa8fec3f51f2f886e9db09b804470b19ec9e80663f155b4984d2bbd0b2ce99302e06c64444b696e3129fcef34c3dd00f7ab5beda747a3fc6339192b740f3569b67dbd6ffa39e271faa400d9616bff86ec49a659def2e7f5d451f2a2b35e662a6e7cc22f1e5cdcde8a59988135b7e76562743c1e6a099901b3ef97cbff23f209bd7088c2f03245279a1dc78dddc1bb0c1d35100357882126b328d3d94e0871b60be253fd1b6ecf03c1db731d9eed0edf2b2643230780a4d66e99179aad1b82402e55f6d785ebc80f8dd2fd2beb09f31035df62c17f428ed0b2d56508db31e6d2dd5fb69ebeeea3257070cf2fe67d42d28816a55dbae0b185db4421bbfdaefc79c08cdc1accf71642562ec70036da2bbafa4a891954c4ee4049b55c640e91930e39e3ef1018dc1647f26942c6dbdf4d56e41eb2c898c821fac17cc273e8e4aa5608a812cf4b82f96019c252d56e7805298ccbe8ce40b0bd0f933b884c0faf97a958b20408b8a5297cce5527b2ca212806e72a3264457a7fac8662b82ca233e1c7758dc6e4f1b9995863f25f747bcee43b639b1f8f2026d2d2:abaab4fa6aeb0a0b34ee0d613a0af049edb4cedbfe9d3bebe9c00618b115b9d1fa524ec3495e1330b0936181eabb14299faccc40eaa8cca57ed324b7a6420c0ec7f218b5aa7aae1799625a56c4d7d7b02637e572f1411a6122f113791aa3c628e819602fb4f0335a6123013fa64e9fdc4e4ae497bd169c2fa77bc236129717f462886b410893fa7809cbfdc892223b40ee041ebd4ec7ddab55be6081a1646643a9120baa46289acba15b3b48af3b7adecd69f43eede79d9b1957e1d8c3129e0fa0579d3d395370461b0e1255c9caa94e4725601cb9d0e2d60244d15b64e1f7bc9015590ad0991f12f8267311206e9eb5d16add0ba5218fce5fffe1c9ce5ffe1f731132f4b12cacb02f97451710846b7f824f4fa9e08919266469789c00ce0d94d38fa8fec3f51f2f886e9db09b804470b19ec9e80663f155b4984d2bbd0b2ce99302e06c64444b696e3129fcef34c3dd00f7ab5beda747a3fc6339192b740f3569b67dbd6ffa39e271faa400d9616bff86ec49a659def2e7f5d451f2a2b35e662a6e7cc22f1e5cdcde8a59988135b7e76562743c1e6a099901b3ef97cbff23f209bd7088c2f03245279a1dc78dddc1bb0c1d35100357882126b328d3d94e0871b60be253fd1b6ecf03c1db731d9eed0edf2b2643230780a4d66e99179aad1b82402e55f6d785ebc80f8dd2fd2beb09f31035df62c17f428ed0b2d56508db31e6d2dd5fb69ebeeea3257070cf2fe67d42d28816a55dbae0b185db4421bbfdaefc79c08cdc1accf71642562ec70036da2bbafa4a891954c4ee4049b55c640e91930e39e3ef1018dc1647f26942c6dbdf4d56e41eb2c898c821fac17cc273e8e4aa5608a812cf4b82f96019c252d56e7805298ccbe8ce40b0bd0f933b884c0faf97a958b20408b8a5297cce5527b2ca212806e72a3264457a7fac8662b82ca233e1c7758dc6e4f1b9995863f25f747bcee43b639b1f8f2026d2d2: +df294e477b1b91c5ac5b98c330d222d7cd2d53e7d0bc0ca403df4ec75327a2745f0bd22f2f1896d1563b4f6940c7df89efc258c0ff6c2fcd674daf4f59fcdb60:5f0bd22f2f1896d1563b4f6940c7df89efc258c0ff6c2fcd674daf4f59fcdb60:3e42d668409630cbb84812ac7ff1154f70fca8bdff3f1a040fa3af868aa1c4e91508b1aefdf5c3a8b4b077a4d162d2c05bd364fbbe8c5a08314c2e07dffbd6e8dd2e08a0dcc96ea92ddd4c97f79db9425a6c6b34c46043d09a68b7687236a918d21a561610a13ac5e446e0881bb26cc8e28aad1654f867ad82ae33f8f7a78a65be57699475516a1a8746843e93a1a294354624fac04d452ccfbe4fdd92a951aaa07d26676d5cb077a5000d439c124276c0dbcf86e7aa153cc24b5aff677c6badc261c289f4a4ae519b2e2fff312fbf0f5b4c4698f6aedd8fcb1d2348942de3fb73ba27f6db14c2f09180356e5fcae1adf65e22425f8c27f19e989483506e5df57a1b613a22e345038b3ea91c0f78ffff46383f38c72225358a34570d6f664a17454a151613f01cba777f62ec831875ec5e27d257f180b6366cb183107c40f50b01b2b9bf91b3b5549ed931a3537aa41689f72b257a6aa39cdc6fcedf143983be5bffe3ae2b29f82f882122d66a7925f5a710826c0dadb7e4fa4ec079ba2e76dada433f3077cb1ef74613fc5dbf8258b6da7c73c866372457ed500f97f9907e1fc26353c70ba3bd9c36151d46865d2c65986562485cf8421febbe777c73e6cd0026d66d35128b9f8f33264aeb56bd3e4b8d1f5266411ef3b23b76b36d4c9df3c512fd560c2be52ac523c19377ad2adc0e8c309cf5bbf72d9eb85d65a94847d497d8d102424fb84381666ecb1c35a3725d7d9e9284fdebb6b362aa6a9c6fb37aba87357f574c0e63b4497d498ffbb7d0692d784b4b18ce9f9150c146d3d18c382eda04938c69d0778f2902d5235a5652b97cef6d5f60da6bd7ed4ff97cd94d4939caca3b6baa3cfdac04cda95596f467cbc6cbcd9264167743eac1:9945ab73b58562b355dabc4e2b6be7e05f37f89571440ccc32c1a94737095b7866747d21007000a0f0e351114b88e0138b55df44fe72ebe9591410e707fa9d023e42d668409630cbb84812ac7ff1154f70fca8bdff3f1a040fa3af868aa1c4e91508b1aefdf5c3a8b4b077a4d162d2c05bd364fbbe8c5a08314c2e07dffbd6e8dd2e08a0dcc96ea92ddd4c97f79db9425a6c6b34c46043d09a68b7687236a918d21a561610a13ac5e446e0881bb26cc8e28aad1654f867ad82ae33f8f7a78a65be57699475516a1a8746843e93a1a294354624fac04d452ccfbe4fdd92a951aaa07d26676d5cb077a5000d439c124276c0dbcf86e7aa153cc24b5aff677c6badc261c289f4a4ae519b2e2fff312fbf0f5b4c4698f6aedd8fcb1d2348942de3fb73ba27f6db14c2f09180356e5fcae1adf65e22425f8c27f19e989483506e5df57a1b613a22e345038b3ea91c0f78ffff46383f38c72225358a34570d6f664a17454a151613f01cba777f62ec831875ec5e27d257f180b6366cb183107c40f50b01b2b9bf91b3b5549ed931a3537aa41689f72b257a6aa39cdc6fcedf143983be5bffe3ae2b29f82f882122d66a7925f5a710826c0dadb7e4fa4ec079ba2e76dada433f3077cb1ef74613fc5dbf8258b6da7c73c866372457ed500f97f9907e1fc26353c70ba3bd9c36151d46865d2c65986562485cf8421febbe777c73e6cd0026d66d35128b9f8f33264aeb56bd3e4b8d1f5266411ef3b23b76b36d4c9df3c512fd560c2be52ac523c19377ad2adc0e8c309cf5bbf72d9eb85d65a94847d497d8d102424fb84381666ecb1c35a3725d7d9e9284fdebb6b362aa6a9c6fb37aba87357f574c0e63b4497d498ffbb7d0692d784b4b18ce9f9150c146d3d18c382eda04938c69d0778f2902d5235a5652b97cef6d5f60da6bd7ed4ff97cd94d4939caca3b6baa3cfdac04cda95596f467cbc6cbcd9264167743eac1: +70c6859f08cf42b4bda9eb62979dffb7cb08eb3dabe93fe94b01384617cf6730401c9e2033e2259fb6383b3e8b9e17b3f2062746bbe648cf484516db0f2f1b06:401c9e2033e2259fb6383b3e8b9e17b3f2062746bbe648cf484516db0f2f1b06:dd0609ea159921395d11fb2da8ea4f747d7f74b58052e01cad40a271fa0bbeed91020f4f0c0846c4f07778a6aa768eb51712294e9e1f32a602b152514f5e6d39f9e08f7a7812bd900c10a91469e47e8a78e54cd4bd7cfededec171ef373f1c4f9bbc2c81402fb14ed0bfac8d043f117d6124521afae0916a510d568acfa3aa3301bc979ac28d551dbbea6ceac4c212aa8c8492b3613ae7395dd4125fc4c25d5b4d99230821d4b17ec2ee6be7d604195a2154333b973526580ca7ef9e30c6c1dd42ef2afe42b11b1aa49b9ccabaca17091eeb380ec5e34ad1e3827cc60dacf144286c7892590bd2671a8dc5f3a702c1de7cd3b42c1b150b09c3e58ef6943b45d89d41df361f1d5c25565591b6ac8deaa73676531f6e5abe5804b0097f8d45ea2939177333cacef12e4b71fe4936bafe00747a8930bcea55b8fd84a01f6df84e7acb931fc7c01ddfd63deec3ad3e69dfa2b73550583d5747eee96c5536368797e247f23f537d79079ab6da314102c7443d41960e3a3d8c359c4a4ec626fcc44e110ea744d417aa850db8ecdbfe340a962db0d8c57dc517be8b40d14de97b1e9e0426447fde0a04e50679c53ba1aa3cdc38c7ede6db6c054b1e9ce7deadaf93ebdd470791535f3ecfabf3416355f7a18a38afe6bfe507ef08c4373a4a69dee1fcb65b1631a0de1488649d0bb2679a9a45f67820b2a4a1e5a548072da7032d172555e788cc9860ebb3c0c359493751b0c2c950a7fcf4803c147f9340fc93d85f1efa57b39081b92d93473fd23516c4950ed4b29a2ed3a042ae3d92a1e52cb709636fc7272fd747208bee2b16d191e4c6deb27672aa34e43914cff2055ca4ee8ba3e1dc58a679c7f7dee2c1d53e28750970f57d85eab1c26b89bb73e0b1:0f03a4f15c339b4f7b88b4e21ad9e3d6bbf3effb7b678ffa500d47383b71a7454f62907b56f59f9b9af6d5b2a0fc1c737a64105195089899f57a2c9dba509e0add0609ea159921395d11fb2da8ea4f747d7f74b58052e01cad40a271fa0bbeed91020f4f0c0846c4f07778a6aa768eb51712294e9e1f32a602b152514f5e6d39f9e08f7a7812bd900c10a91469e47e8a78e54cd4bd7cfededec171ef373f1c4f9bbc2c81402fb14ed0bfac8d043f117d6124521afae0916a510d568acfa3aa3301bc979ac28d551dbbea6ceac4c212aa8c8492b3613ae7395dd4125fc4c25d5b4d99230821d4b17ec2ee6be7d604195a2154333b973526580ca7ef9e30c6c1dd42ef2afe42b11b1aa49b9ccabaca17091eeb380ec5e34ad1e3827cc60dacf144286c7892590bd2671a8dc5f3a702c1de7cd3b42c1b150b09c3e58ef6943b45d89d41df361f1d5c25565591b6ac8deaa73676531f6e5abe5804b0097f8d45ea2939177333cacef12e4b71fe4936bafe00747a8930bcea55b8fd84a01f6df84e7acb931fc7c01ddfd63deec3ad3e69dfa2b73550583d5747eee96c5536368797e247f23f537d79079ab6da314102c7443d41960e3a3d8c359c4a4ec626fcc44e110ea744d417aa850db8ecdbfe340a962db0d8c57dc517be8b40d14de97b1e9e0426447fde0a04e50679c53ba1aa3cdc38c7ede6db6c054b1e9ce7deadaf93ebdd470791535f3ecfabf3416355f7a18a38afe6bfe507ef08c4373a4a69dee1fcb65b1631a0de1488649d0bb2679a9a45f67820b2a4a1e5a548072da7032d172555e788cc9860ebb3c0c359493751b0c2c950a7fcf4803c147f9340fc93d85f1efa57b39081b92d93473fd23516c4950ed4b29a2ed3a042ae3d92a1e52cb709636fc7272fd747208bee2b16d191e4c6deb27672aa34e43914cff2055ca4ee8ba3e1dc58a679c7f7dee2c1d53e28750970f57d85eab1c26b89bb73e0b1: +c5962961815b57cd162403ce08e4105ddb8aae2d3f533fb49cc236b5ff504d6edbade72236ba12d4977ba46c364bb69a887ff402de91d47afa9b93c95be71e7e:dbade72236ba12d4977ba46c364bb69a887ff402de91d47afa9b93c95be71e7e:4ae4148d79ca9425592aa240bd153424a3bf4ae27395872ce5728ac7613596a77d5ce8565d8d6e1b5935b3906cafe1ff888ebc9815e04a624dfc4c6907b85f6f1a0dbddff62e9151220d474462cb9f13d89d3a93a00ba2b60f7e7ca63da17a6379d673551e790b5911727c906dc94f86d8277546c1564a45573a7743bb8a138cde87b3b2f28e5e245940a51e7c458cf8c5f0a70275962553e0d2390d171db44c2f7a5c9e9f93b90f7a5f54f191b0d875bad7e0beb980c2a3365cd7b9208724f4654418117e16ef7134e3e2794b6f9e80ecabeca3254e704c21b7ad30c5dee017ea2533fcd94251e55ae75a8cc6db6674b39c88ca42006043d6bd9b00ecf64ceafeeb402b1f22fd891f2d11c515c1aba6a2d4c0bd2181a48e43fd1c0af91f9b7b7d37f3dcd9e4c0a759748467d348a8b116df6a4eacf178aecccd3066e92dca45da7a3e319f3771eb3490022193c5b652f045687e1705f2e5691c134be4006353d7ecd0e918d5de0f3b87809fca4acfab94e1148ff7cf07f7cfd0c745dd2be01a24a5e069280698bc3f5400a6dcd08e44595c0388e44833768fc49104ee115bdcb02bfbda179d164ce969936629f2335601b56fe8f785cca3805f0403872c62f73c3ce80563d070e976d8ecc51124e2cace7ee18699047cb0f8fb8d9c59b8a60d12c08a09fce58fd92cd36db6a8e89d118cf88a92dc8a2600bd95f5a8e85db5cdbb249ca812ca209c7618051c4564a3a0e192b7e45992456c87d17412c11adead526ab8db21452f7471d17f2ebc90015450edf4f0a44fb2f4905f74d70275ccd89b93a650473c02a7da0cbc67915ceb7a1ea59fa8884472dc917ee9d246339c5926843ecf53fafdc56a695601a276c23a843e4d30f89c97c9eee6dfc7:8101baef004eb6f5ad4de0979ff36d3439b8212bdc928942e431915b3fd18bc2ad67b26f18941dcb16d2c29191421e779fed622fd9f582644eaadb3fe5c098034ae4148d79ca9425592aa240bd153424a3bf4ae27395872ce5728ac7613596a77d5ce8565d8d6e1b5935b3906cafe1ff888ebc9815e04a624dfc4c6907b85f6f1a0dbddff62e9151220d474462cb9f13d89d3a93a00ba2b60f7e7ca63da17a6379d673551e790b5911727c906dc94f86d8277546c1564a45573a7743bb8a138cde87b3b2f28e5e245940a51e7c458cf8c5f0a70275962553e0d2390d171db44c2f7a5c9e9f93b90f7a5f54f191b0d875bad7e0beb980c2a3365cd7b9208724f4654418117e16ef7134e3e2794b6f9e80ecabeca3254e704c21b7ad30c5dee017ea2533fcd94251e55ae75a8cc6db6674b39c88ca42006043d6bd9b00ecf64ceafeeb402b1f22fd891f2d11c515c1aba6a2d4c0bd2181a48e43fd1c0af91f9b7b7d37f3dcd9e4c0a759748467d348a8b116df6a4eacf178aecccd3066e92dca45da7a3e319f3771eb3490022193c5b652f045687e1705f2e5691c134be4006353d7ecd0e918d5de0f3b87809fca4acfab94e1148ff7cf07f7cfd0c745dd2be01a24a5e069280698bc3f5400a6dcd08e44595c0388e44833768fc49104ee115bdcb02bfbda179d164ce969936629f2335601b56fe8f785cca3805f0403872c62f73c3ce80563d070e976d8ecc51124e2cace7ee18699047cb0f8fb8d9c59b8a60d12c08a09fce58fd92cd36db6a8e89d118cf88a92dc8a2600bd95f5a8e85db5cdbb249ca812ca209c7618051c4564a3a0e192b7e45992456c87d17412c11adead526ab8db21452f7471d17f2ebc90015450edf4f0a44fb2f4905f74d70275ccd89b93a650473c02a7da0cbc67915ceb7a1ea59fa8884472dc917ee9d246339c5926843ecf53fafdc56a695601a276c23a843e4d30f89c97c9eee6dfc7: +dee6866c7874c127029e96e025bffd35fcfdf4dc36966c15ee6293368013d37908c94da351bb2bee72e6e196be748807583762c5296e05b1e529c47c6bbacec6:08c94da351bb2bee72e6e196be748807583762c5296e05b1e529c47c6bbacec6:f1aa1977f5311b538b940ae442a3abc89aaccdcd0a79380a24258d4a9f1ce638fc2f5ba2e53f8e1fa6176f178d9024a77894c28cad42d629c793d68a02be9411b527acadae7e5c3851babb45b5fece329e29034cd42571083727f35aecad7c9be5954ec64e8f6ecab7cc0590e54156a4e1a45303849f7897e72cf2fbcd84f56c72f941dbb0b09a32e6386fbe18a43bb9bd8b793e4b9edd532103eab54d627117d28139b64e60fb0b81d09001bb2404d925e265babdc69f96b135e9e6ab7febb1ed3075d6aa2abd2bbf9b65fa9b3b7191ef37b633605910ee88f66eada79f00f536d380b82f2f4b5985112de004a56603f4436d8ff300f42bf5acdc7a4bf1ea9d4196c480495bacb0067630fcc000b4f279dd3f30f353276092d152c3f43efdc041deaa0bc5aaaba7f8bbd85e69c13742d678dbb65360aaf7b548a044c0ec60a57af650bc31973f832f961265bc2318f80775afd51f55194c42423f7bf4e0052f98cb206913ffea4886ecd27a4179b13773f947502e181bf1a1f2c62c6f08c20359f06df2b18127043b1070d0194ef5e5bfd37d227984cfb10989f21c71ad0fe3b81227d3a71789455eda383c22f4d2fcc72579f465e066f3d38befc024efef6c2e329649ce434d627367a900d07fe6234235c84656eac5dd0d788cf4cb31871824d66ae4bc89edeba1b36701298453e8da1e69cfb868095c3be6ed2182da1cff4905afd20731ac1ed984164737903c7d8bb0ad16aecf2fae337404fe35664515d93b701e2f878664454c0decd1c6558adace3cdb227507a51606f0a54df8dfaa420205dd57c65242ff24a405ef85c92d602886932b35fabe9c3bcebfc6235639e873fc2dd084c52cd6a7413b831d1cc99931373aabd847620eb69bb0fa:b78ebd6d65b175d4bbd3d9a2082a0efe6e991cb2e403521eece00f418f2e956b66907880658b9e8e47699653d159132380d9ce1109af9c2757daf4cdf18c9c0af1aa1977f5311b538b940ae442a3abc89aaccdcd0a79380a24258d4a9f1ce638fc2f5ba2e53f8e1fa6176f178d9024a77894c28cad42d629c793d68a02be9411b527acadae7e5c3851babb45b5fece329e29034cd42571083727f35aecad7c9be5954ec64e8f6ecab7cc0590e54156a4e1a45303849f7897e72cf2fbcd84f56c72f941dbb0b09a32e6386fbe18a43bb9bd8b793e4b9edd532103eab54d627117d28139b64e60fb0b81d09001bb2404d925e265babdc69f96b135e9e6ab7febb1ed3075d6aa2abd2bbf9b65fa9b3b7191ef37b633605910ee88f66eada79f00f536d380b82f2f4b5985112de004a56603f4436d8ff300f42bf5acdc7a4bf1ea9d4196c480495bacb0067630fcc000b4f279dd3f30f353276092d152c3f43efdc041deaa0bc5aaaba7f8bbd85e69c13742d678dbb65360aaf7b548a044c0ec60a57af650bc31973f832f961265bc2318f80775afd51f55194c42423f7bf4e0052f98cb206913ffea4886ecd27a4179b13773f947502e181bf1a1f2c62c6f08c20359f06df2b18127043b1070d0194ef5e5bfd37d227984cfb10989f21c71ad0fe3b81227d3a71789455eda383c22f4d2fcc72579f465e066f3d38befc024efef6c2e329649ce434d627367a900d07fe6234235c84656eac5dd0d788cf4cb31871824d66ae4bc89edeba1b36701298453e8da1e69cfb868095c3be6ed2182da1cff4905afd20731ac1ed984164737903c7d8bb0ad16aecf2fae337404fe35664515d93b701e2f878664454c0decd1c6558adace3cdb227507a51606f0a54df8dfaa420205dd57c65242ff24a405ef85c92d602886932b35fabe9c3bcebfc6235639e873fc2dd084c52cd6a7413b831d1cc99931373aabd847620eb69bb0fa: +523623555995baaf2a27adcb1ebafaa802d23ef7abfa9775f2c9bfa07d64e0acd34deae6523e619dd1bfc8f3c4ca4b78b368c0f720035e144c3f2fc105d4ce21:d34deae6523e619dd1bfc8f3c4ca4b78b368c0f720035e144c3f2fc105d4ce21:0553e69ef211652d62bf281bfbdd37be22769d819746361c7d65ddd0fad677cc0438b301d1514578e0da58e55f729fa8e66ddeb7f973a818d24ed8fe027b8491179d07773fb5d2bb96aa85d6b3750454e50de91f9b88aee8aa68e6bb53edc66677b41e601a46ab4bb1e656e7fa5f0179933680a6ec9504275e7adf7a3248e63a0fc9c1ea5ae96cd0c65a89a77cec2b1fd8f4537e82c1c488a69a0ef64f58734d9e73478e1d1f123114ef66085e0ba319cb810b66af96d1308b1a2bd92ba2c265aa309ecd5557d402c3802cae8d7e95007fe610c2aa75fc66196c3fadfe997d6d5998e18d260e9da31da9218cbad103cbfc2c7547765d67e81f24ac83022ef51c6cc50864366a35f6b9b9af94e84caa9fd3d767c831f0967a61462fbcfcc803f12e3739039acd5dbe9366f05a33dbeaf360e2ddcbe5c443f80ef2ad62e03c1d5b70cdeab4a7dd41553064c8d152709deff82076b9071192376f51d4c2c71a84e89f2d9401320c2e459b3e243cca7c26fd098c264ac88ef638921d980b0ae9e512d372037d81adc48126d7c9e4b5afa57ec265d401b9653e928afb7dff9b48e295e470d6b52e88b39d0a40cb8eba249f8b13d81113db1d3e01ef75c722f269488e963cc8182704f8ca018e73dc0714e9a9fc79bc4363c28cb3984374f73b2aa8786e74e0159507a29883fe0ed1c600f525885f2f10ea006c39e59b925b765b1ede534257a1f40f2846584f069746b52f5600430a2863d7936095fbc22a6ada674d41b374e2b8b9a19fa712b5944533bb6d6ec43b89d4971b70205a6acd72a899da12618204db0c3e8267b845791693e0ae6a35f14da1f8f4dd174bce0318fb5a00f672ede42304cf04a62760577590f27e2dfa6e5e2795d66053b30af7f1bf:b1871729fec83aea0aaa472b700acd094813fb7d57b909e0eaaf21ee931847addedd2be8533d0c305cb9cfe5080e76c2808b6e51c9826290ddb7b94b6f7d580b0553e69ef211652d62bf281bfbdd37be22769d819746361c7d65ddd0fad677cc0438b301d1514578e0da58e55f729fa8e66ddeb7f973a818d24ed8fe027b8491179d07773fb5d2bb96aa85d6b3750454e50de91f9b88aee8aa68e6bb53edc66677b41e601a46ab4bb1e656e7fa5f0179933680a6ec9504275e7adf7a3248e63a0fc9c1ea5ae96cd0c65a89a77cec2b1fd8f4537e82c1c488a69a0ef64f58734d9e73478e1d1f123114ef66085e0ba319cb810b66af96d1308b1a2bd92ba2c265aa309ecd5557d402c3802cae8d7e95007fe610c2aa75fc66196c3fadfe997d6d5998e18d260e9da31da9218cbad103cbfc2c7547765d67e81f24ac83022ef51c6cc50864366a35f6b9b9af94e84caa9fd3d767c831f0967a61462fbcfcc803f12e3739039acd5dbe9366f05a33dbeaf360e2ddcbe5c443f80ef2ad62e03c1d5b70cdeab4a7dd41553064c8d152709deff82076b9071192376f51d4c2c71a84e89f2d9401320c2e459b3e243cca7c26fd098c264ac88ef638921d980b0ae9e512d372037d81adc48126d7c9e4b5afa57ec265d401b9653e928afb7dff9b48e295e470d6b52e88b39d0a40cb8eba249f8b13d81113db1d3e01ef75c722f269488e963cc8182704f8ca018e73dc0714e9a9fc79bc4363c28cb3984374f73b2aa8786e74e0159507a29883fe0ed1c600f525885f2f10ea006c39e59b925b765b1ede534257a1f40f2846584f069746b52f5600430a2863d7936095fbc22a6ada674d41b374e2b8b9a19fa712b5944533bb6d6ec43b89d4971b70205a6acd72a899da12618204db0c3e8267b845791693e0ae6a35f14da1f8f4dd174bce0318fb5a00f672ede42304cf04a62760577590f27e2dfa6e5e2795d66053b30af7f1bf: +575f8fb6c7465e92c250caeec1786224bc3eed729e463953a394c9849cba908f71bfa98f5bea790ff183d924e6655cea08d0aafb617f46d23a17a657f0a9b8b2:71bfa98f5bea790ff183d924e6655cea08d0aafb617f46d23a17a657f0a9b8b2:2cc372e25e53a138793064610e7ef25d9d7422e18e249675a72e79167f43baf452cbacb50182faf80798cc38597a44b307a536360b0bc1030f8397b94cbf147353dd2d671cb8cab219a2d7b9eb828e9635d2eab6eb08182cb03557783fd282aaf7b471747c84acf72debe4514524f8447bafccccec0a840feca9755ff9adb60301c2f25d4e3ba621df5ad72100c45d7a4b91559c725ab56bb29830e35f5a6faf87db23001f11ffba9c0c15440302065827a7d7aaaeab7b446abce333c0d30c3eae9c9da63eb1c0391d4269b12c45b660290611ac29c91dbd80dc6ed302a4d191f2923922f032ab1ac10ca7323b5241c5751c3c004ac39eb1267aa10017ed2dac6c934a250dda8cb06d5be9f563b827bf3c8d95fd7d2a7e7cc3acbee92538bd7ddfba3ab2dc9f791fac76cdf9cd6a6923534cf3e067108f6aa03e320d954085c218038a70cc768b972e49952b9fe171ee1be2a52cd469b8d36b84ee902cd9410db2777192e90070d2e7c56cb6a45f0a839c78c219203b6f1b33cb4504c6a7996427741e6874cf45c5fa5a38765a1ebf1796ce16e63ee509612c40f088cbceffa3affbc13b75a1b9c02c61a180a7e83b17884fe0ec0f2fe57c47e73a22f753eaf50fca655ebb19896b827a3474911c67853c58b4a78fd085a23239b9737ef8a7baff11ddce5f2cae0543f8b45d144ae6918b9a75293ec78ea618cd2cd08c971301cdfa0a9275c1bf441d4c1f878a2e733ce0a33b6ecdacbbf0bdb5c3643fa45a013979cd01396962897421129a88757c0d88b5ac7e44fdbd938ba4bc37de4929d53751fbb43d4e09a80e735244acada8e6749f77787f33763c7472df52934591591fb226c503c8be61a920a7d37eb1686b62216957844c43c484e58745775553:903b484cb24bc503cdced844614073256c6d5aa45f1f9f62c7f22e5649212bc1d6ef9eaa617b6b835a6de2beff2faac83d37a4a5fc5cc3b556f56edde2651f022cc372e25e53a138793064610e7ef25d9d7422e18e249675a72e79167f43baf452cbacb50182faf80798cc38597a44b307a536360b0bc1030f8397b94cbf147353dd2d671cb8cab219a2d7b9eb828e9635d2eab6eb08182cb03557783fd282aaf7b471747c84acf72debe4514524f8447bafccccec0a840feca9755ff9adb60301c2f25d4e3ba621df5ad72100c45d7a4b91559c725ab56bb29830e35f5a6faf87db23001f11ffba9c0c15440302065827a7d7aaaeab7b446abce333c0d30c3eae9c9da63eb1c0391d4269b12c45b660290611ac29c91dbd80dc6ed302a4d191f2923922f032ab1ac10ca7323b5241c5751c3c004ac39eb1267aa10017ed2dac6c934a250dda8cb06d5be9f563b827bf3c8d95fd7d2a7e7cc3acbee92538bd7ddfba3ab2dc9f791fac76cdf9cd6a6923534cf3e067108f6aa03e320d954085c218038a70cc768b972e49952b9fe171ee1be2a52cd469b8d36b84ee902cd9410db2777192e90070d2e7c56cb6a45f0a839c78c219203b6f1b33cb4504c6a7996427741e6874cf45c5fa5a38765a1ebf1796ce16e63ee509612c40f088cbceffa3affbc13b75a1b9c02c61a180a7e83b17884fe0ec0f2fe57c47e73a22f753eaf50fca655ebb19896b827a3474911c67853c58b4a78fd085a23239b9737ef8a7baff11ddce5f2cae0543f8b45d144ae6918b9a75293ec78ea618cd2cd08c971301cdfa0a9275c1bf441d4c1f878a2e733ce0a33b6ecdacbbf0bdb5c3643fa45a013979cd01396962897421129a88757c0d88b5ac7e44fdbd938ba4bc37de4929d53751fbb43d4e09a80e735244acada8e6749f77787f33763c7472df52934591591fb226c503c8be61a920a7d37eb1686b62216957844c43c484e58745775553: +03749ca20458a35a37a8d7a26f959f0d59f6dc9973fa363c1ff8ca4e638c2cd3eaeb94f406bde6a7cf8bde2adf3081f8375b87d9335d496c71d042cd2eaa166c:eaeb94f406bde6a7cf8bde2adf3081f8375b87d9335d496c71d042cd2eaa166c:eef5ceebd0445e9c9181aff9c6f2660128fcfb63691a42cfa443d6a649efc5fad8c20803763ee97d1dba08e63e08a2616da05077489f2fa2c56b7534f9402619251fdf9c320de7af109e2fd8b2565ce8a7524c9405ec0f8fcaa7149a6d210efde83b111cf82dc0835cf94f20cdb021b73bd262666555e6d62707b46ee42fa900b4f4f705de33d3dbdc68a88d1a4d0ae933566db6c6237ec8abe1024dac4b7f46d407be16594d9046c7312dda6614d9bcdb01fb8324fc62b8eeaf0abc23cd570e304fca08e88c735e5d31592409ceb583862e6b0a767729f7556fa2c053644d36c8337c0274e749202982fb4a171acac196c02b7f16a8da49071c8ab8076dd5d3abadfe3af82ca85da02dcc1c4a6f2e1930bee2009eee0d971e40dd12175c8d00694f0325a3b3133c0d0bd382a5194fb21422ce67c78a5a6e1537e3b97d5e204e5d195696390f77d19024c1bf6b5125a0cdbf7b9880036181c98e1ac2e5165bd496cf997451a1c12102e66946b1676abd4cbdd2c11673f4f2cd5f3c9a434d747fa05b40fbc72268b4eb2842e4741f51b7709b6accc47fcaf70d9c1c4c35867119d81cb3ff1f16081133f1659aed85f63bc901989e2617fcce153c2978d708fd02449ae4d538d122ddb8527c0a76a102eeff6edb65dba298d3c217f6551814eddeece1aef5f371a54f12bffd6b4961819a0f244ff0d7d8694c14422de9822c13179e4eeb81595079b9dd2ad1e7c39bd303cc44ae3f3634881577a266fd6bb7917812b999dc809dc09c3d7019dacd28e43013a2f9e4f94bb0bf7124ef091783f796397f6463bf1efb39cd46f3790a1d9b6a7c30f149b5e66c2937e39cb9744ddc66ab561bad4e6fa8534d69883822643d63d8bd7b181621a267e955e758d1792b44:78a3877e02bdfd015e7f86a327a48cc3a5230bbdb1243f1a8cf227f78ab5e7680de301a915dc11b336fb5f6566848b42500adb5d673969122ba8f0053cd3060beef5ceebd0445e9c9181aff9c6f2660128fcfb63691a42cfa443d6a649efc5fad8c20803763ee97d1dba08e63e08a2616da05077489f2fa2c56b7534f9402619251fdf9c320de7af109e2fd8b2565ce8a7524c9405ec0f8fcaa7149a6d210efde83b111cf82dc0835cf94f20cdb021b73bd262666555e6d62707b46ee42fa900b4f4f705de33d3dbdc68a88d1a4d0ae933566db6c6237ec8abe1024dac4b7f46d407be16594d9046c7312dda6614d9bcdb01fb8324fc62b8eeaf0abc23cd570e304fca08e88c735e5d31592409ceb583862e6b0a767729f7556fa2c053644d36c8337c0274e749202982fb4a171acac196c02b7f16a8da49071c8ab8076dd5d3abadfe3af82ca85da02dcc1c4a6f2e1930bee2009eee0d971e40dd12175c8d00694f0325a3b3133c0d0bd382a5194fb21422ce67c78a5a6e1537e3b97d5e204e5d195696390f77d19024c1bf6b5125a0cdbf7b9880036181c98e1ac2e5165bd496cf997451a1c12102e66946b1676abd4cbdd2c11673f4f2cd5f3c9a434d747fa05b40fbc72268b4eb2842e4741f51b7709b6accc47fcaf70d9c1c4c35867119d81cb3ff1f16081133f1659aed85f63bc901989e2617fcce153c2978d708fd02449ae4d538d122ddb8527c0a76a102eeff6edb65dba298d3c217f6551814eddeece1aef5f371a54f12bffd6b4961819a0f244ff0d7d8694c14422de9822c13179e4eeb81595079b9dd2ad1e7c39bd303cc44ae3f3634881577a266fd6bb7917812b999dc809dc09c3d7019dacd28e43013a2f9e4f94bb0bf7124ef091783f796397f6463bf1efb39cd46f3790a1d9b6a7c30f149b5e66c2937e39cb9744ddc66ab561bad4e6fa8534d69883822643d63d8bd7b181621a267e955e758d1792b44: +53cbd6f68cee27b9f7bc059b803b447949bbc9c5d5a38652d7789ca15420dea16116990b5331e2165f82743f01d8e7bd5d7088b30159833fa7b939cfb1cc04d7:6116990b5331e2165f82743f01d8e7bd5d7088b30159833fa7b939cfb1cc04d7:306f8e1df0a4ca78bd77e8e1191c94deaa82648355c2aecb7e82fc56d64c504619247e7cf8943328d11f3db4b1dc148e8ef6f6c3bc355969662a281a65576391242b7bd5a62f8fa7acb604e3a344ae1a9d732a254315f31a0464c1e6587462d29212c40e5ecf061e269aa0b90390ba41040721684bf2aa9582d83066221db60d0f7ae2f149a36e16952704fb1f3a982eac6b4583665c63e5a8996f24a566dd506a33d4ec8a02b2bd34b714c745000c0128a3c89d942506d12f4beb900e2903cdb34b35ca9b6d3ad9b350ac99f41db3acfe7fe55a28c0f006b844c9dc4853fd98535ada79416dca5fee5803a2d9f5d68e6b80539ff302e973f24e9bc88b7c4194117ddb9f932b32d5ec74868a13631ece68814b931421dc890249570341f4b423e86e8ee081b22702f649a6c7a0b7bdf5fb756202bd10b0bb2215c7d6597effd852f0b89abec15ea82257689df81e338254f93e81cbf061729d483eb5cf649805d78ed892dd0bd248ca1e252bea51847e1e82d39af58050dc4afbf9115a3a60493e8c0ba2e86e0898cd0d430891b9eb0a40f87431e25f41538a030f884fab36ad11165d267e8dd94dcb05b93a5ae77969430e1810134e157251b982df343dffae6123a99aa0562d5df72408f1a6e29c4059a5a8aaa4e621528fc63a9cbe1f4c0fef25fe3f8e18157774097a9d91020a9006b6c860ec1ee10d521d203a1f8bb82561296faad4b2203da53b207a459b29c18bc0649332b1807c13ca61acfaf90779febbc7f3242164797e6f572cb15a9be5887343455e26b910c8befee42aeb047f9abe6b3750dbd7de99202a0bb576ce1489e61c1f5d27c6792e63218edbfdb9b3dc515b4254d82c859e52ce6bd7ad296dd0e3709d4c466362f90265e99da7d0b701:d82504405ff16ba6443dc482367263a8e200360acaaa83fc4e4b72bd249f16103ec7e5a7e9ca17198f888eaca16b740cc3f5c3b7b617a34b9491c3ed76aab30d306f8e1df0a4ca78bd77e8e1191c94deaa82648355c2aecb7e82fc56d64c504619247e7cf8943328d11f3db4b1dc148e8ef6f6c3bc355969662a281a65576391242b7bd5a62f8fa7acb604e3a344ae1a9d732a254315f31a0464c1e6587462d29212c40e5ecf061e269aa0b90390ba41040721684bf2aa9582d83066221db60d0f7ae2f149a36e16952704fb1f3a982eac6b4583665c63e5a8996f24a566dd506a33d4ec8a02b2bd34b714c745000c0128a3c89d942506d12f4beb900e2903cdb34b35ca9b6d3ad9b350ac99f41db3acfe7fe55a28c0f006b844c9dc4853fd98535ada79416dca5fee5803a2d9f5d68e6b80539ff302e973f24e9bc88b7c4194117ddb9f932b32d5ec74868a13631ece68814b931421dc890249570341f4b423e86e8ee081b22702f649a6c7a0b7bdf5fb756202bd10b0bb2215c7d6597effd852f0b89abec15ea82257689df81e338254f93e81cbf061729d483eb5cf649805d78ed892dd0bd248ca1e252bea51847e1e82d39af58050dc4afbf9115a3a60493e8c0ba2e86e0898cd0d430891b9eb0a40f87431e25f41538a030f884fab36ad11165d267e8dd94dcb05b93a5ae77969430e1810134e157251b982df343dffae6123a99aa0562d5df72408f1a6e29c4059a5a8aaa4e621528fc63a9cbe1f4c0fef25fe3f8e18157774097a9d91020a9006b6c860ec1ee10d521d203a1f8bb82561296faad4b2203da53b207a459b29c18bc0649332b1807c13ca61acfaf90779febbc7f3242164797e6f572cb15a9be5887343455e26b910c8befee42aeb047f9abe6b3750dbd7de99202a0bb576ce1489e61c1f5d27c6792e63218edbfdb9b3dc515b4254d82c859e52ce6bd7ad296dd0e3709d4c466362f90265e99da7d0b701: +8b6574f6d7396981e223a4837bc339c3fd659419845a2121bf85be2e695d860de3811aca70634f5a9ce4b592a17bb5cfda53442422e203cda9504c9d65b263e8:e3811aca70634f5a9ce4b592a17bb5cfda53442422e203cda9504c9d65b263e8:a48aacc0495fa0f1259b27865d3d75dc52c2c828ea8c4c2ad78577072fef7270f6a4d582bb7b962f4c3fd149a60a06bc8efd2970ef03148ddf6198b9b695a69fadb5340951cb75398ac51a4fd55430378cd5da8885210bfd2146f95c627632fe8be06de01a7c27b89deefd67efc69c9b5c62b38108f776229143dae660c10cbea3cd4f7ee53dc3692ed01177e4a6f7e424b5666f7f495f2a65602c7d08c5d572234a567cb6c38afd79cab5c4036d62637aefab5588769a448ab4c65e24554bd4158050e09eb58f99ab40777b0356709b7c025ae5ae5422acf87444931ae4d9a8b3d94476881128ba1eb7328fafc75f6b9dacc96d3b6487ddef7c59262dcada426aacb13922935411566235e058372622d885bd0cc04958dcfb17e08fcd7f147e20156c8e26af85530f5511a68db43dafc4e6a23f667df3743eedd71a3f07f76f94d1688afc8463bfa5a439ae311469948e7447064f0b0506f36719c13466a1b98776d967ec58208ba674037303dfc6190da783ff27303b86b5fc3211f01c915e83a6ad0121447911cbe1cf696f618f60236643f2e94e155db657182944c1a43bdc7bd5eaf3481fe1284092cb3789a892bd79a111fd410143cf91ae332860b1d29aa041d177b50d6cc2b9660d328c0f230a3515e6a0d688709c0cd347ad2ff32d61d1e1e9ba76f81e873a6c420f1707f3841db5196cb53f506f0006352c7c44c080f3096801a57a49cfe84205bdd7a9801f843cf26b9558a2db788ef1b237915d587b9ba9779890f61fdc91e03e4f4cdbefe417cc22d522a86adddb53f3747450ab62b576565db32e0cd44276547d9a16653c279659dd4d17ec04827c533e33390fe94f793509256db67531736ab3fcee2a301ac3f0a24d3b108d7e75c32a5aba36d6:2fd0905475a2cec3e76f9909b8afd83beb8daefa77afcda34cb4f11728ef15fc9c1d7f6f6afffc28f3874f913e17980f0e8e3d5ad23951df2b32efaf6219ce0da48aacc0495fa0f1259b27865d3d75dc52c2c828ea8c4c2ad78577072fef7270f6a4d582bb7b962f4c3fd149a60a06bc8efd2970ef03148ddf6198b9b695a69fadb5340951cb75398ac51a4fd55430378cd5da8885210bfd2146f95c627632fe8be06de01a7c27b89deefd67efc69c9b5c62b38108f776229143dae660c10cbea3cd4f7ee53dc3692ed01177e4a6f7e424b5666f7f495f2a65602c7d08c5d572234a567cb6c38afd79cab5c4036d62637aefab5588769a448ab4c65e24554bd4158050e09eb58f99ab40777b0356709b7c025ae5ae5422acf87444931ae4d9a8b3d94476881128ba1eb7328fafc75f6b9dacc96d3b6487ddef7c59262dcada426aacb13922935411566235e058372622d885bd0cc04958dcfb17e08fcd7f147e20156c8e26af85530f5511a68db43dafc4e6a23f667df3743eedd71a3f07f76f94d1688afc8463bfa5a439ae311469948e7447064f0b0506f36719c13466a1b98776d967ec58208ba674037303dfc6190da783ff27303b86b5fc3211f01c915e83a6ad0121447911cbe1cf696f618f60236643f2e94e155db657182944c1a43bdc7bd5eaf3481fe1284092cb3789a892bd79a111fd410143cf91ae332860b1d29aa041d177b50d6cc2b9660d328c0f230a3515e6a0d688709c0cd347ad2ff32d61d1e1e9ba76f81e873a6c420f1707f3841db5196cb53f506f0006352c7c44c080f3096801a57a49cfe84205bdd7a9801f843cf26b9558a2db788ef1b237915d587b9ba9779890f61fdc91e03e4f4cdbefe417cc22d522a86adddb53f3747450ab62b576565db32e0cd44276547d9a16653c279659dd4d17ec04827c533e33390fe94f793509256db67531736ab3fcee2a301ac3f0a24d3b108d7e75c32a5aba36d6: +29b2881b8caadb336e7880c510b80085f4b1221860b301eb4525650752a6d2890c5c44ed29d21bcadee21cbde61a9cdb6d5936009ba2f5b2e777c924ddfb6751:0c5c44ed29d21bcadee21cbde61a9cdb6d5936009ba2f5b2e777c924ddfb6751:1974a2e2b47949f467a931d1d9dd5ce116e9f5030ad09a8cc728d1aeb148bbf9acf59874da80e708d53c668f2f14d7522071e909808427b2ab5a05f8b94f21505cd26abc53458978c784d479ea6dab105c4f7984a0fb9790e50624f4734b551905aa5ffa60184cd201cf2b26c9795da6e7e08d6a0bc7722400fef94fc21038be89d34bcd14c427b85b6866737196152d4eeb66d05b245ae84bdc7787c14a8bec2eea5360f042433d70794467d47393b93757f331cf2b53c660d71c29582aeea79b12527a28b0c5e110df6f854eead9a2b00d42542ca8276bb8bf988baab8565996fee50cf31b2459c4c50ab475265e83e2285d43fe1f752a55b2dbc49fca04a810f0413bf6bd81b79ac64ee1f89b97bd7d26d62512273e24a6bab2d5f7d2226baaab7b111209bb03733d8a60dfa31a516f4a8c7699d8285c1065159a6c7331c1defb47a30ef5858c50b7d045124a09813d1cfda5c9cc3bb5bfae73c984197f8f857f186c41ab87fb7962b631f4d007cfbee221fc6572784a551194c19777b08e6b596757e7cba7a0e27fe453f90dc59cc08c6472431c020e8dd0917590e79c1f207383afb39076ad24da8ee52486739453a2590e51bfc89b13c2033cfa5f8903cbe9961a8598ba556232869dfab4d56edf4f05e8b77d05871895e63b5351f76cb2d2c8385c109d7306192a25446e4d62dc7d624f0c6673986be0628b2c2d73eb941d35a3433090f59b28a5979d56dbc9fd6973f63647642cd903b0cf7a6acd330d87e2292710de99e0c179ca78929ccaecfaedbf2742414f176b6090c0d59a9db781c9967e28fa4e77d2a082e42f52169167e92d4fdd82e2cc05dd9184c7dfee490a237fdad4dfebc01868e0a4353a2954d090928461821a7a848d1b60817fc3bdefa1:99e996e85a494f1980cb07de9ca6165e7de104d39fe3c3226735c5daa569516fcaf1b6e4dfad0d389b6db0ec8a8f20dd2c602656b5e761c8f3a65583821519091974a2e2b47949f467a931d1d9dd5ce116e9f5030ad09a8cc728d1aeb148bbf9acf59874da80e708d53c668f2f14d7522071e909808427b2ab5a05f8b94f21505cd26abc53458978c784d479ea6dab105c4f7984a0fb9790e50624f4734b551905aa5ffa60184cd201cf2b26c9795da6e7e08d6a0bc7722400fef94fc21038be89d34bcd14c427b85b6866737196152d4eeb66d05b245ae84bdc7787c14a8bec2eea5360f042433d70794467d47393b93757f331cf2b53c660d71c29582aeea79b12527a28b0c5e110df6f854eead9a2b00d42542ca8276bb8bf988baab8565996fee50cf31b2459c4c50ab475265e83e2285d43fe1f752a55b2dbc49fca04a810f0413bf6bd81b79ac64ee1f89b97bd7d26d62512273e24a6bab2d5f7d2226baaab7b111209bb03733d8a60dfa31a516f4a8c7699d8285c1065159a6c7331c1defb47a30ef5858c50b7d045124a09813d1cfda5c9cc3bb5bfae73c984197f8f857f186c41ab87fb7962b631f4d007cfbee221fc6572784a551194c19777b08e6b596757e7cba7a0e27fe453f90dc59cc08c6472431c020e8dd0917590e79c1f207383afb39076ad24da8ee52486739453a2590e51bfc89b13c2033cfa5f8903cbe9961a8598ba556232869dfab4d56edf4f05e8b77d05871895e63b5351f76cb2d2c8385c109d7306192a25446e4d62dc7d624f0c6673986be0628b2c2d73eb941d35a3433090f59b28a5979d56dbc9fd6973f63647642cd903b0cf7a6acd330d87e2292710de99e0c179ca78929ccaecfaedbf2742414f176b6090c0d59a9db781c9967e28fa4e77d2a082e42f52169167e92d4fdd82e2cc05dd9184c7dfee490a237fdad4dfebc01868e0a4353a2954d090928461821a7a848d1b60817fc3bdefa1: +42afe89dac83e7d38996c0dbce0c9874c00927babd77ca8ceac34e564474282ba4c5f5e3803f0a03d5c1c906caec9cc6d2851407f1ca29f72a45f233e6656244:a4c5f5e3803f0a03d5c1c906caec9cc6d2851407f1ca29f72a45f233e6656244:e710a163ad2885aeb7658eb374f118b76842ec36ef3b010c3c6b9559e8b160c2628ded0b8511eb4907180da4b621e9aa4a322288888a1c09130f69f890597a9293e74f9289bdaa5c91b6fd24aa044ab9fcb3402f7abc48d2ab7b3880a048daa448645ad2ecb55b3caee2d68a8bedb5d1865d5e211de39b0eaf22e5daf10f7168203aa15b85aa47bbd3cc4169cbc1fe80b4700b625871edabcd4fe74a3e965569ce245cfcde4209cc8abcd6797d44185b4f96c0181bbd27008783e9358a5394fe3a34a06871d379da35b20bb57eef9e5524ee7912a6f41b4a1f684c3919cfcdc00f4580baf9e09d316cefa0f465dca5d8eec514e95e5a57bbcd27e41f8119b264ae14a319d8c3859babf1f4a6b6b77e442c861d6ee28ad12b82362e90db0c3672b0e0d9ff58146fd159aa8fa99dc755fc85b90cf9419279c0624b93e75eda0ef7c09695ae93bd7282419377b76ca8bdc0521cfee6f6d729c3adff894687b177ef19529a6bdace70b685c6d7a5d74a08e2a9e724035975c80d18cb369470de7299cbd6b0a27c9232c7eabac86d5093a65ffe0b40d40befe80b68cd9dce1ea1e657e45e9c499d0b690f74455fb47096ed8c18d1517f90442901a6c410b7f6415f20ae48c58ade8d675b6c058df16ae7698fceae95aa771b4cd88a0b3f22c51f98c71c1eb46b264bf97a300ecb1fd26226ad8e87a058cf3e708e260f566b685314045133f4a5e8fbc34561b9a0f1ff9339f55231076b736b6e11524319a272bd4453a0af1493daa09167e84643d207a02fee98fb223b01a99aa5cef2b7001e470f6f94a5dc208edfc0cb8cf3114a919600f061172f0efe039036bf4dddbfd0d45f91443bf26f8e15ed7db8e55f086a4a4583f4bda0f556284dcf71292fe70fcaa8259b9faff3:4fba2d6cc1b7193d3562f8c8bfe6905c829db265a5427c5c265714785b83f69514c5e30e28b56684c82dae2637581bf3f4ef271420bc7e6010613a38fa101a0de710a163ad2885aeb7658eb374f118b76842ec36ef3b010c3c6b9559e8b160c2628ded0b8511eb4907180da4b621e9aa4a322288888a1c09130f69f890597a9293e74f9289bdaa5c91b6fd24aa044ab9fcb3402f7abc48d2ab7b3880a048daa448645ad2ecb55b3caee2d68a8bedb5d1865d5e211de39b0eaf22e5daf10f7168203aa15b85aa47bbd3cc4169cbc1fe80b4700b625871edabcd4fe74a3e965569ce245cfcde4209cc8abcd6797d44185b4f96c0181bbd27008783e9358a5394fe3a34a06871d379da35b20bb57eef9e5524ee7912a6f41b4a1f684c3919cfcdc00f4580baf9e09d316cefa0f465dca5d8eec514e95e5a57bbcd27e41f8119b264ae14a319d8c3859babf1f4a6b6b77e442c861d6ee28ad12b82362e90db0c3672b0e0d9ff58146fd159aa8fa99dc755fc85b90cf9419279c0624b93e75eda0ef7c09695ae93bd7282419377b76ca8bdc0521cfee6f6d729c3adff894687b177ef19529a6bdace70b685c6d7a5d74a08e2a9e724035975c80d18cb369470de7299cbd6b0a27c9232c7eabac86d5093a65ffe0b40d40befe80b68cd9dce1ea1e657e45e9c499d0b690f74455fb47096ed8c18d1517f90442901a6c410b7f6415f20ae48c58ade8d675b6c058df16ae7698fceae95aa771b4cd88a0b3f22c51f98c71c1eb46b264bf97a300ecb1fd26226ad8e87a058cf3e708e260f566b685314045133f4a5e8fbc34561b9a0f1ff9339f55231076b736b6e11524319a272bd4453a0af1493daa09167e84643d207a02fee98fb223b01a99aa5cef2b7001e470f6f94a5dc208edfc0cb8cf3114a919600f061172f0efe039036bf4dddbfd0d45f91443bf26f8e15ed7db8e55f086a4a4583f4bda0f556284dcf71292fe70fcaa8259b9faff3: +10f009aa887d91ced809afe192d78e4799d9037762f4a9d3a429fde0f39f7b7acf5116b921212e9b78829a0263463691c6fbccdc0c118be141c96f8c88053dd3:cf5116b921212e9b78829a0263463691c6fbccdc0c118be141c96f8c88053dd3:2edf14d6cd56896eeaa770211c4984bed80eca8d6534d5d510884f55f11f99ffa9f89b586ffe7b1ec7eaab6a9dc1a24a3ee3c7a6ab44ade9917883264ede2f1361be7d7a3817f29dec9581c319f18f95d5be26d9118be678340037a68abfc5efbb9a3f3f3878aae3721ffef5bb6a26c7b1a3a56d2bda6c6e860eb41fd8d8371174d91c74c5eb67c3855c630d641d2e571a9a51c6402cfe1842cef38980cb8d0a64bcc89be3189e6811f47e8f4d0063a5b1601f44fda20c1c4c2fc49cbe27a4137dc4638c2ad2d0a5474747229c568e3805431fa36eeba785f7b97844b5e319fa6a09cc5ae8403474bb91dd896c1ec2bac73d2e505efc62bd502b5ceb08d16e832ec5dc4f98b51b9d0738b9fb28f3abe8966bf22375a0b22c471a9e58e3fd700de15c5296373c1bc9d4640eb7816e1dc9c8ce8619a81183009ec974871e8f0a9772ede0a638b3574bf75d8f55987f3cfa6fec68970bfe00b23b59fb5bf4996ea5d7704fcf2effcc0fd7f3d8e6056008097f26caffd5415a282a276a9b2645e5cab12968872eb052f4d7c10cc7c21d5161818bb44cc856b0de769d559c55df64ad9adc16c0ac65838f660da81386b70b93525ec2f40f6f63f8ea5d4830b9646c46183bb4e6f27047bda2a546bd34bd4db5fb88fd8ab7c75f652e15d5aaa6b46a8acf6e448bf2dd64dee3c105647c7f83ad200d8097c444a158d85a54f0e5dbb12b43de943af1a81856ac969f52a0bd454381bd265041a2691d1a4a0d819fa79092c8803521fa53689ab852f1fbabe00c94b7f682d121cff54391322529c8d5ad7bbb98eafe300ab922f1c89240a1e633cf56a7b02f74a29214e569a057bd585e404d7cd5352041456e6cf90c15342e025670f4fccdf98783b6853214cac3fa808a66c27b653c:c37bb7b73b1105be086ff3076972077262df4d7332f608c7b2b9d978d474cbbc271046080035f396ee36479b7a6711c68e2561c741c0ec5fc9eca1734e811f042edf14d6cd56896eeaa770211c4984bed80eca8d6534d5d510884f55f11f99ffa9f89b586ffe7b1ec7eaab6a9dc1a24a3ee3c7a6ab44ade9917883264ede2f1361be7d7a3817f29dec9581c319f18f95d5be26d9118be678340037a68abfc5efbb9a3f3f3878aae3721ffef5bb6a26c7b1a3a56d2bda6c6e860eb41fd8d8371174d91c74c5eb67c3855c630d641d2e571a9a51c6402cfe1842cef38980cb8d0a64bcc89be3189e6811f47e8f4d0063a5b1601f44fda20c1c4c2fc49cbe27a4137dc4638c2ad2d0a5474747229c568e3805431fa36eeba785f7b97844b5e319fa6a09cc5ae8403474bb91dd896c1ec2bac73d2e505efc62bd502b5ceb08d16e832ec5dc4f98b51b9d0738b9fb28f3abe8966bf22375a0b22c471a9e58e3fd700de15c5296373c1bc9d4640eb7816e1dc9c8ce8619a81183009ec974871e8f0a9772ede0a638b3574bf75d8f55987f3cfa6fec68970bfe00b23b59fb5bf4996ea5d7704fcf2effcc0fd7f3d8e6056008097f26caffd5415a282a276a9b2645e5cab12968872eb052f4d7c10cc7c21d5161818bb44cc856b0de769d559c55df64ad9adc16c0ac65838f660da81386b70b93525ec2f40f6f63f8ea5d4830b9646c46183bb4e6f27047bda2a546bd34bd4db5fb88fd8ab7c75f652e15d5aaa6b46a8acf6e448bf2dd64dee3c105647c7f83ad200d8097c444a158d85a54f0e5dbb12b43de943af1a81856ac969f52a0bd454381bd265041a2691d1a4a0d819fa79092c8803521fa53689ab852f1fbabe00c94b7f682d121cff54391322529c8d5ad7bbb98eafe300ab922f1c89240a1e633cf56a7b02f74a29214e569a057bd585e404d7cd5352041456e6cf90c15342e025670f4fccdf98783b6853214cac3fa808a66c27b653c: +4578c65a7ca48f2774050a7b0ce7a4fd5ad4e696b2b8af2396164a1c7e1b7bd715bf9dbd3b8173e6f03dcfd575d909845f038eaa09c5d908fef908a97458b3ef:15bf9dbd3b8173e6f03dcfd575d909845f038eaa09c5d908fef908a97458b3ef:506f32b96814243e4dd8870a8fd60ddef09bb8c563151070d9bcb2b160a3eabd71a044d71ec93fba95288ed6fe1a7b921651604307d65a45ec5d3f2631ace40e58d53c72e526886e16972f6e0db94d57b55634fd39d55e9bb7f212afab00f7746409267e8d565ff5c2257333c3d04152174fe12de6a57bea057dc219e2fba5f191ed8141c018969de19472d6aaf763f19ec554702bb3dcbe13ca9b23b2418c99e71838a88cf454728cf9208a16c84ea39829b4ba9b4c77e176112bfe1bf35f95c4028c7db80b36faa29d2b89e9e862f31000065f139b3da77d9d868530574b7e391ed97b34f878164f6b8d87b406c7dc7860a5175f920e5a62dc1fc82ed8452543b107360d35d2b4c4239eab466d32bfda34f51037a6fae76f6d8b83e8f7f489dd4c1b49c38f53576e62172c17dee3665fde8cbf015af9665b0f1da2fb77b134f04be271e402f31537c2fc05c2f9b6fc3ffe47de3369133867c69d10e7f537bae4567d468e0f2ed806fe335f939c75994f363ce3b70daa7d5bd2317c833851fd8cc97251ec419023d9d0174d84d5609a6918a1740eb1e309bd127366deb9c5ab12992e9902e015fe58d6adbf52d22a760acd63e1edd8f138e9fb0137188601e1978e7d04fb2ada2b2aee12f49f2836c6842d88cf48c866e3d33fcd269c275c89c25e3669ca90de7b67a7e7a382cb7efa47e9c2bf76571c79a25085ef020487152f06bfa133015a1b8f1c0f6a9f0eae1ba62bf104f1c16ac14e1e96c4ebdf061e0cc7101d38da7e9e0994daf0f322aa3cfef91b616c2d000689ab18ed45268dcd275094f656ba3cf515261024741f7444ab7fc4decce16756032a1be270ff0b0317542ba02662260a376fc912cbb029cac54515f5a551364f6a99ffad0b9cbcd0e693b7a521cb:a1c242b45e94fd180f054c7101e55b396568f483db6f0dfc4168b69b59d385814c19eb3075237d1fbb1feebbfea50c56813c8c39c22752e02db7e57f3e3fbf0d506f32b96814243e4dd8870a8fd60ddef09bb8c563151070d9bcb2b160a3eabd71a044d71ec93fba95288ed6fe1a7b921651604307d65a45ec5d3f2631ace40e58d53c72e526886e16972f6e0db94d57b55634fd39d55e9bb7f212afab00f7746409267e8d565ff5c2257333c3d04152174fe12de6a57bea057dc219e2fba5f191ed8141c018969de19472d6aaf763f19ec554702bb3dcbe13ca9b23b2418c99e71838a88cf454728cf9208a16c84ea39829b4ba9b4c77e176112bfe1bf35f95c4028c7db80b36faa29d2b89e9e862f31000065f139b3da77d9d868530574b7e391ed97b34f878164f6b8d87b406c7dc7860a5175f920e5a62dc1fc82ed8452543b107360d35d2b4c4239eab466d32bfda34f51037a6fae76f6d8b83e8f7f489dd4c1b49c38f53576e62172c17dee3665fde8cbf015af9665b0f1da2fb77b134f04be271e402f31537c2fc05c2f9b6fc3ffe47de3369133867c69d10e7f537bae4567d468e0f2ed806fe335f939c75994f363ce3b70daa7d5bd2317c833851fd8cc97251ec419023d9d0174d84d5609a6918a1740eb1e309bd127366deb9c5ab12992e9902e015fe58d6adbf52d22a760acd63e1edd8f138e9fb0137188601e1978e7d04fb2ada2b2aee12f49f2836c6842d88cf48c866e3d33fcd269c275c89c25e3669ca90de7b67a7e7a382cb7efa47e9c2bf76571c79a25085ef020487152f06bfa133015a1b8f1c0f6a9f0eae1ba62bf104f1c16ac14e1e96c4ebdf061e0cc7101d38da7e9e0994daf0f322aa3cfef91b616c2d000689ab18ed45268dcd275094f656ba3cf515261024741f7444ab7fc4decce16756032a1be270ff0b0317542ba02662260a376fc912cbb029cac54515f5a551364f6a99ffad0b9cbcd0e693b7a521cb: +c21e70c46ede66e68a8873bbc64ba51209303a0ac4fc49b1d83e8193ad46c0379fbf80a42505d2c952f89f4558c3e6d187a7bc1ef446b2e3732343c13b33d200:9fbf80a42505d2c952f89f4558c3e6d187a7bc1ef446b2e3732343c13b33d200:f55aa570ce4fc95f73f51720d254e4695fcdc81aaa040130c7687f039b8ba59ed857ceb29c121025a857feacb4a01f38e01178310ae6e35c998ebf89dd79057b4afc6db340601c81703c87a8c40e5cebb0441df78a6de13a447cb016c65e741bb7df304d83056b72c682c731fac0a0c70b7811ca14a50154613099c2c437521c404b6361de3621f8ea56b08ebfdb07b4f2bb8ba2ecc164336da8efc942766ef0c74dfd3b49e087e9a27ae54a7a2b98281b9af93dc11aa2f09224ab5a730f0218f4a6e1ea4885a77fbd93a1c58277d9e01be73a25cda918fc27dddb453a5da6902ad02ba05775c67e07bea4df86913466744365c1326e0ab5e1254c17967447d591ba5ed1b63a42543b87fed41459a089bceaff219802a87a872a763e692333ce1cc7397825084b2b831e93d80d6737f32980f2f3ae82c62190fe3fa700c5b7329d6d50042bdf831f37548fcc80b11f57cf20f67a3bb651a7beffcc48b70d17eb60f7259cc53bf7ff6080eb2bd0923b0483aa3065a8955f01d23ba80951e0aefd2a9372191572bc52916aa22a2aec393767fafd086839e236fe0460ce6d639c7ce69fe7f9d3aad2130573443570443be6bab93a06a54b8ac29bf33ff9949bc92158e6924b6b68ecda5f6f3aaf42b3d22df6d5e67d5cb3ab71eb8ee0b0e66732e1daca6cd60d9aa74305fcd570076d228d446d5ee542b10488bf8aa988f451faebe74ab669d604d9ddb15106620ea02e8db38ce639b5747812bb9048ee8bf72b1a951a05dffac95417cb43b06dce61ee3da6f2832ee83b2e7288ddd62eeb5893f7f2f6c8090d99e336c9f9069e1815985841bdd505b5f83d895e879593dadee72ceb9765699bf80bd06a5c55331b2545527d0c7caece96584ce3ec7fe02260f20b8a1c0635763ff4:0ae343bb84e3a299078e2434ba220022f3160f968ac04482bf8cad13b423f2670f01fb5f7b32c597520f84607e0f79c075fa7078e6e69d3cec319265d466080bf55aa570ce4fc95f73f51720d254e4695fcdc81aaa040130c7687f039b8ba59ed857ceb29c121025a857feacb4a01f38e01178310ae6e35c998ebf89dd79057b4afc6db340601c81703c87a8c40e5cebb0441df78a6de13a447cb016c65e741bb7df304d83056b72c682c731fac0a0c70b7811ca14a50154613099c2c437521c404b6361de3621f8ea56b08ebfdb07b4f2bb8ba2ecc164336da8efc942766ef0c74dfd3b49e087e9a27ae54a7a2b98281b9af93dc11aa2f09224ab5a730f0218f4a6e1ea4885a77fbd93a1c58277d9e01be73a25cda918fc27dddb453a5da6902ad02ba05775c67e07bea4df86913466744365c1326e0ab5e1254c17967447d591ba5ed1b63a42543b87fed41459a089bceaff219802a87a872a763e692333ce1cc7397825084b2b831e93d80d6737f32980f2f3ae82c62190fe3fa700c5b7329d6d50042bdf831f37548fcc80b11f57cf20f67a3bb651a7beffcc48b70d17eb60f7259cc53bf7ff6080eb2bd0923b0483aa3065a8955f01d23ba80951e0aefd2a9372191572bc52916aa22a2aec393767fafd086839e236fe0460ce6d639c7ce69fe7f9d3aad2130573443570443be6bab93a06a54b8ac29bf33ff9949bc92158e6924b6b68ecda5f6f3aaf42b3d22df6d5e67d5cb3ab71eb8ee0b0e66732e1daca6cd60d9aa74305fcd570076d228d446d5ee542b10488bf8aa988f451faebe74ab669d604d9ddb15106620ea02e8db38ce639b5747812bb9048ee8bf72b1a951a05dffac95417cb43b06dce61ee3da6f2832ee83b2e7288ddd62eeb5893f7f2f6c8090d99e336c9f9069e1815985841bdd505b5f83d895e879593dadee72ceb9765699bf80bd06a5c55331b2545527d0c7caece96584ce3ec7fe02260f20b8a1c0635763ff4: +f2c10577f7df77f0c1157a8c331a7bd2ae6386670eb65f0fae122331690f828a0d4c340fc231aafb3b6f74b89bcef7eeaa0b04f293ec8544247bfc3f2d57c1e0:0d4c340fc231aafb3b6f74b89bcef7eeaa0b04f293ec8544247bfc3f2d57c1e0:38ea1e028a493d1c60ec70749f14d436eb3a2b2de54f213d01a645b580430ecd8ece6b5569cc017a4943e5595c5ed6e48c9443f2fa5eb2227ffe56d211f269bc8f6fa9ee8cd56f6b8470539208afe29ab0a195044d957b31f93e184a9cbef1a14e14f808bbf589ac7770084f998e1b254da59ca6d3e62e7be1790716d2560f015f399cbbce48cfd0391ead1993446f6b2493977d93d7b09a07a79a59ce15dce7a1da9c646f45af2ccad55ba158e638c4a30c5d30e9ac6e3a3339c243426d86491b2d92dac1478e8d74ff0bf149bdb5e09e3fb6b8262eb0687981554ae2cb47196339079da0a1a57239c19bf781f62fdaf4e31560a84317ef030492cf1bb1305ba8518ebaf2b434d3641672c8f6ea2defa696dc7e4f39efc08d288d1c966a6c7148c012eec439f7e12dbab5b87cfa44c9ae1900f8386f24444e1092b23a274c138e95c661e9377e8ad2d1fcaf1939ec9a632a873f7eadbe687b4a033b92a477f2e02e9ed92ce4f95cf170b3901518a062143e56db054df4e4431544785a6dfa24eec0f0de7a699ccf286dadfad85903612250764f25cdea8127d0078d554825ea6e7371c438bc46f29fb8937f8d9a39cf8849052d43ecbff6c4a3762a5f400c1514e85e91384fef9b40f4314e223a9d68c526acc70227d62b8b637a342df113d318202c51edd3c1efd1ff20b1ff078b32068e794d928133037f1e3a34689e629e43fd2b8e88eab50d7e7ab0647014ab5e4ad582006567eff72b5af2dac536892ccc871f8a80b5cb79d90bcc6b77d4cd08f876184ef58c064ae430bb79a6b9e96b0ad87368aa838a8dccffac0cd8ce9ea0d0ec4c4b0f42673416659c984992cf53b1e445431007640d47ece26dee4a2943aa7097dd356cff4754f21ac07f6b3f73c469055512f37aba:60b703115a322ab892c276bfd18f70a9eb0c7323e2c0a6eb5fc7e330b0bc3b07a578a082846264f032c6191d040bd98e5d5a4d4f076fb9062acd36bea40c910238ea1e028a493d1c60ec70749f14d436eb3a2b2de54f213d01a645b580430ecd8ece6b5569cc017a4943e5595c5ed6e48c9443f2fa5eb2227ffe56d211f269bc8f6fa9ee8cd56f6b8470539208afe29ab0a195044d957b31f93e184a9cbef1a14e14f808bbf589ac7770084f998e1b254da59ca6d3e62e7be1790716d2560f015f399cbbce48cfd0391ead1993446f6b2493977d93d7b09a07a79a59ce15dce7a1da9c646f45af2ccad55ba158e638c4a30c5d30e9ac6e3a3339c243426d86491b2d92dac1478e8d74ff0bf149bdb5e09e3fb6b8262eb0687981554ae2cb47196339079da0a1a57239c19bf781f62fdaf4e31560a84317ef030492cf1bb1305ba8518ebaf2b434d3641672c8f6ea2defa696dc7e4f39efc08d288d1c966a6c7148c012eec439f7e12dbab5b87cfa44c9ae1900f8386f24444e1092b23a274c138e95c661e9377e8ad2d1fcaf1939ec9a632a873f7eadbe687b4a033b92a477f2e02e9ed92ce4f95cf170b3901518a062143e56db054df4e4431544785a6dfa24eec0f0de7a699ccf286dadfad85903612250764f25cdea8127d0078d554825ea6e7371c438bc46f29fb8937f8d9a39cf8849052d43ecbff6c4a3762a5f400c1514e85e91384fef9b40f4314e223a9d68c526acc70227d62b8b637a342df113d318202c51edd3c1efd1ff20b1ff078b32068e794d928133037f1e3a34689e629e43fd2b8e88eab50d7e7ab0647014ab5e4ad582006567eff72b5af2dac536892ccc871f8a80b5cb79d90bcc6b77d4cd08f876184ef58c064ae430bb79a6b9e96b0ad87368aa838a8dccffac0cd8ce9ea0d0ec4c4b0f42673416659c984992cf53b1e445431007640d47ece26dee4a2943aa7097dd356cff4754f21ac07f6b3f73c469055512f37aba: +041a97906b5956b9d340f2e0d7a1dcbfefe663e9bb4026f8cc1ae7e2a14de27ef382d32e88c3a72c7caddafcf8aa699e21db7a6bf4edd6e49a005aad702e6a79:f382d32e88c3a72c7caddafcf8aa699e21db7a6bf4edd6e49a005aad702e6a79:71a75957411544975a48cf103aa1f8e2ad15244459cdc0e336966eb8b26c97f2169e5d78537037efc077e86f06e05e9c1dc3418288c0a2be6ba34b3a04ab20bae7f3621094b87d78a7eacb864d4078cb4efcbac5add937a2c6012ee1a8b256cc276b65d5e92b4d00b9b11fad884991dec4c1cb9dce1863c8b0a210161ae6b3f8bf9cc4dce4adfdc8ed57d83e95ab9dd2d92658dfbd3afa99e3f8951e2ad74a148f6f597eb2c945c1f1b94461ae0745481fd0edf838c6286035e36f011238875dbba2289d3d6a3942a7f9554c644305244ddb77c117cb4b56237729dde428b8bb42df9ce29e144dfc96cf6c6767b1ee6d053ce4f8bb2056ab7810aa1368a8910f2f69e061c19d8847184fed534f98758d703a76885f91eb752a21954a10c6f6b4da10464ded36b00089f662915421bfdad496753689ccd03b624021080761e68176b10697dac878e4c3db2fd0b28c655335d98016f19f265bb0b2434cb4637844d91ed0ce05ed2591fd998965f83f3197d10eef448850e792032724701da305cb6d794669483fc3dc6f686b183e2999130c8fc0058dcabbc9188f26b2d63ebd6cb1e18a097c7704a59b5e187e0142593b7083f7400afa9b1bf0c1cc6c356bc4334af772e67153b45b331b990920c24eede2c6e323703f52ecd60735b23bf22b81ee775927c37e53dad7596ea65a73bb96775f3b87c8b3c088ec695bc3a7502c0c510f020bf9aca3cbb7a2c011c67ff27d634caf1dcfc58e5e397e6658252272011c8ffdd64230a93241fff68372c4ba85382bbb229309652922db68836631e55be69ab6adb8e4335357fc923efe154afcc222d60d07f56990a3e5a214b227aecff2cd1bb6f0c79ff545f70a616141a9d53f922a02443f7d2a4689c35b095dd394d50bf49f9680a5f7d9:a23f032e6692a0e8bfee5b2d30b414cb16c35ad08da31f696d461a02857822c4ef357f0ccf31025a4dc95ced30a994f41edd1d087afcaaf3e8e875708320f80c71a75957411544975a48cf103aa1f8e2ad15244459cdc0e336966eb8b26c97f2169e5d78537037efc077e86f06e05e9c1dc3418288c0a2be6ba34b3a04ab20bae7f3621094b87d78a7eacb864d4078cb4efcbac5add937a2c6012ee1a8b256cc276b65d5e92b4d00b9b11fad884991dec4c1cb9dce1863c8b0a210161ae6b3f8bf9cc4dce4adfdc8ed57d83e95ab9dd2d92658dfbd3afa99e3f8951e2ad74a148f6f597eb2c945c1f1b94461ae0745481fd0edf838c6286035e36f011238875dbba2289d3d6a3942a7f9554c644305244ddb77c117cb4b56237729dde428b8bb42df9ce29e144dfc96cf6c6767b1ee6d053ce4f8bb2056ab7810aa1368a8910f2f69e061c19d8847184fed534f98758d703a76885f91eb752a21954a10c6f6b4da10464ded36b00089f662915421bfdad496753689ccd03b624021080761e68176b10697dac878e4c3db2fd0b28c655335d98016f19f265bb0b2434cb4637844d91ed0ce05ed2591fd998965f83f3197d10eef448850e792032724701da305cb6d794669483fc3dc6f686b183e2999130c8fc0058dcabbc9188f26b2d63ebd6cb1e18a097c7704a59b5e187e0142593b7083f7400afa9b1bf0c1cc6c356bc4334af772e67153b45b331b990920c24eede2c6e323703f52ecd60735b23bf22b81ee775927c37e53dad7596ea65a73bb96775f3b87c8b3c088ec695bc3a7502c0c510f020bf9aca3cbb7a2c011c67ff27d634caf1dcfc58e5e397e6658252272011c8ffdd64230a93241fff68372c4ba85382bbb229309652922db68836631e55be69ab6adb8e4335357fc923efe154afcc222d60d07f56990a3e5a214b227aecff2cd1bb6f0c79ff545f70a616141a9d53f922a02443f7d2a4689c35b095dd394d50bf49f9680a5f7d9: +4bc5e05aa003a4492f4bad102a5390f7cebab3d3eca9152142ad5ef7d84030ae6751d3ad8bb6c64d6a17d7e447a27da22f5f0403f437bac9449f13cc853dd840:6751d3ad8bb6c64d6a17d7e447a27da22f5f0403f437bac9449f13cc853dd840:a8f794db1795667d28d24b70ac2200a6239a34e2438ced1d03f97ed48beb4d6bea67c14338f7736419dcd2a2a7973726572e6afe7edfef22c99be8b069f04f6dc61a13b343c6e585abad2214d85c36f02996fabb46bb91b5176ac708e49a0b053017048fbb55453f2b8208d6678d1a8cf6a1ee9ad7a91e380325635d1e236a6ca1d6cc7f6b59f2a2bf184f5ee451d6799f69ba11a0cd6bc04be8a351a80e725b5fc4563e45bd4749ecbc45205229105b9de73261498527f3d4ecfbb583ff532753d07c38526bb482d171a261b9cf89906a7dea8cbd7e726ba31ea68803a6b004f6dcd19e671950463738cca78bb0dffa3d6457e4aeca657ec649b97ee30e97c8cbe6ce43c2aa9a69958e9dc881e4aa7b3278074e787ace5fb601d7faf7ca5103ecbbd3bd554eb1b066f8296d2cc57e8c8a32e9c0e6a926964d6df2d8645864b322c322f1ca8073cedf2b556711a7a20b77c0a1ed277a9a6ca2c07154e863fef5a404e3e89f0d7f30f218ec4de7a53aeb9c41eeaaf6ce749649c9998fd62bcba2872338e19c94e59dd5e2dd776f53719d21746976932ef11abf7a32ae6b0744665d0e0ce513955a9e68531d8ee4de9a8d35ddfb88eb5a486ad63137e8892fd7c689d4f9e7021b1173bb3752a5eecf2992e3fd4642263c7b3d815c29b466ab69285ffe4b8dafcbf3d01d635553ab7575a7a3471edc7be412d3d01e6fe8e3cdc3fa04d2a7599381e22bba49c5539d79c62b52bb0eca33f74255e41a9526a89289b15f1850d9afa87e6b6fa127101c1a6d88d433e0c86aa60bba8fe7100ed61d5a9d00a00764513eb1c7f5f5c3b3efc4532a36b407fe2d17cfb4e6fcd6049cff3a355623a3a41390ea48f42120d897949111be3d169b2d2ef45bdb894fe20b1a95ef66149427a9d8f80a9b2e:a24fee11f7ec6da3e9dfaf6c858ac004b4531abd1c9d3bb64f40dd247f00359350e43b2d4b8fbec5f6b241ecf9f1101485cf418735b05f712018335b20068308a8f794db1795667d28d24b70ac2200a6239a34e2438ced1d03f97ed48beb4d6bea67c14338f7736419dcd2a2a7973726572e6afe7edfef22c99be8b069f04f6dc61a13b343c6e585abad2214d85c36f02996fabb46bb91b5176ac708e49a0b053017048fbb55453f2b8208d6678d1a8cf6a1ee9ad7a91e380325635d1e236a6ca1d6cc7f6b59f2a2bf184f5ee451d6799f69ba11a0cd6bc04be8a351a80e725b5fc4563e45bd4749ecbc45205229105b9de73261498527f3d4ecfbb583ff532753d07c38526bb482d171a261b9cf89906a7dea8cbd7e726ba31ea68803a6b004f6dcd19e671950463738cca78bb0dffa3d6457e4aeca657ec649b97ee30e97c8cbe6ce43c2aa9a69958e9dc881e4aa7b3278074e787ace5fb601d7faf7ca5103ecbbd3bd554eb1b066f8296d2cc57e8c8a32e9c0e6a926964d6df2d8645864b322c322f1ca8073cedf2b556711a7a20b77c0a1ed277a9a6ca2c07154e863fef5a404e3e89f0d7f30f218ec4de7a53aeb9c41eeaaf6ce749649c9998fd62bcba2872338e19c94e59dd5e2dd776f53719d21746976932ef11abf7a32ae6b0744665d0e0ce513955a9e68531d8ee4de9a8d35ddfb88eb5a486ad63137e8892fd7c689d4f9e7021b1173bb3752a5eecf2992e3fd4642263c7b3d815c29b466ab69285ffe4b8dafcbf3d01d635553ab7575a7a3471edc7be412d3d01e6fe8e3cdc3fa04d2a7599381e22bba49c5539d79c62b52bb0eca33f74255e41a9526a89289b15f1850d9afa87e6b6fa127101c1a6d88d433e0c86aa60bba8fe7100ed61d5a9d00a00764513eb1c7f5f5c3b3efc4532a36b407fe2d17cfb4e6fcd6049cff3a355623a3a41390ea48f42120d897949111be3d169b2d2ef45bdb894fe20b1a95ef66149427a9d8f80a9b2e: +a3bed9fe2354bd2860149a3db75a85b129cf83e9d73e6317ba7054521933f8965ac03b4f13d91d066b2ce359e9bb1dfb6bfa5afa382fd1ccd72aef1176079f89:5ac03b4f13d91d066b2ce359e9bb1dfb6bfa5afa382fd1ccd72aef1176079f89:db853808686d6d21f4c57b541e5ad63394d465e60078643cab1e065c9f306c500078f0cc41ef0f9542b5fe356aec4777ef8a95554c97b6a44099e9bd6404fb0b2e41f91914b074d12237cd442ebd40b51b8bc8bbe437a2c53332d2beb2281bf7324a0cf5b741bbf98d1eb9858be926e915a78e8d314b4144f3d20dfc6cb7f48c23af90f871c6cda90845a41aff1707a87b4e5516f18e8bd7683cfd74070803e888338c9a18f792c8d3a704170ff982bffc9e8ec9ea5d1a62592f1688d4f2b01e11f9f88774c47ac1d58f690bcf288cf8a473d350a8239df9d3a62881dadd338531fdce7615807ce965496d6f35d6c042f0ce7f21efe5ce6425185941ed5636b8ae913a75d21ab9dbdb3c3b6687a45e044938a9f1c13a330ea9761e283e61d4a320e1f559882f34b607fefe32c343174abcdc77b065a92904b42d961db8ed916c01464ffd43f93c1077f1df7ee65031cfe05d780d01d08ee036f22a2b0512193b0c0f3801e0a0208eef245c9e519352d2b0096382f2cba06eb2a01dacf619eabbc883c5d4f2fd7c3423179c0f5ffdaf8cafff5c46b34a09c3c50e2949c06000207d70d37d65a743075fdc2be62d412aa63e363706ca90e6ef44e152ea4dc5c2893ecd08d796d41f172254c3d1d14bb067b53a0897bbd73c9954d9648b2af10d9c2703e38b6c62469f6f958a1ca0a320c12339e90cf768c87b4738c219f8093bff4c2cfd29459f6d3281349378e915a3b0e724c74d2bd7a851ac7c6b48e8afc7124fdcbcab5ff80d1dee30a6c024cb4331972366ebab26bbb9f608caac7e51914df058b9b3745d98c5d27e97105475ec017377e6316198ece4ec5909f04fc27e7b382e66adb62ac8a977f376fd5dae434fb55175249ca1ab6bb02dec0696f089be3454887a0c32361d172bd2:33bc1e0bf1b493e0cfb7ea40480a1423e091f7145745013173787df47a10db24c165d00596fab70e68c94c104e8a7407cf695cd3fbe585b5b176b85ccca4fd08db853808686d6d21f4c57b541e5ad63394d465e60078643cab1e065c9f306c500078f0cc41ef0f9542b5fe356aec4777ef8a95554c97b6a44099e9bd6404fb0b2e41f91914b074d12237cd442ebd40b51b8bc8bbe437a2c53332d2beb2281bf7324a0cf5b741bbf98d1eb9858be926e915a78e8d314b4144f3d20dfc6cb7f48c23af90f871c6cda90845a41aff1707a87b4e5516f18e8bd7683cfd74070803e888338c9a18f792c8d3a704170ff982bffc9e8ec9ea5d1a62592f1688d4f2b01e11f9f88774c47ac1d58f690bcf288cf8a473d350a8239df9d3a62881dadd338531fdce7615807ce965496d6f35d6c042f0ce7f21efe5ce6425185941ed5636b8ae913a75d21ab9dbdb3c3b6687a45e044938a9f1c13a330ea9761e283e61d4a320e1f559882f34b607fefe32c343174abcdc77b065a92904b42d961db8ed916c01464ffd43f93c1077f1df7ee65031cfe05d780d01d08ee036f22a2b0512193b0c0f3801e0a0208eef245c9e519352d2b0096382f2cba06eb2a01dacf619eabbc883c5d4f2fd7c3423179c0f5ffdaf8cafff5c46b34a09c3c50e2949c06000207d70d37d65a743075fdc2be62d412aa63e363706ca90e6ef44e152ea4dc5c2893ecd08d796d41f172254c3d1d14bb067b53a0897bbd73c9954d9648b2af10d9c2703e38b6c62469f6f958a1ca0a320c12339e90cf768c87b4738c219f8093bff4c2cfd29459f6d3281349378e915a3b0e724c74d2bd7a851ac7c6b48e8afc7124fdcbcab5ff80d1dee30a6c024cb4331972366ebab26bbb9f608caac7e51914df058b9b3745d98c5d27e97105475ec017377e6316198ece4ec5909f04fc27e7b382e66adb62ac8a977f376fd5dae434fb55175249ca1ab6bb02dec0696f089be3454887a0c32361d172bd2: +88a24f0df3ae2914df79da50ecf8ecb42f68c7baad3b6c3a2e0cc9c25d09d14212e6603f713b2305358568710018685e141553c47591396fb4259e42dc53b9c9:12e6603f713b2305358568710018685e141553c47591396fb4259e42dc53b9c9:654e9edc69fe634c2308ba8c46a955e882456286eae3593cae739c44866c0de9edcbbf0db1c44149668467709dc9706298dd2eac3301dabad5bd8e93c5e8a93f194e0fc1d9f376c144c293aefda086b2218f2e9dfd7c2dc52ba33eb229dcf7bb68ce0f876c5fd4e81afd80169f73cf264e5dc0ce16e1b876cd11c7ad89058ee0820c40005d01f119f8be6f1afbe24ca4aedc18e97896827c3ed67fc45630e7903b7fee9c990e361937bf4ea0a4d8d16cf6d9cf0381e9065e3625148f8ae0491a0341d0ff9f727be1f310ca1ec3f0104aa054321784dd24d53c985b28d44082f8e1c108a44109638ff5116edd85aeb86b6ea512a19b602edd9d211070d044af5bedb6c8527ba3491e345bacc130b36960282ae737b85c769274f0f7c588f40e6625b236bdc1a3b87320460eeeada278124b5668874f39f59c2e6aa208c3b6a9b845c4d0a27a0546786fa13e51cc98b73fd7ee327b6215ec6b629f4cc7e4bd3c0a3db78a21fffe24c70438716bc37b8da7c5ff7c3688a90339c22eb50b7c2cd36b68831fd5939175689bd3e22c3881af337ee14435709e351040ef3da955724e51c24a5e2c09f891808393fbf8ef7f1f5f0298deebdcd8d666cbcf3e866c718999ab6b1feec9c47e02e7d63540f89963d542c5d01fb6fc30768968ae81b20c354b4000c132774764d6d443add64f6dd748f5fb5b7f6eba401db4318be993989fcc2577961fa5ad31f6a2a9d6a755285865cd5dc3a88cfb5aba7d923baf78b5d131b4c214df55b6171f45209e21ca6645490d3a3644dda6dc929c7c409576d37164755ef8aaf3dcd4d22775ee7dea0e565bd54727921c649bc51f20c1f68c1fdeac455c67d71a1cb8837f4691448bf0bf044a46f1685fbe22b1e01877f7477d3499408c4c316510ce2e55b98005:1707cc009186bf3f03f7bb9e3cd4cf6b737b7a6baade7fc6c3ff5c1225dbb2baf54f47c85eafa132c31eaca03e6aec1447733facd37149b7c6cf0cd41f611404654e9edc69fe634c2308ba8c46a955e882456286eae3593cae739c44866c0de9edcbbf0db1c44149668467709dc9706298dd2eac3301dabad5bd8e93c5e8a93f194e0fc1d9f376c144c293aefda086b2218f2e9dfd7c2dc52ba33eb229dcf7bb68ce0f876c5fd4e81afd80169f73cf264e5dc0ce16e1b876cd11c7ad89058ee0820c40005d01f119f8be6f1afbe24ca4aedc18e97896827c3ed67fc45630e7903b7fee9c990e361937bf4ea0a4d8d16cf6d9cf0381e9065e3625148f8ae0491a0341d0ff9f727be1f310ca1ec3f0104aa054321784dd24d53c985b28d44082f8e1c108a44109638ff5116edd85aeb86b6ea512a19b602edd9d211070d044af5bedb6c8527ba3491e345bacc130b36960282ae737b85c769274f0f7c588f40e6625b236bdc1a3b87320460eeeada278124b5668874f39f59c2e6aa208c3b6a9b845c4d0a27a0546786fa13e51cc98b73fd7ee327b6215ec6b629f4cc7e4bd3c0a3db78a21fffe24c70438716bc37b8da7c5ff7c3688a90339c22eb50b7c2cd36b68831fd5939175689bd3e22c3881af337ee14435709e351040ef3da955724e51c24a5e2c09f891808393fbf8ef7f1f5f0298deebdcd8d666cbcf3e866c718999ab6b1feec9c47e02e7d63540f89963d542c5d01fb6fc30768968ae81b20c354b4000c132774764d6d443add64f6dd748f5fb5b7f6eba401db4318be993989fcc2577961fa5ad31f6a2a9d6a755285865cd5dc3a88cfb5aba7d923baf78b5d131b4c214df55b6171f45209e21ca6645490d3a3644dda6dc929c7c409576d37164755ef8aaf3dcd4d22775ee7dea0e565bd54727921c649bc51f20c1f68c1fdeac455c67d71a1cb8837f4691448bf0bf044a46f1685fbe22b1e01877f7477d3499408c4c316510ce2e55b98005: +184d0ce2e9db7f257a8bf4646d16d2c5efc2702ced026b6906d3c8c0118f2261e9dab8fd9d94dc9b24cc79c635cc57ce66518982ba3e2447240741bac0730ec5:e9dab8fd9d94dc9b24cc79c635cc57ce66518982ba3e2447240741bac0730ec5:6a9b876b0bf4189b3cc15f9eb4fbe7932b5577892a22200ce107156853d6d3ca363f025ad7a2d862aadc742d9415bd8d1fca13c9dca3586044e55a8cf5dee1ce564576e3e8e365540546501b34ca675cf200e0771a818c73d37fcda8cb15e48d5a0b9ea3beec0ff6610b2a8a214ca4f7efac0e71381052d9bf3c00c329593474ebd0a687a0b41d144b5e7ab1412b970a74baba4d274bb0dbfdb02b11f7f63964ba6f3ba0ad23341d083b91a4308239e33d50824396126588de72a2390c1c0fc06747c28772f630bf4d143f7a1159f028c093404894e6d16f634635d4fc330f3d7a7313ef756f5d49d8f6205eb1c792a9495da131b43345a0090c12ca56e6adac5be0cbcac3609d69f72415f6c37f3cfb2cf76b3e65f3c93ac92b63f2baa466249075bca69d4c1d1f3ade24ab31effcb90469c24bb410ab4723e1b7e1c88b3a36433563f71a99aad58fe80568f9c102da89bad97963e77d6622483166f3ae261f32a52a86101ebd645f6142c982e2cd3625cf8b46b9b2891246920f697fcaed397cb922c274945167a0e619b0b506377606db045783b0b88ea04e932d21ffc064a12a40ebe9b480f1a2c7ddd395a9b15efdc495c9714f36fa996f79f8eb8efa52d99a24abfef43b32a237c5bc0018da3b162f59b8d3d474e2ce08fa8024c58acc0a99ff614e6cd7fdd9ca4e8f41a1449aa618d03337e8a374d56055b207a9dbe69f5948f901ca7db0410f01aa373d9e0227623599bc212845b006e942fabc582cd726db5c443eb2dffbc9e3e7f0e5cb6744f7ad716050fdf2c60c7c77c253ab745db9c8552655683ea7ea680aa4af34df1325c29b8874b61be23de4ffba25424f4619ec682c26b3a67bda9bc4c94b79a9fc4d82d340495b437a1cbd6b60307cfcb10026f964a017623e33dbf233:b1e3bf5fa74d7e442ced9a98d927d8c45e0e64d874f8ea5920a360a4bf42d83ce18a924ac796e1a77d1b0208294b50f822177fdbdd458c74356fcf6bd79451066a9b876b0bf4189b3cc15f9eb4fbe7932b5577892a22200ce107156853d6d3ca363f025ad7a2d862aadc742d9415bd8d1fca13c9dca3586044e55a8cf5dee1ce564576e3e8e365540546501b34ca675cf200e0771a818c73d37fcda8cb15e48d5a0b9ea3beec0ff6610b2a8a214ca4f7efac0e71381052d9bf3c00c329593474ebd0a687a0b41d144b5e7ab1412b970a74baba4d274bb0dbfdb02b11f7f63964ba6f3ba0ad23341d083b91a4308239e33d50824396126588de72a2390c1c0fc06747c28772f630bf4d143f7a1159f028c093404894e6d16f634635d4fc330f3d7a7313ef756f5d49d8f6205eb1c792a9495da131b43345a0090c12ca56e6adac5be0cbcac3609d69f72415f6c37f3cfb2cf76b3e65f3c93ac92b63f2baa466249075bca69d4c1d1f3ade24ab31effcb90469c24bb410ab4723e1b7e1c88b3a36433563f71a99aad58fe80568f9c102da89bad97963e77d6622483166f3ae261f32a52a86101ebd645f6142c982e2cd3625cf8b46b9b2891246920f697fcaed397cb922c274945167a0e619b0b506377606db045783b0b88ea04e932d21ffc064a12a40ebe9b480f1a2c7ddd395a9b15efdc495c9714f36fa996f79f8eb8efa52d99a24abfef43b32a237c5bc0018da3b162f59b8d3d474e2ce08fa8024c58acc0a99ff614e6cd7fdd9ca4e8f41a1449aa618d03337e8a374d56055b207a9dbe69f5948f901ca7db0410f01aa373d9e0227623599bc212845b006e942fabc582cd726db5c443eb2dffbc9e3e7f0e5cb6744f7ad716050fdf2c60c7c77c253ab745db9c8552655683ea7ea680aa4af34df1325c29b8874b61be23de4ffba25424f4619ec682c26b3a67bda9bc4c94b79a9fc4d82d340495b437a1cbd6b60307cfcb10026f964a017623e33dbf233: +d02bbf70d51351e3b47ad8e5ed263dbf556d1498fa9bd5dbd99fb4269009dced8ce4b59f94ced6ec9614d67d3066d9d3a0df7a46b37b4c1725ef1e57bc68a0d1:8ce4b59f94ced6ec9614d67d3066d9d3a0df7a46b37b4c1725ef1e57bc68a0d1:554560f7a7fd1ae7758a2fce7d780f6b3f043d3af89d4f19ef573c34997554df243faf2aaab65b2afdd28610d4a51e9a4b464db6db09ebf73b7d24054cc9b12814bb29ee99e1a73bd603898360f9dcf01e670836286f8236ed8cef075f3d563312c16c73fc37eedf252f8f42d30a13e7fba3b165238c7f81eaaeb53190f3ec3b5d63f0ee03e3987e390d1d81e8277e9f6c1ee6ec4ec3fa0d720e9f53f9c26f04aa2ed2b5ef3160895999eace29cf5dc254ad71106bb7e8bc29a5b1d2412593d08194e88e1659a73159a2a22033ab066e8d3d8c3bc86b7b01de81a8c66047b07fe24ed240318ba37ba3efb6cf632604ca4f446a75fd8e70c453f0c60ee16ecaf524e703f47df5c282ca3289b3af61dee4709ee085323b1e5c8a6bc0766201c635031446891f3494e9db20dd4e9e0838249a67e138d13ee2c96f61e771061542aa16ef20d81e3a0f4e4521a6cd6c92fc26feef03b66c70e035cafcc19c96fb9d82918fe197780eff0eda6e2512c56e2a73d77032b768919bea9772f5989c8b6c65c3d1e97a2180cc3a37579da70ce9806ac1285a3eab415c0607d88cb86542eab90b9d2d67fafffcad23a714000ee59ed68c956e81c445428882f97af74db362e45c0d1bd8856eed166e4aec4bfdf95eadb251e2a1ef804852a9ea77d34577fe70831a928b101b60ac613e7ba2e6ba0a94013a64c2f8219fd30bff409099667a786f99327bb03e2f2187f445b46beedab6d325afd904e39543e93f4b6c5443249d744b2d1a43e141e4768bd40aabe4057244e1eadd9daec175719e51a093ace32fe82b2eacb5ecb0da6c1ffe98c8cee7886e301670dff87113efed4282471afb6b8a0fdb505e2e8e7dbc1a08a22e9680bd098bf1275802bdb459413a3b237d7713a1bbf597e6adf2b60eaf823791b3:6e7c66acc954ffd9dd4c1c6335ab4fe79dbbed782c4a47ec30d848d8bb2b4f1069dc62e522a1e8017f54a6345e1728c073af6447856d8c1ed35878b571e5230d554560f7a7fd1ae7758a2fce7d780f6b3f043d3af89d4f19ef573c34997554df243faf2aaab65b2afdd28610d4a51e9a4b464db6db09ebf73b7d24054cc9b12814bb29ee99e1a73bd603898360f9dcf01e670836286f8236ed8cef075f3d563312c16c73fc37eedf252f8f42d30a13e7fba3b165238c7f81eaaeb53190f3ec3b5d63f0ee03e3987e390d1d81e8277e9f6c1ee6ec4ec3fa0d720e9f53f9c26f04aa2ed2b5ef3160895999eace29cf5dc254ad71106bb7e8bc29a5b1d2412593d08194e88e1659a73159a2a22033ab066e8d3d8c3bc86b7b01de81a8c66047b07fe24ed240318ba37ba3efb6cf632604ca4f446a75fd8e70c453f0c60ee16ecaf524e703f47df5c282ca3289b3af61dee4709ee085323b1e5c8a6bc0766201c635031446891f3494e9db20dd4e9e0838249a67e138d13ee2c96f61e771061542aa16ef20d81e3a0f4e4521a6cd6c92fc26feef03b66c70e035cafcc19c96fb9d82918fe197780eff0eda6e2512c56e2a73d77032b768919bea9772f5989c8b6c65c3d1e97a2180cc3a37579da70ce9806ac1285a3eab415c0607d88cb86542eab90b9d2d67fafffcad23a714000ee59ed68c956e81c445428882f97af74db362e45c0d1bd8856eed166e4aec4bfdf95eadb251e2a1ef804852a9ea77d34577fe70831a928b101b60ac613e7ba2e6ba0a94013a64c2f8219fd30bff409099667a786f99327bb03e2f2187f445b46beedab6d325afd904e39543e93f4b6c5443249d744b2d1a43e141e4768bd40aabe4057244e1eadd9daec175719e51a093ace32fe82b2eacb5ecb0da6c1ffe98c8cee7886e301670dff87113efed4282471afb6b8a0fdb505e2e8e7dbc1a08a22e9680bd098bf1275802bdb459413a3b237d7713a1bbf597e6adf2b60eaf823791b3: +aa0fdae2a5a4c9c04521913004cd89efbc88b2dadf5abb246f3ca7f6923544afbffcb17c35c1304cdd9d624ff69bee60ec7c9ec327d12350d70fac12b47cc25c:bffcb17c35c1304cdd9d624ff69bee60ec7c9ec327d12350d70fac12b47cc25c:b14184cfdc4a5f0c7f83f94a832f588507e2d72a89329870078571d208a0c4960c2fdc4c236cf88229981d12b10a1b6884c8650ddaf1d4b2eb981575b1e019fe3f60423676f8856a992cce36d6d0a3d026631c8c1e1ffe34134b296f40842b6df4f86f833e0175bae50e86bf856d1ee79925f434b8bf2c84519f1f5d25386049ce3ca61777e30b700a602d395250b60fc64ac6f8db027e8da8b9550f24ed11a11d9f9f9c5e0af145b8659751ac6b55861f6388a64336b31efe45c0802d76a53486a81eba07314b4d961c141ab34e2f76edac0e6de31422df792af081e769c7ed05da9a5af2fdf36f141769908b700937f0e1068c131f176eb96c67afdbe78f40d86007fbcd47e49e2e4c4ce049936adff1ce3eac42b96b3429b5626b1aa62acde07f45a13ce1bd211f32bd7efe4790c8371ebf87c164477a5c9fa3e78c2f88077b097344cffa031c4429c7f42dca07737850ee7a769b36d0f0625adf120ea23ff4e393a4fdcb6558dbf9b266a032e3b0599b9d6692fcebd815a3897607856325fcd0115dc310db3a8792fbebd399494c8371e585727b3d632414496893d03813ba1f99661bceb9dc18ec5dc27f52670318687769fc678ddc7e40227c200522013f5c0eec0e4781e6fc153a0c2f4f3f95e517c8419924ab39992af8c19465057f134486696ba7fd4651768b4e749ef36f02444617cf97f0a423e4c13b7b66ba2b6c456878b0b50ce2ee5ec564ed8854f782aa1d1c6aa760f2522c7d97b9b1abe0ba810959d7aa403a99375aa3e39a115d1fc6fedd002f3830a50a837dc720329ec0c73d5bfd500385c736838287e19201525d189c3a084cd5a3f359875e3b8325289ced18b63b00ff9cd070c3e67444bd3d8346174085cc45135caa0c67b3226e4a52e9a1c55aed7ec5fade6bf16c19:f937298969ca34d97584448907358b0f47841f3023afc7ef7681521c5be0f5e5628a8f607e2f31636ef63646b0e9898a72ad355706d2c8060fbc640efb3d6605b14184cfdc4a5f0c7f83f94a832f588507e2d72a89329870078571d208a0c4960c2fdc4c236cf88229981d12b10a1b6884c8650ddaf1d4b2eb981575b1e019fe3f60423676f8856a992cce36d6d0a3d026631c8c1e1ffe34134b296f40842b6df4f86f833e0175bae50e86bf856d1ee79925f434b8bf2c84519f1f5d25386049ce3ca61777e30b700a602d395250b60fc64ac6f8db027e8da8b9550f24ed11a11d9f9f9c5e0af145b8659751ac6b55861f6388a64336b31efe45c0802d76a53486a81eba07314b4d961c141ab34e2f76edac0e6de31422df792af081e769c7ed05da9a5af2fdf36f141769908b700937f0e1068c131f176eb96c67afdbe78f40d86007fbcd47e49e2e4c4ce049936adff1ce3eac42b96b3429b5626b1aa62acde07f45a13ce1bd211f32bd7efe4790c8371ebf87c164477a5c9fa3e78c2f88077b097344cffa031c4429c7f42dca07737850ee7a769b36d0f0625adf120ea23ff4e393a4fdcb6558dbf9b266a032e3b0599b9d6692fcebd815a3897607856325fcd0115dc310db3a8792fbebd399494c8371e585727b3d632414496893d03813ba1f99661bceb9dc18ec5dc27f52670318687769fc678ddc7e40227c200522013f5c0eec0e4781e6fc153a0c2f4f3f95e517c8419924ab39992af8c19465057f134486696ba7fd4651768b4e749ef36f02444617cf97f0a423e4c13b7b66ba2b6c456878b0b50ce2ee5ec564ed8854f782aa1d1c6aa760f2522c7d97b9b1abe0ba810959d7aa403a99375aa3e39a115d1fc6fedd002f3830a50a837dc720329ec0c73d5bfd500385c736838287e19201525d189c3a084cd5a3f359875e3b8325289ced18b63b00ff9cd070c3e67444bd3d8346174085cc45135caa0c67b3226e4a52e9a1c55aed7ec5fade6bf16c19: +7162fef0aca4974b094a6a08054395f877ff9433f1e33e20e88eaa90f938997da280640f139f45c35a4871537eefe6ef9db02de785ee9fd54f805fb57d3746ef:a280640f139f45c35a4871537eefe6ef9db02de785ee9fd54f805fb57d3746ef:c90f450bda1c6efd8d1278debd7ae03e2eac2740a5a963fcf96c504e31d4d6fcc5e2b52a2518d2741c55e9591867b2423228f9c19f33c6f38705c62036d480ff53df12077e38fdb073c673105da1e11619ba5321a71b5f4993234a11948ea110cfa242bc23fac9aae462606e39641ca7147eebba1eec553fce94e53e4e01b073dd780a2ff678b31572ca11ee0877e756bcdb6653e5e1b4cbfb569a9d60e3ee336182dcb9b25d1be6dbf9b5c7146d775585834cabde0278aee5d57c85e983f84d8833a9e15bcc11198e1c1da6ba59282129f1db966f5460c8fb6530fbc3a98a31fc0f4e9b337366eec1dce108c826d49045abfa12ee88797f08f0683fef77edaa3543b91cb118e424d9c408da547431125107d9b0744c2443ce9917e1e328d81850babbc94d920a1d06e524dbb6c23dd82e1787822d71c4cdc409ae85ba4deb581f934748f75e7a769b9d68c4589e594e65cb6c8f4903ffbabd5a326e89441a542f8ac264ccc64e95a8982a710b6c56ff7d10916afc409ea8a41b74679dd6a766f59c52b9305ba733b13c9e811ee13083925f4200682bd05dea339532522970aa149d004a2ea20ff461e9ec0f3b62565c1a106259c836605cc27cadc9515cb9979e89af287c027d75edbf87d5cff63a7fec9bd10e7877ab9bf868d734bd3a2374cef7025cc4dab710e254806685a136ecd03e36770346513a15145b890eeef47b80ea08e46c81d202e533e9a06a38a6f76ef57a9c736ec78d00b808e3ffd9c79b9dc7a2e589907656c932ab8a8b57da1a495ba7452015e7924b5269ab1f67bdb43a35831487ab9002f52d78b134cd3751925aaab0b45c8e6b0f2bf0cc9a4659317108fba9136aabb0921a58fbb9b50e51243f9b531847dc9657e96fbaf7aa698fe6fe44f90590144c70337250c58bc5dd:ae161cce95403384b65c6bc9b393eb072564c35f3a6c04fa517ab068bcd23767cc0c8edd92b1a13ae9a9ce4864137fb89c1f37b748cfc9134b6741ba1b22280dc90f450bda1c6efd8d1278debd7ae03e2eac2740a5a963fcf96c504e31d4d6fcc5e2b52a2518d2741c55e9591867b2423228f9c19f33c6f38705c62036d480ff53df12077e38fdb073c673105da1e11619ba5321a71b5f4993234a11948ea110cfa242bc23fac9aae462606e39641ca7147eebba1eec553fce94e53e4e01b073dd780a2ff678b31572ca11ee0877e756bcdb6653e5e1b4cbfb569a9d60e3ee336182dcb9b25d1be6dbf9b5c7146d775585834cabde0278aee5d57c85e983f84d8833a9e15bcc11198e1c1da6ba59282129f1db966f5460c8fb6530fbc3a98a31fc0f4e9b337366eec1dce108c826d49045abfa12ee88797f08f0683fef77edaa3543b91cb118e424d9c408da547431125107d9b0744c2443ce9917e1e328d81850babbc94d920a1d06e524dbb6c23dd82e1787822d71c4cdc409ae85ba4deb581f934748f75e7a769b9d68c4589e594e65cb6c8f4903ffbabd5a326e89441a542f8ac264ccc64e95a8982a710b6c56ff7d10916afc409ea8a41b74679dd6a766f59c52b9305ba733b13c9e811ee13083925f4200682bd05dea339532522970aa149d004a2ea20ff461e9ec0f3b62565c1a106259c836605cc27cadc9515cb9979e89af287c027d75edbf87d5cff63a7fec9bd10e7877ab9bf868d734bd3a2374cef7025cc4dab710e254806685a136ecd03e36770346513a15145b890eeef47b80ea08e46c81d202e533e9a06a38a6f76ef57a9c736ec78d00b808e3ffd9c79b9dc7a2e589907656c932ab8a8b57da1a495ba7452015e7924b5269ab1f67bdb43a35831487ab9002f52d78b134cd3751925aaab0b45c8e6b0f2bf0cc9a4659317108fba9136aabb0921a58fbb9b50e51243f9b531847dc9657e96fbaf7aa698fe6fe44f90590144c70337250c58bc5dd: +dea180c91b533aaf736bc5d3c8e474d5e5d475b75b92cde6bd1d10f3b8f55ad430b20fb320b00e77c4e0a8eb3730af3c0b1c5f5ed9ee2b0562707e4f55c4938b:30b20fb320b00e77c4e0a8eb3730af3c0b1c5f5ed9ee2b0562707e4f55c4938b:606144b7d4f96bef7f112b6d41bcb500d2136c134ceda220e24d0f1524eca12c30f2b102c7f378d6bba259c5b4a5ef8ec9309d5c8da7e8d2ded3792aeeea2108f77d66b23045938ed64751f20d48326be2fb99628cfb1873d7dd27581c105ec13249a952a50784b8b34cb3b2c1a004fa8b628a0767fa9abf058d955df85d134a0fc7f4b7d7fb0c8d31bce345dd0a4282145afb2ff19751f2cc3a1caea242baaf538749bf388000e3dc1d739359dfebae64ae1e10fb6fc17cc9fb950535c2de129587a86859b7be36dfe9b6c1141b25e0915c8d4aa1cceae7046b3d7cfa940bc98d4d69fc5a30dde1dee42fb5272281bf8f8e7f3e1a04397fb4f3adefc57532ddbde36833a676e6f39c82aff6bf4832ec971e03be3829c02a203c82d9eb8c1630ee9693f45d26f5f51a3103ca64d468eceac1b29af4c42eb216d76ec8994836b4bec76489ca5070680c2c2eb457210a77c47fdcbf600172073a53f1453bb5c80439c882f0736de40637b4f5ab1f761ff355c6e9bd4abde7560d5fc113c830159a1b77c4e87bc2c69880a40c5805ecc8aaaf57575bccd8177fc6b83569233c0f5ca223ac4013ca106cac2854706aead714fa29f2860a5f9753268a3671d9f59cde6048cf0b8986050f7f549e4fd7557f2fc3fcdccddcefda586a64b3006e5825f27ca31687caf663bd90a05b1152d7c88d7f1051a9d791748651d888a6a12f22d6c8c3f78c2b86eaf5394b4ef7eefb89797b25e542dc93102d021a1d0bed6a7dcdd8102b8f0430a0bc21d904a3c9346c018343dd9937cb35250007a284825db08e9a11fee31cff7a314c48c42d8b314acc27822af03d1954c7cc8bf9ad4e9e98f4ad4efb355288daa8c90de9037e64a7861f5ee43ada9f0fccde34d0bcf50288550f700f215a7944a5380e2a8e3f04f2b4f5:d083333fb84e79c9b33e55e8192d571ffc8dc50745b6b5fdd8c44d92a63fd178c4e57c2ab3a1211c0ba2d39da30b06629d8d1cc1d9f2593263d524fa5a2ebc03606144b7d4f96bef7f112b6d41bcb500d2136c134ceda220e24d0f1524eca12c30f2b102c7f378d6bba259c5b4a5ef8ec9309d5c8da7e8d2ded3792aeeea2108f77d66b23045938ed64751f20d48326be2fb99628cfb1873d7dd27581c105ec13249a952a50784b8b34cb3b2c1a004fa8b628a0767fa9abf058d955df85d134a0fc7f4b7d7fb0c8d31bce345dd0a4282145afb2ff19751f2cc3a1caea242baaf538749bf388000e3dc1d739359dfebae64ae1e10fb6fc17cc9fb950535c2de129587a86859b7be36dfe9b6c1141b25e0915c8d4aa1cceae7046b3d7cfa940bc98d4d69fc5a30dde1dee42fb5272281bf8f8e7f3e1a04397fb4f3adefc57532ddbde36833a676e6f39c82aff6bf4832ec971e03be3829c02a203c82d9eb8c1630ee9693f45d26f5f51a3103ca64d468eceac1b29af4c42eb216d76ec8994836b4bec76489ca5070680c2c2eb457210a77c47fdcbf600172073a53f1453bb5c80439c882f0736de40637b4f5ab1f761ff355c6e9bd4abde7560d5fc113c830159a1b77c4e87bc2c69880a40c5805ecc8aaaf57575bccd8177fc6b83569233c0f5ca223ac4013ca106cac2854706aead714fa29f2860a5f9753268a3671d9f59cde6048cf0b8986050f7f549e4fd7557f2fc3fcdccddcefda586a64b3006e5825f27ca31687caf663bd90a05b1152d7c88d7f1051a9d791748651d888a6a12f22d6c8c3f78c2b86eaf5394b4ef7eefb89797b25e542dc93102d021a1d0bed6a7dcdd8102b8f0430a0bc21d904a3c9346c018343dd9937cb35250007a284825db08e9a11fee31cff7a314c48c42d8b314acc27822af03d1954c7cc8bf9ad4e9e98f4ad4efb355288daa8c90de9037e64a7861f5ee43ada9f0fccde34d0bcf50288550f700f215a7944a5380e2a8e3f04f2b4f5: +9daf6dbb7f762966e7a57c2ec1996e9f5b555b9866b8e31deaab4356eb13816ef021b55a36d9fbfbf2978bc0df736b289c8241d6435309841a134b07d47ce4ed:f021b55a36d9fbfbf2978bc0df736b289c8241d6435309841a134b07d47ce4ed:544523900daa6778c0391ae4044a51c0c4a5e444133fbd7747d539a744fa60ab5dc54e1819dc8e56899c56efd7ef3da341790ecc49645ef325c6568ae971d30d21bb7f23464f46a24b80d49bb93c6e91de79b24331d0707f43d0665d0197743adff690d615a1c9258777fc47d0217142426a4734892eb622ab8e50bb128ec3a895266a3861a39768bc76096f581fd082df9b7223e85a8afbdb5caa4922af2a014bf8a5cd11e5c5ea93e91cd46d5a1b99b85a2670e321de2e32255afd67fe2c37fd932caca22d241faf4ccefeff58d6bd04cfaf11dedd29c8719ffcb02ef65c5d3eb78b4fc0d170a2e3432cc812f0d041d9760c13c12f7c7f2f84fe5e0f700c10b1a69ca466a70bdeff8dbec7d318fb09ddd827ef61caa6910bbc061cbda2b527ef2e59ed4c17229972f89567d705de9231924b41bb6e7c01fe854264474fa76b1f88cd57eac311171af103d23078424a12675f2fa36c2de0bf53c295feeb3157de958922986e32513dfa33b35e15c394a11c0fcc55b82d6dd0597cddd27ede7de12985a616e64026befb5d690482b3ff22c0dd21f27a086d37a0499ea36fe2c4b5a959d10e9a610cab1fe0d28cf1013dcae63d8fdee0ecbd8b4e19d5d040e2fad7d0413a38e8c4e73552ad46047b5bbdd15c09cc0d34e48b91fdbae2a9d162d4b21ee20a1ef535ea883595bc4951692a67163454c7367f134bf645d48f9969e3d4f0f9eaf4144ce980a0a2e3342c746c2bdc3ccdc2f8a7da57a0e8028782d30af5857d9efb37666df65d7cc384716661e61ff5c09752595e94112ca1a840d6e4f6ec0e55494c5b44f7c0f0d4a99cd70905bf8485561748f4dc0fd7a44a1b139113c38a1e8eb5c7a20f3e952eaea8ce38b207c28ed972718f031f477c6207ce433c515f5ac2840f4974f1f16989626c76bc98:49b6bc46b7abb5694da94215efc4b30eea04ae2e73eb2da8e8c9ef9be2222498b17e13939646c29e32d645584640641590b1bbdbfe24f36c6f694bf87238ee04544523900daa6778c0391ae4044a51c0c4a5e444133fbd7747d539a744fa60ab5dc54e1819dc8e56899c56efd7ef3da341790ecc49645ef325c6568ae971d30d21bb7f23464f46a24b80d49bb93c6e91de79b24331d0707f43d0665d0197743adff690d615a1c9258777fc47d0217142426a4734892eb622ab8e50bb128ec3a895266a3861a39768bc76096f581fd082df9b7223e85a8afbdb5caa4922af2a014bf8a5cd11e5c5ea93e91cd46d5a1b99b85a2670e321de2e32255afd67fe2c37fd932caca22d241faf4ccefeff58d6bd04cfaf11dedd29c8719ffcb02ef65c5d3eb78b4fc0d170a2e3432cc812f0d041d9760c13c12f7c7f2f84fe5e0f700c10b1a69ca466a70bdeff8dbec7d318fb09ddd827ef61caa6910bbc061cbda2b527ef2e59ed4c17229972f89567d705de9231924b41bb6e7c01fe854264474fa76b1f88cd57eac311171af103d23078424a12675f2fa36c2de0bf53c295feeb3157de958922986e32513dfa33b35e15c394a11c0fcc55b82d6dd0597cddd27ede7de12985a616e64026befb5d690482b3ff22c0dd21f27a086d37a0499ea36fe2c4b5a959d10e9a610cab1fe0d28cf1013dcae63d8fdee0ecbd8b4e19d5d040e2fad7d0413a38e8c4e73552ad46047b5bbdd15c09cc0d34e48b91fdbae2a9d162d4b21ee20a1ef535ea883595bc4951692a67163454c7367f134bf645d48f9969e3d4f0f9eaf4144ce980a0a2e3342c746c2bdc3ccdc2f8a7da57a0e8028782d30af5857d9efb37666df65d7cc384716661e61ff5c09752595e94112ca1a840d6e4f6ec0e55494c5b44f7c0f0d4a99cd70905bf8485561748f4dc0fd7a44a1b139113c38a1e8eb5c7a20f3e952eaea8ce38b207c28ed972718f031f477c6207ce433c515f5ac2840f4974f1f16989626c76bc98: +7186f8d168d9ddf17edbaf0e7b1abcb26da3e4c0272d9879c7fdff6421c4ea5096b4a656232029fc1b8364703cbea7a5d7387518a88ced1a915ec8d886848132:96b4a656232029fc1b8364703cbea7a5d7387518a88ced1a915ec8d886848132:a3e6cb6b84cc5cf1fb1a848b4b8ea7cb7c87e0445750c61f9aa5d77deddf949463ecd39bfc71f2610c2a9424847fb76f84c5da1fa10ef718a34566cec1b3e899e7252e8d4d346016498ff119972750061660baed312827583181073d1dc74b76c430ca30d409e4e8439c0fc48c00680629d43ae2a77d69228f7f8a1253af15bd2cb6bb1c1696550c4c790f449869630ab92b9c11cde1f961aa2103ec23f7d9f0fe9c3c4132582efa79a66ae3426e5105b80bfe5e04dc8bb1e38a3110cd72984b3ef02a0ca62ab638cbcfbc8a6b593d2613dc06ec86fee34f6518d4a3fbdc157237174564daeb6674cdc34f4d6537cf81d8aa9bddbf3aeda312daaeee336f9ed8bff81e294bc7d44d25cd787072e6cb414b65fb7a846fc065367ba8e37beffdf0b7ba8f98cdf1eb870f4e8b7130fa3429d2e24bce5994daf1aa65e5f603b631053dc510b2f097e86e9b9b552302757968d0136ee6754c42a32c990add9cb529bc89751dfa4e5e3a0badaf4cc40b6a09507f9fcd24c3ca72259599c6ee58d857b3a189e048902e885a3607426093cb0fab437c0fb0ed2f1e96e9441a7e954fe3ef7646e26a39a07033d0a1555dfeed9a6f57794af3a2abf0057e9f853ae5c30138fd80e2f29c2f4a93ad3145da10a3e31ce9ff9786ac65d86037d98b7aa6d11de8800010e133869eb67a5039b9b8feb6ef903d0cc746412607da725ce2dc6a352109dbc6a5e40b170c23050bc4fb1efa0c34fec00eae3219c29040e8f5978c9384ee915d8c9398dd120d5c3cba38f8526b06197cb2c261dec7d726ae130f9bee17261700e99931fac4b4dca0f758701acbf3707d47df5321130ec10bb3b13078c4dc5de3470f158b57dbeb878b3a8524e0ed2c9547545f0fddf13125e45bb23d6a7b383a187f4c5d54a7b4c83d5957f2cd7e6fbc:a9c0499fc216a14532d736365c6355f938f8d8194fa1132848f83e490454d4bbf69269f12259fc6c074c1015e425e4f4f27c029c93334951361a35ad1176540ea3e6cb6b84cc5cf1fb1a848b4b8ea7cb7c87e0445750c61f9aa5d77deddf949463ecd39bfc71f2610c2a9424847fb76f84c5da1fa10ef718a34566cec1b3e899e7252e8d4d346016498ff119972750061660baed312827583181073d1dc74b76c430ca30d409e4e8439c0fc48c00680629d43ae2a77d69228f7f8a1253af15bd2cb6bb1c1696550c4c790f449869630ab92b9c11cde1f961aa2103ec23f7d9f0fe9c3c4132582efa79a66ae3426e5105b80bfe5e04dc8bb1e38a3110cd72984b3ef02a0ca62ab638cbcfbc8a6b593d2613dc06ec86fee34f6518d4a3fbdc157237174564daeb6674cdc34f4d6537cf81d8aa9bddbf3aeda312daaeee336f9ed8bff81e294bc7d44d25cd787072e6cb414b65fb7a846fc065367ba8e37beffdf0b7ba8f98cdf1eb870f4e8b7130fa3429d2e24bce5994daf1aa65e5f603b631053dc510b2f097e86e9b9b552302757968d0136ee6754c42a32c990add9cb529bc89751dfa4e5e3a0badaf4cc40b6a09507f9fcd24c3ca72259599c6ee58d857b3a189e048902e885a3607426093cb0fab437c0fb0ed2f1e96e9441a7e954fe3ef7646e26a39a07033d0a1555dfeed9a6f57794af3a2abf0057e9f853ae5c30138fd80e2f29c2f4a93ad3145da10a3e31ce9ff9786ac65d86037d98b7aa6d11de8800010e133869eb67a5039b9b8feb6ef903d0cc746412607da725ce2dc6a352109dbc6a5e40b170c23050bc4fb1efa0c34fec00eae3219c29040e8f5978c9384ee915d8c9398dd120d5c3cba38f8526b06197cb2c261dec7d726ae130f9bee17261700e99931fac4b4dca0f758701acbf3707d47df5321130ec10bb3b13078c4dc5de3470f158b57dbeb878b3a8524e0ed2c9547545f0fddf13125e45bb23d6a7b383a187f4c5d54a7b4c83d5957f2cd7e6fbc: +e86e8c62566e15753bd5577eaae7f24105b74055a25629580708bfc83aebf06c8c8ce882d5f76586d8ddccc5579bcc1cdf4cfd7162304cb10e7696026e707f17:8c8ce882d5f76586d8ddccc5579bcc1cdf4cfd7162304cb10e7696026e707f17:12fa631b0e482e9b9d633e94b82d8ab436fe548e5b95da92624623d13f2c70da775ba136c5229c16a0c7a6fa914b2feda564e17219e47370f9515bb1d59de6e9586204d943dc560d73e2e757f7eb39bbc7111bb46bc643c13f602112739bec778d7d4f49d092563d68f5776e430e3b0bf2dc1b01beb3040196da6302908bfe91e0fc38e04c150ef907dc736c445ff21fdbd2dc1eac0a0f5d00a30af028afe2ff61162b758c7da9a776666a112359431c48856a87ca82d3dd1c8af376598635432bf891becbc33a8fda44ce883ea8af4ad8b91a9261ce76b9e939c461fac53ae0f076e82d879aace8f38f120bc9b04d8125ed24bcd779d9d24386b1dd2017ebee8197376e8c36fa3aef8c1e713e2b8bce4966d84888681ba78495fbd1d6cca58626e6854cda606b83d6293d01e8e3e13bbf4aac851d9a1e00d0024e26993b0b3091be7e8061bcbb3cbb2302ceab96897a8e1ff367ec8625693cf31534124a9d5d725bcae001d67bc2111d0ab8111fa1d24e4ed06d63583ce690f2a04626d791d29e3e315a415bf2e853a5f2974c833a3fe2e2909cf669c73c1f59392d30c37f3b9c5a3ddcfd75621fda36e4ba2f16147858f6f206b9a140f1ddc1466c9a53ed73f82490bc95322c955f61d11cb51d5e8a58c6b3cb0fdf0419763201beea93a8512b1405245bfc384155adc5ce778aa74d00a322726465119af79501f040dd0a7a84060001ca89d2fe5e9cf9779a547e3ebd3bf8642990a3690e2b2c3e54cb7eeeeabc242b4dd99274c425a867931c929ca70808601c3908cfd788867d687dc366e976350c9e70584bd390d67eeb7cfea26c42686d3d9620f62f64104ef41ed1d130d79e325938486296b7ab2d2adb78526743e400acb2b7af09628d68cf9475101625c20e1dc051d73c997c952e12812c805b68ff:54d2fd44acf9e209bc7e433372bd73074d07806a77c6ce228e9be994418b00c7ecbcb7ac006c294aec9de668572add517c06b4eb4fe2ff3523bf043df44d3d0d12fa631b0e482e9b9d633e94b82d8ab436fe548e5b95da92624623d13f2c70da775ba136c5229c16a0c7a6fa914b2feda564e17219e47370f9515bb1d59de6e9586204d943dc560d73e2e757f7eb39bbc7111bb46bc643c13f602112739bec778d7d4f49d092563d68f5776e430e3b0bf2dc1b01beb3040196da6302908bfe91e0fc38e04c150ef907dc736c445ff21fdbd2dc1eac0a0f5d00a30af028afe2ff61162b758c7da9a776666a112359431c48856a87ca82d3dd1c8af376598635432bf891becbc33a8fda44ce883ea8af4ad8b91a9261ce76b9e939c461fac53ae0f076e82d879aace8f38f120bc9b04d8125ed24bcd779d9d24386b1dd2017ebee8197376e8c36fa3aef8c1e713e2b8bce4966d84888681ba78495fbd1d6cca58626e6854cda606b83d6293d01e8e3e13bbf4aac851d9a1e00d0024e26993b0b3091be7e8061bcbb3cbb2302ceab96897a8e1ff367ec8625693cf31534124a9d5d725bcae001d67bc2111d0ab8111fa1d24e4ed06d63583ce690f2a04626d791d29e3e315a415bf2e853a5f2974c833a3fe2e2909cf669c73c1f59392d30c37f3b9c5a3ddcfd75621fda36e4ba2f16147858f6f206b9a140f1ddc1466c9a53ed73f82490bc95322c955f61d11cb51d5e8a58c6b3cb0fdf0419763201beea93a8512b1405245bfc384155adc5ce778aa74d00a322726465119af79501f040dd0a7a84060001ca89d2fe5e9cf9779a547e3ebd3bf8642990a3690e2b2c3e54cb7eeeeabc242b4dd99274c425a867931c929ca70808601c3908cfd788867d687dc366e976350c9e70584bd390d67eeb7cfea26c42686d3d9620f62f64104ef41ed1d130d79e325938486296b7ab2d2adb78526743e400acb2b7af09628d68cf9475101625c20e1dc051d73c997c952e12812c805b68ff: +a5cab2727e2f131a4d63facee799336663930aa07afda6bd5a8e985a02deb1eaac355f95260fbfea778c55b5af8b3fd1f24d2693da35de4ee508a27ed350391f:ac355f95260fbfea778c55b5af8b3fd1f24d2693da35de4ee508a27ed350391f:483439154dd5e5d109857c24d1c4e7fbbefd2f38651da81289f2ad3d6154306538b82ac7dba9210e740776ede4ccf51d4f63094b03e46ad3aa3c31947d8c36ce6f94e85296bdedcc1ead62eaa1441ecde0a225d0bf02edcacf865014899af66d9808040c2d02000a0f5ce4f1683c1a495276d9c4d728c9ecd6f078db8a0cfc267187238562ab1a1ea2813fb4f12e878e1ba143f4d06a3bc8100c3550118d69dae67b55ed692acf9444daa5c3e3c0a98ee28cf172de0c584c9f2ec9bb6e9b57f572a86ff8729f65f4c65b7feaccaa21720ed79e90618bcafbfd9533da85232b450883aa919f827f04c4a97bf51390d4f8569c191726f44f7e39fb3db73bfc415b6ffca8b91acaad69238572f14b49985ea03c98d7b1d44b3a6554765b19abf9b25274e97e4634e4b0f9e802eb6f743fff950757ee013a6988221881a7443f1f32bccb007e99379c7ca4f906d5fe11cb12f66b53a3d21ac947be0c8150bcd04f1c816b3f0c07c5fbc0905a7136956849da03836daec25c3e1a06ec3aeb205648176f89f4a291fac4f1d3899f56c9065eebb8768b84b31b7cc03108bd0888338d1774994970292d935031fea335d9e7908fe0254889c0b171cfe0af2e6fde7a5ea3de1fdcdae537b6313119c27f772024ef36e45c8b89f26c93d9eea13725e12d810cf9824aea04cb802da7e458e842ca375e3671346e0089dec571be169b0d90966bf368fe3698fd3e72bf16249dd900af6d29ffa48351360f12241714585f7a9b4c7bafc952226735de1462743d78abad0f6711f2495f3313ad4e0ba216b0dea5dc1516a9549f7dfcfeb93e591abeda5ea3c7045906523b40868ca5735d6a3371c3c294c11126d097f4c708e90464c1ad9142fa0bedf07dfc5f4cb67d6ed80f1bfe72683cfb2ad66530dc43d7023f3790ff42d95bd8:138c7a8eca5b5c37158813843c9a904e5f530ad971ee432a44f344f8c64bbfaf102ff41daa5cf722a4bc6640588759b8f36f9c059eab936cc45ed4796394a002483439154dd5e5d109857c24d1c4e7fbbefd2f38651da81289f2ad3d6154306538b82ac7dba9210e740776ede4ccf51d4f63094b03e46ad3aa3c31947d8c36ce6f94e85296bdedcc1ead62eaa1441ecde0a225d0bf02edcacf865014899af66d9808040c2d02000a0f5ce4f1683c1a495276d9c4d728c9ecd6f078db8a0cfc267187238562ab1a1ea2813fb4f12e878e1ba143f4d06a3bc8100c3550118d69dae67b55ed692acf9444daa5c3e3c0a98ee28cf172de0c584c9f2ec9bb6e9b57f572a86ff8729f65f4c65b7feaccaa21720ed79e90618bcafbfd9533da85232b450883aa919f827f04c4a97bf51390d4f8569c191726f44f7e39fb3db73bfc415b6ffca8b91acaad69238572f14b49985ea03c98d7b1d44b3a6554765b19abf9b25274e97e4634e4b0f9e802eb6f743fff950757ee013a6988221881a7443f1f32bccb007e99379c7ca4f906d5fe11cb12f66b53a3d21ac947be0c8150bcd04f1c816b3f0c07c5fbc0905a7136956849da03836daec25c3e1a06ec3aeb205648176f89f4a291fac4f1d3899f56c9065eebb8768b84b31b7cc03108bd0888338d1774994970292d935031fea335d9e7908fe0254889c0b171cfe0af2e6fde7a5ea3de1fdcdae537b6313119c27f772024ef36e45c8b89f26c93d9eea13725e12d810cf9824aea04cb802da7e458e842ca375e3671346e0089dec571be169b0d90966bf368fe3698fd3e72bf16249dd900af6d29ffa48351360f12241714585f7a9b4c7bafc952226735de1462743d78abad0f6711f2495f3313ad4e0ba216b0dea5dc1516a9549f7dfcfeb93e591abeda5ea3c7045906523b40868ca5735d6a3371c3c294c11126d097f4c708e90464c1ad9142fa0bedf07dfc5f4cb67d6ed80f1bfe72683cfb2ad66530dc43d7023f3790ff42d95bd8: +cb6319613779a4ef66be14144b2840ad0167c03f3b8d04ff592cd1d2d722e33018eb03f0a334b080e1af4399d8376d83c533316dc687cf341f0afab450965299:18eb03f0a334b080e1af4399d8376d83c533316dc687cf341f0afab450965299:874a6c81d6db7133a79169760c84d36eea3d42ea0892b7c8dde844a3a6b60aa9f2660726c9c4dd26a01f4ed0dc1c53ba6005463f7ea64a1ec63953bc3d81052a2f1084389a7706df74ed4136082ab5c6e8c7f411df9d3a0f3c40f5a60e2d21a8548e7a25dee34030b3c3e75caa93ddaa9c190cb6deda2413d54e373d4353dba43d39491a2f56c8b36d45016f77d7471691634539e76c4fb41913472b0a23054f548f54b1e7109c8b6521b57ae981d050316a33c49c7116268dcc4b78c2bae53a3ae4dd178bb8b76bb3befe19e41a2cf12cebb71168f971f202461c63f7d6eef107f5b1030edd4e75009e9116c3cd0e8bddc299b41f1a45e784efa646dada64068e9248ec988f232634ad3d5aab19560e830a5bd665457c94295e1af0160fbce272ef4845ddf0c4f24d976f518690ea1f82ff4dfa4813641a67598ea98401e0ff10a0e582e2b90867b4e6232c34ea499c169909a44126f377d8cc1c11905866340efd1e7b077dc7456d59c9b96a124aac3b33bb227441bb7a52e6c3140d7a4f67ca05bbc93c93775b929119a224ed8f39005820f420cc6c530e61e20adca01e939cc031df49cdb1ec8ff493c9efbcad34c57108efd764558966fb1470b0745e6966191a9a9e44581b09faf469f951537203d926bc8a55d080a805181dd7296ed20a818268f755eaa66b082242f4d020f7cd6720890484c01c757fe35d87b5bc906deacc2e3071de4601bcf0dd6b837c433106047fd8ec9bd0e98c9ee806f7ec8c5a10ea2136f1f90f900b853f953f00b076bd1ebd929d08a38bec68d866435047bcb6721e06b64085dc0558c1fa85a2c83b0caf4c816084f10a4c5885295bca15ff7c18e596c62c92ee9921a27c29d195bd282213ff3660b6e7546b4eaa777ce39fc5d20484c71ed6ca06f9b77ab1d872393ab2d10255:c1b399cdc198e9a159e684fc26686de660da54cfe312ca7345df0c7d15a35743014410bd2f6cd11eef33a89b3d15cbc17c7a358937fd997205051f9257c25609874a6c81d6db7133a79169760c84d36eea3d42ea0892b7c8dde844a3a6b60aa9f2660726c9c4dd26a01f4ed0dc1c53ba6005463f7ea64a1ec63953bc3d81052a2f1084389a7706df74ed4136082ab5c6e8c7f411df9d3a0f3c40f5a60e2d21a8548e7a25dee34030b3c3e75caa93ddaa9c190cb6deda2413d54e373d4353dba43d39491a2f56c8b36d45016f77d7471691634539e76c4fb41913472b0a23054f548f54b1e7109c8b6521b57ae981d050316a33c49c7116268dcc4b78c2bae53a3ae4dd178bb8b76bb3befe19e41a2cf12cebb71168f971f202461c63f7d6eef107f5b1030edd4e75009e9116c3cd0e8bddc299b41f1a45e784efa646dada64068e9248ec988f232634ad3d5aab19560e830a5bd665457c94295e1af0160fbce272ef4845ddf0c4f24d976f518690ea1f82ff4dfa4813641a67598ea98401e0ff10a0e582e2b90867b4e6232c34ea499c169909a44126f377d8cc1c11905866340efd1e7b077dc7456d59c9b96a124aac3b33bb227441bb7a52e6c3140d7a4f67ca05bbc93c93775b929119a224ed8f39005820f420cc6c530e61e20adca01e939cc031df49cdb1ec8ff493c9efbcad34c57108efd764558966fb1470b0745e6966191a9a9e44581b09faf469f951537203d926bc8a55d080a805181dd7296ed20a818268f755eaa66b082242f4d020f7cd6720890484c01c757fe35d87b5bc906deacc2e3071de4601bcf0dd6b837c433106047fd8ec9bd0e98c9ee806f7ec8c5a10ea2136f1f90f900b853f953f00b076bd1ebd929d08a38bec68d866435047bcb6721e06b64085dc0558c1fa85a2c83b0caf4c816084f10a4c5885295bca15ff7c18e596c62c92ee9921a27c29d195bd282213ff3660b6e7546b4eaa777ce39fc5d20484c71ed6ca06f9b77ab1d872393ab2d10255: +b298adf38a6708f8d18ff1ed96bfbab421540d096c4e4351b92209b5e6aaab65770edf42b8a039c6cab9ba65ebfb135abc2da314a4c309f46a8f325b52d06593:770edf42b8a039c6cab9ba65ebfb135abc2da314a4c309f46a8f325b52d06593:9df4d5d7565d2c052262dd34d6007d86d9c0f07c7089af6119e304f4d8011d7eaad77b3ef70cc280847d59f297202b7e1861aef334bf38de14740e8073c955a851d2cf3dadc3edce15be490eaa845ba553fc6e8746e52915e655af4b86c629d4c522783635d464a2825777d89d7097677ef0e5eeae38537ecb656e3b28dd07358fd9fb2cd462517286659aefc79d374d1d13ed93967c530cdea4f314a0f91d6289b4c7a4279b6f4c4abca33357f69ed84b9119637adb7c18e694cb3c56e73637da910735d43c38aa8086675a06ad370e5726881da5e1a1dc6144d6a62aff7fb0c352d88dc971a3d72d3071e14b47425356af1b019233538261451a99a6cf4a07ce9ab1c3990de6ab8de2116c756105c512b7a3eeb3157b158b321e444e806d890b3890ed9ddc869f1711723bb99a72bdb923d131ba4edbfbb6dae99a5c7b328d310df9a6d1dcd85918962833e89e20f5c5e6333ac861094ae9e799c8641b9baea11a2e0ec234be5930e02880859cdec0d978237cbea5c7c32c111bafdd4bfbffe4fb3485effecd51bd195a71404ca5b59afa252d7b5ff9d030f48c6faadbdba918f21a0cd39af56966dccfa25fb5a5cf9a4b26a7f5441df6e320e34b27393de2ecfbd69a1594909a6c685ec645fcf3048d0148fa38d3e8a64dc3c21ae44da7e46a5ea7936c2ba083689a78ca3ac60b87be6d23ea40f5961583742842e37525a49c5fe8fd15d7b0c9e8fccd07936d19538212f7373dbbf3df7d46adf9d9f5db09524c65b883ae6f6cefa24b19ec48ce28cfa734d9bd6e77837d1a14d6a19d345bfbea559e7e6bfb71ddad83cd8deeab687fe73c057488f8f2b3e2e26d13009f4d23e6619a23c0692af76669217d5ebd46085b398890e5c91fdb4db5ba40e7773d518d3cf00c0a5b5a4b0f1b85d62916a59e5607b7b1eb80:e55f8d304122dc175cf0274674fc9dedfec2b5f8a2eeb1e3e7f8e0dfba0dac2d32f4e704ce91cd599184133c3bf1063d2fae63d73acc5772d718d811833186029df4d5d7565d2c052262dd34d6007d86d9c0f07c7089af6119e304f4d8011d7eaad77b3ef70cc280847d59f297202b7e1861aef334bf38de14740e8073c955a851d2cf3dadc3edce15be490eaa845ba553fc6e8746e52915e655af4b86c629d4c522783635d464a2825777d89d7097677ef0e5eeae38537ecb656e3b28dd07358fd9fb2cd462517286659aefc79d374d1d13ed93967c530cdea4f314a0f91d6289b4c7a4279b6f4c4abca33357f69ed84b9119637adb7c18e694cb3c56e73637da910735d43c38aa8086675a06ad370e5726881da5e1a1dc6144d6a62aff7fb0c352d88dc971a3d72d3071e14b47425356af1b019233538261451a99a6cf4a07ce9ab1c3990de6ab8de2116c756105c512b7a3eeb3157b158b321e444e806d890b3890ed9ddc869f1711723bb99a72bdb923d131ba4edbfbb6dae99a5c7b328d310df9a6d1dcd85918962833e89e20f5c5e6333ac861094ae9e799c8641b9baea11a2e0ec234be5930e02880859cdec0d978237cbea5c7c32c111bafdd4bfbffe4fb3485effecd51bd195a71404ca5b59afa252d7b5ff9d030f48c6faadbdba918f21a0cd39af56966dccfa25fb5a5cf9a4b26a7f5441df6e320e34b27393de2ecfbd69a1594909a6c685ec645fcf3048d0148fa38d3e8a64dc3c21ae44da7e46a5ea7936c2ba083689a78ca3ac60b87be6d23ea40f5961583742842e37525a49c5fe8fd15d7b0c9e8fccd07936d19538212f7373dbbf3df7d46adf9d9f5db09524c65b883ae6f6cefa24b19ec48ce28cfa734d9bd6e77837d1a14d6a19d345bfbea559e7e6bfb71ddad83cd8deeab687fe73c057488f8f2b3e2e26d13009f4d23e6619a23c0692af76669217d5ebd46085b398890e5c91fdb4db5ba40e7773d518d3cf00c0a5b5a4b0f1b85d62916a59e5607b7b1eb80: +e9cf16d696f63b59e5e25c9ee2d75bb05ed2baa591a7557f9fb129cf983de0ba6d1ae385e80a3955e8d0c593a81f431cd432671e78cdbafe83fe58dbcdb98560:6d1ae385e80a3955e8d0c593a81f431cd432671e78cdbafe83fe58dbcdb98560:a10fea8fc93eccfe2a6b7826079563adf8aa9a666444932200cca9447dd027c5c7204ea62bf8f5e2e39145ac3948ab3f3186887b30bc60233024b483f3f519036a3e94c8d7510a853ac6e20c6e526ee3cdb76de663f67305ad80df2342c8501b4f4a8ee3665a798fc437dd814e4e47e7a466890e0ffa8f510f3e6e19c9c969f70a76e5cf3054d17de459ac8ee99550bd38319f36e433434a926ad68b961e0ca10add4ba992b3650660a2c3c26f5d740a31afb7763f542f723b8a3c92d8ae92a567764efc70530312baabdd3fbbd527fe0fcbca3f6a7064cdde1856e97ab786af7d7022a9d46a338e8e1754afd9adac856a38de2a4c9766dee8dbc709b0671a6a6e6e1e5d12074d22245cd73beeeb1bd8ecfc1e85a21bde253f7c465abc1feaa961c0ff5cff2d896472ae17ab8488e33ffefdb72c105e204f944ada51ee13981a136c0f38426e3e49b0e91841c32794d52f1335dfa637f151c7e40f9b830aed539ac5731b81cde3264d22bead31a6cc68d1a73143b5ba4816139232f3f7f97983f4ecba64c49553be9d6d943f91dfe03d1ee8618cd40d2fb7238a31d1bc38e76a551f9eee22e73a27d7a48b408772ea72c3ed637bb4b168f9d7aead94ea03bc11109901c889927d51cdacf962125962559979d3e4c8e3b5ae582f2dbad4998802856c4df69e8fb54917e2f36bb67a19a26e9a9a9485bce98dbfff0d2b02b9377a9137a734e57b5ce665053017e992677a1aa079240d2cf963cdf9bfea8d460091232daf89801fd75171a6195a5c046815914be1f62868783d6f2cf28af9378d6c6893e75de641111c684727effa31b8bc9b0a01db9c9e81ccd8f4d4e875d4bd90d253f58989a8a52a203a77a496d697986b031e9f699bc6a16cd5f9c36018ebdaa36bad0e014f4cf3b4b746171bf89314e8b72cbd47cc616a:8112ac37eafb749d3f4a1ea1484379df3e383b019c12de8515e349e4f6f998632e30968347a1d15b09da2eb800b03d819d202bd10a6a463bb02b366d6855fe0ea10fea8fc93eccfe2a6b7826079563adf8aa9a666444932200cca9447dd027c5c7204ea62bf8f5e2e39145ac3948ab3f3186887b30bc60233024b483f3f519036a3e94c8d7510a853ac6e20c6e526ee3cdb76de663f67305ad80df2342c8501b4f4a8ee3665a798fc437dd814e4e47e7a466890e0ffa8f510f3e6e19c9c969f70a76e5cf3054d17de459ac8ee99550bd38319f36e433434a926ad68b961e0ca10add4ba992b3650660a2c3c26f5d740a31afb7763f542f723b8a3c92d8ae92a567764efc70530312baabdd3fbbd527fe0fcbca3f6a7064cdde1856e97ab786af7d7022a9d46a338e8e1754afd9adac856a38de2a4c9766dee8dbc709b0671a6a6e6e1e5d12074d22245cd73beeeb1bd8ecfc1e85a21bde253f7c465abc1feaa961c0ff5cff2d896472ae17ab8488e33ffefdb72c105e204f944ada51ee13981a136c0f38426e3e49b0e91841c32794d52f1335dfa637f151c7e40f9b830aed539ac5731b81cde3264d22bead31a6cc68d1a73143b5ba4816139232f3f7f97983f4ecba64c49553be9d6d943f91dfe03d1ee8618cd40d2fb7238a31d1bc38e76a551f9eee22e73a27d7a48b408772ea72c3ed637bb4b168f9d7aead94ea03bc11109901c889927d51cdacf962125962559979d3e4c8e3b5ae582f2dbad4998802856c4df69e8fb54917e2f36bb67a19a26e9a9a9485bce98dbfff0d2b02b9377a9137a734e57b5ce665053017e992677a1aa079240d2cf963cdf9bfea8d460091232daf89801fd75171a6195a5c046815914be1f62868783d6f2cf28af9378d6c6893e75de641111c684727effa31b8bc9b0a01db9c9e81ccd8f4d4e875d4bd90d253f58989a8a52a203a77a496d697986b031e9f699bc6a16cd5f9c36018ebdaa36bad0e014f4cf3b4b746171bf89314e8b72cbd47cc616a: +238a6d4979321a14a997236f4585046cf7a05c0adc6ba1fdb19ec2a32f62beeb0b4ba674e401665b6790cfda080704cd90e2f3d3efab253ed8dcfbd18e406789:0b4ba674e401665b6790cfda080704cd90e2f3d3efab253ed8dcfbd18e406789:97cd619a2251eda916646431d4cd1598c2d44d06af3e48bd18e3de7fb4bd4f78e00a69eeabde3f82065cfee6cd711f07d22637161ff685f65a7ddf54553197fd31c5c6b71d9e365a941dce4c3e225d19cc633a7e12862cd23ebb7c74a704850f761ac0241be517ce7c360936ce07250d9f2eb2787115eec377e1134dc08f44eb0a2a2a2716f00144a49f012a57b3cd06efeb3fae920f285cffd9a401a0b986594e17b2c9c8fdab835d9f3f5d474be733c1925ee6f09386711066c3fcd645eeb0fbe7054169eb709d4a3f0d16f28a1ff5066c842bc63e359e92485b38757ff46c27f79d0cdcf0e16e97e3c7b7e2178dffd270282dd61205d5854d841f0e3fc0e482cc1ee48552cfe658935b5427c366230aef79aef4021d6fab5f1875cc849e321a75500e9e1ba5dd596b438cf88b235b01a67625c4bf84d0724ae6880a3785e33bd9235fd0f5981804d21cbd633cb180f34456460207a290a254d9fe61063d40634ca3872f0935fa28328795ca41b006a2111fc5932b1e779ce966cc47adb7c0dd987333ba7529a1a4996ce9f56e051981fe1f553e578f43c3ba94beacc93c3e739667c7a7c6fa27e1e081695d20ba705c3f10b20df530cbb0ecb87456501109687019318452785d38e766b3cd35b007d7e3cfe0b2cca8aa6ef7395599dcb9c4d28bcc35c76dfc35343cb1348ba3e962f10ee86f86f5b6d4cae2e8c2b185e3eaa1aeb87bcfcf2fb76cc7fcc6895071b168e8b7f6caa0fd6398e778cc07912ff5d6e61021a8a59ae0352160f56d5488fe2f2acc9403da9a9ffc661c1e9dc5be88c420db0fd77d845dc8dd9d8e58f9961b79afc68624baa86aa643a8a3c7edf71d553cc0d3224a6069ec674f52da29a1cb60c4192301a24347a8aa8326269e0a14780c9583cdff515927fd5bef528f9d23787aeb803d70eb916b:2942f708c0ede4cb0ddef13b85d71d7213e0383dd294f534135fd69cafbcfc0e33090a2a0ca3fa572c72cdf5592de903b1584495ab63998150f2b393a3b3400c97cd619a2251eda916646431d4cd1598c2d44d06af3e48bd18e3de7fb4bd4f78e00a69eeabde3f82065cfee6cd711f07d22637161ff685f65a7ddf54553197fd31c5c6b71d9e365a941dce4c3e225d19cc633a7e12862cd23ebb7c74a704850f761ac0241be517ce7c360936ce07250d9f2eb2787115eec377e1134dc08f44eb0a2a2a2716f00144a49f012a57b3cd06efeb3fae920f285cffd9a401a0b986594e17b2c9c8fdab835d9f3f5d474be733c1925ee6f09386711066c3fcd645eeb0fbe7054169eb709d4a3f0d16f28a1ff5066c842bc63e359e92485b38757ff46c27f79d0cdcf0e16e97e3c7b7e2178dffd270282dd61205d5854d841f0e3fc0e482cc1ee48552cfe658935b5427c366230aef79aef4021d6fab5f1875cc849e321a75500e9e1ba5dd596b438cf88b235b01a67625c4bf84d0724ae6880a3785e33bd9235fd0f5981804d21cbd633cb180f34456460207a290a254d9fe61063d40634ca3872f0935fa28328795ca41b006a2111fc5932b1e779ce966cc47adb7c0dd987333ba7529a1a4996ce9f56e051981fe1f553e578f43c3ba94beacc93c3e739667c7a7c6fa27e1e081695d20ba705c3f10b20df530cbb0ecb87456501109687019318452785d38e766b3cd35b007d7e3cfe0b2cca8aa6ef7395599dcb9c4d28bcc35c76dfc35343cb1348ba3e962f10ee86f86f5b6d4cae2e8c2b185e3eaa1aeb87bcfcf2fb76cc7fcc6895071b168e8b7f6caa0fd6398e778cc07912ff5d6e61021a8a59ae0352160f56d5488fe2f2acc9403da9a9ffc661c1e9dc5be88c420db0fd77d845dc8dd9d8e58f9961b79afc68624baa86aa643a8a3c7edf71d553cc0d3224a6069ec674f52da29a1cb60c4192301a24347a8aa8326269e0a14780c9583cdff515927fd5bef528f9d23787aeb803d70eb916b: +59d501393dc5999723810706fad7d6efd163c44710c741c185c27e0425e3c05b8265d43cfb0735b5d7250fcf0fcbd154bfc0eecb13b7ad93b6b02940588b843b:8265d43cfb0735b5d7250fcf0fcbd154bfc0eecb13b7ad93b6b02940588b843b:564ed22c172f5c3afbb0b95ad2fc64e4be6d4db1ebb8d399c43a5e16048e7f8732181e5d0eed8e638ef2a55aa0d7b681fe02bb5423af94bd352d3c2ddec0f84760a4112b4fe017cfbc502f9543cfa41fb2aae75a3a081f8c499033d1fae5d9c50cb44dbc63605a54398fbf079852eba86f2fdfc272d0c4179d7c13cbc1c2a3da0b82845cf1a46ebbe31e79b6009733c7bfe7aa4f9ffd719c77dc7d748e492e14ee5e4179bfa9e649cf0d89534186385ee99410051d6656e623438cc7b2e707e48c84915549ae8d67a306c67b106b7a25f45f8e10dd7dd3eaac31f1052257eb6a7576b685cb9e6c1cd0d73c7a3ced5a8dd27308ae00f95eabdae9d1c4aa8934e2424c9328a5228f4f82dd4a66556d8217c5a22b2beb86a2a43413ee5e10f883f2cd6c2e8749b5508842ecae5ffccb796d9633e87ef4a96c0df7ef47b283d096723ba3135bad75b2e19ec04f70a478428ad5d0aac0dd2ab9905913e7e5ade408801d5d3c54d9cf7b8f0f0c5eb054c1475cc210a2c798d8bd89932ff9f360421858053a707b8bbd32055c44b20712a2678a9a6af9e36d04dcff44f431cf1930cd18fc935d2267775c69096725ed89a291dd60e21ac0b0128734072992823ef87b5efa6cc5b050177f55f4cec92a08a65bcadcab9a41c36086370b7b9dd6298ac7b0ae6a09c9710abb4676a8fc87a3651290144b6b30ef4f6fbe5b9ad25237fe0605e3b9f18a7718ac9fca6f325ea55f49a807fb80a2402ae13423080d327758649023798d5728e0dc64ac88a6e2945dbb3e3ffa9fdb4c7b58fba3f5fbd67c686b2971bbd8ba4d275d573eb796eb9146775d8cdcd5fd3eb5a88ea5a930ec3244e6a37c81f6a2554e5ba787f0e45319fe4b8a2ffbfed50770e7827b3e7bc2b44ce512ae6051b6f9f13931ea6acc096b8dcb0196be422484db5fcb299d:e646f164cfed8c2e060710dcfbc3e9fa5eb396376813190184e346f52bb0ba5746ccb6b59522b1aff9830f2f98b9e5dafcd832077883c44e8a35388f718bf40c564ed22c172f5c3afbb0b95ad2fc64e4be6d4db1ebb8d399c43a5e16048e7f8732181e5d0eed8e638ef2a55aa0d7b681fe02bb5423af94bd352d3c2ddec0f84760a4112b4fe017cfbc502f9543cfa41fb2aae75a3a081f8c499033d1fae5d9c50cb44dbc63605a54398fbf079852eba86f2fdfc272d0c4179d7c13cbc1c2a3da0b82845cf1a46ebbe31e79b6009733c7bfe7aa4f9ffd719c77dc7d748e492e14ee5e4179bfa9e649cf0d89534186385ee99410051d6656e623438cc7b2e707e48c84915549ae8d67a306c67b106b7a25f45f8e10dd7dd3eaac31f1052257eb6a7576b685cb9e6c1cd0d73c7a3ced5a8dd27308ae00f95eabdae9d1c4aa8934e2424c9328a5228f4f82dd4a66556d8217c5a22b2beb86a2a43413ee5e10f883f2cd6c2e8749b5508842ecae5ffccb796d9633e87ef4a96c0df7ef47b283d096723ba3135bad75b2e19ec04f70a478428ad5d0aac0dd2ab9905913e7e5ade408801d5d3c54d9cf7b8f0f0c5eb054c1475cc210a2c798d8bd89932ff9f360421858053a707b8bbd32055c44b20712a2678a9a6af9e36d04dcff44f431cf1930cd18fc935d2267775c69096725ed89a291dd60e21ac0b0128734072992823ef87b5efa6cc5b050177f55f4cec92a08a65bcadcab9a41c36086370b7b9dd6298ac7b0ae6a09c9710abb4676a8fc87a3651290144b6b30ef4f6fbe5b9ad25237fe0605e3b9f18a7718ac9fca6f325ea55f49a807fb80a2402ae13423080d327758649023798d5728e0dc64ac88a6e2945dbb3e3ffa9fdb4c7b58fba3f5fbd67c686b2971bbd8ba4d275d573eb796eb9146775d8cdcd5fd3eb5a88ea5a930ec3244e6a37c81f6a2554e5ba787f0e45319fe4b8a2ffbfed50770e7827b3e7bc2b44ce512ae6051b6f9f13931ea6acc096b8dcb0196be422484db5fcb299d: +839fb132e69250ca1ad94510087f92ce068769213a19b2a6c89490f1f578807aeb586619b44a15379acc4621a2ac71ea58970026c28e2409fc1ba2bd8b236d1d:eb586619b44a15379acc4621a2ac71ea58970026c28e2409fc1ba2bd8b236d1d:c57232fe32f11e894b437d40456207cc306db48169b20e0781103affe802f5aabe8582952ca8e95745e9940d535e00ff65ab3c64bed3d1173a0f3d70ce4ebe2b50d048bb47164d2a2cd9d95a10cf0d073ed1c41b3de333528ee32968223a0d847cadbb5b69f382164e9a28d23ec9bde9a828e8771c9eb49220af54185508aa073a839195f103bc2f32fe04f951ca45bfbf30d2fb8114056a736addf27ecd9af0f6e5e97e5773c4fa902268c32a151410955f3c76aae255549e0f033f89e1a78f265cbab6beb7516d4badc49cda4588316225b4c85ea9fa99c7d6766e9490c49de59da717f667653530071dd2f0c53e31d8768156feb08faf00db0a04533df97957a84aa46aeb7e36c0b0be69018946f1538a6aea71df536f1442c2444a43a043d046abde1a782b0f4f5c6aa720aa60afed947c0cee477dbec00557b37212d93357ca2b6b6f82715ba0e484f6daf2d0b7a98c033519ce38263586796d5d31cb2bc3d1125bc0ccd329a5c21fd27a218ded607a0e7515b571f192c33f5fba514afe4d458100f3ccba3f38eb430b4fc88faef999fa71eee488228903be29f24df81dc911044e924cdaa017cc7d87e56a6cba8760859bd63dd2d4f581b955ec924a49afb47ca0d63e7826fdc712b4943b739e1857755a33c6503675fddeae062706e34f744fd932648a5608ce608a61995783f3339ca3fe107e1972744bf6d4edafbf47ce021e05821fb124c7083930e68e6f5c32d2d9fc4a884c0bc88404e4cfe3c1a2420d41823a385fb3288db65c89545f6e73f0d8004b2ba12a4e07727523ef085670daffaf41c28a4c1157bdd245e68750dd200e023af90c67561e0fe4ba340c433f755eefabd4b039bfc323dc11adb75aecc448a869c7f2a58b9d8617c64b8f89fc583f8c948e2df0251a6c7d8c738c3b5a42b749ad5e8e986bd8:66437b6bc05e75dd1626c3c4ff1f72e6db381ba1590948f8f16ad4d66e5991659aa84405568cfbc0a77c025e59e43fd53ab9ffabba7b258f78796239f90d4501c57232fe32f11e894b437d40456207cc306db48169b20e0781103affe802f5aabe8582952ca8e95745e9940d535e00ff65ab3c64bed3d1173a0f3d70ce4ebe2b50d048bb47164d2a2cd9d95a10cf0d073ed1c41b3de333528ee32968223a0d847cadbb5b69f382164e9a28d23ec9bde9a828e8771c9eb49220af54185508aa073a839195f103bc2f32fe04f951ca45bfbf30d2fb8114056a736addf27ecd9af0f6e5e97e5773c4fa902268c32a151410955f3c76aae255549e0f033f89e1a78f265cbab6beb7516d4badc49cda4588316225b4c85ea9fa99c7d6766e9490c49de59da717f667653530071dd2f0c53e31d8768156feb08faf00db0a04533df97957a84aa46aeb7e36c0b0be69018946f1538a6aea71df536f1442c2444a43a043d046abde1a782b0f4f5c6aa720aa60afed947c0cee477dbec00557b37212d93357ca2b6b6f82715ba0e484f6daf2d0b7a98c033519ce38263586796d5d31cb2bc3d1125bc0ccd329a5c21fd27a218ded607a0e7515b571f192c33f5fba514afe4d458100f3ccba3f38eb430b4fc88faef999fa71eee488228903be29f24df81dc911044e924cdaa017cc7d87e56a6cba8760859bd63dd2d4f581b955ec924a49afb47ca0d63e7826fdc712b4943b739e1857755a33c6503675fddeae062706e34f744fd932648a5608ce608a61995783f3339ca3fe107e1972744bf6d4edafbf47ce021e05821fb124c7083930e68e6f5c32d2d9fc4a884c0bc88404e4cfe3c1a2420d41823a385fb3288db65c89545f6e73f0d8004b2ba12a4e07727523ef085670daffaf41c28a4c1157bdd245e68750dd200e023af90c67561e0fe4ba340c433f755eefabd4b039bfc323dc11adb75aecc448a869c7f2a58b9d8617c64b8f89fc583f8c948e2df0251a6c7d8c738c3b5a42b749ad5e8e986bd8: +adc1e56c3ac94e6cda0411cbc3ce2af128d185a2a273bdb2af8d7e50fb96b5265dcfec1f9112751564ecb60715ebb2c517b5ec37b2534fd6329924429b7fd5c5:5dcfec1f9112751564ecb60715ebb2c517b5ec37b2534fd6329924429b7fd5c5:d4f959474e0b89e2dcd02066984f88d739dd1134a33309f0a8b7802eaf013303c13515dfeb461ea3d248e998b9a4e54dae5b00190a45e70dc67e98f3d4cf906c214d4f636d2952925e22b1a86a1aabb3a892a9f8ed454f39c63d35b71e87a2da55a8e167ac83a866ad167a17aed183c08518c15e6be34858b4cee2b8427314760fffddd5923854b1747f796e1a5249fb3044894ed646829f654316ee52f4010c8dd321fa1dec397e50145ed9e31686fd5203f7233b8da780acaa91ee0b5b47207866aad85f837e03b4e6f6de8c04acafd707bdc1dd45500ab564801bee9a58ece360d004828baaf523e2f5ab69326a03aabe010878fd43ffaa56872244d7681f1618e623e3d474c73af8b080a61821a574ef2fd752d23b605ec521c19c1550de980c094d05e0238f3e008e6b195abfdd4028ee1ee1d6c66a76f178f0b431e4af44ddccfc5290edff36ece63e8385567013f43a2aebb67e3ef406308c20488a76d58a214f3139d983b19afb12e3283607fd75107bd31feb6256174b7a18aecac9f8562582018b0e6de40535e35bef2b562553885129397562900d3417f98cdd1e29d731ff48933f2952958163ba67d59561811b83772bd05710b6e3cc0434609937507223abb71a6a8c838fecdb1d2d37c95dc806f65f3f9663d99f06e6c0f3c32e95af1dd708e81108636a26b968e98339c74128b6cf671335884ac72f75b637195ea9eca053608996c32ed445410f67fa104b39f0fdf3c9b5c6157b76803756b27f4c3ba1b47f328576248e9bc53e7b8ab0b2ed97c2f9998bcc7dfe39e264aad30c6cfef2b5553ffb5a699aa4bd0eabe438ce0522cc91fe4e72bf7eacba4771ccf63a37aafcadbfbf99dd76b85b80ee075d3a7d1a90a55b7729a5416e5be696bf9fb7f3158cfdb5cfdacdde8172ee1ab9486e24ccead29b457acf43:f02e5dbcb68704afad03aca81061dbdb998570049f10ce650ec7a2eff15c793ddf5a272cb683c22c87257c59bdef39efea79bd679556ea1505ed0036cb46040cd4f959474e0b89e2dcd02066984f88d739dd1134a33309f0a8b7802eaf013303c13515dfeb461ea3d248e998b9a4e54dae5b00190a45e70dc67e98f3d4cf906c214d4f636d2952925e22b1a86a1aabb3a892a9f8ed454f39c63d35b71e87a2da55a8e167ac83a866ad167a17aed183c08518c15e6be34858b4cee2b8427314760fffddd5923854b1747f796e1a5249fb3044894ed646829f654316ee52f4010c8dd321fa1dec397e50145ed9e31686fd5203f7233b8da780acaa91ee0b5b47207866aad85f837e03b4e6f6de8c04acafd707bdc1dd45500ab564801bee9a58ece360d004828baaf523e2f5ab69326a03aabe010878fd43ffaa56872244d7681f1618e623e3d474c73af8b080a61821a574ef2fd752d23b605ec521c19c1550de980c094d05e0238f3e008e6b195abfdd4028ee1ee1d6c66a76f178f0b431e4af44ddccfc5290edff36ece63e8385567013f43a2aebb67e3ef406308c20488a76d58a214f3139d983b19afb12e3283607fd75107bd31feb6256174b7a18aecac9f8562582018b0e6de40535e35bef2b562553885129397562900d3417f98cdd1e29d731ff48933f2952958163ba67d59561811b83772bd05710b6e3cc0434609937507223abb71a6a8c838fecdb1d2d37c95dc806f65f3f9663d99f06e6c0f3c32e95af1dd708e81108636a26b968e98339c74128b6cf671335884ac72f75b637195ea9eca053608996c32ed445410f67fa104b39f0fdf3c9b5c6157b76803756b27f4c3ba1b47f328576248e9bc53e7b8ab0b2ed97c2f9998bcc7dfe39e264aad30c6cfef2b5553ffb5a699aa4bd0eabe438ce0522cc91fe4e72bf7eacba4771ccf63a37aafcadbfbf99dd76b85b80ee075d3a7d1a90a55b7729a5416e5be696bf9fb7f3158cfdb5cfdacdde8172ee1ab9486e24ccead29b457acf43: +db89df6a23d890b7f00260e81f4ad98fd09440365131e85e22c7951a187b0218c96763672ee4a2cc5a93b6a683df9b5de4d9386a790835681d1217d19296bdc8:c96763672ee4a2cc5a93b6a683df9b5de4d9386a790835681d1217d19296bdc8:54c1c5111e08c98245ba4f1318ba1db1dcc74d14a5c98ab9689cba1c802c68bcfc81fd87ffc61caa942f66d7e5157f65538c7e7b33170484b4b6543f3620ff29638b64d4dae7b02221cf7783f187ec4231e6b6946d82762074f09c32781c2f3846de3e8217f6e1b6e0d2b5595d742e2c4e325a2841924044dfcf12b479eb69f1bbd40eabddd1ff54a9184d366dff9d8f2d863e378a41f10cd1dae922cd7fbb2a544e47eabf47ca0a38abba34454919bb9a4ef044bfb97b708c2f7428d68f9c57c0ee7e7925f7a2b5c6e7df82bb2680c862dc7cc68b0f54530e64afe2763d9c7baf45cc6fe612d1f7827739c4411398888f7367c3d4377907acc06a06f93f887226798f48aa5464f601c2c1edda77edfeb9b9b5d5f9cb6fed37900547477fca1d09ab52d63e491feb12fd6dc805a78cee3baade4352982061dea5a2653db8e7607772e834b3a505c16dd6e7c71b911e842eba925d77a33c5c57ce1184098078ca2e6a3f69aa6a14639dc97b4b30c99dc4fa3e2cf63c701c306c5e253c5113854c185ebc8b4798f68d1fd780054d3eed2f394c454304966bddbd12280834ec9b40c1e98bc2d98f4845f6eb44f25315eedb3b79ffca4180c1bddd97d0c9affbac58814937682680076fe5a3babb65d28f2517036c0cfb42f0293eb2acb13949fe91e0ad0678aa243d7734a89d997870bf9a6a584ed6e628163e39d8aa610d46b9285b9e1dd7e8f807fdf5ca2bbf6de5e5e68af7cb7ebd43ecce227cd70c7bf4ee1433edfcfe886614670cdd196343fb91e15416d2f6acbae3eadc030231ee9d2ecc52a88ce8dc7d098e7fac77685b4eb540e3019307143221b8ef77f3632c893d556e0bb743a1963ec15886c8545e87c95cc825f200d0f3cf4f55a3d660a536a23aefcc428a43203485ee84342f5c001ee8404e759017006282ab8ba8903e:80b7fc8b6ae6eece8166b7ea534cb5b214c9ea9973921ed05de40c78e14f162b09e978ca6d86ee434d984b8b0070409dd2ad11b53178e239dab5bc39c7ba460d54c1c5111e08c98245ba4f1318ba1db1dcc74d14a5c98ab9689cba1c802c68bcfc81fd87ffc61caa942f66d7e5157f65538c7e7b33170484b4b6543f3620ff29638b64d4dae7b02221cf7783f187ec4231e6b6946d82762074f09c32781c2f3846de3e8217f6e1b6e0d2b5595d742e2c4e325a2841924044dfcf12b479eb69f1bbd40eabddd1ff54a9184d366dff9d8f2d863e378a41f10cd1dae922cd7fbb2a544e47eabf47ca0a38abba34454919bb9a4ef044bfb97b708c2f7428d68f9c57c0ee7e7925f7a2b5c6e7df82bb2680c862dc7cc68b0f54530e64afe2763d9c7baf45cc6fe612d1f7827739c4411398888f7367c3d4377907acc06a06f93f887226798f48aa5464f601c2c1edda77edfeb9b9b5d5f9cb6fed37900547477fca1d09ab52d63e491feb12fd6dc805a78cee3baade4352982061dea5a2653db8e7607772e834b3a505c16dd6e7c71b911e842eba925d77a33c5c57ce1184098078ca2e6a3f69aa6a14639dc97b4b30c99dc4fa3e2cf63c701c306c5e253c5113854c185ebc8b4798f68d1fd780054d3eed2f394c454304966bddbd12280834ec9b40c1e98bc2d98f4845f6eb44f25315eedb3b79ffca4180c1bddd97d0c9affbac58814937682680076fe5a3babb65d28f2517036c0cfb42f0293eb2acb13949fe91e0ad0678aa243d7734a89d997870bf9a6a584ed6e628163e39d8aa610d46b9285b9e1dd7e8f807fdf5ca2bbf6de5e5e68af7cb7ebd43ecce227cd70c7bf4ee1433edfcfe886614670cdd196343fb91e15416d2f6acbae3eadc030231ee9d2ecc52a88ce8dc7d098e7fac77685b4eb540e3019307143221b8ef77f3632c893d556e0bb743a1963ec15886c8545e87c95cc825f200d0f3cf4f55a3d660a536a23aefcc428a43203485ee84342f5c001ee8404e759017006282ab8ba8903e: +00e6bb17af3c2df652b34f9abe19f99019074233686c7114e3a0edf08309934f7b8232a66cec2f915aaa7951d29d2b9ee93d321d15b203c51e61e8ce83d187f8:7b8232a66cec2f915aaa7951d29d2b9ee93d321d15b203c51e61e8ce83d187f8:063281e41e8ba9703ed09ef3bf0ea46e4cabdd6ebd769d05dc045d4f990d69fc554130a4e61aa21e2de4c92db48a20a37b1747a7eac5ebb2735a8938197f139fad1497b351ad064c0f18f8faf1fe11f63979a69968e24cf91e58a3ab032669e4efee274f96b58be7d9e391f36fcf0709b2cb2d22694a6ceb17246945ebb3bc7f0f03bf0b08dc9626e3e715c991671d53ebb9ae83a7d08d44f63635c40f8d4817f58de9eb77cb25b2acd6def969ab569e974a8adac11a86b58fe6c10067499fc914dff56902cbc393a71cc25e8f05c03c94f13b84a2b01a58c10dbcbb60ebcee487f529177466299925da50e2da5b5557f0aeee3fd7f47b5c2e3f84cefab4679691394dd122303bb769afb3adfe8358b02b679273b35abdc6402576ccce5e10442a137ef9456939b289ef4e417b1cc6239f7ceedd68f1a8264180e068b4966fd67f2bad6edd8b4a1e8d2b542daf26db831f1fb51eb86ffadeccd9ac3d664f346e7d046c33a572841ea8334e7f2f417a05712a9e334e487fd3ae175455162fe8f49cc026a640c6cf93cf58875052f41cc9820615653ea2d084c896eafe5ad4725579653084994f956d5c94590a2409581b6fc86e40aa58bf6e6057a6f90af3b87aeaf32994a55a54f79bdf3dbbf5ce0ff812e486b0545d9e9c2b0bce0d4c3647b1827262498834e198a3ec70f3b03d6aad2c49eb80b5e2051439225fd9ce9468d69af70a262ee3b8b62a8e5b41346da3012ffb45816b7becb0e79a60bff71636a3e4bb1b35caf195f55117280f787217b3caa2e793726fc5a74d1160dcad868904c197381134ed8c3db3750b7556f69ccce18b77388b58c5b8113e590ad6eac5b91ece5a6705025c80353ceb1ed84aaa1cc48a416bc016aef173bb80b2ba28c57960c6b011b6b495a3f3311e79fe46bdb6a4c381fb9dc4628b0a83023558f1:04b3b8501e396c4a788e14ac49f6174cdb5c855e651203cf68d1efa89aa58678d4d1f303a9877a3786d203c355b09d5286c1ca0df04a89aa06cc3f9d0fd30504063281e41e8ba9703ed09ef3bf0ea46e4cabdd6ebd769d05dc045d4f990d69fc554130a4e61aa21e2de4c92db48a20a37b1747a7eac5ebb2735a8938197f139fad1497b351ad064c0f18f8faf1fe11f63979a69968e24cf91e58a3ab032669e4efee274f96b58be7d9e391f36fcf0709b2cb2d22694a6ceb17246945ebb3bc7f0f03bf0b08dc9626e3e715c991671d53ebb9ae83a7d08d44f63635c40f8d4817f58de9eb77cb25b2acd6def969ab569e974a8adac11a86b58fe6c10067499fc914dff56902cbc393a71cc25e8f05c03c94f13b84a2b01a58c10dbcbb60ebcee487f529177466299925da50e2da5b5557f0aeee3fd7f47b5c2e3f84cefab4679691394dd122303bb769afb3adfe8358b02b679273b35abdc6402576ccce5e10442a137ef9456939b289ef4e417b1cc6239f7ceedd68f1a8264180e068b4966fd67f2bad6edd8b4a1e8d2b542daf26db831f1fb51eb86ffadeccd9ac3d664f346e7d046c33a572841ea8334e7f2f417a05712a9e334e487fd3ae175455162fe8f49cc026a640c6cf93cf58875052f41cc9820615653ea2d084c896eafe5ad4725579653084994f956d5c94590a2409581b6fc86e40aa58bf6e6057a6f90af3b87aeaf32994a55a54f79bdf3dbbf5ce0ff812e486b0545d9e9c2b0bce0d4c3647b1827262498834e198a3ec70f3b03d6aad2c49eb80b5e2051439225fd9ce9468d69af70a262ee3b8b62a8e5b41346da3012ffb45816b7becb0e79a60bff71636a3e4bb1b35caf195f55117280f787217b3caa2e793726fc5a74d1160dcad868904c197381134ed8c3db3750b7556f69ccce18b77388b58c5b8113e590ad6eac5b91ece5a6705025c80353ceb1ed84aaa1cc48a416bc016aef173bb80b2ba28c57960c6b011b6b495a3f3311e79fe46bdb6a4c381fb9dc4628b0a83023558f1: +fbddf6e61e20d806e55917756de60d0c9a99976f646716ff2ff1312c54dd971dac538fabad4380e60e977126e7695eeda5417d85f7d23db21bd0ad111116f05d:ac538fabad4380e60e977126e7695eeda5417d85f7d23db21bd0ad111116f05d:3e9953ca55d0cd233b98833eb1bc79d3b55f18c8fa1c42027bca25579153b55da0c5a178b8386956d9a54183b24c91dc4be994847237d3666a0a0130fe19924bc0ee50896c35a2e16a29e2e2acf180bdd9379354687f0ece6882d26e980e686698043bb1b01213aa644a4f8d61f9b613e62eaa3576cea0b0b83f05ce2558ff6356495c45ede4a8f65b814ab8a7309403dfd43cbea90893939b7800aa00232b5f6b7714ebdcd8bcf34a5a7e822ac7b1b099ac615f135f8c351dc41ae5f66d5f9c2600454ca01c009ba6de04162ae5f1f270893ca3907aff7f78e03396e32b622ff340537bf123e55995e9209609330b2eee51127484a40e250700823feb0bc97bb509ff732675dec32ecb635ed92c7d78fe3050200cf1d941d6b388800a8419d96a595eced5ec4efdcb6f987f5472a5c43058d3a3a7bb56d7980365ed43dbc2be48f1d18ce76a89185426fd5c69df7e9291ab7823c23a76941ed3836aac7b58c0d5fb6b636c42471a4d1703516f03e935f31f195450e537b2a07d545ba4b68afb0638c65bb0ffaa0cfd69d7104819796619d483a0245b4fd9017f62a7d3a5fc3b7289d75735f287ca0a951ad58344b2ab7d7df8dbd7922a5abb8d7c2e79147e6d36ee31f930473b0727dcfd58d644d7d70a0ed31ca6a13ed9dbd224492efda19e4f8eed46180fe750f07bbe8e99854d13f58ba968ce3859d61189cd2b667f3b2d0665b574c4bac19d9e37e5b7a80eb334e36810530aa5d1766393f8115a52090c91823428c897a5f35e12a8af2cd4fb13907ca6603a4f76f5c2e02374a8dc3a47c1be6f1d1c8ebc59b36d1cfa0ab23e9b0ae9b0e637eeedb9c66bea62dc630cdefa718239617e3118e5b6deb7c294475282e8abe24fd5a54b786fff9028c5a033384e4bc8014dec8da100a94b178ef88ec357b66d2b9098ab64791696b1a66b:8c9b77aa0f1cf52e8f7a918b21b468e62335911bc59306b30ce77bf692c11059b0ee9c5daaf6839bb81373c61d28d072702b595e4dce28cb993822b24813040b3e9953ca55d0cd233b98833eb1bc79d3b55f18c8fa1c42027bca25579153b55da0c5a178b8386956d9a54183b24c91dc4be994847237d3666a0a0130fe19924bc0ee50896c35a2e16a29e2e2acf180bdd9379354687f0ece6882d26e980e686698043bb1b01213aa644a4f8d61f9b613e62eaa3576cea0b0b83f05ce2558ff6356495c45ede4a8f65b814ab8a7309403dfd43cbea90893939b7800aa00232b5f6b7714ebdcd8bcf34a5a7e822ac7b1b099ac615f135f8c351dc41ae5f66d5f9c2600454ca01c009ba6de04162ae5f1f270893ca3907aff7f78e03396e32b622ff340537bf123e55995e9209609330b2eee51127484a40e250700823feb0bc97bb509ff732675dec32ecb635ed92c7d78fe3050200cf1d941d6b388800a8419d96a595eced5ec4efdcb6f987f5472a5c43058d3a3a7bb56d7980365ed43dbc2be48f1d18ce76a89185426fd5c69df7e9291ab7823c23a76941ed3836aac7b58c0d5fb6b636c42471a4d1703516f03e935f31f195450e537b2a07d545ba4b68afb0638c65bb0ffaa0cfd69d7104819796619d483a0245b4fd9017f62a7d3a5fc3b7289d75735f287ca0a951ad58344b2ab7d7df8dbd7922a5abb8d7c2e79147e6d36ee31f930473b0727dcfd58d644d7d70a0ed31ca6a13ed9dbd224492efda19e4f8eed46180fe750f07bbe8e99854d13f58ba968ce3859d61189cd2b667f3b2d0665b574c4bac19d9e37e5b7a80eb334e36810530aa5d1766393f8115a52090c91823428c897a5f35e12a8af2cd4fb13907ca6603a4f76f5c2e02374a8dc3a47c1be6f1d1c8ebc59b36d1cfa0ab23e9b0ae9b0e637eeedb9c66bea62dc630cdefa718239617e3118e5b6deb7c294475282e8abe24fd5a54b786fff9028c5a033384e4bc8014dec8da100a94b178ef88ec357b66d2b9098ab64791696b1a66b: +8a55e77bb0c8740b8c2e8ddfdfdb40f27e45fe81fe457111bf1c8730eab616b49ff1fd0c50eb24f99fe2f7711d52872dfc900380dddcdb86fe6f4a5f350a8743:9ff1fd0c50eb24f99fe2f7711d52872dfc900380dddcdb86fe6f4a5f350a8743:20fb414e264a954784f112bace7e0474b39cb3c9e53dee0a21f4cf6d4a99b9347ddffbe281a6c230a75d63a72fd05f6db53ea7014ef7709d18ff970f485fe83ba1d37147338aded6da4cfdacc1e69d2f3e0ef362f47b5bcfb78a1e179eb5c5b106c8d82a0a0b290df075ab27436929cde656f02309f95750eb676583262e5f2f69f0ff72a8e057266382269205318740bfe06bf5c2cb4533908ef9f9f2869a75b9533579820e3bc0caffd646171c8286c3a4aba1ff0915d93611205e230f39ff4c4caf3f333e753fce2b71213e53d608415ee17fd48212eedd8840f337101ef0d0b6f7be4bffc06eeefe8066dd27a0541a468831acddc4902e2fefefbed19c308e5621e0bf46bcd538aa13faf04d380759c0e107e912001839dfd0b635440e9638f5377ca8450f350c01129ee33764415c53cb2ffbf968df78b742fd0665e78a34abf4decd1fd386289a1364e64555eec58b0af9a4cd6b36d1d5c611a2846dfb5589344bbbb02560241b74b993a25bef50fb1e7319086e6a23986300834ed2dba98a168721c2f784dfb8d3800d06a054aef14d1772b6c574af2563d193ef2e51bdc62d2abce2eebeada79203498e6686c287f37bd88aeb166f7dffc3e6ad0294117ef6ee9da8479ed8a16fe9be246d266804f29658db75e7a0873be71dc7d407e39fabd66f988b457477427fad8130f09ab665f1597c9046e7373af9a8352a86830cb92a804488700fe6891924fe2a7201733d95e591ee0a1fef1c2636078d370e7ad3b6a944fed2cf2b30aba2d56f3495b2849c03bb614f48bc4e507c395a6c35d3eed4c7be8e680f2d45a310b187eb88cf0e8ed4de7d37246a50a6367b97ee3784322c0b71131a283198da4804de751dcf70c4bad00dd98d873a69dd1a09cf69ddfad7ae603500b6a462258098d8b66b85293594e208829b5228fae2fafc39:8aaeba535c511c31d3f8e95cb077a9a7ec7d08441e5342a6abe0bf2a5d7fc930b43dac3d1e8ef2cb034552eb4d0839bc8bf294551dd2d80c53fd6279351ac20c20fb414e264a954784f112bace7e0474b39cb3c9e53dee0a21f4cf6d4a99b9347ddffbe281a6c230a75d63a72fd05f6db53ea7014ef7709d18ff970f485fe83ba1d37147338aded6da4cfdacc1e69d2f3e0ef362f47b5bcfb78a1e179eb5c5b106c8d82a0a0b290df075ab27436929cde656f02309f95750eb676583262e5f2f69f0ff72a8e057266382269205318740bfe06bf5c2cb4533908ef9f9f2869a75b9533579820e3bc0caffd646171c8286c3a4aba1ff0915d93611205e230f39ff4c4caf3f333e753fce2b71213e53d608415ee17fd48212eedd8840f337101ef0d0b6f7be4bffc06eeefe8066dd27a0541a468831acddc4902e2fefefbed19c308e5621e0bf46bcd538aa13faf04d380759c0e107e912001839dfd0b635440e9638f5377ca8450f350c01129ee33764415c53cb2ffbf968df78b742fd0665e78a34abf4decd1fd386289a1364e64555eec58b0af9a4cd6b36d1d5c611a2846dfb5589344bbbb02560241b74b993a25bef50fb1e7319086e6a23986300834ed2dba98a168721c2f784dfb8d3800d06a054aef14d1772b6c574af2563d193ef2e51bdc62d2abce2eebeada79203498e6686c287f37bd88aeb166f7dffc3e6ad0294117ef6ee9da8479ed8a16fe9be246d266804f29658db75e7a0873be71dc7d407e39fabd66f988b457477427fad8130f09ab665f1597c9046e7373af9a8352a86830cb92a804488700fe6891924fe2a7201733d95e591ee0a1fef1c2636078d370e7ad3b6a944fed2cf2b30aba2d56f3495b2849c03bb614f48bc4e507c395a6c35d3eed4c7be8e680f2d45a310b187eb88cf0e8ed4de7d37246a50a6367b97ee3784322c0b71131a283198da4804de751dcf70c4bad00dd98d873a69dd1a09cf69ddfad7ae603500b6a462258098d8b66b85293594e208829b5228fae2fafc39: +163b0cb6a12e8f07b0c29d6a63f6a652ce497270b5e46fcf833c99bd843f8c6468a35de4ba6f0f82ecf4b1e0df8e24cb4f18f2103ff04dc1b5333991b6d314ba:68a35de4ba6f0f82ecf4b1e0df8e24cb4f18f2103ff04dc1b5333991b6d314ba:56a1603f725be07613058cdb3acdc52354e3bb1ff2bed13f895175b15c8c5a90ffbe46b11a06cfe362dadf7323c940417255aa7aa54312103e71463daa0b5cdaebd0be723c732273e3c3f5bf7aa3519d69df6f4770daa1df8280bb3cd2c714ac030200546579f56c60b91ae11f4cf874a35fc59b354bed80f56e11a6cd62a88ce6b4f6bf39d64ce3d80409825f90162c3d96d10e478607365f7a241e71af980042fec2d68891e0c8a37c58ec4e600fd581e790b0aae8e09f35d4cc1876df434b80eee05369f848fc4930577d1684275888f3259cb47376c5169c9937f855a96a9e748ad0a69ae4ab2f2f1744a392f9acc6209975b784984cb12f98292c36a53221994abc56f9a66dae4560b79356ff47e128c0796a7fb0e0bbc9600af48e49eaa9427cf6eb6620b10cd2c085b0b342004d5b0d3edc11d29242a4638780762c9dc6069b66bd84973b5011961ce56db58bdaf48e6be12ab9ad24416297004d02914b959f54e092f8cd4365fa6ab78ddbff4ce8dad4e2f53a05c0cc499bfb47814a2713551dcd19d447f627576ea4ea4bbda8bae18a6465ced747ea17180b009f01212160482b0433aac68e67644d00f41fdf9990b9e11117634deb139b1a40ad3fce4299a17fe1dd225301c7f8d8010a796dc79c13307d3ff992a88be664d4c886d68ca9e4470cfbe63ebffc424010e372b6922aa95c801d1e9406da4bc188ca82066405bcdb3eafc937629b3263dc7d50ee5278ccec6f11d5517f56bc269c873691e7eb53faeff07564ab46b403f15d9e0e692486ee098e7b51b42813469b8235042233ca3f9c4f8ff24a571f47e0adf9144aea488a2d2dd001e31fc961e05c3e85f0d981407c873158bb0d35bafe4b60422e67551e970165ce3fc599d0fcc92b16ac36a92b2c1dc6b3f033fe310cd196da04a4e639031177cd27d7c2fbec65a00b:17738f5726550780651d60199fda39d9c4768db5917e32393631c54a419d59f18ef960ddd439380dabc314761bd0cdb57cce481e6109fed095dea6e865aa670b56a1603f725be07613058cdb3acdc52354e3bb1ff2bed13f895175b15c8c5a90ffbe46b11a06cfe362dadf7323c940417255aa7aa54312103e71463daa0b5cdaebd0be723c732273e3c3f5bf7aa3519d69df6f4770daa1df8280bb3cd2c714ac030200546579f56c60b91ae11f4cf874a35fc59b354bed80f56e11a6cd62a88ce6b4f6bf39d64ce3d80409825f90162c3d96d10e478607365f7a241e71af980042fec2d68891e0c8a37c58ec4e600fd581e790b0aae8e09f35d4cc1876df434b80eee05369f848fc4930577d1684275888f3259cb47376c5169c9937f855a96a9e748ad0a69ae4ab2f2f1744a392f9acc6209975b784984cb12f98292c36a53221994abc56f9a66dae4560b79356ff47e128c0796a7fb0e0bbc9600af48e49eaa9427cf6eb6620b10cd2c085b0b342004d5b0d3edc11d29242a4638780762c9dc6069b66bd84973b5011961ce56db58bdaf48e6be12ab9ad24416297004d02914b959f54e092f8cd4365fa6ab78ddbff4ce8dad4e2f53a05c0cc499bfb47814a2713551dcd19d447f627576ea4ea4bbda8bae18a6465ced747ea17180b009f01212160482b0433aac68e67644d00f41fdf9990b9e11117634deb139b1a40ad3fce4299a17fe1dd225301c7f8d8010a796dc79c13307d3ff992a88be664d4c886d68ca9e4470cfbe63ebffc424010e372b6922aa95c801d1e9406da4bc188ca82066405bcdb3eafc937629b3263dc7d50ee5278ccec6f11d5517f56bc269c873691e7eb53faeff07564ab46b403f15d9e0e692486ee098e7b51b42813469b8235042233ca3f9c4f8ff24a571f47e0adf9144aea488a2d2dd001e31fc961e05c3e85f0d981407c873158bb0d35bafe4b60422e67551e970165ce3fc599d0fcc92b16ac36a92b2c1dc6b3f033fe310cd196da04a4e639031177cd27d7c2fbec65a00b: +8c839381b6a7ce2649c1ea464ae3c2d3fdb1ec666d7b4be4e2a941ab6d6557a75c724a30c6fb32815343a80ddee6eee544516418ea95e1bac80afc8040d63fc6:5c724a30c6fb32815343a80ddee6eee544516418ea95e1bac80afc8040d63fc6:cbcf89c3548964c38d70fd8f68e8ece36cc39755c971d14d7e056f39b023ef166d17f2438522f010d6d835d886e71f474c6727a4221fd03a7574578289ed5493ac4c0947e3f428d8fe064006a256cef21811d72678f5dfc6ba66ac29ecd1b32ff5557cb08c5f130559217a0413b759c24d83388a2bb9b29b6b91d1f3101ed625211e4d73805193478cf995396c10b1c5affacb00899da04e3cce193b494e2a933c4eebe0a37bfb8f1b8371bde5fda09e804e940f344896a529467adee45a8febf85ab036cab880143be4f59b7741d8e450278b06365578d40b19dcecc6e1ee3da34ab29013fa3af7729272962110e385ab9a022fae4146f89716f7bab9d3dc682f4fac7736d3e08973c685bbb275bbf8f217419e5cae0219eba5166a5de1b11e3f9a908b8ac7e65bcd623f8c18bb024f605dcbacda790d8362957444a95c130a37ee9d563d0cbb4cb2b0ff71591d9390b6c8fc28753a0e402d6487cfac607135927d89267512b34f877057d9271bccc024dfedccc6c32edf75c8b7551cdf80154ee8e08a0cc43044e1036bae017eb48b6502c7a9d60c8b370cf3799c464f964a69ee659501223e789a6497b63496df1ada2e808d2434fc8bb9794e5e2a20bbf4d6925cb3c5bb14842f19200905ba9354e00dc33cff5b42d4e9d9668b34e661d44bef76fefe2ed51f94423a933ac94f1523bf37823a238d616c6b17973441e35f9405a04d99eaa8f504534c8b5fa5e8e335c743bcf21f5d492b7112e00fd8642cb12bfec849df62120dbb06bfc2946a5601e25be75011c6f00c65d35f44a46af9e4f7809e5789a3a61ba0a3b213890497296c81e42e88f0ec0f5defc1f5d39ff2a48b7e3026c9e547202edc7eb738c34ad3a15d373ef82a4c1d181f285a98bd3314c2c1947c9e2c60aca51750ee7f943caf0c4e1e5c7df7291e973b1f936b73707619:5d2110d1d2f3edd683bdfdbea3ffa7cf5528a40b8b3d8d8c9bfd22aeac28bad471666e062f7d38ceda8bb37397a1c5c3f733b537967045706478437d4d187a0acbcf89c3548964c38d70fd8f68e8ece36cc39755c971d14d7e056f39b023ef166d17f2438522f010d6d835d886e71f474c6727a4221fd03a7574578289ed5493ac4c0947e3f428d8fe064006a256cef21811d72678f5dfc6ba66ac29ecd1b32ff5557cb08c5f130559217a0413b759c24d83388a2bb9b29b6b91d1f3101ed625211e4d73805193478cf995396c10b1c5affacb00899da04e3cce193b494e2a933c4eebe0a37bfb8f1b8371bde5fda09e804e940f344896a529467adee45a8febf85ab036cab880143be4f59b7741d8e450278b06365578d40b19dcecc6e1ee3da34ab29013fa3af7729272962110e385ab9a022fae4146f89716f7bab9d3dc682f4fac7736d3e08973c685bbb275bbf8f217419e5cae0219eba5166a5de1b11e3f9a908b8ac7e65bcd623f8c18bb024f605dcbacda790d8362957444a95c130a37ee9d563d0cbb4cb2b0ff71591d9390b6c8fc28753a0e402d6487cfac607135927d89267512b34f877057d9271bccc024dfedccc6c32edf75c8b7551cdf80154ee8e08a0cc43044e1036bae017eb48b6502c7a9d60c8b370cf3799c464f964a69ee659501223e789a6497b63496df1ada2e808d2434fc8bb9794e5e2a20bbf4d6925cb3c5bb14842f19200905ba9354e00dc33cff5b42d4e9d9668b34e661d44bef76fefe2ed51f94423a933ac94f1523bf37823a238d616c6b17973441e35f9405a04d99eaa8f504534c8b5fa5e8e335c743bcf21f5d492b7112e00fd8642cb12bfec849df62120dbb06bfc2946a5601e25be75011c6f00c65d35f44a46af9e4f7809e5789a3a61ba0a3b213890497296c81e42e88f0ec0f5defc1f5d39ff2a48b7e3026c9e547202edc7eb738c34ad3a15d373ef82a4c1d181f285a98bd3314c2c1947c9e2c60aca51750ee7f943caf0c4e1e5c7df7291e973b1f936b73707619: +aabbb2efedb599424a5f3e08f90fa8826c5c92170be501a1181fe8e8df974e0ece7319ef88b242420666ca697ba8501d274ec4a5dcf844596608b9dd5a8a3acd:ce7319ef88b242420666ca697ba8501d274ec4a5dcf844596608b9dd5a8a3acd:fcc15cc57970569e9ccfa5a778fc7aed71978a3f5624577b6f57fa3f167ea223ef31764c488d059d06531d016bcb17d544d46977aa241f8e07af4787a0810f98d766460c0841ad81b88f4d5d8164485a1258a94622c5492428d6d575943715766c2b0a865bedba167d5d340edb579c47aa32459b8fc98a79bb0bed1c960b4ccb7f2d4b5681a2a70d505b85b81e3d99672714e4eab41f3ab0ca874f417186feb69ed13fb911f49d1584758b2d18b4673edfae495e68dad513a7ac0d47b2753cb4eda78fb431f04dda8fe8030d7bb4e8dbccb969d7f580d9c1ef935d074d7a41d1f8b9dc45c9a2e4106a5529a98b95529ab0edea0b5722dd686f5a7f3cd8fb2624ab26c42df11f510a103d8a929830ad85f52124e3d5827ba60bfbcd736cb6c590ee777ead7aa2224d7ae46d257a90407247960c9cb03860aeaa7f54c1a8e11160d11bb473065e19b70721c8f072e1909d539e9ac94185904bbbfe54873754ae1ca7bced6f40561af4b505f03ac972a6f0bfa73b5f832fe23b898b2bbb0574a6662ee93b3b360da1ec7e838eb2c77c7cb7fc164f7c4627010489c858900752c92d9d75ad547167e4bdd11a07d28b651aa30f16a850e060dd2882fb820919a398e805eb63699f4ff595f991524731641ece25fb3f8e89ada501192b1eddaecbacc8b898528f2d5b3312694f5ec2dc9142e1513f777a5c833409c171633ff9fa2609d0497f5df4fbf48ef2b77d55e25519d2ee79b5fe9d8fa46000decdb4f25dfb3f2bafb19fbe2cbdac002a359a954bc69bdfe2fb36adfd9a1509f3e3a4c6b1f3f36e7cf80d583d440ff2a144643098974d71493ecb6417c0b8065bd2c21c1e34af09243fb49e9d35297eb0a52d56dd270fea6dc5c080a05599f78581e90fd8cc4cd11a505edde84b892d8953bdbb2379d33aad64658ae20607dd35b0bf3a2637d20c3f86:a0b19cfa6c80de77bfcd321030bf8c03893e2b21ace6c6ba1ff7408e6ff07d847e6b2b688d4fd51aa932701db6402ef22322e6e9fc7e320abb4d24e1acc6cf06fcc15cc57970569e9ccfa5a778fc7aed71978a3f5624577b6f57fa3f167ea223ef31764c488d059d06531d016bcb17d544d46977aa241f8e07af4787a0810f98d766460c0841ad81b88f4d5d8164485a1258a94622c5492428d6d575943715766c2b0a865bedba167d5d340edb579c47aa32459b8fc98a79bb0bed1c960b4ccb7f2d4b5681a2a70d505b85b81e3d99672714e4eab41f3ab0ca874f417186feb69ed13fb911f49d1584758b2d18b4673edfae495e68dad513a7ac0d47b2753cb4eda78fb431f04dda8fe8030d7bb4e8dbccb969d7f580d9c1ef935d074d7a41d1f8b9dc45c9a2e4106a5529a98b95529ab0edea0b5722dd686f5a7f3cd8fb2624ab26c42df11f510a103d8a929830ad85f52124e3d5827ba60bfbcd736cb6c590ee777ead7aa2224d7ae46d257a90407247960c9cb03860aeaa7f54c1a8e11160d11bb473065e19b70721c8f072e1909d539e9ac94185904bbbfe54873754ae1ca7bced6f40561af4b505f03ac972a6f0bfa73b5f832fe23b898b2bbb0574a6662ee93b3b360da1ec7e838eb2c77c7cb7fc164f7c4627010489c858900752c92d9d75ad547167e4bdd11a07d28b651aa30f16a850e060dd2882fb820919a398e805eb63699f4ff595f991524731641ece25fb3f8e89ada501192b1eddaecbacc8b898528f2d5b3312694f5ec2dc9142e1513f777a5c833409c171633ff9fa2609d0497f5df4fbf48ef2b77d55e25519d2ee79b5fe9d8fa46000decdb4f25dfb3f2bafb19fbe2cbdac002a359a954bc69bdfe2fb36adfd9a1509f3e3a4c6b1f3f36e7cf80d583d440ff2a144643098974d71493ecb6417c0b8065bd2c21c1e34af09243fb49e9d35297eb0a52d56dd270fea6dc5c080a05599f78581e90fd8cc4cd11a505edde84b892d8953bdbb2379d33aad64658ae20607dd35b0bf3a2637d20c3f86: +c2e074faa234e99ab20adbbeae11b8109723b708c54586df652b402c35cdd1275e524ece1c696e705a3514dd0082b840795a59c36a96cbc482bff5ab4ef515d1:5e524ece1c696e705a3514dd0082b840795a59c36a96cbc482bff5ab4ef515d1:31290338e46d1cc25ce99cbacc40160341b785823c823c4ab9baee3b612579f1c011716796e56e2693f6ddad43922aa7847cbb4148101651bbe62d50be90825e8eab777aa4b8026dc5385a97d3df76160191f922cdd2f07ba5f85e95f45db22928f90734ff520c44dc8fe3903b4c51cd23e064f01c829ec74fbffe25fd0d369d2765740f43856bd7398a1911ad749836160fd98d04b28ee87e111d40718b5a166f05c9a471a41566557069f7a14de988bbbf6777521fcba6dd65de4c06674a11853af83accb70fb328dd8fd6105a7df5269c9faec8d900147e928d970c36cd834bd6054f70650dface94b7629d16e3703d766ce7638d0ad1e17b77469b958d2ba2a1e631a1635efdcb006ebc6e5d8b9faf7e5fb989dc0896c561a26f3c25f055716b367138ea5da1f81dc72cff7a55afaee5839ef5aa822b2970aa18a8982163bf5eed1b677ccaac1224ff6c6cf256374780ae65803bf5c6e23c80bacd76ec3e2ddd3ab71997506448e19db198efadc9f757491f1b0972c82db29410e1e8bb67bbb23d53563b8807e5e0c2e32ee596b5b4402328f9e179e9ce856d3bd199d58de6c5c252e7a6124d81fc9eeaf23d347d2ab88917aa684450dd58303516c1a4d2bdcdde220c9ae3790f298d7d384b70c2fe258807848fc35320b578b33503b75f38a1df630bd33e6a85a4dd4df9f6e55a6e6867c73801e593e1d591db89ba9a9af0fc292e06fb515ac8a5e8e343a821335575ba48fbaae3fb12deeaaee60f4b3d317ec0a554ddd425c84932c27a7a12f29d6371510783bd75e60e2f6da20052069ed71e695a943182193cb6851a7d2fa3c666c193028015ac8b7e7daa6c5204f77a6232b88b4abffc5362fde7dec36b9d454880849283b1156339ea2e8c3b10e51bfabdf72578c726419a38542cf8649df9a0909f582debad5fd89d8c81f83d9e423e7503:657c3826b3483fd42ab6df869d1b77a8c4df67a6a590c7c6772969e3df3312ae0654fb83847af221935a0512291636ec0595700879ebdba8a1467c53d40c230631290338e46d1cc25ce99cbacc40160341b785823c823c4ab9baee3b612579f1c011716796e56e2693f6ddad43922aa7847cbb4148101651bbe62d50be90825e8eab777aa4b8026dc5385a97d3df76160191f922cdd2f07ba5f85e95f45db22928f90734ff520c44dc8fe3903b4c51cd23e064f01c829ec74fbffe25fd0d369d2765740f43856bd7398a1911ad749836160fd98d04b28ee87e111d40718b5a166f05c9a471a41566557069f7a14de988bbbf6777521fcba6dd65de4c06674a11853af83accb70fb328dd8fd6105a7df5269c9faec8d900147e928d970c36cd834bd6054f70650dface94b7629d16e3703d766ce7638d0ad1e17b77469b958d2ba2a1e631a1635efdcb006ebc6e5d8b9faf7e5fb989dc0896c561a26f3c25f055716b367138ea5da1f81dc72cff7a55afaee5839ef5aa822b2970aa18a8982163bf5eed1b677ccaac1224ff6c6cf256374780ae65803bf5c6e23c80bacd76ec3e2ddd3ab71997506448e19db198efadc9f757491f1b0972c82db29410e1e8bb67bbb23d53563b8807e5e0c2e32ee596b5b4402328f9e179e9ce856d3bd199d58de6c5c252e7a6124d81fc9eeaf23d347d2ab88917aa684450dd58303516c1a4d2bdcdde220c9ae3790f298d7d384b70c2fe258807848fc35320b578b33503b75f38a1df630bd33e6a85a4dd4df9f6e55a6e6867c73801e593e1d591db89ba9a9af0fc292e06fb515ac8a5e8e343a821335575ba48fbaae3fb12deeaaee60f4b3d317ec0a554ddd425c84932c27a7a12f29d6371510783bd75e60e2f6da20052069ed71e695a943182193cb6851a7d2fa3c666c193028015ac8b7e7daa6c5204f77a6232b88b4abffc5362fde7dec36b9d454880849283b1156339ea2e8c3b10e51bfabdf72578c726419a38542cf8649df9a0909f582debad5fd89d8c81f83d9e423e7503: +b9da4e6af07e398ab4d21752a32c8ffa9be0c310d35059fb661bd73afa97e2a8f862803c96cc42adc8252884547230b970047b7e5da996260ccc0240ab71a6ec:f862803c96cc42adc8252884547230b970047b7e5da996260ccc0240ab71a6ec:6b95af0eebb6a08afadaa19621f76a839be80851c6dd315e8276f501995d4ce6d134df5e798ed517a2f0e62aa1d6c98c36ef14bb1e5ddfc98d5a7fcc81140a13c20d2ca0c4b40e6e6a03eed8c899f9d1f792468152199f4b95a432668947a51d7b8e104d8d1f12aacd967e08b08c41c3c8ca3feedaa5b8b63bcec0613864d953d81143ec81425bde29164a0876f23f37ac9ac9473672ce11a08bd5476f6f66d665e9ad617e34eb32ee56ffa459f20d1b9353d7821298545750c6eff3e7d4073dc3185ede0391cce0575f8ba637d800068d9d7e5403ba7038d2db77da144784f2e8ea76aedfe521e7dc6a674ede35579595993fb20d44b4052783f56c8c0bbd0440b69eabde84468dd13c671fb1bbd5cb022c2a4fcf3542d8b3bb518e5adebddc84e714b13be52c56b282b42ac0892a5459281be7160729f4112c7d99df9be5434f823a9ce0501789de1d550ad50bb18c8d89a33668270bff7b91ff118f5cd9909addde90c024a3ad713915174674f28aaa9f94a322baa543738edab4973312b5bfa12155debcee163cfe2b04ac9c122ac8a4e1bc418c14955d9610455bd945e9793b916267c9c5f9e53ac04518926ec98ecb84a4f0445dcb1236c76c3a678c69abe4e92c22971d62217201a1bdf05c04df8420a3de6a917a85e71e2b9725e77b522915d4c9946077637c2d8813f010b9491cf0eddc3d4668cc0f8bc8a683579be543934da2853a16f5715724f779819f44439e1debcaa4270d9b8594ba4c86e1063b3ce479d71a5409bef27ef4e5c1d1c96e8be13865af7bb43f09162ccbc83a2ca9e9b8a2324e6d996575eefed37ef49908185738b8eae43f8adca330c99bc66cc1fd52c530d7371c60869ce42c197dca0ad128b85f61c8758f0d542f3d3298b65e93c6e8a68fa0e9a1d5e8c5fec805b83aff4390e115eb64f3f078a0b9b66c273843fc6c:625e1f42c87434a25d622d80d12532806afb2509332449e696b65e1e5888508f11c4ac25f59b8d94d0bf27e4c8d1867007c408da573082dcf19d15a9d5cccb0c6b95af0eebb6a08afadaa19621f76a839be80851c6dd315e8276f501995d4ce6d134df5e798ed517a2f0e62aa1d6c98c36ef14bb1e5ddfc98d5a7fcc81140a13c20d2ca0c4b40e6e6a03eed8c899f9d1f792468152199f4b95a432668947a51d7b8e104d8d1f12aacd967e08b08c41c3c8ca3feedaa5b8b63bcec0613864d953d81143ec81425bde29164a0876f23f37ac9ac9473672ce11a08bd5476f6f66d665e9ad617e34eb32ee56ffa459f20d1b9353d7821298545750c6eff3e7d4073dc3185ede0391cce0575f8ba637d800068d9d7e5403ba7038d2db77da144784f2e8ea76aedfe521e7dc6a674ede35579595993fb20d44b4052783f56c8c0bbd0440b69eabde84468dd13c671fb1bbd5cb022c2a4fcf3542d8b3bb518e5adebddc84e714b13be52c56b282b42ac0892a5459281be7160729f4112c7d99df9be5434f823a9ce0501789de1d550ad50bb18c8d89a33668270bff7b91ff118f5cd9909addde90c024a3ad713915174674f28aaa9f94a322baa543738edab4973312b5bfa12155debcee163cfe2b04ac9c122ac8a4e1bc418c14955d9610455bd945e9793b916267c9c5f9e53ac04518926ec98ecb84a4f0445dcb1236c76c3a678c69abe4e92c22971d62217201a1bdf05c04df8420a3de6a917a85e71e2b9725e77b522915d4c9946077637c2d8813f010b9491cf0eddc3d4668cc0f8bc8a683579be543934da2853a16f5715724f779819f44439e1debcaa4270d9b8594ba4c86e1063b3ce479d71a5409bef27ef4e5c1d1c96e8be13865af7bb43f09162ccbc83a2ca9e9b8a2324e6d996575eefed37ef49908185738b8eae43f8adca330c99bc66cc1fd52c530d7371c60869ce42c197dca0ad128b85f61c8758f0d542f3d3298b65e93c6e8a68fa0e9a1d5e8c5fec805b83aff4390e115eb64f3f078a0b9b66c273843fc6c: +143f7b4247d549f6b7c0917266c50f962c28a2ea24762f537aa06ad15e40b35ac9959f90a2d5feacbae2c4c803ded5deab86987637064337aa2a0b0ddef2fd86:c9959f90a2d5feacbae2c4c803ded5deab86987637064337aa2a0b0ddef2fd86:e274202347a0d057a48bf2a1f6e9f6cb4256079d800374093c020cbf520e5fa27fe996ff07f33ad3b21f74ab0cd93c86475ff37cf622d3f9fa4d13bc99f013e8502b24e46cc87c47e6b2c3662b50e979a0f345b784ff21a8a4d92adc65e86e33b4dbe17f528ccdf5b4864664ba94ffdb7c7d2412b438e6e43fa9668147ee3328224d1f52a3f5b54359b4f7fef69af8f867b478f130a147bea42ed39803bcbc2557bca8c3999f1d24f0a6b03c98846011f9ec74f666417b95020eb1fb2fb88b6312e5008cff03e2d77a26aa532d1780b5077f9e8b828674455d6bc957975f7b2a50e7fd7c1612ce02362efa4c555a1eef68ec34a5c006a6da008a31d4193dc2cc647685ad3cfa3bd7c560b7aed45f0f1a3d1b5b362268de532857055ab9d1d5d858d9ae9a759a51bb9478e8f0ee93c984b576b8b4ab460280be3de205a32f1dc3d572923fb213ac1512d80eb5ad5c18944be77fc17def13a61bbd31bc71acc23d250ec5894ebc214cfec0c1b906516d32d836adc838802e8de30dd76df6e61c1bc438b68d2b025a84f211facf3f1384d2612d0faef5d17131cfe0cfe833fe950e479bc29cbe7fd6da0cce307cf0b1bd92c80e878e432f636ea0cd42480c07e8b8e57e69b2f938b78120f6af4abebf7d4b05cacd6eed854491c029755c4e66338993ed2ac25d19a0c5b40f5e32c8a8b1bce369718186c91d60edff24a8377a9969757599067dd31263a06d6a61154781f29611ab812ff82e813739646263704cd6046357a23c045e2407b7a89508259391314f2fbee49aef0855c6e5e63d912a19df15b11ece34e276dcb88bf2f2e4756358f34a0ee3952b686fcd17578a884176d34ea2916c5d9fcd00eb9e0aa9f2cf0f16e2564bfd28b6ab5968b8448f068320e4187160f8665781b1e2ed9d049e1b54a7d72720ff9d4f073051996a9db6f0c6821c424fa51d:c1cfae58515713ea728cfa09090e8942f8df18621ba7090e3a3376c3802775a1ecaf436b184978041ebb75226f970df71d6ad353c0fb465023f9e298f64a7002e274202347a0d057a48bf2a1f6e9f6cb4256079d800374093c020cbf520e5fa27fe996ff07f33ad3b21f74ab0cd93c86475ff37cf622d3f9fa4d13bc99f013e8502b24e46cc87c47e6b2c3662b50e979a0f345b784ff21a8a4d92adc65e86e33b4dbe17f528ccdf5b4864664ba94ffdb7c7d2412b438e6e43fa9668147ee3328224d1f52a3f5b54359b4f7fef69af8f867b478f130a147bea42ed39803bcbc2557bca8c3999f1d24f0a6b03c98846011f9ec74f666417b95020eb1fb2fb88b6312e5008cff03e2d77a26aa532d1780b5077f9e8b828674455d6bc957975f7b2a50e7fd7c1612ce02362efa4c555a1eef68ec34a5c006a6da008a31d4193dc2cc647685ad3cfa3bd7c560b7aed45f0f1a3d1b5b362268de532857055ab9d1d5d858d9ae9a759a51bb9478e8f0ee93c984b576b8b4ab460280be3de205a32f1dc3d572923fb213ac1512d80eb5ad5c18944be77fc17def13a61bbd31bc71acc23d250ec5894ebc214cfec0c1b906516d32d836adc838802e8de30dd76df6e61c1bc438b68d2b025a84f211facf3f1384d2612d0faef5d17131cfe0cfe833fe950e479bc29cbe7fd6da0cce307cf0b1bd92c80e878e432f636ea0cd42480c07e8b8e57e69b2f938b78120f6af4abebf7d4b05cacd6eed854491c029755c4e66338993ed2ac25d19a0c5b40f5e32c8a8b1bce369718186c91d60edff24a8377a9969757599067dd31263a06d6a61154781f29611ab812ff82e813739646263704cd6046357a23c045e2407b7a89508259391314f2fbee49aef0855c6e5e63d912a19df15b11ece34e276dcb88bf2f2e4756358f34a0ee3952b686fcd17578a884176d34ea2916c5d9fcd00eb9e0aa9f2cf0f16e2564bfd28b6ab5968b8448f068320e4187160f8665781b1e2ed9d049e1b54a7d72720ff9d4f073051996a9db6f0c6821c424fa51d: +0d1fe9d8b9a2f04c22bbb0edea3833a0ce43339347531fdb67ed513a13d36b3967c49f410f4853293d0c4d39f4c1b3d6c6103c5cfe20a9a59b53932043517369:67c49f410f4853293d0c4d39f4c1b3d6c6103c5cfe20a9a59b53932043517369:64217ac841fd4d6459bfc4a49b8801d6929bf19b408e8a53790ceb51ec341f9b46a351e8c2e59d887e1eaccb914231cdca1d3e5c47d166b4cdb9b58c013c59a3bd283ad10f6bd62c0f15f764ce14f3b265f537c63e73b6c4fa65e06ce1e1f4ae0d11489dd2602f95fc402b7712052abc84bdc778c19f10001b4e0d5fbe463090e83ef438fe068f3bb6fbc2c139af0678ed2a11faa1b9e49aaa4620abfc08439fbfe2c61840769e5fda2677f8e2f0a14564f9f504232a9fc0d9da471e67fbc574c3d56d2aeb937a586ed5583556308a998eb1dc476a014f5a08228dbed95a1208bc1d1f5d76b4e8d0b2434b995ad458e429ee6142a0c971768cc40c40bcb08e9603f09611474471b3859d7fd584219f02657b430e9e56955b3467ac56ff2eab22cc498489036a574120e2db769a3b21500389142c78a87d069f0e2576cafda8cddd7915a9228773d2ac9a075cb387f2a898617213b2cc5059d11941bc4fe58641e7c1750267e53e99c421cb4cf21d098ca2d1f41644f7908983eb174a23a781cf15ef38eb9116eda4123a1522f53b81fb7368e8075fb83859d2cf98d921535a709fafa9873c4a039aae682f7e6286b899257c0924016ca5bf6d3169099211a9a4a6745cdd3198f1337f60928227ce3c7d60960b53dedf011a8940f5c468207a3894bb0872b333ccdec9d5ecd911ecbbb96c9bc4bd4875320e4d3e9c02d9dc76109ec45e61d1cf5ac729f2e34a9647b95bce70b0c633171adaf0dfdb5afba4035b3cce8cb7141ad142bb7add4fc3f961d42d7203754a4e313221d487831e32947da91138ab648b5952ef6956e27aa5d2c175794bf81ef277faa6b905e14502866887d87880606e81b27af01bb263ecf2c5820585ea6ce8d8b391d86fcedadcd11fdbb566fdf147f402010fc35f5157e036146b3736c8a43359127c261f6bf0cad3bd8a34cb1509f7:b05725e7371ed0a91ebc89f3c30baa99183763edb4ce34fe901af3731e001cc54f287118915e90365d91aca8feb1708769f9f1d6eef5aa113bee00b5efab270464217ac841fd4d6459bfc4a49b8801d6929bf19b408e8a53790ceb51ec341f9b46a351e8c2e59d887e1eaccb914231cdca1d3e5c47d166b4cdb9b58c013c59a3bd283ad10f6bd62c0f15f764ce14f3b265f537c63e73b6c4fa65e06ce1e1f4ae0d11489dd2602f95fc402b7712052abc84bdc778c19f10001b4e0d5fbe463090e83ef438fe068f3bb6fbc2c139af0678ed2a11faa1b9e49aaa4620abfc08439fbfe2c61840769e5fda2677f8e2f0a14564f9f504232a9fc0d9da471e67fbc574c3d56d2aeb937a586ed5583556308a998eb1dc476a014f5a08228dbed95a1208bc1d1f5d76b4e8d0b2434b995ad458e429ee6142a0c971768cc40c40bcb08e9603f09611474471b3859d7fd584219f02657b430e9e56955b3467ac56ff2eab22cc498489036a574120e2db769a3b21500389142c78a87d069f0e2576cafda8cddd7915a9228773d2ac9a075cb387f2a898617213b2cc5059d11941bc4fe58641e7c1750267e53e99c421cb4cf21d098ca2d1f41644f7908983eb174a23a781cf15ef38eb9116eda4123a1522f53b81fb7368e8075fb83859d2cf98d921535a709fafa9873c4a039aae682f7e6286b899257c0924016ca5bf6d3169099211a9a4a6745cdd3198f1337f60928227ce3c7d60960b53dedf011a8940f5c468207a3894bb0872b333ccdec9d5ecd911ecbbb96c9bc4bd4875320e4d3e9c02d9dc76109ec45e61d1cf5ac729f2e34a9647b95bce70b0c633171adaf0dfdb5afba4035b3cce8cb7141ad142bb7add4fc3f961d42d7203754a4e313221d487831e32947da91138ab648b5952ef6956e27aa5d2c175794bf81ef277faa6b905e14502866887d87880606e81b27af01bb263ecf2c5820585ea6ce8d8b391d86fcedadcd11fdbb566fdf147f402010fc35f5157e036146b3736c8a43359127c261f6bf0cad3bd8a34cb1509f7: +c10b5ac6055a1ddbca28552e5c72ebd05278c92239b2fcd0c1353651a8e559a0b2183e1b00816d29305f7468e7e45eed3fd8f23c15b305f9fda93e812d65bc27:b2183e1b00816d29305f7468e7e45eed3fd8f23c15b305f9fda93e812d65bc27:3594905f9ea464615f41b87abb9d167337f29d45d97f7a1464ec9f2ee50f90f2e67339874d3f2093be9226107701ec1aab941c4e059f1bb26ce86e148d1d9f0da2a2a0f9829a364fb4f13f58b960d0f8d72323283c4490efdf57878645890ff7bc5065dad6e51dd1e5b9a5075150978b3367f1ba84e45ff1f1276c576e4bc72be8aa8e405fc2b27f8146b999845faaa0595d3cb70e5d3712ed54a0fb3e322d45380b5de3609b967b959bca5a583cc520cdcb7bcbb829aa25d7932095ecb303923c2560afc3fd7324b7b7acd089a9f00c03a73d043dc0cf0ba0d8411e2b1b18d21d2a32a726a53059140f784f7cedf2f33cec66fe4ad5cc9eaccbe4ae10036ac3523bac700a113a98b598e6df0304c6fa3212acc04c4e3c7f6687362ef86d617c6dd483f8d80cea66d1951127428a61c1e155a6850bb2afb7f91c82d73eb2b0543ee8fc1f38e1dcdb3c503ddc9ba0812456a5ce2e11d556487a646974a7bbf86e806c58c68c4269a7c9bbcac0ffef9835b33dc449a75479ecd23f6d149c1e5ea8b69208ff36e5fbd68295550318bfa0d3b1d6c1ad4270bcab0904ae53491f9b1ca502e012eed77c427d49a0962f1055125dd7b53733d8528934b5580dd5fd5bbe854978bae3d25bb4ae944e9065e8e2e07946518a6f548e36e056be824d9e02a7a3eaadd37929f58101cb1853be3d7547f58f49e38b018a748d3f19c48582abbdbe953a8a25ba9d365dea835935899c19fb0b51906aa972c5ac45e99c40b3b76e35d327e321e8ae2306a6eb3d8cb6ec2fa5399add19ea0028a01792c08e27c16cf4f85aaaae72f986b099f9ebe4ad0b25d06d3de44a8bfa52844be4a93944833ce2add51bb554b356a7dc49748dd45ae7ec9e8db426c97a25da5edd3b621e4adbde48197a3314de1c50f4d6002027dd7519dde3e15729e486955ac40d9d66876f90668c689d8ab598:8a9a3217fdf0643aaaa5c8fb2a88a556398859b8feefbcb48ccd88e585a167c94dbb5c0cad24d15bcabbc1edb21f02a8c457c56120a3234ac33577b9af2ddc013594905f9ea464615f41b87abb9d167337f29d45d97f7a1464ec9f2ee50f90f2e67339874d3f2093be9226107701ec1aab941c4e059f1bb26ce86e148d1d9f0da2a2a0f9829a364fb4f13f58b960d0f8d72323283c4490efdf57878645890ff7bc5065dad6e51dd1e5b9a5075150978b3367f1ba84e45ff1f1276c576e4bc72be8aa8e405fc2b27f8146b999845faaa0595d3cb70e5d3712ed54a0fb3e322d45380b5de3609b967b959bca5a583cc520cdcb7bcbb829aa25d7932095ecb303923c2560afc3fd7324b7b7acd089a9f00c03a73d043dc0cf0ba0d8411e2b1b18d21d2a32a726a53059140f784f7cedf2f33cec66fe4ad5cc9eaccbe4ae10036ac3523bac700a113a98b598e6df0304c6fa3212acc04c4e3c7f6687362ef86d617c6dd483f8d80cea66d1951127428a61c1e155a6850bb2afb7f91c82d73eb2b0543ee8fc1f38e1dcdb3c503ddc9ba0812456a5ce2e11d556487a646974a7bbf86e806c58c68c4269a7c9bbcac0ffef9835b33dc449a75479ecd23f6d149c1e5ea8b69208ff36e5fbd68295550318bfa0d3b1d6c1ad4270bcab0904ae53491f9b1ca502e012eed77c427d49a0962f1055125dd7b53733d8528934b5580dd5fd5bbe854978bae3d25bb4ae944e9065e8e2e07946518a6f548e36e056be824d9e02a7a3eaadd37929f58101cb1853be3d7547f58f49e38b018a748d3f19c48582abbdbe953a8a25ba9d365dea835935899c19fb0b51906aa972c5ac45e99c40b3b76e35d327e321e8ae2306a6eb3d8cb6ec2fa5399add19ea0028a01792c08e27c16cf4f85aaaae72f986b099f9ebe4ad0b25d06d3de44a8bfa52844be4a93944833ce2add51bb554b356a7dc49748dd45ae7ec9e8db426c97a25da5edd3b621e4adbde48197a3314de1c50f4d6002027dd7519dde3e15729e486955ac40d9d66876f90668c689d8ab598: +061bddab280b0fdcb26bfd9a0fc721f68f88343b5d3983a16b6dfaa5e76969f3815578bba6e7070ebdeca117568bd77ebff9e14cb8bc200c32bd87db1fb37d6c:815578bba6e7070ebdeca117568bd77ebff9e14cb8bc200c32bd87db1fb37d6c:ee76b40cd429eac7bc12839ca2f7cd31f1e0098a39c5fc19805be0331f44799e318d12571f06e2993753a3685cd2a96b2301e20024209adc5adf7479ff90c477c3695abb99bd28579dbc7831a192beed0ce17b038b20764800653af7af024e2a104ed0f3e52d4bbd3e109cf126291f49b0a21be433c1c5a2589ea572997f63d2bb3972d532be35a0471ef0573d795c072b6a8685b95e47b09ea9f475d93bf12bbd77b7d2bf5d5bddf0ae02375371d1d799ea9204be389e6a8e5deedcd49202e92df7c3e761f92ef8d79fa738d2c5bc280ed32879832ff2b026424589cdbd52d15b60f2aa3526b898849a34a85ff1c47dc6554b85ac76aa7935cbf3f7bc80ad009192a875ca209b40feb047cc446968f970da47b8cd67da7eb4e54a0e5ab20cb35bc6fb7f13307ce67eb6204a67ce9bb1d139c1b4bd5dbed58010c87bf831e6522ee182dad945804b767c4df2554f15b9e9afd2599ef258c67a22caeb92a57988006bbc72c104fac7e5413cd3d3b802c83e639eafe212a38bb7ef779af1a94ee137f6c60667bc48f27bf4a22241bc44bb6033836239bd6eaf3e2e223187841e4641b0f4e9ff8d5a41ddbeabb4138f6b585ace0fb6b53dc3c9edc0373b6047f27d835e8e246644fd832ccfe0df25c3d7da187c9fa05420d43455f2d08b571929386b59c6e0e10a35601da899b1b4dc3d95b67dd9a83818b0a318bfdda06464b4a42d3cb985f30ec97d6a2af13291155d60cec57cbd58d5cfcb35c18535e8d299b5b007590892ea949d1b137a62b39a436cd7e5b9f8d1b6938dbaa62c2268d459c6220a3e6fcbf80ba0118acd2342563fbdbc1f7c9dba7ea2c072afc8ae2128e3ebca0644ffd8163e80a1a557d9d39034ccd9dbd12c8855a6f9165b0801839cf6e07a9fba4c64d9c099e15410e290e677031b65cf7deb0079bdadc573cc056d7666d95d033a0b6bdba7ec:b83297ccdd6d0098ebf5d132d174de1958311a766bcc4da15f864d801f38e09d613e7aa8c336302735d75be4166d73b0184b0e0bc5ef39edbccb6e0e61afeb0cee76b40cd429eac7bc12839ca2f7cd31f1e0098a39c5fc19805be0331f44799e318d12571f06e2993753a3685cd2a96b2301e20024209adc5adf7479ff90c477c3695abb99bd28579dbc7831a192beed0ce17b038b20764800653af7af024e2a104ed0f3e52d4bbd3e109cf126291f49b0a21be433c1c5a2589ea572997f63d2bb3972d532be35a0471ef0573d795c072b6a8685b95e47b09ea9f475d93bf12bbd77b7d2bf5d5bddf0ae02375371d1d799ea9204be389e6a8e5deedcd49202e92df7c3e761f92ef8d79fa738d2c5bc280ed32879832ff2b026424589cdbd52d15b60f2aa3526b898849a34a85ff1c47dc6554b85ac76aa7935cbf3f7bc80ad009192a875ca209b40feb047cc446968f970da47b8cd67da7eb4e54a0e5ab20cb35bc6fb7f13307ce67eb6204a67ce9bb1d139c1b4bd5dbed58010c87bf831e6522ee182dad945804b767c4df2554f15b9e9afd2599ef258c67a22caeb92a57988006bbc72c104fac7e5413cd3d3b802c83e639eafe212a38bb7ef779af1a94ee137f6c60667bc48f27bf4a22241bc44bb6033836239bd6eaf3e2e223187841e4641b0f4e9ff8d5a41ddbeabb4138f6b585ace0fb6b53dc3c9edc0373b6047f27d835e8e246644fd832ccfe0df25c3d7da187c9fa05420d43455f2d08b571929386b59c6e0e10a35601da899b1b4dc3d95b67dd9a83818b0a318bfdda06464b4a42d3cb985f30ec97d6a2af13291155d60cec57cbd58d5cfcb35c18535e8d299b5b007590892ea949d1b137a62b39a436cd7e5b9f8d1b6938dbaa62c2268d459c6220a3e6fcbf80ba0118acd2342563fbdbc1f7c9dba7ea2c072afc8ae2128e3ebca0644ffd8163e80a1a557d9d39034ccd9dbd12c8855a6f9165b0801839cf6e07a9fba4c64d9c099e15410e290e677031b65cf7deb0079bdadc573cc056d7666d95d033a0b6bdba7ec: +2cab5bf55ffa914e9ad07622190d343ec55c13cd91b388cb7500ffe06df7c180b61e432bb97cbae388a2578a7484998e00e9ad3ddfd6cab8d3a5fc5ba04307c8:b61e432bb97cbae388a2578a7484998e00e9ad3ddfd6cab8d3a5fc5ba04307c8:2c2d04dc3ad1982359ecd5bc3ee035f3498eedff6104a93c602af2179aeb2cb1f41c5cdb0a77b124f946aa8a824aa3076c2e1acfd48f68070b26276a656b4a4758ab151a6a9c41bd74e09bbd9adcce1e87a0a80d17fd92e85e4bda472c988b6bb1183b7ee59a09d80570466db90dd3749579c4eb19ab75fc152ecdcd68cd1078ef06e593c73516fa8291481a667d3f95bfeb144bab59d6ddc73a2795c1017e09536b3162e4bc58f8ead38957018cfec72badbf22819ab0b406c64730fc73fd9ee61f74187eda91ed4e7993e66884af43ef4c6bf7f7c379e8f0f63dcb8041e26b8b8292b6b6d190e4adf430fa82dd74c57385b919c446db37b5e8767e4a0c95013be89b2bc4e9fd62754a844418400968aed2dd328d7b1dc91e1a2b3009dc7ad140a0686f673168a60e88d80c520fc2dcfc56ca9d4b0c88859099230714dec83d26b4630554dcb9c4901895f78f3834b09766b67a465de8c9490065bf568339243399fdc9d5100324667c5ab28f35c00f6125638e61dab70d1eec48951de0fb3f7b23d3cd982437c63473415bef374a663296f2986b1ae9579b9ffce71ec35eeca116d194f8fba9a45a91bae27ac455db71a6b01a729d0c135fcdcbc23e504a2943c00aa42070519d9cd77ae6754f31eb46a3e5be9eeb3fc8d31ff182da9b087be3462c8459126e862909232fd5f2d89c01815957611e6ae7caa98b6053776a7715c2f93ccf030887030c56c2b8226dae2977995a6d3f1e9d7911a9c9d2a303f0e01f32338efdaf8ee63fc41b25399cffd0b35f7ee5676bd8fd3da2cbee4ae2ea9808d7e73583d99433993146674a4040f42f63d1b3135cc797a8d8f0b88573a32890696cac9439d1e15d196d9090b62b6db7e63c96472d946e668cbda1f4db889300cdcc25e84c9f3857d1d9e53241cf625f3909af1c8aaff4309f68f654b7a15b67711c5b7f9de76775:4cf08f4fabbd06dccbcce2a7a5941fe9afddc4d2d0bc80802e93b12cb135d3acf6511e0fe4113c5e3c5541b27d3a2150a757742ac65f95a9ce6673ff0cd21c0f2c2d04dc3ad1982359ecd5bc3ee035f3498eedff6104a93c602af2179aeb2cb1f41c5cdb0a77b124f946aa8a824aa3076c2e1acfd48f68070b26276a656b4a4758ab151a6a9c41bd74e09bbd9adcce1e87a0a80d17fd92e85e4bda472c988b6bb1183b7ee59a09d80570466db90dd3749579c4eb19ab75fc152ecdcd68cd1078ef06e593c73516fa8291481a667d3f95bfeb144bab59d6ddc73a2795c1017e09536b3162e4bc58f8ead38957018cfec72badbf22819ab0b406c64730fc73fd9ee61f74187eda91ed4e7993e66884af43ef4c6bf7f7c379e8f0f63dcb8041e26b8b8292b6b6d190e4adf430fa82dd74c57385b919c446db37b5e8767e4a0c95013be89b2bc4e9fd62754a844418400968aed2dd328d7b1dc91e1a2b3009dc7ad140a0686f673168a60e88d80c520fc2dcfc56ca9d4b0c88859099230714dec83d26b4630554dcb9c4901895f78f3834b09766b67a465de8c9490065bf568339243399fdc9d5100324667c5ab28f35c00f6125638e61dab70d1eec48951de0fb3f7b23d3cd982437c63473415bef374a663296f2986b1ae9579b9ffce71ec35eeca116d194f8fba9a45a91bae27ac455db71a6b01a729d0c135fcdcbc23e504a2943c00aa42070519d9cd77ae6754f31eb46a3e5be9eeb3fc8d31ff182da9b087be3462c8459126e862909232fd5f2d89c01815957611e6ae7caa98b6053776a7715c2f93ccf030887030c56c2b8226dae2977995a6d3f1e9d7911a9c9d2a303f0e01f32338efdaf8ee63fc41b25399cffd0b35f7ee5676bd8fd3da2cbee4ae2ea9808d7e73583d99433993146674a4040f42f63d1b3135cc797a8d8f0b88573a32890696cac9439d1e15d196d9090b62b6db7e63c96472d946e668cbda1f4db889300cdcc25e84c9f3857d1d9e53241cf625f3909af1c8aaff4309f68f654b7a15b67711c5b7f9de76775: +dd7b59a33d970bef62e0e21a7b6e4c30960686f17f49afdb4a9f4e808e355c7f53a0e57277d9bbeecf99c4d138fd66fafcaec7bc5f567f8320800c4e584ff82e:53a0e57277d9bbeecf99c4d138fd66fafcaec7bc5f567f8320800c4e584ff82e:75580367930518168b0a764d0958bec4fc46cf591999eb3737e42a02ea72d210daad53e54a7c2c134a6d478337d2633368548170edef0d85179f3023e1503868a6e5e2775e412ac05f0589d42a377e75aa6b8f5220a7699ae8aff01094ec469d6361d3e8f38615edcda4d2d5289acf73db6456985780c92e07f62c77a909fb6ef598822062bd572bf7058dcb835ef3443d3e47b5c603d92736dd1df26be4b9283b76e321d55ce2b638cde22577ca59c963c2479556c575ccb0d6d18c804e2eb01ff53581eb040ffd2cc46760737a74672ea6bf78058a6a0a1f5ebf56decbf94b54afb23c11d34179bf0976b4158017d407c95a401fa6f9624d77135eae8141ebea9f35d5f51b3ded995c7f70c025b094adef2b071f971155d7796d613a550d09e7f4dfc34517b3f8fa4393286a2b228017daf2e015387e13527f63661d3c13e78e90fb2955eee345739119b791f05b07c8f42a436efcad1ec5ea10f308f8e23ca98bc65a5fd9393efaafe5cdefba81058170cc5493c00cedf254097435d2e2fde55f866bb82dbdfb9154344974866359167b466caa909b91530c9c7ee8c53fa90164bbd0b1fadbdcd08127f19be5033071518d3cf10ae6bd6f9827e1206f5ec095c1986170e8d5d8e72e57d4228701df2a48c954873056cfdfbaafb10e46a0c1f144b1a0eacdd2cb66bb912ac471787dabe48353859120b03403567c415ddb88fc0d7fba4069bbfef406eed724a11abc041e8e7beb663d0dc99dcef3ac6a149007b42dd1f22a77dd52901814325172224a2778f366fb9eb02c812b842a42842561c68f2ac231c26ce9e8b19ae91ebfad3c0e9f66363a13ecd8b897a3d00a26d257648d56c6747441ca1c6ee99f08ddad25d116dfadab0383000d3d7225cf2eff7076b2adab9522292555f3193206786000d42ca34d708dc04284a94d174cc92f102efddf3148c2996916d4:87294d22d4ad0d0814e2d6d5faf55749e9b39803b4d4b7879e60b777c1fc41584fe15135ba1123ff5f200db35a3468dd4d58dad77bd96ee2b888a5a8b18c320475580367930518168b0a764d0958bec4fc46cf591999eb3737e42a02ea72d210daad53e54a7c2c134a6d478337d2633368548170edef0d85179f3023e1503868a6e5e2775e412ac05f0589d42a377e75aa6b8f5220a7699ae8aff01094ec469d6361d3e8f38615edcda4d2d5289acf73db6456985780c92e07f62c77a909fb6ef598822062bd572bf7058dcb835ef3443d3e47b5c603d92736dd1df26be4b9283b76e321d55ce2b638cde22577ca59c963c2479556c575ccb0d6d18c804e2eb01ff53581eb040ffd2cc46760737a74672ea6bf78058a6a0a1f5ebf56decbf94b54afb23c11d34179bf0976b4158017d407c95a401fa6f9624d77135eae8141ebea9f35d5f51b3ded995c7f70c025b094adef2b071f971155d7796d613a550d09e7f4dfc34517b3f8fa4393286a2b228017daf2e015387e13527f63661d3c13e78e90fb2955eee345739119b791f05b07c8f42a436efcad1ec5ea10f308f8e23ca98bc65a5fd9393efaafe5cdefba81058170cc5493c00cedf254097435d2e2fde55f866bb82dbdfb9154344974866359167b466caa909b91530c9c7ee8c53fa90164bbd0b1fadbdcd08127f19be5033071518d3cf10ae6bd6f9827e1206f5ec095c1986170e8d5d8e72e57d4228701df2a48c954873056cfdfbaafb10e46a0c1f144b1a0eacdd2cb66bb912ac471787dabe48353859120b03403567c415ddb88fc0d7fba4069bbfef406eed724a11abc041e8e7beb663d0dc99dcef3ac6a149007b42dd1f22a77dd52901814325172224a2778f366fb9eb02c812b842a42842561c68f2ac231c26ce9e8b19ae91ebfad3c0e9f66363a13ecd8b897a3d00a26d257648d56c6747441ca1c6ee99f08ddad25d116dfadab0383000d3d7225cf2eff7076b2adab9522292555f3193206786000d42ca34d708dc04284a94d174cc92f102efddf3148c2996916d4: +d880d2fb06262f57ab8778e33d16b473060978a6549cdbcd5586ba8105f5aca80de486d2115faf2d547266772e430fd9727bdcace6ecbf2fe23ab60f7b5254b1:0de486d2115faf2d547266772e430fd9727bdcace6ecbf2fe23ab60f7b5254b1:114743e82a0993cec9705067abd77c168b53677ede5c159fad36f06fc1a14acd77f883799ed9883f9915aea638ec1741f3f4215855fb5b07df3793bbe5b568eb3594391a9ef5727fab93e57469b37de125b1e9f2e6fe2c3d1a10ecf87b6c0a665c6d460a170eefb9bf716cd8faea9764f579ff34ebfa9c4cfb34706d8dd7c9eb1d10b2df460a46bb5789430bf449158b5824f2a3a7b918b33acf2d9ebe90216d1b7cbf4af770c5db95fc62ff3a3c385c3a8217853b7346634aaf30607288db0c483bd4c222eb332cb89dc4a217e6334a268413a390bb371aec355fbe4c736f7da75f9c887541a2b7d0dac018b6138f021e77266ddece8468452ada39f5e63d0209b9d6dabf975413256dcaa15ac14b6068e177056c7bf0f0f7c884a3402032298cd559a6312039400632327f9c0e763e52798cb177da4475e4b2405c157ca427741108d33ed0b7a3f53438ce6b725c6dd5814af51cfa45dbced557f726db130d55cde7533bc2092d6b699c2c870af282731e18d651ae85b3db4ba02853f8c87fd5e3ab69bc57b08b81f83c239ccf22e817e2ada4d0ad14487ed14612c8b0973ec0650a55f6bf9af4ae9256ad3546a3f67dd35d987ef21909a94c50f0ef0640e755b1c4e1a012af0d31766eeb5df31cd104c64eb62eb4efb139cf305769401d213f96a488d5ee7e3ce32b0192ee8f0831bfbe8fe95de956886b524d3319b73fd56dc60e9f1c72d78155a97c6f43697b20466b3e7aebd357b91696e7348f4599b34f3591eddfce2a7bd849ab16f7b43ebb16e23d6f5210efa30ab3ba8d32c40662b8662fd911544bc2458c6569ef75a9b9df6a0f6d80d658ba86b241ca19ce9a6fcf01d3daa95afb59c3d89a18b948621394327fc5e920a75f98f5e2b3d6c95fd852adf567b6d37c54d2970856a599f749e2c55dac7c23e3fb1a63bb4cc47b8b94f3d589ac4beef0aad4e6292f:4c00a71668d3213c29c7041c5a037edf13c6514bd0ebc880c909caff1506a45d27809fb74e6602ea2aad0f842831b74fb3d6900ccc520652da28368fd90ca30e114743e82a0993cec9705067abd77c168b53677ede5c159fad36f06fc1a14acd77f883799ed9883f9915aea638ec1741f3f4215855fb5b07df3793bbe5b568eb3594391a9ef5727fab93e57469b37de125b1e9f2e6fe2c3d1a10ecf87b6c0a665c6d460a170eefb9bf716cd8faea9764f579ff34ebfa9c4cfb34706d8dd7c9eb1d10b2df460a46bb5789430bf449158b5824f2a3a7b918b33acf2d9ebe90216d1b7cbf4af770c5db95fc62ff3a3c385c3a8217853b7346634aaf30607288db0c483bd4c222eb332cb89dc4a217e6334a268413a390bb371aec355fbe4c736f7da75f9c887541a2b7d0dac018b6138f021e77266ddece8468452ada39f5e63d0209b9d6dabf975413256dcaa15ac14b6068e177056c7bf0f0f7c884a3402032298cd559a6312039400632327f9c0e763e52798cb177da4475e4b2405c157ca427741108d33ed0b7a3f53438ce6b725c6dd5814af51cfa45dbced557f726db130d55cde7533bc2092d6b699c2c870af282731e18d651ae85b3db4ba02853f8c87fd5e3ab69bc57b08b81f83c239ccf22e817e2ada4d0ad14487ed14612c8b0973ec0650a55f6bf9af4ae9256ad3546a3f67dd35d987ef21909a94c50f0ef0640e755b1c4e1a012af0d31766eeb5df31cd104c64eb62eb4efb139cf305769401d213f96a488d5ee7e3ce32b0192ee8f0831bfbe8fe95de956886b524d3319b73fd56dc60e9f1c72d78155a97c6f43697b20466b3e7aebd357b91696e7348f4599b34f3591eddfce2a7bd849ab16f7b43ebb16e23d6f5210efa30ab3ba8d32c40662b8662fd911544bc2458c6569ef75a9b9df6a0f6d80d658ba86b241ca19ce9a6fcf01d3daa95afb59c3d89a18b948621394327fc5e920a75f98f5e2b3d6c95fd852adf567b6d37c54d2970856a599f749e2c55dac7c23e3fb1a63bb4cc47b8b94f3d589ac4beef0aad4e6292f: +585871941cc282e333d57bbfc3d4aeda862cfa0a375030cd594b3692848c5f004f343816cd48050b678d3adf70008877c9fcf5cb662cc4ad2b93864c02090707:4f343816cd48050b678d3adf70008877c9fcf5cb662cc4ad2b93864c02090707:651c101b3e2dfef0783ce9f61bd0a8bdc9307ac0488b9dd70cd90a7ed8f179a78935556295b91cc2b97211e3b981b8dafcb3d06b76d0b6eda7fc61945c0ee2652c5ac454256496cb82f98cc1cc92d81893b1082b31b47e6d22a2de609de4ce8d7cc4f4a152c47f410d7fc37d38ccd629a4b33e6221896081797d0753dd4faa8a8b44d6c4677166dfb4d5215446360a3c28d8f68e38ab54608b98821b83c187b5393ad874a76f4f5d729493a1fd74cc7719caea991d229c5d0c8c4c5f89d8e4345f4f52214313410b8c06b3315f45ed0c2f9138ab966aec0a645b6dba76380a539123e0f33b97f3d060394a3053581ffdef3e6d36531166b553a9dde03105c04af697d95e95217fd6dc968bf3b448d5f3a8e4f5ae7edc30ec78b1aea4f0db189a949a122138cdfb5f9693db004baed1a421dc44122f327287f727cf989fcae3cf3be3e3dd9b9f53502cf5d9fb186de791d310d122869c9fc3b695dec1607477f3e149e52b63cfdfb0d983e89af2f75a8f489843ec05c5ea5f0e721acab387c68025f20abe0d27b4ce29f4a64fb7f8e8a332873d3ed121fb493414b8cb0c00ad3ab616c5be5241471adee9f8f46974eae84a4a8ce6fabb7f5d9a6b75a7e670456fcdcd1d982e8f827a4bbb69dec7e3053dfe835b70301b7b763f0004bc906e145542f487b4dba2ed561bd1a20306236af4b36e4068e8c007b9454f8741a5f8f079ec1db8835eb6544290d6adb52a70d7675d85df4a9a1255bfd936c331fe51c0977d124b5a506d29c6eec33caa25d8eb28952d6ffb9d6e3da890382d888796d374607f6643b89e7326d9edc49a0f53bdcb8cc76ffd393a7706522d04170036ccb66330dbac9da7e6168caa88cb62181e55a7b6d521a2115e23e202ee2480b587be4501447979a8d736f9012ecf00e67b31e8104f6e7df08a9683cdc89c03a4e37ee22928d45fa19094e0d6e7b40b:298856e570188aefcad81bb970f076965770c26762fe29e6554dc7afcdb801723bf6c763b4ccd65f4e15d7d8ea38fcf67ea9d28590c79255c1cfeba7b5e45a00651c101b3e2dfef0783ce9f61bd0a8bdc9307ac0488b9dd70cd90a7ed8f179a78935556295b91cc2b97211e3b981b8dafcb3d06b76d0b6eda7fc61945c0ee2652c5ac454256496cb82f98cc1cc92d81893b1082b31b47e6d22a2de609de4ce8d7cc4f4a152c47f410d7fc37d38ccd629a4b33e6221896081797d0753dd4faa8a8b44d6c4677166dfb4d5215446360a3c28d8f68e38ab54608b98821b83c187b5393ad874a76f4f5d729493a1fd74cc7719caea991d229c5d0c8c4c5f89d8e4345f4f52214313410b8c06b3315f45ed0c2f9138ab966aec0a645b6dba76380a539123e0f33b97f3d060394a3053581ffdef3e6d36531166b553a9dde03105c04af697d95e95217fd6dc968bf3b448d5f3a8e4f5ae7edc30ec78b1aea4f0db189a949a122138cdfb5f9693db004baed1a421dc44122f327287f727cf989fcae3cf3be3e3dd9b9f53502cf5d9fb186de791d310d122869c9fc3b695dec1607477f3e149e52b63cfdfb0d983e89af2f75a8f489843ec05c5ea5f0e721acab387c68025f20abe0d27b4ce29f4a64fb7f8e8a332873d3ed121fb493414b8cb0c00ad3ab616c5be5241471adee9f8f46974eae84a4a8ce6fabb7f5d9a6b75a7e670456fcdcd1d982e8f827a4bbb69dec7e3053dfe835b70301b7b763f0004bc906e145542f487b4dba2ed561bd1a20306236af4b36e4068e8c007b9454f8741a5f8f079ec1db8835eb6544290d6adb52a70d7675d85df4a9a1255bfd936c331fe51c0977d124b5a506d29c6eec33caa25d8eb28952d6ffb9d6e3da890382d888796d374607f6643b89e7326d9edc49a0f53bdcb8cc76ffd393a7706522d04170036ccb66330dbac9da7e6168caa88cb62181e55a7b6d521a2115e23e202ee2480b587be4501447979a8d736f9012ecf00e67b31e8104f6e7df08a9683cdc89c03a4e37ee22928d45fa19094e0d6e7b40b: +0588acd4e09ba90274c8f3d1575b2bf364a776884a9aeb4103415e163ba0bf813ecae697b425d87e34a1d944098e3d32e2c1ec56c3627df80ba2b8a43ddc1903:3ecae697b425d87e34a1d944098e3d32e2c1ec56c3627df80ba2b8a43ddc1903:f828f8c9dad298c5b719daa852b17e762598a70f4ecd16a2fc596eb0263899e983d44edcc7bd240cb07610600ae96aac0dfc3be387b616850899b5cf44e1767ffaca3df38158598424f8071414c704e60b422ad77377fa7f6a8c5d0ebc0235e2d43a984f3adf759eb10447f3c2f6b80d5a11ef41d3a09852c0932a1b9ac23e6f40a167de21041bec8885f9433eb80b95c9785958046cdb7bf147a79947823b4149ae0521d7e5aabc1564fa4044106e2e392e9c344457e9929376ea9b4229c6e7738fe79008d554c429396914c36387f579b46bab146f6a9510eb6f8c85551cbd84c7dc0d0b1c010ccba5963a7f39f181e44dbc98e495aa63c01059cbe6a99b07b449e7759c9af9e0f8d9054a67a348fa19d7f91ec0a4d4f2c7026c3b849259a350417fd86cab2142e4cfe3c0afbf25182a2d52bd2e0bc920e85080832b91b927b62948a67c317eb09091461d493eea5ffc47bf085582968258a3c8dd81a858270bddafe7925684a15ffb51bcfaab931afa465e3090e86be41e3547cba234b85fe7db700496a505002df3ca4eaec7b96278c7d1a77db834a91797bbb826d092aa28b49545ed3b1eda23be11a3f528b955cb0c4fa66e16e957e5704cf319e5f79cc09f2d054e6daf19e2926b11e1e413ff822ca141f7c3d385ae95dd20b346e583cfb0c229ec39cf889a5419cd37bc184ef5fb144622080a302d9d7745c451f7d88242cc26b916a3569abc7d1f216d57797a472bc621761758e840eb8e29bc8efcb7aafc7cf8f4e59330d35ee107496dec6e714b1fa4309837bb47eb3a06b4604dd20733cc0eaac2649e18c07342ef55d19b8d039591ac2869acc34b6c3c1ca3cf263ff84ca43a5f6465ba34888c109013b32bfc0d0d15f5a76cec270ab3ac9a106331312f5a0a84282c3a3d4aea1e7cf53dbf8b240bdd111c34d2a93dfd1258fe9267133f7554dcc21a8f439c165d:a111b9706d242cd36d6e8741cbb097b9e2fffa40f43fd6f2d3d91693667332b5f2db5ee3ea20b83291b8405795b74d633d46f475ab7c47617118535b8051d907f828f8c9dad298c5b719daa852b17e762598a70f4ecd16a2fc596eb0263899e983d44edcc7bd240cb07610600ae96aac0dfc3be387b616850899b5cf44e1767ffaca3df38158598424f8071414c704e60b422ad77377fa7f6a8c5d0ebc0235e2d43a984f3adf759eb10447f3c2f6b80d5a11ef41d3a09852c0932a1b9ac23e6f40a167de21041bec8885f9433eb80b95c9785958046cdb7bf147a79947823b4149ae0521d7e5aabc1564fa4044106e2e392e9c344457e9929376ea9b4229c6e7738fe79008d554c429396914c36387f579b46bab146f6a9510eb6f8c85551cbd84c7dc0d0b1c010ccba5963a7f39f181e44dbc98e495aa63c01059cbe6a99b07b449e7759c9af9e0f8d9054a67a348fa19d7f91ec0a4d4f2c7026c3b849259a350417fd86cab2142e4cfe3c0afbf25182a2d52bd2e0bc920e85080832b91b927b62948a67c317eb09091461d493eea5ffc47bf085582968258a3c8dd81a858270bddafe7925684a15ffb51bcfaab931afa465e3090e86be41e3547cba234b85fe7db700496a505002df3ca4eaec7b96278c7d1a77db834a91797bbb826d092aa28b49545ed3b1eda23be11a3f528b955cb0c4fa66e16e957e5704cf319e5f79cc09f2d054e6daf19e2926b11e1e413ff822ca141f7c3d385ae95dd20b346e583cfb0c229ec39cf889a5419cd37bc184ef5fb144622080a302d9d7745c451f7d88242cc26b916a3569abc7d1f216d57797a472bc621761758e840eb8e29bc8efcb7aafc7cf8f4e59330d35ee107496dec6e714b1fa4309837bb47eb3a06b4604dd20733cc0eaac2649e18c07342ef55d19b8d039591ac2869acc34b6c3c1ca3cf263ff84ca43a5f6465ba34888c109013b32bfc0d0d15f5a76cec270ab3ac9a106331312f5a0a84282c3a3d4aea1e7cf53dbf8b240bdd111c34d2a93dfd1258fe9267133f7554dcc21a8f439c165d: +7d14023eb48bbd437649a241877905a3c932f14640f29a0fb134114e8f33f582ea5c11b4b2c5ef4ab706cca3475043c95818eb565a797e33688afeacd68adcca:ea5c11b4b2c5ef4ab706cca3475043c95818eb565a797e33688afeacd68adcca:9001db31f279be505319b8e72bde1199512980df65f0d8a9b4930467413a997b97a362b572a4b44bc940487f18b208ce6ac5c68716d3af1bcef170383b5c4b5c47e44737726f9383bc4f144768bf5cafb4e9dfe39761e6ed478971d1c70e6dab2fd0499dff9293b239d16c960261c68218b9f5b1bee690f0d240c1b3db711f9e821f0809bbeb9aaf249ccb168c67d965562d24f848516140bfd9fc050d4f20da5a1794468a9c0725ea5c669d5c630d9310e5745107dad37261b5d91e38e08512e6f373ec5dcad5ca09072907c8fb7bf3b926c3339490b3f51f7644e73ae2ec01d61be7c6526536b4ffd1ab6849fe0c2f40d3bda2a49e5550b8df979081da85168d0f71582b903677526d1f1b1511e138b684fc46aac8bd80c3def7ee8138190461807c5536125cb0e2c3d083a187c7269cb531ec3678787b32555cf04ab093c9002e7d792b4d933f2e3070f39ac8ccf8d5f5455f12109d8a8aeb4e212fad4a70b147c04a7b918460b1316376e64020859517eb7ee30c290be8b8d6f9673915256c3b04b9d9054b52338e0d360785e46a182844c5c3766aea8ed311b2d481c0b7b2114e418ed17f8debf01a83ff37517024ee9e28e0c90dce6d059ffee413d27cd62783a8b8b5016ad276e39dfd8f8f3ddfc428101818ce507f003eb58c9a5cc8b1aff05aab8f0d7f1d1f6d4b871dbced1f3d2866239752fb13f6e18034bb2b5a6635caa6ecc462e058ebe2fa651d3d0f36e20a31f765e4b958270bd825c6818aac1ad7563135aeedf14a2b6d398b6e34008401b218461820071c5af77846cb9c328190c061d5aa6e0ecde7ef5856b0e6814f833f704096df0825fa4b46dcdacfa27cd87bd7bfeff7f8cae166a3a04d437c7be716c49045c7bd3d1349627c9cbd04c15f00a696e3cffbb45af29122627e7ed33b4249913bec00f0e28aa11298cce8b649081fe3b169b4aaeaca485bda:31339dce23336df5b2b193522aa3dd2d4114a66af1656289c952bc11c9b210f77a54d46161f4e0c52b3013e40b9e9e8427d851325bd71c4d99353eeed751080d9001db31f279be505319b8e72bde1199512980df65f0d8a9b4930467413a997b97a362b572a4b44bc940487f18b208ce6ac5c68716d3af1bcef170383b5c4b5c47e44737726f9383bc4f144768bf5cafb4e9dfe39761e6ed478971d1c70e6dab2fd0499dff9293b239d16c960261c68218b9f5b1bee690f0d240c1b3db711f9e821f0809bbeb9aaf249ccb168c67d965562d24f848516140bfd9fc050d4f20da5a1794468a9c0725ea5c669d5c630d9310e5745107dad37261b5d91e38e08512e6f373ec5dcad5ca09072907c8fb7bf3b926c3339490b3f51f7644e73ae2ec01d61be7c6526536b4ffd1ab6849fe0c2f40d3bda2a49e5550b8df979081da85168d0f71582b903677526d1f1b1511e138b684fc46aac8bd80c3def7ee8138190461807c5536125cb0e2c3d083a187c7269cb531ec3678787b32555cf04ab093c9002e7d792b4d933f2e3070f39ac8ccf8d5f5455f12109d8a8aeb4e212fad4a70b147c04a7b918460b1316376e64020859517eb7ee30c290be8b8d6f9673915256c3b04b9d9054b52338e0d360785e46a182844c5c3766aea8ed311b2d481c0b7b2114e418ed17f8debf01a83ff37517024ee9e28e0c90dce6d059ffee413d27cd62783a8b8b5016ad276e39dfd8f8f3ddfc428101818ce507f003eb58c9a5cc8b1aff05aab8f0d7f1d1f6d4b871dbced1f3d2866239752fb13f6e18034bb2b5a6635caa6ecc462e058ebe2fa651d3d0f36e20a31f765e4b958270bd825c6818aac1ad7563135aeedf14a2b6d398b6e34008401b218461820071c5af77846cb9c328190c061d5aa6e0ecde7ef5856b0e6814f833f704096df0825fa4b46dcdacfa27cd87bd7bfeff7f8cae166a3a04d437c7be716c49045c7bd3d1349627c9cbd04c15f00a696e3cffbb45af29122627e7ed33b4249913bec00f0e28aa11298cce8b649081fe3b169b4aaeaca485bda: +e8306bada6d55eb188d9f75c815cc914e93c9c7222391c15bbaeaf9354437935bf2798b8e554f51e2286c3034a88e577ff23fa32a67244ea8245912e8bf46da4:bf2798b8e554f51e2286c3034a88e577ff23fa32a67244ea8245912e8bf46da4:d7043809c3e3dc00b17efd52c9130b11b786f1e257b5e22f81a7faae600bbcdfd518537fe852c642359762fb75e8ad859249e6ab49ce1bb04f2492f2aac35446ba6eb03e76de3abd2d5fc7e6146843add042860a4a16b59bdd7d038378a35e1a04b1217a55710d937e2c9032232ea2cdd1d25a0bff71ef5d3e0c056b29cb92f6df692bde14dfa50e132bebd89e9f1833880b657a781e94ecb603041756e5517d4423c56fadc13e2b318088feddf3b5c83c20b46fddbba92305e48606dab748ce3848b843f4711f370c3ec7d5e19ab4c0ac1ae15aaaf23d65fecedabc08049b9e29113e5761ed9d1c62eb075cabb2674cdbe1e3a889bae4b1dd31b6a5b2ea1b8dedcc3c515edc4467c30231176cd44bec8a057951ab5cd39a9623f8af8473cd27d93302bf8aa624c9c3c5799da1dc494494ef8ff1dbe0187ea5162670b8d098c3a94919398dadf79e6c2491c444392c29cd50d57435063290842bfa0e8530faebc006d6ea7801117e0a3f019ee28fb3792235402e2f69b87a43dc227f9de316029756c3167d64a3a3f6d73160331d5a18eee5b0e6e22a663efdcc8d67af3bced041ea843a5641603ec72efd644e173d199a8c830b2ea5fec0378027c37225afcb604c4cdcf409be1c509c9a377be0d0524107c6d92b5f09a29efb7109295670bb1a1dd3ea008bb79185f09b98f020c43f1439685b96f6199311a090870f0d9b10d495cd410aa95b7e53749be3a6c0fbc729f96cf8564397b09c13514016825f72f14eb93294d7010accfd11f17a6ac8f544263d6038d5c7db29486291b30ea49b6b54cf88826dd252cd9dbb57d841b5a4cf702a3264faa4dccc86ab14daf124ef3d5335a6878d065c6ba29991045765ee5542cc9f5d9f354dcd2c6e0cf7ff3a30f649b5912d971d633578f1e9f263874d0565c247301dcbd15d76211ae2d3d506fc64deb7e042565d438e2bfb249243b7:cc6627308e2f424383fa70594f575791600540027a2751619b283affeaebc9c9d29ac6db286dd2c1b596587b878d1df4781d436bb570c1c0f0d33368dc66520bd7043809c3e3dc00b17efd52c9130b11b786f1e257b5e22f81a7faae600bbcdfd518537fe852c642359762fb75e8ad859249e6ab49ce1bb04f2492f2aac35446ba6eb03e76de3abd2d5fc7e6146843add042860a4a16b59bdd7d038378a35e1a04b1217a55710d937e2c9032232ea2cdd1d25a0bff71ef5d3e0c056b29cb92f6df692bde14dfa50e132bebd89e9f1833880b657a781e94ecb603041756e5517d4423c56fadc13e2b318088feddf3b5c83c20b46fddbba92305e48606dab748ce3848b843f4711f370c3ec7d5e19ab4c0ac1ae15aaaf23d65fecedabc08049b9e29113e5761ed9d1c62eb075cabb2674cdbe1e3a889bae4b1dd31b6a5b2ea1b8dedcc3c515edc4467c30231176cd44bec8a057951ab5cd39a9623f8af8473cd27d93302bf8aa624c9c3c5799da1dc494494ef8ff1dbe0187ea5162670b8d098c3a94919398dadf79e6c2491c444392c29cd50d57435063290842bfa0e8530faebc006d6ea7801117e0a3f019ee28fb3792235402e2f69b87a43dc227f9de316029756c3167d64a3a3f6d73160331d5a18eee5b0e6e22a663efdcc8d67af3bced041ea843a5641603ec72efd644e173d199a8c830b2ea5fec0378027c37225afcb604c4cdcf409be1c509c9a377be0d0524107c6d92b5f09a29efb7109295670bb1a1dd3ea008bb79185f09b98f020c43f1439685b96f6199311a090870f0d9b10d495cd410aa95b7e53749be3a6c0fbc729f96cf8564397b09c13514016825f72f14eb93294d7010accfd11f17a6ac8f544263d6038d5c7db29486291b30ea49b6b54cf88826dd252cd9dbb57d841b5a4cf702a3264faa4dccc86ab14daf124ef3d5335a6878d065c6ba29991045765ee5542cc9f5d9f354dcd2c6e0cf7ff3a30f649b5912d971d633578f1e9f263874d0565c247301dcbd15d76211ae2d3d506fc64deb7e042565d438e2bfb249243b7: +363c1ea7c32ea328a055af7bd8b3bfd204fb0bbd4bf42ffe262f3a5ebd54da557a83ecca51ef6e5aa043a5ce04d9288add49a277548bd3016b693ffa79a22edc:7a83ecca51ef6e5aa043a5ce04d9288add49a277548bd3016b693ffa79a22edc:c41c1e1fb75954a0ae0ebc29090b9fc533e693e7c7105cfe40ef526e4e12a7405221f218c7ac019e1d4c92da2853f2d726aa62277924df0c343fc3d47cd5a99a3e279b26a1b13b1f2aa36f7ccb4b54fbef18bd87a55f1bc40ce7b2029145ee7aab391795ac68de6199f50594fc79611b85131c143021f26fa358da0c7c6a65dde076dab488675b722309e5ed9746d18a89309906a7a9df237dd27bd590ccc77c402ef6e19ca63cc86b85160330ee6e1f1f47a2ff807eefadc00963520a1c600a3e45aa7fb2554f47d897bd86d81c3b0877101222fa7850b80ce3bc06c9e58c0c96e32fec8530c9fa1e4163f0ef8456952bf6dd58045a363d61880e9ac976a3603ef77a4c395e6a07e342f6023b8af10225cff240efc0366a799fd86e9d062060d8724033bdf67588cd73ac284de4c6943cf45ee4f75f5937d97d78105f0bbece04d3dcb5e424eff89b773e5d6b4f37efa9a0654cb3ef345278a62d876cfef9a3dcdceb7081441877ebd5fa30c9d954e3684fa476a4f485d426fd3c8c32bea0f9cc20b15e8fdfc3ca4b302c074f508132d15de625c10ae0737811463dcc55fcc4014b20208fffcefa9dd452119b1652de41348f69f2c488f5cc1856d6e78a5cbe3e373dd4598e2d39f876eb94e0b01b21fa9129ef41b639f4e05e69deb1835ed44b9112a6862a5bcea072c6e1b8f0f058f46bac2a845a582d148f17760b9e0a2ba60bbbf3884af94dd4c7ec9db08e9a5bcc6dde1346442ee1f4707d1f79b69ba867f418dc279173f77adbc58ab85ea393b9dc68261900c1caa82d2f50474c42aec911314278c0affa2a6b6c36d1ff88f3b49fb2b7c339d2a7c2b3049f8c0a08d16a9e8df93d130da484bdba6dbec534cd51097a048221106bab48d67f951b7505a1484892b85779c5a3111702124d957acf2dc352ef9ba247bc80e2ce96269ce85e78b9ebda989076dd5ff73e1eb275e5d7:5fd1e5f9922a12f636b72a7d6217091f948a55bcb1826b8fcaf99d26416c7ab1351c10f4093ffd8a2af86914a0a98184ec7e06d2dee87fdc0f4a47f8c63cf501c41c1e1fb75954a0ae0ebc29090b9fc533e693e7c7105cfe40ef526e4e12a7405221f218c7ac019e1d4c92da2853f2d726aa62277924df0c343fc3d47cd5a99a3e279b26a1b13b1f2aa36f7ccb4b54fbef18bd87a55f1bc40ce7b2029145ee7aab391795ac68de6199f50594fc79611b85131c143021f26fa358da0c7c6a65dde076dab488675b722309e5ed9746d18a89309906a7a9df237dd27bd590ccc77c402ef6e19ca63cc86b85160330ee6e1f1f47a2ff807eefadc00963520a1c600a3e45aa7fb2554f47d897bd86d81c3b0877101222fa7850b80ce3bc06c9e58c0c96e32fec8530c9fa1e4163f0ef8456952bf6dd58045a363d61880e9ac976a3603ef77a4c395e6a07e342f6023b8af10225cff240efc0366a799fd86e9d062060d8724033bdf67588cd73ac284de4c6943cf45ee4f75f5937d97d78105f0bbece04d3dcb5e424eff89b773e5d6b4f37efa9a0654cb3ef345278a62d876cfef9a3dcdceb7081441877ebd5fa30c9d954e3684fa476a4f485d426fd3c8c32bea0f9cc20b15e8fdfc3ca4b302c074f508132d15de625c10ae0737811463dcc55fcc4014b20208fffcefa9dd452119b1652de41348f69f2c488f5cc1856d6e78a5cbe3e373dd4598e2d39f876eb94e0b01b21fa9129ef41b639f4e05e69deb1835ed44b9112a6862a5bcea072c6e1b8f0f058f46bac2a845a582d148f17760b9e0a2ba60bbbf3884af94dd4c7ec9db08e9a5bcc6dde1346442ee1f4707d1f79b69ba867f418dc279173f77adbc58ab85ea393b9dc68261900c1caa82d2f50474c42aec911314278c0affa2a6b6c36d1ff88f3b49fb2b7c339d2a7c2b3049f8c0a08d16a9e8df93d130da484bdba6dbec534cd51097a048221106bab48d67f951b7505a1484892b85779c5a3111702124d957acf2dc352ef9ba247bc80e2ce96269ce85e78b9ebda989076dd5ff73e1eb275e5d7: +db2228ffffa9d2534aef918fb85b821ad360e2d39dec5aeb2db0df02497f94166d0195777f8105ff523b79c59e3c3081fe89db6f87033f094fa5a940cef84bb4:6d0195777f8105ff523b79c59e3c3081fe89db6f87033f094fa5a940cef84bb4:fc07cd99040f13e5a84f94746d6bb868f752b448b62d99593ef29e43cc8245f0470f65552d643220f6719285e15c37a6d174aef76088ccda5f88685b52dae284c65b380da345a2e1af2ed76480d269cb934b4317620b792ebb39b2a678247d6d815f2a5cb9aa560e4bf6deba4c0a0ddc82d0e5a5a65acbc478e1ec6b064d7bb7388a73f6eda30b0b6b73dd8f879263ad1a0348671dcf211cb96ed08ed52f3317da68185d6bb2589dc11d755d47a3b6f6a0386a8594d9570b2e9b0d4b5e13dccd9bb7acbef0ab276a7aebe12931be67f10de267a029895301f5662530ad8ab3d230b3b6d7093acdfbf274757a9078e20c23bc822deffa61005486102c01ab82bdc8cdcf1bb37f9b56d39e50fd5a6895416e767f4e36c1a41778908125b5ca3f92a90da9addff155fb1fd7768808a80f203ed737ef007763bd2fea9ff28c84b43551c9fc438ffc47fcfcf64dc7700613aa8b3af8633ae8b6987437c0aa4781be1e821396c536cb3005d05549b1cba70135afb7fe3068961cad3a1463cc0b5560684e27bba77aef419d823868e0cebad1f1ce0ae902744a152dd29451a17e28a89a7158a1836efce4a3e5c7d1faa4c3875bc46c4d9be22d66d366ac6f59538a00b275b02fac6da755a854081997d5d1d0e6e568a5958cf334c518cd517ab9d73c48d6cbc4ae4eea4353113e7e4a7c05920e686bf07afbfb8dd2ec4f18fa7138e57d332cd7a4228fea73bc09252f24427294ebd3645ee0996c2e851a8aa51a7cd9fc2eab47c0ab213f4f51d216091ed089e4592e9bb0828b858f84f60b93ad84a0a22827cbd27414b781322a04d3960828f638df2834c7f7839d70db126bee5af2ee7559a8ac4c01a6c391396af93fa0608940297ddf8900c5ddb466340ae51c60c7ead762447e76d8bccb573997cf6614d188a0b9a2f56eed9b0f9d463a19787f4092581a65c6bf781b93c56087e54ee1343aab:82189d340bc11ceaa400410e08bae9d901af059125e953786f8a043ddf11f7b2f8e3b617accd78e2939adfabf2d2471fafd6f5bc45b14075b328e34d8075b207fc07cd99040f13e5a84f94746d6bb868f752b448b62d99593ef29e43cc8245f0470f65552d643220f6719285e15c37a6d174aef76088ccda5f88685b52dae284c65b380da345a2e1af2ed76480d269cb934b4317620b792ebb39b2a678247d6d815f2a5cb9aa560e4bf6deba4c0a0ddc82d0e5a5a65acbc478e1ec6b064d7bb7388a73f6eda30b0b6b73dd8f879263ad1a0348671dcf211cb96ed08ed52f3317da68185d6bb2589dc11d755d47a3b6f6a0386a8594d9570b2e9b0d4b5e13dccd9bb7acbef0ab276a7aebe12931be67f10de267a029895301f5662530ad8ab3d230b3b6d7093acdfbf274757a9078e20c23bc822deffa61005486102c01ab82bdc8cdcf1bb37f9b56d39e50fd5a6895416e767f4e36c1a41778908125b5ca3f92a90da9addff155fb1fd7768808a80f203ed737ef007763bd2fea9ff28c84b43551c9fc438ffc47fcfcf64dc7700613aa8b3af8633ae8b6987437c0aa4781be1e821396c536cb3005d05549b1cba70135afb7fe3068961cad3a1463cc0b5560684e27bba77aef419d823868e0cebad1f1ce0ae902744a152dd29451a17e28a89a7158a1836efce4a3e5c7d1faa4c3875bc46c4d9be22d66d366ac6f59538a00b275b02fac6da755a854081997d5d1d0e6e568a5958cf334c518cd517ab9d73c48d6cbc4ae4eea4353113e7e4a7c05920e686bf07afbfb8dd2ec4f18fa7138e57d332cd7a4228fea73bc09252f24427294ebd3645ee0996c2e851a8aa51a7cd9fc2eab47c0ab213f4f51d216091ed089e4592e9bb0828b858f84f60b93ad84a0a22827cbd27414b781322a04d3960828f638df2834c7f7839d70db126bee5af2ee7559a8ac4c01a6c391396af93fa0608940297ddf8900c5ddb466340ae51c60c7ead762447e76d8bccb573997cf6614d188a0b9a2f56eed9b0f9d463a19787f4092581a65c6bf781b93c56087e54ee1343aab: +66b50f692e395eb83386e027c82ce3fdee3bd899b0d3179db086fbf524f57459448536e982408437ce89674053e3c589c98c095c60021a118178c6261d8810fe:448536e982408437ce89674053e3c589c98c095c60021a118178c6261d8810fe:7428a964212bcbe8df7d59e48e923480aa0ee09b910d04efb6903662efc3107ac8fdc0c5f39272740cd877e16cd71c549238c337220ce2f6b5a1fc6f7b0a1cd4ed21d93889081e34fb7fdecf4178bbd431e611e539d900c3d0ac3dc7107b36b41d6d0d5d32c19727f908b6eb367febb352a493581ff128b56c4caf6fb8e09981f0d37957d1282017fbb807614c20f465dc02b0cd969983bd5ae1ebf6578d7ff3ceff320e25562199dee934757cc1f58d5540c41aac1ce4f211f0b8ec4107174030e702bc6a8a9c85c505c9316aefea3e4372242de019b35e2bd3c5a956521971c106a3adbbc13cdc4f7f9d3c58b96a344b4ac3ef6bd8aca6ed9876b43e6497faf7fa4cf27fbcb665730c091e13aaf7e9efe7dd10e14eb19a9200424210ec8b8fba7e69444ce1a9e3a7b26c11f6b7145b6983a7805776484031bff52e81ae769b70a282b094ffb5fb5525dc1a872e207e827a2e11f4ecf7b5308c748a9278ea7bd66188194400430c8cd596ebb87221e536f6afe1f1505d6a59f41d16a2f014e1cfa513f7a69731d7bfdb2affcefe0537d42c796e3fd27e41b7ca72051bef28bb7bde7010dcfed8aa16ef676db6e520c3cef8d6f58a9a2813cff0f7041f87fbfb8431e020ede1d4eaf19e23b983445c5915b54adfb557fc20d0058f40f5e09825dba8d8f20c00f43b3aeebb6157be32ec54627d5d42ab813cf97f095d26db8036c12e82cb963e8001167e61ab393b4cca755ecea869954e323fa5262c5fda3e0be9a51e5af51fa6444824fb837cc67be537a87569c30cf0114d39a03942de4e1cd523355dab1af36080a9a9a548be1c2a7fbe5433772315d283e5156df648bee4b7dcda74f15905d542be54873c15c53ff42acabf8c56f257d764722db4e9c718e12098a3457486a6c947ac2de0af53e82cf950bb37ca29c8dadfa3646db4982af572d39b268c7f96b03ef6b653c87945f29bc5:bd13f6362c07078922f30c6330751bf6e7cf42a76916ee653eb17accff1fbbca35258c4cbc582a5e8cc94fd2c7edeb53762f1fc23123d7f4f145409b31cd38027428a964212bcbe8df7d59e48e923480aa0ee09b910d04efb6903662efc3107ac8fdc0c5f39272740cd877e16cd71c549238c337220ce2f6b5a1fc6f7b0a1cd4ed21d93889081e34fb7fdecf4178bbd431e611e539d900c3d0ac3dc7107b36b41d6d0d5d32c19727f908b6eb367febb352a493581ff128b56c4caf6fb8e09981f0d37957d1282017fbb807614c20f465dc02b0cd969983bd5ae1ebf6578d7ff3ceff320e25562199dee934757cc1f58d5540c41aac1ce4f211f0b8ec4107174030e702bc6a8a9c85c505c9316aefea3e4372242de019b35e2bd3c5a956521971c106a3adbbc13cdc4f7f9d3c58b96a344b4ac3ef6bd8aca6ed9876b43e6497faf7fa4cf27fbcb665730c091e13aaf7e9efe7dd10e14eb19a9200424210ec8b8fba7e69444ce1a9e3a7b26c11f6b7145b6983a7805776484031bff52e81ae769b70a282b094ffb5fb5525dc1a872e207e827a2e11f4ecf7b5308c748a9278ea7bd66188194400430c8cd596ebb87221e536f6afe1f1505d6a59f41d16a2f014e1cfa513f7a69731d7bfdb2affcefe0537d42c796e3fd27e41b7ca72051bef28bb7bde7010dcfed8aa16ef676db6e520c3cef8d6f58a9a2813cff0f7041f87fbfb8431e020ede1d4eaf19e23b983445c5915b54adfb557fc20d0058f40f5e09825dba8d8f20c00f43b3aeebb6157be32ec54627d5d42ab813cf97f095d26db8036c12e82cb963e8001167e61ab393b4cca755ecea869954e323fa5262c5fda3e0be9a51e5af51fa6444824fb837cc67be537a87569c30cf0114d39a03942de4e1cd523355dab1af36080a9a9a548be1c2a7fbe5433772315d283e5156df648bee4b7dcda74f15905d542be54873c15c53ff42acabf8c56f257d764722db4e9c718e12098a3457486a6c947ac2de0af53e82cf950bb37ca29c8dadfa3646db4982af572d39b268c7f96b03ef6b653c87945f29bc5: +55328be4b370822733ff3989a6a3282d65fe8f207ab7270d7c2e727ca3cfaac4518e02eef52f5aaebde3d108ea79ecadfc4d994ce1953621e54b7b3b121ff8ff:518e02eef52f5aaebde3d108ea79ecadfc4d994ce1953621e54b7b3b121ff8ff:6c24c9afbbf12dcaee6f10e4089252f2c60b2ab93a02c1602fb5de4ce3bd923eb02fe1039fdc15996a446915e767dee0176dddb78e9d6bbf069675775a829dd808d376b0cf7920bf1a66e1303ba52419785f25f28bb33899ebde840c0ab14b919a6580cbaac3a805627b9c4a77baa16f825a9eac2d6d3641651493370e50eee94c74049764365605ab4dac1a030227a330aa178f2f8da377af73f0bb040bac12366e65e0591055f9f23eaca35e9688d837a3c0d99c168fd886acc922cf37a7118ef8a44bb0a4fa4288049309a7dc1bed80621e1063e3e592c0fba42d7398eb15f74028ac15d7ed65a6368a13b7f956d19547eb506ce7ec90734eb949cff1d98ce414f10adcba8c007320018750a71bd36d3b6bfd6127054508e3ef65d99848514d33d68b58e3a4b224f79b6e34dd480340467fe7f025cc88213d808fbb5b91e2e43cf9d950640798659273d47a25f1f0132f6882faadbafba28fee5fa17272c1a9001172b3ab6ff2c315f26c07734405b5ee8b5e4f08e1e3b8aea019467fb071887f191901a21c5976c1ca8aaf0a1d4a2e698e7623e9bbe9ca2a67a153a16f895e6dd9ea924441b4bd0b674552e398b8d970343a9bc776a3a3fc1a8660c5625d6081b5d87f0f8ac9f07ab5abe77cdb8e30d2fd1f6f46525c75dd0dd1ca3281cc89346fb3e6d7388ebee154cb59bd9e95ed6a41d5df668b59ea137868eb120b8a2cfdf4674414fd279699f28b5a5ccc2e2fc802a4c9e0b85b76f20f6bce2a4954886fc402670a71efd261f5dd7bca16884a287c622fd445f68d44151cc0134b229da38daaab81b5c960d57700ca92b26d0b142134ce94b7be6c18610ea2136f8ba8329a2e8c000b8f02fe05bcf72cb71f8c72535ffcd818e38e7992a8f0c32ac62177d1522ae552c60c1ee616b75e4b3442e79657e4a333c0b3d744eaf260d0c336931686a6d668c64fef440052352c2b258cfb65:f58db19fd834e15194c3c0f8a6a50ebc4cf074e80ea2e70cdaf1e169bd51ebd0990bad77c4fa208b8dd1e2c8574c01b5f596c8dfa6bb8e6ae3a47ff412e7e2096c24c9afbbf12dcaee6f10e4089252f2c60b2ab93a02c1602fb5de4ce3bd923eb02fe1039fdc15996a446915e767dee0176dddb78e9d6bbf069675775a829dd808d376b0cf7920bf1a66e1303ba52419785f25f28bb33899ebde840c0ab14b919a6580cbaac3a805627b9c4a77baa16f825a9eac2d6d3641651493370e50eee94c74049764365605ab4dac1a030227a330aa178f2f8da377af73f0bb040bac12366e65e0591055f9f23eaca35e9688d837a3c0d99c168fd886acc922cf37a7118ef8a44bb0a4fa4288049309a7dc1bed80621e1063e3e592c0fba42d7398eb15f74028ac15d7ed65a6368a13b7f956d19547eb506ce7ec90734eb949cff1d98ce414f10adcba8c007320018750a71bd36d3b6bfd6127054508e3ef65d99848514d33d68b58e3a4b224f79b6e34dd480340467fe7f025cc88213d808fbb5b91e2e43cf9d950640798659273d47a25f1f0132f6882faadbafba28fee5fa17272c1a9001172b3ab6ff2c315f26c07734405b5ee8b5e4f08e1e3b8aea019467fb071887f191901a21c5976c1ca8aaf0a1d4a2e698e7623e9bbe9ca2a67a153a16f895e6dd9ea924441b4bd0b674552e398b8d970343a9bc776a3a3fc1a8660c5625d6081b5d87f0f8ac9f07ab5abe77cdb8e30d2fd1f6f46525c75dd0dd1ca3281cc89346fb3e6d7388ebee154cb59bd9e95ed6a41d5df668b59ea137868eb120b8a2cfdf4674414fd279699f28b5a5ccc2e2fc802a4c9e0b85b76f20f6bce2a4954886fc402670a71efd261f5dd7bca16884a287c622fd445f68d44151cc0134b229da38daaab81b5c960d57700ca92b26d0b142134ce94b7be6c18610ea2136f8ba8329a2e8c000b8f02fe05bcf72cb71f8c72535ffcd818e38e7992a8f0c32ac62177d1522ae552c60c1ee616b75e4b3442e79657e4a333c0b3d744eaf260d0c336931686a6d668c64fef440052352c2b258cfb65: +7da05f04e5d38b989b83f72f7ab26c138776758f4f577e49dc73d6013ff43759b1de5167f4d330804eec9eb565ef4055f1b64dd95e1c9b27c67ffef91482cca8:b1de5167f4d330804eec9eb565ef4055f1b64dd95e1c9b27c67ffef91482cca8:a6a861d8947c5cd6ad0819602e32ea7681c8f73010eee553e5defbf7982098b5f7b39924bb7959ad64c30326bed560bf51e9983cda5dff4f311eea24cbe68c6106ceac9b843aa4e2ad1b6f8ae1e4f96871fc025be4a616385ff2d4b7f56829abefaf6aacbb780d6cbbc951b6e05a787f885e3325611665ecc924274aa531bc133f62c76cb3ad148f3c9579a815a14200b7648dae0b07b327d3bfccdb6fe3b6cbd70ea65e6c0cc2516a896696d07b2e77713b0bee3b92fb1b6f75b0820a5cb62c5fe6204003943e24857166fbdf571f115d45f42e75901df8b12c32618aacb0d24286c8d30396051fc272aa17f4d2d47461152aacd3faa2b7b208312278e809240592d1d1aa585c56280e66ffd92b5717d0cd1eb9fb7401def879487c374e5c530b6febf911122574d24fe104b4f45c7c601e6c917d3c1882c1ad3c555d8f2ce955b5a10db0d5a8b8ac7a6266b2e6b27ad0ee34f47ad857367d52f7096d4bacef0e46725488424b93b89acd429ffb5ef33a0b081dd09479679196023c3967f44ad41eb1a2395527fd3b79768f1b885f0429b495ab60525691be84650632a2f66cb63ad5bf2f6ae70b668c5a193f7499fc4fc42cf8cb308ce5029a5027babef55d1925ecfba9f27eb6081619ed0df8569fd80e9da104db39b5b8140bfebebd29085440065819deba8d469ae8b3ea6d3bac5891f9a4ddfb7f1f06d13c31a07ee53fb54bc97bd08696394c38e7f3680c0f02f975f469921147a409859097813b4c3fa43d174ac402f1a528cb5fc4b807518432eff33407a111ca3a3d7e9e84135abac8a8f52ea631c86d74a1c6e5749edd1491c0024e7de7fe52856829b72fd13da63a1a2343349df662ab3163536032346e5347f043fff528bf67150922fff2026bab742db9cae7cb2e3c74580719652c28447c5e2098231797ee6ef1231f5792054bc3359a32c86d2f94f85fa7d4a7419dd241ff662a:05f117f9bc3ea55d455e9ef135e92e7665d18070d8f5e375df67be1817ce14357a55e70166f326b77d85243227cf67d8f2e0bf8440cabfb05275b373f1e1190ea6a861d8947c5cd6ad0819602e32ea7681c8f73010eee553e5defbf7982098b5f7b39924bb7959ad64c30326bed560bf51e9983cda5dff4f311eea24cbe68c6106ceac9b843aa4e2ad1b6f8ae1e4f96871fc025be4a616385ff2d4b7f56829abefaf6aacbb780d6cbbc951b6e05a787f885e3325611665ecc924274aa531bc133f62c76cb3ad148f3c9579a815a14200b7648dae0b07b327d3bfccdb6fe3b6cbd70ea65e6c0cc2516a896696d07b2e77713b0bee3b92fb1b6f75b0820a5cb62c5fe6204003943e24857166fbdf571f115d45f42e75901df8b12c32618aacb0d24286c8d30396051fc272aa17f4d2d47461152aacd3faa2b7b208312278e809240592d1d1aa585c56280e66ffd92b5717d0cd1eb9fb7401def879487c374e5c530b6febf911122574d24fe104b4f45c7c601e6c917d3c1882c1ad3c555d8f2ce955b5a10db0d5a8b8ac7a6266b2e6b27ad0ee34f47ad857367d52f7096d4bacef0e46725488424b93b89acd429ffb5ef33a0b081dd09479679196023c3967f44ad41eb1a2395527fd3b79768f1b885f0429b495ab60525691be84650632a2f66cb63ad5bf2f6ae70b668c5a193f7499fc4fc42cf8cb308ce5029a5027babef55d1925ecfba9f27eb6081619ed0df8569fd80e9da104db39b5b8140bfebebd29085440065819deba8d469ae8b3ea6d3bac5891f9a4ddfb7f1f06d13c31a07ee53fb54bc97bd08696394c38e7f3680c0f02f975f469921147a409859097813b4c3fa43d174ac402f1a528cb5fc4b807518432eff33407a111ca3a3d7e9e84135abac8a8f52ea631c86d74a1c6e5749edd1491c0024e7de7fe52856829b72fd13da63a1a2343349df662ab3163536032346e5347f043fff528bf67150922fff2026bab742db9cae7cb2e3c74580719652c28447c5e2098231797ee6ef1231f5792054bc3359a32c86d2f94f85fa7d4a7419dd241ff662a: +1b8ec65880edbf039a13e970b15aa67e192aa02ca65cff9ada17d4558f40137d12c1191e4de3bd44d039070153adb7b581f600e9a1dd69aa89f277c7069e76f8:12c1191e4de3bd44d039070153adb7b581f600e9a1dd69aa89f277c7069e76f8:37f18b7f64c5133479d6dae3bef679cdc21ece3f5b579a6a9c3fa2e59e9be87d2009f74e1cfdaccb1ce37d00702369bd169d94fdcf85af9fa3217d27e6ed6d1d8e5df7615e8e37ea55de1fd0b06d77b4c83b929d80586fa0694be72ec8b365ad2cbcdd2b1ad8cf7f036dfa4daa1a9036cdb120432227b1f07b8866b122120309eb914ab84cddeba1dec48ab92636728588fedb3aaad7e7dbb2ac30e63c6f5f90fc6ce62d6d3bd88b0d5aacfa61de9f3267b300917b57a48036ab20c9a05446b8767494af249e7de7bc507a2207cc956f7184555a7d5d8883bb4b3e93f2dcfc57b0da8638658dcdce885d44d9cc68b1d8170a3677cc5e50cbf33d543ebae4477d9239cf83384ec59b4233e8ff3343f06f301877729a53d420bf01c62e66ab7fe55dd87ee823a58fcb87870e1f52e879177cd439c533f5a223e5a3436fe9d6426548dacfc86a0846d3ed23ac042563e887ff46aad005f4e1dee3ee0ee4c27a7251709ae40abc5e256864e4785a4edd8b2adf1bc5b4018e28d0b175867b02d052a6e17e411a3d8beb2a4208b76cc621fd18be148e235d55aa7127706557dec053a13f1a47dfda405b3fe5bd28ef5d348619f51e595ef5055f839efaf110e4901631ac31a02f4f7ee424a3a2c3e00d2602d2cc1e492906eea420a9268238ac6622a08974e5730292e6ed510256efde667e0d9a0ff2213f54120ccd81ffaa6b7cc48141a2b729852af583d26aa51fbde67be4df14e520c2257a73c5c2e3c3d87dfb25361175fd18abd7e99aa09b85f88f19c8d82d45858f3144c5dfb7a49ede45b4efd8710592a3720636e7e889c7e22ad13b2d44bb7e2b47b2963a5fa3f2557b85bc0c693de3d22ef9464f7b814a20a4676ad26fcaa03544c6aad41283095fcd1210aa8cc029ff5a26005a891226c298e94a52aa7133913ec9d22a5b2ac0bc6f15b251d0b93889213cd1b1e5c6fd08f1a8f5cbd4215329a3:bff269a35d6c8e552ce716d1638181ce8583b45c0ec593b4e58c40ac76e7f85ca1dafffd68541e623a1e35a7c0972688b25eed72f4da57eca16857a8263caa0b37f18b7f64c5133479d6dae3bef679cdc21ece3f5b579a6a9c3fa2e59e9be87d2009f74e1cfdaccb1ce37d00702369bd169d94fdcf85af9fa3217d27e6ed6d1d8e5df7615e8e37ea55de1fd0b06d77b4c83b929d80586fa0694be72ec8b365ad2cbcdd2b1ad8cf7f036dfa4daa1a9036cdb120432227b1f07b8866b122120309eb914ab84cddeba1dec48ab92636728588fedb3aaad7e7dbb2ac30e63c6f5f90fc6ce62d6d3bd88b0d5aacfa61de9f3267b300917b57a48036ab20c9a05446b8767494af249e7de7bc507a2207cc956f7184555a7d5d8883bb4b3e93f2dcfc57b0da8638658dcdce885d44d9cc68b1d8170a3677cc5e50cbf33d543ebae4477d9239cf83384ec59b4233e8ff3343f06f301877729a53d420bf01c62e66ab7fe55dd87ee823a58fcb87870e1f52e879177cd439c533f5a223e5a3436fe9d6426548dacfc86a0846d3ed23ac042563e887ff46aad005f4e1dee3ee0ee4c27a7251709ae40abc5e256864e4785a4edd8b2adf1bc5b4018e28d0b175867b02d052a6e17e411a3d8beb2a4208b76cc621fd18be148e235d55aa7127706557dec053a13f1a47dfda405b3fe5bd28ef5d348619f51e595ef5055f839efaf110e4901631ac31a02f4f7ee424a3a2c3e00d2602d2cc1e492906eea420a9268238ac6622a08974e5730292e6ed510256efde667e0d9a0ff2213f54120ccd81ffaa6b7cc48141a2b729852af583d26aa51fbde67be4df14e520c2257a73c5c2e3c3d87dfb25361175fd18abd7e99aa09b85f88f19c8d82d45858f3144c5dfb7a49ede45b4efd8710592a3720636e7e889c7e22ad13b2d44bb7e2b47b2963a5fa3f2557b85bc0c693de3d22ef9464f7b814a20a4676ad26fcaa03544c6aad41283095fcd1210aa8cc029ff5a26005a891226c298e94a52aa7133913ec9d22a5b2ac0bc6f15b251d0b93889213cd1b1e5c6fd08f1a8f5cbd4215329a3: +e75388026a6a6d6c6d199e362993a5b1044901e18a76c2fac7261a6d1c19a4f3b9ce14251c0cdf3bddb206dc6b8b2b7f5b7e4dd1be2ce1863ff18806ae00f1ee:b9ce14251c0cdf3bddb206dc6b8b2b7f5b7e4dd1be2ce1863ff18806ae00f1ee:b99cdc847211c06642dd111bc5e0beca53a74ffba2e3ac93afb4b0947518e8323527330a4efefbe4bafa00bafecb434ab1e5b7ce65656f7a4fd856aa6c385ed8d7bd6285580d7dd60882e69c19da076909d647de095a80e98ad89b814aadcbbf6f033c49202f656c0910503959cf97cd0fa82d5f6d22fba3389951294c4f7cdc21eb8244bd6560637a5eca62a8eba1f4a933d187a75f86711643af358831c8c16a9a0f09e253b2395e9cb371611eecdd66b4ab521aa94b3f20237eae41cd10c5e21a452d48e748187f354a67adf681b0fe61cdaec94a5eaf01269fceb570d514ff3c55ff1dba2fd2df17f86a8aeb747838113dee94a43b1384cbe133cdf6427e8d122e4e933704da6e26cfcee97fe3f629b60b91b2dd863867fa79801e2b916ec4c0fb62e07159421e657974307a1d02f7f2ed4724a8b521a861f55f35521e8b2e1a84904c428cfc5b6014bb0f8ba8434c2209bd40aca31130db97743333597d2351d5f6811741f62688973bd773d30266fd1efbd89d47a964f9d01997153d087d92696616dd103a934ccbac4c1d142f2075d4e22c3da4a0e973b23863196287b79174fa29755fc6d9b5e100ace0a45975e503b254d3f195c261710910fef106892c08bb296d230cdea9f5a11f91acaa6e7c05e92c281d2b3155fe4480b0aa5e0db41d10e05cfdefa4364051cb755dc72ffa978c00b94a5f212dc691f839b49de97e0139d65e8d73b2b289b26a12c6ccd8edc04adb452af7ff094aa901eaf57651eb1b87b833d0a09b4a4a6462f40664623769e95079f3c962850cc3b401bb0058b8475b10c862f32f300a2b143b3dea269ddcbea7be7dd2426d0d4204eb66a39f1318822dcb9c561398637f4ab8de196768ace74f348c012dd1babec17f5300ffe0d7aaaeafef7db650a8f2f309a9793f52c685c7e1d5133274915784899c481d485c9bd30e99fcdc97d96ef07487da663befe68299df:6d0f83d9c55d84bcf9a86147d9b6ba9ad537832fd0f99dae7e72c8139afcb30c7b24f6b292e32f9847097551b7fbfd510c84e89be98254441457bd08e5f05302b99cdc847211c06642dd111bc5e0beca53a74ffba2e3ac93afb4b0947518e8323527330a4efefbe4bafa00bafecb434ab1e5b7ce65656f7a4fd856aa6c385ed8d7bd6285580d7dd60882e69c19da076909d647de095a80e98ad89b814aadcbbf6f033c49202f656c0910503959cf97cd0fa82d5f6d22fba3389951294c4f7cdc21eb8244bd6560637a5eca62a8eba1f4a933d187a75f86711643af358831c8c16a9a0f09e253b2395e9cb371611eecdd66b4ab521aa94b3f20237eae41cd10c5e21a452d48e748187f354a67adf681b0fe61cdaec94a5eaf01269fceb570d514ff3c55ff1dba2fd2df17f86a8aeb747838113dee94a43b1384cbe133cdf6427e8d122e4e933704da6e26cfcee97fe3f629b60b91b2dd863867fa79801e2b916ec4c0fb62e07159421e657974307a1d02f7f2ed4724a8b521a861f55f35521e8b2e1a84904c428cfc5b6014bb0f8ba8434c2209bd40aca31130db97743333597d2351d5f6811741f62688973bd773d30266fd1efbd89d47a964f9d01997153d087d92696616dd103a934ccbac4c1d142f2075d4e22c3da4a0e973b23863196287b79174fa29755fc6d9b5e100ace0a45975e503b254d3f195c261710910fef106892c08bb296d230cdea9f5a11f91acaa6e7c05e92c281d2b3155fe4480b0aa5e0db41d10e05cfdefa4364051cb755dc72ffa978c00b94a5f212dc691f839b49de97e0139d65e8d73b2b289b26a12c6ccd8edc04adb452af7ff094aa901eaf57651eb1b87b833d0a09b4a4a6462f40664623769e95079f3c962850cc3b401bb0058b8475b10c862f32f300a2b143b3dea269ddcbea7be7dd2426d0d4204eb66a39f1318822dcb9c561398637f4ab8de196768ace74f348c012dd1babec17f5300ffe0d7aaaeafef7db650a8f2f309a9793f52c685c7e1d5133274915784899c481d485c9bd30e99fcdc97d96ef07487da663befe68299df: +5b323fc01a16c45d1064667d2ea4a7ea59d20342562d12fbc598d5aa7300688ed4141b455d301642bada2814afcb1620d5eb56d92b1185fe5dadef559625fa71:d4141b455d301642bada2814afcb1620d5eb56d92b1185fe5dadef559625fa71:ad24669ef55c540a8ed162ce1d28f01760a60719a0377336eb00b1ecbe6f61601cd564f92c956804f9bed4e1476b94e5ea8cca80cb49a304ef851f7f675abe58e6681dc012ad55e51b021d9828569d0bcc9e0527a3fc03c891d17a90e6337a1ea67f2f08810587693837081e4c08a3d72c536c2140da200ba456c376f61d05651f0c5f395711f41c0d6eae98c906764d1ebef3f9046cb7c8622640fcafafbfb8f62e1cd32c66ee1c55509489a538ab612999e7997b779c6422eff109da4df82920930d8d363d7830908795a3888f25d667e14d155ed44581be430f7973b574e2bc0b134cf139fb4bb01dbda41b67b98147d8012f40677f4b80ce4a534c90adeabf484b21fa994b7a175f8a8b8a4075564478ddb05024580bab038cd9eaa1dfda552fb31229429b614fa1d80c52614e84faa2217f260ff7ccea8c7b06e3d77ff874eb81fc8597e5fcdcec951b5fe64a1af86e73193a882469eb3ba3c382734b2887b419316ea448afc282478c25f7bca18429cbbffd8871177c5ecc7d8aa9a1b9ec87192d29a52539c081c3593332444cbe66872cf3d0e197292b82b0be5fcd858cd6ca48b53ee5b61641bcaaf31d819c7e1cedaf9ee6b07e09caedfb30b9204a1d4ddb70560cbe1eb0c0ec43f1d178201b290819fcdc92c63e0db60fb87dff00e512648c8958a847efc36346073f1a4f1f2317060f1c543e6f01b42485beeb56cab3bab26e6a0ca6935802c762b799159e320f36b5e83d4aca8962aa2c3c2b7a3870e9e04731f3948cf941e21d50964e5d635a35a53e299811b8cadfcb4416c57598a3fd05410910dbc0ea2c78fdb92574997d58796279eaaa78b36dcef1c9a129eeff82399a26d008ffa3bf0418ff7d39b6427f341895024d16e22a0c62a82beba2e2bac23dee18cfcd5db2397f378c5367309082c44eb43cedc15220253a62320399665f71349cc1b944f58c73a10a0bbfd4caf12891e3:e2eff607f0227a29d582d69f3458acadd3226fceaac0abbdaed52675c51630073cd3a901707ecf05e893f2c36daaf0cc4901116946b5770dc038125f6d131b09ad24669ef55c540a8ed162ce1d28f01760a60719a0377336eb00b1ecbe6f61601cd564f92c956804f9bed4e1476b94e5ea8cca80cb49a304ef851f7f675abe58e6681dc012ad55e51b021d9828569d0bcc9e0527a3fc03c891d17a90e6337a1ea67f2f08810587693837081e4c08a3d72c536c2140da200ba456c376f61d05651f0c5f395711f41c0d6eae98c906764d1ebef3f9046cb7c8622640fcafafbfb8f62e1cd32c66ee1c55509489a538ab612999e7997b779c6422eff109da4df82920930d8d363d7830908795a3888f25d667e14d155ed44581be430f7973b574e2bc0b134cf139fb4bb01dbda41b67b98147d8012f40677f4b80ce4a534c90adeabf484b21fa994b7a175f8a8b8a4075564478ddb05024580bab038cd9eaa1dfda552fb31229429b614fa1d80c52614e84faa2217f260ff7ccea8c7b06e3d77ff874eb81fc8597e5fcdcec951b5fe64a1af86e73193a882469eb3ba3c382734b2887b419316ea448afc282478c25f7bca18429cbbffd8871177c5ecc7d8aa9a1b9ec87192d29a52539c081c3593332444cbe66872cf3d0e197292b82b0be5fcd858cd6ca48b53ee5b61641bcaaf31d819c7e1cedaf9ee6b07e09caedfb30b9204a1d4ddb70560cbe1eb0c0ec43f1d178201b290819fcdc92c63e0db60fb87dff00e512648c8958a847efc36346073f1a4f1f2317060f1c543e6f01b42485beeb56cab3bab26e6a0ca6935802c762b799159e320f36b5e83d4aca8962aa2c3c2b7a3870e9e04731f3948cf941e21d50964e5d635a35a53e299811b8cadfcb4416c57598a3fd05410910dbc0ea2c78fdb92574997d58796279eaaa78b36dcef1c9a129eeff82399a26d008ffa3bf0418ff7d39b6427f341895024d16e22a0c62a82beba2e2bac23dee18cfcd5db2397f378c5367309082c44eb43cedc15220253a62320399665f71349cc1b944f58c73a10a0bbfd4caf12891e3: +be1c112f78cf13aefc5ce7e33764aca4481f9f88b018e122db9f8dac14624605ae389936bbf6d16e3c1eeb6474298970866e12ec9c1d6aea2fd9db6b56aa59c4:ae389936bbf6d16e3c1eeb6474298970866e12ec9c1d6aea2fd9db6b56aa59c4:d77f9aeea0fe98ed7fb74d582a402bcb7931474b4a95d523f3fb769fb7097d2be4c6ec1052140163222553aa8f4f89e421730014ec73469720cea967f88b6a48d02a2ddc1a121fdffb8ae127738e293c4d6b1b74ad03844de6bfe821506b3a7a81d19c37a7f01ca481471219efe2a7b92c4bd2ac07743b4975696441714b84d63c549d7a6fb61f16fbcdb72b914d7882d091f9706da38c1a81a1c6a40fbec0d8e238b5d56d460e909f85479f7ad8b119f35455e34010caa7e5d01f38e301ad37e8005f6ed29e4a102db3f61d84093f78c49a9648c977bf4d5b689f71f406f8ad7b9aeb1ae22133a84ce1b278b2cdde465901b23a179d072a80879d0a24d2af197b322a07bf5d40eeab3af12117f13021dfc1681aba5c083f2596e37f1123422bbdca3b2c32cb594f56c325e0c564a1733288053459c62488925cd80e7c944db998c3c7be546bf89d7a511ccdba4b809eee0fc2873dad72b4cf3ba051289bb3f4e9925732e45ae7741058c8fd11599dd843927e3d14598bb83052d33569cfb02af0c88fa7aea4bb46841cd2ddbdf5988fcf325ff104a5dfc4a30d269d2a949730c3613bddd3673b42f6090e6a60e4a253062463a65d7e7fc0030bba769ca344bfa9ac823f58cb5cee8a5fc0ca37228de5a4d93e0ecf7f10821659a2261f7ef1596eda4e411cf3c9669d81de74547ce4bf833eb432f385ce9038fe848a8c96da7f01fd95bea06d1d747c8ae736495bba2285be5c32afea449520cfe8e1ce25f9077ed0ec0f6598a9b8f7386f15358170ccefc3d5ffb009288154de877c2409ae5fd8fef0093f1c36b3a8f547432cd0f62c4033242ad9921a8f11c00f366da9396930a80c997df429a4f5f4e45c7a6d7e02af033186757c73cbe64d2d4e78eaafe27539528035f2cfcf8eaf0a42bd25f88b2fc69e42668fae6677c9ac9091d9d15a41f3ace65d90a0229873dcf254256cca449ed4c17d5435bae4:f5fc5acb17e9957ea304f123b650e144c9e4377283509d431da6a2bbd527beb382c9f58745a3e56dcc655bd2ebb7aeefc93edc3f20d8d3c37923031eec0cb407d77f9aeea0fe98ed7fb74d582a402bcb7931474b4a95d523f3fb769fb7097d2be4c6ec1052140163222553aa8f4f89e421730014ec73469720cea967f88b6a48d02a2ddc1a121fdffb8ae127738e293c4d6b1b74ad03844de6bfe821506b3a7a81d19c37a7f01ca481471219efe2a7b92c4bd2ac07743b4975696441714b84d63c549d7a6fb61f16fbcdb72b914d7882d091f9706da38c1a81a1c6a40fbec0d8e238b5d56d460e909f85479f7ad8b119f35455e34010caa7e5d01f38e301ad37e8005f6ed29e4a102db3f61d84093f78c49a9648c977bf4d5b689f71f406f8ad7b9aeb1ae22133a84ce1b278b2cdde465901b23a179d072a80879d0a24d2af197b322a07bf5d40eeab3af12117f13021dfc1681aba5c083f2596e37f1123422bbdca3b2c32cb594f56c325e0c564a1733288053459c62488925cd80e7c944db998c3c7be546bf89d7a511ccdba4b809eee0fc2873dad72b4cf3ba051289bb3f4e9925732e45ae7741058c8fd11599dd843927e3d14598bb83052d33569cfb02af0c88fa7aea4bb46841cd2ddbdf5988fcf325ff104a5dfc4a30d269d2a949730c3613bddd3673b42f6090e6a60e4a253062463a65d7e7fc0030bba769ca344bfa9ac823f58cb5cee8a5fc0ca37228de5a4d93e0ecf7f10821659a2261f7ef1596eda4e411cf3c9669d81de74547ce4bf833eb432f385ce9038fe848a8c96da7f01fd95bea06d1d747c8ae736495bba2285be5c32afea449520cfe8e1ce25f9077ed0ec0f6598a9b8f7386f15358170ccefc3d5ffb009288154de877c2409ae5fd8fef0093f1c36b3a8f547432cd0f62c4033242ad9921a8f11c00f366da9396930a80c997df429a4f5f4e45c7a6d7e02af033186757c73cbe64d2d4e78eaafe27539528035f2cfcf8eaf0a42bd25f88b2fc69e42668fae6677c9ac9091d9d15a41f3ace65d90a0229873dcf254256cca449ed4c17d5435bae4: +bd8523eda899b984230e328875b9672edc9fcd24ea5cc12d7b572da4be01fb7b02b734ebbe88c13bfa95a5d964fc7ef9d395bd6303f065dc4ee17b3ac1548b7b:02b734ebbe88c13bfa95a5d964fc7ef9d395bd6303f065dc4ee17b3ac1548b7b:16c216c9be9f0d4b115410bdfd1593c8e262221ab97a2a395a12198f95c30205b08962d4893118ba9ff99ab1c7a6e1f2f175191070ac945327ad6c470babf7928b07dd788c85b64b712e0aae6c0ea20281e42fd561e83e3fbac67f14000ee56d981d2a2f0b9ca00a9ea47ca2f6fc8dca1035fceb142c3f26f20e3c732207ffff11b79695bdafa415214a4499302326605cf0b8c82f2b11392ecc90cd74a7b411b6d907a3d5c130c879b7cf880f22bbd7f0e95933718e96d7d16caea9f2c39e89b13cd52266273604a96b51d6e34f706735ddd9fca44d09cd86bb7217600e0d34d416ac249f2e41bd0f4abcbd2580adae21d7eba5fa44f39d780f17eb85ccbef58fef903a280d95f8f3210789fa12e120e21b6e8cad917835bbdcc3b07e84693954e23a94f99f937ddb0d4a18d42c3ea8fca7d1ea6ed53a00246f99ea520e6405bd2aa549b06e7da722c1ba74aa1c136e8ea58baaf8d37658693f3e0b44f631dd6d08ffdf4f09189d3035a3f03468e29696ef05e02cc1aabfecbda2301b540cb0eb0a75bcce73db9273a9161a98ad898fcd6579fb7e4b3279544f2e0bd774dd1a8157daa88a70321167703c60a608a4b54216590375e597fe21aea97b52185d0e37a53b6388a707a2bc24acf94425f84f3d56bc9f7ee7412a9e1833ad55b7eae6da581698166383a2eba8b6f53920f517a5c80bd3e03faad4087e3ee8fec9a79a01c779512133d7b6e5f1dec766300dc405cc21a8c583fb73bc90cf24385b086049d3bf20c300983c0b351538dccb227a14fafd23ac4b26be81a2b120cf216fc58354f9dcbf05f66339ad6ddc2cac14677b90e247ebb6c5c229007dc60f374a06d404eb23eb1ec49907c6e881629e1867268ca6fffa59aa3ca8f6c295162b9536c2be22bbe3b72380ef11b61b357a6253100e30a586818ba003fa3ffd1fc919881c05022f94848598f217fea222507220d108a28fc7bc39a8a11c:fcfcdb088dcbd0a51bd301e3e1561671935d8b6f719c5d92690640d3c91e775bf4054132efc05a2122fc209db3c3343233ff8aecebd52daa2b3b21eeb15fd10216c216c9be9f0d4b115410bdfd1593c8e262221ab97a2a395a12198f95c30205b08962d4893118ba9ff99ab1c7a6e1f2f175191070ac945327ad6c470babf7928b07dd788c85b64b712e0aae6c0ea20281e42fd561e83e3fbac67f14000ee56d981d2a2f0b9ca00a9ea47ca2f6fc8dca1035fceb142c3f26f20e3c732207ffff11b79695bdafa415214a4499302326605cf0b8c82f2b11392ecc90cd74a7b411b6d907a3d5c130c879b7cf880f22bbd7f0e95933718e96d7d16caea9f2c39e89b13cd52266273604a96b51d6e34f706735ddd9fca44d09cd86bb7217600e0d34d416ac249f2e41bd0f4abcbd2580adae21d7eba5fa44f39d780f17eb85ccbef58fef903a280d95f8f3210789fa12e120e21b6e8cad917835bbdcc3b07e84693954e23a94f99f937ddb0d4a18d42c3ea8fca7d1ea6ed53a00246f99ea520e6405bd2aa549b06e7da722c1ba74aa1c136e8ea58baaf8d37658693f3e0b44f631dd6d08ffdf4f09189d3035a3f03468e29696ef05e02cc1aabfecbda2301b540cb0eb0a75bcce73db9273a9161a98ad898fcd6579fb7e4b3279544f2e0bd774dd1a8157daa88a70321167703c60a608a4b54216590375e597fe21aea97b52185d0e37a53b6388a707a2bc24acf94425f84f3d56bc9f7ee7412a9e1833ad55b7eae6da581698166383a2eba8b6f53920f517a5c80bd3e03faad4087e3ee8fec9a79a01c779512133d7b6e5f1dec766300dc405cc21a8c583fb73bc90cf24385b086049d3bf20c300983c0b351538dccb227a14fafd23ac4b26be81a2b120cf216fc58354f9dcbf05f66339ad6ddc2cac14677b90e247ebb6c5c229007dc60f374a06d404eb23eb1ec49907c6e881629e1867268ca6fffa59aa3ca8f6c295162b9536c2be22bbe3b72380ef11b61b357a6253100e30a586818ba003fa3ffd1fc919881c05022f94848598f217fea222507220d108a28fc7bc39a8a11c: +33a85ae150bbf552f41663b21521c296d246dd6cf8195df851c695bd15f4a502c8c9c42521008d5efff576c7e4a56083ced9a928da6fd5cf93fda572a5a2d0c0:c8c9c42521008d5efff576c7e4a56083ced9a928da6fd5cf93fda572a5a2d0c0:937e05f2f1fdbd41731553e77cf181b5079758940aee8e92623fb1d5f07128b7d7f17e4842707a562c45ba69264c0f730a821c7db6bf82990dc651269b296c335179113053d6f85bb096b2911165fa3900cb102416487ba8078679c6b336dff38763c08dcd20fa66dda45c575df150d851165a4804973830f436df60b81319f9cfb564c0652896ed5f1849cb3354f50f0012f286e8a30c213528693474004e8504012b945560c074a6a163432cf4ac4ba7175cf26005db7199ee96d893cd1aad3fdf5d57460ef02dda6d3a140825196f3f8e2f37da36b6fdad184f2740f116de758a92917030c5fb80f0262496d2df93c7e276f25da7dbed8eb8dd4c563aba55b82af6ba3a70ca5f858b44a033cfb795604ddee746e7c8ae79d272fb9a2341a2a202df5eac08de75ad80c6580d92b169f2e1318857b1b1421c30f3dd461093de2d345ede7404b72a450de07b16eee68ce62887b6eaa436eee684be75ce0e1f96263e8d8736f9ba000d88e9e5860f328ae1e2dc73099d32fceb1bd2c0123698a49bead190a00ec9a6f87133eddd45316f65eb0d329b07b9a66bb9fe42588bf7b8d06efec1986b82a081ed3f6802e9be73464784559a4f2c097ba14b0bfd5d7e0aff65cb69abd03f8616cd7edf7ec368219edcf893e9ee71dad9f18d79e568265ddc6716223213235bb928e908dea827784cd1af396d590c81f4eacdfcf89c5cac96fa050064a22841ea715f8c89d6d5afbf597a4d005dbc6b13856d335b42a9a82edcb949835cca20b0a23de51cc3aec35566eff0c5ae1ab3751320d2c310495238eda383c38a4163152b8815690b8ff015035d1d00ea4a0d6caf324bb71a664a1bed31480784a68f438caa359e8d2673c857d4b8c0b6c695847b86800ea3d734b5ecc4d52b507ac69b3a6778916016ebc2315f44c90bf0c3e7dae01d49cbc303402bbc634ae1191f3f6fd63d303b0c0be033a47b90f8d3a77f0a44:bbe4cd63676e26d675a191151d30db72b5b84d461eec6564af867ab41bae9931147885519ec9d7e6c818743c8ef6d5167b35b421363c09b357367fe8de443a06937e05f2f1fdbd41731553e77cf181b5079758940aee8e92623fb1d5f07128b7d7f17e4842707a562c45ba69264c0f730a821c7db6bf82990dc651269b296c335179113053d6f85bb096b2911165fa3900cb102416487ba8078679c6b336dff38763c08dcd20fa66dda45c575df150d851165a4804973830f436df60b81319f9cfb564c0652896ed5f1849cb3354f50f0012f286e8a30c213528693474004e8504012b945560c074a6a163432cf4ac4ba7175cf26005db7199ee96d893cd1aad3fdf5d57460ef02dda6d3a140825196f3f8e2f37da36b6fdad184f2740f116de758a92917030c5fb80f0262496d2df93c7e276f25da7dbed8eb8dd4c563aba55b82af6ba3a70ca5f858b44a033cfb795604ddee746e7c8ae79d272fb9a2341a2a202df5eac08de75ad80c6580d92b169f2e1318857b1b1421c30f3dd461093de2d345ede7404b72a450de07b16eee68ce62887b6eaa436eee684be75ce0e1f96263e8d8736f9ba000d88e9e5860f328ae1e2dc73099d32fceb1bd2c0123698a49bead190a00ec9a6f87133eddd45316f65eb0d329b07b9a66bb9fe42588bf7b8d06efec1986b82a081ed3f6802e9be73464784559a4f2c097ba14b0bfd5d7e0aff65cb69abd03f8616cd7edf7ec368219edcf893e9ee71dad9f18d79e568265ddc6716223213235bb928e908dea827784cd1af396d590c81f4eacdfcf89c5cac96fa050064a22841ea715f8c89d6d5afbf597a4d005dbc6b13856d335b42a9a82edcb949835cca20b0a23de51cc3aec35566eff0c5ae1ab3751320d2c310495238eda383c38a4163152b8815690b8ff015035d1d00ea4a0d6caf324bb71a664a1bed31480784a68f438caa359e8d2673c857d4b8c0b6c695847b86800ea3d734b5ecc4d52b507ac69b3a6778916016ebc2315f44c90bf0c3e7dae01d49cbc303402bbc634ae1191f3f6fd63d303b0c0be033a47b90f8d3a77f0a44: +ba9e686204975c3bded4c1e9f74c7e4c7a7e3c9981d01bfca0ad0115c3f0f5c34990fce6952e8b7d0afcf4bf9dba9bce1bc4815e37511da7c2ad4892581de03a:4990fce6952e8b7d0afcf4bf9dba9bce1bc4815e37511da7c2ad4892581de03a:46bb48952ae58f2bf58f5be8df4f316b50f363ec84eed8f82ff4c04b0692d03aef26e8e1e6c9549a2247d540a6e22feb11e57f4b808a2097e8a7b6b3b7af3769e6d81d64886e6962372f4f39e49cd46c1b5f735f380f7c277d099776ed1aeaa57a359c0aa8c72f40eb91a1bf07ea157f5ddb30409d6e3af98990ce7f30affdac5e22010646dca96a540060fc908a3125b000ad1ed3a0f255cd34f15d7dd1fd681c3c35a1cd652056ecc5264d39aaf72a9bb83a551cc934887ae107afdfef063217270d9596891418bd461bba63de65be067b1b7864fe46484c7c9e96349a7c03a80fa055050aa18ace2a44b4a03c947824172b30e21011159443ca3cefaf696a7aa8f98011260c9436bf48991f41d4d507b96ce7323e531adcf66347c55c8855673a9f2ec89b5c8024460617ec7271773b36d64fc14eb5d82652c53a3031457227093d118fd8eb9384e80229041a96a6493450f97e6736263abf1ecd9e9fb9a4f0f6d667fa824151485edc37b34acf3d8c35f9c1be48b5e96a12af8e2d35c23a03580f211da6316b34c56bee872d47641bca77da640fdbbad5a9ad8ab9dc7957913da734ad37492ba4de8cf136cccdeb6ba3f1bd3f003be7263c4f2a40c33f24ca3339596e6c3428338100ebcc0722d4f50d30b33b912d4e7c1a9fe65f6658a6f239140a62c3261e10392ed1930aa917652d3bd2be4e8a08ab97e145b920abb31ee4bcd5a0d71f638180f61c245823a399a734a4dcde0997880245ed71eb9bc65e3c6fc95ab920b8024c17d44ced0037d04a133c2641782f1d622df45269b491d3fa2a1227579eaa386de3e7de7bc455c6a154eee5727fff0437a20076c5c3b0577cac5b4b6934e269380222461a60f954e48979c0671217f16f7027983034121093186c78705fc27dc92e2eda4116a6bf7d23e0548d62b67b25c41ed06192bc26ef1397bf1601f3a6e2a0e7f661fb0505ee382f27aec2805a3e2117:c7d23a58e2fb2a8d4b8ed1e9eae91e1129c2af8bd05f0bd572abebbe0f30825925f0df71cfb7218c686e5548d9427710a690366ba85541c79101a58a10e8af0a46bb48952ae58f2bf58f5be8df4f316b50f363ec84eed8f82ff4c04b0692d03aef26e8e1e6c9549a2247d540a6e22feb11e57f4b808a2097e8a7b6b3b7af3769e6d81d64886e6962372f4f39e49cd46c1b5f735f380f7c277d099776ed1aeaa57a359c0aa8c72f40eb91a1bf07ea157f5ddb30409d6e3af98990ce7f30affdac5e22010646dca96a540060fc908a3125b000ad1ed3a0f255cd34f15d7dd1fd681c3c35a1cd652056ecc5264d39aaf72a9bb83a551cc934887ae107afdfef063217270d9596891418bd461bba63de65be067b1b7864fe46484c7c9e96349a7c03a80fa055050aa18ace2a44b4a03c947824172b30e21011159443ca3cefaf696a7aa8f98011260c9436bf48991f41d4d507b96ce7323e531adcf66347c55c8855673a9f2ec89b5c8024460617ec7271773b36d64fc14eb5d82652c53a3031457227093d118fd8eb9384e80229041a96a6493450f97e6736263abf1ecd9e9fb9a4f0f6d667fa824151485edc37b34acf3d8c35f9c1be48b5e96a12af8e2d35c23a03580f211da6316b34c56bee872d47641bca77da640fdbbad5a9ad8ab9dc7957913da734ad37492ba4de8cf136cccdeb6ba3f1bd3f003be7263c4f2a40c33f24ca3339596e6c3428338100ebcc0722d4f50d30b33b912d4e7c1a9fe65f6658a6f239140a62c3261e10392ed1930aa917652d3bd2be4e8a08ab97e145b920abb31ee4bcd5a0d71f638180f61c245823a399a734a4dcde0997880245ed71eb9bc65e3c6fc95ab920b8024c17d44ced0037d04a133c2641782f1d622df45269b491d3fa2a1227579eaa386de3e7de7bc455c6a154eee5727fff0437a20076c5c3b0577cac5b4b6934e269380222461a60f954e48979c0671217f16f7027983034121093186c78705fc27dc92e2eda4116a6bf7d23e0548d62b67b25c41ed06192bc26ef1397bf1601f3a6e2a0e7f661fb0505ee382f27aec2805a3e2117: +5907a8c084043875238edbdcb7832fbba4c05ea3c5f88a96f1fbf950401ec164e2f49509d1007f618efe4f1fd67eaa6e2ab18afb2decced5a0b2ba8363789260:e2f49509d1007f618efe4f1fd67eaa6e2ab18afb2decced5a0b2ba8363789260:433b2478e18fad5cb81067061d225528229778307885475460fbe3137a5b44024894ddbe56fa6ed021496f0786e42bc6c2d2797ea0a6bf355e88115faa55cd92ed42133d9dcda6b9ebf63ce4a994d1a82d2a49267558be54182a6f85112bd12b247adacf1405fc7ec7a015d43ab40b82c677f7f85a0e48197c5b96576199f4c3343ff7654d523a30c43a054c3e464451278034b7f196c366768c628af94fc0ccfc9a2955f9d32338b944780f8e327085b103781868e4fb79d56122d7f3f5ab309e5d634add15da382c0d2358e647182be4de6e9a9e43e6a3a3b8215b204d9507610d461621000fb1893707af7d2595bfef8a8c5c5cd08f309a5fb55e45519aea9b84748ca5c672bfecd30d25651234a3cc319b43dfcefc1a07b55b4aca714c2e7ef9638fe7884a77b22253a01a2229500e9ce10fda73a843c19cc09626d2456c22a9c901881d521f4b15d2f613cb469d304d579223bc5ff73804df6371517ebaa5b677ea910ff1a02a26fafe48fef469ed799bed6d56ce961834a2edc2e23c0d9426eccdcc934f4c220e37815f7c334b7383607d430520946a881a08325b4164979d5e82cd8134d78cec4861c019f6de301c1b9aec52bb982033fb79b2e9731bab2968bc3f93fa5604b893c6028c204c36bb8c6b074be28c964d2849b5bb19d7e0ba24e22a204d4fda83b10131d383f10b136bd0dba39ec26af30e3ffb4dbc0c921f0cc9910715d51c81fe4c62950e855549a17cd73a09ac91e06d461518376d0fcfa123df0a837103458d9ce221808d1f9ef2edc5cd2e6823145b524894ea48526d985eefd3f60679399548e1edeadb5395b43d87044b2bfe7c6037029b346a402227eab81f333e10e77f1dbc06a211d43b82558676c2dcff9082b1dd53368df002de1329af3000b171a6914389bb80ec0c9f3e412a441b800afceb0486709adac66cafeef248839331f5d892197e25420f1e37d7c0247f669f5fcbf0:8c4912c0f885d76c914059505373a64bddd67dd468369ab918f23ea28e04c19177a8d461144f0a8b51d215176cb08bd65301c3c46237b61bb1498ca79d4be70e433b2478e18fad5cb81067061d225528229778307885475460fbe3137a5b44024894ddbe56fa6ed021496f0786e42bc6c2d2797ea0a6bf355e88115faa55cd92ed42133d9dcda6b9ebf63ce4a994d1a82d2a49267558be54182a6f85112bd12b247adacf1405fc7ec7a015d43ab40b82c677f7f85a0e48197c5b96576199f4c3343ff7654d523a30c43a054c3e464451278034b7f196c366768c628af94fc0ccfc9a2955f9d32338b944780f8e327085b103781868e4fb79d56122d7f3f5ab309e5d634add15da382c0d2358e647182be4de6e9a9e43e6a3a3b8215b204d9507610d461621000fb1893707af7d2595bfef8a8c5c5cd08f309a5fb55e45519aea9b84748ca5c672bfecd30d25651234a3cc319b43dfcefc1a07b55b4aca714c2e7ef9638fe7884a77b22253a01a2229500e9ce10fda73a843c19cc09626d2456c22a9c901881d521f4b15d2f613cb469d304d579223bc5ff73804df6371517ebaa5b677ea910ff1a02a26fafe48fef469ed799bed6d56ce961834a2edc2e23c0d9426eccdcc934f4c220e37815f7c334b7383607d430520946a881a08325b4164979d5e82cd8134d78cec4861c019f6de301c1b9aec52bb982033fb79b2e9731bab2968bc3f93fa5604b893c6028c204c36bb8c6b074be28c964d2849b5bb19d7e0ba24e22a204d4fda83b10131d383f10b136bd0dba39ec26af30e3ffb4dbc0c921f0cc9910715d51c81fe4c62950e855549a17cd73a09ac91e06d461518376d0fcfa123df0a837103458d9ce221808d1f9ef2edc5cd2e6823145b524894ea48526d985eefd3f60679399548e1edeadb5395b43d87044b2bfe7c6037029b346a402227eab81f333e10e77f1dbc06a211d43b82558676c2dcff9082b1dd53368df002de1329af3000b171a6914389bb80ec0c9f3e412a441b800afceb0486709adac66cafeef248839331f5d892197e25420f1e37d7c0247f669f5fcbf0: +6020ae273e0e0537bac881d7549d923eb1cc200d49ca65d4be635e39173df9dadaaf0e699a12a92c16e0ded3eb3450a36311824577e361f05696603300166297:daaf0e699a12a92c16e0ded3eb3450a36311824577e361f05696603300166297:6a8011de09aac00db16ff7e55c2de67d8c9883fcb2040dedbc1e321caba7bb036971530176d1dbbaa927520bdfccbed8840126043edc44cbb7fa3528680e5f1b5664951dc90109aea4b9c336ca043d8221a4c8d2011656bf944efd36ba0a10a4b389196055750b0e388fb52870bbec8c55198131443945c09f3aace3e6915014374073266f34887442d74f468f8d7078bba0bd814cd6dd423c97b56905587b152d1fcfba0eb9fde2112691dafaf4f921562f241b62841001834f6ce36685f82a8faa3b7afad73a5e59bf5f9e713e59163f31dbe696118af33506d2ffea3d9c1556fb152fd2b321c31757d0c3c0f60ee113edac02d67efbb303dce6fa88f7b9746ca110e6a0cd099c0831f53c55c28b6c82af446456b842b2c950a553ee2c765e9729e6b0c546bfc26bd6d42d06b2ed5d4c8cbbc75f2a3ad8129395793d979c031fce7e20b38bd89c9b624748b2013423cebada02cde2052da5664c6c6426cbfc88f84ff602e2e20df9678fbba577a4c134517ee050681151580f7c5c9787b96e55c4075a26f4f8ccffbbb6ea18de1b2cc8c4496b16042770b7ec6eb5429e7ac1891232aa4e47467f4e9a985d80547ecc4c6fd9f59763ede91671f2aa5736a5d148e3a8ffc88e61253a85b0953654958eb2d69401cbeae775f8cb8c3ca42d21693ebe298838df94c1d77b126a1205cc47d50d5367b6f276ec8db6b95324a31e8fd2ed2e43420c4ad02ea277dd948a55193d0f0b4d1cf28386c725975ce5c12d2a6f35673cc22a0694cca4daf6afbfd326d88c1850f834c42ff0e292ba4f13e5ef0774a596d33904c0262d31df2c584a0a4f453f6ae4a88a275f7de79c13ae1a73115be02f425c6f177a1ec4639c42a792809a2b0919ebd321e316001d5b2f84894fcebd50a1dcf44d702b924532fc0e4d3f9ff8486c0ed180eecc3e09e2272a94dc7d24a4e87a931fe2495cbf992c0aae9201e0796298f9363dbac475e8ed:b1ba88fed7e5f4b757f3fa4d1ed9b19e498e5d2f5e6cd46e426fe8f039882f1be77ac9e5a9265cbf7e3cd2a9e9926c18199143798da5be47a4086440496ba00f6a8011de09aac00db16ff7e55c2de67d8c9883fcb2040dedbc1e321caba7bb036971530176d1dbbaa927520bdfccbed8840126043edc44cbb7fa3528680e5f1b5664951dc90109aea4b9c336ca043d8221a4c8d2011656bf944efd36ba0a10a4b389196055750b0e388fb52870bbec8c55198131443945c09f3aace3e6915014374073266f34887442d74f468f8d7078bba0bd814cd6dd423c97b56905587b152d1fcfba0eb9fde2112691dafaf4f921562f241b62841001834f6ce36685f82a8faa3b7afad73a5e59bf5f9e713e59163f31dbe696118af33506d2ffea3d9c1556fb152fd2b321c31757d0c3c0f60ee113edac02d67efbb303dce6fa88f7b9746ca110e6a0cd099c0831f53c55c28b6c82af446456b842b2c950a553ee2c765e9729e6b0c546bfc26bd6d42d06b2ed5d4c8cbbc75f2a3ad8129395793d979c031fce7e20b38bd89c9b624748b2013423cebada02cde2052da5664c6c6426cbfc88f84ff602e2e20df9678fbba577a4c134517ee050681151580f7c5c9787b96e55c4075a26f4f8ccffbbb6ea18de1b2cc8c4496b16042770b7ec6eb5429e7ac1891232aa4e47467f4e9a985d80547ecc4c6fd9f59763ede91671f2aa5736a5d148e3a8ffc88e61253a85b0953654958eb2d69401cbeae775f8cb8c3ca42d21693ebe298838df94c1d77b126a1205cc47d50d5367b6f276ec8db6b95324a31e8fd2ed2e43420c4ad02ea277dd948a55193d0f0b4d1cf28386c725975ce5c12d2a6f35673cc22a0694cca4daf6afbfd326d88c1850f834c42ff0e292ba4f13e5ef0774a596d33904c0262d31df2c584a0a4f453f6ae4a88a275f7de79c13ae1a73115be02f425c6f177a1ec4639c42a792809a2b0919ebd321e316001d5b2f84894fcebd50a1dcf44d702b924532fc0e4d3f9ff8486c0ed180eecc3e09e2272a94dc7d24a4e87a931fe2495cbf992c0aae9201e0796298f9363dbac475e8ed: +932a200ecee7223f24146283a4048c67a6a2d2fc4ba0f9248bdffd82c6cce3cbec9bfb7a6d04e726fc1ea0c424610dcb7967bf15d6d6626858d411198d40e239:ec9bfb7a6d04e726fc1ea0c424610dcb7967bf15d6d6626858d411198d40e239:df953207048213afb8e2af452c889a21ca136a68c929bdc824f9a89ac596dcb90019a46fb682bcfd962fccb27d00baf8eccaf9d9a7d8183cabd7dfa506f7bafb4935ab045931ff8faeb71631f9ed6bb8f8473ad6290d7cf519db310a4442c461118f67d1a6d103bae6f2697c94b7426d9e02e3cb9522fd0b44aef600c962feff5873d98c2790887b8e88d160824f1bba22017639f8dce68f743480deea1f92aa1fd4135dd06457a60f36b7d7f517d40c94c0dddc2e465847d909b9f68245ff2b421d5919001aae5aef24e02c002da907e8605f160ea6096b580b75cea022d402f7f5fdc464f87f78c7906a01e8e48fb5b35174612b48ac8bc750e0f3aeb0a12f7dfc09b0842c1780a5fd9c54afb9399b9408baaccda20afbe3d682248d7bf1efdef4905a319b0ffb108b753b71cc97e9e21ec9b3dd28cee039d9418a1135f0add092aa66312ea2913300d1cc8916524302bd3d1b09e6b29c6857cbdc56ef4b3f35d8ee677208effa846fdb066b05eb717b4d45120cab72a7db7a7ca846e87b16b69047eb76d8f18da8e1399ec0a8c9c328cbe60e0bf42044d2ebf2818b3c047588452fcd2b3efc1e1009ae07688727db8fb6df2a2fe75d1cf22f32bac09c82a6a3d7eed7d00508cbe5b72460ecfcdd3ee911efe5898dbd8e4ce8591326dd1522f9d255da861bf9eb2a1d5725d7d5d427340341945e7bca8cf2ff8a997450953e77d203683e4b0dafc330e05672d2ecd13a3f442df137044e0f556ffbceffea26cbae26cba6f2568cf39f908489e1a92e76afbf297995da4b2cb1abc9ee1fe4dca5aa838b2fbdc109e89bef3ce5a36e5b2f712ac4c889438248fa5a2150cac6c977b5e0543f4010b7314732fd18e7fd5982e83276519e78725e5a5eeb86f4892084ae52da3849c228c809edbf69a2cc47c478d18719f111d737887c7a2eb3250898db34e5e5076fab9f4a9e6e1929a3480836dea07ba4d63fcefce5543430a8:cd1e4bdf4a3e4a31d65254333c8cc4087e4cc40b02e2a347d09a3dde698490c087d7109ad0209c53e987589cbf3ce26412a2b02cb8a3bc93fec75ab5d2c38703df953207048213afb8e2af452c889a21ca136a68c929bdc824f9a89ac596dcb90019a46fb682bcfd962fccb27d00baf8eccaf9d9a7d8183cabd7dfa506f7bafb4935ab045931ff8faeb71631f9ed6bb8f8473ad6290d7cf519db310a4442c461118f67d1a6d103bae6f2697c94b7426d9e02e3cb9522fd0b44aef600c962feff5873d98c2790887b8e88d160824f1bba22017639f8dce68f743480deea1f92aa1fd4135dd06457a60f36b7d7f517d40c94c0dddc2e465847d909b9f68245ff2b421d5919001aae5aef24e02c002da907e8605f160ea6096b580b75cea022d402f7f5fdc464f87f78c7906a01e8e48fb5b35174612b48ac8bc750e0f3aeb0a12f7dfc09b0842c1780a5fd9c54afb9399b9408baaccda20afbe3d682248d7bf1efdef4905a319b0ffb108b753b71cc97e9e21ec9b3dd28cee039d9418a1135f0add092aa66312ea2913300d1cc8916524302bd3d1b09e6b29c6857cbdc56ef4b3f35d8ee677208effa846fdb066b05eb717b4d45120cab72a7db7a7ca846e87b16b69047eb76d8f18da8e1399ec0a8c9c328cbe60e0bf42044d2ebf2818b3c047588452fcd2b3efc1e1009ae07688727db8fb6df2a2fe75d1cf22f32bac09c82a6a3d7eed7d00508cbe5b72460ecfcdd3ee911efe5898dbd8e4ce8591326dd1522f9d255da861bf9eb2a1d5725d7d5d427340341945e7bca8cf2ff8a997450953e77d203683e4b0dafc330e05672d2ecd13a3f442df137044e0f556ffbceffea26cbae26cba6f2568cf39f908489e1a92e76afbf297995da4b2cb1abc9ee1fe4dca5aa838b2fbdc109e89bef3ce5a36e5b2f712ac4c889438248fa5a2150cac6c977b5e0543f4010b7314732fd18e7fd5982e83276519e78725e5a5eeb86f4892084ae52da3849c228c809edbf69a2cc47c478d18719f111d737887c7a2eb3250898db34e5e5076fab9f4a9e6e1929a3480836dea07ba4d63fcefce5543430a8: +5c483e837eb01ed5a4ad5db3792699824df13e576be967d12115c85e0286e628fe1aa8b069da56e676ef3a57d9bba88305ea032808ee635273b37c5c635def4e:fe1aa8b069da56e676ef3a57d9bba88305ea032808ee635273b37c5c635def4e:58d5e2cd899ba985378b3ec33e9a869822b23d5d896a28f424fcd6e4cc28b80d4aaf2de804367efdf5e423b1234d821d63ac05eaed12c73e8e3608af0ddccc8386b7d842b12e60d30cede32553945e7829e9b23f5ccc2e7103a08f2cdd9e75a7b36f5e63720ef0d49b2592bef3740268c89c86a6cbdfe201de0db9985ceb19399c9a1d5bb0586af3c8cdf2713299eb0443a541a47384607243c54a05915058367d3f2db380ed317a8c12c7a63e809c2e84d4acb9d9eef54c6f5af7ab59cb9168b1068f9d2ccd978fe721bad68a669ffedea3e92c76b32e3166658ee3bd0deb1b084194ce35d9a741c57fc2241e68efaa65320b23a1dd19ea8b7ec81e76f1e9163f9592eeee5af8eced0272f33512d0d4ca067f05551b265396e10014783cacac79437b19842de6ab91b9d923bbeb503325bc54869f663e6ea4ae6897701be7e11d16cdfae0eee861862000e7a4160781547e42526af51ba9698d234aaf510da81a0dbf264366153d7a6d5eb3fb08b9bb5ea065c2f5e5b6bb679d2e210b5b40e2bc82f78dc9ab5824b74aadadd89bf8a8b73a0a2f43ac748378921a73a252704a4adbf740cb99c1e1594c37ac9acc19f52315c6a846a57b36128c64d767af44e9c86305bf18ba7cd52680523a3b102fba6fe55567069d2047cbdd9605ea12c8877d399c1e66e33817731f50b84f817d1f0760a40f97468618934105eb00ec50c76db3c53fcf43fe1702907d9a756bcf439f8831d0bfac92e7058fb157be3e591d37eb34165e3c6fc60e72294c083e477626f9001c1d737c290377dfa58ea4ead3028fc762ce8a3afec2e6e132c662df6034ab554f93efac657ad34f6107d347fc5c5e53f3733e178b76014d2f9bbd06ef2dfe60e2083d8865f7f5b2acc025d912e5cf6cda6e798143e9dbbc70a0211d8e4003d78b383d66a6ad29717ca24eddef7df7cd3a7ef652aba5487afe5d026c9b102807294eb27d9824eeb6b40f083de7:c17c2fbf8c00bcea3035bf0a62d30229db742cab1199677c7eb4eb0ef5c7b51ad487a4971b631e794a58bb0823cc0fe62610fda6a9e03f8c4c3381cb154cef0b58d5e2cd899ba985378b3ec33e9a869822b23d5d896a28f424fcd6e4cc28b80d4aaf2de804367efdf5e423b1234d821d63ac05eaed12c73e8e3608af0ddccc8386b7d842b12e60d30cede32553945e7829e9b23f5ccc2e7103a08f2cdd9e75a7b36f5e63720ef0d49b2592bef3740268c89c86a6cbdfe201de0db9985ceb19399c9a1d5bb0586af3c8cdf2713299eb0443a541a47384607243c54a05915058367d3f2db380ed317a8c12c7a63e809c2e84d4acb9d9eef54c6f5af7ab59cb9168b1068f9d2ccd978fe721bad68a669ffedea3e92c76b32e3166658ee3bd0deb1b084194ce35d9a741c57fc2241e68efaa65320b23a1dd19ea8b7ec81e76f1e9163f9592eeee5af8eced0272f33512d0d4ca067f05551b265396e10014783cacac79437b19842de6ab91b9d923bbeb503325bc54869f663e6ea4ae6897701be7e11d16cdfae0eee861862000e7a4160781547e42526af51ba9698d234aaf510da81a0dbf264366153d7a6d5eb3fb08b9bb5ea065c2f5e5b6bb679d2e210b5b40e2bc82f78dc9ab5824b74aadadd89bf8a8b73a0a2f43ac748378921a73a252704a4adbf740cb99c1e1594c37ac9acc19f52315c6a846a57b36128c64d767af44e9c86305bf18ba7cd52680523a3b102fba6fe55567069d2047cbdd9605ea12c8877d399c1e66e33817731f50b84f817d1f0760a40f97468618934105eb00ec50c76db3c53fcf43fe1702907d9a756bcf439f8831d0bfac92e7058fb157be3e591d37eb34165e3c6fc60e72294c083e477626f9001c1d737c290377dfa58ea4ead3028fc762ce8a3afec2e6e132c662df6034ab554f93efac657ad34f6107d347fc5c5e53f3733e178b76014d2f9bbd06ef2dfe60e2083d8865f7f5b2acc025d912e5cf6cda6e798143e9dbbc70a0211d8e4003d78b383d66a6ad29717ca24eddef7df7cd3a7ef652aba5487afe5d026c9b102807294eb27d9824eeb6b40f083de7: +b0d0abdd8444e10f293754ac9f16e31bdcdd97b7067128aae8e4d7f11289e2cd1c78cc01bea15352b63c5697f1cfe12ffdd16ddc1d59e77951b6e9408ee228ad:1c78cc01bea15352b63c5697f1cfe12ffdd16ddc1d59e77951b6e9408ee228ad:aa276cc543fcc62d70a704608d98ce51b645b5c24a640a5df10a5591417d108926df3f0ce1b921033309eb8d8659f489fd6f79aa1bf4882d72ac69cc58d3bce0fa89b16411e9753eb40c6c4d598dc8f4abb0bc48f1370371326c9a86bbc2ac6214478e78a38408bddafaa9592600c49a129c05392f8a7d642b49137a20f3fe9f11ee17cfa3afd2af71565e9c40080b60cd0dbc378eda062c7cbc7fe972bde4509a1de95f14df482f48aacc463cd594f66d648d3794738ad6ab496e2da50b0db2ba7b659185e4587f182e833de750faacddf21af5e0cf4c9af385b04f7be231498ad0b742d5a87c06115db230973a51427f202fa39afb9828b5f03fa327cbd52dfec66d71ea319865dcf6810f1858472d8bea3e447adfb4b60758e86b48133709732d2bcf51c76caa847b6537fcb05bb8c87dc5e9fb022b3260c1d71b149859c9663dbdae6a7bbfd6deb9d123809c241401af10719cf91a6bed16084c444607359ed8f018db111511892b46bdac6c9c613841ded886b9dec06c01e80487e48fbe778e9e97508ffda0577853aabdcaca8b0bab6ce41557aab9631c96d60977e35718b60595273fdba140f5500a8d3576f5a9fc8f3ca4c02c167af2e03d25750b42adb03b1417f2b6d219be5f8429331a26a449b5d4db2b1a09152eea2b25d2df7ef6fe0a32e25fae79360a9aee1511fda8064550937a7130971930c673bb358e5f55951f50b146d85d383f3e01c151ece6c06d836701253280fdcff4e139d3319ab2e2ca71bcc3fa0faf7c702c9c604e5651de4af5700e9ede7258b9bc148d5595cd34170e3e5cf292828390908fda961f2230ac0b8cac64739732706ce2d5e59abd6d5e207bdafea74d28d7a758f2200e4e00a0bcf0306a3cabda47024fabeae488ab5c323715cf3ca7720af9ebbf8582e1158a099d736b569b9d40295817ea2554068bef32442c111ec814c6ed415919ba73526334df30bac666084e5601c2281c:64408bdd2d0fc892a5b62b5acf8e3b3c73c0b5c4fa2a72e39dd608d4937f9332f73e14d08badc6270114d1f1a556cc6ee8488abb907f79ae175c352e9f11ee05aa276cc543fcc62d70a704608d98ce51b645b5c24a640a5df10a5591417d108926df3f0ce1b921033309eb8d8659f489fd6f79aa1bf4882d72ac69cc58d3bce0fa89b16411e9753eb40c6c4d598dc8f4abb0bc48f1370371326c9a86bbc2ac6214478e78a38408bddafaa9592600c49a129c05392f8a7d642b49137a20f3fe9f11ee17cfa3afd2af71565e9c40080b60cd0dbc378eda062c7cbc7fe972bde4509a1de95f14df482f48aacc463cd594f66d648d3794738ad6ab496e2da50b0db2ba7b659185e4587f182e833de750faacddf21af5e0cf4c9af385b04f7be231498ad0b742d5a87c06115db230973a51427f202fa39afb9828b5f03fa327cbd52dfec66d71ea319865dcf6810f1858472d8bea3e447adfb4b60758e86b48133709732d2bcf51c76caa847b6537fcb05bb8c87dc5e9fb022b3260c1d71b149859c9663dbdae6a7bbfd6deb9d123809c241401af10719cf91a6bed16084c444607359ed8f018db111511892b46bdac6c9c613841ded886b9dec06c01e80487e48fbe778e9e97508ffda0577853aabdcaca8b0bab6ce41557aab9631c96d60977e35718b60595273fdba140f5500a8d3576f5a9fc8f3ca4c02c167af2e03d25750b42adb03b1417f2b6d219be5f8429331a26a449b5d4db2b1a09152eea2b25d2df7ef6fe0a32e25fae79360a9aee1511fda8064550937a7130971930c673bb358e5f55951f50b146d85d383f3e01c151ece6c06d836701253280fdcff4e139d3319ab2e2ca71bcc3fa0faf7c702c9c604e5651de4af5700e9ede7258b9bc148d5595cd34170e3e5cf292828390908fda961f2230ac0b8cac64739732706ce2d5e59abd6d5e207bdafea74d28d7a758f2200e4e00a0bcf0306a3cabda47024fabeae488ab5c323715cf3ca7720af9ebbf8582e1158a099d736b569b9d40295817ea2554068bef32442c111ec814c6ed415919ba73526334df30bac666084e5601c2281c: +498497fdcc6a105891e023ff32d75f7c3748d8c52d87dd3b2775aefd8160a1432d79ae9cee4ac6275b05749c438ebe552b413d873cc07f14f5fa130177214c54:2d79ae9cee4ac6275b05749c438ebe552b413d873cc07f14f5fa130177214c54:be38bc8cdf46190e304ab53dd29c2bc40954fd4c6d2bb990f93b2b5c691fdf0527c260f5066187f2d0f31f43a08b360ea1ed8200651764b8fa49595a1594109e496759ab6623fa33378d800e6117e079e13fe85c81b63ebe247b3df6c1584bc7cffbdfa45f2a2ce7c237aaafef8cbca70bcabce0b847d551f46a7d15ce2a0d3d545abacc5930010c53648887d476e0d13a34fc1c54df09d106ed758deedc761d557a73b2bcdddefba4ed005997b19279b9d2de37d041fe013eef05a2e11c9a234e87cc0e16c0c6da42aaa5bf996417bf64e5b785d67dc32547c1f052178d694cf20f1698589e7ed49be29dd59fd5c01ba1d9f5fb06a75895b7b1e15895097ebde84cad6303aa0a86dbc324747d97245d70c5203be01b06cbde06ae037204d23730cd696189f7ac267cf202179929ce5410e0e3ade513d2201bfd20fefa40b4476f27bf907c762eb7262a5be13cfc047a846d20a9f2311b6469b06ab545f0ec9fc446ea250cd3b73a7b6b960c10ca4c2d6c64a156a18c9fb810e49afd0c36daab8b8b856643a4ccafa9ad886e91e544535b8edda27c90c06ab6bcc53628be18d7d6369ca1801f91c2e0b95f36d702f77234b4100719c059951e45b1f916983934e32b4d4d8f29c0a373f8d8f0918b967865cd0e4beca01327c99d5fded4c1a69ac2d4d9b78ffb8305670021040250cc27737e75df75760fec8b8d30b245654f3c12f1f7cea0bce78ab3693578af3ea61ffccdf9baf7c3ea65b88fc854128126476796892c663bd14518c9918629a1095f614e0492446c3d84b16ec94f7ecadaeb6b659bbb4867b579061714fd5bb0faa4ad6be0ffb3888bea447e4e3438c8f0eae644fbd45a3802dc40ec451b212bd592dacd4da96686dc8b2024257f25e9c830bff795eee85d87a090c1a42321e710555764ed8257c9415c7f224b537558cefdc615129f28350267c01ba0403e07f5c6067f91c85a2c50c866dc4388af38d2160203:b0a36a2c934756348eb47c25a32c3f2a5ddbd58fcc72a08c3cead1a2d900335c3001e35bfe1f3fb5a555009ba8e96874494b97e8b09700edcb1f2584b9d0fe03be38bc8cdf46190e304ab53dd29c2bc40954fd4c6d2bb990f93b2b5c691fdf0527c260f5066187f2d0f31f43a08b360ea1ed8200651764b8fa49595a1594109e496759ab6623fa33378d800e6117e079e13fe85c81b63ebe247b3df6c1584bc7cffbdfa45f2a2ce7c237aaafef8cbca70bcabce0b847d551f46a7d15ce2a0d3d545abacc5930010c53648887d476e0d13a34fc1c54df09d106ed758deedc761d557a73b2bcdddefba4ed005997b19279b9d2de37d041fe013eef05a2e11c9a234e87cc0e16c0c6da42aaa5bf996417bf64e5b785d67dc32547c1f052178d694cf20f1698589e7ed49be29dd59fd5c01ba1d9f5fb06a75895b7b1e15895097ebde84cad6303aa0a86dbc324747d97245d70c5203be01b06cbde06ae037204d23730cd696189f7ac267cf202179929ce5410e0e3ade513d2201bfd20fefa40b4476f27bf907c762eb7262a5be13cfc047a846d20a9f2311b6469b06ab545f0ec9fc446ea250cd3b73a7b6b960c10ca4c2d6c64a156a18c9fb810e49afd0c36daab8b8b856643a4ccafa9ad886e91e544535b8edda27c90c06ab6bcc53628be18d7d6369ca1801f91c2e0b95f36d702f77234b4100719c059951e45b1f916983934e32b4d4d8f29c0a373f8d8f0918b967865cd0e4beca01327c99d5fded4c1a69ac2d4d9b78ffb8305670021040250cc27737e75df75760fec8b8d30b245654f3c12f1f7cea0bce78ab3693578af3ea61ffccdf9baf7c3ea65b88fc854128126476796892c663bd14518c9918629a1095f614e0492446c3d84b16ec94f7ecadaeb6b659bbb4867b579061714fd5bb0faa4ad6be0ffb3888bea447e4e3438c8f0eae644fbd45a3802dc40ec451b212bd592dacd4da96686dc8b2024257f25e9c830bff795eee85d87a090c1a42321e710555764ed8257c9415c7f224b537558cefdc615129f28350267c01ba0403e07f5c6067f91c85a2c50c866dc4388af38d2160203: +d962a6719e5cc7724ca4a1d559536812b4e22aa7bcb13e4fb1722d28e045217ca944592dbc7d77039d720256c3fd340d34db892ab13e4812d662e2840c28b6d0:a944592dbc7d77039d720256c3fd340d34db892ab13e4812d662e2840c28b6d0:a6aa7a190d003ab175332b8f58e7caeb690854d9db56dbb6957b3fb654e2e0da991f3154214204135df1e1104317c9e3c58eedff1fc61aba57744c0c7ef486000a70b2c142ebaddc07ab065e2a855daf198a6803ac24ef3724487c1351ddeda0513913457d76860d78a9b6bc3dba66c40e5fc349a873ad6065ce7d7fdc2cc483b3aefbf2f03dd669bd9cb8f63cee47785cacb09d872c9aeb83e9868405254324037982e08613455d9521d88ea2fda020be730cfc8c07cb0b37614ccba2fa3ec498b815bb5adb996e848b38c015a6a5c752ebdac7b9eed8b69619d8c846b66f7816d1df1ebc21071cef0b251e2eab59827f6d6055084370fd27c203e86a189f1ee11e8403abdcbd1f45341a820525d8637dc484a5185d6551cb882a96b9981a5f1a821f27b656fff90e7f69bf286f752f970ffca5c53e0850b20b94f9431627094acea912a880b749a6f80bb206ccaa746fa70c833c9f323089ce0558c9dc200d5739d1e499634f2c16e54b7f6d7819c47071b60bd54dd0f273a319750fd3c510a49ab56f630c7ce6d8023d97862346859bc0b4d605224969708903760301409c60ab25175611f0be98b23a8cd8ac535e3513bc77e1452193dadf4435e63c3629b666a5ea4c4bad36eacad2601404eabd8d9a07956ec2b4b7bb6336ed75b8df8f16de42c0fcae93652e3c407cbd45e8d413ef51e8542df62512ee793e41358a1de19246c6586b3c1407410421f6e865c75a9f4a6a4788f84a9c781d8f8024bfdbe25bdc7d4b69cbaa7719628c0b07ec2c4a234fff4ac3d4935b9ce4c8a16947abe7951ff8d9ac9215e338fa0fe9124176d17bac1e05592c439868ae5a4f75fd1ea82aa454c20a939deda729a0e19646cebd822049c825c7e31c6efad45e306f2d9f0569e0717331f48004c26ebfe68f3843e90f8067032d21e786c8539e01be3ceac5954a0546c84b734d999456a7c45f8cebaa478e548007f9d3af836f754de4123f2f:dfb9b635ac0edf83b7b59d0b8409af475f66fc9946af0b7c63ab8cf5929d4701a1bf66959cde62fbcf59a48ab3bbaf0b9a61b6e00b2181eb934282070a5d5300a6aa7a190d003ab175332b8f58e7caeb690854d9db56dbb6957b3fb654e2e0da991f3154214204135df1e1104317c9e3c58eedff1fc61aba57744c0c7ef486000a70b2c142ebaddc07ab065e2a855daf198a6803ac24ef3724487c1351ddeda0513913457d76860d78a9b6bc3dba66c40e5fc349a873ad6065ce7d7fdc2cc483b3aefbf2f03dd669bd9cb8f63cee47785cacb09d872c9aeb83e9868405254324037982e08613455d9521d88ea2fda020be730cfc8c07cb0b37614ccba2fa3ec498b815bb5adb996e848b38c015a6a5c752ebdac7b9eed8b69619d8c846b66f7816d1df1ebc21071cef0b251e2eab59827f6d6055084370fd27c203e86a189f1ee11e8403abdcbd1f45341a820525d8637dc484a5185d6551cb882a96b9981a5f1a821f27b656fff90e7f69bf286f752f970ffca5c53e0850b20b94f9431627094acea912a880b749a6f80bb206ccaa746fa70c833c9f323089ce0558c9dc200d5739d1e499634f2c16e54b7f6d7819c47071b60bd54dd0f273a319750fd3c510a49ab56f630c7ce6d8023d97862346859bc0b4d605224969708903760301409c60ab25175611f0be98b23a8cd8ac535e3513bc77e1452193dadf4435e63c3629b666a5ea4c4bad36eacad2601404eabd8d9a07956ec2b4b7bb6336ed75b8df8f16de42c0fcae93652e3c407cbd45e8d413ef51e8542df62512ee793e41358a1de19246c6586b3c1407410421f6e865c75a9f4a6a4788f84a9c781d8f8024bfdbe25bdc7d4b69cbaa7719628c0b07ec2c4a234fff4ac3d4935b9ce4c8a16947abe7951ff8d9ac9215e338fa0fe9124176d17bac1e05592c439868ae5a4f75fd1ea82aa454c20a939deda729a0e19646cebd822049c825c7e31c6efad45e306f2d9f0569e0717331f48004c26ebfe68f3843e90f8067032d21e786c8539e01be3ceac5954a0546c84b734d999456a7c45f8cebaa478e548007f9d3af836f754de4123f2f: +e1d1416518921d07c8c39e2973d8ea1249caa8bf659cc36c7937f84ece7ad4fc48bdcc3f1a5b8058ed9a32ef1cc48cf7a8ab76a6e4519e5a82855241ad6fff8a:48bdcc3f1a5b8058ed9a32ef1cc48cf7a8ab76a6e4519e5a82855241ad6fff8a:3d263de1ab91e8dd7b317f7a27fb60a6e1838c0c793b03abbe7082b6bda0c7c46062262192c88b65c026c174584d29649710429ae44a46140b4c82c8a0b74d56a004f8e2f5c18f84f0464153772f8312633fc6ad28a7d9fb55f7d78cd6488ca58117eaf923fa28875e2b3189893185aa3ccd044d3f110e2e7cabdf6f814b9fdd6733bd5f307a87bc73b6250d5883936deb1db0e0af1be7ab329b5c6bd935bd8f8dc888f0d1c464edbc023cbc080753ee8f799f1072bad1144dfaa615a59e2aedc662e83cb1f8e52096a7ee483bf873b25a0c04c1851a0e87375063aa1a94fa835c052640366b79f735d3286197ab32ebdb5123f6b47ad3f442c44c530a68f8512759e9cf386fba07b8064bc8fe83e245495ec45f8938f8259dc8016205f78d3954442ec1b445d83d95ad1805a5e0e8b3d56b870a20da18d74f26f550a9c7534a4144dcbc1c3cdbbe470cc153905043088facf1d303559de41e96c0ab409bb36dcf38cc9038a6a4908dea82a653195c16f290a7c3ac487636cc5bcb18d15a14ac624c70b6f6462bf249e000cee924018bdf7dde39114cb4f652e122e8744da28b0589e1284d70d9f106de16d073648080e6437ff384e68177d5cb718e2ce3f17ba1e990ae3ce940660130e93750b82e2fb41aa369774568d7cf286725e3c58f63e73f8697aeecc717c5cf1af7ad74f446292c905d84e22b23d4e0d2604bff48fefc40c6204b5e34c042292e53bec9360159a5cd97b2df5786b8f5a292c0b39d14a870a4588e67bd12b2c2f7a4408462851d2aa787971d9315190f42cc588af0d2dcd91f31bb715e9250f1192814f7b8a21fef4517b0cf8bb8a1a1a5f500ee219dfb46132efe8e90bc49093a5559f9681b4fb59e5ba9ef3f05d34eed034c14d77ee95ebd76ffa5af0befcba18fdf932af4854510b75db00a7257b234887d49607dfd16180db516c7a20ccfcaeda6aedfb6a2377fbf31e67b517655db73ca29e118624d6080:4232d2a481084d1196db62f22dc74cf2eaf2db0df05ad7cdde67bfc29bff56cde019ac9f03d81f1827eb1e3b0abe0204ca7f77fa874ab5268354ff08bb7f48003d263de1ab91e8dd7b317f7a27fb60a6e1838c0c793b03abbe7082b6bda0c7c46062262192c88b65c026c174584d29649710429ae44a46140b4c82c8a0b74d56a004f8e2f5c18f84f0464153772f8312633fc6ad28a7d9fb55f7d78cd6488ca58117eaf923fa28875e2b3189893185aa3ccd044d3f110e2e7cabdf6f814b9fdd6733bd5f307a87bc73b6250d5883936deb1db0e0af1be7ab329b5c6bd935bd8f8dc888f0d1c464edbc023cbc080753ee8f799f1072bad1144dfaa615a59e2aedc662e83cb1f8e52096a7ee483bf873b25a0c04c1851a0e87375063aa1a94fa835c052640366b79f735d3286197ab32ebdb5123f6b47ad3f442c44c530a68f8512759e9cf386fba07b8064bc8fe83e245495ec45f8938f8259dc8016205f78d3954442ec1b445d83d95ad1805a5e0e8b3d56b870a20da18d74f26f550a9c7534a4144dcbc1c3cdbbe470cc153905043088facf1d303559de41e96c0ab409bb36dcf38cc9038a6a4908dea82a653195c16f290a7c3ac487636cc5bcb18d15a14ac624c70b6f6462bf249e000cee924018bdf7dde39114cb4f652e122e8744da28b0589e1284d70d9f106de16d073648080e6437ff384e68177d5cb718e2ce3f17ba1e990ae3ce940660130e93750b82e2fb41aa369774568d7cf286725e3c58f63e73f8697aeecc717c5cf1af7ad74f446292c905d84e22b23d4e0d2604bff48fefc40c6204b5e34c042292e53bec9360159a5cd97b2df5786b8f5a292c0b39d14a870a4588e67bd12b2c2f7a4408462851d2aa787971d9315190f42cc588af0d2dcd91f31bb715e9250f1192814f7b8a21fef4517b0cf8bb8a1a1a5f500ee219dfb46132efe8e90bc49093a5559f9681b4fb59e5ba9ef3f05d34eed034c14d77ee95ebd76ffa5af0befcba18fdf932af4854510b75db00a7257b234887d49607dfd16180db516c7a20ccfcaeda6aedfb6a2377fbf31e67b517655db73ca29e118624d6080: +2bf74f004d7d0af73a83ea208cc206723d188f4cf607bcad4b6980268ff21fa78fdcd99352438beb52f0d1742bae71844512dd0685aaf1c909e38fc4b5aab6cc:8fdcd99352438beb52f0d1742bae71844512dd0685aaf1c909e38fc4b5aab6cc:898e4303ea5bebd200a5f7562be5f5032640a3f5ccfa764292045a1a368d02aa591077d8f304f74dbdfc280734454ed8c2727aff392c108c526e527e672c5397b2d77c01f7741ef8dcc2510ee841b59dd10f4e1d3ac501af7cbdb85ba31129c262fde1a0c8bc83d6ff944b6bae3fa7fb62587c681d8e342965c5705fd1a6ab39e5a0770ee7798d9fb6c0018a514d53af848db6047cd02db352d5563b53662373b971935a1ac2b7b6361dac6748771813f7749316694961b940ff3805811a49fa27a9ba457ad28848c697050e0188d0773e17fb52194e190a7872a398f31c0f0ae06537a273ffb50c2c816445ab882811922c0621556c46a3a0ec40bfedb411e90b6db1ddd4bbebb57d10df566a63d726a33308514ce3b499d5e526c22b956d8b99913dcb13e437e947b666c41c54d8b3ae2356647e8017ab678386c927219ae7bddc0d821265f9dc4ff3f8ce5be60f8e9defc5ca335068ee29fe8304917b788784a2388a320192f9325d0e6cfffea21e6eaa29e7707f63a9ea4fbb2558e3d0835bab1f52361037ae59e503ee96b9d708a47a3ae4bad113e2a460a269ccf25a0003cb3e68a551864e59840914791126f954788b25b5af5aaf586ebb87fa5f377b4d7d7f84c000dd2cb440e214d38d5ecf70f20e9881828edaa1dbec37093db960686ca123f1ecba6336b37f46cf765be2814b9e6705bc9d6a49318118c7529b37c84ec88d58a8453dcb692c9a36016b948ebe6fb2c1d0adf5f198ee3097a6ff0b8eebbad8b0769330b18689516bc0fe668b0d05e3a584fcf89c49db501d61c2def7ed3722070193a5b683c5087ef274ce6a193dd4a303536c67934b4660a841ee1b446a6892b14d0b0aa3e98fdffd43c797add36583f74c94d0e2d68e2de818d9af200598f0b2beae169c8dfbc4d397e6d1ceb6daa6c9f6bbf4f8311ba26ffb194d44216c51305267074e856a1d6e922780f4798e2f220223fff1dc370c8e34514aba42df51:3eb5b339e191a3b6168545da5fb0ca9be209043919b9c70a07b4a7a3bf64b102f6ffd6d2b02559dc681ed3b9c82297b201dc25c4973880e155e13a29426eb40d898e4303ea5bebd200a5f7562be5f5032640a3f5ccfa764292045a1a368d02aa591077d8f304f74dbdfc280734454ed8c2727aff392c108c526e527e672c5397b2d77c01f7741ef8dcc2510ee841b59dd10f4e1d3ac501af7cbdb85ba31129c262fde1a0c8bc83d6ff944b6bae3fa7fb62587c681d8e342965c5705fd1a6ab39e5a0770ee7798d9fb6c0018a514d53af848db6047cd02db352d5563b53662373b971935a1ac2b7b6361dac6748771813f7749316694961b940ff3805811a49fa27a9ba457ad28848c697050e0188d0773e17fb52194e190a7872a398f31c0f0ae06537a273ffb50c2c816445ab882811922c0621556c46a3a0ec40bfedb411e90b6db1ddd4bbebb57d10df566a63d726a33308514ce3b499d5e526c22b956d8b99913dcb13e437e947b666c41c54d8b3ae2356647e8017ab678386c927219ae7bddc0d821265f9dc4ff3f8ce5be60f8e9defc5ca335068ee29fe8304917b788784a2388a320192f9325d0e6cfffea21e6eaa29e7707f63a9ea4fbb2558e3d0835bab1f52361037ae59e503ee96b9d708a47a3ae4bad113e2a460a269ccf25a0003cb3e68a551864e59840914791126f954788b25b5af5aaf586ebb87fa5f377b4d7d7f84c000dd2cb440e214d38d5ecf70f20e9881828edaa1dbec37093db960686ca123f1ecba6336b37f46cf765be2814b9e6705bc9d6a49318118c7529b37c84ec88d58a8453dcb692c9a36016b948ebe6fb2c1d0adf5f198ee3097a6ff0b8eebbad8b0769330b18689516bc0fe668b0d05e3a584fcf89c49db501d61c2def7ed3722070193a5b683c5087ef274ce6a193dd4a303536c67934b4660a841ee1b446a6892b14d0b0aa3e98fdffd43c797add36583f74c94d0e2d68e2de818d9af200598f0b2beae169c8dfbc4d397e6d1ceb6daa6c9f6bbf4f8311ba26ffb194d44216c51305267074e856a1d6e922780f4798e2f220223fff1dc370c8e34514aba42df51: +f5f7d5b73c5a65301b5b4c6710ed12c16e7903177db792ca715e23389d05d83e7c4762e979f0c7e207be1843e2666aca27ea89bff5b61d573c985fc7025e1e28:7c4762e979f0c7e207be1843e2666aca27ea89bff5b61d573c985fc7025e1e28:7c9318d56e63f16535436fa45afe278e74e61881bb468997d0418bc720b630dadb8128b4b65ca6e921e501813df9fe03b4ef0aae8035dd08c5f820ce5df12ee118d9c36d3b151a52c3f96ae1ca4c82fd19da669ddba94febf8eac8c42b447babc8a60b36e803624f7d2047bd8d8a153687f10dc1ca82100b7c87d32370ec8f2671ed7d067cc80587cab8db3a71ce5e406327f763ec1b3c166770a75536630c815fd8267582d1b5051f0f821c02150b2eef349b50590314aa2570793fa64a76ed2ed83d2ba1f9b9f1163154612b49a64ad8d5573c25b1cd37c41a44e3df78f1053d90b068f0d37ae00c4a32b1a3ff874c41da4a7043392f18efe5518d76e88b41ced69e6f4c014f06ebc5146e61e82fae1c49c37c394fea34199ab86c11a4467a374e40255a05d426971430d56cdba25a21ad779cc7f62d22cd87b60f0891bd856a517e14b72a9ac7672e4e8fb374a9758ab0c4e5964aae03228973f173a5d42aef9db33736c3e18d8eec204a1a17b9d04593dea4d804cbc81b9ac5458050495539999a9985487e7ca11c37582ef85c841e8f065ea98fdd6b1c60dea1ec2883521568856a6ebb2749f2072eb43448be0705ed477cf4b2004865217de5fadbe2a0f9d6b84b3fe7f7bf6c77537496246ec796b8ef2c04f68ab5b14fce0c6d287b836227d9f08fa0ee19722f6798a5d8280d107cfc1bd592d9ddc724ea86fc39dc94a394019e3a3de9e0d1c735e862de2bb9525b5fb4bd121212bfaff9ff586ac3c75c5ace746d9ca307f795ff2697f2b41a6346ed23397eb38898691e6f66841637d0ab0d968309e0194002309015416e74472fe32425d45f07c7711918b1e5790f572ce4441042d426033792297b5f81e0809bd9691f0a505e3259fc03c9ff107eb9b48795f49fb09c1bab5659d39ffecbdcc403e3803dc012438c2fb36f683015c5df0482cb7d7fc5757364a0a3c10d0e1259c01fcc4dd5494b5290a694aea3f6fae547ac576f:58fb392f82d5e52ff072cc77efe048f2235250c71125ee821c5f3b393bcf2fa46be4c5d8caf13cb519efe0c2fad9ee231ae9b6fd1fd509c98c69c2d36c753e0e7c9318d56e63f16535436fa45afe278e74e61881bb468997d0418bc720b630dadb8128b4b65ca6e921e501813df9fe03b4ef0aae8035dd08c5f820ce5df12ee118d9c36d3b151a52c3f96ae1ca4c82fd19da669ddba94febf8eac8c42b447babc8a60b36e803624f7d2047bd8d8a153687f10dc1ca82100b7c87d32370ec8f2671ed7d067cc80587cab8db3a71ce5e406327f763ec1b3c166770a75536630c815fd8267582d1b5051f0f821c02150b2eef349b50590314aa2570793fa64a76ed2ed83d2ba1f9b9f1163154612b49a64ad8d5573c25b1cd37c41a44e3df78f1053d90b068f0d37ae00c4a32b1a3ff874c41da4a7043392f18efe5518d76e88b41ced69e6f4c014f06ebc5146e61e82fae1c49c37c394fea34199ab86c11a4467a374e40255a05d426971430d56cdba25a21ad779cc7f62d22cd87b60f0891bd856a517e14b72a9ac7672e4e8fb374a9758ab0c4e5964aae03228973f173a5d42aef9db33736c3e18d8eec204a1a17b9d04593dea4d804cbc81b9ac5458050495539999a9985487e7ca11c37582ef85c841e8f065ea98fdd6b1c60dea1ec2883521568856a6ebb2749f2072eb43448be0705ed477cf4b2004865217de5fadbe2a0f9d6b84b3fe7f7bf6c77537496246ec796b8ef2c04f68ab5b14fce0c6d287b836227d9f08fa0ee19722f6798a5d8280d107cfc1bd592d9ddc724ea86fc39dc94a394019e3a3de9e0d1c735e862de2bb9525b5fb4bd121212bfaff9ff586ac3c75c5ace746d9ca307f795ff2697f2b41a6346ed23397eb38898691e6f66841637d0ab0d968309e0194002309015416e74472fe32425d45f07c7711918b1e5790f572ce4441042d426033792297b5f81e0809bd9691f0a505e3259fc03c9ff107eb9b48795f49fb09c1bab5659d39ffecbdcc403e3803dc012438c2fb36f683015c5df0482cb7d7fc5757364a0a3c10d0e1259c01fcc4dd5494b5290a694aea3f6fae547ac576f: +43d4be6de9cb00898e99ddcc2e1530110fa2cbc4376c485e9ca57fd65586d8a33632ad389be2fab3fba0d804bf6345cd322eddd6a75d8c37fd4b5ba1c9c25e8f:3632ad389be2fab3fba0d804bf6345cd322eddd6a75d8c37fd4b5ba1c9c25e8f:d9d55dab0fa6da76b68e841c24d971bac1f79af513d834e426a5d08114ce8b54ce8b7afe016b0fad03ee7450c6c3097173681a4b2eb9f9c179a88e7cc36813f2f5d15f7998afa9fd4e546c73bb42e7f9522be6afabca8c7b64fed0e292e4375f3e1e5fd9fcb539f4e5e543fb6a11a0df321e70084aaabb70a9950ceee3d879c386efca1e59c3cb7c45b560095e7af00ff52f8a1aaa9ccf092f0bb806d97610742ac582a3abbeddf39f49d229d32a1186d021518d74728d13d962635d63baa6743b126bf458fa2ac756fbf88096c8d3340c622390534a743f1864d54deab5e5536372ce5ac93762287414eae158a76bf81df5417cf4c047be3ac1475c517ebd3ac1d1d1bdda11b3f99c18173e030acd51d2b5cf79516509415405077511bdd9cbe17d04f47805e98d0d145e60a5d0e0f453cd9b5c1a24f12b75e8cc34d5e00691ffacbff788fea834d9d779c1e610294dce19170d28160cff909bea5a0aa749401740ea3af51e48b27c2b09f025444276c188c0671a6da94b43d1e525e6a4a8a1a73dfedf12401846ba43068a04092b12912270d2b60df6099779756b8bbb49ece82d55f0f8db1b80fb4b59bba860bd18c75d6c834d69442ae0314cf2399f5392a3c6728c63e5c516c4222aac60f916dd63d1d0517e8eb10bd0e15eb90614deb296403ad15b8c12b9e971ef2f01e59fc35d90c55a8e20e9437dd434b26d5c2c6ec2d53acec17e81e47831dc2de82183d713b59a4d1f46969ddcddaf27f44e5a311aaac39c3d5a97bc90cad712f46f85e6c8fbf5d58d8bc3ec27d310a9eaf2c369cb00649770390a3f988f362efc155f56a146a62650547e9153250701eead1bd01c89462272dfaf0a431af4bd7c3db451ada603233fdad3aa8999aa21e2d3a43b0b56fc6a9124d33598b3737f4e5cb258beda756ad2e17d0691d15d416bb7cb07ec8d8c7af5de80e5b9394e320c4c6e43efaae684ad00f6dd20a8750e959c2f04206fc023aa190c:86ae9325f80b9886c8381f96a18c2120e6db016a0d6ca282ed93ba9b61caec02de88efca8b8e916a4b16a58525a2f68d21e5fbe67db4c4d6209595c4abc32b09d9d55dab0fa6da76b68e841c24d971bac1f79af513d834e426a5d08114ce8b54ce8b7afe016b0fad03ee7450c6c3097173681a4b2eb9f9c179a88e7cc36813f2f5d15f7998afa9fd4e546c73bb42e7f9522be6afabca8c7b64fed0e292e4375f3e1e5fd9fcb539f4e5e543fb6a11a0df321e70084aaabb70a9950ceee3d879c386efca1e59c3cb7c45b560095e7af00ff52f8a1aaa9ccf092f0bb806d97610742ac582a3abbeddf39f49d229d32a1186d021518d74728d13d962635d63baa6743b126bf458fa2ac756fbf88096c8d3340c622390534a743f1864d54deab5e5536372ce5ac93762287414eae158a76bf81df5417cf4c047be3ac1475c517ebd3ac1d1d1bdda11b3f99c18173e030acd51d2b5cf79516509415405077511bdd9cbe17d04f47805e98d0d145e60a5d0e0f453cd9b5c1a24f12b75e8cc34d5e00691ffacbff788fea834d9d779c1e610294dce19170d28160cff909bea5a0aa749401740ea3af51e48b27c2b09f025444276c188c0671a6da94b43d1e525e6a4a8a1a73dfedf12401846ba43068a04092b12912270d2b60df6099779756b8bbb49ece82d55f0f8db1b80fb4b59bba860bd18c75d6c834d69442ae0314cf2399f5392a3c6728c63e5c516c4222aac60f916dd63d1d0517e8eb10bd0e15eb90614deb296403ad15b8c12b9e971ef2f01e59fc35d90c55a8e20e9437dd434b26d5c2c6ec2d53acec17e81e47831dc2de82183d713b59a4d1f46969ddcddaf27f44e5a311aaac39c3d5a97bc90cad712f46f85e6c8fbf5d58d8bc3ec27d310a9eaf2c369cb00649770390a3f988f362efc155f56a146a62650547e9153250701eead1bd01c89462272dfaf0a431af4bd7c3db451ada603233fdad3aa8999aa21e2d3a43b0b56fc6a9124d33598b3737f4e5cb258beda756ad2e17d0691d15d416bb7cb07ec8d8c7af5de80e5b9394e320c4c6e43efaae684ad00f6dd20a8750e959c2f04206fc023aa190c: +7d010d760f24e5a2de34089c9fdb19c33b155b0a37ca455a5e5b1dae7a0731764c877b3c4971fbb551166e214d1c7624c52277903c59a562a80b91a85483fb47:4c877b3c4971fbb551166e214d1c7624c52277903c59a562a80b91a85483fb47:86e2115572bf4c013e6b4b04d0b03e606ee70d929cb8ec36f4e2f355db3b5e1573d658d17bb1a310c16989a16b9558922ee493f359042103c4dc1b40dff7709901fd5830133f42c4651eca008b499ee4f84cd4ec1edaa78256edb62f24021a0076256919e4e2ce0a5a20f921c278cc299159644b5e3a3bbd089dcbbebad3766aea77e9f08ee5f7d4c19d8170bc3de1ba779a769914f965dbde2b61bad214c508186041f76c25be957656f5cfb7334eb838a3cfbc55cfbab67adf1552619941b835cd3e34103b18b49131e82096f05f570b899804bab8b6cbaddbbc02f9f3b559736d99ca7b02d3268fa273996fcf0571977d1cc3008c4ef848970ee350b158c47ec277add4742fa2bcbea9bd5549c7bca038020ece68f188c1ea3a62dd9a073d4c138ca8a9ac0408dcfd46e36bdff73988a58b9617caa08bd41bf3e812e7824f0f7e8146a444f36bf53a1cd892039ccd335f5a2e79745eac96148c2a299947f1b2e328a3789bf13c6d73506f3bdc68ea48abf002270fe4ee9ef9ed6b10c2fbb4ff1275b9d7dd35d8a52e371758574cb466c57b5abc242976befc8d98a0131b9bb846b219e4669186a83c056cd8080661de16b51ce5767b22e9a93242bf8d3205c66a673ce783d1c0d37b6300fbf0d6127940f88f1819c450dcc90543ed794f1fd44e6539febaf19a4cc98870014d7ccad74d1876a123ecd145516c743b4bba62d821ca9a7951e0dfb23f38d9e3a365fd8322f2ee4799e9ff11e1c5c30b55a355c8a5deea81a545e34705ab56d17b1fa06ed76415556702f364808246f863c319f75cdf6bd748438d1a2eaf4206c560bfafc235679ad6049c1a01526fcb9a3ce1b1d39be4df18b15fa0ea55272b17ebdedf6c30498a8a14f2042be1c2cdb09e9ef3846d6659a9f6d673df9afb7eded04b793d9731f0accc41468dc1f3236c99acadee6239c361b8bd7e2d0cfe8bb7c06687e08e76b71ad57a036179f291d096ae2fa0818ef4bf4866:5570613879ae22778bd54f14fb6e8c0256a71f3d79c3e5cd8e41aea8cf773e24d29f1f1b24f8c80d2949e8201465dbde8940b1fab6483b085d418e251014200c86e2115572bf4c013e6b4b04d0b03e606ee70d929cb8ec36f4e2f355db3b5e1573d658d17bb1a310c16989a16b9558922ee493f359042103c4dc1b40dff7709901fd5830133f42c4651eca008b499ee4f84cd4ec1edaa78256edb62f24021a0076256919e4e2ce0a5a20f921c278cc299159644b5e3a3bbd089dcbbebad3766aea77e9f08ee5f7d4c19d8170bc3de1ba779a769914f965dbde2b61bad214c508186041f76c25be957656f5cfb7334eb838a3cfbc55cfbab67adf1552619941b835cd3e34103b18b49131e82096f05f570b899804bab8b6cbaddbbc02f9f3b559736d99ca7b02d3268fa273996fcf0571977d1cc3008c4ef848970ee350b158c47ec277add4742fa2bcbea9bd5549c7bca038020ece68f188c1ea3a62dd9a073d4c138ca8a9ac0408dcfd46e36bdff73988a58b9617caa08bd41bf3e812e7824f0f7e8146a444f36bf53a1cd892039ccd335f5a2e79745eac96148c2a299947f1b2e328a3789bf13c6d73506f3bdc68ea48abf002270fe4ee9ef9ed6b10c2fbb4ff1275b9d7dd35d8a52e371758574cb466c57b5abc242976befc8d98a0131b9bb846b219e4669186a83c056cd8080661de16b51ce5767b22e9a93242bf8d3205c66a673ce783d1c0d37b6300fbf0d6127940f88f1819c450dcc90543ed794f1fd44e6539febaf19a4cc98870014d7ccad74d1876a123ecd145516c743b4bba62d821ca9a7951e0dfb23f38d9e3a365fd8322f2ee4799e9ff11e1c5c30b55a355c8a5deea81a545e34705ab56d17b1fa06ed76415556702f364808246f863c319f75cdf6bd748438d1a2eaf4206c560bfafc235679ad6049c1a01526fcb9a3ce1b1d39be4df18b15fa0ea55272b17ebdedf6c30498a8a14f2042be1c2cdb09e9ef3846d6659a9f6d673df9afb7eded04b793d9731f0accc41468dc1f3236c99acadee6239c361b8bd7e2d0cfe8bb7c06687e08e76b71ad57a036179f291d096ae2fa0818ef4bf4866: +aaaabb7ce4fffe4dc35747baea2bc5f050bef06ee0c1fd632a067fece1ef4fb5820a2442d5f45f3c791478e098fb3b068da52ec4e8dadec85065c35659f437e0:820a2442d5f45f3c791478e098fb3b068da52ec4e8dadec85065c35659f437e0:f9d28597a3e2b64ba327ac5cd29f081e74bf461b2eb2d3cfd9d5e92158d21d1d2a47ab50981cb19fe3f8c6fe488249b1c49fb897a0fe21ab5404414fd914875c220f1cbc12f5c38cfba79f7ac303a5231a372b02fad6c8462f8cc49f0f64965b651dccef0bb9608215090849177be47b2d3072944d36e856da185c7b3a689f7edef988338e0963ed31a6b0a80d5cb0b1cccf6f394837aa6f8b2f3da5efbdf4d360d4bf4dd708ce6445587d942b79761ce951b1bb4d9050703618a6d930a80c69576fc4af306a2a56dbd884a05a1e4e9f3136cd0b55ae474bb5d3d0fbc9b0339cec344fdd085c1928101481c68794f5c890137108cea791d21f81683d3e1a9eec66ace5c014d89e69808e5fa83d3812ee680f5a9971681b8adcd4a16e9a4c165b5ef9932c5ed825237fd5037bcbefe4cb11564fa707c8a93290751414891b1edd3313c65f8b91c2e925a3c12a9d3aa45fd5a667b78393c3e39df88a8f0d1148b5311e3d87c4a92e0a3fb915bc90d5558d05b475a8834778aa943ea39b8eaa95ad1832e5916ea3102d7de0b836cde8f3759dbb3b9d56ea817b3e49c983210277c2c7c5b0db187422532fca98a28b3b659c6b815ac126fadbe2f400c73e9d2dedcbbd2d3a365ffad7e666c896e31e61b384ed3a9fcf1290538df11b9474c6281cc592c71c8808868b4292c17ece6b3edf5e3542a70b911593e93f35ecd9729bd8880a24eaf41fbc6574dfe167ec2d0e7ab3df5ec34b8b55d548ab93738a2eeaf21c884c5c8551db2edf2b049f1a2a84fa72ac8978a4c27809f209c1b2195aff504f699856cc4f22d44ebdd0fe50374468d0b1792e574b5110a1f4cd0e221e824a78ddc4845feb46d66d633d23cd23f4b6fbe4c8ce16cd1af61536da5fa67b10ac7555a68c0e0bdbf2f8d72309d995516b8118bf43835d0a01c08ffeba3ea3ed05cd2d54f0eabcda05d0037d52caed3b19374faf73999094f79055924bea9aec4470135f5e8bf183c9d1c9:050ae8aeceec9627b80137357a22962ac8b45048661708d394d0a51aadc381fe8535023d6e1bda0e72b349b50b26da7c3a3085e81e9dd6cf127868fc5baeab01f9d28597a3e2b64ba327ac5cd29f081e74bf461b2eb2d3cfd9d5e92158d21d1d2a47ab50981cb19fe3f8c6fe488249b1c49fb897a0fe21ab5404414fd914875c220f1cbc12f5c38cfba79f7ac303a5231a372b02fad6c8462f8cc49f0f64965b651dccef0bb9608215090849177be47b2d3072944d36e856da185c7b3a689f7edef988338e0963ed31a6b0a80d5cb0b1cccf6f394837aa6f8b2f3da5efbdf4d360d4bf4dd708ce6445587d942b79761ce951b1bb4d9050703618a6d930a80c69576fc4af306a2a56dbd884a05a1e4e9f3136cd0b55ae474bb5d3d0fbc9b0339cec344fdd085c1928101481c68794f5c890137108cea791d21f81683d3e1a9eec66ace5c014d89e69808e5fa83d3812ee680f5a9971681b8adcd4a16e9a4c165b5ef9932c5ed825237fd5037bcbefe4cb11564fa707c8a93290751414891b1edd3313c65f8b91c2e925a3c12a9d3aa45fd5a667b78393c3e39df88a8f0d1148b5311e3d87c4a92e0a3fb915bc90d5558d05b475a8834778aa943ea39b8eaa95ad1832e5916ea3102d7de0b836cde8f3759dbb3b9d56ea817b3e49c983210277c2c7c5b0db187422532fca98a28b3b659c6b815ac126fadbe2f400c73e9d2dedcbbd2d3a365ffad7e666c896e31e61b384ed3a9fcf1290538df11b9474c6281cc592c71c8808868b4292c17ece6b3edf5e3542a70b911593e93f35ecd9729bd8880a24eaf41fbc6574dfe167ec2d0e7ab3df5ec34b8b55d548ab93738a2eeaf21c884c5c8551db2edf2b049f1a2a84fa72ac8978a4c27809f209c1b2195aff504f699856cc4f22d44ebdd0fe50374468d0b1792e574b5110a1f4cd0e221e824a78ddc4845feb46d66d633d23cd23f4b6fbe4c8ce16cd1af61536da5fa67b10ac7555a68c0e0bdbf2f8d72309d995516b8118bf43835d0a01c08ffeba3ea3ed05cd2d54f0eabcda05d0037d52caed3b19374faf73999094f79055924bea9aec4470135f5e8bf183c9d1c9: +e95cc2a4d1193b7539fcbbeaaeed985b6fb902dd0efbd6387457550d0d6a2fea72a1ff1e9bb11c8d88968a7b169637adee438e2263f006dca4fe02fe066cbad3:72a1ff1e9bb11c8d88968a7b169637adee438e2263f006dca4fe02fe066cbad3:84267439201b0591db60c0f17a9c15e45409295652d5f55b87fb351967c846a567f5cebaaed1762bff5485f04853ca9269f464094e512df1f02e13e517b1daa58d34caa2d5ff9f9e79bcafb4ce96e8a089258ad61343b446628ebc4f5b2a84d03b72ef3f738589fa13c42519a828299a3faec035037bc10b44e3bdfed9e0870717cbaf31bef8b22c4ea16e8157fcbc63eefa39ed822efd4215c247dda48786277ec030a86c0ef4851d673cfe752d0677883c2c452038970c09bd481714bc3fbecfa4ff2a3c245695d7ecc2f4dec7f5ede04ff6db43e2bb91c066b649ef73fd3be860cb83fa80b074149f431eebb917ec8478da870c11e317703859f9f2f4008a6c7c754b06e1f7d2479689da84e88922f38274985e11ce13cdbdb0f2ece68fb602ade03dd549a362491f4a203ff80744f663c523a026b431aad45c5829e029ad6256d1276fd7b7a12ddbf1727d9e233fb534457370a426e56fb39cf404a3ecbf0c4b50bb522dce981e0830fd8406e6d9725ceb1ddd3a1947937d90e04d768ae1d126e2aeac21b8c9efc54c40961b7f4e9e88025f7e0b9de901ebf0049e741b797997d8db78e9283bbb5f90f35a2c4dee273142ec258c02ad0ecc61cc5c9f12132db28af41c1fb78e524be5327b5ffc35962779fb11ff0c5d3ee0a31ff47e73b1729dfa46e8986b1b89abc88ad06abd5b6f766d23abf642257894ebdfa79e6309f1272374ee9433677ba13e451baa95330e660c8052ae872e0e32e2b2d1286d01a0ab5810424ed8b9405465bdeba03b698384676fe5ea464a03446c4f7cd7b43312ecf151360464571ad28610581fbadb945a1d68181deb403aa56eba0bb840328eee36103c7de073a6879c941c7554c6f6f2a080809eb0e5bd0e130f29a229e930db01fecac2e036bdf0e001e2a8ea3264f8649d5b60c29103f0b49c24c97facaf7e81069a2b26ab3f933f427d81272c6c8b7cd0dfb7c6bbe9c0eaab32bbda2218b9623a2119aab1f3eb:1b8d7cc2adf36cae1631250c82431bd88437163a6349ad96e7a864447e9fee753ac3655c9835b4d1ecbb306c638ba5402ad02ba6d225d96882889fe8d204a60484267439201b0591db60c0f17a9c15e45409295652d5f55b87fb351967c846a567f5cebaaed1762bff5485f04853ca9269f464094e512df1f02e13e517b1daa58d34caa2d5ff9f9e79bcafb4ce96e8a089258ad61343b446628ebc4f5b2a84d03b72ef3f738589fa13c42519a828299a3faec035037bc10b44e3bdfed9e0870717cbaf31bef8b22c4ea16e8157fcbc63eefa39ed822efd4215c247dda48786277ec030a86c0ef4851d673cfe752d0677883c2c452038970c09bd481714bc3fbecfa4ff2a3c245695d7ecc2f4dec7f5ede04ff6db43e2bb91c066b649ef73fd3be860cb83fa80b074149f431eebb917ec8478da870c11e317703859f9f2f4008a6c7c754b06e1f7d2479689da84e88922f38274985e11ce13cdbdb0f2ece68fb602ade03dd549a362491f4a203ff80744f663c523a026b431aad45c5829e029ad6256d1276fd7b7a12ddbf1727d9e233fb534457370a426e56fb39cf404a3ecbf0c4b50bb522dce981e0830fd8406e6d9725ceb1ddd3a1947937d90e04d768ae1d126e2aeac21b8c9efc54c40961b7f4e9e88025f7e0b9de901ebf0049e741b797997d8db78e9283bbb5f90f35a2c4dee273142ec258c02ad0ecc61cc5c9f12132db28af41c1fb78e524be5327b5ffc35962779fb11ff0c5d3ee0a31ff47e73b1729dfa46e8986b1b89abc88ad06abd5b6f766d23abf642257894ebdfa79e6309f1272374ee9433677ba13e451baa95330e660c8052ae872e0e32e2b2d1286d01a0ab5810424ed8b9405465bdeba03b698384676fe5ea464a03446c4f7cd7b43312ecf151360464571ad28610581fbadb945a1d68181deb403aa56eba0bb840328eee36103c7de073a6879c941c7554c6f6f2a080809eb0e5bd0e130f29a229e930db01fecac2e036bdf0e001e2a8ea3264f8649d5b60c29103f0b49c24c97facaf7e81069a2b26ab3f933f427d81272c6c8b7cd0dfb7c6bbe9c0eaab32bbda2218b9623a2119aab1f3eb: +77ad0f942c37f0313e6b0456dabaec81b2d61f6c118ddb29eaf3ac5bf19504d4692d2da5a95f48611a6da89cfb3b3540f6aa0c850d6d98deea870e397fede328:692d2da5a95f48611a6da89cfb3b3540f6aa0c850d6d98deea870e397fede328:87e6dead2c85549e3d8d2588a0a3360603a624fb65aebbc101bf7f1fec18d0b28fbd5dbaeed38752cdf6355ce8dc84e18ac1a4393d2ab888882c4ff1c9c8137f83bee36336bcbfbb72d5049e0a400874514fdc3633046e89383dded93ca31fde0d898e11e9268d3d5c240666ed5527613da79fb7e49625b44cde78b41c67902eb0216b3a7a3e560e261d71d764aacf15959c17fcd6176fb25e249ee6bb1b3bd7bd90f60b0b0ffa0315a065a24bbae8f255bf298d7e4d44f0b430c415b4fb36cfa6626a83f49a2567f6244f40e923add1d49a72f57b1530f5b379de3a91c2e9a1ac79ab37bc3b9ba73d8828136bcc87d2c01190de5457facd90f369553f7ac521c5672b0867dfa8da3b952ad95b67dab99b4820572f2d4a298e9518637779289c031b793dee859cde7b24add649fff871248a6602d2516279da6058cbb696fa8b1d89a20d2099e646443210483e5d4134e928faeb38a3b508199e0d69bb55ee34774205c0a61205b50b08febeaa401e6e3a51a2bf98efac78b7ae2b852c5395a12c40e2c7dd1b202504b5a7d2f7e4fd4f8610930d2868cba8864339e041da21c0715f41b2b23d14d0b545480bc3bd7d7215cf2f816a3332081ecaa08c0f8b99525251f57231b6750c2dbd1109ac4160486b768324b6bac87ef5a226448c431240328f42cca586be7aff3cbe7605fa341514fccfb966af3d4530e8cd9037a11ce593c2d383e1035a0c2eda098de90d50c5184a9c01b57f26b94dedd1454c340637ecccee70625754a328c65f42645b5e1a5655eef97dfb1c6308edf49fa368d17d17e06adc512b3973ea652ac40a9978e1bb1b2f86c5a9ffbf60dcc4f6bbc98a64f4de65e7ec61721edeb0e5238456f761d2d1293af0de9f793b11d8cadf01a94319a02a4273ffc4d3ffa7b34d74fd2e0b100fca58b5325f907a749193e751d6c116687aee3747b59460d4ef156e72476eae1b8455d76e71b306b98129b72fe1cb5eb405a7c2f4327f3862d4:696bd552dd01db80b3d67d61eeb7ecc56878404ab119442a1c7422992cfa35aea920825d2dafd892ad7eb6825ad999aee5c83b7b507906534f91ace759c5510c87e6dead2c85549e3d8d2588a0a3360603a624fb65aebbc101bf7f1fec18d0b28fbd5dbaeed38752cdf6355ce8dc84e18ac1a4393d2ab888882c4ff1c9c8137f83bee36336bcbfbb72d5049e0a400874514fdc3633046e89383dded93ca31fde0d898e11e9268d3d5c240666ed5527613da79fb7e49625b44cde78b41c67902eb0216b3a7a3e560e261d71d764aacf15959c17fcd6176fb25e249ee6bb1b3bd7bd90f60b0b0ffa0315a065a24bbae8f255bf298d7e4d44f0b430c415b4fb36cfa6626a83f49a2567f6244f40e923add1d49a72f57b1530f5b379de3a91c2e9a1ac79ab37bc3b9ba73d8828136bcc87d2c01190de5457facd90f369553f7ac521c5672b0867dfa8da3b952ad95b67dab99b4820572f2d4a298e9518637779289c031b793dee859cde7b24add649fff871248a6602d2516279da6058cbb696fa8b1d89a20d2099e646443210483e5d4134e928faeb38a3b508199e0d69bb55ee34774205c0a61205b50b08febeaa401e6e3a51a2bf98efac78b7ae2b852c5395a12c40e2c7dd1b202504b5a7d2f7e4fd4f8610930d2868cba8864339e041da21c0715f41b2b23d14d0b545480bc3bd7d7215cf2f816a3332081ecaa08c0f8b99525251f57231b6750c2dbd1109ac4160486b768324b6bac87ef5a226448c431240328f42cca586be7aff3cbe7605fa341514fccfb966af3d4530e8cd9037a11ce593c2d383e1035a0c2eda098de90d50c5184a9c01b57f26b94dedd1454c340637ecccee70625754a328c65f42645b5e1a5655eef97dfb1c6308edf49fa368d17d17e06adc512b3973ea652ac40a9978e1bb1b2f86c5a9ffbf60dcc4f6bbc98a64f4de65e7ec61721edeb0e5238456f761d2d1293af0de9f793b11d8cadf01a94319a02a4273ffc4d3ffa7b34d74fd2e0b100fca58b5325f907a749193e751d6c116687aee3747b59460d4ef156e72476eae1b8455d76e71b306b98129b72fe1cb5eb405a7c2f4327f3862d4: +29321469ee9f2bb165a069640332b489bf5c3fab682e93dae9d86317bf50c52c96f730f8ef8970268dba0f7570410b6188a1a3c86397740913d53ada262ab87e:96f730f8ef8970268dba0f7570410b6188a1a3c86397740913d53ada262ab87e:9c712c83d54f2e993ca68a9632846004499c5195448ddc491c3a0d2e3a666d6b33098e4864fdf86e619d50f10b7cc6c39b3ff2801a9491f6fa97c5f1c4afa7aeff31d738f9a768a79c73b25577310fb0ad4faf8543a098f859571b6148e8b52926445757d5549fd25a26518531566379d1c274e6c6a9d64132e4ac25ac9af9381bcb885332113f43014a139a81f8d43c8a6ab54c11a5c92e06191c1e51b757ac9f11e3dc15db4486d167ff9f2d65e23e6c96223d9aff8d10d1502cf3dbce5e357e6b12dbe9b7e997c3d0a507d3bae3cfef1ffc8d056ef7dc72ddc1c81e310ad205be16e77f2738354b10b484d3076c27e6b4f166388581f350befe22fbb082b54121ee59ecc7ae5dece89882acf26cb747ffaa3e2d05a696f60fd9e829c709d8f02daf537b2369b891fe6ccbf8dfcdd7f4a364b19985be7edec67ddc1db713c0a90fafa48837772562deacc2d2a0e789e18a8b5b3bd9e083ea92fffc3183d5d414153259b33a4329cfc80824ebcbe044a7e33ab8a24fde54bd9520aea284b0c4c4fa9427d251c0ddd013ecdd8290ef5565f608508e363589e529d84ff0f26f9ecb03052d5897fabc917e56e601b64abfe5a17c3950289d0cdcaf1f6005a9f8106f43e17adcaa2d1e269166762f8054de05135d5d1393d7000a15b87bd68846a89d5bc22863325151aac843f72278ae6f4af72a4e449adb7eae6d436a1ec7e58e59b7b8bb9ef0ddaaa001826f8dcb446479deafd8b8d542041c19a05b1e0ee47b4640910c31930ca4e20b105758ec75f1950356947f6261d0037fe30773a3ece6a96c8d5433333d822c2777ef7ff8be6033345b5055d58f5eb3729af5ae8824f331ee0731c89b20ac118f550427cd958a55f6b1a2888a087bb7db55bfc73b29429b4448dbe9119c45a87339b4497a69a4cf833e8f3770cce5e01faf5e73bbaf627683c0a28c73052fbece203043389dfbfd45495e51dab86a252e5bc1b4b7fe2807e3d0e2363beab51c67fb31:4e1aff8463bca1b7deb1d3773df2e7a06864111b6dc42a62ae98deb2313943b3153ee46696b15c24efc2a808aaba81c78e3dfa4dfb50ca9fe84445ea68bc8e0a9c712c83d54f2e993ca68a9632846004499c5195448ddc491c3a0d2e3a666d6b33098e4864fdf86e619d50f10b7cc6c39b3ff2801a9491f6fa97c5f1c4afa7aeff31d738f9a768a79c73b25577310fb0ad4faf8543a098f859571b6148e8b52926445757d5549fd25a26518531566379d1c274e6c6a9d64132e4ac25ac9af9381bcb885332113f43014a139a81f8d43c8a6ab54c11a5c92e06191c1e51b757ac9f11e3dc15db4486d167ff9f2d65e23e6c96223d9aff8d10d1502cf3dbce5e357e6b12dbe9b7e997c3d0a507d3bae3cfef1ffc8d056ef7dc72ddc1c81e310ad205be16e77f2738354b10b484d3076c27e6b4f166388581f350befe22fbb082b54121ee59ecc7ae5dece89882acf26cb747ffaa3e2d05a696f60fd9e829c709d8f02daf537b2369b891fe6ccbf8dfcdd7f4a364b19985be7edec67ddc1db713c0a90fafa48837772562deacc2d2a0e789e18a8b5b3bd9e083ea92fffc3183d5d414153259b33a4329cfc80824ebcbe044a7e33ab8a24fde54bd9520aea284b0c4c4fa9427d251c0ddd013ecdd8290ef5565f608508e363589e529d84ff0f26f9ecb03052d5897fabc917e56e601b64abfe5a17c3950289d0cdcaf1f6005a9f8106f43e17adcaa2d1e269166762f8054de05135d5d1393d7000a15b87bd68846a89d5bc22863325151aac843f72278ae6f4af72a4e449adb7eae6d436a1ec7e58e59b7b8bb9ef0ddaaa001826f8dcb446479deafd8b8d542041c19a05b1e0ee47b4640910c31930ca4e20b105758ec75f1950356947f6261d0037fe30773a3ece6a96c8d5433333d822c2777ef7ff8be6033345b5055d58f5eb3729af5ae8824f331ee0731c89b20ac118f550427cd958a55f6b1a2888a087bb7db55bfc73b29429b4448dbe9119c45a87339b4497a69a4cf833e8f3770cce5e01faf5e73bbaf627683c0a28c73052fbece203043389dfbfd45495e51dab86a252e5bc1b4b7fe2807e3d0e2363beab51c67fb31: +04657750497e68152c43ce34a58d2106e64c557cd7a84ef05d9eb82e6bcb05f53b3a1947b4cbf60b826d609f192dc230aa9b9baf4cd6a6092e495f1d2e47ad62:3b3a1947b4cbf60b826d609f192dc230aa9b9baf4cd6a6092e495f1d2e47ad62:2948227a890f6f845b775e62c53af3805064a1576446f085d90f8b9a5ed68df1ea393ce479c4414149a9ec5a171036424dff0344b4958f6132298d0e24c926d28ad9d79f98c6e6bcf1c5767606ecd291c6ad47b4f9fb2b0201155ada627b7a1fd5b07419874083059eb52b2f6ec22818b78246228f3fe6355dfda70ebb9bbe73229378736399557ce24b30bf645a14e2256f70019b3336b203fb77c6ec94a7a2634888feead4d72c2391e99e8c8d533fd8a42b08c11f887ab2deb6ebbfe3d251de63536c36cd53422398e544cff87b07a63349fc5085dde93a1bfd7171133a2043981f607522c8133c63428d1b92626c79b7358e7021cf1f412a78afa7cb3f59ffef9279885a5bdb2466acd34cd51580830b8351ebd440a96623907ad1f4b56203f5e159a429e3546ead0c011dbed09028717e3c3dfed39197764d4d245ef228b98044718ef4d8822f21b2c5685038473bf93dc0937451eb02d31a46c8dc7e94c3e8678c83b98a43818f125b528b476aad31d1584ffd48f149e5736e58f94205d3889e567e4dd1eac2fac1f8f4dc540e5322460fb940e12e93c4c98ded1941c1904f967fb4643684c19a4d5c441d60b0e9f40855e523fe7f99107657a68076275bf84b7c69a3f2b3855bc8026ba9b00bc6fe34b99da0631700a67f52b34e1796339887a48305121d53ab4440fc4b5c9bf72394d5ed372ff18ca3f007bd02df651dc3ac438275f1a3e52422b86c4586766a21cd89f805805dbb44fd89fe24fb2c0b40d1b754c335dbaffc3b3bb8bb46c74c36374504042d86789227599862312e99ca89eb504cc3d75d19495aa86b20b2736b121bb2075c88ed4a3fbdaa6b2c3f76d1ff5525d3a2863e4d83c72bfe01e10278809474e1822de2d96283489320029611aa9dffc4829d66869e63494f9aade70b77a7b80fbc93e3de4d935913752d045e13b312c5d082f6242d4985b053b3783eb02c6614963dc0d55d4cbe887bae29cc18979e5e2ea945bcd40d89:7e2eae5a293f418391f6d85a7994b07c452280017ee653bf617a8d5be24cbb5d0efdfb7f7f001312260f344e6fb915ad8d7de9c0519827c05726f9ce2545dd0b2948227a890f6f845b775e62c53af3805064a1576446f085d90f8b9a5ed68df1ea393ce479c4414149a9ec5a171036424dff0344b4958f6132298d0e24c926d28ad9d79f98c6e6bcf1c5767606ecd291c6ad47b4f9fb2b0201155ada627b7a1fd5b07419874083059eb52b2f6ec22818b78246228f3fe6355dfda70ebb9bbe73229378736399557ce24b30bf645a14e2256f70019b3336b203fb77c6ec94a7a2634888feead4d72c2391e99e8c8d533fd8a42b08c11f887ab2deb6ebbfe3d251de63536c36cd53422398e544cff87b07a63349fc5085dde93a1bfd7171133a2043981f607522c8133c63428d1b92626c79b7358e7021cf1f412a78afa7cb3f59ffef9279885a5bdb2466acd34cd51580830b8351ebd440a96623907ad1f4b56203f5e159a429e3546ead0c011dbed09028717e3c3dfed39197764d4d245ef228b98044718ef4d8822f21b2c5685038473bf93dc0937451eb02d31a46c8dc7e94c3e8678c83b98a43818f125b528b476aad31d1584ffd48f149e5736e58f94205d3889e567e4dd1eac2fac1f8f4dc540e5322460fb940e12e93c4c98ded1941c1904f967fb4643684c19a4d5c441d60b0e9f40855e523fe7f99107657a68076275bf84b7c69a3f2b3855bc8026ba9b00bc6fe34b99da0631700a67f52b34e1796339887a48305121d53ab4440fc4b5c9bf72394d5ed372ff18ca3f007bd02df651dc3ac438275f1a3e52422b86c4586766a21cd89f805805dbb44fd89fe24fb2c0b40d1b754c335dbaffc3b3bb8bb46c74c36374504042d86789227599862312e99ca89eb504cc3d75d19495aa86b20b2736b121bb2075c88ed4a3fbdaa6b2c3f76d1ff5525d3a2863e4d83c72bfe01e10278809474e1822de2d96283489320029611aa9dffc4829d66869e63494f9aade70b77a7b80fbc93e3de4d935913752d045e13b312c5d082f6242d4985b053b3783eb02c6614963dc0d55d4cbe887bae29cc18979e5e2ea945bcd40d89: +8bd99070c50a9fa418ef7f75c00129916a41c86070961ccb2b202be18c2d10d7ddd73308fce8ca6552d039428c7a1a94923320a31c0f580d3c235280f03c1830:ddd73308fce8ca6552d039428c7a1a94923320a31c0f580d3c235280f03c1830:485f8d680f79ee2d828be7d018a65e0b64b0f0184819863e7110eea8f299a72c4dc87f8ee8a8aeaa81af91dc71adea79fc9797421ccc646e6cd5dd48b4dec1de968693fbce0d0021a3d98d38a8bbc58195e6dfc3b5e1461b2a594103e80a29441d5aaaf889e31cc865141f0c6b2c8c81f721679ea2394ec6e4081ec203c2ea397d9484757a7a0ecd53e652db9df17bea0e32fe8b2cbce0d1d97b961ed74e8e622bcdd3558b7c48695adf18aae6110ea9a339b9da407a9edaf2ab081a681e1832cc215b1f08a67d559a4744af7cd50318c206ee91157582f82eb6c0fc29027b4461c30733b8169d1481322c4860509ba096bacb71a579246751d567540e41431e14f1b46ef16eba276104bc01650d5c4926e47c9c6040784b043cd0aa4854efe8797fd0462d4539f38035aef08b4577c1a9118d004b6d01862f5276776dfef1371864f155ac0f078389c205cf0538d85fa348244d7a422911310ff6c10132b1598bb445c7e2077b763c473d1e7a61a38b64929a648b60b2e543543739224b40fbf6d87f1079c30bc873ac38991d51b89e9d261c4bccb375355c072c1ea20e4ff91d55d9f7544e90d1c6646c59af72424d8aaa8e0aed07b3889d4e450c1209684ce138d0c9da079525f5aa02050af570e4315c2fa8b099b7765bfbb894fad359b8e24804ece052ac22a191705335e98840a624e4cbf3a1a1a327812785b2c0f5d6381457b72fdb633e81938bbb54b8c37cccb5d59c5827c7683a5247544977e984442178d0852906ca6f945c4229eb08ad27e6c275d7b4ec8dc25fb2819337e53ead6c7aa787f91a7dc6ddafd536eefcbdec2c50167be34306a82e16d5d52b3b1be008a7a611274ce2cf8d62e3b900c09943be70ccc77b070637c25061d61be910eef50df18744c33e76f6701e0a8ff6297fa67e4b4108c13756727a9d74bc9e17983eec08f866b7c7ffb37f3ccb0141a80feff6322b2ac62b84ce2797fd98d6ff269a41a0c38482db679862a38cd2:b14a7b262012c5909e21d587fb4f29a9093c8e1c2999816a82118fefbf10e68ea898bf0da18ebfd0341ea8f82a1844c8e0dd5306e509b9d0c35b473a7d209507485f8d680f79ee2d828be7d018a65e0b64b0f0184819863e7110eea8f299a72c4dc87f8ee8a8aeaa81af91dc71adea79fc9797421ccc646e6cd5dd48b4dec1de968693fbce0d0021a3d98d38a8bbc58195e6dfc3b5e1461b2a594103e80a29441d5aaaf889e31cc865141f0c6b2c8c81f721679ea2394ec6e4081ec203c2ea397d9484757a7a0ecd53e652db9df17bea0e32fe8b2cbce0d1d97b961ed74e8e622bcdd3558b7c48695adf18aae6110ea9a339b9da407a9edaf2ab081a681e1832cc215b1f08a67d559a4744af7cd50318c206ee91157582f82eb6c0fc29027b4461c30733b8169d1481322c4860509ba096bacb71a579246751d567540e41431e14f1b46ef16eba276104bc01650d5c4926e47c9c6040784b043cd0aa4854efe8797fd0462d4539f38035aef08b4577c1a9118d004b6d01862f5276776dfef1371864f155ac0f078389c205cf0538d85fa348244d7a422911310ff6c10132b1598bb445c7e2077b763c473d1e7a61a38b64929a648b60b2e543543739224b40fbf6d87f1079c30bc873ac38991d51b89e9d261c4bccb375355c072c1ea20e4ff91d55d9f7544e90d1c6646c59af72424d8aaa8e0aed07b3889d4e450c1209684ce138d0c9da079525f5aa02050af570e4315c2fa8b099b7765bfbb894fad359b8e24804ece052ac22a191705335e98840a624e4cbf3a1a1a327812785b2c0f5d6381457b72fdb633e81938bbb54b8c37cccb5d59c5827c7683a5247544977e984442178d0852906ca6f945c4229eb08ad27e6c275d7b4ec8dc25fb2819337e53ead6c7aa787f91a7dc6ddafd536eefcbdec2c50167be34306a82e16d5d52b3b1be008a7a611274ce2cf8d62e3b900c09943be70ccc77b070637c25061d61be910eef50df18744c33e76f6701e0a8ff6297fa67e4b4108c13756727a9d74bc9e17983eec08f866b7c7ffb37f3ccb0141a80feff6322b2ac62b84ce2797fd98d6ff269a41a0c38482db679862a38cd2: +1af4cf6d24ab3782867d96a1c275ceeb022c691a308e6245665d616bf67c2c3219d317ea98d35ba5fa67c12ecfb32750df275d7a45b8e211a7ac47ede7712d9f:19d317ea98d35ba5fa67c12ecfb32750df275d7a45b8e211a7ac47ede7712d9f:f445fdcfe28c17bd4427aea5676c0e1280841597e9d66de7d7a71723110939bed00f4ebaf9603d53c9cbf6271be547af29b2a045ec41288a7bb79d662dc210e215957fa84688c916543e5617f560e4d38f73baefc37e11914e47c515067851e8ed21393e13dd19ed9b73d98945fc826a258e957dc083dd8e535c30a54b4266dd71d113ce856b46282a18033627a98e6472ccb463ed3d96fa7b355d3b2c2a2b6010dd14f4ea3965dd87be1c429bdea8300b4b0b44458635b4979f5e3e8eb5c618d4e13e1d688bf88c7e4a3d938e84336d67be68df3435c5c99086321c02e13b4a12524b34e46a0b4d27f30d7ed4f5cecb36deadf09e7efcc755ca667568297914c6bc240627d9d09aacf85415412c0635623453278d9bf0e10eec65fc72affffa9392dc7881d1e5c760a40280f16b1475127b91b69ccb65dc4b35de10f94325c0cbe1c47019a2eaf2b4ba92d785229aacfad1826ebbdebefb7dad4b05f88243e15f279766e3321dd8dba650444d81fb0878767a9c63534bb4ba21285a2416cb8f856d11a96e0a8c8de1e1a75132f1564cd994995690bbed2ee154537fb6f279fb09c8dea6f6afabc62856e3d128fdfa79fc4976193bb9b336861e47b56dc2582393d2e544651ac85bc58e9e6a94dc4c39c4ef72538a14f856cd95c3e2790adee03ab2e52ca0ae471de502cb19e676af35f5f93d840fef9606cbe92d8bc25006105d92344588838842c3be505c7350e351b735e6cc6fb79275b27bd9ebd36ba4d060acee73b5a315ceffab86d06f2168a67065578196a0ed04a4dd71d6734837db083857ab1eb5e0eec4ffbac9544f4ec19bde194df84b1c848341574bf10daee85b8178196fb608123a808171d73ce4206ad65216ad1a5cbde40b19d6ae7f40df97ab8432e2c53a504ed122e25fb7a51c14354ab3928edeb39c29eb246b74a076f89d03504f401bd176b5cffee4b9db097c45764f51aa376704b5a7f210b3f1a905e25d67002f6557ebb749737cda31:7eb46cd0de3155b43747d732f1045d8ef74492ad827a2245bd17102828442e43a0ce7e8b268ed7fd8d3e7b28f072795da3e070f12bc4e23eaef57b853cee880af445fdcfe28c17bd4427aea5676c0e1280841597e9d66de7d7a71723110939bed00f4ebaf9603d53c9cbf6271be547af29b2a045ec41288a7bb79d662dc210e215957fa84688c916543e5617f560e4d38f73baefc37e11914e47c515067851e8ed21393e13dd19ed9b73d98945fc826a258e957dc083dd8e535c30a54b4266dd71d113ce856b46282a18033627a98e6472ccb463ed3d96fa7b355d3b2c2a2b6010dd14f4ea3965dd87be1c429bdea8300b4b0b44458635b4979f5e3e8eb5c618d4e13e1d688bf88c7e4a3d938e84336d67be68df3435c5c99086321c02e13b4a12524b34e46a0b4d27f30d7ed4f5cecb36deadf09e7efcc755ca667568297914c6bc240627d9d09aacf85415412c0635623453278d9bf0e10eec65fc72affffa9392dc7881d1e5c760a40280f16b1475127b91b69ccb65dc4b35de10f94325c0cbe1c47019a2eaf2b4ba92d785229aacfad1826ebbdebefb7dad4b05f88243e15f279766e3321dd8dba650444d81fb0878767a9c63534bb4ba21285a2416cb8f856d11a96e0a8c8de1e1a75132f1564cd994995690bbed2ee154537fb6f279fb09c8dea6f6afabc62856e3d128fdfa79fc4976193bb9b336861e47b56dc2582393d2e544651ac85bc58e9e6a94dc4c39c4ef72538a14f856cd95c3e2790adee03ab2e52ca0ae471de502cb19e676af35f5f93d840fef9606cbe92d8bc25006105d92344588838842c3be505c7350e351b735e6cc6fb79275b27bd9ebd36ba4d060acee73b5a315ceffab86d06f2168a67065578196a0ed04a4dd71d6734837db083857ab1eb5e0eec4ffbac9544f4ec19bde194df84b1c848341574bf10daee85b8178196fb608123a808171d73ce4206ad65216ad1a5cbde40b19d6ae7f40df97ab8432e2c53a504ed122e25fb7a51c14354ab3928edeb39c29eb246b74a076f89d03504f401bd176b5cffee4b9db097c45764f51aa376704b5a7f210b3f1a905e25d67002f6557ebb749737cda31: +2aacc8197ff8fae1c1cf3862e3c04a21782951f8e48e40b588f8bc7460c30a039a1b01e2154f1c36a8e16b79ee7d2d05b8712e0d27a061a6d41d475778b0df8c:9a1b01e2154f1c36a8e16b79ee7d2d05b8712e0d27a061a6d41d475778b0df8c:5d82752ce5da3180faf4787aedfb19294b4348a1d9202c85398331323e0f42b0835227e68e1156f2d4ba2fe450e6d6ef2b92d89bbbe4096e12ca8397eb2f45e676f1673aa41c959fcd30d5578853b5dbd1c0d5b3a0f0d870eca71ea13390111b258f6548b32f37a05e9744a656fd778d65721965c6d9b328600b45704770e04b099790aa7884f00d7bb7659e337210bdc23eaa71d7b016030aca6223b5569bdfc290811aac409524dccbf9babcbe4bf20946b544317ca6f2f91831c79fb273b6404eb4e61e1f7b106ebd0db9f2b1974d2f031bce25803606552c3441655efcf2c7ea52adcb30993d85f2dda79603e9415a023245a66c07a956933146f53c993c08891808b8166b30721fbd1f8a1b937d14070d786e9eb451f2ab5142f83a60f35d76ad8b81d6a57cf368fc6fcacc0c4758440d9cd595b1b0942a3655e250da983b7241546dcfbe0ae81077650295409ff9e90977fb9960cbf40a2af5177402ba2faf50db6f1a7365cf99e992429e38db43ea83fddc95a648676c0b16bc952b15de99d52f6b5233da4eae1978e8ba25e6235afbc511c76c4c874c9237922b1cef0847d07a80200cbae3c7c81fcbd0d17252ed8c61ad1954fc862e1e04444c32086fee380d1c17541322b9a60da662352e210e9ae215e353296db922339aa17d2173ec31f1c530a24b1f348a31572e1469caac808f9c76ec2731873b803ead3e54ea24bc24499b9704b3bdce81389b9d14d49527c04b3bb9e3ba6d946cea58cf786d4d28b89b41c58274035a86905ad95758c3161366ab93da81e6b4c808364e087daeea4c4c5c2aa6871937c5feaba2149f01f738f45396e66ea8063221e1c81c05255ba564ad440cb5d07cbd4bab941ea593244930bc5c289b3165d3ec8847ebc4b674c0a49f9169adef786d7767bc8f213db7d95c06e99bc11e200055b65eb79adaa01bcd2c85da43ce6370e12e349bf6d475487affdf92e20a3acded1d76f9e83e919e98def195072a50d0c571dd25:647cdd6c1a67290e57676a78113aaadca69ac57b997715c509895b8c5c94e82c0b6aceccf3ba8bd7cf61752b1b19d13b49f15f8bfa046eb442a55cd5bab142025d82752ce5da3180faf4787aedfb19294b4348a1d9202c85398331323e0f42b0835227e68e1156f2d4ba2fe450e6d6ef2b92d89bbbe4096e12ca8397eb2f45e676f1673aa41c959fcd30d5578853b5dbd1c0d5b3a0f0d870eca71ea13390111b258f6548b32f37a05e9744a656fd778d65721965c6d9b328600b45704770e04b099790aa7884f00d7bb7659e337210bdc23eaa71d7b016030aca6223b5569bdfc290811aac409524dccbf9babcbe4bf20946b544317ca6f2f91831c79fb273b6404eb4e61e1f7b106ebd0db9f2b1974d2f031bce25803606552c3441655efcf2c7ea52adcb30993d85f2dda79603e9415a023245a66c07a956933146f53c993c08891808b8166b30721fbd1f8a1b937d14070d786e9eb451f2ab5142f83a60f35d76ad8b81d6a57cf368fc6fcacc0c4758440d9cd595b1b0942a3655e250da983b7241546dcfbe0ae81077650295409ff9e90977fb9960cbf40a2af5177402ba2faf50db6f1a7365cf99e992429e38db43ea83fddc95a648676c0b16bc952b15de99d52f6b5233da4eae1978e8ba25e6235afbc511c76c4c874c9237922b1cef0847d07a80200cbae3c7c81fcbd0d17252ed8c61ad1954fc862e1e04444c32086fee380d1c17541322b9a60da662352e210e9ae215e353296db922339aa17d2173ec31f1c530a24b1f348a31572e1469caac808f9c76ec2731873b803ead3e54ea24bc24499b9704b3bdce81389b9d14d49527c04b3bb9e3ba6d946cea58cf786d4d28b89b41c58274035a86905ad95758c3161366ab93da81e6b4c808364e087daeea4c4c5c2aa6871937c5feaba2149f01f738f45396e66ea8063221e1c81c05255ba564ad440cb5d07cbd4bab941ea593244930bc5c289b3165d3ec8847ebc4b674c0a49f9169adef786d7767bc8f213db7d95c06e99bc11e200055b65eb79adaa01bcd2c85da43ce6370e12e349bf6d475487affdf92e20a3acded1d76f9e83e919e98def195072a50d0c571dd25: +ff862156c7eab681c95efff8003e00a14f1f0d505d5507e6e5b39179df9b1cdae1b89fb31114ea46107ffd0329f1066428de54708edbecf3ed9d4708cd143fe2:e1b89fb31114ea46107ffd0329f1066428de54708edbecf3ed9d4708cd143fe2:b3d1db72a6a985ecd70a2cff6c18c179e217d4f410fd3934969685901bd071bce6c2fb6763e10c6fa16e75a1176066b8ec81ae3a8039e71dc2cdc64a40fd62b7cee7be4ba0332fe45d0b60158652e33f8d3aff3cb4d6b021744d0dd178b1bf0a1cc1d3fe9321be28421eb88263a124f49792d079475a8c555ff5690873514b5d483e53217e0cbb12862b850fe390c8f83008086e649ac904b018350ab49157ee9bcae6c07a4b878b48e25e984fbb4d36b61d689b13468a28d1e387e0e88657f8c8ac9586a6e26cf94dff6f8264e3ff6258865c6dcf857b00147886e175df0432e32f04400e299f21188312b32dfc050e7b7e87eeaa0cbaac6be9937a5e0cc31113de7c8b233e1ce8e5d9c564fbe9f37bbd411df7a5e44e6c7ebb676d85894dccf4865e4dda0cadef2bbc55000b3a29f1f71ef4461ddc3b331d91566534c5d6d84c731376295320f80adc90288f9953554fcdf9213de6a905210d4c8064af91cd98325ef91898d33d70038202e32fb6709ca3d788fecbd1b841fa4e5e9062d64267c35cfd444fb69e2f6047f58b1c2af4cc7e4cac2f890888360592113e96ad3a857ed05eaaba6f9153ef89b93e00e8743733ec472d9b0eec1cd8fa52425c4a26bd7df73a2712bebe51ae3b25eb78db82149031fe7b281af6cb7714edf89de915f3470f153eed7f456243bb90342e190e647f39e046883ce28a892003315ea379429e9582a935eb78963396d136845f86c466e8faf2272f43ffefc2ada5601f8a6b2ac4cc6b92820917f2e0393c8faf982d6c5f4f230e27ce2278a7237747fa85a9c857bf1802c3eae0d235b5ad58497d66a0d3a9baebcc417f1833e9cc4460f975d72858cd118d7aafaf1c878297cacf71ac75676dc1b4fb51c1775810d03537f2d766278b9971bb97d3c49b51feb26d375e0cb9109574a816f84e76fc7ef072d5793c2f65ab2efd9052e6b8569f2805861c31a7344a3c44069a94320d274e271271eafa3bfe64de7537846a01e51fdae0:4b8137042d6784757d4a9c06bc7432f4809b1c6a903542736d9a57668c20845c17d468557085c57fb63213dad3be0fa36a118f7c1aeff2562ff4b8888c26900eb3d1db72a6a985ecd70a2cff6c18c179e217d4f410fd3934969685901bd071bce6c2fb6763e10c6fa16e75a1176066b8ec81ae3a8039e71dc2cdc64a40fd62b7cee7be4ba0332fe45d0b60158652e33f8d3aff3cb4d6b021744d0dd178b1bf0a1cc1d3fe9321be28421eb88263a124f49792d079475a8c555ff5690873514b5d483e53217e0cbb12862b850fe390c8f83008086e649ac904b018350ab49157ee9bcae6c07a4b878b48e25e984fbb4d36b61d689b13468a28d1e387e0e88657f8c8ac9586a6e26cf94dff6f8264e3ff6258865c6dcf857b00147886e175df0432e32f04400e299f21188312b32dfc050e7b7e87eeaa0cbaac6be9937a5e0cc31113de7c8b233e1ce8e5d9c564fbe9f37bbd411df7a5e44e6c7ebb676d85894dccf4865e4dda0cadef2bbc55000b3a29f1f71ef4461ddc3b331d91566534c5d6d84c731376295320f80adc90288f9953554fcdf9213de6a905210d4c8064af91cd98325ef91898d33d70038202e32fb6709ca3d788fecbd1b841fa4e5e9062d64267c35cfd444fb69e2f6047f58b1c2af4cc7e4cac2f890888360592113e96ad3a857ed05eaaba6f9153ef89b93e00e8743733ec472d9b0eec1cd8fa52425c4a26bd7df73a2712bebe51ae3b25eb78db82149031fe7b281af6cb7714edf89de915f3470f153eed7f456243bb90342e190e647f39e046883ce28a892003315ea379429e9582a935eb78963396d136845f86c466e8faf2272f43ffefc2ada5601f8a6b2ac4cc6b92820917f2e0393c8faf982d6c5f4f230e27ce2278a7237747fa85a9c857bf1802c3eae0d235b5ad58497d66a0d3a9baebcc417f1833e9cc4460f975d72858cd118d7aafaf1c878297cacf71ac75676dc1b4fb51c1775810d03537f2d766278b9971bb97d3c49b51feb26d375e0cb9109574a816f84e76fc7ef072d5793c2f65ab2efd9052e6b8569f2805861c31a7344a3c44069a94320d274e271271eafa3bfe64de7537846a01e51fdae0: +582619ab3cf5a3ae776688bf6dbacb36330a35ad7524e49ef663687764cf6ec72002ea0a38a327e0384aeae468db0f6c8516a69609af9eee93e9ecb94b449c66:2002ea0a38a327e0384aeae468db0f6c8516a69609af9eee93e9ecb94b449c66:ca74284f11c56e2598d78a4ecd03b40e017a558176012b26fdf695c3de98a74f8f40a47d7978edc24ee8092bfe5e61596834deed1d9d34a0f5cdaebe3421aa19e012de865b9ee1b73479b2bd1ac982f97ed9c7cd20459c60fbb11e1e2b4eac5db6844c71d72949502bba503acec905adba25f6b119eaf9639fa8abb302dff9932d850cc44c57cf90b2e58a8b5251c126a9e28f5c761b6280e2cddd79cbd68e53ff4a6226d3bd4c961b9b9e4345a2545862c7973866f0420b898e7baea90ea4ee004042ef38a1fd956a72fdf6fd43257da9fdb96680ef4fdf9e943d265cdcf2e52e3201d5408bc6ce10e5700adf12b55ba14aa829d8691c31f24fc4a51ce6faa1f3ef2ead78e5e753446ad3fa4a84c193979aebc8309bad60814f4859b931d70414764491c6c9ed8db673c543d35185cd2888aa21c1a9203427e0ac0b1fe34c0e4a4001e0956c13cb59a3baf87c2109a888a4c9e7aa481767d8020ff35dd7c5ccec7c08e971a7e218138c90546a7ddf36ad114be58557432c2ddf34ced3379f70d4407e5879f9842f381717051b1685aa7ab0ad38541ec168f51cb688f3cd1a019a336c9f4f3f82de785c074867fdc8800fc76fba04c8ad8de10d2e9b430581be44c41ecc8fc8a616314399d18c6479f57e573b22a6ee5ce2dcc08948a0de1f0dd25b65715ab18c70c762fc3d7d600cad63226038509c19ab35b5493eee73a703731ec535c90c6f06d94d3e5f7e51a09f9f8f42c501b8504686365ceee9e0fe001329f303522146717c6a1258d0f157cbea4b5a5e3d13bc907e95fd6e8a71896a02c3106bd26a510051f1b30258ab27f875673b1337ee36b71a376e0f9e7809a67c67d9acc16c251dcb8c926c8e932516d38b7233eac6159c59cad0307c590e7131b62219145aaa355bfb4acb6af0a5500006cdd8b813fe1908602e0874c9622bb37673ba1acba414231667bcc4907ac871f87e6ce3f591c19171057a9f457f5362aeda105d18fb84f7d0f0a7da7ef8da9114:fe9701da1aa81c55bac33638f775542b804480f34b7bfc78da9916e5246a604d390bf920c872a77924246ee8d0393b202e7b25b2484f654ac367cb0925ece305ca74284f11c56e2598d78a4ecd03b40e017a558176012b26fdf695c3de98a74f8f40a47d7978edc24ee8092bfe5e61596834deed1d9d34a0f5cdaebe3421aa19e012de865b9ee1b73479b2bd1ac982f97ed9c7cd20459c60fbb11e1e2b4eac5db6844c71d72949502bba503acec905adba25f6b119eaf9639fa8abb302dff9932d850cc44c57cf90b2e58a8b5251c126a9e28f5c761b6280e2cddd79cbd68e53ff4a6226d3bd4c961b9b9e4345a2545862c7973866f0420b898e7baea90ea4ee004042ef38a1fd956a72fdf6fd43257da9fdb96680ef4fdf9e943d265cdcf2e52e3201d5408bc6ce10e5700adf12b55ba14aa829d8691c31f24fc4a51ce6faa1f3ef2ead78e5e753446ad3fa4a84c193979aebc8309bad60814f4859b931d70414764491c6c9ed8db673c543d35185cd2888aa21c1a9203427e0ac0b1fe34c0e4a4001e0956c13cb59a3baf87c2109a888a4c9e7aa481767d8020ff35dd7c5ccec7c08e971a7e218138c90546a7ddf36ad114be58557432c2ddf34ced3379f70d4407e5879f9842f381717051b1685aa7ab0ad38541ec168f51cb688f3cd1a019a336c9f4f3f82de785c074867fdc8800fc76fba04c8ad8de10d2e9b430581be44c41ecc8fc8a616314399d18c6479f57e573b22a6ee5ce2dcc08948a0de1f0dd25b65715ab18c70c762fc3d7d600cad63226038509c19ab35b5493eee73a703731ec535c90c6f06d94d3e5f7e51a09f9f8f42c501b8504686365ceee9e0fe001329f303522146717c6a1258d0f157cbea4b5a5e3d13bc907e95fd6e8a71896a02c3106bd26a510051f1b30258ab27f875673b1337ee36b71a376e0f9e7809a67c67d9acc16c251dcb8c926c8e932516d38b7233eac6159c59cad0307c590e7131b62219145aaa355bfb4acb6af0a5500006cdd8b813fe1908602e0874c9622bb37673ba1acba414231667bcc4907ac871f87e6ce3f591c19171057a9f457f5362aeda105d18fb84f7d0f0a7da7ef8da9114: +2bbd830ce7def3fecea1ecd6ea0ae9c9f4fa8ffc3b1f1938c505051bab40cf7a0fdfed8de3c1eaf891ce37e34cb4a2441cbbae0883383d70de2464850b4a642a:0fdfed8de3c1eaf891ce37e34cb4a2441cbbae0883383d70de2464850b4a642a:5f1edeaa3c0b2a63311d97f1c54e7e2f687170e6b46e2169cbf56c66f231bfc4a576bd2b8420bf357d3a90f8f32ea1ad9939b467254b66a1df1f5b4cbac63a5c2724260d24d8df8edb58ae247a2591e920b1a420cf8d8539ea57db0dadff1ad3e98c3172d033163cb434a766b0c118a56abdcce79c82af7bac74ed0ea024ac4ce0222d0aa914f432092b1b517804db5918a845e9cca55a87db7c2852f7dd2e48360185cc442c7930afe15dd622cc02bcd1ee778b59705f14333241588a522de24407e8e6e10d5ef3a88e3a3c4438c17f7504674fd7e418cb2f77ad0a56d2386703155e9a401c43ddb51ead5520aa7ba038e7de5331418ad552bdcd185f503a8548f55b6386e4687ca515f7c0eea570983bfb24be16f7b3003fb756e326562f2a32fe65ff844c3984c72e40dd49e4f3ae8c0f819a7939b2e736e381f5823cbc61b2ed01d9b05cf8b14648a48b0d7cbe882ac16cadd8c42aa2c70246347b4d849536a7ac22c720da3cf178725ee557a92c25b12b8b956d3bf4802e9e8a15b5ab754235cca0e5b7e55e4aece45a47e084ce1447440598ef5d4f5fdc2c98a5ad136cffbf87d3cf52f6738cca7948356092078fdf254577f55969a0c65246dac809a2fca1f60a1d929877b9a6540e88a9e6e9155938d22c687e63b387534d385e8961e5886743f95f4a7080d916624517b15336030a46714b168b83d6f9cce0606649c01f0a1d0a2a53f5e378f6aa98c384aafb3eefdb3421fa3ac98a0d3a9c029c2300ae0241067d1a4fc92e438688ea889fcb1a1a9e8634b916c60baa0c18bfcd139bfe3017bfbe16291343ce8605bb7872558c6b5fd56dfd221577edcffaa8bda34d7a11ab8cb278288e5834842676fccffaa9111bced2b3575fdd49621b76e8d129b61700eeab0314ef94d550506a4b8d1ee65508d89d0e99e9336b41d9f74aa4d722114de0f31ecf00b097f53c9aca9c7a285b58a35d70298c5c34f74b4a705308033100349f0c62f9c2ebf7dead0a77b298eb:13ebc979a88710e3c5f345cfbb824813b308a9d5c6dee328bfd235a97de7b326de6c738f96f69831949209996852dd9c098d5808418709f2bf510d46b7f036065f1edeaa3c0b2a63311d97f1c54e7e2f687170e6b46e2169cbf56c66f231bfc4a576bd2b8420bf357d3a90f8f32ea1ad9939b467254b66a1df1f5b4cbac63a5c2724260d24d8df8edb58ae247a2591e920b1a420cf8d8539ea57db0dadff1ad3e98c3172d033163cb434a766b0c118a56abdcce79c82af7bac74ed0ea024ac4ce0222d0aa914f432092b1b517804db5918a845e9cca55a87db7c2852f7dd2e48360185cc442c7930afe15dd622cc02bcd1ee778b59705f14333241588a522de24407e8e6e10d5ef3a88e3a3c4438c17f7504674fd7e418cb2f77ad0a56d2386703155e9a401c43ddb51ead5520aa7ba038e7de5331418ad552bdcd185f503a8548f55b6386e4687ca515f7c0eea570983bfb24be16f7b3003fb756e326562f2a32fe65ff844c3984c72e40dd49e4f3ae8c0f819a7939b2e736e381f5823cbc61b2ed01d9b05cf8b14648a48b0d7cbe882ac16cadd8c42aa2c70246347b4d849536a7ac22c720da3cf178725ee557a92c25b12b8b956d3bf4802e9e8a15b5ab754235cca0e5b7e55e4aece45a47e084ce1447440598ef5d4f5fdc2c98a5ad136cffbf87d3cf52f6738cca7948356092078fdf254577f55969a0c65246dac809a2fca1f60a1d929877b9a6540e88a9e6e9155938d22c687e63b387534d385e8961e5886743f95f4a7080d916624517b15336030a46714b168b83d6f9cce0606649c01f0a1d0a2a53f5e378f6aa98c384aafb3eefdb3421fa3ac98a0d3a9c029c2300ae0241067d1a4fc92e438688ea889fcb1a1a9e8634b916c60baa0c18bfcd139bfe3017bfbe16291343ce8605bb7872558c6b5fd56dfd221577edcffaa8bda34d7a11ab8cb278288e5834842676fccffaa9111bced2b3575fdd49621b76e8d129b61700eeab0314ef94d550506a4b8d1ee65508d89d0e99e9336b41d9f74aa4d722114de0f31ecf00b097f53c9aca9c7a285b58a35d70298c5c34f74b4a705308033100349f0c62f9c2ebf7dead0a77b298eb: +1a7a3c2f5481131be5f868456aa2fa90e56d52cb721c7184ebff06fed2fe685d7c2ad0f2a570550326fb50a850835821676de1de127f6de1670299d814f6e3ce:7c2ad0f2a570550326fb50a850835821676de1de127f6de1670299d814f6e3ce:c62834d9d55d1a4403e925d0a5b552da174c02f4e945dec338c1bbb2aeb4ff40020ef70ff505205cf881b629960abd62764e5a54f2b5105667b11c7d5b7a4ccc3f488bdddb958a7be9546207e6c4671897c053508e1fd83222130a7933976d2bec614ed8f9b6a6b9f4efb2a58b9d005b943e42f171b709a7313070cb2e068da39cf99922b69e285c82ad97f2d6c77922cae2b5e320e83577c0d088761ec88152c297492978a9d7a3ff67ede44c2a707cf3e2352e232f53c8782ba48928a97f8a36b20a416816e94579b9d7250a29dc8470f63a7058e2d2a99d6f0ccb530df5969505ef5c7844eb167d20f412a508fab1f8cd9c20c5eb9a417a5412b5da6a57135759fab17f6314f68df35b1772421443676f312579af6b1411535ada8f76012b69bbeb60b2897ee6607cb369cdf52f4f6ddf88cdb2630d78896f1361fea22ae634217696ff114fb42dbe4f4346f1be5b57adb384ae7e49b41f74b31b9a62bc69dca16589c634eb9d7c6c94f8ece44b60628f98e1024cf32e3e3dd6dce55a1222532f490d63e6a275281c0f3a6c101891b8d57a45de11de35ebb151c0dcd75e6c050b3cd8babae845c39f66c36c77cde05b683e4fb0103d93e7659335c87fc0e3235b2e82488cdabeb5c5c875808745eea92de86b8efcb63e16d082919aee2e92899cb0bcf1c1421577a4a0d9db09ee1f9feb92a5382103cf7c32cfe463725ae4866daafeda0534c169f8f9be404f3baae123fa768ace46178d4b9bbc5bd7aeec7903b0a5bc57538986ee09e07e32077b3b9de50dd1967a372c385ac886287c18451a64efb37d056f9f4194c08b1e3ec97022267bf0043c13d26b9ce1f53905f6e41b3d99dc81b331909b722666ef2432e6af8a453107531230ce4a1af8eed626da223da76b46507e33d7cdbde02d411040c89a11d95156ed4ac2605b826939c6cf877b4ee736c5da77cf4650a9997a3b9cf46a82ba2bc01333c04478b5c92e2498bd002f013140aedb301b95993d1d750870d988:976160fb5bbdabe5c8962f23babacf0b0ab41c2bb13e9c0d449067b7decc7db4e94e76a71b9c0ac4d6af387a72a8cd73e3bc63b7ed650beebf17424c490bd60dc62834d9d55d1a4403e925d0a5b552da174c02f4e945dec338c1bbb2aeb4ff40020ef70ff505205cf881b629960abd62764e5a54f2b5105667b11c7d5b7a4ccc3f488bdddb958a7be9546207e6c4671897c053508e1fd83222130a7933976d2bec614ed8f9b6a6b9f4efb2a58b9d005b943e42f171b709a7313070cb2e068da39cf99922b69e285c82ad97f2d6c77922cae2b5e320e83577c0d088761ec88152c297492978a9d7a3ff67ede44c2a707cf3e2352e232f53c8782ba48928a97f8a36b20a416816e94579b9d7250a29dc8470f63a7058e2d2a99d6f0ccb530df5969505ef5c7844eb167d20f412a508fab1f8cd9c20c5eb9a417a5412b5da6a57135759fab17f6314f68df35b1772421443676f312579af6b1411535ada8f76012b69bbeb60b2897ee6607cb369cdf52f4f6ddf88cdb2630d78896f1361fea22ae634217696ff114fb42dbe4f4346f1be5b57adb384ae7e49b41f74b31b9a62bc69dca16589c634eb9d7c6c94f8ece44b60628f98e1024cf32e3e3dd6dce55a1222532f490d63e6a275281c0f3a6c101891b8d57a45de11de35ebb151c0dcd75e6c050b3cd8babae845c39f66c36c77cde05b683e4fb0103d93e7659335c87fc0e3235b2e82488cdabeb5c5c875808745eea92de86b8efcb63e16d082919aee2e92899cb0bcf1c1421577a4a0d9db09ee1f9feb92a5382103cf7c32cfe463725ae4866daafeda0534c169f8f9be404f3baae123fa768ace46178d4b9bbc5bd7aeec7903b0a5bc57538986ee09e07e32077b3b9de50dd1967a372c385ac886287c18451a64efb37d056f9f4194c08b1e3ec97022267bf0043c13d26b9ce1f53905f6e41b3d99dc81b331909b722666ef2432e6af8a453107531230ce4a1af8eed626da223da76b46507e33d7cdbde02d411040c89a11d95156ed4ac2605b826939c6cf877b4ee736c5da77cf4650a9997a3b9cf46a82ba2bc01333c04478b5c92e2498bd002f013140aedb301b95993d1d750870d988: +191a1d90321c7f4e7494bb982909a9eb40c3341dd32ae4d96750b7d02966b40f9562d9e213f145c456935b7031c680669f8bbd31a4c2ed3c91c4002a5629e97b:9562d9e213f145c456935b7031c680669f8bbd31a4c2ed3c91c4002a5629e97b:85890db4e2fbce093dde5a80bf8fe09a984b83a49b7ccb5d4b06cdafddd382e4b8a8a50530e82c200612c9d7d8a089bc8aa845c3cfcc38a6195d21c2618c3dba2b570920eccfcd236f17f08d814268f882242ddf0702da8785f407aa8f86fecfa903c48da83f839777eb6b4a2bbf5df7a4da53475af1ffe44b5fe0072b8fbf3d26e6d89ea67d8ac8459492890ada657eb3dc2492b88de175b4bba1a508064d619674aaae2af09d31a5c27c8d5d5a29b03779f4286b8966ce407e6ff692fb942520a9938d69cc70acb06b014b6dfc19834206cf1ac6c448ae6f078025b55f3d827201268a92add9ad178ef76a2989fedc6e39f4ebb9f96c9b8352694fa54fa022019c0ec0012d0d769e2367803f925f175f9fb9cbec4a0c9c1e2c83ea57e6a92a17f555cab934271e72c8cc3215fcb87c20539bf14277b1bfbd6e5880ef953fc75f23c0dd4fcc1e0be340af947de02e877fd5c77dd1df7b414b5c0b40c74956a545a115b0c6993ab233b7e72c822b6b3381bb1fc10875bffe3e2ed1190fa33fc15da083794fcc2c5bf5a07909063cb289a08a2c8a33d343842c2d6a3cfa2a16ca2eafcab7ea100d1c714baabb7149f07e25dee323e780757dfa8016faa7c0626222c365f8f2f6687d1ded234f799cc50d1cd26b4cfa4045917056fc79c3b88b2b1908e372df66dac8734631648349bc37fa34b25fff3b0747b6bc16b94e3e5895e4bbd93d478a6c1f75e4fa30faa922049ed4c50f12f4b312a8974d0fed8d44255dcb2bf0febe47fb3fb8ed9903b5ba4ca18e3cc6762cfa1eaf04dfa944d496e0fe8bb7dc045451396bfaba5485d9d5f391a954c3714253ccd9b19964d4280680720783036b3abfaf2884583ea5bdbcf69d08897ab288314635abb4c2964b71ad9291feb5b61f80e9b0cc07f912a8e5598d5548defe0eea1c448573710aacddb152f93c7c6fd3f7e4ed9f7442a6b900f23c3c544ce5c9ba5f5e92aafd11c9ff5f79c08b9d045fef07970625f62e2f4334a4d664caf7:74cb028dc6b75b37a1daea1cf88465db83a0093fecb22d99ba855e9ab59d05cb22c87d0b09df7c116213baa8f189b2703ff953cd202eb9dea3976ee88f5fa70385890db4e2fbce093dde5a80bf8fe09a984b83a49b7ccb5d4b06cdafddd382e4b8a8a50530e82c200612c9d7d8a089bc8aa845c3cfcc38a6195d21c2618c3dba2b570920eccfcd236f17f08d814268f882242ddf0702da8785f407aa8f86fecfa903c48da83f839777eb6b4a2bbf5df7a4da53475af1ffe44b5fe0072b8fbf3d26e6d89ea67d8ac8459492890ada657eb3dc2492b88de175b4bba1a508064d619674aaae2af09d31a5c27c8d5d5a29b03779f4286b8966ce407e6ff692fb942520a9938d69cc70acb06b014b6dfc19834206cf1ac6c448ae6f078025b55f3d827201268a92add9ad178ef76a2989fedc6e39f4ebb9f96c9b8352694fa54fa022019c0ec0012d0d769e2367803f925f175f9fb9cbec4a0c9c1e2c83ea57e6a92a17f555cab934271e72c8cc3215fcb87c20539bf14277b1bfbd6e5880ef953fc75f23c0dd4fcc1e0be340af947de02e877fd5c77dd1df7b414b5c0b40c74956a545a115b0c6993ab233b7e72c822b6b3381bb1fc10875bffe3e2ed1190fa33fc15da083794fcc2c5bf5a07909063cb289a08a2c8a33d343842c2d6a3cfa2a16ca2eafcab7ea100d1c714baabb7149f07e25dee323e780757dfa8016faa7c0626222c365f8f2f6687d1ded234f799cc50d1cd26b4cfa4045917056fc79c3b88b2b1908e372df66dac8734631648349bc37fa34b25fff3b0747b6bc16b94e3e5895e4bbd93d478a6c1f75e4fa30faa922049ed4c50f12f4b312a8974d0fed8d44255dcb2bf0febe47fb3fb8ed9903b5ba4ca18e3cc6762cfa1eaf04dfa944d496e0fe8bb7dc045451396bfaba5485d9d5f391a954c3714253ccd9b19964d4280680720783036b3abfaf2884583ea5bdbcf69d08897ab288314635abb4c2964b71ad9291feb5b61f80e9b0cc07f912a8e5598d5548defe0eea1c448573710aacddb152f93c7c6fd3f7e4ed9f7442a6b900f23c3c544ce5c9ba5f5e92aafd11c9ff5f79c08b9d045fef07970625f62e2f4334a4d664caf7: +628563aa3ee2fc611bcff78bfb2a75e9fd8780e87a939499a61beaa6a4b71913da20616ee4a41c2ebfdc50ab54953b6d387b06c6def75796b08809565c6cf805:da20616ee4a41c2ebfdc50ab54953b6d387b06c6def75796b08809565c6cf805:056fb954fbe6a6014fadac1e1a9f56cc08af37348ebaf6920683384efa47626ccddfead2d5e9e8cfff45f7ac63de63f69d12848ce3c0ef1f530ade430f0afd5d8ecfd9ffd60a79746a2c5beedd3e67249982f8b6092ee2d34047af88a81feab5d52b47d5b3f76c2041725f6f813293050aaa834b01a3a58f69aa4a8ca61f5b746f600f3d452c6282ffdca4429b9338967ba3a7266690aec75ebfbf7be98d999b03eddc7292581b0d69e30a0351a151db70412b0bfd43d3baa9d456cb3e0b4fc19cb09e6cadcb6d3f3be5137cc7a8d3219ec2036ec670ed7ec523b1b1c687b5465307882fe38d7472d0ba87a471868309d2f773ff24c87d39c16b708a4ed9af43f74c8d85cfe8ab5406907e941a14970e209c29ff7ed8a2f935ae41709f270d0d08555ef7af2edfe40df399223c785a43e7f3691589e2ea4c036f11d03d7d1eea14f620035325cf2b33baf386393e8a972a7af6cd9b8543b32e2533d1fcc3177fd96d1e13bf8b68deb222f94497265d3ccb345751bd5b669078081998d608ca5fdc134839d4ed2bebb2952fea5a39c6f033c1558f698ce4946e4f6c08af874f27357f870ebeeb2199976ffaefac951f8e17fe7d0821e1b92a90aa4e9defd3fafda052a444476db1ce38a9e176e841189abd8fecde0fbc5cb55f511f5fde07ea97deb39b7aa8dc84a3946a6cf926d39b95c11af9d64d98b807f4704d0a2bda97dad9881ada1bf6636366e60a522b4821047861c7aae2146a02eef6b25d51371a0f17d24bc187dcdd05d541c2f72201427915a3928cd378689103ac50b33f87a47e8cdfa687a5f0af8a56731dabe662f4f2836de0ba8fafd86a3854bca012d7088a00b9854c2d3c708ddf58faa355a89afc2c80f3f5336da01d72a2771a055813fb35330f7d2e01b1d12daa95ed55d3bdc5df7739cbc3ca097a41b6b2bd7f0ff9dd1d8658983ba3ff7920c15f292a1ef9fcada1c607ecb45d3a73c9ffd42f3e16022fdfe12744926395f74fb3111793fa9281821a66a01d:c9a6aaa9b4e1cce1b58445725f61f552c8fb45831f03482798f01f663e9983db1a82fd33aba3eccb96226426d50ae17cc51274ce18a38860f40b2f82361b5c03056fb954fbe6a6014fadac1e1a9f56cc08af37348ebaf6920683384efa47626ccddfead2d5e9e8cfff45f7ac63de63f69d12848ce3c0ef1f530ade430f0afd5d8ecfd9ffd60a79746a2c5beedd3e67249982f8b6092ee2d34047af88a81feab5d52b47d5b3f76c2041725f6f813293050aaa834b01a3a58f69aa4a8ca61f5b746f600f3d452c6282ffdca4429b9338967ba3a7266690aec75ebfbf7be98d999b03eddc7292581b0d69e30a0351a151db70412b0bfd43d3baa9d456cb3e0b4fc19cb09e6cadcb6d3f3be5137cc7a8d3219ec2036ec670ed7ec523b1b1c687b5465307882fe38d7472d0ba87a471868309d2f773ff24c87d39c16b708a4ed9af43f74c8d85cfe8ab5406907e941a14970e209c29ff7ed8a2f935ae41709f270d0d08555ef7af2edfe40df399223c785a43e7f3691589e2ea4c036f11d03d7d1eea14f620035325cf2b33baf386393e8a972a7af6cd9b8543b32e2533d1fcc3177fd96d1e13bf8b68deb222f94497265d3ccb345751bd5b669078081998d608ca5fdc134839d4ed2bebb2952fea5a39c6f033c1558f698ce4946e4f6c08af874f27357f870ebeeb2199976ffaefac951f8e17fe7d0821e1b92a90aa4e9defd3fafda052a444476db1ce38a9e176e841189abd8fecde0fbc5cb55f511f5fde07ea97deb39b7aa8dc84a3946a6cf926d39b95c11af9d64d98b807f4704d0a2bda97dad9881ada1bf6636366e60a522b4821047861c7aae2146a02eef6b25d51371a0f17d24bc187dcdd05d541c2f72201427915a3928cd378689103ac50b33f87a47e8cdfa687a5f0af8a56731dabe662f4f2836de0ba8fafd86a3854bca012d7088a00b9854c2d3c708ddf58faa355a89afc2c80f3f5336da01d72a2771a055813fb35330f7d2e01b1d12daa95ed55d3bdc5df7739cbc3ca097a41b6b2bd7f0ff9dd1d8658983ba3ff7920c15f292a1ef9fcada1c607ecb45d3a73c9ffd42f3e16022fdfe12744926395f74fb3111793fa9281821a66a01d: +9141f79ed30bf600611a13f367b40396f2ec839c5612bbf1e6e497f83954bc88f14eda962640becb66c4d1f1a021110251917b8b1d34828298d32145baf6e5d9:f14eda962640becb66c4d1f1a021110251917b8b1d34828298d32145baf6e5d9:8fecaa7ae9a3d4a4851a66362b366e167b9f4300fdab205654751987f085de61bec9344aa86f5e5c6477514c2804ced7ac0cd0628529a3a1599236ed67bebe1f2e95aa151fe0f3b3011a1d4be9901cafab2f1891904d4bff0128c1d35ececb322b3cc01dacc5ae3dca6914a7d34da8c9657b950f89d1d6aec3299bb690111071fa87282774943d96a4ab7c3d6de7d1bf119363068cc82d45e4b76454c608bc3566b7f9b385cc7eb38ee429afc2da99669fc5c1be82161a1b0c33f7ba9ad4419d2062971901db003bfa23c44714995cb06bfa966e5023aa9346fd375ae2a1e84084314df3f08ce20800c2c2adfbb81366f6b104243d62d5041e7273433f17581bf93f4c6146fa966f638ab07ea16694a7ce305cc609a6e10623ff7f6c7916b6e4dbdebb7b52eca7f0d5187ff664d7c370ed22886aa2671329d928e0a3bea3b4711a128b9aab90266f8651d220b9cc1cbf5b1ce7265931803690d3291c01ead4dbc3329a97e85c4fe1d356608cc9e60b05bc14838a8608279a0061de28ff7b8e81f59c8a8c5523924c4c485e6ea80ac81750bb0e419efc7858cd4af50c8b8c80650facab4d8258f9cafa0310a007cccbc4185c82fd146df1d811879da3650d5716f1004b71d2c7f2bd6503c354589f8602c950a1f5139f811460752880a341116630e4ff84948e74a9eb350d64d8293002200233f209b17d78897c7ce6ce29e29f82d4ad6c61eb79f5739cb668b21a745555c96e19526845e82c6ed2b1c6bdd6364b8fc79ba9a32dbd3f8b975eb923623958ae0daa4ffa139217c00e021f937e9b791c37991a35e5231a1914c045a787432f97b8e2063db105e14da979c1c4cba785210eb02011334b230cfb6831998ccce25386f4f3ba0dce2006e9c3940b4d5a56aaccdcab02718689816360f18852fd1998a99fce9a04da3f5e23af94c6e8a5badfd39304b9e2a376a1f9bac09a85bd042476e26b58ec73f1236d41ab4b4e7a54def9d66a38f8e546de7b388e1e7d6681e5e2a096f160:cf202d7f2f9ed117f429502b2a5aff54a7f751d2171515a4d203753446df0ebac86984c88bd42bd1fb8dcb408776722a38f32cceb25f32a25d7393f138eedf0a8fecaa7ae9a3d4a4851a66362b366e167b9f4300fdab205654751987f085de61bec9344aa86f5e5c6477514c2804ced7ac0cd0628529a3a1599236ed67bebe1f2e95aa151fe0f3b3011a1d4be9901cafab2f1891904d4bff0128c1d35ececb322b3cc01dacc5ae3dca6914a7d34da8c9657b950f89d1d6aec3299bb690111071fa87282774943d96a4ab7c3d6de7d1bf119363068cc82d45e4b76454c608bc3566b7f9b385cc7eb38ee429afc2da99669fc5c1be82161a1b0c33f7ba9ad4419d2062971901db003bfa23c44714995cb06bfa966e5023aa9346fd375ae2a1e84084314df3f08ce20800c2c2adfbb81366f6b104243d62d5041e7273433f17581bf93f4c6146fa966f638ab07ea16694a7ce305cc609a6e10623ff7f6c7916b6e4dbdebb7b52eca7f0d5187ff664d7c370ed22886aa2671329d928e0a3bea3b4711a128b9aab90266f8651d220b9cc1cbf5b1ce7265931803690d3291c01ead4dbc3329a97e85c4fe1d356608cc9e60b05bc14838a8608279a0061de28ff7b8e81f59c8a8c5523924c4c485e6ea80ac81750bb0e419efc7858cd4af50c8b8c80650facab4d8258f9cafa0310a007cccbc4185c82fd146df1d811879da3650d5716f1004b71d2c7f2bd6503c354589f8602c950a1f5139f811460752880a341116630e4ff84948e74a9eb350d64d8293002200233f209b17d78897c7ce6ce29e29f82d4ad6c61eb79f5739cb668b21a745555c96e19526845e82c6ed2b1c6bdd6364b8fc79ba9a32dbd3f8b975eb923623958ae0daa4ffa139217c00e021f937e9b791c37991a35e5231a1914c045a787432f97b8e2063db105e14da979c1c4cba785210eb02011334b230cfb6831998ccce25386f4f3ba0dce2006e9c3940b4d5a56aaccdcab02718689816360f18852fd1998a99fce9a04da3f5e23af94c6e8a5badfd39304b9e2a376a1f9bac09a85bd042476e26b58ec73f1236d41ab4b4e7a54def9d66a38f8e546de7b388e1e7d6681e5e2a096f160: +695c960bbb0dd57ffa36151c85de735154fe5ad5f5fc77d005a0a32011deb30c34125e4e21f789ed0e1180c1f6369c721dcae9859b6f7b04f957e51001eede8a:34125e4e21f789ed0e1180c1f6369c721dcae9859b6f7b04f957e51001eede8a:3706696c7a906690d0d3b71e7e211c7b067168f3a8f1ed984a0a5e6078597662e4e7889d52db0f78e0d5ef0e5f7a0a0f4263b6848b0725caa4b1cea6987409511c8e5e982d3f5b82bb56a4a7947121937f8e105c5a14b53e6c37cc716b1eba922421828b046f6856c44fabf13a7516c62a5ff98568450cee78b140335047bf1ca77e1549a894feeb078045e4641832253bf695485452ec369065a60029a6c9077a379db20485ea2edb6c969547bb2653289bc6e81ffcb84bdbf773ddea4b3750e9a72395d117f644b0e22061d4f3bb7c5b612e4b70395e0779516b46659116902fd0fbcd2340eea45e9c23db2564a5e11dc79e8f4b332a443ec35aad9604fe791252088295e84f65a307312550d9ebf61f367e4a0f2b5623e53ef6bc132825fc24ebee4ebf338cbfb5df69b32d030d447c44f313ba96fe07bbfe5b0166eaecbc619bb6b2e5924010ba3ec150ff6a69fec4ded9c442f98c15e77f319b4843b3b748b5d26089a76c2b834ff93c413e04ca9550cd211ce2d6a583d782575066db6dd33e8d5e8374355d068a5eb96f8b3da8dddfb5baf5c596daaf556a8f2cb5781e5042327f92ae0621eae088b5f013592e77873a81d7e068d7b8337db9f109a835b475e5caf7cea5af3b4ad6d90baaf1c73655ec676747fcdd41775b4fbe3924c3f41d8a737528d12d6156653a22358c6821426b2c0a33e1634c62c7c8385649bc233e7daf9439f09db9bd11ea01e28b77ecbbc4590e29fdcf0fdde152f6478132fe4c3a5b45a7305af6e381cadd72496e66bbb866cea47f7e7d7e63341600af3f49ce9c9e4e37394df5df71dc10cd391fdcb8a193dc98fc19059fa3ac230ec5476bf94d85556ace6e1ba32421bf59dcbe05c5e15d34c6644e27d0a02be97fa8387ee03706f22a8f4b3b4040ad7d3f8a86971a20a09ec81b7696d834c526b8e51cb97d27643f9abf5e29ffd0333f95de15d110c2064ca49467c14ef227f4babf1a55e7b1cda0429cff256be31cf116719a81b9c5fb75fdf64e:4af41c554d990812686c329a875c41ee24b4a7fd7b3d4f8c8d5275f2e7cb242b258b5858a466de595ce2a2177e351c7f08c7fc4e0bf97ec5fb2dcb8252d2c90a3706696c7a906690d0d3b71e7e211c7b067168f3a8f1ed984a0a5e6078597662e4e7889d52db0f78e0d5ef0e5f7a0a0f4263b6848b0725caa4b1cea6987409511c8e5e982d3f5b82bb56a4a7947121937f8e105c5a14b53e6c37cc716b1eba922421828b046f6856c44fabf13a7516c62a5ff98568450cee78b140335047bf1ca77e1549a894feeb078045e4641832253bf695485452ec369065a60029a6c9077a379db20485ea2edb6c969547bb2653289bc6e81ffcb84bdbf773ddea4b3750e9a72395d117f644b0e22061d4f3bb7c5b612e4b70395e0779516b46659116902fd0fbcd2340eea45e9c23db2564a5e11dc79e8f4b332a443ec35aad9604fe791252088295e84f65a307312550d9ebf61f367e4a0f2b5623e53ef6bc132825fc24ebee4ebf338cbfb5df69b32d030d447c44f313ba96fe07bbfe5b0166eaecbc619bb6b2e5924010ba3ec150ff6a69fec4ded9c442f98c15e77f319b4843b3b748b5d26089a76c2b834ff93c413e04ca9550cd211ce2d6a583d782575066db6dd33e8d5e8374355d068a5eb96f8b3da8dddfb5baf5c596daaf556a8f2cb5781e5042327f92ae0621eae088b5f013592e77873a81d7e068d7b8337db9f109a835b475e5caf7cea5af3b4ad6d90baaf1c73655ec676747fcdd41775b4fbe3924c3f41d8a737528d12d6156653a22358c6821426b2c0a33e1634c62c7c8385649bc233e7daf9439f09db9bd11ea01e28b77ecbbc4590e29fdcf0fdde152f6478132fe4c3a5b45a7305af6e381cadd72496e66bbb866cea47f7e7d7e63341600af3f49ce9c9e4e37394df5df71dc10cd391fdcb8a193dc98fc19059fa3ac230ec5476bf94d85556ace6e1ba32421bf59dcbe05c5e15d34c6644e27d0a02be97fa8387ee03706f22a8f4b3b4040ad7d3f8a86971a20a09ec81b7696d834c526b8e51cb97d27643f9abf5e29ffd0333f95de15d110c2064ca49467c14ef227f4babf1a55e7b1cda0429cff256be31cf116719a81b9c5fb75fdf64e: +25cb17fc33d2bf8384ae4df20c1fad5c35fd765affde04b5256d4de01ca8de14b86ca312fe598520c64be5c72f5b23816507f69e070f828e02d2afcfe11bfa01:b86ca312fe598520c64be5c72f5b23816507f69e070f828e02d2afcfe11bfa01:4b4a71cbf8cbaf57a77d4ea188a6f964840f0d714a5f38a095a13b4e571297a88b792417d16184427f90e043dd8a55b7f1c13e00dfa60516445cbe77068c79c8c35ebeac330c33f1121d05731a8f5132d6480073274641195a75202116fff1c318817178fdd768bbdf105fa069c7a3d143fdf5d17bfad7c0624e5292068fd7bb6d303b4a27cb20a4e61875076787d19fa6f729c94dc0ba9b8c0bfd9866da5cb2e7a2cd2edbdc95ac349e5e5c2172e5a4cf7bd90cabe2c6e2245980bd72d0f6f5479881e8c4c354f68aa72841d0c73b986ba51021203161026ee3d729ddf1a049ffe9eb25439802f03011d144e50b02bd4aca5e5506d32fcf69e32f542544798f4e87f72bdf2433b1ff3259292e1d90812cffd79f6a543270baf24a3c39dd3598e1c661612922522f387d51597692f314c4d5ac4bf1883a614636336a5544d59ff41d1e0dbcf8e6627e7c8085646322dfc20c332cbdf35370d47dcabb802e17ca84780eec661c904d5bfbc240ad6a14a7533f71a27500c61dd3e473983887a86835187abb0df08fa62cda69dce86e21fa5ae954c22eddb60ee3131504a69b50486a17767091883760638a29c38030e1e05fdb28e158633010385a620613cc10d5a5f350955f4a347c65edddb7e25159da8dcc2655928ad6f6d8c4c1abb817d7fef3bae5de0402eddee7b51521ce280a66b796140f56af9bc20e465875ce2628a8a10477ce9b2eacc7d86f88272457bfd443e712526996254380f0135227e9fc151c8695e9cc64d272b256ab95c9a9f568e93716e0e53d29882e3ce74261257a02cd497c37d764d90f7fd478a17a890a8b2ea61ab81f6869b120a2f6484a88c151953391eca445015377b3a5dffe4cfbacfb5bab2c47f654f72a9d19cbc4d29537198405e3a04b4bfe11bcdb5c1f30d9ac02f54849c57aa96f7b56636116f2bb6f2583d9af94c86aff5c137f63ce54e8f0c21b6c25c1f0472a229c90817e6162eac71ccda309a1643bd6312a5263a2efe646dffe79ebd8157a28:8ccb0dbcf7cc03e83e21c57474afd3ad8898097b972ede175acaae48e3ec17b2db06fc82776b0751c0f956fd7196f3d1c96321a6cf3d892415d8f8eeb4a141084b4a71cbf8cbaf57a77d4ea188a6f964840f0d714a5f38a095a13b4e571297a88b792417d16184427f90e043dd8a55b7f1c13e00dfa60516445cbe77068c79c8c35ebeac330c33f1121d05731a8f5132d6480073274641195a75202116fff1c318817178fdd768bbdf105fa069c7a3d143fdf5d17bfad7c0624e5292068fd7bb6d303b4a27cb20a4e61875076787d19fa6f729c94dc0ba9b8c0bfd9866da5cb2e7a2cd2edbdc95ac349e5e5c2172e5a4cf7bd90cabe2c6e2245980bd72d0f6f5479881e8c4c354f68aa72841d0c73b986ba51021203161026ee3d729ddf1a049ffe9eb25439802f03011d144e50b02bd4aca5e5506d32fcf69e32f542544798f4e87f72bdf2433b1ff3259292e1d90812cffd79f6a543270baf24a3c39dd3598e1c661612922522f387d51597692f314c4d5ac4bf1883a614636336a5544d59ff41d1e0dbcf8e6627e7c8085646322dfc20c332cbdf35370d47dcabb802e17ca84780eec661c904d5bfbc240ad6a14a7533f71a27500c61dd3e473983887a86835187abb0df08fa62cda69dce86e21fa5ae954c22eddb60ee3131504a69b50486a17767091883760638a29c38030e1e05fdb28e158633010385a620613cc10d5a5f350955f4a347c65edddb7e25159da8dcc2655928ad6f6d8c4c1abb817d7fef3bae5de0402eddee7b51521ce280a66b796140f56af9bc20e465875ce2628a8a10477ce9b2eacc7d86f88272457bfd443e712526996254380f0135227e9fc151c8695e9cc64d272b256ab95c9a9f568e93716e0e53d29882e3ce74261257a02cd497c37d764d90f7fd478a17a890a8b2ea61ab81f6869b120a2f6484a88c151953391eca445015377b3a5dffe4cfbacfb5bab2c47f654f72a9d19cbc4d29537198405e3a04b4bfe11bcdb5c1f30d9ac02f54849c57aa96f7b56636116f2bb6f2583d9af94c86aff5c137f63ce54e8f0c21b6c25c1f0472a229c90817e6162eac71ccda309a1643bd6312a5263a2efe646dffe79ebd8157a28: +49e24d1699833726b18c78ea6568401a971e1ca39dd06d7563ac8b4250d4a9f571cf05e90d301a6d9fad7f0b38ec8bb044fcfd97c849b04c003625de29be86bb:71cf05e90d301a6d9fad7f0b38ec8bb044fcfd97c849b04c003625de29be86bb:6d2605f61e1a04b6ae18c2c25ae100dd42a61e664e2db5c34d7ad1f84ac507552b741c2086c17c852babe07a91e129a506ee59edb9ce73be1b1d06d120ec36a1e94c6281054e78ceb1bdeffbcbf4f01051ed381bfc8ad1769f41e240bf6059d9704cacec666611f41e4dd438b7f50242ea86756bb1f81e5942c092129fbc6de4955d28dff35237db30e4a5036a9914c9f84dbd8ccf82ba2b1b3b5554a2b7a74cb0b2a1e1963345286e258dc8e7d56718035f95f313811cfbd852a0f8f49a29ef933e7cda7ed9c7e8b162cdba1a82262cd4df7cf8ea4b586db43dcc1e3764598e9ca46673822baa2ad87fb14b6fdb9e2032d0ca51c26c5ef3d9f79785fac2491cdbf7c399f3cd1774c1a6b1e4a67f5436d80db025f8fb6409e275bd0ed508b5e039ed2e4eec8b0f4d5be99dcafa6a1401252732a65b37c943c07ef3acbcfbb3dc06dad0a88f2f5eb551a3997ad6c6eed95edd9a0af4a288d5e43286b2ac072977c436b7c5ff7ab61c9484f257f58e010c9b6ad41581d742cd19752cde54d2b420d643654e9096a81eb9dcf804c7c2ed0e38d13a5ce39978cdd02b25350945de78feecc0c2c22ffd705c3ba8113265c7b9a7c8ddb59178bd21d7f6c31c6be2c36749ee0f9ab8bc1dcf5da5cb2d2d5962358f71f96ab3792a252a519e415351f43e7e12035b0328f28208cf4be529d299aa5c128c9d5ed575bf90c5350569eaa6f2d5521de1180309f686c97e9ad6fa1ec1dd8627ae8951581cf604b8b917c5ba434a637be1bc8b79f4acaf7795f4e51aabdb885077bc4f3c68fc3318de5823d7e0804ee995b70387950f799353682300d4e797f3cad611b4c562c8640ff2b3fe292916a970fb98c1475c1f4e27b9b33cfe0d3ad932a1ebe6a27fc3b446622954aee1683668c8bd4a3f903be5c77dfdb8e8914cedc51f65fed2d9c4d03e13a668d4c7ea5e31883e1b3db64363e2ac5cc54b54ce69c6ad52f874999b5dd2c5782f03c3d51505df536a1fe0d860d33eabed641a940089f1297dd0f57f:a0b6a2af15b6be9e951ef3f32cbd1c6702e8e017fbd315a3f2599c3f1a11865d46e78459a0d7f7be046aae293cad09137ec847e26928106d9aa35e0982b992026d2605f61e1a04b6ae18c2c25ae100dd42a61e664e2db5c34d7ad1f84ac507552b741c2086c17c852babe07a91e129a506ee59edb9ce73be1b1d06d120ec36a1e94c6281054e78ceb1bdeffbcbf4f01051ed381bfc8ad1769f41e240bf6059d9704cacec666611f41e4dd438b7f50242ea86756bb1f81e5942c092129fbc6de4955d28dff35237db30e4a5036a9914c9f84dbd8ccf82ba2b1b3b5554a2b7a74cb0b2a1e1963345286e258dc8e7d56718035f95f313811cfbd852a0f8f49a29ef933e7cda7ed9c7e8b162cdba1a82262cd4df7cf8ea4b586db43dcc1e3764598e9ca46673822baa2ad87fb14b6fdb9e2032d0ca51c26c5ef3d9f79785fac2491cdbf7c399f3cd1774c1a6b1e4a67f5436d80db025f8fb6409e275bd0ed508b5e039ed2e4eec8b0f4d5be99dcafa6a1401252732a65b37c943c07ef3acbcfbb3dc06dad0a88f2f5eb551a3997ad6c6eed95edd9a0af4a288d5e43286b2ac072977c436b7c5ff7ab61c9484f257f58e010c9b6ad41581d742cd19752cde54d2b420d643654e9096a81eb9dcf804c7c2ed0e38d13a5ce39978cdd02b25350945de78feecc0c2c22ffd705c3ba8113265c7b9a7c8ddb59178bd21d7f6c31c6be2c36749ee0f9ab8bc1dcf5da5cb2d2d5962358f71f96ab3792a252a519e415351f43e7e12035b0328f28208cf4be529d299aa5c128c9d5ed575bf90c5350569eaa6f2d5521de1180309f686c97e9ad6fa1ec1dd8627ae8951581cf604b8b917c5ba434a637be1bc8b79f4acaf7795f4e51aabdb885077bc4f3c68fc3318de5823d7e0804ee995b70387950f799353682300d4e797f3cad611b4c562c8640ff2b3fe292916a970fb98c1475c1f4e27b9b33cfe0d3ad932a1ebe6a27fc3b446622954aee1683668c8bd4a3f903be5c77dfdb8e8914cedc51f65fed2d9c4d03e13a668d4c7ea5e31883e1b3db64363e2ac5cc54b54ce69c6ad52f874999b5dd2c5782f03c3d51505df536a1fe0d860d33eabed641a940089f1297dd0f57f: +f8ff97032a34cf9999088058af56ff70b6acb2edf759e131faec8440fdecf6c45438b4e33f1c5ea112fb1bafef4059bf095a11409b64d46bfb4d25473c1c0874:5438b4e33f1c5ea112fb1bafef4059bf095a11409b64d46bfb4d25473c1c0874:dfb41fb9d53702cb2b9e3ffcad4ea602716f718a7ea33e21843e2a6c052c70c6c51485d72b53a5bb4e34e03e3e1d1a52518eb3e7f18f2a1e1caf78acb2116089bed4c617138e716a91431f2cf644a1210f6d1920d285994264d6466b0d8d2c62638044616f576edc7d0d93cb660131d4bb50875e153640123a96f15b75a5bcee46d5cc5eb1a431c59d2eaddfd5531502feb1551bf7791cd5989d17d10296d01ba3ae3e384c674526cab62a7c24c0ff677de71ca172621a28a85e01eefe07f6eef9c3ecfd7f9498ac42f46a43716f615318a3b28757c3a15f4f1c3822ae7a75c203a298258d753638cf425e15bbc46202b093b8e4f3e670fbb663db2b69c8fb0f625074d85a44d350e042bb1b74021d192997a2c27dd6c8634841d100a0344baed750a39ff5dcd9848dfcf09e5c8c47967b96556e2332ca17d8e42dd8f393a5445a372244600b3001b8fe86c45eafc6e738aa7e117b4a79fa2e6b00f464928d1856c83ecfe87dd34d158f5cb4e4f4d610f59717ec790bd3ff872040b67e8d3939e804e3b5db985a095621cbccd686c0934ece3e27ab2c6ce33fb52b111f48e4f274bdf320d0b02384c83c49e1a041bd2319109c85a06d8048a993357abfd811ac2f38059d077acbc36aa966c028903748625f92e8f79d51bda10f78522977f76ec4e885e49a46c68de09f3da8f86b71ae6423bd29deef1cc6a113eac115a6cde2ccd011fc1c0f0e3427f43c3e96fc4156edf62ddfb7b0836b888bab3c4345055a6c4178e9e22829fd8cfce39b0b8444eb26487cc9dc82606feaadaf4978694e6564f2729c1b13ab37c9072db4e9de940ee5f1d05884ae7fd9d9ec9cb7de56347600a88dea9208a63419fce29ee50055a374a8f22f9ae2be9805a9f47615aa59576b44042ff126a89824e36ad6bc58e06bb90fbeefbae5d6d7d62430f373b6296fbfcd4d6620168353583fbd3d5a292b9572517534e2fb0beef2fa98a464e59103e7a04287f15dad0fac54970e7715078d63ec26362f6fbabcddeaf7:509e9eadfe8dde7914ac20cafc0b0af22b84dd8a210a4812cd8cae39b0a272e53e02246dc8939e9226920336e140b31532d068137a34161e599a8694a95ddf01dfb41fb9d53702cb2b9e3ffcad4ea602716f718a7ea33e21843e2a6c052c70c6c51485d72b53a5bb4e34e03e3e1d1a52518eb3e7f18f2a1e1caf78acb2116089bed4c617138e716a91431f2cf644a1210f6d1920d285994264d6466b0d8d2c62638044616f576edc7d0d93cb660131d4bb50875e153640123a96f15b75a5bcee46d5cc5eb1a431c59d2eaddfd5531502feb1551bf7791cd5989d17d10296d01ba3ae3e384c674526cab62a7c24c0ff677de71ca172621a28a85e01eefe07f6eef9c3ecfd7f9498ac42f46a43716f615318a3b28757c3a15f4f1c3822ae7a75c203a298258d753638cf425e15bbc46202b093b8e4f3e670fbb663db2b69c8fb0f625074d85a44d350e042bb1b74021d192997a2c27dd6c8634841d100a0344baed750a39ff5dcd9848dfcf09e5c8c47967b96556e2332ca17d8e42dd8f393a5445a372244600b3001b8fe86c45eafc6e738aa7e117b4a79fa2e6b00f464928d1856c83ecfe87dd34d158f5cb4e4f4d610f59717ec790bd3ff872040b67e8d3939e804e3b5db985a095621cbccd686c0934ece3e27ab2c6ce33fb52b111f48e4f274bdf320d0b02384c83c49e1a041bd2319109c85a06d8048a993357abfd811ac2f38059d077acbc36aa966c028903748625f92e8f79d51bda10f78522977f76ec4e885e49a46c68de09f3da8f86b71ae6423bd29deef1cc6a113eac115a6cde2ccd011fc1c0f0e3427f43c3e96fc4156edf62ddfb7b0836b888bab3c4345055a6c4178e9e22829fd8cfce39b0b8444eb26487cc9dc82606feaadaf4978694e6564f2729c1b13ab37c9072db4e9de940ee5f1d05884ae7fd9d9ec9cb7de56347600a88dea9208a63419fce29ee50055a374a8f22f9ae2be9805a9f47615aa59576b44042ff126a89824e36ad6bc58e06bb90fbeefbae5d6d7d62430f373b6296fbfcd4d6620168353583fbd3d5a292b9572517534e2fb0beef2fa98a464e59103e7a04287f15dad0fac54970e7715078d63ec26362f6fbabcddeaf7: +2e4c39219fc92a538e48e95fbfcfef30f5a21b78940b81053bdad4602b4c9690f8eed892176620434c7f0ec53dcff39863109e7ca4d0b3c6c4b56410be01e537:f8eed892176620434c7f0ec53dcff39863109e7ca4d0b3c6c4b56410be01e537:c87d1fba9d94a6a5408980fc8083980fd2d252fae540f6eec19ed6746c29e339a1c29f6f53bc23fd6bfa438507eff5daf903403cda707b4dc5e844805d6b1ceb4afff4b232e8e69d7d271f3c067c4854f3d94f27fe325581faca79d1f02a26290ad23af71100c12c09157647ca9da43d7690ddcd94db65e000989c878b75a0ff22d2c70962594c9b0808f27846ccac8567bce5d2e3b7602809f23b59cd718a0805d108f31a632a05b8dfa5035ab9461aeba416009d74fdf9e007202856890d2cff80fa240b978a48270fcb2f473697bcba8e730a55c28761919a23be41da27ffea09e3559caaabf9519ec08e1ffa86817aa3e8874fa816e7718c5b2f344967ba1bc2819c4f045a97b40544ea61d717083ccaf11e9ddc04a3598ef181e7bef4acef45b6551b478a0d7731c4f08ce5802f78258d419017661076d7d6d2ef39e57cf9cd9397dcc5debf64ab82b66159f578316e74cd49f5ad2c6fef83cf08683b9570a946ad4903df4e96ec008e14a501fa9386bdaf2a63993c6c9bdf231fd09ea6f96ef4d4e29a3a3327cbf74ea831054e66ca86680c6ce53b66f9465d06b3fa0798bb6905ae38455934f2fb7e0ba472328989f001308671cccb566d222c72165bb3a744fb98e2210f9620680df3e3cd14a8bd94b5745c0016dda77f059f26053b64cf4523c3d429112fb6b328398bc630a2e906b95a6c5780cfdc0641be4751bebddf7724dc9c27e78d60ed0fd736d5abd88929c1795d473abd2b0320c540475728821867a409a2ff13cc44ce35e5981e9f6b87a28d4fa8b8675e503faefca7c1d7984737871fe919ac414eea265ee31f9f78f521f3f4f8d00c3fb79171f3c6a5dbf5e1ac8bf63b4c3d8d8bc121036e9e55bb702ea6c86e925ec0b984ded2c71f3bfd4932e6c41b582fd02ca59f53ce297445785cc4cac247b0b84e7fa0bcdcf79b3e4a155f9878c1f643be9c42f7a4f27260444505c1845bd53b550a31d7953cc738861f46bdf4870f3a77ace191abd63c45adb153909fb59ab5db9b:394520122bb0a564648a7a8bc8dc73636c517746a3c8a05b901e7252fef0e5023d90991e311b5382d49100e52633c70fe9c26c1450e0603e6d452299af4dae07c87d1fba9d94a6a5408980fc8083980fd2d252fae540f6eec19ed6746c29e339a1c29f6f53bc23fd6bfa438507eff5daf903403cda707b4dc5e844805d6b1ceb4afff4b232e8e69d7d271f3c067c4854f3d94f27fe325581faca79d1f02a26290ad23af71100c12c09157647ca9da43d7690ddcd94db65e000989c878b75a0ff22d2c70962594c9b0808f27846ccac8567bce5d2e3b7602809f23b59cd718a0805d108f31a632a05b8dfa5035ab9461aeba416009d74fdf9e007202856890d2cff80fa240b978a48270fcb2f473697bcba8e730a55c28761919a23be41da27ffea09e3559caaabf9519ec08e1ffa86817aa3e8874fa816e7718c5b2f344967ba1bc2819c4f045a97b40544ea61d717083ccaf11e9ddc04a3598ef181e7bef4acef45b6551b478a0d7731c4f08ce5802f78258d419017661076d7d6d2ef39e57cf9cd9397dcc5debf64ab82b66159f578316e74cd49f5ad2c6fef83cf08683b9570a946ad4903df4e96ec008e14a501fa9386bdaf2a63993c6c9bdf231fd09ea6f96ef4d4e29a3a3327cbf74ea831054e66ca86680c6ce53b66f9465d06b3fa0798bb6905ae38455934f2fb7e0ba472328989f001308671cccb566d222c72165bb3a744fb98e2210f9620680df3e3cd14a8bd94b5745c0016dda77f059f26053b64cf4523c3d429112fb6b328398bc630a2e906b95a6c5780cfdc0641be4751bebddf7724dc9c27e78d60ed0fd736d5abd88929c1795d473abd2b0320c540475728821867a409a2ff13cc44ce35e5981e9f6b87a28d4fa8b8675e503faefca7c1d7984737871fe919ac414eea265ee31f9f78f521f3f4f8d00c3fb79171f3c6a5dbf5e1ac8bf63b4c3d8d8bc121036e9e55bb702ea6c86e925ec0b984ded2c71f3bfd4932e6c41b582fd02ca59f53ce297445785cc4cac247b0b84e7fa0bcdcf79b3e4a155f9878c1f643be9c42f7a4f27260444505c1845bd53b550a31d7953cc738861f46bdf4870f3a77ace191abd63c45adb153909fb59ab5db9b: +f092e6be8d2d9ad069a3e2b976d244e34c15c28c48d32f5560a54185d1501502cfeb3e74e4b5c8356a81757b8f1be4b429fc18fcaf497cbf8d8bc0480ff978f9:cfeb3e74e4b5c8356a81757b8f1be4b429fc18fcaf497cbf8d8bc0480ff978f9:2c255fb25d45b086c071e03e525b4d728578fbb6b0c60da941e6bf2a4898b2d5b6988c53302785ab7a3bc4bb2c205acd27d6a4cbdd1a0c0889ded784264cb7c02889c5c7113fc90bbbcd31ff001432c053f971073cf6712f667fce4698776b98cc5444c692abd1288198be5ad5674609f7e139ad1b9ccb943f8dfd9d12c54ecee278341b2ee1277991ca62cd3bfe128d1392964e9588e2f97c321704a3de106188c5eb335aa5a19acc9067b4a94129b9d1a6167c4bbfb56fb97684cbbd720c86869e0020ab0776cdc9954feba862124b073fba8de9ea9a38eacfa003ae4f1cdcbf15c32fb6b970c73115ddffcd4fa3b71846110edec257fcaed6113604f7192572577264b9905ca6aed8daec138403ca41aa954278a5720b267b90ca163a9bdf447eade8deb769a3b49237a73516977c28734555dd234ca7de4999261bc7960f536ba8a35ad3d02c75f1c2bea0a0612e7d49c40397dd6af5ff58bae6a64b6a77e981f92d159e0b2bd205ab157052f47017a3e18aec944d0465ee0017e96148a6129f74d3ccb489fea13a15a9b9aced58c6ee0e6e84e05fdadfae07b334a98fc37f7e511cd5a44e9c74e478d349e30e29aeb46a4df01e4307fe65e1394a758f6ada2fb120225ccd50a49013e6c9f175af90f3fc8c57e7a6a969a916c3f1aacc22f3e01a070cc48e6fd878e2bd073df9ee6f059b98568404fc7eae7d4bf6fa16c0c803c6be84e8b79c67affc8c88cabdeebc1134bb2386e22ba4d2e9e0f3e1ab3a0dac7c80ddeed773cda0c41dc9defa67fea37769cb4a1e1522d7e0b3d7c4638bcd983153d478be5ecf2b6ab1b40124e4222b8caa4647bd50d74d203943ab20938d5f27d908a673674046ce2ef18e858b0a01a7e7530ded0f8cc89ef09b73ca597cf73afbc9a271a4d23c92fe591883c440109c4ef416670b7f2c5905b77f65f56d09d40250356f9b1dbcaf1ee2c0b63696f84d68ddbea160085151a9526274d7b846cceb6c4348098484de3bb723ae5e85276df49f5634130ff905754f:63cd4c0ba3be9397cc0f3c1af348ec4b8a91e42fee675da1d05900b9a86c138f9174eb996bbdf31c4295e0c578ac0f9d537641a2afd5dff93a39c5cd9d3c480b2c255fb25d45b086c071e03e525b4d728578fbb6b0c60da941e6bf2a4898b2d5b6988c53302785ab7a3bc4bb2c205acd27d6a4cbdd1a0c0889ded784264cb7c02889c5c7113fc90bbbcd31ff001432c053f971073cf6712f667fce4698776b98cc5444c692abd1288198be5ad5674609f7e139ad1b9ccb943f8dfd9d12c54ecee278341b2ee1277991ca62cd3bfe128d1392964e9588e2f97c321704a3de106188c5eb335aa5a19acc9067b4a94129b9d1a6167c4bbfb56fb97684cbbd720c86869e0020ab0776cdc9954feba862124b073fba8de9ea9a38eacfa003ae4f1cdcbf15c32fb6b970c73115ddffcd4fa3b71846110edec257fcaed6113604f7192572577264b9905ca6aed8daec138403ca41aa954278a5720b267b90ca163a9bdf447eade8deb769a3b49237a73516977c28734555dd234ca7de4999261bc7960f536ba8a35ad3d02c75f1c2bea0a0612e7d49c40397dd6af5ff58bae6a64b6a77e981f92d159e0b2bd205ab157052f47017a3e18aec944d0465ee0017e96148a6129f74d3ccb489fea13a15a9b9aced58c6ee0e6e84e05fdadfae07b334a98fc37f7e511cd5a44e9c74e478d349e30e29aeb46a4df01e4307fe65e1394a758f6ada2fb120225ccd50a49013e6c9f175af90f3fc8c57e7a6a969a916c3f1aacc22f3e01a070cc48e6fd878e2bd073df9ee6f059b98568404fc7eae7d4bf6fa16c0c803c6be84e8b79c67affc8c88cabdeebc1134bb2386e22ba4d2e9e0f3e1ab3a0dac7c80ddeed773cda0c41dc9defa67fea37769cb4a1e1522d7e0b3d7c4638bcd983153d478be5ecf2b6ab1b40124e4222b8caa4647bd50d74d203943ab20938d5f27d908a673674046ce2ef18e858b0a01a7e7530ded0f8cc89ef09b73ca597cf73afbc9a271a4d23c92fe591883c440109c4ef416670b7f2c5905b77f65f56d09d40250356f9b1dbcaf1ee2c0b63696f84d68ddbea160085151a9526274d7b846cceb6c4348098484de3bb723ae5e85276df49f5634130ff905754f: +01a247943afe83f036b6b60f23d97774fd23208edc31cf3d8820e9dc636611038c97a58be0e847c48a6a3987cfe250a8d7b07d97f961f6b7b79e7d8042b8bd7b:8c97a58be0e847c48a6a3987cfe250a8d7b07d97f961f6b7b79e7d8042b8bd7b:08d81495da77f407255cc41a818eefa727e2c47ae411f4b541f01f811d906d55fb1e3c9c484df30565364de9dcb9fea0af66112fe75fd11ae81d2641b547589f8b974a97e7976ed692aad640edd288bd863d11c4ca9836f9d7c115c3d98830d64247cb6f8fb603c6981133552a3204041961bdd83e2f9deba770c0394f9b602a453551074921a3de28321369d7f8ca640c45109e8f522c97ed9f35b9277a350e295931b42e0135e94a92fed363d6cae392f7c45199327e24b4cfa5898ab599ae7bd50bd3a00c0d007e95faf8f2ae103802ca7e53b279184d06905f5748ca8be1f72e668cb83283dd00406491f8b9b4e5a9d4a5438b2fa4371e0b05686f87575baa796e302f08ffc425662750a33a0c9cfaa4b4d7041f9264fed7be4f9fde2cac68a2158236f6ac43047e911f4c4e8bc663fdd50517dfaa8fbcd219dd7a0e9369f43d0dd25b4f0cf930f20b7b7c6db9d5be0c6e1960941a3e04d141c03e5961aa33e9024477d533c995378796bf2292ade922695b14569fc339b3d9085c63fc6e5bef4d990c80333a6b57af478f938e3ee738b1d129bd976afe686128bcac08ccbeb0349b9b537313bc7bf591c65d4a7123ad30bdbe1486b428084748b6507f6f5ef67c26ca862cf726aac140b861ae0dc74bb3c0b489789f17145e9a855a3e2b5daac418d8353733239ef69c7b565b5303eb87bd7f649abf40a2f135a29ed27e3be4c12cd6ddd2e5418a99974383663f5849bf3ce5532bf64a80aa521191d25390bc19a45eed1d3feca1d9fcc0db031bfb48e450be3d4593356d5ba0f31047b457745f21e32ebea3ca6c35f05d78d8c31640b0fecb9401165675c7f9cbb19bc4b5677c2ccedc4e7aafb84184c19199aca0db21cf5067dc3af769bcc629355ff7257a9efd71a6a92d130d35abee6e70605b5cab93c028fac3aa2344ba861ac1e8ce9a4b070c3df740d28c5ece0f1bc31c2d7d1e5ecc76104480939133a18660e4a3e4846b2517be3b8e7afafe078391d8aa8e5c30137e85d94d64a279fbee:ed2ced1a4fddb3442a637348179a6a5beedcb44c8e988ca26f78936d2c8db5c516d54b8c4f08d91dd7042ab6ab26d87f230eb2b2156f3ce2994fce7c2b0f100e08d81495da77f407255cc41a818eefa727e2c47ae411f4b541f01f811d906d55fb1e3c9c484df30565364de9dcb9fea0af66112fe75fd11ae81d2641b547589f8b974a97e7976ed692aad640edd288bd863d11c4ca9836f9d7c115c3d98830d64247cb6f8fb603c6981133552a3204041961bdd83e2f9deba770c0394f9b602a453551074921a3de28321369d7f8ca640c45109e8f522c97ed9f35b9277a350e295931b42e0135e94a92fed363d6cae392f7c45199327e24b4cfa5898ab599ae7bd50bd3a00c0d007e95faf8f2ae103802ca7e53b279184d06905f5748ca8be1f72e668cb83283dd00406491f8b9b4e5a9d4a5438b2fa4371e0b05686f87575baa796e302f08ffc425662750a33a0c9cfaa4b4d7041f9264fed7be4f9fde2cac68a2158236f6ac43047e911f4c4e8bc663fdd50517dfaa8fbcd219dd7a0e9369f43d0dd25b4f0cf930f20b7b7c6db9d5be0c6e1960941a3e04d141c03e5961aa33e9024477d533c995378796bf2292ade922695b14569fc339b3d9085c63fc6e5bef4d990c80333a6b57af478f938e3ee738b1d129bd976afe686128bcac08ccbeb0349b9b537313bc7bf591c65d4a7123ad30bdbe1486b428084748b6507f6f5ef67c26ca862cf726aac140b861ae0dc74bb3c0b489789f17145e9a855a3e2b5daac418d8353733239ef69c7b565b5303eb87bd7f649abf40a2f135a29ed27e3be4c12cd6ddd2e5418a99974383663f5849bf3ce5532bf64a80aa521191d25390bc19a45eed1d3feca1d9fcc0db031bfb48e450be3d4593356d5ba0f31047b457745f21e32ebea3ca6c35f05d78d8c31640b0fecb9401165675c7f9cbb19bc4b5677c2ccedc4e7aafb84184c19199aca0db21cf5067dc3af769bcc629355ff7257a9efd71a6a92d130d35abee6e70605b5cab93c028fac3aa2344ba861ac1e8ce9a4b070c3df740d28c5ece0f1bc31c2d7d1e5ecc76104480939133a18660e4a3e4846b2517be3b8e7afafe078391d8aa8e5c30137e85d94d64a279fbee: +91fdefcdbc990d3e8eeb60170434da10831b03081f6afd0d7e12b10011e02aefc58d3e20b8d47ba455b912572dc840815e3d885fa5917d1da48408b9a9564098:c58d3e20b8d47ba455b912572dc840815e3d885fa5917d1da48408b9a9564098:5b0c1a3a95e0ba7474766c9badfae34ab860e0a6c033a22fba721127f5bbeee8e2cbde1a1dfeb18d551c95994d21e3ebc68afae685444a3a4195bc755538903acfa6715592dde256e7a1b4c363eca71ef0f3a48ae3442d50d5661b394096b7ec27bbf52953f3040cd25b78ce475527e0cc59f1ef9ae2e0590431582b2df8141499829a2c5f7bbe3598e4c96cc01ede2f43b65605b488593709c094b5a042b28555fb5227a6d156376f3ff07bd5c8bc6804d39a3282ac5970ba08aebf7542b845f6b5c238c2ce20443f7f7755d75fe4fa16b9644ca3e21d91a9a87c686115748a16c0ae4ae4e16d1c71ae600b39cd25e5633b399fee7ff2e362bed25125c6fd5c7f5ffa2da2353fd35b784a1b1b0319774758b7390c44dcc92fca4201dfe1a37569de05f0664d08b90d6e2badc21b92f9ce872142357b9615080ab7659a246ff0852adb17dfda70cf1754157b13bc032b4c5deb8e1068b4692b93165da35efc9da86acbe6f80f01bbc26f575ec5af5b050e9828afde6c3b78e733eb5a912492f765bcad731b95e3ab8896b61758bf913b9a1568f9c5b46033cf45dcc1750da2066c608dc3d343738e848dc390cd474432e991d7aa2c5b2781421efe55e36b0b42c1f49ae277480b0fc5ff685bb5a31be3a0fa44823816077037548a5c9b0e1cc6c63504a407579a3632b3c96fcd0de5ea1e4d6e87c0caf7b6cae3120db8b1f4615ce6a75a81654f390428b64c213e727eec3ae7f9f42db906f4de1fdadd34a3da2aeb12b4d9a185f4a60cb0c26745f530b481fc976a093ce24a30916af605ee94b08785193a949d569c4b7ef59603bb624360e7b408d98ca509daf5a92a6d4015bdb6f97ad4ff0cf05c8f0cd5476a934426a059f2444446e5864f089e0f0675615910662d7c1e79a6c75fa314b7ba2c643b0d37653eefe593172d1d332c8dd64492eaf104fb1957baa52049442d10b56af8eae8ff82cd8f46a0494bec2fcb9fadf10cf71a6eecd0547dafdc7adbaa4503783f943a46b4ad0e6dd7f2cab55617:510112223b33a5ab1564f7537191cd292a9dbd5a323d7add0584c1b0ad00d0ac7199c3fb758e913ff3d716c2e90dd90d4e8f59951e87ef8b78214a5175c4e6085b0c1a3a95e0ba7474766c9badfae34ab860e0a6c033a22fba721127f5bbeee8e2cbde1a1dfeb18d551c95994d21e3ebc68afae685444a3a4195bc755538903acfa6715592dde256e7a1b4c363eca71ef0f3a48ae3442d50d5661b394096b7ec27bbf52953f3040cd25b78ce475527e0cc59f1ef9ae2e0590431582b2df8141499829a2c5f7bbe3598e4c96cc01ede2f43b65605b488593709c094b5a042b28555fb5227a6d156376f3ff07bd5c8bc6804d39a3282ac5970ba08aebf7542b845f6b5c238c2ce20443f7f7755d75fe4fa16b9644ca3e21d91a9a87c686115748a16c0ae4ae4e16d1c71ae600b39cd25e5633b399fee7ff2e362bed25125c6fd5c7f5ffa2da2353fd35b784a1b1b0319774758b7390c44dcc92fca4201dfe1a37569de05f0664d08b90d6e2badc21b92f9ce872142357b9615080ab7659a246ff0852adb17dfda70cf1754157b13bc032b4c5deb8e1068b4692b93165da35efc9da86acbe6f80f01bbc26f575ec5af5b050e9828afde6c3b78e733eb5a912492f765bcad731b95e3ab8896b61758bf913b9a1568f9c5b46033cf45dcc1750da2066c608dc3d343738e848dc390cd474432e991d7aa2c5b2781421efe55e36b0b42c1f49ae277480b0fc5ff685bb5a31be3a0fa44823816077037548a5c9b0e1cc6c63504a407579a3632b3c96fcd0de5ea1e4d6e87c0caf7b6cae3120db8b1f4615ce6a75a81654f390428b64c213e727eec3ae7f9f42db906f4de1fdadd34a3da2aeb12b4d9a185f4a60cb0c26745f530b481fc976a093ce24a30916af605ee94b08785193a949d569c4b7ef59603bb624360e7b408d98ca509daf5a92a6d4015bdb6f97ad4ff0cf05c8f0cd5476a934426a059f2444446e5864f089e0f0675615910662d7c1e79a6c75fa314b7ba2c643b0d37653eefe593172d1d332c8dd64492eaf104fb1957baa52049442d10b56af8eae8ff82cd8f46a0494bec2fcb9fadf10cf71a6eecd0547dafdc7adbaa4503783f943a46b4ad0e6dd7f2cab55617: +ef00b3c181f6327d02256751cb51c2c36c0c0a78076340548f5bc070d86d9e26db14cd32588fd741e8f42e5121cc811ad45063f28141e83c668f07d91228f049:db14cd32588fd741e8f42e5121cc811ad45063f28141e83c668f07d91228f049:7d6abec7a11af67324ce17b1d20bb40c668a219bc95df05e325d86f88795e264d454fc5fa7d9c8aafe77e90a6af6b57453d85b970b552a856ba659ab31bd8a660eb7d3587b453e5c5fc6b79472b26e8ff7dd6db6be3572548b0d754ed4d985b8d9965f88b952fc4fa3b761ccffc35354db0eb9c5a171718a8a5592870213827d3691bae7fd9c63f20503e04319b5e953579de47e3ef8e1628549503cb4f6871ba25db87347080e531a517a8b7221e6ad84dff83256d9ab9a433de871b9cb9c5044589e67206b317a5206aeba96c92fd6094071c644fe52658ded9220cf6abd50e2305a1c90fd66aacfb38eb05eaff6ca5f85f429cd57716eb87739a02b64cffa08c4f685b00310b5b4844920df215a9f24a17613aef85fec94f511dc8a4294eddcea11c08c0b399a23d916383e29adeb98c65d41c705a57f840520fa808d7fd25fdce159f7a084d062974b30132a571242baff4196246d6d757b312e9d608553d2dc53b623b2e95c7538fbc5deb62ba73776d85e5118fa1a302d4d076d99e100f0df119c33fc66cdfe6fd44d71997b78c8f7890c707346056220d1e9de88bc173cf0b76cb302877ec16af46e4c31639f54eedc16da9d9eb0ad95bda545dfc4a732b6da9814136ab1b9392a071b022473b3490557698b77e7447ac8590dcaf4f242ad3dfbc0df716cc0ea753626973df08d935d178e3312fbe2a7ba9c5093c53b9255eaca29b72578e3ba1bdfaf0c9ece21a5dff6ea421524f70fc1904e9a2cf7c518bfcc7e3673ee87ff27e1ca2ac32bcb4091cb34a82a71563ff6a6a15da0ebd5bd10256ce960f4eaa7fe35e128886050d049fec3a4ab16d5b0c107267eae1ab801ea5b91983839da1c488c12f864d7c3a77f2b6ae27d540109f68d78364bb627183bd503917547aaf3b3a1809da02577b3f03a9a3f5af48c8802e297c8bb63db6a86d3ea727a6d7148b3aa444b8d168f38c6c8f24088a49af33177a344adab2cf6e08e0cb0371ed52bdead132f77e7ae3ee5d8fb17afc0a0bb7311b9560b67:139f9cb99b995be6588cddb5051694838f9d82a60761fde304b0027ff86584bf65c73cc6d253e560f65525df04bfe146c83b42269cf3780f8bc392437894ae017d6abec7a11af67324ce17b1d20bb40c668a219bc95df05e325d86f88795e264d454fc5fa7d9c8aafe77e90a6af6b57453d85b970b552a856ba659ab31bd8a660eb7d3587b453e5c5fc6b79472b26e8ff7dd6db6be3572548b0d754ed4d985b8d9965f88b952fc4fa3b761ccffc35354db0eb9c5a171718a8a5592870213827d3691bae7fd9c63f20503e04319b5e953579de47e3ef8e1628549503cb4f6871ba25db87347080e531a517a8b7221e6ad84dff83256d9ab9a433de871b9cb9c5044589e67206b317a5206aeba96c92fd6094071c644fe52658ded9220cf6abd50e2305a1c90fd66aacfb38eb05eaff6ca5f85f429cd57716eb87739a02b64cffa08c4f685b00310b5b4844920df215a9f24a17613aef85fec94f511dc8a4294eddcea11c08c0b399a23d916383e29adeb98c65d41c705a57f840520fa808d7fd25fdce159f7a084d062974b30132a571242baff4196246d6d757b312e9d608553d2dc53b623b2e95c7538fbc5deb62ba73776d85e5118fa1a302d4d076d99e100f0df119c33fc66cdfe6fd44d71997b78c8f7890c707346056220d1e9de88bc173cf0b76cb302877ec16af46e4c31639f54eedc16da9d9eb0ad95bda545dfc4a732b6da9814136ab1b9392a071b022473b3490557698b77e7447ac8590dcaf4f242ad3dfbc0df716cc0ea753626973df08d935d178e3312fbe2a7ba9c5093c53b9255eaca29b72578e3ba1bdfaf0c9ece21a5dff6ea421524f70fc1904e9a2cf7c518bfcc7e3673ee87ff27e1ca2ac32bcb4091cb34a82a71563ff6a6a15da0ebd5bd10256ce960f4eaa7fe35e128886050d049fec3a4ab16d5b0c107267eae1ab801ea5b91983839da1c488c12f864d7c3a77f2b6ae27d540109f68d78364bb627183bd503917547aaf3b3a1809da02577b3f03a9a3f5af48c8802e297c8bb63db6a86d3ea727a6d7148b3aa444b8d168f38c6c8f24088a49af33177a344adab2cf6e08e0cb0371ed52bdead132f77e7ae3ee5d8fb17afc0a0bb7311b9560b67: +d071d8c5578d025949932aa6bf6a80b1cc412f106f91574ee24654b445ee9a979bcbf7d2212fb62cccf8b6c76803a5ea24409da6287efbb8b1f0c7b30ebdd93e:9bcbf7d2212fb62cccf8b6c76803a5ea24409da6287efbb8b1f0c7b30ebdd93e:3e8ee70e51e56ef57f6e66b3a884aa04a7b4d4599fb9b43996b393a868093512ea741a0c6a94f40ce49862d2fd1f7551f4647abd8075bc1b742ad40e29a60461301224fe8f7692b14772782b4e896b63fe05abd5ff5314f9ec8075f28d908ccaaace5e905ea7f57a491b99b3591eea54a6b7819167749d38a047620676a1a7af11f485a55b7c879e6850380858c8f45c0c1ccbd7406ed099d84a7471b9350c4ddb28470bf5bf327d5b3c22d899b4c660839e104a0622ae85c84aa9fc7f0a2c7ceb6e691c49c064b5313499683e8e03b2115eda7ddad55a49f9fbe62544f914511cfbec6b84dbde7e80909b45fb10502e2caaa72124fd9456a3872f9592707e9a4c5012daa972eaf65fabe553debe825701efef5c756bb465e966ab68dd52f3dd00a45cf6dc3f19b86bb0db4a86e4669885a074696a67d8ea2118c766ef625f8a98026f9f4a3c5cccf9846fdc90ed93ec7c1f3c7086954fa2f0a4ca96d40184aa57545527a1f965c11d843c90c5a5e08d7c11f2d561004e90574852eb5046aa1ea7b61009fd5dd7d6242a8df58a9e8e555c7f4cdc130d6901bfe6797fdc6c39beecfbbab6625b2e4fb9d8000276d4a94fc6fc1051fefff5adeb724b87090db0a2c697d056664d991fad80dc80fab700b1f1f2ee27734ebc26b2a641c32a0c911b270ac76b0da5c08914971c9112463a70709c0ddac7910016f913f6210086d7255cef11955710f651889c83621dd8a4fcd5366302d6c9b56eefcfac85c14a9478b6d718075428800760515cab5f3d4455e2b970df9fe4be8383d70483bbdd756071f53b2f9c275c7c8512d163518fe555837514c86776c947f29a77570287446b69be40c8d4abbd65ef2507249b5aec33acb7b8bd3f35bc859ba4e37bdb49cf913d93989c4438d2abcfa388cc89d78ac06270656492e7528f29bdfe8cbb9bfa9e73c1da013fc3ce2105657613ff62bb0c3bf4dee3b0d2659c726e7bcd9e97ecce9247d4600dfeaf60444ed862b00ba11e70ea88d4f0b6b539fc9f36bb2a1a9ed2b3:0c297abe0fd8ebcc6b771998755e2c6be07c812b5a80544957063170ca69432e72b60daae322958a2238cd6a462894a387eef65bf96f63f54c085687a502750e3e8ee70e51e56ef57f6e66b3a884aa04a7b4d4599fb9b43996b393a868093512ea741a0c6a94f40ce49862d2fd1f7551f4647abd8075bc1b742ad40e29a60461301224fe8f7692b14772782b4e896b63fe05abd5ff5314f9ec8075f28d908ccaaace5e905ea7f57a491b99b3591eea54a6b7819167749d38a047620676a1a7af11f485a55b7c879e6850380858c8f45c0c1ccbd7406ed099d84a7471b9350c4ddb28470bf5bf327d5b3c22d899b4c660839e104a0622ae85c84aa9fc7f0a2c7ceb6e691c49c064b5313499683e8e03b2115eda7ddad55a49f9fbe62544f914511cfbec6b84dbde7e80909b45fb10502e2caaa72124fd9456a3872f9592707e9a4c5012daa972eaf65fabe553debe825701efef5c756bb465e966ab68dd52f3dd00a45cf6dc3f19b86bb0db4a86e4669885a074696a67d8ea2118c766ef625f8a98026f9f4a3c5cccf9846fdc90ed93ec7c1f3c7086954fa2f0a4ca96d40184aa57545527a1f965c11d843c90c5a5e08d7c11f2d561004e90574852eb5046aa1ea7b61009fd5dd7d6242a8df58a9e8e555c7f4cdc130d6901bfe6797fdc6c39beecfbbab6625b2e4fb9d8000276d4a94fc6fc1051fefff5adeb724b87090db0a2c697d056664d991fad80dc80fab700b1f1f2ee27734ebc26b2a641c32a0c911b270ac76b0da5c08914971c9112463a70709c0ddac7910016f913f6210086d7255cef11955710f651889c83621dd8a4fcd5366302d6c9b56eefcfac85c14a9478b6d718075428800760515cab5f3d4455e2b970df9fe4be8383d70483bbdd756071f53b2f9c275c7c8512d163518fe555837514c86776c947f29a77570287446b69be40c8d4abbd65ef2507249b5aec33acb7b8bd3f35bc859ba4e37bdb49cf913d93989c4438d2abcfa388cc89d78ac06270656492e7528f29bdfe8cbb9bfa9e73c1da013fc3ce2105657613ff62bb0c3bf4dee3b0d2659c726e7bcd9e97ecce9247d4600dfeaf60444ed862b00ba11e70ea88d4f0b6b539fc9f36bb2a1a9ed2b3: +e9d486c29ae811b942e10d81f0a6716317b842c2c5bfdef55cc432b7fcaeb81843a52d15b9f731d737b1c4dbc32227a480963091d2c6286f482ef1e8367054e5:43a52d15b9f731d737b1c4dbc32227a480963091d2c6286f482ef1e8367054e5:14fe1ed5bbbd76cc73dc5650bda92de86326e24d2f1f6224ba8568944d6fe3442675db96f1d8498f1634ff9b6e50cba9db4eb0b0b021b2becfce4bef33c4ce0e32c8a98389eca9e059a662d6f037c54aa40c76cdeee85650f089ea56e1383ab0f5c36f6d6645ff7e87667301f944fdc2ed35b0d2c35cb2e4b45636e7498e927f5846b3e1edfbd160a4aef3320c3428496bdaaf7d3ed56ef0b7254ac597be589a70584416300c1adcfba4f22cfd4cd661e1f50f155d172fa5748d296b29cdd7eb8121483ff1d9fe953f9451c7c7a542007285ee7246bc0fdea938814029abce057a0ecb974b12d360eab6afd30797d61445ad2bac7e52bce4346315f78eb87542d59528b2f6c56d66241cb442033f643d3d2a67cb637d8da95d4fd1234b031a3e51723a1d26e6f5ca07987321ad11a90fcc1d4e2b0b896650c3a7518d565529bea806a05d447e08d2a6a3dbf1a36915b2957ca5b40e58b97ad0369735c428bd6d69bd210044b651418d98b059d90c83e46011f41c032c5655a5ef21ac2c8c2bc94be07e45426a7ae5d47b45f27cf4289ca4ddabe08a12b910207dabb34a46ab75ce69b58e7e17664bf3359a8fb68eb032c9eaa6df873829f0e0848553f732e1c3c084b32b7af75074e7bbaa4eb5d7ead7aff97580109b60f4c792f9e2a65137b0aa48175b8115d91305f4c77e2d08e7e8d7e7785c966842c2e350fed4f9e33bf6e184c550b4b06e957414edf52fa079e81973458461fbb9b7d7d34bef150357f432caac3ae9f3dc96eb5a2d123e09eda1702e1d1070177bb220c423c096ec24424385c679be02ef84d09ed102f49cad3b1fd670679a39714ff1d6e4228d8d7d0e19ed0eba132f2128d47baa569a8ecb7bd48a826282f9cfcbf60ddeceaf1d02132c8affed3a03d2340deb787cd649c51c6ecb9ff75d7a7b4ef9b15139cfea2762ab18615197a6b51f6e75dbd04573a2448094d0cdeb0fe4585883ff9b68824a04b83ec91cf84acd6a7446cb1f5ee37d5df80f17cb2bdc3f3122a8faf76ebd06cfe817:65191aa885ddab9f67271879952fc6affe41ca20eb3bcd86673161b03b532694d6dd88908eb1b1eec003cfcbe6146b4538e21df55969912a0d7d8818ad79590d14fe1ed5bbbd76cc73dc5650bda92de86326e24d2f1f6224ba8568944d6fe3442675db96f1d8498f1634ff9b6e50cba9db4eb0b0b021b2becfce4bef33c4ce0e32c8a98389eca9e059a662d6f037c54aa40c76cdeee85650f089ea56e1383ab0f5c36f6d6645ff7e87667301f944fdc2ed35b0d2c35cb2e4b45636e7498e927f5846b3e1edfbd160a4aef3320c3428496bdaaf7d3ed56ef0b7254ac597be589a70584416300c1adcfba4f22cfd4cd661e1f50f155d172fa5748d296b29cdd7eb8121483ff1d9fe953f9451c7c7a542007285ee7246bc0fdea938814029abce057a0ecb974b12d360eab6afd30797d61445ad2bac7e52bce4346315f78eb87542d59528b2f6c56d66241cb442033f643d3d2a67cb637d8da95d4fd1234b031a3e51723a1d26e6f5ca07987321ad11a90fcc1d4e2b0b896650c3a7518d565529bea806a05d447e08d2a6a3dbf1a36915b2957ca5b40e58b97ad0369735c428bd6d69bd210044b651418d98b059d90c83e46011f41c032c5655a5ef21ac2c8c2bc94be07e45426a7ae5d47b45f27cf4289ca4ddabe08a12b910207dabb34a46ab75ce69b58e7e17664bf3359a8fb68eb032c9eaa6df873829f0e0848553f732e1c3c084b32b7af75074e7bbaa4eb5d7ead7aff97580109b60f4c792f9e2a65137b0aa48175b8115d91305f4c77e2d08e7e8d7e7785c966842c2e350fed4f9e33bf6e184c550b4b06e957414edf52fa079e81973458461fbb9b7d7d34bef150357f432caac3ae9f3dc96eb5a2d123e09eda1702e1d1070177bb220c423c096ec24424385c679be02ef84d09ed102f49cad3b1fd670679a39714ff1d6e4228d8d7d0e19ed0eba132f2128d47baa569a8ecb7bd48a826282f9cfcbf60ddeceaf1d02132c8affed3a03d2340deb787cd649c51c6ecb9ff75d7a7b4ef9b15139cfea2762ab18615197a6b51f6e75dbd04573a2448094d0cdeb0fe4585883ff9b68824a04b83ec91cf84acd6a7446cb1f5ee37d5df80f17cb2bdc3f3122a8faf76ebd06cfe817: +e6fa10dbb478e1e36b35dfeb0250f63c08515070ae79b22f047e271708d64f5ce02e1f2bd8792ef483481c6d11f7c7c9dbdeecc9859432e7f279e9d173d31164:e02e1f2bd8792ef483481c6d11f7c7c9dbdeecc9859432e7f279e9d173d31164:ad3160758d8c08a661525c95280a3718874969859f1cc918e34fec008acf23b8896e8d50c3c0512331dc89780f8b10fc349c675c4cd82a5df8586b43c864448fac00b847b9c98054ab793f63c71aa5e5248e22d069bd3f852a3b8c6e2ac8ef861d90bcd984bfca87583e59e9a7468f29b808dc2fe5302a989d6f2ecde7585cd9be4e4c761c4d4b3eeaf4699f6556ef039af2b80f9407605ac397351dd85595584495baa177b08c88d2ec1fc4e32d1c0b8d7e7ac5839dfb923f09b323e78eceb7e96c0604b01a19e49c9beaf4f25ec4a84c1a08f2380eddc3a7f012184959ccd19ecbbac65eaca155cee9ecfec11e7fee058e174fc4ed7c679f2c15631d4e1527bcdb0e3bb0815ffdffc0c856bef0dc0f5c8237f7098e26bdb69e8782d1ca5111ec3c7edb425dff8032026cba3d2e081b71310db9badad1ad02f1eccc537d874cd18c6bb01221f71ee66250d94cf8ecceaa96d3c57eea2b0a8ec72429d7606488bdf19ec3bb16e50867c7937def09fc783f20a2a5ec99253d6b240df4677dd2d5277b01c5b8e5bd6c7df0874205bc8c2fffdba1314674d31c9b2c9199228e19e0421834c1657d0698286916c7e392f0abd5545b963ac1ffa99721616c23796f85c34a5c664ae81d16b216a5b0cf5bc6b5a908297285d61644128f886f38af9edd25193d7ecc77a79994278da071f54495937feef5a51957527c3eec7cb0b4e8aa7a4e856defd57dd92334151b986aa69ca69260d1e2d7b53c05677ee0d216b28d036252dd3006debe1b6574a25e6b19dfb48fa64316af8fd68d7893b397e7db5780ab27bf8726fff605d3b46d800595b4624bee302c964326034b5234d175dfdcc2ce882e65b3d93a0438f692e9695de1f24c70a79beed25415ec5aaecf3391953b2ffd453a8f0467561a4a47ee144a43fdff83df2bea5f66a722b52abe8613f20c594af0982eb3f04505a52461dd034da86c36ca16217705c04823911d72a24769517633562886f250f2cf788b8f32864a9474f57e62e57de8fdaf959a6b72287440a8:c03c470359127e9de3af0e0ed7d3b19faee0ec140b79c299e2cb6dac0a3e7e314141cc854b4596ce4c51c7b0dec8a5c8cf0936205361d5365f4bcc07c4287c07ad3160758d8c08a661525c95280a3718874969859f1cc918e34fec008acf23b8896e8d50c3c0512331dc89780f8b10fc349c675c4cd82a5df8586b43c864448fac00b847b9c98054ab793f63c71aa5e5248e22d069bd3f852a3b8c6e2ac8ef861d90bcd984bfca87583e59e9a7468f29b808dc2fe5302a989d6f2ecde7585cd9be4e4c761c4d4b3eeaf4699f6556ef039af2b80f9407605ac397351dd85595584495baa177b08c88d2ec1fc4e32d1c0b8d7e7ac5839dfb923f09b323e78eceb7e96c0604b01a19e49c9beaf4f25ec4a84c1a08f2380eddc3a7f012184959ccd19ecbbac65eaca155cee9ecfec11e7fee058e174fc4ed7c679f2c15631d4e1527bcdb0e3bb0815ffdffc0c856bef0dc0f5c8237f7098e26bdb69e8782d1ca5111ec3c7edb425dff8032026cba3d2e081b71310db9badad1ad02f1eccc537d874cd18c6bb01221f71ee66250d94cf8ecceaa96d3c57eea2b0a8ec72429d7606488bdf19ec3bb16e50867c7937def09fc783f20a2a5ec99253d6b240df4677dd2d5277b01c5b8e5bd6c7df0874205bc8c2fffdba1314674d31c9b2c9199228e19e0421834c1657d0698286916c7e392f0abd5545b963ac1ffa99721616c23796f85c34a5c664ae81d16b216a5b0cf5bc6b5a908297285d61644128f886f38af9edd25193d7ecc77a79994278da071f54495937feef5a51957527c3eec7cb0b4e8aa7a4e856defd57dd92334151b986aa69ca69260d1e2d7b53c05677ee0d216b28d036252dd3006debe1b6574a25e6b19dfb48fa64316af8fd68d7893b397e7db5780ab27bf8726fff605d3b46d800595b4624bee302c964326034b5234d175dfdcc2ce882e65b3d93a0438f692e9695de1f24c70a79beed25415ec5aaecf3391953b2ffd453a8f0467561a4a47ee144a43fdff83df2bea5f66a722b52abe8613f20c594af0982eb3f04505a52461dd034da86c36ca16217705c04823911d72a24769517633562886f250f2cf788b8f32864a9474f57e62e57de8fdaf959a6b72287440a8: +058e3680b8fcc0aa1490089c1124677f98d74b1bfb71ee8663f025f0d946cd20ec72ce0e82c6a3b21243d2f00e9e883adbc5cb63b3d936efa50c07cb929148e2:ec72ce0e82c6a3b21243d2f00e9e883adbc5cb63b3d936efa50c07cb929148e2:e63d14f5bea7a1abb8fee697746c2280dfd0622de7357226cc0742722a3229be126b083e868aeaf07d2fc97adc3342709674193ca281744e850ea15440050aec930e45d7a87b8ac8015c8967c20033a532d29591b135586ce0fdd2e668b5c864b3bde70c7e719ad241931251861933ffbfa96483ff82856748c56dc26e257d692e5134d82fc7191c110d9590d3fc751cd636b0c46f44f8803e59e2f93fa0cbe247a1a625b4bc2c7b1fdceb5a2b22591fa6137c5404dfec6a69639e3f632b5976ab9fe1c63aa3da9d52b044008f3ae44b7c364f085664323a88eb4583e87140f763782bff8819cf741a875d506c929d34bbd43007de4b18f687a758111128b1db86fc5ad2fb9fcad12c9dd28fee5ad10de0739f8efd9bff66f840b11b3f91c5e07c21452cab24242b6e32165cd1e69572bf216e860453dad2fd129c333758580bb7d0f19509745e851463d127a5f9be21fe549cae55d56b8bea80bfafdac10acd838ea8af31c007dc32bfd74082d9110a3e91e61e0357587e4ed32827ade9b6910a988c1d3b2dd22c0ee76ef35fe15e099404a45d4b2acab9123ecc45550a40faf8336b46c630a9080358ff8b8e58af0bccbd35010c1ecc12816655a5eceba95ad3f503a18ec5bece3a33f469dfe917e1c55ef1d81e5a75561e6bbd99c653a6d095b9f387911e40332f6216f956a35cf7d99a9fdd0c44c51e90a564f1c36bf3d40a7faf4ba28b1a120b3205fbac1a98569290be37c58bbd745ce0fb74835270aba2252adaec157dc42461221a2cff687b9e65ceb57c2d77700aea6320486c5b1bec9cc53e7ef9e48fcd1b7783acbe75a6be0267278812dbf3d2576cf7ad3911271acebe0f2c04602a080c8b96c120fd86fda282aa4e1c131fe97c907c15855f87755f511c037befad0f56b39f32a2133a22f3d5a9bec3443f29a694e97fe05e10fb8ef9991302b9e0d84d929a19eb03471f3a8613d39368e15883a7e4970b53cbaf2929d8de431b48b435d7533caa2e36ceab6cddb346e535e515c4b3db76de07d9855414:5734ec50a7f82e48536bdc4370cfef2e150a631dabaf89edcf0fdabe4f5839f4f5fbd8df8ec4a3acd40a8bfb963d1855ff9274dbc33165b5e6d37a239dace903e63d14f5bea7a1abb8fee697746c2280dfd0622de7357226cc0742722a3229be126b083e868aeaf07d2fc97adc3342709674193ca281744e850ea15440050aec930e45d7a87b8ac8015c8967c20033a532d29591b135586ce0fdd2e668b5c864b3bde70c7e719ad241931251861933ffbfa96483ff82856748c56dc26e257d692e5134d82fc7191c110d9590d3fc751cd636b0c46f44f8803e59e2f93fa0cbe247a1a625b4bc2c7b1fdceb5a2b22591fa6137c5404dfec6a69639e3f632b5976ab9fe1c63aa3da9d52b044008f3ae44b7c364f085664323a88eb4583e87140f763782bff8819cf741a875d506c929d34bbd43007de4b18f687a758111128b1db86fc5ad2fb9fcad12c9dd28fee5ad10de0739f8efd9bff66f840b11b3f91c5e07c21452cab24242b6e32165cd1e69572bf216e860453dad2fd129c333758580bb7d0f19509745e851463d127a5f9be21fe549cae55d56b8bea80bfafdac10acd838ea8af31c007dc32bfd74082d9110a3e91e61e0357587e4ed32827ade9b6910a988c1d3b2dd22c0ee76ef35fe15e099404a45d4b2acab9123ecc45550a40faf8336b46c630a9080358ff8b8e58af0bccbd35010c1ecc12816655a5eceba95ad3f503a18ec5bece3a33f469dfe917e1c55ef1d81e5a75561e6bbd99c653a6d095b9f387911e40332f6216f956a35cf7d99a9fdd0c44c51e90a564f1c36bf3d40a7faf4ba28b1a120b3205fbac1a98569290be37c58bbd745ce0fb74835270aba2252adaec157dc42461221a2cff687b9e65ceb57c2d77700aea6320486c5b1bec9cc53e7ef9e48fcd1b7783acbe75a6be0267278812dbf3d2576cf7ad3911271acebe0f2c04602a080c8b96c120fd86fda282aa4e1c131fe97c907c15855f87755f511c037befad0f56b39f32a2133a22f3d5a9bec3443f29a694e97fe05e10fb8ef9991302b9e0d84d929a19eb03471f3a8613d39368e15883a7e4970b53cbaf2929d8de431b48b435d7533caa2e36ceab6cddb346e535e515c4b3db76de07d9855414: +51ba3a4f3d85d1548c2f2494a3511f3b9515663d7e85370fb6150237e9bc980b7749de0210bce06d48f59b95aeb1528fd9b4e52cdde22fb8193bedd5df12817c:7749de0210bce06d48f59b95aeb1528fd9b4e52cdde22fb8193bedd5df12817c:d18d0cbfc16d0f9b67f2539ad6207cd9217ad5ed0333cddb1041e0ac2bdd920276629652b49cbc9802593ec364ea795abcd1582085f55bc66c48fd3eede618d6369617100eaeccc15f249d6eee5bb2c43c01b0623fe603ceeee49b40fb7c53fc68473673c09b1ac77ea9beb7e8530379a86d69ecd1ff11813fbb88f692f05ef1320742b4fe7e06d5ba71656646cd7500de19bb93d844536603f40bd4aeeaf0c4dbc0acfd202b286b64afb83d4a378dd45ee3c1df6b3ef16b8b1accbc04063250ec47b86ae5a71d1dab38b5eb80d663faa788f8b59a754c0f9c9f6d906252af46ab1fffed276d2388dbe70d96ba6747d1fed4fc0b55293d5f787bda0c0df46a73f4aa7d29e1c9cc85cd043e3dffe057462ca5fe5c6470e739276f8b534c0172e460f340487a569468aa5890cc14f20d67d79c661e87febac6275971c3730807ebf175e0de1049bee67c895e57b71ab8a2f3cf3641fd548d09414f5fc3026a0a35f6ba951673944941cb236f3d1976dc69077d951450e7660316988f6f2a6fbbff3b37ceaa02fd6f0273bd803185a109039c63f2519b983daf6554253bed5497c0b0bdaa0bd4a1fac90026ade3e40c554cff2ccb36990e71556708c5c4039256ffc7337e5fea11f5e90d3e4d93359179116a85c24136ca34835cd34012e4d7ddc7b721c246c73700e276dc2ff9f2770b43c8e80a17f01d32680bae228e6423a880c3fb996ab8d221bc6274ac5fa770d205fc878fba9bbd776a3d79ed77048950f36dc0aa3ccd28e4756a991904ae051b8a4b7de3a1f2ad0fb45a33d0c68225841f8eb65b6a16e95f893591e1aa73a64f0d2ee938ab69adcc8c59518bec501c39f139174bbb00699e1a0f0e0d889aae543a55e6ac56d5204c1ade1f27d82a6a95e14b2d6909dda7bfaa7f487fb61959014b78795cb4639f09f0d329feb35ccf52edc2db721914e423306889a483fee876360ee326335319070c564f3a8b953f52f41513a2260883c38dd978a248604a41bd4bfc9e84184dc9e84d2589f4afff8417824ce5adba:16fb290c913b20eb1c3d7b798249eb8459d4bee8125db2b3f1daab8af9d9a700ed798addd802dfcd297a412593cda7be9979a1f09350e86f698ac3380e341d07d18d0cbfc16d0f9b67f2539ad6207cd9217ad5ed0333cddb1041e0ac2bdd920276629652b49cbc9802593ec364ea795abcd1582085f55bc66c48fd3eede618d6369617100eaeccc15f249d6eee5bb2c43c01b0623fe603ceeee49b40fb7c53fc68473673c09b1ac77ea9beb7e8530379a86d69ecd1ff11813fbb88f692f05ef1320742b4fe7e06d5ba71656646cd7500de19bb93d844536603f40bd4aeeaf0c4dbc0acfd202b286b64afb83d4a378dd45ee3c1df6b3ef16b8b1accbc04063250ec47b86ae5a71d1dab38b5eb80d663faa788f8b59a754c0f9c9f6d906252af46ab1fffed276d2388dbe70d96ba6747d1fed4fc0b55293d5f787bda0c0df46a73f4aa7d29e1c9cc85cd043e3dffe057462ca5fe5c6470e739276f8b534c0172e460f340487a569468aa5890cc14f20d67d79c661e87febac6275971c3730807ebf175e0de1049bee67c895e57b71ab8a2f3cf3641fd548d09414f5fc3026a0a35f6ba951673944941cb236f3d1976dc69077d951450e7660316988f6f2a6fbbff3b37ceaa02fd6f0273bd803185a109039c63f2519b983daf6554253bed5497c0b0bdaa0bd4a1fac90026ade3e40c554cff2ccb36990e71556708c5c4039256ffc7337e5fea11f5e90d3e4d93359179116a85c24136ca34835cd34012e4d7ddc7b721c246c73700e276dc2ff9f2770b43c8e80a17f01d32680bae228e6423a880c3fb996ab8d221bc6274ac5fa770d205fc878fba9bbd776a3d79ed77048950f36dc0aa3ccd28e4756a991904ae051b8a4b7de3a1f2ad0fb45a33d0c68225841f8eb65b6a16e95f893591e1aa73a64f0d2ee938ab69adcc8c59518bec501c39f139174bbb00699e1a0f0e0d889aae543a55e6ac56d5204c1ade1f27d82a6a95e14b2d6909dda7bfaa7f487fb61959014b78795cb4639f09f0d329feb35ccf52edc2db721914e423306889a483fee876360ee326335319070c564f3a8b953f52f41513a2260883c38dd978a248604a41bd4bfc9e84184dc9e84d2589f4afff8417824ce5adba: +7ddec526a4971d8912a6bd43c69f92ed86442b15f42fbabbf2d17eff989931610dfeffb2762309b4734e4ce2523cf1863149f7e19a7c147ec0899e110ca9d87d:0dfeffb2762309b4734e4ce2523cf1863149f7e19a7c147ec0899e110ca9d87d:e8774a45d4d8f86dda5c08802ba2472ef3c8d36c7f383ac04612a464382e9d6c07d8d35822c53f4388f5153614fefaf46374747b9d4fd446a864769a4cade843c1eab8574319112f0179d2ea9e3c195dc068f0697462b9e07c8794870f8fb8ffc081e4586afbcdba7a4f5925e9fd9ec942d8434733c2ddd5e29bbdfc7342b92868719b544088a48eba4c82f187ddca8f474625a71cf6b7aa5f081c74f7408f53b781636e7e9d29b07fdb6d9c35e5eb382db7a31a8ba516915df8dee9e1ad3f182843683e8d1dc5d8669dbfcf09541a43c0a04613381a5b5e4e71b23c5ad09b8eaa51cb938d0c752cc3d3a10f10b42be8ee7f6bdac8078568434946bbf56da70e7d54157a6efd4846eb155278c94c3888658a7a2f8ea3bac147aa891692ae8b23f1afe71ecfdecaa6c113b5caaaa19398c7dfe73facb4155fd6bac18d5df2129e8b2907ecee151bdd147a7c3e46ea72754de32ceb066d9db1c26e80df3631292b16174cfa6f1d9c0828b849c22d29651a73e910d9275877f464ce9326c6e4ed6b07dcb3a35363c1aa6472e02c5cd855e38aabe965ace9f3f5a4f5de03008694cb90afe416c9d48688de7f75cfe243ff7f41e059310934903db568844508262c899dfa750cd6a2829824ba027aea1b6d0177726a343add4ecdc5f7e6e909ab7de615ef2807f9e7d71ce2f78acff57eba79c3f5e07c8b661c1e3027f8176d28bfef767dd68d4e5d628fec0bfe88799341f306128734fad202aafc9f11123fb3e363d10aee0db5e27a1570dfaee47e24da473b07fee59a6c93f0981dbe325cd8cc2d2ed7dc17166b267c1b110536f2636bba34751a78f7f6298182442d83c123bbee4f50c5b0facff03e7c556ed9e64ca27c4bca5ab0de0d5f9c2cbb54cc2d9473a32df999390ac2ffeed3d4cba34973dcec3fbabafc4d54cae4e7e85d4a6e8afe45cacd71e0f2e6d04b4f9d3bcf43d3fa41e998ccbed0f150d5ca1d5272932d93eca10495c68334fa3268f31de522cb12a7449ffb5cb5e8f1462cd9b51770ccaf58b1e0d82ef929:9e603b015f42871b78eb27523fbb7ce962fca32ae270e8e12dcadd25aa852b891f6fef77b59a546c9a7a7cacb55e1d32adc805ae5f61a69e6764c7c08292eb03e8774a45d4d8f86dda5c08802ba2472ef3c8d36c7f383ac04612a464382e9d6c07d8d35822c53f4388f5153614fefaf46374747b9d4fd446a864769a4cade843c1eab8574319112f0179d2ea9e3c195dc068f0697462b9e07c8794870f8fb8ffc081e4586afbcdba7a4f5925e9fd9ec942d8434733c2ddd5e29bbdfc7342b92868719b544088a48eba4c82f187ddca8f474625a71cf6b7aa5f081c74f7408f53b781636e7e9d29b07fdb6d9c35e5eb382db7a31a8ba516915df8dee9e1ad3f182843683e8d1dc5d8669dbfcf09541a43c0a04613381a5b5e4e71b23c5ad09b8eaa51cb938d0c752cc3d3a10f10b42be8ee7f6bdac8078568434946bbf56da70e7d54157a6efd4846eb155278c94c3888658a7a2f8ea3bac147aa891692ae8b23f1afe71ecfdecaa6c113b5caaaa19398c7dfe73facb4155fd6bac18d5df2129e8b2907ecee151bdd147a7c3e46ea72754de32ceb066d9db1c26e80df3631292b16174cfa6f1d9c0828b849c22d29651a73e910d9275877f464ce9326c6e4ed6b07dcb3a35363c1aa6472e02c5cd855e38aabe965ace9f3f5a4f5de03008694cb90afe416c9d48688de7f75cfe243ff7f41e059310934903db568844508262c899dfa750cd6a2829824ba027aea1b6d0177726a343add4ecdc5f7e6e909ab7de615ef2807f9e7d71ce2f78acff57eba79c3f5e07c8b661c1e3027f8176d28bfef767dd68d4e5d628fec0bfe88799341f306128734fad202aafc9f11123fb3e363d10aee0db5e27a1570dfaee47e24da473b07fee59a6c93f0981dbe325cd8cc2d2ed7dc17166b267c1b110536f2636bba34751a78f7f6298182442d83c123bbee4f50c5b0facff03e7c556ed9e64ca27c4bca5ab0de0d5f9c2cbb54cc2d9473a32df999390ac2ffeed3d4cba34973dcec3fbabafc4d54cae4e7e85d4a6e8afe45cacd71e0f2e6d04b4f9d3bcf43d3fa41e998ccbed0f150d5ca1d5272932d93eca10495c68334fa3268f31de522cb12a7449ffb5cb5e8f1462cd9b51770ccaf58b1e0d82ef929: +0b6590dd7c2f15f94a56e240169363c26732302b9d440b532723002e155d02d9cd18e032577c5576f223f3e3d8a1fa8e9a870fef09e9409faf40d7143e52fc44:cd18e032577c5576f223f3e3d8a1fa8e9a870fef09e9409faf40d7143e52fc44:71fe0fd55d5ed1206f28ee16e419fab6fa66a251fa6b0601da261e429f55b8d5ae3f3c52a17fe1ec734b810ab63aade4447039ca0ae4687c2435f561e46c5b309717ab31e0f64076b2169211572b74e18a1f4525a64fa717a5edf149758129cb04035e7e20ba4005b74809dec644504c2454a77f99b20c5374f3cee7d8c6b68b243cafb30098dce90490fdc3b92f54948f424639e19f8f2020d15513daefadd9e9b12a84761e5ecea088ad561f06209fd4423fcd003fbcd1873ea54963a2fa07c7476b1388f9015d9eac305bea5a3de194f55a17b42d599e5ce62c8b7c19e7e7096137b9d0a65e63c1a3b84538ca65369a20e8822fff5ecb57fc09b4e6845b4f24d4886971ac1ac28c77580ea5672ad14ce4441719c214546d0736cb7ad0bd9fb5b26c6d9c536bf8c857ae42577b36341d392b43323bdae7dfaa491986872a23d827c6ef8b57e7d00feae3834c466400aad1d367823984aa02d2ef492914ae1127e7551b812559378305e4fd52d8bc7e4157ecca451f43ee9f54c82153c7dbfaf7ec35238773051b4e587db136957ec571382b90590b5d1026024580966b7252d2cd3f4f1625c485ba906bff175992188978f2d6274f3a031749ba7e702f56547edc96ec267b84892880d750d7310ebf6db241253cabe4b25a977458c6ffc9e353e62adf05e6efc0fc1ebe89f527705bcc26b701285610d98aa3bf23872b6996d3de480e8d09d783c4a08cd383c9012635aa68978b5006818bbde44f2987479bcb2b711c1beeed27cf09970a164e454f710822eef555c1c7bf9f76d5254ce220c9aaa716847a249488f9cdb44c48f452ab52c40f6d03adc8bf3f197b25e3d127830e74fd81eb14f754205b3a4844c596b6e3a9936ad6fd9e80a16320b381c3ffc7b69eab54536f55abe22c91d898408e880c6dbf0fa5648d517772caa5353b25db6050d753faf198ec1d375de0fa72180a93bab03ded7716cb87505b68ac6a35e73d0fcf34457eff82178952142c7bac9dfd872a9a82f85b24b88fa42d4be0a0ca0b2c70f4c622:642d81acf38cf099a833a74f2d80b85448ec2b1a5ddc64470b213d54b7be6133689a7194f5d89792e16e5df755a4fd9ef4689ea952926e0e4ecb3bd481fd910271fe0fd55d5ed1206f28ee16e419fab6fa66a251fa6b0601da261e429f55b8d5ae3f3c52a17fe1ec734b810ab63aade4447039ca0ae4687c2435f561e46c5b309717ab31e0f64076b2169211572b74e18a1f4525a64fa717a5edf149758129cb04035e7e20ba4005b74809dec644504c2454a77f99b20c5374f3cee7d8c6b68b243cafb30098dce90490fdc3b92f54948f424639e19f8f2020d15513daefadd9e9b12a84761e5ecea088ad561f06209fd4423fcd003fbcd1873ea54963a2fa07c7476b1388f9015d9eac305bea5a3de194f55a17b42d599e5ce62c8b7c19e7e7096137b9d0a65e63c1a3b84538ca65369a20e8822fff5ecb57fc09b4e6845b4f24d4886971ac1ac28c77580ea5672ad14ce4441719c214546d0736cb7ad0bd9fb5b26c6d9c536bf8c857ae42577b36341d392b43323bdae7dfaa491986872a23d827c6ef8b57e7d00feae3834c466400aad1d367823984aa02d2ef492914ae1127e7551b812559378305e4fd52d8bc7e4157ecca451f43ee9f54c82153c7dbfaf7ec35238773051b4e587db136957ec571382b90590b5d1026024580966b7252d2cd3f4f1625c485ba906bff175992188978f2d6274f3a031749ba7e702f56547edc96ec267b84892880d750d7310ebf6db241253cabe4b25a977458c6ffc9e353e62adf05e6efc0fc1ebe89f527705bcc26b701285610d98aa3bf23872b6996d3de480e8d09d783c4a08cd383c9012635aa68978b5006818bbde44f2987479bcb2b711c1beeed27cf09970a164e454f710822eef555c1c7bf9f76d5254ce220c9aaa716847a249488f9cdb44c48f452ab52c40f6d03adc8bf3f197b25e3d127830e74fd81eb14f754205b3a4844c596b6e3a9936ad6fd9e80a16320b381c3ffc7b69eab54536f55abe22c91d898408e880c6dbf0fa5648d517772caa5353b25db6050d753faf198ec1d375de0fa72180a93bab03ded7716cb87505b68ac6a35e73d0fcf34457eff82178952142c7bac9dfd872a9a82f85b24b88fa42d4be0a0ca0b2c70f4c622: +c6d9acc5175fa2b8965c158c56ba0a5a666ad2c740cd5bb679bba9b1dc509284f5cfca211b02fba7720347703bf1631cb308fabcdaa67429527c5b7b676dbaef:f5cfca211b02fba7720347703bf1631cb308fabcdaa67429527c5b7b676dbaef:f245100cd2d31648f5f351bda564c9db4a35820cc30ef651337c4cd888070569d117a934b9c918e5df8b3744dd6620ccbc49f6b3e5782a30339dbb9cbed05dd2b3b8c5bf1546e70af636e6615c48b2c3c2d19fe35420df5314f63c4812b58e82a2a60b1802f38e505ce748017afa977d3f9b1b6bea2192acec73bdce12d65e684da4d8b41fa9a86f11086edc2d5296f67efc53ac84070fde13693eb2318f5a8c3b117c233422adcdd352f328f0ec699a4650c93f9b4a7d795d7fc2622a03d99b64f7b3dc3194f6c3b1b69d9907ce092401073f47a28f4799d229092a1b074129954be80ca4a3e6582ee05c302cacb7431d1ca6a451aaed7278abc7f78575241c2a2eea2e84cbf9a334df402109c028e345473a13af9b008e20bc8cf0bcefbb7aa727ec856e9925b4ddd99deba8f252911a590154b579a8aaa31f07dd5025df5cd8a09f742964cc8c365d8aff4eb1d79f6e5a07dac5f4ede92b4e2e61d34cc2d4f0aaaab037ad5fdb95de6cd5984ebaf7cce7f08d0ca0dbbe483ce3cb35cd790ca0427065a34df7f4c2af86efe9b765713aff257f5c1d54709527ad18ac33abcdeedb208064ebaea4835be4942b8fc666ad1b79b6651309e5ea1da302d7fba2e99f0e6319e82b9905a1ea482ba043b6800b330dc48b3313f59bb2f9e8a7f07eb1800a702745db14c6299a982dad897954445b7d98eb5837fd70bf190c649552c8e86feb7ff5b3ed8e0a06704d4553a3c2dd74f18ea8233ae0a50d914fe08fbcd3a1435fed56a9f3a7effa140fb552ddd21dffff7fa47332ddfc1e5317f4177d5e2f11a06ec84ccfb89b654ea81bd42d7e07a387301d0f40264abbf9f9107b30ede864cc7690c06d2e247a060bb2244ad78ed5c5515a1a2a612d61e3d931e28bc939b4d3435eee4f7331b1f0f85375d82ac9a77c43740032051746dc9269458c147d188d84401954a489cb4fbf9bf84ba7d8f100903ce67831b4054d0f58cd883d542c4933103ff070cdfc9dbb0fcc31efca466e77a33f1a813da6dc0c7c31585e8f4fef1ebf42fbd1:4d2ce707090b0f3f41462fd75bd609a2724fadfe5ca390e313a42cab42868ed6e9a8914dc13909c0d6f61e63712957c76f3bd8b7f55349715a3a317515c07108f245100cd2d31648f5f351bda564c9db4a35820cc30ef651337c4cd888070569d117a934b9c918e5df8b3744dd6620ccbc49f6b3e5782a30339dbb9cbed05dd2b3b8c5bf1546e70af636e6615c48b2c3c2d19fe35420df5314f63c4812b58e82a2a60b1802f38e505ce748017afa977d3f9b1b6bea2192acec73bdce12d65e684da4d8b41fa9a86f11086edc2d5296f67efc53ac84070fde13693eb2318f5a8c3b117c233422adcdd352f328f0ec699a4650c93f9b4a7d795d7fc2622a03d99b64f7b3dc3194f6c3b1b69d9907ce092401073f47a28f4799d229092a1b074129954be80ca4a3e6582ee05c302cacb7431d1ca6a451aaed7278abc7f78575241c2a2eea2e84cbf9a334df402109c028e345473a13af9b008e20bc8cf0bcefbb7aa727ec856e9925b4ddd99deba8f252911a590154b579a8aaa31f07dd5025df5cd8a09f742964cc8c365d8aff4eb1d79f6e5a07dac5f4ede92b4e2e61d34cc2d4f0aaaab037ad5fdb95de6cd5984ebaf7cce7f08d0ca0dbbe483ce3cb35cd790ca0427065a34df7f4c2af86efe9b765713aff257f5c1d54709527ad18ac33abcdeedb208064ebaea4835be4942b8fc666ad1b79b6651309e5ea1da302d7fba2e99f0e6319e82b9905a1ea482ba043b6800b330dc48b3313f59bb2f9e8a7f07eb1800a702745db14c6299a982dad897954445b7d98eb5837fd70bf190c649552c8e86feb7ff5b3ed8e0a06704d4553a3c2dd74f18ea8233ae0a50d914fe08fbcd3a1435fed56a9f3a7effa140fb552ddd21dffff7fa47332ddfc1e5317f4177d5e2f11a06ec84ccfb89b654ea81bd42d7e07a387301d0f40264abbf9f9107b30ede864cc7690c06d2e247a060bb2244ad78ed5c5515a1a2a612d61e3d931e28bc939b4d3435eee4f7331b1f0f85375d82ac9a77c43740032051746dc9269458c147d188d84401954a489cb4fbf9bf84ba7d8f100903ce67831b4054d0f58cd883d542c4933103ff070cdfc9dbb0fcc31efca466e77a33f1a813da6dc0c7c31585e8f4fef1ebf42fbd1: +7dfae416419d7b0d4fc1f823840c3e4bd4adcd4dc2dc17b38637acedacbdbb45bc51d7745931317e1e346e2e7c92039181b6bf38ee2f5a44fbe2339c4f952ab9:bc51d7745931317e1e346e2e7c92039181b6bf38ee2f5a44fbe2339c4f952ab9:ec843dc4dda6e902e9be31b70f11763b757ab6ce7334dc00764b2d084e9daf2484485984ee28a2830fcb94c541cb469440036731de80ff560f530c9d9e6e1f7d9c4c5bdf50b04f5403c29f76d7e36e00bbea35db1cc60da8d776526266c3324ce7efec6450859609266856d701a47a48dee8bf37409565c7fbfa99a204e5530c971c605b44305d5c7467894114253cf43cddf18b6296dd254a4d96ac7000918186dfd4bf454ed30974c553d0ae151ad4cf540cecaaa0b5948b0985a9c7b6e7815932bac11732fc7d10267f6bf8f1e7c08d650e567b4edd15ae7958410e42f1f537fa732f727a268388321d5344c4e78bb9a74eab9d6abf968965c66693d5f112dd4c14fdfdd96005eaa6757fa2cc1013fe4327ab0999d117f3dbf325b07cd454d4b141991ef7e23db5ee24beda35884aa3704808648aa43cd6256259f7d3db5e055311f253e8b57a4cda5afe0b0adfc364e160ca37e8dec6b95aa6152e5d5da6eb91be0e44ffe8e49533267b7eb795f5f8e0b2c35b29dfbc87585f22bd5b909dfd6a5edc0e3a9d97b0c4f3adc51e969937c08fd65f537aacda8f11275af02c3354542630f3920c393f5c42b9fc633de9d94c72e3f20002349ad0418035b3f25f02ca928e5b2d40a77a1c3e56221f4b9db0c25b096d6e5d0fe758da2c69053e8d086def4edc6e3453783ffc63a4960122d923671a906008bac10561ae6219d2b51d5367bf13ccabf5931b9f186eb109bacde40e1af2b56481e0c6dc6f5c5473f8001cf371919acb40cec5b962ebba80e32d6ebac4806d04d24768c2ad2e3f92a8cbe47754f9bf615953522b263dc24937fbd932c8c459eb8b109443af6c195a59fd2721b0125628f2b8143cf3c128bcec1392efd16b734c10716d96ba7d1f413917ccafa5bf5f83f524fe8406a152115ea770e1745e82e8b51d752b8bd785df48bfc12041bf874fc73afb42ca5d69c6416479ceb4aaa0492b6ff21ee12db2213a4286fd5605c93a7bb8a3b071b0b25fb01d77abbc8771489470a107aadae9f640c24dfd5328f60f4b7d:da34b1983e8c55e41fda8ec8abf23b367a0da606c8cdbb1e8b57e0343c0557a5f0e815e7f22f8605ae93b27d03776ac1f7de3d792ea2933ac22d2dc23b323d0cec843dc4dda6e902e9be31b70f11763b757ab6ce7334dc00764b2d084e9daf2484485984ee28a2830fcb94c541cb469440036731de80ff560f530c9d9e6e1f7d9c4c5bdf50b04f5403c29f76d7e36e00bbea35db1cc60da8d776526266c3324ce7efec6450859609266856d701a47a48dee8bf37409565c7fbfa99a204e5530c971c605b44305d5c7467894114253cf43cddf18b6296dd254a4d96ac7000918186dfd4bf454ed30974c553d0ae151ad4cf540cecaaa0b5948b0985a9c7b6e7815932bac11732fc7d10267f6bf8f1e7c08d650e567b4edd15ae7958410e42f1f537fa732f727a268388321d5344c4e78bb9a74eab9d6abf968965c66693d5f112dd4c14fdfdd96005eaa6757fa2cc1013fe4327ab0999d117f3dbf325b07cd454d4b141991ef7e23db5ee24beda35884aa3704808648aa43cd6256259f7d3db5e055311f253e8b57a4cda5afe0b0adfc364e160ca37e8dec6b95aa6152e5d5da6eb91be0e44ffe8e49533267b7eb795f5f8e0b2c35b29dfbc87585f22bd5b909dfd6a5edc0e3a9d97b0c4f3adc51e969937c08fd65f537aacda8f11275af02c3354542630f3920c393f5c42b9fc633de9d94c72e3f20002349ad0418035b3f25f02ca928e5b2d40a77a1c3e56221f4b9db0c25b096d6e5d0fe758da2c69053e8d086def4edc6e3453783ffc63a4960122d923671a906008bac10561ae6219d2b51d5367bf13ccabf5931b9f186eb109bacde40e1af2b56481e0c6dc6f5c5473f8001cf371919acb40cec5b962ebba80e32d6ebac4806d04d24768c2ad2e3f92a8cbe47754f9bf615953522b263dc24937fbd932c8c459eb8b109443af6c195a59fd2721b0125628f2b8143cf3c128bcec1392efd16b734c10716d96ba7d1f413917ccafa5bf5f83f524fe8406a152115ea770e1745e82e8b51d752b8bd785df48bfc12041bf874fc73afb42ca5d69c6416479ceb4aaa0492b6ff21ee12db2213a4286fd5605c93a7bb8a3b071b0b25fb01d77abbc8771489470a107aadae9f640c24dfd5328f60f4b7d: +709416074997b9c9af4d37a01139e8a3f9f2ce5d72a57d805e822a81186d017eaee110f1f4d46ea60649d786b150052e287a9da60122c47b0908fa8b2ca28a80:aee110f1f4d46ea60649d786b150052e287a9da60122c47b0908fa8b2ca28a80:eddaa369c0e31a1fcc1da46f65362442a0cc21c7dcdd5cd90e0a2ee9f25110812ba114931c868a708607ac16084d79715d13b338c05c6aef7343e7dad282f96fe28193188f0cc893c7dce805fd3a7cd268b72894160b5245fed9fa9943b7c80adb3c2d1a353d8f12df25a31dde7fa385bbec351da66f153032e17756273f8d54e9a3b9ea25ae67d1e9c18cc68be601e3d68282818ce0e7cf88a4d1336453021732f08d9e76cd23637929b0911d5f8614f4842e670c142860afc265c50172b13bfd35ad8fc54b28657da32bac153ba9affc897afb3c721f48caa46240585710b0f2d24d5ff4965d1d10f1a07b06abea6a08e1d6f1500da12c434a6d778c941067108000475ce831bcfe2d0afe40b7419d07059bc0cd8dce4be9587ff29ad8bf0b268ae23ce0da5bb5bf74ff0b2b31b82112a9fd5abd9bfd0a90e6f4723548c6bb2f99dc061ba32eba2d53e6bc79bf441b23fb7460de04e8e8efbcd4d4cc7355de9e3b0861a681b983839d4488e551751f23e9a6e2e4d443273b9e0fe64d8acd1c748b5559438223dd21b5183189e0f3c0e8ed414c0356bab77a654de1a5771462ef14344970a491511a722914f4a89f4f1a827e18cd84479cc92592eadf8de2df824b976dcbd284a3ba64bcdb0df15e8f41c0b2471586b26a06353d905028235c1c6e5c4587222725af083e11e79c943aa444d4aa41218d3e974336e372813e99e2b0c5f0ae810ffed9a7a3d6cb74c5473d990a5911329b8e82ec6bf2bd4321bb487370f8739e7a2a4a53430833d45b9fe3deb93f79fc6a51d563695ecdb97858d213da584434b7c71546aae8d967e1c6d0082b10d4a72de1742e53c4b2f92eb8b5c8c35ab6535ea8100b37924a0a91d2a728d0f5642437aa66c82ab74b5d0745ec08f7705cb81fa079d89ecdc9aa1f8d7d82dc7746d34615343a6925dc318f352a2b45012438424f9098fddf6e61fd1f8fb49da40b3eece89a1af1996de70cd1696cbfd9e301ea5f4437c71ac2a032254c140a90e85fb8ffc4667fa139c1ee9bbf12eed906a967bc0921:8e4b41f097d83614184ba7f52ba2fd9f0565f8a63721ef55f93162826b9f0ac070c0e2864b5ffd8eccc18efad18b2ce84be57c0b4a41c52e20ef37722377c60feddaa369c0e31a1fcc1da46f65362442a0cc21c7dcdd5cd90e0a2ee9f25110812ba114931c868a708607ac16084d79715d13b338c05c6aef7343e7dad282f96fe28193188f0cc893c7dce805fd3a7cd268b72894160b5245fed9fa9943b7c80adb3c2d1a353d8f12df25a31dde7fa385bbec351da66f153032e17756273f8d54e9a3b9ea25ae67d1e9c18cc68be601e3d68282818ce0e7cf88a4d1336453021732f08d9e76cd23637929b0911d5f8614f4842e670c142860afc265c50172b13bfd35ad8fc54b28657da32bac153ba9affc897afb3c721f48caa46240585710b0f2d24d5ff4965d1d10f1a07b06abea6a08e1d6f1500da12c434a6d778c941067108000475ce831bcfe2d0afe40b7419d07059bc0cd8dce4be9587ff29ad8bf0b268ae23ce0da5bb5bf74ff0b2b31b82112a9fd5abd9bfd0a90e6f4723548c6bb2f99dc061ba32eba2d53e6bc79bf441b23fb7460de04e8e8efbcd4d4cc7355de9e3b0861a681b983839d4488e551751f23e9a6e2e4d443273b9e0fe64d8acd1c748b5559438223dd21b5183189e0f3c0e8ed414c0356bab77a654de1a5771462ef14344970a491511a722914f4a89f4f1a827e18cd84479cc92592eadf8de2df824b976dcbd284a3ba64bcdb0df15e8f41c0b2471586b26a06353d905028235c1c6e5c4587222725af083e11e79c943aa444d4aa41218d3e974336e372813e99e2b0c5f0ae810ffed9a7a3d6cb74c5473d990a5911329b8e82ec6bf2bd4321bb487370f8739e7a2a4a53430833d45b9fe3deb93f79fc6a51d563695ecdb97858d213da584434b7c71546aae8d967e1c6d0082b10d4a72de1742e53c4b2f92eb8b5c8c35ab6535ea8100b37924a0a91d2a728d0f5642437aa66c82ab74b5d0745ec08f7705cb81fa079d89ecdc9aa1f8d7d82dc7746d34615343a6925dc318f352a2b45012438424f9098fddf6e61fd1f8fb49da40b3eece89a1af1996de70cd1696cbfd9e301ea5f4437c71ac2a032254c140a90e85fb8ffc4667fa139c1ee9bbf12eed906a967bc0921: +3dcb7ae7d9f0f141f1d9f07883635b913ed29fb61d0f741c9afd05a27b045b06ae62b7ee1b8db5764dafddd9724acc106d6c0a4d1e85d8906f7584b558f577df:ae62b7ee1b8db5764dafddd9724acc106d6c0a4d1e85d8906f7584b558f577df:38116a572669070dd5863218c91a77a4ab47553688488c792838509e9aba25067adb7ea4249848009d914ae987a6032348c1c0681cf977a9552dd6bbf4e6ff32acc9fa61cbee25a39307650f8ba6a7ce421ef2f71bccc0958138f9324c86bf2e528fa3e4d1b19f9f2ca5268409b8cc19c62dd979b89697e457ed2d98bd2096f62d3d9e247388795927803e79ab71d4f72f568e945a8a162159d9b84836e4585644d4979f614aada73ad413a83391e9cf880c42ac2a98343b6a82cd2b61581456f6de5ceb24fe46b7625d52ab2c2c324ac74703d15e15f1aeff8055d2f739f7363e16ec1d78be2c6299436c8c8d336bd29271a897a6ec932ed08725be21b28f9aa14eaf4f71853154db14587c930ab3eb0227ad7ffb45b3baa6a999499cc8a6e45b1ab4d0b339782bcd9cfbcf88cf7eae891cc841e9c88a1f6a691f3948a6bc85ba7f4611642e84223c3b178946ddbeddcfcdef4ae4c4e1a814b9b1f02b1eaa824db93f44b27d14206b340465a1cefcf535c63e55c4287224262733d98aaaa154f3ad42cd8546a461ce0d46d886d3461a2150cb45dbe56473ff63d3dc7a2b957b823969f19b5968e8b424c879741926d82c6386753b0fa1f080284e5578942363aadeb21f8e1e8909fa6c380764149bc915b228604efc56d92e4beb720edc74c4d78f925d6cfdf7ba2f14b5623775810d2d07bd388c573e36523f215738e69114dcf8d80f170bfa676e31fb626a7d449ed96647363475970c8c47809709bcb5e7200f2a227c7c8e7b000f30c0bde61d67bd6895361629a36c8fdd5a56b81efbacf15c1b3530a08cded5b1fd457fbd2f03042f56f1b37ed15cdb912fa0298c276725087ee27d3cf2550fe6e8a0330af417f4f5baf03627ed67c5f8323363abac5a1fe34823180e3e0e2080f75bfd91c207cf6baa9a229cf443dd442c5902e0673f3252b8526346585872f6cd366025a56992b70ede39bc8d322f9c22a1dc599e9f0d524cb6d2ea5ae2878ef6bed4b702807f1e1e73ebf290eb6c0eeb85c13716f626aa90d364b4904837ce05:09a1e6fedf971b3edbfaefbeb89aa539ca0b02b37e7ac4ea8920d6d4348ee0cf9a2d5e96fce517c665e7c38368baf24979249a95b70ea7436c00785f16a3ae0938116a572669070dd5863218c91a77a4ab47553688488c792838509e9aba25067adb7ea4249848009d914ae987a6032348c1c0681cf977a9552dd6bbf4e6ff32acc9fa61cbee25a39307650f8ba6a7ce421ef2f71bccc0958138f9324c86bf2e528fa3e4d1b19f9f2ca5268409b8cc19c62dd979b89697e457ed2d98bd2096f62d3d9e247388795927803e79ab71d4f72f568e945a8a162159d9b84836e4585644d4979f614aada73ad413a83391e9cf880c42ac2a98343b6a82cd2b61581456f6de5ceb24fe46b7625d52ab2c2c324ac74703d15e15f1aeff8055d2f739f7363e16ec1d78be2c6299436c8c8d336bd29271a897a6ec932ed08725be21b28f9aa14eaf4f71853154db14587c930ab3eb0227ad7ffb45b3baa6a999499cc8a6e45b1ab4d0b339782bcd9cfbcf88cf7eae891cc841e9c88a1f6a691f3948a6bc85ba7f4611642e84223c3b178946ddbeddcfcdef4ae4c4e1a814b9b1f02b1eaa824db93f44b27d14206b340465a1cefcf535c63e55c4287224262733d98aaaa154f3ad42cd8546a461ce0d46d886d3461a2150cb45dbe56473ff63d3dc7a2b957b823969f19b5968e8b424c879741926d82c6386753b0fa1f080284e5578942363aadeb21f8e1e8909fa6c380764149bc915b228604efc56d92e4beb720edc74c4d78f925d6cfdf7ba2f14b5623775810d2d07bd388c573e36523f215738e69114dcf8d80f170bfa676e31fb626a7d449ed96647363475970c8c47809709bcb5e7200f2a227c7c8e7b000f30c0bde61d67bd6895361629a36c8fdd5a56b81efbacf15c1b3530a08cded5b1fd457fbd2f03042f56f1b37ed15cdb912fa0298c276725087ee27d3cf2550fe6e8a0330af417f4f5baf03627ed67c5f8323363abac5a1fe34823180e3e0e2080f75bfd91c207cf6baa9a229cf443dd442c5902e0673f3252b8526346585872f6cd366025a56992b70ede39bc8d322f9c22a1dc599e9f0d524cb6d2ea5ae2878ef6bed4b702807f1e1e73ebf290eb6c0eeb85c13716f626aa90d364b4904837ce05: +297311ddeffec9d2be68ef7b2a20fe2d277e1d8e51648b03572ada27ec1f9f436a6c28e761640c4008333aae5a3366302e2f4677a953ba482ab6fb4a1d70b447:6a6c28e761640c4008333aae5a3366302e2f4677a953ba482ab6fb4a1d70b447:2652acfc3bdf09a599ec6786bbd94fe577cf578e0263cc68d9f57a6c83458f80acd8a75ef03040a635672b968ff2afdb288d28b9996f6415b2f3175e9ea37aeb05df81812e38a4c976eb92856cedb91a269a46fca5df9bd730fd84452b4bd93577c61f42c14113979882a86a9fe632e4756afd89816fc4670a310503fdaad2db764c3721213c3e60f29c2668d4de8f42b087f25cd56c69a4e48f134f5598cf145be638a5c2318863329061729aac91da6a191fd774880cf9cb555eec15b0044f10e5433fb46a9b8892da8f6d24f142588b70ff0b49200c506b88bed449ad10d3f92c2baeda6bbf58676c5bbc67d31f64fb12e8d5e78876d5c849fc314b2cf8010c510204c8633d0cc31856ec6a114ea8a89c48927b07a31ab842c9b8352d9367345141a99b40049d5c48e7d27cab427adefd1f0fc1136b353cb01c3def91fffee8ad91e88f4bb7d2615c0dcc95344cd01950938ecb14b8446b56a06bf2f2f65fb8735e8a7bc96bb46ce9cac71a88eb8fda5e69d69eb29aa42a016b8583893e9d7277cb1359c5687eedcd599d8a46e6c14963637db04a929f4bc79304ac2dae733b3a839eb74fbe3de5042fd655eaecb15f39b2fe16dad8a6ff8dbc054fed51282a856e9da6316fac6db5d56f77f18da8412eb377e5b1b8f4cb1354ecfe8fe8fd54e62d767a80de04cb7620229a8831dbc9ecd4578ffa2ff06b5445e440d69aabc94c47bd17f22b69f52eeae5cfcd01a5cafe0580072ae9166b95743d68c3564c5a7e46f24bc48a898a1ab2ebe63f36851d2aacfa0c4f32d993771d314e725a43d9805d1371cf723ef161d42e63ffca688d7f0e21ef5b3f9a561a6210702b85fbd1f8ca75389cc7a22739bae4ded93757f1520dc38844a1a88be8e09645059148807b933770878cb8a9ad9211317131e69324532fd0279b83185b628fc2f9e21500384693fa29f26bd1b9c301601367665f05f372dab4e3107726cd3f639ca62bf63a75f77eaa75f7136157ada2374e65fb4fd349b45e25441fd21b13e6911366b97cfb4d6ad522b850adf40c:4bf0b92c6ee4eace5e8eb10370ff9d9c68a5749d59899d04327aaa38f8f825e032e59742b37de23107a3ecdd3f7a0d08122614b78fdd37293c8d05e28f5f71082652acfc3bdf09a599ec6786bbd94fe577cf578e0263cc68d9f57a6c83458f80acd8a75ef03040a635672b968ff2afdb288d28b9996f6415b2f3175e9ea37aeb05df81812e38a4c976eb92856cedb91a269a46fca5df9bd730fd84452b4bd93577c61f42c14113979882a86a9fe632e4756afd89816fc4670a310503fdaad2db764c3721213c3e60f29c2668d4de8f42b087f25cd56c69a4e48f134f5598cf145be638a5c2318863329061729aac91da6a191fd774880cf9cb555eec15b0044f10e5433fb46a9b8892da8f6d24f142588b70ff0b49200c506b88bed449ad10d3f92c2baeda6bbf58676c5bbc67d31f64fb12e8d5e78876d5c849fc314b2cf8010c510204c8633d0cc31856ec6a114ea8a89c48927b07a31ab842c9b8352d9367345141a99b40049d5c48e7d27cab427adefd1f0fc1136b353cb01c3def91fffee8ad91e88f4bb7d2615c0dcc95344cd01950938ecb14b8446b56a06bf2f2f65fb8735e8a7bc96bb46ce9cac71a88eb8fda5e69d69eb29aa42a016b8583893e9d7277cb1359c5687eedcd599d8a46e6c14963637db04a929f4bc79304ac2dae733b3a839eb74fbe3de5042fd655eaecb15f39b2fe16dad8a6ff8dbc054fed51282a856e9da6316fac6db5d56f77f18da8412eb377e5b1b8f4cb1354ecfe8fe8fd54e62d767a80de04cb7620229a8831dbc9ecd4578ffa2ff06b5445e440d69aabc94c47bd17f22b69f52eeae5cfcd01a5cafe0580072ae9166b95743d68c3564c5a7e46f24bc48a898a1ab2ebe63f36851d2aacfa0c4f32d993771d314e725a43d9805d1371cf723ef161d42e63ffca688d7f0e21ef5b3f9a561a6210702b85fbd1f8ca75389cc7a22739bae4ded93757f1520dc38844a1a88be8e09645059148807b933770878cb8a9ad9211317131e69324532fd0279b83185b628fc2f9e21500384693fa29f26bd1b9c301601367665f05f372dab4e3107726cd3f639ca62bf63a75f77eaa75f7136157ada2374e65fb4fd349b45e25441fd21b13e6911366b97cfb4d6ad522b850adf40c: +4db2b58144a8d2d0ec03bb9bc29b4ca893854c80b64afa4af7a9c936935ecb04fc5cd750e174ed718bd938fa8ed99a1b9d556ba7670f2a77daf1c720113732a5:fc5cd750e174ed718bd938fa8ed99a1b9d556ba7670f2a77daf1c720113732a5:c8d1dbc936911e122cee18f92b16a39a2eef0823b227f898cdf5842b93d59fc002edb5498a20872e19554ef73999eb3a7b3e2fdd9070e1efa9228e9e93b29a868ae3799e4e572324836b1ad5aa812bf00f845bc217ebbc3fabdc4e1b6e51ef9efac2770aa0a4a11ee52ab956ac6448aa2629cb61dbb1f1edb3bde99b4876da392a6e0b9a0c31849a5890aea9522f56d015a1935015b91bf4c6a0011d2377d671c3d0d753c27f8c76e405d0230f1f4b9b88fcebba1eaf13777235e55324b7d3f81e686109d91ce689530b90d2c5c71dd18772b385d62ccbfd2e089a1b670983f60c21c4455cb9d1a0dcaa74c874e35211f8227ff7c234dff85ec0b07e368cfa50a343578395a14c68f1f89bd4ecbc172ef805e5831ec89475fcc8d685ca9255a77e3ba3c147508ec92d7bcce879af0abdd2416b67b5f50507337914f390bbe0b450b6a2f1159372c4bccea382ce3d6d9fb2515ecf7930059a0552b75f978862bf97e8325af24d1b8ce9512bfc7cef884232042341d82f9b5dad2e502ac6ac795f99dac7fc60e3b8639d0e1500dead4e78aca109957d577a13c1925d7403c1acf989a9de6711e23c67bf8722f551b774cada931b5fd973434e3b7172819883e70c52785e3b49d323d05636641158640dcf6a4c200eb2c13b1beeb2dc360352470d15386e59e6fa60367e5e7f172b21159d5ee7cab0d7f5868239858e2a93550480fe8fb4dcaf4f224c4b2ad5448791632df30e8e5fb998b35ea9aec8c934a4403aef82187ca1abf82a344d00ffb993d9ff3461d6fecdaf5d3b481e0d31153dbf6aed288c8add064e8331550141bd5f7a7e047b8607d846a6bfb72d683446a445114606250d8d2d3a8b9508bb07d4623cdf1788b5499e9cb9a1379849bfa19c9a9f4cd3d9253adffda25f47c811be833b02f3327ebba83730195d614bae6fe4e7a3830815d2af400d20a9417a095e7e8eea1044917cbe512c4018d656e2db67bb989c00e1e507623e8278d729925b84fb5c186a7bac189e6d6ab14fd7b62fdc632bebb5f77cb5cc2f707df4053099:424517aadd853ce3985759a327e7760d9156d3b27345383f0e4ad6661ee4a3724d18d820f6c557f82797beb62d2f085433744f89a2d85293796481862ef8a40fc8d1dbc936911e122cee18f92b16a39a2eef0823b227f898cdf5842b93d59fc002edb5498a20872e19554ef73999eb3a7b3e2fdd9070e1efa9228e9e93b29a868ae3799e4e572324836b1ad5aa812bf00f845bc217ebbc3fabdc4e1b6e51ef9efac2770aa0a4a11ee52ab956ac6448aa2629cb61dbb1f1edb3bde99b4876da392a6e0b9a0c31849a5890aea9522f56d015a1935015b91bf4c6a0011d2377d671c3d0d753c27f8c76e405d0230f1f4b9b88fcebba1eaf13777235e55324b7d3f81e686109d91ce689530b90d2c5c71dd18772b385d62ccbfd2e089a1b670983f60c21c4455cb9d1a0dcaa74c874e35211f8227ff7c234dff85ec0b07e368cfa50a343578395a14c68f1f89bd4ecbc172ef805e5831ec89475fcc8d685ca9255a77e3ba3c147508ec92d7bcce879af0abdd2416b67b5f50507337914f390bbe0b450b6a2f1159372c4bccea382ce3d6d9fb2515ecf7930059a0552b75f978862bf97e8325af24d1b8ce9512bfc7cef884232042341d82f9b5dad2e502ac6ac795f99dac7fc60e3b8639d0e1500dead4e78aca109957d577a13c1925d7403c1acf989a9de6711e23c67bf8722f551b774cada931b5fd973434e3b7172819883e70c52785e3b49d323d05636641158640dcf6a4c200eb2c13b1beeb2dc360352470d15386e59e6fa60367e5e7f172b21159d5ee7cab0d7f5868239858e2a93550480fe8fb4dcaf4f224c4b2ad5448791632df30e8e5fb998b35ea9aec8c934a4403aef82187ca1abf82a344d00ffb993d9ff3461d6fecdaf5d3b481e0d31153dbf6aed288c8add064e8331550141bd5f7a7e047b8607d846a6bfb72d683446a445114606250d8d2d3a8b9508bb07d4623cdf1788b5499e9cb9a1379849bfa19c9a9f4cd3d9253adffda25f47c811be833b02f3327ebba83730195d614bae6fe4e7a3830815d2af400d20a9417a095e7e8eea1044917cbe512c4018d656e2db67bb989c00e1e507623e8278d729925b84fb5c186a7bac189e6d6ab14fd7b62fdc632bebb5f77cb5cc2f707df4053099: +c820413c2456747104662ef4dff3ac233ac4b91a76d3c4ea754490bc9b1e291f8993cea2f7f2806c77b3981b54bfa9bf1762151b418e5e725371ca2c04d223ee:8993cea2f7f2806c77b3981b54bfa9bf1762151b418e5e725371ca2c04d223ee:d2992f83924a594887e6ef13f2ae808fc8639c7b2c994faf0f795e36016dab7700a0ee530170f0b9fe98ab7588ce03bc50c2bae65e052647e756735b35d0b59c964e917d8c83e2f9fecc4cb05564287f0e34c9494005e25b1a8b1b942b54d89035f1b1c3c945fcc84e4a39efa2ca50959b459af74d21b6242e2f56518f70e8679257c089d26c3bb792687c923355b2c18ee2136d40cba45acb64240d9667f39dba3639b6516d4c4947573ef4ced876b5b2ea3489eaea539f557f58da204691a76e29c94b8b0538232c5f7d0bb0fdd016910431354b3e1e7ce62ad436917cd5c315a5be9b971c80f97bc9d5c156ffd64fd4e31da56083e02a0c8fce554db68674cb62700ba951752b829b03c542327412eec9ccc6a50adf47bbee15446682da2fea42048936d763060cd8f539652616dfa808d623ff777b4113652e789ec025b85e04efe8ad4c960b190bf4a5a6324d6f57c1ad22018c83cd7e7e097fc67b80269c13b4dd9701ca98f9876958ba7689c6f6f10a732a64bef22e8b98bd304d5dbf4fb1f9e4ca539a5c4aa619c44d6f58f824b2dbae77b7e83b56db5e5aa7b0ae9ce1cd10a69f04a80f1379eb0c474e4782df0e3ba6a148226bd1a662d95ee2d67c5207333cb1d54176d9e506459479029f31dcace269938f6bc562787841dcfe101f4db60bd66016e1eebb6bfbd9cd83042dd1379a464f405aaae3c11807848cc4f95c3cc6fa92ab4ea5305834eb86b873fa30ed1f7f470bf663f1a70cf9e60ab680cd1dbbd03ac0433b3d4bb482f8b344d46b3aa934b8633f57090bea5fccca6488799835f133f8bcf6e887ca59d19076d6ca19d4e28349051e016b03e9a920f4120fb523d1371d0e38467319543f127ed914b43ad062226a536582db728ccd76e983f11766a8863c2f424f65508dcb26fe0c5a800c35093960a121976e3051e2ef1a2a99c12fb7bd8bc037a439686806eb72017a071a91b3e39c90e86bc335f9bb543b127c9886738cb53806b9cb3c2594c7effc2a5920aa834be65c49f47964e89eec74728de771f3d675de9d1e:7ef70e4a14954d509f117f4bd01b220bcc192d3b5fdfc3482fbbc3b69dc068a7c4761d1bebc2317d6db74f906a155642b0a3c6592bdc72e64eac6f203fb74e02d2992f83924a594887e6ef13f2ae808fc8639c7b2c994faf0f795e36016dab7700a0ee530170f0b9fe98ab7588ce03bc50c2bae65e052647e756735b35d0b59c964e917d8c83e2f9fecc4cb05564287f0e34c9494005e25b1a8b1b942b54d89035f1b1c3c945fcc84e4a39efa2ca50959b459af74d21b6242e2f56518f70e8679257c089d26c3bb792687c923355b2c18ee2136d40cba45acb64240d9667f39dba3639b6516d4c4947573ef4ced876b5b2ea3489eaea539f557f58da204691a76e29c94b8b0538232c5f7d0bb0fdd016910431354b3e1e7ce62ad436917cd5c315a5be9b971c80f97bc9d5c156ffd64fd4e31da56083e02a0c8fce554db68674cb62700ba951752b829b03c542327412eec9ccc6a50adf47bbee15446682da2fea42048936d763060cd8f539652616dfa808d623ff777b4113652e789ec025b85e04efe8ad4c960b190bf4a5a6324d6f57c1ad22018c83cd7e7e097fc67b80269c13b4dd9701ca98f9876958ba7689c6f6f10a732a64bef22e8b98bd304d5dbf4fb1f9e4ca539a5c4aa619c44d6f58f824b2dbae77b7e83b56db5e5aa7b0ae9ce1cd10a69f04a80f1379eb0c474e4782df0e3ba6a148226bd1a662d95ee2d67c5207333cb1d54176d9e506459479029f31dcace269938f6bc562787841dcfe101f4db60bd66016e1eebb6bfbd9cd83042dd1379a464f405aaae3c11807848cc4f95c3cc6fa92ab4ea5305834eb86b873fa30ed1f7f470bf663f1a70cf9e60ab680cd1dbbd03ac0433b3d4bb482f8b344d46b3aa934b8633f57090bea5fccca6488799835f133f8bcf6e887ca59d19076d6ca19d4e28349051e016b03e9a920f4120fb523d1371d0e38467319543f127ed914b43ad062226a536582db728ccd76e983f11766a8863c2f424f65508dcb26fe0c5a800c35093960a121976e3051e2ef1a2a99c12fb7bd8bc037a439686806eb72017a071a91b3e39c90e86bc335f9bb543b127c9886738cb53806b9cb3c2594c7effc2a5920aa834be65c49f47964e89eec74728de771f3d675de9d1e: +6769cc8e125617c22ce57237a4fca1507f941234661df74328d04ab62ef86c4705112ca60baff79b4916c1bee2b9390c047af08c35ebb3c381b9748d1dd4c4fd:05112ca60baff79b4916c1bee2b9390c047af08c35ebb3c381b9748d1dd4c4fd:685489739b98564749587ff1ac96ba682da30b40a4de24f54ec8b083dda45333162167cb3f97b2c7314ce7a3f3f3d319ccc35bb6a9f0077d563161e281469cf08968d9dcf7ae5fff830a5db00bc38010e6662d494f3c8647c4f70ce2d29a9da84610a080b5759a3b582052dfde66e4a7fa5fb27f065073fe723d83701d5bac06ca43b46d1e58097670c194a13af8b573a3791a9661557cbc042757ab8add0ef7cf4f35435a4212353fcb3c203c73dbc9d26852d0e91732e3621ce828929cdca4d9192048751922ed225eab2900cff971a2a2d342463648bbb1944319a8ef6d43db62480fbf1d7257d22694539793f25c927917caab25c1193a2d2b23bb5cb8569aefff4f0ca423d19bbd46fc5ef7524ff8cb706ffc47076509c05a8158af77f98df6a9b5cb3244aba4b5c5f9ce597e7d29ba07013dcac1911b6de7113c736a4005c459992979019a45b2dd802a07660909eb4ce205408170d82545dacba8686dbde927dbc9c7d962058e9a95ea66b8dfd3ea435357a93c73948cd355f6ac6552323f17c2a678662bc0e9726ad5a5251dd27647404cbfe61ceaafdcfc08a475ffd87cb7f597e56ac1670409dd9408ae4770420c6e5e6dd8e748fe03a72dc12803d02771d92f47e6e717ccc144fc037275b6f745dd30da1a45d29db6d9073eee5009cfd5462733414a495f349db0b6dbf2cea9ccd57238ed5ee91ad8bc86179ad5695a85a50484e617751de5ef7a7d8a8db950a98a6b7f7dee9d42a5df692fccf555c940dc39cf2eac48cb9d15cda14dd2a7ecc0b76ebec68ad4177d1117e07766c48590d43ca7662868eb9790ac29f4f2392b9a93f89759e7ba546b925bd86f807d8d16c7e637dcc666e90590bf430d986a67f1b0c7c2c94930845869ed8d8adde18fc1887456881b4b26b53dcba7a526f0eca14e8bb689d66f0aa1b253c3dcfcf59540d5d2f5ad617f52c30938a5a92ea385077d75aa4ac07afc2b35fb8c1d5e78eb295fc20fe37c41ac06959d3a1797843ad7056c1b412dd0b480aa3b39bcc20587d9a0fef92c6c950ebc5bb8e142:d39d853d2c2c5d21b5871ea5a75c041048d93a47dc599a5fddc0856285ce636fcdfd8564083d06ff284a524bc633cfdfc3b037163d674cb9bb5ba3bc25bed00e685489739b98564749587ff1ac96ba682da30b40a4de24f54ec8b083dda45333162167cb3f97b2c7314ce7a3f3f3d319ccc35bb6a9f0077d563161e281469cf08968d9dcf7ae5fff830a5db00bc38010e6662d494f3c8647c4f70ce2d29a9da84610a080b5759a3b582052dfde66e4a7fa5fb27f065073fe723d83701d5bac06ca43b46d1e58097670c194a13af8b573a3791a9661557cbc042757ab8add0ef7cf4f35435a4212353fcb3c203c73dbc9d26852d0e91732e3621ce828929cdca4d9192048751922ed225eab2900cff971a2a2d342463648bbb1944319a8ef6d43db62480fbf1d7257d22694539793f25c927917caab25c1193a2d2b23bb5cb8569aefff4f0ca423d19bbd46fc5ef7524ff8cb706ffc47076509c05a8158af77f98df6a9b5cb3244aba4b5c5f9ce597e7d29ba07013dcac1911b6de7113c736a4005c459992979019a45b2dd802a07660909eb4ce205408170d82545dacba8686dbde927dbc9c7d962058e9a95ea66b8dfd3ea435357a93c73948cd355f6ac6552323f17c2a678662bc0e9726ad5a5251dd27647404cbfe61ceaafdcfc08a475ffd87cb7f597e56ac1670409dd9408ae4770420c6e5e6dd8e748fe03a72dc12803d02771d92f47e6e717ccc144fc037275b6f745dd30da1a45d29db6d9073eee5009cfd5462733414a495f349db0b6dbf2cea9ccd57238ed5ee91ad8bc86179ad5695a85a50484e617751de5ef7a7d8a8db950a98a6b7f7dee9d42a5df692fccf555c940dc39cf2eac48cb9d15cda14dd2a7ecc0b76ebec68ad4177d1117e07766c48590d43ca7662868eb9790ac29f4f2392b9a93f89759e7ba546b925bd86f807d8d16c7e637dcc666e90590bf430d986a67f1b0c7c2c94930845869ed8d8adde18fc1887456881b4b26b53dcba7a526f0eca14e8bb689d66f0aa1b253c3dcfcf59540d5d2f5ad617f52c30938a5a92ea385077d75aa4ac07afc2b35fb8c1d5e78eb295fc20fe37c41ac06959d3a1797843ad7056c1b412dd0b480aa3b39bcc20587d9a0fef92c6c950ebc5bb8e142: +1df7acfb963304e51ec471caf181102556783cb7d91ead30bdc2534d078a148805a31ffc70e4e3569fc2be110c643ad5f087913c7aa476dcd8d6e4bc7ec22d24:05a31ffc70e4e3569fc2be110c643ad5f087913c7aa476dcd8d6e4bc7ec22d24:b0c3eeb57f14606ab7abeab2ee0573843ca22e6db2fdf2c9064cea5198dc5830eb158da8e2daa88857af8b8eefccf0c26c3ec0f330e92cff06bc05a29bfc99f940b61f3cfb2964b337097a6550a3e9a328c85be6f160d2c0a57ff6f1b3c5ffcca89089425ab6be0172e175baf40cf12b24a815f70f29a3a4cd0a6a132f120097752f4bc743ede08f5f21d42f282f7671f7783e27b2a8e2c14692f1e0e5de82855dabf98a1a63976006ffbfe5f5a579b460e26d06bd542842a5f9261bbf260451d2321c508932013cc6e904f79b5e4686d033e12c7bbd7eb1c92379c5ec341bf6457a3f17264a7c278b27501ecaedc361eba844442342b4b10fa94d265865116acf43fcbec965d2ab4bbbe614c4f90ab6b3e0d5383fa04988bfbb260307dde22d84098b6331d155141a927bb78d664b341d2f2a93e291cf79baaecd2612f6b104f3fc81373a7c6a045b5924bf950cd542f7b7accef3aa7d725de053055d951bd768111392596638ae097170f4492ba50a468f8e347763db612d3c7de7e56459b26ee029c630827a353aee73de68d6d72b27afd75d22164527945c7226844fab15b8dcc914349e3141c61316adc894dedcdc843984d9c7feae39db332dc393e9e8961bbde071c3d2858b3cb5f33b164a15616c6fe1bbc24a35f21336d261c5d8cf759e27e22c9101c4aebde3e126cf646ca7b2e03128095c5976bf3f6e491af0f0b640c7310966ac59c59fbc5bfe0548f88ee61ad9ec40c1c06dd29d794c44a3ea22c3d4762622ec1e8b333e45074db93741fda193c911f6db5879e55ee36ef602614ae64a5cde9d8306d22fbc4ae9c881a594bde6796125fcb628b9f3b6fb3ffd511b353f146a27272afd3e5d28b77f58a67f1fd27285c25ecc1ccf64e38d21f3b9ff22e00ee900629ef1a63e713f258883dd911f30c0d398b74bd797149be5e2696722da09d52d4ebf3c673929d298aac34ce05bea08ea9a424e93459c2eb8fc2222c31cc13d803b90a8a70bcd0a30c209211dc2ccc85b0bcd4582c695f58d80bf6ec471a2505f68847a75f6e911fd87:b181938de10142f32407b4e786cddde932eb11dbc0bf0e5ac509fae7a5bcc32961fe3448f912c8500fc6db4e1d3262a83c9dbe769bb8c3a761000fe36c0d7104b0c3eeb57f14606ab7abeab2ee0573843ca22e6db2fdf2c9064cea5198dc5830eb158da8e2daa88857af8b8eefccf0c26c3ec0f330e92cff06bc05a29bfc99f940b61f3cfb2964b337097a6550a3e9a328c85be6f160d2c0a57ff6f1b3c5ffcca89089425ab6be0172e175baf40cf12b24a815f70f29a3a4cd0a6a132f120097752f4bc743ede08f5f21d42f282f7671f7783e27b2a8e2c14692f1e0e5de82855dabf98a1a63976006ffbfe5f5a579b460e26d06bd542842a5f9261bbf260451d2321c508932013cc6e904f79b5e4686d033e12c7bbd7eb1c92379c5ec341bf6457a3f17264a7c278b27501ecaedc361eba844442342b4b10fa94d265865116acf43fcbec965d2ab4bbbe614c4f90ab6b3e0d5383fa04988bfbb260307dde22d84098b6331d155141a927bb78d664b341d2f2a93e291cf79baaecd2612f6b104f3fc81373a7c6a045b5924bf950cd542f7b7accef3aa7d725de053055d951bd768111392596638ae097170f4492ba50a468f8e347763db612d3c7de7e56459b26ee029c630827a353aee73de68d6d72b27afd75d22164527945c7226844fab15b8dcc914349e3141c61316adc894dedcdc843984d9c7feae39db332dc393e9e8961bbde071c3d2858b3cb5f33b164a15616c6fe1bbc24a35f21336d261c5d8cf759e27e22c9101c4aebde3e126cf646ca7b2e03128095c5976bf3f6e491af0f0b640c7310966ac59c59fbc5bfe0548f88ee61ad9ec40c1c06dd29d794c44a3ea22c3d4762622ec1e8b333e45074db93741fda193c911f6db5879e55ee36ef602614ae64a5cde9d8306d22fbc4ae9c881a594bde6796125fcb628b9f3b6fb3ffd511b353f146a27272afd3e5d28b77f58a67f1fd27285c25ecc1ccf64e38d21f3b9ff22e00ee900629ef1a63e713f258883dd911f30c0d398b74bd797149be5e2696722da09d52d4ebf3c673929d298aac34ce05bea08ea9a424e93459c2eb8fc2222c31cc13d803b90a8a70bcd0a30c209211dc2ccc85b0bcd4582c695f58d80bf6ec471a2505f68847a75f6e911fd87: +7ed87c36dfdbae60c940a3b325c19fded814d76a544820a32f286a5c0ad71d723c4ac510b36222c252a2dc1afcb40fb0eb85bca90391196a5883aa2cc912b2df:3c4ac510b36222c252a2dc1afcb40fb0eb85bca90391196a5883aa2cc912b2df:62d313912abbb006b7774a6737714a349970ce0421112f400463d3db0e2f7f128d7b96939f43c1e7107b5118a77c119683d866b7e3d72ac21f6b4272b4be9289b6556fe31b6051a0b42ed5ea0cf347696d30fb8bff6b8b572719de19a231cc85459a990c37801f0837186cefbb5521569666967cd4243d7307f1b0b24c8e2b9b692317304fbe3dd0a263650191b35216f52916573af90524f91db1a92471d758c92dc6d14d1a4b26f41b40403ca87dcfabdca47b9fc2533578f161f3b0199b5c698e080704b21c9e615269fcd0d40439ed8bc3bdfbc9afb44c11fa89275f0eaaa5d08fa959d6378d0db89910d48f2d86a1ebfc5cbf10eb2d5aadf51bbd8344ff8bbb5b8afe05a45011b5e4b72eb864ad263e8a03a6c7f98aeeb354f730a318aa30fb56d33d80748c98ebec15878ccf3ce822f69d3456843c400dc56b481a95e688b8a4735bf3843f5833dda0efe09e7175b567c661387afd2ebc079a48e34967ec97b927dfa581888f231a98a7ed33103bfa8e8f9ba6513527900b39b86231da7911a2fc935888a75f1129584afff2025249c4188f09052f85687706d05e299144d40de8898b7c8b2dfef0c3708573d8b0563a6bd0a504c0b6745702b1b57121c6f040aff27198948ba69c21253a28d39eba726219beda1f8209fb83e9adb07ad409fbd6d25565889ab45123f9d945ecd7d9ca7028ece092e35fbb7cb3f328126efddac5d859f2b2c6eb090133690e20c17deaf3882685f07e9ed2653b803b9b383b70748a1fa92c86f86d6c47ea87b10b12e363ba508060f47ce2a2f3b6a3eefcd4dacfc71c41f436fe0c2bc34d4baad49574e7443c126a589f6ef7bca44954f0bb28ec7151b0511c23c6bc42d5e85983ec16bb5f50a382d688150a49609cbde5698e86dcbf0212c2292299dc4dcf87429f6cd2eec80948ce867e25c94584cdc64b099029eb854edc26ea21421eff48cf4e41f49e2d89478def06c42bea220a133e50f5c74464c7e73fb1c1a77c507cf6cda85be402b7e6d6d21e810d6d0b5972b9fe77e54e74aee1f3bbfd6e7de6b5c0:579b38124bd0591a597cc9a389127ceaf55156077363edb811d0b65552acfcc677b272942199ca25ab790de6e084603ad1052ec210cf6fcb1417289067ce3c0862d313912abbb006b7774a6737714a349970ce0421112f400463d3db0e2f7f128d7b96939f43c1e7107b5118a77c119683d866b7e3d72ac21f6b4272b4be9289b6556fe31b6051a0b42ed5ea0cf347696d30fb8bff6b8b572719de19a231cc85459a990c37801f0837186cefbb5521569666967cd4243d7307f1b0b24c8e2b9b692317304fbe3dd0a263650191b35216f52916573af90524f91db1a92471d758c92dc6d14d1a4b26f41b40403ca87dcfabdca47b9fc2533578f161f3b0199b5c698e080704b21c9e615269fcd0d40439ed8bc3bdfbc9afb44c11fa89275f0eaaa5d08fa959d6378d0db89910d48f2d86a1ebfc5cbf10eb2d5aadf51bbd8344ff8bbb5b8afe05a45011b5e4b72eb864ad263e8a03a6c7f98aeeb354f730a318aa30fb56d33d80748c98ebec15878ccf3ce822f69d3456843c400dc56b481a95e688b8a4735bf3843f5833dda0efe09e7175b567c661387afd2ebc079a48e34967ec97b927dfa581888f231a98a7ed33103bfa8e8f9ba6513527900b39b86231da7911a2fc935888a75f1129584afff2025249c4188f09052f85687706d05e299144d40de8898b7c8b2dfef0c3708573d8b0563a6bd0a504c0b6745702b1b57121c6f040aff27198948ba69c21253a28d39eba726219beda1f8209fb83e9adb07ad409fbd6d25565889ab45123f9d945ecd7d9ca7028ece092e35fbb7cb3f328126efddac5d859f2b2c6eb090133690e20c17deaf3882685f07e9ed2653b803b9b383b70748a1fa92c86f86d6c47ea87b10b12e363ba508060f47ce2a2f3b6a3eefcd4dacfc71c41f436fe0c2bc34d4baad49574e7443c126a589f6ef7bca44954f0bb28ec7151b0511c23c6bc42d5e85983ec16bb5f50a382d688150a49609cbde5698e86dcbf0212c2292299dc4dcf87429f6cd2eec80948ce867e25c94584cdc64b099029eb854edc26ea21421eff48cf4e41f49e2d89478def06c42bea220a133e50f5c74464c7e73fb1c1a77c507cf6cda85be402b7e6d6d21e810d6d0b5972b9fe77e54e74aee1f3bbfd6e7de6b5c0: +6a29f81b8d9aa48a1b23364eac8f6a4bdd607a84cfe8e88d90175d80643a58a84c3be3a2a8425ff31c3a0db4a52a0cb1416ceb48cc3e4c28a4f2284ab3460715:4c3be3a2a8425ff31c3a0db4a52a0cb1416ceb48cc3e4c28a4f2284ab3460715:7876a3f4eb69bb7e54e9ff954ebd3b10b93a4c1afeae92fa03c103cb6313a201c5b33a9a7223755cb510e25ec582b54e81b84956f6c53f1f08a63bf0c4a261af450e523fe8f61ddb3c0eeab8751072688801b2a473b71a2e38708da68c2f37925cb05a20c4283b3af97b6f0ba65a5403554375e215d9e3aa1b0f9fdb0f849923edbdaa0ab481c545a5df8f51d1f68b223507ea0eccfaebb5fccf5e3dfa65a44eea504568a88180a060bb06c51557b81e667b4b04e3210fa4c379876c49f3e56bf2be1cf519a7418393d240dc8a224c6c38ac2ab9d8fadfc5362030c7930c3ce7795b147c26c8a28c653429d90a173a86a8b18a009e62aef6eca95d39bdbe45647778a2532a415ae19bad231129127842fe1d0f11fab4a1cf0b17e498cd5952c939e090090287b144895dff00cec8d6aedaf62481a41783e021082ce352063e62811fd99990104d8a46cdcaee2bab458e5247fb023e923330a428c7bcfd20b08f520e8946dd658347352ae0c4be73c3d5eccd11149f3ab7b8052cfd95c35d4164546f5d8f377517a7f432c0d5563a7bcc7bd119d3421dfebaae844599b29b383bb8d5dbf140d9bd47a078b7ae7c6aa87b1e29236c9fcfd654b7f809794cccb261588e18dec6c4046a934067d0dfa03791d03d83b718ac4d24dce785a3028de0c9592dba7c5c5845184afc9c0dfcf94095860f0eb802ebea20178e78b5642e5dd61c33b39769052d9d854dce902f476e21f96c650b463b7bc3d0ff2996b65c57831f8b7c0fb915f4dd7226ac955cbc7dfb03f9b758dd3e0dfce2e0e580c91a30c783ff567b17f12dfd5d3137646e20011cdcaae11102dc716886cbf123c09488b173636abd54e962caeec97d5eb940682e703b730f61562cd14b9e6561b5e93f60cd0e1e86d1a1b4719c5b508242bd6b2d9a548f59bbb875075969ef2032f3196b8aeccc45a44d9dbdaf878ed16f1d855e8918ed65a45ee5c7fa32a1ec6932a159cfb50ffc87be06dfcf7228ae8870ccd357fc656e33fa4b6b8b7d1a7215553cabacc70a39c980b971e51a17ed6318b43b29bb:df09cb9b878d3dc9e542dbac28943e28e41dcecb92cb7ea44009885e46499743330561ba1d36aedd467675fdca2baaa4701b6fad979fd839c470d13c82daa9057876a3f4eb69bb7e54e9ff954ebd3b10b93a4c1afeae92fa03c103cb6313a201c5b33a9a7223755cb510e25ec582b54e81b84956f6c53f1f08a63bf0c4a261af450e523fe8f61ddb3c0eeab8751072688801b2a473b71a2e38708da68c2f37925cb05a20c4283b3af97b6f0ba65a5403554375e215d9e3aa1b0f9fdb0f849923edbdaa0ab481c545a5df8f51d1f68b223507ea0eccfaebb5fccf5e3dfa65a44eea504568a88180a060bb06c51557b81e667b4b04e3210fa4c379876c49f3e56bf2be1cf519a7418393d240dc8a224c6c38ac2ab9d8fadfc5362030c7930c3ce7795b147c26c8a28c653429d90a173a86a8b18a009e62aef6eca95d39bdbe45647778a2532a415ae19bad231129127842fe1d0f11fab4a1cf0b17e498cd5952c939e090090287b144895dff00cec8d6aedaf62481a41783e021082ce352063e62811fd99990104d8a46cdcaee2bab458e5247fb023e923330a428c7bcfd20b08f520e8946dd658347352ae0c4be73c3d5eccd11149f3ab7b8052cfd95c35d4164546f5d8f377517a7f432c0d5563a7bcc7bd119d3421dfebaae844599b29b383bb8d5dbf140d9bd47a078b7ae7c6aa87b1e29236c9fcfd654b7f809794cccb261588e18dec6c4046a934067d0dfa03791d03d83b718ac4d24dce785a3028de0c9592dba7c5c5845184afc9c0dfcf94095860f0eb802ebea20178e78b5642e5dd61c33b39769052d9d854dce902f476e21f96c650b463b7bc3d0ff2996b65c57831f8b7c0fb915f4dd7226ac955cbc7dfb03f9b758dd3e0dfce2e0e580c91a30c783ff567b17f12dfd5d3137646e20011cdcaae11102dc716886cbf123c09488b173636abd54e962caeec97d5eb940682e703b730f61562cd14b9e6561b5e93f60cd0e1e86d1a1b4719c5b508242bd6b2d9a548f59bbb875075969ef2032f3196b8aeccc45a44d9dbdaf878ed16f1d855e8918ed65a45ee5c7fa32a1ec6932a159cfb50ffc87be06dfcf7228ae8870ccd357fc656e33fa4b6b8b7d1a7215553cabacc70a39c980b971e51a17ed6318b43b29bb: +ef12df479d983ad96e8ba65330b36d49aadb983164e1c0b452b560ded1d08d60f761cf2826927a7cda8cb04faa2c59f8425a8f7d398f76e867021c951f073809:f761cf2826927a7cda8cb04faa2c59f8425a8f7d398f76e867021c951f073809:e58f34daea755ac4e41333d6f0ed0135f7dbce50309bb1956bc71acb12c77067a647ffd86aa5870c0c0007e8f995a22b88c467de225444544201c557495e253e3319cc5ca376d3e7cc1eb467346e52ad956a6fa733720b17117b5b7585e4d559409aaefa95580f91e502015f497c5cdcb7d4d561f544efa35c1e2a53b72bddeceec2d1050f177d480f687405664dfddec06eee4bd147a912fdbf74f2a95d1fd1e11268694ce4d4ec4fffd6ddb3254d360f236fab4d1a17f8d0d1a511f944692f239639ae03d64facec6538427ab71f7127f4a276f9bc45bba611dfcce6446cc13968976c8bb6d6fe2106d705922dcac956966a76d48f2aff4b86514e39a67e1643fcc321858024e693189833c8ad59b4b625298ebafe64626b480f326f1340723cb3d383f4fccbfc237a3f4c4f7ecf0ba436b32c2fe35179da93111b48cc9ea24202bdc1b2fb60a4319dfd9864470f73f54137206e0bf007f5ae88a88747008a60f4789ad167724f179c02b63aed002573d28a6bcf88e07ce8daea5d5f1acf487b4c5c16c2bfe11231ea5ea763e8f332cc73da1b2f8c198ea8173fd33d4b2ae69e5d4d1aadddf2fd821b85be45151962d1f99df81308618852ad7cf41d72da08a1b39df7d8b994b4ddff37f9dfe8f38ce30e91061d95d58f7ae826b02385272ec09f01a7b3e4b391d09bced665dad69505b419da8481bc3792bf8b8e7ad64b63f245666c8c32fd5c1b1b48c9951e1c21a1eb5f507cff137cfb862c2cc98766e878c930a083828c9d8db18bf16716685f39d6572a8ca8b2a514f77003d4e75bc154aebf14103778f365b1c3f03541ddbd07d6e23e56762d971eb02983e93c4e01ba4b8a2178928c4337d302f31c9ccb75b249a82dc96821e95a03ab6b770df2c3dfdbf1fe9773f8bc1bc5b3afa0440b102578f3d213c8d019cff124f75ce4accc8c667feb27c751a6120074813104e0cd070c9f5e451dccff4c80d71107c975abfac07d4d270c727d8a2fec349b533968e271892d2b62c125fb7974603c305ea3bfa30fb610fc5a23eb68a8406444391a521337:4c8010866d9115f05293b934cac68104cc2c3437568cb9d5c570b1a8bee706603075537033bd708a9c9f3d1e2519a915b1c4ae4ccddfcf0ed0c049d342a02e02e58f34daea755ac4e41333d6f0ed0135f7dbce50309bb1956bc71acb12c77067a647ffd86aa5870c0c0007e8f995a22b88c467de225444544201c557495e253e3319cc5ca376d3e7cc1eb467346e52ad956a6fa733720b17117b5b7585e4d559409aaefa95580f91e502015f497c5cdcb7d4d561f544efa35c1e2a53b72bddeceec2d1050f177d480f687405664dfddec06eee4bd147a912fdbf74f2a95d1fd1e11268694ce4d4ec4fffd6ddb3254d360f236fab4d1a17f8d0d1a511f944692f239639ae03d64facec6538427ab71f7127f4a276f9bc45bba611dfcce6446cc13968976c8bb6d6fe2106d705922dcac956966a76d48f2aff4b86514e39a67e1643fcc321858024e693189833c8ad59b4b625298ebafe64626b480f326f1340723cb3d383f4fccbfc237a3f4c4f7ecf0ba436b32c2fe35179da93111b48cc9ea24202bdc1b2fb60a4319dfd9864470f73f54137206e0bf007f5ae88a88747008a60f4789ad167724f179c02b63aed002573d28a6bcf88e07ce8daea5d5f1acf487b4c5c16c2bfe11231ea5ea763e8f332cc73da1b2f8c198ea8173fd33d4b2ae69e5d4d1aadddf2fd821b85be45151962d1f99df81308618852ad7cf41d72da08a1b39df7d8b994b4ddff37f9dfe8f38ce30e91061d95d58f7ae826b02385272ec09f01a7b3e4b391d09bced665dad69505b419da8481bc3792bf8b8e7ad64b63f245666c8c32fd5c1b1b48c9951e1c21a1eb5f507cff137cfb862c2cc98766e878c930a083828c9d8db18bf16716685f39d6572a8ca8b2a514f77003d4e75bc154aebf14103778f365b1c3f03541ddbd07d6e23e56762d971eb02983e93c4e01ba4b8a2178928c4337d302f31c9ccb75b249a82dc96821e95a03ab6b770df2c3dfdbf1fe9773f8bc1bc5b3afa0440b102578f3d213c8d019cff124f75ce4accc8c667feb27c751a6120074813104e0cd070c9f5e451dccff4c80d71107c975abfac07d4d270c727d8a2fec349b533968e271892d2b62c125fb7974603c305ea3bfa30fb610fc5a23eb68a8406444391a521337: +f731317cf5affe58704c4d9497ae860bbf739d0fd96b7c02efb6777b3c858a19d7d638aecce1461e314255aa29d9a6b488aea1396e9682695a470eff23f3ed84:d7d638aecce1461e314255aa29d9a6b488aea1396e9682695a470eff23f3ed84:16f51c59e9aefc26b0da5e0085eb2e2f1f856def9725769e3af12f860905ae133f65074da76dbf25c67f6257d2dc66c05f9b31ae177b69929fc183b588c519bca14796a0896d2905fd942d7ab4a3fd9541a5529f729c5851419b5fbef7b134d6762eb97e8a951a8ff52aa0d7e67444d06b07aa55e4eb9ab892f47bfd111df5b62f6f3fd1a5ed84125feebb77da637c05d5265ced113dfe8782dbd1cecd2c6c032b8fa8855b3ae78de74faa5aa20a761463c2a30be66bd38cdec75f8957cb94c113a45d546daf475d89aa1482f8d2803a23c939202015a08e94b132728fbe8f6019d7168a08a5930170e5639d110e4739db85e61e64495944b5423a74ad5a8a0a510612ece655ce18864051525b908e0b19290abe8b1182c48c700d350515fd349956e8087327f30b6fc3f131c2144abb3f0e9ca331172b35064a82811a68e2cf36b43e3ad2e8dfa5b1cef50e2a60293fc5f635c9a9998d8c1ad296e7c78fc0582022d63067186b65e764828cc0f5f7632d5eef863e6c6d90e38ccc87d7b747fac8491d632cf7f54b9a9eed16eebec01b6cc33d2463f7f950d828b55ee3f77cbe974f48948eb757aed4e0dbb00ad95ee01323486eba3c8da886ed7f57bb400d63a1b2ebeaa2e70adf0379e3393001ba626c0dd54b7f0c9a25aae6c9875d4e7622f3ed428fb3124b29c5db9a7ef16ebddd6805f095f5e769823c43f262868ff43e3e0525746d9497af124a01dff61ec718af3b5bb746fcc08aebd16684d456ae7932ff5ed7d6b0f1b25c7adeef598b5d58877590ac1dc05975156796998774081e5b66822a94a6a802c3a2cd9f489e1628aaf4652be1184b0fc7c5ee7f97ce08b9233b4b83d9367be5f4aae9782593a35265154dea4c375c16f0caf6dc4594d2bdbfc3375bb2a0432c482f13941ce2aaab4d83e74d116f5de4ab28f8dc3d1cd19d271e56e10398bd1df5c870fcbf93a7d1df3939547c107bfd90643f6f5001ae7e06397ae1a271bb82a1f38e097bec667466b80ee3e50dd4fc9d5d54f18faf7a5b55a8834594ef0cb7e508bbd28f71fd34235bbfd3:2a4fea98f9240171a1823f2f69352062672e6c6e6652d388a87714d647995df75b6e1ed1746af2adf4e806135d60754e60fea032128e35abc1f1615181125f0b16f51c59e9aefc26b0da5e0085eb2e2f1f856def9725769e3af12f860905ae133f65074da76dbf25c67f6257d2dc66c05f9b31ae177b69929fc183b588c519bca14796a0896d2905fd942d7ab4a3fd9541a5529f729c5851419b5fbef7b134d6762eb97e8a951a8ff52aa0d7e67444d06b07aa55e4eb9ab892f47bfd111df5b62f6f3fd1a5ed84125feebb77da637c05d5265ced113dfe8782dbd1cecd2c6c032b8fa8855b3ae78de74faa5aa20a761463c2a30be66bd38cdec75f8957cb94c113a45d546daf475d89aa1482f8d2803a23c939202015a08e94b132728fbe8f6019d7168a08a5930170e5639d110e4739db85e61e64495944b5423a74ad5a8a0a510612ece655ce18864051525b908e0b19290abe8b1182c48c700d350515fd349956e8087327f30b6fc3f131c2144abb3f0e9ca331172b35064a82811a68e2cf36b43e3ad2e8dfa5b1cef50e2a60293fc5f635c9a9998d8c1ad296e7c78fc0582022d63067186b65e764828cc0f5f7632d5eef863e6c6d90e38ccc87d7b747fac8491d632cf7f54b9a9eed16eebec01b6cc33d2463f7f950d828b55ee3f77cbe974f48948eb757aed4e0dbb00ad95ee01323486eba3c8da886ed7f57bb400d63a1b2ebeaa2e70adf0379e3393001ba626c0dd54b7f0c9a25aae6c9875d4e7622f3ed428fb3124b29c5db9a7ef16ebddd6805f095f5e769823c43f262868ff43e3e0525746d9497af124a01dff61ec718af3b5bb746fcc08aebd16684d456ae7932ff5ed7d6b0f1b25c7adeef598b5d58877590ac1dc05975156796998774081e5b66822a94a6a802c3a2cd9f489e1628aaf4652be1184b0fc7c5ee7f97ce08b9233b4b83d9367be5f4aae9782593a35265154dea4c375c16f0caf6dc4594d2bdbfc3375bb2a0432c482f13941ce2aaab4d83e74d116f5de4ab28f8dc3d1cd19d271e56e10398bd1df5c870fcbf93a7d1df3939547c107bfd90643f6f5001ae7e06397ae1a271bb82a1f38e097bec667466b80ee3e50dd4fc9d5d54f18faf7a5b55a8834594ef0cb7e508bbd28f71fd34235bbfd3: +498e5a21a9b0c347ba83a47ac10069457f5783c2e1e6e4640045e594b1c69332fb3948c81199569105cc1b7d9ceb3b41a343bb00575538592e0984f4f4710abe:fb3948c81199569105cc1b7d9ceb3b41a343bb00575538592e0984f4f4710abe:e4fbea864aa51190826645d2f772cb0f9eddd3034473fa3177c7af9a5d41e1a73ad5784c7096559fcddb7b7c85891cf24e82c588d74774ffcac0c6b4eebc2f3fa43e9d45f259d67564030cfeeab9236c665b650af0c92c875189f5f9383504b15360a0b9a5a00da31f635b96f6c73ef47b6b06f02811d1d19c2e8e53550ce22e42ec50a1eb2ea2f4cd03c442d4aa436894238ceb1835fe99b240358aa0562c249698a3f123c2c17e591010bd6fdfcbd7dbe70b04520502ece37a9a1dfa1ae3370417b004217a5b8fe9903c9a3b9f4b6d5c46c0ed0c538cec22f2dfcb2a280a42adc489cf2e062912be9928f0c060891e432091177526f1b3a968069d4a57ade828559810ae0360681ff99329fa0f59e7e59cdf87f9f33c40e97031b9f81d48fc12286efbb3d4e5a62ef57bc0d52d533b99c5106aa79cfe1793a908518596c383483ec49ff98ec557bfff7490a46daf6714f2c2c32f57932ca0d730f03f381d69decdbd9a7a6d4afc62406543c8ebe90ac76e6afabdb82492a206a369e04286d313e11107d8cd9b4bf68f815dba4e990b049d79216d3653138342cd118b130f66b006f3d89ac3cf89837048b0f8a62d94051d2eab891ac5f47888879d88e546676d1daeeb4d175d3f04a9d74ffcdd47746016f84ad0d112afb59ad12187e94f22535d77e9e0516fa42185c197ba774b393227f741fe68273f423fb0e0e0474bfdaf2da78aeb1cd5b98c1dc0832124742a4754125fc78b19c559a5b3f7711e068c440cc0469a1cfa5c1864be18735aa8bcd406c4371eb857754d908bf379b91fcb24e34396bf87c19a04a83d59dae71f3f3839829d06221301ef595696e719d56b79520a0e509929833b1d804a6a0ea40400bb45028ce5d36933883e17406e27a8109057b1a1a5e5da210a6921994f467ab41aa8f0d88775a8a8ebb4ec77d7c80e45a7bb422a4c00c90583911465e6b5f0fdcdeab72871ca542e1d1a2ca94df4ed2eabf90ded0045290324a9fffb30145470209f3826580989349199dc5ab8d4a25df7a0529cf91471e30842abfacd44ab781dfc1395:2860830ccd1d41d95076816a398424f7b739c49fdacf5654529da85fe3565584f6aac2614c63f774b61db9081f1410fba8e50ab3b4c39dc06314243f3f0d8e0fe4fbea864aa51190826645d2f772cb0f9eddd3034473fa3177c7af9a5d41e1a73ad5784c7096559fcddb7b7c85891cf24e82c588d74774ffcac0c6b4eebc2f3fa43e9d45f259d67564030cfeeab9236c665b650af0c92c875189f5f9383504b15360a0b9a5a00da31f635b96f6c73ef47b6b06f02811d1d19c2e8e53550ce22e42ec50a1eb2ea2f4cd03c442d4aa436894238ceb1835fe99b240358aa0562c249698a3f123c2c17e591010bd6fdfcbd7dbe70b04520502ece37a9a1dfa1ae3370417b004217a5b8fe9903c9a3b9f4b6d5c46c0ed0c538cec22f2dfcb2a280a42adc489cf2e062912be9928f0c060891e432091177526f1b3a968069d4a57ade828559810ae0360681ff99329fa0f59e7e59cdf87f9f33c40e97031b9f81d48fc12286efbb3d4e5a62ef57bc0d52d533b99c5106aa79cfe1793a908518596c383483ec49ff98ec557bfff7490a46daf6714f2c2c32f57932ca0d730f03f381d69decdbd9a7a6d4afc62406543c8ebe90ac76e6afabdb82492a206a369e04286d313e11107d8cd9b4bf68f815dba4e990b049d79216d3653138342cd118b130f66b006f3d89ac3cf89837048b0f8a62d94051d2eab891ac5f47888879d88e546676d1daeeb4d175d3f04a9d74ffcdd47746016f84ad0d112afb59ad12187e94f22535d77e9e0516fa42185c197ba774b393227f741fe68273f423fb0e0e0474bfdaf2da78aeb1cd5b98c1dc0832124742a4754125fc78b19c559a5b3f7711e068c440cc0469a1cfa5c1864be18735aa8bcd406c4371eb857754d908bf379b91fcb24e34396bf87c19a04a83d59dae71f3f3839829d06221301ef595696e719d56b79520a0e509929833b1d804a6a0ea40400bb45028ce5d36933883e17406e27a8109057b1a1a5e5da210a6921994f467ab41aa8f0d88775a8a8ebb4ec77d7c80e45a7bb422a4c00c90583911465e6b5f0fdcdeab72871ca542e1d1a2ca94df4ed2eabf90ded0045290324a9fffb30145470209f3826580989349199dc5ab8d4a25df7a0529cf91471e30842abfacd44ab781dfc1395: +c24cbf401ad03bd88dcc7b519ecf624db2223e990289309e1e9f1f8f6127c6c9a74666f357209f7189903788f107563e50c051c3d40c3f3dad10d3c3cff1e678:a74666f357209f7189903788f107563e50c051c3d40c3f3dad10d3c3cff1e678:e7fa359e6a09b2c54aabed3bbabfb72853a805aabcf4d18ddad39f03f34601e55b6ce263c9a3ca6a3e5f1425c821928c61e7f750919bd3af32bcb7b94d459a7a9a35f61c941792e2cc2e4327beb344a841a07f32068af102b3de61eab64ef6d5e69062e393ab5edf6ac9ef7b38d49a01bef0003f421174c8885975c01832899c3135e7a86e5b55d9b1328bb4289b5c40200f49e5523b3c461dc7175e1465022297c3d380f2b1fef39cb82c00fd160f447eb51263fa25b4df0fca41ec0ca2ece7472201af86c3038c49df099a9aefa1f88d0edfd17c0b3c86046629c09454054aa0fb2c6949dd9c130185dfa5d903891e08742cd0429403f57f4052158b2f401da4756854e4aaf024221e37513cf677ee6a0b159f501d377ea32eb71e778004f27203cd6d553fda5d65e1879477046f3ea3d1d75c9d0d30311456709cc7f6ab68c7b0d52be40f04cf655655323285318329e84c6a5b07e0ceed5f78f7f1fa6229bef878793c584728abf4510b7f27794b5942916254c589a09c8e911f0b954211a63699a752147f2a4e1a18956644bea2ca2692ba182280e04a72dd89b0d1268500938f347bf43f2a242ee9b9a6baac9b350d656fb19ec834abe3164440f2d2071fe5e32c8e4cf905539b839ceeca2620fcb2a087f780e6c7f5e05c506888250ea7c856fb30983200aa8f78fc1771054ada0f3fac38ae2f33dc4a4f851b76ed740c0962a76a4de44080dc620a44ad8f23d3462b792ab3afb19cb8a9f4d9e59ad765a771899da8cbec89e5077e85c0c93126376c941bef1f8bb992d3a35f270725846fb252f8b5fbb7567e406a1b53b619769e632b2b4087cd4c276e5d58ff2b56e89edec48ce53a52e329ca1559538f10902c01a85fbb3cd72e6b8291e5fe639bee9d47d34c249a7a07d7a1427a01f63d60984c450bef819b19f65e2614fd9c2fae7b9231a0bca414ed94a5ee7e66327d2a99c84878b7bee087e891f253fa1fece313648c06c45db2d9f3bc8599937b752d38ce5063d0ed9a43ec9d4015893d43bf5b2d1c60478510468968b796f0153789595441722a:581e6c85aec623b62b3d4c9bc9c77759d5492722e252d44c1f8ada9da2ecc67c17083273aa091bbac046ae63c78893152e14d926c41ae35f0e6e3959496b1306e7fa359e6a09b2c54aabed3bbabfb72853a805aabcf4d18ddad39f03f34601e55b6ce263c9a3ca6a3e5f1425c821928c61e7f750919bd3af32bcb7b94d459a7a9a35f61c941792e2cc2e4327beb344a841a07f32068af102b3de61eab64ef6d5e69062e393ab5edf6ac9ef7b38d49a01bef0003f421174c8885975c01832899c3135e7a86e5b55d9b1328bb4289b5c40200f49e5523b3c461dc7175e1465022297c3d380f2b1fef39cb82c00fd160f447eb51263fa25b4df0fca41ec0ca2ece7472201af86c3038c49df099a9aefa1f88d0edfd17c0b3c86046629c09454054aa0fb2c6949dd9c130185dfa5d903891e08742cd0429403f57f4052158b2f401da4756854e4aaf024221e37513cf677ee6a0b159f501d377ea32eb71e778004f27203cd6d553fda5d65e1879477046f3ea3d1d75c9d0d30311456709cc7f6ab68c7b0d52be40f04cf655655323285318329e84c6a5b07e0ceed5f78f7f1fa6229bef878793c584728abf4510b7f27794b5942916254c589a09c8e911f0b954211a63699a752147f2a4e1a18956644bea2ca2692ba182280e04a72dd89b0d1268500938f347bf43f2a242ee9b9a6baac9b350d656fb19ec834abe3164440f2d2071fe5e32c8e4cf905539b839ceeca2620fcb2a087f780e6c7f5e05c506888250ea7c856fb30983200aa8f78fc1771054ada0f3fac38ae2f33dc4a4f851b76ed740c0962a76a4de44080dc620a44ad8f23d3462b792ab3afb19cb8a9f4d9e59ad765a771899da8cbec89e5077e85c0c93126376c941bef1f8bb992d3a35f270725846fb252f8b5fbb7567e406a1b53b619769e632b2b4087cd4c276e5d58ff2b56e89edec48ce53a52e329ca1559538f10902c01a85fbb3cd72e6b8291e5fe639bee9d47d34c249a7a07d7a1427a01f63d60984c450bef819b19f65e2614fd9c2fae7b9231a0bca414ed94a5ee7e66327d2a99c84878b7bee087e891f253fa1fece313648c06c45db2d9f3bc8599937b752d38ce5063d0ed9a43ec9d4015893d43bf5b2d1c60478510468968b796f0153789595441722a: +8b3dcde4abbf4e6211c4a51c4b026800a8a2a061cb38a2ecc7c9cf113f9270bf514535580f0de359bb0d41f2efddaa04c2ec950119f31634b2c1a32f195f6968:514535580f0de359bb0d41f2efddaa04c2ec950119f31634b2c1a32f195f6968:481425027da672b6f26c91b80e55582caef47bb15a2de8fca852221785180b20a7fd6d4907b5881cc1d6e39ab9612cc74d6977e9141f7087bb27ab3084a26285586f8411db1f503adf52dcb25ab8fffd2ec1504c1777b9d6dd4a29e2019e5cbae1b7eb26f95bbe07d90c2f6fb0884a59a8d58dde5116edc3bc349d37c160b27befbe5a5c181ce7256392354d221b58c47eb0bb10929e7421795f4b7a7c275edd08c088568772e993218dd6f3c2cb4ac657a0a3f91f3126b991adf6cbe7d1b19b8cd83be3602ed18f039633fbd2387bda69e2cf0387d8644d97b303fb00639aeee7ae463f6fe1a2c4b89aeba3e9094c11fc29114b20283f287c6dd28cb098dae8dabc48e85bb59c0dc6e78c956605cb7cf06942353e7a22e96f80a37a66f718d9e4db8c52452aa0a35772e81ba2b303205b412dd2bfc15ce9b436f99fbb32126b63ce9cb43199f157d81751a7c4937d13af4c582952b5d606b555b046bf1de06cf39b63a80287371803609a387ee80f3a5d88b9d6219650ed17d3cc183b2c70d5eb94e3bc52aea7aa7f53be0e20b8972f143d8e20162e803edb4aa83d5553fdd553398b0fa176b959cba140d6e980c9251b0fa0b65e908417f82f451ff9f2de6b9ca5e3b5f41ba40d05a54f3dab4886aacca05c9c2798139a4cb33e96a91494749910a17ce8b392fc0fc7762974d79d33db924bfef8655a723776ff87f950fdc568b1e526534541f572723b840663c19188c424f7c489235a424b09fe25c30727ea1cb04953d706d68bfe12100ef6f64c35c6b8de67edf0e3ad014a400e821ea34024321999867b43c82c450184b78f7425cebd7319dc6f65d360665dfbe7c36674dac3a54e96da910c02d3640780b22d512ca0e3ca3587b94ea9fcd7a31b4af69fd6207c68fed25f89921c1cdcdefd1c090204492bff9bbb52e08885829d012bc2dfb4fe8c35e59cd13bcb8ead34193c40b03ee4d825ee1322ff4ef071279574cbaee7c07f14be606b9cd0e261111ef20d9681d76cf78c89a8c397d6b8dc778f4984166ad5df3a81aaf2e6de09f700195ae2c1d4609647:4f3d4d228503017e74a6bb58aafae35c3f37bdee4ff6be2e6240b5082feddb222735e12f31e056fa685447e5384803007ea7910e605c1b78118cd5acc587a606481425027da672b6f26c91b80e55582caef47bb15a2de8fca852221785180b20a7fd6d4907b5881cc1d6e39ab9612cc74d6977e9141f7087bb27ab3084a26285586f8411db1f503adf52dcb25ab8fffd2ec1504c1777b9d6dd4a29e2019e5cbae1b7eb26f95bbe07d90c2f6fb0884a59a8d58dde5116edc3bc349d37c160b27befbe5a5c181ce7256392354d221b58c47eb0bb10929e7421795f4b7a7c275edd08c088568772e993218dd6f3c2cb4ac657a0a3f91f3126b991adf6cbe7d1b19b8cd83be3602ed18f039633fbd2387bda69e2cf0387d8644d97b303fb00639aeee7ae463f6fe1a2c4b89aeba3e9094c11fc29114b20283f287c6dd28cb098dae8dabc48e85bb59c0dc6e78c956605cb7cf06942353e7a22e96f80a37a66f718d9e4db8c52452aa0a35772e81ba2b303205b412dd2bfc15ce9b436f99fbb32126b63ce9cb43199f157d81751a7c4937d13af4c582952b5d606b555b046bf1de06cf39b63a80287371803609a387ee80f3a5d88b9d6219650ed17d3cc183b2c70d5eb94e3bc52aea7aa7f53be0e20b8972f143d8e20162e803edb4aa83d5553fdd553398b0fa176b959cba140d6e980c9251b0fa0b65e908417f82f451ff9f2de6b9ca5e3b5f41ba40d05a54f3dab4886aacca05c9c2798139a4cb33e96a91494749910a17ce8b392fc0fc7762974d79d33db924bfef8655a723776ff87f950fdc568b1e526534541f572723b840663c19188c424f7c489235a424b09fe25c30727ea1cb04953d706d68bfe12100ef6f64c35c6b8de67edf0e3ad014a400e821ea34024321999867b43c82c450184b78f7425cebd7319dc6f65d360665dfbe7c36674dac3a54e96da910c02d3640780b22d512ca0e3ca3587b94ea9fcd7a31b4af69fd6207c68fed25f89921c1cdcdefd1c090204492bff9bbb52e08885829d012bc2dfb4fe8c35e59cd13bcb8ead34193c40b03ee4d825ee1322ff4ef071279574cbaee7c07f14be606b9cd0e261111ef20d9681d76cf78c89a8c397d6b8dc778f4984166ad5df3a81aaf2e6de09f700195ae2c1d4609647: +d4a7a9524d30a6337c0a0be95ca90591de9888038e3e59e1b25a4181ef9466299fc3ebd139cc5b7c0e05af47bff6619b812815bb01ceec392a3ff0aec3811d2c:9fc3ebd139cc5b7c0e05af47bff6619b812815bb01ceec392a3ff0aec3811d2c:171980c03fdf7a727bd5bab3ba0945e6ad5faf0a7f506a56d1d0edd9a306b3158d843266d3091fc1e42281df97559a2201f5bdddfe683d0e1028d1d95b2f313b484c392ffdb1cdf88508afde3d6fd2a12888bacedeb79ff3db40c9ac0ec3fb901b228698adf8d845ff4fce10de55d42436dce930973a34be05d1401f334d4ce8e3a793799eafdb94d0f2ab0950b079e6653eeb499fc7447ccbeeed8dbd5456808cd7a38f9a15a2a9c738d61334cab8ceebbbf4a4814d94c61859178784604e0c2154597e72cf587cd1f5dafe5922051890e76d616d8cd5b05d6478d0626ea83ce808c46143e6fb06b4182d228da8f6d4139eca5b8f3b1b98af68c59b4b5a53c136ee90432aca2bb915529d26367949826233b43e55804b55fc9f215eb0b0b79291465bb34edaeadffabfe6cf41bc07b5dd4d0142f0361f058ee1b3b9fcc196eb9b35b134be3d1d232004489e8f6993f625a63015bcd3f1e87588324858ccfb770dddd894bf297bd763ef5828e21f5c89aa98cfbc1c082dd7fbaa4307bda40b4a758ca8f39f4e4aaed309041268dbcf0af32de0d7fa90a523963b780b6a932cf89499025f0e0d0474c74348947510e6c5ec7c9e05066eeb4a73520c3d927c39ac26ad7596325b2cc47c5e82a775455b7af03120b1cfbfd6ec3fc0c3be6078b00cfdf8342ae8bf147159f50e9d564e2f68306dae3caedd1019f323c478a1e1f67598dd834bd1d1a8733fd7fdd8a876526c531518936edb72d01656b344c7d65ac1cee37ce5997ba48d3f4d064d88057efe9a482d9e00ab5caeb5aca2d660e337bd15487365697956a5e47b02abdc30d8e353fed4e1ac41d2bc2120021143635935c620186a522bde54be0446fbd2dc88b56304b3a64227d0acd5f85a6b6787a3adcf2d7cfc86c634b4d7ab4315b97de9e666cff3ff1b88f3295e7bab9e9fd46fafddb4f5fac51cc0170129c651b4ef4d3950d6942ff020d1668a528bde1da936c0ec1ae09e84f8205861fff491502a872c8154a96e7ea25eda955a7fd2e4b4c7a8d273f60bc74fab7b4968ca6f75daea5040f839fd56c2a980:d15788bcd88d1d81b9e61d4fe26ea49e66819a59d2ae4832321b814d5062fadb87807db6852e1d8295e31a291b1e785d01d834895f88f400df8832c1607b5b0c171980c03fdf7a727bd5bab3ba0945e6ad5faf0a7f506a56d1d0edd9a306b3158d843266d3091fc1e42281df97559a2201f5bdddfe683d0e1028d1d95b2f313b484c392ffdb1cdf88508afde3d6fd2a12888bacedeb79ff3db40c9ac0ec3fb901b228698adf8d845ff4fce10de55d42436dce930973a34be05d1401f334d4ce8e3a793799eafdb94d0f2ab0950b079e6653eeb499fc7447ccbeeed8dbd5456808cd7a38f9a15a2a9c738d61334cab8ceebbbf4a4814d94c61859178784604e0c2154597e72cf587cd1f5dafe5922051890e76d616d8cd5b05d6478d0626ea83ce808c46143e6fb06b4182d228da8f6d4139eca5b8f3b1b98af68c59b4b5a53c136ee90432aca2bb915529d26367949826233b43e55804b55fc9f215eb0b0b79291465bb34edaeadffabfe6cf41bc07b5dd4d0142f0361f058ee1b3b9fcc196eb9b35b134be3d1d232004489e8f6993f625a63015bcd3f1e87588324858ccfb770dddd894bf297bd763ef5828e21f5c89aa98cfbc1c082dd7fbaa4307bda40b4a758ca8f39f4e4aaed309041268dbcf0af32de0d7fa90a523963b780b6a932cf89499025f0e0d0474c74348947510e6c5ec7c9e05066eeb4a73520c3d927c39ac26ad7596325b2cc47c5e82a775455b7af03120b1cfbfd6ec3fc0c3be6078b00cfdf8342ae8bf147159f50e9d564e2f68306dae3caedd1019f323c478a1e1f67598dd834bd1d1a8733fd7fdd8a876526c531518936edb72d01656b344c7d65ac1cee37ce5997ba48d3f4d064d88057efe9a482d9e00ab5caeb5aca2d660e337bd15487365697956a5e47b02abdc30d8e353fed4e1ac41d2bc2120021143635935c620186a522bde54be0446fbd2dc88b56304b3a64227d0acd5f85a6b6787a3adcf2d7cfc86c634b4d7ab4315b97de9e666cff3ff1b88f3295e7bab9e9fd46fafddb4f5fac51cc0170129c651b4ef4d3950d6942ff020d1668a528bde1da936c0ec1ae09e84f8205861fff491502a872c8154a96e7ea25eda955a7fd2e4b4c7a8d273f60bc74fab7b4968ca6f75daea5040f839fd56c2a980: +d08f4babba3b5365faf738795c9da45db1862cb28b93eb6635d1320da0f4d937ef31b454f734e52b3438ee2f1cbc35631b1969de54ac98fe4633f2f500ac8712:ef31b454f734e52b3438ee2f1cbc35631b1969de54ac98fe4633f2f500ac8712:a394d8854ceb5c43afee1a48926bbd6685aa8aecfdcf854133333974d624bf2f1f9c30f005bbf34cee3afe2b290600eeae6f1dd12a0c346fbb2ab9c916c5d5d80dcd87887875a0ac847678039fdcd3a9793541f5d675143a6abadc3b18f0fef5108c19c2dbfb59710eef9866a4f3f297a09ee48c6803007dd6ba8fd4be841cfb10ff0514c30fc4dd49a3cd43bbd16e460443a11afe649e901d63d89af598aa686b2f607ec11f35e17a798a4213b75a38788da4f27cf2b02caddfe61c3729a87ec6e6b098f68e7aed28a800c484dfa0130401208f986d792f54635add2848e151262a365eb21e2727191e1f700f3bf5c73b0fb4c546d0048a155c18717920fc0425c8c8fa8f167c43a277bb366e0ad702c89bc5aa06fd470943be05cb9e3259787229714c30a4e87b00a633aaf7be6b5875010d12e107c9a5261ca562d67025bea0fe223463edb92ea01cca92c44ff24da9d8a80a6421f3d4135d647d1bb0fd988c46c8a170ceb4f33fff9c0ffb6abad1092c84dfad8290898b249516a292e8da96fd51a81005eecfdebb05933099277d073a480c3f9eb8aa11968c4d8dc0787a9aec3e0527b7fe4c0635411335a1811689e88f6d5ced0d40d6b48b7f2d992952934894153076a8d37372fa00d9cefc5cf8c26adb5acf325a01cd005ab8d474a52d67114078c6516aef804bba19b887a28ed5e46ee9995e5ad3a82fb9cd93283433680921114b4d9af8fcb6b2b535839c36de8df12b17ea6ddcfcb3334ff40e6cf04ccd5ca6403ba0b62b4cb71bbde91d8babda69152c9c93ae769b5529c8d52fd9a6909a15e1a0601a714649c96ec996c1706d1021b97487980d7b2c2a39bbb0e470d8e46ac4aa609a0922c9bdc01612eadeaccd5fa523b2a8d0e62ffe56281647d61fffbbc840535745d144259cc81300fe99dfbffea6b0b9bcd28473982d32e93ed46634a9987906d6f48939d8dfbfb37d33b888db608cb2ffe39a8cf67b72644611c7d32a4a8df612468cd5e5d75fbba79e638aa1daa28c4e0eeb9a637ff8a08b65f7a7612414df76bc7b0b56b5537d666facfddaf65af1:acebe4c86fa9fe2c1a5c576ac0501e8ab0f640fa40380536fcf95059d53d4a3555d220ac363587175e4bde163c0d00650a12963d46766c99bb62bf7573e2870ca394d8854ceb5c43afee1a48926bbd6685aa8aecfdcf854133333974d624bf2f1f9c30f005bbf34cee3afe2b290600eeae6f1dd12a0c346fbb2ab9c916c5d5d80dcd87887875a0ac847678039fdcd3a9793541f5d675143a6abadc3b18f0fef5108c19c2dbfb59710eef9866a4f3f297a09ee48c6803007dd6ba8fd4be841cfb10ff0514c30fc4dd49a3cd43bbd16e460443a11afe649e901d63d89af598aa686b2f607ec11f35e17a798a4213b75a38788da4f27cf2b02caddfe61c3729a87ec6e6b098f68e7aed28a800c484dfa0130401208f986d792f54635add2848e151262a365eb21e2727191e1f700f3bf5c73b0fb4c546d0048a155c18717920fc0425c8c8fa8f167c43a277bb366e0ad702c89bc5aa06fd470943be05cb9e3259787229714c30a4e87b00a633aaf7be6b5875010d12e107c9a5261ca562d67025bea0fe223463edb92ea01cca92c44ff24da9d8a80a6421f3d4135d647d1bb0fd988c46c8a170ceb4f33fff9c0ffb6abad1092c84dfad8290898b249516a292e8da96fd51a81005eecfdebb05933099277d073a480c3f9eb8aa11968c4d8dc0787a9aec3e0527b7fe4c0635411335a1811689e88f6d5ced0d40d6b48b7f2d992952934894153076a8d37372fa00d9cefc5cf8c26adb5acf325a01cd005ab8d474a52d67114078c6516aef804bba19b887a28ed5e46ee9995e5ad3a82fb9cd93283433680921114b4d9af8fcb6b2b535839c36de8df12b17ea6ddcfcb3334ff40e6cf04ccd5ca6403ba0b62b4cb71bbde91d8babda69152c9c93ae769b5529c8d52fd9a6909a15e1a0601a714649c96ec996c1706d1021b97487980d7b2c2a39bbb0e470d8e46ac4aa609a0922c9bdc01612eadeaccd5fa523b2a8d0e62ffe56281647d61fffbbc840535745d144259cc81300fe99dfbffea6b0b9bcd28473982d32e93ed46634a9987906d6f48939d8dfbfb37d33b888db608cb2ffe39a8cf67b72644611c7d32a4a8df612468cd5e5d75fbba79e638aa1daa28c4e0eeb9a637ff8a08b65f7a7612414df76bc7b0b56b5537d666facfddaf65af1: +8f474f88cf863c485456a5a2155281ff27b28459f63bc4f1db00e0031064f64943144a329d751d04e07169b779ee920dd029cb445bf376ba3a668572182344a3:43144a329d751d04e07169b779ee920dd029cb445bf376ba3a668572182344a3:840891d948ec19c8c7f7c9d3c4775362a544a0ec97457ab5d14e125dc54b59c8dc9a635e7badb6be73c3a58dc0e9929f2b420d8356d617c3d41bfe69b4e158d4bf08fb17e688d3cf3c948b69b35f0b6db66272a8eb2bd410d6509f6c828b6a20d6586eaf857601ed9d6054799c25320eba8077fe1ae22671b33a1588ff2b235d3c71a27ce5c6c66e18889198d116933676bc4fb0710db7ff1ac2f20ce369bef56b43cd1d406cefdacf00f1f348b8ca7aa614db11a3a640fdb59389d1a6a394755c133f1b019c8308ca5a951e73b810a180f6ff25b29dbbccef4c13a97503393907a2dba096a8ce5c86c0ee6f97c1441b8d6331cba53b19606b421af52f65f9c663e63d3982718f948c6bae961b8e4bf8cd9e31cd09928e4e80616597ccfadcb8a614154933bc37589c85c776e34e5a90660f59a65b5e93ad438842f982d02b041e6dbddf171099f8db70995731a0db8c4625c9bca710805961fb176dae819768fcad7ff9bfce36403ca7f783e7613726d7dc59f24e247cf15068ff3b19c725fad65ea8e8a7f722d528c95fcef1c0cc79d18ef07cee8b011eeabd9921634d76a61a8a3c8931b827e8189881f81f7a175f21fb0378b8188e58bdb2017bef390f1800d9d74f263a81df8e67522d092e775d01e004e7f8d8281ae2c2fdf8c3a445f9eff7fdf13f261a773ddf2dd9cc6ba5585d990c995e6eb89dffd9ff0a9dbb76ce5e10dd0272d5001497881366f5d636a9cceaa283228d3ac614db217ab891d6689dbeb950e1200c3de53bc5da07f1d363dae9be6ec36eda6e687d26290f7abca268a7fa03d9318864eda9a11e3b26140605920ac13adec1b5548c9a7a3215a5876b7e941afa1cb5d7f7f0c11630cd429f3b2b37dc76c6cbea4f3b726aa8a5f8b9f705b05d7e9451956f8af13ce0a85955c7135d64ade5496ea542e70f8da5b573aaf137085dc96c6927099695672668b3c7c6f93c977a4e8e9e770295f20d52dff187f8dbb25ee7e774024eb9be08121ed74b6d5462f4bb7dc2003874caa31bb7595cd93a99ebe1eff928bb5fcb9e9c89dd31d487fc0e20bbe150:f61f7807c33e196d0fe182efa4d4516a9815ddd449538bbaa6b86b6901a05f5ddda0601ec90f39f1554779db7a09a60572effd4d128d0d3c2dd4e883574bc60b840891d948ec19c8c7f7c9d3c4775362a544a0ec97457ab5d14e125dc54b59c8dc9a635e7badb6be73c3a58dc0e9929f2b420d8356d617c3d41bfe69b4e158d4bf08fb17e688d3cf3c948b69b35f0b6db66272a8eb2bd410d6509f6c828b6a20d6586eaf857601ed9d6054799c25320eba8077fe1ae22671b33a1588ff2b235d3c71a27ce5c6c66e18889198d116933676bc4fb0710db7ff1ac2f20ce369bef56b43cd1d406cefdacf00f1f348b8ca7aa614db11a3a640fdb59389d1a6a394755c133f1b019c8308ca5a951e73b810a180f6ff25b29dbbccef4c13a97503393907a2dba096a8ce5c86c0ee6f97c1441b8d6331cba53b19606b421af52f65f9c663e63d3982718f948c6bae961b8e4bf8cd9e31cd09928e4e80616597ccfadcb8a614154933bc37589c85c776e34e5a90660f59a65b5e93ad438842f982d02b041e6dbddf171099f8db70995731a0db8c4625c9bca710805961fb176dae819768fcad7ff9bfce36403ca7f783e7613726d7dc59f24e247cf15068ff3b19c725fad65ea8e8a7f722d528c95fcef1c0cc79d18ef07cee8b011eeabd9921634d76a61a8a3c8931b827e8189881f81f7a175f21fb0378b8188e58bdb2017bef390f1800d9d74f263a81df8e67522d092e775d01e004e7f8d8281ae2c2fdf8c3a445f9eff7fdf13f261a773ddf2dd9cc6ba5585d990c995e6eb89dffd9ff0a9dbb76ce5e10dd0272d5001497881366f5d636a9cceaa283228d3ac614db217ab891d6689dbeb950e1200c3de53bc5da07f1d363dae9be6ec36eda6e687d26290f7abca268a7fa03d9318864eda9a11e3b26140605920ac13adec1b5548c9a7a3215a5876b7e941afa1cb5d7f7f0c11630cd429f3b2b37dc76c6cbea4f3b726aa8a5f8b9f705b05d7e9451956f8af13ce0a85955c7135d64ade5496ea542e70f8da5b573aaf137085dc96c6927099695672668b3c7c6f93c977a4e8e9e770295f20d52dff187f8dbb25ee7e774024eb9be08121ed74b6d5462f4bb7dc2003874caa31bb7595cd93a99ebe1eff928bb5fcb9e9c89dd31d487fc0e20bbe150: +e42b30d49c43c4fad83dd51fdc2a4ac5901327add800b66972c8c70bde180adcf734aafaa4dbaf315c258cca8bbc1d4f34e83601109874222aa05589f3a6635f:f734aafaa4dbaf315c258cca8bbc1d4f34e83601109874222aa05589f3a6635f:0d497051861e22d8a9c60e5f7de6c895cba335b2e82e602118ad8342b4d4edaa80f95efbb59cfda1fcc0291725700e8a81bb12a0b8623b1fe2891b8d98f7a84c59fd92f8a7adfc065042f7f4fd7e1a79f55a1d4d5e54e04e672f1c9e4c4cd8d0003f3cd54b76e2163dd737acb2de5c263ac102a48f696b60caf9be39c665cce1e0f3d498553f579061889a5ec5603e4d141cfdede8e7317572cfe76a0f48e4ae06062c9157b5eaac3468938192db4b16105c7364a94432b215a71797fee14c3c9ce2f746ed790302fc41dc492d37d9ef024ab51da3bdaf0f81d9a930aa0e025c04fd71026b6afeb7ed01a91a1efd6c39f5e447c66dd38a7656c613d02126f3585dfaa02df930253f83bd42196463ebc50f8cfc949ed350392e61ceec1309da15a432f80dfe948e261ce6d8421c5459cd21f3ffa2edb500982b2abfa52e82437ca230f609116320d9893eb82a14df72b7736667516fc012b28a03c9dd88ea4308d8ceea44cc604454cdfa2c797615bc0a6b3e0089af0a81be54d1b110a13ab911b452c342800cee2ad239a2b188a7fa875e941daaebcfc88b70ae4b1c575cdb6e6d89448136f60ee81c703c47822d2c0e50c7f1e8b7fc7ebd80789fcd7e06c7e50b5fc8b776e8b9a4cd5905a29069bc3a558d7cabce2af4f310767d5b117e3076b3a0d527175543b2ccea28d5f716fac32efed3d2e0276be44a8956fc8240f2db3397614f2f2da02166694ec6a7feec6ece39d72b64bbc6b476a4f84f8d879380a38488e4d6e58cac0390ae25a5fcb73d47414b4c26bbb9b4cc66e42594bd56d841a360923491d117be2c6eb2320f3c6175e44e27b6653c5dac6fae73600b67960dca50aa855a89e0ff511ea04f143e89f1da028476be4bf6d94c80ff726339e8bcfb7dd9f8cf202259c0acb6276c281e3847c2cc8d2fba84438d2d3c6031f2a7b95c1d8f9f3cc86a5eff65cc011de95ad896858e1f7f6d6b94bf49dfff5de2d7fd71ef108134285f61ae475483442dc90bf013faedf3771c47c5b96dc3cf8e48510060ad8d45fd5461622780d869d4617b57fe3cb5cc0203153aae:ff8e076e343c8b73aa453bfee9b2bab6d5c2f74c35e1bad1e52ae777d69f79764083f994368a1ac851a641cd247008a34f3b608962f4dd5109ac71cce978ec020d497051861e22d8a9c60e5f7de6c895cba335b2e82e602118ad8342b4d4edaa80f95efbb59cfda1fcc0291725700e8a81bb12a0b8623b1fe2891b8d98f7a84c59fd92f8a7adfc065042f7f4fd7e1a79f55a1d4d5e54e04e672f1c9e4c4cd8d0003f3cd54b76e2163dd737acb2de5c263ac102a48f696b60caf9be39c665cce1e0f3d498553f579061889a5ec5603e4d141cfdede8e7317572cfe76a0f48e4ae06062c9157b5eaac3468938192db4b16105c7364a94432b215a71797fee14c3c9ce2f746ed790302fc41dc492d37d9ef024ab51da3bdaf0f81d9a930aa0e025c04fd71026b6afeb7ed01a91a1efd6c39f5e447c66dd38a7656c613d02126f3585dfaa02df930253f83bd42196463ebc50f8cfc949ed350392e61ceec1309da15a432f80dfe948e261ce6d8421c5459cd21f3ffa2edb500982b2abfa52e82437ca230f609116320d9893eb82a14df72b7736667516fc012b28a03c9dd88ea4308d8ceea44cc604454cdfa2c797615bc0a6b3e0089af0a81be54d1b110a13ab911b452c342800cee2ad239a2b188a7fa875e941daaebcfc88b70ae4b1c575cdb6e6d89448136f60ee81c703c47822d2c0e50c7f1e8b7fc7ebd80789fcd7e06c7e50b5fc8b776e8b9a4cd5905a29069bc3a558d7cabce2af4f310767d5b117e3076b3a0d527175543b2ccea28d5f716fac32efed3d2e0276be44a8956fc8240f2db3397614f2f2da02166694ec6a7feec6ece39d72b64bbc6b476a4f84f8d879380a38488e4d6e58cac0390ae25a5fcb73d47414b4c26bbb9b4cc66e42594bd56d841a360923491d117be2c6eb2320f3c6175e44e27b6653c5dac6fae73600b67960dca50aa855a89e0ff511ea04f143e89f1da028476be4bf6d94c80ff726339e8bcfb7dd9f8cf202259c0acb6276c281e3847c2cc8d2fba84438d2d3c6031f2a7b95c1d8f9f3cc86a5eff65cc011de95ad896858e1f7f6d6b94bf49dfff5de2d7fd71ef108134285f61ae475483442dc90bf013faedf3771c47c5b96dc3cf8e48510060ad8d45fd5461622780d869d4617b57fe3cb5cc0203153aae: +5cb514217482bf42f611fcec36a5286807c2bdbb56967691353f54310e1ad553280699003d5d3e1c05ad10fb10959bbc595cfe213069965cd8cf39dd426a0568:280699003d5d3e1c05ad10fb10959bbc595cfe213069965cd8cf39dd426a0568:2f57258cca7932e58bed546cb0041115bbad23d18346ef7ab5e3110082b3a9712f6cbe1270e6dc0cea3364a06a5f2f283ec39b63058d34d59979072fcbbd7a5d0f442bbdf082d5bfe2998aeb51bd26127803e5c796c38843200ae2f6e605af312f54fdff17ed1dfaa89d28fa67dce462de4fe25268212b282e222a443e2f31e269054171aa73c719a896cdb7a539dfd1d42991978197d7c4f2d30a641be34bf1380a4f4dc6d9b101636636a496beb357e347c1666516df8eb560a0e0d1e1529ce36a60e00ed278da3802be192342989bb611b4e3cbd9c37e8cce07efc12d29befd7e2f3adb13d28f708d97b63e107482c862956d7ce8dfc2af5cac8d51659267b0bbeddd5efa414ddeabd17b23ca6e843ff49effc82a5d07e36a83b67c2ad7e48eb9990b421c5558009bd6934e86d54a8a6ac4078796e305c7cc810d3f66ea6b9504fe0ae6757c504c5552530a6f8bbb52409be079d8e4a28a6fd7dc8935f8eb9498adc0f23d0807ec86295f4898f5d05e150bdc43aa8b7bdc893a0a684c3063898b6c95e7d56a4c102690438e9df99758a90f47c608dacc4ca240266faba35fa1eb2eaabe288d2c2ad50b6cbf107c002575e91ff472a4417940667be8180173854c93df84464bcd312b7a7ae4dc2b9059fbe6f83f53806425bdff031c6aed6efafd9de8dcd0dfabea8e6fa681e99193fb3c647e442112c9a23f596e65411d8d6bfc3923004ece91ea6deb881111b1dc29943f578981ee8c3bce8525f78565f34b85ff20015feae846f95b18700bc5cdf14b2db6cac69814d63d74bf20329303e5ca9f04731f6881cec6d3abf87f5eac08734faa34cff4d3cd9a4a11d7b12f73253b4dd0a43178f0d3c19c0c40d9ed918dd17646f616af79fdf6194262f0fa4f71b3187dedca48d9cbcc19931a1519677456256ed38354567c3a67571cdf82170a2c85bd2c5e68e05a0f3b93903f191b894f84946f89000568054c1cea9fd0b8bb55019506c54341c24931984548ba458a4d813089896e86a2dc33d94604003f354a7cc941c754aaea24253cbe4cf2147ffec5e7b950cbf28e284481:d53ee2e0f0fd657b2052478fd15df1d38fe0e93a5483eb4a6e7de93d02a4cd544d8fdddcea822b71576ed02853d9a6b14e1a548aefe90d92f883792b7f1d86092f57258cca7932e58bed546cb0041115bbad23d18346ef7ab5e3110082b3a9712f6cbe1270e6dc0cea3364a06a5f2f283ec39b63058d34d59979072fcbbd7a5d0f442bbdf082d5bfe2998aeb51bd26127803e5c796c38843200ae2f6e605af312f54fdff17ed1dfaa89d28fa67dce462de4fe25268212b282e222a443e2f31e269054171aa73c719a896cdb7a539dfd1d42991978197d7c4f2d30a641be34bf1380a4f4dc6d9b101636636a496beb357e347c1666516df8eb560a0e0d1e1529ce36a60e00ed278da3802be192342989bb611b4e3cbd9c37e8cce07efc12d29befd7e2f3adb13d28f708d97b63e107482c862956d7ce8dfc2af5cac8d51659267b0bbeddd5efa414ddeabd17b23ca6e843ff49effc82a5d07e36a83b67c2ad7e48eb9990b421c5558009bd6934e86d54a8a6ac4078796e305c7cc810d3f66ea6b9504fe0ae6757c504c5552530a6f8bbb52409be079d8e4a28a6fd7dc8935f8eb9498adc0f23d0807ec86295f4898f5d05e150bdc43aa8b7bdc893a0a684c3063898b6c95e7d56a4c102690438e9df99758a90f47c608dacc4ca240266faba35fa1eb2eaabe288d2c2ad50b6cbf107c002575e91ff472a4417940667be8180173854c93df84464bcd312b7a7ae4dc2b9059fbe6f83f53806425bdff031c6aed6efafd9de8dcd0dfabea8e6fa681e99193fb3c647e442112c9a23f596e65411d8d6bfc3923004ece91ea6deb881111b1dc29943f578981ee8c3bce8525f78565f34b85ff20015feae846f95b18700bc5cdf14b2db6cac69814d63d74bf20329303e5ca9f04731f6881cec6d3abf87f5eac08734faa34cff4d3cd9a4a11d7b12f73253b4dd0a43178f0d3c19c0c40d9ed918dd17646f616af79fdf6194262f0fa4f71b3187dedca48d9cbcc19931a1519677456256ed38354567c3a67571cdf82170a2c85bd2c5e68e05a0f3b93903f191b894f84946f89000568054c1cea9fd0b8bb55019506c54341c24931984548ba458a4d813089896e86a2dc33d94604003f354a7cc941c754aaea24253cbe4cf2147ffec5e7b950cbf28e284481: +87d3ba95c40df80069b1797ddf68e866e66d46c51fde60e768a9dbc5c92f57a92b812b2c9b60ff31975c429a86736dcc17a58d3dc1daa34623a4bbcbe2cc0581:2b812b2c9b60ff31975c429a86736dcc17a58d3dc1daa34623a4bbcbe2cc0581:e11256f82ad76f3f4a49d7bad3ced8718d36d2f2bb3d31bb61edd1ecbcee6621fd2eeed3e3deb597b149ff71b851f61c8c6819e131f9a2af7673c3f20702acfdc8b8f9064b415c9a3e35568e371d740a38127c1f27b391b45d07045aeaf00a54e5b7fa548afb5f96feb5f5b44f60cd1707e8fa9567f7806e15f6a01aa02077733fe738b08f21efbcf98c19d5b970e6163e5fe8f4800ef9ed22a0f9b5126ff1eb1c7d65019c8b440391927029b813dab7c7e863d48229f8df85394345fcc88a300f60a8d516d877a5a3a7e3c49a9eb06cd9f2665ce2a89022962b1d49592b09c7543da835ce63bc9abb822145762b71cbe150292ce5c8704e5ad34fb4592f972044e43e69f0e1672d6c83cf25aac68efe3d27af2ad34274b9d2b77742d9c6dfbd57f92ff64d3e4c67c541d8502a7d031895af85319a4eae2d254335835eff11e7a3671a6a0d21b72ce1fc2acba1a920183834bc0a4b73f639ffcb0f6b81cd920f2e9420d612166d5682a06060ea0b6fa695fecc7704bbe4b052aa3ec8f720f7d4f32e8aff86b80b8c1cc12764a04874037c3103e9dfecb8f7abcb0e073b23e67ca0a9b1fc72993abf31dbc24a8fee095b3251c22626af5dd1b6d34be5ea06a02ae176c7b8cb9d063501be6f612082889fdbdcbfadc33a0d311b080b8d64e49f16b16dd8edd3b2ed1193a74e5be507609b042727ccf08afb05cc6c50524ef0e2664621dc8b05b15ffa81ab6f7e3c8a5bb3eab1f68e3656c119d969e4144cf3285af23c04dbecc038aefd9183c4e72447b2aaa8315f4696ce6d1ef429ba0e5c3d5ffa7f050be39c7f612f4e10f8ef070df72f8addbeaf3339c1ad8b5fc39a2ecf29a87f82e29a0117baac6625ad5c80cfe759fa1dbcfaa12b374477d80bfcf06796c30f2c39cf0303d00dc56a32d1d039592ddb06c22aa068841c0b46fd48df8fbb7492ccbc590c563c8fecce4263c8c7539218bb97b35711537e988195dbf5bcd5ccaf06faf508470977a5358e6f02608349fbb99a23fbe36b8c97155adc246ad7d93a8c203f75446c83c4342c35ba104ecc67e669db4a95466ee68f458a:fa0d12cd53236c41086bea8c0cc60b7764a3ed72bdeb9d1ae5eeacb48811fe529762a2c6f2bb06d9b318218d968f644435497a1bd0d0d8c1612ab8996d98d707e11256f82ad76f3f4a49d7bad3ced8718d36d2f2bb3d31bb61edd1ecbcee6621fd2eeed3e3deb597b149ff71b851f61c8c6819e131f9a2af7673c3f20702acfdc8b8f9064b415c9a3e35568e371d740a38127c1f27b391b45d07045aeaf00a54e5b7fa548afb5f96feb5f5b44f60cd1707e8fa9567f7806e15f6a01aa02077733fe738b08f21efbcf98c19d5b970e6163e5fe8f4800ef9ed22a0f9b5126ff1eb1c7d65019c8b440391927029b813dab7c7e863d48229f8df85394345fcc88a300f60a8d516d877a5a3a7e3c49a9eb06cd9f2665ce2a89022962b1d49592b09c7543da835ce63bc9abb822145762b71cbe150292ce5c8704e5ad34fb4592f972044e43e69f0e1672d6c83cf25aac68efe3d27af2ad34274b9d2b77742d9c6dfbd57f92ff64d3e4c67c541d8502a7d031895af85319a4eae2d254335835eff11e7a3671a6a0d21b72ce1fc2acba1a920183834bc0a4b73f639ffcb0f6b81cd920f2e9420d612166d5682a06060ea0b6fa695fecc7704bbe4b052aa3ec8f720f7d4f32e8aff86b80b8c1cc12764a04874037c3103e9dfecb8f7abcb0e073b23e67ca0a9b1fc72993abf31dbc24a8fee095b3251c22626af5dd1b6d34be5ea06a02ae176c7b8cb9d063501be6f612082889fdbdcbfadc33a0d311b080b8d64e49f16b16dd8edd3b2ed1193a74e5be507609b042727ccf08afb05cc6c50524ef0e2664621dc8b05b15ffa81ab6f7e3c8a5bb3eab1f68e3656c119d969e4144cf3285af23c04dbecc038aefd9183c4e72447b2aaa8315f4696ce6d1ef429ba0e5c3d5ffa7f050be39c7f612f4e10f8ef070df72f8addbeaf3339c1ad8b5fc39a2ecf29a87f82e29a0117baac6625ad5c80cfe759fa1dbcfaa12b374477d80bfcf06796c30f2c39cf0303d00dc56a32d1d039592ddb06c22aa068841c0b46fd48df8fbb7492ccbc590c563c8fecce4263c8c7539218bb97b35711537e988195dbf5bcd5ccaf06faf508470977a5358e6f02608349fbb99a23fbe36b8c97155adc246ad7d93a8c203f75446c83c4342c35ba104ecc67e669db4a95466ee68f458a: +7c27ae47072b0c9b9c2c351f1327899895efa536c9c067d0e0ce8e82e6292793f9febd121e17db7229b56709021849c35d69fa08b50620e667f842ec7ac782dc:f9febd121e17db7229b56709021849c35d69fa08b50620e667f842ec7ac782dc:1547876a988d1be714a42fb91cb03763f1913a892ecbd4de2ccf8344d20758b7b6d00259101fe97225b297f87bfe222004325db7f632ceaffbd134c96cbd57e985bec8434f81a4ee6af85c3fade50e4c4ef20cb0393545e4d4a86e1fa39aaf333fe4ded054bfc050a8983a03dd1ecf2b5e9517baf9e1152129a8a75935711edb20af5c8cf9c694a33cee451cd950b2fff08e3158c5cfb7b15cb3e90d46f494b6a108d8888d5ec29a33c066023b497709b2d9401feaf2e74ff26c16d36c39e6517ff954bd98bce7700671988f66e85107644ba2ea007a13018c1c144e3c5bb80db9511fcca4101bf49f8c80ff3ca7d298257cbfea629f83d5e06639d31f639db4b8726cbe224d758829bab10905171c9c0ec370d58031efe4cc5ae72a495acff6cb2ed9eec658ba117088dd3c6ed1df8f9cb10bd4fe0e5e8ad9f5034e34652d98668db15c8533393a6e9ec0870c35666ce54efe2bcb45c34a7230e6a700676349c7b3abf31de7b7b0521f89b30ac4034c2a4ba8218eefdf8d2a5c1f8ed9b701579e47af8a529a95a1ff64d8fdb885c36839b4c5f6d72a99257e8678dccf312754b9d4619beeceb825526de622bd9676fd5f357693abab078b9e03ae21e87ca161e778af77096eaac2d2d32bfec8ec94af7965f61d68ef66a4523c1cc70c9519b0750b3c9eed5aeba9f0a9b7ef52cd4a2de29b395b705fa53f028fa766159f20e75f4d384ec4fd66df06e744c99ac88cb849c285757cc557e2eedd86959da2c1b81f5b2715a6519848901ae4f89d0913c8de57c53dadf2e5e1aa2a9c5f464fc7610e8ef5f5cdd8203a67a93c33a06dab358dc5ae23edfee6334262f47b19b113d6cafedac1b43902539d74fba29aaa7bce68884b72616a0542c9fc69547cd19ae1df01723abdda65e9bfac5da0d04240c6a2175c0062e4e1ed8a5b397afcd4de38e86209272c7a424b5ae8d5a40b484ce1b4704af2831609ad0f36e90e07b2afed01dc05574ad3971723c5b5c1ddd4fc8bd263bcdf568af75e73d8abd1008c9ec712f80ffc65ac34e2a79304eade1d2a1dffec0e4c98c3582468f320bf8f66:327196ddd43bb602d04d1964ccc059ed627cef0a88d8ad91be4931f17c250d5529f552794a3e269d17a63bd32933eb5e519c1d506574770ae4a72964e06f7d001547876a988d1be714a42fb91cb03763f1913a892ecbd4de2ccf8344d20758b7b6d00259101fe97225b297f87bfe222004325db7f632ceaffbd134c96cbd57e985bec8434f81a4ee6af85c3fade50e4c4ef20cb0393545e4d4a86e1fa39aaf333fe4ded054bfc050a8983a03dd1ecf2b5e9517baf9e1152129a8a75935711edb20af5c8cf9c694a33cee451cd950b2fff08e3158c5cfb7b15cb3e90d46f494b6a108d8888d5ec29a33c066023b497709b2d9401feaf2e74ff26c16d36c39e6517ff954bd98bce7700671988f66e85107644ba2ea007a13018c1c144e3c5bb80db9511fcca4101bf49f8c80ff3ca7d298257cbfea629f83d5e06639d31f639db4b8726cbe224d758829bab10905171c9c0ec370d58031efe4cc5ae72a495acff6cb2ed9eec658ba117088dd3c6ed1df8f9cb10bd4fe0e5e8ad9f5034e34652d98668db15c8533393a6e9ec0870c35666ce54efe2bcb45c34a7230e6a700676349c7b3abf31de7b7b0521f89b30ac4034c2a4ba8218eefdf8d2a5c1f8ed9b701579e47af8a529a95a1ff64d8fdb885c36839b4c5f6d72a99257e8678dccf312754b9d4619beeceb825526de622bd9676fd5f357693abab078b9e03ae21e87ca161e778af77096eaac2d2d32bfec8ec94af7965f61d68ef66a4523c1cc70c9519b0750b3c9eed5aeba9f0a9b7ef52cd4a2de29b395b705fa53f028fa766159f20e75f4d384ec4fd66df06e744c99ac88cb849c285757cc557e2eedd86959da2c1b81f5b2715a6519848901ae4f89d0913c8de57c53dadf2e5e1aa2a9c5f464fc7610e8ef5f5cdd8203a67a93c33a06dab358dc5ae23edfee6334262f47b19b113d6cafedac1b43902539d74fba29aaa7bce68884b72616a0542c9fc69547cd19ae1df01723abdda65e9bfac5da0d04240c6a2175c0062e4e1ed8a5b397afcd4de38e86209272c7a424b5ae8d5a40b484ce1b4704af2831609ad0f36e90e07b2afed01dc05574ad3971723c5b5c1ddd4fc8bd263bcdf568af75e73d8abd1008c9ec712f80ffc65ac34e2a79304eade1d2a1dffec0e4c98c3582468f320bf8f66: +08eddcb5625ae19ffe7b49a7dc829c893c7538b0885e18f98db78c8beb569c2683478b1c58576a0d1834b28d46fb80516d6fb6f9f591694b44352eecd1e7e89a:83478b1c58576a0d1834b28d46fb80516d6fb6f9f591694b44352eecd1e7e89a:015b1d3eeb00929ea80bd8687d18286f0adfe645ccf25a22b5061921e2a030fc76d033fb53d0937c69b31c5be49913ca1f2c3dca121b2b87c59b3c84c7ae52af19c6b9fa1bd675fb6dd8b329d5668786dc7883e2d2e8586ff4128b90dee84be0ab54d6813f7a8c6134757173981775de84c4dd39e336f8a4ef8dcadec943e90d421b229c11785fcd3fe963037458e76c820b3bc2c9476001262b261d28b65b489d76b4be2365e4a80fa871b0a53b6a5fb243688235acc5f4774db15d47b42dd6c8d9e12dcb0b5d980dab0f3ad8a496f76e5006c2ca82675ff194caf8070d04bd384f97e583e73cbc4f7f257310a61b1c8062322dce8115f6dd93eee8a93ffa5cab6634116e1ab705fa86c4a8eaa556c6c89dbcad010436bffe451822491f1ea86c20207e4d12dfa362616c589f97107ea5d8bd8a7215c600ffc70b80e2abb15acbe4becca20d72155abc3dbe8e37cfd73f7420f21c9bcd0c3273513b5049670874d5519b3bc1db523c1d7e90c165967c4cb2845a2e8b47b5889254f58a9bbb826f94521cdbd0416f5f18ff78a3fd0d7ab897906264483cde642d8e703fd82e5ae70a9f978f64ee80520554850528581ca9a0b38c196fd166dae5879b3f72f59cde91cca2c8bfaa478b98d624cd34724402de578e5754825ce227d2871b45a5117149515bff81a923246f3b72d07bd458125c70a14d87c3fd13392a3bda6553016e8b2d07bde903cf687b445cfd6f761492eba46522ada84a9615d8da3498b258067269b788e559b659d4b48a87d880d6378be6a88746f35b322b047845aadc523beaff3070f721c3c071eaa319b7a47c1b20d300dc0321909b669e57d39a1ce2fdbeaafac21350ec2d6e6d5b880186c028a861474d5076a4adc5032fec9140787c36806ef79c72e3a19d8c8b70bdaf207295542d96825a5de7dfe108ef574599b8f184c63a5a131db19b3be53f699c10fc4ca7c63f3500211b356a0ac664ddfc1a9252590026395b479be9a5e4758423560b65bbce5bbade493b13d00cf8c1d3b7e9221367e8f0eadab6e6d1b5fffde7b2d741fc2c830224fff7ff14ae5c07:ece75322995154b292437e47d38a6a70af37e2020716fde46bfd393b3d369bddb53253b556621cfb34c8a90254e132fd28ecd098433413a21bd3a9798ca1f309015b1d3eeb00929ea80bd8687d18286f0adfe645ccf25a22b5061921e2a030fc76d033fb53d0937c69b31c5be49913ca1f2c3dca121b2b87c59b3c84c7ae52af19c6b9fa1bd675fb6dd8b329d5668786dc7883e2d2e8586ff4128b90dee84be0ab54d6813f7a8c6134757173981775de84c4dd39e336f8a4ef8dcadec943e90d421b229c11785fcd3fe963037458e76c820b3bc2c9476001262b261d28b65b489d76b4be2365e4a80fa871b0a53b6a5fb243688235acc5f4774db15d47b42dd6c8d9e12dcb0b5d980dab0f3ad8a496f76e5006c2ca82675ff194caf8070d04bd384f97e583e73cbc4f7f257310a61b1c8062322dce8115f6dd93eee8a93ffa5cab6634116e1ab705fa86c4a8eaa556c6c89dbcad010436bffe451822491f1ea86c20207e4d12dfa362616c589f97107ea5d8bd8a7215c600ffc70b80e2abb15acbe4becca20d72155abc3dbe8e37cfd73f7420f21c9bcd0c3273513b5049670874d5519b3bc1db523c1d7e90c165967c4cb2845a2e8b47b5889254f58a9bbb826f94521cdbd0416f5f18ff78a3fd0d7ab897906264483cde642d8e703fd82e5ae70a9f978f64ee80520554850528581ca9a0b38c196fd166dae5879b3f72f59cde91cca2c8bfaa478b98d624cd34724402de578e5754825ce227d2871b45a5117149515bff81a923246f3b72d07bd458125c70a14d87c3fd13392a3bda6553016e8b2d07bde903cf687b445cfd6f761492eba46522ada84a9615d8da3498b258067269b788e559b659d4b48a87d880d6378be6a88746f35b322b047845aadc523beaff3070f721c3c071eaa319b7a47c1b20d300dc0321909b669e57d39a1ce2fdbeaafac21350ec2d6e6d5b880186c028a861474d5076a4adc5032fec9140787c36806ef79c72e3a19d8c8b70bdaf207295542d96825a5de7dfe108ef574599b8f184c63a5a131db19b3be53f699c10fc4ca7c63f3500211b356a0ac664ddfc1a9252590026395b479be9a5e4758423560b65bbce5bbade493b13d00cf8c1d3b7e9221367e8f0eadab6e6d1b5fffde7b2d741fc2c830224fff7ff14ae5c07: +2273942db3e5d3221e80d994fd5e1163af55f5455a8e52be852dd3adf762b440bc58674e996b6f3e3220b3e94f0067bb0e9b0d97d9e1059cf13997a193ac032a:bc58674e996b6f3e3220b3e94f0067bb0e9b0d97d9e1059cf13997a193ac032a:8aa0509e4b914186ffff07aeb97a04b546272da2f9ea7bfa659a24cb50966c23eb6542e4f22debe33b65769245c4d1b5dcf3e699c70c5c2baad9734e9d1efe5448ab71c8946aecce5268d26f19cf605eb3bf38b0b3322694ac0dcb76b0f946842f6c5c68d763fce74701bd6b78e71c8c3142add4ed46e0969bb9555be03602d562e4c89f3a919940e883a96940542f2779fbf9ec0a285d9d8a72360146e3ffbdb78d210316038d95d6ab757165aa943c033eebb321c05a399569bcf66b4ddb0b2e0e33c4793d817ccff57f99b3189c60d5d7b9419d1ebc943a79d4d8c394566180594f559a80529cc1ba28877af8f5c0503e943cd3aad99811645272dafb49b9b3e6107eb5e5186e1608757126053debcec75dd9565ceea06a1391a8226d1f4593792240ccd97c67a6c2b1344c22c91f42033adef52861f32a4e0712a917879a0b0518b5424bcdc054b44e972ed24d01689f4f27f5f176f0a578ab2d3c0878272e8c08c21582118654124dca39585337c13c1865814caf0996cadfa65be580dee322ebccda704b2280582604067dc3c6b1f7d8a26978a65cffd1ed3196a2b065fb3caa79e6b5b66c13d7bd7d0ec14a3a4d58413f212f471ecaad3a84af35e598a89fb3447d3324f020fbf1b73e2a986e0da16c0183bf92a398c419a0f9f30537bea0df8df2dc53c154e8ea160689e7bb4d729dd8ab90031427aa3945863a85e89652b9353805166f7c0a18c939954b2787c37094f92512722e52b0c976b9e42af4039d2c0578ff14fae1d8c2d1396beb2d6aa6ebd55474a9349867a03f3a99d78780634ab4b35cfe1b87a9133252a698bc407d63842870e22ccf3933620ac0423c3d1f681dd73c01d06c3b941506c98eed9b7868e017b7f99716b0b77f11321e5ab23dbfcfca9350845ee180444c50ff0a9c965fcbf777708e4f34ccc637c6a08d854384f8d3e2516956c151d031bb1cbe712a5ef9ee16619228bd296f2afe582d9953d590d18bb205f70f844c16c0a2d8318037d43dd80f65c6a753f2a8e27c89c83e7ed70c52f7062dfbb1f544aa236b5c704e7b39ce0a55fd46528083ca61:874ddece08f30b30f0d4c8b3ed7c615149b8aa740daa347b55958f1e2119044f695a21069690506448d8e7352b9046511d7f39a5415bb9c57050fc17055c38088aa0509e4b914186ffff07aeb97a04b546272da2f9ea7bfa659a24cb50966c23eb6542e4f22debe33b65769245c4d1b5dcf3e699c70c5c2baad9734e9d1efe5448ab71c8946aecce5268d26f19cf605eb3bf38b0b3322694ac0dcb76b0f946842f6c5c68d763fce74701bd6b78e71c8c3142add4ed46e0969bb9555be03602d562e4c89f3a919940e883a96940542f2779fbf9ec0a285d9d8a72360146e3ffbdb78d210316038d95d6ab757165aa943c033eebb321c05a399569bcf66b4ddb0b2e0e33c4793d817ccff57f99b3189c60d5d7b9419d1ebc943a79d4d8c394566180594f559a80529cc1ba28877af8f5c0503e943cd3aad99811645272dafb49b9b3e6107eb5e5186e1608757126053debcec75dd9565ceea06a1391a8226d1f4593792240ccd97c67a6c2b1344c22c91f42033adef52861f32a4e0712a917879a0b0518b5424bcdc054b44e972ed24d01689f4f27f5f176f0a578ab2d3c0878272e8c08c21582118654124dca39585337c13c1865814caf0996cadfa65be580dee322ebccda704b2280582604067dc3c6b1f7d8a26978a65cffd1ed3196a2b065fb3caa79e6b5b66c13d7bd7d0ec14a3a4d58413f212f471ecaad3a84af35e598a89fb3447d3324f020fbf1b73e2a986e0da16c0183bf92a398c419a0f9f30537bea0df8df2dc53c154e8ea160689e7bb4d729dd8ab90031427aa3945863a85e89652b9353805166f7c0a18c939954b2787c37094f92512722e52b0c976b9e42af4039d2c0578ff14fae1d8c2d1396beb2d6aa6ebd55474a9349867a03f3a99d78780634ab4b35cfe1b87a9133252a698bc407d63842870e22ccf3933620ac0423c3d1f681dd73c01d06c3b941506c98eed9b7868e017b7f99716b0b77f11321e5ab23dbfcfca9350845ee180444c50ff0a9c965fcbf777708e4f34ccc637c6a08d854384f8d3e2516956c151d031bb1cbe712a5ef9ee16619228bd296f2afe582d9953d590d18bb205f70f844c16c0a2d8318037d43dd80f65c6a753f2a8e27c89c83e7ed70c52f7062dfbb1f544aa236b5c704e7b39ce0a55fd46528083ca61: +dbfa45abaa55415238b1287634d5eec402dadf622e270c04a8914ced270a72bec0fe323581ea296750797eb5508ca19a583b537fa7df4529f0804a33c1a4bef4:c0fe323581ea296750797eb5508ca19a583b537fa7df4529f0804a33c1a4bef4:e26e8dcb44e641fc20080e95474bd39d716c5afe5a1ffb056d1eaab0c49f8570717db6437a03228a9ad9f4bb0b343b95e16023c0807eb2a15106a6eb12dc76683e69dda3363148c5d7dd9713af6f87a09410ea8f76b6b78a114429bc85f784812fca31acb0309552cc188c6e9697093cf404c6f0f4abe8a1608673fdfa5eb78f65fc1d49cdec4094b1bd234a46e0ec62a4b6d31b829611540127876bff4c173de058cf61004b014a7bdf793dfd6b63c507d2b23e0f56bc2fe6baf637cee40d18992295d848ef498f8a161bd87e60c91f97a91e9ef3f6d97f2b2d2104ba6fddd6c680706273dae87e6eec1af2a45984985069e809e8de32c12889299a32d40f38774599ac3324b7cb0a4ea632c5f910ad87f5adbfa5c3bb20498279fd53c1c267fe0a84773085da266b253cd853df7e963558cb06880780973423c564cd0bcd6b93334c195953d7cd899f8a547d1a1a0a8deff1381b4321574728cf71b96ff209e899daa8f13f41b230e17bffdfdd2a8943aa5d21e5f36e1da07edd6cee92dc48b5b2a7580146a9baf713950ce676255a89e34f8787547d62868db14ba46594da310d7e2d9e7c7dbe17dbd71eb47c56c5721dc96d696470573794809411cdfa276b059d0007c25d74b2a67d38246de11ef46dfe2670926fe4b63656231bc7268bba23f378e84a428c3cbf45cc539678fd467cd33dd0757cfa024e54da1ff54ce820229b778b184be1fa2e8468cc19955940735eaaa884022f6418b0b1f26bccf169f1bcac7d82a35ab6ef847e1dba537dcaff57250a8d1c71facb134cd06b01c45319132745dc488888a1d7761b8486a37e6988a1120bcc1682dbfc89143fc35b46935d8acf6ef3c42f0f4bf679dfd6ff44b6ada26b01a9f89f374c7d2ee48dfe1a410e897cdfd97f626d2668502814400793b3b07c8720bbddc59cb0f9de964ae075b4af3dd4baf6d0e4f94f294e8109d6577c4f8a9c7a5f7d694bf88f1a5ea7eba0a66da6c770c08b3abffc534df219dc3e3323b022e96cc86002b189181a1d2b527d27950b7f425a47da4013778bd00b71105922204921e9dc692c233f7baa04:a462a9baa56dc0f7a71bf87b95f48d642022d9d1733ee3683777a3782228ac85fcd83026be4ca97a345b084f50874e9124e16ba17dead4ad85c0e56f16ef1804e26e8dcb44e641fc20080e95474bd39d716c5afe5a1ffb056d1eaab0c49f8570717db6437a03228a9ad9f4bb0b343b95e16023c0807eb2a15106a6eb12dc76683e69dda3363148c5d7dd9713af6f87a09410ea8f76b6b78a114429bc85f784812fca31acb0309552cc188c6e9697093cf404c6f0f4abe8a1608673fdfa5eb78f65fc1d49cdec4094b1bd234a46e0ec62a4b6d31b829611540127876bff4c173de058cf61004b014a7bdf793dfd6b63c507d2b23e0f56bc2fe6baf637cee40d18992295d848ef498f8a161bd87e60c91f97a91e9ef3f6d97f2b2d2104ba6fddd6c680706273dae87e6eec1af2a45984985069e809e8de32c12889299a32d40f38774599ac3324b7cb0a4ea632c5f910ad87f5adbfa5c3bb20498279fd53c1c267fe0a84773085da266b253cd853df7e963558cb06880780973423c564cd0bcd6b93334c195953d7cd899f8a547d1a1a0a8deff1381b4321574728cf71b96ff209e899daa8f13f41b230e17bffdfdd2a8943aa5d21e5f36e1da07edd6cee92dc48b5b2a7580146a9baf713950ce676255a89e34f8787547d62868db14ba46594da310d7e2d9e7c7dbe17dbd71eb47c56c5721dc96d696470573794809411cdfa276b059d0007c25d74b2a67d38246de11ef46dfe2670926fe4b63656231bc7268bba23f378e84a428c3cbf45cc539678fd467cd33dd0757cfa024e54da1ff54ce820229b778b184be1fa2e8468cc19955940735eaaa884022f6418b0b1f26bccf169f1bcac7d82a35ab6ef847e1dba537dcaff57250a8d1c71facb134cd06b01c45319132745dc488888a1d7761b8486a37e6988a1120bcc1682dbfc89143fc35b46935d8acf6ef3c42f0f4bf679dfd6ff44b6ada26b01a9f89f374c7d2ee48dfe1a410e897cdfd97f626d2668502814400793b3b07c8720bbddc59cb0f9de964ae075b4af3dd4baf6d0e4f94f294e8109d6577c4f8a9c7a5f7d694bf88f1a5ea7eba0a66da6c770c08b3abffc534df219dc3e3323b022e96cc86002b189181a1d2b527d27950b7f425a47da4013778bd00b71105922204921e9dc692c233f7baa04: +ef64e17a53f7fbcafe3ea4687684a0dadb18d03735a40a53b3edb04907ee61629186e6bc142961c4d3eb369e9e11578292de5b6af534d423ff240fa26e21a781:9186e6bc142961c4d3eb369e9e11578292de5b6af534d423ff240fa26e21a781:6882456cc3d1ad0daa9b88eff0969f15e97b48d051967e1390847225f26ac25559f0246bf7d683fa28ecedad21491d77bd2696fa835d0fd119884fece9d803691b2fd3de17ee087c74007a7de9bc6534bbfe95fd32e97c375f4cb65731aa1e8346bea21be9f2c3dc874af0431906ccbc2c600127f4d3b069eb091d165ec453e672e93cae8b72f03371d8b8a8244ec4ec2e09f31df40206a2b1c84caa1b993cc675fde1c79bd4a7d15974fa29ce2e892c2899cf482c3d9663f6d2a79784f41c1f5866d37c8546f357d564d3c4218dfa6d20b6c282b400fedde52439d472212c5767a35da5201032da8730968b0720e8a604de6c1baa3f4e896ac2614fb1ab6e3f6cf387a8eb2ff8a92147ab349238432e509d829cb75b2c1765c51221848e25afff5f16e4dd0cd5c9f713c4aaab2ce836f8494506b5309dc2b0ae745bb9c4798098fb8641d520a08b02f75ad80dbc2ce29e890b4d72a3ffb2a1cbd538e1229f579c29ae66bca85e0fa08c8647a1abcfe8a49f5e508d4d2495556623d926ce49efa4350aaaab5cec2cd885be1d63475e3bab7c7cdc8d656173b8d45602f4b3d281241d17190327b24c3836b19311a193af86a6768f04852ab06e67c8ead591cdcbf3789c613209cfe03f58c0305f63203b487f7c5fc098877ec98a689c9d35af81e84078d66fe9e4eccbb1cc6c71991c03017bb811f41f07de68fad194146061324f3d0ef217a54cf38f7a625a38869f67d0b7431df937cde349c175ce8b26ac88d39a43e279b018764efa4dd627cbf591f6209c4a5bb19ebfa7c7135592d02e501cae5e6b31c90e72faab47f7dced2c48adf88443b3ede60cefb0d6379d6922ec437f086bad6217d4d4ffef18e22523664bf4e9ca1e65a28c2a7a60c5f6bc906b737c29935f9097463048575befd1a2549dc474b13e68aeecf166043e075aac515540f831b43066cef932e63dcd5b37b61578c35b09e45cc2a8def57103edfc5f649831a8961fe4a4b3721f1d6df4ea9f033881b474300e0f12cb9cd3babdcffbb918dd9bb0e2f5b21033e43023a0d2e66da3ab0f07ee988b16889ca5d51abdc05fde:f58f396ba27e067a5fe003e385582ae3490e05957715d704da0da63a6419d2e4f6dc66b7e88e428a6f21b9ea202299a3c36b242b0ea06476ff12d0b6580c04036882456cc3d1ad0daa9b88eff0969f15e97b48d051967e1390847225f26ac25559f0246bf7d683fa28ecedad21491d77bd2696fa835d0fd119884fece9d803691b2fd3de17ee087c74007a7de9bc6534bbfe95fd32e97c375f4cb65731aa1e8346bea21be9f2c3dc874af0431906ccbc2c600127f4d3b069eb091d165ec453e672e93cae8b72f03371d8b8a8244ec4ec2e09f31df40206a2b1c84caa1b993cc675fde1c79bd4a7d15974fa29ce2e892c2899cf482c3d9663f6d2a79784f41c1f5866d37c8546f357d564d3c4218dfa6d20b6c282b400fedde52439d472212c5767a35da5201032da8730968b0720e8a604de6c1baa3f4e896ac2614fb1ab6e3f6cf387a8eb2ff8a92147ab349238432e509d829cb75b2c1765c51221848e25afff5f16e4dd0cd5c9f713c4aaab2ce836f8494506b5309dc2b0ae745bb9c4798098fb8641d520a08b02f75ad80dbc2ce29e890b4d72a3ffb2a1cbd538e1229f579c29ae66bca85e0fa08c8647a1abcfe8a49f5e508d4d2495556623d926ce49efa4350aaaab5cec2cd885be1d63475e3bab7c7cdc8d656173b8d45602f4b3d281241d17190327b24c3836b19311a193af86a6768f04852ab06e67c8ead591cdcbf3789c613209cfe03f58c0305f63203b487f7c5fc098877ec98a689c9d35af81e84078d66fe9e4eccbb1cc6c71991c03017bb811f41f07de68fad194146061324f3d0ef217a54cf38f7a625a38869f67d0b7431df937cde349c175ce8b26ac88d39a43e279b018764efa4dd627cbf591f6209c4a5bb19ebfa7c7135592d02e501cae5e6b31c90e72faab47f7dced2c48adf88443b3ede60cefb0d6379d6922ec437f086bad6217d4d4ffef18e22523664bf4e9ca1e65a28c2a7a60c5f6bc906b737c29935f9097463048575befd1a2549dc474b13e68aeecf166043e075aac515540f831b43066cef932e63dcd5b37b61578c35b09e45cc2a8def57103edfc5f649831a8961fe4a4b3721f1d6df4ea9f033881b474300e0f12cb9cd3babdcffbb918dd9bb0e2f5b21033e43023a0d2e66da3ab0f07ee988b16889ca5d51abdc05fde: +3347dc47bb3d2e5d0286ac06a54fd921c9e96b6899862a54e5cc8115d3d0ba99d00b645d86dbb7e524757ec778c62b7e60d0b6576883338c9b67c2c7e4509268:d00b645d86dbb7e524757ec778c62b7e60d0b6576883338c9b67c2c7e4509268:e2f48edf9d643320ab991c8ff9f6aa75fe066e7d88ff1e472a5ac9c518de1fb62983b1007f6422809117bdbe8a0e5787f66bb057d27f129a200b40576e1719cf9e98fcb72af94bb82ee70f3719a2e2cd9b64777cea5e446459874b74bfbf56b2d2526400592a9b45a5cb798092b60a81b71d82f0685fae7f810b52d226adac7ad8a9183f09febee9d25046c0fe306681ace2bff91b3482b0bc30b2021c4341645d675134fe3081c51e5c59e40b375a1434f63b426e30530da9353bb2a9423220434ae59d7b6fdc143f4982eb8cfa7751b75bf3e9c913c73b760b07d395310c59f3b77ebf12ed2d7b03590d3317af17df421e78b0849fd56d945c5696a040fcaa78a93ecc16d5ac3445063611f3013e9a3ae2e1c270dd01a8ffe3e6126bc1e4c95f6547a8651f26b6404e39ee4ce7618918f3f937a52573ec277b771e91ad096fa15c7a340a809b470318a4636423eb4888a12160c4663fce2996d638896c839b2c7ad4b3a9b2e6cb71e912fe39b843c6e0832eca22de938b50ae863e48582c10851232f75e5225b8896b5a470f818b6fa39eb7bb590357678612d25fe1a40ea1b9d71d880909c1bd4ad176cc0ceffdcee7099e7882a7c907e4bec79830c6771acb89944bd54a5165b31870916921b198acd4432e7eed8ce1deb345b107eda760266fcbda3ba5229400a30360a4645ca8db38c3d5f4a8def157bbdbbf2c1fa1dc6b0514a4f5a0364f928381b40f95579a26467f2282a8a255758402ac9ca80e89b9cc6860a34bb3f90c3237657c2129ea48c852b92569e81106bce461e2024454821a917592d1991b5b69f27bbe019977528a2fc01192c56b4aea873cf8c58dfd7cb4b0e917e87a8704c992820f98d77404d3f1d2050c6743f6e93cdb51a61aa6f45b351b26461d1329f3151272ac396234d0d67c178acf91fc510d86429c69a87fdf101155da8d94de6722238a6fb17016862b11d502c667ee9ca0aabe1c20b97789f1867add78b8b87e9ab51934c0b4a16c2cbc4d2efedb79c05b23e0cf789201ac75fe076d315fcbac20ba0d31e4dc616927d6eab1b1c87a1c9c778e4bd285295874:9ab4299b17729344750b69dc6037368c98f47be627fbd9adfd8db39f9964ddb7bc92d674c7be740756396baaeeacbf74947b6191c6ed1f5d32a63df36d542601e2f48edf9d643320ab991c8ff9f6aa75fe066e7d88ff1e472a5ac9c518de1fb62983b1007f6422809117bdbe8a0e5787f66bb057d27f129a200b40576e1719cf9e98fcb72af94bb82ee70f3719a2e2cd9b64777cea5e446459874b74bfbf56b2d2526400592a9b45a5cb798092b60a81b71d82f0685fae7f810b52d226adac7ad8a9183f09febee9d25046c0fe306681ace2bff91b3482b0bc30b2021c4341645d675134fe3081c51e5c59e40b375a1434f63b426e30530da9353bb2a9423220434ae59d7b6fdc143f4982eb8cfa7751b75bf3e9c913c73b760b07d395310c59f3b77ebf12ed2d7b03590d3317af17df421e78b0849fd56d945c5696a040fcaa78a93ecc16d5ac3445063611f3013e9a3ae2e1c270dd01a8ffe3e6126bc1e4c95f6547a8651f26b6404e39ee4ce7618918f3f937a52573ec277b771e91ad096fa15c7a340a809b470318a4636423eb4888a12160c4663fce2996d638896c839b2c7ad4b3a9b2e6cb71e912fe39b843c6e0832eca22de938b50ae863e48582c10851232f75e5225b8896b5a470f818b6fa39eb7bb590357678612d25fe1a40ea1b9d71d880909c1bd4ad176cc0ceffdcee7099e7882a7c907e4bec79830c6771acb89944bd54a5165b31870916921b198acd4432e7eed8ce1deb345b107eda760266fcbda3ba5229400a30360a4645ca8db38c3d5f4a8def157bbdbbf2c1fa1dc6b0514a4f5a0364f928381b40f95579a26467f2282a8a255758402ac9ca80e89b9cc6860a34bb3f90c3237657c2129ea48c852b92569e81106bce461e2024454821a917592d1991b5b69f27bbe019977528a2fc01192c56b4aea873cf8c58dfd7cb4b0e917e87a8704c992820f98d77404d3f1d2050c6743f6e93cdb51a61aa6f45b351b26461d1329f3151272ac396234d0d67c178acf91fc510d86429c69a87fdf101155da8d94de6722238a6fb17016862b11d502c667ee9ca0aabe1c20b97789f1867add78b8b87e9ab51934c0b4a16c2cbc4d2efedb79c05b23e0cf789201ac75fe076d315fcbac20ba0d31e4dc616927d6eab1b1c87a1c9c778e4bd285295874: +ff15d6e74e28e41d05a8663a702f038d5b8578c4275e772b73ba440bc5f55a064747e2e9b82637b3844b85f75b59f7136b7fdb1a62e7b70d6aac17b3c5752f2f:4747e2e9b82637b3844b85f75b59f7136b7fdb1a62e7b70d6aac17b3c5752f2f:ce7bf972844f5184ae8eac87b12be9202c7239961dc23cd41ff55b9bfaac0cc06f3f1decfa9571095c8e82b4eb6f8a1c52c8d3deaa61a9aa94e2ecd9ab5b8063f2da6d8015df0a5144fa3a48e305ad9f41eaa11c4d74854374ecbf382e3002579a9a249efa1e1ca04d338447d7f2206703e6cabf5bbd332b42573bcbd3b6f71b7c3bf73d4c774aa01e866841432829d07f96e1f61a20216d968c90e3ed11f663f7d6271622fefcf3ab68f344328515d5cce2ce85e8bf3d1d09043692e1fb8bbddc07a4ab0a3eef8ca6a420e74bff8d3d715596aa821682954fe89629ae27c1bb03b6aa09f36a39a3e37ba98132f4e23888f9f335e7beaa2cb2727acc3d2777309b85295232e54da88ebb6f1053d6de79ac6609852eb93a0a35bc1a7bdc22d628bc86124d696c3f9828b6f8b9aade1a65216177486c252a4b42d90a4e0fea2093489e244d808ef7021a97d5608c0ae1d663c775e8bb9e9a7315f1feb6d129b5a541ea5929a2c633b6d8c3c45441717946cf873e9b4c512180135d54f053abe44c6df39b7b062ef7240162cbd0b851afe5f91536a9499418e8bff4996473d805ebc1ae48da2d0b129e8e8252f1d53c328f32db252de3befbe5f31280121143a8004a4cae631c827409e520e394cd0f8950cd4c3cf3f3dbd4952a4dfe69875f565389061ad0a0cee6b6aff09ceca26d990e896a2aba9f3b26015b63423768684c03ed0de6cee7ac5bbdf9f485c2275cd12aefa8f907b851a02d51c34f121b77f3a56a9ebd1d65ffe89bee381ff2a7480e8968cff25ac8d04e149a9d5027d14b88f8ae2604d2ac22ac67d13e90ada620c2046d28299384d0959fb76e22588796ce427aaeaf4e2a8aaec3e87f84ccd082524c96d766eec66f0bec3e799558145f09d330134f1c63f37053cd4bdc1c37fde97291857551f50ac8e15f06ac1c73daa1e8c5bc9277e3d69cb44a3237ec57dbbccfdf6685ada20b74a1bc6b74ab05690eaf9bd0c4be17042f5cd320cdd613dc08d29af346aa4191ce0b4f85bb2ad7f3bac738a9377ec6b84062cc70fca9ecfbe1f57fe5b2ce7a4f739c81cabcde046451dd61ce1dbc:42c1295fafe26de3ea34926bf1ef80bcafe47b21b90eaed19635ed7538d767cbf3a1e5dedaab82adf75120373e923202f7fda0826784292eba8b238b6cb88304ce7bf972844f5184ae8eac87b12be9202c7239961dc23cd41ff55b9bfaac0cc06f3f1decfa9571095c8e82b4eb6f8a1c52c8d3deaa61a9aa94e2ecd9ab5b8063f2da6d8015df0a5144fa3a48e305ad9f41eaa11c4d74854374ecbf382e3002579a9a249efa1e1ca04d338447d7f2206703e6cabf5bbd332b42573bcbd3b6f71b7c3bf73d4c774aa01e866841432829d07f96e1f61a20216d968c90e3ed11f663f7d6271622fefcf3ab68f344328515d5cce2ce85e8bf3d1d09043692e1fb8bbddc07a4ab0a3eef8ca6a420e74bff8d3d715596aa821682954fe89629ae27c1bb03b6aa09f36a39a3e37ba98132f4e23888f9f335e7beaa2cb2727acc3d2777309b85295232e54da88ebb6f1053d6de79ac6609852eb93a0a35bc1a7bdc22d628bc86124d696c3f9828b6f8b9aade1a65216177486c252a4b42d90a4e0fea2093489e244d808ef7021a97d5608c0ae1d663c775e8bb9e9a7315f1feb6d129b5a541ea5929a2c633b6d8c3c45441717946cf873e9b4c512180135d54f053abe44c6df39b7b062ef7240162cbd0b851afe5f91536a9499418e8bff4996473d805ebc1ae48da2d0b129e8e8252f1d53c328f32db252de3befbe5f31280121143a8004a4cae631c827409e520e394cd0f8950cd4c3cf3f3dbd4952a4dfe69875f565389061ad0a0cee6b6aff09ceca26d990e896a2aba9f3b26015b63423768684c03ed0de6cee7ac5bbdf9f485c2275cd12aefa8f907b851a02d51c34f121b77f3a56a9ebd1d65ffe89bee381ff2a7480e8968cff25ac8d04e149a9d5027d14b88f8ae2604d2ac22ac67d13e90ada620c2046d28299384d0959fb76e22588796ce427aaeaf4e2a8aaec3e87f84ccd082524c96d766eec66f0bec3e799558145f09d330134f1c63f37053cd4bdc1c37fde97291857551f50ac8e15f06ac1c73daa1e8c5bc9277e3d69cb44a3237ec57dbbccfdf6685ada20b74a1bc6b74ab05690eaf9bd0c4be17042f5cd320cdd613dc08d29af346aa4191ce0b4f85bb2ad7f3bac738a9377ec6b84062cc70fca9ecfbe1f57fe5b2ce7a4f739c81cabcde046451dd61ce1dbc: +1ed37b610b8b35417d04e59aaadac688ff81f1e507c89b4f400160941908cb8c48e8cbeb1240bdebf0a2d92953aa89b282c49aab2c38ae69044c51515c3300d5:48e8cbeb1240bdebf0a2d92953aa89b282c49aab2c38ae69044c51515c3300d5:1e6767df97db1cfb4088da7b200d9f59ec8dd4533b83be309f37650031065727cd5202cef48426a5f3a11d50b381f8bc22ff101827359f2d0a610a4f755464a0c891cbd98d2dcb41d9779d288fcf1fea62e52163ae67e90428b86398efa218f1b982081fc513305fd3e8ece7f9acb0e10e001d2ed299a48a80870b3d5d8ab9006309b31591caf0583380073a2db61f45254ab965b5e4672c4bfaa86e336c49278552729fb2da76ffe502ec61e1696c7fc9ef19f7cc2a2775b29700cb384294063a17fed4fc635bc13282a90dad0c00aadbcd569f156a854f8ba9e7d607d20f2e9e5337981161d804644668d064fa63dceb9f5801353d0ab9f41d1d8bdc76c13ab2f023ea01adbc4c8168d939e98f64fd8919384abe76709263c0cd7c3efadc2801cc4abd80a09bb3ed6bb78cd620969cd35c6a3a5d01485ead4c45ebb6ac6a83212a7c76675427b21da8a7a5047b30a6100cda02476c186e6ce40d2768a942c9f87305e9d363b524c0094a9e2e29f585894c0adbfcd60690fc7fb0a9c717cf43b484fd45151b1304169c26921db2276ec05ad22ad166854fd2f94085778c470dc452e5cfa4aee04facb770526e1f248d3d15c27280fdfa1fd2c1044bcbc881c3d99815c97fbea46110be02dab774f3a610e5802abf36a49875c682638e0ae4cc8277c5e9aa7307445e6bbcbe549eec2a45b1597f7447107b62e2cee0a5fc51beae3e1fe9befb1885d9b30f9b4f1f56206dee0d67779c57f484c8c3c899a515a9d1c10f6059840c1c73d3f05bcb88590c52f7da391838dc2e73228f0981c289a4c27f0c757faf7b3b89146e33dafa490d9e0f9275b0cfa6a7710a73831459595bf732112b62fc864ca4c829784a3f16eec4e18f936918a7b9891669e933223f745fda562bc0a4e61e3d14ea45dfc327e2fc0cdfe6f2f97546c90fce82f522291480111a1e6b9388272c0be28d20ed84bb84d49bc199cd599948b8f2039d07827a3f4075d3a67ee572a01379a36213fe116e768b4114e8a4b3134c3818960772d727b0ca6f7c997ca99843b7eb02ffc013971cbe0e6e60d49773f1e8c0b30606131cb10c3e04:8608815e10590d5504874d8999fd6f09626f950be20c912c27c9de6e79b0faf777a533bd5bb667ab513a49458ecd6787a09ec0df6c9c9d6333c5e3ae61ea370a1e6767df97db1cfb4088da7b200d9f59ec8dd4533b83be309f37650031065727cd5202cef48426a5f3a11d50b381f8bc22ff101827359f2d0a610a4f755464a0c891cbd98d2dcb41d9779d288fcf1fea62e52163ae67e90428b86398efa218f1b982081fc513305fd3e8ece7f9acb0e10e001d2ed299a48a80870b3d5d8ab9006309b31591caf0583380073a2db61f45254ab965b5e4672c4bfaa86e336c49278552729fb2da76ffe502ec61e1696c7fc9ef19f7cc2a2775b29700cb384294063a17fed4fc635bc13282a90dad0c00aadbcd569f156a854f8ba9e7d607d20f2e9e5337981161d804644668d064fa63dceb9f5801353d0ab9f41d1d8bdc76c13ab2f023ea01adbc4c8168d939e98f64fd8919384abe76709263c0cd7c3efadc2801cc4abd80a09bb3ed6bb78cd620969cd35c6a3a5d01485ead4c45ebb6ac6a83212a7c76675427b21da8a7a5047b30a6100cda02476c186e6ce40d2768a942c9f87305e9d363b524c0094a9e2e29f585894c0adbfcd60690fc7fb0a9c717cf43b484fd45151b1304169c26921db2276ec05ad22ad166854fd2f94085778c470dc452e5cfa4aee04facb770526e1f248d3d15c27280fdfa1fd2c1044bcbc881c3d99815c97fbea46110be02dab774f3a610e5802abf36a49875c682638e0ae4cc8277c5e9aa7307445e6bbcbe549eec2a45b1597f7447107b62e2cee0a5fc51beae3e1fe9befb1885d9b30f9b4f1f56206dee0d67779c57f484c8c3c899a515a9d1c10f6059840c1c73d3f05bcb88590c52f7da391838dc2e73228f0981c289a4c27f0c757faf7b3b89146e33dafa490d9e0f9275b0cfa6a7710a73831459595bf732112b62fc864ca4c829784a3f16eec4e18f936918a7b9891669e933223f745fda562bc0a4e61e3d14ea45dfc327e2fc0cdfe6f2f97546c90fce82f522291480111a1e6b9388272c0be28d20ed84bb84d49bc199cd599948b8f2039d07827a3f4075d3a67ee572a01379a36213fe116e768b4114e8a4b3134c3818960772d727b0ca6f7c997ca99843b7eb02ffc013971cbe0e6e60d49773f1e8c0b30606131cb10c3e04: +84364478ec94bd25c4bdb82d296229e6dace2b1359d6d21be2b3afcd7bda19c7a1814f8ce0fc3b236093a50f468c1316211fe6c52e2345d9f0766b3688a03cad:a1814f8ce0fc3b236093a50f468c1316211fe6c52e2345d9f0766b3688a03cad:7bb7293de55f058fb2ec22b687260543dcaa90f140b9f45eddd4bc22e40977e00ed33cd1ef1bba13c1d0990859005569a80767e4864a2cd288c81393e04ad971782e2bc493108cbe80dacf0b7b9cd534988407a4f9327ec8e9c4043284ef6ee5a26a5b417765d3eabb48a007e7c7f32987d70a139ac41678cdf7a55cb80cf9db5eaa45f3de0fbfbadffc40996370e48b1ff5edd97940e750792164836a4a5ac2e3ff53e48a1e556db9ad0c5c0b944f4aee519a2b0a88bb1c1fc7454524cd57aa5350986243d34fc58e24e819ec0b8545d8dfcf6b20311441d3a35d3e71b3e3ecd7884dda8433a405e3d9969000c820a89b95d197841d98ae734a2e81daf6a7dcf56cb2fc26f2165a5f42b86c7e9e5b11161700a1ab9831f3fae58e14208be1bf33b58ecce81b0c6b7e02f88adf9ab030263e2cc9b6e33ebca3f495492e32bfe372537de6c6b87644828f74942a02b007f14c3fc5dbde76333d36d07631b7a9924f717550040697923fa7b9546bfb0217024ea3f252b515b5d64a62c48e027cef6750beda49a02447039b250a0bda07dc062491a662e26874c8d00f80e6cfc8b30f2c3bf7720b57f2615fc478fefaa6d31705b43c5a54f758666b302a8d34953131941b7957730476794d0bd9d2dfa72fd203f22df5ec6bbaace8b9394bebdaeaa561461011b4fca6185c9a38283f5403fdac326d1f734c6a5ded6724d9f384aebd6cabfcbec12abab9820d080732515e0500cf5d3e2f9ef80a4d7646a7da9eff410f507c69873b32d540ec32b283ef3179a4c632b366576dff058faf8c8c70bc69be808982ec1497ae8911b00165a66695f4d3b987e7390b5cf878e35e676541285e4e13dfaeb2f368cb511b778b106a428778a1b8f2a7d2e093519bc9b5188e38c6793e96bd0d30e2a3db9ee1468c3dc87cc365c810f9dbdf01a4b51421f6fc8dfda3a16e2da7ca7159b686a5e167338937882ff715d3e750d958fc9e4b1f0553129299aa8430183e506cd7f2b279076e0e1cca9749cf123ce507fe07ddbbc4dcca6cdb9ef1b833f61d4bff00bec012158f432ceb75b4f2edb1bb84e5ebb9259e09f9625ce3:b4c2321ade3c19ed4ed4c639d5a4d6f2be8e2fb13bb7bd625ad6dc87e2c20f93ad6be7b7e42711a878db9d76054bfd7bc25e3774a93da1543c9b4f6633b0be097bb7293de55f058fb2ec22b687260543dcaa90f140b9f45eddd4bc22e40977e00ed33cd1ef1bba13c1d0990859005569a80767e4864a2cd288c81393e04ad971782e2bc493108cbe80dacf0b7b9cd534988407a4f9327ec8e9c4043284ef6ee5a26a5b417765d3eabb48a007e7c7f32987d70a139ac41678cdf7a55cb80cf9db5eaa45f3de0fbfbadffc40996370e48b1ff5edd97940e750792164836a4a5ac2e3ff53e48a1e556db9ad0c5c0b944f4aee519a2b0a88bb1c1fc7454524cd57aa5350986243d34fc58e24e819ec0b8545d8dfcf6b20311441d3a35d3e71b3e3ecd7884dda8433a405e3d9969000c820a89b95d197841d98ae734a2e81daf6a7dcf56cb2fc26f2165a5f42b86c7e9e5b11161700a1ab9831f3fae58e14208be1bf33b58ecce81b0c6b7e02f88adf9ab030263e2cc9b6e33ebca3f495492e32bfe372537de6c6b87644828f74942a02b007f14c3fc5dbde76333d36d07631b7a9924f717550040697923fa7b9546bfb0217024ea3f252b515b5d64a62c48e027cef6750beda49a02447039b250a0bda07dc062491a662e26874c8d00f80e6cfc8b30f2c3bf7720b57f2615fc478fefaa6d31705b43c5a54f758666b302a8d34953131941b7957730476794d0bd9d2dfa72fd203f22df5ec6bbaace8b9394bebdaeaa561461011b4fca6185c9a38283f5403fdac326d1f734c6a5ded6724d9f384aebd6cabfcbec12abab9820d080732515e0500cf5d3e2f9ef80a4d7646a7da9eff410f507c69873b32d540ec32b283ef3179a4c632b366576dff058faf8c8c70bc69be808982ec1497ae8911b00165a66695f4d3b987e7390b5cf878e35e676541285e4e13dfaeb2f368cb511b778b106a428778a1b8f2a7d2e093519bc9b5188e38c6793e96bd0d30e2a3db9ee1468c3dc87cc365c810f9dbdf01a4b51421f6fc8dfda3a16e2da7ca7159b686a5e167338937882ff715d3e750d958fc9e4b1f0553129299aa8430183e506cd7f2b279076e0e1cca9749cf123ce507fe07ddbbc4dcca6cdb9ef1b833f61d4bff00bec012158f432ceb75b4f2edb1bb84e5ebb9259e09f9625ce3: +00db37ad2a195f08a08440d059259e539feb40b474928255e7c94ebc3b05038c04f88bf639e0f71a57d0d0afff5fe97dde3809ff28ec68eb6fc423f4faff4390:04f88bf639e0f71a57d0d0afff5fe97dde3809ff28ec68eb6fc423f4faff4390:5a94f729d30dd8aae2a5c8c28547bf4506295dc61bfead9727746082d43b0f8114c8c18c5edaf2fec7cae819356338f0bf115a17b038acfd7c96ba6262cabd5710fc0efb43d13df4065becbf1b9e279c03ec9bbfed54d9a13fe06a55a3bd05c807858b41e18dbde13b0907d4034132262d9c2f4d2d376e1609ad280de20ba709844dbd12950257f1b07ef8cc3337c01a702693fb4d92d047e698c3a6dd46c4a92a10d4c780e52e5025e09d56535d7eeb9fe7f033e6e9260a68f9d54b6f37cc069656e3bcee06922b349681a8e7751cdecbe1ecb663fbc6f7c861f853dc310f33defa98ee343a68632ec22cafecb7f3212f81e70b71843b9fe8c86a68b5c86f0322d348a76da7f1ba0ca3cd7b6fd15ff89292b3f636cd08cf625c74d5102cabb571a3dba86a1c92f41c7203b44942f5a24625ac37d77e49a57f118238699d807c250d5bf46f7a3cec5779a6e5ae1a6ca160cff37fb3b78388fe9c030c40e7154601081a517fc0aa1802cd3b845b946efe94aa8b9e03f68a80ded0dfbfad4daee40fa838c133841ae8a3ce0d79fa8a2b9434bac5e1da6e0c7193e8dea435a03a85f76184f7ebe2aa749be9413104a178689ba6d27e94fccf61eb3aba0e6a5a63af0ca8f05a35cb63705194e44d9293de3929b0d92be6f8e627c350a83fc9000aa95b93820be9795c80b5662cd7b34822328061356dc580578d1a35b10140dcd248e4853104d2c5b2c13ff683dd5c30794be4a76858af1c0d9af347ce1dcd972ee49aac12bbcd899c9329871d3e7a0683d175779afe35f26a2d248fd780ea851dc4ba6d21f8a171aa6cb8697d9d112161540307cd54f931775d70b33d3b6de1091fc1750531c08fa70f7be38aa110d6746bb565db7b470f900850fbbf1c662fd613e4f3a5689549e3107e9b0f17def7a5bd7fd7596c4d04c7f48c779fc35e09335e1df784084e55d8551d1ff49de5b311cd350f347a0bd2863a2a30e6ea183ad2e3eedebc18dd28c6a596e693dc3389f7d90b713e3a85a62516305a70667fc1fb3cb10e8a955750273943c568e10769cef78199df4450dbc490fef1b304b052221b2db9c44fe00345:f4d1c80f5e7b91c5c7a82a682d49ba6fb19d400a299748a0c969bb99816998be634e84da78581b06e3470efec39804fed93d29739f0439a8095ac40d9d385e045a94f729d30dd8aae2a5c8c28547bf4506295dc61bfead9727746082d43b0f8114c8c18c5edaf2fec7cae819356338f0bf115a17b038acfd7c96ba6262cabd5710fc0efb43d13df4065becbf1b9e279c03ec9bbfed54d9a13fe06a55a3bd05c807858b41e18dbde13b0907d4034132262d9c2f4d2d376e1609ad280de20ba709844dbd12950257f1b07ef8cc3337c01a702693fb4d92d047e698c3a6dd46c4a92a10d4c780e52e5025e09d56535d7eeb9fe7f033e6e9260a68f9d54b6f37cc069656e3bcee06922b349681a8e7751cdecbe1ecb663fbc6f7c861f853dc310f33defa98ee343a68632ec22cafecb7f3212f81e70b71843b9fe8c86a68b5c86f0322d348a76da7f1ba0ca3cd7b6fd15ff89292b3f636cd08cf625c74d5102cabb571a3dba86a1c92f41c7203b44942f5a24625ac37d77e49a57f118238699d807c250d5bf46f7a3cec5779a6e5ae1a6ca160cff37fb3b78388fe9c030c40e7154601081a517fc0aa1802cd3b845b946efe94aa8b9e03f68a80ded0dfbfad4daee40fa838c133841ae8a3ce0d79fa8a2b9434bac5e1da6e0c7193e8dea435a03a85f76184f7ebe2aa749be9413104a178689ba6d27e94fccf61eb3aba0e6a5a63af0ca8f05a35cb63705194e44d9293de3929b0d92be6f8e627c350a83fc9000aa95b93820be9795c80b5662cd7b34822328061356dc580578d1a35b10140dcd248e4853104d2c5b2c13ff683dd5c30794be4a76858af1c0d9af347ce1dcd972ee49aac12bbcd899c9329871d3e7a0683d175779afe35f26a2d248fd780ea851dc4ba6d21f8a171aa6cb8697d9d112161540307cd54f931775d70b33d3b6de1091fc1750531c08fa70f7be38aa110d6746bb565db7b470f900850fbbf1c662fd613e4f3a5689549e3107e9b0f17def7a5bd7fd7596c4d04c7f48c779fc35e09335e1df784084e55d8551d1ff49de5b311cd350f347a0bd2863a2a30e6ea183ad2e3eedebc18dd28c6a596e693dc3389f7d90b713e3a85a62516305a70667fc1fb3cb10e8a955750273943c568e10769cef78199df4450dbc490fef1b304b052221b2db9c44fe00345: +6ca1a1482a07f2a6c57f041197b34a5119e68903cf6dfb51711d9550973163c08034a55e3b6ed799f49e2e703a81f4ac02573c445d765e3069be42f09cbd18ad:8034a55e3b6ed799f49e2e703a81f4ac02573c445d765e3069be42f09cbd18ad:08fd8487503c3f3296b6f1b64d6e85906fd5986cf9c5d9fa8a59d92f44e6470af34bcdef336ffdc86456ec7a7b5761f1adea027326630e68abc6b8cd5ddf40b641a259ad024321bf3ef98e7632797149c492d53594752c550dfbc4fa6bf47176f423a2705693947aa90d68ddc8efb6cb9dbecafd2830d04fd93b1e9e7c12b93e0d0f3e2634900f25860ddadbaece1780ff2d3f3d9fb838fd0d5d66f8afb305ff1a1aedca2b974b63e43f5b3cc9dfed1bcf11999176ed9585ac829bc6794ef3acd872e8d2e92608b320f894996a562e1eb177e21be57c22c41ec259a3dff9c7c9491db838d76cf9b0383111598e357f44babebf121bdb24ee9d557b7d5af491a0a0365c90361fe4f7e3d13a17da3a39fd43f690dfb0b2d860cab419f775ab7152cdc8f2afdc50e8d5da5da01706eea2a2ffad4babee8b03da336a4d843d9d7e0a93f36a92e6610a368b63133f05a3fdc55e3e1a440b0f87a53364c1d37242c57a109e6df69345b01c21c1089e790a66f4f3380d3b76ffb420dfe1e6200eace579265a427fbd355514ef953e1a6e968e37021b3c6a290dcd0293da6768dad7c66311633051c0accb0b9165464dfddfded23bd13ef908744f9c2111dc153142d2f10534d893fe0b545fec53fdb3b35b518398b02ab21791fa977e30cf4b404e7a299d3787108b836aa0d59c114f1f36719a7acf85ac994d9cb72306f258f78ac0a3b6c05343e0b7a9aa726e52267edf97f4972f7664f43720ad33ce6e615440e36537cbc569bd6ff94ffdaea51e06029dae78c5b915c537caea6f1504147979b8aaae0bcd9618437ebed0b55efaec320e84c75959a37a260a02d4ef1bb62641520f1a03ddea8c4c1de8d7fac58da408b0ab4757a135f1d075c9f7c99fb99db9427ce9b0d626cb1ac189ad8663d7a714fb5cd1585c3bf99a0aa46d763978d0b12d65c438bbb73feaa51ba26a459e7bea25439466c08613e42540c8c6d54367f221fcce0c5eb6af2faa181ea21521809be75649cf8dee7671db7f948f346cbd0302bf9a06eabc72e2e512b3df885f6daa398f93e36dae2d6a04478121f97787d4cedff6db09aaf10f27b1:dd9bdbadd9fdc81ce230288c4a068df07e18b4c7cc51c0ca4811dfbd04765c56bc883240e46e3a42c01d8d2424fbc332b7c5a17bceb1f6e8dad0bfe562cad30208fd8487503c3f3296b6f1b64d6e85906fd5986cf9c5d9fa8a59d92f44e6470af34bcdef336ffdc86456ec7a7b5761f1adea027326630e68abc6b8cd5ddf40b641a259ad024321bf3ef98e7632797149c492d53594752c550dfbc4fa6bf47176f423a2705693947aa90d68ddc8efb6cb9dbecafd2830d04fd93b1e9e7c12b93e0d0f3e2634900f25860ddadbaece1780ff2d3f3d9fb838fd0d5d66f8afb305ff1a1aedca2b974b63e43f5b3cc9dfed1bcf11999176ed9585ac829bc6794ef3acd872e8d2e92608b320f894996a562e1eb177e21be57c22c41ec259a3dff9c7c9491db838d76cf9b0383111598e357f44babebf121bdb24ee9d557b7d5af491a0a0365c90361fe4f7e3d13a17da3a39fd43f690dfb0b2d860cab419f775ab7152cdc8f2afdc50e8d5da5da01706eea2a2ffad4babee8b03da336a4d843d9d7e0a93f36a92e6610a368b63133f05a3fdc55e3e1a440b0f87a53364c1d37242c57a109e6df69345b01c21c1089e790a66f4f3380d3b76ffb420dfe1e6200eace579265a427fbd355514ef953e1a6e968e37021b3c6a290dcd0293da6768dad7c66311633051c0accb0b9165464dfddfded23bd13ef908744f9c2111dc153142d2f10534d893fe0b545fec53fdb3b35b518398b02ab21791fa977e30cf4b404e7a299d3787108b836aa0d59c114f1f36719a7acf85ac994d9cb72306f258f78ac0a3b6c05343e0b7a9aa726e52267edf97f4972f7664f43720ad33ce6e615440e36537cbc569bd6ff94ffdaea51e06029dae78c5b915c537caea6f1504147979b8aaae0bcd9618437ebed0b55efaec320e84c75959a37a260a02d4ef1bb62641520f1a03ddea8c4c1de8d7fac58da408b0ab4757a135f1d075c9f7c99fb99db9427ce9b0d626cb1ac189ad8663d7a714fb5cd1585c3bf99a0aa46d763978d0b12d65c438bbb73feaa51ba26a459e7bea25439466c08613e42540c8c6d54367f221fcce0c5eb6af2faa181ea21521809be75649cf8dee7671db7f948f346cbd0302bf9a06eabc72e2e512b3df885f6daa398f93e36dae2d6a04478121f97787d4cedff6db09aaf10f27b1: +2784df91fea1b2d21d713de2edc6652451a0c15954b8656062ea1dedc2445b2a9556db5370f8fb3c7478de03d23df1cda96f2740118efdd3d1a9fa4c3bfe8849:9556db5370f8fb3c7478de03d23df1cda96f2740118efdd3d1a9fa4c3bfe8849:2e3bc54df416741dbe7916ad25f04e48d5a9d77a623e57f9cd61ecb44f09f76833eb2a3e9ab7aa89ff5d2d560c07177d854d7c49cbef492b7f4f7e567de1275124e16ca4a7980162fa0fd162a8e5fd6f35617007034bceec57c8faf7664f4b3baffdea8d8fc2ba22d585e9e2d739f5ffc99b4e0dbe9c3686547ea04815a59c4a25b5f2390668e418ba0fcbdf4c4a51f33905c74fbb830a19f9bc8636dbaaff209995447996d2e5b1c377b4cb87a4e1efe12de34d33599ff397b74017d711edd3e772155be5a4406e74cbe2931ef51359afd51b5b1a7b3ea22ee8eda81476bcc17ea7680f6f3104703b9f2a35cf2627eb741d1a30aa4beef6579ec7d0b07a4ef32abcb4d756970f70a3678e17e6e5731890aebc8c92b956d4b3b5fe2adfd79b211a1883dfc8c9a4b1b9c8c1bb265e1f3dd392445ea59b590a019551f8121849f435b3ac1b29902fc8392554056b93903d5f263b3d540843d6afa75a2ad8304b7690de99a734c3d130b69547b18b09e98cbf252730e4aedb6dc4b58b2243fe55e80939d37b0a59d72226d8a2cc5153095e15994ad62195aa310f2a6426676b661e47b9fcfffa04d6dc625f29f44c7cf620b378a65d238344b380448cd119cc7f373f62cdfad64149906353f3a54107c5dba65e3cc494b0531f4d64749363f230738b2cfeed983520227dd5bc43be59b3268e283216f6e9c75e0c1c71272e54fdb29c7858d287d1efa1917be37c8eeab5e44c3ad7b36e8ac9f66991eb82a5148e5972034ad01c62615a45154579fa50869e7be9876b5656eaad2e43025a62dd134b612d8f4d5ebcf8056e198b713438e8e0e347cafbfcb89e394aa330d4c788d49c658fcfc80b3e0078f0e8e19aa9b8fe8eb0bab93de785d043e0f475aeb60d62e38fb1f8384a00b7a902daee13d2136269e50801b80a65b2f913cfe3ffb365d9aa2fd19372a0b0225695444e4bc54871d108e09c7e1c2b42dcbbacce24ea5bd5bf1fcf4ac697a3fe09a54677b7a8dc8d5eecb86cc792ee9b6fea2de16a473269fdc65dbb73c258c821440407c642f7d3d3f5c708d55332da8343106c19b230a51427f3b771916ae3688b:17d171d946de3516158407e132cc1acecaefd6d092112be653999523e20bd495f7b7f600e8d5a671330d32693d6019c08d2d003b176e6319c35394200e027d0e2e3bc54df416741dbe7916ad25f04e48d5a9d77a623e57f9cd61ecb44f09f76833eb2a3e9ab7aa89ff5d2d560c07177d854d7c49cbef492b7f4f7e567de1275124e16ca4a7980162fa0fd162a8e5fd6f35617007034bceec57c8faf7664f4b3baffdea8d8fc2ba22d585e9e2d739f5ffc99b4e0dbe9c3686547ea04815a59c4a25b5f2390668e418ba0fcbdf4c4a51f33905c74fbb830a19f9bc8636dbaaff209995447996d2e5b1c377b4cb87a4e1efe12de34d33599ff397b74017d711edd3e772155be5a4406e74cbe2931ef51359afd51b5b1a7b3ea22ee8eda81476bcc17ea7680f6f3104703b9f2a35cf2627eb741d1a30aa4beef6579ec7d0b07a4ef32abcb4d756970f70a3678e17e6e5731890aebc8c92b956d4b3b5fe2adfd79b211a1883dfc8c9a4b1b9c8c1bb265e1f3dd392445ea59b590a019551f8121849f435b3ac1b29902fc8392554056b93903d5f263b3d540843d6afa75a2ad8304b7690de99a734c3d130b69547b18b09e98cbf252730e4aedb6dc4b58b2243fe55e80939d37b0a59d72226d8a2cc5153095e15994ad62195aa310f2a6426676b661e47b9fcfffa04d6dc625f29f44c7cf620b378a65d238344b380448cd119cc7f373f62cdfad64149906353f3a54107c5dba65e3cc494b0531f4d64749363f230738b2cfeed983520227dd5bc43be59b3268e283216f6e9c75e0c1c71272e54fdb29c7858d287d1efa1917be37c8eeab5e44c3ad7b36e8ac9f66991eb82a5148e5972034ad01c62615a45154579fa50869e7be9876b5656eaad2e43025a62dd134b612d8f4d5ebcf8056e198b713438e8e0e347cafbfcb89e394aa330d4c788d49c658fcfc80b3e0078f0e8e19aa9b8fe8eb0bab93de785d043e0f475aeb60d62e38fb1f8384a00b7a902daee13d2136269e50801b80a65b2f913cfe3ffb365d9aa2fd19372a0b0225695444e4bc54871d108e09c7e1c2b42dcbbacce24ea5bd5bf1fcf4ac697a3fe09a54677b7a8dc8d5eecb86cc792ee9b6fea2de16a473269fdc65dbb73c258c821440407c642f7d3d3f5c708d55332da8343106c19b230a51427f3b771916ae3688b: +4bb79236fada3144b68296499ba44ae534074ca94d4b581e5edcfffe13b3ad190a8399f1e5a423dcf7b25b2fb0ac9e1e9548148bea84d021e0428760e05d58bf:0a8399f1e5a423dcf7b25b2fb0ac9e1e9548148bea84d021e0428760e05d58bf:ad81abf6937a7acd7f1837f04d3f10e708c61a5fbedeee4db76e1598570384e6efece97c925d2e5c3488cab10b5b52b8a5486e99d8ffe86c1981a1f1d532dcd4d489e5546d86653298e7a5f96e8144552dda8a18e75b5f7355b13541621106e497e51a56d8659d198fe10037e22128afc2714a2cb5a12cc5db0968a343ef918e8769dd6a3e5b9e32aab66cb0239ebe4c17f18218e252eba6162e977049ebac0b38048b3aafb7d4d72263e9212899a3bfe0a69c99e22ac61c5e9612456303d92458b5c502916c34a8ee5cd9a582a52576b6dc9d7d4c642f212998bf3358d4a8c2ea67686e55d489f6a76e6b070e6e995a745326c9aa63630a0033ad30721aa65fac604a6e58c750721a56ca6760c94134d611fab4d354e4f66a29677b1a666601e9da79f213f582037433c07f94d5f0de6aa9faa0b32f7b023fb9fc135a26f97052ac80b39b306aed13926c285419a29b20e2370d8a095b32258fa9893489ee21089c752ec062e120359e2f3515128254c8098cca65a91a022dd057a2c2a1b6b85d137c3c967dcb70aa17a2ff4b37678b382902f0f931ee743fc398ac1b8c10469867308479e40d7f2f04a4b04c4489158488ddb7bec5a47f20ff356d99a1b3e9d0b7fe9b0ad949f298960efa4d9728f8101cf53da3bffdd9524bf440a58b32738d0b6293e853f466ffd42c5607ac9e353ba03efb578cc9963d8aaa9d2e266d1d2ae9296f30c9ef44ec691030d596a401b6cee72a540ef3c42ec0174266ba5401f354adc8e25404437e888b08286939bede308acd30327ebff06270097cc294f0a0f39f9aa3c66585ca47e60c4b8ea36089eb8a9088bb18b0343135bb6a456d2f6a3bf390723e78b42c037c2de2e1432caad3a594021294d43f5b15a2e819dc748e451de40068c8f032f13b4711377012edcd4f11dec1111b12eb6e1b00633818706d7132d991ce20df3b921db2185ee25bb6f5827576ec01ad890f79793baa358c2bbfb6faad11d8cb0d0d2d2b2981fbf4e372349fc6a01c36077b59325f702b380059a65cf2f5ea98d6bdc8152053b85b28c81e413c4cac7e226c13db3267d21830f0e5431102917005:698fab68510db8121a465db77e4f8b586aee895816e63bbf0beb242db4e84c157f4be201ae6564517a870d17f60c858370c01cca17189cb4189e814391d1500dad81abf6937a7acd7f1837f04d3f10e708c61a5fbedeee4db76e1598570384e6efece97c925d2e5c3488cab10b5b52b8a5486e99d8ffe86c1981a1f1d532dcd4d489e5546d86653298e7a5f96e8144552dda8a18e75b5f7355b13541621106e497e51a56d8659d198fe10037e22128afc2714a2cb5a12cc5db0968a343ef918e8769dd6a3e5b9e32aab66cb0239ebe4c17f18218e252eba6162e977049ebac0b38048b3aafb7d4d72263e9212899a3bfe0a69c99e22ac61c5e9612456303d92458b5c502916c34a8ee5cd9a582a52576b6dc9d7d4c642f212998bf3358d4a8c2ea67686e55d489f6a76e6b070e6e995a745326c9aa63630a0033ad30721aa65fac604a6e58c750721a56ca6760c94134d611fab4d354e4f66a29677b1a666601e9da79f213f582037433c07f94d5f0de6aa9faa0b32f7b023fb9fc135a26f97052ac80b39b306aed13926c285419a29b20e2370d8a095b32258fa9893489ee21089c752ec062e120359e2f3515128254c8098cca65a91a022dd057a2c2a1b6b85d137c3c967dcb70aa17a2ff4b37678b382902f0f931ee743fc398ac1b8c10469867308479e40d7f2f04a4b04c4489158488ddb7bec5a47f20ff356d99a1b3e9d0b7fe9b0ad949f298960efa4d9728f8101cf53da3bffdd9524bf440a58b32738d0b6293e853f466ffd42c5607ac9e353ba03efb578cc9963d8aaa9d2e266d1d2ae9296f30c9ef44ec691030d596a401b6cee72a540ef3c42ec0174266ba5401f354adc8e25404437e888b08286939bede308acd30327ebff06270097cc294f0a0f39f9aa3c66585ca47e60c4b8ea36089eb8a9088bb18b0343135bb6a456d2f6a3bf390723e78b42c037c2de2e1432caad3a594021294d43f5b15a2e819dc748e451de40068c8f032f13b4711377012edcd4f11dec1111b12eb6e1b00633818706d7132d991ce20df3b921db2185ee25bb6f5827576ec01ad890f79793baa358c2bbfb6faad11d8cb0d0d2d2b2981fbf4e372349fc6a01c36077b59325f702b380059a65cf2f5ea98d6bdc8152053b85b28c81e413c4cac7e226c13db3267d21830f0e5431102917005: +afd765e6aac0146d4811ef9597bc3f44763f03378b7be033d6e64ca29decaef96bb76123d9258922686c53fb6917b9a459cabd30be8c43970d80f5350c2d98ef:6bb76123d9258922686c53fb6917b9a459cabd30be8c43970d80f5350c2d98ef:183b1092c7904e47a1420317a25d0f59110aa84d6b3419ad456865c43b29e9d1dacf755d9e5cf94c5591d5d912d05ca9a52d015d6e8f5dc94efdce0d7cf5651203b11e5427a9f679429e00414a48eab13fd8e58b87eba39d1025d6a18b2cdcbe147436dbf38a1ce86413ae318765e1bb1df7e2b3be97e90408b11717cf459bcd0f3cac58b4a0d35bffb533e20df37451c11401ce1dab02055c7e08c5ec46390cd617a6b5f22f651830a1112a06ede4c40ab7957851d6c66f171cd16241590900b852a3d019957be1b7bb7acb8923f2a357c3264456cfca9b429d71fecb7edae39b252b4eb610e8c718835699754b8d4124b492488ede62610cce44b59218663b6c9646a14a8417eddbb6f4fbe5a4bbbb482b37a445e3c16b65a141cd3e12a5b2c0481d614d6d208479b9b209b828854dae0ea1eded506555fe18e1854005cf001a8077083498d27fadf118286b53b8974d69fa2825be8ca3d6036a92ca52f91dde6d5b1ffe2888f4d60779fad1fb41d8c0714049af681b755f2d4204eecd09e077210a48a195e72c80e127c3d4875095c6570a1f78095907528cf7746f31d97111c6f4cb25b3741299a7574822d46b6e79ed23c2fe057b3ac7290b460b166ee90a45562effedcc6ba8f4795f7395818db56b6edd59ca2cc4aea1841fd9565becd6c08104cdee26ba9de200773d091bc77a57c547f1a6ba0a2cd717ab32561d7422ea7235adb0cb36bf5cbdf88fcae06630a15647d9a357b4e0e502d273f3796a51e0bc3fedbf7a1e64aad722aac5fd022fa79d60fc707325f127eb1f03868795ccdc0b4cb26f2023d152153a97a260bff11745d2e2cc0bf860d4a6e358a6d8176d2ac178a9ae1a2dc75e8b490408ff7cdf991329f33cb0c05e1e356925087e0b8d96a52351d1d17768eb134cdb21a1546aaedcc687dfa1b22e92fb5241a83677a153445b77d5e703508e2abc588a9f42e5bc710673e4dd8ad703fab2d7db1eb84226c89d8762a709e3e9138a1fa790f2929bff61bc1ea6e8aa1ad0e3887d70a56d4e6547fc606a50d3be3bd6db03663e00ca9e4f24fe8cbfd7d8c9738d6367554b7b601f74190b5970a398:3dc9194d50811419049eaa07b655b7d4064bcb0e7fb5f9e5326b5fc856fc0ab8705973ae1001df55373977dde2d9b81079551414adc71cc852d499b0cf824f07183b1092c7904e47a1420317a25d0f59110aa84d6b3419ad456865c43b29e9d1dacf755d9e5cf94c5591d5d912d05ca9a52d015d6e8f5dc94efdce0d7cf5651203b11e5427a9f679429e00414a48eab13fd8e58b87eba39d1025d6a18b2cdcbe147436dbf38a1ce86413ae318765e1bb1df7e2b3be97e90408b11717cf459bcd0f3cac58b4a0d35bffb533e20df37451c11401ce1dab02055c7e08c5ec46390cd617a6b5f22f651830a1112a06ede4c40ab7957851d6c66f171cd16241590900b852a3d019957be1b7bb7acb8923f2a357c3264456cfca9b429d71fecb7edae39b252b4eb610e8c718835699754b8d4124b492488ede62610cce44b59218663b6c9646a14a8417eddbb6f4fbe5a4bbbb482b37a445e3c16b65a141cd3e12a5b2c0481d614d6d208479b9b209b828854dae0ea1eded506555fe18e1854005cf001a8077083498d27fadf118286b53b8974d69fa2825be8ca3d6036a92ca52f91dde6d5b1ffe2888f4d60779fad1fb41d8c0714049af681b755f2d4204eecd09e077210a48a195e72c80e127c3d4875095c6570a1f78095907528cf7746f31d97111c6f4cb25b3741299a7574822d46b6e79ed23c2fe057b3ac7290b460b166ee90a45562effedcc6ba8f4795f7395818db56b6edd59ca2cc4aea1841fd9565becd6c08104cdee26ba9de200773d091bc77a57c547f1a6ba0a2cd717ab32561d7422ea7235adb0cb36bf5cbdf88fcae06630a15647d9a357b4e0e502d273f3796a51e0bc3fedbf7a1e64aad722aac5fd022fa79d60fc707325f127eb1f03868795ccdc0b4cb26f2023d152153a97a260bff11745d2e2cc0bf860d4a6e358a6d8176d2ac178a9ae1a2dc75e8b490408ff7cdf991329f33cb0c05e1e356925087e0b8d96a52351d1d17768eb134cdb21a1546aaedcc687dfa1b22e92fb5241a83677a153445b77d5e703508e2abc588a9f42e5bc710673e4dd8ad703fab2d7db1eb84226c89d8762a709e3e9138a1fa790f2929bff61bc1ea6e8aa1ad0e3887d70a56d4e6547fc606a50d3be3bd6db03663e00ca9e4f24fe8cbfd7d8c9738d6367554b7b601f74190b5970a398: +eb347145f339edd802785b6fbecd5cb80889ac7ce4ebad2f67076765db939bca994a456eada03020921c3d109c135eb961fcd4a0a400bafd32ca061bbc862543:994a456eada03020921c3d109c135eb961fcd4a0a400bafd32ca061bbc862543:5b8b31baf88483f095b5d02e17d8b7b46cf46460e64c6b02c56d8dafe34823706cb5c15f338ad9b56586a949711aa7312cc93450d2fb9af4613fc30793a631a55c14e53c0cb15f06116399398c8dd61876c62915f9f9e4cdf8f7d89ade129e6dde7d63671a1863f5da8f42ea64c079ecb9a2c1b1dd9adae60e96b9cbbc7624532aa17975eba17a7af02bfb219aac02b3d4306cd38933a85060cd62ab513a3965b09150a488c92bf7cab0482eee56463f0139009b9fbb3ff4ecae211f428b5bfb8876f004983b90c447846ca4b74566e979bc30c95e99faab69a3ebbfe4da6034c82d63e9c5ccaf8486af3b5e0d381422938b0c22f516955bdc36943173f5832708a33cf52d8875d97fde585b4917e4adecdd1e79856762033af22f254b50ce9d0c700e77a731554fa0113a0c666683f3fdb19e3a426302230b63e33a785ef24a9289455b3b8fc618fffef49c2c6e48fd4bb422f504149de2b4c0355c363408e66da81cbb581552a411e364fe3e4ca96d7072ab072e7568c13d35e41c7825a13a5c68fb9fb5988bbbfb9a0b51165764660cdfa2411f3d42165da187c58edef0105a6db177420543e958d5d5e8a371f7987051c4e1786d018eb3d732c210a861acaf671be95bb63fbc88bf8be7be5390939cd9fb2acf3981dda61b787a7bbd78468e1d32ca46af8fb32a18463c180f524be1da910da5508d42a0051741227c9b62de6d19b33c0bd48067b035859ad9bdc2ddd97befca31e65a886cfc753afc4ff2a7212a89d37c046cdf3999c051ff1396bd99cb54945639eb6462db9ece84077b0b3d6b3df3952dd36756c6dab2abc25a51bf32c1e9cdd0a728a7985f7b7e0d9c1a6f66ce1216373d252daf5958f2e8973fd268fad0efe251ce76fe47bd0a4d0c4f1017949d4c2b16717218e149154ed6fbe56f86d82e19ef0a91631912f2a8f3debb00766b6177802f4b2e79f6e7bfa9c62cfa2f75cdb60492630a85c9b43177d2dd9ba8d0548abe24923ae8443eeadcd0f58a7b82dff50d884003889cb560f7ac53e710a75575362464b1aa43d2a9b22f2bd2162d302faa7452344ce7ade9983687b6c68eca47dddb289b15:fdbd15e1e6469df720d9552cb5dd177bcbd292fcda83cd93c88d0114912dc8703109bac0d459ace9957df2293ac16d40d514893556853299b97b4fd4137a3d005b8b31baf88483f095b5d02e17d8b7b46cf46460e64c6b02c56d8dafe34823706cb5c15f338ad9b56586a949711aa7312cc93450d2fb9af4613fc30793a631a55c14e53c0cb15f06116399398c8dd61876c62915f9f9e4cdf8f7d89ade129e6dde7d63671a1863f5da8f42ea64c079ecb9a2c1b1dd9adae60e96b9cbbc7624532aa17975eba17a7af02bfb219aac02b3d4306cd38933a85060cd62ab513a3965b09150a488c92bf7cab0482eee56463f0139009b9fbb3ff4ecae211f428b5bfb8876f004983b90c447846ca4b74566e979bc30c95e99faab69a3ebbfe4da6034c82d63e9c5ccaf8486af3b5e0d381422938b0c22f516955bdc36943173f5832708a33cf52d8875d97fde585b4917e4adecdd1e79856762033af22f254b50ce9d0c700e77a731554fa0113a0c666683f3fdb19e3a426302230b63e33a785ef24a9289455b3b8fc618fffef49c2c6e48fd4bb422f504149de2b4c0355c363408e66da81cbb581552a411e364fe3e4ca96d7072ab072e7568c13d35e41c7825a13a5c68fb9fb5988bbbfb9a0b51165764660cdfa2411f3d42165da187c58edef0105a6db177420543e958d5d5e8a371f7987051c4e1786d018eb3d732c210a861acaf671be95bb63fbc88bf8be7be5390939cd9fb2acf3981dda61b787a7bbd78468e1d32ca46af8fb32a18463c180f524be1da910da5508d42a0051741227c9b62de6d19b33c0bd48067b035859ad9bdc2ddd97befca31e65a886cfc753afc4ff2a7212a89d37c046cdf3999c051ff1396bd99cb54945639eb6462db9ece84077b0b3d6b3df3952dd36756c6dab2abc25a51bf32c1e9cdd0a728a7985f7b7e0d9c1a6f66ce1216373d252daf5958f2e8973fd268fad0efe251ce76fe47bd0a4d0c4f1017949d4c2b16717218e149154ed6fbe56f86d82e19ef0a91631912f2a8f3debb00766b6177802f4b2e79f6e7bfa9c62cfa2f75cdb60492630a85c9b43177d2dd9ba8d0548abe24923ae8443eeadcd0f58a7b82dff50d884003889cb560f7ac53e710a75575362464b1aa43d2a9b22f2bd2162d302faa7452344ce7ade9983687b6c68eca47dddb289b15: +3208837d1554b6511adda09cbae565da78439a472a5d1b107ce0a9b1d7757db79b525e35368a921e3a2e9a35a4de9ea4c436caba27123e5c369e2a6cf5c90ab6:9b525e35368a921e3a2e9a35a4de9ea4c436caba27123e5c369e2a6cf5c90ab6:436a3c31763f93d4d546c6d1ecfb7ae45916af754f839dcfe96d6b69c61214d016fc842f56462a3f07f661b2e2505acfaf482a0b0f4f5501eec4b2d2d7d444544de000b990f4363d3f983f5d4e09309752ff579c7320c915951cc3a1e3238c1ba7a19130eabf6a37f5f0bc56e25242f752061f3c63acad992a7501e967deb925b30ed105431e582102fa4f308c2f0683612b56686d52daed6943a7219f3beea2e0a29242e86d5562ffab83b56b263326664e029e961e7017d8e89f5e3e1d10f5932854550ce6e5cd76971fd235cf9c0027d0cfed3315c2cbf18508624d8acf047f9b968f907d9e6f4cfa5e45c80a272c2dbb62c5d4194580dfabedd82cb4d76492344be96ccf5daaf61e6b2b55efdb3f65210a3d6e1f369887ca0ea0d58c3d146ae3cf9b000076884115fa51b5fd66bec0ccbf0d2920196a7d7a38445fbed22dfc7564dc56f60d6e29e592485374c6bd1e5b15931b69ca6ee6b3aa2525c23585f0929f31cbd11fb1a5330216b90ae5a656df7a074cec64e598184f503fb23cc05e65da9ae7e8441f40e2dc26b8b56d2cb523a7c635dc0847d1cd498abf756f5a13ea14f8fab2c410b1a470f49aa8dca4ac0256b11800de0dd0ec42b142c561128d357e783b12f61c668f5e6e06b7b48b7b2254de5bdc1804b723d5fd6a0f4bc7c59e7c5054182613bbd2fa92b4c1da16bc8c97e16bcb0dbf8c92b74899b37f318757140b6c4fd535e2e1e0570a50818cf78fb988e1f4ce40e76e8fe3d697d7a45850f293ce170fd8ab07cf1534ea5ffad34f6fcfa42d0d21a91dfbfe0597c73fd9b9767614ebdfd02c3ac0c49ad10c94be5969ee0808c0a30b2a1eaa90ea43b8575c3056f423cd4b6f34ae51c2223765a9ea21f64573c1a13961321246e3b5349ee048fb62d5fb61b1714391182562b91598360e5f9bf4ac80db246432afb3a43d349650de03d343c2e97a8eefd1bf30c10c25867f53266bd1f0dc14ae1a6be9efdecff67e7d292c6cdfc90d80b886668f04c2a0f5ad7fa17c178b6e9b45a11f4ddfe2d66960a3f75135ad5ed154e513e1a5d138e7371e84d7c92453e6c62dc59b8e1fa93d773a2540d91c257c:709d1ca9ca2f742ab9dd0b049335f544cffb2f1a3693d5f53f8ba083b9b0d86e5208fa8e1e8156c9cc2242775abb7e15af3085868ef457634e9926c404ecf30f436a3c31763f93d4d546c6d1ecfb7ae45916af754f839dcfe96d6b69c61214d016fc842f56462a3f07f661b2e2505acfaf482a0b0f4f5501eec4b2d2d7d444544de000b990f4363d3f983f5d4e09309752ff579c7320c915951cc3a1e3238c1ba7a19130eabf6a37f5f0bc56e25242f752061f3c63acad992a7501e967deb925b30ed105431e582102fa4f308c2f0683612b56686d52daed6943a7219f3beea2e0a29242e86d5562ffab83b56b263326664e029e961e7017d8e89f5e3e1d10f5932854550ce6e5cd76971fd235cf9c0027d0cfed3315c2cbf18508624d8acf047f9b968f907d9e6f4cfa5e45c80a272c2dbb62c5d4194580dfabedd82cb4d76492344be96ccf5daaf61e6b2b55efdb3f65210a3d6e1f369887ca0ea0d58c3d146ae3cf9b000076884115fa51b5fd66bec0ccbf0d2920196a7d7a38445fbed22dfc7564dc56f60d6e29e592485374c6bd1e5b15931b69ca6ee6b3aa2525c23585f0929f31cbd11fb1a5330216b90ae5a656df7a074cec64e598184f503fb23cc05e65da9ae7e8441f40e2dc26b8b56d2cb523a7c635dc0847d1cd498abf756f5a13ea14f8fab2c410b1a470f49aa8dca4ac0256b11800de0dd0ec42b142c561128d357e783b12f61c668f5e6e06b7b48b7b2254de5bdc1804b723d5fd6a0f4bc7c59e7c5054182613bbd2fa92b4c1da16bc8c97e16bcb0dbf8c92b74899b37f318757140b6c4fd535e2e1e0570a50818cf78fb988e1f4ce40e76e8fe3d697d7a45850f293ce170fd8ab07cf1534ea5ffad34f6fcfa42d0d21a91dfbfe0597c73fd9b9767614ebdfd02c3ac0c49ad10c94be5969ee0808c0a30b2a1eaa90ea43b8575c3056f423cd4b6f34ae51c2223765a9ea21f64573c1a13961321246e3b5349ee048fb62d5fb61b1714391182562b91598360e5f9bf4ac80db246432afb3a43d349650de03d343c2e97a8eefd1bf30c10c25867f53266bd1f0dc14ae1a6be9efdecff67e7d292c6cdfc90d80b886668f04c2a0f5ad7fa17c178b6e9b45a11f4ddfe2d66960a3f75135ad5ed154e513e1a5d138e7371e84d7c92453e6c62dc59b8e1fa93d773a2540d91c257c: +4ec6829b43997056d99685389bd53c528de7e5ff2715d65c956619826e3fb5b57d922d57fdb12792879aec4e8c651463ece064492c721753d22e115509fed706:7d922d57fdb12792879aec4e8c651463ece064492c721753d22e115509fed706:ed26b4130d4ebf3f3861491aa3dd96a4eb69752173fa6c84ca65dfc991c7fe44e02bd61650252a1d23786682ec38c1fee82cc350db7c3c3949a1c935ffebd7baa24f35a393fbd27e7c34c2f9ffda60a18df66c3e465d90ed48fbbad3fa7947dee7e659a3eeadb887f0963f6bdd76c36c11ae46d088ee50bca8187a0a8832db7984b7e27cbe6abf12d2c94f337ec78cb38b26241bd1a3d2f5fa4407fdd80227d2b170144b415978e37201d0fcf43174b9d7b2115d5eb8bcec276a775aea93f2340d4425d34d2047494d917e0dbe37857e6c99859b71c914aad5e54f7b2b033e594e272cc5cfe919f888e55cb6157affcf357246d00b532cc471b92eae0ef7f1e915944c65279315729853da572c809aa09d40365f90875a50d31ca3900da77047c957c8f8bf20ec86bd56f9a954d9988e206b444ca5a4434521bfc9c5f3a8a06147eb07d11dfe1171ec31ff55771588b333eee6215d216c47a8566fbb2b18974646ac5a92c699d77584c0defefd2dfa58fca27199e41ec58a246320b35faab75b97951924226da4ab28f01b47078e712e4fd9f77b251c9667858c28e32ef1cd01fcbe435c542dbad0a84a13cdbb5775e62d811dc690d9555c37f15f91767a561357df106eefe056e7360670650fb818fc6adc59973e9ad5cdcd809807ab56397f3c13948732d98d676f4a4470a95d8b518237e226f0cc5f4765164a5c3ef050714be02a126be8f66546481581b9e94a26aad24c693b7fdbc18acd3ed7cfc47d8ab26745d78e701d0cf05dd844b5b345a29dab684cbc5092ba022e3c582dfc044c3100ad02756697a849822915a16e2a2b810e6815f54421d2f3a6fff588c0d9013c76f33e09beaeef60d8774230e8ce7131289aef2a40686c819fb2040b06124d3d9aa419d56788f17fa7ed9b9b57ceaad1337a0101bea0440cff745ddd9722055d1f9bcfb009ce2c2f41a9e7e86806b872cdc2059bc8ec68f5ee56c4bacf4bbd30ea4c7155864d600c0e2eee73b319bda4372e9c603c772c25890c7610489989475d37a77a4574a2ba55bfd9c9cfd146fb97e6165dcc19559f4f85dfca2f97f3702ed8fa6b3c2a9741974aa07ab6:159ca404f7f74117c5163cf404110949eb57ae2d7662b1ff4178cc6756e90adaeab71b064ce1dff457b2dba7e2dc13c217bcae8a61fcf8ce1487a649c257ff07ed26b4130d4ebf3f3861491aa3dd96a4eb69752173fa6c84ca65dfc991c7fe44e02bd61650252a1d23786682ec38c1fee82cc350db7c3c3949a1c935ffebd7baa24f35a393fbd27e7c34c2f9ffda60a18df66c3e465d90ed48fbbad3fa7947dee7e659a3eeadb887f0963f6bdd76c36c11ae46d088ee50bca8187a0a8832db7984b7e27cbe6abf12d2c94f337ec78cb38b26241bd1a3d2f5fa4407fdd80227d2b170144b415978e37201d0fcf43174b9d7b2115d5eb8bcec276a775aea93f2340d4425d34d2047494d917e0dbe37857e6c99859b71c914aad5e54f7b2b033e594e272cc5cfe919f888e55cb6157affcf357246d00b532cc471b92eae0ef7f1e915944c65279315729853da572c809aa09d40365f90875a50d31ca3900da77047c957c8f8bf20ec86bd56f9a954d9988e206b444ca5a4434521bfc9c5f3a8a06147eb07d11dfe1171ec31ff55771588b333eee6215d216c47a8566fbb2b18974646ac5a92c699d77584c0defefd2dfa58fca27199e41ec58a246320b35faab75b97951924226da4ab28f01b47078e712e4fd9f77b251c9667858c28e32ef1cd01fcbe435c542dbad0a84a13cdbb5775e62d811dc690d9555c37f15f91767a561357df106eefe056e7360670650fb818fc6adc59973e9ad5cdcd809807ab56397f3c13948732d98d676f4a4470a95d8b518237e226f0cc5f4765164a5c3ef050714be02a126be8f66546481581b9e94a26aad24c693b7fdbc18acd3ed7cfc47d8ab26745d78e701d0cf05dd844b5b345a29dab684cbc5092ba022e3c582dfc044c3100ad02756697a849822915a16e2a2b810e6815f54421d2f3a6fff588c0d9013c76f33e09beaeef60d8774230e8ce7131289aef2a40686c819fb2040b06124d3d9aa419d56788f17fa7ed9b9b57ceaad1337a0101bea0440cff745ddd9722055d1f9bcfb009ce2c2f41a9e7e86806b872cdc2059bc8ec68f5ee56c4bacf4bbd30ea4c7155864d600c0e2eee73b319bda4372e9c603c772c25890c7610489989475d37a77a4574a2ba55bfd9c9cfd146fb97e6165dcc19559f4f85dfca2f97f3702ed8fa6b3c2a9741974aa07ab6: +b150a78929ed1eb93269213e1ebc22e2e40a601bdb005499b7beb058917c534028866b6d1c393cb08e464cf5571440a649e50642380ddf4ffb7ad150485c108e:28866b6d1c393cb08e464cf5571440a649e50642380ddf4ffb7ad150485c108e:1bf55d27f9dde6c4f1c0ddd360a25d9493c0ffdca74a7ed5e5a514e95515cda4aad8f45cd6ed7901f8f224a63b38121cbeac2f56dae210dd053750cb207514a8891e245a5d07e7de78a2e3814463f148d2acb7dc71f995c9299ad0d6266cfefc94269657fd47cf5312b92af2750651c479636c9d36aef08f7d1195e7fa1ba3abb5dcb90136b0fb9a37668b87a2db88d1e2b6440d3e6e601e6d4bc10cf1cbdf1d6169c0dc2c4aecdeb6cdd4567d4250b2afa715b166c9467f907d3fa5a6daf200b309c109376830499caf3149001cf3339448ca3d765225d6b3c1cd267cba936e7aa4832539466fd20cbb38323cbb2228a271f2d282561c73ed79a1ad04698e27efe393235f3456c295407da0960f0034d8deefd1c185736fd3eaf1f9a1e32f09174c1fe12720b7c96febdb33e01b1b6a1c637150194be4ffab159e45b24585576846bb64274eca7b39a3ed9357de7b084213024a9e8589263600a2867c2a7cf8b99076a12a07bd7df8d5277bb04ad72e639b77eaca1ec58ef9637e9a2376ba878a457235a06f78fdf0e0d925cb2fd2a38c77188f60372ef6009792424399c9b67928da2e3ba91cbde407e7e876ba98139ed22ca3b983bede0000528796448e4a1055acb2deaa56bc308254c5bd498c275ecedc1357efe1fda01d34d916dd4d8647e5771995a653e0f8a5284cc7bf73157b3349d59e6f920cad6cdd1719f038025c4300e0210ce249faf3c82de1fd1cdabe61c14ecb1df00c5c466aa6a012a9c10dcfe59b7e9d3b155dab6c7b7c1608c1edd51dbdadf6ba5876b5e60fdf7f19e6ef712cd1a7dd3a062a6574a7436b319efb944e4223f542b2502c1ba976be91e05b0f85a09fd793beca883375fb67cd133f5284d89984ff3cafa7e11a9d85e7893232a524ec54b20f975d3c0a1143a0ef41176b7051ea91d40c5f44fd9e100558bf1212a7b891e68b55ca61f4be945266d9a1007a14aaeb68c48e257f0f46310ad16481467ec1773535d5fc084915f5d004ba0dc7591d2123c62207909d84f2b382f5ef12759a95cd3f5189806e273960aee162c00f73e7fa59363957654bb1916b5709bb0a9d040514ae5284951e6b:276dd0962e6ee64f0592441a8af0e5ef8f93bf0baeba20504b9db4f95a00b939ea38def1c797862898cabe9dc4644f0e677e87c0a33b87b6a4d22a807d0e1e021bf55d27f9dde6c4f1c0ddd360a25d9493c0ffdca74a7ed5e5a514e95515cda4aad8f45cd6ed7901f8f224a63b38121cbeac2f56dae210dd053750cb207514a8891e245a5d07e7de78a2e3814463f148d2acb7dc71f995c9299ad0d6266cfefc94269657fd47cf5312b92af2750651c479636c9d36aef08f7d1195e7fa1ba3abb5dcb90136b0fb9a37668b87a2db88d1e2b6440d3e6e601e6d4bc10cf1cbdf1d6169c0dc2c4aecdeb6cdd4567d4250b2afa715b166c9467f907d3fa5a6daf200b309c109376830499caf3149001cf3339448ca3d765225d6b3c1cd267cba936e7aa4832539466fd20cbb38323cbb2228a271f2d282561c73ed79a1ad04698e27efe393235f3456c295407da0960f0034d8deefd1c185736fd3eaf1f9a1e32f09174c1fe12720b7c96febdb33e01b1b6a1c637150194be4ffab159e45b24585576846bb64274eca7b39a3ed9357de7b084213024a9e8589263600a2867c2a7cf8b99076a12a07bd7df8d5277bb04ad72e639b77eaca1ec58ef9637e9a2376ba878a457235a06f78fdf0e0d925cb2fd2a38c77188f60372ef6009792424399c9b67928da2e3ba91cbde407e7e876ba98139ed22ca3b983bede0000528796448e4a1055acb2deaa56bc308254c5bd498c275ecedc1357efe1fda01d34d916dd4d8647e5771995a653e0f8a5284cc7bf73157b3349d59e6f920cad6cdd1719f038025c4300e0210ce249faf3c82de1fd1cdabe61c14ecb1df00c5c466aa6a012a9c10dcfe59b7e9d3b155dab6c7b7c1608c1edd51dbdadf6ba5876b5e60fdf7f19e6ef712cd1a7dd3a062a6574a7436b319efb944e4223f542b2502c1ba976be91e05b0f85a09fd793beca883375fb67cd133f5284d89984ff3cafa7e11a9d85e7893232a524ec54b20f975d3c0a1143a0ef41176b7051ea91d40c5f44fd9e100558bf1212a7b891e68b55ca61f4be945266d9a1007a14aaeb68c48e257f0f46310ad16481467ec1773535d5fc084915f5d004ba0dc7591d2123c62207909d84f2b382f5ef12759a95cd3f5189806e273960aee162c00f73e7fa59363957654bb1916b5709bb0a9d040514ae5284951e6b: +9fc7c49cb8c4f0972d6ed970ae2c6ac337e675425cc8dce730fc41444302935d4782520b06f93344aa766780e54401363dfd7d967cc3bf06488af90920a30f85:4782520b06f93344aa766780e54401363dfd7d967cc3bf06488af90920a30f85:82bc2c700db222a4ac914aa2be8fa28e422067f94f3344f5362bebaabed7612b0e464a73a6c456903564b15393485140dd0f3aff90aa6e1661ddf682850d0490afc3d735dea05ba47c85d97e833533514c198b4cf6e66d360ee5bf00e14a3aab1ad0e7b8ab2aacc964d42830c78453df1955bbed1cd68ada3db0ecdb601ad7667d5c5e2fd49e36f7328eaa337dbd6ff70e7898a3f98c159d045a2427ade5333c88fc4afd3819dc82f4daa3c523cb57e35a2a5a725d63d402baef51e51f1ef4f8f9a595c9379c9aba873fb4e765a931da09148aba6ec5b44859b0e81ff9fc229598ac9fbdb0bdbddb5692a52222df52ea387bbbf36ad64d1946bd282e323ff4822ad9da897ff73f01b390cfe2e64de492d55de77f5d7d0060a6872a0183ccba610f53274ccb29ce6dce6a036c5317a1ed2a7c1068c1b246fc1d5881d00de06eb401cff95e6b69148699db13e94bb5b280212dff54c70e56de235a5f1400b5bea56772d060170f1d0657321561e4b49107eb96d9b3bc5adf451c2a524eba4db003b77b632a5d89827a6224cc798e096ba27fb33bf61e3b8eaf18d001ae8eb52f85c90d9e12544803e67ff02047e0d23c22e7f8b980c01c3d4824b2a9a14a2e8f672a7b0ce03bdbb3bd56d754a0964db01ca899d488001508657b7b022ccf042c38fc1949d0e00af4d301d4f00c3dea20e308a0f9dcacb43222b3824144af77be18a504aa8d268b8a5600725e7cc5f3a2e6256a8074d1aebca123ea53a0767a92e1783a4983c5ef3d7dd7f02aa9d1f4f9aac6ce254593f08792014fb867eaf879b88a4efb18e89ba11006ad09d85431cc26575b538d8e7890646c5988647cc105d582907ae625e09cd089f47249e81814da14044c7014e80e7a8e619c7b735f701616b6a3c6f492cdc6ed463e71a3d22291482d90a1de6f097c4ae254876184c562b16575b9d0d19313ed98864f49fe2e1d074a21211b2b2a6d27ddb28611520d5f7123058fd007bb01001def07b792bb05bb741c129c6a36376c3853b8bb4f66b5760c8eb4ecc7306ba3a90c70da47c965f6dccbdb61a7fda18ee967cf8c5f050311092d0fdeeaedd1265defdd660abe70:5c783a860aa668184dd22c4f9a546b5ec96ebad2e4af00f968c688671354e0cc9b572c73bc6f19937a05f1baf3434763965c96e103407f0eb642c5644154290b82bc2c700db222a4ac914aa2be8fa28e422067f94f3344f5362bebaabed7612b0e464a73a6c456903564b15393485140dd0f3aff90aa6e1661ddf682850d0490afc3d735dea05ba47c85d97e833533514c198b4cf6e66d360ee5bf00e14a3aab1ad0e7b8ab2aacc964d42830c78453df1955bbed1cd68ada3db0ecdb601ad7667d5c5e2fd49e36f7328eaa337dbd6ff70e7898a3f98c159d045a2427ade5333c88fc4afd3819dc82f4daa3c523cb57e35a2a5a725d63d402baef51e51f1ef4f8f9a595c9379c9aba873fb4e765a931da09148aba6ec5b44859b0e81ff9fc229598ac9fbdb0bdbddb5692a52222df52ea387bbbf36ad64d1946bd282e323ff4822ad9da897ff73f01b390cfe2e64de492d55de77f5d7d0060a6872a0183ccba610f53274ccb29ce6dce6a036c5317a1ed2a7c1068c1b246fc1d5881d00de06eb401cff95e6b69148699db13e94bb5b280212dff54c70e56de235a5f1400b5bea56772d060170f1d0657321561e4b49107eb96d9b3bc5adf451c2a524eba4db003b77b632a5d89827a6224cc798e096ba27fb33bf61e3b8eaf18d001ae8eb52f85c90d9e12544803e67ff02047e0d23c22e7f8b980c01c3d4824b2a9a14a2e8f672a7b0ce03bdbb3bd56d754a0964db01ca899d488001508657b7b022ccf042c38fc1949d0e00af4d301d4f00c3dea20e308a0f9dcacb43222b3824144af77be18a504aa8d268b8a5600725e7cc5f3a2e6256a8074d1aebca123ea53a0767a92e1783a4983c5ef3d7dd7f02aa9d1f4f9aac6ce254593f08792014fb867eaf879b88a4efb18e89ba11006ad09d85431cc26575b538d8e7890646c5988647cc105d582907ae625e09cd089f47249e81814da14044c7014e80e7a8e619c7b735f701616b6a3c6f492cdc6ed463e71a3d22291482d90a1de6f097c4ae254876184c562b16575b9d0d19313ed98864f49fe2e1d074a21211b2b2a6d27ddb28611520d5f7123058fd007bb01001def07b792bb05bb741c129c6a36376c3853b8bb4f66b5760c8eb4ecc7306ba3a90c70da47c965f6dccbdb61a7fda18ee967cf8c5f050311092d0fdeeaedd1265defdd660abe70: +08bf059b4da9aa7ffc702f5b2304c4f96ca49b7dabb6afb41dc91c0f00c65b78a6289ba28e80e8d1a319223e4165dc0bce7352aaf242f70cc968d21d77752832:a6289ba28e80e8d1a319223e4165dc0bce7352aaf242f70cc968d21d77752832:bd4fb28a1dd08b07ba66e17f0c4f21853fefef1c9d20ba7977f154641ea1a18becf6bbb80388886294e0756a3c508ffdfe90b51e1356d112d8cde5ee2cc6332e61d169ccc8cc934994f1bb560fa4660c0b0fd4e8149a225ed4883e68fbb69da7af8a524b17141ccb76b50cd8e1b67d3ce037ded7dfa59bc7c2674226ec7e07b78ea3f782fda3e5f1e9caeab608ca387c304654f801d00e10a7c29f4b0da3e5f89513a98037719a1aef4c2506c177af5451a00757a59f16229c4f4414df51580d48210dabc9377370b6068a88e81d3ad1bed4985155c3600ff48768b903022fe02ae480f2e6329f0bcc91d75f5c6a09fdf77bde90499f3ca395cb20062a0984ad6a0141fd01c2d54dfbb1ee584610640773439a1658d2c9f862f183bfefb033a3be271812f13c78704657e7fb4f850175fcd63d3e4405d192242c21f27c51477f3211a9ce248e892b42fb6d85820f41b897836f20f85a1311534b5c404f8b7a4a0319bc6cecaa57fe4d4f20607c99c2df22fa0676f99d1bd87886c928c4988c6e78c57d758330e6922cbe03c10340253d0dd483792ce75e6cd09d12fbbb041f0205e65ad25ce7c1b24e77ee8d6f915e3bc3e10d09fbd387a84bdaabfd1cedb52c0b1733b5f47088c0d35e0ef458c85414c2b04c2d29f63f77586131ee65530f209b518a0f257a0746bbd5fe0a2e0c388a6c480e1b60714fee1c5941bb4e13f707eac487a9666a723b5793134a268b77597786c3a3193b46d355dd0895fc6216c536a542ffd7d7b08010c86f547a5daa38335a8bfa2655d5f71b4d8807f50c8545c583dd0b690022ee65873aea3e8f1a565f3b0e4e0295fb0d321f5c0b397f2fd0528f86a0d1b707f737b175c69e9e7ae3c84d4b2cf3a38a631aa8032b3e65bb4528f66d0bfd34473ed0101d2a61255b215bc1cbab9a26d2b969324b77c8a5464e5b23df6c5112f9d17c587d95559de212ad241d8b126050e5fddfcc839a7e5aa2fda1ca20c0910d863418f195b38adfcc36e92f2396ac3144b537b30fbe4dde614902f89978b7fb42cd99f13d99c45c734fb82c3259f90b88fd52bdcb88f7eeecdde4c243d880bac7614e15cf8db5993ffa:e24765860137689aad50ebeefc8d6db8e936a4cba62ce87a7f580209384a9d7eec9070905f60ad63a7befd7c70f0ae7c8109169aee4e518fcebfaca723c5b207bd4fb28a1dd08b07ba66e17f0c4f21853fefef1c9d20ba7977f154641ea1a18becf6bbb80388886294e0756a3c508ffdfe90b51e1356d112d8cde5ee2cc6332e61d169ccc8cc934994f1bb560fa4660c0b0fd4e8149a225ed4883e68fbb69da7af8a524b17141ccb76b50cd8e1b67d3ce037ded7dfa59bc7c2674226ec7e07b78ea3f782fda3e5f1e9caeab608ca387c304654f801d00e10a7c29f4b0da3e5f89513a98037719a1aef4c2506c177af5451a00757a59f16229c4f4414df51580d48210dabc9377370b6068a88e81d3ad1bed4985155c3600ff48768b903022fe02ae480f2e6329f0bcc91d75f5c6a09fdf77bde90499f3ca395cb20062a0984ad6a0141fd01c2d54dfbb1ee584610640773439a1658d2c9f862f183bfefb033a3be271812f13c78704657e7fb4f850175fcd63d3e4405d192242c21f27c51477f3211a9ce248e892b42fb6d85820f41b897836f20f85a1311534b5c404f8b7a4a0319bc6cecaa57fe4d4f20607c99c2df22fa0676f99d1bd87886c928c4988c6e78c57d758330e6922cbe03c10340253d0dd483792ce75e6cd09d12fbbb041f0205e65ad25ce7c1b24e77ee8d6f915e3bc3e10d09fbd387a84bdaabfd1cedb52c0b1733b5f47088c0d35e0ef458c85414c2b04c2d29f63f77586131ee65530f209b518a0f257a0746bbd5fe0a2e0c388a6c480e1b60714fee1c5941bb4e13f707eac487a9666a723b5793134a268b77597786c3a3193b46d355dd0895fc6216c536a542ffd7d7b08010c86f547a5daa38335a8bfa2655d5f71b4d8807f50c8545c583dd0b690022ee65873aea3e8f1a565f3b0e4e0295fb0d321f5c0b397f2fd0528f86a0d1b707f737b175c69e9e7ae3c84d4b2cf3a38a631aa8032b3e65bb4528f66d0bfd34473ed0101d2a61255b215bc1cbab9a26d2b969324b77c8a5464e5b23df6c5112f9d17c587d95559de212ad241d8b126050e5fddfcc839a7e5aa2fda1ca20c0910d863418f195b38adfcc36e92f2396ac3144b537b30fbe4dde614902f89978b7fb42cd99f13d99c45c734fb82c3259f90b88fd52bdcb88f7eeecdde4c243d880bac7614e15cf8db5993ffa: +dbbd0f7ecb6482cb01c4dbdc3893c0db81e831353a5b01cc75d3b11f2ff3c59c2d4e588d31a384b17858c0d784f6712bafd0b41204cf8f0d57973e59c770d3da:2d4e588d31a384b17858c0d784f6712bafd0b41204cf8f0d57973e59c770d3da:e0fff35975eba78da2b0ffcc5c1b663600888e8255cd208f6dce7e88953b7142937389a337ae82f4cfe32fcb34f552a48fa8899e1a659e3ed3d3d290efc9a0f7dedf33e21d048d8d910757037b76e8a7ee9e4eca30f529ddc02ceffc26d64fda7303cc0d8940e9ef59dc983c12ccd1d2717e64d3006af82ab15bb878bb89d1758be44310420638b96a0b5e1e65009d69395d027a5da4a85e901be9aa2c0b3acc508ee18574c1b2fa9bd5d7ae7c7d830712da5cbf26be09a3128470a12a14909a80a266659befda548fd2b22f24c5fdc206ed3a4e75f5320682ed0e4ce817d63d5c7f1ee2b440643355be6542f59dc6c45ab15772f2219a812ef7527642015bc75fe45ba969e8100c268e24ceef9205a83a3f7b5ae800ad06e095b9b139219489793a7bce84ebeb654ab6669e2855ccbeb694dd48651505b959d32a77020b869533e3256d40685a6120bab794485b32e1169256fb188fe76e04e9efa6d10d286ae86d6f1c87e8fc73ad9b59fe0c27ee92a46415b39d786d66325d7fa6fda712f199da554fc1c89944a4e84c196e979a807553718cb81c076e511e609d5cac23d8f45b38b94bcfcf158d0d61602238d52e3ae84c815322f534f254e63389ae155dee2fa93396f0ea499d5d08c2475908c648bddcee591e1337e9421dc5a257ce89ccce4ceea809d7e87134e039db1be598196d3089fdcfa8978e02c1555832da0a72b08ad07cdd072627409c873937b0e835715baaf2608b2395327467cf69a1cdcce6372418383e7b89c8df4d531f585149509ead1e41b6627fea81c7958cb49d2d3c3e2fc691e0b8cf72679c08b8904654531bc4368fb617ac7557d9db8d329d77e48d8fb4de73abe7cb9388274af585f875c0dab793e4353518bb24695342af0f5df5be4e9c7ad215be90e25540da3489717dd3d29254585a45c13e6dcc7e9c8a3a79ff755cbe465b25e23a1da608e1084fec83bff80cfb7442b1460187307acd75e3f2d12843a77094acc32888fbe5f1fc24c615d19a065391d4176474644246b5343da77626a2d483fe204f839328775b71a4cb567273e169640af93dde3eca9116f400e23a7ad3d8fc3a28e565f125d6:96c00361fb71c52305e1ab7707e0465203eb13df3e0655f095fb331942a40b15584143b370a7dd5761fb03c075d04a8348661ccea9ada53365b500087d57ec0ce0fff35975eba78da2b0ffcc5c1b663600888e8255cd208f6dce7e88953b7142937389a337ae82f4cfe32fcb34f552a48fa8899e1a659e3ed3d3d290efc9a0f7dedf33e21d048d8d910757037b76e8a7ee9e4eca30f529ddc02ceffc26d64fda7303cc0d8940e9ef59dc983c12ccd1d2717e64d3006af82ab15bb878bb89d1758be44310420638b96a0b5e1e65009d69395d027a5da4a85e901be9aa2c0b3acc508ee18574c1b2fa9bd5d7ae7c7d830712da5cbf26be09a3128470a12a14909a80a266659befda548fd2b22f24c5fdc206ed3a4e75f5320682ed0e4ce817d63d5c7f1ee2b440643355be6542f59dc6c45ab15772f2219a812ef7527642015bc75fe45ba969e8100c268e24ceef9205a83a3f7b5ae800ad06e095b9b139219489793a7bce84ebeb654ab6669e2855ccbeb694dd48651505b959d32a77020b869533e3256d40685a6120bab794485b32e1169256fb188fe76e04e9efa6d10d286ae86d6f1c87e8fc73ad9b59fe0c27ee92a46415b39d786d66325d7fa6fda712f199da554fc1c89944a4e84c196e979a807553718cb81c076e511e609d5cac23d8f45b38b94bcfcf158d0d61602238d52e3ae84c815322f534f254e63389ae155dee2fa93396f0ea499d5d08c2475908c648bddcee591e1337e9421dc5a257ce89ccce4ceea809d7e87134e039db1be598196d3089fdcfa8978e02c1555832da0a72b08ad07cdd072627409c873937b0e835715baaf2608b2395327467cf69a1cdcce6372418383e7b89c8df4d531f585149509ead1e41b6627fea81c7958cb49d2d3c3e2fc691e0b8cf72679c08b8904654531bc4368fb617ac7557d9db8d329d77e48d8fb4de73abe7cb9388274af585f875c0dab793e4353518bb24695342af0f5df5be4e9c7ad215be90e25540da3489717dd3d29254585a45c13e6dcc7e9c8a3a79ff755cbe465b25e23a1da608e1084fec83bff80cfb7442b1460187307acd75e3f2d12843a77094acc32888fbe5f1fc24c615d19a065391d4176474644246b5343da77626a2d483fe204f839328775b71a4cb567273e169640af93dde3eca9116f400e23a7ad3d8fc3a28e565f125d6: +748bb3cd477137bc880ea7c61df25c1dac6ebec9e6c3193d81ffa6f7a81ec667106f28cfedf096454226b3b01fc24ab1c9bbd7f2b0973e56fe2f4c56a0b1475b:106f28cfedf096454226b3b01fc24ab1c9bbd7f2b0973e56fe2f4c56a0b1475b:00de6d990c84338a398fda5f4a2cca733c56b2a2ea396c2fe667c268e38145878539bd41bc140a2cdfe7e18360411048cca60f35ce510991df261cbf669039d9d25687a07fc0476a41f50eccf38153ee6ae9ffd392b2bec0cc67101ec3696d7a2ec8cbd447b6a6ea063d33ec128ae8b57577dee17b97162563f15e42b55ca4bedbdfb631a9f6262f94ae35bb35f795c35a01dedb4645a73cfa6ed9ee521e4631fb17bbc06ee57316be527427c8aa55c631187462d4b2c8822ca4e18b7a5d4c114c11dc22069bc832656d5f4d39548718c51f5e4fc828f60e37f01307505265acb22d5e8d767b9aa7b866a157c643873e09084a1a404a7bb58ccc4b5a390fd30601c896935e3556f60d2dc6bdffe47da0a687c8ece1241ff6c07d776111ca6598fca968cb6afa0a14a34ab8f54b95d3d8473a174bc725523f8674dfb2b10f874207fee1b08b42da1f58655305a359757aa0251f14138eedbc280cbd385bf4bbf5530114cc43b0474779e204962f8560d4aa423e17e6aecace66c813784f6c898b5b9cb746a9e01fbc6bb5c660f3e138574f59b9745445486c422bc06a10cc8cc9bc56458ef85e0e8a027cb0617d0337ddda50220b22c5c398f5ce05ec32f09b090f7cf6c60f818c6b4c6830983e91c6eadf1eae4d54bde754f75d450ae73129f6c4ff5c4c606f7cadbf4f78a18db2961cc8c8ddab0578cfedfcf95ef0888afd385537d1d0a07648a5ce2522d0633507d77593e1a0366d1ece843de69867d7ac442ba7dad2a90b59d8984e4a946bbe5f172da427638b2b61209041fff50e60ec02ec2c0b1dc4be2edd13e87b64d1d1663114573cf58a17739f463a1c3d6b2123390183b505c8eeffb20539bdfeeb40776d20c459bac4569968fcafe44ea4cd624a84bfccd7876dd7bf55f83ac7040e30f326dce325588e1ba5bc0790265dfdba09839eef571641e8a1234b6cfc3a36a866bd6b92cd71ec74e0d4deb9e74d158201aa502f07c8ba348ac26aaf9b3d070c9a40b52a44e932552b67a2df05a7f0f03c617b48dc2782366a231e0c4e3938a4274b36aa9450ff936be132dcb692838d654c94542c6e047a7f78ba711919f908a15b30b9:e13ca8e5ce7c268090908d61cf2f0a3e4572412bf5adfc5addfe88556f148b5fcbe3e1bc65ff16117d35c9d5dc3b117198f884925b4035b2c0de6c402ed47a0100de6d990c84338a398fda5f4a2cca733c56b2a2ea396c2fe667c268e38145878539bd41bc140a2cdfe7e18360411048cca60f35ce510991df261cbf669039d9d25687a07fc0476a41f50eccf38153ee6ae9ffd392b2bec0cc67101ec3696d7a2ec8cbd447b6a6ea063d33ec128ae8b57577dee17b97162563f15e42b55ca4bedbdfb631a9f6262f94ae35bb35f795c35a01dedb4645a73cfa6ed9ee521e4631fb17bbc06ee57316be527427c8aa55c631187462d4b2c8822ca4e18b7a5d4c114c11dc22069bc832656d5f4d39548718c51f5e4fc828f60e37f01307505265acb22d5e8d767b9aa7b866a157c643873e09084a1a404a7bb58ccc4b5a390fd30601c896935e3556f60d2dc6bdffe47da0a687c8ece1241ff6c07d776111ca6598fca968cb6afa0a14a34ab8f54b95d3d8473a174bc725523f8674dfb2b10f874207fee1b08b42da1f58655305a359757aa0251f14138eedbc280cbd385bf4bbf5530114cc43b0474779e204962f8560d4aa423e17e6aecace66c813784f6c898b5b9cb746a9e01fbc6bb5c660f3e138574f59b9745445486c422bc06a10cc8cc9bc56458ef85e0e8a027cb0617d0337ddda50220b22c5c398f5ce05ec32f09b090f7cf6c60f818c6b4c6830983e91c6eadf1eae4d54bde754f75d450ae73129f6c4ff5c4c606f7cadbf4f78a18db2961cc8c8ddab0578cfedfcf95ef0888afd385537d1d0a07648a5ce2522d0633507d77593e1a0366d1ece843de69867d7ac442ba7dad2a90b59d8984e4a946bbe5f172da427638b2b61209041fff50e60ec02ec2c0b1dc4be2edd13e87b64d1d1663114573cf58a17739f463a1c3d6b2123390183b505c8eeffb20539bdfeeb40776d20c459bac4569968fcafe44ea4cd624a84bfccd7876dd7bf55f83ac7040e30f326dce325588e1ba5bc0790265dfdba09839eef571641e8a1234b6cfc3a36a866bd6b92cd71ec74e0d4deb9e74d158201aa502f07c8ba348ac26aaf9b3d070c9a40b52a44e932552b67a2df05a7f0f03c617b48dc2782366a231e0c4e3938a4274b36aa9450ff936be132dcb692838d654c94542c6e047a7f78ba711919f908a15b30b9: +393d44dd0ded71fc08477bd25ed0e6629fa7f88f082ebcef091898e5c9e3d5b8c52a993b802d84540d275479a1af5e287d19ea13b380fa3068d2f2c68eb97a09:c52a993b802d84540d275479a1af5e287d19ea13b380fa3068d2f2c68eb97a09:142b6e82501362d55a04b89d541a796863d7783840d34cbdfc516a3c84772f92446f5f0df4c45c6e0dc8ec1e9bb0ff7ec1696a09cd7ae34c10f8e61a9acabd4303f0a9247237621c490e8d9d0fe44482c560d051b82b074ac3d8e49bb2ac715ac4cde3d4709d0ea3afc51bfdef4b656771fbd55f89da9fa6dcaa62cbae561208d98cfa24cb81252b895f6a4a92c8e407af6c1f1ef49d8dde154fbcb1ca457a204b5ea5432e4d71fb7eb24d43f6fe25e7b4c659b0eebc4cbcc8b3cfde07c8f07b18a51570e7163e33b317b61360f9ce08d95de2c3156af1ccc9b55bcf81eabf3c40434046bbe82e02992a2ac8b3b425680a23d934726cb1b7bf26ceb52a39022c00acf425257167b821185f68e3ed17903d8d22275498c39a9e8df884ec00558dcfa43b8a119c2e853b9a0318bbea087f9cec17ca49b70817b8d7c170a8906f3ee9e8f8cb27a1d0f575abfa627e88f08ca4b93c3297c4f317072f421c5e602e2f831dfb82551bdce8d71216f05cf9a2773b90fc93b9d855a91e35ade332a5061fdb82b309bab4f56e2d586a84c67481d1902c261b3f97dc30b184619df9fdfc7a329d061a41df332202133d8eaeeddb4cfcee53536e07aad11553dcf5ed1e949d45355f9ef42c7832b0de7c2f1526fbef86b63649b6b85ae5ca86f0cea6df9c126c1d79489cc3bfc6e8bf0346eb30d01643c010150c5c8d0eb5010a46112215137991085e57493b22e83526b7b172c6c7341c40321e9ceb7c82bfbaa48f3bd8f51372d96d47444ff0d8bb2e5fd26514eb639105e33895fdc41f6df1fbfdcb08466ec2d217fc99fb012fe6540c0c5a5966ed3e66fab1202ab9daffe8e27e8f7462828d662659ea3b2c608cf68e30dbac62ffd8229f4a53f59ae16833b81a159161f19369f60f51c43a217efc5efd6ab7a91fe249c7b8a0c14e9faea533de133849a92447676f6cc18bef4fec7f37319759ce80ea3eac18fa2d9fa02309e1ce93ac6cf4cd2cb2c95f1e2aff7b2a8856405a7b8ebabeb4906d9b9734da9fb5e5d3f322bb5b559fa61ec8f515db9065ab4b91a7a31d5c625061c2fd2bcfe17f94bbde4776302b8aef3d5b52db3bc73ae4a30cc4417acb:84c716e60de67b020cc1a6a24e6549fe56c6d941a8edeae407626666c31cb60dee6be5a71ebd76baf71b75114bccfd37d163a968bbeec1f76972151296c47e07142b6e82501362d55a04b89d541a796863d7783840d34cbdfc516a3c84772f92446f5f0df4c45c6e0dc8ec1e9bb0ff7ec1696a09cd7ae34c10f8e61a9acabd4303f0a9247237621c490e8d9d0fe44482c560d051b82b074ac3d8e49bb2ac715ac4cde3d4709d0ea3afc51bfdef4b656771fbd55f89da9fa6dcaa62cbae561208d98cfa24cb81252b895f6a4a92c8e407af6c1f1ef49d8dde154fbcb1ca457a204b5ea5432e4d71fb7eb24d43f6fe25e7b4c659b0eebc4cbcc8b3cfde07c8f07b18a51570e7163e33b317b61360f9ce08d95de2c3156af1ccc9b55bcf81eabf3c40434046bbe82e02992a2ac8b3b425680a23d934726cb1b7bf26ceb52a39022c00acf425257167b821185f68e3ed17903d8d22275498c39a9e8df884ec00558dcfa43b8a119c2e853b9a0318bbea087f9cec17ca49b70817b8d7c170a8906f3ee9e8f8cb27a1d0f575abfa627e88f08ca4b93c3297c4f317072f421c5e602e2f831dfb82551bdce8d71216f05cf9a2773b90fc93b9d855a91e35ade332a5061fdb82b309bab4f56e2d586a84c67481d1902c261b3f97dc30b184619df9fdfc7a329d061a41df332202133d8eaeeddb4cfcee53536e07aad11553dcf5ed1e949d45355f9ef42c7832b0de7c2f1526fbef86b63649b6b85ae5ca86f0cea6df9c126c1d79489cc3bfc6e8bf0346eb30d01643c010150c5c8d0eb5010a46112215137991085e57493b22e83526b7b172c6c7341c40321e9ceb7c82bfbaa48f3bd8f51372d96d47444ff0d8bb2e5fd26514eb639105e33895fdc41f6df1fbfdcb08466ec2d217fc99fb012fe6540c0c5a5966ed3e66fab1202ab9daffe8e27e8f7462828d662659ea3b2c608cf68e30dbac62ffd8229f4a53f59ae16833b81a159161f19369f60f51c43a217efc5efd6ab7a91fe249c7b8a0c14e9faea533de133849a92447676f6cc18bef4fec7f37319759ce80ea3eac18fa2d9fa02309e1ce93ac6cf4cd2cb2c95f1e2aff7b2a8856405a7b8ebabeb4906d9b9734da9fb5e5d3f322bb5b559fa61ec8f515db9065ab4b91a7a31d5c625061c2fd2bcfe17f94bbde4776302b8aef3d5b52db3bc73ae4a30cc4417acb: +71193640a0a2b22fb22d00a80b33a5514f3d1000034fccd885d8ea8638f0b0f8b1d36f723b7086d923119f46759b39fa1e4038c6418c379ba98b5840c7ea5068:b1d36f723b7086d923119f46759b39fa1e4038c6418c379ba98b5840c7ea5068:e0287948bb85a398e6affa2d25fcff8bdb9326f5d14fdeb60549f5fbf0c1816f11cbdd4e90fea039dca60faad1696003f91515c9b272882c95c9a4ab6e2777bd927e7d8442aea6cea619c9b15255fed612b5cc3158fc705bb7a506f4afecf4e34ed517b2c12b8362610e5ea270485cccb3c9aa97ecd6cb19630900f07d94cb293cb6e089a9a77c0194073a7f7177b0230d25763a2ef98d47704cb2c3af4c3c1b495631b4a5b21b2e56bff2ede03ea4fe7cf82917347e3a9d4dbeef37d1cf17615adaa0fd17057969917d478d03ccd8f8b88e5e5acae6732a8161dfb5f7d02123c8d5a565cf4dd98dfc9aaf5a335058a941ca43073f2659615a72fe78c101c41aed07f3bcf980b0a5b3fbafdbbea92fd889cfd53d403278bc15a59aa140c2d773b8889b963dcea365362e426ef4609845c9bce9f8aeb591d1a469b072b41209f5a8b6dc2395ad9060eb2e370978ae3311d1cf0a8f205142d436bab6b95943a97c23e61bd14b2d95672cb9325e9ab1fc9eeeaaccd58b9f4ac1550bdec8449b036039496c5f07a5ed64d5d85171690144db5c81c81cbc4c16718d52c4dfd1958ca5c9c8ba582cd9d706f27a74744c3a05bf1ccd51f1092010d36f1578b578ae0e9ffa47079055ef94fabc9ff72f738bef68461eb3404ccee953f5ee864c974ce70e9037e3388fbaf2889e1366caa0f651e21b339e3d56b9d95ac30b3592a948912c90bf54473cebc467b09a3943dcac4868acb5b35ea691eff4d8cc1cda0c6c0a9c169a4ee10041f35f433fb53d26067b291056b1da69ff46fbea1ca7213659a990d5d5df1406b093da2a33c8df95ab3ce811afb9c98c5bfd7c4e981b3ea94eefd2e2fe95707d89f307fa76828b5c6774950aee80626714256e197dc7da972158c768bbee7fbd169ec15b4bb7be72976dbed3e512766ef22ef3b812bcac4aa3115afe83d31284af8eacea4ee49afd42d9c44fff2d861c08629b55dae00ff674fb028e738b05dcb38aeaa6963cc3faafc7b69245a2a122a96dd2f03a824d72b0fe0dd798df5c4bb75a87324e764a50a5ff52547ada8f8f88e6f38aee49d58ddb012648854cd59d0ec97bc3d58d0ad4491f08590767ceb1:a9702a3395acd20d754373095dc61445584d8e571080e179adcba3106bb06a7ce4d460f1261aef8643ab1634f47c9414a32e183a327691e65843dd6c05507207e0287948bb85a398e6affa2d25fcff8bdb9326f5d14fdeb60549f5fbf0c1816f11cbdd4e90fea039dca60faad1696003f91515c9b272882c95c9a4ab6e2777bd927e7d8442aea6cea619c9b15255fed612b5cc3158fc705bb7a506f4afecf4e34ed517b2c12b8362610e5ea270485cccb3c9aa97ecd6cb19630900f07d94cb293cb6e089a9a77c0194073a7f7177b0230d25763a2ef98d47704cb2c3af4c3c1b495631b4a5b21b2e56bff2ede03ea4fe7cf82917347e3a9d4dbeef37d1cf17615adaa0fd17057969917d478d03ccd8f8b88e5e5acae6732a8161dfb5f7d02123c8d5a565cf4dd98dfc9aaf5a335058a941ca43073f2659615a72fe78c101c41aed07f3bcf980b0a5b3fbafdbbea92fd889cfd53d403278bc15a59aa140c2d773b8889b963dcea365362e426ef4609845c9bce9f8aeb591d1a469b072b41209f5a8b6dc2395ad9060eb2e370978ae3311d1cf0a8f205142d436bab6b95943a97c23e61bd14b2d95672cb9325e9ab1fc9eeeaaccd58b9f4ac1550bdec8449b036039496c5f07a5ed64d5d85171690144db5c81c81cbc4c16718d52c4dfd1958ca5c9c8ba582cd9d706f27a74744c3a05bf1ccd51f1092010d36f1578b578ae0e9ffa47079055ef94fabc9ff72f738bef68461eb3404ccee953f5ee864c974ce70e9037e3388fbaf2889e1366caa0f651e21b339e3d56b9d95ac30b3592a948912c90bf54473cebc467b09a3943dcac4868acb5b35ea691eff4d8cc1cda0c6c0a9c169a4ee10041f35f433fb53d26067b291056b1da69ff46fbea1ca7213659a990d5d5df1406b093da2a33c8df95ab3ce811afb9c98c5bfd7c4e981b3ea94eefd2e2fe95707d89f307fa76828b5c6774950aee80626714256e197dc7da972158c768bbee7fbd169ec15b4bb7be72976dbed3e512766ef22ef3b812bcac4aa3115afe83d31284af8eacea4ee49afd42d9c44fff2d861c08629b55dae00ff674fb028e738b05dcb38aeaa6963cc3faafc7b69245a2a122a96dd2f03a824d72b0fe0dd798df5c4bb75a87324e764a50a5ff52547ada8f8f88e6f38aee49d58ddb012648854cd59d0ec97bc3d58d0ad4491f08590767ceb1: +bfc9626c91f348fdaf469def2302e9e38f9051e7349e48f850cf352a8331a28b4e8193061c9d65a82bcb25da089b4a80ba41b3dd2f8ed1dc81e1cfd03c849115:4e8193061c9d65a82bcb25da089b4a80ba41b3dd2f8ed1dc81e1cfd03c849115:2f11f40b2a19f640c0044c7b139680c3c3b69f00ff9f6a4186fd7ded569c1d8c5720f19dd35c7816d08a94c08204e47643e264d425e21cefb83129c909a3d78caf72c46bf1a729765ef4b8ca803fdaf8052ffc6cc4a6b579a160b703b15355c6fcd3b9a2ecbc267e60dd59f6a2b19420e55727a80b0bb64167c83ba0c805deed491d93e723f3b43263d17420b85be86c165c552779db960e0aa9eb4d9f3a164a5a21fab3f509a8f0199a6943c4b223cf9daca7e110e056a81d9ce0e0c02ac265eeac05ecd84448468a4d122b87a3e04c2837e43d212704fd41e7f3d198a2e76beca0e7029c432a0654ecd44f984c5df06741964d8372c86e162a8c5418849b41e571feb83eb42fbbcddb8a082143909eaa5012b979931dc7e3cccb44c791e04b8065ee63f0561da1bbf37bf6503477879cfbaf6d9d7d9a7475553f53535f847a76dc3b2b7a3d1d470bbe17124a88e03fe994ba10c24221e39e3d0ff53c79e2faafa19012d5ef192bc6d5260b66f997b644cf48d99f3899d7c485e684aa1e6e30855cf75c2d80c7a3ee4354fe13c676091c8667373d30e60ff8e09fedef175a1a87395fefa0722bf6c01c6555cff068892afe9486cb1fcc5fb6641e82d87079ba5d7a9c139355d6c14c507dbd594724b55351100965be9e5dbfa7708878c4b29f4d54c217746e326ab2a54f99b881d7da5b11edb08a6d79d885691b1f7085517310b309cf9b1b714aabc5c17a509b140b89b3f9dcee50cab441bf5ad3bbc29990f627406170a7a10f2d47dfc9256154f962308e769a2ab1b2a00e27e327f0d1fa164d1e38ead5ceaae238ba526f54b81b45dea6c8974186b1b6725fa4c83e62f3e254f729871bda4dc444bce78f0903fa318eaac822a95532ab019e9cfc5619e2c2067f258f4375d2e0222ea5bf96a253a2a3fa9eea02c3eeccb028c76bc60d38298b95b9afe66031b1a2a26152fdaa7ef4f837abb51185df8b2ef85ad2c9be6dfba75e37dc7d12e1787fc55f866fd066f12291dff1976afc10da913101e70495d8783348d611b011ec671c0da737bf962cdcc9e4a800b513935a56d084ea64a7d4e8e99ee9440a736132e42c909503c2224a141b25ce:660242c1dcf3291369c65c9d7f89872eab482200e344b296e336a0a2e631fa796024b6e1119c27d52264a49815dd781927a7df467e88b801e684fc602296250e2f11f40b2a19f640c0044c7b139680c3c3b69f00ff9f6a4186fd7ded569c1d8c5720f19dd35c7816d08a94c08204e47643e264d425e21cefb83129c909a3d78caf72c46bf1a729765ef4b8ca803fdaf8052ffc6cc4a6b579a160b703b15355c6fcd3b9a2ecbc267e60dd59f6a2b19420e55727a80b0bb64167c83ba0c805deed491d93e723f3b43263d17420b85be86c165c552779db960e0aa9eb4d9f3a164a5a21fab3f509a8f0199a6943c4b223cf9daca7e110e056a81d9ce0e0c02ac265eeac05ecd84448468a4d122b87a3e04c2837e43d212704fd41e7f3d198a2e76beca0e7029c432a0654ecd44f984c5df06741964d8372c86e162a8c5418849b41e571feb83eb42fbbcddb8a082143909eaa5012b979931dc7e3cccb44c791e04b8065ee63f0561da1bbf37bf6503477879cfbaf6d9d7d9a7475553f53535f847a76dc3b2b7a3d1d470bbe17124a88e03fe994ba10c24221e39e3d0ff53c79e2faafa19012d5ef192bc6d5260b66f997b644cf48d99f3899d7c485e684aa1e6e30855cf75c2d80c7a3ee4354fe13c676091c8667373d30e60ff8e09fedef175a1a87395fefa0722bf6c01c6555cff068892afe9486cb1fcc5fb6641e82d87079ba5d7a9c139355d6c14c507dbd594724b55351100965be9e5dbfa7708878c4b29f4d54c217746e326ab2a54f99b881d7da5b11edb08a6d79d885691b1f7085517310b309cf9b1b714aabc5c17a509b140b89b3f9dcee50cab441bf5ad3bbc29990f627406170a7a10f2d47dfc9256154f962308e769a2ab1b2a00e27e327f0d1fa164d1e38ead5ceaae238ba526f54b81b45dea6c8974186b1b6725fa4c83e62f3e254f729871bda4dc444bce78f0903fa318eaac822a95532ab019e9cfc5619e2c2067f258f4375d2e0222ea5bf96a253a2a3fa9eea02c3eeccb028c76bc60d38298b95b9afe66031b1a2a26152fdaa7ef4f837abb51185df8b2ef85ad2c9be6dfba75e37dc7d12e1787fc55f866fd066f12291dff1976afc10da913101e70495d8783348d611b011ec671c0da737bf962cdcc9e4a800b513935a56d084ea64a7d4e8e99ee9440a736132e42c909503c2224a141b25ce: +393b769482375b821427a66d16e4f55185b7a3b7338f1a06f67cdfa7e35c541c84afd70678ffa85a9f6574cbcfe3b15d04a9fd15016ff8550a987c4b951c7122:84afd70678ffa85a9f6574cbcfe3b15d04a9fd15016ff8550a987c4b951c7122:8ae8053e03bebeae544043b8414b385364add1673737cf8ab20193d4aabc8a78e1d69b9c7e52729e69307806e927ce3807b07c68c833c4fcf16db15e7dce604d1798915fd4211689b4864642502d38e91b1997b71823318b69abe5bed6f5e3015bfb22df30db371f2260c5c22eba60df39b3edd3c4d7a1e111cd9b8aa46f67bd0cf3a717af06ec0ce567028e06e4797934ad69b1f5be440ff37a8a034b1533fa946424ac595400ad27d3be76dc89ba9d6c49939a09f2e401c8f20f7f7b4b9e63b9d55201534ab4cc7be885f0432a2c6673d2e765194dffd9b6096dd2b2843918750959a8dde4a3ab407eb2f7e1a49c2597e30805f8480dd0cc8272a320c00aa2b210f576e42577d3aa419703697ca406d43a1a4f99b0733664f6d6b2403cba1bdcc51f541cf24236070570540755c7a8631fcc2f18938fa11bc291155b39d7a762a1ff4dca97b448f70e2d3de447cb08f918ea20cb433fa115e30880c96c8cf5f0ebbcf482309db6dc1fb64e17c04d7cdf7a90f4014d15ae7696b44423b0ba084eed4d3fb28c1efb39828aca2f40ca6df342c20e95f8006b2767a83f50c31fcc1581a09753e78291f0d9931d992ad3604473ceb885ecbe7857cc52ad5585334d1485d022e106b71c29bdfcf23ee8a475df2c090532356a6ffc02232317988a2cbcfbc2a36b4b483cb44510e85599b612596b626572b0996d8a61c0ee3efff1f7c71c05fb5a8d8c5d09d924ebaac8800451c9db2456710a279dfe2d22f6aea9de31801dc742534362b0e810e99e841dbb7f0cf9af1aef542a52c776cc51f287368fbe6ad651fad5787ef77c73535f3dfb3618cc8f0dbb549ddca9b9bf91135a3456001a46215ade388e7ceb9fcdfd0d2d0a0356afbe2cec1c2e78b4d998d4554f4621f1151dd3ffd3ba4c0bc852f311758c5dca425d18ba15a8d67ca401d0e6cf280cb88384a2dad49fae39ba2a77b467b3238aa28cfd137e5c5c0ff9000f8b06a2192e162920692265db24ab6aede535e31c2093be57ebf8805df1788914f3a884f884179015808db4d3020f3e78bc34285d233762e899ebff28428215e244404de291728fbf4124ce5b2435260a8e341180075a5651e6:31f98c0a08fda8e735b57366aa1b83b93dae63b5810c821d99cb39df521feac07f3c410b27ba3307757d6049f22454fb6de9e2c3c2438d68319097d112cfdb078ae8053e03bebeae544043b8414b385364add1673737cf8ab20193d4aabc8a78e1d69b9c7e52729e69307806e927ce3807b07c68c833c4fcf16db15e7dce604d1798915fd4211689b4864642502d38e91b1997b71823318b69abe5bed6f5e3015bfb22df30db371f2260c5c22eba60df39b3edd3c4d7a1e111cd9b8aa46f67bd0cf3a717af06ec0ce567028e06e4797934ad69b1f5be440ff37a8a034b1533fa946424ac595400ad27d3be76dc89ba9d6c49939a09f2e401c8f20f7f7b4b9e63b9d55201534ab4cc7be885f0432a2c6673d2e765194dffd9b6096dd2b2843918750959a8dde4a3ab407eb2f7e1a49c2597e30805f8480dd0cc8272a320c00aa2b210f576e42577d3aa419703697ca406d43a1a4f99b0733664f6d6b2403cba1bdcc51f541cf24236070570540755c7a8631fcc2f18938fa11bc291155b39d7a762a1ff4dca97b448f70e2d3de447cb08f918ea20cb433fa115e30880c96c8cf5f0ebbcf482309db6dc1fb64e17c04d7cdf7a90f4014d15ae7696b44423b0ba084eed4d3fb28c1efb39828aca2f40ca6df342c20e95f8006b2767a83f50c31fcc1581a09753e78291f0d9931d992ad3604473ceb885ecbe7857cc52ad5585334d1485d022e106b71c29bdfcf23ee8a475df2c090532356a6ffc02232317988a2cbcfbc2a36b4b483cb44510e85599b612596b626572b0996d8a61c0ee3efff1f7c71c05fb5a8d8c5d09d924ebaac8800451c9db2456710a279dfe2d22f6aea9de31801dc742534362b0e810e99e841dbb7f0cf9af1aef542a52c776cc51f287368fbe6ad651fad5787ef77c73535f3dfb3618cc8f0dbb549ddca9b9bf91135a3456001a46215ade388e7ceb9fcdfd0d2d0a0356afbe2cec1c2e78b4d998d4554f4621f1151dd3ffd3ba4c0bc852f311758c5dca425d18ba15a8d67ca401d0e6cf280cb88384a2dad49fae39ba2a77b467b3238aa28cfd137e5c5c0ff9000f8b06a2192e162920692265db24ab6aede535e31c2093be57ebf8805df1788914f3a884f884179015808db4d3020f3e78bc34285d233762e899ebff28428215e244404de291728fbf4124ce5b2435260a8e341180075a5651e6: +26cbc2510ee6ea390a2cb948a015d131abf4c0954915620b7816aecf4e11da6d145e8dd22b4400289dafb626d95a94c2f3b69c65197717cbdcd85098c5492107:145e8dd22b4400289dafb626d95a94c2f3b69c65197717cbdcd85098c5492107:9cebe24b4f8ade86430e279a3c433e4ae17e008852a24f08690cbc3d75e3b7f200da897c25f7483b37637d4bc11008d9224cd581fbc038adada02d271ed2a5d285d843a0f8b79e37945dc35bc264becd804307e1d44218a643e4b59a9311de985d24b4c26fb14603be5dba1839ee0c8d2ede6cb50af67c804519037b1b1663318cfc6e75d0f051dbb5d3eaf3aad1f78ef0cff48d5c55b2fd25db1539d0f02dae9f25148a8d338b97879bbd39df961aa2c396315a2a86cc783581e67ea844acfe8645428a27b8d32ea3064e3bf62dcf58010ec4348862fac25e3d9fcd4e5d65be59905d816dfb964992ba7aceef8c2075a312e5ffc4f9530ea20f77f93e81cf8a019dc3945634364babf79772045a0dbaa77c47a22b77223b704debd2d003f6a5c7bf6b19cd2c49b614fd4d47fd251fe622cb981785c146bdb7c1d2ea02b116923bf98a1afbb7858adf2df938a790ec1f9074adb8d1afb5633fa961a84764010d3bded1c033d25abdb4b00fb05ed7640fae61879df88f0b09e3abd057b9a52108a9bc985fb73a5f29d84d1ca6921b62f1b703c7eeb4815d9dd6d066738db118baf61b0422f388f1bfc9e3a9bed83a1a727dcc266a9988364846807f4d5518bc2edd0ecb3413c26fd0c79b75d8cb5bcd85c06fccea4d03fb8988dff3ed0cc9dbae78d6ae8d5fc4024617a23f52bd615385d4eee08f9134eb3b250c8f822b47d91e8c4d4c29298016e6fc81f1f1099253d7945e0798955da0dde14ebb934ecfaeeabae87883e1cc398067400fe462a2c4e9f232db5cdd61eba949188cf01b238be7ada938f002dc3ae31fdfd425c8d46ea032323aaf20dd3de2507d36bb45fbb91c40969a9e5da20f7f936b0f4b137b62fe2ba3a667bc0362d93fc50d3f2295e167fcbab0fb3a39b7cb024b578f9490f734b28c9ccf7192f183947d5a513efa4916e4d82b2ab4ba7ec2ffba213ce82ad6ed3b10e48553e733c940aa9b9ce71337c6c2805dfb8dd6618b6d4090a3d6cc963ecea26d1cdc2bf5ac999c11276168a931d816469d79083c24081a50dcbd222752385267ce1bfc1db76b1554ad57e34752b7f8983147c116d4a3fae6f6d57e654fedd7378d2b4989ea:6710d0dd00545b444cf714b79144fe79f38cb1c0f5b74248d4f01fe360117a26ffed4a3bf21323b28a393ae9dee07d69e583e316c6a573d37c644a8d62c405069cebe24b4f8ade86430e279a3c433e4ae17e008852a24f08690cbc3d75e3b7f200da897c25f7483b37637d4bc11008d9224cd581fbc038adada02d271ed2a5d285d843a0f8b79e37945dc35bc264becd804307e1d44218a643e4b59a9311de985d24b4c26fb14603be5dba1839ee0c8d2ede6cb50af67c804519037b1b1663318cfc6e75d0f051dbb5d3eaf3aad1f78ef0cff48d5c55b2fd25db1539d0f02dae9f25148a8d338b97879bbd39df961aa2c396315a2a86cc783581e67ea844acfe8645428a27b8d32ea3064e3bf62dcf58010ec4348862fac25e3d9fcd4e5d65be59905d816dfb964992ba7aceef8c2075a312e5ffc4f9530ea20f77f93e81cf8a019dc3945634364babf79772045a0dbaa77c47a22b77223b704debd2d003f6a5c7bf6b19cd2c49b614fd4d47fd251fe622cb981785c146bdb7c1d2ea02b116923bf98a1afbb7858adf2df938a790ec1f9074adb8d1afb5633fa961a84764010d3bded1c033d25abdb4b00fb05ed7640fae61879df88f0b09e3abd057b9a52108a9bc985fb73a5f29d84d1ca6921b62f1b703c7eeb4815d9dd6d066738db118baf61b0422f388f1bfc9e3a9bed83a1a727dcc266a9988364846807f4d5518bc2edd0ecb3413c26fd0c79b75d8cb5bcd85c06fccea4d03fb8988dff3ed0cc9dbae78d6ae8d5fc4024617a23f52bd615385d4eee08f9134eb3b250c8f822b47d91e8c4d4c29298016e6fc81f1f1099253d7945e0798955da0dde14ebb934ecfaeeabae87883e1cc398067400fe462a2c4e9f232db5cdd61eba949188cf01b238be7ada938f002dc3ae31fdfd425c8d46ea032323aaf20dd3de2507d36bb45fbb91c40969a9e5da20f7f936b0f4b137b62fe2ba3a667bc0362d93fc50d3f2295e167fcbab0fb3a39b7cb024b578f9490f734b28c9ccf7192f183947d5a513efa4916e4d82b2ab4ba7ec2ffba213ce82ad6ed3b10e48553e733c940aa9b9ce71337c6c2805dfb8dd6618b6d4090a3d6cc963ecea26d1cdc2bf5ac999c11276168a931d816469d79083c24081a50dcbd222752385267ce1bfc1db76b1554ad57e34752b7f8983147c116d4a3fae6f6d57e654fedd7378d2b4989ea: +b1f59e3c2380d7aa414d0bf90893a38dddfc293859303d16f00d9eae6cb3450e84e3f5f72f19095b0f533848a5a91d0f0743b8e3a3e2f52fcbd7ebe7c5b5a998:84e3f5f72f19095b0f533848a5a91d0f0743b8e3a3e2f52fcbd7ebe7c5b5a998:c6174c9ad3685dd648636017837b8d992200319e9a5a0d26d94d2da75e2c3aff46f42d7b3aba472b7f860b0fe1f695529731fdc8cf0da705d1d09acad04f010837ecef419d57e9ea6cacf168c5215696f471f3caa897607c629d443de099d31753c24677d8d75f4bf17246818b58adc0424b762a191ef39a7076a5ad12614cf54c47eb0908bb866518c5fac1ca2d2e5b657520a2b3695c6fb360f16f4ab357998e4c0e97231d6f89c968dc29ecc1aa91fa0d7543b5d2247b0d85e48743ab7cc815cfdaa82bf68ca6d3e2250bfda27024d61b474c6b8154ac8d1b5a36209782515c1646680d37069b8b4412f951b025a4d543625dd02290bf03c6734613f99b7a4c3af5c5f9e9ac3474465e648423018d40a6adbe88a3301d3d259b04ee44cc0562ee0ded4f5e26ad977ab5631f85768dbce53f616c029a8b8f933e2a9264b1c81f517e9ff58ab9f45a23eeed4204358f8fff0c8f975ef1dfa5776a5f7793bae2f281d7b0cbef240b3fc6be058821ea2b800fffe55a7de0afc93ede9c60c8de005abb9a2c88f4e61e8deb3170f1078a36e2d8f2a58239bdee496e90d137d2110f0ad857a88b3527664f781939e0b2f76634ff9f6c57e1c43f58243171cd862ef4284576172af1f6c3bd37d5d74b28a7a98698bd74e57bbc142e67f703f9d62cde761a02268fecb343fc01418836414f1222ca24bcdd69d005901da2a0f94465e4d4ba68898816bf7e3e4bb79c8ca5997fba9a8df84faa2d24b044c4ea61029a46cba703421e361dfa52caaff3bbaab7fd753f2856d7c083aeb9768da11d821e2d309f7a735c399692dac2f262846b891bf6461af23c8c7ce1d4d9032c3c140f739e5584c36f05eaf4349ff4545f283a4e0fea49430a1b180d0871e3742b88ccb591124fc427ed673b5f27b0b0a6f54af22ba4a6d1c6c1db2a1fcaa6d8a0308b77ef2d0c61bbf51b95f1e8b6abc5041d97b6b6f1b569b3f63cec05cb567aaea106727096ee8a9ea87b8804901f7e88a7409c66f152de9dbfcbe31952e6fd83b2877a775fae425b3851e0eff8792ffb3848f84a65cc317253b272475e717e49e9c6ff6b7859d11bba7c4428c82d1789e0dca5bcadca2fdb259e98:60afc1e991fdd27cc472b9acc9d405b4d2b913089290b311c4fa891ae2eea05671fde7a0ef86557bd867d1c0b747caf35229d6ef528fe3e0d0bcf630380ea90ec6174c9ad3685dd648636017837b8d992200319e9a5a0d26d94d2da75e2c3aff46f42d7b3aba472b7f860b0fe1f695529731fdc8cf0da705d1d09acad04f010837ecef419d57e9ea6cacf168c5215696f471f3caa897607c629d443de099d31753c24677d8d75f4bf17246818b58adc0424b762a191ef39a7076a5ad12614cf54c47eb0908bb866518c5fac1ca2d2e5b657520a2b3695c6fb360f16f4ab357998e4c0e97231d6f89c968dc29ecc1aa91fa0d7543b5d2247b0d85e48743ab7cc815cfdaa82bf68ca6d3e2250bfda27024d61b474c6b8154ac8d1b5a36209782515c1646680d37069b8b4412f951b025a4d543625dd02290bf03c6734613f99b7a4c3af5c5f9e9ac3474465e648423018d40a6adbe88a3301d3d259b04ee44cc0562ee0ded4f5e26ad977ab5631f85768dbce53f616c029a8b8f933e2a9264b1c81f517e9ff58ab9f45a23eeed4204358f8fff0c8f975ef1dfa5776a5f7793bae2f281d7b0cbef240b3fc6be058821ea2b800fffe55a7de0afc93ede9c60c8de005abb9a2c88f4e61e8deb3170f1078a36e2d8f2a58239bdee496e90d137d2110f0ad857a88b3527664f781939e0b2f76634ff9f6c57e1c43f58243171cd862ef4284576172af1f6c3bd37d5d74b28a7a98698bd74e57bbc142e67f703f9d62cde761a02268fecb343fc01418836414f1222ca24bcdd69d005901da2a0f94465e4d4ba68898816bf7e3e4bb79c8ca5997fba9a8df84faa2d24b044c4ea61029a46cba703421e361dfa52caaff3bbaab7fd753f2856d7c083aeb9768da11d821e2d309f7a735c399692dac2f262846b891bf6461af23c8c7ce1d4d9032c3c140f739e5584c36f05eaf4349ff4545f283a4e0fea49430a1b180d0871e3742b88ccb591124fc427ed673b5f27b0b0a6f54af22ba4a6d1c6c1db2a1fcaa6d8a0308b77ef2d0c61bbf51b95f1e8b6abc5041d97b6b6f1b569b3f63cec05cb567aaea106727096ee8a9ea87b8804901f7e88a7409c66f152de9dbfcbe31952e6fd83b2877a775fae425b3851e0eff8792ffb3848f84a65cc317253b272475e717e49e9c6ff6b7859d11bba7c4428c82d1789e0dca5bcadca2fdb259e98: +db461b9f707eb2cd7748c44c99562f1302397489353df5f303797fe0d0b58de1635116da8ba5a36a377728e28618e75c5592aecc18e34011c4c42591970b7366:635116da8ba5a36a377728e28618e75c5592aecc18e34011c4c42591970b7366:1a2ac8c1b9ea099b831a6812d2b4261309058ea5883d70b1c607b9cd3fdfdb86e79902b0fe89e80ea7c478207674b2d803b0b9ca147ffe62e594f506c796d68997ce482b51a46e49b4a5d858cdeae2c6ec9b694198e6822f0e33ed57bedb0335c7890a72a7ee3c23823be79b7f9471e033c79aeed52e5760fb0ccbb9d38fded8b47383c19103ce44705834c59ddd86f7033948612d6662f516ce4e399ff20363cc7281a69b2d5c307b10b704150184ece32f390d772ccfa78483bb77a9fba84425366984171cc2bb60b0ec6c628d4e9030746dac1cabca60f05683813346a1a5bc14727549795c1c926869e1aa25093d591b43e086e43a04d170d942c4165e1c5ce76c3e64973d9136f9325bee821682f1043e951b02767f3fb458d02449add3e8a66e516fdb1ed580e056e0f78ee33fd9ee3280912fae07fe1ea02527cd001d6f6f2f89ee649f517414d56f57359a846891f0222c321d7e70817995a8cd8e94760b6e74832bab68d55bc4641884221fd29f122d87a9a868b6a6060c87b2382cf7bbdda4cd6aaa1bbc8e6d634ab580c865f5add6a1d54e61a607dc2c37b08a8cba6e610c12cfebef9c989eef3b782acbd1bcec5f04e835ca101298b5e9bdd8813a71b0d469fcf12727d3de1c3f97ddbc6ab2658440dd6421019bc68f356d6f25536865851d92d90fe9969c3b7c35a2e88ce153476ec3973af9359f1677a4caf1cc481c71bd90228ff5fc6dd83b8a699ffe514929f5c95cb4f04b00dd18a2872c41868d3beb76498ddc9234b63f599d7071801db2c2878f7bef4ffddd813226f06db84eb30217a7183082e3c1242bb6d01cd3a6ce27bff16bfbfdd75b7e5104312c49c43aadfcd5b4edba0ff50d2890ca3cd9cca33e4fc694c057c47ebe1c20a4ad115f985dc7442c6f6da7be530b6902289cab9ca139c6b24cb80ffdd782324e602c45910db63d8b5c44ca29d27f56dbf00186ba583c34e16031df357546b3ab9a3dd65e91d7128c939195e646a0f0b89bf5df04ba233d6a12a271f7e04aa45cda99b4a55a21cbbb738515e32c56aac2496232b1008a6761c8045a1fe0f9a3644047b5966a58a600466c1b1d11ddad5aa573c43ebda887e16a05:dd049ca79beb9eac325acf44672ff578a968502fe1bcf5ea19d52c0f6778c7f1c7bbf742747907786e608123911a920778d2f9596fe29be7cc28fd009d7c440e1a2ac8c1b9ea099b831a6812d2b4261309058ea5883d70b1c607b9cd3fdfdb86e79902b0fe89e80ea7c478207674b2d803b0b9ca147ffe62e594f506c796d68997ce482b51a46e49b4a5d858cdeae2c6ec9b694198e6822f0e33ed57bedb0335c7890a72a7ee3c23823be79b7f9471e033c79aeed52e5760fb0ccbb9d38fded8b47383c19103ce44705834c59ddd86f7033948612d6662f516ce4e399ff20363cc7281a69b2d5c307b10b704150184ece32f390d772ccfa78483bb77a9fba84425366984171cc2bb60b0ec6c628d4e9030746dac1cabca60f05683813346a1a5bc14727549795c1c926869e1aa25093d591b43e086e43a04d170d942c4165e1c5ce76c3e64973d9136f9325bee821682f1043e951b02767f3fb458d02449add3e8a66e516fdb1ed580e056e0f78ee33fd9ee3280912fae07fe1ea02527cd001d6f6f2f89ee649f517414d56f57359a846891f0222c321d7e70817995a8cd8e94760b6e74832bab68d55bc4641884221fd29f122d87a9a868b6a6060c87b2382cf7bbdda4cd6aaa1bbc8e6d634ab580c865f5add6a1d54e61a607dc2c37b08a8cba6e610c12cfebef9c989eef3b782acbd1bcec5f04e835ca101298b5e9bdd8813a71b0d469fcf12727d3de1c3f97ddbc6ab2658440dd6421019bc68f356d6f25536865851d92d90fe9969c3b7c35a2e88ce153476ec3973af9359f1677a4caf1cc481c71bd90228ff5fc6dd83b8a699ffe514929f5c95cb4f04b00dd18a2872c41868d3beb76498ddc9234b63f599d7071801db2c2878f7bef4ffddd813226f06db84eb30217a7183082e3c1242bb6d01cd3a6ce27bff16bfbfdd75b7e5104312c49c43aadfcd5b4edba0ff50d2890ca3cd9cca33e4fc694c057c47ebe1c20a4ad115f985dc7442c6f6da7be530b6902289cab9ca139c6b24cb80ffdd782324e602c45910db63d8b5c44ca29d27f56dbf00186ba583c34e16031df357546b3ab9a3dd65e91d7128c939195e646a0f0b89bf5df04ba233d6a12a271f7e04aa45cda99b4a55a21cbbb738515e32c56aac2496232b1008a6761c8045a1fe0f9a3644047b5966a58a600466c1b1d11ddad5aa573c43ebda887e16a05: +f5c0a7f8f6584c5d2f2e1d0810e8e86103e4e2d45cf9a721d8c47f67493396a43c6d6cce49633141078696131a8d84ed823f30664b289af9dd30c6407f6f0313:3c6d6cce49633141078696131a8d84ed823f30664b289af9dd30c6407f6f0313:d68abc609a7a0ce256699eb17043defe1eb822c9708f65718a06581fab2110ec2db09213bb9e0f3612ce4a3f8fdbe757a9f0eb2c3eba438a9088b18f6c5caabbe5c82f7a9ab2fecf0f5859d175e139263033742458f82a6f38756cd5bcdf9e0736db2cab20a0cd3f0f1cdbea8556d84909358dd8f69f0dacd49abf8ac1bfe75940d6939e6a55385b5ace7ce1fde120679ab6ea7a89d14268d29ffb46df105bf3909242c6605f3e3e2ab7448937d6db2ba054c7b14f432db41dc18a5b957336b7f52d978ec03e7d5764e9bd2f4b68958d937bf29823b27efb31e25b43925c4dacbe6718a60fea3b3270e7b76b0de0e70f7fa3c12c215ef72b95dc1b5276238179dfc52fc48859649fa582d05a60df68599a1ceea64f6412d3f8498ae2cedb124245883a240bc0851f0e324965be120486e1ea89a0182dfa8eabd3b8fa66a99c51491389f3c83a3cdb4267f3e4dbc98f0c44856b044dc88d90eeee8415bf73de171afe84be9035e0dc4c80cf0422469fe0c9bd1c6aa654a59b5e34eed351cda2871269ac478e8d382e740e9ac7ab4ddc4c0def0aeab797b6f1a427b8e4a8497a0b9797dadcd35c414fd55b783130f6cded38a44c1a89288307eb8425484137a8aedb030d54b616a82e3c5acffb08d6cc1a61745c29afc68a0c1838b139159c5fa6674d66b9e338115aad4b1b4710aa5d9517bcf7e1cb12d4e6a51c11789fdcae9d9bbe78f69a33e52df1833c876b02687a404facad32841cb2d52554e7b8e2209e3f88fd948c1ecf83957c96f43b034beda6c476096bcb09301ad61f8367cc43e156131862b42ece285bec2dcc2d02d094d042a16072eb22ab9888013be82371569400ec1f8ec7e79108c41b853365268fa4cfbc62c4ac12cc98d2ec38a87d6085859567c0f27d6d431a046e88a9815558660705fd05eb06c6c05e5b7d62347ceee27dffed7141540d608cb975075a9644acc6328439f9fa682b226b186154549011c3b0f0ff4f74caa71c1944e4cb836ce851d9b5d9e727c553e3c723cf98c273e5675cab899bb66f4633a76dea357341f983c53d9158ad319ada75408b41c06f26b7435b80dc3bc0aaf22a833ddedcd6785c87d196b0af2c9a43d1:d4c30a48c4523b1f84b14b657af8f859755bba6359988b675c6d85ddf35462820da476d84f6c402e65b020d9e8a2c285c16708ae58d1f8dbc65782a898a66508d68abc609a7a0ce256699eb17043defe1eb822c9708f65718a06581fab2110ec2db09213bb9e0f3612ce4a3f8fdbe757a9f0eb2c3eba438a9088b18f6c5caabbe5c82f7a9ab2fecf0f5859d175e139263033742458f82a6f38756cd5bcdf9e0736db2cab20a0cd3f0f1cdbea8556d84909358dd8f69f0dacd49abf8ac1bfe75940d6939e6a55385b5ace7ce1fde120679ab6ea7a89d14268d29ffb46df105bf3909242c6605f3e3e2ab7448937d6db2ba054c7b14f432db41dc18a5b957336b7f52d978ec03e7d5764e9bd2f4b68958d937bf29823b27efb31e25b43925c4dacbe6718a60fea3b3270e7b76b0de0e70f7fa3c12c215ef72b95dc1b5276238179dfc52fc48859649fa582d05a60df68599a1ceea64f6412d3f8498ae2cedb124245883a240bc0851f0e324965be120486e1ea89a0182dfa8eabd3b8fa66a99c51491389f3c83a3cdb4267f3e4dbc98f0c44856b044dc88d90eeee8415bf73de171afe84be9035e0dc4c80cf0422469fe0c9bd1c6aa654a59b5e34eed351cda2871269ac478e8d382e740e9ac7ab4ddc4c0def0aeab797b6f1a427b8e4a8497a0b9797dadcd35c414fd55b783130f6cded38a44c1a89288307eb8425484137a8aedb030d54b616a82e3c5acffb08d6cc1a61745c29afc68a0c1838b139159c5fa6674d66b9e338115aad4b1b4710aa5d9517bcf7e1cb12d4e6a51c11789fdcae9d9bbe78f69a33e52df1833c876b02687a404facad32841cb2d52554e7b8e2209e3f88fd948c1ecf83957c96f43b034beda6c476096bcb09301ad61f8367cc43e156131862b42ece285bec2dcc2d02d094d042a16072eb22ab9888013be82371569400ec1f8ec7e79108c41b853365268fa4cfbc62c4ac12cc98d2ec38a87d6085859567c0f27d6d431a046e88a9815558660705fd05eb06c6c05e5b7d62347ceee27dffed7141540d608cb975075a9644acc6328439f9fa682b226b186154549011c3b0f0ff4f74caa71c1944e4cb836ce851d9b5d9e727c553e3c723cf98c273e5675cab899bb66f4633a76dea357341f983c53d9158ad319ada75408b41c06f26b7435b80dc3bc0aaf22a833ddedcd6785c87d196b0af2c9a43d1: +1ab946c0c1aebf9ca37c2f4e2a4b337d5b1ebccd24734c9cb2a1608c881e57579afc63dfce0d489b40907aeed6dffe4cd8ef5a6ffa22989556445cbf9b3519c2:9afc63dfce0d489b40907aeed6dffe4cd8ef5a6ffa22989556445cbf9b3519c2:9bb071b62c04064b0c96e243dd198c39717b25c99448c2c002b84a99204c5a6e23b4b912028675bfdc4df93c5b2fb80881a23e0d44ba18bde99121eee86adc6f842819d6ebc7a288992da3285805a8b8b6fbcd2267b686b3e1bf7960b45f244f852e82492944e3d618bcc4514c17f722ba49aca7f2f3bb4e91f940e9cef015650c3e40b0c855a17c42f11e3a34acc85287dbe0f9093c00373d50c0b3064a5a5f2b1e89206517528295fd871703a8e762b5e76fb9b7473d2149b85b9461f5587ed7e7fc8b50aa09876deeb6e237078502142cec6bddc70140fe1d1f1658d5d3e910fd7036a2f924b499db1756f7c8ce0d5f0d045b39bc81c5c2f1a761f52ff393e0649b8db0bd8854bd026be2c7c3cd63526ba5a80d48335f033832d63376071b6308f05960cb3fc9fac932edd8376dae51f2c661f75b7c6f4ac856753aca62062877609fc4a0ff60670282c05e882d1a035bf9890cab296ac7a8df244c56f490250f020054b8af51be4fc318beba506232bf45e17f5c740cf09d37515a8bc894bc955c8a460877c7854f8be363b21933e16287ae0cb70f222d4e36b8b424975559bb4bfc8dd1d51b3c0faf4a53e302196f9fedb53287d09315dfffa2bc4b3acff137f9a76d6856217f79cbb25433fc97899fd6540f18088e84417e4833e4a91aaba4658ae9ad7f760dd9c5b7191a0d3c05541b83c025a7992138e6d1080da14c2c887c6d670aab374d436c272f9e96f85a9c423379c0d47c46df6de334ea2057158d33231e1426a66d3c70827aad5511b846e03b94923d5f94baf1f8cf11a861373a5b80ad5e317ec2a529e94e636cdc3aa29e5dac205a0c13f68fb198cf9456e6390aead4d9782a1038f6478d339a81bae7af2a04151c2f22e8d39fe071e1a52168d57c84c36293413f8e6ff6934f05e7efad6fa120c8c1c38ad1886a3d00bfc306459203c02cdf4f06652bc8fa0e8b9cc779d43fbb789e7dad5dc99f41d4cc588c1b65426a4e77389edd04977578f8f316bcdd9461d666472cdd276aa569721c65232256ba1cf0e7f5ea55321729bb0e0386a77b865532024696eddef485b7d7b28c1573b9347e414d4261995482e3b312de1331f84e7548607a84:bfabdea41810a53f8e527acd66ec106ce2ae1a67ff6a9b522e0f08fbbf1252682cb3a1dcc875601944cb88000f72e13907007903a77cd0db0316d419ac38c2049bb071b62c04064b0c96e243dd198c39717b25c99448c2c002b84a99204c5a6e23b4b912028675bfdc4df93c5b2fb80881a23e0d44ba18bde99121eee86adc6f842819d6ebc7a288992da3285805a8b8b6fbcd2267b686b3e1bf7960b45f244f852e82492944e3d618bcc4514c17f722ba49aca7f2f3bb4e91f940e9cef015650c3e40b0c855a17c42f11e3a34acc85287dbe0f9093c00373d50c0b3064a5a5f2b1e89206517528295fd871703a8e762b5e76fb9b7473d2149b85b9461f5587ed7e7fc8b50aa09876deeb6e237078502142cec6bddc70140fe1d1f1658d5d3e910fd7036a2f924b499db1756f7c8ce0d5f0d045b39bc81c5c2f1a761f52ff393e0649b8db0bd8854bd026be2c7c3cd63526ba5a80d48335f033832d63376071b6308f05960cb3fc9fac932edd8376dae51f2c661f75b7c6f4ac856753aca62062877609fc4a0ff60670282c05e882d1a035bf9890cab296ac7a8df244c56f490250f020054b8af51be4fc318beba506232bf45e17f5c740cf09d37515a8bc894bc955c8a460877c7854f8be363b21933e16287ae0cb70f222d4e36b8b424975559bb4bfc8dd1d51b3c0faf4a53e302196f9fedb53287d09315dfffa2bc4b3acff137f9a76d6856217f79cbb25433fc97899fd6540f18088e84417e4833e4a91aaba4658ae9ad7f760dd9c5b7191a0d3c05541b83c025a7992138e6d1080da14c2c887c6d670aab374d436c272f9e96f85a9c423379c0d47c46df6de334ea2057158d33231e1426a66d3c70827aad5511b846e03b94923d5f94baf1f8cf11a861373a5b80ad5e317ec2a529e94e636cdc3aa29e5dac205a0c13f68fb198cf9456e6390aead4d9782a1038f6478d339a81bae7af2a04151c2f22e8d39fe071e1a52168d57c84c36293413f8e6ff6934f05e7efad6fa120c8c1c38ad1886a3d00bfc306459203c02cdf4f06652bc8fa0e8b9cc779d43fbb789e7dad5dc99f41d4cc588c1b65426a4e77389edd04977578f8f316bcdd9461d666472cdd276aa569721c65232256ba1cf0e7f5ea55321729bb0e0386a77b865532024696eddef485b7d7b28c1573b9347e414d4261995482e3b312de1331f84e7548607a84: +04bb887a8a3184ffc7ea09c9bc7c1f7c3411556a7c7c398cb8b2d98ffd9ee8666ab1e4ae4aa0d38989aeefa805b578806e2e971ac7ac05409958bfe60071f4a7:6ab1e4ae4aa0d38989aeefa805b578806e2e971ac7ac05409958bfe60071f4a7:b7ab0c8163f478c6cabf2bbd7ca37cb02456d76e527eea1b0d26db242e37877632985a3e3ca41b52e21d79017bff81ee551ad72af277b410e42af822c608cd69d00bf440b75b787a8c915d70b6c6376c3f67fa64d612a1b449a7e2134d9c23230157d576e06a66a8422a611e2a0f097286c199ea2a162861864bd035076ab20bbae2b4408a2c6433cb23433a889fe6598f47be53bbd2c80f07a8fccb8aae511161e609da4d180acea544811e9449c5dc2250e3e5a0cd41da33a2da632e6038bd86f16d5b7c1be49fc6db499076ca91f7aa028fe38529700b21d072d2b75dcc8b43781d4bc4d3bb584d9da01c3ecc85b1e93fce045dadceea5106468bdfe5f70d66a4fad60e4fb864ec15ea50f6cb797223c8c756f7a1931a39464ebbb9679f6b01687c174eaa32b968b9cface8c167120aa7bd0242f003a0c377702551b30da2488eb2944052934aef4bfe115f0ab7405a3d5fa9bd796b371742bc114a9bf28c5bd25626295ce261a6a83ef60b77d2d32dd7105fc83664aa89765b3f8191eeeed878f2ebff2fb97663a61877c093933bbd0731e63757571b0e37cac99ed01fd214cbd4feb977e856e0a1a7ef0c408c20e0ddaf1fd8f028cfa08c850fa7090dca8cdde0cb6903da18c6290c66a1c0ae0a084bf250c51a9d035e5b16ec616636afb9b5bce36a775fe2175bcc2ee07220834eeb31caee50e9f8063fb1fc8468ae25e3966789a6d8dffe08a6f7a1e6726f93ae7482de0262bb1f8de0c95a99ecb95684d44b3f1a332a18d2cd3dcf253c33d735522f796b651c9a633a8ebe95d02bc0465825ee541a7d927bb5b90a6db5499f8d993ab404b1650b75e792a7c834eb41f0470138b0f578a04c9ba5ad950ac7c9b5d328f3408b645ad9c6bf196dd961445596bc78f284b8914b2a8cf9b7bd3a716d8f144bb6b15d831023713b5e41fda9b587ff9d6cc43c08d35a707f495283e1ace960487e7f02b7543b68a731a29bf3be14b6e9c37174a9f46f561199dbd27b46bfe62243e0c11c0edf13b64f411c8e8eced35d8428f79f10eacffb7234e546413d1eb0fad88c0e938593b43b5ee0e4285d4dddf5295dbf1a3ddbe9f4134dd76d3de70462c2f04fe0aebdf59a:cd84f55e5ef4531924c5a2181ec87a64541388c1059406bc07d53157a168e203cc8aa0f0069d53ff58a95b8a8caafdad26363c7d0f8045c4359e97b43602c606b7ab0c8163f478c6cabf2bbd7ca37cb02456d76e527eea1b0d26db242e37877632985a3e3ca41b52e21d79017bff81ee551ad72af277b410e42af822c608cd69d00bf440b75b787a8c915d70b6c6376c3f67fa64d612a1b449a7e2134d9c23230157d576e06a66a8422a611e2a0f097286c199ea2a162861864bd035076ab20bbae2b4408a2c6433cb23433a889fe6598f47be53bbd2c80f07a8fccb8aae511161e609da4d180acea544811e9449c5dc2250e3e5a0cd41da33a2da632e6038bd86f16d5b7c1be49fc6db499076ca91f7aa028fe38529700b21d072d2b75dcc8b43781d4bc4d3bb584d9da01c3ecc85b1e93fce045dadceea5106468bdfe5f70d66a4fad60e4fb864ec15ea50f6cb797223c8c756f7a1931a39464ebbb9679f6b01687c174eaa32b968b9cface8c167120aa7bd0242f003a0c377702551b30da2488eb2944052934aef4bfe115f0ab7405a3d5fa9bd796b371742bc114a9bf28c5bd25626295ce261a6a83ef60b77d2d32dd7105fc83664aa89765b3f8191eeeed878f2ebff2fb97663a61877c093933bbd0731e63757571b0e37cac99ed01fd214cbd4feb977e856e0a1a7ef0c408c20e0ddaf1fd8f028cfa08c850fa7090dca8cdde0cb6903da18c6290c66a1c0ae0a084bf250c51a9d035e5b16ec616636afb9b5bce36a775fe2175bcc2ee07220834eeb31caee50e9f8063fb1fc8468ae25e3966789a6d8dffe08a6f7a1e6726f93ae7482de0262bb1f8de0c95a99ecb95684d44b3f1a332a18d2cd3dcf253c33d735522f796b651c9a633a8ebe95d02bc0465825ee541a7d927bb5b90a6db5499f8d993ab404b1650b75e792a7c834eb41f0470138b0f578a04c9ba5ad950ac7c9b5d328f3408b645ad9c6bf196dd961445596bc78f284b8914b2a8cf9b7bd3a716d8f144bb6b15d831023713b5e41fda9b587ff9d6cc43c08d35a707f495283e1ace960487e7f02b7543b68a731a29bf3be14b6e9c37174a9f46f561199dbd27b46bfe62243e0c11c0edf13b64f411c8e8eced35d8428f79f10eacffb7234e546413d1eb0fad88c0e938593b43b5ee0e4285d4dddf5295dbf1a3ddbe9f4134dd76d3de70462c2f04fe0aebdf59a: +9776a467fa1400735412a79b495f9fca078ce1d87a8530d85c26055d3a394488c7dbe0e41c0a31c0942793ffd142d8b95cc82e5caa92a379ba23f644edf224da:c7dbe0e41c0a31c0942793ffd142d8b95cc82e5caa92a379ba23f644edf224da:d78553a1b7055b58b213101b1c84c53e164e39c6e9d36db43f30e19e2a125a9a67709eafef964fa5bab7261ddb3a8a0188457dfbf5159c40e51da8208483245781d7131e23a8bee5e506331816b9deeefe6e556e3f0c95c668d1bedb7da635065458ad20467012f59f171352068020ce3c75878693f6437bc4a09f13b9b0f0cddaf1691b872f82008093ebfbe233d0313e72c8632d7d1793f0b81c7688f54470330f04e64860e6446bfc6d96c87569bf182f0f4385af485d4299cac04e06ba473465566c477f07b9db277ab4a9de2fb2ded0a5011cd06d675c0800b34f55bcf3ec72d21ca150c8bf2361287be81efabb96d8688a1dee3f430f06f637dfd06f151464a05c95f5fe76af2e06d0123f6948a26b3be835045aa268cc1be976697107770208a7568f025c2d53c719e524cc369d9b4a337d8fd1ef345b9bca57fbd7b65a6b997cad3fce4cf06f2ca43ebe2986d09682d47c922b2cb7569d98de97a6164f5470eec71ceda520ccec7732bd01689ef81656e9f6d0c58a895558aee863f5469e7ab97915bfe0b80a064c659b183031f7f1a86fb11a9d528c2815dcaa2f0dec3d21a882e106e20493ee0acb7708eaa2912574ae97bb288b41fc0925053a29b0bfbc0ebae8d63cc0b46e3738046c5a202530bcb15b187a72854aa2d8a7a76c89a89a5db46032074e1bd7de77ef2065a08f389d783cf759ebd5a63a44d919f948f560c3e94c4239e274e051a20485a430cbd529f313d9f7ed679a34187b24f8413087a9021e4731730f5f461fc5aad6654dfa1c0504d26124707e63ee57f931b2785908f86b104b3ecb96000251d06ce1fa45e4cd6df91ac15bbf7ca3c3eb8ee0827612a29ecb7a36d5470c40505182fa9ac913570d0c1050d9a43455cb7bdc17d169805f018956f854f8919bbfb719e1867b36a64aabcdb807f48dccc0672f67887450b3f3e958d78499e0d1ab368aa49442e5e8a332bffd44c169ea67629c85724db6f1586b6c6b5be4864dfd53da7c0f7b8bb3573116be5077d332bd12a6300f3a68a89866b479ec2baa277f9f56f6e1d49d741eb322035ff8cb1de85c8dc87ac8e6e4c5d20bfb6d317ab125930c42609be3ae82242a9ef0568858d8:e1317ba2a123ae3b29e7b60e8e93beedd7a08451a013695b6dcf358e4034026dc74037afbdd217ff4b148b029138f4bcc8f9836abbae7e6276e9e769dbd8f007d78553a1b7055b58b213101b1c84c53e164e39c6e9d36db43f30e19e2a125a9a67709eafef964fa5bab7261ddb3a8a0188457dfbf5159c40e51da8208483245781d7131e23a8bee5e506331816b9deeefe6e556e3f0c95c668d1bedb7da635065458ad20467012f59f171352068020ce3c75878693f6437bc4a09f13b9b0f0cddaf1691b872f82008093ebfbe233d0313e72c8632d7d1793f0b81c7688f54470330f04e64860e6446bfc6d96c87569bf182f0f4385af485d4299cac04e06ba473465566c477f07b9db277ab4a9de2fb2ded0a5011cd06d675c0800b34f55bcf3ec72d21ca150c8bf2361287be81efabb96d8688a1dee3f430f06f637dfd06f151464a05c95f5fe76af2e06d0123f6948a26b3be835045aa268cc1be976697107770208a7568f025c2d53c719e524cc369d9b4a337d8fd1ef345b9bca57fbd7b65a6b997cad3fce4cf06f2ca43ebe2986d09682d47c922b2cb7569d98de97a6164f5470eec71ceda520ccec7732bd01689ef81656e9f6d0c58a895558aee863f5469e7ab97915bfe0b80a064c659b183031f7f1a86fb11a9d528c2815dcaa2f0dec3d21a882e106e20493ee0acb7708eaa2912574ae97bb288b41fc0925053a29b0bfbc0ebae8d63cc0b46e3738046c5a202530bcb15b187a72854aa2d8a7a76c89a89a5db46032074e1bd7de77ef2065a08f389d783cf759ebd5a63a44d919f948f560c3e94c4239e274e051a20485a430cbd529f313d9f7ed679a34187b24f8413087a9021e4731730f5f461fc5aad6654dfa1c0504d26124707e63ee57f931b2785908f86b104b3ecb96000251d06ce1fa45e4cd6df91ac15bbf7ca3c3eb8ee0827612a29ecb7a36d5470c40505182fa9ac913570d0c1050d9a43455cb7bdc17d169805f018956f854f8919bbfb719e1867b36a64aabcdb807f48dccc0672f67887450b3f3e958d78499e0d1ab368aa49442e5e8a332bffd44c169ea67629c85724db6f1586b6c6b5be4864dfd53da7c0f7b8bb3573116be5077d332bd12a6300f3a68a89866b479ec2baa277f9f56f6e1d49d741eb322035ff8cb1de85c8dc87ac8e6e4c5d20bfb6d317ab125930c42609be3ae82242a9ef0568858d8: +09d8122697126dfc7e11685a04123fdfb47ccddb4499d8a3aef418cb65aed7a7f8ddb1c00f6e0f4beaa6fc38e5d0a5775ee28c80dbde3f0c7930a33aad7150f3:f8ddb1c00f6e0f4beaa6fc38e5d0a5775ee28c80dbde3f0c7930a33aad7150f3:a0d8d8798eba22f56760c30643e9fc6795547ea5f2f2bbd11c0392b2ebf711aca22f0824199fc3188a45bdffde70ece9ab15a5ea89622a5871e0ef7685d10f1274cc195b4fda81f879d1e9bf42f873b20a859c233f9e49adbf057731e11335e9b6d8ed0e069e134ec461ca8890d7b0473c405e8a9d95d15711b12476103762c626d9f2aa5dd519bd825b60b3234ebf651e0d1933371c52bfd8ce33fc36bba328f7f3f2ccc01000a89904af37e4e1e9e15fffab5c2b0c47f37cdcb068db33ac36a5f0d6de1203fbf8949324bd3efda0f9889db00da2317b49fd186999df7fcdc3cb4e1d18faa254561c251178b8d33fdc9dccd8d2d721b93a536ccd3c0e9c856337f195eee7da9a7f6b0a42b7c541c6a68c595bf34704d9fe3a56d2ec8481d577c96ecc08b8e40acdbf050e20c683f39c414e8cbfcf4a0152314c05987a83bde3025b735cca3023abc5feb7e00d0236b4f24b15e679db052c8d2fddb3bef8663a6df819a9815527a1a2f60a0fa4e5078ddc6d435fe89287b30ffdeb5d9ae05d1a8690fbc7590aad57d43d22c12ace2c8196888e354e9f782f5dbb44149e83fb8bbc9da6d89ce206c1e2b6b2b28f933f3e5ff1175a31a8ff5d31e65c8b00c5ba462224a1e09d4f09cb40fc87c36e7d285c774a96976203651828e783628847ac512e5d1c35b35b030171f92396f5ffaff585cead04b6ae210d80707cc6832d98a20d3a947648da2604937fefd25a9fe0fc5cac083ddd7d2075307f4f382664f687dce8c655ded9c12d48ff7601df2a48d37fe214970844c075f2eab002059fc2271e617c9657a01bec1dd38f6c28ba8a617bd30851e3f9dbac904418df1d0215ad45dfc9f02b5c5e9f9bbc6de8b07af0bd1f7fa8922544f12d2a3e1aadff7e9c6b93320c3a61ef33da07eb87b1617f9e77d7702e558bc7d8122e0dfe2ae83e836c5b1a62aa585c0dffe716f7463c0b33da5b1eda556a1ef1e45042c79bdd3ec3cb8863a7bc1b0f7e1c05bd9920f05b4eda86517705ed07f6dca7bb00ae0456e6787d9fae8ede4ecd0bc572eb5cc6d19e891f1bcb229e9409e06574c7df058173cb58c3fdf20f3ff17c3705af62d9b7225c5743f600607f77cbe7d6e7618abc79:18cfaf6dc8e4e8582bcefe0cdc6fcefe6a4a87ea629585f37d2fba446b3aebd452426382da0d491c39cb7d54d273005dc132121568d2ab674520adda7523840da0d8d8798eba22f56760c30643e9fc6795547ea5f2f2bbd11c0392b2ebf711aca22f0824199fc3188a45bdffde70ece9ab15a5ea89622a5871e0ef7685d10f1274cc195b4fda81f879d1e9bf42f873b20a859c233f9e49adbf057731e11335e9b6d8ed0e069e134ec461ca8890d7b0473c405e8a9d95d15711b12476103762c626d9f2aa5dd519bd825b60b3234ebf651e0d1933371c52bfd8ce33fc36bba328f7f3f2ccc01000a89904af37e4e1e9e15fffab5c2b0c47f37cdcb068db33ac36a5f0d6de1203fbf8949324bd3efda0f9889db00da2317b49fd186999df7fcdc3cb4e1d18faa254561c251178b8d33fdc9dccd8d2d721b93a536ccd3c0e9c856337f195eee7da9a7f6b0a42b7c541c6a68c595bf34704d9fe3a56d2ec8481d577c96ecc08b8e40acdbf050e20c683f39c414e8cbfcf4a0152314c05987a83bde3025b735cca3023abc5feb7e00d0236b4f24b15e679db052c8d2fddb3bef8663a6df819a9815527a1a2f60a0fa4e5078ddc6d435fe89287b30ffdeb5d9ae05d1a8690fbc7590aad57d43d22c12ace2c8196888e354e9f782f5dbb44149e83fb8bbc9da6d89ce206c1e2b6b2b28f933f3e5ff1175a31a8ff5d31e65c8b00c5ba462224a1e09d4f09cb40fc87c36e7d285c774a96976203651828e783628847ac512e5d1c35b35b030171f92396f5ffaff585cead04b6ae210d80707cc6832d98a20d3a947648da2604937fefd25a9fe0fc5cac083ddd7d2075307f4f382664f687dce8c655ded9c12d48ff7601df2a48d37fe214970844c075f2eab002059fc2271e617c9657a01bec1dd38f6c28ba8a617bd30851e3f9dbac904418df1d0215ad45dfc9f02b5c5e9f9bbc6de8b07af0bd1f7fa8922544f12d2a3e1aadff7e9c6b93320c3a61ef33da07eb87b1617f9e77d7702e558bc7d8122e0dfe2ae83e836c5b1a62aa585c0dffe716f7463c0b33da5b1eda556a1ef1e45042c79bdd3ec3cb8863a7bc1b0f7e1c05bd9920f05b4eda86517705ed07f6dca7bb00ae0456e6787d9fae8ede4ecd0bc572eb5cc6d19e891f1bcb229e9409e06574c7df058173cb58c3fdf20f3ff17c3705af62d9b7225c5743f600607f77cbe7d6e7618abc79: +10201bf0084367590de674cc0ed2648ec25d3ba8db40d00ede153398508bc126badbd05e5f79e31169f740ba46a58910a1b77705af45717b2af80856457c58c9:badbd05e5f79e31169f740ba46a58910a1b77705af45717b2af80856457c58c9:7bb1470617d11e45eb602a829ad773ee2bb7e6b88da4c04a7216a450f84993a498cbd3b9254028f2f99fc21a23288bdc1e151a72a9130c3dedda1bbbccd4e6c0f48ae9f35318cbefc959f405045e6e0b5fb2e738f2b765be11b1b6a0f1e8319549d95fa8d1df8167cd4a7717ae1636a9df54d96eaf2d63236900fd11338252a5008d5d480e2b1e9861d1f70688c47eae4689da01a47da3dfb6d2bab3cdf505ee5d801a152c267093d17e9bf7137a6ee7b834d0085500e401c17f3286c1575d1c0100fa9807630c4a990654c1e71a8b715627bb13d442c84a449844c404b872bfbac718a48d0ea0945c77166a53139b0ff0098134764f9ecdb88eabe07ccb2cced4955e08249b2f5770ad41fccd7b5bb372e6c33767e07f5be7d10712de81841b134e193df0776a0fc156ff5d0e96f40a704753e1145e9fa083c4ddeef4416234f6e1a2382c8e5b3ad405458e89d2f493a4d7c29a23de2107485b7f56350124e7e0d695c522b6de7a9247a2924ce6f2863236c10cc21264ad54590d314763ea1a19afacd90eba955870407e8c6365a143a5c1b9a8be5e4a4dcadb72e0d47649bd53abd46b5c6960eae2cab773753cc0e04e99414bc2cb30f48bb54139d066e43e2f0e1a4ae963858bef967df8c84140d2d09202b406d5d85cb7a96cc57f233eb2187ffd02f94e92297b5e69d969d3a5936efe4929144f258bfb39dd0ce26359c4549fc218a0aa54f31bd551b8781acbbf61cb3f732cdaf622c6a69188cf557a3a92ed153e69125a4090ac451536a0e9a63a41782910ffccb4e850021123ffd1f3bf39c73460a65ccfe4dba9bdefb5d5f4da6c469aa1322fa27043238363ee72918688d7ca1c4c2952e430d563256bb86d350a35ee82e01504747f31d02e03aedda546d0f1b2f451b870821602d00e819036ade5a7c7fcd21a6de6af35b1f9632a70af65df6445f6fadfbc0f416755c8246640e56b856b66ddd92a60c03538221dc8fb142ce2dbacdb7425f33cb85d850cc02c315cfc111f6f651dde1bdb67fb208e1f6bde784ddcf7bd18c8051a2e0bbf1018b8f39536c589de65eadc6cf379b77cad13f9089cb323fb2e943d06cdd10705c121134c6548dc53415f8c370ec690:f1d996588b298f271e970cebd2a1b339979cd29dddee3645d07fab8ab465dde3e98667ec01ad7f1c0a6592e0697e665c72fd3814dbe189ed5f4e76c794e538097bb1470617d11e45eb602a829ad773ee2bb7e6b88da4c04a7216a450f84993a498cbd3b9254028f2f99fc21a23288bdc1e151a72a9130c3dedda1bbbccd4e6c0f48ae9f35318cbefc959f405045e6e0b5fb2e738f2b765be11b1b6a0f1e8319549d95fa8d1df8167cd4a7717ae1636a9df54d96eaf2d63236900fd11338252a5008d5d480e2b1e9861d1f70688c47eae4689da01a47da3dfb6d2bab3cdf505ee5d801a152c267093d17e9bf7137a6ee7b834d0085500e401c17f3286c1575d1c0100fa9807630c4a990654c1e71a8b715627bb13d442c84a449844c404b872bfbac718a48d0ea0945c77166a53139b0ff0098134764f9ecdb88eabe07ccb2cced4955e08249b2f5770ad41fccd7b5bb372e6c33767e07f5be7d10712de81841b134e193df0776a0fc156ff5d0e96f40a704753e1145e9fa083c4ddeef4416234f6e1a2382c8e5b3ad405458e89d2f493a4d7c29a23de2107485b7f56350124e7e0d695c522b6de7a9247a2924ce6f2863236c10cc21264ad54590d314763ea1a19afacd90eba955870407e8c6365a143a5c1b9a8be5e4a4dcadb72e0d47649bd53abd46b5c6960eae2cab773753cc0e04e99414bc2cb30f48bb54139d066e43e2f0e1a4ae963858bef967df8c84140d2d09202b406d5d85cb7a96cc57f233eb2187ffd02f94e92297b5e69d969d3a5936efe4929144f258bfb39dd0ce26359c4549fc218a0aa54f31bd551b8781acbbf61cb3f732cdaf622c6a69188cf557a3a92ed153e69125a4090ac451536a0e9a63a41782910ffccb4e850021123ffd1f3bf39c73460a65ccfe4dba9bdefb5d5f4da6c469aa1322fa27043238363ee72918688d7ca1c4c2952e430d563256bb86d350a35ee82e01504747f31d02e03aedda546d0f1b2f451b870821602d00e819036ade5a7c7fcd21a6de6af35b1f9632a70af65df6445f6fadfbc0f416755c8246640e56b856b66ddd92a60c03538221dc8fb142ce2dbacdb7425f33cb85d850cc02c315cfc111f6f651dde1bdb67fb208e1f6bde784ddcf7bd18c8051a2e0bbf1018b8f39536c589de65eadc6cf379b77cad13f9089cb323fb2e943d06cdd10705c121134c6548dc53415f8c370ec690: +c4aa425246b5173f5ef898152eca3d092bb4c2dd02853fcfc7178399f4e2f75829b77a3075f419243c0c1bc39659d73117ac00e55e8de38fe9829a879cc5b8a0:29b77a3075f419243c0c1bc39659d73117ac00e55e8de38fe9829a879cc5b8a0:7df978a1f4976838ffed7449a4dc138b604f4b2a4ae689ce75018ebccdab2eaa0b60768f7208257f2b28e7aa09bf6c05888da46fd396d1c803011750e30eb484870c8806977696f12ebb9feeb4caf92a02dbaa22bbff63f842c3ba147bca7c00314278acd0db173569f4e36527958ef6f1002bd3cd01f407a86531edcbd9f31b3a4ab880a4f5b52b42d0d4a1ba66a2098651ae3e6c9151f40273285f7f6a4e81606bf980f689504b42080fdb97c72846fba9047c7e660ba5c6bf126a9a599e2571fa13505af7581bfebc16513f5c94dc71937e6e61b3ea10939b02ea10859f32d7912b9e3806abef6185fcffa68821478005cbfc1d637dd020425620a318074898bdc30931c59ac0c66c4d1238b097cd5b170f084435d4bae48a03d92fd48fc2caa4ffc505f1bca516fbd6e4f888cced982ae0ddb88fc28aa697b7071d015b0acb2809b01d1d9c7e7b53eee6824cc37cce5b6993d88d83eafc2e928a6f147db6eb80b1a69f01605b046bd2fd1d92c5459d6d3398a9caa299ddd0c3ba2e08941307b120cc13992f7003aced14a4a4d923bbb12fc393ffcf920b9f6d4775e94d4a512267fd26a6997c6062b4c9900f9862b9ea0c8d7df19f05c2b604af5b9864fb2754a8073bbbfb18233e6e150f72a525e3a5760fcda7d32a60034f956e3cbd3436c200830b3e7a14571220bcb627d5a4be72c20b23351b2d920602a51c3eb32c1237039dfbff43c987fd8563777f0e5a39f8146c164bdffce44f3b13ee74d64bfdcf9803f03dd0172ac4fa4bf6c7839cb11f3d34baef0e32b54942fc4fa38f473e2966f4911c0e80d76937b25b7632275ba88309635a60df135489208d3e734b672eda7d2ba21579aba8d8860ea764fd67eaf9c38ea7637d1bad57b2f3d782b91e1d5d92ac300bdba7ab9113ce913d0c793c12a9a726e3fcab05cb479977871640630d459e69e81ca5cf56ddb2a0611d61d481c1b8cef3804bd4e5754a61eb49b17ef2b03c83057b5d20d882058c00f54b6cca86be95350dd7bcb25e4c1c4658f45229c8bb9f5cdfcc44795c978e3388d325760106e52be9834bd81ffc5c62486b6f33c27459df178eb946e7a82db9ce0d295b925bb6126dd55c31f49a68dcefc7:5d8545a4be3fd6da2578c2eccb648d83fcfe587133fa7ae4a1cfca9ae6daa49259c952044a85a20b6f5324f827dba2d1a8388c40a928b950913c634fb30927077df978a1f4976838ffed7449a4dc138b604f4b2a4ae689ce75018ebccdab2eaa0b60768f7208257f2b28e7aa09bf6c05888da46fd396d1c803011750e30eb484870c8806977696f12ebb9feeb4caf92a02dbaa22bbff63f842c3ba147bca7c00314278acd0db173569f4e36527958ef6f1002bd3cd01f407a86531edcbd9f31b3a4ab880a4f5b52b42d0d4a1ba66a2098651ae3e6c9151f40273285f7f6a4e81606bf980f689504b42080fdb97c72846fba9047c7e660ba5c6bf126a9a599e2571fa13505af7581bfebc16513f5c94dc71937e6e61b3ea10939b02ea10859f32d7912b9e3806abef6185fcffa68821478005cbfc1d637dd020425620a318074898bdc30931c59ac0c66c4d1238b097cd5b170f084435d4bae48a03d92fd48fc2caa4ffc505f1bca516fbd6e4f888cced982ae0ddb88fc28aa697b7071d015b0acb2809b01d1d9c7e7b53eee6824cc37cce5b6993d88d83eafc2e928a6f147db6eb80b1a69f01605b046bd2fd1d92c5459d6d3398a9caa299ddd0c3ba2e08941307b120cc13992f7003aced14a4a4d923bbb12fc393ffcf920b9f6d4775e94d4a512267fd26a6997c6062b4c9900f9862b9ea0c8d7df19f05c2b604af5b9864fb2754a8073bbbfb18233e6e150f72a525e3a5760fcda7d32a60034f956e3cbd3436c200830b3e7a14571220bcb627d5a4be72c20b23351b2d920602a51c3eb32c1237039dfbff43c987fd8563777f0e5a39f8146c164bdffce44f3b13ee74d64bfdcf9803f03dd0172ac4fa4bf6c7839cb11f3d34baef0e32b54942fc4fa38f473e2966f4911c0e80d76937b25b7632275ba88309635a60df135489208d3e734b672eda7d2ba21579aba8d8860ea764fd67eaf9c38ea7637d1bad57b2f3d782b91e1d5d92ac300bdba7ab9113ce913d0c793c12a9a726e3fcab05cb479977871640630d459e69e81ca5cf56ddb2a0611d61d481c1b8cef3804bd4e5754a61eb49b17ef2b03c83057b5d20d882058c00f54b6cca86be95350dd7bcb25e4c1c4658f45229c8bb9f5cdfcc44795c978e3388d325760106e52be9834bd81ffc5c62486b6f33c27459df178eb946e7a82db9ce0d295b925bb6126dd55c31f49a68dcefc7: +f13cafde6f39b963dca96626862f4fbc5c2e00ddf08beceac7a6e2fca9e1ccf7c1b01a91e8ee0b9f19a72e5e7e0aefcfdc44a157474e99feebd0ff552d73b2ac:c1b01a91e8ee0b9f19a72e5e7e0aefcfdc44a157474e99feebd0ff552d73b2ac:2bee73b74f1b7622eb096a28d83a819bcec22d9999a32062103d604ae6d78edf8f893895d2220ab75690410c58aab590a98ddff23a94d2350f889e53464200a527d54d62571107b27e574f542ebac249b8e2e3ce08d1bd27bd8d29f2e61243deef0e6938e52ee2992ff2187d7a7f5282edd98fc4985b619acb80aa9d03d6cb84b821106f40d6e5f4c387ab0af6f206615d0a175f7e60ee2755aea34675fdd823eb24109a9bd818ea2d9d9bd199cf8dfe79624b0372ae85e98c60200234bd413f4a62ce68a47b6c9b12857c0d399a448e5a5280e9f22f9b12ea2cd3c68713e77d0a11f3628d8ec5e060639031d3b640021c9c38809dc5f42d2e1c2e2346c86e24eedc5984a115a42de8de7e35c9917539e89885ca916e072afd5d46846b2a935961c2fe28e9eb3c8f896b86fc120cbd3af2aa139c499d29cfc3699db79c14484e9ec257a5f64344b7ad1e3dfb34eee7654c6bf12fd38fbba80fe1762aab57112b3a94e2bee79041d1e88440f85fb72dde68d49e84bced998a2f6335446e4a835e70c5f827fb3ad7823d5fbe3be5f6ec7e434ee524ccd9ff5b7e72a32d091a7e17c8b1ae41a1af31793cce91d84c3622678969c8f517dc26e3cd61d2446912283f9353bb5ad03c111c6233de314c61b831cbf38b04fe58cf44f1d2d0b45f25a6b4e0256859cd5d830fac5ec3c8d76398559e9b26010f5e1da5f25d2200935453ffac5aea51f7e81e72ec8e5f04d2f885c7b45c63f64456cfe231b8cb24aa1620a902639ca78dd391aa4a3d03e11975c8907f964fd55df9bbb140e38d6db93256b4b39c2b7bcbe35b11826bbf8c08f1dcb48edc4bfb70462a35ea8cd8cba79fab8b4c44e73be7ecfa112166f6dcab70d8bb55d8b8428c2da71aaca2fc3d90f3cc5ed01551358d60789b9d571efe10892027fa37404aaf59ec1c2d7111ecc3592467ed1d9b8aba8e229e32d2a00c19db7187fbcb122061961c1fdaca307e9c9c9de972ad51402fa67dc1c2a403b3c5e8b1e246862d6ad6a498db6d761fb566f6065942b60ad4b4309d182bc5154cfc36863185a87e23abaa1d541ab763a4a1066c0a7a8c3d821ae32fd31c8892401046d0a20e91a64779f4bda81120af3fb3486d3fc0a7:6ca9f80a62501faf319fb84af471f676ae3fff85565c97981f1457cbb8c49f97b266316a992db0d42bc502f095a5f2d9a4e1cfac0cc935d3882c8a3a0ea6e10e2bee73b74f1b7622eb096a28d83a819bcec22d9999a32062103d604ae6d78edf8f893895d2220ab75690410c58aab590a98ddff23a94d2350f889e53464200a527d54d62571107b27e574f542ebac249b8e2e3ce08d1bd27bd8d29f2e61243deef0e6938e52ee2992ff2187d7a7f5282edd98fc4985b619acb80aa9d03d6cb84b821106f40d6e5f4c387ab0af6f206615d0a175f7e60ee2755aea34675fdd823eb24109a9bd818ea2d9d9bd199cf8dfe79624b0372ae85e98c60200234bd413f4a62ce68a47b6c9b12857c0d399a448e5a5280e9f22f9b12ea2cd3c68713e77d0a11f3628d8ec5e060639031d3b640021c9c38809dc5f42d2e1c2e2346c86e24eedc5984a115a42de8de7e35c9917539e89885ca916e072afd5d46846b2a935961c2fe28e9eb3c8f896b86fc120cbd3af2aa139c499d29cfc3699db79c14484e9ec257a5f64344b7ad1e3dfb34eee7654c6bf12fd38fbba80fe1762aab57112b3a94e2bee79041d1e88440f85fb72dde68d49e84bced998a2f6335446e4a835e70c5f827fb3ad7823d5fbe3be5f6ec7e434ee524ccd9ff5b7e72a32d091a7e17c8b1ae41a1af31793cce91d84c3622678969c8f517dc26e3cd61d2446912283f9353bb5ad03c111c6233de314c61b831cbf38b04fe58cf44f1d2d0b45f25a6b4e0256859cd5d830fac5ec3c8d76398559e9b26010f5e1da5f25d2200935453ffac5aea51f7e81e72ec8e5f04d2f885c7b45c63f64456cfe231b8cb24aa1620a902639ca78dd391aa4a3d03e11975c8907f964fd55df9bbb140e38d6db93256b4b39c2b7bcbe35b11826bbf8c08f1dcb48edc4bfb70462a35ea8cd8cba79fab8b4c44e73be7ecfa112166f6dcab70d8bb55d8b8428c2da71aaca2fc3d90f3cc5ed01551358d60789b9d571efe10892027fa37404aaf59ec1c2d7111ecc3592467ed1d9b8aba8e229e32d2a00c19db7187fbcb122061961c1fdaca307e9c9c9de972ad51402fa67dc1c2a403b3c5e8b1e246862d6ad6a498db6d761fb566f6065942b60ad4b4309d182bc5154cfc36863185a87e23abaa1d541ab763a4a1066c0a7a8c3d821ae32fd31c8892401046d0a20e91a64779f4bda81120af3fb3486d3fc0a7: +c846344261a34865393834bfaa3a15a3f53ac9e13833b0b287122781b79de392ebade0226195ae254b6115e21696a9c65a19d5e040443131c22b89f02f69ab78:ebade0226195ae254b6115e21696a9c65a19d5e040443131c22b89f02f69ab78:5abd13e95b6ee1d5514768282200a14f7d1a571f3468e22efec993463066a37aec8373e5fb499564191f3294a9b30afb5f1a34d4d88abc3e9bc303c1aba05bd8faca90ee35d97ac3dd9106f6fa3ca81a3810eccefa6a209ea3f3fc3049dcb1b003c728f7f6374ca98c582de6db1af760f0a02133ca4a010324304d26a0e50af0d13c134da34a03a41e83ec8f10ea5b859bec1f51b01cabb2d16c1fc52b058f8e5defaede128171c2e026902316f871b35e3292656f0e5b39bbbc81d0c0830e6ac01fac9b4539f47f9acfbd58b7ab9f5a125600f251a271d7bf167f2954ca8e1e0c96e16b06e8307df88bb8e9d57d5ba044f27f3eaff81d9f150554aa7122fd10d11f35d2be2b1624e3e1a1d77fea4c5c7f8b983e945ba8c08dc1545b3e6b2973ad041c44d0617eccc871a3821a9ffea9db7c2b0d055da55de0b35063e4225aee6b225ab2a7906a8ee329d1b3972e0d1f70817c50ccfe9403d12ad62c94923b9aa2d7f85a8dda47be4dcec0dc2b0b58f7ac190ae0579b9b13bbb8b16a31b0ab4d6f2791253ab4751b536b88d3b4937cc3a110aa82a6ffed6853524b66b3effcd2f63c6f9645cea13aa23cd1c99d9ffda4cd3a9c5df45ec74726c3471128b7089fbd82694d2d3f08dc9306c0fc9ce7c801138eb1ecb756e571e9059b75ed03f92a31502fbeb5fec51de9359010c4397d28b65e356e38001d0d51ac9600728c78b5766e0f217938b410e785b4c01e86a3452bcb3884aca47540859cc49b000f0b61fdbe72752574b27a22d4c40413a43b310924b1bb140fc9fdaae266d65930e3f234fe841d82b26176ff86c5d2bd8d965c52d728064ebdf68dc8e4834941801cca0b2f256d4f6c3dd19d35d5362bbf9b8a3a1c863e092689dd2852add488bf42685b11e1e1ad5745d075628d731f91cfd749159e2e1c837f4ef83d80ea1dd9bded5f88018ce1d4b3371f954353f3d894370062c0965d67986dbc481715f42dd2c91607ab8b5f0d89f66e68d73d50d640524d72e69134b887298e5cd8c4b905ba5efa0e9d685214b842f50a2a3983a1af585af2ca43dbcf02c40897ae2e1ab51dbce570345e8e135fb7b4eb0a1d6a0bb5a8a1807e425b2d628360768058e61ad1cfaa2099:d5e41b47ad0f3400709770ed43919bafdf24381b661544e51d8b5cee9e97b3676a4c0ffaebb2cbd2db798532b65cf654a5b6c166ef886cb0fbbf4a4f844c440b5abd13e95b6ee1d5514768282200a14f7d1a571f3468e22efec993463066a37aec8373e5fb499564191f3294a9b30afb5f1a34d4d88abc3e9bc303c1aba05bd8faca90ee35d97ac3dd9106f6fa3ca81a3810eccefa6a209ea3f3fc3049dcb1b003c728f7f6374ca98c582de6db1af760f0a02133ca4a010324304d26a0e50af0d13c134da34a03a41e83ec8f10ea5b859bec1f51b01cabb2d16c1fc52b058f8e5defaede128171c2e026902316f871b35e3292656f0e5b39bbbc81d0c0830e6ac01fac9b4539f47f9acfbd58b7ab9f5a125600f251a271d7bf167f2954ca8e1e0c96e16b06e8307df88bb8e9d57d5ba044f27f3eaff81d9f150554aa7122fd10d11f35d2be2b1624e3e1a1d77fea4c5c7f8b983e945ba8c08dc1545b3e6b2973ad041c44d0617eccc871a3821a9ffea9db7c2b0d055da55de0b35063e4225aee6b225ab2a7906a8ee329d1b3972e0d1f70817c50ccfe9403d12ad62c94923b9aa2d7f85a8dda47be4dcec0dc2b0b58f7ac190ae0579b9b13bbb8b16a31b0ab4d6f2791253ab4751b536b88d3b4937cc3a110aa82a6ffed6853524b66b3effcd2f63c6f9645cea13aa23cd1c99d9ffda4cd3a9c5df45ec74726c3471128b7089fbd82694d2d3f08dc9306c0fc9ce7c801138eb1ecb756e571e9059b75ed03f92a31502fbeb5fec51de9359010c4397d28b65e356e38001d0d51ac9600728c78b5766e0f217938b410e785b4c01e86a3452bcb3884aca47540859cc49b000f0b61fdbe72752574b27a22d4c40413a43b310924b1bb140fc9fdaae266d65930e3f234fe841d82b26176ff86c5d2bd8d965c52d728064ebdf68dc8e4834941801cca0b2f256d4f6c3dd19d35d5362bbf9b8a3a1c863e092689dd2852add488bf42685b11e1e1ad5745d075628d731f91cfd749159e2e1c837f4ef83d80ea1dd9bded5f88018ce1d4b3371f954353f3d894370062c0965d67986dbc481715f42dd2c91607ab8b5f0d89f66e68d73d50d640524d72e69134b887298e5cd8c4b905ba5efa0e9d685214b842f50a2a3983a1af585af2ca43dbcf02c40897ae2e1ab51dbce570345e8e135fb7b4eb0a1d6a0bb5a8a1807e425b2d628360768058e61ad1cfaa2099: +faaf55d3c29714b65c2281e2c22d6134971a2e74008fb94089a773eeeb4483a639862eac6dd52e381bb34dc196ba8a374dcb7df6cb140fd0cfa6cfa39b8c753f:39862eac6dd52e381bb34dc196ba8a374dcb7df6cb140fd0cfa6cfa39b8c753f:94e661c25240a89e823d7f5dc0e692eddd1370c35ac44d5a8c8798d0c9aafdf0bbfb549260568dba1c69086bee636be8edccd3cbb27016244d54d7ed2feb7fa64614d45449d7e058e71b306c22e6911c2ac74207bae5a84d0fc247be49d356e5d4353ba5586b6e4b2b97ce9e2377b6eed92c849e676944ae90dc4208e300e19cc91dc26bbdd5a30cfa9281a15efd873066f85af3a26f310623e009804853cc6855903ea64a909897e315e73d312948980ef6289db21a5ebbec8c8efe20d1d53dfaad6d9f4296532e887c37350105a633abc773188751b28c3a08f1b5ee0472de4627e6b61b68278dd51ced6a61ecf38886e45339dc6c60c31e850ef8296ae80f9d31701776eb9af21693f4c52ec062625738d4e3afbf71d1c81fc4846360363ea541a976623a5e4e6b6a67237e9237173f1a1d543302858885714c2a591d0a786282a0285a3711f7bc2b63ca7987e9ae7d02035555cf3b6ad6f71ca98aa928883bf81dd6f86493eaab5637b4dd569d1ee8de6a44bcedb62b9706b1db89e3f05df16310017d89ef3e4bc099b721a5c8d38043d6e4a22cf04009c0fcee6be69937829954941b8b4a1ebf4daea0d774d0782be176c8e591907756c2cf75dea6f7877dd6875b8fe1012f3050cfb1289cf088667e1522eeedc927ac86bfe2c407432b4a813a6a7a5504e999206db1827e25fafd70ced36db3b281b6f7b14ed5baa0572315a939c5bf4abb133d2e7b16d52de20817af055df5f141207734610a0c6eebedafffd9cc9f069b67f9a1c0454be41d54c138be542e5e38cfe2f293f7d2d3df66977acb366a42c19b3185acfa1b363c6131a4a8111c3b1f4fd7ac406d0e69103ba15b8c4bf29bc2ed9c45cfd1d279d8d931444b2b1849252b8a70eed80fd260edf5a3c01b9690160d2311851d21c9302d985986eaeeb3ae2c07c7c7672094f91db0bd50be377e4d1eb07ee76af49dc136a145a11b172f0811fe73d6259be370c4dfcab6f19e4a64b151d0a6db8050c3de2cc325f5c5f6594cf6248eb081209539e08ca3422984e7bf803de3a419b14423f1e5a54224042ce4f05488a6044f4042bd649b1a08ce10c2006ea76efab4641fef2897efd724e6054a3bd1a69e39a4a5e2d502:5b0083f7a82061c65cf6c75640c81c28e8d6d2e87f6d5795c9aa3bb3e390e91990e82db6f07e614f507a560abaa1eca656c678ddcae8198251e6af0b76b88d0d94e661c25240a89e823d7f5dc0e692eddd1370c35ac44d5a8c8798d0c9aafdf0bbfb549260568dba1c69086bee636be8edccd3cbb27016244d54d7ed2feb7fa64614d45449d7e058e71b306c22e6911c2ac74207bae5a84d0fc247be49d356e5d4353ba5586b6e4b2b97ce9e2377b6eed92c849e676944ae90dc4208e300e19cc91dc26bbdd5a30cfa9281a15efd873066f85af3a26f310623e009804853cc6855903ea64a909897e315e73d312948980ef6289db21a5ebbec8c8efe20d1d53dfaad6d9f4296532e887c37350105a633abc773188751b28c3a08f1b5ee0472de4627e6b61b68278dd51ced6a61ecf38886e45339dc6c60c31e850ef8296ae80f9d31701776eb9af21693f4c52ec062625738d4e3afbf71d1c81fc4846360363ea541a976623a5e4e6b6a67237e9237173f1a1d543302858885714c2a591d0a786282a0285a3711f7bc2b63ca7987e9ae7d02035555cf3b6ad6f71ca98aa928883bf81dd6f86493eaab5637b4dd569d1ee8de6a44bcedb62b9706b1db89e3f05df16310017d89ef3e4bc099b721a5c8d38043d6e4a22cf04009c0fcee6be69937829954941b8b4a1ebf4daea0d774d0782be176c8e591907756c2cf75dea6f7877dd6875b8fe1012f3050cfb1289cf088667e1522eeedc927ac86bfe2c407432b4a813a6a7a5504e999206db1827e25fafd70ced36db3b281b6f7b14ed5baa0572315a939c5bf4abb133d2e7b16d52de20817af055df5f141207734610a0c6eebedafffd9cc9f069b67f9a1c0454be41d54c138be542e5e38cfe2f293f7d2d3df66977acb366a42c19b3185acfa1b363c6131a4a8111c3b1f4fd7ac406d0e69103ba15b8c4bf29bc2ed9c45cfd1d279d8d931444b2b1849252b8a70eed80fd260edf5a3c01b9690160d2311851d21c9302d985986eaeeb3ae2c07c7c7672094f91db0bd50be377e4d1eb07ee76af49dc136a145a11b172f0811fe73d6259be370c4dfcab6f19e4a64b151d0a6db8050c3de2cc325f5c5f6594cf6248eb081209539e08ca3422984e7bf803de3a419b14423f1e5a54224042ce4f05488a6044f4042bd649b1a08ce10c2006ea76efab4641fef2897efd724e6054a3bd1a69e39a4a5e2d502: +6d7855e30f7a13e237b067144346434bb4b05178c7d88d492e79027c4b0f3cdd7273293828efa349822392dbbab07879577e1a77a6fd6afe33753a9eec88c4af:7273293828efa349822392dbbab07879577e1a77a6fd6afe33753a9eec88c4af:f8b936e793b017580cc0e9cbda2acb6474507f4bca3afc8783ec46eeb82ccd4dd2525676aa6ab5c0dcf7d75f7e0311e6fe6bf27263f8578feb55c5612d1f28e888b76656c41ccd8a70b9bc604b42724fa2bc411d44c31ab68ce84f8393399e34d5408579c2ba2921f2f8d11487aa7e52557feed96757199d3aae6377770154b17f3577c7ac3d8c76cf7461b5e8d42a7185078ed4f862fc57502f615075307b6e103c77c1f6c8bda7aa17e435e21b949af44dff5aa30a62da712fa9966a612ffca14871fd6f860b4a9614012c5369910e0ffd6f0fbd889a9c257c32bdcf90bb80627cb272ecd4599897555955e1fe08cd7ebb21c071be0f48989696cb39aa82ad11baa5d4ac613abf1b6db8a20e686836222833f8b6dd2f0006227be48e8580dcc8de620dacb2f65a693675d6cb45ba5dd1aa70db76bc641d4fb567ecbc7111442e294158be575c71ddc26e94f41266a2fd3a0d435781fc094648fadf5f17cd41ab895821894ec0806b262c393534fe66f21e3783c14a96c88f2e0653fe32e75dce8a463bb97eed6c16f3f3228169abb5b4bf9ea3278c1ff0f86eae71389b6433acd097eefa9e6e05f4955cd517830b8d9870ccb5227415e50f23f6473217a745096470dca93d2b34673c5d6a57ed02c8e0cae119b3f329d8ab6498494c2921bb6f496dd08381e7d39f2db5763b14a2821befcca0a9fd312545de68abf206d12d8e02e73bc7e3cb796e7ee26cc63d741efafc5345f8132951bcfbfddf631fb7cb43ef35b9453c9390eb23b1f9d8b1c72debd24f09a01a9dc60ee6815306188357781af6e1820aa35e4ec121b7ca34d7de7611b246a3e703ed48c7eb03a6fe8f852ee7d32545c9d852d64d5d75930e5f1ebe21a307efa7622edaced6d879026f0f85a9112012803705582269d39f143234df8909ab3d948e76d3daaa24226d9ac601eef277fd2cfc4a19aedf4387a21617b03ec3d3845a38554f5e97036e56ec1ce660df9c062c2c993b77c5ba6a6d05231dae3764183c3e96aa539cfb3415fb163c645b2303b2d6d4bda8ca6c72bc03d5305f9b118e925e27d29ab7dcb196470e6339631b2380744c04d1da348fc0fe274277f82f95bdfb0b64b4cf3b51e571c0ddb3b53ca6:0fe28eadd9e5dd574b3faaea810d44522c8b1bfbb3e3d57ed889faedec91d0e14a86b914c4c766f1bf9b8f18b0db890db6c1b125d57804333619b1e0720a3300f8b936e793b017580cc0e9cbda2acb6474507f4bca3afc8783ec46eeb82ccd4dd2525676aa6ab5c0dcf7d75f7e0311e6fe6bf27263f8578feb55c5612d1f28e888b76656c41ccd8a70b9bc604b42724fa2bc411d44c31ab68ce84f8393399e34d5408579c2ba2921f2f8d11487aa7e52557feed96757199d3aae6377770154b17f3577c7ac3d8c76cf7461b5e8d42a7185078ed4f862fc57502f615075307b6e103c77c1f6c8bda7aa17e435e21b949af44dff5aa30a62da712fa9966a612ffca14871fd6f860b4a9614012c5369910e0ffd6f0fbd889a9c257c32bdcf90bb80627cb272ecd4599897555955e1fe08cd7ebb21c071be0f48989696cb39aa82ad11baa5d4ac613abf1b6db8a20e686836222833f8b6dd2f0006227be48e8580dcc8de620dacb2f65a693675d6cb45ba5dd1aa70db76bc641d4fb567ecbc7111442e294158be575c71ddc26e94f41266a2fd3a0d435781fc094648fadf5f17cd41ab895821894ec0806b262c393534fe66f21e3783c14a96c88f2e0653fe32e75dce8a463bb97eed6c16f3f3228169abb5b4bf9ea3278c1ff0f86eae71389b6433acd097eefa9e6e05f4955cd517830b8d9870ccb5227415e50f23f6473217a745096470dca93d2b34673c5d6a57ed02c8e0cae119b3f329d8ab6498494c2921bb6f496dd08381e7d39f2db5763b14a2821befcca0a9fd312545de68abf206d12d8e02e73bc7e3cb796e7ee26cc63d741efafc5345f8132951bcfbfddf631fb7cb43ef35b9453c9390eb23b1f9d8b1c72debd24f09a01a9dc60ee6815306188357781af6e1820aa35e4ec121b7ca34d7de7611b246a3e703ed48c7eb03a6fe8f852ee7d32545c9d852d64d5d75930e5f1ebe21a307efa7622edaced6d879026f0f85a9112012803705582269d39f143234df8909ab3d948e76d3daaa24226d9ac601eef277fd2cfc4a19aedf4387a21617b03ec3d3845a38554f5e97036e56ec1ce660df9c062c2c993b77c5ba6a6d05231dae3764183c3e96aa539cfb3415fb163c645b2303b2d6d4bda8ca6c72bc03d5305f9b118e925e27d29ab7dcb196470e6339631b2380744c04d1da348fc0fe274277f82f95bdfb0b64b4cf3b51e571c0ddb3b53ca6: +7ee4e7e98c6a40f0e74413f24039bd220df1f8c7f015528dbf5284ab9f7c82e24d5a800f9b22070e016ee23af8a310902b369d589a847f345c2ea2968d6d0924:4d5a800f9b22070e016ee23af8a310902b369d589a847f345c2ea2968d6d0924:8fb01373c42e69614aea99af49323785f33861b94e90f565389ebf70e219f5dec732e0010b58f7290530df222ac9c73e1c2e92a5e6061de5590caf9c0d5021d729eaa11541fa1d082160beaf611e7cfdc0ebb315d388e538b4b5028f9b30d3d973347ffd44263eef083b81b21b82eca5756a494b1d81c07de849506d3e3b668797a5c544254d4ebe5cf8171b39f8724cbc4189291b3c53c21ece49a1d739563c65b49025935647a7303ae0ef7f6d24554645a428dbbb42449f5399e36dc787b7d6958a02eebbb836e5e53e26e487239de94d1d250e7943ac0e22d92750a0cf3473be1a6225cbe79545048269f6237ec9f9ec307e8a34b7bb34cd4906e43162a3708f329c5b989d7a7fcde1099a542546fe9c33182ba51b843e96d11c79e91ad21f7170e257fdc2818e12f9168a974c968a4d273fa3ffa9f35ff905980eaad3721cae802bee36210b40b99319bb669982e943b270a4c4d0a92ecb5bba2dd8b40ac3d2f0325c469d5e9d483f5241974010c5c0da335f16e962196c2ef14eb24aafbb311bfd5fa8dc8d2d61e6878ad2cce0dc9939e44522723d427ef32fb43b967f5e44fc665792796f8cf934f01c325d63d583dc3ca9d4fcc757d9178580daef53aa3ab21d2ce435955d1c6d47638c5edb62ff5561693d1cbd10ec9e399a71bf9db1c9969fd59e4eeb31aa59bf39e9f184178def7246ed4b8f4be5badaa5db4af867f4f2ec39a13704202c8784fa168ce96f9cfac71017236275fd857cc3c51a9c7ac256215e14b843f7214dc9f824b91d1a5170d0ef1d37696f93ee966a2b7dece22b4f3afd39c16d601e5ff8408d45c1a6ce71f060976c5be4c042b1b738df9580ba5ae77880a70c0b94f0e1c9f9aa34c090d612d57a9b931f50a125fa35ce40a2cb7faad530f80908c73cb78258afd2631390041d92617e9bf64ce96e8e4ac7f3126d8af8a04c75ffd438769de06f74c2fc20cc8192da353e79061283bba08a8d24e6e4e2e83ba5b08e4275226062148d8a02afad65b6f627cfbd29b71ca18aee5b1f97169bf0228b376f4106b50fd91a38a66211d69ebb4a7af0e1c2217f1ba014d1e0cd17508d58155d163dd9de2fe1c64c7f88d5b553e9ba1e1f25430d7e125b07a8c2ed:ac3bfe3adf941c934d3349c492de70d5166be389f955be87c2883f41f2da146c910651a3b452c2d739dc9b531c5745565e69d98359f1d7d93ebd36d70abbf00d8fb01373c42e69614aea99af49323785f33861b94e90f565389ebf70e219f5dec732e0010b58f7290530df222ac9c73e1c2e92a5e6061de5590caf9c0d5021d729eaa11541fa1d082160beaf611e7cfdc0ebb315d388e538b4b5028f9b30d3d973347ffd44263eef083b81b21b82eca5756a494b1d81c07de849506d3e3b668797a5c544254d4ebe5cf8171b39f8724cbc4189291b3c53c21ece49a1d739563c65b49025935647a7303ae0ef7f6d24554645a428dbbb42449f5399e36dc787b7d6958a02eebbb836e5e53e26e487239de94d1d250e7943ac0e22d92750a0cf3473be1a6225cbe79545048269f6237ec9f9ec307e8a34b7bb34cd4906e43162a3708f329c5b989d7a7fcde1099a542546fe9c33182ba51b843e96d11c79e91ad21f7170e257fdc2818e12f9168a974c968a4d273fa3ffa9f35ff905980eaad3721cae802bee36210b40b99319bb669982e943b270a4c4d0a92ecb5bba2dd8b40ac3d2f0325c469d5e9d483f5241974010c5c0da335f16e962196c2ef14eb24aafbb311bfd5fa8dc8d2d61e6878ad2cce0dc9939e44522723d427ef32fb43b967f5e44fc665792796f8cf934f01c325d63d583dc3ca9d4fcc757d9178580daef53aa3ab21d2ce435955d1c6d47638c5edb62ff5561693d1cbd10ec9e399a71bf9db1c9969fd59e4eeb31aa59bf39e9f184178def7246ed4b8f4be5badaa5db4af867f4f2ec39a13704202c8784fa168ce96f9cfac71017236275fd857cc3c51a9c7ac256215e14b843f7214dc9f824b91d1a5170d0ef1d37696f93ee966a2b7dece22b4f3afd39c16d601e5ff8408d45c1a6ce71f060976c5be4c042b1b738df9580ba5ae77880a70c0b94f0e1c9f9aa34c090d612d57a9b931f50a125fa35ce40a2cb7faad530f80908c73cb78258afd2631390041d92617e9bf64ce96e8e4ac7f3126d8af8a04c75ffd438769de06f74c2fc20cc8192da353e79061283bba08a8d24e6e4e2e83ba5b08e4275226062148d8a02afad65b6f627cfbd29b71ca18aee5b1f97169bf0228b376f4106b50fd91a38a66211d69ebb4a7af0e1c2217f1ba014d1e0cd17508d58155d163dd9de2fe1c64c7f88d5b553e9ba1e1f25430d7e125b07a8c2ed: +1f28d9091d196cba3d4552e5a337a4d8af3f295e629e4ba6fe99703120ae41e0814d34bf28ee6d90f039599041db810f7c9daa918e03e96197414bc9aa31ecdc:814d34bf28ee6d90f039599041db810f7c9daa918e03e96197414bc9aa31ecdc:a69468bc33ebfef0615c643c49dac6e04fdb6cfb8ec45857bbb7a27e528fd631fc3411baee65cc1f94fcc94aed4a4332fa6861e065e06163541709d79728e01be2b140a022c83e7b23b9ed2ad2832169dfc95690913cf3720130657080c9d5a7827e5660757452c5fc3dcd80cc6be098c629226d5466e02b97126be74a1452ee16815095deb42bf06566715028c11825820a8a23c60da2b68dd9a55dad2a29a4964443817c07d776b244b15186819a3bbed414abf4579a3ece3a3dc7b105d0a9dba37b9eaa78be8e46e1698b59b0940b01f38b283c33a9a4b1d4f8144b16eeb5fc0a7af0d081696645a1eab3a787cbcf88fad93dd6cd46d295a879a1775033a98563822ef1f6b69a581e49736c8d701b4453969340521e4ad4bf94b911b0e2d86f34eece4a6385ff1fe63220cd3cc592f36d6c491fa18f7c1404360d2a7753fe073e09a2fc42a4bbea55bc96d7f05c98aed2cc4a9fae8fd4a0197ff01fa7f0046e3c3eb59aaabca313a4ddaa5d20d27c2c5f1ac6d87fd3cb4bd35a1ec75d104f7c367331a3e295e53c4e80bae14b9792d0d526f740d4ff036faf5487967ffabe8e883d3fb0d16faadb28e1285ded41570c0b07c2559b531e0f9254ef88e5b10f64f4839a9a0b6c3c7f1b7850f4ad9bf0999a7f2ae7c45a658ea53036fc70199842b8e49e60f967de1ff3abfff6cd735b7cd8b8f9e248f156f6c6543869eb99823daea88debaf79f01e6521ec63fe72724ee3c822b88b3968b24852091583c49ab3c15fa1f79b18d98f04d9b6841c9a7ca0de2fcc02f95dd649492e8b56a31ec1e244337af6aaaede8bf99fc814ef57c0d5e08c3c7ecc1897980aa169a9926d20698df6930e2110cb460f49390100741095f8ed00412ae696d98efefd290da5f7d0b728d20a1ebfa6bd7d270f281a98c7b1e408435125aa483c6b7d633ff7588a941658f6129544d62945b9b8af71a8c62c0a50076cb8541ba7e4bde4ede441722c6eb9df8cfd0656339e86d226abaea05ea047f6b8307701f6c9a44cc9cb837b8eb62445925e8a8881d2538fcb2b249e4ee8b686ecfb49c4df86401d249aac35841e914004f9455d3fde375d20a01fba27b197a698d384c76505106801627e8336bd2d76d761a8:5be552fa731e836793f6dda895dc9b1e2ccd669de1c843e00ea6fa3c5ebf97a34b26f1f3ac7ff2225ee4a7e430072c13da4066dcdcc05ba2b5f61a6e8d210709a69468bc33ebfef0615c643c49dac6e04fdb6cfb8ec45857bbb7a27e528fd631fc3411baee65cc1f94fcc94aed4a4332fa6861e065e06163541709d79728e01be2b140a022c83e7b23b9ed2ad2832169dfc95690913cf3720130657080c9d5a7827e5660757452c5fc3dcd80cc6be098c629226d5466e02b97126be74a1452ee16815095deb42bf06566715028c11825820a8a23c60da2b68dd9a55dad2a29a4964443817c07d776b244b15186819a3bbed414abf4579a3ece3a3dc7b105d0a9dba37b9eaa78be8e46e1698b59b0940b01f38b283c33a9a4b1d4f8144b16eeb5fc0a7af0d081696645a1eab3a787cbcf88fad93dd6cd46d295a879a1775033a98563822ef1f6b69a581e49736c8d701b4453969340521e4ad4bf94b911b0e2d86f34eece4a6385ff1fe63220cd3cc592f36d6c491fa18f7c1404360d2a7753fe073e09a2fc42a4bbea55bc96d7f05c98aed2cc4a9fae8fd4a0197ff01fa7f0046e3c3eb59aaabca313a4ddaa5d20d27c2c5f1ac6d87fd3cb4bd35a1ec75d104f7c367331a3e295e53c4e80bae14b9792d0d526f740d4ff036faf5487967ffabe8e883d3fb0d16faadb28e1285ded41570c0b07c2559b531e0f9254ef88e5b10f64f4839a9a0b6c3c7f1b7850f4ad9bf0999a7f2ae7c45a658ea53036fc70199842b8e49e60f967de1ff3abfff6cd735b7cd8b8f9e248f156f6c6543869eb99823daea88debaf79f01e6521ec63fe72724ee3c822b88b3968b24852091583c49ab3c15fa1f79b18d98f04d9b6841c9a7ca0de2fcc02f95dd649492e8b56a31ec1e244337af6aaaede8bf99fc814ef57c0d5e08c3c7ecc1897980aa169a9926d20698df6930e2110cb460f49390100741095f8ed00412ae696d98efefd290da5f7d0b728d20a1ebfa6bd7d270f281a98c7b1e408435125aa483c6b7d633ff7588a941658f6129544d62945b9b8af71a8c62c0a50076cb8541ba7e4bde4ede441722c6eb9df8cfd0656339e86d226abaea05ea047f6b8307701f6c9a44cc9cb837b8eb62445925e8a8881d2538fcb2b249e4ee8b686ecfb49c4df86401d249aac35841e914004f9455d3fde375d20a01fba27b197a698d384c76505106801627e8336bd2d76d761a8: +c64dd20d42627526198a22647690c895b5b45b698f57a69dfbe48dbd426aa4702e01d40416f78acddb34b8445ea4fd0ab3fa9e6643044752213f07c7f0ff43a0:2e01d40416f78acddb34b8445ea4fd0ab3fa9e6643044752213f07c7f0ff43a0:821b9f7c16104b533bd127184fd72ade092b13bbd9aceed29b8d10f16688922d165f8931d53df590fb713b674d805ce0c9d6ce6c43ba6968191d12bfa08a8ce22e8f336b2b491af25d1b1606f930caebe522392a87d42ce7bc167aa7b610597220af31a665353071e8d9e5f42078b9c388bf040258e21f9c3ab38c0427618b2c28d3430df27921bfc58487b3461978bfa8bf586cfe8358e092f8f47466e762451d50164a0d74360f66b4cd3a3575da01da23752430c035da859f577de22290aab4ed7f34d267406ab547eb445cc64df53019427f4eb72bca55397153d01ccf7ec97d7a967d9aff46231d2e2027b38f3b41bd2cb1b798a4ae88abf4896216d315bd5383024259e59742802a911badcf8473db91af319733320cb9521ef9ce437267b6ea17bcafe5d0903b123a35c988f49834f61dd552640a3276da26af17ec21a20296586dd6f4b36c7a4f0b899d70b42af89e29370132edfb72d6834194a1609360b1f1feab89b96b8e8f0f68987c57cce0bab768113718fb1709de2df32177d44085da5efd9da70e1a858c92f245acfee64b71f3eb16e04fc13989e69337999701dd73abc266c9fd4cff91a0fd04fbd8b13b12e6f450385715848e007fa0d463119fd7de6325b640042b654212e0db8da1adebd2a7589f77ee4f752d282ca1119c431b17ad0a021ef2bf95e5ac4704e62d7039d0e651e456d60e63bade401cca77c9a89163174d5022d745abdc76b9ffe2544155235e3063e6e4aeec44ed5d8ab408d966fec12016c130730bbc558732065da800a70cbfb0fccca45d0028cbfd9632ddb2f0ed12edae7b930b106c9d1285a4b870de7507999c74793dd497408719c898abe49f7f33a33e69b50fa5af9480068566d1fddf4482d79704ad8ef11b88b42cc69fce8a557b5ba510e708b9375123038568270de407232e95621e2d04570bec2c41eccfd855b21f0c9bbaa23b5c5815fc888f7fbed482c320ffa1e063e87b55bc8f7eeea374063a9be65f7ed9225bf6ca34cfa311b79f3a258c252e6345ed6ac84748f46807a55d4ba41266169cd262d4f72279ef0caa77ff44933532bd1374756c23ec85f55efe9fc2331f26f881629f80c2692f7f53e4bc6f22efb45457a223f0d1c4:deacc8c23218727676d540a23bdad7810211e6d57ad294c37d4b1c9af6b337a53f7880d2bafa73b30508c008426bf8d7c965a1f4a422a1bc7d6ad6226fd19706821b9f7c16104b533bd127184fd72ade092b13bbd9aceed29b8d10f16688922d165f8931d53df590fb713b674d805ce0c9d6ce6c43ba6968191d12bfa08a8ce22e8f336b2b491af25d1b1606f930caebe522392a87d42ce7bc167aa7b610597220af31a665353071e8d9e5f42078b9c388bf040258e21f9c3ab38c0427618b2c28d3430df27921bfc58487b3461978bfa8bf586cfe8358e092f8f47466e762451d50164a0d74360f66b4cd3a3575da01da23752430c035da859f577de22290aab4ed7f34d267406ab547eb445cc64df53019427f4eb72bca55397153d01ccf7ec97d7a967d9aff46231d2e2027b38f3b41bd2cb1b798a4ae88abf4896216d315bd5383024259e59742802a911badcf8473db91af319733320cb9521ef9ce437267b6ea17bcafe5d0903b123a35c988f49834f61dd552640a3276da26af17ec21a20296586dd6f4b36c7a4f0b899d70b42af89e29370132edfb72d6834194a1609360b1f1feab89b96b8e8f0f68987c57cce0bab768113718fb1709de2df32177d44085da5efd9da70e1a858c92f245acfee64b71f3eb16e04fc13989e69337999701dd73abc266c9fd4cff91a0fd04fbd8b13b12e6f450385715848e007fa0d463119fd7de6325b640042b654212e0db8da1adebd2a7589f77ee4f752d282ca1119c431b17ad0a021ef2bf95e5ac4704e62d7039d0e651e456d60e63bade401cca77c9a89163174d5022d745abdc76b9ffe2544155235e3063e6e4aeec44ed5d8ab408d966fec12016c130730bbc558732065da800a70cbfb0fccca45d0028cbfd9632ddb2f0ed12edae7b930b106c9d1285a4b870de7507999c74793dd497408719c898abe49f7f33a33e69b50fa5af9480068566d1fddf4482d79704ad8ef11b88b42cc69fce8a557b5ba510e708b9375123038568270de407232e95621e2d04570bec2c41eccfd855b21f0c9bbaa23b5c5815fc888f7fbed482c320ffa1e063e87b55bc8f7eeea374063a9be65f7ed9225bf6ca34cfa311b79f3a258c252e6345ed6ac84748f46807a55d4ba41266169cd262d4f72279ef0caa77ff44933532bd1374756c23ec85f55efe9fc2331f26f881629f80c2692f7f53e4bc6f22efb45457a223f0d1c4: +0f8e9f3526b4faea9276f22a1779e6f82709808f6d0c612adfe32a6e8a061005d48c3f0fdef382d1d80313e846fca95e418176bb5dfa9d398c1d2124776f690a:d48c3f0fdef382d1d80313e846fca95e418176bb5dfa9d398c1d2124776f690a:0ccd37c4cfd8e70ca3bb3946d09d70d0f6a4b81d6dfb079d7873748071589880927382f7436a6ef8f51c255473dd01feb52c8edbe4d3255713e68d640f3dcf158f2bfb9fbecf71f0719dfe8ce6b601281ba6c20a56b4f8e7caa4aa9f868fbfc5e4321c22d65f0382c4896bf9bebe3546949e8185a4d817e45b5d1293953821bdd98ec259f64a3de53865b149ea01c8f683ecda61da5dc10e7ebdddfe7484f5eb1031b7916587caa399a06b6fea4c5e6e0be650fbdf06c1036df2cc35f62ea0ea713f52809d77f47c2e55c92392481680b6332056226913b0ce88a6c55a26bdb5b8bab3cf4695a8c522302c4eba37d31ff77e58301bccfc7c7be8580c6342687995f44acd190965ae0d7bf0669592b6ad88743ebb360c73e0484a23d2f9e99e9eb038dcbd87ca9b1a498f1b2d35fedd7f8e1f7fd8ca526486911e076aeab4877bbacf378a2855f9c5ac039130dc690e177d67b244cc8ad032379ef71fe05e9c8613d8f5d6ea3d4e3e47222029cc004253be47f87fb5e3314c4898134b87acf10b2538bad897bdc5012d8f9762c871b653d400fee0ceed5ef6bdd16faf3f0abdbd72cd0a12940546f0995ff14b0f1bd54856ff74c36eb4f22d7287aefdc609998c1f41bcc3bb3a5fa49234f4fa8e929cd0f554b315395dae873c61ca70e0410c2fd5a115d2a6ff1f1c94b27ba450b8194b21f095c61a5f215e3c84f5d43f0e736286d33b8c47814db979f9dc00919846bee685337d99555a24472e6b00b3f4a14311a6c7c904ba5889da6c1ddcc1117580f5fbc41f2b8a4268cf0e9fa5bf412534c9e4052aacb504cb86e2147ab8023d58800b763f9abf9d0440788a51dfe5cbd44230ba5228f1f5960ea3a4e4044d36daf811cbdbec5d696463d8e941f27217563bb44a2118a4f5acd6e794de17e028cbdeefdef2cbf03dd32e7899e65a1cf839f5d90e1f8c364b577fe3105353f66768dbf7af0c521aa8a49f7a22082d88f901498c90b9d7777ed2f9f0e8a552d8a1fa5e9632ed853258c9c215b6dbb4111dcfca554bfbc9bba22f88bc55552c6d862556d741dad59f215e37288346ca7d7fd8c65a380d720caff9efa149f3fda232daa5b12ef11c0af0862bd0229e075a3c6b60ef0bbb3dad7f2908:2f59a2936073913834eb15a0e0bcb9aa804089468f24dd1b2d37a1934ae9ba1020ff64b72eec03268d0a7c012c4e796300f6df7adda01c8bc5e9015ccdee1a000ccd37c4cfd8e70ca3bb3946d09d70d0f6a4b81d6dfb079d7873748071589880927382f7436a6ef8f51c255473dd01feb52c8edbe4d3255713e68d640f3dcf158f2bfb9fbecf71f0719dfe8ce6b601281ba6c20a56b4f8e7caa4aa9f868fbfc5e4321c22d65f0382c4896bf9bebe3546949e8185a4d817e45b5d1293953821bdd98ec259f64a3de53865b149ea01c8f683ecda61da5dc10e7ebdddfe7484f5eb1031b7916587caa399a06b6fea4c5e6e0be650fbdf06c1036df2cc35f62ea0ea713f52809d77f47c2e55c92392481680b6332056226913b0ce88a6c55a26bdb5b8bab3cf4695a8c522302c4eba37d31ff77e58301bccfc7c7be8580c6342687995f44acd190965ae0d7bf0669592b6ad88743ebb360c73e0484a23d2f9e99e9eb038dcbd87ca9b1a498f1b2d35fedd7f8e1f7fd8ca526486911e076aeab4877bbacf378a2855f9c5ac039130dc690e177d67b244cc8ad032379ef71fe05e9c8613d8f5d6ea3d4e3e47222029cc004253be47f87fb5e3314c4898134b87acf10b2538bad897bdc5012d8f9762c871b653d400fee0ceed5ef6bdd16faf3f0abdbd72cd0a12940546f0995ff14b0f1bd54856ff74c36eb4f22d7287aefdc609998c1f41bcc3bb3a5fa49234f4fa8e929cd0f554b315395dae873c61ca70e0410c2fd5a115d2a6ff1f1c94b27ba450b8194b21f095c61a5f215e3c84f5d43f0e736286d33b8c47814db979f9dc00919846bee685337d99555a24472e6b00b3f4a14311a6c7c904ba5889da6c1ddcc1117580f5fbc41f2b8a4268cf0e9fa5bf412534c9e4052aacb504cb86e2147ab8023d58800b763f9abf9d0440788a51dfe5cbd44230ba5228f1f5960ea3a4e4044d36daf811cbdbec5d696463d8e941f27217563bb44a2118a4f5acd6e794de17e028cbdeefdef2cbf03dd32e7899e65a1cf839f5d90e1f8c364b577fe3105353f66768dbf7af0c521aa8a49f7a22082d88f901498c90b9d7777ed2f9f0e8a552d8a1fa5e9632ed853258c9c215b6dbb4111dcfca554bfbc9bba22f88bc55552c6d862556d741dad59f215e37288346ca7d7fd8c65a380d720caff9efa149f3fda232daa5b12ef11c0af0862bd0229e075a3c6b60ef0bbb3dad7f2908: +fe7cdc7966d0ffb9c76f4a18e7f0bf90690eb76dc3d3d50884648e2e3937d020a12ee9812d6af6aa4879fa72bc0a69804ea1a85f9bc4a26a5ba7cfbb914d0dd9:a12ee9812d6af6aa4879fa72bc0a69804ea1a85f9bc4a26a5ba7cfbb914d0dd9:dcb91cf155461a60df07eec29d98616ed1728b34efa9e1f7445a9158a8f88d7faaae0e24725aeff263c3f74f0c684f1858f05b6995d2846b6a832f67085a4276d8661aebd3bfcc73181f1f510293b6de5e4bb23ff2dca1df608cb14ae522ac4b51e1f9b973ab8bafcd534e71c57181b11896ee1061fb369ca4d2939d1e57060d9f4db0a5c0b07d52687f157817e63e2fe7ebcc3e7c95efe05b859910c95eede86d14399e616248a28c24c414dbb693af9be435a3a9cdc33e0e2a586918d91b8a85cedd1612d7c1a21792bdd43a915b157e04bb3a44ecbe23fa49cc55daabbeaa155a737f765b8ddb0f3b15d4ecf2cef7054ca73ec87d91752c2e99195cdb1958844f144edab82a97549fc9cec08e8711cff863b63fc231a77f762e5cd9da9d59409252e99ab04c42bc57097e464e3c6a48d80241e6325e3e4094989b34c0e8b32b1a7829d54df32a050ee87d8f7c4fe3e4f4f7049d1feecdbea67108350db4e8edbe3c3ff8ab2a25d147b1c1c5821b0f8c21042d655db831691f59983f27d2ed1d4906c544e24e79be68653c9b229a7fb61ef545bab16e9881cb4d9265e293590a0bc2dc86bad23007ff40c95861923b498241c10d26bf4848f62ba7383f649dc38af1840d0de928a9bfee5e11b51434163a7ab1ed537415f1e93285e3699205720158f9557d8641ed2bf485b8212c8f82668bac3c228e6924c17d0d98f2e6d9234371c4425eb758689fdb0dc1cea1394a2862e87bb38e624c34799168613278225fb5e19c9247ada35554f2c4addbb61d5a502a708127d6efbca8f735090bdfdd88db29fbd14b69ab1262f0c3e26d263a59c5ae4639065383d5250b54cf592bb7adfeaae0d2fe816b6381e86ea2d1c71813cbc3d8fe2d31de7b30fb6ec2294fe4536a36c6a1835a7162ab4bf89d19466119657b0e4645aef503505b4d55df977bd2c90c64406f4970d5cff245b835322a6fbe234e5efbb5ea45e8f0d3973be4aaa2aadaab077d6c9b25bd4494409e93479d2d1507f66bc8bef82999a13c7943b472b9e61ec29debefbf2241423e0faa42c1a338a7a6131ded935ba03a28662e68593368dde54b462f2a5fb746185ff5503e69ba36bf16f71458cdd057e5c17267f67498d652860b465e:b52d03fdebcd429737ef70920687211fbb4c04f81e355cec7072c5054175d2ed77f38f466f001422da8fcdf067db1451007cab607f049c2e2607b57d44713c04dcb91cf155461a60df07eec29d98616ed1728b34efa9e1f7445a9158a8f88d7faaae0e24725aeff263c3f74f0c684f1858f05b6995d2846b6a832f67085a4276d8661aebd3bfcc73181f1f510293b6de5e4bb23ff2dca1df608cb14ae522ac4b51e1f9b973ab8bafcd534e71c57181b11896ee1061fb369ca4d2939d1e57060d9f4db0a5c0b07d52687f157817e63e2fe7ebcc3e7c95efe05b859910c95eede86d14399e616248a28c24c414dbb693af9be435a3a9cdc33e0e2a586918d91b8a85cedd1612d7c1a21792bdd43a915b157e04bb3a44ecbe23fa49cc55daabbeaa155a737f765b8ddb0f3b15d4ecf2cef7054ca73ec87d91752c2e99195cdb1958844f144edab82a97549fc9cec08e8711cff863b63fc231a77f762e5cd9da9d59409252e99ab04c42bc57097e464e3c6a48d80241e6325e3e4094989b34c0e8b32b1a7829d54df32a050ee87d8f7c4fe3e4f4f7049d1feecdbea67108350db4e8edbe3c3ff8ab2a25d147b1c1c5821b0f8c21042d655db831691f59983f27d2ed1d4906c544e24e79be68653c9b229a7fb61ef545bab16e9881cb4d9265e293590a0bc2dc86bad23007ff40c95861923b498241c10d26bf4848f62ba7383f649dc38af1840d0de928a9bfee5e11b51434163a7ab1ed537415f1e93285e3699205720158f9557d8641ed2bf485b8212c8f82668bac3c228e6924c17d0d98f2e6d9234371c4425eb758689fdb0dc1cea1394a2862e87bb38e624c34799168613278225fb5e19c9247ada35554f2c4addbb61d5a502a708127d6efbca8f735090bdfdd88db29fbd14b69ab1262f0c3e26d263a59c5ae4639065383d5250b54cf592bb7adfeaae0d2fe816b6381e86ea2d1c71813cbc3d8fe2d31de7b30fb6ec2294fe4536a36c6a1835a7162ab4bf89d19466119657b0e4645aef503505b4d55df977bd2c90c64406f4970d5cff245b835322a6fbe234e5efbb5ea45e8f0d3973be4aaa2aadaab077d6c9b25bd4494409e93479d2d1507f66bc8bef82999a13c7943b472b9e61ec29debefbf2241423e0faa42c1a338a7a6131ded935ba03a28662e68593368dde54b462f2a5fb746185ff5503e69ba36bf16f71458cdd057e5c17267f67498d652860b465e: +f6c9ab5ea75f294e8e0c07c4c09ed8eea3113bdfc2ef759e20a264571604108db12ff55bd3ec42610eacea28b313a16e19c9e8b47c2b15170991be088d65cf63:b12ff55bd3ec42610eacea28b313a16e19c9e8b47c2b15170991be088d65cf63:71623b39743e39c7e08638806d468a1a8a6f35c2ae388eefc27374bb52538814c4b36c9b8e389ad83183de02a1bbd0325734e4618754092337d3e7dc1256928e3528870ca7f00613a25b71bb15d1d9eaaff9f2269b71c19769e003ce845614b2ec95ed28ca855b5221d4cb80a6ca9466aa33e2510ddff7dce186159da70fc8b1fbac12a26e1fc0942276892ad6e9b003f56959bd313af289e7a0532a664b76b96b919854e0650cb8c52ec4c5fb5053af2f0cf8c0f22a523f9e2c6419df8d0b714ee3776800ebfa70776084667d6dcf541f14cf166262e0f64c4276ae28885e6cfd097b70c0d6186ea5dbd033323c987613da08645de07208bae12a178d8f7f650a25afbd701c85a1ba639ef9f121c40c5c129a4737343386a48183ff3c591389d89ecda526cffb2674f17bb1c23090554b1340849796a6d444460bb419427e93e6585b0f4f065ad87ee6edf54be6188a1dd5ace1364defa561f74e26769c9b291ee7555276501c6a49080da0924f3792c2a728a52007b1c07c95578fedaf403996239e9c55a9a44c3dfcc37cdf03fb485db5a08dff15a7a4f7b7f154742e8431564dc17dbd432e10337c2276fcfd9d70f7c3d570393a0c19f64051c73a870e205584106531d1fd2a1dd1c9d0fce14ffaaa077bb7e260251eed6c62bc6edc2422519440c2244eba384046b0eddaa6cf2c1c7eeebfcd78fcae18b82290552b59c0463dc450618ba67c770dec0e229b8460936ca819562bcb36969c8ff70bf113c11671e00b941355bf01ad54b05cfe2a048b38728cbdd1b49809e1f207aca3098d9942eec47d6c9d413b37c914fedd38acd5ffe496cac757c2ef8b77bd8403d14b1fc98a903fe2b979468233a7f2aed6f8d509d874e1dce05149af9df3fe4595c71e8bc463dee9384d5e0505d2a6b0a2b8a1ed6216aaae9dcc7602487a4c0851fdf09629c1e99118809a9544a6577af9f915d1e65d816220c48c8490fa9b70da422ad6800223d6d8c340f9eab2cc7e149362124a300b40cbb8c0a65da301dbba931ba564f35973ca8bf2d1edb56c194661955b3b68381fa15d4b8dc6ada1a5cebda3a4ccc55123e0057f4f821041937dd549209c82e116570bc908a28e3299a9441443498f74b3cc88e1a62d:a7f9d08ba14183ef247f2c25fecc2b83eda6de58022e466ce78fcf50f71ce26162446562eea45d63a21c3b22561fd4680058acb825407a15408f271361a1460f71623b39743e39c7e08638806d468a1a8a6f35c2ae388eefc27374bb52538814c4b36c9b8e389ad83183de02a1bbd0325734e4618754092337d3e7dc1256928e3528870ca7f00613a25b71bb15d1d9eaaff9f2269b71c19769e003ce845614b2ec95ed28ca855b5221d4cb80a6ca9466aa33e2510ddff7dce186159da70fc8b1fbac12a26e1fc0942276892ad6e9b003f56959bd313af289e7a0532a664b76b96b919854e0650cb8c52ec4c5fb5053af2f0cf8c0f22a523f9e2c6419df8d0b714ee3776800ebfa70776084667d6dcf541f14cf166262e0f64c4276ae28885e6cfd097b70c0d6186ea5dbd033323c987613da08645de07208bae12a178d8f7f650a25afbd701c85a1ba639ef9f121c40c5c129a4737343386a48183ff3c591389d89ecda526cffb2674f17bb1c23090554b1340849796a6d444460bb419427e93e6585b0f4f065ad87ee6edf54be6188a1dd5ace1364defa561f74e26769c9b291ee7555276501c6a49080da0924f3792c2a728a52007b1c07c95578fedaf403996239e9c55a9a44c3dfcc37cdf03fb485db5a08dff15a7a4f7b7f154742e8431564dc17dbd432e10337c2276fcfd9d70f7c3d570393a0c19f64051c73a870e205584106531d1fd2a1dd1c9d0fce14ffaaa077bb7e260251eed6c62bc6edc2422519440c2244eba384046b0eddaa6cf2c1c7eeebfcd78fcae18b82290552b59c0463dc450618ba67c770dec0e229b8460936ca819562bcb36969c8ff70bf113c11671e00b941355bf01ad54b05cfe2a048b38728cbdd1b49809e1f207aca3098d9942eec47d6c9d413b37c914fedd38acd5ffe496cac757c2ef8b77bd8403d14b1fc98a903fe2b979468233a7f2aed6f8d509d874e1dce05149af9df3fe4595c71e8bc463dee9384d5e0505d2a6b0a2b8a1ed6216aaae9dcc7602487a4c0851fdf09629c1e99118809a9544a6577af9f915d1e65d816220c48c8490fa9b70da422ad6800223d6d8c340f9eab2cc7e149362124a300b40cbb8c0a65da301dbba931ba564f35973ca8bf2d1edb56c194661955b3b68381fa15d4b8dc6ada1a5cebda3a4ccc55123e0057f4f821041937dd549209c82e116570bc908a28e3299a9441443498f74b3cc88e1a62d: +43103df01a48a03c57f32f52d70c6849ee44580b2ab4ee72d548d848134f7ceba3cbe0d64b0560bcb5ae009001e314d9ec907901dd74a804a0059022ed9c6d04:a3cbe0d64b0560bcb5ae009001e314d9ec907901dd74a804a0059022ed9c6d04:738cbf06d00d4dcd5e5f243a1c18dd5ec20278884695a1cf3bea67bb5b05dd7e60a2a24fd325be6bf46b462873ec907f9de88dc2c762620b7e0ef72765d4bda662454993c828a1746e9ed8d19dff43c4c48527ac845f2186a4ad7c1d992a16245cd573073e0940dceed368110bb5fd0a4c8834ce88a77125b9147393c8b58cb16e5ebdc18244ebfa48baba46973fdcd485b1b2e5f3b0e70992cf1999580638d87f1f5b27c4d7f91decf37de2e734e3195535c631082b3ebaa8ce30a9c2c2db016d7d3547e621618850e22040038d0fe0faea2f9bf510b682c4fd14750e89b4c199ef0c990500543eeeab5f0b507a313199c2a2a0262d6d814cbc0933c592e256c3e29d524b066ea5a4543361a10450e0aa675c61408f307f26ee58969d63278f135b7dcb666b93f2cacfd83873471e974a286b09023f5015fa1aaf18bfbfa5f74385d0df6b9add516ffc0c3113e37e097838646ac93054ff4d9602066744ba3396953fd78168130170bb275c152bdd366f73065c0a7ad7ad00758cb99a7ac1b7809d26dfaac758468201eeb60dea368c33f257afe2f1b4c02e37bafe40f5d7fd40c87d1c56a0cb28e9d28369a3924bcef8b6d999dcf4294dd8c4143d75c6c25b5a4544488dde725248c78d93c15b815b01cbd0f31d1b00ac04837ef85b4003fc96d4457ac5a023623e67b66da4700a0859f83fdccd3c7aae09de09a057e00db44a2a6aacaa21746a49b8224689a5cc1854ba3dc4aa2aa34524e7a5a89d11eea356aaea5ef5fbf542c99f544db940f5086838ee2ab218b8d3f2e107d0b29d4b04830eed79c0768e02c2844b3cba326895f4ab38a3994b83ab30600ff511ccb595992f8cc0d2954807972da365b06fbdab539b2e03598b34e53cfcf93990b97aac1d329783366d451f972b8d8a00b6b8ecdb37279644cec1447c0998ee4f7090f34c9cc8530590cae765360aadb0ab3135004941c92302cbb2b350a14e8f30af5325c2b438005e3a9d4585e63265c327ba725754b33256917fb965ae9f02ed2126b481473dc0e931c2522bf00fe6a2ec95c792247b1e03396112f783070e2fe6c2cb982250d13f2d5460c744fde45323e631cccb540cd725f2c55a7058f230e82b79f366afcbb025b492554395:195447beb1de4a7e36ea89a6ce3c99bcc89411df5e0b15f7ba0b1d110c456abc6b3f5f1da6106ed887864ba56aab466a8a63b335cfcf4c64d65c0e6fb480b401738cbf06d00d4dcd5e5f243a1c18dd5ec20278884695a1cf3bea67bb5b05dd7e60a2a24fd325be6bf46b462873ec907f9de88dc2c762620b7e0ef72765d4bda662454993c828a1746e9ed8d19dff43c4c48527ac845f2186a4ad7c1d992a16245cd573073e0940dceed368110bb5fd0a4c8834ce88a77125b9147393c8b58cb16e5ebdc18244ebfa48baba46973fdcd485b1b2e5f3b0e70992cf1999580638d87f1f5b27c4d7f91decf37de2e734e3195535c631082b3ebaa8ce30a9c2c2db016d7d3547e621618850e22040038d0fe0faea2f9bf510b682c4fd14750e89b4c199ef0c990500543eeeab5f0b507a313199c2a2a0262d6d814cbc0933c592e256c3e29d524b066ea5a4543361a10450e0aa675c61408f307f26ee58969d63278f135b7dcb666b93f2cacfd83873471e974a286b09023f5015fa1aaf18bfbfa5f74385d0df6b9add516ffc0c3113e37e097838646ac93054ff4d9602066744ba3396953fd78168130170bb275c152bdd366f73065c0a7ad7ad00758cb99a7ac1b7809d26dfaac758468201eeb60dea368c33f257afe2f1b4c02e37bafe40f5d7fd40c87d1c56a0cb28e9d28369a3924bcef8b6d999dcf4294dd8c4143d75c6c25b5a4544488dde725248c78d93c15b815b01cbd0f31d1b00ac04837ef85b4003fc96d4457ac5a023623e67b66da4700a0859f83fdccd3c7aae09de09a057e00db44a2a6aacaa21746a49b8224689a5cc1854ba3dc4aa2aa34524e7a5a89d11eea356aaea5ef5fbf542c99f544db940f5086838ee2ab218b8d3f2e107d0b29d4b04830eed79c0768e02c2844b3cba326895f4ab38a3994b83ab30600ff511ccb595992f8cc0d2954807972da365b06fbdab539b2e03598b34e53cfcf93990b97aac1d329783366d451f972b8d8a00b6b8ecdb37279644cec1447c0998ee4f7090f34c9cc8530590cae765360aadb0ab3135004941c92302cbb2b350a14e8f30af5325c2b438005e3a9d4585e63265c327ba725754b33256917fb965ae9f02ed2126b481473dc0e931c2522bf00fe6a2ec95c792247b1e03396112f783070e2fe6c2cb982250d13f2d5460c744fde45323e631cccb540cd725f2c55a7058f230e82b79f366afcbb025b492554395: +f9139e579fa96ebd6287db3babcda60f92e73153566f924cb5de04de4493481ec06ce335533af8d8f337f2b38e0aafa2ce9b27223cd9ddc5ef32027f04889b7f:c06ce335533af8d8f337f2b38e0aafa2ce9b27223cd9ddc5ef32027f04889b7f:b330764ddc628e4ad67aa4982ae86d4581071c193ec3c58f813d7921b84d2a54562bd87417ae1de590a1a48c4ec7d556ad931d65c0543fdf0607c749859ee12f9952020c195cf8746095e1087cc6c3c8ef9d24052560ce813d6139b7a75c8f4b8ea30a9c4ab888d0a6341c99abd35e0903bfe56c93152340c41276d7f24e0912b12a4db3d7ee4484dfa53afc0b1aea1409d1e0328aa1c8604127ca2eb1a5e81bf31f8c7a51c6052c534efe6b3d0ee74ff5a9b11c6157e36477efa9382f5751be8c8c6454c446d6f8dc7e929525cc3de78cb1ba4aba9bd4be152610437582c965eea48cbd4caa6f308f85f4f8d006a042f619200762e1bb9ba422e65475b33a9494298cfbb75a152b36d2a05501807705b952765350cd14141d35d4986692d6c3bcfc6d61df0052a620aab8cc13205e754c16f93eca7920bbea5157ef112f0b64c1054f90a5ddc175a89e29242f57646e74cc885e81a1cc144c3d782d1152a9e4cfe76cb3ffabe7dbe603fb3869eca8699698709cc87fc961c1e299cfca22e3242eae788cff11bfca61026745f4976225b26ee200c4f1910c4b83df5ce46ef487d748d9c4c502141b7874caf41e5a297b248c2bac6990a15b07b4cf810e59287442d9a3696c02e8d7324d3cf730dda540536beb13cfdeae6180dd7484832dfa94e94aa6cba117aae17270f48f93b2f98ae9581718163f4463546c0ae0f279c36b92bee66f1ca2d6a4f726d2dfee0bc11c1d8a1fa62c3cc8aba266b98759286c1068483b2376b403c887fbb657dc0f255dea90dbd23308f7e0e842b498a8dfc7c9cd5aef0e87d56be40d50fc1dd4c0aa7dee55aebe4d6b6a52053962b87b0f2ee09a90816155333d5c57a14724e001bc3ded17843b76e2c47a176339c8defc54b55b2358ae7d01b0f6e08f31216ae90340694168a5a79ee883ea7858007d17c37359c99d6597efe460c1a2f7738ac32c5eb5e39e500c49c0dff9c4659e8c50cc5ca79d8ba4e5972d67225468fba64167a6b2c6f368935c7a049d35d355c7672520d3c9e4e43c671c3cb8dee259047495de0f56dd7191d5bd4bbd29517e364792ff89d33799b6e781c20193f5a316fb40de74fee2acc25e47f512214de3b1e9b382a86929c1573d3724c25017c0e5:051d8d7f0b68d2eec72c81adfcfb31ae8558f60ab63c9f5652a8df638f666f1ebc0c6e0b411953bcda6b5151b2b93a39e3c5330a8573e168792272abd36c810ab330764ddc628e4ad67aa4982ae86d4581071c193ec3c58f813d7921b84d2a54562bd87417ae1de590a1a48c4ec7d556ad931d65c0543fdf0607c749859ee12f9952020c195cf8746095e1087cc6c3c8ef9d24052560ce813d6139b7a75c8f4b8ea30a9c4ab888d0a6341c99abd35e0903bfe56c93152340c41276d7f24e0912b12a4db3d7ee4484dfa53afc0b1aea1409d1e0328aa1c8604127ca2eb1a5e81bf31f8c7a51c6052c534efe6b3d0ee74ff5a9b11c6157e36477efa9382f5751be8c8c6454c446d6f8dc7e929525cc3de78cb1ba4aba9bd4be152610437582c965eea48cbd4caa6f308f85f4f8d006a042f619200762e1bb9ba422e65475b33a9494298cfbb75a152b36d2a05501807705b952765350cd14141d35d4986692d6c3bcfc6d61df0052a620aab8cc13205e754c16f93eca7920bbea5157ef112f0b64c1054f90a5ddc175a89e29242f57646e74cc885e81a1cc144c3d782d1152a9e4cfe76cb3ffabe7dbe603fb3869eca8699698709cc87fc961c1e299cfca22e3242eae788cff11bfca61026745f4976225b26ee200c4f1910c4b83df5ce46ef487d748d9c4c502141b7874caf41e5a297b248c2bac6990a15b07b4cf810e59287442d9a3696c02e8d7324d3cf730dda540536beb13cfdeae6180dd7484832dfa94e94aa6cba117aae17270f48f93b2f98ae9581718163f4463546c0ae0f279c36b92bee66f1ca2d6a4f726d2dfee0bc11c1d8a1fa62c3cc8aba266b98759286c1068483b2376b403c887fbb657dc0f255dea90dbd23308f7e0e842b498a8dfc7c9cd5aef0e87d56be40d50fc1dd4c0aa7dee55aebe4d6b6a52053962b87b0f2ee09a90816155333d5c57a14724e001bc3ded17843b76e2c47a176339c8defc54b55b2358ae7d01b0f6e08f31216ae90340694168a5a79ee883ea7858007d17c37359c99d6597efe460c1a2f7738ac32c5eb5e39e500c49c0dff9c4659e8c50cc5ca79d8ba4e5972d67225468fba64167a6b2c6f368935c7a049d35d355c7672520d3c9e4e43c671c3cb8dee259047495de0f56dd7191d5bd4bbd29517e364792ff89d33799b6e781c20193f5a316fb40de74fee2acc25e47f512214de3b1e9b382a86929c1573d3724c25017c0e5: +c8ee954db5a11b292ed97764fae6b283051db57dcdc0aa0df5393bb60c112ed35c2f81824e9975dd7ea353bc66807dedc7610349794e2fc08e5a31e002e3fe07:5c2f81824e9975dd7ea353bc66807dedc7610349794e2fc08e5a31e002e3fe07:7ba3fb568315aa81e21f197780edc2c6ea26d8d06a4378912fca2301cf1eab3d803c8469deddf376703ddb7ce06a77dab20e02344fadcc50022ab3c713cd03c1daa93f1c7ea572629f610b5e3c51411bb8c19694bbce903cac4705f9b5dd0f47bc5d0aa3253f908870299027ffbd3449eebad45332b5d0c4f533dbed18a99a2498b9164e245fb65c0afa0b053703a0cf95940ac7a0195d4f7046609cf04371338706b9b1986c0f118175d2cdfce74a6f88659825854e94ece58f5157636d6235b76d32745a2a81a9671a8f86027ba9e01763888fc171cef7c451c36072bc7499839d431cf18cd7c6c9fba3aa712a054328ccd62be4820abd5e782162764611d4539ba2cebdc209b3f4e4b69c3d64073e920d215214fb0fda44185aada5c36127a15ba15ca28a3ad086e9d03366869c60c3fbcebd869d2e40643e833f894803f980a2da7ea4e59ce4d7c06fd2aff087ee7bcfddaa3b32817ce63a63587dbafef380013a6f1ee3734b94ca3df9644dd0434302ecb324afe35f465c9c1c931b27294fc6ee0272de2242ae90d7f2e067027ef8642e8f171ed880ffabce8a20a1b3e339ad4e3f1a9001f20f90026188fde34b217a6e26aaff18422b7f843d0fdda321c319c778f23137f20ccc1bda1890e5bc916a5456d068d37b5acc6347720c56a5a491bc348d6c848a9c8fecfe58c92b1f302fe14919718cd5e78b7fd601d09dc01e6904861e8d68b3c57535b6136676cbc6e839af0dd739db89a7abd913fdf6b00e9ca02602de6ca0afd0913d992fbaa8ff822b9d9b09dda7a29be91910d8fa3caa2a5e518346c167c9f51941cf7353f3f34c1dab33485d0a8c19daf951fd3ef20d0b119d8038df90c114a25a5b93ae40ec44b9a5d2bc1c6517c682500d4cdc197142bec3af8232c071428dc54c0d30454272e7336b0b5888a6e8fecde859e2accb7fb094acc54ffa481f7623d944691f04fb3613a9954980f17e2ad2173d68cf0ec1b67d8a91d6ec82946bcf05cb90681a71627b590238334e3d5ab9da6a089bd72624df9074cdd2309e04dfcae032812fe84f9db882cdeaae69ee5daa5a66ff427fc452edd0769b6aabcc139d0f70af8b97430e644f58a41287a93f631deda82ca0716d79754c5c503e52a665da:f3077a75101e121e5c3e77d8ed97b578d239bd421803d3455b5654405a4c586a6092e13a8529bace468a305784b373e433fee4a3df8956befa012fd8a8eed10c7ba3fb568315aa81e21f197780edc2c6ea26d8d06a4378912fca2301cf1eab3d803c8469deddf376703ddb7ce06a77dab20e02344fadcc50022ab3c713cd03c1daa93f1c7ea572629f610b5e3c51411bb8c19694bbce903cac4705f9b5dd0f47bc5d0aa3253f908870299027ffbd3449eebad45332b5d0c4f533dbed18a99a2498b9164e245fb65c0afa0b053703a0cf95940ac7a0195d4f7046609cf04371338706b9b1986c0f118175d2cdfce74a6f88659825854e94ece58f5157636d6235b76d32745a2a81a9671a8f86027ba9e01763888fc171cef7c451c36072bc7499839d431cf18cd7c6c9fba3aa712a054328ccd62be4820abd5e782162764611d4539ba2cebdc209b3f4e4b69c3d64073e920d215214fb0fda44185aada5c36127a15ba15ca28a3ad086e9d03366869c60c3fbcebd869d2e40643e833f894803f980a2da7ea4e59ce4d7c06fd2aff087ee7bcfddaa3b32817ce63a63587dbafef380013a6f1ee3734b94ca3df9644dd0434302ecb324afe35f465c9c1c931b27294fc6ee0272de2242ae90d7f2e067027ef8642e8f171ed880ffabce8a20a1b3e339ad4e3f1a9001f20f90026188fde34b217a6e26aaff18422b7f843d0fdda321c319c778f23137f20ccc1bda1890e5bc916a5456d068d37b5acc6347720c56a5a491bc348d6c848a9c8fecfe58c92b1f302fe14919718cd5e78b7fd601d09dc01e6904861e8d68b3c57535b6136676cbc6e839af0dd739db89a7abd913fdf6b00e9ca02602de6ca0afd0913d992fbaa8ff822b9d9b09dda7a29be91910d8fa3caa2a5e518346c167c9f51941cf7353f3f34c1dab33485d0a8c19daf951fd3ef20d0b119d8038df90c114a25a5b93ae40ec44b9a5d2bc1c6517c682500d4cdc197142bec3af8232c071428dc54c0d30454272e7336b0b5888a6e8fecde859e2accb7fb094acc54ffa481f7623d944691f04fb3613a9954980f17e2ad2173d68cf0ec1b67d8a91d6ec82946bcf05cb90681a71627b590238334e3d5ab9da6a089bd72624df9074cdd2309e04dfcae032812fe84f9db882cdeaae69ee5daa5a66ff427fc452edd0769b6aabcc139d0f70af8b97430e644f58a41287a93f631deda82ca0716d79754c5c503e52a665da: +6dbc559e4ab193eebf70c5c32d797be00b7311e8e6691da9afcc187291f2501c38a7034476fb9382f1417768c42162951a2636902c3898c029be278ab4c31f31:38a7034476fb9382f1417768c42162951a2636902c3898c029be278ab4c31f31:88ee2365f7cf9de33acd53564968b2dc7f7370b7e7033f4c663a88c25f60f7f711d61908ebf1f5bb72835553c8aa8c8e4fcdecd37978238289bf6ca84876d228217a28d81b0b457c922e91ecba8d3e1d2e6659c2b0aea051b9c2e09c7dfeb51d30ede767570341ffac1ecf0de20c82d1e9ed0775deac72da7c2dec234865dec83f6715e1c3c59de2033cc24d86bc2d31aa16649686ede0dbbd8964c3a64a3dca5588d7248b1f24df8d75f09aac62c07828ca431a3a2d77a60cc93cfa3495cabeb1904ed5b563984e8c20777bac8774108a64eda58fb320244a3add3e3e7a76cd137cfa4a09b6e6e93011ea0ae65171af130711766cd25b3c74ec54c0bdfa02b3120ac29087ebac9837fca65ba971bc4281dd557c500e225ea66c3c3fd52206c19a9f9395463169f8c7a846bd9f834d7f337d0b61fb30bce294f478ae1f1d977e454e433ee8729fb065cce03fb2e435dcbcbfba01537e7a6762e55e7ed22528303704beb5ae381f2e181056f25133273cf17ddf2b06e2d9477f2c09755fc8d9c73cb33100468c64131c686cac79fd384501e50f8b0bee28ba39583f42e4fd3799e24f60da5fd3c779aabf699ffd2321ed045a85bc6424f60fdcc49c1cb31f249a4236c09491768181b921f58602fd415c1edeb26f39324addff14771324737c6720cc92391b949dcb4212bd6931d4de51401e7f953b7b036b223f0af7a8e408b04ea635a23fa0709ba042a5d992954c09d8581dcccf52568ad27a1cc71d18aa2740f621212e7f4c5e5e5e5e4532d9a67ec2773ac21c8a4b002d6524f6182dd371735d2c2abe6c95c281c6fb1e976bc17e383fd52aeaaa9fbd4abb82a2cc65395f8c2cc7d8182a0d250c685cfcba93a951ee7c503c6e3eec236ce33e086c610728737c1c3b3a24252da7f21672d928ebda993a94c458ab990f5d19d80023c36aa16eafcab143f352e97d6409f3249941119bfd9f5f9084724d9ebad383b10f34d33ac830cce9e5cb8aecee6f40301cbbe309fd061534a7d0c3edaaea02a171d8b2349dbeec628520ac334a5bfe28a9d5f4c0d740f7c72d4d72d89a97326a03002d1ef38522bcd37b42847a314bd843ec88d1f2f9d39f57f2f1a13d0140a8847450448c880b3ae76531e95c4392973250:31f16a7caf2b74f65e057c9333a1a2633dac7346338f798510730eb8d5d325fc1080dd5aad5fce0534e9543f3c93586804464af5886e8644129c77ebaa485f0188ee2365f7cf9de33acd53564968b2dc7f7370b7e7033f4c663a88c25f60f7f711d61908ebf1f5bb72835553c8aa8c8e4fcdecd37978238289bf6ca84876d228217a28d81b0b457c922e91ecba8d3e1d2e6659c2b0aea051b9c2e09c7dfeb51d30ede767570341ffac1ecf0de20c82d1e9ed0775deac72da7c2dec234865dec83f6715e1c3c59de2033cc24d86bc2d31aa16649686ede0dbbd8964c3a64a3dca5588d7248b1f24df8d75f09aac62c07828ca431a3a2d77a60cc93cfa3495cabeb1904ed5b563984e8c20777bac8774108a64eda58fb320244a3add3e3e7a76cd137cfa4a09b6e6e93011ea0ae65171af130711766cd25b3c74ec54c0bdfa02b3120ac29087ebac9837fca65ba971bc4281dd557c500e225ea66c3c3fd52206c19a9f9395463169f8c7a846bd9f834d7f337d0b61fb30bce294f478ae1f1d977e454e433ee8729fb065cce03fb2e435dcbcbfba01537e7a6762e55e7ed22528303704beb5ae381f2e181056f25133273cf17ddf2b06e2d9477f2c09755fc8d9c73cb33100468c64131c686cac79fd384501e50f8b0bee28ba39583f42e4fd3799e24f60da5fd3c779aabf699ffd2321ed045a85bc6424f60fdcc49c1cb31f249a4236c09491768181b921f58602fd415c1edeb26f39324addff14771324737c6720cc92391b949dcb4212bd6931d4de51401e7f953b7b036b223f0af7a8e408b04ea635a23fa0709ba042a5d992954c09d8581dcccf52568ad27a1cc71d18aa2740f621212e7f4c5e5e5e5e4532d9a67ec2773ac21c8a4b002d6524f6182dd371735d2c2abe6c95c281c6fb1e976bc17e383fd52aeaaa9fbd4abb82a2cc65395f8c2cc7d8182a0d250c685cfcba93a951ee7c503c6e3eec236ce33e086c610728737c1c3b3a24252da7f21672d928ebda993a94c458ab990f5d19d80023c36aa16eafcab143f352e97d6409f3249941119bfd9f5f9084724d9ebad383b10f34d33ac830cce9e5cb8aecee6f40301cbbe309fd061534a7d0c3edaaea02a171d8b2349dbeec628520ac334a5bfe28a9d5f4c0d740f7c72d4d72d89a97326a03002d1ef38522bcd37b42847a314bd843ec88d1f2f9d39f57f2f1a13d0140a8847450448c880b3ae76531e95c4392973250: +c9d416830ae2028f2175d22b614c79198c670cfaa0e7a36150ef0fee21a95ce66e3eb4d01873072df946f1792f7106330895e7a76dd9ae27f8a988039490fd4b:6e3eb4d01873072df946f1792f7106330895e7a76dd9ae27f8a988039490fd4b:ff9ad4837cd0bb77d6210fdddc755e6c0f1a73c2bcd03f7a5869e7342cfd73cf7086f865561560277bf6c3421a912d67658b1fa97057c496f4be8edcbe18b5ecd08a1e7db25223abda208fa531f4b280aa03b04b60603411d374ba7cbb020bb9a8ce4c0e45a7e132144843c31f8b45c58eb3ea853c2ceb61376e9df81d9778e721adac77b50354937f34372fccd575e88d9d058e43df942f2c43b523c8098e6dd9e6bd21d5a649b472d41e345fcd5efddd49eab30270cd8788404f28516e09d3acc40048b39d3246f757e482e1459c626b799e04d06727137371e120afb9fec39a25f4e6764bf9792fe492ee0f210b57db9ebb9e8ef41b02c7fee9edd4b6174c570de020a391287133fe8ccb41a83f91bd22382b21e1d7ebc2c7e5018ef5142d82637d02620fbc0569cc09c44e911112bbae99064d68d1c69e77c9930b0de030c8c1d748c414059d5e299b7edc08940651894b303a2b32dd2c365a067c9723585594644d3ee8de1a51faea0e650f2124885a94cb99eb903b7d4579bde591497d953930d363dddbdac627b97a91f49682df8e7250a7073d383a7a22cf113f2858ce6b632a2892c4e88aa9a0d289eb57629b008d3b1b6081e6fe5d3c0a6c802189b5f108e766319e15b33eaa5b8ced4027eaec83b4ac68b14b8298bc51cd8eb3809b7a2d684fe32bbd9fab5c918eeb17cc444d73f730d4c8cc057bd3a2f1f0aebb61632934e61702168829cd7e91de81509629d01a8cdefe0d1ac49e21f0c5fbe1b2244827268a0a27357e158bd76884a21e7f1fac1b6272166d5a9f64f9b672989a8762f512bf1df4b2ab699765f2cd8396f476e7f59995dee7d890207eff0fd27263ec232e37cfedfe7c440555d4ca74e52da246c4b83757beafd2ab2a51efe160bb02b98c26d6b2c3f0c1aacb2f3c34a5b2a3b66fee175b787548073d8b5777c6be880bdc196b3374a2154f94d9360f7755ac6815a28af296271e22a8f23543c74955a609125b02a569218011420295ccf0d7356999a5b895cc88483fadf7970cec6c64240f7079fdb15ffc5c4227e53926d278ba0fed3c3993bc86822823dd581a32ab2e3a07f79430224b274eadd845598a7d1d89676aaf23677774b7b0583bcc83599d155d14b09adcf49ed505e8:47faad4e655293eda156b2a1fabbfb7e009fc290aafedbd5652114a47853bc77a8233a2b179f605477d787878cbb15ea6124df8dc57b2ce7be7d18b7162fb50dff9ad4837cd0bb77d6210fdddc755e6c0f1a73c2bcd03f7a5869e7342cfd73cf7086f865561560277bf6c3421a912d67658b1fa97057c496f4be8edcbe18b5ecd08a1e7db25223abda208fa531f4b280aa03b04b60603411d374ba7cbb020bb9a8ce4c0e45a7e132144843c31f8b45c58eb3ea853c2ceb61376e9df81d9778e721adac77b50354937f34372fccd575e88d9d058e43df942f2c43b523c8098e6dd9e6bd21d5a649b472d41e345fcd5efddd49eab30270cd8788404f28516e09d3acc40048b39d3246f757e482e1459c626b799e04d06727137371e120afb9fec39a25f4e6764bf9792fe492ee0f210b57db9ebb9e8ef41b02c7fee9edd4b6174c570de020a391287133fe8ccb41a83f91bd22382b21e1d7ebc2c7e5018ef5142d82637d02620fbc0569cc09c44e911112bbae99064d68d1c69e77c9930b0de030c8c1d748c414059d5e299b7edc08940651894b303a2b32dd2c365a067c9723585594644d3ee8de1a51faea0e650f2124885a94cb99eb903b7d4579bde591497d953930d363dddbdac627b97a91f49682df8e7250a7073d383a7a22cf113f2858ce6b632a2892c4e88aa9a0d289eb57629b008d3b1b6081e6fe5d3c0a6c802189b5f108e766319e15b33eaa5b8ced4027eaec83b4ac68b14b8298bc51cd8eb3809b7a2d684fe32bbd9fab5c918eeb17cc444d73f730d4c8cc057bd3a2f1f0aebb61632934e61702168829cd7e91de81509629d01a8cdefe0d1ac49e21f0c5fbe1b2244827268a0a27357e158bd76884a21e7f1fac1b6272166d5a9f64f9b672989a8762f512bf1df4b2ab699765f2cd8396f476e7f59995dee7d890207eff0fd27263ec232e37cfedfe7c440555d4ca74e52da246c4b83757beafd2ab2a51efe160bb02b98c26d6b2c3f0c1aacb2f3c34a5b2a3b66fee175b787548073d8b5777c6be880bdc196b3374a2154f94d9360f7755ac6815a28af296271e22a8f23543c74955a609125b02a569218011420295ccf0d7356999a5b895cc88483fadf7970cec6c64240f7079fdb15ffc5c4227e53926d278ba0fed3c3993bc86822823dd581a32ab2e3a07f79430224b274eadd845598a7d1d89676aaf23677774b7b0583bcc83599d155d14b09adcf49ed505e8: +2d277dd55f57195ec072b47cb1448cb582c835739e6c98ba71ab128f70ce6b79dfa92593ef0f0d974a1137830ad13848afef3b810c2a21bf779178ce4b3ab974:dfa92593ef0f0d974a1137830ad13848afef3b810c2a21bf779178ce4b3ab974:14549eddd5f2b7905dda19d74ab207aac6fb3e3df3295d845231ef3aea6e1f04ee033c9038dcb4bd3d5e452c54834d0ff2b7de3f322e5626949cd61d6e890138ff0ea8ad846e8fe887aee15fc48bbe4fba42455f5c17457ae789b405af859611fe1f8746185a65aef2134ea4d8f398d48df7c1bba4304408ae7efb35292409d508dd55ce21de8c28160dc9e877700c763d06b01b8542052d7ddb633554e3584279c796937023c8eac37277be2b8204ff3e0e1031190a01014cf5f5b4d7ad996727f97531e0355b87c9e611525aad079958e9afe2ab10e4a3e7a1b6ba0aff815da2cd81ea9eb9f536986633f316dd06c2503c6b198dc59304807b98b42935f51f637ddb59e233fed566439c1fe96cdaafa49f4412d0c1e654d8c69042470b3a59acb6bf67e40b38a77067d5997b8d35ed61d6eb3cc78b8bdcb9574b1ced9f6f339e9e38f94146ef63f049e6b802bfed2a51ab42e7d489f316ff4d1cd898bcf8505651687440749c0fb7a57dbeff72e64689faa41c07b4ade59933d2fac6d573deb739549eb75f1e6f7385d8c6142894973ed685eb8ed080c2a49f3ac6571161af96635ad057df1486d396773ac8983210978986e1bf21a20806d667a48a555a963221d50614a8976b2eec97512db11a358194492ab5455801baa14a511b26eb0c68289d790523712f2ff8709892695c4db9ad310df8c6ee7bd83c871f05aec33b7ad326f446692a42f7222376246d536a326c4d73eb572feada11b8ac7114f6cb444ca278fcf07b970d2ad465372a687d36b7daac478748ec6a932da20843948efa393097814272e5ca1c73e711973a52683f98c01e55241c154d28e38d3edfade2303a4e7c45c2a7a1c996ee1137af864a98b69809fc9214eea8cf3afe842fee3eb9a9322c3b82fddb05d4d1a2de09c1ce72734453a8dd3a8920d0d0ac96ef778b9e02c6a3f12872e17d3a81ba75fd233baadbe216ea0a58e9dda00840870208ae413540030b3c05e5d0b832df87c8ee7f153487aa11bad9f139c7dd4bcf418f4bcb95bee857d0e96084472387cb39127a947134501963a7071bdb34de6961be2b6b06e403e75918e6f69d08021cf2a8acb80a0111f4d50610c152d39c6621c0578ac689959b1ce6f376f43d18af062e4a:73c1060649a7c014ed01945851b53e285324e60d061c831dda41f033b5658306a1f112327afe93caa921020730aae0069c9a2b45eef55cbb4a5a9cd46cda800814549eddd5f2b7905dda19d74ab207aac6fb3e3df3295d845231ef3aea6e1f04ee033c9038dcb4bd3d5e452c54834d0ff2b7de3f322e5626949cd61d6e890138ff0ea8ad846e8fe887aee15fc48bbe4fba42455f5c17457ae789b405af859611fe1f8746185a65aef2134ea4d8f398d48df7c1bba4304408ae7efb35292409d508dd55ce21de8c28160dc9e877700c763d06b01b8542052d7ddb633554e3584279c796937023c8eac37277be2b8204ff3e0e1031190a01014cf5f5b4d7ad996727f97531e0355b87c9e611525aad079958e9afe2ab10e4a3e7a1b6ba0aff815da2cd81ea9eb9f536986633f316dd06c2503c6b198dc59304807b98b42935f51f637ddb59e233fed566439c1fe96cdaafa49f4412d0c1e654d8c69042470b3a59acb6bf67e40b38a77067d5997b8d35ed61d6eb3cc78b8bdcb9574b1ced9f6f339e9e38f94146ef63f049e6b802bfed2a51ab42e7d489f316ff4d1cd898bcf8505651687440749c0fb7a57dbeff72e64689faa41c07b4ade59933d2fac6d573deb739549eb75f1e6f7385d8c6142894973ed685eb8ed080c2a49f3ac6571161af96635ad057df1486d396773ac8983210978986e1bf21a20806d667a48a555a963221d50614a8976b2eec97512db11a358194492ab5455801baa14a511b26eb0c68289d790523712f2ff8709892695c4db9ad310df8c6ee7bd83c871f05aec33b7ad326f446692a42f7222376246d536a326c4d73eb572feada11b8ac7114f6cb444ca278fcf07b970d2ad465372a687d36b7daac478748ec6a932da20843948efa393097814272e5ca1c73e711973a52683f98c01e55241c154d28e38d3edfade2303a4e7c45c2a7a1c996ee1137af864a98b69809fc9214eea8cf3afe842fee3eb9a9322c3b82fddb05d4d1a2de09c1ce72734453a8dd3a8920d0d0ac96ef778b9e02c6a3f12872e17d3a81ba75fd233baadbe216ea0a58e9dda00840870208ae413540030b3c05e5d0b832df87c8ee7f153487aa11bad9f139c7dd4bcf418f4bcb95bee857d0e96084472387cb39127a947134501963a7071bdb34de6961be2b6b06e403e75918e6f69d08021cf2a8acb80a0111f4d50610c152d39c6621c0578ac689959b1ce6f376f43d18af062e4a: +428066c52445726d0ea2007e504637274d84ee232325b505f2c516357f807583dd40fe8f67c665613b3c459f6ace8dc28d34e0e77e2f6aa060592819be6a9d68:dd40fe8f67c665613b3c459f6ace8dc28d34e0e77e2f6aa060592819be6a9d68:e2796c50d93df812bca41bf2a1e1dd737d8cf6f6b4f76242e39178186758cbae0884e60c6b4aaaddaec9a899a912e5c5b9804d7b0497bab4458c585d4f259222498ce9e80eb6a7979bbed6d52cc38072f745cb2c63e663bc3b9d6caf012a607f6d3b706e1557578717ecbb971aeb7c48e1df95711c550e006993bffba911cb64ad52d517ed18be82369e815819d3175947d4a35b2cc7b9dc6c10051326b3f1dc1edb1b68ba015ff7ca1dc361d8967abcffd3c31f7d6b0cb1396ae541f29759c4130be52ecc11d99261c365bf7cdec781494c5fa0526db4dbbe660a432be56043c66ea07c25627a5f72b78123dcf986ff71ed1affd1659b1393d9621f711dfa63eada383430797058f1566a00052d67ba53c1237b5691de3b039fd4476f1151e5ed5f5a98672fa33a1d854fa01566b33231d46acd7f34b8034479981853764dab87f49844cb62c63d536faca920447d8cd1e8113edbc83e4a6b7815e180cd78b933d9687fd5be99d0518a44662989bc64011124f187d43979994a95e0c903a006c1c0bef1c0f3df1eb700f980c28c3c1e997d0c56d113dae196882b05018fcab314d8117fafbabe7700b932d47c57362b2035eddce2d2ef33641ea90c3ea3fec6ea5b87e161014c4f8214fd03cebf94abe122537a98703239df5821c5ab633f98365cc636e3f1d2f74e0ff8f1fee06a3f73907ee504b310fd5224ad4d05cd23c356df8b34647298c49828725ba5fd60611e829b6337bcc9dcf8e8971cab3ee9c26337d38dfdfa036bf6096b635ac1bd5525ecd377a15272a8ac9bbef133107a42258d8b19ec69dc4261be5300a2d2d5ca99f31efdf259f9d079869a34413779f3028824d747686c460ffc496f2010f403e903e27a87dd075ae0a7f1689416d31bcc15f490caf975c40e715d549903e8bc0f7d9141e020f410f3ca2b2c0797ca0dc8d7392bff243528c7f3be138997185a4b36f45376d9fd70ba20989d2d1a911d4b98d160d2b8de592de2f4c04f35860df320c548440d5e3a346a14d3a63fe485c2889126b7f41d55a6eb23d5620babf8564aa79d156e983f36d9ed498da9ca888d946b53cc4768a5892d52d541526960282524ba6194da65941d1ea30f806bb6d97c7488b93fd0a770a9b15efcd12c5c4694:c938829f598b1ff1b8183360d223f43c594730606876a99a3f31b2065d04e6f075d1396b3c8cffb0e1e2eaabda7da5e789ccd1c020835fe3a71dcdb6af03960ce2796c50d93df812bca41bf2a1e1dd737d8cf6f6b4f76242e39178186758cbae0884e60c6b4aaaddaec9a899a912e5c5b9804d7b0497bab4458c585d4f259222498ce9e80eb6a7979bbed6d52cc38072f745cb2c63e663bc3b9d6caf012a607f6d3b706e1557578717ecbb971aeb7c48e1df95711c550e006993bffba911cb64ad52d517ed18be82369e815819d3175947d4a35b2cc7b9dc6c10051326b3f1dc1edb1b68ba015ff7ca1dc361d8967abcffd3c31f7d6b0cb1396ae541f29759c4130be52ecc11d99261c365bf7cdec781494c5fa0526db4dbbe660a432be56043c66ea07c25627a5f72b78123dcf986ff71ed1affd1659b1393d9621f711dfa63eada383430797058f1566a00052d67ba53c1237b5691de3b039fd4476f1151e5ed5f5a98672fa33a1d854fa01566b33231d46acd7f34b8034479981853764dab87f49844cb62c63d536faca920447d8cd1e8113edbc83e4a6b7815e180cd78b933d9687fd5be99d0518a44662989bc64011124f187d43979994a95e0c903a006c1c0bef1c0f3df1eb700f980c28c3c1e997d0c56d113dae196882b05018fcab314d8117fafbabe7700b932d47c57362b2035eddce2d2ef33641ea90c3ea3fec6ea5b87e161014c4f8214fd03cebf94abe122537a98703239df5821c5ab633f98365cc636e3f1d2f74e0ff8f1fee06a3f73907ee504b310fd5224ad4d05cd23c356df8b34647298c49828725ba5fd60611e829b6337bcc9dcf8e8971cab3ee9c26337d38dfdfa036bf6096b635ac1bd5525ecd377a15272a8ac9bbef133107a42258d8b19ec69dc4261be5300a2d2d5ca99f31efdf259f9d079869a34413779f3028824d747686c460ffc496f2010f403e903e27a87dd075ae0a7f1689416d31bcc15f490caf975c40e715d549903e8bc0f7d9141e020f410f3ca2b2c0797ca0dc8d7392bff243528c7f3be138997185a4b36f45376d9fd70ba20989d2d1a911d4b98d160d2b8de592de2f4c04f35860df320c548440d5e3a346a14d3a63fe485c2889126b7f41d55a6eb23d5620babf8564aa79d156e983f36d9ed498da9ca888d946b53cc4768a5892d52d541526960282524ba6194da65941d1ea30f806bb6d97c7488b93fd0a770a9b15efcd12c5c4694: +3145bc68d82979408e4657b775f150c6d28a324d746ea6de90fd72b17a257982c776186ce47f30ad08fa1d2c616a3644665ba54ff730fc2f4db1dba38ddeedca:c776186ce47f30ad08fa1d2c616a3644665ba54ff730fc2f4db1dba38ddeedca:2ea8dce1487f45d6ff8eb83c54fb7edd76ad6e608bb8daf1a1823da4f4e4e9863173897c197ac65804823bca95091f59e86d63c18dbcdb85743f8893ee694d815601f8f22f4d7df087f0114bb26c3795e1fe4b7f4a8fa31fd9f4ff10fe5dd452c54c5578c752f888213076be467ba30d2e2fbbee877c4be9b6ec4f04021c006f9266311943cab7cea99a2acebb69eec3e618c131f97430075f7975e39f26d5315178b69a1ddf731761051b93fb8df7e0e8b41e82e7f4f75e91d6c890b14ca533e094eb8ea4486d387185966c98295d3f58b17eef6cc3b4d07e93a3d9f4772ee52f18a5bb30aa3972850e658170bddb676f33266c9fd10f5990bad891f0ceb782736b40f01bd86509b06304a96d93da233dbed18afa1818aaf57af9bdbc867b397ff235a83e857224b15065225eec039dd4e2d69a04ee10bea0695041eda59b058ec05f49048ee324d16c4d6107b6ecd04875eb744e9365471b4c5fe6611b261893f9d2b128e135f92e474156b271b3c82e9a7663dad4953d30e10eda0862607dec3372b39970f2a84b12f60e6dae7f31799086d38a7e34948419c1b07f44c2159c86b8c0cfe8747fc2bad5bf475356cfe69de2dc6ad5a519fd65c12564701c05f7c277ecafcf4c87b148df1f9879a9ae443c55aea52138c6fa01ef0c3abb5f2df90a57ab6624178c737b54915b7aa29ea78e8e49ef5a816d8a92c2f81b8a19632779c892d66f753d518c41cccc9e593e50742625bcafa468805c37a21f8e29a6960ddf5c5e5ca14a7b052a7b6015697a0210ed6f0143e6b484c3f5b3b4726c607d07bfb3d54a09c98043f21dcc5cc20bb4754e2e5a73b2f806c2204b72f36ab9e96a62c6277c0ad66be7abffc163b4e8fafceff5e202e5943f4f0e6b92b4ddb953cbb791f83166036938e6c44ad91a596a5573440fb30741e660b6cd5f86ffa746e6e972b805c10b7b7b9a63c0551db8eb4f8400cde2868c0d0d4eb4cf117f8ec4ab9744fc5879dea7f0ef16c291d55c17f08b731b7c65d0c441b63bc8ff5e94904c026a1361dacc80a93a9b9fba3b403617aeb94a568541848011954234aead700f034c47c7def877905255f18bdb9a257ce5bdcf0e17670cdaaf13b1c7e09d58f92a9663af239e22078e180a23ccb6f64d64:24a433337683bc71a6ca3bccd8cc2400c24464fa67714b46515f2a1432712705d570614db6d26bbbd3f0267c1427ca1c2f40dc9a6f1fb0f0fc714a02e24b47082ea8dce1487f45d6ff8eb83c54fb7edd76ad6e608bb8daf1a1823da4f4e4e9863173897c197ac65804823bca95091f59e86d63c18dbcdb85743f8893ee694d815601f8f22f4d7df087f0114bb26c3795e1fe4b7f4a8fa31fd9f4ff10fe5dd452c54c5578c752f888213076be467ba30d2e2fbbee877c4be9b6ec4f04021c006f9266311943cab7cea99a2acebb69eec3e618c131f97430075f7975e39f26d5315178b69a1ddf731761051b93fb8df7e0e8b41e82e7f4f75e91d6c890b14ca533e094eb8ea4486d387185966c98295d3f58b17eef6cc3b4d07e93a3d9f4772ee52f18a5bb30aa3972850e658170bddb676f33266c9fd10f5990bad891f0ceb782736b40f01bd86509b06304a96d93da233dbed18afa1818aaf57af9bdbc867b397ff235a83e857224b15065225eec039dd4e2d69a04ee10bea0695041eda59b058ec05f49048ee324d16c4d6107b6ecd04875eb744e9365471b4c5fe6611b261893f9d2b128e135f92e474156b271b3c82e9a7663dad4953d30e10eda0862607dec3372b39970f2a84b12f60e6dae7f31799086d38a7e34948419c1b07f44c2159c86b8c0cfe8747fc2bad5bf475356cfe69de2dc6ad5a519fd65c12564701c05f7c277ecafcf4c87b148df1f9879a9ae443c55aea52138c6fa01ef0c3abb5f2df90a57ab6624178c737b54915b7aa29ea78e8e49ef5a816d8a92c2f81b8a19632779c892d66f753d518c41cccc9e593e50742625bcafa468805c37a21f8e29a6960ddf5c5e5ca14a7b052a7b6015697a0210ed6f0143e6b484c3f5b3b4726c607d07bfb3d54a09c98043f21dcc5cc20bb4754e2e5a73b2f806c2204b72f36ab9e96a62c6277c0ad66be7abffc163b4e8fafceff5e202e5943f4f0e6b92b4ddb953cbb791f83166036938e6c44ad91a596a5573440fb30741e660b6cd5f86ffa746e6e972b805c10b7b7b9a63c0551db8eb4f8400cde2868c0d0d4eb4cf117f8ec4ab9744fc5879dea7f0ef16c291d55c17f08b731b7c65d0c441b63bc8ff5e94904c026a1361dacc80a93a9b9fba3b403617aeb94a568541848011954234aead700f034c47c7def877905255f18bdb9a257ce5bdcf0e17670cdaaf13b1c7e09d58f92a9663af239e22078e180a23ccb6f64d64: +5a25ea5e182d9bf8e930a20b6cf55e24e83862789b3839b1ce9a71e938c42d37c981fc36f1a6d5f7d451cd5ef39cd3ab02087fcc6af27dd78ea827497e779e21:c981fc36f1a6d5f7d451cd5ef39cd3ab02087fcc6af27dd78ea827497e779e21:214dd1927f2cacd9888714249b85434602ac78453b4af5386eee39295d3d5a2267806eb0cff2c132d364c2420d04e3f6cc0a967bf05a10ffcf1217bbf315e75b98060fd458d67ebaad9380f4adc4dbdf74cbf1c6479202bdd7fed3a946697dc38444d88bfe51d41d7a9b38da60b850c56b48ba984f6a1889514955c0dadb69a8c736cc76cdc49f13f85a8bfb7928ff0a0c0c03f17c74b5e1062d7553fbeb9dd3d5081de1dfd8a6a9976697c6a259bcf7d4bef1c21e0aaf3298b0421b919fddfc1dcb3ec683d86ff3d423d71c8f2d723a42ff68d82e9f391749b82998dcfa112160f52a413a23d95fc42c3bd22384bad77754a710d8b9f84ae0a802fc46509e7f2b07079012b43bfeeab719bde56f00e59b8edf1c472883b1985b2fa699a1ae90cf45d7ac580ceb5f2797def5b8bf4f2b9b3519a727b9f2cd1256a2f076ed2296495b5c2df7887ff89e88e236a14cde6324f43d68d90172b0b88bd28803e999dbedcc501db654544e171ec1f9f32d4d3321d589392e03ca659f96752e1f08a55db553d866985541f5bef84ce2ee323e17d1f7dc164b50515a287d5305fc28c5983b9e5398b2407ae47296fe4a481d22ffb4b865a66b97a6c27935dd8eb86994b79d368363713f101dc37f429eee0fee2441c2dc17bf43924f0c044f143290eaf3f9ee4d946dbe45831a0d83c076e751c14f3b1a7267f5446c188698d2b46d87e6f3b20bb3fdafe24cc096bc312d8678b38a80c3f052a0c96d5ad87a5dd8c133cc9a15be33574cd94308c24dec1a9bdf189ba687199f72ef6709878e10f87bd8a03dc84c8fa96420285898ca3211d8b0ccef64011ec24f38e574da34dab9d2f002105227890f92488c621e5713e47dbcb1a82a6da60d8b2201eb29d494493360ed5a3f4b5225eae7707ee0b4c0407305c16754c7f630fc85c13e4917047bcff3b2a293fe955506c7264ea65bf3a9b25acf343600d8fa0c7c1a290d0271101b7f40b96e7fdaf29def9d9327a5ae05446cb5a6d322453a8b098bcf3aee1f704e14d00be342b8934d19e529218872ea3a2fb2124b52667c01fca5841c66e1e64a1e680e09ba186e04d105186cf6eb728b9d502a66b829fbc992a3881004ecdc80adfd044eda880f8af72a14fb550d7cc74194a945207d:a4f35b49d7e198e5d326e353fbb01fa13b6ae260d1e48e30c1b967737a5e79936c97ca2ba799ca34e5e788cea5ac8ed10d5cd15dae53e42432321cc26dc99809214dd1927f2cacd9888714249b85434602ac78453b4af5386eee39295d3d5a2267806eb0cff2c132d364c2420d04e3f6cc0a967bf05a10ffcf1217bbf315e75b98060fd458d67ebaad9380f4adc4dbdf74cbf1c6479202bdd7fed3a946697dc38444d88bfe51d41d7a9b38da60b850c56b48ba984f6a1889514955c0dadb69a8c736cc76cdc49f13f85a8bfb7928ff0a0c0c03f17c74b5e1062d7553fbeb9dd3d5081de1dfd8a6a9976697c6a259bcf7d4bef1c21e0aaf3298b0421b919fddfc1dcb3ec683d86ff3d423d71c8f2d723a42ff68d82e9f391749b82998dcfa112160f52a413a23d95fc42c3bd22384bad77754a710d8b9f84ae0a802fc46509e7f2b07079012b43bfeeab719bde56f00e59b8edf1c472883b1985b2fa699a1ae90cf45d7ac580ceb5f2797def5b8bf4f2b9b3519a727b9f2cd1256a2f076ed2296495b5c2df7887ff89e88e236a14cde6324f43d68d90172b0b88bd28803e999dbedcc501db654544e171ec1f9f32d4d3321d589392e03ca659f96752e1f08a55db553d866985541f5bef84ce2ee323e17d1f7dc164b50515a287d5305fc28c5983b9e5398b2407ae47296fe4a481d22ffb4b865a66b97a6c27935dd8eb86994b79d368363713f101dc37f429eee0fee2441c2dc17bf43924f0c044f143290eaf3f9ee4d946dbe45831a0d83c076e751c14f3b1a7267f5446c188698d2b46d87e6f3b20bb3fdafe24cc096bc312d8678b38a80c3f052a0c96d5ad87a5dd8c133cc9a15be33574cd94308c24dec1a9bdf189ba687199f72ef6709878e10f87bd8a03dc84c8fa96420285898ca3211d8b0ccef64011ec24f38e574da34dab9d2f002105227890f92488c621e5713e47dbcb1a82a6da60d8b2201eb29d494493360ed5a3f4b5225eae7707ee0b4c0407305c16754c7f630fc85c13e4917047bcff3b2a293fe955506c7264ea65bf3a9b25acf343600d8fa0c7c1a290d0271101b7f40b96e7fdaf29def9d9327a5ae05446cb5a6d322453a8b098bcf3aee1f704e14d00be342b8934d19e529218872ea3a2fb2124b52667c01fca5841c66e1e64a1e680e09ba186e04d105186cf6eb728b9d502a66b829fbc992a3881004ecdc80adfd044eda880f8af72a14fb550d7cc74194a945207d: +42335c30b3f6b359cef5aab6a3ce2858a151b7a4fd78d2fd3ee36fc29d249404301c515a02a4c66bc6401080c6ca7923b7831e3c9a72b55b14027eb2e7b3b152:301c515a02a4c66bc6401080c6ca7923b7831e3c9a72b55b14027eb2e7b3b152:6da2251e6f559536b09bfafb8160a2e8102d31f8b59324083e5227b20c3e5c3a06e2396768dca3ec76dc7fc0eb3d145e62ed07fc1a8b1b2e347013a0527274d0b234fe725026a9d128f8df20dbfa3b6503818edebd7f24934080945a7e1ea02273fe48b6ed1e83fd168d7973fbb7941b4037d3cda555e0e89c2b943fb1e20765ac7d4fa3777f35a0a8bc118f599c847be3fdb2d8e201ae12a30bdefb034ff24e3e2e701a0d1733734078bd1f9a69bbc667e461211f2c769d29db7c4d62d6b1b92b56f5f18a931a926064b78da146e18b48139b9b39862aec37bcce12cb789429e68ea38112d0b5cce30bd2d26c5f7fd415daf7ca317b3368b7617d4525e5bc97d9461d5d64f6b5d318d0bc3b76f25b0605426909f2aa0cd667a4f0e075b9a9fb2e9a6c82704d8a9f1666844edc32f63a3d4e0fd9fdba30b51b3336b96e9eae392a342de49e9b5fa0f9b90171bde09cf1e946499140008159eb1865563c28394b03a8d7a552271b2876687566b80fd3be2b66332fcad196cab8527c56e21536a141652cdc7fa745b26a331d787b93e5e816d8d851a58f6ac07a5827fcdf472e8685433a40cac0c49aa569319a2e57b41c9998165e69723ba77e5c0423c4b4ca07187bb7442e7d31caacb27700c71ae48cd055ed2fe4da363f44821124cca1bf2e63d9b8abd2fa41b1422f52d558bc5f110c863cc600864984ed259b73cddd5796b32979eddf76a07bc59b7368c48e129ecc0d4535dccee2c3b8e56de50e6f5cc6ea515cd6a0ebdf1ca79aa2794821ad2e109edda450c9fc3c84d8c96bc38d4b437a738f818b4ddcb684383c09b11b36052e9d2f76a61eb4d62049ced5f61662c4b9ecd24a67f4519d46528c5b2eb21005f49c73a3370c68e37ac2b18d481fa10f96714fe05c168df11cda54f14f4937e9fce1f516c0371b36a2c0a050bac7fa5122a6e35ec9c40436585f316e6c911bdfd7db4b80b4306479b82a2b243a52b2d2b62742ed11282790cf6fdc7c9c824364cf25636a855150bddbdf7e640f9f952a947ec7974925e8245068b292101b1f4b2018e85d078c2feef4492349729ad4acb38f1c7c0270b61d3dfd7636c6cbf181e4c8a0e64fa06132553c2b9db7019e3b3c485d8d5b7dfd5f515e4d71ede535ae7f2aaedc23:67b0f17449039e8c797bf913aae6e4f0bb99c74d6d10c973b990ffe03e7ee4ab5b35806db15a98c0846a827e7bcd539cd3bc09dd118ab3e52663a357b12991076da2251e6f559536b09bfafb8160a2e8102d31f8b59324083e5227b20c3e5c3a06e2396768dca3ec76dc7fc0eb3d145e62ed07fc1a8b1b2e347013a0527274d0b234fe725026a9d128f8df20dbfa3b6503818edebd7f24934080945a7e1ea02273fe48b6ed1e83fd168d7973fbb7941b4037d3cda555e0e89c2b943fb1e20765ac7d4fa3777f35a0a8bc118f599c847be3fdb2d8e201ae12a30bdefb034ff24e3e2e701a0d1733734078bd1f9a69bbc667e461211f2c769d29db7c4d62d6b1b92b56f5f18a931a926064b78da146e18b48139b9b39862aec37bcce12cb789429e68ea38112d0b5cce30bd2d26c5f7fd415daf7ca317b3368b7617d4525e5bc97d9461d5d64f6b5d318d0bc3b76f25b0605426909f2aa0cd667a4f0e075b9a9fb2e9a6c82704d8a9f1666844edc32f63a3d4e0fd9fdba30b51b3336b96e9eae392a342de49e9b5fa0f9b90171bde09cf1e946499140008159eb1865563c28394b03a8d7a552271b2876687566b80fd3be2b66332fcad196cab8527c56e21536a141652cdc7fa745b26a331d787b93e5e816d8d851a58f6ac07a5827fcdf472e8685433a40cac0c49aa569319a2e57b41c9998165e69723ba77e5c0423c4b4ca07187bb7442e7d31caacb27700c71ae48cd055ed2fe4da363f44821124cca1bf2e63d9b8abd2fa41b1422f52d558bc5f110c863cc600864984ed259b73cddd5796b32979eddf76a07bc59b7368c48e129ecc0d4535dccee2c3b8e56de50e6f5cc6ea515cd6a0ebdf1ca79aa2794821ad2e109edda450c9fc3c84d8c96bc38d4b437a738f818b4ddcb684383c09b11b36052e9d2f76a61eb4d62049ced5f61662c4b9ecd24a67f4519d46528c5b2eb21005f49c73a3370c68e37ac2b18d481fa10f96714fe05c168df11cda54f14f4937e9fce1f516c0371b36a2c0a050bac7fa5122a6e35ec9c40436585f316e6c911bdfd7db4b80b4306479b82a2b243a52b2d2b62742ed11282790cf6fdc7c9c824364cf25636a855150bddbdf7e640f9f952a947ec7974925e8245068b292101b1f4b2018e85d078c2feef4492349729ad4acb38f1c7c0270b61d3dfd7636c6cbf181e4c8a0e64fa06132553c2b9db7019e3b3c485d8d5b7dfd5f515e4d71ede535ae7f2aaedc23: +be6b2babddd2dca1b0e10d12d20a9ce29c6785dac1d60f2edfa94ac2784ba766398f22f0efbf8c38355e4791bf670898951fbbd5518f0e2a605d460023f613f0:398f22f0efbf8c38355e4791bf670898951fbbd5518f0e2a605d460023f613f0:5c9295881b7a670669b04cbe0dabd89693b77f7cce0d4a33f52e02eb26959e713d9aef5f95442bdf91728383325202aaccc037477e3666facaf24eac9534879aa3efe18ffc1a5c54e39c7687d0937b2471bab389b646cbe6b3e5d5961ea63bd452b4743344ce4c793374523795c781ee84d511e2941119bad1f4a746ed9dba89c8d0751a6402718635f6e31d9e18681c6956c5373251d35f53baa1987cd448c9031a07f32c8029119de3a91631dede1d933e0fa32629afe1b42eb591c22f87331e93cc083c23f64a6e5e586ff31cc04e423c56ae3f6a73946c48de4d85ab0017ba24456d69b59dca6d403b64b07c40d3b90e1223215e3f7e876c6701111e37e517770887310ca856f009a0d60654835d94e6587a439da5db0a0c37d7c9d37ca1d703e1b3227631adacaa79421a1c439d60349ae57741b7a8ad09ec293123030bf6bac0689e531ca7e72718223f9ea43becb0ee9d9c1ab845ed1cae443e3c5d4a9b1ede6db3417c3ace281143f42d85f599b3b9d3d05fa0ed07c1ec35ffab0305168b4e56e58afa0617f9a86b1b5b201dccb072b4cef0bb7b95c52daeef9d9e7424a5c0f148f9ffe60a5b23e0ff82c730992ac9c17f97f065cf0ad5377eaccb31d8bb923bd260ea119e6fa9bd6983482d70d9219102402dc6a3499193d0c1cd3ed2a66921a98df69b791413f4970bbce04f639af909c64f4560db0af6003dc46219e8ad2b372f8b5f81cfaa041ab71a348c931e8dfdbc409c22d7ee6e07626e104ec6cc7c6a4116177f93af16f124f196dab619b6f698c2d191858e960c2e947b51f3ac4838759c21fef7ebae35da24f55ebda9b9879aea17a6d8d927de487b175fd7faa21438a20923ddbbca72e6726934bd6c21e8118019f65b3810a07fa27b1cba64d0f39f0bfd49dcfafdefe379bdea82f31a9c39f7e81d294337d10f1e9d8b50eba458ce7b753d36968538513eddb0e84534411c4af3f0214610ee3901a0ebf316173ccaf15cd7ee496dbfc2465eb834df62029d621fe911824d7987df2d46346b4dce1ece7d19d55118c037c9955111d07f1fc362c739f1ea5b275c71c0aebf59655e2def16e123b3eb2526c3ca5e83cb24d5b68d7ac40a67593384c563afe0b552adaf60805035be97b80676adeb1576520833:702ab9acbfa75ea2adbe4be2b6847625aeb409eef9596fabe39d2c533a03431e5e579552e8a64fc4fb7d926aa8fffe0640698464c4454ce35fe83ff263051a015c9295881b7a670669b04cbe0dabd89693b77f7cce0d4a33f52e02eb26959e713d9aef5f95442bdf91728383325202aaccc037477e3666facaf24eac9534879aa3efe18ffc1a5c54e39c7687d0937b2471bab389b646cbe6b3e5d5961ea63bd452b4743344ce4c793374523795c781ee84d511e2941119bad1f4a746ed9dba89c8d0751a6402718635f6e31d9e18681c6956c5373251d35f53baa1987cd448c9031a07f32c8029119de3a91631dede1d933e0fa32629afe1b42eb591c22f87331e93cc083c23f64a6e5e586ff31cc04e423c56ae3f6a73946c48de4d85ab0017ba24456d69b59dca6d403b64b07c40d3b90e1223215e3f7e876c6701111e37e517770887310ca856f009a0d60654835d94e6587a439da5db0a0c37d7c9d37ca1d703e1b3227631adacaa79421a1c439d60349ae57741b7a8ad09ec293123030bf6bac0689e531ca7e72718223f9ea43becb0ee9d9c1ab845ed1cae443e3c5d4a9b1ede6db3417c3ace281143f42d85f599b3b9d3d05fa0ed07c1ec35ffab0305168b4e56e58afa0617f9a86b1b5b201dccb072b4cef0bb7b95c52daeef9d9e7424a5c0f148f9ffe60a5b23e0ff82c730992ac9c17f97f065cf0ad5377eaccb31d8bb923bd260ea119e6fa9bd6983482d70d9219102402dc6a3499193d0c1cd3ed2a66921a98df69b791413f4970bbce04f639af909c64f4560db0af6003dc46219e8ad2b372f8b5f81cfaa041ab71a348c931e8dfdbc409c22d7ee6e07626e104ec6cc7c6a4116177f93af16f124f196dab619b6f698c2d191858e960c2e947b51f3ac4838759c21fef7ebae35da24f55ebda9b9879aea17a6d8d927de487b175fd7faa21438a20923ddbbca72e6726934bd6c21e8118019f65b3810a07fa27b1cba64d0f39f0bfd49dcfafdefe379bdea82f31a9c39f7e81d294337d10f1e9d8b50eba458ce7b753d36968538513eddb0e84534411c4af3f0214610ee3901a0ebf316173ccaf15cd7ee496dbfc2465eb834df62029d621fe911824d7987df2d46346b4dce1ece7d19d55118c037c9955111d07f1fc362c739f1ea5b275c71c0aebf59655e2def16e123b3eb2526c3ca5e83cb24d5b68d7ac40a67593384c563afe0b552adaf60805035be97b80676adeb1576520833: +b1e47ca31c64b68aafafb443512e66787c6592f334aa78fa219a3d93c33a4ab358119b38e6a148a936bc5f92f4f29b982ff2cca64a5affa14ca1b6a62fe328c4:58119b38e6a148a936bc5f92f4f29b982ff2cca64a5affa14ca1b6a62fe328c4:767ec1b3daf204387f3fd3b20010781afb1f38f614474213287fff11307f5ff5ae7ec945a2b9b4870049d4532f8f61c1a7b5f211fca2e67c374d96219d8ea9de73f0e38704fc94c0e9e72f2e15daba3f88f749b1ed702660db1a352a2667d4dfd4e00a18efa4c6609ee9c9a88adacbbb985d3de8ddd17d4e4eb7cf74a1da91edb390852ea4cb9a424f7fa2229e083033a34059117e5efa7b6613d75e58b702c6cee5d004e8599b97503a5f10c4c4e5b9577371d3d05b2dfbf7cbefe6d092d65cbd405138d9b04c5186235983fab6d4ce85b636276206d74a2ee7db6164dac47cce78f50db99af6ac6e7064c13aab793be87e66289c94a09fb0a31d97971edd74ea9c0ce874d2b7d6c4abaeff07f870225151946a5c476f6b978996b87d8c984606c791287da6bad0aa44b0130be88671a556e2de35c4cb038ee781273530ace0a104c27809aee033c8bf9029d90fe7ba06aaa94e16a52c643dfd92a7624fbbee77a7158b2cc151bd3f61a1a76f32b28489307acf0dd8c26cc4adbbb8de430db4e4f58308b6ab90456111deac2978172fe1fc0ce498088add4c31c21f24279025feb48cbb7a920cff2d28710587af52c844db8a7aeb7df10d43411a3c8eeebb406d6efcb19248887d450b573d90305e1f23753e890511dcc77c740e316ad7f52d4902073db3998e4e4acc4e01885bd1188ecd6165aeded1e778702b6a6a79a94999102df72018f792f8f162007e812aef8f956e123282bbdbd0c35612c2d3473f944c6d76be9e86fffa46ccb1ae13505a4a81f31b8426b8b60de8e8a7c16d1e1665b271434665c442a9c6a977ce986f6993b7439af03b402eeafff1456d151526d9c58f515fd2485e0cbb324a503a8d491344cdb2aff4c41aa8e2ed66e58083bf0d2fbf4877c85a4bcd6b9cbb821242c94147e5fd8b7dd792ad0a28d49d41100b431bb4d8c7833d8505dd9e2649f9ca7051be68712ef3637102036b002649473ce259677d82c6062895e161928b752f13c91a45955e80f007de690edf8a0e5eee4422e162b9d2b4a921d3a64845793aa2229e9c239e57a6b1a90a5254c3512f99345315ac7d3457f9154296c66822abe184d64e572b9c38492958e21b0292675410e7348b2b718a0b7592caee94581a948d2f41fa03c61e:dfac86df586ec34c7cfea5d5a6cd1140e50b6bf050f8e41a190ebfd3b1432b95a57d5652dbae8f53e037ae326e7f18cfef7c779f40346f7c0d8644610593f209767ec1b3daf204387f3fd3b20010781afb1f38f614474213287fff11307f5ff5ae7ec945a2b9b4870049d4532f8f61c1a7b5f211fca2e67c374d96219d8ea9de73f0e38704fc94c0e9e72f2e15daba3f88f749b1ed702660db1a352a2667d4dfd4e00a18efa4c6609ee9c9a88adacbbb985d3de8ddd17d4e4eb7cf74a1da91edb390852ea4cb9a424f7fa2229e083033a34059117e5efa7b6613d75e58b702c6cee5d004e8599b97503a5f10c4c4e5b9577371d3d05b2dfbf7cbefe6d092d65cbd405138d9b04c5186235983fab6d4ce85b636276206d74a2ee7db6164dac47cce78f50db99af6ac6e7064c13aab793be87e66289c94a09fb0a31d97971edd74ea9c0ce874d2b7d6c4abaeff07f870225151946a5c476f6b978996b87d8c984606c791287da6bad0aa44b0130be88671a556e2de35c4cb038ee781273530ace0a104c27809aee033c8bf9029d90fe7ba06aaa94e16a52c643dfd92a7624fbbee77a7158b2cc151bd3f61a1a76f32b28489307acf0dd8c26cc4adbbb8de430db4e4f58308b6ab90456111deac2978172fe1fc0ce498088add4c31c21f24279025feb48cbb7a920cff2d28710587af52c844db8a7aeb7df10d43411a3c8eeebb406d6efcb19248887d450b573d90305e1f23753e890511dcc77c740e316ad7f52d4902073db3998e4e4acc4e01885bd1188ecd6165aeded1e778702b6a6a79a94999102df72018f792f8f162007e812aef8f956e123282bbdbd0c35612c2d3473f944c6d76be9e86fffa46ccb1ae13505a4a81f31b8426b8b60de8e8a7c16d1e1665b271434665c442a9c6a977ce986f6993b7439af03b402eeafff1456d151526d9c58f515fd2485e0cbb324a503a8d491344cdb2aff4c41aa8e2ed66e58083bf0d2fbf4877c85a4bcd6b9cbb821242c94147e5fd8b7dd792ad0a28d49d41100b431bb4d8c7833d8505dd9e2649f9ca7051be68712ef3637102036b002649473ce259677d82c6062895e161928b752f13c91a45955e80f007de690edf8a0e5eee4422e162b9d2b4a921d3a64845793aa2229e9c239e57a6b1a90a5254c3512f99345315ac7d3457f9154296c66822abe184d64e572b9c38492958e21b0292675410e7348b2b718a0b7592caee94581a948d2f41fa03c61e: +fbd55fa743c3a5910b3857dd0b6aa584f3b238de056b76ab7617aeb52638fef6a7a163c4183bd84b756df3c8afdfb9cd5b242352d9499ebdab90785c3bd6db2d:a7a163c4183bd84b756df3c8afdfb9cd5b242352d9499ebdab90785c3bd6db2d:bf5252b2aeca1163771f766278768066f21971357ea7996158a8d6e908dd59b59971349fa17882cb9224b972d0ffabe85510dcf25a9f9f9bdefad2f4cadfbbdacc1fca9d948cb5412f474cad23b5b9199bf3c7370641339b750e1f78c2adb460aa5b21b1fa8f97714abb4ed5e9cb51d6de55816618abd3fd2b286bc11c67ba01129373d435b3e7e391ba372614da8322875e46a675b645156024cad2dd13f9a081616bf131a24358894e0efa1d56648ffb42efb54031da7f37d197615155aedb69c4e709c8bbbe7fbfcb598347ac5d0c638407847b281cf116433097f5662158719fcdd37beb489268ce71de7d70ed925f743fc63a715f7eee7549fdb909cc454c988b30ae4d77d62f65a07e2c8f9362385d028a603108c945872f5e1a97419878ed49542e288ef07b5c90f5c4159e162303d080f6ac2b058ddcac60746f9e1c9ec1df8eda42d62738586d3fdd65df55f4374f3294e0868d41ef0bb1fd55e0cbf195bbfcfcde5bdb41fad9a0477e4c90ca27fa8cf503362a33fdeca5a4f0ffea26e8d7e134fad3b1ec3d056055bba5e65d81153ee831873b938df7d2c83c2a52b3c221827f961bd008362232d882a0412a047afdfb8597c865a2aa2c2cf5189934a83ee6b752a626941edce0c20b6f7a69f1cf12f9a331cdfa9eda24c8defa769ccce2ef746c307d8bb04891fcefd49af3e6f96991a7a20f27b6c0af1218be31791d1d0293e081b90af3b92ecb175ec8c789f7a8642e041ec3a61aaefef62a807d1a5054adf8323bed942241623732a2051dc01f9a20a29aa48b3fdf265d0ba6c138fb5793e2875002e7de3f5c3ff7e83ad27d111c848b7e6e2e5ad5f28eb7c363f95f960cbc421336ce985f946b0515b1bdd3a832c3fe903f7b44e20c92ea80826fbf97e2a4fcaf2db1a08698dd62edd0a84589d7462c447b4a896fe00860042496bd51b1925cb79cc3b829016a4c7e62790f8058c546f2145aaaef4d4b1e273ff61300f8008e946b622f60e505f5f6290d51eb997d20fc3fbb3e99edd68ff5cce9e8c283881c364ff215cb50045e60f4a7ee45b6c9d86447f38141d342dbc5308f8c66efc47f7c45f6d25e6564309a862db90f4df331787ecdd89d3aaa46053e29f102624ddfe80e8a3f99287cec19fa83e44d557c0441:effb29da6985971c202e2450301d49711bed25fad85f6199d1eb1e71914d964cbe18e34cc3e32872cdec026bd119a41c1c07ca41e82acba62fb0a7c82aed800cbf5252b2aeca1163771f766278768066f21971357ea7996158a8d6e908dd59b59971349fa17882cb9224b972d0ffabe85510dcf25a9f9f9bdefad2f4cadfbbdacc1fca9d948cb5412f474cad23b5b9199bf3c7370641339b750e1f78c2adb460aa5b21b1fa8f97714abb4ed5e9cb51d6de55816618abd3fd2b286bc11c67ba01129373d435b3e7e391ba372614da8322875e46a675b645156024cad2dd13f9a081616bf131a24358894e0efa1d56648ffb42efb54031da7f37d197615155aedb69c4e709c8bbbe7fbfcb598347ac5d0c638407847b281cf116433097f5662158719fcdd37beb489268ce71de7d70ed925f743fc63a715f7eee7549fdb909cc454c988b30ae4d77d62f65a07e2c8f9362385d028a603108c945872f5e1a97419878ed49542e288ef07b5c90f5c4159e162303d080f6ac2b058ddcac60746f9e1c9ec1df8eda42d62738586d3fdd65df55f4374f3294e0868d41ef0bb1fd55e0cbf195bbfcfcde5bdb41fad9a0477e4c90ca27fa8cf503362a33fdeca5a4f0ffea26e8d7e134fad3b1ec3d056055bba5e65d81153ee831873b938df7d2c83c2a52b3c221827f961bd008362232d882a0412a047afdfb8597c865a2aa2c2cf5189934a83ee6b752a626941edce0c20b6f7a69f1cf12f9a331cdfa9eda24c8defa769ccce2ef746c307d8bb04891fcefd49af3e6f96991a7a20f27b6c0af1218be31791d1d0293e081b90af3b92ecb175ec8c789f7a8642e041ec3a61aaefef62a807d1a5054adf8323bed942241623732a2051dc01f9a20a29aa48b3fdf265d0ba6c138fb5793e2875002e7de3f5c3ff7e83ad27d111c848b7e6e2e5ad5f28eb7c363f95f960cbc421336ce985f946b0515b1bdd3a832c3fe903f7b44e20c92ea80826fbf97e2a4fcaf2db1a08698dd62edd0a84589d7462c447b4a896fe00860042496bd51b1925cb79cc3b829016a4c7e62790f8058c546f2145aaaef4d4b1e273ff61300f8008e946b622f60e505f5f6290d51eb997d20fc3fbb3e99edd68ff5cce9e8c283881c364ff215cb50045e60f4a7ee45b6c9d86447f38141d342dbc5308f8c66efc47f7c45f6d25e6564309a862db90f4df331787ecdd89d3aaa46053e29f102624ddfe80e8a3f99287cec19fa83e44d557c0441: +5d66ceb7c6e58cac91e288279170e818e787180c6b42dfa168787dd07f809fa4efc9b35db81f346198a7acc69f65fdfbf4c22e68dd7612e3b8ec68d378553b8d:efc9b35db81f346198a7acc69f65fdfbf4c22e68dd7612e3b8ec68d378553b8d:94d72f6dec4f7c9206b41510ce71a02955604f3c5de8e447d5871865a75898a4d207a26cf33d10caf05a0b6ed0d389fee9ed49275098a88e1c0d8304e81b4074214c7a5ce157eb2617ef04e1324ba942129faf32c31cb4aae4a5916c750808726856f7180e5797ede44362d747d70cec159d3b6acec63a514c7ef31b2ecd16db7fe68ea9c5ead9d870921800348f695412f3093e61985a31eadb79b59d91dd9a37f8d4ef7a5ddf223d4b24774c2e44e3f271ffb8500d595381b3df2e8e6b79ee65535a519a43eaa5e52b256c2643305e3170cbe57606a0545f8586565cfb75bf5e9564c62af05f15ee6e62afeef8c2c7a9dae235c9edd1d7c25cf49adc033ee7b583f518bc168ea48836b50ffedd2032b3f630cc56daadd513ebda864823610fc67a72b9a7d8117105c1c71d85a96b1d27a441fa1e7c6cf80233a49fe0e76a40278d06e34347d87be77b98ded5e2a3ea1afb13bee1e6cd6ca63be54fcf88a20ccb7a9fc324bf6143201b44483bcc964033dab71cf8f2a591fc050d5724e95aa50d32896eec0f3b34311d2a9934e9f852977e253f15304cae2416c2c4fcd8f1fecc3f1f64bb79759929abb0e8e8f5f7293d691af22abd3b2a6770b0cf144608f2d62cc7e52bfe333b2ed2de39b99afd37e3acf07eda37ddf0df029bff2ec22544b60bd7db238df1975ffa0075a82abd8d6b05b267180b870e21abf36981ae7768de53993b304f1c5453872fdfa8edad45f8001aa0e7342b3b58ec0f389dcbc271fb0f9000628757abba58c057e1a0899f6faf15f3740f3143f5c0b7a9159680de8c557266441b3b01caac12ec278f5a1025df53edb6134c96663a9666ae3baa90fc835111ef051bd912f67967449113b6a85f71df8c6037724eb8fc7d8319bc0385be9b0e99e95f9aedcae8d45a514476f05bcd7235c013ebc3aea9123c67aa6f3b79c85ea5db159eefadfb75a50ac6b95b496b5572581a76112ff6db263fc14c5818aad5bca3b2cb3ac8116d429482781e06f61e7563e6505e51c8ff998bf84aedb5202e2f9ff4c2689820296cc69603091b8b818fbeb2af5f4c57060d98c1a904843a70bf975b3c3ca6031a4cad5b4bbfba7e9b47491ab740d9ebe41d768810cb8cc51a937f7e3b22e3cf07ceae0ce20831495afcdd8c1a98:6ef264abf8b0e5c2d793b2c75279614a39c775eb2bcc0891067abc61f6d644a69ff8f814a30522cca90536f012c6283a76c32b89eee1bd9a4336f4fddac8dc0b94d72f6dec4f7c9206b41510ce71a02955604f3c5de8e447d5871865a75898a4d207a26cf33d10caf05a0b6ed0d389fee9ed49275098a88e1c0d8304e81b4074214c7a5ce157eb2617ef04e1324ba942129faf32c31cb4aae4a5916c750808726856f7180e5797ede44362d747d70cec159d3b6acec63a514c7ef31b2ecd16db7fe68ea9c5ead9d870921800348f695412f3093e61985a31eadb79b59d91dd9a37f8d4ef7a5ddf223d4b24774c2e44e3f271ffb8500d595381b3df2e8e6b79ee65535a519a43eaa5e52b256c2643305e3170cbe57606a0545f8586565cfb75bf5e9564c62af05f15ee6e62afeef8c2c7a9dae235c9edd1d7c25cf49adc033ee7b583f518bc168ea48836b50ffedd2032b3f630cc56daadd513ebda864823610fc67a72b9a7d8117105c1c71d85a96b1d27a441fa1e7c6cf80233a49fe0e76a40278d06e34347d87be77b98ded5e2a3ea1afb13bee1e6cd6ca63be54fcf88a20ccb7a9fc324bf6143201b44483bcc964033dab71cf8f2a591fc050d5724e95aa50d32896eec0f3b34311d2a9934e9f852977e253f15304cae2416c2c4fcd8f1fecc3f1f64bb79759929abb0e8e8f5f7293d691af22abd3b2a6770b0cf144608f2d62cc7e52bfe333b2ed2de39b99afd37e3acf07eda37ddf0df029bff2ec22544b60bd7db238df1975ffa0075a82abd8d6b05b267180b870e21abf36981ae7768de53993b304f1c5453872fdfa8edad45f8001aa0e7342b3b58ec0f389dcbc271fb0f9000628757abba58c057e1a0899f6faf15f3740f3143f5c0b7a9159680de8c557266441b3b01caac12ec278f5a1025df53edb6134c96663a9666ae3baa90fc835111ef051bd912f67967449113b6a85f71df8c6037724eb8fc7d8319bc0385be9b0e99e95f9aedcae8d45a514476f05bcd7235c013ebc3aea9123c67aa6f3b79c85ea5db159eefadfb75a50ac6b95b496b5572581a76112ff6db263fc14c5818aad5bca3b2cb3ac8116d429482781e06f61e7563e6505e51c8ff998bf84aedb5202e2f9ff4c2689820296cc69603091b8b818fbeb2af5f4c57060d98c1a904843a70bf975b3c3ca6031a4cad5b4bbfba7e9b47491ab740d9ebe41d768810cb8cc51a937f7e3b22e3cf07ceae0ce20831495afcdd8c1a98: +62ed8682bd3ab3966eba3bffb775a318a03d99931979e99feb2ddbd69455a0efd32ada178b3ec7700c47dd6d365322033fe431c302b46f8d58798ed83371566b:d32ada178b3ec7700c47dd6d365322033fe431c302b46f8d58798ed83371566b:9eb13bc7facf51a180541ec1dc5f5acb148c8d5eadcd2c4ef068bcdd11b34925eabfafabfe82a284bcbaee1381152af8e5e09f037cf1bb6484ac18e37359bfaa4c87aa07d3d14ed089b053910d1fa473f7bce143e2a59c4daf99b6c6e4e9291d97c864712af3eaba53ce2517a4f75cd7ecf278f34e22b7dffd088fa5ecadc0dd22135e42a536c684f2195d315f6924571e463f5cfc11b9f9d05a7ea11b98a169a1e39360973c50ad45c7491b57138ec050f43cbd5d17eb3fe0013e3d28d526054e07633152246f16554f3054749eea687b9c371b409cd3ecefb111a1d600407344e6d6ec38c60f6e545a92382e46c4d113125dbe5b9826e127f10181a35acfff28ab3764ca7f238ff479fdbc45b7a2ad0ff538c8acd0018d4470febcc6a307651cb5832f326b19241be9867e4eca6ae36f0e2d83fd77b97202b364716e36d1895a36853e7e76e88f62dbbf7726c2180569c66673837ad72ff936cf0e2fdb9ec6afcc79f8829e157f952288f4e00d0410a72253bf605eddceb01440dee5dd32b5a803439f038c06af1c90b27b5fe9843c27ae76609cbf832835c0e3c4bb59976ccede448786d91e438e0775c06a92d0f0b8dc0ef68260f7dd9e6871c4d0c0c09463852615218516f4a6debfdb46273b283382cd9ca744abf9fd439194b8cf1bdbb3175ca9c57a1c373c41fce92bd5fc012b19a0698aef37baf806ae09add8cb972a9ef9a7a5a9b1fd9a41d854c30cca1396140e20c2b98654fe6e511b626a43915b22fb2dad747ba7fe7460d8cebb2006fea19b3284b09c06a6f52f179a32beb56357b929a659f0fe6a26b697033def58ba603f430f74aa35070981db74ccf19190a1fb05144ec0a09a51e54765069730b09a7a2331ffb3de2a7e02c5e184da4013dfe937c371117524f7b210ba60e2692dcdcef36ab227b4c4f02a9f488972b847f0d6b59d02ee54fede8821db6cf731cc8ac895350ac5cd4d6baa3ad036f06f20d10a140c4ad3d10ca985532e3160462773385a2eb5e464d528e1e59c29f66b3de59e9ea28af3f97bfc5589035752a5a5523decd2dff01fc00ff31b30152ff5dafa331c6ab15873af41aa960aace7d2cb4f95c23df44b9e6c6e2f86788a872fd3a5cbe4acc95810daa09dcc1df933465ef040c53d9d959f9dad:3da8d14dc4e71fe6c32ede463788e41b826b4e2160ba10c95f1c8a2749aad8f12e98ae2468303baf6908bdb35ef38a5ecd77741e72ee3a427fd904dae66fcf039eb13bc7facf51a180541ec1dc5f5acb148c8d5eadcd2c4ef068bcdd11b34925eabfafabfe82a284bcbaee1381152af8e5e09f037cf1bb6484ac18e37359bfaa4c87aa07d3d14ed089b053910d1fa473f7bce143e2a59c4daf99b6c6e4e9291d97c864712af3eaba53ce2517a4f75cd7ecf278f34e22b7dffd088fa5ecadc0dd22135e42a536c684f2195d315f6924571e463f5cfc11b9f9d05a7ea11b98a169a1e39360973c50ad45c7491b57138ec050f43cbd5d17eb3fe0013e3d28d526054e07633152246f16554f3054749eea687b9c371b409cd3ecefb111a1d600407344e6d6ec38c60f6e545a92382e46c4d113125dbe5b9826e127f10181a35acfff28ab3764ca7f238ff479fdbc45b7a2ad0ff538c8acd0018d4470febcc6a307651cb5832f326b19241be9867e4eca6ae36f0e2d83fd77b97202b364716e36d1895a36853e7e76e88f62dbbf7726c2180569c66673837ad72ff936cf0e2fdb9ec6afcc79f8829e157f952288f4e00d0410a72253bf605eddceb01440dee5dd32b5a803439f038c06af1c90b27b5fe9843c27ae76609cbf832835c0e3c4bb59976ccede448786d91e438e0775c06a92d0f0b8dc0ef68260f7dd9e6871c4d0c0c09463852615218516f4a6debfdb46273b283382cd9ca744abf9fd439194b8cf1bdbb3175ca9c57a1c373c41fce92bd5fc012b19a0698aef37baf806ae09add8cb972a9ef9a7a5a9b1fd9a41d854c30cca1396140e20c2b98654fe6e511b626a43915b22fb2dad747ba7fe7460d8cebb2006fea19b3284b09c06a6f52f179a32beb56357b929a659f0fe6a26b697033def58ba603f430f74aa35070981db74ccf19190a1fb05144ec0a09a51e54765069730b09a7a2331ffb3de2a7e02c5e184da4013dfe937c371117524f7b210ba60e2692dcdcef36ab227b4c4f02a9f488972b847f0d6b59d02ee54fede8821db6cf731cc8ac895350ac5cd4d6baa3ad036f06f20d10a140c4ad3d10ca985532e3160462773385a2eb5e464d528e1e59c29f66b3de59e9ea28af3f97bfc5589035752a5a5523decd2dff01fc00ff31b30152ff5dafa331c6ab15873af41aa960aace7d2cb4f95c23df44b9e6c6e2f86788a872fd3a5cbe4acc95810daa09dcc1df933465ef040c53d9d959f9dad: +4e57f0311fff0e5d538849b1216f695b1a5277941708204db2f0c15b3c73c82ae3371fe236ad2f6f42f9e1fa4e1eda2c3e29c36c8ad2218a3c037982f0b579ec:e3371fe236ad2f6f42f9e1fa4e1eda2c3e29c36c8ad2218a3c037982f0b579ec:052a1f41ebfd4bf65efb0ec8e74dd7b3065e9c482c49b99262e6dfa8407d9e31ed34d229ba41fc49a94a1309f990a99cb9902fb84f4ede91bb64714564a913d574d4a3c286f0a192a78ce2d55aae5c9fb057ff36120018b2a8b54d98085537ea64aea999d5321c7880b36ab43018ea2c92a5e68350d3de8526e2c8bc9141f4349a18a34f21de0abbf2930987567f0aaf8eb19145580d71306ce8a69e79f8eea26cfa0b8beb49cc5aa2bc77b797d4f8d50326ffb937399e94fdec85e192f1272a80e9a0ebbaf5d01f1b97060802bd4af34c0f7d7e98543f9d66d60e0e6bc0bf9c990be31eea1978ffd16733a8abe49558b3add0dce6defd64dc043f1519b1e9be66e06e41ecab168c8339a85e0b913818644ea7c5334468fd7196a01e1d4ce8dd1e7ee313dd5350b8dce4f5d7a6ac09857c4d3d0f10a3d9062609754592ad1077b2e2096fc9e5b1978c98b5660ddf51b46ede9f9dcd41b2ef44e79f6daff7d3626870e2243cafb2f4367939109ed9c01484b79eaa30a1891ea18f984e161dcdd1bda37134bf6735d2b2149b4898dacbfda61e6002d72a6fc5d21f1098213231132d56df68d6a9bfdf4eddc0524db8fd8f248852049a6825a5edd2360c009af24f0a94c5079ddf6fe796945ff984aac36411ce80d987c6ed67b6b0ddb6d417f6e809991e729d147dd0d21a093241363cf4ef3b8e3ba02d486633b6b217f5493e2e432b8c2e27d00c5b56c9b65f9aed49ce93d77e7d0bf5f92f92f5bb4b595d66f887a4880133f970463ab8b7f3d8c794c0406e88e3eab9ae65f1a185d6e39e2dd6abb8a93d2ac4b9208398dab89dbc07a41a50264026412da022b58f489d4dba31fb882fecb1ff8ca1820dda1865af1551e46cd618b44c4e6eb3037a9333fdccef4b895189e4390e93145d264ca5f45202a3eb2853593feed6c66dbb288ff3a3c0fa832b2aa7e529b5568897b3149402a907e741e1011ce0731c915f91446aa0d5caf0595f1816434fa4576db3bc31e10cc2af33f613f03ca7b9491a0a340525271ab537f62a11a84da01c7f5581ad5738c372b5335bab9b2b9dc2fe91e933304d9401ba8e1ce8dc55c4fb466b3a8ed7f53a122b8381d8f29047d7264d06fb51ec3e70071f2736a4e7e1537a52fa256a04ee86fad27ad2d28a9b3629:4fdc7b6e2827f64ba3c033c7fb6d1b35dd680f532999a0d77aeb276c31bd9e39c670978be47243c113223a57aa10233150678b40db78591c04d08df57a70a209052a1f41ebfd4bf65efb0ec8e74dd7b3065e9c482c49b99262e6dfa8407d9e31ed34d229ba41fc49a94a1309f990a99cb9902fb84f4ede91bb64714564a913d574d4a3c286f0a192a78ce2d55aae5c9fb057ff36120018b2a8b54d98085537ea64aea999d5321c7880b36ab43018ea2c92a5e68350d3de8526e2c8bc9141f4349a18a34f21de0abbf2930987567f0aaf8eb19145580d71306ce8a69e79f8eea26cfa0b8beb49cc5aa2bc77b797d4f8d50326ffb937399e94fdec85e192f1272a80e9a0ebbaf5d01f1b97060802bd4af34c0f7d7e98543f9d66d60e0e6bc0bf9c990be31eea1978ffd16733a8abe49558b3add0dce6defd64dc043f1519b1e9be66e06e41ecab168c8339a85e0b913818644ea7c5334468fd7196a01e1d4ce8dd1e7ee313dd5350b8dce4f5d7a6ac09857c4d3d0f10a3d9062609754592ad1077b2e2096fc9e5b1978c98b5660ddf51b46ede9f9dcd41b2ef44e79f6daff7d3626870e2243cafb2f4367939109ed9c01484b79eaa30a1891ea18f984e161dcdd1bda37134bf6735d2b2149b4898dacbfda61e6002d72a6fc5d21f1098213231132d56df68d6a9bfdf4eddc0524db8fd8f248852049a6825a5edd2360c009af24f0a94c5079ddf6fe796945ff984aac36411ce80d987c6ed67b6b0ddb6d417f6e809991e729d147dd0d21a093241363cf4ef3b8e3ba02d486633b6b217f5493e2e432b8c2e27d00c5b56c9b65f9aed49ce93d77e7d0bf5f92f92f5bb4b595d66f887a4880133f970463ab8b7f3d8c794c0406e88e3eab9ae65f1a185d6e39e2dd6abb8a93d2ac4b9208398dab89dbc07a41a50264026412da022b58f489d4dba31fb882fecb1ff8ca1820dda1865af1551e46cd618b44c4e6eb3037a9333fdccef4b895189e4390e93145d264ca5f45202a3eb2853593feed6c66dbb288ff3a3c0fa832b2aa7e529b5568897b3149402a907e741e1011ce0731c915f91446aa0d5caf0595f1816434fa4576db3bc31e10cc2af33f613f03ca7b9491a0a340525271ab537f62a11a84da01c7f5581ad5738c372b5335bab9b2b9dc2fe91e933304d9401ba8e1ce8dc55c4fb466b3a8ed7f53a122b8381d8f29047d7264d06fb51ec3e70071f2736a4e7e1537a52fa256a04ee86fad27ad2d28a9b3629: +39f0556b1c5dcab387104181bb304de0cf815920b972e871d5f0fb416d8e616ad85fb76e78c3d5bb7ca6b05b310191821a4a7d2d9bdf02292cc7aea5642e4819:d85fb76e78c3d5bb7ca6b05b310191821a4a7d2d9bdf02292cc7aea5642e4819:a8d034e170fc22b57a44aa6269ed1f01cba801f398df1adfe7df044d5fa468bbfa8af4749ab50d24d62e313ac0e73a64b4282b74626af2b4a4b54c274e5a6bc280b6dc25dcfe07814c9c816d2f9e36c05b9bfedff7c6b03cddebd4735e0993d3c3fdc6540443c6005e900b4035e1408a85016aa1b89202990e5d84ed9981c29b77206d7c113052a2029812c6ea13aae8be0aca7a3306bf617242298e68becd0d5d16c8887fd1950b7785a46bb022b39f7607cd8913718b3017fc3f86d6933f75eec5191ad1f1989a8d261786f56be4a988370db82961a9fcc953542e51c2e086db0e02b4fc346694abd9059d5b11722647669e7f17b745a60b02f7339fcc99bc35d59fd0b98b60c314abd4bf8aa4b7eae09dd0097acb9189f02cf85a251ac92aaf691b15cd4a33b58d7663abd0b0444333044af5ce20fd71cbaffc0d29835819f49293fc26e7f9787fc368c4d35cae92747f21ca1f3efd87a0d8104199416482d07bfec1281c66f565285bf672d5e7486400660c017555e9fa2bf6a4e7027f0e7e5f443ed658b75b590612abde0d80d1a26cb8bde76b996eff6a74e3dafc59eb1b584f4597a239cd839fa1f1b7bda1a24d150c4e24b91cec01ee53a3ac852a912de195a3c29dd7079aa7e88aa81e9d31b8fccd435eda113c3f82458b7f7933572b776753c92240cc036158a4ba0e56efed53ecb53fc093fead14343485ae5d9105bb163f262514e48be74159c9fabcb71d1a4280d9ed70d7e42b75f7fdadd02d69198f5f465bf604cb4254417bac3714b3a99e6f1acec9e3b3d097f972fbc36f2eda3926d56112d4e9097d89bdc35937b9a3158e7cdd5da401e180d3ede6b1ff02864192eb729781534f4964ddf2af11800d8b5b6d01b209aa3369366c19a28c79a87d2174ec22fb1489a6755c348a996d0aa56e0f60d58e26befa23a86bef4e3529512e30a9d1c5e4885018cb97aeb7c93c5c41caa34236575c226f3b235eddba364e285b6e352707bbb3b339bbf2a63a9cb9bd333a77e79bd58a48e14ce5886ed0cd07c2d165a81b5e6a31a8ae7806bcf2e0c4ec29a967725e577f1741ee68f345f5f7ab0fad31c8b4b18b431c4977d5c584004b45f7cd1961affe8738e24c382610efe998353d7ebaf919b279bbb691c3052b8b2c5f09808ef3a6:0166afed5a8f7c3f7ad6f3fdd2938eff00898eab815c5455ac90fb51f6e1854f0c0753194b7629594cc1271b003431221c574b0c0d19082feeda51b084ae5e03a8d034e170fc22b57a44aa6269ed1f01cba801f398df1adfe7df044d5fa468bbfa8af4749ab50d24d62e313ac0e73a64b4282b74626af2b4a4b54c274e5a6bc280b6dc25dcfe07814c9c816d2f9e36c05b9bfedff7c6b03cddebd4735e0993d3c3fdc6540443c6005e900b4035e1408a85016aa1b89202990e5d84ed9981c29b77206d7c113052a2029812c6ea13aae8be0aca7a3306bf617242298e68becd0d5d16c8887fd1950b7785a46bb022b39f7607cd8913718b3017fc3f86d6933f75eec5191ad1f1989a8d261786f56be4a988370db82961a9fcc953542e51c2e086db0e02b4fc346694abd9059d5b11722647669e7f17b745a60b02f7339fcc99bc35d59fd0b98b60c314abd4bf8aa4b7eae09dd0097acb9189f02cf85a251ac92aaf691b15cd4a33b58d7663abd0b0444333044af5ce20fd71cbaffc0d29835819f49293fc26e7f9787fc368c4d35cae92747f21ca1f3efd87a0d8104199416482d07bfec1281c66f565285bf672d5e7486400660c017555e9fa2bf6a4e7027f0e7e5f443ed658b75b590612abde0d80d1a26cb8bde76b996eff6a74e3dafc59eb1b584f4597a239cd839fa1f1b7bda1a24d150c4e24b91cec01ee53a3ac852a912de195a3c29dd7079aa7e88aa81e9d31b8fccd435eda113c3f82458b7f7933572b776753c92240cc036158a4ba0e56efed53ecb53fc093fead14343485ae5d9105bb163f262514e48be74159c9fabcb71d1a4280d9ed70d7e42b75f7fdadd02d69198f5f465bf604cb4254417bac3714b3a99e6f1acec9e3b3d097f972fbc36f2eda3926d56112d4e9097d89bdc35937b9a3158e7cdd5da401e180d3ede6b1ff02864192eb729781534f4964ddf2af11800d8b5b6d01b209aa3369366c19a28c79a87d2174ec22fb1489a6755c348a996d0aa56e0f60d58e26befa23a86bef4e3529512e30a9d1c5e4885018cb97aeb7c93c5c41caa34236575c226f3b235eddba364e285b6e352707bbb3b339bbf2a63a9cb9bd333a77e79bd58a48e14ce5886ed0cd07c2d165a81b5e6a31a8ae7806bcf2e0c4ec29a967725e577f1741ee68f345f5f7ab0fad31c8b4b18b431c4977d5c584004b45f7cd1961affe8738e24c382610efe998353d7ebaf919b279bbb691c3052b8b2c5f09808ef3a6: +bab3ff7a4448d8a03d8acfdb913f77fe77804395c3e54ec235117927e32b50d554975e35e5b1d0323f2d6fb5c6158bf6654b084f76bbdcfd72349229e8e4a6e8:54975e35e5b1d0323f2d6fb5c6158bf6654b084f76bbdcfd72349229e8e4a6e8:b647b67cf01c2cacc39de5969e199be6d9320167a4cebbf1625950b1e6b7adf5ca24d1349568865fbbfd90f513f05f79f70a63a23873dc7a195d4b285a08f30ee061d0b8e6b4d6bf9b2ecf2c69f3d5a07a6730537cca4a4e4c7ee684702bff883fab8bcaf89311c5498bccb5a0f7c8d49b54f482fffbca6e7da262452ba59a57a6879d81b73cd7adf72a3be28a373cd63310408461c21b907f63e086b292ff02833e8a2f46adbd671d02b03a69aca2e11d287c522a954520442ecefaa905dbfcc8254c58c3954a89bf56cbe01ad5631971eb39eb432a854e691929df7e48b900ca6e740accf578b31795b49a6ca774bd8b993106a9c4948c18714948315990a5f191692420f289328ab713ec19b7ea894d16e6476100871cf3168e4f935b5505d1ed5b0aa29be36fa3a346ac3e76f143c46ca69123b79c36399a0d2ed302772494adf442bbafbc4d01532692c7859df04d2ca78ba55d77fdf3e5ad993786a24cff2199bb49387873cc414b4cf1137abb7e94ae3ddbf97f534a18fc5ae58523a3cc52283dc7b016f31cd6557981c5076c774f303a47c427870e207ed8bd66640ff092db503fa124bfdcf020051dadd106dd245840b31910b8a9060d5986f02b60aa5e33b4d7550912cdc5776c772aac93ae19c73b7ecfca389e627681a8781eb47d84e93460ba891d3ff6eadf8f2a903c383474beaa42b90e032236dcd898d02a40efb44e47ead52b75b09c7da1cd6a2dfd4d1c0452de69f6acac1a68dd78daf972ae260821e2ec522fb5749bebe0adb452bfa4faa1e97911c1299f16568d68eef405f4b1cdacabed59f7b0fbceab719a34b299f58a4ae8154f98f4d9f4f140b1f085006946725e7c29bb0bc6ccf2534497c61d4c1612624a61d70d26c3efb7d7c351848657f7f8eebf8b990747740e6f910c97cef150375765c8c0b3b449c0d09d66f008e67cfa76ea2b6808b6fe632eafe0587f37e36be98dcb17a3f4a15b65a9f6fcf9642b52522077b1fb4cc3c08df4b467ca716db16b737f782cdf387170a5f1f6a7ae0ab3f5b7c585e3b0655a6456a503595ce8eaea2537855e7f0d5061bc29b4e67daa82463c190e9fddd52f8322ddb4e0f26b68778228eb57e1a185b7025da14987d44baa767b22ee7f4c84591032e88ec12eb8c5a4b9e157ec:d6b4135fc7acb3d7cdf987896d91b8a90db584d8933a6f3029e3261ec1c390cbacfaafeff443b6da4fdb1d84c64a54560feffa2f1c7a91bde9730222923b6703b647b67cf01c2cacc39de5969e199be6d9320167a4cebbf1625950b1e6b7adf5ca24d1349568865fbbfd90f513f05f79f70a63a23873dc7a195d4b285a08f30ee061d0b8e6b4d6bf9b2ecf2c69f3d5a07a6730537cca4a4e4c7ee684702bff883fab8bcaf89311c5498bccb5a0f7c8d49b54f482fffbca6e7da262452ba59a57a6879d81b73cd7adf72a3be28a373cd63310408461c21b907f63e086b292ff02833e8a2f46adbd671d02b03a69aca2e11d287c522a954520442ecefaa905dbfcc8254c58c3954a89bf56cbe01ad5631971eb39eb432a854e691929df7e48b900ca6e740accf578b31795b49a6ca774bd8b993106a9c4948c18714948315990a5f191692420f289328ab713ec19b7ea894d16e6476100871cf3168e4f935b5505d1ed5b0aa29be36fa3a346ac3e76f143c46ca69123b79c36399a0d2ed302772494adf442bbafbc4d01532692c7859df04d2ca78ba55d77fdf3e5ad993786a24cff2199bb49387873cc414b4cf1137abb7e94ae3ddbf97f534a18fc5ae58523a3cc52283dc7b016f31cd6557981c5076c774f303a47c427870e207ed8bd66640ff092db503fa124bfdcf020051dadd106dd245840b31910b8a9060d5986f02b60aa5e33b4d7550912cdc5776c772aac93ae19c73b7ecfca389e627681a8781eb47d84e93460ba891d3ff6eadf8f2a903c383474beaa42b90e032236dcd898d02a40efb44e47ead52b75b09c7da1cd6a2dfd4d1c0452de69f6acac1a68dd78daf972ae260821e2ec522fb5749bebe0adb452bfa4faa1e97911c1299f16568d68eef405f4b1cdacabed59f7b0fbceab719a34b299f58a4ae8154f98f4d9f4f140b1f085006946725e7c29bb0bc6ccf2534497c61d4c1612624a61d70d26c3efb7d7c351848657f7f8eebf8b990747740e6f910c97cef150375765c8c0b3b449c0d09d66f008e67cfa76ea2b6808b6fe632eafe0587f37e36be98dcb17a3f4a15b65a9f6fcf9642b52522077b1fb4cc3c08df4b467ca716db16b737f782cdf387170a5f1f6a7ae0ab3f5b7c585e3b0655a6456a503595ce8eaea2537855e7f0d5061bc29b4e67daa82463c190e9fddd52f8322ddb4e0f26b68778228eb57e1a185b7025da14987d44baa767b22ee7f4c84591032e88ec12eb8c5a4b9e157ec: +486c7b436c1d43d6b703512283c166dc863e5a33802f4ea65fc738778902d014b5dc947d64337cae82122bd68cc80840596de3be56cbd0c833af3faa3adc3776:b5dc947d64337cae82122bd68cc80840596de3be56cbd0c833af3faa3adc3776:af036053672dcf3aa26e28ec6aa642ce284b896c69887dfdcf0824515eb0848d9d970ca272df77a86b3ff6ddaf3cbadd3ab6283bc37cdf7a5607d5dfc7cf96329299cc53edbbe657fdfa2ca24467050a0aeb8cffd7d33d543ec2c191cc0bce89ac37d33293b1888ccb76c28adc671a4935a846d907e4add0110febbee5aec80f9d2ff74e2af4fdbebbcf49105a6469d7380006b2ca44364814454e445e36dc0012f339c96854f836442a05a50bec907327f74ba9f6fd790ff0ad3783d297bdcca76460783703eb5f2b1f51b0a740ce7a8f00a387e3636270a971fa8f15b4496730d88add807a7f7e987cd41595a2e7435df5195576a35f5e91b2fcfac94ed5d77663783b61e6671d34838b6b5644fbc1c539fe159b7792db967e8352618ddaca0cde73437b59e7801b49eb4609b10577ca2692dd6f9d5e9d4b5e5e62c5913e7b87e6b347be6153b17199c916a13f8a885b378ef09e13cae4d8b079d7d5cb9094199b0f20533c90083bc3acb2667697eed22e3670abb4a553e995c9dd9594e592391a0004b6556544f35612c4971359577c476382ca53b3f262a5e33ed26eec809f4fdba4898a113675cb6af717db62579f3980b21463be029cb4160fe5d257c46cd6664f9861ac50fe05c144057dce2f8df1532aa7af589f41270601cef06bbe4f35c31c782bb3cfff7d5ab64a14ec417361f1d32cbd38b6bd0e02505d1416302b8505ae2a96e8d5339c346c2b0662d350259c50c5e48795914e6f88e97c811c393bdf9aec7ef82047ca28ee971c175c27e36e109727960ddf1a1b976ab44f4851607bd966808ac46d54003128297f5f4487108d6a02e7a16413d2b75ecb42fddfb669c801d23de50a6f7bf658f753c6b2b3b47c0640105d0a801b32a1943cdc15c886555eb75bb7927b93c35c5be1f98b196caac2dad991b1044ea863944d54d883abc3c6de66ed868ee84bcf9c34ccdb80fcd9cc0402747732cd630bbfa3bbe8b038dc1dbdaf436d9ac00c02d528ece2e791ee312a868feb2f587ca44db5731384fa1831142061b2ead2b80c66bd2fa5dccabe6a25f2a493feaacd231d2f409646b942a578545ea4feea9a73473f79dcf13e0c9f1b49fd8912ec487328045bd0fa228922ee6e973e61f6e93365296578dcc21c361479ee2d24879f2e9b:31f95cbb7463b87528654227bb1397bf1065b4f576808078207dfaf06d124b41f4c318f4a9315a66085b9e568a71e414ed9414517310c699946db0c976285207af036053672dcf3aa26e28ec6aa642ce284b896c69887dfdcf0824515eb0848d9d970ca272df77a86b3ff6ddaf3cbadd3ab6283bc37cdf7a5607d5dfc7cf96329299cc53edbbe657fdfa2ca24467050a0aeb8cffd7d33d543ec2c191cc0bce89ac37d33293b1888ccb76c28adc671a4935a846d907e4add0110febbee5aec80f9d2ff74e2af4fdbebbcf49105a6469d7380006b2ca44364814454e445e36dc0012f339c96854f836442a05a50bec907327f74ba9f6fd790ff0ad3783d297bdcca76460783703eb5f2b1f51b0a740ce7a8f00a387e3636270a971fa8f15b4496730d88add807a7f7e987cd41595a2e7435df5195576a35f5e91b2fcfac94ed5d77663783b61e6671d34838b6b5644fbc1c539fe159b7792db967e8352618ddaca0cde73437b59e7801b49eb4609b10577ca2692dd6f9d5e9d4b5e5e62c5913e7b87e6b347be6153b17199c916a13f8a885b378ef09e13cae4d8b079d7d5cb9094199b0f20533c90083bc3acb2667697eed22e3670abb4a553e995c9dd9594e592391a0004b6556544f35612c4971359577c476382ca53b3f262a5e33ed26eec809f4fdba4898a113675cb6af717db62579f3980b21463be029cb4160fe5d257c46cd6664f9861ac50fe05c144057dce2f8df1532aa7af589f41270601cef06bbe4f35c31c782bb3cfff7d5ab64a14ec417361f1d32cbd38b6bd0e02505d1416302b8505ae2a96e8d5339c346c2b0662d350259c50c5e48795914e6f88e97c811c393bdf9aec7ef82047ca28ee971c175c27e36e109727960ddf1a1b976ab44f4851607bd966808ac46d54003128297f5f4487108d6a02e7a16413d2b75ecb42fddfb669c801d23de50a6f7bf658f753c6b2b3b47c0640105d0a801b32a1943cdc15c886555eb75bb7927b93c35c5be1f98b196caac2dad991b1044ea863944d54d883abc3c6de66ed868ee84bcf9c34ccdb80fcd9cc0402747732cd630bbfa3bbe8b038dc1dbdaf436d9ac00c02d528ece2e791ee312a868feb2f587ca44db5731384fa1831142061b2ead2b80c66bd2fa5dccabe6a25f2a493feaacd231d2f409646b942a578545ea4feea9a73473f79dcf13e0c9f1b49fd8912ec487328045bd0fa228922ee6e973e61f6e93365296578dcc21c361479ee2d24879f2e9b: +a6e6ad2c379c6fccadb4a49b232a9142618ea30103c33c226ff628bcfd81f426f7c4323f5c419d9b3f34a8eb42ae7f1faa2333079030c5d64f9ffb1e9b16002d:f7c4323f5c419d9b3f34a8eb42ae7f1faa2333079030c5d64f9ffb1e9b16002d:2e857676a5bb1c6e9e94507f83c60a67f547c5de9e94566b197a6af6cf4752e93dbdef6b9f66d1febd957e42a7f5ad64ef1dbcc4fe69ae9525d1a4de67054c88f29c0647bacf8b82f321ff99fe9eedc992ed34c1177fc5421227ccac10feb9ced4082f5658da63714723979737e7dcbfe2e8b5d50f91dfca83e7f95f35d1ad8dd51144502f3df672432611f0e766a90dcc2a5739c805d95fe5b041de9d7fb47b4404afc803a3bd4804c7817ebc5bdfef8add9e250b50966ca8939b22b3c6ff936eaa659a240c0c848b810acecf6181e0e4db8e4cf8fcce7de559cbe8afa9db8499570911a3887e850e509cdb70debc3477d12175014f79f81ba113d0b7b335118f85cf59996f806758eb903cc450f52fee102efc01441e9ae5fae74c231dfd85eb6bad17d6b70e938584facb2172cb03bd5ea07b7f0d371ffa351c0ee4efe9ba4a3fd543874655e7d39c53ae86329802e5c385e9283a2973cab8cf7ac7ff0f91d1d48b58abfdad658d812f07881676bd226bfe957d7df30c4130a448354a6b94405a411650a9c8fc851155ec5a8a3e3b67ae0c4b5cb89bb73fc82974be62da73f0e23092937d405ba4af6cab9465ea43a6253f4457082a06ac12b75e88ec684487f9076373fab8892859d8e8ba431423aa805a220cbfda431b32b1e03121f7fd4de18591f2505cc0f5b2b1a7605fbcc63757b07e299fef5a2b7365230c2e92a25962c2e8012ad3fa9ee94882709625ba68c7b213664ae2532b609d7c9aa0e83d493dbce7632f35580e06d3111ced320dd0190441f62d9e35f50de59c272fb00f568a00b0746c33a9bd2490c074b91cddc487ef2e45a0f030e08fdc1817bca8a9ce29d29279e755debc28dfadc3c4d1b458486e3c8d0c4318e7e6f9eb5a3653b3f7c49507077cd5eb81f10b88107cc0f9316932abe9b64e8886d06856a85be63b0c2b475c0afcb0694426860fb24b5c17ab6ab7733d5e641be74fd5f6a1ff18d2f9a42770fb30750f56f4854e38d58aef18a2a61cbfb49ee576ed97737bc28df3268a334175513d97af009cbbcfdfad5039d69bb46f708867d9b3ce0bf2f569e3cfbcf6136f8870d25208b21a3edcb73393dfcd4172c1402c41f36e3f82a4ea6dcd891686ba66e14320aa0e22ba0c1ef033d662cdb860cdfa3a40f6cc532a08:07d9fc244fdab00159ebecc5a00883453f08310171769d297001e877010e3eced9fb60ec91cb4d88e7ba40c530b1f9237978ccd96d5cba9e4fa27e2a0ad9d60c2e857676a5bb1c6e9e94507f83c60a67f547c5de9e94566b197a6af6cf4752e93dbdef6b9f66d1febd957e42a7f5ad64ef1dbcc4fe69ae9525d1a4de67054c88f29c0647bacf8b82f321ff99fe9eedc992ed34c1177fc5421227ccac10feb9ced4082f5658da63714723979737e7dcbfe2e8b5d50f91dfca83e7f95f35d1ad8dd51144502f3df672432611f0e766a90dcc2a5739c805d95fe5b041de9d7fb47b4404afc803a3bd4804c7817ebc5bdfef8add9e250b50966ca8939b22b3c6ff936eaa659a240c0c848b810acecf6181e0e4db8e4cf8fcce7de559cbe8afa9db8499570911a3887e850e509cdb70debc3477d12175014f79f81ba113d0b7b335118f85cf59996f806758eb903cc450f52fee102efc01441e9ae5fae74c231dfd85eb6bad17d6b70e938584facb2172cb03bd5ea07b7f0d371ffa351c0ee4efe9ba4a3fd543874655e7d39c53ae86329802e5c385e9283a2973cab8cf7ac7ff0f91d1d48b58abfdad658d812f07881676bd226bfe957d7df30c4130a448354a6b94405a411650a9c8fc851155ec5a8a3e3b67ae0c4b5cb89bb73fc82974be62da73f0e23092937d405ba4af6cab9465ea43a6253f4457082a06ac12b75e88ec684487f9076373fab8892859d8e8ba431423aa805a220cbfda431b32b1e03121f7fd4de18591f2505cc0f5b2b1a7605fbcc63757b07e299fef5a2b7365230c2e92a25962c2e8012ad3fa9ee94882709625ba68c7b213664ae2532b609d7c9aa0e83d493dbce7632f35580e06d3111ced320dd0190441f62d9e35f50de59c272fb00f568a00b0746c33a9bd2490c074b91cddc487ef2e45a0f030e08fdc1817bca8a9ce29d29279e755debc28dfadc3c4d1b458486e3c8d0c4318e7e6f9eb5a3653b3f7c49507077cd5eb81f10b88107cc0f9316932abe9b64e8886d06856a85be63b0c2b475c0afcb0694426860fb24b5c17ab6ab7733d5e641be74fd5f6a1ff18d2f9a42770fb30750f56f4854e38d58aef18a2a61cbfb49ee576ed97737bc28df3268a334175513d97af009cbbcfdfad5039d69bb46f708867d9b3ce0bf2f569e3cfbcf6136f8870d25208b21a3edcb73393dfcd4172c1402c41f36e3f82a4ea6dcd891686ba66e14320aa0e22ba0c1ef033d662cdb860cdfa3a40f6cc532a08: +9b6d7e28eb051597324dceb7a18941246725e88d53ab2c34771105330cf1f4ae8872a50b5fe362f8ead1d40e2045f0d40b2e7b50b59d8090bc47ad68ebee09ed:8872a50b5fe362f8ead1d40e2045f0d40b2e7b50b59d8090bc47ad68ebee09ed:d1e1987bff65f62ad67624c6657924f5d673b7824ebe404026c0562ded3143440be637f98c9e01a6afdfa9a47dd49c7cba6e3fd23e4552f7632b14380b27cd3e9606cce350f152ab126bead0a5d3bce4d42092d934c8ca337e987e11d86cfbfbd2acc3223bd16744a927728f485372175cc694df30a73f9d33765ff014ef008d5863210338cc3482cc27ea317eec921b0c568c38ab27c4a564e802b1b94668c651e20a0b55f3a79d215fc3a0d04904010932c4cc68c2a9e7d00e5d38d82df55206bab95cf697bebc7206eedef6fd18d9a20c2cbb285b00efa769a08dab2b3abadf00d198b4f192dd44bcb91431823ae6fdf98458eca39cd29263f0999303e70dc694fe01c53a11c1d1c34c1ee5068a201dbe7e1008d764358968b402aa398549507f7bd1850800e411b1c4e28ddc04a859e179be8ad7e6670e509db027ad7e517e4425954f5a807414a6da267a764e712a998465064982d851a265ea3c4dfb74f992a7cccd9a82687fa61c322c4f589e86b8825213bfa951dae6af354ace18f073995adc95839dac0165511d61753791a53e48e3a8273d44823d2596f2a2db2e5f1ae597221ba7f3ebaf4a7b2888395002bdaff51fa54bfb979de1031404ca7789fe095d4d17f07a35556b10fe8e1417c8a6a631c2ed36cb7a0e6181776289c344814d42131a73b12faa35d77814c681a601374ba71cb9ad5315fad42d3acfc7c1d628810256daf7d8c3c9a2e5bdcfb770082fa638168958523a1c3b035dbc6d5adf26df89a7ccabed3e7dd377c16da841f13c6894d43cebb4e39022f1ccec2274445c78b3adc7bbf70d890b80236cc4468f9569c59a7e33b570e670380d244e4e310e11c392f1e334054b92c8386c161ce04109b037bd628d919dcb62da1435bf94e88b0a8846d486d16778f7a3b880e660f441fdf86e56b8aa0661f55aaece27f9ddaa0e2a22c215b040539726b9853915a1592dffeae32d7b5b67eb6205bb0bd7279f788d5f833c4066780ca0a42d3e4e1aa22bd06bb5eed89b9413771ecab644ca72d1291d00f740901a7311dc036715d23ebd9a59891628f0d87ed489502f06d75bbd11cd1602a35ee7e13335d6a144b08830e669c02e652f3f100d393ef9b4ac05321439bce6ce36ffc5abca890b8796ccb5e16303559c5d9117f0f31d:c6dc5ca1e8560015b493afe2666ccf6fefa803d8526c837fe7f123c7991427ab030d7c770e45f6de8481523b94ece97f3f161cf5b8c7aea39f5ad826bf8d0a02d1e1987bff65f62ad67624c6657924f5d673b7824ebe404026c0562ded3143440be637f98c9e01a6afdfa9a47dd49c7cba6e3fd23e4552f7632b14380b27cd3e9606cce350f152ab126bead0a5d3bce4d42092d934c8ca337e987e11d86cfbfbd2acc3223bd16744a927728f485372175cc694df30a73f9d33765ff014ef008d5863210338cc3482cc27ea317eec921b0c568c38ab27c4a564e802b1b94668c651e20a0b55f3a79d215fc3a0d04904010932c4cc68c2a9e7d00e5d38d82df55206bab95cf697bebc7206eedef6fd18d9a20c2cbb285b00efa769a08dab2b3abadf00d198b4f192dd44bcb91431823ae6fdf98458eca39cd29263f0999303e70dc694fe01c53a11c1d1c34c1ee5068a201dbe7e1008d764358968b402aa398549507f7bd1850800e411b1c4e28ddc04a859e179be8ad7e6670e509db027ad7e517e4425954f5a807414a6da267a764e712a998465064982d851a265ea3c4dfb74f992a7cccd9a82687fa61c322c4f589e86b8825213bfa951dae6af354ace18f073995adc95839dac0165511d61753791a53e48e3a8273d44823d2596f2a2db2e5f1ae597221ba7f3ebaf4a7b2888395002bdaff51fa54bfb979de1031404ca7789fe095d4d17f07a35556b10fe8e1417c8a6a631c2ed36cb7a0e6181776289c344814d42131a73b12faa35d77814c681a601374ba71cb9ad5315fad42d3acfc7c1d628810256daf7d8c3c9a2e5bdcfb770082fa638168958523a1c3b035dbc6d5adf26df89a7ccabed3e7dd377c16da841f13c6894d43cebb4e39022f1ccec2274445c78b3adc7bbf70d890b80236cc4468f9569c59a7e33b570e670380d244e4e310e11c392f1e334054b92c8386c161ce04109b037bd628d919dcb62da1435bf94e88b0a8846d486d16778f7a3b880e660f441fdf86e56b8aa0661f55aaece27f9ddaa0e2a22c215b040539726b9853915a1592dffeae32d7b5b67eb6205bb0bd7279f788d5f833c4066780ca0a42d3e4e1aa22bd06bb5eed89b9413771ecab644ca72d1291d00f740901a7311dc036715d23ebd9a59891628f0d87ed489502f06d75bbd11cd1602a35ee7e13335d6a144b08830e669c02e652f3f100d393ef9b4ac05321439bce6ce36ffc5abca890b8796ccb5e16303559c5d9117f0f31d: +7009edd0795096edc4fed55a17ccf484131e608c6d5d6696bf3376e26924959b77574bf069527145e72d3e85ce7d4fcd671a33e0a71e6bf0da7ea471dd6e86a4:77574bf069527145e72d3e85ce7d4fcd671a33e0a71e6bf0da7ea471dd6e86a4:b12c12470539547c2de6bc4eeac7b63e508ed710f35637d9fdd2dcca322a7a5071dab2b2845e30792806035c9fcdafe2783e3b677d6be5aac70b33910a2b95e8b5d59bda615935a417b7ae19a7853774e89a12aa547b4192979a01ef6ef32a40de79d680057a83a074617ca6501f59e73564927c38b58c19585a2c03659c026e4de3806d6c1ca8958dee47bcb889e76d2c3a9ab5b8b6afb2e842298056567bf9b58957415483336233ef4920fa57f496e1f0348cca20366496fab3a75bf4214ece47a45feaa1392db3f254d96a7f37402c9811140d7358b4ef8f20a298eeef904e37d68f378d33cb96d00c03109fc83fd06a876c92482f61ab7914eb7c2e5e84066e0e91e21e42e9be23df12b5c747973cb86442c32291d3d1ae719b36a62faf3abaa2053a313f625d85c51a5198571915ef8a2b199ba37d25884575ba1b72844cab4328b57fab1ec974ee8ea1df7ca9c78a4d3a03bcb0ab4169bf06a3a438d9566c6c501d8d9ccccb1ac26b4da4ae1a9d8e8b9df662821ad975c9b015fe26f6898d22ab912f0e405a5b27cfd39d657dcd92cdebe6791902713484406dddce71188731e44319381af27daf76792273b8c35251d11b836afe8b3ce9b40273f6915ebe6bc95a75bb941a429209867fba8764bf6c40db6eecb4f21747837cf6ae7fbfe36d5023df7fce2c0c3c57af2898885313c5c4bda35c7da6cb29932fb1991f62bbb080b32e2050619311ae69abb3022d913fa9eabd5d5cb4dc54d75dca638cda9af331c0cf4d2007b6ca39f655a61c01039f12a4b9782bc39aec4d22ef0093388dd7d5b56dfb8a7f9d8669004e2878dd8a6d76857c0845245068fee1c5319631e78d3785165c70afd65299301378551ebf613584c6a7620a0e3b6779f38c0940062497008eb233870868c21cccac239501b63b749a85602c28a095cafc749b0511a6c878edb3b780ea174d07b121e315a826dda6ec8dc54363e2cd2e6305a194825c0ea90efd7a9fd89cd97b99c4300bd3bf9353d82fbcceea71b4ee3f1aae9539b4cce90ca477597c174ef20f4b9f4e62d09a570d3135aabee9551fa60983958c0b7b8c3744553ee14e7f3cd103a19251c99bf6384abb60a76afc6658b80dfc5110adc4c732fe0ee32933fb284828e008887aef80f6f813340446c0217c12ee:b701b8f9a434e06d719ad25dcc54060c7986647f44f3884bcb6e5ee1d7a446cc265cec029b537da7f2523326558ac9ba34f4cc2a97cca3452e70562e7a8f5504b12c12470539547c2de6bc4eeac7b63e508ed710f35637d9fdd2dcca322a7a5071dab2b2845e30792806035c9fcdafe2783e3b677d6be5aac70b33910a2b95e8b5d59bda615935a417b7ae19a7853774e89a12aa547b4192979a01ef6ef32a40de79d680057a83a074617ca6501f59e73564927c38b58c19585a2c03659c026e4de3806d6c1ca8958dee47bcb889e76d2c3a9ab5b8b6afb2e842298056567bf9b58957415483336233ef4920fa57f496e1f0348cca20366496fab3a75bf4214ece47a45feaa1392db3f254d96a7f37402c9811140d7358b4ef8f20a298eeef904e37d68f378d33cb96d00c03109fc83fd06a876c92482f61ab7914eb7c2e5e84066e0e91e21e42e9be23df12b5c747973cb86442c32291d3d1ae719b36a62faf3abaa2053a313f625d85c51a5198571915ef8a2b199ba37d25884575ba1b72844cab4328b57fab1ec974ee8ea1df7ca9c78a4d3a03bcb0ab4169bf06a3a438d9566c6c501d8d9ccccb1ac26b4da4ae1a9d8e8b9df662821ad975c9b015fe26f6898d22ab912f0e405a5b27cfd39d657dcd92cdebe6791902713484406dddce71188731e44319381af27daf76792273b8c35251d11b836afe8b3ce9b40273f6915ebe6bc95a75bb941a429209867fba8764bf6c40db6eecb4f21747837cf6ae7fbfe36d5023df7fce2c0c3c57af2898885313c5c4bda35c7da6cb29932fb1991f62bbb080b32e2050619311ae69abb3022d913fa9eabd5d5cb4dc54d75dca638cda9af331c0cf4d2007b6ca39f655a61c01039f12a4b9782bc39aec4d22ef0093388dd7d5b56dfb8a7f9d8669004e2878dd8a6d76857c0845245068fee1c5319631e78d3785165c70afd65299301378551ebf613584c6a7620a0e3b6779f38c0940062497008eb233870868c21cccac239501b63b749a85602c28a095cafc749b0511a6c878edb3b780ea174d07b121e315a826dda6ec8dc54363e2cd2e6305a194825c0ea90efd7a9fd89cd97b99c4300bd3bf9353d82fbcceea71b4ee3f1aae9539b4cce90ca477597c174ef20f4b9f4e62d09a570d3135aabee9551fa60983958c0b7b8c3744553ee14e7f3cd103a19251c99bf6384abb60a76afc6658b80dfc5110adc4c732fe0ee32933fb284828e008887aef80f6f813340446c0217c12ee: +12fe8e5ce20cafaa3279da7b34aa87752ead679f156128aaefb4afa5db4f2a6fe77f44206bb0c4c59a2870cfc2ecac63362deecbe8115de5cb1afc2d9a3d47f1:e77f44206bb0c4c59a2870cfc2ecac63362deecbe8115de5cb1afc2d9a3d47f1:6b80cc6fbbd332f8c6197cdf2e6dc19a2130faa2ec938ef558b884ba4fa5e113e5b3e4b1aaf51b695f13effe13f77d39cab3c07d04d66d430d9974b1da3d39df1278c00d6bcbfd4bae75b8c076404dbbb83448fb493df67000f97d247e8f23dc081fce992b65a21b35d7bd7fa7dccc54a560afd14b1ec436c10946f6aa59eae1be3ecf311def51e46b6b4d1d080d1784b2334b80cfba72cd931f55ecd298b05dc836ab12d0ad8b5d6e9b1e3cea3d843368eef19f5c14c6bbad9414cc7a4db6a726e4fcaed44440a019fe12a60573403c0e662dc902d1c873ff30c931ba7e43a3b3bf71d5b094ea504971647ca94356f0a53e444b4c008ee5977204221b400deec37fc273452545f8f218be988725bc38c85df212ea73dc0bc7cbbac907982fefad680fbd975c2093a7fe8e6b37c1cced87f81daa57291a5a18476d11a18ec4b5cbce5d55ac9b624b048430f254f671078506e6989df7c09256525039085ab7c130c240004abbb3af6b481cc1a0617e57e388ee4b1f052f34a003fe6bb202cb87d2741bd8e3454ca73d2f612011ecc74d88343510a63c9313ddc36c25d3fb03e188f560bd029c801585ce552988dc55b7d8522a3396c01d5e715ae26c622c64fed5b98e9c559e4aa78d1ed3b7b890d477ec8c50a0ff107a3f83b07bd35e9ce9a08bcfc0f168eec7aa311f71c66a71ceb9d5a2199a14be36865ca8d07e186b1392b9290c578004d584f191c82a53d850890bcc0d12dff840e043dddc2e670c836020924f58c044b218763ca61982bc332d247b2a008ab570b6565a06892a26cfb0853d79da28ef8b910a9329544b792ae4456ba7765066b9d1b4a300210448660ae48b504441017cddd1f6f00938b1072c8ab824adfe8ae34923c82eec754bee1a6550ab1d3da086e3aebbf21169c44469e03bbae0d72ce863457784cfe1dfc276f1afad9ee53ebab5a3c6572eb1cae099a4a5fe19319290e6a1b8b0e7541ed735b3f21b1e2c7509f87fd1fed00007479b3c1bb78432466302d246d8d031996307260a0c41a0e3ecd1e7fd834dac11a13eb036b39c369966fdef394c183e54e7b0cb3d0ceb198bd0e66c00d38db703aace30cbbdab369dfd1d9e514d0968f100c9f07c315089adb3ad02e59c04b9be46e99fbf5a62c6bbecdff5b381e55127824ddb18:04eaf900966e0992d36e3c220a4bd4d82bcc6eb998ed051dbcb9160bcd357409736bcff7e6630e96f5538aeca6ab8b0d0bd82c0cd7c4549917febb9cbada080c6b80cc6fbbd332f8c6197cdf2e6dc19a2130faa2ec938ef558b884ba4fa5e113e5b3e4b1aaf51b695f13effe13f77d39cab3c07d04d66d430d9974b1da3d39df1278c00d6bcbfd4bae75b8c076404dbbb83448fb493df67000f97d247e8f23dc081fce992b65a21b35d7bd7fa7dccc54a560afd14b1ec436c10946f6aa59eae1be3ecf311def51e46b6b4d1d080d1784b2334b80cfba72cd931f55ecd298b05dc836ab12d0ad8b5d6e9b1e3cea3d843368eef19f5c14c6bbad9414cc7a4db6a726e4fcaed44440a019fe12a60573403c0e662dc902d1c873ff30c931ba7e43a3b3bf71d5b094ea504971647ca94356f0a53e444b4c008ee5977204221b400deec37fc273452545f8f218be988725bc38c85df212ea73dc0bc7cbbac907982fefad680fbd975c2093a7fe8e6b37c1cced87f81daa57291a5a18476d11a18ec4b5cbce5d55ac9b624b048430f254f671078506e6989df7c09256525039085ab7c130c240004abbb3af6b481cc1a0617e57e388ee4b1f052f34a003fe6bb202cb87d2741bd8e3454ca73d2f612011ecc74d88343510a63c9313ddc36c25d3fb03e188f560bd029c801585ce552988dc55b7d8522a3396c01d5e715ae26c622c64fed5b98e9c559e4aa78d1ed3b7b890d477ec8c50a0ff107a3f83b07bd35e9ce9a08bcfc0f168eec7aa311f71c66a71ceb9d5a2199a14be36865ca8d07e186b1392b9290c578004d584f191c82a53d850890bcc0d12dff840e043dddc2e670c836020924f58c044b218763ca61982bc332d247b2a008ab570b6565a06892a26cfb0853d79da28ef8b910a9329544b792ae4456ba7765066b9d1b4a300210448660ae48b504441017cddd1f6f00938b1072c8ab824adfe8ae34923c82eec754bee1a6550ab1d3da086e3aebbf21169c44469e03bbae0d72ce863457784cfe1dfc276f1afad9ee53ebab5a3c6572eb1cae099a4a5fe19319290e6a1b8b0e7541ed735b3f21b1e2c7509f87fd1fed00007479b3c1bb78432466302d246d8d031996307260a0c41a0e3ecd1e7fd834dac11a13eb036b39c369966fdef394c183e54e7b0cb3d0ceb198bd0e66c00d38db703aace30cbbdab369dfd1d9e514d0968f100c9f07c315089adb3ad02e59c04b9be46e99fbf5a62c6bbecdff5b381e55127824ddb18: +ee9b6c2e0c9b01472ce32d54d1762ab0303317d76d3aa78f5e08a9024ca1e083016df0f717bcb7adf626958d83bf8aa325c70518c68bc7efd84253b75db08788:016df0f717bcb7adf626958d83bf8aa325c70518c68bc7efd84253b75db08788:772cc25c3b69bb3ff5655664efa478ac414adfaea70ac4a2a887ed3968c54d34dbf1be32cc9a9b5420a4ad3c9a877bc8ccec94ad473aa7a3c7de08a0fdb5ed1e89872be78170be221d279776bbc6ed9c5a67168980d5eaf895e1340f5dfaa3df622d6544b399d74945fd13bb1173621e0561514640137aa7bc9cb7debeff2c626977d447263b7e57d43d69efb230cd25865e4d924828f5e36f964e403e3493f30d6dfea6ca3b781075b5e3b25c05ac50e555f15ba12b0e059bff996484129db6eafd88993d6f0b7ecd15dce2fc99f8b8e43516352ddb461a04b9ff3486452e6aa6a54b2d1062a7714250cd2a88ff6c4c17b6cc6652d8c5ac27d4443aebf3d5fbaaee4521ec76f0413db64421ec8d6949626725fe56160ab307c0e73906c45155efabb47222021f220d32bd3db0712abde2599ea4ff799717811dcdf8182df6716d2a038aee15d778da55ac20f01f25309cead5b5b7b22322e1828ea7c91ae666f2dcd684073148e31bb2247d5f93506ea8085227adc9ae1982e950f006a9da158b9cecff8929761c84f9d976fdcd317ffed36cbf6acda3e50c9b73bd2c8085409d119b64ced7349a2674262a832becb03c2edccac0ec54124e82f810181792da49ea10bd941f9895a06959fde0d3b0ae84c39df05390ab33c36c79ca22e6594d7fc6e3f86922d78eb7f5c25495d822a3b41051b24e57a76fcfc165cde6d096cc7b7e9d055fe864d52942d629a8ac261be1dcd3a21f895f49b67ee47eab7cf1644d571d5ff38c179f5c6a54a3612fb34753412a1b95bf62ff3179804ffbb99051f2b080563a4ae0f27cf996ea8be3bae0a4339dccdff6b6671559266eaff4eff682b8dee89c9d2d45acdbec4aa6cecdbdb1d284609e65efb77bb8f1a51fc4d4568a705fb9c97b2303c1467dff8c8c5ee27559b93ad1c5b9c5c6c7c529fa8c55c75ebb59b2a818aa9bda1e9e79bc66029772f8aea11badd3226565d54fd01bda8cb270e70dc9339b46900b5818e932075be6c28e73a191d02cbdc7454be12387b0d47a1ab14232d2342a6f1518ea97098b815a1ca3f9c70b25722b1bcd7dacda635622fc8e72959f57f767ea563da4c158eef7200109f61416c2e70439923062437b1d082a8c7f4394713c1b7ba0587b841c114475ee3ff059df8cfa12a321d901cb47f5:4b001d9642835d72138d680198e6af70b5de7af015131ea726f4e51b5e8b6d48c2a6ca8e8709cc8222a5047c09a66e518ac5e8b6e53548948261f0701f687308772cc25c3b69bb3ff5655664efa478ac414adfaea70ac4a2a887ed3968c54d34dbf1be32cc9a9b5420a4ad3c9a877bc8ccec94ad473aa7a3c7de08a0fdb5ed1e89872be78170be221d279776bbc6ed9c5a67168980d5eaf895e1340f5dfaa3df622d6544b399d74945fd13bb1173621e0561514640137aa7bc9cb7debeff2c626977d447263b7e57d43d69efb230cd25865e4d924828f5e36f964e403e3493f30d6dfea6ca3b781075b5e3b25c05ac50e555f15ba12b0e059bff996484129db6eafd88993d6f0b7ecd15dce2fc99f8b8e43516352ddb461a04b9ff3486452e6aa6a54b2d1062a7714250cd2a88ff6c4c17b6cc6652d8c5ac27d4443aebf3d5fbaaee4521ec76f0413db64421ec8d6949626725fe56160ab307c0e73906c45155efabb47222021f220d32bd3db0712abde2599ea4ff799717811dcdf8182df6716d2a038aee15d778da55ac20f01f25309cead5b5b7b22322e1828ea7c91ae666f2dcd684073148e31bb2247d5f93506ea8085227adc9ae1982e950f006a9da158b9cecff8929761c84f9d976fdcd317ffed36cbf6acda3e50c9b73bd2c8085409d119b64ced7349a2674262a832becb03c2edccac0ec54124e82f810181792da49ea10bd941f9895a06959fde0d3b0ae84c39df05390ab33c36c79ca22e6594d7fc6e3f86922d78eb7f5c25495d822a3b41051b24e57a76fcfc165cde6d096cc7b7e9d055fe864d52942d629a8ac261be1dcd3a21f895f49b67ee47eab7cf1644d571d5ff38c179f5c6a54a3612fb34753412a1b95bf62ff3179804ffbb99051f2b080563a4ae0f27cf996ea8be3bae0a4339dccdff6b6671559266eaff4eff682b8dee89c9d2d45acdbec4aa6cecdbdb1d284609e65efb77bb8f1a51fc4d4568a705fb9c97b2303c1467dff8c8c5ee27559b93ad1c5b9c5c6c7c529fa8c55c75ebb59b2a818aa9bda1e9e79bc66029772f8aea11badd3226565d54fd01bda8cb270e70dc9339b46900b5818e932075be6c28e73a191d02cbdc7454be12387b0d47a1ab14232d2342a6f1518ea97098b815a1ca3f9c70b25722b1bcd7dacda635622fc8e72959f57f767ea563da4c158eef7200109f61416c2e70439923062437b1d082a8c7f4394713c1b7ba0587b841c114475ee3ff059df8cfa12a321d901cb47f5: +a3d23505d07c5f937f13639dbd818e85145234ee7017ecee8636c7ba76ebef5bfd7fdb3d022ba36eadfed0daaae5bff04505403f171473e4d361ee8d150a0eb4:fd7fdb3d022ba36eadfed0daaae5bff04505403f171473e4d361ee8d150a0eb4:bc298ed69892904028725e21b114462d89d8c006dc884b178756838af4954ff0f1b79517307a258a0e7681e879ac47d7920230b0cc1d66171eb214d77cd97f617c405e6c2172fc589f1625cc5e1b593110531f6eb53f1e6f486d1964612447750a041fe51b332eb3fbc711616ce35f040442b43163b80b751e21ec1245f12e4883c79d3b413282c69bfc6a465d1e7896bab038dc89b4cfc032fccdfc87b07f06110e1f506acca8157a322543bf1ed8906727f28d0d689bcd7dd3df85935204a904ab3f7a0d99c16e5a542cc2bcdebf5b502dbabe33b972480e02e71a438a1980a8766f108bd8ad51104223994d9bfb3c3a4b7a59238ce2ef7d7288383ffbf291e1602b384af60700d7daf0e8fe60f8caede43db06b3f4c8cfff749aeafa46fc61c49b2d5a41204cf86f049254d809e9498aa9d4cfdb94acb2babfcf786ddfb03691516b3838b0d4f201cb2591edbb0b0f674e1e2820316b72e81b48cc5a6b29338bc36681f8f7dca43ee6c0bd2e402afbf967797516453bc01be86bf42299d1b736a0d97bbc922f5a78af2df42e6f8c28e953f2ceadaffc5e93064041e425ad6975f88c7aadf81c368691a581e885f2a6ba72ed68b8fefbcd6ce368626d44892a20270b5f709c2e34b8335d42eebd67a24df73f45455c41944187b6692f054b2fc9591373f19fc71aa7fa27df6006a1d549bbfae7d3c3eb36e5ab2aaa10aa5538da7ef36c8ff354b6058134004d660a4036321caad00a30b1c498ba3d808c4405ef79618fc2212a7b83396a3d7cedceb863c66374dc469ae183c7ed74b3e70d6374a062de0379b21cf25d3c4c5762115cdfe755545e89ad4052bb0279d938e90de3abf504410caad72b7c29f53d01d9dd7f2ec5e459a04592bdd66416613e6edd004569e0e6c98827b8c1d7002a6d1bf303e18259501dd89f6ee94766d18af810463eb13b2efddf1723af735a88716e1fcb4b7b43cb97e1cc903b2408ef453ada4164786f00845fbfa1ffca5cc3e1c4bd9940e7d99aef919166d058b51453c9c14fb9f3251ec5fe4f153c70a4492dc3496296186f23ad47ebad13c66e68727ce50ba9487f1801890b693efebfc37bb5d95f8af548ec8d6498289e55f9883fc5be84c256d2bc5484938c709820d9b6b8059c0aa4267dde69078e487c8865c0b130a0ca8ca:67a667ee0d6254ca0a8f212582c0cb8b6ed97cc967db021296ad6aa99f0ad3a944978cfdaff13fe5f8c6e88cbd831a5473d0742e3734b3e2df00ff3240a5de02bc298ed69892904028725e21b114462d89d8c006dc884b178756838af4954ff0f1b79517307a258a0e7681e879ac47d7920230b0cc1d66171eb214d77cd97f617c405e6c2172fc589f1625cc5e1b593110531f6eb53f1e6f486d1964612447750a041fe51b332eb3fbc711616ce35f040442b43163b80b751e21ec1245f12e4883c79d3b413282c69bfc6a465d1e7896bab038dc89b4cfc032fccdfc87b07f06110e1f506acca8157a322543bf1ed8906727f28d0d689bcd7dd3df85935204a904ab3f7a0d99c16e5a542cc2bcdebf5b502dbabe33b972480e02e71a438a1980a8766f108bd8ad51104223994d9bfb3c3a4b7a59238ce2ef7d7288383ffbf291e1602b384af60700d7daf0e8fe60f8caede43db06b3f4c8cfff749aeafa46fc61c49b2d5a41204cf86f049254d809e9498aa9d4cfdb94acb2babfcf786ddfb03691516b3838b0d4f201cb2591edbb0b0f674e1e2820316b72e81b48cc5a6b29338bc36681f8f7dca43ee6c0bd2e402afbf967797516453bc01be86bf42299d1b736a0d97bbc922f5a78af2df42e6f8c28e953f2ceadaffc5e93064041e425ad6975f88c7aadf81c368691a581e885f2a6ba72ed68b8fefbcd6ce368626d44892a20270b5f709c2e34b8335d42eebd67a24df73f45455c41944187b6692f054b2fc9591373f19fc71aa7fa27df6006a1d549bbfae7d3c3eb36e5ab2aaa10aa5538da7ef36c8ff354b6058134004d660a4036321caad00a30b1c498ba3d808c4405ef79618fc2212a7b83396a3d7cedceb863c66374dc469ae183c7ed74b3e70d6374a062de0379b21cf25d3c4c5762115cdfe755545e89ad4052bb0279d938e90de3abf504410caad72b7c29f53d01d9dd7f2ec5e459a04592bdd66416613e6edd004569e0e6c98827b8c1d7002a6d1bf303e18259501dd89f6ee94766d18af810463eb13b2efddf1723af735a88716e1fcb4b7b43cb97e1cc903b2408ef453ada4164786f00845fbfa1ffca5cc3e1c4bd9940e7d99aef919166d058b51453c9c14fb9f3251ec5fe4f153c70a4492dc3496296186f23ad47ebad13c66e68727ce50ba9487f1801890b693efebfc37bb5d95f8af548ec8d6498289e55f9883fc5be84c256d2bc5484938c709820d9b6b8059c0aa4267dde69078e487c8865c0b130a0ca8ca: +6e265105ee7171d1bd793effd87d1e2c79450d5e188b57be3aa162e2a52528ad1f403c7a755031c13ca63af57635dc6e2c4f23bd6b1d67ca65da68b09943c554:1f403c7a755031c13ca63af57635dc6e2c4f23bd6b1d67ca65da68b09943c554:f8b9d4b027ebb10ee511819e6e56fb1ba9584018418d82885a38a449086007b8785b5105caf782bf9b36da039cc60e227c7e1614f29b640b1e9b22747eea7a6725614e89e0783ebebbb7ee557ef36b2b46cf6461e5be2ad1d7a7c2711a475ca4fbc33092ba425667e34d090060518f2fec636b049123876ab21c8bd9c50dccb984ca011a02eea020564fa821fc362bfe392aab50c273fc7b5a042188e331621b9d2f743e5c8cf3ab1faffafe2a0004c8ef7cdf5e6dbb5eb544e4289f71a6fd15c638ce29d28efb9c039e477429a3497a83827e76ce77a49816d90b41a8e152f37a09e6340dfe069a4ac6f27dd2eac747fd21e3152088c1b1ecd32ac679927490750488c291785147b63b0b8ff11d189b9049b8a396b6932f85bd6a15eff9f0ce1808411af0f9c8e6e97b814f110bd4df1386a9797dc511f0aab6ab65071d9ea836532cec51b92ca7fbdb8de1c8436658de2eb65edd86044f6c1aba3178647ad678612ee74f046ca3c7fe2f39c09dd2e07df2b4227085fe936e794d22fd5f40a25f08771580ac801d9889f5a76aeae1f0cc4a9e1edbdda3750c74c850524b32f44933fd883b5372bfb7e761e069fe7c1c0e7fbd4a7f58467ea6883f9d5b7f66d386b0499bb6fb5ead89c9a1fd2cceb973e2879b5d03eaa452e16022d59617daa0486f4d4c117807fda8499dfb7a286fd2f71a8eb5fe64065c41e4e1e2362ab4e477969e3a408a247e3a56fc86f2b01ef8d3cdda87258234bc7f25b66907f364b37b6245296c4fdf499f20237f4864852fc5d8cd5d05418be8b13859ee9a43e17e1f57a4c35ea282ed68ebcda6828174245a49c6cb6590eb1f2dcfb007bfa1c32077956da9acbe3ef0723799fdb869d8de30706a9c026814d16a01e033c91b59070dfe445c5b848a516612e5131fe8486921e36b8e7ef157a88822886c681b5da71fea94d957dafec26f4147a3b2ac383a5f47c8585eb17a8ac65790641b4218d755f8bea4d97ae2a45bdcdc23236294d852c95d08406d2e9bd30c326452538c1f5e5004d4a1a82720da32e59dc3ab18ea08a058f791d24418556086c1e4edce8982aa23b118fb266e60b542780a6933add913265512c07b114978d44af73b2030ec47b06fd09dda8c4f1d4e313775468c451f9ee611e9cd4c0845c2501948a7b14ef1d4b5cf:b5a83a117a60345a67e4a665f37de722a6ec03913829389959f376ee626477e654ac8d720fc727d4bb8fe1544f5d0b0b850514290b24273c4cd4b73aca4a5300f8b9d4b027ebb10ee511819e6e56fb1ba9584018418d82885a38a449086007b8785b5105caf782bf9b36da039cc60e227c7e1614f29b640b1e9b22747eea7a6725614e89e0783ebebbb7ee557ef36b2b46cf6461e5be2ad1d7a7c2711a475ca4fbc33092ba425667e34d090060518f2fec636b049123876ab21c8bd9c50dccb984ca011a02eea020564fa821fc362bfe392aab50c273fc7b5a042188e331621b9d2f743e5c8cf3ab1faffafe2a0004c8ef7cdf5e6dbb5eb544e4289f71a6fd15c638ce29d28efb9c039e477429a3497a83827e76ce77a49816d90b41a8e152f37a09e6340dfe069a4ac6f27dd2eac747fd21e3152088c1b1ecd32ac679927490750488c291785147b63b0b8ff11d189b9049b8a396b6932f85bd6a15eff9f0ce1808411af0f9c8e6e97b814f110bd4df1386a9797dc511f0aab6ab65071d9ea836532cec51b92ca7fbdb8de1c8436658de2eb65edd86044f6c1aba3178647ad678612ee74f046ca3c7fe2f39c09dd2e07df2b4227085fe936e794d22fd5f40a25f08771580ac801d9889f5a76aeae1f0cc4a9e1edbdda3750c74c850524b32f44933fd883b5372bfb7e761e069fe7c1c0e7fbd4a7f58467ea6883f9d5b7f66d386b0499bb6fb5ead89c9a1fd2cceb973e2879b5d03eaa452e16022d59617daa0486f4d4c117807fda8499dfb7a286fd2f71a8eb5fe64065c41e4e1e2362ab4e477969e3a408a247e3a56fc86f2b01ef8d3cdda87258234bc7f25b66907f364b37b6245296c4fdf499f20237f4864852fc5d8cd5d05418be8b13859ee9a43e17e1f57a4c35ea282ed68ebcda6828174245a49c6cb6590eb1f2dcfb007bfa1c32077956da9acbe3ef0723799fdb869d8de30706a9c026814d16a01e033c91b59070dfe445c5b848a516612e5131fe8486921e36b8e7ef157a88822886c681b5da71fea94d957dafec26f4147a3b2ac383a5f47c8585eb17a8ac65790641b4218d755f8bea4d97ae2a45bdcdc23236294d852c95d08406d2e9bd30c326452538c1f5e5004d4a1a82720da32e59dc3ab18ea08a058f791d24418556086c1e4edce8982aa23b118fb266e60b542780a6933add913265512c07b114978d44af73b2030ec47b06fd09dda8c4f1d4e313775468c451f9ee611e9cd4c0845c2501948a7b14ef1d4b5cf: +c4370d2aaf35acd158fc0d1622a399c99f41b9da4e970b354e5ba05cbe844ca83545d7d4c95c3db6a54530537afafa4d86ddecf9cc7e66c319ba9f7dd7d07ee7:3545d7d4c95c3db6a54530537afafa4d86ddecf9cc7e66c319ba9f7dd7d07ee7:619f57de2b1dbaee209a825d8ca97f84ee49eb12a0b13dcdd2b3a4ee45e0176d474cf09460c831a8ae1d3f39beebd08808b3ed1761213ba953421860cc07e2db312e680df03e60a6870264abca8fd51301e1c1562023d802ccd5c7d196db39fbb8304b0e59e333164192ecc333387eef69c7a78a5d11258862d6c281b19c0bd336cd3edb2f9faad4021ac2f205c16814b38548433ff9eddfd61133779769dc69afac658afc1d1b416d390ad5b45a1ad5cc4b00b4b278fbe4b59d52e61a6a5fd00241c6cbc382d2d621a3ded002019b330560e361faab28f41d1af9c9c0020f2baf99e8d8ee58e3122202147c0adc57d670c5b380af594cc7ed57b87ec6674ab63f3a9849753b9462aab5de88c948a8b109af4d4954927aac58bee953be0d8d7d71aa11d11f1a87b1477b9170bd735cfc2449f051b82bc59b0bee76a172e8d32670f51ddddb804ad110a565e384cdb76fad04cff67893091e41e69cfdf70ea926c26369a5b6193b19ab0a62558da55ffafeb8789757710644aa19f474be4ada9dc1849b07d5e17b85f921e1016a54aa6095777253a73426fc7864b9955f04907023db207f85dd21a65106cf0d622385870c34c2da9a11e4726395121e4a6761fb522229d9e5cc9dab35aeb87d0d79693c006fde1cfaf116208bba962059cfc0d2d6370aac7748362ee6a0a3ca7bf133ebcfa20f1c4ed8307f800cca7e6c4beaa3fb2ab086125364285c44ed1a737a67cbf3b763c9f8b1427e89dfa96d290e9d4842fe6316afef834cd8cd1fdc1f124ca3fe26266da62e275c0bf7fcc8e5f9bba6c0d38e23fafab1e049481794c14f4a8c53be1c96f769c9b13eaca39a0e49366d2c9ffe8f206360a9d503dec598621112e3776713e7fc0649433e257e503a546059a989da89157d76476005fd90e4b07aaf0db0bc0bc0b67db8dcbadff39374e1afae551634e0e32831ad0e5fa7d5216fa7c644f73e1e8e07238394a416c169aa9d5303f469a5d4074308721ffddeff6559e5adf0c2773b3f5264e7aaa8c2db888e28e815c71069c3b4ce6c29034c0ab3b5c19a80a9d8c2e874813531c422752ad62b3c5a1a3d6c5a5db587270693aa75d5f172eeddf4eb839bd793affb1c796a1df0e442ddf99b780aa41eea0fe6f865bb539ca53aa45db9a856cb75d0151d35edea80f2946d:9febab5ae161d692a6a394500a2890d21c7f0ee26f4640aaba4fe66b90b89edcb80ea4cdcabb4d2c3a5c4154e8ff20d0e237fefd00c7ba9782e1748f6488ac01619f57de2b1dbaee209a825d8ca97f84ee49eb12a0b13dcdd2b3a4ee45e0176d474cf09460c831a8ae1d3f39beebd08808b3ed1761213ba953421860cc07e2db312e680df03e60a6870264abca8fd51301e1c1562023d802ccd5c7d196db39fbb8304b0e59e333164192ecc333387eef69c7a78a5d11258862d6c281b19c0bd336cd3edb2f9faad4021ac2f205c16814b38548433ff9eddfd61133779769dc69afac658afc1d1b416d390ad5b45a1ad5cc4b00b4b278fbe4b59d52e61a6a5fd00241c6cbc382d2d621a3ded002019b330560e361faab28f41d1af9c9c0020f2baf99e8d8ee58e3122202147c0adc57d670c5b380af594cc7ed57b87ec6674ab63f3a9849753b9462aab5de88c948a8b109af4d4954927aac58bee953be0d8d7d71aa11d11f1a87b1477b9170bd735cfc2449f051b82bc59b0bee76a172e8d32670f51ddddb804ad110a565e384cdb76fad04cff67893091e41e69cfdf70ea926c26369a5b6193b19ab0a62558da55ffafeb8789757710644aa19f474be4ada9dc1849b07d5e17b85f921e1016a54aa6095777253a73426fc7864b9955f04907023db207f85dd21a65106cf0d622385870c34c2da9a11e4726395121e4a6761fb522229d9e5cc9dab35aeb87d0d79693c006fde1cfaf116208bba962059cfc0d2d6370aac7748362ee6a0a3ca7bf133ebcfa20f1c4ed8307f800cca7e6c4beaa3fb2ab086125364285c44ed1a737a67cbf3b763c9f8b1427e89dfa96d290e9d4842fe6316afef834cd8cd1fdc1f124ca3fe26266da62e275c0bf7fcc8e5f9bba6c0d38e23fafab1e049481794c14f4a8c53be1c96f769c9b13eaca39a0e49366d2c9ffe8f206360a9d503dec598621112e3776713e7fc0649433e257e503a546059a989da89157d76476005fd90e4b07aaf0db0bc0bc0b67db8dcbadff39374e1afae551634e0e32831ad0e5fa7d5216fa7c644f73e1e8e07238394a416c169aa9d5303f469a5d4074308721ffddeff6559e5adf0c2773b3f5264e7aaa8c2db888e28e815c71069c3b4ce6c29034c0ab3b5c19a80a9d8c2e874813531c422752ad62b3c5a1a3d6c5a5db587270693aa75d5f172eeddf4eb839bd793affb1c796a1df0e442ddf99b780aa41eea0fe6f865bb539ca53aa45db9a856cb75d0151d35edea80f2946d: +bd3de1a1d164bd6e9be0a6d107f703a6dd914c8667cd341d139f19578d933b169b024964bdfa852eb2d4144f35b7cdc26781143c2bd7f660233f8b8aa36071ee:9b024964bdfa852eb2d4144f35b7cdc26781143c2bd7f660233f8b8aa36071ee:1769fcdbf51247ed4c83a00bbbf02f4428da6fceddd0161a02fccd1500970665e1c7630ad22e3d9749c792e71a260cfff6053256e02f5b47bba14b761ae53ca7219ed2801d2d788e26419f36c81ef92c2303683735c8a1756adab6a487923153e435603c96b239553edfdeb093298f7ae7dc90f16a7e5664b9e4c02ba731a23cf2234e250ac9742633a932a948bb83dc3d794d059fedf4ec8618c7433c5d8fe5e62cf07b5768c4d9b261c71536804fe2e7ca7098876521d57677361424e47f1b959237f90710421f5bc4f109f7d489c755e94eefdfb3c85b90ec013181a23bb9535feea4941d0a06a540bd6b588e55b7f35757149ca3e640965e1a0ff7f3c8259259957ff5dab9fb8732eae719b624a4492878179b5a83abe51caf02083d737ceb4fcf042f2e60ba0297ac72b87fe3e14ba5fbc54b48091073896823bfa289ce8e16873b48812c32bfea5ff6bb221d1ea5463d325bbe311e7fd1e783de650b7952eae461d63bc7470522af5b7789f8fc2eb192d2cf776c5c24b44e29cdb0cccb1d90361438e4950ff34dbcb3cb0e81cc45f8d0ff570949f78084e1060ff5594ad516f50f1cb0a765e1c0e038d5943b936e4a8b493354e79abc917bb9271266eeba77a93a657f9ad87b291ac7ea386f5d4fcbc582e72d5c23d92ba944b0064c20e3e2dcf504bcc7c6966c63f2080843600ba313ec27cba95e7ef318168c9067dce86c1ef0d5d9eb7a6158489df32ed58b6931030818f00705a0dc55d3dbf8006a8546641b1865d919bc242202cb3ae300bf8653e3b37894c3dc0e477b9d7c41baf8d3887c2eb59b1e4d50bbb6f1792a1c9367c65cdb450c2dfa2145e611a97ad81cff1fd83c6cf7230947eaff4c21dc1bafb71ec41e5bc72b3745ec3e38bf5930c126d060f0c50a895f009aa18e87f2174f58ab5379a721fd83aad5517fd99dff146edeea61521235e2f1a16ee58303e091be8d579094c1d8a20bc74a550d77c00d087571517a63cd4126933a4f09a070bf8ea4ffb846a9780e9734043bac4c0ff47b1afccf5293ac14bc73ebf67129657e4b8a8b33ddac7b0f4d719d2dc65df6ea0a3f24cf44c8338ed601a3939ca358fc4be13e8ede027539712ca23e3ffba706e8fdd62a074ee0ad7420f78060cc96fb2abf30e9eaa241c0f87ebbe3ec73517596f7c3c5a80c:13cc158fd061792fced156879598251dd01d575b400fe3e39a700863aae8db1f9197fa501c0cf993e44d6ac55180b869838e8ae24b214fa35e244b7a6cff6d0d1769fcdbf51247ed4c83a00bbbf02f4428da6fceddd0161a02fccd1500970665e1c7630ad22e3d9749c792e71a260cfff6053256e02f5b47bba14b761ae53ca7219ed2801d2d788e26419f36c81ef92c2303683735c8a1756adab6a487923153e435603c96b239553edfdeb093298f7ae7dc90f16a7e5664b9e4c02ba731a23cf2234e250ac9742633a932a948bb83dc3d794d059fedf4ec8618c7433c5d8fe5e62cf07b5768c4d9b261c71536804fe2e7ca7098876521d57677361424e47f1b959237f90710421f5bc4f109f7d489c755e94eefdfb3c85b90ec013181a23bb9535feea4941d0a06a540bd6b588e55b7f35757149ca3e640965e1a0ff7f3c8259259957ff5dab9fb8732eae719b624a4492878179b5a83abe51caf02083d737ceb4fcf042f2e60ba0297ac72b87fe3e14ba5fbc54b48091073896823bfa289ce8e16873b48812c32bfea5ff6bb221d1ea5463d325bbe311e7fd1e783de650b7952eae461d63bc7470522af5b7789f8fc2eb192d2cf776c5c24b44e29cdb0cccb1d90361438e4950ff34dbcb3cb0e81cc45f8d0ff570949f78084e1060ff5594ad516f50f1cb0a765e1c0e038d5943b936e4a8b493354e79abc917bb9271266eeba77a93a657f9ad87b291ac7ea386f5d4fcbc582e72d5c23d92ba944b0064c20e3e2dcf504bcc7c6966c63f2080843600ba313ec27cba95e7ef318168c9067dce86c1ef0d5d9eb7a6158489df32ed58b6931030818f00705a0dc55d3dbf8006a8546641b1865d919bc242202cb3ae300bf8653e3b37894c3dc0e477b9d7c41baf8d3887c2eb59b1e4d50bbb6f1792a1c9367c65cdb450c2dfa2145e611a97ad81cff1fd83c6cf7230947eaff4c21dc1bafb71ec41e5bc72b3745ec3e38bf5930c126d060f0c50a895f009aa18e87f2174f58ab5379a721fd83aad5517fd99dff146edeea61521235e2f1a16ee58303e091be8d579094c1d8a20bc74a550d77c00d087571517a63cd4126933a4f09a070bf8ea4ffb846a9780e9734043bac4c0ff47b1afccf5293ac14bc73ebf67129657e4b8a8b33ddac7b0f4d719d2dc65df6ea0a3f24cf44c8338ed601a3939ca358fc4be13e8ede027539712ca23e3ffba706e8fdd62a074ee0ad7420f78060cc96fb2abf30e9eaa241c0f87ebbe3ec73517596f7c3c5a80c: +f6ae516a51296fc523cea5f008cfbd09e73f78b6fdd3b69426128041a5604cf9376c82ba7b87aa77418727db33d326ae758bf7a135c10460cd8bf8feb83c2b10:376c82ba7b87aa77418727db33d326ae758bf7a135c10460cd8bf8feb83c2b10:8342f25ac4b17ebad6f79b9a033175c7f28af09e658e8cb98c294f15c3c8342629cb2a3247dfc875b82f5b380c5d11426a2eeb62450bd885650107c68362a3b72ce823f2d15942b7dda301d2fb638f302aa9570b47911dadd3bddbfed554c1c80bd718078b8bd2c9c314a5166f265e8266ee2db357561a5585c414a7840bfae609d7cddde1fade85560f23d638ef3d52e51f5cf313a072c5ea0f817f7281e2cba5c5c8d26c928592b81f0ff8cd18db5a2c41d880d74473863c7bbd0056fa4d4afabd17a3b89d97d3fe5dc06b0f612a1d66423923ba8dfbb8ec8246624d83784eba4f5736ba385e442296c8cb0f1b68e03342b2c6c103346f6dd740e26c3d13caef801d1b2621d89f069391a078d43ae6ff12eeca66bc32637b45f0ac627c2d7bbf8a49d9468175e26885e02821d3a3baa2c3e3a6bb96b57526e224cf3d859f669573cbd5c87393746156f3d1c7a80308dc1f2405bf0d40be1ca73b767dedf4031337c081bfa3ae6e54f6023f42f0cbd87762db55913c707206034010df2aa8753d030f03c267e71a9dd2c6c19de3e1851abfacbbd5dd5bf896fab8e415317b49f1e4096e3da99a5b5d0a3c42daf9de94847c1e53c8818a5b843323f501e3a7fa68df89a5f41f2c62c38d17f250b02a67fae47daf063f558942377ef8a89052f1a215d768f7913a7ec14e98b81e4b2ccf26bacad6f39664afc0e91a3cad691db2bf56a7ab6677b49596db887c97def43508a7a2ec2ab755ec368e2e53d1e16b60fff09c3b52263f0f7c1ea9cc35373197e95c11e6d22fa9d8299c423736f5814f1e798d227518600df6a790358deae38d5639e1983fe018436ea58ba8467548c929efbb16dfea4102253a350fb84d9831c4c2cbcb76e18d7f3e953641ada41421393091e63dfe66de24c99232c7d6a2837a48983cf5b16331ce00050d1c713958ffce5f2e9348c52f53120579a7c9a16008d134838e596129c702fcd21148bdf9174d48e2da0a8a66359edee01c5009ef6742fec41c1acecd03efe1ccc9b130d6e5ac92576a85ccb7cfc7d0e4233106172931a08699790bc41acfbb731adbb26d56b39aaa5b333bc1a10e2c7064ca86119d8c717148f92441af24cd2aa8f57c86ba38a59a100b9276df3827ec7fb4d3faf58be31c6ecafd69cf1c6410a49cd7081ff6e9fc397c2d20:0fe4dd7e1f608ee82b7fe863d1b03a81843ce20c762cd8bb24efd46ba025fff3331d875752ca7220c53dd3c71f2bc1e2c64a2f9c58865a2a244809f4134e53078342f25ac4b17ebad6f79b9a033175c7f28af09e658e8cb98c294f15c3c8342629cb2a3247dfc875b82f5b380c5d11426a2eeb62450bd885650107c68362a3b72ce823f2d15942b7dda301d2fb638f302aa9570b47911dadd3bddbfed554c1c80bd718078b8bd2c9c314a5166f265e8266ee2db357561a5585c414a7840bfae609d7cddde1fade85560f23d638ef3d52e51f5cf313a072c5ea0f817f7281e2cba5c5c8d26c928592b81f0ff8cd18db5a2c41d880d74473863c7bbd0056fa4d4afabd17a3b89d97d3fe5dc06b0f612a1d66423923ba8dfbb8ec8246624d83784eba4f5736ba385e442296c8cb0f1b68e03342b2c6c103346f6dd740e26c3d13caef801d1b2621d89f069391a078d43ae6ff12eeca66bc32637b45f0ac627c2d7bbf8a49d9468175e26885e02821d3a3baa2c3e3a6bb96b57526e224cf3d859f669573cbd5c87393746156f3d1c7a80308dc1f2405bf0d40be1ca73b767dedf4031337c081bfa3ae6e54f6023f42f0cbd87762db55913c707206034010df2aa8753d030f03c267e71a9dd2c6c19de3e1851abfacbbd5dd5bf896fab8e415317b49f1e4096e3da99a5b5d0a3c42daf9de94847c1e53c8818a5b843323f501e3a7fa68df89a5f41f2c62c38d17f250b02a67fae47daf063f558942377ef8a89052f1a215d768f7913a7ec14e98b81e4b2ccf26bacad6f39664afc0e91a3cad691db2bf56a7ab6677b49596db887c97def43508a7a2ec2ab755ec368e2e53d1e16b60fff09c3b52263f0f7c1ea9cc35373197e95c11e6d22fa9d8299c423736f5814f1e798d227518600df6a790358deae38d5639e1983fe018436ea58ba8467548c929efbb16dfea4102253a350fb84d9831c4c2cbcb76e18d7f3e953641ada41421393091e63dfe66de24c99232c7d6a2837a48983cf5b16331ce00050d1c713958ffce5f2e9348c52f53120579a7c9a16008d134838e596129c702fcd21148bdf9174d48e2da0a8a66359edee01c5009ef6742fec41c1acecd03efe1ccc9b130d6e5ac92576a85ccb7cfc7d0e4233106172931a08699790bc41acfbb731adbb26d56b39aaa5b333bc1a10e2c7064ca86119d8c717148f92441af24cd2aa8f57c86ba38a59a100b9276df3827ec7fb4d3faf58be31c6ecafd69cf1c6410a49cd7081ff6e9fc397c2d20: +83f789900f040dc62f4d18784cb64b63c88e8d18001696bbeb4707c469d11a5bedfc2bab7e79f40037fe4d9041de48da9aee8f978098d7b0ae17929025e4273d:edfc2bab7e79f40037fe4d9041de48da9aee8f978098d7b0ae17929025e4273d:6c112a20d30657ab5f8c5c04478d6c42d1c6bdef38cd4fe006ac2a57e290ff29287896eea8c30a0139c18fc8c97564563e86c8d34056a6719bfe479d9e87e81b19452331bfa154806882e5039a20c9e954b1fc7c015dcf5815bd7cf7b6357df9280b9bd43f89ffc91945323b5acb2ae00254d4162868d1c83ec6e0fcbe7a8ab9254192149c6bc9e5fe350694165d6638331eb24e3b1390c698c4838378c01b2c61a3ebe2c060b98ba6ee02b519b4eac1e0bcc09b2324ccf5b1a7fe8fd0b1545a9427832abb25744eeb36326be64efed3a7b07d630a21c3081b55261c353287c66c57663a99db466a5dee22746b81c750ef85be51143e221ecdf114fef1b3082ff54fd044bc884bfb3cc5c5335997009867ce9491a80fe696825f99426defab6a49badcde403f58e8317966210747b567754de53076b3ecbf65346cb83905832e16d01b50b93d37eb9bfe20172a31630d25f3217d87d93465fd8ac554cbbb39d982ead7219391234c889f0b92a2e0413d866cac087d628ce31c61c6323ecb8e689555af10de2b656e6aea2cde932e241f6d1f8a9e3316cf13f135acef83a0c0cf22f95ca818e61f92768774c630e0925be99dbd32b499c0fe7d84a42e393287f6f5ce3d0b271f170045a6d48eab316fe17b1858b1ffeee90888f3a37a2480dfd04a4a8629f868b5c0a80ee1f03719f3a47d4095bef10e0234fc300e2af482285d78937968319da94beb6c40e078577c024f3a5cda0084e2f855a9396aaa9ee9bfaf2cc771fe68c40b629e8dcf115ef03e757a2ac9eef073f1bdf9c5a4410031558a6d382b5f16024b151b1c01ee7817413a3c4de9dd6478785b81101df5522430058780207e790f612d78e5705ceed46b0ec075e7c1dc073b17b2b43d72535927bfd271e92e3c93638e40a9601dc2c1ab76d91a4103df657d911c829ee8a5f747f7642f5a915a5f40f630b43039c7d4bd2ad2b32129d94e5b2f03ad4a3d45577eb81f369c9e3e2a4f6a8e41acf8283be58425ea993b8e98eea6330556648618dad98fa255620d836d3c7f29b907895849286167c7181e2caf55c2c184a9a911f8e41cb042e2cd48b0544ea79fe2ef381ebc5b15e39a9b5c6d998faeaaa7773cfec084c0bfaed1bcab963a4ef3d94dbb3dfe724c040ce4d1e2ee7fc2da4b25127ce3a5df693fcf5a6ed1:ea6582cc23e0460917f782d964e3bb6dcde0aeeac42cc14919d36ce78aa0afd98072f54c795fbfd7a41d99d70606c28a5dcf19be38a0ce2d09bb8f844c31bf006c112a20d30657ab5f8c5c04478d6c42d1c6bdef38cd4fe006ac2a57e290ff29287896eea8c30a0139c18fc8c97564563e86c8d34056a6719bfe479d9e87e81b19452331bfa154806882e5039a20c9e954b1fc7c015dcf5815bd7cf7b6357df9280b9bd43f89ffc91945323b5acb2ae00254d4162868d1c83ec6e0fcbe7a8ab9254192149c6bc9e5fe350694165d6638331eb24e3b1390c698c4838378c01b2c61a3ebe2c060b98ba6ee02b519b4eac1e0bcc09b2324ccf5b1a7fe8fd0b1545a9427832abb25744eeb36326be64efed3a7b07d630a21c3081b55261c353287c66c57663a99db466a5dee22746b81c750ef85be51143e221ecdf114fef1b3082ff54fd044bc884bfb3cc5c5335997009867ce9491a80fe696825f99426defab6a49badcde403f58e8317966210747b567754de53076b3ecbf65346cb83905832e16d01b50b93d37eb9bfe20172a31630d25f3217d87d93465fd8ac554cbbb39d982ead7219391234c889f0b92a2e0413d866cac087d628ce31c61c6323ecb8e689555af10de2b656e6aea2cde932e241f6d1f8a9e3316cf13f135acef83a0c0cf22f95ca818e61f92768774c630e0925be99dbd32b499c0fe7d84a42e393287f6f5ce3d0b271f170045a6d48eab316fe17b1858b1ffeee90888f3a37a2480dfd04a4a8629f868b5c0a80ee1f03719f3a47d4095bef10e0234fc300e2af482285d78937968319da94beb6c40e078577c024f3a5cda0084e2f855a9396aaa9ee9bfaf2cc771fe68c40b629e8dcf115ef03e757a2ac9eef073f1bdf9c5a4410031558a6d382b5f16024b151b1c01ee7817413a3c4de9dd6478785b81101df5522430058780207e790f612d78e5705ceed46b0ec075e7c1dc073b17b2b43d72535927bfd271e92e3c93638e40a9601dc2c1ab76d91a4103df657d911c829ee8a5f747f7642f5a915a5f40f630b43039c7d4bd2ad2b32129d94e5b2f03ad4a3d45577eb81f369c9e3e2a4f6a8e41acf8283be58425ea993b8e98eea6330556648618dad98fa255620d836d3c7f29b907895849286167c7181e2caf55c2c184a9a911f8e41cb042e2cd48b0544ea79fe2ef381ebc5b15e39a9b5c6d998faeaaa7773cfec084c0bfaed1bcab963a4ef3d94dbb3dfe724c040ce4d1e2ee7fc2da4b25127ce3a5df693fcf5a6ed1: +43bff3cdd5307ed7d25cf96fdbba64ab1811c8bb934e2187ea7ffc018d85e0f200f1b5d3cac6e56ca5f894d4cdbf9bebd968d24d5effa5058b0e20bb0898f6f1:00f1b5d3cac6e56ca5f894d4cdbf9bebd968d24d5effa5058b0e20bb0898f6f1:646f8b34182d5e602b51ca7329347c0e198cb747e4da0a6b80f3f6f9f336f6708d85cb429ab2d6bed35d5013129cd100142cddcee8635179021b3e24922b81aef13c1370286939d63d6b6a4195eda1d812ca518204768f87348c6889552c63d1372cde6a5e9daa7f8445ec8d6130a3f5aef0edeace010b6c7f0b9d24162a8d04454b81d48ea9097bd8df093459719ccb54aa10f51c246aa99c580beaf9c9c5bc60faf0ae5cec7f5137f6c5c144df45d12ee995adccf25a9db81b8558bdfb65830186e7b9d4eed9f6b4d732b1b5822d03eb017c0724f48f87baaae1045d6fdb125c9134064faf18dbed58d8fbaceacd4f097df9b342e5c4a5bc85b29597d4b640f1551c5b624ab21b48e94a9030049be1f05aa851d0827eaf8700dfe147fdcdeedbc98c4f15774f0120fb5970a2f8b21794340b628379a802b9f7c068b0df63193e510fc7b2af97ee38de47929785535528d350d88620610cfdb55d249e38fb73c8287113919ce33267d7db924e4919a44e6e29a90dbe3b7b0d3921163feb5ac105624ed852bece3538e99193300c893345699350a8f99e8c6a41095fc9fc08da07f75711f7df034406de14edd8e22a633a86e4a5a5c975ac5d34891cccfc8543771ffa080e0b45d65ab830a361ac4c426294d3685ea8c26039c71c90fc3fb512be9fc94807d76dbdaf8ffaa4fbf9849d68e8a57d30c4a0b9735c23f08ef2e284458467e15d665362cb646fde6937ecba53091264638357a722425bc62d1e30ec5f0dd8fea26b2ea4a8490035de43f274846fb0cf0209ec7437f3c3d0a560373d034e5fd79e25b6424d9b2c1761632b35a12132521827345c55e4e7142dd6fe94d620fe515c153e8395b5d130c744139b6a92efd37f22ba13fe4c095373550e2e4fcba0325b3ea3b9fe25cc7dd92cbf42e15f4554b77ac27a4a346382ff6100451508d602cf643f60b6ca4286356f21a3110d4e2c8a8962a780fcff439b3aa80499df270fc3e6cad8893348872f0f702f9390000c7f6e0627d2bbb7b7cef5c4da25dadfea8032e5023297a70a658e9ae73bddc3b227a1c11741133f012f0f48fe26446fa67e64720fc8dc97f30d0dd026f6dc2164ead857824a0a7aeb20f115d50d1b65dd5d82e09abe834e8ca88957e39984824955a1a13e3b94a00157186dcdc289e34b678c91cb2a1a:a6b56b7686df1dc5f4ed544a4d97e67036195a32b22ecd5d31ea1730e6ed8f810d258b44c08ea45f032b937441b72cd0dc37556fd7874e9fe64f15765c521003646f8b34182d5e602b51ca7329347c0e198cb747e4da0a6b80f3f6f9f336f6708d85cb429ab2d6bed35d5013129cd100142cddcee8635179021b3e24922b81aef13c1370286939d63d6b6a4195eda1d812ca518204768f87348c6889552c63d1372cde6a5e9daa7f8445ec8d6130a3f5aef0edeace010b6c7f0b9d24162a8d04454b81d48ea9097bd8df093459719ccb54aa10f51c246aa99c580beaf9c9c5bc60faf0ae5cec7f5137f6c5c144df45d12ee995adccf25a9db81b8558bdfb65830186e7b9d4eed9f6b4d732b1b5822d03eb017c0724f48f87baaae1045d6fdb125c9134064faf18dbed58d8fbaceacd4f097df9b342e5c4a5bc85b29597d4b640f1551c5b624ab21b48e94a9030049be1f05aa851d0827eaf8700dfe147fdcdeedbc98c4f15774f0120fb5970a2f8b21794340b628379a802b9f7c068b0df63193e510fc7b2af97ee38de47929785535528d350d88620610cfdb55d249e38fb73c8287113919ce33267d7db924e4919a44e6e29a90dbe3b7b0d3921163feb5ac105624ed852bece3538e99193300c893345699350a8f99e8c6a41095fc9fc08da07f75711f7df034406de14edd8e22a633a86e4a5a5c975ac5d34891cccfc8543771ffa080e0b45d65ab830a361ac4c426294d3685ea8c26039c71c90fc3fb512be9fc94807d76dbdaf8ffaa4fbf9849d68e8a57d30c4a0b9735c23f08ef2e284458467e15d665362cb646fde6937ecba53091264638357a722425bc62d1e30ec5f0dd8fea26b2ea4a8490035de43f274846fb0cf0209ec7437f3c3d0a560373d034e5fd79e25b6424d9b2c1761632b35a12132521827345c55e4e7142dd6fe94d620fe515c153e8395b5d130c744139b6a92efd37f22ba13fe4c095373550e2e4fcba0325b3ea3b9fe25cc7dd92cbf42e15f4554b77ac27a4a346382ff6100451508d602cf643f60b6ca4286356f21a3110d4e2c8a8962a780fcff439b3aa80499df270fc3e6cad8893348872f0f702f9390000c7f6e0627d2bbb7b7cef5c4da25dadfea8032e5023297a70a658e9ae73bddc3b227a1c11741133f012f0f48fe26446fa67e64720fc8dc97f30d0dd026f6dc2164ead857824a0a7aeb20f115d50d1b65dd5d82e09abe834e8ca88957e39984824955a1a13e3b94a00157186dcdc289e34b678c91cb2a1a: +063b9025e321e972d653a062be34f99365affdcc98ec9ff43ef422be0f80446010d01a63012ac09956ba9ed61df35bb7afe3658bb3004852e47174bd07dd4de7:10d01a63012ac09956ba9ed61df35bb7afe3658bb3004852e47174bd07dd4de7:a7eed29652844ee0049bafb2cf63402971020d7e65c10b91ac5726eea86f40dbc53c3f0abedebaf6cc449b4fea48c015fe4d907b3e5505cff50a121819a2e4a8a296d5751015bbcd7ef6fb7c2727bb000be1342a7d14bca97904edfe8b18ddb63933418327a5af817e95bad74eb790203615d082e71493ead47ccc0901a2ca9f50133c44ef8508d51fb73c616f0147532245822dd102b337a1b2aae2efc72dca7a9419d598a6475233dc1a4ee0ec6d05da12a2b287cb77ffafdde2d0acc28199933e6621eec16ab4245170cf02da80d4922631a23272915165ad88722750035d2a0977bc791d14fb3d8cb02bc77f7c71be5242629a4c9a588dfdde9578494d8baa4e68f5194b8002c8e378a0e833b7c1a96981c4fb05e457ff48260b72493cbcb82ae11673d14cee85288f6370bd4bca9251a7e214c3eb79e7bb6fcebb16c9e056f29b6272743efa6fe8bfd25597ce86898ab3059eb0231c73b5305903fd1319bdf49e599d8bbcd74a8b9767308b61563ccbacd38fc50c83ab44ca759dc9b65b2a4b547c5097f220c1c88b2b0a48f65f91fe78b1501278e1e304de58b4c82a5c399981098a1784eb9042501859f2a93f317e41772fd52f972e51b07ed94d314e1d1af4ed82909a0bef671f54b55db7b70da1f718c8e648aedd6da64b05770526f12bc43f68b95548dac50809a687db97d73f06f47ed08831b60a28e982920632058f0e6c90c0187ff44564f81efd8fd93e327bc6d80b490e088b9a10036c80dcdad49d2be074fbba31e06f7180e5ad1c8823d60966a9ce15503ce60dd40e91eef2359d83d70d98401dde7be3c6b07e57d4e47d04217633d8e263ca348f81fbe9a4a62f45d77c843b6b1ad28466d9dafb1b910b348ed87c686cab292d480c191d187b404a9b1d132ba4e293d3ada99172acc121fe66b845b98b160c5823f601c7758fb26caee85701595b2d52caa2f5688aa2bf2f6c4bb637f8e00f49ab6c26bc6ad89e1367fd28e4917d250893a7b32d39660bde8db49f086fb739e56012c36bea0b26cf6d9357940b00d5a4528f9059aaf08669e5f46c995e60f887b5c4ab88ac7442ed01a14c6a42006baf1f343fefe3e4aca843a324e176b2fe7ec7883d1cbd068bc2fc962ffa60244f654c77ac5650817dc084465545a9230a74826b0c50eb85252a886ff2b1afeaf8:85c81d6b0d8578fa58e13ab391001528b46a1d63a0327c7a4a04087fc668758aa65c01d5a150f935674ef307507e6f4c91e1fc3500b26f649beea87d27563704a7eed29652844ee0049bafb2cf63402971020d7e65c10b91ac5726eea86f40dbc53c3f0abedebaf6cc449b4fea48c015fe4d907b3e5505cff50a121819a2e4a8a296d5751015bbcd7ef6fb7c2727bb000be1342a7d14bca97904edfe8b18ddb63933418327a5af817e95bad74eb790203615d082e71493ead47ccc0901a2ca9f50133c44ef8508d51fb73c616f0147532245822dd102b337a1b2aae2efc72dca7a9419d598a6475233dc1a4ee0ec6d05da12a2b287cb77ffafdde2d0acc28199933e6621eec16ab4245170cf02da80d4922631a23272915165ad88722750035d2a0977bc791d14fb3d8cb02bc77f7c71be5242629a4c9a588dfdde9578494d8baa4e68f5194b8002c8e378a0e833b7c1a96981c4fb05e457ff48260b72493cbcb82ae11673d14cee85288f6370bd4bca9251a7e214c3eb79e7bb6fcebb16c9e056f29b6272743efa6fe8bfd25597ce86898ab3059eb0231c73b5305903fd1319bdf49e599d8bbcd74a8b9767308b61563ccbacd38fc50c83ab44ca759dc9b65b2a4b547c5097f220c1c88b2b0a48f65f91fe78b1501278e1e304de58b4c82a5c399981098a1784eb9042501859f2a93f317e41772fd52f972e51b07ed94d314e1d1af4ed82909a0bef671f54b55db7b70da1f718c8e648aedd6da64b05770526f12bc43f68b95548dac50809a687db97d73f06f47ed08831b60a28e982920632058f0e6c90c0187ff44564f81efd8fd93e327bc6d80b490e088b9a10036c80dcdad49d2be074fbba31e06f7180e5ad1c8823d60966a9ce15503ce60dd40e91eef2359d83d70d98401dde7be3c6b07e57d4e47d04217633d8e263ca348f81fbe9a4a62f45d77c843b6b1ad28466d9dafb1b910b348ed87c686cab292d480c191d187b404a9b1d132ba4e293d3ada99172acc121fe66b845b98b160c5823f601c7758fb26caee85701595b2d52caa2f5688aa2bf2f6c4bb637f8e00f49ab6c26bc6ad89e1367fd28e4917d250893a7b32d39660bde8db49f086fb739e56012c36bea0b26cf6d9357940b00d5a4528f9059aaf08669e5f46c995e60f887b5c4ab88ac7442ed01a14c6a42006baf1f343fefe3e4aca843a324e176b2fe7ec7883d1cbd068bc2fc962ffa60244f654c77ac5650817dc084465545a9230a74826b0c50eb85252a886ff2b1afeaf8: +883cc1381757b0fe0455b77bc9cd0dd464d2b4bf0c7a3c0c2dc775fb78aa373283a8b669ccd01245ce3b818dcb1b588f86535850e6c710c79217fe439824f3fa:83a8b669ccd01245ce3b818dcb1b588f86535850e6c710c79217fe439824f3fa:ffec293d12ea636ca4c4a0a5e2db15342639c476674d2ebdab4aefd4046b5ddb56aeb210c119afdfb8a89128a34f6d77f261edea0772a2f8db140a2640fd8ecadb0b4792169b6b2810aee2c5cd835288bff493bcebeeea28a7a248c36116540fa71736d66b0a475b5fa92c0d46002fca7a1e69d1b59e81a3a6d4f339769daeb20b5f9d75c4c28f692132d28d3c564c09fe3dcca0359c3c63ec377a33f9ee874d8a789d77c96ac05fdf3ab38b2c8274a902ef8bb7f467fc7e073c77b1db5fc8ef966c120c4dae3fb7f5b74abb990166c812a525d123f76ed512125080a1534f3d8bdccc541fc97590287546096fc880bfcfdd00e65c0ebf4a09fd6476ce1b7c8faaa5a1cc2786719a30d8255811184752a88b08ac9f0ff1d6262f2586940afe1fe45e0b563448a55f3030e4c39c1f3f86a733670380eab088e393de09d1f508d2fbcafc649aeae6b8c30e329ec3fd2829be6db0ab8e637ea1095bdc3df3acc23d3cf705a9542c19e59092ec413a4e2bd5ded28cd34ddb3d32949aa487f1c337d6979cf512622dbfb7da1cbb1c7e5abeea7009e2943ffba2252e1d86eca9d6d5c246cd2e134a3e5dad37efef71ce397adafbd9e72b3f9a86ff0f5d812c46225bebd0703bc5cce9c64582008f7e558c40a3b3522096d1aa2b61bc90cd88c6285d942087d8a4665a0e64d3572f74689b4f24ef400d741b57140613471444decc654af0ffb2edfdf9fdd075098190b34cde28dd166872c6086567a68761cef25da40bd4c3d34fddd72ee565b0b937678ee84349d1160f5f0705f895d0f141ce8f51a1e4fd2dc4704b527a4025a939cb2bb78857eb18d78872edc9ee70e60b2a42700a198f4fff6c31925168be077dc23c322abbca97361fecaa3fcb196e656c128f3982fe11e551a4a0885da60d397d0e40d0d897262f1b4b672f78a2d2adfcdd6e1525c26e7195fb9ac606bb1ba4a9890803b4bd84346ae8d8c7196c90aeccb296a4c3eb4efacbfcb62e383b8a494ac723562d0d8c379187a92e3bda6b1569476aed21aed7a056b4a5826744017cc0060b4d55fa8772b5b1c15f5748ad7298005aecbcbd90a3e5c6159a8674abbba37914415002b5a6ef5df3c649426ea1275a01d80adf490ac546062d93999a6dccacb96a0904ad33d90576dc6a21b672e8ffb06613fb3f14e6cbdde88c2437c9:c7cfd5c9fe930d15a11ebb34e3431f489da010eb193edbfa6f23d5d14dd8feabd7880d2d5a5600d38546ce3bc64a86291a1ce31f272ff020df8cb6a0fd4d3a0dffec293d12ea636ca4c4a0a5e2db15342639c476674d2ebdab4aefd4046b5ddb56aeb210c119afdfb8a89128a34f6d77f261edea0772a2f8db140a2640fd8ecadb0b4792169b6b2810aee2c5cd835288bff493bcebeeea28a7a248c36116540fa71736d66b0a475b5fa92c0d46002fca7a1e69d1b59e81a3a6d4f339769daeb20b5f9d75c4c28f692132d28d3c564c09fe3dcca0359c3c63ec377a33f9ee874d8a789d77c96ac05fdf3ab38b2c8274a902ef8bb7f467fc7e073c77b1db5fc8ef966c120c4dae3fb7f5b74abb990166c812a525d123f76ed512125080a1534f3d8bdccc541fc97590287546096fc880bfcfdd00e65c0ebf4a09fd6476ce1b7c8faaa5a1cc2786719a30d8255811184752a88b08ac9f0ff1d6262f2586940afe1fe45e0b563448a55f3030e4c39c1f3f86a733670380eab088e393de09d1f508d2fbcafc649aeae6b8c30e329ec3fd2829be6db0ab8e637ea1095bdc3df3acc23d3cf705a9542c19e59092ec413a4e2bd5ded28cd34ddb3d32949aa487f1c337d6979cf512622dbfb7da1cbb1c7e5abeea7009e2943ffba2252e1d86eca9d6d5c246cd2e134a3e5dad37efef71ce397adafbd9e72b3f9a86ff0f5d812c46225bebd0703bc5cce9c64582008f7e558c40a3b3522096d1aa2b61bc90cd88c6285d942087d8a4665a0e64d3572f74689b4f24ef400d741b57140613471444decc654af0ffb2edfdf9fdd075098190b34cde28dd166872c6086567a68761cef25da40bd4c3d34fddd72ee565b0b937678ee84349d1160f5f0705f895d0f141ce8f51a1e4fd2dc4704b527a4025a939cb2bb78857eb18d78872edc9ee70e60b2a42700a198f4fff6c31925168be077dc23c322abbca97361fecaa3fcb196e656c128f3982fe11e551a4a0885da60d397d0e40d0d897262f1b4b672f78a2d2adfcdd6e1525c26e7195fb9ac606bb1ba4a9890803b4bd84346ae8d8c7196c90aeccb296a4c3eb4efacbfcb62e383b8a494ac723562d0d8c379187a92e3bda6b1569476aed21aed7a056b4a5826744017cc0060b4d55fa8772b5b1c15f5748ad7298005aecbcbd90a3e5c6159a8674abbba37914415002b5a6ef5df3c649426ea1275a01d80adf490ac546062d93999a6dccacb96a0904ad33d90576dc6a21b672e8ffb06613fb3f14e6cbdde88c2437c9: +5e40a7aabbb0830a9ab0fd79690ee0433901c6cb0676abe4bba06f5bbe58fac24d4f28fe09c4aabfca01ef6ee7fd6372fb62db61aaee827c43fd1a6d1c259032:4d4f28fe09c4aabfca01ef6ee7fd6372fb62db61aaee827c43fd1a6d1c259032:fd4ec8b34fc6b743813f59e2fd1fefa870f5a970e2eb7516ef7c306f4b823ffee92d601f765d79ca146aba8bc6e79844559935cddc242649c059ecf2db84fdc219366688a88fc25b851c3661e51988c2bf73bb8e3dc16d22415ab1a7b35579daac7325e319157d7da5fee87c93a4dfcbafc92fba7e17cc68e3903733c6c801572d907320b2feb51710e856a1f76f85a7ee1a11e62d2e45a352938dd8cfc2bccb902dea444faaae6d84c5f391e10aef76928a45153db6cd25a2bf353d80d97bf4b3808605e89800d29840ea60978d9ec9b2c302749888f9debc84dd1e2a79aa0b6ba02a039193081bdbff0599a14d918c0c8deac4f60b6e99474ab53011741034fe2a20cff4e0f023424c8e5797768ad53df6d01a24011fa90f0bb1d5069cdb36b450f433110c2c56f34a1de4260914cd4696b14a09c0268b2ae2e98e6b4e992b9125f878f1ac09823170628388f0f6e256259ca786bbe144884cb298cc043d02f5c3dc684f787faf16c10fdd8437a8c3097463bdb99b78030f9474fc5c9951dc7526490586fe1c2db05411341460239d5e8bc53065902b95fba282c27665e869a19dae84606d1726675155d38039b9e55db4d5ceec95cd6d87f85e99dde54a04761e6eada6619da895b654fe3845e8a60f3a3b32483d6d27978af54502b220e478db78cff77a9c97fb79fb5acf56289f381acb10de64c3f23842b12bf5f1b283bd25d48d09128fb55ddae255beb7c66a74cf6f0695a4f828cb29e4afdbb3b42a235d4fdb66b963ac8f68e82b00a1c4500863296247178cfdef803bb7b114f0c03276f671669a087d9228a37ae7b99b061549c1cf8ec17246ea1ee03dbc88bf426416d586572ff10a3145606f2784e4357be4edeec6c3a7bf11bb5b0e90cf50edaf891e51d26357bfc853ce23b299155c82c1031dfa64074d72a09d29720ead6ebbbf75d5738e32cda6b6466a8def6b50a1ed9b865a9a88a08018acb501a4de9db54d0522ce9cec7a06bd9a5f86b0b46c07bf3e7f5a426ff6b4bbe1e00313a5ac2719a959ed44ee0a44bd97da6db2cb971bd68334908949ed850fbf73d0e02049da181cce9c2d9ca1b624c8d87cf904eb821dc7959295da5777920660b43ccc25cd389f157f67fa0390feac97a752c1ac204c21df56bb0f4fc01641b480af2b89b5d16d4a0bcb0a50b82b0e0484:597672ab8d3a60de5456fcc9c38253f5f37b80e74a007c9f6db909d27d0ead162789244994f35b80d61be199c417c7ea901b98cc63fe3c50fc3c6338490fa206fd4ec8b34fc6b743813f59e2fd1fefa870f5a970e2eb7516ef7c306f4b823ffee92d601f765d79ca146aba8bc6e79844559935cddc242649c059ecf2db84fdc219366688a88fc25b851c3661e51988c2bf73bb8e3dc16d22415ab1a7b35579daac7325e319157d7da5fee87c93a4dfcbafc92fba7e17cc68e3903733c6c801572d907320b2feb51710e856a1f76f85a7ee1a11e62d2e45a352938dd8cfc2bccb902dea444faaae6d84c5f391e10aef76928a45153db6cd25a2bf353d80d97bf4b3808605e89800d29840ea60978d9ec9b2c302749888f9debc84dd1e2a79aa0b6ba02a039193081bdbff0599a14d918c0c8deac4f60b6e99474ab53011741034fe2a20cff4e0f023424c8e5797768ad53df6d01a24011fa90f0bb1d5069cdb36b450f433110c2c56f34a1de4260914cd4696b14a09c0268b2ae2e98e6b4e992b9125f878f1ac09823170628388f0f6e256259ca786bbe144884cb298cc043d02f5c3dc684f787faf16c10fdd8437a8c3097463bdb99b78030f9474fc5c9951dc7526490586fe1c2db05411341460239d5e8bc53065902b95fba282c27665e869a19dae84606d1726675155d38039b9e55db4d5ceec95cd6d87f85e99dde54a04761e6eada6619da895b654fe3845e8a60f3a3b32483d6d27978af54502b220e478db78cff77a9c97fb79fb5acf56289f381acb10de64c3f23842b12bf5f1b283bd25d48d09128fb55ddae255beb7c66a74cf6f0695a4f828cb29e4afdbb3b42a235d4fdb66b963ac8f68e82b00a1c4500863296247178cfdef803bb7b114f0c03276f671669a087d9228a37ae7b99b061549c1cf8ec17246ea1ee03dbc88bf426416d586572ff10a3145606f2784e4357be4edeec6c3a7bf11bb5b0e90cf50edaf891e51d26357bfc853ce23b299155c82c1031dfa64074d72a09d29720ead6ebbbf75d5738e32cda6b6466a8def6b50a1ed9b865a9a88a08018acb501a4de9db54d0522ce9cec7a06bd9a5f86b0b46c07bf3e7f5a426ff6b4bbe1e00313a5ac2719a959ed44ee0a44bd97da6db2cb971bd68334908949ed850fbf73d0e02049da181cce9c2d9ca1b624c8d87cf904eb821dc7959295da5777920660b43ccc25cd389f157f67fa0390feac97a752c1ac204c21df56bb0f4fc01641b480af2b89b5d16d4a0bcb0a50b82b0e0484: +3a34136a973480d97006dc279358e6606293d8cbc1a44ee55233af2b5264b90ce5effd921be8eec530752fccc576ef0d9bcde4b32cc649d3f7954717562860cc:e5effd921be8eec530752fccc576ef0d9bcde4b32cc649d3f7954717562860cc:981c8e1090e396951b072ef8497062020897bf7dd7ad505b4d6dc11b3e1dbcb0da249984a140e164fc2e02b31da39846554aa8905bc8b3df8a76bf60eb5ffcf22c97b671227d249071da8ff6bba75b2f7668cec19a89e6475a12463dabf368b3ca2445bb3035cc00fae85b7072fbcf595401755b8051e6097065ae429f18eeb13ffa6dde59df6f3c206bfd9ce1f8a800c8590a4021d160f66d6740a369ae835617538b5890231f13c5667baf510a606bdaa84b8d10ee6015e12a4c1ec0bd0421a294c51cf63b5d1f058e1153dc425d10cee8b1b084d6c29347e96f0f31b839607d078b79a90ca3d1f063807a463b7c32f45a534498d71d47edc3b17a4dff27fedcffab301f34f1a64c0278a53589349a233af30b1ec1ae410f7b1630c7145ca42c9663f512e8a578267dc95e83289c17032e09782e2fe8e16efb87f03ca03b1195614f89961ca3939d3bdf737221a22d7a18ec30fc126d0ca663e88d6060d04c6a44e5616e556e07d6d4a847f1711cf43717810c70aa4be730278b3bd6555c954dc6edb09db08f0e211803596280f3c7868d2342cc2308eaae4da1913514664b1db962e99c8a8cffe57931f5dfcddbc1cbb36ce1c842e2dddeadfd7e7d0a5048cdcb961b14f35f435e73a683c8ce25c816812566fdf817e0d336ae0bd247328512b2a8567632bf20553d9bd6fe157f220ffb0b46ebae89a70459728a57eed1796256f1bd50b6d547ea3e25fa5913d389a22583e915eb49de35a97b5acc521db0d005c29575e16611a755f21a3a5a82a20aa900a707ce36825492c3ca15395f1700b4afab94daa7a02f1453b1f9a6bd36efb204d928ee1f4dcc860f3a859badc006fb305fa123d4c79b23a20e32295d040a7f8f6caca25d83f71c62e3af7836ef76b93a83d3c3b493af141753da19e4cdcba56617271034b4f4f394c7c6b7d79666f3afb692244f061c69a8881d1b52b8849fb534990ac2391909471ebbb728e29cd20f422354c4309717ebff3efd1833370806d5bfb53ca2da316dacb50ab7fb739673235a1dc53aa8893072d5b91c9f6db83fc4ea41d1eef49ac28afc1ced8f361890ab9f779d193082831cb8c42fb2792bee3b26296b6295eb78a8d853117661624e11f7f57afd6085a7b9123679fdaca1cf2a78d380bc4c360aa7c3cbfde0c0091fe53e2219c070f2f02f1483:425f272212835755adcc0522c6f6e05f68008a3be9ba5974e420c4c5cb56e6c55dec0de347b16caef8bd33b71b44c8357d05b6321d7bf493d25861db487bd603981c8e1090e396951b072ef8497062020897bf7dd7ad505b4d6dc11b3e1dbcb0da249984a140e164fc2e02b31da39846554aa8905bc8b3df8a76bf60eb5ffcf22c97b671227d249071da8ff6bba75b2f7668cec19a89e6475a12463dabf368b3ca2445bb3035cc00fae85b7072fbcf595401755b8051e6097065ae429f18eeb13ffa6dde59df6f3c206bfd9ce1f8a800c8590a4021d160f66d6740a369ae835617538b5890231f13c5667baf510a606bdaa84b8d10ee6015e12a4c1ec0bd0421a294c51cf63b5d1f058e1153dc425d10cee8b1b084d6c29347e96f0f31b839607d078b79a90ca3d1f063807a463b7c32f45a534498d71d47edc3b17a4dff27fedcffab301f34f1a64c0278a53589349a233af30b1ec1ae410f7b1630c7145ca42c9663f512e8a578267dc95e83289c17032e09782e2fe8e16efb87f03ca03b1195614f89961ca3939d3bdf737221a22d7a18ec30fc126d0ca663e88d6060d04c6a44e5616e556e07d6d4a847f1711cf43717810c70aa4be730278b3bd6555c954dc6edb09db08f0e211803596280f3c7868d2342cc2308eaae4da1913514664b1db962e99c8a8cffe57931f5dfcddbc1cbb36ce1c842e2dddeadfd7e7d0a5048cdcb961b14f35f435e73a683c8ce25c816812566fdf817e0d336ae0bd247328512b2a8567632bf20553d9bd6fe157f220ffb0b46ebae89a70459728a57eed1796256f1bd50b6d547ea3e25fa5913d389a22583e915eb49de35a97b5acc521db0d005c29575e16611a755f21a3a5a82a20aa900a707ce36825492c3ca15395f1700b4afab94daa7a02f1453b1f9a6bd36efb204d928ee1f4dcc860f3a859badc006fb305fa123d4c79b23a20e32295d040a7f8f6caca25d83f71c62e3af7836ef76b93a83d3c3b493af141753da19e4cdcba56617271034b4f4f394c7c6b7d79666f3afb692244f061c69a8881d1b52b8849fb534990ac2391909471ebbb728e29cd20f422354c4309717ebff3efd1833370806d5bfb53ca2da316dacb50ab7fb739673235a1dc53aa8893072d5b91c9f6db83fc4ea41d1eef49ac28afc1ced8f361890ab9f779d193082831cb8c42fb2792bee3b26296b6295eb78a8d853117661624e11f7f57afd6085a7b9123679fdaca1cf2a78d380bc4c360aa7c3cbfde0c0091fe53e2219c070f2f02f1483: +cf33e7974d8f0bf899ac5b834c7cf96479ce1cfd453af07f970527f36aa85c1f578f60338b1f041a97d319fecfa30cfaed369303cc00b3ec8c5c99041158e20c:578f60338b1f041a97d319fecfa30cfaed369303cc00b3ec8c5c99041158e20c:e813144bd116f6ac36389217b5171a902f06b7dd7b144df4f9091553c7c7835753a296cbb0d7fab99cef77b61f34a04c8af04e7d5d1f961302de89e2005f299f5a4aa17924617d006693937745539c3048ee36b8c23afec0af9feaa0066c8af8e0a7f09093498210f6d8dcc0aaada5668786910ff7c5b348d4ccd6eeeffa3acd1816d9011a4c4025f6c2fd2c020a10593627520d4dd99e07c62d2dbebe84139e1c7d867c093574fa601e4ee307ac926e5d36b62d7ed84a261588b7e2883c7926612b4cc67e2bb72544a10d6b4929c88ef6c47c2625d2f6816bd73c3bae89d2e0c86171ac4bd080ae555d62740d1d2a761ced86dfc328ecc27ee3db6d404108ef4e0b64906253b4c0a771adefedc8a2c5b53c425a70cd6f63956f7a0a619fdfbfd00aa078418eb4652f8bc6f3c253beec9838b77f9cbe2ef2b8055c5773539e356bd8192606ec101e3f6058b1dd08a68fdbc549dfe6b7725dc2549e8e3f90dc5be3ccfb0a38baf9377cb3f6501d2e15ccb3556a895ccb23f0b6df9fe59311cff55374c3fb3a32981ca26ab426f3663d04e3167e53a537b7589a9fb73679090a205532c132906634334a7e8749793f8c593f3fd6278ce0050383487f3b245067af94881aa1ae968d0caeba5fa5c7be5f4e4b7257518695d89bccdec507b967b4fd64b6893b3ee7803c1d36ea8a02fc426f9afc8e9f24321527ec9844bc3c54a0f7667e034300bbb4fb020f6d5bb954e7b5a3a706a4939db33c154892643476a291d47dc1e6f72ce91d136f11db26b9c9ba736e40df0a15c1a89149996b251dd988b39004e6ef41bdc061db580b7b74de2a651810bd891753b97386d7f8cbdbb6ec386fa2c342f5ef20e6e3a8bb4d5149a7d4de1224dff1d172c87570f776d5ef45959be0938ad79f5d3395cb2721627122887bd7a8983b647797bd41d882641c81431ce8d9b3067adec4cde926c51313f0cf84c5292562dd4908642dd245288484c5568a787d0ced36a352f032da4f7e4de06b11473f650eec65dda99639af2d42d84ee230f4f83623d9c9aaa3b16bda10ddaad25af5c1c10f81c8c51c811a3aa3e3db58a7025e4380e285da474a61ba59173ff042a46a79ab184b070108416f9d6158cf96d0e6db447614a0d9089ebb6aee4ef107be4593d71e79f6798668a740ae4bac5ac7594ecbd5dc82e7d0f9cb:97a5b6d268a5b4175fb06f1f37d0a633519296edc30011c954d8f0b9bbe2641800396c4b35d4b0d7d2a1d17cbbebdc55a809462d6cc19a6fadbe1bd1bae88a01e813144bd116f6ac36389217b5171a902f06b7dd7b144df4f9091553c7c7835753a296cbb0d7fab99cef77b61f34a04c8af04e7d5d1f961302de89e2005f299f5a4aa17924617d006693937745539c3048ee36b8c23afec0af9feaa0066c8af8e0a7f09093498210f6d8dcc0aaada5668786910ff7c5b348d4ccd6eeeffa3acd1816d9011a4c4025f6c2fd2c020a10593627520d4dd99e07c62d2dbebe84139e1c7d867c093574fa601e4ee307ac926e5d36b62d7ed84a261588b7e2883c7926612b4cc67e2bb72544a10d6b4929c88ef6c47c2625d2f6816bd73c3bae89d2e0c86171ac4bd080ae555d62740d1d2a761ced86dfc328ecc27ee3db6d404108ef4e0b64906253b4c0a771adefedc8a2c5b53c425a70cd6f63956f7a0a619fdfbfd00aa078418eb4652f8bc6f3c253beec9838b77f9cbe2ef2b8055c5773539e356bd8192606ec101e3f6058b1dd08a68fdbc549dfe6b7725dc2549e8e3f90dc5be3ccfb0a38baf9377cb3f6501d2e15ccb3556a895ccb23f0b6df9fe59311cff55374c3fb3a32981ca26ab426f3663d04e3167e53a537b7589a9fb73679090a205532c132906634334a7e8749793f8c593f3fd6278ce0050383487f3b245067af94881aa1ae968d0caeba5fa5c7be5f4e4b7257518695d89bccdec507b967b4fd64b6893b3ee7803c1d36ea8a02fc426f9afc8e9f24321527ec9844bc3c54a0f7667e034300bbb4fb020f6d5bb954e7b5a3a706a4939db33c154892643476a291d47dc1e6f72ce91d136f11db26b9c9ba736e40df0a15c1a89149996b251dd988b39004e6ef41bdc061db580b7b74de2a651810bd891753b97386d7f8cbdbb6ec386fa2c342f5ef20e6e3a8bb4d5149a7d4de1224dff1d172c87570f776d5ef45959be0938ad79f5d3395cb2721627122887bd7a8983b647797bd41d882641c81431ce8d9b3067adec4cde926c51313f0cf84c5292562dd4908642dd245288484c5568a787d0ced36a352f032da4f7e4de06b11473f650eec65dda99639af2d42d84ee230f4f83623d9c9aaa3b16bda10ddaad25af5c1c10f81c8c51c811a3aa3e3db58a7025e4380e285da474a61ba59173ff042a46a79ab184b070108416f9d6158cf96d0e6db447614a0d9089ebb6aee4ef107be4593d71e79f6798668a740ae4bac5ac7594ecbd5dc82e7d0f9cb: +51b1ad0ffc21497a33dbdb85ea2bc1ce3d0c2d95d9461a390973fee377fc75f4bad0412575d3801301edee6bc0f276e787357b4122f52de981885851884249cb:bad0412575d3801301edee6bc0f276e787357b4122f52de981885851884249cb:7882e86ef3402f6dbc65cce8315b39765faa4b1fc876fad5f8220cb22a7df2e3580eab3a7e8fa7fbb6b59482ca0e364a131396df792a3241a060e44143b6767493c6bf75f187a9643aa11e11eba7b0a80f0a68b9f1b79f75b66cc59d9da77955fd7e8799f99d6eb08f90d318f4efcbfe71159b10a83aa5fd69bb75336f5df296ea060a426c9545df940bc1454efc1f9dc965f1f22d947303fb8ec12407fff6b1dbe47e3421c31764fd90c83ac711d19926e229a064c61fe3676af300a1716fabe4e3842264adb32e0d9c9f5d4a65d0d7b5c3770d737ee13cbed21d7a1da36aaf7ec0f36fcc476f659681e5160a5a1f49e759b9d0fcd4fdb854eccd99172a47d2c4efbe0b3757631df1bae175f0fa74dd048bb6a5fed8430284349da3d67df2a6f7e8269bc79fb2c5d5ed6084e9076f455ab638919046369a446d57fcada7011cc771bf6d874a8e5d23c687747de41dd04bffc717d6128183846eb594b3cb1c1a8aa04f0d7eba53af39cb1d4e6fecf3113bd8422416f4c44037aeee9e0fdc517c48731fd04ee9c99f5dbca3d574509d7baf3288f2c230a02d1703bdb1611cde2a766dac193de167443d20090dc34d29277a86b1e998b245645117e5111f12f14606c55446dd912d3475c19876e19ac536d317876c4b0a2e0f98616129a5683732a42317c5e809dca956b2abb484ada810a15c81cc8562b555da9458f9b44338490230c7404f3d48611f84127e73e277d88c62212d2a3a351fc67665b18d77216230632cbc781288e15cebf3ec33a7205eb22b9abe4cdbc7ddbaaa53640875eb763f522c36cfff2eb23ee586d775286259fa94a44fa7ec015096a2a446b6732b80024267fe3d5d39d1c48509b3ecaa2e24e54de4d61c097b70f753b5af9a6db6f975d25f4f83d06f879e17ef7c509a541444ba3eb6867838090e22dafdbb0eb3b0565be1579ceecded20f544256c7c4ede3b62843c65b0466be6b7e27305b963ca914e3b7d21736118edb3d658d9d76f509db3b9ca2eae28964a4b3b3c384a81a4890ee96fbe934a6f2aec8eeb6cfe59ac9d3bbc1646ba32a1142fee59fed6fb7bbc0498cc27dead413b7b4351ec206343c0ab89fcf87243b1ab450e58ff11a1140a383f196aa3976ce17cf34530f049a1de90e31753cd85e7f1fd5cf20426c9379feb8c31b4bfec35ea5a78953d75c5cf:cfb65b6ff0377cef511fd97b90c3ecb80833f142a7cf5022ced30b3fb7862086d01339b8866a238cb070276e1944b5fe32cc409947cb91deb1432c291b60fb0d7882e86ef3402f6dbc65cce8315b39765faa4b1fc876fad5f8220cb22a7df2e3580eab3a7e8fa7fbb6b59482ca0e364a131396df792a3241a060e44143b6767493c6bf75f187a9643aa11e11eba7b0a80f0a68b9f1b79f75b66cc59d9da77955fd7e8799f99d6eb08f90d318f4efcbfe71159b10a83aa5fd69bb75336f5df296ea060a426c9545df940bc1454efc1f9dc965f1f22d947303fb8ec12407fff6b1dbe47e3421c31764fd90c83ac711d19926e229a064c61fe3676af300a1716fabe4e3842264adb32e0d9c9f5d4a65d0d7b5c3770d737ee13cbed21d7a1da36aaf7ec0f36fcc476f659681e5160a5a1f49e759b9d0fcd4fdb854eccd99172a47d2c4efbe0b3757631df1bae175f0fa74dd048bb6a5fed8430284349da3d67df2a6f7e8269bc79fb2c5d5ed6084e9076f455ab638919046369a446d57fcada7011cc771bf6d874a8e5d23c687747de41dd04bffc717d6128183846eb594b3cb1c1a8aa04f0d7eba53af39cb1d4e6fecf3113bd8422416f4c44037aeee9e0fdc517c48731fd04ee9c99f5dbca3d574509d7baf3288f2c230a02d1703bdb1611cde2a766dac193de167443d20090dc34d29277a86b1e998b245645117e5111f12f14606c55446dd912d3475c19876e19ac536d317876c4b0a2e0f98616129a5683732a42317c5e809dca956b2abb484ada810a15c81cc8562b555da9458f9b44338490230c7404f3d48611f84127e73e277d88c62212d2a3a351fc67665b18d77216230632cbc781288e15cebf3ec33a7205eb22b9abe4cdbc7ddbaaa53640875eb763f522c36cfff2eb23ee586d775286259fa94a44fa7ec015096a2a446b6732b80024267fe3d5d39d1c48509b3ecaa2e24e54de4d61c097b70f753b5af9a6db6f975d25f4f83d06f879e17ef7c509a541444ba3eb6867838090e22dafdbb0eb3b0565be1579ceecded20f544256c7c4ede3b62843c65b0466be6b7e27305b963ca914e3b7d21736118edb3d658d9d76f509db3b9ca2eae28964a4b3b3c384a81a4890ee96fbe934a6f2aec8eeb6cfe59ac9d3bbc1646ba32a1142fee59fed6fb7bbc0498cc27dead413b7b4351ec206343c0ab89fcf87243b1ab450e58ff11a1140a383f196aa3976ce17cf34530f049a1de90e31753cd85e7f1fd5cf20426c9379feb8c31b4bfec35ea5a78953d75c5cf: +fa2f461ce8c7126218c47c91569e8799797c83368fc842b6e1c22fd52aec70bf6b89b23f1e11a75a53f992f6ca5775008c6e9e7e49c0d8510b0e8369b7a20bcc:6b89b23f1e11a75a53f992f6ca5775008c6e9e7e49c0d8510b0e8369b7a20bcc:799b39802a1827e45c4112fee026034c0e598affce2c550c193fee73f1df8c30c8d3873340088ce859de3471e9d057686c829b5408795e08b3dc7aa3b637c7de9d2172ad0333c1bea861a6232f47f05a10bf5df80815a271256e37e808a0e62f1f07d9e10ebb947d3efabf8a28fa9dccd9a1d599f5fd6165508efd679cf356015058bf4b34118f83aa3e5bc2ce19eca84f718398adbc0a5276cf9d8caffc27e3e6abbe345b0e9ecf89c6771b0e75d408ba2fbb90fcfd70c53f2e4d52ba54d9784cf71c349ef6f14ae4970def6efb5f30e984d6016a196deaec7e04b47619c48bf49dc02f7fef3e13b756174e90d05fcbdd5e13f0e434efd5421b091d517900ed0d5785968862b4bfe5093ab67217180d97554ccd9cc31429326cab42f3f8398060c19db488b5d1c80b29090afd1c6bac3642264800211bc278fcb99dae9dbf49daf1b24ab569dcbb87d4d3547335e35db98400cdfce6790682e93600220ec499245fa4ee15d843831b56cc26418025bf87001605c6691ca6bd40a4e248c309801b76a795ede8ad5308bcb6d1754ab3371f0003bb8c4e4e471954e28b1e9866379f82e1fbacb79d50adddad5b9778b558cddbb0038a5ff3d5c9557b965de3a7082c45a8ecf3e7721eb690b6c71f3d8975d5300f67c4dc4a736846e4ccd26f93463d5bc6f46edc488664be9696be12b02dd104d10cc6b1d82e8117811214a6487d17367e395ade2ef6b26a1783a7e2f245213bc03a755df3ee8ef9f1eff972c6919065cb7b756678d4ddfd193eddc0b42e8689613643146d7428ca37bf31bdf14e31867858f39d2323709eb3b7d7f4e397022378424bdee9bcb74e9d5dfd371f4734998fc18df4cdfb4b5c21c2e50f8d6c15bc14bf4fda6ceb9d8082cae432dfc98bfb3ecd16b8d74f830b642b042875e921b054bd1aaa581f60d718df669f56dc2f10d478997722162e83940e61a1b6e42df2a4a3a7cbcdd611ce96cbcfb5a95cc473231ca13c0609d0ce1ae5ddb5466d6d65eefad9daf2a36901bcc945847da1ed6e2e240e848b231b7d0e1acd06543ec93e768e59985d7e96c8c31fcd1210f0964271e21877525cb134bc3536257dbb11d30a3c4f949fb82ae0c31ccdfe41943251e50aa4355392ac309ef60fc17432a2be4bdb2fcb28607cc45a52b60016bb1d2e23972ff2c2a247d725585b1ef2b15f:84f79d9e8f30e5bb6362239714556b04736fa44465cabaad23beaf5a99fc451ad4ae5a18c7f6f964fa41039216018ec5a2accae1075a6bb3a6ecbc1fca02b904799b39802a1827e45c4112fee026034c0e598affce2c550c193fee73f1df8c30c8d3873340088ce859de3471e9d057686c829b5408795e08b3dc7aa3b637c7de9d2172ad0333c1bea861a6232f47f05a10bf5df80815a271256e37e808a0e62f1f07d9e10ebb947d3efabf8a28fa9dccd9a1d599f5fd6165508efd679cf356015058bf4b34118f83aa3e5bc2ce19eca84f718398adbc0a5276cf9d8caffc27e3e6abbe345b0e9ecf89c6771b0e75d408ba2fbb90fcfd70c53f2e4d52ba54d9784cf71c349ef6f14ae4970def6efb5f30e984d6016a196deaec7e04b47619c48bf49dc02f7fef3e13b756174e90d05fcbdd5e13f0e434efd5421b091d517900ed0d5785968862b4bfe5093ab67217180d97554ccd9cc31429326cab42f3f8398060c19db488b5d1c80b29090afd1c6bac3642264800211bc278fcb99dae9dbf49daf1b24ab569dcbb87d4d3547335e35db98400cdfce6790682e93600220ec499245fa4ee15d843831b56cc26418025bf87001605c6691ca6bd40a4e248c309801b76a795ede8ad5308bcb6d1754ab3371f0003bb8c4e4e471954e28b1e9866379f82e1fbacb79d50adddad5b9778b558cddbb0038a5ff3d5c9557b965de3a7082c45a8ecf3e7721eb690b6c71f3d8975d5300f67c4dc4a736846e4ccd26f93463d5bc6f46edc488664be9696be12b02dd104d10cc6b1d82e8117811214a6487d17367e395ade2ef6b26a1783a7e2f245213bc03a755df3ee8ef9f1eff972c6919065cb7b756678d4ddfd193eddc0b42e8689613643146d7428ca37bf31bdf14e31867858f39d2323709eb3b7d7f4e397022378424bdee9bcb74e9d5dfd371f4734998fc18df4cdfb4b5c21c2e50f8d6c15bc14bf4fda6ceb9d8082cae432dfc98bfb3ecd16b8d74f830b642b042875e921b054bd1aaa581f60d718df669f56dc2f10d478997722162e83940e61a1b6e42df2a4a3a7cbcdd611ce96cbcfb5a95cc473231ca13c0609d0ce1ae5ddb5466d6d65eefad9daf2a36901bcc945847da1ed6e2e240e848b231b7d0e1acd06543ec93e768e59985d7e96c8c31fcd1210f0964271e21877525cb134bc3536257dbb11d30a3c4f949fb82ae0c31ccdfe41943251e50aa4355392ac309ef60fc17432a2be4bdb2fcb28607cc45a52b60016bb1d2e23972ff2c2a247d725585b1ef2b15f: +1be2949d51e7208175826213ee6ae3c091172742e88caa02ed0f313ecbe5d910d7bf4748d6dded5b57a2abf797facc560b48563dfd9dcff4be522c717a6cfda9:d7bf4748d6dded5b57a2abf797facc560b48563dfd9dcff4be522c717a6cfda9:045e2b0ec7bb203a49bdcba941e2b73c23c1fe59a17d21a0124ea24b337f92ab9c923a20576b62d5d0f624e7932c115b5474e0a46a4dc9ec51f6a0ce8d54744d1d52093320e39be203f74a0f5dfac52cf0f995c66df2914b68ad871fbe81525ad2d88ac69933a75aea74ace4e36343ddc06d3208f16d805f5dd786b4daaa166748cfeec5714c85c10478b597ac7f6ae2c98891e38fd414aa811b7621d805eb8fcc46cf4d568a8a92587cbbc1aecc12f10d90ac1e01ae986d14fe82951c682ceac8c925fc6654d838ac9353ae2f93f3c88bf7b82cbc43b1e49e5cebfb1949ade4b22e4bcf1b400c0a8fa8a6fe7670f69fc3faecd4805b8c954c01a540d1a1e788436eae073ae956dae3176905a8f0a3c60fd980dab419d41ec06e5273fbb13db9381f89b663ccc4bd753fd90f14a77b3d81c45dd3561cd1fa0e94d234cef9d7859a2ec942bfc18849d7f2ada3a5d657bc193d2e1491682f1665a534b1ac2083b738be8f9e963f5941ed483c6acc82e959b81b8af02f471c08f5f8b12e10e008192898a4450202af731592e74efe2a948e51d06e44de9b956b7bc9a69b6e74687ab206dec4d35b3173fbc438829d5064bfbcf743c1e2d46f628f2e51c626d8e416d7be6e555a249691abb167f1d92f4fa3392fde24e993ce7ff5c1b8e1577a7c0e73025cc6fcd727a82ef0c129e91e5533e021a3cdbb99d54bf7cdcd3ff119154f3fad9242b6ed350d10372c976ff3a437d097867d9bfba91d84bda55a6bcd6e3641b213a218b3041589c55afbb344de6e97d8c35b5c86cf3be063f901ffeea8cc91069967d2346035a91eb5706a3b53f6d1c34d4d2116706b65c298ec57de82abc4003ce8cc5e0b88ff710dda1dcef6f154277106b83eb46c045b082d113b361d6a625808c9130584dfc96707ef8955907baa61cf88c66b6d1f60581119cb6217a852157336178c685e6ed48526ed5c4e3b7967d51f99df6876a1acfb845c571b898656e5e3bc73980b9bed1198866359c9e9b1efa915f810d1ef8ad6cb3fc21fbfe654306de6ca13a3a6a48e7a13ed8746acbd07f48eb00c36374b1eb4f3f01c19e2e8d37e9fc064b33c0d669bba554ddc6821a77b4089cabdcafc97f60e6050bca444ae8cfc44d93c40ef5318bee6f8cf0c067b85cdddc45974a4eacfc3ef51315ba0f3f62968c7003a7ff444612400b159:f41f2ef6595f17660bb2fe93e51fc6fa9c31dadc9db90c3f46607a7fb4800bb75ad96325dc7eab782472b04da6d8e6fe64655dea551fbd5049e876ce5a405f02045e2b0ec7bb203a49bdcba941e2b73c23c1fe59a17d21a0124ea24b337f92ab9c923a20576b62d5d0f624e7932c115b5474e0a46a4dc9ec51f6a0ce8d54744d1d52093320e39be203f74a0f5dfac52cf0f995c66df2914b68ad871fbe81525ad2d88ac69933a75aea74ace4e36343ddc06d3208f16d805f5dd786b4daaa166748cfeec5714c85c10478b597ac7f6ae2c98891e38fd414aa811b7621d805eb8fcc46cf4d568a8a92587cbbc1aecc12f10d90ac1e01ae986d14fe82951c682ceac8c925fc6654d838ac9353ae2f93f3c88bf7b82cbc43b1e49e5cebfb1949ade4b22e4bcf1b400c0a8fa8a6fe7670f69fc3faecd4805b8c954c01a540d1a1e788436eae073ae956dae3176905a8f0a3c60fd980dab419d41ec06e5273fbb13db9381f89b663ccc4bd753fd90f14a77b3d81c45dd3561cd1fa0e94d234cef9d7859a2ec942bfc18849d7f2ada3a5d657bc193d2e1491682f1665a534b1ac2083b738be8f9e963f5941ed483c6acc82e959b81b8af02f471c08f5f8b12e10e008192898a4450202af731592e74efe2a948e51d06e44de9b956b7bc9a69b6e74687ab206dec4d35b3173fbc438829d5064bfbcf743c1e2d46f628f2e51c626d8e416d7be6e555a249691abb167f1d92f4fa3392fde24e993ce7ff5c1b8e1577a7c0e73025cc6fcd727a82ef0c129e91e5533e021a3cdbb99d54bf7cdcd3ff119154f3fad9242b6ed350d10372c976ff3a437d097867d9bfba91d84bda55a6bcd6e3641b213a218b3041589c55afbb344de6e97d8c35b5c86cf3be063f901ffeea8cc91069967d2346035a91eb5706a3b53f6d1c34d4d2116706b65c298ec57de82abc4003ce8cc5e0b88ff710dda1dcef6f154277106b83eb46c045b082d113b361d6a625808c9130584dfc96707ef8955907baa61cf88c66b6d1f60581119cb6217a852157336178c685e6ed48526ed5c4e3b7967d51f99df6876a1acfb845c571b898656e5e3bc73980b9bed1198866359c9e9b1efa915f810d1ef8ad6cb3fc21fbfe654306de6ca13a3a6a48e7a13ed8746acbd07f48eb00c36374b1eb4f3f01c19e2e8d37e9fc064b33c0d669bba554ddc6821a77b4089cabdcafc97f60e6050bca444ae8cfc44d93c40ef5318bee6f8cf0c067b85cdddc45974a4eacfc3ef51315ba0f3f62968c7003a7ff444612400b159: +3b6ba6d5cc9cd6241d8b0097a3722e4d066fea3d560aeab4673e86f1f8ec60268ca6520717cf363c4ceffa76328a0a166ff83e45ca7d191cc8ef6ca6e5243367:8ca6520717cf363c4ceffa76328a0a166ff83e45ca7d191cc8ef6ca6e5243367:36de930cc8e18860836a0c829d89e963a58bdd9c6b6ef5bc61f75992d2075242dca23e28de205a33dfea861fc44a32628e8e7cdd3ed7ff49ea6a7097e0090cfd9ff5ecab1de822fc0a4c3776dd56c1919204516a94cec5638da1d99e52b866f5ec4162a912edb41c1e92edfc353f6705e1c12cd41cb62ded4ad8157940059bfcf50719d3f2ad00848540ce89f3f9afa610ccba5ecc37e3e2c1534fcb38fcd39a2d14d5b5da6fea24e006654e309047a29cad0ae4da8e708f97a18cad5fbdc9ac84400c532ced548886539edd6c541074790ae4502fdfe9f3273a876a218623a25706a1525e67e57a16d22c21b6a45e2384e287ac4452aec4e063056b4c178ab0e5b2a5bad3f463c472c4ea1f9c1a66e5270473a835094e8f0eef680cd7b20d0e70f4d6c958fee08a9360aa6066888f4dd7ce5ec22259fa0b53fe9271c083c6fcdb7283b09061088c52f71bfdd2777ce0801f41a6c4ce90ef131de1e183cb8949ce323c9eb13a4b0cacf99defdfdb68d5ed1f6891b48e21047668d69de8a80f8e5634ded08736a4fb5410cdea9c72596e36df6841f2eea46850c87473c895540205b0921960ffa5d9d8ffb8e29cde96a3ede015acbc26974004d3e438a85b2e3385f64d1814003941ffd363992d3940c6e6d81ff8e45fced6d36ce198d8ccbefee432a77d8fcadd73fb799f6bafefb51a2da798721c3d465b163ef13e6ecc65e603b2893ee4cc9e1c6d1de7a65cab5cbdf536855e288c3ccda8d2fa3ce10cf49358a2ef4ef076e5bfa91bbcf3d966dfa3dc6e712f1956d4e58aa36e712dd3347169b19c8d44bec5bcb730778fcccc589ed5d350d44c17bde2eebb6f5ec59fb240d67d81aea9267f34f15eee2de3f4fa67391479bdbb430f484370fb0e0895b9ae065bbdd43e230c62ac07184e8b06b24b8b97ec02dc6f37ef61641ed56e3f5eb8d2080b5144ef760b518752e19754792e19343a3855e1e2f7a7dc623517eed2f5d26548a68eb8ffd7bf70f78fd186db634928bb98138f2b8fe84481cc53f5aa35e2666c6325e1d2b8ac5e2df2935b7f6413952d10d6076ffc75bb6af63b29b0b9663bec37247b66b508dde41f2f11b84333559dfac73f761bcda84a48d266073aef1638460849e7a17206a25f6800770b914cc026baf9e3255914e13258441cef35ad1d66833e987ebe4431e6a6bb222cbb65af:788c9f4554ddba5c7d64ba759ec45694ec79fb85e82368a074bdd8df344213a56dd09f334cd9acb941be283d98c4b15dcfecd14e93f6a2e3cb0c1aa2dee7d90b36de930cc8e18860836a0c829d89e963a58bdd9c6b6ef5bc61f75992d2075242dca23e28de205a33dfea861fc44a32628e8e7cdd3ed7ff49ea6a7097e0090cfd9ff5ecab1de822fc0a4c3776dd56c1919204516a94cec5638da1d99e52b866f5ec4162a912edb41c1e92edfc353f6705e1c12cd41cb62ded4ad8157940059bfcf50719d3f2ad00848540ce89f3f9afa610ccba5ecc37e3e2c1534fcb38fcd39a2d14d5b5da6fea24e006654e309047a29cad0ae4da8e708f97a18cad5fbdc9ac84400c532ced548886539edd6c541074790ae4502fdfe9f3273a876a218623a25706a1525e67e57a16d22c21b6a45e2384e287ac4452aec4e063056b4c178ab0e5b2a5bad3f463c472c4ea1f9c1a66e5270473a835094e8f0eef680cd7b20d0e70f4d6c958fee08a9360aa6066888f4dd7ce5ec22259fa0b53fe9271c083c6fcdb7283b09061088c52f71bfdd2777ce0801f41a6c4ce90ef131de1e183cb8949ce323c9eb13a4b0cacf99defdfdb68d5ed1f6891b48e21047668d69de8a80f8e5634ded08736a4fb5410cdea9c72596e36df6841f2eea46850c87473c895540205b0921960ffa5d9d8ffb8e29cde96a3ede015acbc26974004d3e438a85b2e3385f64d1814003941ffd363992d3940c6e6d81ff8e45fced6d36ce198d8ccbefee432a77d8fcadd73fb799f6bafefb51a2da798721c3d465b163ef13e6ecc65e603b2893ee4cc9e1c6d1de7a65cab5cbdf536855e288c3ccda8d2fa3ce10cf49358a2ef4ef076e5bfa91bbcf3d966dfa3dc6e712f1956d4e58aa36e712dd3347169b19c8d44bec5bcb730778fcccc589ed5d350d44c17bde2eebb6f5ec59fb240d67d81aea9267f34f15eee2de3f4fa67391479bdbb430f484370fb0e0895b9ae065bbdd43e230c62ac07184e8b06b24b8b97ec02dc6f37ef61641ed56e3f5eb8d2080b5144ef760b518752e19754792e19343a3855e1e2f7a7dc623517eed2f5d26548a68eb8ffd7bf70f78fd186db634928bb98138f2b8fe84481cc53f5aa35e2666c6325e1d2b8ac5e2df2935b7f6413952d10d6076ffc75bb6af63b29b0b9663bec37247b66b508dde41f2f11b84333559dfac73f761bcda84a48d266073aef1638460849e7a17206a25f6800770b914cc026baf9e3255914e13258441cef35ad1d66833e987ebe4431e6a6bb222cbb65af: +dd9987b18f9a922c0f6fea18eb00b896c7a2d3093db3ea31d38421da0de51231573921a955feb6dde41b055c8dacaccd1db7fe9e36b509d3c9e36f9735752324:573921a955feb6dde41b055c8dacaccd1db7fe9e36b509d3c9e36f9735752324:48162fdc3abf7319c6caab60cb8d0520875cb4ee8a07092783167d4733ffe5204e5febe7d291e9536bdea3df0637159a653e09fd99af661d8300ae741a3e91a8bd85ead05dc7d9e6f929323316edc4ca624ea7818b25bdc061f71492fd22d465ab226fd9a10d8babfc074c686c436c24a3a53f8ff389ce9ca1dbc8907445889241f8fda3a7a3f5024fa8cb0d044bdaf6716d983a6d839814ffe70ddc55bbba11ac97887bdb4dada96565bb075d5fc1d3c5244b9fff77de58729a059a911fb3e0eb164fb8429e265685d14a63233046d20ecf289c55723169a9d63dda0d5255153d9ef4a61b9212f4b820697ae7c308cfab403b2c3431906226e45ce21920df5201609daf830f28ad796005a9bd8eba620cf839c3ba227b963c7bd0914822df2ca03c2254d0cb8acae0d59e4c3e0ec215c836969dcd1d49bfe197e2f3eea3fa8a373b558d0fb9063cf1568e739aad8f09fb437cafb5a272375f436064eee11bd903d3aaeab4e3fdcd36bd2076eea179a4f0d4fbc8df42bf2660f08de7d5c6397cae10b7277458aa6cfa01e8a6737eb126227856646691681c106a157a26aed21b1aaf0ed2766421cfc3d1c7ddfb72fcdf4b8b490fc09ace49aedd7712b21ac56f8601f625563c784306f3b9174addf764e051aadfe12831af9669e62cab121c74df343724429d6c26660271c32f40cf7c2d08bd0afcc728def4135d4eb55b6a3e7629d806864a85b36a32b9b21ac0d39680a2ae4ec4189709178e349497f39399fbc78b3c6cfaca6edea7c33dda3cc11e4384f1583d6cfc6b58f4eaa2bc56aba42f738a429b93580850dee3fd253994f8b0fa66ee8e273decabd532095fb04a4a3c340af0e55b57efab43630fc02ef20b425ca2187e3c6c5e10f12d618fd243a224f6501ebeb9d321c6385b8127ef9cdcd097ce7fa021cf40d21c39912343f67acce1825e3a51b8a718e8c340622fff65fe0053d24aa3351b6a2400185d7aeb88e87ac4a1d394909d49414aefc22ba009aff6962c9217d755694e4d6aa8a5d6a803cebb15de8f541634b6fceb0cac79dda8a18eefbb537e70ffe9aa5a6a6aaf9240fac2eacbfbef01ad6bdf50758780f86a4e488985362d5825011f5e8b66425a616b7e104eb23fe8f100cb0249823662bda3da47a4c3c1ca2f914b25b9738534026047df6d7ff631df2c4131f680e13743c9ccf2:3e9f2b007c0e29ec875995a6309b973deb8baf113ded13f1e0003e9b9bf93916a4dfe47937dadfc78aa663c55f674ec35c3846258f18e7bb93fbba3e826a1f0d48162fdc3abf7319c6caab60cb8d0520875cb4ee8a07092783167d4733ffe5204e5febe7d291e9536bdea3df0637159a653e09fd99af661d8300ae741a3e91a8bd85ead05dc7d9e6f929323316edc4ca624ea7818b25bdc061f71492fd22d465ab226fd9a10d8babfc074c686c436c24a3a53f8ff389ce9ca1dbc8907445889241f8fda3a7a3f5024fa8cb0d044bdaf6716d983a6d839814ffe70ddc55bbba11ac97887bdb4dada96565bb075d5fc1d3c5244b9fff77de58729a059a911fb3e0eb164fb8429e265685d14a63233046d20ecf289c55723169a9d63dda0d5255153d9ef4a61b9212f4b820697ae7c308cfab403b2c3431906226e45ce21920df5201609daf830f28ad796005a9bd8eba620cf839c3ba227b963c7bd0914822df2ca03c2254d0cb8acae0d59e4c3e0ec215c836969dcd1d49bfe197e2f3eea3fa8a373b558d0fb9063cf1568e739aad8f09fb437cafb5a272375f436064eee11bd903d3aaeab4e3fdcd36bd2076eea179a4f0d4fbc8df42bf2660f08de7d5c6397cae10b7277458aa6cfa01e8a6737eb126227856646691681c106a157a26aed21b1aaf0ed2766421cfc3d1c7ddfb72fcdf4b8b490fc09ace49aedd7712b21ac56f8601f625563c784306f3b9174addf764e051aadfe12831af9669e62cab121c74df343724429d6c26660271c32f40cf7c2d08bd0afcc728def4135d4eb55b6a3e7629d806864a85b36a32b9b21ac0d39680a2ae4ec4189709178e349497f39399fbc78b3c6cfaca6edea7c33dda3cc11e4384f1583d6cfc6b58f4eaa2bc56aba42f738a429b93580850dee3fd253994f8b0fa66ee8e273decabd532095fb04a4a3c340af0e55b57efab43630fc02ef20b425ca2187e3c6c5e10f12d618fd243a224f6501ebeb9d321c6385b8127ef9cdcd097ce7fa021cf40d21c39912343f67acce1825e3a51b8a718e8c340622fff65fe0053d24aa3351b6a2400185d7aeb88e87ac4a1d394909d49414aefc22ba009aff6962c9217d755694e4d6aa8a5d6a803cebb15de8f541634b6fceb0cac79dda8a18eefbb537e70ffe9aa5a6a6aaf9240fac2eacbfbef01ad6bdf50758780f86a4e488985362d5825011f5e8b66425a616b7e104eb23fe8f100cb0249823662bda3da47a4c3c1ca2f914b25b9738534026047df6d7ff631df2c4131f680e13743c9ccf2: +38d2ef509f93051f145167737c22e1a5bfe8f4a91eba0bb87c39ce04a89baec601115f6d89a5daab54f892bb4a4bda1ce5d8f6c9c88a50cee83bd987a2c0ddf7:01115f6d89a5daab54f892bb4a4bda1ce5d8f6c9c88a50cee83bd987a2c0ddf7:427b5a01e8597f04fd422f0a662d0be2dfa853ed5f9d3f60ff90f2c5ee08bb59fd03d402b754caf54d0058f5a2cf87af4fef2177d59e18226293fd2af376bc987bf7b320b9d1e249ab9efb75078e6d3df29e03504776354344aa69e72e1ebc52a3c38a4c2a1673b4e974a2e4e12a2e78ea3e3fe50c53630d096da3e2fe8299f71a1b441b4cf0caeb937afa4a0e3915ccab3996c9f6a8f4fd37543e8f75900cfd47175370efb852a5f69d673683f998fdcff85ff8f32baa807066604422027d51a435ddf988ed2fd8eb191f10b46807420008756eb4e300c4099c2d6450bcc6a4e7d0673156b837f0506338f3d1b5734b166ca5cc2f24a4ef026cda2c4ae3105b63ca8570d18546cfacb86042966a00ef52c7299019f68a2df08c8b704e85e713c348d7f1677660e18ebab59bf4e12e6ff2d783d8d5d42aab6ef017b7a1966aee8dc14ddabed49b4b643df4e9b0b60383c7d8b4b88c65a898c1c77d43d6bd68b2a5743f1fedd654dc84496da02ceb69b9b4d3a8e00ccd72e7c75fc50a8dd087e183e6c1f579baebc5c63f2807936791b5fe4847cdcf151774235205cd2d7b8bf4ae8819225ea708b7baac66998f0cbab2c7ddf251f3b1de1017d397692205eea639f12d77beef6c13bb12100ff8906470bc7b21298053be1a61b7b3a499edc310996c8bc0871907ca468e89ed311adca2e2b82930975b3efbbfc03cddf4d948c4765e8c10590882169acddb8f8c36d84c2dac3b798e7abf844712fa458d277c24e814047d742319a834dd9f927a2b4485ef13745f7a60dd6bb337936304c97d3f9f144eb29bb695b8dc31b9d84910611d28d581caa9365d6dff52d410a4ad52bd121729fff52888f4daae1707f6f56dac61ffb9961cda7176af4460a6d5542a20446fb5147fce727204cec6899b9a3d4ff6226bb8a1c78e36fcdd9e50c040d72d0f4007d3fa9aa767e4abd0add62fdbccdeff6721eb259e00a721632006bede0d173d38344dea44f96b67d9a2eea1d2af5f748e8ebdb441bfb4e58e2d42fec740566acf73a303358f7d89c8158cf21fe85b0d4a417ebdc86d0469f6b91c24ad610d486dedc218b2ce7a8b96754723151f0d0076fff9f19d112d9c0592fb8d92c99dcb8ddfaa46fbe0d92df46b8c00ca4345adb69a5aca694a86cf30646451bb17ba6e607a912bf109d5fc2d3e27d00d945600a8a57c:dec46253509b11e4b52a6ae4f366b680dffc280d0a044fc0cb790b6e751381461e1e602a89e3b3d3064c407f602f1c22404b6823bd2467549314a00001664a08427b5a01e8597f04fd422f0a662d0be2dfa853ed5f9d3f60ff90f2c5ee08bb59fd03d402b754caf54d0058f5a2cf87af4fef2177d59e18226293fd2af376bc987bf7b320b9d1e249ab9efb75078e6d3df29e03504776354344aa69e72e1ebc52a3c38a4c2a1673b4e974a2e4e12a2e78ea3e3fe50c53630d096da3e2fe8299f71a1b441b4cf0caeb937afa4a0e3915ccab3996c9f6a8f4fd37543e8f75900cfd47175370efb852a5f69d673683f998fdcff85ff8f32baa807066604422027d51a435ddf988ed2fd8eb191f10b46807420008756eb4e300c4099c2d6450bcc6a4e7d0673156b837f0506338f3d1b5734b166ca5cc2f24a4ef026cda2c4ae3105b63ca8570d18546cfacb86042966a00ef52c7299019f68a2df08c8b704e85e713c348d7f1677660e18ebab59bf4e12e6ff2d783d8d5d42aab6ef017b7a1966aee8dc14ddabed49b4b643df4e9b0b60383c7d8b4b88c65a898c1c77d43d6bd68b2a5743f1fedd654dc84496da02ceb69b9b4d3a8e00ccd72e7c75fc50a8dd087e183e6c1f579baebc5c63f2807936791b5fe4847cdcf151774235205cd2d7b8bf4ae8819225ea708b7baac66998f0cbab2c7ddf251f3b1de1017d397692205eea639f12d77beef6c13bb12100ff8906470bc7b21298053be1a61b7b3a499edc310996c8bc0871907ca468e89ed311adca2e2b82930975b3efbbfc03cddf4d948c4765e8c10590882169acddb8f8c36d84c2dac3b798e7abf844712fa458d277c24e814047d742319a834dd9f927a2b4485ef13745f7a60dd6bb337936304c97d3f9f144eb29bb695b8dc31b9d84910611d28d581caa9365d6dff52d410a4ad52bd121729fff52888f4daae1707f6f56dac61ffb9961cda7176af4460a6d5542a20446fb5147fce727204cec6899b9a3d4ff6226bb8a1c78e36fcdd9e50c040d72d0f4007d3fa9aa767e4abd0add62fdbccdeff6721eb259e00a721632006bede0d173d38344dea44f96b67d9a2eea1d2af5f748e8ebdb441bfb4e58e2d42fec740566acf73a303358f7d89c8158cf21fe85b0d4a417ebdc86d0469f6b91c24ad610d486dedc218b2ce7a8b96754723151f0d0076fff9f19d112d9c0592fb8d92c99dcb8ddfaa46fbe0d92df46b8c00ca4345adb69a5aca694a86cf30646451bb17ba6e607a912bf109d5fc2d3e27d00d945600a8a57c: +43bfb3dbe4d9bdaa82b354dd596334e660d76fc0b2eb698993aef3767f1c7c7fd00aeceff0ceb832c251d1fe6bcbeaeacbb4113f5281baba4e878f7b95f93f07:d00aeceff0ceb832c251d1fe6bcbeaeacbb4113f5281baba4e878f7b95f93f07:3f3eeddcaef4e1662adb66bb1b207d793fcbef815005e82643ed70c9855403dac28b520727a901a532d28b9bd1348db2f8967bbb8c9098b07f570a2eae1ee482640c0b67a52a38612133a15e258ede38cda878ff36ed321dff87cc6a01383ba84067d60af41776acf80a8a4eac77f7d87c37a704a3e2aca1e8815e49fbcab797c856529538be07d51696321f69b09b5dc5a15e5f0e4c22d22837f62ee4c8bc7f25a9487b962cc20f133fcb870ed125cca585d181bd39f9dfa661f19be76da7f65f22fbbc80752aeb39e8d59ed96e14f595d04929402b5029c60cee37c0217bc531d80db341dace3cce76e643aac53887473edc6e19cb39fecf6af424a2066393d1c33fc7b93676d7e6105b9bfc967d1e29afdc4cf15bcafa09c295a6f9deee331ab3b0d493126e2b2fffb42a6b68e79e138db550827262e487a83f37f01dd7922be75e92fcf5d9d4803b3ac2f35da210fb38b263b0ffb6c2708d4b55b757af52077a7e3184d01e82f64d32cce4fdee0f8d4e364bcfb958ebbfdbb622b38b51e930271c7b1b70aa9d4bb3aa4b997c52144d3aa62162573a3a1d9ce46cdbeeb8449f1225c449631e8897521cd0f637b721a1252b8a10ab0be870afbcd89d58b2ebb63211950cad7ab82c8195026b50ea8b77b9e90ed559af4484308851a3a156716853a8ac4ecb8c5cc7d935b0f466124143b1177f05d08b97d1ad542ed2c2465af185e7db42b69cb802a71794a3139883029670c956742aaad7907a71d95985fc1d45b65997b4ec6ce8255de959270afa7de90f2929de63f9b17211d7f1ae820ada9ce3e48649179d60b0149493481f01d459db7dad0526b5bd9f4b3380d25ba2c502ba8fa3c4d4131b4662addefb41827f759fa71d447d5f029245f48c622eb7c68c8e71081f7f789de7a283d2eda83a7d1722a05fb72e1760c24040c4d834def5df5f742e02b30451c893bcf7d771db784cbbdaec876d8ac86743b529a292007ac753c99a5799cc324fe5ebb5448ab554b10d4136974a12542d25c6147c67c5d2336c9db75cba2fd608cd43ab95beacd043a1349cefa828e23b5f0b6e0e2951f3353bb92bfd1f0a49c33fb3cf3799a0b543198ad5d03d263c1a06c35a26ade1518491c8c1d27a2db033808932cd1c47b5a126985acb8d888360eeccfeb3bf51b0d189b4190440404d12fba65d0a7a14c620c555f822:a9995523020a0d222bc48f98d05504e3068f304a6d197006cc9c035eeade099e7aa97e90894ead17e8c30b0aa4a98088f038b92244c4b20fde964f8534e8fb033f3eeddcaef4e1662adb66bb1b207d793fcbef815005e82643ed70c9855403dac28b520727a901a532d28b9bd1348db2f8967bbb8c9098b07f570a2eae1ee482640c0b67a52a38612133a15e258ede38cda878ff36ed321dff87cc6a01383ba84067d60af41776acf80a8a4eac77f7d87c37a704a3e2aca1e8815e49fbcab797c856529538be07d51696321f69b09b5dc5a15e5f0e4c22d22837f62ee4c8bc7f25a9487b962cc20f133fcb870ed125cca585d181bd39f9dfa661f19be76da7f65f22fbbc80752aeb39e8d59ed96e14f595d04929402b5029c60cee37c0217bc531d80db341dace3cce76e643aac53887473edc6e19cb39fecf6af424a2066393d1c33fc7b93676d7e6105b9bfc967d1e29afdc4cf15bcafa09c295a6f9deee331ab3b0d493126e2b2fffb42a6b68e79e138db550827262e487a83f37f01dd7922be75e92fcf5d9d4803b3ac2f35da210fb38b263b0ffb6c2708d4b55b757af52077a7e3184d01e82f64d32cce4fdee0f8d4e364bcfb958ebbfdbb622b38b51e930271c7b1b70aa9d4bb3aa4b997c52144d3aa62162573a3a1d9ce46cdbeeb8449f1225c449631e8897521cd0f637b721a1252b8a10ab0be870afbcd89d58b2ebb63211950cad7ab82c8195026b50ea8b77b9e90ed559af4484308851a3a156716853a8ac4ecb8c5cc7d935b0f466124143b1177f05d08b97d1ad542ed2c2465af185e7db42b69cb802a71794a3139883029670c956742aaad7907a71d95985fc1d45b65997b4ec6ce8255de959270afa7de90f2929de63f9b17211d7f1ae820ada9ce3e48649179d60b0149493481f01d459db7dad0526b5bd9f4b3380d25ba2c502ba8fa3c4d4131b4662addefb41827f759fa71d447d5f029245f48c622eb7c68c8e71081f7f789de7a283d2eda83a7d1722a05fb72e1760c24040c4d834def5df5f742e02b30451c893bcf7d771db784cbbdaec876d8ac86743b529a292007ac753c99a5799cc324fe5ebb5448ab554b10d4136974a12542d25c6147c67c5d2336c9db75cba2fd608cd43ab95beacd043a1349cefa828e23b5f0b6e0e2951f3353bb92bfd1f0a49c33fb3cf3799a0b543198ad5d03d263c1a06c35a26ade1518491c8c1d27a2db033808932cd1c47b5a126985acb8d888360eeccfeb3bf51b0d189b4190440404d12fba65d0a7a14c620c555f822: +514e070b0190d18cbe981a5a151e7753398a272bcf014813ad379722c36e133d6fbde0474cc4810effa50a07820c965aa00395ff3a5b3e2edd7d356b7d6aef2b:6fbde0474cc4810effa50a07820c965aa00395ff3a5b3e2edd7d356b7d6aef2b:831455762a5d80097bb2845042f4c876e7108535bed683e8c44619d08154a229444b101e3ed7c01507e870941446af978c0f5341d1ac1dd15b14e8966712df19f52feb5103cf62b6632756446cc754df00a3f6dd719968a2cef66c3adfb7d1fc491fbbf3d59294ab34619e176db0d446151e37eaa3daf172406e983d9d23a6b69e92976030f5ac7040ad5114129feaf97af15b2296fae70492dbbeb2b4827687fb798715c9bb2c32557a81d891b897052900707159751f07db074c77f0719671f1766689029a3cddf39df3483cf2b04f71c25de05fc2d02bb48e539eaf1a321646cd80ef2f0ac703f45e7389530800e5d417ccea8a5c086682f04745d50b5dfc8f6edc87a95c7d202a9cfd998714b746920ebbe2335bca1a0171762016f5e4bda89c57d0edc6910c6d22c8f909da3db1352f0c8bd18f3b5aac25f193b89470f976bc4f1affb3c66bc5876c6fe2ac7508533d97bbcf77119d9aae193f07e0b64b461c9c6c3b9d293bd37de3d8e1ab1e8d872cd94e6cf0eb68439fdcd3b25ce8483460bd8b7cce889fb722b4361e118da983ef4a9e45cebc0c1b8229ea53e6f55505f644e09acaa4c4b8cc640b2cd2b312e1c3a2c02669e1f9c06311c78d360009db9e67c39b49d1e5d770c01d284b0a17a41b4e7ca745d665ec07500e4d9fc8ebc1cc6af53a3fc76b0c3f1431d49843f20e182782c82b3b5aae36fe20ca642618068be233d4b5ef9eaeff401536dc593a2bc18344f55ac5d5fc7b3eb506d11cb375330063c620c5334d723c7d1f042816bc4785b35ac0e6f174f736878b7b491658ca67d8fcab538fc6ecd277ead90d954b460da4253a1c3a30b3d8928f69ac9876a2891969fc2d06a668992b8e2115dfe5358a7124ba7ccf421d8054ea043444cdeb40b716dc7a3659a3ca94347293489060e2cf6712a2a6c7b8ad146785fc40ccb9da287830d011d0d24df3e7afbe972d6f417de5cd75f259ea07cafdde205fc0a365135c232cbd7c1bc539fa4b7e1cce35185237c23f80ae97c186d0d3b10503d5984a20ec41c3cd042c28a4c31f9574b06a872bf959ab0add1f5dee14a1e741ef238dfcdec085aa088dcf39a36dda8f2a85ed0d362ccb005d02e5accc092a376dc11a566170d583db35f1de0be3f15908596e9b781ac81be07b9bd2af46c56fb4d9d84276011e4618b7f76f96794cd0fd57ed414b63:b6c355c958b5baa7ebe977a93fcf539589a366d40160e4e031b88ab96402c7bd577ff635fc07782423598dca43668124a8b287510e2cfd07a1e8f619f6c8540a831455762a5d80097bb2845042f4c876e7108535bed683e8c44619d08154a229444b101e3ed7c01507e870941446af978c0f5341d1ac1dd15b14e8966712df19f52feb5103cf62b6632756446cc754df00a3f6dd719968a2cef66c3adfb7d1fc491fbbf3d59294ab34619e176db0d446151e37eaa3daf172406e983d9d23a6b69e92976030f5ac7040ad5114129feaf97af15b2296fae70492dbbeb2b4827687fb798715c9bb2c32557a81d891b897052900707159751f07db074c77f0719671f1766689029a3cddf39df3483cf2b04f71c25de05fc2d02bb48e539eaf1a321646cd80ef2f0ac703f45e7389530800e5d417ccea8a5c086682f04745d50b5dfc8f6edc87a95c7d202a9cfd998714b746920ebbe2335bca1a0171762016f5e4bda89c57d0edc6910c6d22c8f909da3db1352f0c8bd18f3b5aac25f193b89470f976bc4f1affb3c66bc5876c6fe2ac7508533d97bbcf77119d9aae193f07e0b64b461c9c6c3b9d293bd37de3d8e1ab1e8d872cd94e6cf0eb68439fdcd3b25ce8483460bd8b7cce889fb722b4361e118da983ef4a9e45cebc0c1b8229ea53e6f55505f644e09acaa4c4b8cc640b2cd2b312e1c3a2c02669e1f9c06311c78d360009db9e67c39b49d1e5d770c01d284b0a17a41b4e7ca745d665ec07500e4d9fc8ebc1cc6af53a3fc76b0c3f1431d49843f20e182782c82b3b5aae36fe20ca642618068be233d4b5ef9eaeff401536dc593a2bc18344f55ac5d5fc7b3eb506d11cb375330063c620c5334d723c7d1f042816bc4785b35ac0e6f174f736878b7b491658ca67d8fcab538fc6ecd277ead90d954b460da4253a1c3a30b3d8928f69ac9876a2891969fc2d06a668992b8e2115dfe5358a7124ba7ccf421d8054ea043444cdeb40b716dc7a3659a3ca94347293489060e2cf6712a2a6c7b8ad146785fc40ccb9da287830d011d0d24df3e7afbe972d6f417de5cd75f259ea07cafdde205fc0a365135c232cbd7c1bc539fa4b7e1cce35185237c23f80ae97c186d0d3b10503d5984a20ec41c3cd042c28a4c31f9574b06a872bf959ab0add1f5dee14a1e741ef238dfcdec085aa088dcf39a36dda8f2a85ed0d362ccb005d02e5accc092a376dc11a566170d583db35f1de0be3f15908596e9b781ac81be07b9bd2af46c56fb4d9d84276011e4618b7f76f96794cd0fd57ed414b63: +bc790a7385dd1dddc762e3b20221dc078b6c3da8986d4180940727257cfdcdf1c9264626f68fedb5b39c28f030453b54d0d51a98b17721f2611d7f277ef48b81:c9264626f68fedb5b39c28f030453b54d0d51a98b17721f2611d7f277ef48b81:143dd7bfbff2adc71f5d123d474ea069df14ae923ed9bf8f9891e60bae43f0c9f55537ac9d1ae523ce4ecfd33b20ae445e9c426372050fa5217c1e4fb01353ebf2e32904ef7eefcf72e8023bae06bbb640cf777d5b0e11527bc835493ad6980a157bb2d50be23365e72cbf0b3f209ef0c44a00b41a62262488096cae5a696b4d64cbad34500d41fb4e4bc70f8bf62144d01c2275d6d29f5de75b1721d5046b6829164443ebfd9c1781319d88f54010edc296abbed02b7dad9ba585b552e0005dcca400bf4f459eed7db86ea8612be9e918dfd4e2700c4710083283626fac754417e0087d26ba145dfc45b1c9bf7b4dd70e6c508747ef805c9a02425aebc6421e0deb6a79d89aceeee01ececc9f3ca365383826584c430ebd39ecf0a72866ae0aceca5ad4f0405b67779c04c5de0330614da3470b805d787ce79ac5a696dd6f6b5539b1a651b424cefb19491da6e0889223cc98398b42c00414ff8d6c0627eb97cff20a8cbe7fccb41d810fcfe858ca7475247ef628e84a09d012fe12235b38c1cc9d82e2b69d01d6218cfd48e85f26aeadd195408cdd4c2f806a89041fd0317fb1a7b6209f904270d34e606195047288b0fb11a5722938f67c22b313f7f74b2025c75bcd1ecc5a9add4a640a41f2996eb66e5af196198db58a3fb9938f349f922a24d86f4ed8a96a09a196c24d6d01ed76f3816c05c4f26baca9b9d6dcc79b580dfb75d6c905d480dad76951854bda1caa7f4a819543aed01ae956bf3058fe8b3c7d5d724962f1a6a83143ddad274fda3ad578e98aa967c410ee57575ef01c0258560f0a1fa4b79327796de99420cfd0a415506360f1242ccc58a6880927750dbbff13d7c1b4ed519cda357210f12fb0d1c4d48f0411bd7e058cc4cb93d3c77597e2653ffa282d3c2f128ac33a237af2fcbc9ef9c811f37814ba2b0b85093d0fd18b8c6fb09a43ce52254d23d55f32e1d3242aed1f23d9cf204aa0dfd44a346fe09e55a4a06cf1bef8bbf37ba1f1598a58aef89501ecbac0453543e480ed0adde90c841d95ebd6eb23baa9f70f83c149eab32d0913c79b0993d0e1d3574f0f542e56a20616cfe4a8bd7aaeebe0b083dc2ce0146178c07482a01129bc6fefdc8141c1384894b69cbe2f29da188f7fd4ac341a2df6fd90dee6a446d2746324c75c1ef5b1ace187d3bc16d70559892975d7e47138f0406385ea:6d6bd65f372679fe9d945ff56516333ece0b7a25b15ad2487381670e536f5246775eb39a114db2b9cd50f312b360d9d0bea295dc37b817b332890adb65e4c401143dd7bfbff2adc71f5d123d474ea069df14ae923ed9bf8f9891e60bae43f0c9f55537ac9d1ae523ce4ecfd33b20ae445e9c426372050fa5217c1e4fb01353ebf2e32904ef7eefcf72e8023bae06bbb640cf777d5b0e11527bc835493ad6980a157bb2d50be23365e72cbf0b3f209ef0c44a00b41a62262488096cae5a696b4d64cbad34500d41fb4e4bc70f8bf62144d01c2275d6d29f5de75b1721d5046b6829164443ebfd9c1781319d88f54010edc296abbed02b7dad9ba585b552e0005dcca400bf4f459eed7db86ea8612be9e918dfd4e2700c4710083283626fac754417e0087d26ba145dfc45b1c9bf7b4dd70e6c508747ef805c9a02425aebc6421e0deb6a79d89aceeee01ececc9f3ca365383826584c430ebd39ecf0a72866ae0aceca5ad4f0405b67779c04c5de0330614da3470b805d787ce79ac5a696dd6f6b5539b1a651b424cefb19491da6e0889223cc98398b42c00414ff8d6c0627eb97cff20a8cbe7fccb41d810fcfe858ca7475247ef628e84a09d012fe12235b38c1cc9d82e2b69d01d6218cfd48e85f26aeadd195408cdd4c2f806a89041fd0317fb1a7b6209f904270d34e606195047288b0fb11a5722938f67c22b313f7f74b2025c75bcd1ecc5a9add4a640a41f2996eb66e5af196198db58a3fb9938f349f922a24d86f4ed8a96a09a196c24d6d01ed76f3816c05c4f26baca9b9d6dcc79b580dfb75d6c905d480dad76951854bda1caa7f4a819543aed01ae956bf3058fe8b3c7d5d724962f1a6a83143ddad274fda3ad578e98aa967c410ee57575ef01c0258560f0a1fa4b79327796de99420cfd0a415506360f1242ccc58a6880927750dbbff13d7c1b4ed519cda357210f12fb0d1c4d48f0411bd7e058cc4cb93d3c77597e2653ffa282d3c2f128ac33a237af2fcbc9ef9c811f37814ba2b0b85093d0fd18b8c6fb09a43ce52254d23d55f32e1d3242aed1f23d9cf204aa0dfd44a346fe09e55a4a06cf1bef8bbf37ba1f1598a58aef89501ecbac0453543e480ed0adde90c841d95ebd6eb23baa9f70f83c149eab32d0913c79b0993d0e1d3574f0f542e56a20616cfe4a8bd7aaeebe0b083dc2ce0146178c07482a01129bc6fefdc8141c1384894b69cbe2f29da188f7fd4ac341a2df6fd90dee6a446d2746324c75c1ef5b1ace187d3bc16d70559892975d7e47138f0406385ea: +db3a44df40d255a25cf23f53c45223b7d8f1f1f111ba07406b71e184a8cd06126b12bd9580ae207a9b0baa8287b8bb86669373ee5e5a625ab4a6ef2d08712597:6b12bd9580ae207a9b0baa8287b8bb86669373ee5e5a625ab4a6ef2d08712597:52dd8ba4fffa344d1e0811d9675c313f9cc0e5a138478691989d2b7f7389025068fa35f74f9aeaf1e95665ecf8d5707f75f65f2256eea93398be59c0d538f5e8584bfbb3a240f5016d7927234cb3eac35b391b8b53f20ed8bae0ba11089694bfeade11071656d4cf18ef2d368192e04e08e3024fc1d2fda6312afca68d10c9c336a0e36850be1a4f35b033a85a2a9549f2673a995f2a9ab4bd46c8fd2d838e64f761713427329c9af5e4211a22ab208aaab80e194cd0f6a502b308fed6c583517801a48ed4330e2faddcd41809c3919b30e84db3c68731031e79857dd9f97ffd12547da7066798074151ec88a5fa963b9d9d83ba2fee135833950ef7bc62b3401ea11bb36f25561bc0522bb02d8dad0543f63d547be77d0a4c9bf65d42f3a276144d2e474e2942f3790221e26fbae7ca91efd85921990835fafb6dc674635c9601821038b52711343d1aa25f1c46ba4e3c6e712bac19e53eae30e5246e4f04ddf2acdbb34163c243677690be0bf2e3fa164870b5e6f536b22fb89e5e8e1d87cdb34044977ed2836e544d7ba493dd42a2b649bcf313c5b39a1dbfff3e7f2a59ade87d3e7b258f58e565fdba3e4d92b1edb8bff54dc49d86c53c030cf58b97ef066d241b540530213905739d8e1aa72ed90f685d3958eaa242b0cbf7a2eb976ee96a63e66786464169a742d457e4d9117c7d66428445a46930c28ba7a2658241805ebe72c78e02035d263a211e590b490cdb84415062eed14f13b8a1a9e77c8d7b75515b18fb85386e4a7e053980d30f4899e83863bee875585887c5f48b516ccb731c4bcaa3df07d04795814096c79d7c5fdc4dabf5e26a4ca1838e0e5d87db71309b81ea7ce461e5e44c7ab2f105ad75c543c1e9179c36a5fa555ec922ffed1b76d25801dd74f80cd0a6ba7bc20db0ad580b7bbb9ddcfd93ad1c5f20f3e27c3ea3a1e71eb74ff5f944cd3b98f6d04529593011c4aecef6dcaa60fb18368cb12b6e391b3f5df765cbabff15898c84796fc2b53fa4900dad034a13b0ce1445adda4ef719be741419e231e92f1f667a32842a42db79bd7a014a809c81596e826273d16fe5d40458242ae10e12e60b3489530c6622b5bb44454f29616e47e9a297ce1ca074137fd9ae13e3ee8edbcf78af265459db1af342dc0b2fc809bda015b5a82b2b7c54efe4e5fc252eb13d66e808936f1910f4c48be0ef7a:cc28b5ef4b9773637fae7e5f084b6994aa3598f8f4a65d0bb201d172d861a30149b3338d3c3ab75b32b25595cd8b289630c3376acd10ba2ab26bc1aba900840e52dd8ba4fffa344d1e0811d9675c313f9cc0e5a138478691989d2b7f7389025068fa35f74f9aeaf1e95665ecf8d5707f75f65f2256eea93398be59c0d538f5e8584bfbb3a240f5016d7927234cb3eac35b391b8b53f20ed8bae0ba11089694bfeade11071656d4cf18ef2d368192e04e08e3024fc1d2fda6312afca68d10c9c336a0e36850be1a4f35b033a85a2a9549f2673a995f2a9ab4bd46c8fd2d838e64f761713427329c9af5e4211a22ab208aaab80e194cd0f6a502b308fed6c583517801a48ed4330e2faddcd41809c3919b30e84db3c68731031e79857dd9f97ffd12547da7066798074151ec88a5fa963b9d9d83ba2fee135833950ef7bc62b3401ea11bb36f25561bc0522bb02d8dad0543f63d547be77d0a4c9bf65d42f3a276144d2e474e2942f3790221e26fbae7ca91efd85921990835fafb6dc674635c9601821038b52711343d1aa25f1c46ba4e3c6e712bac19e53eae30e5246e4f04ddf2acdbb34163c243677690be0bf2e3fa164870b5e6f536b22fb89e5e8e1d87cdb34044977ed2836e544d7ba493dd42a2b649bcf313c5b39a1dbfff3e7f2a59ade87d3e7b258f58e565fdba3e4d92b1edb8bff54dc49d86c53c030cf58b97ef066d241b540530213905739d8e1aa72ed90f685d3958eaa242b0cbf7a2eb976ee96a63e66786464169a742d457e4d9117c7d66428445a46930c28ba7a2658241805ebe72c78e02035d263a211e590b490cdb84415062eed14f13b8a1a9e77c8d7b75515b18fb85386e4a7e053980d30f4899e83863bee875585887c5f48b516ccb731c4bcaa3df07d04795814096c79d7c5fdc4dabf5e26a4ca1838e0e5d87db71309b81ea7ce461e5e44c7ab2f105ad75c543c1e9179c36a5fa555ec922ffed1b76d25801dd74f80cd0a6ba7bc20db0ad580b7bbb9ddcfd93ad1c5f20f3e27c3ea3a1e71eb74ff5f944cd3b98f6d04529593011c4aecef6dcaa60fb18368cb12b6e391b3f5df765cbabff15898c84796fc2b53fa4900dad034a13b0ce1445adda4ef719be741419e231e92f1f667a32842a42db79bd7a014a809c81596e826273d16fe5d40458242ae10e12e60b3489530c6622b5bb44454f29616e47e9a297ce1ca074137fd9ae13e3ee8edbcf78af265459db1af342dc0b2fc809bda015b5a82b2b7c54efe4e5fc252eb13d66e808936f1910f4c48be0ef7a: +77964dad52b579b8966753da3186d1c5e9d33d33a4db38bc0d7a1a6c112c13c2fc25125e7829f64234375e52ae9f77ae1013f99df5f9965ad2aa16589596d091:fc25125e7829f64234375e52ae9f77ae1013f99df5f9965ad2aa16589596d091:c339e718a757f3f3bd1babdd2e00aaa5cd7fc9005ee34b6fdc09d71fbd9c9289ab1dd14dba2cad58cb805116777bd80c85966433ad46f9ca6e54f13dd3ca7e56e47fea41e5488a45ad53bc5d657427e1d7938f5519f1b09f5bdd98aae5ac9643ef78eba4934925339a155dc66828571002097a11a5cee7b51a441b756b0ce65b779afe19da6a18efc145f6090ce770de9e0e91f543270a0985eab475293ccfdd3141c4142e4722233b267499447641235d728bd75cd1adc0db142f7331adddf8c5eea3d576405d869915b560f964e3e0003c91f5e96bffbeeec73e51024ef52c55c6dcb54d58203e62f4ddb6e137eb08e1bf1326018afd1a86cab6c841e0661ce0a1a7ae967f24c1a77fc7ca505f72e5f7936e39c6f4837e2595195a69cd676510a7161a4dc5e318f3d4f3ac0af03f8c4ae5bce39324e9738aea49f002d32d16de2317e95a9f32ee604e13db8038b264cfc17aed29c9debf8191de9e0efc951ad6d54867068cf50a269c37a241f85206788d23143177f659cca66cfce03bc0502255337f16b3dad6f79132abf80ff12b6d2281e637eb6c71f76e2633a114565240eed00fabea9ed8de28c83221f8cb485f512d9008bfc74a366d4c2b4ed172d367e0247cb65098c110282e831df8e9bd4fbd5f4dd2b7f2420c23b85a637aa2262c3cb88405f70730c9ab4c9d0f227ee4fa4ef91efe9a59b3e6d843db879f5650059e99f0e4a0386838e6f9876f67d50f89832dda5f30a9cbfd710134f9b5b54627496aa3a43212b07f03db11d3d4f875d41d1f4ac45969ddef69f81a06d2b0c646c9cd931cf2502fef0dd32abbf0951ed303f5284825934397fc22e78698d35ad81d82256bf9e15400a1091623a9826f1e57792367417ef02586d64e650da9ace2f18aa0a126d867cac4b5d4c91bf5209e5359556386f827083eb53e8b4709fffabe92c61d78ffb5daf10274e242a70091f3f9b9d596c1258c9a63384f4b05b028661222181c0fca965f0a2cb56e4b556d6fbff71b64d9b358da31aa37c74ff5962fb8d96a383d049724c19e249c9edbb2a375b23ce3104da0ec58d2635ba03b55423fa2db7eb349a4fc58a1ef540ee9a02c2e703c68d7f8475f434ddd3200db1f06745791a3acc3160dba50a393447ffeef6dc7b98fb06684cc90fd85203d119dcd8199e4d9a89ae3467ae4bb19fb71cf747029c24096f9a50e:3d1b4b4e820d250be2a8fa971e599e1e98977528b2f930189681a93b05e1a706fc80effa94e929bc43921656897388288a9b29271f37a14be014b873c68fc904c339e718a757f3f3bd1babdd2e00aaa5cd7fc9005ee34b6fdc09d71fbd9c9289ab1dd14dba2cad58cb805116777bd80c85966433ad46f9ca6e54f13dd3ca7e56e47fea41e5488a45ad53bc5d657427e1d7938f5519f1b09f5bdd98aae5ac9643ef78eba4934925339a155dc66828571002097a11a5cee7b51a441b756b0ce65b779afe19da6a18efc145f6090ce770de9e0e91f543270a0985eab475293ccfdd3141c4142e4722233b267499447641235d728bd75cd1adc0db142f7331adddf8c5eea3d576405d869915b560f964e3e0003c91f5e96bffbeeec73e51024ef52c55c6dcb54d58203e62f4ddb6e137eb08e1bf1326018afd1a86cab6c841e0661ce0a1a7ae967f24c1a77fc7ca505f72e5f7936e39c6f4837e2595195a69cd676510a7161a4dc5e318f3d4f3ac0af03f8c4ae5bce39324e9738aea49f002d32d16de2317e95a9f32ee604e13db8038b264cfc17aed29c9debf8191de9e0efc951ad6d54867068cf50a269c37a241f85206788d23143177f659cca66cfce03bc0502255337f16b3dad6f79132abf80ff12b6d2281e637eb6c71f76e2633a114565240eed00fabea9ed8de28c83221f8cb485f512d9008bfc74a366d4c2b4ed172d367e0247cb65098c110282e831df8e9bd4fbd5f4dd2b7f2420c23b85a637aa2262c3cb88405f70730c9ab4c9d0f227ee4fa4ef91efe9a59b3e6d843db879f5650059e99f0e4a0386838e6f9876f67d50f89832dda5f30a9cbfd710134f9b5b54627496aa3a43212b07f03db11d3d4f875d41d1f4ac45969ddef69f81a06d2b0c646c9cd931cf2502fef0dd32abbf0951ed303f5284825934397fc22e78698d35ad81d82256bf9e15400a1091623a9826f1e57792367417ef02586d64e650da9ace2f18aa0a126d867cac4b5d4c91bf5209e5359556386f827083eb53e8b4709fffabe92c61d78ffb5daf10274e242a70091f3f9b9d596c1258c9a63384f4b05b028661222181c0fca965f0a2cb56e4b556d6fbff71b64d9b358da31aa37c74ff5962fb8d96a383d049724c19e249c9edbb2a375b23ce3104da0ec58d2635ba03b55423fa2db7eb349a4fc58a1ef540ee9a02c2e703c68d7f8475f434ddd3200db1f06745791a3acc3160dba50a393447ffeef6dc7b98fb06684cc90fd85203d119dcd8199e4d9a89ae3467ae4bb19fb71cf747029c24096f9a50e: +5cafd817a4410ccb27121723ef3207c1731a0861945be962714c0ed95038a1954ea086be43ece1c32d08059bbadc9e9a2b2f4f3fe370f1f5ccd7dbdec0aaf303:4ea086be43ece1c32d08059bbadc9e9a2b2f4f3fe370f1f5ccd7dbdec0aaf303:50b2f05342418046d16a30be4fc62b67daf6c18d2a74242b7cb55ba90ad20b6cafdd60155737c29de48aa5d799fe5495fe59df5a9b8c0a8e5418904763fbad83ea6986651bac31117939cef4e0c79930d52dfd7db43c31addae3cf93e3efc5a916efd0d65fdc30909fa356ccbc5247d7aaa067131b6b4820fd02f8e395f5a9704c9bdd7560a611d62559a8dfe1d2859c52486cc11ed3331992488f417520d920dc73a32d4f08110082500f5a962a306932c6a7802955cedad7abf53b0f19fe4794a31d6b855380284306ccff71a4007859a2328bb19024c43e10d77064d866d9622d142c27354b84ac3b4f8232f7a2f8af6409d5cc757a18ef813dfaf4b9bc040cb006d77f143641aa2036ac7bc928dc96585d9e36c7bc9c564d25f1c2cc0beab9d5f207e84b215f1e7aa6fc328237b79c39923a4e09c7c73dc6b24b1416294d798a4ed5f758336d915a870a7d6b7592b5b88aace2dc5f267bdb491141cbbae2a677407cc0955f961962599304ba0b839671a5c000e920108a05298087e49770aeeeaab3632724cb0fc2285796dc414814fda78a54e67f00a02f77d3ccde1ed9d7b1def14ea1f61910bdf30a1196fc6351b62254d6445e6c90445b16efafe289a2784b92e42b78a4a900c35f55630bbb7762ff9eb7fef7d04c90b9571c4fc760a410dbfc252991d0ba27f2d414fe64eefdff4abc18817c9706c631bfa203821d3b92cb338baaf5d1232b462647954d0902462fb1696e991f07fa9c3dbcf2872960831b4ded92a421cf21b753165ff309efe2ef5438c01270d10c6a03d34f71ebc2dab1da90daa357984d2462bcb35ee3de55c3a55f8b98aec2114f74c84341a64127863c120b5ecad9e329a5756ae4a2555d8492cda835225a8deb3f9c1558f0d425bc172ff7640cc79d97800416fd6294cccc70cd1cf5b6a8e2aa07289bd522bf99dc96c36bfee80e846f5dd746dd4c5003e4bf7d29efeea7508a0161236882c9a82a56aa2c2574669652c630923ab470ddb95d456f7b8e8f07599ba0d1d38bc7f8176e3fdf0209bd6f75d4cc11803afb1856cbc0e91c73730e4fb98f3c948a87d5a7edcc0a6a8ac810ea3eaa6e063cec5f5566cd6dedc537db6d686b8021f6ea825ad7475ec7f1c5dbde45d3ff4b5ee51c0d04f1d74018eb91e5040d01c8b71a4aabbde6094d4afeccb18dfcded73ea75e3b9f8ce167df6209ae:288515fa7259f1eb587fe8a2c403434c46f8d7e75b6d22bb3896566c017d09b698c2c807799c2f65f9cdb4eb58151ccfc48d108061a6b3148432b2bfc1cdab0550b2f05342418046d16a30be4fc62b67daf6c18d2a74242b7cb55ba90ad20b6cafdd60155737c29de48aa5d799fe5495fe59df5a9b8c0a8e5418904763fbad83ea6986651bac31117939cef4e0c79930d52dfd7db43c31addae3cf93e3efc5a916efd0d65fdc30909fa356ccbc5247d7aaa067131b6b4820fd02f8e395f5a9704c9bdd7560a611d62559a8dfe1d2859c52486cc11ed3331992488f417520d920dc73a32d4f08110082500f5a962a306932c6a7802955cedad7abf53b0f19fe4794a31d6b855380284306ccff71a4007859a2328bb19024c43e10d77064d866d9622d142c27354b84ac3b4f8232f7a2f8af6409d5cc757a18ef813dfaf4b9bc040cb006d77f143641aa2036ac7bc928dc96585d9e36c7bc9c564d25f1c2cc0beab9d5f207e84b215f1e7aa6fc328237b79c39923a4e09c7c73dc6b24b1416294d798a4ed5f758336d915a870a7d6b7592b5b88aace2dc5f267bdb491141cbbae2a677407cc0955f961962599304ba0b839671a5c000e920108a05298087e49770aeeeaab3632724cb0fc2285796dc414814fda78a54e67f00a02f77d3ccde1ed9d7b1def14ea1f61910bdf30a1196fc6351b62254d6445e6c90445b16efafe289a2784b92e42b78a4a900c35f55630bbb7762ff9eb7fef7d04c90b9571c4fc760a410dbfc252991d0ba27f2d414fe64eefdff4abc18817c9706c631bfa203821d3b92cb338baaf5d1232b462647954d0902462fb1696e991f07fa9c3dbcf2872960831b4ded92a421cf21b753165ff309efe2ef5438c01270d10c6a03d34f71ebc2dab1da90daa357984d2462bcb35ee3de55c3a55f8b98aec2114f74c84341a64127863c120b5ecad9e329a5756ae4a2555d8492cda835225a8deb3f9c1558f0d425bc172ff7640cc79d97800416fd6294cccc70cd1cf5b6a8e2aa07289bd522bf99dc96c36bfee80e846f5dd746dd4c5003e4bf7d29efeea7508a0161236882c9a82a56aa2c2574669652c630923ab470ddb95d456f7b8e8f07599ba0d1d38bc7f8176e3fdf0209bd6f75d4cc11803afb1856cbc0e91c73730e4fb98f3c948a87d5a7edcc0a6a8ac810ea3eaa6e063cec5f5566cd6dedc537db6d686b8021f6ea825ad7475ec7f1c5dbde45d3ff4b5ee51c0d04f1d74018eb91e5040d01c8b71a4aabbde6094d4afeccb18dfcded73ea75e3b9f8ce167df6209ae: +d5cac85521af781f3d5f66862a04b087d0ccdcac926cfe9e747be8d5c2633f78100dcc53039bf05ea0a9f5888212693d4f9e0e752595bbcd020610e0ae213596:100dcc53039bf05ea0a9f5888212693d4f9e0e752595bbcd020610e0ae213596:d5e7dd594909375a4be08e74825d598d535bf46ec084de52b57391c127eff5224ab2d194dfb26633478d02fbda74d1dc5821f791bf962d8dad9e4ef24224891907b0189cccc8b133d3aa2078926daef2898c19c2e0bfe02041a904b9f04be7cb50aed0d962d1add20b40a88ab7abad626cf4da0a78f9f53685501fdfa58543ddf2ea0eea69e7ba160f8a177a25fc21e8a29c661633e30e523b0ec01b2aeee2d426e4aead457488108fe5f569cf6e2fdb68c28f2b3052823577cd934e7b062c8a3424cd4367fb315b744ca35255d7f1af4edc9bc9d8837123d97903b43df367c7d418c79347ffafe7c7b1724bba34ede8d3568db505983ead47f62b56e3618c11db8ff0bf492ac67597d2f96a6f420ff985341b786ad6ceaedd105d0d1563b2d53543d78e7256725d204e82ed3a2e6a6e83df61fc282a62ca06e62174b55bef40a0bdf8d23d1c330c71441485ee85e70ced121eac607f580678163e4bd75c6709ff3b41de80594b9e2f2aa278fefc21d73ee3f72854b958d9a8f63e3d70f7fead8c3dca8e71bf4b9c2a36f212b32eb3292e635580386559ee1a11df15293a0c21cd7360869846ba5b7ba85c994f5b2f9cc50e5eea8e4b3691d886062a18cfb182f1e8b611fe1bc263159cb8a086787c811bea4812530008c70ca0c47e64eb2fbad5b02727a66f2cdd6dde86f5d2a9645a1e9aa66ee0e15b97f5fd229596ee02e661cab9a54eee1b81f98fe256ed6c54feaaa0ba047eea353344f6e5c62be1e9d5c09a2a699411110c56d1949e90c07b1938ba9555ac1be8511b510218d7cde7e1d74a68afb642f81715fe9e6c96c50381ae5a9df306518785dc4dbc3a64f60f245c564b8029512f381b56ee787703426803c80ab1c311f477b891708b59fa748f32debf54d2413771978c265c9b87114adf25b8337aa93b0e632a5b6eda474bec16328159fbed067b00b87add61965492eccc6fd3461c1000e4037ab1e8ac89a8524f78ae09d308ea6c94ff883732b712eec0ef07718d33c011b9398f8cfea733075af331fb3f97cdc1e8c99f6a10725a68c5c58fdd8b0baa50227f34d73d23905203698eaff626654ce83d865108499be6861f6141bfa6219d7ab8b584519199f880cfa1b26d9194d301711c30fb446d6ea764a4310f70e4b859cf95fd44aaf8c1e240e80a71611dbcf52da58edc320311de388d5d9d769eb59be093:5dc03363414eeac0086fb6feba44217cef4c520db61926df680ca602dc11003ce6afbf3d13c8c5b05273d21415e67c14a2ee5d0b1d5352419ab9b39c003a510cd5e7dd594909375a4be08e74825d598d535bf46ec084de52b57391c127eff5224ab2d194dfb26633478d02fbda74d1dc5821f791bf962d8dad9e4ef24224891907b0189cccc8b133d3aa2078926daef2898c19c2e0bfe02041a904b9f04be7cb50aed0d962d1add20b40a88ab7abad626cf4da0a78f9f53685501fdfa58543ddf2ea0eea69e7ba160f8a177a25fc21e8a29c661633e30e523b0ec01b2aeee2d426e4aead457488108fe5f569cf6e2fdb68c28f2b3052823577cd934e7b062c8a3424cd4367fb315b744ca35255d7f1af4edc9bc9d8837123d97903b43df367c7d418c79347ffafe7c7b1724bba34ede8d3568db505983ead47f62b56e3618c11db8ff0bf492ac67597d2f96a6f420ff985341b786ad6ceaedd105d0d1563b2d53543d78e7256725d204e82ed3a2e6a6e83df61fc282a62ca06e62174b55bef40a0bdf8d23d1c330c71441485ee85e70ced121eac607f580678163e4bd75c6709ff3b41de80594b9e2f2aa278fefc21d73ee3f72854b958d9a8f63e3d70f7fead8c3dca8e71bf4b9c2a36f212b32eb3292e635580386559ee1a11df15293a0c21cd7360869846ba5b7ba85c994f5b2f9cc50e5eea8e4b3691d886062a18cfb182f1e8b611fe1bc263159cb8a086787c811bea4812530008c70ca0c47e64eb2fbad5b02727a66f2cdd6dde86f5d2a9645a1e9aa66ee0e15b97f5fd229596ee02e661cab9a54eee1b81f98fe256ed6c54feaaa0ba047eea353344f6e5c62be1e9d5c09a2a699411110c56d1949e90c07b1938ba9555ac1be8511b510218d7cde7e1d74a68afb642f81715fe9e6c96c50381ae5a9df306518785dc4dbc3a64f60f245c564b8029512f381b56ee787703426803c80ab1c311f477b891708b59fa748f32debf54d2413771978c265c9b87114adf25b8337aa93b0e632a5b6eda474bec16328159fbed067b00b87add61965492eccc6fd3461c1000e4037ab1e8ac89a8524f78ae09d308ea6c94ff883732b712eec0ef07718d33c011b9398f8cfea733075af331fb3f97cdc1e8c99f6a10725a68c5c58fdd8b0baa50227f34d73d23905203698eaff626654ce83d865108499be6861f6141bfa6219d7ab8b584519199f880cfa1b26d9194d301711c30fb446d6ea764a4310f70e4b859cf95fd44aaf8c1e240e80a71611dbcf52da58edc320311de388d5d9d769eb59be093: +159a9eddea5de63403987b5670db6fac98ffe5ec3a6cf01516ee2c70ce3b3be0f61f4a04a5a12ccaecfaf44c1c9c1888475a2c89fb02f26bb81ab5f78f4ce3a8:f61f4a04a5a12ccaecfaf44c1c9c1888475a2c89fb02f26bb81ab5f78f4ce3a8:d195e5900dd3931481bc012e77bf060aaf31cccb0fe1a6c40eaf286a6166a166b1ea37053426284b920c67fee1d4b9d86fb861cc6edd34e10c52233734d9cd92f5dbf433512ed255ac6b26e56f5c664bccb260692cf49d08363ee94e336acc489600a6aa512a040f10ebf18f7d2cbee9cad14c4ff87377a3263419d8297529401f15337a4c4d2325ed7def763a0d479caa408266834da242f3a16b79a45866b9d9d71a4829317674cff7ae6c8c587ba4d4980e818613d3ad82507a7ab032bbf99c5e9b640371bb41b91e965dc31e8c7d4b3bafd49570527faaa87abbf6416c47b1b1b09d3401253126cb246ae45acf5f100bb1f92f11a5c6c937e0588d8b146b3e4d3c7e5bf57484e984fe3afc4772f24ebf894cdb39837fbd469a921a96ac5af5e070f6c9624c588e9d4fe6ddfeed1f8fe20eb9c460ce6ee38bf471dd56dcf2e3ee998b8e7fdcf612e78a2e7c7173c0160982bedecc2c621e5f6611b4ef2102e32e7c29803a7e25fee151243158a76ee5d8c1bb2e7d8c88871ba433c5e541c2602693d90110be795b523a8fadb605d8e3d7e493fe245d9cc5320d32b85d6135a44b1168729414c2ca21560fb4feecdeef0cf7d8e071274e8856c004033e80013c73af7177c3197816a5032d9059b1b6e4152c386192dd54b90f9d308be98ed7d0ca9d12e8aaf6f9d869386aa9dbb01593d37e72f090124d3455298e9b4c9ec3cae73bb8ee41eb63e38c56133efdbaf449b84e1e491e496f1c70a44d069986ba8818422069061bb6ebcb7b2054e63df381ba03c6a7674abd61050d693d41bfe3ca5046c65ffb06a0749809e58d4c93a9ff69ed30950bde1f99216fff299f22f16b07c254c265ae0b12e313163ccdf5036d49055f9a9667b0b71292bc3b6260cb87568fd267170bc940c33329d729c9e32d0f9180b134bff8ae93b1bfebfa3842fef20bc04a297b00a84a0f428d5f42fab86142996d4ad9efabc49852f8812f3bfb5e57539e2186eb8ae229580bc60448acdef5723c881588b53789f05b91e02289223252d753f79813779ace705e04aed15265d3bdf2a2e4b15654770a275854e64cf44390607a45d7bba9af3e1a2e283067fcd6e633aa2d2403bd81f7c792765510b598412f6bda07b2a945b9f6d46ab2f7c320075bc6b60a80daa44af391f4cd562131bbdd407d66f8db1259bd76fa7e4d5264e145546c942dfe9007:0543712cefa29a220d90f81baa4e4cf77ac65208b2d5ce9fd17ce214ad4a937b7fc5c786413b58051cca3bb8b2eb55657d89572bc50ea2e5ecdc555088491603d195e5900dd3931481bc012e77bf060aaf31cccb0fe1a6c40eaf286a6166a166b1ea37053426284b920c67fee1d4b9d86fb861cc6edd34e10c52233734d9cd92f5dbf433512ed255ac6b26e56f5c664bccb260692cf49d08363ee94e336acc489600a6aa512a040f10ebf18f7d2cbee9cad14c4ff87377a3263419d8297529401f15337a4c4d2325ed7def763a0d479caa408266834da242f3a16b79a45866b9d9d71a4829317674cff7ae6c8c587ba4d4980e818613d3ad82507a7ab032bbf99c5e9b640371bb41b91e965dc31e8c7d4b3bafd49570527faaa87abbf6416c47b1b1b09d3401253126cb246ae45acf5f100bb1f92f11a5c6c937e0588d8b146b3e4d3c7e5bf57484e984fe3afc4772f24ebf894cdb39837fbd469a921a96ac5af5e070f6c9624c588e9d4fe6ddfeed1f8fe20eb9c460ce6ee38bf471dd56dcf2e3ee998b8e7fdcf612e78a2e7c7173c0160982bedecc2c621e5f6611b4ef2102e32e7c29803a7e25fee151243158a76ee5d8c1bb2e7d8c88871ba433c5e541c2602693d90110be795b523a8fadb605d8e3d7e493fe245d9cc5320d32b85d6135a44b1168729414c2ca21560fb4feecdeef0cf7d8e071274e8856c004033e80013c73af7177c3197816a5032d9059b1b6e4152c386192dd54b90f9d308be98ed7d0ca9d12e8aaf6f9d869386aa9dbb01593d37e72f090124d3455298e9b4c9ec3cae73bb8ee41eb63e38c56133efdbaf449b84e1e491e496f1c70a44d069986ba8818422069061bb6ebcb7b2054e63df381ba03c6a7674abd61050d693d41bfe3ca5046c65ffb06a0749809e58d4c93a9ff69ed30950bde1f99216fff299f22f16b07c254c265ae0b12e313163ccdf5036d49055f9a9667b0b71292bc3b6260cb87568fd267170bc940c33329d729c9e32d0f9180b134bff8ae93b1bfebfa3842fef20bc04a297b00a84a0f428d5f42fab86142996d4ad9efabc49852f8812f3bfb5e57539e2186eb8ae229580bc60448acdef5723c881588b53789f05b91e02289223252d753f79813779ace705e04aed15265d3bdf2a2e4b15654770a275854e64cf44390607a45d7bba9af3e1a2e283067fcd6e633aa2d2403bd81f7c792765510b598412f6bda07b2a945b9f6d46ab2f7c320075bc6b60a80daa44af391f4cd562131bbdd407d66f8db1259bd76fa7e4d5264e145546c942dfe9007: +eda0feac0f2afe0174491552487f3962171332b822dc3da426f9a5f62bef7b8deff27cb51f4d39c242f323019a1234818ef2e4cd1bdabc0f2d8d213458dc471a:eff27cb51f4d39c242f323019a1234818ef2e4cd1bdabc0f2d8d213458dc471a:901119da4ed181aa9e11170b20626e00abf0b548245e3debf94bf5ed50aeefe942b402cc9948947852dedf2b5304017665749cd47c21fc652ee995679ff931e30e94af98b4a98fd44e849e98470fe0a76ce80c61f83fb4e85ba523ee3fd25db000053b49d0930e3b079e866e153f7d86367f23a4c4abc63b3075461e90e4fd896da0492e27d714941e967f52c93ffaec44803f57877d866eb5f8c5281785aa4826792e3964c66590821eea66752074264018a571f5b013b38e152c95c0248ae6036822a67afc9e02694573152b864c56c2f730a08210f85ec46f984a643d516a15fcfaa84840f512047d110e0718d293955f0158257fba0d78eb7df2f0b77e6eeb76db5e71707310e827361cd4e119740e63922db42c2ceb5ee175d50decc7b749fd2325bce1e6a8f710ffcc1e1c9b33c380e52a64daa9585fabe406d9cf24488fe26f3a495fb0ab50e1e2bad82381aa22431099cc8a569813d79c9d78569c0d95da9aad2bfb57758d52a3752752e023d651c9cb66a412a5c80f6ba54793f7ec87b4c598fed2ce24abd7608708895c46727359ffeca6d6c62e10a678caa718b4cd263292cfef535b9fbe2756b7396d697b3146c551e6aac1f5f1c24be9b67a1e2a2aff745301ba6a212217c53d681681bbb401bf4a43656f5d15cde969c1780099a33237eb19a3b8585d6b5dea2fb577845f25ee2a82ccf4b28502f90fe80b8cdcdf2ccf93c434c0e6aa5d8752a44343c2b18d20fe4004c47038659356f87abed5445034d8e2d3d14768f5ef312cf102a9884683bcc0cd8a71e3ec36fbb6334a1bbaed5d2bf10416d82bd6530475380ab6e2577bbc69cebda75faf02ad827b54518213206fd4cd66f252b234aca9eede7e3eeb815ddcd8d519c5d7f5d9d1fb9ca0fa4467990095fa46220c20a2071dfcaad5f024dae3416f7c492d757488c49a2e4df483bc9b80098e0d5d683facb8c960829dff09b303369d46cb57331ff21791ee25d6be7dec7ebaf1b32479a7f514dc647105c944c36f7dbf0a5b589128dbaaa42171d642f25a981ce1f8379f91690b36af774648d5624c08dbd0a90f708716dfab2024dae865b9c49ab27473826cd4a010bfdb52011d8c7cb3f421ca8ca3cd0486889188e67df00fb8c2a643e7adb2f8279f763e5b9a81b6dfc3f721fc5f6849f66736788cc557c4ebc6fc68d6f6ac77bedda8acb362243bda74e7b2:6cbc7e6f5e12145b01687ad9ca6bf6e47f9417c2cefad3fbd68fd65dd74faa9750cba992de4cebcfcd35808cbb3ff12c8d930799af36efe7976bf2fea79e3e0e901119da4ed181aa9e11170b20626e00abf0b548245e3debf94bf5ed50aeefe942b402cc9948947852dedf2b5304017665749cd47c21fc652ee995679ff931e30e94af98b4a98fd44e849e98470fe0a76ce80c61f83fb4e85ba523ee3fd25db000053b49d0930e3b079e866e153f7d86367f23a4c4abc63b3075461e90e4fd896da0492e27d714941e967f52c93ffaec44803f57877d866eb5f8c5281785aa4826792e3964c66590821eea66752074264018a571f5b013b38e152c95c0248ae6036822a67afc9e02694573152b864c56c2f730a08210f85ec46f984a643d516a15fcfaa84840f512047d110e0718d293955f0158257fba0d78eb7df2f0b77e6eeb76db5e71707310e827361cd4e119740e63922db42c2ceb5ee175d50decc7b749fd2325bce1e6a8f710ffcc1e1c9b33c380e52a64daa9585fabe406d9cf24488fe26f3a495fb0ab50e1e2bad82381aa22431099cc8a569813d79c9d78569c0d95da9aad2bfb57758d52a3752752e023d651c9cb66a412a5c80f6ba54793f7ec87b4c598fed2ce24abd7608708895c46727359ffeca6d6c62e10a678caa718b4cd263292cfef535b9fbe2756b7396d697b3146c551e6aac1f5f1c24be9b67a1e2a2aff745301ba6a212217c53d681681bbb401bf4a43656f5d15cde969c1780099a33237eb19a3b8585d6b5dea2fb577845f25ee2a82ccf4b28502f90fe80b8cdcdf2ccf93c434c0e6aa5d8752a44343c2b18d20fe4004c47038659356f87abed5445034d8e2d3d14768f5ef312cf102a9884683bcc0cd8a71e3ec36fbb6334a1bbaed5d2bf10416d82bd6530475380ab6e2577bbc69cebda75faf02ad827b54518213206fd4cd66f252b234aca9eede7e3eeb815ddcd8d519c5d7f5d9d1fb9ca0fa4467990095fa46220c20a2071dfcaad5f024dae3416f7c492d757488c49a2e4df483bc9b80098e0d5d683facb8c960829dff09b303369d46cb57331ff21791ee25d6be7dec7ebaf1b32479a7f514dc647105c944c36f7dbf0a5b589128dbaaa42171d642f25a981ce1f8379f91690b36af774648d5624c08dbd0a90f708716dfab2024dae865b9c49ab27473826cd4a010bfdb52011d8c7cb3f421ca8ca3cd0486889188e67df00fb8c2a643e7adb2f8279f763e5b9a81b6dfc3f721fc5f6849f66736788cc557c4ebc6fc68d6f6ac77bedda8acb362243bda74e7b2: +ec059fc6be983c27eca93ddcdcb53af7286255da91e2a56a684f641ec2d09d6effc6cb751c70071b65ec2ac6b45fd1d55fe836965f80b3e7c784fc704acbdf69:ffc6cb751c70071b65ec2ac6b45fd1d55fe836965f80b3e7c784fc704acbdf69:d1ac6325a4e690fa79536883d5c20eacb7d964c0178f742c2b23727deb62645af7c81922a0e72e5e30b5839a2ed5e567ec31ce224115b82d2bf251b7393f01b0d03a602bc120ae62af7fbc379dfcf95bbbba984aaba34fe212ac99003328b832c3532d42eee1e1874dc22ad67db6c91dbbfb2b45785dbcd39917d36fb48c1b5d6f38bdda5d28fbba64175575afea46c8ed6757ff30164e0df2e72176e8b6c9db5b5ef390b72f2d4d94e3b66f0d44a7e0f06e89debcdf1363c0e75d50db5bb70190d19f66a39c6f7dba70dfcd4a9fed02c2f1d067e7c788c58fdb3e17a2377ce486ec6582f3ba997bb5f70cd621002956f5131aa3a1617c0cebccd9391de1307c85970a8bc155f519872668450c91488689f53c2c1a7ed53f388cb13a2c3896fe5b7d3a0dc1683f27664c8beaea680c8cc54a90e4c6f99fbf05f2c22df60de9aec80c79b7d66207050667b452d7857f9a8ca723280dac7992e2079267ec3ad911404642c4e326bfb96b43c89434ba4bc78c252f4d4ca8d13a8874c6fc8252ea0b56c6bc786847d4318306e1c652c452585eefd0bd9dd3c148a73ba86eedea945f016713ed7df085d0066689e792dacb2bfc1eb5c824372a26c5e944aa7444ac9773d4a1921e49bdd4f8f6d788c263fee04c7b444c5305edb633e1ffe0ba4ea8da011a62f2bbfef4b895ad3f224c3ba3bff0c95d75750c9bcc66ff8a20b6c24bde7581a7ec3866f8716f781f46dcad45a9ebcb6ed46953368397011735d4b52d00e8db397995dbdb3d4f4254687f04688a268c305b2b1f622cf51b174775bad7f6674adc2e58e05cce865f12d7569c8e9b35bcdf3ccce6330d08ce5340a7c630f27a6c8086b5146b292fcbf50ff6aaaef8848a707b2543c618d17bd976c240bc79d33e004e4953482915e7e6ef94964bdea4e02dd7c2f475235f2b99e43229c9ac3aba0db59ac2da03a9ee4f37dbf247a33e6dfe5be7c7f82584f04a46d49f6621da31b91ac3daa4d68d48a56659b448c0ed365cb4aa0cfd908853df5bbfa88e60e10a5a002c32ab3333f2c39bbf3ee01a4aa60d2d01423e6097dc54305f81a2d93e2f6b4e8b351971cbf2457dc76e1fb89293384798ef28234e9b1a47dedc2336f86b8e13c4aef790f5a11239c747d9d865c9a15adeb071070267e5346256648adc0fa4dbdfd787ca1465fc240a324c3caf2931da41499e275fd4b35f6d08db:a7b88e5abf132824bdde77c5f8df94ab26481f6bee660ea162247082a250d390c71d320ad060d8ef341fb69a483294f0d6de726f0c862fa37ea4bc6dab521509d1ac6325a4e690fa79536883d5c20eacb7d964c0178f742c2b23727deb62645af7c81922a0e72e5e30b5839a2ed5e567ec31ce224115b82d2bf251b7393f01b0d03a602bc120ae62af7fbc379dfcf95bbbba984aaba34fe212ac99003328b832c3532d42eee1e1874dc22ad67db6c91dbbfb2b45785dbcd39917d36fb48c1b5d6f38bdda5d28fbba64175575afea46c8ed6757ff30164e0df2e72176e8b6c9db5b5ef390b72f2d4d94e3b66f0d44a7e0f06e89debcdf1363c0e75d50db5bb70190d19f66a39c6f7dba70dfcd4a9fed02c2f1d067e7c788c58fdb3e17a2377ce486ec6582f3ba997bb5f70cd621002956f5131aa3a1617c0cebccd9391de1307c85970a8bc155f519872668450c91488689f53c2c1a7ed53f388cb13a2c3896fe5b7d3a0dc1683f27664c8beaea680c8cc54a90e4c6f99fbf05f2c22df60de9aec80c79b7d66207050667b452d7857f9a8ca723280dac7992e2079267ec3ad911404642c4e326bfb96b43c89434ba4bc78c252f4d4ca8d13a8874c6fc8252ea0b56c6bc786847d4318306e1c652c452585eefd0bd9dd3c148a73ba86eedea945f016713ed7df085d0066689e792dacb2bfc1eb5c824372a26c5e944aa7444ac9773d4a1921e49bdd4f8f6d788c263fee04c7b444c5305edb633e1ffe0ba4ea8da011a62f2bbfef4b895ad3f224c3ba3bff0c95d75750c9bcc66ff8a20b6c24bde7581a7ec3866f8716f781f46dcad45a9ebcb6ed46953368397011735d4b52d00e8db397995dbdb3d4f4254687f04688a268c305b2b1f622cf51b174775bad7f6674adc2e58e05cce865f12d7569c8e9b35bcdf3ccce6330d08ce5340a7c630f27a6c8086b5146b292fcbf50ff6aaaef8848a707b2543c618d17bd976c240bc79d33e004e4953482915e7e6ef94964bdea4e02dd7c2f475235f2b99e43229c9ac3aba0db59ac2da03a9ee4f37dbf247a33e6dfe5be7c7f82584f04a46d49f6621da31b91ac3daa4d68d48a56659b448c0ed365cb4aa0cfd908853df5bbfa88e60e10a5a002c32ab3333f2c39bbf3ee01a4aa60d2d01423e6097dc54305f81a2d93e2f6b4e8b351971cbf2457dc76e1fb89293384798ef28234e9b1a47dedc2336f86b8e13c4aef790f5a11239c747d9d865c9a15adeb071070267e5346256648adc0fa4dbdfd787ca1465fc240a324c3caf2931da41499e275fd4b35f6d08db: +f16abdbcc0bcc61a1aee3abd8767ab52e5f79999bb77a3976cbc82670dfd2f7310f451719db0fd21376e228a41c3035c8c2bc42e5aaa926fe608878dbb0dc7ab:10f451719db0fd21376e228a41c3035c8c2bc42e5aaa926fe608878dbb0dc7ab:bfacd7dd4eea467dcce404f4a3520a45b94ebaa622197d02d61529d2b3bf273c4ee1fb95a180c8f87de190a2e5ea70b84ae1eb6fd4447d8a3a8ded10f6ede24f0eb92bd30bc65d4871e8f5da08cbe8cd3c0ac64fd5a57a6b064a89d5159b42f8b3e5a1838c9cb19d88106c0773a275cd2a1d609930bf6b30aeca62b97e319bbfa934f4d0a1e6ac80baebcba2d8ea4bed9ca8562b4acb56979bf885324ac40ab4a50bfb9f349049fc75a0e03de4cc43eae3c6a6cffb5f6ae6c94504415e6c7ed3045a932f47fd20b9f3483a77b6d449d8dfd4a638dbf56f03f0f031879059b2fb49767943f46b3872e2de567d5fef80b02925e9863e0f1d31a80f4e6451c325694b80cf1f1918c6e498878edc47c4530cac466f1a294d55df09af4fdc8072adb1bf26ca8c92f912a2b9febc8b97b58c1e9d32c780323052972b6fbd53304c05193caeb67c5bd3e67479725d297dffb06890abf8cd9e42458e168a6118f905b1d53486016f85dcd98dd339e3460533d0b8a49fae6dc1a071725e6ae5f294479ee3bdcaeb74061841fb2608e88a49fd0f3895b18f85b90f7241dd1387710053faa62bae75e9ae39369c1c02de5d19242efa16e11d44a4ba5778ce7722a91cec0bc0a08c069bdfa130d1c6c4b56c6e93542403ccf27684def57def26df86ced571282dc960974618f0a74a0cde35b653cc6e7730431b825ffb9b8aaab3c7a397c992bc2fa23270fb11ee431afd5f9a644483011173993f19485dd3cbdd187bd3d995ebf0031b1b0de4a8de9c14eb6f780e36b8925756b97906a1969d85e967d880e6e7dda42fd3c30019f11d7081071eee6626422836bbed27d46dd0df1feb6610dc859f513c0bc653d70220fe048d2e97c2e06af530e11bdc7029bccc5c92edecef5e4a2e0be2d251f4415dca3e55b3a850f2630b879e4e036ce8633bf20920b68094215929accc7be40c5778bc554e6edd7e54c9e145b2ee07b65d061c11de0e83f381ce4f57c6483f51069363511074c7a577353b45c6eb71199dce5059fd2c4611b054238aaadf2b6ba534bfffc2722ae3e31ff79ae2ebca99cc3507f8a033cf4fea70c52f7db5de442b42b8d41e99012e42ca0e85a9fb6d4f165b330de6383c5726efca2fe971340002f562dc6cb8f2faf0665725e097799d096091864d66a950a5790953ee16b9ea582009218708c4accd81381358a2c689a041d02d786121:33d805290869b8e04ff089faa2d1fab83743bada68ade5b38ae5f0cc58c3374eba43943c1f5110678eb39b4658611822a26d35ffe19e9cfcb9ba9589e4ec3105bfacd7dd4eea467dcce404f4a3520a45b94ebaa622197d02d61529d2b3bf273c4ee1fb95a180c8f87de190a2e5ea70b84ae1eb6fd4447d8a3a8ded10f6ede24f0eb92bd30bc65d4871e8f5da08cbe8cd3c0ac64fd5a57a6b064a89d5159b42f8b3e5a1838c9cb19d88106c0773a275cd2a1d609930bf6b30aeca62b97e319bbfa934f4d0a1e6ac80baebcba2d8ea4bed9ca8562b4acb56979bf885324ac40ab4a50bfb9f349049fc75a0e03de4cc43eae3c6a6cffb5f6ae6c94504415e6c7ed3045a932f47fd20b9f3483a77b6d449d8dfd4a638dbf56f03f0f031879059b2fb49767943f46b3872e2de567d5fef80b02925e9863e0f1d31a80f4e6451c325694b80cf1f1918c6e498878edc47c4530cac466f1a294d55df09af4fdc8072adb1bf26ca8c92f912a2b9febc8b97b58c1e9d32c780323052972b6fbd53304c05193caeb67c5bd3e67479725d297dffb06890abf8cd9e42458e168a6118f905b1d53486016f85dcd98dd339e3460533d0b8a49fae6dc1a071725e6ae5f294479ee3bdcaeb74061841fb2608e88a49fd0f3895b18f85b90f7241dd1387710053faa62bae75e9ae39369c1c02de5d19242efa16e11d44a4ba5778ce7722a91cec0bc0a08c069bdfa130d1c6c4b56c6e93542403ccf27684def57def26df86ced571282dc960974618f0a74a0cde35b653cc6e7730431b825ffb9b8aaab3c7a397c992bc2fa23270fb11ee431afd5f9a644483011173993f19485dd3cbdd187bd3d995ebf0031b1b0de4a8de9c14eb6f780e36b8925756b97906a1969d85e967d880e6e7dda42fd3c30019f11d7081071eee6626422836bbed27d46dd0df1feb6610dc859f513c0bc653d70220fe048d2e97c2e06af530e11bdc7029bccc5c92edecef5e4a2e0be2d251f4415dca3e55b3a850f2630b879e4e036ce8633bf20920b68094215929accc7be40c5778bc554e6edd7e54c9e145b2ee07b65d061c11de0e83f381ce4f57c6483f51069363511074c7a577353b45c6eb71199dce5059fd2c4611b054238aaadf2b6ba534bfffc2722ae3e31ff79ae2ebca99cc3507f8a033cf4fea70c52f7db5de442b42b8d41e99012e42ca0e85a9fb6d4f165b330de6383c5726efca2fe971340002f562dc6cb8f2faf0665725e097799d096091864d66a950a5790953ee16b9ea582009218708c4accd81381358a2c689a041d02d786121: +be79d1aeea86e86f398137e62ffd79e50eff9f313f25192f89e52f0b4bbd5d32187dac855ca442fd9a3ddc3289c24eb2d26f7a40fb29d8e74431b25022c3a0cc:187dac855ca442fd9a3ddc3289c24eb2d26f7a40fb29d8e74431b25022c3a0cc:6d632a7d3c9be53649d0d1a5eedf519a413b13ac64e9ad854dfa04f2e17329d822be573d9e35ac066f022213a344620bba289f5331695584d1343e815405aeabe3861d63b3a5b92b8cd8eeed2280222abde30a1bccd3f3e411aab922fa1baa097aa5c780d0eaef94ea10fe21f7d639b76d4788aeb5924a9d262dcbc5688a3e43544bec088ca2e0d06d77a71fb641d55226614452b1e0807a9fcd3ca69bf7f25d8041470ceb7b21ead03ec037a1629bd500aa233b59be44978210b6a366f223acfa0797954007b00efb4ffadb5fc92bdb37863e502d7d70681039edf33770df3d1de343dc35f226d5e73944ba0255e2a88ef6c41e472b214567c249594a50878b6731c1aeb5b10fa91fa76a37e1f9f1c00fdbfe3485ded54a009ab6133927115668b59f5115508da9370f6bc92a1185c0d5ca01d291e18c54acfaca738bd71968a342a0cba62e4bb104a5bb379fc83ee1820d1db980253d6cb383e95af15f53c85d175890dde5e4ed03d2d0135e3d60b18293f5b5641ef83c6ece3d52598fc6353686e6f7b09fdec1f6f153672d34b489b48a0db9e42ceda71755481c047016c22534e90c6d201ed7859602636ea77ae8c6734b7c4c5bd99579c508731c7246a29586e406e1d932f6713071d4bea63dc5e2a3761e16024d2c3284f709a1f2ba085ead3200c7046275cb96b61a60b5ac559bc488bd106467c3de50bf5d740d05c9cd701d65b7daea29e64dd5a97adb6b5c82cf7f23017aa7ca1ac9a39e5827eb47e20d359b67c7d4e1a8e3e27c52d33d9303a592623484d797b402cbb458d1ac2ea53e1c4f7abb70cc029554a234574def9bc3b0d3835dc314902e25abb22dfdeddc679a3cc8f07340b15f5762f4407f380342554ed0c62f73b61816ea8c529461e1bf0e9d1c2d5e4c5746336bc0e132873cde0dc2158b54fa1b678a006b4d95eda8a955714273b7cc5cf2add9094d46e49abc096a45f418e2edbe99dd852911688064df7cf061d07aeef42795690f48c9ba19565475d5468a9ef45d7bf75fd71182dd6e640138f182a6a0c6cbbd00c495c4389530ac8e67960eb5c5763f5484eab1c1ab850140da042ba47ed8528800d41787f075fe0d85501a7ab76635d03410d286c0e17db4023a76397468ccb091cc5ac1f6434587913eab922b50ca5567016ddea32fb53255be67f2dcf9ffa85d117f1a655fa70dd3a54cf991531f19130eaa:6dab593bb1d448c974a65c6a0b6fad22b4732632d00489176ef126aa590109e0a723a113107b53e17d690a0d40b0fa336cc87fd5fce8f541accec67f7d1ebc066d632a7d3c9be53649d0d1a5eedf519a413b13ac64e9ad854dfa04f2e17329d822be573d9e35ac066f022213a344620bba289f5331695584d1343e815405aeabe3861d63b3a5b92b8cd8eeed2280222abde30a1bccd3f3e411aab922fa1baa097aa5c780d0eaef94ea10fe21f7d639b76d4788aeb5924a9d262dcbc5688a3e43544bec088ca2e0d06d77a71fb641d55226614452b1e0807a9fcd3ca69bf7f25d8041470ceb7b21ead03ec037a1629bd500aa233b59be44978210b6a366f223acfa0797954007b00efb4ffadb5fc92bdb37863e502d7d70681039edf33770df3d1de343dc35f226d5e73944ba0255e2a88ef6c41e472b214567c249594a50878b6731c1aeb5b10fa91fa76a37e1f9f1c00fdbfe3485ded54a009ab6133927115668b59f5115508da9370f6bc92a1185c0d5ca01d291e18c54acfaca738bd71968a342a0cba62e4bb104a5bb379fc83ee1820d1db980253d6cb383e95af15f53c85d175890dde5e4ed03d2d0135e3d60b18293f5b5641ef83c6ece3d52598fc6353686e6f7b09fdec1f6f153672d34b489b48a0db9e42ceda71755481c047016c22534e90c6d201ed7859602636ea77ae8c6734b7c4c5bd99579c508731c7246a29586e406e1d932f6713071d4bea63dc5e2a3761e16024d2c3284f709a1f2ba085ead3200c7046275cb96b61a60b5ac559bc488bd106467c3de50bf5d740d05c9cd701d65b7daea29e64dd5a97adb6b5c82cf7f23017aa7ca1ac9a39e5827eb47e20d359b67c7d4e1a8e3e27c52d33d9303a592623484d797b402cbb458d1ac2ea53e1c4f7abb70cc029554a234574def9bc3b0d3835dc314902e25abb22dfdeddc679a3cc8f07340b15f5762f4407f380342554ed0c62f73b61816ea8c529461e1bf0e9d1c2d5e4c5746336bc0e132873cde0dc2158b54fa1b678a006b4d95eda8a955714273b7cc5cf2add9094d46e49abc096a45f418e2edbe99dd852911688064df7cf061d07aeef42795690f48c9ba19565475d5468a9ef45d7bf75fd71182dd6e640138f182a6a0c6cbbd00c495c4389530ac8e67960eb5c5763f5484eab1c1ab850140da042ba47ed8528800d41787f075fe0d85501a7ab76635d03410d286c0e17db4023a76397468ccb091cc5ac1f6434587913eab922b50ca5567016ddea32fb53255be67f2dcf9ffa85d117f1a655fa70dd3a54cf991531f19130eaa: +269952172c3fa976defbf40bd6edd8f15cfd4be10c758e3741d74162d8ea229a4aea57c721e3dcca8239e9ad9b22c19bab8df72c88793b24d8dc47cf9740fcf8:4aea57c721e3dcca8239e9ad9b22c19bab8df72c88793b24d8dc47cf9740fcf8:7ccb6a0570c533737b9a534a341a7a96dc76528b997a9b48e6e0fde10f474b27ec989912d176cab742d89a848b3666e9277d695b022fd53a9eb89e88c720399e24ed25db9eb35d6da009e9f024ef8e655165bdef1c0d797c74f019cd591a0442a12d1ca893836ca2628b33e854f3428eec4aa5ed84f4bdd2eef8b6d225caf9496df9edffd735ea54db1bdea883ad5d47eb0bd4a6653f0ab037f040a41517a7741f91e82fdb6fda04f0dfa1bcf8b9b37bf2bfbd87327a636f907fdf968d0189d1a11809c4230ba69d5cbd84f561bcac3ad002e558c5b9b097a01902f29ce3f1ec264153d668c78b845105b9cd2ef3c943531b75aa428f179e4b3418b1d5a4aa7ab1203efa495c8769628eb1063a937b73e4b5cd0cda33dab01a50c64febd975c57a1e841508e8606094d0824fdd96cc6cfa18fa8209b30f0a2a78eac9a767176f573e78c068809b199a69ac6d335d7c920999c40cbad87cf4cc7ca5c644291d75ad7a74bc1e6392d1ce311ecfd2ebc916e39eb6aa3e7d89fb805a27a55f178912b157bc01a055f67aefa78e55c806cbd9c01baf8ef92cad2260b4bb14cfe61782dee5c59972506941c462a4da7eb899531cf996bc98ba3629effe6fcd1706d1b4ee4f2a14e921bd408f30e12e73fb7aa860536b03e77ca937823281a16453fe827935943201e6ec143a67eefa4f94e9abf94f7e3d41b70a82be69ded8a53060c2305f42f62fe6a2f704b67a1e8fddc7d98ba7f3457119b311d449663ed9e320d618dc2368d4950875b9c38c5d8c03104e2e32c4325dedd2bc267e2accb0112018e9c5a8007ccab2f6d7c737792002acb730d72e9f730829ebc42ca564c1d9271bf1869c4d35835589b7431ef7a31a070060fe4a089fb11f2dd3dce65ae0fb45bc3a2860917d933ba2d090569ef5ed43bc2532db879e0f1f225eadcbef1c03d9ed78299e233e4cf07b064a7baac34c5a0c19fc3a5542089f70167be2f85b4a10e778525223be8ffd5cff9648b1005a098b4b3924398fb0bcabcc6edf30c061ece7aea35fe98a9203f8711369530feb5e67bb2d4f59d9c8bc993854dd4747cde399bd0e63740c1cc839ad0f098a38a80beadd648e1436deee60e931e68f52979ce49f301fe39afbb615352091c8b6585fe88447ed6e59a020b2bbe66a9423ae5228c203bfd4847b5181e2c3b4dad83a6d4fa76985eef76adde3b34edbdd28d6a0b4a4ee:3ac80d1e8f68b4058c3a04dad7187373959f26a27002496f8afaaccd8bea0901c54cab87b2a2302e1f3625c2b06c7ebcf3ce96de3afdf00f5194a35e0552c70e7ccb6a0570c533737b9a534a341a7a96dc76528b997a9b48e6e0fde10f474b27ec989912d176cab742d89a848b3666e9277d695b022fd53a9eb89e88c720399e24ed25db9eb35d6da009e9f024ef8e655165bdef1c0d797c74f019cd591a0442a12d1ca893836ca2628b33e854f3428eec4aa5ed84f4bdd2eef8b6d225caf9496df9edffd735ea54db1bdea883ad5d47eb0bd4a6653f0ab037f040a41517a7741f91e82fdb6fda04f0dfa1bcf8b9b37bf2bfbd87327a636f907fdf968d0189d1a11809c4230ba69d5cbd84f561bcac3ad002e558c5b9b097a01902f29ce3f1ec264153d668c78b845105b9cd2ef3c943531b75aa428f179e4b3418b1d5a4aa7ab1203efa495c8769628eb1063a937b73e4b5cd0cda33dab01a50c64febd975c57a1e841508e8606094d0824fdd96cc6cfa18fa8209b30f0a2a78eac9a767176f573e78c068809b199a69ac6d335d7c920999c40cbad87cf4cc7ca5c644291d75ad7a74bc1e6392d1ce311ecfd2ebc916e39eb6aa3e7d89fb805a27a55f178912b157bc01a055f67aefa78e55c806cbd9c01baf8ef92cad2260b4bb14cfe61782dee5c59972506941c462a4da7eb899531cf996bc98ba3629effe6fcd1706d1b4ee4f2a14e921bd408f30e12e73fb7aa860536b03e77ca937823281a16453fe827935943201e6ec143a67eefa4f94e9abf94f7e3d41b70a82be69ded8a53060c2305f42f62fe6a2f704b67a1e8fddc7d98ba7f3457119b311d449663ed9e320d618dc2368d4950875b9c38c5d8c03104e2e32c4325dedd2bc267e2accb0112018e9c5a8007ccab2f6d7c737792002acb730d72e9f730829ebc42ca564c1d9271bf1869c4d35835589b7431ef7a31a070060fe4a089fb11f2dd3dce65ae0fb45bc3a2860917d933ba2d090569ef5ed43bc2532db879e0f1f225eadcbef1c03d9ed78299e233e4cf07b064a7baac34c5a0c19fc3a5542089f70167be2f85b4a10e778525223be8ffd5cff9648b1005a098b4b3924398fb0bcabcc6edf30c061ece7aea35fe98a9203f8711369530feb5e67bb2d4f59d9c8bc993854dd4747cde399bd0e63740c1cc839ad0f098a38a80beadd648e1436deee60e931e68f52979ce49f301fe39afbb615352091c8b6585fe88447ed6e59a020b2bbe66a9423ae5228c203bfd4847b5181e2c3b4dad83a6d4fa76985eef76adde3b34edbdd28d6a0b4a4ee: +cc3138e502a5ff6f80d246366e84d65c59f12d4f496397e6eb99b5267b8cbe2a9e2d3e88af7b52ddcf00e6d0c7759c1238b8fb3eb14421fe82c34833437835bd:9e2d3e88af7b52ddcf00e6d0c7759c1238b8fb3eb14421fe82c34833437835bd:585ecf2f09eb923df20a8555642a2bc0b68c6a5fcfd6b8401c4a0cbabb4c6e6a206762b7a39f2c5455d7808ebfbed56d6760a431c7d20c2dc6ef1b73caa3c49488e30b1ca2520ad20b26a19700780e5ef3ce0144388d8407b6a70c1cda37db7f12091d892f2e91ad4078bb4db1762e46285a7b664b2ad3a34d26d8a94d64587a84527722ea83cb8aa88984e1489743b4214ea6041aa18e55200954efc7edb319df947efbfc6c8d0fea48a131613465d8f4c49498f2269145c6dae50478052598e1ca3be0e33611571fa384771eee402cc2b1d84836c8f1ad28f2ad23dee9ff1d7e1f2521635874115def4d93e89be76180bc55f761144360a8b222892d64d157ccb5d8f4855dca56701495a0e1002d340a4a46156b9b7fe06b7c0759e0b6df559b691ede78b55af64e7c8dd908b788dd6ba35a902c81dceb3788b615de225afa58a81181ab24a73705ee838b6e863fe1bcc26c1b943239230c27c6b397b23d13de6a02c97f3645da91d413f916473b018a61594b6f51cea44457da1e3dbbba6de16866657e92ef0202718a84ad0333e8336b052b004733e8e95ec13e5f91b3806a98d3db729fb735b8147c4a982a2d5b4efae9c09d0a9bf891cbbc3c8f531e76e4044ec91f4d7c5cf77310e2b2cde2e07ccf3e0a19dd6ae1b3fcb2df42186e9c72922d2d4ce51b306e81b16cfcf8f00d513fbd2c5239b45afc654f6fe21acb7e8a0c9aa87b0b605074df9576a6ddd900aca567617cb79656b3b5ecb9ff68b2f6241ed0d024ac27aa6eb486b69fdc0a0db92096abf86002dec7afd847a006a3f6955b49569053be9f1d0a49b793a5411e5916f418ecab953243553b66e6badc4e909be0ef5cc7c6d27199ec3f21423bc45773fb40b97b61185b57080e8f0b89a3ea57c8444ab27ecf7006a766047eeff54d8556cfed23def1da2cc8aebb48c94e779e8203ae2c902b51de0ede0456fb73fb4d5f514a4cebc47fec3f948469a545c6bc57b4138db34e7cc006de26ef507b54d28147567a8c29ac1ecef5bb84fb99aceb23a20294d74a85ae36b33450668a5c2609d3a93934586ff90c3b6d27329eeef3a754e9a9cbd5617ef3b09397bdc971370766589a12d890050d1651458b3fc533c843bffdf9754d932c4ed7611d4d27c32a087555b5eaa37ae90c4979ef54299c420ab5e29ae2845d4dcf2178920a865175fb9cc0e6b8c524b1ee495805d517bfe0:a2700e3895ed0cc2aaf012a40bc7bd0bd29dd79c69c0b4a6edd0530cf3e267c0f82dd84edaf1744dc411d62c0028715258822d7b63d39705612b3fad4b5efb04585ecf2f09eb923df20a8555642a2bc0b68c6a5fcfd6b8401c4a0cbabb4c6e6a206762b7a39f2c5455d7808ebfbed56d6760a431c7d20c2dc6ef1b73caa3c49488e30b1ca2520ad20b26a19700780e5ef3ce0144388d8407b6a70c1cda37db7f12091d892f2e91ad4078bb4db1762e46285a7b664b2ad3a34d26d8a94d64587a84527722ea83cb8aa88984e1489743b4214ea6041aa18e55200954efc7edb319df947efbfc6c8d0fea48a131613465d8f4c49498f2269145c6dae50478052598e1ca3be0e33611571fa384771eee402cc2b1d84836c8f1ad28f2ad23dee9ff1d7e1f2521635874115def4d93e89be76180bc55f761144360a8b222892d64d157ccb5d8f4855dca56701495a0e1002d340a4a46156b9b7fe06b7c0759e0b6df559b691ede78b55af64e7c8dd908b788dd6ba35a902c81dceb3788b615de225afa58a81181ab24a73705ee838b6e863fe1bcc26c1b943239230c27c6b397b23d13de6a02c97f3645da91d413f916473b018a61594b6f51cea44457da1e3dbbba6de16866657e92ef0202718a84ad0333e8336b052b004733e8e95ec13e5f91b3806a98d3db729fb735b8147c4a982a2d5b4efae9c09d0a9bf891cbbc3c8f531e76e4044ec91f4d7c5cf77310e2b2cde2e07ccf3e0a19dd6ae1b3fcb2df42186e9c72922d2d4ce51b306e81b16cfcf8f00d513fbd2c5239b45afc654f6fe21acb7e8a0c9aa87b0b605074df9576a6ddd900aca567617cb79656b3b5ecb9ff68b2f6241ed0d024ac27aa6eb486b69fdc0a0db92096abf86002dec7afd847a006a3f6955b49569053be9f1d0a49b793a5411e5916f418ecab953243553b66e6badc4e909be0ef5cc7c6d27199ec3f21423bc45773fb40b97b61185b57080e8f0b89a3ea57c8444ab27ecf7006a766047eeff54d8556cfed23def1da2cc8aebb48c94e779e8203ae2c902b51de0ede0456fb73fb4d5f514a4cebc47fec3f948469a545c6bc57b4138db34e7cc006de26ef507b54d28147567a8c29ac1ecef5bb84fb99aceb23a20294d74a85ae36b33450668a5c2609d3a93934586ff90c3b6d27329eeef3a754e9a9cbd5617ef3b09397bdc971370766589a12d890050d1651458b3fc533c843bffdf9754d932c4ed7611d4d27c32a087555b5eaa37ae90c4979ef54299c420ab5e29ae2845d4dcf2178920a865175fb9cc0e6b8c524b1ee495805d517bfe0: +5c692c681198b172df2fac2aec3fcf7015c2bb6830f2a98e30a396b64af4280e33b169d4ca271040926ea87835e5066f9f05782f087fca7a556f7bf4cba2e886:33b169d4ca271040926ea87835e5066f9f05782f087fca7a556f7bf4cba2e886:b160ee3a93cf6bc3456e5bd0197c09aa76c2258052f9a34dbc2ed589f8dbe5ff9969a61cfe846b2f6739dc7d4a1496e9ad58605b5a2758ca078c55a9fc1c4eeb5491a84bfd468a2ceb141a773493a9b3ee828b5dde9c00c236ff0156e4e2e45fa07931da68bbd2030a881405c4f78728813a5e04812404c2a19c9b87b1cfe9af95e273ecf9c518c53935f842563b192fae12a73cef085fe19e899e5ba08979e311fb286fbfc7b248aabd40dc61610e1d4fc9806dd21292392db2db40426c5d196a489c5db77e3e9cf0bd041e3c23b5ba1db781a10790be1fe07a2b00ca3af89cbd46efce880e1ef28b0cd79d53b42cd80eaa137eff7df90bcbcf95c9858dc0ccc6d8ca8ae3547bdbf9ff9024f3cf170115eb28bf12b7d3b701460f48d1b4b23d7f6ff72ffdc9a6c52624d15312d7f19ddb6026a15eb54295d331fd79509103bc59a3b6e1ba7ac8c112e4de2817e51c1e16507ba66f2547bc899f69c1207ae5e37bdb0e161b15b612305bc0940f9d1b382a37ec2da639a6ecba1bcdfc51214c3223c11bbab79f3fae3d55e2d4be584fd7601e4e2e558b3be5707115a61f5a815ec24aac18093457bc46c05cfb7a3f2533eadadc9e6c1fe310779e697f683035ce57873df55d791f6d2fb0e2107e6866f839c3a126e9023865ced1bcf6779955af547e1d87eb32a9bf322857fd126b0cdc5d5e904eb76c6706e3c897aefd6e4756fb8aca8170ca5b39669089af1bb141a25d6b8b06034d8b11abf1ff8f8d43375846fa8fa8a34b5f264820744d31149b7d57326c59b1db74131678f634e7232ca5ea5188760a70dc35dc89f8e453b4c65b772c2b6b62768d8373236551baaf24d3c304c41b62c36e6a3383b3a163b73e78d8badb75741e5001d419d30e2ed77c3096e8d8df713b93762c9707bdd0f365a874b9da8ab710495dd56aea93bb77fb222635c63bce9f63af91fac89c66986b8e2176dd451d583394c1907cba1725f06d25d1d0912b3e5c6c7dcd34358fad59dbc6f6b1c2ef33d3ca82f43518fe4ff31378016e578a7bab0b77676ebae0d48d0889d69029d209f283ce8fe0ec23cd832adc12a9c3e3aec2d6036695556d9313f12a899dd59a66bef28ede175f8aaeeeb2942bb90892a04b440d04b66f5eeff61ada72790294ce55c86c6d92785ddd26c7a731603b069c603c92e4fe8ff782544c8e89b40b8b55f90e2a5e9a0f33c7fec77dad8152:ad8f379caf41f72dccadc3e915357ab0cd304e10f4120e0dbbfaac01bffaf2be893f70072dc964069181bec17fe0251055b21e23dee4363b27ef1fff67aafe06b160ee3a93cf6bc3456e5bd0197c09aa76c2258052f9a34dbc2ed589f8dbe5ff9969a61cfe846b2f6739dc7d4a1496e9ad58605b5a2758ca078c55a9fc1c4eeb5491a84bfd468a2ceb141a773493a9b3ee828b5dde9c00c236ff0156e4e2e45fa07931da68bbd2030a881405c4f78728813a5e04812404c2a19c9b87b1cfe9af95e273ecf9c518c53935f842563b192fae12a73cef085fe19e899e5ba08979e311fb286fbfc7b248aabd40dc61610e1d4fc9806dd21292392db2db40426c5d196a489c5db77e3e9cf0bd041e3c23b5ba1db781a10790be1fe07a2b00ca3af89cbd46efce880e1ef28b0cd79d53b42cd80eaa137eff7df90bcbcf95c9858dc0ccc6d8ca8ae3547bdbf9ff9024f3cf170115eb28bf12b7d3b701460f48d1b4b23d7f6ff72ffdc9a6c52624d15312d7f19ddb6026a15eb54295d331fd79509103bc59a3b6e1ba7ac8c112e4de2817e51c1e16507ba66f2547bc899f69c1207ae5e37bdb0e161b15b612305bc0940f9d1b382a37ec2da639a6ecba1bcdfc51214c3223c11bbab79f3fae3d55e2d4be584fd7601e4e2e558b3be5707115a61f5a815ec24aac18093457bc46c05cfb7a3f2533eadadc9e6c1fe310779e697f683035ce57873df55d791f6d2fb0e2107e6866f839c3a126e9023865ced1bcf6779955af547e1d87eb32a9bf322857fd126b0cdc5d5e904eb76c6706e3c897aefd6e4756fb8aca8170ca5b39669089af1bb141a25d6b8b06034d8b11abf1ff8f8d43375846fa8fa8a34b5f264820744d31149b7d57326c59b1db74131678f634e7232ca5ea5188760a70dc35dc89f8e453b4c65b772c2b6b62768d8373236551baaf24d3c304c41b62c36e6a3383b3a163b73e78d8badb75741e5001d419d30e2ed77c3096e8d8df713b93762c9707bdd0f365a874b9da8ab710495dd56aea93bb77fb222635c63bce9f63af91fac89c66986b8e2176dd451d583394c1907cba1725f06d25d1d0912b3e5c6c7dcd34358fad59dbc6f6b1c2ef33d3ca82f43518fe4ff31378016e578a7bab0b77676ebae0d48d0889d69029d209f283ce8fe0ec23cd832adc12a9c3e3aec2d6036695556d9313f12a899dd59a66bef28ede175f8aaeeeb2942bb90892a04b440d04b66f5eeff61ada72790294ce55c86c6d92785ddd26c7a731603b069c603c92e4fe8ff782544c8e89b40b8b55f90e2a5e9a0f33c7fec77dad8152: +9d5f85d2e7dfd03bb689d900285fd4461538a5f2710a13ed21c775f6eff6b3ffb86797e4be0286ae39e44df0a00c016db4555ef86f2f05d0a3ed89d89a4c3e5e:b86797e4be0286ae39e44df0a00c016db4555ef86f2f05d0a3ed89d89a4c3e5e:f70b5b053a4672512c24b3168392f6a17dd77d8689c21c86efc25829a1a04fab4f76c8521684d32010455907a26908677b40dc6947d654f2914c30ecee724fa68446b59d091e258fc862411c964d668def83034b627ed416dc190bb5a263a6ff8d559e13b8936225fb4dab4f7bda0468e547e708cb04cebe1e5cfc69f76a1d283f28168286f24ecea5535e4490a0c55567a7345ef953ce426b209a3de3df595e80ee61e572a278ab02219551b73da41984808285a83598a02d9b28671210004e31d8af9242c16f90d5ea8f63a1ff66cfe60ecbe537245fa12a9b154115295806ea2d11f3671782b9af4fa86a1288e123cfd2409a5dc98f41b8f6df299bbcc4bb6447dc03a6d60e9b2c5b8ffc40d983956be97768dd0612d47cbfa7571c9969856c152cd3b473ace0b8a144aac2095c0f72f1d3147152b908ef6626d5222819b20bb3350a46452f675490c2a82150eec40d75b66a325d6e929a905ade1e3160ab950181efc66e59230865d5e599698a8a3ff560c4c601a7a9a5da3b5d89bca93f7cf5bcf5bd5ecff8f1a185c8220e4c77821e62adf95a037f2df7cef43a4c60ac75801e9fccdc5b08eed328dd93100904115645ec1ee085cc778b0f4e46e17298984a702eceb3e15283d820004f74a079520d63a75fae33ec3f4b836469e1aa99ea244af1fb08b00a8c9dfd03308dfc20235ea9c8283f4da47cfbcdbd031a02d164160f2a58986700b19526d41e4d7fd458434d7264bc8eb642e6d8dd2759ce2b85c97b3702e70da71f18edc53e9140a645627e0278e8e70539037484dcd18c62fa330717d6148a0d623ff8b65ea8567ec7fa04c892e3a1ecee96e832f4155074c83cbc93e98cc67f1fa112aa06e9915fa4d2dea931551e7c623aa8a3a7619ea24ff914e264f31fc73dfa8c430ac46ce16dc968c5a4085d5c380d30cdc6f43dee806f38d1df420a065574144737056daa62f0c098c9c52fcc04cca642c45d687345a094613d4a3c6c8788bfa218538ad7ece1bdb6c93924eec4baaa3eb15dc1494d65ffa1a23ff8e985263408fb02bfe39a8c55b300b1a02ed36c6714dd5ab750d47f021f65e08c635f1d6b7baf396cb4f93d56c1ca461bb12e94de7e5d98659a8af0bf019fc42280e111e04800ff80e0c157150e165609454281b20007e3edfaa1ea854465547a006a4c3236411495da166098af2823a459cf100a1f3c92c6390c6066cdbf:176b9592f8c25135292add4daacc9c4faa21d4f49b278480c4e8881c01624df9a37e23e18e84ca32d0d8cb851054222f10a495419f197e7b3d18df0adfb1b307f70b5b053a4672512c24b3168392f6a17dd77d8689c21c86efc25829a1a04fab4f76c8521684d32010455907a26908677b40dc6947d654f2914c30ecee724fa68446b59d091e258fc862411c964d668def83034b627ed416dc190bb5a263a6ff8d559e13b8936225fb4dab4f7bda0468e547e708cb04cebe1e5cfc69f76a1d283f28168286f24ecea5535e4490a0c55567a7345ef953ce426b209a3de3df595e80ee61e572a278ab02219551b73da41984808285a83598a02d9b28671210004e31d8af9242c16f90d5ea8f63a1ff66cfe60ecbe537245fa12a9b154115295806ea2d11f3671782b9af4fa86a1288e123cfd2409a5dc98f41b8f6df299bbcc4bb6447dc03a6d60e9b2c5b8ffc40d983956be97768dd0612d47cbfa7571c9969856c152cd3b473ace0b8a144aac2095c0f72f1d3147152b908ef6626d5222819b20bb3350a46452f675490c2a82150eec40d75b66a325d6e929a905ade1e3160ab950181efc66e59230865d5e599698a8a3ff560c4c601a7a9a5da3b5d89bca93f7cf5bcf5bd5ecff8f1a185c8220e4c77821e62adf95a037f2df7cef43a4c60ac75801e9fccdc5b08eed328dd93100904115645ec1ee085cc778b0f4e46e17298984a702eceb3e15283d820004f74a079520d63a75fae33ec3f4b836469e1aa99ea244af1fb08b00a8c9dfd03308dfc20235ea9c8283f4da47cfbcdbd031a02d164160f2a58986700b19526d41e4d7fd458434d7264bc8eb642e6d8dd2759ce2b85c97b3702e70da71f18edc53e9140a645627e0278e8e70539037484dcd18c62fa330717d6148a0d623ff8b65ea8567ec7fa04c892e3a1ecee96e832f4155074c83cbc93e98cc67f1fa112aa06e9915fa4d2dea931551e7c623aa8a3a7619ea24ff914e264f31fc73dfa8c430ac46ce16dc968c5a4085d5c380d30cdc6f43dee806f38d1df420a065574144737056daa62f0c098c9c52fcc04cca642c45d687345a094613d4a3c6c8788bfa218538ad7ece1bdb6c93924eec4baaa3eb15dc1494d65ffa1a23ff8e985263408fb02bfe39a8c55b300b1a02ed36c6714dd5ab750d47f021f65e08c635f1d6b7baf396cb4f93d56c1ca461bb12e94de7e5d98659a8af0bf019fc42280e111e04800ff80e0c157150e165609454281b20007e3edfaa1ea854465547a006a4c3236411495da166098af2823a459cf100a1f3c92c6390c6066cdbf: +4aaf2d132884f30d1127cf187ee09388b4a5c44a9a9267e6728317398951fb6183727e9257349128559ebf759fdc82122cce76746639c0ada9761f0d60b940b1:83727e9257349128559ebf759fdc82122cce76746639c0ada9761f0d60b940b1:d73eaf11413bf4d5bccf6a2e809cd6832a51823aa22bd16e09cf56ff045eef2d1adadda50c2ebd67bbc4d70e493c968cb4de4977065d4463300694c9caa57206d6664693d8462c3c576b525cc7acf79f26f9055a1bcfa7d077f45ebe0b2d481ebd63f7340a33e4ab68f1604975ec1dfec45a791a2abb1044d75a4db55adf59b8394ebde6824c21145b00ef3b1b08ed11fd51dda514ed7e21e54dbaf6abb6d9e317fcf9fd375b18764e64ac9be5b08fec3b78abbab1d12a2ab09d559acdc7133fb2e0008e0c114b7cadb4bf763078674d03e9c807bec1e2ca71adcdaa310d587fa56950fc0fb2e979043d50f9ae23fa8f821cd9d6232789d0eeccfc4f47e3ad804e25cf5a425f94377d17874833e6ae3638178c78b79519d64d9793f4504606a0eab68707f6e1f7cccb515be3d1201bcd19f2f0e255c722eab12b43aff8c8c5561125fbca1f6542076a06152eb7e4b0786324c2495e79d79c0a8e295bb2e3dfd05a9033190065a284552a6e736006ace41f97cc434a2512051b727ce5bc9c4a75529ec53dd7d1f126e793857747b5ba8d03155d4555f59e8baf2f0cdba871ac160e7519a852db004f701641a40a422d4c38b6c0c3cc8fbbd05322ddc0001fb867286e296cbd69862cbccc7447038eb30f8a8123b7b31373984702c3be457a4b8c54e6e5280485a2c4ff84521f298ddeb3b3b2bc91f114ddce67030248044469dc06f362f2919a3fece5082375d04080376fe219d9b4575b1cf1c9ec4dcac5749fc778f515dda13fa0d586c264b9bb61503310762c789ca11608d2fee674c70ac4fc6d5ebcf68c4ab89bd84555fc007523c28a7e1dd08a9862044d5245b91a8778ec9ee984a41a9e13b7abd657ae2a46ae860152c644acd95367678ff64cc54006e36614805ed618a7c6d0fd33a908523090841c230af09846d132bb4c6b60e2441f9d3c498714f470f6bc03a80d14a294b565d1d5e781cffcb1304efdbbc7bfeabdedc857acc42e2762bbf97af839a166752da295672817f10dbd472d381f53165555ac8222a78535a86805f1bed422889f206109aa74772edc0bb51e8a9840cf62c92fa635b90cae076dd50e5aed9deac843fa8a6b539988285ff1adabe4c7b83d9e29ac2d94092daafec9f6673689ba9e9252d864d7577aa89505d331fe7809861277002a0b44a96ba6ae4a52b3548bf268e777780c00209b245f8b1417ee5e701a12334ad5:5f11df3906a712a953f47c859806b5237358d08ba95e49f9e530a37165835e9359d9769dc21fbb4d44497b93905bca8d9917c728493fee3acd5b521dbd1e2408d73eaf11413bf4d5bccf6a2e809cd6832a51823aa22bd16e09cf56ff045eef2d1adadda50c2ebd67bbc4d70e493c968cb4de4977065d4463300694c9caa57206d6664693d8462c3c576b525cc7acf79f26f9055a1bcfa7d077f45ebe0b2d481ebd63f7340a33e4ab68f1604975ec1dfec45a791a2abb1044d75a4db55adf59b8394ebde6824c21145b00ef3b1b08ed11fd51dda514ed7e21e54dbaf6abb6d9e317fcf9fd375b18764e64ac9be5b08fec3b78abbab1d12a2ab09d559acdc7133fb2e0008e0c114b7cadb4bf763078674d03e9c807bec1e2ca71adcdaa310d587fa56950fc0fb2e979043d50f9ae23fa8f821cd9d6232789d0eeccfc4f47e3ad804e25cf5a425f94377d17874833e6ae3638178c78b79519d64d9793f4504606a0eab68707f6e1f7cccb515be3d1201bcd19f2f0e255c722eab12b43aff8c8c5561125fbca1f6542076a06152eb7e4b0786324c2495e79d79c0a8e295bb2e3dfd05a9033190065a284552a6e736006ace41f97cc434a2512051b727ce5bc9c4a75529ec53dd7d1f126e793857747b5ba8d03155d4555f59e8baf2f0cdba871ac160e7519a852db004f701641a40a422d4c38b6c0c3cc8fbbd05322ddc0001fb867286e296cbd69862cbccc7447038eb30f8a8123b7b31373984702c3be457a4b8c54e6e5280485a2c4ff84521f298ddeb3b3b2bc91f114ddce67030248044469dc06f362f2919a3fece5082375d04080376fe219d9b4575b1cf1c9ec4dcac5749fc778f515dda13fa0d586c264b9bb61503310762c789ca11608d2fee674c70ac4fc6d5ebcf68c4ab89bd84555fc007523c28a7e1dd08a9862044d5245b91a8778ec9ee984a41a9e13b7abd657ae2a46ae860152c644acd95367678ff64cc54006e36614805ed618a7c6d0fd33a908523090841c230af09846d132bb4c6b60e2441f9d3c498714f470f6bc03a80d14a294b565d1d5e781cffcb1304efdbbc7bfeabdedc857acc42e2762bbf97af839a166752da295672817f10dbd472d381f53165555ac8222a78535a86805f1bed422889f206109aa74772edc0bb51e8a9840cf62c92fa635b90cae076dd50e5aed9deac843fa8a6b539988285ff1adabe4c7b83d9e29ac2d94092daafec9f6673689ba9e9252d864d7577aa89505d331fe7809861277002a0b44a96ba6ae4a52b3548bf268e777780c00209b245f8b1417ee5e701a12334ad5: +4bc7daabc5407c226d1920db4afd21b2a5b3e59b8e9246053f6a1a6afa54e7e7dc539885fc7bee002ac5debae16bddbe4b553fa15e81ee798876940f38cfc4c5:dc539885fc7bee002ac5debae16bddbe4b553fa15e81ee798876940f38cfc4c5:6acce99843b241afe6edd5d0ab78d0fb21c8c35aff881389d505f2f1dd91af1eb2ad229254927c7f0ecfb7a8141690573a655d69853d74d0708bf8b1e60a03963028a625b79f3dfea2b113ffcab46f3cfd4a621e8fd8ff0a968143b0ae03ccb6f42e25e2d74dbf515bc358699b635009b01d61fe597f1dc2c35a7ba4555278ee0ea456c7d35fa8757a417924b1d0a8351f226a13ec29d025b42696ec1d9925b769cd59c8e2f9cd3ce4e5c020e051e7a36f3f97c1e8ec71974bc16ac4de4651ad4df2e9c0eed686924224fe6de6c60dd4acc26e0aabd80c21d509d959b80b4353958d00e44c511d23bcf44552608bfa56a9c5ae79de62bb23f11d740f48240c27e101999751f2534742c0a6913ff64b683a18995abc393feb9d57c71f49a080557298cc405d11b7988d7116840c5adaf53bc672b46923cc457c7039940ad4d5bf073c6c886b1339525926d281dbd1a79739b2e36414cbd321b185fc88f18d2f81c809975be9a093644cc559ed2ae5cc0e35cbdd1811f70286057a3f703067edddf5eb1690a7427bb73fe3024ed0db82a5ce8f1716428a76fd292ba99a300c4b2f360da2124617590b10e3b162a6e67dd5d5a59bcca10f610fa064affd55f8483b98a68d076f278abf888a08a014e0ea499180fbc79840ceed13cc6b2458bfab9b0dd7ae9d86461fe215e7c9f63f768cee4a882df0dd84e3eb4f2d7f6b18fa57d8bc7d9afb63c21ac465e7903b9bfb8638a29361f7ebfc6e54e5465a6cef463ae22643ae410258779ca74b70401a9455a4d157d74a7029efe6b519a8c4be696756e045ae4081b77dd6031f0d250fa761e60f859d9063fc105aa0a1a7450af153e705477777c442586df407402ba238752faef74f3345c26a4533be9a61f5fc6bde48e3cba75c04d6f7b333e37006dd0c94fd3b6a130bd6fcdb3c6abe21ca60eb431cc2d8a2ece7169d2dcfce2760825657fd4c26f3c3b830acdfd508011d14764b3be91715571a3183018e0d221fb9532bb2e1711e725a273ae0cc2faccba7d5504929459c992517b05c1ddd03aaccd937b86eb67bc8202d01cab3d489586eea1acca7dc20cd0b6475c258ff673661496a22ea96b89db4bf3fcaae3bb04f67db096a47ff7e1ee239562dc10d40f053944f3d7bcc3ff4c0ff765654ba5ea64f0ea63e45a21d9b12949f14f7ea7074e9b659c5c5d44816842de89698a8fccace43eb6b4135e0b333ac:a7a6488839bbae04dec92f96d728c464685d7a96df512b0051163d22538f74546fa986b1b60a6d8cc766a26c6984c9cd2688395898e2b2ae72dc6a2d5a9f750e6acce99843b241afe6edd5d0ab78d0fb21c8c35aff881389d505f2f1dd91af1eb2ad229254927c7f0ecfb7a8141690573a655d69853d74d0708bf8b1e60a03963028a625b79f3dfea2b113ffcab46f3cfd4a621e8fd8ff0a968143b0ae03ccb6f42e25e2d74dbf515bc358699b635009b01d61fe597f1dc2c35a7ba4555278ee0ea456c7d35fa8757a417924b1d0a8351f226a13ec29d025b42696ec1d9925b769cd59c8e2f9cd3ce4e5c020e051e7a36f3f97c1e8ec71974bc16ac4de4651ad4df2e9c0eed686924224fe6de6c60dd4acc26e0aabd80c21d509d959b80b4353958d00e44c511d23bcf44552608bfa56a9c5ae79de62bb23f11d740f48240c27e101999751f2534742c0a6913ff64b683a18995abc393feb9d57c71f49a080557298cc405d11b7988d7116840c5adaf53bc672b46923cc457c7039940ad4d5bf073c6c886b1339525926d281dbd1a79739b2e36414cbd321b185fc88f18d2f81c809975be9a093644cc559ed2ae5cc0e35cbdd1811f70286057a3f703067edddf5eb1690a7427bb73fe3024ed0db82a5ce8f1716428a76fd292ba99a300c4b2f360da2124617590b10e3b162a6e67dd5d5a59bcca10f610fa064affd55f8483b98a68d076f278abf888a08a014e0ea499180fbc79840ceed13cc6b2458bfab9b0dd7ae9d86461fe215e7c9f63f768cee4a882df0dd84e3eb4f2d7f6b18fa57d8bc7d9afb63c21ac465e7903b9bfb8638a29361f7ebfc6e54e5465a6cef463ae22643ae410258779ca74b70401a9455a4d157d74a7029efe6b519a8c4be696756e045ae4081b77dd6031f0d250fa761e60f859d9063fc105aa0a1a7450af153e705477777c442586df407402ba238752faef74f3345c26a4533be9a61f5fc6bde48e3cba75c04d6f7b333e37006dd0c94fd3b6a130bd6fcdb3c6abe21ca60eb431cc2d8a2ece7169d2dcfce2760825657fd4c26f3c3b830acdfd508011d14764b3be91715571a3183018e0d221fb9532bb2e1711e725a273ae0cc2faccba7d5504929459c992517b05c1ddd03aaccd937b86eb67bc8202d01cab3d489586eea1acca7dc20cd0b6475c258ff673661496a22ea96b89db4bf3fcaae3bb04f67db096a47ff7e1ee239562dc10d40f053944f3d7bcc3ff4c0ff765654ba5ea64f0ea63e45a21d9b12949f14f7ea7074e9b659c5c5d44816842de89698a8fccace43eb6b4135e0b333ac: +f26af210e3b20173990c7745922cdf9424773abb374d777a512cf5b97b3a000d54586abf041176e06aec5b6010e190916da54a8c4bde288cf24d8c107cb3b730:54586abf041176e06aec5b6010e190916da54a8c4bde288cf24d8c107cb3b730:88e26da35c54884b47146f4e3f014ab65b3d71aa7e3c3391adbeb19ef2e7b9302e281991b261b6a0992e2e89a49f480ca2d8e684b12f9b1509b38f6a7a98a5ddb4c2d869fd0318e98ecd8fd9df491baf99a9294de49e1cf8dd41ee85730af025a701143e4f0c8e3d92d55b59ca7d4a6c89ad760dffc0c2189209508ef6c2214edf9967b17def123d8692c9e4e20b1e98268808704f5f9fe1a6d6055e32c872564bd17edb7359578629017f0c30feab8b504e228923adc7e81ae20a852db0ad676a78e081336d6b0402f9cdc5d5e90128ca945d10515ca0c5ef03f731b1d40a710741d41c1dd1ca16b1060febf2a0532e6f5d7651ef446375ec18090cb8418b8202f25a0389031b307f223c5b5f6afe36a9adc1068f2c6e0ea5b2b6cfeb8dc004f7b829c80439069b81a7bd907477c6135ef282b771f141dbe75a0fa056e06b8a1a1f98c25fa54d14c8fdb42d6502595c59d25bacf1a19adefcc13170f7a4317b6ab610b609d414b0073ea04ac29eb10ee73cd71a4ca60409f8e760e60f939510100d0c8cd76f264bb37811f97aa5299ac0b12d4168ff38ecdfa80b1e5c1b3bbd4d40d3544735df7167eb158a9a9a234d445f1d663ded7171edc68d172c92214b82ef13fe6b8c43aa89b739b4990ae947a34f020a8d8943b0f7a5d61dfa76adde0272e98c1159c0fd8a1de33f2cef8edd32857b2189ed96128057ebdea81f7a3a3dffe1893b5ba877556c90383fa2c5a6fd680e8a67dee4802d90dfe971623a7be22ab3ca56067b1e5c694aa84c19f16d69e284ddfa039c108d0435813812390d8ebc1e50138176f259dc0f26bca13bc943f50d5a3500b18d593574c620fc097ace430fb80728d3a1aa644e504b1009ad67536ceb011f2a357dbd009e4a63f524d5b5957f331567c5b4d185a61df22d7071d31ae92141e199c12289515aed80c91021456bcd45ccc634037dcf69b41d6b1ff53471010d99f187f04654f43622287871fee6dcf5f3023cbd0913d99aff43fa95b32ea2b133b4c9ac4b017b7cf8f9be5086fe92b42cb8dbed5b630bf097c18e2e55c3dd93271e09c2d1cc6af87d83fdef3c3e3c4cbafbea9b60fd5e9cf0011de2e9e26fbf09afeef5c69802a6c46bdf54c145862944173e017e30149ea5c03c7aefa28a9cac7767002ea3fefbdeae5bae005c370dbc064244d5b9be5500a35726a99bc9e8c2752d510e139af225580098c8189aa9c520:ce454530b922ba5ea162f1a452e05c00363a49a9db8a569497c00caf1cbea99180770554ed4e3140dfca4555159ebf48ef5d2a50f394aebd782116ed6569a40988e26da35c54884b47146f4e3f014ab65b3d71aa7e3c3391adbeb19ef2e7b9302e281991b261b6a0992e2e89a49f480ca2d8e684b12f9b1509b38f6a7a98a5ddb4c2d869fd0318e98ecd8fd9df491baf99a9294de49e1cf8dd41ee85730af025a701143e4f0c8e3d92d55b59ca7d4a6c89ad760dffc0c2189209508ef6c2214edf9967b17def123d8692c9e4e20b1e98268808704f5f9fe1a6d6055e32c872564bd17edb7359578629017f0c30feab8b504e228923adc7e81ae20a852db0ad676a78e081336d6b0402f9cdc5d5e90128ca945d10515ca0c5ef03f731b1d40a710741d41c1dd1ca16b1060febf2a0532e6f5d7651ef446375ec18090cb8418b8202f25a0389031b307f223c5b5f6afe36a9adc1068f2c6e0ea5b2b6cfeb8dc004f7b829c80439069b81a7bd907477c6135ef282b771f141dbe75a0fa056e06b8a1a1f98c25fa54d14c8fdb42d6502595c59d25bacf1a19adefcc13170f7a4317b6ab610b609d414b0073ea04ac29eb10ee73cd71a4ca60409f8e760e60f939510100d0c8cd76f264bb37811f97aa5299ac0b12d4168ff38ecdfa80b1e5c1b3bbd4d40d3544735df7167eb158a9a9a234d445f1d663ded7171edc68d172c92214b82ef13fe6b8c43aa89b739b4990ae947a34f020a8d8943b0f7a5d61dfa76adde0272e98c1159c0fd8a1de33f2cef8edd32857b2189ed96128057ebdea81f7a3a3dffe1893b5ba877556c90383fa2c5a6fd680e8a67dee4802d90dfe971623a7be22ab3ca56067b1e5c694aa84c19f16d69e284ddfa039c108d0435813812390d8ebc1e50138176f259dc0f26bca13bc943f50d5a3500b18d593574c620fc097ace430fb80728d3a1aa644e504b1009ad67536ceb011f2a357dbd009e4a63f524d5b5957f331567c5b4d185a61df22d7071d31ae92141e199c12289515aed80c91021456bcd45ccc634037dcf69b41d6b1ff53471010d99f187f04654f43622287871fee6dcf5f3023cbd0913d99aff43fa95b32ea2b133b4c9ac4b017b7cf8f9be5086fe92b42cb8dbed5b630bf097c18e2e55c3dd93271e09c2d1cc6af87d83fdef3c3e3c4cbafbea9b60fd5e9cf0011de2e9e26fbf09afeef5c69802a6c46bdf54c145862944173e017e30149ea5c03c7aefa28a9cac7767002ea3fefbdeae5bae005c370dbc064244d5b9be5500a35726a99bc9e8c2752d510e139af225580098c8189aa9c520: +39bffe007f8df7ce4e56fd176b102b923ba48aeb8269fd0cd520c23a7b236e6c9532636800010b3dd4012e341fcad6d29afad484e6fd736e89d5bc02ba0ac853:9532636800010b3dd4012e341fcad6d29afad484e6fd736e89d5bc02ba0ac853:7a8c20bf2eff69af8bad6bdfabc7909c58ce746cc4df78b69b33c105ba3bd8da75244758b5172d5c4501bc39970185ee3d437083a9959f81e7665b829a69a5d72e034d351adddceb3d3fff589988df182b46fa53d26e7c9eac062215788f2337bf90f0177d8ca744f95f28fea854593c4362c82e9ded19b904ff99d2bea82432822e52c3da6d462da754ff1f8bd109942df51dba25b7cde838d5f524239f1331f463194e10ff56795b296878feb1f55d43ec7daf0ca5ab3d684b55bb0aa4c720d4b5c2e830c858694d3d0fdbaad0bf67d873182d95b2412fce5e7b00fa6bfc38b132efb96f87bc6c10070a5716ec9b33a2692cdf5bc41c7f737e28c4220317a489b7323d5e20f65d375d769f9e79376fd02d85368671e7e081eb753f888545ebe5c000b2f80143eb358d43185e2f1c294b9f29c8bb91482d4387494aad176deb85540fd005c97d13e6663f09944eb43a46e6236794bf6e21f81d0a42090f9ccef90a6c4807b5ff541300e5934881a8d92196b4cee85d28092a828ea3bfc6b745ad219be9f5e9574117d079e02f4b748e2cc01a32826a3708231914d2772c764119fd99d53ab5b5a2e9d891a48a9aaaacc26338b18248db8ab2d525daf15ff53acbc3aa98d4f2d4a337bbaf6d1be21985a4af600e29bbb42c8d89e6b389c66f42270c3a0b051bdb623881e02f2f4294cec3476386747abae6c7700b8f9b0387cddfb73668fb57693d8474196b33abd12dce59a57cf72ee6cc1ddbaadfb19e90af8131b3a90f9867f4c7e15bdf9e218477016bd0ad3be8dd059671ff656cbd4ed898086de4d423f3dfb270bbf19d9f53f7f6f2d22c6ac9025cbadba442e31d9811e37e847dbd484d80cf743039ffa7048470fbdc6080f6d381dc7e3fa27122df53cc06394ea6fc446e1ba72538733ed3abb685f16dfd5ccf585ae8fbf9954b50f10b7e5432a22b369406a9b7088961f0ae207495ae7185396dccf292dc463f41f376a1ca89eefbae19269152031bfd815288e8b5baf348c4f8ff3dff4fd6d108f871daa352110fa64188b01b8526a845aaed133e456b4c83c4fd4bbb165b4090307e8eb17df176c322520f37599c2105aa8120758394a4222473476764cf0af7c55183eba9683d7270631443f3c51fb8ab0c130ac436ab603ff4f1d8656cdbed229a202b40008ea10b171542f74a70b7bbacc4016b7f636aa89633b7668058f13312f57c5162d18e399e:a27cca4b9f5b95ad0e44e4740c15deaeb93f22a9b254ebbd2329365a00966c9f4ec1e55c5894e7bfc23d398d3970b9465e98a8d23e72dae8e350da3531ae69087a8c20bf2eff69af8bad6bdfabc7909c58ce746cc4df78b69b33c105ba3bd8da75244758b5172d5c4501bc39970185ee3d437083a9959f81e7665b829a69a5d72e034d351adddceb3d3fff589988df182b46fa53d26e7c9eac062215788f2337bf90f0177d8ca744f95f28fea854593c4362c82e9ded19b904ff99d2bea82432822e52c3da6d462da754ff1f8bd109942df51dba25b7cde838d5f524239f1331f463194e10ff56795b296878feb1f55d43ec7daf0ca5ab3d684b55bb0aa4c720d4b5c2e830c858694d3d0fdbaad0bf67d873182d95b2412fce5e7b00fa6bfc38b132efb96f87bc6c10070a5716ec9b33a2692cdf5bc41c7f737e28c4220317a489b7323d5e20f65d375d769f9e79376fd02d85368671e7e081eb753f888545ebe5c000b2f80143eb358d43185e2f1c294b9f29c8bb91482d4387494aad176deb85540fd005c97d13e6663f09944eb43a46e6236794bf6e21f81d0a42090f9ccef90a6c4807b5ff541300e5934881a8d92196b4cee85d28092a828ea3bfc6b745ad219be9f5e9574117d079e02f4b748e2cc01a32826a3708231914d2772c764119fd99d53ab5b5a2e9d891a48a9aaaacc26338b18248db8ab2d525daf15ff53acbc3aa98d4f2d4a337bbaf6d1be21985a4af600e29bbb42c8d89e6b389c66f42270c3a0b051bdb623881e02f2f4294cec3476386747abae6c7700b8f9b0387cddfb73668fb57693d8474196b33abd12dce59a57cf72ee6cc1ddbaadfb19e90af8131b3a90f9867f4c7e15bdf9e218477016bd0ad3be8dd059671ff656cbd4ed898086de4d423f3dfb270bbf19d9f53f7f6f2d22c6ac9025cbadba442e31d9811e37e847dbd484d80cf743039ffa7048470fbdc6080f6d381dc7e3fa27122df53cc06394ea6fc446e1ba72538733ed3abb685f16dfd5ccf585ae8fbf9954b50f10b7e5432a22b369406a9b7088961f0ae207495ae7185396dccf292dc463f41f376a1ca89eefbae19269152031bfd815288e8b5baf348c4f8ff3dff4fd6d108f871daa352110fa64188b01b8526a845aaed133e456b4c83c4fd4bbb165b4090307e8eb17df176c322520f37599c2105aa8120758394a4222473476764cf0af7c55183eba9683d7270631443f3c51fb8ab0c130ac436ab603ff4f1d8656cdbed229a202b40008ea10b171542f74a70b7bbacc4016b7f636aa89633b7668058f13312f57c5162d18e399e: +3c4080cda0fc3c03b614d980f2ff831f5be0e7a981d5381a1618e0b8fd001776f1c3269d870402caa43882135d9dbadbbb162dfca0b3dad197e6b8a7ee679a70:f1c3269d870402caa43882135d9dbadbbb162dfca0b3dad197e6b8a7ee679a70:0ceebc0e8a47720f25835e2b9acf891bcca4bda38637f363274458baa9e2bbafedd0938f5688734e22ac50fb120f665f6c4c61c6531739b929ac83cd77f8963b754488b9b859c13853637cf025c14e8fdd118faa14cf3930ceb35f104d95441e56489440f62041ef1aa7c4b08b2807e32bb9584b9004d76e76533348506d64f112e1ff6f938f642230bf38af010e41987270248b13635a3567b355bba5b57448c6d13b74f3bebf617915821028fca5defa4ce5424ca191cd54a22944a3d940e4ee2e2ba5d504c85f959b514c4fab41ccb5743d9cb2f9bf33d1d8c2a5869e9f4660c3fb224b39141e3110c9ee8aeb871e14c62c6be38fb9a4568d736810bb9d2073178b6c7e87e3582efc62b53c23c5d46520ba33ffb3a9ca649ef26fe74a3cff6188427326b8c96f74354cb3ecaa611b12cded565e59fe1f8f400097e93ea85951b5b4e9009eea7db937e4349c4e5e00c4456c6c5f4e57411baf4e46e700ac400257765f48dab03e439f76c1499b5108047c830109dce7f740d1393787e29d3716d3c47e755cb828e7d440a971975197ebdb3f9b737ba11f7fd0386a959249017de7234d5e5a9b473bb9583a3742c774ee552a12a1f36eb3f26c885bed22e91c74cf32a8dd3edb08b674bf386ef427727912d57c5fafaa1cfeb740cd52b9dee995e3d0161cd9213f38fd681d538ab8bf97b745f54980030ef8b72696d4e27473fb0f1acd5d0aae0297211680ea0fc59d7b6d51c63292585a1d553d0c8954b42a4bd6fcd3a49575bf5c88953f1f4ea7fe0ed7a579d1697e645e2a61c69d1a56bc605bb04060a2778d509a8aadbf35d94697ccee9d3543dd01281a031f2a0eb3a9eb13ae56ff44fa0aed4f3488747d6af820f3989b7133f449ea56d3a7f731e791b7ed2a5db939bb75352de7daec5066fd57557165adffa631cd3f967c3c7cfc11cc1f14fa23defec3eb0239b45ed601a3a8078ccfc7f8380902a859ee9ce2db795efaca0a01dc0879d506ac97d10704d7757b3ccf3b37c339b42db23782278023e4c2e77d74246c9e544149a55c0c920ebf2986b4c5b4b3572f748c4b15c7f863999bc5132adad09761eb76505019769fb55422f603184e24c0d4f3761987b5c50feafcce53302a3a415e20f56a054803e553bacd242a5e1364aa3b2d7cb3bc1e1b86a47431cbd39695b67f554c4645b7236904094c11aa1b40326ba91b8bf4873e9a4de04e2bf4625972:c9d4a4728b8fdd240d9c498aa35de95a4bbd51785b73c8403fdf040dfaed9447efad0069b67c783d4b81d966bef6e3d9a808a0584b98ec2b18322c4c920eb00a0ceebc0e8a47720f25835e2b9acf891bcca4bda38637f363274458baa9e2bbafedd0938f5688734e22ac50fb120f665f6c4c61c6531739b929ac83cd77f8963b754488b9b859c13853637cf025c14e8fdd118faa14cf3930ceb35f104d95441e56489440f62041ef1aa7c4b08b2807e32bb9584b9004d76e76533348506d64f112e1ff6f938f642230bf38af010e41987270248b13635a3567b355bba5b57448c6d13b74f3bebf617915821028fca5defa4ce5424ca191cd54a22944a3d940e4ee2e2ba5d504c85f959b514c4fab41ccb5743d9cb2f9bf33d1d8c2a5869e9f4660c3fb224b39141e3110c9ee8aeb871e14c62c6be38fb9a4568d736810bb9d2073178b6c7e87e3582efc62b53c23c5d46520ba33ffb3a9ca649ef26fe74a3cff6188427326b8c96f74354cb3ecaa611b12cded565e59fe1f8f400097e93ea85951b5b4e9009eea7db937e4349c4e5e00c4456c6c5f4e57411baf4e46e700ac400257765f48dab03e439f76c1499b5108047c830109dce7f740d1393787e29d3716d3c47e755cb828e7d440a971975197ebdb3f9b737ba11f7fd0386a959249017de7234d5e5a9b473bb9583a3742c774ee552a12a1f36eb3f26c885bed22e91c74cf32a8dd3edb08b674bf386ef427727912d57c5fafaa1cfeb740cd52b9dee995e3d0161cd9213f38fd681d538ab8bf97b745f54980030ef8b72696d4e27473fb0f1acd5d0aae0297211680ea0fc59d7b6d51c63292585a1d553d0c8954b42a4bd6fcd3a49575bf5c88953f1f4ea7fe0ed7a579d1697e645e2a61c69d1a56bc605bb04060a2778d509a8aadbf35d94697ccee9d3543dd01281a031f2a0eb3a9eb13ae56ff44fa0aed4f3488747d6af820f3989b7133f449ea56d3a7f731e791b7ed2a5db939bb75352de7daec5066fd57557165adffa631cd3f967c3c7cfc11cc1f14fa23defec3eb0239b45ed601a3a8078ccfc7f8380902a859ee9ce2db795efaca0a01dc0879d506ac97d10704d7757b3ccf3b37c339b42db23782278023e4c2e77d74246c9e544149a55c0c920ebf2986b4c5b4b3572f748c4b15c7f863999bc5132adad09761eb76505019769fb55422f603184e24c0d4f3761987b5c50feafcce53302a3a415e20f56a054803e553bacd242a5e1364aa3b2d7cb3bc1e1b86a47431cbd39695b67f554c4645b7236904094c11aa1b40326ba91b8bf4873e9a4de04e2bf4625972: +45438f91465d74a2825b0f66a35bd7c8d005865479b3dc10a9b56f297d31b926f092b5880330871e5aafdd3ceb3850ee7e0941a2a1dc89f4fb4771d75a22f6f2:f092b5880330871e5aafdd3ceb3850ee7e0941a2a1dc89f4fb4771d75a22f6f2:3071d4b720df1093659967cd4eefef2ef9678475f7dec58fecec1d928deaf802457a1934e60455f496cf4251820ed60a3d8133b624d33af26a262784b5a2fba73cca2aa5e519e1f539584780649864ba5fbc1f011dddac381f8d48d0d60ce8231701173c9d2a307a76302ebc69dcbc930d28431475b516f98f778ed2e1fff272909a272cc3fbb6b31c8041a37cb777e062e49649afad12c1b5f7fcb8065a99e7423362ad16906031265db7e8b89751f8a4a407f2502650fed753e42c8c911e50b94b3800695b0eba7dff06b7a710117e4920d4b1c605a3ebf32e06966716eda14b3042998a3c7a5e9f83542d7dde65e528bed6101deb331deb94cdd46044bef88c097bafd40d6921a7c484c8f96684dc371671d94eee7cbe5d587715314cff0d1877272d8190a90e18bfb321d52bf74705137b2abf9165731767a13adc9c85e0397b47aef96badb2ca7fcb8293b01fd1de316ee1e65f356b9d6e8ea1fdd837bd96081149ea2dcd73c4881f32b7deebc3715e2d7cdb643e0d98f4e846508b04b32439ff14b1164f46846df9afae44464cf550104cd3aab3817540470aaa2ab9559a68b7ff6b1b9c0ce9f5869cbdcdd617090942e353b4c77f09395896becddff1ab7f07586a514d81fb096361557566870f1691983485a80c3413da98b8d19c78e6379f943e5bd5a5697aa33c5e6bfcfb7b8df1e1574ee416fab3c8a7d088b3a057cf865321b74e6103526dd9ad15ca5ad3c0f69718e27081d4b34a7c6d1aab6b96c0a754b989b4940638c9ede3d17bd49f65bf783dc85f1c4b144876cdbdb2282a9564aa81b57092080d6448fb6580ecf09f82a755010d55d4a5e4f305e259dbe99508b479250d80ec17c8760a93e05a29571f6856073022c8706913c46a2efd2e9caae4ffa1b4222e3d70e979e81a71951d7cb830bcbcf901af244f64e4ad9f52fa3b62031e3516da50bc2bce78eb9d61bfedd9b3f57e89355f177db6162bf61da0e454c34288b967c3fb4c341b32d4d13a319869b8e36046f9e338b5f36a1fc1a7eda7d7b0d438e0a75d84bbe4d68c879ada80dde23f7155b532cccf7a63f1bedf84f82f440c9ec3cb0e45f32c92f76438f5b4b910441e6738af3f5d2050d579ee96b88f3b00810ab126ff3a8fefd971044324dd4eb3447dac5b77809cda8c71682549d7cf2dcee340edcf9494aca42901e2c11ed97790af48bcea29521ef0e3d03cdadecdc894dd0756:d9287b7fec017f2ea40a14a1f62dca78b02a3d6632df7c60ebd90fc5e492c5c62c43166bf85658fb30a08b57a5813121b80397571a312b6dd11b6539205416023071d4b720df1093659967cd4eefef2ef9678475f7dec58fecec1d928deaf802457a1934e60455f496cf4251820ed60a3d8133b624d33af26a262784b5a2fba73cca2aa5e519e1f539584780649864ba5fbc1f011dddac381f8d48d0d60ce8231701173c9d2a307a76302ebc69dcbc930d28431475b516f98f778ed2e1fff272909a272cc3fbb6b31c8041a37cb777e062e49649afad12c1b5f7fcb8065a99e7423362ad16906031265db7e8b89751f8a4a407f2502650fed753e42c8c911e50b94b3800695b0eba7dff06b7a710117e4920d4b1c605a3ebf32e06966716eda14b3042998a3c7a5e9f83542d7dde65e528bed6101deb331deb94cdd46044bef88c097bafd40d6921a7c484c8f96684dc371671d94eee7cbe5d587715314cff0d1877272d8190a90e18bfb321d52bf74705137b2abf9165731767a13adc9c85e0397b47aef96badb2ca7fcb8293b01fd1de316ee1e65f356b9d6e8ea1fdd837bd96081149ea2dcd73c4881f32b7deebc3715e2d7cdb643e0d98f4e846508b04b32439ff14b1164f46846df9afae44464cf550104cd3aab3817540470aaa2ab9559a68b7ff6b1b9c0ce9f5869cbdcdd617090942e353b4c77f09395896becddff1ab7f07586a514d81fb096361557566870f1691983485a80c3413da98b8d19c78e6379f943e5bd5a5697aa33c5e6bfcfb7b8df1e1574ee416fab3c8a7d088b3a057cf865321b74e6103526dd9ad15ca5ad3c0f69718e27081d4b34a7c6d1aab6b96c0a754b989b4940638c9ede3d17bd49f65bf783dc85f1c4b144876cdbdb2282a9564aa81b57092080d6448fb6580ecf09f82a755010d55d4a5e4f305e259dbe99508b479250d80ec17c8760a93e05a29571f6856073022c8706913c46a2efd2e9caae4ffa1b4222e3d70e979e81a71951d7cb830bcbcf901af244f64e4ad9f52fa3b62031e3516da50bc2bce78eb9d61bfedd9b3f57e89355f177db6162bf61da0e454c34288b967c3fb4c341b32d4d13a319869b8e36046f9e338b5f36a1fc1a7eda7d7b0d438e0a75d84bbe4d68c879ada80dde23f7155b532cccf7a63f1bedf84f82f440c9ec3cb0e45f32c92f76438f5b4b910441e6738af3f5d2050d579ee96b88f3b00810ab126ff3a8fefd971044324dd4eb3447dac5b77809cda8c71682549d7cf2dcee340edcf9494aca42901e2c11ed97790af48bcea29521ef0e3d03cdadecdc894dd0756: +72cfcef4c9d6a1986d190311840e55cbafacc8a6eb5ecc72934fda535bdcffb2a94464d8cc8f3e43393947649f91c2752327e40daca11a9970c5181eda37d606:a94464d8cc8f3e43393947649f91c2752327e40daca11a9970c5181eda37d606:66a6cbe88a8ab9a33847797fc480b244e8a2b8ec79e80bc2637753deb36fa3014f843e22a47db0a31778385ec1f455672e0dff6ca21ca4cfd2b989471b7ffc307828138b0ad4e647c2d13cef724469054abd3740245aea4b789e244e95cf9ecfd08a0d13c7ced393332727a7f3d8fbdabd939de28caa41cc96c7081198e22653d94e024a61f5f3dc5aa37fa9adddc96cf169d35062a0a29ba45a539c87a68a3a0304361309d213e614ee8373dafba2a7d6ed7d2ad37704c0946e4d093e2d94d061364cc1231063729103a77ccb501891bbc3185457bbd2869eb63dc60f196f10a38b7b36cb3f643d35ddbf438a44bf0c8f570fad41bdde267f0ffcf1f2f927d626d1b0d980a0ce223f2f0054845afe41d39de5a457219f276c67e69be2d5c9e070131639561c26751fb06435e0e42e2508c5f49cd12b517c9833ff97f5e51e1dceafa9426d3dc52fd1379c64ccaabb26db1af6ded7153628842f0cbdbbbd6aa0cfa5407f409496c06532dbeac94dab9baba0b3c988fa03d36f911d80e49b370b6837037ff249e76d692cd17737e0d07965d33f17042bbcd1e990e040f71936f6fca2542ae33748367787c01bdea75c9a0e66150281c468fe5c73af9e5bec372d5020c3d37fa1035a67e224d095f066a51fe1f681c3073939272f6af7750ed8d18349178ab4a2eeb4e9ca82bb67296e9890f316c9d9495953d68436eb1c1a2fb6a1cca45a8e88a09bdd65a5558025618b36d7f3cb389d2e2ab1ed233228ec92a327978c0adceddb6c9632d3abd7971621713754758e21013a0c3d009b6e3193cc152c57ef73107bd4357d528be40873027bf1840f685536080f12c5ffa93ca629736780e015e86d1909f0d8f372010c9cb72c0989845fc88315e6b9370dc92d3683ef44d3f75fc96c4b0e89e13d682d1988b685713eada842be9d2bbe2a76bba15d38cbafb65c40c2159b0ceeb0d769b9be355540734ff37736c0f0facb95159309365b9646bc4b344fb19a5c1639a88e87317bfb3b5e7b5130fa7d5643ed4da06430c8a0c1858ccf2f9a6e3d62012253f0122dbab4a35475a6f65589b2b095992826e4f1b58fa050b8f95c4feba3fbaadd2c2244ad4abd410139adf4c153cb5e69337af176a7837eeaea99bdcd59385afded34ffba8063a35f4f558e4eeb48f1487b56b1f8d1f73067621cb548c808753e3526a2f2aabde126bea521cf673deafa792ca5bd2212795bd66b86:db7270acce78d7fb09080a327941bce7eb145b9e3661866a8683f9a1a3de97fb02b025db9ec76ff32560fe638827742ea2f4ebef6b7cce44f9aaee434fd7c10866a6cbe88a8ab9a33847797fc480b244e8a2b8ec79e80bc2637753deb36fa3014f843e22a47db0a31778385ec1f455672e0dff6ca21ca4cfd2b989471b7ffc307828138b0ad4e647c2d13cef724469054abd3740245aea4b789e244e95cf9ecfd08a0d13c7ced393332727a7f3d8fbdabd939de28caa41cc96c7081198e22653d94e024a61f5f3dc5aa37fa9adddc96cf169d35062a0a29ba45a539c87a68a3a0304361309d213e614ee8373dafba2a7d6ed7d2ad37704c0946e4d093e2d94d061364cc1231063729103a77ccb501891bbc3185457bbd2869eb63dc60f196f10a38b7b36cb3f643d35ddbf438a44bf0c8f570fad41bdde267f0ffcf1f2f927d626d1b0d980a0ce223f2f0054845afe41d39de5a457219f276c67e69be2d5c9e070131639561c26751fb06435e0e42e2508c5f49cd12b517c9833ff97f5e51e1dceafa9426d3dc52fd1379c64ccaabb26db1af6ded7153628842f0cbdbbbd6aa0cfa5407f409496c06532dbeac94dab9baba0b3c988fa03d36f911d80e49b370b6837037ff249e76d692cd17737e0d07965d33f17042bbcd1e990e040f71936f6fca2542ae33748367787c01bdea75c9a0e66150281c468fe5c73af9e5bec372d5020c3d37fa1035a67e224d095f066a51fe1f681c3073939272f6af7750ed8d18349178ab4a2eeb4e9ca82bb67296e9890f316c9d9495953d68436eb1c1a2fb6a1cca45a8e88a09bdd65a5558025618b36d7f3cb389d2e2ab1ed233228ec92a327978c0adceddb6c9632d3abd7971621713754758e21013a0c3d009b6e3193cc152c57ef73107bd4357d528be40873027bf1840f685536080f12c5ffa93ca629736780e015e86d1909f0d8f372010c9cb72c0989845fc88315e6b9370dc92d3683ef44d3f75fc96c4b0e89e13d682d1988b685713eada842be9d2bbe2a76bba15d38cbafb65c40c2159b0ceeb0d769b9be355540734ff37736c0f0facb95159309365b9646bc4b344fb19a5c1639a88e87317bfb3b5e7b5130fa7d5643ed4da06430c8a0c1858ccf2f9a6e3d62012253f0122dbab4a35475a6f65589b2b095992826e4f1b58fa050b8f95c4feba3fbaadd2c2244ad4abd410139adf4c153cb5e69337af176a7837eeaea99bdcd59385afded34ffba8063a35f4f558e4eeb48f1487b56b1f8d1f73067621cb548c808753e3526a2f2aabde126bea521cf673deafa792ca5bd2212795bd66b86: +a6337e4d3b1a49b126316778c613516c03ac88c96d92ff5cc7e0c8527cce1a62f5eac4fe0ea1a5f236b49da33a24e2f3a83d4b260c54d3416c644e05c838bf51:f5eac4fe0ea1a5f236b49da33a24e2f3a83d4b260c54d3416c644e05c838bf51:e33430c38c4a40b3c66e20cf3b70e9fea8cc50761f2afe249ec059c07bc3b37e5b94f4a43e310099b19a85f59dff73a7e495c4df31f74780cdef7bd6e47c394c1891ea3052e3ccf5d84bae082d24ba7178ac65d229ad18a84940f6b4dbc596ee63c181b57b5b49698979c18632fa821ca61e35a0d0351fe13d69e06ddcc8d666dca24502177f344e2f440575d39ebfe5e7f10653b65bef291dc813a0434c975de164c1a76bf6fcef98f23181c009b91830b618e4874847d2e21bbdb93f20cd8b1f4baadf99428a22674386a668152b4b9039ff06abcfe334a062f794056172ecbc0794df98271b9acfe4b7da553a87634237630009a05b257c184cbe23d9cd5a038658010f574899f3b2d154d185ee67230913650c3a05b54a2edc243a4287398e376928ea9c6b2cbaf371252540e2b8043fcf556813196ae572c27cfb5a46abb9729af2dcfc29e033dd11f33e86cc6ac3bce6f3f9577d36781a69ed7eaf8c8263a0f18eba0fe8a481f3e15a55599434195f7cb057dd364eaa07dd0dfd266b807f53a2070fd791e872422fd907134f4a8a78a876bdcb031ac860dfe0bb57e105db8287b31a604eb71269be5ba229985ceabc2bdf165ac741650b1f013a66c9bd243d03a8b1c5081381cb92e23f9057771fc07ca32dff1db94f5adfd2f4ff9af31d250dd4f86b22592f60a74575156213f10846c746a920fe39851b32fe4c8b8758765bc5b8b9d5b99263df36f97888053fd10f1d68f577aed559bcfde744bc6511076cafd68944a0ed10552d11344bc7e4d9ef936dacced527433132959b1c7324ad1c4cbc3a1a736b1f02aae8e0611ae23fdd474f5b8ee7056fcb5af6133ecc084bb9f1f50cbdac66244437b4348f4edfe237fc3c3829ab94eb4f14cab1ccd6caee36fadc20a310cf0690622cdca848aed03ff403a6633f4f657994b780dd6048149c3bfbc17889e37d90b1e5420eb3d4596b91ba11bc0229c65d05b93cd7e0454d1f3c6e1e8071983792c4d4368d0778aef4e123335fd2962c657bd0513571a5fce211de62874f27ca10dc15ba2d445f1cf4be5f833cf0b564c022576b98c0a24349b67085f92202675d7dac48b95e3bfd6555a9ecb7c72f08bfec0d220222492fdc9636f036ec4508a365b7b70979f9eb4a7263a8bacb1c1d0155738646cdd46ab9234a170311500d0bae6e55a863bdaa56f51645ad85297a7381f8d20cf96c474d1bb81fce132b14555d1a:781376c9512fa33c457047a1f4f0da3176e60ee47782869b7e9fa5841d964f3c1ad66b70c114b1771c324c83ff6cd997aefccdc59c114db9f2f3ca7d84a7b60fe33430c38c4a40b3c66e20cf3b70e9fea8cc50761f2afe249ec059c07bc3b37e5b94f4a43e310099b19a85f59dff73a7e495c4df31f74780cdef7bd6e47c394c1891ea3052e3ccf5d84bae082d24ba7178ac65d229ad18a84940f6b4dbc596ee63c181b57b5b49698979c18632fa821ca61e35a0d0351fe13d69e06ddcc8d666dca24502177f344e2f440575d39ebfe5e7f10653b65bef291dc813a0434c975de164c1a76bf6fcef98f23181c009b91830b618e4874847d2e21bbdb93f20cd8b1f4baadf99428a22674386a668152b4b9039ff06abcfe334a062f794056172ecbc0794df98271b9acfe4b7da553a87634237630009a05b257c184cbe23d9cd5a038658010f574899f3b2d154d185ee67230913650c3a05b54a2edc243a4287398e376928ea9c6b2cbaf371252540e2b8043fcf556813196ae572c27cfb5a46abb9729af2dcfc29e033dd11f33e86cc6ac3bce6f3f9577d36781a69ed7eaf8c8263a0f18eba0fe8a481f3e15a55599434195f7cb057dd364eaa07dd0dfd266b807f53a2070fd791e872422fd907134f4a8a78a876bdcb031ac860dfe0bb57e105db8287b31a604eb71269be5ba229985ceabc2bdf165ac741650b1f013a66c9bd243d03a8b1c5081381cb92e23f9057771fc07ca32dff1db94f5adfd2f4ff9af31d250dd4f86b22592f60a74575156213f10846c746a920fe39851b32fe4c8b8758765bc5b8b9d5b99263df36f97888053fd10f1d68f577aed559bcfde744bc6511076cafd68944a0ed10552d11344bc7e4d9ef936dacced527433132959b1c7324ad1c4cbc3a1a736b1f02aae8e0611ae23fdd474f5b8ee7056fcb5af6133ecc084bb9f1f50cbdac66244437b4348f4edfe237fc3c3829ab94eb4f14cab1ccd6caee36fadc20a310cf0690622cdca848aed03ff403a6633f4f657994b780dd6048149c3bfbc17889e37d90b1e5420eb3d4596b91ba11bc0229c65d05b93cd7e0454d1f3c6e1e8071983792c4d4368d0778aef4e123335fd2962c657bd0513571a5fce211de62874f27ca10dc15ba2d445f1cf4be5f833cf0b564c022576b98c0a24349b67085f92202675d7dac48b95e3bfd6555a9ecb7c72f08bfec0d220222492fdc9636f036ec4508a365b7b70979f9eb4a7263a8bacb1c1d0155738646cdd46ab9234a170311500d0bae6e55a863bdaa56f51645ad85297a7381f8d20cf96c474d1bb81fce132b14555d1a: +107da98d0ee8e7c00f6d41ec265944ce67ef8c8ffb51f4f11f4e5f1a27fbe8053bec34b161b1bcff009f8cfc50d84ceb6a2d5b203b5238a8aad8a83618b442e7:3bec34b161b1bcff009f8cfc50d84ceb6a2d5b203b5238a8aad8a83618b442e7:1a7b7f3e1c7c41492a7ce799efdb2d9dc2f2489c84ae28bb7d084f32eca8fbb066885ac6f2ef7449e71226a82e9f153772a993eb6b6bca6491d26aca5dee98b77a1ddc59922b3145c447de737fafacba5a75f2a80137b5594697220d19617674a69113fdf77c343af2b7e3861b5b7822f58d60089c3ca54c749d27f88379c067598f063939ba8631d1f52dc9ab455045fb360cc2a5b6b0127facfcf5b1b4c33e3f194fc924b854168cb1169ab10997b438b71c80878347be887af44810134b514c806908201a3d3e6d0c56120c4314874dc2944d8444f01bafa34aa62ecef0981545e5d02f4016c0b164fc05ae18f535c31bf20b86f31f7a794aba148984c3ff433dc222c443b5d26c1f66e6c5f19d19cd6eadd4dc94101b2f52b58c9d4590cb10dbc5d6eacd11d42ed09f15bde44ee9271def292f731bf3b4ac6cd127e4884c2cb30b285fc9247638a299e416520624d1ec8d0df2498939c719a9e7bd29a3c5c32a3e8241368d6e4f90fea29dc3a3f147ea9f76c5780e73143f55d3dec7b66341d3f3eac1d98f8e7d4e877509b4438c3a52466d242a10b4c27c4a0db9232dad011414ebfbd57906f1a410207b526b0d1f1b6986b3ebd7550a2b3c15fc2409c7626e0dd330ef6722e3ba48b1d9205652ac194c21473ce258559db511efad3e5d55f2a796d65a6ab97d8631062a593a13aaa095dbc93e6217ced619cb16a57e744355a16b15e77d4979119299bb043e48fa3e615460e164882984a223d418ca95340c5bfcda673fcd13b29f2c47d2f97e3e8c613b6c58df0e62cf23061d6f545b755033fd3dc1405e5fef35a13e015f98b1cc42f71b99681f9681258229a4473d86eabb0c17927941e50c08f34a76b43bcc6d042e5632ef9ccc91b6e6950f5d30f670fb3902c3d409315a40b0821ce8a99a97feca5478bfd782e78767b311f374163f5896b0beb95838e645878c64990385123b61575dd842dc76354bac9c6d5acd9935b609bcccb8463d39225da1afb8911d36e609892dd1723852ab9f82758f3f1e4d28dcf02cb06eed26844aae6882ed44bce44abcd1dfba633418c9f155879c97ab27f8ae238330392be5491a078662daaa02a3d5458b77c549c49be201245e7aaec0d94e5437beca6e5ab046d694e96bf51e04fb44379b2b9b801675fe1477f3e089874a601171d8b68f0202014601a53f812f53e581c3b96312b36b9ee04fff11d9eab4e45148dcc8f0fab1:53252b923ad19cc39784d3a9ae59d62a6300dcc50ac8fd0713cb58844501d8d3805afa0fda64c73ea0f60e6a8b3445bfffe6ca6bfdc87e128baf99bf6268fc091a7b7f3e1c7c41492a7ce799efdb2d9dc2f2489c84ae28bb7d084f32eca8fbb066885ac6f2ef7449e71226a82e9f153772a993eb6b6bca6491d26aca5dee98b77a1ddc59922b3145c447de737fafacba5a75f2a80137b5594697220d19617674a69113fdf77c343af2b7e3861b5b7822f58d60089c3ca54c749d27f88379c067598f063939ba8631d1f52dc9ab455045fb360cc2a5b6b0127facfcf5b1b4c33e3f194fc924b854168cb1169ab10997b438b71c80878347be887af44810134b514c806908201a3d3e6d0c56120c4314874dc2944d8444f01bafa34aa62ecef0981545e5d02f4016c0b164fc05ae18f535c31bf20b86f31f7a794aba148984c3ff433dc222c443b5d26c1f66e6c5f19d19cd6eadd4dc94101b2f52b58c9d4590cb10dbc5d6eacd11d42ed09f15bde44ee9271def292f731bf3b4ac6cd127e4884c2cb30b285fc9247638a299e416520624d1ec8d0df2498939c719a9e7bd29a3c5c32a3e8241368d6e4f90fea29dc3a3f147ea9f76c5780e73143f55d3dec7b66341d3f3eac1d98f8e7d4e877509b4438c3a52466d242a10b4c27c4a0db9232dad011414ebfbd57906f1a410207b526b0d1f1b6986b3ebd7550a2b3c15fc2409c7626e0dd330ef6722e3ba48b1d9205652ac194c21473ce258559db511efad3e5d55f2a796d65a6ab97d8631062a593a13aaa095dbc93e6217ced619cb16a57e744355a16b15e77d4979119299bb043e48fa3e615460e164882984a223d418ca95340c5bfcda673fcd13b29f2c47d2f97e3e8c613b6c58df0e62cf23061d6f545b755033fd3dc1405e5fef35a13e015f98b1cc42f71b99681f9681258229a4473d86eabb0c17927941e50c08f34a76b43bcc6d042e5632ef9ccc91b6e6950f5d30f670fb3902c3d409315a40b0821ce8a99a97feca5478bfd782e78767b311f374163f5896b0beb95838e645878c64990385123b61575dd842dc76354bac9c6d5acd9935b609bcccb8463d39225da1afb8911d36e609892dd1723852ab9f82758f3f1e4d28dcf02cb06eed26844aae6882ed44bce44abcd1dfba633418c9f155879c97ab27f8ae238330392be5491a078662daaa02a3d5458b77c549c49be201245e7aaec0d94e5437beca6e5ab046d694e96bf51e04fb44379b2b9b801675fe1477f3e089874a601171d8b68f0202014601a53f812f53e581c3b96312b36b9ee04fff11d9eab4e45148dcc8f0fab1: +8bc229fc234653b13c924710cb468b8fa9b280e2adb49cb4b36bf59d6fa4a63946146975df6704cbf45320a5e6cb6de813469f3131e61d447bbca1a477a0c557:46146975df6704cbf45320a5e6cb6de813469f3131e61d447bbca1a477a0c557:bae2dc7f94ab5ccdcaa8cf49edbef0f6d7aeb1fa8907800533af4492611194e56cef37b1f033303738ae2c3bc4588f5cb3d55f345b9a407e787742a06af0b6ee20dee3dfe9c91d762a3ebd19aed07907bbb91cd776326540ded9f7ff7dda76615f978e9490f406ed2d9116e2093fa785e971b5062d31cb40fff9e3c551a73b20245d46df4d7fd1303a28180172d9a2bf5593c47917b58690917c1fb0e1e2994d1fa97735ae378de6eafd5c1a25abafa3cfd2df7aeabd6e68fc44edf82fc83694e5d841a15b14568b6110be644bf22b71fc47d7f07e1666957d0f87da17f13fcd63c1c2966f687d25dcbd9963f01eff132d5f2b86677816588c123e9457befcced2d3cd1d1bebe8dd8fbb1587e553cbcc4c8762064cd32ef7a1702410f77f15240d7e2bb582c678c0da88ef4522830b143660ac9c434d95772e6eeeed6014ae16824ccdc4df2df64aeb6980b51d118985dcbbd1961f315e6a9433f0b96b1e6351257ead83e05b4cc89c924bf83558ba7d2e7ca37c03179a8f85b831e7217bf4c553838761d32602853b81593b0ebf8e4b9ffaf0ec405b2a83af7de5554daad28b582ee08bd84b375550cae08ae4a5bda71581fc3b7b54498c4e1afb966b4af1d9c843a6b25b34e04cfd9bd2374244f1fe20ec62be3ccfab4edef79ed64e6b71aa9228127c6359ea1c4a8087890896ffa46e0092dec7efbc960a17b770916f954070132e26d98d9774a2acdf809d586df0252f67cfe8d985a3e248db0f90731ace7abd999c746b69648d5c3b4bd61137e08fcc8b2efc5676bcd856a13b362151474c4a1efdedc592cf3ead1ababcd48ee204d27726ad1bda4fe4b09ab51089d016de6ba259ea81807faf211c87e4c9efbf6a4c753e08f780ed55338c0fde14fb99b30722b5594b3abe02047f466242421fb81176c9c4f0fd2b5e7c5a0f65a0c59aa8c3a986087de7ba40baca77bd36ac21ce34e9fe97facc4e298330eece1c8ec623e66a4b0f2342d2c5a02c5f5abddc5ff1f1f2d03c1d4ee9b4b342ed3b1cc26561f3217bf8500e08f027571c53c9232605a53f2bda024e39929163a8e00791ac0656bb0783825e7105ffa9d90969dc094af46f702e85cc11e442b3d5534c1d3275207d6d29a942c358ed5fa07557c3c014cf541f9aaeea6025b41ecdd848512ba25e721e43d329185f8f94892e9e2d5e7cbb99e7ad25f69e5bef732cfceb078611553cc78377375e74e66f1b9d8d20:d243b87d1397d594139d83c39acf8501d073bd4be718b4c206980729e720a4c5b0ea91a28ea12604a987e69591c543049f2973bb91c170213c32a64a0fac8204bae2dc7f94ab5ccdcaa8cf49edbef0f6d7aeb1fa8907800533af4492611194e56cef37b1f033303738ae2c3bc4588f5cb3d55f345b9a407e787742a06af0b6ee20dee3dfe9c91d762a3ebd19aed07907bbb91cd776326540ded9f7ff7dda76615f978e9490f406ed2d9116e2093fa785e971b5062d31cb40fff9e3c551a73b20245d46df4d7fd1303a28180172d9a2bf5593c47917b58690917c1fb0e1e2994d1fa97735ae378de6eafd5c1a25abafa3cfd2df7aeabd6e68fc44edf82fc83694e5d841a15b14568b6110be644bf22b71fc47d7f07e1666957d0f87da17f13fcd63c1c2966f687d25dcbd9963f01eff132d5f2b86677816588c123e9457befcced2d3cd1d1bebe8dd8fbb1587e553cbcc4c8762064cd32ef7a1702410f77f15240d7e2bb582c678c0da88ef4522830b143660ac9c434d95772e6eeeed6014ae16824ccdc4df2df64aeb6980b51d118985dcbbd1961f315e6a9433f0b96b1e6351257ead83e05b4cc89c924bf83558ba7d2e7ca37c03179a8f85b831e7217bf4c553838761d32602853b81593b0ebf8e4b9ffaf0ec405b2a83af7de5554daad28b582ee08bd84b375550cae08ae4a5bda71581fc3b7b54498c4e1afb966b4af1d9c843a6b25b34e04cfd9bd2374244f1fe20ec62be3ccfab4edef79ed64e6b71aa9228127c6359ea1c4a8087890896ffa46e0092dec7efbc960a17b770916f954070132e26d98d9774a2acdf809d586df0252f67cfe8d985a3e248db0f90731ace7abd999c746b69648d5c3b4bd61137e08fcc8b2efc5676bcd856a13b362151474c4a1efdedc592cf3ead1ababcd48ee204d27726ad1bda4fe4b09ab51089d016de6ba259ea81807faf211c87e4c9efbf6a4c753e08f780ed55338c0fde14fb99b30722b5594b3abe02047f466242421fb81176c9c4f0fd2b5e7c5a0f65a0c59aa8c3a986087de7ba40baca77bd36ac21ce34e9fe97facc4e298330eece1c8ec623e66a4b0f2342d2c5a02c5f5abddc5ff1f1f2d03c1d4ee9b4b342ed3b1cc26561f3217bf8500e08f027571c53c9232605a53f2bda024e39929163a8e00791ac0656bb0783825e7105ffa9d90969dc094af46f702e85cc11e442b3d5534c1d3275207d6d29a942c358ed5fa07557c3c014cf541f9aaeea6025b41ecdd848512ba25e721e43d329185f8f94892e9e2d5e7cbb99e7ad25f69e5bef732cfceb078611553cc78377375e74e66f1b9d8d20: +3edb50ff074ef9717f4fb0b6ce252bf4bd049c9083775f529eaf51e975cb32454bc21fe03e679abbfcd8c5ea2bcc4d838a787d4840c3bc39de4b04c417c768a5:4bc21fe03e679abbfcd8c5ea2bcc4d838a787d4840c3bc39de4b04c417c768a5:975ece4e81f0015f5ac3044609d0ac3a8df9145b50c42889dd312f563cf6126e36fffaf21eb6b84fbda15aa85c66145f7541e5b41a8e81700be356224fc109327a6919665673534f5c8a4a001750b199dbfd630691af552d4d26a9d9afb33a16af391154124b53426c9f695057b1814fd6d310298af6c830686a4a007a14e0057b72fbad5b803ad353d1c3fdb890a9c81808e89f229187bcb44fee16a4ebcad5eba459b028272a562c05079fa7ae3ecae804a9e8c4f3f315813c5ee0841bbccfe4a95623b517a4b42b2c6d97a3bf26acdbe2e979633f02aac466526a3ebb14da19bc95f2c3fdf6bdb08be8bde97a864c907e918c679ab726f80177145840216b9dc3f981ef17874f08b2fc6611a6346c3da6a55ecfa753c9919f4f19e3c79093bfd78f861598e4666e1cab688e4604d46c9c582eadb92c988f478d160f5a15182b3340201797d0b955282e4a217b50b14b10c9f49067ea3e84e5274dcaec74474c5707c28bba0db8cde3e838d7313c171b85ff2b9a3d2b167e9061f84df3b13bdd08b2d501e53792d68054d048abfe3bce98d978256f2fd2c6c4e76f39688cccf0fe149af9d347e7b040ef241dd5a53eaa5eab35a18c68c754a06b03399bbe56a25268c829a5ba82b28192041d3bd244eb08bf78e76def87cd09f32beac9bb639823b36967a574d8960d1bd03435679d93eddc558063c540b9c2f609fed2e2e3576d19e6209eab466c206791c3aa199623fbae7d3497e80fdd3fcbaf5b89110ed72244234be85cca4b27a09bb70a26ece4eb8dd970a26e5b04361fa50e90380ed65f414c1be9f5064f71429116267edd6976422ad92deb2b804a92e81c9f6522a0f3b5d8ad36b4f87db516a22873e6f27284f2ca360a2f40ff3d8e23dec8ef8a17a43acbb61271a727cb8690d29bb82016736b31026201dd3d388d2c643a73cfbd0a94e20551fb5f8e1ffc39741272aa2308dc8d2133a3fa9cf109796d69d2cc8addc44ae2527781ee993af2a637a872f02aff474a7073f29d9c89507701fecbbfd5101353537eba17c29669dac0427e38e22dfaac91fc20d9e3fee791f462a863bb1908fb1e4204b68880314ddacaaa35a17af5f57a399f1931e78f5a37454fd38c57a68e8d367848a97345189c70077fd1aa0754e703e352618063b9e3faf3b14b5f0b27113633c5d17363741e96a67e816401e8098c17bffe9c6f3587646f40e9fdb6819fd22a743a7a6e10feba11:deb3d9fc7b2d86ab4b926f99527970abb51838bcc2919e94cda3371fd0e7693fe37e0c40e1233b09ffa903a034dde287c0237dc594f53abc87844869dce92002975ece4e81f0015f5ac3044609d0ac3a8df9145b50c42889dd312f563cf6126e36fffaf21eb6b84fbda15aa85c66145f7541e5b41a8e81700be356224fc109327a6919665673534f5c8a4a001750b199dbfd630691af552d4d26a9d9afb33a16af391154124b53426c9f695057b1814fd6d310298af6c830686a4a007a14e0057b72fbad5b803ad353d1c3fdb890a9c81808e89f229187bcb44fee16a4ebcad5eba459b028272a562c05079fa7ae3ecae804a9e8c4f3f315813c5ee0841bbccfe4a95623b517a4b42b2c6d97a3bf26acdbe2e979633f02aac466526a3ebb14da19bc95f2c3fdf6bdb08be8bde97a864c907e918c679ab726f80177145840216b9dc3f981ef17874f08b2fc6611a6346c3da6a55ecfa753c9919f4f19e3c79093bfd78f861598e4666e1cab688e4604d46c9c582eadb92c988f478d160f5a15182b3340201797d0b955282e4a217b50b14b10c9f49067ea3e84e5274dcaec74474c5707c28bba0db8cde3e838d7313c171b85ff2b9a3d2b167e9061f84df3b13bdd08b2d501e53792d68054d048abfe3bce98d978256f2fd2c6c4e76f39688cccf0fe149af9d347e7b040ef241dd5a53eaa5eab35a18c68c754a06b03399bbe56a25268c829a5ba82b28192041d3bd244eb08bf78e76def87cd09f32beac9bb639823b36967a574d8960d1bd03435679d93eddc558063c540b9c2f609fed2e2e3576d19e6209eab466c206791c3aa199623fbae7d3497e80fdd3fcbaf5b89110ed72244234be85cca4b27a09bb70a26ece4eb8dd970a26e5b04361fa50e90380ed65f414c1be9f5064f71429116267edd6976422ad92deb2b804a92e81c9f6522a0f3b5d8ad36b4f87db516a22873e6f27284f2ca360a2f40ff3d8e23dec8ef8a17a43acbb61271a727cb8690d29bb82016736b31026201dd3d388d2c643a73cfbd0a94e20551fb5f8e1ffc39741272aa2308dc8d2133a3fa9cf109796d69d2cc8addc44ae2527781ee993af2a637a872f02aff474a7073f29d9c89507701fecbbfd5101353537eba17c29669dac0427e38e22dfaac91fc20d9e3fee791f462a863bb1908fb1e4204b68880314ddacaaa35a17af5f57a399f1931e78f5a37454fd38c57a68e8d367848a97345189c70077fd1aa0754e703e352618063b9e3faf3b14b5f0b27113633c5d17363741e96a67e816401e8098c17bffe9c6f3587646f40e9fdb6819fd22a743a7a6e10feba11: +cda4ba93940aa0c0c3150b3929b95ee7769ce43fd98ecaff9c4a509e736d5c8ef4c7a25f1a743daf41417e47e027537f24f481bd1a75e6b1d33ec4c82c55a2d3:f4c7a25f1a743daf41417e47e027537f24f481bd1a75e6b1d33ec4c82c55a2d3:3a1d668c6688414896a7697f3c2e431098edfc457e04d2da869568ad5b3310e59e4c727c903cbf1817408802319a8c231b58023dfae494c013af0fdb78c91d5b457f8c47a3dc31d8c8594aa08f146203fa2c28b3dd796a11a97adede6a7a709b5a1918ef1bea83533c783473703356f5beea7fd18ac44ec6890495ed170d03f15b418608a7d9efd52fa10918638051c448d98d5724f567c8c67fd5b6ec8c3d636008b9bae5e8b1e984f8ffb8b64beebd6345a105c1c1083132fd4508d6ac0d4e9145501210e517d9b22478e215b602599f803762dcd5a409b3460e7f340f47ef77281ad2383de08c5b809538aaec922bfca0d6752f147972646d0a8d8340772c871d3b34abc06037de3ab4e37129865d5ba70b6f3cc9a059efb7dddc3882f4fcfe13f448c9bc664888589603ba98683a93b4b3b1014992a55c8e4ea1baf9cc00d1badff5fd7f5da5e307fbd1b4c984e0fa0edec5d30bfef5f477301263b5d752001b85dd52df3b4a7ac23b930a91c0a45765a66488d8eb5901857060067b82378188549288ddc61831e5b6841b344cae2250042219cfb4ace023e691f9e48d006e9a07c67d2468f93593b4afc161c0768b6ceb744c24c923da34af3d5ed577cc7f85d491560f4c0bcbcd1d5e3421bd1ccfafb373d651bd61ed71c09e99f612001704d0c630d8547bd970b66e7f5ce7a014e0ff5a337dc5c56a99f131b9129140eeea39397c48caa9a8086f9fd99150be7ef87b6d4b94b1bd52878bf3bbfcceacc2cc45e8971c3a4d4a3eb86af9874d4fa5e7caa7f45d1553ffbb41645bf0f5e9b29772e3dc081b25b52e1cb7e2167483d54fba690ddb29d5462d2a27a35d85f007adede2a3dd7281f654336afafb7370782b29cad643d9d9db2f05f281b53e133ec30eec09fb0d061b74581a2bd2790b137391f19328880f64c53be700d0faddb70dc165d2d62e671eb9449a2e6e9df2c16d8f49fa4b5b84309f7335133dbe872c5a8fdcfbc4980abfb3c9597d5d667ad2f688c7ab24c9e440298d72b28b0fcde9c6f071bccc93e8ddbba7b60a0b544a2e06c39c6723d4f7dc185c21135fd13a72770b976119e49a1f81ed476be07c443de0b0ee76fbd919389328b3eb8607bc2fe38f85745e28adb7482b701ccc6690e4ae5a9332ea44613179387dc6fc47c1d1ec366035e991e1404323bdbbf535f1c33cf57b6723f13ca6ca329e2aaa4b46b42607339906c7ef49b32db82cdf6a87ad:31048d334af05a4f275ff827544ea296a4a775fa59efa000c57613fa6e5c493c3a9b79e8ce56e7225b0fa326204f0336c213535ae589177a8eaedb6df8b202033a1d668c6688414896a7697f3c2e431098edfc457e04d2da869568ad5b3310e59e4c727c903cbf1817408802319a8c231b58023dfae494c013af0fdb78c91d5b457f8c47a3dc31d8c8594aa08f146203fa2c28b3dd796a11a97adede6a7a709b5a1918ef1bea83533c783473703356f5beea7fd18ac44ec6890495ed170d03f15b418608a7d9efd52fa10918638051c448d98d5724f567c8c67fd5b6ec8c3d636008b9bae5e8b1e984f8ffb8b64beebd6345a105c1c1083132fd4508d6ac0d4e9145501210e517d9b22478e215b602599f803762dcd5a409b3460e7f340f47ef77281ad2383de08c5b809538aaec922bfca0d6752f147972646d0a8d8340772c871d3b34abc06037de3ab4e37129865d5ba70b6f3cc9a059efb7dddc3882f4fcfe13f448c9bc664888589603ba98683a93b4b3b1014992a55c8e4ea1baf9cc00d1badff5fd7f5da5e307fbd1b4c984e0fa0edec5d30bfef5f477301263b5d752001b85dd52df3b4a7ac23b930a91c0a45765a66488d8eb5901857060067b82378188549288ddc61831e5b6841b344cae2250042219cfb4ace023e691f9e48d006e9a07c67d2468f93593b4afc161c0768b6ceb744c24c923da34af3d5ed577cc7f85d491560f4c0bcbcd1d5e3421bd1ccfafb373d651bd61ed71c09e99f612001704d0c630d8547bd970b66e7f5ce7a014e0ff5a337dc5c56a99f131b9129140eeea39397c48caa9a8086f9fd99150be7ef87b6d4b94b1bd52878bf3bbfcceacc2cc45e8971c3a4d4a3eb86af9874d4fa5e7caa7f45d1553ffbb41645bf0f5e9b29772e3dc081b25b52e1cb7e2167483d54fba690ddb29d5462d2a27a35d85f007adede2a3dd7281f654336afafb7370782b29cad643d9d9db2f05f281b53e133ec30eec09fb0d061b74581a2bd2790b137391f19328880f64c53be700d0faddb70dc165d2d62e671eb9449a2e6e9df2c16d8f49fa4b5b84309f7335133dbe872c5a8fdcfbc4980abfb3c9597d5d667ad2f688c7ab24c9e440298d72b28b0fcde9c6f071bccc93e8ddbba7b60a0b544a2e06c39c6723d4f7dc185c21135fd13a72770b976119e49a1f81ed476be07c443de0b0ee76fbd919389328b3eb8607bc2fe38f85745e28adb7482b701ccc6690e4ae5a9332ea44613179387dc6fc47c1d1ec366035e991e1404323bdbbf535f1c33cf57b6723f13ca6ca329e2aaa4b46b42607339906c7ef49b32db82cdf6a87ad: +217ecd6a7fcc98719210c34cc2e14f5e2d6b5a22f268c14bc4d8a7f2817200c3d59191ce282d72fe3ac45878e24bb2f28c409ba05d76ce9bcf22f50b0c778675:d59191ce282d72fe3ac45878e24bb2f28c409ba05d76ce9bcf22f50b0c778675:9b5337e78fb382f22ea60e03c0bf3ee4700b6978a91ee6acdf6a409e4918d1684881fa1d118c08c9f6f2ca0cab567402c95010e7abdfe848ae79ba249adcb96eae1dfa0843952139cf49b588647895691a2e9880466b7e77e54f6f60815ebfd5e5748f413c0e15f9d576799bcf31284710636f6e9dc7878500796eed80c8af4be2961952ea80bbed1404bd5dae9e6d05fd4f325a3b83cd4528a0869cef84b4d30e02f941d749a8dac97bb3fa839d25739b97ec374536bdea500484a941db9f2299970658d41148295ca0846ca2366238b6201a48b3e447edbea7a4c8f71020142769e15fa72ae5f287140bc5953b8a9a242d205fc019091f2abed0fda47f52d59a0204ce7401c1829b5857b9a0916fcebe2eef991c413acd71b18d8590d6b6d0fb3994302678c29f2b6a53023f9187e46c36790bce73873c545a72beb553294b1ee5d0d0dff239e28ec63b01e4d8fe0d6e69b1601efa2411f0c0601e7e4f65c984f829f0dc2a8421e7f66d9330537151c7243ca524d7a54735c6e344f1fc938eaeea2779c940891d6d01aa55f40cc1adba12e8a67ad9a27fe63fb4f38dc0f01841925718427255bd665d5eb3bc869896db8625204ad4b02f5a22aaeead6e300471fea61dbb1b55c071365c58b1511f38b09a4671bd66b3fedda9c87e43d1ebf301764e18fc0cf16b2d2d67ed239b393ac71968a903c02477fb2df9ef01dbfc3167de7265f891e4fd24d02c63103519b86a7085b1ec2fb419db766bee7a641a4be429614ab89f20f975341072bf04419fb69be7a9ee71a5b49af83ed322bac68a429ff5c5206773be5438b65e53f609729f4f6a21c1333911264d63927017e8136b4725cd1cc964e08ca0933a561e7e3f5987768330e2e54f8d728f59edfe2c91c4f99aef97d18559195a3d8eb315dff96fe276da7137eff93057ac731e06a60a58bd8a9ae8c7cbaff0cb3372c68daa175c428d52f1073a38bf29465d2a7128bb40074006edcb725a831d812864ef43f3b8667c9fb71093a1673049dec05e09169d86fee92df286008ad99065a2929797a913d0233f4d1a95a220bd91c11dd9c45685dcad385780a0c48b9c4ad2d66303e8de4af1db3c04e4a3dd4219fe773f83a8924b0fcbfffcf264abce32832924036bfabba6546b1df4e3f788ed8ad5c2cd92b2641b47090a103cf5bdc46d8b2143174757da801c360a7aa107fac654b34c860bd54f76bbf43c48478df4fe7aa59cf91d:a0b169e8e9ce557555e0334a0de7438e553675489ea4ba9cc63a234d00ded8ab6967a3be90ef69e076db9ea3d5ca23b3248dd25991ee1f4d80620bf4db438f0e9b5337e78fb382f22ea60e03c0bf3ee4700b6978a91ee6acdf6a409e4918d1684881fa1d118c08c9f6f2ca0cab567402c95010e7abdfe848ae79ba249adcb96eae1dfa0843952139cf49b588647895691a2e9880466b7e77e54f6f60815ebfd5e5748f413c0e15f9d576799bcf31284710636f6e9dc7878500796eed80c8af4be2961952ea80bbed1404bd5dae9e6d05fd4f325a3b83cd4528a0869cef84b4d30e02f941d749a8dac97bb3fa839d25739b97ec374536bdea500484a941db9f2299970658d41148295ca0846ca2366238b6201a48b3e447edbea7a4c8f71020142769e15fa72ae5f287140bc5953b8a9a242d205fc019091f2abed0fda47f52d59a0204ce7401c1829b5857b9a0916fcebe2eef991c413acd71b18d8590d6b6d0fb3994302678c29f2b6a53023f9187e46c36790bce73873c545a72beb553294b1ee5d0d0dff239e28ec63b01e4d8fe0d6e69b1601efa2411f0c0601e7e4f65c984f829f0dc2a8421e7f66d9330537151c7243ca524d7a54735c6e344f1fc938eaeea2779c940891d6d01aa55f40cc1adba12e8a67ad9a27fe63fb4f38dc0f01841925718427255bd665d5eb3bc869896db8625204ad4b02f5a22aaeead6e300471fea61dbb1b55c071365c58b1511f38b09a4671bd66b3fedda9c87e43d1ebf301764e18fc0cf16b2d2d67ed239b393ac71968a903c02477fb2df9ef01dbfc3167de7265f891e4fd24d02c63103519b86a7085b1ec2fb419db766bee7a641a4be429614ab89f20f975341072bf04419fb69be7a9ee71a5b49af83ed322bac68a429ff5c5206773be5438b65e53f609729f4f6a21c1333911264d63927017e8136b4725cd1cc964e08ca0933a561e7e3f5987768330e2e54f8d728f59edfe2c91c4f99aef97d18559195a3d8eb315dff96fe276da7137eff93057ac731e06a60a58bd8a9ae8c7cbaff0cb3372c68daa175c428d52f1073a38bf29465d2a7128bb40074006edcb725a831d812864ef43f3b8667c9fb71093a1673049dec05e09169d86fee92df286008ad99065a2929797a913d0233f4d1a95a220bd91c11dd9c45685dcad385780a0c48b9c4ad2d66303e8de4af1db3c04e4a3dd4219fe773f83a8924b0fcbfffcf264abce32832924036bfabba6546b1df4e3f788ed8ad5c2cd92b2641b47090a103cf5bdc46d8b2143174757da801c360a7aa107fac654b34c860bd54f76bbf43c48478df4fe7aa59cf91d: +08d1d06f3ec29eb52293907b705ec56c5ab354fb78673773ae61253094b89e82c1b99a87ad15bd46f6c848452af0fa3ccccb5cdf6e348d816e36c5d0fca66e66:c1b99a87ad15bd46f6c848452af0fa3ccccb5cdf6e348d816e36c5d0fca66e66:120b35573c34914b373051880da27ed241377f0e78972c98d0faebaa767eb7a7c7e7c6fc3405a4336ef95bc5da9225bbd09e9e11f2a1bf142af4e8a0f924d323dd5a49dfe584f090439c08e51511344d470c6200ac7e7ca150d088a91e47c4c9ff74e38a42a332155d8152ae4abd1161adca934c234ce460af8789e53f109d7d31eede0a909bd193fc8d3c2cfec10b143c31476711bbec27e196a54985bc347167acd233508827bad36e548c880642b86a28c6d3404b511da24f11dfaf6a8f46ddcbc9de9e391597669bddfca6560f91acd3459f329bb071dd80dadf35f0e50df5b10f88d267ac9d3062330dd99a6bcfa13187f45c0c214dcde2cdf9c3ba4d59e633a354a4e277c677bbdfa24191179cbcaf05a10d4078d8add93bc9ed8f6c6c499757403655341f904e37d927750c699c269dc90dc26d005625c3f4124bff66feca59d4abff4172ba3df45a874302231030fa783384f50999e3c4baa5eadb451452c888b519272e90f73c6872768e0de20ee2e5f9502f35e49fecc28b75201887fed2818eff545398392f5e5b6876bc556ac13a1903ada1b9d725b04a14204b599ec33d62b7dcaeea8c52877b2cfdc3558a91d2c9157500a3bb6d452e5e2ff093294fc433cbd63465bb191307ed801a15b85dc2ff0bb38312f8b817a436d422cf4607c64ee7035923db6b96a3899910149b0da4aa3e96685d7163aacf9e619dc60813ce4f344f3079b43f187fa31bdacb9a1d7720b939d5bd241b96a177d7b7768ffebf79044cd2956d6f88db1c243a10fede6814852cf404b2cdcfa774076dc125c70a57c6907e99afe39622ae11f557e7d34b39aaaf45f834058d2fe5f15b5eb70ac15a90a3de5850ab1dcb48b06b6ccaa4b42f857e71ec00b8a3d8974b0bea68fa0f665592115b4fa55572cf0b0738641fc868d4a2e714db3ad7219a823d54b7f7c2656ba5c5eebe3594c7db12298c16251d9845bf2f7800b4190b746e21b0c1a5c47a3df9a059ce0956674eb703decb0a0045437da4da10f286d720d1b9df05fb24415d68e065570e6b31503142d03335a807bdca30892edb5f55f8989d9e649659c0744c5433bfb4deeb11c2626a8650e54d4d398ba19b64f68bed06d7fc408f470ac704e2ac922ac1411fee24543e56f2f50b6b08953dc56a7a75edae430a6df28a227adac91ba26f0e198595327739cba303e9aa393ea6618a84f8f503d0056ee8d87e3796e036cc51ccb791deb795:0b8edcb8b15a8cd074c41dc2a1ba29d9648d6acbdc338314707eca6fb4714c99543b4907b9f85e57eecffe0f7a6b7073a80946f8087553f4683109273a604a08120b35573c34914b373051880da27ed241377f0e78972c98d0faebaa767eb7a7c7e7c6fc3405a4336ef95bc5da9225bbd09e9e11f2a1bf142af4e8a0f924d323dd5a49dfe584f090439c08e51511344d470c6200ac7e7ca150d088a91e47c4c9ff74e38a42a332155d8152ae4abd1161adca934c234ce460af8789e53f109d7d31eede0a909bd193fc8d3c2cfec10b143c31476711bbec27e196a54985bc347167acd233508827bad36e548c880642b86a28c6d3404b511da24f11dfaf6a8f46ddcbc9de9e391597669bddfca6560f91acd3459f329bb071dd80dadf35f0e50df5b10f88d267ac9d3062330dd99a6bcfa13187f45c0c214dcde2cdf9c3ba4d59e633a354a4e277c677bbdfa24191179cbcaf05a10d4078d8add93bc9ed8f6c6c499757403655341f904e37d927750c699c269dc90dc26d005625c3f4124bff66feca59d4abff4172ba3df45a874302231030fa783384f50999e3c4baa5eadb451452c888b519272e90f73c6872768e0de20ee2e5f9502f35e49fecc28b75201887fed2818eff545398392f5e5b6876bc556ac13a1903ada1b9d725b04a14204b599ec33d62b7dcaeea8c52877b2cfdc3558a91d2c9157500a3bb6d452e5e2ff093294fc433cbd63465bb191307ed801a15b85dc2ff0bb38312f8b817a436d422cf4607c64ee7035923db6b96a3899910149b0da4aa3e96685d7163aacf9e619dc60813ce4f344f3079b43f187fa31bdacb9a1d7720b939d5bd241b96a177d7b7768ffebf79044cd2956d6f88db1c243a10fede6814852cf404b2cdcfa774076dc125c70a57c6907e99afe39622ae11f557e7d34b39aaaf45f834058d2fe5f15b5eb70ac15a90a3de5850ab1dcb48b06b6ccaa4b42f857e71ec00b8a3d8974b0bea68fa0f665592115b4fa55572cf0b0738641fc868d4a2e714db3ad7219a823d54b7f7c2656ba5c5eebe3594c7db12298c16251d9845bf2f7800b4190b746e21b0c1a5c47a3df9a059ce0956674eb703decb0a0045437da4da10f286d720d1b9df05fb24415d68e065570e6b31503142d03335a807bdca30892edb5f55f8989d9e649659c0744c5433bfb4deeb11c2626a8650e54d4d398ba19b64f68bed06d7fc408f470ac704e2ac922ac1411fee24543e56f2f50b6b08953dc56a7a75edae430a6df28a227adac91ba26f0e198595327739cba303e9aa393ea6618a84f8f503d0056ee8d87e3796e036cc51ccb791deb795: +f0c85c76b1532e89aea975156dddb1d3d066f6409f841bb4410922725f269d86fd75fc75c36f83498d8f0827f01d3b457f8bc4d9dc55e4a46274ddf0034fe16f:fd75fc75c36f83498d8f0827f01d3b457f8bc4d9dc55e4a46274ddf0034fe16f:ae2eb018d48dbd4f210b16778b5bd2fd14c94e6bbf2b3ff85518e560ab8d3e72201f433420f00f11bc78e0e9f3720875b2e9dc11e04325b8b3f0d465ddab21511c457d6acad8f2fd5fdc0d2823fe6caa66a191a3b6326b32a16befd64d15b361a41513641bceba26bfe93bdf854a4f8f8a0b29f7e28262e2d6e98aa24ac27f6f7883ac01a74c40cce947ebac70e9fef2a16e6289e468950e391e9e24ef58e88a44377269cebafed8987d220dcae2d8b126b6bf812167d023d9baac950d9db8cf52de6306bd48999610c0a433fa9e1771cb832d4197aa340dd0ccd0744fc6b62f90bd3ebb5308cab5f940e2916423cf0f3bf080c06a94f026910460dda809374e6457f064f178e308e7a1b5af4def319007d041778c3d6a419f51badf87663879302b53ff269df442d0e05c958d5baacceed7f5f8afc811c18900ee3b0f61e5dccfd5dac85332d32ebba371aa2d47a606f59546e4bbb605a74677b19a0fe8e95f9f77c0b8b71d07e983004dc2ab2cb3793a323c108dfa7970da00db198674bd34bf7310767f76a224e07bdbc62b9d078cbc75367e2ebaa2c5d274bf3427f2a0cc5dbef0af4e63ad889e131b12bc8ca32d827f7260b0449d0443fa288440efd1364e3c9849477e73ee0ba4240d492af5ce13c34561b45010c109d842c1fed1be3fa9e184aaa14064f43f6dea0b659c5b97893cf2a433bcfb1d2a87eb564bd9092c2666704731f83e56434b2a4299650c7060f9ff7e8aadcb4593f609188d8b467646cfe95270067a1d35cd759fe581af4e62602c02ef14744143eb424f2d9f33a60288c1b25f08e4b2f5feae06cbcc2b2052bf384e1a6fcd8471ce5e5658d77f40c35c415e2a9e09fb583bb7471258e7c806f3c21822dd10f56a640cdc00128d3ba556ba51dcaab47c3baf9f0197d3663de8d093e83173325def1e83a2f5f5acf12ae09f3ce96cd888034dcbe6147dc5998362a4bc406d28846ab1503c17c94f9afd903c9a58e1cebb4abb4ff6f2a41024e06dcaad14f5b70c1b26e69f96ecf14b8da31c621f9ad4e30aeb982378671f7d1f2c4b572c41bb8830840ac5ddced881f8fff210c3c7f236d8c5f2cfdacda29893302fde15282db540cb543737dd77852569221fddcdd68d87e2402179d3a5a77734c275a1d560a462f40318bb6819837da3d305eb49b38650efdc8fe409d40fb94cd5dc3eb02738f38852f671a0c41414b76fb436f3417b8ef300921c009ebbd7cf8e11:4218fe4c1dce795ca92a49a6f4798eb5412dc825860314ec469fed45de3a7bf8ea55e853a349584bd95a826a585a503fd50bfe4c635ef183d07301367e90100aae2eb018d48dbd4f210b16778b5bd2fd14c94e6bbf2b3ff85518e560ab8d3e72201f433420f00f11bc78e0e9f3720875b2e9dc11e04325b8b3f0d465ddab21511c457d6acad8f2fd5fdc0d2823fe6caa66a191a3b6326b32a16befd64d15b361a41513641bceba26bfe93bdf854a4f8f8a0b29f7e28262e2d6e98aa24ac27f6f7883ac01a74c40cce947ebac70e9fef2a16e6289e468950e391e9e24ef58e88a44377269cebafed8987d220dcae2d8b126b6bf812167d023d9baac950d9db8cf52de6306bd48999610c0a433fa9e1771cb832d4197aa340dd0ccd0744fc6b62f90bd3ebb5308cab5f940e2916423cf0f3bf080c06a94f026910460dda809374e6457f064f178e308e7a1b5af4def319007d041778c3d6a419f51badf87663879302b53ff269df442d0e05c958d5baacceed7f5f8afc811c18900ee3b0f61e5dccfd5dac85332d32ebba371aa2d47a606f59546e4bbb605a74677b19a0fe8e95f9f77c0b8b71d07e983004dc2ab2cb3793a323c108dfa7970da00db198674bd34bf7310767f76a224e07bdbc62b9d078cbc75367e2ebaa2c5d274bf3427f2a0cc5dbef0af4e63ad889e131b12bc8ca32d827f7260b0449d0443fa288440efd1364e3c9849477e73ee0ba4240d492af5ce13c34561b45010c109d842c1fed1be3fa9e184aaa14064f43f6dea0b659c5b97893cf2a433bcfb1d2a87eb564bd9092c2666704731f83e56434b2a4299650c7060f9ff7e8aadcb4593f609188d8b467646cfe95270067a1d35cd759fe581af4e62602c02ef14744143eb424f2d9f33a60288c1b25f08e4b2f5feae06cbcc2b2052bf384e1a6fcd8471ce5e5658d77f40c35c415e2a9e09fb583bb7471258e7c806f3c21822dd10f56a640cdc00128d3ba556ba51dcaab47c3baf9f0197d3663de8d093e83173325def1e83a2f5f5acf12ae09f3ce96cd888034dcbe6147dc5998362a4bc406d28846ab1503c17c94f9afd903c9a58e1cebb4abb4ff6f2a41024e06dcaad14f5b70c1b26e69f96ecf14b8da31c621f9ad4e30aeb982378671f7d1f2c4b572c41bb8830840ac5ddced881f8fff210c3c7f236d8c5f2cfdacda29893302fde15282db540cb543737dd77852569221fddcdd68d87e2402179d3a5a77734c275a1d560a462f40318bb6819837da3d305eb49b38650efdc8fe409d40fb94cd5dc3eb02738f38852f671a0c41414b76fb436f3417b8ef300921c009ebbd7cf8e11: +18e268b15a2501dd4c979dc103ca6a842216132b3b5081d775f88640f89c8041b34e19c1e208fb48a885079d9fbf37c74f92710960f832154fab18570cfb4c1d:b34e19c1e208fb48a885079d9fbf37c74f92710960f832154fab18570cfb4c1d:424bdcf0b256001439d16958fff648cf7a8604af22cfa5b44331b4dc356dff25cc0563da9d640133acb70b6a1176c482dbc9408cd6793d56bc29cc408823d388ed88b24ceb6621dbac0023ee69f76f8296a7395211685b3ceaa995f0355d9aad3d97358f4a379e5920ec545f469621cf768abf55d2a554c949b0ed70187c2205ad032985c9b5b2e4ba57e0b4a47d344512b84bfe9f3aa560fe6ecfc5bdf8c3b41845293573f81ed3b70edc63a30c70cda3f455901313f6d23db309478f03e34e71356d83fa5db9280cc2b4369c3d24dd9038f247596c391e48b2f3f890a141ca1d12077c69344735a59b1dd4076b22e16189991e5f1be4fb7695af90ebea5df286135cec2a6e99aa1dda328e62c0dfb63742202d63624dcc0c5cf1a5df79e2878dbc71fa96576601af22844f545733126af7d3984c3ed252e6a876445c92259fbb470a10569b49e5791fd0182cfe1c3f88297facc8c31a5332f1f4eb4958db13b6c079aa9c949487263403190c83c11a43191ffec6023fb34cfab2525beb546cf9200a96f5854b2f78ecb2d9a53aa9d287a90d4d410a63ada0e975d304d5148353463fa805b4805fb4687ed8857dfce4bc6e80833c8f9a79cd4f029a2d802bfdc819ed0c0ac8f21023287f2b4bafbcc89993fe46d52a9c6246dead617df797d48ee985f0f0df9aa82ea20e0d0db28a254a9a253f39f9cf01e3db8f3ebcf7cb97cec58c4efe031269b4b37e4cbb361f73ab4b4980bd900849538844c52cb3ac7583b8f89653a0de65a8be91582c55239cb8f5d5318a88d160e1c871e5ea7e75f5a69cba8538221ab42ce2a2c4d9c3b7ec857f230d573731133686ae8a7ed640f42f31029489e4e6af2b3ea4c7948ed537c0c5906726c2b625fd5f949e3a7cf3b6e998ec761dd6e2b5171a68749752e721b788c3477fa190cd6ea81d579dce6462d9c662ad8962e79338710cc8d2738a5fb04adfdb3f1432cfd80e2e967da000d83a0fa85abae2952f3f3683e254d868f4bf809eb2e300e7b209734a3c894e966b16088d5ed354bffbffbbf2ec2be93a32a8be5cfa18fa5653012edae5afd8709ca55c0cf23a550d34ca0f32d8f666fb47a12f2b7353a40c5379f75366c13f4ab9f14cf80a94e1f13d8b09b76fd8d14ffa538f31fd8aeb49d33433f4df7c2ca67399579fe99078aa721d6b6fc0c50e8a91fc71ca25eac1376fc671bf6153e720b25c7e97a3d4ef8442ac67acf58b504b67158f913025:f2dcfc06ef1d8eccd8e40bdf01307dd19683f214d4f084e6b6934f637278300dbb1889f2d37f53b3aef26fbb3e36bd75985fa7c8ea6ddffa72c8e406f24bb20e424bdcf0b256001439d16958fff648cf7a8604af22cfa5b44331b4dc356dff25cc0563da9d640133acb70b6a1176c482dbc9408cd6793d56bc29cc408823d388ed88b24ceb6621dbac0023ee69f76f8296a7395211685b3ceaa995f0355d9aad3d97358f4a379e5920ec545f469621cf768abf55d2a554c949b0ed70187c2205ad032985c9b5b2e4ba57e0b4a47d344512b84bfe9f3aa560fe6ecfc5bdf8c3b41845293573f81ed3b70edc63a30c70cda3f455901313f6d23db309478f03e34e71356d83fa5db9280cc2b4369c3d24dd9038f247596c391e48b2f3f890a141ca1d12077c69344735a59b1dd4076b22e16189991e5f1be4fb7695af90ebea5df286135cec2a6e99aa1dda328e62c0dfb63742202d63624dcc0c5cf1a5df79e2878dbc71fa96576601af22844f545733126af7d3984c3ed252e6a876445c92259fbb470a10569b49e5791fd0182cfe1c3f88297facc8c31a5332f1f4eb4958db13b6c079aa9c949487263403190c83c11a43191ffec6023fb34cfab2525beb546cf9200a96f5854b2f78ecb2d9a53aa9d287a90d4d410a63ada0e975d304d5148353463fa805b4805fb4687ed8857dfce4bc6e80833c8f9a79cd4f029a2d802bfdc819ed0c0ac8f21023287f2b4bafbcc89993fe46d52a9c6246dead617df797d48ee985f0f0df9aa82ea20e0d0db28a254a9a253f39f9cf01e3db8f3ebcf7cb97cec58c4efe031269b4b37e4cbb361f73ab4b4980bd900849538844c52cb3ac7583b8f89653a0de65a8be91582c55239cb8f5d5318a88d160e1c871e5ea7e75f5a69cba8538221ab42ce2a2c4d9c3b7ec857f230d573731133686ae8a7ed640f42f31029489e4e6af2b3ea4c7948ed537c0c5906726c2b625fd5f949e3a7cf3b6e998ec761dd6e2b5171a68749752e721b788c3477fa190cd6ea81d579dce6462d9c662ad8962e79338710cc8d2738a5fb04adfdb3f1432cfd80e2e967da000d83a0fa85abae2952f3f3683e254d868f4bf809eb2e300e7b209734a3c894e966b16088d5ed354bffbffbbf2ec2be93a32a8be5cfa18fa5653012edae5afd8709ca55c0cf23a550d34ca0f32d8f666fb47a12f2b7353a40c5379f75366c13f4ab9f14cf80a94e1f13d8b09b76fd8d14ffa538f31fd8aeb49d33433f4df7c2ca67399579fe99078aa721d6b6fc0c50e8a91fc71ca25eac1376fc671bf6153e720b25c7e97a3d4ef8442ac67acf58b504b67158f913025: +3c393f9df1fb0b1eec09b7f270b85982ba0fd5e4b1795e1a7fa99137fee24d7d974fe23730fc17945670fbc1f80b93f94593c8d44bc75d189a6bbfaabaf5dbd9:974fe23730fc17945670fbc1f80b93f94593c8d44bc75d189a6bbfaabaf5dbd9:54d8b8d5fac28cffa77a0916d6333c16edbc8bb74aa06e56dc00e47e3929e40864b8840d912079597eacd81dae43e2785dfc689f3e85f8c66581efc5e853d1faaac744400ab08cbdb5d16146fa60f99905ed84fd2936dd73f4bca2572b7cf5160560ffaa68da7a67e40e08a7bb7aefc4043ebed5fe80a414817edf2c63f62fac0d47446ed0bb584058f4872fecff621559311a270aea37a6296864e8d168bf1e2f55cd3b276edfa612b5d9c3362e618be6e82a6e5f82667924f3d1d3df825f9d23f4d6142d3100dfc70f70603abf3fdadaca69ef6a18ef9092b3c41ec658ab27216fc6147a080acda60a841984ee83f41ac42a80eaac91fffc8228391ef583ab3eddcf876523c20281355300d86c11a4e7c1ade8e50560f43906c9bc8ca5fbf8339fbebd02e33e8518bee5e806b8c10f8277f410664735a2bf556839635492452e6ca079deb9751cfc6797f49bca9613ff2e7fdd3646f7c5236a36bdf0051745e595dc0072fd6651d57627a6004c0f0cfae856bbc28a1231cb839665ff04152ec31c007b3e2ed0a973b24c93149ce701e6fd6539206ae91bec4ce65a89db26c7d38cecb8919f96fb6cb8f6c1939d90fb3f90b887789f29575ab20e0b08bc358153d8c03521dc891870b5f7eedcc1e62bee7da063ae66ff0a4b7d98d1cb758f69743c3db3ae2a2c9be1be094f17cd28f92d8ccbca983c749c75c610f840836e2c430ccdeff0afa54444f12b4a4f002c609451834244c0c07df8e12202a65f94447cd4903acb606d7725a86e4a2343984e679c4af1b3679c755ea50d0abe2fcc0c1c3351a9ee196b4644c424222be99e2fb373f9641e3faebff43170eb03fb8ec4557d151a55fab6c499d444c84be89f2447682de4e6f6353475efcb8fc53256763a948dc75c515fa353545d0cbad29df5e9db5cc457ed3086cffb3d75e846c4e8d88147fcd0d8aa5abab49b5e05c3d7feef637943347ad3f492ee356ef34881cfd85abce8a144ce7761e284e8b8cb08966049047a996e23559f776b1a9f41cba3954108486e2927beb6433a36ff8b2f03aa74b3d209c488e077f924f231e28345942c7dcc2e61d7c9b522b659fcb53662aff3648f66da3e83e59b0daa90b94c515dadab10d5a839cb3a2f1d3cd092de55d995138c3ac0b907af15ac63ec1874114327e21971345ef17031d52617e784da3771439be2e84148bcfea132bde10e6fda547dcbb1c4d8f74ddce1fccf8213e0da6e97b81f75:22333e56410fdcbf84f6a8de741337691684495ba69eff596db9c03a281210881e6c91efa91b2183c0eac916152817a78ca724ba7c8b51bb4caadea9a341eb0e54d8b8d5fac28cffa77a0916d6333c16edbc8bb74aa06e56dc00e47e3929e40864b8840d912079597eacd81dae43e2785dfc689f3e85f8c66581efc5e853d1faaac744400ab08cbdb5d16146fa60f99905ed84fd2936dd73f4bca2572b7cf5160560ffaa68da7a67e40e08a7bb7aefc4043ebed5fe80a414817edf2c63f62fac0d47446ed0bb584058f4872fecff621559311a270aea37a6296864e8d168bf1e2f55cd3b276edfa612b5d9c3362e618be6e82a6e5f82667924f3d1d3df825f9d23f4d6142d3100dfc70f70603abf3fdadaca69ef6a18ef9092b3c41ec658ab27216fc6147a080acda60a841984ee83f41ac42a80eaac91fffc8228391ef583ab3eddcf876523c20281355300d86c11a4e7c1ade8e50560f43906c9bc8ca5fbf8339fbebd02e33e8518bee5e806b8c10f8277f410664735a2bf556839635492452e6ca079deb9751cfc6797f49bca9613ff2e7fdd3646f7c5236a36bdf0051745e595dc0072fd6651d57627a6004c0f0cfae856bbc28a1231cb839665ff04152ec31c007b3e2ed0a973b24c93149ce701e6fd6539206ae91bec4ce65a89db26c7d38cecb8919f96fb6cb8f6c1939d90fb3f90b887789f29575ab20e0b08bc358153d8c03521dc891870b5f7eedcc1e62bee7da063ae66ff0a4b7d98d1cb758f69743c3db3ae2a2c9be1be094f17cd28f92d8ccbca983c749c75c610f840836e2c430ccdeff0afa54444f12b4a4f002c609451834244c0c07df8e12202a65f94447cd4903acb606d7725a86e4a2343984e679c4af1b3679c755ea50d0abe2fcc0c1c3351a9ee196b4644c424222be99e2fb373f9641e3faebff43170eb03fb8ec4557d151a55fab6c499d444c84be89f2447682de4e6f6353475efcb8fc53256763a948dc75c515fa353545d0cbad29df5e9db5cc457ed3086cffb3d75e846c4e8d88147fcd0d8aa5abab49b5e05c3d7feef637943347ad3f492ee356ef34881cfd85abce8a144ce7761e284e8b8cb08966049047a996e23559f776b1a9f41cba3954108486e2927beb6433a36ff8b2f03aa74b3d209c488e077f924f231e28345942c7dcc2e61d7c9b522b659fcb53662aff3648f66da3e83e59b0daa90b94c515dadab10d5a839cb3a2f1d3cd092de55d995138c3ac0b907af15ac63ec1874114327e21971345ef17031d52617e784da3771439be2e84148bcfea132bde10e6fda547dcbb1c4d8f74ddce1fccf8213e0da6e97b81f75: +f8669c88f1685bbf0480cc9221ac2ead8f551bfa87ecba2fd4ddf3ba3476ebda34723fb8e253ad9c71cefde03628d204e535de479e1048e5188762a1f337fe5f:34723fb8e253ad9c71cefde03628d204e535de479e1048e5188762a1f337fe5f:5b4941beec2241c9fb76d8484f4f3f3ab4ffe8ecc8e7aec76de2ab8c368584d751b0d3feb8a1dc8168cdc694968f66b2a0b052afbf8be3a7d95163e9da9141c59ca55976c292c5c74d31318d6a91e7817c5a8b2f812118cbeba3a13323cd9748bf86ed1a85dd4ebc0df495cfa3d4627434bf14aae8ab6781467a56d965d10e6371989dfa0f6bc0f7859f3771eb9004b34367db2705dbd60fa8f7895c1eadf59f53dab168b4f9363979025501ddd9680debc07cd1ca4a0997876e9211f307d9b7b9d904e48d2861a778b879ad590a9a2f141bd568e3a1bb2494628e9ec0c64255aeea6f0eedca30ad38a1f3ffec3b2b5e942e21940104e914d11a44c00fdd47da3e5513aa8530aee247c95ca66d08a2608c75ba9858da14f9a8a32be713d309e0f584c81ef5be040e0065f07b775ae175dfe2c8b90a88ccda17fa4f21c77eadf5d25b6e404bf004479e05a01ac0042b89937eb278c1c34f33028db780ba3b617918595a39c0fcad674b85c40cac8d345b7ca0bb48a28e66c44d8bb5f27941e40b0e9c7097976c62dfef50c98f17566ccbacc87cb03b94dfdfaf32f1e56ffa639d63611e213cebf54cd0a3e2172d811c0ebd75b1a8646264dd8b1abd46e548972a1b262cd95d511536dddcb49729fe7bd00b3838bd2f20a142640edb1b6e765b65da72e7233261c8892e2f4949bb51f32a1a5a3ee149bea26fdcedb991d2cd126637e2971e9b6f0b785df28a48f301707349423f44e8462289d725498230489df1b51be30f08d7e3250565c6ef824bc53a1ba74a57a25c0686adcb6c825ab1ca70c8a5d46dbbc6fa607461e26d16fe93bb3d3a943a3dc05f30ea6dc8bb12d70821d320f1adf1ceba4be657194f7fccd21990f8629d744601cf52ea6d9405aaa2878f1eec4003b45a4218d8f80bb0f5af047326487752e2b76d68872520bbeae7b309d78282a073fe0b1a1a7a98da23df68caf8c2699b1c7d0f47bd7de2c0bb23369963e68a6974c8e2b595b8293a9f4d98df7e9ae3add2a3f64e83039739642d192204e85e6c48d5d671f6c75a0a8957edbb74187620f2aba99c1c62584c59ac00647e3fb40292b9dc1a3346868553392fd3f11d6dc6f5f2f4e85ee25125cdd644743c7d45281edac6384c77cb98a67d9ae6fc9a0a76b9f6fa696fdf4aceab5f794ee521b1e5a0ee57af53bdf176801b4f45cfb3cae3287234234b77ce21edf8680d68c4a8eecf1b03537ea5699acb562777e42a486fe7cd:3746da6cd8ca108beef06487bee63584f812c8e0695fc863b86e5db132380b62ff8544f6f374825b0e3ea0620ef854c1331114d667df1f9ea776c3963870290d5b4941beec2241c9fb76d8484f4f3f3ab4ffe8ecc8e7aec76de2ab8c368584d751b0d3feb8a1dc8168cdc694968f66b2a0b052afbf8be3a7d95163e9da9141c59ca55976c292c5c74d31318d6a91e7817c5a8b2f812118cbeba3a13323cd9748bf86ed1a85dd4ebc0df495cfa3d4627434bf14aae8ab6781467a56d965d10e6371989dfa0f6bc0f7859f3771eb9004b34367db2705dbd60fa8f7895c1eadf59f53dab168b4f9363979025501ddd9680debc07cd1ca4a0997876e9211f307d9b7b9d904e48d2861a778b879ad590a9a2f141bd568e3a1bb2494628e9ec0c64255aeea6f0eedca30ad38a1f3ffec3b2b5e942e21940104e914d11a44c00fdd47da3e5513aa8530aee247c95ca66d08a2608c75ba9858da14f9a8a32be713d309e0f584c81ef5be040e0065f07b775ae175dfe2c8b90a88ccda17fa4f21c77eadf5d25b6e404bf004479e05a01ac0042b89937eb278c1c34f33028db780ba3b617918595a39c0fcad674b85c40cac8d345b7ca0bb48a28e66c44d8bb5f27941e40b0e9c7097976c62dfef50c98f17566ccbacc87cb03b94dfdfaf32f1e56ffa639d63611e213cebf54cd0a3e2172d811c0ebd75b1a8646264dd8b1abd46e548972a1b262cd95d511536dddcb49729fe7bd00b3838bd2f20a142640edb1b6e765b65da72e7233261c8892e2f4949bb51f32a1a5a3ee149bea26fdcedb991d2cd126637e2971e9b6f0b785df28a48f301707349423f44e8462289d725498230489df1b51be30f08d7e3250565c6ef824bc53a1ba74a57a25c0686adcb6c825ab1ca70c8a5d46dbbc6fa607461e26d16fe93bb3d3a943a3dc05f30ea6dc8bb12d70821d320f1adf1ceba4be657194f7fccd21990f8629d744601cf52ea6d9405aaa2878f1eec4003b45a4218d8f80bb0f5af047326487752e2b76d68872520bbeae7b309d78282a073fe0b1a1a7a98da23df68caf8c2699b1c7d0f47bd7de2c0bb23369963e68a6974c8e2b595b8293a9f4d98df7e9ae3add2a3f64e83039739642d192204e85e6c48d5d671f6c75a0a8957edbb74187620f2aba99c1c62584c59ac00647e3fb40292b9dc1a3346868553392fd3f11d6dc6f5f2f4e85ee25125cdd644743c7d45281edac6384c77cb98a67d9ae6fc9a0a76b9f6fa696fdf4aceab5f794ee521b1e5a0ee57af53bdf176801b4f45cfb3cae3287234234b77ce21edf8680d68c4a8eecf1b03537ea5699acb562777e42a486fe7cd: +ceccc68311fc45b6c2a2f1ff9cdde007ec787fdf25d02ccd2a1cad9de3fb4cff6f804734ef92824180da71e55cf3bf1afef65bcf560962e0b0acbb2d8cca5984:6f804734ef92824180da71e55cf3bf1afef65bcf560962e0b0acbb2d8cca5984:bac186d9fe5abda79c3a35a7a3c2eae6ae6ab28247912770c84efd048ebd3aba57c37cf4c6c7f30a79f68a3f76b20cd8c6631fcc96670522080e6b62e887ae6f4436d4caf56943131c52dd282b251cd075f1f7f8e0bdb6bedfc9a0796f5579042b56e69374961b11dfd61b12de2bb7d49bfc509cdb3138f3356a0dded98f5301b7c4a748bf89b23df4f7472ff8b1f505d765c6ff82dbad74b9d7aef22fbcca0b7f35042f9a762bd06902bb21c7f9f7f66bef38901d75012d61d744dee7afd89fc7e908c40685bd440aeda4204d006f26307d82a496963115f90e09f76688291f4a67d6411f76d16617875b2b9982dfdc5ee9b83b9817009319110b5404c63116fb6e9464846fa009555632f076984c15e1f6081733a0d46f2d6a3cebf79ed9020c9dec8df158a3341f39eaa5fcf1cf42a94849b2352c1a1ecd4fb814c20d07dfda312bd4f2f58c1576b4aa315c96c8786a4cfbb736b2d23c38b1d81c4644ea36afa076e055be5917cd7a92350a7ed66a5ab2253f55c4fd1a0d0e6d4edab5f712edb440c06fac8f07e6d73cc90b2ba713d73c73802361ce46a4eb5ed1060c4cf53207d301f0fcd4f0c9d1580db2fc1059d372076438a01192a7f9fd6f7883f56422866fd9f0afe53fdc910afa5a751cbfa377592579165cb56dc3eb4dce67e3db33a981a56b7d9f7bdea74fbaea3478e6ab2c644fd777b8bfa72aa0f0a52198d36e5b634d2c9a11b7fe0ab2f9a40901c5b148a0192e95a170baf7d5350fe01e569542b93485a41971443485faf57f67f56dfe2c58e539c9f9b449c3f91249a10c1a1be7e0b3eabe8ee0bab1f11f89614dced418c62a07a0b59a1370d6531ba177091c6ad595fb59488204f63344736ea1017affbeb753a99786b1eb64510e2e717ec90e02744bc352d3f1b2ab7be0eb65623d04fb3a046ce7f4da697d829828a52c7b043b2a82ec97fb041bf519b4de316f4e2f5b0db62aed0eed95cad4320c1947c35fd8847a5867872883561119c01b0089213d84db99d439f0f6444d8783dd4b64be3577cd461cf753c8e61c912de2e5d7a7e2baefa258975d16ef3117da59a6c893f3339187df3168b89f0fb0b2198bb6f1594bb88f3d610fcec3e36de04ae10328112e6ff74f5a8ce68d407174b4c0691c7602eab1bb10f3c49dd22b8450782deae9a7315e3b88de79cd15e6c9268165ed3a0fb3f89b183e1a212152003f32a2665d37cdd7f6b56c2453e5580c4d21f9983f38798e9b:3c4462aa47010132dbb26311e444727279edade15a4d662cf647f3275cf3253e6de9333830e0517aa5fa7bc2d0e63ea2597a94b0fe92706ecd172c5ec5c7f006bac186d9fe5abda79c3a35a7a3c2eae6ae6ab28247912770c84efd048ebd3aba57c37cf4c6c7f30a79f68a3f76b20cd8c6631fcc96670522080e6b62e887ae6f4436d4caf56943131c52dd282b251cd075f1f7f8e0bdb6bedfc9a0796f5579042b56e69374961b11dfd61b12de2bb7d49bfc509cdb3138f3356a0dded98f5301b7c4a748bf89b23df4f7472ff8b1f505d765c6ff82dbad74b9d7aef22fbcca0b7f35042f9a762bd06902bb21c7f9f7f66bef38901d75012d61d744dee7afd89fc7e908c40685bd440aeda4204d006f26307d82a496963115f90e09f76688291f4a67d6411f76d16617875b2b9982dfdc5ee9b83b9817009319110b5404c63116fb6e9464846fa009555632f076984c15e1f6081733a0d46f2d6a3cebf79ed9020c9dec8df158a3341f39eaa5fcf1cf42a94849b2352c1a1ecd4fb814c20d07dfda312bd4f2f58c1576b4aa315c96c8786a4cfbb736b2d23c38b1d81c4644ea36afa076e055be5917cd7a92350a7ed66a5ab2253f55c4fd1a0d0e6d4edab5f712edb440c06fac8f07e6d73cc90b2ba713d73c73802361ce46a4eb5ed1060c4cf53207d301f0fcd4f0c9d1580db2fc1059d372076438a01192a7f9fd6f7883f56422866fd9f0afe53fdc910afa5a751cbfa377592579165cb56dc3eb4dce67e3db33a981a56b7d9f7bdea74fbaea3478e6ab2c644fd777b8bfa72aa0f0a52198d36e5b634d2c9a11b7fe0ab2f9a40901c5b148a0192e95a170baf7d5350fe01e569542b93485a41971443485faf57f67f56dfe2c58e539c9f9b449c3f91249a10c1a1be7e0b3eabe8ee0bab1f11f89614dced418c62a07a0b59a1370d6531ba177091c6ad595fb59488204f63344736ea1017affbeb753a99786b1eb64510e2e717ec90e02744bc352d3f1b2ab7be0eb65623d04fb3a046ce7f4da697d829828a52c7b043b2a82ec97fb041bf519b4de316f4e2f5b0db62aed0eed95cad4320c1947c35fd8847a5867872883561119c01b0089213d84db99d439f0f6444d8783dd4b64be3577cd461cf753c8e61c912de2e5d7a7e2baefa258975d16ef3117da59a6c893f3339187df3168b89f0fb0b2198bb6f1594bb88f3d610fcec3e36de04ae10328112e6ff74f5a8ce68d407174b4c0691c7602eab1bb10f3c49dd22b8450782deae9a7315e3b88de79cd15e6c9268165ed3a0fb3f89b183e1a212152003f32a2665d37cdd7f6b56c2453e5580c4d21f9983f38798e9b: +7b30b42dc2c670a195fe2af879fc5de374024588fe3de43e2dd50844f48f42be82a2ac6079f212b5eedd0c19e9394fafacd74d716fdefbfc6cb8a7eaf41c0362:82a2ac6079f212b5eedd0c19e9394fafacd74d716fdefbfc6cb8a7eaf41c0362:c6687aefebc5c816d1a33453beca5020d3a97cda1dac5662f0af72bad444e2fd1176a7b04c1bd09d832618209bf3e33e523538d6daa753046e871dd3b3c7acad33e79c1bb7896407865d168d4bc3757bde4f823c08778626f8c71fb7cfcfdf03a82497bd8be7d8f8ef649030b5f36a339459968e246a1e420853dace41ca850a4eeae834ae119610ca4cd0662aac39621586998027ef2f61485c028506714ae09c76399d873e808158578aa59e8212f58865319f9e0d2b8da7ad529e0ac1f1eb435aecfd35f5abb92bea5073496bf4c0bf15baa273bfc5c3104474a2dcf132c333eb36ec2cbf04fa9580b768f5cea7b5617e5880aff63201c274d669743e1bc556b067902eee29d29111288969cffa879fc9cbf66fbf9326d9d925ac4102fa9f1a06081adec079cbc96746d79b63a012ed77d82c9ffd4e3f161f6cea28cc23fac2a543f5b1d0644ec04838327bcc652b858f93ff463f7e949eec8c9db6569a86984f831df6ac6d95f38f46cebb6e6583657facd2108dbcd0af23ab0101a1301beb48a44caccb91094473d7e5a5c88c644fd3420573b678f17b5174cb14e90fac694d1dbc6c9632b5974aef28ac08d720b2ea30440d2afb0493b40db24efbdbf53c430921e52a10b54661e149d165591a7cf91d6508ea472fb3be16395e30312f19b87c47e46804a0fa29b56b5ac950677bc60238b5e99e030b1e552146a0e88c294cfca835c101c55f3423874cc128756e73a5debe8e97fe2166b65cb44642770c6d1d2390af1b0f31b958c830e9ac4fe2f5ad590582fbb892bf949584477ef7bde23f7dd02b63f7c29088a57251009132ffbb78ed14defbefd9fd31fdcab03ba80a23f333983760abad4f16ddf9dd4414f04d00db56ba72d63a3a13d2c442f549fd66c988d2e4601d13b52f77500dd692bec9d6bd3bafa9242fdcfaeb69b98b0b5789b2803840dec637b49af4381ae3fa429fb53461a0c674eb5aa18dbd607a2b77a96d3ab464ecd97492f6de460c9f11b5c1756cb59cb1348dfd77956b71907c54821e303cb8b14906c003e3484be4ea05a6901d69b07485e858f7b471c635f90395b9a3e2247f1ad12b118ffafc7221a57b10e319b61af1c13606a81616ce3f1d62ba932ff4e63e74b84255e3af5210bbd571bda44cbf44b714422cb45c2ef21f98131ba96b7edb9b03e33d7d188d5b8d904cb4136fe269db146988168e7ee245356354f002a5ea8b35a3a99e83a13272274144b33a60ca:0a63b84f46935faf3ea164b00af227b00868a03f5612935e18619a84a2e57b8851d746e63fd9100787f5338d51c1073c2fc5303099e1873e5e3d3e5c036fbe01c6687aefebc5c816d1a33453beca5020d3a97cda1dac5662f0af72bad444e2fd1176a7b04c1bd09d832618209bf3e33e523538d6daa753046e871dd3b3c7acad33e79c1bb7896407865d168d4bc3757bde4f823c08778626f8c71fb7cfcfdf03a82497bd8be7d8f8ef649030b5f36a339459968e246a1e420853dace41ca850a4eeae834ae119610ca4cd0662aac39621586998027ef2f61485c028506714ae09c76399d873e808158578aa59e8212f58865319f9e0d2b8da7ad529e0ac1f1eb435aecfd35f5abb92bea5073496bf4c0bf15baa273bfc5c3104474a2dcf132c333eb36ec2cbf04fa9580b768f5cea7b5617e5880aff63201c274d669743e1bc556b067902eee29d29111288969cffa879fc9cbf66fbf9326d9d925ac4102fa9f1a06081adec079cbc96746d79b63a012ed77d82c9ffd4e3f161f6cea28cc23fac2a543f5b1d0644ec04838327bcc652b858f93ff463f7e949eec8c9db6569a86984f831df6ac6d95f38f46cebb6e6583657facd2108dbcd0af23ab0101a1301beb48a44caccb91094473d7e5a5c88c644fd3420573b678f17b5174cb14e90fac694d1dbc6c9632b5974aef28ac08d720b2ea30440d2afb0493b40db24efbdbf53c430921e52a10b54661e149d165591a7cf91d6508ea472fb3be16395e30312f19b87c47e46804a0fa29b56b5ac950677bc60238b5e99e030b1e552146a0e88c294cfca835c101c55f3423874cc128756e73a5debe8e97fe2166b65cb44642770c6d1d2390af1b0f31b958c830e9ac4fe2f5ad590582fbb892bf949584477ef7bde23f7dd02b63f7c29088a57251009132ffbb78ed14defbefd9fd31fdcab03ba80a23f333983760abad4f16ddf9dd4414f04d00db56ba72d63a3a13d2c442f549fd66c988d2e4601d13b52f77500dd692bec9d6bd3bafa9242fdcfaeb69b98b0b5789b2803840dec637b49af4381ae3fa429fb53461a0c674eb5aa18dbd607a2b77a96d3ab464ecd97492f6de460c9f11b5c1756cb59cb1348dfd77956b71907c54821e303cb8b14906c003e3484be4ea05a6901d69b07485e858f7b471c635f90395b9a3e2247f1ad12b118ffafc7221a57b10e319b61af1c13606a81616ce3f1d62ba932ff4e63e74b84255e3af5210bbd571bda44cbf44b714422cb45c2ef21f98131ba96b7edb9b03e33d7d188d5b8d904cb4136fe269db146988168e7ee245356354f002a5ea8b35a3a99e83a13272274144b33a60ca: +6656f4d4718157c4bac38ff7abe5eb1f812c0b986d9c014abad5b09aa6c8ee4af3087898e452be9e30aecc4e8ffe0c01169888683f62a45b8da38299014f5b4a:f3087898e452be9e30aecc4e8ffe0c01169888683f62a45b8da38299014f5b4a:94d9e5e5a7b705d9d976fe71e94d3f7fa7866afbf7ece424f136327799b2b206ce4ef4c3f3e705553afc8fd5c1952a4c16658d4a78afbb9a97f27193c65b65b82e8f3b71515fac82640e0f8a5fb35ae6fc6a3db051a22d4a5300413e6e33d19c2013c2983aca8ad6cec2ce64a814164f061a1a3c5a8610a7650bfb5423d4362ce02206dbe4a6fa826f03b42ac3cd9ea4c651401b3cea82c3993f6af8b2c9e2e6ffe69280ab3f09fbe90dd547ccda9d9e8e8a537b3b360554227ed0709f293198982efb5efb0e73e00042d1a063b57452027dce1a39e4b0068f58b111ec5dc142bf419ad893d54f4260cbde7628f783de8496380306a4eff6d82869104259c94c54ad5aa8b067c42496cb88dd31150ea04d499bfac91f4bb3e68af5af7a568a3e4ce7f170d98601163f4952f1d25e12e00ef0a2d8f111afdb0fafbad2bf8e8b9d49363fca68183617b541270dda4609b2616729ab1b8c42dbdd7bf986af8fba52e733e42ba03c892e1e1ec06a90b163f5a79f6165eb7316972ac1adbfcf1dcab07847ef82c2cab1015dbb50aadc79fe11c832098cacc39820ab085b6963bd42160ed6613bae5e201f17c0fd7f32357ae350ce9cbbe926fa42dcbd422ac1bf09a19ad1f69469e4d1dcb124118ed4522d353c174298650ff88382fa2fdbb286c45b18a9baf6f6763ac20c9ca4767d348c4b8ded630076657b85b14c11ae2737ea29a43515b7f05674a0cd3ed4bf6a3d189ae972218f877cd8aa69499d5a08c99e440694ccaccdf1f642e14e90105bee6d98edeeab3b4f339f300188aec0c16bd64521d9287398e648db94330ed8f6b9ab6c7ad93ffc43e8792e637c61bff7d856e54ef4987384e312cb57017a50eae5952abe19d8999c8c82dfc45798cc17c8d9496bf520ecc5b77fe284915566c45685c304a2acd525ef12c86f38aef554d8a2384737cc4133fb7e2b65c13bef31668a6c2f60eecd8412eeff7f6b605cbe95083e233ec1a7bb36de236c8a71ba2872be946cd3b38935f5da64c8fec8e14f45ccf6124bab7f70567c2f2bfdd56667609572037c76146c991707659b5709b074e3451f921a2df283b96aa26ab476625016f181ad64c9919cf41d714a1a9a5e2bb26baf8770b2eba77b778a332677a7572ee3a2b1dc05f7356bdcae5f55e35329e34caa79430b270c036160dc9fcaab5b254543ac94b24681f17172b6159d16621d7ad0eebd895a1e1d09b916a86fb48e4c91661057eee95c0870ed54:9c2c39915aed6add004e7dd684ee3dcdd10d87a487f677e73c2bce0fca7d508796464150a52a440f5237850a009c72162d9d2985470a33490e66d3c401704c0594d9e5e5a7b705d9d976fe71e94d3f7fa7866afbf7ece424f136327799b2b206ce4ef4c3f3e705553afc8fd5c1952a4c16658d4a78afbb9a97f27193c65b65b82e8f3b71515fac82640e0f8a5fb35ae6fc6a3db051a22d4a5300413e6e33d19c2013c2983aca8ad6cec2ce64a814164f061a1a3c5a8610a7650bfb5423d4362ce02206dbe4a6fa826f03b42ac3cd9ea4c651401b3cea82c3993f6af8b2c9e2e6ffe69280ab3f09fbe90dd547ccda9d9e8e8a537b3b360554227ed0709f293198982efb5efb0e73e00042d1a063b57452027dce1a39e4b0068f58b111ec5dc142bf419ad893d54f4260cbde7628f783de8496380306a4eff6d82869104259c94c54ad5aa8b067c42496cb88dd31150ea04d499bfac91f4bb3e68af5af7a568a3e4ce7f170d98601163f4952f1d25e12e00ef0a2d8f111afdb0fafbad2bf8e8b9d49363fca68183617b541270dda4609b2616729ab1b8c42dbdd7bf986af8fba52e733e42ba03c892e1e1ec06a90b163f5a79f6165eb7316972ac1adbfcf1dcab07847ef82c2cab1015dbb50aadc79fe11c832098cacc39820ab085b6963bd42160ed6613bae5e201f17c0fd7f32357ae350ce9cbbe926fa42dcbd422ac1bf09a19ad1f69469e4d1dcb124118ed4522d353c174298650ff88382fa2fdbb286c45b18a9baf6f6763ac20c9ca4767d348c4b8ded630076657b85b14c11ae2737ea29a43515b7f05674a0cd3ed4bf6a3d189ae972218f877cd8aa69499d5a08c99e440694ccaccdf1f642e14e90105bee6d98edeeab3b4f339f300188aec0c16bd64521d9287398e648db94330ed8f6b9ab6c7ad93ffc43e8792e637c61bff7d856e54ef4987384e312cb57017a50eae5952abe19d8999c8c82dfc45798cc17c8d9496bf520ecc5b77fe284915566c45685c304a2acd525ef12c86f38aef554d8a2384737cc4133fb7e2b65c13bef31668a6c2f60eecd8412eeff7f6b605cbe95083e233ec1a7bb36de236c8a71ba2872be946cd3b38935f5da64c8fec8e14f45ccf6124bab7f70567c2f2bfdd56667609572037c76146c991707659b5709b074e3451f921a2df283b96aa26ab476625016f181ad64c9919cf41d714a1a9a5e2bb26baf8770b2eba77b778a332677a7572ee3a2b1dc05f7356bdcae5f55e35329e34caa79430b270c036160dc9fcaab5b254543ac94b24681f17172b6159d16621d7ad0eebd895a1e1d09b916a86fb48e4c91661057eee95c0870ed54: +14383e6e5604c99c248d39be51d164b13442b05e51d78ecd999364221a45036b2fc16138220ab74b3bd446f8a714b58d5463d40d4367925007474c5b9e35d494:2fc16138220ab74b3bd446f8a714b58d5463d40d4367925007474c5b9e35d494:c4753b7f7a6f6dea2515c6e3d29561506f4f36e0de84999221f228e20bd5128ed93bdb8d1193237d8e294169a2bc448af9dd36066301efb7fe1231353c0623ffe1115debb6905ac6946ee382a27c3c09e1b1f5c11493dba37da0ff6eea75d9fab0ee926d701dac2fc5b7ef578880a5d5eeecadc1f4bcc4cd4ec6f2f14f52a8c164072e6fde5ab2ee9cee0b48e51af055f9fec7c63750fedf72332b23863a1e54c52b461a21506dfdfc63880e22d89c894412666c929821c0e439e745415f717969e6058554d64b947a4fc9d16acae3e49aec08801a09d972f79ead68d529768069735caa742b45a5830581b80ca061a6c1515e3f7d5a9337878c19fc94eef22698ea6c4d05f9ed411b6b8f052b5ff15dc23a64beeaae99f84893de3df940a4e0b8e993930139052d99be47bca8775f8563bd4026b71343d51968f2337528f4c9db8bbd0a298af04b27695d86b7f7ba6c4ccc6273febcd8f75cff266995244fc1fa13d8d843f0bff49cc2d508f4a2b3aad1d95fb22a2bc6ad1b966b0812d99070bba07c923ee4d08107486dc01a06dba6f1d5f105aceade33b166510e427ebbce52a3e7831f0f78a3c6e072608334d8021c338a73cc0c47f19c9fae403b9716d0d15fbdf6466b08f6acce3f50a703b1dea8d826df842ca1ba20d29f4548acfc754cf011f570681b59e4da25385ebd6d5c3adc930529e166ce6705f6010210db106462b3333204e7adadee6606a56206b47eef2074b116e22a615418ec2cdc331f1e19e07e8a37b92d69df0734e085daeeb901ec6e8c35f103f1d86ef0d2a2652b01d183597e4cfdeedfe5df9a7ef66a1c796a37a27113b944dd7ba17c460015ab8ace451c57850ec6c290c54e5113f55e99a8e6e4711e3b7817bf91a5adb37fb9461be6b1b55d586046e42a54c5def4076f1ff6c31b806fc602474356aa2899eae70f5e5abf1f75a7f24c134cde11793bb162e03a583d5be046acc73456d12d509d92f7705768686f6c714a4e57ec88b71398e23e835d6d6547225996b7ed08f3b7443bb17c899409493d0efe8455bec8e8c284a3b149a5b4ca631ea620b1bb817cedaba50b044411849d260a6f2a0d3f2cceec3842719a5ea4fe18dde0d42dcb33ad21e6453325af6f3c009f2bb978d30ceeae9aa4928bf73767cda9292ab893ce5fa3aa4c232163b45c64ed7977779b1c0cafcfc2b9fa084a324f113adeec218b4735b6b464db6d46c2791af3455f1ca5ea1e9a048c051a54dfa0:45e8ed1a751dfc3b9b7bd7a10bf5bdcf8ca461865a490c105f10452941cf87721214bfbf3a35606b7ce35d6f70aaf2d5eadcc0de035e9b2f6d7b862fc2849004c4753b7f7a6f6dea2515c6e3d29561506f4f36e0de84999221f228e20bd5128ed93bdb8d1193237d8e294169a2bc448af9dd36066301efb7fe1231353c0623ffe1115debb6905ac6946ee382a27c3c09e1b1f5c11493dba37da0ff6eea75d9fab0ee926d701dac2fc5b7ef578880a5d5eeecadc1f4bcc4cd4ec6f2f14f52a8c164072e6fde5ab2ee9cee0b48e51af055f9fec7c63750fedf72332b23863a1e54c52b461a21506dfdfc63880e22d89c894412666c929821c0e439e745415f717969e6058554d64b947a4fc9d16acae3e49aec08801a09d972f79ead68d529768069735caa742b45a5830581b80ca061a6c1515e3f7d5a9337878c19fc94eef22698ea6c4d05f9ed411b6b8f052b5ff15dc23a64beeaae99f84893de3df940a4e0b8e993930139052d99be47bca8775f8563bd4026b71343d51968f2337528f4c9db8bbd0a298af04b27695d86b7f7ba6c4ccc6273febcd8f75cff266995244fc1fa13d8d843f0bff49cc2d508f4a2b3aad1d95fb22a2bc6ad1b966b0812d99070bba07c923ee4d08107486dc01a06dba6f1d5f105aceade33b166510e427ebbce52a3e7831f0f78a3c6e072608334d8021c338a73cc0c47f19c9fae403b9716d0d15fbdf6466b08f6acce3f50a703b1dea8d826df842ca1ba20d29f4548acfc754cf011f570681b59e4da25385ebd6d5c3adc930529e166ce6705f6010210db106462b3333204e7adadee6606a56206b47eef2074b116e22a615418ec2cdc331f1e19e07e8a37b92d69df0734e085daeeb901ec6e8c35f103f1d86ef0d2a2652b01d183597e4cfdeedfe5df9a7ef66a1c796a37a27113b944dd7ba17c460015ab8ace451c57850ec6c290c54e5113f55e99a8e6e4711e3b7817bf91a5adb37fb9461be6b1b55d586046e42a54c5def4076f1ff6c31b806fc602474356aa2899eae70f5e5abf1f75a7f24c134cde11793bb162e03a583d5be046acc73456d12d509d92f7705768686f6c714a4e57ec88b71398e23e835d6d6547225996b7ed08f3b7443bb17c899409493d0efe8455bec8e8c284a3b149a5b4ca631ea620b1bb817cedaba50b044411849d260a6f2a0d3f2cceec3842719a5ea4fe18dde0d42dcb33ad21e6453325af6f3c009f2bb978d30ceeae9aa4928bf73767cda9292ab893ce5fa3aa4c232163b45c64ed7977779b1c0cafcfc2b9fa084a324f113adeec218b4735b6b464db6d46c2791af3455f1ca5ea1e9a048c051a54dfa0: +59b07263b22c0a38bbc591059594b2bd927e805961dd07e1f94245b23aa2e0160b1e4cf5aff278ec65b405f5108e1b5b18a969ad1f1e6381912c82d698907cba:0b1e4cf5aff278ec65b405f5108e1b5b18a969ad1f1e6381912c82d698907cba:08ce0d4db5c2aa500a19efbc8dc8549250f7dd46a7a9a5407417b3d51820e4b0d61275583f56f897fd942bdd7311ad6baf738128567af6558d75906a02c4343a9955d59b11088c588dc7dd08f67965c5602a56928dda4ae164293163b517ca17ded04fe4ab2f9789130ae96ab231f07e09015b78f3848cef435db0ad9f35e0fbc9851e3ecfc9fb186d14d8da4dda45d0b3eb3ee4500c101e3194b572140689cd75da1287b254f374e3d93326ae5faf114018ac714bd00375d92a8bb659c32912831f4f20776e9e2c25029f0aff39fddac7241543a0366b84de7b1ff23e8e4dc093df0d2dd5e53e6847948cf3d0ff3f564ad94d9cc00a5ea5b695e408bf50f5bab2f6ea87ba8ad3a1940195cf1bc2b5b34847ad3a5effb8a7823de91ef1633869d1f04643af4d826a59e78b9d186312b3d972263654ac5587b80b717646f31003db81ac70860d3fc8cd3a6a0a0d576d25731ef7b8966263d7a05b55009e8a23dac0f9a21a24b06e13900e444446fdfe56cbc1a026df41066b201b1481e56158926c0c9ea90f0c645aab4bef12d4e072cbfdc3c3d5e0c72cf88f166de048874f3534e040c62b1662821bdd16b0e8582817461cb2689279b446d70c8ac20ad03e598cad4908c52c350d4243ee8aedb87a4af977f7db57cd947b47d6bb51409d80d81f6db03cb9a6a6b79812f470690afc1836a531338094cf26d3c1232fd5605d8f8c55b6f8a2a7ef1e0c78155594b237956d2abad6a9adcd58e11ccd35cc995b9a0aecbf7f5741ac051b04ef6b9744b56fccb46398528bb31fbe84e078843e69bf338898cdef69ad41872395e46b593904825547e00bdaf221f8fa587ea2037ffb9ac9307dd3f8f35ec5386ba966333e2ac8727b0e1b80612d3c7f2cb88baacadfe2163bc38c88842e76a394571d40610e8a297602793763296e3eabf720e984b2edd28cf5c4e0f9a0f76aceba28cc1f1b69ff1d35b4bd3347b7f9a95a4c1ea10734e1c918eb96249d0cc70b477f6f23809bbda901d53f485a71f5086002c1b71efcc41cb1aeb5122a3f3bfc96c51a55d75c02984288be657887854cfa738974bcd5440146f9bb14040de54f5444ad43b79af9bdb24ed6a48eb2fdeed71f31f0ece102e918e95635c7a038633ee348d8b5781652d5059d215ac97f30ea20d277ebbf15246905428a7bec02b8f926315bad6723fd64d71fc95f333364cbe90d4646333c40dda6d1d433b7c195a758dbb4038af5dcc7232d4547f540e394:886da33e3553285ea59c1431b6e86ea49bb68b2e0efd2b157e7791b74f35a2421bb359f3dc1e4ce5f11f73652e03bfc0b429c58f0f2d7418c7c20bce2e2d190108ce0d4db5c2aa500a19efbc8dc8549250f7dd46a7a9a5407417b3d51820e4b0d61275583f56f897fd942bdd7311ad6baf738128567af6558d75906a02c4343a9955d59b11088c588dc7dd08f67965c5602a56928dda4ae164293163b517ca17ded04fe4ab2f9789130ae96ab231f07e09015b78f3848cef435db0ad9f35e0fbc9851e3ecfc9fb186d14d8da4dda45d0b3eb3ee4500c101e3194b572140689cd75da1287b254f374e3d93326ae5faf114018ac714bd00375d92a8bb659c32912831f4f20776e9e2c25029f0aff39fddac7241543a0366b84de7b1ff23e8e4dc093df0d2dd5e53e6847948cf3d0ff3f564ad94d9cc00a5ea5b695e408bf50f5bab2f6ea87ba8ad3a1940195cf1bc2b5b34847ad3a5effb8a7823de91ef1633869d1f04643af4d826a59e78b9d186312b3d972263654ac5587b80b717646f31003db81ac70860d3fc8cd3a6a0a0d576d25731ef7b8966263d7a05b55009e8a23dac0f9a21a24b06e13900e444446fdfe56cbc1a026df41066b201b1481e56158926c0c9ea90f0c645aab4bef12d4e072cbfdc3c3d5e0c72cf88f166de048874f3534e040c62b1662821bdd16b0e8582817461cb2689279b446d70c8ac20ad03e598cad4908c52c350d4243ee8aedb87a4af977f7db57cd947b47d6bb51409d80d81f6db03cb9a6a6b79812f470690afc1836a531338094cf26d3c1232fd5605d8f8c55b6f8a2a7ef1e0c78155594b237956d2abad6a9adcd58e11ccd35cc995b9a0aecbf7f5741ac051b04ef6b9744b56fccb46398528bb31fbe84e078843e69bf338898cdef69ad41872395e46b593904825547e00bdaf221f8fa587ea2037ffb9ac9307dd3f8f35ec5386ba966333e2ac8727b0e1b80612d3c7f2cb88baacadfe2163bc38c88842e76a394571d40610e8a297602793763296e3eabf720e984b2edd28cf5c4e0f9a0f76aceba28cc1f1b69ff1d35b4bd3347b7f9a95a4c1ea10734e1c918eb96249d0cc70b477f6f23809bbda901d53f485a71f5086002c1b71efcc41cb1aeb5122a3f3bfc96c51a55d75c02984288be657887854cfa738974bcd5440146f9bb14040de54f5444ad43b79af9bdb24ed6a48eb2fdeed71f31f0ece102e918e95635c7a038633ee348d8b5781652d5059d215ac97f30ea20d277ebbf15246905428a7bec02b8f926315bad6723fd64d71fc95f333364cbe90d4646333c40dda6d1d433b7c195a758dbb4038af5dcc7232d4547f540e394: +5cc115d839e058cdb6518ee9c161c004d88bd3908d3cf6d52c8f296a1a076b9b1e8f3305bf2fa11b17d92416ab0ea762396d88f2f970ef0b100ed3bf5cc13440:1e8f3305bf2fa11b17d92416ab0ea762396d88f2f970ef0b100ed3bf5cc13440:533e49c1d5f33c5ec4be84c619f4ec649c25fd70bdcfe257a63c3373a4d089c89af6eeb7160dd77ab66b1ee7e10850ab4fc1f35132332b53789b2b0140c4f20f97f2142072d624aff7aad324aacd068c035aff52fa712f4e74832de031b2642314d17110dee6fb85762dc30d7e97782fd1fbff7179f00917f55af7503a5b7e23c6eadb65e104f1517b6624c9e5204b3fd29a6585e92ce3a3eee2c5ae177920f7b4ab2cac87d672ab6baac1186d904aea3498534eb5ab23e4ac4c0ddb0d82a5ae531d76549d367628577bac4235e897d9fe205522047d214ff6ccf311c4e397827d97f2868e70ac17d28e334999744d359376a482fdcb414b02b2687b962ee8086e573fe000dc51dee06879c684e25f94cee5e861347e7be7fca549a0f765136a2f4b88fede07024dd2fce1f6d0c0354da1a16ef366b315b3f7233031f979b70eac6e23bf3b349efbd0e4f53f4d5c41fc004276a59670659f6905ef03d2fc098d589fcbc1328282fa22b10db83c5d70865994fd19d760a39d476e02330d2c6d19e742267dd365bbe1fe5c711a95b184508ce48c1c96d7e63990b408d45089be79e32f9cb0162fd1e7d0d19d97d0ae78ff824cc6989486c0bd038352551f37499e9e9826804e9d2624ad0c7b7534560f45fd7d324b8e517e01c9b2743c14979cfd512bc3fe667279b3a277fb463e9d7349b64ffc9fe60884c21e481081ed70e6da5a3539c448971f0d9787289fcb0080f219e99449f8298c42475f87fd10aeb509c530cf6a57748eb8f3562161fa4875ea953f09659c7df7a9950f0317467cb4e5366e196e32f5e2696733a25eacbde49210490762060ea231370d4090429bb06bb867399e8d37bf5d21a0e72147e496cf3b7dd6fe6e5edea9668d802190a91c600e29523f8eb904e48b70412bc10a7020984c5ff0f5f383f214ae594dc85971e480372848d0d7e7cc5c18ff88ba9b262d7884698a41c6c7819c0319fdc6bb07b91dc1694dafe3af37a538bf2b2d8cacb27d24cdc6eadb8c6a2e6b7df8a4654ae937850c890ad930980afcc1492db8a0168cbc9f10657eb48d2ac87f5175d23caed4b5e6f10bbeaa5e33fc5f6418d63ba374ab1a3cbd36b729ddbdaba989d4645e3a66130bae417cad086dadd30843352514c375f2571abaf93e9a0771fa103ae92585b04f55c434769b43d6d22f753f9306036e53524f6f4d9ccbd2c30317a8e899f316149035894da945b76d9082bfee328e7a31b66328ee8b94e068c7:0371c2d64c5ec0c8276ca5ffa615eff42f9efffc58dd8ecfcf67620a9bcb38faf118932bf2cd5b9205fa551334df2a757c597744f791f371fbedd98b21f73405533e49c1d5f33c5ec4be84c619f4ec649c25fd70bdcfe257a63c3373a4d089c89af6eeb7160dd77ab66b1ee7e10850ab4fc1f35132332b53789b2b0140c4f20f97f2142072d624aff7aad324aacd068c035aff52fa712f4e74832de031b2642314d17110dee6fb85762dc30d7e97782fd1fbff7179f00917f55af7503a5b7e23c6eadb65e104f1517b6624c9e5204b3fd29a6585e92ce3a3eee2c5ae177920f7b4ab2cac87d672ab6baac1186d904aea3498534eb5ab23e4ac4c0ddb0d82a5ae531d76549d367628577bac4235e897d9fe205522047d214ff6ccf311c4e397827d97f2868e70ac17d28e334999744d359376a482fdcb414b02b2687b962ee8086e573fe000dc51dee06879c684e25f94cee5e861347e7be7fca549a0f765136a2f4b88fede07024dd2fce1f6d0c0354da1a16ef366b315b3f7233031f979b70eac6e23bf3b349efbd0e4f53f4d5c41fc004276a59670659f6905ef03d2fc098d589fcbc1328282fa22b10db83c5d70865994fd19d760a39d476e02330d2c6d19e742267dd365bbe1fe5c711a95b184508ce48c1c96d7e63990b408d45089be79e32f9cb0162fd1e7d0d19d97d0ae78ff824cc6989486c0bd038352551f37499e9e9826804e9d2624ad0c7b7534560f45fd7d324b8e517e01c9b2743c14979cfd512bc3fe667279b3a277fb463e9d7349b64ffc9fe60884c21e481081ed70e6da5a3539c448971f0d9787289fcb0080f219e99449f8298c42475f87fd10aeb509c530cf6a57748eb8f3562161fa4875ea953f09659c7df7a9950f0317467cb4e5366e196e32f5e2696733a25eacbde49210490762060ea231370d4090429bb06bb867399e8d37bf5d21a0e72147e496cf3b7dd6fe6e5edea9668d802190a91c600e29523f8eb904e48b70412bc10a7020984c5ff0f5f383f214ae594dc85971e480372848d0d7e7cc5c18ff88ba9b262d7884698a41c6c7819c0319fdc6bb07b91dc1694dafe3af37a538bf2b2d8cacb27d24cdc6eadb8c6a2e6b7df8a4654ae937850c890ad930980afcc1492db8a0168cbc9f10657eb48d2ac87f5175d23caed4b5e6f10bbeaa5e33fc5f6418d63ba374ab1a3cbd36b729ddbdaba989d4645e3a66130bae417cad086dadd30843352514c375f2571abaf93e9a0771fa103ae92585b04f55c434769b43d6d22f753f9306036e53524f6f4d9ccbd2c30317a8e899f316149035894da945b76d9082bfee328e7a31b66328ee8b94e068c7: +75a503f48ffc221617672519111bf90da39da9eab2e2914fd3755f10f5393668f680cc0f6358cdcf537aa71128cfadfc0f3a89c100aa34bcd2427e248b6ed50b:f680cc0f6358cdcf537aa71128cfadfc0f3a89c100aa34bcd2427e248b6ed50b:7b01090423236cb4b13c4177fce52a7ff6580588cc2eb5a3f39ff5d0c73e01e01bf7bd74afe4151250c391426ea507271bea1d6d85f0b2fe35c40500f98d0656c6388fc9efba1837db22dfa29d892676f50e575fe89fd29389d09d080bad67ba544cacabf5a7738237c55e2875ed4916302a2b4dc496e74273bf05191137810e50e48195260bab6d81f9c80562ee73ccb9333cd9b61daf5b0038a4e6c5c958a91f68508c1d882519c1aa4ffcc53562463a0ae30163696f84b97ccbd8679820edd3617e7b896eeffe341ec6b5b03f73b625d741c655fe6e82d11d478a7d543ff6c0fa3a3a8c94a616fb847070d1fbdde6010f026b089cd863c3bd29b1c4269f77659e515728890c973be87f0b833ca5af6b4c3133ad4fa4f91655c6adb5b7235c27fe348284f3f13366a6a03ad22b87c6f5584bdeaea48c70325d6e33a475f50511063875192a87edc388089b84395390c2a3ad89a22595dc4a715a42a2c0efdef67b354b34fc75ca98df913e759e51c7f625ddd598ac22d421decb57bebd54220ec6daa5ece769d2e01be7b6bee2ff5a0b06b32d6da1d7bc057e3abfaab242a3f7e6646a159e4f505e4662982b13d0cc1fba91d10309a42dc1087cf10d36e31f170615a0acb508bf683e2de00c87640d304a947bc4971ff3619c72abd83c7b2cbb3464c4040c2662b58508b74680cfa6de06e8d21e3bec8511199312680009071f706b7b133a2487d5745ffadd5dc0eb2b553df440787f011dda37719fa71315e8b291efd77da3ba14fb995f03571a3db522b63c60be5619941699b39222b59d0f23e5eb37ead4b7f750ed4abf4db87c70da665bef4d7a2921b2c99897f2321c9be6075e744c8228639ab736dbeb2beab440c156a39a2efd261db50855e304d9cfeb99141c613558109f21474d272a2d906d4893934aff8e08a4fcee964a5cd00732fd33af29849c8dfca65979421857185cf629f86807a85973d3440a6bf811a58d041387249811ec047e5e8b343b2387d0181e0d0bd461ef10e8164aae357d9b29dc0ace3ec6d743ae3454ab9f842a28d5710217dffe50344e8d932f1801b0e8f966198ef1c9cc6969f34734aa6a63aeaab4339f75d34ffa8acb937ed9c73092a309a9b84a25011e3114c265e4f602337eb699b5a22d572b03e4dad03b0461c00db9679b72fc5b493ef4486f85535d813a58080385afd4e8d871828034334bfe441d18984e4dfcde024403b5ae66cc50a47301b57f9a32f740bdc7ff1d:df28e3e630360867864bc41e43fd7ddeb52876dce9b234a3fcc3d8549db0112e176390a685ebd484936e25c08c8a3878a37b3c4e239ad0a0e5019937ffbcd4077b01090423236cb4b13c4177fce52a7ff6580588cc2eb5a3f39ff5d0c73e01e01bf7bd74afe4151250c391426ea507271bea1d6d85f0b2fe35c40500f98d0656c6388fc9efba1837db22dfa29d892676f50e575fe89fd29389d09d080bad67ba544cacabf5a7738237c55e2875ed4916302a2b4dc496e74273bf05191137810e50e48195260bab6d81f9c80562ee73ccb9333cd9b61daf5b0038a4e6c5c958a91f68508c1d882519c1aa4ffcc53562463a0ae30163696f84b97ccbd8679820edd3617e7b896eeffe341ec6b5b03f73b625d741c655fe6e82d11d478a7d543ff6c0fa3a3a8c94a616fb847070d1fbdde6010f026b089cd863c3bd29b1c4269f77659e515728890c973be87f0b833ca5af6b4c3133ad4fa4f91655c6adb5b7235c27fe348284f3f13366a6a03ad22b87c6f5584bdeaea48c70325d6e33a475f50511063875192a87edc388089b84395390c2a3ad89a22595dc4a715a42a2c0efdef67b354b34fc75ca98df913e759e51c7f625ddd598ac22d421decb57bebd54220ec6daa5ece769d2e01be7b6bee2ff5a0b06b32d6da1d7bc057e3abfaab242a3f7e6646a159e4f505e4662982b13d0cc1fba91d10309a42dc1087cf10d36e31f170615a0acb508bf683e2de00c87640d304a947bc4971ff3619c72abd83c7b2cbb3464c4040c2662b58508b74680cfa6de06e8d21e3bec8511199312680009071f706b7b133a2487d5745ffadd5dc0eb2b553df440787f011dda37719fa71315e8b291efd77da3ba14fb995f03571a3db522b63c60be5619941699b39222b59d0f23e5eb37ead4b7f750ed4abf4db87c70da665bef4d7a2921b2c99897f2321c9be6075e744c8228639ab736dbeb2beab440c156a39a2efd261db50855e304d9cfeb99141c613558109f21474d272a2d906d4893934aff8e08a4fcee964a5cd00732fd33af29849c8dfca65979421857185cf629f86807a85973d3440a6bf811a58d041387249811ec047e5e8b343b2387d0181e0d0bd461ef10e8164aae357d9b29dc0ace3ec6d743ae3454ab9f842a28d5710217dffe50344e8d932f1801b0e8f966198ef1c9cc6969f34734aa6a63aeaab4339f75d34ffa8acb937ed9c73092a309a9b84a25011e3114c265e4f602337eb699b5a22d572b03e4dad03b0461c00db9679b72fc5b493ef4486f85535d813a58080385afd4e8d871828034334bfe441d18984e4dfcde024403b5ae66cc50a47301b57f9a32f740bdc7ff1d: +d8aa2a0aa514fd845f7aa66b83c0eabb9c16023abc1695773450b2bb332522f2e4e8d6b298248c15fe08f87a3bc6084bf2d64d7f1e4b2d51599e9fad9cc91092:e4e8d6b298248c15fe08f87a3bc6084bf2d64d7f1e4b2d51599e9fad9cc91092:08deb3b832f52d6556f78c3f0abe46f1efe45e3d5d88e7f8edf803670ce4612921749e9ece63fdc9bef2ba483812bb622be744d40404fd6e09c9e1cb7ce19de81a9dadf556352ee89810c76a9b1047ac62b16ebb7da23ddc2d4ab76a020561d02d41b58b94953a23faafddd781b7dca7b7fbee706ec10a73125bf74436056bf3b4f2a0701cfef05bebd3dd8eef306c1ac1b00950881ff05ab5c8248ad1096ac91d526ae59ba0583b27db7d1e390f57a5889e2799a4a1519b15d93dbf0b21d450873c76ba520461e8bb5c83c9012eacd557bea640586efcb869007647d449f91ccd52afe3a89477de7c2b647ecc9bf967fbf5769d74889447d9522d9e8069c3499af6a8a1097a95d3bcc5f83433934484314cb30758b525fe53e90721df5cbe03d96f0d0f98521f01a5fbe57ce8804dbd18f8f5eac8f7dbb58c41789a44433f8a8d1245d2adda8c78d881c65ea661ab178d4fc2634cd6cb514ab6f2543e9112183f3ff73a3f450106b0ee8a347a80cb824ac1f80164e3bb5123698de0e747359ca35acaa3ba0c943beacd7a9bdf8ff73978e9fb002045e8fe5648cc0f9cfa88b0d812e81aa62e0d9c73fe613afd9539bcb615721fb497d62f65c83b87a6d2143f9b1c880ec8671bd42c8de957b1a68ee49226ff717ccc6e74f2eee49c30dea53fec3cd4d90f2cccd8f97c55d5c752454be2ba7b6ff2030be67e0df50c5e883843e71612f2b95359543e2ba1bf2e98debcf5768f2be6fd504d9783ce921a81e09416dbcf2bb655a924b1ef0112d671f084a5b690b0b64a8b9bf50333c359ff3fef199694f9b6292424f00666cef6d06d161a79e3a1b9b9629eea53505f5e36aeadfe0d759672b0ffe498397d90a55d9944b30541a7e1bdac53020640137dc252aef622f3819d36ab498d763e4327ba8580dd9f7e5f47c24cc9928734b7e62112c57e3e0cfedecdcbaccb0c45af8219455ee7223c71e7e20410c5244eb827af2f3935ce4755444747aa945f4c26db3a298519e75fc6bace91529972e8691b694d30aa8b5ec4c1a028d3bd10bd0c8a408fb7d9d703495553ecea598d0622dcc74de489ba7195cdae8d5cff9855921837b528433ee55c0b7090857a0c2784d9310b4825a7993ad9c6f18f83bca5cc6a25047168a8376b062e3a48ea90cad88e331187c2b6f281426f81f78804a895c4ec06c341fe846af4527ea26069dcf61d813fddf0fc43c707350bfb2fc1cffcee7d7ccd7d75f7a465a3d14d57302c146aba3e:146f65d43e715542894b7900a2f8cd4b17d3870a6100e37de005b0db5d8151246de4ee3842d3ebca20a5da22a363a7575e7a55128295f27211484af57cd5310908deb3b832f52d6556f78c3f0abe46f1efe45e3d5d88e7f8edf803670ce4612921749e9ece63fdc9bef2ba483812bb622be744d40404fd6e09c9e1cb7ce19de81a9dadf556352ee89810c76a9b1047ac62b16ebb7da23ddc2d4ab76a020561d02d41b58b94953a23faafddd781b7dca7b7fbee706ec10a73125bf74436056bf3b4f2a0701cfef05bebd3dd8eef306c1ac1b00950881ff05ab5c8248ad1096ac91d526ae59ba0583b27db7d1e390f57a5889e2799a4a1519b15d93dbf0b21d450873c76ba520461e8bb5c83c9012eacd557bea640586efcb869007647d449f91ccd52afe3a89477de7c2b647ecc9bf967fbf5769d74889447d9522d9e8069c3499af6a8a1097a95d3bcc5f83433934484314cb30758b525fe53e90721df5cbe03d96f0d0f98521f01a5fbe57ce8804dbd18f8f5eac8f7dbb58c41789a44433f8a8d1245d2adda8c78d881c65ea661ab178d4fc2634cd6cb514ab6f2543e9112183f3ff73a3f450106b0ee8a347a80cb824ac1f80164e3bb5123698de0e747359ca35acaa3ba0c943beacd7a9bdf8ff73978e9fb002045e8fe5648cc0f9cfa88b0d812e81aa62e0d9c73fe613afd9539bcb615721fb497d62f65c83b87a6d2143f9b1c880ec8671bd42c8de957b1a68ee49226ff717ccc6e74f2eee49c30dea53fec3cd4d90f2cccd8f97c55d5c752454be2ba7b6ff2030be67e0df50c5e883843e71612f2b95359543e2ba1bf2e98debcf5768f2be6fd504d9783ce921a81e09416dbcf2bb655a924b1ef0112d671f084a5b690b0b64a8b9bf50333c359ff3fef199694f9b6292424f00666cef6d06d161a79e3a1b9b9629eea53505f5e36aeadfe0d759672b0ffe498397d90a55d9944b30541a7e1bdac53020640137dc252aef622f3819d36ab498d763e4327ba8580dd9f7e5f47c24cc9928734b7e62112c57e3e0cfedecdcbaccb0c45af8219455ee7223c71e7e20410c5244eb827af2f3935ce4755444747aa945f4c26db3a298519e75fc6bace91529972e8691b694d30aa8b5ec4c1a028d3bd10bd0c8a408fb7d9d703495553ecea598d0622dcc74de489ba7195cdae8d5cff9855921837b528433ee55c0b7090857a0c2784d9310b4825a7993ad9c6f18f83bca5cc6a25047168a8376b062e3a48ea90cad88e331187c2b6f281426f81f78804a895c4ec06c341fe846af4527ea26069dcf61d813fddf0fc43c707350bfb2fc1cffcee7d7ccd7d75f7a465a3d14d57302c146aba3e: +de8f1c99e7f8556df20b59b8504cff7c6c5241a8aeeb30b92eab97bf481d0fe9e463791d0f567ee73abbf47dd57167a535613b05cd48d92ebc7d24e6ebff9573:e463791d0f567ee73abbf47dd57167a535613b05cd48d92ebc7d24e6ebff9573:38d93e5c9801db901797ec75c6dddc65ae7980de210bed43b33eb44cdc6dc9933fb6bec7421db10f0a59320b9e642a21f1dd235601fcd6c53be4a877f4fed3fa4a0ad4dc6e9b391bcfa434906925ba45ecc5b435d9ab8cfafc394bdcca9b07d5668393446e3400e9039435a1dc78cbc08807a3fb24ca8b19f64ea08b8bf6c20a195b51ff8015f3e7c91d08e4bc62415595a5a882fba651dc3a675187af618249747b4680d1d15a202ea9df48b1c214fd403466fd1a265f2defaf8ed5a6bf0eb08d1864f2a28e9472143c6fd103b6b108c0d1d1363b99f9202d11f02056c279cca315db1ab6d31018458f57ba3316cd2738e80c492d857cb1749925e331c65858b50983cd9838cfd2188a5e8f05b471fd3cddcd30d96901194020f115fb469ab5849006dffa2d543a13b3b506ed65cc457532b8aa3ee31d9d8d9e5298d7ac707ac15b827a578c81d434f84cb1b56120d667b2afe6d1530afddfb966d953be7e32df07de389e2d04b232d3512c7db9358fc944d1b118078e6999e891bbfa4a4329f65d807188b59858c431211b29576f4496138b7c0c128f7bef5f79b0f446fc6b4a0e20bca4c40a83571a36644abffabd49cb585fd064c8e509d9a0fcff462676f0ebcb61cec61e512be6f182abd59e09f642aa619634853482ece8f89800f9c5bcfb841431ca0691ed8d80e0a2fcb797a036897cfb6537586b31c00b7965efddfda72861845026459157f79eba1bcaf6cd41d618aeb1bd8da1be98f0cdc7f2e09b903de49c0c1be91dcc177b298096836dcea4f601dd86691555128325438bd9ccbfc0e777920ae8bbd57634c6104fe69a3a72012a2360b6e552550cffb4e2f0b41fe15537ee0e6f37e7880fb4d12bef6cad266ce58df9816b35960cd0bf8652862ee789ccc31a7efc21a81bda46146b111fcfd94f04856ab61a557b1ff7c8e4ea6d9c4bcdd93b151aa08461c568defb2aefdfce96394dc822d4ef6cc4b9a3e6c332039f6538aa0df8de8126d90c312ff496887486111565534346a7462625d63df69fcb5741906f19e00fc8003f08b95985c38b8674af423ca56de5f881b59c466243a7adbadba29caf57fa777122e61823b4e708182aaf37206d7d5ed051c12a5c0f6b4371043f562cdc029d5e1ba9b2bf5ffbf1f5f523db06feca427db7a08819ffb2d0585242e20da58e320b16b16e448d8be0ef7402d24a7194257133bdc982314d83adbcd12e8af31303426c59ffd8269ce4b987ca9b6f0ffdbb4d1d12:30abc4e4e4b388581e668bd409ee18a6ede81a136c28a2924df5fc00d7c280d97862ae3a67a935ce492364135e659adb5fbabe689816591f49ac5022a387cc0938d93e5c9801db901797ec75c6dddc65ae7980de210bed43b33eb44cdc6dc9933fb6bec7421db10f0a59320b9e642a21f1dd235601fcd6c53be4a877f4fed3fa4a0ad4dc6e9b391bcfa434906925ba45ecc5b435d9ab8cfafc394bdcca9b07d5668393446e3400e9039435a1dc78cbc08807a3fb24ca8b19f64ea08b8bf6c20a195b51ff8015f3e7c91d08e4bc62415595a5a882fba651dc3a675187af618249747b4680d1d15a202ea9df48b1c214fd403466fd1a265f2defaf8ed5a6bf0eb08d1864f2a28e9472143c6fd103b6b108c0d1d1363b99f9202d11f02056c279cca315db1ab6d31018458f57ba3316cd2738e80c492d857cb1749925e331c65858b50983cd9838cfd2188a5e8f05b471fd3cddcd30d96901194020f115fb469ab5849006dffa2d543a13b3b506ed65cc457532b8aa3ee31d9d8d9e5298d7ac707ac15b827a578c81d434f84cb1b56120d667b2afe6d1530afddfb966d953be7e32df07de389e2d04b232d3512c7db9358fc944d1b118078e6999e891bbfa4a4329f65d807188b59858c431211b29576f4496138b7c0c128f7bef5f79b0f446fc6b4a0e20bca4c40a83571a36644abffabd49cb585fd064c8e509d9a0fcff462676f0ebcb61cec61e512be6f182abd59e09f642aa619634853482ece8f89800f9c5bcfb841431ca0691ed8d80e0a2fcb797a036897cfb6537586b31c00b7965efddfda72861845026459157f79eba1bcaf6cd41d618aeb1bd8da1be98f0cdc7f2e09b903de49c0c1be91dcc177b298096836dcea4f601dd86691555128325438bd9ccbfc0e777920ae8bbd57634c6104fe69a3a72012a2360b6e552550cffb4e2f0b41fe15537ee0e6f37e7880fb4d12bef6cad266ce58df9816b35960cd0bf8652862ee789ccc31a7efc21a81bda46146b111fcfd94f04856ab61a557b1ff7c8e4ea6d9c4bcdd93b151aa08461c568defb2aefdfce96394dc822d4ef6cc4b9a3e6c332039f6538aa0df8de8126d90c312ff496887486111565534346a7462625d63df69fcb5741906f19e00fc8003f08b95985c38b8674af423ca56de5f881b59c466243a7adbadba29caf57fa777122e61823b4e708182aaf37206d7d5ed051c12a5c0f6b4371043f562cdc029d5e1ba9b2bf5ffbf1f5f523db06feca427db7a08819ffb2d0585242e20da58e320b16b16e448d8be0ef7402d24a7194257133bdc982314d83adbcd12e8af31303426c59ffd8269ce4b987ca9b6f0ffdbb4d1d12: +0736f801720a947c5c2f3258ce0d511c3e17e94e37b30adfa52095921171d4004f694255920d0c38de6e72e165c33aee76b1cbf6f4837aa5901475667acd2826:4f694255920d0c38de6e72e165c33aee76b1cbf6f4837aa5901475667acd2826:7f87b51f6ead2d4402a3bd3c3769a267ac8e82f779ad7b986dec82cbfc1ea51291884326d9226967cb66a96873184f0e83b3ab25a5ab2fa805fe3a0e7b190a622d461b7830a3f697c831c29ea7c0cd4b68d8e77aa69711cf864dc1d5394f4845e2fbb5076404e09a88b79f05670551bce2ef5468b79d57888b9852a4bb479a4fd0beb681fd523fc5bf4458abbc38ece72e106e00222015a57ebec55bf47513e25c3c4554843bdacbcfe9f1b8d0ae354e48d03fdebdf20d655b5268d8bbbf33b1288910f0444fcd56c0da7b8903362b7e37a864654277cffbe6c60857f0b3514d22a40b9dd2d3fe5caea5507a0de3051bb3a4015fa0fe4c462b98fef2357dcf6b97dc75def382f901f96f4a04a3efc60254200a2c4cdc8a58b25d94e32954eaff1511ac46e3606663b6875f136499da6a769097879a6e0834d564fa7fdb99581183ed0c9d48fd195d7ecd9f4dd4865565fd17a008718dcd76f68a54e516a2b730ed3dba5c2cf40630bbfe7fa03bb7cdd967695495a7c86e2e84cb017ec69601924631595affaa8cfd048d14267c73e54cfa539047e717691e399737fa50cc4844961257c93d7253d23226b7cd0d1bd31f3f0d2d892d073d8c5073c602f61a04d6437c3903eb4a64a01fbcc0c7e159201cdc4aa42ef3b1ff9c78fc275cfb11a05ffed8f9f22d85ba924d8d32231c254d898da7f0679a64cab84026906e9e85f95efd8ee2a1725633f4de2ba67d99aa7f0550af139e9f8c5293786727d82630296d5daa9e830aa1b3b5b302b8b662ac832e9213016ba493a03a28cc3e9540d0d65acddbfe1252b5c16a84a445ce75415c6cd8ab16fe5eef117097d71eb5676b9a95b35882a7c3506bc5d02f03910a63d46846b213c3c9bb2fc34e6c69017d2065a1ad3ce3fd14ab0014f584e57ea9d903e40aceb230a8693fa2e63641c25438ff7a1638760438844cdf001180f5b177be69edf7ef66b39312805214cb17706cefe545be5a77019a5ec52bbf78850fa3d97de2d4d74aa68b58ca812a1b156a0c4001129f067232a6ec91a5ed4270f2a4c6efeee787004770c859e450e837efb04dc998bd273c27a09855e4eca1a22a9b88c17bdbf253a79761070a76817a7f74ff3f07fb718bffa0b4f326f284e62f836832427be82f483373515b9bf59af4a76a57e2f40b91034dd568ec14ac10e2309b87e2922f9cd9fc1a46a47ed3bc7e1b9feb9ee067073fa5dce2a67530526de67ee0e509663c44467eeb59420103ebcdffa709:c03c0314851279edcde970c23efa236f235eda960d2c27d3ca946f650c200b4eba04be668ff62eaffa6cea351abdfc54401dccce3dba78004aec9581a2ccf40f7f87b51f6ead2d4402a3bd3c3769a267ac8e82f779ad7b986dec82cbfc1ea51291884326d9226967cb66a96873184f0e83b3ab25a5ab2fa805fe3a0e7b190a622d461b7830a3f697c831c29ea7c0cd4b68d8e77aa69711cf864dc1d5394f4845e2fbb5076404e09a88b79f05670551bce2ef5468b79d57888b9852a4bb479a4fd0beb681fd523fc5bf4458abbc38ece72e106e00222015a57ebec55bf47513e25c3c4554843bdacbcfe9f1b8d0ae354e48d03fdebdf20d655b5268d8bbbf33b1288910f0444fcd56c0da7b8903362b7e37a864654277cffbe6c60857f0b3514d22a40b9dd2d3fe5caea5507a0de3051bb3a4015fa0fe4c462b98fef2357dcf6b97dc75def382f901f96f4a04a3efc60254200a2c4cdc8a58b25d94e32954eaff1511ac46e3606663b6875f136499da6a769097879a6e0834d564fa7fdb99581183ed0c9d48fd195d7ecd9f4dd4865565fd17a008718dcd76f68a54e516a2b730ed3dba5c2cf40630bbfe7fa03bb7cdd967695495a7c86e2e84cb017ec69601924631595affaa8cfd048d14267c73e54cfa539047e717691e399737fa50cc4844961257c93d7253d23226b7cd0d1bd31f3f0d2d892d073d8c5073c602f61a04d6437c3903eb4a64a01fbcc0c7e159201cdc4aa42ef3b1ff9c78fc275cfb11a05ffed8f9f22d85ba924d8d32231c254d898da7f0679a64cab84026906e9e85f95efd8ee2a1725633f4de2ba67d99aa7f0550af139e9f8c5293786727d82630296d5daa9e830aa1b3b5b302b8b662ac832e9213016ba493a03a28cc3e9540d0d65acddbfe1252b5c16a84a445ce75415c6cd8ab16fe5eef117097d71eb5676b9a95b35882a7c3506bc5d02f03910a63d46846b213c3c9bb2fc34e6c69017d2065a1ad3ce3fd14ab0014f584e57ea9d903e40aceb230a8693fa2e63641c25438ff7a1638760438844cdf001180f5b177be69edf7ef66b39312805214cb17706cefe545be5a77019a5ec52bbf78850fa3d97de2d4d74aa68b58ca812a1b156a0c4001129f067232a6ec91a5ed4270f2a4c6efeee787004770c859e450e837efb04dc998bd273c27a09855e4eca1a22a9b88c17bdbf253a79761070a76817a7f74ff3f07fb718bffa0b4f326f284e62f836832427be82f483373515b9bf59af4a76a57e2f40b91034dd568ec14ac10e2309b87e2922f9cd9fc1a46a47ed3bc7e1b9feb9ee067073fa5dce2a67530526de67ee0e509663c44467eeb59420103ebcdffa709: +fa75650491047428d363b5822222122dffb5a9fddc603c33c8a608618375dcf398c9641fa9dfa8ea13e0d1c716b8679e264be15dd2d4c06ab43cbee47916ee01:98c9641fa9dfa8ea13e0d1c716b8679e264be15dd2d4c06ab43cbee47916ee01:f54e41b939e37df17c7d6043fded14a915d934e867c345269fdc0177f5bd10c4348f319e0ab9a64cc0b7d4e0c91ca9aadaab2edcba544f14ed2cb539ca8975097d87927095b4ebd490344340061ed93c38167edaa096a230db59624c67fb9a1e1ddac402133f4d47cfc11e2fae6b3f3c5001cba9a8aed90073103240227e716ff71bf68a591ba2ceff2d31b86ef21ab012eccd409ad5c29d659a1b37c4d85505304140fb2c3437a206868b1352c102bbfa3b9a76522a2bfc5406b257696de74ee7d315c8e99caa96bd838006c6da2a4233315a856acb8e80c33168b333551d91d074055734130bd7d14c56811ebabf7d5a250e6072593d9f2f8b97c12a703c2c479cb0b15b7a2775c9dcd2ca4624672368a2e6145467f3be6615f93b8120a0a12da1560663a26a61731966b44b299ebfad2a95c62360f39ce05d9558e305ee23a52fa5ce20f6be5e262aff3a864d5ddabe23ff943f71d5998493d99fe2ac2374b464a69183c3bc4f1ddb883611149d7ddbf1e8380b544335e2b89395054c9f2558dfc56ea93ff14d0f15d2e0bd8937a556387de96e418d8b3a7d666fb190364b2c2190d3c25f1752d5483dcbb5960064f0c87fcf8f313d28781c114a169b690a8701c50d89c77324531c0f849dbad1633d925acd06c16a9cea19a434ebc42aebb1fdb9b0bacc93cec39919943664ea1a958406ff9e4935c92ca7c39708f9cab710a583096b4ed9f48d9e090647240d76eccbaba591f55fe7e36d72c21727acba0f8030954e62bc580b8b670c4457c3403e369ac20e660d662f7f6a414213ea43f7c0105009c1de817adf6ffd9cca3b45a63a822281c6e2772fd7b7809603184b4879b18c887903f0fc8d8e1e2dbf6e772f0b2d9b8a29927acc81714a2256ad8d7b7330527d7dbf8befd82f8c9bb401cf0a90249a64ca6f8833db31bd03b9e7946d06dd04383d7c082d70aeb37ff84c2b057d973b894b4a03ec7bf031aea656a1908488894a4ada3fd7fadf91ede9550d38415f82a09455c0f432fb55987132f00042afd60ea51d1f1c6c1afe0cf87c346e31e63e26f49b137177b2d47ab30f07cea071931274cf010836d683fff3be7134c78b8bfd8b1b8fc2049e18ccb1e18a0a9585a7d8a1e25492608668c96d62a0aca8ef90e048d20378c108d06b03fe3ec4adb27528ae08f7ded9487893ae64ca4b939202aa4c17afe718cdca49ff9616d0cdf8334b6aee2d6d20947ca4bd7df531dd1da99581ff72ea56fe62caa2c95e3587:1effbf9299a1b9354fe1f1dec1766595ea767ab8e4da9bb57b4f69bcbd8cb3d86f768392f59b39fafa8a210a6509fe0d6008d6356111adfb3799c1d559c26309f54e41b939e37df17c7d6043fded14a915d934e867c345269fdc0177f5bd10c4348f319e0ab9a64cc0b7d4e0c91ca9aadaab2edcba544f14ed2cb539ca8975097d87927095b4ebd490344340061ed93c38167edaa096a230db59624c67fb9a1e1ddac402133f4d47cfc11e2fae6b3f3c5001cba9a8aed90073103240227e716ff71bf68a591ba2ceff2d31b86ef21ab012eccd409ad5c29d659a1b37c4d85505304140fb2c3437a206868b1352c102bbfa3b9a76522a2bfc5406b257696de74ee7d315c8e99caa96bd838006c6da2a4233315a856acb8e80c33168b333551d91d074055734130bd7d14c56811ebabf7d5a250e6072593d9f2f8b97c12a703c2c479cb0b15b7a2775c9dcd2ca4624672368a2e6145467f3be6615f93b8120a0a12da1560663a26a61731966b44b299ebfad2a95c62360f39ce05d9558e305ee23a52fa5ce20f6be5e262aff3a864d5ddabe23ff943f71d5998493d99fe2ac2374b464a69183c3bc4f1ddb883611149d7ddbf1e8380b544335e2b89395054c9f2558dfc56ea93ff14d0f15d2e0bd8937a556387de96e418d8b3a7d666fb190364b2c2190d3c25f1752d5483dcbb5960064f0c87fcf8f313d28781c114a169b690a8701c50d89c77324531c0f849dbad1633d925acd06c16a9cea19a434ebc42aebb1fdb9b0bacc93cec39919943664ea1a958406ff9e4935c92ca7c39708f9cab710a583096b4ed9f48d9e090647240d76eccbaba591f55fe7e36d72c21727acba0f8030954e62bc580b8b670c4457c3403e369ac20e660d662f7f6a414213ea43f7c0105009c1de817adf6ffd9cca3b45a63a822281c6e2772fd7b7809603184b4879b18c887903f0fc8d8e1e2dbf6e772f0b2d9b8a29927acc81714a2256ad8d7b7330527d7dbf8befd82f8c9bb401cf0a90249a64ca6f8833db31bd03b9e7946d06dd04383d7c082d70aeb37ff84c2b057d973b894b4a03ec7bf031aea656a1908488894a4ada3fd7fadf91ede9550d38415f82a09455c0f432fb55987132f00042afd60ea51d1f1c6c1afe0cf87c346e31e63e26f49b137177b2d47ab30f07cea071931274cf010836d683fff3be7134c78b8bfd8b1b8fc2049e18ccb1e18a0a9585a7d8a1e25492608668c96d62a0aca8ef90e048d20378c108d06b03fe3ec4adb27528ae08f7ded9487893ae64ca4b939202aa4c17afe718cdca49ff9616d0cdf8334b6aee2d6d20947ca4bd7df531dd1da99581ff72ea56fe62caa2c95e3587: +e1c12946d221a194f22f2762c0e51cbe3f98b914a47d3dc41a1f45c54370637c10408136a68fc56c7d3b36b7fef122094de081031189cc84a48806aaf6cb9185:10408136a68fc56c7d3b36b7fef122094de081031189cc84a48806aaf6cb9185:870f4cd97cfc0aafada40072312fb54bccc07628714e4962d4bef4eeb5de40a19a246b5b7d52d487b7e52d656f2c6403b916d02e02a6d291c1e1828dd945a583b438528d1c39765a572031ffa916b68321f32e6646f0dcc1c60235ffaa3235f484a5c4978fa3e6bf14301d53e12f4cc52118b1f6f07f5336f5d0a93789bb01d162fb3126dcd756e0642e7e698963c0345911a5cf3c9953f77319426cea2cdeda3efe989ecb63cb9eb8b920de766c4fcf6336e5bc4371a068371fed95c8c2b61ee9b7c3e3831c20bffe8707c0c98be96153c8a873d7f28afca1bf71085ce0e3899eef5591bdd666dc2d07641772d745c51644a260815b208c4dd305f05fe463d0d9d5a9eeff9779f5b1d44f26083078566d0e5ff56b3af0e64cc38708af5a65f654352df10437f1ddf945a0da1f4def6a71a060e0c4adeccaacf85e090f7090370ae24e5238d768a08fe6b4bb5ec497a6603198608415c7c6490048aa36737c08503008aece0f494219ddf89b72ea77171c6d3117089eb88907e8c33fb9e70b0dc281f664b5f965b5d2adb1250710ef2352025fb293395ae1d23ee3b592b4c5f2d55569a5458654ce3fc25dd0e3f7e6757aa7b347c1ffd3ba4d4f2c4b6d36afd59863a32a594e74537ece9b8b1ec269bbc4cb54d76238211f62a98a46a4af662fa81eba6f30f514b866b7942bc173f7211a6c014da14e741327a568623d14b8f835ef1d5d62b2523cfe6a85bc69fa05200deac1568b946a816b75c5d7603174fd4e2f9101a79063791bc3d59297cdc10bdaa663abf3c1be2fda17e4e5ce394e90bd76b1f9e0405f5675b99d638abc2c1b2d8b53a6fd3dc8375855ec54ccbda24e672527723b07bb599db54e38793391cf09ef3b1fd7614990065bbd4a19e8d3d1048253ba4c971c2f98d2b359df509087323aa6905029f5cc5e1a0aaf2f7c0108ddb1a40f562be64e57e695ed21dc7db17d533677ef12fcbbe29f3b237bb6344b1109b32a9462abc3ad3c0710b04f38c6f5952db275e77e2f37e95d55096bbaf3e305d5d743d36595bf0567892c210ac7bae7371d164584785dd890174159b3930a9a6ce3a166dda2383e6e2af28c1bf3192447e90511dcd80ebdf9ee2c9bdeddeeb610558641532d07cd13da61254154cc0fd9d481e3b0a237af2ec26256d4ab219faf15ad2b7e8e57ab726ff2723216a574585e2a639d948c2c4f69eeaad283e3a44ff268eaefd7e66b73ede473a8397c76b48d56cb3ccdabc91a8929cf42998350e0:8fd7fa400c032fcfbc402942fc78637526be97ab82f237bb393ea39e35738c67d75409543a8b3c055f08bf69199af63b6911a482fb4f6580802ec9d2dc3c1106870f4cd97cfc0aafada40072312fb54bccc07628714e4962d4bef4eeb5de40a19a246b5b7d52d487b7e52d656f2c6403b916d02e02a6d291c1e1828dd945a583b438528d1c39765a572031ffa916b68321f32e6646f0dcc1c60235ffaa3235f484a5c4978fa3e6bf14301d53e12f4cc52118b1f6f07f5336f5d0a93789bb01d162fb3126dcd756e0642e7e698963c0345911a5cf3c9953f77319426cea2cdeda3efe989ecb63cb9eb8b920de766c4fcf6336e5bc4371a068371fed95c8c2b61ee9b7c3e3831c20bffe8707c0c98be96153c8a873d7f28afca1bf71085ce0e3899eef5591bdd666dc2d07641772d745c51644a260815b208c4dd305f05fe463d0d9d5a9eeff9779f5b1d44f26083078566d0e5ff56b3af0e64cc38708af5a65f654352df10437f1ddf945a0da1f4def6a71a060e0c4adeccaacf85e090f7090370ae24e5238d768a08fe6b4bb5ec497a6603198608415c7c6490048aa36737c08503008aece0f494219ddf89b72ea77171c6d3117089eb88907e8c33fb9e70b0dc281f664b5f965b5d2adb1250710ef2352025fb293395ae1d23ee3b592b4c5f2d55569a5458654ce3fc25dd0e3f7e6757aa7b347c1ffd3ba4d4f2c4b6d36afd59863a32a594e74537ece9b8b1ec269bbc4cb54d76238211f62a98a46a4af662fa81eba6f30f514b866b7942bc173f7211a6c014da14e741327a568623d14b8f835ef1d5d62b2523cfe6a85bc69fa05200deac1568b946a816b75c5d7603174fd4e2f9101a79063791bc3d59297cdc10bdaa663abf3c1be2fda17e4e5ce394e90bd76b1f9e0405f5675b99d638abc2c1b2d8b53a6fd3dc8375855ec54ccbda24e672527723b07bb599db54e38793391cf09ef3b1fd7614990065bbd4a19e8d3d1048253ba4c971c2f98d2b359df509087323aa6905029f5cc5e1a0aaf2f7c0108ddb1a40f562be64e57e695ed21dc7db17d533677ef12fcbbe29f3b237bb6344b1109b32a9462abc3ad3c0710b04f38c6f5952db275e77e2f37e95d55096bbaf3e305d5d743d36595bf0567892c210ac7bae7371d164584785dd890174159b3930a9a6ce3a166dda2383e6e2af28c1bf3192447e90511dcd80ebdf9ee2c9bdeddeeb610558641532d07cd13da61254154cc0fd9d481e3b0a237af2ec26256d4ab219faf15ad2b7e8e57ab726ff2723216a574585e2a639d948c2c4f69eeaad283e3a44ff268eaefd7e66b73ede473a8397c76b48d56cb3ccdabc91a8929cf42998350e0: +762f06ca01e314715f92c90bbe72a25bf26212c81eb1d1a0dae2c31130f7cdbbf9626ffd692731925e5aacfa1bded01aa8f730b772d5e46adbc315565b9bf2c9:f9626ffd692731925e5aacfa1bded01aa8f730b772d5e46adbc315565b9bf2c9:9497483a4fba78433b38e9deb8915c750b6da0f78af4a68b62f9fc0391e338873b1d64b1b7f09f12f056a3c91653498ad56e069b8b160887e8e378a76d8b3c667083c0a2b2d2317d3b874857e57862ef0cb70436a9028f0191ccc616e9d7c9bd869808cf094835ff518677b3fb089f4c9d077cc7742405b4863ac7a59645c9cf540d57399da6ae9d07fd19fca95bc8a86d8b8e24e48733f32158fd19a8a1111d1da1f9b580a39c10484616cf2bc0ec29f63f77c85356158e16da594b5a890e55d0b64599b30293e900ed92ad261969e7df4c4b1d0b6024bdceb69067ef486c20fdcd22a10d5da45fbf905ba1e935c96f50afb63571bcff3130684eda0b56e60b26cf4c0ef9938a92768fc8631fe308236b012f92af24a8f6e6ecbe76629bbaf8ffe54cdbe8671de2ba624a7c0f6193bba4110412902bac2990922a9e5a81053cf876a4c805a04c56a8139d3419e454a622d0342bf426e9802c3dc1b4080c75492afe9d7b1545fe086d963541324ff52a48c6bfaea26668b3e01e5236fd45fe54594535c0b23e287ebd1428c8be0ad141600e91cb51e1ea66271a6421fb689e88a0790a651dbd21ee2089b274666f660ca09ce2d60e39e2ee5f03b6eb82d19976966e79900a810f6d5b5c1a548e5064f5c3d8a9f2def0179df99d143fde69b0712c091c29e9b25f40cafd57a024658d7774037610342f3800fd51f49e79a5b3decc112f58d03e3d2958758588bc4b1c6a6cda7bc5f5be183e41513c1f230f3cc364304bf82484b7cf19a002e150f98c5e97c6166ea15b86340b8c5ebe5c1a183e5588e66f55905086313f37a409e89b47db31ae97453edf69fed7be08113071f374b26ec6043f2a0e9cf8bad802abad69e617e76243b3cc034b099d8729ee407a53eb03bdc6410a039504b3b12c819b64545d405c6a4f084921935bdff4130ae629d909626b062676e538eafdffb1d6229c0889d3cddd3365dc3d6536f7248c49317cb50c56fb57855541d6feebac816c9928fa662d0ae80a0f39e570bb7d22416f98f371b64247968951a8a246f74b3061743c9af7684bbb966ae0bd78a810493ea4ccd71174871c82bb652b2748e5bccb0ab6388a50f053a048087fd97eb15c1a21b1ee1825e54aa130d66318aaf661bbb24763577eb37d310e219b0a9bba0375eb9c9b4af8c4b99a3699e0d3266733b6e4e9c534490a1341cb1990ca5b1c847bc8126026fea903a1f549d65af8fe02a9163ff8ea281e7226243e2a153b921851de10f7:e842b49e533dbc92998dc078e59793a2c2fa636bdfafdb48934c93cf34797102938d137ab7ead1a0f70e94a67d57ef6a02c9ec77d71f70cc57f1533bec87730e9497483a4fba78433b38e9deb8915c750b6da0f78af4a68b62f9fc0391e338873b1d64b1b7f09f12f056a3c91653498ad56e069b8b160887e8e378a76d8b3c667083c0a2b2d2317d3b874857e57862ef0cb70436a9028f0191ccc616e9d7c9bd869808cf094835ff518677b3fb089f4c9d077cc7742405b4863ac7a59645c9cf540d57399da6ae9d07fd19fca95bc8a86d8b8e24e48733f32158fd19a8a1111d1da1f9b580a39c10484616cf2bc0ec29f63f77c85356158e16da594b5a890e55d0b64599b30293e900ed92ad261969e7df4c4b1d0b6024bdceb69067ef486c20fdcd22a10d5da45fbf905ba1e935c96f50afb63571bcff3130684eda0b56e60b26cf4c0ef9938a92768fc8631fe308236b012f92af24a8f6e6ecbe76629bbaf8ffe54cdbe8671de2ba624a7c0f6193bba4110412902bac2990922a9e5a81053cf876a4c805a04c56a8139d3419e454a622d0342bf426e9802c3dc1b4080c75492afe9d7b1545fe086d963541324ff52a48c6bfaea26668b3e01e5236fd45fe54594535c0b23e287ebd1428c8be0ad141600e91cb51e1ea66271a6421fb689e88a0790a651dbd21ee2089b274666f660ca09ce2d60e39e2ee5f03b6eb82d19976966e79900a810f6d5b5c1a548e5064f5c3d8a9f2def0179df99d143fde69b0712c091c29e9b25f40cafd57a024658d7774037610342f3800fd51f49e79a5b3decc112f58d03e3d2958758588bc4b1c6a6cda7bc5f5be183e41513c1f230f3cc364304bf82484b7cf19a002e150f98c5e97c6166ea15b86340b8c5ebe5c1a183e5588e66f55905086313f37a409e89b47db31ae97453edf69fed7be08113071f374b26ec6043f2a0e9cf8bad802abad69e617e76243b3cc034b099d8729ee407a53eb03bdc6410a039504b3b12c819b64545d405c6a4f084921935bdff4130ae629d909626b062676e538eafdffb1d6229c0889d3cddd3365dc3d6536f7248c49317cb50c56fb57855541d6feebac816c9928fa662d0ae80a0f39e570bb7d22416f98f371b64247968951a8a246f74b3061743c9af7684bbb966ae0bd78a810493ea4ccd71174871c82bb652b2748e5bccb0ab6388a50f053a048087fd97eb15c1a21b1ee1825e54aa130d66318aaf661bbb24763577eb37d310e219b0a9bba0375eb9c9b4af8c4b99a3699e0d3266733b6e4e9c534490a1341cb1990ca5b1c847bc8126026fea903a1f549d65af8fe02a9163ff8ea281e7226243e2a153b921851de10f7: +c5cc0b95818c4bf38da1d65f021627e9e57d262b02ec6d917a7d46b11c7fe48a457da4ef14519d541edf92cabed9b04d8a2f2afd1510a92f009bb4e8754f1eba:457da4ef14519d541edf92cabed9b04d8a2f2afd1510a92f009bb4e8754f1eba:d6608bf5ac000ecaf95fc09f9cb7498c518a6e0255586e6337853b1d7d9d7de4dfe1245d59031a317d4e2b6a73c4c3f95b582e72a6420221587bac120fb8ed7348070f2860d85866a09fe756743497f2119bc1bfdf573be35d1091be37f18bcda6741c90d566cc924b72164b749af9a6f40f71d3ea5d8764cdc81714bd7395e5f679973636eff1db1cf0012983f71a2f2b12d45a294e5a389f4cd2483eb39da0df26b736c7af6e41dd35a78e45292c394e34689532888721f863c56db97da1cd10a66a20a670b27fe8ce5568a42b8937790c7be1aa420d203d7a885c1729cd6b8e197189e479d542cbcb9b53656f2b9f539c325c34aa598fd91e7df70f9a74abec467654b1c9a3d14438e7c0836040b793871ecbe9e5f6680ccccd5d4696a87e37e89eab28b6bd679e8fe1627bdc9d373b82f52cd8c49be9bacdc630a32fd12835255a542fb7b12393779d4498aa06a0e7e1a4977939817eb2088af1e19bb0e5aca854c125dc603d835736a03d938051530c9ab1aa3bc779b3bae7450ef57d1b3fc093a37dbe9d1bd6d040f2f8eeba77f7fa88c149f065c7ace33277aa9969c266ea6d85cad62cfaf5508e7032716be684a22856413e0e65e42b6e9e6d865a87363cbb62d5bbb6a3731ddda0fa6ad0293af9893c09a9e743090f2cee2f4437736dd433e2ac7428bdc8c77cb9964355fa4415cc3831d8c7ca5af93d51752e718c6066eca1426a87c29808281a85ac7e0b4044ff6e280e28014b9383d19c9d387d29dc14de433da260784a4944ca76c2fe8a080d0996d9a6c2a3d3a7077280edcee0389aa8e5365d1d9b346eca0947b0ff5265943ccf09939a4b4a8f985f6a5e72723c795da0bc360dce501f673ab6ea8443f129427952453eb72b3a8d0d976c278c5bd1a9853c918e0c240c3c734932953fdb5039fbb04687937c9ff0ab74a16eae212bc6f20e700a77c092d23d2efb580e0c19d65f304129ab8e6cc12e58052257ba09449f30d3d974391afff5633def2f5c4ebd573a9e444bf3a3ddacedf02c05f3cc2e750664a84a1d24c5d28b49670de8a2f2090839483ca38959991a7d3727e21a15e82016c15a09ee71f4f43c0a608b48485c9934a38614794d6291daa39c01c45d3debe579b5823bf3406404b4c80ee6ff342b46b334b0b883b40bfd2f9a53595ab62fd1351ebc88308370497218dfc98ce081407da812a46d6497d7af9ec6d83e1c60eeb712d889dfbed0c805aa11cf817dd8f04396ef871a26112dcb7c0e1d2e68:3ba0af8af127c4584826090ecdaf485ebdf07b82bc499c9a2befca28d49344974addbc8d80a52560e0f3d73ff5cccc72c74b5b47ad2e6de9612d1a00aec92701d6608bf5ac000ecaf95fc09f9cb7498c518a6e0255586e6337853b1d7d9d7de4dfe1245d59031a317d4e2b6a73c4c3f95b582e72a6420221587bac120fb8ed7348070f2860d85866a09fe756743497f2119bc1bfdf573be35d1091be37f18bcda6741c90d566cc924b72164b749af9a6f40f71d3ea5d8764cdc81714bd7395e5f679973636eff1db1cf0012983f71a2f2b12d45a294e5a389f4cd2483eb39da0df26b736c7af6e41dd35a78e45292c394e34689532888721f863c56db97da1cd10a66a20a670b27fe8ce5568a42b8937790c7be1aa420d203d7a885c1729cd6b8e197189e479d542cbcb9b53656f2b9f539c325c34aa598fd91e7df70f9a74abec467654b1c9a3d14438e7c0836040b793871ecbe9e5f6680ccccd5d4696a87e37e89eab28b6bd679e8fe1627bdc9d373b82f52cd8c49be9bacdc630a32fd12835255a542fb7b12393779d4498aa06a0e7e1a4977939817eb2088af1e19bb0e5aca854c125dc603d835736a03d938051530c9ab1aa3bc779b3bae7450ef57d1b3fc093a37dbe9d1bd6d040f2f8eeba77f7fa88c149f065c7ace33277aa9969c266ea6d85cad62cfaf5508e7032716be684a22856413e0e65e42b6e9e6d865a87363cbb62d5bbb6a3731ddda0fa6ad0293af9893c09a9e743090f2cee2f4437736dd433e2ac7428bdc8c77cb9964355fa4415cc3831d8c7ca5af93d51752e718c6066eca1426a87c29808281a85ac7e0b4044ff6e280e28014b9383d19c9d387d29dc14de433da260784a4944ca76c2fe8a080d0996d9a6c2a3d3a7077280edcee0389aa8e5365d1d9b346eca0947b0ff5265943ccf09939a4b4a8f985f6a5e72723c795da0bc360dce501f673ab6ea8443f129427952453eb72b3a8d0d976c278c5bd1a9853c918e0c240c3c734932953fdb5039fbb04687937c9ff0ab74a16eae212bc6f20e700a77c092d23d2efb580e0c19d65f304129ab8e6cc12e58052257ba09449f30d3d974391afff5633def2f5c4ebd573a9e444bf3a3ddacedf02c05f3cc2e750664a84a1d24c5d28b49670de8a2f2090839483ca38959991a7d3727e21a15e82016c15a09ee71f4f43c0a608b48485c9934a38614794d6291daa39c01c45d3debe579b5823bf3406404b4c80ee6ff342b46b334b0b883b40bfd2f9a53595ab62fd1351ebc88308370497218dfc98ce081407da812a46d6497d7af9ec6d83e1c60eeb712d889dfbed0c805aa11cf817dd8f04396ef871a26112dcb7c0e1d2e68: +61fa8677eedaded69b165c8d277c978249663028301df6163e39b06ac2f5625f87339eb57238db2e4e60f3c28a3fd5fb611c65fddc81eed7cf7771df34d92267:87339eb57238db2e4e60f3c28a3fd5fb611c65fddc81eed7cf7771df34d92267:02c581dee03f2c603935af5eceecfa677134a3e0aea54fecaf4271fb52951a27b76877ccd49ab486dfc227cf31c9d957cc97306573fc7fe1d31b6c7df3d780f3a05ca6395657a9424342c9c6b703127e038df0792154e30a49476112cb92d0d5a2d22e895752a86edddd912fdc81b1e64a7bb750f099182132ee4823fde845802a944539d412b2a81a15b00071a950504c5b55a71bdb8c5a582639e855e8be241cda1ba6b3b4f64554d17824904cb30cd7efd9ac049e390bb79f53598ef1e8fc27dd7bf599c9028c9ebf92fc3be11df329612a228e0f5684687bf41ff203e97a7686126a39366bdc26d50be025d5187c6ba0666e379be4a80a9e62effcd916d7f98de651e00b97adf5d2d53daa7f8d695a291560755c744482364c4f1fa47ec0b1da161aa388f9597989a97726d3ed2cec82f1a1bbc4ac0be0a00cb4a8db1fb7c14ba05d896348dc0559d2a90beac2041dd77f82d6b12aeb2243ca0f419a57d3ca9c7d25a30ff0e8bb0d945155d1b36ad107b55beaa95b7d5e32003407629f1515f8a7089e2488d0d7544c2f7cc7c7f0985da42840d4368ff4f0fa4fa298e3b7229303aba514ae94e7026535a3f426ffbb4e001cd50ed12f214b3abef96e301635c987b133fc5e6184e7b7572bc3d99a4523cbd5afe593cedf4c9cd02ff2e36237e4ee12ef1a22d16d7cf4c072dced91cdd26ee144cc2bef4950026349e9444784081fe4e0498bc75f72e6818f459bba9049c561316c9f498e7b1a994b0e93055fe73e444cbdf96ac35e9c4e92e6b49e3bc0e99de1716df8eacaeb8d2fd74870044cb39c0e367a1fe32a9bb2974416364e730d5248dfb1df164a8d58caa1005fdc91bac2bc01cc77decc14893ef946fb3c81be0832c72fba372062f8360f4d8e6d5b741cf7032d8d89de2edf4c714a29f75abd8f5ff43ecdd4b7a04d7db0882d16e74473a0fb79db444a78ea44aa2631b8c0d7b0300d55cb6ac485f24c0acc647747c43db3b2a8677baf656fa735a575f1813f3668a2aca9175711b525eb496e9ef9711d75f590c7d9ef99e0f59e8483cbf9f284e3f5a33ee7781e62b8b05551777efe0fbfd19e54b6bbd142944bc2959a82ebd295d23d3443b6ce658c2d579a7637b549520491908e34282ec2716972e6f0353929547ef1537aecc96b2df616148599b09d9b81394a13fe7db86760b1e2a060efd484e8189939ebdf6f21640d89d8e736dee082ad72a0184adedd8df21474c9f526bcfdf7e85658194bb6d942e7f3fe96c23f:c04ebd11c3eb09396fe8d68279510a9efee391abee4081f0d275674a304794835aad7f3e345bcf0af8027f97477e79e6792b8f299846ae28cb13bd887537990d02c581dee03f2c603935af5eceecfa677134a3e0aea54fecaf4271fb52951a27b76877ccd49ab486dfc227cf31c9d957cc97306573fc7fe1d31b6c7df3d780f3a05ca6395657a9424342c9c6b703127e038df0792154e30a49476112cb92d0d5a2d22e895752a86edddd912fdc81b1e64a7bb750f099182132ee4823fde845802a944539d412b2a81a15b00071a950504c5b55a71bdb8c5a582639e855e8be241cda1ba6b3b4f64554d17824904cb30cd7efd9ac049e390bb79f53598ef1e8fc27dd7bf599c9028c9ebf92fc3be11df329612a228e0f5684687bf41ff203e97a7686126a39366bdc26d50be025d5187c6ba0666e379be4a80a9e62effcd916d7f98de651e00b97adf5d2d53daa7f8d695a291560755c744482364c4f1fa47ec0b1da161aa388f9597989a97726d3ed2cec82f1a1bbc4ac0be0a00cb4a8db1fb7c14ba05d896348dc0559d2a90beac2041dd77f82d6b12aeb2243ca0f419a57d3ca9c7d25a30ff0e8bb0d945155d1b36ad107b55beaa95b7d5e32003407629f1515f8a7089e2488d0d7544c2f7cc7c7f0985da42840d4368ff4f0fa4fa298e3b7229303aba514ae94e7026535a3f426ffbb4e001cd50ed12f214b3abef96e301635c987b133fc5e6184e7b7572bc3d99a4523cbd5afe593cedf4c9cd02ff2e36237e4ee12ef1a22d16d7cf4c072dced91cdd26ee144cc2bef4950026349e9444784081fe4e0498bc75f72e6818f459bba9049c561316c9f498e7b1a994b0e93055fe73e444cbdf96ac35e9c4e92e6b49e3bc0e99de1716df8eacaeb8d2fd74870044cb39c0e367a1fe32a9bb2974416364e730d5248dfb1df164a8d58caa1005fdc91bac2bc01cc77decc14893ef946fb3c81be0832c72fba372062f8360f4d8e6d5b741cf7032d8d89de2edf4c714a29f75abd8f5ff43ecdd4b7a04d7db0882d16e74473a0fb79db444a78ea44aa2631b8c0d7b0300d55cb6ac485f24c0acc647747c43db3b2a8677baf656fa735a575f1813f3668a2aca9175711b525eb496e9ef9711d75f590c7d9ef99e0f59e8483cbf9f284e3f5a33ee7781e62b8b05551777efe0fbfd19e54b6bbd142944bc2959a82ebd295d23d3443b6ce658c2d579a7637b549520491908e34282ec2716972e6f0353929547ef1537aecc96b2df616148599b09d9b81394a13fe7db86760b1e2a060efd484e8189939ebdf6f21640d89d8e736dee082ad72a0184adedd8df21474c9f526bcfdf7e85658194bb6d942e7f3fe96c23f: +7048c6521aefafa4eac6d6c3a702b9525480a66482e4969896757f2cd1ac7d5bed93113c1643a53aa064caa631ceb6e20f6d6ec2fc6c0711cb8a1fe73139af93:ed93113c1643a53aa064caa631ceb6e20f6d6ec2fc6c0711cb8a1fe73139af93:53f74c724db1578a1a296a7ccac904a2504dd9005389b4f8d4ea4b6307298fc6dcce98a6bc07280d20364e405a467e736578965269c81461d61fc6b7e4bad68d2b6dd0005850105f0a67bbc6ee223ec1754af4e3b9afa5062d1c1861048f185b128f1a5c0fb25c3919b4833e29e202bc941a905e63c2c05b1014647bd7ede5be9f996615187a3d3bb2c7dc4c28f7053def9b28b29e2331f16296dce8f1ede484caec996702bd9902e52684c812c87440f69bd141c7e00c6947d1fc7c3bdc0bc5506b6ea462e65f9e743b72c007ddc7a377493777d4eb12620ca6c019c8bfc4c29ec8af382fc3eac841021a74e4674ba3e43e5d7b41e3feeb17da00a7ce455a1cec70b0be6e56f85fc37f64cf0733b7e31241de641a8a8e5b91897bc158fe93d102c01d1f5e166d408165fe3fcb13d5304590ab8ef0dc8d5a8c1d8a93fceb854fc1fa36d0cc480cf8512d80bee69b0650a957daed283cd7638155ed773086e86a8ffb198acc7423b5d1a609a175a56b94c96b731851b93a94977101e255f1ce92e232a05e2e3387fcb4dc13a31bee6ee25507322c73c9883080a74c00f803a998dd530a79126bb144ed5574c4b23180e34e099283b4bb1d28822fce3717046ff32ef9e2cdf967e318ea726a2aeec57806643ad4801d3e0da52a1d77bf043f5ae9f3aea9e4bc4fa795d08401085ca94cfc4ce719dabc7b2390d03d294a65b7af9bc39072285b777b2f133dc11a70c0a9f060e10441f40216acb641637a2eadf1f7b8d262fec1b4d0f0f4faa93f3f732cac382d8ac42e178e2244999d764a9d0e981714686eb4924497e56b50157e9939032c9f88eb657cfde44ad34714af4a51324e5e77d0deea99c9f244d2e09ea425820a746d883a0cf4b705c29df8c037448154dc08a4d4337405fb8765823114370b37ed86086ec5f8bd6c72abf13f518430710f597b06108f65b30a483496e2ed81dab10fee947fe04b5485f2e3074049d22284266651ad10dd086aaa5d452e0d1a61129d1e77c663c26d088962b5545645b7a1a8713d51327a7a359b12daadb85a2cd4b5410d5c20267fa766b8c42a84dc42664588879b3eaefd4cc8dc693f98ac205609e570665b01ea4655e39429a7a7e542efb4f7890dbf4e34c6cff07e4d35bd3eeedf5b46280f4a0da0c2e73c94ea81cfeae7f9bd04fe2d45976500f7dcacb0df2a5dc736a823671db679be66cb33c162fd2c74ae71fbf4d2b05af042b3a977f5b944b9fdb6c34424421bcf4f6223768428fa140fd4:7c45703ed3942e44041c7fa1858aa5f1dc381f493a452dfb52708017898f710e31118e331f00aa64cb738836682b7d177e97955c00319abd79a49e0fcd16fe0053f74c724db1578a1a296a7ccac904a2504dd9005389b4f8d4ea4b6307298fc6dcce98a6bc07280d20364e405a467e736578965269c81461d61fc6b7e4bad68d2b6dd0005850105f0a67bbc6ee223ec1754af4e3b9afa5062d1c1861048f185b128f1a5c0fb25c3919b4833e29e202bc941a905e63c2c05b1014647bd7ede5be9f996615187a3d3bb2c7dc4c28f7053def9b28b29e2331f16296dce8f1ede484caec996702bd9902e52684c812c87440f69bd141c7e00c6947d1fc7c3bdc0bc5506b6ea462e65f9e743b72c007ddc7a377493777d4eb12620ca6c019c8bfc4c29ec8af382fc3eac841021a74e4674ba3e43e5d7b41e3feeb17da00a7ce455a1cec70b0be6e56f85fc37f64cf0733b7e31241de641a8a8e5b91897bc158fe93d102c01d1f5e166d408165fe3fcb13d5304590ab8ef0dc8d5a8c1d8a93fceb854fc1fa36d0cc480cf8512d80bee69b0650a957daed283cd7638155ed773086e86a8ffb198acc7423b5d1a609a175a56b94c96b731851b93a94977101e255f1ce92e232a05e2e3387fcb4dc13a31bee6ee25507322c73c9883080a74c00f803a998dd530a79126bb144ed5574c4b23180e34e099283b4bb1d28822fce3717046ff32ef9e2cdf967e318ea726a2aeec57806643ad4801d3e0da52a1d77bf043f5ae9f3aea9e4bc4fa795d08401085ca94cfc4ce719dabc7b2390d03d294a65b7af9bc39072285b777b2f133dc11a70c0a9f060e10441f40216acb641637a2eadf1f7b8d262fec1b4d0f0f4faa93f3f732cac382d8ac42e178e2244999d764a9d0e981714686eb4924497e56b50157e9939032c9f88eb657cfde44ad34714af4a51324e5e77d0deea99c9f244d2e09ea425820a746d883a0cf4b705c29df8c037448154dc08a4d4337405fb8765823114370b37ed86086ec5f8bd6c72abf13f518430710f597b06108f65b30a483496e2ed81dab10fee947fe04b5485f2e3074049d22284266651ad10dd086aaa5d452e0d1a61129d1e77c663c26d088962b5545645b7a1a8713d51327a7a359b12daadb85a2cd4b5410d5c20267fa766b8c42a84dc42664588879b3eaefd4cc8dc693f98ac205609e570665b01ea4655e39429a7a7e542efb4f7890dbf4e34c6cff07e4d35bd3eeedf5b46280f4a0da0c2e73c94ea81cfeae7f9bd04fe2d45976500f7dcacb0df2a5dc736a823671db679be66cb33c162fd2c74ae71fbf4d2b05af042b3a977f5b944b9fdb6c34424421bcf4f6223768428fa140fd4: +3e6373b265b96789007ad2a10c309a567638f25587d77e28b0823a4f179ae4fea3234e5d13b03472165036404f6de80e702839500f13d9c985a077d45c69ff45:a3234e5d13b03472165036404f6de80e702839500f13d9c985a077d45c69ff45:b9d068bbcae7722f828b0f8c98a738e36a7df4c997c724ba27531af34a2f106c7513a44a461a9aa4309bc15c4e0d42759193ea1cdea956bb815985f57867145e9e2c7585fc8d61027e47d2d735e2448af3782909404edeaac0fd73f6045dcdb04f0377758f02204aae3a7220311c0f4723582710cc440c36c9587b5c9ebc4063fea8ca3f43195894f79a365087137282302dbf2e7a0d411ab58b7026ccde198869aa734334c05238e275e3c3ab217083495769e2fad374051452d7f5b1db0e785836d4bd5e2978a3e991af0ff716f43889a07f5df299603621c39e2cdee089985d9e6bf7b2fbd02373ae1b5e9b88f5b54a076e676d7790bfc8f57dcc59ef52850ce992a73ba7bc991deb4dde5eb0b21670b1b3d4b64f36cca8e307098568497d8916f6b5d0e9e89f99f86006f39bd3a810769c8f7801773c9638abcf5e2711b19d1167593acbe85e4161428997a2194dc5e7b7640f0d2c1eb205553be9167ffbc22b7c2e7698f3afa10754cb44d4b1d45b837303b1669073415a22606b50f21f8265e139f2305ac0e0127ae056ce8abeaba20e1d269a2b2e899c49547268a0696ae450dc0267f7f63a8edf074c47d3c2db1da36393737304e6dd4faccdb6ab55e5f8520c3dff5f6beac30ba85b86082351e3ded8400aa57f650c0c33036d65b39b7d2fb6112863d59b72558242e8b045addd357de6fd37a8f6611765c9b5ff19cc4db7e117c65a00458908b0245d04f7908fc73b165dff6e4be4b42032d8cfd7d6f7772c1bfe721d4bcfe2fc527998f34fb4418a1fae1e6c3767c4d0780621f923da1f0a0d3d219c036acfd3709dad4cf24d90bc691d700e6a9c80ccfd10bde8e791c0fea82880c07baaaa311eef79240784f628a7d2a09184e016f81008e77429a8658b153e44e79a98ad248f7fda23b590d646d7c1d841f4927d6e8bc73214d10a7f3c29c8f839a8908d20a74e827af467ac5abf0f1d0ed39cddd969dde9eeb4a4b7527ab3e2475a195e24474a4e36b09052e2dad4a5eb4691e263b8c61bbde87772207e011c4c1e14235fb24e4da438875d18530fef902619dd485d77b545abb56b69c755afe758606971ab97dd3ace1c1a34a33794c8156da799e8224d885e1868f9cb466d802c827cc3e1ecd0ae6e0b01f8f791b12208fcc0fed385b796eb2f2908b58d30b3733f1470f2e2ef12ad43feb72d0816de3c13a8b5a523e14cdf5ff3720bf87769cde7495d226bf38238a825f75a09f6bb9afce516a7bc70114370bbc40f17c7bc:f51e0f878a5a709647e85fea839fd566e6f35c8a6185d0c9eb13e0d5b9e6e8aa95c333a8f50632a4d6657b518ce4cfde40b8f5a05b2d9f8441fcc9d2d692d509b9d068bbcae7722f828b0f8c98a738e36a7df4c997c724ba27531af34a2f106c7513a44a461a9aa4309bc15c4e0d42759193ea1cdea956bb815985f57867145e9e2c7585fc8d61027e47d2d735e2448af3782909404edeaac0fd73f6045dcdb04f0377758f02204aae3a7220311c0f4723582710cc440c36c9587b5c9ebc4063fea8ca3f43195894f79a365087137282302dbf2e7a0d411ab58b7026ccde198869aa734334c05238e275e3c3ab217083495769e2fad374051452d7f5b1db0e785836d4bd5e2978a3e991af0ff716f43889a07f5df299603621c39e2cdee089985d9e6bf7b2fbd02373ae1b5e9b88f5b54a076e676d7790bfc8f57dcc59ef52850ce992a73ba7bc991deb4dde5eb0b21670b1b3d4b64f36cca8e307098568497d8916f6b5d0e9e89f99f86006f39bd3a810769c8f7801773c9638abcf5e2711b19d1167593acbe85e4161428997a2194dc5e7b7640f0d2c1eb205553be9167ffbc22b7c2e7698f3afa10754cb44d4b1d45b837303b1669073415a22606b50f21f8265e139f2305ac0e0127ae056ce8abeaba20e1d269a2b2e899c49547268a0696ae450dc0267f7f63a8edf074c47d3c2db1da36393737304e6dd4faccdb6ab55e5f8520c3dff5f6beac30ba85b86082351e3ded8400aa57f650c0c33036d65b39b7d2fb6112863d59b72558242e8b045addd357de6fd37a8f6611765c9b5ff19cc4db7e117c65a00458908b0245d04f7908fc73b165dff6e4be4b42032d8cfd7d6f7772c1bfe721d4bcfe2fc527998f34fb4418a1fae1e6c3767c4d0780621f923da1f0a0d3d219c036acfd3709dad4cf24d90bc691d700e6a9c80ccfd10bde8e791c0fea82880c07baaaa311eef79240784f628a7d2a09184e016f81008e77429a8658b153e44e79a98ad248f7fda23b590d646d7c1d841f4927d6e8bc73214d10a7f3c29c8f839a8908d20a74e827af467ac5abf0f1d0ed39cddd969dde9eeb4a4b7527ab3e2475a195e24474a4e36b09052e2dad4a5eb4691e263b8c61bbde87772207e011c4c1e14235fb24e4da438875d18530fef902619dd485d77b545abb56b69c755afe758606971ab97dd3ace1c1a34a33794c8156da799e8224d885e1868f9cb466d802c827cc3e1ecd0ae6e0b01f8f791b12208fcc0fed385b796eb2f2908b58d30b3733f1470f2e2ef12ad43feb72d0816de3c13a8b5a523e14cdf5ff3720bf87769cde7495d226bf38238a825f75a09f6bb9afce516a7bc70114370bbc40f17c7bc: +f5e8597eac0ebfa9d385de85a1fbaa35146395b13457b5b14d3670daca6905e7ce93e642c2f15084bc83bafdaa196763de2a3c513b0e44f68ddbde378514c441:ce93e642c2f15084bc83bafdaa196763de2a3c513b0e44f68ddbde378514c441:273341f219ff5cf381c77b2dd226c58f8f33c4527048cb006affef8cee151e300efef629fed21b70451f729292627d1f3f1b5257359ee5a671cf62ae57324940f2d0b15aac76ff398220c08024e29a8cf36504e12a4e96438f42c3da0c000541bc11f091381b0b72b58a92083f446eca1991996878de35081cc4ab90958c96cf5c99796cba7951ee186f26527aede69db304ce2941ba15cc00ba2f1411f208dad45e87bcf638792de0a68624b667297c27a343db4baf34a0228eaf0d1022009b5d068b2534d920302e71310febf0df1bb02c2ef0ad1ae149deadf8c184373c0f7eb6b25695be82d12c71b6c83267d9a233667e77bc205983f8b8d877d85aead3f60e820ffcb17adddd92a7712bbeb34ee71966dafd9907d193dd9d725a31a613d29e32be72132808926d9437477fee25eda610aeb1dce12ea316c6aec6689e501c551923825a34b42c4f0675b86ab26adeea2e60dae6c6d1cdd0cb3c347b16384039a8e3fd6087381387cb4bc72ddb5f25b374859b02e5bb1ba06d3cc69ec44cec4b985c8476e35032e99abf001a1d44ddc6e2889c3c2c3ecaced609b2b2680e00b1efa7e9d26d62f2b3ab36f921044790abbd49360756dcffccf230f66dbb701aa164dad6069aa2b8b3309f2fe44d5e0b25bd556431f0df4c2ea97ae79ed4a57578d66fc6939c57628a90cac97adfa8702a4a1c8965ba1a90262567286664003003533cc9314caf7d3b982e0a432ff5aa4ed5741983d9b54323ac7e299b2b4956c1a2c191557b27d86be714b5b68fcb1d41f78ca5ddb6b53b3dfc8e7d6b3c3db059af9f2dd765ef04b6d16e6737c727aa11f3df3774a3fc96182e282acc3d233eeabf8c72d3f246ae184505288fef39b36766b10dd1bfbfbfa70f97b3c901726d1e0d0a837d11f0123a34abad1a79aabe80b125b128ee160b511848f7f04c49c8d5c2f2041da7d9599c29b1dac8c68077efac3eca58bbc1637aadce21c774fea42d2bcf4a0b9892307e36fa250acee795ad2bfecfbf60319b81663e2a26571946f75a8d969af16b3b57c3ec3e66158aaf42ccf5e58b937aaef613318606603317e5aa318be70f8da3c0c16be6c29e3ec9fef4e46e8ca241d941d58049a063d90afc953ca32e8a50a6473632588ac41eae97f20ce9b741ed41c9a4aa6551fd823ce0c811a5bb5a171c1ea4238a0246811e469cf498b79621c323eba7985344fe11e67499edf4967491aa749f8f3fe39961d76892c93aac3b19fa4b4fc174d7d4d4d8bd6ee475475008:576543fc21ab0a7c5f63b1cff01bf845df91792e7a9750c5508b51665e7f89f17c6ec3355a0aed87db8c77bdb271fbedc714ffadb78b5e0f978116771ba7cf0b273341f219ff5cf381c77b2dd226c58f8f33c4527048cb006affef8cee151e300efef629fed21b70451f729292627d1f3f1b5257359ee5a671cf62ae57324940f2d0b15aac76ff398220c08024e29a8cf36504e12a4e96438f42c3da0c000541bc11f091381b0b72b58a92083f446eca1991996878de35081cc4ab90958c96cf5c99796cba7951ee186f26527aede69db304ce2941ba15cc00ba2f1411f208dad45e87bcf638792de0a68624b667297c27a343db4baf34a0228eaf0d1022009b5d068b2534d920302e71310febf0df1bb02c2ef0ad1ae149deadf8c184373c0f7eb6b25695be82d12c71b6c83267d9a233667e77bc205983f8b8d877d85aead3f60e820ffcb17adddd92a7712bbeb34ee71966dafd9907d193dd9d725a31a613d29e32be72132808926d9437477fee25eda610aeb1dce12ea316c6aec6689e501c551923825a34b42c4f0675b86ab26adeea2e60dae6c6d1cdd0cb3c347b16384039a8e3fd6087381387cb4bc72ddb5f25b374859b02e5bb1ba06d3cc69ec44cec4b985c8476e35032e99abf001a1d44ddc6e2889c3c2c3ecaced609b2b2680e00b1efa7e9d26d62f2b3ab36f921044790abbd49360756dcffccf230f66dbb701aa164dad6069aa2b8b3309f2fe44d5e0b25bd556431f0df4c2ea97ae79ed4a57578d66fc6939c57628a90cac97adfa8702a4a1c8965ba1a90262567286664003003533cc9314caf7d3b982e0a432ff5aa4ed5741983d9b54323ac7e299b2b4956c1a2c191557b27d86be714b5b68fcb1d41f78ca5ddb6b53b3dfc8e7d6b3c3db059af9f2dd765ef04b6d16e6737c727aa11f3df3774a3fc96182e282acc3d233eeabf8c72d3f246ae184505288fef39b36766b10dd1bfbfbfa70f97b3c901726d1e0d0a837d11f0123a34abad1a79aabe80b125b128ee160b511848f7f04c49c8d5c2f2041da7d9599c29b1dac8c68077efac3eca58bbc1637aadce21c774fea42d2bcf4a0b9892307e36fa250acee795ad2bfecfbf60319b81663e2a26571946f75a8d969af16b3b57c3ec3e66158aaf42ccf5e58b937aaef613318606603317e5aa318be70f8da3c0c16be6c29e3ec9fef4e46e8ca241d941d58049a063d90afc953ca32e8a50a6473632588ac41eae97f20ce9b741ed41c9a4aa6551fd823ce0c811a5bb5a171c1ea4238a0246811e469cf498b79621c323eba7985344fe11e67499edf4967491aa749f8f3fe39961d76892c93aac3b19fa4b4fc174d7d4d4d8bd6ee475475008: +cdadc5b89cb2b6308a006f2f4e955a91aaf3ba70165f2d444ef1ffebbdaaa2210541415ff5467f28ceac839b13a1766e72c99e6545207d9d5d9697411eb6bca7:0541415ff5467f28ceac839b13a1766e72c99e6545207d9d5d9697411eb6bca7:911727036db309d6e2e3369e4f17d98d99ec070c33283bb1244efd62e76bd70a69b9723bd2b520472b98aa065924366de780900bcd8b77b50f87c3c36187024bbc59ccf4482c7b4aadb56e2e5ecc0003d989d6afc63ec10242e57482fe39215261d5fc95a0185f95e9540c55f74d696048bca7ab112681a5558ea93c3b1f1cd364659e9433ceeebe054ee713c47760d7ad132a7f3f8fe3d5041b811a26b65efb1f340e181a4ec720ea136b3af3d9e5461dd24370336f10e6354c8c17acf9998544cec0873efa687cb132aecf70aebbc567ba03c536499ef96cc8412e7aaad5bf96422be47cb9413645df2c1703192347dcbb123127455971ae157e9fa2dbff88745a96c658b865e41f55aebf98395005ddcbd5983e6ae02c4fbb5e17916796325f76edf5b64afa4ec5a7418afed23a97efade68b6a5b3145f08a5d3db9c298a512fabdac68562b3f55377ff44b00c1c2f3efd18132da71f971a953a9318c57523361a160f9b7e3b51c524e95dd5ef4568ef18a800775e9d26e07131942d2be4ef22c0cbc13df01c68b1bcd3bce9bd51c4ced652adc4007be43b37c67a5c55ed4029e8ad15def8305c968621aed4cd4bfe079a6f48884d85680392ca92ba6e12fea6f4a056f79d67b19b05f90d684be7d45725f7967c6a467af43b86a6b1b9d9eed3a4248971c76a7ac29c292dfba4d75c5f7ba709a39058e96adf6dbd760d3cef4024bf3edc441efbf1147a2c108bd6f9eb439c1c5c4d3a6ea4ec3d92cef38136188bec9e0b6c0518d8b79ba59c5dcba393aedfdffb0b70d779c2b9765ce4452e7e3b08c4402b1a608320840fbe96d1eb8656eb1c20d9551ddf533b9f15e4eb5783756c53ddd3b14d807f838ac9680f89f1adfb78d68ccb06731a90beac5f0d709d5b88c75437a663cb962d37f96b8e8928477b5611228015d337f049e8b62e4dff8d0bb6cda24a5df9083e348bef12585f5f4c4d3bb3c7e78d550194a45251a0879a1624bf9dd35eb655c3939fea8909f6df395bebd02b68a17a897c9aaddd6e2e20461e303f57cdeb00ae0f23e60a94c19c771d8aa60533b93cedc1b76d2290a01bf43b2725f125befa575154e986c9c6205a1596cbaa2d13470c23422f2df7bece4e6ebd752e9389ae60857b52969d2ddefa9c034f1bf35ae3316304e949c8990820e26e6cffae4b388d1505f923706297f8db556537919ebbe3086023f12f4ded3b11acf2a6d973ddd8eb27b07c580bf448caa5a2ea116c5eaf36f7a6b17a85b3955dc8a44a620d8:ffede701eb1829ce2361cda2c8bb63338539d8ad2f6677585531e7bf1d3922382679a1ae84ffeb753fc9754e50c01852f955e3fd609ff64bf05bbe7075cdbe00911727036db309d6e2e3369e4f17d98d99ec070c33283bb1244efd62e76bd70a69b9723bd2b520472b98aa065924366de780900bcd8b77b50f87c3c36187024bbc59ccf4482c7b4aadb56e2e5ecc0003d989d6afc63ec10242e57482fe39215261d5fc95a0185f95e9540c55f74d696048bca7ab112681a5558ea93c3b1f1cd364659e9433ceeebe054ee713c47760d7ad132a7f3f8fe3d5041b811a26b65efb1f340e181a4ec720ea136b3af3d9e5461dd24370336f10e6354c8c17acf9998544cec0873efa687cb132aecf70aebbc567ba03c536499ef96cc8412e7aaad5bf96422be47cb9413645df2c1703192347dcbb123127455971ae157e9fa2dbff88745a96c658b865e41f55aebf98395005ddcbd5983e6ae02c4fbb5e17916796325f76edf5b64afa4ec5a7418afed23a97efade68b6a5b3145f08a5d3db9c298a512fabdac68562b3f55377ff44b00c1c2f3efd18132da71f971a953a9318c57523361a160f9b7e3b51c524e95dd5ef4568ef18a800775e9d26e07131942d2be4ef22c0cbc13df01c68b1bcd3bce9bd51c4ced652adc4007be43b37c67a5c55ed4029e8ad15def8305c968621aed4cd4bfe079a6f48884d85680392ca92ba6e12fea6f4a056f79d67b19b05f90d684be7d45725f7967c6a467af43b86a6b1b9d9eed3a4248971c76a7ac29c292dfba4d75c5f7ba709a39058e96adf6dbd760d3cef4024bf3edc441efbf1147a2c108bd6f9eb439c1c5c4d3a6ea4ec3d92cef38136188bec9e0b6c0518d8b79ba59c5dcba393aedfdffb0b70d779c2b9765ce4452e7e3b08c4402b1a608320840fbe96d1eb8656eb1c20d9551ddf533b9f15e4eb5783756c53ddd3b14d807f838ac9680f89f1adfb78d68ccb06731a90beac5f0d709d5b88c75437a663cb962d37f96b8e8928477b5611228015d337f049e8b62e4dff8d0bb6cda24a5df9083e348bef12585f5f4c4d3bb3c7e78d550194a45251a0879a1624bf9dd35eb655c3939fea8909f6df395bebd02b68a17a897c9aaddd6e2e20461e303f57cdeb00ae0f23e60a94c19c771d8aa60533b93cedc1b76d2290a01bf43b2725f125befa575154e986c9c6205a1596cbaa2d13470c23422f2df7bece4e6ebd752e9389ae60857b52969d2ddefa9c034f1bf35ae3316304e949c8990820e26e6cffae4b388d1505f923706297f8db556537919ebbe3086023f12f4ded3b11acf2a6d973ddd8eb27b07c580bf448caa5a2ea116c5eaf36f7a6b17a85b3955dc8a44a620d8: +2ddd79e76064c2e6b322afb0c5c685cdbec62821cdfc0cb14db7d01ba3bf21a5f55b4ab64a2582212b96ccac0640e271944a34a286d035833045810e341824bb:f55b4ab64a2582212b96ccac0640e271944a34a286d035833045810e341824bb:a56674a1e1f09795251abe54ab43c298208fefc9bb9176fdb23e1e9f60f032647915567ebdcc2b869edb7055f4aba67ecfe7fa19eda45c06047c7a51848be9973251f85ff76f1c59e3654382858c9be123db8a9490c6c9b309b82d1e2ca6f4a07d00120283c6c295644995a96628612b8d6791573518e2556a688a09f149bc846a68bd0ef79279035710031ef0a8fed1dd0bf026125dc6648f86f64309942e18f23b12d1dc68c6f2770ca8b5485b369b0c92007a9461c139fcbb41175f316d4467060ab43d1222f5802404bf63c2df7e004bdc400ca80fe0d2cb68a210fbc3fc0b903209d5476e7a56baefb8fad7f328b72f327113e139414ba6f34e99c2eccde044e7a3ac70c580cd26c7450192ca4c823c7ac5eae876c0d1c8c768c1cb0b7ea41fc9b7d29437bbadab18e0f5ed1defe0cf6c0ebaa6b6d777f4dad9abddbfc0fd6ab5eeea803cfa01c0bd46f65fefa46901abbe0d89104e3bc4aee1f0599c69b67ba545ab9b54f5dee340ac69d88299e86822acddddce601122012f99299774aaf17c964edecb95e1277d462de64e9115a61ad98aa3d22e3ba6f8f1cd69b6b52b83382823f30e966bdad1ff5fc198ae32e9b68055d4392bc7c3df1015f128aee1e4fa3d4999e329f22f0ff6aa778bae0294a1df7436cb16a2bfcd74b463abe7cb4bac5362c89c9d1a378a2cb885cc3b26ab4be881ef1afc14430e10d26539ca358c3676286ad81ce1c9e78592af66f182bb1f7f862fe755bffb5be5c5f2b731c132e2388a76a1a7b1cddf05aed2ac9ec408475271942ccadd32e49d8791edf8b8de117551ce264a60b84105eae87e66f6a401d1322bb21a98e8acd277493254e504004f72c76e7903d2fa38fab717e94ce627947c4ea326bd2575c37310f3b4d843b90fa77d32d9952194150b62f850187a4fdf38466dfa0656c0a2e0b3f07492ac8e37e5d0df95cc89df3085a269291dc2512210d3fe44248d7ab996be099af64c22756666f8dea56c00b90677d1182500dd274fd0769253826d677ab16a557b08b3c52265498d85c4cb2b600ee0481b7c1c476a9daa8b88c71fc21b6f89bfdfece58da9e8d565652e4395bdf4c811b4f4f22d2b9613261f88c604c2974d3e977d140d046e1b6625b7071640d352cb7e7e65d46c613447be8dc5a200aa9acab46afccfebb6b1c31973246c34faaf8d26ea5e83be15718f8fdb0cfc444e2eb60f3659b020161c228e6b9240b7ac394cab812de10515766f22473ecca535594ce528a57cf5dab2eb32ab84:a4c396e19dd42e039184cd251188ffa245f0367c69c02d12474e5ca9e5c768a7ee3a3d47eb22d1ac9e04b704a74f416947f3f49a3242594e7b6390e82b60d505a56674a1e1f09795251abe54ab43c298208fefc9bb9176fdb23e1e9f60f032647915567ebdcc2b869edb7055f4aba67ecfe7fa19eda45c06047c7a51848be9973251f85ff76f1c59e3654382858c9be123db8a9490c6c9b309b82d1e2ca6f4a07d00120283c6c295644995a96628612b8d6791573518e2556a688a09f149bc846a68bd0ef79279035710031ef0a8fed1dd0bf026125dc6648f86f64309942e18f23b12d1dc68c6f2770ca8b5485b369b0c92007a9461c139fcbb41175f316d4467060ab43d1222f5802404bf63c2df7e004bdc400ca80fe0d2cb68a210fbc3fc0b903209d5476e7a56baefb8fad7f328b72f327113e139414ba6f34e99c2eccde044e7a3ac70c580cd26c7450192ca4c823c7ac5eae876c0d1c8c768c1cb0b7ea41fc9b7d29437bbadab18e0f5ed1defe0cf6c0ebaa6b6d777f4dad9abddbfc0fd6ab5eeea803cfa01c0bd46f65fefa46901abbe0d89104e3bc4aee1f0599c69b67ba545ab9b54f5dee340ac69d88299e86822acddddce601122012f99299774aaf17c964edecb95e1277d462de64e9115a61ad98aa3d22e3ba6f8f1cd69b6b52b83382823f30e966bdad1ff5fc198ae32e9b68055d4392bc7c3df1015f128aee1e4fa3d4999e329f22f0ff6aa778bae0294a1df7436cb16a2bfcd74b463abe7cb4bac5362c89c9d1a378a2cb885cc3b26ab4be881ef1afc14430e10d26539ca358c3676286ad81ce1c9e78592af66f182bb1f7f862fe755bffb5be5c5f2b731c132e2388a76a1a7b1cddf05aed2ac9ec408475271942ccadd32e49d8791edf8b8de117551ce264a60b84105eae87e66f6a401d1322bb21a98e8acd277493254e504004f72c76e7903d2fa38fab717e94ce627947c4ea326bd2575c37310f3b4d843b90fa77d32d9952194150b62f850187a4fdf38466dfa0656c0a2e0b3f07492ac8e37e5d0df95cc89df3085a269291dc2512210d3fe44248d7ab996be099af64c22756666f8dea56c00b90677d1182500dd274fd0769253826d677ab16a557b08b3c52265498d85c4cb2b600ee0481b7c1c476a9daa8b88c71fc21b6f89bfdfece58da9e8d565652e4395bdf4c811b4f4f22d2b9613261f88c604c2974d3e977d140d046e1b6625b7071640d352cb7e7e65d46c613447be8dc5a200aa9acab46afccfebb6b1c31973246c34faaf8d26ea5e83be15718f8fdb0cfc444e2eb60f3659b020161c228e6b9240b7ac394cab812de10515766f22473ecca535594ce528a57cf5dab2eb32ab84: +3abbdb0ba11aa1063bd26b02c116037862285babd215d240bc9c0926f4ecea81b8fc59438f8ce9e3785a473b22c8892c51eac2568c681dcc77b6f0e0799c4e33:b8fc59438f8ce9e3785a473b22c8892c51eac2568c681dcc77b6f0e0799c4e33:dccd55f922cd274f6975000adc8d98630c6d752c1202a9dd121048b93945af2b1110967788f99ec028e3d3b4cf82fb07173ea4401e3bb4b07b7b0b24b059a766339532d9df3e31b72c958c119d8dfa15a507af6c5f7e78fe270fa81b9df0f2e4af24bd99fbeb14e0033084d7fbf84ddedfd5ce56751d15908475df8af013d091173c1386b9139426cc6081ea165b8ce48194b8e18a9b91a4631344fe29c8e72818b71fa15c9292d13fdf5f9d18e29bd0291b8138de738fd3a36c35239022368b456f1facba90a0d80d6e311c5f6c6f04677e92373a5fc4738894dbed206c30da341b3b196c947858a6d2adc68aac3f20cfdbe0497961dae33470266d17ec719a59f0586f82f99f1c90ed7005a207219a55edc760f4eb8f2402647f6f77971ff7b634357b6b29bbd7ea05e2e25854e99c620f4b8b64739022ff0b338afef35fb6f41a53629a518eb93d66020fb353aef8dd071e09c916d4704acdf776b38ca9c59f211ff88c430a57e8f1713923b3f30ca86970a14a52db4bcbe60df4bc3cfdf254bf10f8afae87bd61b358f43cc296c0412964c4e00f71213397468517cb01379cb729c7b9e35bd50bdd98c3d3b76297a138b57ceb6c77742df0881d07668c08a630a44e6ed7eb206d6a56440710438a5111424b61aaeece40e900f5e3c457e9d6e31a79ec5b4b42b68e66e199309287cad65336fc7fe43f43cd8c773d3c6580d7217e2cabecd3eabc485c4acf47718c39b02c7858ff347cec7535eddcd4fc815df814569a88ae70f2733a6539f208c79cf4e7c4f9ea241a92e9515171361418a4c2e53c076aaabc47e4c971bd04b100c26282308857e06e7e5fbc4342564fb3b1ea4a17a925e91ee69122321d392b246965b86b54fd5c83fa5c474163f98a9f447d88cb59fe2cdf9f5412fcbeb3effac8976791c6a47b669a2fc55abe8e09e74157efcd1ca78fc10fa687010c6826c6e896ef5cd71d0fe4d1bd07c10dac3b03485edd2569a7eecfbc4e5d2ee2379859e265267bedaad69d93b7c1bd18f27ea42483c7e4100ee05b283039bfb9891d37c467ed83b88c794eab6bab9dc677892650e2d896fbfec1b1cdb721be30b0b8e5358709e165cbe3a182c93bc0a0cea2f8cf3a6257adf764534041202241a5279b668e40125fc094585a3c588aba82b67cd91d483e54300428426863a42364049d7c45a169385aa89bf377f0d32b07809b5871395ec053a257d93e48bbf407eb6091401e256546e31f9fcd24d2c5b333cf65785002f08d548db26ad1f3:981f20055a457525aee5616264e6af42e8b387cb08f8b4a73f9be0b366f1035bb30a1c874894cbece0a846d849b7ecc556585d0d3d395645807ff2a3ca5a590cdccd55f922cd274f6975000adc8d98630c6d752c1202a9dd121048b93945af2b1110967788f99ec028e3d3b4cf82fb07173ea4401e3bb4b07b7b0b24b059a766339532d9df3e31b72c958c119d8dfa15a507af6c5f7e78fe270fa81b9df0f2e4af24bd99fbeb14e0033084d7fbf84ddedfd5ce56751d15908475df8af013d091173c1386b9139426cc6081ea165b8ce48194b8e18a9b91a4631344fe29c8e72818b71fa15c9292d13fdf5f9d18e29bd0291b8138de738fd3a36c35239022368b456f1facba90a0d80d6e311c5f6c6f04677e92373a5fc4738894dbed206c30da341b3b196c947858a6d2adc68aac3f20cfdbe0497961dae33470266d17ec719a59f0586f82f99f1c90ed7005a207219a55edc760f4eb8f2402647f6f77971ff7b634357b6b29bbd7ea05e2e25854e99c620f4b8b64739022ff0b338afef35fb6f41a53629a518eb93d66020fb353aef8dd071e09c916d4704acdf776b38ca9c59f211ff88c430a57e8f1713923b3f30ca86970a14a52db4bcbe60df4bc3cfdf254bf10f8afae87bd61b358f43cc296c0412964c4e00f71213397468517cb01379cb729c7b9e35bd50bdd98c3d3b76297a138b57ceb6c77742df0881d07668c08a630a44e6ed7eb206d6a56440710438a5111424b61aaeece40e900f5e3c457e9d6e31a79ec5b4b42b68e66e199309287cad65336fc7fe43f43cd8c773d3c6580d7217e2cabecd3eabc485c4acf47718c39b02c7858ff347cec7535eddcd4fc815df814569a88ae70f2733a6539f208c79cf4e7c4f9ea241a92e9515171361418a4c2e53c076aaabc47e4c971bd04b100c26282308857e06e7e5fbc4342564fb3b1ea4a17a925e91ee69122321d392b246965b86b54fd5c83fa5c474163f98a9f447d88cb59fe2cdf9f5412fcbeb3effac8976791c6a47b669a2fc55abe8e09e74157efcd1ca78fc10fa687010c6826c6e896ef5cd71d0fe4d1bd07c10dac3b03485edd2569a7eecfbc4e5d2ee2379859e265267bedaad69d93b7c1bd18f27ea42483c7e4100ee05b283039bfb9891d37c467ed83b88c794eab6bab9dc677892650e2d896fbfec1b1cdb721be30b0b8e5358709e165cbe3a182c93bc0a0cea2f8cf3a6257adf764534041202241a5279b668e40125fc094585a3c588aba82b67cd91d483e54300428426863a42364049d7c45a169385aa89bf377f0d32b07809b5871395ec053a257d93e48bbf407eb6091401e256546e31f9fcd24d2c5b333cf65785002f08d548db26ad1f3: +8a44d6afc6c8eee1bc7d5f69e495b0b18ca7aee007dea7cf0d1714d785a9f4edd4f366b3377fa39b36f9ae14da404e2240490dbd8d796b1ab872dfcb83a59540:d4f366b3377fa39b36f9ae14da404e2240490dbd8d796b1ab872dfcb83a59540:de80326966536ce94996af2de7a07605cc4fcb9e75ee0a67a1e20932111de9b356d5beeae86cc5f564c10d66e3de95a5b99e844928ea8e77586cf3c10ad3633ddeeb1d9dcf3f94b70bf1ef63d238df204d705c0b174f83282545f5e4075f8d69a48179c29eabf5c1742ef39e1ad963bebbb66fce9491a984651215c2e750e6ee8365766440a84419e52dcf671f1c52eaa2b9902bcca4b37cffdbac8e7e7e6b0a5c8748efbf452df6163f4ca07b61f9a05ec20a2bd633389e670bb5454acd6f3a06335b5da9ec326264e962c7d9d06ce7e9ff04a0a5bbdfaa4c410866a572011651439f2dbce5dee667924ac4934d205496bd1d4df08bd0cb3fd2de73a2ef342ff0091e10e15b3b760a575df93cf1c97c01c5ab11c094bf34878206718f6b285aa5cc5127bd7f988b84a90495306fd9e99d8955e668d1a3ff10f65b7c479fac24119a3c10122d4d18a805b247df168c0a5100169b5572d17012d751a42e83376115e11561c160c15efad76d21f7abb430366475238631f84c88f838b0ac404c913d2fa12450238485c302fc201f44151c19bcbdc1190c12d1540831fb19581cb93172b0d2ff5c65f31caff20f813881f84e5ef9d5c165e096d254cadf895249aab8d4496c940a40f907bd40935a94f5e55b6dd051154100fe331770eff2bad6545619b8a33ef6462a50c0b2c4ed2fba4e4e383ebf2932e6192766a4aad1d6e2b692d9f2bdc23393e8aacfba323b534f84edf2dced7c94d51687daa27198a9144b312b716fe17014a7bed0c14a2438733d555c6564c8c1a3d997ebae7b3de8877af53c1d1a5029158a80aa0c87489fef270cdffe10d34b15c1a9693ae0390243e314cfac06ef6eefebccf43d42eac24ce9879429d2fc7253b3ed175825bc4da0762b4933a98afdb94b06f4fcd2ad3611aa999d7c1c8d852d01dd9e52648455a04eb2330a76fd942c531e514b5ec0728a89d34ca590ea99c88faa20dfb7bbf65654aa6c212beb8ad6bf7c777391cd49c39cf8ab51b95b419e3dfc8d94a93a1ef0223c6de90bf96218d8045bd4952a0d8372a5578c6aafa74ba662e3188e6a6e567e4d2fe8227d0743982a41ebfa0d310fe79fed27041790efd5afac2243e1d150b145015d9deab0eded6394ac36fc5fb201f5204fbd422a3604233015bb0a48a920e2e5e0d4deed672025f23cfba93889597e504c8887add46cfef4024afb8a26eeb7dcddb2397b44a1796367340042137028c3307626816c2931e61ebb6b69edcbcb612c9b181a285301ce46f82f:e0727eb72e84d2b82cdbd0a6bd2f49496316aae8351e4902acd5e3cc57346e7ebafdd92a90ded76fd0c6690d68bb2fedd613e44fa222be0126da520acc2c4105de80326966536ce94996af2de7a07605cc4fcb9e75ee0a67a1e20932111de9b356d5beeae86cc5f564c10d66e3de95a5b99e844928ea8e77586cf3c10ad3633ddeeb1d9dcf3f94b70bf1ef63d238df204d705c0b174f83282545f5e4075f8d69a48179c29eabf5c1742ef39e1ad963bebbb66fce9491a984651215c2e750e6ee8365766440a84419e52dcf671f1c52eaa2b9902bcca4b37cffdbac8e7e7e6b0a5c8748efbf452df6163f4ca07b61f9a05ec20a2bd633389e670bb5454acd6f3a06335b5da9ec326264e962c7d9d06ce7e9ff04a0a5bbdfaa4c410866a572011651439f2dbce5dee667924ac4934d205496bd1d4df08bd0cb3fd2de73a2ef342ff0091e10e15b3b760a575df93cf1c97c01c5ab11c094bf34878206718f6b285aa5cc5127bd7f988b84a90495306fd9e99d8955e668d1a3ff10f65b7c479fac24119a3c10122d4d18a805b247df168c0a5100169b5572d17012d751a42e83376115e11561c160c15efad76d21f7abb430366475238631f84c88f838b0ac404c913d2fa12450238485c302fc201f44151c19bcbdc1190c12d1540831fb19581cb93172b0d2ff5c65f31caff20f813881f84e5ef9d5c165e096d254cadf895249aab8d4496c940a40f907bd40935a94f5e55b6dd051154100fe331770eff2bad6545619b8a33ef6462a50c0b2c4ed2fba4e4e383ebf2932e6192766a4aad1d6e2b692d9f2bdc23393e8aacfba323b534f84edf2dced7c94d51687daa27198a9144b312b716fe17014a7bed0c14a2438733d555c6564c8c1a3d997ebae7b3de8877af53c1d1a5029158a80aa0c87489fef270cdffe10d34b15c1a9693ae0390243e314cfac06ef6eefebccf43d42eac24ce9879429d2fc7253b3ed175825bc4da0762b4933a98afdb94b06f4fcd2ad3611aa999d7c1c8d852d01dd9e52648455a04eb2330a76fd942c531e514b5ec0728a89d34ca590ea99c88faa20dfb7bbf65654aa6c212beb8ad6bf7c777391cd49c39cf8ab51b95b419e3dfc8d94a93a1ef0223c6de90bf96218d8045bd4952a0d8372a5578c6aafa74ba662e3188e6a6e567e4d2fe8227d0743982a41ebfa0d310fe79fed27041790efd5afac2243e1d150b145015d9deab0eded6394ac36fc5fb201f5204fbd422a3604233015bb0a48a920e2e5e0d4deed672025f23cfba93889597e504c8887add46cfef4024afb8a26eeb7dcddb2397b44a1796367340042137028c3307626816c2931e61ebb6b69edcbcb612c9b181a285301ce46f82f: +8a972dd0f1190c2b9d548f4ba58264bb04826775502a8d5c2b209ee88dcea5fb6d80375f3cf1aab283551df445d17e7d3baf9bcbecbbb267052e02fdb69144d3:6d80375f3cf1aab283551df445d17e7d3baf9bcbecbbb267052e02fdb69144d3:30b28948939aa263437e45c5c0254fb20e617ed0f3fa7dace5a0a8e0fe3c1fc4adb2809b61c5e8d92cd2f3de93b173be707bada94240c6262c160e8c782165beef99d0be8ecdad6316dcd734bbb90a66cbd5b1cb4fd8f2226cea948e4df76bbe251d478f5c3fe0d6de4be54f67f502b2804f628b79a550fb1ac483ad2ba16637c4bc9da67fb4f98659c4c4394d16b6d14b3e0b0c1e625d710dcc1c11df5d34147b1ec5a417b9e21f908cfc523d43e3f181c7209cc56bdb5a21628695ed320f8d4c07fd6d84aa03426f21644aaefeeec311c74e9499936047350a9bf5b703962e77ce551336835fc32ccbd2c90ae52e24d47d8dcb987abd121d3f746b5de230f26469603fb0c4a8f6cd7973d7da882ed1d6e4d9c5a46ec2c21940ad3389a186014ee97278e5350988b15ecd9ea7456b3cb55e4d3093f13a875b50d6516378ecaf58d752c6374ed15638409311fcd379d122c8d8c59b86f4e8dc46adb730a933846e0bd248d3608252d970b504c813c6dea9fc88a3de641956dca291204d390b6b39981f8c0a6bcfc31ca0744420662a9b35eb3fc211f810a3e8062500b1e49bdf857665ff32a9ba76194bbb77fb9c15412964244b9865f73ded9f25b49b425aa253d807d9818292763a513ec80747344fba0acfe593cc26b1330bb9ade66c4e88cf1baed6d6e7b750e6c7239d7bcbfa3fbe45405a63b96d5034cc0c07ffc3b50858081d1955e2d2fe5be5fda7a8996943768b055170b7fd52f0a32097fe1b7a94f1bf879a0cbabe10ac9a7cc1f9f55068c48e3ccc065136431018d38d20109dc95d99cc2bbe7c627ab1a8aa5f431613b790c2e6526cf04fdc9e55f51c055f3c2045a675e3a1e54ba409f7aefa7e4aa07a2bbd5e4ab16321a9f099694391fda68a74581e2f1f11dd9a6d524b1b83260db57b72ef29c28c8db5c37fd185b7c2d8455090653af332dbc82bfb0db5dccabfb6b28caa350525cb54cc84e553e1cf3954b612393e7993ff7e8bf5ece3f145094dd7a27cb47f227476f289235251f772b3ba776bb773af0cc5f786a3fb9e931a530cfbd891cb5a5dfe25169ef933cc82c9080f323961a120158e4bbd71134ef1f90108b815c289d4e9a9589ec64c05fbb42a21b23d16e2a64678aecfab65cd9a806c598103d41f7009776317831feddd1c9002d4a92204f97ba9490c61469803072102524b9df519005f98af54d60ca5ba60b55b096a4ac2b16eb9cc81973c3135d3fb6873dd9653800a22bb5d0d6117ca5d916553be39c9a3b511eb3db730:bd45b3c045850ebef7b80dd1deab48037b1346c71deaf1e58f2a7b162674f94d1ef3d4239037330bd6335fe4f0149250901f00a8e46be5fa0aaec69de06d730430b28948939aa263437e45c5c0254fb20e617ed0f3fa7dace5a0a8e0fe3c1fc4adb2809b61c5e8d92cd2f3de93b173be707bada94240c6262c160e8c782165beef99d0be8ecdad6316dcd734bbb90a66cbd5b1cb4fd8f2226cea948e4df76bbe251d478f5c3fe0d6de4be54f67f502b2804f628b79a550fb1ac483ad2ba16637c4bc9da67fb4f98659c4c4394d16b6d14b3e0b0c1e625d710dcc1c11df5d34147b1ec5a417b9e21f908cfc523d43e3f181c7209cc56bdb5a21628695ed320f8d4c07fd6d84aa03426f21644aaefeeec311c74e9499936047350a9bf5b703962e77ce551336835fc32ccbd2c90ae52e24d47d8dcb987abd121d3f746b5de230f26469603fb0c4a8f6cd7973d7da882ed1d6e4d9c5a46ec2c21940ad3389a186014ee97278e5350988b15ecd9ea7456b3cb55e4d3093f13a875b50d6516378ecaf58d752c6374ed15638409311fcd379d122c8d8c59b86f4e8dc46adb730a933846e0bd248d3608252d970b504c813c6dea9fc88a3de641956dca291204d390b6b39981f8c0a6bcfc31ca0744420662a9b35eb3fc211f810a3e8062500b1e49bdf857665ff32a9ba76194bbb77fb9c15412964244b9865f73ded9f25b49b425aa253d807d9818292763a513ec80747344fba0acfe593cc26b1330bb9ade66c4e88cf1baed6d6e7b750e6c7239d7bcbfa3fbe45405a63b96d5034cc0c07ffc3b50858081d1955e2d2fe5be5fda7a8996943768b055170b7fd52f0a32097fe1b7a94f1bf879a0cbabe10ac9a7cc1f9f55068c48e3ccc065136431018d38d20109dc95d99cc2bbe7c627ab1a8aa5f431613b790c2e6526cf04fdc9e55f51c055f3c2045a675e3a1e54ba409f7aefa7e4aa07a2bbd5e4ab16321a9f099694391fda68a74581e2f1f11dd9a6d524b1b83260db57b72ef29c28c8db5c37fd185b7c2d8455090653af332dbc82bfb0db5dccabfb6b28caa350525cb54cc84e553e1cf3954b612393e7993ff7e8bf5ece3f145094dd7a27cb47f227476f289235251f772b3ba776bb773af0cc5f786a3fb9e931a530cfbd891cb5a5dfe25169ef933cc82c9080f323961a120158e4bbd71134ef1f90108b815c289d4e9a9589ec64c05fbb42a21b23d16e2a64678aecfab65cd9a806c598103d41f7009776317831feddd1c9002d4a92204f97ba9490c61469803072102524b9df519005f98af54d60ca5ba60b55b096a4ac2b16eb9cc81973c3135d3fb6873dd9653800a22bb5d0d6117ca5d916553be39c9a3b511eb3db730: +12380c45a79ade0f483c881aaa3730438b083590f404dc9e601f7615f375a628d66fc59ae917f76d24ce8ab8ee03fbcb715d5eea4b08392b591e648591c73c89:d66fc59ae917f76d24ce8ab8ee03fbcb715d5eea4b08392b591e648591c73c89:684523c2e7fa8b4bd7548c4bacaa8678a330dbbb960632940166b2cc9afc1535c80c112c8dc4ada7629233fe909055237d513e292af15ad7692f115aa092da657532f51899c3f7f5d9d407ed5c163eb3950480a4122a0992981f077bc867f906075407ba9849c4ea0473ce540a796744efa3860378e1b89343e583d0807e5a67c4d5bd7ce64129fe902b8cfabd2c21fa3d2a10e9bf9ea5e5473ae250c9160509972678f9a740e6cadb3b52f502fa616cffae1def893d54e41e54d326464c9f435c63505fb15e3eeaf5021c65dcd010f840aab317c8605dfb1a0c8a3d5549861b69af2c93d86c981df3a51c5bf5785c2f852610e44fa4ff1c7161152e5618384744fe83babf0bcb7561789a023125f6242a183cac9549c932733a868aa182656e2ba0a8c0be106996a85cebf1bdad123b982b4e055510879482021daea9d8f26c588e6cd10126cb3196880356bee8f298bca306ec5699c7576b765087c253a60214010c6ed70d871cfc8738018a0edb57f106b4218d855eab2c91f39f858b3f25905631a0eee29856fd34f7b8c9ba51c1c4c6a735d6c7a13d220d7a566c3f506c72bc7417ab37f0d6d796ffc71df9dc7c6e137da56b7a3e10cf0b1abb3ffb70bc66293b5d75b405ed8bec0d6fcd06925c381168ac188d0b8a1af0839f5bde843b6991e5a5d6cd66fe6b0fde867c086ed43876919a1b7233d8d7e1d2742f61c77d8e5991689c8328676655b76a3750560e75d1c7e85e3c0085059331094bba5710032cf679a525c78b31700e6d91f75294c422489297e1735943e417fcd35580582fdd0239b51146530cc09d83b28f0a1d642220dfb99bad62f39541035081d65d778ddf3239ba0e6fa9914b17b397a534cb8fd3b4ff42a8d8c8ee66153fbb1ff0fa54f7bd03278516e6341af80fcd1fcee70c359d205368ac490d75a354512da46ba7634c15b284b24477808f17633360a4b49fb3bcaa841841cf92417eb24ce482d5a24bfd2dac372231da539a05420002ff7a20c476097da06f59f03314e6059fad88c50c3baac03cefa7cd8211d2461b1660ea6bcf476838c91a10074eb4b40e6e974a945a67f6ee6904231ef04188f1ead5baf35694efe301edc7e866da23b5a6c58f01b2a52cf3ab805edc5c1368626b95b94eb4645b693ec880f2b8117a693afbdcd2482431890f410bc580530fef375879c2e46049ca891a2c3ecd6043ae80d8af346634674c6dfe905997de5d05d62009eeed277502fb5a5a3155eeeeb67348b60d89a34a7812639f541ffe:02b25174a3dd5219ed48b2c94ca212b63a6a3a2597703c07b7f0c965c3c6ac2eb450efe38716a2a28b3f89846b06ebdca4bd09aa581f24e84d80fc10ac1a000a684523c2e7fa8b4bd7548c4bacaa8678a330dbbb960632940166b2cc9afc1535c80c112c8dc4ada7629233fe909055237d513e292af15ad7692f115aa092da657532f51899c3f7f5d9d407ed5c163eb3950480a4122a0992981f077bc867f906075407ba9849c4ea0473ce540a796744efa3860378e1b89343e583d0807e5a67c4d5bd7ce64129fe902b8cfabd2c21fa3d2a10e9bf9ea5e5473ae250c9160509972678f9a740e6cadb3b52f502fa616cffae1def893d54e41e54d326464c9f435c63505fb15e3eeaf5021c65dcd010f840aab317c8605dfb1a0c8a3d5549861b69af2c93d86c981df3a51c5bf5785c2f852610e44fa4ff1c7161152e5618384744fe83babf0bcb7561789a023125f6242a183cac9549c932733a868aa182656e2ba0a8c0be106996a85cebf1bdad123b982b4e055510879482021daea9d8f26c588e6cd10126cb3196880356bee8f298bca306ec5699c7576b765087c253a60214010c6ed70d871cfc8738018a0edb57f106b4218d855eab2c91f39f858b3f25905631a0eee29856fd34f7b8c9ba51c1c4c6a735d6c7a13d220d7a566c3f506c72bc7417ab37f0d6d796ffc71df9dc7c6e137da56b7a3e10cf0b1abb3ffb70bc66293b5d75b405ed8bec0d6fcd06925c381168ac188d0b8a1af0839f5bde843b6991e5a5d6cd66fe6b0fde867c086ed43876919a1b7233d8d7e1d2742f61c77d8e5991689c8328676655b76a3750560e75d1c7e85e3c0085059331094bba5710032cf679a525c78b31700e6d91f75294c422489297e1735943e417fcd35580582fdd0239b51146530cc09d83b28f0a1d642220dfb99bad62f39541035081d65d778ddf3239ba0e6fa9914b17b397a534cb8fd3b4ff42a8d8c8ee66153fbb1ff0fa54f7bd03278516e6341af80fcd1fcee70c359d205368ac490d75a354512da46ba7634c15b284b24477808f17633360a4b49fb3bcaa841841cf92417eb24ce482d5a24bfd2dac372231da539a05420002ff7a20c476097da06f59f03314e6059fad88c50c3baac03cefa7cd8211d2461b1660ea6bcf476838c91a10074eb4b40e6e974a945a67f6ee6904231ef04188f1ead5baf35694efe301edc7e866da23b5a6c58f01b2a52cf3ab805edc5c1368626b95b94eb4645b693ec880f2b8117a693afbdcd2482431890f410bc580530fef375879c2e46049ca891a2c3ecd6043ae80d8af346634674c6dfe905997de5d05d62009eeed277502fb5a5a3155eeeeb67348b60d89a34a7812639f541ffe: +d1b3430d4e63aabfa9ef96bcbaf1fa6a9eb5219dd44df3b1a61563dffe1ccb28c28a05195245290ecd38535585ce51f3c235c5d650c8c57c2f79bb0ac0e80834:c28a05195245290ecd38535585ce51f3c235c5d650c8c57c2f79bb0ac0e80834:076c0c8762e4bc003c360a12a19598050551d16b4b8da0fb9c4afcc81adbe61995f25cbc28dca420bfa9461054d3ee00ad78183e7f26df6898af9a4d225fcab67c042e9a13525d1f75ff0e3d8da80896b728f3e2db65944ae0717d775990b59e5b70434bd4b3ee452f10ac0610570b38220832968f544d3e4d119b1d4b5015c6cdf4cf220b56b5c0ccd8e398d5e4a58da3b0e2b270a5d39b82abb7f9d27a419018550b6200ae51c84882f086ae7ea5351671b6dd960923ad6befc13409879a8df619bdf6c88a6fe1ecc0f0f3aa219fb61902be48a53df2bc66c56f1c1d17f7e6167d255165f174baa9caf53c73cbbb7cc2c7c087f43abe2aed5a21fe4290b8d67960a8a9cbc2a57abe22654dc184cff9168bb697270375fe88d5c49cf95b06cf9d0dac81fbd9c0d7b82d05ed2c3fd49ccc29404441712545f9a991e4f0ddb62190838296f967299a38607226d8a681f0a8f3c4384fd18b30257c463c0abd0f4f6f1225a51b762d6d0ac7d59cd2efd698b8d13e23d70409f6b07d695c1671cd6f59443b1db0ab35b9dc0640e4c6d1ac50475d28ef94f81790e2e5b2545514b2a49c5c2153459be540890f53bc18e4a16dcb5dcf50f37a95c606fdf48598e52af3179a2048615d93d97e0599b7088c1174bb9f15e37018f99acbce5b1302f8d8ce2ab85437feeb0caa7784dc83c9e7c36fe059906b030a86a3ded0ab9d8b73529d475e661a0808d6d3f0907f8528873f08d5748be1d69712e85262d77bdf13bfd18a5cde6f71462673ab29b1617315a9a6e936a8e81a8e43bd0f6644a5c69eaaac89bdaa99cca803833705e5afa69b3bd1d0252b854650f2199791e6aca7c75a861283216233a2633a6aeff9d301ee5cb4dd72c08a45cdae8f5458c095b22e759c43b49b98e9f4cb33d5dea879449eae73cb874c73594325ebf68c1ed4064b6f61ab2f014a2f19f32e12b33c5eaa8a29204d5eba58dc075072fe399be7d1ab1808208fb408123bdc0b4ab3130f9f706dc3eb194b605e73a32f125ae491285ce6039fb623c38b81d5aba0f5599f6c86e872486b4e9649daffe3a3d06cb073dd3bc6f4e10a18700e45722d78a6b0972dc94d5c7a7b6641757b796075719d7b8ec36a1e796fb5f8fe6f1b79a0859cb4d67cec05ed914cfa32c1ddfe218ef963436c3a1148ac2cf909df7359890657463a4ea25fed59618a0681a1217e22d64ef9d9b4559d0a0f6b3ce8d847930b232301caf44cdf7a3f18a2ac130b92cfd9c03360557b5f7c4775462a1071f70344c718374b:4cb6ff5dd706b1ae816cdbaf9e9e1edc80a66284f94652d50ec14e283b2adc592fd084337144ffa712dc34ce8e610668a65e969f05ceb54786304d0d58d31a08076c0c8762e4bc003c360a12a19598050551d16b4b8da0fb9c4afcc81adbe61995f25cbc28dca420bfa9461054d3ee00ad78183e7f26df6898af9a4d225fcab67c042e9a13525d1f75ff0e3d8da80896b728f3e2db65944ae0717d775990b59e5b70434bd4b3ee452f10ac0610570b38220832968f544d3e4d119b1d4b5015c6cdf4cf220b56b5c0ccd8e398d5e4a58da3b0e2b270a5d39b82abb7f9d27a419018550b6200ae51c84882f086ae7ea5351671b6dd960923ad6befc13409879a8df619bdf6c88a6fe1ecc0f0f3aa219fb61902be48a53df2bc66c56f1c1d17f7e6167d255165f174baa9caf53c73cbbb7cc2c7c087f43abe2aed5a21fe4290b8d67960a8a9cbc2a57abe22654dc184cff9168bb697270375fe88d5c49cf95b06cf9d0dac81fbd9c0d7b82d05ed2c3fd49ccc29404441712545f9a991e4f0ddb62190838296f967299a38607226d8a681f0a8f3c4384fd18b30257c463c0abd0f4f6f1225a51b762d6d0ac7d59cd2efd698b8d13e23d70409f6b07d695c1671cd6f59443b1db0ab35b9dc0640e4c6d1ac50475d28ef94f81790e2e5b2545514b2a49c5c2153459be540890f53bc18e4a16dcb5dcf50f37a95c606fdf48598e52af3179a2048615d93d97e0599b7088c1174bb9f15e37018f99acbce5b1302f8d8ce2ab85437feeb0caa7784dc83c9e7c36fe059906b030a86a3ded0ab9d8b73529d475e661a0808d6d3f0907f8528873f08d5748be1d69712e85262d77bdf13bfd18a5cde6f71462673ab29b1617315a9a6e936a8e81a8e43bd0f6644a5c69eaaac89bdaa99cca803833705e5afa69b3bd1d0252b854650f2199791e6aca7c75a861283216233a2633a6aeff9d301ee5cb4dd72c08a45cdae8f5458c095b22e759c43b49b98e9f4cb33d5dea879449eae73cb874c73594325ebf68c1ed4064b6f61ab2f014a2f19f32e12b33c5eaa8a29204d5eba58dc075072fe399be7d1ab1808208fb408123bdc0b4ab3130f9f706dc3eb194b605e73a32f125ae491285ce6039fb623c38b81d5aba0f5599f6c86e872486b4e9649daffe3a3d06cb073dd3bc6f4e10a18700e45722d78a6b0972dc94d5c7a7b6641757b796075719d7b8ec36a1e796fb5f8fe6f1b79a0859cb4d67cec05ed914cfa32c1ddfe218ef963436c3a1148ac2cf909df7359890657463a4ea25fed59618a0681a1217e22d64ef9d9b4559d0a0f6b3ce8d847930b232301caf44cdf7a3f18a2ac130b92cfd9c03360557b5f7c4775462a1071f70344c718374b: +033e003d7aab7bc7fc8ac204c733799ae553c3fec53f10dbf795b5f4b87f1c95682f46f5c056dd45ba0b5a782031f9596a73aa292ca2326beda74a52fc32b716:682f46f5c056dd45ba0b5a782031f9596a73aa292ca2326beda74a52fc32b716:596aa2c40b3318878938ebc138db274bb38a5201eb7caf875e6c645791dae012bdefd485e6bd9d8499c42a2ae86cf32b18002e76bb582cca0dec4815ded8a1211f8fc8857fce1d57f6151d88787b978fab56bf926b1533e19499e8bb99158cdd6e980f6ba543ae831f9dd134b0fe6d5c24887dc7a8d4781dd9b7fc5dc9464b045cbf9d1ef5036b5bf28b549ac7aa8fafb91adc9feca7a14554d110e310c749e48533f359c70f05fb7aedef136636b8ef7223886539864ee52d34118b4b8b74e08fe6b65896e4b19b6d7c3f2528265585481710d2d74948eb4b1708a50fa74021bda4b361bc68d2a5d202109f8d28d8aa67d78c1136cd2e903c8dfa175af7bd963b73dae495873ccdae62bfef885636dd83550ff9c05c37ba3389d1543685d89483b0c104e7efbb7702c5a0398ac720484c50936835ee9df253f0ef8cbef3e07de969511ccbf87557493a0b972ef0e8e629cf3822db21286ed727661bd31786fca1421106dacdee1caaf49454e854794f704d22a95a4c8e6b1c2feea57e56238c2096f1cc578647fea544d6764482bdf5148879a25f943db16f29021b9ecfe3e090b425c81c7009842e1c7a02d91ca60c1201c3bdae9c5373af03f2f4dbef40de8d9b21fed68dee510de0427234caa1c20a3ae549954834c93373d913b8750f23a03780d7a9454ed6fe51fd2d276b9d4aa32de05e03816e64e9466f4f0e224651428d342cbcc697170a47ef996bdacbce91117ca1f8455b25b2b08443e9914e3d90c489eeaa7731ddea2123d55d67b16683fb7c8236aaa5a1b0fcaf8d170011dbe9aa2857be612cbb85ef69e56831b4dacfbc7a59b465a66dc7412ddb3d6af4ebfd705864e7d4fb99a6ccb48b118368feab02a340c432768de0e067871e9ea808d6d993815829e71f6c042b664995098fee94d543df15e5b16957031bd238bcadbbdcc576affb640303d69c5b250b3a539afd127f7ee2609e52e5154fbdff3e45f9c44066656d561e0f64dff2805df88e30a380530822413a7ab76a1b9a865378d24763069a814002a9a9d03795ca8d2b5bd1090393e9e4b1ff7d7f0eb84e712a018f68c9e384f0a0aef3967879284f409e30d2365086e66952278ca9b6f90e8f69a48d9b28bb4c4ed632abca3af4144da7422bf51992f734731453c7a33e15e59f5308129d6a774a94586f723311179176c0948fff4e30c1b959812cac977cc74347b007940f2fb962a90d66066a6de8801984dee4a532d4b0acd6dcaf06727bab70b3866232234c9100bfdc669f77ca49:edb4e020d676fac6a845534880bf6136374a8b7f2c5385bb9ee225381f494efb74a55b413ae0ea70add61bfdfb87fb42d5bc0c5359dddd573d538ae93a6b3609596aa2c40b3318878938ebc138db274bb38a5201eb7caf875e6c645791dae012bdefd485e6bd9d8499c42a2ae86cf32b18002e76bb582cca0dec4815ded8a1211f8fc8857fce1d57f6151d88787b978fab56bf926b1533e19499e8bb99158cdd6e980f6ba543ae831f9dd134b0fe6d5c24887dc7a8d4781dd9b7fc5dc9464b045cbf9d1ef5036b5bf28b549ac7aa8fafb91adc9feca7a14554d110e310c749e48533f359c70f05fb7aedef136636b8ef7223886539864ee52d34118b4b8b74e08fe6b65896e4b19b6d7c3f2528265585481710d2d74948eb4b1708a50fa74021bda4b361bc68d2a5d202109f8d28d8aa67d78c1136cd2e903c8dfa175af7bd963b73dae495873ccdae62bfef885636dd83550ff9c05c37ba3389d1543685d89483b0c104e7efbb7702c5a0398ac720484c50936835ee9df253f0ef8cbef3e07de969511ccbf87557493a0b972ef0e8e629cf3822db21286ed727661bd31786fca1421106dacdee1caaf49454e854794f704d22a95a4c8e6b1c2feea57e56238c2096f1cc578647fea544d6764482bdf5148879a25f943db16f29021b9ecfe3e090b425c81c7009842e1c7a02d91ca60c1201c3bdae9c5373af03f2f4dbef40de8d9b21fed68dee510de0427234caa1c20a3ae549954834c93373d913b8750f23a03780d7a9454ed6fe51fd2d276b9d4aa32de05e03816e64e9466f4f0e224651428d342cbcc697170a47ef996bdacbce91117ca1f8455b25b2b08443e9914e3d90c489eeaa7731ddea2123d55d67b16683fb7c8236aaa5a1b0fcaf8d170011dbe9aa2857be612cbb85ef69e56831b4dacfbc7a59b465a66dc7412ddb3d6af4ebfd705864e7d4fb99a6ccb48b118368feab02a340c432768de0e067871e9ea808d6d993815829e71f6c042b664995098fee94d543df15e5b16957031bd238bcadbbdcc576affb640303d69c5b250b3a539afd127f7ee2609e52e5154fbdff3e45f9c44066656d561e0f64dff2805df88e30a380530822413a7ab76a1b9a865378d24763069a814002a9a9d03795ca8d2b5bd1090393e9e4b1ff7d7f0eb84e712a018f68c9e384f0a0aef3967879284f409e30d2365086e66952278ca9b6f90e8f69a48d9b28bb4c4ed632abca3af4144da7422bf51992f734731453c7a33e15e59f5308129d6a774a94586f723311179176c0948fff4e30c1b959812cac977cc74347b007940f2fb962a90d66066a6de8801984dee4a532d4b0acd6dcaf06727bab70b3866232234c9100bfdc669f77ca49: +ee55fcf70a275c726bd4856683b347decfd422f1826c07a932cb85be9fa4ef3cdfcffb5e1553789d56a9f3914bce500d07c5ac311f927854b2cf1e5833c03237:dfcffb5e1553789d56a9f3914bce500d07c5ac311f927854b2cf1e5833c03237:b8c845cf7c5485f0622d1ddc17f7a0f6f0fd7074fe194b0e0cd42650cfc817f57f095f8cdfad1ebe0dfbc1bd7617ab4f204e9d55d81a7c8a433940ec6f17c8a8e3d56c1afb0af374bd32d54ef7132d26b89c470c2ab5be16fabb4c75193d6da59ba2fd157e9ea4e0c5c08a5202f5edc6a61701f08bb344ca6455d75d145adb244c534c8cfc623f4d4b6767594b39a7690beeec4df9746a57ffee051454c4278ea43c810ff13cd769615f9d05d4fe4a51583e80c015dcfed9af05f93d054d34ffd939bdd8f0518fa3030a964dc9d80df00f1635824072cdf29bc80259209d50f56fca9fbd6ae1514a671989cea4f6846bc19179097cca40c624d7edbf91fb5b2539ebbd502d3646711430bae423fd115848093318b7d087ef1e3b894bc3b9ea27af853fca8595d36fb7299969162f2ed6a2b55075b2c630802857176dec4cb5acf2b13a35a9949b912bb57d81eb0c8a8adf3cf64cb571bf5f3d71f987d64d74e919a00336e57d35ee4eecfc657000dd5b12995ee1b116591ce58e56de25b29c94829d1d68521b9558e4725ec77039069c0cd17b2a003359e9e1e112c7590176cebce7f001f1d136e818f4818cfd94745afaab56f1a406f97dd9e61b735266d682ad7df26dd70cde0b57fea7db2df832fa88a35f539794884ddc41218403016cb6d5221f3feb5d3aee4a9840a913072d29f8d1a9367bb0bbf545f7dae7c00a0d0c0342231ae462bb742e1498ee584ae6c83f2f1f2d0452bead982268cd3cfde78ff422e226bf7b2af1137757797fb02e5275c34809d54ca9ee2a65275e6e5cffdd20ad1fa1ee0bd8b21e04ce829e02cdb63c48bfcdd86d3a08c59789c9d78e36181defeb7227107275ed6b5ccb127cd72b374e17f5ee0b5e47b4b3e14a8ec6d86bb7507187f28db32b3f3fa1ca13446fe5253ee783645e794272799a863b4fca99e443cbaa05de3c50edf3d5cd7c10529c6c09a0c1453406ac7ecafa9b3a1f369d68f3c618f58efc359df2f3fcd2478b55a41a11f2487e7f70ec293b3eccc700ef444a33d1eae9849c5b76d29afd5a23861aef4f2a7ba3f666301fdeb5d3d8f0dc9ee2e014b24c7465dee3c0964edd49ed49edabb5ca7afb99574d001e5812a085231f241b6b08c73e80fb44bb2adf554f14fd6dce94a6f63623d9c1deb41ad101651a6b67ae5234daae81979fbd823389649a3b0a06c68b80468a991d3007748751fa69281db1b94d6c160a1cab50943cdbb8dea5750906b3c6595bb580dedbfae57464cc7a651d4c51dbb5fa980597d17669:9d8cb2eaf3ff3e0c2bc672e1d255c5b8e80731bff6f6aba517e13354e851080f4a8bb8121b2624244c9ee95c8a092f103703fbe66f9cba100d2e91ed774ac907b8c845cf7c5485f0622d1ddc17f7a0f6f0fd7074fe194b0e0cd42650cfc817f57f095f8cdfad1ebe0dfbc1bd7617ab4f204e9d55d81a7c8a433940ec6f17c8a8e3d56c1afb0af374bd32d54ef7132d26b89c470c2ab5be16fabb4c75193d6da59ba2fd157e9ea4e0c5c08a5202f5edc6a61701f08bb344ca6455d75d145adb244c534c8cfc623f4d4b6767594b39a7690beeec4df9746a57ffee051454c4278ea43c810ff13cd769615f9d05d4fe4a51583e80c015dcfed9af05f93d054d34ffd939bdd8f0518fa3030a964dc9d80df00f1635824072cdf29bc80259209d50f56fca9fbd6ae1514a671989cea4f6846bc19179097cca40c624d7edbf91fb5b2539ebbd502d3646711430bae423fd115848093318b7d087ef1e3b894bc3b9ea27af853fca8595d36fb7299969162f2ed6a2b55075b2c630802857176dec4cb5acf2b13a35a9949b912bb57d81eb0c8a8adf3cf64cb571bf5f3d71f987d64d74e919a00336e57d35ee4eecfc657000dd5b12995ee1b116591ce58e56de25b29c94829d1d68521b9558e4725ec77039069c0cd17b2a003359e9e1e112c7590176cebce7f001f1d136e818f4818cfd94745afaab56f1a406f97dd9e61b735266d682ad7df26dd70cde0b57fea7db2df832fa88a35f539794884ddc41218403016cb6d5221f3feb5d3aee4a9840a913072d29f8d1a9367bb0bbf545f7dae7c00a0d0c0342231ae462bb742e1498ee584ae6c83f2f1f2d0452bead982268cd3cfde78ff422e226bf7b2af1137757797fb02e5275c34809d54ca9ee2a65275e6e5cffdd20ad1fa1ee0bd8b21e04ce829e02cdb63c48bfcdd86d3a08c59789c9d78e36181defeb7227107275ed6b5ccb127cd72b374e17f5ee0b5e47b4b3e14a8ec6d86bb7507187f28db32b3f3fa1ca13446fe5253ee783645e794272799a863b4fca99e443cbaa05de3c50edf3d5cd7c10529c6c09a0c1453406ac7ecafa9b3a1f369d68f3c618f58efc359df2f3fcd2478b55a41a11f2487e7f70ec293b3eccc700ef444a33d1eae9849c5b76d29afd5a23861aef4f2a7ba3f666301fdeb5d3d8f0dc9ee2e014b24c7465dee3c0964edd49ed49edabb5ca7afb99574d001e5812a085231f241b6b08c73e80fb44bb2adf554f14fd6dce94a6f63623d9c1deb41ad101651a6b67ae5234daae81979fbd823389649a3b0a06c68b80468a991d3007748751fa69281db1b94d6c160a1cab50943cdbb8dea5750906b3c6595bb580dedbfae57464cc7a651d4c51dbb5fa980597d17669: +49c298a2db3d2589c9fe16a4e571e5aa23cbaa777b86470290a3eda7a5d3e96bdac523d6374c8ff15fc4ddc713715ac35cf5547fc1b1b2646b63fb41a7f21621:dac523d6374c8ff15fc4ddc713715ac35cf5547fc1b1b2646b63fb41a7f21621:3582eeb0d371df385de88baad380cb0cdb60eab2baebb3c79837753d08e1cb78c0bd76dd1104454956d571ceb7e6b571a5236835d784b50ff66057b13595e7d0c8f25d08ae8b54b6123ba08151ac7db0c56a980f7f0bb39a54b437f54851979986ab1367835e5c4f3a3b3d760d3827e76c568ae7aebbb612e775bddeccd334ac6bcd3253abc29d4b7c3f10362666f6ae75080370a36cba55db3a91cb5789e4d6f9efea4df1dd7730a5e27960d53b5121948cce5af653fff1d5b4e5b0a88c718c49b31c793d88c1cc45ab8da29d05e906cd0594b5f6638c8ec3f1760ba423b5ab1d08a58770afb0f139abd349c1bf160d8902239ce24f19b4e1be095f7ed165f3931e3cbcc307e9fc5c658031228e55cbbeec0d0bcf8f695154a9eed1bef35228789bfc0d238b8372d318328c1339fea08814db8621abca3aeb82098b5aa87bb98f5e40522a0888532c1748453db2d2b3943e4abb312de319aec48cc1c94775972953fb6496b8168937623510cd48c8b247956d3168486c176ae7a4cb384eacfdabfadd9fba30a23b811bd779f3cba54338c28bb3382238ed3b8dd21beab2f5cade28c5e09b31a454808a5348122e3ae3812296f7869c3865c3c9d8fe18bd812f2e60e914975cfe1bef8dbb8097006f0d7cf3fc15eb95c27854b14312b88d528015af69fb7505b8f32703f64eb1c958f046dd251242f8bea7467fc7291d095e9696e11aa45abe7924e856351535aa0773d3d9e61cc9a2d89b5b0774d7645ee1af7eb6fcd440bc69d43edeaaf935fd2a5295ac19a97d70af9298830f81c0a509f242f473372478fa5879fb2cb8511080fc2ecd8259b8c3ce9e8b640761dc7927c32e7f5bae97a8b8ac935662e5f45d14cad6d34affc9a19414c4566f45f977396710894c5399ed4480f18e90957faa76ccb512a2d07573058a95b42fe1810249d1c85ec431a049d1aecb0f118379bdc3f1ee490bc8a054c32c3dac7659966cdb66f995ac403d5e79eb6b25b3f3f65a6ceec220d66c05f8a8a98b80799ba4f2c6dbbb4dfb5862c9a46bca013ebdfaba7494a30ce14606afc0b0f993143fedee7896d9a6bb81499166ed02e94186aaf32187aeb6e282501bca43b57b7efa0939c934bc8fbbd26c44b618335a35c692ff996a5b95d327df9b2a6621b3b0f190db1f36d911d1a663a4ebf9a2854bb4f4061095b69812c82c2ffe3f92e9b44d2ea63169881cae8453d6eef7cf69c25a28b3f8ddc70148ef26721a3c1f2e62d9d10cea42fca3facd74673a4e7f33507364aa286c0f38d7:2a439c73c98117fb2952e2b161f7f3b99e7d39bc697f794075db7b634d29f1ff5724f677f8312ad515b097cca9dfc30e79ee8a7c9dd728bdd45df859c7bde30a3582eeb0d371df385de88baad380cb0cdb60eab2baebb3c79837753d08e1cb78c0bd76dd1104454956d571ceb7e6b571a5236835d784b50ff66057b13595e7d0c8f25d08ae8b54b6123ba08151ac7db0c56a980f7f0bb39a54b437f54851979986ab1367835e5c4f3a3b3d760d3827e76c568ae7aebbb612e775bddeccd334ac6bcd3253abc29d4b7c3f10362666f6ae75080370a36cba55db3a91cb5789e4d6f9efea4df1dd7730a5e27960d53b5121948cce5af653fff1d5b4e5b0a88c718c49b31c793d88c1cc45ab8da29d05e906cd0594b5f6638c8ec3f1760ba423b5ab1d08a58770afb0f139abd349c1bf160d8902239ce24f19b4e1be095f7ed165f3931e3cbcc307e9fc5c658031228e55cbbeec0d0bcf8f695154a9eed1bef35228789bfc0d238b8372d318328c1339fea08814db8621abca3aeb82098b5aa87bb98f5e40522a0888532c1748453db2d2b3943e4abb312de319aec48cc1c94775972953fb6496b8168937623510cd48c8b247956d3168486c176ae7a4cb384eacfdabfadd9fba30a23b811bd779f3cba54338c28bb3382238ed3b8dd21beab2f5cade28c5e09b31a454808a5348122e3ae3812296f7869c3865c3c9d8fe18bd812f2e60e914975cfe1bef8dbb8097006f0d7cf3fc15eb95c27854b14312b88d528015af69fb7505b8f32703f64eb1c958f046dd251242f8bea7467fc7291d095e9696e11aa45abe7924e856351535aa0773d3d9e61cc9a2d89b5b0774d7645ee1af7eb6fcd440bc69d43edeaaf935fd2a5295ac19a97d70af9298830f81c0a509f242f473372478fa5879fb2cb8511080fc2ecd8259b8c3ce9e8b640761dc7927c32e7f5bae97a8b8ac935662e5f45d14cad6d34affc9a19414c4566f45f977396710894c5399ed4480f18e90957faa76ccb512a2d07573058a95b42fe1810249d1c85ec431a049d1aecb0f118379bdc3f1ee490bc8a054c32c3dac7659966cdb66f995ac403d5e79eb6b25b3f3f65a6ceec220d66c05f8a8a98b80799ba4f2c6dbbb4dfb5862c9a46bca013ebdfaba7494a30ce14606afc0b0f993143fedee7896d9a6bb81499166ed02e94186aaf32187aeb6e282501bca43b57b7efa0939c934bc8fbbd26c44b618335a35c692ff996a5b95d327df9b2a6621b3b0f190db1f36d911d1a663a4ebf9a2854bb4f4061095b69812c82c2ffe3f92e9b44d2ea63169881cae8453d6eef7cf69c25a28b3f8ddc70148ef26721a3c1f2e62d9d10cea42fca3facd74673a4e7f33507364aa286c0f38d7: +823f0c29fbfdd3d1828f3055e9ec01ffd1b5a375118ddd7e4e0c43719f573ff773125fc83abb8b7c658559fc127393231d03ca5846e0c88118d13d55ca44789d:73125fc83abb8b7c658559fc127393231d03ca5846e0c88118d13d55ca44789d:802c39ce7f2a50bd81622add0df4e0fe03ec3d2d305a45a6165271ed79add243b9a00e52183192feb24c4fdbd22c807ae100efcf165b9c996194e00fa817765ea94a03070e486686b445fcb263ccfe1f5862f3b84b10f390080bfcae447ae0069742b8618fa9575f7e637ad54e834caf0394d745032ce1e255c0273250f1504b37a0add94aa245c7de52c80e05d6e0a96a14410543826a49e9b945626d4e89f55027163d4bd6d0e9bd1a2477f67d3d5668a42e94d8b61193d821e0d1b230fcadc53613b75b02cfb8158456077ebdf5a5f00c3b5b186370cafec4a21c69dce1f01efef23c37ab90f858238aefbe212b556d2f073406559f1a51d84efffdce07b00d01bbf33771cc12c960ac89365a9c82c52343f7603381b89023c1a6e702a5b1e4bd191ea6970b5ea451ea05b59bf83e55f29a1f803212bb2e58f0616333d9114708529e8b6c6081deeb7c299a5a2a53ccd24ed58ffbfe503d80614adb05ca11cf29ded00904ea1239f82ba40c793ebc339775f8b0fe3901f5482e310c793c6e2cf01dc157727af238f49c9862804b047551fd886f4a4899e22a6a65701117a3858055bbfe966e370e733e17efada2859fd8ffa9e01fce5606a255367678f4bd4e21e5da0fef30757f34e389f76b7d57c4e410a002e900e48fb218c8f2778f148fee56965f5b473e25256c23a7af198342cf3ef02b84df2cd5800a461c1b07bda2f42628a68ad29dbb82a470967d7302c993b234136e5bf255e6248b102c2bffb20172371f1ca3e10b0810e8649503546d9a731cf19b083357d4cfecc89bedb53506fe199b670391a620069a3081f253b4d790880aa23b53e97c75dc0c360540e5b0a3efb1accffd137414ff8423d54646fc56ba5f53bd84c7267c2f7ee3e37607544154365f9f85081dd7d2ee75d302275c799ef2427ca6496355dcda1d44e0d977bf68db3006500ae3f400d6a8c7cf47057d4fc87eeecb02116b73eed6ce1fccef6e8fb8aea363b2f6f5322a5f0753f45899537646d58651be9037bf91423c2986f5cc2bcbce4faec903498b40fc2deab6603d6eea585d2720d21bb2722bc05b35aed2bcc0e804fe9d239fafda7ddafe1d7860abb0fb28f4bf2b1fbb62a786e455be024b193b7830be0d558f02c9f3ae31dc107ee9421dc5f0b0f89402b71a4581401536bc47308506d96939a206362744e27dde944f4096a12b5f63dab64d041484d3fd91a62c2f0ef9ae787422eb27fed0802e25f9bc775c4915a837fe3eb7b9d5843e4d8210c6b494b61281637a6be32052:fa747b6fe3381ad6bc82a95643c1f4a20b76ba73bff00e635d64202d8b0df03dbc56b0138b3a6d4198ffaf58ccd3d388ed25ebcf770443e41e9d2147950a300b802c39ce7f2a50bd81622add0df4e0fe03ec3d2d305a45a6165271ed79add243b9a00e52183192feb24c4fdbd22c807ae100efcf165b9c996194e00fa817765ea94a03070e486686b445fcb263ccfe1f5862f3b84b10f390080bfcae447ae0069742b8618fa9575f7e637ad54e834caf0394d745032ce1e255c0273250f1504b37a0add94aa245c7de52c80e05d6e0a96a14410543826a49e9b945626d4e89f55027163d4bd6d0e9bd1a2477f67d3d5668a42e94d8b61193d821e0d1b230fcadc53613b75b02cfb8158456077ebdf5a5f00c3b5b186370cafec4a21c69dce1f01efef23c37ab90f858238aefbe212b556d2f073406559f1a51d84efffdce07b00d01bbf33771cc12c960ac89365a9c82c52343f7603381b89023c1a6e702a5b1e4bd191ea6970b5ea451ea05b59bf83e55f29a1f803212bb2e58f0616333d9114708529e8b6c6081deeb7c299a5a2a53ccd24ed58ffbfe503d80614adb05ca11cf29ded00904ea1239f82ba40c793ebc339775f8b0fe3901f5482e310c793c6e2cf01dc157727af238f49c9862804b047551fd886f4a4899e22a6a65701117a3858055bbfe966e370e733e17efada2859fd8ffa9e01fce5606a255367678f4bd4e21e5da0fef30757f34e389f76b7d57c4e410a002e900e48fb218c8f2778f148fee56965f5b473e25256c23a7af198342cf3ef02b84df2cd5800a461c1b07bda2f42628a68ad29dbb82a470967d7302c993b234136e5bf255e6248b102c2bffb20172371f1ca3e10b0810e8649503546d9a731cf19b083357d4cfecc89bedb53506fe199b670391a620069a3081f253b4d790880aa23b53e97c75dc0c360540e5b0a3efb1accffd137414ff8423d54646fc56ba5f53bd84c7267c2f7ee3e37607544154365f9f85081dd7d2ee75d302275c799ef2427ca6496355dcda1d44e0d977bf68db3006500ae3f400d6a8c7cf47057d4fc87eeecb02116b73eed6ce1fccef6e8fb8aea363b2f6f5322a5f0753f45899537646d58651be9037bf91423c2986f5cc2bcbce4faec903498b40fc2deab6603d6eea585d2720d21bb2722bc05b35aed2bcc0e804fe9d239fafda7ddafe1d7860abb0fb28f4bf2b1fbb62a786e455be024b193b7830be0d558f02c9f3ae31dc107ee9421dc5f0b0f89402b71a4581401536bc47308506d96939a206362744e27dde944f4096a12b5f63dab64d041484d3fd91a62c2f0ef9ae787422eb27fed0802e25f9bc775c4915a837fe3eb7b9d5843e4d8210c6b494b61281637a6be32052: +65676633374214c4ac4b7bcea9f1cc84b1b7e79411e310525ace385f4566c1d50e6ec5801d8bd6b1eb421421a1408f134cf712338e0ffc24cdccdc4f7fa31dbe:0e6ec5801d8bd6b1eb421421a1408f134cf712338e0ffc24cdccdc4f7fa31dbe:9d622c206787694093c6f29f93619f21bb64c039416d20dc708a084a9d2e490cf5658e13d62cb0d21eab00e42d851bc6ec75daf405d2373246eea415e866291babf76497680aaf04425a42552b107d58cd18561c8c9483f740744cbfa6054c1b126f5a76659ac19dddad4ab5a09155d8c050b5354e06a4dd3ee3a6f9c91e8b4c7af2749664e7abe97061589e153c58e27cf299a25f2b530c060731ec0f4366bd1debeb4d4e912e76e508534d433ec48f96b62e150de93963a1b3e6c8091b495a96518ce3d3b9a8dbdc2a13fdd077f2231de8d76f56d9ab1c2f9efabce4638364f8fb2a2c683ca819b703ab453b11d37a69fa4bcb8023980834f7b902ad1819fc029212fdea0abf11dec88c55d68ef87a26dbb15dc3d3dfbcdddd5ed71be86f32c76ee2221d9243683df9516564b26bab5c845d4dfe0adcc7cb9fe1ee2c051af5908ce0cc3a90904dbc0d3680ed4992f46ce25c2ee851c414f0187d893e5c3b0189a7bb6893d683f5e3394cc046299a16a1c1b5695933a89bb13030855b81b3c74685f719de0160575a0ff0a91fd94347b8bcbe125d1d3f9ce772a8126e00f563b3189656d5522c187ab831a7ade7ac06fdcac7f1d45882e51f9bf5b44a2daba4a53dbb31970b4a0f1272fe14087e0c3c7e4542312fe74d767f21e7ea487d5284284f46f20f32c5b16e1e0ac8d796ab2f80b344e7a8d84d5de823a50897752dc549a48fc10bcd436a7a93e97cd05d7830138f323879680c343c16467d264d749bf45e40f39fbc3a00c43b00693b0156768ff2e3f8ad9eb6405022f5cada6694e8a33cdc59c6673c44117244eb03fd7fd675930c294edd2940f5f180953d910c55485b2057ae0c9302f4a8e831a5530e3cbbf6f472224083a952a8390ab00dc0f69dfd880eea2d739d218d6a66f237f10d4401aa758ff8120c0ae2766127849024f5a4cc574a5b02b935966812cd1fb6d79d0c4f59ff80f035a0b109cccb22fb08535b874149edf2a0970c14888427d07d1eafa684a6d3454e49b225184c6b993ec8ddb8b5a35ee45f87f69266d49096a317d86ade27f4529fe72364d0b958007299d9de87d6ff9fb04d573aea46bac8eb764752eb465caaaba689a6460c110730bdd08b1689de7b05de59af9fe244ac363e95c98b669359af9031a3a93ba631abf1f61d20ef7fc6883b4840fc926712e13d874b722f6a79b16070c0311325e9a70fcd86916cfa1da7f9d0563a22fe9bfe854b0c186c8663b061b65bc071e839938d8fdd7cf8f6952a6467fad8e58490ed2b26813301:e0b867c9dbda35323433c046e0830c251b4346c5395972286b3a72310ed4526e545dc09d3918f2eb9920bc9b241e9050d848d3830288651591f936d3bae453019d622c206787694093c6f29f93619f21bb64c039416d20dc708a084a9d2e490cf5658e13d62cb0d21eab00e42d851bc6ec75daf405d2373246eea415e866291babf76497680aaf04425a42552b107d58cd18561c8c9483f740744cbfa6054c1b126f5a76659ac19dddad4ab5a09155d8c050b5354e06a4dd3ee3a6f9c91e8b4c7af2749664e7abe97061589e153c58e27cf299a25f2b530c060731ec0f4366bd1debeb4d4e912e76e508534d433ec48f96b62e150de93963a1b3e6c8091b495a96518ce3d3b9a8dbdc2a13fdd077f2231de8d76f56d9ab1c2f9efabce4638364f8fb2a2c683ca819b703ab453b11d37a69fa4bcb8023980834f7b902ad1819fc029212fdea0abf11dec88c55d68ef87a26dbb15dc3d3dfbcdddd5ed71be86f32c76ee2221d9243683df9516564b26bab5c845d4dfe0adcc7cb9fe1ee2c051af5908ce0cc3a90904dbc0d3680ed4992f46ce25c2ee851c414f0187d893e5c3b0189a7bb6893d683f5e3394cc046299a16a1c1b5695933a89bb13030855b81b3c74685f719de0160575a0ff0a91fd94347b8bcbe125d1d3f9ce772a8126e00f563b3189656d5522c187ab831a7ade7ac06fdcac7f1d45882e51f9bf5b44a2daba4a53dbb31970b4a0f1272fe14087e0c3c7e4542312fe74d767f21e7ea487d5284284f46f20f32c5b16e1e0ac8d796ab2f80b344e7a8d84d5de823a50897752dc549a48fc10bcd436a7a93e97cd05d7830138f323879680c343c16467d264d749bf45e40f39fbc3a00c43b00693b0156768ff2e3f8ad9eb6405022f5cada6694e8a33cdc59c6673c44117244eb03fd7fd675930c294edd2940f5f180953d910c55485b2057ae0c9302f4a8e831a5530e3cbbf6f472224083a952a8390ab00dc0f69dfd880eea2d739d218d6a66f237f10d4401aa758ff8120c0ae2766127849024f5a4cc574a5b02b935966812cd1fb6d79d0c4f59ff80f035a0b109cccb22fb08535b874149edf2a0970c14888427d07d1eafa684a6d3454e49b225184c6b993ec8ddb8b5a35ee45f87f69266d49096a317d86ade27f4529fe72364d0b958007299d9de87d6ff9fb04d573aea46bac8eb764752eb465caaaba689a6460c110730bdd08b1689de7b05de59af9fe244ac363e95c98b669359af9031a3a93ba631abf1f61d20ef7fc6883b4840fc926712e13d874b722f6a79b16070c0311325e9a70fcd86916cfa1da7f9d0563a22fe9bfe854b0c186c8663b061b65bc071e839938d8fdd7cf8f6952a6467fad8e58490ed2b26813301: +d2ededcd853206cbf59bd74a25a303fa2d6c3936bb48eb42f6d900cbe80772be2244111e2e769eab81871e06c580178c235c7bf4a52d2ecce11887a9b46c45c8:2244111e2e769eab81871e06c580178c235c7bf4a52d2ecce11887a9b46c45c8:8070bc0db089a5925446019b7e403c74ec78903e4bd54bc1d08a54a6f0ed75a85b763ff54dc33a2600ccb457fdbaeae548477f6d6947ae26deb71eacd1d2d62282a083843be4e5931d91c93b6282c58807ce8f0d880b1438dad8fdcba8612df73b9faff3a9f7db3005250536aabd98ae027a895e10b5cb7b69875c0f3993af245192f4393e9c4d3405746e311d3a91447fcdbd7306b6020c933bbab9e39d13491625035c9c636efa1739c3588710a879d9e3ce1764616f1082e8dff57559c3f5a5d76dd301124fa489fb949e9e039dd4621bda60f0b86b311e78ed0ab3b528965044b23d78ee2f81061f8edbd6929933d18c0207dec4b5b6b2fa4aca2747cf5b110df00b0c9827bdb3d9db2c7b0328d40d99e1f6b228e40dadae78aeda0289b6a23d4eb5837088e5d88413632ccc22e21a73768c673201e9a8d8dc6eb6f7397fedbd398d26f9692ca72f6d6cf056aaac50ac2f3b266dbe5e7be7a024774578ead585245daaa73e0aaf833c070ba4b2044ccb5e5cd16f9c0ad92ea8448055dd828c79935aa6c0741f9e2b810324fdc6e61e842f94572268bf7d5adfa7ab35b07fb19e7815a8aa5d81130130ac5cda8a4751ee76038c0a6bc2faba4c497e62b9f1f194b8a599b07701814b6dfb7d84bcdd5b7b5bc2249f1d3845eff9ef8cc7328535d70d53c7aa0c7305901de7c4ed2fe1838265d4a417b876adbd88eb933f27c9aa48c8c7e34e48147ccffb2fb61a348fea13ef67cdf2e039e33fd89e2c1ad2a4254e3bf748452aa83efeca46e780ede1d13ff4cc5e7d01ed45eb8c74818d4860af4759a83e148896ab68734395760e00146b793c3e72898aa0b3c5e0c1d3fdf12158d2e8ff1123a3a0c64cf6374a7f44f11a575e48a379181b30a4865cfd022aa983275635ce4f2cc40bfe066067ec4fe241fa047b55270a1ad0776c5f96861014cbf40a0432c559f22d79342b79f8e7042dccfb1cf50f83085f8063fb1887ed2dfc9db7efc96daa0ff2bc4f52335b02112d16392e134c0223de458fc072cc22bf9e7eabc06208180a57e7ce4805ee4e0fc015840998fd568644a0386b3d8e7dda52abf64f7dd00868fc84f036ca8a78e9ba8171ca90267c74e6159acac7af5bf23759abc53d82e793db87fdade1363354ffdcb0bd4cc9213f5c845445fc649b2a1f329f9d41d8a031ab46b472160f03434b4b6bc5a401524d6179ad66f9e221c9067fc87fe4a77e21e8023b6169ebf1090cd556a9be50b9187fe4607c5925e60b414f6a5cbf8afa15ed0eb34b67b4c9c5d54adbe640:be3c2b567fe8c208c98e7197117eb01b3c197bdfc858562dc5cd90f8e2c0357042303995baba2f40b7345c56db0b4625580aa8dcc48df6019d23a838ea7172028070bc0db089a5925446019b7e403c74ec78903e4bd54bc1d08a54a6f0ed75a85b763ff54dc33a2600ccb457fdbaeae548477f6d6947ae26deb71eacd1d2d62282a083843be4e5931d91c93b6282c58807ce8f0d880b1438dad8fdcba8612df73b9faff3a9f7db3005250536aabd98ae027a895e10b5cb7b69875c0f3993af245192f4393e9c4d3405746e311d3a91447fcdbd7306b6020c933bbab9e39d13491625035c9c636efa1739c3588710a879d9e3ce1764616f1082e8dff57559c3f5a5d76dd301124fa489fb949e9e039dd4621bda60f0b86b311e78ed0ab3b528965044b23d78ee2f81061f8edbd6929933d18c0207dec4b5b6b2fa4aca2747cf5b110df00b0c9827bdb3d9db2c7b0328d40d99e1f6b228e40dadae78aeda0289b6a23d4eb5837088e5d88413632ccc22e21a73768c673201e9a8d8dc6eb6f7397fedbd398d26f9692ca72f6d6cf056aaac50ac2f3b266dbe5e7be7a024774578ead585245daaa73e0aaf833c070ba4b2044ccb5e5cd16f9c0ad92ea8448055dd828c79935aa6c0741f9e2b810324fdc6e61e842f94572268bf7d5adfa7ab35b07fb19e7815a8aa5d81130130ac5cda8a4751ee76038c0a6bc2faba4c497e62b9f1f194b8a599b07701814b6dfb7d84bcdd5b7b5bc2249f1d3845eff9ef8cc7328535d70d53c7aa0c7305901de7c4ed2fe1838265d4a417b876adbd88eb933f27c9aa48c8c7e34e48147ccffb2fb61a348fea13ef67cdf2e039e33fd89e2c1ad2a4254e3bf748452aa83efeca46e780ede1d13ff4cc5e7d01ed45eb8c74818d4860af4759a83e148896ab68734395760e00146b793c3e72898aa0b3c5e0c1d3fdf12158d2e8ff1123a3a0c64cf6374a7f44f11a575e48a379181b30a4865cfd022aa983275635ce4f2cc40bfe066067ec4fe241fa047b55270a1ad0776c5f96861014cbf40a0432c559f22d79342b79f8e7042dccfb1cf50f83085f8063fb1887ed2dfc9db7efc96daa0ff2bc4f52335b02112d16392e134c0223de458fc072cc22bf9e7eabc06208180a57e7ce4805ee4e0fc015840998fd568644a0386b3d8e7dda52abf64f7dd00868fc84f036ca8a78e9ba8171ca90267c74e6159acac7af5bf23759abc53d82e793db87fdade1363354ffdcb0bd4cc9213f5c845445fc649b2a1f329f9d41d8a031ab46b472160f03434b4b6bc5a401524d6179ad66f9e221c9067fc87fe4a77e21e8023b6169ebf1090cd556a9be50b9187fe4607c5925e60b414f6a5cbf8afa15ed0eb34b67b4c9c5d54adbe640: +b569f7c1aadf56ed1b5fa1b6fad648d0dc544ff8fcd173780de41a7d4de60cb69effa4aed9c658e4346071434468a0b8a04ecf7841699d63e8887ce205570cea:9effa4aed9c658e4346071434468a0b8a04ecf7841699d63e8887ce205570cea:7c5aa4dc8078aa77e8b3b7fee61084cfad764762f1ef26d8deb7f2f3b186dfc772487550197845fba2f4c23c835b9b58dd0b635c649135137f248f5ef713564de3c966efa5f6db6bea9e30970749f8e872d8d7ae4535b75e176ea0489b915f3471d827eb5b444586488cfc3fa6a45082dacb826495e50a3b5dc6bb930a331f30c385bc3b24ce70b89596db6bfb687d99a581987ca876ea0e757696b3fc03779a658130c410b344edacc4277d44845499d678e1414f15f36e166335189569cef3567ac2e3ab821c91c93274f5c28a5d1f7c1bf5099b10f84ecb13a4e4538f6649bf74f7394b703ef53649d81516cb1db521416065cf9f276ab80c9308897a27dfe37e5e142f1819b8d348df50a046a12888e3b7f2dcc70f5218d15ebb9aa7291a1a92ac445c51d3a53dd691efffcf5a01e876a72aa481eb4f121a072397d8cc93bbc2c9a6c28cc89b11ffc0e910d82d9d6298a367a0e1e3e8c865e4326a319b22666e529f1998f1b3c8efb5fc21cce97040fb6247daa0000ac5554d89e7b27159dd0b1800b760b79c91ef6e970b1e6c5ff42442b1b3ae4d3c439e08ec2f6b94177387ca5c01df6f07f8e34d25edbd49d8b74e31a5e65dec1f8760fa22c00e6fb1cd555be68b0ab43599f0b9f4a54a7ccb062683895d5ef66d24dfb1678cb0d0e8c801d8e5ffe79b9139fc96d118eb39b9c8d4404489325d45b4a3202beadca66f831c68efb815941581930ead29fd5f211b90e7a39f0d4ff48c62a545e28ac2ce29bedc356d92fc00347176d77623e0e1809eff3fe62b75a7d9deb727d86172d14edbf2789a57143c69925c917d433b4683b0693b3cd9e7e377996410727f5e6fb8f5ccd1860a20294ecf33faf97a1e0f85b761447d4761b96e4df1b312bd414cabcf498497b0ead67cd1e5901bbf3a16a8891ccced8a907df88726952d4ab370a6b7df2942cf13615a5bc12b4e106dc3013c68b8fb906399df15f1aa90d56aa974b1d2b28c1a8453b9bf0792a51c97ce8a12afc9341bb4c0c37b12dcb12c639449775d9ac5c2ec49673da5aaf7493ed5f1f2116eaef72bb7fb1e093ede2c26317f4f4b6ad585346205df91a6e96bc66d3064bce952398ffce88071ed9ff2750c65c0c304125ac2cadc4fef71a818732496a84ca574d482d5a3bba20e16dd2fa24d3270f6c60992f7f63e88f52eff6222998eb4416727384375f59f00e47512ee464c3184aceaff3ccfb06bd15c183c5e485926288b997bfaaaecf6ecbbf7d2abf4906df76b1277c5f5a87e6817b1c636e91efd7eccf64f:2e32ba0556bde974d7a19b3b9a1e92f183924c4b74c5d751b5ab3d007967016ec03afe91d742fb22b63e5e55b2fcb6c61a46e9dce7fe9fa30bbf66aef4b85f097c5aa4dc8078aa77e8b3b7fee61084cfad764762f1ef26d8deb7f2f3b186dfc772487550197845fba2f4c23c835b9b58dd0b635c649135137f248f5ef713564de3c966efa5f6db6bea9e30970749f8e872d8d7ae4535b75e176ea0489b915f3471d827eb5b444586488cfc3fa6a45082dacb826495e50a3b5dc6bb930a331f30c385bc3b24ce70b89596db6bfb687d99a581987ca876ea0e757696b3fc03779a658130c410b344edacc4277d44845499d678e1414f15f36e166335189569cef3567ac2e3ab821c91c93274f5c28a5d1f7c1bf5099b10f84ecb13a4e4538f6649bf74f7394b703ef53649d81516cb1db521416065cf9f276ab80c9308897a27dfe37e5e142f1819b8d348df50a046a12888e3b7f2dcc70f5218d15ebb9aa7291a1a92ac445c51d3a53dd691efffcf5a01e876a72aa481eb4f121a072397d8cc93bbc2c9a6c28cc89b11ffc0e910d82d9d6298a367a0e1e3e8c865e4326a319b22666e529f1998f1b3c8efb5fc21cce97040fb6247daa0000ac5554d89e7b27159dd0b1800b760b79c91ef6e970b1e6c5ff42442b1b3ae4d3c439e08ec2f6b94177387ca5c01df6f07f8e34d25edbd49d8b74e31a5e65dec1f8760fa22c00e6fb1cd555be68b0ab43599f0b9f4a54a7ccb062683895d5ef66d24dfb1678cb0d0e8c801d8e5ffe79b9139fc96d118eb39b9c8d4404489325d45b4a3202beadca66f831c68efb815941581930ead29fd5f211b90e7a39f0d4ff48c62a545e28ac2ce29bedc356d92fc00347176d77623e0e1809eff3fe62b75a7d9deb727d86172d14edbf2789a57143c69925c917d433b4683b0693b3cd9e7e377996410727f5e6fb8f5ccd1860a20294ecf33faf97a1e0f85b761447d4761b96e4df1b312bd414cabcf498497b0ead67cd1e5901bbf3a16a8891ccced8a907df88726952d4ab370a6b7df2942cf13615a5bc12b4e106dc3013c68b8fb906399df15f1aa90d56aa974b1d2b28c1a8453b9bf0792a51c97ce8a12afc9341bb4c0c37b12dcb12c639449775d9ac5c2ec49673da5aaf7493ed5f1f2116eaef72bb7fb1e093ede2c26317f4f4b6ad585346205df91a6e96bc66d3064bce952398ffce88071ed9ff2750c65c0c304125ac2cadc4fef71a818732496a84ca574d482d5a3bba20e16dd2fa24d3270f6c60992f7f63e88f52eff6222998eb4416727384375f59f00e47512ee464c3184aceaff3ccfb06bd15c183c5e485926288b997bfaaaecf6ecbbf7d2abf4906df76b1277c5f5a87e6817b1c636e91efd7eccf64f: +323465d0313d1001a261abfd44fe65c38c9a00ca0f20335d6553de492699fc46e22f16bd4cc7e94c46ba31961af8c583f9d2718c68f73d85069f608e15ba8766:e22f16bd4cc7e94c46ba31961af8c583f9d2718c68f73d85069f608e15ba8766:bb1082e1cfdcd29bfca2464d5ce446b5ba654ba58c22538da926b8303cabfd284a7bd5994a786fa66aedf0e15f20c382cdacf3d14557ff7a8267fa04672cacab767008650aa9b4a7c9071c4799f1ffa45ca4d586e02047444c14231943467a3abaefa53959da226eb0c15392019760159697748293c025568783588a3910e78e5ea427c4407a8901061b8b992b82a2df58c04a1b2c5fad11c6b379856c2e0fef8a950de7e0fc22310309e08b132b0cce4fc1ecbf94574a388d4ae36675d3299a951554ebf180eb381e1b5df977d938433891bc478d7681850b9dc9c5c769d405f5d8839fc97361d6cb306c203026cf2e2b3d39849e1f4b1225eb25ef8acd40b006f20c644db650c75d38c0fcdd48f598c7b4a60106e69e19cd712589cedccf50864ea5f9e95e01f1dd85c7514f2c94b28359de4132b88c3ee1d10a80a9fadfb690e3d88641b3168f0b896af8990adbf0e4f8e9d3f9d4cd314e12c3bce0cc8738e0cfc1905be5efa071f710b32f8e5898c60eb1bb8feeb74000560f41cb2ebc32b2600b6980a2a4064dfaa3797ec44cfb72d379f8097379cad67ecdc0c32414fa41c72b1b9e4edf5518cb39fe9092b439af3a4ebd5afe79bedc0ea8bf17479a2821f5e9bd91d7f4aa5e384699523719b6957f82367cd85fea9ded6236a207c94cb373e3393cb4fe11f90a1b8779e4ab4c3466136bf21e2aab78f7d2726db6414fa5c4a3f7313ad2116a6d7ce40aaa1001c2704d5b05ae54c7cc6f567217f1a47bfd0ee738eaea5eadb5371075be076c8750aecefc417ea7bfdaac3cc38bf16cc26df7600e3c7e8e431f2676fc2a8c43a6a14368ba62bb32439a06beac38a047b3745e26f407ad823d6ad1c0b6a44341e15fc9b331214ffc89698211b05133d6d3433b5d59f7ab4d109e54e4c5d6f32fcf7230fa4e2528c861bb21ccc9e310e9497e077ea675510da712b1a5df575c5d1bf7362d071180039aecfaa5c8573c24c0f4ebe81c2f889aed3de5a000be12fe3d0af2dc2cd4240e314a176c553efd5cba798d9ff1e3d4bd9e90bb8113e3849d735afa4af6945cc57d4c378db84f206ef7eab11c637a7f7260f122a97dff6747e9b4c174ed0d64f9efd7fcccf981519ec580a8182547d17968c40151fdf6d54bc57a9115f040fab5c100deb039122b7d2bfd98b6adf38f42b296ea3b378a904259b75d60703b4840b3f5da09620a54776280e9ca9e8cd924aed2b5dd2b49834e581caed5271cd78ce08e4bba49b59cd77c1b6276649148ab7247f97fc0131635de474d3c23493ca98d:da3aadb34360b2da0c26542ea71defa8a0bf7fbdae3ee9e11c84084ad05cce7ba7d94de25d8563982616bcdb5bb6395fac4a7e84bc77e21ed36df75dec990b06bb1082e1cfdcd29bfca2464d5ce446b5ba654ba58c22538da926b8303cabfd284a7bd5994a786fa66aedf0e15f20c382cdacf3d14557ff7a8267fa04672cacab767008650aa9b4a7c9071c4799f1ffa45ca4d586e02047444c14231943467a3abaefa53959da226eb0c15392019760159697748293c025568783588a3910e78e5ea427c4407a8901061b8b992b82a2df58c04a1b2c5fad11c6b379856c2e0fef8a950de7e0fc22310309e08b132b0cce4fc1ecbf94574a388d4ae36675d3299a951554ebf180eb381e1b5df977d938433891bc478d7681850b9dc9c5c769d405f5d8839fc97361d6cb306c203026cf2e2b3d39849e1f4b1225eb25ef8acd40b006f20c644db650c75d38c0fcdd48f598c7b4a60106e69e19cd712589cedccf50864ea5f9e95e01f1dd85c7514f2c94b28359de4132b88c3ee1d10a80a9fadfb690e3d88641b3168f0b896af8990adbf0e4f8e9d3f9d4cd314e12c3bce0cc8738e0cfc1905be5efa071f710b32f8e5898c60eb1bb8feeb74000560f41cb2ebc32b2600b6980a2a4064dfaa3797ec44cfb72d379f8097379cad67ecdc0c32414fa41c72b1b9e4edf5518cb39fe9092b439af3a4ebd5afe79bedc0ea8bf17479a2821f5e9bd91d7f4aa5e384699523719b6957f82367cd85fea9ded6236a207c94cb373e3393cb4fe11f90a1b8779e4ab4c3466136bf21e2aab78f7d2726db6414fa5c4a3f7313ad2116a6d7ce40aaa1001c2704d5b05ae54c7cc6f567217f1a47bfd0ee738eaea5eadb5371075be076c8750aecefc417ea7bfdaac3cc38bf16cc26df7600e3c7e8e431f2676fc2a8c43a6a14368ba62bb32439a06beac38a047b3745e26f407ad823d6ad1c0b6a44341e15fc9b331214ffc89698211b05133d6d3433b5d59f7ab4d109e54e4c5d6f32fcf7230fa4e2528c861bb21ccc9e310e9497e077ea675510da712b1a5df575c5d1bf7362d071180039aecfaa5c8573c24c0f4ebe81c2f889aed3de5a000be12fe3d0af2dc2cd4240e314a176c553efd5cba798d9ff1e3d4bd9e90bb8113e3849d735afa4af6945cc57d4c378db84f206ef7eab11c637a7f7260f122a97dff6747e9b4c174ed0d64f9efd7fcccf981519ec580a8182547d17968c40151fdf6d54bc57a9115f040fab5c100deb039122b7d2bfd98b6adf38f42b296ea3b378a904259b75d60703b4840b3f5da09620a54776280e9ca9e8cd924aed2b5dd2b49834e581caed5271cd78ce08e4bba49b59cd77c1b6276649148ab7247f97fc0131635de474d3c23493ca98d: +60ffdbae003fa2794fcabbf8f5b41644fe3a7f44ed6c834193da07a9dc5e266535b5eb31ab556492578b3dbd6cf1687d1fdb216a725818079663482f221ce421:35b5eb31ab556492578b3dbd6cf1687d1fdb216a725818079663482f221ce421:3f8ff20bb4f00834c80f2ee6893d6f73bf7ace2729601bb26a0fb272a4d0eea1fae1d306ac2c5f32add60135851da27e4f12e64ea5e9e9960b1383b04ce05a98b0414dad971ea98944871d415cc2c46da403976d9f21938958d4ea8c7903b14f2a4485fd69afb24abe102d8fec266fb468b411eb20a339677d88eb31c997b4dc885613f0be7c70daf856a3df92da9602fba2e6749d2f426beef68662d5b0c2fd31321b22b5ec597da5d7e6a288ebd9443c5f39eb87dcf4a5ad9d56c6baf6080996a77936bd87dc3cb42ed4c4d42688a9e193829b761ff320e2a66cc67648e70eea3a1f2f9b9d5b4202fb5a39e9adc609086a9be2a8323ac66931bdf6c504d3336211e46fdefc481fbf17f613dab1fc5c097c92db0609906d78b25a455a3045718efd3e3b14e252b1ae59c7c3893e31913b2c264c0ffc3b606ca1b01dc47ee828a08e46af604e590def44d27aab93a403251fca0772e9df0fab7af0cbc5181efda4da913d8eb6452f6cecbda204bc72d7c990f60ce0dd83c634e912236091b0a6673a7c89ea59308d55bd7e63a8526774cbdd7a1339fac2124c9022abd6fece7f2daedfd87fa683dc0e3ef40806a0ab198769d3a99fe81a99b68600319087afa4ea79d7ee45da9cd40809f4ee8f4e25a0177521ee9dba8b56212e88719bb7367336f4a7bc7122b41a7dfaa2672f92f23403a10c4fb25388c6b20081093d49f3be8a9e1c634ef7ba96b6d523dd6ff613c0a23b60457026cd485ba8db61d80a0dc659d9af42a38cae777fec68e39c52986ff9fc20789c10585107c04047b66ba14e93fb904ea90df7ac9f0154c96f3236acf6dc8b44f554c0cd513193e5dfd87e085ad4b38aa4c5e36b2427722088816ecd2bc3a3dda01e4fb3ff5eec7a6417322ba6a27773d24495a839194a4a582fe5abdb8b5d533a24262589241fc81fdf5e79fd26776428f8e1ce9e926cf272716e7583abfc67a94aae0816c1000a196170bbff1f45e5ed9e267ace1e4d915dce7216c5f404def6fe2bd8b28b2eccf3e2aea0c0d6626390274e47e745ed3a23bcfd21d284c395379dc02080f07936bc154e7b99ee73db188bd2a394e03a01ffe2d1b330ceb72158f958c716a81711dbf65aff8cd12f5dfa53b376ebb8b98f8628f17ef8b2ab9c0bb68412f4e347a633e2f8da1a556d96f4af7211c078079c10541c07dc3722d18dab8fa8bc4925aba5c966f805040322dfbbbe87fbfeb1961f5ccd40a91b997e54315a7eefc3a47bb0c87dc23755ce7227574996f4be7aa344fe0d17b97bc50c5838f99292:b8f3e1f3785a2a39bb086ca465c0abf0a3e87443225ac6e966ed9b4531c54a894a9abd01ac31b85757fe75308c9594ff65f97cdd91e8d8a93cf12b9e6dbee90b3f8ff20bb4f00834c80f2ee6893d6f73bf7ace2729601bb26a0fb272a4d0eea1fae1d306ac2c5f32add60135851da27e4f12e64ea5e9e9960b1383b04ce05a98b0414dad971ea98944871d415cc2c46da403976d9f21938958d4ea8c7903b14f2a4485fd69afb24abe102d8fec266fb468b411eb20a339677d88eb31c997b4dc885613f0be7c70daf856a3df92da9602fba2e6749d2f426beef68662d5b0c2fd31321b22b5ec597da5d7e6a288ebd9443c5f39eb87dcf4a5ad9d56c6baf6080996a77936bd87dc3cb42ed4c4d42688a9e193829b761ff320e2a66cc67648e70eea3a1f2f9b9d5b4202fb5a39e9adc609086a9be2a8323ac66931bdf6c504d3336211e46fdefc481fbf17f613dab1fc5c097c92db0609906d78b25a455a3045718efd3e3b14e252b1ae59c7c3893e31913b2c264c0ffc3b606ca1b01dc47ee828a08e46af604e590def44d27aab93a403251fca0772e9df0fab7af0cbc5181efda4da913d8eb6452f6cecbda204bc72d7c990f60ce0dd83c634e912236091b0a6673a7c89ea59308d55bd7e63a8526774cbdd7a1339fac2124c9022abd6fece7f2daedfd87fa683dc0e3ef40806a0ab198769d3a99fe81a99b68600319087afa4ea79d7ee45da9cd40809f4ee8f4e25a0177521ee9dba8b56212e88719bb7367336f4a7bc7122b41a7dfaa2672f92f23403a10c4fb25388c6b20081093d49f3be8a9e1c634ef7ba96b6d523dd6ff613c0a23b60457026cd485ba8db61d80a0dc659d9af42a38cae777fec68e39c52986ff9fc20789c10585107c04047b66ba14e93fb904ea90df7ac9f0154c96f3236acf6dc8b44f554c0cd513193e5dfd87e085ad4b38aa4c5e36b2427722088816ecd2bc3a3dda01e4fb3ff5eec7a6417322ba6a27773d24495a839194a4a582fe5abdb8b5d533a24262589241fc81fdf5e79fd26776428f8e1ce9e926cf272716e7583abfc67a94aae0816c1000a196170bbff1f45e5ed9e267ace1e4d915dce7216c5f404def6fe2bd8b28b2eccf3e2aea0c0d6626390274e47e745ed3a23bcfd21d284c395379dc02080f07936bc154e7b99ee73db188bd2a394e03a01ffe2d1b330ceb72158f958c716a81711dbf65aff8cd12f5dfa53b376ebb8b98f8628f17ef8b2ab9c0bb68412f4e347a633e2f8da1a556d96f4af7211c078079c10541c07dc3722d18dab8fa8bc4925aba5c966f805040322dfbbbe87fbfeb1961f5ccd40a91b997e54315a7eefc3a47bb0c87dc23755ce7227574996f4be7aa344fe0d17b97bc50c5838f99292: +174e993d9b81f2af67e9ffb8ebd5da417966a9e77f66c65c767738fe8357d07c3bb7386f1b1cbfae553703833ebcbfe2dfff8c899a0792d7ce2322b5ba645a5f:3bb7386f1b1cbfae553703833ebcbfe2dfff8c899a0792d7ce2322b5ba645a5f:a401750afc4837dfe3aacc284a597145dfef02629ef87bd0938d443979df76f29fcd66a5b71ea8ab787277e3056f6ea11b08bd238979f9d3b062538c4d6040a86b6e32047aecc59c2377ad0ea4c40c79ff9fe98c958b2bf25f2fd6342432636f5f7d5bb0d2ecf18183426c73147984d95bbe162e11972ddb78a2a7c345c5c0bbbaba9cf38a2d5dd509a7df8b842874a96e64b5d64f5c41a21d208d14cea7066cf22dee0ca41aa46ab921d4ceec89ec873f77960eda60d9676cfd0dbfaec872c2ade8fba4285aacd527143ae0341d67d0078119653b5d23d46e6ef70264b1b0913870877623716d0f1a59021be74c914b432471a43a29f2b6dbeb6a223e2dbaabb820b4adbe337829e1de0c184dd0d09f9d01d42527e5d40abbdacc8ac0f1b2c5c1cb2f23876d2d1b6b43dfe482f9d45a18f5c22b15f1fe521ef57b08aec6a3033925c7454c93e6319e778ac494fb140ae5f1a31cc832ca2488651004063bcff8fd9ae9266af527f2c31f6acb8f3debd9978ef9df0108e3d50c491990c90dd8ee9d64ea4ebfd711c99d9044ec11342c5383ca39232ed97a07e4dc51db4c1fe947348dffe70a95c99db14751314801f13fa2bf42d867375a08ee9b3b799e0b15278e95e91a8968064d6dfd8f5115438ccb8b516ca0c41dbb19873c6e10a236ecc2dad522f80f01c14e2fa14a0d792b9fc486c6fb0efbdf2130f02df1497db5aba8be61ca70b29388e4eec7e0694a38c0d03c59bb6a2dc3ccd6dde1e29ee2c1b325ac72aa8e6fab9138f8b6f5d324d46af3a3542c8bd87cb04fafc54b5db827de606762a097b622799ca827bda9c1c0bb267eba8254a81c6b858a375b94bd09f39eeb88cb14b8d46e4740dc1ab42a895f86d2c57fc28b07b7f60fc4f8847b8bc8ad83a2481a28f29bca3510ff8bf1dd7581e3357164f4fe920f9de839376de064900dc7f8bcf511dc572e0f0f6a75b929797da41c52eae6fe13750ce351e8767630badf6d7d4eab90cd1904c96c048a9acb213a9e5b864615738a84f222986ac23554cf4ce54e80ab5733c065b80459921dd3d8372d0e8594d4364351bf041c146fa8d23a193eb807ece23f24ab6595e932c9ce1a759bf788914db008e87098dd81465e2610647ac38e088666f60ec5d0e2173320a40cd985f0e00dbc2b4570727483a8c25f6fc1e093bb57ccafd1ca202f2986c7c5540a7c3e10c4a6fc26d1d62c2ca5af8305ceebe42ff96e7dc548214375e8a7f9f712ba8bd875e43ca10cf9b183f0c8519512928538a478cb98259bd8b3e334bcc4635595cad3:e607bc9a5360b31da56be1c544c2000284951d8689f4b722bc4673a0c8489b84483ed8e76e297ea046e85b37ba5630585e5375566a187afb5696661e5bfdc10ea401750afc4837dfe3aacc284a597145dfef02629ef87bd0938d443979df76f29fcd66a5b71ea8ab787277e3056f6ea11b08bd238979f9d3b062538c4d6040a86b6e32047aecc59c2377ad0ea4c40c79ff9fe98c958b2bf25f2fd6342432636f5f7d5bb0d2ecf18183426c73147984d95bbe162e11972ddb78a2a7c345c5c0bbbaba9cf38a2d5dd509a7df8b842874a96e64b5d64f5c41a21d208d14cea7066cf22dee0ca41aa46ab921d4ceec89ec873f77960eda60d9676cfd0dbfaec872c2ade8fba4285aacd527143ae0341d67d0078119653b5d23d46e6ef70264b1b0913870877623716d0f1a59021be74c914b432471a43a29f2b6dbeb6a223e2dbaabb820b4adbe337829e1de0c184dd0d09f9d01d42527e5d40abbdacc8ac0f1b2c5c1cb2f23876d2d1b6b43dfe482f9d45a18f5c22b15f1fe521ef57b08aec6a3033925c7454c93e6319e778ac494fb140ae5f1a31cc832ca2488651004063bcff8fd9ae9266af527f2c31f6acb8f3debd9978ef9df0108e3d50c491990c90dd8ee9d64ea4ebfd711c99d9044ec11342c5383ca39232ed97a07e4dc51db4c1fe947348dffe70a95c99db14751314801f13fa2bf42d867375a08ee9b3b799e0b15278e95e91a8968064d6dfd8f5115438ccb8b516ca0c41dbb19873c6e10a236ecc2dad522f80f01c14e2fa14a0d792b9fc486c6fb0efbdf2130f02df1497db5aba8be61ca70b29388e4eec7e0694a38c0d03c59bb6a2dc3ccd6dde1e29ee2c1b325ac72aa8e6fab9138f8b6f5d324d46af3a3542c8bd87cb04fafc54b5db827de606762a097b622799ca827bda9c1c0bb267eba8254a81c6b858a375b94bd09f39eeb88cb14b8d46e4740dc1ab42a895f86d2c57fc28b07b7f60fc4f8847b8bc8ad83a2481a28f29bca3510ff8bf1dd7581e3357164f4fe920f9de839376de064900dc7f8bcf511dc572e0f0f6a75b929797da41c52eae6fe13750ce351e8767630badf6d7d4eab90cd1904c96c048a9acb213a9e5b864615738a84f222986ac23554cf4ce54e80ab5733c065b80459921dd3d8372d0e8594d4364351bf041c146fa8d23a193eb807ece23f24ab6595e932c9ce1a759bf788914db008e87098dd81465e2610647ac38e088666f60ec5d0e2173320a40cd985f0e00dbc2b4570727483a8c25f6fc1e093bb57ccafd1ca202f2986c7c5540a7c3e10c4a6fc26d1d62c2ca5af8305ceebe42ff96e7dc548214375e8a7f9f712ba8bd875e43ca10cf9b183f0c8519512928538a478cb98259bd8b3e334bcc4635595cad3: +e53715fec9d3b20e9c2991e54b5eb0a8cc81875569c95e22a2001360021760045351899b69b2116bc7f8a8814d1e5b9fc785698bebd9ab14277c3ecc01ef8b1d:5351899b69b2116bc7f8a8814d1e5b9fc785698bebd9ab14277c3ecc01ef8b1d:8431cd16d5c093775e18c08252c43f95b1017eb711fcaf73e1e00c0cd6f3448744ab9b0e64335518c483ae94deb97677f818f0e81a7490615b7141b9c35f80556e6971cea28e9a32c328cc2669fca5b123cb662debab2b98157764668070e18edf761ae196bd4b244fea7b74984516be2c00739e76e6c4b621cb3983765a20d84778d5a4350b168f6a0f712a9820a85a636faf92c789c428cfd2962ed207c3ac8899c258cac1adb5159f764ba37229c5cbf783fc9aa4d1ea46ecc85fe0961485d4fc5cb21df0012ac9b955373b1422e51afa1c550988862c86133b760aa630fc0acee8989117d1dd96e3e6287b69287c590bdca9cbc8eecef281ee6d1c8d88822bfea5fa0f530f23278093c7c85a0d44c3a77404ee79f1c8368cd7321bf148fda4dcf2eb07e4630ea422587586371780514536b894c524e6b83d5a76a15c83e95ab314e07b34b98cd99e0770b4eb9b3f3f505bae8a06f7f950258d790748107195eb4f6b84840f8c0590727396ed14e3f53239476c4d2a7269b2e1f972fbff33e4724426745ec886a32916295e70d468d06c7dbb5ff9a354e1ac903bb45ca526f08b49a65e82297d8dd3fb25aa428f64345bca9740d9078dac9e1138c921bdd74881673d49d0cd2006811723de287c6c9583e456a01ab1a34dfa1eaa963b71e8bc7fa8a98cad4f941e4b37b60eef923b3294882350b38ea4eac0e9232e93c532db5d7eec8ecfae65e080473078777ddfdd11508a6e59f0ebaa3f60441f82a71a73c84bca06a371ff5c9f77213a2db795d4a8897823d88fd92ae3e057e8bbd80c990af8386bdf26f12d973c8c5ff9ed6f7b2d8e6183cf6e68f3bb898f59a93ec4de3bea605a5d8b15dfab713f3585c48dc9a5768242b33101438030e7044880d17c2ee84f89d26a1f7b1986193f9663c587d50ca9ddf6186a5176afef1adb2481b79254b78d3b34c69790eb28b90b1461170c3d73818376cdf371af0a0feaf14fdf7016ed6e7f08c0c14b52705c86d4f0003b5e45f974c06416ccb5ca3e9d529aa9d415c25a446fa2d69e82f4994e57e922c17c1c342dd7281e410052d9e4aa1b309b7d470d458c663e17ff2500d0bb8e46a9c4367e091caf87ddfc062aae08a65cb9e0eaa71c99459c5e7cb112a2ee98a5e4cbee0dc520f87c3022da6549be1ee70a0a73ad8499c97dd06aa14c9fd8628a92ca6db487322db9598ada1fce28f4b9fc1d3cc39dcf2ed1df3d862d87f55cc1016fb9e73e7cc897b970d5ff35acfeb05c1c89192808aeebfb2cd17cb1c94fab059898fedc2fbd44ccef:3d0adce77a4e046fcb9b49ad5e6c6809c8ac336c733404e5d3f015c9225c3df46ef21ea34cffb3af69974f8b7eab2d23fcd5a1e1753a4023deb3818629a98a0b8431cd16d5c093775e18c08252c43f95b1017eb711fcaf73e1e00c0cd6f3448744ab9b0e64335518c483ae94deb97677f818f0e81a7490615b7141b9c35f80556e6971cea28e9a32c328cc2669fca5b123cb662debab2b98157764668070e18edf761ae196bd4b244fea7b74984516be2c00739e76e6c4b621cb3983765a20d84778d5a4350b168f6a0f712a9820a85a636faf92c789c428cfd2962ed207c3ac8899c258cac1adb5159f764ba37229c5cbf783fc9aa4d1ea46ecc85fe0961485d4fc5cb21df0012ac9b955373b1422e51afa1c550988862c86133b760aa630fc0acee8989117d1dd96e3e6287b69287c590bdca9cbc8eecef281ee6d1c8d88822bfea5fa0f530f23278093c7c85a0d44c3a77404ee79f1c8368cd7321bf148fda4dcf2eb07e4630ea422587586371780514536b894c524e6b83d5a76a15c83e95ab314e07b34b98cd99e0770b4eb9b3f3f505bae8a06f7f950258d790748107195eb4f6b84840f8c0590727396ed14e3f53239476c4d2a7269b2e1f972fbff33e4724426745ec886a32916295e70d468d06c7dbb5ff9a354e1ac903bb45ca526f08b49a65e82297d8dd3fb25aa428f64345bca9740d9078dac9e1138c921bdd74881673d49d0cd2006811723de287c6c9583e456a01ab1a34dfa1eaa963b71e8bc7fa8a98cad4f941e4b37b60eef923b3294882350b38ea4eac0e9232e93c532db5d7eec8ecfae65e080473078777ddfdd11508a6e59f0ebaa3f60441f82a71a73c84bca06a371ff5c9f77213a2db795d4a8897823d88fd92ae3e057e8bbd80c990af8386bdf26f12d973c8c5ff9ed6f7b2d8e6183cf6e68f3bb898f59a93ec4de3bea605a5d8b15dfab713f3585c48dc9a5768242b33101438030e7044880d17c2ee84f89d26a1f7b1986193f9663c587d50ca9ddf6186a5176afef1adb2481b79254b78d3b34c69790eb28b90b1461170c3d73818376cdf371af0a0feaf14fdf7016ed6e7f08c0c14b52705c86d4f0003b5e45f974c06416ccb5ca3e9d529aa9d415c25a446fa2d69e82f4994e57e922c17c1c342dd7281e410052d9e4aa1b309b7d470d458c663e17ff2500d0bb8e46a9c4367e091caf87ddfc062aae08a65cb9e0eaa71c99459c5e7cb112a2ee98a5e4cbee0dc520f87c3022da6549be1ee70a0a73ad8499c97dd06aa14c9fd8628a92ca6db487322db9598ada1fce28f4b9fc1d3cc39dcf2ed1df3d862d87f55cc1016fb9e73e7cc897b970d5ff35acfeb05c1c89192808aeebfb2cd17cb1c94fab059898fedc2fbd44ccef: +abfd697bfbc5b6ff2bdff3bce1d777e05fbe3ec8b95ce693d623931209313d4fa709321a0210cb80ab58bf955ecdeb8aaf9ee4c375f959c53089d437488c082d:a709321a0210cb80ab58bf955ecdeb8aaf9ee4c375f959c53089d437488c082d:896b7ab8413ffe439a2f4487ec49d64e31c74f50ac83f55da61a7003aa716c2a9df6b438e62f53d8f0192f3736324760d7e8c44ac0baca3ae2a6fb93f13d96886799fd2c4551b0ab36f1730855551265a5a3c3c21d9516a237f5dbc1c8e72999b782c5ca41a4f6e9308e64afdee0bf479e546b89c51bc5e4f71e57fb24ce437a8b81b91dc798b5ab36f29afd5b48e81c176ae5edf95371ba3246fb439405bd10eed3678e3ec62307a3b3dc1badba051f16774b85088188c2a9e320a1618d5f26ce94ee2b933c305f6d9584958eea3156c3d1e0ef39a186275ee62c40f3c1acd15d8be6e074351f5349ce3df69517505f45fa06a815c69ca18f450f42b5cf4ebd99268445e0f68104a7deeb0a115b817b99e1a73e0fa9d87db71f8ec94f8708c9bc2e622b963365ebcfb97cfe7332630070e9654eaa60361a45d402dc0ab297665242667fbd9940f6cd33195246a8c2869af759a862d4b641db144d5732366b20636c4027787f558027d76fcbf8432eb93e6d14567df8dbf211daeb5655db10acddd05eca06accee9fda8d3b70ca1e6dc587fa4b78f63cd663ff0243870570f4dcbaa3fb626b4e113bde47d5c9db2b4ba6ec6dbf918ac056949ef3cfcb115561615771a035a43d33ba2651dbeb46348261ce3c4c9f246d23f94dbc2d0c19b921e24c77da5992f1b4bdf2edea499f5411168ac0c12e96f3b15d2e12ac8d7b3ed8d1e07c4267a25d3a3c353a4208b7406278aab9e700f7b206f48e6ea7cc97e554f15c9be349dd91514dbe8d889f2dcbbfa182c9faf5807a69b2e97fa771a6f231a4c7b31d117b8ed0e630cdf13e082bb4f63c3f9acb3553204ccd76e1835c46eec3d43c561bbf17c92214a6db1212b6003cf2cc26c7ae675fcd053b947e722f9e85762ce8a16e4654ec6342fc646e5cab472797eabf658ba4afd142fc8fc4c8f98f23c24dc99847ae8cef0879e1ab3bb8097e4c3529add2d8e8e2c2069210f50ace1ae32a6c8e6384a2bf7d79c66c746149c84ad75a3a176e45e136d94695aed4bfd08b426ea8c4b9379f3742550e1cf5ac84c18174d680e92af2c1874ac1c13d28232de193768e561947cbd6b79e9b99da65cfb74ffb32f7d3d2025c60763dc07f55539b4d253de1e6c25823a6258c7a9ced1501dce2786898a3e05c9bff8fc5b2125d0f471088a134b4873c8d55c0445f6ca396b3d7b4bc2bf5c4d2240da418293af6a3ed853dedd3bf668d937b35aa0c2acbf23766f9f3e96828475ab086496617a6e81d653589b2fe50b7ba8f0cf1e5a44d8d62f08377abfc26297:8c36b5a111c5a8119f2d9db57ebb592dae86ad4bf678c1492e26f3c10fbe03f105cae0dc68b55259b9b5989289db33d95d2ee6b756c760f9d3aa0e68a189de02896b7ab8413ffe439a2f4487ec49d64e31c74f50ac83f55da61a7003aa716c2a9df6b438e62f53d8f0192f3736324760d7e8c44ac0baca3ae2a6fb93f13d96886799fd2c4551b0ab36f1730855551265a5a3c3c21d9516a237f5dbc1c8e72999b782c5ca41a4f6e9308e64afdee0bf479e546b89c51bc5e4f71e57fb24ce437a8b81b91dc798b5ab36f29afd5b48e81c176ae5edf95371ba3246fb439405bd10eed3678e3ec62307a3b3dc1badba051f16774b85088188c2a9e320a1618d5f26ce94ee2b933c305f6d9584958eea3156c3d1e0ef39a186275ee62c40f3c1acd15d8be6e074351f5349ce3df69517505f45fa06a815c69ca18f450f42b5cf4ebd99268445e0f68104a7deeb0a115b817b99e1a73e0fa9d87db71f8ec94f8708c9bc2e622b963365ebcfb97cfe7332630070e9654eaa60361a45d402dc0ab297665242667fbd9940f6cd33195246a8c2869af759a862d4b641db144d5732366b20636c4027787f558027d76fcbf8432eb93e6d14567df8dbf211daeb5655db10acddd05eca06accee9fda8d3b70ca1e6dc587fa4b78f63cd663ff0243870570f4dcbaa3fb626b4e113bde47d5c9db2b4ba6ec6dbf918ac056949ef3cfcb115561615771a035a43d33ba2651dbeb46348261ce3c4c9f246d23f94dbc2d0c19b921e24c77da5992f1b4bdf2edea499f5411168ac0c12e96f3b15d2e12ac8d7b3ed8d1e07c4267a25d3a3c353a4208b7406278aab9e700f7b206f48e6ea7cc97e554f15c9be349dd91514dbe8d889f2dcbbfa182c9faf5807a69b2e97fa771a6f231a4c7b31d117b8ed0e630cdf13e082bb4f63c3f9acb3553204ccd76e1835c46eec3d43c561bbf17c92214a6db1212b6003cf2cc26c7ae675fcd053b947e722f9e85762ce8a16e4654ec6342fc646e5cab472797eabf658ba4afd142fc8fc4c8f98f23c24dc99847ae8cef0879e1ab3bb8097e4c3529add2d8e8e2c2069210f50ace1ae32a6c8e6384a2bf7d79c66c746149c84ad75a3a176e45e136d94695aed4bfd08b426ea8c4b9379f3742550e1cf5ac84c18174d680e92af2c1874ac1c13d28232de193768e561947cbd6b79e9b99da65cfb74ffb32f7d3d2025c60763dc07f55539b4d253de1e6c25823a6258c7a9ced1501dce2786898a3e05c9bff8fc5b2125d0f471088a134b4873c8d55c0445f6ca396b3d7b4bc2bf5c4d2240da418293af6a3ed853dedd3bf668d937b35aa0c2acbf23766f9f3e96828475ab086496617a6e81d653589b2fe50b7ba8f0cf1e5a44d8d62f08377abfc26297: +dcfad59fc6b697109e727ff66a5fe93a6a226f631a64e5797ad8d8c8b6358734e79f4f511372e355e7e9e0e8b5346fdbcd2df1fc5c3a1890d27fa1fa928d27a6:e79f4f511372e355e7e9e0e8b5346fdbcd2df1fc5c3a1890d27fa1fa928d27a6:7d92ddd8133c61c610c1308c23aeaf993884a4e67f7b94bb886dad509869a932ec4a27d410d2c29ca7aeae6f9280cf6c4b067ec751e5e8c39ff444d422ceabae145d42f047453dd402d1797405033409e72cc19f793d5d268fb3fd2c11ea2cb0d70436e18f9e88a01515dc865f6a1eb23690328fd75de26321a38f12197a97201b1d8452944fbc541cb68c77d49515db5326f2b1d0763eda06d250ce2a5e0bbd7d1676d7d41fb3abe88bdbe372f96bf7bb526d6b65a2515e83a577045b5479b38b852fe4ab011cbf21c085ef5f0a7c1bed76572b0f860228067a899f895ae7f6256eb6514087f9d6f5c35596c1f480c73113546cb9cc30f56ab074a9ff28acab7e42650a961da325ac5b6594b81c93250ae7d39267a19c97625407edda0404cbe5a36e959fc820b27ef5cad796c11eaff1c0e2f9d4b3c6491502195de03659b364e4e87b2b2d733ec25e6f9b63d5f69179e0d27bd4aecc8f12a507a91baa48d99b3a426cecebaef37d7361106a8490644309f6eb4d2596443b6b0118b945acecc6443ea61fcd155b54325bc2c31be0250f9482e13fd8eb44e2aed76be812af5453cb7f8632458fc8a02a2f45480d79b06c7dda38b4695d08b5a430504f1ae2275b05c91e799d4470f38abe77736dfa895c197ea4b63c2df18efeb14184837b8ddf48909520d91045b9d9655c225a83173960b4d7cd0d8bae30237557f869708be138ad5246c866c6c059dc597abfd4943237376896736b97b7e0289ef9bbd29477745cb60f46202f1de984f509b1808833f58018cde8c26bef4c005bdca385b05735110ca02e562b50eddff6fde9fbb8d030cedf7031bbeb32b12b242be49fde0160c1fbde99b03c062a1a47062345c92e0b604d080facce9243481529c70597dfd64382cb540691b59b71b094332baf0bbb125b63a446bb97491c0464328cabd7627c46f392f3b124822f2013c6e16d3ca87cc5becf56b0fc6eb2bf9923b3012ba2b61250a633a4d2ee391256c520957382aff970c5d22385c3344c6d4b4561571c96329bf75615297516b9f2ceb9f997a39523aa0f58b488772d82fc0d78c5dd52ecfa6bfac63a76e148088b36f24a88e68385496ddadf3023f72d87c2efa26e877d32f1da97cdb42c8f15718988e428cd02f4d09543bd0bd5b2f409963d0fa373531f78b592bd137eeaea0b4e7f918208e1d59008a8af5058f5d923c4f32df19990f10dd3f0eb206293b2b3443f4a5d2dcc5f7d3bbaf6af43fe45f5dbbe53ecf4bf1b4a13e2d46ef80298d4f01c402e210fcb9ff2084ec03e42008d:052ff79540737456c6a42c41c97d6bf517b8cf289bc78b503dee6a30ef5168b38f75beaca1e14d971f8773e3941bd6df5cb9778dea125a4c4fe0116b70ee840b7d92ddd8133c61c610c1308c23aeaf993884a4e67f7b94bb886dad509869a932ec4a27d410d2c29ca7aeae6f9280cf6c4b067ec751e5e8c39ff444d422ceabae145d42f047453dd402d1797405033409e72cc19f793d5d268fb3fd2c11ea2cb0d70436e18f9e88a01515dc865f6a1eb23690328fd75de26321a38f12197a97201b1d8452944fbc541cb68c77d49515db5326f2b1d0763eda06d250ce2a5e0bbd7d1676d7d41fb3abe88bdbe372f96bf7bb526d6b65a2515e83a577045b5479b38b852fe4ab011cbf21c085ef5f0a7c1bed76572b0f860228067a899f895ae7f6256eb6514087f9d6f5c35596c1f480c73113546cb9cc30f56ab074a9ff28acab7e42650a961da325ac5b6594b81c93250ae7d39267a19c97625407edda0404cbe5a36e959fc820b27ef5cad796c11eaff1c0e2f9d4b3c6491502195de03659b364e4e87b2b2d733ec25e6f9b63d5f69179e0d27bd4aecc8f12a507a91baa48d99b3a426cecebaef37d7361106a8490644309f6eb4d2596443b6b0118b945acecc6443ea61fcd155b54325bc2c31be0250f9482e13fd8eb44e2aed76be812af5453cb7f8632458fc8a02a2f45480d79b06c7dda38b4695d08b5a430504f1ae2275b05c91e799d4470f38abe77736dfa895c197ea4b63c2df18efeb14184837b8ddf48909520d91045b9d9655c225a83173960b4d7cd0d8bae30237557f869708be138ad5246c866c6c059dc597abfd4943237376896736b97b7e0289ef9bbd29477745cb60f46202f1de984f509b1808833f58018cde8c26bef4c005bdca385b05735110ca02e562b50eddff6fde9fbb8d030cedf7031bbeb32b12b242be49fde0160c1fbde99b03c062a1a47062345c92e0b604d080facce9243481529c70597dfd64382cb540691b59b71b094332baf0bbb125b63a446bb97491c0464328cabd7627c46f392f3b124822f2013c6e16d3ca87cc5becf56b0fc6eb2bf9923b3012ba2b61250a633a4d2ee391256c520957382aff970c5d22385c3344c6d4b4561571c96329bf75615297516b9f2ceb9f997a39523aa0f58b488772d82fc0d78c5dd52ecfa6bfac63a76e148088b36f24a88e68385496ddadf3023f72d87c2efa26e877d32f1da97cdb42c8f15718988e428cd02f4d09543bd0bd5b2f409963d0fa373531f78b592bd137eeaea0b4e7f918208e1d59008a8af5058f5d923c4f32df19990f10dd3f0eb206293b2b3443f4a5d2dcc5f7d3bbaf6af43fe45f5dbbe53ecf4bf1b4a13e2d46ef80298d4f01c402e210fcb9ff2084ec03e42008d: +696dc481f619a9498563c83d0d0e55565c14a07845fe4a66aba2247b113ff8efc9d737abc4a9e73c149eadc195a837899f2cd5019373c30ecaf62e5f8e14b645:c9d737abc4a9e73c149eadc195a837899f2cd5019373c30ecaf62e5f8e14b645:2d4b3ad0cc99f983e41f9b48c4a818eff75fcfb93a1229ec2740ed19c107d621df78058de7c2dd7251f5ff454340865f6c86da65831f6672db231726fdfe4b9ee315d93c7244a920df37054c82449d310f892932ddbad94cc9bb39ac8937cc76c96521d3fdc028ba23410b29023e8138fd3f524319884ee5dad0d234c8df661f8824be477e21699f6369b15ff3ffefc151aa555b3c3d76adb45f25672d380d472b3148dabdef4245b68e828562f25cc5b81d9bbb241bca9d1934ea353f95f7dbf3646433e81a354e1e2056b81c15aa1fa8ed7a9d1af99238cd5a5ae9e841c48dc348ae1de7c41aca23328236bc38b47f47c736b257a3078d57d574b647a7fc8c4d01bc50302150d5032bfacb04bb0fd155d94d9206667720e180a645af462459e3326d460da3c48e7572678e1919268d3e4740d62a26f7c8559c1c439b4b0b0c5942a620cfdb93cc68aa15520ff2864269d7a0c155780adc6c188e0b565fb9594319e6f51d15caf6b280e7158f25799407f3ba0dd1ceea64b9326d2cfdef017e1f172f4dde0f7e4613501af01ee0ac30095f48b59590902b1aecfe093413918d835adf962ecf18580d16f9fd4f6fa1098af1d8a2bc24dc86f71d0a61ff150010867d086987b51dd030f50ab6e374b8e01184b3e2b214ab1c7fdfaedbc545e38c3cd2f6982979541fe0ff88bed67506da95727af1a2038f3240ae5bfd30ee09210e00fdcf2a064d5db4614946bda972c670081a6ee6a10b63f673c83c915ca5573e0ed687b0067c400792a9bcc3344e0e43f5df63fed5efa85e9aaf85e4d7a2c53a6c92828e07fe63e2d23f1bdf97d84adc36e9fc95faadf03e06d65a19c5e285effd0ea0cfa839d55a0a0dbf6da28785c77f5c04bfd59974ef3793cdc398df7a1bbc9cfcfc3a51ffa9a20d60c47b245dafa3e44623cd711d7762c50a67d650c7e8c4fd3bebc0c498d2152ab9827c700c7b2861565749b5864fec95b7f6b1994e78d8f85d069cc11f85bed9712f7a9f060b0bf67532e88eb9df3eb4a8d2fbbaa85eda926d81c49fb86e73731b7ed2a1905078513f7ca0fdcc3b1d576e6a60124c44618df1890e169794956cb1ec501ba2049970c8e74cc180064c184468be4f089a3ae2263c855863b62c28313ddf9ca85bf66b08a264155ad7c328238dfe614a07ede9155a09ccaff92292249341baedcbe0e6466e2c76045e46dad2fc899a1782e00998e79a83abfae9b706f707f58e730203e1d2cca028c922beb6d157fa7a98132a921a3da21f2f769bb6c1f5f19e9e85a13b781af141039d514ee107:ded5d991935cd1f9390f1e85929ca16dabfc83e65e43272eb1751671aa31930c728555341430ce7c80485de58006427129a4d34fd681d52d840a16bafa1530022d4b3ad0cc99f983e41f9b48c4a818eff75fcfb93a1229ec2740ed19c107d621df78058de7c2dd7251f5ff454340865f6c86da65831f6672db231726fdfe4b9ee315d93c7244a920df37054c82449d310f892932ddbad94cc9bb39ac8937cc76c96521d3fdc028ba23410b29023e8138fd3f524319884ee5dad0d234c8df661f8824be477e21699f6369b15ff3ffefc151aa555b3c3d76adb45f25672d380d472b3148dabdef4245b68e828562f25cc5b81d9bbb241bca9d1934ea353f95f7dbf3646433e81a354e1e2056b81c15aa1fa8ed7a9d1af99238cd5a5ae9e841c48dc348ae1de7c41aca23328236bc38b47f47c736b257a3078d57d574b647a7fc8c4d01bc50302150d5032bfacb04bb0fd155d94d9206667720e180a645af462459e3326d460da3c48e7572678e1919268d3e4740d62a26f7c8559c1c439b4b0b0c5942a620cfdb93cc68aa15520ff2864269d7a0c155780adc6c188e0b565fb9594319e6f51d15caf6b280e7158f25799407f3ba0dd1ceea64b9326d2cfdef017e1f172f4dde0f7e4613501af01ee0ac30095f48b59590902b1aecfe093413918d835adf962ecf18580d16f9fd4f6fa1098af1d8a2bc24dc86f71d0a61ff150010867d086987b51dd030f50ab6e374b8e01184b3e2b214ab1c7fdfaedbc545e38c3cd2f6982979541fe0ff88bed67506da95727af1a2038f3240ae5bfd30ee09210e00fdcf2a064d5db4614946bda972c670081a6ee6a10b63f673c83c915ca5573e0ed687b0067c400792a9bcc3344e0e43f5df63fed5efa85e9aaf85e4d7a2c53a6c92828e07fe63e2d23f1bdf97d84adc36e9fc95faadf03e06d65a19c5e285effd0ea0cfa839d55a0a0dbf6da28785c77f5c04bfd59974ef3793cdc398df7a1bbc9cfcfc3a51ffa9a20d60c47b245dafa3e44623cd711d7762c50a67d650c7e8c4fd3bebc0c498d2152ab9827c700c7b2861565749b5864fec95b7f6b1994e78d8f85d069cc11f85bed9712f7a9f060b0bf67532e88eb9df3eb4a8d2fbbaa85eda926d81c49fb86e73731b7ed2a1905078513f7ca0fdcc3b1d576e6a60124c44618df1890e169794956cb1ec501ba2049970c8e74cc180064c184468be4f089a3ae2263c855863b62c28313ddf9ca85bf66b08a264155ad7c328238dfe614a07ede9155a09ccaff92292249341baedcbe0e6466e2c76045e46dad2fc899a1782e00998e79a83abfae9b706f707f58e730203e1d2cca028c922beb6d157fa7a98132a921a3da21f2f769bb6c1f5f19e9e85a13b781af141039d514ee107: +f3f8d62fee3af375669630cbf063bfa930189af136cd7591e24d578d7366bf614714c604aa95e1828a28367ba78760b5896431683ee996cff96871773291953c:4714c604aa95e1828a28367ba78760b5896431683ee996cff96871773291953c:e1dd1ffd737ac6dc24b3b9ce3b79e835bf698e931303d809cea1782dc3af63a0d5e67392823d1439e7b6e337b01c8b215434c2782b3be7443cb5c881e5fb6cf3bb244128b4da6a6f42b2bb2cd75129d56418854348c339dcd912b45557a915e9fd7f37916236510cb6c331c140b87d225311600b8d132ac47473839c720f9ff0f9c1dcaa85815a9d27b9758cd91dc5d3e53326fcdfb2730e52be3103957ac89149a4c3004cb6038c0d80fa72ac630d333be5ad4adb585aeb71aef1cdfd57b915fac4f1af78e7a597f8d1ba06672b19c0b65808a8a071ff8409034379589f3d41302d2d39b3318e8c0090fa36cb958857ff5b211c9666e27bc895ab9d006abaf5950a03ff17ea982178a446dda2466f5a40b8f895509e4f4d4a6a2739997fbd4968f89436cee3d8edb8a6da9bd3d55b066490e8339c78935b77883f95b932fa5e6bb7df303be30fa567249fffb473a1e464322d7c103fe8224c7ec57bd39bcd030b96787aebcd20e9ad651cfa2bf04ba70a1cf648e0a5449567202a937a45becbb6fcded30cf9b5c748f882b5dc2a4d65be69fd7d9c381e83d0dc2a34b6dee91220ba906e512fcd63368e2ce733e466b4b82b84fb0c717dc8945caf6d46ac1c2f6418f7729ef4c35e402422d64b1c3ebd1b32a30fc4c5eece7d4408ff679ff01a1c7b03ca517be52e6ae7650f7bad38901e348a5593bc998f7cf2ea97729cb004f561b3b58fe59809a41fd4b3b76660906ad9eda23bf925437ef452b16f540b3b80a35a7093c2734eefe6fa97d881d79ef5b767d9889f118477b73f58a4c0cb15e0ac8101120571ca32ce871f308ad9057a80c828154fb1bc2b201d0cd1006e022d444dc93f1bcf224db74a5b373e153e851854948b6da147b73287cf17d1fb72b4827611103609cab2a1779e9793b9a70820fc6f3828a64c9eac35ef7aa7b17609d8eff8a9e52e4ebcd86b1e14fd140bea47c6b8ddc41e8cd271eb92287cbd0610512242f76a1ef3eac1e4bbbc1adae50034a7a2647e08b2fd20aa93a93cb2ffdebf2e461eccefbbd1fe894ce70adf790173bae96f5a55a1887e9ae09fced1d4306c291c6b19ecac4707e9ef713ea18a7562c6678326228992077a4669734966108000b4144f45a0c3a2863a4c6a3c07632cb93eb197d294884d9ca3dd4b21f39db707f63a7f9a570f7f0feb99b2ca7da7df92a177abcfe86ec661d30bcdcf1522bdb1fe11673258df7e46ef4d326665093156553f28b3563fe7192f72f5f9b3903d79fea04e2c488b465b4978d69f26e05a59d5ed4ef4cab232acfd564fc6:8d6f7ceeb9308b4a303879fc6cfa5ca8e05dfc3defc2b2cd2910dd4b17c94eaee845abe65fd715df05b0128e4316e2334799c6e8fa747ebc8a040c74f5a1480ce1dd1ffd737ac6dc24b3b9ce3b79e835bf698e931303d809cea1782dc3af63a0d5e67392823d1439e7b6e337b01c8b215434c2782b3be7443cb5c881e5fb6cf3bb244128b4da6a6f42b2bb2cd75129d56418854348c339dcd912b45557a915e9fd7f37916236510cb6c331c140b87d225311600b8d132ac47473839c720f9ff0f9c1dcaa85815a9d27b9758cd91dc5d3e53326fcdfb2730e52be3103957ac89149a4c3004cb6038c0d80fa72ac630d333be5ad4adb585aeb71aef1cdfd57b915fac4f1af78e7a597f8d1ba06672b19c0b65808a8a071ff8409034379589f3d41302d2d39b3318e8c0090fa36cb958857ff5b211c9666e27bc895ab9d006abaf5950a03ff17ea982178a446dda2466f5a40b8f895509e4f4d4a6a2739997fbd4968f89436cee3d8edb8a6da9bd3d55b066490e8339c78935b77883f95b932fa5e6bb7df303be30fa567249fffb473a1e464322d7c103fe8224c7ec57bd39bcd030b96787aebcd20e9ad651cfa2bf04ba70a1cf648e0a5449567202a937a45becbb6fcded30cf9b5c748f882b5dc2a4d65be69fd7d9c381e83d0dc2a34b6dee91220ba906e512fcd63368e2ce733e466b4b82b84fb0c717dc8945caf6d46ac1c2f6418f7729ef4c35e402422d64b1c3ebd1b32a30fc4c5eece7d4408ff679ff01a1c7b03ca517be52e6ae7650f7bad38901e348a5593bc998f7cf2ea97729cb004f561b3b58fe59809a41fd4b3b76660906ad9eda23bf925437ef452b16f540b3b80a35a7093c2734eefe6fa97d881d79ef5b767d9889f118477b73f58a4c0cb15e0ac8101120571ca32ce871f308ad9057a80c828154fb1bc2b201d0cd1006e022d444dc93f1bcf224db74a5b373e153e851854948b6da147b73287cf17d1fb72b4827611103609cab2a1779e9793b9a70820fc6f3828a64c9eac35ef7aa7b17609d8eff8a9e52e4ebcd86b1e14fd140bea47c6b8ddc41e8cd271eb92287cbd0610512242f76a1ef3eac1e4bbbc1adae50034a7a2647e08b2fd20aa93a93cb2ffdebf2e461eccefbbd1fe894ce70adf790173bae96f5a55a1887e9ae09fced1d4306c291c6b19ecac4707e9ef713ea18a7562c6678326228992077a4669734966108000b4144f45a0c3a2863a4c6a3c07632cb93eb197d294884d9ca3dd4b21f39db707f63a7f9a570f7f0feb99b2ca7da7df92a177abcfe86ec661d30bcdcf1522bdb1fe11673258df7e46ef4d326665093156553f28b3563fe7192f72f5f9b3903d79fea04e2c488b465b4978d69f26e05a59d5ed4ef4cab232acfd564fc6: +865a432ecce7e78c42709fc1e531df5e3959132b2b6f318fd1c34521f9a26e3bc7a8caf8930b622a501337f92840ed96611a322080fde5e49f0a2f6e33b88283:c7a8caf8930b622a501337f92840ed96611a322080fde5e49f0a2f6e33b88283:b231b6d2ecde49f513b0df25aafc3e5da45b6a9958d60f5464ca593c03005ecf361ef1696bb6e55d6538e34b38f324c21cea5cc81a0073278bb92727eff81af561802dcef33bec10ad6594e22d9c4418af3988a43ed087b9954bf8d6283e4beae8c096de6606751cbed685846c6630b9528ff364a7c48464113472c9860b3371963c911495a9c628a3e3e47ab0991f10dd1dd33161525262d63bab648819d57d1269e114825c5434e6b2845f42795d4fb083ad79401f2a0761c634a545aec7cdb13b5be449f1d829326378ed1f493fe8c8e9b068cc1dbcf165550b8132c319dac487b87bb22a54cdf60aac71516182a4e69ba083f6e86d1a4f05083a77619ef239f702396d7e46968cc04a3b34df3265ecf16157abe15c642cd7427096d8d40db002d196cab1be304bcf322d9d1a2451b6c11eeaf3e8e3d929f480b6b77804fe84496ca757e04337914ce94475d7990c7457c8e606f8bc207d2d48119c80a6b4a9e07b229226570dcd994989fecc694c6c2fb5975c9a6a9b74e8159c27dd3677dfd5cb651f1e32adfafd810b6e5d5efbace31ae6d9b12191e89398da063f138b7584c58e77e7f9fdd7fb9ef5d68ae49c6ccad28d18bc6009d4187ed1420224a5658aadf135b5a953f2dc3c8bfcaf669ed5da38d0144fd9665e6f0677d3fc8804e21cc25fd5e01a3f3fa83e571eb2f882a7659ce5d864d8bb54072b0986a854f1a7f2d2720df857e6d4219630841b1ccdcfc6726b91bfc17e18c3e3480c23a2c05e4bfeddd4db9ef42388f234fd3e4f3dad666026e2780612374161316afc7665f9411b6c5aa78933b18021c012b084f3244760a4ea1bcf31cc9f5c4044a9bcc75a986707f38f45ac1c7fa139ee95a6d8f16c3c1e12764c4b0b1194c0fc5f7eeff9a848c4050b0e651684719d438aad56019164fae4f48882205ece0b99736791084a753ba7d56e88fceea533566c3a2ca48dd6efc49b27dbf14f2616ced652e13833ab9028ada454431c89b3cb7441fdb8f23e12b60a1a104a2a8cf4a64e878aa26f54e8881a4b151a16a96de8b9807e729396ebe3e3d394f808bd74b7312fe6b84b1312af8a1e4133599d07bdf33db21e016b5c196c1ba3115708f581bb82f4b57a6ca1a529e64d193042c1dc5faa0a03abf53849e1bdefbab64b1cb60fe10a3fc1823a234c45f3b0dce66a46739c01aead12de6f0313c7be71405f3fdc4a507a9d84e8686f6fc92635db0f7856c7373a618a7252c129a7760e2029543d726228c21d00ad4ac52e5b1a6e31200917f15af515859e08f2a79ace67991ed69044:32bb7520e2639c6cca19a2b9836b08f8b083ca33369ddf5f9a877d4c7a9eb05f9c3dc34ed4cfa4b283e51922b094066ce9ffa4d9df621910ca37b0b37fbabb0eb231b6d2ecde49f513b0df25aafc3e5da45b6a9958d60f5464ca593c03005ecf361ef1696bb6e55d6538e34b38f324c21cea5cc81a0073278bb92727eff81af561802dcef33bec10ad6594e22d9c4418af3988a43ed087b9954bf8d6283e4beae8c096de6606751cbed685846c6630b9528ff364a7c48464113472c9860b3371963c911495a9c628a3e3e47ab0991f10dd1dd33161525262d63bab648819d57d1269e114825c5434e6b2845f42795d4fb083ad79401f2a0761c634a545aec7cdb13b5be449f1d829326378ed1f493fe8c8e9b068cc1dbcf165550b8132c319dac487b87bb22a54cdf60aac71516182a4e69ba083f6e86d1a4f05083a77619ef239f702396d7e46968cc04a3b34df3265ecf16157abe15c642cd7427096d8d40db002d196cab1be304bcf322d9d1a2451b6c11eeaf3e8e3d929f480b6b77804fe84496ca757e04337914ce94475d7990c7457c8e606f8bc207d2d48119c80a6b4a9e07b229226570dcd994989fecc694c6c2fb5975c9a6a9b74e8159c27dd3677dfd5cb651f1e32adfafd810b6e5d5efbace31ae6d9b12191e89398da063f138b7584c58e77e7f9fdd7fb9ef5d68ae49c6ccad28d18bc6009d4187ed1420224a5658aadf135b5a953f2dc3c8bfcaf669ed5da38d0144fd9665e6f0677d3fc8804e21cc25fd5e01a3f3fa83e571eb2f882a7659ce5d864d8bb54072b0986a854f1a7f2d2720df857e6d4219630841b1ccdcfc6726b91bfc17e18c3e3480c23a2c05e4bfeddd4db9ef42388f234fd3e4f3dad666026e2780612374161316afc7665f9411b6c5aa78933b18021c012b084f3244760a4ea1bcf31cc9f5c4044a9bcc75a986707f38f45ac1c7fa139ee95a6d8f16c3c1e12764c4b0b1194c0fc5f7eeff9a848c4050b0e651684719d438aad56019164fae4f48882205ece0b99736791084a753ba7d56e88fceea533566c3a2ca48dd6efc49b27dbf14f2616ced652e13833ab9028ada454431c89b3cb7441fdb8f23e12b60a1a104a2a8cf4a64e878aa26f54e8881a4b151a16a96de8b9807e729396ebe3e3d394f808bd74b7312fe6b84b1312af8a1e4133599d07bdf33db21e016b5c196c1ba3115708f581bb82f4b57a6ca1a529e64d193042c1dc5faa0a03abf53849e1bdefbab64b1cb60fe10a3fc1823a234c45f3b0dce66a46739c01aead12de6f0313c7be71405f3fdc4a507a9d84e8686f6fc92635db0f7856c7373a618a7252c129a7760e2029543d726228c21d00ad4ac52e5b1a6e31200917f15af515859e08f2a79ace67991ed69044: +2be1f98ce6553c915b6a0933ec0de347b370e29ca294e8005541239f63b430d07a6f4469c30a63f560f98734fc1906ebd1371ed80125fa3e4c86b43f262cabbc:7a6f4469c30a63f560f98734fc1906ebd1371ed80125fa3e4c86b43f262cabbc:6268201f932a7cd3f879ae6ab83855a2f50291de784d7d9e9adaa1b9afed6f5aea20240e59fe93e5a7088c95ec8e15745fb8fdeb91df0151c7b4605067561ea08dbf00c4ffe1fd0acf103656a7b54fad0f25ab16b4bda347179ed1cadb7b98be0895e050dcbc379d1fd553e99795928b67a752f8d2ec1b9d66bf6ac997e744dc327f242230f92e79ae312745a5ab6ddec1998fb63dc4f6b05f147222d4b65ace9017dc1bcd675e495f9eabb5f602133f6c72e053e9f4ae30d872d78bf71feba37acc595055c3bea53a05ef0c7f212dcf4e0af838ea2928f4cdc9fdc837da25f26966b2456abea66a5dfb8faa8fa091f7331d5436e98a8d6323cc9e9a91d5a02a49511714849b47454baf99c5f850a08d3d98410e939a9e89b15053825f3e9aee71447416140782e1bf3b0d8b4ff62e77a4a03f710a8ab76cf63592c05c440c8f064770099163c12270f3d5ec9a6bc9715bfffec769611d21fa003c3cc8356c975d37b62b88aabb8597daca196c9648a31d15bb0b86cf070ee01e511ef373b4a44c6a00160a797f2e820b716f5ca64464e4189a00fee978d35bf204f71db1f501f9b6e5dfc821a8af5dbfefd353ad3681f9bc3c22c67cb211b430b6a55f3e73da7c3a07ceb7d2fe254b10c2703ab2e2294dd0d3152dc7b21aab87b150f737a947463fb204175de8543236fbb0da5c7d48c57f61744de6f984aa8e61b970c62d0eeb849da7e89a61222d432079cbcf5f8a2ba930301683c0785c26fdf85da3020874604599ac6c847ec2608658b5788c7b8d3a3744fd5442e24c8eeccd420756bdd8b8a77cfd80589605dced9afda2bdb630a0cb612f739ce617d54ede6ccf36aa31e7e373d8a0fb1b7c9906f76b5f9de8c26891de006eb797ead4a86f7016f34bcde92f94ac3e920ba58d6dff772078d802a94f56cb26bf794fd90ca0ad4f2e7acdc5929bc7364997ded98ca69c573991bb9ab85f235b63e76f77e0ab45e78912389869af21e74e66f7c456b827e670beb0f0726688bb1f9036d38da07d69ea3666f76bd605d82e2dd6387ece6e824a569700f01b195d1a9bdcb0f96ab5c54e06c2119b406bc4888480660418bb4288ea2fda96631b0e1f60ac861d6ccc4c844b647a7d7403bc2d15bafe4af677e856fe0d2b5f663be4e480b38f6b766adcd3d05298ef1398d04d1523a68b91dd31cf5dc4b73decbfd7213f981b207e1f6ef225d7948a1aa17d8d57a112f1d4468d2d28f7ec2e54b74a692c5958022e82031a41b315090ed4d5bd7bd0b451476338f739a7d7031af2d36caa09ffdbb7c396507c75:8e659a3f535a589a5fd2d217cbcb8b777e5af20b234432f7dac29f810a2b4737c5cab10b59dfd0144f3090f5f9e0e667f0e21a9f573fe13b1c28eccbb531a2056268201f932a7cd3f879ae6ab83855a2f50291de784d7d9e9adaa1b9afed6f5aea20240e59fe93e5a7088c95ec8e15745fb8fdeb91df0151c7b4605067561ea08dbf00c4ffe1fd0acf103656a7b54fad0f25ab16b4bda347179ed1cadb7b98be0895e050dcbc379d1fd553e99795928b67a752f8d2ec1b9d66bf6ac997e744dc327f242230f92e79ae312745a5ab6ddec1998fb63dc4f6b05f147222d4b65ace9017dc1bcd675e495f9eabb5f602133f6c72e053e9f4ae30d872d78bf71feba37acc595055c3bea53a05ef0c7f212dcf4e0af838ea2928f4cdc9fdc837da25f26966b2456abea66a5dfb8faa8fa091f7331d5436e98a8d6323cc9e9a91d5a02a49511714849b47454baf99c5f850a08d3d98410e939a9e89b15053825f3e9aee71447416140782e1bf3b0d8b4ff62e77a4a03f710a8ab76cf63592c05c440c8f064770099163c12270f3d5ec9a6bc9715bfffec769611d21fa003c3cc8356c975d37b62b88aabb8597daca196c9648a31d15bb0b86cf070ee01e511ef373b4a44c6a00160a797f2e820b716f5ca64464e4189a00fee978d35bf204f71db1f501f9b6e5dfc821a8af5dbfefd353ad3681f9bc3c22c67cb211b430b6a55f3e73da7c3a07ceb7d2fe254b10c2703ab2e2294dd0d3152dc7b21aab87b150f737a947463fb204175de8543236fbb0da5c7d48c57f61744de6f984aa8e61b970c62d0eeb849da7e89a61222d432079cbcf5f8a2ba930301683c0785c26fdf85da3020874604599ac6c847ec2608658b5788c7b8d3a3744fd5442e24c8eeccd420756bdd8b8a77cfd80589605dced9afda2bdb630a0cb612f739ce617d54ede6ccf36aa31e7e373d8a0fb1b7c9906f76b5f9de8c26891de006eb797ead4a86f7016f34bcde92f94ac3e920ba58d6dff772078d802a94f56cb26bf794fd90ca0ad4f2e7acdc5929bc7364997ded98ca69c573991bb9ab85f235b63e76f77e0ab45e78912389869af21e74e66f7c456b827e670beb0f0726688bb1f9036d38da07d69ea3666f76bd605d82e2dd6387ece6e824a569700f01b195d1a9bdcb0f96ab5c54e06c2119b406bc4888480660418bb4288ea2fda96631b0e1f60ac861d6ccc4c844b647a7d7403bc2d15bafe4af677e856fe0d2b5f663be4e480b38f6b766adcd3d05298ef1398d04d1523a68b91dd31cf5dc4b73decbfd7213f981b207e1f6ef225d7948a1aa17d8d57a112f1d4468d2d28f7ec2e54b74a692c5958022e82031a41b315090ed4d5bd7bd0b451476338f739a7d7031af2d36caa09ffdbb7c396507c75: +10bbe6e761a75c935b517f0936fecb9ec6fc215e58130800ea18d1ff442a4f138643ddf8aa8d9c8a78b6eb699fd20a57f6f18636b06ce69dacdca1267acb3954:8643ddf8aa8d9c8a78b6eb699fd20a57f6f18636b06ce69dacdca1267acb3954:e8108c6de4133733dc199a73392e226f712c36a24fa91d6fb09f92df218deb2d2830a668fd694b4809d0253507231247c7f258b4d65c56bb69345ef6aa97e7c59e8153775a5a3cf109c4bca9815569da6932e82183425b42d7483c9dbfcbd8eb38c84729571e8ec93982c317716759598c4f6a1b7f8da7306a7815721caf02e70246712314f766be9cb177cd2fa3bda22cd676c5d2e86e8d798fd34f543c9be3129651f273f484f0b9467b140955cd2981ff2603c0bdbb436ac0955a116c5e5fc30425e1fe78f6410f6ef757f604668854bae79bfe22e1a85ce5ee5d6434b4610120ea7e5d3d137ce207514f8534ad9bf392b7dc5355514b59f835466c8eb56f44eddc5bad20cf0b480b2e822a6f46fd95f30f183c7bb3143e4e6100e2dbc9f2bf0d43073e0fe65f01bcce6a1ae401c12541be3ae68cdeac2a4ac71f1663b5fdfc2e50f0e077fb3a0a8b8eeead627c1c3e79dd7361046f7e57c17436c32dc4432f050028cc7aa4408c2d29d1d7998fdcdda32bb32f704dc263db9b8e06c57630870f8bb6ec661fde1b7da94d53b047701a4588478c1c662346741aeac4c25338556a3d848de5b2a23ecea61b776bd0e8037efb8501eff239c7facca6c8367ed7c8adce919fef1a155ae0d5478a98002c95a16fbf4c0ed016ea5d3866fe1de454832a4e9565976b60b3dd2eaf7fee612f2bc040d93975435eebd12f06eb09ecea2c66768308f58c77ac51ed7bd21636fc9cc3fd14870bd06bdf128a81b14792e608c47ea2d535ca7aa21eb8a8a56d76991663a8190a95057d33671e73c7cbce5a98d31ef0d73bd0b163787b7fdcd2ddfc72960f2be320846d4b29080d7aeb5b7ea645a2ad5a59c012bf7b9515d859e1c1472ef8a4d3c95e711af97ae4618efbab3dffe88c9f6af4a09b0e73387e251b77d7bff5214f791862db6988411e2ae2c75bf28d28602a637c26f49c18d309d2fc58a126667ad3c2ec160c99ba40fbdac17e7e4c21a5d507859762eba09c4160df66f5feefe6715a28c5296cf43e5e771f31fce5133be97cab57301b4c9df9cd9a4acf1c33fac946fa1596fa65c8f3658be47a473a62c52181eca183e4246cd624d8783dcce5fdcc1fea173f8071f7074f55897de9bfe84a6c4fdf802d5026b8145e6c8c8950afc5b40fd0356fc55ee17e1f853a4c2fcc34a1369b87d28dc2fd2010f19903aff8e46de04938f4948245d5b425d074acdf2bd80bfc3735cc34a22590f194af9313eef4ab5fde61f1f9b58578638fcb4f2850b2fce6e03db4d0a834848163c4b27e129f5cc74f67f008a2712d1d:f0f357410373313b7c6252d6d96600360c23752d431ca8075bcfb772d49cd609b65c9cd838d634d8d9b95d1ee30edecc13e3ca997b2437303f8a33a1ffc83306e8108c6de4133733dc199a73392e226f712c36a24fa91d6fb09f92df218deb2d2830a668fd694b4809d0253507231247c7f258b4d65c56bb69345ef6aa97e7c59e8153775a5a3cf109c4bca9815569da6932e82183425b42d7483c9dbfcbd8eb38c84729571e8ec93982c317716759598c4f6a1b7f8da7306a7815721caf02e70246712314f766be9cb177cd2fa3bda22cd676c5d2e86e8d798fd34f543c9be3129651f273f484f0b9467b140955cd2981ff2603c0bdbb436ac0955a116c5e5fc30425e1fe78f6410f6ef757f604668854bae79bfe22e1a85ce5ee5d6434b4610120ea7e5d3d137ce207514f8534ad9bf392b7dc5355514b59f835466c8eb56f44eddc5bad20cf0b480b2e822a6f46fd95f30f183c7bb3143e4e6100e2dbc9f2bf0d43073e0fe65f01bcce6a1ae401c12541be3ae68cdeac2a4ac71f1663b5fdfc2e50f0e077fb3a0a8b8eeead627c1c3e79dd7361046f7e57c17436c32dc4432f050028cc7aa4408c2d29d1d7998fdcdda32bb32f704dc263db9b8e06c57630870f8bb6ec661fde1b7da94d53b047701a4588478c1c662346741aeac4c25338556a3d848de5b2a23ecea61b776bd0e8037efb8501eff239c7facca6c8367ed7c8adce919fef1a155ae0d5478a98002c95a16fbf4c0ed016ea5d3866fe1de454832a4e9565976b60b3dd2eaf7fee612f2bc040d93975435eebd12f06eb09ecea2c66768308f58c77ac51ed7bd21636fc9cc3fd14870bd06bdf128a81b14792e608c47ea2d535ca7aa21eb8a8a56d76991663a8190a95057d33671e73c7cbce5a98d31ef0d73bd0b163787b7fdcd2ddfc72960f2be320846d4b29080d7aeb5b7ea645a2ad5a59c012bf7b9515d859e1c1472ef8a4d3c95e711af97ae4618efbab3dffe88c9f6af4a09b0e73387e251b77d7bff5214f791862db6988411e2ae2c75bf28d28602a637c26f49c18d309d2fc58a126667ad3c2ec160c99ba40fbdac17e7e4c21a5d507859762eba09c4160df66f5feefe6715a28c5296cf43e5e771f31fce5133be97cab57301b4c9df9cd9a4acf1c33fac946fa1596fa65c8f3658be47a473a62c52181eca183e4246cd624d8783dcce5fdcc1fea173f8071f7074f55897de9bfe84a6c4fdf802d5026b8145e6c8c8950afc5b40fd0356fc55ee17e1f853a4c2fcc34a1369b87d28dc2fd2010f19903aff8e46de04938f4948245d5b425d074acdf2bd80bfc3735cc34a22590f194af9313eef4ab5fde61f1f9b58578638fcb4f2850b2fce6e03db4d0a834848163c4b27e129f5cc74f67f008a2712d1d: +186dcc7efc5ed7e61ae53dc42093bae8f15dd99f0f033326c576ff756950d06dc8d141acb642aa9bfbd543277c2dca8aa9888eeff04543b3789b21f26aeb0f71:c8d141acb642aa9bfbd543277c2dca8aa9888eeff04543b3789b21f26aeb0f71:974364d6c838842ccc4e749e6afd537170dcd8cc50d66654d105482339cabdf74e32935ee219272ea1684fb93c1fab42b5631839243591bd07d3be949b0dd15e3196df196ba752ad1121ac7112d566944e153a4e0619b3a232241f020be0719f6bec918b26828eb1670ecfc73c66844ea3e404c6a2fc01beb403c9d6ca551ad8a6e71f46647fa6053f0314f8124d8d2bc12cc8fa8db95f2b735375201b816a9cf40f83ee4b8671618032de229ce76271d03d2672a1ae4a288c85dcd27fb8452a8132e9ff29e1e89bf11b1c835192c04b13be14f3cde5d37ce96f1dc2a9ccda0c4d737bca1fa220d21bf360b90515bbd226bb2a6c8d5f2ab018d4084e24ee333ce4e39bcb6b46e7aeb4db9b6c65b244d982823a770f9c62a0bde2cbb7ec36840d455187faff4e488a5c608ebdb7db84d87dad3867e3b0d04b64715e16560a62f1ee03df6183fd5e37555da1972fca062d12bb8420e082dacb8debb9c1438541d0da2464ef7ec52263fb9b9a4c469c83323e4819dfdf4fa0a770c3a709254e05314830e87fbb6736c72d9dabe01a310e91ebbfae767a1fcb62f64fa3ba8d53400d6469ad1ccb811fb9e115f14127b13e8364aa2fe80bbc886a10df1b9cc4ae4601f5461af091f526d272da9b203857a4447eabdef439830496a5759c21de65ba3a3c8b8e939c461332a924852c205c7711f3a68a2367a945def4fbe5f81c60cbb7e394a2a49be9ec2aaeb1f330575979446ad9d0d54abd436f2860f0423426f4bbc26b3b9f650d69b10072d747a39e478f455eaa12c7c6e12bfc4536a3594344bd02b620e3e2b4e0d534089dd7b04fa634804567586c62be0391c7bdb0a9fbc1ef3b33211edbf8ef58c2b7a49d06667959d7e5d44671ee7357a10ba0cb1a445ae5d709ce255e92de715975af94b89d4a29c71f9d88c85b6cd11d8b335bf8f2c658e6dd7c3f6c80ad4d0e5a6c87dba7b5b8a8a47e72f4d1d3c743631df9adfcfa45cee0498d5a44a9f75c83b75b2a3c230ff0767d3888f941ee1b6624dd0e12d06ed1ab8bb135ffd379e9de3788be541aadb2d6a7cc601316f21eb9aaa922f56a8e3526c9bd1177fefc2fbe3e430b628eebd6661e3ba2d631c6a8422c241ecd969972412f74da6b1243bf0fbee8a84d52e40aee3f1e4fc831402c62f3576b22e8e3c3dc4e160bc3b6b9d2ce005853812eafc0a4e25ba712279b00ba3f9130ff36e3ef1971dde7508b2792fe64d475688fc6f3313aadb785302e6b7f9a84f2dbc2f3cf060ee08b463736f836dbb262d329684c208492d17d811221be02b65ee28e11b54692:8945069787c1c676a84a703cae1e0bacaeffd33e91bec3603e1f13fb170e31e6d7049eda2bf627180f456c3f7aabfcd36c49a8c04f8ae6929ec5ada07b657208974364d6c838842ccc4e749e6afd537170dcd8cc50d66654d105482339cabdf74e32935ee219272ea1684fb93c1fab42b5631839243591bd07d3be949b0dd15e3196df196ba752ad1121ac7112d566944e153a4e0619b3a232241f020be0719f6bec918b26828eb1670ecfc73c66844ea3e404c6a2fc01beb403c9d6ca551ad8a6e71f46647fa6053f0314f8124d8d2bc12cc8fa8db95f2b735375201b816a9cf40f83ee4b8671618032de229ce76271d03d2672a1ae4a288c85dcd27fb8452a8132e9ff29e1e89bf11b1c835192c04b13be14f3cde5d37ce96f1dc2a9ccda0c4d737bca1fa220d21bf360b90515bbd226bb2a6c8d5f2ab018d4084e24ee333ce4e39bcb6b46e7aeb4db9b6c65b244d982823a770f9c62a0bde2cbb7ec36840d455187faff4e488a5c608ebdb7db84d87dad3867e3b0d04b64715e16560a62f1ee03df6183fd5e37555da1972fca062d12bb8420e082dacb8debb9c1438541d0da2464ef7ec52263fb9b9a4c469c83323e4819dfdf4fa0a770c3a709254e05314830e87fbb6736c72d9dabe01a310e91ebbfae767a1fcb62f64fa3ba8d53400d6469ad1ccb811fb9e115f14127b13e8364aa2fe80bbc886a10df1b9cc4ae4601f5461af091f526d272da9b203857a4447eabdef439830496a5759c21de65ba3a3c8b8e939c461332a924852c205c7711f3a68a2367a945def4fbe5f81c60cbb7e394a2a49be9ec2aaeb1f330575979446ad9d0d54abd436f2860f0423426f4bbc26b3b9f650d69b10072d747a39e478f455eaa12c7c6e12bfc4536a3594344bd02b620e3e2b4e0d534089dd7b04fa634804567586c62be0391c7bdb0a9fbc1ef3b33211edbf8ef58c2b7a49d06667959d7e5d44671ee7357a10ba0cb1a445ae5d709ce255e92de715975af94b89d4a29c71f9d88c85b6cd11d8b335bf8f2c658e6dd7c3f6c80ad4d0e5a6c87dba7b5b8a8a47e72f4d1d3c743631df9adfcfa45cee0498d5a44a9f75c83b75b2a3c230ff0767d3888f941ee1b6624dd0e12d06ed1ab8bb135ffd379e9de3788be541aadb2d6a7cc601316f21eb9aaa922f56a8e3526c9bd1177fefc2fbe3e430b628eebd6661e3ba2d631c6a8422c241ecd969972412f74da6b1243bf0fbee8a84d52e40aee3f1e4fc831402c62f3576b22e8e3c3dc4e160bc3b6b9d2ce005853812eafc0a4e25ba712279b00ba3f9130ff36e3ef1971dde7508b2792fe64d475688fc6f3313aadb785302e6b7f9a84f2dbc2f3cf060ee08b463736f836dbb262d329684c208492d17d811221be02b65ee28e11b54692: +0705b336c89ca35ffdde0af0f906eacf623c56c3f76738168e76fcd5882df79eeaaaf2a15f44b634cef15a638b80207f61099a0796f5d43f3e9d048e6ae796c1:eaaaf2a15f44b634cef15a638b80207f61099a0796f5d43f3e9d048e6ae796c1:616fe15fccb3310f9ec7456447dadaf8e0a5fb269be169b0c3ea2cfdaaa55d37937fe75b78324ac278a65047e0ae4f327e97effcb7bed91d09da720b0a101be9e96d0ba85b1ff49d8d1df362d3454f0db6825596101c97e5dacad07ec492d30f2d0cb7e7de4e744bb6a6100b754da847411d09aace8d5d410758b83087db4b5e6297979a21fb65af390952c4f936260e72d7c78327b94aa6cd617278b0ce9e1bd3fbed93b69bc64985dde0e2c4357b502f055ee7b0a0388474dae02d6c1a731f87785d753aeb0d9cfdf85002df566fc2507de7ba6fd035bee17a2e808b4a7588c583375c82407a40ae9eebdf94df2fb8cabf17606c439ea70459b212aae4a3f530ecadc5e88e2548fa643c7ddf5063b2e10673e59d07fe906892b67eb58f9388a56b370452e9977755fc04dfbc77da6c05beddebf0365256b52c9aef8a82173b8c89fbd98cea36a8b896fe66d37ca79bec7fbfe958fe89f6765085b335dc770343e230caddfa2833daa662fe8208dd885a6fdf72e36ecf22bbbbcbe79d370650236940bc2e6d4ac74fe4d554c9bc232f07d2af6220d157bd2da6a6612a081b4c9904a2869b137ee3a0856f12b2eb8762db94ed0ba136f23e7fb4bd1fcdee10dd84e2cd3b0a49148ac74db466dbeef81e6a8ce0861102de9b1a3e1dcf5c6b0308a82e3ac7c2283c7cc2f34ffa145b9f74b79904b32b79e960b814aade63a0df0167dcd24ed90a8da7b934c772932f5a478fe2a72f945a13096ec37ce764b581eb89e5f6b2bd7eb88b85a89587774d458c58cd879457973d648ef771c5f1deb27a0cc5b29246ac2fa12d18ddc6b9f9ac9cf146c3f22b1e4499adeefbcd2249740e13a224e7b6b3ef15605e7e74e68d7b72642409b90c4ec161eb24c9b40ff9c7e6e5da98322aca52c46a8ddc190f1cab157c4c7619601a6b33df6a50da661bc75360dff69750d3457409cc0241c3e8c4b3e506d426af52b70231cd6c91260cc431e4ccfd496ca14ceaae1cda78721e16339d52682b6951f966c7da5c6e10d919ae66a9f52dec10867538d3df6d593a32db695a8d7745703516ea56f8c1c8f0ef53bdeb7f53c2d944f511940ccb90624922ac599f4619c3046207d605f6ff94de788d25342229dc8af92b5fdf0dd71df2b446cdf1d9a20524339ee1c31826287ef72781a7a35289f85a15ba57c7fd5d885bd0553ab40805f517e8f1b1b3c4fc6771e6f224bc031124b9c9aeb19c5a96bf1488e1e66c6e88809230c83a74155554a219ec379ae54a9fe79dbede3d576042a635d197f4d818c778755b8b45e513deac88f60425:d4a9bae8ecc472c376bab805c2ce0c1c2ed5fc773715468cb1a4934564dacecf438b1dd2ac1b5c5e336a1e20701d5dcf3c8ee3ad223b139fa90a1b552e1b7707616fe15fccb3310f9ec7456447dadaf8e0a5fb269be169b0c3ea2cfdaaa55d37937fe75b78324ac278a65047e0ae4f327e97effcb7bed91d09da720b0a101be9e96d0ba85b1ff49d8d1df362d3454f0db6825596101c97e5dacad07ec492d30f2d0cb7e7de4e744bb6a6100b754da847411d09aace8d5d410758b83087db4b5e6297979a21fb65af390952c4f936260e72d7c78327b94aa6cd617278b0ce9e1bd3fbed93b69bc64985dde0e2c4357b502f055ee7b0a0388474dae02d6c1a731f87785d753aeb0d9cfdf85002df566fc2507de7ba6fd035bee17a2e808b4a7588c583375c82407a40ae9eebdf94df2fb8cabf17606c439ea70459b212aae4a3f530ecadc5e88e2548fa643c7ddf5063b2e10673e59d07fe906892b67eb58f9388a56b370452e9977755fc04dfbc77da6c05beddebf0365256b52c9aef8a82173b8c89fbd98cea36a8b896fe66d37ca79bec7fbfe958fe89f6765085b335dc770343e230caddfa2833daa662fe8208dd885a6fdf72e36ecf22bbbbcbe79d370650236940bc2e6d4ac74fe4d554c9bc232f07d2af6220d157bd2da6a6612a081b4c9904a2869b137ee3a0856f12b2eb8762db94ed0ba136f23e7fb4bd1fcdee10dd84e2cd3b0a49148ac74db466dbeef81e6a8ce0861102de9b1a3e1dcf5c6b0308a82e3ac7c2283c7cc2f34ffa145b9f74b79904b32b79e960b814aade63a0df0167dcd24ed90a8da7b934c772932f5a478fe2a72f945a13096ec37ce764b581eb89e5f6b2bd7eb88b85a89587774d458c58cd879457973d648ef771c5f1deb27a0cc5b29246ac2fa12d18ddc6b9f9ac9cf146c3f22b1e4499adeefbcd2249740e13a224e7b6b3ef15605e7e74e68d7b72642409b90c4ec161eb24c9b40ff9c7e6e5da98322aca52c46a8ddc190f1cab157c4c7619601a6b33df6a50da661bc75360dff69750d3457409cc0241c3e8c4b3e506d426af52b70231cd6c91260cc431e4ccfd496ca14ceaae1cda78721e16339d52682b6951f966c7da5c6e10d919ae66a9f52dec10867538d3df6d593a32db695a8d7745703516ea56f8c1c8f0ef53bdeb7f53c2d944f511940ccb90624922ac599f4619c3046207d605f6ff94de788d25342229dc8af92b5fdf0dd71df2b446cdf1d9a20524339ee1c31826287ef72781a7a35289f85a15ba57c7fd5d885bd0553ab40805f517e8f1b1b3c4fc6771e6f224bc031124b9c9aeb19c5a96bf1488e1e66c6e88809230c83a74155554a219ec379ae54a9fe79dbede3d576042a635d197f4d818c778755b8b45e513deac88f60425: +95174a0915684cdbb619b055495b00f19282cffc3b05019e6ab709a4a1742babaa8c872d7e10b67f7ff24172c3637e80825a0a71ee0c48863a2acdcbe8da459a:aa8c872d7e10b67f7ff24172c3637e80825a0a71ee0c48863a2acdcbe8da459a:5e1a7400456cad4f9ba86643bc7cbf3b3568dcb522b37055e8c39d3c80f2284238e5727fd7513cc8b31c57ae7b4050aa819fc2360930eb0dd677a5b2c729feb2da3ad79ae7fccdddb6c08446261ec9bbe59c64e99abbc86d3c4835f00fefe527433a501a3b6d572cf5e12a88010b46a472b9bd8691a407c365f9f71634b4d97edfdff06314c0c1b4eb93c7607f1d6fa354659322c284073f42602518c54fdf26ea2c27c80a6dfa20568391ab357282c06b23bedc1df1264b611c1e9cf18aebe249fd8617c6e3ee98c53c0f6f2175c57ef8e206bd3cf105627a9892eb689920213aaeb63d87663dbfa53f0fb281626948296b2dbcdde1c51af862eecf1cfe8a46a2c4b28cfe7130330ad173f87127aacaff43c0bddea48b0038976e662c04b6b04ad03de12462c2765db535049520cc114afdb6c92549b0546a9027d449755beb8d4c17e6a2a475f9676a337b4e866d96325e389a52c16c51e18e0d8103340c8417b2c57a55d042ff5e5fc65df423e0092b0ea88b96a907c95121c547a68061f27bcfb58ce6c07728d4846bdcbf0c625410edf8dea8cb4c9d0bbeefcde19273365f48d75aec07d1c22ccd23068a97c3fe752e87a30118fe2dfd5218b6b125154e0ea386cf239e3137f8ca6d8b746b6a67d508cf8c1ab63e5715e6721eda5c2bc393a493dbd2f9a1fa926b9a59e45a180aeeb02599a8cdd686f889b4852723cb6dbfb5014cab5f658a309a472239360eeaf64fc8203a3c708970e15cbcf136255d96446c39a927031d267d69ecd51d7af6e91fb4aef9d78c3335e9071133cfb8e2129990c64637c7adf1daef2dc26c1163399f3fe1e792338092ef6f8dfaf25730dd2fe8d978f6f770f52b68238176564cee5fbb9850b3b3a04d948460417826eb2eb24fcc5fe35334bb9521e87bc4dbde2ac9e1c98949dc2d29ad279e3884b905268ebd0808bf418257e75e262b4d01b024a6e9aa7bd501dba94ff506394b4b0ae6081ea73030c43a6a91766e80f9f42c0b68b98419ad4eee4e9a728adefbd79e831f70f41e62b43f0bf42b3b2cd53b5589117664bcebc409a7645b1eedda482f6b6895a657ba789b89e502d6998751d6303ded5fa156ee7c7eafe54626d1032c4d7dff977f1dcc86af89b1e646a4afc2427ed02c0af5d32890f95f13f98c1a5b1d9fbb781a9a89b2d790c1465c2d1520926fdf28c17d9ba1587ad761f065d339bdbe38f4133f45bb5978742642f90c065ee4892573f6059f8b4ce2c13e73b891cd05f23731ed9a07e2b8ffdc963b06a510209c329980949f40d8073a013ef843dfcc4a3394:780f40c20fea3b11c9422a43b9a6f79611e7f1f59d1488c15a5fd2d32c07dadc391c38953edf0de48be52da2af335c47b8d2e44ab9d3dfb76ba538b0664952085e1a7400456cad4f9ba86643bc7cbf3b3568dcb522b37055e8c39d3c80f2284238e5727fd7513cc8b31c57ae7b4050aa819fc2360930eb0dd677a5b2c729feb2da3ad79ae7fccdddb6c08446261ec9bbe59c64e99abbc86d3c4835f00fefe527433a501a3b6d572cf5e12a88010b46a472b9bd8691a407c365f9f71634b4d97edfdff06314c0c1b4eb93c7607f1d6fa354659322c284073f42602518c54fdf26ea2c27c80a6dfa20568391ab357282c06b23bedc1df1264b611c1e9cf18aebe249fd8617c6e3ee98c53c0f6f2175c57ef8e206bd3cf105627a9892eb689920213aaeb63d87663dbfa53f0fb281626948296b2dbcdde1c51af862eecf1cfe8a46a2c4b28cfe7130330ad173f87127aacaff43c0bddea48b0038976e662c04b6b04ad03de12462c2765db535049520cc114afdb6c92549b0546a9027d449755beb8d4c17e6a2a475f9676a337b4e866d96325e389a52c16c51e18e0d8103340c8417b2c57a55d042ff5e5fc65df423e0092b0ea88b96a907c95121c547a68061f27bcfb58ce6c07728d4846bdcbf0c625410edf8dea8cb4c9d0bbeefcde19273365f48d75aec07d1c22ccd23068a97c3fe752e87a30118fe2dfd5218b6b125154e0ea386cf239e3137f8ca6d8b746b6a67d508cf8c1ab63e5715e6721eda5c2bc393a493dbd2f9a1fa926b9a59e45a180aeeb02599a8cdd686f889b4852723cb6dbfb5014cab5f658a309a472239360eeaf64fc8203a3c708970e15cbcf136255d96446c39a927031d267d69ecd51d7af6e91fb4aef9d78c3335e9071133cfb8e2129990c64637c7adf1daef2dc26c1163399f3fe1e792338092ef6f8dfaf25730dd2fe8d978f6f770f52b68238176564cee5fbb9850b3b3a04d948460417826eb2eb24fcc5fe35334bb9521e87bc4dbde2ac9e1c98949dc2d29ad279e3884b905268ebd0808bf418257e75e262b4d01b024a6e9aa7bd501dba94ff506394b4b0ae6081ea73030c43a6a91766e80f9f42c0b68b98419ad4eee4e9a728adefbd79e831f70f41e62b43f0bf42b3b2cd53b5589117664bcebc409a7645b1eedda482f6b6895a657ba789b89e502d6998751d6303ded5fa156ee7c7eafe54626d1032c4d7dff977f1dcc86af89b1e646a4afc2427ed02c0af5d32890f95f13f98c1a5b1d9fbb781a9a89b2d790c1465c2d1520926fdf28c17d9ba1587ad761f065d339bdbe38f4133f45bb5978742642f90c065ee4892573f6059f8b4ce2c13e73b891cd05f23731ed9a07e2b8ffdc963b06a510209c329980949f40d8073a013ef843dfcc4a3394: +5a84af28a5dfbb3233a12f0837f6e8654e7b0de16b02ab3cd17864431e27466780d4ba789f8a4b2047adafa5ed26cd8c546733292e8bf693cfd17e284efc6871:80d4ba789f8a4b2047adafa5ed26cd8c546733292e8bf693cfd17e284efc6871:8aacd1b8a39bf08fd5c918446be576e6a3f27f36111607f27b56a91214e763f9a87fb1d1844898961797644460bff5488c103af605e8740e46588fb93e443c3bb23b92c09870a557653a1f22c218ccbc2f073a272d17a84223ef143f4c7ca258460b798169673da107d71d5356ce9f7559a9b038399951f575c77e5b9d0529578ecaa2e2089266fc526c5d409fbd46bb86841cb554f5bd3c99713b043e404653a7d01344d4db831a217282c4b336405653b85d27a46b259c855cdd85ad6f7aedd835ff5500cc8baf0fb2f0180910c64672b8a8d49d984a78293cf5779c910c3acbbca455a85466e535044f3480262c090fbf4e0b0db4d1ef8759daafdd8d05907482461ff910c437195d5c7fed9d82cb94e7e4ec24da053e47f62b488eb7b244655c7dbb20ed607eed4531449e0780e61cfd574086ffc5dc524283775c44f7547cdab04a51eee4e1b7b65a57573a92484a35900a909f81e415029d22ca937a3acd9e61f8c0e686b2d2ad0377af8ee166e4a20a82aff451e151103e0a1767b271fa9c2b1dd120f805853b3b8a560fc8b9376283b51124324a284a0e9ac49df69f524c8e042df82efbcd16881ec131a15210df73de02943447f22a2ea1dc8bf968298ee97f3ad546d78bc660897e08d2a28b2ba68b54b954f1476451c69207e5dd248ae47ef35694990e6f058bc0017b7495105cc8739066afb11e1f26601942546ae849ff2f56730f1326bbeea640ee178fa247adffefc046494fc7ffc0777d5dbe8a55daee61406fe3c7088d43d9e14da21ca52fd8c160091c8f99a67dad65c64fea9d18b1537d061f5dce879e0bc42648d2eaa02d972185753cb2f6225d8d03bb07f944b10cf4ea22275c3d70848020f30c823b76143acf545999a2cc4b5898d94b4a25efbe5a60331cc009fec0a25bc98947b1b7139e22d23280ff8854a1ec76221b1bf3d108328c8ac463c65263a2d7ca7433482931a1d8fc144bbe9bef678c92e1c2d10921b6ad43a75c53bc075854ed2d99d825f30a5e10d517438e4d4f7113429f1edb387d6bd7aad29274f8d2dc889b7efbeb58686f8d669ceaef92c75ed5307f0c03f5900181ce573c8fa28675205fb1057f626aa230d03e2eaa8cffcde20081475d80b245a1ca6045ba204ab00069079c637fc3fb3e80ca0462e7a4cdd9283ff9008530364816792fdf3b9a4e4dc8379228edcbb154bef387d37760d79afbb736260a1db10138361f24b826dbcd5f0fc9e7830d26d80c52a792189276bce34760fb77be1312ac8cf97d92cbf3d0778028db5e8eae89e0b9bc8778aeb1278f0471cb:a0b84ca5af7646e6f62a6935379473fa6e4c27695851fcbdae2917b2dc68d796e278d70cd67fcedf6ca629b881f7c4f2aa2559b20d670611766bd65aa4fef2048aacd1b8a39bf08fd5c918446be576e6a3f27f36111607f27b56a91214e763f9a87fb1d1844898961797644460bff5488c103af605e8740e46588fb93e443c3bb23b92c09870a557653a1f22c218ccbc2f073a272d17a84223ef143f4c7ca258460b798169673da107d71d5356ce9f7559a9b038399951f575c77e5b9d0529578ecaa2e2089266fc526c5d409fbd46bb86841cb554f5bd3c99713b043e404653a7d01344d4db831a217282c4b336405653b85d27a46b259c855cdd85ad6f7aedd835ff5500cc8baf0fb2f0180910c64672b8a8d49d984a78293cf5779c910c3acbbca455a85466e535044f3480262c090fbf4e0b0db4d1ef8759daafdd8d05907482461ff910c437195d5c7fed9d82cb94e7e4ec24da053e47f62b488eb7b244655c7dbb20ed607eed4531449e0780e61cfd574086ffc5dc524283775c44f7547cdab04a51eee4e1b7b65a57573a92484a35900a909f81e415029d22ca937a3acd9e61f8c0e686b2d2ad0377af8ee166e4a20a82aff451e151103e0a1767b271fa9c2b1dd120f805853b3b8a560fc8b9376283b51124324a284a0e9ac49df69f524c8e042df82efbcd16881ec131a15210df73de02943447f22a2ea1dc8bf968298ee97f3ad546d78bc660897e08d2a28b2ba68b54b954f1476451c69207e5dd248ae47ef35694990e6f058bc0017b7495105cc8739066afb11e1f26601942546ae849ff2f56730f1326bbeea640ee178fa247adffefc046494fc7ffc0777d5dbe8a55daee61406fe3c7088d43d9e14da21ca52fd8c160091c8f99a67dad65c64fea9d18b1537d061f5dce879e0bc42648d2eaa02d972185753cb2f6225d8d03bb07f944b10cf4ea22275c3d70848020f30c823b76143acf545999a2cc4b5898d94b4a25efbe5a60331cc009fec0a25bc98947b1b7139e22d23280ff8854a1ec76221b1bf3d108328c8ac463c65263a2d7ca7433482931a1d8fc144bbe9bef678c92e1c2d10921b6ad43a75c53bc075854ed2d99d825f30a5e10d517438e4d4f7113429f1edb387d6bd7aad29274f8d2dc889b7efbeb58686f8d669ceaef92c75ed5307f0c03f5900181ce573c8fa28675205fb1057f626aa230d03e2eaa8cffcde20081475d80b245a1ca6045ba204ab00069079c637fc3fb3e80ca0462e7a4cdd9283ff9008530364816792fdf3b9a4e4dc8379228edcbb154bef387d37760d79afbb736260a1db10138361f24b826dbcd5f0fc9e7830d26d80c52a792189276bce34760fb77be1312ac8cf97d92cbf3d0778028db5e8eae89e0b9bc8778aeb1278f0471cb: +793ac88d7d3b6fa7f47deec31f68ddccb701820f1b13ddc652f7c6a85b6052a591b6227acdd183da62c51965c635358b204d683ee06443cbd40e71c1f76ad102:91b6227acdd183da62c51965c635358b204d683ee06443cbd40e71c1f76ad102:ec50afad8ade7405e2c6f5c6247bbbccfb2c17166f7884feae10d90f5d83c4b6f0bf76de2f7897ba1194d6d3449ddb80ae74eb8ed68f049b35c6f21916db4dfc2724dc3af7ad8dd5c44f60d2f49fadd7004da1593093942cae5208bf54cf903bee646905fce2eb2e370d0dca48d820adeab16a3b675e5a4a8e267e34ff96f3122b18de0cad9292ab63d26e5f310fa2168c2966bdb63b0de08626767b379de4633b9f3eda7917281dad661e9f772b844a79e800fd842702446e4aa731757107f3fd6547bf4075963d5fd5f58e80853fc42751dca078a9fa8d5bb3d9a34abcab0293d6ceaec48967a1e6224398cad0f605a3be8e6758ea8f29209d8e4c4ca1893baad91e379ba3b17330c12a5b6f219b384a8ab978bf1b37c3731a1b474b24b5d67d4cec28aac6510b11f2cf21bc16963d51f5538727718fc4e2e5172e3c0cdabc277f0d7037c34ca68f73288848b926bde0cf47abfa66600916946f07651c280a2086b14d52570cc8a4b74358b59c302b9d00e1b498f3bc33ee4ecf2bce2c65ed7e8ba74d35b751d3c99f40861968c2b7f3a5be348c57d93b40ffd051edd7caca6ee6bca721dcba8db8d0064f54d36ec5e8d62a71fd1c90f14924f41c163f007afc6fbbfe8645fa47c3c980246d1b92274385953c5341cd64c34ae9717cc2c37f58359c0a9991c23fe637de6cdf0862f7d0329fe758aa892ad4583b9df2f3337d5be570ba654998ed292f11f01772382a04342fdd99e69e0d97c43f10ac9b96f140a6f83c4729e7a900471f2b1df2401bc5c680422b13b0c8007d63681f66a0595a1c5d3acde5b779426e736bc100c5e6f52608dc391e3ef9b1bb6af13d249b7d32ce0680c368f54d5fe039cfe10130251e4db14c79c8d044060465822990d88093cd736532852e447889db89cc60052996a32a64365c0726051c119eda901de576b334fc7049482392e2620b0a3a13fab1d36fc0a5f23db147fd857b26a698048f8b811e23d722e2e9027ed4124b48dc5e578a7aeb19a1b4f948ee5b46f65b979646e2be074714118baa4bfc15b089a0e06627da46e4bb06aa3c7c5dd648e03c9c2dec3facd95626562f3000883230d2b0a1f8a7478cb77f939a5f188f458d1037b90176664d86ea850b8af5087f86605a77e025ef6c7e6a2a59f006cba189fad933f42c532708109bc1af814819595ffcb95fbf5b7e93a71197e477ee7c04b851c1c36622cdd8e6c860d9ab2cac56d2dc98fa69124f2bb2a6471e1c73b661f071f5d86de7d1deafa4edcdc7bf1f705c56300affd058b9697791419e5fb2a5b7f78ce3401ff550:a84f552bf44322a6db245ca006d1cf780c61680fe7429a8947c35f21bc4b44228ba30aea0c744b866459d3b8acad453b06ace247ba69528c6b3bc4b20e75630eec50afad8ade7405e2c6f5c6247bbbccfb2c17166f7884feae10d90f5d83c4b6f0bf76de2f7897ba1194d6d3449ddb80ae74eb8ed68f049b35c6f21916db4dfc2724dc3af7ad8dd5c44f60d2f49fadd7004da1593093942cae5208bf54cf903bee646905fce2eb2e370d0dca48d820adeab16a3b675e5a4a8e267e34ff96f3122b18de0cad9292ab63d26e5f310fa2168c2966bdb63b0de08626767b379de4633b9f3eda7917281dad661e9f772b844a79e800fd842702446e4aa731757107f3fd6547bf4075963d5fd5f58e80853fc42751dca078a9fa8d5bb3d9a34abcab0293d6ceaec48967a1e6224398cad0f605a3be8e6758ea8f29209d8e4c4ca1893baad91e379ba3b17330c12a5b6f219b384a8ab978bf1b37c3731a1b474b24b5d67d4cec28aac6510b11f2cf21bc16963d51f5538727718fc4e2e5172e3c0cdabc277f0d7037c34ca68f73288848b926bde0cf47abfa66600916946f07651c280a2086b14d52570cc8a4b74358b59c302b9d00e1b498f3bc33ee4ecf2bce2c65ed7e8ba74d35b751d3c99f40861968c2b7f3a5be348c57d93b40ffd051edd7caca6ee6bca721dcba8db8d0064f54d36ec5e8d62a71fd1c90f14924f41c163f007afc6fbbfe8645fa47c3c980246d1b92274385953c5341cd64c34ae9717cc2c37f58359c0a9991c23fe637de6cdf0862f7d0329fe758aa892ad4583b9df2f3337d5be570ba654998ed292f11f01772382a04342fdd99e69e0d97c43f10ac9b96f140a6f83c4729e7a900471f2b1df2401bc5c680422b13b0c8007d63681f66a0595a1c5d3acde5b779426e736bc100c5e6f52608dc391e3ef9b1bb6af13d249b7d32ce0680c368f54d5fe039cfe10130251e4db14c79c8d044060465822990d88093cd736532852e447889db89cc60052996a32a64365c0726051c119eda901de576b334fc7049482392e2620b0a3a13fab1d36fc0a5f23db147fd857b26a698048f8b811e23d722e2e9027ed4124b48dc5e578a7aeb19a1b4f948ee5b46f65b979646e2be074714118baa4bfc15b089a0e06627da46e4bb06aa3c7c5dd648e03c9c2dec3facd95626562f3000883230d2b0a1f8a7478cb77f939a5f188f458d1037b90176664d86ea850b8af5087f86605a77e025ef6c7e6a2a59f006cba189fad933f42c532708109bc1af814819595ffcb95fbf5b7e93a71197e477ee7c04b851c1c36622cdd8e6c860d9ab2cac56d2dc98fa69124f2bb2a6471e1c73b661f071f5d86de7d1deafa4edcdc7bf1f705c56300affd058b9697791419e5fb2a5b7f78ce3401ff550: +89de7442d74ba9385969c9651a88fe28e040d593907dac1a3987418bdfdbad89fd3ba9fad320eba45d07b84a497be17d3fc7dd9999c968883cd6ac13b0669b17:fd3ba9fad320eba45d07b84a497be17d3fc7dd9999c968883cd6ac13b0669b17:9d5272f0b784882b94c76dfb9d460ca495025e0aec5d52ccfffece9f8173c10558266c498525891a97bf3878e33c3de2fc2e52550b431562cbe4a3d011ecc9e77ec36ad38341358c88321c03d08bb426a7d5854171c027ec48d57819a91afd02a618ccbc25e68e5309d047b156e35705373ada2eb831321a203e1bd8f0efecc09618647b41dff22b39d02235f871532f6085e9cc52ec009b33eebcdc267d7767c90c927e154f72f3f48a34956319b293c8a8b3e34efc5f62f2b4e8019b50a08f5ccf95bc831baf40811d87e5edbd2fd5365b26a431ae95800ff381cd62ca40e1866d950dce14f030918abac68e7916ddb95adc1971287874d07eb0edef64296652c48044b0c5521a8d270d53d74ec63b890f3363f9207f6652ae8e7835c3820ad6d9e3633f4bfd5379a44f29d65f3609fe355817dca5518dfe3bd769320a031902e9cf6669c24f88b01eb36995bdb8dbed6ee0c9b7f32295c61ba8905e5598f3c9e1c8bf7264f98293faea17747f88440c31818c433ea3d23c01f4f7e9c3dd3d5f32ec9eacd71a09e3a997381f1cbffdf4b5ba4979deb7b09841afa3b03d1c9311097b862cae11707cbd3a4ae6c8a26a306a687c414a4ea1e812f115f60f70bda7f8fbe7bc2d50cc550bba291d5ec523229a08ed568b5cee18fe6f46782c17cd828801639215bc5e9be4555c9a18009767a6c5c74a8229d2ffaa399d8e64324e884223d5070f735a75d85ff6c94a9fbc2b3651386de5a23cce95c87881c79399ae71f090737e2187fe904aab1d92d6186795c9b46c62a5914f3630fdcbac3bd4b0da4ec3136a1fb2ba40322d7cc4085e167009cf7450fc6a286c2f7951d51aae23b8f33020efb5e3245ba6a3543a2bdec447d51ae00b5e1678b76093cf216b9507c963ebfc024ccd6ef6c78c4572273beaaf55076dc44a224b58615705791965307cefd48672c081bccfbc1d15b062b38b4fba9b9bec956cd14444ee437e7960cc601eddc02f1a76b68574d5f8843150c0b9009934a2bfaf605770c136ba29f3dc7e29597a2480db23e2b2677ec6c51bd301f2b5a39dfda7b477bedd1cdaed10e29d2954629b9876f8ee54e4047369d534cab54aea441dc947eb3f59382b218360572f2659583153c0e2b912cf30c815b26f05853dd30551eecf64b858a441bb8c6db8a9fde77a32a7b46af66f8cb9f35ee0fafb0bd42d9e65b2a9058241a31b8ca1115434237670aab4eff36010ed0371f46595da1bdd579bbb67aadb68e77ad3a38c8f26d2af5a7103ba5f22b42cc12a8c3ce5c921c91cfc0e63df9027d26229b1047cbc18f6b0:bab57284d20ee54cc7f9708d717706d8faf6e46332b0691d6f213a8db801155b4e338c1361b592be758501b1821793ae5227cc3ba8df8adfc6ed9acab54cc4019d5272f0b784882b94c76dfb9d460ca495025e0aec5d52ccfffece9f8173c10558266c498525891a97bf3878e33c3de2fc2e52550b431562cbe4a3d011ecc9e77ec36ad38341358c88321c03d08bb426a7d5854171c027ec48d57819a91afd02a618ccbc25e68e5309d047b156e35705373ada2eb831321a203e1bd8f0efecc09618647b41dff22b39d02235f871532f6085e9cc52ec009b33eebcdc267d7767c90c927e154f72f3f48a34956319b293c8a8b3e34efc5f62f2b4e8019b50a08f5ccf95bc831baf40811d87e5edbd2fd5365b26a431ae95800ff381cd62ca40e1866d950dce14f030918abac68e7916ddb95adc1971287874d07eb0edef64296652c48044b0c5521a8d270d53d74ec63b890f3363f9207f6652ae8e7835c3820ad6d9e3633f4bfd5379a44f29d65f3609fe355817dca5518dfe3bd769320a031902e9cf6669c24f88b01eb36995bdb8dbed6ee0c9b7f32295c61ba8905e5598f3c9e1c8bf7264f98293faea17747f88440c31818c433ea3d23c01f4f7e9c3dd3d5f32ec9eacd71a09e3a997381f1cbffdf4b5ba4979deb7b09841afa3b03d1c9311097b862cae11707cbd3a4ae6c8a26a306a687c414a4ea1e812f115f60f70bda7f8fbe7bc2d50cc550bba291d5ec523229a08ed568b5cee18fe6f46782c17cd828801639215bc5e9be4555c9a18009767a6c5c74a8229d2ffaa399d8e64324e884223d5070f735a75d85ff6c94a9fbc2b3651386de5a23cce95c87881c79399ae71f090737e2187fe904aab1d92d6186795c9b46c62a5914f3630fdcbac3bd4b0da4ec3136a1fb2ba40322d7cc4085e167009cf7450fc6a286c2f7951d51aae23b8f33020efb5e3245ba6a3543a2bdec447d51ae00b5e1678b76093cf216b9507c963ebfc024ccd6ef6c78c4572273beaaf55076dc44a224b58615705791965307cefd48672c081bccfbc1d15b062b38b4fba9b9bec956cd14444ee437e7960cc601eddc02f1a76b68574d5f8843150c0b9009934a2bfaf605770c136ba29f3dc7e29597a2480db23e2b2677ec6c51bd301f2b5a39dfda7b477bedd1cdaed10e29d2954629b9876f8ee54e4047369d534cab54aea441dc947eb3f59382b218360572f2659583153c0e2b912cf30c815b26f05853dd30551eecf64b858a441bb8c6db8a9fde77a32a7b46af66f8cb9f35ee0fafb0bd42d9e65b2a9058241a31b8ca1115434237670aab4eff36010ed0371f46595da1bdd579bbb67aadb68e77ad3a38c8f26d2af5a7103ba5f22b42cc12a8c3ce5c921c91cfc0e63df9027d26229b1047cbc18f6b0: +2622bd9bbef7ff4a87629ea0153dc4d608c31fa5847988ff500d880681f11372199758a9c3d0ee3eebcbbda3e1ef5455ff46d736bb4ef0c06a739f9ac5848395:199758a9c3d0ee3eebcbbda3e1ef5455ff46d736bb4ef0c06a739f9ac5848395:891e82122547d61e83b0abaf27c7303f0522a2ec4af44ef0ac196a9978b1c623ef1fa72baf70910a5c51c4f78e0fe9fe37e2439c4795916cfa22ab471a2557cc7ba6b66956063ddeb39c50f14f06348fa66b6064dcffca5043967f05254d577abf22ae8c90000ce2e6a1a8b2e3a6b3abc563ebffb20445f0911cc42a987f8456efba4130e68f01fcdf7bf771fc1d35371a0d75dd5f90002c90b6cbade40d5b23fdb49abacb7219ae27561aa2a879da88df34a8c581f0c67198ffc608fe9195b5555c8ae934c830aae2885bea87487448e11b4f2f172e4d5cfe4fd113f9d2016c24a734512bb918f575e754139718e3d20e790abb942cba3ec8b2db590796dc435f139fc64ddc85a22494ef2bfa1f5c0f1875ea58e84eb374ecf8cec6468b6b09d1e74f1541ed454a2807d3f4053566b0e4e2c6aeced10dc007e9df416f267fcb3fe17b8bace03f0743e0e6d4a48ce76edff60c0e3a308456995413c1076ff37ecf2381a0d4e9e4a913a258d983b9696b5c45af37c8684070e400b8f865a504043f45d78b9713f335aa416a46166410735fb5d82210458d5a08a104d4002ab61188f9df457dd7ed5937ca5077606b418bbc8684a1d525bfa551087640b1d177ca6d4f6471b39b2ce43afbf8285ecd687e438f4425df568ab86fa2316349a1102b4143d71ef4e24f5c530c77afb0100788636440e740675a6174c5f05710b253a411173f9e82ce6e22f4095e7714b8737e147aa0f23191578ffd93823ce4bf91c1d110982a5da0e4b81bd25b9b9c2142a7671ee937c90fd0715ec9afa44d86046898b42f753589d2268d2aaaa985cc90e0f9e827a3923e7716346f4f8931c72821b3eb645daa7452c8afc898d7975545c12da1bdb209045cb00f4bfd5383df01f003680b973440f1a39c9d820959ef6f85bd33639065aefdc8bcfecbd9b9554049738af29f1294639d3915d632995e8faf713ef2ee3c298b5596fa10c99f946ddb32340695df1c194594eaf3778d73c8ba6040c04eb3a4ff8677936b88e0c5f0441480d107d7ac2202b3b694e57ccca6d825e2a07e812ed29b2c20d5c605471579e3edffc223f242c59391db41e98d5f3d6c5b1e32ac8237fcfd1020543a4041e03d92ad3e2ec552914707c77cd01f3e48011444283f0968fa4deeee55c456ed1f877ade04ac8e8d2cb6c85820b4929b25bf31e925435d6bcc50d3e2e9b85102e970d7895c25ade52161a3b6bf501ab01961cb63ed990aeb93eda3828bf04ca52853c7b6b8e9e49e349d69b53be07485f542b7cdd06b527d41dd119c70b564f1a93aec62ae74e6e8f855:4378966b7831def4aecb4989bcaf9cae99461cb9b59d19518cc1ec7b8351bcd1f723aac5f061b38363574ff96ba10e196b1b0531e1183036a425e69c4598040c891e82122547d61e83b0abaf27c7303f0522a2ec4af44ef0ac196a9978b1c623ef1fa72baf70910a5c51c4f78e0fe9fe37e2439c4795916cfa22ab471a2557cc7ba6b66956063ddeb39c50f14f06348fa66b6064dcffca5043967f05254d577abf22ae8c90000ce2e6a1a8b2e3a6b3abc563ebffb20445f0911cc42a987f8456efba4130e68f01fcdf7bf771fc1d35371a0d75dd5f90002c90b6cbade40d5b23fdb49abacb7219ae27561aa2a879da88df34a8c581f0c67198ffc608fe9195b5555c8ae934c830aae2885bea87487448e11b4f2f172e4d5cfe4fd113f9d2016c24a734512bb918f575e754139718e3d20e790abb942cba3ec8b2db590796dc435f139fc64ddc85a22494ef2bfa1f5c0f1875ea58e84eb374ecf8cec6468b6b09d1e74f1541ed454a2807d3f4053566b0e4e2c6aeced10dc007e9df416f267fcb3fe17b8bace03f0743e0e6d4a48ce76edff60c0e3a308456995413c1076ff37ecf2381a0d4e9e4a913a258d983b9696b5c45af37c8684070e400b8f865a504043f45d78b9713f335aa416a46166410735fb5d82210458d5a08a104d4002ab61188f9df457dd7ed5937ca5077606b418bbc8684a1d525bfa551087640b1d177ca6d4f6471b39b2ce43afbf8285ecd687e438f4425df568ab86fa2316349a1102b4143d71ef4e24f5c530c77afb0100788636440e740675a6174c5f05710b253a411173f9e82ce6e22f4095e7714b8737e147aa0f23191578ffd93823ce4bf91c1d110982a5da0e4b81bd25b9b9c2142a7671ee937c90fd0715ec9afa44d86046898b42f753589d2268d2aaaa985cc90e0f9e827a3923e7716346f4f8931c72821b3eb645daa7452c8afc898d7975545c12da1bdb209045cb00f4bfd5383df01f003680b973440f1a39c9d820959ef6f85bd33639065aefdc8bcfecbd9b9554049738af29f1294639d3915d632995e8faf713ef2ee3c298b5596fa10c99f946ddb32340695df1c194594eaf3778d73c8ba6040c04eb3a4ff8677936b88e0c5f0441480d107d7ac2202b3b694e57ccca6d825e2a07e812ed29b2c20d5c605471579e3edffc223f242c59391db41e98d5f3d6c5b1e32ac8237fcfd1020543a4041e03d92ad3e2ec552914707c77cd01f3e48011444283f0968fa4deeee55c456ed1f877ade04ac8e8d2cb6c85820b4929b25bf31e925435d6bcc50d3e2e9b85102e970d7895c25ade52161a3b6bf501ab01961cb63ed990aeb93eda3828bf04ca52853c7b6b8e9e49e349d69b53be07485f542b7cdd06b527d41dd119c70b564f1a93aec62ae74e6e8f855: +aeb13ccb90c8cbef90d553da3f6901b3d75c13011f024974daf79a1789c8c6325faafeb595f16d338f1c72a9f3e498f38bab69a81b37d2d092b7bf7e505d820d:5faafeb595f16d338f1c72a9f3e498f38bab69a81b37d2d092b7bf7e505d820d:861a1018d6bdc4805a5c4df87efaa462c68b4bf4065c684c2af131c6377388baee58c6c8f8842362ec6e3bce07c8af55885e82db87a15227800dd33afc5e5fd15701e95f53501b1a6ff83c64e8517149bf3ff011b094a09c673d0fc4a39ee55e69f071177b8aa364e1e256064cf70279cc76695ae49dafcd80ca0a14e1691db946422ec75ab4f7865915a69bd48d89b12adf487d4db9be87cddca211aa88e9bbe849da213989eb0844592ad63e281b2e4afe6a8836006609926c0f787e84f2a95b46b66f0e4555c9483ce2176fc63f7cc9f4f2a22db055aae2e68b30a0da5feb80c2a60ea10dbf67fbbcdbe0be33f2e9c13c469e7768f2ff5960a55eb482ec11d47e154b7c42a5fb756c8ad539b33d125a4a65192c6c9bd576238ca72a73cd179e8cf5cd048ed330213823abbafc3682b2b7f68c5bc46fd09a8cb2a3fd099573ee2e6f28c82e271bb5ef934b0b0c381cfaaec666d717106a874af30aa74125eae9acc2f1f24118cb4e683a731e37e5e464a1ea3d2a53cc0dcad4c17cea9a43e2365f3ae3dd89eb39977420045550745fc267fc7dcc5602e914972a4da6ebeb687f68a0cd7d8b4fdd73722106a8e436b93e5b58f5982acecdecfdb382fe98538261426ba64052557643ce9fec71ea43cf5b6cbadeb4953193ff3ed1a1f922a9af2ec6f338e7fb0affe3d13c33e395873e4a7a7fb044981e05a67197b996b199b43011119363e561d5b8a51784fdff58ab80ed4c49e93f0cf41924f9835efb09f64463b65517b67b15dc3f28ad9a9b2d29468de2c63e62004b6a3fd0c5c2e2aaa6cfa15e4faafa1e2c713e98d3fd25cab9e5170359c8365152b474276ed0037cdf771828e2fb7ccec4895f21adcc5b6887c86e51ad05f255f6e9dad2c41f56b98b7bbbf9fcb6ba8cadfd38ad8c62f92dd87740fa1e1bd170c00b2049c5130fe733f16b1f2c7f00b2ef97b3a95458c53f199d465336d5ff5977806e1afde3eaa246d85cabf7e123481e23929976ed19c40e29ff33d80e7deab19271decd5ee06172b0b0a139bd62a2e7c83a8a65601d0a05d61af9c6032df58001d473e20dd6c6afd78ddbd7cd178e9c271e0572f85982823ce6c402930cf80f5e0c7cda85122a76d1ce021b1e3de2556d1b45ac7b01b59cada25291d638a52a5e7dbcddf96bb1774ab0b077e4b3da5a958fe11dee4a02e69b918ddbfa1c5b3b7dca9f8784bb6b0b9d5a7fee74bb03747f61c2b2f1b492452d3b560b48d39d8721e983752556d44da6b028d9aef8bff9aa379c8e2b0a636d748860abd8e64fc8e96520a34a27f767aa97a8f77b6095218ead:0611b19a7472a443e87e54d7c6647faab1b79a83fd4371c92b975400fd628acfc32577ccbbaf03d88f893c88f2cac784c722a08f387abc319a702c868479650b861a1018d6bdc4805a5c4df87efaa462c68b4bf4065c684c2af131c6377388baee58c6c8f8842362ec6e3bce07c8af55885e82db87a15227800dd33afc5e5fd15701e95f53501b1a6ff83c64e8517149bf3ff011b094a09c673d0fc4a39ee55e69f071177b8aa364e1e256064cf70279cc76695ae49dafcd80ca0a14e1691db946422ec75ab4f7865915a69bd48d89b12adf487d4db9be87cddca211aa88e9bbe849da213989eb0844592ad63e281b2e4afe6a8836006609926c0f787e84f2a95b46b66f0e4555c9483ce2176fc63f7cc9f4f2a22db055aae2e68b30a0da5feb80c2a60ea10dbf67fbbcdbe0be33f2e9c13c469e7768f2ff5960a55eb482ec11d47e154b7c42a5fb756c8ad539b33d125a4a65192c6c9bd576238ca72a73cd179e8cf5cd048ed330213823abbafc3682b2b7f68c5bc46fd09a8cb2a3fd099573ee2e6f28c82e271bb5ef934b0b0c381cfaaec666d717106a874af30aa74125eae9acc2f1f24118cb4e683a731e37e5e464a1ea3d2a53cc0dcad4c17cea9a43e2365f3ae3dd89eb39977420045550745fc267fc7dcc5602e914972a4da6ebeb687f68a0cd7d8b4fdd73722106a8e436b93e5b58f5982acecdecfdb382fe98538261426ba64052557643ce9fec71ea43cf5b6cbadeb4953193ff3ed1a1f922a9af2ec6f338e7fb0affe3d13c33e395873e4a7a7fb044981e05a67197b996b199b43011119363e561d5b8a51784fdff58ab80ed4c49e93f0cf41924f9835efb09f64463b65517b67b15dc3f28ad9a9b2d29468de2c63e62004b6a3fd0c5c2e2aaa6cfa15e4faafa1e2c713e98d3fd25cab9e5170359c8365152b474276ed0037cdf771828e2fb7ccec4895f21adcc5b6887c86e51ad05f255f6e9dad2c41f56b98b7bbbf9fcb6ba8cadfd38ad8c62f92dd87740fa1e1bd170c00b2049c5130fe733f16b1f2c7f00b2ef97b3a95458c53f199d465336d5ff5977806e1afde3eaa246d85cabf7e123481e23929976ed19c40e29ff33d80e7deab19271decd5ee06172b0b0a139bd62a2e7c83a8a65601d0a05d61af9c6032df58001d473e20dd6c6afd78ddbd7cd178e9c271e0572f85982823ce6c402930cf80f5e0c7cda85122a76d1ce021b1e3de2556d1b45ac7b01b59cada25291d638a52a5e7dbcddf96bb1774ab0b077e4b3da5a958fe11dee4a02e69b918ddbfa1c5b3b7dca9f8784bb6b0b9d5a7fee74bb03747f61c2b2f1b492452d3b560b48d39d8721e983752556d44da6b028d9aef8bff9aa379c8e2b0a636d748860abd8e64fc8e96520a34a27f767aa97a8f77b6095218ead: +73872b14762f68dae4fc10dfd6f42d3f9622bf2afe6b34a95649aa387424ee6cdfab2ce1ab9981aa7cbf3207350007fa6ce6ca60a2ed7b590f3c2f62922d8f61:dfab2ce1ab9981aa7cbf3207350007fa6ce6ca60a2ed7b590f3c2f62922d8f61:433d71781ceab2b47d826e67d39f9b80d2ffd725f8c5aeb40cbe4f9b5f48ef93521ccec604360b9647323190bfef75ac931562d27f4a4e31f46e57bc99fa5158c82e12b737e45c5de9f7dd7c8622d4a7eaadf7202fb49d819c9ad24f8807313c5f37dc20453bdf05c9bf1a3c2117c93e7f3cc8a2542098e8fc1c642fa47b05543657b85f480bc86ec42800bb1422359c7c3e8ff4be598bd54f1dc586acae45a4740622b962742bc86e17cfa63e775354e7707e5079589e8d108b1f11dace0575cb9a6d26b59fce981465d9bc344ea6945a95b862796384fa8170560857457beff95a9b5ac3d6ad282d44929a303026b4bbedd60e2ef055a31f52d7ce8df2ca5d1851c5b167db0809259bb812569074105c734c85d6231273755f3a8b56dc508db5c23dacb7a06167bda51bc01350f016cd41b21e8cc5bc93343a9bb6ea4738c5c84b78fa963c410e433dc598196c22e5b791e12a4b343f7cd47bbb0eb0782bdb1a4e466846a030528eeb89056f73257193adaabc1b229862034878c3258a532548762e29ecc001abd989649da5e144cf35d48699f23bc46c5b34e04a53e72724b2b0b878982575d688e23cbe3a34067f4971e555972ec2908ae5f03e8831ec67755be95687ce6372939e1e2fb6951ec9ecf4bf7d1535431e259f29ad431222b54b65aa7d07cfb5df162a87c4d03481eb441f221d7f58627a14164e7f4c2e3a1d507e899d5358e00829b08cf3aecb8a75b2a31c3185a580e12b13f0642869fffb056723e961aaf6fefe67b4a7c4c93db3fe1f61adcc765569a99c09a3c824ed4a98babeae43efb1f351ba130e22aa97811986be923cc4180a7c4b78bcc140cec15574654aa6d65a06b97ecfa5f3a9355f96e4eeaa7689217b663fba4dab0d99b19c8d8dbf47a157e5d5969a35ef84dff9562edd434e73aee7d0d892dda72a362a22a7e9fa8634a57eebd1a907485ca8921bdc19ee9ee588f395687d3fc8f8c25f2e9576ca60313fbb2c265a99f2cdd5575b1dd530604e9ad6695c9fb35994a8b87d5c8570549a4d329b9fe087069ab7eb0d714a94e19261f86e448f2da9b1cb0c0dbe41d44c3a824783d1bdbd7326051aeb10adab805c5c59d0e83b1c11a2fdd35e444a499ed15dafd83862775f6cdfc67595818407be55ecbf7bf86c73069aace577626a8563536f605042cf7caaf6fc8e3b545b77414df8d9f649b99ee42541da38c3aae627207845b8f414a8074d70868a5c0b07b070c3c653be04076b83cad7b0305d9500aa44455cb860dcc76400af93c3d2efb42ae056f1428b65f122e1c7b9584d814d50ac72efdb:8525c346ca3a6a6c5f65c41778599377659870cb6df9a4a0e55b40c35beba55c8e009e5600b6447dc7402ba27749297e8f9528691856f72d2ad761ed1bc15309433d71781ceab2b47d826e67d39f9b80d2ffd725f8c5aeb40cbe4f9b5f48ef93521ccec604360b9647323190bfef75ac931562d27f4a4e31f46e57bc99fa5158c82e12b737e45c5de9f7dd7c8622d4a7eaadf7202fb49d819c9ad24f8807313c5f37dc20453bdf05c9bf1a3c2117c93e7f3cc8a2542098e8fc1c642fa47b05543657b85f480bc86ec42800bb1422359c7c3e8ff4be598bd54f1dc586acae45a4740622b962742bc86e17cfa63e775354e7707e5079589e8d108b1f11dace0575cb9a6d26b59fce981465d9bc344ea6945a95b862796384fa8170560857457beff95a9b5ac3d6ad282d44929a303026b4bbedd60e2ef055a31f52d7ce8df2ca5d1851c5b167db0809259bb812569074105c734c85d6231273755f3a8b56dc508db5c23dacb7a06167bda51bc01350f016cd41b21e8cc5bc93343a9bb6ea4738c5c84b78fa963c410e433dc598196c22e5b791e12a4b343f7cd47bbb0eb0782bdb1a4e466846a030528eeb89056f73257193adaabc1b229862034878c3258a532548762e29ecc001abd989649da5e144cf35d48699f23bc46c5b34e04a53e72724b2b0b878982575d688e23cbe3a34067f4971e555972ec2908ae5f03e8831ec67755be95687ce6372939e1e2fb6951ec9ecf4bf7d1535431e259f29ad431222b54b65aa7d07cfb5df162a87c4d03481eb441f221d7f58627a14164e7f4c2e3a1d507e899d5358e00829b08cf3aecb8a75b2a31c3185a580e12b13f0642869fffb056723e961aaf6fefe67b4a7c4c93db3fe1f61adcc765569a99c09a3c824ed4a98babeae43efb1f351ba130e22aa97811986be923cc4180a7c4b78bcc140cec15574654aa6d65a06b97ecfa5f3a9355f96e4eeaa7689217b663fba4dab0d99b19c8d8dbf47a157e5d5969a35ef84dff9562edd434e73aee7d0d892dda72a362a22a7e9fa8634a57eebd1a907485ca8921bdc19ee9ee588f395687d3fc8f8c25f2e9576ca60313fbb2c265a99f2cdd5575b1dd530604e9ad6695c9fb35994a8b87d5c8570549a4d329b9fe087069ab7eb0d714a94e19261f86e448f2da9b1cb0c0dbe41d44c3a824783d1bdbd7326051aeb10adab805c5c59d0e83b1c11a2fdd35e444a499ed15dafd83862775f6cdfc67595818407be55ecbf7bf86c73069aace577626a8563536f605042cf7caaf6fc8e3b545b77414df8d9f649b99ee42541da38c3aae627207845b8f414a8074d70868a5c0b07b070c3c653be04076b83cad7b0305d9500aa44455cb860dcc76400af93c3d2efb42ae056f1428b65f122e1c7b9584d814d50ac72efdb: +67cf27155287be6bfab66215e017c3466322f21e6eb140be4f1bdecf55abfdc1d070aab295a8af935727c3be442b251db9e774d2f44b3c2424c52fc89656e169:d070aab295a8af935727c3be442b251db9e774d2f44b3c2424c52fc89656e169:0ff05297031c892774cb2c01e8ca60ddd0ceacc0b8d591a891e33b19e1be9e363bc6420d6f529f04840b3b08853c835a03e036978b04a4f9ec6be4aef331956190996dea272619f1686d33bef03dbc085a923a0f115b78f653feeb60bb9e45f34fb8be5a4cbb648c7d29956f0d0e96bdd3c8d0649720624cbc2079e84fd6d010241124098459f12af2991d3828770f50b104ea6e5f51fdad30a9b8079d2159e46d64af91d07c10ed19814df2afe660d7d8f2403534e92c62e1ea6d688203bca3d97c2afda83b255520ffe92a33625772513b1fe34fafe32b6a9b8cf994df7e634e686591e5f0073ababc64a89210ba53a4991c11557e0334e6c6a5036c642a318f2295117139085fb34075647006758e32bc00ad109fe803f7ee9f5ec2af4d25c3070abc51cf4d78e13a7ce283d4fb4eb41d3e8ce90238500ae0ceda320ec5922efa10b903748e1e853a3729d24c105439df2f7000123db9b2c01533bbf0d028ebb2fc00dce38ad06328ee9ecd849a6efc3ae884ef6933cfebed055bb2968a0b0676b5729216178c7519ef0788593fc0dcff50d7e0b1ebb3cf49bbd1bfa5c30ea7b88c36e1a1593aef0bb3f9e2091c8589f7414beed8df466a2ed87b2cb5f35f1d31246ceb968609253615d78043517379ee6974a669cb48da6ac2f96d700b7e44a435cfefec402a1e3110e76981924f2601c01dc03546fd4f511649302f0633dfbd25651c5a599c90954489c76a65ec05a7e4cc74616ce25601cc37b804e1f0bcc8651023b12e13568441e8b8ef4c305fcdad3d2b13fa080324b2fd6b61998cf864b658bc7fefcc48a5a7681d7c866c342c7f5d6cf10881522cc710257d25a4c1e352d270e902082ab9541d5900ceffa0914b16b55e0dd3786e98d41720875a148eb4abdb0153856679fb98c0ec485e5f458d635b7861a2b3a8ba5ec2c1444d353980200e5e071808854a268cc76c605c94f37329c36187a41fddf92aabdb4996a0e10b315526afeac80eb2fa32af786a34316b36111ee9352108144d70f7d1723b32f4dbaa82201353411d657713e55e35df78580b1bc08680f0159fa116faf463566aafe8aea69857e72e44ac809ac43f5c45939d85a1a5f4a370a18996c8514a46f34371ef9e5fb204422c934a1d293d101b8c16f99cc073ea366a13a45c437d620d132b74409cbf8b9c075b4163f726aa67e509a24874fc1b1fb6fb7c7355159c02aa13e64badf150356b1841b321f8041e13ed77e8461cfbb8e828488bf517a5d29ff82e7367480a8edddeb5350e7a83423bd0b1c55f7bb424ca04c205723cd5405671e733f391600a:c934a3a1aaab78d9269d1e9d13392f72c637bc5de54f04691efc29d473b475025d8d8fe3c523d2d29c41c5f3dec6ca38ce6d68d7ff09b6135ba24d0d32cc15020ff05297031c892774cb2c01e8ca60ddd0ceacc0b8d591a891e33b19e1be9e363bc6420d6f529f04840b3b08853c835a03e036978b04a4f9ec6be4aef331956190996dea272619f1686d33bef03dbc085a923a0f115b78f653feeb60bb9e45f34fb8be5a4cbb648c7d29956f0d0e96bdd3c8d0649720624cbc2079e84fd6d010241124098459f12af2991d3828770f50b104ea6e5f51fdad30a9b8079d2159e46d64af91d07c10ed19814df2afe660d7d8f2403534e92c62e1ea6d688203bca3d97c2afda83b255520ffe92a33625772513b1fe34fafe32b6a9b8cf994df7e634e686591e5f0073ababc64a89210ba53a4991c11557e0334e6c6a5036c642a318f2295117139085fb34075647006758e32bc00ad109fe803f7ee9f5ec2af4d25c3070abc51cf4d78e13a7ce283d4fb4eb41d3e8ce90238500ae0ceda320ec5922efa10b903748e1e853a3729d24c105439df2f7000123db9b2c01533bbf0d028ebb2fc00dce38ad06328ee9ecd849a6efc3ae884ef6933cfebed055bb2968a0b0676b5729216178c7519ef0788593fc0dcff50d7e0b1ebb3cf49bbd1bfa5c30ea7b88c36e1a1593aef0bb3f9e2091c8589f7414beed8df466a2ed87b2cb5f35f1d31246ceb968609253615d78043517379ee6974a669cb48da6ac2f96d700b7e44a435cfefec402a1e3110e76981924f2601c01dc03546fd4f511649302f0633dfbd25651c5a599c90954489c76a65ec05a7e4cc74616ce25601cc37b804e1f0bcc8651023b12e13568441e8b8ef4c305fcdad3d2b13fa080324b2fd6b61998cf864b658bc7fefcc48a5a7681d7c866c342c7f5d6cf10881522cc710257d25a4c1e352d270e902082ab9541d5900ceffa0914b16b55e0dd3786e98d41720875a148eb4abdb0153856679fb98c0ec485e5f458d635b7861a2b3a8ba5ec2c1444d353980200e5e071808854a268cc76c605c94f37329c36187a41fddf92aabdb4996a0e10b315526afeac80eb2fa32af786a34316b36111ee9352108144d70f7d1723b32f4dbaa82201353411d657713e55e35df78580b1bc08680f0159fa116faf463566aafe8aea69857e72e44ac809ac43f5c45939d85a1a5f4a370a18996c8514a46f34371ef9e5fb204422c934a1d293d101b8c16f99cc073ea366a13a45c437d620d132b74409cbf8b9c075b4163f726aa67e509a24874fc1b1fb6fb7c7355159c02aa13e64badf150356b1841b321f8041e13ed77e8461cfbb8e828488bf517a5d29ff82e7367480a8edddeb5350e7a83423bd0b1c55f7bb424ca04c205723cd5405671e733f391600a: +18c21c0d0de13d4c64497ef0260d66cfd34216981a1b49391ae5cb0e41436e9ff7d4dd1e059c36f6d121c0affeb21f0c572b45992f84948b09aafbcd86bb535c:f7d4dd1e059c36f6d121c0affeb21f0c572b45992f84948b09aafbcd86bb535c:68abca7c166afe063e477b80e37db224e1a235de8fcdeb7f427af67e001247cc5e057182fd9b6db8babaa658cf3b3fe4b0763bf88d67311b1190be834018cf57a332922413764620ace05445ee019a06dff98b238979ad6d30901befa3c64f6bd8c6eb092c2e62841388fd8c4e8419e2778984896737ed90a2cdb21996aef7c21638d6cbe680322d08996597a9e303f6f5f47940f8c5ba5f5f76383e7e18064a3d2dff5fdf95e90c5eb30f4d8d459ee1d506a8cd29cdc69b6754963b84d67494b35305d10d12b9487417b2ce28adcb10b65cc931fb3381ae02e7af79a02bf99e258a56361090e0b71222b3ac60bf2fb7ba832d034f5b6bc6fa663ae741f76d97c1ac32bcb7411507d518d2f6054b578328c5f67f758ac01bfe6f4d35900f50a5dcd30d2f9261b6bbec4c1d1fc18d2a7e70c4d36c21faf8cf94a587c3a0d1a9cde7831ae626775468ddcd40a8ba18f42b34188de5741e1be8307b1084586515ec015e4e371d29443a40b0c069c641d8cee5e4611862987c3e356b1293b0518b4a4c8ea97fc5a4db1f0129abee72fb8092ea35c2dab67573850207b8e82718999ad99c4c839eac14636bd5e4d8436a270dd90b8e321302e52a92d891ff1891542ae2caa0d66e0f661eae37b25b08bb2e0eeec4838009778cd525984380983b2baadd7102a1e356734e41d76183829ea9ab8244c336597ca2d67988f281438467e453f562c67b22d0a4dd9fcb46a5f80d299db5f01f59160a19d74c644fa5a940e32c9d8d983bab7efb0d7c7da4e3fda1cd0d18a4558eb9fe46408aab5085912bf2f46ab63a9354f9027c93691223ffaab8463bac4c4bc3b11abc46ba68717c91780d3f30470dbdd88b3780a194c8a40a2c0a81a4d56dec2d8962c34d2ab73369028e1bfeaa6bb58241ff4f898f80ad3bb1c691b8647f2c6983954c1c77957458eebf1c5055c31693abced05384735a4f741968bd6ac31565cfee71c884c1e29e9e7ae0f7ecd04d463b1dc389c36037e81458dcec61d0764032dd589b92afda2fc9028f41ab53cca2d04ec6a9565955cbcf1a3463989c7139bb902a5921e8b2c99c48e13711f0bcc399259516c81ae942a679d4ba33979eb12fcd2860602e4724b1330f1cd257b5b2891daee8ef4c92fc3bfdb34e532d5870f3805986ac97b503fd85873548e30950000f8a70be51fa757603501f2d30e852efeac4826862aed7f6d20c9a8c8dbe362dfee41893f27e6fd5e91d0e7e3d4fd8155f44fd8ef17af14a848d44a87631aeee751462b2a54087068daeab3ea3289ece6212b3b52ce7a8886df2a727b72a570c2fb9c50341:c9c099e21d095afadd4e71c9abf6b7083324776225b587b60a0e6092ecb3d33cff39c67d34776ae99dda754a3c2b3f781135a38c78ed6455aaf0ae0c313b620568abca7c166afe063e477b80e37db224e1a235de8fcdeb7f427af67e001247cc5e057182fd9b6db8babaa658cf3b3fe4b0763bf88d67311b1190be834018cf57a332922413764620ace05445ee019a06dff98b238979ad6d30901befa3c64f6bd8c6eb092c2e62841388fd8c4e8419e2778984896737ed90a2cdb21996aef7c21638d6cbe680322d08996597a9e303f6f5f47940f8c5ba5f5f76383e7e18064a3d2dff5fdf95e90c5eb30f4d8d459ee1d506a8cd29cdc69b6754963b84d67494b35305d10d12b9487417b2ce28adcb10b65cc931fb3381ae02e7af79a02bf99e258a56361090e0b71222b3ac60bf2fb7ba832d034f5b6bc6fa663ae741f76d97c1ac32bcb7411507d518d2f6054b578328c5f67f758ac01bfe6f4d35900f50a5dcd30d2f9261b6bbec4c1d1fc18d2a7e70c4d36c21faf8cf94a587c3a0d1a9cde7831ae626775468ddcd40a8ba18f42b34188de5741e1be8307b1084586515ec015e4e371d29443a40b0c069c641d8cee5e4611862987c3e356b1293b0518b4a4c8ea97fc5a4db1f0129abee72fb8092ea35c2dab67573850207b8e82718999ad99c4c839eac14636bd5e4d8436a270dd90b8e321302e52a92d891ff1891542ae2caa0d66e0f661eae37b25b08bb2e0eeec4838009778cd525984380983b2baadd7102a1e356734e41d76183829ea9ab8244c336597ca2d67988f281438467e453f562c67b22d0a4dd9fcb46a5f80d299db5f01f59160a19d74c644fa5a940e32c9d8d983bab7efb0d7c7da4e3fda1cd0d18a4558eb9fe46408aab5085912bf2f46ab63a9354f9027c93691223ffaab8463bac4c4bc3b11abc46ba68717c91780d3f30470dbdd88b3780a194c8a40a2c0a81a4d56dec2d8962c34d2ab73369028e1bfeaa6bb58241ff4f898f80ad3bb1c691b8647f2c6983954c1c77957458eebf1c5055c31693abced05384735a4f741968bd6ac31565cfee71c884c1e29e9e7ae0f7ecd04d463b1dc389c36037e81458dcec61d0764032dd589b92afda2fc9028f41ab53cca2d04ec6a9565955cbcf1a3463989c7139bb902a5921e8b2c99c48e13711f0bcc399259516c81ae942a679d4ba33979eb12fcd2860602e4724b1330f1cd257b5b2891daee8ef4c92fc3bfdb34e532d5870f3805986ac97b503fd85873548e30950000f8a70be51fa757603501f2d30e852efeac4826862aed7f6d20c9a8c8dbe362dfee41893f27e6fd5e91d0e7e3d4fd8155f44fd8ef17af14a848d44a87631aeee751462b2a54087068daeab3ea3289ece6212b3b52ce7a8886df2a727b72a570c2fb9c50341: +db9aaee198cd26a52b1181fa3fd92abe425e666d890bf969467dd2ce280ed4a73c897cafe2b499ecb2e1dd01ea55f3fc88f68c25b64a636b31a1fd1c78f37f3f:3c897cafe2b499ecb2e1dd01ea55f3fc88f68c25b64a636b31a1fd1c78f37f3f:47fb621561f8b7eecec6033f2bcb6f43ac68c958dfd2656f52a0c29b4acd44f4304c6bf77eeaa0c5f6d3b22db19699c3dcdede698abde623ec4b2b90910c80ac3af39c550b6dd409e63d77706655a9199cb5c0258f5ba38285ffdc64b8a8f373d1fb29ba87f84ddf5f34d8f140bbc17b3961682df5d0a8f9102e379a9998139dfe40ab8ce753bf5626108237771a7d8e109e9e0afe9b66d0420942e163a4f3c03f71813ee078bd090ac3d0772e2622c259e682552c75b08dd055a4a5eb5e609440bcd3f3a6feb876fd16921520c6cb6884710d2e15cdad6daaeed95962dda21c6788f784917917982e1ccbb5fdd9bdc1769db6b6db57ca354e01a1339d8e77e9dbbb5812fbab6a14c54085c0659599f150e22472470f1e5e672c425f375f9e0d6e8d52fa17b7a8d7a4d7ca3e12f4db53836aed2bebd74589baca8ce9100291bfb7e456db7f2f0a84dc0a7488851366a9a5fea0e3efc74b9cdd4bd97b65abf361393ce1703d8571805ee68a13d3654f03dcecfb77a53430d09496ad73ec01759957e51046aa7396f592338650117ac7b4dd3573eb53d9c9f9dfa62e2369c77af9c0d42f61bae74b287ddfa27b7f1c1be9883a044691d56dc13734ad4ee3a32a9f40e328c500d0fed8ea0510e938f2758004022bcaa6902bda1014b8ae3365272829ed94faba63cb14a36cf81390eca83fc1c627172013261b3993779aa076a5c5d81d90d27062e1a6d90b5cf1005c701917b7adac180cb75bbce0f27f2f180e2cb90140c14cc6009d2d41aab1db9418f91d4cf394002cd70ac9dc11ce865347fa3f56f87c149e2b17d2c72b663a58e3187bb19b9bac2d11483ba12f770ac04dc46d388518fa54dc152e9a9dfbff14f14c61cb375897e30c53e6de42d5e1401dae1b22baaa0e8a41c6af9d0e0b13a91a23d9b7d5552047029a3521946c7120d3d258b3aefcf754d1959487a1fe7743ac7e1cc89e368b197809c3a27317e0ec48d546db1e21eb629a29bc6247cdd4a1371437563edd12faea2c5cb77eededbfc58008fad1f65af35843fa274c734e3fbbaa9cc50d683748b75a485f94d630b032a5f1067d1deb30e9d2218c935c981d01c0c547fd68413136edf4c0c770286e823442e1c513651929213c121c1de700989141ab4af3b3fe7404b4d2a38c530bafb498e64953ce1c0fb7d340e21135bf8afdd8dd65b1b18cf1c8fb9f402b2670400b86ddafb184cc51d5fda273b80c26521f912f3583b4ae301dae151cb55c75703aadef032415227d53e395db6c150a1ee839ad26bae552e1ab736214dc04b0f3c41b7cfbd049681bc84c3d16530768:b2e3d9c5d0ff329996bc89d26fb3ac126bded313cbf8df86718638c199e057273d09eb163c6c181fd8bce51f72d4d9d2e84abbe08330773b9fcc2166f140d60e47fb621561f8b7eecec6033f2bcb6f43ac68c958dfd2656f52a0c29b4acd44f4304c6bf77eeaa0c5f6d3b22db19699c3dcdede698abde623ec4b2b90910c80ac3af39c550b6dd409e63d77706655a9199cb5c0258f5ba38285ffdc64b8a8f373d1fb29ba87f84ddf5f34d8f140bbc17b3961682df5d0a8f9102e379a9998139dfe40ab8ce753bf5626108237771a7d8e109e9e0afe9b66d0420942e163a4f3c03f71813ee078bd090ac3d0772e2622c259e682552c75b08dd055a4a5eb5e609440bcd3f3a6feb876fd16921520c6cb6884710d2e15cdad6daaeed95962dda21c6788f784917917982e1ccbb5fdd9bdc1769db6b6db57ca354e01a1339d8e77e9dbbb5812fbab6a14c54085c0659599f150e22472470f1e5e672c425f375f9e0d6e8d52fa17b7a8d7a4d7ca3e12f4db53836aed2bebd74589baca8ce9100291bfb7e456db7f2f0a84dc0a7488851366a9a5fea0e3efc74b9cdd4bd97b65abf361393ce1703d8571805ee68a13d3654f03dcecfb77a53430d09496ad73ec01759957e51046aa7396f592338650117ac7b4dd3573eb53d9c9f9dfa62e2369c77af9c0d42f61bae74b287ddfa27b7f1c1be9883a044691d56dc13734ad4ee3a32a9f40e328c500d0fed8ea0510e938f2758004022bcaa6902bda1014b8ae3365272829ed94faba63cb14a36cf81390eca83fc1c627172013261b3993779aa076a5c5d81d90d27062e1a6d90b5cf1005c701917b7adac180cb75bbce0f27f2f180e2cb90140c14cc6009d2d41aab1db9418f91d4cf394002cd70ac9dc11ce865347fa3f56f87c149e2b17d2c72b663a58e3187bb19b9bac2d11483ba12f770ac04dc46d388518fa54dc152e9a9dfbff14f14c61cb375897e30c53e6de42d5e1401dae1b22baaa0e8a41c6af9d0e0b13a91a23d9b7d5552047029a3521946c7120d3d258b3aefcf754d1959487a1fe7743ac7e1cc89e368b197809c3a27317e0ec48d546db1e21eb629a29bc6247cdd4a1371437563edd12faea2c5cb77eededbfc58008fad1f65af35843fa274c734e3fbbaa9cc50d683748b75a485f94d630b032a5f1067d1deb30e9d2218c935c981d01c0c547fd68413136edf4c0c770286e823442e1c513651929213c121c1de700989141ab4af3b3fe7404b4d2a38c530bafb498e64953ce1c0fb7d340e21135bf8afdd8dd65b1b18cf1c8fb9f402b2670400b86ddafb184cc51d5fda273b80c26521f912f3583b4ae301dae151cb55c75703aadef032415227d53e395db6c150a1ee839ad26bae552e1ab736214dc04b0f3c41b7cfbd049681bc84c3d16530768: +a804c33b4d38cb3ce31cf3bac1049e0d4ec63a1a0b7b59fd8a36ee37541656aa6072256d6574a293bd7c221c551c32cf2f7715e19e433a49d9b8b0490e56ef62:6072256d6574a293bd7c221c551c32cf2f7715e19e433a49d9b8b0490e56ef62:dbfe307f2aae9e07ec7c4b682106d2c9367b0c4aaa58ae804e0a3904754e6cf8fee73cf9e2d45d0289e5078293dfc469d46ea67026c5aa692d2f2c9fb4ec57cdab4c043ff9ae6185f27a704454e5f53950aabd25c9910474d45af8836862723e0e6a27823d82bcbb68a96052422a1819512e3b43408cf48957ad6ae235b7233df18284749153dfa57de35074a30edfab8a56df28ab2e2940306c221aa55490cc664e14683f30ee615e2d93fdf971f596663465843b3add6392ba3390311ef8dc59f251445d669e10a0061991e113561923aa215244463d8264199ac588924e231e8419d8685f338e599b5f40bf9bd1aece772535bbbcb8f6881c2e800491ab3b57b44b8ae43aeb5c4ae5e7edeb228fedc9f6b9cadea176e134936ded60af1c228734fb00570f2374bbbfa1bb170785805d6b6c701e820952eae45b8c2366113a1dfb2e35852af419b754f9cf7a081c3dde6c8053bf1ce0c85339d5699c422476fc21f26ce75d2a7fed09fc0f4175789847d876c51aa4e0bf7ce842b8308dc7a28c8239520714dc233136e09f557c7ef3e0f83bad63cb28ac616d3928f3837dce1dd58acb8ddbc72e822deee45f00776acc88e00cd3a9db486d92d535a57a0fdc4f903b62e517221c308cba2e30ffe7b91937a99417721f56fe6df44840e9e41136929c0ca3dc28ddf2379e4dcfde83723e2d4c9e23299c056afb31d3e70d085d0a312c5cd570b699dea8717458531348c96f6eb52d7ee61d5660f65e909a14ce1033dc853f2f25d09cf4e40d07eff72e15a390564a2be3c042d89a68660a97ffacec4967a4b618712d7060756520c29ee8d9220ad8615c4fcf3969bd3b2e0947e1f0be7e2d80e0a61480c3166db5582218bb0a8be9848efd41b6ce0cd795c486abb67210beb60cd078b46aeb7f4f485031902bcd7131e00b7035aa2d43fee063f7f30bd570da1dbb65c0ca92a4812632e432778553e35e856caa8218221fd6316ab0869173b38409bcefe6d2db9210f9024173b66dbb92677cbc71c8a1cd583fa6f354d3c93fa8b16c71374f25a00c332f85a8befd540388fb50db9f5d96e4e4e698833ce3d63c10b8eec70a243b9015db459431b62f5668bba60f0704f6bdfe9546ea475cef2ebccba4b7680848e82beff5854e49f65bb773a4922e90f9b8afc7cf818730588ed5aa7b399826aadd54372fcb761458b64de66857f4adacd4c32900cb77136a535d7bbbb554597aecf39ff698b45e6a218df1d2abe615eb8d9e1824c0becce90767899ebfd2c730144b32c74604c0e53e2505bb15d28007a87b9931d6eec0a6cb5b0f96d3194b2423:b1b44a142a7c4c3d0bf4661edac5b767005726c14a2769b7c214fb58737ec2e4bc51c3a195d2ba1b74a54eff4c33a90f41ccdefa9e9365fde8dd859fd3978c0adbfe307f2aae9e07ec7c4b682106d2c9367b0c4aaa58ae804e0a3904754e6cf8fee73cf9e2d45d0289e5078293dfc469d46ea67026c5aa692d2f2c9fb4ec57cdab4c043ff9ae6185f27a704454e5f53950aabd25c9910474d45af8836862723e0e6a27823d82bcbb68a96052422a1819512e3b43408cf48957ad6ae235b7233df18284749153dfa57de35074a30edfab8a56df28ab2e2940306c221aa55490cc664e14683f30ee615e2d93fdf971f596663465843b3add6392ba3390311ef8dc59f251445d669e10a0061991e113561923aa215244463d8264199ac588924e231e8419d8685f338e599b5f40bf9bd1aece772535bbbcb8f6881c2e800491ab3b57b44b8ae43aeb5c4ae5e7edeb228fedc9f6b9cadea176e134936ded60af1c228734fb00570f2374bbbfa1bb170785805d6b6c701e820952eae45b8c2366113a1dfb2e35852af419b754f9cf7a081c3dde6c8053bf1ce0c85339d5699c422476fc21f26ce75d2a7fed09fc0f4175789847d876c51aa4e0bf7ce842b8308dc7a28c8239520714dc233136e09f557c7ef3e0f83bad63cb28ac616d3928f3837dce1dd58acb8ddbc72e822deee45f00776acc88e00cd3a9db486d92d535a57a0fdc4f903b62e517221c308cba2e30ffe7b91937a99417721f56fe6df44840e9e41136929c0ca3dc28ddf2379e4dcfde83723e2d4c9e23299c056afb31d3e70d085d0a312c5cd570b699dea8717458531348c96f6eb52d7ee61d5660f65e909a14ce1033dc853f2f25d09cf4e40d07eff72e15a390564a2be3c042d89a68660a97ffacec4967a4b618712d7060756520c29ee8d9220ad8615c4fcf3969bd3b2e0947e1f0be7e2d80e0a61480c3166db5582218bb0a8be9848efd41b6ce0cd795c486abb67210beb60cd078b46aeb7f4f485031902bcd7131e00b7035aa2d43fee063f7f30bd570da1dbb65c0ca92a4812632e432778553e35e856caa8218221fd6316ab0869173b38409bcefe6d2db9210f9024173b66dbb92677cbc71c8a1cd583fa6f354d3c93fa8b16c71374f25a00c332f85a8befd540388fb50db9f5d96e4e4e698833ce3d63c10b8eec70a243b9015db459431b62f5668bba60f0704f6bdfe9546ea475cef2ebccba4b7680848e82beff5854e49f65bb773a4922e90f9b8afc7cf818730588ed5aa7b399826aadd54372fcb761458b64de66857f4adacd4c32900cb77136a535d7bbbb554597aecf39ff698b45e6a218df1d2abe615eb8d9e1824c0becce90767899ebfd2c730144b32c74604c0e53e2505bb15d28007a87b9931d6eec0a6cb5b0f96d3194b2423: +f820e6f24a8418b6acda165f29a360f767cdedde8f64d768b95fc2a5f3f404e779c4b263b2e58f678628d4ea82b175aca230b9a20285c828f94e1ffd63d75b23:79c4b263b2e58f678628d4ea82b175aca230b9a20285c828f94e1ffd63d75b23:ab6bd45bb06dfb9069118ff998f3bd393ea8e944979e89e049f2505cd8931b93086b7e9d8ee764e9b447ea4ea12138bb45275a21a19843f75dc5421d61ffd861838e5833825d67162f3259c26447be51dc1802ef5a04ba73b783935706abb42c513b65f2bbc44f83da1061242f2d5e5198f38c10717a86a3a197e7cd9034f636114499037277acb4722c06a91cb2f65e21eb8d22d36ad73b4265f7a7947e00e722bda67043cd1281bcd87e763fc97b54c8f86836cdbf08c9a1f700f4eaed9ea59a6fc1bc0df8c9ec1fc2977cad60f978abc0c8381aa9fb060e3f99378a51b2d9afbef358d55162a38922ebb87d2a3e0f0f4000b1c39b1502e95945e8ac9f4a3ea7c9ddb581a5ec06c00ba87a737084b384faba09c84871ddd67dc1bebb2f7fbd94a5597d019fe629e5bf12bea2e33ca84c680dc5a3989bbf3af9eeece8ab8fc861e3b8bfc1e67e2aee326b37fb9b51cfa0b5f5fc160069b450b704e0fab7fb6c5ab3c40b8f0b3d0930b9112d64b9dacab4dd875f29d8c58c5d2053ad9148ffde22d90bc0d50f5deca68d3ea25c5b4c7688871c0c77dbceeacbd0a4229f4970ec87b34499e278303c06694c30ac68524d11b172794b481273a5dac46122d2472095a563a435d185d5e91da726e74592999cdac688a33f38f7c035588f625dc6ac73d0047ab3d6d12f1ae33d8b62d6d6c6cacff0bdd894b57e318912ac0cf4a534762b2f6d263c935804423ed868cf8cfbb8be8f6d8a714a268a390edc2dd509d2dc96851d1bd43249bd0f69b0c4cb2ff4080d1fd5622bc238dda6e930025d8a2b12b972f9eba17421d4cea642f40ad9ea8547ae59498c3ad1b9a0c34ed8c01aae3bd21ac17743b577f9515cfbdde2704dc57e80f125323d55100b9f697927d431dfe73631b58e52aa6aeb0478bf459552438689fbeb9c60d87aae09954362cd02a2b0b479efd38f17821af39b21926ee02f7d972ad0f54ea6572cc3ebd020b1ee26882533bd19114323815f672ec8c90568730a58e4e1e35f6821219a32b8a6c52ced6f9573d9f3beb28513ba62fb201f7fd41bb10ca34bb1c70f2fd7bb9299a7c5f7f2e0fa1d1af0e9aef5ede7c16950e860ecd61f1842a1a22c9831c0c0d4eda840b088a54520c9b18c76eba9bebcd591381c180d7f86a0e58add92b9b0c8076a7cdcab60dea4c1afb18c8b94b1b392ccfb4dae2711e7d12d2bc7c7825f63992ec3247163c283b1075e32245f69cf47240aef0db43efae86fc1fd3bb99cf5b789f5bcba9504657d9e622a4aa16f01d4d844413124447d6d1a4423e7b55db7e6a31a319f4bacae430a33a9bdd4ef3680:f9fd72f321ca2133bf8585908d9ca7b8e336227e3ffb3749a1fbe8c9b1e5d50ef01f9db5f0d2a7c7c1399b97c9044e1bc1adc32b8bea46dad7b8102646960303ab6bd45bb06dfb9069118ff998f3bd393ea8e944979e89e049f2505cd8931b93086b7e9d8ee764e9b447ea4ea12138bb45275a21a19843f75dc5421d61ffd861838e5833825d67162f3259c26447be51dc1802ef5a04ba73b783935706abb42c513b65f2bbc44f83da1061242f2d5e5198f38c10717a86a3a197e7cd9034f636114499037277acb4722c06a91cb2f65e21eb8d22d36ad73b4265f7a7947e00e722bda67043cd1281bcd87e763fc97b54c8f86836cdbf08c9a1f700f4eaed9ea59a6fc1bc0df8c9ec1fc2977cad60f978abc0c8381aa9fb060e3f99378a51b2d9afbef358d55162a38922ebb87d2a3e0f0f4000b1c39b1502e95945e8ac9f4a3ea7c9ddb581a5ec06c00ba87a737084b384faba09c84871ddd67dc1bebb2f7fbd94a5597d019fe629e5bf12bea2e33ca84c680dc5a3989bbf3af9eeece8ab8fc861e3b8bfc1e67e2aee326b37fb9b51cfa0b5f5fc160069b450b704e0fab7fb6c5ab3c40b8f0b3d0930b9112d64b9dacab4dd875f29d8c58c5d2053ad9148ffde22d90bc0d50f5deca68d3ea25c5b4c7688871c0c77dbceeacbd0a4229f4970ec87b34499e278303c06694c30ac68524d11b172794b481273a5dac46122d2472095a563a435d185d5e91da726e74592999cdac688a33f38f7c035588f625dc6ac73d0047ab3d6d12f1ae33d8b62d6d6c6cacff0bdd894b57e318912ac0cf4a534762b2f6d263c935804423ed868cf8cfbb8be8f6d8a714a268a390edc2dd509d2dc96851d1bd43249bd0f69b0c4cb2ff4080d1fd5622bc238dda6e930025d8a2b12b972f9eba17421d4cea642f40ad9ea8547ae59498c3ad1b9a0c34ed8c01aae3bd21ac17743b577f9515cfbdde2704dc57e80f125323d55100b9f697927d431dfe73631b58e52aa6aeb0478bf459552438689fbeb9c60d87aae09954362cd02a2b0b479efd38f17821af39b21926ee02f7d972ad0f54ea6572cc3ebd020b1ee26882533bd19114323815f672ec8c90568730a58e4e1e35f6821219a32b8a6c52ced6f9573d9f3beb28513ba62fb201f7fd41bb10ca34bb1c70f2fd7bb9299a7c5f7f2e0fa1d1af0e9aef5ede7c16950e860ecd61f1842a1a22c9831c0c0d4eda840b088a54520c9b18c76eba9bebcd591381c180d7f86a0e58add92b9b0c8076a7cdcab60dea4c1afb18c8b94b1b392ccfb4dae2711e7d12d2bc7c7825f63992ec3247163c283b1075e32245f69cf47240aef0db43efae86fc1fd3bb99cf5b789f5bcba9504657d9e622a4aa16f01d4d844413124447d6d1a4423e7b55db7e6a31a319f4bacae430a33a9bdd4ef3680: +0a056be039fd55dada441d037361273f206e000a74a05c51c0cbb62743f1f34073140217a493a17866fff5154832273df79d5811543c222a39d056b8c970dbfa:73140217a493a17866fff5154832273df79d5811543c222a39d056b8c970dbfa:a5ab147684e4d4a7bcb5a96fb39818e23f56c2d8a744e9123d62083930ab1d0bb532e68714fcec7e6c41134b6b19ddd867fe635c9ed65393ee39c5e8fab456cb5b32797883f3cd9a0902b9796348ee66c691fb4f2bb14764410657c74ab364567879b6fa0a6f4dafd930d9234cd7834fb9d0eedfbb5a394bf0846ec6969c2ef7ce39e3853895ff5b4da31e54341b4272e4a26049189ff28241ceeffb7d2e1faf4f779fa65cac0f5783c60ae77de30ad4465fdb390d42571eff4a63136349937d6caeefcdae229e2f28cea8abf3ffae3c3eccd90670a4212a2bee1ca6a5b54f094fc3231058f5cb9eceb9993be47027d51c18deca41cddaf4e8bc56a99fd270355ff45971950e3437a198ccc3254168dfc1574080802ee101a617fb604e868f8fa8fb30daeb43074de11f2483d916de5643b7cac23d9340508a3fd621ecd25004356a53554ad3ad7d5d25817ad7c9a610008c67ac16ba4211c42f5dadf86c2c3aed825cf2a9b523bfc03dd7de400c67807e139ea5dbce4ee1f7d318889b01a9f44803c322ac3b61e20e6312d0a03bf9927fa33f04ed7e207b16f26502c2983a3a961f224461fe9b64923b1d09189476ae8d001d0ecaae4df60db35f448bb612f9655a5fb144df11d83aa6936886c304949e59aa46df65c22ce7bf289b3c77c25d896be6d51dee10748261688c8b071c856f9962c66775ddf16083dae06587e32a6361199d72097e383ad7439491b5a563a3e6d58da3d5abb1de84890a36b421ce03d484dfd60039638d46edfb60659e3a25ac6e9a935ad6dad50f927bcc2ff99f9924a5b7995dc23c8f301ccc7769f71c18260904a3dcfb817d2d805cb1f196be8b6ecf352bc296bc3f76ea91353f8cf35bcd2b57eb5942773d6834ac50eeadc7e66461d1da098ccec75ff7205215f52459d97620f9f0289e93911db39b21df818fdf0bed45509244633df01cdddb4b75972fa7ea6f73281cbdbbd1bcb00c3bc1b1728eeae0bba172b131f5d30890a341e6b72f7e89dd4b6db3e79b6927586cf2c8ac38dd14f374d7f5bba9f4353def10ddc94d3d1118c5699e38b6b504918e589efe3f7e973fb40e2ebd057de1385e39d699a8f683b962fae4f3902881f1afbed7c783823558c36d68c6875d166fa243eb2ae14f7e6315a6d2ab4e79ea8e16e69d30edc708f1e7af7adafedcd3168898b331878178c4ba8833d20b3cac9d32b8888cc6783206397470a2e7cc4c9809ff79ceac9dc24ca1438c919c8a415e82f0902b4d9cf4ccd576968d5bee81c5f19c7d57b9bada8eab4756ea270dd26129e6122ee2d615242bc7fabff4f8312e686c8f:fab8e5d93d7d46c65ee117c5375e73c9705f8754177fdd46efed4737c28768cc4b95a9c84c529b4b916b28dabd8741183144bcdb483df98af89d8240cf094604a5ab147684e4d4a7bcb5a96fb39818e23f56c2d8a744e9123d62083930ab1d0bb532e68714fcec7e6c41134b6b19ddd867fe635c9ed65393ee39c5e8fab456cb5b32797883f3cd9a0902b9796348ee66c691fb4f2bb14764410657c74ab364567879b6fa0a6f4dafd930d9234cd7834fb9d0eedfbb5a394bf0846ec6969c2ef7ce39e3853895ff5b4da31e54341b4272e4a26049189ff28241ceeffb7d2e1faf4f779fa65cac0f5783c60ae77de30ad4465fdb390d42571eff4a63136349937d6caeefcdae229e2f28cea8abf3ffae3c3eccd90670a4212a2bee1ca6a5b54f094fc3231058f5cb9eceb9993be47027d51c18deca41cddaf4e8bc56a99fd270355ff45971950e3437a198ccc3254168dfc1574080802ee101a617fb604e868f8fa8fb30daeb43074de11f2483d916de5643b7cac23d9340508a3fd621ecd25004356a53554ad3ad7d5d25817ad7c9a610008c67ac16ba4211c42f5dadf86c2c3aed825cf2a9b523bfc03dd7de400c67807e139ea5dbce4ee1f7d318889b01a9f44803c322ac3b61e20e6312d0a03bf9927fa33f04ed7e207b16f26502c2983a3a961f224461fe9b64923b1d09189476ae8d001d0ecaae4df60db35f448bb612f9655a5fb144df11d83aa6936886c304949e59aa46df65c22ce7bf289b3c77c25d896be6d51dee10748261688c8b071c856f9962c66775ddf16083dae06587e32a6361199d72097e383ad7439491b5a563a3e6d58da3d5abb1de84890a36b421ce03d484dfd60039638d46edfb60659e3a25ac6e9a935ad6dad50f927bcc2ff99f9924a5b7995dc23c8f301ccc7769f71c18260904a3dcfb817d2d805cb1f196be8b6ecf352bc296bc3f76ea91353f8cf35bcd2b57eb5942773d6834ac50eeadc7e66461d1da098ccec75ff7205215f52459d97620f9f0289e93911db39b21df818fdf0bed45509244633df01cdddb4b75972fa7ea6f73281cbdbbd1bcb00c3bc1b1728eeae0bba172b131f5d30890a341e6b72f7e89dd4b6db3e79b6927586cf2c8ac38dd14f374d7f5bba9f4353def10ddc94d3d1118c5699e38b6b504918e589efe3f7e973fb40e2ebd057de1385e39d699a8f683b962fae4f3902881f1afbed7c783823558c36d68c6875d166fa243eb2ae14f7e6315a6d2ab4e79ea8e16e69d30edc708f1e7af7adafedcd3168898b331878178c4ba8833d20b3cac9d32b8888cc6783206397470a2e7cc4c9809ff79ceac9dc24ca1438c919c8a415e82f0902b4d9cf4ccd576968d5bee81c5f19c7d57b9bada8eab4756ea270dd26129e6122ee2d615242bc7fabff4f8312e686c8f: +220524860cb89ab295bd884f988a57911868693d6b105a80b230f21e57805a7d4ab32bc1566a7677e799734dc84181fbb654b813379180f1dd35aef2d324c12c:4ab32bc1566a7677e799734dc84181fbb654b813379180f1dd35aef2d324c12c:024a54ac5e0163b3a4fdd02f5936888ae2f9b74a6414b53c6381173b095a4ddacfc3a69f19167d0f1ae0c120bba7e9fcb7ccfc796d89ea46ef8058866ef6da7d01a6a142ea69d720c4f805ac5405a8012c3c2a8263b5372d59bf7f4099299013d26259dfd5193ece56179777be51b86bd1ce5f1fc9156f2b3a32c09d86bc6132de576102e2f03c716db5366ccbe742aee3552ac3b39d0ec7d4e4e9626bf8ece031d678d3480905c0e338fb7cc026e3e79cf2c2781ac2a5a40df4284e235a0389e928fc63557dc6f199fcec5f361ea24759fa7c5f71978c0ba245e4b03ae435941c86c81a51430c2dc9927e3b0f4ec4eba7c2745b493987154d7da85b67de21c598407fb2a760804ad05bfdfa45a613224b22a08588ccea3cbdf47a198bebf8cfed8649d6d5f3fa501376bdfba4003dac2237dcace5315b7fefb879a89a85bce6da526fc360cbb4fd554ef013f33b7384cd2b22a88577f3a2d366422aae46417ba916e1646e24404a88b5d53ff1aed2a47baf81fcb4286397991394b2ecc39667ac46c2bdb6d023b33db013457c4005d839015d8851f028ac334fb24bbad2902a4d63ae68e0eca7eaea1e856529647baf1412213754ed50af3f436e9bafc1601639b39d3e52a93a898fb6019fd5ed6e7dfc050e7ce5f3d35ceb5067021c0fbdc708d3f26bd60568d1ed2b612b696235d5333318f9a6c987235a7a07f8c6a9354fb8e734763065afcd4d937764a4f037cc7e7e2b93217f1641684fa81b7ff7986a28b38e95b332e74649e83d0ded795c57f24cf276e0143901bafef0f1693fe7cf10904fb0d880d72e44716a7069daaae742cf0ff3ed92f5f7d1e10e049d8df043631ed0ed4c4ac4022d8403cb0421b454cbfb6f48a30e9ee1609ad7b68211977acb33b9c1a1be735814c58f66db5f0b8ac773b1d58d4e6bc45dfd48a294bbd25e92671f56f302f29b50d80431c8f2ea33996257b208e057ea7672cc2d1cd4204b85b2ab509027131359aeb42e3eccdbaecfe2cd3e5a3313266e761194ff69cae9e37e51cc0a54f086dde13cb33118e34fe33c74d735582752d68d21c79e5c3aaea94ba107cb7ee8a70a3f9a01e9808c0aeba6665315b45625840a033a6e2a875495057942ed9bb2ce6e4ee60bed47cd9d584bc24524397a109498ee2a973aad6a29b70a1cfbfe9aa5c7cb9f35f0fa00227f43988d07619b6fb2f6d3bee28e10ee705347015a922e2e88d34fb0ce515b08df3a1b634ff9ec15d0594182c86ebb0db783612a7d19e4b22e822d566245aed72e694c3d101bfa4ca879862e5f99c23a5d66083ce06d87f399aa7888ab83b8664472:db1cc0c5db773ec51689be28842fa6791a7d75e29c228ae9593a580e0875b1670f09b03442929a18f1e9414ea34315ff09d91d922ee47f10f71da4ab13b7d901024a54ac5e0163b3a4fdd02f5936888ae2f9b74a6414b53c6381173b095a4ddacfc3a69f19167d0f1ae0c120bba7e9fcb7ccfc796d89ea46ef8058866ef6da7d01a6a142ea69d720c4f805ac5405a8012c3c2a8263b5372d59bf7f4099299013d26259dfd5193ece56179777be51b86bd1ce5f1fc9156f2b3a32c09d86bc6132de576102e2f03c716db5366ccbe742aee3552ac3b39d0ec7d4e4e9626bf8ece031d678d3480905c0e338fb7cc026e3e79cf2c2781ac2a5a40df4284e235a0389e928fc63557dc6f199fcec5f361ea24759fa7c5f71978c0ba245e4b03ae435941c86c81a51430c2dc9927e3b0f4ec4eba7c2745b493987154d7da85b67de21c598407fb2a760804ad05bfdfa45a613224b22a08588ccea3cbdf47a198bebf8cfed8649d6d5f3fa501376bdfba4003dac2237dcace5315b7fefb879a89a85bce6da526fc360cbb4fd554ef013f33b7384cd2b22a88577f3a2d366422aae46417ba916e1646e24404a88b5d53ff1aed2a47baf81fcb4286397991394b2ecc39667ac46c2bdb6d023b33db013457c4005d839015d8851f028ac334fb24bbad2902a4d63ae68e0eca7eaea1e856529647baf1412213754ed50af3f436e9bafc1601639b39d3e52a93a898fb6019fd5ed6e7dfc050e7ce5f3d35ceb5067021c0fbdc708d3f26bd60568d1ed2b612b696235d5333318f9a6c987235a7a07f8c6a9354fb8e734763065afcd4d937764a4f037cc7e7e2b93217f1641684fa81b7ff7986a28b38e95b332e74649e83d0ded795c57f24cf276e0143901bafef0f1693fe7cf10904fb0d880d72e44716a7069daaae742cf0ff3ed92f5f7d1e10e049d8df043631ed0ed4c4ac4022d8403cb0421b454cbfb6f48a30e9ee1609ad7b68211977acb33b9c1a1be735814c58f66db5f0b8ac773b1d58d4e6bc45dfd48a294bbd25e92671f56f302f29b50d80431c8f2ea33996257b208e057ea7672cc2d1cd4204b85b2ab509027131359aeb42e3eccdbaecfe2cd3e5a3313266e761194ff69cae9e37e51cc0a54f086dde13cb33118e34fe33c74d735582752d68d21c79e5c3aaea94ba107cb7ee8a70a3f9a01e9808c0aeba6665315b45625840a033a6e2a875495057942ed9bb2ce6e4ee60bed47cd9d584bc24524397a109498ee2a973aad6a29b70a1cfbfe9aa5c7cb9f35f0fa00227f43988d07619b6fb2f6d3bee28e10ee705347015a922e2e88d34fb0ce515b08df3a1b634ff9ec15d0594182c86ebb0db783612a7d19e4b22e822d566245aed72e694c3d101bfa4ca879862e5f99c23a5d66083ce06d87f399aa7888ab83b8664472: +4ef60f0691d737e64d437bfd3398330e55e3c094cf41fc557b0fe0b643909ab8306ab146e5c8cd630f9b48bf8b685db0b6b553ef69686853b6b531960118548c:306ab146e5c8cd630f9b48bf8b685db0b6b553ef69686853b6b531960118548c:0a188ac26f3c5d89f3d588374fac5ecf9a467e2165b31d0b0f23501bd22e62bf3555ffba94631de74a6a3c3cf63b03ac1bbb37d233eca5993b0970a0220de8d6c41a970307309a52da0576dc334d806447aa09d0b245eacd0b42c4e19fa3d6fbdc229430eb3c7558af5331c6e7fcc2e552ce35d579073b548dc115bbd27e5a33ce1c47fc8461e391b6d767953487cc52ee673bc4be96569c8557369ebb6e02f79238108c3b5856ee381a79ff464c8f6009fd47e67b4c80201e11e61ab8f59ba5d07b15ace3fb374c64b6b4c345e2b00e9151ab8e1c5c98568bc58dd0812aaa3beee165e7eae58fbde63077203c4fd6e16068d76e3d3a13f1cdd73288bd5e4da44eb119a04c4d32efa2f13e7426a2f41c5623c9b066b1303639b8fcea0d8774cc08045f7e346365ff31d3b1ed99e97bca5f25c92b2843ac585d02193a2fd39466f73aaa989b1fa05b9a157fd0277c5e745d258e027803a524ad94309425c3f4dec31c0efc547752f4c7194cbb272f849a52169c6a078d20ede1432016528477b58c2bdf6063f9447e33837ccb437d8d6b95cf4c44be70c8193ad980a105f3db6f9930bab4678c776342faf170edf74248d3b1ca96f731b9d026d8f0f7c34ed372c1cde176f55f558675cc3180c23902f4ba9508d1c91c3c9e688730327f3f7b637a8fee54373759fcb17c9217ea44ce43691a8f6463640a4a5e151e6254c4ef12623b49394da7cc79452693817d6baea9a0a75876948b1f8d3b717f9ec36753f53263710383b98262ae6354ff2a2283220ad42c5cb2cbbdf12c879513710b16be856f3b1355b36f4b80c017c21be85e96053da050c40312100abb640b873d88fb6ee0d19e9e61b04c970bd1f060dd311bbb9a6e35b985fdca17caee8cd5db637acd90cb8e823255c056018fef5920db640d2201c5eddbd8a9c9474da8def7e1325b3cc436c74f815db1e42b421faab626a4378c2d84261bf649a53b321f598c44bbd3002b06cf7f1fdef84ab35f73ed7dc65096cb1dc0cc0e34c561c8a15cf5279abbed9b16ff24a9744e3f5e649cc9d8884f891c3fb78902031ffe0e0121c72080ad10c247b7c93a9ebb2d84d4f877750d7b3416393d03045226bb7994eea58e272dc18c46b382d1f97b23765fda7a8ce21fc6b98d723ffccd99ac4655cc5d10105a2a5b7c8cfbfb90e27a9a809e41ae640063286405a9be83ac5d2907a45f163c7764b09f99a55593220d6901292b9b5803a0fe71b0e4441cbfef841c33cebc98364d666e5a9f5e7e69a1508e4380ed361345b7248a4c1c1ce08769bc7152ddb332fba176200f5abbae3812f406da72dde5db:cbf7cf22081c5f235dba35630fb3f0408fceccefeb28b99d74dbd98c902c7d99ba9ca7fab3747c504cc219f4dd101081f58ce616e29280e362539fe49f34d7050a188ac26f3c5d89f3d588374fac5ecf9a467e2165b31d0b0f23501bd22e62bf3555ffba94631de74a6a3c3cf63b03ac1bbb37d233eca5993b0970a0220de8d6c41a970307309a52da0576dc334d806447aa09d0b245eacd0b42c4e19fa3d6fbdc229430eb3c7558af5331c6e7fcc2e552ce35d579073b548dc115bbd27e5a33ce1c47fc8461e391b6d767953487cc52ee673bc4be96569c8557369ebb6e02f79238108c3b5856ee381a79ff464c8f6009fd47e67b4c80201e11e61ab8f59ba5d07b15ace3fb374c64b6b4c345e2b00e9151ab8e1c5c98568bc58dd0812aaa3beee165e7eae58fbde63077203c4fd6e16068d76e3d3a13f1cdd73288bd5e4da44eb119a04c4d32efa2f13e7426a2f41c5623c9b066b1303639b8fcea0d8774cc08045f7e346365ff31d3b1ed99e97bca5f25c92b2843ac585d02193a2fd39466f73aaa989b1fa05b9a157fd0277c5e745d258e027803a524ad94309425c3f4dec31c0efc547752f4c7194cbb272f849a52169c6a078d20ede1432016528477b58c2bdf6063f9447e33837ccb437d8d6b95cf4c44be70c8193ad980a105f3db6f9930bab4678c776342faf170edf74248d3b1ca96f731b9d026d8f0f7c34ed372c1cde176f55f558675cc3180c23902f4ba9508d1c91c3c9e688730327f3f7b637a8fee54373759fcb17c9217ea44ce43691a8f6463640a4a5e151e6254c4ef12623b49394da7cc79452693817d6baea9a0a75876948b1f8d3b717f9ec36753f53263710383b98262ae6354ff2a2283220ad42c5cb2cbbdf12c879513710b16be856f3b1355b36f4b80c017c21be85e96053da050c40312100abb640b873d88fb6ee0d19e9e61b04c970bd1f060dd311bbb9a6e35b985fdca17caee8cd5db637acd90cb8e823255c056018fef5920db640d2201c5eddbd8a9c9474da8def7e1325b3cc436c74f815db1e42b421faab626a4378c2d84261bf649a53b321f598c44bbd3002b06cf7f1fdef84ab35f73ed7dc65096cb1dc0cc0e34c561c8a15cf5279abbed9b16ff24a9744e3f5e649cc9d8884f891c3fb78902031ffe0e0121c72080ad10c247b7c93a9ebb2d84d4f877750d7b3416393d03045226bb7994eea58e272dc18c46b382d1f97b23765fda7a8ce21fc6b98d723ffccd99ac4655cc5d10105a2a5b7c8cfbfb90e27a9a809e41ae640063286405a9be83ac5d2907a45f163c7764b09f99a55593220d6901292b9b5803a0fe71b0e4441cbfef841c33cebc98364d666e5a9f5e7e69a1508e4380ed361345b7248a4c1c1ce08769bc7152ddb332fba176200f5abbae3812f406da72dde5db: +197e15dce4c47d734dbce4688a7ad5fe41ebf2aa29a2bddb2bee628429c1bc0230fac323048b0c781a9f63c1ee69f2b9e75a2706d249512a2739607f26db138f:30fac323048b0c781a9f63c1ee69f2b9e75a2706d249512a2739607f26db138f:fd971d48946b51ffed7b62c5d099c1e56b1358b92235e1010e3f23844ddb73bcee8d2e1c9977353bc96a221c05602931fa16ccc2ab6d0f01c846c2920e99de026dc2897f3d5f3cee174ce751d4a805ee1959a3c69cfd42d7c9afd31fa9b1cf05786d8f9042a4f9f81cf7ac9c1c39b36f1ee95b98cf7ee3f43e2c343733d1d82cc08b2cdeb78d982034085ff4dc6536cd154a790c85c8613ec4e5e1dc377d38a745d938cfb15c8b8aa86121835f2e25e9e6d0de68025d810c3dc9df991dadad39dc6981fdbac1ff9b7a791c3960d8564366e5aa39a9e9c7cbf1d3f0f820d1b90108751ac764dabe05c51c18529da1b0349614668424ab4e936440c4a2513be528539372eee78754589dbe7994faa1f6229124f839950ed0923f4323315ac963bbe4c8e177dac516e7342238f1cdf140befc8acdca3d002b16c1398d868600304c7e9853b23a51b17d9fd06156e1d1d08a28460909fa209ccccc4cecbdb1a46348089115318681a95ae580ab6766041384651cc4e6145103923bdf4a32a93d93eed318791f20805f7ea84b743ee11ead9e4ca03da76ddd249fd4475fc1a353c70a83389bfac52098db066d1029c4effbed864ebe7f107e0103b3a8f3fd1d6ab4360b99e8b140c5ea133e923c392b8e4063aa6e522638f61d7a71c9225897d9f8a1e16cfcc801e7d54104eb10e61a5ae63c5c85a5b29392ab3ab8e5c039f100d0f4600c610e0209436ef2ece4d0bdb0bab437b2db5f3708fddf96660f6fb1a90d6048d395afafa760ccaf15deaa0effeb26ec17681d172c1330f78e78a8736b285f615f15d4f2c313d25f30aee9d1db39f535fcdd0ebc8e71b89ce6b3fcb567cd0fa288f48ed3a759bb2ed200fdc23091502fd9ca651ce5e3422a98335a81d74a65cc1500e9070abb609c1c1f68fc2ca94cdd550f99bcb2d092416b9bd388410b8fe748fb8c9a5ab8615f2ed968f85dcb2727726984beada7a18afdb0c72aa65de7abb7a86f11169a6eadf1c21d614e52c0c8f019747d341a05d85e37bf58d8327e9939c2387c2744edf838563cb37f0b16e8a06fc628a97230506fa4183954dc74815f3be2eb2aff4a13c065f743b7d85de804eb28efe570ed5ecc71aba97f9763b436173247f38e0cf6297209b65128465a382664ced8011fcc3d0e563f155bc63c94dde73c7b17247b8c3a4e8034ebd4364635185ce9c7081dbdbe8545f79d01aa532a0dc52cb790a31fc2ff41acebad27cce9244554db652fa287bae7decbcc8ce9e01d1a88ab412b6c6578203b42dec982b7f3b82314db2cc7c5c3dc1d3d8b17144da7fe60e7a8725fd0a97c610607cf413c72:2c3c8cd299c9060b65999b03a6579bc50ef1fe0d851f23be9cb58f8fb8c672ee086a539ead949e087df091122d26faaad206a5c52fcd58b514d7a935be017908fd971d48946b51ffed7b62c5d099c1e56b1358b92235e1010e3f23844ddb73bcee8d2e1c9977353bc96a221c05602931fa16ccc2ab6d0f01c846c2920e99de026dc2897f3d5f3cee174ce751d4a805ee1959a3c69cfd42d7c9afd31fa9b1cf05786d8f9042a4f9f81cf7ac9c1c39b36f1ee95b98cf7ee3f43e2c343733d1d82cc08b2cdeb78d982034085ff4dc6536cd154a790c85c8613ec4e5e1dc377d38a745d938cfb15c8b8aa86121835f2e25e9e6d0de68025d810c3dc9df991dadad39dc6981fdbac1ff9b7a791c3960d8564366e5aa39a9e9c7cbf1d3f0f820d1b90108751ac764dabe05c51c18529da1b0349614668424ab4e936440c4a2513be528539372eee78754589dbe7994faa1f6229124f839950ed0923f4323315ac963bbe4c8e177dac516e7342238f1cdf140befc8acdca3d002b16c1398d868600304c7e9853b23a51b17d9fd06156e1d1d08a28460909fa209ccccc4cecbdb1a46348089115318681a95ae580ab6766041384651cc4e6145103923bdf4a32a93d93eed318791f20805f7ea84b743ee11ead9e4ca03da76ddd249fd4475fc1a353c70a83389bfac52098db066d1029c4effbed864ebe7f107e0103b3a8f3fd1d6ab4360b99e8b140c5ea133e923c392b8e4063aa6e522638f61d7a71c9225897d9f8a1e16cfcc801e7d54104eb10e61a5ae63c5c85a5b29392ab3ab8e5c039f100d0f4600c610e0209436ef2ece4d0bdb0bab437b2db5f3708fddf96660f6fb1a90d6048d395afafa760ccaf15deaa0effeb26ec17681d172c1330f78e78a8736b285f615f15d4f2c313d25f30aee9d1db39f535fcdd0ebc8e71b89ce6b3fcb567cd0fa288f48ed3a759bb2ed200fdc23091502fd9ca651ce5e3422a98335a81d74a65cc1500e9070abb609c1c1f68fc2ca94cdd550f99bcb2d092416b9bd388410b8fe748fb8c9a5ab8615f2ed968f85dcb2727726984beada7a18afdb0c72aa65de7abb7a86f11169a6eadf1c21d614e52c0c8f019747d341a05d85e37bf58d8327e9939c2387c2744edf838563cb37f0b16e8a06fc628a97230506fa4183954dc74815f3be2eb2aff4a13c065f743b7d85de804eb28efe570ed5ecc71aba97f9763b436173247f38e0cf6297209b65128465a382664ced8011fcc3d0e563f155bc63c94dde73c7b17247b8c3a4e8034ebd4364635185ce9c7081dbdbe8545f79d01aa532a0dc52cb790a31fc2ff41acebad27cce9244554db652fa287bae7decbcc8ce9e01d1a88ab412b6c6578203b42dec982b7f3b82314db2cc7c5c3dc1d3d8b17144da7fe60e7a8725fd0a97c610607cf413c72: +08b5fd4e419d2370c0fcd6c3b92f8db3afd42268f533085d9fce32b522824e34cd0da699379e4f9425e84b9757300a51a163f358734cc37a91ff0ea488d29779:cd0da699379e4f9425e84b9757300a51a163f358734cc37a91ff0ea488d29779:3ceeeea30fa401563df36b198b9b59698c10e100a2f30e6f78fe62b92ecac989e8aa09ec760e89cac0a16bde3cac73622a8627efedfa4ec09b873f7e1000e76982910ca0aa4afb1ff5a8448b76f7b0d2a2d52a7f40dedefc68d60ce6622ca080d6698ea6c3bd7210b3b648f53252291494b35a55ff40fa1a631a57c510011a46bfb9e271bae1e78ce6c6ea60c55ba0cce36059bfb01e394556987f744b72aebbdb4b1bdbb3bbaaee1b8b2f3174506a793f0a511b2b569049b30a2e0841424184a48eca9e2d83783ac5b61eb947cbd8bab7ad38b0c68427d8f94ae285190dbb6e0c6d580a25142394be948158d8da83b4f34a8d258b97075632b3c28bfae3105ed1872e356e43aed59397b9110bbf9d8ca2a044d5271e6cc361e14e69a932517683ec81818f02cfa0295e5661cea3e586afc0db41ba95553ee75b200b0f9790111d3757a739e563557aff9b70ca14e87b795437ba91a95dd07ea69a11359f36ca03298e0bfa4f912f64a2924ad901975a2a960ba1be89921b1f5485496b7ea5da6d8a6937ac105bf3760e4876990a0f5c5a634f74cb57df7c172c8a415372e6d903298717499616f8971c68bbece92ea878a18e23f327c3649b6a852ef23b7b3e603cdf80452dbf1be2fb77e814d2525496bb31fb6e4ed2533248b39d5fbe2390a9b6fccaba997e8b49b59836e3e09529ea5e4113eee451c9c6bb26741d0e4c586f53d604c6ea0c0e60db02e5109f3734f51cdd8985afeb3ecaff65e059e312cd50fa349ff28bdc9b70b7f532dbab1df43b03167c1d2e3fa6ee8c9b174a0b2cf8aa9ffa406bf5bd7288780c9c4a6b697949b48638d42079c8c66e14d9b572a210a093eaf1d2f7a703b5cd20adc4f9927a6ea8ea78faa61bc62b3c5cbd3a53252566d043ba556590d9a763be7fea4b20e1e9cfbebfae15439b334dc539b17dada2e434e9c83225b1e8f6beb7d556b47d7f69f7eb7df5ede2eebd84e250b7c9468c21fdc0170ea8df662d6180581f657fe76cef1858b6b02f7325c7219643fba2f7e9963a33322d6504ab91bf10a978fa07b47d5db0be000dcd002bddaf676b77259c9f60ad0b11671cd5777c1e80b13f82eb0fb6a180b5666293a43240862fbfa3978d95311971afab9e1cc8ab14a876b6572ac8a4b7e0b40aaf6b52a1cf4c1ebc6c1c487df5a3cbc4005a0ee329cabc286db10f17d0f1782e07d3324f0c73efbd3c2fb52b71f98ad95db95062d91425e73467bc1e4e9bf552e8a24429d97db1d66dd4d995e5f8d24e9c910b2eb1758ef75525c3d65a3f430a027348820ce3053b6f3af4ec96d0493731c818c6b1a70c250ac686a4fc:42a13756b75c6722485fa3f694041b39b7d7c5fd40ebc06a52e0ff34ce14d8d40fa82a9508b568537d26d0dd7c0a31be710da80aab35196a039b60641db1e1013ceeeea30fa401563df36b198b9b59698c10e100a2f30e6f78fe62b92ecac989e8aa09ec760e89cac0a16bde3cac73622a8627efedfa4ec09b873f7e1000e76982910ca0aa4afb1ff5a8448b76f7b0d2a2d52a7f40dedefc68d60ce6622ca080d6698ea6c3bd7210b3b648f53252291494b35a55ff40fa1a631a57c510011a46bfb9e271bae1e78ce6c6ea60c55ba0cce36059bfb01e394556987f744b72aebbdb4b1bdbb3bbaaee1b8b2f3174506a793f0a511b2b569049b30a2e0841424184a48eca9e2d83783ac5b61eb947cbd8bab7ad38b0c68427d8f94ae285190dbb6e0c6d580a25142394be948158d8da83b4f34a8d258b97075632b3c28bfae3105ed1872e356e43aed59397b9110bbf9d8ca2a044d5271e6cc361e14e69a932517683ec81818f02cfa0295e5661cea3e586afc0db41ba95553ee75b200b0f9790111d3757a739e563557aff9b70ca14e87b795437ba91a95dd07ea69a11359f36ca03298e0bfa4f912f64a2924ad901975a2a960ba1be89921b1f5485496b7ea5da6d8a6937ac105bf3760e4876990a0f5c5a634f74cb57df7c172c8a415372e6d903298717499616f8971c68bbece92ea878a18e23f327c3649b6a852ef23b7b3e603cdf80452dbf1be2fb77e814d2525496bb31fb6e4ed2533248b39d5fbe2390a9b6fccaba997e8b49b59836e3e09529ea5e4113eee451c9c6bb26741d0e4c586f53d604c6ea0c0e60db02e5109f3734f51cdd8985afeb3ecaff65e059e312cd50fa349ff28bdc9b70b7f532dbab1df43b03167c1d2e3fa6ee8c9b174a0b2cf8aa9ffa406bf5bd7288780c9c4a6b697949b48638d42079c8c66e14d9b572a210a093eaf1d2f7a703b5cd20adc4f9927a6ea8ea78faa61bc62b3c5cbd3a53252566d043ba556590d9a763be7fea4b20e1e9cfbebfae15439b334dc539b17dada2e434e9c83225b1e8f6beb7d556b47d7f69f7eb7df5ede2eebd84e250b7c9468c21fdc0170ea8df662d6180581f657fe76cef1858b6b02f7325c7219643fba2f7e9963a33322d6504ab91bf10a978fa07b47d5db0be000dcd002bddaf676b77259c9f60ad0b11671cd5777c1e80b13f82eb0fb6a180b5666293a43240862fbfa3978d95311971afab9e1cc8ab14a876b6572ac8a4b7e0b40aaf6b52a1cf4c1ebc6c1c487df5a3cbc4005a0ee329cabc286db10f17d0f1782e07d3324f0c73efbd3c2fb52b71f98ad95db95062d91425e73467bc1e4e9bf552e8a24429d97db1d66dd4d995e5f8d24e9c910b2eb1758ef75525c3d65a3f430a027348820ce3053b6f3af4ec96d0493731c818c6b1a70c250ac686a4fc: +1e85c9e451b7acf801d16bc8268eb42ae85c72c68e9f90927aa0f3b50befd229a69d057f4b743811e07ac74561c225be0381c7d5849e6018793701a8cb6c99b5:a69d057f4b743811e07ac74561c225be0381c7d5849e6018793701a8cb6c99b5:189ea9c8d9ed14b0de82b44cbdd58757a27c68383fba597761f9e862e08de15b1e44c3db1badbde76980ee39e699629f6fcfef32d36b3393da2ca5a81f959c8b0f1b801b5fa4c47ca39591e612a2435c5bafd77a5c7ab74359210906f47533b1879e2a5af5864d961c8146e25dac772555e042a887261419ab8c9f6f625625481da5b93526a131f37b534a0050a8a462b33f20a7e94b891530b19bf654ee9534c9a8361d03635d8d27d46be7bf84781ad0d42d1e7c4854a49ba1ba458262fe5ea19021b935a6949492d70b605e151989ef2641b2bf81ec4b92020fc7074c2a63229d51a944186a28895e8ea95292c2f872bb21a3149399e23ccd8e2fc4f17a46b59c282c51b58d00266a5c16b1ce350d5485e8d8016dd0a50a5984cc948154cd5ce7cda0ee0ab1d7251bdc70a1785b8e9103917f4b917ab2b494f3483389a2f9237541849ed3bd565cffac9e756db56ef5e23495bc771e88bffa8707ceea5c09becadd059ab889d1df7e887b71a9e6c238378fbe0c3630386616363f207b16c3270d39acded511529992f4e598789121d316135810636baade8a28edc66bbf5ede3f404a70b47d35988be706b4eaa03023a39093d583cd4cd8bf4c74341a028c19d60da31b6a7a034c081a2b030feb3cd2f03d0faabffb58e3fc36c006cfb92947a7de5ba87476c1b051e18283c03e9c6e5a5c3c2777d9a0757372379664e82f8485824fedb70a4bc4e356edd1b5ce0fb6e41de0171621b84fafa00189afa8a6a900b14c70758f7aa4fb82400e0d18ab3cd7e48acfd489cab0e72e719f79a07d066c531a891c55291f2245dbbee44e52b1dfc8727aae387ab9e71994a3854e1add73d9a7965c775521c2f540842276dd309e2f6a341e7f0f37f22bb6627b6e9cb25ba24c6c4f4eb9f5e7622d88da1984e29c5da001039c44042b59351406a41336dd772d497d3fc8aac41172eb5aa6417fe422ec7c150b96b0454ee331247cb1538aeff3eca2d50e53d6d13170a76a0049ea0c05904a6390ed14ce7491e97f754c5222dac4b6118ba381f552e73ea8491e3b7ac949569b569cf2d29a80410e065b5cc4a466bb04eb7a15f596792e8490ba7002ec361571af5d8f57675c956449470a2f9955407367e409a232899553120a277db863e9a82ddabae87b789145ba898df3c28b96fbe3014cd085c6e60ee8831701036d99c5425d58e8bcc9fd9271d46aec1eb955130102eaaab44e0770c30b2b127efb0e5f8a3f7a0ca34ec9984a46011bc26bfde0c0819bb54706b565638b7542dc4b8bf8098dc01f161b3b129618b59aded33cb59ce9189a6762dbae5b0d34b71c8dbf:6c36da9ad6c456343ce642aca454923a52a2844ce5ee58947c8df7bab2ebe467823c5633e530b167d71c47ad9549df05943f99421e17475c4d4f08dedf6f3205189ea9c8d9ed14b0de82b44cbdd58757a27c68383fba597761f9e862e08de15b1e44c3db1badbde76980ee39e699629f6fcfef32d36b3393da2ca5a81f959c8b0f1b801b5fa4c47ca39591e612a2435c5bafd77a5c7ab74359210906f47533b1879e2a5af5864d961c8146e25dac772555e042a887261419ab8c9f6f625625481da5b93526a131f37b534a0050a8a462b33f20a7e94b891530b19bf654ee9534c9a8361d03635d8d27d46be7bf84781ad0d42d1e7c4854a49ba1ba458262fe5ea19021b935a6949492d70b605e151989ef2641b2bf81ec4b92020fc7074c2a63229d51a944186a28895e8ea95292c2f872bb21a3149399e23ccd8e2fc4f17a46b59c282c51b58d00266a5c16b1ce350d5485e8d8016dd0a50a5984cc948154cd5ce7cda0ee0ab1d7251bdc70a1785b8e9103917f4b917ab2b494f3483389a2f9237541849ed3bd565cffac9e756db56ef5e23495bc771e88bffa8707ceea5c09becadd059ab889d1df7e887b71a9e6c238378fbe0c3630386616363f207b16c3270d39acded511529992f4e598789121d316135810636baade8a28edc66bbf5ede3f404a70b47d35988be706b4eaa03023a39093d583cd4cd8bf4c74341a028c19d60da31b6a7a034c081a2b030feb3cd2f03d0faabffb58e3fc36c006cfb92947a7de5ba87476c1b051e18283c03e9c6e5a5c3c2777d9a0757372379664e82f8485824fedb70a4bc4e356edd1b5ce0fb6e41de0171621b84fafa00189afa8a6a900b14c70758f7aa4fb82400e0d18ab3cd7e48acfd489cab0e72e719f79a07d066c531a891c55291f2245dbbee44e52b1dfc8727aae387ab9e71994a3854e1add73d9a7965c775521c2f540842276dd309e2f6a341e7f0f37f22bb6627b6e9cb25ba24c6c4f4eb9f5e7622d88da1984e29c5da001039c44042b59351406a41336dd772d497d3fc8aac41172eb5aa6417fe422ec7c150b96b0454ee331247cb1538aeff3eca2d50e53d6d13170a76a0049ea0c05904a6390ed14ce7491e97f754c5222dac4b6118ba381f552e73ea8491e3b7ac949569b569cf2d29a80410e065b5cc4a466bb04eb7a15f596792e8490ba7002ec361571af5d8f57675c956449470a2f9955407367e409a232899553120a277db863e9a82ddabae87b789145ba898df3c28b96fbe3014cd085c6e60ee8831701036d99c5425d58e8bcc9fd9271d46aec1eb955130102eaaab44e0770c30b2b127efb0e5f8a3f7a0ca34ec9984a46011bc26bfde0c0819bb54706b565638b7542dc4b8bf8098dc01f161b3b129618b59aded33cb59ce9189a6762dbae5b0d34b71c8dbf: +51cf868f820eeda0dbd10180f777e6065c93a483c58a778b67e7d842302fb767ab088f502fbcf2150e4846b34d2c8097ff013c02a8b97cfcf2b95a1c72df3e24:ab088f502fbcf2150e4846b34d2c8097ff013c02a8b97cfcf2b95a1c72df3e24:7c2d8ee82d9abf8aa9c724c75b90990473f131763fe93b30cb04723588621da2a327928b22649fa062cdeabd77761538b2709b8fb7a2006e503509134c929c3011e1d728a57a4e175198075e214253f3f30e01b6e04eabd4de06789558e698b186efe34b32129568b3e8d0d7ea3ff00b3f25a42236893aa8a41b674a0ab5f41e7b28cf5a7cb765e18ead6de6a353a7824a3c49786038d6f4937f3264d6ccf0c0a2465bb693e52b3d1e6eb9ae4cb65d09cff54842e85362857a59f7198a688a3df38513cdd61e21dfd859142c8344a3b8b2a7c7db170f39f87ca3ff8ed427962b2b1a14d122fa2d5aea2a6640117dd258fa0fc54ac6e940bc16d211ec9adf914ab16578f521f655d2127e79e871bf7fa7544719d58ed847850cb27b99eb8f29b16cdcc28b15c1259ab4d589705a406688f605a2ebf58051c43a77c4e01fd6f749d32db4e89f263c2c16de181f0e6bdd0a6a64ffe6f1829444096d9f3e2b67e4bb006650b5929d1f82eb11bbed24e8f1018a7384605a3cf29ab598337939c76a3be861e483c5805ec3cee45e3424847a08558dcc99499fb9382acae56cdc87fbd5b26ff94c86f2e108794383501c8b33366850a76a0dfc0a7cd789a03f01a3e9d9e9ae39fd7245dc29299d24f3b4b167caccd223a99b6b20a3b673dc5f7466d0b2f815098a497ccaf80420168eddbf4da57b8666e9d33c48eb304b4cfcf457cd7659543f6d1e661890f562b43b8b6d1c4dcc077b60bfa533ffab928dbfd955dc5116d770950b690e2106ad52d42c31c22b8848894332b5c699e5c331fb381e5812e7526fdf4b8aa2daaa2ca2cfb9c92111b61cbc3d1eef6c8c6737f05588f04467db8330843acc98dc1a16fbd9d9d94bd8bfde26c3f71dee72b50910c36b240f802a61ca16372f6ffaadb2be4e853c5ed69a3d1f6c7b2de513c53a3fdd0a676f83d09d5c51176047d9200716bf22bae45fe01b3e0c2c51c16e46ad0637f79f9b4d83867704feda9f227831dea263399ca2771a4e78b4df8ac0de6a941eab370b1fdb47daf6642aaeaa63170fa9b3d1e1628f7c4e7cf0ea8b8a8e518cbacef9ade84df032484847ffb61bbd07e8727cc4c25da577b264519b4999fa7c0bc323d4f3f9739f780b9b2c23c77855ee5f6dcc401544d6b64b2770158fdc6c12f4d89beb044e0e85ac7a68d42917b1345114b9a672d1231b2c6c0f969f203531e71bbb4005b103a7dc3a58b5b824a7e01b6eb9f496dfa64d64d8c6777f53aa58d5da046d726f55454c88b6d7d4ab0d2198a89709f118a6b32460b9ebceff3fddc605da77ef3d1ba30fecf07be2f5313f4ee635af5e9561d877e99c:e15342a11caf892895e466228863d083b0692f010610748c23df2f11d29475bafce927cafe7f07efb8c347ed5663e73bea89531cedc0c348e79b6e58a75749077c2d8ee82d9abf8aa9c724c75b90990473f131763fe93b30cb04723588621da2a327928b22649fa062cdeabd77761538b2709b8fb7a2006e503509134c929c3011e1d728a57a4e175198075e214253f3f30e01b6e04eabd4de06789558e698b186efe34b32129568b3e8d0d7ea3ff00b3f25a42236893aa8a41b674a0ab5f41e7b28cf5a7cb765e18ead6de6a353a7824a3c49786038d6f4937f3264d6ccf0c0a2465bb693e52b3d1e6eb9ae4cb65d09cff54842e85362857a59f7198a688a3df38513cdd61e21dfd859142c8344a3b8b2a7c7db170f39f87ca3ff8ed427962b2b1a14d122fa2d5aea2a6640117dd258fa0fc54ac6e940bc16d211ec9adf914ab16578f521f655d2127e79e871bf7fa7544719d58ed847850cb27b99eb8f29b16cdcc28b15c1259ab4d589705a406688f605a2ebf58051c43a77c4e01fd6f749d32db4e89f263c2c16de181f0e6bdd0a6a64ffe6f1829444096d9f3e2b67e4bb006650b5929d1f82eb11bbed24e8f1018a7384605a3cf29ab598337939c76a3be861e483c5805ec3cee45e3424847a08558dcc99499fb9382acae56cdc87fbd5b26ff94c86f2e108794383501c8b33366850a76a0dfc0a7cd789a03f01a3e9d9e9ae39fd7245dc29299d24f3b4b167caccd223a99b6b20a3b673dc5f7466d0b2f815098a497ccaf80420168eddbf4da57b8666e9d33c48eb304b4cfcf457cd7659543f6d1e661890f562b43b8b6d1c4dcc077b60bfa533ffab928dbfd955dc5116d770950b690e2106ad52d42c31c22b8848894332b5c699e5c331fb381e5812e7526fdf4b8aa2daaa2ca2cfb9c92111b61cbc3d1eef6c8c6737f05588f04467db8330843acc98dc1a16fbd9d9d94bd8bfde26c3f71dee72b50910c36b240f802a61ca16372f6ffaadb2be4e853c5ed69a3d1f6c7b2de513c53a3fdd0a676f83d09d5c51176047d9200716bf22bae45fe01b3e0c2c51c16e46ad0637f79f9b4d83867704feda9f227831dea263399ca2771a4e78b4df8ac0de6a941eab370b1fdb47daf6642aaeaa63170fa9b3d1e1628f7c4e7cf0ea8b8a8e518cbacef9ade84df032484847ffb61bbd07e8727cc4c25da577b264519b4999fa7c0bc323d4f3f9739f780b9b2c23c77855ee5f6dcc401544d6b64b2770158fdc6c12f4d89beb044e0e85ac7a68d42917b1345114b9a672d1231b2c6c0f969f203531e71bbb4005b103a7dc3a58b5b824a7e01b6eb9f496dfa64d64d8c6777f53aa58d5da046d726f55454c88b6d7d4ab0d2198a89709f118a6b32460b9ebceff3fddc605da77ef3d1ba30fecf07be2f5313f4ee635af5e9561d877e99c: +543d5f1d4a6e1029b1914138fb1f4659e69456557207406688a2035cbbb2a68a3c83790c3b4553deae4f843b501d26f6167093ee54e279759ffad8cbc061e720:3c83790c3b4553deae4f843b501d26f6167093ee54e279759ffad8cbc061e720:fe0057f062fc871324b8bd5d427e9a5276231bd309907e5881d7ae53b1f370c2a43302a16510b46064a30736bac90951f1d9881af62c701483ebb9272ad77212eeb5fcbc7ec228d969f8902732113b98e3bf82dfeadd0de5e765d2870b12d1f9b5a28297c9fdd1495cf87789196a7d644eecd93587dbf20c28eb09da286603c582d2129a657db2d17add3558dde029ce27b88352de3f95aba17e1ed1913722db08a795dfbb70d62a8802724cb0f535f848d052aa3dde9166963a8041fccc4e60bfb11de2bf286eb602a4af842f4d1a340d78bbbcb2857f0c308f44bb101e7bc8b741d506094e27bbafa72428ef666ea6ea16f799b4ee58278f045974d86dc72cf5260d96f9c09b2f1181e1a4500f9283dc677f384ff64e51e89f76582020326c388c08a0fd00de73d5d49c06c0c684191a264fff726d872dc3ae496c7b478cfc61b51714192f76463e3d0aab410ea115e8befedb997ddd169921b3207ea66c1f59450b7623129fd1e2dd3da8f5206391171338ea0ec8ef3c59ed8afc69f3865c29a0723a9bbe95a742681ef9857e81abc80c92d2a718a804f5304fef3c63d799a6ef8782a7db46681d0de3506446982267b2152b0c321869e23cce8c4ebebeaf4aa1ebe9283b692605260ff621b03c10822aa5f6d03bdef49c462a68d471e849e164e3874f6e9f6cb3b5f293eb38ae5245a159ec4261a9bf6b5f7b7615fd339ea12733113ce767f883ae6675417fc770b50bd60e6f20addb29c1f7506233e32a7ebfadabff98cfd09b2b3bbd3eae0069548b9d8987af46ca98eb095bacbd874724ba10f3633aa08ab6ec26494ddf6854309b55d43bdbd29a7556f12dfb23cd0db4eb3937a65c4aed96e87b346555f9fc6897943a0faee65ccf394bd89b381beece25d1ba68f8fe32c23b3354f5be7e3ea3c0dec0f7ec2dd83f92b73058892b638d4c3b7242bb8f55bf087ba45a190a698bae675e0cd5e8446f2b21aeb63d2caea0f679a837e79357308d9f0b8af31f9d08008c39ee8d347528713c8850017a7f4ab98a35c7531940fa7621e67203ee782db3a2faa30f3aa850a5ff7aaed84c00ffd214f2c9261735fac3259d50e03c2652505279d91251927de5e56a8b9064ccf9f45dcbef46e1189ced2bc79e6ff652e69097ace5568bb2d5bef3ce21a25b3f79ee275ea34e621380566d704cd93f24dd9020932cc05218c23b5b22fffa7e99ee7fe457876a5e3364c9a8e8b049cfa20969774f506d1996cbe6ef5a37793ecdb04cfdeaed7dcf79ab278474dd770822d4b36fc68e4b2dd661ef99de01de6eec57fa573ede10fbbd5ac6fd6cd8bb4eee509dbb4610374401:55201194026fd6448b1d52f83ed20ac284e7e77fa92d5295d33825cea3aca47ec7aaca2fc08679f9acfcedb376fda4619be3272c7445e8705c306141cde16c0ffe0057f062fc871324b8bd5d427e9a5276231bd309907e5881d7ae53b1f370c2a43302a16510b46064a30736bac90951f1d9881af62c701483ebb9272ad77212eeb5fcbc7ec228d969f8902732113b98e3bf82dfeadd0de5e765d2870b12d1f9b5a28297c9fdd1495cf87789196a7d644eecd93587dbf20c28eb09da286603c582d2129a657db2d17add3558dde029ce27b88352de3f95aba17e1ed1913722db08a795dfbb70d62a8802724cb0f535f848d052aa3dde9166963a8041fccc4e60bfb11de2bf286eb602a4af842f4d1a340d78bbbcb2857f0c308f44bb101e7bc8b741d506094e27bbafa72428ef666ea6ea16f799b4ee58278f045974d86dc72cf5260d96f9c09b2f1181e1a4500f9283dc677f384ff64e51e89f76582020326c388c08a0fd00de73d5d49c06c0c684191a264fff726d872dc3ae496c7b478cfc61b51714192f76463e3d0aab410ea115e8befedb997ddd169921b3207ea66c1f59450b7623129fd1e2dd3da8f5206391171338ea0ec8ef3c59ed8afc69f3865c29a0723a9bbe95a742681ef9857e81abc80c92d2a718a804f5304fef3c63d799a6ef8782a7db46681d0de3506446982267b2152b0c321869e23cce8c4ebebeaf4aa1ebe9283b692605260ff621b03c10822aa5f6d03bdef49c462a68d471e849e164e3874f6e9f6cb3b5f293eb38ae5245a159ec4261a9bf6b5f7b7615fd339ea12733113ce767f883ae6675417fc770b50bd60e6f20addb29c1f7506233e32a7ebfadabff98cfd09b2b3bbd3eae0069548b9d8987af46ca98eb095bacbd874724ba10f3633aa08ab6ec26494ddf6854309b55d43bdbd29a7556f12dfb23cd0db4eb3937a65c4aed96e87b346555f9fc6897943a0faee65ccf394bd89b381beece25d1ba68f8fe32c23b3354f5be7e3ea3c0dec0f7ec2dd83f92b73058892b638d4c3b7242bb8f55bf087ba45a190a698bae675e0cd5e8446f2b21aeb63d2caea0f679a837e79357308d9f0b8af31f9d08008c39ee8d347528713c8850017a7f4ab98a35c7531940fa7621e67203ee782db3a2faa30f3aa850a5ff7aaed84c00ffd214f2c9261735fac3259d50e03c2652505279d91251927de5e56a8b9064ccf9f45dcbef46e1189ced2bc79e6ff652e69097ace5568bb2d5bef3ce21a25b3f79ee275ea34e621380566d704cd93f24dd9020932cc05218c23b5b22fffa7e99ee7fe457876a5e3364c9a8e8b049cfa20969774f506d1996cbe6ef5a37793ecdb04cfdeaed7dcf79ab278474dd770822d4b36fc68e4b2dd661ef99de01de6eec57fa573ede10fbbd5ac6fd6cd8bb4eee509dbb4610374401: +f8d257fdfcf99796f8ce4d8aade3b225a53c26feecef395b9561d9d587f5a33cf66bd4877df78aec04ca7e77732899de06777e698629f29969f8fa9c2f47ab9e:f66bd4877df78aec04ca7e77732899de06777e698629f29969f8fa9c2f47ab9e:233e1ef901abcb69fb486085d8db0233ff78f37b136f0afe24f7dac1944c3678e74fed58a1ad54835b7dbcb46fff6c3524312273300b6d878a93e0608a4abaca4e3194722bb9e23d17194d8667b84f2db038c24efb8f53409cf5594fddb8bcd61f74cf0726b51c651ce01eb66a59b455f7d8a7d60d3927e0c6c54b138e01925371d2d9d962aa982f5e6085280cc05f356993911fd2039dfc342117970291381d82027db36c799100057d9352b2cd879d9c82af734b7fa297d21149c978aa5e125b20372a9b2e0ed357337efaea1391f3b9ef11e3e5135bb70bdbe32a9bdb7c3c42d5d57cc8dab6811628a01089495cb8a4a76a48296cd8dfafc005ad49d70bb19faca2084a1b6f5e48d23c03fbcf6f106db770f07c33e8e7f4757da904a44dd0e738f3d5733a329375ced74f3c42bfcdbb910100455d6aa7d2e3e3aaa58a829630d376b0b466dc85aac48fe269946a7bc72d91eb37ded2f4a77c684be01093fd12de9d9d83199ccc50959a48d6e9a41427566092f04a0f95ca52372e0762b966ce6232055a4fd757c61b8bad83baef91a3c2772fb32ead8f591ac1e02bbf90a7f6c39079b86fb814cc242e980f0b8b1a2cecb8e6d4e8a5211bf8babf38e829ab9883608bd6d59ea5e836a9b4a4fbeded1bea2ffe977e8cf3615ca4a50fea1f05f1fe53c8eac500323e1f52a806831539957988d79acc7b54f7d02b480c469fd69540fea4bdd68cbdc68cf9c7872fd792591b01e9d9902d8a614f4c21823f23508ffd49ff218bea922ec141eff60da177ccad7d7b9d444f3b03458115f116cc6e37625c39cbadf09362f31d33f4c13c33b6292007f2cafd194f62c643e7a25571564febad7d33e364b633d008b090d7a091358bc69c567b9522b5c1cd01218d38529aebb03d9c2a5eb2285a7176f98c28036f21e19e92b406e94895fa281b35228fbf76e73e1758af1b434a4df98e8cc556b9d83f6b0b7ff52c680f65efe4e00c59b46ce593bf98899805d02b9165b7429849e73953770ae393e4f1f97cb90cd6159cc93952ae8a4d3d56a9a95df7cfabacd4d030d736ea454dfa4b4aed1bcd885d2fbea5ffa2cf2927c137c86be4fe016412628fe7a0a0f02b6b6a9a2168932b943ff8b28dd587e77287790aaaa69a98506c764e6f5ba6338c09f382e1b987d99f14a3e1958cb62ae6705a577f9ffc67306401128741a8d0af03c0aaaf6af06bd88ee4b0af6703e0ea60b0409ace24572fb386e07e9c22c9686bdc66d4fcf3c7461d3833a4c3013243607d4d158217187326df51725a6bc5116e990bef8a5a9579600207206bfc3a6dcf0746ef756fd939e187f668750716c0:9235d44807869816e28e42c81c801ffb121de826c0d33dcc4a4e1c932d5228b639bb294e16090a93d1f6904a7004222fda0a55446d9901c72340007bb45ae103233e1ef901abcb69fb486085d8db0233ff78f37b136f0afe24f7dac1944c3678e74fed58a1ad54835b7dbcb46fff6c3524312273300b6d878a93e0608a4abaca4e3194722bb9e23d17194d8667b84f2db038c24efb8f53409cf5594fddb8bcd61f74cf0726b51c651ce01eb66a59b455f7d8a7d60d3927e0c6c54b138e01925371d2d9d962aa982f5e6085280cc05f356993911fd2039dfc342117970291381d82027db36c799100057d9352b2cd879d9c82af734b7fa297d21149c978aa5e125b20372a9b2e0ed357337efaea1391f3b9ef11e3e5135bb70bdbe32a9bdb7c3c42d5d57cc8dab6811628a01089495cb8a4a76a48296cd8dfafc005ad49d70bb19faca2084a1b6f5e48d23c03fbcf6f106db770f07c33e8e7f4757da904a44dd0e738f3d5733a329375ced74f3c42bfcdbb910100455d6aa7d2e3e3aaa58a829630d376b0b466dc85aac48fe269946a7bc72d91eb37ded2f4a77c684be01093fd12de9d9d83199ccc50959a48d6e9a41427566092f04a0f95ca52372e0762b966ce6232055a4fd757c61b8bad83baef91a3c2772fb32ead8f591ac1e02bbf90a7f6c39079b86fb814cc242e980f0b8b1a2cecb8e6d4e8a5211bf8babf38e829ab9883608bd6d59ea5e836a9b4a4fbeded1bea2ffe977e8cf3615ca4a50fea1f05f1fe53c8eac500323e1f52a806831539957988d79acc7b54f7d02b480c469fd69540fea4bdd68cbdc68cf9c7872fd792591b01e9d9902d8a614f4c21823f23508ffd49ff218bea922ec141eff60da177ccad7d7b9d444f3b03458115f116cc6e37625c39cbadf09362f31d33f4c13c33b6292007f2cafd194f62c643e7a25571564febad7d33e364b633d008b090d7a091358bc69c567b9522b5c1cd01218d38529aebb03d9c2a5eb2285a7176f98c28036f21e19e92b406e94895fa281b35228fbf76e73e1758af1b434a4df98e8cc556b9d83f6b0b7ff52c680f65efe4e00c59b46ce593bf98899805d02b9165b7429849e73953770ae393e4f1f97cb90cd6159cc93952ae8a4d3d56a9a95df7cfabacd4d030d736ea454dfa4b4aed1bcd885d2fbea5ffa2cf2927c137c86be4fe016412628fe7a0a0f02b6b6a9a2168932b943ff8b28dd587e77287790aaaa69a98506c764e6f5ba6338c09f382e1b987d99f14a3e1958cb62ae6705a577f9ffc67306401128741a8d0af03c0aaaf6af06bd88ee4b0af6703e0ea60b0409ace24572fb386e07e9c22c9686bdc66d4fcf3c7461d3833a4c3013243607d4d158217187326df51725a6bc5116e990bef8a5a9579600207206bfc3a6dcf0746ef756fd939e187f668750716c0: +8da9f54da0b6a5a38985b88b71339dc7384cfd5a60bee159c394c22363bc7edd1ac1a8edeb217ae9b3a3de530d24d83e11fb6538cc709b52994fa9c3f1faddc8:1ac1a8edeb217ae9b3a3de530d24d83e11fb6538cc709b52994fa9c3f1faddc8:bd53baba6657d8db8becae6eabffa52b015a5a05fdd2e070647de96f9ca4dd219fe0da608fa0447f46d17c9a358244cd5408596582ccd3cdd0151d6f0923e63d166837845f273fca7af6c89d8d5246175c2167fbb9c2ebf6a7595491f97a9713b02bdf413e209ab22db7dd2b37fc49436918ccebe5746bc64ddd6dce19ec4558c40e0896e21909280cba06d16b72f31d987685d071db8155e99ebcc6c821d92683fdcee08668a5ed58f839d9edafb9f1459d48de8e1bb6f7ce84da0be411c8f7be1b9a24bc5d0fe3a96b02350750a5cb250b49555a487672bdff3c3f784e3fb63c1c97ba6ae43a10e196f188dcc635e214e29df509e5608a5367aa2800c1a96ad936a9e2a579b8592ec13a359336a62788c3ec55c0ffd6a7d49ecb7c682efa308199f708d79d0e8856366d269fab24eb1a075c96c881cab89708ced279230d3f1f3ee173672283eb8d8a824038f648ac437275d75a0e15f71ce56a8aeb771f07a7f32afc9d612a13bd83b7f93990d38fc3f4f4ab8aa9430c65736eb64b16806e995c1ce9dcf4c5544e7b3d01541c5721bb4be4cf0ae382a0c1b169d8e418defd559442acea14b00d705bcfa78be0756a8f377cbf183bf25906874115d8ce4c3ba874102938a4ea16036d91a42c5f8f188655cacb00c88e3a68508816e5e1c31d27180bbba9518a9630726d7d047dd8d2c0401219e14e6badfc9b95b77a6ace9bea71d1b47c218903a115ad029e7f2039ea23cfd1fa6a44d089fcacb678153d674c0e081764995595cb6894895f08e25b984e3a694c92fc7cbe0ffc4697230bcb0ca408c2d7085c11badeb3e6c0e75e6c498db1bec1ed2a3e2445c32b1913a89500f69e7f23f41d62e5c189f39a056cb9fc68a452023a333f75220cb9b94484acac6bbc671f59ffa072b71a1896a1b306e9dc558da0ec20f373e4c355e0c5eccbbf1350c8c07914892c454defcefb717be34d087aeb244a86ff49a6c470afb36b40fe8b71c505a4ff7af2984c65284938ec0e405231521f4810147dc4e373fdab6647b86f79827502fd087e27f310d6b312363113842155c57a32ba03b6cff965530bd795fc292e241c9b6ca085140032efe746f37d57e958421184b8a4c1a6a1e37d45e077319833068ddcb89d38c75beba1a6e8e4052888ec18162dd6ff0c59a2fd0b47f3119195680ffccddf5f76b35f022aa66bd1ac56f1ae333e9b9d046f0b79a892ecc4f8d2f31e17536c4c62a9b5e063dd2dce37d3d0acb42023eb2f2ea329d3876c2386a02276fff9d308abbadb7274301a6962ecaeeb20bef5e36afffc387ca8e185e562b865b49204c17b2a70119b061c29c0fe9004:f6dcc2d27baf16c4f4817f87499157d3ac1f84ed398a5e8b0d50f42edd7385cf06337a0236109970b79ca09d7c9831c876a802799421c2abd07587f5eb66160fbd53baba6657d8db8becae6eabffa52b015a5a05fdd2e070647de96f9ca4dd219fe0da608fa0447f46d17c9a358244cd5408596582ccd3cdd0151d6f0923e63d166837845f273fca7af6c89d8d5246175c2167fbb9c2ebf6a7595491f97a9713b02bdf413e209ab22db7dd2b37fc49436918ccebe5746bc64ddd6dce19ec4558c40e0896e21909280cba06d16b72f31d987685d071db8155e99ebcc6c821d92683fdcee08668a5ed58f839d9edafb9f1459d48de8e1bb6f7ce84da0be411c8f7be1b9a24bc5d0fe3a96b02350750a5cb250b49555a487672bdff3c3f784e3fb63c1c97ba6ae43a10e196f188dcc635e214e29df509e5608a5367aa2800c1a96ad936a9e2a579b8592ec13a359336a62788c3ec55c0ffd6a7d49ecb7c682efa308199f708d79d0e8856366d269fab24eb1a075c96c881cab89708ced279230d3f1f3ee173672283eb8d8a824038f648ac437275d75a0e15f71ce56a8aeb771f07a7f32afc9d612a13bd83b7f93990d38fc3f4f4ab8aa9430c65736eb64b16806e995c1ce9dcf4c5544e7b3d01541c5721bb4be4cf0ae382a0c1b169d8e418defd559442acea14b00d705bcfa78be0756a8f377cbf183bf25906874115d8ce4c3ba874102938a4ea16036d91a42c5f8f188655cacb00c88e3a68508816e5e1c31d27180bbba9518a9630726d7d047dd8d2c0401219e14e6badfc9b95b77a6ace9bea71d1b47c218903a115ad029e7f2039ea23cfd1fa6a44d089fcacb678153d674c0e081764995595cb6894895f08e25b984e3a694c92fc7cbe0ffc4697230bcb0ca408c2d7085c11badeb3e6c0e75e6c498db1bec1ed2a3e2445c32b1913a89500f69e7f23f41d62e5c189f39a056cb9fc68a452023a333f75220cb9b94484acac6bbc671f59ffa072b71a1896a1b306e9dc558da0ec20f373e4c355e0c5eccbbf1350c8c07914892c454defcefb717be34d087aeb244a86ff49a6c470afb36b40fe8b71c505a4ff7af2984c65284938ec0e405231521f4810147dc4e373fdab6647b86f79827502fd087e27f310d6b312363113842155c57a32ba03b6cff965530bd795fc292e241c9b6ca085140032efe746f37d57e958421184b8a4c1a6a1e37d45e077319833068ddcb89d38c75beba1a6e8e4052888ec18162dd6ff0c59a2fd0b47f3119195680ffccddf5f76b35f022aa66bd1ac56f1ae333e9b9d046f0b79a892ecc4f8d2f31e17536c4c62a9b5e063dd2dce37d3d0acb42023eb2f2ea329d3876c2386a02276fff9d308abbadb7274301a6962ecaeeb20bef5e36afffc387ca8e185e562b865b49204c17b2a70119b061c29c0fe9004: +7a2efd390124d3fbefc54a577106e74b2d1f5dd504c050d0d359e53c0f5c872befc303d922e88f70f38c1a2b920684ef663034a1b23ab9d69b6ce8ed8706f7f7:efc303d922e88f70f38c1a2b920684ef663034a1b23ab9d69b6ce8ed8706f7f7:238fbe9fb35c725c6c1f329248094bc7da1b273edc7699a7e3452b5788d87867defc40a00590e87580d2c0275df5abcce0e1aaa18290bf93b44e5ad9d760dd21f1aaca383178f9fff9130f73187ba9d31ea3604a1cdf3911e14377a0ce8b44189adaa7aac23b6cdc7a425b7ea745508455704f9ad7a8952718c398b421b6e09cb78cb52a1814ee2e9639ec68d361f0a32041d6e7425b4bb33c70196e2400eb812db8506c9f3245bd988fbc891be20cb0691559fc916b57ff96c9b14489e0993cb739a39da246d01a6ebd07583581f250bf480bc44b2c3391542d595e4d399490195f8445df638f34698f1a96ed27b3533e3eb67e8f865865fa9555ed34df11157641a00e6d60cf623fec1a92b87a15d765185fd9055acb38d75c99db4fce7b0e39fdc3f851daf65c7a33f464816931839fefe8e58d9ab742b861873fd229189e59cd4ce8239fc9543f539d2d296114266ea8c6fd152ac6b342e5d1a557ab35cac51e2d1212ee317c4d26716829e25746df17d2a622c243f3ecbb65f57ab0f4270e3d0668a962502245b94c06df0c5e39e353aa842ea080cf502708b1dda2d001824de458d37762af2cdfd5a6d3f35e08a18e14aa7a642c51e4047e637517846df646d07336fb172434e0883e2b77d8ed1c52c9cc636a56a19e57a5f161b92d1dcbfa496f344ae6d4dfdc9569ade457a49091362e5a0cdd81b3753243fdac30a2d27ea026a5e601441ecd5537a7201bdcb7fd58b240d0229fdd9babf112b5694812250e768d7c0ce6ca565ad06ab8f78a5c9950eef538726f576c4bd2e0755c7f983929372a5fe11c73f9e1fa453ab54b5817aad3596756127d84e3119453e8825bb8460d851f1f7e4a2838a2be786b233504a691db0fa22a5f41fe3fd3c9b538b04f409e091809486b28ad0deda7b38a42cefc48de7d8679c03bf877238511820d0770cc8d7b4172377823a0b99149abb8918bfb66d5abfcd10060b05cb4f239dd4281d93483504b731eaf5add515f1f3c3b52b4e3bdaf976a17b3c9ec61bfc8e77116715804532cf2dbf20b7ba5ead85afb952beec2fccff85ff5072ba4ed6b5438ab1520c6ef4b0b26f12e84aedd65ce5c7bbe6acb6772f593a6b4f81ddd9d502746505047c812a0067afceb8dc9bff30d4087f8d5a375eca605a0622784d8fea278cd1a5241ad4b3f1b914f74f73bc36ee7cc82d96efda63a3b6799730f20656c12356c79069b2be6f9b77be101983118823ea66e7c2098fbc72fc9c039dfe30f2daba13c3bdefb8a780beb5cb1b6c286a6b3ef48fd15c66c045ba29f0970413b988d0ea004ab84c93919f04f9bf8caf58c4eb478f358ef8b68:c28b34804805d81f7aef784970670edaa417232bcc67da9b51e9c3d74fc4991bde97a06bd53fa00bb440fd5616cd0de6e9b0d19f2f68bfaf9d4c5172c4e5200a238fbe9fb35c725c6c1f329248094bc7da1b273edc7699a7e3452b5788d87867defc40a00590e87580d2c0275df5abcce0e1aaa18290bf93b44e5ad9d760dd21f1aaca383178f9fff9130f73187ba9d31ea3604a1cdf3911e14377a0ce8b44189adaa7aac23b6cdc7a425b7ea745508455704f9ad7a8952718c398b421b6e09cb78cb52a1814ee2e9639ec68d361f0a32041d6e7425b4bb33c70196e2400eb812db8506c9f3245bd988fbc891be20cb0691559fc916b57ff96c9b14489e0993cb739a39da246d01a6ebd07583581f250bf480bc44b2c3391542d595e4d399490195f8445df638f34698f1a96ed27b3533e3eb67e8f865865fa9555ed34df11157641a00e6d60cf623fec1a92b87a15d765185fd9055acb38d75c99db4fce7b0e39fdc3f851daf65c7a33f464816931839fefe8e58d9ab742b861873fd229189e59cd4ce8239fc9543f539d2d296114266ea8c6fd152ac6b342e5d1a557ab35cac51e2d1212ee317c4d26716829e25746df17d2a622c243f3ecbb65f57ab0f4270e3d0668a962502245b94c06df0c5e39e353aa842ea080cf502708b1dda2d001824de458d37762af2cdfd5a6d3f35e08a18e14aa7a642c51e4047e637517846df646d07336fb172434e0883e2b77d8ed1c52c9cc636a56a19e57a5f161b92d1dcbfa496f344ae6d4dfdc9569ade457a49091362e5a0cdd81b3753243fdac30a2d27ea026a5e601441ecd5537a7201bdcb7fd58b240d0229fdd9babf112b5694812250e768d7c0ce6ca565ad06ab8f78a5c9950eef538726f576c4bd2e0755c7f983929372a5fe11c73f9e1fa453ab54b5817aad3596756127d84e3119453e8825bb8460d851f1f7e4a2838a2be786b233504a691db0fa22a5f41fe3fd3c9b538b04f409e091809486b28ad0deda7b38a42cefc48de7d8679c03bf877238511820d0770cc8d7b4172377823a0b99149abb8918bfb66d5abfcd10060b05cb4f239dd4281d93483504b731eaf5add515f1f3c3b52b4e3bdaf976a17b3c9ec61bfc8e77116715804532cf2dbf20b7ba5ead85afb952beec2fccff85ff5072ba4ed6b5438ab1520c6ef4b0b26f12e84aedd65ce5c7bbe6acb6772f593a6b4f81ddd9d502746505047c812a0067afceb8dc9bff30d4087f8d5a375eca605a0622784d8fea278cd1a5241ad4b3f1b914f74f73bc36ee7cc82d96efda63a3b6799730f20656c12356c79069b2be6f9b77be101983118823ea66e7c2098fbc72fc9c039dfe30f2daba13c3bdefb8a780beb5cb1b6c286a6b3ef48fd15c66c045ba29f0970413b988d0ea004ab84c93919f04f9bf8caf58c4eb478f358ef8b68: +ef3648cbe73402ab450cd6ec37e545d0cd2c999ecc1fa381a45c660e1853303252a1a45273872676582cc767339926414cd5d03d980cf629dda2d1a205e9830a:52a1a45273872676582cc767339926414cd5d03d980cf629dda2d1a205e9830a:6a93378f880cf0ffdb8e07d683cc352e2a1033c450baa0e8c4e16205fd0c02743b0ea064971d911e494713e6d94a02172ed014d506592ec6c70a9c97855246bf3d26f3cf74f493c1b697a0c414160c341412830985430806a0cb3c8475e7e5a973686c24d5ef1be7d0065096feb52eab260b5c488af09270de6decd33fea8589dd1021baf41e3f255fb8fa1916ebd8531eeb2f886bb3b3b04f9af6b276c35923f10d3a0af1e3f58b0d15aed165045f206f3f430abdff09449097e4b26d00a8f9f1e8f7a19f38588124c328ec43a9cfb43d3b2c6bdf6a3c1a102e0e333de1ac214a6df76dab44ba76bf035273b7ff6238ec82483b2d2d9d54291a72270f88933b786cac051d990b3cf740845fed3a67867d7c7c05674e7cb02ca5b7acdfba3852803a3d56c4d5c13bb1d7723467741eac1f2a7acd3a95f3a51610a486fc53a9851628c557d36d8a4cd37aae9c4174dbbdb6bd885cf40b382b8ded24a4522a278fef76c45319067e55286e7b08c603486e38a0acf47edef848ecbe942eceadb8636c833feb882a51a4595e24f607ca3c9da1b2404ce5c747e06264174d64504331709bef30055a5d695e09537c8f8c1e5a3a5db06599e319dfdb28729665273bf868955ea56427f08bacd777f179b302f3f68d04f3f3883d344955b655ddc6d5282b6d4df1d83630210e699178e11f722e9e5cda672892ae9b23e8169cbb548093b83e643eb499d937d28f3811597b6484102f0c8eb8c8888cdac229aebf89086a6495ac551f3bbdf2d1c9a93ed1d3a861eecd9eb839949bfbe6a4f6e6486ededab5229d532b58976d67512f9f71ae79b4145ca2fa497a165f110717666ca3340bbda8df1f82b8c054cf7654c35690168f96277d41c1c236b68198173c6e2b0a208ef83c02a43e473d90686ace75b5bd321b3f54281327a673cad4d4ad3040d48cf493ea231b3fec06f39932d7f70a38428df8fee4370532ae5fb112059f0a1d4fbe11b5a23bb87635429ed33ad1f6148014cbc160d93ca2592053a6e95378d6cd3f50db52be928e4092fe5d2b7095a9566864adfda59fd5f2fb6254bd5917b70fa14699665a37297c983c1bb9efe1c67b413dd1a8530cbf227297a8bbf93a8a02454e8e461ac212b846a70d5d56d6c3a6e65a03be0580219bddec88d4038911fd9574563f33e0f9e6044688d3dd48fac703869aa09d96efee7d6c68071d9922d5e8ed8dc40f1b798f1c580f7859cb84f1e14b5e74ddea16ad5cbeea4c48fbcffd29531accc0633938e3bcb2212676b61ef901e9c831a41774d8317ef35af76990bd24931fde6d407e22e763cf6a5790b23761908eee609637a2c11059:f670792942ec414428475638853c42728e86ba12bbe85948b39134cf6e2bd12813e0d83e51e657c90107ad93a4788aa38313fa962f6767a8f7805bde65ca420d6a93378f880cf0ffdb8e07d683cc352e2a1033c450baa0e8c4e16205fd0c02743b0ea064971d911e494713e6d94a02172ed014d506592ec6c70a9c97855246bf3d26f3cf74f493c1b697a0c414160c341412830985430806a0cb3c8475e7e5a973686c24d5ef1be7d0065096feb52eab260b5c488af09270de6decd33fea8589dd1021baf41e3f255fb8fa1916ebd8531eeb2f886bb3b3b04f9af6b276c35923f10d3a0af1e3f58b0d15aed165045f206f3f430abdff09449097e4b26d00a8f9f1e8f7a19f38588124c328ec43a9cfb43d3b2c6bdf6a3c1a102e0e333de1ac214a6df76dab44ba76bf035273b7ff6238ec82483b2d2d9d54291a72270f88933b786cac051d990b3cf740845fed3a67867d7c7c05674e7cb02ca5b7acdfba3852803a3d56c4d5c13bb1d7723467741eac1f2a7acd3a95f3a51610a486fc53a9851628c557d36d8a4cd37aae9c4174dbbdb6bd885cf40b382b8ded24a4522a278fef76c45319067e55286e7b08c603486e38a0acf47edef848ecbe942eceadb8636c833feb882a51a4595e24f607ca3c9da1b2404ce5c747e06264174d64504331709bef30055a5d695e09537c8f8c1e5a3a5db06599e319dfdb28729665273bf868955ea56427f08bacd777f179b302f3f68d04f3f3883d344955b655ddc6d5282b6d4df1d83630210e699178e11f722e9e5cda672892ae9b23e8169cbb548093b83e643eb499d937d28f3811597b6484102f0c8eb8c8888cdac229aebf89086a6495ac551f3bbdf2d1c9a93ed1d3a861eecd9eb839949bfbe6a4f6e6486ededab5229d532b58976d67512f9f71ae79b4145ca2fa497a165f110717666ca3340bbda8df1f82b8c054cf7654c35690168f96277d41c1c236b68198173c6e2b0a208ef83c02a43e473d90686ace75b5bd321b3f54281327a673cad4d4ad3040d48cf493ea231b3fec06f39932d7f70a38428df8fee4370532ae5fb112059f0a1d4fbe11b5a23bb87635429ed33ad1f6148014cbc160d93ca2592053a6e95378d6cd3f50db52be928e4092fe5d2b7095a9566864adfda59fd5f2fb6254bd5917b70fa14699665a37297c983c1bb9efe1c67b413dd1a8530cbf227297a8bbf93a8a02454e8e461ac212b846a70d5d56d6c3a6e65a03be0580219bddec88d4038911fd9574563f33e0f9e6044688d3dd48fac703869aa09d96efee7d6c68071d9922d5e8ed8dc40f1b798f1c580f7859cb84f1e14b5e74ddea16ad5cbeea4c48fbcffd29531accc0633938e3bcb2212676b61ef901e9c831a41774d8317ef35af76990bd24931fde6d407e22e763cf6a5790b23761908eee609637a2c11059: +2c8ee7fa9ba28ce7049676087b1163b241118d34cdf534aebe8ba59282a62ac2244c24f5ecb2dd1d1463512221325d73c81ee4d8adb8e01e23345caf9ca5353b:244c24f5ecb2dd1d1463512221325d73c81ee4d8adb8e01e23345caf9ca5353b:07669a8964f06380d2d4982cb6349de550b38cbc35db2ce572de887f663055736faac7ec07c32df60ee2598422bf37e7cf319ab3c9055608ca0c49757d7688e2013b8244f35404f45ac219497fe924de93a58d0f721aed7825f63b2667077c161eb4dd8bf7ddbdbbc19a9eae5978978d5aeb33a06dde18e612e05bdbcae0161aa2389038026429960dda3aa17e967d10773ca49735d8ecd7409be165c09bb0b509691d591c185c93cdeeae95352316544680523821458caccf528ac0454e4cddc6df0d1ea5f1f5cc1eeee05e19a2ad0b6a49736ed8552336fcfcadbd931b0b8e963be05c8e7037388552512b6823583e4a14384cef5029232d3e0bafe466351b4bb3f567545ab41fa46bffafa877a12b38a27abd64f77fbb4db466ff7f706504141d3add0d7372f16fe3d8c69f6299d93966d624a3070eadb8b49f29fab4844c7528a2a40b66987060695caa66b86718c51049acf4cfad3853edb492e368cbd073968ecaa4a1ee6046b5e826e901f4a808c0427c026fe2f7b2e1968667b53a7d36d702f2ff82c642d34919f8e9aaafe462a3d4f92692deac752be348f54cf089dd9cd051846b04b71931e19e89d125864bfa8948ace0eff33c45110569a0df3753f4c58d8002b5bc38102ec2ecf695fafa8916da9002387e44f96dabf8a982c53c9badbc37bde437f146f77d8f7baf12873196b0c36193af55f542d9968aed8069ab9fbcd6814ec472799ad09c730d41eddeca3b6269d31ab523b59547077376345b05f2ae69b4ee728c863d1bc04e9b7d3d0fcceb359cbd0858597af2d6063e253fae2c3f25034c33ed59edd2782868298681caf564db8d19366f34eae85ba73c1e2389b0dd78a9d2caa0f23c9ad5f6cd9f2c4ad5d58946adb718cb83da58e2fcbb6025bef4660a83e0af55e2030802932f2a896a096079b754c99f7b6423b45a86472e6723ef8896c4324c73d34ad58a4c01b38a97c73be5aa7f74a2fa4d0795af6dbfcd6d4eb442a7e204db4ecb1f8a226bdfa21b6eb171c9e59f1a192e23a76c352b04d8a80233985b77a29c020119ce651c7f4183d0e9c19fe18aa1020c25e4589dee34b901bdaf9ff9450c91af3c1db670b477e0ac2107696c9ec0d31d82647b68ea19499fe34a8e2e7b378dc7e75424e8c45645b0c2818e9f885a1c58415bba1c3f2a77549bdc4680dbcd1650c75d0f452a6b208591df0fa6e181da2abfab444621d5f77c2cd79556467246447a89f0aaacad660c9a925ebafbad43c478a3c850a27e01019d88a5b1dc81b5d2e9f740a028ccb72c1acf897ea5ad89e0f9448888d5b15ce6e42977f7a729155a284d118758ac65f3fbb98deb65:ca0bb6c12356555f6e1d8f5c8aa7b5e80cd280e8b1b9ba2ec9550f622f482c3a9ad3be03a4c9dfc10d0112b0189de94bffafd7034114e0e0d42c23f32dc8180707669a8964f06380d2d4982cb6349de550b38cbc35db2ce572de887f663055736faac7ec07c32df60ee2598422bf37e7cf319ab3c9055608ca0c49757d7688e2013b8244f35404f45ac219497fe924de93a58d0f721aed7825f63b2667077c161eb4dd8bf7ddbdbbc19a9eae5978978d5aeb33a06dde18e612e05bdbcae0161aa2389038026429960dda3aa17e967d10773ca49735d8ecd7409be165c09bb0b509691d591c185c93cdeeae95352316544680523821458caccf528ac0454e4cddc6df0d1ea5f1f5cc1eeee05e19a2ad0b6a49736ed8552336fcfcadbd931b0b8e963be05c8e7037388552512b6823583e4a14384cef5029232d3e0bafe466351b4bb3f567545ab41fa46bffafa877a12b38a27abd64f77fbb4db466ff7f706504141d3add0d7372f16fe3d8c69f6299d93966d624a3070eadb8b49f29fab4844c7528a2a40b66987060695caa66b86718c51049acf4cfad3853edb492e368cbd073968ecaa4a1ee6046b5e826e901f4a808c0427c026fe2f7b2e1968667b53a7d36d702f2ff82c642d34919f8e9aaafe462a3d4f92692deac752be348f54cf089dd9cd051846b04b71931e19e89d125864bfa8948ace0eff33c45110569a0df3753f4c58d8002b5bc38102ec2ecf695fafa8916da9002387e44f96dabf8a982c53c9badbc37bde437f146f77d8f7baf12873196b0c36193af55f542d9968aed8069ab9fbcd6814ec472799ad09c730d41eddeca3b6269d31ab523b59547077376345b05f2ae69b4ee728c863d1bc04e9b7d3d0fcceb359cbd0858597af2d6063e253fae2c3f25034c33ed59edd2782868298681caf564db8d19366f34eae85ba73c1e2389b0dd78a9d2caa0f23c9ad5f6cd9f2c4ad5d58946adb718cb83da58e2fcbb6025bef4660a83e0af55e2030802932f2a896a096079b754c99f7b6423b45a86472e6723ef8896c4324c73d34ad58a4c01b38a97c73be5aa7f74a2fa4d0795af6dbfcd6d4eb442a7e204db4ecb1f8a226bdfa21b6eb171c9e59f1a192e23a76c352b04d8a80233985b77a29c020119ce651c7f4183d0e9c19fe18aa1020c25e4589dee34b901bdaf9ff9450c91af3c1db670b477e0ac2107696c9ec0d31d82647b68ea19499fe34a8e2e7b378dc7e75424e8c45645b0c2818e9f885a1c58415bba1c3f2a77549bdc4680dbcd1650c75d0f452a6b208591df0fa6e181da2abfab444621d5f77c2cd79556467246447a89f0aaacad660c9a925ebafbad43c478a3c850a27e01019d88a5b1dc81b5d2e9f740a028ccb72c1acf897ea5ad89e0f9448888d5b15ce6e42977f7a729155a284d118758ac65f3fbb98deb65: +ddd8e9ff855679896a1397b427db8543abe8bb5dd122e3e302ccfce5fdc63e125a9a312e892a10b98d0dcdd28db3481c3c28add5ad0b194616da4a3df7660109:5a9a312e892a10b98d0dcdd28db3481c3c28add5ad0b194616da4a3df7660109:5e8feec509350d2ee7955b6f3e278278a4cb48ae72b46589e478be59747df5394a169f19e10db53202a6a52320b63a9a2b723fd31aa2db6d58c57332da3178bcf966c53abda35f12daef9edcf399e4a8c5f83d36f44a17d79846bfc96ce690194c219a29892f0367a7ab3844837879e3818db8d70c4e3fba4d28073464df2085951038fea43281b6b606dc8846b30b0763f2ca82bd5021f9117035a77bcd1075477c5f43214334d4d4cedd18f738d676c7b51a185ffa8d04101186a4952bbd8722f53990b60637041e114aeb8ce7111131d4db3fb4d35d995ad8d6650c0c4ccdce9dcc39db188a68785562740626b3ae3e023f40772ded876a45cbef74a058fd78c1a1ff2c2451e111ac1b4b7ee4c81cd76310d4d298fb3c49f5e6401908a630fa85db7471804fe990847f0f759472f593dcf02e113e15e564d30d5984692da55b0b7f2219c4ac1626511acf194dc7026eb9d367a4a2f1dfb515cb2c08da4fe595c85811120cba2ae7b66e67c91fb8fbcb9d99f13e50fd67464d90c8dcf6935523cf6d13fdd10635b9232b7a61dcec9a2b921061410df1de6a45167fb9f6f109dcc08891f203b274a3b68271b3f35e74f94bdced0c5ff8637173a176e7dacc81f2cdc4fb0d52d1dfa7f27b552fd8d87a1c55d6947fd92ed3253f9594db7df17a7fc6a75ecf4faa4d1e21b676b3727d77fbd43fa7be76bfb58fc309e5675f0a859cc47f37b1bf455932d824e86378de7a7e8c40ced22090044dbbf91c70e528eacdef3785ba3c69a3735af6709cd76aab28a6aca6e844974b10b3fb7b0986007a727c2c8fc95b25f31f146b36acd4c537074920aff247de0f179c13ca57790a6a71d62e23321ccc75b7f3b0afa0d03527c9114a7d4e30c1ace6d7712013dee66699af9c561c44ae6198ed39104e6061ae2c45a9a3c74b5d0fbc4a33e8dfe2a8acc9511ef7e6567133f9fe3554284a75a059a649dd24ec04a57730c6d2e9bf114ea58a8994abdb0c1943241572c79ead043ad1c8caaf5c9da53dd05522febc403354d62fe3ff93882df75fb29458d22e6996c35b69faaef2e0c4163886cb3c3d0f60e150d363d6db59fefc626b1bbb1e052a62414c4b7856d72093432b08f821bc784a5a6b0bc2649c2daa508658980d802291e734abaff06afbf2795e4e354d5221dc4f52cc96d6b8cf1808b1a8208db7daa80ab710c56a8b0e9cb8081dee93f5f015f07664463a3dccff7c8ad19923a97e39045bcc4dce0a73d49c56d5e937bd11e61823401c066206e313e60b47537e34704d7d3515559bb9d0532d028e28a57a879fd617cc61f7f776bd6a008cd4f812378ed37f394bb97e6e756da819:df849b7bd29745f8becdddf6c9baf094d7a98cc9338c344eca17fde075fda8d1543299f625982317db7b3c773b64f7d1f28692ac453b81d7ec7b7ec3417ace045e8feec509350d2ee7955b6f3e278278a4cb48ae72b46589e478be59747df5394a169f19e10db53202a6a52320b63a9a2b723fd31aa2db6d58c57332da3178bcf966c53abda35f12daef9edcf399e4a8c5f83d36f44a17d79846bfc96ce690194c219a29892f0367a7ab3844837879e3818db8d70c4e3fba4d28073464df2085951038fea43281b6b606dc8846b30b0763f2ca82bd5021f9117035a77bcd1075477c5f43214334d4d4cedd18f738d676c7b51a185ffa8d04101186a4952bbd8722f53990b60637041e114aeb8ce7111131d4db3fb4d35d995ad8d6650c0c4ccdce9dcc39db188a68785562740626b3ae3e023f40772ded876a45cbef74a058fd78c1a1ff2c2451e111ac1b4b7ee4c81cd76310d4d298fb3c49f5e6401908a630fa85db7471804fe990847f0f759472f593dcf02e113e15e564d30d5984692da55b0b7f2219c4ac1626511acf194dc7026eb9d367a4a2f1dfb515cb2c08da4fe595c85811120cba2ae7b66e67c91fb8fbcb9d99f13e50fd67464d90c8dcf6935523cf6d13fdd10635b9232b7a61dcec9a2b921061410df1de6a45167fb9f6f109dcc08891f203b274a3b68271b3f35e74f94bdced0c5ff8637173a176e7dacc81f2cdc4fb0d52d1dfa7f27b552fd8d87a1c55d6947fd92ed3253f9594db7df17a7fc6a75ecf4faa4d1e21b676b3727d77fbd43fa7be76bfb58fc309e5675f0a859cc47f37b1bf455932d824e86378de7a7e8c40ced22090044dbbf91c70e528eacdef3785ba3c69a3735af6709cd76aab28a6aca6e844974b10b3fb7b0986007a727c2c8fc95b25f31f146b36acd4c537074920aff247de0f179c13ca57790a6a71d62e23321ccc75b7f3b0afa0d03527c9114a7d4e30c1ace6d7712013dee66699af9c561c44ae6198ed39104e6061ae2c45a9a3c74b5d0fbc4a33e8dfe2a8acc9511ef7e6567133f9fe3554284a75a059a649dd24ec04a57730c6d2e9bf114ea58a8994abdb0c1943241572c79ead043ad1c8caaf5c9da53dd05522febc403354d62fe3ff93882df75fb29458d22e6996c35b69faaef2e0c4163886cb3c3d0f60e150d363d6db59fefc626b1bbb1e052a62414c4b7856d72093432b08f821bc784a5a6b0bc2649c2daa508658980d802291e734abaff06afbf2795e4e354d5221dc4f52cc96d6b8cf1808b1a8208db7daa80ab710c56a8b0e9cb8081dee93f5f015f07664463a3dccff7c8ad19923a97e39045bcc4dce0a73d49c56d5e937bd11e61823401c066206e313e60b47537e34704d7d3515559bb9d0532d028e28a57a879fd617cc61f7f776bd6a008cd4f812378ed37f394bb97e6e756da819: +a886f4d3f34e320ec6d5f4caa863f81477df772eff97e64a37a05f4211d190a8e9bc96c81e878110268b55def7ea4007a4ef9f54d383d5fb0f6d4343e1010f38:e9bc96c81e878110268b55def7ea4007a4ef9f54d383d5fb0f6d4343e1010f38:8b831b877bc3a99f613c89cda698b3759d643822b5a88faf3822ecb2ce98f671d7554321b24b74b4e30a663f7a5570ae917f479bda29894b1a8c028c9d193e4e7ac11916dd8e9c3f0ec0ef80bd27fdfeee80c170c78140b24c15271415acf75c26956a4d4bf99d40e861e9078320d097e1259e5ec17b583a95e52430dd8c008ed8c7dd1de1becdd1e6bfec4bf3347a22dd249f3ac307a2945e9137fa4a8c26c8021077239cb324816a8dad32b01ee34a08903098cb9c4245291b903c9627074095249e782813477032ba32ef041a07486eb4478c57b9d532269a4a47cb5e974df7e01096fbe4f1ccd4e663663487974c62cdd94d77716c8479d79f6b6a7d9c155988cf3902fb697424963ec4ec34ff2a35d742c4455a593bacffc4d9699ba7626c76cb1a616253751887f6ffe2be208c713df1ab636d722ea06c1c03a57f2cec0803866cca3335c28bf41c7def81acb38858dc10e59467208624967e2e22d9e5661bb945f9e0517687dc80f9b8fdecc8a97600b6c219a3b23a90b6d18aaace2c78400ff38c8c05967f544b6a606c71ac199eafd07eb5848df1657efb233fbabae63a05638191a0af7484a1bae1581375672c571e264f604225173a54a38dd62ae7130d05dd291ad12354de86a6e113e83f6d668516157b7967020dc6517d8cf42dd7b1a897fe1b4e04553ce26e299980aa5f7ce0179bf4954f01c2a23654e5e9731e1447347fa43aa8b2cbd6d4b2df93fa54af71e5028a6da8c71ef3c50c0de24dcaee785678e92aafabeb233b011f45c1064965085d2547050f21c652aa533afe918aa0f9bdaa2607b873ccd3dbd1d3a8cc62172ceb43b921ef6b25c06b0992e4df2b91e371b0ef2b3947388daec8ec6f7e3867d1f61072af590154fa619a07f87e02bddc7406314270af1c15e8ee88b39c01be602e4f0b52d9a0724e71eddd7fa9134169c5faab915979eea9362d0f1f9160268162dd38db02fcfb41350aa08e1e1409b2288db1fe4a0e586b5910f4de894bf9974f6a4983013a190e7a736d14ec54c3644a3ee958a5bdfbcb6297aba43af6c72746bb135410507d8fdde73a2a48b746f918bef9ed92c5be62dd5523fe14b16d6384ca46ef59b2185fe933383a2c7a9bf02da9d0fd8b0c7d7bde6b439f9960155e345d685d4dc3c71404d656811923aa3c47d4b09a0baef0a12e75b6439ba8135db15865874222cd7aa428f5ca5ce5140e22ff92697f37fc70b5b4c94d3314e6aa16b2146bca4fc94157951fc49245da53f6c43d1bebd894e31a1349884d711b55dbe778ffa727165cf7cb676435866c2d2cb839745ca40166a2f7cfc77a842468b51a8e76575fc9ddfb5f:abf283db1f80c54c583b499dbe20aa04248c1dce121f3911677813ac3e011fd159ad0bf76b1aa7cc7b14d7b550848688252acc7fece90487240c3d399dd343088b831b877bc3a99f613c89cda698b3759d643822b5a88faf3822ecb2ce98f671d7554321b24b74b4e30a663f7a5570ae917f479bda29894b1a8c028c9d193e4e7ac11916dd8e9c3f0ec0ef80bd27fdfeee80c170c78140b24c15271415acf75c26956a4d4bf99d40e861e9078320d097e1259e5ec17b583a95e52430dd8c008ed8c7dd1de1becdd1e6bfec4bf3347a22dd249f3ac307a2945e9137fa4a8c26c8021077239cb324816a8dad32b01ee34a08903098cb9c4245291b903c9627074095249e782813477032ba32ef041a07486eb4478c57b9d532269a4a47cb5e974df7e01096fbe4f1ccd4e663663487974c62cdd94d77716c8479d79f6b6a7d9c155988cf3902fb697424963ec4ec34ff2a35d742c4455a593bacffc4d9699ba7626c76cb1a616253751887f6ffe2be208c713df1ab636d722ea06c1c03a57f2cec0803866cca3335c28bf41c7def81acb38858dc10e59467208624967e2e22d9e5661bb945f9e0517687dc80f9b8fdecc8a97600b6c219a3b23a90b6d18aaace2c78400ff38c8c05967f544b6a606c71ac199eafd07eb5848df1657efb233fbabae63a05638191a0af7484a1bae1581375672c571e264f604225173a54a38dd62ae7130d05dd291ad12354de86a6e113e83f6d668516157b7967020dc6517d8cf42dd7b1a897fe1b4e04553ce26e299980aa5f7ce0179bf4954f01c2a23654e5e9731e1447347fa43aa8b2cbd6d4b2df93fa54af71e5028a6da8c71ef3c50c0de24dcaee785678e92aafabeb233b011f45c1064965085d2547050f21c652aa533afe918aa0f9bdaa2607b873ccd3dbd1d3a8cc62172ceb43b921ef6b25c06b0992e4df2b91e371b0ef2b3947388daec8ec6f7e3867d1f61072af590154fa619a07f87e02bddc7406314270af1c15e8ee88b39c01be602e4f0b52d9a0724e71eddd7fa9134169c5faab915979eea9362d0f1f9160268162dd38db02fcfb41350aa08e1e1409b2288db1fe4a0e586b5910f4de894bf9974f6a4983013a190e7a736d14ec54c3644a3ee958a5bdfbcb6297aba43af6c72746bb135410507d8fdde73a2a48b746f918bef9ed92c5be62dd5523fe14b16d6384ca46ef59b2185fe933383a2c7a9bf02da9d0fd8b0c7d7bde6b439f9960155e345d685d4dc3c71404d656811923aa3c47d4b09a0baef0a12e75b6439ba8135db15865874222cd7aa428f5ca5ce5140e22ff92697f37fc70b5b4c94d3314e6aa16b2146bca4fc94157951fc49245da53f6c43d1bebd894e31a1349884d711b55dbe778ffa727165cf7cb676435866c2d2cb839745ca40166a2f7cfc77a842468b51a8e76575fc9ddfb5f: +497e3ebd9e4caa81c5a8973d52f1d23f60c134ca53f62a853a0ac043e51cb51771c0ca7cfa05cafabb143d84ae41de83846f42c77caa7a91a2e348397d07d52f:71c0ca7cfa05cafabb143d84ae41de83846f42c77caa7a91a2e348397d07d52f:e132f9d67b1729389b828a9fae05a67aa57f0ef7e7d4d1ba244dec8704db969565d1cab809e48fc0abf950bcd4a37d97aeace6da546d4914cb5b86d6ab181d831870c309bca616468f2a34d3dfafcdbb7580b0c5d9ff98e2c54ec803be0d3fda1d4b8c0d7709c89e680b008bf9b8d903b5e934b019705fe0b0c8cfbc3c0967843b0a1fa1b3f162776ebe96b740edd64ad7c35b3fd1a085c99d16f5416782de17358587470dd13b5194f20f23232b2f702f10aafcaa59c7066f24c4c471e42fa86c6b9c5c3e1e8f8365f4dd75acb32fffc053c9af41c6fd2efac30ecf6a2dd0085de9b1d8cdc50b1660a866df7767198bd9c87370615d2bca99f77b84d98d7b24c9c20fd7768fd0380d6b37360340d13598047820dced88a8d42d572937b6efa16921a1b2b2d0eb931673070838e611e6c023290d86fe902f14ac3acd029e3397feb97b17166245ab407a766d2e0904424d33cd3d6e2e62a52c65df7cf004d1415c0b430c1127623dab272a2c2e2b43e02b481be928e89954272832be098b502b8b5643c67482f5de4403032581f08afb0aea48868582607bb39198c1bf13a869b63258a75890b69445ffd34564023e47f8b1884a5e49b7d9425f28d5153013fe3755c6cb114db180e60b3dc4adb36a21428128005a772fb57189345565bbd1759813523bad62855e7928eef5880d3bfff1d0ec65c24592335cda47cfcc5b5fa652b47263225224846a209a3dd7766661fca4ccca59c456fc9cc3e1cf804255aa5f397bab199804336bde29e55c6c377d583f082ce64723739e4f024606f906c110d0a5b610e5fed96dab5f08f4cb3cfc40a35557e1a740b8c7c01f7d3279dd9c4e8764c90bc14f4161db5a37f0989b7bd8035f8bea394ea1d6002ce9c34f1e9c52c6a15d15bc5b25c6c15ab00dfd6a5b1bc917af0b1b05fd10d061b3683d75b5f9effb22ae72085be4f6797b58cb0cab561844121f98bfd9583e0bccb70fad76980a7a73b23c70b3fd02f7757c11a3c21d19e05650ffb82b9e0df8a6735d480156f47949d445851baeaa5ee23814a41b25234fb92cc0df1980d023d51b5cf4c31185c118e3ee3c0c0a46e0a2be6f1d3ae452cbb66f0fd91971342da7b1b996589d94096781552195c433caf19c37f9f14fa0ae15ae0b02b939e402034ff81885939d944e604f474f21524389390fdada06e30d69068c8848cf0a951eab25c4912562944f402468187a23239d33632f29123d49b7de13083398dba97dede12f7959b95247a08fc8e4b5399d1c035c0894cc75ae981c2dd4935413bbeb6853fe04655c77d158c1237b3e0deca5636d69e0dbc5acaf72b60c10bb98ccdd60098a03:12740839b3c9f1ba879896dff6d725e84e0443ef96c349eff94dc4833143e5b419804da9db118a9592b1b1ca48af18f75bef1ca468a1a5c74c7ac813bb2cf306e132f9d67b1729389b828a9fae05a67aa57f0ef7e7d4d1ba244dec8704db969565d1cab809e48fc0abf950bcd4a37d97aeace6da546d4914cb5b86d6ab181d831870c309bca616468f2a34d3dfafcdbb7580b0c5d9ff98e2c54ec803be0d3fda1d4b8c0d7709c89e680b008bf9b8d903b5e934b019705fe0b0c8cfbc3c0967843b0a1fa1b3f162776ebe96b740edd64ad7c35b3fd1a085c99d16f5416782de17358587470dd13b5194f20f23232b2f702f10aafcaa59c7066f24c4c471e42fa86c6b9c5c3e1e8f8365f4dd75acb32fffc053c9af41c6fd2efac30ecf6a2dd0085de9b1d8cdc50b1660a866df7767198bd9c87370615d2bca99f77b84d98d7b24c9c20fd7768fd0380d6b37360340d13598047820dced88a8d42d572937b6efa16921a1b2b2d0eb931673070838e611e6c023290d86fe902f14ac3acd029e3397feb97b17166245ab407a766d2e0904424d33cd3d6e2e62a52c65df7cf004d1415c0b430c1127623dab272a2c2e2b43e02b481be928e89954272832be098b502b8b5643c67482f5de4403032581f08afb0aea48868582607bb39198c1bf13a869b63258a75890b69445ffd34564023e47f8b1884a5e49b7d9425f28d5153013fe3755c6cb114db180e60b3dc4adb36a21428128005a772fb57189345565bbd1759813523bad62855e7928eef5880d3bfff1d0ec65c24592335cda47cfcc5b5fa652b47263225224846a209a3dd7766661fca4ccca59c456fc9cc3e1cf804255aa5f397bab199804336bde29e55c6c377d583f082ce64723739e4f024606f906c110d0a5b610e5fed96dab5f08f4cb3cfc40a35557e1a740b8c7c01f7d3279dd9c4e8764c90bc14f4161db5a37f0989b7bd8035f8bea394ea1d6002ce9c34f1e9c52c6a15d15bc5b25c6c15ab00dfd6a5b1bc917af0b1b05fd10d061b3683d75b5f9effb22ae72085be4f6797b58cb0cab561844121f98bfd9583e0bccb70fad76980a7a73b23c70b3fd02f7757c11a3c21d19e05650ffb82b9e0df8a6735d480156f47949d445851baeaa5ee23814a41b25234fb92cc0df1980d023d51b5cf4c31185c118e3ee3c0c0a46e0a2be6f1d3ae452cbb66f0fd91971342da7b1b996589d94096781552195c433caf19c37f9f14fa0ae15ae0b02b939e402034ff81885939d944e604f474f21524389390fdada06e30d69068c8848cf0a951eab25c4912562944f402468187a23239d33632f29123d49b7de13083398dba97dede12f7959b95247a08fc8e4b5399d1c035c0894cc75ae981c2dd4935413bbeb6853fe04655c77d158c1237b3e0deca5636d69e0dbc5acaf72b60c10bb98ccdd60098a03: +85b4d764169128626fd9c782ad6116229edd77631c2bc9b8ee54b36542c149eb6a09897e629bb43704debb6715c9dea5d892b634306440997c3c9e94be8ab547:6a09897e629bb43704debb6715c9dea5d892b634306440997c3c9e94be8ab547:b2a0493d471c3391f7add1e2cf0bfb32ab05dbcb14f6e4f5f3463aa8d99552f433022046d2f8eb763c0171fcb1e74a049ffeb4b8f0100b8210fce856b2e1a8e739d2f93673ef8f8f40498b3081fa1fd785198c6d370e162d41abe83186f2329783408b9b880d00f81d53100b42d27a261f20cdeed19cc58cb8631281d80db1925310e235e44966309b879bdfc232221433bae5cae46690cb527b6779e11f1bd2a56b59c56ed4d94fdf7aa89dfa9bf20dbfa6a4398b98384517e1dd5d2cd9ce524a47362ef32ac792742a129c9e06130876ab5ad5518eabc5e80b022d8fa13e50d55ded589533e6ea32242c1b3fd7e65f80dee720b6d87dcff3e3df04c802d2e914a87a3629c90bb69e0a6f8bbb5ee505f143c9977375adb065c3e3d391f905fa3c336c9da41e4a2320bcf460976fc7eb1fb6c6a3c395dbd1d28a1b09cdb9ae9f9aaee4d9c566a2ac40add870479faf54ad1b7697710b4eb6f7320244b59757d1eac3d922b7a730b1acf0de9a45d4ac879d21fc616ef3965d74345ed70779eb683280cee25bf3739beb6b4cdfa25d202da13a4a673040d97048658b9205479505d0bee4880a73997c70825a6ec5fd9f952e65fa02225445fc3bdf4adea3d4d22551cbaceb3874798d6a33a6663fe3757081d6243dfd7cd2eebf60a3899fa1f8f6c956a3b183f89b9e7d2ca36448584d53aa8b44e65ad3e527f78723fa6f59224298df31d5e8ada567c8d1b11f3b1314755331c1732dc54a12a4356edda47e3c130b325282a354bfe15c3000d207822931794187e0973ab8ef87bf89c354a035a81f45911223563bfd99f90a75e53d010d8929f4f85a5a5a4f9fcc1c78f0a2fc466f5f1c6522cf62a7be37880796e9b3ca0911ecca3f22c3b24d5d9daa6888f89a8f71a15859359cea468ef238ecf646192783a257addade9047e13edd8bcc1fd4177cb20f88d11998d9c7262d648c2bf66fb227b9b3a9ed46962d2257a420f64bead9e28657b521db2e22165287791f3a1bec4c7822a6cabde5ec770188cb74498a4f08e5a3a7639d240ae3f4fd0353c0dda8ae410b9fa7f43feed13e9f13e6c9410a1d24cdfc2c8e64a15a12f75545b0a575713523d4dfa1a47427a8851ba9acccad78b4ef6a185f5c3b001190dd8f37088a000accf448be8d49371d9da2e1cb5ffe07d41a5c22e94660ac37135ac858cb1769cb66e8269fd53358ecacf5dd92c7eb6186b4d4d6130a732dc10bbb2be32f9b1d6951014a635c12d22f0dc5bd5c2a3f96aec62e7777947eaa022812caced33a5bef9ff8835f880367a37b0b76d2dde396c614e1a4721e000c00f161935b14a738a1b70f6ea54255b7951869646212:4a79c442a4c39c62892617ef8e80b40911c4b9d3ff0a5673b57bdb8454ad736769df27c78a4bf7ad566040e747278b11eb65cf9ec7eba866120a3654f4716e00b2a0493d471c3391f7add1e2cf0bfb32ab05dbcb14f6e4f5f3463aa8d99552f433022046d2f8eb763c0171fcb1e74a049ffeb4b8f0100b8210fce856b2e1a8e739d2f93673ef8f8f40498b3081fa1fd785198c6d370e162d41abe83186f2329783408b9b880d00f81d53100b42d27a261f20cdeed19cc58cb8631281d80db1925310e235e44966309b879bdfc232221433bae5cae46690cb527b6779e11f1bd2a56b59c56ed4d94fdf7aa89dfa9bf20dbfa6a4398b98384517e1dd5d2cd9ce524a47362ef32ac792742a129c9e06130876ab5ad5518eabc5e80b022d8fa13e50d55ded589533e6ea32242c1b3fd7e65f80dee720b6d87dcff3e3df04c802d2e914a87a3629c90bb69e0a6f8bbb5ee505f143c9977375adb065c3e3d391f905fa3c336c9da41e4a2320bcf460976fc7eb1fb6c6a3c395dbd1d28a1b09cdb9ae9f9aaee4d9c566a2ac40add870479faf54ad1b7697710b4eb6f7320244b59757d1eac3d922b7a730b1acf0de9a45d4ac879d21fc616ef3965d74345ed70779eb683280cee25bf3739beb6b4cdfa25d202da13a4a673040d97048658b9205479505d0bee4880a73997c70825a6ec5fd9f952e65fa02225445fc3bdf4adea3d4d22551cbaceb3874798d6a33a6663fe3757081d6243dfd7cd2eebf60a3899fa1f8f6c956a3b183f89b9e7d2ca36448584d53aa8b44e65ad3e527f78723fa6f59224298df31d5e8ada567c8d1b11f3b1314755331c1732dc54a12a4356edda47e3c130b325282a354bfe15c3000d207822931794187e0973ab8ef87bf89c354a035a81f45911223563bfd99f90a75e53d010d8929f4f85a5a5a4f9fcc1c78f0a2fc466f5f1c6522cf62a7be37880796e9b3ca0911ecca3f22c3b24d5d9daa6888f89a8f71a15859359cea468ef238ecf646192783a257addade9047e13edd8bcc1fd4177cb20f88d11998d9c7262d648c2bf66fb227b9b3a9ed46962d2257a420f64bead9e28657b521db2e22165287791f3a1bec4c7822a6cabde5ec770188cb74498a4f08e5a3a7639d240ae3f4fd0353c0dda8ae410b9fa7f43feed13e9f13e6c9410a1d24cdfc2c8e64a15a12f75545b0a575713523d4dfa1a47427a8851ba9acccad78b4ef6a185f5c3b001190dd8f37088a000accf448be8d49371d9da2e1cb5ffe07d41a5c22e94660ac37135ac858cb1769cb66e8269fd53358ecacf5dd92c7eb6186b4d4d6130a732dc10bbb2be32f9b1d6951014a635c12d22f0dc5bd5c2a3f96aec62e7777947eaa022812caced33a5bef9ff8835f880367a37b0b76d2dde396c614e1a4721e000c00f161935b14a738a1b70f6ea54255b7951869646212: +33d477602f296305a6719ea694c044e90d233c2dea85c46abe1920e88c317849ff6feea028ec346dd49107bb713fddbb282ebcd034e2eafc7cdb1c5adf926390:ff6feea028ec346dd49107bb713fddbb282ebcd034e2eafc7cdb1c5adf926390:cfea07a779f1537e498123c676290573efcc5db70245d93dea5c05726f8713d002ae66c1c9690747ca9230b1629d3662ab73d66b949879164b21a35f40cf3799041908ed6f9229ecb390c5f22234e1c5f26b3ab5ba59e78c64969871b428b78516777555af4e89c6fbc193a94695226c6d329991a11bd580d18956089b58a0e42ca35f6c6d2609ade0d0b619d48925c68cd9d2250dff27cf2f0d44448709b679f35bbdce0f496b0a16ca67eaceec258b1aec91775a3a2ee801b1c9a226a6b001926a057a06306727eedae8c577531df04ac09b5b49bcdeabdeb8ac4e8e82cf1e7af835fc611ca7a684b83526042415b1d6652e8634311e194627eae78d011e6f40f645794e36895a23e1bd84883a393ecfe5a248026aea86447059f7a429368f21c89e0145207978b913c80a22d7caf2673f7c76f6c26cf884412e17d0c255430f502bce74e3a310d17f6f4d485da280ed5b5eea6c49ba748d764814b9e3daf6fcc218c2740ca77018f71344519da82ada31e001924fc77679e3e9ff9fab67dd09a61924c821a1fd999f74dfa3f819adb31d15e5ed8aaa52c1bd7cca266711a74dd62104ef3c2bf737fce6942b348a33c3dfd6d92a724b6d5878421aeb230a533fe21c8b2fd3da596a6180a45c986d7ece4cdc8ad681ead69064bbddfc20f3c52125f83395bed1557f67182b9fe99138af3c356c5e652978dd238b761c742f8158e2314b964208330978b0620a13a16d761d52f06e466a4094b65cd6f26854aed6f9a8c2a884a0d0bf4ee587eeb8b602487239a7e58172c809983a8db1c1fc7ce8c48bc8a6fb812d6aa9e83a3ab4ddf7a8d40d3fe00ea16e04062b8aceb9c99eefa41f4f87447828126d0d9c9f8605e8467c5e4d671d5c6d9fa70d747098d941211223b9bcf261938d6704a32d22c61e30f3570a1f5d0998b4791080882aa5623167b63a23f340f0e7c6f9a830a75b74631fa5b57afdb1e6bc22699bb03156675d598353a5d1b55897e4c11061dd145f23e8537c632f75c10df05b25547238574017fe7b64b8e99869157fee35f7ad7e63e99593302929503a96768023b4125ad749dff4b992ee5c2b4f3ada4889e4ae62ec15d2db5969d730db307547f638c3185032b12f75fbb317e47df7b9292ae9e76a2c0a06fcad108cdd235f6e38d967b6379511ff6965c22f2c6680a12b0304eb2b296c99a76c2729d98e0a7824b67f3fe842d6f6ab273e894845b32dc6ddfc7a220f76bd965c69858183c8f357395fc57dc829defaacb5603a757868d5e562f9781ee39e0e94688ad3545b32dd7366b6b047e8d1d3d565997b236e7f7596c5f8d7c1c11bcf4a244620cbd21d559a7c9b3f:caa2879895d4f620b9eb5fed22b4562eeb1ad63822968f76ad91076b166c05ee20864d98bbbc6e79dd0362cacf7a21b4cfc230d6355d43120cfffb948b8f6c0ecfea07a779f1537e498123c676290573efcc5db70245d93dea5c05726f8713d002ae66c1c9690747ca9230b1629d3662ab73d66b949879164b21a35f40cf3799041908ed6f9229ecb390c5f22234e1c5f26b3ab5ba59e78c64969871b428b78516777555af4e89c6fbc193a94695226c6d329991a11bd580d18956089b58a0e42ca35f6c6d2609ade0d0b619d48925c68cd9d2250dff27cf2f0d44448709b679f35bbdce0f496b0a16ca67eaceec258b1aec91775a3a2ee801b1c9a226a6b001926a057a06306727eedae8c577531df04ac09b5b49bcdeabdeb8ac4e8e82cf1e7af835fc611ca7a684b83526042415b1d6652e8634311e194627eae78d011e6f40f645794e36895a23e1bd84883a393ecfe5a248026aea86447059f7a429368f21c89e0145207978b913c80a22d7caf2673f7c76f6c26cf884412e17d0c255430f502bce74e3a310d17f6f4d485da280ed5b5eea6c49ba748d764814b9e3daf6fcc218c2740ca77018f71344519da82ada31e001924fc77679e3e9ff9fab67dd09a61924c821a1fd999f74dfa3f819adb31d15e5ed8aaa52c1bd7cca266711a74dd62104ef3c2bf737fce6942b348a33c3dfd6d92a724b6d5878421aeb230a533fe21c8b2fd3da596a6180a45c986d7ece4cdc8ad681ead69064bbddfc20f3c52125f83395bed1557f67182b9fe99138af3c356c5e652978dd238b761c742f8158e2314b964208330978b0620a13a16d761d52f06e466a4094b65cd6f26854aed6f9a8c2a884a0d0bf4ee587eeb8b602487239a7e58172c809983a8db1c1fc7ce8c48bc8a6fb812d6aa9e83a3ab4ddf7a8d40d3fe00ea16e04062b8aceb9c99eefa41f4f87447828126d0d9c9f8605e8467c5e4d671d5c6d9fa70d747098d941211223b9bcf261938d6704a32d22c61e30f3570a1f5d0998b4791080882aa5623167b63a23f340f0e7c6f9a830a75b74631fa5b57afdb1e6bc22699bb03156675d598353a5d1b55897e4c11061dd145f23e8537c632f75c10df05b25547238574017fe7b64b8e99869157fee35f7ad7e63e99593302929503a96768023b4125ad749dff4b992ee5c2b4f3ada4889e4ae62ec15d2db5969d730db307547f638c3185032b12f75fbb317e47df7b9292ae9e76a2c0a06fcad108cdd235f6e38d967b6379511ff6965c22f2c6680a12b0304eb2b296c99a76c2729d98e0a7824b67f3fe842d6f6ab273e894845b32dc6ddfc7a220f76bd965c69858183c8f357395fc57dc829defaacb5603a757868d5e562f9781ee39e0e94688ad3545b32dd7366b6b047e8d1d3d565997b236e7f7596c5f8d7c1c11bcf4a244620cbd21d559a7c9b3f: +7074568611a66dfca8307cae608bb26995844df435e5300e5b4d7291cc22907fddabddd15eaf83115ddd065d7e220b1efc262a61c52e914347442bde6d002506:ddabddd15eaf83115ddd065d7e220b1efc262a61c52e914347442bde6d002506:6c137423eac790b8e8e418b290e0579c7b86b14aed818de8ce53cea3f340a1a95391f984968f2b4229282a8161c09ab149cdacd66970b4013f52e5e68ea8c9db685b2c53073500e5b35e29ea0ba1f4d159a558d361b06516836cf7b9ea501fa0506b985f036a82d9e084489d3bfed34093e2d6d9edf55785ed35a90ce56c761686cc3ea1a2c76ada5ec8c145d818b047cc516eec5d2d6a93a55592d892e3d5cd10c250c04b049b38fc7ec0f39aba15824007336c2b0f7f81d64d5ca3e29d6fda4c23d9ba65d9fe3cb4e03913697287b46a0b1fccd2624e397ae95c5254bcd88d2c7c8f70fdc8173f64c1de32281ab4184693b48a349e6782bc8992b43c7de7cb9d33929bf95306c2af7e938d8486b386f9fd3f0f7161e0e6862d4f9281446865a1c9be2460efbc20151b06e79d014617d0300e671d48767458596625b76dffc558aa9b40612196ec827e1c6fff518fb7ad4bf8c46fcb278885aa491b77a28995cfb9d79640aad174c6df43938e3f1385205c54595b33dede50143746a1705e7e0b69af4a26c3b76515051892b15ca6e48c3d91fbc75e8fe4a0fe8ed2c26c1073beb70ea38d0927029278406755ae6e11da378653649515e0085b5ea7db3249208e33a6c8b6ae8cd80c9bd6b983e73e9b91dbec091fae995f8032427edec02cad9055eb8b7dbcfa80d4f64f5727a152f11c47e52d753a57b6e5fddf774cea4da910026819c41e32b4f199727e23c54ab5d70142b854a27b04e64cf44af2a8995e1200bd117c7a1674edef59bc53f73adaf638e0773b85b56334aff6e11743e3a3d3614aa8a375b3781ec814cc08e71efa7818519cb24af82c331dfd6ac78ec17fd7174b61021e8cf901a2aaa6adbc902a916b2a2f4f79e551501fbf01df6b8518504c1e94646938bed1a8509c2a38fb6a798a7858f409b0f2fb9b3f4817e568c52d9abfe2168cc3650fc43e0f9975fe29e33aed1a7bf30d8631150790650a3cb78c368f1aea9ac60c5eeb969a45f84aa37366a83977190f41ae421e0c46fda3fa01b926fcef8224fda36df4f8a87701fe79fe0628ef0cc02df2bd783207c7db87119a0369fe16eeb38fdc9fb35d9e195fe14f8c1038208ab97700af79f2e2e05496830207c7da8dbe8e9bb73bc471a43f1be650fa92819aeb5dc7eed7eed8171270d219257d19610b89d2d62d3f5b648e139eedf1ff74be01a5ef1d95f812922601ee92515157c4ecadfa3eef9f2a677c003ca4ab9b2c45472ce55e18f40a21fe1b0d45b50b50c52a0b1a5d7c37d8ebc15e020584d9edd7b56505f82078e0f899389135014c86d1e2ed49f9cd319076943553a312ae05ab333526e136714f09a402b3c8:7f653134c0b90f44a489f0b05fc40707ad9f1398f340b447a3c9861f511c9f1568803b7684a04a898c45154dd486bd50758998e126439378b3f59ff367492a0a6c137423eac790b8e8e418b290e0579c7b86b14aed818de8ce53cea3f340a1a95391f984968f2b4229282a8161c09ab149cdacd66970b4013f52e5e68ea8c9db685b2c53073500e5b35e29ea0ba1f4d159a558d361b06516836cf7b9ea501fa0506b985f036a82d9e084489d3bfed34093e2d6d9edf55785ed35a90ce56c761686cc3ea1a2c76ada5ec8c145d818b047cc516eec5d2d6a93a55592d892e3d5cd10c250c04b049b38fc7ec0f39aba15824007336c2b0f7f81d64d5ca3e29d6fda4c23d9ba65d9fe3cb4e03913697287b46a0b1fccd2624e397ae95c5254bcd88d2c7c8f70fdc8173f64c1de32281ab4184693b48a349e6782bc8992b43c7de7cb9d33929bf95306c2af7e938d8486b386f9fd3f0f7161e0e6862d4f9281446865a1c9be2460efbc20151b06e79d014617d0300e671d48767458596625b76dffc558aa9b40612196ec827e1c6fff518fb7ad4bf8c46fcb278885aa491b77a28995cfb9d79640aad174c6df43938e3f1385205c54595b33dede50143746a1705e7e0b69af4a26c3b76515051892b15ca6e48c3d91fbc75e8fe4a0fe8ed2c26c1073beb70ea38d0927029278406755ae6e11da378653649515e0085b5ea7db3249208e33a6c8b6ae8cd80c9bd6b983e73e9b91dbec091fae995f8032427edec02cad9055eb8b7dbcfa80d4f64f5727a152f11c47e52d753a57b6e5fddf774cea4da910026819c41e32b4f199727e23c54ab5d70142b854a27b04e64cf44af2a8995e1200bd117c7a1674edef59bc53f73adaf638e0773b85b56334aff6e11743e3a3d3614aa8a375b3781ec814cc08e71efa7818519cb24af82c331dfd6ac78ec17fd7174b61021e8cf901a2aaa6adbc902a916b2a2f4f79e551501fbf01df6b8518504c1e94646938bed1a8509c2a38fb6a798a7858f409b0f2fb9b3f4817e568c52d9abfe2168cc3650fc43e0f9975fe29e33aed1a7bf30d8631150790650a3cb78c368f1aea9ac60c5eeb969a45f84aa37366a83977190f41ae421e0c46fda3fa01b926fcef8224fda36df4f8a87701fe79fe0628ef0cc02df2bd783207c7db87119a0369fe16eeb38fdc9fb35d9e195fe14f8c1038208ab97700af79f2e2e05496830207c7da8dbe8e9bb73bc471a43f1be650fa92819aeb5dc7eed7eed8171270d219257d19610b89d2d62d3f5b648e139eedf1ff74be01a5ef1d95f812922601ee92515157c4ecadfa3eef9f2a677c003ca4ab9b2c45472ce55e18f40a21fe1b0d45b50b50c52a0b1a5d7c37d8ebc15e020584d9edd7b56505f82078e0f899389135014c86d1e2ed49f9cd319076943553a312ae05ab333526e136714f09a402b3c8: +7d7ca8e8d3b84344a5e4dea08b338d8faa5ffc119ce566ef656f0f4584775b210bde34b746d2c5490853064d48c6b4c1cbbc3ee7beff5e8f684c120f315d7e4e:0bde34b746d2c5490853064d48c6b4c1cbbc3ee7beff5e8f684c120f315d7e4e:0b727075345d619f5cdc7fc4c43cdc19105811d95d069f81c0a62fe1e1178cf1c35db05e2de87d11ae1a6f53ef38b39bf4ed8fbf56ef017a1d3c15b64fe4b2610bf69bd19ac7afd46a2b87b488b6c78ad456811c1dd6bd4a6b5da698739fd1a14ceb9f27f124b69f6bd16de5537aad80681c5633580394da3b84e9b7a55ebab8522d2d6bf1aa4e7b159cbf4e20b50bfe9c711aa047119f1dad8749260b87639e9c141def62026a990373dcfd99f77b0f5ea6adfd8f594b9ce41064a5ed307bf2d8d17370498ad7f45f9c4dd26c420f450f53623bb6d7f3f46a149d8f135bc2913310fb8f9043d099278bbeba39179fa367b01673e1c953effd2caea7311c47c0372744095b1c8f90eef5f1929db1996cd584f615d56fae3aecac3ee88bd0b296f449cc2713c52da695248faa8e389b05a0bcac69dce9719723194f433b0297eb0859019f141a207ce8ccb59882caa6e18f0b43bdddb90a0a85ffd577d6394a1d80489410f92afb85ba506aa9f3f427445d21224b9cb046c05f1bacd7b749fb7b1024d092e4ee4b30a46edf718470c99491c68f4879d62bfce7046d8138cbb9e7212999a4498b455fc90ac283e935de04df6fc999e4434be11063d6e4ee9e096a87bc716d2c819916c37a4e6298c49945366ec3f500720b06dc99d3d8ac303e6c264e28a7c2d419ec622a97a711544fb1f4735b11f8bb1d7e2c816a156287b4cc0c65aaa280b837737f0a84e36de2df2fc3a50df980918fb9e5834b42ac0e0c7278d7fe8db4dbdeca0141d5fef5dc6151f87b8634c241a8fa0a82717899773ae89f537890b9155a7a05bce47866ec2028a47898d485823a2e992319680eb699b0dd5358f546fc537c73d3a4b223a0941518b6d1e66b27676c1b1fc76a08320524a72e297fce17aa80d8ea7b388a55168e7dadb836e9dee707ed25c0ee4db25bee3c485b39649204efaf2820b2736368fc773ce090c385378002c471b094795cb266d39eb7580d701be4c8916f6b38bfe25fdf36d6c4adafa9ae9864c57bb737b49506ed38d62de60cc0599ec6bb1acf24b1d37d60efdeb7d942c53603a2f0476e9512c938b28d495a6f26a907c396b841aedd8e14ac447b495df1f676daccd5a740c042f5772b7db17f4f1a3a1c8e7c488370e736b51e690fd2ddcb5aa61957a7c7975acb2dcb915d074d744279ea1c4169f868873ac5c20890162c1df9656419975a43d3198e18c309a1eb7c1d87873fb15c6da47f548a01f69bdab9c39ef00d418a6f619dd73d7db45cbb6ad225a2de787ba777bc73d28fc304f10009f4022c2cf84de008d70fcdc8ba7f107c369859e9c90ca8a393b553f26605ffd7230c921490700f:d0c3e248a8cb2ddc7e9f21c9c5b009f70ea29da6897cd92c260f047ed68aa1c8b9657f9d826e88f4a512c5003be6406880741263ae7ce6860efe73ad54d482040b727075345d619f5cdc7fc4c43cdc19105811d95d069f81c0a62fe1e1178cf1c35db05e2de87d11ae1a6f53ef38b39bf4ed8fbf56ef017a1d3c15b64fe4b2610bf69bd19ac7afd46a2b87b488b6c78ad456811c1dd6bd4a6b5da698739fd1a14ceb9f27f124b69f6bd16de5537aad80681c5633580394da3b84e9b7a55ebab8522d2d6bf1aa4e7b159cbf4e20b50bfe9c711aa047119f1dad8749260b87639e9c141def62026a990373dcfd99f77b0f5ea6adfd8f594b9ce41064a5ed307bf2d8d17370498ad7f45f9c4dd26c420f450f53623bb6d7f3f46a149d8f135bc2913310fb8f9043d099278bbeba39179fa367b01673e1c953effd2caea7311c47c0372744095b1c8f90eef5f1929db1996cd584f615d56fae3aecac3ee88bd0b296f449cc2713c52da695248faa8e389b05a0bcac69dce9719723194f433b0297eb0859019f141a207ce8ccb59882caa6e18f0b43bdddb90a0a85ffd577d6394a1d80489410f92afb85ba506aa9f3f427445d21224b9cb046c05f1bacd7b749fb7b1024d092e4ee4b30a46edf718470c99491c68f4879d62bfce7046d8138cbb9e7212999a4498b455fc90ac283e935de04df6fc999e4434be11063d6e4ee9e096a87bc716d2c819916c37a4e6298c49945366ec3f500720b06dc99d3d8ac303e6c264e28a7c2d419ec622a97a711544fb1f4735b11f8bb1d7e2c816a156287b4cc0c65aaa280b837737f0a84e36de2df2fc3a50df980918fb9e5834b42ac0e0c7278d7fe8db4dbdeca0141d5fef5dc6151f87b8634c241a8fa0a82717899773ae89f537890b9155a7a05bce47866ec2028a47898d485823a2e992319680eb699b0dd5358f546fc537c73d3a4b223a0941518b6d1e66b27676c1b1fc76a08320524a72e297fce17aa80d8ea7b388a55168e7dadb836e9dee707ed25c0ee4db25bee3c485b39649204efaf2820b2736368fc773ce090c385378002c471b094795cb266d39eb7580d701be4c8916f6b38bfe25fdf36d6c4adafa9ae9864c57bb737b49506ed38d62de60cc0599ec6bb1acf24b1d37d60efdeb7d942c53603a2f0476e9512c938b28d495a6f26a907c396b841aedd8e14ac447b495df1f676daccd5a740c042f5772b7db17f4f1a3a1c8e7c488370e736b51e690fd2ddcb5aa61957a7c7975acb2dcb915d074d744279ea1c4169f868873ac5c20890162c1df9656419975a43d3198e18c309a1eb7c1d87873fb15c6da47f548a01f69bdab9c39ef00d418a6f619dd73d7db45cbb6ad225a2de787ba777bc73d28fc304f10009f4022c2cf84de008d70fcdc8ba7f107c369859e9c90ca8a393b553f26605ffd7230c921490700f: +d21fdd7b10e54a8b6be95a0224ad70664dd92112e2683a4fd279c407db3871bbf89c272e7d1cc93d69f694dec9cce05ac247734504829c56997413c8958b9330:f89c272e7d1cc93d69f694dec9cce05ac247734504829c56997413c8958b9330:b8644adbef9c7cab9120acedc8e75c433d036ffae0f955be6a488f1f427a68a8902d026e63dd6c9bf9d97de786b31dd4f4c9a4f8a622f1ffc84da6967ca77433c398f4d3f1c4434989b7ac9d0f3b1be0c8b352824f4e7a083f342ec1be1da8fb755242a654880ef298f05979ff026ddcc044860e6757a29cfaa222a3597e38f1779962a41a4c8ce6a65b878199b4d80f4a0390cac19c226eea4b6036e57ad830ecfc00693e2613d3edf465fc8c4fa293fd8cfc36dc8e37bcebabec0349ebd884e1b28bce824e0d55b6d015383801668b34f5ba723d2ac0a264fab2c728608f162de01179259be2ccb0815002fded8e0d78b02807313e910eb3a7337c534e846f9ee155426e4aef643661b0edb44596fddcd0b3e814c137817a422baa40c9053d0386c6ecdb589052594742677c48dcfc8cd4a93667ed4d87646001eda079e8b99d52ba21c5ec5669fedf6f40447a7ff8901db0ef1847d3cacf0198a2f3bd7bcf2dd811a097fc5e5188b03fdf54e517637a14501000d0d35516caf0699402b48f8d8cc3afb17a56132d08237035a0c95490bfe5d7b7fb40178f281e4d872e47a0e955ce9736f3c333a6adf50ad31994eb9f45327facc8c5d113fad4713fe7f198010d42046bbfe68b0daa79dcb8755929be92f9caa150dfbde3fc9e392b2b701c3021c240e4679de41124b1888e5db5a83d05ceaf49eb440dc45026d450bc984b8d6f02850ecb570eee0a3819b12bc26367b5b98e1b141c9b0a9690ea4a3700dad12395f975d11cd77f96368831f21f4e968cc5ba9ef82474038bc7aa26122d218b743041506aebbd1f987959fd160d6eb7d58d4f576f8c0ca8af868e39b5ea87203937e0308acbeae91e10607e44e8ab495bc01dd573fbadc94479ff92082c7bb7513479c70f0407769025d34d72140c25d821f034a39851a93c623b71c9400e942639f28bbd032e1d8d3c059f7c2cd31d7476462d2776035d07880202dbfe9e07d154622d7ac6175a5afa79fed4dcc13712620c41994e11d924308fb2ff3a1eda44c761bc736f345122f02a40ae6f7dbd03d9fe96ee3d7a3b4a5eefbfcc56dc42ef27bd8085176038b9ebae63aa75035275ec34e4185739d636246770acccc6dc620e2fc9156fa9483e0d9cae0e8c463948a3d97ae8dda5966c88f07093292cce22bbda062baafa7fe84d0ba2d2dd295b23458bcaeb2ef742a2ed1c834483cd709385afeadcbc0a9c6a4f387babf7e3dc36c810db209beb66c8666404c661dfe9d32c4c08afc6f3b1257d6484a755f5ac701eb13f87763fee330ffa0422cd80a92038c6f45292bdee5f89e94c7a652197fc1906b48258372449b1081c6b97134c43c89ee2:6d69e83b3e7ed55a85f9fc9d2519da0b0a1eb4daaee991a6651f5c89190c0de72373cd989d46be1367f9daf1b92fed3b52bba54a1e4cca5bc8726ed07f302501b8644adbef9c7cab9120acedc8e75c433d036ffae0f955be6a488f1f427a68a8902d026e63dd6c9bf9d97de786b31dd4f4c9a4f8a622f1ffc84da6967ca77433c398f4d3f1c4434989b7ac9d0f3b1be0c8b352824f4e7a083f342ec1be1da8fb755242a654880ef298f05979ff026ddcc044860e6757a29cfaa222a3597e38f1779962a41a4c8ce6a65b878199b4d80f4a0390cac19c226eea4b6036e57ad830ecfc00693e2613d3edf465fc8c4fa293fd8cfc36dc8e37bcebabec0349ebd884e1b28bce824e0d55b6d015383801668b34f5ba723d2ac0a264fab2c728608f162de01179259be2ccb0815002fded8e0d78b02807313e910eb3a7337c534e846f9ee155426e4aef643661b0edb44596fddcd0b3e814c137817a422baa40c9053d0386c6ecdb589052594742677c48dcfc8cd4a93667ed4d87646001eda079e8b99d52ba21c5ec5669fedf6f40447a7ff8901db0ef1847d3cacf0198a2f3bd7bcf2dd811a097fc5e5188b03fdf54e517637a14501000d0d35516caf0699402b48f8d8cc3afb17a56132d08237035a0c95490bfe5d7b7fb40178f281e4d872e47a0e955ce9736f3c333a6adf50ad31994eb9f45327facc8c5d113fad4713fe7f198010d42046bbfe68b0daa79dcb8755929be92f9caa150dfbde3fc9e392b2b701c3021c240e4679de41124b1888e5db5a83d05ceaf49eb440dc45026d450bc984b8d6f02850ecb570eee0a3819b12bc26367b5b98e1b141c9b0a9690ea4a3700dad12395f975d11cd77f96368831f21f4e968cc5ba9ef82474038bc7aa26122d218b743041506aebbd1f987959fd160d6eb7d58d4f576f8c0ca8af868e39b5ea87203937e0308acbeae91e10607e44e8ab495bc01dd573fbadc94479ff92082c7bb7513479c70f0407769025d34d72140c25d821f034a39851a93c623b71c9400e942639f28bbd032e1d8d3c059f7c2cd31d7476462d2776035d07880202dbfe9e07d154622d7ac6175a5afa79fed4dcc13712620c41994e11d924308fb2ff3a1eda44c761bc736f345122f02a40ae6f7dbd03d9fe96ee3d7a3b4a5eefbfcc56dc42ef27bd8085176038b9ebae63aa75035275ec34e4185739d636246770acccc6dc620e2fc9156fa9483e0d9cae0e8c463948a3d97ae8dda5966c88f07093292cce22bbda062baafa7fe84d0ba2d2dd295b23458bcaeb2ef742a2ed1c834483cd709385afeadcbc0a9c6a4f387babf7e3dc36c810db209beb66c8666404c661dfe9d32c4c08afc6f3b1257d6484a755f5ac701eb13f87763fee330ffa0422cd80a92038c6f45292bdee5f89e94c7a652197fc1906b48258372449b1081c6b97134c43c89ee2: +d336fd8408196d22fb698eb25b7654fda46f5de4c9b4d04950c398b59a44290af3cd96347cea63e500a4c92c3bf215662dd0400784dbf8b595dd3d395f90cc12:f3cd96347cea63e500a4c92c3bf215662dd0400784dbf8b595dd3d395f90cc12:fb49c19bc4444c28eb2625f31d996d5e36c57fa6fdd772e67b7199cec67eda5451712df7a69dbbd56e7c398796b2001def651c4b9c05ee31d95679535c812a37d31ddb3073199cd704ff7ca2981f7b9c927a7f7d776fb6f609f727e6ea709ce7f43a60793504169a8905d9b23109f0d867966aa3e300c7e11ddedb9cc117b904f62927e48e4d73fe1a6ceccc4ceb08e64ab55f25c98216cec937608ad793146998f14c2985e6c2910df7b1388f9dd863f1e4d7d1621479b8512cdb34e673eb02a48934e39c2d18d70f966d676a2bd75db543d25c5dcdc3ef3b8bc8201848c30961e915d968bdc31946b0d18ede7cb0166dbe1ffeff9439c9c3404af6016c73edeb253d93f562a1a6cdd57898a9b3422587d5f56af3d06b3f6c25751f44460fb3299656dc11227ef4837aabddee400fa53f69e5ced053c76dcecdf0adc9ef80f4b330542ff1fa2df0b8d43cd1c311b1b9955c632c8e5f0491931c04de434df8f7a394e5fef016db2eb7c87b2ac7a4a73043bd7f98ad0a4d453abfb0be8be4cb145742aa56aa5ef2dff12230a510e3b7f82f7847700eeea5905b0289696c4c142bf34bcf81a962d75b8d091055733779335b7fd47a20d17c948ab732947832674371e22e711134f5c919792357f79bf70c4470787528434fc0b4ca093ee92543420d1ca81124f5585317e250821a4f3d8ce0f919de9fbf0127087e676903f6cb39025bcc73a0762954b72e66a6be9b96c97b6f6030bf5ca0bc2727a9a179cf9d9405f3fe18f3492389079a5b65bcb13a0d5ef41c2cd97e702cee4a2feb1e6702bd4c63fe0a4ae994c4287a837bc3f64c2d898857cdb32acd4bd133676e51f77bc7110e3ce52d9204fd2691a6d37078f68e7bcef30fc9c483985822b661119238e40f9cfdcabef2d7b16b059ab24adc05003712bbb128096e37f91bc4c5c81508be27fa0b84940be36bced2e65cd36b39fbdc5ea68614159228ca65c5d8407baf663b528e7d87734c7bc77dc8431a1dd6873cfddfc3e757d9ad1fedd3c798f1fe60e715ee48a6bcbb13b616a89a38e336489d3d6ccb726914112a1bc5d977c9b2a3fac107ad094b038ab75468263c34bda817c056e07a6c56697cb64a0b1f966f6de0bb1c0a71c8a5fe133ba2036d24daccad3fa03b39cd27f832752751055a8155913d040f51dae78d71946ca04d83c7c894c280aaec285543e5fd5e327accca9abef156a13b9571446bd8007ff92dbc0fbaf23a9441b53c1cd740c34c282929101ad2ea8b85d70052991b774e92ff75cc85113e0900b51b863e1f2adaab2dbcf46af479ea248ec2889afbfe737408393a2b1b3301f65c1fac8b676795ab5bf447f05e0daf6776:af7e2df7529fd18d1b21b8fd4c0681505918e2511434fe4e4954e743c1cfa45e4109d36c3eecf2e25d209b9b5d25f7cbc380296d647752e30d3bea3b929b0903fb49c19bc4444c28eb2625f31d996d5e36c57fa6fdd772e67b7199cec67eda5451712df7a69dbbd56e7c398796b2001def651c4b9c05ee31d95679535c812a37d31ddb3073199cd704ff7ca2981f7b9c927a7f7d776fb6f609f727e6ea709ce7f43a60793504169a8905d9b23109f0d867966aa3e300c7e11ddedb9cc117b904f62927e48e4d73fe1a6ceccc4ceb08e64ab55f25c98216cec937608ad793146998f14c2985e6c2910df7b1388f9dd863f1e4d7d1621479b8512cdb34e673eb02a48934e39c2d18d70f966d676a2bd75db543d25c5dcdc3ef3b8bc8201848c30961e915d968bdc31946b0d18ede7cb0166dbe1ffeff9439c9c3404af6016c73edeb253d93f562a1a6cdd57898a9b3422587d5f56af3d06b3f6c25751f44460fb3299656dc11227ef4837aabddee400fa53f69e5ced053c76dcecdf0adc9ef80f4b330542ff1fa2df0b8d43cd1c311b1b9955c632c8e5f0491931c04de434df8f7a394e5fef016db2eb7c87b2ac7a4a73043bd7f98ad0a4d453abfb0be8be4cb145742aa56aa5ef2dff12230a510e3b7f82f7847700eeea5905b0289696c4c142bf34bcf81a962d75b8d091055733779335b7fd47a20d17c948ab732947832674371e22e711134f5c919792357f79bf70c4470787528434fc0b4ca093ee92543420d1ca81124f5585317e250821a4f3d8ce0f919de9fbf0127087e676903f6cb39025bcc73a0762954b72e66a6be9b96c97b6f6030bf5ca0bc2727a9a179cf9d9405f3fe18f3492389079a5b65bcb13a0d5ef41c2cd97e702cee4a2feb1e6702bd4c63fe0a4ae994c4287a837bc3f64c2d898857cdb32acd4bd133676e51f77bc7110e3ce52d9204fd2691a6d37078f68e7bcef30fc9c483985822b661119238e40f9cfdcabef2d7b16b059ab24adc05003712bbb128096e37f91bc4c5c81508be27fa0b84940be36bced2e65cd36b39fbdc5ea68614159228ca65c5d8407baf663b528e7d87734c7bc77dc8431a1dd6873cfddfc3e757d9ad1fedd3c798f1fe60e715ee48a6bcbb13b616a89a38e336489d3d6ccb726914112a1bc5d977c9b2a3fac107ad094b038ab75468263c34bda817c056e07a6c56697cb64a0b1f966f6de0bb1c0a71c8a5fe133ba2036d24daccad3fa03b39cd27f832752751055a8155913d040f51dae78d71946ca04d83c7c894c280aaec285543e5fd5e327accca9abef156a13b9571446bd8007ff92dbc0fbaf23a9441b53c1cd740c34c282929101ad2ea8b85d70052991b774e92ff75cc85113e0900b51b863e1f2adaab2dbcf46af479ea248ec2889afbfe737408393a2b1b3301f65c1fac8b676795ab5bf447f05e0daf6776: +6573227841f6f92831146c44c0e480cdf544bb876552cc5f9d42f15bdcc044b8192257a54ce5d04c19439fdc9ede18ec856e29870e24d3731fe2224799949b7e:192257a54ce5d04c19439fdc9ede18ec856e29870e24d3731fe2224799949b7e:6e7c6b122ab36bd135f69e2b85e7fccefb072c12cf088a3229d876eff532389f0577116f7af29f1195e3828839381380467178b229c5a18d7c4943ec970dd18bce723bd0ca91ffa95563546a324fe0b9bf6c0455d4276039e8d291fc7276aa55a1cd3ea05282654a7f9700adcbc78077c5dd0fc86eced48f4a60ccb76bfb8b4562bac22a02d19e4489394ab9719fc144f5db2ef039b37f3b51d1d657a0cf835d71f1a4af01eb9fd885c604a624cbe910bfde093ad3f0cbfd9a48307329d44234bd01191d56e522d72b54e1fe4733da3aec6827eab3554898e03e577b4e7b9dd3f308e616808d0294499f2886295e54c360199ca83a83ff46195ea3c484a66838d51acbe9611eee036ae281c6793cbd451f9271fb5d25ea7c1899ab5d43ed8b9d067bc56d8d4a15f1dab8d8d95d1b17af64cb18c1147551147addcbdd53fbccd9026f855547131bee95071639f649f2d035a25a3e42e38e22bbf038106ce8bc4ad6768ab92cd57afacd04ee55cf0714b768952dac240b1e9b2835ecf7b0d6c407c82524a923b9f54d1b8f12564a872144efad3f3a7d2397cd1217dc5a9c96e43b2960a8425e97e07a02b0dac90f346b91a346a23ed2bb7fe6919c22dff03f62da7dba176e8ddb22f3f3a668891d3f4e69548d0ac4e71e6d28ed5a67ab5ac611d460b67a201f4f56a5003ca7a7d1cd1db6c10075b09227cb8c5dc1666f8be710b4b7bc2b95ae60da4f64179a50d2f88744361591671d36b7296315f6996439ad79821da8e772dfbf55a90d5d52ef7d76b35ffebd42e3525f4530c54a0f23b4d07c5f5974470e89404d176eeff9ef2333619691c59b7aadd42c296b1d0d328d9a3bd59a54bba93a0c1f1d62418c2190c38174b6abea02db66e818320ec4b8bac1c12f18f30dade27e63c58f9e7caf4bf69b265a2f9d91800861acf479e65ec17e680577e058cb16c109bcf9b2909fce3361a2c2685c10be8540a1222db5ecf0cc4d53a4214b7bf6248adc3a861e34841a3779c46046c5364f1ea91a78c9700d462ecfaae36ba760c1bd6a237c961edf4022cedefe5e937bbed7051ae61b96d08b0487ce0568ff0d32740bbd49ad0db86e09102ab21a915616e9dfddc81ebfb36c903e07a40cd2dd119ff4a50b93fc6fdfc0f36e59e0148fcff3fe8e2cd6d30a9e4b8f015567d118b6274e1ed75b22e44ca9d9dbfc160742cfac581e1a0bf5ff3326bc5f7896b9ca05a811d55e97c834d37a6495cc26cf442bd2d90129895e9cc0ed01e2155293f47a07ab5880c6ca29ed44d9ccbcaada7f3eb60402181488654e04911578b1aa9cdd4b86b0dd2450df3a43081e4110ab58de763924d3c89152e99293e638f9acd8d7:538eace493de53384b1e985bb907c094f8168430dab14d37791be6e78ff3f5a306ec70dcac86d993a4c1f75850786d795f022b79be6a547769e41569c5a9a30a6e7c6b122ab36bd135f69e2b85e7fccefb072c12cf088a3229d876eff532389f0577116f7af29f1195e3828839381380467178b229c5a18d7c4943ec970dd18bce723bd0ca91ffa95563546a324fe0b9bf6c0455d4276039e8d291fc7276aa55a1cd3ea05282654a7f9700adcbc78077c5dd0fc86eced48f4a60ccb76bfb8b4562bac22a02d19e4489394ab9719fc144f5db2ef039b37f3b51d1d657a0cf835d71f1a4af01eb9fd885c604a624cbe910bfde093ad3f0cbfd9a48307329d44234bd01191d56e522d72b54e1fe4733da3aec6827eab3554898e03e577b4e7b9dd3f308e616808d0294499f2886295e54c360199ca83a83ff46195ea3c484a66838d51acbe9611eee036ae281c6793cbd451f9271fb5d25ea7c1899ab5d43ed8b9d067bc56d8d4a15f1dab8d8d95d1b17af64cb18c1147551147addcbdd53fbccd9026f855547131bee95071639f649f2d035a25a3e42e38e22bbf038106ce8bc4ad6768ab92cd57afacd04ee55cf0714b768952dac240b1e9b2835ecf7b0d6c407c82524a923b9f54d1b8f12564a872144efad3f3a7d2397cd1217dc5a9c96e43b2960a8425e97e07a02b0dac90f346b91a346a23ed2bb7fe6919c22dff03f62da7dba176e8ddb22f3f3a668891d3f4e69548d0ac4e71e6d28ed5a67ab5ac611d460b67a201f4f56a5003ca7a7d1cd1db6c10075b09227cb8c5dc1666f8be710b4b7bc2b95ae60da4f64179a50d2f88744361591671d36b7296315f6996439ad79821da8e772dfbf55a90d5d52ef7d76b35ffebd42e3525f4530c54a0f23b4d07c5f5974470e89404d176eeff9ef2333619691c59b7aadd42c296b1d0d328d9a3bd59a54bba93a0c1f1d62418c2190c38174b6abea02db66e818320ec4b8bac1c12f18f30dade27e63c58f9e7caf4bf69b265a2f9d91800861acf479e65ec17e680577e058cb16c109bcf9b2909fce3361a2c2685c10be8540a1222db5ecf0cc4d53a4214b7bf6248adc3a861e34841a3779c46046c5364f1ea91a78c9700d462ecfaae36ba760c1bd6a237c961edf4022cedefe5e937bbed7051ae61b96d08b0487ce0568ff0d32740bbd49ad0db86e09102ab21a915616e9dfddc81ebfb36c903e07a40cd2dd119ff4a50b93fc6fdfc0f36e59e0148fcff3fe8e2cd6d30a9e4b8f015567d118b6274e1ed75b22e44ca9d9dbfc160742cfac581e1a0bf5ff3326bc5f7896b9ca05a811d55e97c834d37a6495cc26cf442bd2d90129895e9cc0ed01e2155293f47a07ab5880c6ca29ed44d9ccbcaada7f3eb60402181488654e04911578b1aa9cdd4b86b0dd2450df3a43081e4110ab58de763924d3c89152e99293e638f9acd8d7: +a63c1f54b2ca058fed2ee2504b983ff33d570a9baba583c086cefe19f43ec49d329b866bca4194297fc1ad5a0eba0df956699c74ab7da5fa5462bd0661471020:329b866bca4194297fc1ad5a0eba0df956699c74ab7da5fa5462bd0661471020:791b86fd587713478f9234ff30cefc123cd7c3eb125fa74e4c6db64e7844f7c85b1686e71ed08d1a6a04e0ebbdff4ab160c976c8ab9b505f6a7eb0a18427e999a8828df10684f8c75b6a6b0a64c0afa4bb22bed1cb9325359cac3b8c508d98bcb0ebcd748dc132f1d6a360a4450d1292a1fefc4e57e4107a223f421e7d14a384b85c18844d0b9eed2ecb81bb74e8a12652d98505795a013116a7076ccb5493d6a711f7637e97a780e74da1b39b15cc7bbde2e6c4d0d3e8300597c836e80bcb8d8081d974e02432eac88368211d3aaae89a14417108e1ff6737083849c625b40d631f6c8357220c7f37380b3b2cc5d0e2df6b4d1196579dbc57b6c9ea0d41f4fa0e556f943c9448ef42fc78df5996648ce2f3de04d8a663f967f3d933d4f65357ab29ba5b6405fb162972578ddbb2367bed143c854c1088de921d79f5a92a854837eb7702e1ba925c6eac23d134ba1bafc5d46de2a1942c7f366f701b0afabb75cb1d808e1a1e4e3ae5de88e8e9989757458bddd8a806c110cc3a733d1d4ac58a405c4d81134fbc24ccde7d5afe420f9f1785f0a5020fafbb2261222508aa0528b7b48b567200958425efcb42934a880b133444bb109f2a954cfa35a2d17cb05ee3f16d06b321a15f91339abeda243ad6c0919fac51e907e053fdeed1cf03003734137793941b8adf9ab6af819c245d6d56f16964c8a75b0756a8cb0ca8c12ac6e6b3942eebec2f868835f81b109db498a4ca2e021fa765608d23d803dedc9e51453fc1d2a6a38a4aab257c0fe7d67d32a541e014b60e1013a92c1b3ad9e6f11be293b246f9a0c6440b0b54fee75fed2fb75cc91ecb32738c495831586a11242d87dcb4883edf6757a50b18843759b98dd0cef4a3fe10d76370ecda8c83fab87eee2656c5f261c340ea91a560d0e2c64289267f0036ba35944800a5a0aef3f1df839a724e181d79b8a3c16f65ae27953c4aae8ccd30ff5acc4b31e4765c68fb38319f10acf89247b5a39b3b08a191754a24aca9596a1f8a70b6e4f03a2004a9086ff6ed07652a926e1e2df7bdccd5bec16e5c4e968364a09abf9ded93df5fca0bcca5c812976e5cfb3c3493fc175d1d92ee8d1c98fb3382b3ab90c5c0e4bdf6a3ac94767b68d47e6b9c244265e3b1ab0623a8f0100273f2c607de89612c72d39be4c0b4d77a3c61368df40b3608652989d1e19c0aaf0e3c253e562c6409fe6448929b33753de162e6de5bd466a5114fc0e5f57102755e29544f03b28d4f78de9a024dd4c4e8c3c2d44115a7ae15edb4f558aa7dba6426e7e372c54f7940bd7714467f8c3a1add3c640189c31660d8cc01d3c5382e42abc104c723f948a804ca853047b6b87b5b6ef4:283359be41290a51e6a7c5d5725ca4ea0a68f14aca14b0f02566dee21f490da3c7e95f7ab739bc35a7f4f232e971aa157657a633eba0e72dc97af32cdb928702791b86fd587713478f9234ff30cefc123cd7c3eb125fa74e4c6db64e7844f7c85b1686e71ed08d1a6a04e0ebbdff4ab160c976c8ab9b505f6a7eb0a18427e999a8828df10684f8c75b6a6b0a64c0afa4bb22bed1cb9325359cac3b8c508d98bcb0ebcd748dc132f1d6a360a4450d1292a1fefc4e57e4107a223f421e7d14a384b85c18844d0b9eed2ecb81bb74e8a12652d98505795a013116a7076ccb5493d6a711f7637e97a780e74da1b39b15cc7bbde2e6c4d0d3e8300597c836e80bcb8d8081d974e02432eac88368211d3aaae89a14417108e1ff6737083849c625b40d631f6c8357220c7f37380b3b2cc5d0e2df6b4d1196579dbc57b6c9ea0d41f4fa0e556f943c9448ef42fc78df5996648ce2f3de04d8a663f967f3d933d4f65357ab29ba5b6405fb162972578ddbb2367bed143c854c1088de921d79f5a92a854837eb7702e1ba925c6eac23d134ba1bafc5d46de2a1942c7f366f701b0afabb75cb1d808e1a1e4e3ae5de88e8e9989757458bddd8a806c110cc3a733d1d4ac58a405c4d81134fbc24ccde7d5afe420f9f1785f0a5020fafbb2261222508aa0528b7b48b567200958425efcb42934a880b133444bb109f2a954cfa35a2d17cb05ee3f16d06b321a15f91339abeda243ad6c0919fac51e907e053fdeed1cf03003734137793941b8adf9ab6af819c245d6d56f16964c8a75b0756a8cb0ca8c12ac6e6b3942eebec2f868835f81b109db498a4ca2e021fa765608d23d803dedc9e51453fc1d2a6a38a4aab257c0fe7d67d32a541e014b60e1013a92c1b3ad9e6f11be293b246f9a0c6440b0b54fee75fed2fb75cc91ecb32738c495831586a11242d87dcb4883edf6757a50b18843759b98dd0cef4a3fe10d76370ecda8c83fab87eee2656c5f261c340ea91a560d0e2c64289267f0036ba35944800a5a0aef3f1df839a724e181d79b8a3c16f65ae27953c4aae8ccd30ff5acc4b31e4765c68fb38319f10acf89247b5a39b3b08a191754a24aca9596a1f8a70b6e4f03a2004a9086ff6ed07652a926e1e2df7bdccd5bec16e5c4e968364a09abf9ded93df5fca0bcca5c812976e5cfb3c3493fc175d1d92ee8d1c98fb3382b3ab90c5c0e4bdf6a3ac94767b68d47e6b9c244265e3b1ab0623a8f0100273f2c607de89612c72d39be4c0b4d77a3c61368df40b3608652989d1e19c0aaf0e3c253e562c6409fe6448929b33753de162e6de5bd466a5114fc0e5f57102755e29544f03b28d4f78de9a024dd4c4e8c3c2d44115a7ae15edb4f558aa7dba6426e7e372c54f7940bd7714467f8c3a1add3c640189c31660d8cc01d3c5382e42abc104c723f948a804ca853047b6b87b5b6ef4: +5b67a6d7c650dd92ddd036ce7a305bc959a497c5e515a68493035cb3850ee03d4c6fc1640505fb46669f93048f8ef557099f3fd92a53064b163363a31b7f00aa:4c6fc1640505fb46669f93048f8ef557099f3fd92a53064b163363a31b7f00aa:62ccde31772c57e4853aaf2a8181fdb53fb82790ea6501bfc8f5d4ae8dbd52de42ce2e8961ac1731f4bc085fb561ef09a2442970b6297901aeaa2ee555b7d5e3951c7c351239ddee95ff54f924da95cae7b15ba6a9a1337b8ce4921ed913cd791c1c6941080e548f3c36e845acbfd8d8ce35e2fdc2a2ad6c7e2461bfcbf1aabc55cf0fae428885be5e86533308c9756805219abd7ffc1657b6f4632920a0c10e0e363319d900fcd61e7ddbcd6e762a7db92480c363b2c0640c6bf32d690dd829d8405fa66e4783ebe1cbde9547954a90baad9f774e94549abbff2c1f5caec2bfd28e415d36429d58518c3e17e8699e1989d47b8d627ef9ab4d1e7d120b372c2141304f7fabd0265b8be41f5467f4de9e65c125ee1f27a289c4f7c9a1fbf25bfc2f8d308e7ff52191cb7644c6af204522f2ac87b5f40525fd43d308c8dbc6a861d25db23ee276678a1b6e8e91283be02470482ed6cc9f6e396351d11b1c7e22329c091fe7d368f60653f93b0f6a3f712c20f9d2d8a9a0819872f0c71d7b1c0bc1683a152b484bc21cf556093ab4c0ac16d322ff0bf452e5581e1e7241673884023c7d6e17e2de8059f60e4c18e13bd55fcfee623fd0469c0d0911611d099a257020f2f31bf5078e6e65a135d5bf407620236d6cc759310fa728ff8bb5ec56abbe1a3cd15153f892d958d30d162d01ee665f5b562781d8dcf8428059e5fd225ad78a99ea760fe5d9ee8219c95acb18d05622e10a9b6c67f6d4f6ed11635c5e2e0f85dd5d3cbda65aa423d594a80b40427bc321e0eef9afd2bc8746ab7399ff6d0e1287b661ddc4062d072018f4c10e86cfaed72d9e686ed09d5255d360e3eea2c29b9eaea05fc78c8cdb8c9d4afc7adc6d4aa067b7abfb0a4e940a77580ec206456cb9e9f95f6d565d536e535a167ede8e20ec36081e2fc55aefaf24d227fffe5e6cb03093f443b4c51655d91ca6f275959d1a802adeab44701b31e8b0fd0222c499966c72d1020ad9370e2802be04c9933f6b774f6e8c69fc0bfd315939a127b4e06d0f6f5ede671ce11612126b5187b53329b0a9cb7da3b1ccd67b8c07bab99a662df8ce851f502fc4e1ed1632b6ba555544018f7527e362efc7e3b2ba6f75a1254f428b3b7e0bea69549e7f9c736275550080aee3af5914e3a34be656c77f6b29420e5433f3dff3811f3528208e9d850aa3c29b0f778a2427d5fde30732dfe50443a9c1ad55c72a08ab26ffaf8efb90bcafd3726b00c005c8c0f0dbf2a1353086721e446545b813441194a755fd26b963afd977278d1b10f09001c7ed975403c15cbe7f992ab07b8470c939f866f420f77db779af839700329e0777a6116365d76c36d09d860472a5:0f073c9a586f6f5e08389a2a5e1808e270f0edb6af104496f93757623fea53133a731c445ac23578cd56a3883c08958668631fedf1446ce34f857f90822ba80a62ccde31772c57e4853aaf2a8181fdb53fb82790ea6501bfc8f5d4ae8dbd52de42ce2e8961ac1731f4bc085fb561ef09a2442970b6297901aeaa2ee555b7d5e3951c7c351239ddee95ff54f924da95cae7b15ba6a9a1337b8ce4921ed913cd791c1c6941080e548f3c36e845acbfd8d8ce35e2fdc2a2ad6c7e2461bfcbf1aabc55cf0fae428885be5e86533308c9756805219abd7ffc1657b6f4632920a0c10e0e363319d900fcd61e7ddbcd6e762a7db92480c363b2c0640c6bf32d690dd829d8405fa66e4783ebe1cbde9547954a90baad9f774e94549abbff2c1f5caec2bfd28e415d36429d58518c3e17e8699e1989d47b8d627ef9ab4d1e7d120b372c2141304f7fabd0265b8be41f5467f4de9e65c125ee1f27a289c4f7c9a1fbf25bfc2f8d308e7ff52191cb7644c6af204522f2ac87b5f40525fd43d308c8dbc6a861d25db23ee276678a1b6e8e91283be02470482ed6cc9f6e396351d11b1c7e22329c091fe7d368f60653f93b0f6a3f712c20f9d2d8a9a0819872f0c71d7b1c0bc1683a152b484bc21cf556093ab4c0ac16d322ff0bf452e5581e1e7241673884023c7d6e17e2de8059f60e4c18e13bd55fcfee623fd0469c0d0911611d099a257020f2f31bf5078e6e65a135d5bf407620236d6cc759310fa728ff8bb5ec56abbe1a3cd15153f892d958d30d162d01ee665f5b562781d8dcf8428059e5fd225ad78a99ea760fe5d9ee8219c95acb18d05622e10a9b6c67f6d4f6ed11635c5e2e0f85dd5d3cbda65aa423d594a80b40427bc321e0eef9afd2bc8746ab7399ff6d0e1287b661ddc4062d072018f4c10e86cfaed72d9e686ed09d5255d360e3eea2c29b9eaea05fc78c8cdb8c9d4afc7adc6d4aa067b7abfb0a4e940a77580ec206456cb9e9f95f6d565d536e535a167ede8e20ec36081e2fc55aefaf24d227fffe5e6cb03093f443b4c51655d91ca6f275959d1a802adeab44701b31e8b0fd0222c499966c72d1020ad9370e2802be04c9933f6b774f6e8c69fc0bfd315939a127b4e06d0f6f5ede671ce11612126b5187b53329b0a9cb7da3b1ccd67b8c07bab99a662df8ce851f502fc4e1ed1632b6ba555544018f7527e362efc7e3b2ba6f75a1254f428b3b7e0bea69549e7f9c736275550080aee3af5914e3a34be656c77f6b29420e5433f3dff3811f3528208e9d850aa3c29b0f778a2427d5fde30732dfe50443a9c1ad55c72a08ab26ffaf8efb90bcafd3726b00c005c8c0f0dbf2a1353086721e446545b813441194a755fd26b963afd977278d1b10f09001c7ed975403c15cbe7f992ab07b8470c939f866f420f77db779af839700329e0777a6116365d76c36d09d860472a5: +2631c8c34d2948ddd5996b4149cefd238ea7452ec22e246124dfa279ccc27db8c3906786ffb8a7c27c44c2447f9dde7d666dfe588cfc54f2d25040512a371bc1:c3906786ffb8a7c27c44c2447f9dde7d666dfe588cfc54f2d25040512a371bc1:6f9bdce1443f2856d4a2f22782835012b7818a0e020dbcc22a821658305f134234d14cea636100ed896c2a8fb0e87048ec6f8b31484f78eb171045add72c85710ec9f9b5d43623417b5653be86e7fbf8b4ff91110a808cb41acf66d436e89a737faea4eff3544960f114b833b0b4ebc2c14070b0bfb7b0057eebb842bd1c1ed458ad3428f8f72a1d1db3c4cb4797a399d47a1e6db74dcb2ee24ae81585cf66ef6d9bd223f0f54bc8c1cec1bb4460bef4ffd32ee805c3ca5ee976ff9c14559f8d756662a2bc19e4c5985406a07305c9950d866c9a79a3e5f6c5969753a170e0fc4cc09c6d87a12b44cdf3be1623159e90cab7a8a3e6f01f268595b021b1ef7d00769477270d5584c912e22a367438277f59df20c5620dd5beaa9bb60bee47f4af527d892957b2d12b678b5279a3f83264654c0a0f8d21e709668f30fb6e68f047d0d9a7c2ae9a28f7cb9dbf18f63fc1661f07d310e540c77631f5bdac5824685d7c9aba0fe1d09407a9662ef18eb3e28fd1e8bc892657bc38243a2e6453bdaeabb2791fc5489521295457ad04180ca871f6318792bd15fd1800ce59dd3ecc7e0b72979267d8183e804fdd45daad84fc4cafeb561ea8d6a74a7cde722d96253ab3e75f0adde02a61fd5e1f59cb1f5f1b2e052643589a9e4be4dd6ee64538cb0b109a113f30a58b3565624043662abe17f60e31e89c36c995e00ae07f56a9118a31aec24ad544bc965811218df827c1730bb904bb79b68613f6c994679b6990d775b5cb32db97194bd81019bea41f3a7eef501bf8491b0ea859388452e3ecbe16aa7d5691510a6606c493e4c293961bf40b4cd300d9d22ea1a7724c078b8bab1fd16504e989b136d9251ac9f1ed94a5e9acbd9c04f8058afe03049aed8ba29fa2e8fb44f8e8c04e8727f399e735e6c1496a91a9b2cd2ab02d43b285e9d7610293b6749df1044b30e2da99a564429a23e68c96fce92b08a00b7b742ba97a62ee58776d7dd565a490071d4b19dc648e03329cc5c825d387eba49e2eff6c4341865c464f13f1beb1827a7f268cc15a982480bf084fe3652c1b0e0b4ad26255859abf1c8a7f9b3bef098a9407fdea0a539eb008fdd749fa0186cc0169d9d9e68fe5e54cac32ce57b5c84c2d805eca39c2dbbdd2e02f7d228826712ff4a61411ca0aeb6f01a1f80ef29eeb071a43222d9497184bd85d9e44b166be97cfd2a732af4a233463d3ab543a7a3c7aec555656568840f4dfea217f6553aa98af324c12b2c3214ee76eec700670af68c8c1f36946efd7ff0933e5453f128e9715fdb3344ac10c4bb7ec8f10ddf5db71f1cf0efe40f75e5b6334ef8cf8429b3291e6e4ce379c178affcbc61030eb896d744d:0adc6fa40ffb81f6ef4e4187554917775cf465e7b5e857f2e1e7f400977106d2377ebc76abb1db924c64867e3c6fe38c0b4fcb1d0f9468e8fb235029a81ce6046f9bdce1443f2856d4a2f22782835012b7818a0e020dbcc22a821658305f134234d14cea636100ed896c2a8fb0e87048ec6f8b31484f78eb171045add72c85710ec9f9b5d43623417b5653be86e7fbf8b4ff91110a808cb41acf66d436e89a737faea4eff3544960f114b833b0b4ebc2c14070b0bfb7b0057eebb842bd1c1ed458ad3428f8f72a1d1db3c4cb4797a399d47a1e6db74dcb2ee24ae81585cf66ef6d9bd223f0f54bc8c1cec1bb4460bef4ffd32ee805c3ca5ee976ff9c14559f8d756662a2bc19e4c5985406a07305c9950d866c9a79a3e5f6c5969753a170e0fc4cc09c6d87a12b44cdf3be1623159e90cab7a8a3e6f01f268595b021b1ef7d00769477270d5584c912e22a367438277f59df20c5620dd5beaa9bb60bee47f4af527d892957b2d12b678b5279a3f83264654c0a0f8d21e709668f30fb6e68f047d0d9a7c2ae9a28f7cb9dbf18f63fc1661f07d310e540c77631f5bdac5824685d7c9aba0fe1d09407a9662ef18eb3e28fd1e8bc892657bc38243a2e6453bdaeabb2791fc5489521295457ad04180ca871f6318792bd15fd1800ce59dd3ecc7e0b72979267d8183e804fdd45daad84fc4cafeb561ea8d6a74a7cde722d96253ab3e75f0adde02a61fd5e1f59cb1f5f1b2e052643589a9e4be4dd6ee64538cb0b109a113f30a58b3565624043662abe17f60e31e89c36c995e00ae07f56a9118a31aec24ad544bc965811218df827c1730bb904bb79b68613f6c994679b6990d775b5cb32db97194bd81019bea41f3a7eef501bf8491b0ea859388452e3ecbe16aa7d5691510a6606c493e4c293961bf40b4cd300d9d22ea1a7724c078b8bab1fd16504e989b136d9251ac9f1ed94a5e9acbd9c04f8058afe03049aed8ba29fa2e8fb44f8e8c04e8727f399e735e6c1496a91a9b2cd2ab02d43b285e9d7610293b6749df1044b30e2da99a564429a23e68c96fce92b08a00b7b742ba97a62ee58776d7dd565a490071d4b19dc648e03329cc5c825d387eba49e2eff6c4341865c464f13f1beb1827a7f268cc15a982480bf084fe3652c1b0e0b4ad26255859abf1c8a7f9b3bef098a9407fdea0a539eb008fdd749fa0186cc0169d9d9e68fe5e54cac32ce57b5c84c2d805eca39c2dbbdd2e02f7d228826712ff4a61411ca0aeb6f01a1f80ef29eeb071a43222d9497184bd85d9e44b166be97cfd2a732af4a233463d3ab543a7a3c7aec555656568840f4dfea217f6553aa98af324c12b2c3214ee76eec700670af68c8c1f36946efd7ff0933e5453f128e9715fdb3344ac10c4bb7ec8f10ddf5db71f1cf0efe40f75e5b6334ef8cf8429b3291e6e4ce379c178affcbc61030eb896d744d: +39769a66f0ca1290fda14375b35c663f6a4b2ab3607179abd99063e2efa2c6a8f9fd4c191f38f12190d3285e20c6cee54cfd6ff315300a4efdc8a90e80af4083:f9fd4c191f38f12190d3285e20c6cee54cfd6ff315300a4efdc8a90e80af4083:ff4d8987e3fa36012b7586736b793d659754698cd12b65e5ba9d758cac1649288d20224377283ea5425dec10ab9917d18cd13d1bdf4a769f37044c84faa2a449c689e004c14e005c49da4106ff75ce1303361c6e3e34ccfee75ee9c31cbd06a4bcdbb42fd649be4dfcd664006d6a5f61077c04a6a81db36be86ba42c2951f051aeda64acea496cb924982b9f7d234ac9723fef98a8e12755e326a52fbe35851f411eeb867606d45b513f54526391c554635c180b8fd0ee451afc96e4efd360b61e6baf03dd6d19ba515c31ec1cdd3affffdb27354e3e6b56e9e1a1a1b7d4b57d9d7689bb2fea6c8d3f9ce0df2d9ee919c4230a1f20b85dfefe1ea3d7f77db470e4022429ef609b0ff44946440acb44cd13445bcfa3f20503c26c2fb663c89065fb9334a603eb9ab7152e62629233c44cb00e77716d9b72c84fd1b340634ff1cea347501576100ecb0fd1bb76ae0dff1c2b0948eb71ee2cc31e79d3015d72dbee224a980e0f95a69f793da83a2daa56efe57b2f8ceaac9e55f443ca9e732b48c75fac21c36fa77273c3f34835ffd83c96f00ac6e86cffed08153646c1cea223da9ca360cab97e03b2b6c8fba7c195a39ae52eb2ee864300ae56a10f547f99a3169872249f97774b1798935536f2f5f011ce57613a94fcb7e7286a6d49c10fd929d7671cbb8cf17dfcad4b2485c3d8fd79128721e55d84808763c2afa9c55e3b0cd7bf2f0a66b5e467bec5ee89ad570b60f188b3f7b4a511ff859312ded078d8d0091134fd49bc792d2d7d60b304941c7f23206f99e863b1e2d8c9ecffd2ff0a3a3c754985615a9a92edcead00fe0e05493b198d1f7c90088446bba46038a71f32653b5912b24f43137748b75aec2c15fe4bf5a6f86b8a6cdd9c7447f2ebb0f43b01ca1523e0d496240006ad7ffffafe0df5754b342caff3555d72a27d0b92ca1667665cec43bfb583077a9c1741fa492ce3dc2c7529cded81b8281a3f375948b8a7ced096b2facc25e39029e221b66a53d3979e1f405fd88afc06ec6e4309dc85e69d6ef2b4b49266164a9d9d1c31ee3921127b13381bfb740dd38dc1c7315921f9c2fe58b61b631a7d9fde2dd8a4be3ded0490ae3b8376791955c1c4b4fed00b9f4c38ab7350fc2e37a3150c18162b1faf0337894bc23e74f595e4be33466deab35458be97b4f7565897f06852f71c60fef9101d726b72e0102a97b2ca5211e3806834b0ac1a7df87c2a078df263ef8ba457dc891b7f2e627811ab622b9946f8c6b731f24078d17b06b200c3447f8032aa3e7a243ee422dda2e652fd75713afbce8a59ef8536653a48dcf42a70e7621f9b2802409be1c1a61f32e36789a5c5055e1a8268e9dc438c2e1527:1442dea2807e031159ec6a412d8e07bb3e299308090f218fa7c10a9c5068ef9b64ef11ca9fb92be1d0216b99318ff0f03cb871cd7dd63a38ae1702313e5b250cff4d8987e3fa36012b7586736b793d659754698cd12b65e5ba9d758cac1649288d20224377283ea5425dec10ab9917d18cd13d1bdf4a769f37044c84faa2a449c689e004c14e005c49da4106ff75ce1303361c6e3e34ccfee75ee9c31cbd06a4bcdbb42fd649be4dfcd664006d6a5f61077c04a6a81db36be86ba42c2951f051aeda64acea496cb924982b9f7d234ac9723fef98a8e12755e326a52fbe35851f411eeb867606d45b513f54526391c554635c180b8fd0ee451afc96e4efd360b61e6baf03dd6d19ba515c31ec1cdd3affffdb27354e3e6b56e9e1a1a1b7d4b57d9d7689bb2fea6c8d3f9ce0df2d9ee919c4230a1f20b85dfefe1ea3d7f77db470e4022429ef609b0ff44946440acb44cd13445bcfa3f20503c26c2fb663c89065fb9334a603eb9ab7152e62629233c44cb00e77716d9b72c84fd1b340634ff1cea347501576100ecb0fd1bb76ae0dff1c2b0948eb71ee2cc31e79d3015d72dbee224a980e0f95a69f793da83a2daa56efe57b2f8ceaac9e55f443ca9e732b48c75fac21c36fa77273c3f34835ffd83c96f00ac6e86cffed08153646c1cea223da9ca360cab97e03b2b6c8fba7c195a39ae52eb2ee864300ae56a10f547f99a3169872249f97774b1798935536f2f5f011ce57613a94fcb7e7286a6d49c10fd929d7671cbb8cf17dfcad4b2485c3d8fd79128721e55d84808763c2afa9c55e3b0cd7bf2f0a66b5e467bec5ee89ad570b60f188b3f7b4a511ff859312ded078d8d0091134fd49bc792d2d7d60b304941c7f23206f99e863b1e2d8c9ecffd2ff0a3a3c754985615a9a92edcead00fe0e05493b198d1f7c90088446bba46038a71f32653b5912b24f43137748b75aec2c15fe4bf5a6f86b8a6cdd9c7447f2ebb0f43b01ca1523e0d496240006ad7ffffafe0df5754b342caff3555d72a27d0b92ca1667665cec43bfb583077a9c1741fa492ce3dc2c7529cded81b8281a3f375948b8a7ced096b2facc25e39029e221b66a53d3979e1f405fd88afc06ec6e4309dc85e69d6ef2b4b49266164a9d9d1c31ee3921127b13381bfb740dd38dc1c7315921f9c2fe58b61b631a7d9fde2dd8a4be3ded0490ae3b8376791955c1c4b4fed00b9f4c38ab7350fc2e37a3150c18162b1faf0337894bc23e74f595e4be33466deab35458be97b4f7565897f06852f71c60fef9101d726b72e0102a97b2ca5211e3806834b0ac1a7df87c2a078df263ef8ba457dc891b7f2e627811ab622b9946f8c6b731f24078d17b06b200c3447f8032aa3e7a243ee422dda2e652fd75713afbce8a59ef8536653a48dcf42a70e7621f9b2802409be1c1a61f32e36789a5c5055e1a8268e9dc438c2e1527: +0c808b066f0c8e8dbb1c23d6c2cedd0be866d8425f241a9285700ea54536cf6d44ee72900450c56ab21f2686d29525d0663e0bdd87725beac5d68baceb69f1d2:44ee72900450c56ab21f2686d29525d0663e0bdd87725beac5d68baceb69f1d2:c945714100581f4e24da11fc0f6c6d0210433f9777525124c55ee072d85d798b705f9d31c8f977db6edfb7a65c78ad2d7d31d6b7b5be40ff1178d303b6839bb0c63210c1d338c103afa0d453eca1bca277d930778ad50802272f03dbe2184fc31ef8ea6abe216997199f7c1b337737968907272aa51bd49c07389c95468cef4fd99ae78ca4542a2bbc0e8aa95214ad1cfff9d5085a434394473b84b74be9bf2f0202ad1ee4616604ca1dd75f4a195342ebbf8fc59f3f79616554dc7bfdd556be437221c10bfad39e119e06045be5fed683d3534fb6cfed33891c96f9c330f28b684f8fbad47c01418eab6ceecc2ed777f4c218a27ac22582392315c53aa7309ec54c6175236e4424dc978465ab628d9544b0be84103eb56f1bafe5e5eaed04c98bfe2e8a2418c6c52a61eace85236b66c7b3b8707ed55641dd9d5da97c99c11cbeb9aa2db147820dc724800a9d80f505fa5af20921cad2435683bb4fc60bddd475f863e2f5950d236399d8d75b404b394a546737f93a62408700b3ab3c1e922b1a859a2915c2d35368815cd45b85b2ac083121ff000f050dcdf415e5275a5c42dae3b15400f3ddaf9339f20a1261a88cd90205639763211152df414a9a6a6218f56b35a2de9e8482449f6da77c9e3d4af0493015a726217f82ac58954fe3e2e34440356b112e06a6f671fb5a6ef4619a6ea7b4e04db3757fb664c396b341ca89001dc1604b51fa9153f9130c1020ff88909287823ab3915ccc85c4e35df6c2f8e6f902be82ba21297fd3835aff5ce02f3c07dc093fcb1aba26e06dfe6f02df79291aaca069ecab9381404c9c3ea1ad409adf292a91e3a582d5a7b68ffbe10a0305248e0967e6df372f281bd192e139979c9866ca8fe1e10e0616dc2d4f85e119e0cb4bfe8cc31d9f5c018b65408524000a3016a23d9914d57e955576e2660b0e0d96c8495a12c3d73122d200b0f0e5ebd446562b08f47934ab499a96991dcf99c96a62880739845d29820150553eae9be0bb41d53d3af01d9867bb4732c90bf6e137316e3b1edcc209a8a09fb062a6ef05f37e57f2c5d1d0cabaf07a8ed7d41455407b096754180aa96d3d96591945dd7a1040a2de60d8e1c054f7854652b732e7a8f5b6474c3baa1840fbe81b1e6b54e201ef0bc8d0f213d7cec1d824d22209ac72525a64b903e773b83f1b68f640279f15053d21ec15ce2ff75922176b7584a16bf1a1f0d636b7942a3d61862f6fd1309972d3141eb769314ca975d020bf02bfddf17d14b60eb786bf9f55989fe473320d4429677e301c682633f813ff26c0a3da92f6d0680616105b0425af338c2ea6153bdd5216fae2afe461e9249c05e32f76ad7c429d92534b686dd1:38c682cedefb13e46b11f7b5f800cc8120d45a83cd8d8dec10c577bb0153d509ba4fdf400998788b706007ce162b96945c7140beee74e19d0743afa4ecfd250ac945714100581f4e24da11fc0f6c6d0210433f9777525124c55ee072d85d798b705f9d31c8f977db6edfb7a65c78ad2d7d31d6b7b5be40ff1178d303b6839bb0c63210c1d338c103afa0d453eca1bca277d930778ad50802272f03dbe2184fc31ef8ea6abe216997199f7c1b337737968907272aa51bd49c07389c95468cef4fd99ae78ca4542a2bbc0e8aa95214ad1cfff9d5085a434394473b84b74be9bf2f0202ad1ee4616604ca1dd75f4a195342ebbf8fc59f3f79616554dc7bfdd556be437221c10bfad39e119e06045be5fed683d3534fb6cfed33891c96f9c330f28b684f8fbad47c01418eab6ceecc2ed777f4c218a27ac22582392315c53aa7309ec54c6175236e4424dc978465ab628d9544b0be84103eb56f1bafe5e5eaed04c98bfe2e8a2418c6c52a61eace85236b66c7b3b8707ed55641dd9d5da97c99c11cbeb9aa2db147820dc724800a9d80f505fa5af20921cad2435683bb4fc60bddd475f863e2f5950d236399d8d75b404b394a546737f93a62408700b3ab3c1e922b1a859a2915c2d35368815cd45b85b2ac083121ff000f050dcdf415e5275a5c42dae3b15400f3ddaf9339f20a1261a88cd90205639763211152df414a9a6a6218f56b35a2de9e8482449f6da77c9e3d4af0493015a726217f82ac58954fe3e2e34440356b112e06a6f671fb5a6ef4619a6ea7b4e04db3757fb664c396b341ca89001dc1604b51fa9153f9130c1020ff88909287823ab3915ccc85c4e35df6c2f8e6f902be82ba21297fd3835aff5ce02f3c07dc093fcb1aba26e06dfe6f02df79291aaca069ecab9381404c9c3ea1ad409adf292a91e3a582d5a7b68ffbe10a0305248e0967e6df372f281bd192e139979c9866ca8fe1e10e0616dc2d4f85e119e0cb4bfe8cc31d9f5c018b65408524000a3016a23d9914d57e955576e2660b0e0d96c8495a12c3d73122d200b0f0e5ebd446562b08f47934ab499a96991dcf99c96a62880739845d29820150553eae9be0bb41d53d3af01d9867bb4732c90bf6e137316e3b1edcc209a8a09fb062a6ef05f37e57f2c5d1d0cabaf07a8ed7d41455407b096754180aa96d3d96591945dd7a1040a2de60d8e1c054f7854652b732e7a8f5b6474c3baa1840fbe81b1e6b54e201ef0bc8d0f213d7cec1d824d22209ac72525a64b903e773b83f1b68f640279f15053d21ec15ce2ff75922176b7584a16bf1a1f0d636b7942a3d61862f6fd1309972d3141eb769314ca975d020bf02bfddf17d14b60eb786bf9f55989fe473320d4429677e301c682633f813ff26c0a3da92f6d0680616105b0425af338c2ea6153bdd5216fae2afe461e9249c05e32f76ad7c429d92534b686dd1: +049dac3c977d9df503496b43d76e5540e315001ad57f15ea9f0870cad2d4f9e9fc6f4b7eb39a711680f966d468a61abb13a9b6449bb99fda3d12ce1b506d1b4b:fc6f4b7eb39a711680f966d468a61abb13a9b6449bb99fda3d12ce1b506d1b4b:7f31e346f68da73716aacb16eea19bb24142dc283e7263ffc3f704a22ae5275a0ef95f0669bae5a54c7feb84bc74873cca0f335d6cff3d8b4a20056c64f5e882cbbbd2ac74207676467e5466ddd56aedf56e097c7f59d945915eb0ebd0c3c83d48888d3e9ede51ad2dd8a0ee1eab4cf87ffa78635afc4d6ef3e87dda3b65565c2985a4ad0acfdfb81cb0e61c67826a6ea0bed4c08aa1a541de60458704ac21ca12f1c8118bb3092c35a40c921e684564562c2c1049dcdc2b8d6a97e3567d356bffb5692a41d89ddda0ec3552152a27577f1cce57d00986dca77edf5e2518158200adf690affb31aaf2b574836839440999f15791cea85342ac94a96c7af7a19e494310ae26675f43c35258e85b6840b99c6b09cfa58d19f1e43a77e397b08c0db1830bca67b39ecd8752da611e0832c6cae7bb8ce74a82e7e7330be5062ed05aa5c84457b007fb5ccdc20a55d54d8e0409c8bd83883d2e029dff26ea5db275dce099e418659a0400f13be9ffdc14e7d645a94677ca846970b7e6ac527fa009a359454b3c49364905189fb49c9bacb650c03cd82875894e3546ba03c32e336fc6516a87676c50d5b80b3054273b157c5d767514e54574b8a101985a8e967e95da8f929800260e08148beee2d7781e9e85d463a94ffefdbb75c28fa8898015680999429cee798b3fd2d96737868a263fba9fb6f4aad56a15c6412ff85e7d3752102daaf25e745fa5f6f174a231fcce8624dd70856f9babcc209144ff6864648dea0d6884566a4c39147805be084e4740bc509309bcb142964bb0cfcf6726a0e04bbf32ae6834732bda0384cea8f4a4849bba0d18646c1c34471896b5bef149f8cab9ec83722b0fb209efe8a04c4a235dc8ddb20acd92765afbf3058740ea70b9c10d9c5aef8606298fe4151593b21f797d92ae9f1e0881b0d271b0d5b10c6ed83c349ec2473fbf2ff780dcd076d8cf0aeafa71fe2b8c5128015f8fbbcfecd5281cd5eacb6fe9ac6eaa6e47d667b9ad4b7e411e6cb7463d567607afbfd0418c4eb06afe847f5e40b499443828d5a273a4a87e46def21a919d73863af0054a099e3adc5450b8e32f51ea52c599a4a2a35351788af7cb71e5c44bcb8df54a601e6ec2c1828b48c4b1ae4463106f10efa5caf3091abf99aaba5252f484d3bbc62bfa6b2a806d23c6331a62fc46bc627679e73ec82dcc08f79143f4b71ecf357ea2f0d74e6d3058e606043f6e8fed704282c16b1f988ffa365cfae9a3cf792e0c5baad70ca7e25776018b5e7f0e9544e1d73f3e5d1e416a5e50fbed296dc1bf4b29a3fbe32efbd7e99c83015d27f535adecf175fc36c1ea4f4423b36dcdc054ba993278e85ac3622d435f5237ba61b49a:7532d1a61a981f303d7c2454354f99540cd484cde9ab337d6f7b51f179220f7fa2073476b41c71529f9836db6b1d0f5a482bbb4c68366176ed14d4d8eefade0d7f31e346f68da73716aacb16eea19bb24142dc283e7263ffc3f704a22ae5275a0ef95f0669bae5a54c7feb84bc74873cca0f335d6cff3d8b4a20056c64f5e882cbbbd2ac74207676467e5466ddd56aedf56e097c7f59d945915eb0ebd0c3c83d48888d3e9ede51ad2dd8a0ee1eab4cf87ffa78635afc4d6ef3e87dda3b65565c2985a4ad0acfdfb81cb0e61c67826a6ea0bed4c08aa1a541de60458704ac21ca12f1c8118bb3092c35a40c921e684564562c2c1049dcdc2b8d6a97e3567d356bffb5692a41d89ddda0ec3552152a27577f1cce57d00986dca77edf5e2518158200adf690affb31aaf2b574836839440999f15791cea85342ac94a96c7af7a19e494310ae26675f43c35258e85b6840b99c6b09cfa58d19f1e43a77e397b08c0db1830bca67b39ecd8752da611e0832c6cae7bb8ce74a82e7e7330be5062ed05aa5c84457b007fb5ccdc20a55d54d8e0409c8bd83883d2e029dff26ea5db275dce099e418659a0400f13be9ffdc14e7d645a94677ca846970b7e6ac527fa009a359454b3c49364905189fb49c9bacb650c03cd82875894e3546ba03c32e336fc6516a87676c50d5b80b3054273b157c5d767514e54574b8a101985a8e967e95da8f929800260e08148beee2d7781e9e85d463a94ffefdbb75c28fa8898015680999429cee798b3fd2d96737868a263fba9fb6f4aad56a15c6412ff85e7d3752102daaf25e745fa5f6f174a231fcce8624dd70856f9babcc209144ff6864648dea0d6884566a4c39147805be084e4740bc509309bcb142964bb0cfcf6726a0e04bbf32ae6834732bda0384cea8f4a4849bba0d18646c1c34471896b5bef149f8cab9ec83722b0fb209efe8a04c4a235dc8ddb20acd92765afbf3058740ea70b9c10d9c5aef8606298fe4151593b21f797d92ae9f1e0881b0d271b0d5b10c6ed83c349ec2473fbf2ff780dcd076d8cf0aeafa71fe2b8c5128015f8fbbcfecd5281cd5eacb6fe9ac6eaa6e47d667b9ad4b7e411e6cb7463d567607afbfd0418c4eb06afe847f5e40b499443828d5a273a4a87e46def21a919d73863af0054a099e3adc5450b8e32f51ea52c599a4a2a35351788af7cb71e5c44bcb8df54a601e6ec2c1828b48c4b1ae4463106f10efa5caf3091abf99aaba5252f484d3bbc62bfa6b2a806d23c6331a62fc46bc627679e73ec82dcc08f79143f4b71ecf357ea2f0d74e6d3058e606043f6e8fed704282c16b1f988ffa365cfae9a3cf792e0c5baad70ca7e25776018b5e7f0e9544e1d73f3e5d1e416a5e50fbed296dc1bf4b29a3fbe32efbd7e99c83015d27f535adecf175fc36c1ea4f4423b36dcdc054ba993278e85ac3622d435f5237ba61b49a: +f07d61b5ca1c2700cb50f900c26b7c28f6c6940808c7bafff74fca4b11f425d4eb243dfacc2dc6435776d554eced8bf92390604b35557cda51fd203eddb493fa:eb243dfacc2dc6435776d554eced8bf92390604b35557cda51fd203eddb493fa:c1c67843d69a0e62e7bf71f90206a3d5595ca3c482aaa767e931b0d6c2f4752ab86991f03583bb138e9f72fab58fd602a4b6b29602cf891408af5a1bfd3398c0178c441461e3f49bc81d64c0d97f5ded692c75d4d64dac5d80d63bd4dc5210c1d9350b142ba6e768f150807ab8a86cacdb59d84ddf660be56203c014fba1e0dc16fa6d32694e14b128edd1f6c6ab445a3ad34174fa9e4b01f25b1d5e6eb76983b4295ce4914d3ae48c704a30e554fc1f868b6272eff06da24bfe17e4e0f0fa46bb08ffb907cb61bebe52df311a64cb578b30fd627df11221ae4003a0b0c68e3c6f95a21c8500d41b2c589cc46a139cacff57dcf00759f52e9ca3dabdb1788ab6b38a5048f58e08e05c394f9d3c72113d452b7084c519f86c1689ffdbae506ed8450522cbe43de27aa3bfdd92a91b71e52a3cbf77c1bd2893eabd407a57fe5e146873bfb2043f4a6147df083e54a2208d1925813fa404e4c47406e7728643ebfb0b10142f909ef856fd3a916bc0851543b82a55f8cd529bd21d9e2909d6d7e77bdcea4673e545ff4a67fa37d65f1f63f11d5d0d55974a30abe188335db5dcbd356658f9b77682d96dabb258ea95951a0559aea4064d5ea1680501dcb4228f2c956f81d2101144af74c716bc8bf4296dc3b831725cc17d3bfd9066a29953b2ecd75059435b49a25ac525b4fbab1779022dfb6de525149dcd902ac8a7e21f344f5f0101480692d61608952c71413e30037945e206c5eeadfc3edc4bae0d796ca0c5f56d6ffb3f0969df9df8a794f5dc83a3b2f5c3ab36bb901bcc31551c550c63fa41d6a8d57bdb9b5c65bc610c3a989752ab28a015e7c2f6b2fbf199a76b9750c0d3d592119c8b4022fa45bade2fbb41432679b52acb4608a95c34aa40bffec10bc98f4729dfccb650b2a052dfb068959e648a92d5aa4dd2d17dde67cdf2e6377af0d4ae379607389d7e3596441b9f4222cff6af73b3300270ce54800bd934a9109a02563adc56ae46584451cdaf4a77538157e5870f4ae12dbc81870f5db41a2cb55e00db3d2231628f1727c3acb99ed3acd8b67156a8005a4cc8f3d3555b79a03773a931f14eebce40b9fe46ede5da0881fb220717e418e8b5a0fe5e477e7285c554e859e16441672b489934a3a9eeb88d78fcc5c1db2d1fbdde392773f6c939972ee8fa3189f4e9872b4abdc83b379c0c10e818dcff75c83d6870729284ced41f2ff55a87c960e63d1211f08071293f6ac63f9bdef38fd5919ca90b3f5e25a6c0c664c4ecf831c64e2d4c6e798a98a3a0f7be7a2463eadaa6a2a348f9a494717123cc0a28c0a5eae3f5b585f2cb8cb260c2c503e41578573cd9b7cba1408dca9d860ae4f8c3d3f322a45b58a2c4:c19b532b8248563932639701bf15bc015faebb17bb98d871616e1048d64ca5f955f558f63b5353a1576fa1acaef39bcbc9021756df5d1ab3bc741accf9059b04c1c67843d69a0e62e7bf71f90206a3d5595ca3c482aaa767e931b0d6c2f4752ab86991f03583bb138e9f72fab58fd602a4b6b29602cf891408af5a1bfd3398c0178c441461e3f49bc81d64c0d97f5ded692c75d4d64dac5d80d63bd4dc5210c1d9350b142ba6e768f150807ab8a86cacdb59d84ddf660be56203c014fba1e0dc16fa6d32694e14b128edd1f6c6ab445a3ad34174fa9e4b01f25b1d5e6eb76983b4295ce4914d3ae48c704a30e554fc1f868b6272eff06da24bfe17e4e0f0fa46bb08ffb907cb61bebe52df311a64cb578b30fd627df11221ae4003a0b0c68e3c6f95a21c8500d41b2c589cc46a139cacff57dcf00759f52e9ca3dabdb1788ab6b38a5048f58e08e05c394f9d3c72113d452b7084c519f86c1689ffdbae506ed8450522cbe43de27aa3bfdd92a91b71e52a3cbf77c1bd2893eabd407a57fe5e146873bfb2043f4a6147df083e54a2208d1925813fa404e4c47406e7728643ebfb0b10142f909ef856fd3a916bc0851543b82a55f8cd529bd21d9e2909d6d7e77bdcea4673e545ff4a67fa37d65f1f63f11d5d0d55974a30abe188335db5dcbd356658f9b77682d96dabb258ea95951a0559aea4064d5ea1680501dcb4228f2c956f81d2101144af74c716bc8bf4296dc3b831725cc17d3bfd9066a29953b2ecd75059435b49a25ac525b4fbab1779022dfb6de525149dcd902ac8a7e21f344f5f0101480692d61608952c71413e30037945e206c5eeadfc3edc4bae0d796ca0c5f56d6ffb3f0969df9df8a794f5dc83a3b2f5c3ab36bb901bcc31551c550c63fa41d6a8d57bdb9b5c65bc610c3a989752ab28a015e7c2f6b2fbf199a76b9750c0d3d592119c8b4022fa45bade2fbb41432679b52acb4608a95c34aa40bffec10bc98f4729dfccb650b2a052dfb068959e648a92d5aa4dd2d17dde67cdf2e6377af0d4ae379607389d7e3596441b9f4222cff6af73b3300270ce54800bd934a9109a02563adc56ae46584451cdaf4a77538157e5870f4ae12dbc81870f5db41a2cb55e00db3d2231628f1727c3acb99ed3acd8b67156a8005a4cc8f3d3555b79a03773a931f14eebce40b9fe46ede5da0881fb220717e418e8b5a0fe5e477e7285c554e859e16441672b489934a3a9eeb88d78fcc5c1db2d1fbdde392773f6c939972ee8fa3189f4e9872b4abdc83b379c0c10e818dcff75c83d6870729284ced41f2ff55a87c960e63d1211f08071293f6ac63f9bdef38fd5919ca90b3f5e25a6c0c664c4ecf831c64e2d4c6e798a98a3a0f7be7a2463eadaa6a2a348f9a494717123cc0a28c0a5eae3f5b585f2cb8cb260c2c503e41578573cd9b7cba1408dca9d860ae4f8c3d3f322a45b58a2c4: +50864a75aa0c69b59350077c204b20757f2b8b6855c37ed721b49f2ac917d6b2cff3ebd5ea0c8b5531d9211e2219e4cfe5ded991d8ec424df54cf53c8376f9bd:cff3ebd5ea0c8b5531d9211e2219e4cfe5ded991d8ec424df54cf53c8376f9bd:b365f476ac92e76012a7ffd8782af15a3f5ee147f603a367adf2f9724613e8765b037ac0eb1f673736e11363e352ed5ae9eb5a67125ed818900342ae93371c433b91f6021d4be2a052b0da43b3682e7f740ae801d0541057858eb0c9c28d98f03b45e128aaa342c6b602776792aa81241cad06f1338fa0c71757180f588c8301d91c27679b5021cd75d7f6171ee9f8d56e4377679812f6ec5ed46538caed500c1d15f5fc86eaf9ed9cf9a0606b22614faf676462134e3db3582332b483dfa54ca29a5eb0d6bae3380e19d060113453f32bbab7e118627b40bcabf1711bcfeab8957de339436c7088bb883101539a09d3bef088fc1f840764036ffbb33decd12aac57fd26f84823e19553d4d67e000e9436ca323de099bc1ce75ebf5ddccb448cd7a2e4bbd6b32e3f2024f96cc5c7152b8be8ed0bd8e436d324d1ce1dd3cfcc452a28c73a95af8482aa772ae53d5be1292e39d1716b43758fe563c8aa3b74bba5c02d04778d91e3d43dcc72bb7c7b043c05c8745b705ee75b5a4ec7b95b654359fb5e853338219851d40a8afbb4f91ecbb41eb81534196cc0cc9d3eb714396caf045b231722d4486503640419988480a7815808be974287372cfc489965aac5b8095c637581eb910f9055cd1c0a0a3b0b33aca90f7c5b8e6ef683abf0ce53aeba51bec4fc7b427a2347360fca8636d3f1469284f269a9abf0cb1a244a15d6b40465e75cf89092474a8beda033391dd311c499519a08c4f034e71918d7cad41845327c89e7b1e94afb0723782ce5c553ef36791bba63de17d746491894012cebd87b1837a821ef5c624bbc84cc5035f5e70cd9f21b42219a2dce30e0e65c250d0d194d2b52486b03ee66332981a5225174db17e5a8bb4a10ed9c8a445c41442f3bcdb6b4f49e4e1dc87661a7b6e41f35f55dd67bd4cbc6ff58bfbffaffd2c382fcad0cae8f0df9af6acf0940007618a54aee31d932cbd8e8b41ca03821c428a0ef8e58d2435eecd503c54da9c1628f3c749b770519f53bf2d57ed712d075d37337b77a2b10a72d2d590c20d5cec2cacc6c3a8dc113e2d16ef2d1b390ed96e4036acd304e0c7cef9d431f88218aa1f83828dda636b94aa761c7317ecf116cbfc611e5ba6d94c50e994693023bdf2d248ed603f85be73a0008b75adef951dccfa30e42e9f5bb05023ade797506cbf90bb6dce43cf3a1c3141a5cc5fd9a4f3cc557b90e18049b3c130f461e4f32299fa1d1cf9c7f2ea2053565e8160a341cddf99acddd491697fa705124abdab42a5e8fcf048dd9f179384ec92a469aeb11e8bc62b69dbcfcec6681754757e4c5d0fdd9b9cfda49af09b83a5a4a10aed9a4cf7ddfa289209d475ab3318cd4b965e007dce1:177455a71694f12b762fd17e08bdf010a7fc91d19141d7ae2399bd241a998a6a50a9722ac1232c59e4e2aaa828078b2b92f4a54cdf0efebba2c16dbeaf072203b365f476ac92e76012a7ffd8782af15a3f5ee147f603a367adf2f9724613e8765b037ac0eb1f673736e11363e352ed5ae9eb5a67125ed818900342ae93371c433b91f6021d4be2a052b0da43b3682e7f740ae801d0541057858eb0c9c28d98f03b45e128aaa342c6b602776792aa81241cad06f1338fa0c71757180f588c8301d91c27679b5021cd75d7f6171ee9f8d56e4377679812f6ec5ed46538caed500c1d15f5fc86eaf9ed9cf9a0606b22614faf676462134e3db3582332b483dfa54ca29a5eb0d6bae3380e19d060113453f32bbab7e118627b40bcabf1711bcfeab8957de339436c7088bb883101539a09d3bef088fc1f840764036ffbb33decd12aac57fd26f84823e19553d4d67e000e9436ca323de099bc1ce75ebf5ddccb448cd7a2e4bbd6b32e3f2024f96cc5c7152b8be8ed0bd8e436d324d1ce1dd3cfcc452a28c73a95af8482aa772ae53d5be1292e39d1716b43758fe563c8aa3b74bba5c02d04778d91e3d43dcc72bb7c7b043c05c8745b705ee75b5a4ec7b95b654359fb5e853338219851d40a8afbb4f91ecbb41eb81534196cc0cc9d3eb714396caf045b231722d4486503640419988480a7815808be974287372cfc489965aac5b8095c637581eb910f9055cd1c0a0a3b0b33aca90f7c5b8e6ef683abf0ce53aeba51bec4fc7b427a2347360fca8636d3f1469284f269a9abf0cb1a244a15d6b40465e75cf89092474a8beda033391dd311c499519a08c4f034e71918d7cad41845327c89e7b1e94afb0723782ce5c553ef36791bba63de17d746491894012cebd87b1837a821ef5c624bbc84cc5035f5e70cd9f21b42219a2dce30e0e65c250d0d194d2b52486b03ee66332981a5225174db17e5a8bb4a10ed9c8a445c41442f3bcdb6b4f49e4e1dc87661a7b6e41f35f55dd67bd4cbc6ff58bfbffaffd2c382fcad0cae8f0df9af6acf0940007618a54aee31d932cbd8e8b41ca03821c428a0ef8e58d2435eecd503c54da9c1628f3c749b770519f53bf2d57ed712d075d37337b77a2b10a72d2d590c20d5cec2cacc6c3a8dc113e2d16ef2d1b390ed96e4036acd304e0c7cef9d431f88218aa1f83828dda636b94aa761c7317ecf116cbfc611e5ba6d94c50e994693023bdf2d248ed603f85be73a0008b75adef951dccfa30e42e9f5bb05023ade797506cbf90bb6dce43cf3a1c3141a5cc5fd9a4f3cc557b90e18049b3c130f461e4f32299fa1d1cf9c7f2ea2053565e8160a341cddf99acddd491697fa705124abdab42a5e8fcf048dd9f179384ec92a469aeb11e8bc62b69dbcfcec6681754757e4c5d0fdd9b9cfda49af09b83a5a4a10aed9a4cf7ddfa289209d475ab3318cd4b965e007dce1: +e55f220fff8079148b254189bb294174f8e2c575e57f39d4bac8165c5e56e7697fd507d03fe1d6e3f911f059597b0e292ea096f5bc851852916bf1217cafdc6c:7fd507d03fe1d6e3f911f059597b0e292ea096f5bc851852916bf1217cafdc6c:1e2ce8bf0ea7875df285b1dbd34bbe67307f2e8ac8bc142c3ba314c1642c65a2d62eb2c783f916283ca4ec3e536d3eeb65cfdcc0549ac4f6a45f539ac5df79a6d5768219739d0c9a0cdbb31242296c3312b7ed560043f536cd1de9a9c2b289641a1c2d84f9a68b7c03b8b8567e5dc7138c2cb967c628aa25b2eab434d4490b23507409717cde94da59dc1dc25c7be42a8aa02edcf4d995368e6ba0ee1f953600db98d22de0f8d257020e0a406ee1669bd527b9fe1c611f9be5a3d7528e8b6151670a8663d2ed1a58d3e369bb722a6302d7c172a19bdaf357eedb02279156e3b9034431a7d68a39528eb4023587573eb88f30f94e833e8a23b9d0ac7b5ca87824596bbb0a3d0ca1b16a6878fdf7e2cea34a6ffb95a9ff4e888a97593735b868da75d8707bbfdb1d93eb86a51e2d215f1dd9dcf78388729a3eb0f066ddc941e950c92127198bce63a54868d997029572ffa6f6fea1d3a69164c9996953dc8b6f9dad0635c9b081f55f983340f0814bf5470803090e7997f7ab796c2b15adaf4021d67cffaf6e1ef62867503945c21a329664e08a95a41582300da9bed208444ce6aa12b3f867795c6ee4c4c9257018627361293bd527821a29a339b404a2da4bd9944f877040798bb54abd2d76cbb18df4297f4ce3337f64d20580aa64bdecac376a6a4ff74d0144b2fe74cef82d50a5e6bdd799e55ff69662bac537adcb6881228cb63704500c143a4f4d1db28d4556bee604a399ffd206546597dee92252547f6c657f36841a87d565f6552716c25a21151477bee9ef961855fb1af2da8068f28ce9ff70d5252c7a63a2e14ded6b8977b1d7691a77ed2e57d22ff2e1fc4cdbceb5e805858d903896ea6707e48b345f60e2818b2fcec4dba48caea9efa38279fb83d5b0f46a45e42c41765d0171baacd8d6dda7991314b34e15fd36127c467d1de01c01a3a78a8c1b103bee17a7a0b7ac5576fdc226dd2459773146cf38261417ca19135dbda9bdbe54cd17aa7ddd38fdcac2aba396b365ceae98919f6c5177fc583f5bee3f48704914306aa19ee90e3fd0de5591c669ff35ab16fef38dee187bae1e5aaa566df10544b7d6d4eb00da7ebeb4ecdcc4d8e32b49cbbdc6e66640bdb0f72e05918a05c35d9bff7e0e88f241d7c6c8cb2fedccdf65560af0e7833efe34af790db63189022cfd71fc8acf88860127bd4fbf026bcbe360e33a8995e636d03bb86dfd0198ada959342d8e9c9ed93e23297da98d66a0d4fc965162733bc86541b95a6c9097cb55a973c6fac194e8f8a164274c479c510e62d8a035eb751181b502afb614d8c4467b5445c268dc3dd0abbd577004c0bc47b15fcb801b79359757b5ea89cf8cf77fc6d160e6cd73c4:c1023a7068743ec4668f495eb7bd4db58129c11e58299ea87d6facd302bf296a98e298fdb48eddf9c44e79ae8641f734503bb83dc0b31f610df1d1e9d619a7051e2ce8bf0ea7875df285b1dbd34bbe67307f2e8ac8bc142c3ba314c1642c65a2d62eb2c783f916283ca4ec3e536d3eeb65cfdcc0549ac4f6a45f539ac5df79a6d5768219739d0c9a0cdbb31242296c3312b7ed560043f536cd1de9a9c2b289641a1c2d84f9a68b7c03b8b8567e5dc7138c2cb967c628aa25b2eab434d4490b23507409717cde94da59dc1dc25c7be42a8aa02edcf4d995368e6ba0ee1f953600db98d22de0f8d257020e0a406ee1669bd527b9fe1c611f9be5a3d7528e8b6151670a8663d2ed1a58d3e369bb722a6302d7c172a19bdaf357eedb02279156e3b9034431a7d68a39528eb4023587573eb88f30f94e833e8a23b9d0ac7b5ca87824596bbb0a3d0ca1b16a6878fdf7e2cea34a6ffb95a9ff4e888a97593735b868da75d8707bbfdb1d93eb86a51e2d215f1dd9dcf78388729a3eb0f066ddc941e950c92127198bce63a54868d997029572ffa6f6fea1d3a69164c9996953dc8b6f9dad0635c9b081f55f983340f0814bf5470803090e7997f7ab796c2b15adaf4021d67cffaf6e1ef62867503945c21a329664e08a95a41582300da9bed208444ce6aa12b3f867795c6ee4c4c9257018627361293bd527821a29a339b404a2da4bd9944f877040798bb54abd2d76cbb18df4297f4ce3337f64d20580aa64bdecac376a6a4ff74d0144b2fe74cef82d50a5e6bdd799e55ff69662bac537adcb6881228cb63704500c143a4f4d1db28d4556bee604a399ffd206546597dee92252547f6c657f36841a87d565f6552716c25a21151477bee9ef961855fb1af2da8068f28ce9ff70d5252c7a63a2e14ded6b8977b1d7691a77ed2e57d22ff2e1fc4cdbceb5e805858d903896ea6707e48b345f60e2818b2fcec4dba48caea9efa38279fb83d5b0f46a45e42c41765d0171baacd8d6dda7991314b34e15fd36127c467d1de01c01a3a78a8c1b103bee17a7a0b7ac5576fdc226dd2459773146cf38261417ca19135dbda9bdbe54cd17aa7ddd38fdcac2aba396b365ceae98919f6c5177fc583f5bee3f48704914306aa19ee90e3fd0de5591c669ff35ab16fef38dee187bae1e5aaa566df10544b7d6d4eb00da7ebeb4ecdcc4d8e32b49cbbdc6e66640bdb0f72e05918a05c35d9bff7e0e88f241d7c6c8cb2fedccdf65560af0e7833efe34af790db63189022cfd71fc8acf88860127bd4fbf026bcbe360e33a8995e636d03bb86dfd0198ada959342d8e9c9ed93e23297da98d66a0d4fc965162733bc86541b95a6c9097cb55a973c6fac194e8f8a164274c479c510e62d8a035eb751181b502afb614d8c4467b5445c268dc3dd0abbd577004c0bc47b15fcb801b79359757b5ea89cf8cf77fc6d160e6cd73c4: +d5e3a40671bd45f08842ddc78abe57de3b9ce5646b730d2e59fecf5a7df80f40416c37ae1ad15b632b0ea43932c17637282cd91d5979552e5eebb99a419d5c97:416c37ae1ad15b632b0ea43932c17637282cd91d5979552e5eebb99a419d5c97:09fe6ffa8bf0942a64921357659dbc6e4f8b63ca3b9ea475ea39d7925290a148d87bb155741dfa28ae1beadc1f3e1ab76737eb5d5ddaded0bb382d7e11ea81a5e7801612696260ba3bd09c80b623f636380aa0208fee0aff70812d5307b27183832343debaa3605ddad17ddd70d611400ddd10d638aa3d6c68a28cf0e97c1dedf6ccd9c731a84ff0405a3a22dcba00ab44d5b21844f14d1374ac0cb1e58df4a90c412563cfe69d882d350f6aafbfa64fa2f9ff826032326780aecf9305d8217c179dbb63c151541232eb65979265d876c4bc4305c02f40bc1d05dbaf7dcf4f7dd9232c17ee0f7a0555f504ba3774548488933e7571eb3f71c4cbb20cc4e4a7322f35ac0e79a59155798dd0f5b3c11319b7d8f3ea79ee3acc68bdb9f37c7d4c8f9caba1ebf8eb7f43b462aefd38e8c0d4c63979cf6631dec31ab5ced3937ef5b2362cb09c71dd096657700fd96bda555e22712f71aec11ae5e91b24bd1649498b8d9f867fb6c41e076080f740d074c2a25572d34e666b6367bf7cbb3dd42a2382dc1973961268605396810a456ac081bbfd3a54b44881fcfc45b4245ee72465b487d07f2ef3f74add71cdfdd16e92fe257d334645b0a9bc7d072613fb9c0cdea9db4c72bc87109e102d7cbaf366ecd67fbe3ded32747307a7aeef61735ad3aa5ce95deecc16a16eb2a0bcc7adc0a11d888032260e7c7ec9e54f5a2531702a7e5dfb87c36ce313a3147588aef962c72fa966d241637c388b83ddec9343bb86343e920b12ce1cc915c83b31e99862690674ea4935a48809d4d279054137546392ad9f08e7b8de61ae73e81e483d3c63b5ae734e18e7a22feed1233d0ca63355f3a48a33067e1a0e1971f36aa929fe0613c21c4aeff9418429c3b072a5984959287a5e5c40be02bd22b9a79c7f3f5359d2bbe493f556dacbb0cb4c293c7d941265e777392d148d68c07a13c8dec8e5d1e1c7f041e8983edddaa4649dac1572a39ae4c6480ca550e2e4462dcc849c1bab781d28a3552b2d98e02e1518e6555340fb76d68db58916d556a7b81563aba81d9a57ae50f04cf5686021847d79b6bb3da8017a60b1c3beefd48d2b3cd39c6f53c08bcc967d93069f562bb36e0c4f4ca6bccc5e57d35903cd800a61785a93770e377f4fe8e9f4b66680984968f9649e105e7a119d97636f3a05caeab1d7ea0bc81334b42d5cc080830ec24d369cf8673a490d59eb4cb08181da39a46d966e23fed8d38a5fabc7e843bcfb015a4474bfd46d4a43ff4a51a9567661e2696db87c3758d3b54ce7846d1391d7f46526ef30844d49320018d749b5d4dfd30d380c6e573fc414d8fefc5d710470756bec00d88ac4afc925d1ede37eaee6004a23ea0ef8b60e48:63de6a981142365a3e592631c8277237809739d1c98f5a1cb2cccd34067d1ca5dc8f2fc63b8ae1a689dcaa291ba6b69b1a6795c579a5db6dccee73f6a420ac0a09fe6ffa8bf0942a64921357659dbc6e4f8b63ca3b9ea475ea39d7925290a148d87bb155741dfa28ae1beadc1f3e1ab76737eb5d5ddaded0bb382d7e11ea81a5e7801612696260ba3bd09c80b623f636380aa0208fee0aff70812d5307b27183832343debaa3605ddad17ddd70d611400ddd10d638aa3d6c68a28cf0e97c1dedf6ccd9c731a84ff0405a3a22dcba00ab44d5b21844f14d1374ac0cb1e58df4a90c412563cfe69d882d350f6aafbfa64fa2f9ff826032326780aecf9305d8217c179dbb63c151541232eb65979265d876c4bc4305c02f40bc1d05dbaf7dcf4f7dd9232c17ee0f7a0555f504ba3774548488933e7571eb3f71c4cbb20cc4e4a7322f35ac0e79a59155798dd0f5b3c11319b7d8f3ea79ee3acc68bdb9f37c7d4c8f9caba1ebf8eb7f43b462aefd38e8c0d4c63979cf6631dec31ab5ced3937ef5b2362cb09c71dd096657700fd96bda555e22712f71aec11ae5e91b24bd1649498b8d9f867fb6c41e076080f740d074c2a25572d34e666b6367bf7cbb3dd42a2382dc1973961268605396810a456ac081bbfd3a54b44881fcfc45b4245ee72465b487d07f2ef3f74add71cdfdd16e92fe257d334645b0a9bc7d072613fb9c0cdea9db4c72bc87109e102d7cbaf366ecd67fbe3ded32747307a7aeef61735ad3aa5ce95deecc16a16eb2a0bcc7adc0a11d888032260e7c7ec9e54f5a2531702a7e5dfb87c36ce313a3147588aef962c72fa966d241637c388b83ddec9343bb86343e920b12ce1cc915c83b31e99862690674ea4935a48809d4d279054137546392ad9f08e7b8de61ae73e81e483d3c63b5ae734e18e7a22feed1233d0ca63355f3a48a33067e1a0e1971f36aa929fe0613c21c4aeff9418429c3b072a5984959287a5e5c40be02bd22b9a79c7f3f5359d2bbe493f556dacbb0cb4c293c7d941265e777392d148d68c07a13c8dec8e5d1e1c7f041e8983edddaa4649dac1572a39ae4c6480ca550e2e4462dcc849c1bab781d28a3552b2d98e02e1518e6555340fb76d68db58916d556a7b81563aba81d9a57ae50f04cf5686021847d79b6bb3da8017a60b1c3beefd48d2b3cd39c6f53c08bcc967d93069f562bb36e0c4f4ca6bccc5e57d35903cd800a61785a93770e377f4fe8e9f4b66680984968f9649e105e7a119d97636f3a05caeab1d7ea0bc81334b42d5cc080830ec24d369cf8673a490d59eb4cb08181da39a46d966e23fed8d38a5fabc7e843bcfb015a4474bfd46d4a43ff4a51a9567661e2696db87c3758d3b54ce7846d1391d7f46526ef30844d49320018d749b5d4dfd30d380c6e573fc414d8fefc5d710470756bec00d88ac4afc925d1ede37eaee6004a23ea0ef8b60e48: +4ed7048aa1284dbbcc248938b40c35742193597addafdde06413b8d4ccfbe137bf841fe444add1f7c3eacdfd0784b4e855d2405f4021cd9d8266071c32c8a273:bf841fe444add1f7c3eacdfd0784b4e855d2405f4021cd9d8266071c32c8a273:dcff9587d6046c1132be07df26df6382ff92cfc8eb5345c51dd50dd188ee769f10a4de5e8883d116967bea97d3b32bc8aebb9f013d6df952f251c1a312346e72cee135a1bfd76bf3080a35c838b44d755f263d210310fa8d28c4ca52f08cac5b83a8a3b1dfc46d9b752d9fc73649d00bb9ee992650639c225deac1f39b9e803689d19e6d9f8ef4f51f1d11601facf410db648bcc82bf648769a7dd59c6e8a237db239d3f661d7852c426d394a90509526a859b476459dedbe6d89936c0f3989995511d4a576e542cce5e0dd7eeefeb0326d33f25c22ab6e7690633f4c9ed2aadf1d24f94862123a464042cea193a2f0479d39bcd1bbd1c7a0ca7e6258ed3732372f54e0ed5e3f1e2e4d4a04c510bee08d1c6d570cfd63abf14b4eef0b96f39ca29e43c52f2ca3dfd460f66e30235b159aaef2cc156012969fd3d159978d6caa0a94522291f7989d8af10831996137b68d97fc17f6a9bc2845ef3dd47cbc386e8977a8654363412dac3ac51c63817b7c051878dcf458ab3630dd7aef68d270f8da7880a467b3304f5baedfba9173e7efd007c412d17209c56d23968e340b8a0edb41b7e2a4088bec01b532df89b5215813131107b7b474f03c2e47d4317f11c4f5160904304997e76a121a9560235208d79b2dab4f7e196793202c0902ce9c4bfc10b8fe397e35ca0256454662ae878efb0a0a606fac0a952c9f6baaeb2d45b258c617559c0ed2528a88b49aa44ee43035b0d793aad3953c1a5a3463866bc815b1ffce2ff2b65e0fd47dbc15f4e7a06bfabc290fc62090bf7d94853f77c0444a9b90efe77d1ceb4bd39e203bc884011624e6846e2a371058daba63c23f86c42c3e31eaa4bd7d7a42af2d524896e31baa3e20763f85dcfd52775f28072d89f0bd4fae30d0b137ee37ab063ba06fe9d4ec62abb2fea0f81b8cbeefc030080b8026a58fd1867f66be1154e65bfea7dcec55fe32d51fb0b4a8a5a8a044263943d6ac8011c6e6701beec3a88655840c4892d450d312b7652d2514769f23bfd6e7046467df29a287ff3c4c9d0e64e6d9e4edee1b935d07681d47004352886e847b0c6d5762fd45a81a53cce9476c887221aea6c0c82bbf3b297932e5b11e538a3245d63d7b7b091dfa1d7b9a0e2db6698a4c5e9fe931662d7c6ec6d9d5b92bc7e041555df4df0ca11cabc485f9c556138a71745f03b9783bb200b72d233697e8bcf6b4117ee6763d792d7422264852f4f30f8d1890e2ea08098040f7f288e4abe90b63cab2c14373060840ef827ecc846cd560e90a20b8305f463c36ea03884a5df4c25f1ba9ea125952dc091b97516de1d287c0e2bf529775ba6d2f8ede03cb42c1e400ec804a9df08e46f44b5066346e3f7c7a1a8:106a9deb2327f338ccb71bcc94e2fe3d2e973ce6dd8fa7baca808b4111813e3bc3b4d88efa6a00c4710bbfe53196f9ab3a150b1654b908feacf9c13df2d63802dcff9587d6046c1132be07df26df6382ff92cfc8eb5345c51dd50dd188ee769f10a4de5e8883d116967bea97d3b32bc8aebb9f013d6df952f251c1a312346e72cee135a1bfd76bf3080a35c838b44d755f263d210310fa8d28c4ca52f08cac5b83a8a3b1dfc46d9b752d9fc73649d00bb9ee992650639c225deac1f39b9e803689d19e6d9f8ef4f51f1d11601facf410db648bcc82bf648769a7dd59c6e8a237db239d3f661d7852c426d394a90509526a859b476459dedbe6d89936c0f3989995511d4a576e542cce5e0dd7eeefeb0326d33f25c22ab6e7690633f4c9ed2aadf1d24f94862123a464042cea193a2f0479d39bcd1bbd1c7a0ca7e6258ed3732372f54e0ed5e3f1e2e4d4a04c510bee08d1c6d570cfd63abf14b4eef0b96f39ca29e43c52f2ca3dfd460f66e30235b159aaef2cc156012969fd3d159978d6caa0a94522291f7989d8af10831996137b68d97fc17f6a9bc2845ef3dd47cbc386e8977a8654363412dac3ac51c63817b7c051878dcf458ab3630dd7aef68d270f8da7880a467b3304f5baedfba9173e7efd007c412d17209c56d23968e340b8a0edb41b7e2a4088bec01b532df89b5215813131107b7b474f03c2e47d4317f11c4f5160904304997e76a121a9560235208d79b2dab4f7e196793202c0902ce9c4bfc10b8fe397e35ca0256454662ae878efb0a0a606fac0a952c9f6baaeb2d45b258c617559c0ed2528a88b49aa44ee43035b0d793aad3953c1a5a3463866bc815b1ffce2ff2b65e0fd47dbc15f4e7a06bfabc290fc62090bf7d94853f77c0444a9b90efe77d1ceb4bd39e203bc884011624e6846e2a371058daba63c23f86c42c3e31eaa4bd7d7a42af2d524896e31baa3e20763f85dcfd52775f28072d89f0bd4fae30d0b137ee37ab063ba06fe9d4ec62abb2fea0f81b8cbeefc030080b8026a58fd1867f66be1154e65bfea7dcec55fe32d51fb0b4a8a5a8a044263943d6ac8011c6e6701beec3a88655840c4892d450d312b7652d2514769f23bfd6e7046467df29a287ff3c4c9d0e64e6d9e4edee1b935d07681d47004352886e847b0c6d5762fd45a81a53cce9476c887221aea6c0c82bbf3b297932e5b11e538a3245d63d7b7b091dfa1d7b9a0e2db6698a4c5e9fe931662d7c6ec6d9d5b92bc7e041555df4df0ca11cabc485f9c556138a71745f03b9783bb200b72d233697e8bcf6b4117ee6763d792d7422264852f4f30f8d1890e2ea08098040f7f288e4abe90b63cab2c14373060840ef827ecc846cd560e90a20b8305f463c36ea03884a5df4c25f1ba9ea125952dc091b97516de1d287c0e2bf529775ba6d2f8ede03cb42c1e400ec804a9df08e46f44b5066346e3f7c7a1a8: +c7eca83e948576bd9f278fd7b82800a41d92da9b72d5a1ccdbbc65581052568b076b8352dca8031e853c8d9099c2ef579337cc7b2b4c75d1a063ea3ec725b7fd:076b8352dca8031e853c8d9099c2ef579337cc7b2b4c75d1a063ea3ec725b7fd:8d8cefd673855ccd8eb8534c312d338005bb05f5b9507d58859e1e953b0a4d913be759d8edfa92898c6e70a53f81954fc344b4ad6246b0109481ba6f73ae6331abf2df108eb2e85ceb087c1f6fcfc9de2c1f139ba1771b72680302d811ccd0ccd4e0c7feb0132eb20b334e5aabe5f6119fd8947d9e8852e1eb1b74107e174100e3e6df0c3a68130ca6309402594bb50c1c8e2774f13214496a7b1f348385eabfbccbac165a5a2e7d9dea5ffd58b0bd88b49cb331ecb7f4e9d6bae9791ad788e6ab8926c1cc1615deaf4cc400c77a316197bca1904995e1365d1b9702648376116930f6f91166e6148629e75be2d06895f6a8d15d5a94ca69b712f33bcf95be0c1be6902bb78b8a230d7a8560c4d84e2389552a81571aa665c19c2e93b0d43e8c2cbd9e885d7052518b77c47e841d119dc28b65a7504f664271f06c7ff393f825b1e5930d02b9c70035e292411c4aedf66047006970e349dfca7fb41c10fd537e35252e109e3336d7a82a14de5d5540c6fc6571d5774f39b7c403e7b8875ec215877efc6cc8ea48b186b46821ea5ef2ba8bacd40d797e6add06413283145b60462b3503c5b881d79a592955d18afa08969e31457f5b27daec010338ed867f300878fd87ce321880b860a0c64284ca2dc15f5e5310e10e6a73a7ea650ea9d373694da4dd429ae7412ef9b29c83b3b068c74769f431ce0615f9ff4f82baac47b4bce90449ec41c2a2d573d92b92e05631486165bc710ef5840f80dae9f9dd5cffd4ebf5d10746510c5fcbfe62cb9703c0b154c86f10816672497670a3b0150bb4e1b03b3bd544c12a90c3edccd7900ebb5b31c91117cc8281a3c4ed04998e99aed41bb41fce9990a406485b14dbe3bc1a5fcf7719507990da3b0b3c68ad40d8950c0d49ced1019319a3f36aff6caf75d7f9a0933dd3abdd7692a1562f0613fe4a278d5ce4c8dafbb55b2ec2af2b24e8396f587b170c9ca6547508facde73490dfb01eb6657e3f4f272304b70bf047a43a2b58e5568bc52b2c8d4c03219a5a8bd3dc0643185913c0af7411f81b77be2a9bfd5cb26977113d2658a97192b41cf6c7011b0ff6a11cbff3505546322f0bef6097e46b36492b016a4562e092b67c3fccc7780ea274d96d595849f7e2a56d79edcb32d784049fc1324a5beefc24193a66e1cac4a13a811b909583cc910cf08d4b104dbdb8a6f2b21fbc1db1175a1a2356a63d3eea9dbb8537d2c68627543df0d1f8fd8d57a18b0dbd69b920cb9b286e3c07ae44ae2e1beec01cee6ba988b5d1afb99790b1dd910655c43d7f2a3ed3754ba46516d278705559f5741622a9abb5c8f23fa976a9d146948ade6ba6608a35e4e0d330e82e96a2be6c78ad0cd4d8704e57cea146:86996a1b8e495d425277e97cc0830549349bc2b6f3dcda60f3b7d3501b8b50b5b458cda58b436e23c02cd4a22b234813aa9bcc3c61f983c0b7efeca0f1bec20d8d8cefd673855ccd8eb8534c312d338005bb05f5b9507d58859e1e953b0a4d913be759d8edfa92898c6e70a53f81954fc344b4ad6246b0109481ba6f73ae6331abf2df108eb2e85ceb087c1f6fcfc9de2c1f139ba1771b72680302d811ccd0ccd4e0c7feb0132eb20b334e5aabe5f6119fd8947d9e8852e1eb1b74107e174100e3e6df0c3a68130ca6309402594bb50c1c8e2774f13214496a7b1f348385eabfbccbac165a5a2e7d9dea5ffd58b0bd88b49cb331ecb7f4e9d6bae9791ad788e6ab8926c1cc1615deaf4cc400c77a316197bca1904995e1365d1b9702648376116930f6f91166e6148629e75be2d06895f6a8d15d5a94ca69b712f33bcf95be0c1be6902bb78b8a230d7a8560c4d84e2389552a81571aa665c19c2e93b0d43e8c2cbd9e885d7052518b77c47e841d119dc28b65a7504f664271f06c7ff393f825b1e5930d02b9c70035e292411c4aedf66047006970e349dfca7fb41c10fd537e35252e109e3336d7a82a14de5d5540c6fc6571d5774f39b7c403e7b8875ec215877efc6cc8ea48b186b46821ea5ef2ba8bacd40d797e6add06413283145b60462b3503c5b881d79a592955d18afa08969e31457f5b27daec010338ed867f300878fd87ce321880b860a0c64284ca2dc15f5e5310e10e6a73a7ea650ea9d373694da4dd429ae7412ef9b29c83b3b068c74769f431ce0615f9ff4f82baac47b4bce90449ec41c2a2d573d92b92e05631486165bc710ef5840f80dae9f9dd5cffd4ebf5d10746510c5fcbfe62cb9703c0b154c86f10816672497670a3b0150bb4e1b03b3bd544c12a90c3edccd7900ebb5b31c91117cc8281a3c4ed04998e99aed41bb41fce9990a406485b14dbe3bc1a5fcf7719507990da3b0b3c68ad40d8950c0d49ced1019319a3f36aff6caf75d7f9a0933dd3abdd7692a1562f0613fe4a278d5ce4c8dafbb55b2ec2af2b24e8396f587b170c9ca6547508facde73490dfb01eb6657e3f4f272304b70bf047a43a2b58e5568bc52b2c8d4c03219a5a8bd3dc0643185913c0af7411f81b77be2a9bfd5cb26977113d2658a97192b41cf6c7011b0ff6a11cbff3505546322f0bef6097e46b36492b016a4562e092b67c3fccc7780ea274d96d595849f7e2a56d79edcb32d784049fc1324a5beefc24193a66e1cac4a13a811b909583cc910cf08d4b104dbdb8a6f2b21fbc1db1175a1a2356a63d3eea9dbb8537d2c68627543df0d1f8fd8d57a18b0dbd69b920cb9b286e3c07ae44ae2e1beec01cee6ba988b5d1afb99790b1dd910655c43d7f2a3ed3754ba46516d278705559f5741622a9abb5c8f23fa976a9d146948ade6ba6608a35e4e0d330e82e96a2be6c78ad0cd4d8704e57cea146: +7b469df9c8f78489ab47cc70a88503f1b8f3d929c33feab1c503f0969a3ac37ba814c7e373d0113b90624a8ab2bca5cf53bf528e39fc3d367de154b94bb22f1d:a814c7e373d0113b90624a8ab2bca5cf53bf528e39fc3d367de154b94bb22f1d:1c0fd7450e29675c93091638c2ac933ca997766e380ec33a92b8a7e1a1ed9821c75fccb5c5f3760e76d0e8810311ddc624ea8742131c1c4308f4178e04d04960693d846c1f51d8773b6deb3443d874b9e2de3b77785185518b2e9ee736c63a39c8212ca8669e161d131b1ab2264fdd72dc5628b11c06f2af9f0789047bdd4ebb5d55899f74dc4e12e7975363f63a8da76b5585c16bb6d55b05fade8713d19cad1a211640262691aac9b437a9ecf89a9246ecdba1ff0bea78494cee15296216ea6bb882479d2437c9494ac7fa4f3015d1d3149d5564d7c11a7e7b614f7d3e9d454f0a05b040a1e06fe7837c2a9da2794d918bffa9e61a0c3f089f6c9f7eeac586e34bf94470d913da41371cacdfc7ee8bd1135655566924eadf096ac030a65902c103b172d12e88f053fc56ee73f31870817083afa802f7668b815ee790f7d40b437a2e6db2f0fb26836b4b2331eba55539614c0fe17240242dd3af7383bcff7d3f47d6544b08720c0a52441f7411935dd4a952d38651a80005fa3eb0eaecc735d290e8bd5e31b740140e136b2c002523d8eb2a0ab5bd687002b3b926f75eb690d1da73ad235892f3b23a756b605a437c00e0621304e810f99e314c4d63e322d9b69815f382ffa1ec6280fc0e641c8a6f6f7f61985bd3567e0f440de9f7621715dacd07428c0090154d59ce6db40169c658ac5bf44b67671fe19e4b5b38aad2d3d4e190a550aad4188352f7981a6d88062502df86791350392d41cefacb24e37bc700cb029190c3b1821477e117d5a462fb3e79133b1073598966f52b63256dbf326ace14db0c80058cf00d689a0a58111af1692744bf791bcbb427a372246e9501a85cd520c61a1e59ee180e8c97192f60fa5d3ab05df8d8551c1ac6ca0a9a012ffeceb3c1f521411edb6509bc278a651e129e96b0adc7aed707221caeac229884413daa10595d22d1db7082125f4f969500a1d48dacdae80f4029c163dcd79ddc6468fcda1637b87ddcf2a3d9b4d299a0e5394df90ed03b62137ba67b9fea8ae1f0d22f91c63a24b5934f74c265c43f1b923db980adfcee8313da520176730ef9736b27e6ba32d17ea69dcac6f4a016edfe2db5a5bb3b64932f7011f1c453bbe88bbac8c7035f93fe39b581fcaa7aaf082fbed004fd1fd5a4e2d9c19716604b19ce199e2169a7be518d5fadd2ac31b95478082ac91306008de4ec0ef4c9f9d6f96d2f66d62fafc2194082808af0d67b9fba0d189b055f061ccac24b27610bfbd5a2232dd6f3c890a9b1266471b322e9e1bf97757bef72abcee93b051fc923cfd4e723be3e17143f38eebb900b5bbcf7304732b9c0a1c5fc9509a693580ae73a4cdfc5fbf20ce81ebc835c6c909d831141b194f6:18faf82d08e1068e9f983d812f05fdb6929d2723db1f77c45a74bb09cff27773b54ce8f43b3015419112e725ea7acda4b23b8120e7b0cf420153e5b03dd061091c0fd7450e29675c93091638c2ac933ca997766e380ec33a92b8a7e1a1ed9821c75fccb5c5f3760e76d0e8810311ddc624ea8742131c1c4308f4178e04d04960693d846c1f51d8773b6deb3443d874b9e2de3b77785185518b2e9ee736c63a39c8212ca8669e161d131b1ab2264fdd72dc5628b11c06f2af9f0789047bdd4ebb5d55899f74dc4e12e7975363f63a8da76b5585c16bb6d55b05fade8713d19cad1a211640262691aac9b437a9ecf89a9246ecdba1ff0bea78494cee15296216ea6bb882479d2437c9494ac7fa4f3015d1d3149d5564d7c11a7e7b614f7d3e9d454f0a05b040a1e06fe7837c2a9da2794d918bffa9e61a0c3f089f6c9f7eeac586e34bf94470d913da41371cacdfc7ee8bd1135655566924eadf096ac030a65902c103b172d12e88f053fc56ee73f31870817083afa802f7668b815ee790f7d40b437a2e6db2f0fb26836b4b2331eba55539614c0fe17240242dd3af7383bcff7d3f47d6544b08720c0a52441f7411935dd4a952d38651a80005fa3eb0eaecc735d290e8bd5e31b740140e136b2c002523d8eb2a0ab5bd687002b3b926f75eb690d1da73ad235892f3b23a756b605a437c00e0621304e810f99e314c4d63e322d9b69815f382ffa1ec6280fc0e641c8a6f6f7f61985bd3567e0f440de9f7621715dacd07428c0090154d59ce6db40169c658ac5bf44b67671fe19e4b5b38aad2d3d4e190a550aad4188352f7981a6d88062502df86791350392d41cefacb24e37bc700cb029190c3b1821477e117d5a462fb3e79133b1073598966f52b63256dbf326ace14db0c80058cf00d689a0a58111af1692744bf791bcbb427a372246e9501a85cd520c61a1e59ee180e8c97192f60fa5d3ab05df8d8551c1ac6ca0a9a012ffeceb3c1f521411edb6509bc278a651e129e96b0adc7aed707221caeac229884413daa10595d22d1db7082125f4f969500a1d48dacdae80f4029c163dcd79ddc6468fcda1637b87ddcf2a3d9b4d299a0e5394df90ed03b62137ba67b9fea8ae1f0d22f91c63a24b5934f74c265c43f1b923db980adfcee8313da520176730ef9736b27e6ba32d17ea69dcac6f4a016edfe2db5a5bb3b64932f7011f1c453bbe88bbac8c7035f93fe39b581fcaa7aaf082fbed004fd1fd5a4e2d9c19716604b19ce199e2169a7be518d5fadd2ac31b95478082ac91306008de4ec0ef4c9f9d6f96d2f66d62fafc2194082808af0d67b9fba0d189b055f061ccac24b27610bfbd5a2232dd6f3c890a9b1266471b322e9e1bf97757bef72abcee93b051fc923cfd4e723be3e17143f38eebb900b5bbcf7304732b9c0a1c5fc9509a693580ae73a4cdfc5fbf20ce81ebc835c6c909d831141b194f6: +dfecde7a56a18c1f19d80a19a4f1daddd0bcecb01eecad6dfca0f957a914ed7aafbaa6e73e85b02b25a4b587ecb8c4dfb79aa9202761efa8d1df2cd0aa6316c4:afbaa6e73e85b02b25a4b587ecb8c4dfb79aa9202761efa8d1df2cd0aa6316c4:ae6e8ff65ccde6f26484950826b43623058a5efe020bb19b7d8b4e25768b692734fe07c913b9e88126becbf14a0fd0205b39fcc2aec373f8c184c6a9bbbb84449a7ca3b920ada08801dfc66ff19aeb92f2555399a430277ae22d23754eaace3c73846797536dd71a56f4b5842c0f410d1989acac5d805d26572c0f3a64dd2071662212d52fe99e59d966047777f9030fa4fd2ee74b7a7c9f7c34a6dc7e03593a13d64ce62453ee3ca30d84672839f19f1c15d0c45d2755bb394acf4dcb7f7f0711ac40ea46612ea37a7607ad32e818265fab1933f5094e2d03bcfaa5f61667f3b37f00c4c58d9b41b9af3900482b0ffb4fa4376aa040009dec2f4525799cb005f39d74cb2d8dce8c20c2c3f5409703af156cfba28a9d916439cb29f83d2429ce6223519e75e15c7c7fa215119e073fa7974db14f7a01093faa94ad52ab1eadce1a89366ca13adb89066438a2beb73034170aa42d9c2ddb97c14a17c3094376d2a3ffd8095fc4053d91d16e06d27693a1310f01a75111cfeda892c3972a133a09addaa8f74145f88681b6d277964bfe38551a2c619fa3cae394acb29c9410b45e101b1740e8b2aa6febc3a45dadb9d9589d597e57cd947b684cc355246ce6c326dd98cf92b6eea3ba5ab03700622636324dc1222cd748fa07bfd39a1e069809e567141a613e2e8be9dd398ab6beaafd85ff3628ee2aa32d0a57bbacf956190b5c4242eb5b8587d2fdcb0741b9416a05f5fecb1fb2d64788dce783c1f63e60641fce5e1d2b18a9500cd6a1fd335cc1db46ef04752b2d22072e6dfcfcfa569bb25e457afeb63a4fbedc293ad9d1aba4e394aa1097e12b0fc90c89f76df0d6441fa99808b60be07dfcc7f9010bbf9033556d5ee2d448937b783493920f681e4da708671097e199481b8ef0e0150d7c2851df44c545122f9b0e5ba2eeff2d988d56d9bbb55d9896111151a436af065e0cad178a2c9fa8f6974ecdf09adf013300cffedaf4b8791b467ba7933ada5d632db44ed6dcf2aa648917be6337d2e2d206856d08f9ee7b5e2f14ddc6d3ac429215a87923ad32d5dcfee3686316ddd1b27bb193a5fc05c893a939a5b98987366c829e392f485ea15e22cd8f857a134afa98f37215576ddc5aab4f2d10caaf050059a335f24bcdcbac819f66db07aabdfb76271d17bce22cba463a80aa892d0d8e055f948df7f6e6c300daeffd3a236dddcf238fe10666a57c6e3ae7e3673d35578f8b8ea69d3c08e0140afd3ee030b22a372160f908a378f8101b5f5969fea310eed37a00d97302d5c2dbe8cc600075dccd33ad63d265aaf60e241ce311bed7dd5e2745241ae02ae532d15c18886e818138751afc51850e506c6d31a8eef451adfd4b3d266b415a7e:b4fde55b916cf60068f19b25351c1410dcf66bfc40f96d1ba2368bc2b9115aaa5b2d1cf0e3dfca02ac902a943e2489a5681bbafed39c6e33211a9cb2ff6e5409ae6e8ff65ccde6f26484950826b43623058a5efe020bb19b7d8b4e25768b692734fe07c913b9e88126becbf14a0fd0205b39fcc2aec373f8c184c6a9bbbb84449a7ca3b920ada08801dfc66ff19aeb92f2555399a430277ae22d23754eaace3c73846797536dd71a56f4b5842c0f410d1989acac5d805d26572c0f3a64dd2071662212d52fe99e59d966047777f9030fa4fd2ee74b7a7c9f7c34a6dc7e03593a13d64ce62453ee3ca30d84672839f19f1c15d0c45d2755bb394acf4dcb7f7f0711ac40ea46612ea37a7607ad32e818265fab1933f5094e2d03bcfaa5f61667f3b37f00c4c58d9b41b9af3900482b0ffb4fa4376aa040009dec2f4525799cb005f39d74cb2d8dce8c20c2c3f5409703af156cfba28a9d916439cb29f83d2429ce6223519e75e15c7c7fa215119e073fa7974db14f7a01093faa94ad52ab1eadce1a89366ca13adb89066438a2beb73034170aa42d9c2ddb97c14a17c3094376d2a3ffd8095fc4053d91d16e06d27693a1310f01a75111cfeda892c3972a133a09addaa8f74145f88681b6d277964bfe38551a2c619fa3cae394acb29c9410b45e101b1740e8b2aa6febc3a45dadb9d9589d597e57cd947b684cc355246ce6c326dd98cf92b6eea3ba5ab03700622636324dc1222cd748fa07bfd39a1e069809e567141a613e2e8be9dd398ab6beaafd85ff3628ee2aa32d0a57bbacf956190b5c4242eb5b8587d2fdcb0741b9416a05f5fecb1fb2d64788dce783c1f63e60641fce5e1d2b18a9500cd6a1fd335cc1db46ef04752b2d22072e6dfcfcfa569bb25e457afeb63a4fbedc293ad9d1aba4e394aa1097e12b0fc90c89f76df0d6441fa99808b60be07dfcc7f9010bbf9033556d5ee2d448937b783493920f681e4da708671097e199481b8ef0e0150d7c2851df44c545122f9b0e5ba2eeff2d988d56d9bbb55d9896111151a436af065e0cad178a2c9fa8f6974ecdf09adf013300cffedaf4b8791b467ba7933ada5d632db44ed6dcf2aa648917be6337d2e2d206856d08f9ee7b5e2f14ddc6d3ac429215a87923ad32d5dcfee3686316ddd1b27bb193a5fc05c893a939a5b98987366c829e392f485ea15e22cd8f857a134afa98f37215576ddc5aab4f2d10caaf050059a335f24bcdcbac819f66db07aabdfb76271d17bce22cba463a80aa892d0d8e055f948df7f6e6c300daeffd3a236dddcf238fe10666a57c6e3ae7e3673d35578f8b8ea69d3c08e0140afd3ee030b22a372160f908a378f8101b5f5969fea310eed37a00d97302d5c2dbe8cc600075dccd33ad63d265aaf60e241ce311bed7dd5e2745241ae02ae532d15c18886e818138751afc51850e506c6d31a8eef451adfd4b3d266b415a7e: +07828c580ebf9e1d825a59c3bf35f072ae123355bdcc249eec7f2fc5755e29b558e5ed85100bbd9b2221afc9c93184330ad59e1385606244bf003b8d2018501b:58e5ed85100bbd9b2221afc9c93184330ad59e1385606244bf003b8d2018501b:0edad5cae6ed9843e91c50d934cf55dd658f3d252039cd6c75be4f6b866fb75f35c8f98f1721d7e6d9d98a22e0b4934dcc129261bf6723b2fa7a995e35c4bd79c5816a321607d9dcce39fefa1d55de4e7617548ec385c3de01e366bf50c457a555e932070e2a5a0197b79efbe7006f0cec78b60ebb8fa8781d8eb7326edc30e62d3297a1e0a1117108c46ee5dbefc6594289335e780d55a084f552da3f36d3c4c6178ba74d4decefc5a3b8c47c16f534bdb60895d3d54cd2bb266b399e4d4fb48d7a8cde17f42412560737d3c06e29df524d0cbd3093efca1c8fedcaa124abb27abdac6a29e0e8246abd6f5f531950037f76323aa56cc3fefa603041d55f1929e277e72cda1f96541d2af3e90c0f0e28be196d8f6921f3cd57a7926b860aa1bc403576892a96b93190ae383f631b72802658b2e8451d52a2f45db4f8bc3b0e4e50b6d603a5bdd30c234200ad7debb963f58a4fa20330b3696449445aa371824842fbf326d901dfe3be045452a3740dd160e72733f6e2733525a29a865f6f50d53bf7191c599c876f5c9ca1e3fad7960648e0d471f7d5c01c673f42d659bc3d98dbf07d8febfb995d17f9a02cd6c39f2ddcd0f1d222b9e11f2dd7d3c7518224bb6bfb8b7c58fe8ac105405903a1b9da7516715b7afc38a555e6bbcdbad46e34e576fea34ce35734ed20af5d88eeb1047a2660648bbb113ad9db8c53edb6ed9871a1e44c9ed2df5656fb2b2806ecf03b1eca9eab50a6eaab55b933b2dd1f21d450de9d5cb2232f07a392081b0b4b885d54789e2f75bf2c4cdad878989b1d6dabd9ed23c7c5b0356a7d9e7335290d7c85b966e80184bd07998602886d7076193565c81cccda4cc7d33c85d905b1beb6e8e7418e8acaedf0d9a32a7d29d07cf44d3119d4e7896820b77de64b655e4f148800434af7bdb2a56b25eb94ea39f2169596bb2b11761f082baec08885f4a0eb6c95767135a7f7cd72e743d2dff144dd8bafb1b318006e5876f8e2cb44aa588f906266ac67119c17f5de114e72e42a1fb39944321a111fa795ff7017f2fb8caf482f55d77a80855428ded7ec20acecca83f8d1eb137b588ccb745c105f2b2ca41c3a9f49d3c6e9d7c648b003b9707c906462edad617a8cfbf9bcc6c5fb6fa984325d6582e28f62005383f338df5b38fa9d19c22a2a7ea1d68a92d1d93b7fb0b8f33bc8760f28aeb1439a8b07f3da58ddb155b498cb09c75a5596838a65013e24d5640d0842a7699322cf3ffcb5703f414ffd168860bad3e308b2b5bf3cdf7f363bf9aaf4b3bc424c146c6f5421430f9f476aa34a0c6ee80131fc4d4d970723a2186ae3625e286d17dddc435ccb00831678aba584a62dbff002bead6e11e23c54d33cf3a4b231a908:bb09360439a82dee5c7d85779e54c13f88e06d38f4b94960fe17a1ebcaa3ee2f330c649154bbc875a4076cf0bbf7eebf7b8d08d5aa4be7413881245fc2d2b6010edad5cae6ed9843e91c50d934cf55dd658f3d252039cd6c75be4f6b866fb75f35c8f98f1721d7e6d9d98a22e0b4934dcc129261bf6723b2fa7a995e35c4bd79c5816a321607d9dcce39fefa1d55de4e7617548ec385c3de01e366bf50c457a555e932070e2a5a0197b79efbe7006f0cec78b60ebb8fa8781d8eb7326edc30e62d3297a1e0a1117108c46ee5dbefc6594289335e780d55a084f552da3f36d3c4c6178ba74d4decefc5a3b8c47c16f534bdb60895d3d54cd2bb266b399e4d4fb48d7a8cde17f42412560737d3c06e29df524d0cbd3093efca1c8fedcaa124abb27abdac6a29e0e8246abd6f5f531950037f76323aa56cc3fefa603041d55f1929e277e72cda1f96541d2af3e90c0f0e28be196d8f6921f3cd57a7926b860aa1bc403576892a96b93190ae383f631b72802658b2e8451d52a2f45db4f8bc3b0e4e50b6d603a5bdd30c234200ad7debb963f58a4fa20330b3696449445aa371824842fbf326d901dfe3be045452a3740dd160e72733f6e2733525a29a865f6f50d53bf7191c599c876f5c9ca1e3fad7960648e0d471f7d5c01c673f42d659bc3d98dbf07d8febfb995d17f9a02cd6c39f2ddcd0f1d222b9e11f2dd7d3c7518224bb6bfb8b7c58fe8ac105405903a1b9da7516715b7afc38a555e6bbcdbad46e34e576fea34ce35734ed20af5d88eeb1047a2660648bbb113ad9db8c53edb6ed9871a1e44c9ed2df5656fb2b2806ecf03b1eca9eab50a6eaab55b933b2dd1f21d450de9d5cb2232f07a392081b0b4b885d54789e2f75bf2c4cdad878989b1d6dabd9ed23c7c5b0356a7d9e7335290d7c85b966e80184bd07998602886d7076193565c81cccda4cc7d33c85d905b1beb6e8e7418e8acaedf0d9a32a7d29d07cf44d3119d4e7896820b77de64b655e4f148800434af7bdb2a56b25eb94ea39f2169596bb2b11761f082baec08885f4a0eb6c95767135a7f7cd72e743d2dff144dd8bafb1b318006e5876f8e2cb44aa588f906266ac67119c17f5de114e72e42a1fb39944321a111fa795ff7017f2fb8caf482f55d77a80855428ded7ec20acecca83f8d1eb137b588ccb745c105f2b2ca41c3a9f49d3c6e9d7c648b003b9707c906462edad617a8cfbf9bcc6c5fb6fa984325d6582e28f62005383f338df5b38fa9d19c22a2a7ea1d68a92d1d93b7fb0b8f33bc8760f28aeb1439a8b07f3da58ddb155b498cb09c75a5596838a65013e24d5640d0842a7699322cf3ffcb5703f414ffd168860bad3e308b2b5bf3cdf7f363bf9aaf4b3bc424c146c6f5421430f9f476aa34a0c6ee80131fc4d4d970723a2186ae3625e286d17dddc435ccb00831678aba584a62dbff002bead6e11e23c54d33cf3a4b231a908: +f08ee8daa73e1feb61a88e062dfb1003c8578a0d53bd3bc9e589efb92f68be1476692ce8d116eccb897077edcaafdd3eb44ea1a486b90e49e97f966901015502:76692ce8d116eccb897077edcaafdd3eb44ea1a486b90e49e97f966901015502:64de90044d0e76bc02fcffcb75263667b3bd733b40bfb26c6c52fdb4b0782278cabae41e2129ea4017e94de86087964f66d86207987467a1688f9fab3ffb2f1d0063bf626c941367c12e319ab7ca3020c9b3a7215a19303e2d0e8988791de0d8e1632daa38c7f3e7f6e48ce122143d1e2cb661ba77c69e6a710911644bc110ff58bb00b5290820ce30970e7fde189e140e5c70c783eed53f0e2ac7ecae4f27db81d15b8646faa9c5a3ae2b7f47cd580d7707b002499b4cfeb8c591afdf1cc62af2595c184abcf0b2623a1bae60af7026b28d0540b41526e3020f81b894eb3fe31b72b21a3260dae3210c4ce4fd69e2e5ea0c8632a583262a12b3a8b16c9c1206ad73023037cf30653cb80aa7df8314b0f5bc6e9d5fa00b009d5552d83b7970b5bc4b9984f69d1cca9ce4cb74ddd2d879d37312a0e159d7a6afb77ac585e6b459c551304e1eebfbcab43a10b505924e03ea332f5d020a55c7aa683c541dcf7790a240af079baba94096b46060fd7afe9056ca99e688df280a9be8c8c73e6e6fb052a33eb3328a7f602542fe280c890e3ccaf22c7f34f87b5e5ba784b472b1e1a99347a9e0d240858d1277a5c6b349383fe4fd55cf92e69faad326b8d6db46233026221ee6d0a1c4246533c4a0e5bd172eb8936a9c0d30066538e3eb4ad5cb9877fd861b482b30150a06104161647e01d004d997403ee06726cb97e2e25f18c668eee4c5bf72529803189ee6a7aec238d5906ea5ae10722c9a61a78aea52af33eaac75406b1a60befbaad48476d9ff887fd283eb1655bcc07cf753331436db5b3b13032ff9c3d696380e9f5abf50d3556fda0df0b53897a737ac7a3b87c2a832b0c7273ea9fc54a767f1a812bf0164bf7521630b81b9dd930d92ee2ca28e3203b77bc082ceb37d55edbcb71df0b79236789a25d418cbb95544e2cef33bbdeb27a3f7909c1f498f47135ae9033adf250ad4f6575361e4cfcc9bcf4b90c3ad47a3442297a223cca843d7205ed08a9b87160a6d01b46a7d1c844e8d1f18f618682bfb22955f395b2a5790a51a696499d9e71a501f3fa546de9b10ae47bcee42ba7f869fb9ce4ed7c6453326c034cf05d9f1e3c200701ba752dabbd868521c3d8f80672d42f6cf4564f08cd7b390e6d49dd90090afdb84486ffcaa4e84d88682744dc0a878faa7cd440a8b276710902081f4dc84174619a66ea3a371f95505400d99fa999017710c8e2714be60949d461310f7d43a0dc123516d77d362213f9f75a5a1c393affc49ea151d46a81ffad239f28c07f65f59ea077d9a4d9c752de49b9ef36be60d112d795f588b00ef6e7730dea65e1016da0dd462370e0ba5c660001e457c08b436da2903b62906932084728c81671cbfb079bb29:66dfa4c1575beff2f5a230b28c58c3eea0736df379d75559bc9d37a9579d121c05c373e8484c9747ef4477e80c4b2cb4ddf16ae9fdfa08a07547d107dcea120364de90044d0e76bc02fcffcb75263667b3bd733b40bfb26c6c52fdb4b0782278cabae41e2129ea4017e94de86087964f66d86207987467a1688f9fab3ffb2f1d0063bf626c941367c12e319ab7ca3020c9b3a7215a19303e2d0e8988791de0d8e1632daa38c7f3e7f6e48ce122143d1e2cb661ba77c69e6a710911644bc110ff58bb00b5290820ce30970e7fde189e140e5c70c783eed53f0e2ac7ecae4f27db81d15b8646faa9c5a3ae2b7f47cd580d7707b002499b4cfeb8c591afdf1cc62af2595c184abcf0b2623a1bae60af7026b28d0540b41526e3020f81b894eb3fe31b72b21a3260dae3210c4ce4fd69e2e5ea0c8632a583262a12b3a8b16c9c1206ad73023037cf30653cb80aa7df8314b0f5bc6e9d5fa00b009d5552d83b7970b5bc4b9984f69d1cca9ce4cb74ddd2d879d37312a0e159d7a6afb77ac585e6b459c551304e1eebfbcab43a10b505924e03ea332f5d020a55c7aa683c541dcf7790a240af079baba94096b46060fd7afe9056ca99e688df280a9be8c8c73e6e6fb052a33eb3328a7f602542fe280c890e3ccaf22c7f34f87b5e5ba784b472b1e1a99347a9e0d240858d1277a5c6b349383fe4fd55cf92e69faad326b8d6db46233026221ee6d0a1c4246533c4a0e5bd172eb8936a9c0d30066538e3eb4ad5cb9877fd861b482b30150a06104161647e01d004d997403ee06726cb97e2e25f18c668eee4c5bf72529803189ee6a7aec238d5906ea5ae10722c9a61a78aea52af33eaac75406b1a60befbaad48476d9ff887fd283eb1655bcc07cf753331436db5b3b13032ff9c3d696380e9f5abf50d3556fda0df0b53897a737ac7a3b87c2a832b0c7273ea9fc54a767f1a812bf0164bf7521630b81b9dd930d92ee2ca28e3203b77bc082ceb37d55edbcb71df0b79236789a25d418cbb95544e2cef33bbdeb27a3f7909c1f498f47135ae9033adf250ad4f6575361e4cfcc9bcf4b90c3ad47a3442297a223cca843d7205ed08a9b87160a6d01b46a7d1c844e8d1f18f618682bfb22955f395b2a5790a51a696499d9e71a501f3fa546de9b10ae47bcee42ba7f869fb9ce4ed7c6453326c034cf05d9f1e3c200701ba752dabbd868521c3d8f80672d42f6cf4564f08cd7b390e6d49dd90090afdb84486ffcaa4e84d88682744dc0a878faa7cd440a8b276710902081f4dc84174619a66ea3a371f95505400d99fa999017710c8e2714be60949d461310f7d43a0dc123516d77d362213f9f75a5a1c393affc49ea151d46a81ffad239f28c07f65f59ea077d9a4d9c752de49b9ef36be60d112d795f588b00ef6e7730dea65e1016da0dd462370e0ba5c660001e457c08b436da2903b62906932084728c81671cbfb079bb29: +272d64de50b1312bee23d7f4cea508a8fccf3e9b324e97b1c8e72502f61fbf4533498c3b712ab9c01ec76b2efe2b83add1e1f2b5eb78f21692323451820cbe10:33498c3b712ab9c01ec76b2efe2b83add1e1f2b5eb78f21692323451820cbe10:d6260d7eec5d436208e7e737655e0971814270194405e36e39f8f17b649fbc16c0f3d7f2bef5ebc02bb1c4df48e8470a3eae8a3ccaf640abcc094aa91150ff1a8cf1169693ebf5ac0034b9b919ecf17db791dfe5fedc90918b23e54e9004a1ae771c213ed7ed7334434e5bc02c0dda2bd1a876fb824a197bc99613b1409e7052310b0820da71446929ae7cfd3afba042de54578a5bfd94c1544391a3d9acbd5663ef65c6920d78516dec1cd55f6eb7290ba0aaf9a171658200b24a47a071b96fea03c6ca7ed0d6fe675dd63761833d75bc5e58a958582db02a60c6ce0a63f42ba837ae77c17a32705fd9cafa587b555dd4619851079794e24eb44608835a6f4824920d577a270396c9573bc7d82fe2aa0465956613a2c508cf2432337a365e6c984cba917f0cf842af122dc89dea958d418cae44a6e4ed263a415ff994a5ffb2ff13913df214bbfe90a34b247e71ab73f7ff004c23acfd90c767611aa55814c66964168e568ba75bf34903597cdcac78c24bb9f14f5c86a51f364f9ab41e464aee64fa50a1c159cbd850832c504ab42a584a96d5aee082d82c1edda19338160b8dcfa3419b3af64d9cfb104f98f9d35e5394e23228e275c87db50ca867540b880c7af29fbf534294581c22240bcd4d7d2c20ffc36733ada27653d3ae1a8c2203eac626e2e9bb4b52ce523e5adb3b2c10dcf78c2a1e626a16ebfa1bdb8c161493a5aaa2d84bfaa0f2027ffe4e9eaeb332ebda7cbbb677769d78517adf72f823a7f844165a079878d258fd95225c21177837e69c19685a051ca92b120b7d86d78595471ffc42a5e6e6431be7b64f8076458bacd6c72903cc34fc63a40cf3df00eff9d6ee9a8f39d25ead81a8128888b0a1ac0e5e3ad927712c14146adf828770ff958709eb19288e77bb70734881e9e016cd29e7d0899341ff6b297ac796bbde486ec35949f6a32b2ca647385915ecba3b9f0225087145c18d6559d3a31d6f22fc49f8a6315f1d32abeeb7cf2c2c776ea7350fd5ebc0e0f265baccc2697a7c8ca40c135f6cfcb0b58a61431960ffa9065709a961a633d570b73fb4491de52ad0d7b204b6e997b037ede3f7eca820a7cdb2c69ac29148be3523508ae7e4c3d1a717f55a821d14c3b64f08ca9ae49613b115773ef618d321c908bd2156717a434e5089a5948c045c8da8a4bd86ed5fabc6b13466e6deda583207d2ada2b2ab9cb1543df7a3734dfbc6fc428106d4844724a13df42faab18ca89db20ac9bc27b85394667c5a2779ca63ed7ac2b7c0d4122391ee4602d61ea0381764fb72dcc224e65eae2bc4506b0f09e23205d0bb21c77d8287c165e0b42c551579778acb7258a2479d7cf25b902e8d0da429bde36b4590dae96f525481ac8378:33814c6ef375ab963769b2de4a25e7020fcd97f78f8fc93455c4b1c2bd45d4b01e192900e3122265fc552cd5c5f00e931e3a183cca5ba0802dafdebb79ebeb03d6260d7eec5d436208e7e737655e0971814270194405e36e39f8f17b649fbc16c0f3d7f2bef5ebc02bb1c4df48e8470a3eae8a3ccaf640abcc094aa91150ff1a8cf1169693ebf5ac0034b9b919ecf17db791dfe5fedc90918b23e54e9004a1ae771c213ed7ed7334434e5bc02c0dda2bd1a876fb824a197bc99613b1409e7052310b0820da71446929ae7cfd3afba042de54578a5bfd94c1544391a3d9acbd5663ef65c6920d78516dec1cd55f6eb7290ba0aaf9a171658200b24a47a071b96fea03c6ca7ed0d6fe675dd63761833d75bc5e58a958582db02a60c6ce0a63f42ba837ae77c17a32705fd9cafa587b555dd4619851079794e24eb44608835a6f4824920d577a270396c9573bc7d82fe2aa0465956613a2c508cf2432337a365e6c984cba917f0cf842af122dc89dea958d418cae44a6e4ed263a415ff994a5ffb2ff13913df214bbfe90a34b247e71ab73f7ff004c23acfd90c767611aa55814c66964168e568ba75bf34903597cdcac78c24bb9f14f5c86a51f364f9ab41e464aee64fa50a1c159cbd850832c504ab42a584a96d5aee082d82c1edda19338160b8dcfa3419b3af64d9cfb104f98f9d35e5394e23228e275c87db50ca867540b880c7af29fbf534294581c22240bcd4d7d2c20ffc36733ada27653d3ae1a8c2203eac626e2e9bb4b52ce523e5adb3b2c10dcf78c2a1e626a16ebfa1bdb8c161493a5aaa2d84bfaa0f2027ffe4e9eaeb332ebda7cbbb677769d78517adf72f823a7f844165a079878d258fd95225c21177837e69c19685a051ca92b120b7d86d78595471ffc42a5e6e6431be7b64f8076458bacd6c72903cc34fc63a40cf3df00eff9d6ee9a8f39d25ead81a8128888b0a1ac0e5e3ad927712c14146adf828770ff958709eb19288e77bb70734881e9e016cd29e7d0899341ff6b297ac796bbde486ec35949f6a32b2ca647385915ecba3b9f0225087145c18d6559d3a31d6f22fc49f8a6315f1d32abeeb7cf2c2c776ea7350fd5ebc0e0f265baccc2697a7c8ca40c135f6cfcb0b58a61431960ffa9065709a961a633d570b73fb4491de52ad0d7b204b6e997b037ede3f7eca820a7cdb2c69ac29148be3523508ae7e4c3d1a717f55a821d14c3b64f08ca9ae49613b115773ef618d321c908bd2156717a434e5089a5948c045c8da8a4bd86ed5fabc6b13466e6deda583207d2ada2b2ab9cb1543df7a3734dfbc6fc428106d4844724a13df42faab18ca89db20ac9bc27b85394667c5a2779ca63ed7ac2b7c0d4122391ee4602d61ea0381764fb72dcc224e65eae2bc4506b0f09e23205d0bb21c77d8287c165e0b42c551579778acb7258a2479d7cf25b902e8d0da429bde36b4590dae96f525481ac8378: +0c9fe559ad1ed3ba164daceacb023567b2430320b6715de732a03c59c7303130e70fc466fb2acd74e099c36e2c22fa51290bdde96df9c31b6dfbfdc2e2c14a40:e70fc466fb2acd74e099c36e2c22fa51290bdde96df9c31b6dfbfdc2e2c14a40:26ebc648cf8c7965ec6ebe965d9c792bed90655ad440183c6d70ea6467bb8e6f04ec843f333156917bf4c51d0ed0f28b7cd31bc12cf840686b82b0c2c350bbdac805333725d6b69c2ab7f34ee593fa1cccedf3f0642a688fcc1cd98b0987d01f713a2fa6416c961921de0cc2c9ec7a555855e7fcd4c7ddaa14fd91ecb04224e1761b7d6b35f4aa5618a500ca00d1ca2451b5d368afde3a407e783135f39019a5b984e82ac279c05e48c295ebd1563821a0743c52246b5d2b2034e3aeb6ce7c5cf919e74a9c7bbc9e25da30430eb16ecf3837eb38a0f559792a729890ba8310260f8aeb9b5af00eb633c12dee022628ba418d75cf18de2f2e65e49b1a69684d6127ef481ca861ecbce3be86497e65df4c5fcd0817c9716b59f2a263d5e9eb606839f85c5a365837b0fbe2c4274d66cb2c65ed365fabf58f15be52b51cb60118ca4f730d447359f7ef346b750217d47b2e79c86c0c62816a0c7c18a2ce2b688e0cce0d752321e79b423857dac59f8fbeb09411e71669ef9a2643f2e99f387ac183e0b0ac72c59a0c3c18c0de8b010878074acc1a2b39f9df99d9f8f8b52fefe4943c525fd4d06ad878e46608abf27a54bc5006f647db724851db7c4578ae66583dc4bb518ef028890347e8fce0927d7d9af3ab5d0d2d202a4026aa2ea7487962676a603298e7d2e7b90921ee1b52806d71a764e03e25ddd6848f61d46fad3d008e10ee5cd5a3390f9d158a4437ef615fc90ac5bf3a9d682e12c3398ac77680d22cd1a6a56ec3b25cede867edd383159c6164d63e9cd1c956ac7235fffae936166ccd35898e29c9b4ca4e2925da323b6fbf67cfd596c88a1a35a8359851ddcba8f6134a9faa244dcb47e691276ee625cc20adcec21cbe77a3acb9ba72f0c9d3da7e9cd5be3b95990ba54a9f31af171f95aeead3331cb188a5b2c6f539acb48b98b3f7341f60251cb60429ccd9cf32f009205f2753fbbb26aa53174342ad184dab6870c0fb52930119d9f97d8489a60076aadb2e96054ac7cb7f84e13c75bbf9e4d924d2272afef0871915e243ce66fc2a8888513535b10bb4079c806bd949281e28283523d0d210b31ef62a95dcae0cd25290c7edf2c24b432822debe347f1cae945f5728c71b5403ef14e72c3d8342e198b362ee20f809e46aca015f35477ff89ac4b37e6615856f7ea251fbfe13f9065259b0946aaef24943270a854de889780033d63dda5447998a3ed7e506aeb51ea37b681ac3076797acdbfcc27883630adb72260a46af0a60d53f6654566e20d6088cd48e23b28d81f0eed205b92aafd96164d6d3ca3fc8b171804ee9fce7abaed2ea4ddf9cb2b3ae73a70ed63de45e14101428d0a7a226db39ab6cd04374080e6983f018ce93da4c89ac:6cd8aed97d9c62d5fdae597d061c0c2bc37e42df06b8327a468f92b3f438a1e6b6b1ef2be78549a289fd3fc1a6299e5a33d5396cb4fac1e8e9982f0cb3d20d0726ebc648cf8c7965ec6ebe965d9c792bed90655ad440183c6d70ea6467bb8e6f04ec843f333156917bf4c51d0ed0f28b7cd31bc12cf840686b82b0c2c350bbdac805333725d6b69c2ab7f34ee593fa1cccedf3f0642a688fcc1cd98b0987d01f713a2fa6416c961921de0cc2c9ec7a555855e7fcd4c7ddaa14fd91ecb04224e1761b7d6b35f4aa5618a500ca00d1ca2451b5d368afde3a407e783135f39019a5b984e82ac279c05e48c295ebd1563821a0743c52246b5d2b2034e3aeb6ce7c5cf919e74a9c7bbc9e25da30430eb16ecf3837eb38a0f559792a729890ba8310260f8aeb9b5af00eb633c12dee022628ba418d75cf18de2f2e65e49b1a69684d6127ef481ca861ecbce3be86497e65df4c5fcd0817c9716b59f2a263d5e9eb606839f85c5a365837b0fbe2c4274d66cb2c65ed365fabf58f15be52b51cb60118ca4f730d447359f7ef346b750217d47b2e79c86c0c62816a0c7c18a2ce2b688e0cce0d752321e79b423857dac59f8fbeb09411e71669ef9a2643f2e99f387ac183e0b0ac72c59a0c3c18c0de8b010878074acc1a2b39f9df99d9f8f8b52fefe4943c525fd4d06ad878e46608abf27a54bc5006f647db724851db7c4578ae66583dc4bb518ef028890347e8fce0927d7d9af3ab5d0d2d202a4026aa2ea7487962676a603298e7d2e7b90921ee1b52806d71a764e03e25ddd6848f61d46fad3d008e10ee5cd5a3390f9d158a4437ef615fc90ac5bf3a9d682e12c3398ac77680d22cd1a6a56ec3b25cede867edd383159c6164d63e9cd1c956ac7235fffae936166ccd35898e29c9b4ca4e2925da323b6fbf67cfd596c88a1a35a8359851ddcba8f6134a9faa244dcb47e691276ee625cc20adcec21cbe77a3acb9ba72f0c9d3da7e9cd5be3b95990ba54a9f31af171f95aeead3331cb188a5b2c6f539acb48b98b3f7341f60251cb60429ccd9cf32f009205f2753fbbb26aa53174342ad184dab6870c0fb52930119d9f97d8489a60076aadb2e96054ac7cb7f84e13c75bbf9e4d924d2272afef0871915e243ce66fc2a8888513535b10bb4079c806bd949281e28283523d0d210b31ef62a95dcae0cd25290c7edf2c24b432822debe347f1cae945f5728c71b5403ef14e72c3d8342e198b362ee20f809e46aca015f35477ff89ac4b37e6615856f7ea251fbfe13f9065259b0946aaef24943270a854de889780033d63dda5447998a3ed7e506aeb51ea37b681ac3076797acdbfcc27883630adb72260a46af0a60d53f6654566e20d6088cd48e23b28d81f0eed205b92aafd96164d6d3ca3fc8b171804ee9fce7abaed2ea4ddf9cb2b3ae73a70ed63de45e14101428d0a7a226db39ab6cd04374080e6983f018ce93da4c89ac: +15d75ad8e4afb12634cc8e600f1a4267ef9584f4c4ac44fffe4b9fcb885c9d2a09d126f017e0169774e8c37ab379263a8075746127c2d11ecb0e4cb454709ff1:09d126f017e0169774e8c37ab379263a8075746127c2d11ecb0e4cb454709ff1:d1cea2b7e9afc1f0fab890d2700a5ae41e15e7d34d3bf19d0f34d9f9f0ab9812dc7c2a8dc44c8ee7f3788761ecd988ee72c736b62a7cac3cc9b738e938df7787377eb9ffd120d4ff58cf1c0675633f7e83c4b115548f14d2f70c6d482211443a8499599558c14277980fa42a78427907f73a41f5f6693b2f75fe5e7a6ff0a6c3a4e2ed1d0d968d5cc9d6f13d41c3d291396ae7e434e664b2ff243e7f6d88010210078c39b5a576caf409bb4711b3eefc486b67b7ffeae0cbac6a0fbdf5343fb2ae4e057edc8c9d2ed31eae9ec83d2bedd219eb989b2d4419618c2d3ce4490e35fbcad432b0124795f9c5cbdc1eb0c3072b4aa801d26fbcc7b07b8257f5fe47acd9bc587b5657cf07ca545bb568c9e4e73cddf6254e22f78ab2f8064519f8abfd16fcfa90f87687db0c4209be2c6c79a5521f44189678d932c54585700a2437702e56aab588a17cb2cc94c00e87570ef3ac5133d753038aa46510a260c1fe80479bc02eed9a8d1de99354ac2648b48b96ab1b80cca6cae1877f37d70428bb50850e0308db0b423087bf7dde279e096766f2ab3ab2385b0464a5bed7bbd8d457e935e200aaaa8d951570e053076db18a6a62f72b319579884a0826ba2b436371dd218b01a0c5e58d0cd5ff9825e4466fe966df05cc31c803e5212183ddf29cef7fb91648a4f8ee19fd5f8dbd8a56be7abf33659a9224a1e27a1024effdfb88e8806148d0d1780906af1ebe3e5f14363190d88cc6e5089444f125d063155dcf86ca9263f2f5f183c26974fe000b9342d24c781e2058287cb6f3f1e3270c22b7707b8323a5cc8db81aa906bb59d696cb97cc74e359595ffb8373cad3710ea09ea9744c20e9a12e05be5a95f085ac561678d7da432e4c7cb53e1271df5cd5a339d2d7520f1c1848d15071d8c69846b23c5d2432c73890f2eded37c3d2964a4b5b55225888e892f526d1cac31eac356f361c2bf336c462d60c82e82b616f2a519c2f67bf01290369be9b55e9f5c8cec4f2e1b2ab302506c903dc3e7b9c978141dc904b01b1c23d25004399bf8b73d69cd539c79af5e9a0a511eca221078a1ff7b0f604aea84246c3cb32db9381be121767e097bea517bfcd82dfe921379840efb4b6f02a48ecdaf12d2cd38930d4473adf97cd71dc4ea10382f4f5d1dd7562cd4bf5115932f6c4700aa8fe8deca9d5e7277902b8f886529765db2486074b23a19fd4b04356bfa6226c82baf69a087d9ca18823f8e3e68308e16b804c363df5b6307e76240db1ed841b612d65548ddfbe8367da60772c6aff554dc85d041948345e567da9333151858fdf6993273925bfdc7181b5f646d063a8c8f310569b0ed093bd9dff04febf0b41c6dc55169a14a3c862e5416f1e582fdee8fe87dc:a8f2f4b9e2072ca9fade37fdd62d8d0242fd4daa09fd856e75f4e343c7260ea677f753a627aed08cb96c444e29bdb5b5385d43843bbe79a3dda36e1e1101c50fd1cea2b7e9afc1f0fab890d2700a5ae41e15e7d34d3bf19d0f34d9f9f0ab9812dc7c2a8dc44c8ee7f3788761ecd988ee72c736b62a7cac3cc9b738e938df7787377eb9ffd120d4ff58cf1c0675633f7e83c4b115548f14d2f70c6d482211443a8499599558c14277980fa42a78427907f73a41f5f6693b2f75fe5e7a6ff0a6c3a4e2ed1d0d968d5cc9d6f13d41c3d291396ae7e434e664b2ff243e7f6d88010210078c39b5a576caf409bb4711b3eefc486b67b7ffeae0cbac6a0fbdf5343fb2ae4e057edc8c9d2ed31eae9ec83d2bedd219eb989b2d4419618c2d3ce4490e35fbcad432b0124795f9c5cbdc1eb0c3072b4aa801d26fbcc7b07b8257f5fe47acd9bc587b5657cf07ca545bb568c9e4e73cddf6254e22f78ab2f8064519f8abfd16fcfa90f87687db0c4209be2c6c79a5521f44189678d932c54585700a2437702e56aab588a17cb2cc94c00e87570ef3ac5133d753038aa46510a260c1fe80479bc02eed9a8d1de99354ac2648b48b96ab1b80cca6cae1877f37d70428bb50850e0308db0b423087bf7dde279e096766f2ab3ab2385b0464a5bed7bbd8d457e935e200aaaa8d951570e053076db18a6a62f72b319579884a0826ba2b436371dd218b01a0c5e58d0cd5ff9825e4466fe966df05cc31c803e5212183ddf29cef7fb91648a4f8ee19fd5f8dbd8a56be7abf33659a9224a1e27a1024effdfb88e8806148d0d1780906af1ebe3e5f14363190d88cc6e5089444f125d063155dcf86ca9263f2f5f183c26974fe000b9342d24c781e2058287cb6f3f1e3270c22b7707b8323a5cc8db81aa906bb59d696cb97cc74e359595ffb8373cad3710ea09ea9744c20e9a12e05be5a95f085ac561678d7da432e4c7cb53e1271df5cd5a339d2d7520f1c1848d15071d8c69846b23c5d2432c73890f2eded37c3d2964a4b5b55225888e892f526d1cac31eac356f361c2bf336c462d60c82e82b616f2a519c2f67bf01290369be9b55e9f5c8cec4f2e1b2ab302506c903dc3e7b9c978141dc904b01b1c23d25004399bf8b73d69cd539c79af5e9a0a511eca221078a1ff7b0f604aea84246c3cb32db9381be121767e097bea517bfcd82dfe921379840efb4b6f02a48ecdaf12d2cd38930d4473adf97cd71dc4ea10382f4f5d1dd7562cd4bf5115932f6c4700aa8fe8deca9d5e7277902b8f886529765db2486074b23a19fd4b04356bfa6226c82baf69a087d9ca18823f8e3e68308e16b804c363df5b6307e76240db1ed841b612d65548ddfbe8367da60772c6aff554dc85d041948345e567da9333151858fdf6993273925bfdc7181b5f646d063a8c8f310569b0ed093bd9dff04febf0b41c6dc55169a14a3c862e5416f1e582fdee8fe87dc: +bf3c0cbbbe20be2acfafb27a3611b48921a728ab17334b8afdee8305178f613b4500a03c3a3fc78ac79d0c6e03dfc27cfc3616a42ed2c8c187886d4e6e0c27fd:4500a03c3a3fc78ac79d0c6e03dfc27cfc3616a42ed2c8c187886d4e6e0c27fd:8f30ba2f792e9a97f6eafe29f976a48028cb8857b5c798bc2b6168c46444c0ce696070374c5e6a40c3d18a5dc7669fc41db9a81cff759b8ca0159871c3442e8c7512698fa447b5783ee01d1b611449abad237162922b02d1aec5de1d666f17da1613106301d30586d116e2ac09007dd71e8123ede4c5a6a9ac077fe3d93909da628e865870a4e25cb35591675a0690bec4af0281714fe6661bd5c00a27d79f959fb4d4fb1636a6a3575f4f01470663899d737472b096be4db723715367a41a3a4c13f742d908f4d921cfdd156e75868261ba9c10d85874ca2d6c0c9e7295e5662bd916a363c7a796ead617c4251e6794da06c3d08f2fdc3886944a7509e6409c906b593113b4b1f9850132960d9f3a4eeb7386fa592f6193beab8e0ff0f28908a0d548db87bae978b05abbca9b3e96d8795b88077f620f2124e31590eb099e94e0e6e3cd620ae6290f3e2d01467e5bef4fabdef79d9ab9239e753ec4fa0bb110ff1d393fca02243502d7e987991eb76d08f8be7eb2b1ee00c3b68bbf72a623baa15be896b3215ebe8a82313109fc629b0cce6491f813c24970e4ffe6869e40b46b4ed22986d0042155276c230de4c05d678552f2e851cacf5a472157dbb1a99a2b42ff4037f0dc6380672921c909206e80050e61a6b3056b17e3ae835009b20419a3b9846d374892e719f1b35bc1257da93ccc6d8f8fcaa8e609a8d204df108be7193467e7f105935282c3fe6670a5329442ea3edda2376a03a1cfe8723a909c064d30fe9bb0212c33afe2bea30c9143c001da01c7ed504559b97fe2cea09beb9db51900dc136705921e20297845ba72a97aa7c953814571be3f08cef968045a5ac34004f67fbfa54e996b311bd8dc527d89e1d4f53453a6713720101c45a60ee3a05c2ee66f134b5af40e4b70ef37ba3f0afdefc039f342c28af9198251381a1079a5dd035a8c28976c6b7f4db09ea383a3a87f0f851fd331aea7fa4bfcd95631d652fa2f50f1c23ff2bc137a0604e3d9f39ccb965145bca48b06dc8a817547b625effa796d000c3774bad198db1241be7a2c0dc4a4641b9a8cb9cb8c8c3887576f5272c33aaffe45615f51a96fae76cf5125bc69ad0a4038790799b5c2624421a6433dbab39cccb0b1787b5bce289594489d17edb5f9310374807d36c6e6734726bb33004ecae8bb691dcd387601f4ea911b4b90ebff756d7d8d9eb422cbb9aaf7f4772e0a5436430685e57b697454e82eeadce4aba062b77682cf219be1fd9b00f1cb1135a1021349539a4b93ae213f193d2932738ef72920499b7be2a81c9baaed17c54641a5974d27223241e3c6a095226bd237e0591e002b3af0565df3e976420f9764a09ae8bfa2795f8fad7fc687bd2de23d1488f449d8:8f8703bcf4c0329417339eb026f2b72d314d922e9accb5d8bb7eec87e07e6138551672a6132cb4f875508ed3299567b4a74134d2bdf0d857f980861d18be7e018f30ba2f792e9a97f6eafe29f976a48028cb8857b5c798bc2b6168c46444c0ce696070374c5e6a40c3d18a5dc7669fc41db9a81cff759b8ca0159871c3442e8c7512698fa447b5783ee01d1b611449abad237162922b02d1aec5de1d666f17da1613106301d30586d116e2ac09007dd71e8123ede4c5a6a9ac077fe3d93909da628e865870a4e25cb35591675a0690bec4af0281714fe6661bd5c00a27d79f959fb4d4fb1636a6a3575f4f01470663899d737472b096be4db723715367a41a3a4c13f742d908f4d921cfdd156e75868261ba9c10d85874ca2d6c0c9e7295e5662bd916a363c7a796ead617c4251e6794da06c3d08f2fdc3886944a7509e6409c906b593113b4b1f9850132960d9f3a4eeb7386fa592f6193beab8e0ff0f28908a0d548db87bae978b05abbca9b3e96d8795b88077f620f2124e31590eb099e94e0e6e3cd620ae6290f3e2d01467e5bef4fabdef79d9ab9239e753ec4fa0bb110ff1d393fca02243502d7e987991eb76d08f8be7eb2b1ee00c3b68bbf72a623baa15be896b3215ebe8a82313109fc629b0cce6491f813c24970e4ffe6869e40b46b4ed22986d0042155276c230de4c05d678552f2e851cacf5a472157dbb1a99a2b42ff4037f0dc6380672921c909206e80050e61a6b3056b17e3ae835009b20419a3b9846d374892e719f1b35bc1257da93ccc6d8f8fcaa8e609a8d204df108be7193467e7f105935282c3fe6670a5329442ea3edda2376a03a1cfe8723a909c064d30fe9bb0212c33afe2bea30c9143c001da01c7ed504559b97fe2cea09beb9db51900dc136705921e20297845ba72a97aa7c953814571be3f08cef968045a5ac34004f67fbfa54e996b311bd8dc527d89e1d4f53453a6713720101c45a60ee3a05c2ee66f134b5af40e4b70ef37ba3f0afdefc039f342c28af9198251381a1079a5dd035a8c28976c6b7f4db09ea383a3a87f0f851fd331aea7fa4bfcd95631d652fa2f50f1c23ff2bc137a0604e3d9f39ccb965145bca48b06dc8a817547b625effa796d000c3774bad198db1241be7a2c0dc4a4641b9a8cb9cb8c8c3887576f5272c33aaffe45615f51a96fae76cf5125bc69ad0a4038790799b5c2624421a6433dbab39cccb0b1787b5bce289594489d17edb5f9310374807d36c6e6734726bb33004ecae8bb691dcd387601f4ea911b4b90ebff756d7d8d9eb422cbb9aaf7f4772e0a5436430685e57b697454e82eeadce4aba062b77682cf219be1fd9b00f1cb1135a1021349539a4b93ae213f193d2932738ef72920499b7be2a81c9baaed17c54641a5974d27223241e3c6a095226bd237e0591e002b3af0565df3e976420f9764a09ae8bfa2795f8fad7fc687bd2de23d1488f449d8: +287fafd21374572f57810047d0d98cb1ff3d0120faa4886132245732c1a6ab78e8252063f5ad7e95bd05c502a8bc4a17556360869b9de0a3b858938e11117619:e8252063f5ad7e95bd05c502a8bc4a17556360869b9de0a3b858938e11117619:b3c443e4e5899c16d39e81b4f8074042a904a735074b2795d9ac06b1379ef7618d2a534b6bef81569e60719267bf29cd9d16acc9a174d8026b14b127d0d2d8b4583998895ad7ef72fedc53b8f08a2250100e1f1f0aab48bc7074643488e6b670e1b0727c385a34ff65a0d7e83ba86083b873dff0559209b14b2ac42bf7c572d0c5917ac42e4ae4dae1dd4235795276a076132cfe3e0c350b26580fbb3af81777b93ad95cb7ff17c2d980ce0d492f6d40fa90ba3fcaa21bb68735ee1ef208495ebf7b02276ffa1efc081658bb44cd2761ef5e3e1ca60ec8b5d816d4abacd0bcc80268d8f4df8b3a52049db0157e2b6e81acd6f3f28947c07627955cdac9eaa1de17d4b9daa361fb49782664d7d6d2ca5cec6d14893c3e80b6d16daacffcc0b75937e8bef6f9e112a87f4b035f9036070a2ccc55c2aad939df674f7e4e12685e016ea0e4902aaaafaffe38ddb2f90d9cf78537f61391696ff0330ae8f79a1c1ed5d52b4ee2a62d90fb82d9a48393fa33810b40d0455902d574ff052003e0160c0f47b5e580a078bceef06073dda8b2d1f104a595e90bb6a48eddd865f1cae4f178fe22e75f2f6124a9da0682447112b3db5be8c42472b241e944fd2370c2dc2715c05a41bdbc890c41c65fb08c2f593174391ac880f3cb67d1b74ff802ef962afef7b9f3ea326f9527e7fba698187924b64ccdd0866248c76ee64c79069be0a057b10ae190f38ff5aba844e39331cf1db13c900906bee0d7e7546ef52324e37c590675f139f58f573a494f4ae82c4ec81066a68e2d92900191c47d3062f0f9aaed191137cda9b83cd130e8262960e6244f8f6ef39f15a4fed13cb669edc19f5ce162ceb8d242b9addbfba8772ce74985a5f3720d590a920e1dca75a879b1aa459f7462fff2e95072761b209254fe38c54d833a8e2cb8fc40c598f3c7f7d6c5705715d0308dc30eaa84676d209d7b7b31344756e69a9a4cb4e4a251817a3786fea6728dd60822336b45ae5d47c704b45c4cad38c1e01ab93d141692d55d12fdb9740f1d181582f1c48ce5434860d930f0e7e70edcffb85560a53dba95d57b31e8924137bc2c19e34bb9c9866877174280e80c23978d57795864a7374aef383f3bf6375359bf63564740098461a6c76e8f238913288769a1cb1c95b22c32a9ebb3eceb048ee324cf0d7e85a389b04dedbbcbeef298d0527816085c0c83efaa298546e8390bd1bfe465ec1bafae69ee5218e72caedb9b649cf73eec454a2b484965179672debcf9441363995a8a907de17dc0684f2aea579a2fb4484195db4115ca32e970526dc00a5cacaf588711dbd469ce80bd297c4f41d6fa28a597c6372c0d214960b54598cd8bc849ebdca36d6225b20dec0d031169cebb36eadc3a:6201e30591d36b7b226e36fdf56434c47cd3051837af31313a9917fd02dded2b5bbb4bbc368b3bd15d062045f105b6e7341b15150d36f90087591d839901b801b3c443e4e5899c16d39e81b4f8074042a904a735074b2795d9ac06b1379ef7618d2a534b6bef81569e60719267bf29cd9d16acc9a174d8026b14b127d0d2d8b4583998895ad7ef72fedc53b8f08a2250100e1f1f0aab48bc7074643488e6b670e1b0727c385a34ff65a0d7e83ba86083b873dff0559209b14b2ac42bf7c572d0c5917ac42e4ae4dae1dd4235795276a076132cfe3e0c350b26580fbb3af81777b93ad95cb7ff17c2d980ce0d492f6d40fa90ba3fcaa21bb68735ee1ef208495ebf7b02276ffa1efc081658bb44cd2761ef5e3e1ca60ec8b5d816d4abacd0bcc80268d8f4df8b3a52049db0157e2b6e81acd6f3f28947c07627955cdac9eaa1de17d4b9daa361fb49782664d7d6d2ca5cec6d14893c3e80b6d16daacffcc0b75937e8bef6f9e112a87f4b035f9036070a2ccc55c2aad939df674f7e4e12685e016ea0e4902aaaafaffe38ddb2f90d9cf78537f61391696ff0330ae8f79a1c1ed5d52b4ee2a62d90fb82d9a48393fa33810b40d0455902d574ff052003e0160c0f47b5e580a078bceef06073dda8b2d1f104a595e90bb6a48eddd865f1cae4f178fe22e75f2f6124a9da0682447112b3db5be8c42472b241e944fd2370c2dc2715c05a41bdbc890c41c65fb08c2f593174391ac880f3cb67d1b74ff802ef962afef7b9f3ea326f9527e7fba698187924b64ccdd0866248c76ee64c79069be0a057b10ae190f38ff5aba844e39331cf1db13c900906bee0d7e7546ef52324e37c590675f139f58f573a494f4ae82c4ec81066a68e2d92900191c47d3062f0f9aaed191137cda9b83cd130e8262960e6244f8f6ef39f15a4fed13cb669edc19f5ce162ceb8d242b9addbfba8772ce74985a5f3720d590a920e1dca75a879b1aa459f7462fff2e95072761b209254fe38c54d833a8e2cb8fc40c598f3c7f7d6c5705715d0308dc30eaa84676d209d7b7b31344756e69a9a4cb4e4a251817a3786fea6728dd60822336b45ae5d47c704b45c4cad38c1e01ab93d141692d55d12fdb9740f1d181582f1c48ce5434860d930f0e7e70edcffb85560a53dba95d57b31e8924137bc2c19e34bb9c9866877174280e80c23978d57795864a7374aef383f3bf6375359bf63564740098461a6c76e8f238913288769a1cb1c95b22c32a9ebb3eceb048ee324cf0d7e85a389b04dedbbcbeef298d0527816085c0c83efaa298546e8390bd1bfe465ec1bafae69ee5218e72caedb9b649cf73eec454a2b484965179672debcf9441363995a8a907de17dc0684f2aea579a2fb4484195db4115ca32e970526dc00a5cacaf588711dbd469ce80bd297c4f41d6fa28a597c6372c0d214960b54598cd8bc849ebdca36d6225b20dec0d031169cebb36eadc3a: +9ad049100851d0f79b711225c98847795acfc3601c14b8a9778d6270cd4c05ede7cacf4f3714543c27a3e9ed833baf3bde4c09563bef59e763fab71fb5e4ff56:e7cacf4f3714543c27a3e9ed833baf3bde4c09563bef59e763fab71fb5e4ff56:c284bdd8f8275b49ac808c39045e50e1ed50c8a1afd011afe5db3dda620be8aec37f45605762e225d04111f21b49fcefca3f3d5f813b2020a52c49f95c4ad61ca214618ade7eed6cd8d314dc4c6355955277d457462f03b9fba2e225b1b537cd4b5237505c90d43205e1715c3963ccfbec379e6c1705e08034a31afce646727e78a20eed88aeb0dcdabc5c86e86979e63a5c26c3e2177973b6983cebfeda9f31479361b661763aa7261c0939cad48b71908ea90768bb6c9583d8eaeb9e0338515aca1242626dc6be04ecc4429e4cbb4ff336096192f7501ec471b596a99d4c027582cc69e204b6fbcddf59f5bf7462ddcd5989121fd10f11a0675b6c4e4f6520d27d7c61431ba7d174f57395a0bf72d38c1142736ded6b91e4811c0e8541a6c0d996c5a17dc97db388f721d2357d3c6af5c86b1d5e476ea0ac0b1c11d4387f769039bdf538a0216edd0045ee6dd89eef82a425a83faa1b12807038ca19ebec002e8b3c15344c61cfd1e5f0e3b0273deb37278cf197d8a83b13d992308a51373eb38114c9e45b438780277d1e32f3972962a3e14a8d08db9f09aec3dd32a5b99423e61f5e79944ab57a36f6ec07cc3204f9165ee021ada93e6fecb7ec456aa0288c378a75afd6e9dad6c6f88e959a2cf28bfe56d2e61b2adaecf0d86dd8928bceda26b0540246b7337f5cdcec11fb0c1a59d631fcca19408f9522b68a39f86ef970b883a0f0bd6b7b1415ec9aa043b52e19bac176d67b79e2a5dca8bfd29102ac608e473e9f982c3ec8932d8aa8cd565284491de52f516b9ebfb7dbe1299511ae732c2ad1ee4992b077faffc65f488f1ba215da6979600971196d0ff3a08ad9f00e829c1de1afca10ca476be664aad261889b0eb7aeb6ed8637618900acf481e2d224ec64a6e6cf4fa4df731b7a4feeff2580c99b6d75b4dcd0976965cb2b0b5635227842d08a7d907aaebc2fded8009811dcdd73354921753bc5dec017689335f56d0fb7ae213b41792b1f4eb14a24535977a305b19eb9838dc6b51528b98a39bda06010717a208c347aa158eecdfd9a0472d3b8d920f969e12b65919bda38b461949850cc9cc18d8e3baa8c886d93cd096a209d543ca3375fc4e7d65103cb6424beab44e8bc4a5b62c29a01bcf44dcc61e7675c025dec0724200194bde74d72c02e94a946a752f3608457fd91f292715771487d26cad4e5cf6ef7c6f71627a4daf8a4c9b891c1ee8f04aeaa99fe0c8b4e833b7609066b6132a968890e2695da22b2d857c8c0ad9187c96069e476e27e4632c447ee76714a31d1e5149ecb337ee132f3552da33ab2d6fa9d7e93f68a77cbf191cb06bc22f3470af6d7581e3accbeca0b6feb08a14b9a80c1ef59374ccdc0523c3684504c0104bba22c10:fec0af34cbc5cffc56e96dd5ed5968e52cbd4269844fc30e3ab0d3472b5d180c8d1b7690518f41f14438e7f3a83d5e8976cb9a26151fc4149a3298d7e42c0503c284bdd8f8275b49ac808c39045e50e1ed50c8a1afd011afe5db3dda620be8aec37f45605762e225d04111f21b49fcefca3f3d5f813b2020a52c49f95c4ad61ca214618ade7eed6cd8d314dc4c6355955277d457462f03b9fba2e225b1b537cd4b5237505c90d43205e1715c3963ccfbec379e6c1705e08034a31afce646727e78a20eed88aeb0dcdabc5c86e86979e63a5c26c3e2177973b6983cebfeda9f31479361b661763aa7261c0939cad48b71908ea90768bb6c9583d8eaeb9e0338515aca1242626dc6be04ecc4429e4cbb4ff336096192f7501ec471b596a99d4c027582cc69e204b6fbcddf59f5bf7462ddcd5989121fd10f11a0675b6c4e4f6520d27d7c61431ba7d174f57395a0bf72d38c1142736ded6b91e4811c0e8541a6c0d996c5a17dc97db388f721d2357d3c6af5c86b1d5e476ea0ac0b1c11d4387f769039bdf538a0216edd0045ee6dd89eef82a425a83faa1b12807038ca19ebec002e8b3c15344c61cfd1e5f0e3b0273deb37278cf197d8a83b13d992308a51373eb38114c9e45b438780277d1e32f3972962a3e14a8d08db9f09aec3dd32a5b99423e61f5e79944ab57a36f6ec07cc3204f9165ee021ada93e6fecb7ec456aa0288c378a75afd6e9dad6c6f88e959a2cf28bfe56d2e61b2adaecf0d86dd8928bceda26b0540246b7337f5cdcec11fb0c1a59d631fcca19408f9522b68a39f86ef970b883a0f0bd6b7b1415ec9aa043b52e19bac176d67b79e2a5dca8bfd29102ac608e473e9f982c3ec8932d8aa8cd565284491de52f516b9ebfb7dbe1299511ae732c2ad1ee4992b077faffc65f488f1ba215da6979600971196d0ff3a08ad9f00e829c1de1afca10ca476be664aad261889b0eb7aeb6ed8637618900acf481e2d224ec64a6e6cf4fa4df731b7a4feeff2580c99b6d75b4dcd0976965cb2b0b5635227842d08a7d907aaebc2fded8009811dcdd73354921753bc5dec017689335f56d0fb7ae213b41792b1f4eb14a24535977a305b19eb9838dc6b51528b98a39bda06010717a208c347aa158eecdfd9a0472d3b8d920f969e12b65919bda38b461949850cc9cc18d8e3baa8c886d93cd096a209d543ca3375fc4e7d65103cb6424beab44e8bc4a5b62c29a01bcf44dcc61e7675c025dec0724200194bde74d72c02e94a946a752f3608457fd91f292715771487d26cad4e5cf6ef7c6f71627a4daf8a4c9b891c1ee8f04aeaa99fe0c8b4e833b7609066b6132a968890e2695da22b2d857c8c0ad9187c96069e476e27e4632c447ee76714a31d1e5149ecb337ee132f3552da33ab2d6fa9d7e93f68a77cbf191cb06bc22f3470af6d7581e3accbeca0b6feb08a14b9a80c1ef59374ccdc0523c3684504c0104bba22c10: +de54e13f9e2cc754546c99b33b3d72f4d1f7715038a9659f33636577bb526adb36338db3326b005e5c61ff782be2eab166d4eb7234a98ea1cd855e1ad535e94c:36338db3326b005e5c61ff782be2eab166d4eb7234a98ea1cd855e1ad535e94c:dc4041ad61423a12a0411318a6e62a5ef64a19abe2d9852297be2d4a35eb8670ca36c521531b3038acdaeea2ea01a0b6187862a4e1a89d4b81c5318ed4d67131bc38f841a142a2f6f316dff076939dc0eb81b230fea9881f8f0ff7ed0b293f69b289fe770881fb3710808e8e59e64e190c1e379b9dd348b02c2347d7e20696790b62776a2e825bed6917037cb635c92fbc76b4c5851027e7f13852ee7e7c52573a9030b79f22b60d5869efe680c01664929fe9a06fa333052be1d6af3a0b482c332e18051e78b333839d6cb93d93ebfb277e4268fbeeeeba1e8f96a5c9e328c4267212cac251215bfaa78fd88a87417a80602dcd8828e80400da304e989862d13201082de3530925e0edc2c130a9a419071b31088da6f6ff4056301c129fc2135233628d16d8bf160f6ce86d83cd4e29ae0c73843d70b53056c5af3f3dc561271cb5aff393f0803ade072d9ceb745b6187b28d24696767d5c21f4d4ac58d5bb66c5cadfefb1626ef93f714c782b6ef3ccf4b44ee75f0bb757a25d9b46a9d931a03727d496a22810c634f5c1ae60cbdf2f1ea29b54607cff50d9f8e03a0a4513cf68dfb619773411b6180959a8aac30b2eee4ad327915f60ae52b90e04a9bcef8dc67e71ea10aca553db9895cd8008457d76f02ceb53500211109e89603f304d880aaf02861fe37c9534a9d672d83713cd326c9ab81c353764ca5ad5ac0e7f1ff880fb48acd9cbb949064e21183bc38fb1d90cfe619a8b8fbf5321889bb15c02a53e4d367fc668877b662281c4a2af678f86e691daa8afdcac1b820189fe5c2508ce36edd9c6f8f51575071839439a003352c1573e12768dd6debdf1ed4f94ac79df1ab6a0bc25079c0935477d9149988ec3b8793efcda859acc392ab3fa99493d7ae0a6575b695a1ce076532860287dd498967c46f7add49494c02e744c40280195782e2424476165e72cee23642e51cec432191116aec59b59fcf0a3683b95f760760a20bd67454d8de647c0f9ffc4f90f6e45ac93d802f338299ef280d3bb7a4a89db8c59a12526f2783024c8ade9002f00e3d529b78dcdd4903daf5767a2bed75145396efb69790712de6a5901e6d8c15280182388285021d0e70929215d9f2b799bb92f2ca56f48e8cbba2f19b085845126567cfafa603c2946ea1e7d274554a38bf7d86511f3e474f9fa5cb11105fb52fc68177f3385fe1397be584a70089dc741b4b0095bf7eb2993b418df87b14a1f97926e868df6e568beca2215f2dd7ce8a3c9ee849cb41346c684f7ffef0a792edf433ca99ef34c73f9272a7eb97587c8fce4a5136444737138d53eadf3a84f501bb10456e8e4a4047082c9e1435f576526c2164714d70b3d0a6e9c08a53e323840f4dcfe8f2d19f0be2c88e:37aca8f248394a9e04d06a7da84a7defa39de4da2bcb18d5f64cc34db08651af4abb19fa2a92a7dda56ec9930b81aebd23990511f684c6d15ba595f7d4a2740edc4041ad61423a12a0411318a6e62a5ef64a19abe2d9852297be2d4a35eb8670ca36c521531b3038acdaeea2ea01a0b6187862a4e1a89d4b81c5318ed4d67131bc38f841a142a2f6f316dff076939dc0eb81b230fea9881f8f0ff7ed0b293f69b289fe770881fb3710808e8e59e64e190c1e379b9dd348b02c2347d7e20696790b62776a2e825bed6917037cb635c92fbc76b4c5851027e7f13852ee7e7c52573a9030b79f22b60d5869efe680c01664929fe9a06fa333052be1d6af3a0b482c332e18051e78b333839d6cb93d93ebfb277e4268fbeeeeba1e8f96a5c9e328c4267212cac251215bfaa78fd88a87417a80602dcd8828e80400da304e989862d13201082de3530925e0edc2c130a9a419071b31088da6f6ff4056301c129fc2135233628d16d8bf160f6ce86d83cd4e29ae0c73843d70b53056c5af3f3dc561271cb5aff393f0803ade072d9ceb745b6187b28d24696767d5c21f4d4ac58d5bb66c5cadfefb1626ef93f714c782b6ef3ccf4b44ee75f0bb757a25d9b46a9d931a03727d496a22810c634f5c1ae60cbdf2f1ea29b54607cff50d9f8e03a0a4513cf68dfb619773411b6180959a8aac30b2eee4ad327915f60ae52b90e04a9bcef8dc67e71ea10aca553db9895cd8008457d76f02ceb53500211109e89603f304d880aaf02861fe37c9534a9d672d83713cd326c9ab81c353764ca5ad5ac0e7f1ff880fb48acd9cbb949064e21183bc38fb1d90cfe619a8b8fbf5321889bb15c02a53e4d367fc668877b662281c4a2af678f86e691daa8afdcac1b820189fe5c2508ce36edd9c6f8f51575071839439a003352c1573e12768dd6debdf1ed4f94ac79df1ab6a0bc25079c0935477d9149988ec3b8793efcda859acc392ab3fa99493d7ae0a6575b695a1ce076532860287dd498967c46f7add49494c02e744c40280195782e2424476165e72cee23642e51cec432191116aec59b59fcf0a3683b95f760760a20bd67454d8de647c0f9ffc4f90f6e45ac93d802f338299ef280d3bb7a4a89db8c59a12526f2783024c8ade9002f00e3d529b78dcdd4903daf5767a2bed75145396efb69790712de6a5901e6d8c15280182388285021d0e70929215d9f2b799bb92f2ca56f48e8cbba2f19b085845126567cfafa603c2946ea1e7d274554a38bf7d86511f3e474f9fa5cb11105fb52fc68177f3385fe1397be584a70089dc741b4b0095bf7eb2993b418df87b14a1f97926e868df6e568beca2215f2dd7ce8a3c9ee849cb41346c684f7ffef0a792edf433ca99ef34c73f9272a7eb97587c8fce4a5136444737138d53eadf3a84f501bb10456e8e4a4047082c9e1435f576526c2164714d70b3d0a6e9c08a53e323840f4dcfe8f2d19f0be2c88e: +8504fbcaaba67683f815499282b6ebd497a81a9156f53e025c2d3ecee0db6559e62da86493a0caf52921d5602fbdc3dd3a8436941f6be240b31509681238746d:e62da86493a0caf52921d5602fbdc3dd3a8436941f6be240b31509681238746d:6c63edbd40a03874ecaef81602cd6850c09f4915b7aaf418258c568364538e8392a8c379838b0c95345bf64c3dbc175853fb641f350f0b53a05a8ec290288c0326d435ff776f8683a273333f9bb2802184ecc53b06b28c2c402a54bf134c1a23299749a6ce2b51a7ba22232148797e993ff258286e947778a8742d3f36cc7842976043fc23da8a97ecb9715fc05fb0f23fa7321ddc1932861631604eba2ef25d8b756ce4733656bfd1e14708923ac7c60a79846136d741973ba5514189720bc0f7774b7bd3574595bde2515031b25b62654b161035778070ace14971df1fe0be4ea1ef55cf8747d3716c1ce707b1a7c8520e6deb334eb186338fc93000768eb2be40c6e0dc3f5df831b32c3a2c33e28898d6762a1522d3d48daee56a0269bddf6cfc9d73f8d178aeccbffef7ce164f98afea224a9b60ede46a95fadc9fc5d94d209c166d9b8de253381ea2248862946b9cf534947455c24458cf56683a0ec47a2c65075c694c7c3d6adf9ae5e8ad31ac769f83aa26e312c5b01a9a09404b15b814baa7666b3e03f06a8d6348ab8ccb9b60a4a4faf86f7135df039d955c07bd92e7b8e327ee6c1b40196a28b4446aa5a9b2b9773ab76e3ce21180f09d6c08d277c6771d67e22d84540fa43b38f634cfc46e5b8c33f15a568a77e4914aad9ab8c9f7fea47f7677c01880b3e85d2d0e3fbd6dc6e99e437ddc736f92b5a2ff2927e0b442142f0897d0b8a19ac203633df413feaf8ef50a5f767bedaf20f1c13f3b89d1e8b7bd18d591f9de116ee34f9824e4ead1ae9da2e8caaef88b29516aa942de77a7467b6fb26a666f30648c715a2ee9f946743b543a4428e0dfd06178e7e93ec6f26e003e058bec14a4aa2e3b8de11295a764cab30b313fcc5743b2fb89962ddc5cdc6aa0d2e4a306e77af76a05a598923f628a85df1cc73ad3bc01c4b979bd7cb296590a88b0a41b445d50a08423e4ed80f1763c716b6c457d845dfaa68d12b0d03c55fde8ae6b2b92bc6322943dbe54c706bc8e5fcee70654b26f3bfd877f5f5339ac182d5417bd4c0735d825bf70e85eab8216edda632ae7e22b3e53d078a8b20b5a7e2385337cf92b3c16b023563e11cb5043b704d37eb5ed9e85fcdc95cf7a6eade40803175a008ef653ac6136f16129abae1137c5823400748a81256254d317cfc939e26ea0cef9f6548db42890c48beb0479103ba089e514118038b1b90943d716f7a8d4cda5983a674b83a002d8ac9c65734a28b77b760c8e3803f8781ea9199f797ce729e06bfffe8c29b20bc85227c09cc05219ff2ba38e18051083732f83cbfccc310756450b261d5be183d9fb44ec18529f2cc9848c40119c607676bc4d9015fd4bd2fc918dc8031ec19a05ff362c184043be7fe066019ac5:c0ea074bf9addee2e3350a969e7c569e3aea1a4188ee5af34cb73f388298653d299b5dbd94163fba209e8f7dc2e2634d3a52a02810a88c6152945bc16bbdfb0c6c63edbd40a03874ecaef81602cd6850c09f4915b7aaf418258c568364538e8392a8c379838b0c95345bf64c3dbc175853fb641f350f0b53a05a8ec290288c0326d435ff776f8683a273333f9bb2802184ecc53b06b28c2c402a54bf134c1a23299749a6ce2b51a7ba22232148797e993ff258286e947778a8742d3f36cc7842976043fc23da8a97ecb9715fc05fb0f23fa7321ddc1932861631604eba2ef25d8b756ce4733656bfd1e14708923ac7c60a79846136d741973ba5514189720bc0f7774b7bd3574595bde2515031b25b62654b161035778070ace14971df1fe0be4ea1ef55cf8747d3716c1ce707b1a7c8520e6deb334eb186338fc93000768eb2be40c6e0dc3f5df831b32c3a2c33e28898d6762a1522d3d48daee56a0269bddf6cfc9d73f8d178aeccbffef7ce164f98afea224a9b60ede46a95fadc9fc5d94d209c166d9b8de253381ea2248862946b9cf534947455c24458cf56683a0ec47a2c65075c694c7c3d6adf9ae5e8ad31ac769f83aa26e312c5b01a9a09404b15b814baa7666b3e03f06a8d6348ab8ccb9b60a4a4faf86f7135df039d955c07bd92e7b8e327ee6c1b40196a28b4446aa5a9b2b9773ab76e3ce21180f09d6c08d277c6771d67e22d84540fa43b38f634cfc46e5b8c33f15a568a77e4914aad9ab8c9f7fea47f7677c01880b3e85d2d0e3fbd6dc6e99e437ddc736f92b5a2ff2927e0b442142f0897d0b8a19ac203633df413feaf8ef50a5f767bedaf20f1c13f3b89d1e8b7bd18d591f9de116ee34f9824e4ead1ae9da2e8caaef88b29516aa942de77a7467b6fb26a666f30648c715a2ee9f946743b543a4428e0dfd06178e7e93ec6f26e003e058bec14a4aa2e3b8de11295a764cab30b313fcc5743b2fb89962ddc5cdc6aa0d2e4a306e77af76a05a598923f628a85df1cc73ad3bc01c4b979bd7cb296590a88b0a41b445d50a08423e4ed80f1763c716b6c457d845dfaa68d12b0d03c55fde8ae6b2b92bc6322943dbe54c706bc8e5fcee70654b26f3bfd877f5f5339ac182d5417bd4c0735d825bf70e85eab8216edda632ae7e22b3e53d078a8b20b5a7e2385337cf92b3c16b023563e11cb5043b704d37eb5ed9e85fcdc95cf7a6eade40803175a008ef653ac6136f16129abae1137c5823400748a81256254d317cfc939e26ea0cef9f6548db42890c48beb0479103ba089e514118038b1b90943d716f7a8d4cda5983a674b83a002d8ac9c65734a28b77b760c8e3803f8781ea9199f797ce729e06bfffe8c29b20bc85227c09cc05219ff2ba38e18051083732f83cbfccc310756450b261d5be183d9fb44ec18529f2cc9848c40119c607676bc4d9015fd4bd2fc918dc8031ec19a05ff362c184043be7fe066019ac5: +eac0f06c2c14f37d434bc99897225dd2e3f1ed74aa7442c550339df77d0b7b3243e62055db6e1349c94d89029187882020cbcf9d75e03eb656fa0a15b19002d7:43e62055db6e1349c94d89029187882020cbcf9d75e03eb656fa0a15b19002d7:27b7fd0e71adf194cf5407b6771793060de0fca7ca0ae64835c43187408a704f533d5ea0c83a654387ba7db16ed58ec837226df57c1fe6382c5919e92213f6f18cbb5735d178a476af35d390b7cd2556217c530f3a1f8ab2339c1a5e8d969387efd39414b56bb784dfd5eb89b859e1f403a238eca2a941e6db56ac456b73450698d1455ec1e9b39a1e907d6bc7e6cff424a28eed579af16310115b67f5fcf7f8346b3fa0260c6da2e27755aca570babb3d303cc832460c963bfdd5c1ffb2fc19921929dda2a717fbcbeb2b8525761bd660ce4a0f7685285d7fad6115ab09f8e63f5f773914494e20be1b512d1114cce3f0f68c7d94f54857694f22af4c698d782ce837b0c1722bb7313bb2c41f6d3dd1a02877fb4296d8662a9e8625984dc1fd1a9510eba9d643ac58a886a045cd0e53c056a833f968b35d01320e9cc0b435d3f6bfad26f9eb5754d38ddf6d5c4bf615a7644a23f9826bcc976092d82d81d547000de0081b7a40a93fbddac13f7d99708ccdeeb9405cd634ca0748cad2c1d8f164f5d77a4f364ae488bedcf1f20eb954bc8a278af81432417856a900f8f152921afbe17914229a513bd71ab7e661cde129af93e25094c56118ed1f22db644428b474651fe36be82fa3695c41fc8699667e053743b0a41155c31f1e2679c6e8cb9c9d1f5f4b40a320a9fd9f47da9b94211ba601b22a115210d9f559c4496f01732458f49ac34eb386636c8b6c68c7bbc0078ab6f398a624b8bafb1c622958562d231dffd4db096196bb87479e42ea22acbdcde8deb10e311632f02fca14787fd3140569b9428991543ec6e834e10b149f23c74bb99ac7b3799a2096d22e387a712b6f9011ea34c5be4c468581ac62ce662063252e066a9a3b15c9570d065dc1619929f06bc75a3179468bc8a16e3ddc4fe185ceba0a92a546b8675fc1ade56307150c7e4c844f6aa5f1edbfb54ac632ca2b259c32a33ee2867856c3390a6740364cb0dfb976e53d0cc6c42a106a1c26918c8a6a033b2aa3c7f2e4392e79f8eca5b336bac5061d7698a3bfe7c2c292892554030de6ce7c0d06eefc54906f81e0097fcff27d14b9b7994a7970e1a5f5c6b6405dca22033dff0eae138ad899f6ee68120b8f22744b0269a9a8989b6f7e08affae77bca2168ade24058ae68a7f800e02e7c38391baf565dd40b55fa3ab3c247b9ceb4d967471775e663d6a1c6c7e17350bbd6b9a3eb1e484ac2e7a7a5c84f5083e5ace8730de89c47e8dcf8341e40ba345dbd66bae0f7f076a705b1bb7f470e3edfb2b78e4d6359413d18d33280b454a0dbb881d8606726fa9bea272475e79fea6a54cb4c0619541b4e77c170c8616874b954beb8d105b86bd1917e25cfba9267187ee2038b3f0078f4c318b587cf44:45f2803afeb0fc44d3aa965b12659bf502e47295706184b2a1c6f16d050613f596a2001394e00e2a44c46cf6505d5cf5b8ab8412f07eda951a15005e338f3c0e27b7fd0e71adf194cf5407b6771793060de0fca7ca0ae64835c43187408a704f533d5ea0c83a654387ba7db16ed58ec837226df57c1fe6382c5919e92213f6f18cbb5735d178a476af35d390b7cd2556217c530f3a1f8ab2339c1a5e8d969387efd39414b56bb784dfd5eb89b859e1f403a238eca2a941e6db56ac456b73450698d1455ec1e9b39a1e907d6bc7e6cff424a28eed579af16310115b67f5fcf7f8346b3fa0260c6da2e27755aca570babb3d303cc832460c963bfdd5c1ffb2fc19921929dda2a717fbcbeb2b8525761bd660ce4a0f7685285d7fad6115ab09f8e63f5f773914494e20be1b512d1114cce3f0f68c7d94f54857694f22af4c698d782ce837b0c1722bb7313bb2c41f6d3dd1a02877fb4296d8662a9e8625984dc1fd1a9510eba9d643ac58a886a045cd0e53c056a833f968b35d01320e9cc0b435d3f6bfad26f9eb5754d38ddf6d5c4bf615a7644a23f9826bcc976092d82d81d547000de0081b7a40a93fbddac13f7d99708ccdeeb9405cd634ca0748cad2c1d8f164f5d77a4f364ae488bedcf1f20eb954bc8a278af81432417856a900f8f152921afbe17914229a513bd71ab7e661cde129af93e25094c56118ed1f22db644428b474651fe36be82fa3695c41fc8699667e053743b0a41155c31f1e2679c6e8cb9c9d1f5f4b40a320a9fd9f47da9b94211ba601b22a115210d9f559c4496f01732458f49ac34eb386636c8b6c68c7bbc0078ab6f398a624b8bafb1c622958562d231dffd4db096196bb87479e42ea22acbdcde8deb10e311632f02fca14787fd3140569b9428991543ec6e834e10b149f23c74bb99ac7b3799a2096d22e387a712b6f9011ea34c5be4c468581ac62ce662063252e066a9a3b15c9570d065dc1619929f06bc75a3179468bc8a16e3ddc4fe185ceba0a92a546b8675fc1ade56307150c7e4c844f6aa5f1edbfb54ac632ca2b259c32a33ee2867856c3390a6740364cb0dfb976e53d0cc6c42a106a1c26918c8a6a033b2aa3c7f2e4392e79f8eca5b336bac5061d7698a3bfe7c2c292892554030de6ce7c0d06eefc54906f81e0097fcff27d14b9b7994a7970e1a5f5c6b6405dca22033dff0eae138ad899f6ee68120b8f22744b0269a9a8989b6f7e08affae77bca2168ade24058ae68a7f800e02e7c38391baf565dd40b55fa3ab3c247b9ceb4d967471775e663d6a1c6c7e17350bbd6b9a3eb1e484ac2e7a7a5c84f5083e5ace8730de89c47e8dcf8341e40ba345dbd66bae0f7f076a705b1bb7f470e3edfb2b78e4d6359413d18d33280b454a0dbb881d8606726fa9bea272475e79fea6a54cb4c0619541b4e77c170c8616874b954beb8d105b86bd1917e25cfba9267187ee2038b3f0078f4c318b587cf44: +e608d5de9797907db6d98e0345d5caf2ad33e0eddebf18b81d61e8373ecfb49960e0c16ada586e3646912a5f2bb318fbc3d50b57d36fabb637696f9d8d4dc761:60e0c16ada586e3646912a5f2bb318fbc3d50b57d36fabb637696f9d8d4dc761:e610fa7d8385c09c78989ed5ef7a230547f013cb7e8ddf31749ffc31cee10ab3efaca3f14ea194510f0985a818ef8b040e10c3a5114de1ac080f14c3d65d3c244f9242f75492cabae800fcfc9bc275ea1f27728c920c258fe7aa73948060299cb87835792edcc072150b73cefeb0d51562e53b46810e27a4d7f6abd32e959f7d731dde01d94bc41ed835efcd42c922437037a87dd366ffad2eecab6abaeb4fcf07392b3ab40cfaefeaa4266bc537671693c9093dabe8a0538cafd12c639a04bd2ba80ce0f29adbfc66bd4637ca0543a53b0e371d0e2e470d31ba360642a45ab4cfe3e790f587f6c5a5583fd15b18997838a200921c1c399c0b16278b7dd6d3aaab6f325b16afdf761a1bbf867de2bdd48615f15b526770ed20d79f0f30714beeeda58f52a3cc0c5a618315e522b9ebe7cd99b65ed532a62e0f0df72764d6ec6d6d1ba40ef40e05426360795d6dd85bb39f7321d3fb06275de096aae4a2fa2293f31b33f4ad4d7c251ac13e8e15c2bfb1f98f4962c54b6ce033b08aa626f2905d463f55b71cbdadecdb3e0b365dae07b170301983aeb83b1e9f2f28cf65419fd6b0a1a9c26cb54b5949f4bc01a98681844b43034c372a453d38f0473d0ddc709d9f49c8753a75b856c7e9775517df574a09a3953bde5daedf8e4a8da9d773a215120e269fa1861133cd4ceaeb91d5cca2606325458e50cb966d14055b22447eb65dc10118da0831df28c3b4ee8b11f0732f1521bb9482b11f5a86b22f18e83dd1d967d3944285e5d63a5a989817ab2418bc7ed891a373846747a12b527c2f44ee0197b946c67e67fa4aa1c29f3379d46fe07d3aab83da17f9d76bedd38436a055e34ca1d3af5a8754d38c17b9ba4e6419cbab515f431a2595954e428c2670fae3bed62b4596179cb59e21108708d071bcf9c621c6dff03d3cdc9202029454013b9d133847f26544811c0169770fdc6fe5638bfd7a720d8b38f7e30a7e6879060b5f28c8ab17b00200713207e8637bff4844d842d9ca788391340198a3fe0172dfa74de1e55adefbc2e9bc7e885476d1b9c055813408a47528434355bf03fdd4e27d8b3461b0fb66ab3e15a879a184457e9ed9ea6c51b663b31edc8c4a3cd454f69d9ce518d1b87888ee3d9dd5416e43e114ac05721352dffc2ca88597377bbc414009b0c2fd369be5ba35a6dce3478b6c11b33c0a33918b6ee5ac4cd4c2f1ca6bd190a000a838da38f53077560335596d1358937793963810a79a21b8d46140e768898dcda88a0faf8ddd0d633847aaea0e030be6455b41e3ede1e2873730eb8481acaa7a519cf9195847a86afa57f9071d44f4af4ca0d343c90c0d22d946146585f00ef3aef57f0f9e55e818c0128ae255dbc3116cf0fe02166d54859decbfdccc:0d8f095e42a2730a3c7bedf42d5c83398b5c0ee9c77c5a61d982291396a9182a0802a37f324bc4fb5d4aa4ed60444b66144bacbc865105d7690f140650691d03e610fa7d8385c09c78989ed5ef7a230547f013cb7e8ddf31749ffc31cee10ab3efaca3f14ea194510f0985a818ef8b040e10c3a5114de1ac080f14c3d65d3c244f9242f75492cabae800fcfc9bc275ea1f27728c920c258fe7aa73948060299cb87835792edcc072150b73cefeb0d51562e53b46810e27a4d7f6abd32e959f7d731dde01d94bc41ed835efcd42c922437037a87dd366ffad2eecab6abaeb4fcf07392b3ab40cfaefeaa4266bc537671693c9093dabe8a0538cafd12c639a04bd2ba80ce0f29adbfc66bd4637ca0543a53b0e371d0e2e470d31ba360642a45ab4cfe3e790f587f6c5a5583fd15b18997838a200921c1c399c0b16278b7dd6d3aaab6f325b16afdf761a1bbf867de2bdd48615f15b526770ed20d79f0f30714beeeda58f52a3cc0c5a618315e522b9ebe7cd99b65ed532a62e0f0df72764d6ec6d6d1ba40ef40e05426360795d6dd85bb39f7321d3fb06275de096aae4a2fa2293f31b33f4ad4d7c251ac13e8e15c2bfb1f98f4962c54b6ce033b08aa626f2905d463f55b71cbdadecdb3e0b365dae07b170301983aeb83b1e9f2f28cf65419fd6b0a1a9c26cb54b5949f4bc01a98681844b43034c372a453d38f0473d0ddc709d9f49c8753a75b856c7e9775517df574a09a3953bde5daedf8e4a8da9d773a215120e269fa1861133cd4ceaeb91d5cca2606325458e50cb966d14055b22447eb65dc10118da0831df28c3b4ee8b11f0732f1521bb9482b11f5a86b22f18e83dd1d967d3944285e5d63a5a989817ab2418bc7ed891a373846747a12b527c2f44ee0197b946c67e67fa4aa1c29f3379d46fe07d3aab83da17f9d76bedd38436a055e34ca1d3af5a8754d38c17b9ba4e6419cbab515f431a2595954e428c2670fae3bed62b4596179cb59e21108708d071bcf9c621c6dff03d3cdc9202029454013b9d133847f26544811c0169770fdc6fe5638bfd7a720d8b38f7e30a7e6879060b5f28c8ab17b00200713207e8637bff4844d842d9ca788391340198a3fe0172dfa74de1e55adefbc2e9bc7e885476d1b9c055813408a47528434355bf03fdd4e27d8b3461b0fb66ab3e15a879a184457e9ed9ea6c51b663b31edc8c4a3cd454f69d9ce518d1b87888ee3d9dd5416e43e114ac05721352dffc2ca88597377bbc414009b0c2fd369be5ba35a6dce3478b6c11b33c0a33918b6ee5ac4cd4c2f1ca6bd190a000a838da38f53077560335596d1358937793963810a79a21b8d46140e768898dcda88a0faf8ddd0d633847aaea0e030be6455b41e3ede1e2873730eb8481acaa7a519cf9195847a86afa57f9071d44f4af4ca0d343c90c0d22d946146585f00ef3aef57f0f9e55e818c0128ae255dbc3116cf0fe02166d54859decbfdccc: +0e86872c78620f10cb6dfc463d2c2872c4da660748c9cda01ab1456958afba7fde4989989269cabd8f4f409cf1a4d974038b275502273557f312d5553fab93c3:de4989989269cabd8f4f409cf1a4d974038b275502273557f312d5553fab93c3:a900f3e9c643a5649b076fb69c3b2ac084d52ccbafcdca5a9db1daa70500de9933d23d153f74954e1bd5f57b899fe8a4b134c195412b49833b6e5095a6554eaa6d844b11f1584c85055b87f41c999669046c71aeb5c0453fd6a3c437f815f068987c3868cc07aa2af65819046c307bafb7530de84f7130aea78ef005d5fff52f8deaf1d5e9c326d3217fc55b94f628aa104f6a24a395e62d1b62bd9c0d82436319c5d73e5765435f3ba856a4734fd60ae617f7f0c3ba5722a73366c88a6dfeca85c444639f441f2c55fdc464ecb299eee36d8eae063bb94bb2439da04fa5ebc5092338a5035e480f0834aeee8d711f28c46dc960de1be9df307c18c5c178b26296dc567f15bf60863a36710867e92fd51048865674c2af0c53b2e7a248ae5bd09a49aa030618495f82480c420ae106889bec006278b92272075709fec95487cfb10061e6722b93eebfc0bc587bf7ba5f6692b074f55a98d5c302760b1bf1d09f7e8668479ca6f01eeda2fdaf584ac2058fbf7cf3100d06b8091bfeab51c0c0b1d4ee3a8257f69b1617604fce953bb5f7f271c6a1880ea1b3f66267e2439f34580628917877c66ec0fed76e44e8bb2b91a8806df4baca6cc92889b8805070c9a617f807157530751cc17c47b09eeba94d22b4e547c370ce7a496fcaa3412affffb8c9b4de89b9f121aaec5f544b0c725ec5ee9d4b3476adc9d050edb0fdbaf02ca9e38af15f515015a267292ec9aa5444ed1decd9cd9e1ead6487a0ccef995b1c600a036935838660acab276d8b0e5b07d9f36353214bf80f941ac88cf40a08af917926234112eccdaa162dc99de3e25baff65bb01e49898986332bdc2d705d5aea40f9bc4fbb2806894496038da236e9dc29600c9cedeac3b616cc56d89ec2fa67389666c6c4fe233b639105023e101b874a6330fe573f80ace55d037cc612e6dfd5a6e686f9a83054fc46e15bb6da453d810cf138a178bf039d1e181614ff40cbe6bb3b473663752ea8025ff7f739ee4b67110f968089b2473cd044d48b009d0677f791f54e2df6afdc3acb9e99dd6958a450c0e1b6dd5e97a2cc46298b4f48ac6adaf013d75b2c42072d2ee13f733687ee83c3f70c4fdd9720fd1798c662fef3ba012bedd445c4729f2130484fe77ac1b4c4ddeb81faf60f76e3bd7d21a9a6c57a69a9cd9cc203fc63b59ee84b8915b3c18a5954e227c86ebbb7d4c4c1a08d0c5e467c68a06970751ef584bdd611e1dd1b48900ab354b99cec6e1df3bd4146ea0755350dc11c3a3f600d470a74f475e4feedaf0865276fa8a97713471d0ca9955c713588339dee79656e567e6ab1dbf9830703817ae620929a0684a5caf20fef81a8ee897be7e505ade6496b9aef0272bd8f350860233b338c2e36d3138db69538:2037e97741c3e6409c66fc6782aab389c5d778097ac778999e8576e49ef4f6a0c7730bd9e093dd3c0ae7ec76203380da657147d33a8d9dd65ed00cf76224d601a900f3e9c643a5649b076fb69c3b2ac084d52ccbafcdca5a9db1daa70500de9933d23d153f74954e1bd5f57b899fe8a4b134c195412b49833b6e5095a6554eaa6d844b11f1584c85055b87f41c999669046c71aeb5c0453fd6a3c437f815f068987c3868cc07aa2af65819046c307bafb7530de84f7130aea78ef005d5fff52f8deaf1d5e9c326d3217fc55b94f628aa104f6a24a395e62d1b62bd9c0d82436319c5d73e5765435f3ba856a4734fd60ae617f7f0c3ba5722a73366c88a6dfeca85c444639f441f2c55fdc464ecb299eee36d8eae063bb94bb2439da04fa5ebc5092338a5035e480f0834aeee8d711f28c46dc960de1be9df307c18c5c178b26296dc567f15bf60863a36710867e92fd51048865674c2af0c53b2e7a248ae5bd09a49aa030618495f82480c420ae106889bec006278b92272075709fec95487cfb10061e6722b93eebfc0bc587bf7ba5f6692b074f55a98d5c302760b1bf1d09f7e8668479ca6f01eeda2fdaf584ac2058fbf7cf3100d06b8091bfeab51c0c0b1d4ee3a8257f69b1617604fce953bb5f7f271c6a1880ea1b3f66267e2439f34580628917877c66ec0fed76e44e8bb2b91a8806df4baca6cc92889b8805070c9a617f807157530751cc17c47b09eeba94d22b4e547c370ce7a496fcaa3412affffb8c9b4de89b9f121aaec5f544b0c725ec5ee9d4b3476adc9d050edb0fdbaf02ca9e38af15f515015a267292ec9aa5444ed1decd9cd9e1ead6487a0ccef995b1c600a036935838660acab276d8b0e5b07d9f36353214bf80f941ac88cf40a08af917926234112eccdaa162dc99de3e25baff65bb01e49898986332bdc2d705d5aea40f9bc4fbb2806894496038da236e9dc29600c9cedeac3b616cc56d89ec2fa67389666c6c4fe233b639105023e101b874a6330fe573f80ace55d037cc612e6dfd5a6e686f9a83054fc46e15bb6da453d810cf138a178bf039d1e181614ff40cbe6bb3b473663752ea8025ff7f739ee4b67110f968089b2473cd044d48b009d0677f791f54e2df6afdc3acb9e99dd6958a450c0e1b6dd5e97a2cc46298b4f48ac6adaf013d75b2c42072d2ee13f733687ee83c3f70c4fdd9720fd1798c662fef3ba012bedd445c4729f2130484fe77ac1b4c4ddeb81faf60f76e3bd7d21a9a6c57a69a9cd9cc203fc63b59ee84b8915b3c18a5954e227c86ebbb7d4c4c1a08d0c5e467c68a06970751ef584bdd611e1dd1b48900ab354b99cec6e1df3bd4146ea0755350dc11c3a3f600d470a74f475e4feedaf0865276fa8a97713471d0ca9955c713588339dee79656e567e6ab1dbf9830703817ae620929a0684a5caf20fef81a8ee897be7e505ade6496b9aef0272bd8f350860233b338c2e36d3138db69538: +520354d85a87d7c22ca6f784714410ec98bf6a65f803ef9379bdc804359b2349d8511ceac2fd661acbffb01ba2741cad889934de6392961bdec6fa46123b7f0f:d8511ceac2fd661acbffb01ba2741cad889934de6392961bdec6fa46123b7f0f:a1d4ad486ebb7c1a0acb8f117013e8e4746789c6244a56c9edfbf1ef37ac1309aaf51c9375fc12cacd6897a4479545f2bf390ab7c0c0e5c592f5506e9938378a11b636bf857029b968547aa506c4a0829a15fd3995fead4f860fd7c623c63e8695436eae55816414778347092f5f4d422bb1b5e5a06966241efec14f1e4fca06639114718c30ebcadd4c6d8abe7fe93b25d17173533954188b1ab03fcb7792cb635ce36e9bdbdde7a561c5f66920d910cb269c8c1c3f593265090072c48932e692a9c738c704897489a715c2b394d5a86f7036a4cac5dcb5b85cfa162156e0bc6bfe02fb4c38608cfb23c92b8b6a3cb46e487d60e0dc97aa2e33e3dada925e4e6612cc5af125e5aca45817a2fd6c3ff10b18938b44bd4dd20d7fccf7f26b40a66f48aaffc9a541e6d37138fc55469868e2d10365eff37fac360fab3dc55437ac2d8fea7474405fb3630f7963d2d45958f909d14830286ff152aa752f510ce980bd5754e3fa32c69924dd95d5c152a737a8fadcfd0a4560e0b114f8e8aaa618d438b9877111da1740ef817c441939ecec799ba16b1b171ca9b649b7d78fa052d1497a507688bede4900abc53a9648da5917035ceffe0da21c25c09b06d6185bdda2d778f7ede6153e3eaff495c9796d4d166d2d2ea418e4a4aa6e678faf0696e752a09e02eaade763070e088e9964919ff4aa4c82f8629a3d5c797c2a64594d206835da0bfa43ccd9ddfcdb6aac4d486e03c84122375939a5270bc1519e0707e51c3f46f1e5c566b33a245fa0c202838472363de9f0edde2e791d82293095f750bff545e6c34739dcc54db0a36ae2e2aa39b07cb4f6a9646240d2d31488f67815b29545d220be929e3339f8281a937e05a8c5c3887e06048ea7b18a48f8d91b1e3af5cab5ceda0ebd71bf54edec203d37165e4c9f9f80461cd29fcd99ddea439693941b5d53ff94379cf642571dd559a11f8f383d943f2255cf715800af776b1045bf19a9c9bb095155dfb646b65f4a280f2a97ef927ddabe24a2f971a8170dd42a089276825cb9148c015aae1e9dadf22c10e7548c59bf6b868b20e86c83a9e7343aec2754ee6225f9fdceaf8e51c40e955bda49c35ded38fa8bcc1e6c8fc9c2412e9104c5c2368b1f9923e010fa2ede911d42b139f4007e3426922ffb6158eca97b47cfc997853512bb9d4ca2f017c2c263dc199f3bf1eb4f1508ef828b0e00db21002736a7f22ec91298194583139ad75f58e21b518daa49a4076c6375faa60891a69e52a656699d8034a7ab7fcbe42175491441fe61b1783e837857522215a5fac5590bed2e9d206606096d3be8ee92873bfc30cab15ce9f9910d01a117f89926cc3afa8d104f799ff38098de28b8ff0f038725c2903b24c1429cea4925249d8781:754e60d3f6f4ab4f5d0ddbb001532009166388487f780b76f60bd0bc9fefabfaab6be2ae7869573a64796ef2846e85e5cdae52db1044fefa796bacf48b968b0da1d4ad486ebb7c1a0acb8f117013e8e4746789c6244a56c9edfbf1ef37ac1309aaf51c9375fc12cacd6897a4479545f2bf390ab7c0c0e5c592f5506e9938378a11b636bf857029b968547aa506c4a0829a15fd3995fead4f860fd7c623c63e8695436eae55816414778347092f5f4d422bb1b5e5a06966241efec14f1e4fca06639114718c30ebcadd4c6d8abe7fe93b25d17173533954188b1ab03fcb7792cb635ce36e9bdbdde7a561c5f66920d910cb269c8c1c3f593265090072c48932e692a9c738c704897489a715c2b394d5a86f7036a4cac5dcb5b85cfa162156e0bc6bfe02fb4c38608cfb23c92b8b6a3cb46e487d60e0dc97aa2e33e3dada925e4e6612cc5af125e5aca45817a2fd6c3ff10b18938b44bd4dd20d7fccf7f26b40a66f48aaffc9a541e6d37138fc55469868e2d10365eff37fac360fab3dc55437ac2d8fea7474405fb3630f7963d2d45958f909d14830286ff152aa752f510ce980bd5754e3fa32c69924dd95d5c152a737a8fadcfd0a4560e0b114f8e8aaa618d438b9877111da1740ef817c441939ecec799ba16b1b171ca9b649b7d78fa052d1497a507688bede4900abc53a9648da5917035ceffe0da21c25c09b06d6185bdda2d778f7ede6153e3eaff495c9796d4d166d2d2ea418e4a4aa6e678faf0696e752a09e02eaade763070e088e9964919ff4aa4c82f8629a3d5c797c2a64594d206835da0bfa43ccd9ddfcdb6aac4d486e03c84122375939a5270bc1519e0707e51c3f46f1e5c566b33a245fa0c202838472363de9f0edde2e791d82293095f750bff545e6c34739dcc54db0a36ae2e2aa39b07cb4f6a9646240d2d31488f67815b29545d220be929e3339f8281a937e05a8c5c3887e06048ea7b18a48f8d91b1e3af5cab5ceda0ebd71bf54edec203d37165e4c9f9f80461cd29fcd99ddea439693941b5d53ff94379cf642571dd559a11f8f383d943f2255cf715800af776b1045bf19a9c9bb095155dfb646b65f4a280f2a97ef927ddabe24a2f971a8170dd42a089276825cb9148c015aae1e9dadf22c10e7548c59bf6b868b20e86c83a9e7343aec2754ee6225f9fdceaf8e51c40e955bda49c35ded38fa8bcc1e6c8fc9c2412e9104c5c2368b1f9923e010fa2ede911d42b139f4007e3426922ffb6158eca97b47cfc997853512bb9d4ca2f017c2c263dc199f3bf1eb4f1508ef828b0e00db21002736a7f22ec91298194583139ad75f58e21b518daa49a4076c6375faa60891a69e52a656699d8034a7ab7fcbe42175491441fe61b1783e837857522215a5fac5590bed2e9d206606096d3be8ee92873bfc30cab15ce9f9910d01a117f89926cc3afa8d104f799ff38098de28b8ff0f038725c2903b24c1429cea4925249d8781: +061bcf1aa6fd989897b322e591ccef5454ef4a5adb1a4800f32611cff2b5bc7873c80b734bfc9417d576890c20166da5c7fabd613f75474f7649732e00295be2:73c80b734bfc9417d576890c20166da5c7fabd613f75474f7649732e00295be2:d63bb9208c1f4c7d43326cf35fa5d83933151804ab891d49b0bdaf429e4c39a321428e0d90aa00318b97e08c7024c912cf388879f3cf974bb253a1e7a4c8eec193bf4c14af6fb9794df0d497850edb04d574c97ed76c702139968401b40eb54394ef4cfaa7e5d3cd943af12192538ddee593c2a24a267afa1371fd77feee2071f4369fbef87976e7ebd81d1e5b31d6e09e02d830357d36bff8596703e4146d0827bec9c0f87b26f31195c96c93b6d8c46767ec1bc6de39f0008a41ff875da050a3f865ab92cbf29c38a280f3bf69f68e92b5f430cdee3501981d0b3d189096e0aeacd64c33102421348812158bb61e51ae936592b2f8f1b910949ef3723258a9b44e4e1bdadf1ae2cfc18e37d2ed0dd1734404b8baa5f393cd56069ecebf7edd7c06cf6c8aa3e8e12fbf946d7b32d8453b6fbb6535526c8fb8fc1d5815560bb31b995df2adbd836add929a56fdd93a1747d93a40c05e129eb6f8583c2921cc9dbdda4225e176db386a02ec40af1032c9b62e95147025f4ac8dd58433b64ac073150c69b9c4154dcbb00344f308113cd9199ccfb5075801c705b8fc43b7c8bc167365e46293d06c4f4835c64ee5d5383f6890ca35a80af917748162df2518ab1468f153629899406cde66ce07fa7d2993dabe0c60089c91892488f3bcaaec408a0cd08c9aa98e0937e02c41ad52d241a99833e3b83f7d3f1b078c31d45c34fa0175abbd0f322b8fd2dc83491da292ad00762e3e577b9eee0aae08729070ac25e33bc94525bc0d2ab59704efec5c0148421a47928d34b1e45ce721ee6447fb082ac400b3e6846d204f7f9db6f0a32b2a69738b3ee9ddbb0dbd7e0f041d7ea53a5d647fb50b39ae24d78c8b07cfc4e052711f0d4639e721d5c36f31b588866712b757108a40cc7abbb9913083303aae05a0f1af0ec6878441a25cf8729aba42a3a94ce9b73888a0f5c9e40c9fc45410f0681fa7f90898562ccb4bbc55f0ab1fe9c70ea66026dda8d7090f7b38edb5aec1557b1166987cd41a7059cdee609b74d8fe06b7059b7724bff53007f7e110462f06ad14d07ee1b4d69ac823bcf576d2fa9e2e8ed7f3198040d471296063137c981adbf364cb20f0a1ad2054472f7cee2527f99809615d2e4b734b06f35deecbd62619663dde81d6e23528b0c97132af0a23bad63d9c08142a26e2743f8618ecfe723b19ffdd0b19abd9a3f4fe210b1e71acdfe38abebe23f7fdef66381cbc75f307e5577235b02e4cd9cfaa15030868ed1453da58f783b7352b04656844c042441efe6a3b4f8fec8f7de80744540c4fc7a107f4e1bfcbd99da25b9746095ddf0125d56da7e7f8603f04d359a088b4c044f936ccb7d8f89ed53cc991a3497ca952094ff3c33046f2609d07b29b633981369cb2f0eecd:5adaa94330a0353712a34dbe973b7518f9a2c713f8aad100251b086ae8de26f6d2b6ccf0528cc5dedca318df19cc7e45deae281e1324b96e32fef45aaf60b10cd63bb9208c1f4c7d43326cf35fa5d83933151804ab891d49b0bdaf429e4c39a321428e0d90aa00318b97e08c7024c912cf388879f3cf974bb253a1e7a4c8eec193bf4c14af6fb9794df0d497850edb04d574c97ed76c702139968401b40eb54394ef4cfaa7e5d3cd943af12192538ddee593c2a24a267afa1371fd77feee2071f4369fbef87976e7ebd81d1e5b31d6e09e02d830357d36bff8596703e4146d0827bec9c0f87b26f31195c96c93b6d8c46767ec1bc6de39f0008a41ff875da050a3f865ab92cbf29c38a280f3bf69f68e92b5f430cdee3501981d0b3d189096e0aeacd64c33102421348812158bb61e51ae936592b2f8f1b910949ef3723258a9b44e4e1bdadf1ae2cfc18e37d2ed0dd1734404b8baa5f393cd56069ecebf7edd7c06cf6c8aa3e8e12fbf946d7b32d8453b6fbb6535526c8fb8fc1d5815560bb31b995df2adbd836add929a56fdd93a1747d93a40c05e129eb6f8583c2921cc9dbdda4225e176db386a02ec40af1032c9b62e95147025f4ac8dd58433b64ac073150c69b9c4154dcbb00344f308113cd9199ccfb5075801c705b8fc43b7c8bc167365e46293d06c4f4835c64ee5d5383f6890ca35a80af917748162df2518ab1468f153629899406cde66ce07fa7d2993dabe0c60089c91892488f3bcaaec408a0cd08c9aa98e0937e02c41ad52d241a99833e3b83f7d3f1b078c31d45c34fa0175abbd0f322b8fd2dc83491da292ad00762e3e577b9eee0aae08729070ac25e33bc94525bc0d2ab59704efec5c0148421a47928d34b1e45ce721ee6447fb082ac400b3e6846d204f7f9db6f0a32b2a69738b3ee9ddbb0dbd7e0f041d7ea53a5d647fb50b39ae24d78c8b07cfc4e052711f0d4639e721d5c36f31b588866712b757108a40cc7abbb9913083303aae05a0f1af0ec6878441a25cf8729aba42a3a94ce9b73888a0f5c9e40c9fc45410f0681fa7f90898562ccb4bbc55f0ab1fe9c70ea66026dda8d7090f7b38edb5aec1557b1166987cd41a7059cdee609b74d8fe06b7059b7724bff53007f7e110462f06ad14d07ee1b4d69ac823bcf576d2fa9e2e8ed7f3198040d471296063137c981adbf364cb20f0a1ad2054472f7cee2527f99809615d2e4b734b06f35deecbd62619663dde81d6e23528b0c97132af0a23bad63d9c08142a26e2743f8618ecfe723b19ffdd0b19abd9a3f4fe210b1e71acdfe38abebe23f7fdef66381cbc75f307e5577235b02e4cd9cfaa15030868ed1453da58f783b7352b04656844c042441efe6a3b4f8fec8f7de80744540c4fc7a107f4e1bfcbd99da25b9746095ddf0125d56da7e7f8603f04d359a088b4c044f936ccb7d8f89ed53cc991a3497ca952094ff3c33046f2609d07b29b633981369cb2f0eecd: +2e19cd442f22a4a99dffc55e7bf625f89d1344b563f6785313a7eee973b4aa36ee3da76a8fcf403a2958d4551da0a72b2e738522b2e6b20fba6aa26b32307357:ee3da76a8fcf403a2958d4551da0a72b2e738522b2e6b20fba6aa26b32307357:1bfc5c6aa6a5354fbb861469796348ac6319124da3f10d20d50bbdc7159d41b5abb136c7996a773797122b525e8e2dca1954f6391707301d90f2101b46c7b086efa15877cadcd05812db34b996cb4f531abcd1e98db08a5cf1368e8f4b1109142e9562bd0085ffae5e660f59c930793ebdb6e80b0a2f4f3f59bf9d395c48d26e0a72a60f9d1ff87fd2d7a3f5383aa902adededebc6cd1befd038336162749d91a957ca2e3dd47091c5593113da87c3d66a02c80a6eddb535c48ca1f34a97fd1c95ebc2e570fc8fafe6e5d6546d1f3a9ba8daac334cf47bf117e1280d0ebdf14b0fcdbb43b8d248cc6b61320fdb0449ed5f5de8bab121af0d8554956e6a12016b42677b44367892c3b20afcc2cb9cfb5b100a95b51e8b07da9f51415f4cd7781a313765e20db27f2343e0f719ecea9af026956f3387e9ea7ed0a293759b4a262202807b41309fb80f50185db6a5f8bdca178841bec06addc7610df76017b514bc4142f26a36bf5bacecb012fa41710dd849bef7a7e451432836fe9b3265fd5b59ee40b04dad85cf48f891465a842cd4500a1024eefdf0f554f0ca17ec9f7b715256a9b9dbe27966386d8ac37d3c515896de0f7cdf7cf5b320ff7a8ef6b34ba820aba9066dd253c5b7763777f94b2d6ad8c710221e1137535dff8a1b7565ec81bd8ddeb502e3d58ff8f1fe6e86b8dc15a3aaec688bbbecd4688281db0f818de0f7261ba9cc58c8bc0d02e06632efe7287ad7a84331a824d9287344efaaa74f1fc576d0269430f856a8565265b9d6ef71fe134d2510ab06b60bf3c153b57ecfd2e6342403fe678b5886b6b734b7d3690662b6c8c6f6e250e5af6a8183166ddcd0a17f0cddc8636ef1a68498be50b6599539d46b4cea97130e08f94ca53e884644eda75d23cd2c038a5f17b591e21369378cd3fb5762d1a7c3e66a11ae6e91cbae616ad055e39dc41e154f4fced7b2696d9dc67380bb8eef474e9aa83cec47fafafb941d626564b2075bcc0856da8d6e1b0b8f18baf7513bbd14e491ed517968c4f7241af25098ee8df130b7a34d59736d7836d323fe3f43f508cdcb755895f59a00c804ed164cc33992f3aee962ae9e990b74272eb987b12d90b27314d57400e737d1343e970985c4271060876abcd7049e7c9fe244ff3ef98560995b7482d31bc7c09d9969f7cd41f4e4e252750dc16ccdb29b985314a0b6e749c95f9bd2838d5ac49ee031fd079bec3028dd9dd07db6fa622ad621b3b1e127e8fca37bd146e3cf703e911701b7a16c2d30369c94648ecc03df10d7dd5c0558fa9593425d948727d6860c3a14f811245106616d2a5fa981c6b7f47ec9def65412d132acc6919da4e88597aa9190ca614b218066a0f7b16997ee747c5a09785e50d0a891d95937863d613ceff7:28326b5b978e0dbdab5dde703785a667a7ef439d81ea47e066b089d116c25a34bb633f260d55f45bdf6bcda74803d7624b1927cec18eb1992260beefc399d90e1bfc5c6aa6a5354fbb861469796348ac6319124da3f10d20d50bbdc7159d41b5abb136c7996a773797122b525e8e2dca1954f6391707301d90f2101b46c7b086efa15877cadcd05812db34b996cb4f531abcd1e98db08a5cf1368e8f4b1109142e9562bd0085ffae5e660f59c930793ebdb6e80b0a2f4f3f59bf9d395c48d26e0a72a60f9d1ff87fd2d7a3f5383aa902adededebc6cd1befd038336162749d91a957ca2e3dd47091c5593113da87c3d66a02c80a6eddb535c48ca1f34a97fd1c95ebc2e570fc8fafe6e5d6546d1f3a9ba8daac334cf47bf117e1280d0ebdf14b0fcdbb43b8d248cc6b61320fdb0449ed5f5de8bab121af0d8554956e6a12016b42677b44367892c3b20afcc2cb9cfb5b100a95b51e8b07da9f51415f4cd7781a313765e20db27f2343e0f719ecea9af026956f3387e9ea7ed0a293759b4a262202807b41309fb80f50185db6a5f8bdca178841bec06addc7610df76017b514bc4142f26a36bf5bacecb012fa41710dd849bef7a7e451432836fe9b3265fd5b59ee40b04dad85cf48f891465a842cd4500a1024eefdf0f554f0ca17ec9f7b715256a9b9dbe27966386d8ac37d3c515896de0f7cdf7cf5b320ff7a8ef6b34ba820aba9066dd253c5b7763777f94b2d6ad8c710221e1137535dff8a1b7565ec81bd8ddeb502e3d58ff8f1fe6e86b8dc15a3aaec688bbbecd4688281db0f818de0f7261ba9cc58c8bc0d02e06632efe7287ad7a84331a824d9287344efaaa74f1fc576d0269430f856a8565265b9d6ef71fe134d2510ab06b60bf3c153b57ecfd2e6342403fe678b5886b6b734b7d3690662b6c8c6f6e250e5af6a8183166ddcd0a17f0cddc8636ef1a68498be50b6599539d46b4cea97130e08f94ca53e884644eda75d23cd2c038a5f17b591e21369378cd3fb5762d1a7c3e66a11ae6e91cbae616ad055e39dc41e154f4fced7b2696d9dc67380bb8eef474e9aa83cec47fafafb941d626564b2075bcc0856da8d6e1b0b8f18baf7513bbd14e491ed517968c4f7241af25098ee8df130b7a34d59736d7836d323fe3f43f508cdcb755895f59a00c804ed164cc33992f3aee962ae9e990b74272eb987b12d90b27314d57400e737d1343e970985c4271060876abcd7049e7c9fe244ff3ef98560995b7482d31bc7c09d9969f7cd41f4e4e252750dc16ccdb29b985314a0b6e749c95f9bd2838d5ac49ee031fd079bec3028dd9dd07db6fa622ad621b3b1e127e8fca37bd146e3cf703e911701b7a16c2d30369c94648ecc03df10d7dd5c0558fa9593425d948727d6860c3a14f811245106616d2a5fa981c6b7f47ec9def65412d132acc6919da4e88597aa9190ca614b218066a0f7b16997ee747c5a09785e50d0a891d95937863d613ceff7: +82109099d1eafeed5a85206046491b34d06dcde33f080960287b10fb23ff9f78081cfdf2d758654c41c447e1e6273810f8a738a733afc42294a2b1bbb769efce:081cfdf2d758654c41c447e1e6273810f8a738a733afc42294a2b1bbb769efce:84f47dd794977a6c1505ac8c05680c5615a2d5b057e39b04f85e3f9ff04960e0e016685a86eebcecf6fbce5fddcdac1a474c8a0d502c40e10f948646fdac6c81f1ffbb177a2a4963b67825903cde65b5dbe0d8941d546cffa2bf8a8ca8d6c6408530a6290f5d0882f1a1672dbf978e10c5c8af5e0a6239f0655ee7fd9e66963077a0e847137397d1f06999dc6f8a945c6003ea4ea7fd58378acb44ed5780eaa367796beea37ddc236999d012d6a716d7915649cc28e58875647e9f5ac0553c0f544df56469c67081d5e30395f3e960e6a52f0833192c548cd57c926b82db48c361bde70333a370083eaaa068dc2ae452d21ef1331aed190bd3e1289a104cf667834377cf7b5a29774807c3f1ea9e7b28831d0f6c4294785867b137b65028c14f932a1ba8e6f9f59624fe0c396843ea19e46fba09142cf9d42497312f360244032f1e00f38dd0de29f963b5ccc1ef12b2cc6204b994af1f3baf196d9e21e8fa4f097320c64404d0b7d5ab38560ca0655364b0b09cd6dc0f0e05b8c9110364f1424a9672b7efdf7e1f378e234550566dbe13b01578b04153e9c37b553e32a4441bc97e2953bec2e41455510f9802ef948dcbf13faddd722ede573627b258d55e83c0895b22919e4be5ce8d819ce6ad843b2dd09df64004c826c1dde7ce6480a271a858a1db169e1494d4469032bcc1ccd89653198b7c073f76a26a2999b5648cbadc1574c78ead8eece83b91e129c437f9eeec04c807459002e66dcca9bfc2caed9e6c0ba23d2355def75665749430ee92c532a695479fec929174f440ecb61a5ae8b2b7e958920558268978f7fb4da1b38b12014f5d61b0fdd7f6136ba4281b41a3a3cd188052b698765b6f05e41e78373ea830469787a37510993d12f93e96c72d72f4461984f691a41c7d3397ddd5a1b39237d1308864d415fc6c22b63f376cedde37f5252b51ec72e5155f3bdb4fcd5412498bd2e0c1f9850b3a85d1dfd25167a3cd771e8e4c9d868c95a7175e3775f6cef17e4e36497ce9e45532bd7f44b2776e40f91a07ca4fa1b95dbe81cf8f49e46b6c82a6ee4347918a7643b0d9a38857212c693eadacfd37a5f1d91558f5454dcdd05935f290e62d7e65006cd549f6553ce741df44d39644001eb479ca69568ad1f23bba099a41a47294db938731c530af1ceb9217d29bc2705613c1a1fe9c208d0b01ba6f4d9b4c7ba8f021df91ea2d578ce083123e83ba4b9c50407f6666fbe61158b0d1b9577772e3eaff8fb429d0f6d2e384126130f21b449fb1dc170db45af505bd3182678a9b5f9fdff65f0413b672c4786340fcf2522ea7f3d8ade8a059529649dbda9ce51ff05a2a2a3d66d2166bf2c9c6772ba0ef4105e68c055e0213d42c1ee123b3c1217843e6ec575d754df3c90a75:b3987f324bc7e776c0f287fa13ad28741695e2e7bce8d143e29fad5d00994758e225fb802100d23fd6ccafee8e0a95bc479be8c23a11319745765b7cd47e700684f47dd794977a6c1505ac8c05680c5615a2d5b057e39b04f85e3f9ff04960e0e016685a86eebcecf6fbce5fddcdac1a474c8a0d502c40e10f948646fdac6c81f1ffbb177a2a4963b67825903cde65b5dbe0d8941d546cffa2bf8a8ca8d6c6408530a6290f5d0882f1a1672dbf978e10c5c8af5e0a6239f0655ee7fd9e66963077a0e847137397d1f06999dc6f8a945c6003ea4ea7fd58378acb44ed5780eaa367796beea37ddc236999d012d6a716d7915649cc28e58875647e9f5ac0553c0f544df56469c67081d5e30395f3e960e6a52f0833192c548cd57c926b82db48c361bde70333a370083eaaa068dc2ae452d21ef1331aed190bd3e1289a104cf667834377cf7b5a29774807c3f1ea9e7b28831d0f6c4294785867b137b65028c14f932a1ba8e6f9f59624fe0c396843ea19e46fba09142cf9d42497312f360244032f1e00f38dd0de29f963b5ccc1ef12b2cc6204b994af1f3baf196d9e21e8fa4f097320c64404d0b7d5ab38560ca0655364b0b09cd6dc0f0e05b8c9110364f1424a9672b7efdf7e1f378e234550566dbe13b01578b04153e9c37b553e32a4441bc97e2953bec2e41455510f9802ef948dcbf13faddd722ede573627b258d55e83c0895b22919e4be5ce8d819ce6ad843b2dd09df64004c826c1dde7ce6480a271a858a1db169e1494d4469032bcc1ccd89653198b7c073f76a26a2999b5648cbadc1574c78ead8eece83b91e129c437f9eeec04c807459002e66dcca9bfc2caed9e6c0ba23d2355def75665749430ee92c532a695479fec929174f440ecb61a5ae8b2b7e958920558268978f7fb4da1b38b12014f5d61b0fdd7f6136ba4281b41a3a3cd188052b698765b6f05e41e78373ea830469787a37510993d12f93e96c72d72f4461984f691a41c7d3397ddd5a1b39237d1308864d415fc6c22b63f376cedde37f5252b51ec72e5155f3bdb4fcd5412498bd2e0c1f9850b3a85d1dfd25167a3cd771e8e4c9d868c95a7175e3775f6cef17e4e36497ce9e45532bd7f44b2776e40f91a07ca4fa1b95dbe81cf8f49e46b6c82a6ee4347918a7643b0d9a38857212c693eadacfd37a5f1d91558f5454dcdd05935f290e62d7e65006cd549f6553ce741df44d39644001eb479ca69568ad1f23bba099a41a47294db938731c530af1ceb9217d29bc2705613c1a1fe9c208d0b01ba6f4d9b4c7ba8f021df91ea2d578ce083123e83ba4b9c50407f6666fbe61158b0d1b9577772e3eaff8fb429d0f6d2e384126130f21b449fb1dc170db45af505bd3182678a9b5f9fdff65f0413b672c4786340fcf2522ea7f3d8ade8a059529649dbda9ce51ff05a2a2a3d66d2166bf2c9c6772ba0ef4105e68c055e0213d42c1ee123b3c1217843e6ec575d754df3c90a75: +65fcbd626d002111334baad4e6a8006e47a1f91397bee6dd6cd7da5a0e0248a420409a146b42c96beab0b42ea7f2c25193119d0df44dc2bf14d11a32fd733615:20409a146b42c96beab0b42ea7f2c25193119d0df44dc2bf14d11a32fd733615:e4c0947fc8ca78fa8863f4d044499d036e2e7ef8c17e838f2fac02675b7b5381e5f9abceafd0d8886a929d9d9b49fcb73861b29d1518ac5f83f7f8fc26bd1cebc22d873a9a08231406fb032e4866e5f55c7c0441c519041bb2cc73f9226dd5d07eceb660d6c967db23365574bee8fc10222928767713571a71c93a85278d42299a70599ca99326cc86f6d98daac000fdfa710562f481faa020c72a76e2067d154c235a7a4f29708cc544533bd799ed6363eb3b56aa4a6d0e379bbf07600595c23ab1f3f9f1708e0070261bbbf4bfeaf6d6ced4d7ff722c9cc52d9133ea68d495dc9489c3edf6830231351f65cb5272f5396e2c4a1a5c88661a101892249e23d6ce9fdb6a9abf74272c2f59c3d8fd8743cce461126ca0a8b832b4b218336b1ae14da677ba7f1b2cc5ca3c7158f727a9e1b8fdd9edf5c2187fcb83db862ad0c6b39216de3116919556465100ade0a42bd6ba10d95418b69a3e005e9f104589ea5948b2b51bc7b1a9a0749da8f013781bc05c805bb51e187761ac24c76414f668eb45fb0a5024dfe5a5ca06f0403a02e3b2fef7a2c4bcfb1d075d310d5197e659cd14023faec20e045cabcb86b221a1d4827113ff3267a64debe9939004cabac85e5c7461e7e82a975acfae0b6c516a1c605374cfea7d819044efd6d74654424fd5c90ff2574fcd8e007740d975861d0df5259fe43e43639e36e52895439ba2c27c1e889c93094104fe914921bd6f25d3985ab1f22ca557b0e49afc7375243c521c6d5fafe0381ccea828e88e647fd90976b3fbec19fe9adb113c6404bd352bfc000446d21005b5f950ae07e51c768ca3ff6177b2eac50f10dd2e64610fa8ab5788faeee29d129009d7fe46aa3da6b9d86c73065eb5161fbdbdfac5777c4e75452e6e16ae9fd66bb7d9aaa426bcb7a6915f0ff44a1f8ec71394e9352fdf20e02fafe1e0cefe50744c3194956f928f82533755373838dcc1296a891adf641c7382d69b4f5a43d4af7772a4a1ee879292d7a4f32ac35ee121c6c34ca5f98487a941fcb1e65b44d4456127eedb2fcc1c3f48eff9300981e52ac38b496ab8bbce144a85eb9c07638b31fdaa781744bce17e8d93dcdc60afeda488807617f88d6aa54422fd347ddaddeff37a563dbf19974b2a23be300fbfa6c7fc41f84c6905415269f195990b5b4de12668c71c87b504f41124bf94436f333045631518152c5162a2475c40efb6cbdaaf9af428fed325b3a7d94c17520fd89e00ddf08b22adf661f0acd723b3969dc6434ea6f92ef58e8dfae5b0cc2885ba987ea1d16c39b34ef65023009d6345e48e3691a41f02a77b7fe133ea9de7565f157a2078ae988bbb266d22d5fa91a7b263e98ad2dc0731fe5a29025a0cb436864a5a60db257f1e76b5c608f25cdecc87eae6:bc78e16ba674e0a7dba57a19094f9733c55d74b9d15f8a44d1bbc0a023f70155de2977111a417eefa8cb30ec12abc8384228167c70982a8206b1ffb72174af01e4c0947fc8ca78fa8863f4d044499d036e2e7ef8c17e838f2fac02675b7b5381e5f9abceafd0d8886a929d9d9b49fcb73861b29d1518ac5f83f7f8fc26bd1cebc22d873a9a08231406fb032e4866e5f55c7c0441c519041bb2cc73f9226dd5d07eceb660d6c967db23365574bee8fc10222928767713571a71c93a85278d42299a70599ca99326cc86f6d98daac000fdfa710562f481faa020c72a76e2067d154c235a7a4f29708cc544533bd799ed6363eb3b56aa4a6d0e379bbf07600595c23ab1f3f9f1708e0070261bbbf4bfeaf6d6ced4d7ff722c9cc52d9133ea68d495dc9489c3edf6830231351f65cb5272f5396e2c4a1a5c88661a101892249e23d6ce9fdb6a9abf74272c2f59c3d8fd8743cce461126ca0a8b832b4b218336b1ae14da677ba7f1b2cc5ca3c7158f727a9e1b8fdd9edf5c2187fcb83db862ad0c6b39216de3116919556465100ade0a42bd6ba10d95418b69a3e005e9f104589ea5948b2b51bc7b1a9a0749da8f013781bc05c805bb51e187761ac24c76414f668eb45fb0a5024dfe5a5ca06f0403a02e3b2fef7a2c4bcfb1d075d310d5197e659cd14023faec20e045cabcb86b221a1d4827113ff3267a64debe9939004cabac85e5c7461e7e82a975acfae0b6c516a1c605374cfea7d819044efd6d74654424fd5c90ff2574fcd8e007740d975861d0df5259fe43e43639e36e52895439ba2c27c1e889c93094104fe914921bd6f25d3985ab1f22ca557b0e49afc7375243c521c6d5fafe0381ccea828e88e647fd90976b3fbec19fe9adb113c6404bd352bfc000446d21005b5f950ae07e51c768ca3ff6177b2eac50f10dd2e64610fa8ab5788faeee29d129009d7fe46aa3da6b9d86c73065eb5161fbdbdfac5777c4e75452e6e16ae9fd66bb7d9aaa426bcb7a6915f0ff44a1f8ec71394e9352fdf20e02fafe1e0cefe50744c3194956f928f82533755373838dcc1296a891adf641c7382d69b4f5a43d4af7772a4a1ee879292d7a4f32ac35ee121c6c34ca5f98487a941fcb1e65b44d4456127eedb2fcc1c3f48eff9300981e52ac38b496ab8bbce144a85eb9c07638b31fdaa781744bce17e8d93dcdc60afeda488807617f88d6aa54422fd347ddaddeff37a563dbf19974b2a23be300fbfa6c7fc41f84c6905415269f195990b5b4de12668c71c87b504f41124bf94436f333045631518152c5162a2475c40efb6cbdaaf9af428fed325b3a7d94c17520fd89e00ddf08b22adf661f0acd723b3969dc6434ea6f92ef58e8dfae5b0cc2885ba987ea1d16c39b34ef65023009d6345e48e3691a41f02a77b7fe133ea9de7565f157a2078ae988bbb266d22d5fa91a7b263e98ad2dc0731fe5a29025a0cb436864a5a60db257f1e76b5c608f25cdecc87eae6: +b500768a2823915c4a6848d35f6487d43bd766d2ce0945f8a3ccdb8d82a3892bb8cea215a0124eed27005725d897781ea064dcefb21422c8bd2402c56a10571c:b8cea215a0124eed27005725d897781ea064dcefb21422c8bd2402c56a10571c:0a9fda8b8cfca7a5b05d78116fcee19ab803c1c6010ce11daa8e93a66d12c12e474eb91c2640d97a813d9a830d268868eb2e3770425f10c75840468e669dc7f61d3be2de88ae0e542bc809679113957a14da4eaff549bfde637d7cafdc6aa83994837397f86e4fde86d402fa9aef7f65549a214373e560e6d7a1c2769e0c7d5a0171e7cc00dff36e0429798b53aa621624bda74d6df0bffffbd8fd7bef1a64f36c000782f6ed031af5c2a74a18963598c9ba062392de9602036794b7b5e68c25c93fe7cfad47a7c5b979d476cd513a12bf0307cb1631740042a9fbf3eb0be5170620dafd5f16ed89342c2625d783e74ee0d784bf051943740c88b0bef7bc85e1a6a4a517d492fb737e776699590c93224cd4d9245d4e9371a367c0712f87490f9247c49add9313f277a4d9f26b75aae4ded6a3def85f83fc995910405548af670ed8aaa30524ab829ccb56a5005b58bce868c9e8074f07dd7f3818f299e4e086bed9eab902cf11b398d531b8632e7d523a8f877695f46ccf9ce24e62cab2c7cd0aaee17db52676a4b5058e9c1d7c47bffcb641b0ea2b0944f39a75665a7ef29b7f02a878db823883bdacfb0fbe5dfe5a9bed9fdac7e4142e3eb50d5e840bd0ac0becf4fa97e1fc4827c397a52465d916889954b3701b0fac61159b23092f4685f4788bad35d00da2679ecc54921f1a8647101657ab49477420567aed67c8605930444b5d07927c17eff1f8570cf2af29e719f85ca7849b895549f13dfeca68bbef71e3ce8b6cedd2ff68d32b02caf5951a0b3e6b0bae6a96c02058191f305e090711c46daddcd5aeee769c3a105e9a827bbd195d329231c26238479a9bb0071afb160ef955e874d7a420c56785f44ae0a18c52d8280c5998cf3888feaf89898134bc8d411fc9f6c5768ea7a249729413739e532b643937152cdfb8d2ff87fd48084dd8aeebeaf0f7b10d87b6e4423228c9fc8dc5e3852aa8b8acc545d18f25c55d73da1bb82e3eb376f9ef05b274d7ecb1845d65ca0cd2629f038a2d664d7a69781c84e98de2c209c46efc51162172856649469e673308dcc145eaf783f5cb5b4be7d9fd58ee0974c981a38fea8e31267abfa410e69e46482f5134f3da1ffe381bd69d8d0b78ea909b4af9396dcaff89960a049eda6946616fc27ccf9a9e5ba1a0135764f37719da4d28078185d04d72419c2c70f290d97e1f82b879f71b9e19d504d364cd3ba22cf905250fd37d58e5fe40209f6072a06d8b5ba70196230577877ec46153167a7c7aea270fa1098aba9e3a74acb36a11b09bd07a3b88ea654e268365625b589b2206c710d960f42ea419b7e4e3da4759fcbca50e4bf4cc55cf88f70b3180c805a7045086afa04c6be23223ecae5f82c146d54311d1807c2e4a53f9e0a4482b4e1e:e3db47a11e10e788925d14b1e28b54c9fcf9b6acc1df8c14f683a5672fd504dd4a475a3393b3ef8bceac2361dbba3530af25c246c3ec4c05899b517f6cd34f0a0a9fda8b8cfca7a5b05d78116fcee19ab803c1c6010ce11daa8e93a66d12c12e474eb91c2640d97a813d9a830d268868eb2e3770425f10c75840468e669dc7f61d3be2de88ae0e542bc809679113957a14da4eaff549bfde637d7cafdc6aa83994837397f86e4fde86d402fa9aef7f65549a214373e560e6d7a1c2769e0c7d5a0171e7cc00dff36e0429798b53aa621624bda74d6df0bffffbd8fd7bef1a64f36c000782f6ed031af5c2a74a18963598c9ba062392de9602036794b7b5e68c25c93fe7cfad47a7c5b979d476cd513a12bf0307cb1631740042a9fbf3eb0be5170620dafd5f16ed89342c2625d783e74ee0d784bf051943740c88b0bef7bc85e1a6a4a517d492fb737e776699590c93224cd4d9245d4e9371a367c0712f87490f9247c49add9313f277a4d9f26b75aae4ded6a3def85f83fc995910405548af670ed8aaa30524ab829ccb56a5005b58bce868c9e8074f07dd7f3818f299e4e086bed9eab902cf11b398d531b8632e7d523a8f877695f46ccf9ce24e62cab2c7cd0aaee17db52676a4b5058e9c1d7c47bffcb641b0ea2b0944f39a75665a7ef29b7f02a878db823883bdacfb0fbe5dfe5a9bed9fdac7e4142e3eb50d5e840bd0ac0becf4fa97e1fc4827c397a52465d916889954b3701b0fac61159b23092f4685f4788bad35d00da2679ecc54921f1a8647101657ab49477420567aed67c8605930444b5d07927c17eff1f8570cf2af29e719f85ca7849b895549f13dfeca68bbef71e3ce8b6cedd2ff68d32b02caf5951a0b3e6b0bae6a96c02058191f305e090711c46daddcd5aeee769c3a105e9a827bbd195d329231c26238479a9bb0071afb160ef955e874d7a420c56785f44ae0a18c52d8280c5998cf3888feaf89898134bc8d411fc9f6c5768ea7a249729413739e532b643937152cdfb8d2ff87fd48084dd8aeebeaf0f7b10d87b6e4423228c9fc8dc5e3852aa8b8acc545d18f25c55d73da1bb82e3eb376f9ef05b274d7ecb1845d65ca0cd2629f038a2d664d7a69781c84e98de2c209c46efc51162172856649469e673308dcc145eaf783f5cb5b4be7d9fd58ee0974c981a38fea8e31267abfa410e69e46482f5134f3da1ffe381bd69d8d0b78ea909b4af9396dcaff89960a049eda6946616fc27ccf9a9e5ba1a0135764f37719da4d28078185d04d72419c2c70f290d97e1f82b879f71b9e19d504d364cd3ba22cf905250fd37d58e5fe40209f6072a06d8b5ba70196230577877ec46153167a7c7aea270fa1098aba9e3a74acb36a11b09bd07a3b88ea654e268365625b589b2206c710d960f42ea419b7e4e3da4759fcbca50e4bf4cc55cf88f70b3180c805a7045086afa04c6be23223ecae5f82c146d54311d1807c2e4a53f9e0a4482b4e1e: +9eb5c9ef13535f808109f4a43cfad5684f80daf02eed5410ac0b0a09a6082d69367eea1ecb4e5eecdf7e471b90bb34f9b7982c8cd66d42555c240b41cd8739db:367eea1ecb4e5eecdf7e471b90bb34f9b7982c8cd66d42555c240b41cd8739db:2d7cb05e61dbae26258e3861c639ef0e1d17fc711a00f335ba3c027137e00708d708c1ff457ff2c65112f7dcd7d02f24d56f072158ea1c71832550a58366fd9197296bbe61aa4d00de18a453ef9174fa81968305c41c3455f42d447a9234f06e13bf8bcaa1babb11695fafdc08f7a584b2ea1f61e9389260ce7335a07de72c8911a58a313f1088dcdf5c8d4c456cba2dcb4f2d156b4943b95bd493ea4fe1a82d4e3ea02aa02972400b5ee17842832d59979fc179f843c44b03eb3c302416d0cdaf11c4ca8a66ccbb6997395edf6fca2ea004cf3486971004a42042af8ece005b94461d86dcde212a2eb1be3b914c783e48ac1ad46cacd73e1eb448368322d2678efcb2abff52093db0f259dce5c1e19a512820f235d6aeaf0e1a723c2c650cff1ee3b6b4f4cc989c0b7d6de3cd7e6daa39bb690710df00a7194c17201f0e81be64b6739e1c1e8176b7e12a353427c067c19314db642e5c76266b640eb1cc0c73f84fc0227e5a96060d814071cde2fed944767b7466f9001dfc223685429bc4e5e48f5c13a63a4e0d826133ad920d11772145ad6e13c93897398a8a401f93dbd103005c7dae44387f3e80b793607d05d2d8bc0d0351a3a452b8ce759c1ad48df7b9ba9e4a17df61fdabb9b577b5cec3e9461fbb5e128155a3c9c89f8f6bebb7322a16678e8ecb98953d958310db1b063448c349f36e168fac484cb3c0d4cb2c251bd92ef8e9262b44093d7e650a7d3bed3791fa88100fee6ef0d5e23d1e9a8099cc0335202a4f106c24777e98f81d26efba15c9ad1541e0adbf1d1d76076b0dfd7b7d6c8b82f9c093468cd196672dc5478e91ce701cdd7b68b353c97111f0429760635762f8683ae970564bceba9120517642e8b3a2baaa85c25b54a943766184904c72d929634ec5f0c28473415f12538906c678fca4e682db4879758492537e7850b9bfef3eb9053b43920d810e55be966aec68c9dd3b62ccf57e8178cb5ef6d16d172a56dd924f00f2d3b5e93aaa92b29fb8336d73e29e59d1c47ea6230cda1d5b03bba5dfdb331feb19443f123d2a03ff4f10eca166c2998588f1e584ed194dd6f73c8aca846631904d9fe4a98b367823e46edba2885129879e9277e150f029b8fa7bd11eab9ce1336777c80b56b3a1f0811adbca0f5b4025a5503c8196661aee90006e9c85bbfa4c5a0e902885c8ce51212ee67f0fe0b6afbc8bad453727543b3c68b890ddaba269d25fc1643f54835136a1a25ba18d916cedd6a47fc07adf6fc69fa508949dc10d9dc5e0261b52f3657170384eccd9c80541354b1ce0f6fb5ed3e8d54af0b5bf0a92835125c7d9bc4f092ff380e5e896fbf302552b14d5b61a224d86e301c7a66a66e4e4329aac0a66b156772374dc1c7168d5b561652f8f4387e4f289b6366a:429ce1fe846d250849eca7d456f8c59f8675b1f4c13f2be41688dfb8ca2a3b24ae29d5b6bf471157bcb6e2ec9d4a26b038e6ec28584cc23f2a03556dbb37e9002d7cb05e61dbae26258e3861c639ef0e1d17fc711a00f335ba3c027137e00708d708c1ff457ff2c65112f7dcd7d02f24d56f072158ea1c71832550a58366fd9197296bbe61aa4d00de18a453ef9174fa81968305c41c3455f42d447a9234f06e13bf8bcaa1babb11695fafdc08f7a584b2ea1f61e9389260ce7335a07de72c8911a58a313f1088dcdf5c8d4c456cba2dcb4f2d156b4943b95bd493ea4fe1a82d4e3ea02aa02972400b5ee17842832d59979fc179f843c44b03eb3c302416d0cdaf11c4ca8a66ccbb6997395edf6fca2ea004cf3486971004a42042af8ece005b94461d86dcde212a2eb1be3b914c783e48ac1ad46cacd73e1eb448368322d2678efcb2abff52093db0f259dce5c1e19a512820f235d6aeaf0e1a723c2c650cff1ee3b6b4f4cc989c0b7d6de3cd7e6daa39bb690710df00a7194c17201f0e81be64b6739e1c1e8176b7e12a353427c067c19314db642e5c76266b640eb1cc0c73f84fc0227e5a96060d814071cde2fed944767b7466f9001dfc223685429bc4e5e48f5c13a63a4e0d826133ad920d11772145ad6e13c93897398a8a401f93dbd103005c7dae44387f3e80b793607d05d2d8bc0d0351a3a452b8ce759c1ad48df7b9ba9e4a17df61fdabb9b577b5cec3e9461fbb5e128155a3c9c89f8f6bebb7322a16678e8ecb98953d958310db1b063448c349f36e168fac484cb3c0d4cb2c251bd92ef8e9262b44093d7e650a7d3bed3791fa88100fee6ef0d5e23d1e9a8099cc0335202a4f106c24777e98f81d26efba15c9ad1541e0adbf1d1d76076b0dfd7b7d6c8b82f9c093468cd196672dc5478e91ce701cdd7b68b353c97111f0429760635762f8683ae970564bceba9120517642e8b3a2baaa85c25b54a943766184904c72d929634ec5f0c28473415f12538906c678fca4e682db4879758492537e7850b9bfef3eb9053b43920d810e55be966aec68c9dd3b62ccf57e8178cb5ef6d16d172a56dd924f00f2d3b5e93aaa92b29fb8336d73e29e59d1c47ea6230cda1d5b03bba5dfdb331feb19443f123d2a03ff4f10eca166c2998588f1e584ed194dd6f73c8aca846631904d9fe4a98b367823e46edba2885129879e9277e150f029b8fa7bd11eab9ce1336777c80b56b3a1f0811adbca0f5b4025a5503c8196661aee90006e9c85bbfa4c5a0e902885c8ce51212ee67f0fe0b6afbc8bad453727543b3c68b890ddaba269d25fc1643f54835136a1a25ba18d916cedd6a47fc07adf6fc69fa508949dc10d9dc5e0261b52f3657170384eccd9c80541354b1ce0f6fb5ed3e8d54af0b5bf0a92835125c7d9bc4f092ff380e5e896fbf302552b14d5b61a224d86e301c7a66a66e4e4329aac0a66b156772374dc1c7168d5b561652f8f4387e4f289b6366a: +ef0948e13281f3cf352cbfaf8d89d117768552d5a1548ecbaf37412e97670fac58c2457f5a5e3cfbf47119a87f2aff1918f1e67ae6fa9171d3f41eee07a86872:58c2457f5a5e3cfbf47119a87f2aff1918f1e67ae6fa9171d3f41eee07a86872:7ec47f2f1fe3b70a6d1d82c7cd924b4bf9b2029fc12c52a6e1cc06cf5abfc0a442e7cf145c1542b9b135049665711035e3c29a91d4fdaed6127057a812c22cd75ad1879be1d2c6110e79e987524e4e8f27f16eda90cbd4733f111825b516d1067f81eca5e6948576d5bfedb3277c1abc1e60f374d0701b32ccfd6a5e9c8d1659aaf3d0818613613b7e288d845e9aaaba2e3e9b411d501dffe856fd313e9fcc9e7430b9983f20ab4ebf4eb616bd63e2c57743658995ed0a149ae620a395613719b3ed7ced4588d5915d70a2f0c687680ec34fe3e9f72392e189e13a4749d5ca9fac651b92c084c4066fdf98a869223e4e0c9bec5812b5c1900e6e60d3a188d48a74dfd415b5cad2e91ff76df75089d20a755f260756c8f1382a29f7b93726e731071cd477458c6f2022dfad7d4fc7ab2380541864f6b58774f9ae8e5f077c1a8da073c39853eb2fd477220b45a3d92263dc7e14d3bb2b36fca466c7ef8a247538725f2fce5c7221bc751cde1394604f5931d733360ccd47ce087712958180ad84fae713b543f05eef6abc0661433121ed3b4506a1465025316fb8f9d64535cc4538acd4064dd576b0740e1beb13bceaf155543dc89097ca5ca1cffa0ad65a10bcb759354eab8a42de734af909c2feba380d66409f325d5f17af9ca7f8cb4134fd6a2b6a528d9e60d9612b8e8b4062f8e0fad1e7eeb9cbfef6e9738ec7973e1cb2ba2327deca4ea46568f31e12f730e247c1d07029fd4422b298ff2398023b4120a3a425ffb652880c19ea69f3639e0f6df4f00876cc4528e267e81d5943199d0feb6cb4e1baf404bb6f8b39b12dbce9fdc35dc158066e9975ae5bd3b55f2a41a791baf3e8351ec604944790a22c933c80b1590ba197a4706f7f5128682edcd74dd78d435e787c2b76a57b3f4e7d7be2efd26da5f9a829119b01508b7072c7699ce52bb578cc5b1b93661b5172fb84daf1ba364d2cbd80e2c99bca9caea873cc0a1629eac384e9b206842a6e6183387591b4aa34a95fd89b49d8d15d91e21940e17dcaf1eff8a0a47a0d7a95daead82aa3df8204a0cd206924ae510fec8a9c4e8d85d466fdb4dd365dc99336b22ce0b956b5ee0017f29d25ee66fbdcecb0d996ffb97c8defde40a9ff9993193ca8f1685067c19c526e0efed236f8edb8def6c2a03e21952c8612d624e6886a311ffb9e2f15da44abe180d26a14b15f63561e097a730ecabb792c7c235fdd360f571f27ef68677a7d63beb4975982cb199a560f816ee12989445f7f75b83eb278d62825947d84099af2a6ff2eadbbf589b5eb2f72ed114c73151153ae0022bc9564d15c2d5cdbbaabbef638f03095f53eebac9683409ad3060cfb7c7037b9b0befe069c92a02be953388e9ea45d36ddf4f5a8389432ccf504c50808b07f69:cc12f69db63a678ec477a605a505c57dc2b810ef85e3e34519cb25c51063aa66355d3f1e2974695866edf6f17171ce37842fbab5075fc895d18ed743c546080c7ec47f2f1fe3b70a6d1d82c7cd924b4bf9b2029fc12c52a6e1cc06cf5abfc0a442e7cf145c1542b9b135049665711035e3c29a91d4fdaed6127057a812c22cd75ad1879be1d2c6110e79e987524e4e8f27f16eda90cbd4733f111825b516d1067f81eca5e6948576d5bfedb3277c1abc1e60f374d0701b32ccfd6a5e9c8d1659aaf3d0818613613b7e288d845e9aaaba2e3e9b411d501dffe856fd313e9fcc9e7430b9983f20ab4ebf4eb616bd63e2c57743658995ed0a149ae620a395613719b3ed7ced4588d5915d70a2f0c687680ec34fe3e9f72392e189e13a4749d5ca9fac651b92c084c4066fdf98a869223e4e0c9bec5812b5c1900e6e60d3a188d48a74dfd415b5cad2e91ff76df75089d20a755f260756c8f1382a29f7b93726e731071cd477458c6f2022dfad7d4fc7ab2380541864f6b58774f9ae8e5f077c1a8da073c39853eb2fd477220b45a3d92263dc7e14d3bb2b36fca466c7ef8a247538725f2fce5c7221bc751cde1394604f5931d733360ccd47ce087712958180ad84fae713b543f05eef6abc0661433121ed3b4506a1465025316fb8f9d64535cc4538acd4064dd576b0740e1beb13bceaf155543dc89097ca5ca1cffa0ad65a10bcb759354eab8a42de734af909c2feba380d66409f325d5f17af9ca7f8cb4134fd6a2b6a528d9e60d9612b8e8b4062f8e0fad1e7eeb9cbfef6e9738ec7973e1cb2ba2327deca4ea46568f31e12f730e247c1d07029fd4422b298ff2398023b4120a3a425ffb652880c19ea69f3639e0f6df4f00876cc4528e267e81d5943199d0feb6cb4e1baf404bb6f8b39b12dbce9fdc35dc158066e9975ae5bd3b55f2a41a791baf3e8351ec604944790a22c933c80b1590ba197a4706f7f5128682edcd74dd78d435e787c2b76a57b3f4e7d7be2efd26da5f9a829119b01508b7072c7699ce52bb578cc5b1b93661b5172fb84daf1ba364d2cbd80e2c99bca9caea873cc0a1629eac384e9b206842a6e6183387591b4aa34a95fd89b49d8d15d91e21940e17dcaf1eff8a0a47a0d7a95daead82aa3df8204a0cd206924ae510fec8a9c4e8d85d466fdb4dd365dc99336b22ce0b956b5ee0017f29d25ee66fbdcecb0d996ffb97c8defde40a9ff9993193ca8f1685067c19c526e0efed236f8edb8def6c2a03e21952c8612d624e6886a311ffb9e2f15da44abe180d26a14b15f63561e097a730ecabb792c7c235fdd360f571f27ef68677a7d63beb4975982cb199a560f816ee12989445f7f75b83eb278d62825947d84099af2a6ff2eadbbf589b5eb2f72ed114c73151153ae0022bc9564d15c2d5cdbbaabbef638f03095f53eebac9683409ad3060cfb7c7037b9b0befe069c92a02be953388e9ea45d36ddf4f5a8389432ccf504c50808b07f69: +903f3b5399892e29ccfafbafbd7cc4533c154a625682406c89bf894c889e43f48fa5ff5b6b26bd67df864046429df124b523005dd89444275c8ab7ebddb6f4db:8fa5ff5b6b26bd67df864046429df124b523005dd89444275c8ab7ebddb6f4db:a2c11b5fb884a822fae64da8dcb4452cfd7a04ca6d7a5abc8d8271e93f93449e1feb8e02975f496b9034400d3599ab97aa3997dad1c9ffab5b9f8df4aaa5b840d90d862fff7ff0cf73a60c66150009e01c937bd1af6807b5ba2ef612ee13d6def40bb09c46811a2d4e468e038b323055f9dfbd01829ae2f1a535ef0295ca1ed176e46de996cc87bace45356233211835b6f4757c99bd527e766a5f0b127c8cff8e6d66f8bab86d0000452cd7f67be557788513ec0709b537b007b42016e7a89683469bd8ff8d21eb10c14917d47f2dc4f826324f7c01b24f8dcff04aa6d85095d9ab154ba5c3bd919c9d728dbdc990d19ceb237b452907bdbe21f9f08cddae5be479276709b8ae73f8974c4b113841ad535d6ff6223eea47d185c8e8a65fdee2c2d45800c17cb556eafd676647d9968e55ca9c59232b9770ad10f955fcb5858edf0b7483adc1817c0f8d02240482caa76f43c6d2e96a4ff9591cd7b878ea619ea56d1b588631e7633c5ecb2ba6998398cb06e3cf75aeb3e08dab19632d454ff7dc0e2a41f09737e8ee823d1b9e24dda84a2ce0313cb9fce31cb663c55c05645e63401756e8ad38f5174c02a663d815ad64422ff7727d4fda16e48d4bf8f6602e7260da62330e6878c34764e129afbd552208f6bed4f7cee9b671f488388815d74b4951b8682ce76cfe31e938c470b8f7a45fd63a9691f426a75c58ed3dbce3ae8fd9d10a8352e47cc1b12c9192ac8626d1b384b77a18b986e71a998646c137992b67c4817e346345faf50a2659fdc5cad5c719648efee3847c0ff6bd7095c28b4c5195967c90cf84e1ef68a1ada01f6274ede363fb82e0b549a870245d608cae8234f6d84abeb61b718466093620d85c584ab01eeda091ee8aff1cf67a4675679a1f4003e66aaf43871b88ecda6a16dc5acb05395f2da9df70d3bdb61438e1c3d40981e034627d026ee1d2e79f65cbb8189fcbb3cc8b5c2e7e796b5d2889411d5641fb869c7b0a589c43254f8c5438aaf5ac423832f018d79a51b96f242e2de0c851cc5fc2b206bca4b5be836125aca144bbc38c8c638be0d3bbe025a1be8b3d03d5929baa649c3544a32a915e926a38791b134a971bc52d1b6ca625efb7c2f3bb47ab51d43c8e374d16cda882204b71cafe9093cb6078ef2bdfad59edeaf36d0c1a4dc425b9e718c45185225a9c3084b782bfe163492f8e8482ec9aa073f6901ff3d1117ce917e19122fa67650d858f8f82b37669723c226d721697e7ae3359f5a6b02424ee8794cbeaa641edbbf753b103a5fe158be0ba60d8a212d42f8c5c2af254bf1b9c80df6f1cf09d70793cae1abb4627b1780f1bce7f617ee50f6bd4b083b2fc7cd844afb72380d5cb6b255bf47ea71cad6c6c4df021f81b548f432c18ac366c6aecd03b6c8ce2:495a8f991941c629bd641a67471ab860bfd39b72f23355f7270909d5307c77b1b94bae3ed19450780e9085305f31b1e1683facf0d1fc8840aec77df67aeab302a2c11b5fb884a822fae64da8dcb4452cfd7a04ca6d7a5abc8d8271e93f93449e1feb8e02975f496b9034400d3599ab97aa3997dad1c9ffab5b9f8df4aaa5b840d90d862fff7ff0cf73a60c66150009e01c937bd1af6807b5ba2ef612ee13d6def40bb09c46811a2d4e468e038b323055f9dfbd01829ae2f1a535ef0295ca1ed176e46de996cc87bace45356233211835b6f4757c99bd527e766a5f0b127c8cff8e6d66f8bab86d0000452cd7f67be557788513ec0709b537b007b42016e7a89683469bd8ff8d21eb10c14917d47f2dc4f826324f7c01b24f8dcff04aa6d85095d9ab154ba5c3bd919c9d728dbdc990d19ceb237b452907bdbe21f9f08cddae5be479276709b8ae73f8974c4b113841ad535d6ff6223eea47d185c8e8a65fdee2c2d45800c17cb556eafd676647d9968e55ca9c59232b9770ad10f955fcb5858edf0b7483adc1817c0f8d02240482caa76f43c6d2e96a4ff9591cd7b878ea619ea56d1b588631e7633c5ecb2ba6998398cb06e3cf75aeb3e08dab19632d454ff7dc0e2a41f09737e8ee823d1b9e24dda84a2ce0313cb9fce31cb663c55c05645e63401756e8ad38f5174c02a663d815ad64422ff7727d4fda16e48d4bf8f6602e7260da62330e6878c34764e129afbd552208f6bed4f7cee9b671f488388815d74b4951b8682ce76cfe31e938c470b8f7a45fd63a9691f426a75c58ed3dbce3ae8fd9d10a8352e47cc1b12c9192ac8626d1b384b77a18b986e71a998646c137992b67c4817e346345faf50a2659fdc5cad5c719648efee3847c0ff6bd7095c28b4c5195967c90cf84e1ef68a1ada01f6274ede363fb82e0b549a870245d608cae8234f6d84abeb61b718466093620d85c584ab01eeda091ee8aff1cf67a4675679a1f4003e66aaf43871b88ecda6a16dc5acb05395f2da9df70d3bdb61438e1c3d40981e034627d026ee1d2e79f65cbb8189fcbb3cc8b5c2e7e796b5d2889411d5641fb869c7b0a589c43254f8c5438aaf5ac423832f018d79a51b96f242e2de0c851cc5fc2b206bca4b5be836125aca144bbc38c8c638be0d3bbe025a1be8b3d03d5929baa649c3544a32a915e926a38791b134a971bc52d1b6ca625efb7c2f3bb47ab51d43c8e374d16cda882204b71cafe9093cb6078ef2bdfad59edeaf36d0c1a4dc425b9e718c45185225a9c3084b782bfe163492f8e8482ec9aa073f6901ff3d1117ce917e19122fa67650d858f8f82b37669723c226d721697e7ae3359f5a6b02424ee8794cbeaa641edbbf753b103a5fe158be0ba60d8a212d42f8c5c2af254bf1b9c80df6f1cf09d70793cae1abb4627b1780f1bce7f617ee50f6bd4b083b2fc7cd844afb72380d5cb6b255bf47ea71cad6c6c4df021f81b548f432c18ac366c6aecd03b6c8ce2: +ee81e0fb052e23ad759de6aa9838de98e36d4820dc0e1b7b3ef1141ab9de334098f3c9880794de64fa269bdf336095e0e01b1a3b375f965b93700bbdf4b96869:98f3c9880794de64fa269bdf336095e0e01b1a3b375f965b93700bbdf4b96869:28d99e9518b88283c220e76de205d7b6162359b1dfec1fbaab98ec0ef1df8da40b6b7a775e9728450aeb2351fe5c16afda3aec0d71049da4cb7d4c63713a2410abb022f81611cc064587c8047d4383c00c3c562e9ceea35775095391b5f3dda0e373c4a77ff618a28ef68787ebfc3ebcccc5d1ce32ddf43bfce57203da76a8664b3c616a8869282db0b72811b5fd5a2a03a4ff66724b0489ea2e1073d781c3f189115d79ba20a46d1dfaf5b1a5847b2a2e31b2808737569e60b57231e6a99af26f58afeb15770810474812fe4afacf884506b8c314bc6751bb42b4bd6e87d2e5de70fec5f0014c4257b13472a3b0111a7a8cf83b1dc0cf962022cd44468a3ab1f0016b70cafb1d0246acd7053937c9ac40207cf13b50dd15e2a2e15f50a05bca2f28e770262371dacee02e25b2a59658ed90c0600fa265b7de3d44f8ef0721bf39ec4d4eca5888527b778067b1d659c00514c8d7056273a294cbafe45090d069bbd09f92f461e648f3e682882c71576e974debb0cb7e0e8316406660150dabb58e76246614a291c12ce9e0346c02774d4d09cecc23696712fee250c0bb5df7a2a4c43a5563331bcbbf84be3f2eeb0654532e85ec597b53b32f3954ccaf0cd426def91ec4b208416948af27de04d832705897a04c5e24a2e88b20040fd4eca3089fdb918a92e35c4d31da26850b9dd34118c74449a855ff4bc9fff0d1447839654b00417999fa4eb89102133cd320409153584957c10489db4b7244c95907988e83dc821271dc1ab643d6992d0fd820492ae642e24d19a179fa75d9363b321662606fd94a47fdb2e68d3f30c04673f809de0144945ea4d4183d48f175079eed50323c6b192e020e162a3503aa582fb08b403624a23e357eeda08d904386f358c36c64d314c77cd9d4d23d581ee53d81ff97ada019cfcf04eb9dcc1de9b74c3db6b811578bd4f219c5ca48ef4c826b09e6c96d031f65dd48b6e73d0c100586b21df0293a03d2ed7e5009ad025340c21d09060691f5cd8af2ab12f9b860ee87815e1a9f400c2a6f634ea8f9b3425a08d10b3c815367388f4d1be356318ecf9035d0ee975affa859caac28ebccd0599bb2f6f3523661bd178fc9e4cac378bb9dd4716bb06923fd2bbd56c959c42b95d50193f8bf299fcca3b2eea94ec5f98583924c080416e28b54fe57658458b055ce4de8a75fc82715cae91d375cf69281378051bb61fdd7bb0068f63efa6d6e83d8fd4257af80970f4a9e6924b2de0ad966dffe6fa4a113b0e772f1768785b3b42049f76c48ad80f2c67fb0f91a5fc4107912520d8d683c062c3a222bcda7e710bacd478ee88367b6a059a452fd26f114a5acbd6979ba019f7da68ac04a193026bc1c27e4837b1de29cce090e3380d5051a586409e628e3145665bb1d84ecd8:f0d873be15cf454c7434deab71de25cfe99e81a48d2dce6a35d1633714df0f8b4029e0582511efc4d06892f672850246bcf070c46fadc2faab44dc435045de0028d99e9518b88283c220e76de205d7b6162359b1dfec1fbaab98ec0ef1df8da40b6b7a775e9728450aeb2351fe5c16afda3aec0d71049da4cb7d4c63713a2410abb022f81611cc064587c8047d4383c00c3c562e9ceea35775095391b5f3dda0e373c4a77ff618a28ef68787ebfc3ebcccc5d1ce32ddf43bfce57203da76a8664b3c616a8869282db0b72811b5fd5a2a03a4ff66724b0489ea2e1073d781c3f189115d79ba20a46d1dfaf5b1a5847b2a2e31b2808737569e60b57231e6a99af26f58afeb15770810474812fe4afacf884506b8c314bc6751bb42b4bd6e87d2e5de70fec5f0014c4257b13472a3b0111a7a8cf83b1dc0cf962022cd44468a3ab1f0016b70cafb1d0246acd7053937c9ac40207cf13b50dd15e2a2e15f50a05bca2f28e770262371dacee02e25b2a59658ed90c0600fa265b7de3d44f8ef0721bf39ec4d4eca5888527b778067b1d659c00514c8d7056273a294cbafe45090d069bbd09f92f461e648f3e682882c71576e974debb0cb7e0e8316406660150dabb58e76246614a291c12ce9e0346c02774d4d09cecc23696712fee250c0bb5df7a2a4c43a5563331bcbbf84be3f2eeb0654532e85ec597b53b32f3954ccaf0cd426def91ec4b208416948af27de04d832705897a04c5e24a2e88b20040fd4eca3089fdb918a92e35c4d31da26850b9dd34118c74449a855ff4bc9fff0d1447839654b00417999fa4eb89102133cd320409153584957c10489db4b7244c95907988e83dc821271dc1ab643d6992d0fd820492ae642e24d19a179fa75d9363b321662606fd94a47fdb2e68d3f30c04673f809de0144945ea4d4183d48f175079eed50323c6b192e020e162a3503aa582fb08b403624a23e357eeda08d904386f358c36c64d314c77cd9d4d23d581ee53d81ff97ada019cfcf04eb9dcc1de9b74c3db6b811578bd4f219c5ca48ef4c826b09e6c96d031f65dd48b6e73d0c100586b21df0293a03d2ed7e5009ad025340c21d09060691f5cd8af2ab12f9b860ee87815e1a9f400c2a6f634ea8f9b3425a08d10b3c815367388f4d1be356318ecf9035d0ee975affa859caac28ebccd0599bb2f6f3523661bd178fc9e4cac378bb9dd4716bb06923fd2bbd56c959c42b95d50193f8bf299fcca3b2eea94ec5f98583924c080416e28b54fe57658458b055ce4de8a75fc82715cae91d375cf69281378051bb61fdd7bb0068f63efa6d6e83d8fd4257af80970f4a9e6924b2de0ad966dffe6fa4a113b0e772f1768785b3b42049f76c48ad80f2c67fb0f91a5fc4107912520d8d683c062c3a222bcda7e710bacd478ee88367b6a059a452fd26f114a5acbd6979ba019f7da68ac04a193026bc1c27e4837b1de29cce090e3380d5051a586409e628e3145665bb1d84ecd8: +69d01d829113081cbf5d0c6ef77b21775c8d9b680000056f03c75a7d0a0587d2ee8469dd61cf5de400da7d7a479a4418e6772e69ff5330ce5ca77859fe271755:ee8469dd61cf5de400da7d7a479a4418e6772e69ff5330ce5ca77859fe271755:0b9e110f29d19816a17b2c75478f13cee953811a1983014cb7eb0f75526912044c3ea6829780e657f817c5597d4661080d9034c9778722418f2c3aeecaef6b690c5bd3b593701086988e4340aec34e0172758eb24087d03a8f76e7cbca53aaafc4d2155c7532ab54be48872653066fa1fdd54acfe9daaeca356c290e6be63355b6d9fc52eb5e4fccbbc6083507132de485bfae9f42e19712232b716402c23fea74efa69d73c8c2e3a8662b8b65b0fd007741013e1f6e3cfe4345d5c830682fe60021d708e10a9e9f4052ff7a6abf28acb1d6b5fb038eed3f72513c355bbfd5c2274fa85fc4f446974b2d1bc036507a1eb5fcf55dbd44210e538274de808b900bf1c0fcc0241270db8dbdcd88349d67224f087e5f07f699b0bae68b2ebc9a4e27c70d3ac7d996fa7d4dabd568378e3f93905b1c89c652d384c16c2bcb1c9844c38f71bb13e0c6a2ea95b612e390c5f86d248ea531f2ec6f639a402dfaccf37217005344030745d1f1e520cc195dafdd7f295f377b8d614716703836219bb7b09fea7aae9ac33e42dcab65cc6142fcd8ce15e97717fdb33e9538c44f6cd9c1c65db62751f552f870f10142c96f9df1855abb39e42706a563ab154511fdce687c9576f9edc3b4ba55346ce66802fffef4b1b5e12015ce8b57de5458caa0daf341968128584288c2f27cbfb76eab286bac5f66aad0049e0ca60a9014e17901c4130e83ceaeb4c2713e971a235eff995a813ae4ea64a583ffdefdac82ac76eaf4d47c4ac8250fcbafd6b88faeb48015f5b42b5334a50b31d4502ea491da90dce93c08fd56f5c58eedb379166a23762be5e4adeaa6f4ae1c24e0cac4ddca0383458560cdc48b8cd1f42a3ba2f6ffb6077909fcb294ad1ef4a44c22ec4b3987ddbeef325b98ced56815ea7d5fccf5afdfe98e0e6d920f7ada2eb5c91624c76cbba2993a9c7a55021d127a667b39e235df4f81dee7dd142898778dbd92135b70b3acf59f6c29a2c9d4a7006ef11a918b3a2906264a15d6b529308cbc89f85601fc1ea1314d67f7566cf109165c7f92de1a18d70debe024349db3560a6e527e2ac3e06789468704e6b8f1871f16bae9827392b418f1086cc497086ced14b1249d6d8794f23bb8779d418648f2155656a6fda7440c56284d9b2188fa7d1736bccc9cff0be5b1e1f551ff8137ff5966ed9d0f7f01c3dff298e9102ffbd324bfca5ffe0968e66f9d82f487d303934f27f78b28378eb72c38272962a5f735d7392e5d333fd86de167269c17a165b92d31a4880a41e136f718960a919b3d7c4e74cbd73c73f921be513f739affb2e41f80426bb8cfb4564b98fc4de53255ce3f98b4d22ae6fce9190b55bf2c93861c1dcac101b5e16cf09991c5defa33f8d51056d934bb4b477b6520d4c7ae22ea7fb3109de7f4:408cefcf01417e2dc6a8a18284e411657f039250c31278db2819f9eaea4293fbf6831a2801fc1ea6871657b841e173f451b0d575a9379e35857e8c7297fa14040b9e110f29d19816a17b2c75478f13cee953811a1983014cb7eb0f75526912044c3ea6829780e657f817c5597d4661080d9034c9778722418f2c3aeecaef6b690c5bd3b593701086988e4340aec34e0172758eb24087d03a8f76e7cbca53aaafc4d2155c7532ab54be48872653066fa1fdd54acfe9daaeca356c290e6be63355b6d9fc52eb5e4fccbbc6083507132de485bfae9f42e19712232b716402c23fea74efa69d73c8c2e3a8662b8b65b0fd007741013e1f6e3cfe4345d5c830682fe60021d708e10a9e9f4052ff7a6abf28acb1d6b5fb038eed3f72513c355bbfd5c2274fa85fc4f446974b2d1bc036507a1eb5fcf55dbd44210e538274de808b900bf1c0fcc0241270db8dbdcd88349d67224f087e5f07f699b0bae68b2ebc9a4e27c70d3ac7d996fa7d4dabd568378e3f93905b1c89c652d384c16c2bcb1c9844c38f71bb13e0c6a2ea95b612e390c5f86d248ea531f2ec6f639a402dfaccf37217005344030745d1f1e520cc195dafdd7f295f377b8d614716703836219bb7b09fea7aae9ac33e42dcab65cc6142fcd8ce15e97717fdb33e9538c44f6cd9c1c65db62751f552f870f10142c96f9df1855abb39e42706a563ab154511fdce687c9576f9edc3b4ba55346ce66802fffef4b1b5e12015ce8b57de5458caa0daf341968128584288c2f27cbfb76eab286bac5f66aad0049e0ca60a9014e17901c4130e83ceaeb4c2713e971a235eff995a813ae4ea64a583ffdefdac82ac76eaf4d47c4ac8250fcbafd6b88faeb48015f5b42b5334a50b31d4502ea491da90dce93c08fd56f5c58eedb379166a23762be5e4adeaa6f4ae1c24e0cac4ddca0383458560cdc48b8cd1f42a3ba2f6ffb6077909fcb294ad1ef4a44c22ec4b3987ddbeef325b98ced56815ea7d5fccf5afdfe98e0e6d920f7ada2eb5c91624c76cbba2993a9c7a55021d127a667b39e235df4f81dee7dd142898778dbd92135b70b3acf59f6c29a2c9d4a7006ef11a918b3a2906264a15d6b529308cbc89f85601fc1ea1314d67f7566cf109165c7f92de1a18d70debe024349db3560a6e527e2ac3e06789468704e6b8f1871f16bae9827392b418f1086cc497086ced14b1249d6d8794f23bb8779d418648f2155656a6fda7440c56284d9b2188fa7d1736bccc9cff0be5b1e1f551ff8137ff5966ed9d0f7f01c3dff298e9102ffbd324bfca5ffe0968e66f9d82f487d303934f27f78b28378eb72c38272962a5f735d7392e5d333fd86de167269c17a165b92d31a4880a41e136f718960a919b3d7c4e74cbd73c73f921be513f739affb2e41f80426bb8cfb4564b98fc4de53255ce3f98b4d22ae6fce9190b55bf2c93861c1dcac101b5e16cf09991c5defa33f8d51056d934bb4b477b6520d4c7ae22ea7fb3109de7f4: +4b8ed29731f104795e97dee7c8b401a02afaa9a795e613353d2b95001765027af22298210b09fd617fc8b35074ca1801e6075dc92a8f50344b80e85405a038f5:f22298210b09fd617fc8b35074ca1801e6075dc92a8f50344b80e85405a038f5:cbb5f13a0ef2837b805d3b785109f9f2e0d0a017bfe7692d91ec23ddab7817330bef247fd91ab2c77dd4412519cbd38475ce0cb39b1480092bc738d4152b8a6d55248e3b9f32cdcd15ec5d059ec3c8847554ee47005394974d8eb23592d17f5a396e3c19f8e898370679fef5318c4dd299c6217d6abcc9b61a5b2d0cfef695d170ca20a83d6fd3c666c8fd1c10ad970e2fa6af10ff0ed0cbfe752246d03f3a3c6032dbb319bcfdac4dafc50bc3e6bf595f491dec388b3441b8cee0df91f55cc7807d07f8f541ed7322ffc39d18f89560e4123aec1d77969cf1877786f4cf94b1770b1090655e8c72eecea4572e46f580f963966db2a1085eeabc57bf4a84724b9c8599a433abf58bca804091d3d5e6e5048ec27bf8129b670cc2c88d9cac471859f469b918f3f6d70f7d6663501ffbefef026d79ea70927ccf6075ee5105423321e11aee9ad16f987efbdd00b62aff698e521adf9203b15e9f0f3ad07dcad9ddccaae9b490247f12c311dee6b73b8f9124fdce1299b47fb1914cee7e3a07814e312c3ce56927672c51b3185980cde57f3a759b50bcfc4cb0753b954d97135deb2a0532e98b66f39a7c08cf4d548539e2eb9f422f6649658893a7c3c25a4fc901f8c398b8c72733911a0072ed6bd2f4189389ae10a814f648d71f69c37e8295784428183b93c8013b964a9fef86b48f489316bc222e96b3bd15ff149b96820329551c15e0d095d1569b1e2131c78751565c3041f29785395b97151317f62e3582e407b1649e60d03a8599120a302a4695fa862b4120f94d22ecae72398d2094d108ad2dbc1b959735902142aa5fe6e7996559f6f601448aea02f356f8dcdd144340eb3619f9865bf7672aea326c4e93c99f0ed1f9ed866be15d3af2675f6dd6e296602ca373a815b0be46bc2a3fbba06b8805c731fe08007daa06050961b24d14693a72898ccfb8b8fedc60a4eef8ff79b6dd7592591833b576ef48294e5e0485942e57c119602eddf88b1faea517f2fc2e3d14d246a52cbd71a108c66b6cc4f2d45804a282ecedb1b0ad3dc3b4880ab2ff78b8ddde48f7466c14fed349e95b5053abf1bf0991126031d97547d143c2ae164928b61c0708af8ca3e4f55154d13d75e97db4ba3e69d36e9b37082368c2f721bd3f95126a1e004eb2a1bf268343ae21d2995044a2cadd67ffac9e1538175b3cc44db5d26f1d5cc89ca0e1c1ee8537a8a91d324c2e02e18b9fb9730d6dda55f72d843389693ebfcba7fbe1a0bcffb9aa284f4ae66f44a8b89302983b22736d0c72d6a044e4291624243a4e0ce65d5e5346d67fed3760ddb0c510b50ff3eef0a18a267de730476dd82dff7072cba0984825a004dd4bcd8c37fdaf1f683d1d9380e135a95d24b89fad0be941c548251bec90ccae015bc0567da84b371e50:2345886686eb39b5199caaa9615bc6b4896f076e8bd736c0038a6517f9c2b167e759f37372268a697e9b78605f2ed94725f6905a7900153fc9e8beed31ffae05cbb5f13a0ef2837b805d3b785109f9f2e0d0a017bfe7692d91ec23ddab7817330bef247fd91ab2c77dd4412519cbd38475ce0cb39b1480092bc738d4152b8a6d55248e3b9f32cdcd15ec5d059ec3c8847554ee47005394974d8eb23592d17f5a396e3c19f8e898370679fef5318c4dd299c6217d6abcc9b61a5b2d0cfef695d170ca20a83d6fd3c666c8fd1c10ad970e2fa6af10ff0ed0cbfe752246d03f3a3c6032dbb319bcfdac4dafc50bc3e6bf595f491dec388b3441b8cee0df91f55cc7807d07f8f541ed7322ffc39d18f89560e4123aec1d77969cf1877786f4cf94b1770b1090655e8c72eecea4572e46f580f963966db2a1085eeabc57bf4a84724b9c8599a433abf58bca804091d3d5e6e5048ec27bf8129b670cc2c88d9cac471859f469b918f3f6d70f7d6663501ffbefef026d79ea70927ccf6075ee5105423321e11aee9ad16f987efbdd00b62aff698e521adf9203b15e9f0f3ad07dcad9ddccaae9b490247f12c311dee6b73b8f9124fdce1299b47fb1914cee7e3a07814e312c3ce56927672c51b3185980cde57f3a759b50bcfc4cb0753b954d97135deb2a0532e98b66f39a7c08cf4d548539e2eb9f422f6649658893a7c3c25a4fc901f8c398b8c72733911a0072ed6bd2f4189389ae10a814f648d71f69c37e8295784428183b93c8013b964a9fef86b48f489316bc222e96b3bd15ff149b96820329551c15e0d095d1569b1e2131c78751565c3041f29785395b97151317f62e3582e407b1649e60d03a8599120a302a4695fa862b4120f94d22ecae72398d2094d108ad2dbc1b959735902142aa5fe6e7996559f6f601448aea02f356f8dcdd144340eb3619f9865bf7672aea326c4e93c99f0ed1f9ed866be15d3af2675f6dd6e296602ca373a815b0be46bc2a3fbba06b8805c731fe08007daa06050961b24d14693a72898ccfb8b8fedc60a4eef8ff79b6dd7592591833b576ef48294e5e0485942e57c119602eddf88b1faea517f2fc2e3d14d246a52cbd71a108c66b6cc4f2d45804a282ecedb1b0ad3dc3b4880ab2ff78b8ddde48f7466c14fed349e95b5053abf1bf0991126031d97547d143c2ae164928b61c0708af8ca3e4f55154d13d75e97db4ba3e69d36e9b37082368c2f721bd3f95126a1e004eb2a1bf268343ae21d2995044a2cadd67ffac9e1538175b3cc44db5d26f1d5cc89ca0e1c1ee8537a8a91d324c2e02e18b9fb9730d6dda55f72d843389693ebfcba7fbe1a0bcffb9aa284f4ae66f44a8b89302983b22736d0c72d6a044e4291624243a4e0ce65d5e5346d67fed3760ddb0c510b50ff3eef0a18a267de730476dd82dff7072cba0984825a004dd4bcd8c37fdaf1f683d1d9380e135a95d24b89fad0be941c548251bec90ccae015bc0567da84b371e50: +080d7f76182ee6bcea894b1e0060558b3b125a3499df3973b8dd6693408ee4694124713d7c2df50f93055730d1b281daec3028cf2c1e4858d128707a23d6deb0:4124713d7c2df50f93055730d1b281daec3028cf2c1e4858d128707a23d6deb0:ab0a6de2351b9a8498f68272d9a0a7a057365d34efa0fd34cc3bf862e49cdc302b2bd5a30d601a130ec4032f541ae6cb7ba97f84183d2d2581287ca701d7d7a9aba110ce58b946ac0824305df7929f3dd7fc9c8732238637e2b181d6e116c7f66e3226aae3ced1610262da1a0a4aa50a1b9443ec828329e4734d28fc25ab9c1de9b8987e5dc0c8131916c5f18928704a71e80622b1492bf2fec5d4b6dbe415c8af2ce3ef109b34dd5e64d56846f085935a4a5d1073497fb3fb8fb77e8f5d5e3fd00c30652e3c5cde40a335d14e5425ffba942885ed17bd36df506924237e75be84da821950b91424fd9f16c1b2c783e90f8cc2ccc7980ce915c7696b06a586730259e6d14588582bab9d2a39f69e98e7f2ae9bc0c2610d7e0457f26a5d66543be1d65b79c4b7c0d8ee73d0c2b67bf50d8082f006f96d119505873193dfdbd432bb1c9ee0d03ee54cf95d20e91f7f3a069b6256f42159cdc1e600a9a1c2f5a8e467d5c2a9dff8730e6be826fb2a1e6448bfc4fcaaaacdaa7662351faadc91f7caa7737dc82ec3d4b21936bca1bd7ce373ad66264af13241167549318cdd78e563827f85eab20e0b42bc554a712c0051a5010dc2f2c7db85acf6549f9d102c903c1be5a05292c30f21ab1b2b8abcbbf104723c63f0ebc554fbee42020ccb14f443478df77c6aa44db9a57f8fd44d97ea099e4774823ebe123fcf5016a66e837b2f65c1845e681ee2a7059fb1290cd0a933129855cc83c87e0b3bb61e44134addd3637850246cdcdaa29f15c41a3d4dd2c1d760062124333124cf091435fdce711f52316368999befa4c80a39b3750e4e386289e4e2855e97b619b0a25799912408b7d58a4dd9819571e901430f6d555529dd630a1867459b8022d0e0add6ab4f12f60baac75979bbff7f6258d28d6760b1ff243c39e4bbd6cf9bea572a9c082d05adcfd4ccf9fa026f2c904b6e782ed709df7748a307cd2dc3a0fc4123df580cbf49e05ceeabc9f39e57b7f300905d8b310091fb953f3def36deb3e8bf372f5916b51597df024ce85cc4c36eabdc580b5cf152994648f1d7f35fed5cd10f6e2949161a3359b3034d450ea6f61cdf1d5af76d40102b60294f4e49078249026d62fe35fdf224928b0c49ba2b5339ebb192c5ab7f05cdb946e37d671a4a5ef2a5827220b4438cbda05736292806648f5bdd52420fa76b84a6addb1263eb0c500e81566d718d5066026da097054a86631016ddfb706a5677d502ef84aa73b5863bc40fdc42cb7321ac5f00e2928fed7b0418596db4b6151dd6bc6e818f0253552bf13741e69680e966c92c293e13c90f7c9999bd1ec6afe3b4affb47340c89859829feb599db3a8c3d33fc8d45fa5381078ae9f75d85c1496f5fb5addf4e4009b764bcc9118e9275dc7219f281d0d1ef7158:185fb1b6d86dc4444810cf5ec6fef0abdafa2a6fccb45d11cfb54ba16a6843f280d380471002ae0d71508556c78ed5415e42338c161f2b621e74cba4f6a1d402ab0a6de2351b9a8498f68272d9a0a7a057365d34efa0fd34cc3bf862e49cdc302b2bd5a30d601a130ec4032f541ae6cb7ba97f84183d2d2581287ca701d7d7a9aba110ce58b946ac0824305df7929f3dd7fc9c8732238637e2b181d6e116c7f66e3226aae3ced1610262da1a0a4aa50a1b9443ec828329e4734d28fc25ab9c1de9b8987e5dc0c8131916c5f18928704a71e80622b1492bf2fec5d4b6dbe415c8af2ce3ef109b34dd5e64d56846f085935a4a5d1073497fb3fb8fb77e8f5d5e3fd00c30652e3c5cde40a335d14e5425ffba942885ed17bd36df506924237e75be84da821950b91424fd9f16c1b2c783e90f8cc2ccc7980ce915c7696b06a586730259e6d14588582bab9d2a39f69e98e7f2ae9bc0c2610d7e0457f26a5d66543be1d65b79c4b7c0d8ee73d0c2b67bf50d8082f006f96d119505873193dfdbd432bb1c9ee0d03ee54cf95d20e91f7f3a069b6256f42159cdc1e600a9a1c2f5a8e467d5c2a9dff8730e6be826fb2a1e6448bfc4fcaaaacdaa7662351faadc91f7caa7737dc82ec3d4b21936bca1bd7ce373ad66264af13241167549318cdd78e563827f85eab20e0b42bc554a712c0051a5010dc2f2c7db85acf6549f9d102c903c1be5a05292c30f21ab1b2b8abcbbf104723c63f0ebc554fbee42020ccb14f443478df77c6aa44db9a57f8fd44d97ea099e4774823ebe123fcf5016a66e837b2f65c1845e681ee2a7059fb1290cd0a933129855cc83c87e0b3bb61e44134addd3637850246cdcdaa29f15c41a3d4dd2c1d760062124333124cf091435fdce711f52316368999befa4c80a39b3750e4e386289e4e2855e97b619b0a25799912408b7d58a4dd9819571e901430f6d555529dd630a1867459b8022d0e0add6ab4f12f60baac75979bbff7f6258d28d6760b1ff243c39e4bbd6cf9bea572a9c082d05adcfd4ccf9fa026f2c904b6e782ed709df7748a307cd2dc3a0fc4123df580cbf49e05ceeabc9f39e57b7f300905d8b310091fb953f3def36deb3e8bf372f5916b51597df024ce85cc4c36eabdc580b5cf152994648f1d7f35fed5cd10f6e2949161a3359b3034d450ea6f61cdf1d5af76d40102b60294f4e49078249026d62fe35fdf224928b0c49ba2b5339ebb192c5ab7f05cdb946e37d671a4a5ef2a5827220b4438cbda05736292806648f5bdd52420fa76b84a6addb1263eb0c500e81566d718d5066026da097054a86631016ddfb706a5677d502ef84aa73b5863bc40fdc42cb7321ac5f00e2928fed7b0418596db4b6151dd6bc6e818f0253552bf13741e69680e966c92c293e13c90f7c9999bd1ec6afe3b4affb47340c89859829feb599db3a8c3d33fc8d45fa5381078ae9f75d85c1496f5fb5addf4e4009b764bcc9118e9275dc7219f281d0d1ef7158: +49846ada7ae684971dd91710799090b37fe5ad561d72a35f2efb405f196ab0ec4d370a8194a3045b09b3bdafa27fb9acd59943a54ae14cbaaa2200eb0f3da71b:4d370a8194a3045b09b3bdafa27fb9acd59943a54ae14cbaaa2200eb0f3da71b:ab398d94f928b1d42102a3e513ccd1cb10899011039410a8888bba26df1a0372bdba0ce8d854af51e9330a8daa93c10580906a8ac72d294aeb9566fe1c78ba8471c06c4a8a75113b34893f6276ed813292053b956a465d847d2ece86e2da8a9f0fe3db52a5aac746ef96485ef81f1362b5a42eaaee1fbb0646704471a21bf76367beaa07812b3d32adcdedded7539e3a501b83c05b19a49b520ededc9a78a5fc2d5012f1d4e381844e792ed90b0f57bce375c75a658b2c78c6ff7d9efcd4bfa35c4768cbb195e4823d9bbd835a374fa04ca1eaae9c566d8fd5aa7ca5efe0dfc317fffa409ef1022f1c3b376a935af557083e95287b07a98ac6c1b7bd8bb26b60fa7c4bc91973b201b29922b4b9d03dd6882a0bd3b7d9e5b81ee74c36bec665e4343c8c9ad336da3850c9b2697fe1cce29c378622a33c248f448c88f48df0260143b2a342f1ddee74d3b97ca3e1166b156993dad30c49d810d74048bc6d467652004d7edb65c6dac3a2c5d300b97ee3a10a9e14b69f3cad675972962e1f8ed97547adedc47d1cf3471ef3b22fdbf78e34f31a3bb7669c41bd9292c380bce9a42d84bc27ac928b8bfc3c63d20ccdb478df7ddf421fb1cd905ffc4c04786fd9aef06b8938ab8ef522217b2c04515f61a1c312ea83253f8458c0918fcfe874e6e7fb11275db2a2ec79a2d868303233c1b697952a3bfd3ad0a6f6cdd5e72cc9409f7410a40d5b4536dd46eb1611ae86703671b3a0515a0377bea15654ba0a0d1e4e9602632842f2acd4ef993236e993f2650d59923f24e2cd30932d8bf8aeec644472ba46a07881496c92a0135c675aeb0ce6181088db8f156cfe7435cac6c97da637db4a89f51331da13731e741fccc0355542ce11efa69d0538d3ef127aa68745ed3085d29da90dc583701b6b3a70a3ef3e16a924b33203b92396c4b945f127a7888fa05015c0603007566729237cc0782b30c020d9959547feec9f4d676460bfe0c5c19ceabaee0682db8be69135181ec0fdd9f7a66d50bdc379e4a2c598178f9593946aca6405b177fcade0f86421583ed67eba187222a1e44495b3ae544fdca28e2c14485eab0471aaa803c29a9d8a48926764fca1df51407ad33ec17e941e6e2617237a84309873dc71365587bde4274b5dc327ccb1e1e9c857e042ccca8d8552ba288c978cfa0af99d67cd034060628e23525dbca207679ce29690878448553cd38675bce07bf97b9317dc44468b768b158b0c111d63a572235655c40e16597ca059f40c3d8ac5bd61a487c15313846a704a7811b8bc0cee61e34762b6c1b7cea1c46e6087e9a36f89918a258b3fa77620be10c184c3fc39739024e98278fd65b82cad83699f3ad8c6eccbec8b7b1bd7914d3f6c3d02bf40283b1c1f1e98e308beaebbf894b8f5e91bbbc62535f923:a5c809d1ca4cfbb3dc70a2a3a1f267c27330420719e3606218a1471cac57cb674b9b42827c5e9a7b25c8139c13dff60bde6c2dbad3a8361197c1fb19d2cd520bab398d94f928b1d42102a3e513ccd1cb10899011039410a8888bba26df1a0372bdba0ce8d854af51e9330a8daa93c10580906a8ac72d294aeb9566fe1c78ba8471c06c4a8a75113b34893f6276ed813292053b956a465d847d2ece86e2da8a9f0fe3db52a5aac746ef96485ef81f1362b5a42eaaee1fbb0646704471a21bf76367beaa07812b3d32adcdedded7539e3a501b83c05b19a49b520ededc9a78a5fc2d5012f1d4e381844e792ed90b0f57bce375c75a658b2c78c6ff7d9efcd4bfa35c4768cbb195e4823d9bbd835a374fa04ca1eaae9c566d8fd5aa7ca5efe0dfc317fffa409ef1022f1c3b376a935af557083e95287b07a98ac6c1b7bd8bb26b60fa7c4bc91973b201b29922b4b9d03dd6882a0bd3b7d9e5b81ee74c36bec665e4343c8c9ad336da3850c9b2697fe1cce29c378622a33c248f448c88f48df0260143b2a342f1ddee74d3b97ca3e1166b156993dad30c49d810d74048bc6d467652004d7edb65c6dac3a2c5d300b97ee3a10a9e14b69f3cad675972962e1f8ed97547adedc47d1cf3471ef3b22fdbf78e34f31a3bb7669c41bd9292c380bce9a42d84bc27ac928b8bfc3c63d20ccdb478df7ddf421fb1cd905ffc4c04786fd9aef06b8938ab8ef522217b2c04515f61a1c312ea83253f8458c0918fcfe874e6e7fb11275db2a2ec79a2d868303233c1b697952a3bfd3ad0a6f6cdd5e72cc9409f7410a40d5b4536dd46eb1611ae86703671b3a0515a0377bea15654ba0a0d1e4e9602632842f2acd4ef993236e993f2650d59923f24e2cd30932d8bf8aeec644472ba46a07881496c92a0135c675aeb0ce6181088db8f156cfe7435cac6c97da637db4a89f51331da13731e741fccc0355542ce11efa69d0538d3ef127aa68745ed3085d29da90dc583701b6b3a70a3ef3e16a924b33203b92396c4b945f127a7888fa05015c0603007566729237cc0782b30c020d9959547feec9f4d676460bfe0c5c19ceabaee0682db8be69135181ec0fdd9f7a66d50bdc379e4a2c598178f9593946aca6405b177fcade0f86421583ed67eba187222a1e44495b3ae544fdca28e2c14485eab0471aaa803c29a9d8a48926764fca1df51407ad33ec17e941e6e2617237a84309873dc71365587bde4274b5dc327ccb1e1e9c857e042ccca8d8552ba288c978cfa0af99d67cd034060628e23525dbca207679ce29690878448553cd38675bce07bf97b9317dc44468b768b158b0c111d63a572235655c40e16597ca059f40c3d8ac5bd61a487c15313846a704a7811b8bc0cee61e34762b6c1b7cea1c46e6087e9a36f89918a258b3fa77620be10c184c3fc39739024e98278fd65b82cad83699f3ad8c6eccbec8b7b1bd7914d3f6c3d02bf40283b1c1f1e98e308beaebbf894b8f5e91bbbc62535f923: +83343e37ad091a85eec370701b81a58f9370a4b0423a070d60f92d8d1809844e50b68bf726eabca53ac6c90d4eac554703712d22105554f05bf79f9d08fcc493:50b68bf726eabca53ac6c90d4eac554703712d22105554f05bf79f9d08fcc493:c7dadcac5d8795e174b69138912e70ff41e7a725faf385b773ed15098972b30d9b739372d975b480ccfdfc580e2e2ddf5e3c27ee791279ab95e4382b1459dd8d41ae360d4a878846692924feef390c0dbbfa35e4b82d7cbc33ee1581c52bd949385b2ee40263a57da1174bb4acad37cd8ae2a6b45f7a6d6bbef5a798ce85b9e05e7647e334ecfc776378de174c497c0f4075e625af7aed502cd1cf7f588d0d807f02e32f4300f228a50a667b5ad1fbbc17e0b3c57051ddc602f576079f6fc5889b7f2900711334420fc666f66dbaff4126336c353f1e5b564a664537f83786da5c5627745406d7b2fe3233bfd58ef464a06c95cfd0b988a76d053a644bcc159cad53a7c5dbb40eef5cd047056a3f09265b1325699c7d159d5c902440173357ffab8f7a5e389f468c333b782f80170ae90983af153f2e73bd2bef125e3d3868c2ab9ecf03aff76ecbeb18167ca2f711cd565851d7f04ee9d9b01b6d83a7605722620d28c84d6c1af42f6a769258f53c1f66da36666da5caa9bd9e8fbc169211b1aed9c2558f6aaf5b145abc721abb00720194e027035468bde3fe0b88884f4e9b26e771e6c7a0a55ea36fc50dec8cef162f9bba5b4b16105afd6e374e038d5c8587cfd7dd88290b2c9cab45a264d6540ea1416e6e4e74a12f45a2ef13cc8a36e7b0a26b902c3d96e2e2229202e25765694b943373d16e600bd786d955a4b3f1021640c39a0b6c691500281ae0d098cc7f385e18a07e62fa4a101ef5b78551fa29bd15ee0353a1a5ef9b216e8b0fa50750a34162b635a0bc5e5d7230aa19afa128aba6422d38eb77a3f0bb9dd8e4652f12070a37361c3725503c9d22e2face2ea74a7002406247dd86975f07575c9e7c6f41b53b26d5cf52c5acc2c5d98271434e9fa509c6dfbd724372aa5c13451aae393de0a186464f5d337e9f627b4f1c2909467065e89a422ec40ee1d80a133900a62f4e4f7e94eb72615e7ec2996c6c2430c3e957ceae2105a1e90eaeac0d31affa9f57926d71d972a9a2de11258cc1e728599c9fb3872491847e10c67efaef6b696a030ff0533a583bea1d04df25f7eef3a13b8e31aad133857df1b4e5ffbdee37f40f38d224c70ae04ef33b41b02e7191a86656b0d72b2cbb53c4908ca206f75734b27708154fcd8a97429cfd1f2da2429778438003f5b5b9c21d9ed23b8ad8a228eb4f65c24c1c59699a5c90aff773e5c676db362a1930ba16aba76ef8daa42b3eb2ccc45c934d23d4929a7ad9e3ef468b06a4995c80dd236a7bcf3879d8b79467f72b3384c160cc181714e92f2035e7b972a2cc5242d932525eae7c50bd263b0fa09cbd9d6f984b9cf6152d9a133c27843202d1e87fa5a6e1235d9c756bb8e68b05b98da54195223fdf0210253250633c11c5f60b5e67d7eefcaa6c2daa523137:9c6989cbe17e16caa253ffb1a64a106fb01782c99b1722baf1acaa42ae5b36b79b2a2cd8fc91f5ad8923817025a77825a05df8c417ec53c4a3aa1c0efd5bbe0fc7dadcac5d8795e174b69138912e70ff41e7a725faf385b773ed15098972b30d9b739372d975b480ccfdfc580e2e2ddf5e3c27ee791279ab95e4382b1459dd8d41ae360d4a878846692924feef390c0dbbfa35e4b82d7cbc33ee1581c52bd949385b2ee40263a57da1174bb4acad37cd8ae2a6b45f7a6d6bbef5a798ce85b9e05e7647e334ecfc776378de174c497c0f4075e625af7aed502cd1cf7f588d0d807f02e32f4300f228a50a667b5ad1fbbc17e0b3c57051ddc602f576079f6fc5889b7f2900711334420fc666f66dbaff4126336c353f1e5b564a664537f83786da5c5627745406d7b2fe3233bfd58ef464a06c95cfd0b988a76d053a644bcc159cad53a7c5dbb40eef5cd047056a3f09265b1325699c7d159d5c902440173357ffab8f7a5e389f468c333b782f80170ae90983af153f2e73bd2bef125e3d3868c2ab9ecf03aff76ecbeb18167ca2f711cd565851d7f04ee9d9b01b6d83a7605722620d28c84d6c1af42f6a769258f53c1f66da36666da5caa9bd9e8fbc169211b1aed9c2558f6aaf5b145abc721abb00720194e027035468bde3fe0b88884f4e9b26e771e6c7a0a55ea36fc50dec8cef162f9bba5b4b16105afd6e374e038d5c8587cfd7dd88290b2c9cab45a264d6540ea1416e6e4e74a12f45a2ef13cc8a36e7b0a26b902c3d96e2e2229202e25765694b943373d16e600bd786d955a4b3f1021640c39a0b6c691500281ae0d098cc7f385e18a07e62fa4a101ef5b78551fa29bd15ee0353a1a5ef9b216e8b0fa50750a34162b635a0bc5e5d7230aa19afa128aba6422d38eb77a3f0bb9dd8e4652f12070a37361c3725503c9d22e2face2ea74a7002406247dd86975f07575c9e7c6f41b53b26d5cf52c5acc2c5d98271434e9fa509c6dfbd724372aa5c13451aae393de0a186464f5d337e9f627b4f1c2909467065e89a422ec40ee1d80a133900a62f4e4f7e94eb72615e7ec2996c6c2430c3e957ceae2105a1e90eaeac0d31affa9f57926d71d972a9a2de11258cc1e728599c9fb3872491847e10c67efaef6b696a030ff0533a583bea1d04df25f7eef3a13b8e31aad133857df1b4e5ffbdee37f40f38d224c70ae04ef33b41b02e7191a86656b0d72b2cbb53c4908ca206f75734b27708154fcd8a97429cfd1f2da2429778438003f5b5b9c21d9ed23b8ad8a228eb4f65c24c1c59699a5c90aff773e5c676db362a1930ba16aba76ef8daa42b3eb2ccc45c934d23d4929a7ad9e3ef468b06a4995c80dd236a7bcf3879d8b79467f72b3384c160cc181714e92f2035e7b972a2cc5242d932525eae7c50bd263b0fa09cbd9d6f984b9cf6152d9a133c27843202d1e87fa5a6e1235d9c756bb8e68b05b98da54195223fdf0210253250633c11c5f60b5e67d7eefcaa6c2daa523137: +da013221b2f588af40e211a0f975d44f9d65028160514c396189f27c7b0666ea07117c6b0db5b6fda1edc4396c47c22b54ee0ce5375c3ec633c83afc53ad6ce4:07117c6b0db5b6fda1edc4396c47c22b54ee0ce5375c3ec633c83afc53ad6ce4:bc93ee1ec4728ac636a6248fcc4551c9d15980db8e5f54b0ef075a71970e176a3cb9182e32da7a8c2ac0cd7e595774575f9c83506a606face89512135d032ab05e39fff9c8ca6c25cd5d78ecc3ac323290c9c81626735e190eb5ae345ca7a958409f7743b0b1614916832217c57eee1b4f8e622ac052a93dd5b39d0761e40e9fbd8396f60a3bf6660c5fa99cd8139f68cbe0894e5c67e168cc74b2724e9d91d6000a0cec587a11463f72ee6ed255bd87eb30fd457596f688ca0ea73f30497238de21c93fbb1294db61e4a56089106d1cf7ce5a65ec3d12170ce7840f088a8d0e3aef17e531de478003570258e927f156e7961065afa666af38582b353cc477ba775cae45946d08db75215914da3261b62294e92afb381459c21dda4ea6ed795f79257c094dd608dc8e1b7c40cd29fea222088f65697ea88895d10acea8797360dcbacee269c606600adffdcf9c7c381d0ad6696967d9ff03e61a24906502b295e76f4d0875655b01e6ffcacc8ef01129c72a5846b60ec80017374e75d306403d9eccf26495d298120a0633835c5d1eff17c9c62476f752c89710adfa4d51617b5918173cba722540e388ffbffb966874db00404d06b0ce1139ba74143c76b8f4d33b2116e1cce175173a96fc151ea239bfc20d66fbb6f52a666c0e81cc2b80209106e2480e4111c70e7be4aabb68422f0b8c6ba15c142f82e6c7f378d7800a09eaa4da253c2fd91e1263c6b655bf70255d7e3bb4775523a0a9e7ff03797ee3ffca8a50d10f20d5e5a889ec5e334ef26cf7998b0836f656456888e137f39d3e43e2ce3c6ef540d95d9a20c42cb8ae2d9d0f25a891c363ead9cc423f9a323fe232281fb67f5be1c0784361460468a87e95dfa35d7f0ffa2211be6b5fb32d42ba6518ab6ea93780f431d3006731be4440e712974f74baea419f4022fa2502e1b2398e9386167d93eca92ca60dd7d91fe82324f682d94aa7a86ab034f8a9e952e8fc95bff4dfed6a43313abb92401b30c33c79a7ba3efdbe1628040fbaf443f3f980846fdb283dccd93fab09708b7d54861d74b1fe8f10701f211ba3d390e8a6ae407739646a79a58337a717a872009c2df6761c2425a32a0018aaf9646470cbc87c3a65c0e0effbaa528fe4783c772ab266b8f28268cf14af234b15816d1a3a491af5f297e33d5729715d512c373fef5ecc3f3954a60a2a0f64d829474119ca1a18f10578d04d638d5eeafc371a946f6ce7efbd2acce34e20441cde9a37d5a87dc619b0a727596cd12e15cd9784bb91f1399a59fc0a7a4af68b0d575d93387172973375c465df5d2d5e061a2a9b23b4915a0a8b8c1f0942094af728c8c31145fa7aaf74a21a3b032bb09c392205bf095bda986e5dd6627c1e417f650326dfe3a9c9994c6e0e01276f91f2987d2b85deda965491:10cb52d610e4a81d32869bffce3807e6391f782fcd538b554d09037fda72285b9662b1b1107c408178ac009f0525967388a7d85fa12359d3ce3875037dcf6a04bc93ee1ec4728ac636a6248fcc4551c9d15980db8e5f54b0ef075a71970e176a3cb9182e32da7a8c2ac0cd7e595774575f9c83506a606face89512135d032ab05e39fff9c8ca6c25cd5d78ecc3ac323290c9c81626735e190eb5ae345ca7a958409f7743b0b1614916832217c57eee1b4f8e622ac052a93dd5b39d0761e40e9fbd8396f60a3bf6660c5fa99cd8139f68cbe0894e5c67e168cc74b2724e9d91d6000a0cec587a11463f72ee6ed255bd87eb30fd457596f688ca0ea73f30497238de21c93fbb1294db61e4a56089106d1cf7ce5a65ec3d12170ce7840f088a8d0e3aef17e531de478003570258e927f156e7961065afa666af38582b353cc477ba775cae45946d08db75215914da3261b62294e92afb381459c21dda4ea6ed795f79257c094dd608dc8e1b7c40cd29fea222088f65697ea88895d10acea8797360dcbacee269c606600adffdcf9c7c381d0ad6696967d9ff03e61a24906502b295e76f4d0875655b01e6ffcacc8ef01129c72a5846b60ec80017374e75d306403d9eccf26495d298120a0633835c5d1eff17c9c62476f752c89710adfa4d51617b5918173cba722540e388ffbffb966874db00404d06b0ce1139ba74143c76b8f4d33b2116e1cce175173a96fc151ea239bfc20d66fbb6f52a666c0e81cc2b80209106e2480e4111c70e7be4aabb68422f0b8c6ba15c142f82e6c7f378d7800a09eaa4da253c2fd91e1263c6b655bf70255d7e3bb4775523a0a9e7ff03797ee3ffca8a50d10f20d5e5a889ec5e334ef26cf7998b0836f656456888e137f39d3e43e2ce3c6ef540d95d9a20c42cb8ae2d9d0f25a891c363ead9cc423f9a323fe232281fb67f5be1c0784361460468a87e95dfa35d7f0ffa2211be6b5fb32d42ba6518ab6ea93780f431d3006731be4440e712974f74baea419f4022fa2502e1b2398e9386167d93eca92ca60dd7d91fe82324f682d94aa7a86ab034f8a9e952e8fc95bff4dfed6a43313abb92401b30c33c79a7ba3efdbe1628040fbaf443f3f980846fdb283dccd93fab09708b7d54861d74b1fe8f10701f211ba3d390e8a6ae407739646a79a58337a717a872009c2df6761c2425a32a0018aaf9646470cbc87c3a65c0e0effbaa528fe4783c772ab266b8f28268cf14af234b15816d1a3a491af5f297e33d5729715d512c373fef5ecc3f3954a60a2a0f64d829474119ca1a18f10578d04d638d5eeafc371a946f6ce7efbd2acce34e20441cde9a37d5a87dc619b0a727596cd12e15cd9784bb91f1399a59fc0a7a4af68b0d575d93387172973375c465df5d2d5e061a2a9b23b4915a0a8b8c1f0942094af728c8c31145fa7aaf74a21a3b032bb09c392205bf095bda986e5dd6627c1e417f650326dfe3a9c9994c6e0e01276f91f2987d2b85deda965491: +5a868fb75ea0721f7e86c7bc106d7413c8cf4d033ce14005df23ce4c155bbd276d1e29f39deda2bbfbb57cb01cb39e58808278e5196ada1c027646f20487d252:6d1e29f39deda2bbfbb57cb01cb39e58808278e5196ada1c027646f20487d252:d5aa11825b99448c80630623d8c746017cfe3de6fa8a0c6ed6627127cfc1f84d4e0a54e6a7d908d3719f1421d1d4c78b3cdd94769ab6033bce979dd90e106802eba9a03295d48f9b9a95d57ee7745402a48023bf3bddd5c6b91c773e491913a38ac3462605cf282deac75742fbd27529276e81dcce8dff9605035e8cf05df6a43db151f0415765bcbd1f1bb668ad6273b891c0dc4f3dba590ea82f8363769b9c77511947117375dc4904d48b88b68a255b28011b11048194093e98207ab1cf756ab8331f8d6f9d5be2e1190573e95e710f2a3501b53aa0825d6c12dcfb94ac80dc1082cb4ad262e6d493adceb6bc19145fbf738df76f2134fa04cbbe44ffc55ffe5f9d3e9bebd159a001aa9bf78892a16538a520823cde5d61e29a56a77ab96e49e300d9865962c7e7fb8bcf5de0b938297c3f4d6f6021e24dfdad9861652f340f421e7af2c71ed9a71587fc753b115549b2f7f7cb29690ea2b158a94cd2bc42e7063d619b939d523e3c237eb1f40810de0b44aa6937863d629edd5575e6c0475261b627473092775c84360011d57c57209c2e875a3f8963e8b241a7aa75ef30c4a718ac4dd466dc7a3e40e5874f157a849ed3a3a9d4aeb7d94df09bb55a0b2bc9f8b695c37179302367606367c5f324828ce75a944f50703a47906a8088f3a11cfe4a854e01f1741252c486337d06b1cc6c6b9b1295431ee07359357b3a78ef5075b65d7fed5eb742e5101598444b46623f89a303acc10c732449513b70dc456a79d37c48e5e726c2f558da0a1c46efbd2d920326a678b8a22f0944be4af55b6c71f453fbae400e6acc04e0e95ca200167e96ee98ea839316da93a12c2d76f11aeebeb78e65ea48f7feebbb137b2ac67eaef02a2d9e6471dd634a037d4f5d35a2f78af41a8ea5af5bc8150a99ed68a6a0ccff2b1d7965d8bc3ef9285ba6421d87c33aad8103a587be01926845bfbddbafc69c4b9252886720d418509f40f3dcf55765dccc3deed8277215e69f056ba31b8a30b50094ea8f144720760c8f8c055cf1a86964ffcbb8ee1bb2181276ea99a7b8e71067fa310ba4471e84279037bc492a55de205548e77b014504ee6664c4988cbb9ed91ff32e2259ed4cfd61a197d0dbc32c68f6549c0d29fc45f36acb26b164de97ccdc37900d93cdbcf9687ef53f1f4da1b1ae4225b884209e81ba4311520477ed4211b09240bd7b825e54739fe25d8624af04b86f6d1106d18170e5064d1a73c1fb1a27b289a948d771a2f6b8b09a635db96c6251c35a1876d369626699416c0e40298a681fdaf5255f58c2557759d8f5df148dec9dbe1ce6df041c36f83e69ccfb4aaca5cb48fa6a85c8ff66061524d8b11bd7ffaed99d0cd45c42010f21d36cc316ca860955635bffaa7d9aac572dccf3153d42ee8a2b12baa57c160bd0ad:38c48dba99a6524a188d5cd78a98e677dd263ef6b4df446b310b3dd89cafddb9b17a65bba8e13968bdc25b1d84b6e2436edf31aa756e3a48726d6f91c808ee0ed5aa11825b99448c80630623d8c746017cfe3de6fa8a0c6ed6627127cfc1f84d4e0a54e6a7d908d3719f1421d1d4c78b3cdd94769ab6033bce979dd90e106802eba9a03295d48f9b9a95d57ee7745402a48023bf3bddd5c6b91c773e491913a38ac3462605cf282deac75742fbd27529276e81dcce8dff9605035e8cf05df6a43db151f0415765bcbd1f1bb668ad6273b891c0dc4f3dba590ea82f8363769b9c77511947117375dc4904d48b88b68a255b28011b11048194093e98207ab1cf756ab8331f8d6f9d5be2e1190573e95e710f2a3501b53aa0825d6c12dcfb94ac80dc1082cb4ad262e6d493adceb6bc19145fbf738df76f2134fa04cbbe44ffc55ffe5f9d3e9bebd159a001aa9bf78892a16538a520823cde5d61e29a56a77ab96e49e300d9865962c7e7fb8bcf5de0b938297c3f4d6f6021e24dfdad9861652f340f421e7af2c71ed9a71587fc753b115549b2f7f7cb29690ea2b158a94cd2bc42e7063d619b939d523e3c237eb1f40810de0b44aa6937863d629edd5575e6c0475261b627473092775c84360011d57c57209c2e875a3f8963e8b241a7aa75ef30c4a718ac4dd466dc7a3e40e5874f157a849ed3a3a9d4aeb7d94df09bb55a0b2bc9f8b695c37179302367606367c5f324828ce75a944f50703a47906a8088f3a11cfe4a854e01f1741252c486337d06b1cc6c6b9b1295431ee07359357b3a78ef5075b65d7fed5eb742e5101598444b46623f89a303acc10c732449513b70dc456a79d37c48e5e726c2f558da0a1c46efbd2d920326a678b8a22f0944be4af55b6c71f453fbae400e6acc04e0e95ca200167e96ee98ea839316da93a12c2d76f11aeebeb78e65ea48f7feebbb137b2ac67eaef02a2d9e6471dd634a037d4f5d35a2f78af41a8ea5af5bc8150a99ed68a6a0ccff2b1d7965d8bc3ef9285ba6421d87c33aad8103a587be01926845bfbddbafc69c4b9252886720d418509f40f3dcf55765dccc3deed8277215e69f056ba31b8a30b50094ea8f144720760c8f8c055cf1a86964ffcbb8ee1bb2181276ea99a7b8e71067fa310ba4471e84279037bc492a55de205548e77b014504ee6664c4988cbb9ed91ff32e2259ed4cfd61a197d0dbc32c68f6549c0d29fc45f36acb26b164de97ccdc37900d93cdbcf9687ef53f1f4da1b1ae4225b884209e81ba4311520477ed4211b09240bd7b825e54739fe25d8624af04b86f6d1106d18170e5064d1a73c1fb1a27b289a948d771a2f6b8b09a635db96c6251c35a1876d369626699416c0e40298a681fdaf5255f58c2557759d8f5df148dec9dbe1ce6df041c36f83e69ccfb4aaca5cb48fa6a85c8ff66061524d8b11bd7ffaed99d0cd45c42010f21d36cc316ca860955635bffaa7d9aac572dccf3153d42ee8a2b12baa57c160bd0ad: +c54bd3431f2659281d31e93b30787668bcba6e5ee47db46e50deabe3f48c9ed81eba6eb3f7f24cdf80abf8a19d308c24f1e25ba15970eda7116707b0f12cf932:1eba6eb3f7f24cdf80abf8a19d308c24f1e25ba15970eda7116707b0f12cf932:6f8cdd75e1b856bbbe9cdc25537fdf7e8236cb029acd3984492110d0c30441d42184b5fb183da9f3140378dfa7d74ccc9ef500193cc9579fffa60bd2a8ab9e09581500cf06cd35abc171d9d12c6580d9682f9f49fe36d0a3177238fa50e7eb4c27e460f5e4580a56568a19e03d95b0ff4f4a231824cd2f3442e0ba400bc11b7a989d501f5df35e4301508f72a852014bfbf4001e28095473d9659eed6067baf68f92bef312c09b19aaf7c4fba3d902b9f6cf952eb9b9a53ca8bcbd042d842e9853b672a1d009d823838bebe5637c4c07ed1b1948554b23b32de1d6c116f933b354f28bbb779fa6548c48292b612c7f551a75fbc46c02736bf99e9c8ead56f05ab0427a6ec616e3dcc7757efdb7628d4e96325fe0ae254cef5cb7a704b35a920cb3fa2a03e961daf371821be0b30f19ae4952441e08a7d22f5431390a5be8097fd5797a1a6297664da42c2008d0321060ebe3181eb795a728925808da7867293b7208f377d3a771185e6d2c1c8ce18376fe3c0c1458c7f5be34f428a0d575931074c97cbfce8ad81313ecca73a9f3db434fbad4bbbff502bf7297e17a97a8864211e6789ba192036ea59a34d84ff2a111074c3f2373b10111b5daa789560cb35490954c88ea00c410df850ad00cae2f28e719fb06716988a9bb0bfc6c989d587e5685ae883c2c2e74ddbf915c9856aae8f3288fc625bfb2fe268d74f59f8b7d8363749769169007d5e67b7d0b8c8f5a9d9f9c7b745c0a4294762cbeca42d5384961e921a7efb65da8d1e03b6745cdf308097fb13d64fd2f8c10fa9509eb2d91387f00645ca7d0483b2cd14c206b8d7ae0a3fb7c09bc6843d102adcda19f8bbd851eb683c4435ceb4b3d23d38f56d4d1114eef0fc6f24df52770d8f1f3f82f4720e892b315244ef56c36b23fcd407978524140382e11740fd46fe4299923f52b88b4a9cff4b2b4b23a2e760ad81c78ba876931d9aaa4beed40fb10a799eb30d37f754778bac85bf0631d852be7d74a6431f384a4025c1091421d67a4e9c94c1be3690c6bf81d06bdaf32feabbaf1dc263f273a0b9ed65460baefcefcf6acccda0edd23df9e05128e29d661c4b44bd92d640faa853afd8370e563b40ae0149a1428e06e3dd8e66b79da21cc753ddc476e3d76e2f36f2b6c6bc1b65087d5f86c8ac354711a8c08f3486e479d6ae943f8846332d4e5b4bb2e8257e3083df4f81dd4f0c1ee1d97182166161a18597ee0b959de1c45591abf7c51033d7c66352deeb682e777aeae2fa8d3a77f470db78ddc1b1fc82840c4065776d9bfca9d392d9288ee9132aa3e4f2d19d0d93e01b666f3647abaf225c292419c8a82eba3e11ab103846fcd4935f41241477c0f152b7965ad54bb72bc3de2e0b79d6225e8fa7a6286b5fccbb35822e80c8bfea74cb48a22d241385395c2:df4541dff1a9797feb617f98e4b57aa7714131ee8ff545ed5082e3568efd1c399cdc56f5582991eb8785fb33864eef7f553f3e248262ed548a1a6888f92e920e6f8cdd75e1b856bbbe9cdc25537fdf7e8236cb029acd3984492110d0c30441d42184b5fb183da9f3140378dfa7d74ccc9ef500193cc9579fffa60bd2a8ab9e09581500cf06cd35abc171d9d12c6580d9682f9f49fe36d0a3177238fa50e7eb4c27e460f5e4580a56568a19e03d95b0ff4f4a231824cd2f3442e0ba400bc11b7a989d501f5df35e4301508f72a852014bfbf4001e28095473d9659eed6067baf68f92bef312c09b19aaf7c4fba3d902b9f6cf952eb9b9a53ca8bcbd042d842e9853b672a1d009d823838bebe5637c4c07ed1b1948554b23b32de1d6c116f933b354f28bbb779fa6548c48292b612c7f551a75fbc46c02736bf99e9c8ead56f05ab0427a6ec616e3dcc7757efdb7628d4e96325fe0ae254cef5cb7a704b35a920cb3fa2a03e961daf371821be0b30f19ae4952441e08a7d22f5431390a5be8097fd5797a1a6297664da42c2008d0321060ebe3181eb795a728925808da7867293b7208f377d3a771185e6d2c1c8ce18376fe3c0c1458c7f5be34f428a0d575931074c97cbfce8ad81313ecca73a9f3db434fbad4bbbff502bf7297e17a97a8864211e6789ba192036ea59a34d84ff2a111074c3f2373b10111b5daa789560cb35490954c88ea00c410df850ad00cae2f28e719fb06716988a9bb0bfc6c989d587e5685ae883c2c2e74ddbf915c9856aae8f3288fc625bfb2fe268d74f59f8b7d8363749769169007d5e67b7d0b8c8f5a9d9f9c7b745c0a4294762cbeca42d5384961e921a7efb65da8d1e03b6745cdf308097fb13d64fd2f8c10fa9509eb2d91387f00645ca7d0483b2cd14c206b8d7ae0a3fb7c09bc6843d102adcda19f8bbd851eb683c4435ceb4b3d23d38f56d4d1114eef0fc6f24df52770d8f1f3f82f4720e892b315244ef56c36b23fcd407978524140382e11740fd46fe4299923f52b88b4a9cff4b2b4b23a2e760ad81c78ba876931d9aaa4beed40fb10a799eb30d37f754778bac85bf0631d852be7d74a6431f384a4025c1091421d67a4e9c94c1be3690c6bf81d06bdaf32feabbaf1dc263f273a0b9ed65460baefcefcf6acccda0edd23df9e05128e29d661c4b44bd92d640faa853afd8370e563b40ae0149a1428e06e3dd8e66b79da21cc753ddc476e3d76e2f36f2b6c6bc1b65087d5f86c8ac354711a8c08f3486e479d6ae943f8846332d4e5b4bb2e8257e3083df4f81dd4f0c1ee1d97182166161a18597ee0b959de1c45591abf7c51033d7c66352deeb682e777aeae2fa8d3a77f470db78ddc1b1fc82840c4065776d9bfca9d392d9288ee9132aa3e4f2d19d0d93e01b666f3647abaf225c292419c8a82eba3e11ab103846fcd4935f41241477c0f152b7965ad54bb72bc3de2e0b79d6225e8fa7a6286b5fccbb35822e80c8bfea74cb48a22d241385395c2: +ea60da0179bcaf6b218142b1119046ffe6d85a741b0d166230bc6de3304f6773506b2ebb49bd9b9ff66e6b7b1fab9668cb181b4fb5e4343dddd3f8a9d702031c:506b2ebb49bd9b9ff66e6b7b1fab9668cb181b4fb5e4343dddd3f8a9d702031c:612d6ef6e4349ffae516e983e8fa7b52d9fd134282240d95143824bd4aae03234b76a8cd6d4068cf009e481c2685361c755042c4e6ab8703ecbf8f020cf5739a4c2a03c3731e9cf75aee25966153b9711515c6c39afa95f221ac3395b089c97ac9b514e17d55f796a3ecc135faaaee907aab1029647b48ac81749bab26627cf7095d74c2fcee35671c8bb46053f5151b0c2e5dabe0f2d6aa20413305020b2afd9ee3387b2c9ed0bc3fe2902af4100cec23327b0f1e4ca39ef6eaf6fdf5d5acf93fc868536d8cba401769329fbe93effc7ee6bf93a6e588bd551eaa512853952c81b245e5d229d294e41370b867808667887a6f9eba2a8d56a7a704e66b1c02f96e73895f483e44a5c566cb1af26573bfe2afce06b1fb5877e51ef3126a3f210fbf213ed65d5ca46c46ce4aa945bd8ca611e3836250f564f7ea35423982f9705fcd6bef46ae16cb0f6bc912c3f28642b8d87775b818e4e4e8061167899bd27a7e2fb8187ee9917d2d586bf9d499e8fabca83ddf58c7437eaacec4f444fb2bf745dccd8cae38944571dede2037dc41f0818a3d91e3020a7274c6674247876083d0e39746c9684061bf74ad588436ce1b763dbf4bfcf8de6e35c5a7626675c127292b21df3c16f81063322a75f3438886f1f0cebfc1a96f41384cbdd861b04f519ff6a9344d94f3d3a0aba8409dfcf18d01f2b5b455171639eea77dee706ea83dcd2b8b1fc5ec0d740761a5f05f7ec8d87ad1f292a50c8bae0ad32b03419a950d9fe3b3ecc4d8d3aa95e02b51b1831d83eadeaa44238635f9c65efe2f6744a70b9ae41ef15d97908c0533934412f79583d0e9b3d706a128e88fb51eedb65e46d8a2b38bbdd6455554967a8dc0c68bddfeae0f8f72f0b886c3c741fac4f91e5c491dbae9da4594836cf1d9fb6ee130025089aed350ef247bc9887a2050159dded1428ffd9b07b9ec2e3d4bbdc2ddb54e873b63f2475233e19133a14b6658509457008186d6225995a96726b529f44281aa24fefd1cff8f815d93a5986931662290b3ee16833c60f0afcef2cbc000623f3931909ca976a094e2b0fdb7dcf7c485e14988a36f19b66425385f5632cef65d1d3414623ae3ee816e763a5f606466622be6602114502951cf0c097c1648a72e2c43d9afa9689f2c3cfe026cdce3bd1bf9ebf777562ecd8ff1b0d775306d900443f30a843310b8de6a38ff108b723913d7899b9fbe7c3d766ef8bdfb6d8b0b52956cb1cec9936d70b487c01440a842b2fabe38e7b8851a387d358be7ef12a7e4f2b527e83090d67eb013c9c2cfd3de5a1a3f99748a41f4819d9036e500c504c988bfd24f617d6ebdcab2ddeaa61579414f360b469a33a6ded96ba1d8c140c4ffc94990d8adf78cd38780bd68663d1a0ee33f537cdf892d562e82dcd1d912cad38d65567d291406:27fb6b5f06528a64198a3e7d67c738840a8cff4b482b4d524b122d17d2aebcc0389be2c6e28e2cdfc484c18de425db56cdfa561c507cd970602d3a385d3aea0f612d6ef6e4349ffae516e983e8fa7b52d9fd134282240d95143824bd4aae03234b76a8cd6d4068cf009e481c2685361c755042c4e6ab8703ecbf8f020cf5739a4c2a03c3731e9cf75aee25966153b9711515c6c39afa95f221ac3395b089c97ac9b514e17d55f796a3ecc135faaaee907aab1029647b48ac81749bab26627cf7095d74c2fcee35671c8bb46053f5151b0c2e5dabe0f2d6aa20413305020b2afd9ee3387b2c9ed0bc3fe2902af4100cec23327b0f1e4ca39ef6eaf6fdf5d5acf93fc868536d8cba401769329fbe93effc7ee6bf93a6e588bd551eaa512853952c81b245e5d229d294e41370b867808667887a6f9eba2a8d56a7a704e66b1c02f96e73895f483e44a5c566cb1af26573bfe2afce06b1fb5877e51ef3126a3f210fbf213ed65d5ca46c46ce4aa945bd8ca611e3836250f564f7ea35423982f9705fcd6bef46ae16cb0f6bc912c3f28642b8d87775b818e4e4e8061167899bd27a7e2fb8187ee9917d2d586bf9d499e8fabca83ddf58c7437eaacec4f444fb2bf745dccd8cae38944571dede2037dc41f0818a3d91e3020a7274c6674247876083d0e39746c9684061bf74ad588436ce1b763dbf4bfcf8de6e35c5a7626675c127292b21df3c16f81063322a75f3438886f1f0cebfc1a96f41384cbdd861b04f519ff6a9344d94f3d3a0aba8409dfcf18d01f2b5b455171639eea77dee706ea83dcd2b8b1fc5ec0d740761a5f05f7ec8d87ad1f292a50c8bae0ad32b03419a950d9fe3b3ecc4d8d3aa95e02b51b1831d83eadeaa44238635f9c65efe2f6744a70b9ae41ef15d97908c0533934412f79583d0e9b3d706a128e88fb51eedb65e46d8a2b38bbdd6455554967a8dc0c68bddfeae0f8f72f0b886c3c741fac4f91e5c491dbae9da4594836cf1d9fb6ee130025089aed350ef247bc9887a2050159dded1428ffd9b07b9ec2e3d4bbdc2ddb54e873b63f2475233e19133a14b6658509457008186d6225995a96726b529f44281aa24fefd1cff8f815d93a5986931662290b3ee16833c60f0afcef2cbc000623f3931909ca976a094e2b0fdb7dcf7c485e14988a36f19b66425385f5632cef65d1d3414623ae3ee816e763a5f606466622be6602114502951cf0c097c1648a72e2c43d9afa9689f2c3cfe026cdce3bd1bf9ebf777562ecd8ff1b0d775306d900443f30a843310b8de6a38ff108b723913d7899b9fbe7c3d766ef8bdfb6d8b0b52956cb1cec9936d70b487c01440a842b2fabe38e7b8851a387d358be7ef12a7e4f2b527e83090d67eb013c9c2cfd3de5a1a3f99748a41f4819d9036e500c504c988bfd24f617d6ebdcab2ddeaa61579414f360b469a33a6ded96ba1d8c140c4ffc94990d8adf78cd38780bd68663d1a0ee33f537cdf892d562e82dcd1d912cad38d65567d291406: +b62c241878273513e0bf6f33d2104365b2ce9c5a1b786058e9c5b4d1d192f87fbbf6fc5198f3fba5ab007f8a632d28d1af865d290fa0a90faa9a9b5b9c13f3fb:bbf6fc5198f3fba5ab007f8a632d28d1af865d290fa0a90faa9a9b5b9c13f3fb:26a3c26a5a189cad407cbaa3a6867ac0a26088c75f9d0fa19bd50274cec5755a497109a473284d6fc81ad4b9ec29fa7ec9764fd3099f060e36836552ff2413e3d5095fe0b1a8bfcf67ee06aa9032e7bb3249698047714d281415273c9834ad9eb665a7d97220e72d9ca73f31afa7738675ba3162efefe7479a5bc4bce2e8b7af4741d703dc9bbd60b4cf4b9087f6cf86cf53aed02bf4ca6a18f607cb52a303d78e85ad88fdfc86dcb7187727b03be227745bea744fd006525bc59a4dddab915cef40a8f30802913b7913eaf974336552e2f1456ad803dc58c9b4b18efaf7f7e357e2cd77d138d90080e296d1364a2f324d3e0d6edc20b8bdaa9d2e871f5e7b051fb6fcdb5595f21d3f8de29fb78678fa479eaa32579c784d513ac5f836d954d0d3fc0e5fc8a6eeab90202b4c4a2bec24cf63ea67c470096218cd431e883105fc9c27f9ea77c18eda69bc00a2242bd420f095c9b9a92d956ccc5a8572b057a7fe173eeb2a3166cb2089d113a816462b25805b8abaff5b0b2287c508ec2b8c34b2195c332870d3cc396017a16b9e0da6182d071d3bf363d3f1e7b7da11d711250a58afd74ed3e3158d4718bad4d274bb3444cfc318074b53beba44a2a34ff8eb726e4a1daa911051621651898b887169f62b9c0f4020483ef544f8f572fa6a6640a4cffce976cb7024f847bdc95d1d7ce653505debfc6988ed289dd47a9eb261259e3e65e45fc9d714946935cd8ea13bc6db5eaab9e8b10dae0fdd6979c2035cfb8098252f2205443b808816bf7787b7f1e78bc98a7285e733d45fc4610c20977ca3229889bb8cd2b694ce9e3fe78303af83e106422542fb7961d32eb1d2c5fbe60751674b074773ee0616e02973f6a74a3ae4664a2650915a3e10493b9e66a39fa5c89c61d44735f107d33757ae679b43a8d43a01757ae1f3279e862442e150715550ee82e49c0d4943faf13f22791f0e66f24ac50ab3c003852b21e15b2f006edc2cd6a879c476ab5b352eb1099dad4c50372400faa5498d78c6b857034c25caf7b933faf6bd7c59fa3da57397b603de9cb9d80e51f7997baa462acd537e2c4194c76c7e0be6512bce4d63660b36c7cc46631fb9671ad8c5d28e2f2ee2edce81954421b8a3d9ff6f66699f4bce88bcb8ef192c262a74ab7e191eee9101a28d4b66282b5122093d141c6496c7aba4d352e472ee7440e05af60da0cfc93e303642ba8fb8e5c568687abd63afb3ed6a32b6dae56a7e5d73debaf41d35ca36adb97a22c0adbe718bec1fa51998de9b4b96a79c5b9655b0165d5e1b9a8cc552e8c9329ede58df74c67b2ba1a842fd3e8158c1fea3a99b56a2c2a96207853d26022cec170d7e79944d2f56aab1f191bfd48d725490ca82b8d906f0680e69eeb9575774fb9d604513fbc26f5d303b6885cac0bf8efee0538f92:c59039587b38dc141e055a93850104d629e380705b8fc918847c5e2a352da3a02fce7f7199f4ae2b1e2a59483418932e185f7e45b5050c642cecc7e78199850726a3c26a5a189cad407cbaa3a6867ac0a26088c75f9d0fa19bd50274cec5755a497109a473284d6fc81ad4b9ec29fa7ec9764fd3099f060e36836552ff2413e3d5095fe0b1a8bfcf67ee06aa9032e7bb3249698047714d281415273c9834ad9eb665a7d97220e72d9ca73f31afa7738675ba3162efefe7479a5bc4bce2e8b7af4741d703dc9bbd60b4cf4b9087f6cf86cf53aed02bf4ca6a18f607cb52a303d78e85ad88fdfc86dcb7187727b03be227745bea744fd006525bc59a4dddab915cef40a8f30802913b7913eaf974336552e2f1456ad803dc58c9b4b18efaf7f7e357e2cd77d138d90080e296d1364a2f324d3e0d6edc20b8bdaa9d2e871f5e7b051fb6fcdb5595f21d3f8de29fb78678fa479eaa32579c784d513ac5f836d954d0d3fc0e5fc8a6eeab90202b4c4a2bec24cf63ea67c470096218cd431e883105fc9c27f9ea77c18eda69bc00a2242bd420f095c9b9a92d956ccc5a8572b057a7fe173eeb2a3166cb2089d113a816462b25805b8abaff5b0b2287c508ec2b8c34b2195c332870d3cc396017a16b9e0da6182d071d3bf363d3f1e7b7da11d711250a58afd74ed3e3158d4718bad4d274bb3444cfc318074b53beba44a2a34ff8eb726e4a1daa911051621651898b887169f62b9c0f4020483ef544f8f572fa6a6640a4cffce976cb7024f847bdc95d1d7ce653505debfc6988ed289dd47a9eb261259e3e65e45fc9d714946935cd8ea13bc6db5eaab9e8b10dae0fdd6979c2035cfb8098252f2205443b808816bf7787b7f1e78bc98a7285e733d45fc4610c20977ca3229889bb8cd2b694ce9e3fe78303af83e106422542fb7961d32eb1d2c5fbe60751674b074773ee0616e02973f6a74a3ae4664a2650915a3e10493b9e66a39fa5c89c61d44735f107d33757ae679b43a8d43a01757ae1f3279e862442e150715550ee82e49c0d4943faf13f22791f0e66f24ac50ab3c003852b21e15b2f006edc2cd6a879c476ab5b352eb1099dad4c50372400faa5498d78c6b857034c25caf7b933faf6bd7c59fa3da57397b603de9cb9d80e51f7997baa462acd537e2c4194c76c7e0be6512bce4d63660b36c7cc46631fb9671ad8c5d28e2f2ee2edce81954421b8a3d9ff6f66699f4bce88bcb8ef192c262a74ab7e191eee9101a28d4b66282b5122093d141c6496c7aba4d352e472ee7440e05af60da0cfc93e303642ba8fb8e5c568687abd63afb3ed6a32b6dae56a7e5d73debaf41d35ca36adb97a22c0adbe718bec1fa51998de9b4b96a79c5b9655b0165d5e1b9a8cc552e8c9329ede58df74c67b2ba1a842fd3e8158c1fea3a99b56a2c2a96207853d26022cec170d7e79944d2f56aab1f191bfd48d725490ca82b8d906f0680e69eeb9575774fb9d604513fbc26f5d303b6885cac0bf8efee0538f92: +0f77f77a1c7e04bda8e534f4e3eff9a238cc14876b7e3eca8bede1923a3364061045ea9fe214583a0cdbc494932bc44afeeb080bec485cc234fddcff139cce00:1045ea9fe214583a0cdbc494932bc44afeeb080bec485cc234fddcff139cce00:0ecb746dbdb0161421afeb7adea7a37c2ea4408a592c9d781ed6ac6f4ee5cc65d5270e4cf27632f7c5c133d439b78d1f71aa6dd80713d90b151e19121bfa87710e84a4850a3b5b0265ba2603d0716e9b7e1122109c39c6f1027fce18798cbb4f6bc5e4d7aca4704690f5c981510871c313595798338681107f2b5794d46f6e0bde2cd064b3b1fc00ca47188bbbc1f4a0ce305cc6d8a896920eb9ebae579fd3385f8f1f35976288f4c58ffc4760f359b003c872e9a24055355ea9585e951069dca25fd0cc0b9db52aaeaf19d43f2eab4f835603ad12d2dc49b310256b94bed54896a16b69b09cb4c8ff5c23cce5593d87ade2a82ada50859e1544c18618a65c007ef424c9854a175b6e6c0e64b2c8eb8ad4d28b977d68e78169915198975394d3b9b269cab0d3261b2b56cd2cc4bddbd4f1439e0dbe2c9b3f3f7514edac5ebb4622b92a69a840a9028550b221db59ddfb001396f86392a17f08ccb194cd9e1a0081d7dd9cca2357feb8b795e517029f79c82a3be6f9a031dd1af1e79e4982bf8e76b310f9d355efcd5b1efa9f359c17cf3b510d513e8cd5786a0d3445dc59a8433a46488687b0f58b1bd6567c2af4873b51fc845e767e243005192f8f0674f281265a55d76cea322260c932cea6717adb98a2dda8c698e2e89255feb77da7648167bc1e58877feb72d1d14b0c304f07372d955675237c49f7a6dbc915e6814abae6cce4caf9f48087e9dfb282d8f340377c1e29c6731ccc2667da6695b712be0312d865111934f168d5544365ddae27abc64aefbcb322db7d97d90d957a637bd826c227e9eb180b45a431626a6fd890c0e5f4ed7e856474752f80b5aef6e73efdaa6c2c451bd74c1ef466ca3aaa2573bb52cb2b1ca96a1b574403ceae1cf05ffc53430e1e4cd5593bd1ef84bcbfe219f08160d166f2731d99b8d7a32b12991f77775a267ec08297ec512d7b72435632525c04000fb00a793f8b5f8f3747b55359df21b7e2c49f2b0b9ae082afc70a146871370b8d50086de00f9448be8902174ba2cc851fa379dd7031ca457a8869af4b6c2729dac519556b8bb4ab519ef1bb024ea8b7f01771c9aab748e57381a0192a6e398cbe6dd9f367cc7b3354f83b79bcda46b793a4ada85549c8d6bdd6168124362ff908aa1a0cb78aa330c42d5a5d481235acac3a919b969c50987266d404d15d0e706fd9007634f69e13c56ec47133884fcaddc16beeeed19e0cd917aa496367867dfcea274e1a47da774f3c9363021e7c8d6bf8f00053facc11cb68a9d6e1fc2d6d19175d6324ff7ca6c23058b8b693d8fd4e0b51dcbb113543f2fcc0452eb9d967ac0fa9b23e9e0b1da8d83a3c1fc9e9ec971f0f67fc745bb17376bc46245f528cb6e5fee11bcdda867b7f79019cf9db591858230aecb4d1e93d167cd86b42dd879a13fa0e:b20b9c4246f0d2970138af7dc9af629b68fbc37df87afdcadcb545c1768376a09c3babc3eb1af3b7519852f75fab1c9c119c662c5877fb2f7299cab57fad3d0e0ecb746dbdb0161421afeb7adea7a37c2ea4408a592c9d781ed6ac6f4ee5cc65d5270e4cf27632f7c5c133d439b78d1f71aa6dd80713d90b151e19121bfa87710e84a4850a3b5b0265ba2603d0716e9b7e1122109c39c6f1027fce18798cbb4f6bc5e4d7aca4704690f5c981510871c313595798338681107f2b5794d46f6e0bde2cd064b3b1fc00ca47188bbbc1f4a0ce305cc6d8a896920eb9ebae579fd3385f8f1f35976288f4c58ffc4760f359b003c872e9a24055355ea9585e951069dca25fd0cc0b9db52aaeaf19d43f2eab4f835603ad12d2dc49b310256b94bed54896a16b69b09cb4c8ff5c23cce5593d87ade2a82ada50859e1544c18618a65c007ef424c9854a175b6e6c0e64b2c8eb8ad4d28b977d68e78169915198975394d3b9b269cab0d3261b2b56cd2cc4bddbd4f1439e0dbe2c9b3f3f7514edac5ebb4622b92a69a840a9028550b221db59ddfb001396f86392a17f08ccb194cd9e1a0081d7dd9cca2357feb8b795e517029f79c82a3be6f9a031dd1af1e79e4982bf8e76b310f9d355efcd5b1efa9f359c17cf3b510d513e8cd5786a0d3445dc59a8433a46488687b0f58b1bd6567c2af4873b51fc845e767e243005192f8f0674f281265a55d76cea322260c932cea6717adb98a2dda8c698e2e89255feb77da7648167bc1e58877feb72d1d14b0c304f07372d955675237c49f7a6dbc915e6814abae6cce4caf9f48087e9dfb282d8f340377c1e29c6731ccc2667da6695b712be0312d865111934f168d5544365ddae27abc64aefbcb322db7d97d90d957a637bd826c227e9eb180b45a431626a6fd890c0e5f4ed7e856474752f80b5aef6e73efdaa6c2c451bd74c1ef466ca3aaa2573bb52cb2b1ca96a1b574403ceae1cf05ffc53430e1e4cd5593bd1ef84bcbfe219f08160d166f2731d99b8d7a32b12991f77775a267ec08297ec512d7b72435632525c04000fb00a793f8b5f8f3747b55359df21b7e2c49f2b0b9ae082afc70a146871370b8d50086de00f9448be8902174ba2cc851fa379dd7031ca457a8869af4b6c2729dac519556b8bb4ab519ef1bb024ea8b7f01771c9aab748e57381a0192a6e398cbe6dd9f367cc7b3354f83b79bcda46b793a4ada85549c8d6bdd6168124362ff908aa1a0cb78aa330c42d5a5d481235acac3a919b969c50987266d404d15d0e706fd9007634f69e13c56ec47133884fcaddc16beeeed19e0cd917aa496367867dfcea274e1a47da774f3c9363021e7c8d6bf8f00053facc11cb68a9d6e1fc2d6d19175d6324ff7ca6c23058b8b693d8fd4e0b51dcbb113543f2fcc0452eb9d967ac0fa9b23e9e0b1da8d83a3c1fc9e9ec971f0f67fc745bb17376bc46245f528cb6e5fee11bcdda867b7f79019cf9db591858230aecb4d1e93d167cd86b42dd879a13fa0e: +c5a5053477ae31158e7469dd1504867650d46f1589067f5cd881caf25c26cb2170f85db9807b26fcf3e6690b91724f7ae3d20ec3604ab7d6308d9094308b2d59:70f85db9807b26fcf3e6690b91724f7ae3d20ec3604ab7d6308d9094308b2d59:8571ff3903486a43a6126c323e7b3a74141d1385d4bd703f19e2d1b64b50281d27168ae3e769c6dd9df7d97864fb37822f0021852e3168ab7d845a6545ed0c377d9f7c048a2b96e8dcf445779684a058c2b9c21ac68a0c341d1d6c0981456457458eb7cebf66678740777eca26e01e1c8f53b5d4756cc5f0b90f0c5db05393cd4b8e44f6810caa5a116a33577724395d413af619632a6fed14e215c2f19d105ce2bf1498e6d2ab4f650f61ba5cf6d0c73bbbde98e30429910a4e67dfbc717cb091182d597058b5d765d097e6875831b588aaeb3e7327e856b42fa983fd254ef1f918b043d1dd3d7b7e30b315386eec91e7f94d598f4beb3b27b42f4ee1fbf7afb486bdcc6081ccb867f04111044f4bbbe3c8122edeadefa9d693906e0d6e133bf6f2da6158feedbda024410f12086e7accf1c68e1557f00c14e9c7ea76a5ed1337a054ac2c949c05977e030274f6a4f2a6b30a15c570ec9433f74f47528087c9ce9a6292951c54354996fb283c0dc4cf33c001bc96875ea6e1f46f837ff18dd9545fb9934655342b12c2990b9f1c6ff4d66489d6aedce75c7cb03ac134bfd39b181dfb7f9a97ce737fe570ad5f81345939a6de5a40a33a0e44bf957503d5ca0283512e57fba8a3a6f2c390687b1b7708676e0fd03b7c188d4561c1879163eaf2b596ddd5f3c1f4dadbc139c2164892820b2fe09cbc3d19088076364510254f2b6d410329e70f2e5a945bbacd2ca89bd4b6e1f5e2e1d4f4ed2fe0113bcf32962f00d5c33b1df988402ba0dc8804c1af66ccae2670efa3134c67fc90feed8d8deedccf6a46f22940454af2bb6754cf235ddbb0001c6c741bf874bcd8d41d9dba8162581c3746d7f30e73def69415af5181c149914295122d45982f94943e20b0ffc7fe6ddf19a022e87a52133357a1e80f37f28a4c4a8a61c148dd875c1e8ecdcd840dd863e44d9bcb16b6e5af0147b34a7a9052c8d3f452013d2d354f6803f9eaf6056f3b013c616e47f398819146320a5e3dbdf16843ea29def262cc9a343672cf96bccc6e87e6a6baf0712e6ee89aa60489f17cb72ddc44bad161587d87f54d67cc0a2778497d831088315ffeee3d268c59befe884c3aa0e0ae2296bbb60eac9097cdf8dc0987ceb1742b0586dfce79ec10425b28f4e64520d712e3f46ea83be2de6a1574073bc5c7557b8e25b6411184ea283d8800232c79069421811f883c2994e7b7e2ad9f8dc489c9347724394609c98909a6c26017b50f20d50ccacbde36b76ba646a76dc6a5b0f50649c5658bbdfdd3b5cafc5479a2f48ee51542f23e9fc92132060fd635eff452111cdaf3efbdb7db9e7d4716d0d6011c29118a55d4c1a436abe24e3cbf40235b76dd1923503c5f3598124e2df55a2d1f246e90de4b71645d5175b61b0174e7e57df1285ccf8c86b8382c258079:f5191b44bd6cc3ea281771df12549ba2be228b51eb791b9e5ed2815f862aa630b56967cdef8b6af0b9d21ab8c97a6dff681cced9f5019713d4357cb3e54c0d088571ff3903486a43a6126c323e7b3a74141d1385d4bd703f19e2d1b64b50281d27168ae3e769c6dd9df7d97864fb37822f0021852e3168ab7d845a6545ed0c377d9f7c048a2b96e8dcf445779684a058c2b9c21ac68a0c341d1d6c0981456457458eb7cebf66678740777eca26e01e1c8f53b5d4756cc5f0b90f0c5db05393cd4b8e44f6810caa5a116a33577724395d413af619632a6fed14e215c2f19d105ce2bf1498e6d2ab4f650f61ba5cf6d0c73bbbde98e30429910a4e67dfbc717cb091182d597058b5d765d097e6875831b588aaeb3e7327e856b42fa983fd254ef1f918b043d1dd3d7b7e30b315386eec91e7f94d598f4beb3b27b42f4ee1fbf7afb486bdcc6081ccb867f04111044f4bbbe3c8122edeadefa9d693906e0d6e133bf6f2da6158feedbda024410f12086e7accf1c68e1557f00c14e9c7ea76a5ed1337a054ac2c949c05977e030274f6a4f2a6b30a15c570ec9433f74f47528087c9ce9a6292951c54354996fb283c0dc4cf33c001bc96875ea6e1f46f837ff18dd9545fb9934655342b12c2990b9f1c6ff4d66489d6aedce75c7cb03ac134bfd39b181dfb7f9a97ce737fe570ad5f81345939a6de5a40a33a0e44bf957503d5ca0283512e57fba8a3a6f2c390687b1b7708676e0fd03b7c188d4561c1879163eaf2b596ddd5f3c1f4dadbc139c2164892820b2fe09cbc3d19088076364510254f2b6d410329e70f2e5a945bbacd2ca89bd4b6e1f5e2e1d4f4ed2fe0113bcf32962f00d5c33b1df988402ba0dc8804c1af66ccae2670efa3134c67fc90feed8d8deedccf6a46f22940454af2bb6754cf235ddbb0001c6c741bf874bcd8d41d9dba8162581c3746d7f30e73def69415af5181c149914295122d45982f94943e20b0ffc7fe6ddf19a022e87a52133357a1e80f37f28a4c4a8a61c148dd875c1e8ecdcd840dd863e44d9bcb16b6e5af0147b34a7a9052c8d3f452013d2d354f6803f9eaf6056f3b013c616e47f398819146320a5e3dbdf16843ea29def262cc9a343672cf96bccc6e87e6a6baf0712e6ee89aa60489f17cb72ddc44bad161587d87f54d67cc0a2778497d831088315ffeee3d268c59befe884c3aa0e0ae2296bbb60eac9097cdf8dc0987ceb1742b0586dfce79ec10425b28f4e64520d712e3f46ea83be2de6a1574073bc5c7557b8e25b6411184ea283d8800232c79069421811f883c2994e7b7e2ad9f8dc489c9347724394609c98909a6c26017b50f20d50ccacbde36b76ba646a76dc6a5b0f50649c5658bbdfdd3b5cafc5479a2f48ee51542f23e9fc92132060fd635eff452111cdaf3efbdb7db9e7d4716d0d6011c29118a55d4c1a436abe24e3cbf40235b76dd1923503c5f3598124e2df55a2d1f246e90de4b71645d5175b61b0174e7e57df1285ccf8c86b8382c258079: +05c719cae06e2bb7d87863ab3150272cb2f8c3aa2421912d87f98e7589638ce990211796fed3d53b81f8feeb1bad1ffc933e5f10d3bc1b36ddf210a47923df03:90211796fed3d53b81f8feeb1bad1ffc933e5f10d3bc1b36ddf210a47923df03:ec241918418e60522042e67339e6649499f31a6c7cf8925f1f61dde894603602ae8bb5f58809821f83344f23cd31e64ec9ffe79a986b7e29e4319a63414316bd6ee20e02a50da44012bd2d6f9f679e88ed0c8bb1e2cad55e565789883345b7546f3d54b1b362b1c650502c019d7313afbc82689b23a3a52d8f1af9f81e188dbdf203fb5300b4225bfb6773337be6750b3db88ce097343f62ee2c118574ef150cbd4c62760c3e43dcbc39218bd6d98565fa389811b1a674f617fd756733dcb567a92dbf3855b57b1f4a46d5b8974b39ac0d0e24d99d2037c04f60d9140f64b07a77d7eaa1ce8a78e844b1dcf0e37424f3f9d253a548561a0375a8d4341297bfedb7048c7935e1481418f9bba9271f9fd6026224e78e055d8a0939fa2fe1dbc0fc7b583e4cff3490e1d0f610b252e30d8497d00e4aacb375f19a4719f79ca1ea583a2f8b1406a4aa5cb55c08b6593b676eb5c34abe89392d62d23308a3348b57affbba7739cde8e1909d3425eeb20926a977d3a94a86e0ba10b386926698827e86b4fd6c6180047c87ec3b31619d05a9df34efd3d76a836962b2ef604d07af0975eb8f3dd22594323802564c929b3f65dacb572b32553d69b31a197690a9bb860b080a77cfbb3c175aafce0146a82a4d06e8c750521b726ef1cb29d021e5915e5e8462ede5395445245c9ae882eec4b1745e11791f7621d3fe702cac1525e1f7b46e1105cdd06da2afde26475dc1f78df8e2d72b0ec3ef7dd956193c996842a432696538cf123d7687211ffcd090b9381eabec879f769aac0d3564e16df794fa24728d7172fd07732eab077ed81c22084f6f781b626dac67428a9ddf3b0db0465251220d18b8bf620464c51a578decccbbaba545ed442cf12c4c66f6cb6e6901ea54aeda236ec45eef886a7ddd2c041caba3a6cee339715b6ce97e765ec3479f3d52824a8194bec2a89647e8c63ff7645ff6d05367c767bc48cc96baf05d6a415b2a5aff9bfb217948fad357b98f47dfed62ff1285eb9f468f0f29edd75adc0c8c2ff6a565edb8edfb48bea03b70c447369c52d881eea0eedb08c315cdf0bfeb979c1c0250946bb100c2866b4169b8cbd44d658f0236e1e9f3aa13bb8e8022a38ce997c94b5baf97e0ba621f7e09671ce638c2a39ee6c6e25a688019dd167675ceaec21c6b42a7c8c476d129dcc693c392a02be91b87437a08a0ebf1a7bd976ba23774766838b8d6024f5bb9b07f3c6b719b4de15b72448048ab70db3d4bea77ba359b51b1ec17dbe8010aef0244a8079ca8b9a2a797f3b1fe047c8dd5cab7fb486829239c4ef6d9a38370d488c47b7c030e49a5500c9abb39a9a5abfe72e918b76384ecaafe1627266cd14e696c09d2512e312582a8a911e7b7bfa04c21819af687f04c5e0cbe9a2ce24d4d3fd12190b253dabc12c63cabfa94:ba6eb751371df721b7707a5b3339edb55f138640b97be6334d6cda5191a3ff6367911761882a4a007f161b748cec95b19e995f2858c257cd6169256662301102ec241918418e60522042e67339e6649499f31a6c7cf8925f1f61dde894603602ae8bb5f58809821f83344f23cd31e64ec9ffe79a986b7e29e4319a63414316bd6ee20e02a50da44012bd2d6f9f679e88ed0c8bb1e2cad55e565789883345b7546f3d54b1b362b1c650502c019d7313afbc82689b23a3a52d8f1af9f81e188dbdf203fb5300b4225bfb6773337be6750b3db88ce097343f62ee2c118574ef150cbd4c62760c3e43dcbc39218bd6d98565fa389811b1a674f617fd756733dcb567a92dbf3855b57b1f4a46d5b8974b39ac0d0e24d99d2037c04f60d9140f64b07a77d7eaa1ce8a78e844b1dcf0e37424f3f9d253a548561a0375a8d4341297bfedb7048c7935e1481418f9bba9271f9fd6026224e78e055d8a0939fa2fe1dbc0fc7b583e4cff3490e1d0f610b252e30d8497d00e4aacb375f19a4719f79ca1ea583a2f8b1406a4aa5cb55c08b6593b676eb5c34abe89392d62d23308a3348b57affbba7739cde8e1909d3425eeb20926a977d3a94a86e0ba10b386926698827e86b4fd6c6180047c87ec3b31619d05a9df34efd3d76a836962b2ef604d07af0975eb8f3dd22594323802564c929b3f65dacb572b32553d69b31a197690a9bb860b080a77cfbb3c175aafce0146a82a4d06e8c750521b726ef1cb29d021e5915e5e8462ede5395445245c9ae882eec4b1745e11791f7621d3fe702cac1525e1f7b46e1105cdd06da2afde26475dc1f78df8e2d72b0ec3ef7dd956193c996842a432696538cf123d7687211ffcd090b9381eabec879f769aac0d3564e16df794fa24728d7172fd07732eab077ed81c22084f6f781b626dac67428a9ddf3b0db0465251220d18b8bf620464c51a578decccbbaba545ed442cf12c4c66f6cb6e6901ea54aeda236ec45eef886a7ddd2c041caba3a6cee339715b6ce97e765ec3479f3d52824a8194bec2a89647e8c63ff7645ff6d05367c767bc48cc96baf05d6a415b2a5aff9bfb217948fad357b98f47dfed62ff1285eb9f468f0f29edd75adc0c8c2ff6a565edb8edfb48bea03b70c447369c52d881eea0eedb08c315cdf0bfeb979c1c0250946bb100c2866b4169b8cbd44d658f0236e1e9f3aa13bb8e8022a38ce997c94b5baf97e0ba621f7e09671ce638c2a39ee6c6e25a688019dd167675ceaec21c6b42a7c8c476d129dcc693c392a02be91b87437a08a0ebf1a7bd976ba23774766838b8d6024f5bb9b07f3c6b719b4de15b72448048ab70db3d4bea77ba359b51b1ec17dbe8010aef0244a8079ca8b9a2a797f3b1fe047c8dd5cab7fb486829239c4ef6d9a38370d488c47b7c030e49a5500c9abb39a9a5abfe72e918b76384ecaafe1627266cd14e696c09d2512e312582a8a911e7b7bfa04c21819af687f04c5e0cbe9a2ce24d4d3fd12190b253dabc12c63cabfa94: +5311f3c96101cb8b7abc622bb9326b8f513c2b16d294df797f56dfd8203dda27230b7002f57c79ae2e6bfdb8df30db3e900756b54af3968c670ee2f32bb11e0a:230b7002f57c79ae2e6bfdb8df30db3e900756b54af3968c670ee2f32bb11e0a:61b15be37c4eb397d9e77e00151a28ed3e86d50a9552bb4850b621763f012e7e77bb5db8f3df7dcf769f2d1d46d8d60bae40c8ca6e25c6410b60078a93fd05902114bd91045c06192c70c42c9f41f8161ca46564ebc21a4bdd8190eba2aeb309823072ec2c0200ce6498f9d72b37b3fb466774326df37ad880d8eddb32af673e45d88eec49b1577b43b8639111c2e0b94187d2d4e0173c000f4c37be845d68810b7889ff2a049f3f9f245ec70f21def97780b611400a83c31a79d93a8e98b608fdcf2488b068fe1ae4217293a9367bb734b5bc7bd8819b377f090b4f8fdbff50799c76880d19133580e1ddfc2b9baaddbab34fc6fdc078014bd1ff739daafe5476f3f79d4dbec216fa7680ee8e84002dcb9ddbc7fc1e1c8ef4f1b2a2081b9282243da6153c1fce0905cf35f83a684c01b04557ec84f7e9a94fc2882e2ff19fea21d2ce6167861ce01df8b8d3c3e8d255610b7af2596cd5cf0016734942cc714c272c05fda9d34723626646a46130182cebcf179ec00a6a173bd8577fa845c44d19c6997944755f2b4e468563a75e9016523b87ddac3eee21bcbca08fcc29546a43cbe0d8d10a0e8ddcba172d1ded150378e18b368c7763913e4b407012fd76a872d2cb04930b8e22b308243d4cc278fdf2e1f940ae89ac891b9e0661aee553937bf350b407070a1bdfc4f7a3787ef399d2caf4ec74439c587376c77be0c3de539d3ac26089765b9be10b9038694636e262d7baa0b3a8941a2015967639f6044c67e59bc81cf2fba704ac0df48da6037405a8e8b8a7ce3c58ef38a883538b247ffe18097af095242b058bdd1e3e245eece0a71b75b97d52f20d6d51bb9766b0da0fc09c8ac2a30fb6e7b32ee06dadf46d7359cc066aa94785d8a882ff097d78a86be2d45600dd3d3060125f01c063e488d5c3efee1bca1e58516455ffcaec1b81ef433876bf09ffa51d6f5018585224579cb67b56ce1c216ec0a883e06c8e1563421ea72b0c10d4bb31e491c2ae2fe8139f249ec927d806ba08db52b1b506669047f0c116ff37ac5ba6cdb1eaaf33fdadb0705c799d35ac6d9c80da90c1438b585ffd59350a2686b1ec35166cb9b69ad0f56586aa03274d782e3f858db64adfbf04d5228a7b1c4a2048bbcdb941153a436d742c38b58b4d7d13c9f1d60e152aa2792349a3d94e7e6b1104aa1b870998c18dd7065654a85281bb6f027faad556b1f532e7a1e22d564069289587a0efc9c1585d135f31233c41f440466e71fe9012e5f9a0d74a7282ee392fb0165db79ff1d3176ed08afe1daa66cfbf4305ae16ac1792334399f71b1917ddec270acff665ea05d184c2c5cd2ccd902b22f9b7195e66a65556ca884ba6f5da04dcd4617f33dc2b44a0ea742aeb2b93f3a41df7957a026797a585ceee814b1975f523d2db5dbb9be0ca649d1d45dcfd:3cbbb2608870dea1efeebb3fbf681e27705c35e4ddeea86c1b342a77dc296b498419808eacbc78855611ffbc9265a74798e51827e6e5d811816d3ca21e8b9c0661b15be37c4eb397d9e77e00151a28ed3e86d50a9552bb4850b621763f012e7e77bb5db8f3df7dcf769f2d1d46d8d60bae40c8ca6e25c6410b60078a93fd05902114bd91045c06192c70c42c9f41f8161ca46564ebc21a4bdd8190eba2aeb309823072ec2c0200ce6498f9d72b37b3fb466774326df37ad880d8eddb32af673e45d88eec49b1577b43b8639111c2e0b94187d2d4e0173c000f4c37be845d68810b7889ff2a049f3f9f245ec70f21def97780b611400a83c31a79d93a8e98b608fdcf2488b068fe1ae4217293a9367bb734b5bc7bd8819b377f090b4f8fdbff50799c76880d19133580e1ddfc2b9baaddbab34fc6fdc078014bd1ff739daafe5476f3f79d4dbec216fa7680ee8e84002dcb9ddbc7fc1e1c8ef4f1b2a2081b9282243da6153c1fce0905cf35f83a684c01b04557ec84f7e9a94fc2882e2ff19fea21d2ce6167861ce01df8b8d3c3e8d255610b7af2596cd5cf0016734942cc714c272c05fda9d34723626646a46130182cebcf179ec00a6a173bd8577fa845c44d19c6997944755f2b4e468563a75e9016523b87ddac3eee21bcbca08fcc29546a43cbe0d8d10a0e8ddcba172d1ded150378e18b368c7763913e4b407012fd76a872d2cb04930b8e22b308243d4cc278fdf2e1f940ae89ac891b9e0661aee553937bf350b407070a1bdfc4f7a3787ef399d2caf4ec74439c587376c77be0c3de539d3ac26089765b9be10b9038694636e262d7baa0b3a8941a2015967639f6044c67e59bc81cf2fba704ac0df48da6037405a8e8b8a7ce3c58ef38a883538b247ffe18097af095242b058bdd1e3e245eece0a71b75b97d52f20d6d51bb9766b0da0fc09c8ac2a30fb6e7b32ee06dadf46d7359cc066aa94785d8a882ff097d78a86be2d45600dd3d3060125f01c063e488d5c3efee1bca1e58516455ffcaec1b81ef433876bf09ffa51d6f5018585224579cb67b56ce1c216ec0a883e06c8e1563421ea72b0c10d4bb31e491c2ae2fe8139f249ec927d806ba08db52b1b506669047f0c116ff37ac5ba6cdb1eaaf33fdadb0705c799d35ac6d9c80da90c1438b585ffd59350a2686b1ec35166cb9b69ad0f56586aa03274d782e3f858db64adfbf04d5228a7b1c4a2048bbcdb941153a436d742c38b58b4d7d13c9f1d60e152aa2792349a3d94e7e6b1104aa1b870998c18dd7065654a85281bb6f027faad556b1f532e7a1e22d564069289587a0efc9c1585d135f31233c41f440466e71fe9012e5f9a0d74a7282ee392fb0165db79ff1d3176ed08afe1daa66cfbf4305ae16ac1792334399f71b1917ddec270acff665ea05d184c2c5cd2ccd902b22f9b7195e66a65556ca884ba6f5da04dcd4617f33dc2b44a0ea742aeb2b93f3a41df7957a026797a585ceee814b1975f523d2db5dbb9be0ca649d1d45dcfd: +d290ffd93395bd5fc587d1ab511866e72b371a1735732d9d5c6a18dd465e9363fd4aad73b032461ca0aae871ca7016383b2be0169053fdbf6c5914fdd6dd6f92:fd4aad73b032461ca0aae871ca7016383b2be0169053fdbf6c5914fdd6dd6f92:ebd900bc910c5ecc4d97daf7cb5ebb5491500b7ad116e30660950709d8084bb6434c5bea4a8ccc1ed5a801bebb1a117878c03747003e148ed91434832e8966241a7fff22fe1d6d8c3c3ddd7215a1efaf4b07afee1b25673a1439eaac324e895d4be839e976c03ac001254876888ccaaf3912727a60106a87be69247c9e438c31fca8d9c61bae368c83e40901a99700dff839b513ba8dc42d93ce0987a2333470a9f983313f91988659da54039e499cd1af2b8fa0ebe750e24d55c2a5bd1ade3f680092542bd1be0b9735ba393ad5697d241e8e8b28646db27d2fb5a940e8faeaf0b6c9efda88615dec891ce732930813bfbbd0bc5f8210abe843beb5e4f028f49bea34f1e5b09eac4c6662c74fba39de4a9602a9694a85c7c1375fdadfda6a1957fc5b5987a687b03995e51697a1ab5bb6cb11b663c1372fade4c0aca8fbebb4eb54ce7ce36c6904eaf6eab2f34facd8c768c8d36da2397b1a02735aea72cfaad0393410db527a8ab236d4cdabdc888fac6f182148b132614425d390ff036e54855e4203c51203c1f43e37bbf6b9bf27f5b7e7c665151465401ac32cbe9e3350535edf48a7bc3603e2232e938f9a815ac4d1deec991ef9620948441f7a2f4a46e2c400ab914c4be51dcaad8ed8239cbbe977a9f09c02698319d9fe2a8c6eb60b799f29ae7659970d2ebdff3c6cf709bbf6f4bb55b9df4f61a241dec144b5993f087e784b97be1e53608c2e817ce3d9aaf914e6b723f5b4afffd2a6b9fe9d2d73915c7ad1ffb13efcb73c56238195645203984c99aafd0235f73b3f882e073939bf786657280138db05b86fcc9460b385ef4559204ecd81e2f12f5f062aa448dccc82ea8d89466dd1be46f82c4f87bf0db2b878acbb0d9112c8db6f51d35f6d42f749856b99e550b6c454e9e8be4da175f0b5e86be66c979fd878237e57f691f0d2acd028fbffa5b0668775034db1f21ddbe7114ee3dc0b44daca64c5a03a2feeaeabeb7063bfcccc559baf27f1ccb2202fa4d1b2bf44c04b2c2f81f94e281b1a5adc850da1b9479fcabddadea56a115bb5f06cc016f141c0fcb5e83ab248eaec90158d8be647aff12e7eeb5e57dbcc293cb3b6aacb55236d4a839a0620f4762387dd1714df5c135e3d9d6824f93b7c90d3ae38c518d607120c839570413b46b8ccd7370492d8ae5c609e00cf8251e2e7df81e5b4f9c16a5a539f0afcce41bb4362e5eaa5f940a1706f4afb6b14432c81d4ba1a33d322dbf10645ab63737eadc86fe6e0976f763397fb898637595dfd36934792d779e24c2a3f0bacf53e0473c5fda9c61284e4419bdc0eef5d22f4d9bf42e8c04933bb93b53c295d7ac9395abb6dcbd742b1e1bc3b0ea4434ea21b8eca9ae682d3315a41e9c3c3371840761dc59cac45da7e3813e28788dc89de355b5aee088090a38dd39d83e5e4:21704d5e626dcf6a9dcdef935429eb7fb5b257eecd7bf74acb0cd30ecfcf608d0c5b633a4a8a9ba2cc82a21e03355e01d85dae7ecac8896dc15dae0485707104ebd900bc910c5ecc4d97daf7cb5ebb5491500b7ad116e30660950709d8084bb6434c5bea4a8ccc1ed5a801bebb1a117878c03747003e148ed91434832e8966241a7fff22fe1d6d8c3c3ddd7215a1efaf4b07afee1b25673a1439eaac324e895d4be839e976c03ac001254876888ccaaf3912727a60106a87be69247c9e438c31fca8d9c61bae368c83e40901a99700dff839b513ba8dc42d93ce0987a2333470a9f983313f91988659da54039e499cd1af2b8fa0ebe750e24d55c2a5bd1ade3f680092542bd1be0b9735ba393ad5697d241e8e8b28646db27d2fb5a940e8faeaf0b6c9efda88615dec891ce732930813bfbbd0bc5f8210abe843beb5e4f028f49bea34f1e5b09eac4c6662c74fba39de4a9602a9694a85c7c1375fdadfda6a1957fc5b5987a687b03995e51697a1ab5bb6cb11b663c1372fade4c0aca8fbebb4eb54ce7ce36c6904eaf6eab2f34facd8c768c8d36da2397b1a02735aea72cfaad0393410db527a8ab236d4cdabdc888fac6f182148b132614425d390ff036e54855e4203c51203c1f43e37bbf6b9bf27f5b7e7c665151465401ac32cbe9e3350535edf48a7bc3603e2232e938f9a815ac4d1deec991ef9620948441f7a2f4a46e2c400ab914c4be51dcaad8ed8239cbbe977a9f09c02698319d9fe2a8c6eb60b799f29ae7659970d2ebdff3c6cf709bbf6f4bb55b9df4f61a241dec144b5993f087e784b97be1e53608c2e817ce3d9aaf914e6b723f5b4afffd2a6b9fe9d2d73915c7ad1ffb13efcb73c56238195645203984c99aafd0235f73b3f882e073939bf786657280138db05b86fcc9460b385ef4559204ecd81e2f12f5f062aa448dccc82ea8d89466dd1be46f82c4f87bf0db2b878acbb0d9112c8db6f51d35f6d42f749856b99e550b6c454e9e8be4da175f0b5e86be66c979fd878237e57f691f0d2acd028fbffa5b0668775034db1f21ddbe7114ee3dc0b44daca64c5a03a2feeaeabeb7063bfcccc559baf27f1ccb2202fa4d1b2bf44c04b2c2f81f94e281b1a5adc850da1b9479fcabddadea56a115bb5f06cc016f141c0fcb5e83ab248eaec90158d8be647aff12e7eeb5e57dbcc293cb3b6aacb55236d4a839a0620f4762387dd1714df5c135e3d9d6824f93b7c90d3ae38c518d607120c839570413b46b8ccd7370492d8ae5c609e00cf8251e2e7df81e5b4f9c16a5a539f0afcce41bb4362e5eaa5f940a1706f4afb6b14432c81d4ba1a33d322dbf10645ab63737eadc86fe6e0976f763397fb898637595dfd36934792d779e24c2a3f0bacf53e0473c5fda9c61284e4419bdc0eef5d22f4d9bf42e8c04933bb93b53c295d7ac9395abb6dcbd742b1e1bc3b0ea4434ea21b8eca9ae682d3315a41e9c3c3371840761dc59cac45da7e3813e28788dc89de355b5aee088090a38dd39d83e5e4: +d7fd73d1d229a65894420e4ba734270d5a20758364de897d8555e24197453c193c22772aec0a0c1559077f2cfd1f2465d4b48495c5d05f1f837c31845f34cad1:3c22772aec0a0c1559077f2cfd1f2465d4b48495c5d05f1f837c31845f34cad1:c9225859d555bc42011af1b4f14998e6e9b0a65e2172713e968380fb6ceedda22e022c51303031d9931ccef2f7bc705c9e215c1d089d488daddaee155c939b6202ca53bfc7f6e88e1529d82fb45e02b5d05a82bbb9db5f415c58ba8bd56cffd92270b24749e56d12c99ae90c7800f54f55254ea42da5dcfbe0e1d989cd2f6897e232df04707b34af75fa7fec33e55ed56aee39c22b045bedd161083bc5514c1f81ca907b7c760317a7fd5a5a02a5d40e2e823e24ad96aef6da8ea982b5161cc39d84aa2ffd9544c11b634037ab0a1c8e36ac63019da1b2d995cb7bd3d62fe574deabccbd0d3ae7a56e5bec91e4ba3f3db8bfea88e67da62e88278a6e3b418dceea0589f25f7dd8ad19dd845089419b472efccc879c172b32ee4a4dbc2e6c2e865bb3b8ca0adcb71fdf89e1973910ef242915f33e236d2f7c8e9f1ee5b07c6e3c25360f8cb1460be87db31a291d4dee34953e75c675bf181bb7a0b7b5c1befdc86ada072a48f6ac755d499bd68d625d8514525cc3ab8f54ce15a871291778de1305d2219361aa30e332a2e069077c5c53457520379d8b90d24bd8a3a7700ff766231cb5697f9ace521a99e896da54c40793bc7c1fb1584bb1c86194d2fb7a4b802f30885e0ee8af88d6886e3a3a4d4c854649cc01abdf35319a0856cc65d092a386f8869625cd0acac087e9351790ccb4a865f651a881c3ebf109072774f940f5aa98a2a2aa3dd36647d0de83001aa7cdc031cc4a4d75dc11ce551676a2ad43a3f6a16a4bc5aee80e5364206087364eb8b2b15fb705380a072d7c8b51995943aa762e8deb4c568cdaa1411ab68f28489e1323bb6156ce2500b06e7793c510a3de29150840bfdb0b2b7b21c2bb8a7746167c929dd0adad44fed8f36e8381b342080b2a7d82a3f81ff72630cb78df91f7b65a44eff6ed64d48afed109dd7a693a1ba8c37e008fcb157e37297d32eba765a6c7193e73bd97647985b16038c74a084a8f25654cd8cd2cdd27ff17334e06adaa058264017a3b2da78e5738a27e350d882f5fae199278d4e50b8badf57c2141dfdc3cff99df5de86fec293c76cb94b6b19ba3034e460f84c280a2e6412fab5698ce890207cababca0a95b5ad533ce114bf71a404a87590d35fa7cedba43131c4ee92344839f25cbfaeb12aeebc8040893951a346bd28fdd167bd20f71a1e59fb60d55e1c567f478f027cf679a37d1d9db867e17bfdd60b347d89d322639d315bb7a2c9134f00ea03a367f305ea4d60dc9d567cf924851e469ea954ed3ea63ea8606f79f077339bfa2b51ae49baa0fb25377821d7c11ef9ad4bb4c0fe489acbab0ef000d618c7af5efd205d68599fcbdd95e28f836e0916f9ff548d0ba17da62536e74646801eeb6122ba32c41073ae04e42c6c1d5d8d22976a56226ddf4b6ac95455fb53099f20215b2ebc907:400c3505f1dfa80df4b26db24c027eb81977f0fb9b5aca524ad51200f4bfb133db834823314195f4edc292d5f530d08556e7809caf2339768aa38029fdbc280fc9225859d555bc42011af1b4f14998e6e9b0a65e2172713e968380fb6ceedda22e022c51303031d9931ccef2f7bc705c9e215c1d089d488daddaee155c939b6202ca53bfc7f6e88e1529d82fb45e02b5d05a82bbb9db5f415c58ba8bd56cffd92270b24749e56d12c99ae90c7800f54f55254ea42da5dcfbe0e1d989cd2f6897e232df04707b34af75fa7fec33e55ed56aee39c22b045bedd161083bc5514c1f81ca907b7c760317a7fd5a5a02a5d40e2e823e24ad96aef6da8ea982b5161cc39d84aa2ffd9544c11b634037ab0a1c8e36ac63019da1b2d995cb7bd3d62fe574deabccbd0d3ae7a56e5bec91e4ba3f3db8bfea88e67da62e88278a6e3b418dceea0589f25f7dd8ad19dd845089419b472efccc879c172b32ee4a4dbc2e6c2e865bb3b8ca0adcb71fdf89e1973910ef242915f33e236d2f7c8e9f1ee5b07c6e3c25360f8cb1460be87db31a291d4dee34953e75c675bf181bb7a0b7b5c1befdc86ada072a48f6ac755d499bd68d625d8514525cc3ab8f54ce15a871291778de1305d2219361aa30e332a2e069077c5c53457520379d8b90d24bd8a3a7700ff766231cb5697f9ace521a99e896da54c40793bc7c1fb1584bb1c86194d2fb7a4b802f30885e0ee8af88d6886e3a3a4d4c854649cc01abdf35319a0856cc65d092a386f8869625cd0acac087e9351790ccb4a865f651a881c3ebf109072774f940f5aa98a2a2aa3dd36647d0de83001aa7cdc031cc4a4d75dc11ce551676a2ad43a3f6a16a4bc5aee80e5364206087364eb8b2b15fb705380a072d7c8b51995943aa762e8deb4c568cdaa1411ab68f28489e1323bb6156ce2500b06e7793c510a3de29150840bfdb0b2b7b21c2bb8a7746167c929dd0adad44fed8f36e8381b342080b2a7d82a3f81ff72630cb78df91f7b65a44eff6ed64d48afed109dd7a693a1ba8c37e008fcb157e37297d32eba765a6c7193e73bd97647985b16038c74a084a8f25654cd8cd2cdd27ff17334e06adaa058264017a3b2da78e5738a27e350d882f5fae199278d4e50b8badf57c2141dfdc3cff99df5de86fec293c76cb94b6b19ba3034e460f84c280a2e6412fab5698ce890207cababca0a95b5ad533ce114bf71a404a87590d35fa7cedba43131c4ee92344839f25cbfaeb12aeebc8040893951a346bd28fdd167bd20f71a1e59fb60d55e1c567f478f027cf679a37d1d9db867e17bfdd60b347d89d322639d315bb7a2c9134f00ea03a367f305ea4d60dc9d567cf924851e469ea954ed3ea63ea8606f79f077339bfa2b51ae49baa0fb25377821d7c11ef9ad4bb4c0fe489acbab0ef000d618c7af5efd205d68599fcbdd95e28f836e0916f9ff548d0ba17da62536e74646801eeb6122ba32c41073ae04e42c6c1d5d8d22976a56226ddf4b6ac95455fb53099f20215b2ebc907: +fda7cb084016ba513c7c4f8f7180480bb181e95695ea68737fa34a40ecbdf3efa2de3a0ef97298fd716106e2f3f54513057a40072d234c3518154c1bd12de037:a2de3a0ef97298fd716106e2f3f54513057a40072d234c3518154c1bd12de037:c21bb3f8e37befa367c913673101ba30d3b5c74bd8bdb09cd28640012db41120c2bcc4085de2a0f95c9215ddef8cb5fc8d8b1251b41527c67dfaa3f95ba3578391ea5a6629a733095fd0a43fdba40ffe260fff82acee2ebe980e9ececcfe7e10b2ed8c2e6b410d547a1286571df3d701174e579fcf19d3bd8086c0423f37117789f305d9670ad28c99674f52cf64211a081d0c6c3096da2c71bf5f5799a7910e6f38104a37a6557c2daef340814a1f830d593773c6cf48d83ea07294b94eb080b85d6970e28f4051d5066db10e961973a626a826aeaf8a06ec0d566b7e0c4ef60f0c5678fcbb5b2ac63f7bed06448a247b3d427b87086d33573fb2d7228c5c34ea6640eefa9564485a79638e9c97c0af84cfee7ce4a739220c8429e067143953d550668dadc84e7bed9ab070a5943390c611d75b1cb12873a37d9850661a0077bfa9ca9b8b263766c149ff0ee4b4adba25eaf7d7f501f362454256bc1269378ef3359a8ed6b960b86621fa3b613eb132122f49f2eb2ceb6832a3991e961cb0e78b742ef4d65e8de3469666fec7c5b874789571c5c99a2c02a053ff7d2fc90076bafe1f267fa81a3990f27ff14f03000af00c59286cb9bb98e204e90190ae2a50edef049ea92a1f785088f94adf6588fb43bb40fbe2324235cc7e168b80264b069f944f503692c949234d5b76bcffabe29ff9064bd7cbed9e00e5b7fdda4312eb801465f127d0ca68832a7f4ed0eaed8f559c1631cd4d34f0dc414d9fcfe849a91e25f3e0ff013a8cffa806ed8e93d08a1e5a757682ca3d26abc869c76f1c79007d559dfe67e78d8af0195808b0e771c71e64b5716fb36309c25025fae6414c28bbdbd4de597a74996c9da974920d59e6f4c2edfe110ff817fd480a5080978048865712058c5fe7b560b12b67f737ea6e2af9242cf07ad0a8a679f26430046adc3e70664cc9c0ee5abcef6d726b4e04176048b795be12851bdb74003a13204119b86864d6535ba095040a85d9781cf4f3480a304e227f787ad538e68f4bab014179e30d3fdef9eff11bcf471fa3a0bc74b5576f302d3a6b499f11f2ef326ac026c98db10e2741413f322228b3cff0f337ba2f294c78ef73f0e877878f8fc7ff6d10bce66ad6284379b80ca89327d4db0bf14e6d8f01b22ab202b716cc07e3c8866d168a5094bac5a495e73868eedc27222e6444f83bcf65acdc3ec89120bb50e8abfc28b78e6d980c775f4849a0e8cada80240bca245e39966e89a0344df8363a7dcc81b201ce9c753ad544e1124e21020d4c62deda9ed9b9d1f2fb7c54ca7ab09f383bef48cfc6848c271302a10fa687f56e00e0a7d093c927b4fdd8f1bedf6288a0e302848a8012f127a79d2d30a06ce17d94aa6f7f8a1e6eb9d0681c3774f614cc6dbcb2a813f925c6306a630572a83ec109d5f533c0584cb421d919:33614b7a94f75e036534d76e30147eccdd2a04e00cd4704ab6e807d6a2acc1e1d963b8eee0810d412d9d56e54556302b10730c15abf89c29a027303ea88ae701c21bb3f8e37befa367c913673101ba30d3b5c74bd8bdb09cd28640012db41120c2bcc4085de2a0f95c9215ddef8cb5fc8d8b1251b41527c67dfaa3f95ba3578391ea5a6629a733095fd0a43fdba40ffe260fff82acee2ebe980e9ececcfe7e10b2ed8c2e6b410d547a1286571df3d701174e579fcf19d3bd8086c0423f37117789f305d9670ad28c99674f52cf64211a081d0c6c3096da2c71bf5f5799a7910e6f38104a37a6557c2daef340814a1f830d593773c6cf48d83ea07294b94eb080b85d6970e28f4051d5066db10e961973a626a826aeaf8a06ec0d566b7e0c4ef60f0c5678fcbb5b2ac63f7bed06448a247b3d427b87086d33573fb2d7228c5c34ea6640eefa9564485a79638e9c97c0af84cfee7ce4a739220c8429e067143953d550668dadc84e7bed9ab070a5943390c611d75b1cb12873a37d9850661a0077bfa9ca9b8b263766c149ff0ee4b4adba25eaf7d7f501f362454256bc1269378ef3359a8ed6b960b86621fa3b613eb132122f49f2eb2ceb6832a3991e961cb0e78b742ef4d65e8de3469666fec7c5b874789571c5c99a2c02a053ff7d2fc90076bafe1f267fa81a3990f27ff14f03000af00c59286cb9bb98e204e90190ae2a50edef049ea92a1f785088f94adf6588fb43bb40fbe2324235cc7e168b80264b069f944f503692c949234d5b76bcffabe29ff9064bd7cbed9e00e5b7fdda4312eb801465f127d0ca68832a7f4ed0eaed8f559c1631cd4d34f0dc414d9fcfe849a91e25f3e0ff013a8cffa806ed8e93d08a1e5a757682ca3d26abc869c76f1c79007d559dfe67e78d8af0195808b0e771c71e64b5716fb36309c25025fae6414c28bbdbd4de597a74996c9da974920d59e6f4c2edfe110ff817fd480a5080978048865712058c5fe7b560b12b67f737ea6e2af9242cf07ad0a8a679f26430046adc3e70664cc9c0ee5abcef6d726b4e04176048b795be12851bdb74003a13204119b86864d6535ba095040a85d9781cf4f3480a304e227f787ad538e68f4bab014179e30d3fdef9eff11bcf471fa3a0bc74b5576f302d3a6b499f11f2ef326ac026c98db10e2741413f322228b3cff0f337ba2f294c78ef73f0e877878f8fc7ff6d10bce66ad6284379b80ca89327d4db0bf14e6d8f01b22ab202b716cc07e3c8866d168a5094bac5a495e73868eedc27222e6444f83bcf65acdc3ec89120bb50e8abfc28b78e6d980c775f4849a0e8cada80240bca245e39966e89a0344df8363a7dcc81b201ce9c753ad544e1124e21020d4c62deda9ed9b9d1f2fb7c54ca7ab09f383bef48cfc6848c271302a10fa687f56e00e0a7d093c927b4fdd8f1bedf6288a0e302848a8012f127a79d2d30a06ce17d94aa6f7f8a1e6eb9d0681c3774f614cc6dbcb2a813f925c6306a630572a83ec109d5f533c0584cb421d919: +a1ac48aa5ffa3d800819d03b7f62babf291f20904c11a6400e4f45205f103e380854e0340f814985fb122b78729479e3fde855c211cadeae56f0d4dc0828d5fa:0854e0340f814985fb122b78729479e3fde855c211cadeae56f0d4dc0828d5fa:d6f124ed752021c10926972a0c26f3b1838b3c7af247c18009a231ecce964bf6698637833f607dca836f8a606c72ae3cb170174447a2cce583f6e244dbc163e215b9820de7496ffc5b7050c48f2830246678cba4dc5caa07c1458563aa2d10dcb7770ef8fede027dd7f20ddc8cc78c3a2e2e958bd18c0006cf8fb82d44e53e1da7aa80fd1006f3b2300c9b079d8a66f1e4a3f47061f9e2f45dae35dc295204b19460ca5707ab57ce215a24c10faab3fa20bccd101e7a7d70077599f3d6725707552129cad757d6514c1b28997e471f94b0fded8fbbd065dead196d2c07d3dfa7b9fb3bae7680f76621200d099eebebbea0e8957df5b5e204ca3e9e2952b8a30f0a131a6867b1381e394b1b444310f076326656cf9341678008e9525147d8d61ce93d3bf53900cab912663717e0987293833d1902d7fb047b997b86026c467d7bb17cf45796738f7a774ac126764ed4eb45124309f4586260176ba465918d48330a9cc18c4ecea0ddaf38946acc0e361dd40a7e9133ceb50e1c317ea42bd0980a72b8ba3d8a6c7693dd5602f374f2664df4ba56df01e882fca42cb4db621f476c76e1ea9fd105911a74b77952d9914a5ac0f98a900c1b2e1a56c4ea8518a9ee47c4ed14d0bd35eca560319c8ea24755d71a4e030850bc4dc60389f325804021204ccebc25fedbd32edd8d8446aa23ce56a85f779e858d36af7c073c115e341f412c660fab800fe74c50e714ee086e2fbc8d7abbf3e98fb40ca27f1f01a9aadd8cc2275c2dd3f76e4c1d81c4b792daecc9fe66044941b8b2918486dd4acb562a7b58ad8c60c21b83cf48aefa7256a1ed809e669811f484364970bc5695089919bc32d28ea752e8e318ceff467f77ae1977c5ffd79c17c2da8bc7f823dd94398683189945f8b79238a4e815b142b866acbdbcb7aea7f143fffb7cc2b4b54bbf361afda913ad6df1e49dfd6b532642e63f55d893a470d40370665cfb74efd3f59cb0ff6006174ca35f53b97c543e08af4bf5bb75ff9031610652a3f6f2a0cfe97e7a521f3d2a289114ded34772b0e49817bde1cb924ff514e2866a09e3ede0782d2c0c98e6814b8c1e778cf8306348c933adb2e472dba09db954ff49648373395a2f0181958feb1ea2834c99532873db5c88eb5289c77e90015203ef502ac8e1c48fa1a06dafa6519d52dae3c5567570dd2434e671927c66363f783156893f138a84c75664b30ae4275112736d53d4f399ddda3d23067c073f521afba1f7be585513c2cec9c8f08d2a22c3c85392cd2ae50f3928251f86b310c69a0f8c4e853ab3f3e8129b0566ef4bbbe80b8c02c8928a4de56c0d119a45bbf5af1808d488852d8a45beb0d683248a4d65de1526b3d1d2ffc1f22215b608468cbc3bd39514b397fc0db0f113dbe6fce4652e82ff895b2b4387e041d7e4e7bde4694769665e81:c57e3c091ed24e5e84665bd9bb102db49797df9008f05557fa0d5ad7a295e5e4d2a4716b17f8c91cb12f5abfb1af027fb0411199acc5d285d842a4b65bde4902d6f124ed752021c10926972a0c26f3b1838b3c7af247c18009a231ecce964bf6698637833f607dca836f8a606c72ae3cb170174447a2cce583f6e244dbc163e215b9820de7496ffc5b7050c48f2830246678cba4dc5caa07c1458563aa2d10dcb7770ef8fede027dd7f20ddc8cc78c3a2e2e958bd18c0006cf8fb82d44e53e1da7aa80fd1006f3b2300c9b079d8a66f1e4a3f47061f9e2f45dae35dc295204b19460ca5707ab57ce215a24c10faab3fa20bccd101e7a7d70077599f3d6725707552129cad757d6514c1b28997e471f94b0fded8fbbd065dead196d2c07d3dfa7b9fb3bae7680f76621200d099eebebbea0e8957df5b5e204ca3e9e2952b8a30f0a131a6867b1381e394b1b444310f076326656cf9341678008e9525147d8d61ce93d3bf53900cab912663717e0987293833d1902d7fb047b997b86026c467d7bb17cf45796738f7a774ac126764ed4eb45124309f4586260176ba465918d48330a9cc18c4ecea0ddaf38946acc0e361dd40a7e9133ceb50e1c317ea42bd0980a72b8ba3d8a6c7693dd5602f374f2664df4ba56df01e882fca42cb4db621f476c76e1ea9fd105911a74b77952d9914a5ac0f98a900c1b2e1a56c4ea8518a9ee47c4ed14d0bd35eca560319c8ea24755d71a4e030850bc4dc60389f325804021204ccebc25fedbd32edd8d8446aa23ce56a85f779e858d36af7c073c115e341f412c660fab800fe74c50e714ee086e2fbc8d7abbf3e98fb40ca27f1f01a9aadd8cc2275c2dd3f76e4c1d81c4b792daecc9fe66044941b8b2918486dd4acb562a7b58ad8c60c21b83cf48aefa7256a1ed809e669811f484364970bc5695089919bc32d28ea752e8e318ceff467f77ae1977c5ffd79c17c2da8bc7f823dd94398683189945f8b79238a4e815b142b866acbdbcb7aea7f143fffb7cc2b4b54bbf361afda913ad6df1e49dfd6b532642e63f55d893a470d40370665cfb74efd3f59cb0ff6006174ca35f53b97c543e08af4bf5bb75ff9031610652a3f6f2a0cfe97e7a521f3d2a289114ded34772b0e49817bde1cb924ff514e2866a09e3ede0782d2c0c98e6814b8c1e778cf8306348c933adb2e472dba09db954ff49648373395a2f0181958feb1ea2834c99532873db5c88eb5289c77e90015203ef502ac8e1c48fa1a06dafa6519d52dae3c5567570dd2434e671927c66363f783156893f138a84c75664b30ae4275112736d53d4f399ddda3d23067c073f521afba1f7be585513c2cec9c8f08d2a22c3c85392cd2ae50f3928251f86b310c69a0f8c4e853ab3f3e8129b0566ef4bbbe80b8c02c8928a4de56c0d119a45bbf5af1808d488852d8a45beb0d683248a4d65de1526b3d1d2ffc1f22215b608468cbc3bd39514b397fc0db0f113dbe6fce4652e82ff895b2b4387e041d7e4e7bde4694769665e81: +f5e5767cf153319517630f226876b86c8160cc583bc013744c6bf255f5cc0ee5278117fc144c72340f67d0f2316e8386ceffbf2b2428c9c51fef7c597f1d426e:278117fc144c72340f67d0f2316e8386ceffbf2b2428c9c51fef7c597f1d426e:08b8b2b733424243760fe426a4b54908632110a66c2f6591eabd3345e3e4eb98fa6e264bf09efe12ee50f8f54e9f77b1e355f6c50544e23fb1433ddf73be84d879de7c0046dc4996d9e773f4bc9efe5738829adb26c81b37c93a1b270b20329d658675fc6ea534e0810a4432826bf58c941efb65d57a338bbd2e26640f89ffbc1a858efcb8550ee3a5e1998bd177e93a7363c344fe6b199ee5d02e82d522c4feba15452f80288a821a579116ec6dad2b3b310da903401aa62100ab5d1a36553e06203b33890cc9b832f79ef80560ccb9a39ce767967ed628c6ad573cb116dbefefd75499da96bd68a8a97b928a8bbc103b6621fcde2beca1231d206be6cd9ec7aff6f6c94fcd7204ed3455c68c83f4a41da4af2b74ef5c53f1d8ac70bdcb7ed185ce81bd84359d44254d95629e9855a94a7c1958d1f8ada5d0532ed8a5aa3fb2d17ba70eb6248e594e1a2297acbbb39d502f1a8c6eb6f1ce22b3de1a1f40cc24554119a831a9aad6079cad88425de6bde1a9187ebb6092cf67bf2b13fd65f27088d78b7e883c8759d2c4f5c65adb7553878ad575f9fad878e80a0c9ba63bcbcc2732e69485bbc9c90bfbd62481d9089beccf80cfe2df16a2cf65bd92dd597b0707e0917af48bbb75fed413d238f5555a7a569d80c3414a8d0859dc65a46128bab27af87a71314f318c782b23ebfe808b82b0ce26401d2e22f04d83d1255dc51addd3b75a2b1ae0784504df543af8969be3ea7082ff7fc9888c144da2af58429ec96031dbcad3dad9af0dcbaaaf268cb8fcffead94f3c7ca495e056a9b47acdb751fb73e666c6c655ade8297297d07ad1ba5e43f1bca32301651339e22904cc8c42f58c30c04aafdb038dda0847dd988dcda6f3bfd15c4b4c4525004aa06eeff8ca61783aacec57fb3d1f92b0fe2fd1a85f6724517b65e614ad6808d6f6ee34dff7310fdc82aebfd904b01e1dc54b2927094b2db68d6f903b68401adebf5a7e08d78ff4ef5d63653a65040cf9bfd4aca7984a74d37145986780fc0b16ac451649de6188a7dbdf191f64b5fc5e2ab47b57f7f7276cd419c17a3ca8e1b939ae49e488acba6b965610b5480109c8b17b80e1b7b750dfc7598d5d5011fd2dcc5600a32ef5b52a1ecc820e308aa342721aac0943bf6686b64b2579376504ccc493d97e6aed3fb0f9cd71a43dd497f01f17c0e2cb3797aa2a2f256656168e6c496afc5fb93246f6b1116398a346f1a641f3b041e989f7914f90cc2c7fff357876e506b50d334ba77c225bc307ba537152f3f1610e4eafe595f6d9d90d11faa933a15ef1369546868a7f3a45a96768d40fd9d03412c091c6315cf4fde7cb68606937380db2eaaa707b4c4185c32eddcdd306705e4dc1ffc872eeee475a64dfac86aba41c0618983f8741c5ef68d3a101e8a3b8cac60c905c15fc910840b94c00a0b9d0:0aab4c900501b3e24d7cdf4663326a3a87df5e4843b2cbdb67cbf6e460fec350aa5371b1508f9f4528ecea23c436d94b5e8fcd4f681e30a6ac00a9704a188a0308b8b2b733424243760fe426a4b54908632110a66c2f6591eabd3345e3e4eb98fa6e264bf09efe12ee50f8f54e9f77b1e355f6c50544e23fb1433ddf73be84d879de7c0046dc4996d9e773f4bc9efe5738829adb26c81b37c93a1b270b20329d658675fc6ea534e0810a4432826bf58c941efb65d57a338bbd2e26640f89ffbc1a858efcb8550ee3a5e1998bd177e93a7363c344fe6b199ee5d02e82d522c4feba15452f80288a821a579116ec6dad2b3b310da903401aa62100ab5d1a36553e06203b33890cc9b832f79ef80560ccb9a39ce767967ed628c6ad573cb116dbefefd75499da96bd68a8a97b928a8bbc103b6621fcde2beca1231d206be6cd9ec7aff6f6c94fcd7204ed3455c68c83f4a41da4af2b74ef5c53f1d8ac70bdcb7ed185ce81bd84359d44254d95629e9855a94a7c1958d1f8ada5d0532ed8a5aa3fb2d17ba70eb6248e594e1a2297acbbb39d502f1a8c6eb6f1ce22b3de1a1f40cc24554119a831a9aad6079cad88425de6bde1a9187ebb6092cf67bf2b13fd65f27088d78b7e883c8759d2c4f5c65adb7553878ad575f9fad878e80a0c9ba63bcbcc2732e69485bbc9c90bfbd62481d9089beccf80cfe2df16a2cf65bd92dd597b0707e0917af48bbb75fed413d238f5555a7a569d80c3414a8d0859dc65a46128bab27af87a71314f318c782b23ebfe808b82b0ce26401d2e22f04d83d1255dc51addd3b75a2b1ae0784504df543af8969be3ea7082ff7fc9888c144da2af58429ec96031dbcad3dad9af0dcbaaaf268cb8fcffead94f3c7ca495e056a9b47acdb751fb73e666c6c655ade8297297d07ad1ba5e43f1bca32301651339e22904cc8c42f58c30c04aafdb038dda0847dd988dcda6f3bfd15c4b4c4525004aa06eeff8ca61783aacec57fb3d1f92b0fe2fd1a85f6724517b65e614ad6808d6f6ee34dff7310fdc82aebfd904b01e1dc54b2927094b2db68d6f903b68401adebf5a7e08d78ff4ef5d63653a65040cf9bfd4aca7984a74d37145986780fc0b16ac451649de6188a7dbdf191f64b5fc5e2ab47b57f7f7276cd419c17a3ca8e1b939ae49e488acba6b965610b5480109c8b17b80e1b7b750dfc7598d5d5011fd2dcc5600a32ef5b52a1ecc820e308aa342721aac0943bf6686b64b2579376504ccc493d97e6aed3fb0f9cd71a43dd497f01f17c0e2cb3797aa2a2f256656168e6c496afc5fb93246f6b1116398a346f1a641f3b041e989f7914f90cc2c7fff357876e506b50d334ba77c225bc307ba537152f3f1610e4eafe595f6d9d90d11faa933a15ef1369546868a7f3a45a96768d40fd9d03412c091c6315cf4fde7cb68606937380db2eaaa707b4c4185c32eddcdd306705e4dc1ffc872eeee475a64dfac86aba41c0618983f8741c5ef68d3a101e8a3b8cac60c905c15fc910840b94c00a0b9d0: diff --git a/files-ftp-fs/NOTICE.txt b/files-ftp-fs/NOTICE.txt new file mode 100644 index 0000000..5745338 --- /dev/null +++ b/files-ftp-fs/NOTICE.txt @@ -0,0 +1,6 @@ +The ftp-fs is derived from + +https://github.com/robtimus/ftp-fs/ + +Copyright by Rob Spoor +Licensed under the Apache Software License 2.0 \ No newline at end of file diff --git a/files-ftp-fs/build.gradle b/files-ftp-fs/build.gradle new file mode 100644 index 0000000..23eaa6a --- /dev/null +++ b/files-ftp-fs/build.gradle @@ -0,0 +1,7 @@ +dependencies { + api project(':files-ftp') + testImplementation "org.mockftpserver:MockFtpServer:${project.property('mockftpserver.version')}" + testImplementation "org.junit.jupiter:junit-jupiter-params:${project.property('junit.version')}" + testImplementation "org.mockito:mockito-core:${project.property('mockito.version')}" + testImplementation "org.mockito:mockito-junit-jupiter:${project.property('mockito.version')}" +} diff --git a/files-ftp-fs/src/main/java/module-info.java b/files-ftp-fs/src/main/java/module-info.java new file mode 100644 index 0000000..15186f8 --- /dev/null +++ b/files-ftp-fs/src/main/java/module-info.java @@ -0,0 +1,5 @@ +module org.xbib.files.ftp.fs { + requires org.xbib.files.ftp; + provides java.nio.file.spi.FileSystemProvider + with org.xbib.io.ftp.fs.FTPFileSystemProvider; +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/AbstractDirectoryStream.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/AbstractDirectoryStream.java new file mode 100644 index 0000000..749c884 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/AbstractDirectoryStream.java @@ -0,0 +1,132 @@ +package org.xbib.io.ftp.fs; + +import java.io.IOException; +import java.nio.file.DirectoryIteratorException; +import java.nio.file.DirectoryStream; +import java.util.Iterator; +import java.util.NoSuchElementException; + +/** + * This class provides a skeletal implementation of the {@link DirectoryStream} interface to minimize the effort + * required to implement this interface. + * It will take care of ending iteration when the stream is closed, and making sure that {@link #iterator()} + * is only called once. + * Subclasses often only need to implement {@link #getNext()}. Optionally, if they need perform setup steps before + * iteration, they should override + * {@link #setupIteration()} as well. + * + * @param The type of element returned by the iterator. + */ +public abstract class AbstractDirectoryStream implements DirectoryStream { + + private final Filter filter; + + private boolean open = true; + private Iterator iterator = null; + + /** + * Creates a new {@code DirectoryStream}. + * + * @param filter The optional filter to use. + */ + public AbstractDirectoryStream(Filter filter) { + this.filter = filter; + } + + @Override + public synchronized void close() throws IOException { + open = false; + } + + private synchronized boolean isOpen() { + return open; + } + + @Override + public synchronized Iterator iterator() { + if (!open) { + throw Messages.directoryStream().closed(); + } + if (iterator != null) { + throw Messages.directoryStream().iteratorAlreadyReturned(); + } + iterator = new Iterator() { + private T next = null; + private State state = State.UNSPECIFIED; + + @Override + public boolean hasNext() { + if (state == State.UNSPECIFIED) { + next = getNextElement(); + state = next != null ? State.ACTIVE : State.ENDED; + } + return state == State.ACTIVE; + } + + @Override + public T next() { + if (!hasNext()) { + throw new NoSuchElementException(); + } + T result = next; + next = null; + state = State.UNSPECIFIED; + return result; + } + + @Override + public void remove() { + throw new UnsupportedOperationException(); + } + }; + setupIteration(); + return iterator; + } + + private T getNextElement() { + while (isOpen()) { + try { + T next = getNext(); + if (next == null) { + return null; + } + if (filter == null || filter.accept(next)) { + return next; + } + } catch (IOException e) { + throw new DirectoryIteratorException(e); + } + } + return null; + } + + /** + * Performs the necessary steps to setup iteration. The default implementation does nothing. + */ + protected void setupIteration() { + // does nothing + } + + /** + * Returns the next element in iteration. + * + * @return The next element in iteration, or {@code null} if there is no more next element. + * @throws IOException If the next element could not be retrieved. + */ + protected abstract T getNext() throws IOException; + + private enum State { + /** + * Indicates a lookahead iterator is still active (i.e. there is a next element). + */ + ACTIVE, + /** + * Indicates a lookahead iterator has ended (i.e. there is no next element). + */ + ENDED, + /** + * Indicates it's not known whether or not a lookahead iterator has a next element or not. + */ + UNSPECIFIED, + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/AbstractPath.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/AbstractPath.java new file mode 100644 index 0000000..0f27a21 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/AbstractPath.java @@ -0,0 +1,151 @@ +package org.xbib.io.ftp.fs; + +import java.io.File; +import java.io.IOException; +import java.nio.file.FileSystem; +import java.nio.file.Path; +import java.nio.file.WatchEvent; +import java.nio.file.WatchEvent.Kind; +import java.nio.file.WatchKey; +import java.nio.file.WatchService; +import java.util.Iterator; +import java.util.NoSuchElementException; +import java.util.Objects; + +/** + * This class provides a skeletal implementation of the {@link Path} interface to minimize the effort + * required to implement this interface. + */ +public abstract class AbstractPath implements Path { + + private static final WatchEvent.Modifier[] NO_MODIFIERS = {}; + + /** + * Returns the name of the file or directory denoted by this path as a {@code Path} object. + *

    + * This implementation returns {@link #getName(int) getName(i)}, where {@code i} is equal to {@link #getNameCount()}{@code - 1}. + * If {@code getNameCount()} returns {@code 0} this method returns {@code null}. + */ + @Override + public Path getFileName() { + int nameCount = getNameCount(); + return nameCount == 0 ? null : getName(nameCount - 1); + } + + /** + * Returns a name element of this path as a {@code Path} object. + *

    + * This implementation calls {@link #subpath(int, int) subpath(index, index + 1)}. + */ + @Override + public Path getName(int index) { + return subpath(index, index + 1); + } + + /** + * Tests if this path starts with a {@code Path}, constructed by converting the given path string. + *

    + * This implementation uses this path's {@link #getFileSystem() FileSystem} to {@link FileSystem#getPath(String, String...) convert} the given + * string into a {@code Path}, then calls {@link #startsWith(Path)}. + */ + @Override + public boolean startsWith(String other) { + return startsWith(getFileSystem().getPath(other)); + } + + /** + * Tests if this path ends with a {@code Path}, constructed by converting the given path string. + *

    + * This implementation uses this path's {@link #getFileSystem() FileSystem} to {@link FileSystem#getPath(String, String...) convert} the given + * string into a {@code Path}, then calls {@link #endsWith(Path)}. + */ + @Override + public boolean endsWith(String other) { + return endsWith(getFileSystem().getPath(other)); + } + + /** + * Converts a given path string to a {@code Path} and resolves it against this {@code Path}. + *

    + * This implementation uses this path's {@link #getFileSystem() FileSystem} to {@link FileSystem#getPath(String, String...) convert} the given + * string into a {@code Path}, then calls {@link #resolve(Path)}. + */ + @Override + public Path resolve(String other) { + return resolve(getFileSystem().getPath(other)); + } + + /** + * Converts a given path string to a {@code Path} and resolves it against this path's {@link #getParent parent} path. + *

    + * This implementation uses this path's {@link #getFileSystem() FileSystem} to {@link FileSystem#getPath(String, String...) convert} the given + * string into a {@code Path}, then calls {@link #resolveSibling(Path)}. + */ + @Override + public Path resolveSibling(String other) { + return resolveSibling(getFileSystem().getPath(other)); + } + + /** + * Resolves the given path against this path's {@link #getParent parent} path. + *

    + * This implementation returns {@code getParent().}{@link Path#resolve(Path) resolve(other)}, or {@code other} if this path has no parent. + */ + @Override + public Path resolveSibling(Path other) { + Objects.requireNonNull(other); + Path parent = getParent(); + return parent == null ? other : parent.resolve(other); + } + + /** + * Returns a {@link File} object representing this path. + *

    + * This implementation will always throw an {@link UnsupportedOperationException} as per the contract of {@link Path#toFile()}. + */ + @Override + public File toFile() { + throw Messages.unsupportedOperation(Path.class, "toFile"); + } + + /** + * Registers the file located by this path with a watch service. + */ + @Override + public WatchKey register(WatchService watcher, Kind... events) throws IOException { + return register(watcher, events, NO_MODIFIERS); + } + + /** + * Returns an iterator over the name elements of this path. + *

    + * This implementation returns an iterator that uses {@link #getNameCount()} to determine whether or not there are more elements, + * and {@link #getName(int)} to return the elements. + */ + @Override + public Iterator iterator() { + return new Iterator() { + private int index = 0; + + @Override + public boolean hasNext() { + return index < getNameCount(); + } + + @Override + public Path next() { + if (hasNext()) { + Path result = getName(index); + index++; + return result; + } + throw new NoSuchElementException(); + } + + @Override + public void remove() { + throw new UnsupportedOperationException(); + } + }; + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/ConnectionMode.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/ConnectionMode.java new file mode 100644 index 0000000..93150a6 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/ConnectionMode.java @@ -0,0 +1,29 @@ +package org.xbib.io.ftp.fs; + +import org.xbib.io.ftp.client.FTPClient; + +/** + * The possible FTP connection modes. Note that server-to-server is not supported. + */ +public enum ConnectionMode { + /** + * Indicates that FTP servers should connect to clients' data ports to initiate data transfers. + */ + ACTIVE { + @Override + void apply(FTPClient client) { + client.enterLocalActiveMode(); + } + }, + /** + * Indicates that FTP servers are in passive mode, requiring clients to connect to the servers' data ports to initiate transfers. + */ + PASSIVE { + @Override + void apply(FTPClient client) { + client.enterLocalPassiveMode(); + } + },; + + abstract void apply(FTPClient client); +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/CopyOptions.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/CopyOptions.java new file mode 100644 index 0000000..448b548 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/CopyOptions.java @@ -0,0 +1,101 @@ +package org.xbib.io.ftp.fs; + +import java.nio.file.CopyOption; +import java.nio.file.LinkOption; +import java.nio.file.OpenOption; +import java.nio.file.StandardCopyOption; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.List; + +/** + * A representation of possible copy options. + */ +final class CopyOptions extends TransferOptions { + + public final boolean replaceExisting; + + public final Collection options; + + private CopyOptions(boolean replaceExisting, + FileType fileType, FileStructure fileStructure, FileTransferMode fileTransferMode, + Collection options) { + + super(fileType, fileStructure, fileTransferMode); + this.replaceExisting = replaceExisting; + + this.options = options; + } + + static CopyOptions forCopy(CopyOption... options) { + + boolean replaceExisting = false; + FileType fileType = null; + FileStructure fileStructure = null; + FileTransferMode fileTransferMode = null; + + for (CopyOption option : options) { + if (option == StandardCopyOption.REPLACE_EXISTING) { + replaceExisting = true; + } else if (option instanceof FileType) { + fileType = setOnce((FileType) option, fileType, options); + } else if (option instanceof FileStructure) { + fileStructure = setOnce((FileStructure) option, fileStructure, options); + } else if (option instanceof FileTransferMode) { + fileTransferMode = setOnce((FileTransferMode) option, fileTransferMode, options); + } else if (!isIgnoredCopyOption(option)) { + throw Messages.fileSystemProvider().unsupportedCopyOption(option); + } + } + + return new CopyOptions(replaceExisting, fileType, fileStructure, fileTransferMode, Arrays.asList(options)); + } + + static CopyOptions forMove(boolean sameFileSystem, CopyOption... options) { + + boolean replaceExisting = false; + FileType fileType = null; + FileStructure fileStructure = null; + FileTransferMode fileTransferMode = null; + + for (CopyOption option : options) { + if (option == StandardCopyOption.REPLACE_EXISTING) { + replaceExisting = true; + } else if (option instanceof FileType) { + fileType = setOnce((FileType) option, fileType, options); + } else if (option instanceof FileStructure) { + fileStructure = setOnce((FileStructure) option, fileStructure, options); + } else if (option instanceof FileTransferMode) { + fileTransferMode = setOnce((FileTransferMode) option, fileTransferMode, options); + } else if (!(option == StandardCopyOption.ATOMIC_MOVE && sameFileSystem) && !isIgnoredCopyOption(option)) { + throw Messages.fileSystemProvider().unsupportedCopyOption(option); + } + } + + return new CopyOptions(replaceExisting, fileType, fileStructure, fileTransferMode, Arrays.asList(options)); + } + + private static T setOnce(T newValue, T existing, CopyOption... options) { + if (existing != null && !existing.equals(newValue)) { + throw Messages.fileSystemProvider().illegalCopyOptionCombination(options); + } + return newValue; + } + + private static boolean isIgnoredCopyOption(CopyOption option) { + return option == LinkOption.NOFOLLOW_LINKS; + } + + public Collection toOpenOptions(OpenOption... additional) { + List openOptions = new ArrayList<>(options.size() + additional.length); + for (CopyOption option : options) { + if (option instanceof OpenOption) { + openOptions.add((OpenOption) option); + } + } + Collections.addAll(openOptions, additional); + return openOptions; + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/DefaultFileSystemExceptionFactory.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/DefaultFileSystemExceptionFactory.java new file mode 100644 index 0000000..1f43b65 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/DefaultFileSystemExceptionFactory.java @@ -0,0 +1,57 @@ +package org.xbib.io.ftp.fs; + +import java.nio.file.FileAlreadyExistsException; +import java.nio.file.FileSystemException; +import java.nio.file.NoSuchFileException; +import java.nio.file.OpenOption; +import java.util.Collection; + +/** + * A default {@link FileSystemExceptionFactory} that always returns an {@link FTPFileSystemException} + * unless specified otherwise. + */ +public class DefaultFileSystemExceptionFactory implements FileSystemExceptionFactory { + + static final DefaultFileSystemExceptionFactory INSTANCE = new DefaultFileSystemExceptionFactory(); + + @Override + public FileSystemException createGetFileException(String file, int replyCode, String replyString) { + return new NoSuchFileException(file); + } + + @Override + public FileSystemException createChangeWorkingDirectoryException(String directory, int replyCode, String replyString) { + return new FTPFileSystemException(directory, replyCode, replyString); + } + + @Override + public FileAlreadyExistsException createCreateDirectoryException(String directory, int replyCode, String replyString) { + return new FileAlreadyExistsException(directory); + } + + @Override + public FileSystemException createDeleteException(String file, int replyCode, String replyString, boolean isDirectory) { + return new FTPFileSystemException(file, replyCode, replyString); + } + + @Override + public FileSystemException createNewInputStreamException(String file, int replyCode, String replyString) { + return new FTPFileSystemException(file, replyCode, replyString); + } + + @Override + public FileSystemException createNewOutputStreamException(String file, int replyCode, String replyString, + Collection options) { + return new FTPFileSystemException(file, replyCode, replyString); + } + + @Override + public FileSystemException createCopyException(String file, String other, int replyCode, String replyString) { + return new FTPFileSystemException(file, other, replyCode, replyString); + } + + @Override + public FileSystemException createMoveException(String file, String other, int replyCode, String replyString) { + return new FTPFileSystemException(file, other, replyCode, replyString); + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPClientPool.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPClientPool.java new file mode 100644 index 0000000..bd7e29d --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPClientPool.java @@ -0,0 +1,446 @@ +package org.xbib.io.ftp.fs; + +import org.xbib.io.ftp.client.FTPClient; +import org.xbib.io.ftp.client.FTPFile; +import org.xbib.io.ftp.client.FTPFileFilter; + +import java.io.Closeable; +import java.io.IOException; +import java.io.InputStream; +import java.io.InterruptedIOException; +import java.io.OutputStream; +import java.nio.file.OpenOption; +import java.time.ZonedDateTime; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; +import java.util.concurrent.ArrayBlockingQueue; +import java.util.concurrent.BlockingQueue; + +/** + * A pool of FTP clients, allowing multiple commands to be executed concurrently. + */ +final class FTPClientPool { + + private final String hostname; + private final int port; + + private final FTPEnvironment env; + private final FileSystemExceptionFactory exceptionFactory; + + private final BlockingQueue pool; + + FTPClientPool(String hostname, int port, FTPEnvironment env) throws IOException { + this.hostname = hostname; + this.port = port; + this.env = env.clone(); + this.exceptionFactory = env.getExceptionFactory(); + final int poolSize = env.getClientConnectionCount(); + this.pool = new ArrayBlockingQueue<>(poolSize); + + try { + for (int i = 0; i < poolSize; i++) { + pool.add(new Client(true)); + } + } catch (IOException e) { + // creating the pool failed, disconnect all clients + for (Client client : pool) { + try { + client.disconnect(); + } catch (IOException e2) { + e.addSuppressed(e2); + } + } + throw e; + } + } + + Client get() throws IOException { + try { + Client client = pool.take(); + try { + if (!client.isConnected()) { + client = new Client(true); + } + } catch (final Exception e) { + // could not create a new client; re-add the broken client to the pool to prevent pool starvation + pool.add(client); + throw e; + } + client.increaseRefCount(); + return client; + + } catch (InterruptedException e) { + Thread.currentThread().interrupt(); + + InterruptedIOException iioe = new InterruptedIOException(e.getMessage()); + iioe.initCause(e); + throw iioe; + } + } + + Client getOrCreate() throws IOException { + Client client = pool.poll(); + if (client == null) { + // nothing was taken from the pool, so no risk of pool starvation if creating the client fails + return new Client(false); + } + try { + if (!client.isConnected()) { + client = new Client(true); + } + } catch (final Exception e) { + // could not create a new client; re-add the broken client to the pool to prevent pool starvation + pool.add(client); + throw e; + } + client.increaseRefCount(); + return client; + } + + void keepAlive() throws IOException { + List clients = new ArrayList<>(); + pool.drainTo(clients); + + IOException exception = null; + for (Client client : clients) { + try { + client.keepAlive(); + } catch (IOException e) { + exception = add(exception, e); + } finally { + returnToPool(client); + } + } + if (exception != null) { + throw exception; + } + } + + void close() throws IOException { + List clients = new ArrayList<>(); + pool.drainTo(clients); + + IOException exception = null; + for (Client client : clients) { + try { + client.disconnect(); + } catch (IOException e) { + exception = add(exception, e); + } + } + if (exception != null) { + throw exception; + } + } + + private IOException add(IOException existing, IOException e) { + if (existing == null) { + return e; + } + existing.addSuppressed(e); + return existing; + } + + private void returnToPool(Client client) { + assert client.refCount == 0; + + pool.add(client); + } + + final class Client implements Closeable { + + private final FTPClient client; + private final boolean pooled; + + private FileType fileType; + private FileStructure fileStructure; + private FileTransferMode fileTransferMode; + + private int refCount = 0; + + private Client(boolean pooled) throws IOException { + this.client = env.createClient(hostname, port); + this.pooled = pooled; + + this.fileType = env.getDefaultFileType(); + this.fileStructure = env.getDefaultFileStructure(); + this.fileTransferMode = env.getDefaultFileTransferMode(); + } + + private void increaseRefCount() { + refCount++; + } + + private int decreaseRefCount() { + if (refCount > 0) { + refCount--; + } + return refCount; + } + + private void keepAlive() throws IOException { + client.sendNoOp(); + } + + private boolean isConnected() { + if (client.isConnected()) { + try { + keepAlive(); + return true; + } catch (IOException e) { + // the keep alive failed - treat as not connected, and actually disconnect quietly + disconnectQuietly(); + } + } + return false; + } + + private void disconnect() throws IOException { + client.disconnect(); + } + + private void disconnectQuietly() { + try { + client.disconnect(); + } catch (IOException e) { + // ignore + } + } + + @Override + public void close() throws IOException { + if (decreaseRefCount() == 0) { + if (pooled) { + returnToPool(this); + } else { + disconnect(); + } + } + } + + String pwd() throws IOException { + String pwd = client.printWorkingDirectory(); + if (pwd == null) { + throw new FTPFileSystemException(client.getReplyCode(), client.getReplyString()); + } + return pwd; + } + + private void applyTransferOptions(TransferOptions options) throws IOException { + if (options.fileType != null && options.fileType != fileType) { + options.fileType.apply(client); + fileType = options.fileType; + } + if (options.fileStructure != null && options.fileStructure != fileStructure) { + options.fileStructure.apply(client); + fileStructure = options.fileStructure; + } + if (options.fileTransferMode != null && options.fileTransferMode != fileTransferMode) { + options.fileTransferMode.apply(client); + fileTransferMode = options.fileTransferMode; + } + } + + InputStream newInputStream(String path, OpenOptions options) throws IOException { + assert options.read; + + applyTransferOptions(options); + + InputStream in = client.retrieveFileStream(path); + if (in == null) { + throw exceptionFactory.createNewInputStreamException(path, client.getReplyCode(), client.getReplyString()); + } + refCount++; + return new FTPInputStream(path, in, options.deleteOnClose); + } + + OutputStream newOutputStream(String path, OpenOptions options) throws IOException { + assert options.write; + + applyTransferOptions(options); + + OutputStream out = options.append ? client.appendFileStream(path) : client.storeFileStream(path); + if (out == null) { + throw exceptionFactory.createNewOutputStreamException(path, client.getReplyCode(), client.getReplyString(), options.options); + } + refCount++; + return new FTPOutputStream(path, out, options.deleteOnClose); + } + + private void finalizeStream() throws IOException { + assert refCount > 0; + + if (!client.completePendingCommand()) { + throw new FTPFileSystemException(client.getReplyCode(), client.getReplyString()); + } + if (decreaseRefCount() == 0) { + if (pooled) { + returnToPool(Client.this); + } else { + disconnect(); + } + } + } + + void storeFile(String path, InputStream local, TransferOptions options, Collection openOptions) throws IOException { + applyTransferOptions(options); + + if (!client.storeFile(path, local)) { + throw exceptionFactory.createNewOutputStreamException(path, client.getReplyCode(), client.getReplyString(), openOptions); + } + } + + FTPFile[] listFiles(String path) throws IOException { + return client.listFiles(path); + } + + FTPFile[] listFiles(String path, FTPFileFilter filter) throws IOException { + return client.listFiles(path, filter); + } + + void throwIfEmpty(String path, FTPFile[] ftpFiles) throws IOException { + if (ftpFiles.length == 0) { + throw exceptionFactory.createGetFileException(path, client.getReplyCode(), client.getReplyString()); + } + } + + void mkdir(String path) throws IOException { + if (!client.makeDirectory(path)) { + throw exceptionFactory.createCreateDirectoryException(path, client.getReplyCode(), client.getReplyString()); + } + } + + void delete(String path, boolean isDirectory) throws IOException { + boolean success = isDirectory ? client.removeDirectory(path) : client.deleteFile(path); + if (!success) { + throw exceptionFactory.createDeleteException(path, client.getReplyCode(), client.getReplyString(), isDirectory); + } + } + + void rename(String source, String target) throws IOException { + if (!client.rename(source, target)) { + throw exceptionFactory.createMoveException(source, target, client.getReplyCode(), client.getReplyString()); + } + } + + ZonedDateTime mdtm(String path) throws IOException { + FTPFile file = client.mdtmFile(path); + return file == null ? null : file.getTimestamp(); + } + + private final class FTPInputStream extends InputStream { + + private final String path; + private final InputStream in; + private final boolean deleteOnClose; + + private boolean open = true; + + private FTPInputStream(String path, InputStream in, boolean deleteOnClose) { + this.path = path; + this.in = in; + this.deleteOnClose = deleteOnClose; + } + + @Override + public int read() throws IOException { + return in.read(); + } + + @Override + public int read(byte[] b) throws IOException { + return in.read(b); + } + + @Override + public int read(byte[] b, int off, int len) throws IOException { + return in.read(b, off, len); + } + + @Override + public long skip(long n) throws IOException { + return in.skip(n); + } + + @Override + public int available() throws IOException { + return in.available(); + } + + @Override + public void close() throws IOException { + if (open) { + in.close(); + open = false; + finalizeStream(); + if (deleteOnClose) { + delete(path, false); + } + } + } + + @Override + public synchronized void mark(int readlimit) { + in.mark(readlimit); + } + + @Override + public synchronized void reset() throws IOException { + in.reset(); + } + + @Override + public boolean markSupported() { + return in.markSupported(); + } + } + + private final class FTPOutputStream extends OutputStream { + + private final String path; + private final OutputStream out; + private final boolean deleteOnClose; + + private boolean open = true; + + private FTPOutputStream(String path, OutputStream out, boolean deleteOnClose) { + this.path = path; + this.out = out; + this.deleteOnClose = deleteOnClose; + } + + @Override + public void write(int b) throws IOException { + out.write(b); + } + + @Override + public void write(byte[] b) throws IOException { + out.write(b); + } + + @Override + public void write(byte[] b, int off, int len) throws IOException { + out.write(b, off, len); + } + + @Override + public void flush() throws IOException { + out.flush(); + } + + @Override + public void close() throws IOException { + if (open) { + out.close(); + open = false; + finalizeStream(); + if (deleteOnClose) { + delete(path, false); + } + } + } + } + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPEnvironment.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPEnvironment.java new file mode 100644 index 0000000..7e10fd5 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPEnvironment.java @@ -0,0 +1,877 @@ +package org.xbib.io.ftp.fs; + +import org.xbib.io.ftp.client.FTP; +import org.xbib.io.ftp.client.FTPClient; +import org.xbib.io.ftp.client.FTPClientConfig; +import org.xbib.io.ftp.client.FTPFileEntryParser; +import org.xbib.io.ftp.client.parser.FTPFileEntryParserFactory; + +import javax.net.ServerSocketFactory; +import javax.net.SocketFactory; +import java.io.IOException; +import java.net.InetAddress; +import java.net.InetSocketAddress; +import java.net.Proxy; +import java.net.Socket; +import java.net.SocketAddress; +import java.net.URI; +import java.nio.charset.Charset; +import java.nio.file.Path; +import java.nio.file.spi.FileSystemProvider; +import java.util.Collection; +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; +import java.util.Set; +import java.util.concurrent.TimeUnit; + +/** + * A utility class to set up environments that can be used in the {@link FileSystemProvider#newFileSystem(URI, Map)} + * and {@link FileSystemProvider#newFileSystem(Path, Map)} methods of {@link FTPFileSystemProvider}. + */ +public class FTPEnvironment implements Map, Cloneable { + + // connect support + + private static final String LOCAL_ADDR = "localAddr"; + private static final String LOCAL_PORT = "localPort"; + + // login support + + private static final String USERNAME = "username"; + private static final String PASSWORD = "password"; + private static final String ACCOUNT = "account"; + + // SocketClient + + private static final String SO_TIMEOUT = "soTimeout"; + private static final String SEND_BUFFER_SIZE = "sendBufferSize"; + private static final String RECEIVE_BUFFER_SIZE = "receiveBufferSize"; + private static final String TCP_NO_DELAY = "tcpNoDelay"; + private static final String KEEP_ALIVE = "keepAlive"; + private static final String SO_LINGER_ON = "soLinger.on"; + private static final String SO_LINGER_VALUE = "soLinger.val"; + private static final String SOCKET_FACTORY = "socketFactory"; + private static final String SERVER_SOCKET_FACTORY = "serverSocketFactory"; + private static final String CONNECT_TIMEOUT = "connectTimeout"; + private static final String PROXY = "proxy"; + private static final String CHARSET = "charset"; + + // FTP + + private static final String CONTROL_ENCODING = "controlEncoding"; + private static final String STRICT_MULTILINE_PARSING = "strictMultilineParsing"; + + // FTPClient + + private static final String DATA_TIMEOUT = "dataTimeout"; + private static final String PARSER_FACTORY = "parserFactory"; + private static final String REMOTE_VERIFICATION_ENABLED = "remoteVerificationEnabled"; + private static final String DEFAULT_DIR = "defaultDir"; + private static final String CONNECTION_MODE = "connectionMode"; + private static final String ACTIVE_PORT_RANGE_MIN = "activePortRange.min"; + private static final String ACTIVE_PORT_RANGE_MAX = "activePortRange.max"; + private static final String ACTIVE_EXTERNAL_IP_ADDRESS = "activeExternalIPAddress"; + private static final String PASSIVE = "passive"; + private static final String PASSIVE_LOCAL_IP_ADDRESS = "passiveLocalIPAddress"; + private static final String REPORT_ACTIVE_EXTERNAL_IP_ADDRESS = "reportActiveExternalIPAddress"; + private static final String BUFFER_SIZE = "bufferSize"; + private static final String SEND_DATA_SOCKET_BUFFER_SIZE = "sendDataSocketBufferSize"; + private static final String RECEIVE_DATA_SOCKET_BUFFER_SIZE = "receiveDataSocketBufferSize"; + private static final String CLIENT_CONFIG = "clientConfig"; + private static final String USE_EPSV_WITH_IPV4 = "useEPSVwithIPv4"; + private static final String CONTROL_KEEP_ALIVE_TIMEOUT = "controlKeepAliveTimeout"; + private static final String CONTROL_KEEP_ALIVE_REPLY_TIMEOUT = "controlKeepAliveReplyTimeout"; + private static final String PASSIVE_NAT_WORKAROUND_STRATEGY = "passiveNatWorkaroundStrategy"; + private static final String AUTODETECT_ENCODING = "autodetectEncoding"; + + // FTP file system support + + private static final int DEFAULT_CLIENT_CONNECTION_COUNT = 1; + private static final String CLIENT_CONNECTION_COUNT = "clientConnectionCount"; + private static final String FILE_SYSTEM_EXCEPTION_FACTORY = "fileSystemExceptionFactory"; + + private Map map; + + /** + * Creates a new FTP environment. + */ + public FTPEnvironment() { + map = new HashMap<>(); + } + + /** + * Creates a new FTP environment. + * + * @param map The map to wrap. + */ + public FTPEnvironment(Map map) { + this.map = Objects.requireNonNull(map); + } + + @SuppressWarnings("unchecked") + static FTPEnvironment wrap(Map map) { + if (map instanceof FTPEnvironment) { + return (FTPEnvironment) map; + } + return new FTPEnvironment((Map) map); + } + + /** + * Stores the local address to use. + * + * @param localAddr The local address to use. + * @param localPort The local port to use. + * @return This object. + * @see Socket#bind(SocketAddress) + * @see InetSocketAddress#InetSocketAddress(InetAddress, int) + */ + public FTPEnvironment withLocalAddress(InetAddress localAddr, int localPort) { + put(LOCAL_ADDR, localAddr); + put(LOCAL_PORT, localPort); + return this; + } + + // login support + + /** + * Stores the credentials to use. + * + * @param username The username to use. + * @param password The password to use. + * @return This object. + */ + public FTPEnvironment withCredentials(String username, char[] password) { + put(USERNAME, username); + put(PASSWORD, password); + return this; + } + + /** + * Stores the credentials to use. + * + * @param username The username to use. + * @param password The password to use. + * @param account The account to use. + * @return This object. + */ + public FTPEnvironment withCredentials(String username, char[] password, String account) { + put(USERNAME, username); + put(PASSWORD, password); + put(ACCOUNT, account); + return this; + } + + // SocketClient + + /** + * Stores the socket timeout. + * + * @param timeout The socket timeout in milliseconds. + * @return This object. + * @see Socket#setSoTimeout(int) + */ + public FTPEnvironment withSoTimeout(int timeout) { + put(SO_TIMEOUT, timeout); + return this; + } + + /** + * Stores the socket send buffer size to use. + * + * @param size The size of the buffer in bytes. + * @return This object. + * @see Socket#setSendBufferSize(int) + */ + public FTPEnvironment withSendBufferSize(int size) { + put(SEND_BUFFER_SIZE, size); + return this; + } + + /** + * Stores the socket receive buffer size to use. + * + * @param size The size of the buffer in bytes. + * @return This object. + * @see Socket#setReceiveBufferSize(int) + */ + public FTPEnvironment withReceiveBufferSize(int size) { + put(RECEIVE_BUFFER_SIZE, size); + return this; + } + + /** + * Stores whether or not the Nagle's algorithm ({@code TCP_NODELAY}) should be enabled. + * + * @param on {@code true} if Nagle's algorithm should be enabled, or {@code false} otherwise. + * @return This object. + * @see Socket#setTcpNoDelay(boolean) + */ + public FTPEnvironment withTcpNoDelay(boolean on) { + put(TCP_NO_DELAY, on); + return this; + } + + /** + * Stores whether or not {@code SO_KEEPALIVE} should be enabled. + * + * @param keepAlive {@code true} if keep-alive should be enabled, or {@code false} otherwise. + * @return This object. + * @see Socket#setKeepAlive(boolean) + */ + public FTPEnvironment withKeepAlive(boolean keepAlive) { + put(KEEP_ALIVE, keepAlive); + return this; + } + + /** + * Stores whether or not {@code SO_LINGER} should be enabled, and if so, the linger time. + * + * @param on {@code true} if {@code SO_LINGER} should be enabled, or {@code false} otherwise. + * @param linger The linger time in seconds, if {@code on} is {@code true}. + * @return This object. + * @see Socket#setSoLinger(boolean, int) + */ + public FTPEnvironment withSoLinger(boolean on, int linger) { + put(SO_LINGER_ON, on); + put(SO_LINGER_VALUE, linger); + return this; + } + + /** + * Stores the socket factory to use. + * + * @param factory The socket factory to use. + * @return This object. + */ + public FTPEnvironment withSocketFactory(SocketFactory factory) { + put(SOCKET_FACTORY, factory); + return this; + } + + /** + * Stores the server socket factory to use. + * + * @param factory The server socket factory to use. + * @return This object. + */ + public FTPEnvironment withServerSocketFactory(ServerSocketFactory factory) { + put(SERVER_SOCKET_FACTORY, factory); + return this; + } + + /** + * Stores the connection timeout to use. + * + * @param timeout The connection timeout in milliseconds. + * @return This object. + * @see Socket#connect(SocketAddress, int) + */ + public FTPEnvironment withConnectTimeout(int timeout) { + put(CONNECT_TIMEOUT, timeout); + return this; + } + + /** + * Stores the proxy to use. + * + * @param proxy The proxy to use. + * @return This object. + */ + public FTPEnvironment withProxy(Proxy proxy) { + put(PROXY, proxy); + return this; + } + + /** + * Stores the charset to use. + * + * @param charset The charset to use. + * @return This object. + */ + public FTPEnvironment withCharset(Charset charset) { + put(CHARSET, charset); + return this; + } + + // FTP + + /** + * Stores the character encoding to be used by the FTP control connection. + * Some FTP servers require that commands be issued in a non-ASCII encoding like UTF-8 so that filenames with multi-byte character + * representations (e.g, Big 8) can be specified. + * + * @param encoding The character encoding to use. + * @return This object. + */ + public FTPEnvironment withControlEncoding(String encoding) { + put(CONTROL_ENCODING, encoding); + return this; + } + + /** + * Stores whether or not strict multiline parsing should be enabled, as per RFC 959, section 4.2. + * + * @param strictMultilineParsing {@code true} to enable strict multiline parsing, or {@code false} to disable it. + * @return This object. + */ + public FTPEnvironment withStrictlyMultilineParsing(boolean strictMultilineParsing) { + put(STRICT_MULTILINE_PARSING, strictMultilineParsing); + return this; + } + + // FTPClient + + /** + * Stores the timeout in milliseconds to use when reading from data connections. + * + * @param timeout The timeout in milliseconds that is used when opening data connection sockets. + * @return This object. + */ + public FTPEnvironment withDataTimeout(int timeout) { + put(DATA_TIMEOUT, timeout); + return this; + } + + /** + * Stores the factory used for parser creation. + * + * @param parserFactory The factory object used to create {@link FTPFileEntryParser}s + * @return This object. + */ + public FTPEnvironment withParserFactory(FTPFileEntryParserFactory parserFactory) { + put(PARSER_FACTORY, parserFactory); + return this; + } + + /** + * Stores whether or not verification that the remote host taking part of a data connection is the same as the host to which the control + * connection is attached should be enabled. + * + * @param enabled {@code true} to enable verification, or {@code false} to disable verification. + * @return This object. + */ + public FTPEnvironment withRemoteVerificationEnabled(boolean enabled) { + put(REMOTE_VERIFICATION_ENABLED, enabled); + return this; + } + + /** + * Stores the default directory to use. + * If it exists, this will be the directory that relative paths are resolved to. + * + * @param pathname The default directory to use. + * @return This object. + */ + public FTPEnvironment withDefaultDirectory(String pathname) { + put(DEFAULT_DIR, pathname); + return this; + } + + /** + * Stores the connection mode to use. + * If the connection mode is not set, it will default to {@link ConnectionMode#ACTIVE}. + * + * @param connectionMode The connection mode to use. + * @return This object. + */ + public FTPEnvironment withConnectionMode(ConnectionMode connectionMode) { + put(CONNECTION_MODE, connectionMode); + return this; + } + + /** + * Stores the client side port range in active mode. + * + * @param minPort The lowest available port (inclusive). + * @param maxPort The highest available port (inclusive). + * @return This object. + */ + public FTPEnvironment withActivePortRange(int minPort, int maxPort) { + put(ACTIVE_PORT_RANGE_MIN, minPort); + put(ACTIVE_PORT_RANGE_MAX, maxPort); + return this; + } + + /** + * Stores the external IP address in active mode. Useful when there are multiple network cards. + * + * @param ipAddress The external IP address of this machine. + * @return This object. + */ + public FTPEnvironment withActiveExternalIPAddress(String ipAddress) { + put(ACTIVE_EXTERNAL_IP_ADDRESS, ipAddress); + return this; + } + + /** + * Stores the local IP address to use in passive mode. Useful when there are multiple network cards. + * + * @param ipAddress The local IP address of this machine. + * @return This object. + */ + public FTPEnvironment withPassiveLocalIPAddress(String ipAddress) { + put(PASSIVE_LOCAL_IP_ADDRESS, ipAddress); + return this; + } + + /** + * Stores the external IP address to report in EPRT/PORT commands in active mode. Useful when there are multiple network cards. + * + * @param ipAddress The external IP address of this machine. + * @return This object. + */ + public FTPEnvironment withReportActiveExternalIPAddress(String ipAddress) { + put(REPORT_ACTIVE_EXTERNAL_IP_ADDRESS, ipAddress); + return this; + } + + /** + * Stores the buffer size to use. + * + * @param bufferSize The buffer size to use. + * @return This object. + */ + public FTPEnvironment withBufferSize(int bufferSize) { + put(BUFFER_SIZE, bufferSize); + return this; + } + + /** + * Stores the value to use for the data socket {@code SO_SNDBUF} option. + * + * @param bufferSizr The size of the buffer. + * @return This object. + */ + public FTPEnvironment withSendDataSocketBufferSize(int bufferSizr) { + put(SEND_DATA_SOCKET_BUFFER_SIZE, bufferSizr); + return this; + } + + /** + * Stores the value to use for the data socket {@code SO_RCVBUF} option. + * + * @param bufferSize The size of the buffer. + * @return This object. + */ + public FTPEnvironment withReceiveDataSocketBufferSize(int bufferSize) { + put(RECEIVE_DATA_SOCKET_BUFFER_SIZE, bufferSize); + return this; + } + + /** + * Stores the FTP client config to use. + * + * @param clientConfig The client config to use. + * @return This object. + */ + public FTPEnvironment withClientConfig(FTPClientConfig clientConfig) { + put(CLIENT_CONFIG, clientConfig); + return this; + } + + /** + * Stores whether or not to use EPSV with IPv4. Might be worth enabling in some circumstances. + * For example, when using IPv4 with NAT it may work with some rare configurations. + * E.g. if FTP server has a static PASV address (external network) and the client is coming from another internal network. + * In that case the data connection after PASV command would fail, while EPSV would make the client succeed by taking just the port. + * + * @param selected The flag to use. + * @return This object. + */ + public FTPEnvironment withUseEPSVwithIPv4(boolean selected) { + put(USE_EPSV_WITH_IPV4, selected); + return this; + } + + /** + * Stores the time to wait between sending control connection keep-alive messages when processing file upload or download. + * + * @param timeout The keep-alive timeout to use, in milliseconds. + * @return This object. + */ + public FTPEnvironment withControlKeepAliveTimeout(long timeout) { + put(CONTROL_KEEP_ALIVE_TIMEOUT, timeout); + return this; + } + + /** + * Stores how long to wait for control keep-alive message replies. + * + * @param timeout The keep-alive reply timeout to use, in milliseconds. + * @return This object. + */ + public FTPEnvironment withControlKeepAliveReplyTimeout(int timeout) { + put(CONTROL_KEEP_ALIVE_REPLY_TIMEOUT, timeout); + return this; + } + + /** + * Stores the workaround strategy to replace the PASV mode reply addresses. + * This gets around the problem that some NAT boxes may change the reply. + * The default implementation is {@link FTPClient.NatServerResolverImpl}, i.e. site-local replies are replaced. + * + * @param resolver The workaround strategy to replace internal IP's in passive mode, or {@code null} to disable the workaround + * (i.e. use PASV mode reply address.) + * @return This object. + */ + public FTPEnvironment withPassiveNatWorkaroundStrategy(FTPClient.HostnameResolver resolver) { + put(PASSIVE_NAT_WORKAROUND_STRATEGY, resolver); + return this; + } + + /** + * Stores whether or not automatic server encoding detection should be enabled. + * Note that only UTF-8 is supported. + * + * @param autodetect {@code true} to enable automatic server encoding detection, or {@code false} to disable it. + * @return This object. + */ + public FTPEnvironment withAutodetectEncoding(boolean autodetect) { + put(AUTODETECT_ENCODING, autodetect); + return this; + } + + // FTP file system support + + /** + * Stores the number of client connections to use. This value influences the number of concurrent threads that can access an FTP file system. + * + * @param count The number of client connection to use. + * @return This object. + */ + public FTPEnvironment withClientConnectionCount(int count) { + put(CLIENT_CONNECTION_COUNT, count); + return this; + } + + /** + * Stores the file system exception factory to use. + * + * @param factory The file system exception factory to use. + * @return This object. + */ + public FTPEnvironment withFileSystemExceptionFactory(FileSystemExceptionFactory factory) { + put(FILE_SYSTEM_EXCEPTION_FACTORY, factory); + return this; + } + + String getUsername() { + return FileSystemProviderSupport.getValue(this, USERNAME, String.class, null); + } + + FileType getDefaultFileType() { + // explicitly set in initializePostConnect + return FileType.binary(); + } + + FileStructure getDefaultFileStructure() { + // as specified by FTPClient + return FileStructure.FILE; + } + + FileTransferMode getDefaultFileTransferMode() { + // as specified by FTPClient + return FileTransferMode.STREAM; + } + + int getClientConnectionCount() { + int count = FileSystemProviderSupport.getIntValue(this, CLIENT_CONNECTION_COUNT, DEFAULT_CLIENT_CONNECTION_COUNT); + return Math.max(1, count); + } + + FileSystemExceptionFactory getExceptionFactory() { + return FileSystemProviderSupport.getValue(this, FILE_SYSTEM_EXCEPTION_FACTORY, FileSystemExceptionFactory.class, + DefaultFileSystemExceptionFactory.INSTANCE); + } + + FTPClient createClient(String hostname, int port) throws IOException { + FTPClient client = new FTPClient(); + initializePreConnect(client); + connect(client, hostname, port); + initializePostConnect(client); + verifyConnection(client); + return client; + } + + void initializePreConnect(FTPClient client) throws IOException { + client.setListHiddenFiles(true); + + if (containsKey(SEND_BUFFER_SIZE)) { + int size = FileSystemProviderSupport.getIntValue(this, SEND_BUFFER_SIZE); + client.setSendBufferSize(size); + } + if (containsKey(RECEIVE_BUFFER_SIZE)) { + int size = FileSystemProviderSupport.getIntValue(this, RECEIVE_BUFFER_SIZE); + client.setReceiveBufferSize(size); + } + + if (containsKey(SOCKET_FACTORY)) { + SocketFactory factory = FileSystemProviderSupport.getValue(this, SOCKET_FACTORY, SocketFactory.class, null); + client.setSocketFactory(factory); + } + if (containsKey(SERVER_SOCKET_FACTORY)) { + ServerSocketFactory factory = FileSystemProviderSupport.getValue(this, SERVER_SOCKET_FACTORY, ServerSocketFactory.class, null); + client.setServerSocketFactory(factory); + } + + if (containsKey(CONNECT_TIMEOUT)) { + int connectTimeout = FileSystemProviderSupport.getIntValue(this, CONNECT_TIMEOUT); + client.setConnectTimeout(connectTimeout); + } + + if (containsKey(PROXY)) { + Proxy proxy = FileSystemProviderSupport.getValue(this, PROXY, Proxy.class, null); + client.setProxy(proxy); + } + if (containsKey(CHARSET)) { + Charset charset = FileSystemProviderSupport.getValue(this, CHARSET, Charset.class, null); + client.setCharset(charset); + } + if (containsKey(CONTROL_ENCODING)) { + String controlEncoding = FileSystemProviderSupport.getValue(this, CONTROL_ENCODING, String.class, null); + client.setControlEncoding(controlEncoding); + } + + if (containsKey(STRICT_MULTILINE_PARSING)) { + boolean strictMultilineParsing = FileSystemProviderSupport.getBooleanValue(this, STRICT_MULTILINE_PARSING); + client.setStrictMultilineParsing(strictMultilineParsing); + } + if (containsKey(DATA_TIMEOUT)) { + int timeout = FileSystemProviderSupport.getIntValue(this, DATA_TIMEOUT); + client.setDataTimeout(timeout); + } + + if (containsKey(PARSER_FACTORY)) { + FTPFileEntryParserFactory parserFactory = FileSystemProviderSupport.getValue(this, PARSER_FACTORY, FTPFileEntryParserFactory.class, null); + client.setParserFactory(parserFactory); + } + + if (containsKey(REMOTE_VERIFICATION_ENABLED)) { + boolean enable = FileSystemProviderSupport.getBooleanValue(this, REMOTE_VERIFICATION_ENABLED); + client.setRemoteVerificationEnabled(enable); + } + + FileSystemProviderSupport.getValue(this, CONNECTION_MODE, ConnectionMode.class, ConnectionMode.ACTIVE).apply(client); + + if (containsKey(ACTIVE_PORT_RANGE_MIN) && containsKey(ACTIVE_PORT_RANGE_MAX)) { + int minPort = FileSystemProviderSupport.getIntValue(this, ACTIVE_PORT_RANGE_MIN); + int maxPort = FileSystemProviderSupport.getIntValue(this, ACTIVE_PORT_RANGE_MAX); + client.setActivePortRange(minPort, maxPort); + } + + if (containsKey(ACTIVE_EXTERNAL_IP_ADDRESS)) { + String ipAddress = FileSystemProviderSupport.getValue(this, ACTIVE_EXTERNAL_IP_ADDRESS, String.class, null); + client.setActiveExternalIPAddress(ipAddress); + } + if (containsKey(PASSIVE_LOCAL_IP_ADDRESS)) { + String ipAddress = FileSystemProviderSupport.getValue(this, PASSIVE_LOCAL_IP_ADDRESS, String.class, null); + client.setPassiveLocalIPAddress(ipAddress); + } + if (containsKey(REPORT_ACTIVE_EXTERNAL_IP_ADDRESS)) { + String ipAddress = FileSystemProviderSupport.getValue(this, REPORT_ACTIVE_EXTERNAL_IP_ADDRESS, String.class, null); + client.setReportActiveExternalIPAddress(ipAddress); + } + + if (containsKey(BUFFER_SIZE)) { + int bufSize = FileSystemProviderSupport.getIntValue(this, BUFFER_SIZE); + client.setBufferSize(bufSize); + } + if (containsKey(SEND_DATA_SOCKET_BUFFER_SIZE)) { + int bufSize = FileSystemProviderSupport.getIntValue(this, SEND_DATA_SOCKET_BUFFER_SIZE); + client.setSendDataSocketBufferSize(bufSize); + } + if (containsKey(RECEIVE_DATA_SOCKET_BUFFER_SIZE)) { + int bufSize = FileSystemProviderSupport.getIntValue(this, RECEIVE_DATA_SOCKET_BUFFER_SIZE); + client.setReceieveDataSocketBufferSize(bufSize); + } + + if (containsKey(CLIENT_CONFIG)) { + FTPClientConfig clientConfig = FileSystemProviderSupport.getValue(this, CLIENT_CONFIG, FTPClientConfig.class, null); + if (clientConfig != null) { + clientConfig = new FTPClientConfig(clientConfig); + } + client.configure(clientConfig); + } + + if (containsKey(PASSIVE_NAT_WORKAROUND_STRATEGY)) { + FTPClient.HostnameResolver resolver = FileSystemProviderSupport.getValue(this, PASSIVE_NAT_WORKAROUND_STRATEGY, FTPClient.HostnameResolver.class, null); + client.setPassiveNatWorkaroundStrategy(resolver); + } + + if (containsKey(USE_EPSV_WITH_IPV4)) { + boolean selected = FileSystemProviderSupport.getBooleanValue(this, USE_EPSV_WITH_IPV4); + client.setUseEPSVwithIPv4(selected); + } + if (containsKey(CONTROL_KEEP_ALIVE_TIMEOUT)) { + long controlIdle = FileSystemProviderSupport.getLongValue(this, CONTROL_KEEP_ALIVE_TIMEOUT); + // the value is stored as ms, but the method expects seconds + controlIdle = TimeUnit.MILLISECONDS.toSeconds(controlIdle); + client.setControlKeepAliveTimeout(controlIdle); + } + if (containsKey(CONTROL_KEEP_ALIVE_REPLY_TIMEOUT)) { + int timeout = FileSystemProviderSupport.getIntValue(this, CONTROL_KEEP_ALIVE_REPLY_TIMEOUT); + client.setControlKeepAliveReplyTimeout(timeout); + } + if (containsKey(AUTODETECT_ENCODING)) { + boolean autodetect = FileSystemProviderSupport.getBooleanValue(this, AUTODETECT_ENCODING); + client.setAutodetectUTF8(autodetect); + } + } + + void connect(FTPClient client, String hostname, int port) throws IOException { + + if (port == -1) { + port = client.getDefaultPort(); + } + + InetAddress localAddr = FileSystemProviderSupport.getValue(this, LOCAL_ADDR, InetAddress.class, null); + if (localAddr != null) { + int localPort = FileSystemProviderSupport.getIntValue(this, LOCAL_PORT); + client.connect(hostname, port, localAddr, localPort); + } else { + client.connect(hostname, port); + } + + String username = getUsername(); + char[] passwordChars = FileSystemProviderSupport.getValue(this, PASSWORD, char[].class, null); + String password = passwordChars != null ? new String(passwordChars) : null; + String account = FileSystemProviderSupport.getValue(this, ACCOUNT, String.class, null); + if (account != null) { + if (!client.login(username, password, account)) { + throw new FTPFileSystemException(client.getReplyCode(), client.getReplyString()); + } + } else if (username != null || password != null) { + if (!client.login(username, password)) { + throw new FTPFileSystemException(client.getReplyCode(), client.getReplyString()); + } + } + // else no account or username/password - don't log in + } + + void initializePostConnect(FTPClient client) throws IOException { + if (containsKey(SO_TIMEOUT)) { + int timeout = FileSystemProviderSupport.getIntValue(this, SO_TIMEOUT); + client.setSoTimeout(timeout); + } + if (containsKey(TCP_NO_DELAY)) { + boolean on = FileSystemProviderSupport.getBooleanValue(this, TCP_NO_DELAY); + client.setTcpNoDelay(on); + } + if (containsKey(KEEP_ALIVE)) { + boolean keepAlive = FileSystemProviderSupport.getBooleanValue(this, KEEP_ALIVE); + client.setKeepAlive(keepAlive); + } + if (containsKey(SO_LINGER_ON) && containsKey(SO_LINGER_VALUE)) { + boolean on = FileSystemProviderSupport.getBooleanValue(this, SO_LINGER_ON); + int val = FileSystemProviderSupport.getIntValue(this, SO_LINGER_VALUE); + client.setSoLinger(on, val); + } + + if (containsKey(PASSIVE)) { + client.enterRemotePassiveMode(); + } + + // default to binary + client.setFileType(FTP.BINARY_FILE_TYPE); + + String defaultDir = FileSystemProviderSupport.getValue(this, DEFAULT_DIR, String.class, null); + if (defaultDir != null && !client.changeWorkingDirectory(defaultDir)) { + throw getExceptionFactory().createChangeWorkingDirectoryException(defaultDir, client.getReplyCode(), client.getReplyString()); + } + } + + void verifyConnection(FTPClient client) throws IOException { + if (client.printWorkingDirectory() == null) { + throw new FTPFileSystemException(client.getReplyCode(), client.getReplyString()); + } + } + + // Map / Object + + @Override + public int size() { + return map.size(); + } + + @Override + public boolean isEmpty() { + return map.isEmpty(); + } + + @Override + public boolean containsKey(Object key) { + return map.containsKey(key); + } + + @Override + public boolean containsValue(Object value) { + return map.containsValue(value); + } + + @Override + public Object get(Object key) { + return map.get(key); + } + + @Override + public Object put(String key, Object value) { + return map.put(key, value); + } + + @Override + public Object remove(Object key) { + return map.remove(key); + } + + @Override + public void putAll(Map m) { + map.putAll(m); + } + + @Override + public void clear() { + map.clear(); + } + + @Override + public Set keySet() { + return map.keySet(); + } + + @Override + public Collection values() { + return map.values(); + } + + @Override + public Set> entrySet() { + return map.entrySet(); + } + + @Override + public boolean equals(Object o) { + return map.equals(o); + } + + @Override + public int hashCode() { + return map.hashCode(); + } + + @Override + public String toString() { + return map.toString(); + } + + @Override + public FTPEnvironment clone() { + try { + FTPEnvironment clone = (FTPEnvironment) super.clone(); + clone.map = new HashMap<>(map); + return clone; + } catch (CloneNotSupportedException e) { + throw new IllegalStateException(e); + } + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPFileAlreadyExistsException.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPFileAlreadyExistsException.java new file mode 100644 index 0000000..d91df54 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPFileAlreadyExistsException.java @@ -0,0 +1,48 @@ +package org.xbib.io.ftp.fs; + +import java.nio.file.FileAlreadyExistsException; + +/** + * An exception that is thrown if an FTP command does not execute successfully because a file already exists. + */ +public class FTPFileAlreadyExistsException extends FileAlreadyExistsException implements FTPResponse { + + private static final long serialVersionUID = 671724890729526141L; + + private final int replyCode; + + /** + * Creates a new {@code FTPFileAlreadyExistsException}. + * + * @param file A string identifying the file, or {@code null} if not known. + * @param replyCode The integer value of the reply code of the last FTP reply that triggered this exception. + * @param replyString The entire text from the last FTP response that triggered this exception. It will be used as the exception's reason. + */ + public FTPFileAlreadyExistsException(String file, int replyCode, String replyString) { + super(file, null, replyString); + this.replyCode = replyCode; + } + + /** + * Creates a new {@code FTPFileAlreadyExistsException}. + * + * @param file A string identifying the file, or {@code null} if not known. + * @param other A string identifying the other file, or {@code null} if not known. + * @param replyCode The integer value of the reply code of the last FTP reply that triggered this exception. + * @param replyString The entire text from the last FTP response that triggered this exception. It will be used as the exception's reason. + */ + public FTPFileAlreadyExistsException(String file, String other, int replyCode, String replyString) { + super(file, other, replyString); + this.replyCode = replyCode; + } + + @Override + public int getReplyCode() { + return replyCode; + } + + @Override + public String getReplyString() { + return getReason(); + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPFileStore.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPFileStore.java new file mode 100644 index 0000000..c33b2fa --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPFileStore.java @@ -0,0 +1,81 @@ +package org.xbib.io.ftp.fs; + +import java.io.IOException; +import java.nio.file.FileStore; +import java.nio.file.attribute.BasicFileAttributeView; +import java.nio.file.attribute.FileAttributeView; +import java.nio.file.attribute.FileStoreAttributeView; +import java.nio.file.attribute.PosixFileAttributeView; +import java.util.Objects; + +/** + * An FTP file system store. + */ +class FTPFileStore extends FileStore { + + private final FTPFileSystem fs; + + FTPFileStore(FTPFileSystem fs) { + this.fs = Objects.requireNonNull(fs); + } + + @Override + public String name() { + return fs.toUri("/").toString(); + } + + @Override + public String type() { + return "ftp"; + } + + @Override + public boolean isReadOnly() { + return false; + } + + @Override + public long getTotalSpace() throws IOException { + return fs.getTotalSpace(); + } + + @Override + public long getUsableSpace() throws IOException { + return fs.getUsableSpace(); + } + + @Override + public long getUnallocatedSpace() throws IOException { + return fs.getUnallocatedSpace(); + } + + @Override + public boolean supportsFileAttributeView(Class type) { + return type == BasicFileAttributeView.class || type == PosixFileAttributeView.class; + } + + @Override + public boolean supportsFileAttributeView(String name) { + return "basic".equals(name) || "owner".equals(name) || "posix".equals(name); + } + + @Override + public V getFileStoreAttributeView(Class type) { + Objects.requireNonNull(type); + return null; + } + + @Override + public Object getAttribute(String attribute) throws IOException { + if ("totalSpace".equals(attribute)) { + return getTotalSpace(); + } + if ("usableSpace".equals(attribute)) { + return getUsableSpace(); + } + if ("unallocatedSpace".equals(attribute)) { + return getUnallocatedSpace(); + } + throw Messages.fileStore().unsupportedAttribute(attribute); + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPFileStrategy.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPFileStrategy.java new file mode 100644 index 0000000..67ab49e --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPFileStrategy.java @@ -0,0 +1,183 @@ +package org.xbib.io.ftp.fs; + +import org.xbib.io.ftp.client.FTPFile; +import org.xbib.io.ftp.client.FTPFileFilter; + +import java.io.IOException; +import java.nio.file.NoSuchFileException; +import java.nio.file.NotDirectoryException; +import java.util.ArrayList; +import java.util.List; + +/** + * A strategy for handling FTP files in an FTP server specific way. + * This will help support FTP servers that return the current directory (.) when + * listing directories, and FTP servers that don't. + */ +abstract class FTPFileStrategy { + + static FTPFileStrategy getInstance(FTPClientPool.Client client) throws IOException { + FTPFile[] ftpFiles = client.listFiles("/", new FTPFileFilter() { + @Override + public boolean accept(FTPFile ftpFile) { + String fileName = FTPFileSystem.getFileName(ftpFile); + return FTPFileSystem.CURRENT_DIR.equals(fileName); + } + }); + return ftpFiles.length == 0 ? NonUnix.INSTANCE : Unix.INSTANCE; + } + + abstract List getChildren(FTPClientPool.Client client, FTPPath path) throws IOException; + + abstract FTPFile getFTPFile(FTPClientPool.Client client, FTPPath path) throws IOException; + + abstract FTPFile getLink(FTPClientPool.Client client, FTPFile ftpFile, FTPPath path) throws IOException; + + private static final class Unix extends FTPFileStrategy { + + private static final FTPFileStrategy INSTANCE = new Unix(); + + @Override + List getChildren(FTPClientPool.Client client, FTPPath path) throws IOException { + + FTPFile[] ftpFiles = client.listFiles(path.path()); + + if (ftpFiles.length == 0) { + throw new NoSuchFileException(path.path()); + } + boolean isDirectory = false; + List children = new ArrayList<>(ftpFiles.length); + for (FTPFile ftpFile : ftpFiles) { + String fileName = FTPFileSystem.getFileName(ftpFile); + if (FTPFileSystem.CURRENT_DIR.equals(fileName)) { + isDirectory = true; + } else if (!FTPFileSystem.PARENT_DIR.equals(fileName)) { + children.add(ftpFile); + } + } + + if (!isDirectory) { + throw new NotDirectoryException(path.path()); + } + + return children; + } + + @Override + FTPFile getFTPFile(FTPClientPool.Client client, FTPPath path) throws IOException { + final String name = path.fileName(); + + FTPFile[] ftpFiles = client.listFiles(path.path(), new FTPFileFilter() { + @Override + public boolean accept(FTPFile ftpFile) { + String fileName = FTPFileSystem.getFileName(ftpFile); + return FTPFileSystem.CURRENT_DIR.equals(fileName) || (name != null && name.equals(fileName)); + } + }); + client.throwIfEmpty(path.path(), ftpFiles); + if (ftpFiles.length == 1) { + return ftpFiles[0]; + } + for (FTPFile ftpFile : ftpFiles) { + if (FTPFileSystem.CURRENT_DIR.equals(FTPFileSystem.getFileName(ftpFile))) { + return ftpFile; + } + } + throw new IllegalStateException(); + } + + @Override + FTPFile getLink(FTPClientPool.Client client, FTPFile ftpFile, FTPPath path) throws IOException { + if (ftpFile.getLink() != null) { + return ftpFile; + } + if (ftpFile.isDirectory() && FTPFileSystem.CURRENT_DIR.equals(FTPFileSystem.getFileName(ftpFile))) { + // The file is returned using getFTPFile, which returns the . (current directory) entry for directories. + // List the parent (if any) instead. + + final String parentPath = path.toAbsolutePath().parentPath(); + final String name = path.fileName(); + + if (parentPath == null) { + // path is /, there is no link + return null; + } + + FTPFile[] ftpFiles = client.listFiles(parentPath, new FTPFileFilter() { + @Override + public boolean accept(FTPFile ftpFile) { + return (ftpFile.isDirectory() || ftpFile.isSymbolicLink()) && name.equals(FTPFileSystem.getFileName(ftpFile)); + } + }); + client.throwIfEmpty(path.path(), ftpFiles); + return ftpFiles[0].getLink() == null ? null : ftpFiles[0]; + } + return null; + } + } + + private static final class NonUnix extends FTPFileStrategy { + + private static final FTPFileStrategy INSTANCE = new NonUnix(); + + @Override + List getChildren(FTPClientPool.Client client, FTPPath path) throws IOException { + + FTPFile[] ftpFiles = client.listFiles(path.path()); + + boolean isDirectory = false; + List children = new ArrayList<>(ftpFiles.length); + for (FTPFile ftpFile : ftpFiles) { + String fileName = FTPFileSystem.getFileName(ftpFile); + if (FTPFileSystem.CURRENT_DIR.equals(fileName)) { + isDirectory = true; + } else if (!FTPFileSystem.PARENT_DIR.equals(fileName)) { + children.add(ftpFile); + } + } + + if (!isDirectory && children.size() <= 1) { + // either zero or one, check the parent to see if the path exists and is a directory + FTPPath currentPath = path; + FTPFile currentFtpFile = getFTPFile(client, currentPath); + while (currentFtpFile.isSymbolicLink()) { + currentPath = path.resolve(currentFtpFile.getLink()); + currentFtpFile = getFTPFile(client, currentPath); + } + if (!currentFtpFile.isDirectory()) { + throw new NotDirectoryException(path.path()); + } + } + + return children; + } + + @Override + FTPFile getFTPFile(FTPClientPool.Client client, FTPPath path) throws IOException { + final String parentPath = path.toAbsolutePath().parentPath(); + final String name = path.fileName(); + if (parentPath == null) { + // path is /, but that cannot be listed + FTPFile rootFtpFile = new FTPFile(); + rootFtpFile.setName("/"); + rootFtpFile.setType(FTPFile.DIRECTORY_TYPE); + return rootFtpFile; + } + FTPFile[] ftpFiles = client.listFiles(parentPath, + ftpFile -> name != null && name.equals(FTPFileSystem.getFileName(ftpFile))); + if (ftpFiles.length == 0) { + throw new NoSuchFileException(path.path()); + } + if (ftpFiles.length == 1) { + return ftpFiles[0]; + } + throw new IllegalStateException(); + } + + @Override + FTPFile getLink(FTPClientPool.Client client, FTPFile ftpFile, FTPPath path) throws IOException { + // getFTPFile always returns the entry in the parent, so there's no need to list the parent here. + return ftpFile.getLink() == null ? null : ftpFile; + } + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPFileSystem.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPFileSystem.java new file mode 100644 index 0000000..c9028cf --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPFileSystem.java @@ -0,0 +1,803 @@ +package org.xbib.io.ftp.fs; + +import org.xbib.io.ftp.client.FTPFile; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.URI; +import java.nio.channels.SeekableByteChannel; +import java.nio.file.AccessDeniedException; +import java.nio.file.AccessMode; +import java.nio.file.CopyOption; +import java.nio.file.DirectoryNotEmptyException; +import java.nio.file.DirectoryStream; +import java.nio.file.DirectoryStream.Filter; +import java.nio.file.FileAlreadyExistsException; +import java.nio.file.FileStore; +import java.nio.file.FileSystem; +import java.nio.file.LinkOption; +import java.nio.file.NoSuchFileException; +import java.nio.file.NotLinkException; +import java.nio.file.OpenOption; +import java.nio.file.Path; +import java.nio.file.PathMatcher; +import java.nio.file.StandardOpenOption; +import java.nio.file.WatchService; +import java.nio.file.attribute.FileAttribute; +import java.nio.file.attribute.FileTime; +import java.nio.file.attribute.GroupPrincipal; +import java.nio.file.attribute.PosixFileAttributes; +import java.nio.file.attribute.PosixFilePermission; +import java.nio.file.attribute.UserPrincipal; +import java.nio.file.attribute.UserPrincipalLookupService; +import java.time.ZonedDateTime; +import java.util.Arrays; +import java.util.Collections; +import java.util.EnumSet; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.Set; +import java.util.concurrent.atomic.AtomicBoolean; +import java.util.regex.Pattern; + +/** + * An FTP file system. + */ +class FTPFileSystem extends FileSystem { + + static final String CURRENT_DIR = "."; + static final String PARENT_DIR = ".."; + + private static final Set SUPPORTED_FILE_ATTRIBUTE_VIEWS = Collections + .unmodifiableSet(new HashSet<>(Arrays.asList("basic", "owner", "posix"))); + private static final Set BASIC_ATTRIBUTES = Collections.unmodifiableSet(new HashSet<>(Arrays.asList( + "basic:lastModifiedTime", "basic:lastAccessTime", "basic:creationTime", "basic:size", + "basic:isRegularFile", "basic:isDirectory", "basic:isSymbolicLink", "basic:isOther", "basic:fileKey"))); + private static final Set OWNER_ATTRIBUTES = Collections.unmodifiableSet(new HashSet<>(Collections.singletonList( + "owner:owner"))); + private static final Set POSIX_ATTRIBUTES = Collections.unmodifiableSet(new HashSet<>(Arrays.asList( + "posix:lastModifiedTime", "posix:lastAccessTime", "posix:creationTime", "posix:size", + "posix:isRegularFile", "posix:isDirectory", "posix:isSymbolicLink", "posix:isOther", "posix:fileKey", + "posix:owner", "posix:group", "posix:permissions"))); + private final FTPFileSystemProvider provider; + private final Iterable rootDirectories; + private final FileStore fileStore; + private final Iterable fileStores; + private final FTPClientPool clientPool; + private final URI uri; + private final String defaultDirectory; + private final FTPFileStrategy ftpFileStrategy; + private final AtomicBoolean open = new AtomicBoolean(true); + + FTPFileSystem(FTPFileSystemProvider provider, URI uri, FTPEnvironment env) throws IOException { + this.provider = Objects.requireNonNull(provider); + this.rootDirectories = Collections.singleton(new FTPPath(this, "/")); + this.fileStore = new FTPFileStore(this); + this.fileStores = Collections.singleton(fileStore); + + this.clientPool = new FTPClientPool(uri.getHost(), uri.getPort(), env); + this.uri = Objects.requireNonNull(uri); + + try (FTPClientPool.Client client = clientPool.get()) { + this.defaultDirectory = client.pwd(); + + this.ftpFileStrategy = FTPFileStrategy.getInstance(client); + } + } + + static String getFileName(FTPFile ftpFile) { + String fileName = ftpFile.getName(); + if (fileName == null) { + return null; + } + int index = fileName.lastIndexOf('/'); + return index == -1 || index == fileName.length() - 1 ? fileName : fileName.substring(index + 1); + } + + @Override + public FTPFileSystemProvider provider() { + return provider; + } + + @Override + public void close() throws IOException { + if (open.getAndSet(false)) { + provider.removeFileSystem(uri); + clientPool.close(); + } + } + + @Override + public boolean isOpen() { + return open.get(); + } + + @Override + public boolean isReadOnly() { + return false; + } + + @Override + public String getSeparator() { + return "/"; + } + + @Override + public Iterable getRootDirectories() { + return rootDirectories; + } + + @Override + public Iterable getFileStores() { + return fileStores; + } + + @Override + public Set supportedFileAttributeViews() { + return SUPPORTED_FILE_ATTRIBUTE_VIEWS; + } + + @Override + public Path getPath(String first, String... more) { + StringBuilder sb = new StringBuilder(first); + for (String s : more) { + sb.append("/").append(s); + } + return new FTPPath(this, sb.toString()); + } + + @Override + public PathMatcher getPathMatcher(String syntaxAndPattern) { + final Pattern pattern = PathMatcherSupport.toPattern(syntaxAndPattern); + return new PathMatcher() { + @Override + public boolean matches(Path path) { + return pattern.matcher(path.toString()).matches(); + } + }; + } + + @Override + public UserPrincipalLookupService getUserPrincipalLookupService() { + throw Messages.unsupportedOperation(FileSystem.class, "getUserPrincipalLookupService"); + } + + @Override + public WatchService newWatchService() throws IOException { + throw Messages.unsupportedOperation(FileSystem.class, "newWatchService"); + } + + void keepAlive() throws IOException { + clientPool.keepAlive(); + } + + URI toUri(FTPPath path) { + FTPPath absPath = toAbsolutePath(path).normalize(); + return toUri(absPath.path()); + } + + URI toUri(String path) { + return URISupport.create(uri.getScheme(), uri.getUserInfo(), uri.getHost(), uri.getPort(), path, null, null); + } + + FTPPath toAbsolutePath(FTPPath path) { + if (path.isAbsolute()) { + return path; + } + return new FTPPath(this, defaultDirectory + "/" + path.path()); + } + + FTPPath toRealPath(FTPPath path, LinkOption... options) throws IOException { + boolean followLinks = LinkOptionSupport.followLinks(options); + try (FTPClientPool.Client client = clientPool.get()) { + return toRealPath(client, path, followLinks).ftpPath; + } + } + + private FTPPathAndFilePair toRealPath(FTPClientPool.Client client, FTPPath path, boolean followLinks) throws IOException { + FTPPath absPath = toAbsolutePath(path).normalize(); + // call getFTPFile to verify the file exists + FTPFile ftpFile = getFTPFile(client, absPath); + + if (followLinks && isPossibleSymbolicLink(ftpFile)) { + FTPFile link = getLink(client, ftpFile, absPath); + if (link != null) { + return toRealPath(client, new FTPPath(this, link.getLink()), followLinks); + } + } + return new FTPPathAndFilePair(absPath, ftpFile); + } + + private boolean isPossibleSymbolicLink(FTPFile ftpFile) { + return ftpFile.isSymbolicLink() || (ftpFile.isDirectory() && CURRENT_DIR.equals(getFileName(ftpFile))); + } + + String toString(FTPPath path) { + return path.path(); + } + + InputStream newInputStream(FTPPath path, OpenOption... options) throws IOException { + OpenOptions openOptions = OpenOptions.forNewInputStream(options); + + try (FTPClientPool.Client client = clientPool.get()) { + return newInputStream(client, path, openOptions); + } + } + + private InputStream newInputStream(FTPClientPool.Client client, FTPPath path, OpenOptions options) throws IOException { + assert options.read; + + return client.newInputStream(path.path(), options); + } + + OutputStream newOutputStream(FTPPath path, OpenOption... options) throws IOException { + OpenOptions openOptions = OpenOptions.forNewOutputStream(options); + + try (FTPClientPool.Client client = clientPool.get()) { + return newOutputStream(client, path, false, openOptions).out; + } + } + + private FTPFileAndOutputStreamPair newOutputStream(FTPClientPool.Client client, FTPPath path, boolean requireFTPFile, OpenOptions options) throws IOException { + + // retrieve the file unless create is true and createNew is false, because then the file can be created + FTPFile ftpFile = null; + if (!options.create || options.createNew) { + ftpFile = findFTPFile(client, path); + if (ftpFile != null && ftpFile.isDirectory()) { + throw Messages.fileSystemProvider().isDirectory(path.path()); + } + if (!options.createNew && ftpFile == null) { + throw new NoSuchFileException(path.path()); + } else if (options.createNew && ftpFile != null) { + throw new FileAlreadyExistsException(path.path()); + } + } + // else the file can be created if necessary + + if (ftpFile == null && requireFTPFile) { + ftpFile = findFTPFile(client, path); + } + + OutputStream out = client.newOutputStream(path.path(), options); + return new FTPFileAndOutputStreamPair(ftpFile, out); + } + + SeekableByteChannel newByteChannel(FTPPath path, Set options, FileAttribute... attrs) throws IOException { + if (attrs.length > 0) { + throw Messages.fileSystemProvider().unsupportedCreateFileAttribute(attrs[0].name()); + } + + OpenOptions openOptions = OpenOptions.forNewByteChannel(options); + + try (FTPClientPool.Client client = clientPool.get()) { + if (openOptions.read) { + // use findFTPFile instead of getFTPFile, to let the opening of the stream provide the correct error message + FTPFile ftpFile = findFTPFile(client, path); + InputStream in = newInputStream(client, path, openOptions); + long size = ftpFile == null ? 0 : ftpFile.getSize(); + return FileSystemProviderSupport.createSeekableByteChannel(in, size); + } + + // if append then we need the FTP file, to find the initial position of the channel + boolean requireFTPFile = openOptions.append; + FTPFileAndOutputStreamPair outPair = newOutputStream(client, path, requireFTPFile, openOptions); + long initialPosition = outPair.ftpFile == null ? 0 : outPair.ftpFile.getSize(); + return FileSystemProviderSupport.createSeekableByteChannel(outPair.out, initialPosition); + } + } + + DirectoryStream newDirectoryStream(final FTPPath path, Filter filter) throws IOException { + List children; + try (FTPClientPool.Client client = clientPool.get()) { + children = ftpFileStrategy.getChildren(client, path); + } + return new FTPPathDirectoryStream(path, children, filter); + } + + void createDirectory(FTPPath path, FileAttribute... attrs) throws IOException { + if (attrs.length > 0) { + throw Messages.fileSystemProvider().unsupportedCreateFileAttribute(attrs[0].name()); + } + try (FTPClientPool.Client client = clientPool.get()) { + client.mkdir(path.path()); + } + } + + void delete(FTPPath path) throws IOException { + try (FTPClientPool.Client client = clientPool.get()) { + FTPFile ftpFile = getFTPFile(client, path); + boolean isDirectory = ftpFile.isDirectory(); + client.delete(path.path(), isDirectory); + } + } + + FTPPath readSymbolicLink(FTPPath path) throws IOException { + try (FTPClientPool.Client client = clientPool.get()) { + FTPFile ftpFile = getFTPFile(client, path); + FTPFile link = getLink(client, ftpFile, path); + if (link == null) { + throw new NotLinkException(path.path()); + } + return path.resolveSibling(link.getLink()); + } + } + + void copy(FTPPath source, FTPPath target, CopyOption... options) throws IOException { + boolean sameFileSystem = source.getFileSystem() == target.getFileSystem(); + CopyOptions copyOptions = CopyOptions.forCopy(options); + + try (FTPClientPool.Client client = clientPool.get()) { + // get the FTP file to determine whether a directory needs to be created or a file needs to be copied + // Files.copy specifies that for links, the final target must be copied + FTPPathAndFilePair sourcePair = toRealPath(client, source, true); + + if (!sameFileSystem) { + copyAcrossFileSystems(client, source, sourcePair.ftpFile, target, copyOptions); + return; + } + + try { + if (sourcePair.ftpPath.path().equals(toRealPath(client, target, true).ftpPath.path())) { + // non-op, don't do a thing as specified by Files.copy + return; + } + } catch (NoSuchFileException e) { + // the target does not exist or either path is an invalid link, ignore the error and continue + } + + FTPFile targetFtpFile = findFTPFile(client, target); + + if (targetFtpFile != null) { + if (copyOptions.replaceExisting) { + client.delete(target.path(), targetFtpFile.isDirectory()); + } else { + throw new FileAlreadyExistsException(target.path()); + } + } + + if (sourcePair.ftpFile.isDirectory()) { + client.mkdir(target.path()); + } else { + try (FTPClientPool.Client client2 = clientPool.getOrCreate()) { + copyFile(client, source, client2, target, copyOptions); + } + } + } + } + + private void copyAcrossFileSystems(FTPClientPool.Client sourceClient, FTPPath source, FTPFile sourceFtpFile, FTPPath target, CopyOptions options) + throws IOException { + + try (FTPClientPool.Client targetClient = target.getFileSystem().clientPool.getOrCreate()) { + + FTPFile targetFtpFile = findFTPFile(targetClient, target); + + if (targetFtpFile != null) { + if (options.replaceExisting) { + targetClient.delete(target.path(), targetFtpFile.isDirectory()); + } else { + throw new FileAlreadyExistsException(target.path()); + } + } + + if (sourceFtpFile.isDirectory()) { + sourceClient.mkdir(target.path()); + } else { + copyFile(sourceClient, source, targetClient, target, options); + } + } + } + + private void copyFile(FTPClientPool.Client sourceClient, FTPPath source, FTPClientPool.Client targetClient, FTPPath target, CopyOptions options) throws IOException { + OpenOptions inOptions = OpenOptions.forNewInputStream(options.toOpenOptions(StandardOpenOption.READ)); + OpenOptions outOptions = OpenOptions + .forNewOutputStream(options.toOpenOptions(StandardOpenOption.WRITE, StandardOpenOption.CREATE)); + try (InputStream in = sourceClient.newInputStream(source.path(), inOptions)) { + targetClient.storeFile(target.path(), in, outOptions, outOptions.options); + } + } + + void move(FTPPath source, FTPPath target, CopyOption... options) throws IOException { + boolean sameFileSystem = source.getFileSystem() == target.getFileSystem(); + CopyOptions copyOptions = CopyOptions.forMove(sameFileSystem, options); + + try (FTPClientPool.Client client = clientPool.get()) { + if (!sameFileSystem) { + FTPFile ftpFile = getFTPFile(client, source); + if (getLink(client, ftpFile, source) != null) { + throw new IOException(FTPMessages.copyOfSymbolicLinksAcrossFileSystemsNotSupported()); + } + copyAcrossFileSystems(client, source, ftpFile, target, copyOptions); + client.delete(source.path(), ftpFile.isDirectory()); + return; + } + + try { + if (isSameFile(client, source, target)) { + // non-op, don't do a thing as specified by Files.move + return; + } + } catch (NoSuchFileException e) { + // the source or target does not exist or either path is an invalid link + // call getFTPFile to ensure the source file exists + // ignore any error to target or if the source link is invalid + getFTPFile(client, source); + } + + if (toAbsolutePath(source).parentPath() == null) { + // cannot move or rename the root + throw new DirectoryNotEmptyException(source.path()); + } + + FTPFile targetFTPFile = findFTPFile(client, target); + if (copyOptions.replaceExisting && targetFTPFile != null) { + client.delete(target.path(), targetFTPFile.isDirectory()); + } + + client.rename(source.path(), target.path()); + } + } + + boolean isSameFile(FTPPath path, FTPPath path2) throws IOException { + if (path.getFileSystem() != path2.getFileSystem()) { + return false; + } + if (path.equals(path2)) { + return true; + } + try (FTPClientPool.Client client = clientPool.get()) { + return isSameFile(client, path, path2); + } + } + + private boolean isSameFile(FTPClientPool.Client client, FTPPath path, FTPPath path2) throws IOException { + if (path.equals(path2)) { + return true; + } + return toRealPath(client, path, true).ftpPath.path().equals(toRealPath(client, path2, true).ftpPath.path()); + } + + boolean isHidden(FTPPath path) throws IOException { + // call getFTPFile to check for existence + try (FTPClientPool.Client client = clientPool.get()) { + getFTPFile(client, path); + } + String fileName = path.fileName(); + return !CURRENT_DIR.equals(fileName) && !PARENT_DIR.equals(fileName) && fileName.startsWith("."); + } + + FileStore getFileStore(FTPPath path) throws IOException { + // call getFTPFile to check existence of the path + try (FTPClientPool.Client client = clientPool.get()) { + getFTPFile(client, path); + } + return fileStore; + } + + void checkAccess(FTPPath path, AccessMode... modes) throws IOException { + try (FTPClientPool.Client client = clientPool.get()) { + FTPFile ftpFile = getFTPFile(client, path); + for (AccessMode mode : modes) { + if (!hasAccess(ftpFile, mode)) { + throw new AccessDeniedException(path.path()); + } + } + } + } + + private boolean hasAccess(FTPFile ftpFile, AccessMode mode) { + switch (mode) { + case READ: + return ftpFile.hasPermission(FTPFile.USER_ACCESS, FTPFile.READ_PERMISSION); + case WRITE: + return ftpFile.hasPermission(FTPFile.USER_ACCESS, FTPFile.WRITE_PERMISSION); + case EXECUTE: + return ftpFile.hasPermission(FTPFile.USER_ACCESS, FTPFile.EXECUTE_PERMISSION); + default: + return false; + } + } + + PosixFileAttributes readAttributes(FTPPath path, LinkOption... options) throws IOException { + boolean followLinks = LinkOptionSupport.followLinks(options); + try (FTPClientPool.Client client = clientPool.get()) { + FTPPathAndFilePair pair = toRealPath(client, path, followLinks); + ZonedDateTime lastModified = client.mdtm(pair.ftpPath.path()); + FTPFile link = followLinks ? null : getLink(client, pair.ftpFile, path); + FTPFile ftpFile = link == null ? pair.ftpFile : link; + return new FTPPathFileAttributes(ftpFile, lastModified); + } + } + + Map readAttributes(FTPPath path, String attributes, LinkOption... options) throws IOException { + String view; + int pos = attributes.indexOf(':'); + if (pos == -1) { + view = "basic"; + attributes = "basic:" + attributes; + } else { + view = attributes.substring(0, pos); + } + if (!SUPPORTED_FILE_ATTRIBUTE_VIEWS.contains(view)) { + throw Messages.fileSystemProvider().unsupportedFileAttributeView(view); + } + + Set allowedAttributes; + if (attributes.startsWith("basic:")) { + allowedAttributes = BASIC_ATTRIBUTES; + } else if (attributes.startsWith("owner:")) { + allowedAttributes = OWNER_ATTRIBUTES; + } else if (attributes.startsWith("posix:")) { + allowedAttributes = POSIX_ATTRIBUTES; + } else { + // should not occur + throw Messages.fileSystemProvider().unsupportedFileAttributeView(attributes.substring(0, attributes.indexOf(':'))); + } + + Map result = getAttributeMap(attributes, allowedAttributes); + PosixFileAttributes posixAttributes = readAttributes(path, options); + + for (Map.Entry entry : result.entrySet()) { + switch (entry.getKey()) { + case "basic:lastModifiedTime": + case "posix:lastModifiedTime": + entry.setValue(posixAttributes.lastModifiedTime()); + break; + case "basic:lastAccessTime": + case "posix:lastAccessTime": + entry.setValue(posixAttributes.lastAccessTime()); + break; + case "basic:creationTime": + case "posix:creationTime": + entry.setValue(posixAttributes.creationTime()); + break; + case "basic:size": + case "posix:size": + entry.setValue(posixAttributes.size()); + break; + case "basic:isRegularFile": + case "posix:isRegularFile": + entry.setValue(posixAttributes.isRegularFile()); + break; + case "basic:isDirectory": + case "posix:isDirectory": + entry.setValue(posixAttributes.isDirectory()); + break; + case "basic:isSymbolicLink": + case "posix:isSymbolicLink": + entry.setValue(posixAttributes.isSymbolicLink()); + break; + case "basic:isOther": + case "posix:isOther": + entry.setValue(posixAttributes.isOther()); + break; + case "basic:fileKey": + case "posix:fileKey": + entry.setValue(posixAttributes.fileKey()); + break; + case "owner:owner": + case "posix:owner": + entry.setValue(posixAttributes.owner()); + break; + case "posix:group": + entry.setValue(posixAttributes.group()); + break; + case "posix:permissions": + entry.setValue(posixAttributes.permissions()); + break; + default: + // should not occur + throw new IllegalStateException("unexpected attribute name: " + entry.getKey()); + } + } + return result; + } + + private Map getAttributeMap(String attributes, Set allowedAttributes) { + int indexOfColon = attributes.indexOf(':'); + String prefix = attributes.substring(0, indexOfColon + 1); + attributes = attributes.substring(indexOfColon + 1); + + String[] attributeList = attributes.split(","); + Map result = new HashMap<>(allowedAttributes.size()); + + for (String attribute : attributeList) { + String prefixedAttribute = prefix + attribute; + if (allowedAttributes.contains(prefixedAttribute)) { + result.put(prefixedAttribute, null); + } else if ("*".equals(attribute)) { + for (String s : allowedAttributes) { + result.put(s, null); + } + } else { + throw Messages.fileSystemProvider().unsupportedFileAttribute(attribute); + } + } + return result; + } + + FTPFile getFTPFile(FTPPath path) throws IOException { + try (FTPClientPool.Client client = clientPool.get()) { + return getFTPFile(client, path); + } + } + + private FTPFile getFTPFile(FTPClientPool.Client client, FTPPath path) throws IOException { + return ftpFileStrategy.getFTPFile(client, path); + } + + private FTPFile findFTPFile(FTPClientPool.Client client, FTPPath path) throws IOException { + try { + return getFTPFile(client, path); + } catch (NoSuchFileException e) { + return null; + } + } + + private FTPFile getLink(FTPClientPool.Client client, FTPFile ftpFile, FTPPath path) throws IOException { + return ftpFileStrategy.getLink(client, ftpFile, path); + } + + long getTotalSpace() { + // FTPClient does not support retrieving the total space + return Long.MAX_VALUE; + } + + long getUsableSpace() { + // FTPClient does not support retrieving the usable space + return Long.MAX_VALUE; + } + + long getUnallocatedSpace() { + // FTPClient does not support retrieving the unallocated space + return Long.MAX_VALUE; + } + + private static final class FTPPathAndFilePair { + private final FTPPath ftpPath; + private final FTPFile ftpFile; + + private FTPPathAndFilePair(FTPPath ftpPath, FTPFile ftpFile) { + this.ftpPath = ftpPath; + this.ftpFile = ftpFile; + } + } + + private static final class FTPFileAndOutputStreamPair { + + private final FTPFile ftpFile; + private final OutputStream out; + + private FTPFileAndOutputStreamPair(FTPFile ftpFile, OutputStream out) { + this.ftpFile = ftpFile; + this.out = out; + } + } + + private static final class FTPPathDirectoryStream extends AbstractDirectoryStream { + + private final FTPPath path; + private final List files; + private Iterator iterator; + + private FTPPathDirectoryStream(FTPPath path, List files, Filter filter) { + super(filter); + this.path = path; + this.files = files; + } + + @Override + protected void setupIteration() { + iterator = files.iterator(); + } + + @Override + protected Path getNext() throws IOException { + return iterator.hasNext() ? path.resolve(getFileName(iterator.next())) : null; + } + } + + private static final class FTPPathFileAttributes implements PosixFileAttributes { + + private static final FileTime EPOCH = FileTime.fromMillis(0L); + + private final FTPFile ftpFile; + private final FileTime lastModified; + + private FTPPathFileAttributes(FTPFile ftpFile, ZonedDateTime lastModified) { + this.ftpFile = ftpFile; + if (lastModified == null) { + ZonedDateTime timestamp = ftpFile.getTimestamp(); + this.lastModified = timestamp == null ? EPOCH : FileTime.from(timestamp.toInstant()); + } else { + this.lastModified = FileTime.from(lastModified.toInstant()); + } + } + + @Override + public UserPrincipal owner() { + String user = ftpFile.getUser(); + return user == null ? null : new SimpleUserPrincipal(user); + } + + @Override + public GroupPrincipal group() { + String group = ftpFile.getGroup(); + return group == null ? null : new SimpleGroupPrincipal(group); + } + + @Override + public Set permissions() { + Set permissions = EnumSet.noneOf(PosixFilePermission.class); + addPermissionIfSet(ftpFile, FTPFile.USER_ACCESS, FTPFile.READ_PERMISSION, PosixFilePermission.OWNER_READ, permissions); + addPermissionIfSet(ftpFile, FTPFile.USER_ACCESS, FTPFile.WRITE_PERMISSION, PosixFilePermission.OWNER_WRITE, permissions); + addPermissionIfSet(ftpFile, FTPFile.USER_ACCESS, FTPFile.EXECUTE_PERMISSION, PosixFilePermission.OWNER_EXECUTE, permissions); + addPermissionIfSet(ftpFile, FTPFile.GROUP_ACCESS, FTPFile.READ_PERMISSION, PosixFilePermission.GROUP_READ, permissions); + addPermissionIfSet(ftpFile, FTPFile.GROUP_ACCESS, FTPFile.WRITE_PERMISSION, PosixFilePermission.GROUP_WRITE, permissions); + addPermissionIfSet(ftpFile, FTPFile.GROUP_ACCESS, FTPFile.EXECUTE_PERMISSION, PosixFilePermission.GROUP_EXECUTE, permissions); + addPermissionIfSet(ftpFile, FTPFile.WORLD_ACCESS, FTPFile.READ_PERMISSION, PosixFilePermission.OTHERS_READ, permissions); + addPermissionIfSet(ftpFile, FTPFile.WORLD_ACCESS, FTPFile.WRITE_PERMISSION, PosixFilePermission.OTHERS_WRITE, permissions); + addPermissionIfSet(ftpFile, FTPFile.WORLD_ACCESS, FTPFile.EXECUTE_PERMISSION, PosixFilePermission.OTHERS_EXECUTE, permissions); + return permissions; + } + + private void addPermissionIfSet(FTPFile ftpFile, int access, int permission, PosixFilePermission value, + Set permissions) { + + if (ftpFile.hasPermission(access, permission)) { + permissions.add(value); + } + } + + @Override + public FileTime lastModifiedTime() { + return lastModified; + } + + @Override + public FileTime lastAccessTime() { + return lastModifiedTime(); + } + + @Override + public FileTime creationTime() { + return lastModifiedTime(); + } + + @Override + public boolean isRegularFile() { + return ftpFile.isFile(); + } + + @Override + public boolean isDirectory() { + return ftpFile.isDirectory(); + } + + @Override + public boolean isSymbolicLink() { + return ftpFile.isSymbolicLink(); + } + + @Override + public boolean isOther() { + return false; + } + + @Override + public long size() { + return ftpFile.getSize(); + } + + @Override + public Object fileKey() { + return null; + } + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPFileSystemException.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPFileSystemException.java new file mode 100644 index 0000000..1dfc879 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPFileSystemException.java @@ -0,0 +1,62 @@ +package org.xbib.io.ftp.fs; + +import java.nio.file.FileSystemException; + +/** + * An exception that is thrown if an FTP command does not execute successfully. + */ +public class FTPFileSystemException extends FileSystemException implements FTPResponse { + + private static final long serialVersionUID = 3914421047186137133L; + + private final int replyCode; + + /** + * Creates a new {@code FTPFileSystemException}. + * This constructor should be used when an operation not involving files fails. + * + * @param replyCode The integer value of the reply code of the last FTP reply that triggered this exception. + * @param replyString The entire text from the last FTP response that triggered this exception. It will be used as the exception's reason. + */ + public FTPFileSystemException(int replyCode, String replyString) { + super(null, null, replyString); + this.replyCode = replyCode; + } + + /** + * Creates a new {@code FTPFileSystemException}. + * This constructor should be used when an operation involving one file fails. + * + * @param file A string identifying the file, or {@code null} if not known. + * @param replyCode The integer value of the reply code of the last FTP reply that triggered this exception. + * @param replyString The entire text from the last FTP response that triggered this exception. It will be used as the exception's reason. + */ + public FTPFileSystemException(String file, int replyCode, String replyString) { + super(file, null, replyString); + this.replyCode = replyCode; + } + + /** + * Creates a new {@code FTPFileSystemException}. + * This constructor should be used when an operation involving two files fails. + * + * @param file A string identifying the file, or {@code null} if not known. + * @param other A string identifying the other file, or {@code null} if there isn't another file or if not known. + * @param replyCode The integer value of the reply code of the last FTP reply that triggered this exception. + * @param replyString The entire text from the last FTP response that triggered this exception. It will be used as the exception's reason. + */ + public FTPFileSystemException(String file, String other, int replyCode, String replyString) { + super(file, other, replyString); + this.replyCode = replyCode; + } + + @Override + public int getReplyCode() { + return replyCode; + } + + @Override + public String getReplyString() { + return getReason(); + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPFileSystemProvider.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPFileSystemProvider.java new file mode 100644 index 0000000..b4d7abb --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPFileSystemProvider.java @@ -0,0 +1,513 @@ +package org.xbib.io.ftp.fs; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.URI; +import java.nio.channels.SeekableByteChannel; +import java.nio.file.AccessMode; +import java.nio.file.CopyOption; +import java.nio.file.DirectoryStream; +import java.nio.file.DirectoryStream.Filter; +import java.nio.file.FileStore; +import java.nio.file.FileSystem; +import java.nio.file.FileSystemAlreadyExistsException; +import java.nio.file.FileSystemNotFoundException; +import java.nio.file.Files; +import java.nio.file.LinkOption; +import java.nio.file.OpenOption; +import java.nio.file.Path; +import java.nio.file.ProviderMismatchException; +import java.nio.file.StandardCopyOption; +import java.nio.file.attribute.BasicFileAttributeView; +import java.nio.file.attribute.BasicFileAttributes; +import java.nio.file.attribute.FileAttribute; +import java.nio.file.attribute.FileAttributeView; +import java.nio.file.attribute.FileOwnerAttributeView; +import java.nio.file.attribute.FileTime; +import java.nio.file.attribute.GroupPrincipal; +import java.nio.file.attribute.PosixFileAttributeView; +import java.nio.file.attribute.PosixFileAttributes; +import java.nio.file.attribute.PosixFilePermission; +import java.nio.file.attribute.UserPrincipal; +import java.nio.file.spi.FileSystemProvider; +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; +import java.util.Set; + +/** + * A provider for FTP file systems. + */ +public class FTPFileSystemProvider extends FileSystemProvider { + + private final Map fileSystems = new HashMap<>(); + + private static FTPPath toFTPPath(Path path) { + Objects.requireNonNull(path); + if (path instanceof FTPPath) { + return (FTPPath) path; + } + throw new ProviderMismatchException(); + } + + /** + * Send a keep-alive signal for an FTP file system. + * + * @param fs The FTP file system to send a keep-alive signal for. + * @throws ProviderMismatchException If the given file system is not an FTP file system + * (not created by an {@code FTPFileSystemProvider}). + * @throws IOException If an I/O error occurred. + */ + public static void keepAlive(FileSystem fs) throws IOException { + if (fs instanceof FTPFileSystem) { + ((FTPFileSystem) fs).keepAlive(); + } + throw new ProviderMismatchException(); + } + + /** + * Returns the URI scheme that identifies this provider: {@code ftp}. + */ + @Override + public String getScheme() { + return "ftp"; + } + + /** + * Constructs a new {@code FileSystem} object identified by a URI. + *

    + * The URI must have a {@link URI#getScheme() scheme} equal to {@link #getScheme()}, + * and no {@link URI#getUserInfo() user information}, + * {@link URI#getPath() path}, {@link URI#getQuery() query} or {@link URI#getFragment() fragment}. + * Authentication credentials must be set through + * the given environment map, preferably through {@link FTPEnvironment}. + *

    + * This provider allows multiple file systems per host, but only one file system per user on a host. + * Once a file system is {@link FileSystem#close() closed}, this provider allows a new file system + * to be created with the same URI and credentials + * as the closed file system. + */ + @Override + public FileSystem newFileSystem(URI uri, Map env) throws IOException { + // user info must come from the environment map + checkURI(uri, false, false); + FTPEnvironment environment = wrapEnvironment(env); + String username = environment.getUsername(); + URI normalizedURI = normalizeWithUsername(uri, username); + synchronized (fileSystems) { + if (fileSystems.containsKey(normalizedURI)) { + throw new FileSystemAlreadyExistsException(normalizedURI.toString()); + } + FTPFileSystem fs = new FTPFileSystem(this, normalizedURI, environment); + fileSystems.put(normalizedURI, fs); + return fs; + } + } + + FTPEnvironment wrapEnvironment(Map env) { + return FTPEnvironment.wrap(env); + } + + /** + * Returns an existing {@code FileSystem} created by this provider. + * The URI must have a {@link URI#getScheme() scheme} equal to {@link #getScheme()}, + * and no {@link URI#getPath() path}, + * {@link URI#getQuery() query} or {@link URI#getFragment() fragment}. + * Because the original credentials were provided through an environment map, + * the URI can contain {@link URI#getUserInfo() user information}, although this should not + * contain a password for security reasons. + * Once a file system is {@link FileSystem#close() closed}, + * this provided will throw a {@link FileSystemNotFoundException}. + */ + @Override + public FileSystem getFileSystem(URI uri) { + checkURI(uri, true, false); + return getExistingFileSystem(uri); + } + + /** + * Return a {@code Path} object by converting the given {@link URI}. The resulting {@code Path} + * is associated with a {@link FileSystem} that + * already exists. This method does not support constructing {@code FileSystem}s automatically. + *

    + * The URI must have a {@link URI#getScheme() scheme} equal to {@link #getScheme()}, + * and no {@link URI#getQuery() query} or + * {@link URI#getFragment() fragment}. Because the original credentials were provided through an environment map, + * the URI can contain {@link URI#getUserInfo() user information}, + * although this should not contain a password for security reasons. + */ + @Override + public Path getPath(URI uri) { + checkURI(uri, true, true); + + FTPFileSystem fs = getExistingFileSystem(uri); + return fs.getPath(uri.getPath()); + } + + private FTPFileSystem getExistingFileSystem(URI uri) { + URI normalizedURI = normalizeWithoutPassword(uri); + synchronized (fileSystems) { + FTPFileSystem fs = fileSystems.get(normalizedURI); + if (fs == null) { + throw new FileSystemNotFoundException(uri.toString()); + } + return fs; + } + } + + private void checkURI(URI uri, boolean allowUserInfo, boolean allowPath) { + if (!uri.isAbsolute()) { + throw Messages.uri().notAbsolute(uri); + } + if (!getScheme().equalsIgnoreCase(uri.getScheme())) { + throw Messages.uri().invalidScheme(uri, getScheme()); + } + if (!allowUserInfo && uri.getUserInfo() != null && !uri.getUserInfo().isEmpty()) { + throw Messages.uri().hasUserInfo(uri); + } + if (uri.isOpaque()) { + throw Messages.uri().notHierarchical(uri); + } + if (!allowPath && uri.getPath() != null && !uri.getPath().isEmpty()) { + throw Messages.uri().hasPath(uri); + } + if (uri.getQuery() != null && !uri.getQuery().isEmpty()) { + throw Messages.uri().hasQuery(uri); + } + if (uri.getFragment() != null && !uri.getFragment().isEmpty()) { + throw Messages.uri().hasFragment(uri); + } + } + + void removeFileSystem(URI uri) { + URI normalizedURI = normalizeWithoutPassword(uri); + synchronized (fileSystems) { + fileSystems.remove(normalizedURI); + } + } + + private URI normalizeWithoutPassword(URI uri) { + String userInfo = uri.getUserInfo(); + if (userInfo == null && uri.getPath() == null && uri.getQuery() == null && uri.getFragment() == null) { + // nothing to normalize, return the URI + return uri; + } + String username = null; + if (userInfo != null) { + int index = userInfo.indexOf(':'); + username = index == -1 ? userInfo : userInfo.substring(0, index); + } + // no path, query or fragment + return URISupport.create(uri.getScheme(), username, uri.getHost(), uri.getPort(), null, null, null); + } + + private URI normalizeWithUsername(URI uri, String username) { + if (username == null && uri.getUserInfo() == null && uri.getPath() == null && uri.getQuery() == null && uri.getFragment() == null) { + // nothing to normalize or add, return the URI + return uri; + } + // no path, query or fragment + return URISupport.create(uri.getScheme(), username, uri.getHost(), uri.getPort(), null, null, null); + } + + /** + * Opens a file, returning an input stream to read from the file. + * This method works in exactly the manner specified by the {@link Files#newInputStream(Path, OpenOption...)} method. + *

    + * In addition to the standard open options, this method also supports single occurrences of each of + * {@link FileType}, {@link FileStructure} and + * {@link FileTransferMode}. These three option types, with defaults of {@link FileType#binary()}, + * {@link FileStructure#FILE} and + * {@link FileTransferMode#STREAM}, persist for all calls that support file transfers: + *

      + *
    • {@link #newInputStream(Path, OpenOption...)}
      • + *
    • {@link #newOutputStream(Path, OpenOption...)}
      • + *
    • {@link #newByteChannel(Path, Set, FileAttribute...)}
      • + *
    • {@link #copy(Path, Path, CopyOption...)}
      • + *
    • {@link #move(Path, Path, CopyOption...)}
      • + *
    + *

    + * Note: while the returned input stream is not closed, the path's file system will have + * one available connection fewer. + * It is therefore essential that the input stream is closed as soon as possible. + */ + @Override + public InputStream newInputStream(Path path, OpenOption... options) throws IOException { + return toFTPPath(path).newInputStream(options); + } + + /** + * Opens or creates a file, returning an output stream that may be used to write bytes to the file. + * This method works in exactly the manner specified by the {@link Files#newOutputStream(Path, OpenOption...)} method. + *

    + * In addition to the standard open options, this method also supports single occurrences of each of + * {@link FileType}, {@link FileStructure} and + * {@link FileTransferMode}. These three option types, with defaults of {@link FileType#binary()}, + * {@link FileStructure#FILE} and + * {@link FileTransferMode#STREAM}, persist for all calls that support file transfers: + *

      + *
    • {@link #newInputStream(Path, OpenOption...)}
      • + *
    • {@link #newOutputStream(Path, OpenOption...)}
      • + *
    • {@link #newByteChannel(Path, Set, FileAttribute...)}
      • + *
    • {@link #copy(Path, Path, CopyOption...)}
      • + *
    • {@link #move(Path, Path, CopyOption...)}
      • + *
    + *

    + * Note: while the returned output stream is not closed, the path's file system will have one available + * connection fewer. + * It is therefore essential that the output stream is closed as soon as possible. + */ + @Override + public OutputStream newOutputStream(Path path, OpenOption... options) throws IOException { + return toFTPPath(path).newOutputStream(options); + } + + /** + * Opens or creates a file, returning a seekable byte channel to access the file. + * This method works in exactly the manner specified by the + * {@link Files#newByteChannel(Path, Set, FileAttribute...)} method. + *

    + * In addition to the standard open options, this method also supports single occurrences of + * each of {@link FileType}, {@link FileStructure} and + * {@link FileTransferMode}. These three option types, with defaults of {@link FileType#binary()}, + * {@link FileStructure#FILE} and + * {@link FileTransferMode#STREAM}, persist for all calls that support file transfers: + *

      + *
    • {@link #newInputStream(Path, OpenOption...)}
      • + *
    • {@link #newOutputStream(Path, OpenOption...)}
      • + *
    • {@link #newByteChannel(Path, Set, FileAttribute...)}
      • + *
    • {@link #copy(Path, Path, CopyOption...)}
      • + *
    • {@link #move(Path, Path, CopyOption...)}
      • + *
    + *

    + * This method does not support any file attributes to be set. If any file attributes are given, + * an {@link UnsupportedOperationException} will be + * thrown. + *

    + * Note: while the returned channel is not closed, the path's file system will have one available connection fewer. + * It is therefore essential that the channel is closed as soon as possible. + */ + @Override + public SeekableByteChannel newByteChannel(Path path, Set options, + FileAttribute... attrs) throws IOException { + return toFTPPath(path).newByteChannel(options, attrs); + } + + @Override + public DirectoryStream newDirectoryStream(Path dir, Filter filter) throws IOException { + return toFTPPath(dir).newDirectoryStream(filter); + } + + /** + * Creates a new directory. + * This method works in exactly the manner specified by the + * {@link Files#createDirectory(Path, FileAttribute...)} method. + *

    + * This method does not support any file attributes to be set. + * If any file attributes are given, an {@link UnsupportedOperationException} will be + * thrown. + */ + @Override + public void createDirectory(Path dir, FileAttribute... attrs) throws IOException { + toFTPPath(dir).createDirectory(attrs); + } + + @Override + public void delete(Path path) throws IOException { + toFTPPath(path).delete(); + } + + @Override + public Path readSymbolicLink(Path link) throws IOException { + return toFTPPath(link).readSymbolicLink(); + } + + /** + * Copy a file to a target file. + * This method works in exactly the manner specified by the {@link Files#copy(Path, Path, CopyOption...)} + * method except that both the source and + * target paths must be associated with this provider. + *

    + * In addition to the standard copy options, this method also supports single occurrences of each of + * {@link FileType}, {@link FileStructure} and + * {@link FileTransferMode}. These three option types, with defaults of {@link FileType#binary()}, + * {@link FileStructure#FILE} and + * {@link FileTransferMode#STREAM}, persist for all calls that support file transfers: + *

      + *
    • {@link #newInputStream(Path, OpenOption...)}
      • + *
    • {@link #newOutputStream(Path, OpenOption...)}
      • + *
    • {@link #newByteChannel(Path, Set, FileAttribute...)}
      • + *
    • {@link #copy(Path, Path, CopyOption...)}
      • + *
    • {@link #move(Path, Path, CopyOption...)}
      • + *
    + *

    + * {@link StandardCopyOption#COPY_ATTRIBUTES} and {@link StandardCopyOption#ATOMIC_MOVE} are not supported though. + */ + @Override + public void copy(Path source, Path target, CopyOption... options) throws IOException { + toFTPPath(source).copy(toFTPPath(target), options); + } + + /** + * Move or rename a file to a target file. + * This method works in exactly the manner specified by the {@link Files#move(Path, Path, CopyOption...)} + * method except that both the source and + * target paths must be associated with this provider. + *

    + * In addition to the standard copy options, this method also supports single occurrences of each of + * {@link FileType}, {@link FileStructure} and + * {@link FileTransferMode}. These three option types, with defaults of {@link FileType#binary()}, + * {@link FileStructure#FILE} and + * {@link FileTransferMode#STREAM}, persist for all calls that support file transfers: + *

      + *
    • {@link #newInputStream(Path, OpenOption...)}
      • + *
    • {@link #newOutputStream(Path, OpenOption...)}
      • + *
    • {@link #newByteChannel(Path, Set, FileAttribute...)}
      • + *
    • {@link #copy(Path, Path, CopyOption...)}
      • + *
    • {@link #move(Path, Path, CopyOption...)}
      • + *
    + *

    + * {@link StandardCopyOption#COPY_ATTRIBUTES} is not supported though. + * {@link StandardCopyOption#ATOMIC_MOVE} is only supported if the paths have + * the same file system. + */ + @Override + public void move(Path source, Path target, CopyOption... options) throws IOException { + toFTPPath(source).move(toFTPPath(target), options); + } + + @Override + public boolean isSameFile(Path path, Path path2) throws IOException { + return toFTPPath(path).isSameFile(path2); + } + + @Override + public boolean isHidden(Path path) throws IOException { + return toFTPPath(path).isHidden(); + } + + @Override + public FileStore getFileStore(Path path) throws IOException { + return toFTPPath(path).getFileStore(); + } + + @Override + public void checkAccess(Path path, AccessMode... modes) throws IOException { + toFTPPath(path).checkAccess(modes); + } + + /** + * Returns a file attribute view of a given type. + * This method works in exactly the manner specified by the + * {@link Files#getFileAttributeView(Path, Class, LinkOption...)} method. + *

    + * This provider supports {@link BasicFileAttributeView}, {@link FileOwnerAttributeView} and + * {@link PosixFileAttributeView}. + * All other classes will result in a {@code null} return value. + *

    + * Note that the returned {@link FileAttributeView} is read-only; any attempt to change any attributes + * through the view will result in an + * {@link UnsupportedOperationException} to be thrown. + */ + @Override + public V getFileAttributeView(Path path, Class type, LinkOption... options) { + Objects.requireNonNull(type); + if (type == BasicFileAttributeView.class) { + return type.cast(new AttributeView("basic", toFTPPath(path))); + } + if (type == FileOwnerAttributeView.class) { + return type.cast(new AttributeView("owner", toFTPPath(path))); + } + if (type == PosixFileAttributeView.class) { + return type.cast(new AttributeView("posix", toFTPPath(path))); + } + return null; + } + + /** + * Reads a file's attributes as a bulk operation. + * This method works in exactly the manner specified by the + * {@link Files#readAttributes(Path, Class, LinkOption...)} method. + * This provider supports {@link BasicFileAttributes} and {@link PosixFileAttributes} + * (there is no {@code FileOwnerFileAttributes}). + * All other classes will result in an {@link UnsupportedOperationException} to be thrown. + */ + @Override + public A readAttributes(Path path, Class type, LinkOption... options) + throws IOException { + if (type == BasicFileAttributes.class || type == PosixFileAttributes.class) { + return type.cast(toFTPPath(path).readAttributes(options)); + } + throw Messages.fileSystemProvider().unsupportedFileAttributesType(type); + } + + /** + * Reads a set of file attributes as a bulk operation. + * This method works in exactly the manner specified by the {@link Files#readAttributes(Path, String, LinkOption...)} method. + *

    + * This provider supports views {@code basic}, {@code owner} and {code posix}, where {@code basic} will be used if no view is given. + * All other views will result in an {@link UnsupportedOperationException} to be thrown. + */ + @Override + public Map readAttributes(Path path, String attributes, LinkOption... options) throws IOException { + return toFTPPath(path).readAttributes(attributes, options); + } + + /** + * Sets the value of a file attribute. + * This method works in exactly the manner specified by the {@link Files#setAttribute(Path, String, Object, LinkOption...)} method. + *

    + * This provider does not support attributes for paths to be set. This method will always throw an {@link UnsupportedOperationException}. + */ + @Override + public void setAttribute(Path path, String attribute, Object value, LinkOption... options) throws IOException { + throw Messages.unsupportedOperation(FileSystemProvider.class, "setAttribute"); + } + + private static final class AttributeView implements PosixFileAttributeView { + + private final String name; + private final FTPPath path; + + private AttributeView(String name, FTPPath path) { + this.name = Objects.requireNonNull(name); + this.path = Objects.requireNonNull(path); + } + + @Override + public String name() { + return name; + } + + @Override + public UserPrincipal getOwner() throws IOException { + return readAttributes().owner(); + } + + @Override + public void setOwner(UserPrincipal owner) throws IOException { + throw Messages.unsupportedOperation(FileOwnerAttributeView.class, "setOwner"); + } + + @Override + public PosixFileAttributes readAttributes() throws IOException { + return path.readAttributes(); + } + + @Override + public void setTimes(FileTime lastModifiedTime, FileTime lastAccessTime, FileTime createTime) throws IOException { + throw Messages.unsupportedOperation(BasicFileAttributeView.class, "setTimes"); + } + + @Override + public void setGroup(GroupPrincipal group) throws IOException { + throw Messages.unsupportedOperation(PosixFileAttributeView.class, "setGroup"); + } + + @Override + public void setPermissions(Set perms) throws IOException { + throw Messages.unsupportedOperation(PosixFileAttributeView.class, "setPermissions"); + } + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPMessages.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPMessages.java new file mode 100644 index 0000000..24d10ca --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPMessages.java @@ -0,0 +1,26 @@ +package org.xbib.io.ftp.fs; + +import java.util.Locale; +import java.util.ResourceBundle; + +/** + * A utility class for providing translated messages and exceptions. + */ +final class FTPMessages { + + private static final String BUNDLE_NAME = "org.xbib.ftp.fs.messages"; + + private static final ResourceBundle BUNDLE = ResourceBundle.getBundle(BUNDLE_NAME, Locale.ROOT, UTF8Control.INSTANCE); + + private FTPMessages() { + throw new Error("cannot create instances of " + getClass().getName()); + } + + private static synchronized String getMessage(String key) { + return BUNDLE.getString(key); + } + + public static String copyOfSymbolicLinksAcrossFileSystemsNotSupported() { + return getMessage("copyOfSymbolicLinksAcrossFileSystemsNotSupported"); + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPNoSuchFileException.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPNoSuchFileException.java new file mode 100644 index 0000000..31adf9e --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPNoSuchFileException.java @@ -0,0 +1,48 @@ +package org.xbib.io.ftp.fs; + +import java.nio.file.NoSuchFileException; + +/** + * An exception that is thrown if an FTP command does not execute successfully because a file does not exist. + */ +public class FTPNoSuchFileException extends NoSuchFileException implements FTPResponse { + + private static final long serialVersionUID = 1547360368371410860L; + + private final int replyCode; + + /** + * Creates a new {@code FTPNoSuchFileException}. + * + * @param file A string identifying the file, or {@code null} if not known. + * @param replyCode The integer value of the reply code of the last FTP reply that triggered this exception. + * @param replyString The entire text from the last FTP response that triggered this exception. It will be used as the exception's reason. + */ + public FTPNoSuchFileException(String file, int replyCode, String replyString) { + super(file, null, replyString); + this.replyCode = replyCode; + } + + /** + * Creates a new {@code FTPNoSuchFileException}. + * + * @param file A string identifying the file, or {@code null} if not known. + * @param other A string identifying the other file, or {@code null} if not known. + * @param replyCode The integer value of the reply code of the last FTP reply that triggered this exception. + * @param replyString The entire text from the last FTP response that triggered this exception. It will be used as the exception's reason. + */ + public FTPNoSuchFileException(String file, String other, int replyCode, String replyString) { + super(file, other, replyString); + this.replyCode = replyCode; + } + + @Override + public int getReplyCode() { + return replyCode; + } + + @Override + public String getReplyString() { + return getReason(); + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPNotDirectoryException.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPNotDirectoryException.java new file mode 100644 index 0000000..01bbe5a --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPNotDirectoryException.java @@ -0,0 +1,47 @@ +package org.xbib.io.ftp.fs; + +import java.nio.file.NotDirectoryException; + +/** + * An exception that is thrown if an FTP command does not execute successfully because a file is not a directory. + */ +public class FTPNotDirectoryException extends NotDirectoryException implements FTPResponse { + + private static final long serialVersionUID = -37768328123340304L; + + private final int replyCode; + private final String replyString; + + /** + * Creates a new {@code FTPNotLinkException}. + * + * @param file A string identifying the file, or {@code null} if not known. + * @param replyCode The integer value of the reply code of the last FTP reply that triggered this exception. + * @param replyString The entire text from the last FTP response that triggered this exception. It will be used as the exception's reason. + */ + public FTPNotDirectoryException(String file, int replyCode, String replyString) { + super(file); + this.replyCode = replyCode; + this.replyString = replyString; + } + + @Override + public int getReplyCode() { + return replyCode; + } + + @Override + public String getReplyString() { + return replyString; + } + + @Override + public String getReason() { + return replyString; + } + + @Override + public String getMessage() { + return replyString; + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPNotLinkException.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPNotLinkException.java new file mode 100644 index 0000000..f33c320 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPNotLinkException.java @@ -0,0 +1,48 @@ +package org.xbib.io.ftp.fs; + +import java.nio.file.NotLinkException; + +/** + * An exception that is thrown if an FTP command does not execute successfully because a file is not a symbolic link. + */ +public class FTPNotLinkException extends NotLinkException implements FTPResponse { + + private static final long serialVersionUID = 2100528879214315190L; + + private final int replyCode; + + /** + * Creates a new {@code FTPNotLinkException}. + * + * @param file A string identifying the file, or {@code null} if not known. + * @param replyCode The integer value of the reply code of the last FTP reply that triggered this exception. + * @param replyString The entire text from the last FTP response that triggered this exception. It will be used as the exception's reason. + */ + public FTPNotLinkException(String file, int replyCode, String replyString) { + super(file, null, replyString); + this.replyCode = replyCode; + } + + /** + * Creates a new {@code FTPNotLinkException}. + * + * @param file A string identifying the file, or {@code null} if not known. + * @param other A string identifying the other file, or {@code null} if not known. + * @param replyCode The integer value of the reply code of the last FTP reply that triggered this exception. + * @param replyString The entire text from the last FTP response that triggered this exception. It will be used as the exception's reason. + */ + public FTPNotLinkException(String file, String other, int replyCode, String replyString) { + super(file, other, replyString); + this.replyCode = replyCode; + } + + @Override + public int getReplyCode() { + return replyCode; + } + + @Override + public String getReplyString() { + return getReason(); + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPPath.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPPath.java new file mode 100644 index 0000000..97cdfb3 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPPath.java @@ -0,0 +1,198 @@ +package org.xbib.io.ftp.fs; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.URI; +import java.nio.channels.SeekableByteChannel; +import java.nio.file.AccessMode; +import java.nio.file.CopyOption; +import java.nio.file.DirectoryStream; +import java.nio.file.DirectoryStream.Filter; +import java.nio.file.FileStore; +import java.nio.file.LinkOption; +import java.nio.file.OpenOption; +import java.nio.file.Path; +import java.nio.file.WatchEvent.Kind; +import java.nio.file.WatchEvent.Modifier; +import java.nio.file.WatchKey; +import java.nio.file.WatchService; +import java.nio.file.attribute.FileAttribute; +import java.nio.file.attribute.PosixFileAttributes; +import java.util.Map; +import java.util.Objects; +import java.util.Set; + +/** + * A path for FTP file systems. + */ +class FTPPath extends SimpleAbstractPath { + + private final FTPFileSystem fs; + + FTPPath(FTPFileSystem fs, String path) { + super(path); + this.fs = Objects.requireNonNull(fs); + } + + private FTPPath(FTPFileSystem fs, String path, boolean normalized) { + super(path, normalized); + this.fs = Objects.requireNonNull(fs); + } + + @Override + protected FTPPath createPath(String path) { + return new FTPPath(fs, path, true); + } + + @Override + public FTPFileSystem getFileSystem() { + return fs; + } + + @Override + public FTPPath getRoot() { + return (FTPPath) super.getRoot(); + } + + @Override + public FTPPath getFileName() { + return (FTPPath) super.getFileName(); + } + + @Override + public FTPPath getParent() { + return (FTPPath) super.getParent(); + } + + @Override + public FTPPath getName(int index) { + return (FTPPath) super.getName(index); + } + + @Override + public FTPPath subpath(int beginIndex, int endIndex) { + return (FTPPath) super.subpath(beginIndex, endIndex); + } + + @Override + public FTPPath normalize() { + return (FTPPath) super.normalize(); + } + + @Override + public FTPPath resolve(Path other) { + return (FTPPath) super.resolve(other); + } + + @Override + public FTPPath resolve(String other) { + return (FTPPath) super.resolve(other); + } + + @Override + public FTPPath resolveSibling(Path other) { + return (FTPPath) super.resolveSibling(other); + } + + @Override + public FTPPath resolveSibling(String other) { + return (FTPPath) super.resolveSibling(other); + } + + @Override + public FTPPath relativize(Path other) { + return (FTPPath) super.relativize(other); + } + + @Override + public URI toUri() { + return fs.toUri(this); + } + + @Override + public FTPPath toAbsolutePath() { + return fs.toAbsolutePath(this); + } + + @Override + public FTPPath toRealPath(LinkOption... options) throws IOException { + return fs.toRealPath(this, options); + } + + @Override + public WatchKey register(WatchService watcher, Kind[] events, Modifier... modifiers) throws IOException { + throw Messages.unsupportedOperation(Path.class, "register"); + } + + @Override + public String toString() { + return fs.toString(this); + } + + InputStream newInputStream(OpenOption... options) throws IOException { + return fs.newInputStream(this, options); + } + + OutputStream newOutputStream(OpenOption... options) throws IOException { + return fs.newOutputStream(this, options); + } + + SeekableByteChannel newByteChannel(Set options, FileAttribute... attrs) throws IOException { + return fs.newByteChannel(this, options, attrs); + } + + DirectoryStream newDirectoryStream(Filter filter) throws IOException { + return fs.newDirectoryStream(this, filter); + } + + void createDirectory(FileAttribute... attrs) throws IOException { + fs.createDirectory(this, attrs); + } + + void delete() throws IOException { + fs.delete(this); + } + + FTPPath readSymbolicLink() throws IOException { + return fs.readSymbolicLink(this); + } + + void copy(FTPPath target, CopyOption... options) throws IOException { + fs.copy(this, target, options); + } + + void move(FTPPath target, CopyOption... options) throws IOException { + fs.move(this, target, options); + } + + boolean isSameFile(Path other) throws IOException { + if (this.equals(other)) { + return true; + } + if (other == null || getFileSystem() != other.getFileSystem()) { + return false; + } + return fs.isSameFile(this, (FTPPath) other); + } + + boolean isHidden() throws IOException { + return fs.isHidden(this); + } + + FileStore getFileStore() throws IOException { + return fs.getFileStore(this); + } + + void checkAccess(AccessMode... modes) throws IOException { + fs.checkAccess(this, modes); + } + + PosixFileAttributes readAttributes(LinkOption... options) throws IOException { + return fs.readAttributes(this, options); + } + + Map readAttributes(String attributes, LinkOption... options) throws IOException { + return fs.readAttributes(this, attributes, options); + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPResponse.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPResponse.java new file mode 100644 index 0000000..bffd3b7 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FTPResponse.java @@ -0,0 +1,21 @@ +package org.xbib.io.ftp.fs; + +/** + * Represents a response from an FTP server. + */ +public interface FTPResponse { + + /** + * Returns the reply code of the FTP response. + * + * @return The integer value of the reply code of the FTP response. + */ + int getReplyCode(); + + /** + * Returns the entire text from the FTP response. + * + * @return The entire text from the FTP response. + */ + String getReplyString(); +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FileStructure.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FileStructure.java new file mode 100644 index 0000000..1f18f06 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FileStructure.java @@ -0,0 +1,38 @@ +package org.xbib.io.ftp.fs; + +import org.xbib.io.ftp.client.FTP; +import org.xbib.io.ftp.client.FTPClient; + +import java.io.IOException; +import java.nio.file.CopyOption; +import java.nio.file.OpenOption; + +/** + * The possible FTP file structures. + */ +public enum FileStructure implements OpenOption, CopyOption { + /** + * Indicates that files are to be treated as a continuous sequence of bytes. + */ + FILE(FTP.FILE_STRUCTURE), + /** + * Indicates that files are to be treated as a sequence of records. + */ + RECORD(FTP.RECORD_STRUCTURE), + /** + * Indicates that files are to be treated as a set of independent indexed pages. + */ + PAGE(FTP.PAGE_STRUCTURE),; + + private final int structure; + + FileStructure(int structure) { + this.structure = structure; + } + + void apply(FTPClient client) throws IOException { + if (!client.setFileStructure(structure)) { + throw new FTPFileSystemException(client.getReplyCode(), client.getReplyString()); + } + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FileSystemExceptionFactory.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FileSystemExceptionFactory.java new file mode 100644 index 0000000..0beb132 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FileSystemExceptionFactory.java @@ -0,0 +1,107 @@ +package org.xbib.io.ftp.fs; + +import java.nio.file.AccessDeniedException; +import java.nio.file.FileAlreadyExistsException; +import java.nio.file.FileSystemException; +import java.nio.file.NoSuchFileException; +import java.nio.file.OpenOption; +import java.util.Collection; + +/** + * A factory for creating {@link FileSystemException}s based on replies from an FTP server. + * It's not always possible to distinguish different types of errors. For instance, a 550 error code (file unavailable) could indicate that a file + * does not exist (which should trigger a {@link NoSuchFileException}), or that a file is inaccessible (which should trigger a + * {@link AccessDeniedException}), or possibly another reason. + * This interface allows users to provide their own mapping, based on both the reply code and the reply string from an FTP reply. + * Ideally implementations return exceptions that implement {@link FTPResponse}. + * This way, the original FTP reply code and message will be reserved. + */ +public interface FileSystemExceptionFactory { + + /** + * Creates a {@code FileSystemException} that indicates a file or directory cannot be retrieved. + *

    + * Note that the LIST command is used to retrieve a file or directory. This will often return with a 226 code even if a file or directory cannot + * be retrieved. This does not mean that the LIST call was actually successful. + * + * @param file A string identifying the file or directory. + * @param replyCode The integer value of the reply code of the last FTP reply that triggered this method call. + * @param replyString The entire text from the last FTP response that triggered this method call. + * @return The created {@code FileSystemException}. + */ + FileSystemException createGetFileException(String file, int replyCode, String replyString); + + /** + * Creates a {@code FileSystemException} that indicates a directory cannot be used as the current working directory. + * + * @param directory A string identifying the directory. + * @param replyCode The integer value of the reply code of the last FTP reply that triggered this method call. + * @param replyString The entire text from the last FTP response that triggered this method call. + * @return The created {@code FileSystemException}. + */ + FileSystemException createChangeWorkingDirectoryException(String directory, int replyCode, String replyString); + + /** + * Creates a {@code FileSystemException} that indicates a directory cannot be created. + * + * @param directory A string identifying the directory. + * @param replyCode The integer value of the reply code of the last FTP reply that triggered this method call. + * @param replyString The entire text from the last FTP response that triggered this method call. + * @return The created {@code FileSystemException}. + */ + FileAlreadyExistsException createCreateDirectoryException(String directory, int replyCode, String replyString); + + /** + * Creates a {@code FileSystemException} that indicates a file or directory cannot be deleted. + * + * @param file A string identifying the file or directory. + * @param replyCode The integer value of the reply code of the last FTP reply that triggered this method call. + * @param replyString The entire text from the last FTP response that triggered this method call. + * @param isDirectory {@code true} if a directory cannot be deleted, or {@code false} if a file cannot be deleted. + * @return The created {@code FileSystemException}. + */ + FileSystemException createDeleteException(String file, int replyCode, String replyString, boolean isDirectory); + + /** + * Creates a {@code FileSystemException} that indicates a file cannot be opened for reading. + * + * @param file A string identifying the file. + * @param replyCode The integer value of the reply code of the last FTP reply that triggered this method call. + * @param replyString The entire text from the last FTP response that triggered this method call. + * @return The created {@code FileSystemException}. + */ + FileSystemException createNewInputStreamException(String file, int replyCode, String replyString); + + /** + * Creates a {@code FileSystemException} that indicates a file cannot be opened for writing. + * + * @param file A string identifying the file. + * @param replyCode The integer value of the reply code of the last FTP reply that triggered this method call. + * @param replyString The entire text from the last FTP response that triggered this method call. + * @param options The open options used to open the file. + * @return The created {@code FileSystemException}. + */ + FileSystemException createNewOutputStreamException(String file, int replyCode, String replyString, Collection options); + + /** + * Creates a {@code FileSystemException} that indicates a file or directory cannot be copied. + * + * @param file A string identifying the file or directory to be copied. + * @param other A string identifying the file or directory to be copied to. + * @param replyCode The integer value of the reply code of the last FTP reply that triggered this method call. + * @param replyString The entire text from the last FTP response that triggered this method call. + * @return The created {@code FileSystemException}. + */ + FileSystemException createCopyException(String file, String other, int replyCode, String replyString); + + /** + * Creates a {@code FileSystemException} that indicates a file or directory cannot be moved. + * + * @param file A string identifying the file or directory to be moved. + * @param other A string identifying the file or directory to be moved to. + * @param replyCode The integer value of the reply code of the last FTP reply that triggered this method call. + * @param replyString The entire text from the last FTP response that triggered this method call. + * @return The created {@code FileSystemException}. + */ + FileSystemException createMoveException(String file, String other, int replyCode, String replyString); +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FileSystemProviderSupport.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FileSystemProviderSupport.java new file mode 100644 index 0000000..f5842a7 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FileSystemProviderSupport.java @@ -0,0 +1,630 @@ +package org.xbib.io.ftp.fs; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.URI; +import java.nio.ByteBuffer; +import java.nio.channels.Channels; +import java.nio.channels.NonReadableChannelException; +import java.nio.channels.NonWritableChannelException; +import java.nio.channels.ReadableByteChannel; +import java.nio.channels.SeekableByteChannel; +import java.nio.channels.WritableByteChannel; +import java.nio.file.Path; +import java.nio.file.spi.FileSystemProvider; +import java.util.Map; +import java.util.Objects; + +/** + * A utility class that can assist in implementing {@link FileSystemProvider}s. + */ +public final class FileSystemProviderSupport { + + private FileSystemProviderSupport() { + } + + /** + * Creates a {@link SeekableByteChannel} wrapped around an {@link InputStream}. + * This {@code SeekableByteChannel}, with an initial position of {@code 0} does not support seeking a specific position, truncating or writing. + * + * @param in The {@code InputStream} to wrap. + * @param size The size of the source of the {@code InputStream}. + * @return The created {@code SeekableByteChannel}. + * @throws NullPointerException If the given {@code InputStream} is {@code null}. + * @throws IllegalArgumentException If the given size of initial position is negative. + */ + public static SeekableByteChannel createSeekableByteChannel(final InputStream in, final long size) { + return createSeekableByteChannel(in, size, 0); + } + + /** + * Creates a {@link SeekableByteChannel} wrapped around an {@link InputStream}. + * This {@code SeekableByteChannel} does not support seeking a specific position, truncating or writing. + * + * @param in The {@code InputStream} to wrap. + * @param size The size of the source of the {@code InputStream}. + * @param initialPosition The initial position of the returned {@code SeekableByteChannel}. + * @return The created {@code SeekableByteChannel}. + * @throws NullPointerException If the given {@code InputStream} is {@code null}. + * @throws IllegalArgumentException If the given size of initial position is negative. + */ + public static SeekableByteChannel createSeekableByteChannel(final InputStream in, final long size, final long initialPosition) { + Objects.requireNonNull(in); + if (size < 0) { + throw new IllegalArgumentException(size + " < 0"); + } + if (initialPosition < 0) { + throw new IllegalArgumentException(initialPosition + " < 0"); + } + + return new SeekableByteChannel() { + + private final ReadableByteChannel channel = Channels.newChannel(in); + private long position = initialPosition; + + @Override + public boolean isOpen() { + return channel.isOpen(); + } + + @Override + public void close() throws IOException { + channel.close(); + } + + @Override + public int write(ByteBuffer src) throws IOException { + throw new NonWritableChannelException(); + } + + @Override + public SeekableByteChannel truncate(long size) throws IOException { + throw Messages.unsupportedOperation(SeekableByteChannel.class, "truncate"); + } + + @Override + public long size() throws IOException { + return size; + } + + @Override + public int read(ByteBuffer dst) throws IOException { + int read = channel.read(dst); + if (read > 0) { + position += read; + } + return read; + } + + @Override + public SeekableByteChannel position(long newPosition) throws IOException { + throw Messages.unsupportedOperation(SeekableByteChannel.class, "position"); + } + + @Override + public long position() throws IOException { + return position; + } + }; + } + + /** + * Creates a {@link SeekableByteChannel} wrapped around an {@link OutputStream}. + * This {@code SeekableByteChannel}, with an initial position of {@code 0}, does not support seeking a specific position, truncating or reading. + * + * @param out The {@code OutputStream} to wrap. + * @return The created {@code SeekableByteChannel}. + * @throws NullPointerException If the given {@code OutputStream} is {@code null}. + */ + public static SeekableByteChannel createSeekableByteChannel(OutputStream out) { + return createSeekableByteChannel(out, 0); + } + + /** + * Creates a {@link SeekableByteChannel} wrapped around an {@link OutputStream}. + * This {@code SeekableByteChannel} does not support seeking a specific position, truncating or reading. + * + * @param out The {@code OutputStream} to wrap. + * @param initialPosition The initial position of the returned {@code SeekableByteChannel}. + * @return The created {@code SeekableByteChannel}. + * @throws NullPointerException If the given {@code OutputStream} is {@code null}. + * @throws IllegalArgumentException If the given initial position is negative. + */ + public static SeekableByteChannel createSeekableByteChannel(final OutputStream out, final long initialPosition) { + Objects.requireNonNull(out); + if (initialPosition < 0) { + throw new IllegalArgumentException(initialPosition + " < 0"); + } + + return new SeekableByteChannel() { + + private final WritableByteChannel channel = Channels.newChannel(out); + private long position = initialPosition; + + @Override + public boolean isOpen() { + return channel.isOpen(); + } + + @Override + public void close() throws IOException { + channel.close(); + } + + @Override + public int write(ByteBuffer src) throws IOException { + int written = channel.write(src); + position += written; + return written; + } + + @Override + public SeekableByteChannel truncate(long size) throws IOException { + throw Messages.unsupportedOperation(SeekableByteChannel.class, "truncate"); + } + + @Override + public long size() throws IOException { + return position; + } + + @Override + public int read(ByteBuffer dst) throws IOException { + throw new NonReadableChannelException(); + } + + @Override + public SeekableByteChannel position(long newPosition) throws IOException { + throw Messages.unsupportedOperation(SeekableByteChannel.class, "position"); + } + + @Override + public long position() throws IOException { + return position; + } + }; + } + + /** + * Retrieves a required boolean property from a map. This method can be used to retrieve properties in implementations of + * {@link FileSystemProvider#newFileSystem(URI, Map)} and {@link FileSystemProvider#newFileSystem(Path, Map)}. + * It supports values of type {@link Boolean} and {@link String}. + * + * @param env The map to retrieve the property from. + * @param property The name of the property. + * @return The value for the given property. + * @throws IllegalArgumentException If the property is not present in the given map, or if its value has an incompatible type. + */ + public static boolean getBooleanValue(Map env, String property) { + Object value = env.get(property); + if (value == null) { + throw Messages.fileSystemProvider().env().missingProperty(property); + } + if (value instanceof Boolean) { + return (Boolean) value; + } + if ("true".equals(value)) { + return true; + } + if ("false".equals(value)) { + return false; + } + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + + /** + * Retrieves an optional boolean property from a map. This method can be used to retrieve properties in implementations of + * {@link FileSystemProvider#newFileSystem(URI, Map)} and {@link FileSystemProvider#newFileSystem(Path, Map)}. + * It supports values of type {@link Boolean} and {@link String}. + * + * @param env The map to retrieve the property from. + * @param property The name of the property. + * @param defaultValue The value that should be used if the property is not in the given map. + * @return The value for the given property. + * @throws IllegalArgumentException If the property's value has an incompatible type. + */ + public static boolean getBooleanValue(Map env, String property, boolean defaultValue) { + Object value = env.get(property); + if (value == null) { + return defaultValue; + } + if (value instanceof Boolean) { + return (Boolean) value; + } + if ("true".equals(value)) { + return true; + } + if ("false".equals(value)) { + return false; + } + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + + /** + * Retrieves a required byte property from a map. This method can be used to retrieve properties in implementations of + * {@link FileSystemProvider#newFileSystem(URI, Map)} and {@link FileSystemProvider#newFileSystem(Path, Map)}. + * It supports values of type {@link Byte} and {@link String}. + * + * @param env The map to retrieve the property from. + * @param property The name of the property. + * @return The value for the given property. + * @throws IllegalArgumentException If the property is not present in the given map, or if its value has an incompatible type. + */ + public static byte getByteValue(Map env, String property) { + Object value = env.get(property); + if (value == null) { + throw Messages.fileSystemProvider().env().missingProperty(property); + } + if (value instanceof Byte) { + return (Byte) value; + } + if (value instanceof String) { + try { + return Byte.parseByte(property); + } catch (NumberFormatException e) { + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + } + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + + /** + * Retrieves an optional byte property from a map. This method can be used to retrieve properties in implementations of + * {@link FileSystemProvider#newFileSystem(URI, Map)} and {@link FileSystemProvider#newFileSystem(Path, Map)}. + * It supports values of type {@link Byte} and {@link String}. + * + * @param env The map to retrieve the property from. + * @param property The name of the property. + * @param defaultValue The value that should be used if the property is not in the given map. + * @return The value for the given property. + * @throws IllegalArgumentException If the property's value has an incompatible type. + */ + public static byte getByteValue(Map env, String property, byte defaultValue) { + Object value = env.get(property); + if (value == null) { + return defaultValue; + } + if (value instanceof Byte) { + return (Byte) value; + } + if (value instanceof String) { + try { + return Byte.parseByte(property); + } catch (NumberFormatException e) { + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + } + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + + /** + * Retrieves a required short property from a map. This method can be used to retrieve properties in implementations of + * {@link FileSystemProvider#newFileSystem(URI, Map)} and {@link FileSystemProvider#newFileSystem(Path, Map)}. + * It supports values of type {@link Short} and {@link String}. + * + * @param env The map to retrieve the property from. + * @param property The name of the property. + * @return The value for the given property. + * @throws IllegalArgumentException If the property is not present in the given map, or if its value has an incompatible type. + */ + public static short getShortValue(Map env, String property) { + Object value = env.get(property); + if (value == null) { + throw Messages.fileSystemProvider().env().missingProperty(property); + } + if (value instanceof Short) { + return (Short) value; + } + if (value instanceof String) { + try { + return Short.parseShort(property); + } catch (NumberFormatException e) { + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + } + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + + /** + * Retrieves an optional short property from a map. This method can be used to retrieve properties in implementations of + * {@link FileSystemProvider#newFileSystem(URI, Map)} and {@link FileSystemProvider#newFileSystem(Path, Map)}. + * It supports values of type {@link Short} and {@link String}. + * + * @param env The map to retrieve the property from. + * @param property The name of the property. + * @param defaultValue The value that should be used if the property is not in the given map. + * @return The value for the given property. + * @throws IllegalArgumentException If the property's value has an incompatible type. + */ + public static short getShortValue(Map env, String property, short defaultValue) { + Object value = env.get(property); + if (value == null) { + return defaultValue; + } + if (value instanceof Short) { + return (Short) value; + } + if (value instanceof String) { + try { + return Short.parseShort(property); + } catch (NumberFormatException e) { + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + } + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + + /** + * Retrieves a required int property from a map. This method can be used to retrieve properties in implementations of + * {@link FileSystemProvider#newFileSystem(URI, Map)} and {@link FileSystemProvider#newFileSystem(Path, Map)}. + * It supports values of type {@link Integer} and {@link String}. + * + * @param env The map to retrieve the property from. + * @param property The name of the property. + * @return The value for the given property. + * @throws IllegalArgumentException If the property is not present in the given map, or if its value has an incompatible type. + */ + public static int getIntValue(Map env, String property) { + Object value = env.get(property); + if (value == null) { + throw Messages.fileSystemProvider().env().missingProperty(property); + } + if (value instanceof Integer) { + return (Integer) value; + } + if (value instanceof String) { + try { + return Integer.parseInt(property); + } catch (NumberFormatException e) { + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + } + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + + /** + * Retrieves an optional int property from a map. This method can be used to retrieve properties in implementations of + * {@link FileSystemProvider#newFileSystem(URI, Map)} and {@link FileSystemProvider#newFileSystem(Path, Map)}. + * It supports values of type {@link Integer} and {@link String}. + * + * @param env The map to retrieve the property from. + * @param property The name of the property. + * @param defaultValue The value that should be used if the property is not in the given map. + * @return The value for the given property. + * @throws IllegalArgumentException If the property's value has an incompatible type. + */ + public static int getIntValue(Map env, String property, int defaultValue) { + Object value = env.get(property); + if (value == null) { + return defaultValue; + } + if (value instanceof Integer) { + return (Integer) value; + } + if (value instanceof String) { + try { + return Integer.parseInt(property); + } catch (NumberFormatException e) { + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + } + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + + /** + * Retrieves a required long property from a map. This method can be used to retrieve properties in implementations of + * {@link FileSystemProvider#newFileSystem(URI, Map)} and {@link FileSystemProvider#newFileSystem(Path, Map)}. + * It supports values of type {@link Long} and {@link String}. + * + * @param env The map to retrieve the property from. + * @param property The name of the property. + * @return The value for the given property. + * @throws IllegalArgumentException If the property is not present in the given map, or if its value has an incompatible type. + */ + public static long getLongValue(Map env, String property) { + Object value = env.get(property); + if (value == null) { + throw Messages.fileSystemProvider().env().missingProperty(property); + } + if (value instanceof Long) { + return (Long) value; + } + if (value instanceof String) { + try { + return Long.parseLong(property); + } catch (NumberFormatException e) { + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + } + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + + /** + * Retrieves an optional long property from a map. This method can be used to retrieve properties in implementations of + * {@link FileSystemProvider#newFileSystem(URI, Map)} and {@link FileSystemProvider#newFileSystem(Path, Map)}. + * It supports values of type {@link Long} and {@link String}. + * + * @param env The map to retrieve the property from. + * @param property The name of the property. + * @param defaultValue The value that should be used if the property is not in the given map. + * @return The value for the given property. + * @throws IllegalArgumentException If the property's value has an incompatible type. + */ + public static long getLongValue(Map env, String property, long defaultValue) { + Object value = env.get(property); + if (value == null) { + return defaultValue; + } + if (value instanceof Long) { + return (Long) value; + } + if (value instanceof String) { + try { + return Long.parseLong(property); + } catch (NumberFormatException e) { + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + } + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + + /** + * Retrieves a required float property from a map. This method can be used to retrieve properties in implementations of + * {@link FileSystemProvider#newFileSystem(URI, Map)} and {@link FileSystemProvider#newFileSystem(Path, Map)}. + * It supports values of type {@link Float} and {@link String}. + * + * @param env The map to retrieve the property from. + * @param property The name of the property. + * @return The value for the given property. + * @throws IllegalArgumentException If the property is not present in the given map, or if its value has an incompatible type. + */ + public static float getFloatValue(Map env, String property) { + Object value = env.get(property); + if (value == null) { + throw Messages.fileSystemProvider().env().missingProperty(property); + } + if (value instanceof Float) { + return (Float) value; + } + if (value instanceof String) { + try { + return Float.parseFloat(property); + } catch (NumberFormatException e) { + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + } + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + + /** + * Retrieves an optional float property from a map. This method can be used to retrieve properties in implementations of + * {@link FileSystemProvider#newFileSystem(URI, Map)} and {@link FileSystemProvider#newFileSystem(Path, Map)}. + * It supports values of type {@link Float} and {@link String}. + * + * @param env The map to retrieve the property from. + * @param property The name of the property. + * @param defaultValue The value that should be used if the property is not in the given map. + * @return The value for the given property. + * @throws IllegalArgumentException If the property's value has an incompatible type. + */ + public static float getFloatValue(Map env, String property, float defaultValue) { + Object value = env.get(property); + if (value == null) { + return defaultValue; + } + if (value instanceof Float) { + return (Float) value; + } + if (value instanceof String) { + try { + return Float.parseFloat(property); + } catch (NumberFormatException e) { + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + } + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + + /** + * Retrieves a required double property from a map. This method can be used to retrieve properties in implementations of + * {@link FileSystemProvider#newFileSystem(URI, Map)} and {@link FileSystemProvider#newFileSystem(Path, Map)}. + * It supports values of type {@link Double} and {@link String}. + * + * @param env The map to retrieve the property from. + * @param property The name of the property. + * @return The value for the given property. + * @throws IllegalArgumentException If the property is not present in the given map, or if its value has an incompatible type. + */ + public static double getDoubleValue(Map env, String property) { + Object value = env.get(property); + if (value == null) { + throw Messages.fileSystemProvider().env().missingProperty(property); + } + if (value instanceof Double) { + return (Double) value; + } + if (value instanceof String) { + try { + return Double.parseDouble(property); + } catch (NumberFormatException e) { + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + } + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + + /** + * Retrieves an optional double property from a map. This method can be used to retrieve properties in implementations of + * {@link FileSystemProvider#newFileSystem(URI, Map)} and {@link FileSystemProvider#newFileSystem(Path, Map)}. + * It supports values of type {@link Double} and {@link String}. + * + * @param env The map to retrieve the property from. + * @param property The name of the property. + * @param defaultValue The value that should be used if the property is not in the given map. + * @return The value for the given property. + * @throws IllegalArgumentException If the property's value has an incompatible type. + */ + public static double getDoubleValue(Map env, String property, double defaultValue) { + Object value = env.get(property); + if (value == null) { + return defaultValue; + } + if (value instanceof Double) { + return (Double) value; + } + if (value instanceof String) { + try { + return Double.parseDouble(property); + } catch (NumberFormatException e) { + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + } + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + + /** + * Retrieves a required property from a map. This method can be used to retrieve properties in implementations of + * {@link FileSystemProvider#newFileSystem(URI, Map)} and {@link FileSystemProvider#newFileSystem(Path, Map)}. + * + * @param The property type. + * @param env The map to retrieve the property from. + * @param property The name of the property. + * @param cls The class the property should be an instance of. + * @return The value for the given property. + * @throws IllegalArgumentException If the property is not present in the given map, or if its value has an incompatible type. + */ + public static T getValue(Map env, String property, Class cls) { + Object value = env.get(property); + if (value == null) { + throw Messages.fileSystemProvider().env().missingProperty(property); + } + if (cls.isInstance(value)) { + return cls.cast(value); + } + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } + + /** + * Retrieves an optional property from a map. This method can be used to retrieve properties in implementations of + * {@link FileSystemProvider#newFileSystem(URI, Map)} and {@link FileSystemProvider#newFileSystem(Path, Map)}. + * + * @param The property type. + * @param env The map to retrieve the property from. + * @param property The name of the property. + * @param cls The class the property should be an instance of. + * @param defaultValue The value that should be used if the property is not in the given map. + * @return The value for the given property, or the given default value if the property is not in the given map. + * @throws IllegalArgumentException If the property's value has an incompatible type. + */ + public static T getValue(Map env, String property, Class cls, T defaultValue) { + Object value = env.get(property); + if (value == null) { + return defaultValue; + } + if (cls.isInstance(value)) { + return cls.cast(value); + } + throw Messages.fileSystemProvider().env().invalidProperty(property, value); + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FileTransferMode.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FileTransferMode.java new file mode 100644 index 0000000..88bf6e8 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FileTransferMode.java @@ -0,0 +1,38 @@ +package org.xbib.io.ftp.fs; + +import org.xbib.io.ftp.client.FTP; +import org.xbib.io.ftp.client.FTPClient; + +import java.io.IOException; +import java.nio.file.CopyOption; +import java.nio.file.OpenOption; + +/** + * The possible FTP file transfer modes. + */ +public enum FileTransferMode implements OpenOption, CopyOption { + /** + * Indicates that files are to be transfered as streams of bytes. + */ + STREAM(FTP.STREAM_TRANSFER_MODE), + /** + * Indicates that files are to be transfered as series of blocks. + */ + BLOCK(FTP.BLOCK_TRANSFER_MODE), + /** + * Indicate that files are to be transfered as FTP compressed data. + */ + COMPRESSED(FTP.COMPRESSED_TRANSFER_MODE),; + + private final int mode; + + FileTransferMode(int mode) { + this.mode = mode; + } + + void apply(FTPClient client) throws IOException { + if (!client.setFileTransferMode(mode)) { + throw new FTPFileSystemException(client.getReplyCode(), client.getReplyString()); + } + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FileType.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FileType.java new file mode 100644 index 0000000..ee8dc40 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/FileType.java @@ -0,0 +1,197 @@ +package org.xbib.io.ftp.fs; + + +import org.xbib.io.ftp.client.FTP; +import org.xbib.io.ftp.client.FTPClient; + +import java.io.IOException; +import java.nio.file.CopyOption; +import java.nio.file.OpenOption; +import java.util.Collections; +import java.util.EnumMap; +import java.util.Map; + +/** + * Represents FTP file types. + */ +public final class FileType implements OpenOption, CopyOption { + + private static final FileType ASCII_NO_FORMAT = new FileType(FTP.ASCII_FILE_TYPE, "ascii"); + private static final Map ASCII_WITH_FORMATS = getFileTypesWithFormats(FTP.ASCII_FILE_TYPE, "ascii"); + + private static final FileType EBCDIC_NO_FORMAT = new FileType(FTP.EBCDIC_FILE_TYPE, "ebcdic"); + private static final Map EBCDIC_WITH_FORMATS = getFileTypesWithFormats(FTP.EBCDIC_FILE_TYPE, "ebcdic"); + + private static final FileType BINARY_NO_FORMAT = new FileType(FTP.BINARY_FILE_TYPE, "binary"); + + private static final FileType LOCAL_NO_BYTE_SIZE = new FileType(FTP.LOCAL_FILE_TYPE, "local"); + + private static final int NO_FORMAT_OR_BYTE_SIZE = Integer.MIN_VALUE; + private final int fileType; + private final String fileTypeString; + private final Format format; + private final int formatOrByteSize; + private FileType(int fileType, String fileTypeString) { + this.fileType = fileType; + this.fileTypeString = fileTypeString; + this.formatOrByteSize = NO_FORMAT_OR_BYTE_SIZE; + this.format = null; + } + + private FileType(int fileType, String fileTypeString, Format format) { + this.fileType = fileType; + this.fileTypeString = fileTypeString; + this.formatOrByteSize = format.format; + this.format = format; + } + + private FileType(int fileType, String fileTypeString, int byteSize) { + this.fileType = fileType; + this.fileTypeString = fileTypeString; + this.formatOrByteSize = byteSize; + this.format = null; + } + + private static Map getFileTypesWithFormats(int fileType, String fileTypeString) { + Map fileTypes = new EnumMap<>(Format.class); + for (Format format : Format.values()) { + fileTypes.put(format, new FileType(fileType, fileTypeString, format)); + } + return Collections.unmodifiableMap(fileTypes); + } + + /** + * Returns an ASCII file type with an unspecified text format. + * + * @return An ASCII file type with an unspecified text format. + */ + public static FileType ascii() { + return ASCII_NO_FORMAT; + } + + /** + * Returns an ASCII file type with a specific text format. + * + * @param format The text format for the file type; ignored if {@code null}. + * @return An ASCII file type with the given text format. + */ + public static FileType ascii(Format format) { + return format == null ? ASCII_NO_FORMAT : ASCII_WITH_FORMATS.get(format); + } + + /** + * Returns an EBCDIC file type with an unspecified text format. + * + * @return An EBCDIC file type with an unspecified text format. + */ + public static FileType ebcdic() { + return EBCDIC_NO_FORMAT; + } + + /** + * Returns an EBCDIC file type with a specific text format. + * + * @param format The text format for the file type; ignored if {@code null}. + * @return An EBCDIC file type with the given text format. + */ + public static FileType ebcdic(Format format) { + return format == null ? EBCDIC_NO_FORMAT : EBCDIC_WITH_FORMATS.get(format); + } + + /** + * Returns a binary file type with an unspecified text format. + * + * @return A binary file type with an unspecified text format. + */ + public static FileType binary() { + return BINARY_NO_FORMAT; + } + + /** + * Returns a local file type with an unspecified byte size. + * + * @return A local file type with an unspecified byte size. + */ + public static FileType local() { + return LOCAL_NO_BYTE_SIZE; + } + + /** + * Returns a local file type with a specific byte size. + * + * @param byteSize The byte size for the file type; ignored if not larger than 0. + * @return A binary file type with the given text format. + */ + public static FileType local(int byteSize) { + return byteSize <= 0 ? LOCAL_NO_BYTE_SIZE : new FileType(FTP.LOCAL_FILE_TYPE, "local", byteSize); + } + + void apply(FTPClient client) throws IOException { + boolean result = formatOrByteSize == NO_FORMAT_OR_BYTE_SIZE ? client.setFileType(fileType) : client.setFileType(fileType, formatOrByteSize); + if (!result) { + throw new FTPFileSystemException(client.getReplyCode(), client.getReplyString()); + } + } + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || o.getClass() != getClass()) { + return false; + } + FileType other = (FileType) o; + return fileType == other.fileType + && formatOrByteSize == other.formatOrByteSize; + } + + @Override + public int hashCode() { + int hash = fileType; + hash = 31 * hash + formatOrByteSize; + return hash; + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder() + .append(getClass().getSimpleName()) + .append('.') + .append(fileTypeString); + if (format != null) { + sb.append('(') + .append(format) + .append(')'); + } else if (formatOrByteSize != NO_FORMAT_OR_BYTE_SIZE) { + sb.append('(') + .append(formatOrByteSize) + .append(')'); + } + return sb.toString(); + } + + /** + * The possible FTP text formats. + */ + public enum Format { + /** + * Indicates a non-print text format. + */ + NON_PRINT(FTP.NON_PRINT_TEXT_FORMAT), + /** + * Indicates that text files contain format vertical format control characters. + */ + TELNET(FTP.TELNET_TEXT_FORMAT), + /** + * Indicates that text files contain ASA vertical format control characters. + */ + CARRIAGE_CONTROL(FTP.CARRIAGE_CONTROL_TEXT_FORMAT),; + + private final int format; + + Format(int format) { + this.format = format; + } + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/LinkOptionSupport.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/LinkOptionSupport.java new file mode 100644 index 0000000..fc28402 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/LinkOptionSupport.java @@ -0,0 +1,28 @@ +package org.xbib.io.ftp.fs; + +import java.nio.file.LinkOption; + +/** + * A utility class for {@link LinkOption}s. + */ +public final class LinkOptionSupport { + + private LinkOptionSupport() { + throw new Error("cannot create instances of " + getClass().getName()); + } + + /** + * Returns whether or not the given link options indicate that links should be followed. + * + * @param options The link options to check. + * @return {@code false} if one of the given link options is {@link LinkOption#NOFOLLOW_LINKS}, or {@code true} otherwise. + */ + public static boolean followLinks(LinkOption... options) { + for (LinkOption option : options) { + if (option == LinkOption.NOFOLLOW_LINKS) { + return false; + } + } + return true; + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/Messages.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/Messages.java new file mode 100644 index 0000000..9500c3b --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/Messages.java @@ -0,0 +1,808 @@ +package org.xbib.io.ftp.fs; + +import java.net.URI; +import java.nio.channels.SeekableByteChannel; +import java.nio.file.CopyOption; +import java.nio.file.DirectoryStream; +import java.nio.file.FileStore; +import java.nio.file.FileSystem; +import java.nio.file.FileSystemException; +import java.nio.file.InvalidPathException; +import java.nio.file.LinkOption; +import java.nio.file.OpenOption; +import java.nio.file.Path; +import java.nio.file.attribute.BasicFileAttributeView; +import java.nio.file.attribute.BasicFileAttributes; +import java.nio.file.attribute.FileAttribute; +import java.nio.file.attribute.FileTime; +import java.nio.file.spi.FileSystemProvider; +import java.util.Arrays; +import java.util.Collection; +import java.util.Map; +import java.util.ResourceBundle; +import java.util.Set; +import java.util.regex.PatternSyntaxException; + +/** + * A utility class for providing translated messages and exceptions. + */ +public final class Messages { + + private static final ResourceBundle BUNDLE = ResourceBundle.getBundle("org.xbib.ftp.fs.messages", UTF8Control.INSTANCE); + + private Messages() { + throw new Error("cannot create instances of " + getClass().getName()); + } + + private static synchronized String getMessage(String key) { + return BUNDLE.getString(key); + } + + private static String getMessage(String key, Object... args) { + String format = getMessage(key); + return String.format(format, args); + } + + /** + * Creates an exception that can be thrown for an invalid index. + * + * @param index The index that was invalid. + * @return The created exception. + */ + public static IllegalArgumentException invalidIndex(int index) { + return new IllegalArgumentException(getMessage("invalidIndex", index)); + } + + /** + * Creates an exception that can be thrown for an invalid range. + * + * @param beginIndex The begin index of the range, inclusive. + * @param endIndex The end index of the range, exclusive. + * @return The created exception. + */ + public static IllegalArgumentException invalidRange(int beginIndex, int endIndex) { + return new IllegalArgumentException(getMessage("invalidRange", beginIndex, endIndex)); + } + + /** + * Creates an {@code UnsupportedOperationException} that can be thrown if an I/O operation, such as + * {@link BasicFileAttributeView#setTimes(FileTime, FileTime, FileTime)}, is not supported. + * + * @param cls The class defining the operation, e.g. {@link BasicFileAttributeView}. + * @param operation The name of the operation (method). + * @return The created exception. + */ + public static UnsupportedOperationException unsupportedOperation(Class cls, String operation) { + return new UnsupportedOperationException(getMessage("unsupportedOperation", cls.getSimpleName(), operation)); + } + + /** + * Returns an object for providing translated messages and exceptions for paths. + * + * @return An object for providing translated messages and exceptions for paths. + */ + public static PathMessages path() { + return PathMessages.INSTANCE; + } + + /** + * Returns an object for providing translated messages and exceptions for path matchers. + * + * @return An object for providing translated messages and exceptions for path matchers. + */ + public static PathMatcherMessages pathMatcher() { + return PathMatcherMessages.INSTANCE; + } + + /** + * Returns an object for providing translated messages and exceptions for file stores. + * + * @return An object for providing translated messages and exceptions for file stores. + */ + public static FileStoreMessages fileStore() { + return FileStoreMessages.INSTANCE; + } + + /** + * Returns an object for providing translated messages and exceptions for file system providers. + * + * @return An object for providing translated messages and exceptions for file system providers. + */ + public static FileSystemProviderMessages fileSystemProvider() { + return FileSystemProviderMessages.INSTANCE; + } + + /** + * Returns an object for providing translated messages and exceptions for directory streams. + * + * @return An object for providing translated messages and exceptions for directory streams. + */ + public static DirectoryStreamMessages directoryStream() { + return DirectoryStreamMessages.INSTANCE; + } + + /** + * Returns an object for providing translated messages and exceptions for (seekable) byte channels. + * + * @return An object for providing translated messages and exceptions for (seekable) byte channels. + */ + public static ByteChannelMessages byteChannel() { + return ByteChannelMessages.INSTANCE; + } + + /** + * Returns an object for providing translated messages and exceptions for URI validation. + * + * @return An object for providing translated messages and exceptions for URI validation. + */ + public static URIMessages uri() { + return URIMessages.INSTANCE; + } + + /** + * A utility class for providing translated messages and exceptions for paths. + * + */ + public static final class PathMessages { + + private static final PathMessages INSTANCE = new PathMessages(); + + private PathMessages() { + super(); + } + + /** + * Creates an exception that can be thrown if a path contains a nul ({@code \0}) character. + * + * @param path The path that contains a nul character. + * @return The created exception. + */ + public InvalidPathException nulCharacterNotAllowed(String path) { + return new InvalidPathException(path, getMessage("path.nulCharacterNotAllowed")); + } + + /** + * Creates an exception that can be thrown if {@link Path#relativize(Path)} is called and one of the paths is absolute and the other is not. + * + * @return The created exception. + */ + public IllegalArgumentException relativizeAbsoluteRelativeMismatch() { + return new IllegalArgumentException(getMessage("path.relativizeAbsoluteRelativeMismatch")); + } + } + + /** + * A utility class for providing translated messages and exceptions for path matchers. + */ + public static final class PathMatcherMessages { + + private static final PathMatcherMessages INSTANCE = new PathMatcherMessages(); + + private PathMatcherMessages() { + super(); + } + + /** + * Returns an object for providing translated messages and exceptions for globs. + * + * @return An object for providing translated messages and exceptions for globs. + */ + public PathMatcherGlobMessages glob() { + return PathMatcherGlobMessages.INSTANCE; + } + + /** + * Creates an exception that can be thrown if {@link FileSystem#getPathMatcher(String)} is called with a string that does not contain a + * syntax part. + * + * @param syntaxAndInput The input to {@link FileSystem#getPathMatcher(String)} that's missing the syntax. + * @return The created exception. + */ + public IllegalArgumentException syntaxNotFound(String syntaxAndInput) { + return new IllegalArgumentException(getMessage("pathMatcher.syntaxNotFound", syntaxAndInput)); + } + + /** + * Creates an exception that can be thrown if {@link FileSystem#getPathMatcher(String)} is called with an unsupported syntax. + * + * @param syntax The unsupported syntax. + * @return The created exception. + */ + public UnsupportedOperationException unsupportedPathMatcherSyntax(String syntax) { + return new UnsupportedOperationException(getMessage("pathMatcher.unsupportedPathMatcherSyntax", syntax)); + } + } + + /** + * A utility class for providing translated messages and exceptions for globs. + * + */ + public static final class PathMatcherGlobMessages { + + private static final PathMatcherGlobMessages INSTANCE = new PathMatcherGlobMessages(); + + private PathMatcherGlobMessages() { + super(); + } + + /** + * Creates an exception that can be thrown if a glob contains nested groups. + * + * @param glob The glob that contains nested groups. + * @param index The index at which the (first) nested group is encountered. + * @return The created exception. + */ + public PatternSyntaxException nestedGroupsNotSupported(String glob, int index) { + return new PatternSyntaxException(getMessage("pathMatcher.glob.nestedGroupsNotSupported"), glob, index); + } + + /** + * Creates an exception that can be thrown if a glob contains a group end character (}) that does not close a group. + * + * @param glob The glob that contains the unexpected group end character. + * @param index The index at which the unexpected group end character occurs. + * @return The created exception. + */ + public PatternSyntaxException unexpectedGroupEnd(String glob, int index) { + return new PatternSyntaxException(getMessage("pathMatcher.glob.unexpectedGroupEnd"), glob, index); + } + + /** + * Creates an exception that can be thrown if a glob missing a group end character (}). + * + * @param glob The glob that misses a group end character. + * @return The created exception. + */ + public PatternSyntaxException missingGroupEnd(String glob) { + return new PatternSyntaxException(getMessage("pathMatcher.glob.missingGroupEnd"), glob, glob.length()); + } + + /** + * Creates an exception that can be thrown if a glob contains nested classes. + * + * @param glob The glob that contains nested classes. + * @param index The index at which the (first) nested class is encountered. + * @return The created exception. + */ + public PatternSyntaxException nestedClassesNotSupported(String glob, int index) { + return new PatternSyntaxException(getMessage("pathMatcher.glob.nestedClassesNotSupported"), glob, index); + } + + /** + * Creates an exception that can be thrown if a glob contains a class end character ({@code ]}) that does not close a class. + * + * @param glob The glob that contains the unexpected class end character. + * @param index The index at which the unexpected class end character occurs. + * @return The created exception. + */ + public PatternSyntaxException unexpectedClassEnd(String glob, int index) { + return new PatternSyntaxException(getMessage("pathMatcher.glob.unexpectedClassEnd"), glob, index); + } + + /** + * Creates an exception that can be thrown if a glob missing a class end character ({@code ]}). + * + * @param glob The glob that misses a class end character. + * @return The created exception. + */ + public PatternSyntaxException missingClassEnd(String glob) { + return new PatternSyntaxException(getMessage("pathMatcher.glob.missingClassEnd"), glob, glob.length()); + } + + /** + * Creates an exception that can be thrown if a glob contains a separator (e.g. {@code /}) in a class. + * + * @param glob The glob that contains a separator in a class. + * @param index The index at which the separator occurs. + * @return The created exception. + */ + public PatternSyntaxException separatorNotAllowedInClass(String glob, int index) { + return new PatternSyntaxException(getMessage("pathMatcher.glob.separatorNotAllowedInClass"), glob, index); + } + + /** + * Creates an exception that can be thrown if a glob contains an escape character ({@code \}) that does not escape an actual glob meta + * character. + * + * @param glob The glob that contains an unexpected escape character. + * @param index The index at which the unexpected escape character occurs. + * @return The created exception. + */ + public PatternSyntaxException unescapableChar(String glob, int index) { + return new PatternSyntaxException(getMessage("pathMatcher.glob.unescapableChar"), glob, index); + } + } + + /** + * A utility class for providing translated messages and exceptions for file stores. + * + */ + public static final class FileStoreMessages { + + private static final FileStoreMessages INSTANCE = new FileStoreMessages(); + + private FileStoreMessages() { + super(); + } + + /** + * Creates an exception that can be thrown if {@link FileStore#getAttribute(String)} is called with an unsupported attribute. + * + * @param attribute The unsupported attribute. + * @return The created exception. + */ + public UnsupportedOperationException unsupportedAttribute(String attribute) { + return new UnsupportedOperationException(getMessage("fileStore.unsupportedAttribute", attribute)); + } + } + + /** + * A utility class for providing translated messages and exceptions for file system providers. + * + */ + public static final class FileSystemProviderMessages { + + private static final FileSystemProviderMessages INSTANCE = new FileSystemProviderMessages(); + + private FileSystemProviderMessages() { + super(); + } + + /** + * Returns an object for providing translated messages and exceptions for file system provider properties. + * + * @return An object for providing translated messages and exceptions for file system provider properties. + */ + public FileSystemProviderEnvMessages env() { + return FileSystemProviderEnvMessages.INSTANCE; + } + + /** + * Creates an exception that can be thrown if {@link FileSystemProvider#newByteChannel(Path, Set, FileAttribute...)} or a similar method is + * called with a directory. + * + * @param dir The directory path. + * @return The created exception. + */ + public FileSystemException isDirectory(String dir) { + return new FileSystemException(dir, null, getMessage("fileSystemProvider.isDirectory")); + } + + /** + * Creates an exception that can be thrown if {@link FileSystemProvider#newByteChannel(Path, Set, FileAttribute...)} or a similar method is + * called with an illegal combination of open options. + * + * @param options The illegal combination of open options. + * @return The created exception. + */ + public IllegalArgumentException illegalOpenOptionCombination(OpenOption... options) { + return illegalOpenOptionCombination(Arrays.asList(options)); + } + + /** + * Creates an exception that can be thrown if {@link FileSystemProvider#newByteChannel(Path, Set, FileAttribute...)} or a similar method is + * called with an illegal combination of open options. + * + * @param options The illegal combination of options. + * @return The created exception. + */ + public IllegalArgumentException illegalOpenOptionCombination(Collection options) { + return new IllegalArgumentException(getMessage("fileSystemProvider.illegalOpenOptionCombination", options)); + } + + /** + * Creates an exception that can be thrown if {@link FileSystemProvider#copy(Path, Path, CopyOption...)} or + * {@link FileSystemProvider#move(Path, Path, CopyOption...)} is called with an illegal combination of copy options. + * + * @param options The illegal combination of copy options. + * @return The created exception. + */ + public IllegalArgumentException illegalCopyOptionCombination(CopyOption... options) { + return illegalCopyOptionCombination(Arrays.asList(options)); + } + + /** + * Creates an exception that can be thrown if {@link FileSystemProvider#copy(Path, Path, CopyOption...)} or + * {@link FileSystemProvider#move(Path, Path, CopyOption...)} is called with an illegal combination of copy options. + * + * @param options The illegal combination of copy options. + * @return The created exception. + */ + public IllegalArgumentException illegalCopyOptionCombination(Collection options) { + return new IllegalArgumentException(getMessage("fileSystemProvider.illegalCopyOptionCombination", options)); + } + + /** + * Creates an exception that can be thrown if {@link FileSystemProvider#readAttributes(Path, Class, LinkOption...)} is called with an + * unsupported file attributes type. + * + * @param type The unsupported type. + * @return The created exception. + */ + public UnsupportedOperationException unsupportedFileAttributesType(Class type) { + return new UnsupportedOperationException(getMessage("fileSystemProvider.unsupportedFileAttributesType", type.getName())); + } + + /** + * Creates an exception that can be thrown if {@link FileSystemProvider#readAttributes(Path, String, LinkOption...)} or + * {@link FileSystemProvider#setAttribute(Path, String, Object, LinkOption...)} is called with an unsupported file attribute view. + * + * @param view The unsupported view. + * @return The created exception. + */ + public UnsupportedOperationException unsupportedFileAttributeView(String view) { + return new UnsupportedOperationException(getMessage("fileSystemProvider.unsupportedFileAttributeView", view)); + } + + /** + * Creates an exception that can be thrown if {@link FileSystemProvider#newByteChannel(Path, Set, FileAttribute...)}, + * {@link FileSystemProvider#createDirectory(Path, FileAttribute...)} or a similar method is called with an unsupported file attribute. + * + * @param attribute The unsupported attribute. + * @return The created exception. + */ + public UnsupportedOperationException unsupportedCreateFileAttribute(String attribute) { + return new UnsupportedOperationException(getMessage("fileSystemProvider.unsupportedFileAttribute", attribute)); + } + + /** + * Creates an exception that can be thrown if {@link FileSystemProvider#readAttributes(Path, String, LinkOption...)} or + * {@link FileSystemProvider#setAttribute(Path, String, Object, LinkOption...)} is called with an unsupported file attribute. + * + * @param attribute The unsupported attribute. + * @return The created exception. + */ + public IllegalArgumentException unsupportedFileAttribute(String attribute) { + return new IllegalArgumentException(getMessage("fileSystemProvider.unsupportedFileAttribute", attribute)); + } + + /** + * Creates an exception that can be thrown if {@link FileSystemProvider#newByteChannel(Path, Set, FileAttribute...)} or a similar method is + * called with an unsupported open option. + * + * @param option The unsupported open option. + * @return The created exception. + */ + public UnsupportedOperationException unsupportedOpenOption(OpenOption option) { + return new UnsupportedOperationException(getMessage("fileSystemProvider.unsupportedOpenOption", option)); + } + + /** + * Creates an exception that can be thrown if {@link FileSystemProvider#copy(Path, Path, CopyOption...)} or + * {@link FileSystemProvider#move(Path, Path, CopyOption...)} is called with an unsupported copy option. + * + * @param option The unsupported copy option. + * @return The created exception. + */ + public UnsupportedOperationException unsupportedCopyOption(CopyOption option) { + return new UnsupportedOperationException(getMessage("fileSystemProvider.unsupportedCopyOption", option)); + } + } + + /** + * A utility class for providing translated messages and exceptions for file system provider properties. + * + */ + public static final class FileSystemProviderEnvMessages { + + private static final FileSystemProviderEnvMessages INSTANCE = new FileSystemProviderEnvMessages(); + + private FileSystemProviderEnvMessages() { + super(); + } + + /** + * Creates an exception that can be thrown if {@link FileSystemProvider#newFileSystem(URI, Map)} or + * {@link FileSystemProvider#newFileSystem(Path, Map)} is called with a required property missing. + * + * @param property The name of the missing property. + * @return The created exception. + */ + public IllegalArgumentException missingProperty(String property) { + return new IllegalArgumentException(getMessage("fileSystemProvider.env.missingProperty", property)); + } + + /** + * Creates an exception that can be thrown if {@link FileSystemProvider#newFileSystem(URI, Map)} or + * {@link FileSystemProvider#newFileSystem(Path, Map)} is called with an invalid value for a property. + * + * @param property The name of the property. + * @param value The invalid value. + * @return The created exception. + */ + public IllegalArgumentException invalidProperty(String property, Object value) { + return new IllegalArgumentException(getMessage("fileSystemProvider.env.invalidProperty", property, value)); + } + + /** + * Creates an exception that can be thrown if {@link FileSystemProvider#newFileSystem(URI, Map)} or + * {@link FileSystemProvider#newFileSystem(Path, Map)} is called with an invalid combination of properties. + * + * @param properties The names of the properties. + * @return The created exception. + */ + public IllegalArgumentException invalidPropertyCombination(Collection properties) { + return new IllegalArgumentException(getMessage("fileSystemProvider.env.invalidPropertyCombination", properties)); + } + } + + /** + * A utility class for providing translated messages and exceptions for directory streams. + */ + public static final class DirectoryStreamMessages { + + private static final DirectoryStreamMessages INSTANCE = new DirectoryStreamMessages(); + + private DirectoryStreamMessages() { + super(); + } + + /** + * Creates an exception that can be closed if {@link DirectoryStream#iterator()} is called on a closed directory stream. + * + * @return The created exception. + */ + public IllegalStateException closed() { + return new IllegalStateException(getMessage("directoryStream.closed")); + } + + /** + * Creates an exception that can be closed if {@link DirectoryStream#iterator()} is called after the iterator was already returned. + * + * @return The created exception. + */ + public IllegalStateException iteratorAlreadyReturned() { + return new IllegalStateException(getMessage("directoryStream.iteratorAlreadyReturned")); + } + } + + /** + * A utility class for providing translated messages and exceptions for (seekable) byte channels. + */ + public static final class ByteChannelMessages { + + private static final ByteChannelMessages INSTANCE = new ByteChannelMessages(); + + private ByteChannelMessages() { + super(); + } + + /** + * Creates an exception that can be thrown if {@link SeekableByteChannel#position(long)} is called with a negative position. + * + * @param position The negative position. + * @return The created exception. + */ + public IllegalArgumentException negativePosition(long position) { + return new IllegalArgumentException(getMessage("byteChannel.negativePosition", position)); + } + + /** + * Creates an exception that can be thrown if {@link SeekableByteChannel#truncate(long)} is called with a negative size. + * + * @param size The negative size. + * @return The created exception. + */ + public IllegalArgumentException negativeSize(long size) { + return new IllegalArgumentException(getMessage("byteChannel.negativeSize", size)); + } + } + + /** + * A utility class for providing translated messages and exceptions for URI validation. + */ + public static final class URIMessages { + + private static final URIMessages INSTANCE = new URIMessages(); + + private URIMessages() { + super(); + } + + /** + * Creates an exception that can be thrown if a URI (e.g. used for {@link FileSystemProvider#getPath(URI)}) has an invalid scheme. + * + * @param uri The URI with the invalid scheme. + * @param expectedScheme The expected scheme. + * @return The created exception. + * @see URI#getScheme() + */ + public IllegalArgumentException invalidScheme(URI uri, String expectedScheme) { + return new IllegalArgumentException(getMessage("uri.invalidScheme", expectedScheme, uri)); + } + + /** + * Creates an exception that can be thrown if a URI (e.g. used for {@link FileSystemProvider#getPath(URI)}) is not absolute. + * + * @param uri The non-absolute URI. + * @return The created exception. + * @see URI#isAbsolute() + */ + public IllegalArgumentException notAbsolute(URI uri) { + return new IllegalArgumentException(getMessage("uri.notAbsolute", uri)); + } + + /** + * Creates an exception that can be thrown if a URI (e.g. used for {@link FileSystemProvider#getPath(URI)}) is not hierarchical. + * This is the same as being opaque. + * + * @param uri The non-hierarchical URI. + * @return The created exception. + * @see URI#isOpaque() + */ + public IllegalArgumentException notHierarchical(URI uri) { + return new IllegalArgumentException(getMessage("uri.notHierarchical", uri)); + } + + /** + * Creates an exception that can be thrown if a URI (e.g. used for {@link FileSystemProvider#getPath(URI)}) has an authority component. + * + * @param uri The URI with the authority component. + * @return The created exception. + * @see URI#getAuthority() + * @see #hasNoAuthority(URI) + */ + public IllegalArgumentException hasAuthority(URI uri) { + return new IllegalArgumentException(getMessage("uri.hasAuthority", uri)); + } + + /** + * Creates an exception that can be thrown if a URI (e.g. used for {@link FileSystemProvider#getPath(URI)}) has a fragment component. + * + * @param uri The URI with the fragment component. + * @return The created exception. + * @see URI#getFragment() + * @see #hasNoFragment(URI) + */ + public IllegalArgumentException hasFragment(URI uri) { + return new IllegalArgumentException(getMessage("uri.hasFragment", uri)); + } + + /** + * Creates an exception that can be thrown if a URI (e.g. used for {@link FileSystemProvider#getPath(URI)}) has a host component. + * + * @param uri The URI with the host component. + * @return The created exception. + * @see URI#getHost() + * @see #hasNoHost(URI) + */ + public IllegalArgumentException hasHost(URI uri) { + return new IllegalArgumentException(getMessage("uri.hasHost", uri)); + } + + /** + * Creates an exception that can be thrown if a URI (e.g. used for {@link FileSystemProvider#getPath(URI)}) has a path component. + * + * @param uri The URI with the path component. + * @return The created exception. + * @see URI#getPath() + * @see #hasNoHost(URI) + */ + public IllegalArgumentException hasPath(URI uri) { + return new IllegalArgumentException(getMessage("uri.hasPath", uri)); + } + + /** + * Creates an exception that can be thrown if a URI (e.g. used for {@link FileSystemProvider#getPath(URI)}) has a port number. + * + * @param uri The URI with the port number. + * @return The created exception. + * @see URI#getPort() + * @see #hasNoPort(URI) + */ + public IllegalArgumentException hasPort(URI uri) { + return new IllegalArgumentException(getMessage("uri.hasPort", uri)); + } + + /** + * Creates an exception that can be thrown if a URI (e.g. used for {@link FileSystemProvider#getPath(URI)}) has a query component. + * + * @param uri The URI with the query component. + * @return The created exception. + * @see URI#getQuery() + * @see #hasNoQuery(URI) + */ + public IllegalArgumentException hasQuery(URI uri) { + return new IllegalArgumentException(getMessage("uri.hasQuery", uri)); + } + + /** + * Creates an exception that can be thrown if a URI (e.g. used for {@link FileSystemProvider#getPath(URI)}) has a user-info component. + * + * @param uri The URI with the user-info component. + * @return The created exception. + * @see URI#getUserInfo() + * @see #hasNoUserInfo(URI) + */ + public IllegalArgumentException hasUserInfo(URI uri) { + return new IllegalArgumentException(getMessage("uri.hasUserInfo", uri)); + } + + /** + * Creates an exception that can be thrown if a URI (e.g. used for {@link FileSystemProvider#getPath(URI)}) does not have an authority + * component. + * + * @param uri The URI without the authority component. + * @return The created exception. + * @see URI#getAuthority() + * @see #hasAuthority(URI) + */ + public IllegalArgumentException hasNoAuthority(URI uri) { + return new IllegalArgumentException(getMessage("uri.hasNoAuthority", uri)); + } + + /** + * Creates an exception that can be thrown if a URI (e.g. used for {@link FileSystemProvider#getPath(URI)}) does not have a fragment + * component. + * + * @param uri The URI without the fragment component. + * @return The created exception. + * @see URI#getFragment() + * @see #hasFragment(URI) + */ + public IllegalArgumentException hasNoFragment(URI uri) { + return new IllegalArgumentException(getMessage("uri.hasNoFragment", uri)); + } + + /** + * Creates an exception that can be thrown if a URI (e.g. used for {@link FileSystemProvider#getPath(URI)}) does not have a host component. + * + * @param uri The URI without the host component. + * @return The created exception. + * @see URI#getHost() + * @see #hasHost(URI) + */ + public IllegalArgumentException hasNoHost(URI uri) { + return new IllegalArgumentException(getMessage("uri.hasNoHost", uri)); + } + + /** + * Creates an exception that can be thrown if a URI (e.g. used for {@link FileSystemProvider#getPath(URI)}) does not have a path component. + * + * @param uri The URI without the path component. + * @return The created exception. + * @see URI#getPath() + * @see #hasPath(URI) + */ + public IllegalArgumentException hasNoPath(URI uri) { + return new IllegalArgumentException(getMessage("uri.hasNoPath", uri)); + } + + /** + * Creates an exception that can be thrown if a URI (e.g. used for {@link FileSystemProvider#getPath(URI)}) does not have a port number. + * + * @param uri The URI without the port number. + * @return The created exception. + * @see URI#getPort() + * @see #hasPort(URI) + */ + public IllegalArgumentException hasNoPort(URI uri) { + return new IllegalArgumentException(getMessage("uri.hasNoPort", uri)); + } + + /** + * Creates an exception that can be thrown if a URI (e.g. used for {@link FileSystemProvider#getPath(URI)}) does not have a query component. + * + * @param uri The URI without the query component. + * @return The created exception. + * @see URI#getQuery() + * @see #hasQuery(URI) + */ + public IllegalArgumentException hasNoQuery(URI uri) { + return new IllegalArgumentException(getMessage("uri.hasNoQuery", uri)); + } + + /** + * Creates an exception that can be thrown if a URI (e.g. used for {@link FileSystemProvider#getPath(URI)}) does not have a user-info + * component. + * + * @param uri The URI without the user-info component. + * @return The created exception. + * @see URI#getUserInfo() + * @see #hasUserInfo(URI) + */ + public IllegalArgumentException hasNoUserInfo(URI uri) { + return new IllegalArgumentException(getMessage("uri.hasNoUserInfo", uri)); + } + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/OpenOptions.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/OpenOptions.java new file mode 100644 index 0000000..6fb8c65 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/OpenOptions.java @@ -0,0 +1,196 @@ +package org.xbib.io.ftp.fs; + +import java.nio.file.LinkOption; +import java.nio.file.OpenOption; +import java.nio.file.StandardOpenOption; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.Set; + +/** + * A representation of possible open options. + */ +final class OpenOptions extends TransferOptions { + + public final boolean read; + public final boolean write; + public final boolean append; + public final boolean create; + public final boolean createNew; + public final boolean deleteOnClose; + + public final Collection options; + + private OpenOptions(boolean read, boolean write, boolean append, boolean create, boolean createNew, boolean deleteOnClose, + FileType fileType, FileStructure fileStructure, FileTransferMode fileTransferMode, + Collection options) { + + super(fileType, fileStructure, fileTransferMode); + this.read = read; + this.write = write; + this.append = append; + this.create = create; + this.createNew = createNew; + this.deleteOnClose = deleteOnClose; + + this.options = options; + } + + static OpenOptions forNewInputStream(OpenOption... options) { + return forNewInputStream(Arrays.asList(options)); + } + + static OpenOptions forNewInputStream(Collection options) { + if (options.isEmpty()) { + return new OpenOptions(true, false, false, false, false, false, null, null, null, Collections.emptySet()); + } + + boolean deleteOnClose = false; + FileType fileType = null; + FileStructure fileStructure = null; + FileTransferMode fileTransferMode = null; + + for (OpenOption option : options) { + if (option == StandardOpenOption.DELETE_ON_CLOSE) { + deleteOnClose = true; + } else if (option instanceof FileType) { + fileType = setOnce((FileType) option, fileType, options); + } else if (option instanceof FileStructure) { + fileStructure = setOnce((FileStructure) option, fileStructure, options); + } else if (option instanceof FileTransferMode) { + fileTransferMode = setOnce((FileTransferMode) option, fileTransferMode, options); + } else if (option != StandardOpenOption.READ && option != StandardOpenOption.TRUNCATE_EXISTING && !isIgnoredOpenOption(option)) { + // TRUNCATE_EXISTING is ignored in combination with READ + throw Messages.fileSystemProvider().unsupportedOpenOption(option); + } + } + + return new OpenOptions(true, false, false, false, false, deleteOnClose, fileType, fileStructure, fileTransferMode, options); + } + + static OpenOptions forNewOutputStream(OpenOption... options) { + return forNewOutputStream(Arrays.asList(options)); + } + + static OpenOptions forNewOutputStream(Collection options) { + if (options.isEmpty()) { + // CREATE, TRUNCATE_EXISTING and WRITE, i.e. create, not createNew, and not append + return new OpenOptions(false, true, false, true, false, false, null, null, null, Collections.emptySet()); + } + + boolean append = false; + boolean truncateExisting = false; + boolean create = false; + boolean createNew = false; + boolean deleteOnClose = false; + FileType fileType = null; + FileStructure fileStructure = null; + FileTransferMode fileTransferMode = null; + + for (OpenOption option : options) { + if (option == StandardOpenOption.APPEND) { + append = true; + } else if (option == StandardOpenOption.TRUNCATE_EXISTING) { + truncateExisting = true; + } else if (option == StandardOpenOption.CREATE) { + create = true; + } else if (option == StandardOpenOption.CREATE_NEW) { + createNew = true; + } else if (option == StandardOpenOption.DELETE_ON_CLOSE) { + deleteOnClose = true; + } else if (option instanceof FileType) { + fileType = setOnce((FileType) option, fileType, options); + } else if (option instanceof FileStructure) { + fileStructure = setOnce((FileStructure) option, fileStructure, options); + } else if (option instanceof FileTransferMode) { + fileTransferMode = setOnce((FileTransferMode) option, fileTransferMode, options); + } else if (option != StandardOpenOption.WRITE && !isIgnoredOpenOption(option)) { + throw Messages.fileSystemProvider().unsupportedOpenOption(option); + } + } + + // append and truncateExisting contradict each other + if (append && truncateExisting) { + throw Messages.fileSystemProvider().illegalOpenOptionCombination(options); + } + + return new OpenOptions(false, true, append, create, createNew, deleteOnClose, fileType, fileStructure, fileTransferMode, options); + } + + static OpenOptions forNewByteChannel(Set options) { + + boolean read = false; + boolean write = false; + boolean append = false; + boolean truncateExisting = false; + boolean create = false; + boolean createNew = false; + boolean deleteOnClose = false; + FileType fileType = null; + FileStructure fileStructure = null; + FileTransferMode fileTransferMode = null; + + for (OpenOption option : options) { + if (option == StandardOpenOption.READ) { + read = true; + } else if (option == StandardOpenOption.WRITE) { + write = true; + } else if (option == StandardOpenOption.APPEND) { + append = true; + } else if (option == StandardOpenOption.TRUNCATE_EXISTING) { + truncateExisting = true; + } else if (option == StandardOpenOption.CREATE) { + create = true; + } else if (option == StandardOpenOption.CREATE_NEW) { + createNew = true; + } else if (option == StandardOpenOption.DELETE_ON_CLOSE) { + deleteOnClose = true; + } else if (option instanceof FileType) { + fileType = setOnce((FileType) option, fileType, options); + } else if (option instanceof FileStructure) { + fileStructure = setOnce((FileStructure) option, fileStructure, options); + } else if (option instanceof FileTransferMode) { + fileTransferMode = setOnce((FileTransferMode) option, fileTransferMode, options); + } else if (!isIgnoredOpenOption(option)) { + throw Messages.fileSystemProvider().unsupportedOpenOption(option); + } + } + + // as per Files.newByteChannel, if none of these options is given, default to read + if (!read && !write && !append) { + read = true; + } + + // read contradicts with write, append, create and createNew; TRUNCATE_EXISTING is ignored in combination with READ + if (read && (write || append || create || createNew)) { + throw Messages.fileSystemProvider().illegalOpenOptionCombination(options); + } + + // append and truncateExisting contract each other + if (append && truncateExisting) { + throw Messages.fileSystemProvider().illegalOpenOptionCombination(options); + } + + // read and write contract each other; read and append contract each other; append and truncateExisting contract each other + if ((read && write) || (read && append) || (append && truncateExisting)) { + throw Messages.fileSystemProvider().illegalOpenOptionCombination(options); + } + + return new OpenOptions(read, write, append, create, createNew, deleteOnClose, fileType, fileStructure, fileTransferMode, options); + } + + static T setOnce(T newValue, T existing, Collection options) { + if (existing != null && !existing.equals(newValue)) { + throw Messages.fileSystemProvider().illegalOpenOptionCombination(options); + } + return newValue; + } + + private static boolean isIgnoredOpenOption(OpenOption option) { + return option == StandardOpenOption.SPARSE + || option == StandardOpenOption.SYNC + || option == StandardOpenOption.DSYNC + || option == LinkOption.NOFOLLOW_LINKS; + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/PathMatcherSupport.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/PathMatcherSupport.java new file mode 100644 index 0000000..39d0513 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/PathMatcherSupport.java @@ -0,0 +1,215 @@ +package org.xbib.io.ftp.fs; + +import java.nio.file.FileSystem; +import java.nio.file.PathMatcher; +import java.util.regex.Pattern; +import java.util.regex.PatternSyntaxException; + +/** + * A utility class that can assist in implementing {@link PathMatcher}s. + */ +public final class PathMatcherSupport { + + private PathMatcherSupport() { + throw new Error("cannot create instances of " + getClass().getName()); + } + + /** + * Creates a {@code Pattern} for the given syntax and pattern combination. This follows the rules of {@link FileSystem#getPathMatcher(String)}. + *

    + * This method supports two syntaxes: {@code glob} and {@code regex}. If the syntax is {@code glob}, this method delegates to + * {@link #toGlobPattern(String)}. Otherwise it will call {@link Pattern#compile(String)}. + * + * @param syntaxAndPattern The syntax and pattern. + * @return A {@code Pattern} based on the given syntax and pattern. + * @throws IllegalArgumentException If the parameter does not take the form {@code syntax:pattern}. + * @throws PatternSyntaxException If the pattern is invalid. + * @throws UnsupportedOperationException If the pattern syntax is not {@code glob} or {@code regex}. + */ + public static Pattern toPattern(String syntaxAndPattern) { + final int index = syntaxAndPattern.indexOf(':'); + if (index == -1) { + throw Messages.pathMatcher().syntaxNotFound(syntaxAndPattern); + } + String syntax = syntaxAndPattern.substring(0, index); + String expression = syntaxAndPattern.substring(index + 1); + + if ("glob".equals(syntax)) { + return toGlobPattern(expression); + } + if ("regex".equals(syntax)) { + return Pattern.compile(expression); + } + throw Messages.pathMatcher().unsupportedPathMatcherSyntax(syntax); + } + + /** + * Converts the given glob into a {@code Pattern}. + *

    + * Note that this method uses a single forward slash ({@code /}) as path separator. + * + * @param glob The glob to convert. + * @return A {@code Pattern} built from the given glob. + * @throws PatternSyntaxException If the given glob is invalid. + * @see FileSystem#getPathMatcher(String) + */ + public static Pattern toGlobPattern(String glob) { + return toGlobPattern(glob, 0); + } + + /** + * Converts the given glob into a {@code Pattern}. + *

    + * Note that this method uses a single forward slash ({@code /}) as path separator. + * + * @param glob The glob to convert. + * @param flags {@link Pattern#compile(String, int) Match flags} for the {@code Pattern}. + * @return A {@code Pattern} built from the given glob. + * @throws PatternSyntaxException If the given glob is invalid. + * @throws IllegalArgumentException If the match flags are invalid. + * @see FileSystem#getPathMatcher(String) + */ + public static Pattern toGlobPattern(String glob, int flags) { + StringBuilder regex = new StringBuilder(); + regex.append('^'); + + buildPattern(glob, 0, regex, false); + + regex.append('$'); + return Pattern.compile(regex.toString(), flags); + } + + private static int buildPattern(String glob, int i, StringBuilder regex, boolean inGroup) { + while (i < glob.length()) { + char c = glob.charAt(i++); + switch (c) { + case '\\': + ensureGlobMetaChar(glob, i); + appendLiteral(glob.charAt(i++), regex); + break; + case '*': + if (isCharAt(glob, i, '*')) { + // anything including separators + regex.append(".*"); + i++; + } else { + // anything but a separator + regex.append("[^/]*"); + } + break; + case '?': + // anything but a separator + regex.append("[^/]"); + break; + case '[': + // a class + i = appendClass(glob, i, regex); + break; + case ']': + throw Messages.pathMatcher().glob().unexpectedClassEnd(glob, i - 1); + case '{': + if (inGroup) { + throw Messages.pathMatcher().glob().nestedGroupsNotSupported(glob, i - 1); + } + i = appendGroup(glob, i, regex); + break; + case '}': + if (!inGroup) { + throw Messages.pathMatcher().glob().unexpectedGroupEnd(glob, i - 1); + } + // Return out of this method to appendGroup + return i; + case ',': + if (inGroup) { + regex.append(")|(?:"); + } else { + appendLiteral(c, regex); + } + break; + default: + appendLiteral(c, regex); + break; + } + } + if (inGroup) { + throw Messages.pathMatcher().glob().missingGroupEnd(glob); + } + return i; + } + + private static void appendLiteral(char c, StringBuilder regex) { + if (isRegexMetaChar(c)) { + regex.append('\\'); + } + regex.append(c); + } + + private static int appendClass(String glob, int i, StringBuilder regex) { + regex.append("[["); + if (isCharAt(glob, i, '^')) { + // If ^ is the first char in the class, escape it + regex.append("\\^"); + i++; + } else if (isCharAt(glob, i, '!')) { + regex.append('^'); + i++; + } + boolean inClass = true; + while (i < glob.length() && inClass) { + char c = glob.charAt(i++); + switch (c) { + case '\\': + ensureGlobMetaChar(glob, i); + appendLiteral(glob.charAt(i++), regex); + break; + case '/': + throw Messages.pathMatcher().glob().separatorNotAllowedInClass(glob, i - 1); + case '[': + throw Messages.pathMatcher().glob().nestedClassesNotSupported(glob, i - 1); + case ']': + inClass = false; + break; + default: + appendLiteral(c, regex); + break; + } + } + if (inClass) { + throw Messages.pathMatcher().glob().missingClassEnd(glob); + } + regex.append("]&&[^/]]"); + return i; + } + + private static int appendGroup(String glob, int i, StringBuilder regex) { + // Open two groups: an inner for the content, and an outer in case there are multiple sub patterns + regex.append("(?:(?:"); + i = buildPattern(glob, i, regex, true); + regex.append("))"); + return i; + } + + private static void ensureGlobMetaChar(String glob, int i) { + if (!isGlobMetaChar(glob, i)) { + throw Messages.pathMatcher().glob().unescapableChar(glob, i - 1); + } + } + + private static boolean isCharAt(String s, int index, char c) { + return index < s.length() && s.charAt(index) == c; + } + + private static boolean isRegexMetaChar(char c) { + final String chars = ".^\\$+{[]|()"; + return chars.indexOf(c) != -1; + } + + private static boolean isGlobMetaChar(String s, int index) { + return index < s.length() && isGlobMetaChar(s.charAt(index)); + } + + private static boolean isGlobMetaChar(char c) { + final String chars = "*?\\[]{}"; + return chars.indexOf(c) != -1; + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/PosixFilePermissionSupport.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/PosixFilePermissionSupport.java new file mode 100644 index 0000000..afed85f --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/PosixFilePermissionSupport.java @@ -0,0 +1,125 @@ +package org.xbib.io.ftp.fs; + +import java.nio.file.attribute.PosixFilePermission; +import java.util.EnumSet; +import java.util.Set; + +/** + * A utility class for {@link PosixFilePermission}. + */ +public final class PosixFilePermissionSupport { + + private static final int S_IRUSR = 0400; + private static final int S_IWUSR = 0200; + private static final int S_IXUSR = 0100; + private static final int S_IRGRP = 040; + private static final int S_IWGRP = 020; + private static final int S_IXGRP = 010; + private static final int S_IROTH = 04; + private static final int S_IWOTH = 02; + private static final int S_IXOTH = 01; + + private PosixFilePermissionSupport() { + throw new Error("cannot create instances of " + getClass().getName()); + } + + /** + * Returns the set of permissions corresponding to a permission bit mask. This method uses the most usual mapping: + *

    + * + * @param mask The bit mask representing a set of permissions. + * @return The resulting set of permissions. + */ + public static Set fromMask(int mask) { + Set permissions = EnumSet.noneOf(PosixFilePermission.class); + addIfSet(permissions, mask, S_IRUSR, PosixFilePermission.OWNER_READ); + addIfSet(permissions, mask, S_IWUSR, PosixFilePermission.OWNER_WRITE); + addIfSet(permissions, mask, S_IXUSR, PosixFilePermission.OWNER_EXECUTE); + addIfSet(permissions, mask, S_IRGRP, PosixFilePermission.GROUP_READ); + addIfSet(permissions, mask, S_IWGRP, PosixFilePermission.GROUP_WRITE); + addIfSet(permissions, mask, S_IXGRP, PosixFilePermission.GROUP_EXECUTE); + addIfSet(permissions, mask, S_IROTH, PosixFilePermission.OTHERS_READ); + addIfSet(permissions, mask, S_IWOTH, PosixFilePermission.OTHERS_WRITE); + addIfSet(permissions, mask, S_IXOTH, PosixFilePermission.OTHERS_EXECUTE); + return permissions; + } + + private static void addIfSet(Set permissions, int mask, int bits, PosixFilePermission permission) { + if (isSet(mask, bits)) { + permissions.add(permission); + } + } + + /** + * Returns a permission bit mask corresponding to a set of permissions. This method is the inverse of {@link #fromMask(int)}. + * + * @param permissions The set of permissions. + * @return The resulting permission bit mask. + */ + public static int toMask(Set permissions) { + int mask = 0; + mask |= getBitsIfSet(permissions, S_IRUSR, PosixFilePermission.OWNER_READ); + mask |= getBitsIfSet(permissions, S_IWUSR, PosixFilePermission.OWNER_WRITE); + mask |= getBitsIfSet(permissions, S_IXUSR, PosixFilePermission.OWNER_EXECUTE); + mask |= getBitsIfSet(permissions, S_IRGRP, PosixFilePermission.GROUP_READ); + mask |= getBitsIfSet(permissions, S_IWGRP, PosixFilePermission.GROUP_WRITE); + mask |= getBitsIfSet(permissions, S_IXGRP, PosixFilePermission.GROUP_EXECUTE); + mask |= getBitsIfSet(permissions, S_IROTH, PosixFilePermission.OTHERS_READ); + mask |= getBitsIfSet(permissions, S_IWOTH, PosixFilePermission.OTHERS_WRITE); + mask |= getBitsIfSet(permissions, S_IXOTH, PosixFilePermission.OTHERS_EXECUTE); + return mask; + } + + private static int getBitsIfSet(Set permissions, int bits, PosixFilePermission permission) { + return permissions.contains(permission) ? bits : 0; + } + + /** + * Returns whether or not a specific permission is set in a permission bit mask. + *

    + * More formally, this method returns {@code true} only if the given permission is contained in the set returned by {@link #fromMask(int)}. + * + * @param mask The permission bit mask to check. + * @param permission The permission to check for. + * @return {@code true} if the permission is set in the given permission bit mask, or {@code false} otherwise. + */ + public static boolean hasPermission(int mask, PosixFilePermission permission) { + switch (permission) { + case OWNER_READ: + return isSet(mask, S_IRUSR); + case OWNER_WRITE: + return isSet(mask, S_IWUSR); + case OWNER_EXECUTE: + return isSet(mask, S_IXUSR); + case GROUP_READ: + return isSet(mask, S_IRGRP); + case GROUP_WRITE: + return isSet(mask, S_IWGRP); + case GROUP_EXECUTE: + return isSet(mask, S_IXGRP); + case OTHERS_READ: + return isSet(mask, S_IROTH); + case OTHERS_WRITE: + return isSet(mask, S_IWOTH); + case OTHERS_EXECUTE: + return isSet(mask, S_IXOTH); + default: + // should not occur + return false; + } + } + + private static boolean isSet(int mask, int bits) { + return (mask & bits) != 0; + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/SecurityMode.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/SecurityMode.java new file mode 100644 index 0000000..92e6a12 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/SecurityMode.java @@ -0,0 +1,21 @@ +package org.xbib.io.ftp.fs; + +/** + * The possible FTPS security modes. + */ +public enum SecurityMode { + /** + * Indicates implicit security should be used. + */ + IMPLICIT(true), + /** + * Indicates explicit security should be used. + */ + EXPLICIT(false),; + + final boolean isImplicit; + + SecurityMode(boolean isImplicit) { + this.isImplicit = isImplicit; + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/SimpleAbstractPath.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/SimpleAbstractPath.java new file mode 100644 index 0000000..90d5076 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/SimpleAbstractPath.java @@ -0,0 +1,517 @@ +package org.xbib.io.ftp.fs; + +import java.nio.file.FileSystem; +import java.nio.file.Path; +import java.nio.file.ProviderMismatchException; +import java.util.ArrayDeque; +import java.util.Deque; +import java.util.Iterator; +import java.util.Objects; + +/** + * This class provides a base implementation of the {@link Path} interface that uses a string to store the actual path. + * This class can be used to minimize the effort required to implement the {@code Path} interface. + * Note that this class assumes that the file system uses a single forward slash ({@code /}) as its {@link FileSystem#getSeparator() separator}. + */ +public abstract class SimpleAbstractPath extends AbstractPath { + + private static final String ROOT_PATH = "/"; + private static final String EMPTY_PATH = ""; + + private static final String CURRENT_DIR = "."; + private static final String PARENT_DIR = ".."; + + /** + * The full path. + */ + private final String path; + + /** + * The offsets in the full path of all the separate name elements. + */ + private int[] offsets; + + /** + * Creates a new path. + * + * @param path The actual path. + */ + protected SimpleAbstractPath(String path) { + this(path, false); + } + + /** + * Creates a new path. + * + * @param path The actual path. + * @param normalized If not {@code true}, the path will be normalized (e.g. by removing redundant forward slashes). + */ + protected SimpleAbstractPath(String path, boolean normalized) { + Objects.requireNonNull(path); + this.path = normalized ? path : normalize(path); + } + + /** + * Normalizes the given path by removing redundant forward slashes and checking for invalid characters. + */ + private String normalize(String path) { + if (path.isEmpty()) { + return path; + } + + StringBuilder sb = new StringBuilder(path.length()); + char prev = '\0'; + for (int i = 0; i < path.length(); i++) { + char c = path.charAt(i); + if (c == '/' && prev == '/') { + continue; + } + if (c == '\0') { + throw Messages.path().nulCharacterNotAllowed(path); + } + sb.append(c); + prev = c; + } + if (sb.length() > 1 && sb.charAt(sb.length() - 1) == '/') { + sb.deleteCharAt(sb.length() - 1); + } + + return sb.toString(); + } + + /** + * Creates a new path. Implementations should create instances of the implementing class. + * + * @param path The actual path for the new path. This will already be normalized when called by the implementations of this class. + * @return The created path. + */ + protected abstract SimpleAbstractPath createPath(String path); + + /** + * Returns the actual path. + * + * @return The actual path. + */ + public final String path() { + return path; + } + + /** + * Returns the name at the given index. This method is similar to {@link #getName(int)} but returns the name as a string, not a {@link Path}. + * + * @param index The index of the name. + * @return The name at the given index. + * @throws IllegalArgumentException If the index is invalid. + */ + public final String nameAt(int index) { + initOffsets(); + if (index < 0 || index >= offsets.length) { + throw Messages.invalidIndex(index); + } + + final int begin = begin(index); + final int end = end(index); + return path.substring(begin, end); + } + + /** + * Returns the file name. This method is similar to {@link #getFileName()} but returns the file name as a string, not a {@link Path}. + * + * @return The file name, or {@code null} if there is no file name. + */ + public final String fileName() { + initOffsets(); + return offsets.length == 0 ? null : nameAt(offsets.length - 1); + } + + /** + * Tells whether or not this path is absolute. + *

    + * This implementation returns {@code true} if the path starts with a forward slash, or {@code false} otherwise. + */ + @Override + public boolean isAbsolute() { + return path.startsWith(ROOT_PATH); + } + + /** + * Returns the root path. This method is similar to {@link #getRoot()} but returns the root as a string, not a {@link Path}. + * + * @return The root path, or {@code null} if this path is relative. + */ + public final String rootPath() { + return isAbsolute() ? ROOT_PATH : null; + } + + /** + * Returns the root component of this path as a {@code Path} object, or {@code null} if this path does not have a root component. + *

    + * This implementation returns a path {@link #createPath(String) created} with a single forward slash as its path if this path is absolute, + * or {@code null} otherwise. + */ + @Override + public Path getRoot() { + return isAbsolute() ? createPath(ROOT_PATH) : null; + } + + /** + * Returns the parent path. This method is similar to {@link #getParent()} but returns the parent as a string, not a {@link Path}. + * + * @return The parent, or {@code null} if this path has no parent. + */ + public final String parentPath() { + initOffsets(); + final int count = offsets.length; + if (count == 0) { + return null; + } + final int end = offsets[count - 1] - 1; + if (end <= 0) { + // The parent is the root (possibly null) + return rootPath(); + } + return path.substring(0, end); + } + + /** + * Returns the parent path, or {@code null} if this path does not have a parent. + *

    + * This implementation returns: + *

      + *
    • {@code null} if this path has no name elements.
      • + *
    • {@link #getRoot()} if this path has only one name element.
      • + *
    • A path {@link #createPath(String) created} with this path's path up until the last forward slash otherwise.
      • + *
    + */ + @Override + public Path getParent() { + initOffsets(); + String parentPath = parentPath(); + return parentPath != null ? createPath(parentPath) : null; + } + + /** + * Returns the number of name elements in the path. + *

    + * This implementation returns a value calculated from the number of forward slashes in the actual path. + */ + @Override + public int getNameCount() { + initOffsets(); + return offsets.length; + } + + /** + * Returns a relative {@code Path} that is a subsequence of the name elements of this path. + *

    + * This implementation returns a non-absolute path {@link #createPath(String) created} with a path that is the appropriate substring of this + * path's actual path. + */ + @Override + public Path subpath(int beginIndex, int endIndex) { + initOffsets(); + if (beginIndex < 0 || beginIndex >= offsets.length + || endIndex <= beginIndex || endIndex > offsets.length) { + throw Messages.invalidRange(beginIndex, endIndex); + } + + final int begin = begin(beginIndex); + final int end = end(endIndex - 1); + final String subpath = path.substring(begin, end); + return createPath(subpath); + } + + /** + * Tests if this path starts with the given path. + *

    + * This implementation will first check if the two paths have the same {@link #getFileSystem() FileSystem} and class. + * If not, {@code false} is returned. + * It will then check if the actual path of this path starts with the actual path of the given path. + */ + @Override + public boolean startsWith(Path other) { + if (getFileSystem() != other.getFileSystem() || getClass() != other.getClass()) { + return false; + } + + final SimpleAbstractPath that = (SimpleAbstractPath) other; + + if (that.path.isEmpty()) { + return path.isEmpty(); + } + if (ROOT_PATH.equals(that.path)) { + return isAbsolute(); + } + if (!path.startsWith(that.path)) { + return false; + } + return path.length() == that.path.length() || path.charAt(that.path.length()) == '/'; + } + + /** + * Tests if this path starts with the given path. + *

    + * This implementation will first check if the two paths have the same {@link #getFileSystem() FileSystem} and class. + * If not, {@code false} is returned. + * It will then check if the actual path of this path ends with the actual path of the given path. + */ + @Override + public boolean endsWith(Path other) { + if (getFileSystem() != other.getFileSystem() || getClass() != other.getClass()) { + return false; + } + + final SimpleAbstractPath that = (SimpleAbstractPath) other; + + if (that.path.isEmpty()) { + return path.isEmpty(); + } + if (that.isAbsolute()) { + return path.equals(that.path); + } + if (!path.endsWith(that.path)) { + return false; + } + return path.length() == that.path.length() || path.charAt(path.length() - that.path.length() - 1) == '/'; + } + + /** + * Returns a path that is this path with redundant name elements eliminated. + *

    + * This implementation will go over the name elements, removing all occurrences of single dots ({@code .}). + * For any occurrence of a double dot ({@code ..}), any previous element (if any) is removed as well. + * With the remaining name elements, a new path is {@link #createPath(String) created}. + */ + @Override + public Path normalize() { + int count = getNameCount(); + if (count == 0) { + return this; + } + Deque nameElements = new ArrayDeque<>(count); + int nonParentCount = 0; + for (int i = 0; i < count; i++) { + if (equalsNameAt(CURRENT_DIR, i)) { + continue; + } + boolean isParent = equalsNameAt(PARENT_DIR, i); + // If this is a parent and there is at least one non-parent, pop it. + if (isParent && nonParentCount > 0) { + nameElements.pollLast(); + nonParentCount--; + continue; + } + if (!isAbsolute() || !isParent) { + // For non-absolute paths, this may add a parent if there are only parents, but that's OK. + // Example: foo/../../bar will lead to ../bar + // For absolute paths, any leading .. will not be included though. + String nameElement = nameAt(i); + nameElements.addLast(nameElement); + } + if (!isParent) { + nonParentCount++; + } + } + StringBuilder sb = new StringBuilder(path.length()); + if (isAbsolute()) { + sb.append('/'); + } + for (Iterator i = nameElements.iterator(); i.hasNext(); ) { + sb.append(i.next()); + if (i.hasNext()) { + sb.append('/'); + } + } + return createPath(sb.toString()); + } + + private boolean equalsNameAt(String name, int index) { + final int thisBegin = begin(index); + final int thisEnd = end(index); + final int thisLength = thisEnd - thisBegin; + + if (thisLength != name.length()) { + return false; + } + return path.regionMatches(thisBegin, name, 0, thisLength); + } + + /** + * Resolve the given path against this path. + *

    + * This implementation returns the given path if it's {@link Path#isAbsolute() absolute} or if this path has no name elements, + * this path if the given path has no name elements, + * or a path {@link #createPath(String) created} with the paths of this path and the given path joined with a forward slash otherwise. + */ + @Override + public Path resolve(Path other) { + final SimpleAbstractPath that = checkPath(other); + if (path.isEmpty() || that.isAbsolute()) { + return that; + } + if (that.path.isEmpty()) { + return this; + } + final String resolvedPath; + if (path.endsWith("/")) { + resolvedPath = path + that.path; + } else { + resolvedPath = path + "/" + that.path; // + } + return createPath(resolvedPath); + } + + /** + * Constructs a relative path between this path and a given path. + *

    + * This implementation skips past any shared name elements, then adds as many occurrences of double dots ({@code ..}) as needed, then adds + * the remainder of the given path to the result. + */ + @Override + public Path relativize(Path other) { + final SimpleAbstractPath that = checkPath(other); + if (this.equals(that)) { + return createPath(EMPTY_PATH); + } + if (isAbsolute() != that.isAbsolute()) { + throw Messages.path().relativizeAbsoluteRelativeMismatch(); + } + if (path.isEmpty()) { + return other; + } + + final int thisNameCount = getNameCount(); + final int thatNameCount = that.getNameCount(); + final int nameCount = Math.min(thisNameCount, thatNameCount); + int index = 0; + while (index < nameCount) { + if (!equalsNameAt(that, index)) { + break; + } + index++; + } + + final int parentDirs = thisNameCount - index; + int length = parentDirs * 3 - 1; + if (index < thatNameCount) { + length += that.path.length() - that.offsets[index] + 1; + } + final StringBuilder sb = new StringBuilder(length); + for (int i = 0; i < parentDirs; i++) { + sb.append(PARENT_DIR); + if (i < length) { + sb.append('/'); + } + // Else don't add a trailing slash at the end + } + if (index < thatNameCount) { + sb.append(that.path, that.offsets[index], that.path.length()); + } + return createPath(sb.toString()); + } + + private boolean equalsNameAt(SimpleAbstractPath that, int index) { + final int thisBegin = begin(index); + final int thisEnd = end(index); + final int thisLength = thisEnd - thisBegin; + + final int thatBegin = that.begin(index); + final int thatEnd = that.end(index); + final int thatLength = thatEnd - thatBegin; + + if (thisLength != thatLength) { + return false; + } + return path.regionMatches(thisBegin, that.path, thatBegin, thisLength); + } + + /** + * Compares two abstract paths lexicographically. + *

    + * This implementation checks if the given path is an instance of the same class, then compares the actual paths of the two abstract paths. + */ + @Override + public int compareTo(Path other) { + Objects.requireNonNull(other); + final SimpleAbstractPath that = getClass().cast(other); + return path.compareTo(that.path); + } + + /** + * Tests this path for equality with the given object. + *

    + * This implementation will return {@code true} if the given object is an instance of the same class as this path, with the same file system, + * and with the same actual path. + */ + @Override + public boolean equals(Object obj) { + if (this == obj) { + return true; + } + if (obj == null || obj.getClass() != getClass()) { + return false; + } + SimpleAbstractPath other = (SimpleAbstractPath) obj; + return getFileSystem() == other.getFileSystem() + && path.equals(other.path); + } + + @Override + public int hashCode() { + return path.hashCode(); + } + + /** + * Returns the string representation of this path. + *

    + * This implementation only returns the actual path. + */ + @Override + public String toString() { + return path; + } + + private synchronized void initOffsets() { + if (offsets == null) { + if ("/".equals(path)) { + offsets = new int[0]; + return; + } + boolean isAbsolute = isAbsolute(); + + // At least one result for non-root paths + int count = 1; + int start = isAbsolute ? 1 : 0; + while ((start = path.indexOf('/', start)) != -1) { + count++; + start++; + } + + int[] result = new int[count]; + start = isAbsolute ? 1 : 0; + int index = 0; + result[index++] = start; + while ((start = path.indexOf('/', start)) != -1) { + start++; + result[index++] = start; + } + offsets = result; + } + } + + private int begin(int index) { + return offsets[index]; + } + + private int end(int index) { + return index == offsets.length - 1 ? path.length() : offsets[index + 1] - 1; + } + + private SimpleAbstractPath checkPath(Path path) { + Objects.requireNonNull(path); + if (getClass().isInstance(path)) { + return getClass().cast(path); + } + throw new ProviderMismatchException(); + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/SimpleFileAttribute.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/SimpleFileAttribute.java new file mode 100644 index 0000000..1ff9cf1 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/SimpleFileAttribute.java @@ -0,0 +1,63 @@ +package org.xbib.io.ftp.fs; + +import java.nio.file.attribute.FileAttribute; +import java.util.Objects; + +/** + * A simple file attribute implementation. + */ +public class SimpleFileAttribute implements FileAttribute { + + private final String name; + private final T value; + + /** + * Creates a new file attribute. + * + * @param name The attribute name. + * @param value The attribute value. + * @throws NullPointerException If the name or value is {@code null}. + */ + public SimpleFileAttribute(String name, T value) { + this.name = Objects.requireNonNull(name); + this.value = Objects.requireNonNull(value); + } + + @Override + public String name() { + return name; + } + + @Override + public T value() { + return value; + } + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || o.getClass() != getClass()) { + return false; + } + SimpleFileAttribute other = (SimpleFileAttribute) o; + return name.equals(other.name) + && value.equals(other.value); + } + + @Override + public int hashCode() { + int hash = name.hashCode(); + hash = 31 * hash + value.hashCode(); + return hash; + } + + @Override + public String toString() { + return getClass().getSimpleName() + + "[name=" + name + + ",value=" + value + + "]"; + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/SimpleGroupPrincipal.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/SimpleGroupPrincipal.java new file mode 100644 index 0000000..3a91f89 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/SimpleGroupPrincipal.java @@ -0,0 +1,18 @@ +package org.xbib.io.ftp.fs; + +import java.nio.file.attribute.GroupPrincipal; + +/** + * A {@link GroupPrincipal} implementation that simply stores a name. + */ +public class SimpleGroupPrincipal extends SimpleUserPrincipal implements GroupPrincipal { + + /** + * Creates a new group principal. + * + * @param name The name of the group principal. + */ + public SimpleGroupPrincipal(String name) { + super(name); + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/SimpleUserPrincipal.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/SimpleUserPrincipal.java new file mode 100644 index 0000000..c300ffe --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/SimpleUserPrincipal.java @@ -0,0 +1,48 @@ +package org.xbib.io.ftp.fs; + +import java.nio.file.attribute.UserPrincipal; +import java.util.Objects; + +/** + * A {@link UserPrincipal} implementation that simply stores a name. + */ +public class SimpleUserPrincipal implements UserPrincipal { + + private final String name; + + /** + * Creates a new user principal. + * + * @param name The name of the user principal. + */ + public SimpleUserPrincipal(String name) { + this.name = Objects.requireNonNull(name); + } + + @Override + public String getName() { + return name; + } + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || o.getClass() != getClass()) { + return false; + } + SimpleUserPrincipal other = (SimpleUserPrincipal) o; + return name.equals(other.name); + } + + @Override + public int hashCode() { + return name.hashCode(); + } + + @Override + public String toString() { + return getClass().getSimpleName() + "[" + name + "]"; + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/TransferOptions.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/TransferOptions.java new file mode 100644 index 0000000..dde1c65 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/TransferOptions.java @@ -0,0 +1,17 @@ +package org.xbib.io.ftp.fs; + +/** + * The base class of option combinations that support file transfers. + */ +abstract class TransferOptions { + + public final FileType fileType; + public final FileStructure fileStructure; + public final FileTransferMode fileTransferMode; + + TransferOptions(FileType fileType, FileStructure fileStructure, FileTransferMode fileTransferMode) { + this.fileType = fileType; + this.fileStructure = fileStructure; + this.fileTransferMode = fileTransferMode; + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/URISupport.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/URISupport.java new file mode 100644 index 0000000..f844f69 --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/URISupport.java @@ -0,0 +1,97 @@ +package org.xbib.io.ftp.fs; + +import java.net.URI; +import java.net.URISyntaxException; + +/** + * A utility class for {@link URI}s. + */ +public final class URISupport { + + private URISupport() { + throw new Error("cannot create instances of " + getClass().getName()); + } + + /** + * Utility method that calls {@link URI#URI(String, String, String, int, String, String, String)}, wrapping any thrown {@link URISyntaxException} + * in an {@link IllegalArgumentException}. + * + * @param scheme The scheme name. + * @param userInfo The user name and authorization information. + * @param host The host name. + * @param port The port number. + * @param path The path. + * @param query The query. + * @param fragment The fragment. + * @return The created URI. + * @throws IllegalArgumentException If creating the URI caused a {@link URISyntaxException} to be thrown. + * @see URI#create(String) + */ + public static URI create(String scheme, String userInfo, String host, int port, String path, String query, String fragment) { + try { + return new URI(scheme, userInfo, host, port, path, query, fragment); + } catch (URISyntaxException e) { + throw new IllegalArgumentException(e.getMessage(), e); + } + } + + /** + * Utility method that calls {@link URI#URI(String, String, String, String, String)}, wrapping any thrown {@link URISyntaxException} in an + * {@link IllegalArgumentException}. + * + * @param scheme The scheme name. + * @param authority The authority. + * @param path The path. + * @param query The query. + * @param fragment The fragment. + * @return The created URI. + * @throws IllegalArgumentException If creating the URI caused a {@link URISyntaxException} to be thrown. + * @see URI#create(String) + */ + public static URI create(String scheme, String authority, String path, String query, String fragment) { + try { + return new URI(scheme, authority, path, query, fragment); + } catch (URISyntaxException e) { + throw new IllegalArgumentException(e.getMessage(), e); + } + } + + /** + * Utility method that calls {@link URI#URI(String, String, String, String)}, wrapping any thrown {@link URISyntaxException} in an + * {@link IllegalArgumentException}. + * + * @param scheme The scheme name. + * @param host The host name. + * @param path The path. + * @param fragment The fragment. + * @return The created URI. + * @throws IllegalArgumentException If creating the URI caused a {@link URISyntaxException} to be thrown. + * @see URI#create(String) + */ + public static URI create(String scheme, String host, String path, String fragment) { + try { + return new URI(scheme, host, path, fragment); + } catch (URISyntaxException e) { + throw new IllegalArgumentException(e.getMessage(), e); + } + } + + /** + * Utility method that calls {@link URI#URI(String, String, String)}, wrapping any thrown {@link URISyntaxException} in an + * {@link IllegalArgumentException}. + * + * @param scheme The scheme name. + * @param ssp The scheme-specific part. + * @param fragment The fragment. + * @return The created URI. + * @throws IllegalArgumentException If creating the URI caused a {@link URISyntaxException} to be thrown. + * @see URI#create(String) + */ + public static URI create(String scheme, String ssp, String fragment) { + try { + return new URI(scheme, ssp, fragment); + } catch (URISyntaxException e) { + throw new IllegalArgumentException(e.getMessage(), e); + } + } +} diff --git a/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/UTF8Control.java b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/UTF8Control.java new file mode 100644 index 0000000..6cea5da --- /dev/null +++ b/files-ftp-fs/src/main/java/org/xbib/io/ftp/fs/UTF8Control.java @@ -0,0 +1,73 @@ +package org.xbib.io.ftp.fs; + +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.Reader; +import java.net.URL; +import java.net.URLConnection; +import java.nio.charset.StandardCharsets; +import java.security.AccessController; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; +import java.util.Locale; +import java.util.PropertyResourceBundle; +import java.util.ResourceBundle; +import java.util.ResourceBundle.Control; + +/** + * A resource bundle control that uses UTF-8 instead of the default encoding when reading resources from properties files. It is thread-safe. + */ +public final class UTF8Control extends Control { + + /** + * The single instance. + */ + public static final UTF8Control INSTANCE = new UTF8Control(); + + private UTF8Control() { + super(); + } + + @Override + public ResourceBundle newBundle(String baseName, Locale locale, String format, final ClassLoader loader, final boolean reload) + throws IllegalAccessException, InstantiationException, IOException { + if (!"java.properties".equals(format)) { + return super.newBundle(baseName, locale, format, loader, reload); + } + String bundleName = toBundleName(baseName, locale); + ResourceBundle bundle = null; + final String resourceName = toResourceName(bundleName, "properties"); + InputStream in = null; + try { + in = AccessController.doPrivileged(new PrivilegedExceptionAction() { + @Override + public InputStream run() throws Exception { + InputStream in = null; + if (reload) { + URL url = loader.getResource(resourceName); + if (url != null) { + URLConnection connection = url.openConnection(); + if (connection != null) { + // Disable caches to get fresh data for reloading. + connection.setUseCaches(false); + in = connection.getInputStream(); + } + } + } else { + in = loader.getResourceAsStream(resourceName); + } + return in; + } + }); + } catch (PrivilegedActionException e) { + throw (IOException) e.getException(); + } + if (in != null) { + try (Reader reader = new InputStreamReader(in, StandardCharsets.UTF_8)) { + bundle = new PropertyResourceBundle(reader); + } + } + return bundle; + } +} diff --git a/files-ftp-fs/src/main/resources/META-INF/services/java.nio.file.spi.FileSystemProvider b/files-ftp-fs/src/main/resources/META-INF/services/java.nio.file.spi.FileSystemProvider new file mode 100644 index 0000000..cdeeee2 --- /dev/null +++ b/files-ftp-fs/src/main/resources/META-INF/services/java.nio.file.spi.FileSystemProvider @@ -0,0 +1 @@ +org.xbib.io.ftp.fs.FTPFileSystemProvider diff --git a/files-ftp-fs/src/main/resources/org/xbib/ftp/fs/messages.properties b/files-ftp-fs/src/main/resources/org/xbib/ftp/fs/messages.properties new file mode 100644 index 0000000..3e56c8a --- /dev/null +++ b/files-ftp-fs/src/main/resources/org/xbib/ftp/fs/messages.properties @@ -0,0 +1,64 @@ +invalidIndex=invalid index: %d +invalidRange=invalid range: %d - %d + +unsupportedOperation=unsupported operation: %s.%s + +byteChannel.negativePosition=invalid new position: %d +byteChannel.negativeSize=invalid new size: %d + +directoryStream.closed=directory stream closed +directoryStream.iteratorAlreadyReturned=iterator already obtained + +fileStore.unsupportedAttribute=unsupported attribute: %s + +fileSystemProvider.illegalCopyOptionCombination=illegal combination of copy options: %s +fileSystemProvider.illegalOpenOptionCombination=illegal combination of open options: %s +fileSystemProvider.isDirectory=is a directory +fileSystemProvider.unsupportedFileAttributesType=unsupported file attributes type: %s +fileSystemProvider.unsupportedFileAttributeView=unsupported file attribute view: %s +fileSystemProvider.unsupportedFileAttribute=unsupported file attribute: %s +fileSystemProvider.unsupportedCopyOption=unsupported copy option: %s +fileSystemProvider.unsupportedOpenOption=unsupported open option: %s + +fileSystemProvider.env.missingProperty=missing value for property '%s' +fileSystemProvider.env.invalidProperty=invalid value for property '%s': %s +fileSystemProvider.env.invalidPropertyCombination=invalid combination of properties: %s + +path.nulCharacterNotAllowed=nul character not allowed +path.relativizeAbsoluteRelativeMismatch=cannot mix absolute and non-absolute paths in relativize + +pathMatcher.unsupportedPathMatcherSyntax=unsupported syntax: %s +pathMatcher.syntaxNotFound=syntax not found in '%s' + +pathMatcher.glob.nestedGroupsNotSupported=nested groups are not supported +pathMatcher.glob.unexpectedGroupEnd=unexpected } +pathMatcher.glob.missingGroupEnd=missing } + +pathMatcher.glob.nestedClassesNotSupported=nested classes are not supported +pathMatcher.glob.unexpectedClassEnd=unexpected ] +pathMatcher.glob.missingClassEnd=missing ] +pathMatcher.glob.separatorNotAllowedInClass=separator not allowed in class + +pathMatcher.glob.unescapableChar=no character to escape + +uri.invalidScheme=URI has an invalid scheme (should be '%s'): %s +uri.notAbsolute=not an absolute URI: %s +uri.notHierarchical=not a hierarchical URI: %s + +uri.hasAuthority=URI has an authority component: %s +uri.hasFragment=URI has a fragment component: %s +uri.hasHost=URI has a host component: %s +uri.hasPath=URI has a path component: %s +uri.hasPort=URI has a port number: %s +uri.hasQuery=URI has a query component: %s +uri.hasUserInfo=URI has a user-info component: %s + +uri.hasNoAuthority=URI has no authority component: %s +uri.hasNoFragment=URI has no fragment component: %s +uri.hasNoHost=URI has no host component: %s +uri.hasNoPath=URI has no path component: %s +uri.hasNoPort=URI has no port number: %s +uri.hasNoQuery=URI has no query component: %s +uri.hasNoUserInfo=URI has no user-info component: %s + +copyOfSymbolicLinksAcrossFileSystemsNotSupported=copying of symbolic links is not supported across file systems diff --git a/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/AbstractFTPFileSystemTest.java b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/AbstractFTPFileSystemTest.java new file mode 100644 index 0000000..758bba4 --- /dev/null +++ b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/AbstractFTPFileSystemTest.java @@ -0,0 +1,265 @@ +package org.xbib.io.ftp.fs; + +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.BeforeEach; +import org.mockftpserver.fake.FakeFtpServer; +import org.mockftpserver.fake.UserAccount; +import org.mockftpserver.fake.filesystem.DirectoryEntry; +import org.mockftpserver.fake.filesystem.FileEntry; +import org.mockftpserver.fake.filesystem.FileSystem; +import org.mockftpserver.fake.filesystem.FileSystemEntry; +import org.mockftpserver.fake.filesystem.UnixFakeFileSystem; +import org.mockito.Mockito; +import org.xbib.io.ftp.fs.server.ExtendedUnixFakeFileSystem; +import org.xbib.io.ftp.fs.server.ListHiddenFilesCommandHandler; +import org.xbib.io.ftp.fs.server.MDTMCommandHandler; +import org.xbib.io.ftp.fs.server.SymbolicLinkEntry; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.Reader; +import java.net.URI; +import java.nio.charset.StandardCharsets; +import java.nio.file.FileAlreadyExistsException; +import java.nio.file.FileSystemException; +import java.nio.file.OpenOption; +import java.util.Collection; +import java.util.Map; + +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.instanceOf; + +public abstract class AbstractFTPFileSystemTest { + + private static final String USERNAME = "TEST_USER"; + private static final String PASSWORD = "TEST_PASSWORD"; + private static final String HOME_DIR = "/home/test"; + + private static FakeFtpServer unixFtpServer; + private static ExceptionFactoryWrapper exceptionFactory; + private static FTPFileSystem unixFtpFileSystem; + private static FTPFileSystem multiClientUnixFtpFileSystem; + private FileSystem fileSystem; + + @BeforeAll + public static void setupClass() throws IOException { + unixFtpServer = new FakeFtpServer(); + unixFtpServer.setSystemName("UNIX"); + unixFtpServer.setServerControlPort(0); + FileSystem initFileSystem = new UnixFakeFileSystem(); + initFileSystem.add(new DirectoryEntry(HOME_DIR)); + unixFtpServer.setFileSystem(initFileSystem); + UserAccount userAccount = new UserAccount(USERNAME, PASSWORD, HOME_DIR); + unixFtpServer.addUserAccount(userAccount); + unixFtpServer.setCommandHandler("LIST", new ListHiddenFilesCommandHandler(true)); + unixFtpServer.setCommandHandler("MDTM", new MDTMCommandHandler()); + unixFtpServer.start(); + exceptionFactory = new ExceptionFactoryWrapper(); + unixFtpFileSystem = createFileSystem(unixFtpServer.getServerControlPort()); + multiClientUnixFtpFileSystem = createFileSystem(unixFtpServer.getServerControlPort(), 3); + } + + @AfterAll + public static void cleanupClass() throws IOException { + unixFtpFileSystem.close(); + multiClientUnixFtpFileSystem.close(); + unixFtpServer.stop(); + unixFtpServer = null; + } + + private static FTPFileSystem createFileSystem(int port) throws IOException { + Map env = createEnv(); + return (FTPFileSystem) new FTPFileSystemProvider().newFileSystem(URI.create("ftp://localhost:" + port), env); + } + + private static FTPFileSystem createFileSystem(int port, int clientConnectionCount) throws IOException { + Map env = createEnv().withClientConnectionCount(clientConnectionCount); + return (FTPFileSystem) new FTPFileSystemProvider().newFileSystem(URI.create("ftp://localhost:" + port), env); + } + + protected static FTPEnvironment createEnv() { + return new FTPEnvironment() + .withCredentials(USERNAME, PASSWORD.toCharArray()) + .withClientConnectionCount(1) + .withFileSystemExceptionFactory(exceptionFactory); + } + + @BeforeEach + public void setup() { + fileSystem = new ExtendedUnixFakeFileSystem(); + fileSystem.add(new DirectoryEntry(HOME_DIR)); + unixFtpServer.setFileSystem(fileSystem); + exceptionFactory.delegate = Mockito.spy(DefaultFileSystemExceptionFactory.INSTANCE); + } + + @AfterEach + public void cleanup() { + exceptionFactory.delegate = null; + unixFtpServer.setFileSystem(null); + fileSystem = null; + } + + protected final String getBaseUrl() { + return "ftp://" + USERNAME + "@localhost:" + unixFtpServer.getServerControlPort(); + } + + protected final URI getURI() { + return URI.create("ftp://localhost:" + unixFtpServer.getServerControlPort()); + } + + protected final FTPPath createPath(String path) { + return new FTPPath(getFileSystem(), path); + } + + protected final FTPPath createPath(FTPFileSystem fs, String path) { + return new FTPPath(fs, path); + } + + protected final FTPFileSystem getFileSystem() { + return unixFtpFileSystem; + } + + protected final FTPFileSystem getMultiClientFileSystem() { + return multiClientUnixFtpFileSystem; + } + + protected final FileSystemExceptionFactory getExceptionFactory() { + return exceptionFactory.delegate; + } + + protected final FileSystemEntry getFileSystemEntry(String path) { + return fileSystem.getEntry(path); + } + + protected final FileEntry getFile(String path) { + return getFileSystemEntry(path, FileEntry.class); + } + + protected final DirectoryEntry getDirectory(String path) { + return getFileSystemEntry(path, DirectoryEntry.class); + } + + protected final SymbolicLinkEntry getSymLink(String path) { + return getFileSystemEntry(path, SymbolicLinkEntry.class); + } + + protected final T getFileSystemEntry(String path, Class cls) { + FileSystemEntry entry = getFileSystemEntry(path); + assertThat(entry, instanceOf(cls)); + return cls.cast(entry); + } + + protected final FileEntry addFile(String path) { + FileEntry file = new FileEntry(path); + fileSystem.add(file); + return file; + } + + protected final DirectoryEntry addDirectory(String path) { + DirectoryEntry directory = new DirectoryEntry(path); + fileSystem.add(directory); + return directory; + } + + protected final SymbolicLinkEntry addSymLink(String path, FileSystemEntry target) { + SymbolicLinkEntry symLink = new SymbolicLinkEntry(path, target); + fileSystem.add(symLink); + return symLink; + } + + protected final boolean delete(String path) { + return fileSystem.delete(path); + } + + protected final int getChildCount(String path) { + return fileSystem.listFiles(path).size(); + } + + protected final byte[] getContents(FileEntry file) throws IOException { + ByteArrayOutputStream out = new ByteArrayOutputStream(); + try (InputStream in = file.createInputStream()) { + byte[] buffer = new byte[1024]; + int len; + while ((len = in.read(buffer)) != -1) { + out.write(buffer, 0, len); + } + } + return out.toByteArray(); + } + + protected final String getStringContents(FileEntry file) throws IOException { + StringBuilder sb = new StringBuilder((int) file.getSize()); + try (Reader in = new InputStreamReader(file.createInputStream(), StandardCharsets.UTF_8)) { + char[] buffer = new char[1024]; + int len; + while ((len = in.read(buffer)) != -1) { + sb.append(buffer, 0, len); + } + } + return sb.toString(); + } + + protected final long getTotalSize() { + return getTotalSize(fileSystem.getEntry("/")); + } + + private long getTotalSize(FileSystemEntry entry) { + long size = entry.getSize(); + if (entry instanceof DirectoryEntry) { + for (Object o : fileSystem.listFiles(entry.getPath())) { + size += getTotalSize((FileSystemEntry) o); + } + } + return size; + } + + private static class ExceptionFactoryWrapper implements FileSystemExceptionFactory { + + private FileSystemExceptionFactory delegate; + + @Override + public FileSystemException createGetFileException(String file, int replyCode, String replyString) { + return delegate.createGetFileException(file, replyCode, replyString); + } + + @Override + public FileSystemException createChangeWorkingDirectoryException(String directory, int replyCode, String replyString) { + return delegate.createChangeWorkingDirectoryException(directory, replyCode, replyString); + } + + @Override + public FileAlreadyExistsException createCreateDirectoryException(String directory, int replyCode, String replyString) { + return delegate.createCreateDirectoryException(directory, replyCode, replyString); + } + + @Override + public FileSystemException createDeleteException(String file, int replyCode, String replyString, boolean isDirectory) { + return delegate.createDeleteException(file, replyCode, replyString, isDirectory); + } + + @Override + public FileSystemException createNewInputStreamException(String file, int replyCode, String replyString) { + return delegate.createNewInputStreamException(file, replyCode, replyString); + } + + @Override + public FileSystemException createNewOutputStreamException(String file, int replyCode, String replyString, + Collection options) { + return delegate.createNewOutputStreamException(file, replyCode, replyString, options); + } + + @Override + public FileSystemException createCopyException(String file, String other, int replyCode, String replyString) { + return delegate.createCopyException(file, other, replyCode, replyString); + } + + @Override + public FileSystemException createMoveException(String file, String other, int replyCode, String replyString) { + return delegate.createMoveException(file, other, replyCode, replyString); + } + } +} diff --git a/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/FTPEnvironmentSetterTest.java b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/FTPEnvironmentSetterTest.java new file mode 100644 index 0000000..3cb811a --- /dev/null +++ b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/FTPEnvironmentSetterTest.java @@ -0,0 +1,77 @@ +package org.xbib.io.ftp.fs; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.Arguments; +import org.junit.jupiter.params.provider.MethodSource; +import org.xbib.io.ftp.client.FTPClient; +import org.xbib.io.ftp.client.FTPClientConfig; +import org.xbib.io.ftp.client.parser.DefaultFTPFileEntryParserFactory; + +import javax.net.ServerSocketFactory; +import javax.net.SocketFactory; +import java.lang.reflect.Method; +import java.net.InetSocketAddress; +import java.net.Proxy; +import java.nio.charset.StandardCharsets; +import java.util.Collections; +import java.util.stream.Stream; + +public class FTPEnvironmentSetterTest { + + public static Stream getParameters() { + return Stream.of( + Arguments.of("withSoTimeout", "soTimeout", 1000), + Arguments.of("withSendBufferSize", "sendBufferSize", 4096), + Arguments.of("withReceiveBufferSize", "receiveBufferSize", 2048), + Arguments.of("withTcpNoDelay", "tcpNoDelay", true), + Arguments.of("withKeepAlive", "keepAlive", true), + Arguments.of("withSocketFactory", "socketFactory", SocketFactory.getDefault()), + Arguments.of("withServerSocketFactory", "serverSocketFactory", ServerSocketFactory.getDefault()), + Arguments.of("withConnectTimeout", "connectTimeout", 1000), + Arguments.of("withProxy", "proxy", new Proxy(Proxy.Type.HTTP, new InetSocketAddress("localhost", 21))), + Arguments.of("withCharset", "charset", StandardCharsets.UTF_8), + Arguments.of("withControlEncoding", "controlEncoding", "UTF-8"), + Arguments.of("withStrictlyMultilineParsing", "strictMultilineParsing", true), + Arguments.of("withDataTimeout", "dataTimeout", 1000), + Arguments.of("withParserFactory", "parserFactory", new DefaultFTPFileEntryParserFactory()), + Arguments.of("withRemoteVerificationEnabled", "remoteVerificationEnabled", true), + Arguments.of("withDefaultDirectory", "defaultDir", "/"), + Arguments.of("withConnectionMode", "connectionMode", ConnectionMode.PASSIVE), + Arguments.of("withActiveExternalIPAddress", "activeExternalIPAddress", "127.0.0.1"), + Arguments.of("withPassiveLocalIPAddress", "passiveLocalIPAddress", "127.0.0.1"), + Arguments.of("withReportActiveExternalIPAddress", "reportActiveExternalIPAddress", "127.0.0.1"), + Arguments.of("withBufferSize", "bufferSize", 1000), + Arguments.of("withSendDataSocketBufferSize", "sendDataSocketBufferSize", 1024), + Arguments.of("withReceiveDataSocketBufferSize", "receiveDataSocketBufferSize", 2048), + Arguments.of("withClientConfig", "clientConfig", new FTPClientConfig()), + Arguments.of("withUseEPSVwithIPv4", "useEPSVwithIPv4", true), + Arguments.of("withControlKeepAliveTimeout", "controlKeepAliveTimeout", 1000L), + Arguments.of("withControlKeepAliveReplyTimeout", "controlKeepAliveReplyTimeout", 1000), + Arguments.of("withPassiveNatWorkaroundStrategy", "passiveNatWorkaroundStrategy", new FTPClient.NatServerResolverImpl(new FTPClient())), + Arguments.of("withAutodetectEncoding", "autodetectEncoding", true), + Arguments.of("withClientConnectionCount", "clientConnectionCount", 5), + Arguments.of("withFileSystemExceptionFactory", "fileSystemExceptionFactory", DefaultFileSystemExceptionFactory.INSTANCE) + ); + } + + @ParameterizedTest + @MethodSource("getParameters") + public void testSetter(String setterString, String propertyName, Object propertyValue) throws Exception { + Method setter = findMethod(setterString); + FTPEnvironment env = new FTPEnvironment(); + assertEquals(Collections.emptyMap(), env); + setter.invoke(env, propertyValue); + assertEquals(Collections.singletonMap(propertyName, propertyValue), env); + } + + private Method findMethod(String methodName) { + for (Method method : FTPEnvironment.class.getMethods()) { + if (method.getName().equals(methodName) && method.getParameterTypes().length == 1) { + return method; + } + } + throw new AssertionError("Could not find method " + methodName); + } + +} diff --git a/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/FTPEnvironmentTest.java b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/FTPEnvironmentTest.java new file mode 100644 index 0000000..7e726fd --- /dev/null +++ b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/FTPEnvironmentTest.java @@ -0,0 +1,100 @@ +package org.xbib.io.ftp.fs; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import org.junit.jupiter.api.Test; +import java.net.InetAddress; +import java.net.UnknownHostException; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; +import java.util.UUID; + +public class FTPEnvironmentTest { + + @Test + public void testWithLocalAddress() throws UnknownHostException { + FTPEnvironment env = new FTPEnvironment(); + + assertEquals(Collections.emptyMap(), env); + + InetAddress localAddr = InetAddress.getLocalHost(); + int localPort = 21; + + env.withLocalAddress(localAddr, localPort); + + Map expected = new HashMap<>(); + expected.put("localAddr", localAddr); + expected.put("localPort", localPort); + assertEquals(expected, env); + } + + @Test + public void testWithCredentialsWithoutAccount() { + FTPEnvironment env = new FTPEnvironment(); + + assertEquals(Collections.emptyMap(), env); + + String username = UUID.randomUUID().toString(); + char[] password = UUID.randomUUID().toString().toCharArray(); + + env.withCredentials(username, password); + + Map expected = new HashMap<>(); + expected.put("username", username); + expected.put("password", password); + assertEquals(expected, env); + } + + @Test + public void testWithCredentialsWithAccount() { + FTPEnvironment env = new FTPEnvironment(); + + assertEquals(Collections.emptyMap(), env); + + String username = UUID.randomUUID().toString(); + char[] password = UUID.randomUUID().toString().toCharArray(); + String account = UUID.randomUUID().toString(); + + env.withCredentials(username, password, account); + + Map expected = new HashMap<>(); + expected.put("username", username); + expected.put("password", password); + expected.put("account", account); + assertEquals(expected, env); + } + + @Test + public void testWithSoLinger() { + FTPEnvironment env = new FTPEnvironment(); + + assertEquals(Collections.emptyMap(), env); + + boolean on = true; + int linger = 5000; + + env.withSoLinger(on, linger); + + Map expected = new HashMap<>(); + expected.put("soLinger.on", on); + expected.put("soLinger.val", linger); + assertEquals(expected, env); + } + + @Test + public void testWithActivePortRange() { + FTPEnvironment env = new FTPEnvironment(); + + assertEquals(Collections.emptyMap(), env); + + int minPort = 1234; + int maxPort = 5678; + + env.withActivePortRange(minPort, maxPort); + + Map expected = new HashMap<>(); + expected.put("activePortRange.min", minPort); + expected.put("activePortRange.max", maxPort); + assertEquals(expected, env); + } +} diff --git a/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/FTPFileSystemDirectoryStreamTest.java b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/FTPFileSystemDirectoryStreamTest.java new file mode 100644 index 0000000..2ee76c8 --- /dev/null +++ b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/FTPFileSystemDirectoryStreamTest.java @@ -0,0 +1,248 @@ +package org.xbib.io.ftp.fs; + +import org.hamcrest.Description; +import org.hamcrest.Matcher; +import org.hamcrest.TypeSafeDiagnosingMatcher; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; + +import java.io.IOException; +import java.nio.file.DirectoryIteratorException; +import java.nio.file.DirectoryStream; +import java.nio.file.DirectoryStream.Filter; +import java.nio.file.Path; +import java.util.ArrayList; +import java.util.List; +import java.util.regex.Pattern; + +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.containsInAnyOrder; +import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.everyItem; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertTrue; + +public class FTPFileSystemDirectoryStreamTest extends AbstractFTPFileSystemTest { + + @Test + public void testIterator() throws IOException { + final int count = 100; + List> matchers = new ArrayList<>(); + for (int i = 0; i < count; i++) { + matchers.add(equalTo("file" + i)); + addFile("/foo/file" + i); + } + List names = new ArrayList<>(); + try (DirectoryStream stream = getFileSystem().newDirectoryStream(createPath("/foo"), AcceptAllFilter.INSTANCE)) { + for (Path path : stream) { + names.add(path.getFileName().toString()); + } + } + assertThat(names, containsInAnyOrder(matchers)); + } + + @Test + public void testFilteredIterator() throws IOException { + final int count = 100; + + List> matchers = new ArrayList<>(); + for (int i = 0; i < count; i++) { + if (i % 2 == 1) { + matchers.add(equalTo("file" + i)); + } + addFile("/foo/file" + i); + } + List names = new ArrayList<>(); + Filter filter = new PatternFilter("file\\d*[13579]"); + try (DirectoryStream stream = getFileSystem().newDirectoryStream(createPath("/foo"), filter)) { + for (Path path : stream) { + names.add(path.getFileName().toString()); + } + } + assertThat(names, containsInAnyOrder(matchers)); + } + + @Test + public void testCloseWhileIterating() throws IOException { + final int count = 100; + + // there is no guaranteed order, just a count + for (int i = 0; i < count; i++) { + addFile("/foo/file" + i); + } + Matcher matcher = new TypeSafeDiagnosingMatcher<>() { + private final Pattern pattern = Pattern.compile("file\\d+"); + + @Override + protected boolean matchesSafely(String item, Description mismatchDescription) { + return item != null && pattern.matcher(item).matches(); + } + + @Override + public void describeTo(Description description) { + description + .appendText("matches ") + .appendValue(pattern); + } + }; + int expectedCount = count / 2; + + List names = new ArrayList<>(); + try (DirectoryStream stream = getFileSystem().newDirectoryStream(createPath("/foo"), AcceptAllFilter.INSTANCE)) { + + int index = 0; + for (Path aStream : stream) { + if (++index == count / 2) { + stream.close(); + } + names.add(aStream.getFileName().toString()); + } + } + assertEquals(expectedCount, names.size()); + assertThat(names, everyItem(matcher)); + } + + @Test + public void testIteratorAfterClose() { + Assertions.assertThrows(IllegalStateException.class, () -> { + try (DirectoryStream stream = getFileSystem().newDirectoryStream(createPath("/"), AcceptAllFilter.INSTANCE)) { + stream.close(); + stream.iterator(); + } + }); + } + + @Test + public void testIteratorAfterIterator() { + Assertions.assertThrows(IllegalStateException.class, () -> { + boolean iteratorCalled = false; + try (DirectoryStream stream = getFileSystem().newDirectoryStream(createPath("/"), AcceptAllFilter.INSTANCE)) { + stream.iterator(); + iteratorCalled = true; + stream.iterator(); + } finally { + assertTrue(iteratorCalled); + } + }); + } + + @Test + public void testDeleteWhileIterating() throws IOException { + final int count = 100; + + List> matchers = new ArrayList<>(); + addDirectory("/foo"); + for (int i = 0; i < count; i++) { + matchers.add(equalTo("file" + i)); + addFile("/foo/file" + i); + } + + List names = new ArrayList<>(); + try (DirectoryStream stream = getFileSystem().newDirectoryStream(createPath("/foo"), AcceptAllFilter.INSTANCE)) { + + int index = 0; + for (Path path : stream) { + if (++index < count / 2) { + delete("/foo"); + } + names.add(path.getFileName().toString()); + } + } + assertThat(names, containsInAnyOrder(matchers)); + } + + @Test + public void testDeleteChildrenWhileIterating() throws IOException { + final int count = 100; + + List> matchers = new ArrayList<>(); + addDirectory("/foo"); + for (int i = 0; i < count; i++) { + matchers.add(equalTo("file" + i)); + addFile("/foo/file" + i); + } + + List names = new ArrayList<>(); + try (DirectoryStream stream = getFileSystem().newDirectoryStream(createPath("/foo"), AcceptAllFilter.INSTANCE)) { + + int index = 0; + for (Path path : stream) { + if (++index < count / 2) { + for (int i = 0; i < count; i++) { + delete("/foo/file" + i); + } + assertEquals(0, getChildCount("/foo")); + } + names.add(path.getFileName().toString()); + } + } + assertThat(names, containsInAnyOrder(matchers)); + } + + @Test + public void testDeleteBeforeIterator() throws IOException { + final int count = 100; + + List> matchers = new ArrayList<>(); + addDirectory("/foo"); + for (int i = 0; i < count; i++) { + // the entries are collected before the iteration starts + matchers.add(equalTo("file" + i)); + addFile("/foo/file" + i); + } + + List names = new ArrayList<>(); + try (DirectoryStream stream = getFileSystem().newDirectoryStream(createPath("/foo"), AcceptAllFilter.INSTANCE)) { + delete("/foo"); + for (Path path : stream) { + names.add(path.getFileName().toString()); + } + } + assertThat(names, containsInAnyOrder(matchers)); + } + + @Test + public void testThrowWhileIterating() { + Assertions.assertThrows(DirectoryIteratorException.class, () -> { + addFile("/foo"); + try (DirectoryStream stream = getFileSystem().newDirectoryStream(createPath("/"), ThrowingFilter.INSTANCE)) { + for (Path path : stream) { + } + } + }); + } + + private static final class AcceptAllFilter implements Filter { + + private static final AcceptAllFilter INSTANCE = new AcceptAllFilter(); + + @Override + public boolean accept(Path entry) { + return true; + } + } + + private static final class PatternFilter implements Filter { + + private final Pattern pattern; + + private PatternFilter(String regex) { + pattern = Pattern.compile(regex); + } + + @Override + public boolean accept(Path entry) { + return pattern.matcher(entry.getFileName().toString()).matches(); + } + } + + private static final class ThrowingFilter implements Filter { + + private static final ThrowingFilter INSTANCE = new ThrowingFilter(); + + @Override + public boolean accept(Path entry) throws IOException { + throw new IOException(); + } + } +} diff --git a/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/FTPFileSystemInputStreamTest.java b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/FTPFileSystemInputStreamTest.java new file mode 100644 index 0000000..107ed6c --- /dev/null +++ b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/FTPFileSystemInputStreamTest.java @@ -0,0 +1,111 @@ +package org.xbib.io.ftp.fs; + +import static org.junit.jupiter.api.Assertions.assertArrayEquals; +import static org.junit.jupiter.api.Assertions.assertEquals; +import org.junit.jupiter.api.Test; +import org.mockftpserver.fake.filesystem.FileEntry; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.util.Arrays; + +public class FTPFileSystemInputStreamTest extends AbstractFTPFileSystemTest { + + @Test + public void testReadSingle() throws IOException { + final String content = "Hello World"; + + FileEntry file = addFile("/foo"); + file.setContents(content); + + try (InputStream input = getFileSystem().newInputStream(createPath("/foo"))) { + assertEquals('H', input.read()); + assertEquals('e', input.read()); + assertEquals('l', input.read()); + assertEquals('l', input.read()); + assertEquals('o', input.read()); + assertEquals(' ', input.read()); + assertEquals('W', input.read()); + assertEquals('o', input.read()); + assertEquals('r', input.read()); + assertEquals('l', input.read()); + assertEquals('d', input.read()); + assertEquals(-1, input.read()); + } + } + + @Test + public void testReadBulk() throws IOException { + final String content = "Hello World"; + + FileEntry file = addFile("/foo"); + file.setContents(content); + + byte[] b = new byte[20]; + try (InputStream input = getFileSystem().newInputStream(createPath("/foo"))) { + assertEquals(0, input.read(b, 0, 0)); + assertEquals(5, input.read(b, 1, 5)); + assertArrayEquals(content.substring(0, 5).getBytes(), Arrays.copyOfRange(b, 1, 6)); + assertEquals(content.length() - 5, input.read(b)); + assertArrayEquals(content.substring(5).getBytes(), Arrays.copyOfRange(b, 0, content.length() - 5)); + assertEquals(-1, input.read(b)); + } + } + + @Test + public void testSkip() throws IOException { + final String content = "Hello World"; + + FileEntry file = addFile("/foo"); + file.setContents(content); + + try (InputStream input = getFileSystem().newInputStream(createPath("/foo"))) { + assertEquals(0, input.skip(0)); + assertArrayEquals(content.getBytes(), readRemaining(input)); + } + try (InputStream input = getFileSystem().newInputStream(createPath("/foo"))) { + assertEquals(5, input.skip(5)); + assertArrayEquals(content.substring(5).getBytes(), readRemaining(input)); + } + try (InputStream input = getFileSystem().newInputStream(createPath("/foo"))) { + assertEquals(content.length(), input.skip(content.length())); + assertEquals(-1, input.read()); + assertEquals(0, input.skip(1)); + } + try (InputStream input = getFileSystem().newInputStream(createPath("/foo"))) { + assertEquals(content.length(), input.skip(content.length() + 1)); + assertEquals(-1, input.read()); + assertEquals(0, input.skip(1)); + } + } + + @Test + public void testAvailable() throws IOException { + final String content = "Hello World"; + FileEntry file = addFile("/foo"); + file.setContents(content); + try (InputStream input = getFileSystem().newInputStream(createPath("/foo"))) { + for (int i = 0; i < 5; i++) { + input.read(); + } + assertEquals(content.length() - 5, input.available()); + while (input.read() != -1) { + // do nothing + } + assertEquals(0, input.available()); + input.read(); + assertEquals(0, input.available()); + } + } + + private byte[] readRemaining(InputStream input) throws IOException { + ByteArrayOutputStream output = new ByteArrayOutputStream(); + byte[] buffer = new byte[1024]; + int len; + while ((len = input.read(buffer)) != -1) { + output.write(buffer, 0, len); + } + return output.toByteArray(); + } +} diff --git a/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/FTPFileSystemOutputStreamTest.java b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/FTPFileSystemOutputStreamTest.java new file mode 100644 index 0000000..9dd0210 --- /dev/null +++ b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/FTPFileSystemOutputStreamTest.java @@ -0,0 +1,33 @@ +package org.xbib.io.ftp.fs; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import org.junit.jupiter.api.Test; +import org.mockftpserver.fake.filesystem.FileEntry; + +import java.io.IOException; +import java.io.OutputStream; + +public class FTPFileSystemOutputStreamTest extends AbstractFTPFileSystemTest { + + @Test + public void testWriteSingle() throws IOException { + try (OutputStream output = getFileSystem().newOutputStream(createPath("/foo"))) { + output.write('H'); + output.write('e'); + output.write('l'); + output.write('l'); + output.write('o'); + } + FileEntry file = getFile("/foo"); + assertEquals("Hello", getStringContents(file)); + } + + @Test + public void testWriteBulk() throws IOException { + try (OutputStream output = getFileSystem().newOutputStream(createPath("/foo"))) { + output.write("Hello".getBytes()); + } + FileEntry file = getFile("/foo"); + assertEquals("Hello", getStringContents(file)); + } +} diff --git a/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/FTPFileSystemProviderTest.java b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/FTPFileSystemProviderTest.java new file mode 100644 index 0000000..e30d63b --- /dev/null +++ b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/FTPFileSystemProviderTest.java @@ -0,0 +1,183 @@ +package org.xbib.io.ftp.fs; + +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; +import org.mockftpserver.fake.filesystem.FileEntry; + +import java.io.IOException; +import java.io.OutputStream; +import java.net.URI; +import java.nio.file.FileSystemNotFoundException; +import java.nio.file.FileSystems; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.nio.file.attribute.BasicFileAttributeView; +import java.nio.file.attribute.BasicFileAttributes; +import java.nio.file.attribute.PosixFileAttributeView; +import java.util.HashMap; +import java.util.Map; +import java.util.Random; + +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.instanceOf; +import static org.junit.jupiter.api.Assertions.assertArrayEquals; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; + +public class FTPFileSystemProviderTest extends AbstractFTPFileSystemTest { + + @Test + public void testPathsAndFilesSupport() throws IOException { + + try (FTPFileSystem fs = (FTPFileSystem) FileSystems.newFileSystem(getURI(), createEnv())) { + Path path = Paths.get(URI.create(getBaseUrl() + "/foo")); + assertThat(path, instanceOf(FTPPath.class)); + // as required by Paths.get + assertEquals(path, path.toAbsolutePath()); + + // the file does not exist yet + assertFalse(Files.exists(path)); + + Files.createFile(path); + try { + // the file now exists + assertTrue(Files.exists(path)); + + byte[] content = new byte[1024]; + new Random().nextBytes(content); + try (OutputStream output = Files.newOutputStream(path, FileType.binary())) { + output.write(content); + } + + // check the file directly + FileEntry file = getFile("/foo"); + assertArrayEquals(content, getContents(file)); + + } finally { + + Files.delete(path); + assertFalse(Files.exists(path)); + + assertNull(getFileSystemEntry("/foo")); + } + } + } + + @Test + public void testPathsAndFilesSupportFileSystemNotFound() { + Assertions.assertThrows(FileSystemNotFoundException.class, () -> + Paths.get(URI.create("ftp://ftp.github.com/")) + ); + } + + @Test + public void testRemoveFileSystem() { + Assertions.assertThrows(FileSystemNotFoundException.class, () -> { + addDirectory("/foo/bar"); + FTPFileSystemProvider provider = new FTPFileSystemProvider(); + URI uri; + try (FTPFileSystem fs = (FTPFileSystem) provider.newFileSystem(getURI(), createEnv())) { + FTPPath path = new FTPPath(fs, "/foo/bar"); + uri = path.toUri(); + assertFalse(provider.isHidden(path)); + } + provider.getPath(uri); + }); + } + + @Test + public void testGetPath() throws IOException { + Map inputs = new HashMap<>(); + inputs.put("/", "/"); + inputs.put("foo", "/home/test/foo"); + inputs.put("/foo", "/foo"); + inputs.put("foo/bar", "/home/test/foo/bar"); + inputs.put("/foo/bar", "/foo/bar"); + + FTPFileSystemProvider provider = new FTPFileSystemProvider(); + try (FTPFileSystem fs = (FTPFileSystem) provider.newFileSystem(getURI(), createEnv())) { + for (Map.Entry entry : inputs.entrySet()) { + URI uri = fs.getPath(entry.getKey()).toUri(); + Path path = provider.getPath(uri); + assertThat(path, instanceOf(FTPPath.class)); + assertEquals(entry.getValue(), ((FTPPath) path).path()); + } + for (Map.Entry entry : inputs.entrySet()) { + URI uri = fs.getPath(entry.getKey()).toUri(); + uri = URISupport.create(uri.getScheme().toUpperCase(), uri.getUserInfo(), uri.getHost(), uri.getPort(), uri.getPath(), null, null); + Path path = provider.getPath(uri); + assertThat(path, instanceOf(FTPPath.class)); + assertEquals(entry.getValue(), ((FTPPath) path).path()); + } + } + } + + @Test + public void testGetPathNoScheme() { + Assertions.assertThrows(IllegalArgumentException.class, () -> { + FTPFileSystemProvider provider = new FTPFileSystemProvider(); + provider.getPath(URI.create("/foo/bar")); + }); + } + + @Test + public void testGetPathInvalidScheme() { + Assertions.assertThrows(IllegalArgumentException.class, () -> { + FTPFileSystemProvider provider = new FTPFileSystemProvider(); + provider.getPath(URI.create("https://www.github.com/")); + }); + } + + @Test + public void testGetPathFileSystemNotFound() { + Assertions.assertThrows(FileSystemNotFoundException.class, () -> { + FTPFileSystemProvider provider = new FTPFileSystemProvider(); + provider.getPath(URI.create("ftp://ftp.github.com/")); + }); + } + + @Test + public void testGetFileAttributeViewBasic() throws IOException { + FTPFileSystemProvider provider = new FTPFileSystemProvider(); + try (FTPFileSystem fs = (FTPFileSystem) provider.newFileSystem(getURI(), createEnv())) { + FTPPath path = new FTPPath(fs, "/foo/bar"); + + BasicFileAttributeView view = fs.provider().getFileAttributeView(path, BasicFileAttributeView.class); + assertNotNull(view); + assertEquals("basic", view.name()); + } + } + + @Test + public void testGetFileAttributeViewPosix() throws IOException { + + FTPFileSystemProvider provider = new FTPFileSystemProvider(); + try (FTPFileSystem fs = (FTPFileSystem) provider.newFileSystem(getURI(), createEnv())) { + FTPPath path = new FTPPath(fs, "/foo/bar"); + + PosixFileAttributeView view = fs.provider().getFileAttributeView(path, PosixFileAttributeView.class); + assertNotNull(view); + assertEquals("posix", view.name()); + } + } + + @Test + public void testGetFileAttributeViewReadAttributes() throws IOException { + addDirectory("/foo/bar"); + + FTPFileSystemProvider provider = new FTPFileSystemProvider(); + try (FTPFileSystem fs = (FTPFileSystem) provider.newFileSystem(getURI(), createEnv())) { + FTPPath path = new FTPPath(fs, "/foo/bar"); + + BasicFileAttributeView view = fs.provider().getFileAttributeView(path, BasicFileAttributeView.class); + assertNotNull(view); + + BasicFileAttributes attributes = view.readAttributes(); + assertTrue(attributes.isDirectory()); + } + } +} diff --git a/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/FTPFileSystemTest.java b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/FTPFileSystemTest.java new file mode 100644 index 0000000..9da42ef --- /dev/null +++ b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/FTPFileSystemTest.java @@ -0,0 +1,2186 @@ +package org.xbib.io.ftp.fs; + +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; +import org.mockftpserver.fake.filesystem.DirectoryEntry; +import org.mockftpserver.fake.filesystem.FileEntry; +import org.mockftpserver.fake.filesystem.FileSystemEntry; +import org.mockito.verification.VerificationMode; +import org.xbib.io.ftp.client.FTPFile; +import org.xbib.io.ftp.fs.server.SymbolicLinkEntry; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.URI; +import java.nio.channels.SeekableByteChannel; +import java.nio.file.AccessDeniedException; +import java.nio.file.AccessMode; +import java.nio.file.CopyOption; +import java.nio.file.DirectoryNotEmptyException; +import java.nio.file.DirectoryStream; +import java.nio.file.DirectoryStream.Filter; +import java.nio.file.FileAlreadyExistsException; +import java.nio.file.FileSystemException; +import java.nio.file.LinkOption; +import java.nio.file.NoSuchFileException; +import java.nio.file.NotDirectoryException; +import java.nio.file.NotLinkException; +import java.nio.file.OpenOption; +import java.nio.file.Path; +import java.nio.file.StandardCopyOption; +import java.nio.file.StandardOpenOption; +import java.nio.file.attribute.PosixFileAttributes; +import java.nio.file.attribute.PosixFilePermissions; +import java.util.Collections; +import java.util.EnumSet; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; + +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.instanceOf; +import static org.junit.jupiter.api.Assertions.assertArrayEquals; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNotSame; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertSame; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.mockito.Matchers.anyBoolean; +import static org.mockito.Matchers.anyCollectionOf; +import static org.mockito.Matchers.anyInt; +import static org.mockito.Matchers.anyString; +import static org.mockito.Matchers.eq; +import static org.mockito.Mockito.never; +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.verify; + +public class FTPFileSystemTest extends AbstractFTPFileSystemTest { + + //@Rule + //public ExpectedException thrown = ExpectedException.none(); + + @Test + public void testGetPath() { + testGetPath("/", "/"); + testGetPath("/foo/bar", "/", "/foo", "/bar"); + testGetPath("/foo/../bar", "/foo/", "../bar"); + } + + private void testGetPath(String path, String first, String... more) { + FTPPath expected = createPath(path); + Path actual = getFileSystem().getPath(first, more); + assertEquals(expected, actual); + } + + @Test + public void testKeepAlive() throws IOException { + getFileSystem().keepAlive(); + } + + @Test + public void testToUri() { + final String prefix = getBaseUrl(); + + testToUri("/", prefix + "/"); + testToUri("/foo/bar", prefix + "/foo/bar"); + testToUri("/foo/../bar", prefix + "/bar"); + + testToUri("", prefix + "/home/test"); + testToUri("foo/bar", prefix + "/home/test/foo/bar"); + testToUri("foo/../bar", prefix + "/home/test/bar"); + } + + private void testToUri(String path, String expected) { + URI expectedUri = URI.create(expected); + URI actual = getFileSystem().toUri(createPath(path)); + assertEquals(expectedUri, actual); + } + + @Test + public void testToAbsolutePath() { + + testToAbsolutePath("/", "/"); + testToAbsolutePath("/foo/bar", "/foo/bar"); + testToAbsolutePath("/foo/../bar", "/foo/../bar"); + + testToAbsolutePath("", "/home/test"); + testToAbsolutePath("foo/bar", "/home/test/foo/bar"); + testToAbsolutePath("foo/../bar", "/home/test/foo/../bar"); + } + + private void testToAbsolutePath(String path, String expected) { + FTPPath expectedPath = createPath(expected); + Path actual = getFileSystem().toAbsolutePath(createPath(path)); + assertEquals(expectedPath, actual); + } + + @Test + public void testToRealPathNoFollowLinks() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + addDirectory("/foo/bar"); + addDirectory("/bar"); + addFile("/home/test/foo/bar"); + FileEntry bar = addFile("/home/test/bar"); + + // symbolic links + SymbolicLinkEntry symLink = addSymLink("/hello", foo); + addSymLink("/world", symLink); + symLink = addSymLink("/home/test/baz", bar); + addSymLink("/baz", symLink); + + testToRealPathNoFollowLinks("/", "/"); + testToRealPathNoFollowLinks("/foo/bar", "/foo/bar"); + testToRealPathNoFollowLinks("/foo/../bar", "/bar"); + + testToRealPathNoFollowLinks("", "/home/test"); + testToRealPathNoFollowLinks("foo/bar", "/home/test/foo/bar"); + testToRealPathNoFollowLinks("foo/../bar", "/home/test/bar"); + + // symbolic links + testToRealPathNoFollowLinks("/hello", "/hello"); + testToRealPathNoFollowLinks("/world", "/world"); + testToRealPathNoFollowLinks("/home/test/baz", "/home/test/baz"); + testToRealPathNoFollowLinks("/baz", "/baz"); + } + + private void testToRealPathNoFollowLinks(String path, String expected) throws IOException { + FTPPath expectedPath = createPath(expected); + Path actual = getFileSystem().toRealPath(createPath(path), LinkOption.NOFOLLOW_LINKS); + assertEquals(expectedPath, actual); + } + + @Test + public void testToRealPathFollowLinks() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + addDirectory("/foo/bar"); + addDirectory("/bar"); + addFile("/home/test/foo/bar"); + FileEntry bar = addFile("/home/test/bar"); + + // symbolic links + SymbolicLinkEntry symLink = addSymLink("/hello", foo); + addSymLink("/world", symLink); + symLink = addSymLink("/home/test/baz", bar); + addSymLink("/baz", symLink); + + testToRealPathFollowLinks("/", "/"); + testToRealPathFollowLinks("/foo/bar", "/foo/bar"); + testToRealPathFollowLinks("/foo/../bar", "/bar"); + + testToRealPathFollowLinks("", "/home/test"); + testToRealPathFollowLinks("foo/bar", "/home/test/foo/bar"); + testToRealPathFollowLinks("foo/../bar", "/home/test/bar"); + + // symbolic links + testToRealPathFollowLinks("/hello", "/foo"); + testToRealPathFollowLinks("/world", "/foo"); + testToRealPathFollowLinks("/home/test/baz", "/home/test/bar"); + testToRealPathFollowLinks("/baz", "/home/test/bar"); + } + + private void testToRealPathFollowLinks(String path, String expected) throws IOException { + FTPPath expectedPath = createPath(expected); + Path actual = getFileSystem().toRealPath(createPath(path)); + assertEquals(expectedPath, actual); + } + + @Test + public void testToRealPathBrokenLink() { + Assertions.assertThrows(NoSuchFileException.class, () -> { + addSymLink("/foo", new FileEntry("/bar")); + createPath("/foo").toRealPath(); + }); + } + + @Test + public void testToRealPathNotExisting() throws IOException { + Assertions.assertThrows(NoSuchFileException.class, () -> { + createPath("/foo").toRealPath(); + }); + } + + @Test + public void testNewInputStream() throws IOException { + addFile("/foo/bar"); + try (InputStream input = getFileSystem().newInputStream(createPath("/foo/bar"))) { + // don't do anything with the stream, there's a separate test for that + } + // verify that the file system can be used after closing the stream + getFileSystem().checkAccess(createPath("/foo/bar")); + } + + @Test + public void testNewInputStreamDeleteOnClose() throws IOException { + addFile("/foo/bar"); + + OpenOption[] options = {StandardOpenOption.DELETE_ON_CLOSE}; + try (InputStream input = getFileSystem().newInputStream(createPath("/foo/bar"), options)) { + // don't do anything with the stream, there's a separate test for that + } + assertNull(getFileSystemEntry("/foo/bar")); + assertEquals(0, getChildCount("/foo")); + } + + @Test + public void testNewInputStreamFTPFailure() throws IOException { + Assertions.assertThrows(FTPFileSystemException.class, () -> { + try (InputStream input = getFileSystem().newInputStream(createPath("/foo/bar"))) { + // don't do anything with the stream, there's a separate test for that + } finally { + verify(getExceptionFactory()).createNewInputStreamException(eq("/foo/bar"), eq(550), anyString()); + } + }); + } + + @Test + public void testNewOutputStreamExisting() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry bar = addFile("/foo/bar"); + + OpenOption[] options = {StandardOpenOption.WRITE}; + try (OutputStream output = getFileSystem().newOutputStream(createPath("/foo/bar"), options)) { + // don't do anything with the stream, there's a separate test for that + } + // verify that the file system can be used after closing the stream + getFileSystem().checkAccess(createPath("/foo/bar")); + + assertSame(foo, getFileSystemEntry("/foo")); + assertSame(bar, getFileSystemEntry("/foo/bar")); + } + + @Test + public void testNewOutputStreamExistingDeleteOnClose() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry bar = addFile("/foo/bar"); + + OpenOption[] options = {StandardOpenOption.DELETE_ON_CLOSE}; + try (OutputStream output = getFileSystem().newOutputStream(createPath("/foo/bar"), options)) { + // don't do anything with the stream, there's a separate test for that + assertSame(bar, getFileSystemEntry("/foo/bar")); + } + // verify that the file system can be used after closing the stream + getFileSystem().checkAccess(createPath("/foo")); + + assertSame(foo, getFileSystemEntry("/foo")); + assertNull(getFileSystemEntry("/foo/bar")); + assertEquals(0, getChildCount("/foo")); + } + + @Test + public void testNewOutputStreamExistingCreate() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry bar = addFile("/foo/bar"); + + OpenOption[] options = {StandardOpenOption.CREATE}; + try (OutputStream output = getFileSystem().newOutputStream(createPath("/foo/bar"), options)) { + // don't do anything with the stream, there's a separate test for that + } + // verify that the file system can be used after closing the stream + getFileSystem().checkAccess(createPath("/foo/bar")); + + assertSame(foo, getFileSystemEntry("/foo")); + assertSame(bar, getFileSystemEntry("/foo/bar")); + } + + @Test + public void testNewOutputStreamExistingCreateDeleteOnClose() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry bar = addFile("/foo/bar"); + + OpenOption[] options = {StandardOpenOption.CREATE, StandardOpenOption.DELETE_ON_CLOSE}; + try (OutputStream output = getFileSystem().newOutputStream(createPath("/foo/bar"), options)) { + // don't do anything with the stream, there's a separate test for that + assertSame(bar, getFileSystemEntry("/foo/bar")); + } + // verify that the file system can be used after closing the stream + getFileSystem().checkAccess(createPath("/foo")); + + assertSame(foo, getFileSystemEntry("/foo")); + assertNull(getFileSystemEntry("/foo/bar")); + } + + @Test + public void testNewOutputStreamExistingCreateNew() { + Assertions.assertThrows(FileAlreadyExistsException.class, () -> { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry bar = addFile("/foo/bar"); + OpenOption[] options = {StandardOpenOption.CREATE_NEW}; + try (OutputStream output = getFileSystem().newOutputStream(createPath("/foo/bar"), options)) { + // don't do anything with the stream, there's a separate test for that + } finally { + // verify that the file system can be used after closing the stream + getFileSystem().checkAccess(createPath("/foo/bar")); + assertSame(foo, getFileSystemEntry("/foo")); + assertSame(bar, getFileSystemEntry("/foo/bar")); + } + }); + } + + @Test + public void testNewOutputStreamExistingFTPFailure() { + Assertions.assertThrows(FTPFileSystemException.class, () -> { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry bar = addFile("/foo/bar"); + bar.setPermissionsFromString("r--r--r--"); + OpenOption[] options = {StandardOpenOption.WRITE}; + try (OutputStream input = getFileSystem().newOutputStream(createPath("/foo/bar"), options)) { + // don't do anything with the stream, there's a separate test for that + } finally { + verify(getExceptionFactory()).createNewOutputStreamException(eq("/foo/bar"), eq(553), anyString(), anyCollectionOf(OpenOption.class)); + assertSame(foo, getFileSystemEntry("/foo")); + assertSame(bar, getFileSystemEntry("/foo/bar")); + } + }); + } + + @Test + public void testNewOutputStreamExistingFTPFailureDeleteOnClose() { + Assertions.assertThrows(FTPFileSystemException.class, () -> { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry bar = addFile("/foo/bar"); + bar.setPermissionsFromString("r--r--r--"); + OpenOption[] options = {StandardOpenOption.DELETE_ON_CLOSE}; + try (OutputStream input = getFileSystem().newOutputStream(createPath("/foo/bar"), options)) { + // don't do anything with the stream, there's a separate test for that + } finally { + verify(getExceptionFactory()).createNewOutputStreamException(eq("/foo/bar"), eq(553), anyString(), anyCollectionOf(OpenOption.class)); + assertSame(foo, getFileSystemEntry("/foo")); + assertSame(bar, getFileSystemEntry("/foo/bar")); + } + }); + } + + @Test + public void testNewOutputStreamNonExistingNoCreate() throws IOException { + Assertions.assertThrows(NoSuchFileException.class, () -> { + DirectoryEntry foo = addDirectory("/foo"); + OpenOption[] options = {StandardOpenOption.WRITE}; + try (OutputStream input = getFileSystem().newOutputStream(createPath("/foo/bar"), options)) { + // don't do anything with the stream, there's a separate test for that + } finally { + assertSame(foo, getFileSystemEntry("/foo")); + assertNull(getFileSystemEntry("/foo/bar")); + } + }); + } + + @Test + public void testNewOutputStreamNonExistingCreate() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + OpenOption[] options = {StandardOpenOption.CREATE}; + try (OutputStream input = getFileSystem().newOutputStream(createPath("/foo/bar"), options)) { + // don't do anything with the stream, there's a separate test for that + } finally { + assertSame(foo, getFileSystemEntry("/foo")); + assertThat(getFileSystemEntry("/foo/bar"), instanceOf(FileEntry.class)); + } + } + + @Test + public void testNewOutputStreamNonExistingCreateDeleteOnClose() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + OpenOption[] options = {StandardOpenOption.CREATE, StandardOpenOption.DELETE_ON_CLOSE}; + try (OutputStream input = getFileSystem().newOutputStream(createPath("/foo/bar"), options)) { + // don't do anything with the stream, there's a separate test for that + // we can't check here that /foo/bar exists, because it will only be stored in the file system once the stream is closed + } finally { + assertSame(foo, getFileSystemEntry("/foo")); + assertNull(getFileSystemEntry("/foo/bar")); + assertEquals(0, getChildCount("/foo")); + } + } + + @Test + public void testNewOutputStreamNonExistingCreateNew() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + OpenOption[] options = {StandardOpenOption.CREATE_NEW}; + try (OutputStream input = getFileSystem().newOutputStream(createPath("/foo/bar"), options)) { + // don't do anything with the stream, there's a separate test for that + } finally { + assertSame(foo, getFileSystemEntry("/foo")); + assertThat(getFileSystemEntry("/foo/bar"), instanceOf(FileEntry.class)); + } + } + + @Test + public void testNewOutputStreamNonExistingCreateNewDeleteOnClose() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + OpenOption[] options = {StandardOpenOption.CREATE_NEW, StandardOpenOption.DELETE_ON_CLOSE}; + try (OutputStream input = getFileSystem().newOutputStream(createPath("/foo/bar"), options)) { + // don't do anything with the stream, there's a separate test for that + // we can't check here that /foo/bar exists, because it will only be stored in the file system once the stream is closed + } finally { + assertSame(foo, getFileSystemEntry("/foo")); + assertNull(getFileSystemEntry("/foo/bar")); + } + } + + @Test + public void testNewOutputStreamDirectoryNoCreate() { + Assertions.assertThrows(FileSystemException.class, () -> { + DirectoryEntry foo = addDirectory("/foo"); + OpenOption[] options = {StandardOpenOption.WRITE}; + try (OutputStream input = getFileSystem().newOutputStream(createPath("/foo"), options)) { + // don't do anything with the stream, there's a separate test for that + } finally { + verify(getExceptionFactory(), never()).createNewOutputStreamException(anyString(), anyInt(), anyString(), + anyCollectionOf(OpenOption.class)); + assertSame(foo, getFileSystemEntry("/foo")); + assertEquals(0, getChildCount("/foo")); + } + }); + } + + @Test + public void testNewOutputStreamDirectoryDeleteOnClose() { + Assertions.assertThrows(FileSystemException.class, () -> { + DirectoryEntry foo = addDirectory("/foo"); + OpenOption[] options = {StandardOpenOption.DELETE_ON_CLOSE}; + try (OutputStream input = getFileSystem().newOutputStream(createPath("/foo"), options)) { + // don't do anything with the stream, there's a separate test for that + } finally { + verify(getExceptionFactory(), never()).createNewOutputStreamException(anyString(), anyInt(), anyString(), + anyCollectionOf(OpenOption.class)); + assertSame(foo, getFileSystemEntry("/foo")); + assertEquals(0, getChildCount("/foo")); + } + }); + } + + @Test + public void testNewByteChannelRead() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry bar = addFile("/foo/bar"); + bar.setContents(new byte[1024]); + + Set options = EnumSet.noneOf(StandardOpenOption.class); + try (SeekableByteChannel channel = getFileSystem().newByteChannel(createPath("/foo/bar"), options)) { + // don't do anything with the channel, there's a separate test for that + assertEquals(bar.getSize(), channel.size()); + } + assertSame(foo, getFileSystemEntry("/foo")); + assertSame(bar, getFileSystemEntry("/foo/bar")); + } + + @Test + public void testNewByteChannelReadNonExisting() throws IOException { + Assertions.assertThrows(FTPFileSystemException.class, () -> { + Set options = EnumSet.noneOf(StandardOpenOption.class); + try (SeekableByteChannel channel = getFileSystem().newByteChannel(createPath("/foo/bar"), options)) { + // don't do anything with the channel, there's a separate test for that + } finally { + verify(getExceptionFactory()).createNewInputStreamException(eq("/foo/bar"), eq(550), anyString()); + assertNull(getFileSystemEntry("/foo")); + assertNull(getFileSystemEntry("/foo/bar")); + } + }); + } + + @Test + public void testNewByteChannelWrite() throws IOException { + addFile("/foo/bar"); + + Set options = EnumSet.of(StandardOpenOption.WRITE); + try (SeekableByteChannel channel = getFileSystem().newByteChannel(createPath("/foo/bar"), options)) { + // don't do anything with the channel, there's a separate test for that + assertEquals(0, channel.size()); + } + } + + @Test + public void testNewByteChannelWriteAppend() throws IOException { + FileEntry bar = addFile("/foo/bar"); + bar.setContents(new byte[1024]); + + Set options = EnumSet.of(StandardOpenOption.WRITE, StandardOpenOption.APPEND); + try (SeekableByteChannel channel = getFileSystem().newByteChannel(createPath("/foo/bar"), options)) { + // don't do anything with the channel, there's a separate test for that + assertEquals(bar.getSize(), channel.size()); + } + } + + @Test + public void testNewDirectoryStream() throws IOException { + + try (DirectoryStream stream = getFileSystem().newDirectoryStream(createPath("/"), AcceptAllFilter.INSTANCE)) { + assertNotNull(stream); + // don't do anything with the stream, there's a separate test for that + } + } + + @Test + public void testNewDirectoryStreamNotExisting() { + Assertions.assertThrows(NoSuchFileException.class, () -> { + getFileSystem().newDirectoryStream(createPath("/foo"), AcceptAllFilter.INSTANCE); + }); + } + + @Test + public void testGetDirectoryStreamNotDirectory() { + Assertions.assertThrows(NotDirectoryException.class, () -> { + addFile("/foo"); + getFileSystem().newDirectoryStream(createPath("/foo"), AcceptAllFilter.INSTANCE); + }); + } + + @Test + public void testCreateDirectory() throws IOException { + assertNull(getFileSystemEntry("/foo")); + getFileSystem().createDirectory(createPath("/foo")); + FileSystemEntry entry = getFileSystemEntry("/foo"); + assertThat(entry, instanceOf(DirectoryEntry.class)); + } + + @Test + public void testCreateDirectoryFTPFailure() { + Assertions.assertThrows(FileAlreadyExistsException.class, () -> { + DirectoryEntry root = getDirectory("/"); + root.setPermissionsFromString("r-xr-xr-x"); + // failure: read-only parent + try { + getFileSystem().createDirectory(createPath("/foo")); + } finally { + assertNull(getFileSystemEntry("/foo")); + verify(getExceptionFactory()).createCreateDirectoryException(eq("/foo"), eq(550), anyString()); + } + }); + } + + @Test + public void testDeleteNonExisting() { + Assertions.assertThrows(NoSuchFileException.class, () -> { + try { + getFileSystem().delete(createPath("/foo")); + } finally { + verify(getExceptionFactory(), never()).createDeleteException(anyString(), anyInt(), anyString(), anyBoolean()); + } + }); + } + + @Test + public void testDeleteRoot() { + Assertions.assertThrows(FTPFileSystemException.class, () -> { + try { + getFileSystem().delete(createPath("/")); + } finally { + verify(getExceptionFactory()).createDeleteException(eq("/"), eq(550), anyString(), eq(true)); + } + }); + } + + @Test + public void testDeleteFile() throws IOException { + addFile("/foo/bar"); + FileSystemEntry foo = getFileSystemEntry("/foo"); + getFileSystem().delete(createPath("/foo/bar")); + assertSame(foo, getFileSystemEntry("/foo")); + assertNull(getFileSystemEntry("/foo/bar")); + } + + @Test + public void testDeleteEmptyDir() throws IOException { + addDirectory("/foo/bar"); + FileSystemEntry foo = getFileSystemEntry("/foo"); + getFileSystem().delete(createPath("/foo/bar")); + assertSame(foo, getFileSystemEntry("/foo")); + assertNull(getFileSystemEntry("/foo/bar")); + } + + @Test + public void testDeleteFTPFailure() throws IOException { + Assertions.assertThrows(FTPFileSystemException.class, () -> { + addDirectory("/foo/bar/baz"); + FileSystemEntry foo = getFileSystemEntry("/foo"); + FileSystemEntry bar = getFileSystemEntry("/foo/bar"); + try { + getFileSystem().delete(createPath("/foo/bar")); + } finally { + assertSame(foo, getFileSystemEntry("/foo")); + assertSame(bar, getFileSystemEntry("/foo/bar")); + verify(getExceptionFactory()).createDeleteException(eq("/foo/bar"), eq(550), anyString(), eq(true)); + } + }); + } + + @Test + public void testReadSymbolicLinkToFile() throws IOException { + FileEntry foo = addFile("/foo"); + addSymLink("/bar", foo); + + FTPPath link = getFileSystem().readSymbolicLink(createPath("/bar")); + assertEquals(createPath("/foo"), link); + } + + @Test + public void testReadSymbolicLinkToDirectory() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + addSymLink("/bar", foo); + + FTPPath link = getFileSystem().readSymbolicLink(createPath("/bar")); + assertEquals(createPath("/foo"), link); + } + + @Test + public void testReadSymbolicLinkToNonExistingTarget() throws IOException { + addSymLink("/bar", new FileEntry("/foo")); + + FTPPath link = getFileSystem().readSymbolicLink(createPath("/bar")); + assertEquals(createPath("/foo"), link); + } + + @Test + public void testReadSymbolicLinkNotExisting() { + Assertions.assertThrows(NoSuchFileException.class, () -> { + getFileSystem().readSymbolicLink(createPath("/foo")); + }); + } + + @Test + public void testReadSymbolicLinkNoLinkButFile() { + Assertions.assertThrows(NotLinkException.class, () -> { + addFile("/foo"); + getFileSystem().readSymbolicLink(createPath("/foo")); + }); + } + + @Test + public void testReadSymbolicLinkNoLinkButDirectory() { + Assertions.assertThrows(NotLinkException.class, () -> { + addDirectory("/foo"); + getFileSystem().readSymbolicLink(createPath("/foo")); + }); + } + + @Test + public void testCopySame() throws IOException { + DirectoryEntry foo = addDirectory("/home/test/foo"); + DirectoryEntry bar = addDirectory("/home/test/foo/bar"); + + CopyOption[] options = {}; + getFileSystem().copy(createPath("/home/test"), createPath(""), options); + getFileSystem().copy(createPath("/home/test/foo"), createPath("foo"), options); + getFileSystem().copy(createPath("/home/test/foo/bar"), createPath("foo/bar"), options); + + assertSame(foo, getFileSystemEntry("/home/test/foo")); + assertSame(bar, getFileSystemEntry("/home/test/foo/bar")); + assertEquals(0, getChildCount("/home/test/foo/bar")); + } + + @Test + public void testCopyNonExisting() throws IOException { + Assertions.assertThrows(NoSuchFileException.class, () -> { + DirectoryEntry foo = addDirectory("/foo"); + CopyOption[] options = {}; + try { + getFileSystem().copy(createPath("/foo/bar"), createPath("/foo/baz"), options); + } finally { + assertSame(foo, getFileSystemEntry("/foo")); + assertEquals(0, getChildCount("/foo")); + } + }); + } + + @Test + public void testCopyFTPFailure() { + Assertions.assertThrows(FTPFileSystemException.class, () -> { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry bar = addFile("/foo/bar"); + CopyOption[] options = {}; + try { + getFileSystem().copy(createPath("/foo/bar"), createPath("/baz/bar"), options); + } finally { + verify(getExceptionFactory()).createNewOutputStreamException(eq("/baz/bar"), eq(553), anyString(), anyCollectionOf(OpenOption.class)); + assertSame(foo, getFileSystemEntry("/foo")); + assertSame(bar, getFileSystemEntry("/foo/bar")); + assertNull(getFileSystemEntry("/baz")); + assertNull(getFileSystemEntry("/baz/bar")); + } + }); + } + + @Test + public void testCopyRoot() throws IOException { + // copying a directory (including the root) will not copy its contents, so copying the root is allowed + DirectoryEntry foo = addDirectory("/foo"); + + CopyOption[] options = {}; + getFileSystem().copy(createPath("/"), createPath("/foo/bar"), options); + + assertSame(foo, getFileSystemEntry("/foo")); + + DirectoryEntry bar = getDirectory("/foo/bar"); + + assertNotSame(getDirectory("/"), bar); + assertEquals(0, getChildCount("/foo/bar")); + } + + @Test + public void testCopyReplaceFile() { + Assertions.assertThrows(FileAlreadyExistsException.class, () -> { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry bar = addFile("/foo/bar"); + FileEntry baz = addFile("/baz"); + + CopyOption[] options = {}; + try { + getFileSystem().copy(createPath("/baz"), createPath("/foo/bar"), options); + } finally { + assertSame(foo, getFileSystemEntry("/foo")); + assertSame(bar, getFileSystemEntry("/foo/bar")); + assertSame(baz, getFileSystemEntry("/baz")); + } + }); + } + + @Test + public void testCopyReplaceFileAllowed() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry bar = addFile("/foo/bar"); + FileEntry baz = addFile("/baz"); + + CopyOption[] options = {StandardCopyOption.REPLACE_EXISTING}; + getFileSystem().copy(createPath("/baz"), createPath("/foo/bar"), options); + + assertSame(foo, getFileSystemEntry("/foo")); + assertThat(getFileSystemEntry("/foo/bar"), instanceOf(FileEntry.class)); + // permissions are dropped during the delete/recreate + assertEqualsMinusPath(bar, getFileSystemEntry("/foo/bar"), false); + assertNotSame(baz, getFileSystemEntry("/foo/bar")); + } + + @Test + public void testCopyReplaceNonEmptyDir() { + Assertions.assertThrows(FileAlreadyExistsException.class, () -> { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry bar = addFile("/foo/bar"); + FileEntry baz = addFile("/baz"); + + CopyOption[] options = {}; + try { + getFileSystem().copy(createPath("/baz"), createPath("/foo"), options); + } finally { + assertSame(foo, getFileSystemEntry("/foo")); + assertSame(bar, getFileSystemEntry("/foo/bar")); + assertSame(baz, getFileSystemEntry("/baz")); + } + }); + } + + @Test + public void testCopyReplaceNonEmptyDirAllowed() { + Assertions.assertThrows(FTPFileSystemException.class, () -> { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry bar = addFile("/foo/bar"); + FileEntry baz = addFile("/baz"); + + CopyOption[] options = {StandardCopyOption.REPLACE_EXISTING}; + try { + getFileSystem().copy(createPath("/baz"), createPath("/foo"), options); + } finally { + verify(getExceptionFactory()).createDeleteException(eq("/foo"), eq(550), anyString(), eq(true)); + assertSame(foo, getFileSystemEntry("/foo")); + assertSame(bar, getFileSystemEntry("/foo/bar")); + assertSame(baz, getFileSystemEntry("/baz")); + } + }); + } + + @Test + public void testCopyReplaceEmptyDir() { + Assertions.assertThrows(FileAlreadyExistsException.class, () -> { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry baz = addFile("/baz"); + + CopyOption[] options = {}; + try { + getFileSystem().copy(createPath("/baz"), createPath("/foo"), options); + } finally { + assertSame(foo, getFileSystemEntry("/foo")); + assertSame(baz, getFileSystemEntry("/baz")); + } + }); + } + + @Test + public void testCopyReplaceEmptyDirAllowed() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + DirectoryEntry baz = addDirectory("/baz"); + + CopyOption[] options = {StandardCopyOption.REPLACE_EXISTING}; + getFileSystem().copy(createPath("/baz"), createPath("/foo"), options); + + assertThat(getFileSystemEntry("/foo"), instanceOf(DirectoryEntry.class)); + assertNotSame(foo, getFileSystemEntry("/foo")); + assertNotSame(baz, getFileSystemEntry("/foo")); + } + + @Test + public void testCopyFile() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry baz = addFile("/baz"); + + baz.setOwner("root"); + + CopyOption[] options = {}; + getFileSystem().copy(createPath("/baz"), createPath("/foo/bar"), options); + + assertThat(getFileSystemEntry("/foo/bar"), instanceOf(FileEntry.class)); + assertSame(foo, getFileSystemEntry("/foo")); + assertNotSame(baz, getFileSystemEntry("/foo/bar")); + assertSame(baz, getFileSystemEntry("/baz")); + assertNotEquals(baz.getOwner(), getFileSystemEntry("/foo/bar").getOwner()); + } + + @Test + public void testCopyFileMultipleConnections() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry baz = addFile("/baz"); + + baz.setOwner("root"); + + CopyOption[] options = {}; + FTPFileSystem fs = getMultiClientFileSystem(); + fs.copy(createPath(fs, "/baz"), createPath(fs, "/foo/bar"), options); + + assertThat(getFileSystemEntry("/foo/bar"), instanceOf(FileEntry.class)); + assertSame(foo, getFileSystemEntry("/foo")); + assertNotSame(baz, getFileSystemEntry("/foo/bar")); + assertSame(baz, getFileSystemEntry("/baz")); + assertNotEquals(baz.getOwner(), getFileSystemEntry("/foo/bar").getOwner()); + } + + @Test + public void testCopyEmptyDir() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + DirectoryEntry baz = addDirectory("/baz"); + + baz.setOwner("root"); + + CopyOption[] options = {}; + getFileSystem().copy(createPath("/baz"), createPath("/foo/bar"), options); + + assertThat(getFileSystemEntry("/foo/bar"), instanceOf(DirectoryEntry.class)); + assertSame(foo, getFileSystemEntry("/foo")); + assertNotSame(baz, getFileSystemEntry("/foo/bar")); + assertSame(baz, getFileSystemEntry("/baz")); + + DirectoryEntry bar = getDirectory("/foo/bar"); + assertEquals(0, getChildCount("/foo/bar")); + assertNotEquals(baz.getOwner(), bar.getOwner()); + } + + @Test + public void testCopyNonEmptyDir() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + DirectoryEntry baz = addDirectory("/baz"); + addFile("/baz/qux"); + + baz.setOwner("root"); + + CopyOption[] options = {}; + getFileSystem().copy(createPath("/baz"), createPath("/foo/bar"), options); + + assertThat(getFileSystemEntry("/foo/bar"), instanceOf(DirectoryEntry.class)); + assertSame(foo, getFileSystemEntry("/foo")); + assertNotSame(baz, getFileSystemEntry("/foo/bar")); + assertSame(baz, getFileSystemEntry("/baz")); + + DirectoryEntry bar = getDirectory("/foo/bar"); + assertEquals(0, getChildCount("/foo/bar")); + assertNotEquals(baz.getOwner(), bar.getOwner()); + } + + @Test + public void testCopyReplaceFileDifferentFileSystems() throws IOException { + Assertions.assertThrows(FileAlreadyExistsException.class, () -> { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry bar = addFile("/foo/bar"); + FileEntry baz = addFile("/baz"); + + CopyOption[] options = {}; + try { + getFileSystem().copy(createPath("/baz"), createPath(getMultiClientFileSystem(), "/foo/bar"), options); + } finally { + assertSame(foo, getFileSystemEntry("/foo")); + assertSame(bar, getFileSystemEntry("/foo/bar")); + assertSame(baz, getFileSystemEntry("/baz")); + } + }); + } + + @Test + public void testCopyReplaceFileAllowedDifferentFileSystems() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry bar = addFile("/foo/bar"); + FileEntry baz = addFile("/baz"); + + CopyOption[] options = {StandardCopyOption.REPLACE_EXISTING}; + getFileSystem().copy(createPath("/baz"), createPath(getMultiClientFileSystem(), "/foo/bar"), options); + + assertSame(foo, getFileSystemEntry("/foo")); + assertThat(getFileSystemEntry("/foo/bar"), instanceOf(FileEntry.class)); + // permissions are dropped during the copy/delete + assertEqualsMinusPath(bar, getFileSystemEntry("/foo/bar"), false); + assertNotSame(baz, getFileSystemEntry("/foo/bar")); + } + + @Test + public void testCopyReplaceNonEmptyDirDifferentFileSystems() { + Assertions.assertThrows(FileAlreadyExistsException.class, () -> { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry bar = addFile("/foo/bar"); + FileEntry baz = addFile("/baz"); + + CopyOption[] options = {}; + try { + getFileSystem().copy(createPath("/baz"), createPath(getMultiClientFileSystem(), "/foo"), options); + } finally { + assertSame(foo, getFileSystemEntry("/foo")); + assertSame(bar, getFileSystemEntry("/foo/bar")); + assertSame(baz, getFileSystemEntry("/baz")); + } + }); + } + + @Test + public void testCopyReplaceNonEmptyDirAllowedDifferentFileSystems() { + Assertions.assertThrows(FTPFileSystemException.class, () -> { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry bar = addFile("/foo/bar"); + FileEntry baz = addFile("/baz"); + CopyOption[] options = {StandardCopyOption.REPLACE_EXISTING}; + try { + getFileSystem().copy(createPath("/baz"), createPath(getMultiClientFileSystem(), "/foo"), options); + } finally { + verify(getExceptionFactory()).createDeleteException(eq("/foo"), eq(550), anyString(), eq(true)); + assertSame(foo, getFileSystemEntry("/foo")); + assertSame(bar, getFileSystemEntry("/foo/bar")); + assertSame(baz, getFileSystemEntry("/baz")); + } + }); + } + + @Test + public void testCopyReplaceEmptyDirDifferentFileSystems() { + Assertions.assertThrows(FileAlreadyExistsException.class, () -> { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry baz = addFile("/baz"); + + CopyOption[] options = {}; + try { + getFileSystem().copy(createPath("/baz"), createPath(getMultiClientFileSystem(), "/foo"), options); + } finally { + assertSame(foo, getFileSystemEntry("/foo")); + assertSame(baz, getFileSystemEntry("/baz")); + } + }); + } + + @Test + public void testCopyReplaceEmptyDirAllowedDifferentFileSystems() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + DirectoryEntry baz = addDirectory("/baz"); + + CopyOption[] options = {StandardCopyOption.REPLACE_EXISTING}; + getFileSystem().copy(createPath("/baz"), createPath(getMultiClientFileSystem(), "/foo"), options); + + assertThat(getFileSystemEntry("/foo"), instanceOf(DirectoryEntry.class)); + assertNotSame(foo, getFileSystemEntry("/foo")); + assertNotSame(baz, getFileSystemEntry("/foo")); + } + + @Test + public void testCopyFileDifferentFileSystems() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry baz = addFile("/baz"); + + baz.setOwner("root"); + + CopyOption[] options = {}; + getFileSystem().copy(createPath("/baz"), createPath(getMultiClientFileSystem(), "/foo/bar"), options); + + assertThat(getFileSystemEntry("/foo/bar"), instanceOf(FileEntry.class)); + assertSame(foo, getFileSystemEntry("/foo")); + assertNotSame(baz, getFileSystemEntry("/foo/bar")); + assertSame(baz, getFileSystemEntry("/baz")); + assertNotEquals(baz.getOwner(), getFileSystemEntry("/foo/bar").getOwner()); + } + + @Test + public void testCopyEmptyDirDifferentFileSystems() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + DirectoryEntry baz = addDirectory("/baz"); + + baz.setOwner("root"); + + CopyOption[] options = {}; + getFileSystem().copy(createPath("/baz"), createPath(getMultiClientFileSystem(), "/foo/bar"), options); + + assertThat(getFileSystemEntry("/foo/bar"), instanceOf(DirectoryEntry.class)); + assertSame(foo, getFileSystemEntry("/foo")); + assertNotSame(baz, getFileSystemEntry("/foo/bar")); + assertSame(baz, getFileSystemEntry("/baz")); + + DirectoryEntry bar = getDirectory("/foo/bar"); + assertEquals(0, getChildCount("/foo/bar")); + assertNotEquals(baz.getOwner(), bar.getOwner()); + } + + @Test + public void testCopyNonEmptyDirDifferentFileSystems() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + DirectoryEntry baz = addDirectory("/baz"); + addFile("/baz/qux"); + + baz.setOwner("root"); + + CopyOption[] options = {}; + getFileSystem().copy(createPath("/baz"), createPath(getMultiClientFileSystem(), "/foo/bar"), options); + + assertThat(getFileSystemEntry("/foo/bar"), instanceOf(DirectoryEntry.class)); + assertSame(foo, getFileSystemEntry("/foo")); + assertNotSame(baz, getFileSystemEntry("/foo/bar")); + assertSame(baz, getFileSystemEntry("/baz")); + + DirectoryEntry bar = getDirectory("/foo/bar"); + assertEquals(0, getChildCount("/foo/bar")); + assertNotEquals(baz.getOwner(), bar.getOwner()); + } + + @Test + public void testCopyWithAttributes() throws IOException { + Assertions.assertThrows(UnsupportedOperationException.class, () -> { + addDirectory("/foo"); + addDirectory("/baz"); + addFile("/baz/qux"); + + CopyOption[] options = {StandardCopyOption.COPY_ATTRIBUTES}; + getFileSystem().copy(createPath("/baz"), createPath("/foo/bar"), options); + }); + } + + @Test + public void testMoveSame() throws IOException { + DirectoryEntry foo = addDirectory("/home/test/foo"); + DirectoryEntry bar = addDirectory("/home/test/foo/bar"); + SymbolicLinkEntry baz = addSymLink("/baz", foo); + CopyOption[] options = {}; + getFileSystem().move(createPath("/"), createPath("/"), options); + getFileSystem().move(createPath("/home/test"), createPath(""), options); + getFileSystem().move(createPath("/home/test/foo"), createPath("foo"), options); + getFileSystem().move(createPath("/home/test/foo/bar"), createPath("foo/bar"), options); + getFileSystem().move(createPath("/home/test/foo"), createPath("/baz"), options); + getFileSystem().move(createPath("/baz"), createPath("/home/test/foo"), options); + + assertSame(foo, getFileSystemEntry("/home/test/foo")); + assertSame(bar, getFileSystemEntry("/home/test/foo/bar")); + assertSame(baz, getFileSystemEntry("/baz")); + assertEquals(0, getChildCount("/home/test/foo/bar")); + } + + @Test + public void testMoveNonExisting() throws IOException { + Assertions.assertThrows(NoSuchFileException.class, () -> { + DirectoryEntry foo = addDirectory("/foo"); + CopyOption[] options = {}; + try { + getFileSystem().move(createPath("/foo/bar"), createPath("/foo/baz"), options); + } finally { + assertSame(foo, getFileSystemEntry("/foo")); + assertEquals(0, getChildCount("/foo")); + } + }); + } + + @Test + public void testMoveFTPFailure() throws IOException { + Assertions.assertThrows(FTPFileSystemException.class, () -> { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry bar = addFile("/foo/bar"); + CopyOption[] options = {}; + try { + getFileSystem().move(createPath("/foo/bar"), createPath("/baz/bar"), options); + } finally { + verify(getExceptionFactory()).createMoveException(eq("/foo/bar"), eq("/baz/bar"), eq(553), anyString()); + assertSame(foo, getFileSystemEntry("/foo")); + assertSame(bar, getFileSystemEntry("/foo/bar")); + assertNull(getFileSystemEntry("/baz")); + } + }); + } + + @Test + public void testMoveEmptyRoot() { + Assertions.assertThrows(DirectoryNotEmptyException.class, () -> { + CopyOption[] options = {}; + try { + getFileSystem().move(createPath("/"), createPath("/baz"), options); + } finally { + assertNull(getFileSystemEntry("/baz")); + } + }); + } + + @Test + public void testMoveNonEmptyRoot() { + Assertions.assertThrows(DirectoryNotEmptyException.class, () -> { + DirectoryEntry foo = addDirectory("/foo"); + CopyOption[] options = {}; + try { + getFileSystem().move(createPath("/"), createPath("/baz"), options); + } finally { + assertSame(foo, getFileSystemEntry("/foo")); + assertNull(getFileSystemEntry("/baz")); + } + }); + } + + @Test + public void testMoveReplaceFile() { + Assertions.assertThrows(FTPFileSystemException.class, () -> { + DirectoryEntry foo = addDirectory("/foo"); + DirectoryEntry bar = addDirectory("/foo/bar"); + FileEntry baz = addFile("/baz"); + + CopyOption[] options = {}; + try { + getFileSystem().move(createPath("/baz"), createPath("/foo/bar"), options); + } finally { + verify(getExceptionFactory()).createMoveException(eq("/baz"), eq("/foo/bar"), eq(553), anyString()); + assertSame(foo, getFileSystemEntry("/foo")); + assertSame(bar, getFileSystemEntry("/foo/bar")); + assertSame(baz, getFileSystemEntry("/baz")); + } + }); + } + + @Test + public void testMoveReplaceFileAllowed() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + addFile("/foo/bar"); + FileEntry baz = addFile("/baz"); + + CopyOption[] options = {StandardCopyOption.REPLACE_EXISTING}; + getFileSystem().move(createPath("/baz"), createPath("/foo/bar"), options); + + assertSame(foo, getFileSystemEntry("/foo")); + assertEqualsMinusPath(baz, getFileSystemEntry("/foo/bar")); + assertNull(getFileSystemEntry("/baz")); + } + + @Test + public void testMoveReplaceEmptyDir() throws IOException { + Assertions.assertThrows(FTPFileSystemException.class, () -> { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry baz = addFile("/baz"); + + CopyOption[] options = {}; + try { + getFileSystem().move(createPath("/baz"), createPath("/foo"), options); + } finally { + verify(getExceptionFactory()).createMoveException(eq("/baz"), eq("/foo"), eq(553), anyString()); + assertSame(foo, getFileSystemEntry("/foo")); + assertSame(baz, getFileSystemEntry("/baz")); + } + }); + } + + @Test + public void testMoveReplaceEmptyDirAllowed() throws IOException { + addDirectory("/foo"); + FileEntry baz = addFile("/baz"); + + CopyOption[] options = {StandardCopyOption.REPLACE_EXISTING}; + getFileSystem().move(createPath("/baz"), createPath("/foo"), options); + + assertEqualsMinusPath(baz, getFileSystemEntry("/foo")); + assertNull(getFileSystemEntry("/baz")); + } + + @Test + public void testMoveFile() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry baz = addFile("/baz"); + + CopyOption[] options = {}; + getFileSystem().move(createPath("/baz"), createPath("/foo/bar"), options); + + assertSame(foo, getFileSystemEntry("/foo")); + assertEqualsMinusPath(baz, getFileSystemEntry("/foo/bar")); + assertNull(getFileSystemEntry("/baz")); + } + + @Test + public void testMoveEmptyDir() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + DirectoryEntry baz = addDirectory("/baz"); + + CopyOption[] options = {}; + getFileSystem().move(createPath("/baz"), createPath("/foo/bar"), options); + + assertSame(foo, getFileSystemEntry("/foo")); + assertEqualsMinusPath(baz, getFileSystemEntry("/foo/bar")); + assertNull(getFileSystemEntry("/baz")); + } + + @Test + public void testMoveNonEmptyDir() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + DirectoryEntry baz = addDirectory("/baz"); + FileEntry qux = addFile("/baz/qux"); + + CopyOption[] options = {}; + getFileSystem().move(createPath("/baz"), createPath("/foo/bar"), options); + + assertSame(foo, getFileSystemEntry("/foo")); + assertEqualsMinusPath(baz, getFileSystemEntry("/foo/bar")); + assertEqualsMinusPath(qux, getFileSystemEntry("/foo/bar/qux")); + assertEquals(1, getChildCount("/foo")); + assertEquals(1, getChildCount("/foo/bar")); + } + + @Test + public void testMoveNonEmptyDirSameParent() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry bar = addFile("/foo/bar"); + CopyOption[] options = {}; + try { + getFileSystem().move(createPath("/foo"), createPath("/baz"), options); + } finally { + assertNull(getFileSystemEntry("/foo")); + assertEqualsMinusPath(foo, getFileSystemEntry("/baz")); + assertEqualsMinusPath(bar, getFileSystemEntry("/baz/bar")); + } + } + + @Test + public void testMoveReplaceFileDifferentFileSystems() throws IOException { + Assertions.assertThrows(FileAlreadyExistsException.class, () -> { + DirectoryEntry foo = addDirectory("/foo"); + DirectoryEntry bar = addDirectory("/foo/bar"); + FileEntry baz = addFile("/baz"); + CopyOption[] options = {}; + try { + getFileSystem().move(createPath("/baz"), createPath(getMultiClientFileSystem(), "/foo/bar"), options); + } finally { + verify(getExceptionFactory(), never()).createMoveException(anyString(), anyString(), anyInt(), anyString()); + assertSame(foo, getFileSystemEntry("/foo")); + assertSame(bar, getFileSystemEntry("/foo/bar")); + assertSame(baz, getFileSystemEntry("/baz")); + } + }); + } + + @Test + public void testMoveReplaceFileAllowedDifferentFileSystems() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + addFile("/foo/bar"); + FileEntry baz = addFile("/baz"); + + CopyOption[] options = {StandardCopyOption.REPLACE_EXISTING}; + getFileSystem().move(createPath("/baz"), createPath(getMultiClientFileSystem(), "/foo/bar"), options); + + assertSame(foo, getFileSystemEntry("/foo")); + // permissions are dropped during the copy/delete + assertEqualsMinusPath(baz, getFileSystemEntry("/foo/bar"), false); + assertNull(getFileSystemEntry("/baz")); + } + + @Test + public void testMoveReplaceEmptyDirDifferentFileSystems() { + Assertions.assertThrows(FileAlreadyExistsException.class, () ->{ + DirectoryEntry foo = addDirectory("/foo"); + FileEntry baz = addFile("/baz"); + CopyOption[] options = {}; + try { + getFileSystem().move(createPath("/baz"), createPath(getMultiClientFileSystem(), "/foo"), options); + } finally { + verify(getExceptionFactory(), never()).createMoveException(anyString(), anyString(), anyInt(), anyString()); + assertSame(foo, getFileSystemEntry("/foo")); + assertSame(baz, getFileSystemEntry("/baz")); + } + }); + } + + @Test + public void testMoveReplaceEmptyDirAllowedDifferentFileSystems() throws IOException { + addDirectory("/foo"); + FileEntry baz = addFile("/baz"); + + CopyOption[] options = {StandardCopyOption.REPLACE_EXISTING}; + getFileSystem().move(createPath("/baz"), createPath(getMultiClientFileSystem(), "/foo"), options); + + // permissions are dropped during the copy/delete + assertEqualsMinusPath(baz, getFileSystemEntry("/foo"), false); + assertNull(getFileSystemEntry("/baz")); + } + + @Test + public void testMoveFileDifferentFileSystems() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + FileEntry baz = addFile("/baz"); + + CopyOption[] options = {}; + getFileSystem().move(createPath("/baz"), createPath(getMultiClientFileSystem(), "/foo/bar"), options); + + assertSame(foo, getFileSystemEntry("/foo")); + // permissions are dropped during the copy/delete + assertEqualsMinusPath(baz, getFileSystemEntry("/foo/bar"), false); + assertNull(getFileSystemEntry("/baz")); + } + + @Test + public void testMoveEmptyDirDifferentFileSystems() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + DirectoryEntry baz = addDirectory("/baz"); + + CopyOption[] options = {}; + getFileSystem().move(createPath("/baz"), createPath(getMultiClientFileSystem(), "/foo/bar"), options); + + assertSame(foo, getFileSystemEntry("/foo")); + // permissions are dropped during the copy/delete + assertEqualsMinusPath(baz, getFileSystemEntry("/foo/bar"), false); + assertNull(getFileSystemEntry("/baz")); + } + + @Test + public void testMoveNonEmptyDirDifferentFileSystems() { + Assertions.assertThrows(FTPFileSystemException.class, () -> { + DirectoryEntry foo = addDirectory("/foo"); + DirectoryEntry baz = addDirectory("/baz"); + addFile("/baz/qux"); + CopyOption[] options = {}; + try { + getFileSystem().move(createPath("/baz"), createPath(getMultiClientFileSystem(), "/foo/bar"), options); + } finally { + verify(getExceptionFactory()).createDeleteException(eq("/baz"), eq(550), anyString(), eq(true)); + assertSame(foo, getFileSystemEntry("/foo")); + assertSame(baz, getFileSystemEntry("/baz")); + } + }); + } + + private void assertEqualsMinusPath(FileSystemEntry entry1, FileSystemEntry entry2) throws IOException { + assertEqualsMinusPath(entry1, entry2, true); + } + + private void assertEqualsMinusPath(FileSystemEntry entry1, FileSystemEntry entry2, boolean includePermissions) throws IOException { + assertEquals(entry1.getClass(), entry2.getClass()); + assertEquals(entry1.getSize(), entry2.getSize()); + assertEquals(entry1.getOwner(), entry2.getOwner()); + assertEquals(entry1.getGroup(), entry2.getGroup()); + if (includePermissions) { + assertEquals(entry1.getPermissions(), entry2.getPermissions()); + } + + if (entry1 instanceof FileEntry && entry2 instanceof FileEntry) { + FileEntry file1 = (FileEntry) entry1; + FileEntry file2 = (FileEntry) entry2; + assertArrayEquals(getContents(file1), getContents(file2)); + } + } + + @Test + public void testIsSameFileEquals() throws IOException { + + assertTrue(getFileSystem().isSameFile(createPath("/"), createPath("/"))); + assertTrue(getFileSystem().isSameFile(createPath("/foo"), createPath("/foo"))); + assertTrue(getFileSystem().isSameFile(createPath("/foo/bar"), createPath("/foo/bar"))); + + assertTrue(getFileSystem().isSameFile(createPath(""), createPath(""))); + assertTrue(getFileSystem().isSameFile(createPath("foo"), createPath("foo"))); + assertTrue(getFileSystem().isSameFile(createPath("foo/bar"), createPath("foo/bar"))); + + assertTrue(getFileSystem().isSameFile(createPath(""), createPath("/home/test"))); + assertTrue(getFileSystem().isSameFile(createPath("/home/test"), createPath(""))); + } + + @Test + public void testIsSameFileExisting() throws IOException { + FileEntry bar = addFile("/home/test/foo/bar"); + addSymLink("/bar", bar); + + assertTrue(getFileSystem().isSameFile(createPath("/home/test"), createPath(""))); + assertTrue(getFileSystem().isSameFile(createPath("/home/test/foo"), createPath("foo"))); + assertTrue(getFileSystem().isSameFile(createPath("/home/test/foo/bar"), createPath("foo/bar"))); + + assertTrue(getFileSystem().isSameFile(createPath(""), createPath("/home/test"))); + assertTrue(getFileSystem().isSameFile(createPath("foo"), createPath("/home/test/foo"))); + assertTrue(getFileSystem().isSameFile(createPath("foo/bar"), createPath("/home/test/foo/bar"))); + + assertFalse(getFileSystem().isSameFile(createPath("foo"), createPath("foo/bar"))); + + assertTrue(getFileSystem().isSameFile(createPath("/bar"), createPath("/home/test/foo/bar"))); + } + + @Test + public void testIsSameFileFirstNonExisting() { + Assertions.assertThrows(NoSuchFileException.class, () -> { + getFileSystem().isSameFile(createPath("/foo"), createPath("/")); + }); + } + + @Test + public void testIsSameFileSecondNonExisting() { + Assertions.assertThrows(NoSuchFileException.class, () -> { + getFileSystem().isSameFile(createPath("/"), createPath("/foo")); + }); + } + + @Test + public void testIsHidden() throws IOException { + addDirectory("/foo"); + addDirectory("/.foo"); + addFile("/foo/bar"); + addFile("/foo/.bar"); + + assertFalse(getFileSystem().isHidden(createPath("/foo"))); + assertTrue(getFileSystem().isHidden(createPath("/.foo"))); + assertFalse(getFileSystem().isHidden(createPath("/foo/bar"))); + assertTrue(getFileSystem().isHidden(createPath("/foo/.bar"))); + } + + @Test + public void testIsHiddenNonExisting() throws IOException { + Assertions.assertThrows(NoSuchFileException.class, () -> { + getFileSystem().isHidden(createPath("/foo")); + }); + } + + @Test + public void testCheckAccessNonExisting() { + Assertions.assertThrows(NoSuchFileException.class, () -> { + getFileSystem().checkAccess(createPath("/foo/bar")); + }); + } + + @Test + public void testCheckAccessNoModes() throws IOException { + addDirectory("/foo/bar"); + getFileSystem().checkAccess(createPath("/foo/bar")); + } + + @Test + public void testCheckAccessOnlyRead() throws IOException { + addDirectory("/foo/bar"); + getFileSystem().checkAccess(createPath("/foo/bar"), AccessMode.READ); + } + + @Test + public void testCheckAccessOnlyWriteNotReadOnly() throws IOException { + addDirectory("/foo/bar"); + getFileSystem().checkAccess(createPath("/foo/bar"), AccessMode.WRITE); + } + + @Test + public void testCheckAccessOnlyWriteReadOnly() { + Assertions.assertThrows(AccessDeniedException.class, () -> { + DirectoryEntry bar = addDirectory("/foo/bar"); + bar.setPermissionsFromString("r-xr-xr-x"); + getFileSystem().checkAccess(createPath("/foo/bar"), AccessMode.WRITE); + }); + } + + @Test + public void testCheckAccessOnlyExecute() { + Assertions.assertThrows(AccessDeniedException.class, () -> { + DirectoryEntry bar = addDirectory("/foo/bar"); + bar.setPermissionsFromString("rw-rw-rw-"); + getFileSystem().checkAccess(createPath("/foo/bar"), AccessMode.EXECUTE); + }); + } + + @Test + public void testReadAttributesFileFollowLinks() throws IOException { + FileEntry foo = addFile("/foo"); + foo.setContents(new byte[1024]); + foo.setPermissionsFromString("r-xr-xr-x"); + foo.setOwner("user"); + foo.setGroup("group"); + + PosixFileAttributes attributes = getFileSystem().readAttributes(createPath("/foo")); + + assertEquals(foo.getSize(), attributes.size()); + assertEquals("user", attributes.owner().getName()); + assertEquals("group", attributes.group().getName()); + assertEquals(PosixFilePermissions.fromString("r-xr-xr-x"), attributes.permissions()); + assertFalse(attributes.isDirectory()); + assertTrue(attributes.isRegularFile()); + assertFalse(attributes.isSymbolicLink()); + assertFalse(attributes.isOther()); + } + + @Test + public void testReadAttributesFileNoFollowLinks() throws IOException { + FileEntry foo = addFile("/foo"); + foo.setContents(new byte[1024]); + foo.setPermissionsFromString("r-xr-xr-x"); + foo.setOwner("user"); + foo.setGroup("group"); + + PosixFileAttributes attributes = getFileSystem().readAttributes(createPath("/foo"), LinkOption.NOFOLLOW_LINKS); + + assertEquals(foo.getSize(), attributes.size()); + assertEquals("user", attributes.owner().getName()); + assertEquals("group", attributes.group().getName()); + assertEquals(PosixFilePermissions.fromString("r-xr-xr-x"), attributes.permissions()); + assertFalse(attributes.isDirectory()); + assertTrue(attributes.isRegularFile()); + assertFalse(attributes.isSymbolicLink()); + assertFalse(attributes.isOther()); + } + + @Test + public void testReadAttributesDirectoryFollowLinks() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + foo.setPermissionsFromString("r-xr-xr-x"); + foo.setOwner("user"); + foo.setGroup("group"); + + PosixFileAttributes attributes = getFileSystem().readAttributes(createPath("/foo")); + + assertEquals(foo.getSize(), attributes.size()); + assertEquals("user", attributes.owner().getName()); + assertEquals("group", attributes.group().getName()); + assertEquals(PosixFilePermissions.fromString("r-xr-xr-x"), attributes.permissions()); + assertTrue(attributes.isDirectory()); + assertFalse(attributes.isRegularFile()); + assertFalse(attributes.isSymbolicLink()); + assertFalse(attributes.isOther()); + } + + @Test + public void testReadAttributesDirectoryNoFollowLinks() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + foo.setPermissionsFromString("r-xr-xr-x"); + foo.setOwner("user"); + foo.setGroup("group"); + + PosixFileAttributes attributes = getFileSystem().readAttributes(createPath("/foo"), LinkOption.NOFOLLOW_LINKS); + + assertEquals(foo.getSize(), attributes.size()); + assertEquals("user", attributes.owner().getName()); + assertEquals("group", attributes.group().getName()); + assertEquals(PosixFilePermissions.fromString("r-xr-xr-x"), attributes.permissions()); + assertTrue(attributes.isDirectory()); + assertFalse(attributes.isRegularFile()); + assertFalse(attributes.isSymbolicLink()); + assertFalse(attributes.isOther()); + } + + @Test + public void testReadAttributesSymLinkToFileFollowLinks() throws IOException { + FileEntry foo = addFile("/foo"); + foo.setContents(new byte[1024]); + foo.setPermissionsFromString("r-xr-xr-x"); + foo.setOwner("user"); + foo.setGroup("group"); + SymbolicLinkEntry bar = addSymLink("/bar", foo); + + PosixFileAttributes attributes = getFileSystem().readAttributes(createPath("/bar")); + + assertEquals(foo.getSize(), attributes.size()); + assertNotEquals(bar.getSize(), attributes.size()); + assertEquals("user", attributes.owner().getName()); + assertEquals("group", attributes.group().getName()); + assertEquals(PosixFilePermissions.fromString("r-xr-xr-x"), attributes.permissions()); + assertFalse(attributes.isDirectory()); + assertTrue(attributes.isRegularFile()); + assertFalse(attributes.isSymbolicLink()); + assertFalse(attributes.isOther()); + } + + @Test + public void testReadAttributesSymLinkToFileNoFollowLinks() throws IOException { + FileEntry foo = addFile("/foo"); + foo.setPermissionsFromString("r-xr-xr-x"); + foo.setOwner("user"); + foo.setGroup("group"); + SymbolicLinkEntry bar = addSymLink("/bar", foo); + + PosixFileAttributes attributes = getFileSystem().readAttributes(createPath("/bar"), LinkOption.NOFOLLOW_LINKS); + + assertEquals(bar.getSize(), attributes.size()); + assertNotEquals(foo.getSize(), attributes.size()); + assertEquals("user", attributes.owner().getName()); + assertEquals("group", attributes.group().getName()); + assertEquals(PosixFilePermissions.fromString("rwxrwxrwx"), attributes.permissions()); + assertFalse(attributes.isDirectory()); + assertFalse(attributes.isRegularFile()); + assertTrue(attributes.isSymbolicLink()); + assertFalse(attributes.isOther()); + } + + @Test + public void testReadAttributesSymLinkToDirectoryFollowLinks() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + foo.setPermissionsFromString("r-xr-xr-x"); + foo.setOwner("user"); + foo.setGroup("group"); + SymbolicLinkEntry bar = addSymLink("/bar", foo); + + PosixFileAttributes attributes = getFileSystem().readAttributes(createPath("/bar")); + + assertEquals(foo.getSize(), attributes.size()); + assertNotEquals(bar.getSize(), attributes.size()); + assertEquals("user", attributes.owner().getName()); + assertEquals("group", attributes.group().getName()); + assertEquals(PosixFilePermissions.fromString("r-xr-xr-x"), attributes.permissions()); + assertTrue(attributes.isDirectory()); + assertFalse(attributes.isRegularFile()); + assertFalse(attributes.isSymbolicLink()); + assertFalse(attributes.isOther()); + } + + @Test + public void testReadAttributesSymLinkToDirectoryNoFollowLinks() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + foo.setPermissionsFromString("r-xr-xr-x"); + foo.setOwner("user"); + foo.setGroup("group"); + SymbolicLinkEntry bar = addSymLink("/bar", foo); + + PosixFileAttributes attributes = getFileSystem().readAttributes(createPath("/bar"), LinkOption.NOFOLLOW_LINKS); + + assertEquals(bar.getSize(), attributes.size()); + assertNotEquals(foo.getSize(), attributes.size()); + assertEquals("user", attributes.owner().getName()); + assertEquals("group", attributes.group().getName()); + assertEquals(PosixFilePermissions.fromString("rwxrwxrwx"), attributes.permissions()); + assertFalse(attributes.isDirectory()); + assertFalse(attributes.isRegularFile()); + assertTrue(attributes.isSymbolicLink()); + assertFalse(attributes.isOther()); + } + + @Test + public void testReadAttributesNonExisting() { + Assertions.assertThrows(NoSuchFileException.class, () -> + getFileSystem().readAttributes(createPath("/foo")) + ); + } + + @Test + public void testReadAttributesMapNoTypeLastModifiedTime() throws IOException { + addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "lastModifiedTime"); + assertEquals(Collections.singleton("basic:lastModifiedTime"), attributes.keySet()); + assertNotNull(attributes.get("basic:lastModifiedTime")); + } + + @Test + public void testReadAttributesMapNoTypeLastAccessTime() throws IOException { + addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "lastAccessTime"); + assertEquals(Collections.singleton("basic:lastAccessTime"), attributes.keySet()); + assertNotNull(attributes.get("basic:lastAccessTime")); + } + + @Test + public void testReadAttributesMapNoTypeCreateTime() throws IOException { + addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "creationTime"); + assertEquals(Collections.singleton("basic:creationTime"), attributes.keySet()); + assertNotNull(attributes.get("basic:creationTime")); + } + + @Test + public void testReadAttributesMapNoTypeBasicSize() throws IOException { + FileEntry foo = addFile("/foo"); + foo.setContents(new byte[1024]); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "size"); + Map expected = Collections.singletonMap("basic:size", foo.getSize()); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapNoTypeIsRegularFile() throws IOException { + addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "isRegularFile"); + Map expected = Collections.singletonMap("basic:isRegularFile", false); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapNoTypeIsDirectory() throws IOException { + addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "isDirectory"); + Map expected = Collections.singletonMap("basic:isDirectory", true); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapNoTypeIsSymbolicLink() throws IOException { + addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "isSymbolicLink"); + Map expected = Collections.singletonMap("basic:isSymbolicLink", false); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapNoTypeIsOther() throws IOException { + addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "isOther"); + Map expected = Collections.singletonMap("basic:isOther", false); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapNoTypeFileKey() throws IOException { + addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "fileKey"); + Map expected = Collections.singletonMap("basic:fileKey", null); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapNoTypeMultiple() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "size,isDirectory"); + Map expected = new HashMap<>(); + expected.put("basic:size", foo.getSize()); + expected.put("basic:isDirectory", true); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapNoTypeAll() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "*"); + Map expected = new HashMap<>(); + expected.put("basic:size", foo.getSize()); + expected.put("basic:isRegularFile", false); + expected.put("basic:isDirectory", true); + expected.put("basic:isSymbolicLink", false); + expected.put("basic:isOther", false); + expected.put("basic:fileKey", null); + + assertNotNull(attributes.remove("basic:lastModifiedTime")); + assertNotNull(attributes.remove("basic:lastAccessTime")); + assertNotNull(attributes.remove("basic:creationTime")); + assertEquals(expected, attributes); + + attributes = getFileSystem().readAttributes(createPath("/foo"), "basic:lastModifiedTime,*"); + assertNotNull(attributes.remove("basic:lastModifiedTime")); + assertNotNull(attributes.remove("basic:lastAccessTime")); + assertNotNull(attributes.remove("basic:creationTime")); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapBasicLastModifiedTime() throws IOException { + addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "basic:lastModifiedTime"); + assertEquals(Collections.singleton("basic:lastModifiedTime"), attributes.keySet()); + assertNotNull(attributes.get("basic:lastModifiedTime")); + } + + @Test + public void testReadAttributesMapBasicLastAccessTime() throws IOException { + addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "basic:lastAccessTime"); + assertEquals(Collections.singleton("basic:lastAccessTime"), attributes.keySet()); + assertNotNull(attributes.get("basic:lastAccessTime")); + } + + @Test + public void testReadAttributesMapBasicCreateTime() throws IOException { + addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "basic:creationTime"); + assertEquals(Collections.singleton("basic:creationTime"), attributes.keySet()); + assertNotNull(attributes.get("basic:creationTime")); + } + + @Test + public void testReadAttributesMapBasicSize() throws IOException { + FileEntry foo = addFile("/foo"); + foo.setContents(new byte[1024]); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "basic:size"); + Map expected = Collections.singletonMap("basic:size", foo.getSize()); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapBasicIsRegularFile() throws IOException { + addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "basic:isRegularFile"); + Map expected = Collections.singletonMap("basic:isRegularFile", false); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapBasicIsDirectory() throws IOException { + addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "basic:isDirectory"); + Map expected = Collections.singletonMap("basic:isDirectory", true); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapBasicIsSymbolicLink() throws IOException { + addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "basic:isSymbolicLink"); + Map expected = Collections.singletonMap("basic:isSymbolicLink", false); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapBasicIsOther() throws IOException { + addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "basic:isOther"); + Map expected = Collections.singletonMap("basic:isOther", false); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapBasicFileKey() throws IOException { + addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "basic:fileKey"); + Map expected = Collections.singletonMap("basic:fileKey", null); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapBasicMultiple() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "basic:size,isDirectory"); + Map expected = new HashMap<>(); + expected.put("basic:size", foo.getSize()); + expected.put("basic:isDirectory", true); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapBasicAll() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "basic:*"); + Map expected = new HashMap<>(); + expected.put("basic:size", foo.getSize()); + expected.put("basic:isRegularFile", false); + expected.put("basic:isDirectory", true); + expected.put("basic:isSymbolicLink", false); + expected.put("basic:isOther", false); + expected.put("basic:fileKey", null); + + assertNotNull(attributes.remove("basic:lastModifiedTime")); + assertNotNull(attributes.remove("basic:lastAccessTime")); + assertNotNull(attributes.remove("basic:creationTime")); + assertEquals(expected, attributes); + + attributes = getFileSystem().readAttributes(createPath("/foo"), "basic:lastModifiedTime,*"); + assertNotNull(attributes.remove("basic:lastModifiedTime")); + assertNotNull(attributes.remove("basic:lastAccessTime")); + assertNotNull(attributes.remove("basic:creationTime")); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapPosixLastModifiedTime() throws IOException { + addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "posix:lastModifiedTime"); + assertEquals(Collections.singleton("posix:lastModifiedTime"), attributes.keySet()); + assertNotNull(attributes.get("posix:lastModifiedTime")); + } + + @Test + public void testReadAttributesMapPosixLastAccessTime() throws IOException { + addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "posix:lastAccessTime"); + assertEquals(Collections.singleton("posix:lastAccessTime"), attributes.keySet()); + assertNotNull(attributes.get("posix:lastAccessTime")); + } + + @Test + public void testReadAttributesMapPosixCreateTime() throws IOException { + addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "posix:creationTime"); + assertEquals(Collections.singleton("posix:creationTime"), attributes.keySet()); + assertNotNull(attributes.get("posix:creationTime")); + } + + @Test + public void testReadAttributesMapPosixSize() throws IOException { + FileEntry foo = addFile("/foo"); + foo.setContents(new byte[1024]); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "posix:size"); + Map expected = Collections.singletonMap("posix:size", foo.getSize()); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapPosixIsRegularFile() throws IOException { + addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "posix:isRegularFile"); + Map expected = Collections.singletonMap("posix:isRegularFile", false); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapPosixIsDirectory() throws IOException { + addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "posix:isDirectory"); + Map expected = Collections.singletonMap("posix:isDirectory", true); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapPosixIsSymbolicLink() throws IOException { + addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "posix:isSymbolicLink"); + Map expected = Collections.singletonMap("posix:isSymbolicLink", false); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapPosixIsOther() throws IOException { + addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "posix:isOther"); + Map expected = Collections.singletonMap("posix:isOther", false); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapPosixFileKey() throws IOException { + addDirectory("/foo"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "posix:fileKey"); + Map expected = Collections.singletonMap("posix:fileKey", null); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapOwnerOwner() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + foo.setOwner("test"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "owner:owner"); + Map expected = Collections.singletonMap("owner:owner", new SimpleUserPrincipal(foo.getOwner())); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapOwnerAll() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + foo.setOwner("test"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "owner:*"); + Map expected = new HashMap<>(); + expected.put("owner:owner", new SimpleUserPrincipal(foo.getOwner())); + assertEquals(expected, attributes); + + attributes = getFileSystem().readAttributes(createPath("/foo"), "owner:owner,*"); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapPosixOwner() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + foo.setOwner("test"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "posix:owner"); + Map expected = Collections.singletonMap("posix:owner", new SimpleUserPrincipal(foo.getOwner())); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapPosixGroup() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + foo.setGroup("test"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "posix:group"); + Map expected = Collections.singletonMap("posix:group", new SimpleGroupPrincipal(foo.getGroup())); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapPosixPermissions() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + foo.setPermissionsFromString("r-xr-xr-x"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "posix:permissions"); + Map expected = Collections.singletonMap("posix:permissions", PosixFilePermissions.fromString(foo.getPermissions().asRwxString())); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapPosixMultiple() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + foo.setOwner("test"); + foo.setGroup("test"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "posix:size,owner,group"); + Map expected = new HashMap<>(); + expected.put("posix:size", foo.getSize()); + expected.put("posix:owner", new SimpleUserPrincipal(foo.getOwner())); + expected.put("posix:group", new SimpleGroupPrincipal(foo.getGroup())); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapPosixAll() throws IOException { + DirectoryEntry foo = addDirectory("/foo"); + foo.setOwner("test"); + foo.setGroup("group"); + foo.setPermissionsFromString("r-xr-xr-x"); + + Map attributes = getFileSystem().readAttributes(createPath("/foo"), "posix:*"); + Map expected = new HashMap<>(); + expected.put("posix:size", foo.getSize()); + expected.put("posix:isRegularFile", false); + expected.put("posix:isDirectory", true); + expected.put("posix:isSymbolicLink", false); + expected.put("posix:isOther", false); + expected.put("posix:fileKey", null); + expected.put("posix:owner", new SimpleUserPrincipal(foo.getOwner())); + expected.put("posix:group", new SimpleGroupPrincipal(foo.getGroup())); + expected.put("posix:permissions", PosixFilePermissions.fromString(foo.getPermissions().asRwxString())); + + assertNotNull(attributes.remove("posix:lastModifiedTime")); + assertNotNull(attributes.remove("posix:lastAccessTime")); + assertNotNull(attributes.remove("posix:creationTime")); + assertEquals(expected, attributes); + + attributes = getFileSystem().readAttributes(createPath("/foo"), "posix:lastModifiedTime,*"); + assertNotNull(attributes.remove("posix:lastModifiedTime")); + assertNotNull(attributes.remove("posix:lastAccessTime")); + assertNotNull(attributes.remove("posix:creationTime")); + assertEquals(expected, attributes); + } + + @Test + public void testReadAttributesMapUnsupportedAttribute() throws IOException { + Assertions.assertThrows(IllegalArgumentException.class, () -> { + DirectoryEntry foo = addDirectory("/foo"); + foo.setOwner("test"); + getFileSystem().readAttributes(createPath("/foo"), "posix:lastModifiedTime,owner,dummy"); + }); + } + + @Test + public void testReadAttributesMapUnsupportedType() throws IOException { + Assertions.assertThrows(UnsupportedOperationException.class, () -> { + addDirectory("/foo"); + getFileSystem().readAttributes(createPath("/foo"), "zipfs:*"); + }); + } + + @Test + public void testGetFTPFileFile() throws IOException { + addFile("/foo"); + + FTPFile file = getFileSystem().getFTPFile(createPath("/foo")); + assertNotNull(file); + assertEquals("foo", file.getName()); + assertTrue(file.isFile()); + } + + @Test + public void testGetFTPFileFileNotExisting() { + Assertions.assertThrows(NoSuchFileException.class, () -> { + try { + getFileSystem().getFTPFile(createPath("/foo")); + + } finally { + VerificationMode verificationMode = times(1); + verify(getExceptionFactory(), verificationMode).createGetFileException(eq("/foo"), eq(226), anyString()); + } + }); + } + + @Test + public void testGetFTPFileFileAccessDenied() { + Assertions.assertThrows(NoSuchFileException.class, () -> { + addFile("/foo/bar"); + getFile("/foo/bar").setPermissionsFromString("---------"); + try { + FTPFile file = getFileSystem().getFTPFile(createPath("/foo/bar")); + assertNotNull(file); + assertEquals("bar", file.getName()); + assertTrue(file.isFile()); + for (int access = FTPFile.USER_ACCESS; access <= FTPFile.WORLD_ACCESS; access++) { + for (int permission = FTPFile.READ_PERMISSION; permission <= FTPFile.EXECUTE_PERMISSION; permission++) { + assertFalse(file.hasPermission(access, permission)); + } + } + } finally { + VerificationMode verificationMode = times(1); + verify(getExceptionFactory(), verificationMode).createGetFileException(eq("/foo/bar"), eq(550), anyString()); + } + }); + } + + @Test + public void testGetFTPFileDirectory() throws IOException { + addDirectory("/foo"); + FTPFile file = getFileSystem().getFTPFile(createPath("/foo")); + assertNotNull(file); + assertEquals(".", file.getName()); + assertTrue(file.isDirectory()); + } + + @Test + public void testGetFTPFileDirectoryAccessDenied() { + Assertions.assertThrows(NoSuchFileException.class, () -> { + DirectoryEntry bar = addDirectory("/foo/bar"); + bar.setPermissionsFromString("---------"); + try { + FTPFile file = getFileSystem().getFTPFile(createPath("/foo/bar")); + assertNotNull(file); + assertEquals("bar", file.getName()); + assertTrue(file.isDirectory()); + for (int access = FTPFile.USER_ACCESS; access <= FTPFile.WORLD_ACCESS; access++) { + for (int permission = FTPFile.READ_PERMISSION; permission <= FTPFile.EXECUTE_PERMISSION; permission++) { + assertFalse(file.hasPermission(access, permission)); + } + } + } finally { + VerificationMode verificationMode = times(1); + verify(getExceptionFactory(), verificationMode).createGetFileException(eq("/foo/bar"), eq(550), anyString()); + } + }); + } + + private static final class AcceptAllFilter implements Filter { + + private static final AcceptAllFilter INSTANCE = new AcceptAllFilter(); + + @Override + public boolean accept(Path entry) { + return true; + } + } +} diff --git a/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/FTPMessagesTest.java b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/FTPMessagesTest.java new file mode 100644 index 0000000..276c675 --- /dev/null +++ b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/FTPMessagesTest.java @@ -0,0 +1,111 @@ +package org.xbib.io.ftp.fs; + +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.Arguments; +import org.junit.jupiter.params.provider.MethodSource; +import java.lang.reflect.Method; +import java.lang.reflect.Modifier; +import java.net.URI; +import java.nio.file.CopyOption; +import java.nio.file.OpenOption; +import java.nio.file.StandardCopyOption; +import java.nio.file.StandardOpenOption; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.Set; +import java.util.stream.Stream; + +public class FTPMessagesTest { + + private static final Map, Object> INSTANCES; + + static { + Map, Object> map = new HashMap<>(); + + map.put(boolean.class, true); + map.put(Boolean.class, true); + + map.put(char.class, 'A'); + map.put(Character.class, 'A'); + + map.put(byte.class, (byte) 13); + map.put(Byte.class, (byte) 13); + map.put(short.class, (short) 13); + map.put(Short.class, (short) 13); + map.put(int.class, 13); + map.put(Integer.class, 13); + map.put(long.class, 13L); + map.put(Long.class, 13L); + map.put(float.class, 13F); + map.put(Float.class, 13F); + map.put(double.class, 13D); + map.put(Double.class, 13D); + + map.put(String.class, "foobar"); + map.put(Class.class, Object.class); + map.put(Object.class, "foobar"); + + map.put(Collection.class, Collections.emptyList()); + map.put(List.class, Collections.emptyList()); + map.put(Set.class, Collections.emptySet()); + map.put(Map.class, Collections.emptyMap()); + + map.put(OpenOption.class, StandardOpenOption.READ); + map.put(OpenOption[].class, new OpenOption[0]); + + map.put(CopyOption.class, StandardCopyOption.REPLACE_EXISTING); + map.put(CopyOption[].class, new CopyOption[0]); + + map.put(URI.class, URI.create("https://www.github.com/")); + + INSTANCES = Collections.unmodifiableMap(map); + } + + public static Stream getParameters() { + List parameters = new ArrayList<>(); + collectParameters(parameters, FTPMessages.class, null, "Messages"); + return parameters.stream().map(Arguments::of); + } + + private static void collectParameters(List parameters, Class cls, Object instance, String path) { + for (Method method : cls.getMethods()) { + if (method.getDeclaringClass() != Object.class) { + String methodPath = path + "." + method.getName(); + parameters.add(new Object[]{methodPath, method, instance}); + Class returnType = method.getReturnType(); + if (returnType.getDeclaringClass() == FTPMessages.class) { + Object obj = Modifier.isStatic(method.getModifiers()) ? null : instance; + try { + Object[] arguments = getArguments(method); + Object returnValue = method.invoke(obj, arguments); + collectParameters(parameters, returnType, returnValue, methodPath); + } catch (NullPointerException | ReflectiveOperationException e) { + // ignore the exception; the test for the method will fail + } + } + } + } + } + + private static Object[] getArguments(Method method) { + Class[] parameterTypes = method.getParameterTypes(); + Object[] arguments = new Object[parameterTypes.length]; + for (int i = 0; i < parameterTypes.length; i++) { + arguments[i] = Objects.requireNonNull(INSTANCES.get(parameterTypes[i]), "no instance defined for " + parameterTypes[i]); + } + return arguments; + } + + @ParameterizedTest + @MethodSource("getParameters") + public void testMethodCall(String methodName, Method method, Object target) throws Exception { + Object obj = Modifier.isStatic(method.getModifiers()) ? null : target; + Object[] args = getArguments(method); + method.invoke(obj, args); + } +} diff --git a/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/server/ExtendedUnixDirectoryListingFormatter.java b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/server/ExtendedUnixDirectoryListingFormatter.java new file mode 100644 index 0000000..fe3fbd2 --- /dev/null +++ b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/server/ExtendedUnixDirectoryListingFormatter.java @@ -0,0 +1,20 @@ +package org.xbib.io.ftp.fs.server; + +import org.mockftpserver.fake.filesystem.FileSystemEntry; +import org.mockftpserver.fake.filesystem.UnixDirectoryListingFormatter; + +/** + * An extended version of {@link UnixDirectoryListingFormatter} that supports symbolic links. + */ +public class ExtendedUnixDirectoryListingFormatter extends UnixDirectoryListingFormatter { + + @Override + public String format(FileSystemEntry fileSystemEntry) { + String formatted = super.format(fileSystemEntry); + if (fileSystemEntry instanceof SymbolicLinkEntry) { + SymbolicLinkEntry symLink = (SymbolicLinkEntry) fileSystemEntry; + formatted = "l" + formatted.substring(1) + " -> " + symLink.getTarget().getPath(); + } + return formatted; + } +} diff --git a/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/server/ExtendedUnixFakeFileSystem.java b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/server/ExtendedUnixFakeFileSystem.java new file mode 100644 index 0000000..7fd76df --- /dev/null +++ b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/server/ExtendedUnixFakeFileSystem.java @@ -0,0 +1,34 @@ +package org.xbib.io.ftp.fs.server; + +import org.mockftpserver.fake.filesystem.FileSystemEntry; +import org.mockftpserver.fake.filesystem.UnixFakeFileSystem; + +import java.util.List; + +/** + * An extended version of {@link UnixFakeFileSystem} that supports symbolic links. + */ +public class ExtendedUnixFakeFileSystem extends UnixFakeFileSystem { + + public ExtendedUnixFakeFileSystem() { + setDirectoryListingFormatter(new ExtendedUnixDirectoryListingFormatter()); + } + + private String resolveLinks(String path) { + FileSystemEntry entry = getEntry(path); + if (entry instanceof SymbolicLinkEntry && entry.isDirectory()) { + return ((SymbolicLinkEntry) entry).resolve().getPath(); + } + return path; + } + + @Override + public List listFiles(String path) { + return super.listFiles(resolveLinks(path)); + } + + @Override + public List listNames(String path) { + return super.listNames(resolveLinks(path)); + } +} diff --git a/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/server/ListHiddenFilesCommandHandler.java b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/server/ListHiddenFilesCommandHandler.java new file mode 100644 index 0000000..b1723d2 --- /dev/null +++ b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/server/ListHiddenFilesCommandHandler.java @@ -0,0 +1,93 @@ +package org.xbib.io.ftp.fs.server; + +import org.mockftpserver.core.command.Command; +import org.mockftpserver.core.command.ReplyCodes; +import org.mockftpserver.core.session.Session; +import org.mockftpserver.core.util.StringUtil; +import org.mockftpserver.fake.command.ListCommandHandler; +import org.mockftpserver.fake.filesystem.DirectoryEntry; +import org.mockftpserver.fake.filesystem.FileSystemEntry; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +/** + * A command handler for LIST that supports the {@code -a} flag. + */ +public class ListHiddenFilesCommandHandler extends ListCommandHandler { + + private final boolean includeDotEntry; + + /** + * Creates a new LIST command handler. + * + * @param includeDotEntry {@code true} to include a dot entry, or {@code false} otherwise. + */ + public ListHiddenFilesCommandHandler(boolean includeDotEntry) { + this.includeDotEntry = includeDotEntry; + } + + @Override + protected void handle(Command command, Session session) { + if (command.getParameter(0).startsWith("-a ")) { + String path = command.getParameter(0).substring(3); + handle(path, session); + } else { + super.handle(command, session); + } + } + + private void handle(String path, Session session) { + // code mostly copied from ListCommandHandler.handle, but with added . entry + + verifyLoggedIn(session); + + path = getRealPath(session, path); + + // User must have read permission to the path + if (getFileSystem().exists(path)) { + this.replyCodeForFileSystemException = ReplyCodes.READ_FILE_ERROR; + verifyReadPermission(session, path); + } + + this.replyCodeForFileSystemException = ReplyCodes.SYSTEM_ERROR; + List fileEntries = getFileSystem().listFiles(path); + Iterator iter = fileEntries.iterator(); + List lines = new ArrayList<>(); + while (iter.hasNext()) { + FileSystemEntry entry = (FileSystemEntry) iter.next(); + lines.add(getFileSystem().formatDirectoryListing(entry)); + } + FileSystemEntry entry = getFileSystem().getEntry(path); + if (entry != null && entry.isDirectory() && includeDotEntry) { + lines.add(0, getFileSystem().formatDirectoryListing(addDot(getFileSystem().getEntry(path)))); + } + String result = StringUtil.join(lines, endOfLine()); + result += result.length() > 0 ? endOfLine() : ""; + + sendReply(session, ReplyCodes.TRANSFER_DATA_INITIAL_OK); + + session.openDataConnection(); + LOG.info("Sending [" + result + "]"); + session.sendData(result.getBytes(), result.length()); + session.closeDataConnection(); + + sendReply(session, ReplyCodes.TRANSFER_DATA_FINAL_OK); + } + + private FileSystemEntry addDot(FileSystemEntry entry) { + if (entry instanceof SymbolicLinkEntry) { + entry = ((SymbolicLinkEntry) entry).resolve(); + } + if (entry instanceof DirectoryEntry) { + DirectoryEntry newEntry = new DirectoryEntry(entry.getPath() + "/."); + newEntry.setLastModified(entry.getLastModified()); + newEntry.setOwner(entry.getOwner()); + newEntry.setGroup(entry.getGroup()); + newEntry.setPermissions(entry.getPermissions()); + return newEntry; + } + return entry; + } +} diff --git a/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/server/MDTMCommandHandler.java b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/server/MDTMCommandHandler.java new file mode 100644 index 0000000..6b62958 --- /dev/null +++ b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/server/MDTMCommandHandler.java @@ -0,0 +1,36 @@ +package org.xbib.io.ftp.fs.server; + +import org.mockftpserver.core.command.Command; +import org.mockftpserver.core.command.ReplyCodes; +import org.mockftpserver.core.session.Session; +import org.mockftpserver.fake.command.AbstractFakeCommandHandler; +import org.mockftpserver.fake.filesystem.FileSystemEntry; + +import java.text.SimpleDateFormat; +import java.util.Date; +import java.util.TimeZone; + +/** + * A command handler for the MDTM command. + */ +public class MDTMCommandHandler extends AbstractFakeCommandHandler { + + @Override + protected void handle(Command command, Session session) { + verifyLoggedIn(session); + + String path = getRealPath(session, command.getParameter(0)); + + verifyFileSystemCondition(getFileSystem().exists(path), path, "filesystem.doesNotExist"); + verifyReadPermission(session, path); + + FileSystemEntry entry = getFileSystem().getEntry(path); + session.sendReply(ReplyCodes.STAT_FILE_OK, getResponse(entry.getLastModified())); + } + + private String getResponse(Date date) { + final SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMddHHmmss"); + sdf.setTimeZone(TimeZone.getTimeZone("GMT")); + return sdf.format(date); + } +} diff --git a/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/server/SymbolicLinkEntry.java b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/server/SymbolicLinkEntry.java new file mode 100644 index 0000000..b8fd279 --- /dev/null +++ b/files-ftp-fs/src/test/java/org/xbib/io/ftp/fs/server/SymbolicLinkEntry.java @@ -0,0 +1,100 @@ +package org.xbib.io.ftp.fs.server; + +import org.mockftpserver.fake.filesystem.FileSystemEntry; +import org.mockftpserver.fake.filesystem.Permissions; + +import java.util.Date; + +/** + * A representation of symbolic links. + */ +public class SymbolicLinkEntry implements FileSystemEntry { + + public static final long SIZE = 64; + + private final String path; + private final FileSystemEntry target; + private final Permissions permissions; + + public SymbolicLinkEntry(String path, FileSystemEntry target) { + this.path = path; + this.target = target; + this.permissions = new Permissions("rwxrwxrwx"); + } + + @Override + public boolean isDirectory() { + return target.isDirectory(); + } + + @Override + public String getPath() { + return path; + } + + @Override + public String getName() { + int separatorIndex1 = path.lastIndexOf('/'); + int separatorIndex2 = path.lastIndexOf('\\'); + int separatorIndex = separatorIndex1 > separatorIndex2 ? separatorIndex1 : separatorIndex2; + return (separatorIndex == -1) ? path : path.substring(separatorIndex + 1); + } + + public FileSystemEntry getTarget() { + return target; + } + + public FileSystemEntry resolve() { + FileSystemEntry entry = target; + while (entry instanceof SymbolicLinkEntry) { + entry = ((SymbolicLinkEntry) entry).target; + } + return entry; + } + + @Override + public long getSize() { + return SIZE; + } + + @Override + public Date getLastModified() { + return target.getLastModified(); + } + + @Override + public void setLastModified(Date lastModified) { + target.setLastModified(lastModified); + } + + @Override + public String getOwner() { + return target.getOwner(); + } + + @Override + public String getGroup() { + return target.getGroup(); + } + + @Override + public Permissions getPermissions() { + return permissions; + } + + @Override + public FileSystemEntry cloneWithNewPath(String path) { + return new SymbolicLinkEntry(path, target); + } + + @Override + public void lockPath() { + // path is already read-only + } + + @Override + public String toString() { + return "SymbolicLink['" + getPath() + "' target='" + target + "' size=" + getSize() + " lastModified=" + getLastModified() + " owner=" + + getOwner() + " group=" + getGroup() + " permissions=" + getPermissions() + "]"; + } +} diff --git a/files-ftp-fs/src/test/resources/textfile.txt b/files-ftp-fs/src/test/resources/textfile.txt new file mode 100644 index 0000000..87daee6 --- /dev/null +++ b/files-ftp-fs/src/test/resources/textfile.txt @@ -0,0 +1 @@ +filecontent: hello \ No newline at end of file diff --git a/files-ftp/NOTICE.txt b/files-ftp/NOTICE.txt new file mode 100644 index 0000000..45b1f3f --- /dev/null +++ b/files-ftp/NOTICE.txt @@ -0,0 +1,6 @@ +Apache Commons Net +Copyright 2001-2017 The Apache Software Foundation + +This software includes software developed at +The Apache Software Foundation (http://www.apache.org/). + diff --git a/files-ftp/src/main/java/module-info.java b/files-ftp/src/main/java/module-info.java new file mode 100644 index 0000000..c8c5ee5 --- /dev/null +++ b/files-ftp/src/main/java/module-info.java @@ -0,0 +1,5 @@ +module org.xbib.files.ftp { + exports org.xbib.io.ftp.client; + exports org.xbib.io.ftp.client.parser; + requires java.logging; +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/Base64.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/Base64.java new file mode 100644 index 0000000..ccb724b --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/Base64.java @@ -0,0 +1,701 @@ +package org.xbib.io.ftp.client; + +import java.io.UnsupportedEncodingException; + +/** + * Provides Base64 encoding and decoding as defined by RFC 2045. + * This class implements section 6.8. Base64 Content-Transfer-Encoding from RFC 2045 Multipurpose + * Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies by Freed and Borenstein. + * The class can be parameterized in the following manner with various constructors: + *

      + *
    • URL-safe mode: Default off.
      • + *
    • Line length: Default 76. Line length that aren't multiples of 4 will still essentially end up being multiples of + * 4 in the encoded data. + *
    • Line separator: Default is CRLF ("\r\n")
      • + *
    + * Since this class operates directly on byte streams, and not character streams, it is hard-coded to only encode/decode + * character encodings which are compatible with the lower 127 ASCII chart (ISO-8859-1, Windows-1252, UTF-8, etc). + * + * @see RFC 2045 + */ +public class Base64 { + /** + * Chunk size per RFC 2045 section 6.8. + *

    + *

    + * The {@value} character limit does not count the trailing CRLF, but counts all other characters, including any + * equal signs. + *

    + * + * @see RFC 2045 section 6.8 + */ + static final int CHUNK_SIZE = 76; + private static final int DEFAULT_BUFFER_RESIZE_FACTOR = 2; + private static final int DEFAULT_BUFFER_SIZE = 8192; + /** + * Chunk separator per RFC 2045 section 2.1. + * + * @see RFC 2045 section 2.1 + */ + private static final byte[] CHUNK_SEPARATOR = {'\r', '\n'}; + + private static final byte[] EMPTY_BYTE_ARRAY = new byte[0]; + + /** + * This array is a lookup table that translates 6-bit positive integer index values into their "Base64 Alphabet" + * equivalents as specified in Table 1 of RFC 2045. + *

    + * Thanks to "commons" project in ws.apache.org for this code. + * http://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/ + */ + private static final byte[] STANDARD_ENCODE_TABLE = { + 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', + 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', + 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', + 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', + '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/' + }; + + /** + * This is a copy of the STANDARD_ENCODE_TABLE above, but with + and / + * changed to - and _ to make the encoded Base64 results more URL-SAFE. + * This table is only used when the Base64's mode is set to URL-SAFE. + */ + private static final byte[] URL_SAFE_ENCODE_TABLE = { + 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', + 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', + 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', + 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', + '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '-', '_' + }; + + /** + * Byte used to pad output. + */ + private static final byte PAD = '='; + + /** + * This array is a lookup table that translates Unicode characters drawn from the "Base64 Alphabet" (as specified in + * Table 1 of RFC 2045) into their 6-bit positive integer equivalents. Characters that are not in the Base64 + * alphabet but fall within the bounds of the array are translated to -1. + *

    + * Note: '+' and '-' both decode to 62. '/' and '_' both decode to 63. This means decoder seamlessly handles both + * URL_SAFE and STANDARD base64. (The encoder, on the other hand, needs to know ahead of time what to emit). + *

    + * Thanks to "commons" project in ws.apache.org for this code. + * http://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/ + */ + private static final byte[] DECODE_TABLE = { + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, 62, -1, 63, 52, 53, 54, + 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, -1, 0, 1, 2, 3, 4, + 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, + 24, 25, -1, -1, -1, -1, 63, -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, + 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51 + }; + + /** + * Mask used to extract 6 bits, used when encoding + */ + private static final int MASK_6BITS = 0x3f; + + /** + * Mask used to extract 8 bits, used in decoding base64 bytes + */ + private static final int MASK_8BITS = 0xff; + + // The static final fields above are used for the original static byte[] methods on Base64. + // The private member fields below are used with the new streaming approach, which requires + // some state be preserved between calls of encode() and decode(). + + /** + * Encode table to use: either STANDARD or URL_SAFE. Note: the DECODE_TABLE above remains static because it is able + * to decode both STANDARD and URL_SAFE streams, but the encodeTable must be a member variable so we can switch + * between the two modes. + */ + private final byte[] encodeTable; + + /** + * Line length for encoding. Not used when decoding. A value of zero or less implies no chunking of the base64 + * encoded data. + */ + private final int lineLength; + + /** + * Line separator for encoding. Not used when decoding. Only used if lineLength > 0. + */ + private final byte[] lineSeparator; + + /** + * Convenience variable to help us determine when our buffer is going to run out of room and needs resizing. + * decodeSize = 3 + lineSeparator.length; + */ + private final int decodeSize; + + /** + * Convenience variable to help us determine when our buffer is going to run out of room and needs resizing. + * encodeSize = 4 + lineSeparator.length; + */ + private final int encodeSize; + + /** + * Buffer for streaming. + */ + private byte[] buffer; + + /** + * Position where next character should be written in the buffer. + */ + private int pos; + + /** + * Position where next character should be read from the buffer. + */ + private int readPos; + + /** + * Variable tracks how many characters have been written to the current line. Only used when encoding. We use it to + * make sure each encoded line never goes beyond lineLength (if lineLength > 0). + */ + private int currentLinePos; + + /** + * Writes to the buffer only occur after every 3 reads when encoding, an every 4 reads when decoding. This variable + * helps track that. + */ + private int modulus; + + /** + * Boolean flag to indicate the EOF has been reached. Once EOF has been reached, this Base64 object becomes useless, + * and must be thrown away. + */ + private boolean eof; + + /** + * Place holder for the 3 bytes we're dealing with for our base64 logic. Bitwise operations store and extract the + * base64 encoding or decoding from this variable. + */ + private int x; + + /** + * Creates a Base64 codec used for decoding (all modes) and encoding in URL-unsafe mode. + * When encoding the line length is 76, the line separator is CRLF, and the encoding table is STANDARD_ENCODE_TABLE. + * When decoding all variants are supported. + */ + public Base64() { + this(false); + } + + /** + * Creates a Base64 codec used for decoding (all modes) and encoding in the given URL-safe mode. + * When encoding the line length is 76, the line separator is CRLF, and the encoding table is STANDARD_ENCODE_TABLE. + * When decoding all variants are supported. + * + * @param urlSafe if true, URL-safe encoding is used. In most cases this should be set to + * false. + */ + public Base64(boolean urlSafe) { + this(CHUNK_SIZE, CHUNK_SEPARATOR, urlSafe); + } + + /** + * Creates a Base64 codec used for decoding (all modes) and encoding in URL-unsafe mode. + *

    + * When encoding the line length and line separator are given in the constructor, and the encoding table is + * STANDARD_ENCODE_TABLE. + *

    + *

    + * Line lengths that aren't multiples of 4 will still essentially end up being multiples of 4 in the encoded data. + *

    + *

    + * When decoding all variants are supported. + *

    + * + * @param lineLength Each line of encoded data will be at most of the given length (rounded down to nearest multiple of 4). + * If {@code lineLength <= 0}, then the output will not be divided into lines (chunks). Ignored when decoding. + * @param lineSeparator Each line of encoded data will end with this sequence of bytes. + * @param urlSafe Instead of emitting '+' and '/' we emit '-' and '_' respectively. urlSafe is only applied to encode + * operations. Decoding seamlessly handles both modes. + * @throws IllegalArgumentException The provided lineSeparator included some base64 characters. That's not going to work! + */ + public Base64(int lineLength, byte[] lineSeparator, boolean urlSafe) { + if (lineSeparator == null) { + lineLength = 0; // disable chunk-separating + lineSeparator = EMPTY_BYTE_ARRAY; // this just gets ignored + } + this.lineLength = lineLength > 0 ? (lineLength / 4) * 4 : 0; + this.lineSeparator = new byte[lineSeparator.length]; + System.arraycopy(lineSeparator, 0, this.lineSeparator, 0, lineSeparator.length); + if (lineLength > 0) { + this.encodeSize = 4 + lineSeparator.length; + } else { + this.encodeSize = 4; + } + this.decodeSize = this.encodeSize - 1; + if (containsBase64Byte(lineSeparator)) { + String sep = newStringUtf8(lineSeparator); + throw new IllegalArgumentException("lineSeperator must not contain base64 characters: [" + sep + "]"); + } + this.encodeTable = urlSafe ? URL_SAFE_ENCODE_TABLE : STANDARD_ENCODE_TABLE; + } + + /** + * Returns whether or not the octet is in the base 64 alphabet. + * + * @param octet The value to test + * @return true if the value is defined in the the base 64 alphabet, false otherwise. + */ + public static boolean isBase64(byte octet) { + return octet == PAD || (octet >= 0 && octet < DECODE_TABLE.length && DECODE_TABLE[octet] != -1); + } + + + /** + * Tests a given byte array to see if it contains only valid characters within the Base64 alphabet. + * + * @param arrayOctet byte array to test + * @return true if any byte is a valid character in the Base64 alphabet; false herwise + */ + private static boolean containsBase64Byte(byte[] arrayOctet) { + for (byte element : arrayOctet) { + if (isBase64(element)) { + return true; + } + } + return false; + } + + /** + * Encodes binary data using the base64 algorithm, without using chunking. + * + * @param binaryData binary data to encode + * @return String containing Base64 characters. + */ + public static String encodeBase64StringUnChunked(byte[] binaryData) { + return newStringUtf8(encodeBase64(binaryData, false)); + } + + /** + * Encodes binary data using the base64 algorithm, optionally chunking the output into 76 character blocks. + * + * @param binaryData Array containing binary data to encode. + * @param isChunked if true this encoder will chunk the base64 output into 76 character blocks + * @return Base64-encoded data. + * @throws IllegalArgumentException Thrown when the input array needs an output array bigger than {@link Integer#MAX_VALUE} + */ + public static byte[] encodeBase64(byte[] binaryData, boolean isChunked) { + return encodeBase64(binaryData, isChunked, false); + } + + /** + * Encodes binary data using the base64 algorithm, optionally chunking the output into 76 character blocks. + * + * @param binaryData Array containing binary data to encode. + * @param isChunked if true this encoder will chunk the base64 output into 76 character blocks + * @param urlSafe if true this encoder will emit - and _ instead of the usual + and / characters. + * @return Base64-encoded data. + * @throws IllegalArgumentException Thrown when the input array needs an output array bigger than {@link Integer#MAX_VALUE} + */ + public static byte[] encodeBase64(byte[] binaryData, boolean isChunked, boolean urlSafe) { + return encodeBase64(binaryData, isChunked, urlSafe, Integer.MAX_VALUE); + } + + /** + * Encodes binary data using the base64 algorithm, optionally chunking the output into 76 character blocks. + * + * @param binaryData Array containing binary data to encode. + * @param isChunked if true this encoder will chunk the base64 output into 76 character blocks + * @param urlSafe if true this encoder will emit - and _ instead of the usual + and / characters. + * @param maxResultSize The maximum result size to accept. + * @return Base64-encoded data. + * @throws IllegalArgumentException Thrown when the input array needs an output array bigger than maxResultSize + */ + public static byte[] encodeBase64(byte[] binaryData, boolean isChunked, boolean urlSafe, int maxResultSize) { + if (binaryData == null || binaryData.length == 0) { + return binaryData; + } + + long len = getEncodeLength(binaryData, isChunked ? CHUNK_SIZE : 0, isChunked ? CHUNK_SEPARATOR : EMPTY_BYTE_ARRAY); + if (len > maxResultSize) { + throw new IllegalArgumentException("Input array too big, the output array would be bigger (" + + len + + ") than the specified maxium size of " + + maxResultSize); + } + + Base64 b64 = isChunked ? new Base64(urlSafe) : new Base64(0, CHUNK_SEPARATOR, urlSafe); + return b64.encode(binaryData); + } + + /** + * Decodes a Base64 String into octets + * + * @param base64String String containing Base64 data + * @return Array containing decoded data. + */ + public static byte[] decodeBase64(String base64String) { + return new Base64().decode(base64String); + } + + private static String newStringUtf8(byte[] encode) { + String str = null; + try { + str = new String(encode, "UTF8"); + } catch (UnsupportedEncodingException ue) { + throw new RuntimeException(ue); + } + return str; + } + + /** + * Pre-calculates the amount of space needed to base64-encode the supplied array. + * + * @param pArray byte[] array which will later be encoded + * @param chunkSize line-length of the output (<= 0 means no chunking) between each + * chunkSeparator (e.g. CRLF). + * @param chunkSeparator the sequence of bytes used to separate chunks of output (e.g. CRLF). + * @return amount of space needed to encoded the supplied array. Returns + * a long since a max-len array will require Integer.MAX_VALUE + 33%. + */ + private static long getEncodeLength(byte[] pArray, int chunkSize, byte[] chunkSeparator) { + // base64 always encodes to multiples of 4. + chunkSize = (chunkSize / 4) * 4; + + long len = (pArray.length * 4) / 3; + long mod = len % 4; + if (mod != 0) { + len += 4 - mod; + } + if (chunkSize > 0) { + boolean lenChunksPerfectly = len % chunkSize == 0; + len += (len / chunkSize) * chunkSeparator.length; + if (!lenChunksPerfectly) { + len += chunkSeparator.length; + } + } + return len; + } + + /** + * Returns our current encode mode. True if we're URL-SAFE, false otherwise. + * + * @return true if we're in URL-SAFE mode, false otherwise. + */ + public boolean isUrlSafe() { + return this.encodeTable == URL_SAFE_ENCODE_TABLE; + } + + /** + * Returns the amount of buffered data available for reading. + * + * @return The amount of buffered data available for reading. + */ + int avail() { + return buffer != null ? pos - readPos : 0; + } + + /** + * Doubles our buffer. + */ + private void resizeBuffer() { + if (buffer == null) { + buffer = new byte[DEFAULT_BUFFER_SIZE]; + pos = 0; + readPos = 0; + } else { + byte[] b = new byte[buffer.length * DEFAULT_BUFFER_RESIZE_FACTOR]; + System.arraycopy(buffer, 0, b, 0, buffer.length); + buffer = b; + } + } + + /** + * Extracts buffered data into the provided byte[] array, starting at position bPos, up to a maximum of bAvail + * bytes. Returns how many bytes were actually extracted. + * + * @param b byte[] array to extract the buffered data into. + * @param bPos position in byte[] array to start extraction at. + * @param bAvail amount of bytes we're allowed to extract. We may extract fewer (if fewer are available). + * @return The number of bytes successfully extracted into the provided byte[] array. + */ + int readResults(byte[] b, int bPos, int bAvail) { + if (buffer != null) { + int len = Math.min(avail(), bAvail); + if (buffer != b) { + System.arraycopy(buffer, readPos, b, bPos, len); + readPos += len; + if (readPos >= pos) { + buffer = null; + } + } else { + // Re-using the original consumer's output array is only + // allowed for one round. + buffer = null; + } + return len; + } + return eof ? -1 : 0; + } + + /** + * Sets the streaming buffer. This is a small optimization where we try to buffer directly to the consumer's output + * array for one round (if the consumer calls this method first) instead of starting our own buffer. + * + * @param out byte[] array to buffer directly to. + * @param outPos Position to start buffering into. + * @param outAvail Amount of bytes available for direct buffering. + */ + void setInitialBuffer(byte[] out, int outPos, int outAvail) { + // We can re-use consumer's original output array under + // special circumstances, saving on some System.arraycopy(). + if (out != null && out.length == outAvail) { + buffer = out; + pos = outPos; + readPos = outPos; + } + } + + /** + *

    + * Encodes all of the provided data, starting at inPos, for inAvail bytes. Must be called at least twice: once with + * the data to encode, and once with inAvail set to "-1" to alert encoder that EOF has been reached, so flush last + * remaining bytes (if not multiple of 3). + *

    + *

    + * Thanks to "commons" project in ws.apache.org for the bitwise operations, and general approach. + * http://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/ + *

    + * + * @param in byte[] array of binary data to base64 encode. + * @param inPos Position to start reading data from. + * @param inAvail Amount of bytes available from input for encoding. + */ + void encode(byte[] in, int inPos, int inAvail) { + if (eof) { + return; + } + // inAvail < 0 is how we're informed of EOF in the underlying data we're + // encoding. + if (inAvail < 0) { + eof = true; + if (buffer == null || buffer.length - pos < encodeSize) { + resizeBuffer(); + } + switch (modulus) { + case 1: + buffer[pos++] = encodeTable[(x >> 2) & MASK_6BITS]; + buffer[pos++] = encodeTable[(x << 4) & MASK_6BITS]; + // URL-SAFE skips the padding to further reduce size. + if (encodeTable == STANDARD_ENCODE_TABLE) { + buffer[pos++] = PAD; + buffer[pos++] = PAD; + } + break; + + case 2: + buffer[pos++] = encodeTable[(x >> 10) & MASK_6BITS]; + buffer[pos++] = encodeTable[(x >> 4) & MASK_6BITS]; + buffer[pos++] = encodeTable[(x << 2) & MASK_6BITS]; + // URL-SAFE skips the padding to further reduce size. + if (encodeTable == STANDARD_ENCODE_TABLE) { + buffer[pos++] = PAD; + } + break; + default: + break; // other values ignored + } + if (lineLength > 0 && pos > 0) { + System.arraycopy(lineSeparator, 0, buffer, pos, lineSeparator.length); + pos += lineSeparator.length; + } + } else { + for (int i = 0; i < inAvail; i++) { + if (buffer == null || buffer.length - pos < encodeSize) { + resizeBuffer(); + } + modulus = (++modulus) % 3; + int b = in[inPos++]; + if (b < 0) { + b += 256; + } + x = (x << 8) + b; + if (0 == modulus) { + buffer[pos++] = encodeTable[(x >> 18) & MASK_6BITS]; + buffer[pos++] = encodeTable[(x >> 12) & MASK_6BITS]; + buffer[pos++] = encodeTable[(x >> 6) & MASK_6BITS]; + buffer[pos++] = encodeTable[x & MASK_6BITS]; + currentLinePos += 4; + if (lineLength > 0 && lineLength <= currentLinePos) { + System.arraycopy(lineSeparator, 0, buffer, pos, lineSeparator.length); + pos += lineSeparator.length; + currentLinePos = 0; + } + } + } + } + } + + /** + *

    + * Decodes all of the provided data, starting at inPos, for inAvail bytes. Should be called at least twice: once + * with the data to decode, and once with inAvail set to "-1" to alert decoder that EOF has been reached. The "-1" + * call is not necessary when decoding, but it doesn't hurt, either. + *

    + *

    + * Ignores all non-base64 characters. This is how chunked (e.g. 76 character) data is handled, since CR and LF are + * silently ignored, but has implications for other bytes, too. This method subscribes to the garbage-in, + * garbage-out philosophy: it will not check the provided data for validity. + *

    + *

    + * Thanks to "commons" project in ws.apache.org for the bitwise operations, and general approach. + * http://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/ + *

    + * + * @param in byte[] array of ascii data to base64 decode. + * @param inPos Position to start reading data from. + * @param inAvail Amount of bytes available from input for encoding. + */ + void decode(byte[] in, int inPos, int inAvail) { + if (eof) { + return; + } + if (inAvail < 0) { + eof = true; + } + for (int i = 0; i < inAvail; i++) { + if (buffer == null || buffer.length - pos < decodeSize) { + resizeBuffer(); + } + byte b = in[inPos++]; + if (b == PAD) { + // We're done. + eof = true; + break; + } else { + if (b >= 0 && b < DECODE_TABLE.length) { + int result = DECODE_TABLE[b]; + if (result >= 0) { + modulus = (++modulus) % 4; + x = (x << 6) + result; + if (modulus == 0) { + buffer[pos++] = (byte) ((x >> 16) & MASK_8BITS); + buffer[pos++] = (byte) ((x >> 8) & MASK_8BITS); + buffer[pos++] = (byte) (x & MASK_8BITS); + } + } + } + } + } + + // Two forms of EOF as far as base64 decoder is concerned: actual + // EOF (-1) and first time '=' character is encountered in stream. + // This approach makes the '=' padding characters completely optional. + if (eof && modulus != 0) { + x = x << 6; + switch (modulus) { + case 2: + x = x << 6; + buffer[pos++] = (byte) ((x >> 16) & MASK_8BITS); + break; + case 3: + buffer[pos++] = (byte) ((x >> 16) & MASK_8BITS); + buffer[pos++] = (byte) ((x >> 8) & MASK_8BITS); + break; + default: + break; // other values ignored + } + } + } + + /** + * Decodes a String containing containing characters in the Base64 alphabet. + * + * @param pArray A String containing Base64 character data + * @return a byte array containing binary data + */ + public byte[] decode(String pArray) { + return decode(getBytesUtf8(pArray)); + } + + private byte[] getBytesUtf8(String pArray) { + try { + return pArray.getBytes("UTF8"); + } catch (UnsupportedEncodingException e) { + throw new RuntimeException(e); + } + } + + // Implementation of integer encoding used for crypto + + /** + * Decodes a byte[] containing containing characters in the Base64 alphabet. + * + * @param pArray A byte array containing Base64 character data + * @return a byte array containing binary data + */ + public byte[] decode(byte[] pArray) { + reset(); + if (pArray == null || pArray.length == 0) { + return pArray; + } + long len = (pArray.length * 3) / 4; + byte[] buf = new byte[(int) len]; + setInitialBuffer(buf, 0, buf.length); + decode(pArray, 0, pArray.length); + decode(pArray, 0, -1); // Notify decoder of EOF. + + // Would be nice to just return buf (like we sometimes do in the encode + // logic), but we have no idea what the line-length was (could even be + // variable). So we cannot determine ahead of time exactly how big an + // array is necessary. Hence the need to construct a 2nd byte array to + // hold the final result: + + byte[] result = new byte[pos]; + readResults(result, 0, result.length); + return result; + } + + /** + * Encodes a byte[] containing binary data, into a byte[] containing characters in the Base64 alphabet. + * + * @param pArray a byte array containing binary data + * @return A byte array containing only Base64 character data + */ + public byte[] encode(byte[] pArray) { + reset(); + if (pArray == null || pArray.length == 0) { + return pArray; + } + long len = getEncodeLength(pArray, lineLength, lineSeparator); + byte[] buf = new byte[(int) len]; + setInitialBuffer(buf, 0, buf.length); + encode(pArray, 0, pArray.length); + encode(pArray, 0, -1); // Notify encoder of EOF. + // Encoder might have resized, even though it was unnecessary. + if (buffer != buf) { + readResults(buf, 0, buf.length); + } + // In URL-SAFE mode we skip the padding characters, so sometimes our + // final length is a bit smaller. + if (isUrlSafe() && pos < buf.length) { + byte[] smallerBuf = new byte[pos]; + System.arraycopy(buf, 0, smallerBuf, 0, pos); + buf = smallerBuf; + } + return buf; + } + + /** + * Resets this Base64 object to its initial newly constructed state. + */ + private void reset() { + buffer = null; + pos = 0; + readPos = 0; + currentLinePos = 0; + modulus = 0; + eof = false; + } + +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/CRLFLineReader.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/CRLFLineReader.java new file mode 100644 index 0000000..28dd837 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/CRLFLineReader.java @@ -0,0 +1,55 @@ +package org.xbib.io.ftp.client; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.Reader; + +/** + * CRLFLineReader implements a readLine() method that requires + * exactly CRLF to terminate an input line. + * This is required for IMAP, which allows bare CR and LF. + */ +public final class CRLFLineReader extends BufferedReader { + private static final char LF = '\n'; + private static final char CR = '\r'; + + /** + * Creates a CRLFLineReader that wraps an existing Reader + * input source. + * + * @param reader The Reader input source. + */ + public CRLFLineReader(Reader reader) { + super(reader); + } + + /** + * Read a line of text. + * A line is considered to be terminated by carriage return followed immediately by a linefeed. + * This contrasts with BufferedReader which also allows other combinations. + */ + @Override + public String readLine() throws IOException { + StringBuilder sb = new StringBuilder(); + int intch; + boolean prevWasCR = false; + synchronized (lock) { + while ((intch = read()) != -1) { + if (prevWasCR && intch == LF) { + return sb.substring(0, sb.length() - 1); + } + if (intch == CR) { + prevWasCR = true; + } else { + prevWasCR = false; + } + sb.append((char) intch); + } + } + String string = sb.toString(); + if (string.length() == 0) { + return null; + } + return string; + } +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/Configurable.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/Configurable.java new file mode 100644 index 0000000..a8c5d15 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/Configurable.java @@ -0,0 +1,17 @@ +package org.xbib.io.ftp.client; + +/** + * This interface adds the aspect of configurability by means of + * a supplied FTPClientConfig object to other classes in the + * system, especially listing parsers. + */ +public interface Configurable { + + /** + * @param config the object containing the configuration data + * @throws IllegalArgumentException if the elements of the + * config are somehow inadequate to configure the + * Configurable object. + */ + void configure(FTPClientConfig config); +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/ConnectionClosedException.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/ConnectionClosedException.java new file mode 100644 index 0000000..c85e568 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/ConnectionClosedException.java @@ -0,0 +1,30 @@ +package org.xbib.io.ftp.client; + +import java.io.IOException; + +/** + * FTPConnectionClosedException is used to indicate the premature or + * unexpected closing of an FTP connection resulting from a + * {@link FTPReply#SERVICE_NOT_AVAILABLE FTPReply.SERVICE_NOT_AVAILABLE } + * response (FTP reply code 421) to a + * failed FTP command. This exception is derived from IOException and + * therefore may be caught either as an IOException or specifically as an + * FTPConnectionClosedException. + * + * @see FTP + * @see FTPClient + */ +public class ConnectionClosedException extends IOException { + + private static final long serialVersionUID = 3500547241659379952L; + + /*** + * Constructs a FTPConnectionClosedException with a specified message. + * + * @param message The message explaining the reason for the exception. + ***/ + public ConnectionClosedException(String message) { + super(message); + } + +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/CopyStreamAdapter.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/CopyStreamAdapter.java new file mode 100644 index 0000000..bcc32f5 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/CopyStreamAdapter.java @@ -0,0 +1,93 @@ +package org.xbib.io.ftp.client; + +import java.util.EventListener; + +/** + * The CopyStreamAdapter will relay CopyStreamEvents to a list of listeners + * when either of its bytesTransferred() methods are called. Its purpose + * is to facilitate the notification of the progress of a copy operation + * performed by one of the static copyStream() methods in + * {@link Util} to multiple listeners. The static + * copyStream() methods invoke the + * bytesTransfered(long, int) of a CopyStreamListener for performance + * reasons and also because multiple listeners cannot be registered given + * that the methods are static. + * + * @see CopyStreamEvent + * @see CopyStreamListener + * @see Util + */ +public class CopyStreamAdapter implements CopyStreamListener { + private final ListenerList internalListeners; + + /** + * Creates a new copyStreamAdapter. + */ + public CopyStreamAdapter() { + internalListeners = new ListenerList(); + } + + /** + * This method is invoked by a CopyStreamEvent source after copying + * a block of bytes from a stream. The CopyStreamEvent will contain + * the total number of bytes transferred so far and the number of bytes + * transferred in the last write. The CopyStreamAdapater will relay + * the event to all of its registered listeners, listing itself as the + * source of the event. + * + * @param event The CopyStreamEvent fired by the copying of a block of + * bytes. + */ + @Override + public void bytesTransferred(CopyStreamEvent event) { + for (EventListener listener : internalListeners) { + ((CopyStreamListener) (listener)).bytesTransferred(event); + } + } + + /** + * This method is not part of the JavaBeans model and is used by the + * static methods in the {@link Util} class for efficiency. + * It is invoked after a block of bytes to inform the listener of the + * transfer. The CopyStreamAdapater will create a CopyStreamEvent + * from the arguments and relay the event to all of its registered + * listeners, listing itself as the source of the event. + * + * @param totalBytesTransferred The total number of bytes transferred + * so far by the copy operation. + * @param bytesTransferred The number of bytes copied by the most recent + * write. + * @param streamSize The number of bytes in the stream being copied. + * This may be equal to CopyStreamEvent.UNKNOWN_STREAM_SIZE if + * the size is unknown. + */ + @Override + public void bytesTransferred(long totalBytesTransferred, + int bytesTransferred, long streamSize) { + for (EventListener listener : internalListeners) { + ((CopyStreamListener) (listener)).bytesTransferred( + totalBytesTransferred, bytesTransferred, streamSize); + } + } + + /** + * Registers a CopyStreamListener to receive CopyStreamEvents. + * Although this method is not declared to be synchronized, it is + * implemented in a thread safe manner. + * + * @param listener The CopyStreamlistener to register. + */ + public void addCopyStreamListener(CopyStreamListener listener) { + internalListeners.addListener(listener); + } + + /** + * Unregisters a CopyStreamListener. Although this method is not + * synchronized, it is implemented in a thread safe manner. + * + * @param listener The CopyStreamlistener to unregister. + */ + public void removeCopyStreamListener(CopyStreamListener listener) { + internalListeners.removeListener(listener); + } +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/CopyStreamEvent.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/CopyStreamEvent.java new file mode 100644 index 0000000..61dca9e --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/CopyStreamEvent.java @@ -0,0 +1,88 @@ +package org.xbib.io.ftp.client; + +import java.util.EventObject; + +/** + * A CopyStreamEvent is triggered after every write performed by a + * stream copying operation. The event stores the number of bytes + * transferred by the write triggering the event as well as the total + * number of bytes transferred so far by the copy operation. + * + * @see CopyStreamListener + * @see CopyStreamAdapter + * @see Util + */ +public class CopyStreamEvent extends EventObject { + /** + * Constant used to indicate the stream size is unknown. + */ + public static final long UNKNOWN_STREAM_SIZE = -1; + private static final long serialVersionUID = -964927635655051867L; + private final int bytesTransferred; + private final long totalBytesTransferred; + private final long streamSize; + + /** + * Creates a new CopyStreamEvent instance. + * + * @param source The source of the event. + * @param totalBytesTransferred The total number of bytes transferred so + * far during a copy operation. + * @param bytesTransferred The number of bytes transferred during the + * write that triggered the CopyStreamEvent. + * @param streamSize The number of bytes in the stream being copied. + * This may be set to UNKNOWN_STREAM_SIZE if the + * size is unknown. + */ + public CopyStreamEvent(Object source, long totalBytesTransferred, + int bytesTransferred, long streamSize) { + super(source); + this.bytesTransferred = bytesTransferred; + this.totalBytesTransferred = totalBytesTransferred; + this.streamSize = streamSize; + } + + /** + * Returns the number of bytes transferred by the write that triggered + * the event. + * + * @return The number of bytes transferred by the write that triggered + * the vent. + */ + public int getBytesTransferred() { + return bytesTransferred; + } + + /** + * Returns the total number of bytes transferred so far by the copy + * operation. + * + * @return The total number of bytes transferred so far by the copy + * operation. + */ + public long getTotalBytesTransferred() { + return totalBytesTransferred; + } + + /** + * Returns the size of the stream being copied. + * This may be set to UNKNOWN_STREAM_SIZE if the + * size is unknown. + * + * @return The size of the stream being copied. + */ + public long getStreamSize() { + return streamSize; + } + + /** + */ + @Override + public String toString() { + return getClass().getName() + "[source=" + source + + ", total=" + totalBytesTransferred + + ", bytes=" + bytesTransferred + + ", size=" + streamSize + + "]"; + } +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/CopyStreamException.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/CopyStreamException.java new file mode 100644 index 0000000..ff08c10 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/CopyStreamException.java @@ -0,0 +1,53 @@ +package org.xbib.io.ftp.client; + +import java.io.IOException; + +/** + * The CopyStreamException class is thrown by the {@link Util} + * copyStream() methods. It stores the number of bytes confirmed to + * have been transferred before an I/O error as well as the IOException + * responsible for the failure of a copy operation. + * + * @see Util + */ +public class CopyStreamException extends IOException { + private static final long serialVersionUID = -2602899129433221532L; + + private final long totalBytesTransferred; + + /** + * Creates a new CopyStreamException instance. + * + * @param message A message describing the error. + * @param bytesTransferred The total number of bytes transferred before + * an exception was thrown in a copy operation. + * @param exception The IOException thrown during a copy operation. + */ + public CopyStreamException(String message, + long bytesTransferred, + IOException exception) { + super(message); + initCause(exception); // merge this into super() call once we need 1.6+ + totalBytesTransferred = bytesTransferred; + } + + /** + * Returns the total number of bytes confirmed to have + * been transferred by a failed copy operation. + * + * @return The total number of bytes confirmed to have + * been transferred by a failed copy operation. + */ + public long getTotalBytesTransferred() { + return totalBytesTransferred; + } + + /** + * Returns the IOException responsible for the failure of a copy operation. + * + * @return The IOException responsible for the failure of a copy operation. + */ + public IOException getIOException() { + return (IOException) getCause(); // cast is OK because it was initialised with an IOException + } +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/CopyStreamListener.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/CopyStreamListener.java new file mode 100644 index 0000000..ad8c599 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/CopyStreamListener.java @@ -0,0 +1,53 @@ +package org.xbib.io.ftp.client; + +import java.util.EventListener; + +/** + * The CopyStreamListener class can accept CopyStreamEvents to keep track + * of the progress of a stream copying operation. However, it is currently + * not used that way within NetComponents for performance reasons. Rather + * the bytesTransferred(long, int) method is called directly rather than + * passing an event to bytesTransferred(CopyStreamEvent), saving the creation + * of a CopyStreamEvent instance. Also, the only place where + * CopyStreamListener is currently used within NetComponents is in the + * static methods of the uninstantiable {@link Util} class, which + * would preclude the use of addCopyStreamListener and + * removeCopyStreamListener methods. However, future additions may use the + * JavaBean event model, which is why the hooks have been included from the + * beginning. + * + * @see CopyStreamEvent + * @see CopyStreamAdapter + * @see Util + */ +public interface CopyStreamListener extends EventListener { + /** + * This method is invoked by a CopyStreamEvent source after copying + * a block of bytes from a stream. The CopyStreamEvent will contain + * the total number of bytes transferred so far and the number of bytes + * transferred in the last write. + * + * @param event The CopyStreamEvent fired by the copying of a block of + * bytes. + */ + public void bytesTransferred(CopyStreamEvent event); + + + /** + * This method is not part of the JavaBeans model and is used by the + * static methods in the {@link Util} class for efficiency. + * It is invoked after a block of bytes to inform the listener of the + * transfer. + * + * @param totalBytesTransferred The total number of bytes transferred + * so far by the copy operation. + * @param bytesTransferred The number of bytes copied by the most recent + * write. + * @param streamSize The number of bytes in the stream being copied. + * This may be equal to CopyStreamEvent.UNKNOWN_STREAM_SIZE if + * the size is unknown. + */ + public void bytesTransferred(long totalBytesTransferred, + int bytesTransferred, + long streamSize); +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/DatagramSocketClient.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/DatagramSocketClient.java new file mode 100644 index 0000000..c22554b --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/DatagramSocketClient.java @@ -0,0 +1,258 @@ +package org.xbib.io.ftp.client; + +import java.net.DatagramSocket; +import java.net.InetAddress; +import java.net.SocketException; +import java.nio.charset.Charset; + +/** + * The DatagramSocketClient provides the basic operations that are required + * of client objects accessing datagram sockets. It is meant to be + * subclassed to avoid having to rewrite the same code over and over again + * to open a socket, close a socket, set timeouts, etc. Of special note + * is the {@link #setDatagramSocketFactory setDatagramSocketFactory } + * method, which allows you to control the type of DatagramSocket the + * DatagramSocketClient creates for network communications. This is + * especially useful for adding things like proxy support as well as better + * support for applets. For + * example, you could create a + * {@link DatagramSocketFactory} + * that + * requests browser security capabilities before creating a socket. + * All classes derived from DatagramSocketClient should use the + * {@link #datagramSocketFactory _socketFactory_ } member variable to + * create DatagramSocket instances rather than instantiating + * them by directly invoking a constructor. By honoring this contract + * you guarantee that a user will always be able to provide his own + * Socket implementations by substituting his own SocketFactory. + * + */ +public abstract class DatagramSocketClient { + /** + * The default DatagramSocketFactory shared by all DatagramSocketClient + * instances. + */ + private static final DatagramSocketFactory DEFAULT_DATAGRAM_SOCKET_FACTORY = new DefaultDatagramSocketFactory(); + /** + * The timeout to use after opening a socket. + */ + private int timeout; + /** + * The datagram socket used for the connection. + */ + private DatagramSocket datagramSocket; + /** + * A status variable indicating if the client's socket is currently open. + */ + private boolean isOpen; + /** + * The datagram socket's DatagramSocketFactory. + */ + private DatagramSocketFactory datagramSocketFactory; + /** + * Charset to use for byte IO. + */ + private Charset charset = Charset.defaultCharset(); + + /** + * Default constructor for DatagramSocketClient. Initializes + * _socket_ to null, _timeout_ to 0, and _isOpen_ to false. + */ + public DatagramSocketClient() { + datagramSocket = null; + timeout = 0; + isOpen = false; + datagramSocketFactory = DEFAULT_DATAGRAM_SOCKET_FACTORY; + } + + /** + * Opens a DatagramSocket on the local host at the first available port. + * Also sets the timeout on the socket to the default timeout set + * by {@link #setDefaultTimeout setDefaultTimeout() }. + * + * _isOpen_ is set to true after calling this method and _socket_ + * is set to the newly opened socket. + * + * @throws SocketException If the socket could not be opened or the + * timeout could not be set. + */ + public void open() throws SocketException { + datagramSocket = datagramSocketFactory.createDatagramSocket(); + datagramSocket.setSoTimeout(timeout); + isOpen = true; + } + + /** + * Opens a DatagramSocket on the local host at a specified port. + * Also sets the timeout on the socket to the default timeout set + * by {@link #setDefaultTimeout setDefaultTimeout() }. + *

    + * _isOpen_ is set to true after calling this method and _socket_ + * is set to the newly opened socket. + * + * @param port The port to use for the socket. + * @throws SocketException If the socket could not be opened or the + * timeout could not be set. + ***/ + public void open(int port) throws SocketException { + datagramSocket = datagramSocketFactory.createDatagramSocket(port); + datagramSocket.setSoTimeout(timeout); + isOpen = true; + } + + + /*** + * Opens a DatagramSocket at the specified address on the local host + * at a specified port. + * Also sets the timeout on the socket to the default timeout set + * by {@link #setDefaultTimeout setDefaultTimeout() }. + *

    + * _isOpen_ is set to true after calling this method and _socket_ + * is set to the newly opened socket. + * + * @param port The port to use for the socket. + * @param laddr The local address to use. + * @throws SocketException If the socket could not be opened or the + * timeout could not be set. + ***/ + public void open(int port, InetAddress laddr) throws SocketException { + datagramSocket = datagramSocketFactory.createDatagramSocket(port, laddr); + datagramSocket.setSoTimeout(timeout); + isOpen = true; + } + + + /*** + * Closes the DatagramSocket used for the connection. + * You should call this method after you've finished using the class + * instance and also before you call {@link #open open() } + * again. _isOpen_ is set to false and _socket_ is set to null. + ***/ + public void close() { + if (datagramSocket != null) { + datagramSocket.close(); + } + datagramSocket = null; + isOpen = false; + } + + + /*** + * Returns true if the client has a currently open socket. + * + * @return True if the client has a currently open socket, false otherwise. + ***/ + public boolean isOpen() { + return isOpen; + } + + /*** + * Returns the default timeout in milliseconds that is used when + * opening a socket. + * + * @return The default timeout in milliseconds that is used when + * opening a socket. + ***/ + public int getDefaultTimeout() { + return timeout; + } + + /*** + * Set the default timeout in milliseconds to use when opening a socket. + * After a call to open, the timeout for the socket is set using this value. + * This method should be used prior to a call to {@link #open open()} + * and should not be confused with {@link #setSoTimeout setSoTimeout()} + * which operates on the currently open socket. _timeout_ contains + * the new timeout value. + * + * @param timeout The timeout in milliseconds to use for the datagram socket + * connection. + ***/ + public void setDefaultTimeout(int timeout) { + this.timeout = timeout; + } + + /*** + * Returns the timeout in milliseconds of the currently opened socket. + * If you call this method when the client socket is not open, + * a NullPointerException is thrown. + * + * @return The timeout in milliseconds of the currently opened socket. + * @throws SocketException if an error getting the timeout + ***/ + public int getSoTimeout() throws SocketException { + return datagramSocket.getSoTimeout(); + } + + /*** + * Set the timeout in milliseconds of a currently open connection. + * Only call this method after a connection has been opened + * by {@link #open open()}. + * + * @param timeout The timeout in milliseconds to use for the currently + * open datagram socket connection. + * @throws SocketException if an error setting the timeout + ***/ + public void setSoTimeout(int timeout) throws SocketException { + datagramSocket.setSoTimeout(timeout); + } + + /* + * Returns the port number of the open socket on the local host used + * for the connection. If you call this method when the client socket + * is not open, a NullPointerException is thrown. + * + * @return The port number of the open socket on the local host used + * for the connection. + */ + public int getLocalPort() { + return datagramSocket.getLocalPort(); + } + + + /** + * Returns the local address to which the client's socket is bound. + * If you call this method when the client socket is not open, a + * NullPointerException is thrown. + * + * @return The local address to which the client's socket is bound. + */ + public InetAddress getLocalAddress() { + return datagramSocket.getLocalAddress(); + } + + /** + * Sets the DatagramSocketFactory used by the DatagramSocketClient + * to open DatagramSockets. If the factory value is null, then a default + * factory is used (only do this to reset the factory after having + * previously altered it). + * + * @param factory The new DatagramSocketFactory the DatagramSocketClient + * should use. + */ + public void setDatagramSocketFactory(DatagramSocketFactory factory) { + if (factory == null) { + datagramSocketFactory = DEFAULT_DATAGRAM_SOCKET_FACTORY; + } else { + datagramSocketFactory = factory; + } + } + + /** + * Gets the charset. + * + * @return the charset. + */ + public Charset getCharset() { + return charset; + } + + /** + * Sets the charset. + * + * @param charset the charset. + */ + public void setCharset(Charset charset) { + this.charset = charset; + } +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/DatagramSocketFactory.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/DatagramSocketFactory.java new file mode 100644 index 0000000..b67f3d7 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/DatagramSocketFactory.java @@ -0,0 +1,47 @@ +package org.xbib.io.ftp.client; + +import java.net.DatagramSocket; +import java.net.InetAddress; +import java.net.SocketException; + +/** + * The DatagramSocketFactory interface provides a means for the + * programmer to control the creation of datagram sockets and + * provide his own DatagramSocket implementations for use by all + * classes derived from + * {@link DatagramSocketClient} + * . + * This allows you to provide your own DatagramSocket implementations and + * to perform security checks or browser capability requests before + * creating a DatagramSocket. + */ +public interface DatagramSocketFactory { + + /** + * Creates a DatagramSocket on the local host at the first available port. + * @return the socket + * + * @throws SocketException If the socket could not be created. + */ + DatagramSocket createDatagramSocket() throws SocketException; + + /** + * Creates a DatagramSocket on the local host at a specified port. + * + * @param port The port to use for the socket. + * @return the socket + * @throws SocketException If the socket could not be created. + */ + DatagramSocket createDatagramSocket(int port) throws SocketException; + + /** + * Creates a DatagramSocket at the specified address on the local host + * at a specified port. + * + * @param port The port to use for the socket. + * @param laddr The local address to use. + * @return the socket + * @throws SocketException If the socket could not be created. + */ + DatagramSocket createDatagramSocket(int port, InetAddress laddr) throws SocketException; +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/DefaultDatagramSocketFactory.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/DefaultDatagramSocketFactory.java new file mode 100644 index 0000000..5ac2c4b --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/DefaultDatagramSocketFactory.java @@ -0,0 +1,55 @@ +package org.xbib.io.ftp.client; + +import java.net.DatagramSocket; +import java.net.InetAddress; +import java.net.SocketException; + +/** + * DefaultDatagramSocketFactory implements the DatagramSocketFactory + * interface by simply wrapping the java.net.DatagramSocket + * constructors. It is the default DatagramSocketFactory used by + * {@link DatagramSocketClient} implementations. + * + * @see DatagramSocketFactory + * @see DatagramSocketClient + * @see DatagramSocketClient#setDatagramSocketFactory + */ +public class DefaultDatagramSocketFactory implements DatagramSocketFactory { + + /** + * Creates a DatagramSocket on the local host at the first available port. + * @return a new DatagramSocket + * @throws SocketException If the socket could not be created. + */ + @Override + public DatagramSocket createDatagramSocket() throws SocketException { + return new DatagramSocket(); + } + + /** + * Creates a DatagramSocket on the local host at a specified port. + * + * @param port The port to use for the socket. + * @return a new DatagramSocket + * @throws SocketException If the socket could not be created. + */ + @Override + public DatagramSocket createDatagramSocket(int port) throws SocketException { + return new DatagramSocket(port); + } + + /** + * Creates a DatagramSocket at the specified address on the local host + * at a specified port. + * + * @param port The port to use for the socket. + * @param laddr The local address to use. + * @return a new DatagramSocket + * @throws SocketException If the socket could not be created. + */ + @Override + public DatagramSocket createDatagramSocket(int port, InetAddress laddr) + throws SocketException { + return new DatagramSocket(port, laddr); + } +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/DefaultSocketFactory.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/DefaultSocketFactory.java new file mode 100644 index 0000000..2ef33cc --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/DefaultSocketFactory.java @@ -0,0 +1,142 @@ +package org.xbib.io.ftp.client; + +import javax.net.SocketFactory; +import java.io.IOException; +import java.net.InetAddress; +import java.net.InetSocketAddress; +import java.net.Proxy; +import java.net.Socket; +import java.net.UnknownHostException; + +/*** + * DefaultSocketFactory implements the SocketFactory interface by + * simply wrapping the java.net.Socket and java.net.ServerSocket + * constructors. It is the default SocketFactory used by + * {@link SocketClient} + * implementations. + * + * @see SocketFactory + * @see SocketClient + * @see SocketClient#setSocketFactory + ***/ + +public class DefaultSocketFactory extends SocketFactory { + /** + * The proxy to use when creating new sockets. + */ + private final Proxy connProxy; + + /** + * The default constructor. + */ + public DefaultSocketFactory() { + this(null); + } + + /** + * A constructor for sockets with proxy support. + * + * @param proxy The Proxy to use when creating new Sockets. + */ + public DefaultSocketFactory(Proxy proxy) { + connProxy = proxy; + } + + /** + * Creates an unconnected Socket. + * + * @return A new unconnected Socket. + * @throws IOException If an I/O error occurs while creating the Socket. + */ + @Override + public Socket createSocket() throws IOException { + if (connProxy != null) { + return new Socket(connProxy); + } + return new Socket(); + } + + /*** + * Creates a Socket connected to the given host and port. + * + * @param host The hostname to connect to. + * @param port The port to connect to. + * @return A Socket connected to the given host and port. + * @throws UnknownHostException If the hostname cannot be resolved. + * @throws IOException If an I/O error occurs while creating the Socket. + ***/ + @Override + public Socket createSocket(String host, int port) throws IOException { + if (connProxy != null) { + Socket s = new Socket(connProxy); + s.connect(new InetSocketAddress(host, port)); + return s; + } + return new Socket(host, port); + } + + /*** + * Creates a Socket connected to the given host and port. + * + * @param address The address of the host to connect to. + * @param port The port to connect to. + * @return A Socket connected to the given host and port. + * @throws IOException If an I/O error occurs while creating the Socket. + ***/ + @Override + public Socket createSocket(InetAddress address, int port) throws IOException { + if (connProxy != null) { + Socket s = new Socket(connProxy); + s.connect(new InetSocketAddress(address, port)); + return s; + } + return new Socket(address, port); + } + + /*** + * Creates a Socket connected to the given host and port and + * originating from the specified local address and port. + * + * @param host The hostname to connect to. + * @param port The port to connect to. + * @param localAddr The local address to use. + * @param localPort The local port to use. + * @return A Socket connected to the given host and port. + * @throws UnknownHostException If the hostname cannot be resolved. + * @throws IOException If an I/O error occurs while creating the Socket. + ***/ + @Override + public Socket createSocket(String host, int port, + InetAddress localAddr, int localPort) throws IOException { + if (connProxy != null) { + Socket s = new Socket(connProxy); + s.bind(new InetSocketAddress(localAddr, localPort)); + s.connect(new InetSocketAddress(host, port)); + return s; + } + return new Socket(host, port, localAddr, localPort); + } + + /*** + * Creates a Socket connected to the given host and port and + * originating from the specified local address and port. + * + * @param address The address of the host to connect to. + * @param port The port to connect to. + * @param localAddr The local address to use. + * @param localPort The local port to use. + * @return A Socket connected to the given host and port. + * @throws IOException If an I/O error occurs while creating the Socket. + ***/ + @Override + public Socket createSocket(InetAddress address, int port, + InetAddress localAddr, int localPort) throws IOException { + if (connProxy != null) { + Socket s = new Socket(connProxy); + s.bind(new InetSocketAddress(localAddr, localPort)); + s.connect(new InetSocketAddress(address, port)); + return s; + } + return new Socket(address, port, localAddr, localPort); + } +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/FTP.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTP.java new file mode 100644 index 0000000..08806b8 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTP.java @@ -0,0 +1,1672 @@ +package org.xbib.io.ftp.client; + +import java.io.BufferedReader; +import java.io.BufferedWriter; +import java.io.IOException; +import java.io.InputStreamReader; +import java.io.OutputStreamWriter; +import java.io.Reader; +import java.net.Inet4Address; +import java.net.Inet6Address; +import java.net.InetAddress; +import java.net.SocketException; +import java.net.SocketTimeoutException; +import java.util.ArrayList; +import java.util.List; +import java.util.logging.Level; +import java.util.logging.Logger; + +/*** + * FTP provides the basic the functionality necessary to implement your + * own FTP client. It extends {@link SocketClient} since + * extending TelnetClient was causing unwanted behavior (like connections + * that did not time out properly). + * To derive the full benefits of the FTP class requires some knowledge + * of the FTP protocol defined in RFC 959. However, there is no reason + * why you should have to use the FTP class. The + * {@link FTPClient} class, + * derived from FTP, + * implements all the functionality required of an FTP client. The + * FTP class is made public to provide access to various FTP constants + * and to make it easier for adventurous programmers (or those with + * special needs) to interact with the FTP protocol and implement their + * own clients. A set of methods with names corresponding to the FTP + * command names are provided to facilitate this interaction. + *

    + * You should keep in mind that the FTP server may choose to prematurely + * close a connection if the client has been idle for longer than a + * given time period (usually 900 seconds). The FTP class will detect a + * premature FTP server connection closing when it receives a + * {@link FTPReply#SERVICE_NOT_AVAILABLE FTPReply.SERVICE_NOT_AVAILABLE } + * response to a command. + * When that occurs, the FTP class method encountering that reply will throw + * an {@link ConnectionClosedException} + * . FTPConectionClosedException + * is a subclass of IOException and therefore need not be + * caught separately, but if you are going to catch it separately, its + * catch block must appear before the more general IOException + * catch block. When you encounter an + * {@link ConnectionClosedException} + * , you must disconnect the connection with + * {@link #disconnect disconnect() } to properly clean up the + * system resources used by FTP. Before disconnecting, you may check the + * last reply code and text with + * {@link #getReplyCode getReplyCode }, + * {@link #getReplyString getReplyString }, + * and {@link #getReplyStrings getReplyStrings}. + * You may avoid server disconnections while the client is idle by + * periodicaly sending NOOP commands to the server. + *

    + * Rather than list it separately for each method, we mention here that + * every method communicating with the server and throwing an IOException + * can also throw a + * {@link MalformedServerReplyException} + * , which is a subclass + * of IOException. A MalformedServerReplyException will be thrown when + * the reply received from the server deviates enough from the protocol + * specification that it cannot be interpreted in a useful manner despite + * attempts to be as lenient as possible. + * + * @see FTPClient + * @see ConnectionClosedException + * @see MalformedServerReplyException + ***/ + +public class FTP extends SocketClient { + /*** The default FTP data port (20). ***/ + public static final int DEFAULT_DATA_PORT = 20; + /*** The default FTP control port (21). ***/ + public static final int DEFAULT_PORT = 21; + + /*** + * A constant used to indicate the file(s) being transferred should + * be treated as ASCII. This is the default file type. All constants + * ending in FILE_TYPE are used to indicate file types. + ***/ + public static final int ASCII_FILE_TYPE = 0; + + /*** + * A constant used to indicate the file(s) being transferred should + * be treated as EBCDIC. Note however that there are several different + * EBCDIC formats. All constants ending in FILE_TYPE + * are used to indicate file types. + ***/ + public static final int EBCDIC_FILE_TYPE = 1; + + + /*** + * A constant used to indicate the file(s) being transferred should + * be treated as a binary image, i.e., no translations should be + * performed. All constants ending in FILE_TYPE are used to + * indicate file types. + ***/ + public static final int BINARY_FILE_TYPE = 2; + + /*** + * A constant used to indicate the file(s) being transferred should + * be treated as a local type. All constants ending in + * FILE_TYPE are used to indicate file types. + ***/ + public static final int LOCAL_FILE_TYPE = 3; + + /*** + * A constant used for text files to indicate a non-print text format. + * This is the default format. + * All constants ending in TEXT_FORMAT are used to indicate + * text formatting for text transfers (both ASCII and EBCDIC). + ***/ + public static final int NON_PRINT_TEXT_FORMAT = 4; + + /*** + * A constant used to indicate a text file contains format vertical format + * control characters. + * All constants ending in TEXT_FORMAT are used to indicate + * text formatting for text transfers (both ASCII and EBCDIC). + ***/ + public static final int TELNET_TEXT_FORMAT = 5; + + /*** + * A constant used to indicate a text file contains ASA vertical format + * control characters. + * All constants ending in TEXT_FORMAT are used to indicate + * text formatting for text transfers (both ASCII and EBCDIC). + ***/ + public static final int CARRIAGE_CONTROL_TEXT_FORMAT = 6; + + /*** + * A constant used to indicate a file is to be treated as a continuous + * sequence of bytes. This is the default structure. All constants ending + * in _STRUCTURE are used to indicate file structure for + * file transfers. + ***/ + public static final int FILE_STRUCTURE = 7; + + /*** + * A constant used to indicate a file is to be treated as a sequence + * of records. All constants ending in _STRUCTURE + * are used to indicate file structure for file transfers. + ***/ + public static final int RECORD_STRUCTURE = 8; + + /*** + * A constant used to indicate a file is to be treated as a set of + * independent indexed pages. All constants ending in + * _STRUCTURE are used to indicate file structure for file + * transfers. + ***/ + public static final int PAGE_STRUCTURE = 9; + + /*** + * A constant used to indicate a file is to be transferred as a stream + * of bytes. This is the default transfer mode. All constants ending + * in TRANSFER_MODE are used to indicate file transfer + * modes. + ***/ + public static final int STREAM_TRANSFER_MODE = 10; + + /*** + * A constant used to indicate a file is to be transferred as a series + * of blocks. All constants ending in TRANSFER_MODE are used + * to indicate file transfer modes. + ***/ + public static final int BLOCK_TRANSFER_MODE = 11; + + /*** + * A constant used to indicate a file is to be transferred as FTP + * compressed data. All constants ending in TRANSFER_MODE + * are used to indicate file transfer modes. + ***/ + public static final int COMPRESSED_TRANSFER_MODE = 12; + + // We have to ensure that the protocol communication is in ASCII + // but we use ISO-8859-1 just in case 8-bit characters cross + // the wire. + /** + * The default character encoding used for communicating over an + * FTP control connection. The default encoding is an + * ASCII-compatible encoding. Some FTP servers expect other + * encodings. You can change the encoding used by an FTP instance + * with {@link #setControlEncoding setControlEncoding}. + */ + public static final String DEFAULT_CONTROL_ENCODING = "ISO-8859-1"; + + /** + * Length of the FTP reply code (3 alphanumerics) + */ + public static final int REPLY_CODE_LEN = 3; + + private static final String __modes = "AEILNTCFRPSBC"; + + protected int replyCode; + protected List replyLines; + protected boolean newReplyString; + protected String replyString; + protected String controlEncoding; + + /** + * A ProtocolCommandSupport object used to manage the registering of + * ProtocolCommandListeners and te firing of ProtocolCommandEvents. + */ + protected ProtocolCommandSupport protocolCommandSupport; + + /** + * This is used to signal whether a block of multiline responses beginning + * with xxx must be terminated by the same numeric code xxx + * See section 4.2 of RFC 959 for details. + */ + protected boolean strictMultilineParsing = false; + /** + * Wraps SocketClient._input_ to facilitate the reading of text + * from the FTP control connection. Do not access the control + * connection via SocketClient._input_. This member starts + * with a null value, is initialized in {@link #_connectAction_}, + * and set to null in {@link #disconnect}. + */ + protected BufferedReader bufferedReader; + /** + * Wraps SocketClient._output_ to facilitate the writing of text + * to the FTP control connection. Do not access the control + * connection via SocketClient._output_. This member starts + * with a null value, is initialized in {@link #_connectAction_}, + * and set to null in {@link #disconnect}. + */ + protected BufferedWriter bufferedWriter; + /** + * If this is true, then non-multiline replies must have the format: + * 3 digit code + * If false, then the 3 digit code does not have to be followed by space + * See section 4.2 of RFC 959 for details. + */ + private boolean strictReplyParsing = true; + + /*** + * The default FTP constructor. Sets the default port to + * DEFAULT_PORT and initializes internal data structures + * for saving FTP reply information. + ***/ + public FTP() { + super(); + setDefaultPort(DEFAULT_PORT); + replyLines = new ArrayList<>(); + newReplyString = false; + replyString = null; + controlEncoding = DEFAULT_CONTROL_ENCODING; + protocolCommandSupport = new ProtocolCommandSupport(this); + } + + // The RFC-compliant multiline termination check + private boolean strictCheck(String line, String code) { + return (!(line.startsWith(code) && line.charAt(REPLY_CODE_LEN) == ' ')); + } + + // The strict check is too strong a condition because of non-conforming ftp + // servers like ftp.funet.fi which sent 226 as the last line of a + // 426 multi-line reply in response to ls /. We relax the condition to + // test that the line starts with a digit rather than starting with + // the code. + private boolean lenientCheck(String line) { + return (!(line.length() > REPLY_CODE_LEN && line.charAt(REPLY_CODE_LEN) != '-' && + Character.isDigit(line.charAt(0)))); + } + + /** + * Get the reply, and pass it to command listeners + */ + private void internalGetReply() throws IOException { + internalGetReply(true); + } + + private void internalGetReply(boolean reportReply) throws IOException { + int length; + newReplyString = true; + replyLines.clear(); + String line = bufferedReader.readLine(); + if (line == null) { + throw new ConnectionClosedException("connection closed without indication"); + } + // In case we run into an anomaly we don't want fatal index exceptions + // to be thrown. + length = line.length(); + if (length < REPLY_CODE_LEN) { + throw new MalformedServerReplyException("Truncated server reply: " + line); + } + String code; + try { + code = line.substring(0, REPLY_CODE_LEN); + replyCode = Integer.parseInt(code); + } catch (NumberFormatException e) { + throw new MalformedServerReplyException("Could not parse response code.\nServer Reply: " + line); + } + replyLines.add(line); + // Check the server reply type + if (length > REPLY_CODE_LEN) { + char sep = line.charAt(REPLY_CODE_LEN); + // Get extra lines if message continues. + if (sep == '-') { + do { + line = bufferedReader.readLine(); + if (line == null) { + throw new ConnectionClosedException("connection closed without indication"); + } + replyLines.add(line); + // The length() check handles problems that could arise from readLine() + // returning too soon after encountering a naked CR or some other + // anomaly. + } + while (isStrictMultilineParsing() ? strictCheck(line, code) : lenientCheck(line)); + + } else if (isStrictReplyParsing()) { + if (length == REPLY_CODE_LEN + 1) { // expecting some text + throw new MalformedServerReplyException("Truncated server reply: '" + line + "'"); + } else if (sep != ' ') { + throw new MalformedServerReplyException("Invalid server reply: '" + line + "'"); + } + } + } else if (isStrictReplyParsing()) { + throw new MalformedServerReplyException("Truncated server reply: '" + line + "'"); + } + if (reportReply) { + fireReplyReceived(replyCode, getReplyString()); + } + if (replyCode == FTPReply.SERVICE_NOT_AVAILABLE) { + throw new ConnectionClosedException("server closed connection"); + } + } + + /** + * Initiates control connections and gets initial reply. + * Initializes {@link #bufferedReader} and {@link #bufferedWriter}. + */ + @Override + protected void _connectAction_() throws IOException { + _connectAction_(null); + } + + /** + * Initiates control connections and gets initial reply. + * Initializes {@link #bufferedReader} and {@link #bufferedWriter}. + * + * @param socketIsReader the reader to reuse (if non-null) + * @throws IOException on error + */ + protected void _connectAction_(Reader socketIsReader) throws IOException { + super._connectAction_(); // sets up _input_ and _output_ + if (socketIsReader == null) { + bufferedReader = new CRLFLineReader(new InputStreamReader(inputStream, getControlEncoding())); + } else { + bufferedReader = new CRLFLineReader(socketIsReader); + } + bufferedWriter = new BufferedWriter(new OutputStreamWriter(outputStream, getControlEncoding())); + if (connectTimeout > 0) { // NET-385 + int original = socket.getSoTimeout(); + socket.setSoTimeout(connectTimeout); + try { + internalGetReply(); + // If we received code 120, we have to fetch completion reply. + if (FTPReply.isPositivePreliminary(replyCode)) { + internalGetReply(); + } + } catch (SocketTimeoutException e) { + IOException ioe = new IOException("Timed out waiting for initial connect reply"); + ioe.initCause(e); + throw ioe; + } finally { + socket.setSoTimeout(original); + } + } else { + internalGetReply(); + // If we received code 120, we have to fetch completion reply. + if (FTPReply.isPositivePreliminary(replyCode)) { + internalGetReply(); + } + } + } + + /** + * @return The character encoding used to communicate over the + * control connection. + */ + public String getControlEncoding() { + return controlEncoding; + } + + /** + * Saves the character encoding to be used by the FTP control connection. + * Some FTP servers require that commands be issued in a non-ASCII + * encoding like UTF-8 so that filenames with multi-byte character + * representations (e.g, Big 8) can be specified. + *

    + * Please note that this has to be set before the connection is established. + * + * @param encoding The new character encoding for the control connection. + */ + public void setControlEncoding(String encoding) { + controlEncoding = encoding; + } + + /*** + * Closes the control connection to the FTP server and sets to null + * some internal data so that the memory may be reclaimed by the + * garbage collector. The reply text and code information from the + * last command is voided so that the memory it used may be reclaimed. + * Also sets {@link #bufferedReader} and {@link #bufferedWriter} to null. + * + * @throws IOException If an error occurs while disconnecting. + ***/ + @Override + public void disconnect() throws IOException { + super.disconnect(); + bufferedReader = null; + bufferedWriter = null; + newReplyString = false; + replyString = null; + } + + /*** + * Sends an FTP command to the server, waits for a reply and returns the + * numerical response code. After invocation, for more detailed + * information, the actual reply text can be accessed by calling + * {@link #getReplyString getReplyString } or + * {@link #getReplyStrings getReplyStrings }. + * + * @param command The text representation of the FTP command to send. + * @param args The arguments to the FTP command. If this parameter is + * set to null, then the command is sent with no argument. + * @return The integer value of the FTP reply code returned by the server + * in response to the command. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int sendCommand(String command, String args) throws IOException { + if (bufferedWriter == null) { + throw new IOException("Connection is not open"); + } + + final String message = __buildMessage(command, args); + + __send(message); + + fireCommandSent(command, message); + + internalGetReply(); + return replyCode; + } + + private String __buildMessage(String command, String args) { + final StringBuilder __commandBuffer = new StringBuilder(); + + __commandBuffer.append(command); + + if (args != null) { + __commandBuffer.append(' '); + __commandBuffer.append(args); + } + __commandBuffer.append("\r\n"); + return __commandBuffer.toString(); + } + + private void __send(String message) throws IOException { + try { + bufferedWriter.write(message); + bufferedWriter.flush(); + } catch (SocketException e) { + if (!isConnected()) { + throw new IOException("connection unexpectedly closed"); + } else { + throw e; + } + } + } + + /** + * Send a noop and get the reply without reporting to the command listener. + * Intended for use with keep-alive. + * + * @throws IOException on error + */ + protected void __noop() throws IOException { + String msg = __buildMessage(FTPCmd.NOOP.getCommand(), null); + __send(msg); + internalGetReply(false); + } + + /** + * Sends an FTP command to the server, waits for a reply and returns the + * numerical response code. After invocation, for more detailed + * information, the actual reply text can be accessed by calling + * {@link #getReplyString getReplyString } or + * {@link #getReplyStrings getReplyStrings }. + * + * @param command The FTPCmd enum corresponding to the FTP command + * to send. + * @return The integer value of the FTP reply code returned by the server + * in response to the command. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + */ + public int sendCommand(FTPCmd command) throws IOException { + return sendCommand(command, null); + } + + /** + * Sends an FTP command to the server, waits for a reply and returns the + * numerical response code. After invocation, for more detailed + * information, the actual reply text can be accessed by calling + * {@link #getReplyString getReplyString } or + * {@link #getReplyStrings getReplyStrings }. + * + * @param command The FTPCmd enum corresponding to the FTP command + * to send. + * @param args The arguments to the FTP command. If this parameter is + * set to null, then the command is sent with no argument. + * @return The integer value of the FTP reply code returned by the server + * in response to the command. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + */ + public int sendCommand(FTPCmd command, String args) throws IOException { + return sendCommand(command.getCommand(), args); + } + + /*** + * Sends an FTP command with no arguments to the server, waits for a + * reply and returns the numerical response code. After invocation, for + * more detailed information, the actual reply text can be accessed by + * calling {@link #getReplyString getReplyString } or + * {@link #getReplyStrings getReplyStrings }. + * + * @param command The text representation of the FTP command to send. + * @return The integer value of the FTP reply code returned by the server + * in response to the command. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int sendCommand(String command) throws IOException { + return sendCommand(command, null); + } + + /*** + * Returns the integer value of the reply code of the last FTP reply. + * You will usually only use this method after you connect to the + * FTP server to check that the connection was successful since + * connect is of type void. + * + * @return The integer value of the reply code of the last FTP reply. + ***/ + public int getReplyCode() { + return replyCode; + } + + /*** + * Fetches a reply from the FTP server and returns the integer reply + * code. After calling this method, the actual reply text can be accessed + * from either calling {@link #getReplyString getReplyString } or + * {@link #getReplyStrings getReplyStrings }. Only use this + * method if you are implementing your own FTP client or if you need to + * fetch a secondary response from the FTP server. + * + * @return The integer value of the reply code of the fetched FTP reply. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while receiving the + * server reply. + ***/ + public int getReply() throws IOException { + internalGetReply(); + return replyCode; + } + + + /*** + * Returns the lines of text from the last FTP server response as an array + * of strings, one entry per line. The end of line markers of each are + * stripped from each line. + * + * @return The lines of text from the last FTP response as an array. + ***/ + public String[] getReplyStrings() { + return replyLines.toArray(new String[replyLines.size()]); + } + + /*** + * Returns the entire text of the last FTP server response exactly + * as it was received, including all end of line markers in NETASCII + * format. + * + * @return The entire text from the last FTP response as a String. + ***/ + public String getReplyString() { + StringBuilder buffer; + + if (!newReplyString) { + return replyString; + } + + buffer = new StringBuilder(256); + + for (String line : replyLines) { + buffer.append(line); + buffer.append("\r\n"); + } + + newReplyString = false; + + return (replyString = buffer.toString()); + } + + + /*** + * A convenience method to send the FTP USER command to the server, + * receive the reply, and return the reply code. + * + * @param username The username to login under. + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int user(String username) throws IOException { + return sendCommand(FTPCmd.USER, username); + } + + /** + * A convenience method to send the FTP PASS command to the server, + * receive the reply, and return the reply code. + * + * @param password The plain text password of the username being logged into. + * @return The reply code received from the server. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + */ + public int pass(String password) throws IOException { + return sendCommand(FTPCmd.PASS, password); + } + + /*** + * A convenience method to send the FTP ACCT command to the server, + * receive the reply, and return the reply code. + * + * @param account The account name to access. + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int acct(String account) throws IOException { + return sendCommand(FTPCmd.ACCT, account); + } + + + /*** + * A convenience method to send the FTP ABOR command to the server, + * receive the reply, and return the reply code. + * + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int abor() throws IOException { + return sendCommand(FTPCmd.ABOR); + } + + /*** + * A convenience method to send the FTP CWD command to the server, + * receive the reply, and return the reply code. + * + * @param directory The new working directory. + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int cwd(String directory) throws IOException { + return sendCommand(FTPCmd.CWD, directory); + } + + /*** + * A convenience method to send the FTP CDUP command to the server, + * receive the reply, and return the reply code. + * + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int cdup() throws IOException { + return sendCommand(FTPCmd.CDUP); + } + + /*** + * A convenience method to send the FTP QUIT command to the server, + * receive the reply, and return the reply code. + * + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int quit() throws IOException { + return sendCommand(FTPCmd.QUIT); + } + + /*** + * A convenience method to send the FTP REIN command to the server, + * receive the reply, and return the reply code. + * + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int rein() throws IOException { + return sendCommand(FTPCmd.REIN); + } + + /*** + * A convenience method to send the FTP SMNT command to the server, + * receive the reply, and return the reply code. + * + * @param dir The directory name. + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int smnt(String dir) throws IOException { + return sendCommand(FTPCmd.SMNT, dir); + } + + /*** + * A convenience method to send the FTP PORT command to the server, + * receive the reply, and return the reply code. + * + * @param host The host owning the port. + * @param port The new port. + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int port(InetAddress host, int port) throws IOException { + int num; + StringBuilder info = new StringBuilder(24); + + info.append(host.getHostAddress().replace('.', ',')); + num = port >>> 8; + info.append(','); + info.append(num); + info.append(','); + num = port & 0xff; + info.append(num); + + return sendCommand(FTPCmd.PORT, info.toString()); + } + + /*** + * A convenience method to send the FTP EPRT command to the server, + * receive the reply, and return the reply code. + * + * Examples: + *

      + *
    • EPRT |1|132.235.1.2|6275|
      • + *
    • EPRT |2|1080::8:800:200C:417A|5282|
      • + *
    + * + * @see "http://www.faqs.org/rfcs/rfc2428.html" + * + * @param host The host owning the port. + * @param port The new port. + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int eprt(InetAddress host, int port) throws IOException { + int num; + StringBuilder info = new StringBuilder(); + String h; + + // If IPv6, trim the zone index + h = host.getHostAddress(); + num = h.indexOf('%'); + if (num > 0) { + h = h.substring(0, num); + } + + info.append("|"); + + if (host instanceof Inet4Address) { + info.append("1"); + } else if (host instanceof Inet6Address) { + info.append("2"); + } + info.append("|"); + info.append(h); + info.append("|"); + info.append(port); + info.append("|"); + + return sendCommand(FTPCmd.EPRT, info.toString()); + } + + /*** + * A convenience method to send the FTP PASV command to the server, + * receive the reply, and return the reply code. Remember, it's up + * to you to interpret the reply string containing the host/port + * information. + * + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int pasv() throws IOException { + return sendCommand(FTPCmd.PASV); + } + + /*** + * A convenience method to send the FTP EPSV command to the server, + * receive the reply, and return the reply code. Remember, it's up + * to you to interpret the reply string containing the host/port + * information. + * + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int epsv() throws IOException { + return sendCommand(FTPCmd.EPSV); + } + + /** + * A convenience method to send the FTP TYPE command for text files + * to the server, receive the reply, and return the reply code. + * + * @param fileType The type of the file (one of the FILE_TYPE + * constants). + * @param formatOrByteSize The format of the file (one of the + * _FORMAT constants. In the case of + * LOCAL_FILE_TYPE, the byte size. + * @return The reply code received from the server. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + */ + public int type(int fileType, int formatOrByteSize) throws IOException { + StringBuilder arg = new StringBuilder(); + + arg.append(__modes.charAt(fileType)); + arg.append(' '); + if (fileType == LOCAL_FILE_TYPE) { + arg.append(formatOrByteSize); + } else { + arg.append(__modes.charAt(formatOrByteSize)); + } + + return sendCommand(FTPCmd.TYPE, arg.toString()); + } + + + /** + * A convenience method to send the FTP TYPE command to the server, + * receive the reply, and return the reply code. + * + * @param fileType The type of the file (one of the FILE_TYPE + * constants). + * @return The reply code received from the server. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + */ + public int type(int fileType) throws IOException { + return sendCommand(FTPCmd.TYPE, + __modes.substring(fileType, fileType + 1)); + } + + /*** + * A convenience method to send the FTP STRU command to the server, + * receive the reply, and return the reply code. + * + * @param structure The structure of the file (one of the + * _STRUCTURE constants). + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int stru(int structure) throws IOException { + return sendCommand(FTPCmd.STRU, + __modes.substring(structure, structure + 1)); + } + + /*** + * A convenience method to send the FTP MODE command to the server, + * receive the reply, and return the reply code. + * + * @param mode The transfer mode to use (one of the + * TRANSFER_MODE constants). + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int mode(int mode) throws IOException { + return sendCommand(FTPCmd.MODE, + __modes.substring(mode, mode + 1)); + } + + /*** + * A convenience method to send the FTP RETR command to the server, + * receive the reply, and return the reply code. Remember, it is up + * to you to manage the data connection. If you don't need this low + * level of access, use {@link FTPClient} + * , which will handle all low level details for you. + * + * @param pathname The pathname of the file to retrieve. + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int retr(String pathname) throws IOException { + return sendCommand(FTPCmd.RETR, pathname); + } + + /*** + * A convenience method to send the FTP STOR command to the server, + * receive the reply, and return the reply code. Remember, it is up + * to you to manage the data connection. If you don't need this low + * level of access, use {@link FTPClient} + * , which will handle all low level details for you. + * + * @param pathname The pathname to use for the file when stored at + * the remote end of the transfer. + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int stor(String pathname) throws IOException { + return sendCommand(FTPCmd.STOR, pathname); + } + + /*** + * A convenience method to send the FTP STOU command to the server, + * receive the reply, and return the reply code. Remember, it is up + * to you to manage the data connection. If you don't need this low + * level of access, use {@link FTPClient} + * , which will handle all low level details for you. + * + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int stou() throws IOException { + return sendCommand(FTPCmd.STOU); + } + + /*** + * A convenience method to send the FTP STOU command to the server, + * receive the reply, and return the reply code. Remember, it is up + * to you to manage the data connection. If you don't need this low + * level of access, use {@link FTPClient} + * , which will handle all low level details for you. + * @param pathname The base pathname to use for the file when stored at + * the remote end of the transfer. Some FTP servers + * require this. + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + */ + public int stou(String pathname) throws IOException { + return sendCommand(FTPCmd.STOU, pathname); + } + + /*** + * A convenience method to send the FTP APPE command to the server, + * receive the reply, and return the reply code. Remember, it is up + * to you to manage the data connection. If you don't need this low + * level of access, use {@link FTPClient} + * , which will handle all low level details for you. + * + * @param pathname The pathname to use for the file when stored at + * the remote end of the transfer. + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int appe(String pathname) throws IOException { + return sendCommand(FTPCmd.APPE, pathname); + } + + /*** + * A convenience method to send the FTP ALLO command to the server, + * receive the reply, and return the reply code. + * + * @param bytes The number of bytes to allocate. + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int allo(int bytes) throws IOException { + return sendCommand(FTPCmd.ALLO, Integer.toString(bytes)); + } + + /** + * A convenience method to send the FTP FEAT command to the server, receive the reply, + * and return the reply code. + * + * @return The reply code received by the server + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + */ + public int feat() throws IOException { + return sendCommand(FTPCmd.FEAT); + } + + /*** + * A convenience method to send the FTP ALLO command to the server, + * receive the reply, and return the reply code. + * + * @param bytes The number of bytes to allocate. + * @param recordSize The size of a record. + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int allo(int bytes, int recordSize) throws IOException { + return sendCommand(FTPCmd.ALLO, Integer.toString(bytes) + " R " + + Integer.toString(recordSize)); + } + + /*** + * A convenience method to send the FTP REST command to the server, + * receive the reply, and return the reply code. + * + * @param marker The marker at which to restart a transfer. + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int rest(String marker) throws IOException { + return sendCommand(FTPCmd.REST, marker); + } + + + /** + * @param file name of file + * @return the status + * @throws IOException on error + **/ + public int mdtm(String file) throws IOException { + return sendCommand(FTPCmd.MDTM, file); + } + + + /** + * A convenience method to send the FTP MFMT command to the server, + * receive the reply, and return the reply code. + * + * @param pathname The pathname for which mtime is to be changed + * @param timeval Timestamp in YYYYMMDDhhmmss format + * @return The reply code received from the server. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + * @see http://tools.ietf.org/html/draft-somers-ftp-mfxx-04 + **/ + public int mfmt(String pathname, String timeval) throws IOException { + return sendCommand(FTPCmd.MFMT, timeval + " " + pathname); + } + + + /*** + * A convenience method to send the FTP RNFR command to the server, + * receive the reply, and return the reply code. + * + * @param pathname The pathname to rename from. + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int rnfr(String pathname) throws IOException { + return sendCommand(FTPCmd.RNFR, pathname); + } + + /*** + * A convenience method to send the FTP RNTO command to the server, + * receive the reply, and return the reply code. + * + * @param pathname The pathname to rename to + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int rnto(String pathname) throws IOException { + return sendCommand(FTPCmd.RNTO, pathname); + } + + /*** + * A convenience method to send the FTP DELE command to the server, + * receive the reply, and return the reply code. + * + * @param pathname The pathname to delete. + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int dele(String pathname) throws IOException { + return sendCommand(FTPCmd.DELE, pathname); + } + + /*** + * A convenience method to send the FTP RMD command to the server, + * receive the reply, and return the reply code. + * + * @param pathname The pathname of the directory to remove. + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int rmd(String pathname) throws IOException { + return sendCommand(FTPCmd.RMD, pathname); + } + + /*** + * A convenience method to send the FTP MKD command to the server, + * receive the reply, and return the reply code. + * + * @param pathname The pathname of the new directory to create. + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int mkd(String pathname) throws IOException { + return sendCommand(FTPCmd.MKD, pathname); + } + + /*** + * A convenience method to send the FTP PWD command to the server, + * receive the reply, and return the reply code. + * + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int pwd() throws IOException { + return sendCommand(FTPCmd.PWD); + } + + /*** + * A convenience method to send the FTP LIST command to the server, + * receive the reply, and return the reply code. Remember, it is up + * to you to manage the data connection. If you don't need this low + * level of access, use {@link FTPClient} + * , which will handle all low level details for you. + * + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int list() throws IOException { + return sendCommand(FTPCmd.LIST); + } + + /*** + * A convenience method to send the FTP LIST command to the server, + * receive the reply, and return the reply code. Remember, it is up + * to you to manage the data connection. If you don't need this low + * level of access, use {@link FTPClient} + * , which will handle all low level details for you. + * + * @param pathname The pathname to list, + * may be {@code null} in which case the command is sent with no parameters + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int list(String pathname) throws IOException { + return sendCommand(FTPCmd.LIST, pathname); + } + + /** + * A convenience method to send the FTP MLSD command to the server, + * receive the reply, and return the reply code. Remember, it is up + * to you to manage the data connection. If you don't need this low + * level of access, use {@link FTPClient} + * , which will handle all low level details for you. + * + * @return The reply code received from the server. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + */ + public int mlsd() throws IOException { + return sendCommand(FTPCmd.MLSD); + } + + /** + * A convenience method to send the FTP MLSD command to the server, + * receive the reply, and return the reply code. Remember, it is up + * to you to manage the data connection. If you don't need this low + * level of access, use {@link FTPClient} + * , which will handle all low level details for you. + * + * @param path the path to report on + * @return The reply code received from the server, + * may be {@code null} in which case the command is sent with no parameters + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + */ + public int mlsd(String path) throws IOException { + return sendCommand(FTPCmd.MLSD, path); + } + + /** + * A convenience method to send the FTP MLST command to the server, + * receive the reply, and return the reply code. Remember, it is up + * to you to manage the data connection. If you don't need this low + * level of access, use {@link FTPClient} + * , which will handle all low level details for you. + * + * @return The reply code received from the server. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + */ + public int mlst() throws IOException { + return sendCommand(FTPCmd.MLST); + } + + /** + * A convenience method to send the FTP MLST command to the server, + * receive the reply, and return the reply code. Remember, it is up + * to you to manage the data connection. If you don't need this low + * level of access, use {@link FTPClient} + * , which will handle all low level details for you. + * + * @param path the path to report on + * @return The reply code received from the server, + * may be {@code null} in which case the command is sent with no parameters + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + */ + public int mlst(String path) throws IOException { + return sendCommand(FTPCmd.MLST, path); + } + + /*** + * A convenience method to send the FTP NLST command to the server, + * receive the reply, and return the reply code. Remember, it is up + * to you to manage the data connection. If you don't need this low + * level of access, use {@link FTPClient} + * , which will handle all low level details for you. + * + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int nlst() throws IOException { + return sendCommand(FTPCmd.NLST); + } + + /*** + * A convenience method to send the FTP NLST command to the server, + * receive the reply, and return the reply code. Remember, it is up + * to you to manage the data connection. If you don't need this low + * level of access, use {@link FTPClient} + * , which will handle all low level details for you. + * + * @param pathname The pathname to list, + * may be {@code null} in which case the command is sent with no parameters + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int nlst(String pathname) throws IOException { + return sendCommand(FTPCmd.NLST, pathname); + } + + /*** + * A convenience method to send the FTP SITE command to the server, + * receive the reply, and return the reply code. + * + * @param parameters The site parameters to send. + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int site(String parameters) throws IOException { + return sendCommand(FTPCmd.SITE, parameters); + } + + /*** + * A convenience method to send the FTP SIZE command to the server, + * receive the reply, and return the reply code. + * + * @param parameters The site parameters to send. + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int size(String parameters) throws IOException { + return sendCommand(FTPCmd.SIZE, parameters); + } + + /*** + * A convenience method to send the FTP SYST command to the server, + * receive the reply, and return the reply code. + * + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int syst() throws IOException { + return sendCommand(FTPCmd.SYST); + } + + /*** + * A convenience method to send the FTP STAT command to the server, + * receive the reply, and return the reply code. + * + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int stat() throws IOException { + return sendCommand(FTPCmd.STAT); + } + + /*** + * A convenience method to send the FTP STAT command to the server, + * receive the reply, and return the reply code. + * + * @param pathname A pathname to list. + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int stat(String pathname) throws IOException { + return sendCommand(FTPCmd.STAT, pathname); + } + + /*** + * A convenience method to send the FTP HELP command to the server, + * receive the reply, and return the reply code. + * + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int help() throws IOException { + return sendCommand(FTPCmd.HELP); + } + + /*** + * A convenience method to send the FTP HELP command to the server, + * receive the reply, and return the reply code. + * + * @param command The command name on which to request help. + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int help(String command) throws IOException { + return sendCommand(FTPCmd.HELP, command); + } + + /*** + * A convenience method to send the FTP NOOP command to the server, + * receive the reply, and return the reply code. + * + * @return The reply code received from the server. + * @throws ConnectionClosedException + * If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending the + * command or receiving the server reply. + ***/ + public int noop() throws IOException { + return sendCommand(FTPCmd.NOOP); + } + + /** + * Return whether strict multiline parsing is enabled, as per RFC 959, section 4.2. + * + * @return True if strict, false if lenient + */ + public boolean isStrictMultilineParsing() { + return strictMultilineParsing; + } + + /** + * Set strict multiline parsing. + * + * @param strictMultilineParsing the setting + */ + public void setStrictMultilineParsing(boolean strictMultilineParsing) { + this.strictMultilineParsing = strictMultilineParsing; + } + + /** + * Return whether strict non-multiline parsing is enabled, as per RFC 959, section 4.2. + * The default is true, which requires the 3 digit code be followed by space and some text. + * If false, only the 3 digit code is required (as was the case for versions up to 3.5) + * + * @return True if strict (default), false if additional checks are not made + */ + public boolean isStrictReplyParsing() { + return strictReplyParsing; + } + + /** + * Set strict non-multiline parsing. + * If true, it requires the 3 digit code be followed by space and some text. + * If false, only the 3 digit code is required (as was the case for versions up to 3.5) + * This should not be required by a well-behaved FTP server + * + * @param strictReplyParsing the setting + */ + public void setStrictReplyParsing(boolean strictReplyParsing) { + this.strictReplyParsing = strictReplyParsing; + } + + /** + * Provide command support to super-class + */ + @Override + protected ProtocolCommandSupport getCommandSupport() { + return protocolCommandSupport; + } +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPClient.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPClient.java new file mode 100644 index 0000000..648e6e2 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPClient.java @@ -0,0 +1,3560 @@ +package org.xbib.io.ftp.client; + +import org.xbib.io.ftp.client.parser.DefaultFTPFileEntryParserFactory; +import org.xbib.io.ftp.client.parser.FTPFileEntryParserFactory; +import org.xbib.io.ftp.client.parser.MLSxEntryParser; +import org.xbib.io.ftp.client.parser.ParserInitializationException; + +import java.io.BufferedInputStream; +import java.io.BufferedOutputStream; +import java.io.BufferedReader; +import java.io.BufferedWriter; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.OutputStream; +import java.io.OutputStreamWriter; +import java.io.Reader; +import java.net.Inet6Address; +import java.net.InetAddress; +import java.net.InetSocketAddress; +import java.net.ServerSocket; +import java.net.Socket; +import java.net.SocketException; +import java.net.SocketTimeoutException; +import java.net.UnknownHostException; +import java.time.ZonedDateTime; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Locale; +import java.util.Properties; +import java.util.Random; +import java.util.Set; +import java.util.regex.Pattern; + +/** + * FTPClient encapsulates all the functionality necessary to store and + * retrieve files from an FTP server. This class takes care of all + * low level details of interacting with an FTP server and provides + * a convenient higher level interface. As with all classes derived + * from {@link SocketClient}, + * you must first connect to the server with + * {@link SocketClient#connect connect } + * before doing anything, and finally + * {@link SocketClient#disconnect disconnect } + * after you're completely finished interacting with the server. + * Then you need to check the FTP reply code to see if the connection + * was successful. For example: + * 
    + *    FTPClient ftp = new FTPClient();
+ *    FTPClientConfig config = new FTPClientConfig();
+ *    config.setXXX(YYY); // change required options
+ *    // for example config.setServerTimeZoneId("Pacific/Pitcairn")
+ *    ftp.configure(config );
+ *    boolean error = false;
+ *    try {
+ *      int reply;
+ *      String server = "ftp.example.com";
+ *      ftp.connect(server);
+ *      System.out.println("Connected to " + server + ".");
+ *      System.out.print(ftp.getReplyString());
+ *
+ *      // After connection attempt, you should check the reply code to verify
+ *      // success.
+ *      reply = ftp.getReplyCode();
+ *
+ *      if(!FTPReply.isPositiveCompletion(reply)) {
+ *        ftp.disconnect();
+ *        System.err.println("FTP server refused connection.");
+ *        System.exit(1);
+ *      }
+ *      ... // transfer files
+ *      ftp.logout();
+ *    } catch(IOException e) {
+ *      error = true;
+ *      e.printStackTrace();
+ *    } finally {
+ *      if(ftp.isConnected()) {
+ *        try {
+ *          ftp.disconnect();
+ *        } catch(IOException ioe) {
+ *          // do nothing
+ *        }
+ *      }
+ *      System.exit(error ? 1 : 0);
+ *    }
+ *
    + *

    + * Immediately after connecting is the only real time you need to check the + * reply code (because connect is of type void). The convention for all the + * FTP command methods in FTPClient is such that they either return a + * boolean value or some other value. + * The boolean methods return true on a successful completion reply from + * the FTP server and false on a reply resulting in an error condition or + * failure. The methods returning a value other than boolean return a value + * containing the higher level data produced by the FTP command, or null if a + * reply resulted in an error condition or failure. If you want to access + * the exact FTP reply code causing a success or failure, you must call + * {@link FTP#getReplyCode getReplyCode } after + * a success or failure. + *

    + * The default settings for FTPClient are for it to use + * FTP.ASCII_FILE_TYPE , + * FTP.NON_PRINT_TEXT_FORMAT , + * FTP.STREAM_TRANSFER_MODE , and + * FTP.FILE_STRUCTURE . The only file types directly supported + * are FTP.ASCII_FILE_TYPE and + * FTP.BINARY_FILE_TYPE . Because there are at least 4 + * different EBCDIC encodings, we have opted not to provide direct support + * for EBCDIC. To transfer EBCDIC and other unsupported file types you + * must create your own filter InputStreams and OutputStreams and wrap + * them around the streams returned or required by the FTPClient methods. + * FTPClient uses the {@link ToNetASCIIOutputStream NetASCII} + * filter streams to provide transparent handling of ASCII files. We will + * consider incorporating EBCDIC support if there is enough demand. + *

    + * FTP.NON_PRINT_TEXT_FORMAT , + * FTP.STREAM_TRANSFER_MODE , and + * FTP.FILE_STRUCTURE are the only supported formats, + * transfer modes, and file structures. + *

    + * Because the handling of sockets on different platforms can differ + * significantly, the FTPClient automatically issues a new PORT (or EPRT) command + * prior to every transfer requiring that the server connect to the client's + * data port. This ensures identical problem-free behavior on Windows, Unix, + * and Macintosh platforms. Additionally, it relieves programmers from + * having to issue the PORT (or EPRT) command themselves and dealing with platform + * dependent issues. + *

    + * Additionally, for security purposes, all data connections to the + * client are verified to ensure that they originated from the intended + * party (host and port). If a data connection is initiated by an unexpected + * party, the command will close the socket and throw an IOException. You + * may disable this behavior with + * {@link #setRemoteVerificationEnabled setRemoteVerificationEnabled()}. + *

    + * You should keep in mind that the FTP server may choose to prematurely + * close a connection if the client has been idle for longer than a + * given time period (usually 900 seconds). The FTPClient class will detect a + * premature FTP server connection closing when it receives a + * {@link FTPReply#SERVICE_NOT_AVAILABLE FTPReply.SERVICE_NOT_AVAILABLE } + * response to a command. + * When that occurs, the FTP class method encountering that reply will throw + * an {@link ConnectionClosedException} + * . + * FTPConnectionClosedException + * is a subclass of IOException and therefore need not be + * caught separately, but if you are going to catch it separately, its + * catch block must appear before the more general IOException + * catch block. When you encounter an + * {@link ConnectionClosedException} + * , you must disconnect the connection with + * {@link #disconnect disconnect() } to properly clean up the + * system resources used by FTPClient. Before disconnecting, you may check the + * last reply code and text with + * {@link FTP#getReplyCode getReplyCode }, + * {@link FTP#getReplyString getReplyString }, + * and + * {@link FTP#getReplyStrings getReplyStrings}. + * You may avoid server disconnections while the client is idle by + * periodically sending NOOP commands to the server. + *

    + * Rather than list it separately for each method, we mention here that + * every method communicating with the server and throwing an IOException + * can also throw a + * {@link MalformedServerReplyException} + * , which is a subclass + * of IOException. A MalformedServerReplyException will be thrown when + * the reply received from the server deviates enough from the protocol + * specification that it cannot be interpreted in a useful manner despite + * attempts to be as lenient as possible. + *

    + * Listing API Examples + * Both paged and unpaged examples of directory listings are available, + * as follows: + *

    + * Unpaged (whole list) access, using a parser accessible by auto-detect: + * 

    + *    FTPClient f = new FTPClient();
+ *    f.connect(server);
+ *    f.login(username, password);
+ *    FTPFile[] files = f.listFiles(directory);
+ *
    + *

    + * Paged access, using a parser not accessible by auto-detect. The class + * defined in the first parameter of initateListParsing should be derived + * from {@link FTPFileEntryParser}: + * 

    + *    FTPClient f = new FTPClient();
+ *    f.connect(server);
+ *    f.login(username, password);
+ *    FTPListParseEngine engine =
+ *       f.initiateListParsing("com.whatever.YourOwnParser", directory);
+ *
+ *    while (engine.hasNext()) {
+ *       FTPFile[] files = engine.getNext(25);  // "page size" you want
+ *       //do whatever you want with these files, display them, etc.
+ *       //expensive FTPFile objects not created until needed.
+ *    }
+ *
    + *

    + * Paged access, using a parser accessible by auto-detect: + * 

    + *    FTPClient f = new FTPClient();
+ *    f.connect(server);
+ *    f.login(username, password);
+ *    FTPListParseEngine engine = f.initiateListParsing(directory);
+ *
+ *    while (engine.hasNext()) {
+ *       FTPFile[] files = engine.getNext(25);  // "page size" you want
+ *       //do whatever you want with these files, display them, etc.
+ *       //expensive FTPFile objects not created until needed.
+ *    }
+ *
    + *

    + * For examples of using FTPClient on servers whose directory listings + *

      + *
    • use languages other than English
      • + *
    • use date formats other than the American English "standard" MM d yyyy
      • + *
    • are in different timezones and you need accurate timestamps for dependency checking + * as in Ant
      • + *
    see {@link FTPClientConfig FTPClientConfig}. + *

    + * Control channel keep-alive feature: + *

    + * Please note: this does not apply to the methods where the user is responsible for writing or reading + * the data stream, i.e. {@link #retrieveFileStream(String)} , {@link #storeFileStream(String)} + * and the other xxxFileStream methods + *

    + * During file transfers, the data connection is busy, but the control connection is idle. + * FTP servers know that the control connection is in use, so won't close it through lack of activity, + * but it's a lot harder for network routers to know that the control and data connections are associated + * with each other. + * Some routers may treat the control connection as idle, and disconnect it if the transfer over the data + * connection takes longer than the allowable idle time for the router. + *
    + * One solution to this is to send a safe command (i.e. NOOP) over the control connection to reset the router's + * idle timer. This is enabled as follows: + * 

    + *     ftpClient.setControlKeepAliveTimeout(300); // set timeout to 5 minutes
+ *
    + * This will cause the file upload/download methods to send a NOOP approximately every 5 minutes. + * The following public methods support this: + *
      + *
    • {@link #retrieveFile(String, OutputStream)}
      • + *
    • {@link #appendFile(String, InputStream)}
      • + *
    • {@link #storeFile(String, InputStream)}
      • + *
    • {@link #storeUniqueFile(InputStream)}
      • + *
    • {@link #storeUniqueFileStream(String)}
      • + *
    + * This feature does not apply to the methods where the user is responsible for writing or reading + * the data stream, i.e. {@link #retrieveFileStream(String)} , {@link #storeFileStream(String)} + * and the other xxxFileStream methods. + * In such cases, the user is responsible for keeping the control connection alive if necessary. + *

    + * The implementation currently uses a {@link CopyStreamListener} which is passed to the + * {@link Util#copyStream(InputStream, OutputStream, int, long, CopyStreamListener, boolean)} + * method, so the timing is partially dependent on how long each block transfer takes. + *

    + * This keep-alive feature is optional; if it does not help or causes problems then don't use it. + * + * @see #FTP_SYSTEM_TYPE + * @see #SYSTEM_TYPE_PROPERTIES + * @see FTP + * @see ConnectionClosedException + * @see FTPFileEntryParser + * @see FTPFileEntryParserFactory + * @see DefaultFTPFileEntryParserFactory + * @see FTPClientConfig + * @see MalformedServerReplyException + */ +public class FTPClient extends FTP implements Configurable { + /** + * The system property ({@value}) which can be used to override the system type.
    + * If defined, the value will be used to create any automatically created parsers. + */ + public static final String FTP_SYSTEM_TYPE = "org.xbib.io.ftp.systemType"; + + /** + * The system property ({@value}) which can be used as the default system type.
    + * If defined, the value will be used if the SYST command fails. + * + */ + public static final String FTP_SYSTEM_TYPE_DEFAULT = "org.xbib.io.ftp.systemType.default"; + + /** + * The name of an optional systemType properties file ({@value}), which is loaded + * using {@link Class#getResourceAsStream(String)}.
    + * The entries are the systemType (as determined by {@link FTPClient#getSystemType}) + * and the values are the replacement type or parserClass, which is passed to + * {@link FTPFileEntryParserFactory#createFileEntryParser(String)}.
    + * For example: + * 

    +     * Plan 9=Unix
+     * OS410=OS400FTPEntryParser
+     *
    + */ + public static final String SYSTEM_TYPE_PROPERTIES = "/systemType.properties"; + + /** + * A constant indicating the FTP session is expecting all transfers + * to occur between the client (local) and server and that the server + * should connect to the client's data port to initiate a data transfer. + * This is the default data connection mode when and FTPClient instance + * is created. + */ + public static final int ACTIVE_LOCAL_DATA_CONNECTION_MODE = 0; + /** + * A constant indicating the FTP session is expecting all transfers + * to occur between two remote servers and that the server + * the client is connected to should connect to the other server's + * data port to initiate a data transfer. + */ + public static final int ACTIVE_REMOTE_DATA_CONNECTION_MODE = 1; + /** + * A constant indicating the FTP session is expecting all transfers + * to occur between the client (local) and server and that the server + * is in passive mode, requiring the client to connect to the + * server's data port to initiate a transfer. + */ + public static final int PASSIVE_LOCAL_DATA_CONNECTION_MODE = 2; + /** + * A constant indicating the FTP session is expecting all transfers + * to occur between two remote servers and that the server + * the client is connected to is in passive mode, requiring the other + * server to connect to the first server's data port to initiate a data + * transfer. + */ + public static final int PASSIVE_REMOTE_DATA_CONNECTION_MODE = 3; + /** + * Pattern for PASV mode responses. Groups: (n,n,n,n),(n),(n) + */ + private static final Pattern __PARMS_PAT; + + static { + __PARMS_PAT = Pattern.compile("(\\d{1,3},\\d{1,3},\\d{1,3},\\d{1,3}),(\\d{1,3}),(\\d{1,3})"); + } + + private final Random random; + private int dataConnectionMode; + private int dataTimeout; + private int passivePort; + private String passiveHost; + private int activeMinPort; + private int activeMaxPort; + private InetAddress activeExternalHost; + private InetAddress reportActiveExternalHost; + private InetAddress passiveLocalHost; + private int fileType; + private boolean remoteVerificationEnabled; + private long restartOffset; + private FTPFileEntryParserFactory entryParserFactory; + private int bufferSize; + private int sendDataSocketBufferSize; + private int receiveDataSocketBufferSize; + private boolean listHiddenFiles; + private boolean useEPSVwithIPv4; + private String systemName; + private FTPFileEntryParser fileEntryParser; + private String entryParserKey; + private FTPClientConfig ftpClientConfig; + private CopyStreamListener copyStreamListener; + private long controlKeepAliveTimeout; + private int controlKeepAliveReplyTimeout = 1000; + /** + * Enable or disable replacement of internal IP in passive mode. Default enabled + * using {code NatServerResolverImpl}. + */ + private HostnameResolver __passiveNatWorkaroundStrategy = new NatServerResolverImpl(this); + /** + * Controls the automatic server encoding detection (only UTF-8 supported). + */ + private boolean __autodetectEncoding = true; + + /** + * Map of FEAT responses. If null, has not been initialised. + */ + private HashMap> __featuresMap; + + /** + * Default FTPClient constructor. Creates a new FTPClient instance + * with the data connection mode set to + * ACTIVE_LOCAL_DATA_CONNECTION_MODE , the file type + * set to FTP.ASCII_FILE_TYPE , the + * file format set to FTP.NON_PRINT_TEXT_FORMAT , + * the file structure set to FTP.FILE_STRUCTURE , and + * the transfer mode set to FTP.STREAM_TRANSFER_MODE . + *

    + * The list parsing auto-detect feature can be configured to use lenient future + * dates (short dates may be up to one day in the future) as follows: + * 

    +     * FTPClient ftp = new FTPClient();
+     * FTPClientConfig config = new FTPClientConfig();
+     * config.setLenientFutureDates(true);
+     * ftp.configure(config );
+     *
    + */ + public FTPClient() { + initDefaults(); + dataTimeout = -1; + remoteVerificationEnabled = true; + entryParserFactory = new DefaultFTPFileEntryParserFactory(); + ftpClientConfig = null; + listHiddenFiles = false; + useEPSVwithIPv4 = false; + random = new Random(); + passiveLocalHost = null; + } + + private static Properties getOverrideProperties() { + return PropertiesSingleton.PROPERTIES; + } + + /** + * Parse the pathname from a CWD reply. + *

    + * According to RFC959 (http://www.ietf.org/rfc/rfc959.txt), + * it should be the same as for MKD i.e. + * {@code 257""[commentary]} + * where any double-quotes in {@code } are doubled. + * Unlike MKD, the commentary is optional. + *

    + * However, see NET-442 for an exception. + * + * @param reply + * @return the pathname, without enclosing quotes, + * or the full string after the reply code and space if the syntax is invalid + * (i.e. enclosing quotes are missing or embedded quotes are not doubled) + */ + // package protected for access by test cases + static String __parsePathname(String reply) { + String param = reply.substring(REPLY_CODE_LEN + 1); + if (param.startsWith("\"")) { + StringBuilder sb = new StringBuilder(); + boolean quoteSeen = false; + // start after initial quote + for (int i = 1; i < param.length(); i++) { + char ch = param.charAt(i); + if (ch == '"') { + if (quoteSeen) { + sb.append(ch); + quoteSeen = false; + } else { + // don't output yet, in case doubled + quoteSeen = true; + } + } else { + if (quoteSeen) { // found lone trailing quote within string + return sb.toString(); + } + sb.append(ch); // just another character + } + } + if (quoteSeen) { // found lone trailing quote at end of string + return sb.toString(); + } + } + // malformed reply, return all after reply code and space + return param; + } + + private void initDefaults() { + dataConnectionMode = ACTIVE_LOCAL_DATA_CONNECTION_MODE; + passiveHost = null; + passivePort = -1; + activeExternalHost = null; + reportActiveExternalHost = null; + activeMinPort = 0; + activeMaxPort = 0; + fileType = ASCII_FILE_TYPE; + restartOffset = 0; + systemName = null; + fileEntryParser = null; + entryParserKey = ""; + __featuresMap = null; + } + + /** + * @param reply the reply to parse + * @throws MalformedServerReplyException if the server reply does not match (n,n,n,n),(n),(n) + */ + protected void _parsePassiveModeReply(String reply) + throws MalformedServerReplyException { + java.util.regex.Matcher m = __PARMS_PAT.matcher(reply); + if (!m.find()) { + throw new MalformedServerReplyException( + "Could not parse passive host information.\nServer Reply: " + reply); + } + + passiveHost = m.group(1).replace(',', '.'); // Fix up to look like IP address + + try { + int oct1 = Integer.parseInt(m.group(2)); + int oct2 = Integer.parseInt(m.group(3)); + passivePort = (oct1 << 8) | oct2; + } catch (NumberFormatException e) { + throw new MalformedServerReplyException( + "Could not parse passive port information.\nServer Reply: " + reply); + } + + if (__passiveNatWorkaroundStrategy != null) { + try { + String passiveHost = __passiveNatWorkaroundStrategy.resolve(this.passiveHost); + if (!this.passiveHost.equals(passiveHost)) { + fireReplyReceived(0, + "[Replacing PASV mode reply address " + this.passiveHost + " with " + passiveHost + "]\n"); + this.passiveHost = passiveHost; + } + } catch (UnknownHostException e) { // Should not happen as we are passing in an IP address + throw new MalformedServerReplyException( + "Could not parse passive host information.\nServer Reply: " + reply); + } + } + } + + protected void _parseExtendedPassiveModeReply(String reply) + throws MalformedServerReplyException { + reply = reply.substring(reply.indexOf('(') + 1, + reply.indexOf(')')).trim(); + + char delim1, delim2, delim3, delim4; + delim1 = reply.charAt(0); + delim2 = reply.charAt(1); + delim3 = reply.charAt(2); + delim4 = reply.charAt(reply.length() - 1); + + if (!(delim1 == delim2) || !(delim2 == delim3) + || !(delim3 == delim4)) { + throw new MalformedServerReplyException( + "Could not parse extended passive host information.\nServer Reply: " + reply); + } + + int port; + try { + port = Integer.parseInt(reply.substring(3, reply.length() - 1)); + } catch (NumberFormatException e) { + throw new MalformedServerReplyException( + "Could not parse extended passive host information.\nServer Reply: " + reply); + } + + + // in EPSV mode, the passive host address is implicit + passiveHost = getRemoteAddress().getHostAddress(); + passivePort = port; + } + + private boolean __storeFile(FTPCmd command, String remote, InputStream local) + throws IOException { + return _storeFile(command.getCommand(), remote, local); + } + + /** + * @param command the command to send + * @param remote the remote file name + * @param local The local InputStream from which to read the data to + * be written/appended to the remote file. + * @return true if successful + * @throws IOException on error + */ + protected boolean _storeFile(String command, String remote, InputStream local) + throws IOException { + Socket socket = _openDataConnection_(command, remote); + + if (socket == null) { + return false; + } + + final OutputStream output; + + if (fileType == ASCII_FILE_TYPE) { + output = new ToNetASCIIOutputStream(getBufferedOutputStream(socket.getOutputStream())); + } else { + output = getBufferedOutputStream(socket.getOutputStream()); + } + + CSL csl = null; + if (controlKeepAliveTimeout > 0) { + csl = new CSL(this, controlKeepAliveTimeout, controlKeepAliveReplyTimeout); + } + + // Treat everything else as binary for now + try { + Util.copyStream(local, output, getBufferSize(), + CopyStreamEvent.UNKNOWN_STREAM_SIZE, __mergeListeners(csl), + false); + output.close(); // ensure the file is fully written + socket.close(); // done writing the file + + // Get the transfer response + return completePendingCommand(); + } catch (IOException e) { + Util.closeQuietly(output); // ignore close errors here + Util.closeQuietly(socket); // ignore close errors here + throw e; + } finally { + if (csl != null) { + csl.cleanUp(); // fetch any outstanding keepalive replies + } + } + } + + private OutputStream __storeFileStream(FTPCmd command, String remote) + throws IOException { + return _storeFileStream(command.getCommand(), remote); + } + + /** + * @param command the command to send + * @param remote the remote file name + * @return the output stream to write to + * @throws IOException on error + */ + protected OutputStream _storeFileStream(String command, String remote) + throws IOException { + Socket socket = _openDataConnection_(command, remote); + + if (socket == null) { + return null; + } + + final OutputStream output; + if (fileType == ASCII_FILE_TYPE) { + // We buffer ascii transfers because the buffering has to + // be interposed between ToNetASCIIOutputSream and the underlying + // socket output stream. We don't buffer binary transfers + // because we don't want to impose a buffering policy on the + // programmer if possible. Programmers can decide on their + // own if they want to wrap the SocketOutputStream we return + // for file types other than ASCII. + output = new ToNetASCIIOutputStream(getBufferedOutputStream(socket.getOutputStream())); + } else { + output = socket.getOutputStream(); + } + return new SocketOutputStream(socket, output); + } + + /** + * Establishes a data connection with the FTP server, returning + * a Socket for the connection if successful. If a restart + * offset has been set with {@link #setRestartOffset(long)}, + * a REST command is issued to the server with the offset as + * an argument before establishing the data connection. Active + * mode connections also cause a local PORT command to be issued. + * + * @param command The int representation of the FTP command to send. + * @param arg The arguments to the FTP command. If this parameter is + * set to null, then the command is sent with no argument. + * @return A Socket corresponding to the established data connection. + * Null is returned if an FTP protocol error is reported at + * any point during the establishment and initialization of + * the connection. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + protected Socket _openDataConnection_(FTPCmd command, String arg) + throws IOException { + return _openDataConnection_(command.getCommand(), arg); + } + + /** + * Establishes a data connection with the FTP server, returning + * a Socket for the connection if successful. If a restart + * offset has been set with {@link #setRestartOffset(long)}, + * a REST command is issued to the server with the offset as + * an argument before establishing the data connection. Active + * mode connections also cause a local PORT command to be issued. + * + * @param command The text representation of the FTP command to send. + * @param arg The arguments to the FTP command. If this parameter is + * set to null, then the command is sent with no argument. + * @return A Socket corresponding to the established data connection. + * Null is returned if an FTP protocol error is reported at + * any point during the establishment and initialization of + * the connection. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + protected Socket _openDataConnection_(String command, String arg) + throws IOException { + if (dataConnectionMode != ACTIVE_LOCAL_DATA_CONNECTION_MODE && + dataConnectionMode != PASSIVE_LOCAL_DATA_CONNECTION_MODE) { + return null; + } + + final boolean isInet6Address = getRemoteAddress() instanceof Inet6Address; + + Socket socket; + + if (dataConnectionMode == ACTIVE_LOCAL_DATA_CONNECTION_MODE) { + // if no activePortRange was set (correctly) -> getActivePort() = 0 + // -> new ServerSocket(0) -> bind to any free local port + ServerSocket server = serverSocketFactory.createServerSocket(getActivePort(), 1, getHostAddress()); + + try { + // Try EPRT only if remote server is over IPv6, if not use PORT, + // because EPRT has no advantage over PORT on IPv4. + // It could even have the disadvantage, + // that EPRT will make the data connection fail, because + // today's intelligent NAT Firewalls are able to + // substitute IP addresses in the PORT command, + // but might not be able to recognize the EPRT command. + if (isInet6Address) { + if (!FTPReply.isPositiveCompletion(eprt(getReportHostAddress(), server.getLocalPort()))) { + return null; + } + } else { + if (!FTPReply.isPositiveCompletion(port(getReportHostAddress(), server.getLocalPort()))) { + return null; + } + } + + if ((restartOffset > 0) && !restart(restartOffset)) { + return null; + } + + if (!FTPReply.isPositivePreliminary(sendCommand(command, arg))) { + return null; + } + + // For now, let's just use the data timeout value for waiting for + // the data connection. It may be desirable to let this be a + // separately configurable value. In any case, we really want + // to allow preventing the accept from blocking indefinitely. + if (dataTimeout >= 0) { + server.setSoTimeout(dataTimeout); + } + socket = server.accept(); + + // Ensure the timeout is set before any commands are issued on the new socket + if (dataTimeout >= 0) { + socket.setSoTimeout(dataTimeout); + } + if (receiveDataSocketBufferSize > 0) { + socket.setReceiveBufferSize(receiveDataSocketBufferSize); + } + if (sendDataSocketBufferSize > 0) { + socket.setSendBufferSize(sendDataSocketBufferSize); + } + } finally { + server.close(); + } + } else { // We must be in PASSIVE_LOCAL_DATA_CONNECTION_MODE + + // Try EPSV command first on IPv6 - and IPv4 if enabled. + // When using IPv4 with NAT it has the advantage + // to work with more rare configurations. + // E.g. if FTP server has a static PASV address (external network) + // and the client is coming from another internal network. + // In that case the data connection after PASV command would fail, + // while EPSV would make the client succeed by taking just the port. + boolean attemptEPSV = isUseEPSVwithIPv4() || isInet6Address; + if (attemptEPSV && epsv() == FTPReply.ENTERING_EPSV_MODE) { + _parseExtendedPassiveModeReply(replyLines.get(0)); + } else { + if (isInet6Address) { + return null; // Must use EPSV for IPV6 + } + // If EPSV failed on IPV4, revert to PASV + if (pasv() != FTPReply.ENTERING_PASSIVE_MODE) { + return null; + } + _parsePassiveModeReply(replyLines.get(0)); + } + + socket = socketFactory.createSocket(); + if (receiveDataSocketBufferSize > 0) { + socket.setReceiveBufferSize(receiveDataSocketBufferSize); + } + if (sendDataSocketBufferSize > 0) { + socket.setSendBufferSize(sendDataSocketBufferSize); + } + if (passiveLocalHost != null) { + socket.bind(new InetSocketAddress(passiveLocalHost, 0)); + } + + // For now, let's just use the data timeout value for waiting for + // the data connection. It may be desirable to let this be a + // separately configurable value. In any case, we really want + // to allow preventing the accept from blocking indefinitely. + if (dataTimeout >= 0) { + socket.setSoTimeout(dataTimeout); + } + + socket.connect(new InetSocketAddress(passiveHost, passivePort), connectTimeout); + if ((restartOffset > 0) && !restart(restartOffset)) { + socket.close(); + return null; + } + + if (!FTPReply.isPositivePreliminary(sendCommand(command, arg))) { + socket.close(); + return null; + } + } + + if (remoteVerificationEnabled && !verifyRemote(socket)) { + socket.close(); + + throw new IOException( + "Host attempting data connection " + socket.getInetAddress().getHostAddress() + + " is not same as server " + getRemoteAddress().getHostAddress()); + } + + return socket; + } + + @Override + protected void _connectAction_() throws IOException { + _connectAction_(null); + } + + /** + * @param socketIsReader the reader to reuse (if non-null) + * @throws IOException on error + */ + @Override + protected void _connectAction_(Reader socketIsReader) throws IOException { + super._connectAction_(socketIsReader); // sets up _input_ and _output_ + initDefaults(); + // must be after super._connectAction_(), because otherwise we get an + // Exception claiming we're not connected + if (__autodetectEncoding) { + ArrayList oldReplyLines = new ArrayList(replyLines); + int oldReplyCode = replyCode; + if (hasFeature("UTF8") || hasFeature("UTF-8")) { + setControlEncoding("UTF-8"); + bufferedReader = + new CRLFLineReader(new InputStreamReader(inputStream, getControlEncoding())); + bufferedWriter = + new BufferedWriter(new OutputStreamWriter(outputStream, getControlEncoding())); + } + // restore the original reply (server greeting) + replyLines.clear(); + replyLines.addAll(oldReplyLines); + replyCode = oldReplyCode; + newReplyString = true; + } + } + + /** + * Sets the timeout in milliseconds to use when reading from the + * data connection. This timeout will be set immediately after + * opening the data connection, provided that the value is ≥ 0. + *

    + * Note: the timeout will also be applied when calling accept() + * whilst establishing an active local data connection. + * + * @param timeout The default timeout in milliseconds that is used when + * opening a data connection socket. The value 0 means an infinite timeout. + */ + public void setDataTimeout(int timeout) { + dataTimeout = timeout; + } + + /** + * set the factory used for parser creation to the supplied factory object. + * + * @param parserFactory factory object used to create FTPFileEntryParsers + * @see FTPFileEntryParserFactory + * @see DefaultFTPFileEntryParserFactory + */ + public void setParserFactory(FTPFileEntryParserFactory parserFactory) { + entryParserFactory = parserFactory; + } + + /** + * Closes the connection to the FTP server and restores + * connection parameters to the default values. + * + * @throws IOException If an error occurs while disconnecting. + */ + @Override + public void disconnect() throws IOException { + super.disconnect(); + initDefaults(); + } + + /** + * Return whether or not verification of the remote host participating + * in data connections is enabled. The default behavior is for + * verification to be enabled. + * + * @return True if verification is enabled, false if not. + */ + public boolean isRemoteVerificationEnabled() { + return remoteVerificationEnabled; + } + + /** + * Enable or disable verification that the remote host taking part + * of a data connection is the same as the host to which the control + * connection is attached. The default is for verification to be + * enabled. You may set this value at any time, whether the + * FTPClient is currently connected or not. + * + * @param enable True to enable verification, false to disable verification. + */ + public void setRemoteVerificationEnabled(boolean enable) { + remoteVerificationEnabled = enable; + } + + /** + * Login to the FTP server using the provided username and password. + * + * @param username The username to login under. + * @param password The password to use. + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean login(String username, String password) throws IOException { + + user(username); + + if (FTPReply.isPositiveCompletion(replyCode)) { + return true; + } + + // If we get here, we either have an error code, or an intermmediate + // reply requesting password. + if (!FTPReply.isPositiveIntermediate(replyCode)) { + return false; + } + + return FTPReply.isPositiveCompletion(pass(password)); + } + + /** + * Login to the FTP server using the provided username, password, + * and account. If no account is required by the server, only + * the username and password, the account information is not used. + * + * @param username The username to login under. + * @param password The password to use. + * @param account The account to use. + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean login(String username, String password, String account) + throws IOException { + user(username); + + if (FTPReply.isPositiveCompletion(replyCode)) { + return true; + } + + // If we get here, we either have an error code, or an intermmediate + // reply requesting password. + if (!FTPReply.isPositiveIntermediate(replyCode)) { + return false; + } + + pass(password); + + if (FTPReply.isPositiveCompletion(replyCode)) { + return true; + } + + if (!FTPReply.isPositiveIntermediate(replyCode)) { + return false; + } + + return FTPReply.isPositiveCompletion(acct(account)); + } + + /** + * Logout of the FTP server by sending the QUIT command. + * + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean logout() throws IOException { + return FTPReply.isPositiveCompletion(quit()); + } + + /** + * Change the current working directory of the FTP session. + * + * @param pathname The new current working directory. + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean changeWorkingDirectory(String pathname) throws IOException { + return FTPReply.isPositiveCompletion(cwd(pathname)); + } + + /** + * Change to the parent directory of the current working directory. + * + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean changeToParentDirectory() throws IOException { + return FTPReply.isPositiveCompletion(cdup()); + } + + /** + * Issue the FTP SMNT command. + * + * @param pathname The pathname to mount. + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean structureMount(String pathname) throws IOException { + return FTPReply.isPositiveCompletion(smnt(pathname)); + } + + /** + * Reinitialize the FTP session. Not all FTP servers support this + * command, which issues the FTP REIN command. + * + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean reinitialize() throws IOException { + rein(); + + if (FTPReply.isPositiveCompletion(replyCode) || + (FTPReply.isPositivePreliminary(replyCode) && + FTPReply.isPositiveCompletion(getReply()))) { + + initDefaults(); + + return true; + } + + return false; + } + + /** + * Set the current data connection mode to + * ACTIVE_LOCAL_DATA_CONNECTION_MODE. No communication + * with the FTP server is conducted, but this causes all future data + * transfers to require the FTP server to connect to the client's + * data port. Additionally, to accommodate differences between socket + * implementations on different platforms, this method causes the + * client to issue a PORT command before every data transfer. + */ + public void enterLocalActiveMode() { + dataConnectionMode = ACTIVE_LOCAL_DATA_CONNECTION_MODE; + passiveHost = null; + passivePort = -1; + } + + /** + * Set the current data connection mode to + * PASSIVE_LOCAL_DATA_CONNECTION_MODE . Use this + * method only for data transfers between the client and server. + * This method causes a PASV (or EPSV) command to be issued to the server + * before the opening of every data connection, telling the server to + * open a data port to which the client will connect to conduct + * data transfers. The FTPClient will stay in + * PASSIVE_LOCAL_DATA_CONNECTION_MODE until the + * mode is changed by calling some other method such as + * {@link #enterLocalActiveMode enterLocalActiveMode() } + *

    + * N.B. currently calling any connect method will reset the mode to + * ACTIVE_LOCAL_DATA_CONNECTION_MODE. + */ + public void enterLocalPassiveMode() { + dataConnectionMode = PASSIVE_LOCAL_DATA_CONNECTION_MODE; + // These will be set when just before a data connection is opened + // in _openDataConnection_() + passiveHost = null; + passivePort = -1; + } + + /** + * Set the current data connection mode to + * ACTIVE_REMOTE_DATA_CONNECTION . Use this method only + * for server to server data transfers. This method issues a PORT + * command to the server, indicating the other server and port to which + * it should connect for data transfers. You must call this method + * before EVERY server to server transfer attempt. The FTPClient will + * NOT automatically continue to issue PORT commands. You also + * must remember to call + * {@link #enterLocalActiveMode enterLocalActiveMode() } if you + * wish to return to the normal data connection mode. + * + * @param host The passive mode server accepting connections for data + * transfers. + * @param port The passive mode server's data port. + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean enterRemoteActiveMode(InetAddress host, int port) + throws IOException { + if (FTPReply.isPositiveCompletion(port(host, port))) { + dataConnectionMode = ACTIVE_REMOTE_DATA_CONNECTION_MODE; + passiveHost = null; + passivePort = -1; + return true; + } + return false; + } + + /** + * Set the current data connection mode to + * PASSIVE_REMOTE_DATA_CONNECTION_MODE . Use this + * method only for server to server data transfers. + * This method issues a PASV command to the server, telling it to + * open a data port to which the active server will connect to conduct + * data transfers. You must call this method + * before EVERY server to server transfer attempt. The FTPClient will + * NOT automatically continue to issue PASV commands. You also + * must remember to call + * {@link #enterLocalActiveMode enterLocalActiveMode() } if you + * wish to return to the normal data connection mode. + * + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean enterRemotePassiveMode() throws IOException { + if (pasv() != FTPReply.ENTERING_PASSIVE_MODE) { + return false; + } + + dataConnectionMode = PASSIVE_REMOTE_DATA_CONNECTION_MODE; + _parsePassiveModeReply(replyLines.get(0)); + + return true; + } + + /** + * Returns the hostname or IP address (in the form of a string) returned + * by the server when entering passive mode. If not in passive mode, + * returns null. This method only returns a valid value AFTER a + * data connection has been opened after a call to + * {@link #enterLocalPassiveMode enterLocalPassiveMode()}. + * This is because FTPClient sends a PASV command to the server only + * just before opening a data connection, and not when you call + * {@link #enterLocalPassiveMode enterLocalPassiveMode()}. + * + * @return The passive host name if in passive mode, otherwise null. + */ + public String getPassiveHost() { + return passiveHost; + } + + /** + * If in passive mode, returns the data port of the passive host. + * This method only returns a valid value AFTER a + * data connection has been opened after a call to + * {@link #enterLocalPassiveMode enterLocalPassiveMode()}. + * This is because FTPClient sends a PASV command to the server only + * just before opening a data connection, and not when you call + * {@link #enterLocalPassiveMode enterLocalPassiveMode()}. + * + * @return The data port of the passive server. If not in passive + * mode, undefined. + */ + public int getPassivePort() { + return passivePort; + } + + /** + * Returns the current data connection mode (one of the + * _DATA_CONNECTION_MODE constants. + * + * @return The current data connection mode (one of the + * _DATA_CONNECTION_MODE constants. + */ + public int getDataConnectionMode() { + return dataConnectionMode; + } + + /** + * Get the client port for active mode. + * + * @return The client port for active mode. + */ + private int getActivePort() { + if (activeMinPort > 0 && activeMaxPort >= activeMinPort) { + if (activeMaxPort == activeMinPort) { + return activeMaxPort; + } + // Get a random port between the min and max port range + return random.nextInt(activeMaxPort - activeMinPort + 1) + activeMinPort; + } else { + // default port + return 0; + } + } + + /** + * Get the host address for active mode; allows the local address to be overridden. + * + * @return __activeExternalHost if non-null, else getLocalAddress() + * @see #setActiveExternalIPAddress(String) + */ + private InetAddress getHostAddress() { + if (activeExternalHost != null) { + return activeExternalHost; + } else { + // default local address + return getLocalAddress(); + } + } + + /** + * Get the reported host address for active mode EPRT/PORT commands; + * allows override of {@link #getHostAddress()}. + *

    + * Useful for FTP Client behind Firewall NAT. + * + * @return __reportActiveExternalHost if non-null, else getHostAddress(); + */ + private InetAddress getReportHostAddress() { + if (reportActiveExternalHost != null) { + return reportActiveExternalHost; + } else { + return getHostAddress(); + } + } + + /** + * Set the client side port range in active mode. + * + * @param minPort The lowest available port (inclusive). + * @param maxPort The highest available port (inclusive). + */ + public void setActivePortRange(int minPort, int maxPort) { + this.activeMinPort = minPort; + this.activeMaxPort = maxPort; + } + + /** + * Set the external IP address in active mode. + * Useful when there are multiple network cards. + * + * @param ipAddress The external IP address of this machine. + * @throws UnknownHostException if the ipAddress cannot be resolved + */ + public void setActiveExternalIPAddress(String ipAddress) throws UnknownHostException { + this.activeExternalHost = InetAddress.getByName(ipAddress); + } + + /** + * Set the local IP address to use in passive mode. + * Useful when there are multiple network cards. + * + * @param ipAddress The local IP address of this machine. + * @throws UnknownHostException if the ipAddress cannot be resolved + */ + public void setPassiveLocalIPAddress(String ipAddress) throws UnknownHostException { + this.passiveLocalHost = InetAddress.getByName(ipAddress); + } + + /** + * Set the local IP address in passive mode. + * Useful when there are multiple network cards. + * + * @return The local IP address in passive mode. + */ + public InetAddress getPassiveLocalIPAddress() { + return this.passiveLocalHost; + } + + /** + * Set the local IP address to use in passive mode. + * Useful when there are multiple network cards. + * + * @param inetAddress The local IP address of this machine. + */ + public void setPassiveLocalIPAddress(InetAddress inetAddress) { + this.passiveLocalHost = inetAddress; + } + + /** + * Set the external IP address to report in EPRT/PORT commands in active mode. + * Useful when there are multiple network cards. + * + * @param ipAddress The external IP address of this machine. + * @throws UnknownHostException if the ipAddress cannot be resolved + * @see #getReportHostAddress() + */ + public void setReportActiveExternalIPAddress(String ipAddress) throws UnknownHostException { + this.reportActiveExternalHost = InetAddress.getByName(ipAddress); + } + + /** + * Sets the file type to be transferred. This should be one of + * FTP.ASCII_FILE_TYPE , FTP.BINARY_FILE_TYPE, + * etc. The file type only needs to be set when you want to change the + * type. After changing it, the new type stays in effect until you change + * it again. The default file type is FTP.ASCII_FILE_TYPE + * if this method is never called. + *
    + * The server default is supposed to be ASCII (see RFC 959), however many + * ftp servers default to BINARY. To ensure correct operation with all servers, + * always specify the appropriate file type after connecting to the server. + *
    + *

    + * N.B. currently calling any connect method will reset the type to + * FTP.ASCII_FILE_TYPE. + * + * @param fileType The _FILE_TYPE constant indicating the + * type of file. + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean setFileType(int fileType) throws IOException { + if (FTPReply.isPositiveCompletion(type(fileType))) { + this.fileType = fileType; + return true; + } + return false; + } + + /** + * Sets the file type to be transferred and the format. The type should be + * one of FTP.ASCII_FILE_TYPE , + * FTP.BINARY_FILE_TYPE , etc. The file type only needs to + * be set when you want to change the type. After changing it, the new + * type stays in effect until you change it again. The default file type + * is FTP.ASCII_FILE_TYPE if this method is never called. + *
    + * The server default is supposed to be ASCII (see RFC 959), however many + * ftp servers default to BINARY. To ensure correct operation with all servers, + * always specify the appropriate file type after connecting to the server. + *
    + * The format should be one of the FTP class TEXT_FORMAT + * constants, or if the type is FTP.LOCAL_FILE_TYPE , the + * format should be the byte size for that type. The default format + * is FTP.NON_PRINT_TEXT_FORMAT if this method is never + * called. + *

    + * N.B. currently calling any connect method will reset the type to + * FTP.ASCII_FILE_TYPE and the formatOrByteSize to FTP.NON_PRINT_TEXT_FORMAT. + * + * @param fileType The _FILE_TYPE constant indicating the + * type of file. + * @param formatOrByteSize The format of the file (one of the + * _FORMAT constants. In the case of + * LOCAL_FILE_TYPE, the byte size. + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean setFileType(int fileType, int formatOrByteSize) + throws IOException { + if (FTPReply.isPositiveCompletion(type(fileType, formatOrByteSize))) { + this.fileType = fileType; + return true; + } + return false; + } + + /** + * Sets the file structure. The default structure is + * FTP.FILE_STRUCTURE if this method is never called + * or if a connect method is called. + * + * @param structure The structure of the file (one of the FTP class + * _STRUCTURE constants). + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean setFileStructure(int structure) throws IOException { + if (FTPReply.isPositiveCompletion(stru(structure))) { + return true; + } + return false; + } + + /** + * Sets the transfer mode. The default transfer mode + * FTP.STREAM_TRANSFER_MODE if this method is never called + * or if a connect method is called. + * + * @param mode The new transfer mode to use (one of the FTP class + * _TRANSFER_MODE constants). + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean setFileTransferMode(int mode) throws IOException { + if (FTPReply.isPositiveCompletion(mode(mode))) { + return true; + } + return false; + } + + /** + * Initiate a server to server file transfer. This method tells the + * server to which the client is connected to retrieve a given file from + * the other server. + * + * @param filename The name of the file to retrieve. + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean remoteRetrieve(String filename) throws IOException { + if (dataConnectionMode == ACTIVE_REMOTE_DATA_CONNECTION_MODE || + dataConnectionMode == PASSIVE_REMOTE_DATA_CONNECTION_MODE) { + return FTPReply.isPositivePreliminary(retr(filename)); + } + return false; + } + + /** + * Initiate a server to server file transfer. This method tells the + * server to which the client is connected to store a file on + * the other server using the given filename. The other server must + * have had a remoteRetrieve issued to it by another + * FTPClient. + * + * @param filename The name to call the file that is to be stored. + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean remoteStore(String filename) throws IOException { + if (dataConnectionMode == ACTIVE_REMOTE_DATA_CONNECTION_MODE || + dataConnectionMode == PASSIVE_REMOTE_DATA_CONNECTION_MODE) { + return FTPReply.isPositivePreliminary(stor(filename)); + } + return false; + } + + /** + * Initiate a server to server file transfer. This method tells the + * server to which the client is connected to store a file on + * the other server using a unique filename based on the given filename. + * The other server must have had a remoteRetrieve issued + * to it by another FTPClient. + * + * @param filename The name on which to base the filename of the file + * that is to be stored. + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean remoteStoreUnique(String filename) throws IOException { + if (dataConnectionMode == ACTIVE_REMOTE_DATA_CONNECTION_MODE || + dataConnectionMode == PASSIVE_REMOTE_DATA_CONNECTION_MODE) { + return FTPReply.isPositivePreliminary(stou(filename)); + } + return false; + } + + /** + * Initiate a server to server file transfer. This method tells the + * server to which the client is connected to store a file on + * the other server using a unique filename. + * The other server must have had a remoteRetrieve issued + * to it by another FTPClient. Many FTP servers require that a base + * filename be given from which the unique filename can be derived. For + * those servers use the other version of remoteStoreUnique + * + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean remoteStoreUnique() throws IOException { + if (dataConnectionMode == ACTIVE_REMOTE_DATA_CONNECTION_MODE || + dataConnectionMode == PASSIVE_REMOTE_DATA_CONNECTION_MODE) { + return FTPReply.isPositivePreliminary(stou()); + } + return false; + } + + /** + * Initiate a server to server file transfer. This method tells the + * server to which the client is connected to append to a given file on + * the other server. The other server must have had a + * remoteRetrieve issued to it by another FTPClient. + * + * @param filename The name of the file to be appended to, or if the + * file does not exist, the name to call the file being stored. + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean remoteAppend(String filename) throws IOException { + if (dataConnectionMode == ACTIVE_REMOTE_DATA_CONNECTION_MODE || + dataConnectionMode == PASSIVE_REMOTE_DATA_CONNECTION_MODE) { + return FTPReply.isPositivePreliminary(appe(filename)); + } + return false; + } + + // For server to server transfers + + /** + * There are a few FTPClient methods that do not complete the + * entire sequence of FTP commands to complete a transaction. These + * commands require some action by the programmer after the reception + * of a positive intermediate command. After the programmer's code + * completes its actions, it must call this method to receive + * the completion reply from the server and verify the success of the + * entire transaction. + *

    + * For example, + * 

    +     * InputStream input;
+     * OutputStream output;
+     * input  = new FileInputStream("foobaz.txt");
+     * output = ftp.storeFileStream("foobar.txt")
+     * if(!FTPReply.isPositiveIntermediate(ftp.getReplyCode())) {
+     *     input.close();
+     *     output.close();
+     *     ftp.logout();
+     *     ftp.disconnect();
+     *     System.err.println("File transfer failed.");
+     *     System.exit(1);
+     * }
+     * Util.copyStream(input, output);
+     * input.close();
+     * output.close();
+     * // Must call completePendingCommand() to finish command.
+     * if(!ftp.completePendingCommand()) {
+     *     ftp.logout();
+     *     ftp.disconnect();
+     *     System.err.println("File transfer failed.");
+     *     System.exit(1);
+     * }
+     *
    + * + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean completePendingCommand() throws IOException { + return FTPReply.isPositiveCompletion(getReply()); + } + + /** + * Retrieves a named file from the server and writes it to the given + * OutputStream. This method does NOT close the given OutputStream. + * If the current file type is ASCII, line separators in the file are + * converted to the local representation. + *

    + * Note: if you have used {@link #setRestartOffset(long)}, + * the file data will start from the selected offset. + * + * @param remote The name of the remote file. + * @param local The local OutputStream to which to write the file. + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws CopyStreamException If an I/O error occurs while actually + * transferring the file. The CopyStreamException allows you to + * determine the number of bytes transferred and the IOException + * causing the error. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean retrieveFile(String remote, OutputStream local) + throws IOException { + return _retrieveFile(FTPCmd.RETR.getCommand(), remote, local); + } + + /** + * @param command the command to get + * @param remote the remote file name + * @param local The local OutputStream to which to write the file. + * @return true if successful + * @throws IOException on error + */ + protected boolean _retrieveFile(String command, String remote, OutputStream local) + throws IOException { + Socket socket = _openDataConnection_(command, remote); + + if (socket == null) { + return false; + } + + final InputStream input; + if (fileType == ASCII_FILE_TYPE) { + input = new FromNetASCIIInputStream(getBufferedInputStream(socket.getInputStream())); + } else { + input = getBufferedInputStream(socket.getInputStream()); + } + + CSL csl = null; + if (controlKeepAliveTimeout > 0) { + csl = new CSL(this, controlKeepAliveTimeout, controlKeepAliveReplyTimeout); + } + + // Treat everything else as binary for now + try { + Util.copyStream(input, local, getBufferSize(), + CopyStreamEvent.UNKNOWN_STREAM_SIZE, __mergeListeners(csl), + false); + + // Get the transfer response + return completePendingCommand(); + } finally { + Util.closeQuietly(input); + Util.closeQuietly(socket); + if (csl != null) { + csl.cleanUp(); // fetch any outstanding keepalive replies + } + } + } + + /** + * Returns an InputStream from which a named file from the server + * can be read. If the current file type is ASCII, the returned + * InputStream will convert line separators in the file to + * the local representation. You must close the InputStream when you + * finish reading from it. The InputStream itself will take care of + * closing the parent data connection socket upon being closed. + * To finalize the file transfer you must call + * {@link #completePendingCommand completePendingCommand } and + * check its return value to verify success. + * If this is not done, subsequent commands may behave unexpectedly. + * Note: if you have used {@link #setRestartOffset(long)}, + * the file data will start from the selected offset. + * + * @param remote The name of the remote file. + * @return An InputStream from which the remote file can be read. If + * the data connection cannot be opened (e.g., the file does not + * exist), null is returned (in which case you may check the reply + * code to determine the exact reason for failure). + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public InputStream retrieveFileStream(String remote) throws IOException { + return _retrieveFileStream(FTPCmd.RETR.getCommand(), remote); + } + + /** + * @param command the command to send + * @param remote the remote file name + * @return the stream from which to read the file + * @throws IOException on error + */ + protected InputStream _retrieveFileStream(String command, String remote) + throws IOException { + Socket socket = _openDataConnection_(command, remote); + + if (socket == null) { + return null; + } + + final InputStream input; + if (fileType == ASCII_FILE_TYPE) { + // We buffer ascii transfers because the buffering has to + // be interposed between FromNetASCIIOutputSream and the underlying + // socket input stream. We don't buffer binary transfers + // because we don't want to impose a buffering policy on the + // programmer if possible. Programmers can decide on their + // own if they want to wrap the SocketInputStream we return + // for file types other than ASCII. + input = new FromNetASCIIInputStream(getBufferedInputStream(socket.getInputStream())); + } else { + input = socket.getInputStream(); + } + return new SocketInputStream(socket, input); + } + + /** + * Stores a file on the server using the given name and taking input + * from the given InputStream. This method does NOT close the given + * InputStream. If the current file type is ASCII, line separators in + * the file are transparently converted to the NETASCII format (i.e., + * you should not attempt to create a special InputStream to do this). + * + * @param remote The name to give the remote file. + * @param local The local InputStream from which to read the file. + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws CopyStreamException If an I/O error occurs while actually + * transferring the file. The CopyStreamException allows you to + * determine the number of bytes transferred and the IOException + * causing the error. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean storeFile(String remote, InputStream local) + throws IOException { + return __storeFile(FTPCmd.STOR, remote, local); + } + + /** + * Returns an OutputStream through which data can be written to store + * a file on the server using the given name. If the current file type + * is ASCII, the returned OutputStream will convert line separators in + * the file to the NETASCII format (i.e., you should not attempt to + * create a special OutputStream to do this). You must close the + * OutputStream when you finish writing to it. The OutputStream itself + * will take care of closing the parent data connection socket upon being + * closed. + *

    + * To finalize the file transfer you must call + * {@link #completePendingCommand completePendingCommand } and + * check its return value to verify success. + * If this is not done, subsequent commands may behave unexpectedly. + * + * @param remote The name to give the remote file. + * @return An OutputStream through which the remote file can be written. If + * the data connection cannot be opened (e.g., the file does not + * exist), null is returned (in which case you may check the reply + * code to determine the exact reason for failure). + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public OutputStream storeFileStream(String remote) throws IOException { + return __storeFileStream(FTPCmd.STOR, remote); + } + + /** + * Appends to a file on the server with the given name, taking input + * from the given InputStream. This method does NOT close the given + * InputStream. If the current file type is ASCII, line separators in + * the file are transparently converted to the NETASCII format (i.e., + * you should not attempt to create a special InputStream to do this). + * + * @param remote The name of the remote file. + * @param local The local InputStream from which to read the data to + * be appended to the remote file. + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws CopyStreamException If an I/O error occurs while actually + * transferring the file. The CopyStreamException allows you to + * determine the number of bytes transferred and the IOException + * causing the error. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean appendFile(String remote, InputStream local) + throws IOException { + return __storeFile(FTPCmd.APPE, remote, local); + } + + /** + * Returns an OutputStream through which data can be written to append + * to a file on the server with the given name. If the current file type + * is ASCII, the returned OutputStream will convert line separators in + * the file to the NETASCII format (i.e., you should not attempt to + * create a special OutputStream to do this). You must close the + * OutputStream when you finish writing to it. The OutputStream itself + * will take care of closing the parent data connection socket upon being + * closed. + *

    + * To finalize the file transfer you must call + * {@link #completePendingCommand completePendingCommand } and + * check its return value to verify success. + * If this is not done, subsequent commands may behave unexpectedly. + * + * @param remote The name of the remote file. + * @return An OutputStream through which the remote file can be appended. + * If the data connection cannot be opened (e.g., the file does not + * exist), null is returned (in which case you may check the reply + * code to determine the exact reason for failure). + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public OutputStream appendFileStream(String remote) throws IOException { + return __storeFileStream(FTPCmd.APPE, remote); + } + + /** + * Stores a file on the server using a unique name derived from the + * given name and taking input + * from the given InputStream. This method does NOT close the given + * InputStream. If the current file type is ASCII, line separators in + * the file are transparently converted to the NETASCII format (i.e., + * you should not attempt to create a special InputStream to do this). + * + * @param remote The name on which to base the unique name given to + * the remote file. + * @param local The local InputStream from which to read the file. + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws CopyStreamException If an I/O error occurs while actually + * transferring the file. The CopyStreamException allows you to + * determine the number of bytes transferred and the IOException + * causing the error. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean storeUniqueFile(String remote, InputStream local) + throws IOException { + return __storeFile(FTPCmd.STOU, remote, local); + } + + /** + * Returns an OutputStream through which data can be written to store + * a file on the server using a unique name derived from the given name. + * If the current file type + * is ASCII, the returned OutputStream will convert line separators in + * the file to the NETASCII format (i.e., you should not attempt to + * create a special OutputStream to do this). You must close the + * OutputStream when you finish writing to it. The OutputStream itself + * will take care of closing the parent data connection socket upon being + * closed. + *

    + * To finalize the file transfer you must call + * {@link #completePendingCommand completePendingCommand } and + * check its return value to verify success. + * If this is not done, subsequent commands may behave unexpectedly. + * + * @param remote The name on which to base the unique name given to + * the remote file. + * @return An OutputStream through which the remote file can be written. If + * the data connection cannot be opened (e.g., the file does not + * exist), null is returned (in which case you may check the reply + * code to determine the exact reason for failure). + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public OutputStream storeUniqueFileStream(String remote) throws IOException { + return __storeFileStream(FTPCmd.STOU, remote); + } + + /** + * Stores a file on the server using a unique name assigned by the + * server and taking input from the given InputStream. This method does + * NOT close the given + * InputStream. If the current file type is ASCII, line separators in + * the file are transparently converted to the NETASCII format (i.e., + * you should not attempt to create a special InputStream to do this). + * + * @param local The local InputStream from which to read the file. + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws CopyStreamException If an I/O error occurs while actually + * transferring the file. The CopyStreamException allows you to + * determine the number of bytes transferred and the IOException + * causing the error. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean storeUniqueFile(InputStream local) throws IOException { + return __storeFile(FTPCmd.STOU, null, local); + } + + /** + * Returns an OutputStream through which data can be written to store + * a file on the server using a unique name assigned by the server. + * If the current file type + * is ASCII, the returned OutputStream will convert line separators in + * the file to the NETASCII format (i.e., you should not attempt to + * create a special OutputStream to do this). You must close the + * OutputStream when you finish writing to it. The OutputStream itself + * will take care of closing the parent data connection socket upon being + * closed. + *

    + * To finalize the file transfer you must call + * {@link #completePendingCommand completePendingCommand } and + * check its return value to verify success. + * If this is not done, subsequent commands may behave unexpectedly. + * + * @return An OutputStream through which the remote file can be written. If + * the data connection cannot be opened (e.g., the file does not + * exist), null is returned (in which case you may check the reply + * code to determine the exact reason for failure). + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public OutputStream storeUniqueFileStream() throws IOException { + return __storeFileStream(FTPCmd.STOU, null); + } + + /** + * Reserve a number of bytes on the server for the next file transfer. + * + * @param bytes The number of bytes which the server should allocate. + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean allocate(int bytes) throws IOException { + return FTPReply.isPositiveCompletion(allo(bytes)); + } + + /** + * Query the server for supported features. The server may reply with a list of server-supported exensions. + * For example, a typical client-server interaction might be (from RFC 2389): + * 

    +     * C> feat
+     * S> 211-Extensions supported:
+     * S>  MLST size*;create;modify*;perm;media-type
+     * S>  SIZE
+     * S>  COMPRESSION
+     * S>  MDTM
+     * S> 211 END
+     *
    + * + * @return True if successfully completed, false if not. + * @throws IOException on error + * @see http://www.faqs.org/rfcs/rfc2389.html + */ + public boolean features() throws IOException { + return FTPReply.isPositiveCompletion(feat()); + } + + /** + * Query the server for a supported feature, and returns its values (if any). + * Caches the parsed response to avoid resending the command repeatedly. + * + * @param feature the feature to check + * @return if the feature is present, returns the feature values (empty array if none) + * Returns {@code null} if the feature is not found or the command failed. + * Check {@link #getReplyCode()} or {@link #getReplyString()} if so. + * @throws IOException on error + */ + public String[] featureValues(String feature) throws IOException { + if (!initFeatureMap()) { + return null; + } + Set entries = __featuresMap.get(feature.toUpperCase(Locale.ENGLISH)); + if (entries != null) { + return entries.toArray(new String[entries.size()]); + } + return null; + } + + /** + * Query the server for a supported feature, and returns the its value (if any). + * Caches the parsed response to avoid resending the command repeatedly. + * + * @param feature the feature to check + * @return if the feature is present, returns the feature value or the empty string + * if the feature exists but has no value. + * Returns {@code null} if the feature is not found or the command failed. + * Check {@link #getReplyCode()} or {@link #getReplyString()} if so. + * @throws IOException on error + */ + public String featureValue(String feature) throws IOException { + String[] values = featureValues(feature); + if (values != null) { + return values[0]; + } + return null; + } + + /** + * Query the server for a supported feature. + * Caches the parsed response to avoid resending the command repeatedly. + * + * @param feature the name of the feature; it is converted to upper case. + * @return {@code true} if the feature is present, {@code false} if the feature is not present + * or the {@link #feat()} command failed. Check {@link #getReplyCode()} or {@link #getReplyString()} + * if it is necessary to distinguish these cases. + * @throws IOException on error + */ + public boolean hasFeature(String feature) throws IOException { + if (!initFeatureMap()) { + return false; + } + return __featuresMap.containsKey(feature.toUpperCase(Locale.ENGLISH)); + } + + /** + * Query the server for a supported feature with particular value, + * for example "AUTH SSL" or "AUTH TLS". + * Caches the parsed response to avoid resending the command repeatedly. + * + * @param feature the name of the feature; it is converted to upper case. + * @param value the value to find. + * @return {@code true} if the feature is present, {@code false} if the feature is not present + * or the {@link #feat()} command failed. Check {@link #getReplyCode()} or {@link #getReplyString()} + * if it is necessary to distinguish these cases. + * @throws IOException on error + */ + public boolean hasFeature(String feature, String value) throws IOException { + if (!initFeatureMap()) { + return false; + } + Set entries = __featuresMap.get(feature.toUpperCase(Locale.ENGLISH)); + if (entries != null) { + return entries.contains(value); + } + return false; + } + + /* + * Create the feature map if not already created. + */ + private boolean initFeatureMap() throws IOException { + if (__featuresMap == null) { + // Don't create map here, because next line may throw exception + final int replyCode = feat(); + if (replyCode == FTPReply.NOT_LOGGED_IN) { // 503 + return false; // NET-518; don't create empy map + } + boolean success = FTPReply.isPositiveCompletion(replyCode); + // we init the map here, so we don't keep trying if we know the command will fail + __featuresMap = new HashMap>(); + if (!success) { + return false; + } + for (String l : getReplyStrings()) { + if (l.startsWith(" ")) { // it's a FEAT entry + String key; + String value = ""; + int varsep = l.indexOf(' ', 1); + if (varsep > 0) { + key = l.substring(1, varsep); + value = l.substring(varsep + 1); + } else { + key = l.substring(1); + } + key = key.toUpperCase(Locale.ENGLISH); + Set entries = __featuresMap.get(key); + if (entries == null) { + entries = new HashSet(); + __featuresMap.put(key, entries); + } + entries.add(value); + } + } + } + return true; + } + + /** + * Reserve space on the server for the next file transfer. + * + * @param bytes The number of bytes which the server should allocate. + * @param recordSize The size of a file record. + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean allocate(int bytes, int recordSize) throws IOException { + return FTPReply.isPositiveCompletion(allo(bytes, recordSize)); + } + + /** + * Issue a command and wait for the reply. + *

    + * Should only be used with commands that return replies on the + * command channel - do not use for LIST, NLST, MLSD etc. + * + * @param command The command to invoke + * @param params The parameters string, may be {@code null} + * @return True if successfully completed, false if not, in which case + * call {@link #getReplyCode()} or {@link #getReplyString()} + * to get the reason. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean doCommand(String command, String params) throws IOException { + return FTPReply.isPositiveCompletion(sendCommand(command, params)); + } + + /** + * Issue a command and wait for the reply, returning it as an array of strings. + *

    + * Should only be used with commands that return replies on the + * command channel - do not use for LIST, NLST, MLSD etc. + * + * @param command The command to invoke + * @param params The parameters string, may be {@code null} + * @return The array of replies, or {@code null} if the command failed, in which case + * call {@link #getReplyCode()} or {@link #getReplyString()} + * to get the reason. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public String[] doCommandAsStrings(String command, String params) throws IOException { + boolean success = FTPReply.isPositiveCompletion(sendCommand(command, params)); + if (success) { + return getReplyStrings(); + } else { + return null; + } + } + + /** + * Get file details using the MLST command + * + * @param pathname the file or directory to list, may be {@code null} + * @return the file details, may be {@code null} + * @throws IOException on error + */ + public FTPFile mlistFile(String pathname) throws IOException { + boolean success = FTPReply.isPositiveCompletion(sendCommand(FTPCmd.MLST, pathname)); + if (success) { + String reply = getReplyStrings()[1]; + /* check the response makes sense. + * Must have space before fact(s) and between fact(s) and filename + * Fact(s) can be absent, so at least 3 chars are needed. + */ + if (reply.length() < 3 || reply.charAt(0) != ' ') { + throw new MalformedServerReplyException("Invalid server reply (MLST): '" + reply + "'"); + } + String entry = reply.substring(1); // skip leading space for parser + return MLSxEntryParser.parseEntry(entry); + } else { + return null; + } + } + + /** + * Generate a directory listing for the current directory using the MLSD command. + * + * @return the array of file entries + * @throws IOException on error + */ + public FTPFile[] mlistDir() throws IOException { + return mlistDir(null); + } + + /** + * Generate a directory listing using the MLSD command. + * + * @param pathname the directory name, may be {@code null} + * @return the array of file entries + * @throws IOException on error + */ + public FTPFile[] mlistDir(String pathname) throws IOException { + FTPListParseEngine engine = initiateMListParsing(pathname); + return engine.getFiles(); + } + + /** + * Generate a directory listing using the MLSD command. + * + * @param pathname the directory name, may be {@code null} + * @param filter the filter to apply to the responses + * @return the array of file entries + * @throws IOException on error + */ + public FTPFile[] mlistDir(String pathname, FTPFileFilter filter) throws IOException { + FTPListParseEngine engine = initiateMListParsing(pathname); + return engine.getFiles(filter); + } + + /** + * Restart a STREAM_TRANSFER_MODE file transfer starting + * from the given offset. This will only work on FTP servers supporting + * the REST comand for the stream transfer mode. However, most FTP + * servers support this. Any subsequent file transfer will start + * reading or writing the remote file from the indicated offset. + * + * @param offset The offset into the remote file at which to start the + * next file transfer. + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + protected boolean restart(long offset) throws IOException { + restartOffset = 0; + return FTPReply.isPositiveIntermediate(rest(Long.toString(offset))); + } + + /** + * Fetches the restart offset. + * + * @return offset The offset into the remote file at which to start the + * next file transfer. + */ + public long getRestartOffset() { + return restartOffset; + } + + /** + * Sets the restart offset for file transfers. + * The restart command is not sent to the server immediately. + * It is sent when a data connection is created as part of a + * subsequent command. + * The restart marker is reset to zero after use. + * Note: This method should only be invoked immediately prior to + * the transfer to which it applies. + * + * @param offset The offset into the remote file at which to start the + * next file transfer. This must be a value greater than or + * equal to zero. + */ + public void setRestartOffset(long offset) { + if (offset >= 0) { + restartOffset = offset; + } + } + + /** + * Renames a remote file. + * + * @param from The name of the remote file to rename. + * @param to The new name of the remote file. + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean rename(String from, String to) throws IOException { + if (!FTPReply.isPositiveIntermediate(rnfr(from))) { + return false; + } + + return FTPReply.isPositiveCompletion(rnto(to)); + } + + /** + * Abort a transfer in progress. + * + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean abort() throws IOException { + return FTPReply.isPositiveCompletion(abor()); + } + + /** + * Deletes a file on the FTP server. + * + * @param pathname The pathname of the file to be deleted. + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean deleteFile(String pathname) throws IOException { + return FTPReply.isPositiveCompletion(dele(pathname)); + } + + /** + * Removes a directory on the FTP server (if empty). + * + * @param pathname The pathname of the directory to remove. + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean removeDirectory(String pathname) throws IOException { + return FTPReply.isPositiveCompletion(rmd(pathname)); + } + + /** + * Creates new subdirectories on the FTP server in the current directory + * (if a relative pathname is given) or where specified (if an absolute + * pathname is given). + * + * @param path The pathname of the directory to create. + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean makeDirectory(String path) throws IOException { + return FTPReply.isPositiveCompletion(mkd(path)); + } + + /** + * Returns the pathname of the current working directory. + * + * @return The pathname of the current working directory. If it cannot + * be obtained, returns null. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public String printWorkingDirectory() throws IOException { + if (pwd() != FTPReply.PATHNAME_CREATED) { + return null; + } + + return __parsePathname(replyLines.get(replyLines.size() - 1)); + } + + /** + * Send a site specific command. + * + * @param arguments The site specific command and arguments. + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean sendSiteCommand(String arguments) throws IOException { + return FTPReply.isPositiveCompletion(site(arguments)); + } + + /** + * Fetches the system type from the server and returns the string. + * This value is cached for the duration of the connection after the + * first call to this method. In other words, only the first time + * that you invoke this method will it issue a SYST command to the + * FTP server. FTPClient will remember the value and return the + * cached value until a call to disconnect. + *

    + * If the SYST command fails, and the system property + * {@link #FTP_SYSTEM_TYPE_DEFAULT} is defined, then this is used instead. + * + * @return The system type obtained from the server. Never null. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server (and the default + * system type property is not defined) + */ + public String getSystemType() throws IOException { + //if (syst() == FTPReply.NAME_SYSTEM_TYPE) + // Technically, we should expect a NAME_SYSTEM_TYPE response, but + // in practice FTP servers deviate, so we soften the condition to + // a positive completion. + if (systemName == null) { + if (FTPReply.isPositiveCompletion(syst())) { + // Assume that response is not empty here (cannot be null) + systemName = replyLines.get(replyLines.size() - 1).substring(4); + } else { + // Check if the user has provided a default for when the SYST command fails + String systDefault = System.getProperty(FTP_SYSTEM_TYPE_DEFAULT); + if (systDefault != null) { + systemName = systDefault; + } else { + throw new IOException("Unable to determine system type - response: " + getReplyString()); + } + } + } + return systemName; + } + + /** + * Fetches the system help information from the server and returns the + * full string. + * + * @return The system help string obtained from the server. null if the + * information could not be obtained. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public String listHelp() throws IOException { + if (FTPReply.isPositiveCompletion(help())) { + return getReplyString(); + } + return null; + } + + /** + * Fetches the help information for a given command from the server and + * returns the full string. + * + * @param command The command on which to ask for help. + * @return The command help string obtained from the server. null if the + * information could not be obtained. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public String listHelp(String command) throws IOException { + if (FTPReply.isPositiveCompletion(help(command))) { + return getReplyString(); + } + return null; + } + + /** + * Sends a NOOP command to the FTP server. This is useful for preventing + * server timeouts. + * + * @return True if successfully completed, false if not. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public boolean sendNoOp() throws IOException { + return FTPReply.isPositiveCompletion(noop()); + } + + /** + * Obtain a list of filenames in a directory (or just the name of a given + * file, which is not particularly useful). This information is obtained + * through the NLST command. If the given pathname is a directory and + * contains no files, a zero length array is returned only + * if the FTP server returned a positive completion code, otherwise + * null is returned (the FTP server returned a 550 error No files found.). + * If the directory is not empty, an array of filenames in the directory is + * returned. If the pathname corresponds + * to a file, only that file will be listed. The server may or may not + * expand glob expressions. + * + * @param pathname The file or directory to list. + * Warning: the server may treat a leading '-' as an + * option introducer. If so, try using an absolute path, + * or prefix the path with ./ (unix style servers). + * Some servers may support "--" as meaning end of options, + * in which case "-- -xyz" should work. + * @return The list of filenames contained in the given path. null if + * the list could not be obtained. If there are no filenames in + * the directory, a zero-length array is returned. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public String[] listNames(String pathname) throws IOException { + Socket socket = _openDataConnection_(FTPCmd.NLST, getListArguments(pathname)); + + if (socket == null) { + return null; + } + + BufferedReader reader = + new BufferedReader(new InputStreamReader(socket.getInputStream(), getControlEncoding())); + + ArrayList results = new ArrayList(); + String line; + while ((line = reader.readLine()) != null) { + results.add(line); + } + + reader.close(); + socket.close(); + + if (completePendingCommand()) { + String[] names = new String[results.size()]; + return results.toArray(names); + } + + return null; + } + + /** + * Obtain a list of filenames in the current working directory + * This information is obtained through the NLST command. If the current + * directory contains no files, a zero length array is returned only + * if the FTP server returned a positive completion code, otherwise, + * null is returned (the FTP server returned a 550 error No files found.). + * If the directory is not empty, an array of filenames in the directory is + * returned. + * + * @return The list of filenames contained in the current working + * directory. null if the list could not be obtained. + * If there are no filenames in the directory, a zero-length array + * is returned. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public String[] listNames() throws IOException { + return listNames(null); + } + + /** + * Using the default system autodetect mechanism, obtain a + * list of file information for the current working directory + * or for just a single file. + *

    + * This information is obtained through the LIST command. The contents of + * the returned array is determined by the FTPFileEntryParser + * used. + *

    + * N.B. the LIST command does not generally return very precise timestamps. + * For recent files, the response usually contains hours and minutes (not seconds). + * For older files, the output may only contain a date. + * If the server supports it, the MLSD command returns timestamps with a precision + * of seconds, and may include milliseconds. See {@link #mlistDir()} + * + * @param pathname The file or directory to list. Since the server may + * or may not expand glob expressions, using them here + * is not recommended and may well cause this method to + * fail. + * Also, some servers treat a leading '-' as being an option. + * To avoid this interpretation, use an absolute pathname + * or prefix the pathname with ./ (unix style servers). + * Some servers may support "--" as meaning end of options, + * in which case "-- -xyz" should work. + * @return The list of file information contained in the given path in + * the format determined by the autodetection mechanism + * @throws ConnectionClosedException If the FTP server prematurely closes the connection + * as a result of the client being idle or some other + * reason causing the server to send FTP reply code 421. + * This exception may be caught either as an IOException + * or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply + * from the server. + * @throws org.xbib.io.ftp.client.parser.ParserInitializationException Thrown if the parserKey parameter cannot be + * resolved by the selected parser factory. + * In the DefaultFTPEntryParserFactory, this will + * happen when parserKey is neither + * the fully qualified class name of a class + * implementing the interface + * {@link FTPFileEntryParser} + * nor a string containing one of the recognized keys + * mapping to such a parser or if class loader + * security issues prevent its being loaded. + * @see DefaultFTPFileEntryParserFactory + * @see FTPFileEntryParserFactory + * @see FTPFileEntryParser + */ + public FTPFile[] listFiles(String pathname) + throws IOException { + FTPListParseEngine engine = initiateListParsing((String) null, pathname); + return engine.getFiles(); + + } + + /** + * Using the default system autodetect mechanism, obtain a + * list of file information for the current working directory. + *

    + * This information is obtained through the LIST command. The contents of + * the returned array is determined by the FTPFileEntryParser + * used. + *

    + * N.B. the LIST command does not generally return very precise timestamps. + * For recent files, the response usually contains hours and minutes (not seconds). + * For older files, the output may only contain a date. + * If the server supports it, the MLSD command returns timestamps with a precision + * of seconds, and may include milliseconds. See {@link #mlistDir()} + * + * @return The list of file information contained in the current directory + * in the format determined by the autodetection mechanism. + *

    + * NOTE: This array may contain null members if any of the + * individual file listings failed to parse. The caller should + * check each entry for null before referencing it. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection + * as a result of the client being idle or some other + * reason causing the server to send FTP reply code 421. + * This exception may be caught either as an IOException + * or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply + * from the server. + * @throws org.xbib.io.ftp.client.parser.ParserInitializationException Thrown if the parserKey parameter cannot be + * resolved by the selected parser factory. + * In the DefaultFTPEntryParserFactory, this will + * happen when parserKey is neither + * the fully qualified class name of a class + * implementing the interface + * {@link FTPFileEntryParser} + * nor a string containing one of the recognized keys + * mapping to such a parser or if class loader + * security issues prevent its being loaded. + * @see DefaultFTPFileEntryParserFactory + * @see FTPFileEntryParserFactory + * @see FTPFileEntryParser + */ + public FTPFile[] listFiles() + throws IOException { + return listFiles((String) null); + } + + /** + * Version of {@link #listFiles(String)} which allows a filter to be provided. + * For example: listFiles("site", FTPFileFilters.DIRECTORY); + * + * @param pathname the initial path, may be null + * @param filter the filter, non-null + * @return the list of FTPFile entries. + * @throws IOException on error + */ + public FTPFile[] listFiles(String pathname, FTPFileFilter filter) + throws IOException { + FTPListParseEngine engine = initiateListParsing((String) null, pathname); + return engine.getFiles(filter); + + } + + /** + * Using the default system autodetect mechanism, obtain a + * list of directories contained in the current working directory. + *

    + * This information is obtained through the LIST command. The contents of + * the returned array is determined by the FTPFileEntryParser + * used. + *

    + * N.B. the LIST command does not generally return very precise timestamps. + * For recent files, the response usually contains hours and minutes (not seconds). + * For older files, the output may only contain a date. + * If the server supports it, the MLSD command returns timestamps with a precision + * of seconds, and may include milliseconds. See {@link #mlistDir()} + * + * @return The list of directories contained in the current directory + * in the format determined by the autodetection mechanism. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection + * as a result of the client being idle or some other + * reason causing the server to send FTP reply code 421. + * This exception may be caught either as an IOException + * or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply + * from the server. + * @throws org.xbib.io.ftp.client.parser.ParserInitializationException Thrown if the parserKey parameter cannot be + * resolved by the selected parser factory. + * In the DefaultFTPEntryParserFactory, this will + * happen when parserKey is neither + * the fully qualified class name of a class + * implementing the interface + * {@link }FTPFileEntryParser} + * nor a string containing one of the recognized keys + * mapping to such a parser or if class loader + * security issues prevent its being loaded. + * @see DefaultFTPFileEntryParserFactory + * @see FTPFileEntryParserFactory + * @see FTPFileEntryParser + */ + public FTPFile[] listDirectories() throws IOException { + return listDirectories((String) null); + } + + /** + * Using the default system autodetect mechanism, obtain a + * list of directories contained in the specified directory. + *

    + * This information is obtained through the LIST command. The contents of + * the returned array is determined by the FTPFileEntryParser + * used. + *

    + * N.B. the LIST command does not generally return very precise timestamps. + * For recent files, the response usually contains hours and minutes (not seconds). + * For older files, the output may only contain a date. + * If the server supports it, the MLSD command returns timestamps with a precision + * of seconds, and may include milliseconds. See {@link #mlistDir()} + * + * @param parent the starting directory + * @return The list of directories contained in the specified directory + * in the format determined by the autodetection mechanism. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection + * as a result of the client being idle or some other + * reason causing the server to send FTP reply code 421. + * This exception may be caught either as an IOException + * or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply + * from the server. + * @throws ParserInitializationException Thrown if the parserKey parameter cannot be + * resolved by the selected parser factory. + * In the DefaultFTPEntryParserFactory, this will + * happen when parserKey is neither + * the fully qualified class name of a class + * implementing the interface + * {@link FTPFileEntryParser} + * nor a string containing one of the recognized keys + * mapping to such a parser or if class loader + * security issues prevent its being loaded. + * @see DefaultFTPFileEntryParserFactory + * @see FTPFileEntryParserFactory + * @see FTPFileEntryParser + */ + public FTPFile[] listDirectories(String parent) throws IOException { + return listFiles(parent, FTPFileFilters.DIRECTORIES); + } + + /** + * Using the default autodetect mechanism, initialize an FTPListParseEngine + * object containing a raw file information for the current working + * directory on the server + * This information is obtained through the LIST command. This object + * is then capable of being iterated to return a sequence of FTPFile + * objects with information filled in by the + * FTPFileEntryParser used. + *

    + * This method differs from using the listFiles() methods in that + * expensive FTPFile objects are not created until needed which may be + * an advantage on large lists. + * + * @return A FTPListParseEngine object that holds the raw information and + * is capable of providing parsed FTPFile objects, one for each file + * containing information contained in the given path in the format + * determined by the parser parameter. Null will be + * returned if a data connection cannot be opened. If the current working + * directory contains no files, an empty array will be the return. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + * @throws org.xbib.io.ftp.client.parser.ParserInitializationException Thrown if the autodetect mechanism cannot + * resolve the type of system we are connected with. + * @see FTPListParseEngine + */ + public FTPListParseEngine initiateListParsing() + throws IOException { + return initiateListParsing((String) null); + } + + /** + * Using the default autodetect mechanism, initialize an FTPListParseEngine + * object containing a raw file information for the supplied directory. + * This information is obtained through the LIST command. This object + * is then capable of being iterated to return a sequence of FTPFile + * objects with information filled in by the + * FTPFileEntryParser used. + *

    + * The server may or may not expand glob expressions. You should avoid + * using glob expressions because the return format for glob listings + * differs from server to server and will likely cause this method to fail. + *

    + * This method differs from using the listFiles() methods in that + * expensive FTPFile objects are not created until needed which may be + * an advantage on large lists. + * 

    +     *    FTPClient f=FTPClient();
+     *    f.connect(server);
+     *    f.login(username, password);
+     *    FTPListParseEngine engine = f.initiateListParsing(directory);
+     *
+     *    while (engine.hasNext()) {
+     *       FTPFile[] files = engine.getNext(25);  // "page size" you want
+     *       //do whatever you want with these files, display them, etc.
+     *       //expensive FTPFile objects not created until needed.
+     *    }
+     *
    + * + * @param pathname the starting directory + * @return A FTPListParseEngine object that holds the raw information and + * is capable of providing parsed FTPFile objects, one for each file + * containing information contained in the given path in the format + * determined by the parser parameter. Null will be + * returned if a data connection cannot be opened. If the current working + * directory contains no files, an empty array will be the return. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + * @throws org.xbib.io.ftp.client.parser.ParserInitializationException Thrown if the autodetect mechanism cannot + * resolve the type of system we are connected with. + * @see FTPListParseEngine + */ + public FTPListParseEngine initiateListParsing(String pathname) + throws IOException { + return initiateListParsing((String) null, pathname); + } + + /** + * Using the supplied parser key, initialize an FTPListParseEngine + * object containing a raw file information for the supplied directory. + * This information is obtained through the LIST command. This object + * is then capable of being iterated to return a sequence of FTPFile + * objects with information filled in by the + * FTPFileEntryParser used. + *

    + * The server may or may not expand glob expressions. You should avoid + * using glob expressions because the return format for glob listings + * differs from server to server and will likely cause this method to fail. + *

    + * This method differs from using the listFiles() methods in that + * expensive FTPFile objects are not created until needed which may be + * an advantage on large lists. + * + * @param parserKey A string representing a designated code or fully-qualified + * class name of an FTPFileEntryParser that should be + * used to parse each server file listing. + * May be {@code null}, in which case the code checks first + * the system property {@link #FTP_SYSTEM_TYPE}, and if that is + * not defined the SYST command is used to provide the value. + * To allow for arbitrary system types, the return from the + * SYST command is used to look up an alias for the type in the + * {@link #SYSTEM_TYPE_PROPERTIES} properties file if it is available. + * @param pathname the starting directory + * @return A FTPListParseEngine object that holds the raw information and + * is capable of providing parsed FTPFile objects, one for each file + * containing information contained in the given path in the format + * determined by the parser parameter. Null will be + * returned if a data connection cannot be opened. If the current working + * directory contains no files, an empty array will be the return. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + * @throws ParserInitializationException Thrown if the parserKey parameter cannot be + * resolved by the selected parser factory. + * In the DefaultFTPEntryParserFactory, this will + * happen when parserKey is neither + * the fully qualified class name of a class + * implementing the interface + * {@link FTPFileEntryParser} + * nor a string containing one of the recognized keys + * mapping to such a parser or if class loader + * security issues prevent its being loaded. + * @see FTPListParseEngine + */ + public FTPListParseEngine initiateListParsing( + String parserKey, String pathname) + throws IOException { + createParser(parserKey); // create and cache parser + return initiateListParsing(fileEntryParser, pathname); + } + + void createParser(String parserKey) throws IOException { + // We cache the value to avoid creation of a new object every + // time a file listing is generated. + // Note: we don't check against a null parserKey (NET-544) + if (fileEntryParser == null || (parserKey != null && !entryParserKey.equals(parserKey))) { + if (null != parserKey) { + // if a parser key was supplied in the parameters, + // use that to create the parser + fileEntryParser = + entryParserFactory.createFileEntryParser(parserKey); + entryParserKey = parserKey; + + } else { + // if no parserKey was supplied, check for a configuration + // in the params, and if it has a non-empty system type, use that. + if (null != ftpClientConfig && ftpClientConfig.getServerSystemKey().length() > 0) { + fileEntryParser = entryParserFactory.createFileEntryParser(ftpClientConfig); + entryParserKey = ftpClientConfig.getServerSystemKey(); + } else { + // if a parserKey hasn't been supplied, and a configuration + // hasn't been supplied, and the override property is not set + // then autodetect by calling + // the SYST command and use that to choose the parser. + String systemType = System.getProperty(FTP_SYSTEM_TYPE); + if (systemType == null) { + systemType = getSystemType(); // cannot be null + Properties override = getOverrideProperties(); + if (override != null) { + String newType = override.getProperty(systemType); + if (newType != null) { + systemType = newType; + } + } + } + if (null != ftpClientConfig) { // system type must have been empty above + fileEntryParser = entryParserFactory.createFileEntryParser(new FTPClientConfig(systemType, ftpClientConfig)); + } else { + fileEntryParser = entryParserFactory.createFileEntryParser(systemType); + } + entryParserKey = systemType; + } + } + } + } + + FTPFileEntryParser getFileEntryParser() { + return fileEntryParser; + } + + /** + * private method through which all listFiles() and + * initiateListParsing methods pass once a parser is determined. + * + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + * @see FTPListParseEngine + */ + private FTPListParseEngine initiateListParsing( + FTPFileEntryParser parser, String pathname) + throws IOException { + Socket socket = _openDataConnection_(FTPCmd.LIST, getListArguments(pathname)); + + FTPListParseEngine engine = new FTPListParseEngine(parser, ftpClientConfig); + if (socket == null) { + return engine; + } + + try { + engine.readServerList(socket.getInputStream(), getControlEncoding()); + } finally { + Util.closeQuietly(socket); + } + + completePendingCommand(); + return engine; + } + + /** + * Initiate list parsing for MLSD listings. + * + * @param pathname + * @return the engine + * @throws IOException + */ + private FTPListParseEngine initiateMListParsing(String pathname) throws IOException { + Socket socket = _openDataConnection_(FTPCmd.MLSD, pathname); + FTPListParseEngine engine = new FTPListParseEngine(MLSxEntryParser.getInstance(), ftpClientConfig); + if (socket == null) { + return engine; + } + + try { + engine.readServerList(socket.getInputStream(), getControlEncoding()); + } finally { + Util.closeQuietly(socket); + completePendingCommand(); + } + return engine; + } + + /** + * @param pathname the initial pathname + * @return the adjusted string with "-a" added if necessary + */ + protected String getListArguments(String pathname) { + if (getListHiddenFiles()) { + if (pathname != null) { + StringBuilder sb = new StringBuilder(pathname.length() + 3); + sb.append("-a "); + sb.append(pathname); + return sb.toString(); + } else { + return "-a"; + } + } + + return pathname; + } + + /** + * Issue the FTP STAT command to the server. + * + * @return The status information returned by the server. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public String getStatus() throws IOException { + if (FTPReply.isPositiveCompletion(stat())) { + return getReplyString(); + } + return null; + } + + /** + * Issue the FTP STAT command to the server for a given pathname. This + * should produce a listing of the file or directory. + * + * @param pathname the filename + * @return The status information returned by the server. + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public String getStatus(String pathname) throws IOException { + if (FTPReply.isPositiveCompletion(stat(pathname))) { + return getReplyString(); + } + return null; + } + + /** + * Issue the FTP SIZE command to the server for a given pathname. + * This should produce the size of the file. + * + * @param pathname the filename + * @return The size information returned by the server; {@code null} if there was an error + * @throws ConnectionClosedException If the FTP server prematurely closes the connection as a result + * of the client being idle or some other reason causing the server + * to send FTP reply code 421. This exception may be caught either + * as an IOException or independently as itself. + * @throws IOException If an I/O error occurs while either sending a + * command to the server or receiving a reply from the server. + */ + public String getSize(String pathname) throws IOException { + if (FTPReply.isPositiveCompletion(size(pathname))) { + return getReplyStrings()[0].substring(4); // skip the return code (e.g. 213) and the space + } + return null; + } + + /** + * Issue the FTP MDTM command (not supported by all servers) to retrieve the last + * modification time of a file. The modification string should be in the + * ISO 3077 form "YYYYMMDDhhmmss(.xxx)?". The timestamp represented should also be in + * GMT, but not all FTP servers honour this. + * + * @param pathname The file path to query. + * @return A string representing the last file modification time in YYYYMMDDhhmmss format. + * @throws IOException if an I/O error occurs. + */ + public String getModificationTime(String pathname) throws IOException { + if (FTPReply.isPositiveCompletion(mdtm(pathname))) { + return getReplyStrings()[0].substring(4); // skip the return code (e.g. 213) and the space + } + return null; + } + + /** + * Issue the FTP MDTM command (not supported by all servers) to retrieve the last + * modification time of a file. The modification string should be in the + * ISO 3077 form "YYYYMMDDhhmmss(.xxx)?". The timestamp represented should also be in + * GMT, but not all FTP servers honour this. + * + * @param pathname The file path to query. + * @return A FTPFile representing the last file modification time, may be {@code null}. + * The FTPFile timestamp will be null if a parse error occurs. + * @throws IOException if an I/O error occurs. + */ + public FTPFile mdtmFile(String pathname) throws IOException { + if (FTPReply.isPositiveCompletion(mdtm(pathname))) { + String reply = getReplyStrings()[0].substring(4); // skip the return code (e.g. 213) and the space + FTPFile file = new FTPFile(); + file.setName(pathname); + file.setRawListing(reply); + ZonedDateTime zonedDateTime = MLSxEntryParser.parseGMTdateTime(reply); + file.setTimestamp(zonedDateTime); + return file; + } + return null; + } + + /** + * Issue the FTP MFMT command (not supported by all servers) which sets the last + * modified time of a file. + *

    + * The timestamp should be in the form YYYYMMDDhhmmss. It should also + * be in GMT, but not all servers honour this. + *

    + * An FTP server would indicate its support of this feature by including "MFMT" + * in its response to the FEAT command, which may be retrieved by FTPClient.features() + * + * @param pathname The file path for which last modified time is to be changed. + * @param timeval The timestamp to set to, in YYYYMMDDhhmmss format. + * @return true if successfully set, false if not + * @throws IOException if an I/O error occurs. + * @see http://tools.ietf.org/html/draft-somers-ftp-mfxx-04 + */ + public boolean setModificationTime(String pathname, String timeval) throws IOException { + return (FTPReply.isPositiveCompletion(mfmt(pathname, timeval))); + } + + /** + * Retrieve the current internal buffer size for buffered data streams. + * + * @return The current buffer size. + */ + public int getBufferSize() { + return bufferSize; + } + + /** + * Set the internal buffer size for buffered data streams. + * + * @param bufSize The size of the buffer. Use a non-positive value to use the default. + */ + public void setBufferSize(int bufSize) { + bufferSize = bufSize; + } + + /** + * Retrieve the value to be used for the data socket SO_SNDBUF option. + * + * @return The current buffer size. + */ + public int getSendDataSocketBufferSize() { + return sendDataSocketBufferSize; + } + + /** + * Sets the value to be used for the data socket SO_SNDBUF option. + * If the value is positive, the option will be set when the data socket has been created. + * + * @param bufSize The size of the buffer, zero or negative means the value is ignored. + */ + public void setSendDataSocketBufferSize(int bufSize) { + sendDataSocketBufferSize = bufSize; + } + + /** + * Sets the value to be used for the data socket SO_RCVBUF option. + * If the value is positive, the option will be set when the data socket has been created. + * + * @param bufSize The size of the buffer, zero or negative means the value is ignored. + */ + public void setReceieveDataSocketBufferSize(int bufSize) { + receiveDataSocketBufferSize = bufSize; + } + + /** + * Retrieve the value to be used for the data socket SO_RCVBUF option. + * + * @return The current buffer size. + */ + public int getReceiveDataSocketBufferSize() { + return receiveDataSocketBufferSize; + } + + /** + * Implementation of the {@link Configurable Configurable} interface. + * In the case of this class, configuring merely makes the config object available for the + * factory methods that construct parsers. + * + * @param config {@link FTPClientConfig FTPClientConfig} object used to + * provide non-standard configurations to the parser. + */ + @Override + public void configure(FTPClientConfig config) { + this.ftpClientConfig = config; + } + + /** + * @return the current state + * @see #setListHiddenFiles(boolean) + */ + public boolean getListHiddenFiles() { + return this.listHiddenFiles; + } + + /** + * You can set this to true if you would like to get hidden files when {@link #listFiles} too. + * A LIST -a will be issued to the ftp server. + * It depends on your ftp server if you need to call this method, also dont expect to get rid + * of hidden files if you call this method with "false". + * + * @param listHiddenFiles true if hidden files should be listed + */ + public void setListHiddenFiles(boolean listHiddenFiles) { + this.listHiddenFiles = listHiddenFiles; + } + + /** + * Whether should attempt to use EPSV with IPv4. + * Default (if not set) is false + * + * @return true if should attempt EPSV + */ + public boolean isUseEPSVwithIPv4() { + return useEPSVwithIPv4; + } + + /** + * Set whether to use EPSV with IPv4. + * Might be worth enabling in some circumstances. + *

    + * For example, when using IPv4 with NAT it + * may work with some rare configurations. + * E.g. if FTP server has a static PASV address (external network) + * and the client is coming from another internal network. + * In that case the data connection after PASV command would fail, + * while EPSV would make the client succeed by taking just the port. + * + * @param selected value to set. + */ + public void setUseEPSVwithIPv4(boolean selected) { + this.useEPSVwithIPv4 = selected; + } + + /** + * Obtain the currently active listener. + * + * @return the listener, may be {@code null} + */ + public CopyStreamListener getCopyStreamListener() { + return copyStreamListener; + } + + /** + * Set the listener to be used when performing store/retrieve operations. + * The default value (if not set) is {@code null}. + * + * @param listener to be used, may be {@code null} to disable + */ + public void setCopyStreamListener(CopyStreamListener listener) { + copyStreamListener = listener; + } + + /** + * Get the time to wait between sending control connection keepalive messages + * when processing file upload or download. + *

    + * See the class Javadoc section "Control channel keep-alive feature:" + * + * @return the number of seconds between keepalive messages. + */ + public long getControlKeepAliveTimeout() { + return controlKeepAliveTimeout / 1000; + } + + /** + * Set the time to wait between sending control connection keepalive messages + * when processing file upload or download. + *

    + * See the class Javadoc section "Control channel keep-alive feature:" + * + * @param controlIdle the wait (in secs) between keepalive messages. Zero (or less) disables. + * @see #setControlKeepAliveReplyTimeout(int) + */ + public void setControlKeepAliveTimeout(long controlIdle) { + controlKeepAliveTimeout = controlIdle * 1000; + } + + /** + * Get how long to wait for control keep-alive message replies. + * + * @return wait time in msec + */ + public int getControlKeepAliveReplyTimeout() { + return controlKeepAliveReplyTimeout; + } + + /** + * Set how long to wait for control keep-alive message replies. + * + * @param timeout number of milliseconds to wait (defaults to 1000) + * @see #setControlKeepAliveTimeout(long) + */ + public void setControlKeepAliveReplyTimeout(int timeout) { + controlKeepAliveReplyTimeout = timeout; + } + + /** + * Set the workaround strategy to replace the PASV mode reply addresses. + * This gets around the problem that some NAT boxes may change the reply. + *

    + * The default implementation is {@code NatServerResolverImpl}, i.e. site-local + * replies are replaced. + * + * @param resolver strategy to replace internal IP's in passive mode + * or null to disable the workaround (i.e. use PASV mode reply address.) + */ + public void setPassiveNatWorkaroundStrategy(HostnameResolver resolver) { + this.__passiveNatWorkaroundStrategy = resolver; + } + + private OutputStream getBufferedOutputStream(OutputStream outputStream) { + if (bufferSize > 0) { + return new BufferedOutputStream(outputStream, bufferSize); + } + return new BufferedOutputStream(outputStream); + } + + private InputStream getBufferedInputStream(InputStream inputStream) { + if (bufferSize > 0) { + return new BufferedInputStream(inputStream, bufferSize); + } + return new BufferedInputStream(inputStream); + } + + /** + * Merge two copystream listeners, either or both of which may be null. + * + * @param local the listener used by this class, may be null + * @return a merged listener or a single listener or null + */ + private CopyStreamListener __mergeListeners(CopyStreamListener local) { + if (local == null) { + return copyStreamListener; + } + if (copyStreamListener == null) { + return local; + } + // Both are non-null + CopyStreamAdapter merged = new CopyStreamAdapter(); + merged.addCopyStreamListener(local); + merged.addCopyStreamListener(copyStreamListener); + return merged; + } + + /** + * Tells if automatic server encoding detection is enabled or disabled. + * + * @return true, if automatic server encoding detection is enabled. + */ + public boolean getAutodetectUTF8() { + return __autodetectEncoding; + } + + /** + * Enables or disables automatic server encoding detection (only UTF-8 supported). + *

    + * Does not affect existing connections; must be invoked before a connection is established. + * + * @param autodetect If true, automatic server encoding detection will be enabled. + */ + public void setAutodetectUTF8(boolean autodetect) { + __autodetectEncoding = autodetect; + } + + /** + * Strategy interface for updating host names received from FTP server + * for passive NAT workaround. + */ + public interface HostnameResolver { + String resolve(String hostname) throws UnknownHostException; + } + + private static class PropertiesSingleton { + + static final Properties PROPERTIES; + + static { + InputStream resourceAsStream = FTPClient.class.getResourceAsStream(SYSTEM_TYPE_PROPERTIES); + Properties p = null; + if (resourceAsStream != null) { + p = new Properties(); + try { + p.load(resourceAsStream); + } catch (IOException e) { + // Ignored + } finally { + try { + resourceAsStream.close(); + } catch (IOException e) { + // Ignored + } + } + } + PROPERTIES = p; + } + + } + + /** + * Default strategy for passive NAT workaround (site-local + * replies are replaced.) + */ + public static class NatServerResolverImpl implements HostnameResolver { + private FTPClient client; + + public NatServerResolverImpl(FTPClient client) { + this.client = client; + } + + @Override + public String resolve(String hostname) throws UnknownHostException { + String newHostname = hostname; + InetAddress host = InetAddress.getByName(newHostname); + // reply is a local address, but target is not - assume NAT box changed the PASV reply + if (host.isSiteLocalAddress()) { + InetAddress remote = this.client.getRemoteAddress(); + if (!remote.isSiteLocalAddress()) { + newHostname = remote.getHostAddress(); + } + } + return newHostname; + } + } + + private static class CSL implements CopyStreamListener { + + private final FTPClient parent; + private final long idle; + private final int currentSoTimeout; + + private long time = System.currentTimeMillis(); + private int notAcked; + private int acksAcked; + private int ioErrors; + + CSL(FTPClient parent, long idleTime, int maxWait) throws SocketException { + this.idle = idleTime; + this.parent = parent; + this.currentSoTimeout = parent.getSoTimeout(); + parent.setSoTimeout(maxWait); + } + + @Override + public void bytesTransferred(CopyStreamEvent event) { + bytesTransferred(event.getTotalBytesTransferred(), event.getBytesTransferred(), event.getStreamSize()); + } + + @Override + public void bytesTransferred(long totalBytesTransferred, + int bytesTransferred, long streamSize) { + long now = System.currentTimeMillis(); + if (now - time > idle) { + try { + parent.__noop(); + acksAcked++; + } catch (SocketTimeoutException e) { + notAcked++; + } catch (IOException e) { + ioErrors++; + // Ignored + } + time = now; + } + } + + int[] cleanUp() throws IOException { + int remain = notAcked; + try { + while (notAcked > 0) { + parent.getReply(); // we do want to see these + notAcked--; // only decrement if actually received + } + } catch (SocketTimeoutException e) { // NET-584 + // ignored + } finally { + parent.setSoTimeout(currentSoTimeout); + } + return new int[]{acksAcked, remain, notAcked, ioErrors}; // debug counts + } + + } +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPClientConfig.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPClientConfig.java new file mode 100644 index 0000000..9a3145b --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPClientConfig.java @@ -0,0 +1,698 @@ +package org.xbib.io.ftp.client; + +import java.text.DateFormatSymbols; +import java.util.Collection; +import java.util.Locale; +import java.util.Map; +import java.util.StringTokenizer; +import java.util.TreeMap; + +/** + *

    + * This class implements an alternate means of configuring the + * {@link FTPClient FTPClient} object and + * also subordinate objects which it uses. Any class implementing the + * {@link Configurable Configurable } + * interface can be configured by this object. + *

    + * In particular this class was designed primarily to support configuration + * of FTP servers which express file timestamps in formats and languages + * other than those for the US locale, which although it is the most common + * is not universal. Unfortunately, nothing in the FTP spec allows this to + * be determined in an automated way, so manual configuration such as this + * is necessary. + *

    + * This functionality was designed to allow existing clients to work exactly + * as before without requiring use of this component. This component should + * only need to be explicitly invoked by the user of this package for problem + * cases that previous implementations could not solve. + *

    + *

    Examples of use of FTPClientConfig

    + * Use cases: + * You are trying to access a server that + *
      + *
    • lists files with timestamps that use month names in languages other + * than English
      • + *
    • lists files with timestamps that use date formats other + * than the American English "standard" MM dd yyyy
      • + *
    • is in different timezone and you need accurate timestamps for + * dependency checking as in Ant
      • + *
    + *

    + * Unpaged (whole list) access on a UNIX server that uses French month names + * but uses the "standard" MMM d yyyy date formatting + * 

    + *    FTPClient f=FTPClient();
+ *    FTPClientConfig conf = new FTPClientConfig(FTPClientConfig.SYST_UNIX);
+ *    conf.setServerLanguageCode("fr");
+ *    f.configure(conf);
+ *    f.connect(server);
+ *    f.login(username, password);
+ *    FTPFile[] files = listFiles(directory);
+ *
    + *

    + * Paged access on a UNIX server that uses Danish month names + * and "European" date formatting in Denmark's time zone, when you + * are in some other time zone. + * 

    + *    FTPClient f=FTPClient();
+ *    FTPClientConfig conf = new FTPClientConfig(FTPClientConfig.SYST_UNIX);
+ *    conf.setServerLanguageCode("da");
+ *    conf.setDefaultDateFormat("d MMM yyyy");
+ *    conf.setRecentDateFormat("d MMM HH:mm");
+ *    conf.setTimeZoneId("Europe/Copenhagen");
+ *    f.configure(conf);
+ *    f.connect(server);
+ *    f.login(username, password);
+ *    FTPListParseEngine engine =
+ *       f.initiateListParsing("com.whatever.YourOwnParser", directory);
+ *
+ *    while (engine.hasNext()) {
+ *       FTPFile[] files = engine.getNext(25);  // "page size" you want
+ *       //do whatever you want with these files, display them, etc.
+ *       //expensive FTPFile objects not created until needed.
+ *    }
+ *
    + *

    + * Unpaged (whole list) access on a VMS server that uses month names + * in a language not {@link #getSupportedLanguageCodes() supported} by the system. + * but uses the "standard" MMM d yyyy date formatting + * 

    + *    FTPClient f=FTPClient();
+ *    FTPClientConfig conf = new FTPClientConfig(FTPClientConfig.SYST_VMS);
+ *    conf.setShortMonthNames(
+ *        "jan|feb|mar|apr|ma\u00ED|j\u00FAn|j\u00FAl|\u00e1g\u00FA|sep|okt|n\u00F3v|des");
+ *    f.configure(conf);
+ *    f.connect(server);
+ *    f.login(username, password);
+ *    FTPFile[] files = listFiles(directory);
+ *
    + *

    + * Unpaged (whole list) access on a Windows-NT server in a different time zone. + * (Note, since the NT Format uses numeric date formatting, language issues + * are irrelevant here). + * 

    + *    FTPClient f=FTPClient();
+ *    FTPClientConfig conf = new FTPClientConfig(FTPClientConfig.SYST_NT);
+ *    conf.setTimeZoneId("America/Denver");
+ *    f.configure(conf);
+ *    f.connect(server);
+ *    f.login(username, password);
+ *    FTPFile[] files = listFiles(directory);
+ *
    + * Unpaged (whole list) access on a Windows-NT server in a different time zone + * but which has been configured to use a unix-style listing format. + * 
    + *    FTPClient f=FTPClient();
+ *    FTPClientConfig conf = new FTPClientConfig(FTPClientConfig.SYST_UNIX);
+ *    conf.setTimeZoneId("America/Denver");
+ *    f.configure(conf);
+ *    f.connect(server);
+ *    f.login(username, password);
+ *    FTPFile[] files = listFiles(directory);
+ *
    + * + * @see Configurable + * @see FTPClient + * @see org.xbib.io.ftp.client.parser.FTPTimestampParserImpl#configure(FTPClientConfig) + * @see org.xbib.io.ftp.client.parser.ConfigurableFTPFileEntryParserImpl + */ +public class FTPClientConfig { + + /** + * Identifier by which a unix-based ftp server is known throughout + * the commons-net ftp system. + */ + public static final String SYST_UNIX = "UNIX"; + + /** + * Identifier for alternate UNIX parser; same as {@link #SYST_UNIX} but leading spaces are + * trimmed from file names. This is to maintain backwards compatibility with + * the original behaviour of the parser which ignored multiple spaces between the date + * and the start of the file name. + * + */ + public static final String SYST_UNIX_TRIM_LEADING = "UNIX_LTRIM"; + + /** + * Identifier by which a vms-based ftp server is known throughout + * the commons-net ftp system. + */ + public static final String SYST_VMS = "VMS"; + + /** + * Identifier by which a WindowsNT-based ftp server is known throughout + * the commons-net ftp system. + */ + public static final String SYST_NT = "WINDOWS"; + + /** + * Identifier by which an OS/2-based ftp server is known throughout + * the commons-net ftp system. + */ + public static final String SYST_OS2 = "OS/2"; + + /** + * Identifier by which an OS/400-based ftp server is known throughout + * the commons-net ftp system. + */ + public static final String SYST_OS400 = "OS/400"; + + /** + * Identifier by which an AS/400-based ftp server is known throughout + * the commons-net ftp system. + */ + public static final String SYST_AS400 = "AS/400"; + + /** + * Identifier by which an MVS-based ftp server is known throughout + * the commons-net ftp system. + */ + public static final String SYST_MVS = "MVS"; + + /** + * Some servers return an "UNKNOWN Type: L8" message + * in response to the SYST command. We set these to be a Unix-type system. + * This may happen if the ftpd in question was compiled without system + * information. + *

    + * NET-230 - Updated to be UPPERCASE so that the check done in + * createFileEntryParser will succeed. + * + */ + public static final String SYST_L8 = "TYPE: L8"; + + /** + * Identifier by which an Netware-based ftp server is known throughout + * the commons-net ftp system. + * + */ + public static final String SYST_NETWARE = "NETWARE"; + + /** + * Identifier by which a Mac pre OS-X -based ftp server is known throughout + * the commons-net ftp system. + * + */ + // Full string is "MACOS Peter's Server"; the substring below should be enough + public static final String SYST_MACOS_PETER = "MACOS PETER"; // NET-436 + private static final Map LANGUAGE_CODE_MAP = new TreeMap(); + + static { + + // if there are other commonly used month name encodings which + // correspond to particular locales, please add them here. + + + // many locales code short names for months as all three letters + // these we handle simply. + LANGUAGE_CODE_MAP.put("en", Locale.ENGLISH); + LANGUAGE_CODE_MAP.put("de", Locale.GERMAN); + LANGUAGE_CODE_MAP.put("it", Locale.ITALIAN); + LANGUAGE_CODE_MAP.put("es", new Locale("es", "", "")); // spanish + LANGUAGE_CODE_MAP.put("pt", new Locale("pt", "", "")); // portuguese + LANGUAGE_CODE_MAP.put("da", new Locale("da", "", "")); // danish + LANGUAGE_CODE_MAP.put("sv", new Locale("sv", "", "")); // swedish + LANGUAGE_CODE_MAP.put("no", new Locale("no", "", "")); // norwegian + LANGUAGE_CODE_MAP.put("nl", new Locale("nl", "", "")); // dutch + LANGUAGE_CODE_MAP.put("ro", new Locale("ro", "", "")); // romanian + LANGUAGE_CODE_MAP.put("sq", new Locale("sq", "", "")); // albanian + LANGUAGE_CODE_MAP.put("sh", new Locale("sh", "", "")); // serbo-croatian + LANGUAGE_CODE_MAP.put("sk", new Locale("sk", "", "")); // slovak + LANGUAGE_CODE_MAP.put("sl", new Locale("sl", "", "")); // slovenian + + + // some don't + LANGUAGE_CODE_MAP.put("fr", + "jan|f\u00e9v|mar|avr|mai|jun|jui|ao\u00fb|sep|oct|nov|d\u00e9c"); //french + + } + + private final String serverSystemKey; + private String defaultDateFormatStr = null; + private String recentDateFormatStr = null; + private boolean lenientFutureDates = true; // NET-407 + private String serverLanguageCode = null; + private String shortMonthNames = null; + private String serverTimeZoneId = null; + private boolean saveUnparseableEntries = false; + + /** + * The main constructor for an FTPClientConfig object + * + * @param systemKey key representing system type of the server being + * connected to. See {@link #getServerSystemKey() serverSystemKey} + * If set to the empty string, then FTPClient uses the system type returned by the server. + * However this is not recommended for general use; + * the correct system type should be set if it is known. + */ + public FTPClientConfig(String systemKey) { + this.serverSystemKey = systemKey; + } + + /** + * Convenience constructor mainly for use in testing. + * Constructs a UNIX configuration. + */ + public FTPClientConfig() { + this(SYST_UNIX); + } + + /** + * Constructor which allows setting of the format string member fields + * + * @param systemKey key representing system type of the server being + * connected to. See + * {@link #getServerSystemKey() serverSystemKey} + * @param defaultDateFormatStr See + * {@link #setDefaultDateFormatStr(String) defaultDateFormatStr} + * @param recentDateFormatStr See + * {@link #setRecentDateFormatStr(String) recentDateFormatStr} + */ + public FTPClientConfig(String systemKey, + String defaultDateFormatStr, + String recentDateFormatStr) { + this(systemKey); + this.defaultDateFormatStr = defaultDateFormatStr; + this.recentDateFormatStr = recentDateFormatStr; + } + + /** + * Constructor which allows setting of most member fields + * + * @param systemKey key representing system type of the server being + * connected to. See + * {@link #getServerSystemKey() serverSystemKey} + * @param defaultDateFormatStr See + * {@link #setDefaultDateFormatStr(String) defaultDateFormatStr} + * @param recentDateFormatStr See + * {@link #setRecentDateFormatStr(String) recentDateFormatStr} + * @param serverLanguageCode See + * {@link #setServerLanguageCode(String) serverLanguageCode} + * @param shortMonthNames See + * {@link #setShortMonthNames(String) shortMonthNames} + * @param serverTimeZoneId See + * {@link #setServerTimeZoneId(String) serverTimeZoneId} + */ + public FTPClientConfig(String systemKey, + String defaultDateFormatStr, + String recentDateFormatStr, + String serverLanguageCode, + String shortMonthNames, + String serverTimeZoneId) { + this(systemKey); + this.defaultDateFormatStr = defaultDateFormatStr; + this.recentDateFormatStr = recentDateFormatStr; + this.serverLanguageCode = serverLanguageCode; + this.shortMonthNames = shortMonthNames; + this.serverTimeZoneId = serverTimeZoneId; + } + + /** + * Constructor which allows setting of all member fields + * + * @param systemKey key representing system type of the server being + * connected to. See + * {@link #getServerSystemKey() serverSystemKey} + * @param defaultDateFormatStr See + * {@link #setDefaultDateFormatStr(String) defaultDateFormatStr} + * @param recentDateFormatStr See + * {@link #setRecentDateFormatStr(String) recentDateFormatStr} + * @param serverLanguageCode See + * {@link #setServerLanguageCode(String) serverLanguageCode} + * @param shortMonthNames See + * {@link #setShortMonthNames(String) shortMonthNames} + * @param serverTimeZoneId See + * {@link #setServerTimeZoneId(String) serverTimeZoneId} + * @param lenientFutureDates See + * {@link #setLenientFutureDates(boolean) lenientFutureDates} + * @param saveUnparseableEntries See + * {@link #setUnparseableEntries(boolean) saveUnparseableEntries} + */ + public FTPClientConfig(String systemKey, + String defaultDateFormatStr, + String recentDateFormatStr, + String serverLanguageCode, + String shortMonthNames, + String serverTimeZoneId, + boolean lenientFutureDates, + boolean saveUnparseableEntries) { + this(systemKey); + this.defaultDateFormatStr = defaultDateFormatStr; + this.lenientFutureDates = lenientFutureDates; + this.recentDateFormatStr = recentDateFormatStr; + this.saveUnparseableEntries = saveUnparseableEntries; + this.serverLanguageCode = serverLanguageCode; + this.shortMonthNames = shortMonthNames; + this.serverTimeZoneId = serverTimeZoneId; + } + + // Copy constructor, intended for use by FTPClient only + FTPClientConfig(String systemKey, FTPClientConfig config) { + this.serverSystemKey = systemKey; + this.defaultDateFormatStr = config.defaultDateFormatStr; + this.lenientFutureDates = config.lenientFutureDates; + this.recentDateFormatStr = config.recentDateFormatStr; + this.saveUnparseableEntries = config.saveUnparseableEntries; + this.serverLanguageCode = config.serverLanguageCode; + this.serverTimeZoneId = config.serverTimeZoneId; + this.shortMonthNames = config.shortMonthNames; + } + + /** + * Copy constructor + * + * @param config source + */ + public FTPClientConfig(FTPClientConfig config) { + this.serverSystemKey = config.serverSystemKey; + this.defaultDateFormatStr = config.defaultDateFormatStr; + this.lenientFutureDates = config.lenientFutureDates; + this.recentDateFormatStr = config.recentDateFormatStr; + this.saveUnparseableEntries = config.saveUnparseableEntries; + this.serverLanguageCode = config.serverLanguageCode; + this.serverTimeZoneId = config.serverTimeZoneId; + this.shortMonthNames = config.shortMonthNames; + } + + /** + * Looks up the supplied language code in the internally maintained table of + * language codes. Returns a DateFormatSymbols object configured with + * short month names corresponding to the code. If there is no corresponding + * entry in the table, the object returned will be that for + * Locale.US + * + * @param languageCode See {@link #setServerLanguageCode(String) serverLanguageCode} + * @return a DateFormatSymbols object configured with short month names + * corresponding to the supplied code, or with month names for + * Locale.US if there is no corresponding entry in the internal + * table. + */ + public static DateFormatSymbols lookupDateFormatSymbols(String languageCode) { + Object lang = LANGUAGE_CODE_MAP.get(languageCode); + if (lang != null) { + if (lang instanceof Locale) { + return new DateFormatSymbols((Locale) lang); + } else if (lang instanceof String) { + return getDateFormatSymbols((String) lang); + } + } + return new DateFormatSymbols(Locale.US); + } + + /** + * Returns a DateFormatSymbols object configured with short month names + * as in the supplied string + * + * @param shortmonths This should be as described in + * {@link #setShortMonthNames(String) shortMonthNames} + * @return a DateFormatSymbols object configured with short month names + * as in the supplied string + */ + public static DateFormatSymbols getDateFormatSymbols(String shortmonths) { + String[] months = splitShortMonthString(shortmonths); + DateFormatSymbols dfs = new DateFormatSymbols(Locale.US); + dfs.setShortMonths(months); + return dfs; + } + + private static String[] splitShortMonthString(String shortmonths) { + StringTokenizer st = new StringTokenizer(shortmonths, "|"); + int monthcnt = st.countTokens(); + if (12 != monthcnt) { + throw new IllegalArgumentException( + "expecting a pipe-delimited string containing 12 tokens"); + } + String[] months = new String[13]; + int pos = 0; + while (st.hasMoreTokens()) { + months[pos++] = st.nextToken(); + } + months[pos] = ""; + return months; + } + + /** + * Returns a Collection of all the language codes currently supported + * by this class. See {@link #setServerLanguageCode(String) serverLanguageCode} + * for a functional descrption of language codes within this system. + * + * @return a Collection of all the language codes currently supported + * by this class + */ + public static Collection getSupportedLanguageCodes() { + return LANGUAGE_CODE_MAP.keySet(); + } + + /** + * Getter for the serverSystemKey property. This property + * specifies the general type of server to which the client connects. + * Should be either one of the FTPClientConfig.SYST_* codes + * or else the fully qualified class name of a parser implementing both + * the FTPFileEntryParser and Configurable + * interfaces. + * + * @return Returns the serverSystemKey property. + */ + public String getServerSystemKey() { + return serverSystemKey; + } + + /** + * getter for the {@link #setDefaultDateFormatStr(String) defaultDateFormatStr} + * property. + * + * @return Returns the defaultDateFormatStr property. + */ + public String getDefaultDateFormatStr() { + return defaultDateFormatStr; + } + + /** + *

    + * setter for the defaultDateFormatStr property. This property + * specifies the main date format that will be used by a parser configured + * by this configuration to parse file timestamps. If this is not + * specified, such a parser will use as a default value, the most commonly + * used format which will be in as used in en_US locales. + *

    + * This should be in the format described for + * java.text.SimpleDateFormat. + * property. + *

    + * + * @param defaultDateFormatStr The defaultDateFormatStr to set. + */ + public void setDefaultDateFormatStr(String defaultDateFormatStr) { + this.defaultDateFormatStr = defaultDateFormatStr; + } + + /** + * getter for the {@link #setRecentDateFormatStr(String) recentDateFormatStr} property. + * + * @return Returns the recentDateFormatStr property. + */ + + public String getRecentDateFormatStr() { + return recentDateFormatStr; + } + + /** + *

    + * setter for the recentDateFormatStr property. This property + * specifies a secondary date format that will be used by a parser + * configured by this configuration to parse file timestamps, typically + * those less than a year old. If this is not specified, such a parser + * will not attempt to parse using an alternate format. + *

    + *

    + * This is used primarily in unix-based systems. + *

    + *

    + * This should be in the format described for + * java.text.SimpleDateFormat. + *

    + * + * @param recentDateFormatStr The recentDateFormatStr to set. + */ + public void setRecentDateFormatStr(String recentDateFormatStr) { + this.recentDateFormatStr = recentDateFormatStr; + } + + /** + * getter for the {@link #setServerTimeZoneId(String) serverTimeZoneId} property. + * + * @return Returns the serverTimeZoneId property. + */ + public String getServerTimeZoneId() { + return serverTimeZoneId; + } + + /** + *

    + * setter for the serverTimeZoneId property. This property + * allows a time zone to be specified corresponding to that known to be + * used by an FTP server in file listings. This might be particularly + * useful to clients such as Ant that try to use these timestamps for + * dependency checking. + *

    + * This should be one of the identifiers used by + * java.util.TimeZone to refer to time zones, for example, + * America/Chicago or Asia/Rangoon. + *

    + * + * @param serverTimeZoneId The serverTimeZoneId to set. + */ + public void setServerTimeZoneId(String serverTimeZoneId) { + this.serverTimeZoneId = serverTimeZoneId; + } + + /** + *

    + * getter for the {@link #setShortMonthNames(String) shortMonthNames} + * property. + *

    + * + * @return Returns the shortMonthNames. + */ + public String getShortMonthNames() { + return shortMonthNames; + } + + /** + *

    + * setter for the shortMonthNames property. + * This property allows the user to specify a set of month names + * used by the server that is different from those that may be + * specified using the {@link #setServerLanguageCode(String) serverLanguageCode} + * property. + *

    + * This should be a string containing twelve strings each composed of + * three characters, delimited by pipe (|) characters. Currently, + * only 8-bit ASCII characters are known to be supported. For example, + * a set of month names used by a hypothetical Icelandic FTP server might + * conceivably be specified as + * "jan|feb|mar|apr|maí|jún|júl|ágú|sep|okt|nóv|des". + *

    + * + * @param shortMonthNames The value to set to the shortMonthNames property. + */ + public void setShortMonthNames(String shortMonthNames) { + this.shortMonthNames = shortMonthNames; + } + + /** + *

    + * getter for the {@link #setServerLanguageCode(String) serverLanguageCode} property. + *

    + * + * @return Returns the serverLanguageCode property. + */ + public String getServerLanguageCode() { + return serverLanguageCode; + } + + /** + *

    + * setter for the serverLanguageCode property. This property allows + * user to specify a + * + * two-letter ISO-639 language code that will be used to + * configure the set of month names used by the file timestamp parser. + * If neither this nor the {@link #setShortMonthNames(String) shortMonthNames} + * is specified, parsing will assume English month names, which may or + * may not be significant, depending on whether the date format(s) + * specified via {@link #setDefaultDateFormatStr(String) defaultDateFormatStr} + * and/or {@link #setRecentDateFormatStr(String) recentDateFormatStr} are using + * numeric or alphabetic month names. + *

    + *

    If the code supplied is not supported here, en_US + * month names will be used. We are supporting here those language + * codes which, when a java.util.Locale is constucted + * using it, and a java.text.SimpleDateFormat is + * constructed using that Locale, the array returned by the + * SimpleDateFormat's getShortMonths() method consists + * solely of three 8-bit ASCII character strings. Additionally, + * languages which do not meet this requirement are included if a + * common alternative set of short month names is known to be used. + * This means that users who can tell us of additional such encodings + * may get them added to the list of supported languages by contacting + * the Apache Commons Net team. + *

    + *

    + * Please note that this attribute will NOT be used to determine a + * locale-based date format for the language. + * Experience has shown that many if not most FTP servers outside the + * United States employ the standard en_US date format + * orderings of MMM d yyyy and MMM d HH:mm + * and attempting to deduce this automatically here would cause more + * problems than it would solve. The date format must be changed + * via the {@link #setDefaultDateFormatStr(String) defaultDateFormatStr} and/or + * {@link #setRecentDateFormatStr(String) recentDateFormatStr} parameters. + *

    + * + * @param serverLanguageCode The value to set to the serverLanguageCode property. + */ + public void setServerLanguageCode(String serverLanguageCode) { + this.serverLanguageCode = serverLanguageCode; + } + + /** + *

    + * getter for the {@link #setLenientFutureDates(boolean) lenientFutureDates} property. + *

    + * + * @return Returns the lenientFutureDates (default true). + */ + public boolean isLenientFutureDates() { + return lenientFutureDates; + } + + /** + *

    + * setter for the lenientFutureDates property. This boolean property + * (default: true) only has meaning when a + * {@link #setRecentDateFormatStr(String) recentDateFormatStr} property + * has been set. In that case, if this property is set true, then the + * parser, when it encounters a listing parseable with the recent date + * format, will only consider a date to belong to the previous year if + * it is more than one day in the future. This will allow all + * out-of-synch situations (whether based on "slop" - i.e. servers simply + * out of synch with one another or because of time zone differences - + * but in the latter case it is highly recommended to use the + * {@link #setServerTimeZoneId(String) serverTimeZoneId} property + * instead) to resolve correctly. + *

    + * This is used primarily in unix-based systems. + *

    + * + * @param lenientFutureDates set true to compensate for out-of-synch + * conditions. + */ + public void setLenientFutureDates(boolean lenientFutureDates) { + this.lenientFutureDates = lenientFutureDates; + } + + /** + * @return true if list parsing should return FTPFile entries even for unparseable response lines + *

    + * If true, the FTPFile for any unparseable entries will contain only the unparsed entry + * {@link FTPFile#getRawListing()} and {@link FTPFile#isValid()} will return {@code false} + */ + public boolean getUnparseableEntries() { + return this.saveUnparseableEntries; + } + + /** + * Allow list parsing methods to create basic FTPFile entries if parsing fails. + *

    + * In this case, the FTPFile will contain only the unparsed entry {@link FTPFile#getRawListing()} + * and {@link FTPFile#isValid()} will return {@code false} + * + * @param saveUnparseable if true, then create FTPFile entries if parsing fails + */ + public void setUnparseableEntries(boolean saveUnparseable) { + this.saveUnparseableEntries = saveUnparseable; + } + +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPCmd.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPCmd.java new file mode 100644 index 0000000..ec9d443 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPCmd.java @@ -0,0 +1,96 @@ +package org.xbib.io.ftp.client; + +/** + */ +public enum FTPCmd { + ABOR, + ACCT, + ALLO, + APPE, + CDUP, + CWD, + DELE, + EPRT, + EPSV, + FEAT, + HELP, + LIST, + MDTM, + MFMT, + MKD, + MLSD, + MLST, + MODE, + NLST, + NOOP, + PASS, + PASV, + PORT, + PWD, + QUIT, + REIN, + REST, + RETR, + RMD, + RNFR, + RNTO, + SITE, + SIZE, + SMNT, + STAT, + STOR, + STOU, + STRU, + SYST, + TYPE, + USER,; + + // Aliases + + public static final FTPCmd ABORT = ABOR; + public static final FTPCmd ACCOUNT = ACCT; + public static final FTPCmd ALLOCATE = ALLO; + public static final FTPCmd APPEND = APPE; + public static final FTPCmd CHANGE_TO_PARENT_DIRECTORY = CDUP; + public static final FTPCmd CHANGE_WORKING_DIRECTORY = CWD; + public static final FTPCmd DATA_PORT = PORT; + public static final FTPCmd DELETE = DELE; + public static final FTPCmd FEATURES = FEAT; + public static final FTPCmd FILE_STRUCTURE = STRU; + public static final FTPCmd GET_MOD_TIME = MDTM; + public static final FTPCmd LOGOUT = QUIT; + public static final FTPCmd MAKE_DIRECTORY = MKD; + public static final FTPCmd MOD_TIME = MDTM; + public static final FTPCmd NAME_LIST = NLST; + public static final FTPCmd PASSIVE = PASV; + public static final FTPCmd PASSWORD = PASS; + public static final FTPCmd PRINT_WORKING_DIRECTORY = PWD; + public static final FTPCmd REINITIALIZE = REIN; + public static final FTPCmd REMOVE_DIRECTORY = RMD; + public static final FTPCmd RENAME_FROM = RNFR; + public static final FTPCmd RENAME_TO = RNTO; + public static final FTPCmd REPRESENTATION_TYPE = TYPE; + public static final FTPCmd RESTART = REST; + public static final FTPCmd RETRIEVE = RETR; + public static final FTPCmd SET_MOD_TIME = MFMT; + public static final FTPCmd SITE_PARAMETERS = SITE; + public static final FTPCmd STATUS = STAT; + public static final FTPCmd STORE = STOR; + public static final FTPCmd STORE_UNIQUE = STOU; + public static final FTPCmd STRUCTURE_MOUNT = SMNT; + public static final FTPCmd SYSTEM = SYST; + public static final FTPCmd TRANSFER_MODE = MODE; + public static final FTPCmd USERNAME = USER; + + /** + * Retrieve the FTP protocol command string corresponding to a specified + * command code. + * + * @return The FTP protcol command string corresponding to a specified + * command code. + */ + public final String getCommand() { + return this.name(); + } + +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPFile.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPFile.java new file mode 100644 index 0000000..d266764 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPFile.java @@ -0,0 +1,422 @@ +package org.xbib.io.ftp.client; + +import java.io.Serializable; +import java.time.ZonedDateTime; + +/** + * The FTPFile class is used to represent information about files stored + * on an FTP server. + * + * @see FTPFileEntryParser + * @see FTPClient#listFiles + **/ +public class FTPFile implements Serializable { + /** + * A constant indicating an FTPFile is a file. + ***/ + public static final int FILE_TYPE = 0; + /** + * A constant indicating an FTPFile is a directory. + ***/ + public static final int DIRECTORY_TYPE = 1; + /** + * A constant indicating an FTPFile is a symbolic link. + ***/ + public static final int SYMBOLIC_LINK_TYPE = 2; + /** + * A constant indicating an FTPFile is of unknown type. + ***/ + public static final int UNKNOWN_TYPE = 3; + /** + * A constant indicating user access permissions. + ***/ + public static final int USER_ACCESS = 0; + /** + * A constant indicating group access permissions. + ***/ + public static final int GROUP_ACCESS = 1; + /** + * A constant indicating world access permissions. + ***/ + public static final int WORLD_ACCESS = 2; + /** + * A constant indicating file/directory read permission. + ***/ + public static final int READ_PERMISSION = 0; + /** + * A constant indicating file/directory write permission. + ***/ + public static final int WRITE_PERMISSION = 1; + /** + * A constant indicating file execute permission or directory listing + * permission. + ***/ + public static final int EXECUTE_PERMISSION = 2; + private static final long serialVersionUID = 9010790363003271996L; + // If this is null, then list entry parsing failed + private final boolean[][] permissions; // e.g. _permissions[USER_ACCESS][READ_PERMISSION] + + private int type; + + private int hardLinkCount; + + private long size; + + private String rawListing; + + private String user; + + private String group; + + private String name; + + private String link; + + private ZonedDateTime zonedDateTime; + + /*** Creates an empty FTPFile. ***/ + public FTPFile() { + permissions = new boolean[3][3]; + type = UNKNOWN_TYPE; + // init these to values that do not occur in listings + // so can distinguish which fields are unset + hardLinkCount = 0; // 0 is invalid as a link count + size = -1; // 0 is valid, so use -1 + user = ""; + group = ""; + zonedDateTime = null; + name = null; + } + + /** + * Constructor for use by {@link FTPListParseEngine} only. + * Used to create FTPFile entries for failed parses + * + * @param rawListing line that could not be parsed. + */ + FTPFile(String rawListing) { + permissions = null; // flag that entry is invalid + this.rawListing = rawListing; + type = UNKNOWN_TYPE; + // init these to values that do not occur in listings + // so can distinguish which fields are unset + hardLinkCount = 0; // 0 is invalid as a link count + size = -1; // 0 is valid, so use -1 + user = ""; + group = ""; + zonedDateTime = null; + name = null; + } + + /*** + * Get the original FTP server raw listing used to initialize the FTPFile. + * + * @return The original FTP server raw listing used to initialize the + * FTPFile. + ***/ + public String getRawListing() { + return rawListing; + } + + /*** + * Set the original FTP server raw listing from which the FTPFile was + * created. + * + * @param rawListing The raw FTP server listing. + ***/ + public void setRawListing(String rawListing) { + this.rawListing = rawListing; + } + + /*** + * Determine if the file is a directory. + * + * @return True if the file is of type DIRECTORY_TYPE, false if + * not. + ***/ + public boolean isDirectory() { + return (type == DIRECTORY_TYPE); + } + + /*** + * Determine if the file is a regular file. + * + * @return True if the file is of type FILE_TYPE, false if + * not. + ***/ + public boolean isFile() { + return (type == FILE_TYPE); + } + + /*** + * Determine if the file is a symbolic link. + * + * @return True if the file is of type UNKNOWN_TYPE, false if + * not. + ***/ + public boolean isSymbolicLink() { + return (type == SYMBOLIC_LINK_TYPE); + } + + /*** + * Determine if the type of the file is unknown. + * + * @return True if the file is of type UNKNOWN_TYPE, false if + * not. + ***/ + public boolean isUnknown() { + return (type == UNKNOWN_TYPE); + } + + /** + * Used to indicate whether an entry is valid or not. + * If the entry is invalid, only the {@link #getRawListing()} method will be useful. + * Other methods may fail. + *

    + * Used in conjunction with list parsing that preseverves entries that failed to parse. + * + * @return true if the entry is valid + * @see FTPClientConfig#setUnparseableEntries(boolean) + */ + public boolean isValid() { + return (permissions != null); + } + + /*** + * Return the type of the file (one of the _TYPE constants), + * e.g., if it is a directory, a regular file, or a symbolic link. + * + * @return The type of the file. + ***/ + public int getType() { + return type; + } + + /*** + * Set the type of the file (DIRECTORY_TYPE, + * FILE_TYPE, etc.). + * + * @param type The integer code representing the type of the file. + ***/ + public void setType(int type) { + this.type = type; + } + + /*** + * Return the name of the file. + * + * @return The name of the file. + ***/ + public String getName() { + return name; + } + + /*** + * Set the name of the file. + * + * @param name The name of the file. + ***/ + public void setName(String name) { + this.name = name; + } + + /*** + * Return the file size in bytes. + * + * @return The file size in bytes. + ***/ + public long getSize() { + return size; + } + + /** + * Set the file size in bytes. + * + * @param size The file size in bytes. + */ + public void setSize(long size) { + this.size = size; + } + + /*** + * Return the number of hard links to this file. This is not to be + * confused with symbolic links. + * + * @return The number of hard links to this file. + ***/ + public int getHardLinkCount() { + return hardLinkCount; + } + + /*** + * Set the number of hard links to this file. This is not to be + * confused with symbolic links. + * + * @param links The number of hard links to this file. + ***/ + public void setHardLinkCount(int links) { + hardLinkCount = links; + } + + /*** + * Returns the name of the group owning the file. Sometimes this will be + * a string representation of the group number. + * + * @return The name of the group owning the file. + ***/ + public String getGroup() { + return group; + } + + /*** + * Set the name of the group owning the file. This may be + * a string representation of the group number. + * + * @param group The name of the group owning the file. + ***/ + public void setGroup(String group) { + this.group = group; + } + + /*** + * Returns the name of the user owning the file. Sometimes this will be + * a string representation of the user number. + * + * @return The name of the user owning the file. + ***/ + public String getUser() { + return user; + } + + /*** + * Set the name of the user owning the file. This may be + * a string representation of the user number; + * + * @param user The name of the user owning the file. + ***/ + public void setUser(String user) { + this.user = user; + } + + /*** + * If the FTPFile is a symbolic link, this method returns the name of the + * file being pointed to by the symbolic link. Otherwise it returns null. + * + * @return The file pointed to by the symbolic link (null if the FTPFile + * is not a symbolic link). + ***/ + public String getLink() { + return link; + } + + /*** + * If the FTPFile is a symbolic link, use this method to set the name of the + * file being pointed to by the symbolic link. + * + * @param link The file pointed to by the symbolic link. + ***/ + public void setLink(String link) { + this.link = link; + } + + /*** + * Returns the file timestamp. This usually the last modification time. + * + * @return A Calendar instance representing the file timestamp. + ***/ + public ZonedDateTime getTimestamp() { + return zonedDateTime; + } + + /*** + * Set the file timestamp. This usually the last modification time. + * The parameter is not cloned, so do not alter its value after calling + * this method. + * + * @param zonedDateTime A Calendar instance representing the file timestamp. + ***/ + public void setTimestamp(ZonedDateTime zonedDateTime) { + this.zonedDateTime = zonedDateTime; + } + + /*** + * Set if the given access group (one of the _ACCESS + * constants) has the given access permission (one of the + * _PERMISSION constants) to the file. + * + * @param access The access group (one of the _ACCESS + * constants) + * @param permission The access permission (one of the + * _PERMISSION constants) + * @param value True if permission is allowed, false if not. + * @throws ArrayIndexOutOfBoundsException if either of the parameters is out of range + ***/ + public void setPermission(int access, int permission, boolean value) { + permissions[access][permission] = value; + } + + + /*** + * Determines if the given access group (one of the _ACCESS + * constants) has the given access permission (one of the + * _PERMISSION constants) to the file. + * + * @param access The access group (one of the _ACCESS + * constants) + * @param permission The access permission (one of the + * _PERMISSION constants) + * @throws ArrayIndexOutOfBoundsException if either of the parameters is out of range + * @return true if {@link #isValid()} is {@code true &&} the associated permission is set; + * {@code false} otherwise. + ***/ + public boolean hasPermission(int access, int permission) { + if (permissions == null) { + return false; + } + return permissions[access][permission]; + } + + /*** + * Returns a string representation of the FTPFile information. + * + * @return A string representation of the FTPFile information. + */ + @Override + public String toString() { + return getRawListing(); + } + + + private char formatType() { + switch (type) { + case FILE_TYPE: + return '-'; + case DIRECTORY_TYPE: + return 'd'; + case SYMBOLIC_LINK_TYPE: + return 'l'; + default: + return '?'; + } + } + + private String permissionToString(int access) { + StringBuilder sb = new StringBuilder(); + if (hasPermission(access, READ_PERMISSION)) { + sb.append('r'); + } else { + sb.append('-'); + } + if (hasPermission(access, WRITE_PERMISSION)) { + sb.append('w'); + } else { + sb.append('-'); + } + if (hasPermission(access, EXECUTE_PERMISSION)) { + sb.append('x'); + } else { + sb.append('-'); + } + return sb.toString(); + } +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPFileEntryParser.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPFileEntryParser.java new file mode 100644 index 0000000..ec0291b --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPFileEntryParser.java @@ -0,0 +1,93 @@ +package org.xbib.io.ftp.client; + +import java.io.BufferedReader; +import java.io.IOException; +import java.util.List; + +/** + * FTPFileEntryParser defines the interface for parsing a single FTP file + * listing and converting that information into an + * {@link FTPFile} instance. + * Sometimes you will want to parse unusual listing formats, in which + * case you would create your own implementation of FTPFileEntryParser and + * if necessary, subclass FTPFile. + * Here are some examples showing how to use one of the classes that + * implement this interface. + * The first example uses the FTPClient.listFiles() + * API to pull the whole list from the subfolder subfolder in + * one call, attempting to automatically detect the parser type. This + * method, without a parserKey parameter, indicates that autodection should + * be used. + * 

    + *    FTPClient f=FTPClient();
+ *    f.connect(server);
+ *    f.login(username, password);
+ *    FTPFile[] files = f.listFiles("subfolder");
+ *
    + * The second example uses the FTPClient.listFiles() + * API to pull the whole list from the current working directory in one call, + * but specifying by classname the parser to be used. For this particular + * parser class, this approach is necessary since there is no way to + * autodetect this server type. + * 
    + *    FTPClient f=FTPClient();
+ *    f.connect(server);
+ *    f.login(username, password);
+ *    FTPFile[] files = f.listFiles(
+ *      "EnterpriseUnixFTPFileEntryParser",
+ *      ".");
+ *
    + * The third example uses the FTPClient.listFiles() + * API to pull a single file listing in an arbitrary directory in one call, + * specifying by KEY the parser to be used, in this case, VMS. + * 
    + *    FTPClient f=FTPClient();
+ *    f.connect(server);
+ *    f.login(username, password);
+ *    FTPFile[] files = f.listFiles("VMS", "subfolder/foo.java");
+ *
    + * For an alternative approach, see the {@link FTPListParseEngine} class + * which provides iterative access. + * + * @see FTPFile + * @see FTPClient#listFiles() + */ +public interface FTPFileEntryParser { + /** + * Parses a line of an FTP server file listing and converts it into a usable + * format in the form of an FTPFile instance. If the + * file listing line doesn't describe a file, null should be + * returned, otherwise a FTPFile instance representing the + * files in the directory is returned. + * + * @param listEntry A line of text from the file listing + * @return An FTPFile instance corresponding to the supplied entry + */ + FTPFile parseFTPEntry(String listEntry); + + /** + * Reads the next entry using the supplied BufferedReader object up to + * whatever delemits one entry from the next. Implementors must define + * this for the particular ftp system being parsed. In many but not all + * cases, this can be defined simply by calling BufferedReader.readLine(). + * + * @param reader The BufferedReader object from which entries are to be + * read. + * @return A string representing the next ftp entry or null if none found. + * @throws IOException thrown on any IO Error reading from the reader. + */ + String readNextEntry(BufferedReader reader) throws IOException; + + + /** + * This method is a hook for those implementors (such as + * VMSVersioningFTPEntryParser, and possibly others) which need to + * perform some action upon the FTPFileList after it has been created + * from the server stream, but before any clients see the list. + * The default implementation can be a no-op. + * + * @param original Original list after it has been created from the server stream + * @return Original list as processed by this method. + */ + List preParse(List original); +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPFileEntryParserImpl.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPFileEntryParserImpl.java new file mode 100644 index 0000000..e48a290 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPFileEntryParserImpl.java @@ -0,0 +1,49 @@ +package org.xbib.io.ftp.client; + +import java.io.BufferedReader; +import java.io.IOException; +import java.util.List; + +/** + * This abstract class implements both the older FTPFileListParser and + * newer FTPFileEntryParser interfaces with default functionality. + * All the classes in the parser subpackage inherit from this. + */ +public abstract class FTPFileEntryParserImpl implements FTPFileEntryParser { + /** + * The constructor for a FTPFileEntryParserImpl object. + */ + public FTPFileEntryParserImpl() { + } + + /** + * Reads the next entry using the supplied BufferedReader object up to + * whatever delimits one entry from the next. This default implementation + * simply calls BufferedReader.readLine(). + * + * @param reader The BufferedReader object from which entries are to be + * read. + * @return A string representing the next ftp entry or null if none found. + * @throws IOException thrown on any IO Error reading from the reader. + */ + @Override + public String readNextEntry(BufferedReader reader) throws IOException { + return reader.readLine(); + } + + /** + * This method is a hook for those implementors (such as + * VMSVersioningFTPEntryParser, and possibly others) which need to + * perform some action upon the FTPFileList after it has been created + * from the server stream, but before any clients see the list. + *

    + * This default implementation does nothing. + * + * @param original Original list after it has been created from the server stream + * @return original unmodified. + */ + @Override + public List preParse(List original) { + return original; + } +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPFileFilter.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPFileFilter.java new file mode 100644 index 0000000..7f5de3c --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPFileFilter.java @@ -0,0 +1,14 @@ +package org.xbib.io.ftp.client; + +/** + * Perform filtering on FTPFile entries. + */ +public interface FTPFileFilter { + /** + * Checks if an FTPFile entry should be included or not. + * + * @param file entry to be checked for inclusion. May be null. + * @return true if the file is to be included, false otherwise + */ + boolean accept(FTPFile file); +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPFileFilters.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPFileFilters.java new file mode 100644 index 0000000..c9c3dbc --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPFileFilters.java @@ -0,0 +1,25 @@ +package org.xbib.io.ftp.client; + +import java.util.Objects; + +/** + * Implements some simple FTPFileFilter classes. + */ +public class FTPFileFilters { + + /** + * Accepts all FTPFile entries, including null. + */ + public static final FTPFileFilter ALL = file -> true; + + /** + * Accepts all non-null FTPFile entries. + */ + public static final FTPFileFilter NON_NULL = Objects::nonNull; + + /** + * Accepts all (non-null) FTPFile directory entries. + */ + public static final FTPFileFilter DIRECTORIES = file -> file != null && file.isDirectory(); + +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPListParseEngine.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPListParseEngine.java new file mode 100644 index 0000000..62d9ce8 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPListParseEngine.java @@ -0,0 +1,278 @@ +package org.xbib.io.ftp.client; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.nio.charset.Charset; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; +import java.util.ListIterator; + +/** + * This class handles the entire process of parsing a listing of + * file entries from the server. + *

    + * This object defines a two-part parsing mechanism. + *

    + * The first part is comprised of reading the raw input into an internal + * list of strings. Every item in this list corresponds to an actual + * file. All extraneous matter emitted by the server will have been + * removed by the end of this phase. This is accomplished in conjunction + * with the FTPFileEntryParser associated with this engine, by calling + * its methods readNextEntry() - which handles the issue of + * what delimits one entry from another, usually but not always a line + * feed and preParse() - which handles removal of + * extraneous matter such as the preliminary lines of a listing, removal + * of duplicates on versioning systems, etc. + *

    + * The second part is composed of the actual parsing, again in conjunction + * with the particular parser used by this engine. This is controlled + * by an iterator over the internal list of strings. This may be done + * either in block mode, by calling the getNext() and + * getPrevious() methods to provide "paged" output of less + * than the whole list at one time, or by calling the + * getFiles() method to return the entire list. + *

    + * Examples: + *

    + * Paged access: + * 

    + *    FTPClient f=FTPClient();
+ *    f.connect(server);
+ *    f.login(username, password);
+ *    FTPListParseEngine engine = f.initiateListParsing(directory);
+ *
+ *    while (engine.hasNext()) {
+ *       FTPFile[] files = engine.getNext(25);  // "page size" you want
+ *       //do whatever you want with these files, display them, etc.
+ *       //expensive FTPFile objects not created until needed.
+ *    }
+ *
    + *

    + * For unpaged access, simply use FTPClient.listFiles(). That method + * uses this class transparently. + */ +public class FTPListParseEngine { + private final FTPFileEntryParser parser; + // Should invalid files (parse failures) be allowed? + private final boolean saveUnparseableEntries; + private List entries = new LinkedList<>(); + private ListIterator _internalIterator = entries.listIterator(); + + public FTPListParseEngine(FTPFileEntryParser parser) { + this(parser, null); + } + + /** + * Intended for use by FTPClient only + * + */ + FTPListParseEngine(FTPFileEntryParser parser, FTPClientConfig configuration) { + this.parser = parser; + if (configuration != null) { + this.saveUnparseableEntries = configuration.getUnparseableEntries(); + } else { + this.saveUnparseableEntries = false; + } + } + + /** + * handle the initial reading and preparsing of the list returned by + * the server. After this method has completed, this object will contain + * a list of unparsed entries (Strings) each referring to a unique file + * on the server. + * + * @param stream input stream provided by the server socket. + * @param encoding the encoding to be used for reading the stream + * @throws IOException thrown on any failure to read from the sever. + */ + public void readServerList(InputStream stream, String encoding) + throws IOException { + this.entries = new LinkedList(); + readStream(stream, encoding); + this.parser.preParse(this.entries); + resetIterator(); + } + + /** + * Internal method for reading the input into the entries list. + * After this method has completed, entries will contain a + * collection of entries (as defined by + * FTPFileEntryParser.readNextEntry()), but this may contain + * various non-entry preliminary lines from the server output, duplicates, + * and other data that will not be part of the final listing. + * + * @param stream The socket stream on which the input will be read. + * @param encoding The encoding to use. + * @throws IOException thrown on any failure to read the stream + */ + private void readStream(InputStream stream, String encoding) throws IOException { + Charset charset = encoding == null ? Charset.defaultCharset() : Charset.forName(encoding); + BufferedReader reader = new BufferedReader(new InputStreamReader(stream, charset)); + String line = this.parser.readNextEntry(reader); + while (line != null) { + this.entries.add(line); + line = this.parser.readNextEntry(reader); + } + reader.close(); + } + + /** + * Returns an array of at most quantityRequested FTPFile + * objects starting at this object's internal iterator's current position. + * If fewer than quantityRequested such + * elements are available, the returned array will have a length equal + * to the number of entries at and after after the current position. + * If no such entries are found, this array will have a length of 0. + *

    + * After this method is called this object's internal iterator is advanced + * by a number of positions equal to the size of the array returned. + * + * @param quantityRequested the maximum number of entries we want to get. + * @return an array of at most quantityRequested FTPFile + * objects starting at the current position of this iterator within its + * list and at least the number of elements which exist in the list at + * and after its current position. + *

    + * NOTE: This array may contain null members if any of the + * individual file listings failed to parse. The caller should + * check each entry for null before referencing it. + */ + public FTPFile[] getNext(int quantityRequested) { + List tmpResults = new LinkedList(); + int count = quantityRequested; + while (count > 0 && this._internalIterator.hasNext()) { + String entry = this._internalIterator.next(); + FTPFile temp = this.parser.parseFTPEntry(entry); + if (temp == null && saveUnparseableEntries) { + temp = new FTPFile(entry); + } + tmpResults.add(temp); + count--; + } + return tmpResults.toArray(new FTPFile[tmpResults.size()]); + + } + + /** + * Returns an array of at most quantityRequested FTPFile + * objects starting at this object's internal iterator's current position, + * and working back toward the beginning. + *

    + * If fewer than quantityRequested such + * elements are available, the returned array will have a length equal + * to the number of entries at and after after the current position. + * If no such entries are found, this array will have a length of 0. + *

    + * After this method is called this object's internal iterator is moved + * back by a number of positions equal to the size of the array returned. + * + * @param quantityRequested the maximum number of entries we want to get. + * @return an array of at most quantityRequested FTPFile + * objects starting at the current position of this iterator within its + * list and at least the number of elements which exist in the list at + * and after its current position. This array will be in the same order + * as the underlying list (not reversed). + *

    + * NOTE: This array may contain null members if any of the + * individual file listings failed to parse. The caller should + * check each entry for null before referencing it. + */ + public FTPFile[] getPrevious(int quantityRequested) { + List tmpResults = new LinkedList(); + int count = quantityRequested; + while (count > 0 && this._internalIterator.hasPrevious()) { + String entry = this._internalIterator.previous(); + FTPFile temp = this.parser.parseFTPEntry(entry); + if (temp == null && saveUnparseableEntries) { + temp = new FTPFile(entry); + } + tmpResults.add(0, temp); + count--; + } + return tmpResults.toArray(new FTPFile[tmpResults.size()]); + } + + /** + * Returns an array of FTPFile objects containing the whole list of + * files returned by the server as read by this object's parser. + * + * @return an array of FTPFile objects containing the whole list of + * files returned by the server as read by this object's parser. + * None of the entries will be null + * @throws IOException - not ever thrown, may be removed in a later release + */ + public FTPFile[] getFiles() + throws IOException // TODO remove; not actually thrown + { + return getFiles(FTPFileFilters.NON_NULL); + } + + /** + * Returns an array of FTPFile objects containing the whole list of + * files returned by the server as read by this object's parser. + * The files are filtered before being added to the array. + * + * @param filter FTPFileFilter, must not be null. + * @return an array of FTPFile objects containing the whole list of + * files returned by the server as read by this object's parser. + *

    + * NOTE: This array may contain null members if any of the + * individual file listings failed to parse. The caller should + * check each entry for null before referencing it, or use the + * a filter such as {@link FTPFileFilters#NON_NULL} which does not + * allow null entries. + * @throws IOException - not ever thrown, may be removed in a later release + */ + public FTPFile[] getFiles(FTPFileFilter filter) + throws IOException // TODO remove; not actually thrown + { + List tmpResults = new ArrayList(); + Iterator iter = this.entries.iterator(); + while (iter.hasNext()) { + String entry = iter.next(); + FTPFile temp = this.parser.parseFTPEntry(entry); + if (temp == null && saveUnparseableEntries) { + temp = new FTPFile(entry); + } + if (filter.accept(temp)) { + tmpResults.add(temp); + } + } + return tmpResults.toArray(new FTPFile[tmpResults.size()]); + + } + + /** + * convenience method to allow clients to know whether this object's + * internal iterator's current position is at the end of the list. + * + * @return true if internal iterator is not at end of list, false + * otherwise. + */ + public boolean hasNext() { + return _internalIterator.hasNext(); + } + + /** + * convenience method to allow clients to know whether this object's + * internal iterator's current position is at the beginning of the list. + * + * @return true if internal iterator is not at beginning of list, false + * otherwise. + */ + public boolean hasPrevious() { + return _internalIterator.hasPrevious(); + } + + /** + * resets this object's internal iterator to the beginning of the list. + */ + public void resetIterator() { + this._internalIterator = this.entries.listIterator(); + } + +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPReply.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPReply.java new file mode 100644 index 0000000..378237d --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPReply.java @@ -0,0 +1,162 @@ +package org.xbib.io.ftp.client; + +/** + * FTPReply stores a set of constants for FTP reply codes. To interpret + * the meaning of the codes, familiarity with RFC 959 is assumed. + * The mnemonic constant names are transcriptions from the code descriptions + * of RFC 959. + */ +public final class FTPReply { + + public static final int RESTART_MARKER = 110; + public static final int SERVICE_NOT_READY = 120; + public static final int DATA_CONNECTION_ALREADY_OPEN = 125; + public static final int FILE_STATUS_OK = 150; + public static final int COMMAND_OK = 200; + public static final int COMMAND_IS_SUPERFLUOUS = 202; + public static final int SYSTEM_STATUS = 211; + public static final int DIRECTORY_STATUS = 212; + public static final int FILE_STATUS = 213; + public static final int HELP_MESSAGE = 214; + public static final int NAME_SYSTEM_TYPE = 215; + public static final int SERVICE_READY = 220; + public static final int SERVICE_CLOSING_CONTROL_CONNECTION = 221; + public static final int DATA_CONNECTION_OPEN = 225; + public static final int CLOSING_DATA_CONNECTION = 226; + public static final int ENTERING_PASSIVE_MODE = 227; + public static final int ENTERING_EPSV_MODE = 229; + public static final int USER_LOGGED_IN = 230; + public static final int FILE_ACTION_OK = 250; + public static final int PATHNAME_CREATED = 257; + public static final int NEED_PASSWORD = 331; + public static final int NEED_ACCOUNT = 332; + public static final int FILE_ACTION_PENDING = 350; + public static final int SERVICE_NOT_AVAILABLE = 421; + public static final int CANNOT_OPEN_DATA_CONNECTION = 425; + public static final int TRANSFER_ABORTED = 426; + public static final int FILE_ACTION_NOT_TAKEN = 450; + public static final int ACTION_ABORTED = 451; + public static final int INSUFFICIENT_STORAGE = 452; + public static final int UNRECOGNIZED_COMMAND = 500; + public static final int SYNTAX_ERROR_IN_ARGUMENTS = 501; + public static final int COMMAND_NOT_IMPLEMENTED = 502; + public static final int BAD_COMMAND_SEQUENCE = 503; + public static final int COMMAND_NOT_IMPLEMENTED_FOR_PARAMETER = 504; + public static final int NOT_LOGGED_IN = 530; + public static final int NEED_ACCOUNT_FOR_STORING_FILES = 532; + public static final int FILE_UNAVAILABLE = 550; + public static final int PAGE_TYPE_UNKNOWN = 551; + public static final int STORAGE_ALLOCATION_EXCEEDED = 552; + public static final int FILE_NAME_NOT_ALLOWED = 553; + + // FTPS Reply Codes + + public static final int SECURITY_DATA_EXCHANGE_COMPLETE = 234; + public static final int SECURITY_DATA_EXCHANGE_SUCCESSFULLY = 235; + public static final int SECURITY_MECHANISM_IS_OK = 334; + public static final int SECURITY_DATA_IS_ACCEPTABLE = 335; + public static final int UNAVAILABLE_RESOURCE = 431; + public static final int BAD_TLS_NEGOTIATION_OR_DATA_ENCRYPTION_REQUIRED = 522; + public static final int DENIED_FOR_POLICY_REASONS = 533; + public static final int REQUEST_DENIED = 534; + public static final int FAILED_SECURITY_CHECK = 535; + public static final int REQUESTED_PROT_LEVEL_NOT_SUPPORTED = 536; + + // IPv6 error codes + // Note this is also used as an FTPS error code reply + public static final int EXTENDED_PORT_FAILURE = 522; + + // Cannot be instantiated + private FTPReply() { + } + + /*** + * Determine if a reply code is a positive preliminary response. All + * codes beginning with a 1 are positive preliminary responses. + * Postitive preliminary responses are used to indicate tentative success. + * No further commands can be issued to the FTP server after a positive + * preliminary response until a follow up response is received from the + * server. + * + * @param reply The reply code to test. + * @return True if a reply code is a postive preliminary response, false + * if not. + ***/ + public static boolean isPositivePreliminary(int reply) { + return (reply >= 100 && reply < 200); + } + + /*** + * Determine if a reply code is a positive completion response. All + * codes beginning with a 2 are positive completion responses. + * The FTP server will send a positive completion response on the final + * successful completion of a command. + * + * @param reply The reply code to test. + * @return True if a reply code is a postive completion response, false + * if not. + ***/ + public static boolean isPositiveCompletion(int reply) { + return (reply >= 200 && reply < 300); + } + + /*** + * Determine if a reply code is a positive intermediate response. All + * codes beginning with a 3 are positive intermediate responses. + * The FTP server will send a positive intermediate response on the + * successful completion of one part of a multi-part sequence of + * commands. For example, after a successful USER command, a positive + * intermediate response will be sent to indicate that the server is + * ready for the PASS command. + * + * @param reply The reply code to test. + * @return True if a reply code is a postive intermediate response, false + * if not. + ***/ + public static boolean isPositiveIntermediate(int reply) { + return (reply >= 300 && reply < 400); + } + + /*** + * Determine if a reply code is a negative transient response. All + * codes beginning with a 4 are negative transient responses. + * The FTP server will send a negative transient response on the + * failure of a command that can be reattempted with success. + * + * @param reply The reply code to test. + * @return True if a reply code is a negative transient response, false + * if not. + ***/ + public static boolean isNegativeTransient(int reply) { + return (reply >= 400 && reply < 500); + } + + /*** + * Determine if a reply code is a negative permanent response. All + * codes beginning with a 5 are negative permanent responses. + * The FTP server will send a negative permanent response on the + * failure of a command that cannot be reattempted with success. + * + * @param reply The reply code to test. + * @return True if a reply code is a negative permanent response, false + * if not. + ***/ + public static boolean isNegativePermanent(int reply) { + return (reply >= 500 && reply < 600); + } + + /** + * Determine if a reply code is a protected response. + * + * @param reply The reply code to test. + * @return True if a reply code is a protected response, false + * if not. + */ + public static boolean isProtectedReplyCode(int reply) { + // actually, only 3 protected reply codes are + // defined in RFC 2228: 631, 632 and 633. + return (reply >= 600 && reply < 700); + } + + +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPSClient.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPSClient.java new file mode 100644 index 0000000..ff8e56f --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPSClient.java @@ -0,0 +1,1006 @@ +package org.xbib.io.ftp.client; + +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.KeyManager; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLException; +import javax.net.ssl.SSLHandshakeException; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509TrustManager; +import java.io.BufferedReader; +import java.io.BufferedWriter; +import java.io.IOException; +import java.io.InputStreamReader; +import java.io.OutputStreamWriter; +import java.net.Socket; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; + +/** + * FTP over SSL processing. If desired, the JVM property -Djavax.net.debug=all can be used to + * see wire-level SSL details. + */ +public class FTPSClient extends FTPClient { + +// From http://www.iana.org/assignments/port-numbers + +// ftps-data 989/tcp ftp protocol, data, over TLS/SSL +// ftps-data 989/udp ftp protocol, data, over TLS/SSL +// ftps 990/tcp ftp protocol, control, over TLS/SSL +// ftps 990/udp ftp protocol, control, over TLS/SSL + + public static final int DEFAULT_FTPS_DATA_PORT = 989; + public static final int DEFAULT_FTPS_PORT = 990; + + /** + * The value that I can set in PROT command (C = Clear, P = Protected) + */ + private static final String[] PROT_COMMAND_VALUE = {"C", "E", "S", "P"}; + /** + * Default PROT Command + */ + private static final String DEFAULT_PROT = "C"; + /** + * Default secure socket protocol name, i.e. TLS + */ + private static final String DEFAULT_PROTOCOL = "TLS"; + + /** + * The AUTH (Authentication/Security Mechanism) command. + */ + private static final String CMD_AUTH = "AUTH"; + /** + * The ADAT (Authentication/Security Data) command. + */ + private static final String CMD_ADAT = "ADAT"; + /** + * The PROT (Data Channel Protection Level) command. + */ + private static final String CMD_PROT = "PROT"; + /** + * The PBSZ (Protection Buffer Size) command. + */ + private static final String CMD_PBSZ = "PBSZ"; + /** + * The MIC (Integrity Protected Command) command. + */ + private static final String CMD_MIC = "MIC"; + /** + * The CONF (Confidentiality Protected Command) command. + */ + private static final String CMD_CONF = "CONF"; + /** + * The ENC (Privacy Protected Command) command. + */ + private static final String CMD_ENC = "ENC"; + /** + * The CCC (Clear Command Channel) command. + */ + private static final String CMD_CCC = "CCC"; + /** + * The security mode. (True - Implicit Mode / False - Explicit Mode) + */ + private final boolean isImplicit; + /** + * The secure socket protocol to be used, e.g. SSL/TLS. + */ + private final String protocol; + /** + * The AUTH Command value + */ + private String auth = DEFAULT_PROTOCOL; + /** + * The context object. + */ + private SSLContext context; + /** + * The socket object. + */ + private Socket plainSocket; + /** + * Controls whether a new SSL session may be established by this socket. Default true. + */ + private boolean isCreation = true; + /** + * The use client mode flag. + */ + private boolean isClientMode = true; + /** + * The need client auth flag. + */ + private boolean isNeedClientAuth = false; + /** + * The want client auth flag. + */ + private boolean isWantClientAuth = false; + /** + * The cipher suites + */ + private String[] suites = null; + /** + * The protocol versions + */ + private String[] protocols = null; + /** + * The FTPS {@link FTPSTrustManager} implementation, default validate only + * {@link #getValidateServerCertificateTrustManager()}. + */ + private TrustManager trustManager = getValidateServerCertificateTrustManager(); + /** + * The {@link KeyManager}, default null (i.e. use system default). + */ + private KeyManager keyManager = null; + /** + * The {@link HostnameVerifier} to use post-TLS, default null (i.e. no verification). + */ + private HostnameVerifier hostnameVerifier = null; + /** + * Use Java 1.7+ HTTPS Endpoint Identification Algorithim. + */ + private boolean tlsEndpointChecking; + + /** + * Constructor for FTPSClient, calls {@link #FTPSClient(String, boolean)}. + *

    + * Sets protocol to {@link #DEFAULT_PROTOCOL} - i.e. TLS - and security mode to explicit (isImplicit = false) + */ + public FTPSClient() { + this(DEFAULT_PROTOCOL, false); + } + + /** + * Constructor for FTPSClient, using {@link #DEFAULT_PROTOCOL} - i.e. TLS + * Calls {@link #FTPSClient(String, boolean)} + * + * @param isImplicit The security mode (Implicit/Explicit). + */ + public FTPSClient(boolean isImplicit) { + this(DEFAULT_PROTOCOL, isImplicit); + } + + + /** + * Constructor for FTPSClient, using explict mode, calls {@link #FTPSClient(String, boolean)}. + * + * @param protocol the protocol to use + */ + public FTPSClient(String protocol) { + this(protocol, false); + } + + /** + * Constructor for FTPSClient allowing specification of protocol + * and security mode. If isImplicit is true, the port is set to + * {@link #DEFAULT_FTPS_PORT} i.e. 990. + * The default TrustManager is set from {@link #getValidateServerCertificateTrustManager()} + * + * @param protocol the protocol + * @param isImplicit The security mode(Implicit/Explicit). + */ + public FTPSClient(String protocol, boolean isImplicit) { + super(); + this.protocol = protocol; + this.isImplicit = isImplicit; + if (isImplicit) { + setDefaultPort(DEFAULT_FTPS_PORT); + } + } + + + /** + * Constructor for FTPSClient, using {@link #DEFAULT_PROTOCOL} - i.e. TLS + * The default TrustManager is set from {@link #getValidateServerCertificateTrustManager()} + * + * @param isImplicit The security mode(Implicit/Explicit). + * @param context A pre-configured SSL Context + */ + public FTPSClient(boolean isImplicit, SSLContext context) { + this(DEFAULT_PROTOCOL, isImplicit); + this.context = context; + } + + /** + * Constructor for FTPSClient, using {@link #DEFAULT_PROTOCOL} - i.e. TLS + * and isImplicit {@code false} + * Calls {@link #FTPSClient(boolean, SSLContext)} + * + * @param context A pre-configured SSL Context + */ + public FTPSClient(SSLContext context) { + this(false, context); + } + + /** + * Return AUTH command use value. + * + * @return AUTH command use value. + */ + public String getAuthValue() { + return this.auth; + } + + /** + * Set AUTH command use value. + * This processing is done before connected processing. + * + * @param auth AUTH command use value. + */ + public void setAuthValue(String auth) { + this.auth = auth; + } + + /** + * Because there are so many connect() methods, + * the _connectAction_() method is provided as a means of performing + * some action immediately after establishing a connection, + * rather than reimplementing all of the connect() methods. + * + * @throws IOException If it throw by _connectAction_. + * @see SocketClient#_connectAction_() + */ + @Override + protected void _connectAction_() throws IOException { + // Implicit mode. + if (isImplicit) { + sslNegotiation(); + } + super._connectAction_(); + // Explicit mode. + if (!isImplicit) { + execAUTH(); + sslNegotiation(); + } + } + + /** + * AUTH command. + * + * @throws SSLException If it server reply code not equal "234" and "334". + * @throws IOException If an I/O error occurs while either sending + * the command. + */ + protected void execAUTH() throws SSLException, IOException { + int replyCode = sendCommand(CMD_AUTH, auth); + if (FTPReply.SECURITY_MECHANISM_IS_OK == replyCode) { + // replyCode = 334 + // I carry out an ADAT command. + } else if (FTPReply.SECURITY_DATA_EXCHANGE_COMPLETE != replyCode) { + throw new SSLException(getReplyString()); + } + } + + /** + * Performs a lazy init of the SSL context + * + * @throws IOException + */ + private void initSslContext() throws IOException { + if (context == null) { + context = createSSLContext(protocol, getKeyManager(), getTrustManager()); + } + } + + /** + * SSL/TLS negotiation. Acquires an SSL socket of a control + * connection and carries out handshake processing. + * + * @throws IOException If server negotiation fails + */ + protected void sslNegotiation() throws IOException { + plainSocket = socket; + initSslContext(); + + SSLSocketFactory ssf = context.getSocketFactory(); + String host = (hostname != null) ? hostname : getRemoteAddress().getHostAddress(); + int port = socket.getPort(); + SSLSocket socket = + (SSLSocket) ssf.createSocket(this.socket, host, port, false); + socket.setEnableSessionCreation(isCreation); + socket.setUseClientMode(isClientMode); + + // client mode + if (isClientMode) { + if (tlsEndpointChecking) { + socket.getSSLParameters().setEndpointIdentificationAlgorithm("HTTPS"); + } + } else { // server mode + socket.setNeedClientAuth(isNeedClientAuth); + socket.setWantClientAuth(isWantClientAuth); + } + + if (protocols != null) { + socket.setEnabledProtocols(protocols); + } + if (suites != null) { + socket.setEnabledCipherSuites(suites); + } + socket.startHandshake(); + + // TODO the following setup appears to duplicate that in the super class methods + this.socket = socket; + bufferedReader = new BufferedReader(new InputStreamReader( + socket.getInputStream(), getControlEncoding())); + bufferedWriter = new BufferedWriter(new OutputStreamWriter( + socket.getOutputStream(), getControlEncoding())); + + if (isClientMode) { + if (hostnameVerifier != null && !hostnameVerifier.verify(host, socket.getSession())) { + throw new SSLHandshakeException("Hostname doesn't match certificate"); + } + } + } + + /** + * Get the {@link KeyManager} instance. + * + * @return The {@link KeyManager} instance + */ + private KeyManager getKeyManager() { + return keyManager; + } + + /** + * Set a {@link KeyManager} to use + * + * @param keyManager The KeyManager implementation to set. + */ + public void setKeyManager(KeyManager keyManager) { + this.keyManager = keyManager; + } + + /** + * Controls whether a new SSL session may be established by this socket. + * + * @param isCreation The established socket flag. + */ + public void setEnabledSessionCreation(boolean isCreation) { + this.isCreation = isCreation; + } + + /** + * Returns true if new SSL sessions may be established by this socket. + * When the underlying {@link Socket} instance is not SSL-enabled (i.e. an + * instance of {@link SSLSocket} with {@link SSLSocket}{@link #getEnableSessionCreation()}) enabled, + * this returns False. + * + * @return true - Indicates that sessions may be created; + * this is the default. + * false - indicates that an existing session must be resumed. + */ + public boolean getEnableSessionCreation() { + if (socket instanceof SSLSocket) { + return ((SSLSocket) socket).getEnableSessionCreation(); + } + return false; + } + + /** + * Returns true if the socket will require client authentication. + * When the underlying {@link Socket} is not an {@link SSLSocket} instance, returns false. + * + * @return true - If the server mode socket should request + * that the client authenticate itself. + */ + public boolean getNeedClientAuth() { + if (socket instanceof SSLSocket) { + return ((SSLSocket) socket).getNeedClientAuth(); + } + return false; + } + + /** + * Configures the socket to require client authentication. + * + * @param isNeedClientAuth The need client auth flag. + */ + public void setNeedClientAuth(boolean isNeedClientAuth) { + this.isNeedClientAuth = isNeedClientAuth; + } + + /** + * Returns true if the socket will request client authentication. + * When the underlying {@link Socket} is not an {@link SSLSocket} instance, returns false. + * + * @return true - If the server mode socket should request + * that the client authenticate itself. + */ + public boolean getWantClientAuth() { + if (socket instanceof SSLSocket) { + return ((SSLSocket) socket).getWantClientAuth(); + } + return false; + } + + /** + * Configures the socket to request client authentication, + * but only if such a request is appropriate to the cipher + * suite negotiated. + * + * @param isWantClientAuth The want client auth flag. + */ + public void setWantClientAuth(boolean isWantClientAuth) { + this.isWantClientAuth = isWantClientAuth; + } + + /** + * Returns true if the socket is set to use client mode + * in its first handshake. + * When the underlying {@link Socket} is not an {@link SSLSocket} instance, returns false. + * + * @return true - If the socket should start its first handshake + * in "client" mode. + */ + public boolean getUseClientMode() { + if (socket instanceof SSLSocket) { + return ((SSLSocket) socket).getUseClientMode(); + } + return false; + } + + /** + * Configures the socket to use client (or server) mode in its first + * handshake. + * + * @param isClientMode The use client mode flag. + */ + public void setUseClientMode(boolean isClientMode) { + this.isClientMode = isClientMode; + } + + /** + * Returns the names of the cipher suites which could be enabled + * for use on this connection. + * When the underlying {@link Socket} is not an {@link SSLSocket} instance, returns null. + * + * @return An array of cipher suite names, or null + */ + public String[] getEnabledCipherSuites() { + if (socket instanceof SSLSocket) { + return ((SSLSocket) socket).getEnabledCipherSuites(); + } + return null; + } + + /** + * Controls which particular cipher suites are enabled for use on this + * connection. Called before server negotiation. + * + * @param cipherSuites The cipher suites. + */ + public void setEnabledCipherSuites(String[] cipherSuites) { + suites = new String[cipherSuites.length]; + System.arraycopy(cipherSuites, 0, suites, 0, cipherSuites.length); + } + + /** + * Returns the names of the protocol versions which are currently + * enabled for use on this connection. + * When the underlying {@link Socket} is not an {@link SSLSocket} instance, returns null. + * + * @return An array of protocols, or null + */ + public String[] getEnabledProtocols() { + if (socket instanceof SSLSocket) { + return ((SSLSocket) socket).getEnabledProtocols(); + } + return null; + } + + /** + * Controls which particular protocol versions are enabled for use on this + * connection. I perform setting before a server negotiation. + * + * @param protocolVersions The protocol versions. + */ + public void setEnabledProtocols(String[] protocolVersions) { + protocols = new String[protocolVersions.length]; + System.arraycopy(protocolVersions, 0, protocols, 0, protocolVersions.length); + } + + /** + * PBSZ command. pbsz value: 0 to (2^32)-1 decimal integer. + * + * @param pbsz Protection Buffer Size. + * @throws SSLException If the server reply code does not equal "200". + * @throws IOException If an I/O error occurs while sending + * the command. + * @see #parsePBSZ(long) + */ + public void execPBSZ(long pbsz) throws SSLException, IOException { + if (pbsz < 0 || 4294967295L < pbsz) { // 32-bit unsigned number + throw new IllegalArgumentException(); + } + int status = sendCommand(CMD_PBSZ, String.valueOf(pbsz)); + if (FTPReply.COMMAND_OK != status) { + throw new SSLException(getReplyString()); + } + } + + /** + * PBSZ command. pbsz value: 0 to (2^32)-1 decimal integer. + * Issues the command and parses the response to return the negotiated value. + * + * @param pbsz Protection Buffer Size. + * @return the negotiated value. + * @throws SSLException If the server reply code does not equal "200". + * @throws IOException If an I/O error occurs while sending + * the command. + * @see #execPBSZ(long) + */ + public long parsePBSZ(long pbsz) throws SSLException, IOException { + execPBSZ(pbsz); + long minvalue = pbsz; + String remainder = extractPrefixedData("PBSZ=", getReplyString()); + if (remainder != null) { + long replysz = Long.parseLong(remainder); + if (replysz < minvalue) { + minvalue = replysz; + } + } + return minvalue; + } + + /** + * PROT command. + *

      + *
    • C - Clear
      • + *
    • S - Safe(SSL protocol only)
      • + *
    • E - Confidential(SSL protocol only)
      • + *
    • P - Private
      • + *
    + * N.B. the method calls + * {@link #setSocketFactory(javax.net.SocketFactory)} and + * {@link #setServerSocketFactory(javax.net.ServerSocketFactory)} + * + * @param prot Data Channel Protection Level, if {@code null}, use {@link #DEFAULT_PROT}. + * @throws SSLException If the server reply code does not equal {@code 200}. + * @throws IOException If an I/O error occurs while sending + * the command. + */ + public void execPROT(String prot) throws SSLException, IOException { + if (prot == null) { + prot = DEFAULT_PROT; + } + if (!checkPROTValue(prot)) { + throw new IllegalArgumentException(); + } + if (FTPReply.COMMAND_OK != sendCommand(CMD_PROT, prot)) { + throw new SSLException(getReplyString()); + } + if (DEFAULT_PROT.equals(prot)) { + setSocketFactory(null); + setServerSocketFactory(null); + } else { + setSocketFactory(new FTPSSocketFactory(context)); + setServerSocketFactory(new FTPSServerSocketFactory(context)); + initSslContext(); + } + } + + /** + * Check the value that can be set in PROT Command value. + * + * @param prot Data Channel Protection Level. + * @return True - A set point is right / False - A set point is not right + */ + private boolean checkPROTValue(String prot) { + for (String element : PROT_COMMAND_VALUE) { + if (element.equals(prot)) { + return true; + } + } + return false; + } + + /** + * Send an FTP command. + * A successful CCC (Clear Command Channel) command causes the underlying {@link SSLSocket} + * instance to be assigned to a plain {@link Socket} + * + * @param command The FTP command. + * @return server reply. + * @throws IOException If an I/O error occurs while sending the command. + * @throws SSLException if a CCC command fails + * @see FTP#sendCommand(String) + */ + // Would like to remove this method, but that will break any existing clients that are using CCC + @Override + public int sendCommand(String command, String args) throws IOException { + int repCode = super.sendCommand(command, args); + /* If CCC is issued, restore socket i/o streams to unsecured versions */ + if (CMD_CCC.equals(command)) { + if (FTPReply.COMMAND_OK == repCode) { + socket.close(); + socket = plainSocket; + bufferedReader = new BufferedReader( + new InputStreamReader( + socket.getInputStream(), getControlEncoding())); + bufferedWriter = new BufferedWriter( + new OutputStreamWriter( + socket.getOutputStream(), getControlEncoding())); + } else { + throw new SSLException(getReplyString()); + } + } + return repCode; + } + + /** + * Returns a socket of the data connection. + * Wrapped as an {@link SSLSocket}, which carries out handshake processing. + * + * @param command The textual representation of the FTP command to send. + * @param arg The arguments to the FTP command. + * If this parameter is set to null, then the command is sent with + * no arguments. + * @return corresponding to the established data connection. + * Null is returned if an FTP protocol error is reported at any point + * during the establishment and initialization of the connection. + * @throws IOException If there is any problem with the connection. + */ + @Override + protected Socket _openDataConnection_(String command, String arg) + throws IOException { + Socket socket = super._openDataConnection_(command, arg); + _prepareDataSocket_(socket); + if (socket instanceof SSLSocket) { + SSLSocket sslSocket = (SSLSocket) socket; + + sslSocket.setUseClientMode(isClientMode); + sslSocket.setEnableSessionCreation(isCreation); + + // server mode + if (!isClientMode) { + sslSocket.setNeedClientAuth(isNeedClientAuth); + sslSocket.setWantClientAuth(isWantClientAuth); + } + if (suites != null) { + sslSocket.setEnabledCipherSuites(suites); + } + if (protocols != null) { + sslSocket.setEnabledProtocols(protocols); + } + sslSocket.startHandshake(); + } + + return socket; + } + + /** + * Performs any custom initialization for a newly created SSLSocket (before + * the SSL handshake happens). + * Called by {@link #_openDataConnection_(String, String)} immediately + * after creating the socket. + * The default implementation is a no-op + * + * @param socket the socket to set up + * @throws IOException on error + */ + protected void _prepareDataSocket_(Socket socket) + throws IOException { + } + + /** + * Get the currently configured {@link FTPSTrustManager}. + * + * @return A TrustManager instance. + */ + public TrustManager getTrustManager() { + return trustManager; + } + + /** + * Override the default {@link TrustManager} to use; if set to {@code null}, + * the default TrustManager from the JVM will be used. + * + * @param trustManager The TrustManager implementation to set, may be {@code null} + */ + public void setTrustManager(TrustManager trustManager) { + this.trustManager = trustManager; + } + + /** + * Get the currently configured {@link HostnameVerifier}. + * The verifier is only used on client mode connections. + * + * @return A HostnameVerifier instance. + */ + public HostnameVerifier getHostnameVerifier() { + return hostnameVerifier; + } + + /** + * Override the default {@link HostnameVerifier} to use. + * The verifier is only used on client mode connections. + * + * @param newHostnameVerifier The HostnameVerifier implementation to set or null to disable. + */ + public void setHostnameVerifier(HostnameVerifier newHostnameVerifier) { + hostnameVerifier = newHostnameVerifier; + } + + /** + * Return whether or not endpoint identification using the HTTPS algorithm + * on Java 1.7+ is enabled. The default behaviour is for this to be disabled. + * This check is only performed on client mode connections. + * + * @return True if enabled, false if not. + */ + public boolean isEndpointCheckingEnabled() { + return tlsEndpointChecking; + } + + /** + * Automatic endpoint identification checking using the HTTPS algorithm + * is supported on Java 1.7+. The default behaviour is for this to be disabled. + * This check is only performed on client mode connections. + * + * @param enable Enable automatic endpoint identification checking using the HTTPS algorithm on Java 1.7+. + */ + public void setEndpointCheckingEnabled(boolean enable) { + tlsEndpointChecking = enable; + } + + /** + * Closes the connection to the FTP server and restores + * connection parameters to the default values. + *

    + * Calls {@code setSocketFactory(null)} and {@code setServerSocketFactory(null)} + * to reset the factories that may have been changed during the session, + * e.g. by {@link #execPROT(String)} + * + * @throws IOException If an error occurs while disconnecting. + */ + @Override + public void disconnect() throws IOException { + super.disconnect(); + if (plainSocket != null) { + plainSocket.close(); + } + setSocketFactory(null); + setServerSocketFactory(null); + } + + /** + * Send the AUTH command with the specified mechanism. + * + * @param mechanism The mechanism name to send with the command. + * @return server reply. + * @throws IOException If an I/O error occurs while sending + * the command. + */ + public int execAUTH(String mechanism) throws IOException { + return sendCommand(CMD_AUTH, mechanism); + } + + /** + * Send the ADAT command with the specified authentication data. + * + * @param data The data to send with the command. + * @return server reply. + * @throws IOException If an I/O error occurs while sending + * the command. + */ + public int execADAT(byte[] data) throws IOException { + if (data != null) { + return sendCommand(CMD_ADAT, Base64.encodeBase64StringUnChunked(data)); + } else { + return sendCommand(CMD_ADAT); + } + } + + /** + * Send the CCC command to the server. + * The CCC (Clear Command Channel) command causes the underlying {@link SSLSocket} instance to be assigned + * to a plain {@link Socket} instances + * + * @return server reply. + * @throws IOException If an I/O error occurs while sending + * the command. + */ + public int execCCC() throws IOException { + return sendCommand(CMD_CCC); + } + + /** + * Send the MIC command with the specified data. + * + * @param data The data to send with the command. + * @return server reply. + * @throws IOException If an I/O error occurs while sending + * the command. + */ + public int execMIC(byte[] data) throws IOException { + if (data != null) { + return sendCommand(CMD_MIC, Base64.encodeBase64StringUnChunked(data)); + } else { + return sendCommand(CMD_MIC, ""); // perhaps "=" or just sendCommand(String)? + } + } + + /** + * Send the CONF command with the specified data. + * + * @param data The data to send with the command. + * @return server reply. + * @throws IOException If an I/O error occurs while sending + * the command. + */ + public int execCONF(byte[] data) throws IOException { + if (data != null) { + return sendCommand(CMD_CONF, Base64.encodeBase64StringUnChunked(data)); + } else { + return sendCommand(CMD_CONF, ""); // perhaps "=" or just sendCommand(String)? + } + } + + /** + * Send the ENC command with the specified data. + * + * @param data The data to send with the command. + * @return server reply. + * @throws IOException If an I/O error occurs while sending + * the command. + */ + public int execENC(byte[] data) throws IOException { + if (data != null) { + return sendCommand(CMD_ENC, Base64.encodeBase64StringUnChunked(data)); + } else { + return sendCommand(CMD_ENC, ""); // perhaps "=" or just sendCommand(String)? + } + } + + /** + * Parses the given ADAT response line and base64-decodes the data. + * + * @param reply The ADAT reply to parse. + * @return the data in the reply, base64-decoded. + */ + public byte[] parseADATReply(String reply) { + if (reply == null) { + return null; + } else { + return Base64.decodeBase64(extractPrefixedData("ADAT=", reply)); + } + } + + /** + * Extract the data from a reply with a prefix, e.g. PBSZ=1234 => 1234 + * + * @param prefix the prefix to find + * @param reply where to find the prefix + * @return the remainder of the string after the prefix, or null if the prefix was not present. + */ + private String extractPrefixedData(String prefix, String reply) { + int idx = reply.indexOf(prefix); + if (idx == -1) { + return null; + } + // N.B. Cannot use trim before substring as leading space would affect the offset. + return reply.substring(idx + prefix.length()).trim(); + } + + + /** + * Create and initialise an SSLContext. + * + * @param protocol the protocol used to instatiate the context + * @param keyManager the key manager, may be {@code null} + * @param trustManager the trust manager, may be {@code null} + * @return the initialised context. + * @throws IOException this is used to wrap any {@link GeneralSecurityException} that occurs + */ + public static SSLContext createSSLContext(String protocol, KeyManager keyManager, TrustManager trustManager) + throws IOException { + return createSSLContext(protocol, + keyManager == null ? null : new KeyManager[]{keyManager}, + trustManager == null ? null : new TrustManager[]{trustManager}); + } + + /** + * Create and initialise an SSLContext. + * + * @param protocol the protocol used to instatiate the context + * @param keyManagers the array of key managers, may be {@code null} but array entries must not be {@code null} + * @param trustManagers the array of trust managers, may be {@code null} but array entries must not be {@code null} + * @return the initialised context. + * @throws IOException this is used to wrap any {@link GeneralSecurityException} that occurs + */ + public static SSLContext createSSLContext(String protocol, KeyManager[] keyManagers, TrustManager[] trustManagers) + throws IOException { + SSLContext ctx; + try { + ctx = SSLContext.getInstance(protocol); + ctx.init(keyManagers, trustManagers, /*SecureRandom*/ null); + } catch (GeneralSecurityException e) { + IOException ioe = new IOException("Could not initialize SSL context"); + ioe.initCause(e); + throw ioe; + } + return ctx; + } + + private static final X509Certificate[] EMPTY_X509CERTIFICATE_ARRAY = new X509Certificate[]{}; + private static final TrustManager ACCEPT_ALL = new FTPSTrustManager(false); + private static final TrustManager CHECK_SERVER_VALIDITY = new FTPSTrustManager(true); + + /** + * Generate a TrustManager that performs no checks. + * + * @return the TrustManager + */ + public static TrustManager getAcceptAllTrustManager() { + return ACCEPT_ALL; + } + + /** + * Generate a TrustManager that checks server certificates for validity, + * but otherwise performs no checks. + * + * @return the validating TrustManager + */ + public static TrustManager getValidateServerCertificateTrustManager() { + return CHECK_SERVER_VALIDITY; + } + + /** + * Return the default TrustManager provided by the JVM. + *

    + * This should be the same as the default used by + * {@link javax.net.ssl.SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], java.security.SecureRandom) + * SSLContext#init(KeyManager[], TrustManager[], SecureRandom)} + * when the TrustManager parameter is set to {@code null} + * + * @param keyStore the KeyStore to use, may be {@code null} + * @return the default TrustManager + * @throws GeneralSecurityException if an error occurs + */ + public static X509TrustManager getDefaultTrustManager(KeyStore keyStore) throws GeneralSecurityException { + String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); + TrustManagerFactory instance = TrustManagerFactory.getInstance(defaultAlgorithm); + instance.init(keyStore); + return (X509TrustManager) instance.getTrustManagers()[0]; + } + + private static class FTPSTrustManager implements X509TrustManager { + + private final boolean checkServerValidity; + + FTPSTrustManager(boolean checkServerValidity) { + this.checkServerValidity = checkServerValidity; + } + + /** + * Never generates a CertificateException. + */ + @Override + public void checkClientTrusted(X509Certificate[] certificates, String authType) { + return; + } + + @Override + public void checkServerTrusted(X509Certificate[] certificates, String authType) + throws CertificateException { + if (checkServerValidity) { + for (X509Certificate certificate : certificates) { + certificate.checkValidity(); + } + } + } + + /** + * @return an empty array of certificates + */ + @Override + public X509Certificate[] getAcceptedIssuers() { + return EMPTY_X509CERTIFICATE_ARRAY; + } + } + +} + diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPSServerSocketFactory.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPSServerSocketFactory.java new file mode 100644 index 0000000..82d2c24 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPSServerSocketFactory.java @@ -0,0 +1,58 @@ +package org.xbib.io.ftp.client; + +import javax.net.ServerSocketFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLServerSocket; +import java.io.IOException; +import java.net.InetAddress; +import java.net.ServerSocket; + +/** + * Server socket factory for FTPS connections. + * + */ +public class FTPSServerSocketFactory extends ServerSocketFactory { + + /** + * Factory for secure socket factories + */ + private final SSLContext context; + + public FTPSServerSocketFactory(SSLContext context) { + this.context = context; + } + + // Override the default superclass method + @Override + public ServerSocket createServerSocket() throws IOException { + return init(this.context.getServerSocketFactory().createServerSocket()); + } + + @Override + public ServerSocket createServerSocket(int port) throws IOException { + return init(this.context.getServerSocketFactory().createServerSocket(port)); + } + + @Override + public ServerSocket createServerSocket(int port, int backlog) throws IOException { + return init(this.context.getServerSocketFactory().createServerSocket(port, backlog)); + } + + @Override + public ServerSocket createServerSocket(int port, int backlog, InetAddress ifAddress) throws IOException { + return init(this.context.getServerSocketFactory().createServerSocket(port, backlog, ifAddress)); + } + + /** + * Sets the socket so newly accepted connections will use SSL client mode. + * + * @param socket the SSLServerSocket to initialise + * @return the socket + * @throws ClassCastException if socket is not an instance of SSLServerSocket + */ + public ServerSocket init(ServerSocket socket) { + ((SSLServerSocket) socket).setUseClientMode(true); + return socket; + } +} + diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPSSocketFactory.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPSSocketFactory.java new file mode 100644 index 0000000..0c81d1e --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/FTPSSocketFactory.java @@ -0,0 +1,48 @@ +package org.xbib.io.ftp.client; + +import javax.net.SocketFactory; +import javax.net.ssl.SSLContext; +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.net.UnknownHostException; + +/** + * Implementation of {@link SocketFactory}. + * + */ +public class FTPSSocketFactory extends SocketFactory { + + private final SSLContext context; + + public FTPSSocketFactory(SSLContext context) { + this.context = context; + } + + // Override the default implementation + @Override + public Socket createSocket() throws IOException { + return this.context.getSocketFactory().createSocket(); + } + + @Override + public Socket createSocket(String address, int port) throws IOException { + return this.context.getSocketFactory().createSocket(address, port); + } + + @Override + public Socket createSocket(InetAddress address, int port) throws IOException { + return this.context.getSocketFactory().createSocket(address, port); + } + + @Override + public Socket createSocket(String address, int port, InetAddress localAddress, int localPort) + throws IOException { + return this.context.getSocketFactory().createSocket(address, port, localAddress, localPort); + } + + @Override + public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { + return this.context.getSocketFactory().createSocket(address, port, localAddress, localPort); + } +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/FromNetASCIIInputStream.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/FromNetASCIIInputStream.java new file mode 100644 index 0000000..8475a4e --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/FromNetASCIIInputStream.java @@ -0,0 +1,182 @@ +package org.xbib.io.ftp.client; + +import java.io.IOException; +import java.io.InputStream; +import java.io.PushbackInputStream; +import java.io.UnsupportedEncodingException; + +/** + * This class wraps an input stream, replacing all occurrences + * of <CR><LF> (carriage return followed by a linefeed), + * which is the NETASCII standard for representing a newline, with the + * local line separator representation. You would use this class to + * implement ASCII file transfers requiring conversion from NETASCII. + */ +public final class FromNetASCIIInputStream extends PushbackInputStream { + static final boolean _noConversionRequired; + static final String _lineSeparator; + static final byte[] _lineSeparatorBytes; + + static { + _lineSeparator = System.getProperty("line.separator"); + _noConversionRequired = _lineSeparator.equals("\r\n"); + try { + _lineSeparatorBytes = _lineSeparator.getBytes("US-ASCII"); + } catch (UnsupportedEncodingException e) { + throw new RuntimeException("Broken JVM - cannot find US-ASCII charset!", e); + } + } + + private int __length = 0; + + /** + * Creates a FromNetASCIIInputStream instance that wraps an existing + * InputStream. + * @param input the stream to wrap + */ + public FromNetASCIIInputStream(InputStream input) { + super(input, _lineSeparatorBytes.length + 1); + } + + /** + * Returns true if the NetASCII line separator differs from the system + * line separator, false if they are the same. This method is useful + * to determine whether or not you need to instantiate a + * FromNetASCIIInputStream object. + * + * @return True if the NETASCII line separator differs from the local + * system line separator, false if they are the same. + */ + public static final boolean isConversionRequired() { + return !_noConversionRequired; + } + + private int __read() throws IOException { + int ch; + + ch = super.read(); + + if (ch == '\r') { + ch = super.read(); + if (ch == '\n') { + unread(_lineSeparatorBytes); + ch = super.read(); + // This is a kluge for read(byte[], ...) to read the right amount + --__length; + } else { + if (ch != -1) { + unread(ch); + } + return '\r'; + } + } + + return ch; + } + + /** + * Reads and returns the next byte in the stream. If the end of the + * message has been reached, returns -1. Note that a call to this method + * may result in multiple reads from the underlying input stream in order + * to convert NETASCII line separators to the local line separator format. + * This is transparent to the programmer and is only mentioned for + * completeness. + * + * @return The next character in the stream. Returns -1 if the end of the + * stream has been reached. + * @throws IOException If an error occurs while reading the underlying + * stream. + */ + @Override + public int read() throws IOException { + if (_noConversionRequired) { + return super.read(); + } + + return __read(); + } + + + /** + * Reads the next number of bytes from the stream into an array and + * returns the number of bytes read. Returns -1 if the end of the + * stream has been reached. + * + * @param buffer The byte array in which to store the data. + * @return The number of bytes read. Returns -1 if the + * end of the message has been reached. + * @throws IOException If an error occurs in reading the underlying + * stream. + */ + @Override + public int read(byte buffer[]) throws IOException { + return read(buffer, 0, buffer.length); + } + + /** + * Reads the next number of bytes from the stream into an array and returns + * the number of bytes read. Returns -1 if the end of the + * message has been reached. The characters are stored in the array + * starting from the given offset and up to the length specified. + * + * @param buffer The byte array in which to store the data. + * @param offset The offset into the array at which to start storing data. + * @param length The number of bytes to read. + * @return The number of bytes read. Returns -1 if the + * end of the stream has been reached. + * @throws IOException If an error occurs while reading the underlying + * stream. + */ + @Override + public int read(byte buffer[], int offset, int length) throws IOException { + if (_noConversionRequired) { + return super.read(buffer, offset, length); + } + + if (length < 1) { + return 0; + } + + int ch, off; + + ch = available(); + + __length = (length > ch ? ch : length); + + // If nothing is available, block to read only one character + if (__length < 1) { + __length = 1; + } + + + if ((ch = __read()) == -1) { + return -1; + } + + off = offset; + + do { + buffer[offset++] = (byte) ch; + } + while (--__length > 0 && (ch = __read()) != -1); + + + return (offset - off); + } + + /*** + * Returns the number of bytes that can be read without blocking EXCEPT + * when newline conversions have to be made somewhere within the + * available block of bytes. In other words, you really should not + * rely on the value returned by this method if you are trying to avoid + * blocking. + ***/ + @Override + public int available() throws IOException { + if (in == null) { + throw new IOException("Stream closed"); + } + return (buf.length - pos) + in.available(); + } + +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/ListenerList.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/ListenerList.java new file mode 100644 index 0000000..3c7d922 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/ListenerList.java @@ -0,0 +1,42 @@ +package org.xbib.io.ftp.client; + +import java.io.Serializable; +import java.util.EventListener; +import java.util.Iterator; +import java.util.concurrent.CopyOnWriteArrayList; + +/** + */ + +public class ListenerList implements Serializable, Iterable { + private static final long serialVersionUID = -1934227607974228213L; + + private final CopyOnWriteArrayList listeners; + + public ListenerList() { + listeners = new CopyOnWriteArrayList<>(); + } + + public void addListener(EventListener listener) { + listeners.add(listener); + } + + public void removeListener(EventListener listener) { + listeners.remove(listener); + } + + public int getListenerCount() { + return listeners.size(); + } + + /** + * Return an {@link Iterator} for the {@link EventListener} instances. + * + * @return an {@link Iterator} for the {@link EventListener} instances + */ + @Override + public Iterator iterator() { + return listeners.iterator(); + } + +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/MalformedServerReplyException.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/MalformedServerReplyException.java new file mode 100644 index 0000000..a39bc5b --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/MalformedServerReplyException.java @@ -0,0 +1,30 @@ +package org.xbib.io.ftp.client; + +import java.io.IOException; + +/** + * This exception is used to indicate that the reply from a server + * could not be interpreted. Most of the NetComponents classes attempt + * to be as lenient as possible when receiving server replies. Many + * server implementations deviate from IETF protocol specifications, making + * it necessary to be as flexible as possible. However, there will be + * certain situations where it is not possible to continue an operation + * because the server reply could not be interpreted in a meaningful manner. + * In these cases, a MalformedServerReplyException should be thrown. + * + * + */ +public class MalformedServerReplyException extends IOException { + + private static final long serialVersionUID = 6006765264250543945L; + + /*** + * Constructs a MalformedServerReplyException with a specified message. + * + * @param message The message explaining the reason for the exception. + ***/ + public MalformedServerReplyException(String message) { + super(message); + } + +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/ProtocolCommandEvent.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/ProtocolCommandEvent.java new file mode 100644 index 0000000..42a1d7e --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/ProtocolCommandEvent.java @@ -0,0 +1,125 @@ +package org.xbib.io.ftp.client; + +import java.util.EventObject; + +/** + * There exists a large class of IETF protocols that work by sending an + * ASCII text command and arguments to a server, and then receiving an + * ASCII text reply. For debugging and other purposes, it is extremely + * useful to log or keep track of the contents of the protocol messages. + * The ProtocolCommandEvent class coupled with the + * {@link ProtocolCommandListener} + * interface facilitate this process. + * + * + * @see ProtocolCommandListener + * @see ProtocolCommandSupport + **/ + +public class ProtocolCommandEvent extends EventObject { + private static final long serialVersionUID = 403743538418947240L; + + private final int replyCode; + private final boolean isCommand; + private final String message; + private final String command; + + /*** + * Creates a ProtocolCommandEvent signalling a command was sent to + * the server. ProtocolCommandEvents created with this constructor + * should only be sent after a command has been sent, but before the + * reply has been received. + * + * @param source The source of the event. + * @param command The string representation of the command type sent, not + * including the arguments (e.g., "STAT" or "GET"). + * @param message The entire command string verbatim as sent to the server, + * including all arguments. + ***/ + public ProtocolCommandEvent(Object source, String command, String message) { + super(source); + replyCode = 0; + this.message = message; + isCommand = true; + this.command = command; + } + + + /*** + * Creates a ProtocolCommandEvent signalling a reply to a command was + * received. ProtocolCommandEvents created with this constructor + * should only be sent after a complete command reply has been received + * fromt a server. + * + * @param source The source of the event. + * @param replyCode The integer code indicating the natureof the reply. + * This will be the protocol integer value for protocols + * that use integer reply codes, or the reply class constant + * corresponding to the reply for protocols like POP3 that use + * strings like OK rather than integer codes (i.e., POP3Repy.OK). + * @param message The entire reply as received from the server. + ***/ + public ProtocolCommandEvent(Object source, int replyCode, String message) { + super(source); + this.replyCode = replyCode; + this.message = message; + isCommand = false; + command = null; + } + + /*** + * Returns the string representation of the command type sent (e.g., "STAT" + * or "GET"). If the ProtocolCommandEvent is a reply event, then null + * is returned. + * + * @return The string representation of the command type sent, or null + * if this is a reply event. + ***/ + public String getCommand() { + return command; + } + + + /*** + * Returns the reply code of the received server reply. Undefined if + * this is not a reply event. + * + * @return The reply code of the received server reply. Undefined if + * not a reply event. + ***/ + public int getReplyCode() { + return replyCode; + } + + /*** + * Returns true if the ProtocolCommandEvent was generated as a result + * of sending a command. + * + * @return true If the ProtocolCommandEvent was generated as a result + * of sending a command. False otherwise. + ***/ + public boolean isCommand() { + return isCommand; + } + + /*** + * Returns true if the ProtocolCommandEvent was generated as a result + * of receiving a reply. + * + * @return true If the ProtocolCommandEvent was generated as a result + * of receiving a reply. False otherwise. + ***/ + public boolean isReply() { + return !isCommand(); + } + + /*** + * Returns the entire message sent to or received from the server. + * Includes the line terminator. + * + * @return The entire message sent to or received from the server. + ***/ + public String getMessage() { + return message; + } +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/ProtocolCommandListener.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/ProtocolCommandListener.java new file mode 100644 index 0000000..10b2b44 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/ProtocolCommandListener.java @@ -0,0 +1,38 @@ +package org.xbib.io.ftp.client; + +import java.util.EventListener; + +/** + * There exists a large class of IETF protocols that work by sending an + * ASCII text command and arguments to a server, and then receiving an + * ASCII text reply. For debugging and other purposes, it is extremely + * useful to log or keep track of the contents of the protocol messages. + * The ProtocolCommandListener interface coupled with the + * {@link ProtocolCommandEvent} class facilitate this process. + * To receive ProtocolCommandEvents, you merely implement the + * ProtocolCommandListener interface and register the class as a listener + * with a ProtocolCommandEvent source such as + * {@link FTPClient}. + * + * @see ProtocolCommandEvent + * @see ProtocolCommandSupport + */ +public interface ProtocolCommandListener extends EventListener { + + /** + * This method is invoked by a ProtocolCommandEvent source after + * sending a protocol command to a server. + * + * @param event The ProtocolCommandEvent fired. + */ + void protocolCommandSent(ProtocolCommandEvent event); + + /** + * This method is invoked by a ProtocolCommandEvent source after + * receiving a reply from a server. + * + * @param event The ProtocolCommandEvent fired. + */ + void protocolReplyReceived(ProtocolCommandEvent event); + +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/ProtocolCommandSupport.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/ProtocolCommandSupport.java new file mode 100644 index 0000000..1267f1c --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/ProtocolCommandSupport.java @@ -0,0 +1,106 @@ +package org.xbib.io.ftp.client; + +import java.io.Serializable; +import java.util.EventListener; + +/** + * ProtocolCommandSupport is a convenience class for managing a list of + * ProtocolCommandListeners and firing ProtocolCommandEvents. You can + * simply delegate ProtocolCommandEvent firing and listener + * registering/unregistering tasks to this class. + * + * + * @see ProtocolCommandEvent + * @see ProtocolCommandListener + */ +public class ProtocolCommandSupport implements Serializable { + private static final long serialVersionUID = -8017692739988399978L; + + private final Object object; + private final ListenerList listenerList; + + /*** + * Creates a ProtocolCommandSupport instance using the indicated source + * as the source of ProtocolCommandEvents. + * + * @param source The source to use for all generated ProtocolCommandEvents. + ***/ + public ProtocolCommandSupport(Object source) { + listenerList = new ListenerList(); + object = source; + } + + + /*** + * Fires a ProtocolCommandEvent signalling the sending of a command to all + * registered listeners, invoking their + * {@link ProtocolCommandListener#protocolCommandSent protocolCommandSent() } + * methods. + * + * @param command The string representation of the command type sent, not + * including the arguments (e.g., "STAT" or "GET"). + * @param message The entire command string verbatim as sent to the server, + * including all arguments. + ***/ + public void fireCommandSent(String command, String message) { + ProtocolCommandEvent event; + + event = new ProtocolCommandEvent(object, command, message); + + for (EventListener listener : listenerList) { + ((ProtocolCommandListener) listener).protocolCommandSent(event); + } + } + + /*** + * Fires a ProtocolCommandEvent signalling the reception of a command reply + * to all registered listeners, invoking their + * {@link ProtocolCommandListener#protocolReplyReceived protocolReplyReceived() } + * methods. + * + * @param replyCode The integer code indicating the natureof the reply. + * This will be the protocol integer value for protocols + * that use integer reply codes, or the reply class constant + * corresponding to the reply for protocols like POP3 that use + * strings like OK rather than integer codes (i.e., POP3Repy.OK). + * @param message The entire reply as received from the server. + ***/ + public void fireReplyReceived(int replyCode, String message) { + ProtocolCommandEvent event; + event = new ProtocolCommandEvent(object, replyCode, message); + + for (EventListener listener : listenerList) { + ((ProtocolCommandListener) listener).protocolReplyReceived(event); + } + } + + /*** + * Adds a ProtocolCommandListener. + * + * @param listener The ProtocolCommandListener to add. + ***/ + public void addProtocolCommandListener(ProtocolCommandListener listener) { + listenerList.addListener(listener); + } + + /*** + * Removes a ProtocolCommandListener. + * + * @param listener The ProtocolCommandListener to remove. + ***/ + public void removeProtocolCommandListener(ProtocolCommandListener listener) { + listenerList.removeListener(listener); + } + + + /*** + * Returns the number of ProtocolCommandListeners currently registered. + * + * @return The number of ProtocolCommandListeners currently registered. + ***/ + public int getListenerCount() { + return listenerList.getListenerCount(); + } + +} + diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/SocketClient.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/SocketClient.java new file mode 100644 index 0000000..eb4e87d --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/SocketClient.java @@ -0,0 +1,839 @@ +package org.xbib.io.ftp.client; + +import javax.net.ServerSocketFactory; +import javax.net.SocketFactory; +import java.io.Closeable; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.InetAddress; +import java.net.InetSocketAddress; +import java.net.Proxy; +import java.net.Socket; +import java.net.SocketException; +import java.nio.charset.Charset; + + +/** + * The SocketClient provides the basic operations that are required of + * client objects accessing sockets. It is meant to be + * subclassed to avoid having to rewrite the same code over and over again + * to open a socket, close a socket, set timeouts, etc. Of special note + * is the {@link #setSocketFactory setSocketFactory } + * method, which allows you to control the type of Socket the SocketClient + * creates for initiating network connections. This is especially useful + * for adding SSL or proxy support as well as better support for applets. For + * example, you could create a + * {@link SocketFactory} that + * requests browser security capabilities before creating a socket. + * All classes derived from SocketClient should use the + * {@link #socketFactory _socketFactory_ } member variable to + * create Socket and ServerSocket instances rather than instantiating + * them by directly invoking a constructor. By honoring this contract + * you guarantee that a user will always be able to provide his own + * Socket implementations by substituting his own SocketFactory. + * + * @see SocketFactory + */ +public abstract class SocketClient { + + /** + * The default SocketFactory shared by all SocketClient instances. + */ + private static final SocketFactory DEFAULT_SOCKET_FACTORY = SocketFactory.getDefault(); + + /** + * The default {@link ServerSocketFactory} + */ + private static final ServerSocketFactory DEFAULT_SERVER_SOCKET_FACTORY = ServerSocketFactory.getDefault(); + /** + * The socket's connect timeout (0 = infinite timeout) + */ + private static final int DEFAULT_CONNECT_TIMEOUT = 0; + /** + * The timeout to use after opening a socket. + */ + protected int timeout; + + /** + * The socket used for the connection. + */ + protected Socket socket; + + /** + * The hostname used for the connection (null = no hostname supplied). + */ + protected String hostname; + + /** + * The default port the client should connect to. + */ + protected int defaultPort; + + /** + * The socket's InputStream. + */ + protected InputStream inputStream; + + /** + * The socket's OutputStream. + */ + protected OutputStream outputStream; + + /** + * The socket's SocketFactory. + */ + protected SocketFactory socketFactory; + + /** + * The socket's ServerSocket Factory. + */ + protected ServerSocketFactory serverSocketFactory; + protected int connectTimeout = DEFAULT_CONNECT_TIMEOUT; + /** + * A ProtocolCommandSupport object used to manage the registering of + * ProtocolCommandListeners and the firing of ProtocolCommandEvents. + */ + private ProtocolCommandSupport protocolCommandSupport; + /** + * Hint for SO_RCVBUF size + */ + private int receiveBufferSize = -1; + + /** + * Hint for SO_SNDBUF size + */ + private int sendBufferSize = -1; + + /** + * The proxy to use when connecting. + */ + private Proxy connProxy; + + /** + * Charset to use for byte IO. + */ + private Charset charset = Charset.defaultCharset(); + + /** + * Default constructor for SocketClient. Initializes + * _socket_ to null, _timeout_ to 0, _defaultPort to 0, + * _isConnected_ to false, charset to {@code Charset.defaultCharset()} + * and _socketFactory_ to a shared instance of + * {@link DefaultSocketFactory}. + */ + public SocketClient() { + socket = null; + hostname = null; + inputStream = null; + outputStream = null; + timeout = 0; + defaultPort = 0; + socketFactory = DEFAULT_SOCKET_FACTORY; + serverSocketFactory = DEFAULT_SERVER_SOCKET_FACTORY; + } + + + /** + * Because there are so many connect() methods, the _connectAction_() + * method is provided as a means of performing some action immediately + * after establishing a connection, rather than reimplementing all + * of the connect() methods. The last action performed by every + * connect() method after opening a socket is to call this method. + *

    + * This method sets the timeout on the just opened socket to the default + * timeout set by {@link #setDefaultTimeout setDefaultTimeout() }, + * sets _input_ and _output_ to the socket's InputStream and OutputStream + * respectively, and sets _isConnected_ to true. + *

    + * Subclasses overriding this method should start by calling + * super._connectAction_() first to ensure the + * initialization of the aforementioned protected variables. + * + * @throws IOException (SocketException) if a problem occurs with the socket + */ + protected void _connectAction_() throws IOException { + socket.setSoTimeout(timeout); + inputStream = socket.getInputStream(); + outputStream = socket.getOutputStream(); + } + + + /** + * Opens a Socket connected to a remote host at the specified port and + * originating from the current host at a system assigned port. + * Before returning, {@link #_connectAction_ _connectAction_() } + * is called to perform connection initialization actions. + *

    + * + * @param host The remote host. + * @param port The port to connect to on the remote host. + * @throws SocketException If the socket timeout could not be set. + * @throws IOException If the socket could not be opened. In most + * cases you will only want to catch IOException since SocketException is + * derived from it. + */ + public void connect(InetAddress host, int port) + throws SocketException, IOException { + hostname = null; + _connect(host, port, null, -1); + } + + /** + * Opens a Socket connected to a remote host at the specified port and + * originating from the current host at a system assigned port. + * Before returning, {@link #_connectAction_ _connectAction_() } + * is called to perform connection initialization actions. + *

    + * + * @param hostname The name of the remote host. + * @param port The port to connect to on the remote host. + * @throws SocketException If the socket timeout could not be set. + * @throws IOException If the socket could not be opened. In most + * cases you will only want to catch IOException since SocketException is + * derived from it. + * @throws java.net.UnknownHostException If the hostname cannot be resolved. + */ + public void connect(String hostname, int port) + throws SocketException, IOException { + this.hostname = hostname; + _connect(InetAddress.getByName(hostname), port, null, -1); + } + + + /** + * Opens a Socket connected to a remote host at the specified port and + * originating from the specified local address and port. + * Before returning, {@link #_connectAction_ _connectAction_() } + * is called to perform connection initialization actions. + *

    + * + * @param host The remote host. + * @param port The port to connect to on the remote host. + * @param localAddr The local address to use. + * @param localPort The local port to use. + * @throws SocketException If the socket timeout could not be set. + * @throws IOException If the socket could not be opened. In most + * cases you will only want to catch IOException since SocketException is + * derived from it. + */ + public void connect(InetAddress host, int port, + InetAddress localAddr, int localPort) + throws SocketException, IOException { + hostname = null; + _connect(host, port, localAddr, localPort); + } + + // helper method to allow code to be shared with connect(String,...) methods + private void _connect(InetAddress host, int port, InetAddress localAddr, int localPort) + throws SocketException, IOException { + socket = socketFactory.createSocket(); + if (receiveBufferSize != -1) { + socket.setReceiveBufferSize(receiveBufferSize); + } + if (sendBufferSize != -1) { + socket.setSendBufferSize(sendBufferSize); + } + if (localAddr != null) { + socket.bind(new InetSocketAddress(localAddr, localPort)); + } + socket.connect(new InetSocketAddress(host, port), connectTimeout); + _connectAction_(); + } + + /** + * Opens a Socket connected to a remote host at the specified port and + * originating from the specified local address and port. + * Before returning, {@link #_connectAction_ _connectAction_() } + * is called to perform connection initialization actions. + *

    + * + * @param hostname The name of the remote host. + * @param port The port to connect to on the remote host. + * @param localAddr The local address to use. + * @param localPort The local port to use. + * @throws SocketException If the socket timeout could not be set. + * @throws IOException If the socket could not be opened. In most + * cases you will only want to catch IOException since SocketException is + * derived from it. + * @throws java.net.UnknownHostException If the hostname cannot be resolved. + */ + public void connect(String hostname, int port, + InetAddress localAddr, int localPort) + throws SocketException, IOException { + this.hostname = hostname; + _connect(InetAddress.getByName(hostname), port, localAddr, localPort); + } + + + /** + * Opens a Socket connected to a remote host at the current default port + * and originating from the current host at a system assigned port. + * Before returning, {@link #_connectAction_ _connectAction_() } + * is called to perform connection initialization actions. + *

    + * + * @param host The remote host. + * @throws SocketException If the socket timeout could not be set. + * @throws IOException If the socket could not be opened. In most + * cases you will only want to catch IOException since SocketException is + * derived from it. + */ + public void connect(InetAddress host) throws SocketException, IOException { + hostname = null; + connect(host, defaultPort); + } + + + /** + * Opens a Socket connected to a remote host at the current default + * port and originating from the current host at a system assigned port. + * Before returning, {@link #_connectAction_ _connectAction_() } + * is called to perform connection initialization actions. + *

    + * + * @param hostname The name of the remote host. + * @throws SocketException If the socket timeout could not be set. + * @throws IOException If the socket could not be opened. In most + * cases you will only want to catch IOException since SocketException is + * derived from it. + * @throws java.net.UnknownHostException If the hostname cannot be resolved. + */ + public void connect(String hostname) throws SocketException, IOException { + connect(hostname, defaultPort); + } + + + /** + * Disconnects the socket connection. + * You should call this method after you've finished using the class + * instance and also before you call + * {@link #connect connect() } + * again. _isConnected_ is set to false, _socket_ is set to null, + * _input_ is set to null, and _output_ is set to null. + *

    + * + * @throws IOException If there is an error closing the socket. + */ + public void disconnect() throws IOException { + closeQuietly(socket); + closeQuietly(inputStream); + closeQuietly(outputStream); + socket = null; + hostname = null; + inputStream = null; + outputStream = null; + } + + private void closeQuietly(Socket socket) { + if (socket != null) { + try { + socket.close(); + } catch (IOException e) { + // Ignored + } + } + } + + private void closeQuietly(Closeable close) { + if (close != null) { + try { + close.close(); + } catch (IOException e) { + // Ignored + } + } + } + + /** + * Returns true if the client is currently connected to a server. + *

    + * Delegates to {@link Socket#isConnected()} + * + * @return True if the client is currently connected to a server, + * false otherwise. + */ + public boolean isConnected() { + if (socket == null) { + return false; + } + + return socket.isConnected(); + } + + /** + * Make various checks on the socket to test if it is available for use. + * Note that the only sure test is to use it, but these checks may help + * in some cases. + * + * @return {@code true} if the socket appears to be available for use + * @see NET-350 + */ + public boolean isAvailable() { + if (isConnected()) { + try { + if (socket.getInetAddress() == null) { + return false; + } + if (socket.getPort() == 0) { + return false; + } + if (socket.getRemoteSocketAddress() == null) { + return false; + } + if (socket.isClosed()) { + return false; + } + /* these aren't exact checks (a Socket can be half-open), + but since we usually require two-way data transfer, + we check these here too: */ + if (socket.isInputShutdown()) { + return false; + } + if (socket.isOutputShutdown()) { + return false; + } + /* ignore the result, catch exceptions: */ + socket.getInputStream(); + socket.getOutputStream(); + } catch (IOException ioex) { + return false; + } + return true; + } else { + return false; + } + } + + /** + * Returns the current value of the default port (stored in + * {@link #defaultPort _defaultPort_ }). + *

    + * + * @return The current value of the default port. + */ + public int getDefaultPort() { + return defaultPort; + } + + /** + * Sets the default port the SocketClient should connect to when a port + * is not specified. The {@link #defaultPort _defaultPort_ } + * variable stores this value. If never set, the default port is equal + * to zero. + *

    + * + * @param port The default port to set. + */ + public void setDefaultPort(int port) { + defaultPort = port; + } + + /** + * Returns the default timeout in milliseconds that is used when + * opening a socket. + *

    + * + * @return The default timeout in milliseconds that is used when + * opening a socket. + */ + public int getDefaultTimeout() { + return timeout; + } + + /** + * Set the default timeout in milliseconds to use when opening a socket. + * This value is only used previous to a call to + * {@link #connect connect()} + * and should not be confused with {@link #setSoTimeout setSoTimeout()} + * which operates on an the currently opened socket. _timeout_ contains + * the new timeout value. + *

    + * + * @param timeout The timeout in milliseconds to use for the socket + * connection. + */ + public void setDefaultTimeout(int timeout) { + this.timeout = timeout; + } + + /** + * Get the current sendBuffer size + * + * @return the size, or -1 if not initialised + */ + protected int getSendBufferSize() { + return sendBufferSize; + } + + /** + * Set the underlying socket send buffer size. + * + * @param size The size of the buffer in bytes. + * @throws SocketException never thrown, but subclasses might want to do so + */ + public void setSendBufferSize(int size) throws SocketException { + sendBufferSize = size; + } + + /** + * Get the current receivedBuffer size + * + * @return the size, or -1 if not initialised + */ + protected int getReceiveBufferSize() { + return receiveBufferSize; + } + + /** + * Sets the underlying socket receive buffer size. + * + * @param size The size of the buffer in bytes. + * @throws SocketException never (but subclasses may wish to do so) + */ + public void setReceiveBufferSize(int size) throws SocketException { + receiveBufferSize = size; + } + + /** + * Returns the timeout in milliseconds of the currently opened socket. + * + * @return The timeout in milliseconds of the currently opened socket. + * @throws SocketException If the operation fails. + * @throws NullPointerException if the socket is not currently open + */ + public int getSoTimeout() throws SocketException { + return socket.getSoTimeout(); + } + + /** + * Set the timeout in milliseconds of a currently open connection. + * Only call this method after a connection has been opened + * by {@link #connect connect()}. + * To set the initial timeout, use {@link #setDefaultTimeout(int)} instead. + * + * @param timeout The timeout in milliseconds to use for the currently + * open socket connection. + * @throws SocketException If the operation fails. + * @throws NullPointerException if the socket is not currently open + */ + public void setSoTimeout(int timeout) throws SocketException { + socket.setSoTimeout(timeout); + } + + /** + * Returns true if Nagle's algorithm is enabled on the currently opened + * socket. + * + * @return True if Nagle's algorithm is enabled on the currently opened + * socket, false otherwise. + * @throws SocketException If the operation fails. + * @throws NullPointerException if the socket is not currently open + */ + public boolean getTcpNoDelay() throws SocketException { + return socket.getTcpNoDelay(); + } + + /** + * Enables or disables the Nagle's algorithm (TCP_NODELAY) on the + * currently opened socket. + * + * @param on True if Nagle's algorithm is to be enabled, false if not. + * @throws SocketException If the operation fails. + * @throws NullPointerException if the socket is not currently open + */ + public void setTcpNoDelay(boolean on) throws SocketException { + socket.setTcpNoDelay(on); + } + + /** + * Returns the current value of the SO_KEEPALIVE flag on the currently opened socket. + * Delegates to {@link Socket#getKeepAlive()} + * + * @return True if SO_KEEPALIVE is enabled. + * @throws SocketException if there is a problem with the socket + * @throws NullPointerException if the socket is not currently open + */ + public boolean getKeepAlive() throws SocketException { + return socket.getKeepAlive(); + } + + /** + * Sets the SO_KEEPALIVE flag on the currently opened socket. + *

    + * From the Javadocs, the default keepalive time is 2 hours (although this is + * implementation dependent). It looks as though the Windows WSA sockets implementation + * allows a specific keepalive value to be set, although this seems not to be the case on + * other systems. + * + * @param keepAlive If true, keepAlive is turned on + * @throws SocketException if there is a problem with the socket + * @throws NullPointerException if the socket is not currently open + */ + public void setKeepAlive(boolean keepAlive) throws SocketException { + socket.setKeepAlive(keepAlive); + } + + /** + * Sets the SO_LINGER timeout on the currently opened socket. + * + * @param on True if linger is to be enabled, false if not. + * @param val The linger timeout (in hundredths of a second?) + * @throws SocketException If the operation fails. + * @throws NullPointerException if the socket is not currently open + */ + public void setSoLinger(boolean on, int val) throws SocketException { + socket.setSoLinger(on, val); + } + + + /** + * Returns the current SO_LINGER timeout of the currently opened socket. + *

    + * + * @return The current SO_LINGER timeout. If SO_LINGER is disabled returns + * -1. + * @throws SocketException If the operation fails. + * @throws NullPointerException if the socket is not currently open + */ + public int getSoLinger() throws SocketException { + return socket.getSoLinger(); + } + + + /** + * Returns the port number of the open socket on the local host used + * for the connection. + * Delegates to {@link Socket#getLocalPort()} + *

    + * + * @return The port number of the open socket on the local host used + * for the connection. + * @throws NullPointerException if the socket is not currently open + */ + public int getLocalPort() { + return socket.getLocalPort(); + } + + + /** + * Returns the local address to which the client's socket is bound. + * Delegates to {@link Socket#getLocalAddress()} + *

    + * + * @return The local address to which the client's socket is bound. + * @throws NullPointerException if the socket is not currently open + */ + public InetAddress getLocalAddress() { + return socket.getLocalAddress(); + } + + /** + * Returns the port number of the remote host to which the client is + * connected. + * Delegates to {@link Socket#getPort()} + *

    + * + * @return The port number of the remote host to which the client is + * connected. + * @throws NullPointerException if the socket is not currently open + */ + public int getRemotePort() { + return socket.getPort(); + } + + + /** + * @return The remote address to which the client is connected. + * Delegates to {@link Socket#getInetAddress()} + * @throws NullPointerException if the socket is not currently open + */ + public InetAddress getRemoteAddress() { + return socket.getInetAddress(); + } + + + /** + * Verifies that the remote end of the given socket is connected to the + * the same host that the SocketClient is currently connected to. This + * is useful for doing a quick security check when a client needs to + * accept a connection from a server, such as an FTP data connection or + * a BSD R command standard error stream. + * + * @param socket the item to check against + * @return True if the remote hosts are the same, false if not. + */ + public boolean verifyRemote(Socket socket) { + InetAddress host1, host2; + + host1 = socket.getInetAddress(); + host2 = getRemoteAddress(); + + return host1.equals(host2); + } + + + /** + * Sets the SocketFactory used by the SocketClient to open socket + * connections. If the factory value is null, then a default + * factory is used (only do this to reset the factory after having + * previously altered it). + * Any proxy setting is discarded. + * + * @param factory The new SocketFactory the SocketClient should use. + */ + public void setSocketFactory(SocketFactory factory) { + if (factory == null) { + socketFactory = DEFAULT_SOCKET_FACTORY; + } else { + socketFactory = factory; + } + // re-setting the socket factory makes the proxy setting useless, + // so set the field to null so that getProxy() doesn't return a + // Proxy that we're actually not using. + connProxy = null; + } + + /** + * Get the underlying socket connection timeout. + * + * @return timeout (in ms) + */ + public int getConnectTimeout() { + return connectTimeout; + } + + /** + * Sets the connection timeout in milliseconds, which will be passed to the {@link Socket} object's + * connect() method. + * + * @param connectTimeout The connection timeout to use (in ms) + */ + public void setConnectTimeout(int connectTimeout) { + this.connectTimeout = connectTimeout; + } + + /** + * Get the underlying {@link ServerSocketFactory} + * + * @return The server socket factory + */ + public ServerSocketFactory getServerSocketFactory() { + return serverSocketFactory; + } + + /** + * Sets the ServerSocketFactory used by the SocketClient to open ServerSocket + * connections. If the factory value is null, then a default + * factory is used (only do this to reset the factory after having + * previously altered it). + * + * @param factory The new ServerSocketFactory the SocketClient should use. + */ + public void setServerSocketFactory(ServerSocketFactory factory) { + if (factory == null) { + serverSocketFactory = DEFAULT_SERVER_SOCKET_FACTORY; + } else { + serverSocketFactory = factory; + } + } + + /** + * Adds a ProtocolCommandListener. + * + * @param listener The ProtocolCommandListener to add. + */ + public void addProtocolCommandListener(ProtocolCommandListener listener) { + getCommandSupport().addProtocolCommandListener(listener); + } + + /** + * Removes a ProtocolCommandListener. + * + * @param listener The ProtocolCommandListener to remove. + */ + public void removeProtocolCommandListener(ProtocolCommandListener listener) { + getCommandSupport().removeProtocolCommandListener(listener); + } + + /** + * If there are any listeners, send them the reply details. + * + * @param replyCode the code extracted from the reply + * @param reply the full reply text + */ + protected void fireReplyReceived(int replyCode, String reply) { + if (getCommandSupport().getListenerCount() > 0) { + getCommandSupport().fireReplyReceived(replyCode, reply); + } + } + + /** + * If there are any listeners, send them the command details. + * + * @param command the command name + * @param message the complete message, including command name + */ + protected void fireCommandSent(String command, String message) { + if (getCommandSupport().getListenerCount() > 0) { + getCommandSupport().fireCommandSent(command, message); + } + } + + /** + * Create the CommandSupport instance if required + */ + protected void createCommandSupport() { + protocolCommandSupport = new ProtocolCommandSupport(this); + } + + /** + * Subclasses can override this if they need to provide their own + * instance field for backwards compatibilty. + * + * @return the CommandSupport instance, may be {@code null} + */ + protected ProtocolCommandSupport getCommandSupport() { + return protocolCommandSupport; + } + + /** + * Gets the proxy for use with all the connections. + * + * @return the current proxy for connections. + */ + public Proxy getProxy() { + return connProxy; + } + + /** + * Sets the proxy for use with all the connections. + * The proxy is used for connections established after the + * call to this method. + * + * @param proxy the new proxy for connections. + */ + public void setProxy(Proxy proxy) { + setSocketFactory(new DefaultSocketFactory(proxy)); + connProxy = proxy; + } + + /** + * Gets the charset. + * + * @return the charset. + */ + public Charset getCharset() { + return charset; + } + + /** + * Sets the charset. + * + * @param charset the charset. + */ + public void setCharset(Charset charset) { + this.charset = charset; + } + +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/SocketInputStream.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/SocketInputStream.java new file mode 100644 index 0000000..dafcd04 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/SocketInputStream.java @@ -0,0 +1,47 @@ +package org.xbib.io.ftp.client; + +import java.io.FilterInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.net.Socket; + +/** + * This class wraps an input stream, storing a reference to its originating + * socket. When the stream is closed, it will also close the socket + * immediately afterward. This class is useful for situations where you + * are dealing with a stream originating from a socket, but do not have + * a reference to the socket, and want to make sure it closes when the + * stream closes. + * + * + * @see SocketOutputStream + */ +public class SocketInputStream extends FilterInputStream { + private final Socket socket; + + /** + * Creates a SocketInputStream instance wrapping an input stream and + * storing a reference to a socket that should be closed on closing + * the stream. + * + * @param socket The socket to close on closing the stream. + * @param stream The input stream to wrap. + */ + public SocketInputStream(Socket socket, InputStream stream) { + super(stream); + this.socket = socket; + } + + /** + * Closes the stream and immediately afterward closes the referenced + * socket. + * + * @throws IOException If there is an error in closing the stream + * or socket. + */ + @Override + public void close() throws IOException { + super.close(); + socket.close(); + } +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/SocketOutputStream.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/SocketOutputStream.java new file mode 100644 index 0000000..083aa72 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/SocketOutputStream.java @@ -0,0 +1,64 @@ +package org.xbib.io.ftp.client; + +import java.io.FilterOutputStream; +import java.io.IOException; +import java.io.OutputStream; +import java.net.Socket; + +/** + * This class wraps an output stream, storing a reference to its originating + * socket. When the stream is closed, it will also close the socket + * immediately afterward. This class is useful for situations where you + * are dealing with a stream originating from a socket, but do not have + * a reference to the socket, and want to make sure it closes when the + * stream closes. + * + * @see SocketInputStream + */ +public class SocketOutputStream extends FilterOutputStream { + + private final Socket socket; + + /** + * Creates a SocketOutputStream instance wrapping an output stream and + * storing a reference to a socket that should be closed on closing + * the stream. + * + * @param socket The socket to close on closing the stream. + * @param stream The input stream to wrap. + */ + public SocketOutputStream(Socket socket, OutputStream stream) { + super(stream); + this.socket = socket; + } + + /** + * Writes a number of bytes from a byte array to the stream starting from + * a given offset. This method bypasses the equivalent method in + * FilterOutputStream because the FilterOutputStream implementation is + * very inefficient. + * + * @param buffer The byte array to write. + * @param offset The offset into the array at which to start copying data. + * @param length The number of bytes to write. + * @throws IOException If an error occurs while writing to the underlying + * stream. + */ + @Override + public void write(byte buffer[], int offset, int length) throws IOException { + out.write(buffer, offset, length); + } + + /** + * Closes the stream and immediately afterward closes the referenced + * socket. + * + * @throws IOException If there is an error in closing the stream + * or socket. + */ + @Override + public void close() throws IOException { + super.close(); + socket.close(); + } +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/ToNetASCIIOutputStream.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/ToNetASCIIOutputStream.java new file mode 100644 index 0000000..1f8e5a6 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/ToNetASCIIOutputStream.java @@ -0,0 +1,89 @@ +package org.xbib.io.ftp.client; + +import java.io.FilterOutputStream; +import java.io.IOException; +import java.io.OutputStream; + +/** + * This class wraps an output stream, replacing all singly occurring + * <LF> (linefeed) characters with <CR><LF> (carriage return + * followed by linefeed), which is the NETASCII standard for representing + * a newline. + * You would use this class to implement ASCII file transfers requiring + * conversion to NETASCII. + */ +public final class ToNetASCIIOutputStream extends FilterOutputStream { + private boolean lastWasCR; + + /** + * Creates a ToNetASCIIOutputStream instance that wraps an existing + * OutputStream. + * + * @param output The OutputStream to wrap. + */ + public ToNetASCIIOutputStream(OutputStream output) { + super(output); + lastWasCR = false; + } + + /** + * Writes a byte to the stream. Note that a call to this method + * may result in multiple writes to the underlying input stream in order + * to convert naked newlines to NETASCII line separators. + * This is transparent to the programmer and is only mentioned for + * completeness. + * + * @param ch The byte to write. + * @throws IOException If an error occurs while writing to the underlying + * stream. + */ + @Override + public synchronized void write(int ch) throws IOException { + switch (ch) { + case '\r': + lastWasCR = true; + out.write('\r'); + return; + case '\n': + if (!lastWasCR) { + out.write('\r'); + } + lastWasCR = false; + out.write(ch); + return; + default: + lastWasCR = false; + out.write(ch); + } + } + + /** + * Writes a byte array to the stream. + * + * @param buffer The byte array to write. + * @throws IOException If an error occurs while writing to the underlying + * stream. + */ + @Override + public synchronized void write(byte buffer[]) throws IOException { + write(buffer, 0, buffer.length); + } + + /** + * Writes a number of bytes from a byte array to the stream starting from + * a given offset. + * + * @param buffer The byte array to write. + * @param offset The offset into the array at which to start copying data. + * @param length The number of bytes to write. + * @throws IOException If an error occurs while writing to the underlying + * stream. + */ + @Override + public synchronized void write(byte buffer[], int offset, int length) throws IOException { + while (length-- > 0) { + write(buffer[offset++]); + } + } + +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/Util.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/Util.java new file mode 100644 index 0000000..799c8c4 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/Util.java @@ -0,0 +1,344 @@ +package org.xbib.io.ftp.client; + +import java.io.Closeable; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.Reader; +import java.io.Writer; +import java.net.Socket; + +/** + * The Util class cannot be instantiated and stores short static convenience + * methods that are often quite useful. + * @see CopyStreamException + * @see CopyStreamListener + * @see CopyStreamAdapter + */ +public final class Util { + /** + * The default buffer size ({@value}) used by + * {@link #copyStream copyStream } and {@link #copyReader copyReader} + * and by the copyReader/copyStream methods if a zero or negative buffer size is supplied. + */ + public static final int DEFAULT_COPY_BUFFER_SIZE = 4096; + + // Cannot be instantiated + private Util() { + } + + + /** + * Copies the contents of an InputStream to an OutputStream using a + * copy buffer of a given size and notifies the provided + * CopyStreamListener of the progress of the copy operation by calling + * its bytesTransferred(long, int) method after each write to the + * destination. If you wish to notify more than one listener you should + * use a CopyStreamAdapter as the listener and register the additional + * listeners with the CopyStreamAdapter. + *

    + * The contents of the InputStream are + * read until the end of the stream is reached, but neither the + * source nor the destination are closed. You must do this yourself + * outside of the method call. The number of bytes read/written is + * returned. + * + * @param source The source InputStream. + * @param dest The destination OutputStream. + * @param bufferSize The number of bytes to buffer during the copy. + * A zero or negative value means to use {@link #DEFAULT_COPY_BUFFER_SIZE}. + * @param streamSize The number of bytes in the stream being copied. + * Should be set to CopyStreamEvent.UNKNOWN_STREAM_SIZE if unknown. + * Not currently used (though it is passed to {@link CopyStreamListener#bytesTransferred(long, int, long)} + * @param listener The CopyStreamListener to notify of progress. If + * this parameter is null, notification is not attempted. + * @param flush Whether to flush the output stream after every + * write. This is necessary for interactive sessions that rely on + * buffered streams. If you don't flush, the data will stay in + * the stream buffer. + * @return number of bytes read/written + * @throws CopyStreamException If an error occurs while reading from the + * source or writing to the destination. The CopyStreamException + * will contain the number of bytes confirmed to have been + * transferred before an + * IOException occurred, and it will also contain the IOException + * that caused the error. These values can be retrieved with + * the CopyStreamException getTotalBytesTransferred() and + * getIOException() methods. + */ + public static long copyStream(InputStream source, OutputStream dest, + int bufferSize, long streamSize, + CopyStreamListener listener, + boolean flush) + throws CopyStreamException { + int numBytes; + long total = 0; + byte[] buffer = new byte[bufferSize > 0 ? bufferSize : DEFAULT_COPY_BUFFER_SIZE]; + + try { + while ((numBytes = source.read(buffer)) != -1) { + // Technically, some read(byte[]) methods may return 0 and we cannot + // accept that as an indication of EOF. + + if (numBytes == 0) { + int singleByte = source.read(); + if (singleByte < 0) { + break; + } + dest.write(singleByte); + if (flush) { + dest.flush(); + } + ++total; + if (listener != null) { + listener.bytesTransferred(total, 1, streamSize); + } + continue; + } + + dest.write(buffer, 0, numBytes); + if (flush) { + dest.flush(); + } + total += numBytes; + if (listener != null) { + listener.bytesTransferred(total, numBytes, streamSize); + } + } + } catch (IOException e) { + throw new CopyStreamException("IOException caught while copying.", + total, e); + } + + return total; + } + + + /** + * Copies the contents of an InputStream to an OutputStream using a + * copy buffer of a given size and notifies the provided + * CopyStreamListener of the progress of the copy operation by calling + * its bytesTransferred(long, int) method after each write to the + * destination. If you wish to notify more than one listener you should + * use a CopyStreamAdapter as the listener and register the additional + * listeners with the CopyStreamAdapter. + * The contents of the InputStream are + * read until the end of the stream is reached, but neither the + * source nor the destination are closed. You must do this yourself + * outside of the method call. The number of bytes read/written is + * returned. + * + * @param source The source InputStream. + * @param dest The destination OutputStream. + * @param bufferSize The number of bytes to buffer during the copy. + * A zero or negative value means to use {@link #DEFAULT_COPY_BUFFER_SIZE}. + * @param streamSize The number of bytes in the stream being copied. + * Should be set to CopyStreamEvent.UNKNOWN_STREAM_SIZE if unknown. + * Not currently used (though it is passed to {@link CopyStreamListener#bytesTransferred(long, int, long)} + * @param listener The CopyStreamListener to notify of progress. If + * this parameter is null, notification is not attempted. + * @return number of bytes read/written + * @throws CopyStreamException If an error occurs while reading from the + * source or writing to the destination. The CopyStreamException + * will contain the number of bytes confirmed to have been + * transferred before an + * IOException occurred, and it will also contain the IOException + * that caused the error. These values can be retrieved with + * the CopyStreamException getTotalBytesTransferred() and + * getIOException() methods. + */ + public static final long copyStream(InputStream source, OutputStream dest, + int bufferSize, long streamSize, + CopyStreamListener listener) + throws CopyStreamException { + return copyStream(source, dest, bufferSize, streamSize, listener, + true); + } + + /** + * Copies the contents of an InputStream to an OutputStream using a + * copy buffer of a given size. The contents of the InputStream are + * read until the end of the stream is reached, but neither the + * source nor the destination are closed. You must do this yourself + * outside of the method call. The number of bytes read/written is + * returned. + * + * @param source The source InputStream. + * @param dest The destination OutputStream. + * @param bufferSize The number of bytes to buffer during the copy. + * A zero or negative value means to use {@link #DEFAULT_COPY_BUFFER_SIZE}. + * @return The number of bytes read/written in the copy operation. + * @throws CopyStreamException If an error occurs while reading from the + * source or writing to the destination. The CopyStreamException + * will contain the number of bytes confirmed to have been + * transferred before an + * IOException occurred, and it will also contain the IOException + * that caused the error. These values can be retrieved with + * the CopyStreamException getTotalBytesTransferred() and + * getIOException() methods. + */ + public static final long copyStream(InputStream source, OutputStream dest, + int bufferSize) + throws CopyStreamException { + return copyStream(source, dest, bufferSize, + CopyStreamEvent.UNKNOWN_STREAM_SIZE, null); + } + + /** + * Same as copyStream(source, dest, DEFAULT_COPY_BUFFER_SIZE); + * @param source where to copy from + * @param dest where to copy to + * @return number of bytes copied + * @throws CopyStreamException on error + */ + public static final long copyStream(InputStream source, OutputStream dest) + throws CopyStreamException { + return copyStream(source, dest, DEFAULT_COPY_BUFFER_SIZE); + } + + /** + * Copies the contents of a Reader to a Writer using a + * copy buffer of a given size and notifies the provided + * CopyStreamListener of the progress of the copy operation by calling + * its bytesTransferred(long, int) method after each write to the + * destination. If you wish to notify more than one listener you should + * use a CopyStreamAdapter as the listener and register the additional + * listeners with the CopyStreamAdapter. + *

    + * The contents of the Reader are + * read until its end is reached, but neither the source nor the + * destination are closed. You must do this yourself outside of the + * method call. The number of characters read/written is returned. + * + * @param source The source Reader. + * @param dest The destination writer. + * @param bufferSize The number of characters to buffer during the copy. + * A zero or negative value means to use {@link #DEFAULT_COPY_BUFFER_SIZE}. + * @param streamSize The number of characters in the stream being copied. + * Should be set to CopyStreamEvent.UNKNOWN_STREAM_SIZE if unknown. + * Not currently used (though it is passed to {@link CopyStreamListener#bytesTransferred(long, int, long)} + * @param listener The CopyStreamListener to notify of progress. If + * this parameter is null, notification is not attempted. + * @return The number of characters read/written in the copy operation. + * @throws CopyStreamException If an error occurs while reading from the + * source or writing to the destination. The CopyStreamException + * will contain the number of bytes confirmed to have been + * transferred before an + * IOException occurred, and it will also contain the IOException + * that caused the error. These values can be retrieved with + * the CopyStreamException getTotalBytesTransferred() and + * getIOException() methods. + */ + public static final long copyReader(Reader source, Writer dest, + int bufferSize, long streamSize, + CopyStreamListener listener) + throws CopyStreamException { + int numChars; + long total = 0; + char[] buffer = new char[bufferSize > 0 ? bufferSize : DEFAULT_COPY_BUFFER_SIZE]; + + try { + while ((numChars = source.read(buffer)) != -1) { + // Technically, some read(char[]) methods may return 0 and we cannot + // accept that as an indication of EOF. + if (numChars == 0) { + int singleChar = source.read(); + if (singleChar < 0) { + break; + } + dest.write(singleChar); + dest.flush(); + ++total; + if (listener != null) { + listener.bytesTransferred(total, 1, streamSize); + } + continue; + } + + dest.write(buffer, 0, numChars); + dest.flush(); + total += numChars; + if (listener != null) { + listener.bytesTransferred(total, numChars, streamSize); + } + } + } catch (IOException e) { + throw new CopyStreamException("IOException caught while copying.", + total, e); + } + + return total; + } + + /** + * Copies the contents of a Reader to a Writer using a + * copy buffer of a given size. The contents of the Reader are + * read until its end is reached, but neither the source nor the + * destination are closed. You must do this yourself outside of the + * method call. The number of characters read/written is returned. + * + * @param source The source Reader. + * @param dest The destination writer. + * @param bufferSize The number of characters to buffer during the copy. + * A zero or negative value means to use {@link #DEFAULT_COPY_BUFFER_SIZE}. + * @return The number of characters read/written in the copy operation. + * @throws CopyStreamException If an error occurs while reading from the + * source or writing to the destination. The CopyStreamException + * will contain the number of bytes confirmed to have been + * transferred before an + * IOException occurred, and it will also contain the IOException + * that caused the error. These values can be retrieved with + * the CopyStreamException getTotalBytesTransferred() and + * getIOException() methods. + */ + public static final long copyReader(Reader source, Writer dest, + int bufferSize) + throws CopyStreamException { + return copyReader(source, dest, bufferSize, + CopyStreamEvent.UNKNOWN_STREAM_SIZE, null); + } + + /** + * Same as copyReader(source, dest, DEFAULT_COPY_BUFFER_SIZE); + * @param source where to copy from + * @param dest where to copy to + * @return number of bytes copied + * @throws CopyStreamException on error + */ + public static final long copyReader(Reader source, Writer dest) + throws CopyStreamException { + return copyReader(source, dest, DEFAULT_COPY_BUFFER_SIZE); + } + + /** + * Closes the object quietly, catching rather than throwing IOException. + * Intended for use from finally blocks. + * + * @param closeable the object to close, may be {@code null} + */ + public static void closeQuietly(Closeable closeable) { + if (closeable != null) { + try { + closeable.close(); + } catch (IOException e) { + // Ignored + } + } + } + + /** + * Closes the socket quietly, catching rather than throwing IOException. + * Intended for use from finally blocks. + * + * @param socket the socket to close, may be {@code null} + */ + public static void closeQuietly(Socket socket) { + if (socket != null) { + try { + socket.close(); + } catch (IOException e) { + // Ignored + } + } + } +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/CompositeFileEntryParser.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/CompositeFileEntryParser.java new file mode 100644 index 0000000..baed72f --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/CompositeFileEntryParser.java @@ -0,0 +1,45 @@ +package org.xbib.io.ftp.client.parser; + +import org.xbib.io.ftp.client.FTPFile; +import org.xbib.io.ftp.client.FTPFileEntryParser; +import org.xbib.io.ftp.client.FTPFileEntryParserImpl; + +/** + * This implementation allows to pack some FileEntryParsers together + * and handle the case where to returned dirstyle isnt clearly defined. + * The matching parser will be cached. + * If the cached parser wont match due to the server changed the dirstyle, + * a new matching parser will be searched. + */ +public class CompositeFileEntryParser extends FTPFileEntryParserImpl { + + private final FTPFileEntryParser[] ftpFileEntryParsers; + + private FTPFileEntryParser cachedFtpFileEntryParser; + + public CompositeFileEntryParser(FTPFileEntryParser[] ftpFileEntryParsers) { + super(); + + this.cachedFtpFileEntryParser = null; + this.ftpFileEntryParsers = ftpFileEntryParsers; + } + + @Override + public FTPFile parseFTPEntry(String listEntry) { + if (cachedFtpFileEntryParser != null) { + FTPFile matched = cachedFtpFileEntryParser.parseFTPEntry(listEntry); + if (matched != null) { + return matched; + } + } else { + for (FTPFileEntryParser ftpFileEntryParser : ftpFileEntryParsers) { + FTPFile matched = ftpFileEntryParser.parseFTPEntry(listEntry); + if (matched != null) { + cachedFtpFileEntryParser = ftpFileEntryParser; + return matched; + } + } + } + return null; + } +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/ConfigurableFTPFileEntryParserImpl.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/ConfigurableFTPFileEntryParserImpl.java new file mode 100644 index 0000000..bd88c55 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/ConfigurableFTPFileEntryParserImpl.java @@ -0,0 +1,102 @@ +package org.xbib.io.ftp.client.parser; + +import org.xbib.io.ftp.client.Configurable; +import org.xbib.io.ftp.client.FTPClientConfig; + +import java.time.ZonedDateTime; + +/** + * This abstract class implements the common timestamp parsing + * algorithm for all the concrete parsers. Classes derived from + * this one will parse file listings via a supplied regular expression + * that pulls out the date portion as a separate string which is + * passed to the underlying {@link FTPTimestampParser delegate} to + * handle parsing of the file timestamp. + * This class also implements the {@link Configurable Configurable} + * interface to allow the parser to be configured from the outside. + */ +public abstract class ConfigurableFTPFileEntryParserImpl + extends RegexFTPFileEntryParserImpl + implements Configurable { + + private final FTPTimestampParser timestampParser; + + /** + * constructor for this abstract class. + * + * @param regex Regular expression used main parsing of the + * file listing. + */ + public ConfigurableFTPFileEntryParserImpl(String regex) { + super(regex); + this.timestampParser = new ZonedDateTimeParser(); + } + + /** + * constructor for this abstract class. + * + * @param regex Regular expression used main parsing of the + * file listing. + * @param flags the flags to apply, see + * {@link java.util.regex.Pattern#compile(String, int) Pattern#compile(String, int)}. Use 0 for none. + */ + public ConfigurableFTPFileEntryParserImpl(String regex, int flags) { + super(regex, flags); + this.timestampParser = new ZonedDateTimeParser(); + } + + /** + * This method is called by the concrete parsers to delegate + * timestamp parsing to the timestamp parser. + * + * @param timestampStr the timestamp string pulled from the + * file listing by the regular expression parser, to be submitted + * to the timestampParser for extracting the timestamp. + * @return a java.util.Calendar containing results of the + * timestamp parse. + */ + public ZonedDateTime parseTimestamp(String timestampStr) { + return this.timestampParser.parseTimestamp(timestampStr); + } + + + /** + * Implementation of the {@link Configurable Configurable} + * interface. Configures this parser by delegating to the + * underlying Configurable FTPTimestampParser implementation, ' + * passing it the supplied {@link FTPClientConfig FTPClientConfig} + * if that is non-null or a default configuration defined by + * each concrete subclass. + * + * @param config the configuration to be used to configure this parser. + * If it is null, a default configuration defined by + * each concrete subclass is used instead. + */ + @Override + public void configure(FTPClientConfig config) { + if (this.timestampParser instanceof Configurable) { + FTPClientConfig defaultCfg = getDefaultConfiguration(); + if (config != null) { + if (null == config.getDefaultDateFormatStr()) { + config.setDefaultDateFormatStr(defaultCfg.getDefaultDateFormatStr()); + } + if (null == config.getRecentDateFormatStr()) { + config.setRecentDateFormatStr(defaultCfg.getRecentDateFormatStr()); + } + ((Configurable) this.timestampParser).configure(config); + } else { + ((Configurable) this.timestampParser).configure(defaultCfg); + } + } + } + + /** + * Each concrete subclass must define this member to create + * a default configuration to be used when that subclass is + * instantiated without a {@link FTPClientConfig FTPClientConfig} + * parameter being specified. + * + * @return the default configuration for the subclass. + */ + protected abstract FTPClientConfig getDefaultConfiguration(); +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/DefaultFTPFileEntryParserFactory.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/DefaultFTPFileEntryParserFactory.java new file mode 100644 index 0000000..34df5b7 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/DefaultFTPFileEntryParserFactory.java @@ -0,0 +1,233 @@ +package org.xbib.io.ftp.client.parser; + +import org.xbib.io.ftp.client.Configurable; +import org.xbib.io.ftp.client.FTPClient; +import org.xbib.io.ftp.client.FTPClientConfig; +import org.xbib.io.ftp.client.FTPFileEntryParser; + +import java.util.regex.Pattern; + +/** + * This is the default implementation of the {@link FTPFileEntryParserFactory} interface. + * + * @see FTPClient#listFiles + * @see FTPClient#setParserFactory + */ +public class DefaultFTPFileEntryParserFactory + implements FTPFileEntryParserFactory { + + // Match a plain Java Identifier + private static final String JAVA_IDENTIFIER = "\\p{javaJavaIdentifierStart}(\\p{javaJavaIdentifierPart})*"; + // Match a qualified name, e.g. a.b.c.Name - but don't allow the default package as that would allow "VMS"/"UNIX" etc. + private static final String JAVA_QUALIFIED_NAME = "(" + JAVA_IDENTIFIER + "\\.)+" + JAVA_IDENTIFIER; + // Create the pattern, as it will be reused many times + private static final Pattern JAVA_QUALIFIED_NAME_PATTERN = Pattern.compile(JAVA_QUALIFIED_NAME); + + /** + * This default implementation of the FTPFileEntryParserFactory + * interface works according to the following logic: + * First it attempts to interpret the supplied key as a fully + * qualified classname (default package is not allowed) of a class implementing the + * FTPFileEntryParser interface. If that succeeds, a parser + * object of this class is instantiated and is returned; + * otherwise it attempts to interpret the key as an identirier + * commonly used by the FTP SYST command to identify systems. + *

    + * If key is not recognized as a fully qualified + * classname known to the system, this method will then attempt + * to see whether it contains a string identifying one of + * the known parsers. This comparison is case-insensitive. + * The intent here is where possible, to select as keys strings + * which are returned by the SYST command on the systems which + * the corresponding parser successfully parses. This enables + * this factory to be used in the auto-detection system. + * + * @param key should be a fully qualified classname corresponding to + * a class implementing the FTPFileEntryParser interface
    + * OR
    + * a string containing (case-insensitively) one of the + * following keywords: + *

      + *
    • {@link FTPClientConfig#SYST_UNIX UNIX}
      • + *
    • {@link FTPClientConfig#SYST_NT WINDOWS}
      • + *
    • {@link FTPClientConfig#SYST_OS2 OS/2}
      • + *
    • {@link FTPClientConfig#SYST_OS400 OS/400}
      • + *
    • {@link FTPClientConfig#SYST_AS400 AS/400}
      • + *
    • {@link FTPClientConfig#SYST_VMS VMS}
      • + *
    • {@link FTPClientConfig#SYST_MVS MVS}
      • + *
    • {@link FTPClientConfig#SYST_NETWARE NETWARE}
      • + *
    • {@link FTPClientConfig#SYST_L8 TYPE:L8}
      • + *
    + * @return the FTPFileEntryParser corresponding to the supplied key. + * @throws ParserInitializationException thrown if for any reason the factory cannot resolve + * the supplied key into an FTPFileEntryParser. + * @see FTPFileEntryParser + */ + @Override + public FTPFileEntryParser createFileEntryParser(String key) { + if (key == null) { + throw new ParserInitializationException("Parser key cannot be null"); + } + return createFileEntryParser(key, null); + } + + // Common method to process both key and config parameters. + private FTPFileEntryParser createFileEntryParser(String key, FTPClientConfig config) { + FTPFileEntryParser parser = null; + + // Is the key a possible class name? + if (JAVA_QUALIFIED_NAME_PATTERN.matcher(key).matches()) { + try { + Class parserClass = Class.forName(key); + try { + parser = (FTPFileEntryParser) parserClass.getConstructor().newInstance(); + } catch (ClassCastException e) { + throw new ParserInitializationException(parserClass.getName() + + " does not implement the interface " + + " FTPFileEntryParser.", e); + } catch (Exception | ExceptionInInitializerError e) { + throw new ParserInitializationException("Error initializing parser", e); + } + } catch (ClassNotFoundException e) { + // OK, assume it is an alias + } + } + + if (parser == null) { // Now try for aliases + String ukey = key.toUpperCase(java.util.Locale.ENGLISH); + if (ukey.contains(FTPClientConfig.SYST_UNIX_TRIM_LEADING)) { + parser = new UnixFTPEntryParser(config, true); + } + // must check this after SYST_UNIX_TRIM_LEADING as it is a substring of it + else if (ukey.contains(FTPClientConfig.SYST_UNIX)) { + parser = new UnixFTPEntryParser(config, false); + } else if (ukey.contains(FTPClientConfig.SYST_VMS)) { + parser = new VMSVersioningFTPEntryParser(config); + } else if (ukey.contains(FTPClientConfig.SYST_NT)) { + parser = createNTFTPEntryParser(config); + } else if (ukey.contains(FTPClientConfig.SYST_OS2)) { + parser = new OS2FTPEntryParser(config); + } else if (ukey.contains(FTPClientConfig.SYST_OS400) || + ukey.contains(FTPClientConfig.SYST_AS400)) { + parser = createOS400FTPEntryParser(config); + } else if (ukey.contains(FTPClientConfig.SYST_MVS)) { + parser = new MVSFTPEntryParser(); // Does not currently support config parameter + } else if (ukey.contains(FTPClientConfig.SYST_NETWARE)) { + parser = new NetwareFTPEntryParser(config); + } else if (ukey.contains(FTPClientConfig.SYST_MACOS_PETER)) { + parser = new MacOsPeterFTPEntryParser(config); + } else if (ukey.contains(FTPClientConfig.SYST_L8)) { + // L8 normally means Unix, but move it to the end for some L8 systems that aren't. + // This check should be last! + parser = new UnixFTPEntryParser(config); + } else { + throw new ParserInitializationException("Unknown parser type: " + key); + } + } + + if (parser instanceof Configurable) { + ((Configurable) parser).configure(config); + } + return parser; + } + + /** + *

    Implementation extracts a key from the supplied + * {@link FTPClientConfig FTPClientConfig} + * parameter and creates an object implementing the + * interface FTPFileEntryParser and uses the supplied configuration + * to configure it. + *

    + * Note that this method will generally not be called in scenarios + * that call for autodetection of parser type but rather, for situations + * where the user knows that the server uses a non-default configuration + * and knows what that configuration is. + *

    + * + * @param config A {@link FTPClientConfig FTPClientConfig} + * used to configure the parser created + * @return the @link FTPFileEntryParser FTPFileEntryParser} so created. + * @throws ParserInitializationException Thrown on any exception in instantiation + * @throws NullPointerException if {@code config} is {@code null} + */ + @Override + public FTPFileEntryParser createFileEntryParser(FTPClientConfig config) + throws ParserInitializationException { + String key = config.getServerSystemKey(); + return createFileEntryParser(key, config); + } + + + public FTPFileEntryParser createUnixFTPEntryParser() { + return new UnixFTPEntryParser(); + } + + public FTPFileEntryParser createVMSVersioningFTPEntryParser() { + return new VMSVersioningFTPEntryParser(); + } + + public FTPFileEntryParser createNetwareFTPEntryParser() { + return new NetwareFTPEntryParser(); + } + + public FTPFileEntryParser createNTFTPEntryParser() { + return createNTFTPEntryParser(null); + } + + /** + * Creates an NT FTP parser. + * @param config the config to use, may be {@code null} + * @return the parser + */ + private FTPFileEntryParser createNTFTPEntryParser(FTPClientConfig config) { + if (config != null && FTPClientConfig.SYST_NT.equals( + config.getServerSystemKey())) { + return new NTFTPEntryParser(config); + } else { + // clone the config as it may be changed by the parsers (NET-602) + final FTPClientConfig config2 = (config != null) ? new FTPClientConfig(config) : null; + return new CompositeFileEntryParser(new FTPFileEntryParser[] + { + new NTFTPEntryParser(config), + new UnixFTPEntryParser(config2, + config2 != null && FTPClientConfig.SYST_UNIX_TRIM_LEADING.equals(config2.getServerSystemKey())) + }); + } + } + + public FTPFileEntryParser createOS2FTPEntryParser() { + return new OS2FTPEntryParser(); + } + + public FTPFileEntryParser createOS400FTPEntryParser() { + return createOS400FTPEntryParser(null); + } + + /** + * Creates an OS400 FTP parser. + * + * @param config the config to use, may be {@code null} + * @return the parser + */ + private FTPFileEntryParser createOS400FTPEntryParser(FTPClientConfig config) { + if (config != null && + FTPClientConfig.SYST_OS400.equals(config.getServerSystemKey())) { + return new OS400FTPEntryParser(config); + } else { + // clone the config as it may be changed by the parsers (NET-602) + final FTPClientConfig config2 = (config != null) ? new FTPClientConfig(config) : null; + return new CompositeFileEntryParser(new FTPFileEntryParser[] + { + new OS400FTPEntryParser(config), + new UnixFTPEntryParser(config2, + config2 != null && FTPClientConfig.SYST_UNIX_TRIM_LEADING.equals(config2.getServerSystemKey())) + }); + } + } + + public FTPFileEntryParser createMVSEntryParser() { + return new MVSFTPEntryParser(); + } + +} + diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/EnterpriseUnixFTPEntryParser.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/EnterpriseUnixFTPEntryParser.java new file mode 100644 index 0000000..032636f --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/EnterpriseUnixFTPEntryParser.java @@ -0,0 +1,128 @@ +package org.xbib.io.ftp.client.parser; + +import org.xbib.io.ftp.client.FTPFile; +import org.xbib.io.ftp.client.FTPFileEntryParser; + +import java.time.Month; +import java.time.Year; +import java.time.ZoneId; +import java.time.ZonedDateTime; + +/** + * Parser for the Connect Enterprise Unix FTP Server From Sterling Commerce. + * Here is a sample of the sort of output line this parser processes: + * "-C--E-----FTP B QUA1I1 18128 41 Aug 12 13:56 QUADTEST" + *

    + * Note: EnterpriseUnixFTPEntryParser can only be instantiated through the + * DefaultFTPParserFactory by classname. It will not be chosen + * by the autodetection scheme. + * + * + * @see FTPFileEntryParser (for usage instructions) + * @see DefaultFTPFileEntryParserFactory + */ +public class EnterpriseUnixFTPEntryParser extends RegexFTPFileEntryParserImpl { + + /** + * months abbreviations looked for by this parser. Also used + * to determine which month has been matched by the parser. + */ + private static final String MONTHS = + "(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)"; + + /** + * this is the regular expression used by this parser. + */ + private static final String REGEX = + "(([\\-]|[A-Z])([\\-]|[A-Z])([\\-]|[A-Z])([\\-]|[A-Z])([\\-]|[A-Z])" + + "([\\-]|[A-Z])([\\-]|[A-Z])([\\-]|[A-Z])([\\-]|[A-Z])([\\-]|[A-Z]))" + + "(\\S*)\\s*" // 12 + + "(\\S+)\\s*" // 13 + + "(\\S*)\\s*" // 14 user + + "(\\d*)\\s*" // 15 group + + "(\\d*)\\s*" // 16 filesize + + MONTHS // 17 month + + "\\s*" // TODO should the space be optional? + // TODO \\d* should be \\d? surely ? Otherwise 01111 is allowed + + "((?:[012]\\d*)|(?:3[01]))\\s*" // 18 date [012]\d* or 3[01] + + "((\\d\\d\\d\\d)|((?:[01]\\d)|(?:2[0123])):([012345]\\d))\\s" + // 20 \d\d\d\d = year OR + // 21 [01]\d or 2[0123] hour + ':' + // 22 [012345]\d = minute + + "(\\S*)(\\s*.*)"; // 23 name + + /** + * The sole constructor for a EnterpriseUnixFTPEntryParser object. + */ + public EnterpriseUnixFTPEntryParser() { + super(REGEX); + } + + /** + * Parses a line of a unix FTP server file listing and converts it into a + * usable format in the form of an FTPFile instance. If + * the file listing line doesn't describe a file, null is + * returned, otherwise a FTPFile instance representing the + * files in the directory is returned. + * + * @param entry A line of text from the file listing + * @return An FTPFile instance corresponding to the supplied entry + */ + @Override + public FTPFile parseFTPEntry(String entry) { + FTPFile file = new FTPFile(); + file.setRawListing(entry); + if (matches(entry)) { + String usr = group(14); + String grp = group(15); + String filesize = group(16); + String mo = group(17); + String da = group(18); + String yr = group(20); + String hr = group(21); + String min = group(22); + String name = group(23); + file.setType(FTPFile.FILE_TYPE); + file.setUser(usr); + file.setGroup(grp); + try { + file.setSize(Long.parseLong(filesize)); + } catch (NumberFormatException e) { + // intentionally do nothing + } + try { + if (mo != null && da != null && hr != null && min != null) { + Year year = Year.now(); + int pos = MONTHS.indexOf(mo); + int month = pos / 4; + if (yr != null) { + year = Year.of(Integer.parseInt(yr)); + } else { + if (month > Month.from(ZonedDateTime.now()).getValue()) { + year = year.minusYears(1L); + } + } + int hour = Integer.parseInt(hr); + int minutes = Integer.parseInt(min); + int dayOfMonth = Integer.parseInt(da); + ZonedDateTime zonedDateTime = + ZonedDateTime.of(year.getValue(), month + 1, dayOfMonth, hour, minutes, 0, 0, ZoneId.of("UTC")); + file.setTimestamp(zonedDateTime); + } else if (mo != null && da != null && yr != null) { + int dayOfMonth = Integer.parseInt(da); + int pos = MONTHS.indexOf(mo); + int month = pos / 4; + int year = Integer.parseInt(yr); + ZonedDateTime zonedDateTime = + ZonedDateTime.of(year, month + 1, dayOfMonth, 0, 0, 0, 0, ZoneId.of("UTC")); + file.setTimestamp(zonedDateTime); + } + } catch (NumberFormatException e) { + // do nothing, date will be uninitialized + } + file.setName(name); + return file; + } + return null; + } +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/FTPFileEntryParserFactory.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/FTPFileEntryParserFactory.java new file mode 100644 index 0000000..d5cb9ae --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/FTPFileEntryParserFactory.java @@ -0,0 +1,46 @@ +package org.xbib.io.ftp.client.parser; + +import org.xbib.io.ftp.client.FTPClientConfig; +import org.xbib.io.ftp.client.FTPFileEntryParser; + +/** + * The interface describes a factory for creating FTPFileEntryParsers. + * + */ +public interface FTPFileEntryParserFactory { + /** + * Implementation should be a method that decodes the + * supplied key and creates an object implementing the + * interface FTPFileEntryParser. + * + * @param key A string that somehow identifies an + * FTPFileEntryParser to be created. + * @return the FTPFileEntryParser created. + * @throws ParserInitializationException Thrown on any exception in instantiation + */ + FTPFileEntryParser createFileEntryParser(String key) + throws ParserInitializationException; + + /** + *

    + * Implementation should be a method that extracts + * a key from the supplied {@link FTPClientConfig FTPClientConfig} + * parameter and creates an object implementing the + * interface FTPFileEntryParser and uses the supplied configuration + * to configure it. + *

    + * Note that this method will generally not be called in scenarios + * that call for autodetection of parser type but rather, for situations + * where the user knows that the server uses a non-default configuration + * and knows what that configuration is. + *

    + * + * @param config A {@link FTPClientConfig FTPClientConfig} + * used to configure the parser created + * @return the @link FTPFileEntryParser FTPFileEntryParser} so created. + * @throws ParserInitializationException Thrown on any exception in instantiation + */ + FTPFileEntryParser createFileEntryParser(FTPClientConfig config) + throws ParserInitializationException; + +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/FTPTimestampParser.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/FTPTimestampParser.java new file mode 100644 index 0000000..4252fbc --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/FTPTimestampParser.java @@ -0,0 +1,27 @@ +package org.xbib.io.ftp.client.parser; + +import java.time.ZonedDateTime; + +/** + * This interface specifies the concept of parsing an FTP server's timestamp. + */ +public interface FTPTimestampParser { + + String DEFAULT_DATE_FORMAT = "MMM d yyyy"; //Nov 9 2001 + + String DEFAULT_RECENT_DATE_FORMAT = "MMM d HH:mm"; //Nov 9 20:06 + + String NUMERIC_DATE_FORMAT = "yyyy-MM-dd HH:mm"; //2001-11-09 20:06 + + /** + * Parses the supplied date stamp parameter. This parameter typically would + * have been pulled from a longer FTP listing via the regular expression + * mechanism. + * + * @param timestampStr - the timestamp portion of the FTP directory listing to be parsed + * @return a {@link java.time.ZonedDateTime} object initialized to the date + * parsed by the parser + */ + ZonedDateTime parseTimestamp(String timestampStr); + +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/FTPTimestampParserImpl.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/FTPTimestampParserImpl.java new file mode 100644 index 0000000..63af003 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/FTPTimestampParserImpl.java @@ -0,0 +1,380 @@ +package org.xbib.io.ftp.client.parser; + +import org.xbib.io.ftp.client.Configurable; +import org.xbib.io.ftp.client.FTPClientConfig; + +import java.text.DateFormatSymbols; +import java.text.ParseException; +import java.text.ParsePosition; +import java.text.SimpleDateFormat; +import java.util.Calendar; +import java.util.Date; +import java.util.TimeZone; + +/** + * Default implementation of the {@link FTPTimestampParser FTPTimestampParser} + * interface also implements the {@link Configurable Configurable} + * interface to allow the parsing to be configured from the outside. + * + * @see ConfigurableFTPFileEntryParserImpl + */ +public class FTPTimestampParserImpl implements Configurable { + + /** + * the default default date format. + */ + String DEFAULT_SDF = FTPTimestampParser. DEFAULT_DATE_FORMAT; + /** + * the default recent date format. + */ + String DEFAULT_RECENT_SDF = FTPTimestampParser.DEFAULT_RECENT_DATE_FORMAT; + + /* + * List of units in order of increasing significance. + * This allows the code to clear all units in the Calendar until it + * reaches the least significant unit in the parse string. + * The date formats are analysed to find the least significant + * unit (e.g. Minutes or Milliseconds) and the appropriate index to + * the array is saved. + * This is done by searching the array for the unit specifier, + * and returning the index. When clearing the Calendar units, + * the code loops through the array until the previous entry. + * e.g. for MINUTE it would clear MILLISECOND and SECOND + */ + private static final int[] CALENDAR_UNITS = { + Calendar.MILLISECOND, + Calendar.SECOND, + Calendar.MINUTE, + Calendar.HOUR_OF_DAY, + Calendar.DAY_OF_MONTH, + Calendar.MONTH, + Calendar.YEAR}; + /** + * The date format for all dates, except possibly recent dates. Assumed to include the year. + */ + private SimpleDateFormat defaultDateFormat; + /* The index in CALENDAR_UNITS of the smallest time unit in defaultDateFormat */ + private int defaultDateSmallestUnitIndex; + /** + * The format used for recent dates (which don't have the year). May be null. + */ + private SimpleDateFormat recentDateFormat; + /* The index in CALENDAR_UNITS of the smallest time unit in recentDateFormat */ + private int recentDateSmallestUnitIndex; + private boolean lenientFutureDates = false; + + /** + * The only constructor for this class. + */ + public FTPTimestampParserImpl() { + setDefaultDateFormat(DEFAULT_SDF, null); + setRecentDateFormat(DEFAULT_RECENT_SDF, null); + } + + /* + * Return the index to the array representing the least significant + * unit found in the date format. + * Default is 0 (to avoid dropping precision) + */ + private static int getEntry(SimpleDateFormat dateFormat) { + if (dateFormat == null) { + return 0; + } + final String FORMAT_CHARS = "SsmHdM"; + final String pattern = dateFormat.toPattern(); + for (char ch : FORMAT_CHARS.toCharArray()) { + if (pattern.indexOf(ch) != -1) { // found the character + switch (ch) { + case 'S': + return indexOf(Calendar.MILLISECOND); + case 's': + return indexOf(Calendar.SECOND); + case 'm': + return indexOf(Calendar.MINUTE); + case 'H': + return indexOf(Calendar.HOUR_OF_DAY); + case 'd': + return indexOf(Calendar.DAY_OF_MONTH); + case 'M': + return indexOf(Calendar.MONTH); + } + } + } + return 0; + } + + /* + * Find the entry in the CALENDAR_UNITS array. + */ + private static int indexOf(int calendarUnit) { + int i; + for (i = 0; i < CALENDAR_UNITS.length; i++) { + if (calendarUnit == CALENDAR_UNITS[i]) { + return i; + } + } + return 0; + } + + /* + * Sets the Calendar precision (used by FTPFile#toFormattedDate) by clearing + * the immediately preceeding unit (if any). + * Unfortunately the clear(int) method results in setting all other units. + */ + private static void setPrecision(int index, Calendar working) { + if (index <= 0) { // e.g. MILLISECONDS + return; + } + final int field = CALENDAR_UNITS[index - 1]; + // Just in case the analysis is wrong, stop clearing if + // field value is not the default. + final int value = working.get(field); + if (value != 0) { // don't reset if it has a value +// new Throwable("Unexpected value "+value).printStackTrace(); // DEBUG + } else { + working.clear(field); // reset just the required field + } + } + + /** + * Implements the one {@link FTPTimestampParser#parseTimestamp(String) method} + * in the {@link FTPTimestampParser FTPTimestampParser} interface + * according to this algorithm: + *

    + * If the recentDateFormat member has been defined, try to parse the + * supplied string with that. If that parse fails, or if the recentDateFormat + * member has not been defined, attempt to parse with the defaultDateFormat + * member. If that fails, throw a ParseException. + *

    + * This method assumes that the server time is the same as the local time. + * + * @param timestampStr The timestamp to be parsed + * @return a Calendar with the parsed timestamp + * @see FTPTimestampParserImpl#parseTimestamp(String, Calendar) + * @throws ParseException if timestamp cannot be parsed + */ + //@Override + public Calendar parseTimestamp(String timestampStr) throws ParseException { + Calendar now = Calendar.getInstance(); + return parseTimestamp(timestampStr, now); + } + + /** + * If the recentDateFormat member has been defined, try to parse the + * supplied string with that. If that parse fails, or if the recentDateFormat + * member has not been defined, attempt to parse with the defaultDateFormat + * member. If that fails, throw a ParseException. + * This method allows a {@link Calendar} instance to be passed in which represents the + * current (system) time. + * + * @param timestampStr The timestamp to be parsed + * @param serverTime The current time for the server + * @return the calendar + * @throws ParseException if timestamp cannot be parsed + * @see FTPTimestampParser#parseTimestamp(String) + */ + public Calendar parseTimestamp(String timestampStr, Calendar serverTime) throws ParseException { + Calendar working = (Calendar) serverTime.clone(); + working.setTimeZone(getServerTimeZone()); // is this needed? + Date parsed; + Calendar now = (Calendar) serverTime.clone();// Copy this, because we may change it + now.setTimeZone(this.getServerTimeZone()); + if (recentDateFormat != null) { + if (lenientFutureDates) { + // add a day to "now" so that "slop" doesn't cause a date + // slightly in the future to roll back a full year. (Bug 35181 => NET-83) + now.add(Calendar.DAY_OF_MONTH, 1); + } + // The Java SimpleDateFormat class uses the epoch year 1970 if not present in the input + // As 1970 was not a leap year, it cannot parse "Feb 29" correctly. + // Java 1.5+ returns Mar 1 1970 + // Temporarily add the current year to the short date time + // to cope with short-date leap year strings. + // Since Feb 29 is more that 6 months from the end of the year, this should be OK for + // all instances of short dates which are +- 6 months from current date. + // TODO this won't always work for systems that use short dates +0/-12months + // e.g. if today is Jan 1 2001 and the short date is Feb 29 + String year = Integer.toString(now.get(Calendar.YEAR)); + String timeStampStrPlusYear = timestampStr + " " + year; + SimpleDateFormat hackFormatter = new SimpleDateFormat(recentDateFormat.toPattern() + " yyyy", + recentDateFormat.getDateFormatSymbols()); + hackFormatter.setLenient(false); + hackFormatter.setTimeZone(recentDateFormat.getTimeZone()); + ParsePosition pp = new ParsePosition(0); + parsed = hackFormatter.parse(timeStampStrPlusYear, pp); + // Check if we parsed the full string, if so it must have been a short date originally + if (parsed != null && pp.getIndex() == timeStampStrPlusYear.length()) { + working.setTime(parsed); + if (working.after(now)) { // must have been last year instead + working.add(Calendar.YEAR, -1); + } + setPrecision(recentDateSmallestUnitIndex, working); + return working; + } + } + ParsePosition pp = new ParsePosition(0); + parsed = defaultDateFormat.parse(timestampStr, pp); + // note, length checks are mandatory for us since + // SimpleDateFormat methods will succeed if less than + // full string is matched. They will also accept, + // despite "leniency" setting, a two-digit number as + // a valid year (e.g. 22:04 will parse as 22 A.D.) + // so could mistakenly confuse an hour with a year, + // if we don't insist on full length parsing. + if (parsed != null && pp.getIndex() == timestampStr.length()) { + working.setTime(parsed); + } else { + throw new ParseException("Timestamp '" + timestampStr + "' could not be parsed using a server time of " + + serverTime.getTime().toString(), + pp.getErrorIndex()); + } + setPrecision(defaultDateSmallestUnitIndex, working); + if (working.after(now)) { + working.add(Calendar.YEAR, -1); + } + return working; + } + + /** + * @param format The defaultDateFormat to be set. + * @param dfs the symbols to use (may be null) + */ + private void setDefaultDateFormat(String format, DateFormatSymbols dfs) { + if (format != null) { + if (dfs != null) { + this.defaultDateFormat = new SimpleDateFormat(format, dfs); + } else { + this.defaultDateFormat = new SimpleDateFormat(format); + } + this.defaultDateFormat.setLenient(false); + } else { + this.defaultDateFormat = null; + } + this.defaultDateSmallestUnitIndex = getEntry(this.defaultDateFormat); + } + + /** + * @return Returns the recentDateFormat. + */ + public SimpleDateFormat getRecentDateFormat() { + return recentDateFormat; + } + + /** + * @return Returns the recentDateFormat. + */ + public String getRecentDateFormatString() { + return recentDateFormat.toPattern(); + } + + /** + * @param format The recentDateFormat to set. + * @param dfs the symbols to use (may be null) + */ + private void setRecentDateFormat(String format, DateFormatSymbols dfs) { + if (format != null) { + if (dfs != null) { + this.recentDateFormat = new SimpleDateFormat(format, dfs); + } else { + this.recentDateFormat = new SimpleDateFormat(format); + } + this.recentDateFormat.setLenient(false); + } else { + this.recentDateFormat = null; + } + this.recentDateSmallestUnitIndex = getEntry(this.recentDateFormat); + } + + /** + * @return returns an array of 12 strings representing the short + * month names used by this parse. + */ + public String[] getShortMonths() { + return defaultDateFormat.getDateFormatSymbols().getShortMonths(); + } + + /** + * @return Returns the serverTimeZone used by this parser. + */ + public TimeZone getServerTimeZone() { + return this.defaultDateFormat.getTimeZone(); + } + + /** + * sets a TimeZone represented by the supplied ID string into all + * of the parsers used by this server. + * + * @param serverTimeZoneId Time Id java.util.TimeZone id used by + * the ftp server. If null the client's local time zone is assumed. + */ + private void setServerTimeZone(String serverTimeZoneId) { + TimeZone serverTimeZone = TimeZone.getDefault(); + if (serverTimeZoneId != null) { + serverTimeZone = TimeZone.getTimeZone(serverTimeZoneId); + } + this.defaultDateFormat.setTimeZone(serverTimeZone); + if (this.recentDateFormat != null) { + this.recentDateFormat.setTimeZone(serverTimeZone); + } + } + + /** + * Implementation of the {@link Configurable Configurable} + * interface. Configures this FTPTimestampParser according + * to the following logic: + *

    + * Set up the {@link FTPClientConfig#setDefaultDateFormatStr(String) defaultDateFormat} + * and optionally the {@link FTPClientConfig#setRecentDateFormatStr(String) recentDateFormat} + * to values supplied in the config based on month names configured as follows: + *

    + *
      + *
    • If a {@link FTPClientConfig#setShortMonthNames(String) shortMonthString} + * has been supplied in the config, use that to parse parse timestamps.
      • + *
    • Otherwise, if a {@link FTPClientConfig#setServerLanguageCode(String) serverLanguageCode} + * has been supplied in the config, use the month names represented + * by that {@link FTPClientConfig#lookupDateFormatSymbols(String) language} + * to parse timestamps.
      • + *
    • otherwise use default English month names
      • + *

    + * Finally if a {@link FTPClientConfig#setServerTimeZoneId(String) serverTimeZoneId} + * has been supplied via the config, set that into all date formats that have + * been configured. + *

    + */ + @Override + public void configure(FTPClientConfig config) { + DateFormatSymbols dfs; + String languageCode = config.getServerLanguageCode(); + String shortmonths = config.getShortMonthNames(); + if (shortmonths != null) { + dfs = FTPClientConfig.getDateFormatSymbols(shortmonths); + } else if (languageCode != null) { + dfs = FTPClientConfig.lookupDateFormatSymbols(languageCode); + } else { + dfs = FTPClientConfig.lookupDateFormatSymbols("en"); + } + String recentFormatString = config.getRecentDateFormatStr(); + setRecentDateFormat(recentFormatString, dfs); + String defaultFormatString = config.getDefaultDateFormatStr(); + if (defaultFormatString == null) { + throw new IllegalArgumentException("defaultFormatString cannot be null"); + } + setDefaultDateFormat(defaultFormatString, dfs); + setServerTimeZone(config.getServerTimeZoneId()); + this.lenientFutureDates = config.isLenientFutureDates(); + } + + /** + * @return Returns the lenientFutureDates. + */ + boolean isLenientFutureDates() { + return lenientFutureDates; + } + + /** + * @param lenientFutureDates The lenientFutureDates to set. + */ + void setLenientFutureDates(boolean lenientFutureDates) { + this.lenientFutureDates = lenientFutureDates; + } +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/MLSxEntryParser.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/MLSxEntryParser.java new file mode 100644 index 0000000..451f81a --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/MLSxEntryParser.java @@ -0,0 +1,272 @@ +package org.xbib.io.ftp.client.parser; + +import org.xbib.io.ftp.client.FTPFile; +import org.xbib.io.ftp.client.FTPFileEntryParserImpl; + +import java.time.LocalDate; +import java.time.ZoneId; +import java.time.ZonedDateTime; +import java.time.format.DateTimeFormatter; +import java.time.format.DateTimeFormatterBuilder; +import java.time.format.DateTimeParseException; +import java.time.temporal.ChronoField; +import java.util.HashMap; +import java.util.Locale; +import java.util.Objects; + +/** + * Parser class for MSLT and MLSD replies. See RFC 3659. + *

    + * Format is as follows: + * 

    + * entry            = [ facts ] SP pathname
+ * facts            = 1*( fact ";" )
+ * fact             = factname "=" value
+ * factname         = "Size" / "Modify" / "Create" /
+ *                    "Type" / "Unique" / "Perm" /
+ *                    "Lang" / "Media-Type" / "CharSet" /
+ * os-depend-fact / local-fact
+ * os-depend-fact   = {IANA assigned OS name} "." token
+ * local-fact       = "X." token
+ * value            = *SCHAR
+ *
+ * Sample os-depend-fact:
+ * UNIX.group=0;UNIX.mode=0755;UNIX.owner=0;
+ *
    + * A single control response entry (MLST) is returned with a leading space; + * multiple (data) entries are returned without any leading spaces. + * The parser requires that the leading space from the MLST entry is removed. + * MLSD entries can begin with a single space if there are no facts. + * + */ +public class MLSxEntryParser extends FTPFileEntryParserImpl { + // This class is immutable, so a single instance can be shared. + private static final MLSxEntryParser PARSER = new MLSxEntryParser(); + + private static final HashMap TYPE_TO_INT = new HashMap<>(); + private static final int[] UNIX_GROUPS = { // Groups in order of mode digits + FTPFile.USER_ACCESS, + FTPFile.GROUP_ACCESS, + FTPFile.WORLD_ACCESS, + }; + private static final int[][] UNIX_PERMS = { // perm bits, broken down by octal int value +/* 0 */ {}, +/* 1 */ {FTPFile.EXECUTE_PERMISSION}, +/* 2 */ {FTPFile.WRITE_PERMISSION}, +/* 3 */ {FTPFile.EXECUTE_PERMISSION, FTPFile.WRITE_PERMISSION}, +/* 4 */ {FTPFile.READ_PERMISSION}, +/* 5 */ {FTPFile.READ_PERMISSION, FTPFile.EXECUTE_PERMISSION}, +/* 6 */ {FTPFile.READ_PERMISSION, FTPFile.WRITE_PERMISSION}, +/* 7 */ {FTPFile.READ_PERMISSION, FTPFile.WRITE_PERMISSION, FTPFile.EXECUTE_PERMISSION}, + }; + + static { + TYPE_TO_INT.put("file", FTPFile.FILE_TYPE); + TYPE_TO_INT.put("cdir", FTPFile.DIRECTORY_TYPE); // listed directory + TYPE_TO_INT.put("pdir", FTPFile.DIRECTORY_TYPE); // a parent dir + TYPE_TO_INT.put("dir", FTPFile.DIRECTORY_TYPE); // dir or sub-dir + } + + /** + * Create the parser for MSLT and MSLD listing entries + * This class is immutable, so one can use {@link #getInstance()} instead. + */ + public MLSxEntryParser() { + super(); + } + + /** + * Parse a GMT time stamp of the form YYYYMMDDHHMMSS[.sss] + * + * @param timestamp the date-time to parse + * @return a zoned date time, may be {@code null} + */ + public static ZonedDateTime parseGMTdateTime(String timestamp) { + try { + DateTimeFormatter dateTimeFormatter = new DateTimeFormatterBuilder() + .appendPattern( "yyyyMMddHHmmss.SSS") + .toFormatter() + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.ROOT); + // adjust future dates to one year ago + ZonedDateTime zonedDateTime = ZonedDateTime.parse(timestamp, dateTimeFormatter); + if (zonedDateTime.isAfter(ZonedDateTime.now())) { + zonedDateTime = zonedDateTime.minusYears(1L); + } + return zonedDateTime; + } catch (DateTimeParseException e) { + // + } + try { + DateTimeFormatter dateTimeFormatter = new DateTimeFormatterBuilder() + .appendPattern( "yyyyMMddHHmmss") + .parseDefaulting(ChronoField.MILLI_OF_SECOND, 0) + .toFormatter() + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.ROOT); + // adjust future dates to one year ago + ZonedDateTime zonedDateTime = ZonedDateTime.parse(timestamp, dateTimeFormatter); + if (zonedDateTime.isAfter(ZonedDateTime.now())) { + zonedDateTime = zonedDateTime.minusYears(1L); + } + return zonedDateTime; + } catch (DateTimeParseException e) { + // + } + String[] datePatterns = { + "yyyyMMdd", + "yyyy" + }; + for (String pattern : datePatterns) { + try { + DateTimeFormatter dateTimeFormatter = new DateTimeFormatterBuilder() + .appendPattern(pattern) + .parseDefaulting(ChronoField.MONTH_OF_YEAR, 1) + .parseDefaulting(ChronoField.DAY_OF_MONTH, 1) + .toFormatter(); + LocalDate localDate = LocalDate.parse(timestamp, dateTimeFormatter); + ZonedDateTime zonedDateTime = localDate.atTime(0, 0, 0).atZone(ZoneId.of("UTC")); + // adjust future dates to one year ago + if (zonedDateTime.isAfter(ZonedDateTime.now())) { + zonedDateTime = zonedDateTime.minusYears(1L); + } + return zonedDateTime; + } catch (DateTimeParseException e) { + // + } + } + return null; + } + + public static FTPFile parseEntry(String entry) { + return PARSER.parseFTPEntry(entry); + } + + public static MLSxEntryParser getInstance() { + return PARSER; + } + + @Override + public FTPFile parseFTPEntry(String entry) { + if (entry.startsWith(" ")) {// leading space means no facts are present + if (entry.length() > 1) { // is there a path name? + FTPFile file = new FTPFile(); + file.setRawListing(entry); + file.setName(entry.substring(1)); + return file; + } else { + return null; // Invalid - no pathname + } + } + String[] parts = entry.split(" ", 2); // Path may contain space + if (parts.length != 2 || parts[1].length() == 0) { + return null; // no space found or no file name + } + final String factList = parts[0]; + if (!factList.endsWith(";")) { + return null; + } + FTPFile file = new FTPFile(); + file.setRawListing(entry); + file.setName(parts[1]); + String[] facts = factList.split(";"); + boolean hasUnixMode = parts[0].toLowerCase(Locale.ENGLISH).contains("unix.mode="); + for (String fact : facts) { + String[] factparts = fact.split("=", -1); // Don't drop empty values +// Sample missing permission +// drwx------ 2 mirror mirror 4096 Mar 13 2010 subversion +// modify=20100313224553;perm=;type=dir;unique=811U282598;UNIX.group=500;UNIX.mode=0700;UNIX.owner=500; subversion + if (factparts.length != 2) { + return null; // invalid - there was no "=" sign + } + String factname = factparts[0].toLowerCase(Locale.ENGLISH); + String factvalue = factparts[1]; + if (factvalue.length() == 0) { + continue; // nothing to see here + } + String valueLowerCase = factvalue.toLowerCase(Locale.ENGLISH); + if ("size".equals(factname)) { + file.setSize(Long.parseLong(factvalue)); + } else if ("sizd".equals(factname)) { // Directory size + file.setSize(Long.parseLong(factvalue)); + } else if ("modify".equals(factname)) { + ZonedDateTime parsed = parseGMTdateTime(factvalue); + if (parsed == null) { + return null; + } + file.setTimestamp(parsed); + } else if ("type".equals(factname)) { + Integer intType = TYPE_TO_INT.get(valueLowerCase); + file.setType(Objects.requireNonNullElse(intType, FTPFile.UNKNOWN_TYPE)); + } else if (factname.startsWith("unix.")) { + String unixfact = factname.substring("unix.".length()).toLowerCase(Locale.ENGLISH); + switch (unixfact) { + case "group": + file.setGroup(factvalue); + break; + case "owner": + file.setUser(factvalue); + break; + case "mode": // e.g. 0[1]755 + int off = factvalue.length() - 3; // only parse last 3 digits + for (int i = 0; i < 3; i++) { + int ch = factvalue.charAt(off + i) - '0'; + if (ch >= 0 && ch <= 7) { // Check it's valid octal + for (int p : UNIX_PERMS[ch]) { + file.setPermission(UNIX_GROUPS[i], p, true); + } + } + } + break; + } + } + else if (!hasUnixMode && "perm".equals(factname)) { // skip if we have the UNIX.mode + doUnixPerms(file, valueLowerCase); + } + } + return file; + } + + // perm-fact = "Perm" "=" *pvals + // pvals = "a" / "c" / "d" / "e" / "f" / + // "l" / "m" / "p" / "r" / "w" + private void doUnixPerms(FTPFile file, String valueLowerCase) { + for (char c : valueLowerCase.toCharArray()) { + // TODO these are mostly just guesses at present + switch (c) { + case 'a': // (file) may APPEnd + file.setPermission(FTPFile.USER_ACCESS, FTPFile.WRITE_PERMISSION, true); + break; + case 'c': // (dir) files may be created in the dir + file.setPermission(FTPFile.USER_ACCESS, FTPFile.WRITE_PERMISSION, true); + break; + case 'd': // deletable + file.setPermission(FTPFile.USER_ACCESS, FTPFile.WRITE_PERMISSION, true); + break; + case 'e': // (dir) can change to this dir + file.setPermission(FTPFile.USER_ACCESS, FTPFile.READ_PERMISSION, true); + break; + case 'f': // (file) renamable + // ?? file.setPermission(FTPFile.USER_ACCESS, FTPFile.WRITE_PERMISSION, true); + break; + case 'l': // (dir) can be listed + file.setPermission(FTPFile.USER_ACCESS, FTPFile.EXECUTE_PERMISSION, true); + break; + case 'm': // (dir) can create directory here + file.setPermission(FTPFile.USER_ACCESS, FTPFile.WRITE_PERMISSION, true); + break; + case 'p': // (dir) entries may be deleted + file.setPermission(FTPFile.USER_ACCESS, FTPFile.WRITE_PERMISSION, true); + break; + case 'r': // (files) file may be RETRieved + file.setPermission(FTPFile.USER_ACCESS, FTPFile.READ_PERMISSION, true); + break; + case 'w': // (files) file may be STORed + file.setPermission(FTPFile.USER_ACCESS, FTPFile.WRITE_PERMISSION, true); + break; + default: + break; + } + } + } +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/MVSFTPEntryParser.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/MVSFTPEntryParser.java new file mode 100644 index 0000000..dba71eb --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/MVSFTPEntryParser.java @@ -0,0 +1,488 @@ +package org.xbib.io.ftp.client.parser; + +import org.xbib.io.ftp.client.FTPClientConfig; +import org.xbib.io.ftp.client.FTPFile; +import org.xbib.io.ftp.client.FTPFileEntryParser; + +import java.time.format.DateTimeParseException; +import java.util.List; + +/** + * Implementation of FTPFileEntryParser and FTPFileListParser for IBM zOS/MVS + * Systems. + * + * @see FTPFileEntryParser (for usage instructions) + */ +public class MVSFTPEntryParser extends ConfigurableFTPFileEntryParserImpl { + + static final int UNKNOWN_LIST_TYPE = -1; + static final int FILE_LIST_TYPE = 0; + static final int MEMBER_LIST_TYPE = 1; + static final int UNIX_LIST_TYPE = 2; + static final int JES_LEVEL_1_LIST_TYPE = 3; + static final int JES_LEVEL_2_LIST_TYPE = 4; + /** + * Dates are ignored for file lists, but are used for member lists where + * possible + */ + static final String DEFAULT_DATE_FORMAT = "yyyy/MM/dd HH:mm"; // 2001/09/18 + /** + * Matches these entries: + * 
    +     *  Volume Unit    Referred Ext Used Recfm Lrecl BlkSz Dsorg Dsname
+     *  B10142 3390   2006/03/20  2   31  F       80    80  PS   MDI.OKL.WORK
+     *
    + */ + static final String FILE_LIST_REGEX = "\\S+\\s+" + // volume + // ignored + "\\S+\\s+" + // unit - ignored + "\\S+\\s+" + // access date - ignored + "\\S+\\s+" + // extents -ignored + // If the values are too large, the fields may be merged (NET-639) + "(?:\\S+\\s+)?" + // used - ignored + "[FV]\\S*\\s+" + // recfm - must start with F or V + "\\S+\\s+" + // logical record length -ignored + "\\S+\\s+" + // block size - ignored + "(PS|PO|PO-E)\\s+" + // Dataset organisation. Many exist + // but only support: PS, PO, PO-E + "(\\S+)\\s*"; // Dataset Name (file name) + /** + * Matches these entries: + * 
    +     *   Name      VV.MM   Created       Changed      Size  Init   Mod   Id
+     *   TBSHELF   01.03 2002/09/12 2002/10/11 09:37    11    11     0 KIL001
+     *
    + */ + static final String MEMBER_LIST_REGEX = "(\\S+)\\s+" + // name + "\\S+\\s+" + // version, modification (ignored) + "\\S+\\s+" + // create date (ignored) + "(\\S+)\\s+" + // modification date + "(\\S+)\\s+" + // modification time + "\\S+\\s+" + // size in lines (ignored) + "\\S+\\s+" + // size in lines at creation(ignored) + "\\S+\\s+" + // lines modified (ignored) + "\\S+\\s*"; // id of user who modified (ignored) + // 13:52 + /** + * Matches these entries, note: no header: + * 
    +     *   IBMUSER1  JOB01906  OUTPUT    3 Spool Files
+     *   012345678901234567890123456789012345678901234
+     *             1         2         3         4
+     *
    + */ + static final String JES_LEVEL_1_LIST_REGEX = + "(\\S+)\\s+" + // job name ignored + "(\\S+)\\s+" + // job number + "(\\S+)\\s+" + // job status (OUTPUT,INPUT,ACTIVE) + "(\\S+)\\s+" + // number of spool files + "(\\S+)\\s+" + // Text "Spool" ignored + "(\\S+)\\s*" // Text "Files" ignored + ; + /** + * JES INTERFACE LEVEL 2 parser + * Matches these entries: + * 
    +     * JOBNAME  JOBID    OWNER    STATUS CLASS
+     * IBMUSER1 JOB01906 IBMUSER  OUTPUT A        RC=0000 3 spool files
+     * IBMUSER  TSU01830 IBMUSER  OUTPUT TSU      ABEND=522 3 spool files
+     *
    + * Sample output from FTP session: + * 
    +     * ftp> quote site filetype=jes
+     * 200 SITE command was accepted
+     * ftp> ls
+     * 200 Port request OK.
+     * 125 List started OK for JESJOBNAME=IBMUSER*, JESSTATUS=ALL and JESOWNER=IBMUSER
+     * JOBNAME  JOBID    OWNER    STATUS CLASS
+     * IBMUSER1 JOB01906 IBMUSER  OUTPUT A        RC=0000 3 spool files
+     * IBMUSER  TSU01830 IBMUSER  OUTPUT TSU      ABEND=522 3 spool files
+     * 250 List completed successfully.
+     * ftp> ls job01906
+     * 200 Port request OK.
+     * 125 List started OK for JESJOBNAME=IBMUSER*, JESSTATUS=ALL and JESOWNER=IBMUSER
+     * JOBNAME  JOBID    OWNER    STATUS CLASS
+     * IBMUSER1 JOB01906 IBMUSER  OUTPUT A        RC=0000
+     * --------
+     * ID  STEPNAME PROCSTEP C DDNAME   BYTE-COUNT
+     * 001 JES2              A JESMSGLG       858
+     * 002 JES2              A JESJCL         128
+     * 003 JES2              A JESYSMSG       443
+     * 3 spool files
+     * 250 List completed successfully.
+     *
    + */ + + static final String JES_LEVEL_2_LIST_REGEX = + "(\\S+)\\s+" + // job name ignored + "(\\S+)\\s+" + // job number + "(\\S+)\\s+" + // owner ignored + "(\\S+)\\s+" + // job status (OUTPUT,INPUT,ACTIVE) ignored + "(\\S+)\\s+" + // job class ignored + "(\\S+).*" // rest ignored + ; + private int isType = UNKNOWN_LIST_TYPE; + /** + * Fallback parser for Unix-style listings + */ + private UnixFTPEntryParser unixFTPEntryParser; + + /* + * Very brief and incomplete description of the zOS/MVS-filesystem. (Note: + * "zOS" is the operating system on the mainframe, and is the new name for + * MVS) + * + * The filesystem on the mainframe does not have hierarchal structure as for + * example the unix filesystem. For a more comprehensive description, please + * refer to the IBM manuals + * + * @LINK: + * http://publibfp.boulder.ibm.com/cgi-bin/bookmgr/BOOKS/dgt2d440/CONTENTS + * + * + * Dataset names ============= + * + * A dataset name consist of a number of qualifiers separated by '.', each + * qualifier can be at most 8 characters, and the total length of a dataset + * can be max 44 characters including the dots. + * + * + * Dataset organisation ==================== + * + * A dataset represents a piece of storage allocated on one or more disks. + * The structure of the storage is described with the field dataset + * organinsation (DSORG). There are a number of dataset organisations, but + * only two are usable for FTP transfer. + * + * DSORG: PS: sequential, or flat file PO: partitioned dataset PO-E: + * extended partitioned dataset + * + * The PS file is just a flat file, as you would find it on the unix file + * system. + * + * The PO and PO-E files, can be compared to a single level directory + * structure. A PO file consist of a number of dataset members, or files if + * you will. It is possible to CD into the file, and to retrieve the + * individual members. + * + * + * Dataset record format ===================== + * + * The physical layout of the dataset is described on the dataset itself. + * There are a number of record formats (RECFM), but just a few is relavant + * for the FTP transfer. + * + * Any one beginning with either F or V can safely used by FTP transfer. All + * others should only be used with great care, so this version will just + * ignore the other record formats. F means a fixed number of records per + * allocated storage, and V means a variable number of records. + * + * + * Other notes =========== + * + * The file system supports automatically backup and retrieval of datasets. + * If a file is backed up, the ftp LIST command will return: ARCIVE Not + * Direct Access Device KJ.IOP998.ERROR.PL.UNITTEST + * + * + * Implementation notes ==================== + * + * Only datasets that have dsorg PS, PO or PO-E and have recfm beginning + * with F or V, is fully parsed. + * + * The following fields in FTPFile is used: FTPFile.Rawlisting: Always set. + * FTPFile.Type: DIRECTORY_TYPE or FILE_TYPE or UNKNOWN FTPFile.Name: name + * FTPFile.Timestamp: change time or null + * + * + * + * Additional information ====================== + * + * The MVS ftp server supports a number of features via the FTP interface. + * The features are controlled with the FTP command quote site filetype= + * SEQ is the default and used for normal file transfer JES is used to + * interact with the Job Entry Subsystem (JES) similar to a job scheduler + * DB2 is used to interact with a DB2 subsystem + * + * This parser supports SEQ and JES. + * + * + * + * + * + * + */ + + /** + * The sole constructor for a MVSFTPEntryParser object. + */ + public MVSFTPEntryParser() { + super(""); // note the regex is set in preParse. + super.configure(null); // configure parser with default configurations + } + + /** + * Parses a line of an z/OS - MVS FTP server file listing and converts it + * into a usable format in the form of an FTPFile instance. + * If the file listing line doesn't describe a file, then + * null is returned. Otherwise a FTPFile + * instance representing the file is returned. + * + * @param entry A line of text from the file listing + * @return An FTPFile instance corresponding to the supplied entry + */ + @Override + public FTPFile parseFTPEntry(String entry) { + if (isType == FILE_LIST_TYPE) { + return parseFileList(entry); + } else if (isType == MEMBER_LIST_TYPE) { + return parseMemberList(entry); + } else if (isType == UNIX_LIST_TYPE) { + return unixFTPEntryParser.parseFTPEntry(entry); + } else if (isType == JES_LEVEL_1_LIST_TYPE) { + return parseJeslevel1List(entry); + } else if (isType == JES_LEVEL_2_LIST_TYPE) { + return parseJeslevel2List(entry); + } + + return null; + } + + /** + * Parse entries representing a dataset list. Only datasets with DSORG PS or + * PO or PO-E and with RECFM F* or V* will be parsed. + *

    + * Format of ZOS/MVS file list: 1 2 3 4 5 6 7 8 9 10 Volume Unit Referred + * Ext Used Recfm Lrecl BlkSz Dsorg Dsname B10142 3390 2006/03/20 2 31 F 80 + * 80 PS MDI.OKL.WORK ARCIVE Not Direct Access Device + * KJ.IOP998.ERROR.PL.UNITTEST B1N231 3390 2006/03/20 1 15 VB 256 27998 PO + * PLU B1N231 3390 2006/03/20 1 15 VB 256 27998 PO-E PLB + *

    + * ----------------------------------- Group within Regex [1] Volume [2] + * Unit [3] Referred [4] Ext: number of extents [5] Used [6] Recfm: Record + * format [7] Lrecl: Logical record length [8] BlkSz: Block size [9] Dsorg: + * Dataset organisation. Many exists but only support: PS, PO, PO-E [10] + * Dsname: Dataset name + *

    + * Note: When volume is ARCIVE, it means the dataset is stored somewhere in + * a tape archive. These entries is currently not supported by this parser. + * A null value is returned. + * + * @param entry zosDirectoryEntry + * @return null: entry was not parsed. + */ + private FTPFile parseFileList(String entry) { + if (matches(entry)) { + FTPFile file = new FTPFile(); + file.setRawListing(entry); + String name = group(2); + String dsorg = group(1); + file.setName(name); + + // DSORG + if ("PS".equals(dsorg)) { + file.setType(FTPFile.FILE_TYPE); + } else if ("PO".equals(dsorg) || "PO-E".equals(dsorg)) { + // regex already ruled out anything other than PO or PO-E + file.setType(FTPFile.DIRECTORY_TYPE); + } else { + return null; + } + + return file; + } + + return null; + } + + /** + * Parse entries within a partitioned dataset. + *

    + * Format of a memberlist within a PDS: + * 

    +     *    0         1        2          3        4     5     6      7    8
+     *   Name      VV.MM   Created       Changed      Size  Init   Mod   Id
+     *   TBSHELF   01.03 2002/09/12 2002/10/11 09:37    11    11     0 KIL001
+     *   TBTOOL    01.12 2002/09/12 2004/11/26 19:54    51    28     0 KIL001
+     *
+     * -------------------------------------------
+     * [1] Name
+     * [2] VV.MM: Version . modification
+     * [3] Created: yyyy / MM / dd
+     * [4,5] Changed: yyyy / MM / dd HH:mm
+     * [6] Size: number of lines
+     * [7] Init: number of lines when first created
+     * [8] Mod: number of modified lines a last save
+     * [9] Id: User id for last update
+     *
    + * + * @param entry zosDirectoryEntry + * @return null: entry was not parsed. + */ + private FTPFile parseMemberList(String entry) { + FTPFile file = new FTPFile(); + if (matches(entry)) { + file.setRawListing(entry); + String name = group(1); + String datestr = group(2) + " " + group(3); + file.setName(name); + file.setType(FTPFile.FILE_TYPE); + try { + file.setTimestamp(super.parseTimestamp(datestr)); + } catch (DateTimeParseException e) { + // just ignore parsing errors. + // TODO check this is ok + // Drop thru to try simple parser + } + return file; + } + + /* + * Assigns the name to the first word of the entry. Only to be used from a + * safe context, for example from a memberlist, where the regex for some + * reason fails. Then just assign the name field of FTPFile. + */ + if (entry != null && entry.trim().length() > 0) { + file.setRawListing(entry); + String name = entry.split(" ")[0]; + file.setName(name); + file.setType(FTPFile.FILE_TYPE); + return file; + } + return null; + } + + /** + * Matches these entries, note: no header: + * 
    +     * [1]      [2]      [3]   [4] [5]
+     * IBMUSER1 JOB01906 OUTPUT 3 Spool Files
+     * 012345678901234567890123456789012345678901234
+     *           1         2         3         4
+     * -------------------------------------------
+     * Group in regex
+     * [1] Job name
+     * [2] Job number
+     * [3] Job status (INPUT,ACTIVE,OUTPUT)
+     * [4] Number of sysout files
+     * [5] The string "Spool Files"
+     *
    + * + * @param entry zosDirectoryEntry + * @return null: entry was not parsed. + */ + private FTPFile parseJeslevel1List(String entry) { + if (matches(entry)) { + FTPFile file = new FTPFile(); + if (group(3).equalsIgnoreCase("OUTPUT")) { + file.setRawListing(entry); + String name = group(2); /* Job Number, used by GET */ + file.setName(name); + file.setType(FTPFile.FILE_TYPE); + return file; + } + } + + return null; + } + + /** + * Matches these entries: + * 
    +     * [1]      [2]      [3]     [4]    [5]
+     * JOBNAME  JOBID    OWNER   STATUS CLASS
+     * IBMUSER1 JOB01906 IBMUSER OUTPUT A       RC=0000 3 spool files
+     * IBMUSER  TSU01830 IBMUSER OUTPUT TSU     ABEND=522 3 spool files
+     * 012345678901234567890123456789012345678901234
+     *           1         2         3         4
+     * -------------------------------------------
+     * Group in regex
+     * [1] Job name
+     * [2] Job number
+     * [3] Owner
+     * [4] Job status (INPUT,ACTIVE,OUTPUT)
+     * [5] Job Class
+     * [6] The rest
+     *
    + * + * @param entry zosDirectoryEntry + * @return null: entry was not parsed. + */ + private FTPFile parseJeslevel2List(String entry) { + if (matches(entry)) { + FTPFile file = new FTPFile(); + if (group(4).equalsIgnoreCase("OUTPUT")) { + file.setRawListing(entry); + String name = group(2); /* Job Number, used by GET */ + file.setName(name); + file.setType(FTPFile.FILE_TYPE); + return file; + } + } + + return null; + } + + /** + * preParse is called as part of the interface. Per definition is is called + * before the parsing takes place. + * Three kind of lists is recognize: + * z/OS-MVS File lists + * z/OS-MVS Member lists + * unix file lists + * + */ + @Override + public List preParse(List orig) { + // simply remove the header line. Composite logic will take care of the + // two different types of + // list in short order. + if (orig != null && orig.size() > 0) { + String header = orig.get(0); + if (header.contains("Volume") && header.contains("Dsname")) { + setType(FILE_LIST_TYPE); + super.setRegex(FILE_LIST_REGEX); + } else if (header.contains("Name") && header.contains("Id")) { + setType(MEMBER_LIST_TYPE); + super.setRegex(MEMBER_LIST_REGEX); + } else if (header.indexOf("total") == 0) { + setType(UNIX_LIST_TYPE); + unixFTPEntryParser = new UnixFTPEntryParser(); + } else if (header.indexOf("Spool Files") >= 30) { + setType(JES_LEVEL_1_LIST_TYPE); + super.setRegex(JES_LEVEL_1_LIST_REGEX); + } else if (header.indexOf("JOBNAME") == 0 + && header.indexOf("JOBID") > 8) {// header contains JOBNAME JOBID OWNER // STATUS CLASS + setType(JES_LEVEL_2_LIST_TYPE); + super.setRegex(JES_LEVEL_2_LIST_REGEX); + } else { + setType(UNKNOWN_LIST_TYPE); + } + + if (isType != JES_LEVEL_1_LIST_TYPE) { // remove header is necessary + orig.remove(0); + } + } + + return orig; + } + + /** + * Explicitly set the type of listing being processed. + * + * @param type The listing type. + */ + void setType(int type) { + isType = type; + } + + /* + * @return + */ + @Override + protected FTPClientConfig getDefaultConfiguration() { + return new FTPClientConfig(FTPClientConfig.SYST_MVS, + DEFAULT_DATE_FORMAT, null); + } + +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/MacOsPeterFTPEntryParser.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/MacOsPeterFTPEntryParser.java new file mode 100644 index 0000000..4c8882d --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/MacOsPeterFTPEntryParser.java @@ -0,0 +1,229 @@ +package org.xbib.io.ftp.client.parser; + +import org.xbib.io.ftp.client.FTPClientConfig; +import org.xbib.io.ftp.client.FTPFile; +import org.xbib.io.ftp.client.FTPFileEntryParser; + +import java.time.format.DateTimeParseException; + + +/** + * Implementation FTPFileEntryParser and FTPFileListParser for pre MacOS-X Systems. + * + * @see FTPFileEntryParser (for usage instructions) + */ +public class MacOsPeterFTPEntryParser extends ConfigurableFTPFileEntryParserImpl { + + static final String DEFAULT_DATE_FORMAT = "MMM d yyyy"; //Nov 9 2001 + + static final String DEFAULT_RECENT_DATE_FORMAT = "MMM d HH:mm"; //Nov 9 20:06 + + /** + * this is the regular expression used by this parser. + *

    + * Permissions: + * r the file is readable + * w the file is writable + * x the file is executable + * - the indicated permission is not granted + * L mandatory locking occurs during access (the set-group-ID bit is + * on and the group execution bit is off) + * s the set-user-ID or set-group-ID bit is on, and the corresponding + * user or group execution bit is also on + * S undefined bit-state (the set-user-ID bit is on and the user + * execution bit is off) + * t the 1000 (octal) bit, or sticky bit, is on [see chmod(1)], and + * execution is on + * T the 1000 bit is turned on, and execution is off (undefined bit- + * state) + * e z/OS external link bit + */ + private static final String REGEX = + "([bcdelfmpSs-])" // type (1) + + "(((r|-)(w|-)([xsStTL-]))((r|-)(w|-)([xsStTL-]))((r|-)(w|-)([xsStTL-])))\\+?\\s+" // permission + + "(" + + "(folder\\s+)" + + "|" + + "((\\d+)\\s+(\\d+)\\s+)" // resource size & data size + + ")" + + "(\\d+)\\s+" // size + /* + * numeric or standard format date: + * yyyy-mm-dd (expecting hh:mm to follow) + * MMM [d]d + * [d]d MMM + * N.B. use non-space for MMM to allow for languages such as German which use + * diacritics (e.g. umlaut) in some abbreviations. + */ + + "((?:\\d+[-/]\\d+[-/]\\d+)|(?:\\S{3}\\s+\\d{1,2})|(?:\\d{1,2}\\s+\\S{3}))\\s+" + /* + year (for non-recent standard format) - yyyy + or time (for numeric or recent standard format) [h]h:mm + */ + + "(\\d+(?::\\d+)?)\\s+" + + + "(\\S*)(\\s*.*)"; // the rest + + + /** + * The default constructor for a UnixFTPEntryParser object. + * + * @throws IllegalArgumentException Thrown if the regular expression is unparseable. Should not be seen + * under normal conditions. It it is seen, this is a sign that + * REGEX is not a valid regular expression. + */ + public MacOsPeterFTPEntryParser() { + this(null); + } + + /** + * This constructor allows the creation of a UnixFTPEntryParser object with + * something other than the default configuration. + * + * @param config The {@link FTPClientConfig configuration} object used to + * configure this parser. + * @throws IllegalArgumentException Thrown if the regular expression is unparseable. Should not be seen + * under normal conditions. It it is seen, this is a sign that + * REGEX is not a valid regular expression. + */ + public MacOsPeterFTPEntryParser(FTPClientConfig config) { + super(REGEX); + configure(config); + } + + /** + * Parses a line of a unix (standard) FTP server file listing and converts + * it into a usable format in the form of an FTPFile + * instance. If the file listing line doesn't describe a file, + * null is returned, otherwise a FTPFile + * instance representing the files in the directory is returned. + * + * @param entry A line of text from the file listing + * @return An FTPFile instance corresponding to the supplied entry + */ + @Override + public FTPFile parseFTPEntry(String entry) { + FTPFile file = new FTPFile(); + file.setRawListing(entry); + int type; + boolean isDevice = false; + + if (matches(entry)) { + String typeStr = group(1); + String hardLinkCount = "0"; + String usr = null; + String grp = null; + String filesize = group(20); + String datestr = group(21) + " " + group(22); + String name = group(23); + String endtoken = group(24); + + try { + file.setTimestamp(super.parseTimestamp(datestr)); + } catch (DateTimeParseException e) { + } + + // A 'whiteout' file is an ARTIFICIAL entry in any of several types of + // 'translucent' filesystems, of which a 'union' filesystem is one. + + // bcdelfmpSs- + switch (typeStr.charAt(0)) { + case 'd': + type = FTPFile.DIRECTORY_TYPE; + break; + case 'e': // NET-39 => z/OS external link + type = FTPFile.SYMBOLIC_LINK_TYPE; + break; + case 'l': + type = FTPFile.SYMBOLIC_LINK_TYPE; + break; + case 'b': + case 'c': + isDevice = true; + type = FTPFile.FILE_TYPE; // TODO change this if DEVICE_TYPE implemented + break; + case 'f': + case '-': + type = FTPFile.FILE_TYPE; + break; + default: // e.g. ? and w = whiteout + type = FTPFile.UNKNOWN_TYPE; + } + + file.setType(type); + + int g = 4; + for (int access = 0; access < 3; access++, g += 4) { + // Use != '-' to avoid having to check for suid and sticky bits + file.setPermission(access, FTPFile.READ_PERMISSION, + (!group(g).equals("-"))); + file.setPermission(access, FTPFile.WRITE_PERMISSION, + (!group(g + 1).equals("-"))); + + String execPerm = group(g + 2); + if (!execPerm.equals("-") && !Character.isUpperCase(execPerm.charAt(0))) { + file.setPermission(access, FTPFile.EXECUTE_PERMISSION, true); + } else { + file.setPermission(access, FTPFile.EXECUTE_PERMISSION, false); + } + } + + if (!isDevice) { + try { + file.setHardLinkCount(Integer.parseInt(hardLinkCount)); + } catch (NumberFormatException e) { + // intentionally do nothing + } + } + + file.setUser(usr); + file.setGroup(grp); + + try { + file.setSize(Long.parseLong(filesize)); + } catch (NumberFormatException e) { + // intentionally do nothing + } + + if (null == endtoken) { + file.setName(name); + } else { + // oddball cases like symbolic links, file names + // with spaces in them. + name += endtoken; + if (type == FTPFile.SYMBOLIC_LINK_TYPE) { + + int end = name.indexOf(" -> "); + // Give up if no link indicator is present + if (end == -1) { + file.setName(name); + } else { + file.setName(name.substring(0, end)); + file.setLink(name.substring(end + 4)); + } + + } else { + file.setName(name); + } + } + return file; + } + return null; + } + + /** + * Defines a default configuration to be used when this class is + * instantiated without a {@link FTPClientConfig FTPClientConfig} + * parameter being specified. + * + * @return the default configuration for this parser. + */ + @Override + protected FTPClientConfig getDefaultConfiguration() { + return new FTPClientConfig( + FTPClientConfig.SYST_UNIX, + DEFAULT_DATE_FORMAT, + DEFAULT_RECENT_DATE_FORMAT); + } + +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/NTFTPEntryParser.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/NTFTPEntryParser.java new file mode 100644 index 0000000..091fbfb --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/NTFTPEntryParser.java @@ -0,0 +1,116 @@ +package org.xbib.io.ftp.client.parser; + +import org.xbib.io.ftp.client.FTPClientConfig; +import org.xbib.io.ftp.client.FTPFile; +import org.xbib.io.ftp.client.FTPFileEntryParser; + +import java.time.format.DateTimeParseException; +import java.util.regex.Pattern; + +/** + * Implementation of FTPFileEntryParser and FTPFileListParser for NT Systems. + * + * @see FTPFileEntryParser (for usage instructions) + */ +public class NTFTPEntryParser extends ConfigurableFTPFileEntryParserImpl { + + /** + * this is the regular expression used by this parser. + */ + private static final String REGEX = + "(\\S+)\\s+(\\S+)\\s+" // MM-dd-yy whitespace hh:mma|kk:mm; swallow trailing spaces + + "(?:(

    )|([0-9]+))\\s+" // or ddddd; swallow trailing spaces + + "(\\S.*)"; // First non-space followed by rest of line (name) + private final FTPTimestampParser timestampParser; + + /** + * The sole constructor for an NTFTPEntryParser object. + * + * @throws IllegalArgumentException Thrown if the regular expression is unparseable. Should not be seen + * under normal conditions. It it is seen, this is a sign that + * REGEX is not a valid regular expression. + */ + public NTFTPEntryParser() { + this(null); + } + + /** + * This constructor allows the creation of an NTFTPEntryParser object + * with something other than the default configuration. + * + * @param config The {@link FTPClientConfig configuration} object used to + * configure this parser. + * @throws IllegalArgumentException Thrown if the regular expression is unparseable. Should not be seen + * under normal conditions. It it is seen, this is a sign that + * REGEX is not a valid regular expression. + */ + public NTFTPEntryParser(FTPClientConfig config) { + super(REGEX, Pattern.DOTALL); + configure(config); + this.timestampParser = new ZonedDateTimeParser(); + } + + /** + * Parses a line of an NT FTP server file listing and converts it into a + * usable format in the form of an FTPFile instance. If the + * file listing line doesn't describe a file, null is + * returned, otherwise a FTPFile instance representing the + * files in the directory is returned. + * + * @param entry A line of text from the file listing + * @return An FTPFile instance corresponding to the supplied entry + */ + @Override + public FTPFile parseFTPEntry(String entry) { + FTPFile f = new FTPFile(); + f.setRawListing(entry); + + if (matches(entry)) { + String datestr = group(1) + " " + group(2); + String dirString = group(3); + String size = group(4); + String name = group(5); + try { + f.setTimestamp(super.parseTimestamp(datestr)); + } catch (DateTimeParseException e) { + // parsing fails, try the other date format + try { + f.setTimestamp(timestampParser.parseTimestamp(datestr)); + } catch (DateTimeParseException e2) { + // intentionally do nothing + } + } + + if (null == name || name.equals(".") || name.equals("..")) { + return (null); + } + f.setName(name); + + + if ("".equals(dirString)) { + f.setType(FTPFile.DIRECTORY_TYPE); + f.setSize(0); + } else { + f.setType(FTPFile.FILE_TYPE); + if (null != size) { + f.setSize(Long.parseLong(size)); + } + } + return (f); + } + return null; + } + + /** + * Defines a default configuration to be used when this class is + * instantiated without a {@link FTPClientConfig FTPClientConfig} + * parameter being specified. + * + * @return the default configuration for this parser. + */ + @Override + public FTPClientConfig getDefaultConfiguration() { + return new FTPClientConfig(FTPClientConfig.SYST_NT, null, null); + } + +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/NetwareFTPEntryParser.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/NetwareFTPEntryParser.java new file mode 100644 index 0000000..65f6f00 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/NetwareFTPEntryParser.java @@ -0,0 +1,158 @@ +package org.xbib.io.ftp.client.parser; + +import org.xbib.io.ftp.client.FTPClientConfig; +import org.xbib.io.ftp.client.FTPFile; +import org.xbib.io.ftp.client.FTPFileEntryParser; + +import java.time.format.DateTimeParseException; + + +/** + * Implementation of FTPFileEntryParser and FTPFileListParser for Netware Systems. Note that some of the proprietary + * extensions for Novell-specific operations are not supported. See + * + * http://www.novell.com/documentation/nw65/index.html?page=/documentation/nw65/ftp_enu/data/fbhbgcfa.html + * for more details. + * + * @see FTPFileEntryParser FTPFileEntryParser (for usage instructions) + */ +public class NetwareFTPEntryParser extends ConfigurableFTPFileEntryParserImpl { + + /** + * Default date format is e.g. Feb 22 2006 + */ + private static final String DEFAULT_DATE_FORMAT = "MMM dd yyyy"; + + /** + * Default recent date format is e.g. Feb 22 17:32 + */ + private static final String DEFAULT_RECENT_DATE_FORMAT = "MMM dd HH:mm"; + + /** + * this is the regular expression used by this parser. + * Example: d [-W---F--] SCION_VOL2 512 Apr 13 23:12 VOL2 + */ + private static final String REGEX = "(d|-){1}\\s+" // Directory/file flag + + "\\[([-A-Z]+)\\]\\s+" // Attributes RWCEAFMS or - + + "(\\S+)\\s+" + "(\\d+)\\s+" // Owner and size + + "(\\S+\\s+\\S+\\s+((\\d+:\\d+)|(\\d{4})))" // Long/short date format + + "\\s+(.*)"; // Filename (incl. spaces) + + /** + * The default constructor for a NetwareFTPEntryParser object. + * + * @throws IllegalArgumentException Thrown if the regular expression is unparseable. Should not be seen + * under normal conditions. It it is seen, this is a sign that + * REGEX is not a valid regular expression. + */ + public NetwareFTPEntryParser() { + this(null); + } + + /** + * This constructor allows the creation of an NetwareFTPEntryParser object + * with something other than the default configuration. + * + * @param config The {@link FTPClientConfig configuration} object used to + * configure this parser. + * @throws IllegalArgumentException Thrown if the regular expression is unparseable. Should not be seen + * under normal conditions. It it is seen, this is a sign that + * REGEX is not a valid regular expression. + */ + public NetwareFTPEntryParser(FTPClientConfig config) { + super(REGEX); + configure(config); + } + + /** + * Parses a line of an NetwareFTP server file listing and converts it into a + * usable format in the form of an FTPFile instance. If the + * file listing line doesn't describe a file, null is + * returned, otherwise a FTPFile instance representing the + * files in the directory is returned. + *

    + * Netware file permissions are in the following format: RWCEAFMS, and are explained as follows: + *

      + *
    • S - Supervisor; All rights. + *
    • R - Read; Right to open and read or execute. + *
    • W - Write; Right to open and modify. + *
    • C - Create; Right to create; when assigned to a file, allows a deleted file to be recovered. + *
    • E - Erase; Right to delete. + *
    • M - Modify; Right to rename a file and to change attributes. + *
    • F - File Scan; Right to see directory or file listings. + *
    • A - Access Control; Right to modify trustee assignments and the Inherited Rights Mask. + *
    + *

    + * See + * + * here + * for more details + * + * @param entry A line of text from the file listing + * @return An FTPFile instance corresponding to the supplied entry + */ + @Override + public FTPFile parseFTPEntry(String entry) { + + FTPFile f = new FTPFile(); + if (matches(entry)) { + String dirString = group(1); + String attrib = group(2); + String user = group(3); + String size = group(4); + String datestr = group(5); + String name = group(9); + + try { + f.setTimestamp(super.parseTimestamp(datestr)); + } catch (DateTimeParseException e) { + // intentionally do nothing + } + + //is it a DIR or a file + if (dirString.trim().equals("d")) { + f.setType(FTPFile.DIRECTORY_TYPE); + } else // Should be "-" + { + f.setType(FTPFile.FILE_TYPE); + } + + f.setUser(user); + + //set the name + f.setName(name.trim()); + + //set the size + f.setSize(Long.parseLong(size.trim())); + + // Now set the permissions (or at least a subset thereof - full permissions would probably require + // subclassing FTPFile and adding extra metainformation there) + if (attrib.indexOf('R') != -1) { + f.setPermission(FTPFile.USER_ACCESS, FTPFile.READ_PERMISSION, + true); + } + if (attrib.indexOf('W') != -1) { + f.setPermission(FTPFile.USER_ACCESS, FTPFile.WRITE_PERMISSION, + true); + } + + return (f); + } + return null; + + } + + /** + * Defines a default configuration to be used when this class is + * instantiated without a {@link FTPClientConfig FTPClientConfig} + * parameter being specified. + * + * @return the default configuration for this parser. + */ + @Override + protected FTPClientConfig getDefaultConfiguration() { + return new FTPClientConfig(FTPClientConfig.SYST_NETWARE, + DEFAULT_DATE_FORMAT, DEFAULT_RECENT_DATE_FORMAT); + } + +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/OS2FTPEntryParser.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/OS2FTPEntryParser.java new file mode 100644 index 0000000..42e68de --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/OS2FTPEntryParser.java @@ -0,0 +1,111 @@ +package org.xbib.io.ftp.client.parser; + +import org.xbib.io.ftp.client.FTPClientConfig; +import org.xbib.io.ftp.client.FTPFile; +import org.xbib.io.ftp.client.FTPFileEntryParser; + +import java.time.format.DateTimeParseException; + + +/** + * Implementation of FTPFileEntryParser and FTPFileListParser for OS2 Systems. + * + * @see FTPFileEntryParser (for usage instructions) + */ +public class OS2FTPEntryParser extends ConfigurableFTPFileEntryParserImpl { + /** + * this is the regular expression used by this parser. + */ + private static final String REGEX = + "\\s*([0-9]+)\\s*" + + "(\\s+|[A-Z]+)\\s*" + + "(DIR|\\s+)\\s*" + + "(\\S+)\\s+(\\S+)\\s+" /* date stuff */ + + "(\\S.*)"; + + /** + * The default constructor for a OS2FTPEntryParser object. + * + * @throws IllegalArgumentException Thrown if the regular expression is unparseable. Should not be seen + * under normal conditions. It it is seen, this is a sign that + * REGEX is not a valid regular expression. + */ + public OS2FTPEntryParser() { + this(null); + } + + /** + * This constructor allows the creation of an OS2FTPEntryParser object + * with something other than the default configuration. + * + * @param config The {@link FTPClientConfig configuration} object used to + * configure this parser. + * @throws IllegalArgumentException Thrown if the regular expression is unparseable. Should not be seen + * under normal conditions. It it is seen, this is a sign that + * REGEX is not a valid regular expression. + */ + public OS2FTPEntryParser(FTPClientConfig config) { + super(REGEX); + configure(config); + } + + /** + * Parses a line of an OS2 FTP server file listing and converts it into a + * usable format in the form of an FTPFile instance. If the + * file listing line doesn't describe a file, null is + * returned, otherwise a FTPFile instance representing the + * files in the directory is returned. + * + * @param entry A line of text from the file listing + * @return An FTPFile instance corresponding to the supplied entry + */ + @Override + public FTPFile parseFTPEntry(String entry) { + + FTPFile f = new FTPFile(); + if (matches(entry)) { + String size = group(1); + String attrib = group(2); + String dirString = group(3); + String datestr = group(4) + " " + group(5); + String name = group(6); + try { + f.setTimestamp(super.parseTimestamp(datestr)); + } catch (DateTimeParseException e) { + // intentionally do nothing + } + + + //is it a DIR or a file + if (dirString.trim().equals("DIR") || attrib.trim().equals("DIR")) { + f.setType(FTPFile.DIRECTORY_TYPE); + } else { + f.setType(FTPFile.FILE_TYPE); + } + + + //set the name + f.setName(name.trim()); + + //set the size + f.setSize(Long.parseLong(size.trim())); + + return (f); + } + return null; + + } + + /** + * Defines a default configuration to be used when this class is + * instantiated without a {@link FTPClientConfig FTPClientConfig} + * parameter being specified. + * + * @return the default configuration for this parser. + */ + @Override + protected FTPClientConfig getDefaultConfiguration() { + return new FTPClientConfig(FTPClientConfig.SYST_OS2, null, null); + } + +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/OS400FTPEntryParser.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/OS400FTPEntryParser.java new file mode 100644 index 0000000..c9843a4 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/OS400FTPEntryParser.java @@ -0,0 +1,380 @@ +package org.xbib.io.ftp.client.parser; + +import org.xbib.io.ftp.client.FTPClientConfig; +import org.xbib.io.ftp.client.FTPFile; + +import java.io.File; +import java.text.ParseException; +import java.time.format.DateTimeParseException; +import java.util.Locale; + +/** + * 

    + * Example *FILE/*MEM FTP entries, when the current
+ * working directory is a file of file system QSYS:
+ * ------------------------------------------------
+ *
+ * $ cwd /qsys.lib/rpgunit.lib/rpgunitc1.file
+ *   250-NAMEFMT set to 1.
+ *   250 "/QSYS.LIB/RPGUNIT.LIB/RPGUNITC1.FILE" is current directory.
+ * $ dir
+ *   227 Entering Passive Mode (10,200,36,33,40,249).
+ *   125 List started.
+ *   QPGMR          135168 22.06.13 13:18:19 *FILE
+ *   QPGMR                                   *MEM       MKCMD.MBR
+ *   QPGMR                                   *MEM       RUCALLTST.MBR
+ *   QPGMR                                   *MEM       RUCMDHLP.MBR
+ *   QPGMR                                   *MEM       RUCRTTST.MBR
+ *   250 List completed.
+ *
+ *
+ * Example *FILE entry of an OS/400 save file:
+ * ---------------------------------------------------
+ *
+ * $ cwd /qsys.lib/rpgunit.lib
+ *   250 "/QSYS.LIB/RPGUNIT.LIB" is current library.
+ * $ dir rpgunit.file
+ *   227 Entering Passive Mode (10,200,36,33,188,106).
+ *   125 List started.
+ *   QPGMR        16347136 29.06.13 15:45:09 *FILE      RPGUNIT.SAVF
+ *   250 List completed.
+ *
+ *
+ * Example *STMF/*DIR FTP entries, when the
+ * current working directory is in file system "root":
+ * ---------------------------------------------------
+ *
+ * $ cwd /home/raddatz
+ *   250 "/home/raddatz" is current directory.
+ * $ dir test*
+ *   227 Entering Passive Mode (10,200,36,33,200,189).
+ *   125 List started.
+ *   RADDATZ           200 21.05.11 12:31:18 *STMF      TEST_RG_02_CRLF.properties
+ *   RADDATZ           187 08.05.11 12:31:40 *STMF      TEST_RG_02_LF.properties
+ *   RADDATZ           187 08.05.11 12:31:52 *STMF      TEST_RG_02_CR.properties
+ *   RADDATZ          8192 04.07.13 09:04:14 *DIR       testDir1/
+ *   RADDATZ          8192 04.07.13 09:04:17 *DIR       testDir2/
+ *   250 List completed.
+ *
+ *
+ * Example 1, using ANT to list specific members of a file:
+ * --------------------------------------------------------
+ *
+ *      <echo/>
+ *      <echo>Listing members of a file:</echo>
+ *
+ *      <ftp action="list"
+ *           server="${ftp.server}"
+ *           userid="${ftp.user}"
+ *           password="${ftp.password}"
+ *           binary="false"
+ *           verbose="true"
+ *           remotedir="/QSYS.LIB/RPGUNIT.LIB/RPGUNITY1.FILE"
+ *           systemTypeKey="OS/400"
+ *           listing="ftp-listing.txt"
+ *           >
+ *          <fileset dir="./i5-downloads-file" casesensitive="false">
+ *              <include name="run*.mbr" />
+ *          </fileset>
+ *      </ftp>
+ *
+ * Output:
+ * -------
+ *
+ *   [echo] Listing members of a file:
+ *    [ftp] listing files
+ *    [ftp] listing RUN.MBR
+ *    [ftp] listing RUNNER.MBR
+ *    [ftp] listing RUNNERBND.MBR
+ *    [ftp] 3 files listed
+ *
+ *
+ * Example 2, using ANT to list specific members of all files of a library:
+ * ------------------------------------------------------------------------
+ *
+ *      <echo/>
+ *      <echo>Listing members of all files of a library:</echo>
+ *
+ *      <ftp action="list"
+ *           server="${ftp.server}"
+ *           userid="${ftp.user}"
+ *           password="${ftp.password}"
+ *           binary="false"
+ *           verbose="true"
+ *           remotedir="/QSYS.LIB/RPGUNIT.LIB"
+ *           systemTypeKey="OS/400"
+ *           listing="ftp-listing.txt"
+ *           >
+ *          <fileset dir="./i5-downloads-lib" casesensitive="false">
+ *              <include name="**\run*.mbr" />
+ *          </fileset>
+ *      </ftp>
+ *
+ * Output:
+ * -------
+ *
+ *   [echo] Listing members of all files of a library:
+ *    [ftp] listing files
+ *    [ftp] listing RPGUNIT1.FILE\RUN.MBR
+ *    [ftp] listing RPGUNIT1.FILE\RUNRMT.MBR
+ *    [ftp] listing RPGUNITT1.FILE\RUNT.MBR
+ *    [ftp] listing RPGUNITY1.FILE\RUN.MBR
+ *    [ftp] listing RPGUNITY1.FILE\RUNNER.MBR
+ *    [ftp] listing RPGUNITY1.FILE\RUNNERBND.MBR
+ *    [ftp] 6 files listed
+ *
+ *
+ * Example 3, using ANT to download specific members of a file:
+ * ------------------------------------------------------------
+ *
+ *      <echo/>
+ *      <echo>Downloading members of a file:</echo>
+ *
+ *      <ftp action="get"
+ *           server="${ftp.server}"
+ *           userid="${ftp.user}"
+ *           password="${ftp.password}"
+ *           binary="false"
+ *           verbose="true"
+ *           remotedir="/QSYS.LIB/RPGUNIT.LIB/RPGUNITY1.FILE"
+ *           systemTypeKey="OS/400"
+ *           >
+ *          <fileset dir="./i5-downloads-file" casesensitive="false">
+ *              <include name="run*.mbr" />
+ *          </fileset>
+ *      </ftp>
+ *
+ * Output:
+ * -------
+ *
+ *   [echo] Downloading members of a file:
+ *    [ftp] getting files
+ *    [ftp] transferring RUN.MBR to C:\workspaces\rdp_080\workspace\ANT - FTP\i5-downloads-file\RUN.MBR
+ *    [ftp] transferring RUNNER.MBR to C:\workspaces\rdp_080\workspace\ANT - FTP\i5-downloads-file\RUNNER.MBR
+ *    [ftp] transferring RUNNERBND.MBR to C:\workspaces\rdp_080\workspace\ANT - FTP\i5-downloads-file\RUNNERBND.MBR
+ *    [ftp] 3 files retrieved
+ *
+ *
+ * Example 4, using ANT to download specific members of all files of a library:
+ * ----------------------------------------------------------------------------
+ *
+ *      <echo/>
+ *      <echo>Downloading members of all files of a library:</echo>
+ *
+ *      <ftp action="get"
+ *           server="${ftp.server}"
+ *           userid="${ftp.user}"
+ *           password="${ftp.password}"
+ *           binary="false"
+ *           verbose="true"
+ *           remotedir="/QSYS.LIB/RPGUNIT.LIB"
+ *           systemTypeKey="OS/400"
+ *           >
+ *          <fileset dir="./i5-downloads-lib" casesensitive="false">
+ *              <include name="**\run*.mbr" />
+ *          </fileset>
+ *      </ftp>
+ *
+ * Output:
+ * -------
+ *
+ *   [echo] Downloading members of all files of a library:
+ *    [ftp] getting files
+ *    [ftp] transferring RPGUNIT1.FILE\RUN.MBR to C:\work\rdp_080\space\ANT - FTP\i5-downloads\RPGUNIT1.FILE\RUN.MBR
+ *    [ftp] transferring RPGUNIT1.FILE\RUNRMT.MBR to C:\work\rdp_080\space\ANT - FTP\i5-downloads\RPGUNIT1.FILE\RUNRMT.MBR
+ *    [ftp] transferring RPGUNITT1.FILE\RUNT.MBR to C:\work\rdp_080\space\ANT - FTP\i5-downloads\RPGUNITT1.FILE\RUNT.MBR
+ *    [ftp] transferring RPGUNITY1.FILE\RUN.MBR to C:\work\rdp_080\space\ANT - FTP\i5-downloads\RPGUNITY1.FILE\RUN.MBR
+ *    [ftp] transferring RPGUNITY1.FILE\RUNNER.MBR to C:\work\rdp_080\space\ANT - FTP\i5-downloads\RPGUNITY1.FILE\RUNNER.MBR
+ *    [ftp] transferring RPGUNITY1.FILE\RUNNERBND.MBR to C:\work\rdp_080\space\ANT - FTP\i5-downloads\RPGUNITY1.FILE\RUNNERBND.MBR
+ *    [ftp] 6 files retrieved
+ *
+ *
+ * Example 5, using ANT to download a save file of a library:
+ * ----------------------------------------------------------
+ *
+ *      <ftp action="get"
+ *           server="${ftp.server}"
+ *           userid="${ftp.user}"
+ *           password="${ftp.password}"
+ *           binary="true"
+ *           verbose="true"
+ *           remotedir="/QSYS.LIB/RPGUNIT.LIB"
+ *           systemTypeKey="OS/400"
+ *           >
+ *        <fileset dir="./i5-downloads-savf" casesensitive="false">
+ *            <include name="RPGUNIT.SAVF" />
+ *        </fileset>
+ *      </ftp>
+ *
+ * Output:
+ * -------
+ *   [echo] Downloading save file:
+ *    [ftp] getting files
+ *    [ftp] transferring RPGUNIT.SAVF to C:\workspaces\rdp_080\workspace\net-Test\i5-downloads-lib\RPGUNIT.SAVF
+ *    [ftp] 1 files retrieved
+ *
+ *
    + */ +public class OS400FTPEntryParser extends ConfigurableFTPFileEntryParserImpl { + private static final String DEFAULT_DATE_FORMAT + = "yy/MM/dd HH:mm:ss"; //01/11/09 12:30:24 + + + private static final String REGEX = + "(\\S+)\\s+" // user + + "(?:(\\d+)\\s+)?" // size, empty for members + + "(?:(\\S+)\\s+(\\S+)\\s+)?" // date stuff, empty for members + + "(\\*STMF|\\*DIR|\\*FILE|\\*MEM)\\s+" // *STMF/*DIR/*FILE/*MEM + + "(?:(\\S+)\\s*)?"; // filename, missing, when CWD is a *FILE + + + /** + * The default constructor for a OS400FTPEntryParser object. + * + * @throws IllegalArgumentException Thrown if the regular expression is unparseable. Should not be seen + * under normal conditions. It it is seen, this is a sign that + * REGEX is not a valid regular expression. + */ + public OS400FTPEntryParser() { + this(null); + } + + /** + * This constructor allows the creation of an OS400FTPEntryParser object + * with something other than the default configuration. + * + * @param config The {@link FTPClientConfig configuration} object used to + * configure this parser. + * @throws IllegalArgumentException Thrown if the regular expression is unparseable. Should not be seen + * under normal conditions. It it is seen, this is a sign that + * REGEX is not a valid regular expression. + */ + public OS400FTPEntryParser(FTPClientConfig config) { + super(REGEX); + configure(config); + } + + + @Override + public FTPFile parseFTPEntry(String entry) { + + FTPFile file = new FTPFile(); + file.setRawListing(entry); + int type; + + if (matches(entry)) { + String usr = group(1); + String filesize = group(2); + String datestr = ""; + if (!isNullOrEmpty(group(3)) || !isNullOrEmpty(group(4))) { + datestr = group(3) + " " + group(4); + } + String typeStr = group(5); + String name = group(6); + boolean mustScanForPathSeparator = true; + try { + file.setTimestamp(super.parseTimestamp(datestr)); + } catch (DateTimeParseException e) { + // intentionally do nothing + } + if (typeStr.equalsIgnoreCase("*STMF")) { + type = FTPFile.FILE_TYPE; + if (isNullOrEmpty(filesize) || isNullOrEmpty(name)) { + return null; + } + } else if (typeStr.equalsIgnoreCase("*DIR")) { + type = FTPFile.DIRECTORY_TYPE; + if (isNullOrEmpty(filesize) || isNullOrEmpty(name)) { + return null; + } + } else if (typeStr.equalsIgnoreCase("*FILE")) { + // File, defines the structure of the data (columns of a row) + // but the data is stored in one or more members. Typically a + // source file contains multiple members whereas it is + // recommended (but not enforced) to use one member per data + // file. + // Save files are a special type of files which are used + // to save objects, e.g. for backups. + if (name != null && name.toUpperCase(Locale.ROOT).endsWith(".SAVF")) { + mustScanForPathSeparator = false; + type = FTPFile.FILE_TYPE; + } else { + return null; + } + } else if (typeStr.equalsIgnoreCase("*MEM")) { + mustScanForPathSeparator = false; + type = FTPFile.FILE_TYPE; + + if (isNullOrEmpty(name)) { + return null; + } + if (!(isNullOrEmpty(filesize) && isNullOrEmpty(datestr))) { + return null; + } + + // Quick and dirty bug fix to make SelectorUtils work. + // Class SelectorUtils uses 'File.separator' to splitt + // a given path into pieces. But actually it had to + // use the separator of the FTP server, which is a forward + // slash in case of an AS/400. + name = name.replace('/', File.separatorChar); + } else { + type = FTPFile.UNKNOWN_TYPE; + } + + file.setType(type); + + file.setUser(usr); + + try { + file.setSize(Long.parseLong(filesize)); + } catch (NumberFormatException e) { + // intentionally do nothing + } + + if (name.endsWith("/")) { + name = name.substring(0, name.length() - 1); + } + if (mustScanForPathSeparator) { + int pos = name.lastIndexOf('/'); + if (pos > -1) { + name = name.substring(pos + 1); + } + } + + file.setName(name); + + return file; + } + return null; + } + + /** + * @param string String value that is checked for null + * or empty. + * @return true for null or empty values, + * else false. + */ + private boolean isNullOrEmpty(String string) { + if (string == null || string.length() == 0) { + return true; + } + return false; + } + + /** + * Defines a default configuration to be used when this class is + * instantiated without a {@link FTPClientConfig FTPClientConfig} + * parameter being specified. + * + * @return the default configuration for this parser. + */ + @Override + protected FTPClientConfig getDefaultConfiguration() { + return new FTPClientConfig( + FTPClientConfig.SYST_OS400, + DEFAULT_DATE_FORMAT, + null); + } + +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/ParserInitializationException.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/ParserInitializationException.java new file mode 100644 index 0000000..86acc7a --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/ParserInitializationException.java @@ -0,0 +1,32 @@ +package org.xbib.io.ftp.client.parser; + +/** + * This class encapsulates all errors that may be thrown by + * the process of an FTPFileEntryParserFactory creating and + * instantiating an FTPFileEntryParser. + */ +public class ParserInitializationException extends RuntimeException { + + private static final long serialVersionUID = 5563335279583210658L; + + /** + * Constucts a ParserInitializationException with just a message + * + * @param message Exception message + */ + public ParserInitializationException(String message) { + super(message); + } + + /** + * Constucts a ParserInitializationException with a message + * and a root cause. + * + * @param message Exception message + * @param rootCause root cause throwable that caused + * this to be thrown + */ + public ParserInitializationException(String message, Throwable rootCause) { + super(message, rootCause); + } +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/RegexFTPFileEntryParserImpl.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/RegexFTPFileEntryParserImpl.java new file mode 100644 index 0000000..a6f1d07 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/RegexFTPFileEntryParserImpl.java @@ -0,0 +1,173 @@ +package org.xbib.io.ftp.client.parser; + +import org.xbib.io.ftp.client.FTPFileEntryParserImpl; + +import java.util.regex.MatchResult; +import java.util.regex.Matcher; +import java.util.regex.Pattern; +import java.util.regex.PatternSyntaxException; + +/** + * This abstract class implements both the older FTPFileListParser and + * newer FTPFileEntryParser interfaces with default functionality. + * All the classes in the parser subpackage inherit from this. + * This is the base class for all regular expression based FTPFileEntryParser classes. + */ +public abstract class RegexFTPFileEntryParserImpl extends FTPFileEntryParserImpl { + /** + * Internal PatternMatcher object used by the parser. It has protected + * scope in case subclasses want to make use of it for their own purposes. + */ + protected Matcher _matcher_ = null; + /** + * internal pattern the matcher tries to match, representing a file + * entry + */ + private Pattern pattern = null; + /** + * internal match result used by the parser + */ + private MatchResult result = null; + + /** + * The constructor for a RegexFTPFileEntryParserImpl object. + * The expression is compiled with flags = 0. + * + * @param regex The regular expression with which this object is + * initialized. + * @throws IllegalArgumentException Thrown if the regular expression is unparseable. Should not be seen in + * normal conditions. It it is seen, this is a sign that a subclass has + * been created with a bad regular expression. Since the parser must be + * created before use, this means that any bad parser subclasses created + * from this will bomb very quickly, leading to easy detection. + */ + + public RegexFTPFileEntryParserImpl(String regex) { + super(); + compileRegex(regex, 0); + } + + /** + * The constructor for a RegexFTPFileEntryParserImpl object. + * + * @param regex The regular expression with which this object is + * initialized. + * @param flags the flags to apply, see {@link Pattern#compile(String, int)}. Use 0 for none. + * @throws IllegalArgumentException Thrown if the regular expression is unparseable. Should not be seen in + * normal conditions. It it is seen, this is a sign that a subclass has + * been created with a bad regular expression. Since the parser must be + * created before use, this means that any bad parser subclasses created + * from this will bomb very quickly, leading to easy detection. + */ + public RegexFTPFileEntryParserImpl(String regex, final int flags) { + super(); + compileRegex(regex, flags); + } + + /** + * Convenience method delegates to the internal MatchResult's matches() + * method. + * + * @param s the String to be matched + * @return true if s matches this object's regular expression. + */ + + public boolean matches(String s) { + this.result = null; + _matcher_ = pattern.matcher(s); + if (_matcher_.matches()) { + this.result = _matcher_.toMatchResult(); + } + return null != this.result; + } + + /** + * Convenience method + * + * @return the number of groups() in the internal MatchResult. + */ + + public int getGroupCnt() { + if (this.result == null) { + return 0; + } + return this.result.groupCount(); + } + + /** + * Convenience method delegates to the internal MatchResult's group() + * method. + * + * @param matchnum match group number to be retrieved + * @return the content of the matchnum'th group of the internal + * match or null if this method is called without a match having + * been made. + */ + public String group(int matchnum) { + if (this.result == null) { + return null; + } + return this.result.group(matchnum); + } + + /** + * For debugging purposes - returns a string shows each match group by + * number. + * + * @return a string shows each match group by number. + */ + + public String getGroupsAsString() { + StringBuilder b = new StringBuilder(); + for (int i = 1; i <= this.result.groupCount(); i++) { + b.append(i).append(") ").append(this.result.group(i)).append( + System.getProperty("line.separator")); + } + return b.toString(); + } + + /** + * Alter the current regular expression being utilised for entry parsing + * and create a new {@link Pattern} instance. + * + * @param regex The new regular expression + * @return true + * @throws IllegalArgumentException if the regex cannot be compiled + */ + public boolean setRegex(final String regex) { + compileRegex(regex, 0); + return true; + } + + + /** + * Alter the current regular expression being utilised for entry parsing + * and create a new {@link Pattern} instance. + * + * @param regex The new regular expression + * @param flags the flags to apply, see {@link Pattern#compile(String, int)}. Use 0 for none. + * @return true + * @throws IllegalArgumentException if the regex cannot be compiled + */ + public boolean setRegex(final String regex, final int flags) { + compileRegex(regex, flags); + return true; + } + + /** + * Compile the regex and store the {@link Pattern}. + * This is an internal method to do the work so the constructor does not + * have to call an overrideable method. + * + * @param regex the expression to compile + * @param flags the flags to apply, see {@link Pattern#compile(String, int)}. Use 0 for none. + * @throws IllegalArgumentException if the regex cannot be compiled + */ + private void compileRegex(final String regex, final int flags) { + try { + pattern = Pattern.compile(regex, flags); + } catch (PatternSyntaxException pse) { + throw new IllegalArgumentException("Unparseable regex supplied: " + regex); + } + } +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/UnixFTPEntryParser.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/UnixFTPEntryParser.java new file mode 100644 index 0000000..a6ef383 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/UnixFTPEntryParser.java @@ -0,0 +1,305 @@ +package org.xbib.io.ftp.client.parser; + +import org.xbib.io.ftp.client.FTPClientConfig; +import org.xbib.io.ftp.client.FTPFile; +import org.xbib.io.ftp.client.FTPFileEntryParser; + +import java.util.List; + +/** + * Implementation FTPFileEntryParser and FTPFileListParser for standard + * Unix Systems. + * This class is based on the logic of Daniel Savarese's + * DefaultFTPListParser, but adapted to use regular expressions and to fit the + * new FTPFileEntryParser interface. + * + * @see FTPFileEntryParser (for usage instructions) + */ +public class UnixFTPEntryParser extends ConfigurableFTPFileEntryParserImpl { + + /** + * Some Linux distributions are now shipping an FTP server which formats + * file listing dates in an all-numeric format: + * "yyyy-MM-dd HH:mm. + * This is a very welcome development, and hopefully it will soon become + * the standard. However, since it is so new, for now, and possibly + * forever, we merely accomodate it, but do not make it the default. + *

    + * For now end users may specify this format only via + * UnixFTPEntryParser(FTPClientConfig). + * Steve Cohen - 2005-04-17 + */ + public static final FTPClientConfig NUMERIC_DATE_CONFIG = + new FTPClientConfig(FTPClientConfig.SYST_UNIX, FTPTimestampParser.NUMERIC_DATE_FORMAT, + null); + // Suffixes used in Japanese listings after the numeric values + private static final String JA_MONTH = "\u6708"; + + private static final String JA_DAY = "\u65e5"; + + private static final String JA_YEAR = "\u5e74"; + + /* + private static final String DEFAULT_DATE_FORMAT_JA + = "M'" + JA_MONTH + "' d'" + JA_DAY + "' yyyy'" + JA_YEAR + "'"; //6月 3日 2003年 + + private static final String DEFAULT_RECENT_DATE_FORMAT_JA + = "M'" + JA_MONTH + "' d'" + JA_DAY + "' HH:mm"; //8月 17日 20:10 + + */ + + /** + * this is the regular expression used by this parser. + *

    + * Permissions: + * r the file is readable + * w the file is writable + * x the file is executable + * - the indicated permission is not granted + * L mandatory locking occurs during access (the set-group-ID bit is + * on and the group execution bit is off) + * s the set-user-ID or set-group-ID bit is on, and the corresponding + * user or group execution bit is also on + * S undefined bit-state (the set-user-ID bit is on and the user + * execution bit is off) + * t the 1000 (octal) bit, or sticky bit, is on [see chmod(1)], and + * execution is on + * T the 1000 bit is turned on, and execution is off (undefined bit- + * state) + * e z/OS external link bit + * Final letter may be appended: + * + file has extended security attributes (e.g. ACL) + * Note: local listings on MacOSX also use '@'; + * this is not allowed for here as does not appear to be shown by FTP servers + * {@code @} file has extended attributes + */ + private static final String REGEX = + "([bcdelfmpSs-])" // file type + + "(((r|-)(w|-)([xsStTL-]))((r|-)(w|-)([xsStTL-]))((r|-)(w|-)([xsStTL-])))\\+?" // permissions + + + "\\s*" // separator TODO why allow it to be omitted?? + + + "(\\d+)" // link count + + + "\\s+" // separator + + + "(?:(\\S+(?:\\s\\S+)*?)\\s+)?" // owner name (optional spaces) + + "(?:(\\S+(?:\\s\\S+)*)\\s+)?" // group name (optional spaces) + + "(\\d+(?:,\\s*\\d+)?)" // size or n,m + + + "\\s+" // separator + + /* + * numeric or standard format date: + * yyyy-mm-dd (expecting hh:mm to follow) + * MMM [d]d + * [d]d MMM + * N.B. use non-space for MMM to allow for languages such as German which use + * diacritics (e.g. umlaut) in some abbreviations. + * Japanese uses numeric day and month with suffixes to distinguish them + * [d]dXX [d]dZZ + */ + + "(" + + "(?:\\d+[-/]\\d+[-/]\\d+)" + // yyyy-mm-dd + "|(?:\\S{3}\\s+\\d{1,2})" + // MMM [d]d + "|(?:\\d{1,2}\\s+\\S{3})" + // [d]d MMM + "|(?:\\d{1,2}" + JA_MONTH + "\\s+\\d{1,2}" + JA_DAY + ")" + + ")" + + + "\\s+" // separator + + /* + year (for non-recent standard format) - yyyy + or time (for numeric or recent standard format) [h]h:mm + or Japanese year - yyyyXX + */ + + "((?:\\d+(?::\\d+)?)|(?:\\d{4}" + JA_YEAR + "))" // (20) + + + "\\s" // separator + + + "(.*)"; // the rest (21) + + + // if true, leading spaces are trimmed from file names + // this was the case for the original implementation + final boolean trimLeadingSpaces; // package protected for access from test code + + /** + * The default constructor for a UnixFTPEntryParser object. + * + * @throws IllegalArgumentException Thrown if the regular expression is unparseable. Should not be seen + * under normal conditions. It it is seen, this is a sign that + * REGEX is not a valid regular expression. + */ + public UnixFTPEntryParser() { + this(null); + } + + /** + * This constructor allows the creation of a UnixFTPEntryParser object with + * something other than the default configuration. + * + * @param config The {@link FTPClientConfig configuration} object used to + * configure this parser. + * @throws IllegalArgumentException Thrown if the regular expression is unparseable. Should not be seen + * under normal conditions. It it is seen, this is a sign that + * REGEX is not a valid regular expression. + */ + public UnixFTPEntryParser(FTPClientConfig config) { + this(config, false); + } + + /** + * This constructor allows the creation of a UnixFTPEntryParser object with + * something other than the default configuration. + * + * @param config The {@link FTPClientConfig configuration} object used to + * configure this parser. + * @param trimLeadingSpaces if {@code true}, trim leading spaces from file names + * @throws IllegalArgumentException Thrown if the regular expression is unparseable. Should not be seen + * under normal conditions. It it is seen, this is a sign that + * REGEX is not a valid regular expression. + */ + public UnixFTPEntryParser(FTPClientConfig config, boolean trimLeadingSpaces) { + super(REGEX); + configure(config); + this.trimLeadingSpaces = trimLeadingSpaces; + } + + /** + * Preparse the list to discard "total nnn" lines + */ + @Override + public List preParse(List original) { + original.removeIf(entry -> entry.matches("^total \\d+$")); + return original; + } + + /** + * Parses a line of a unix (standard) FTP server file listing and converts + * it into a usable format in the form of an FTPFile + * instance. If the file listing line doesn't describe a file, + * null is returned, otherwise a FTPFile + * instance representing the files in the directory is returned. + * + * @param entry A line of text from the file listing + * @return An FTPFile instance corresponding to the supplied entry + */ + @Override + public FTPFile parseFTPEntry(String entry) { + FTPFile file = new FTPFile(); + file.setRawListing(entry); + int type; + boolean isDevice = false; + + if (matches(entry)) { + String typeStr = group(1); + String hardLinkCount = group(15); + String usr = group(16); + String grp = group(17); + String filesize = group(18); + String datestr = group(19) + " " + group(20); + String name = group(21); + if (trimLeadingSpaces) { + name = name.replaceFirst("^\\s+", ""); + } + + file.setTimestamp(super.parseTimestamp(datestr)); + + // A 'whiteout' file is an ARTIFICIAL entry in any of several types of + // 'translucent' filesystems, of which a 'union' filesystem is one. + + // bcdelfmpSs- + switch (typeStr.charAt(0)) { + case 'd': + type = FTPFile.DIRECTORY_TYPE; + break; + case 'e': // NET-39 => z/OS external link + type = FTPFile.SYMBOLIC_LINK_TYPE; + break; + case 'l': + type = FTPFile.SYMBOLIC_LINK_TYPE; + break; + case 'b': + case 'c': + isDevice = true; + type = FTPFile.FILE_TYPE; // TODO change this if DEVICE_TYPE implemented + break; + case 'f': + case '-': + type = FTPFile.FILE_TYPE; + break; + default: // e.g. ? and w = whiteout + type = FTPFile.UNKNOWN_TYPE; + } + + file.setType(type); + + int g = 4; + for (int access = 0; access < 3; access++, g += 4) { + // Use != '-' to avoid having to check for suid and sticky bits + file.setPermission(access, FTPFile.READ_PERMISSION, + (!group(g).equals("-"))); + file.setPermission(access, FTPFile.WRITE_PERMISSION, + (!group(g + 1).equals("-"))); + + String execPerm = group(g + 2); + if (!execPerm.equals("-") && !Character.isUpperCase(execPerm.charAt(0))) { + file.setPermission(access, FTPFile.EXECUTE_PERMISSION, true); + } else { + file.setPermission(access, FTPFile.EXECUTE_PERMISSION, false); + } + } + + if (!isDevice) { + try { + file.setHardLinkCount(Integer.parseInt(hardLinkCount)); + } catch (NumberFormatException e) { + // intentionally do nothing + } + } + + file.setUser(usr); + file.setGroup(grp); + + try { + file.setSize(Long.parseLong(filesize)); + } catch (NumberFormatException e) { + // intentionally do nothing + } + + // oddball cases like symbolic links, file names + // with spaces in them. + if (type == FTPFile.SYMBOLIC_LINK_TYPE) { + + int end = name.indexOf(" -> "); + // Give up if no link indicator is present + if (end == -1) { + file.setName(name); + } else { + file.setName(name.substring(0, end)); + file.setLink(name.substring(end + 4)); + } + + } else { + file.setName(name); + } + return file; + } + return null; + } + + /** + * Defines a default configuration to be used when this class is + * instantiated without a {@link FTPClientConfig FTPClientConfig} + * parameter being specified. + * + * @return the default configuration for this parser. + */ + @Override + protected FTPClientConfig getDefaultConfiguration() { + return new FTPClientConfig(FTPClientConfig.SYST_UNIX, FTPTimestampParser.DEFAULT_DATE_FORMAT, + FTPTimestampParser.DEFAULT_RECENT_DATE_FORMAT); + } + +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/VMSFTPEntryParser.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/VMSFTPEntryParser.java new file mode 100644 index 0000000..2297e42 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/VMSFTPEntryParser.java @@ -0,0 +1,206 @@ +package org.xbib.io.ftp.client.parser; + +import org.xbib.io.ftp.client.FTPClientConfig; +import org.xbib.io.ftp.client.FTPFile; +import org.xbib.io.ftp.client.FTPFileEntryParser; + +import java.io.BufferedReader; +import java.io.IOException; +import java.time.format.DateTimeParseException; +import java.util.StringTokenizer; + +/** + * Implementation FTPFileEntryParser and FTPFileListParser for VMS Systems. + * This is a sample of VMS LIST output + *

    + * "1-JUN.LIS;1 9/9 2-JUN-1998 07:32:04 [GROUP,OWNER] (RWED,RWED,RWED,RE)", + * "1-JUN.LIS;2 9/9 2-JUN-1998 07:32:04 [GROUP,OWNER] (RWED,RWED,RWED,RE)", + * "DATA.DIR;1 1/9 2-JUN-1998 07:32:04 [GROUP,OWNER] (RWED,RWED,RWED,RE)", + *

    + * Note: VMSFTPEntryParser can only be instantiated through the + * DefaultFTPParserFactory by classname. It will not be chosen + * by the autodetection scheme. + * + *

    + * + * @see FTPFileEntryParser (for usage instructions) + * @see DefaultFTPFileEntryParserFactory + */ +public class VMSFTPEntryParser extends ConfigurableFTPFileEntryParserImpl { + + /** + * this is the regular expression used by this parser. + */ + private static final String REGEX = + "(.*?;[0-9]+)\\s*" //1 file and version + + "(\\d+)/\\d+\\s*" //2 size/allocated + + "(\\S+)\\s+(\\S+)\\s+" //3+4 date and time + + "\\[(([0-9$A-Za-z_]+)|([0-9$A-Za-z_]+),([0-9$a-zA-Z_]+))\\]?\\s*" //5(6,7,8) owner + + "\\([a-zA-Z]*,([a-zA-Z]*),([a-zA-Z]*),([a-zA-Z]*)\\)"; //9,10,11 Permissions (O,G,W) + // TODO - perhaps restrict permissions to [RWED]* ? + + + /** + * Constructor for a VMSFTPEntryParser object. + * + * @throws IllegalArgumentException Thrown if the regular expression is unparseable. Should not be seen + * under normal conditions. It it is seen, this is a sign that + * REGEX is not a valid regular expression. + */ + public VMSFTPEntryParser() { + this(null); + } + + /** + * This constructor allows the creation of a VMSFTPEntryParser object with + * something other than the default configuration. + * + * @param config The {@link FTPClientConfig configuration} object used to + * configure this parser. + * @throws IllegalArgumentException Thrown if the regular expression is unparseable. Should not be seen + * under normal conditions. It it is seen, this is a sign that + * REGEX is not a valid regular expression. + */ + public VMSFTPEntryParser(FTPClientConfig config) { + super(REGEX); + configure(config); + } + + /** + * Parses a line of a VMS FTP server file listing and converts it into a + * usable format in the form of an FTPFile instance. If the + * file listing line doesn't describe a file, null is + * returned, otherwise a FTPFile instance representing the + * files in the directory is returned. + * + * @param entry A line of text from the file listing + * @return An FTPFile instance corresponding to the supplied entry + */ + @Override + public FTPFile parseFTPEntry(String entry) { + //one block in VMS equals 512 bytes + long longBlock = 512; + + if (matches(entry)) { + FTPFile f = new FTPFile(); + f.setRawListing(entry); + String name = group(1); + String size = group(2); + String datestr = group(3) + " " + group(4); + String owner = group(5); + String permissions[] = new String[3]; + permissions[0] = group(9); + permissions[1] = group(10); + permissions[2] = group(11); + try { + f.setTimestamp(super.parseTimestamp(datestr)); + } catch (DateTimeParseException e) { + // intentionally do nothing + } + + + String grp; + String user; + StringTokenizer t = new StringTokenizer(owner, ","); + switch (t.countTokens()) { + case 1: + grp = null; + user = t.nextToken(); + break; + case 2: + grp = t.nextToken(); + user = t.nextToken(); + break; + default: + grp = null; + user = null; + } + + if (name.lastIndexOf(".DIR") != -1) { + f.setType(FTPFile.DIRECTORY_TYPE); + } else { + f.setType(FTPFile.FILE_TYPE); + } + //set FTPFile name + //Check also for versions to be returned or not + if (isVersioning()) { + f.setName(name); + } else { + name = name.substring(0, name.lastIndexOf(';')); + f.setName(name); + } + //size is retreived in blocks and needs to be put in bytes + //for us humans and added to the FTPFile array + long sizeInBytes = Long.parseLong(size) * longBlock; + f.setSize(sizeInBytes); + + f.setGroup(grp); + f.setUser(user); + //set group and owner + + //Set file permission. + //VMS has (SYSTEM,OWNER,GROUP,WORLD) users that can contain + //R (read) W (write) E (execute) D (delete) + + //iterate for OWNER GROUP WORLD permissions + for (int access = 0; access < 3; access++) { + String permission = permissions[access]; + + f.setPermission(access, FTPFile.READ_PERMISSION, permission.indexOf('R') >= 0); + f.setPermission(access, FTPFile.WRITE_PERMISSION, permission.indexOf('W') >= 0); + f.setPermission(access, FTPFile.EXECUTE_PERMISSION, permission.indexOf('E') >= 0); + } + + return f; + } + return null; + } + + + /** + * Reads the next entry using the supplied BufferedReader object up to + * whatever delemits one entry from the next. This parser cannot use + * the default implementation of simply calling BufferedReader.readLine(), + * because one entry may span multiple lines. + * + * @param reader The BufferedReader object from which entries are to be + * read. + * @return A string representing the next ftp entry or null if none found. + * @throws IOException thrown on any IO Error reading from the reader. + */ + @Override + public String readNextEntry(BufferedReader reader) throws IOException { + String line = reader.readLine(); + StringBuilder entry = new StringBuilder(); + while (line != null) { + if (line.startsWith("Directory") || line.startsWith("Total")) { + line = reader.readLine(); + continue; + } + + entry.append(line); + if (line.trim().endsWith(")")) { + break; + } + line = reader.readLine(); + } + return (entry.length() == 0 ? null : entry.toString()); + } + + protected boolean isVersioning() { + return false; + } + + /** + * Defines a default configuration to be used when this class is + * instantiated without a {@link FTPClientConfig FTPClientConfig} + * parameter being specified. + * + * @return the default configuration for this parser. + */ + @Override + protected FTPClientConfig getDefaultConfiguration() { + return new FTPClientConfig( + FTPClientConfig.SYST_VMS, null, null); + } +} diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/VMSVersioningFTPEntryParser.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/VMSVersioningFTPEntryParser.java new file mode 100644 index 0000000..bb0738f --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/VMSVersioningFTPEntryParser.java @@ -0,0 +1,128 @@ +package org.xbib.io.ftp.client.parser; + +import org.xbib.io.ftp.client.FTPClientConfig; +import org.xbib.io.ftp.client.FTPFileEntryParser; + +import java.util.HashMap; +import java.util.List; +import java.util.ListIterator; +import java.util.regex.MatchResult; +import java.util.regex.Matcher; +import java.util.regex.Pattern; +import java.util.regex.PatternSyntaxException; + +/** + * Special implementation VMSFTPEntryParser with versioning turned on. + * This parser removes all duplicates and only leaves the version with the highest + * version number for each filename. + *

    + * This is a sample of VMS LIST output + *

    + * "1-JUN.LIS;1 9/9 2-JUN-1998 07:32:04 [GROUP,OWNER] (RWED,RWED,RWED,RE)", + * "1-JUN.LIS;2 9/9 2-JUN-1998 07:32:04 [GROUP,OWNER] (RWED,RWED,RWED,RE)", + * "DATA.DIR;1 1/9 2-JUN-1998 07:32:04 [GROUP,OWNER] (RWED,RWED,RWED,RE)", + *

    + * + * @see FTPFileEntryParser (for usage instructions) + */ +public class VMSVersioningFTPEntryParser extends VMSFTPEntryParser { + + private static final String PRE_PARSE_REGEX = "(.*?);([0-9]+)\\s*.*"; + private final Pattern _preparse_pattern_; + + /** + * Constructor for a VMSFTPEntryParser object. + * + * @throws IllegalArgumentException Thrown if the regular expression is unparseable. Should not be seen + * under normal conditions. It it is seen, this is a sign that + * REGEX is not a valid regular expression. + */ + public VMSVersioningFTPEntryParser() { + this(null); + } + + /** + * This constructor allows the creation of a VMSVersioningFTPEntryParser + * object with something other than the default configuration. + * + * @param config The {@link FTPClientConfig configuration} object used to + * configure this parser. + * @throws IllegalArgumentException Thrown if the regular expression is unparseable. Should not be seen + * under normal conditions. It it is seen, this is a sign that + * REGEX is not a valid regular expression. + */ + public VMSVersioningFTPEntryParser(FTPClientConfig config) { + super(); + configure(config); + try { + //_preparse_matcher_ = new Perl5Matcher(); + _preparse_pattern_ = Pattern.compile(PRE_PARSE_REGEX); + } catch (PatternSyntaxException pse) { + throw new IllegalArgumentException( + "Unparseable regex supplied: " + PRE_PARSE_REGEX); + } + + } + + /** + * Implement hook provided for those implementers (such as + * VMSVersioningFTPEntryParser, and possibly others) which return + * multiple files with the same name to remove the duplicates .. + * + * @param original Original list + * @return Original list purged of duplicates + */ + @Override + public List preParse(List original) { + HashMap existingEntries = new HashMap(); + ListIterator iter = original.listIterator(); + while (iter.hasNext()) { + String entry = iter.next().trim(); + MatchResult result = null; + Matcher _preparse_matcher_ = _preparse_pattern_.matcher(entry); + if (_preparse_matcher_.matches()) { + result = _preparse_matcher_.toMatchResult(); + String name = result.group(1); + String version = result.group(2); + Integer nv = Integer.valueOf(version); + Integer existing = existingEntries.get(name); + if (null != existing) { + if (nv.intValue() < existing.intValue()) { + iter.remove(); // removes older version from original list. + continue; + } + } + existingEntries.put(name, nv); + } + + } + // we've now removed all entries less than with less than the largest + // version number for each name that were listed after the largest. + // we now must remove those with smaller than the largest version number + // for each name that were found before the largest + while (iter.hasPrevious()) { + String entry = iter.previous().trim(); + MatchResult result = null; + Matcher _preparse_matcher_ = _preparse_pattern_.matcher(entry); + if (_preparse_matcher_.matches()) { + result = _preparse_matcher_.toMatchResult(); + String name = result.group(1); + String version = result.group(2); + Integer nv = Integer.valueOf(version); + Integer existing = existingEntries.get(name); + if (null != existing) { + if (nv.intValue() < existing.intValue()) { + iter.remove(); // removes older version from original list. + } + } + } + + } + return original; + } + + @Override + protected boolean isVersioning() { + return true; + } +} \ No newline at end of file diff --git a/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/ZonedDateTimeParser.java b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/ZonedDateTimeParser.java new file mode 100644 index 0000000..9867ff1 --- /dev/null +++ b/files-ftp/src/main/java/org/xbib/io/ftp/client/parser/ZonedDateTimeParser.java @@ -0,0 +1,274 @@ +package org.xbib.io.ftp.client.parser; + +import org.xbib.io.ftp.client.Configurable; +import org.xbib.io.ftp.client.FTPClientConfig; + +import java.time.Year; +import java.time.ZoneId; +import java.time.ZonedDateTime; +import java.time.format.DateTimeFormatter; +import java.time.format.DateTimeFormatterBuilder; +import java.time.format.DateTimeParseException; +import java.time.temporal.ChronoField; +import java.util.Arrays; +import java.util.List; +import java.util.Locale; +import java.util.logging.Logger; + +/** + * + * Note: 'uuuu' in patterns represents ChronoField.YEAR as opposed to 'yyyy' that represents ChronoField.YEAR_OF_ERA. + * This is important when withResolverStyle(ResolverStyle.STRICT) is used. + * */ +public class ZonedDateTimeParser implements FTPTimestampParser, Configurable { + + private static final Logger logger = Logger.getLogger(ZonedDateTimeParser.class.getName()); + + private static final List FORMATTER_LIST = Arrays.asList( + new DateTimeFormatterBuilder() + .parseCaseInsensitive() + .appendPattern("MMM dd HH:mm") + .parseDefaulting(ChronoField.YEAR, Year.now().getValue()) + .parseDefaulting(ChronoField.SECOND_OF_MINUTE, 0) + .toFormatter() + .withLocale(Locale.US) + .withZone(ZoneId.of("UTC")), + new DateTimeFormatterBuilder() + .parseCaseInsensitive() + .appendPattern("MMM d HH:mm") + .parseDefaulting(ChronoField.YEAR, Year.now().getValue()) + .parseDefaulting(ChronoField.SECOND_OF_MINUTE, 0) + .toFormatter() + .withLocale(Locale.US) + .withZone(ZoneId.of("UTC")), + new DateTimeFormatterBuilder() + .parseCaseInsensitive() + .appendPattern("MMM dd H:mm") + .parseDefaulting(ChronoField.YEAR, Year.now().getValue()) + .parseDefaulting(ChronoField.SECOND_OF_MINUTE, 0) + .toFormatter() + .withLocale(Locale.US) + .withZone(ZoneId.of("UTC")), + new DateTimeFormatterBuilder() + .parseCaseInsensitive() + .appendPattern("MMM d H:mm") + .parseDefaulting(ChronoField.YEAR, Year.now().getValue()) + .parseDefaulting(ChronoField.SECOND_OF_MINUTE, 0) + .toFormatter() + .withLocale(Locale.US) + .withZone(ZoneId.of("UTC")), + new DateTimeFormatterBuilder() + .parseCaseInsensitive() + .appendPattern("MMM d HH:mm") + .parseDefaulting(ChronoField.YEAR, Year.now().getValue()) + .parseDefaulting(ChronoField.SECOND_OF_MINUTE, 0) + .toFormatter() + .withLocale(Locale.US) + .withZone(ZoneId.of("UTC")), + new DateTimeFormatterBuilder() + .parseCaseInsensitive() + .appendPattern("MMM dd yyyy HH:mm") + .parseDefaulting(ChronoField.SECOND_OF_MINUTE, 0) + .toFormatter() + .withLocale(Locale.US) + .withZone(ZoneId.of("UTC")), + new DateTimeFormatterBuilder() + .parseCaseInsensitive() + .appendPattern("MMM d yyyy HH:mm") + .parseDefaulting(ChronoField.SECOND_OF_MINUTE, 0) + .toFormatter() + .withLocale(Locale.US) + .withZone(ZoneId.of("UTC")), + new DateTimeFormatterBuilder() + .parseCaseInsensitive() + .appendPattern("MMM dd yyyy") + .parseDefaulting(ChronoField.HOUR_OF_DAY, 0) + .parseDefaulting(ChronoField.MINUTE_OF_HOUR, 0) + .parseDefaulting(ChronoField.SECOND_OF_MINUTE, 0) + .toFormatter() + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.US), + new DateTimeFormatterBuilder() + .parseCaseInsensitive() + .appendPattern("MMM d yyyy") + .parseDefaulting(ChronoField.HOUR_OF_DAY, 0) + .parseDefaulting(ChronoField.MINUTE_OF_HOUR, 0) + .parseDefaulting(ChronoField.SECOND_OF_MINUTE, 0) + .toFormatter() + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.US), + new DateTimeFormatterBuilder() + .parseCaseInsensitive() + .appendPattern("MMM dd yyyy") + .parseDefaulting(ChronoField.HOUR_OF_DAY, 0) + .parseDefaulting(ChronoField.MINUTE_OF_HOUR, 0) + .parseDefaulting(ChronoField.SECOND_OF_MINUTE, 0) + .toFormatter() + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.US), + new DateTimeFormatterBuilder() + .parseCaseInsensitive() + .appendPattern("MMM d yyyy") + .parseDefaulting(ChronoField.HOUR_OF_DAY, 0) + .parseDefaulting(ChronoField.MINUTE_OF_HOUR, 0) + .parseDefaulting(ChronoField.SECOND_OF_MINUTE, 0) + .toFormatter() + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.US), + new DateTimeFormatterBuilder() + .appendPattern("MM-dd-yy HH:mm") + .parseDefaulting(ChronoField.SECOND_OF_MINUTE, 0) + .toFormatter() + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.US), + new DateTimeFormatterBuilder() + .appendPattern("MM-dd-yyyy hh:mma") + .parseDefaulting(ChronoField.SECOND_OF_MINUTE, 0) + .toFormatter() + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.US), + new DateTimeFormatterBuilder() + .appendPattern("MM-dd-yy hh:mma") + .parseDefaulting(ChronoField.SECOND_OF_MINUTE, 0) + .toFormatter() + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.US), + new DateTimeFormatterBuilder() + .appendPattern("MM-dd-yyyy kk:mm:ss") + .toFormatter() + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.US), + new DateTimeFormatterBuilder() + .appendPattern("MM-dd-yy kk:mm:ss") + .toFormatter() + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.US), + new DateTimeFormatterBuilder() + .appendPattern("MM-dd-yyyy kk:mm") + .parseDefaulting(ChronoField.SECOND_OF_MINUTE, 0) + .toFormatter() + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.US), + new DateTimeFormatterBuilder() + .appendPattern("MM-dd-yy kk:mm") + .parseDefaulting(ChronoField.SECOND_OF_MINUTE, 0) + .toFormatter() + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.US), + new DateTimeFormatterBuilder() + .parseCaseInsensitive() + .appendPattern("dd-MMM-yyyy HH:mm:ss") + .toFormatter() + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.US), + new DateTimeFormatterBuilder() + .parseCaseInsensitive() + .appendPattern("d-MMM-yyyy HH:mm:ss") + .toFormatter() + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.US), + new DateTimeFormatterBuilder() + .parseCaseInsensitive() + .appendPattern("dd MMM HH:mm") + .parseDefaulting(ChronoField.YEAR, Year.now().getValue()) + .parseDefaulting(ChronoField.SECOND_OF_MINUTE, 0) + .toFormatter() + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.US), + new DateTimeFormatterBuilder() + .appendPattern("dd-MM-yy hh:mma") + .parseDefaulting(ChronoField.SECOND_OF_MINUTE, 0) + .toFormatter() + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.US), + new DateTimeFormatterBuilder() + .appendPattern("dd-MM-yy") + .parseDefaulting(ChronoField.HOUR_OF_DAY, 0) + .parseDefaulting(ChronoField.MINUTE_OF_HOUR, 0) + .parseDefaulting(ChronoField.SECOND_OF_MINUTE, 0) + .toFormatter() + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.US), + new DateTimeFormatterBuilder() + .appendPattern("M'\u6708' d'\u65e5' HH:mm") + .parseDefaulting(ChronoField.YEAR, Year.now().getValue()) + .parseDefaulting(ChronoField.SECOND_OF_MINUTE, 0) + .toFormatter() + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.US), + new DateTimeFormatterBuilder() + .appendPattern("M'\u6708' d'\u65e5' yyyy'\u5e74'") + .parseDefaulting(ChronoField.HOUR_OF_DAY, 0) + .parseDefaulting(ChronoField.MINUTE_OF_HOUR, 0) + .parseDefaulting(ChronoField.SECOND_OF_MINUTE, 0) + .toFormatter() + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.US), + new DateTimeFormatterBuilder() + .appendPattern("yyyy-MM-dd HH:mm") + .parseDefaulting(ChronoField.SECOND_OF_MINUTE, 0) + .toFormatter() + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.US), + new DateTimeFormatterBuilder() + .appendPattern("yyyy/MM/dd HH:mm") + .parseDefaulting(ChronoField.SECOND_OF_MINUTE, 0) + .toFormatter() + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.US) + ); + + private DateTimeFormatter customDateTimeFormatter; + + @Override + public void configure(FTPClientConfig config) { + String pattern = config.getDefaultDateFormatStr(); + DateTimeFormatterBuilder dateTimeFormatterBuilder = new DateTimeFormatterBuilder(); + if (pattern != null) { + dateTimeFormatterBuilder.appendPattern(pattern); + if (!pattern.contains("yy")) { + dateTimeFormatterBuilder.parseDefaulting(ChronoField.YEAR, Year.now().getValue()); + } + } + dateTimeFormatterBuilder.parseDefaulting(ChronoField.HOUR_OF_DAY, 0) + .parseDefaulting(ChronoField.MINUTE_OF_HOUR, 0) + .parseDefaulting(ChronoField.SECOND_OF_MINUTE, 0); + customDateTimeFormatter = dateTimeFormatterBuilder + .toFormatter() + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.US); + } + + @Override + public ZonedDateTime parseTimestamp(String timestampStr) { + DateTimeParseException exception = null; + for (DateTimeFormatter df : FORMATTER_LIST) { + try { + ZonedDateTime zonedDateTime = ZonedDateTime.parse(timestampStr, df); + if (zonedDateTime.isAfter(ZonedDateTime.now())) { + zonedDateTime = zonedDateTime.minusYears(1L); + } + if (zonedDateTime.isAfter(ZonedDateTime.now().plusYears(1L))) { + zonedDateTime = zonedDateTime.minusYears(99L); + } + return zonedDateTime; + } catch (DateTimeParseException e1) { + if (exception == null) { + exception = e1; + } + } + } + logger.warning("unrecognized time stamp: " + timestampStr); + if (customDateTimeFormatter != null) { + try { + return ZonedDateTime.parse(timestampStr, customDateTimeFormatter); + } catch (DateTimeParseException e1) { + exception = e1; + } + } + if (exception != null) { + throw exception; + } + return null; + } +} diff --git a/files-ftp/src/test/java/org/xbib/io/ftp/client/FTPClientConfigFunctionalTest.java b/files-ftp/src/test/java/org/xbib/io/ftp/client/FTPClientConfigFunctionalTest.java new file mode 100644 index 0000000..794dfb4 --- /dev/null +++ b/files-ftp/src/test/java/org/xbib/io/ftp/client/FTPClientConfigFunctionalTest.java @@ -0,0 +1,96 @@ +package org.xbib.io.ftp.client; + +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assertions.fail; +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.Test; +import java.time.ZonedDateTime; +import java.util.Comparator; +import java.util.Set; +import java.util.TreeSet; + +/* + * This test was contributed in a different form by W. McDonald Buck + * of Boulder, Colorado, to help fix some bugs with the FTPClientConfig + * in a real world setting. It is a perfect functional test for the + * Time Zone functionality of FTPClientConfig. + * + * A publicly accessible FTP server at the US National Oceanographic and + * Atmospheric Adminstration houses a directory which contains + * 300 files, named sn.0000 to sn.0300. Every ten minutes or so + * the next file in sequence is rewritten with new data. Thus the directory + * contains observations for more than 24 hours of data. Since the server + * has its clock set to GMT this is an excellent functional test for any + * machine in a different time zone. + * + * Noteworthy is the fact that the ftp routines in some web browsers don't + * work as well as this. They can't, since they have no way of knowing the + * server's time zone. Depending on the local machine's position relative + * to GMT and the time of day, the browsers may decide that a timestamp + * would be in the future if given the current year, so they assume the + * year to be last year. This illustrates the value of FTPClientConfig's + * time zone functionality. + */ + +public class FTPClientConfigFunctionalTest { + + private static FTPClient ftpClient = new FTPClient(); + + private static FTPClientConfig ftpClientConfig; + + @BeforeAll + public static void setUp() throws Exception { + ftpClientConfig = new FTPClientConfig(FTPClientConfig.SYST_UNIX); + ftpClientConfig.setServerTimeZoneId("GMT"); + ftpClient.configure(ftpClientConfig); + ftpClient.connect("tgftp.nws.noaa.gov"); + ftpClient.login("anonymous","testing@apache.org"); + ftpClient.changeWorkingDirectory("SL.us008001/DF.an/DC.sflnd/DS.metar"); + ftpClient.enterLocalPassiveMode(); + } + + @AfterAll + public static void tearDown() throws Exception { + ftpClient.disconnect(); + } + + private Set getSortedList(FTPFile[] files) { + Set sorted = new TreeSet<>(Comparator.comparing(FTPFile::getTimestamp)); + for (FTPFile file : files) { + if (file.getName().startsWith("sn")) { + sorted.add(file); + } + } + return sorted; + } + + @Test + public void testTimeZoneFunctionality() throws Exception { + FTPFile[] files = ftpClient.listFiles(); + Set sorted = getSortedList(files); + FTPFile lastfile = null; + FTPFile firstfile = null; + for (FTPFile thisfile : sorted) { + if (firstfile == null) { + firstfile = thisfile; + } + if (lastfile != null) { + assertTrue(lastfile.getTimestamp().isBefore(thisfile.getTimestamp())); + } + lastfile = thisfile; + } + if (firstfile == null) { + fail("No files found"); + } else { + assertTrue(lastfile.getTimestamp().isBefore(ZonedDateTime.now())); + ZonedDateTime first = firstfile.getTimestamp(); + first = first.plusDays(2); + assertTrue(lastfile.getTimestamp().isAfter(first), lastfile.getTimestamp() + " after "+ first); + } + } +} + + + + diff --git a/files-ftp/src/test/java/org/xbib/io/ftp/client/FTPClientConfigTest.java b/files-ftp/src/test/java/org/xbib/io/ftp/client/FTPClientConfigTest.java new file mode 100644 index 0000000..1bee82d --- /dev/null +++ b/files-ftp/src/test/java/org/xbib/io/ftp/client/FTPClientConfigTest.java @@ -0,0 +1,174 @@ +package org.xbib.io.ftp.client; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.fail; +import org.junit.jupiter.api.Test; +import java.text.DateFormatSymbols; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.Date; +import java.util.Locale; + +public class FTPClientConfigTest { + + private static final String A = "A"; + private static final String B = "B"; + private static final String C = "C"; + private static final String D = "D"; + private static final String E = "E"; + private static final String F = "F"; + + private static final String badDelim = "jan,feb,mar,apr,may,jun,jul,aug.sep,oct,nov,dec"; + private static final String tooLong = "jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec|jan"; + private static final String tooShort = "jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov"; + private static final String fakeLang = "abc|def|ghi|jkl|mno|pqr|stu|vwx|yza|bcd|efg|hij"; + + /* + * Class under test for void FTPClientConfig(String) + */ + @Test + public void testFTPClientConfigString() { + FTPClientConfig config = new FTPClientConfig(FTPClientConfig.SYST_VMS); + assertEquals(FTPClientConfig.SYST_VMS, config.getServerSystemKey()); + assertNull(config.getDefaultDateFormatStr()); + assertNull(config.getRecentDateFormatStr()); + assertNull(config.getShortMonthNames()); + assertNull(config.getServerTimeZoneId()); + assertNull(config.getServerLanguageCode()); + } + + + /* + * Class under test for void FTPClientConfig(String, String, String, String, String, String) + */ + @Test + public void testFTPClientConfigStringStringStringStringStringString() { + FTPClientConfig conf = new FTPClientConfig(A,B,C,D,E,F); + + assertEquals("A", conf.getServerSystemKey()); + assertEquals("B", conf.getDefaultDateFormatStr()); + assertEquals("C", conf.getRecentDateFormatStr()); + assertEquals("E", conf.getShortMonthNames()); + assertEquals("F", conf.getServerTimeZoneId()); + assertEquals("D", conf.getServerLanguageCode()); + } + + @Test + public void testLookupDateFormatSymbols() { + DateFormatSymbols dfs1 = null; + DateFormatSymbols dfs2 = null; + DateFormatSymbols dfs3 = null; + DateFormatSymbols dfs4 = null; + + + try { + dfs1 = FTPClientConfig.lookupDateFormatSymbols("fr"); + } catch (IllegalArgumentException e){ + fail("french"); + } + + try { + dfs2 = FTPClientConfig.lookupDateFormatSymbols("sq"); + } catch (IllegalArgumentException e){ + fail("albanian"); + } + + try { + dfs3 = FTPClientConfig.lookupDateFormatSymbols("ru"); + } catch (IllegalArgumentException e){ + fail("unusupported.default.to.en"); + } + try { + dfs4 = FTPClientConfig.lookupDateFormatSymbols(fakeLang); + } catch (IllegalArgumentException e){ + fail("not.language.code.but.defaults"); + } + + assertEquals(dfs3,dfs4); + + SimpleDateFormat sdf1 = new SimpleDateFormat("d MMM yyyy", dfs1); + SimpleDateFormat sdf2 = new SimpleDateFormat("MMM dd, yyyy", dfs2); + SimpleDateFormat sdf3 = new SimpleDateFormat("MMM dd, yyyy", dfs3); + Date d1 = null; + Date d2 = null; + Date d3 = null; + try { + d1 = sdf1.parse("31 d\u00e9c 2004"); + } catch (ParseException px) { + fail("failed.to.parse.french"); + } + try { + d2 = sdf2.parse("dhj 31, 2004"); + } catch (ParseException px) { + fail("failed.to.parse.albanian"); + } + try { + d3 = sdf3.parse("DEC 31, 2004"); + } catch (ParseException px) { + fail("failed.to.parse.'russian'"); + } + assertEquals(d1, d2, "different.parser.same.date"); + assertEquals(d1, d3, "different.parser.same.date"); + } + + @Test + public void testGetDateFormatSymbols() { + + try { + FTPClientConfig.getDateFormatSymbols(badDelim); + fail("bad delimiter"); + } catch (IllegalArgumentException e){ + // should have failed + } + try { + FTPClientConfig.getDateFormatSymbols(tooLong); + fail("more than 12 months"); + } catch (IllegalArgumentException e){ + // should have failed + } + try { + FTPClientConfig.getDateFormatSymbols(tooShort); + fail("fewer than 12 months"); + } catch (IllegalArgumentException e){ + // should have failed + } + DateFormatSymbols dfs2 = null; + try { + dfs2 = FTPClientConfig.getDateFormatSymbols(fakeLang); + } catch (Exception e){ + fail("rejected valid short month string"); + } + SimpleDateFormat sdf1 = + new SimpleDateFormat("MMM dd, yyyy", Locale.ENGLISH); + SimpleDateFormat sdf2 = new SimpleDateFormat("MMM dd, yyyy", dfs2); + + Date d1 = null; + Date d2 = null; + try { + d1 = sdf1.parse("dec 31, 2004"); + } catch (ParseException px) { + fail("failed.to.parse.std"); + } + try { + d2 = sdf2.parse("hij 31, 2004"); + } catch (ParseException px) { + fail("failed.to.parse.weird"); + } + + assertEquals(d1, d2, "different.parser.same.date"); + + try { + sdf1.parse("hij 31, 2004"); + fail("should.have.failed.to.parse.weird"); + } catch (ParseException px) { + // expected + } + try { + sdf2.parse("dec 31, 2004"); + fail("should.have.failed.to.parse.standard"); + } catch (ParseException px) { + // expected + } + } +} diff --git a/files-ftp/src/test/java/org/xbib/io/ftp/client/FTPClientTest.java b/files-ftp/src/test/java/org/xbib/io/ftp/client/FTPClientTest.java new file mode 100644 index 0000000..cc5e502 --- /dev/null +++ b/files-ftp/src/test/java/org/xbib/io/ftp/client/FTPClientTest.java @@ -0,0 +1,180 @@ +package org.xbib.io.ftp.client; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNotSame; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertSame; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.net.InetAddress; +import java.net.UnknownHostException; + +import org.junit.jupiter.api.Test; +import org.xbib.io.ftp.client.parser.UnixFTPEntryParser; + +public class FTPClientTest { + + private static final String[] TESTS = { + "257 /path/without/quotes", + "/path/without/quotes", + + "257 \"/path/with/delimiting/quotes/without/commentary\"", + "/path/with/delimiting/quotes/without/commentary", + + "257 \"/path/with/quotes\"\" /inside/but/without/commentary\"", + "/path/with/quotes\" /inside/but/without/commentary", + + "257 \"/path/with/quotes\"\" /inside/string\" and with commentary", + "/path/with/quotes\" /inside/string", + + "257 \"/path/with/quotes\"\" /inside/string\" and with commentary that also \"contains quotes\"", + "/path/with/quotes\" /inside/string", + + "257 \"/path/without/trailing/quote", // invalid syntax, return all after reply code prefix + "\"/path/without/trailing/quote", + + "257 root is current directory.", // NET-442 + "root is current directory.", + + "257 \"/\"", // NET-502 + "/", + }; + + @Test + public void testParseClient() { + for(int i = 0; i < TESTS.length; i += 2) { + assertEquals(TESTS[i+1], FTPClient.__parsePathname(TESTS[i]), "Failed to parse"); + } + } + + @Test + public void testParserCachingWithKey() throws Exception { + FTPClient client = new FTPClient(); + assertNull(client.getFileEntryParser()); + client.createParser(FTPClientConfig.SYST_UNIX); + final FTPFileEntryParser entryParserSYST = client.getFileEntryParser(); + assertNotNull(entryParserSYST); + client.createParser(FTPClientConfig.SYST_UNIX); + assertSame(entryParserSYST, client.getFileEntryParser()); // the previous entry was cached + client.createParser(FTPClientConfig.SYST_VMS); + final FTPFileEntryParser entryParserVMS = client.getFileEntryParser(); + assertNotSame(entryParserSYST, entryParserVMS); // the previous entry was replaced + client.createParser(FTPClientConfig.SYST_VMS); + assertSame(entryParserVMS, client.getFileEntryParser()); // the previous entry was cached + client.createParser(FTPClientConfig.SYST_UNIX); // revert + assertNotSame(entryParserVMS, client.getFileEntryParser()); // the previous entry was replaced + } + + @Test + public void testParserCachingNullKey() throws Exception { + LocalClient client = new LocalClient(); + client.setSystemType(FTPClientConfig.SYST_UNIX); + assertNull(client.getFileEntryParser()); + client.createParser(null); + final FTPFileEntryParser entryParser = client.getFileEntryParser(); + assertNotNull(entryParser); + client.createParser(null); + assertSame(entryParser, client.getFileEntryParser()); // parser was cached + client.setSystemType(FTPClientConfig.SYST_NT); + client.createParser(null); + assertSame(entryParser, client.getFileEntryParser()); // parser was cached + } + + @Test + public void testUnparseableFiles() throws Exception { + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + baos.write("-rwxr-xr-x 2 root root 4096 Mar 2 15:13 zxbox".getBytes()); + baos.write(new byte[]{'\r','\n'}); + baos.write("zrwxr-xr-x 2 root root 4096 Mar 2 15:13 zxbox".getBytes()); + baos.write(new byte[]{'\r','\n'}); + FTPFileEntryParser parser = new UnixFTPEntryParser(); + FTPClientConfig config = new FTPClientConfig(); + FTPListParseEngine engine = new FTPListParseEngine(parser, config); + config.setUnparseableEntries(false); + engine.readServerList(new ByteArrayInputStream(baos.toByteArray()), null); // use default encoding + FTPFile[] files = engine.getFiles(); + assertEquals(1, files.length); + config.setUnparseableEntries(true); + engine = new FTPListParseEngine(parser, config ); + engine.readServerList(new ByteArrayInputStream(baos.toByteArray()), null); // use default encoding + files = engine.getFiles(); + assertEquals(2, files.length); + } + + @Test + public void testParsePassiveModeReplyForLocalAddressWithNatWorkaround() throws Exception { + FTPClient client = new PassiveNatWorkAroundLocalClient("8.8.8.8"); + client._parsePassiveModeReply("227 Entering Passive Mode (172,16,204,138,192,22)."); + assertEquals("8.8.8.8", client.getPassiveHost()); + } + + @Test + public void testParsePassiveModeReplyForNonLocalAddressWithNatWorkaround() throws Exception { + FTPClient client = new PassiveNatWorkAroundLocalClient("8.8.8.8"); + client._parsePassiveModeReply("227 Entering Passive Mode (8,8,4,4,192,22)."); + assertEquals("8.8.4.4", client.getPassiveHost()); + } + + @Test + public void testParsePassiveModeReplyForLocalAddressWithoutNatWorkaroundStrategy() throws Exception { + FTPClient client = new PassiveNatWorkAroundLocalClient("8.8.8.8"); + client.setPassiveNatWorkaroundStrategy(null); + client._parsePassiveModeReply("227 Entering Passive Mode (172,16,204,138,192,22)."); + assertEquals("172.16.204.138", client.getPassiveHost()); + } + + @Test + public void testParsePassiveModeReplyForNonLocalAddressWithoutNatWorkaroundStrategy() throws Exception { + FTPClient client = new PassiveNatWorkAroundLocalClient("8.8.8.8"); + client.setPassiveNatWorkaroundStrategy(null); + client._parsePassiveModeReply("227 Entering Passive Mode (8,8,4,4,192,22)."); + assertEquals("8.8.4.4", client.getPassiveHost()); + } + + @Test + public void testParsePassiveModeReplyForLocalAddressWithSimpleNatWorkaroundStrategy() throws Exception { + FTPClient client = new PassiveNatWorkAroundLocalClient("8.8.8.8"); + client.setPassiveNatWorkaroundStrategy(new FTPClient.HostnameResolver() { + @Override + public String resolve(String hostname) throws UnknownHostException { + return "4.4.4.4"; + } + }); + client._parsePassiveModeReply("227 Entering Passive Mode (172,16,204,138,192,22)."); + assertEquals("4.4.4.4", client.getPassiveHost()); + } + + + private static class PassiveNatWorkAroundLocalClient extends FTPClient { + + private final String passiveModeServerIP; + + public PassiveNatWorkAroundLocalClient(String passiveModeServerIP) { + this.passiveModeServerIP = passiveModeServerIP; + } + + @Override + public InetAddress getRemoteAddress() { + try { + return InetAddress.getByName(passiveModeServerIP); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + } + + private static class LocalClient extends FTPClient { + + private String systemType; + + @Override + public String getSystemType() { + return systemType; + } + + public void setSystemType(String type) { + systemType = type; + } + } +} diff --git a/files-ftp/src/test/java/org/xbib/io/ftp/client/ListingFunctionalTest.java b/files-ftp/src/test/java/org/xbib/io/ftp/client/ListingFunctionalTest.java new file mode 100644 index 0000000..108a98d --- /dev/null +++ b/files-ftp/src/test/java/org/xbib/io/ftp/client/ListingFunctionalTest.java @@ -0,0 +1,138 @@ +package org.xbib.io.ftp.client; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertTrue; +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.Disabled; +import org.junit.jupiter.api.Test; +import java.io.IOException; +import java.util.Arrays; +import java.util.Iterator; +import java.util.List; + +/** + * A functional test suite for checking that site listings work. + */ +@Disabled +public class ListingFunctionalTest { + + private static FTPClient client; + private static final String hostName = "ftp.ibiblio.org"; + private static final String validParserKey = "unix"; + private static final String invalidParserKey = "vms"; + private static final String validFilename = "javaio.jar"; + private static final String validPath = "pub/languages/java/javafaq"; + private static final String pwdPath = "/pub/languages/java/javafaq"; + + @BeforeAll + public static void setUp() throws Exception { + client = new FTPClient(); + client.connect(hostName); + client.login("anonymous", "anonymous"); + client.enterLocalPassiveMode(); + } + + @AfterAll + public static void tearDown() throws Exception { + client.logout(); + if (client.isConnected()) { + client.disconnect(); + } + client = null; + } + + @Test + public void testInitiateListParsing() throws IOException { + client.changeWorkingDirectory(validPath); + FTPListParseEngine engine = client.initiateListParsing(); + List files = Arrays.asList(engine.getNext(25)); + assertTrue(findByName(files, validFilename), files.toString()); + } + + @Test + public void testInitiateListParsingWithPath() throws IOException { + FTPListParseEngine engine = client.initiateListParsing(validParserKey, validPath); + List files = Arrays.asList(engine.getNext(25)); + assertTrue(findByName(files, validFilename), files.toString()); + } + + @Test + public void testInitiateListParsingWithPathAndAutodetection() throws IOException { + FTPListParseEngine engine = client.initiateListParsing(validPath); + List files = Arrays.asList(engine.getNext(25)); + assertTrue(findByName(files, validFilename), files.toString()); + } + + @Test + public void testListFiles() throws IOException { + FTPClientConfig config = new FTPClientConfig(validParserKey); + client.configure(config); + List files = Arrays.asList(client.listFiles(validPath)); + assertTrue(findByName(files, validFilename), files.toString()); + } + + @Test + public void testListFilesWithAutodection() throws IOException { + client.changeWorkingDirectory(validPath); + List files = Arrays.asList(client.listFiles()); + assertTrue(findByName(files, validFilename), files.toString()); + } + + @Test + public void testListFilesWithIncorrectParser() throws IOException { + FTPClientConfig config = new FTPClientConfig(invalidParserKey); + client.configure(config); + FTPFile[] files = client.listFiles(validPath); + assertNotNull(files); + assertTrue(Arrays.equals(new FTPFile[]{}, files), "Expected empty array: " + Arrays.toString(files)); + } + + @Test + public void testListFilesWithPathAndAutodetection() throws IOException { + List files = Arrays.asList(client.listFiles(validPath)); + assertTrue(findByName(files, validFilename), files.toString()); + } + + @Test + public void testListNames() throws IOException { + client.changeWorkingDirectory(validPath); + String[] names = client.listNames(); + assertNotNull(names); + List lnames = Arrays.asList(names); + assertTrue(lnames.contains(validFilename), lnames.toString()); + } + + @Test + public void testListNamesWithPath() throws IOException { + String[] listNames = client.listNames(validPath); + assertNotNull(listNames, "listNames not null"); + List names = Arrays.asList(listNames); + assertTrue(findByName(names, validFilename), names.toString()); + } + + @Test + public void testPrintWorkingDirectory() throws IOException { + client.changeWorkingDirectory(validPath); + String pwd = client.printWorkingDirectory(); + assertEquals(pwdPath, pwd); + } + + + private boolean findByName(List fileList, String string) { + boolean found = false; + Iterator iter = fileList.iterator(); + while (iter.hasNext() && !found) { + Object element = iter.next(); + if (element instanceof FTPFile) { + FTPFile file = (FTPFile) element; + found = file.getName().equals(string); + } else { + String filename = (String) element; + found = filename.endsWith(string); + } + } + return found; + } +} diff --git a/files-ftp/src/test/java/org/xbib/io/ftp/client/TestConnectTimeout.java b/files-ftp/src/test/java/org/xbib/io/ftp/client/TestConnectTimeout.java new file mode 100644 index 0000000..41db75b --- /dev/null +++ b/files-ftp/src/test/java/org/xbib/io/ftp/client/TestConnectTimeout.java @@ -0,0 +1,25 @@ +package org.xbib.io.ftp.client; + +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assertions.fail; +import org.junit.jupiter.api.Test; +import java.io.IOException; +import java.net.ConnectException; +import java.net.SocketException; +import java.net.SocketTimeoutException; +import java.net.UnknownHostException; + +public class TestConnectTimeout { + + @Test + public void testConnectTimeout() throws SocketException, IOException { + FTPClient client = new FTPClient(); + client.setConnectTimeout(1000); + try { + client.connect("www.apache.org", 1234); + fail("Expecting an Exception"); + } catch (ConnectException | SocketTimeoutException | UnknownHostException se) { + assertTrue(true); + } // Not much we can do about this, we may be firewalled + } +} diff --git a/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/DefaultFTPFileEntryParserFactoryTest.java b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/DefaultFTPFileEntryParserFactoryTest.java new file mode 100644 index 0000000..5348e0c --- /dev/null +++ b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/DefaultFTPFileEntryParserFactoryTest.java @@ -0,0 +1,119 @@ +package org.xbib.io.ftp.client.parser; + +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assertions.fail; +import org.junit.jupiter.api.Test; +import org.xbib.io.ftp.client.FTPClientConfig; +import org.xbib.io.ftp.client.FTPFileEntryParser; + + +public class DefaultFTPFileEntryParserFactoryTest { + + @Test + public void testDefaultParserFactory() { + DefaultFTPFileEntryParserFactory factory = new DefaultFTPFileEntryParserFactory(); + FTPFileEntryParser parser = factory.createFileEntryParser("unix"); + assertTrue(parser instanceof UnixFTPEntryParser); + parser = factory.createFileEntryParser("UNIX"); + assertTrue(parser instanceof UnixFTPEntryParser); + assertFalse(((UnixFTPEntryParser)parser).trimLeadingSpaces); + parser = factory.createFileEntryParser("UNIX_LTRIM"); + assertTrue(parser instanceof UnixFTPEntryParser); + assertTrue(((UnixFTPEntryParser)parser).trimLeadingSpaces); + parser = factory.createFileEntryParser("Unix"); + assertTrue(parser instanceof UnixFTPEntryParser); + parser = factory.createFileEntryParser("EnterpriseUnix"); + assertTrue(parser instanceof UnixFTPEntryParser); + parser = factory.createFileEntryParser("UnixFTPEntryParser"); + assertTrue(parser instanceof UnixFTPEntryParser); + try { + parser = factory.createFileEntryParser("NT"); + fail("Exception should have been thrown. \"NT\" is not a recognized key"); + } catch (ParserInitializationException pie) { + assertNull(pie.getCause()); + assertTrue(pie.getMessage().contains("Unknown parser type:"), pie.getMessage()+ "should contain 'Unknown parser type:'"); + } + parser = factory.createFileEntryParser("WindowsNT"); + assertTrue(parser instanceof CompositeFileEntryParser); + parser = factory.createFileEntryParser("ThigaVMSaMaJig"); + assertTrue(parser instanceof VMSFTPEntryParser); + parser = factory.createFileEntryParser("OS/2"); + assertTrue(parser instanceof OS2FTPEntryParser); + parser = factory.createFileEntryParser("OS/400"); + assertTrue(parser instanceof CompositeFileEntryParser); + parser = factory.createFileEntryParser("AS/400"); + assertTrue(parser instanceof CompositeFileEntryParser); + parser = factory.createFileEntryParser("UNKNOWN Type: L8"); + try { + parser = factory.createFileEntryParser("OS2FTPFileEntryParser"); + fail("Exception should have been thrown. \"OS2FTPFileEntryParser\" is not a recognized key"); + } catch (ParserInitializationException pie) { + assertNull(pie.getCause()); + } + parser = factory.createFileEntryParser("org.xbib.io.ftp.client.parser.OS2FTPEntryParser"); + assertTrue(parser instanceof OS2FTPEntryParser); + try { + factory.createFileEntryParser("org.xbib.io.ftp.client.parser.DefaultFTPFileEntryParserFactory"); + fail("Exception should have been thrown. \"DefaultFTPFileEntryParserFactory\" does not implement FTPFileEntryParser"); + } catch (ParserInitializationException pie) { + Throwable root = pie.getCause(); + assertTrue(root instanceof ClassCastException); + } + try { + // Class exists, but is an interface + factory.createFileEntryParser("org.xbib.io.ftp.client.parser.FTPFileEntryParserFactory"); + fail("ParserInitializationException should have been thrown."); + } catch (ParserInitializationException pie) { + Throwable root = pie.getCause(); + assertTrue(root instanceof NoSuchMethodException); + } + try { + // Class exists, but is abstract + factory.createFileEntryParser("org.xbib.io.ftp.client.FTPFileEntryParserImpl"); + fail("ParserInitializationException should have been thrown."); + } catch (ParserInitializationException pie) { + Throwable root = pie.getCause(); + assertTrue(root instanceof InstantiationException); + } + } + + private void checkParserClass(FTPFileEntryParserFactory fact, String key, Class expected){ + FTPClientConfig config = key == null ? new FTPClientConfig() : new FTPClientConfig(key); + FTPFileEntryParser parser = fact.createFileEntryParser(config); + assertNotNull(parser); + assertTrue(expected.isInstance(parser), "Expected "+expected.getCanonicalName()+" got "+parser.getClass().getCanonicalName()); + } + + @Test + public void testDefaultParserFactoryConfig() throws Exception { + DefaultFTPFileEntryParserFactory factory = new DefaultFTPFileEntryParserFactory(); + try { + factory.createFileEntryParser((FTPClientConfig)null); + fail("Expected NullPointerException"); + } catch (NullPointerException npe) { + // expected + } + checkParserClass(factory, null, UnixFTPEntryParser.class); + checkParserClass(factory, FTPClientConfig.SYST_OS400, OS400FTPEntryParser.class); + checkParserClass(factory, FTPClientConfig.SYST_AS400, CompositeFileEntryParser.class); + checkParserClass(factory, FTPClientConfig.SYST_L8, UnixFTPEntryParser.class); + checkParserClass(factory, FTPClientConfig.SYST_MVS, MVSFTPEntryParser.class); + checkParserClass(factory, FTPClientConfig.SYST_NETWARE, NetwareFTPEntryParser.class); + checkParserClass(factory, FTPClientConfig.SYST_NT, NTFTPEntryParser.class); + checkParserClass(factory, FTPClientConfig.SYST_OS2, OS2FTPEntryParser.class); + checkParserClass(factory, FTPClientConfig.SYST_UNIX, UnixFTPEntryParser.class); + checkParserClass(factory, FTPClientConfig.SYST_VMS, VMSFTPEntryParser.class); + checkParserClass(factory, FTPClientConfig.SYST_MACOS_PETER, MacOsPeterFTPEntryParser.class); + checkParserClass(factory, "WINDOWS", NTFTPEntryParser.class); // Same as SYST_NT + // This is the way it works at present; config matching is exact + checkParserClass(factory, "Windows", CompositeFileEntryParser.class); + checkParserClass(factory, "OS/400", OS400FTPEntryParser.class); // Same as SYST_OS400 + // This is the way it works at present; config matching is exact + checkParserClass(factory, "OS/400 v1", CompositeFileEntryParser.class); + // Note: exact matching via config is the only way to generate NTFTPEntryParser and OS400FTPEntryParser + // using DefaultFTPFileEntryParserFactory + } +} diff --git a/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/EnterpriseUnixFTPEntryParserTest.java b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/EnterpriseUnixFTPEntryParserTest.java new file mode 100644 index 0000000..bef5243 --- /dev/null +++ b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/EnterpriseUnixFTPEntryParserTest.java @@ -0,0 +1,146 @@ +package org.xbib.io.ftp.client.parser; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; +import org.junit.jupiter.api.Test; +import org.xbib.io.ftp.client.FTPFile; + +import java.time.Month; +import java.time.ZonedDateTime; +import java.time.format.DateTimeParseException; +import java.time.temporal.ChronoUnit; +import java.util.EnumSet; + +/** + * Tests the EnterpriseUnixFTPEntryParser + */ +public class EnterpriseUnixFTPEntryParserTest { + + private static final String[] BADSAMPLES = + { + "zrwxr-xr-x 2 root root 4096 Mar 2 15:13 zxbox", + "dxrwr-xr-x 2 root root 4096 Aug 24 2001 zxjdbc", + "drwxr-xr-x 2 root root 4096 Jam 4 00:03 zziplib", + "drwxr-xr-x 2 root 99 4096 Feb 23 30:01 zzplayer", + "drwxr-xr-x 2 root root 4096 Aug 36 2001 zztpp", + "-rw-r--r-- 1 14 staff 80284 Aug 22 zxJDBC-1.2.3.tar.gz", + "-rw-r--r-- 1 14 staff 119:26 Aug 22 2000 zxJDBC-1.2.3.zip", + "-rw-r--r-- 1 ftp no group 83853 Jan 22 2001 zxJDBC-1.2.4.tar.gz", + "-rw-r--r-- 1ftp nogroup 126552 Jan 22 2001 zxJDBC-1.2.4.zip", + "-rw-r--r-- 1 root root 111325 Apr -7 18:79 zxJDBC-2.0.1b1.tar.gz", + "drwxr-xr-x 2 root root 4096 Mar 2 15:13 zxbox", + "drwxr-xr-x 1 usernameftp 512 Jan 29 23:32 prog", + "drwxr-xr-x 2 root root 4096 Aug 24 2001 zxjdbc", + "drwxr-xr-x 2 root root 4096 Jan 4 00:03 zziplib", + "drwxr-xr-x 2 root 99 4096 Feb 23 2001 zzplayer", + "drwxr-xr-x 2 root root 4096 Aug 6 2001 zztpp", + "-rw-r--r-- 1 14 staff 80284 Aug 22 2000 zxJDBC-1.2.3.tar.gz", + "-rw-r--r-- 1 14 staff 119926 Aug 22 2000 zxJDBC-1.2.3.zip", + "-rw-r--r-- 1 ftp nogroup 83853 Jan 22 2001 zxJDBC-1.2.4.tar.gz", + "-rw-r--r-- 1 ftp nogroup 126552 Jan 22 2001 zxJDBC-1.2.4.zip", + "-rw-r--r-- 1 root root 111325 Apr 27 2001 zxJDBC-2.0.1b1.tar.gz", + "-rw-r--r-- 1 root root 190144 Apr 27 2001 zxJDBC-2.0.1b1.zip", + "drwxr-xr-x 2 root root 4096 Aug 26 20 zztpp", + "drwxr-xr-x 2 root root 4096 Aug 26 201 zztpp", + "drwxr-xr-x 2 root root 4096 Aug 26 201O zztpp", // OH not zero + }; + private static final String[] GOODSAMPLES = + { + "-C--E-----FTP B QUA1I1 18128 41 Aug 12 13:56 QUADTEST", + "-C--E-----FTP A QUA1I1 18128 41 Aug 12 13:56 QUADTEST2", + "-C--E-----FTP A QUA1I1 18128 41 Apr 1 2014 QUADTEST3" + }; + + @Test + public void testBadListing() { + EnterpriseUnixFTPEntryParser parser = new EnterpriseUnixFTPEntryParser(); + for (String test : BADSAMPLES) { + try { + FTPFile f = parser.parseFTPEntry(test); + assertNull(nullFileOrNullDate(f), "Should have Failed to parse <" + test + ">"); + } catch (DateTimeParseException e) { + // + } + } + } + + private FTPFile nullFileOrNullDate(FTPFile f) { + if (f == null) { + return null; + } + if (f.getTimestamp() == null) { + return null; + } + return f; + } + + @Test + public void testGoodListing() { + EnterpriseUnixFTPEntryParser parser = new EnterpriseUnixFTPEntryParser(); + for (String test : GOODSAMPLES) { + FTPFile f = parser.parseFTPEntry(test); + assertNotNull(f, "Failed to parse " + test); + } + } + + @Test + public void testRecentPrecision() { + testPrecision("-C--E-----FTP B QUA1I1 18128 5000000000 Aug 12 13:56 QUADTEST", + EnumSet.of(ChronoUnit.MINUTES, ChronoUnit.HOURS, ChronoUnit.DAYS, ChronoUnit.YEARS)); + } + + @Test + public void testDefaultPrecision() { + testPrecision("-C--E-----FTP B QUA1I1 18128 5000000000 Aug 12 2014 QUADTEST", + EnumSet.of(ChronoUnit.DAYS)); + } + + private void testPrecision(String listEntry, EnumSet units) { + EnterpriseUnixFTPEntryParser parser = new EnterpriseUnixFTPEntryParser(); + FTPFile file = parser.parseFTPEntry(listEntry); + assertNotNull(file, "Could not parse " + listEntry); + ZonedDateTime zonedDateTime = file.getTimestamp(); + assertNotNull(zonedDateTime, "Failed to parse time in " + listEntry); + for (ChronoUnit unit : units) { + assertTrue(zonedDateTime.isSupported(unit), "Expected set " + unit + " in " + listEntry); + } + } + + @Test + public void testParseFieldsOnFile() throws Exception { + EnterpriseUnixFTPEntryParser parser = new EnterpriseUnixFTPEntryParser(); + FTPFile file = parser.parseFTPEntry("-C--E-----FTP B QUA1I1 18128 5000000000 Aug 12 13:56 QUADTEST"); + int year = ZonedDateTime.now().getYear(); + assertTrue(file.isFile()); + assertEquals("QUADTEST", file.getName()); + assertEquals(5000000000L, file.getSize()); + assertEquals("QUA1I1", file.getUser()); + assertEquals("18128", file.getGroup()); + if (ZonedDateTime.now().getMonth().getValue() < Month.AUGUST.getValue()) { + --year; + } + ZonedDateTime timestamp = file.getTimestamp(); + assertEquals(year, timestamp.getYear()); + assertEquals(Month.AUGUST, timestamp.getMonth()); + assertEquals(12, timestamp.getDayOfMonth()); + assertEquals(13, timestamp.getHour()); + assertEquals(56, timestamp.getMinute()); + assertEquals(0, timestamp.getSecond()); + checkPermisions(file); + } + + private void checkPermisions(FTPFile dir) { + assertFalse(dir.hasPermission(FTPFile.USER_ACCESS, FTPFile.READ_PERMISSION), "Owner should not have read permission."); + assertFalse(dir.hasPermission(FTPFile.USER_ACCESS, FTPFile.WRITE_PERMISSION), "Owner should not have write permission."); + assertFalse(dir.hasPermission(FTPFile.USER_ACCESS, FTPFile.EXECUTE_PERMISSION), "Owner should not have execute permission."); + assertFalse(dir.hasPermission(FTPFile.GROUP_ACCESS, FTPFile.READ_PERMISSION), "Group should not have read permission."); + assertFalse(dir.hasPermission(FTPFile.GROUP_ACCESS, FTPFile.WRITE_PERMISSION), "Group should not have write permission."); + assertFalse(dir.hasPermission(FTPFile.GROUP_ACCESS, FTPFile.EXECUTE_PERMISSION), "Group should not have execute permission."); + assertFalse(dir.hasPermission(FTPFile.WORLD_ACCESS, FTPFile.READ_PERMISSION), "World should not have read permission."); + assertFalse(dir.hasPermission(FTPFile.WORLD_ACCESS, FTPFile.WRITE_PERMISSION), "World should not have write permission."); + assertFalse(dir.hasPermission(FTPFile.WORLD_ACCESS, FTPFile.EXECUTE_PERMISSION), "World should not have execute permission."); + } +} diff --git a/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/FTPConfigEntryParserTest.java b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/FTPConfigEntryParserTest.java new file mode 100644 index 0000000..808d9d2 --- /dev/null +++ b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/FTPConfigEntryParserTest.java @@ -0,0 +1,84 @@ +package org.xbib.io.ftp.client.parser; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertTrue; +import org.junit.jupiter.api.Test; +import org.xbib.io.ftp.client.FTPClientConfig; +import org.xbib.io.ftp.client.FTPFile; +import java.time.Year; +import java.time.ZoneId; +import java.time.ZonedDateTime; + +/** + * This is a simple TestCase that tests entry parsing using the new FTPClientConfig + * mechanism. The normal FTPClient cannot handle the different date formats in these + * entries, however using a configurable format, we can handle it easily. + * The original system presenting this issue was an AIX system - see bug #27437 for details. + */ +public class FTPConfigEntryParserTest { + + @Test + public void testParseFieldsOnAIX() { + // Set a date format for this server type + FTPClientConfig config = new FTPClientConfig(FTPClientConfig.SYST_UNIX); + config.setDefaultDateFormatStr("dd MMM HH:mm"); + UnixFTPEntryParser parser = new UnixFTPEntryParser(); + parser.configure(config); + FTPFile f = parser.parseFTPEntry("-rw-r----- 1 ravensm sca 814 02 Mar 16:27 ZMIR2.m"); + assertNotNull(f, "Could not parse entry."); + assertFalse(f.isDirectory(), "Is not a directory."); + assertTrue(f.hasPermission(FTPFile.USER_ACCESS, FTPFile.READ_PERMISSION), "Should have user read permission."); + assertTrue(f.hasPermission(FTPFile.USER_ACCESS, FTPFile.WRITE_PERMISSION), "Should have user write permission."); + assertFalse(f.hasPermission(FTPFile.USER_ACCESS, FTPFile.EXECUTE_PERMISSION), "Should NOT have user execute permission."); + assertTrue(f.hasPermission(FTPFile.GROUP_ACCESS, FTPFile.READ_PERMISSION), "Should have group read permission."); + assertFalse(f.hasPermission(FTPFile.GROUP_ACCESS, FTPFile.WRITE_PERMISSION), "Should NOT have group write permission."); + assertFalse(f.hasPermission(FTPFile.GROUP_ACCESS, FTPFile.EXECUTE_PERMISSION), "Should NOT have group execute permission."); + assertFalse(f.hasPermission(FTPFile.WORLD_ACCESS, FTPFile.READ_PERMISSION), "Should NOT have world read permission."); + assertFalse(f.hasPermission(FTPFile.WORLD_ACCESS, FTPFile.WRITE_PERMISSION), "Should NOT have world write permission."); + assertFalse(f.hasPermission(FTPFile.WORLD_ACCESS, FTPFile.EXECUTE_PERMISSION), "Should NOT have world execute permission."); + assertEquals(1, f.getHardLinkCount()); + assertEquals("ravensm", f.getUser()); + assertEquals("sca", f.getGroup()); + assertEquals("ZMIR2.m", f.getName()); + assertEquals(814, f.getSize()); + ZonedDateTime zonedDateTime = ZonedDateTime.of(Year.now().getValue(), 3, 2, 16, 27, 0, 0, ZoneId.of("UTC")); + if (zonedDateTime.isAfter(ZonedDateTime.now())) { + zonedDateTime = zonedDateTime.minusYears(1); + } + assertEquals(zonedDateTime, f.getTimestamp()); + } + + /** + * This is a new format reported on the mailing lists. Parsing this kind of + * entry necessitated changing the regex in the parser. + */ + @Test + public void testParseEntryWithSymlink() { + FTPClientConfig config = new FTPClientConfig(FTPClientConfig.SYST_UNIX); + config.setDefaultDateFormatStr("yyyy-MM-dd HH:mm"); + UnixFTPEntryParser parser = new UnixFTPEntryParser(); + parser.configure(config); + FTPFile f = parser.parseFTPEntry("lrwxrwxrwx 1 neeme neeme 23 2005-03-02 18:06 macros"); + assertNotNull(f, "Could not parse entry."); + assertFalse(f.isDirectory(), "Is not a directory."); + assertTrue(f.isSymbolicLink(), "Is a symbolic link"); + assertTrue(f.hasPermission(FTPFile.USER_ACCESS, FTPFile.READ_PERMISSION), "Should have user read permission."); + assertTrue(f.hasPermission(FTPFile.USER_ACCESS, FTPFile.WRITE_PERMISSION), "Should have user write permission."); + assertTrue(f.hasPermission(FTPFile.USER_ACCESS, FTPFile.EXECUTE_PERMISSION), "Should have user execute permission."); + assertTrue(f.hasPermission(FTPFile.GROUP_ACCESS, FTPFile.READ_PERMISSION), "Should have group read permission."); + assertTrue(f.hasPermission(FTPFile.GROUP_ACCESS, FTPFile.WRITE_PERMISSION), "Should have group write permission."); + assertTrue(f.hasPermission(FTPFile.GROUP_ACCESS, FTPFile.EXECUTE_PERMISSION),"Should have group execute permission."); + assertTrue(f.hasPermission(FTPFile.WORLD_ACCESS, FTPFile.READ_PERMISSION), "Should have world read permission."); + assertTrue(f.hasPermission(FTPFile.WORLD_ACCESS, FTPFile.WRITE_PERMISSION), "Should have world write permission."); + assertTrue(f.hasPermission(FTPFile.WORLD_ACCESS, FTPFile.EXECUTE_PERMISSION), "Should have world execute permission."); + assertEquals(1, f.getHardLinkCount()); + assertEquals("neeme", f.getUser()); + assertEquals("neeme", f.getGroup()); + assertEquals("macros", f.getName()); + assertEquals(23, f.getSize()); + ZonedDateTime zonedDateTime = ZonedDateTime.of(2005, 3, 2, 18, 6, 0, 0, ZoneId.of("UTC")); + assertEquals(zonedDateTime, f.getTimestamp()); + } +} diff --git a/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/FTPTimestampParserImplTest.java b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/FTPTimestampParserImplTest.java new file mode 100644 index 0000000..2b38a67 --- /dev/null +++ b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/FTPTimestampParserImplTest.java @@ -0,0 +1,433 @@ +package org.xbib.io.ftp.client.parser; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.fail; +import org.junit.jupiter.api.Disabled; +import org.junit.jupiter.api.Test; +import org.xbib.io.ftp.client.FTPClientConfig; +import java.text.Format; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.Calendar; +import java.util.Date; +import java.util.GregorianCalendar; +import java.util.Locale; +import java.util.TimeZone; + +/** + * Test the FTPTimestampParser class. + */ +public class FTPTimestampParserImplTest { + + private static final int TWO_HOURS_OF_MILLISECONDS = 2 * 60 * 60 * 1000; + + @Test + public void testParseTimestamp() { + Calendar cal = Calendar.getInstance(); + cal.add(Calendar.HOUR_OF_DAY, 1); + cal.set(Calendar.SECOND, 0); + cal.set(Calendar.MILLISECOND, 0); + Date anHourFromNow = cal.getTime(); + FTPTimestampParserImpl parser = new FTPTimestampParserImpl(); + SimpleDateFormat sdf = new SimpleDateFormat(parser.getRecentDateFormatString()); + String fmtTime = sdf.format(anHourFromNow); + try { + Calendar parsed = parser.parseTimestamp(fmtTime); + // since the timestamp is ahead of now (by one hour), + // this must mean the file's date refers to a year ago. + assertEquals(1, cal.get(Calendar.YEAR) - parsed.get(Calendar.YEAR), "test.roll.back.year"); + } catch (ParseException e) { + fail("Unable to parse"); + } + } + + @Test + public void testParseTimestampWithSlop() { + Calendar cal = Calendar.getInstance(); + cal.set(Calendar.SECOND, 0); + cal.set(Calendar.MILLISECOND, 0); + Calendar caltemp = (Calendar) cal.clone(); + caltemp.add(Calendar.HOUR_OF_DAY, 1); + Date anHourFromNow = caltemp.getTime(); + caltemp.add(Calendar.DAY_OF_MONTH, 1); + Date anHourFromNowTomorrow = caltemp.getTime(); + FTPTimestampParserImpl parser = new FTPTimestampParserImpl(); + // set the "slop" factor on + parser.setLenientFutureDates(true); + SimpleDateFormat sdf = new SimpleDateFormat(parser.getRecentDateFormatString()); + try { + String fmtTime = sdf.format(anHourFromNow); + Calendar parsed = parser.parseTimestamp(fmtTime); + // the timestamp is ahead of now (by one hour), but + // that's within range of the "slop" factor. + // so the date is still considered this year. + assertEquals(0, cal.get(Calendar.YEAR) - parsed.get(Calendar.YEAR), "test.slop.no.roll.back.year"); + // add a day to get beyond the range of the slop factor. + // this must mean the file's date refers to a year ago. + fmtTime = sdf.format(anHourFromNowTomorrow); + parsed = parser.parseTimestamp(fmtTime); + assertEquals(1, cal.get(Calendar.YEAR) - parsed.get(Calendar.YEAR), "test.slop.roll.back.year"); + } catch (ParseException e) { + fail("Unable to parse"); + } + } + + @Test + public void testNET444() throws Exception { + FTPTimestampParserImpl parser = new FTPTimestampParserImpl(); + parser.setLenientFutureDates(true); + SimpleDateFormat sdf = new SimpleDateFormat(parser.getRecentDateFormatString()); + GregorianCalendar now = new GregorianCalendar(2012, Calendar.FEBRUARY, 28, 12, 0); + GregorianCalendar nowplus1 = new GregorianCalendar(2012, Calendar.FEBRUARY, 28, 13, 0); + // Create a suitable short date + String future1 = sdf.format(nowplus1.getTime()); + Calendar parsed1 = parser.parseTimestamp(future1, now); + assertEquals(nowplus1.get(Calendar.YEAR), parsed1.get(Calendar.YEAR)); + GregorianCalendar nowplus25 = new GregorianCalendar(2012, Calendar.FEBRUARY, 29, 13, 0); + // Create a suitable short date + String future25 = sdf.format(nowplus25.getTime()); + Calendar parsed25 = parser.parseTimestamp(future25, now); + assertEquals(nowplus25.get(Calendar.YEAR) - 1, parsed25.get(Calendar.YEAR)); + } + + @Test + public void testParseTimestampAcrossTimeZones() { + Calendar cal = Calendar.getInstance(); + cal.set(Calendar.SECOND, 0); + cal.set(Calendar.MILLISECOND, 0); + cal.add(Calendar.HOUR_OF_DAY, 1); + Date anHourFromNow = cal.getTime(); + cal.add(Calendar.HOUR_OF_DAY, 2); + Date threeHoursFromNow = cal.getTime(); + cal.add(Calendar.HOUR_OF_DAY, -2); + FTPTimestampParserImpl parser = new FTPTimestampParserImpl(); + // assume we are FTPing a server in Chicago, two hours ahead of + // L. A. + FTPClientConfig config = + new FTPClientConfig(FTPClientConfig.SYST_UNIX); + config.setDefaultDateFormatStr(FTPTimestampParser.DEFAULT_DATE_FORMAT); + config.setRecentDateFormatStr(FTPTimestampParser.DEFAULT_RECENT_DATE_FORMAT); + // 2 hours difference + config.setServerTimeZoneId("America/Chicago"); + config.setLenientFutureDates(false); // NET-407 + parser.configure(config); + SimpleDateFormat sdf = (SimpleDateFormat) parser.getRecentDateFormat().clone(); + // assume we're in the US Pacific Time Zone + TimeZone tzla = TimeZone.getTimeZone("America/Los_Angeles"); + sdf.setTimeZone(tzla); + // get formatted versions of time in L.A. + String fmtTimePlusOneHour = sdf.format(anHourFromNow); + String fmtTimePlusThreeHours = sdf.format(threeHoursFromNow); + try { + Calendar parsed = parser.parseTimestamp(fmtTimePlusOneHour); + // the only difference should be the two hours + // difference, no rolling back a year should occur. + assertEquals(TWO_HOURS_OF_MILLISECONDS, cal.getTime().getTime() - parsed.getTime().getTime(), "no.rollback.because.of.time.zones"); + } catch (ParseException e) { + fail("Unable to parse " + fmtTimePlusOneHour); + } + //but if the file's timestamp is THREE hours ahead of now, that should + //cause a rollover even taking the time zone difference into account. + //Since that time is still later than ours, it is parsed as occurring + //on this date last year. + try { + Calendar parsed = parser.parseTimestamp(fmtTimePlusThreeHours); + // rollback should occur here. + assertEquals(1, cal.get(Calendar.YEAR) - parsed.get(Calendar.YEAR), "rollback.even.with.time.zones"); + } catch (ParseException e) { + fail("Unable to parse" + fmtTimePlusThreeHours); + } + } + + @Test + public void testParser() { + // This test requires an English Locale + Locale locale = Locale.getDefault(); + try { + Locale.setDefault(Locale.ENGLISH); + FTPTimestampParserImpl parser = new FTPTimestampParserImpl(); + try { + parser.parseTimestamp("feb 22 2002"); + } catch (ParseException e) { + fail("failed.to.parse.default"); + } + try { + Calendar c = parser.parseTimestamp("f\u00e9v 22 2002"); + fail("should.have.failed.to.parse.default, but was: " + c.getTime().toString()); + } catch (ParseException e) { + // this is the success case + } + FTPClientConfig config = new FTPClientConfig(); + config.setDefaultDateFormatStr("d MMM yyyy"); + config.setRecentDateFormatStr("d MMM HH:mm"); + config.setServerLanguageCode("fr"); + parser.configure(config); + try { + parser.parseTimestamp("d\u00e9c 22 2002"); + fail("incorrect.field.order"); + } catch (ParseException e) { + // this is the success case + } + try { + parser.parseTimestamp("22 d\u00e9c 2002"); + } catch (ParseException e) { + fail("failed.to.parse.french"); + } + + try { + parser.parseTimestamp("22 dec 2002"); + fail("incorrect.language"); + } catch (ParseException e) { + // this is the success case + } + try { + parser.parseTimestamp("29 f\u00e9v 2002"); + fail("nonexistent.date"); + } catch (ParseException e) { + // this is the success case + } + + try { + parser.parseTimestamp("22 ao\u00fb 30:02"); + fail("bad.hour"); + } catch (ParseException e) { + // this is the success case + } + + try { + parser.parseTimestamp("22 ao\u00fb 20:74"); + fail("bad.minute"); + } catch (ParseException e) { + // this is the success case + } + try { + parser.parseTimestamp("28 ao\u00fb 20:02"); + } catch (ParseException e) { + fail("failed.to.parse.french.recent"); + } + } finally { + Locale.setDefault(locale); + } + } + + /* + * Check how short date is interpreted at a given time. + * Check both with and without lenient future dates + */ + private void checkShortParse(String msg, Calendar serverTime, Calendar input) throws ParseException { + checkShortParse(msg, serverTime, input, false); + checkShortParse(msg, serverTime, input, true); + } + + /* + * Check how short date is interpreted at a given time. + * Check both with and without lenient future dates + */ + private void checkShortParse(String msg, Calendar serverTime, Calendar input, Calendar expected) throws ParseException { + checkShortParse(msg, serverTime, input, expected, false); + checkShortParse(msg, serverTime, input, expected, true); + } + + /** + * Check how short date is interpreted at a given time + * Check only using specified lenient future dates setting + * + * @param msg identifying message + * @param servertime the time at the server + * @param input the time to be converted to a short date, parsed and tested against the full time + * @param lenient whether to use lenient mode or not. + */ + private void checkShortParse(String msg, Calendar servertime, Calendar input, boolean lenient) throws ParseException { + checkShortParse(msg, servertime, input, input, lenient); + } + + /** + * Check how short date is interpreted at a given time + * Check only using specified lenient future dates setting + * + * @param msg identifying message + * @param servertime the time at the server + * @param input the time to be converted to a short date and parsed + * @param expected the expected result from parsing + * @param lenient whether to use lenient mode or not. + */ + private void checkShortParse(String msg, Calendar servertime, Calendar input, Calendar expected, boolean lenient) + throws ParseException { + FTPTimestampParserImpl parser = new FTPTimestampParserImpl(); + parser.setLenientFutureDates(lenient); + SimpleDateFormat shortFormat = parser.getRecentDateFormat(); // It's expecting this format + final String shortDate = shortFormat.format(input.getTime()); + Calendar output = parser.parseTimestamp(shortDate, servertime); + int outyear = output.get(Calendar.YEAR); + int outdom = output.get(Calendar.DAY_OF_MONTH); + int outmon = output.get(Calendar.MONTH); + int inyear = expected.get(Calendar.YEAR); + int indom = expected.get(Calendar.DAY_OF_MONTH); + int inmon = expected.get(Calendar.MONTH); + if (indom != outdom || inmon != outmon || inyear != outyear) { + Format longFormat = new SimpleDateFormat("yyyy-MM-dd hh:mm"); + fail("Test: '" + msg + "' Server=" + longFormat.format(servertime.getTime()) + + ". Failed to parse " + shortDate + (lenient ? " (lenient)" : " (non-lenient)") + + " using " + shortFormat.toPattern() + + ". Actual " + longFormat.format(output.getTime()) + + ". Expected " + longFormat.format(expected.getTime())); + } + } + + @Test + public void testParseShortPastDates1() throws Exception { + GregorianCalendar now = new GregorianCalendar(2001, Calendar.MAY, 30, 12, 0); + checkShortParse("2001-5-30", now, now); // should always work + GregorianCalendar target = (GregorianCalendar) now.clone(); + target.add(Calendar.WEEK_OF_YEAR, -1); + checkShortParse("2001-5-30 -1 week", now, target); + target.add(Calendar.WEEK_OF_YEAR, -12); + checkShortParse("2001-5-30 -13 weeks", now, target); + target.add(Calendar.WEEK_OF_YEAR, -13); + checkShortParse("2001-5-30 -26 weeks", now, target); + } + + @Test + public void testParseShortPastDates2() throws Exception { + GregorianCalendar now = new GregorianCalendar(2004, Calendar.AUGUST, 1, 12, 0); + checkShortParse("2004-8-1", now, now); // should always work + GregorianCalendar target = (GregorianCalendar) now.clone(); + target.add(Calendar.WEEK_OF_YEAR, -1); + checkShortParse("2004-8-1 -1 week", now, target); + target.add(Calendar.WEEK_OF_YEAR, -12); + checkShortParse("2004-8-1 -13 weeks", now, target); + target.add(Calendar.WEEK_OF_YEAR, -13); + checkShortParse("2004-8-1 -26 weeks", now, target); + } + + @Test + public void testParseShortFutureDates1() throws Exception { + GregorianCalendar now = new GregorianCalendar(2001, Calendar.MAY, 30, 12, 0); + checkShortParse("2001-5-30", now, now); // should always work + GregorianCalendar target = (GregorianCalendar) now.clone(); + target.add(Calendar.DAY_OF_MONTH, 1); + checkShortParse("2001-5-30 +1 day", now, target, true); + try { + checkShortParse("2001-5-30 +1 day", now, target, false); + fail("Expected AssertionFailedError"); + } catch (Throwable pe) { + if (pe.getMessage().startsWith("Expected AssertionFailedError")) { // don't swallow our failure + throw pe; + } + } + target.add(Calendar.WEEK_OF_YEAR, 1); + } + + @Test + public void testParseShortFutureDates2() throws Exception { + GregorianCalendar now = new GregorianCalendar(2004, Calendar.AUGUST, 1, 12, 0); + checkShortParse("2004-8-1", now, now); // should always work + GregorianCalendar target = (GregorianCalendar) now.clone(); + target.add(Calendar.DAY_OF_MONTH, 1); + checkShortParse("2004-8-1 +1 day", now, target, true); + try { + checkShortParse("2004-8-1 +1 day", now, target, false); + fail("Expected AssertionFailedError"); + } catch (Throwable pe) { + if (pe.getMessage().startsWith("Expected AssertionFailedError")) { // don't swallow our failure + throw pe; + } + } + } + + @Test + public void testFeb29IfLeapYear() throws Exception { + GregorianCalendar now = new GregorianCalendar(); + final int thisYear = now.get(Calendar.YEAR); + final GregorianCalendar target = new GregorianCalendar(thisYear, Calendar.FEBRUARY, 29); + if (now.isLeapYear(thisYear) && now.after(target) && now.before(new GregorianCalendar(thisYear, Calendar.AUGUST, 29))) { + checkShortParse("Feb 29th", now, target); + } + } + + @Test + public void testFeb29LeapYear() throws Exception { + int year = 2000; // Use same year for current and short date + GregorianCalendar now = new GregorianCalendar(year, Calendar.APRIL, 1, 12, 0); + checkShortParse("Feb 29th 2000", now, new GregorianCalendar(year, Calendar.FEBRUARY, 29)); + } + + @Test + public void testFeb29LeapYear2() throws Exception { + int year = 2000; // Use same year for current and short date + GregorianCalendar now = new GregorianCalendar(year, Calendar.MARCH, 1, 12, 0); + checkShortParse("Feb 29th 2000", now, new GregorianCalendar(year, Calendar.FEBRUARY, 29)); + } + + @Test + public void testFeb29LeapYear3() throws Exception { + int year = 2000; // Use same year for current and short date + GregorianCalendar now = new GregorianCalendar(year, Calendar.FEBRUARY, 29, 12, 0); + checkShortParse("Feb 29th 2000", now, new GregorianCalendar(year, Calendar.FEBRUARY, 29)); + } + + @Test + public void testFeb29LeapYear4() throws Exception { + int year = 2000; // Use same year for current and short date + GregorianCalendar now = new GregorianCalendar(year, Calendar.FEBRUARY, 28, 12, 0); + // Must allow lenient future date here + checkShortParse("Feb 29th 2000", now, new GregorianCalendar(year, Calendar.FEBRUARY, 29), true); + } + + @Test + public void testFeb29NonLeapYear() { + GregorianCalendar server = new GregorianCalendar(1999, Calendar.APRIL, 1, 12, 0); + // Note: we use a known leap year for the target date to avoid rounding up + GregorianCalendar input = new GregorianCalendar(2000, Calendar.FEBRUARY, 29); + GregorianCalendar expected = new GregorianCalendar(1999, Calendar.FEBRUARY, 29); + try { + checkShortParse("Feb 29th 1999", server, input, expected, true); + fail("Should have failed to parse Feb 29th 1999"); + } catch (ParseException pe) { + // expected + } + try { + checkShortParse("Feb 29th 1999", server, input, expected, false); + fail("Should have failed to parse Feb 29th 1999"); + } catch (ParseException pe) { + // expected + } + } + + @Test + @Disabled + public void testNET446() throws Exception { + GregorianCalendar server = new GregorianCalendar(2001, Calendar.JANUARY, 1, 12, 0); + // Note: we use a known leap year for the target date to avoid rounding up + GregorianCalendar input = new GregorianCalendar(2000, Calendar.FEBRUARY, 29); + GregorianCalendar expected = new GregorianCalendar(2000, Calendar.FEBRUARY, 29); + checkShortParse("Feb 29th 2000", server, input, expected); + } + + @Test + public void testParseDec31Lenient() throws Exception { + GregorianCalendar now = new GregorianCalendar(2007, Calendar.DECEMBER, 30, 12, 0); + checkShortParse("2007-12-30", now, now); // should always work + GregorianCalendar target = (GregorianCalendar) now.clone(); + target.add(Calendar.DAY_OF_YEAR, +1); // tomorrow + checkShortParse("2007-12-31", now, target, true); + } + + @Test + public void testParseJan01Lenient() throws Exception { + GregorianCalendar now = new GregorianCalendar(2007, Calendar.DECEMBER, 31, 12, 0); + checkShortParse("2007-12-31", now, now); // should always work + GregorianCalendar target = (GregorianCalendar) now.clone(); + target.add(Calendar.DAY_OF_YEAR, +1); // tomorrow + checkShortParse("2008-1-1", now, target, true); + } + + @Test + public void testParseJan01() throws Exception { + GregorianCalendar now = new GregorianCalendar(2007, Calendar.JANUARY, 1, 12, 0); + checkShortParse("2007-01-01", now, now); // should always work + GregorianCalendar target = new GregorianCalendar(2006, Calendar.DECEMBER, 31, 12, 0); + checkShortParse("2006-12-31", now, target, true); + checkShortParse("2006-12-31", now, target, false); + } +} diff --git a/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/MLSDComparison.java b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/MLSDComparison.java new file mode 100644 index 0000000..f4819e2 --- /dev/null +++ b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/MLSDComparison.java @@ -0,0 +1,121 @@ +package org.xbib.io.ftp.client.parser; + +import org.junit.jupiter.api.Test; +import org.xbib.io.ftp.client.FTP; +import org.xbib.io.ftp.client.FTPClientConfig; +import org.xbib.io.ftp.client.FTPFile; +import org.xbib.io.ftp.client.FTPFileFilters; +import org.xbib.io.ftp.client.FTPListParseEngine; +import java.io.File; +import java.io.FileInputStream; +import java.io.FilenameFilter; +import java.io.InputStream; +import java.time.ZonedDateTime; +import java.util.Arrays; +import java.util.Comparator; + +/** + * Attempt comparison of LIST and MLSD listings + */ +public class MLSDComparison { + + static final String DOWNLOAD_DIR = "build/ftptest"; + + private final Comparator cmp = (o1, o2) -> { + String n1 = o1.getName(); + String n2 = o2.getName(); + return n1.compareTo(n2); + }; + + @Test + public void testFile() throws Exception { + File path = new File(DOWNLOAD_DIR); + FilenameFilter filter = (dir, name) -> name.endsWith("_mlsd.txt"); + File[] files = path.listFiles(filter); + if (files == null) { + return; + } + for (File mlsd : files) { + InputStream is = new FileInputStream(mlsd); + FTPListParseEngine engine = new FTPListParseEngine(MLSxEntryParser.getInstance()); + engine.readServerList(is, FTP.DEFAULT_CONTROL_ENCODING); + FTPFile[] mlsds = engine.getFiles(FTPFileFilters.ALL); + is.close(); + File list = new File(mlsd.getParentFile(), mlsd.getName().replace("_mlsd", "_list")); + is = new FileInputStream(list); + FTPClientConfig cfg = new FTPClientConfig(); + cfg.setServerTimeZoneId("GMT"); + UnixFTPEntryParser parser = new UnixFTPEntryParser(cfg); + engine = new FTPListParseEngine(parser); + engine.readServerList(is, FTP.DEFAULT_CONTROL_ENCODING); + FTPFile[] lists = engine.getFiles(FTPFileFilters.ALL); + is.close(); + compareSortedLists(mlsds, lists); + } + } + + private void compareSortedLists(FTPFile[] lst, FTPFile[] mlst) { + Arrays.sort(lst, cmp); + Arrays.sort(mlst, cmp); + FTPFile first, second; + int firstl = lst.length; + int secondl = mlst.length; + int one = 0, two = 0; + first = lst[one++]; + second = mlst[two++]; + int cmp; + while (one < firstl || two < secondl) { + String rl1 = first.getRawListing(); + String rl2 = second.getRawListing(); + cmp = first.getName().compareTo(second.getName()); + if (cmp == 0) { + if (first.getName().endsWith("HEADER.html")) { + cmp = 0; + } + if (!areEquivalent(first, second)) { + long tdiff = first.getTimestamp().toEpochSecond() - second.getTimestamp().toEpochSecond(); + } + if (one < firstl) { + first = lst[one++]; + } + if (two < secondl) { + second = mlst[two++]; + } + } else if (cmp < 0) { + if (!first.getName().startsWith(".")) { // skip hidden files + System.out.println("1: " + rl1); + } + if (one < firstl) { + first = lst[one++]; + } + } else { + System.out.println("2: " + rl2); + if (two < secondl) { + second = mlst[two++]; + } + } + } + } + + /** + * Compare two instances to see if they are the same, + * ignoring any uninitialised fields. + * + * @param a first instance + * @param b second instance + * @return true if the initialised fields are the same + */ + public boolean areEquivalent(FTPFile a, FTPFile b) { + return a.getName().equals(b.getName()) && + areSame(a.getSize(), b.getSize(), -1L) && + areSame(a.getTimestamp(), b.getTimestamp()); + } + + private boolean areSame(ZonedDateTime a, ZonedDateTime b) { + return a.equals(b); + } + + private boolean areSame(long a, long b, long d) { + return a == d || b == d || a == b; + } +} diff --git a/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/MLSxEntryParserTest.java b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/MLSxEntryParserTest.java new file mode 100644 index 0000000..43da7ba --- /dev/null +++ b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/MLSxEntryParserTest.java @@ -0,0 +1,94 @@ +package org.xbib.io.ftp.client.parser; + +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; +import org.junit.jupiter.api.Test; +import org.xbib.io.ftp.client.FTPFile; +import java.time.ZonedDateTime; +import java.time.format.DateTimeParseException; +import java.time.temporal.ChronoUnit; +import java.util.EnumSet; + +public class MLSxEntryParserTest { + + private static final String[] badsamples = { + "Type=cdir;Modify=20141022065101;UNIX.mode=0775;/no/space", // no space between facts and name + "Type=cdir;Modify=20141022065103;UNIX.mode=0775;", // no name or space + "/no/leading/space", + "", //empty + "Type=cdir;Modify=20141022065102;UNIX.mode=0775; ", // no name + "Type=dir;Size; missing =size", + "Type=dir missing-semicolon", + "Type= missing value and semicolon", + " ", // no path + //"Modify=2014; Short stamp", + "Type=pdir;Modify=20141205180002Z; /trailing chars in Modify", + "Type=dir;Modify=2014102206510x2.999;UNIX.mode=0775; modify has spurious chars", + }; + + private static final String[] goodsamples = { + "Type=cdir;Modify=20141022065102;UNIX.mode=0775; /commons/net", + "Type=pdir;Modify=20141205180002;UNIX.mode=0775; /commons", + "Type=file;Size=431;Modify=20130303210732;UNIX.mode=0664; HEADER.html", + "Type=file;Size=1880;Modify=20130611172748;UNIX.mode=0664; README.html", + "Type=file;Size=2364;Modify=20130611170131;UNIX.mode=0664; RELEASE-NOTES.txt", + "Type=dir;Modify=20141022065102;UNIX.mode=0775; binaries", + // TODO(jprante) re-add this pattern + //"Type=dir;Modify=20141022065102.999;UNIX.mode=0775; source", + " /no/facts", // no facts + "Type=; /empty/fact", + "Size=; /empty/size", + " Type=cdir;Modify=20141022065102;UNIX.mode=0775; /leading/space", // leading space before facts => it's a file name! + " ", // pathname of space + }; + + @Test + public void testBadListing() { + MLSxEntryParser parser = new MLSxEntryParser(); + for (String test : badsamples) { + try { + FTPFile f = parser.parseFTPEntry(test); + assertNull(nullFileOrNullDate(f), "Should have Failed to parse <" + test + ">"); + } catch (DateTimeParseException e) { + // + } + } + } + + private FTPFile nullFileOrNullDate(FTPFile f) { + return f; + } + + @Test + public void testGoodListing() { + MLSxEntryParser parser = new MLSxEntryParser(); + for (String test : goodsamples) { + FTPFile f = parser.parseFTPEntry(test); + assertNotNull(f, "Failed to parse " + test); + } + } + + @Test + public void testDefaultPrecision() { + testPrecision("Type=dir;Modify=20141022065102;UNIX.mode=0775; source", + EnumSet.of(ChronoUnit.SECONDS, ChronoUnit.MINUTES, ChronoUnit.HOURS, ChronoUnit.DAYS)); + } + + @Test + public void testRecentPrecision() { + testPrecision("Type=dir;Modify=20141022065102.999;UNIX.mode=0775; source", + EnumSet.of(ChronoUnit.MILLIS)); + } + + private void testPrecision(String listEntry, EnumSet units) { + MLSxEntryParser parser = new MLSxEntryParser(); + FTPFile file = parser.parseFTPEntry(listEntry); + assertNotNull(file, "Could not parse " + listEntry); + ZonedDateTime zonedDateTime = file.getTimestamp(); + assertNotNull(zonedDateTime, "Failed to parse time in " + listEntry); + for (ChronoUnit unit : units) { + assertTrue(zonedDateTime.isSupported(unit), "Expected set " + unit + " in " + listEntry); + } + } +} diff --git a/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/MVSFTPEntryParserTest.java b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/MVSFTPEntryParserTest.java new file mode 100644 index 0000000..9fa4874 --- /dev/null +++ b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/MVSFTPEntryParserTest.java @@ -0,0 +1,206 @@ +package org.xbib.io.ftp.client.parser; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; +import org.junit.jupiter.api.Test; +import org.xbib.io.ftp.client.FTPFile; +import java.time.format.DateTimeParseException; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +public class MVSFTPEntryParserTest { + + private static final String[] goodsamplesDatasetList = { + /* Note, if the string begins with SAVE, the parsed entry is stored in the List saveftpfiles */ + // "Volume Unit Referred Ext Used Recfm Lrecl BlkSz Dsorg Dsname", + "SAVE00 3390 2004/06/23 1 1 FB 128 6144 PS INCOMING.RPTBM023.D061704", + "SAVE01 3390 2004/06/23 1 1 FB 128 6144 PO INCOMING.RPTBM024.D061704", + "SAVE02 3390 2004/06/23 1 1 FB 128 6144 PO-E INCOMING.RPTBM025.D061704", + "PSMLC1 3390 2005/04/04 1 1 VB 27994 27998 PS file3.I", + "PSMLB9 3390 2005/04/04 1 1 VB 27994 27998 PS file4.I.BU", + "PSMLB6 3390 2005/04/05 1 1 VB 27994 27998 PS file3.I.BU", + "PSMLC6 3390 2005/04/05 1 1 VB 27994 27998 PS file6.I", + "PSMLB7 3390 2005/04/04 1 1 VB 27994 27998 PS file7.O", + "PSMLC6 3390 2005/04/05 1 1 VB 27994 27998 PS file7.O.BU", + "FPFS49 3390 2004/06/23 1 1 FB 128 6144 PO-E INCOMING.RPTBM026.D061704", + "FPFS41 3390 2004/06/23 1 1 FB 128 6144 PS INCOMING.RPTBM056.D061704", + "FPFS25 3390 2004/06/23 1 1 FB 128 6144 PS INCOMING.WTM204.D061704", + "PEX26F 3390 2017/07/03 115807 FB 29600 29600 PS INCOMING.FIN.D170630.T160630", + }; + + private static final String[] goodsamplesMemberList = { + /* Note, if the string begins with SAVE, the parsed entry is stored in the List saveftpfiles */ + "Name VV.MM Created Changed Size Init Mod Id", + "SAVE03 01.03 2002/09/12 2002/10/11 09:37 11 11 0 KIL001", + "SAVE04 ", // no statistics + "TBSHELF1 01.03 2002/09/12 2002/10/11 09:37 11 11 0 KIL001", + "TBSHELF2 01.03 2002/09/12 2002/10/11 09:37 11 11 0 KIL001", + "TBSHELF3 01.03 2002/09/12 2002/10/11 09:37 11 11 0 KIL001", + "TBSHELF4 01.03 2002/09/12 2002/10/11 09:37 11 11 0 KIL001",}; + + private static final String[] goodsamplesJES1List = { /* no header for JES1 (JES Interface level 1) */ + /* Note, if the string begins with SAVE, the parsed entry is stored in the List saveftpfiles */ + "IBMUSER1 JOB01906 OUTPUT 3 Spool Files",}; + + private static final String[] goodsamplesJES2List = { /* JES2 (JES Interface level 2) */ + /* Note, if the string begins with SAVE, the parsed entry is stored in the List saveftpfiles */ + //"JOBNAME JOBID OWNER STATUS CLASS", + "IBMUSER2 JOB01906 IBMUSER OUTPUT A RC=0000 3 spool files", + "IBMUSER TSU01830 IBMUSER OUTPUT TSU ABEND=522 3 spool files",}; + + private static final String[] goodsamplesUnixList = { + "total 1234", + "-rwxr-xr-x 2 root root 4096 Mar 2 15:13 zxbox", + "drwxr-xr-x 2 root root 4096 Aug 24 2001 zxjdbc", + }; + + private static final String[] badsamples = { + "MigratedP201.$FTXPBI1.$CF2ITB.$AAB0402.I", + "PSMLC133902005/04/041VB2799427998PSfile1.I", "file2.O",}; + + @Test + public void testFirstGoodListing() { + MVSFTPEntryParser parser = new MVSFTPEntryParser(); + parser.setType(MVSFTPEntryParser.FILE_LIST_TYPE); + parser.setRegex(MVSFTPEntryParser.FILE_LIST_REGEX); + for (String test : goodsamplesDatasetList) { + FTPFile f = parser.parseFTPEntry(test); + assertNotNull(f, "Failed to parse " + test); + doAdditionalGoodTests(test, f); + } + } + + @Test + public void testBadListing() { + MVSFTPEntryParser parser = new MVSFTPEntryParser(); + for (String test : badsamples) { + try { + FTPFile f = parser.parseFTPEntry(test); + assertNull(nullFileOrNullDate(f), "Should have Failed to parse <" + test + ">"); + } catch (DateTimeParseException e) { + // + } + } + } + + private FTPFile nullFileOrNullDate(FTPFile f) { + if (f == null) { + return null; + } + if (f.getTimestamp() == null) { + return null; + } + return f; + } + + @Test + public void testGoodListing() { + MVSFTPEntryParser parser = new MVSFTPEntryParser(); + parser.setType(MVSFTPEntryParser.FILE_LIST_TYPE); + parser.setRegex(MVSFTPEntryParser.FILE_LIST_REGEX); + for (String test : goodsamplesDatasetList) { + FTPFile f = parser.parseFTPEntry(test); + assertNotNull(f, "Failed to parse " + test); + } + } + + @Test + public void testMemberListing() { + MVSFTPEntryParser parser = new MVSFTPEntryParser(); + parser.setType(MVSFTPEntryParser.MEMBER_LIST_TYPE); + parser.setRegex(MVSFTPEntryParser.MEMBER_LIST_REGEX); + for (String test : goodsamplesMemberList) { + FTPFile f = parser.parseFTPEntry(test); + assertNotNull(f, "Failed to parse " + test); + doAdditionalGoodTests(test, f); + } + } + + @Test + public void testJesLevel1Listing() { + MVSFTPEntryParser parser = new MVSFTPEntryParser(); + parser.setType(MVSFTPEntryParser.JES_LEVEL_1_LIST_TYPE); + parser.setRegex(MVSFTPEntryParser.JES_LEVEL_1_LIST_REGEX); + for (String test : goodsamplesJES1List) { + FTPFile f = parser.parseFTPEntry(test); + assertNotNull(f, "Failed to parse " + test); + doAdditionalGoodTests(test, f); + } + } + + @Test + public void testJesLevel2Listing() { + MVSFTPEntryParser parser = new MVSFTPEntryParser(); + parser.setType(MVSFTPEntryParser.JES_LEVEL_2_LIST_TYPE); + parser.setRegex(MVSFTPEntryParser.JES_LEVEL_2_LIST_REGEX); + for (String test : goodsamplesJES2List) { + FTPFile f = parser.parseFTPEntry(test); + assertNotNull(f, "Failed to parse " + test); + doAdditionalGoodTests(test, f); + } + } + + @Test + public void testUnixListings() { + MVSFTPEntryParser parser = new MVSFTPEntryParser(); + List list = new ArrayList(); + Collections.addAll(list, goodsamplesUnixList); + parser.preParse(list); + for (String test : list) { + FTPFile f = parser.parseFTPEntry(test); + assertNotNull(f, "Failed to parse " + test); + assertNotNull(f.getName(), "Failed to parse name " + test); + assertNotNull(f.getGroup(), "Failed to parse group " + test); + assertNotNull(f.getUser(), "Failed to parse user " + test); + } + } + + @Test + public void testParseFieldsOnDirectory() throws Exception { + MVSFTPEntryParser parser = new MVSFTPEntryParser(); + parser.setType(MVSFTPEntryParser.FILE_LIST_TYPE); + parser.setRegex(MVSFTPEntryParser.FILE_LIST_REGEX); + FTPFile file = parser.parseFTPEntry("SAVE01 3390 2004/06/23 1 1 FB 128 6144 PO INCOMING.RPTBM024.D061704"); + assertNotNull(file, "Could not parse entry."); + assertTrue(file.isDirectory(), "Should have been a directory."); + assertEquals("INCOMING.RPTBM024.D061704", file.getName()); + file = parser.parseFTPEntry("SAVE02 3390 2004/06/23 1 1 FB 128 6144 PO-E INCOMING.RPTBM025.D061704"); + assertNotNull(file, "Could not parse entry."); + assertTrue(file.isDirectory(), "Should have been a directory."); + assertEquals("INCOMING.RPTBM025.D061704", file.getName()); + } + + @Test + public void testParseFieldsOnFile() throws Exception { + FTPFile file ; + MVSFTPEntryParser parser = new MVSFTPEntryParser(); + parser.setRegex(MVSFTPEntryParser.FILE_LIST_REGEX); + parser.setType(MVSFTPEntryParser.FILE_LIST_TYPE); + file = parser.parseFTPEntry("SAVE00 3390 2004/06/23 1 1 FB 128 6144 PS INCOMING.RPTBM023.D061704"); + assertNotNull(file, "Could not parse entry."); + assertTrue(file.isFile(), "Should have been a file."); + assertEquals("INCOMING.RPTBM023.D061704", file.getName()); + assertNull(file.getTimestamp(), "Timestamp should not have been set."); + parser.setType(MVSFTPEntryParser.MEMBER_LIST_TYPE); + parser.setRegex(MVSFTPEntryParser.MEMBER_LIST_REGEX); + file = parser.parseFTPEntry("SAVE03 01.03 2002/09/12 2002/10/11 09:37 11 11 0 KIL001"); + assertNotNull(file, "Could not parse entry."); + assertTrue(file.isFile(), "Should have been a file."); + assertEquals("SAVE03", file.getName()); + assertNotNull(file.getTimestamp(), "Timestamp should have been set."); + file = parser.parseFTPEntry("SAVE04 "); + assertNotNull(file, "Could not parse entry."); + assertTrue(file.isFile(), "Should have been a file."); + assertEquals("SAVE04", file.getName()); + assertNull(file.getTimestamp(), "Timestamp should not have been set."); + } + + private void doAdditionalGoodTests(String test, FTPFile f) { + assertNotNull(f.getRawListing(), "Could not parse raw listing in " + test); + assertNotNull(f.getName(), "Could not parse name in " + test); + // some tests don't produce any further details + } +} diff --git a/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/MacOsPeterFTPEntryParserTest.java b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/MacOsPeterFTPEntryParserTest.java new file mode 100644 index 0000000..5fa17af --- /dev/null +++ b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/MacOsPeterFTPEntryParserTest.java @@ -0,0 +1,143 @@ +package org.xbib.io.ftp.client.parser; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; +import org.junit.jupiter.api.Test; +import org.xbib.io.ftp.client.FTPFile; +import java.time.Month; +import java.time.Year; +import java.time.ZoneId; +import java.time.ZonedDateTime; +import java.time.format.DateTimeParseException; +import java.time.temporal.ChronoUnit; +import java.util.EnumSet; + +public class MacOsPeterFTPEntryParserTest { + + private static final String[] badsamples = { + "drwxr-xr-x 123 folder 0 Jan 4 14:49 Steak", + }; + + private static final String[] goodsamples = { + "-rw-r--r-- 54149 27826 81975 Jul 22 2010 09.jpg", + "drwxr-xr-x folder 0 Jan 4 14:51 Alias_to_Steak", + "-rw-r--r-- 78440 49231 127671 Jul 22 2010 Filename with whitespace.jpg", + "-rw-r--r-- 78440 49231 127671 Jul 22 14:51 Filename with whitespace.jpg", + "-rw-r--r-- 0 108767 108767 Jul 22 2010 presentation03.jpg", + "-rw-r--r-- 58679 60393 119072 Jul 22 2010 presentation04.jpg", + "-rw-r--r-- 82543 51433 133976 Jul 22 2010 presentation06.jpg", + "-rw-r--r-- 83616 1430976 1514592 Jul 22 2010 presentation10.jpg", + "-rw-r--r-- 0 66990 66990 Jul 22 2010 presentation11.jpg", + "drwxr-xr-x folder 0 Jan 4 14:49 Steak", + "-rwx------ 0 12713 12713 Jul 8 2009 Twitter_Avatar.png", + }; + + @Test + public void testBadListing() { + MacOsPeterFTPEntryParser parser = new MacOsPeterFTPEntryParser(); + for (String test : badsamples) { + try { + FTPFile f = parser.parseFTPEntry(test); + assertNull(nullFileOrNullDate(f), "Should have Failed to parse <" + test + ">"); + } catch (DateTimeParseException e) { + // + } + } + } + + private FTPFile nullFileOrNullDate(FTPFile f) { + if (f == null) { + return null; + } + if (f.getTimestamp() == null) { + return null; + } + return f; + } + + @Test + public void testGoodListing() { + MacOsPeterFTPEntryParser parser = new MacOsPeterFTPEntryParser(); + for (String test : goodsamples) { + FTPFile f = parser.parseFTPEntry(test); + assertNotNull(f, "Failed to parse " + test); + } + } + @Test + public void testParseFieldsOnDirectory() throws Exception { + MacOsPeterFTPEntryParser parser = new MacOsPeterFTPEntryParser(); + FTPFile f = parser.parseFTPEntry("drwxr-xr-x folder 0 Mar 2 15:13 Alias_to_Steak"); + assertNotNull(f, "Could not parse entry."); + assertTrue(f.isDirectory(), "Should have been a directory."); + checkPermissions(f); + assertEquals(0, f.getHardLinkCount()); + assertNull(f.getUser()); + assertNull(f.getGroup()); + assertEquals(0, f.getSize()); + assertEquals("Alias_to_Steak", f.getName()); + ZonedDateTime zonedDateTime = ZonedDateTime.of(Year.now().getValue(), + Month.MARCH.getValue(), 2, 15, 13, 0, 0, ZoneId.of("UTC")); + if (zonedDateTime.isAfter(ZonedDateTime.now())) { + zonedDateTime = zonedDateTime.minusYears(1); + } + assertEquals(zonedDateTime, f.getTimestamp()); + } + + @Test + public void testParseFieldsOnFile() throws Exception { + MacOsPeterFTPEntryParser parser = new MacOsPeterFTPEntryParser(); + FTPFile f = parser.parseFTPEntry("-rwxr-xr-x 78440 49231 127671 Jul 2 14:51 Filename with whitespace.jpg"); + assertNotNull(f, "Could not parse entry."); + assertTrue(f.isFile(), "Should have been a file."); + checkPermissions(f); + assertEquals(0, f.getHardLinkCount()); + assertNull(f.getUser()); + assertNull(f.getGroup()); + assertEquals("Filename with whitespace.jpg", f.getName()); + assertEquals(127671L, f.getSize()); + ZonedDateTime zonedDateTime = ZonedDateTime.of(Year.now().getValue(), + Month.JULY.getValue(), 2, 14, 51, 0, 0, ZoneId.of("UTC")); + if (zonedDateTime.isAfter(ZonedDateTime.now())) { + zonedDateTime = zonedDateTime.minusYears(1); + } + assertEquals(zonedDateTime, f.getTimestamp()); + } + + private void checkPermissions(FTPFile f) { + assertTrue(f.hasPermission(FTPFile.USER_ACCESS, FTPFile.READ_PERMISSION), "Should have user read permission."); + assertTrue(f.hasPermission(FTPFile.USER_ACCESS, FTPFile.WRITE_PERMISSION), "Should have user write permission."); + assertTrue(f.hasPermission(FTPFile.USER_ACCESS, FTPFile.EXECUTE_PERMISSION), "Should have user execute permission."); + assertTrue(f.hasPermission(FTPFile.GROUP_ACCESS, FTPFile.READ_PERMISSION), "Should have group read permission."); + assertFalse(f.hasPermission(FTPFile.GROUP_ACCESS, FTPFile.WRITE_PERMISSION), "Should NOT have group write permission."); + assertTrue(f.hasPermission(FTPFile.GROUP_ACCESS, FTPFile.EXECUTE_PERMISSION), "Should have group execute permission."); + assertTrue(f.hasPermission(FTPFile.WORLD_ACCESS, FTPFile.READ_PERMISSION),"Should have world read permission."); + assertFalse(f.hasPermission(FTPFile.WORLD_ACCESS, FTPFile.WRITE_PERMISSION), "Should NOT have world write permission."); + assertTrue(f.hasPermission(FTPFile.WORLD_ACCESS, FTPFile.EXECUTE_PERMISSION), "Should have world execute permission."); + } + + @Test + public void testDefaultPrecision() { + testPrecision("-rw-r--r-- 78440 49231 127671 Jul 22 2010 Filename with whitespace.jpg", + EnumSet.of(ChronoUnit.DAYS)); + } + + @Test + public void testRecentPrecision() { + testPrecision("-rw-r--r-- 78440 49231 127671 Jul 22 14:51 Filename with whitespace.jpg", + EnumSet.of(ChronoUnit.MINUTES, ChronoUnit.HOURS, ChronoUnit.DAYS, ChronoUnit.YEARS)); + } + + private void testPrecision(String listEntry, EnumSet units) { + MacOsPeterFTPEntryParser parser = new MacOsPeterFTPEntryParser(); + FTPFile file = parser.parseFTPEntry(listEntry); + assertNotNull(file, "Could not parse " + listEntry); + ZonedDateTime zonedDateTime = file.getTimestamp(); + assertNotNull(zonedDateTime, "Failed to parse time in " + listEntry); + for (ChronoUnit unit : units) { + assertTrue(zonedDateTime.isSupported(unit), "Expected set " + unit + " in " + listEntry); + } + } +} diff --git a/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/NTFTPEntryParserTest.java b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/NTFTPEntryParserTest.java new file mode 100644 index 0000000..495db3b --- /dev/null +++ b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/NTFTPEntryParserTest.java @@ -0,0 +1,348 @@ +package org.xbib.io.ftp.client.parser; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; +import org.junit.jupiter.api.Disabled; +import org.junit.jupiter.api.Test; +import org.xbib.io.ftp.client.FTPFile; +import org.xbib.io.ftp.client.FTPFileEntryParser; +import org.xbib.io.ftp.client.FTPListParseEngine; +import java.io.ByteArrayInputStream; +import java.time.ZoneId; +import java.time.ZonedDateTime; +import java.time.format.DateTimeFormatter; +import java.time.format.DateTimeParseException; +import java.time.temporal.ChronoUnit; +import java.util.EnumSet; +import java.util.Locale; + +@Disabled +public class NTFTPEntryParserTest { + + private static final String[][] goodsamples = { + { // DOS-style tests + "05-26-95 10:57AM 143712 $LDR$", + "05-20-97 03:31PM 681 .bash_history", + "12-05-96 05:03PM

    absoft2", + "11-14-97 04:21PM 953 AUDITOR3.INI", + "05-22-97 08:08AM 828 AUTOEXEC.BAK", + "01-22-98 01:52PM 795 AUTOEXEC.BAT", + "05-13-97 01:46PM 828 AUTOEXEC.DOS", + "12-03-96 06:38AM 403 AUTOTOOL.LOG", + "12-03-96 06:38AM 123xyz", + "01-20-97 03:48PM bin", + "05-26-1995 10:57AM 143712 $LDR$", + // 24hr clock as used on Windows_CE + "12-05-96 17:03 absoft2", + "05-22-97 08:08 828 AUTOEXEC.BAK", + "01-01-98 05:00 Network", + "01-01-98 05:00 StorageCard", + "09-13-10 20:08 Recycled", + "09-06-06 19:00 69 desktop.ini", + "09-13-10 13:08 23 Control Panel.lnk", + "09-13-10 13:08 My Documents", + "09-13-10 13:08 Program Files", + "09-13-10 13:08 Temp", + "09-13-10 13:08 Windows", + }, + { // Unix-style tests + "-rw-r--r-- 1 root root 111325 Apr 27 2001 zxJDBC-2.0.1b1.tar.gz", + "-rw-r--r-- 1 root root 190144 Apr 27 2001 zxJDBC-2.0.1b1.zip", + "-rwxr-xr-x 2 500 500 166 Nov 2 2001 73131-testtes1.afp", + "-rw-r--r-- 1 500 500 166 Nov 9 2001 73131-testtes1.AFP", + "drwx------ 4 maxm Domain Users 512 Oct 2 10:59 .metadata", + } + }; + + @Test + public void testConsistentListing() { + CompositeFileEntryParser parser = new CompositeFileEntryParser(new FTPFileEntryParser[]{new NTFTPEntryParser(), new UnixFTPEntryParser()}); + for (String[] goodsample : goodsamples) { + for (String test : goodsample) { + FTPFile f = parser.parseFTPEntry(test); + assertNotNull(f, "Failed to parse " + test); + doAdditionalGoodTests(test, f); + } + } + } + + @Test + public void testInconsistentListing() { + CompositeFileEntryParser parser = new CompositeFileEntryParser(new FTPFileEntryParser[]{new NTFTPEntryParser(), new UnixFTPEntryParser()}); + for (int i = 0; i < goodsamples.length; i++) { + String test = goodsamples[i][0]; + FTPFile f = parser.parseFTPEntry(test); + switch (i) { + case 0: + assertNotNull(f, "Failed to parse " + test); + break; + case 1: + assertNull(f, "Should have failed to parse " + test); + break; + } + } + } + + private static final String[][] badsamples = { + { // DOS-style tests + // "20-05-97 03:31PM 681 .bash_history", + // " 0 DIR 05-19-97 12:56 local", + // " 0 DIR 05-12-97 16:52 Maintenance Desktop", + }, + { // Unix-style tests + "drwxr-xr-x 2 root 99 4096Feb 23 30:01 zzplayer", + } + }; + + @Test + public void testBadListing() { + CompositeFileEntryParser parser = new CompositeFileEntryParser(new FTPFileEntryParser[]{new NTFTPEntryParser(), new UnixFTPEntryParser()}); + for (String[] badsample : badsamples) { + for (String test : badsample) { + try { + FTPFile f = parser.parseFTPEntry(test); + assertNull(nullFileOrNullDate(f), "Should have Failed to parse " + test); + //doAdditionalBadTests(test, f); + } catch (DateTimeParseException e) { + // + } + } + } + } + + private FTPFile nullFileOrNullDate(FTPFile f) { + if (f == null) { + return null; + } + if (f.getTimestamp() == null) { + return null; + } + return f; + } + + + private static final String directoryBeginningWithNumber = + "12-03-96 06:38AM 123xyz"; + + @Test + public void testParseFieldsOnDirectory() throws Exception { + CompositeFileEntryParser parser = new CompositeFileEntryParser(new FTPFileEntryParser[]{new NTFTPEntryParser(), new UnixFTPEntryParser()}); + FTPFile dir = parser.parseFTPEntry("12-05-96 05:03PM absoft2"); + assertNotNull(dir, "Could not parse entry."); + assertNotNull(dir.getTimestamp(), "Could not parse time"); + assertEquals("Thu Dec 05 17:03:00 1996", dir.getTimestamp().format(df)); + assertTrue(dir.isDirectory(), "Should have been a directory."); + assertEquals("absoft2", dir.getName()); + assertEquals(0, dir.getSize()); + dir = parser.parseFTPEntry("12-03-96 06:38AM 123456"); + assertNotNull(dir, "Could not parse entry."); + assertTrue(dir.isDirectory(), "Should have been a directory."); + assertEquals("123456", dir.getName()); + assertEquals(0, dir.getSize()); + } + + @Test + public void testParseLeadingDigits() { + CompositeFileEntryParser parser = new CompositeFileEntryParser(new FTPFileEntryParser[]{new NTFTPEntryParser(), new UnixFTPEntryParser()}); + FTPFile file = parser.parseFTPEntry("05-22-97 12:08AM 5000000000 10 years and under"); + assertNotNull(file, "Could not parse entry"); + assertEquals("10 years and under", file.getName()); + assertEquals(5000000000L, file.getSize()); + assertNotNull(file.getTimestamp(), "Could not parse time"); + assertEquals("Thu May 22 00:08:00 1997", file.getTimestamp().format(df)); + FTPFile dir = parser.parseFTPEntry("12-03-96 06:38PM 10 years and under"); + assertNotNull(dir, "Could not parse entry"); + assertEquals("10 years and under", dir.getName()); + assertNotNull(dir.getTimestamp(), "Could not parse time"); + assertEquals("Tue Dec 03 18:38:00 1996", dir.getTimestamp().format(df)); + } + + @Test + public void testNET339() { + CompositeFileEntryParser parser = new CompositeFileEntryParser(new FTPFileEntryParser[]{new NTFTPEntryParser(), new UnixFTPEntryParser()}); + FTPFile file = parser.parseFTPEntry("05-22-97 12:08 5000000000 10 years and under"); + assertNotNull(file, "Could not parse entry"); + assertEquals("10 years and under", file.getName()); + assertEquals(5000000000L, file.getSize()); + assertNotNull(file.getTimestamp(), "Could not parse time"); + assertEquals("Thu May 22 12:08:00 1997", file.getTimestamp().format(df)); + FTPFile dir = parser.parseFTPEntry("12-03-96 06:38 10 years and under"); + assertNotNull(dir, "Could not parse entry"); + assertEquals("10 years and under", dir.getName()); + assertNotNull(dir.getTimestamp(), "Could not parse time"); + assertEquals("Tue Dec 03 06:38:00 1996", dir.getTimestamp().format(df)); + } + + @Test + public void testParseFieldsOnFile() throws Exception { + CompositeFileEntryParser parser = new CompositeFileEntryParser(new FTPFileEntryParser[]{new NTFTPEntryParser(), new UnixFTPEntryParser()}); + FTPFile f = parser.parseFTPEntry("05-22-97 12:08AM 5000000000 AUTOEXEC.BAK"); + assertNotNull(f, "Could not parse entry."); + assertNotNull(f.getTimestamp(), "Could not parse timestamp"); + assertEquals("Thu May 22 00:08:00 1997", f.getTimestamp().format(df)); + assertTrue(f.isFile(), "Should have been a file."); + assertEquals("AUTOEXEC.BAK", f.getName()); + assertEquals(5000000000L, f.getSize()); + f = parser.parseFTPEntry("-rw-rw-r-- 1 mqm mqm 17707 Mar 12 3:33 killmq.sh.log"); + assertNotNull(f, "Could not parse entry."); + assertEquals(3, f.getTimestamp().getHour()); + assertTrue(f.isFile(), "Should have been a file."); + assertEquals(17707, f.getSize()); + } + + static final DateTimeFormatter df = DateTimeFormatter + .ofPattern("EEE MMM dd HH:mm:ss yyyy") + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.US); + + + @Test + protected void doAdditionalGoodTests(String test, FTPFile f) { + if (test.contains("")) { + assertEquals(FTPFile.DIRECTORY_TYPE, f.getType(), "directory.type"); + } + } + + /* + * test condition reported as bug 20259 - now NET-106. + * directory with name beginning with a numeric character + * was not parsing correctly + */ + @Test + public void testDirectoryBeginningWithNumber() throws Exception { + CompositeFileEntryParser parser = new CompositeFileEntryParser(new FTPFileEntryParser[]{new NTFTPEntryParser(), new UnixFTPEntryParser()}); + FTPFile f = parser.parseFTPEntry(directoryBeginningWithNumber); + assertEquals("name", "123xyz", f.getName()); + } + + @Test + public void testDirectoryBeginningWithNumberFollowedBySpaces() throws Exception { + CompositeFileEntryParser parser = new CompositeFileEntryParser(new FTPFileEntryParser[]{new NTFTPEntryParser(), new UnixFTPEntryParser()}); + FTPFile f = parser.parseFTPEntry("12-03-96 06:38AM 123 xyz"); + assertEquals("name", "123 xyz", f.getName()); + f = parser.parseFTPEntry("12-03-96 06:38AM 123 abc xyz"); + assertNotNull(f); + assertEquals("name", "123 abc xyz", f.getName()); + } + + @Test + public void testGroupNameWithSpaces() { + CompositeFileEntryParser parser = new CompositeFileEntryParser(new FTPFileEntryParser[]{new NTFTPEntryParser(), new UnixFTPEntryParser()}); + FTPFile f = parser.parseFTPEntry("drwx------ 4 maxm Domain Users 512 Oct 2 10:59 .metadata"); + assertNotNull(f); + assertEquals("maxm", f.getUser()); + assertEquals("Domain Users", f.getGroup()); + } + + // byte -123 when read using ISO-8859-1 encoding becomes 0X85 line terminator + private static final byte[] listFilesByteTrace = { + 48, 57, 45, 48, 52, 45, 49, 51, 32, 32, 48, 53, 58, 53, 49, 80, 77, + 32, 32, 32, 32, 32, 32, 32, 60, 68, 73, 82, 62, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, + 97, 115, 112, 110, 101, 116, 95, 99, 108, 105, 101, 110, 116, + 13, 10, // 1 + 48, 55, 45, 49, 55, 45, 49, 51, 32, 32, 48, 50, 58, 53, 52, 80, 77, + 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 50, 32, + 65, 95, 113, 117, 105, 99, 107, 95, 98, 114, 111, 119, 110, 95, 102, 111, 120, 95, 106, 117, 109, 112, 115, + 95, 111, 118, 101, 114, 95, 116, 104, 101, 95, 108, 97, 122, 121, 95, 100, 111, 103, + 13, 10, // 2 + 48, 55, 45, 49, 55, 45, 49, 51, 32, 32, 48, 50, 58, 49, 55, 80, 77, + 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 51, 32, + 120, -127, -123, 121, + 13, 10, // 3 + 48, 55, 45, 49, 55, 45, 49, 51, 32, 32, 48, 49, 58, 52, 57, 80, 77, + 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 52, 32, + -126, -28, -126, -83, -119, -51, -126, -52, -105, -84, -126, -22, -126, -51, + -112, -30, -126, -90, -126, -72, -126, -75, -126, -60, -127, 65, -126, -75, -126, -87, -126, -32, -126, + -32, -126, -58, -126, -52, -112, -123, -126, -55, -126, -96, -126, -25, -126, -72, 46, 116, 120, 116, + 13, 10, // 4 + 48, 55, 45, 49, 55, 45, 49, 51, 32, 32, 48, 50, 58, 52, 54, 80, 77, + 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 53, 32, + -125, 76, -125, -125, -125, 98, -125, 86, -125, 116, -125, -115, -127, 91, -116, 118, -114, 90, -113, -111, + 13, 10, // 5 + 48, 55, 45, 49, 55, 45, 49, 51, 32, 32, 48, 50, 58, 52, 54, 80, 77, + 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 54, 32, + -125, 76, -125, -125, -125, 98, -125, 86, -125, -123, -125, 116, -125, -115, -127, 91, -116, 118, -114, 90, -113, -111, + 13, 10, // 6 + 48, 55, 45, 49, 55, 45, 49, 51, 32, 32, 48, 49, 58, 52, 57, 80, 77, + 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 55, 32, + -114, 79, -116, -38, -126, -52, -105, -25, 46, 116, 120, 116, + 13, 10, // 7 + 48, 55, 45, 49, 55, 45, 49, 51, 32, 32, 48, 49, 58, 52, 57, 80, 77, + 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 56, 32, + -111, -66, -116, -10, -106, 93, 46, 116, 120, 116, + 13, 10, // 8 + 48, 55, 45, 49, 55, 45, 49, 51, 32, 32, 48, 50, 58, 53, 52, 80, 77, + 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 57, 32, + -113, -84, -106, -20, -106, -123, -114, 113, + 13, 10, // 9 + 48, 55, 45, 49, 55, 45, 49, 51, 32, 32, 48, 49, 58, 52, 57, 80, 77, + 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 49, 48, 32, + -119, -28, -109, 99, -118, -108, -114, -82, -119, -17, -114, -48, -120, -8, -112, -123, -108, 95, -117, -58, 46, 80, 68, 70, + 13, 10, // 10 + 48, 55, 45, 49, 55, 45, 49, 51, 32, 32, 48, 50, 58, 49, 49, 80, 77, + 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 49, 49, 32, + -112, -124, -99, -56, 46, 116, 120, 116, + 13, 10, // 11 + 48, 55, 45, 49, 55, 45, 49, 51, 32, 32, 48, 50, 58, 52, 51, 80, 77, + 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 49, 50, 32, + -117, -76, -116, -123, + 13, 10, // 12 + 48, 55, 45, 49, 55, 45, 49, 51, 32, 32, 48, 50, 58, 49, 50, 80, 77, + 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 49, 51, 32, + -114, -107, -111, -123, -108, 94, -104, 82, + 13, 10, //13 + 48, 55, 45, 48, 51, 45, 49, 51, 32, 32, 48, 50, 58, 51, 53, 80, 77, + 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 49, 52, 32, + -112, -123, -117, -101, -126, -52, -116, -16, -126, -19, -126, -24, 46, 116, 120, 116, + 13, 10, // 14 + 48, 55, 45, 49, 55, 45, 49, 51, 32, 32, 48, 50, 58, 49, 50, 80, 77, + 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 49, 53, 32, + -114, -123, -117, -101, -112, -20, + 13, 10, //15 + 48, 55, 45, 49, 55, 45, 49, 51, 32, 32, 48, 49, 58, 52, 57, 80, 77, + 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 49, 54, 32, + -107, -94, -112, -123, -106, 126, -126, -55, -107, -44, -126, -25, -126, -72, 46, 116, 120, 116, + 13, 10 // 16 + }; + + private static final int LISTFILE_COUNT = 16; + + private int testNET516(String charset) throws Exception { + FTPFileEntryParser parser = new NTFTPEntryParser(); + FTPListParseEngine engine = new FTPListParseEngine(parser); + engine.readServerList(new ByteArrayInputStream(listFilesByteTrace), charset); + FTPFile[] ftpfiles = engine.getFiles(); + return ftpfiles.length; + } + + @Test + public void testNET516() throws Exception { + int utf = testNET516("UTF-8"); + assertEquals(LISTFILE_COUNT, utf); + int ascii = testNET516("ASCII"); + assertEquals(LISTFILE_COUNT, ascii); + int iso8859_1 = testNET516("ISO-8859-1"); + assertEquals(LISTFILE_COUNT, iso8859_1); + } + + @Test + public void testDefaultPrecision() { + testPrecision("05-26-1995 10:57AM 143712 $LDR$", + EnumSet.of(ChronoUnit.MINUTES)); + testPrecision("05-22-97 08:08 828 AUTOEXEC.BAK", + EnumSet.of(ChronoUnit.MINUTES)); + } + + private void testPrecision(String listEntry, EnumSet units) { + FTPFileEntryParser parser = new NTFTPEntryParser(); + FTPFile file = parser.parseFTPEntry(listEntry); + assertNotNull(file, "Could not parse " + listEntry); + ZonedDateTime zonedDateTime = file.getTimestamp(); + assertNotNull(zonedDateTime, "Failed to parse time in " + listEntry); + for (ChronoUnit unit : units) { + assertTrue(zonedDateTime.isSupported(unit), "Expected set " + unit + " in " + listEntry); + } + } +} diff --git a/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/NetwareFTPEntryParserTest.java b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/NetwareFTPEntryParserTest.java new file mode 100644 index 0000000..d35050b --- /dev/null +++ b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/NetwareFTPEntryParserTest.java @@ -0,0 +1,121 @@ +package org.xbib.io.ftp.client.parser; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; +import org.junit.jupiter.api.Test; +import org.xbib.io.ftp.client.FTPFile; +import java.time.Month; +import java.time.Year; +import java.time.ZoneId; +import java.time.ZonedDateTime; +import java.time.format.DateTimeParseException; +import java.time.temporal.ChronoUnit; +import java.util.EnumSet; + +public class NetwareFTPEntryParserTest { + + private static final String[] badsamples = { + "a [-----F--] SCION_SYS 512 Apr 13 23:52 SYS", + "d [----AF--] 0 512 10-04-2001 _ADMIN" + }; + + private static final String[] goodsamples = { + "d [-----F--] SCION_SYS 512 Apr 13 23:52 SYS", + "d [----AF--] 0 512 Feb 22 17:32 _ADMIN", + "d [-W---F--] SCION_VOL2 512 Apr 13 23:12 VOL2", + "- [RWCEAFMS] rwinston 19968 Mar 12 15:20 Executive Summary.doc", + "d [RWCEAFMS] rwinston 512 Nov 24 2005 Favorites" + }; + + @Test + public void testBadListing() { + NetwareFTPEntryParser parser = new NetwareFTPEntryParser(); + for (String test : badsamples) { + try { + FTPFile f = parser.parseFTPEntry(test); + assertNull(nullFileOrNullDate(f), "Should have Failed to parse <" + test + ">"); + } catch (DateTimeParseException e) { + // + } + } + } + + private FTPFile nullFileOrNullDate(FTPFile f) { + if (f == null) { + return null; + } + if (f.getTimestamp() == null) { + return null; + } + return f; + } + + @Test + public void testGoodListing() { + NetwareFTPEntryParser parser = new NetwareFTPEntryParser(); + for (String test : goodsamples) { + FTPFile f = parser.parseFTPEntry(test); + assertNotNull(f, "Failed to parse " + test); + } + } + + @Test + public void testParseFieldsOnDirectory() throws Exception { + NetwareFTPEntryParser parser = new NetwareFTPEntryParser(); + String reply = "d [-W---F--] testUser 512 Apr 13 23:12 testFile"; + FTPFile f = parser.parseFTPEntry(reply); + assertNotNull(f, "Could not parse file"); + assertEquals("testFile", f.getName()); + assertEquals(512L, f.getSize()); + assertEquals("testUser", f.getUser()); + assertTrue(f.isDirectory(), "Directory flag is not set!"); + ZonedDateTime zonedDateTime = ZonedDateTime.of(Year.now().getValue(), + Month.APRIL.getValue(), 13, 23, 12, 0, 0, ZoneId.of("UTC")); + if (zonedDateTime.isAfter(ZonedDateTime.now())) { + zonedDateTime = zonedDateTime.minusYears(1); + } + assertEquals(zonedDateTime, f.getTimestamp()); + } + + @Test + public void testParseFieldsOnFile() throws Exception { + NetwareFTPEntryParser parser = new NetwareFTPEntryParser(); + String reply = "- [R-CEAFMS] rwinston 19968 Mar 12 15:20 Document name with spaces.doc"; + FTPFile f = parser.parseFTPEntry(reply); + assertNotNull(f, "Could not parse file"); + assertEquals("Document name with spaces.doc", f.getName()); + assertEquals(19968L, f.getSize()); + assertEquals("rwinston", f.getUser()); + assertTrue(f.isFile(), "File flag is not set!"); + assertTrue(f.hasPermission(FTPFile.USER_ACCESS, FTPFile.READ_PERMISSION)); + assertFalse(f.hasPermission(FTPFile.USER_ACCESS, FTPFile.WRITE_PERMISSION)); + } + + @Test + public void testDefaultPrecision() { + testPrecision("d [RWCEAFMS] rwinston 512 Nov 24 2005 Favorites", + EnumSet.of(ChronoUnit.DAYS)); + } + + @Test + public void testRecentPrecision() { + testPrecision("- [RWCEAFMS] rwinston 19968 Mar 12 15:20 Executive Summary.doc", + EnumSet.of(ChronoUnit.MINUTES, ChronoUnit.HOURS, ChronoUnit.DAYS)); + } + + private void testPrecision(String listEntry, EnumSet units) { + NetwareFTPEntryParser parser = new NetwareFTPEntryParser(); + FTPFile file = parser.parseFTPEntry(listEntry); + assertNotNull(file, "Could not parse " + listEntry); + ZonedDateTime zonedDateTime = file.getTimestamp(); + assertNotNull(zonedDateTime, "Failed to parse time in " + listEntry); + for (ChronoUnit unit : units) { + assertTrue(zonedDateTime.isSupported(unit), "Expected set " + unit + " in " + listEntry); + } + } +} + + diff --git a/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/OS2FTPEntryParserTest.java b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/OS2FTPEntryParserTest.java new file mode 100644 index 0000000..b930440 --- /dev/null +++ b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/OS2FTPEntryParserTest.java @@ -0,0 +1,128 @@ +package org.xbib.io.ftp.client.parser; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; +import org.junit.jupiter.api.Test; +import org.xbib.io.ftp.client.FTPFile; +import java.time.ZoneId; +import java.time.ZonedDateTime; +import java.time.format.DateTimeFormatter; +import java.time.format.DateTimeParseException; +import java.time.temporal.ChronoUnit; +import java.util.EnumSet; +import java.util.Locale; + +public class OS2FTPEntryParserTest { + + private static final String[] badsamples = { + " DIR 12-30-97 12:32 jbrekke", + " 0 rsa DIR 11-25-97 09:42 junk", + " 0 dir 05-12-97 16:44 LANGUAGE", + " 0 DIR 13-05-97 25:49 MPTN", + "587823 RSA DIR Jan-08-97 13:58 OS2KRNL", + // " 33280 A 1997-02-03 13:49 OS2LDR", + "12-05-96 05:03PM absoft2", + "11-14-97 04:21PM 953 AUDITOR3.INI" + }; + + private static final String[] goodsamples = { + " 0 DIR 12-30-97 12:32 jbrekke", + " 0 DIR 11-25-97 09:42 junk", + " 0 DIR 05-12-97 16:44 LANGUAGE", + " 0 DIR 05-19-97 12:56 local", + " 0 DIR 05-12-97 16:52 Maintenance Desktop", + " 0 DIR 05-13-97 10:49 MPTN", + "587823 RSA DIR 01-08-97 13:58 OS2KRNL", + " 33280 A 02-09-97 13:49 OS2LDR", + " 0 DIR 11-28-97 09:42 PC", + "149473 A 11-17-98 16:07 POPUPLOG.OS2", + " 0 DIR 05-12-97 16:44 PSFONTS", + " 0 DIR 05-19-2000 12:56 local", + }; + + @Test + public void testFirstGoodListing() { + ConfigurableFTPFileEntryParserImpl parser = new OS2FTPEntryParser(); + parser.configure(null); + for (String test : goodsamples) { + FTPFile f = parser.parseFTPEntry(test); + assertNotNull(f, "Failed to parse " + test); + } + } + + @Test + public void testBadListing() { + ConfigurableFTPFileEntryParserImpl parser = new OS2FTPEntryParser(); + parser.configure(null); + for (String test : badsamples) { + try { + FTPFile f = parser.parseFTPEntry(test); + assertNull(nullFileOrNullDate(f), "Should have Failed to parse <" + test + ">"); + } catch (DateTimeParseException e) { + // + } + } + } + + private FTPFile nullFileOrNullDate(FTPFile f) { + if (f == null) { + return null; + } + if (f.getTimestamp() == null) { + return null; + } + return f; + } + @Test + public void testParseFieldsOnDirectory() throws Exception { + ConfigurableFTPFileEntryParserImpl parser = new OS2FTPEntryParser(); + parser.configure(null); + FTPFile dir = parser.parseFTPEntry(" 0 DIR 11-28-97 09:42 PC"); + assertNotNull(dir, "Could not parse entry."); + assertTrue(dir.isDirectory(), "Should have been a directory."); + assertEquals(0, dir.getSize()); + assertEquals("PC", dir.getName()); + assertNotNull(dir.getTimestamp(), "Could not parse time stamp."); + assertEquals("Fri Nov 28 09:42:00 1997", dir.getTimestamp().format(df)); + } + + @Test + public void testParseFieldsOnFile() throws Exception { + ConfigurableFTPFileEntryParserImpl parser = new OS2FTPEntryParser(); + parser.configure(null); + FTPFile file = parser.parseFTPEntry("5000000000 A 11-17-98 16:07 POPUPLOG.OS2"); + assertNotNull(file, "Could not parse entry."); + assertTrue(file.isFile(), "Should have been a file."); + assertEquals(5000000000L, file.getSize()); + assertEquals("POPUPLOG.OS2", file.getName()); + assertNotNull(file.getTimestamp(), "Could not parse time stamp."); + assertEquals("Tue Nov 17 16:07:00 1998", file.getTimestamp().format(df)); + } + + static final DateTimeFormatter df = DateTimeFormatter + .ofPattern("EEE MMM dd HH:mm:ss yyyy") + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.US); + + + @Test + public void testDefaultPrecision() { + testPrecision(" 0 DIR 05-12-97 16:44 PSFONTS", + EnumSet.of(ChronoUnit.MINUTES)); + testPrecision(" 0 DIR 05-19-2000 12:56 local", + EnumSet.of(ChronoUnit.MINUTES)); + } + + private void testPrecision(String listEntry, EnumSet units) { + ConfigurableFTPFileEntryParserImpl parser = new OS2FTPEntryParser(); + FTPFile file = parser.parseFTPEntry(listEntry); + assertNotNull(file, "Could not parse " + listEntry); + ZonedDateTime zonedDateTime = file.getTimestamp(); + assertNotNull(zonedDateTime, "Failed to parse time in " + listEntry); + for (ChronoUnit unit : units) { + assertTrue(zonedDateTime.isSupported(unit), "Expected set " + unit + " in " + listEntry); + } + } +} diff --git a/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/OS400FTPEntryParserAdditionalTest.java b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/OS400FTPEntryParserAdditionalTest.java new file mode 100644 index 0000000..d7ffb09 --- /dev/null +++ b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/OS400FTPEntryParserAdditionalTest.java @@ -0,0 +1,125 @@ +package org.xbib.io.ftp.client.parser; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; +import org.junit.jupiter.api.Test; +import org.xbib.io.ftp.client.FTPFile; +import org.xbib.io.ftp.client.FTPFileEntryParser; + +import java.time.Month; +import java.time.ZoneId; +import java.time.ZonedDateTime; +import java.time.format.DateTimeParseException; + +public class OS400FTPEntryParserAdditionalTest { + + private static final String[][] badsamples = { + { + "QPGMR 135168 04/03/18 13:18:19 *FILE", + "QPGMR 135168 03/24 13:18:19 *FILE", + "QPGMR 135168 04/03/18 30:06:29 *FILE", + "QPGMR 04/03/18 13:18:19 *FILE RPGUNITC1.FILE", + "QPGMR 135168 03/24 13:18:19 *FILE RPGUNITC1.FILE", + "QPGMR 135168 04/03/18 30:06:29 *FILE RPGUNITC1.FILE", + "QPGMR *MEM ", + "QPGMR 135168 04/03/18 13:18:19 *MEM RPGUNITC1.FILE/RUCALLTST.MBR", + "QPGMR 135168 *MEM RPGUNITC1.FILE/RUCALLTST.MBR", + "QPGMR 04/03/18 13:18:19 *MEM RPGUNITC1.FILE/RUCALLTST.MBR", + "QPGMR USR *MEM RPGUNITC1.FILE/RUCALLTST.MBR" + } + }; + + private static final String[][] goodsamples = { + { + "QPGMR *MEM RPGUNITC1.FILE/RUCALLTST.MBR", + "QPGMR 16347136 29.06.13 15:45:09 *FILE RPGUNIT.SAVF" + } + }; + + @Test + public void testConsistentListing() throws Exception { + CompositeFileEntryParser parser = new CompositeFileEntryParser(new FTPFileEntryParser[] { + new OS400FTPEntryParser(), + new UnixFTPEntryParser() + }); + for (String[] goodsample : goodsamples) { + for (String test : goodsample) { + FTPFile f = parser.parseFTPEntry(test); + assertNotNull(f, "Failed to parse " + test); + doAdditionalGoodTests(test, f); + } + } + } + + @Test + public void testBadListing() { + CompositeFileEntryParser parser = new CompositeFileEntryParser(new FTPFileEntryParser[] { + new OS400FTPEntryParser(), + new UnixFTPEntryParser() + }); + for (String[] badsample : badsamples) { + for (String test : badsample) { + try { + FTPFile f = parser.parseFTPEntry(test); + assertNull(nullFileOrNullDate(f), "Should have Failed to parse " + test); + //doAdditionalBadTests(test, f); + } catch (DateTimeParseException e) { + // + } + } + } + } + + private FTPFile nullFileOrNullDate(FTPFile f) { + if (f == null) { + return null; + } + if (f.getTimestamp() == null) { + return null; + } + return f; + } + + @Test + public void testParseFieldsOnDirectory() throws Exception { + CompositeFileEntryParser parser = new CompositeFileEntryParser(new FTPFileEntryParser[] { + new OS400FTPEntryParser(), + new UnixFTPEntryParser() + }); + FTPFile f = parser.parseFTPEntry("PEP 36864 04/03/24 14:06:34 *DIR dir1/"); + assertNotNull(f, "Could not parse entry."); + assertTrue(f.isDirectory(), "Should have been a directory."); + assertEquals("PEP", f.getUser()); + assertEquals("dir1", f.getName()); + assertEquals(36864, f.getSize()); + ZonedDateTime zonedDateTime = ZonedDateTime.of(2004, + Month.MARCH.getValue(), 24, 14, 6, 34, 0, ZoneId.of("UTC")); + assertEquals(zonedDateTime, f.getTimestamp()); + + } + + private void doAdditionalGoodTests(String test, FTPFile f) { + if (test.startsWith("d")) { + assertEquals( FTPFile.DIRECTORY_TYPE, f.getType(), "directory.type"); + } + } + + @Test + public void testParseFieldsOnFile() throws Exception { + CompositeFileEntryParser parser = new CompositeFileEntryParser(new FTPFileEntryParser[] { + new OS400FTPEntryParser(), + new UnixFTPEntryParser() + }); + FTPFile f = parser.parseFTPEntry("PEP 5000000000 04/03/24 14:06:29 *STMF build.xml"); + assertNotNull(f, "Could not parse entry."); + assertTrue(f.isFile(), "Should have been a file."); + assertEquals("PEP", f.getUser()); + assertEquals("build.xml", f.getName()); + assertEquals(5000000000L, f.getSize()); + ZonedDateTime zonedDateTime = ZonedDateTime.of(2004, + Month.MARCH.getValue(), 24, 14, 6, 29, 0, ZoneId.of("UTC")); + assertEquals(zonedDateTime, f.getTimestamp()); + } +} diff --git a/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/OS400FTPEntryParserTest.java b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/OS400FTPEntryParserTest.java new file mode 100644 index 0000000..6812154 --- /dev/null +++ b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/OS400FTPEntryParserTest.java @@ -0,0 +1,186 @@ +package org.xbib.io.ftp.client.parser; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; +import org.junit.jupiter.api.Disabled; +import org.junit.jupiter.api.Test; +import org.xbib.io.ftp.client.FTPClientConfig; +import org.xbib.io.ftp.client.FTPFile; +import org.xbib.io.ftp.client.FTPFileEntryParser; +import java.time.Month; +import java.time.ZoneId; +import java.time.ZonedDateTime; +import java.time.format.DateTimeParseException; +import java.time.temporal.ChronoUnit; +import java.util.EnumSet; + +public class OS400FTPEntryParserTest { + + private static final String[][] badsamples = { + { + "PEP 4019 04/03/18 18:58:16 STMF einladung.zip", + "PEP 422 03/24 14:06:26 *STMF readme", + "PEP 6409 04/03/24 30:06:29 *STMF build.xml", + "PEP USR 36864 04/03/24 14:06:34 *DIR dir1/", + "PEP 3686404/03/24 14:06:47 *DIR zdir2/" + }, + { + "----rwxr-x 1PEP 0 4019 Mar 18 18:58 einladung.zip", + "----rwxr-x 1 PEP 0 xx 422 Mar 24 14:06 readme", + "----rwxr-x 1 PEP 0 8492 Apr 07 30:13 build.xml", + "d---rwxr-x 2 PEP 0 45056Mar 24 14:06 zdir2" + } + }; + + private static final String[][] goodsamples = { + { + "PEP 4019 04/03/18 18:58:16 *STMF einladung.zip", + "PEP 422 04/03/24 14:06:26 *STMF readme", + "PEP 6409 04/03/24 14:06:29 *STMF build.xml", + "PEP 36864 04/03/24 14:06:34 *DIR dir1/", + "PEP 36864 04/03/24 14:06:47 *DIR zdir2/" + }, + { + // "----rwxr-x 1 PEP 0 4019 Mar 18 18:58 einladung.zip", + // "----rwxr-x 1 PEP 0 422 Mar 24 14:06 readme", + // "----rwxr-x 1 PEP 0 8492 Apr 07 07:13 build.xml", + // "d---rwxr-x 2 PEP 0 45056 Mar 24 14:06 dir1", + // "d---rwxr-x 2 PEP 0 45056 Mar 24 14:06 zdir2" + } + }; + + @Test + public void testBadListing() { + CompositeFileEntryParser parser = new CompositeFileEntryParser(new FTPFileEntryParser[]{new OS400FTPEntryParser(), new UnixFTPEntryParser()}); + for (String[] badsample : badsamples) { + for (String test : badsample) { + try { + FTPFile f = parser.parseFTPEntry(test); + assertNull(nullFileOrNullDate(f), "Should have Failed to parse " + test); + //doAdditionalBadTests(test, f); + } catch (DateTimeParseException e) { + // + } + } + } + } + + private FTPFile nullFileOrNullDate(FTPFile f) { + if (f == null) { + return null; + } + if (f.getTimestamp() == null) { + return null; + } + return f; + } + + @Test + public void testConsistentListing() { + CompositeFileEntryParser parser = new CompositeFileEntryParser(new FTPFileEntryParser[]{new OS400FTPEntryParser(), new UnixFTPEntryParser()}); + for (String[] goodsample : goodsamples) { + for (String test : goodsample) { + FTPFile f = parser.parseFTPEntry(test); + assertNotNull(f, "Failed to parse " + test); + doAdditionalGoodTests(test, f); + } + } + } + + @Test + @Disabled + public void testInconsistentListing() { + CompositeFileEntryParser parser = new CompositeFileEntryParser(new FTPFileEntryParser[]{new OS400FTPEntryParser(), new UnixFTPEntryParser()}); + for (int i = 0; i < goodsamples.length; i++) { + String test = goodsamples[i][0]; + FTPFile f = parser.parseFTPEntry(test); + switch (i) { + case 0: + assertNotNull(f, "Failed to parse " + test); + break; + case 1: + assertNull(f, "Should have failed to parse " + test); + break; + } + } + } + + @Test + public void testParseFieldsOnDirectory() { + CompositeFileEntryParser parser = new CompositeFileEntryParser(new FTPFileEntryParser[]{new OS400FTPEntryParser(), new UnixFTPEntryParser()}); + FTPFile f = parser.parseFTPEntry("PEP 36864 04/03/24 14:06:34 *DIR dir1/"); + assertNotNull(f, "Could not parse entry."); + assertTrue(f.isDirectory(), "Should have been a directory."); + assertEquals("PEP", f.getUser()); + assertEquals("dir1", f.getName()); + assertEquals(36864, f.getSize()); + ZonedDateTime zonedDateTime = ZonedDateTime.of(2004, + Month.MARCH.getValue(), 24, 14, 6, 34, 0, ZoneId.of("UTC")); + assertEquals(zonedDateTime, f.getTimestamp()); + } + + private void doAdditionalGoodTests(String test, FTPFile f) { + if (test.startsWith("d")) { + assertEquals(FTPFile.DIRECTORY_TYPE, f.getType(), "directory.type"); + } + } + + @Test + public void testParseFieldsOnFile() throws Exception { + CompositeFileEntryParser parser = new CompositeFileEntryParser(new FTPFileEntryParser[]{new OS400FTPEntryParser(), new UnixFTPEntryParser()}); + FTPFile f = parser.parseFTPEntry("PEP 5000000000 04/03/24 14:06:29 *STMF build.xml"); + assertNotNull(f,"Could not parse entry."); + assertTrue(f.isFile(), "Should have been a file."); + assertEquals("PEP", f.getUser()); + assertEquals("build.xml", f.getName()); + assertEquals(5000000000L, f.getSize()); + ZonedDateTime zonedDateTime = ZonedDateTime.of(2004, + Month.MARCH.getValue(), 24, 14, 6, 29, 0, ZoneId.of("UTC")); + + assertEquals(zonedDateTime, f.getTimestamp()); + } + + @Test + public void testDefaultPrecision() { + testPrecision("PEP 4019 04/03/18 18:58:16 *STMF einladung.zip", + EnumSet.of(ChronoUnit.SECONDS)); + } + + @Test + public void testRecentPrecision() { + testPrecision("----rwxr-x 1 PEP 0 4019 Mar 18 18:58 einladung.zip", + EnumSet.of(ChronoUnit.MINUTES)); + } + + private void testPrecision(String listEntry, EnumSet units) { + CompositeFileEntryParser parser = new CompositeFileEntryParser(new FTPFileEntryParser[]{new OS400FTPEntryParser(), new UnixFTPEntryParser()}); + FTPFile file = parser.parseFTPEntry(listEntry); + assertNotNull(file, "Could not parse " + listEntry); + ZonedDateTime zonedDateTime = file.getTimestamp(); + assertNotNull(zonedDateTime, "Failed to parse time in " + listEntry); + for (ChronoUnit unit : units) { + assertTrue(zonedDateTime.isSupported(unit), "Expected set " + unit + " in " + listEntry); + } + } + + @Test + public void testNET573() { + final FTPClientConfig conf = new FTPClientConfig(FTPClientConfig.SYST_AS400); + conf.setDefaultDateFormatStr("MM/dd/yy HH:mm:ss"); + final FTPFileEntryParser parser = new OS400FTPEntryParser(conf); + FTPFile f = parser.parseFTPEntry("ZFTPDEV 9069 05/20/15 15:36:52 *STMF /DRV/AUDWRKSHET/AUDWRK0204232015114625.PDF"); + assertNotNull(f, "Could not parse entry."); + assertNotNull(f.getTimestamp(), "Could not parse timestamp."); + assertFalse(f.isDirectory(), "Should not have been a directory."); + assertEquals("ZFTPDEV", f.getUser()); + assertEquals("AUDWRK0204232015114625.PDF", f.getName()); + assertEquals(9069, f.getSize()); + ZonedDateTime zonedDateTime = ZonedDateTime.of(2015, + Month.MAY.getValue(), 20, 15, 36, 52, 0, ZoneId.of("UTC")); + assertEquals(zonedDateTime, f.getTimestamp()); + } + +} diff --git a/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/UnixFTPEntryParserTest.java b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/UnixFTPEntryParserTest.java new file mode 100644 index 0000000..d8b74ea --- /dev/null +++ b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/UnixFTPEntryParserTest.java @@ -0,0 +1,407 @@ +package org.xbib.io.ftp.client.parser; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; +import org.junit.jupiter.api.Test; +import org.xbib.io.ftp.client.FTPFile; +import java.time.Month; +import java.time.ZoneId; +import java.time.ZonedDateTime; +import java.time.format.DateTimeParseException; +import java.time.temporal.ChronoUnit; +import java.util.EnumSet; + +public class UnixFTPEntryParserTest { + + private static final String[] badsamples = { + "zrwxr-xr-x 2 root root 4096 Mar 2 15:13 zxbox", + "dxrwr-xr-x 2 root root 4096 Aug 24 2001 zxjdbc", + "drwxr-xr-x 2 root root 4096 Jam 4 00:03 zziplib", + "drwxr-xr-x 2 root 99 4096 Feb 23 30:01 zzplayer", + "drwxr-xr-x 2 root root 4096 Aug 36 2001 zztpp", + "-rw-r--r-- 1 14 staff 80284 Aug 22 zxJDBC-1.2.3.tar.gz", + "-rw-r--r-- 1 14 staff 119:26 Aug 22 2000 zxJDBC-1.2.3.zip", + /*"-rw-r--r-- 1 ftp no group 83853 Jan 22 2001 zxJDBC-1.2.4.tar.gz",*/ + "-rw-r--r-- 1ftp nogroup 126552 Jan 22 2001 zxJDBC-1.2.4.zip", + "-rw-r--r-- 1 root root 190144 2001-04-27 zxJDBC-2.0.1b1.zip", + "-rw-r--r-- 1 root root 111325 Apr -7 18:79 zxJDBC-2.0.1b1.tar.gz"}; + + private static final String[] goodsamples = + { + "-rw-r--r-- 1 500 500 21 Aug 8 14:14 JB3-TES1.gz", + "-rwxr-xr-x 2 root root 4096 Mar 2 15:13 zxbox", + "drwxr-xr-x 2 root root 4096 Aug 24 2001 zxjdbc", + "drwxr-xr-x 2 root root 4096 Jan 4 00:03 zziplib", + "drwxr-xr-x 2 root 99 4096 Feb 23 2001 zzplayer", + "drwxr-xr-x 2 root root 4096 Aug 6 2001 zztpp", + "drwxr-xr-x 1 usernameftp 512 Jan 29 23:32 prog", + "lrw-r--r-- 1 14 14 80284 Aug 22 2000 zxJDBC-1.2.3.tar.gz", + "frw-r--r-- 1 14 staff 119926 Aug 22 2000 zxJDBC-1.2.3.zip", + "crw-r--r-- 1 ftp nogroup 83853 Jan 22 2001 zxJDBC-1.2.4.tar.gz", + "brw-r--r-- 1 ftp nogroup 126552 Jan 22 2001 zxJDBC-1.2.4.zip", + "-rw-r--r-- 1 root root 111325 Apr 27 2001 zxJDBC-2.0.1b1.tar.gz", + "-rw-r--r-- 1 root root 190144 Apr 27 2001 zxJDBC-2.0.1b1.zip", + "-rwxr-xr-x 2 500 500 166 Nov 2 2001 73131-testtes1.afp", + "-rw-r--r-- 1 500 500 166 Nov 9 2001 73131-testtes1.AFP", + "-rw-r--r-- 1 500 500 166 Nov 12 2001 73131-testtes2.afp", + "-rw-r--r-- 1 500 500 166 Nov 12 2001 73131-testtes2.AFP", + "-rw-r--r-- 1 500 500 2040000 Aug 5 07:35 testRemoteUPCopyNIX", + "-rw-r--r-- 1 500 500 2040000 Aug 5 07:31 testRemoteUPDCopyNIX", + "-rw-r--r-- 1 500 500 2040000 Aug 5 07:31 testRemoteUPVCopyNIX", + "-rw-r--r-T 1 500 500 0 Mar 25 08:20 testSticky", + "-rwxr-xr-t 1 500 500 0 Mar 25 08:21 testStickyExec", + "-rwSr-Sr-- 1 500 500 0 Mar 25 08:22 testSuid", + "-rwsr-sr-- 1 500 500 0 Mar 25 08:23 testSuidExec", + "-rwsr-sr-- 1 500 500 0 Mar 25 0:23 testSuidExec2", + "drwxrwx---+ 23 500 500 0 Jan 10 13:09 testACL", + "-rw-r--r-- 1 1 3518644 May 25 12:12 std", + "lrwxrwxrwx 1 neeme neeme 23 Mar 2 18:06 macros -> ./../../global/macros/.", + "-rw-r--r-- 1 ftp group with spaces in it as allowed in cygwin see bug 38634" + + " 83853 Jan 22 2001 zxJDBC-1.2.4.tar.gz", + // Bug 38634 => NET-16 + "crw-r----- 1 root kmem 0, 27 Jan 30 11:42 kmem", //FreeBSD device + "crw------- 1 root sys 109,767 Jul 2 2004 pci@1c,600000:devctl", //Solaris device + "-rwxrwx--- 1 ftp ftp-admin 816026400 Oct 5 2008 bloplab 7 cd1.img", // NET-294 + + // http://mail-archives.apache.org/mod_mbox/commons-dev/200408.mbox/%3c4122F3C1.9090402@tanukisoftware.com%3e + "-rw-r--r-- 1 1 3518644 May 25 12:12 std", + "-rw-rw---- 1 ep1adm sapsys 0 6\u6708 3\u65e5 2003\u5e74 \u8a66\u9a13\u30d5\u30a1\u30a4\u30eb.csv", + "-rw-rw---- 1 ep1adm sapsys 0 8\u6708 17\u65e5 20:10 caerrinf", + + }; + + @Test + public void testBadListing() { + UnixFTPEntryParser parser = new UnixFTPEntryParser(); + for (String test : badsamples) { + try { + FTPFile f = parser.parseFTPEntry(test); + assertNull(nullFileOrNullDate(f), "Should have Failed to parse <" + test + ">"); + } catch (DateTimeParseException e) { + // + } + } + } + + private FTPFile nullFileOrNullDate(FTPFile f) { + if (f == null) { + return null; + } + if (f.getTimestamp() == null) { + return null; + } + return f; + } + + @Test + public void testGoodListing() { + UnixFTPEntryParser parser = new UnixFTPEntryParser(); + for (String test : goodsamples) { + FTPFile f = parser.parseFTPEntry(test); + assertNotNull(f, "Failed to parse " + test); + doAdditionalGoodTests(test, f); + } + } + + @Test + public void testNumericDateFormat() { + String testNumericDF = "-rw-r----- 1 neeme neeme 346 2005-04-08 11:22 services.vsp"; + String testNumericDF2 = "lrwxrwxrwx 1 neeme neeme 23 2005-03-02 18:06 macros -> ./../../global/macros/."; + UnixFTPEntryParser parser = new UnixFTPEntryParser(UnixFTPEntryParser.NUMERIC_DATE_CONFIG); + FTPFile f = parser.parseFTPEntry(testNumericDF); + assertNotNull(f, "Failed to parse " + testNumericDF); + ZonedDateTime zonedDateTime = ZonedDateTime.of(2005, Month.APRIL.getValue(), 8, 11, 22, 0, 0, ZoneId.of("UTC")); + if (zonedDateTime.isAfter(ZonedDateTime.now())) { + zonedDateTime = zonedDateTime.minusYears(1); + } + assertEquals(zonedDateTime, f.getTimestamp()); + FTPFile f2 = parser.parseFTPEntry(testNumericDF2); + assertNotNull(f2, "Failed to parse " + testNumericDF2); + assertEquals("./../../global/macros/.", f2.getLink(), "symbolic link"); + } + + @Test + public void testOwnerNameWithSpaces() { + UnixFTPEntryParser parser = new UnixFTPEntryParser(); + FTPFile f = parser.parseFTPEntry("drwxr-xr-x 2 john smith group 4096 Mar 2 15:13 zxbox"); + assertNotNull(f); + assertEquals("john smith", f.getUser()); + } + + @Test + public void testOwnerAndGroupNameWithSpaces() { + UnixFTPEntryParser parser = new UnixFTPEntryParser(); + FTPFile f = parser.parseFTPEntry("drwxr-xr-x 2 john smith test group 4096 Mar 2 15:13 zxbox"); + assertNotNull(f); + assertEquals("john smith", f.getUser()); + assertEquals("test group", f.getGroup()); + } + + @Test + public void testNET294() { + UnixFTPEntryParser parser = new UnixFTPEntryParser(); + FTPFile f = parser.parseFTPEntry("-rwxrwx--- 1 ftp ftp-admin 816026400 Oct 5 2008 bloplab 7 cd1.img"); + assertNotNull(f); + assertEquals("ftp", f.getUser()); + assertEquals("ftp-admin", f.getGroup()); + assertEquals(816026400L, f.getSize()); + assertNotNull(f.getTimestamp(), "Timestamp should not be null"); + assertEquals(2008, f.getTimestamp().getYear()); + assertEquals("bloplab 7 cd1.img", f.getName()); + } + + @Test + public void testGroupNameWithSpaces() { + UnixFTPEntryParser parser = new UnixFTPEntryParser(); + FTPFile f = parser.parseFTPEntry("drwx------ 4 maxm Domain Users 512 Oct 2 10:59 .metadata"); + assertNotNull(f); + assertEquals("maxm", f.getUser()); + assertEquals("Domain Users", f.getGroup()); + } + + @Test + public void testTrailingSpaces() { + UnixFTPEntryParser parser = new UnixFTPEntryParser(); + FTPFile f = parser.parseFTPEntry("drwxr-xr-x 2 john smith group 4096 Mar 2 15:13 zxbox "); + assertNotNull(f); + assertEquals("zxbox ", f.getName()); + } + + @Test + public void testLeadingSpacesDefault() { // the default has been changed to keep spaces + UnixFTPEntryParser parser = new UnixFTPEntryParser(); + FTPFile f = parser.parseFTPEntry("drwxr-xr-x 2 john smith group 4096 Mar 2 15:13 zxbox"); + assertNotNull(f); + assertEquals(" zxbox", f.getName()); // leading spaces retained + } + + @Test + public void testLeadingSpacesNET566() { // check new behaviour + FTPFile f = new UnixFTPEntryParser(null, false) + .parseFTPEntry("drwxr-xr-x 2 john smith group 4096 Mar 2 15:13 zxbox"); + assertNotNull(f); + assertEquals(" zxbox", f.getName()); // leading spaces retained + } + + @Test + public void testTrimLeadingSpacesNET566() { // check can trim spaces as before + FTPFile f = new UnixFTPEntryParser(null, true) + .parseFTPEntry("drwxr-xr-x 2 john smith group 4096 Mar 2 15:13 zxbox"); + assertNotNull(f); + assertEquals("zxbox", f.getName()); // leading spaces trimmed + } + + @Test + public void testNameWIthPunctuation() { + UnixFTPEntryParser parser = new UnixFTPEntryParser(); + FTPFile f = parser.parseFTPEntry("drwx------ 4 maxm Domain Users 512 Oct 2 10:59 abc(test)123.pdf"); + assertNotNull(f); + assertEquals("abc(test)123.pdf", f.getName()); + } + + @Test + public void testNoSpacesBeforeFileSize() { + UnixFTPEntryParser parser = new UnixFTPEntryParser(); + FTPFile f = parser.parseFTPEntry("drwxr-x---+1464 chrism chrism 41472 Feb 25 13:17 20090225"); + assertNotNull(f); + assertEquals(41472, f.getSize()); + assertEquals(f.getType(), FTPFile.DIRECTORY_TYPE); + assertEquals("chrism", f.getUser()); + assertEquals("chrism", f.getGroup()); + assertEquals(1464, f.getHardLinkCount()); + } + + @Test + public void testCorrectGroupNameParsing() { + UnixFTPEntryParser parser = new UnixFTPEntryParser(); + FTPFile f = parser.parseFTPEntry("-rw-r--r-- 1 ftpuser ftpusers 12414535 Mar 17 11:07 test 1999 abc.pdf"); + assertNotNull(f); + assertEquals(1, f.getHardLinkCount()); + assertEquals("ftpuser", f.getUser()); + assertEquals("ftpusers", f.getGroup()); + assertEquals(12414535, f.getSize()); + assertEquals("test 1999 abc.pdf", f.getName()); + ZonedDateTime zonedDateTime = ZonedDateTime.of(ZonedDateTime.now().getYear(), + Month.MARCH.getValue(), 17, 11, 7, 0, 0, ZoneId.of("UTC")); + if (zonedDateTime.isAfter(ZonedDateTime.now())) { + zonedDateTime = zonedDateTime.minusYears(1); + } + assertEquals(zonedDateTime.getMonth(), f.getTimestamp().getMonth()); + assertEquals(zonedDateTime.getDayOfMonth(), f.getTimestamp().getDayOfMonth()); + assertEquals(zonedDateTime.getHour(), f.getTimestamp().getHour()); + assertEquals(zonedDateTime.getMinute(), f.getTimestamp().getMinute()); + assertEquals(zonedDateTime.getSecond(), f.getTimestamp().getSecond()); + } + + @Test + public void testFilenamesWithEmbeddedNumbers() { + UnixFTPEntryParser parser = new UnixFTPEntryParser(); + FTPFile f = parser.parseFTPEntry("-rw-rw-rw- 1 user group 5840 Mar 19 09:34 123 456 abc.csv"); + assertEquals("123 456 abc.csv", f.getName()); + assertEquals(5840, f.getSize()); + assertEquals("user", f.getUser()); + assertEquals("group", f.getGroup()); + } + + @Test + public void testParseFieldsOnDirectory() throws Exception { + UnixFTPEntryParser parser = new UnixFTPEntryParser(); + FTPFile f = parser.parseFTPEntry("drwxr-xr-x 2 user group 4096 Mar 2 15:13 zxbox"); + assertNotNull(f, "Could not parse entry."); + assertTrue(f.isDirectory(), "Should have been a directory."); + checkPermissions(f); + assertEquals(2, f.getHardLinkCount()); + assertEquals("user", f.getUser()); + assertEquals("group", f.getGroup()); + assertEquals("zxbox", f.getName()); + assertEquals(4096, f.getSize()); + ZonedDateTime zonedDateTime = ZonedDateTime.of(ZonedDateTime.now().getYear(), + Month.MARCH.getValue(), 2, 15, 13, 0, 0, ZoneId.of("UTC")); + if (zonedDateTime.isAfter(ZonedDateTime.now())) { + zonedDateTime = zonedDateTime.minusYears(1); + } + assertEquals(zonedDateTime, f.getTimestamp()); + } + + @Test + public void testRecentPrecision() { + testPrecision("drwxr-xr-x 2 user group 4096 Mar 2 15:13 zxbox", + EnumSet.of(ChronoUnit.MINUTES)); + } + + @Test + public void testDefaultPrecision() { + testPrecision("drwxr-xr-x 2 user group 4096 Mar 2 2014 zxbox", + EnumSet.of(ChronoUnit.DAYS)); + } + + private void testPrecision(String listEntry, EnumSet units) { + UnixFTPEntryParser parser = new UnixFTPEntryParser(); + FTPFile file = parser.parseFTPEntry(listEntry); + assertNotNull(file, "Could not parse " + listEntry); + ZonedDateTime zonedDateTime = file.getTimestamp(); + assertNotNull(zonedDateTime, "Failed to parse time in " + listEntry); + for (ChronoUnit unit : units) { + assertTrue(zonedDateTime.isSupported(unit), "Expected set " + unit + " in " + listEntry); + } + } + + private void checkPermissions(FTPFile f) { + assertTrue(f.hasPermission(FTPFile.USER_ACCESS, FTPFile.READ_PERMISSION), "Should have user read permission."); + assertTrue(f.hasPermission(FTPFile.USER_ACCESS, FTPFile.WRITE_PERMISSION), "Should have user write permission."); + assertTrue(f.hasPermission(FTPFile.USER_ACCESS, FTPFile.EXECUTE_PERMISSION), "Should have user execute permission."); + assertTrue(f.hasPermission(FTPFile.GROUP_ACCESS, FTPFile.READ_PERMISSION), "Should have group read permission."); + assertFalse(f.hasPermission(FTPFile.GROUP_ACCESS, FTPFile.WRITE_PERMISSION), "Should NOT have group write permission."); + assertTrue(f.hasPermission(FTPFile.GROUP_ACCESS, FTPFile.EXECUTE_PERMISSION), "Should have group execute permission."); + assertTrue(f.hasPermission(FTPFile.WORLD_ACCESS, FTPFile.READ_PERMISSION), "Should have world read permission."); + assertFalse(f.hasPermission(FTPFile.WORLD_ACCESS, FTPFile.WRITE_PERMISSION), "Should NOT have world write permission."); + assertTrue(f.hasPermission(FTPFile.WORLD_ACCESS, FTPFile.EXECUTE_PERMISSION), "Should have world execute permission."); + } + + @Test + public void testParseFieldsOnFile() { + UnixFTPEntryParser parser = new UnixFTPEntryParser(); + FTPFile f = parser.parseFTPEntry("-rwxr-xr-x 2 user my group 500 5000000000 Mar 2 15:13 zxbox"); + assertNotNull(f, "Could not parse entry."); + assertTrue(f.isFile(), "Should have been a file."); + checkPermissions(f); + assertEquals(2, f.getHardLinkCount()); + assertEquals("user", f.getUser()); + assertEquals("my group 500", f.getGroup()); + assertEquals("zxbox", f.getName()); + assertEquals(5000000000L, f.getSize()); + ZonedDateTime zonedDateTime = ZonedDateTime.of(ZonedDateTime.now().getYear(), + Month.MARCH.getValue(), 2, 15, 13, 0, 0, ZoneId.of("UTC")); + if (zonedDateTime.isAfter(ZonedDateTime.now())) { + zonedDateTime = zonedDateTime.minusYears(1); + } + assertEquals(zonedDateTime, f.getTimestamp()); + } + + @Test + public void testParseFieldsOnFileJapaneseTime() { + UnixFTPEntryParser parser = new UnixFTPEntryParser(); + FTPFile f = parser.parseFTPEntry("-rwxr-xr-x 2 user group 4096 3\u6708 2\u65e5 15:13 zxbox"); + assertNotNull(f, "Could not parse entry."); + assertTrue(f.isFile(), "Should have been a file."); + checkPermissions(f); + assertEquals(2, f.getHardLinkCount()); + assertEquals("user", f.getUser()); + assertEquals("group", f.getGroup()); + assertEquals("zxbox", f.getName()); + assertEquals(4096, f.getSize()); + assertNotNull(f.getTimestamp(), "Timestamp not null"); + ZonedDateTime zonedDateTime = ZonedDateTime.of(ZonedDateTime.now().getYear(), + Month.MARCH.getValue(), 2, 15, 13, 0, 0, ZoneId.of("UTC")); + if (zonedDateTime.isAfter(ZonedDateTime.now())) { + zonedDateTime = zonedDateTime.minusYears(1); + } + assertEquals(zonedDateTime, f.getTimestamp()); + } + + @Test + public void testParseFieldsOnFileJapaneseYear() { + UnixFTPEntryParser parser = new UnixFTPEntryParser(); + FTPFile f = parser.parseFTPEntry("-rwxr-xr-x 2 user group 4096 3\u6708 2\u65e5 2003\u5e74 \u8a66\u9a13\u30d5\u30a1\u30a4\u30eb.csv"); + assertNotNull(f, "Could not parse entry."); + assertTrue(f.isFile(), "Should have been a file."); + checkPermissions(f); + assertEquals(2, f.getHardLinkCount()); + assertEquals("user", f.getUser()); + assertEquals("group", f.getGroup()); + assertEquals("\u8a66\u9a13\u30d5\u30a1\u30a4\u30eb.csv", f.getName()); + assertEquals(4096, f.getSize()); + assertNotNull(f.getTimestamp(), "Timestamp not null"); + ZonedDateTime zonedDateTime = ZonedDateTime.of(2003, + Month.MARCH.getValue(), 2, 0, 0, 0, 0, ZoneId.of("UTC")); + assertEquals(zonedDateTime, f.getTimestamp()); + } + + private void doAdditionalGoodTests(String test, FTPFile f) { + String link = f.getLink(); + if (null != link) { + int linklen = link.length(); + if (linklen > 0) { + assertEquals(link, test.substring(test.length() - linklen)); + assertEquals(f.getType(), FTPFile.SYMBOLIC_LINK_TYPE); + } + } + int type = f.getType(); + switch (test.charAt(0)) { + case 'd': + assertEquals(type, FTPFile.DIRECTORY_TYPE, "Type of " + test); + break; + case 'l': + assertEquals(type, FTPFile.SYMBOLIC_LINK_TYPE, "Type of " + test); + break; + case 'b': + case 'c': + assertEquals(0, f.getHardLinkCount()); + assertEquals(type, FTPFile.FILE_TYPE, "Type of " + test); + break; + case 'f': + assertEquals(type, FTPFile.FILE_TYPE, "Type of " + test); + break; + case '-': + assertEquals(type, FTPFile.FILE_TYPE, "Type of " + test); + break; + default: + assertEquals(type, FTPFile.UNKNOWN_TYPE, "Type of " + test); + } + for (int access = FTPFile.USER_ACCESS; + access <= FTPFile.WORLD_ACCESS; access++) { + for (int perm = FTPFile.READ_PERMISSION; + perm <= FTPFile.EXECUTE_PERMISSION; perm++) { + int pos = 3 * access + perm + 1; + char permchar = test.charAt(pos); + assertEquals(f.hasPermission(access, perm), + permchar != '-' && !Character.isUpperCase(permchar), + "Permission " + test.substring(1, 10)); + } + } + assertNotNull(f.getTimestamp(), "Expected to find a timestamp"); + } +} diff --git a/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/VMSFTPEntryParserTest.java b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/VMSFTPEntryParserTest.java new file mode 100644 index 0000000..46afab2 --- /dev/null +++ b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/VMSFTPEntryParserTest.java @@ -0,0 +1,227 @@ +package org.xbib.io.ftp.client.parser; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assertions.fail; +import org.junit.jupiter.api.Test; +import org.xbib.io.ftp.client.FTPFile; +import org.xbib.io.ftp.client.FTPListParseEngine; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.time.ZoneId; +import java.time.format.DateTimeFormatter; +import java.time.format.DateTimeParseException; +import java.util.Locale; + +public class VMSFTPEntryParserTest { + + private static final String[] badsamples = + { + + "1-JUN.LIS;2 9/9 JUN-2-1998 07:32:04 [GROUP,OWNER] (RWED,RWED,RWED,)", + "1-JUN.LIS;2 a/9 2-JUN-98 07:32:04 [GROUP,OWNER] (RWED,RWED,RWED,)", + "DATA.DIR; 1 1/9 2-JUN-1998 07:32:04 [GROUP,OWNER] (,RWED,RWED,RE)", + "120196.TXT;1 118/126 14-APR-1997 12:45:27 PM [GROUP,OWNER] (RWED,,RWED,RE)", + "30CHARBAR.TXT;1 11/18 2-JUN-1998 08:38:42 [GROUP-1,OWNER] (RWED,RWED,RWED,RE)", + "A.;2 18/18 1-JUL-1998 08:43:20 [GROUP,OWNER] (RWED2,RWED,RWED,RE)", + "AA.;2 152/153 13-FED-1997 08:13:43 [GROUP,OWNER] (RWED,RWED,RWED,RE)", + "Directory USER1:[TEMP]\r\n\r\n", + "\r\nTotal 14 files" + }; + + private static final String[] goodsamples = + { + "1-JUN.LIS;1 9/9 2-JUN-1998 07:32:04 [GROUP,OWNER] (RWED,RWED,RWED,RE)", + "1-JUN.LIS;3 9/9 2-JUN-1998 07:32:04 [GROUP,OWNER] (RWED,RWED,RWED,)", + "1-JUN.LIS;2 9/9 2-JUN-1998 07:32:04 [GROUP,OWNER] (RWED,RWED,RWED,)", + "DATA.DIR;1 1/9 2-JUN-1998 07:32:04 [TRANSLATED] (,RWED,RWED,RE)", + "120196.TXT;1 118/126 14-APR-1997 12:45:27 [GROUP,OWNER] (RWED,,RWED,RE)", + "30CHARBAR.TXT;1 11/18 2-JUN-1998 08:38:42 [GROUP,OWNER] (RWED,RWED,RWED,RE)", + "A.;2 18/18 1-JUL-1998 08:43:20 [GROUP,OWNER] (RWED,RWED,RWED,RE)", + "AA.;2 152/153 13-FEB-1997 08:13:43 [GROUP,OWNER] (RWED,RWED,RWED,RE)", + "UCX$REXECD_STARTUP.LOG;1098\r\n" + + " 4/15 24-FEB-2003 13:17:24 [POSTWARE,LP] (RWED,RWED,RE,)", + "UNARCHIVE.COM;1 2/15 7-JUL-1997 16:37:45 [POSTWARE,LP] (RWE,RWE,RWE,RE)", + "UNXMERGE.COM;15 1/15 20-AUG-1996 13:59:50 [POSTWARE,LP] (RWE,RWE,RWE,RE)", + "UNXTEMP.COM;7 1/15 15-AUG-1996 14:10:38 [POSTWARE,LP] (RWE,RWE,RWE,RE)", + "UNZIP_AND_ATTACH_FILES.COM;12\r\n" + + " 14/15 24-JUL-2002 14:35:40 [TRANSLATED] (RWE,RWE,RWE,RE)", + "UNZIP_AND_ATTACH_FILES.SAV;1\r\n" + + " 14/15 17-JAN-2002 11:13:53 [POSTWARE,LP] (RWE,RWED,RWE,RE)", + "FREEWARE40.DIR;1 27/36" + + " 16-FEB-1999 10:01:46 [AP_HTTPD,APACHE$WWW (RWE,RWE,RE,RE)", + "1-JUN.LIS;1 9/9 2-jun-1998 07:32:04 [GROUP,OWNER] (RWED,RWED,RWED,RE)", + }; + + private static final String fullListing = "Directory USER1:[TEMP]\r\n\r\n" + + "1-JUN.LIS;1 9/9 2-JUN-1998 07:32:04 [GROUP,OWNER] (RWED,RWED,RWED,RE)\r\n" + + "2-JUN.LIS;1 9/9 2-JUN-1998 07:32:04 [GROUP,OWNER] (RWED,RWED,RWED,)\r\n" + + "3-JUN.LIS;1 9/9 3-JUN-1998 07:32:04 [GROUP,OWNER] (RWED,RWED,RWED,)\r\n" + + "3-JUN.LIS;4 9/9 7-JUN-1998 07:32:04 [GROUP,OWNER] (RWED,RWED,RWED,)\r\n" + + "3-JUN.LIS;2 9/9 4-JUN-1998 07:32:04 [GROUP,OWNER] (RWED,RWED,RWED,)\r\n" + + "3-JUN.LIS;3 9/9 6-JUN-1998 07:32:04 [GROUP,OWNER] (RWED,RWED,RWED,)\r\n" + + "\r\nTotal 6 files"; + + @Test + public void testFirstGoodListing() { + VMSFTPEntryParser parser = new VMSFTPEntryParser(); + for (String test : goodsamples) { + FTPFile f = parser.parseFTPEntry(test); + assertNotNull(f, "Failed to parse " + test); + } + } + + @Test + public void testBadListing() { + VMSFTPEntryParser parser = new VMSFTPEntryParser(); + for (String test : badsamples) { + try { + FTPFile f = parser.parseFTPEntry(test); + assertNull(nullFileOrNullDate(f), "Should have Failed to parse <" + test + ">"); + } catch (DateTimeParseException e) { + // + } + } + } + + private FTPFile nullFileOrNullDate(FTPFile f) { + if (f == null) { + return null; + } + if (f.getTimestamp() == null) { + return null; + } + return f; + } + + @Test + public void testWholeListParse() throws IOException { + VMSFTPEntryParser parser = new VMSFTPEntryParser(); + parser.configure(null); + FTPListParseEngine engine = new FTPListParseEngine(parser); + engine.readServerList( + new ByteArrayInputStream(fullListing.getBytes()), null); // use default encoding + FTPFile[] files = engine.getFiles(); + assertEquals(6, files.length); + assertFileInListing(files, "2-JUN.LIS"); + assertFileInListing(files, "3-JUN.LIS"); + assertFileInListing(files, "1-JUN.LIS"); + assertFileNotInListing(files, "1-JUN.LIS;1"); + } + + @Test + public void testWholeListParseWithVersioning() throws IOException { + VMSFTPEntryParser parser = new VMSVersioningFTPEntryParser(); + parser.configure(null); + FTPListParseEngine engine = new FTPListParseEngine(parser); + engine.readServerList( + new ByteArrayInputStream(fullListing.getBytes()), null); // use default encoding + FTPFile[] files = engine.getFiles(); + assertEquals(3, files.length); + assertFileInListing(files, "1-JUN.LIS;1"); + assertFileInListing(files, "2-JUN.LIS;1"); + assertFileInListing(files, "3-JUN.LIS;4"); + assertFileNotInListing(files, "3-JUN.LIS;1"); + assertFileNotInListing(files, "3-JUN.LIS"); + } + + public void assertFileInListing(FTPFile[] listing, String name) { + for (FTPFile element : listing) { + if (name.equals(element.getName())) { + return; + } + } + fail("File " + name + " not found in supplied listing"); + } + + public void assertFileNotInListing(FTPFile[] listing, String name) { + for (FTPFile element : listing) { + if (name.equals(element.getName())) { + fail("Unexpected File " + name + " found in supplied listing"); + } + } + } + + @Test + public void testParseFieldsOnDirectory() throws Exception { + ConfigurableFTPFileEntryParserImpl parser = new VMSFTPEntryParser(); + parser.configure(null); + FTPFile dir = parser.parseFTPEntry( + "DATA.DIR;1 1/9 2-JUN-1998 07:32:04 [GROUP,OWNER] (RWED,RWED,RWED,RE)"); + assertTrue(dir.isDirectory(), "Should be a directory."); + assertEquals("DATA.DIR", dir.getName()); + assertEquals(512, dir.getSize()); + assertNotNull(dir.getTimestamp()); + assertEquals("Tue Jun 02 07:32:04 1998", dir.getTimestamp().format(df)); + assertEquals("GROUP", dir.getGroup()); + assertEquals("OWNER", dir.getUser()); + checkPermisions(dir, 0775); + dir = parser.parseFTPEntry("DATA.DIR;1 1/9 2-JUN-1998 07:32:04 [TRANSLATED] (RWED,RWED,,RE)"); + assertTrue(dir.isDirectory(), "Should be a directory."); + assertEquals("DATA.DIR", dir.getName()); + assertEquals(512, dir.getSize()); + assertEquals("Tue Jun 02 07:32:04 1998", dir.getTimestamp().format(df)); + assertNull(dir.getGroup()); + assertEquals("TRANSLATED", dir.getUser()); + checkPermisions(dir, 0705); + } + + static final DateTimeFormatter df = DateTimeFormatter + .ofPattern("EEE MMM dd HH:mm:ss yyyy") + .withZone(ZoneId.of("UTC")) + .withLocale(Locale.US); + + @Test + public void testParseFieldsOnFile() throws Exception { + ConfigurableFTPFileEntryParserImpl parser = new VMSFTPEntryParser(); + parser.configure(null); + FTPFile file = parser.parseFTPEntry("1-JUN.LIS;1 9/9 2-JUN-1998 07:32:04 [GROUP,OWNER] (RWED,RWED,RW,R)"); + assertTrue(file.isFile(), "Should be a file."); + assertEquals("1-JUN.LIS", file.getName()); + assertEquals(9 * 512, file.getSize()); + assertNotNull(file.getTimestamp()); + assertEquals("Tue Jun 02 07:32:04 1998", file.getTimestamp().format(df)); + assertEquals("GROUP", file.getGroup()); + assertEquals("OWNER", file.getUser()); + checkPermisions(file, 0764); + file = parser.parseFTPEntry("1-JUN.LIS;1 9/9 2-JUN-1998 07:32:04 [TRANSLATED] (RWED,RD,,)"); + assertTrue(file.isFile(), "Should be a file."); + assertEquals("1-JUN.LIS", file.getName()); + assertEquals(9 * 512, file.getSize()); + assertEquals("Tue Jun 02 07:32:04 1998", file.getTimestamp().format(df)); + assertNull(file.getGroup()); + assertEquals("TRANSLATED", file.getUser()); + checkPermisions(file, 0400); + } + + private void checkPermisions(FTPFile dir, int octalPerm) { + int permMask = 1 << 8; + assertEquals(dir.hasPermission(FTPFile.USER_ACCESS, + FTPFile.READ_PERMISSION), ((permMask & octalPerm) != 0), "Owner should not have read permission."); + permMask >>= 1; + assertEquals(dir.hasPermission(FTPFile.USER_ACCESS, + FTPFile.WRITE_PERMISSION), ((permMask & octalPerm) != 0), "Owner should not have write permission."); + permMask >>= 1; + assertEquals(dir.hasPermission(FTPFile.USER_ACCESS, + FTPFile.EXECUTE_PERMISSION), ((permMask & octalPerm) != 0), "Owner should not have execute permission."); + permMask >>= 1; + assertEquals(dir.hasPermission(FTPFile.GROUP_ACCESS, FTPFile.READ_PERMISSION), ((permMask & octalPerm) != 0), "Group should not have read permission."); + permMask >>= 1; + assertEquals(dir.hasPermission(FTPFile.GROUP_ACCESS, + FTPFile.WRITE_PERMISSION), ((permMask & octalPerm) != 0), "Group should not have write permission."); + permMask >>= 1; + assertEquals(dir.hasPermission(FTPFile.GROUP_ACCESS, + FTPFile.EXECUTE_PERMISSION), ((permMask & octalPerm) != 0), "Group should not have execute permission."); + permMask >>= 1; + assertEquals(dir.hasPermission(FTPFile.WORLD_ACCESS, + FTPFile.READ_PERMISSION), ((permMask & octalPerm) != 0), "World should not have read permission."); + permMask >>= 1; + assertEquals(dir.hasPermission(FTPFile.WORLD_ACCESS, + FTPFile.WRITE_PERMISSION), ((permMask & octalPerm) != 0), "World should not have write permission."); + permMask >>= 1; + assertEquals(dir.hasPermission(FTPFile.WORLD_ACCESS, + FTPFile.EXECUTE_PERMISSION), ((permMask & octalPerm) != 0), "World should not have execute permission."); + } +} diff --git a/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/ZonedDateTimeParserTest.java b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/ZonedDateTimeParserTest.java new file mode 100644 index 0000000..9a0564e --- /dev/null +++ b/files-ftp/src/test/java/org/xbib/io/ftp/client/parser/ZonedDateTimeParserTest.java @@ -0,0 +1,41 @@ +package org.xbib.io.ftp.client.parser; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import org.junit.jupiter.api.Test; +import java.time.ZoneId; +import java.time.ZonedDateTime; +import java.time.format.DateTimeFormatter; +import java.time.format.DateTimeFormatterBuilder; +import java.time.temporal.ChronoField; +import java.util.Locale; + +public class ZonedDateTimeParserTest { + + @Test + public void test1() { + ZonedDateTime now = ZonedDateTime.now(); + DateTimeFormatter df = new DateTimeFormatterBuilder() + .appendPattern("MMM dd HH:mm") + .parseDefaulting(ChronoField.YEAR, now.getYear()) + .toFormatter() + .withLocale(Locale.US) + .withZone(ZoneId.of("UTC")); + ZonedDateTime zonedDateTime = ZonedDateTime.parse("Oct 01 21:15", df); + if (zonedDateTime.isAfter(now)) { + zonedDateTime = zonedDateTime.minusYears(1L); + } + assertEquals(zonedDateTime.getYear() + "-10-01T21:15Z[UTC]", zonedDateTime.toString()); + } + + @Test + public void test2() { + DateTimeFormatter df = new DateTimeFormatterBuilder() + .parseCaseInsensitive() + .appendPattern("d-MMM-yyyy HH:mm:ss") + .toFormatter() + .withLocale(Locale.US) + .withZone(ZoneId.of("UTC")); + ZonedDateTime zonedDateTime = ZonedDateTime.parse("2-JUN-1998 07:32:04", df); + assertEquals("1998-06-02T07:32:04Z[UTC]", zonedDateTime.toString()); + } +} diff --git a/files-sftp-fs/build.gradle b/files-sftp-fs/build.gradle new file mode 100644 index 0000000..e05b722 --- /dev/null +++ b/files-sftp-fs/build.gradle @@ -0,0 +1,4 @@ +dependencies { + api project(':files-sftp') + testImplementation "org.bouncycastle:bcpkix-jdk15on:${project.property('bouncycastle.version')}" +} diff --git a/files-sftp-fs/src/main/java/module-info.java b/files-sftp-fs/src/main/java/module-info.java new file mode 100644 index 0000000..9ce7d9e --- /dev/null +++ b/files-sftp-fs/src/main/java/module-info.java @@ -0,0 +1,8 @@ +import org.apache.sshd.fs.SftpFileSystemProvider; +import java.nio.file.spi.FileSystemProvider; + +module org.xbib.files.sftp.fs { + exports org.apache.sshd.fs; + requires transitive org.xbib.files.sftp; + provides FileSystemProvider with SftpFileSystemProvider; +} diff --git a/files-sftp-fs/src/main/java/org/apache/sshd/fs/AbstractSftpFileAttributeView.java b/files-sftp-fs/src/main/java/org/apache/sshd/fs/AbstractSftpFileAttributeView.java new file mode 100644 index 0000000..57320cf --- /dev/null +++ b/files-sftp-fs/src/main/java/org/apache/sshd/fs/AbstractSftpFileAttributeView.java @@ -0,0 +1,84 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.fs; + +import java.io.IOException; +import java.nio.file.LinkOption; +import java.nio.file.NoSuchFileException; +import java.nio.file.Path; +import java.nio.file.attribute.FileAttributeView; +import java.util.Objects; + +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.common.SftpConstants; +import org.apache.sshd.common.SftpException; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractSftpFileAttributeView implements FileAttributeView { + protected final SftpFileSystemProvider provider; + protected final Path path; + protected final LinkOption[] options; + + protected AbstractSftpFileAttributeView(SftpFileSystemProvider provider, Path path, LinkOption... options) { + this.provider = Objects.requireNonNull(provider, "No file system provider instance"); + this.path = Objects.requireNonNull(path, "No path"); + this.options = options; + } + + @Override + public String name() { + return "view"; + } + + /** + * @return The underlying {@link SftpFileSystemProvider} used to provide the view functionality + */ + public final SftpFileSystemProvider provider() { + return provider; + } + + /** + * @return The referenced view {@link Path} + */ + public final Path getPath() { + return path; + } + + protected SftpClient.Attributes readRemoteAttributes() throws IOException { + return provider.readRemoteAttributes(provider.toSftpPath(path), options); + } + + protected void writeRemoteAttributes(SftpClient.Attributes attrs) throws IOException { + SftpPath p = provider.toSftpPath(path); + SftpFileSystem fs = p.getFileSystem(); + try (SftpClient client = fs.getClient()) { + try { + client.setStat(p.toString(), attrs); + } catch (SftpException e) { + if (e.getStatus() == SftpConstants.SSH_FX_NO_SUCH_FILE) { + throw new NoSuchFileException(p.toString()); + } + throw e; + } + } + } +} diff --git a/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpAclFileAttributeView.java b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpAclFileAttributeView.java new file mode 100644 index 0000000..fcb29b6 --- /dev/null +++ b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpAclFileAttributeView.java @@ -0,0 +1,67 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.fs; + +import java.io.IOException; +import java.nio.file.LinkOption; +import java.nio.file.Path; +import java.nio.file.attribute.AclEntry; +import java.nio.file.attribute.AclFileAttributeView; +import java.nio.file.attribute.PosixFileAttributes; +import java.nio.file.attribute.UserPrincipal; +import java.util.List; + +import org.apache.sshd.client.SftpClient; + +/** + * @author Apache MINA SSHD Project + */ +public class SftpAclFileAttributeView extends AbstractSftpFileAttributeView implements AclFileAttributeView { + public SftpAclFileAttributeView(SftpFileSystemProvider provider, Path path, LinkOption... options) { + super(provider, path, options); + } + + @Override + public UserPrincipal getOwner() throws IOException { + PosixFileAttributes v = provider.readAttributes(path, PosixFileAttributes.class, options); + return v.owner(); + } + + @Override + public void setOwner(UserPrincipal owner) throws IOException { + provider.setAttribute(path, "posix", "owner", owner, options); + } + + @Override + public String name() { + return "acl"; + } + + @Override + public List getAcl() throws IOException { + return readRemoteAttributes().getAcl(); + } + + @Override + public void setAcl(List acl) throws IOException { + writeRemoteAttributes(new SftpClient.Attributes().acl(acl)); + } + +} diff --git a/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpClientDirectoryScanner.java b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpClientDirectoryScanner.java new file mode 100644 index 0000000..22f67ed --- /dev/null +++ b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpClientDirectoryScanner.java @@ -0,0 +1,226 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.fs; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.LinkedList; +import java.util.function.Supplier; +import java.util.stream.Collectors; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.io.PathScanningMatcher; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.SftpClient.Attributes; +import org.apache.sshd.client.SftpClient.DirEntry; + +/** + * Uses an {@link SftpClient} to scan a directory (possibly recursively) and find files that match a given set of + * inclusion patterns. + * + * @author Apache MINA SSHD Project + */ +public class SftpClientDirectoryScanner extends PathScanningMatcher { + protected String basedir; + + public SftpClientDirectoryScanner() { + this(true); + } + + public SftpClientDirectoryScanner(boolean caseSensitive) { + setSeparator("/"); + setCaseSensitive(caseSensitive); + } + + public SftpClientDirectoryScanner(String dir) { + this(dir, Collections.emptyList()); + } + + public SftpClientDirectoryScanner(String dir, String... includes) { + this(dir, GenericUtils.isEmpty(includes) ? Collections.emptyList() : Arrays.asList(includes)); + } + + public SftpClientDirectoryScanner(String dir, Collection includes) { + this(); + + setBasedir(dir); + setIncludes(includes); + } + + public String getBasedir() { + return basedir; + } + + /** + * @param basedir The base directory from which to start scanning. Note: it is converted to its canonical + * form when scanning. May not be {@code null}/empty + */ + public void setBasedir(String basedir) { + this.basedir = ValidateUtils.checkNotNullAndNotEmpty(basedir, "No base directory provided"); + } + + @Override + public String getSeparator() { + return "/"; + } + + @Override + public void setSeparator(String separator) { + ValidateUtils.checkState("/".equals(separator), "Invalid separator: '%s'", separator); + super.setSeparator(separator); + } + + @Override + public void setIncludes(Collection includes) { + this.includePatterns = GenericUtils.isEmpty(includes) + ? Collections.emptyList() + : Collections.unmodifiableList( + includes.stream() + .map(v -> SftpPathDirectoryScanner.adjustPattern(v)) + .collect(Collectors.toCollection(() -> new ArrayList<>(includes.size())))); + } + + /** + * Scans the current {@link #getBasedir() basedir} + * + * @param client The {@link SftpClient} instance to use + * @return A {@link Collection} of {@link ScanDirEntry}-ies matching the {@link #getIncludes() + * inclusion patterns} + * @throws IOException If failed to access the remote file system + * @throws IllegalStateException If illegal/missing base directory, or missing inclusion patterns, or specified base + * path is not a directory + */ + public Collection scan(SftpClient client) throws IOException, IllegalStateException { + return scan(client, LinkedList::new); + } + + public > C scan( + SftpClient client, Supplier factory) + throws IOException, IllegalStateException { + String rootDir = getBasedir(); + ValidateUtils.checkState(GenericUtils.isNotEmpty(rootDir), "No basedir set"); + rootDir = client.canonicalPath(rootDir); + + Attributes attrs = client.stat(rootDir); + if (attrs == null) { + throw new IllegalStateException("basedir " + rootDir + " does not exist"); + } + + if (!attrs.isDirectory()) { + throw new IllegalStateException("basedir " + rootDir + " is not a directory"); + } + + if (GenericUtils.isEmpty(getIncludes())) { + throw new IllegalStateException("No includes set for " + rootDir); + } + + return scandir(client, rootDir, "", factory.get()); + } + + /** + * @param Generic collection type + * @param client The {@link SftpClient} instance to use + * @param rootDir The absolute path of the folder to read + * @param parent The relative parent of the folder to read - may be empty for base directory + * @param filesList The (never {@code null}) {@link Collection} of {@link ScanDirEntry}-ies to update + * @return The updated {@link Collection} of {@link ScanDirEntry}-ies + * @throws IOException If failed to access remote file system + */ + protected > C scandir( + SftpClient client, String rootDir, String parent, C filesList) + throws IOException { + Collection entries = client.readEntries(rootDir); + if (GenericUtils.isEmpty(entries)) { + return filesList; + } + + for (DirEntry de : entries) { + String name = de.getFilename(); + if (".".equals(name) || "..".equals(name)) { + continue; + } + + Attributes attrs = de.getAttributes(); + if (attrs.isDirectory()) { + if (isIncluded(name)) { + String fullPath = createRelativePath(rootDir, name); + String relPath = createRelativePath(parent, name); + filesList.add(new ScanDirEntry(fullPath, relPath, de)); + scandir(client, fullPath, relPath, filesList); + } else if (couldHoldIncluded(name)) { + scandir(client, createRelativePath(rootDir, name), createRelativePath(parent, name), filesList); + } + } else if (attrs.isRegularFile()) { + if (isIncluded(name)) { + filesList.add(new ScanDirEntry(createRelativePath(rootDir, name), createRelativePath(parent, name), de)); + } + } + } + + return filesList; + } + + protected String createRelativePath(String parent, String name) { + if (GenericUtils.isEmpty(parent)) { + return name; + } else { + return parent + getSeparator() + name; + } + } + + /** + * The result of a scan + * + * @author Apache MINA SSHD Project + */ + public static class ScanDirEntry extends DirEntry { + private final String fullPath; + private final String relativePath; + + public ScanDirEntry(String fullPath, String relativePath, DirEntry dirEntry) { + super(dirEntry); + this.fullPath = fullPath; + this.relativePath = relativePath; + } + + /** + * @return The full path represented by this entry + */ + public String getFullPath() { + return fullPath; + } + + /** + * @return The relative path from the base directory used for scanning + */ + public String getRelativePath() { + return relativePath; + } + + @Override + public String toString() { + return getFullPath() + " - " + super.toString(); + } + } +} diff --git a/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpDirectoryStream.java b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpDirectoryStream.java new file mode 100644 index 0000000..e217dff --- /dev/null +++ b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpDirectoryStream.java @@ -0,0 +1,112 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.fs; + +import java.io.IOException; +import java.nio.file.DirectoryStream; +import java.nio.file.Path; +import java.util.Iterator; +import java.util.Objects; + +import org.apache.sshd.client.SftpClient; + +/** + * Implements a remote {@link DirectoryStream} + * + * @author Apache MINA SSHD Project + */ +public class SftpDirectoryStream implements DirectoryStream { + protected SftpPathIterator pathIterator; + + private final SftpPath path; + private final Filter filter; + private final SftpClient sftp; + + /** + * @param path The remote {@link SftpPath} + * @throws IOException If failed to initialize the directory access handle + */ + public SftpDirectoryStream(SftpPath path) throws IOException { + this(path, null); + } + + /** + * + * @param path The remote {@link SftpPath} + * @param filter An optional {@link Filter filter} - ignored if + * {@code null} + * @throws IOException If failed to initialize the directory access handle + */ + public SftpDirectoryStream(SftpPath path, Filter filter) throws IOException { + this.path = Objects.requireNonNull(path, "No path specified"); + this.filter = filter; + + SftpFileSystem fs = path.getFileSystem(); + sftp = fs.getClient(); + + Iterable iter = sftp.readDir(path.toString()); + pathIterator = new SftpPathIterator(getRootPath(), iter, getFilter()); + } + + /** + * Client instance used to access the remote directory + * + * @return The {@link SftpClient} instance used to access the remote directory + */ + public final SftpClient getClient() { + return sftp; + } + + /** + * @return The root {@link SftpPath} for this directory stream + */ + public final SftpPath getRootPath() { + return path; + } + + /** + * @return The original filter - may be {@code null} to indicate no filter + */ + public final Filter getFilter() { + return filter; + } + + @Override + public Iterator iterator() { + if (!sftp.isOpen()) { + throw new IllegalStateException("Stream has been closed"); + } + + /* + * According to documentation this method can be called only once + */ + if (pathIterator == null) { + throw new IllegalStateException("Iterator has already been consumed"); + } + + Iterator iter = pathIterator; + pathIterator = null; + return iter; + } + + @Override + public void close() throws IOException { + sftp.close(); + } +} diff --git a/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpFileStore.java b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpFileStore.java new file mode 100644 index 0000000..910628d --- /dev/null +++ b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpFileStore.java @@ -0,0 +1,105 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.fs; + +import java.io.IOException; +import java.nio.file.FileStore; +import java.nio.file.FileSystem; +import java.nio.file.attribute.FileAttributeView; +import java.nio.file.attribute.FileStoreAttributeView; +import java.util.Collection; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.SftpConstants; + +/** + * @author Apache MINA SSHD Project + */ +public class SftpFileStore extends FileStore { + private final SftpFileSystem fs; + private final String name; + + public SftpFileStore(String name, SftpFileSystem fs) { + this.name = name; + this.fs = fs; + } + + public final SftpFileSystem getFileSystem() { + return fs; + } + + @Override + public String name() { + return name; + } + + @Override + public String type() { + return SftpConstants.SFTP_SUBSYSTEM_NAME; + } + + @Override + public boolean isReadOnly() { + return false; + } + + @Override + public long getTotalSpace() throws IOException { + return Long.MAX_VALUE; // TODO use SFTPv6 space-available extension + } + + @Override + public long getUsableSpace() throws IOException { + return Long.MAX_VALUE; + } + + @Override + public long getUnallocatedSpace() throws IOException { + return Long.MAX_VALUE; + } + + @Override + public boolean supportsFileAttributeView(Class type) { + SftpFileSystem sftpFs = getFileSystem(); + SftpFileSystemProvider provider = sftpFs.provider(); + return provider.isSupportedFileAttributeView(sftpFs, type); + } + + @Override + public boolean supportsFileAttributeView(String name) { + if (GenericUtils.isEmpty(name)) { + return false; // debug breakpoint + } + + FileSystem sftpFs = getFileSystem(); + Collection views = sftpFs.supportedFileAttributeViews(); + return !GenericUtils.isEmpty(views) && views.contains(name); + } + + @Override + public V getFileStoreAttributeView(Class type) { + return null; // no special views supported + } + + @Override + public Object getAttribute(String attribute) throws IOException { + return null; // no special attributes supported + } +} diff --git a/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpFileSystem.java b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpFileSystem.java new file mode 100644 index 0000000..2e9e805 --- /dev/null +++ b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpFileSystem.java @@ -0,0 +1,649 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.fs; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.StreamCorruptedException; +import java.nio.charset.Charset; +import java.nio.file.FileStore; +import java.nio.file.FileSystemException; +import java.nio.file.attribute.GroupPrincipal; +import java.nio.file.attribute.UserPrincipal; +import java.nio.file.attribute.UserPrincipalLookupService; +import java.time.Duration; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.NavigableMap; +import java.util.NavigableSet; +import java.util.Objects; +import java.util.Queue; +import java.util.Set; +import java.util.TreeSet; +import java.util.concurrent.LinkedBlockingQueue; +import java.util.concurrent.atomic.AtomicInteger; + +import org.apache.sshd.client.channel.ClientChannel; +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.client.session.ClientSessionHolder; +import org.apache.sshd.common.file.util.BaseFileSystem; +import org.apache.sshd.common.session.SessionHolder; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.SftpModuleProperties; +import org.apache.sshd.client.RawSftpClient; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.SftpClientFactory; +import org.apache.sshd.client.SftpVersionSelector; +import org.apache.sshd.client.impl.AbstractSftpClient; +import org.apache.sshd.common.SftpConstants; + +public class SftpFileSystem + extends BaseFileSystem + implements SessionHolder, ClientSessionHolder { + + public static final NavigableSet UNIVERSAL_SUPPORTED_VIEWS = Collections.unmodifiableNavigableSet( + GenericUtils.asSortedSet(String.CASE_INSENSITIVE_ORDER, "basic", "posix", "owner")); + + private final String id; + private final ClientSession clientSession; + private final SftpClientFactory factory; + private final SftpVersionSelector selector; + private final Queue pool; + private final ThreadLocal wrappers = new ThreadLocal<>(); + private final int version; + private final Set supportedViews; + private SftpPath defaultDir; + private int readBufferSize; + private int writeBufferSize; + private final List stores; + + public SftpFileSystem(SftpFileSystemProvider provider, String id, ClientSession session, + SftpClientFactory factory, SftpVersionSelector selector) throws IOException { + super(provider); + this.id = id; + this.clientSession = Objects.requireNonNull(session, "No client session"); + this.factory = factory != null ? factory : SftpClientFactory.instance(); + this.selector = selector; + this.stores = Collections. singletonList(new SftpFileStore(id, this)); + this.pool = new LinkedBlockingQueue<>(SftpModuleProperties.POOL_SIZE.getRequired(session)); + try (SftpClient client = getClient()) { + version = client.getVersion(); + defaultDir = getPath(client.canonicalPath(".")); + } + + if (version >= SftpConstants.SFTP_V4) { + Set views = new TreeSet<>(String.CASE_INSENSITIVE_ORDER); + views.addAll(UNIVERSAL_SUPPORTED_VIEWS); + views.add("acl"); + supportedViews = Collections.unmodifiableSet(views); + } else { + supportedViews = UNIVERSAL_SUPPORTED_VIEWS; + } + } + + public final SftpVersionSelector getSftpVersionSelector() { + return selector; + } + + public final String getId() { + return id; + } + + public final int getVersion() { + return version; + } + + @Override + public SftpFileSystemProvider provider() { + return (SftpFileSystemProvider) super.provider(); + } + + @Override // NOTE: co-variant return + public List getFileStores() { + return this.stores; + } + + public int getReadBufferSize() { + return readBufferSize; + } + + public void setReadBufferSize(int size) { + if (size < SftpClient.MIN_READ_BUFFER_SIZE) { + throw new IllegalArgumentException( + "Insufficient read buffer size: " + size + ", min.=" + SftpClient.MIN_READ_BUFFER_SIZE); + } + + readBufferSize = size; + } + + public int getWriteBufferSize() { + return writeBufferSize; + } + + public void setWriteBufferSize(int size) { + if (size < SftpClient.MIN_WRITE_BUFFER_SIZE) { + throw new IllegalArgumentException( + "Insufficient write buffer size: " + size + ", min.=" + SftpClient.MIN_WRITE_BUFFER_SIZE); + } + + writeBufferSize = size; + } + + @Override + protected SftpPath create(String root, List names) { + return new SftpPath(this, root, names); + } + + @Override + public ClientSession getClientSession() { + return clientSession; + } + + @Override + public ClientSession getSession() { + return getClientSession(); + } + + @SuppressWarnings("synthetic-access") + public SftpClient getClient() throws IOException { + Wrapper wrapper = wrappers.get(); + if (wrapper == null) { + while (wrapper == null) { + SftpClient client = pool.poll(); + if (client == null) { + ClientSession session = getClientSession(); + client = factory.createSftpClient(session, getSftpVersionSelector()); + } + if (!client.isClosing()) { + wrapper = new Wrapper(client, getReadBufferSize(), getWriteBufferSize()); + } + } + wrappers.set(wrapper); + } else { + wrapper.increment(); + } + return wrapper; + } + + @Override + public void close() throws IOException { + if (isOpen()) { + SftpFileSystemProvider provider = provider(); + String fsId = getId(); + SftpFileSystem fs = provider.removeFileSystem(fsId); + ClientSession session = getClientSession(); + session.close(true); + + if ((fs != null) && (fs != this)) { + throw new FileSystemException(fsId, fsId, "Mismatched FS instance for id=" + fsId); + } + } + } + + @Override + public boolean isOpen() { + ClientSession session = getClientSession(); + return session.isOpen(); + } + + @Override + public Set supportedFileAttributeViews() { + return supportedViews; + } + + @Override + public UserPrincipalLookupService getUserPrincipalLookupService() { + return DefaultUserPrincipalLookupService.INSTANCE; + } + + @Override + public SftpPath getDefaultDir() { + return defaultDir; + } + + @Override + public String toString() { + return getClass().getSimpleName() + "[" + getClientSession() + "]"; + } + + private final class Wrapper extends AbstractSftpClient { + private final SftpClient delegate; + private final AtomicInteger count = new AtomicInteger(1); + private final int readSize; + private final int writeSize; + + private Wrapper(SftpClient delegate, int readSize, int writeSize) { + this.delegate = delegate; + this.readSize = readSize; + this.writeSize = writeSize; + } + + @Override + public int getVersion() { + return delegate.getVersion(); + } + + @Override + public ClientSession getClientSession() { + return delegate.getClientSession(); + } + + @Override + public ClientChannel getClientChannel() { + return delegate.getClientChannel(); + } + + @Override + public NavigableMap getServerExtensions() { + return delegate.getServerExtensions(); + } + + @Override + public Charset getNameDecodingCharset() { + return delegate.getNameDecodingCharset(); + } + + @Override + public void setNameDecodingCharset(Charset cs) { + delegate.setNameDecodingCharset(cs); + } + + @Override + public boolean isClosing() { + return false; + } + + @Override + public boolean isOpen() { + return count.get() > 0; + } + + @SuppressWarnings("synthetic-access") + @Override + public void close() throws IOException { + if (count.decrementAndGet() <= 0) { + if (!pool.offer(delegate)) { + delegate.close(); + } + wrappers.set(null); + } + } + + public void increment() { + count.incrementAndGet(); + } + + @Override + public CloseableHandle open(String path, Collection options) throws IOException { + if (!isOpen()) { + throw new IOException("open(" + path + ")[" + options + "] client is closed"); + } + return delegate.open(path, options); + } + + @Override + public void close(Handle handle) throws IOException { + if (!isOpen()) { + throw new IOException("close(" + handle + ") client is closed"); + } + delegate.close(handle); + } + + @Override + public void remove(String path) throws IOException { + if (!isOpen()) { + throw new IOException("remove(" + path + ") client is closed"); + } + delegate.remove(path); + } + + @Override + public void rename(String oldPath, String newPath, Collection options) throws IOException { + if (!isOpen()) { + throw new IOException("rename(" + oldPath + " => " + newPath + ")[" + options + "] client is closed"); + } + delegate.rename(oldPath, newPath, options); + } + + @Override + public int read(Handle handle, long fileOffset, byte[] dst, int dstOffset, int len) throws IOException { + if (!isOpen()) { + throw new IOException( + "read(" + handle + "/" + fileOffset + ")[" + dstOffset + "/" + len + "] client is closed"); + } + return delegate.read(handle, fileOffset, dst, dstOffset, len); + } + + @Override + public void write(Handle handle, long fileOffset, byte[] src, int srcOffset, int len) throws IOException { + if (!isOpen()) { + throw new IOException( + "write(" + handle + "/" + fileOffset + ")[" + srcOffset + "/" + len + "] client is closed"); + } + delegate.write(handle, fileOffset, src, srcOffset, len); + } + + @Override + public void mkdir(String path) throws IOException { + if (!isOpen()) { + throw new IOException("mkdir(" + path + ") client is closed"); + } + delegate.mkdir(path); + } + + @Override + public void rmdir(String path) throws IOException { + if (!isOpen()) { + throw new IOException("rmdir(" + path + ") client is closed"); + } + delegate.rmdir(path); + } + + @Override + public CloseableHandle openDir(String path) throws IOException { + if (!isOpen()) { + throw new IOException("openDir(" + path + ") client is closed"); + } + return delegate.openDir(path); + } + + @Override + public List readDir(Handle handle) throws IOException { + if (!isOpen()) { + throw new IOException("readDir(" + handle + ") client is closed"); + } + return delegate.readDir(handle); + } + + @Override + public Iterable listDir(Handle handle) throws IOException { + if (!isOpen()) { + throw new IOException("readDir(" + handle + ") client is closed"); + } + return delegate.listDir(handle); + } + + @Override + public String canonicalPath(String path) throws IOException { + if (!isOpen()) { + throw new IOException("canonicalPath(" + path + ") client is closed"); + } + return delegate.canonicalPath(path); + } + + @Override + public Attributes stat(String path) throws IOException { + if (!isOpen()) { + throw new IOException("stat(" + path + ") client is closed"); + } + return delegate.stat(path); + } + + @Override + public Attributes lstat(String path) throws IOException { + if (!isOpen()) { + throw new IOException("lstat(" + path + ") client is closed"); + } + return delegate.lstat(path); + } + + @Override + public Attributes stat(Handle handle) throws IOException { + if (!isOpen()) { + throw new IOException("stat(" + handle + ") client is closed"); + } + return delegate.stat(handle); + } + + @Override + public void setStat(String path, Attributes attributes) throws IOException { + if (!isOpen()) { + throw new IOException("setStat(" + path + ")[" + attributes + "] client is closed"); + } + delegate.setStat(path, attributes); + } + + @Override + public void setStat(Handle handle, Attributes attributes) throws IOException { + if (!isOpen()) { + throw new IOException("setStat(" + handle + ")[" + attributes + "] client is closed"); + } + delegate.setStat(handle, attributes); + } + + @Override + public String readLink(String path) throws IOException { + if (!isOpen()) { + throw new IOException("readLink(" + path + ") client is closed"); + } + return delegate.readLink(path); + } + + @Override + public void symLink(String linkPath, String targetPath) throws IOException { + if (!isOpen()) { + throw new IOException("symLink(" + linkPath + " => " + targetPath + ") client is closed"); + } + delegate.symLink(linkPath, targetPath); + } + + @Override + public Iterable readDir(String path) throws IOException { + if (!isOpen()) { + throw new IOException("readDir(" + path + ") client is closed"); + } + return delegate.readDir(path); + } + + @Override + public InputStream read(String path) throws IOException { + return read(path, readSize); + } + + @Override + public InputStream read(String path, OpenMode... mode) throws IOException { + return read(path, readSize, mode); + } + + @Override + public InputStream read(String path, Collection mode) throws IOException { + return read(path, readSize, mode); + } + + @Override + public InputStream read(String path, int bufferSize, Collection mode) throws IOException { + if (!isOpen()) { + throw new IOException("read(" + path + ")[" + mode + "] size=" + bufferSize + ": client is closed"); + } + return delegate.read(path, bufferSize, mode); + } + + @Override + public OutputStream write(String path) throws IOException { + return write(path, writeSize); + } + + @Override + public OutputStream write(String path, OpenMode... mode) throws IOException { + return write(path, writeSize, mode); + } + + @Override + public OutputStream write(String path, Collection mode) throws IOException { + return write(path, writeSize, mode); + } + + @Override + public OutputStream write(String path, int bufferSize, Collection mode) throws IOException { + if (!isOpen()) { + throw new IOException("write(" + path + ")[" + mode + "] size=" + bufferSize + ": client is closed"); + } + return delegate.write(path, bufferSize, mode); + } + + @Override + public void link(String linkPath, String targetPath, boolean symbolic) throws IOException { + if (!isOpen()) { + throw new IOException( + "link(" + linkPath + " => " + targetPath + "] symbolic=" + symbolic + ": client is closed"); + } + delegate.link(linkPath, targetPath, symbolic); + } + + @Override + public void lock(Handle handle, long offset, long length, int mask) throws IOException { + if (!isOpen()) { + throw new IOException( + "lock(" + handle + ")[offset=" + offset + ", length=" + length + ", mask=0x" + Integer.toHexString(mask) + + "] client is closed"); + } + delegate.lock(handle, offset, length, mask); + } + + @Override + public void unlock(Handle handle, long offset, long length) throws IOException { + if (!isOpen()) { + throw new IOException("unlock" + handle + ")[offset=" + offset + ", length=" + length + "] client is closed"); + } + delegate.unlock(handle, offset, length); + } + + @Override + public int send(int cmd, Buffer buffer) throws IOException { + if (!isOpen()) { + throw new IOException("send(cmd=" + SftpConstants.getCommandMessageName(cmd) + ") client is closed"); + } + + if (delegate instanceof RawSftpClient) { + return ((RawSftpClient) delegate).send(cmd, buffer); + } else { + throw new StreamCorruptedException( + "send(cmd=" + SftpConstants.getCommandMessageName(cmd) + ") delegate is not a " + + RawSftpClient.class.getSimpleName()); + } + } + + @Override + public Buffer receive(int id) throws IOException { + if (!isOpen()) { + throw new IOException("receive(id=" + id + ") client is closed"); + } + + if (delegate instanceof RawSftpClient) { + return ((RawSftpClient) delegate).receive(id); + } else { + throw new StreamCorruptedException( + "receive(id=" + id + ") delegate is not a " + RawSftpClient.class.getSimpleName()); + } + } + + @Override + public Buffer receive(int id, long timeout) throws IOException { + if (!isOpen()) { + throw new IOException("receive(id=" + id + ", timeout=" + timeout + ") client is closed"); + } + + if (delegate instanceof RawSftpClient) { + return ((RawSftpClient) delegate).receive(id, timeout); + } else { + throw new StreamCorruptedException( + "receive(id=" + id + ", timeout=" + timeout + ") delegate is not a " + + RawSftpClient.class.getSimpleName()); + } + } + + @Override + public Buffer receive(int id, Duration timeout) throws IOException { + if (!isOpen()) { + throw new IOException("receive(id=" + id + ", timeout=" + timeout + ") client is closed"); + } + + if (delegate instanceof RawSftpClient) { + return ((RawSftpClient) delegate).receive(id, timeout); + } else { + throw new StreamCorruptedException( + "receive(id=" + id + ", timeout=" + timeout + ") delegate is not a " + + RawSftpClient.class.getSimpleName()); + } + } + } + + public static class DefaultUserPrincipalLookupService extends UserPrincipalLookupService { + public static final DefaultUserPrincipalLookupService INSTANCE = new DefaultUserPrincipalLookupService(); + + public DefaultUserPrincipalLookupService() { + super(); + } + + @Override + public UserPrincipal lookupPrincipalByName(String name) throws IOException { + return new DefaultUserPrincipal(name); + } + + @Override + public GroupPrincipal lookupPrincipalByGroupName(String group) throws IOException { + return new DefaultGroupPrincipal(group); + } + } + + public static class DefaultUserPrincipal implements UserPrincipal { + + private final String name; + + public DefaultUserPrincipal(String name) { + this.name = Objects.requireNonNull(name, "name is null"); + } + + @Override + public final String getName() { + return name; + } + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + DefaultUserPrincipal that = (DefaultUserPrincipal) o; + return Objects.equals(this.getName(), that.getName()); + } + + @Override + public int hashCode() { + return Objects.hashCode(getName()); + } + + @Override + public String toString() { + return getName(); + } + } + + public static class DefaultGroupPrincipal extends DefaultUserPrincipal implements GroupPrincipal { + public DefaultGroupPrincipal(String name) { + super(name); + } + } +} diff --git a/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpFileSystemClientSessionInitializer.java b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpFileSystemClientSessionInitializer.java new file mode 100644 index 0000000..f07718c --- /dev/null +++ b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpFileSystemClientSessionInitializer.java @@ -0,0 +1,99 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.fs; + +import java.io.IOException; +import java.util.Map; + +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.client.session.ClientSessionCreator; +import org.apache.sshd.common.auth.PasswordHolder; +import org.apache.sshd.common.auth.UsernameHolder; +import org.apache.sshd.client.SftpVersionSelector; + +/** + * Provides user hooks into the process of creating a {@link SftpFileSystem} via a {@link SftpFileSystemProvider} + * + * @author Apache MINA SSHD Project + */ +public interface SftpFileSystemClientSessionInitializer { + SftpFileSystemClientSessionInitializer DEFAULT = new SftpFileSystemClientSessionInitializer() { + @Override + public String toString() { + return SftpFileSystemClientSessionInitializer.class.getSimpleName() + "[DEFAULT]"; + } + }; + + /** + * Invoked by the {@link SftpFileSystemProvider#newFileSystem(java.net.URI, Map)} method in order to obtain an + * initial (non-authenticated) {@link ClientSession}. + * + * @param provider The {@link SftpFileSystemProvider} instance requesting the session + * @param context The initialization {@link SftpFileSystemInitializationContext} + * @return The created {@link ClientSession} + * @throws IOException If failed to connect + */ + default ClientSession createClientSession( + SftpFileSystemProvider provider, SftpFileSystemInitializationContext context) + throws IOException { + UsernameHolder user = context.getCredentials(); + ClientSessionCreator client = provider.getClientInstance(); + return client.connect(user.getUsername(), context.getHost(), context.getPort()) + .verifyDuration(context.getMaxConnectTime()).getSession(); + } + + /** + * Invoked by the {@link SftpFileSystemProvider#newFileSystem(java.net.URI, Map)} method in order to authenticate + * the session obtained from + * {@link #createClientSession(SftpFileSystemProvider, SftpFileSystemInitializationContext)} + * + * @param context The initialization {@link SftpFileSystemInitializationContext} + * @param session The created {@link ClientSession} + * @throws IOException If failed to authenticate + */ + default void authenticateClientSession(SftpFileSystemInitializationContext context, ClientSession session) + throws IOException { + PasswordHolder passwordHolder = context.getCredentials(); + String password = passwordHolder.getPassword(); + // If no password provided perhaps the client is set-up to use registered public keys + if (password != null) { + session.addPasswordIdentity(password); + } + session.auth().verifyDuration(context.getMaxAuthTime()); + } + + /** + * Invoked by the {@link SftpFileSystemProvider#newFileSystem(java.net.URI, Map)} method in order to create the + * {@link SftpFileSystem} once session has been authenticated. + * + * @param provider The {@link SftpFileSystemProvider} instance requesting the session + * @param context The initialization {@link SftpFileSystemInitializationContext} + * @param session The authenticated {@link ClientSession} + * @param selector The resolved {@link SftpVersionSelector} to use + * @return The created {@link SftpFileSystem} + * @throws IOException If failed to create the file-system + */ + default SftpFileSystem createSftpFileSystem( + SftpFileSystemProvider provider, SftpFileSystemInitializationContext context, ClientSession session, + SftpVersionSelector selector) + throws IOException { + return new SftpFileSystem(provider, context.getId(), session, provider.getSftpClientFactory(), selector); + } +} diff --git a/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpFileSystemInitializationContext.java b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpFileSystemInitializationContext.java new file mode 100644 index 0000000..d262903 --- /dev/null +++ b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpFileSystemInitializationContext.java @@ -0,0 +1,142 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.fs; + +import java.net.URI; +import java.time.Duration; +import java.util.Map; + +import org.apache.sshd.common.PropertyResolver; +import org.apache.sshd.common.auth.BasicCredentialsProvider; + +/** + * @author Apache MINA SSHD Project + */ +public class SftpFileSystemInitializationContext { + private final String id; + private final URI uri; + private final Map environment; + private String host; + private int port; + private BasicCredentialsProvider credentials; + private PropertyResolver propertyResolver; + private Duration maxConnectTime; + private Duration maxAuthTime; + + /** + * @param id The unique identifier assigned to the file-system being created + * @param uri The original {@link URI} that triggered the file-system creation + * @param env The environment settings passed along with the URI (may be {@code null}) + */ + public SftpFileSystemInitializationContext(String id, URI uri, Map env) { + this.id = id; + this.uri = uri; + this.environment = env; + } + + /** + * @return The unique identifier assigned to the file-system being created + */ + public String getId() { + return id; + } + + /** + * @return The original {@link URI} that triggered the file-system creation + */ + public URI getUri() { + return uri; + } + + /** + * @return The environment settings passed along with the URI (may be {@code null}) + */ + public Map getEnvironment() { + return environment; + } + + public String getHost() { + return host; + } + + public void setHost(String host) { + this.host = host; + } + + /** + * @return The resolved target port from the URI + */ + public int getPort() { + return port; + } + + public void setPort(int port) { + this.port = port; + } + + /** + * @return The credentials recovered from the URI + */ + public BasicCredentialsProvider getCredentials() { + return credentials; + } + + public void setCredentials(BasicCredentialsProvider credentials) { + this.credentials = credentials; + } + + /** + * @return A {@link PropertyResolver} for easy access of any query parameters encoded in the URI + */ + public PropertyResolver getPropertyResolver() { + return propertyResolver; + } + + public void setPropertyResolver(PropertyResolver propertyResolver) { + this.propertyResolver = propertyResolver; + } + + /** + * @return The resolved max. connect timeout (msec.) + */ + public Duration getMaxConnectTime() { + return maxConnectTime; + } + + public void setMaxConnectTime(Duration maxConnectTime) { + this.maxConnectTime = maxConnectTime; + } + + /** + * @return The resolved max. authentication timeout (msec.) + */ + public Duration getMaxAuthTime() { + return maxAuthTime; + } + + public void setMaxAuthTime(Duration maxAuthTime) { + this.maxAuthTime = maxAuthTime; + } + + @Override + public String toString() { + return getClass().getSimpleName() + "[" + getId() + "]"; + } +} diff --git a/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpFileSystemProvider.java b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpFileSystemProvider.java new file mode 100644 index 0000000..c5857a9 --- /dev/null +++ b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpFileSystemProvider.java @@ -0,0 +1,1353 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.fs; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.InetSocketAddress; +import java.net.SocketAddress; +import java.net.URI; +import java.net.URISyntaxException; +import java.nio.channels.FileChannel; +import java.nio.charset.Charset; +import java.nio.file.AccessDeniedException; +import java.nio.file.AccessMode; +import java.nio.file.CopyOption; +import java.nio.file.DirectoryStream; +import java.nio.file.FileAlreadyExistsException; +import java.nio.file.FileStore; +import java.nio.file.FileSystem; +import java.nio.file.FileSystemAlreadyExistsException; +import java.nio.file.FileSystemException; +import java.nio.file.FileSystemNotFoundException; +import java.nio.file.LinkOption; +import java.nio.file.NoSuchFileException; +import java.nio.file.OpenOption; +import java.nio.file.Path; +import java.nio.file.ProviderMismatchException; +import java.nio.file.StandardCopyOption; +import java.nio.file.attribute.AclEntry; +import java.nio.file.attribute.AclFileAttributeView; +import java.nio.file.attribute.BasicFileAttributeView; +import java.nio.file.attribute.BasicFileAttributes; +import java.nio.file.attribute.FileAttribute; +import java.nio.file.attribute.FileAttributeView; +import java.nio.file.attribute.FileOwnerAttributeView; +import java.nio.file.attribute.FileTime; +import java.nio.file.attribute.GroupPrincipal; +import java.nio.file.attribute.PosixFileAttributeView; +import java.nio.file.attribute.PosixFileAttributes; +import java.nio.file.attribute.PosixFilePermission; +import java.nio.file.attribute.UserPrincipal; +import java.nio.file.spi.FileSystemProvider; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.EnumSet; +import java.util.List; +import java.util.Map; +import java.util.NavigableMap; +import java.util.Objects; +import java.util.Set; +import java.util.TreeMap; +import java.util.concurrent.TimeUnit; + +import org.apache.sshd.client.SshClient; +import org.apache.sshd.client.auth.password.PasswordIdentityProvider; +import org.apache.sshd.client.config.hosts.HostConfigEntryResolver; +import org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier; +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.PropertyResolver; +import org.apache.sshd.common.PropertyResolverUtils; +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.SshException; +import org.apache.sshd.common.auth.BasicCredentialsImpl; +import org.apache.sshd.common.auth.BasicCredentialsProvider; +import org.apache.sshd.common.auth.MutableBasicCredentials; +import org.apache.sshd.common.io.IoSession; +import org.apache.sshd.common.keyprovider.KeyIdentityProvider; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.io.IoUtils; +import org.apache.sshd.common.SftpModuleProperties; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.SftpClient.Attributes; +import org.apache.sshd.client.SftpClient.OpenMode; +import org.apache.sshd.client.SftpClientFactory; +import org.apache.sshd.client.SftpVersionSelector; +import org.apache.sshd.client.extensions.CopyFileExtension; +import org.apache.sshd.client.impl.SftpRemotePathChannel; +import org.apache.sshd.common.SftpConstants; +import org.apache.sshd.common.SftpException; + +/** + * A registered {@link FileSystemProvider} that registers the "sftp://" scheme so that URLs with this protocol + * are handled as remote SFTP {@link Path}-s - e.g., "{@code sftp://user:password@host/remote/file/path}" + * + * @author Apache MINA SSHD Project + */ +public class SftpFileSystemProvider extends FileSystemProvider { + + /** + *

    + * URI parameter that can be used to specify a special version selection. Options are: + *

    + *
      + *
    • {@code max} - select maximum available version for the client
      • + *
    • {@code min} - select minimum available version for the client
      • + *
    • {@code current} - whatever version is reported by the server
      • + *
    • {@code nnn} - select only the specified version
      • + *
    • {@code a,b,c} - select one of the specified versions (if available) in preference order
      • + *
    + */ + public static final String VERSION_PARAM = "version"; + + public static final Set> UNIVERSAL_SUPPORTED_VIEWS = Collections.unmodifiableSet( + GenericUtils.asSet( + PosixFileAttributeView.class, + FileOwnerAttributeView.class, + BasicFileAttributeView.class)); + + private final SshClient clientInstance; + private final SftpClientFactory factory; + private final SftpVersionSelector versionSelector; + private final NavigableMap fileSystems = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + private SftpFileSystemClientSessionInitializer fsSessionInitializer = SftpFileSystemClientSessionInitializer.DEFAULT; + + public SftpFileSystemProvider() { + this((SshClient) null); + } + + public SftpFileSystemProvider(SftpVersionSelector selector) { + this(null, selector); + } + + /** + * @param client The {@link SshClient} to use - if {@code null} then a default one will be setup and started. + * Otherwise, it is assumed that the client has already been started + * @see SshClient#setUpDefaultClient() + */ + public SftpFileSystemProvider(SshClient client) { + this(client, SftpVersionSelector.CURRENT); + } + + public SftpFileSystemProvider(SshClient client, SftpVersionSelector selector) { + this(client, null, selector); + } + + public SftpFileSystemProvider(SshClient client, SftpClientFactory factory, SftpVersionSelector selector) { + this.factory = factory; + this.versionSelector = selector; + if (client == null) { + // TODO: make this configurable using system properties + client = SshClient.setUpDefaultClient(); + client.start(); + } + this.clientInstance = client; + } + + @Override + public String getScheme() { + return SftpConstants.SFTP_SUBSYSTEM_NAME; + } + + public final SftpVersionSelector getSftpVersionSelector() { + return versionSelector; + } + + public final SshClient getClientInstance() { + return clientInstance; + } + + public SftpClientFactory getSftpClientFactory() { + return factory; + } + + public SftpFileSystemClientSessionInitializer getSftpFileSystemClientSessionInitializer() { + return fsSessionInitializer; + } + + public void setSftpFileSystemClientSessionInitializer(SftpFileSystemClientSessionInitializer initializer) { + fsSessionInitializer = Objects.requireNonNull(initializer, "No initializer provided"); + } + + @Override // NOTE: co-variant return + public SftpFileSystem newFileSystem(URI uri, Map env) throws IOException { + String host = ValidateUtils.checkNotNullAndNotEmpty(uri.getHost(), "Host not provided"); + int port = uri.getPort(); + if (port <= 0) { + port = SshConstants.DEFAULT_PORT; + } + + Object o = env.get("username"); + String username = o instanceof String ? (String) o : o != null ? o.toString() : null; + o = env.get("password"); + char[] password = o instanceof char[] ? (char[]) o : o instanceof String ? ((String)o).toCharArray() : null; + + boolean disableServerKeys = "true".equals(env.get("disableServerKeys")); + if (disableServerKeys) { + clientInstance.setServerKeyVerifier(AcceptAllServerKeyVerifier.INSTANCE); + } + boolean disableHostEntries = "true".equals(env.get("disableHostEntries")); + if (disableHostEntries) { + clientInstance.setHostConfigEntryResolver(HostConfigEntryResolver.EMPTY); + } + boolean disablePublicKeys = "true".equals(env.get("disablePublicKeys")); + if (disablePublicKeys) { + clientInstance.setKeyIdentityProvider(KeyIdentityProvider.EMPTY_KEYS_PROVIDER); + } + boolean disablePasswords = "true".equals(env.get("disablePasswords")); + if (disablePasswords) { + clientInstance.setPasswordIdentityProvider(PasswordIdentityProvider.EMPTY_PASSWORDS_PROVIDER); + } + String id = getFileSystemIdentifier(host, port, username); + SftpFileSystemInitializationContext context = new SftpFileSystemInitializationContext(id, uri, env); + context.setHost(host); + context.setPort(port); + context.setCredentials(new BasicCredentialsProvider() { + @Override + public String getPassword() { + return password != null ? new String(password) : null; + } + + @Override + public String getUsername() { + return username; + } + }); + + Map params = resolveFileSystemParameters(env, parseURIParameters(uri)); + PropertyResolver resolver = PropertyResolverUtils.toPropertyResolver(params); + context.setPropertyResolver(resolver); + context.setMaxConnectTime(SftpModuleProperties.CONNECT_TIME.getRequired(resolver)); + context.setMaxAuthTime(SftpModuleProperties.AUTH_TIME.getRequired(resolver)); + + SftpVersionSelector selector = resolveSftpVersionSelector(uri, getSftpVersionSelector(), resolver); + Charset decodingCharset = SftpModuleProperties.NAME_DECODER_CHARSET.getRequired(resolver); + + SftpFileSystemClientSessionInitializer initializer = getSftpFileSystemClientSessionInitializer(); + SftpFileSystem fileSystem; + synchronized (fileSystems) { + if (fileSystems.containsKey(id)) { + throw new FileSystemAlreadyExistsException(id); + } + + // TODO try and find a way to avoid doing this while locking the file systems cache + ClientSession session = null; + try { + session = initializer.createClientSession(this, context); + + // Make any extra configuration parameters available to the session + if (GenericUtils.size(params) > 0) { + // Cannot use forEach because the session is not effectively final + for (Map.Entry pe : params.entrySet()) { + String key = pe.getKey(); + Object value = pe.getValue(); + if (VERSION_PARAM.equalsIgnoreCase(key)) { + continue; + } + + PropertyResolverUtils.updateProperty(session, key, value); + } + + SftpModuleProperties.NAME_DECODING_CHARSET.set(session, decodingCharset); + } + + initializer.authenticateClientSession(context, session); + + fileSystem = initializer.createSftpFileSystem(this, context, session, selector); + fileSystems.put(id, fileSystem); + } catch (Exception e) { + if (session != null) { + try { + session.close(); + } catch (IOException t) { + e.addSuppressed(t); + } + } + + if (e instanceof IOException) { + throw (IOException) e; + } else if (e instanceof RuntimeException) { + throw (RuntimeException) e; + } else { + throw new IOException(e); + } + } + } + + Integer bs = SftpModuleProperties.READ_BUFFER_SIZE.getOrNull(resolver); + if (bs != null) { + fileSystem.setReadBufferSize(bs); + } + bs = SftpModuleProperties.WRITE_BUFFER_SIZE.getOrNull(resolver); + if (bs != null) { + fileSystem.setWriteBufferSize(bs); + } + return fileSystem; + } + + protected SftpVersionSelector resolveSftpVersionSelector( + URI uri, SftpVersionSelector defaultSelector, PropertyResolver resolver) { + String preference = resolver.getString(VERSION_PARAM); + if (GenericUtils.isEmpty(preference)) { + return defaultSelector; + } + + + // These are aliases for shorter parameters specification + if ("max".equalsIgnoreCase(preference)) { + return SftpVersionSelector.MAXIMUM; + } else if ("min".equalsIgnoreCase(preference)) { + return SftpVersionSelector.MINIMUM; + } else { + return SftpVersionSelector.resolveVersionSelector(preference); + } + } + + // NOTE: URI parameters override environment ones + public static Map resolveFileSystemParameters(Map env, Map uriParams) { + if (GenericUtils.isEmpty(env)) { + return GenericUtils.isEmpty(uriParams) ? Collections.emptyMap() : uriParams; + } else if (GenericUtils.isEmpty(uriParams)) { + return Collections.unmodifiableMap(env); + } + + Map resolved = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + resolved.putAll(env); + resolved.putAll(uriParams); + return resolved; + } + + /** + * Attempts to parse the user information from the URI + * + * @param uri The {@link URI} value - ignored if {@code null} or does not contain any {@link URI#getUserInfo() user + * info}. + * @return The parsed credentials - {@code null} if none available + */ + public static MutableBasicCredentials parseCredentials(URI uri) { + return parseCredentials((uri == null) ? "" : uri.getUserInfo()); + } + + public static MutableBasicCredentials parseCredentials(String userInfo) { + if (GenericUtils.isEmpty(userInfo)) { + return null; + } + + int pos = userInfo.indexOf(':'); + if (pos < 0) { + return new BasicCredentialsImpl(userInfo, null); // assume password-less login + } + + return new BasicCredentialsImpl(userInfo.substring(0, pos), userInfo.substring(pos + 1)); + } + + public static Map parseURIParameters(URI uri) { + return parseURIParameters((uri == null) ? "" : uri.getQuery()); + } + + public static Map parseURIParameters(String params) { + if (GenericUtils.isEmpty(params)) { + return Collections.emptyMap(); + } + + if (params.charAt(0) == '?') { + if (params.length() == 1) { + return Collections.emptyMap(); + } + params = params.substring(1); + } + + String[] pairs = GenericUtils.split(params, '&'); + Map map = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + for (String p : pairs) { + int pos = p.indexOf('='); + if (pos < 0) { + map.put(p, Boolean.TRUE); + continue; + } + + String key = p.substring(0, pos); + String value = p.substring(pos + 1); + if (NumberUtils.isIntegerNumber(value)) { + map.put(key, Long.valueOf(value)); + } else if ("true".equals(value) || "false".equals("value")) { + map.put(key, Boolean.valueOf(value)); + } else { + map.put(key, value); + } + } + + return map; + } + + public SftpFileSystem newFileSystem(ClientSession session) throws IOException { + String id = getFileSystemIdentifier(session); + SftpFileSystem fileSystem; + synchronized (fileSystems) { + if (fileSystems.containsKey(id)) { + throw new FileSystemAlreadyExistsException(id); + } + fileSystem = new SftpFileSystem(this, id, session, factory, getSftpVersionSelector()); + fileSystems.put(id, fileSystem); + } + + Integer rbs = session.getInteger(SftpModuleProperties.READ_BUFFER_SIZE.getName()); + if (rbs != null) { + fileSystem.setReadBufferSize(rbs); + } + Integer wbs = session.getInteger(SftpModuleProperties.WRITE_BUFFER_SIZE.getName()); + if (wbs != null) { + fileSystem.setWriteBufferSize(wbs); + } + + return fileSystem; + } + + @Override + public FileSystem getFileSystem(URI uri) { + String id = getFileSystemIdentifier(uri); + SftpFileSystem fs = getFileSystem(id); + if (fs == null) { + throw new FileSystemNotFoundException(id); + } + return fs; + } + + /** + * @param id File system identifier - ignored if {@code null}/empty + * @return The removed {@link SftpFileSystem} - {@code null} if no match + */ + public SftpFileSystem removeFileSystem(String id) { + if (GenericUtils.isEmpty(id)) { + return null; + } + + SftpFileSystem removed; + synchronized (fileSystems) { + removed = fileSystems.remove(id); + } + + return removed; + } + + /** + * @param id File system identifier - ignored if {@code null}/empty + * @return The cached {@link SftpFileSystem} - {@code null} if no match + */ + public SftpFileSystem getFileSystem(String id) { + if (GenericUtils.isEmpty(id)) { + return null; + } + + synchronized (fileSystems) { + return fileSystems.get(id); + } + } + + @Override + public Path getPath(URI uri) { + FileSystem fs = getFileSystem(uri); + return fs.getPath(uri.getPath()); + } + + @Override + public FileChannel newByteChannel(Path path, Set options, FileAttribute... attrs) + throws IOException { + return newFileChannel(path, options, attrs); + } + + @Override + public FileChannel newFileChannel(Path path, Set options, FileAttribute... attrs) + throws IOException { + Collection modes = OpenMode.fromOpenOptions(options); + if (modes.isEmpty()) { + modes = EnumSet.of(OpenMode.Read, OpenMode.Write); + } + // TODO: process file attributes + SftpPath p = toSftpPath(path); + return new SftpRemotePathChannel(p.toString(), p.getFileSystem().getClient(), true, modes); + } + + @Override + public InputStream newInputStream(Path path, OpenOption... options) throws IOException { + Collection modes = OpenMode.fromOpenOptions(Arrays.asList(options)); + if (modes.isEmpty()) { + modes = EnumSet.of(OpenMode.Read); + } + SftpPath p = toSftpPath(path); + return p.getFileSystem().getClient().read(p.toString(), modes); + } + + @Override + public OutputStream newOutputStream(Path path, OpenOption... options) throws IOException { + Set modes = OpenMode.fromOpenOptions(Arrays.asList(options)); + if (modes.contains(OpenMode.Read)) { + throw new IllegalArgumentException("READ not allowed"); + } + if (modes.isEmpty()) { + modes = EnumSet.of(OpenMode.Create, OpenMode.Truncate, OpenMode.Write); + } else { + modes.add(OpenMode.Write); + } + SftpPath p = toSftpPath(path); + return p.getFileSystem().getClient().write(p.toString(), modes); + } + + @Override + public DirectoryStream newDirectoryStream(Path dir, DirectoryStream.Filter filter) throws IOException { + final SftpPath p = toSftpPath(dir); + return new SftpDirectoryStream(p, filter); + } + + @Override + public void createDirectory(Path dir, FileAttribute... attrs) throws IOException { + SftpPath p = toSftpPath(dir); + SftpFileSystem fs = p.getFileSystem(); + try (SftpClient sftp = fs.getClient()) { + try { + sftp.mkdir(dir.toString()); + } catch (SftpException e) { + int sftpStatus = e.getStatus(); + if ((sftp.getVersion() == SftpConstants.SFTP_V3) && (sftpStatus == SftpConstants.SSH_FX_FAILURE)) { + try { + Attributes attributes = sftp.stat(dir.toString()); + if (attributes != null) { + throw new FileAlreadyExistsException(p.toString()); + } + } catch (SshException e2) { + e.addSuppressed(e2); + } + } + if (sftpStatus == SftpConstants.SSH_FX_FILE_ALREADY_EXISTS) { + throw new FileAlreadyExistsException(p.toString()); + } + throw e; + } + for (FileAttribute attr : attrs) { + setAttribute(p, attr.name(), attr.value()); + } + } + } + + @Override + public void delete(Path path) throws IOException { + SftpPath p = toSftpPath(path); + checkAccess(p, AccessMode.WRITE); + + SftpFileSystem fs = p.getFileSystem(); + + try (SftpClient sftp = fs.getClient()) { + BasicFileAttributes attributes = readAttributes(path, BasicFileAttributes.class); + if (attributes.isDirectory()) { + sftp.rmdir(path.toString()); + } else { + sftp.remove(path.toString()); + } + } + } + + @Override + public void copy(Path source, Path target, CopyOption... options) throws IOException { + SftpPath src = toSftpPath(source); + SftpPath dst = toSftpPath(target); + if (src.getFileSystem() != dst.getFileSystem()) { + throw new ProviderMismatchException("Mismatched file system providers for " + src + " vs. " + dst); + } + checkAccess(src); + + boolean replaceExisting = false; + boolean copyAttributes = false; + boolean noFollowLinks = false; + for (CopyOption opt : options) { + replaceExisting |= opt == StandardCopyOption.REPLACE_EXISTING; + copyAttributes |= opt == StandardCopyOption.COPY_ATTRIBUTES; + noFollowLinks |= opt == LinkOption.NOFOLLOW_LINKS; + } + LinkOption[] linkOptions = IoUtils.getLinkOptions(!noFollowLinks); + + // attributes of source file + BasicFileAttributes attrs = readAttributes(source, BasicFileAttributes.class, linkOptions); + if (attrs.isSymbolicLink()) { + throw new IOException("Copying of symbolic links not supported"); + } + + // delete target if it exists and REPLACE_EXISTING is specified + Boolean status = IoUtils.checkFileExists(target, linkOptions); + if (status == null) { + throw new AccessDeniedException("Existence cannot be determined for copy target: " + target); + } + + if (replaceExisting) { + deleteIfExists(target); + } else { + if (status) { + throw new FileAlreadyExistsException(target.toString()); + } + } + + // create directory or copy file + if (attrs.isDirectory()) { + createDirectory(target); + } else { + CopyFileExtension copyFile = src.getFileSystem().getClient().getExtension(CopyFileExtension.class); + if (copyFile.isSupported()) { + copyFile.copyFile(source.toString(), target.toString(), false); + } else { + try (InputStream in = newInputStream(source); + OutputStream os = newOutputStream(target)) { + IoUtils.copy(in, os); + } + } + } + + // copy basic attributes to target + if (copyAttributes) { + BasicFileAttributeView view = getFileAttributeView(target, BasicFileAttributeView.class, linkOptions); + try { + view.setTimes(attrs.lastModifiedTime(), attrs.lastAccessTime(), attrs.creationTime()); + } catch (Throwable x) { + // rollback + try { + delete(target); + } catch (Throwable suppressed) { + x.addSuppressed(suppressed); + } + throw x; + } + } + } + + @Override + public void move(Path source, Path target, CopyOption... options) throws IOException { + SftpPath src = toSftpPath(source); + SftpFileSystem fsSrc = src.getFileSystem(); + SftpPath dst = toSftpPath(target); + + if (src.getFileSystem() != dst.getFileSystem()) { + throw new ProviderMismatchException("Mismatched file system providers for " + src + " vs. " + dst); + } + checkAccess(src); + + boolean replaceExisting = false; + boolean copyAttributes = false; + boolean noFollowLinks = false; + for (CopyOption opt : options) { + replaceExisting |= opt == StandardCopyOption.REPLACE_EXISTING; + copyAttributes |= opt == StandardCopyOption.COPY_ATTRIBUTES; + noFollowLinks |= opt == LinkOption.NOFOLLOW_LINKS; + } + LinkOption[] linkOptions = IoUtils.getLinkOptions(noFollowLinks); + + // attributes of source file + BasicFileAttributes attrs = readAttributes(source, BasicFileAttributes.class, linkOptions); + if (attrs.isSymbolicLink()) { + throw new IOException("Moving of source symbolic link (" + source + ") to " + target + " not supported"); + } + + // delete target if it exists and REPLACE_EXISTING is specified + Boolean status = IoUtils.checkFileExists(target, linkOptions); + if (status == null) { + throw new AccessDeniedException("Existence cannot be determined for move target " + target); + } + + if (replaceExisting) { + deleteIfExists(target); + } else if (status) { + throw new FileAlreadyExistsException(target.toString()); + } + + try (SftpClient sftp = fsSrc.getClient()) { + sftp.rename(src.toString(), dst.toString()); + } + + // copy basic attributes to target + if (copyAttributes) { + BasicFileAttributeView view = getFileAttributeView(target, BasicFileAttributeView.class, linkOptions); + try { + view.setTimes(attrs.lastModifiedTime(), attrs.lastAccessTime(), attrs.creationTime()); + } catch (Throwable x) { + // rollback + try { + delete(target); + } catch (Throwable suppressed) { + x.addSuppressed(suppressed); + } + throw x; + } + } + } + + @Override + public boolean isSameFile(Path path1, Path path2) throws IOException { + SftpPath p1 = toSftpPath(path1); + SftpPath p2 = toSftpPath(path2); + if (p1.getFileSystem() != p2.getFileSystem()) { + throw new ProviderMismatchException("Mismatched file system providers for " + p1 + " vs. " + p2); + } + checkAccess(p1); + checkAccess(p2); + return p1.equals(p2); + } + + @Override + public boolean isHidden(Path path) throws IOException { + return false; + } + + @Override + public FileStore getFileStore(Path path) throws IOException { + FileSystem fs = path.getFileSystem(); + if (!(fs instanceof SftpFileSystem)) { + throw new FileSystemException( + path.toString(), path.toString(), "getFileStore(" + path + ") path not attached to an SFTP file system"); + } + + SftpFileSystem sftpFs = (SftpFileSystem) fs; + String id = sftpFs.getId(); + SftpFileSystem cached = getFileSystem(id); + if (cached != sftpFs) { + throw new FileSystemException(path.toString(), path.toString(), "Mismatched file system instance for id=" + id); + } + + return sftpFs.getFileStores().get(0); + } + + @Override + public void createSymbolicLink(Path link, Path target, FileAttribute... attrs) throws IOException { + SftpPath l = toSftpPath(link); + SftpFileSystem fsLink = l.getFileSystem(); + SftpPath t = toSftpPath(target); + if (fsLink != t.getFileSystem()) { + throw new ProviderMismatchException("Mismatched file system providers for " + l + " vs. " + t); + } + + + try (SftpClient client = fsLink.getClient()) { + client.symLink(l.toString(), t.toString()); + } + } + + @Override + public Path readSymbolicLink(Path link) throws IOException { + SftpPath l = toSftpPath(link); + SftpFileSystem fsLink = l.getFileSystem(); + try (SftpClient client = fsLink.getClient()) { + String linkPath = client.readLink(l.toString()); + + return fsLink.getPath(linkPath); + } + } + + @Override + public void checkAccess(Path path, AccessMode... modes) throws IOException { + SftpPath p = toSftpPath(path); + boolean w = false; + boolean x = false; + if (GenericUtils.length(modes) > 0) { + for (AccessMode mode : modes) { + switch (mode) { + case READ: + break; + case WRITE: + w = true; + break; + case EXECUTE: + x = true; + break; + default: + throw new UnsupportedOperationException("Unsupported mode: " + mode); + } + } + } + + BasicFileAttributes attrs = getFileAttributeView(p, BasicFileAttributeView.class).readAttributes(); + if ((attrs == null) && !(p.isAbsolute() && p.getNameCount() == 0)) { + throw new NoSuchFileException(path.toString()); + } + + SftpFileSystem fs = p.getFileSystem(); + if (x || (w && fs.isReadOnly())) { + throw new AccessDeniedException("Filesystem is read-only: " + path.toString()); + } + } + + @Override + public V getFileAttributeView(Path path, Class type, final LinkOption... options) { + if (isSupportedFileAttributeView(path, type)) { + if (AclFileAttributeView.class.isAssignableFrom(type)) { + return type.cast(new SftpAclFileAttributeView(this, path, options)); + } else if (BasicFileAttributeView.class.isAssignableFrom(type)) { + return type.cast(new SftpPosixFileAttributeView(this, path, options)); + } + } + + throw new UnsupportedOperationException( + "getFileAttributeView(" + path + ") view not supported: " + type.getSimpleName()); + } + + public boolean isSupportedFileAttributeView(Path path, Class type) { + return isSupportedFileAttributeView(toSftpPath(path).getFileSystem(), type); + } + + public boolean isSupportedFileAttributeView(SftpFileSystem fs, Class type) { + Collection views = fs.supportedFileAttributeViews(); + if ((type == null) || GenericUtils.isEmpty(views)) { + return false; + } else if (PosixFileAttributeView.class.isAssignableFrom(type)) { + return views.contains("posix"); + } else if (AclFileAttributeView.class.isAssignableFrom(type)) { + return views.contains("acl"); // must come before owner view + } else if (FileOwnerAttributeView.class.isAssignableFrom(type)) { + return views.contains("owner"); + } else if (BasicFileAttributeView.class.isAssignableFrom(type)) { + return views.contains("basic"); // must be last + } else { + return false; + } + } + + @Override + public A readAttributes(Path path, Class type, LinkOption... options) + throws IOException { + if (type.isAssignableFrom(PosixFileAttributes.class)) { + return type.cast(getFileAttributeView(path, PosixFileAttributeView.class, options).readAttributes()); + } + + throw new UnsupportedOperationException("readAttributes(" + path + ")[" + type.getSimpleName() + "] N/A"); + } + + @Override + public Map readAttributes(Path path, String attributes, LinkOption... options) throws IOException { + String view; + String attrs; + int i = attributes.indexOf(':'); + if (i == -1) { + view = "basic"; + attrs = attributes; + } else { + view = attributes.substring(0, i++); + attrs = attributes.substring(i); + } + + return readAttributes(path, view, attrs, options); + } + + public Map readAttributes(Path path, String view, String attrs, LinkOption... options) throws IOException { + SftpPath p = toSftpPath(path); + SftpFileSystem fs = p.getFileSystem(); + Collection views = fs.supportedFileAttributeViews(); + if (GenericUtils.isEmpty(views) || (!views.contains(view))) { + throw new UnsupportedOperationException( + "readAttributes(" + path + ")[" + view + ":" + attrs + "] view not supported: " + views); + } + + if ("basic".equalsIgnoreCase(view) || "posix".equalsIgnoreCase(view) || "owner".equalsIgnoreCase(view)) { + return readPosixViewAttributes(p, view, attrs, options); + } else if ("acl".equalsIgnoreCase(view)) { + return readAclViewAttributes(p, view, attrs, options); + } else { + return readCustomViewAttributes(p, view, attrs, options); + } + } + + protected Map readCustomViewAttributes(SftpPath path, String view, String attrs, LinkOption... options) + throws IOException { + throw new UnsupportedOperationException( + "readCustomViewAttributes(" + path + ")[" + view + ":" + attrs + "] view not supported"); + } + + protected NavigableMap readAclViewAttributes( + SftpPath path, String view, String attrs, LinkOption... options) + throws IOException { + if ("*".equals(attrs)) { + attrs = "acl,owner"; + } + + SftpFileSystem fs = path.getFileSystem(); + Attributes attributes; + SftpClient client = fs.getClient(); + attributes = readRemoteAttributes(path, options); + client.close(); + + NavigableMap map = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + String[] attrValues = GenericUtils.split(attrs, ','); + for (String attr : attrValues) { + switch (attr) { + case "acl": + List acl = attributes.getAcl(); + if (acl != null) { + map.put(attr, acl); + } + break; + case "owner": + String owner = attributes.getOwner(); + if (GenericUtils.length(owner) > 0) { + map.put(attr, new SftpFileSystem.DefaultUserPrincipal(owner)); + } + break; + default: + break; + } + } + + return map; + } + + public Attributes readRemoteAttributes(SftpPath path, LinkOption... options) throws IOException { + SftpFileSystem fs = path.getFileSystem(); + try (SftpClient client = fs.getClient()) { + try { + Attributes attrs; + if (IoUtils.followLinks(options)) { + attrs = client.stat(path.toString()); + } else { + attrs = client.lstat(path.toString()); + } + return attrs; + } catch (SftpException e) { + if (e.getStatus() == SftpConstants.SSH_FX_NO_SUCH_FILE) { + throw new NoSuchFileException(path.toString()); + } + throw e; + } + } + } + + protected NavigableMap readPosixViewAttributes( + SftpPath path, String view, String attrs, LinkOption... options) + throws IOException { + PosixFileAttributes v = readAttributes(path, PosixFileAttributes.class, options); + if ("*".equals(attrs)) { + attrs = "lastModifiedTime,lastAccessTime,creationTime,size,isRegularFile,isDirectory,isSymbolicLink,isOther,fileKey,owner,permissions,group"; + } + + NavigableMap map = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + String[] attrValues = GenericUtils.split(attrs, ','); + for (String attr : attrValues) { + switch (attr) { + case "lastModifiedTime": + map.put(attr, v.lastModifiedTime()); + break; + case "lastAccessTime": + map.put(attr, v.lastAccessTime()); + break; + case "creationTime": + map.put(attr, v.creationTime()); + break; + case "size": + map.put(attr, v.size()); + break; + case "isRegularFile": + map.put(attr, v.isRegularFile()); + break; + case "isDirectory": + map.put(attr, v.isDirectory()); + break; + case "isSymbolicLink": + map.put(attr, v.isSymbolicLink()); + break; + case "isOther": + map.put(attr, v.isOther()); + break; + case "fileKey": + map.put(attr, v.fileKey()); + break; + case "owner": + map.put(attr, v.owner()); + break; + case "permissions": + map.put(attr, v.permissions()); + break; + case "group": + map.put(attr, v.group()); + break; + default: + break; + } + } + return map; + } + + @Override + public void setAttribute(Path path, String attribute, Object value, LinkOption... options) throws IOException { + String view; + String attr; + int i = attribute.indexOf(':'); + if (i == -1) { + view = "basic"; + attr = attribute; + } else { + view = attribute.substring(0, i++); + attr = attribute.substring(i); + } + + setAttribute(path, view, attr, value, options); + } + + public void setAttribute(Path path, String view, String attr, Object value, LinkOption... options) throws IOException { + SftpPath p = toSftpPath(path); + SftpFileSystem fs = p.getFileSystem(); + Collection views = fs.supportedFileAttributeViews(); + if (GenericUtils.isEmpty(views) || (!views.contains(view))) { + throw new UnsupportedOperationException( + "setAttribute(" + path + ")[" + view + ":" + attr + "=" + value + "] view " + view + " not supported: " + + views); + } + + Attributes attributes = new Attributes(); + switch (attr) { + case "lastModifiedTime": + attributes.modifyTime((int) ((FileTime) value).to(TimeUnit.SECONDS)); + break; + case "lastAccessTime": + attributes.accessTime((int) ((FileTime) value).to(TimeUnit.SECONDS)); + break; + case "creationTime": + attributes.createTime((int) ((FileTime) value).to(TimeUnit.SECONDS)); + break; + case "size": + attributes.size(((Number) value).longValue()); + break; + case "permissions": { + @SuppressWarnings("unchecked") + Set attrSet = (Set) value; + attributes.perms(attributesToPermissions(path, attrSet)); + break; + } + case "owner": + attributes.owner(((UserPrincipal) value).getName()); + break; + case "group": + attributes.group(((GroupPrincipal) value).getName()); + break; + case "acl": { + ValidateUtils.checkTrue("acl".equalsIgnoreCase(view), "ACL cannot be set via view=%s", view); + @SuppressWarnings("unchecked") + List acl = (List) value; + attributes.acl(acl); + break; + } + case "isRegularFile": + case "isDirectory": + case "isSymbolicLink": + case "isOther": + case "fileKey": + throw new UnsupportedOperationException( + "setAttribute(" + path + ")[" + view + ":" + attr + "=" + value + "] modification N/A"); + default: + break; + } + + + try (SftpClient client = fs.getClient()) { + client.setStat(p.toString(), attributes); + } + } + + public SftpPath toSftpPath(Path path) { + Objects.requireNonNull(path, "No path provided"); + if (!(path instanceof SftpPath)) { + throw new ProviderMismatchException("Path is not SFTP: " + path); + } + return (SftpPath) path; + } + + protected int attributesToPermissions(Path path, Collection perms) { + if (GenericUtils.isEmpty(perms)) { + return 0; + } + + int pf = 0; + for (PosixFilePermission p : perms) { + switch (p) { + case OWNER_READ: + pf |= SftpConstants.S_IRUSR; + break; + case OWNER_WRITE: + pf |= SftpConstants.S_IWUSR; + break; + case OWNER_EXECUTE: + pf |= SftpConstants.S_IXUSR; + break; + case GROUP_READ: + pf |= SftpConstants.S_IRGRP; + break; + case GROUP_WRITE: + pf |= SftpConstants.S_IWGRP; + break; + case GROUP_EXECUTE: + pf |= SftpConstants.S_IXGRP; + break; + case OTHERS_READ: + pf |= SftpConstants.S_IROTH; + break; + case OTHERS_WRITE: + pf |= SftpConstants.S_IWOTH; + break; + case OTHERS_EXECUTE: + pf |= SftpConstants.S_IXOTH; + break; + default: + } + } + + return pf; + } + + public static String getRWXPermissions(int perms) { + StringBuilder sb = new StringBuilder(10 /* 3 * rwx + (d)irectory */); + if ((perms & SftpConstants.S_IFLNK) == SftpConstants.S_IFLNK) { + sb.append('l'); + } else if ((perms & SftpConstants.S_IFDIR) == SftpConstants.S_IFDIR) { + sb.append('d'); + } else { + sb.append('-'); + } + + if ((perms & SftpConstants.S_IRUSR) == SftpConstants.S_IRUSR) { + sb.append('r'); + } else { + sb.append('-'); + } + if ((perms & SftpConstants.S_IWUSR) == SftpConstants.S_IWUSR) { + sb.append('w'); + } else { + sb.append('-'); + } + if ((perms & SftpConstants.S_IXUSR) == SftpConstants.S_IXUSR) { + sb.append('x'); + } else { + sb.append('-'); + } + + if ((perms & SftpConstants.S_IRGRP) == SftpConstants.S_IRGRP) { + sb.append('r'); + } else { + sb.append('-'); + } + if ((perms & SftpConstants.S_IWGRP) == SftpConstants.S_IWGRP) { + sb.append('w'); + } else { + sb.append('-'); + } + if ((perms & SftpConstants.S_IXGRP) == SftpConstants.S_IXGRP) { + sb.append('x'); + } else { + sb.append('-'); + } + + if ((perms & SftpConstants.S_IROTH) == SftpConstants.S_IROTH) { + sb.append('r'); + } else { + sb.append('-'); + } + if ((perms & SftpConstants.S_IWOTH) == SftpConstants.S_IWOTH) { + sb.append('w'); + } else { + sb.append('-'); + } + if ((perms & SftpConstants.S_IXOTH) == SftpConstants.S_IXOTH) { + sb.append('x'); + } else { + sb.append('-'); + } + + return sb.toString(); + } + + public static String getOctalPermissions(int perms) { + Collection attrs = permissionsToAttributes(perms); + return getOctalPermissions(attrs); + } + + public static Set permissionsToAttributes(int perms) { + Set p = EnumSet.noneOf(PosixFilePermission.class); + if ((perms & SftpConstants.S_IRUSR) == SftpConstants.S_IRUSR) { + p.add(PosixFilePermission.OWNER_READ); + } + if ((perms & SftpConstants.S_IWUSR) == SftpConstants.S_IWUSR) { + p.add(PosixFilePermission.OWNER_WRITE); + } + if ((perms & SftpConstants.S_IXUSR) == SftpConstants.S_IXUSR) { + p.add(PosixFilePermission.OWNER_EXECUTE); + } + if ((perms & SftpConstants.S_IRGRP) == SftpConstants.S_IRGRP) { + p.add(PosixFilePermission.GROUP_READ); + } + if ((perms & SftpConstants.S_IWGRP) == SftpConstants.S_IWGRP) { + p.add(PosixFilePermission.GROUP_WRITE); + } + if ((perms & SftpConstants.S_IXGRP) == SftpConstants.S_IXGRP) { + p.add(PosixFilePermission.GROUP_EXECUTE); + } + if ((perms & SftpConstants.S_IROTH) == SftpConstants.S_IROTH) { + p.add(PosixFilePermission.OTHERS_READ); + } + if ((perms & SftpConstants.S_IWOTH) == SftpConstants.S_IWOTH) { + p.add(PosixFilePermission.OTHERS_WRITE); + } + if ((perms & SftpConstants.S_IXOTH) == SftpConstants.S_IXOTH) { + p.add(PosixFilePermission.OTHERS_EXECUTE); + } + return p; + } + + public static String getOctalPermissions(Collection perms) { + int pf = 0; + + for (PosixFilePermission p : perms) { + switch (p) { + case OWNER_READ: + pf |= SftpConstants.S_IRUSR; + break; + case OWNER_WRITE: + pf |= SftpConstants.S_IWUSR; + break; + case OWNER_EXECUTE: + pf |= SftpConstants.S_IXUSR; + break; + case GROUP_READ: + pf |= SftpConstants.S_IRGRP; + break; + case GROUP_WRITE: + pf |= SftpConstants.S_IWGRP; + break; + case GROUP_EXECUTE: + pf |= SftpConstants.S_IXGRP; + break; + case OTHERS_READ: + pf |= SftpConstants.S_IROTH; + break; + case OTHERS_WRITE: + pf |= SftpConstants.S_IWOTH; + break; + case OTHERS_EXECUTE: + pf |= SftpConstants.S_IXOTH; + break; + default: // ignored + } + } + + return String.format("%04o", pf); + } + + /** + * Uses the host, port and username to create a unique identifier + * + * @param uri The {@link URI} - Note: not checked to make sure that the scheme is {@code sftp://} + * @return The unique identifier + * @see #getFileSystemIdentifier(String, int, String) + */ + public static String getFileSystemIdentifier(URI uri) { + String userInfo = ValidateUtils.checkNotNullAndNotEmpty(uri.getUserInfo(), "UserInfo not provided"); + String[] ui = GenericUtils.split(userInfo, ':'); + ValidateUtils.checkTrue(GenericUtils.length(ui) == 2, "Invalid user info: %s", userInfo); + return getFileSystemIdentifier(uri.getHost(), uri.getPort(), ui[0]); + } + + /** + * Uses the remote host address, port and current username to create a unique identifier + * + * @param session The {@link ClientSession} + * @return The unique identifier + * @see #getFileSystemIdentifier(String, int, String) + */ + public static String getFileSystemIdentifier(ClientSession session) { + IoSession ioSession = session.getIoSession(); + SocketAddress addr = ioSession.getRemoteAddress(); + String username = session.getUsername(); + if (addr instanceof InetSocketAddress) { + InetSocketAddress inetAddr = (InetSocketAddress) addr; + return getFileSystemIdentifier(inetAddr.getHostString(), inetAddr.getPort(), username); + } else { + return getFileSystemIdentifier(addr.toString(), SshConstants.DEFAULT_PORT, username); + } + } + + public static String getFileSystemIdentifier(String host, int port, String username) { + return GenericUtils.trimToEmpty(host) + ':' + + SshConstants.TO_EFFECTIVE_PORT.applyAsInt(port) + ':' + + GenericUtils.trimToEmpty(username); + } + + public static URI createFileSystemURI(String host, int port, String username, String password) { + return createFileSystemURI(host, port, username, password, Collections.emptyMap()); + } + + public static URI createFileSystemURI(String host, int port, String username, String password, Map params) { + ValidateUtils.checkNotNullAndNotEmpty(host, "No host provided"); + + String queryPart = null; + int numParams = GenericUtils.size(params); + if (numParams > 0) { + StringBuilder sb = new StringBuilder(numParams * Short.SIZE); + for (Map.Entry pe : params.entrySet()) { + String key = pe.getKey(); + Object value = pe.getValue(); + if (sb.length() > 0) { + sb.append('&'); + } + sb.append(key); + if (value != null) { + sb.append('=').append(Objects.toString(value, null)); + } + } + + queryPart = sb.toString(); + } + + try { + String userAuth = encodeCredentials(username, password); + return new URI(SftpConstants.SFTP_SUBSYSTEM_NAME, userAuth, host, port, "/", queryPart, null); + } catch (URISyntaxException e) { + throw new IllegalArgumentException( + "Failed (" + e.getClass().getSimpleName() + ")" + + " to create access URI: " + e.getMessage(), + e); + } + } + + public static String encodeCredentials(String username, String password) { + ValidateUtils.checkNotNullAndNotEmpty(username, "No username provided"); + + /* + * There is no way to properly encode/decode credentials that already contain colon. See also + * https://tools.ietf.org/html/rfc3986#section-3.2.1: + * + * + * Use of the format "user:password" in the userinfo field is deprecated. Applications should not render as + * clear text any data after the first colon (":") character found within a userinfo subcomponent unless the + * data after the colon is the empty string (indicating no password). Applications may choose to ignore or + * reject such data when it is received as part of a reference and should reject the storage of such data in + * unencrypted form. + */ + ValidateUtils.checkTrue((username.indexOf(':') < 0) && ((password == null) || (password.indexOf(':') < 0)), + "Reserved character used in credentials"); + if (password == null) { + return username; // assume password-less login required + } else { + return username + ":" + password; + } + } +} diff --git a/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpPath.java b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpPath.java new file mode 100644 index 0000000..2ac1c1f --- /dev/null +++ b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpPath.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.fs; + +import java.io.IOException; +import java.nio.file.FileSystem; +import java.nio.file.LinkOption; +import java.nio.file.spi.FileSystemProvider; +import java.util.List; + +import org.apache.sshd.common.file.util.BasePath; + +public class SftpPath extends BasePath { + public SftpPath(SftpFileSystem fileSystem, String root, List names) { + super(fileSystem, root, names); + } + + @Override + public SftpPath toRealPath(LinkOption... options) throws IOException { + // TODO: handle links + SftpPath absolute = toAbsolutePath(); + FileSystem fs = getFileSystem(); + FileSystemProvider provider = fs.provider(); + provider.checkAccess(absolute); + return absolute; + } +} diff --git a/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpPathDirectoryScanner.java b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpPathDirectoryScanner.java new file mode 100644 index 0000000..ed810a9 --- /dev/null +++ b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpPathDirectoryScanner.java @@ -0,0 +1,94 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.fs; + +import java.nio.file.Path; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.stream.Collectors; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.SelectorUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.io.DirectoryScanner; + +/** + * An SFTP-aware {@link DirectoryScanner} that assumes all {@link Path}-s refer to SFTP remote ones and match patterns + * use "/" as their separator with case sensitive matching by default (though the latter can be modified). + * + * @author Apache MINA SSHD Project + */ +public class SftpPathDirectoryScanner extends DirectoryScanner { + public SftpPathDirectoryScanner() { + this(true); + } + + public SftpPathDirectoryScanner(boolean caseSensitive) { + setSeparator("/"); + setCaseSensitive(caseSensitive); + } + + public SftpPathDirectoryScanner(Path dir) { + this(dir, Collections.emptyList()); + } + + public SftpPathDirectoryScanner(Path dir, String... includes) { + this(dir, GenericUtils.isEmpty(includes) ? Collections.emptyList() : Arrays.asList(includes)); + } + + public SftpPathDirectoryScanner(Path dir, Collection includes) { + this(); + + setBasedir(dir); + setIncludes(includes); + } + + @Override + public String getSeparator() { + return "/"; + } + + @Override + public void setSeparator(String separator) { + ValidateUtils.checkState("/".equals(separator), "Invalid separator: '%s'", separator); + super.setSeparator(separator); + } + + @Override + public void setIncludes(Collection includes) { + this.includePatterns = GenericUtils.isEmpty(includes) + ? Collections.emptyList() + : Collections.unmodifiableList( + includes.stream() + .map(v -> adjustPattern(v)) + .collect(Collectors.toCollection(() -> new ArrayList<>(includes.size())))); + } + + public static String adjustPattern(String pattern) { + pattern = pattern.trim(); + if ((!pattern.startsWith(SelectorUtils.REGEX_HANDLER_PREFIX)) && pattern.endsWith("/")) { + return pattern + "**"; + } + + return pattern; + } +} diff --git a/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpPathIterator.java b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpPathIterator.java new file mode 100644 index 0000000..222a291 --- /dev/null +++ b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpPathIterator.java @@ -0,0 +1,126 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.fs; + +import java.io.IOException; +import java.nio.file.DirectoryIteratorException; +import java.nio.file.DirectoryStream; +import java.nio.file.DirectoryStream.Filter; +import java.nio.file.Path; +import java.util.Iterator; +import java.util.NoSuchElementException; +import java.util.Objects; + +import org.apache.sshd.client.SftpClient; + +/** + * Implements and {@link Iterator} of {@link SftpPath}-s returned by a {@link DirectoryStream#iterator()} method. + * + * @author Apache MINA SSHD Project + */ +public class SftpPathIterator implements Iterator { + protected final Iterator it; + protected boolean dotIgnored; + protected boolean dotdotIgnored; + protected SftpPath curEntry; + + private final SftpPath path; + private Filter filter; + + public SftpPathIterator(SftpPath path, Iterable iter) { + this(path, iter, null); + } + + public SftpPathIterator(SftpPath path, Iterable iter, + Filter filter) { + this(path, (iter == null) ? null : iter.iterator(), filter); + } + + public SftpPathIterator(SftpPath path, Iterator iter) { + this(path, iter, null); + } + + public SftpPathIterator(SftpPath path, Iterator iter, + Filter filter) { + this.path = Objects.requireNonNull(path, "No root path provided"); + this.filter = filter; + + it = iter; + curEntry = nextEntry(path, filter); + } + + /** + * @return The root {@link SftpPath} for this directory iterator + */ + public final SftpPath getRootPath() { + return path; + } + + /** + * @return The original filter - may be {@code null} to indicate no filter + */ + public final Filter getFilter() { + return filter; + } + + @Override + public boolean hasNext() { + return curEntry != null; + } + + @Override + public Path next() { + if (curEntry == null) { + throw new NoSuchElementException("No next entry"); + } + + SftpPath returnValue = curEntry; + curEntry = nextEntry(getRootPath(), getFilter()); + return returnValue; + } + + protected SftpPath nextEntry(SftpPath root, Filter selector) { + while ((it != null) && it.hasNext()) { + SftpClient.DirEntry entry = it.next(); + String name = entry.getFilename(); + if (".".equals(name) && (!dotIgnored)) { + dotIgnored = true; + } else if ("..".equals(name) && (!dotdotIgnored)) { + dotdotIgnored = true; + } else { + SftpPath candidate = root.resolve(entry.getFilename()); + try { + if ((selector == null) || selector.accept(candidate)) { + return candidate; + } + } catch (IOException e) { + throw new DirectoryIteratorException(e); + } + } + } + + return null; + } + + @Override + public void remove() { + throw new UnsupportedOperationException("newDirectoryStream(" + getRootPath() + ") Iterator#remove() N/A"); + } +} diff --git a/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpPosixFileAttributeView.java b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpPosixFileAttributeView.java new file mode 100644 index 0000000..a851de5 --- /dev/null +++ b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpPosixFileAttributeView.java @@ -0,0 +1,91 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.fs; + +import java.io.IOException; +import java.nio.file.LinkOption; +import java.nio.file.Path; +import java.nio.file.attribute.FileTime; +import java.nio.file.attribute.GroupPrincipal; +import java.nio.file.attribute.PosixFileAttributeView; +import java.nio.file.attribute.PosixFileAttributes; +import java.nio.file.attribute.PosixFilePermission; +import java.nio.file.attribute.UserPrincipal; +import java.util.Set; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.client.SftpClient; + +/** + * @author Apache MINA SSHD Project + */ +public class SftpPosixFileAttributeView extends AbstractSftpFileAttributeView implements PosixFileAttributeView { + public SftpPosixFileAttributeView(SftpFileSystemProvider provider, Path path, LinkOption... options) { + super(provider, path, options); + } + + @Override + public String name() { + return "posix"; + } + + @Override + public PosixFileAttributes readAttributes() throws IOException { + return new SftpPosixFileAttributes(path, readRemoteAttributes()); + } + + @Override + public void setTimes(FileTime lastModifiedTime, FileTime lastAccessTime, FileTime createTime) throws IOException { + SftpClient.Attributes attrs = new SftpClient.Attributes(); + if (lastModifiedTime != null) { + attrs.modifyTime(lastModifiedTime); + } + if (lastAccessTime != null) { + attrs.accessTime(lastAccessTime); + } + if (createTime != null) { + attrs.createTime(createTime); + } + + if (GenericUtils.isEmpty(attrs.getFlags())) { + } else { + writeRemoteAttributes(attrs); + } + } + + @Override + public void setPermissions(Set perms) throws IOException { + provider.setAttribute(path, "permissions", perms, options); + } + + @Override + public void setGroup(GroupPrincipal group) throws IOException { + provider.setAttribute(path, "group", group, options); + } + + @Override + public UserPrincipal getOwner() throws IOException { + return readAttributes().owner(); + } + + @Override + public void setOwner(UserPrincipal owner) throws IOException { + provider.setAttribute(path, "owner", owner, options); + } +} diff --git a/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpPosixFileAttributes.java b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpPosixFileAttributes.java new file mode 100644 index 0000000..8f2c907 --- /dev/null +++ b/files-sftp-fs/src/main/java/org/apache/sshd/fs/SftpPosixFileAttributes.java @@ -0,0 +1,113 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.fs; + +import java.nio.file.Path; +import java.nio.file.attribute.FileTime; +import java.nio.file.attribute.GroupPrincipal; +import java.nio.file.attribute.PosixFileAttributes; +import java.nio.file.attribute.PosixFilePermission; +import java.nio.file.attribute.UserPrincipal; +import java.util.Set; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.client.SftpClient.Attributes; + +/** + * @author Apache MINA SSHD Project + */ +public class SftpPosixFileAttributes implements PosixFileAttributes { + private final Path path; + private final Attributes attributes; + + public SftpPosixFileAttributes(Path path, Attributes attributes) { + this.path = path; + this.attributes = attributes; + } + + /** + * @return The referenced attributes file {@link Path} + */ + public final Path getPath() { + return path; + } + + @Override + public UserPrincipal owner() { + String owner = attributes.getOwner(); + return GenericUtils.isEmpty(owner) ? null : new SftpFileSystem.DefaultUserPrincipal(owner); + } + + @Override + public GroupPrincipal group() { + String group = attributes.getGroup(); + return GenericUtils.isEmpty(group) ? null : new SftpFileSystem.DefaultGroupPrincipal(group); + } + + @Override + public Set permissions() { + return SftpFileSystemProvider.permissionsToAttributes(attributes.getPermissions()); + } + + @Override + public FileTime lastModifiedTime() { + return attributes.getModifyTime(); + } + + @Override + public FileTime lastAccessTime() { + return attributes.getAccessTime(); + } + + @Override + public FileTime creationTime() { + return attributes.getCreateTime(); + } + + @Override + public boolean isRegularFile() { + return attributes.isRegularFile(); + } + + @Override + public boolean isDirectory() { + return attributes.isDirectory(); + } + + @Override + public boolean isSymbolicLink() { + return attributes.isSymbolicLink(); + } + + @Override + public boolean isOther() { + return attributes.isOther(); + } + + @Override + public long size() { + return attributes.getSize(); + } + + @Override + public Object fileKey() { + // TODO consider implementing this + return null; + } +} diff --git a/files-sftp-fs/src/main/resources/META-INF/services/java.nio.file.spi.FileSystemProvider b/files-sftp-fs/src/main/resources/META-INF/services/java.nio.file.spi.FileSystemProvider new file mode 100755 index 0000000..56f9084 --- /dev/null +++ b/files-sftp-fs/src/main/resources/META-INF/services/java.nio.file.spi.FileSystemProvider @@ -0,0 +1,2 @@ +org.apache.sshd.fs.SftpFileSystemProvider +org.apache.sshd.common.file.root.RootedFileSystemProvider diff --git a/files-sftp-fs/src/test/java/org/apache/sshd/fs/test/SFTPFileSystemTest.java b/files-sftp-fs/src/test/java/org/apache/sshd/fs/test/SFTPFileSystemTest.java new file mode 100644 index 0000000..8522073 --- /dev/null +++ b/files-sftp-fs/src/test/java/org/apache/sshd/fs/test/SFTPFileSystemTest.java @@ -0,0 +1,49 @@ +package org.apache.sshd.fs.test; + +import org.apache.sshd.client.ClientBuilder; +import org.apache.sshd.client.SshClient; +import org.apache.sshd.common.keyprovider.FileKeyPairProvider; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.fs.SftpFileSystem; +import org.apache.sshd.fs.SftpFileSystemProvider; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.junit.jupiter.api.Test; +import org.xbib.io.sshd.eddsa.EdDSASecurityProvider; +import java.net.URI; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.security.KeyPair; +import java.security.Security; +import java.util.HashMap; +import java.util.Map; +import java.util.logging.Logger; + +public class SFTPFileSystemTest { + + private static final Logger logger = Logger.getLogger(SFTPFileSystemTest.class.getName()); + + static { + Security.addProvider(new EdDSASecurityProvider()); + Security.addProvider(new BouncyCastleProvider()); + } + + @Test + public void init() throws Exception { + Map env = new HashMap<>(); + env.put("username", "joerg"); + URI uri = URI.create("sftp://xbib.org"); + SshClient sshClient = ClientBuilder.builder().build(); + Path privateKey = Paths.get("/Users/joerg/.ssh/id_ed25519"); + KeyPairProvider keyPairProvider = new FileKeyPairProvider(privateKey); + keyPairProvider.loadKeys(null).forEach(sshClient::addPublicKeyIdentity); + for (String keyType : keyPairProvider.getKeyTypes(null)) { + logger.info("found key type = " + keyType); + } + KeyPair keyPair = keyPairProvider.loadKey(null, "ssh-ed25519"); + sshClient.addPublicKeyIdentity(keyPair); + sshClient.setNioWorkers(1); + sshClient.start(); + SftpFileSystem fileSystem = new SftpFileSystemProvider(sshClient).newFileSystem(uri, env); + sshClient.stop(); + } +} diff --git a/files-sftp-fs/src/test/resources/logging.properties b/files-sftp-fs/src/test/resources/logging.properties new file mode 100644 index 0000000..b1f9e8e --- /dev/null +++ b/files-sftp-fs/src/test/resources/logging.properties @@ -0,0 +1,8 @@ +handlers=java.util.logging.ConsoleHandler,java.util.logging.FileHandler +.level=ALL +java.util.logging.SimpleFormatter.format=%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS.%1$tL %4$-7s [%3$s] %5$s %6$s%n +java.util.logging.ConsoleHandler.level=ALL +java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter +java.util.logging.FileHandler.level=INFO +java.util.logging.FileHandler.pattern=build/test.log +java.util.logging.FileHandler.formatter=java.util.logging.SimpleFormatter diff --git a/files-sftp-fs/src/test/resources/testFileWrite.txt b/files-sftp-fs/src/test/resources/testFileWrite.txt new file mode 100755 index 0000000..30d74d2 --- /dev/null +++ b/files-sftp-fs/src/test/resources/testFileWrite.txt @@ -0,0 +1 @@ +test \ No newline at end of file diff --git a/files-sftp/build.gradle b/files-sftp/build.gradle new file mode 100644 index 0000000..9c5893a --- /dev/null +++ b/files-sftp/build.gradle @@ -0,0 +1,4 @@ +dependencies { + api project(':files-eddsa') + implementation "org.bouncycastle:bcpkix-jdk15on:${project.property('bouncycastle.version')}" +} diff --git a/files-sftp/src/main/java/module-info.java b/files-sftp/src/main/java/module-info.java new file mode 100644 index 0000000..0675825 --- /dev/null +++ b/files-sftp/src/main/java/module-info.java @@ -0,0 +1,87 @@ +module org.xbib.files.sftp { + exports org.apache.sshd.client; + exports org.apache.sshd.client.auth; + exports org.apache.sshd.client.auth.password; + exports org.apache.sshd.client.auth.hostbased; + exports org.apache.sshd.client.auth.keyboard; + exports org.apache.sshd.client.auth.pubkey; + exports org.apache.sshd.client.channel; + exports org.apache.sshd.client.channel.exit; + exports org.apache.sshd.client.config; + exports org.apache.sshd.client.config.hosts; + exports org.apache.sshd.client.config.keys; + exports org.apache.sshd.client.extensions; + exports org.apache.sshd.client.extensions.helpers; + exports org.apache.sshd.client.extensions.openssh; + exports org.apache.sshd.client.future; + exports org.apache.sshd.client.global; + exports org.apache.sshd.client.impl; + exports org.apache.sshd.client.kex; + exports org.apache.sshd.client.keyverifier; + exports org.apache.sshd.client.session; + exports org.apache.sshd.client.session.forward; + exports org.apache.sshd.client.simple; + exports org.apache.sshd.client.subsystem; + exports org.apache.sshd.common; + exports org.apache.sshd.common.auth; + exports org.apache.sshd.common.channel; + exports org.apache.sshd.common.channel.exception; + exports org.apache.sshd.common.channel.throttle; + exports org.apache.sshd.common.cipher; + exports org.apache.sshd.common.compression; + exports org.apache.sshd.common.config; + exports org.apache.sshd.common.config.keys; + exports org.apache.sshd.common.config.keys.impl; + exports org.apache.sshd.common.config.keys.writer; + exports org.apache.sshd.common.config.keys.writer.openssh; + exports org.apache.sshd.common.config.keys.loader; + exports org.apache.sshd.common.config.keys.loader.openssh; + exports org.apache.sshd.common.config.keys.loader.openssh.kdf; + exports org.apache.sshd.common.config.keys.loader.ssh2; + exports org.apache.sshd.common.config.keys.loader.pem; + exports org.apache.sshd.common.digest; + exports org.apache.sshd.common.extensions; + exports org.apache.sshd.common.extensions.openssh; + exports org.apache.sshd.common.file; + exports org.apache.sshd.common.file.nativefs; + exports org.apache.sshd.common.file.nonefs; + exports org.apache.sshd.common.file.root; + exports org.apache.sshd.common.file.virtualfs; + exports org.apache.sshd.common.file.util; + exports org.apache.sshd.common.forward; + exports org.apache.sshd.common.future; + exports org.apache.sshd.common.global; + exports org.apache.sshd.common.helpers; + exports org.apache.sshd.common.io; + exports org.apache.sshd.common.io.nio2; + exports org.apache.sshd.common.kex; + exports org.apache.sshd.common.kex.dh; + exports org.apache.sshd.common.kex.extension; + exports org.apache.sshd.common.kex.extension.parser; + exports org.apache.sshd.common.keyprovider; + exports org.apache.sshd.common.mac; + exports org.apache.sshd.common.random; + exports org.apache.sshd.common.session; + exports org.apache.sshd.common.session.helpers; + exports org.apache.sshd.common.signature; + exports org.apache.sshd.common.u2f; + exports org.apache.sshd.common.util; + exports org.apache.sshd.common.util.buffer; + exports org.apache.sshd.common.util.buffer.keys; + exports org.apache.sshd.common.util.closeable; + exports org.apache.sshd.common.util.functors; + exports org.apache.sshd.common.util.helper; + exports org.apache.sshd.common.util.io; + exports org.apache.sshd.common.util.io.der; + exports org.apache.sshd.common.util.io.functors; + exports org.apache.sshd.common.util.io.resource; + exports org.apache.sshd.common.util.net; + exports org.apache.sshd.common.util.security; + exports org.apache.sshd.common.util.security.eddsa; + exports org.apache.sshd.common.util.security.bouncycastle; + exports org.apache.sshd.common.util.threads; + requires transitive org.xbib.eddsa; + requires org.bouncycastle.pkix; + requires org.bouncycastle.provider; + requires java.logging; +} \ No newline at end of file diff --git a/files-sftp/src/main/java/org/apache/sshd/client/ClientAuthenticationManager.java b/files-sftp/src/main/java/org/apache/sshd/client/ClientAuthenticationManager.java new file mode 100644 index 0000000..4dff328 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/ClientAuthenticationManager.java @@ -0,0 +1,134 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client; + +import java.security.KeyPair; +import java.util.Collection; +import java.util.List; + +import org.apache.sshd.client.auth.AuthenticationIdentitiesProvider; +import org.apache.sshd.client.auth.BuiltinUserAuthFactories; +import org.apache.sshd.client.auth.UserAuth; +import org.apache.sshd.client.auth.UserAuthFactory; +import org.apache.sshd.client.auth.hostbased.HostBasedAuthenticationReporter; +import org.apache.sshd.client.auth.keyboard.UserInteraction; +import org.apache.sshd.client.auth.password.PasswordAuthenticationReporter; +import org.apache.sshd.client.auth.password.PasswordIdentityProvider; +import org.apache.sshd.client.auth.pubkey.PublicKeyAuthenticationReporter; +import org.apache.sshd.client.keyverifier.ServerKeyVerifier; +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.auth.UserAuthFactoriesManager; +import org.apache.sshd.common.keyprovider.KeyIdentityProviderHolder; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * Holds information required for the client to perform authentication with the server + * + * @author Apache MINA SSHD Project + */ +public interface ClientAuthenticationManager + extends UserAuthFactoriesManager, + KeyIdentityProviderHolder { + + /** + * @return The {@link AuthenticationIdentitiesProvider} to be used for attempting password or public key + * authentication + */ + AuthenticationIdentitiesProvider getRegisteredIdentities(); + + /** + * Retrieve {@link PasswordIdentityProvider} used to provide password candidates + * + * @return The {@link PasswordIdentityProvider} instance - ignored if {@code null} (i.e., no passwords available). + * @see #addPasswordIdentity(String) + */ + PasswordIdentityProvider getPasswordIdentityProvider(); + + void setPasswordIdentityProvider(PasswordIdentityProvider provider); + + /** + * @param password Password to be added - may not be {@code null}/empty. Note: this password is in + * addition to whatever passwords are available via the {@link PasswordIdentityProvider} (if + * any) + */ + void addPasswordIdentity(String password); + + /** + * @param password The password to remove - ignored if {@code null}/empty + * @return The removed password - same one that was added via {@link #addPasswordIdentity(String)} - or + * {@code null} if no match found + */ + String removePasswordIdentity(String password); + + /** + * @param key The {@link KeyPair} to add - may not be {@code null} Note: this key is in addition to + * whatever keys are available via the {@link org.apache.sshd.common.keyprovider.KeyIdentityProvider} (if + * any) + */ + void addPublicKeyIdentity(KeyPair key); + + /** + * @param kp The {@link KeyPair} to remove - ignored if {@code null} + * @return The removed {@link KeyPair} - same one that was added via {@link #addPublicKeyIdentity(KeyPair)} - or + * {@code null} if no match found + */ + KeyPair removePublicKeyIdentity(KeyPair kp); + + /** + * Retrieve the server key verifier to be used to check the key when connecting to an SSH server. + * + * @return the {@link ServerKeyVerifier} to use - never {@code null} + */ + ServerKeyVerifier getServerKeyVerifier(); + + void setServerKeyVerifier(ServerKeyVerifier serverKeyVerifier); + + /** + * @return A {@link UserInteraction} object to communicate with the user (may be {@code null} to indicate that no + * such communication is allowed) + */ + UserInteraction getUserInteraction(); + + void setUserInteraction(UserInteraction userInteraction); + + PasswordAuthenticationReporter getPasswordAuthenticationReporter(); + + void setPasswordAuthenticationReporter(PasswordAuthenticationReporter reporter); + + PublicKeyAuthenticationReporter getPublicKeyAuthenticationReporter(); + + void setPublicKeyAuthenticationReporter(PublicKeyAuthenticationReporter reporter); + + HostBasedAuthenticationReporter getHostBasedAuthenticationReporter(); + + void setHostBasedAuthenticationReporter(HostBasedAuthenticationReporter reporter); + + @Override + default void setUserAuthFactoriesNames(Collection names) { + BuiltinUserAuthFactories.ParseResult result = BuiltinUserAuthFactories.parseFactoriesList(names); + List factories = ValidateUtils.checkNotNullAndNotEmpty( + result.getParsedFactories(), "No supported user authentication factories: %s", names); + Collection unsupported = result.getUnsupportedFactories(); + ValidateUtils.checkTrue( + GenericUtils.isEmpty(unsupported), "Unsupported user authentication factories found: %s", unsupported); + setUserAuthFactories(factories); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/ClientBuilder.java b/files-sftp/src/main/java/org/apache/sshd/client/ClientBuilder.java new file mode 100644 index 0000000..610c870 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/ClientBuilder.java @@ -0,0 +1,188 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client; + +import java.util.Collections; +import java.util.List; +import java.util.function.Function; + +import org.apache.sshd.client.config.hosts.DefaultConfigFileHostEntryResolver; +import org.apache.sshd.client.config.hosts.HostConfigEntryResolver; +import org.apache.sshd.client.config.keys.ClientIdentityLoader; +import org.apache.sshd.client.global.OpenSshHostKeysHandler; +import org.apache.sshd.client.kex.DHGClient; +import org.apache.sshd.client.kex.DHGEXClient; +import org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier; +import org.apache.sshd.client.keyverifier.ServerKeyVerifier; +import org.apache.sshd.common.BaseBuilder; +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.channel.ChannelFactory; +import org.apache.sshd.common.channel.RequestHandler; +import org.apache.sshd.common.compression.BuiltinCompressions; +import org.apache.sshd.common.compression.Compression; +import org.apache.sshd.common.compression.CompressionFactory; +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.kex.DHFactory; +import org.apache.sshd.common.kex.KeyExchange; +import org.apache.sshd.common.kex.KeyExchangeFactory; +import org.apache.sshd.common.session.ConnectionService; +import org.apache.sshd.common.signature.Signature; + +/** + * SshClient builder + */ +public class ClientBuilder extends BaseBuilder { + + @SuppressWarnings("checkstyle:Indentation") + public static final Function DH2KEX = factory -> factory == null + ? null + : factory.isGroupExchange() + ? DHGEXClient.newFactory(factory) + : DHGClient.newFactory(factory); + + // Compression is not enabled by default for the client + public static final List DEFAULT_COMPRESSION_FACTORIES + = Collections.unmodifiableList(Collections.singletonList(BuiltinCompressions.none)); + + public static final List DEFAULT_CHANNEL_FACTORIES + = Collections.unmodifiableList(Collections.emptyList()); + public static final List> DEFAULT_GLOBAL_REQUEST_HANDLERS + = Collections.unmodifiableList(Collections.singletonList(OpenSshHostKeysHandler.INSTANCE)); + + public static final ServerKeyVerifier DEFAULT_SERVER_KEY_VERIFIER = AcceptAllServerKeyVerifier.INSTANCE; + public static final HostConfigEntryResolver DEFAULT_HOST_CONFIG_ENTRY_RESOLVER + = DefaultConfigFileHostEntryResolver.INSTANCE; + public static final ClientIdentityLoader DEFAULT_CLIENT_IDENTITY_LOADER = ClientIdentityLoader.DEFAULT; + public static final FilePasswordProvider DEFAULT_FILE_PASSWORD_PROVIDER = FilePasswordProvider.EMPTY; + + protected ServerKeyVerifier serverKeyVerifier; + protected HostConfigEntryResolver hostConfigEntryResolver; + protected ClientIdentityLoader clientIdentityLoader; + protected FilePasswordProvider filePasswordProvider; + + public ClientBuilder() { + super(); + } + + public ClientBuilder serverKeyVerifier(ServerKeyVerifier serverKeyVerifier) { + this.serverKeyVerifier = serverKeyVerifier; + return me(); + } + + public ClientBuilder hostConfigEntryResolver(HostConfigEntryResolver resolver) { + this.hostConfigEntryResolver = resolver; + return me(); + } + + public ClientBuilder clientIdentityLoader(ClientIdentityLoader loader) { + this.clientIdentityLoader = loader; + return me(); + } + + public ClientBuilder filePasswordProvider(FilePasswordProvider provider) { + this.filePasswordProvider = provider; + return me(); + } + + @Override + protected ClientBuilder fillWithDefaultValues() { + super.fillWithDefaultValues(); + + if (signatureFactories == null) { + signatureFactories = setUpDefaultSignatureFactories(false); + } + + if (compressionFactories == null) { + compressionFactories = setUpDefaultCompressionFactories(false); + } + + if (keyExchangeFactories == null) { + keyExchangeFactories = setUpDefaultKeyExchanges(false); + } + + if (channelFactories == null) { + channelFactories = DEFAULT_CHANNEL_FACTORIES; + } + + if (globalRequestHandlers == null) { + globalRequestHandlers = DEFAULT_GLOBAL_REQUEST_HANDLERS; + } + + if (serverKeyVerifier == null) { + serverKeyVerifier = DEFAULT_SERVER_KEY_VERIFIER; + } + + if (hostConfigEntryResolver == null) { + hostConfigEntryResolver = DEFAULT_HOST_CONFIG_ENTRY_RESOLVER; + } + + if (clientIdentityLoader == null) { + clientIdentityLoader = DEFAULT_CLIENT_IDENTITY_LOADER; + } + + if (filePasswordProvider == null) { + filePasswordProvider = DEFAULT_FILE_PASSWORD_PROVIDER; + } + + if (factory == null) { + factory = SshClient.DEFAULT_SSH_CLIENT_FACTORY; + } + + return me(); + } + + @Override + public SshClient build(boolean isFillWithDefaultValues) { + SshClient client = super.build(isFillWithDefaultValues); + client.setServerKeyVerifier(serverKeyVerifier); + client.setHostConfigEntryResolver(hostConfigEntryResolver); + client.setClientIdentityLoader(clientIdentityLoader); + client.setFilePasswordProvider(filePasswordProvider); + return client; + } + + @SuppressWarnings({ "unchecked", "rawtypes" }) // safe due to the hierarchy + public static List> setUpDefaultSignatureFactories(boolean ignoreUnsupported) { + return (List) NamedFactory.setUpBuiltinFactories(ignoreUnsupported, DEFAULT_SIGNATURE_PREFERENCE); + } + + @SuppressWarnings({ "unchecked", "rawtypes" }) // safe due to the hierarchy + public static List> setUpDefaultCompressionFactories(boolean ignoreUnsupported) { + return (List) NamedFactory.setUpBuiltinFactories(ignoreUnsupported, DEFAULT_COMPRESSION_FACTORIES); + } + + /** + * @param ignoreUnsupported If {@code true} then all the default key exchanges are included, regardless of whether + * they are currently supported by the JCE. Otherwise, only the supported ones out of the + * list are included + * @return A {@link List} of the default {@link NamedFactory} instances of the + * {@link KeyExchange}s according to the preference order defined by + * {@link #DEFAULT_KEX_PREFERENCE}. Note: the list may be filtered to exclude + * unsupported JCE key exchanges according to the ignoreUnsupported parameter + * @see org.apache.sshd.common.kex.BuiltinDHFactories#isSupported() + */ + public static List setUpDefaultKeyExchanges(boolean ignoreUnsupported) { + return NamedFactory.setUpTransformedFactories(ignoreUnsupported, DEFAULT_KEX_PREFERENCE, DH2KEX); + } + + public static ClientBuilder builder() { + return new ClientBuilder(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/ClientFactoryManager.java b/files-sftp/src/main/java/org/apache/sshd/client/ClientFactoryManager.java new file mode 100644 index 0000000..95139d8 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/ClientFactoryManager.java @@ -0,0 +1,49 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client; + +import org.apache.sshd.client.config.hosts.HostConfigEntryResolver; +import org.apache.sshd.client.config.keys.ClientIdentityLoaderManager; +import org.apache.sshd.client.session.ClientProxyConnectorHolder; +import org.apache.sshd.client.session.ClientSessionCreator; +import org.apache.sshd.common.FactoryManager; +import org.apache.sshd.common.config.keys.FilePasswordProviderManager; + +/** + * The ClientFactoryManager enable the retrieval of additional configuration needed specifically for the + * client side. + * + * @author Apache MINA SSHD Project + */ +public interface ClientFactoryManager + extends FactoryManager, + ClientSessionCreator, + ClientProxyConnectorHolder, + FilePasswordProviderManager, + ClientIdentityLoaderManager, + ClientAuthenticationManager { + + /** + * @return The {@link HostConfigEntryResolver} to use in order to resolve the effective session parameters - never + * {@code null} + */ + HostConfigEntryResolver getHostConfigEntryResolver(); + + void setHostConfigEntryResolver(HostConfigEntryResolver resolver); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/FullAccessSftpClient.java b/files-sftp/src/main/java/org/apache/sshd/client/FullAccessSftpClient.java new file mode 100644 index 0000000..d1a63ec --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/FullAccessSftpClient.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client; + +import org.apache.sshd.common.util.closeable.AutoCloseableDelegateInvocationHandler; + +/** + * Provides both structured and raw SFTP access + * + * @author Apache MINA SSHD Project + */ +public interface FullAccessSftpClient extends SftpClient, RawSftpClient { + static SftpClient singleSessionInstance(SftpClient client) { + if (client instanceof FullAccessSftpClient) { + return AutoCloseableDelegateInvocationHandler.wrapDelegateCloseable( + client, FullAccessSftpClient.class, client.getClientSession()); + } else { + return AutoCloseableDelegateInvocationHandler.wrapDelegateCloseable( + client, SftpClient.class, client.getClientSession()); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/RawSftpClient.java b/files-sftp/src/main/java/org/apache/sshd/client/RawSftpClient.java new file mode 100644 index 0000000..d267f55 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/RawSftpClient.java @@ -0,0 +1,61 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client; + +import java.io.IOException; +import java.time.Duration; + +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * @author Apache MINA SSHD Project + */ +public interface RawSftpClient { + /** + * @param cmd Command to send - Note: only lower 8-bits are used + * @param buffer The {@link Buffer} containing the command data + * @return The assigned request id + * @throws IOException if failed to send command + */ + int send(int cmd, Buffer buffer) throws IOException; + + /** + * @param id The expected request id + * @return The received response {@link Buffer} containing the request id + * @throws IOException If connection closed or interrupted + */ + Buffer receive(int id) throws IOException; + + /** + * @param id The expected request id + * @param timeout The amount of time to wait for the response + * @return The received response {@link Buffer} containing the request id + * @throws IOException If connection closed or interrupted + */ + Buffer receive(int id, long timeout) throws IOException; + + /** + * @param id The expected request id + * @param timeout The amount of time to wait for the response + * @return The received response {@link Buffer} containing the request id + * @throws IOException If connection closed or interrupted + */ + Buffer receive(int id, Duration timeout) throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/SftpClient.java b/files-sftp/src/main/java/org/apache/sshd/client/SftpClient.java new file mode 100644 index 0000000..31f0e58 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/SftpClient.java @@ -0,0 +1,1023 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client; + +import java.io.Closeable; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.nio.channels.Channel; +import java.nio.channels.FileChannel; +import java.nio.charset.Charset; +import java.nio.charset.StandardCharsets; +import java.nio.file.OpenOption; +import java.nio.file.StandardOpenOption; +import java.nio.file.attribute.AclEntry; +import java.nio.file.attribute.FileTime; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.Comparator; +import java.util.EnumSet; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import java.util.NavigableMap; +import java.util.Objects; +import java.util.Set; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.client.subsystem.SubsystemClient; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.BufferUtils; +import org.apache.sshd.common.SftpModuleProperties; +import org.apache.sshd.client.extensions.BuiltinSftpClientExtensions; +import org.apache.sshd.client.extensions.SftpClientExtension; +import org.apache.sshd.client.extensions.SftpClientExtensionFactory; +import org.apache.sshd.common.SftpConstants; +import org.apache.sshd.common.SftpHelper; + +/** + * @author Apache MINA Project + */ +public interface SftpClient extends SubsystemClient { + + String NAME_DECODING_CHARSET = "sftp-name-decoding-charset"; + + /** + * Default value of {@value #NAME_DECODING_CHARSET} + */ + Charset DEFAULT_NAME_DECODING_CHARSET = StandardCharsets.UTF_8; + + enum OpenMode { + Read, + Write, + Append, + Create, + Truncate, + Exclusive; + + /** + * The {@link Set} of {@link OpenOption}-s supported by {@link #fromOpenOptions(Collection)} + */ + public static final Set SUPPORTED_OPTIONS = Collections.unmodifiableSet(EnumSet.of( + StandardOpenOption.READ, + StandardOpenOption.APPEND, + StandardOpenOption.CREATE, + StandardOpenOption.TRUNCATE_EXISTING, + StandardOpenOption.WRITE, + StandardOpenOption.CREATE_NEW, + StandardOpenOption.SPARSE)); + + /** + * Converts {@link StandardOpenOption}-s into {@link OpenMode}-s + * + * @param options The original options - ignored if {@code null}/empty + * @return A {@link Set} of the equivalent modes + * @throws IllegalArgumentException If an unsupported option is requested + * @see #SUPPORTED_OPTIONS + */ + public static Set fromOpenOptions(Collection options) { + if (GenericUtils.isEmpty(options)) { + return Collections.emptySet(); + } + + Set modes = EnumSet.noneOf(OpenMode.class); + for (OpenOption option : options) { + if (option == StandardOpenOption.READ) { + modes.add(Read); + } else if (option == StandardOpenOption.APPEND) { + modes.add(Append); + } else if (option == StandardOpenOption.CREATE) { + modes.add(Create); + } else if (option == StandardOpenOption.TRUNCATE_EXISTING) { + modes.add(Truncate); + } else if (option == StandardOpenOption.WRITE) { + modes.add(Write); + } else if (option == StandardOpenOption.CREATE_NEW) { + modes.add(Create); + modes.add(Exclusive); + } else if (option == StandardOpenOption.SPARSE) { + /* + * As per the Javadoc: + * + * The option is ignored when the file system does not support the creation of sparse files + */ + continue; + } else { + throw new IllegalArgumentException("Unsupported open option: " + option); + } + } + + return modes; + } + } + + enum CopyMode { + Atomic, + Overwrite + } + + enum Attribute { + Size, + UidGid, + Perms, + OwnerGroup, + AccessTime, + ModifyTime, + CreateTime, + Acl, + Extensions + } + + class Handle { + private final String path; + private final byte[] id; + + Handle(String path, byte[] id) { + // clone the original so the handle is immutable + this.path = ValidateUtils.checkNotNullAndNotEmpty(path, "No remote path"); + this.id = ValidateUtils.checkNotNullAndNotEmpty(id, "No handle ID").clone(); + } + + /** + * @return The remote path represented by this handle + */ + public String getPath() { + return path; + } + + public int length() { + return id.length; + } + + /** + * @return A cloned instance of the identifier in order to avoid inadvertent modifications to the handle + * contents + */ + public byte[] getIdentifier() { + return id.clone(); + } + + @Override + public int hashCode() { + return Arrays.hashCode(id); + } + + @Override + public boolean equals(Object obj) { + if (obj == null) { + return false; + } + + if (obj == this) { + return true; + } + + // we do not ask getClass() == obj.getClass() in order to allow for derived classes equality + if (!(obj instanceof Handle)) { + return false; + } + + return Arrays.equals(id, ((Handle) obj).id); + } + + @Override + public String toString() { + return getPath() + ": " + BufferUtils.toHex(BufferUtils.EMPTY_HEX_SEPARATOR, id); + } + } + + // CHECKSTYLE:OFF + abstract class CloseableHandle extends Handle implements Channel, Closeable { + protected CloseableHandle(String path, byte[] id) { + super(path, id); + } + } + // CHECKSTYLE:ON + + class Attributes { + private Set flags = EnumSet.noneOf(Attribute.class); + private int type = SftpConstants.SSH_FILEXFER_TYPE_UNKNOWN; + private int perms; + private int uid; + private int gid; + private String owner; + private String group; + private long size; + private FileTime accessTime; + private FileTime createTime; + private FileTime modifyTime; + private List acl; + private Map extensions = Collections.emptyMap(); + + public Attributes() { + super(); + } + + public Set getFlags() { + return flags; + } + + public Attributes addFlag(Attribute flag) { + flags.add(flag); + return this; + } + + public Attributes removeFlag(Attribute flag) { + flags.remove(flag); + return this; + } + + public int getType() { + return type; + } + + public void setType(int type) { + this.type = type; + } + + public long getSize() { + return size; + } + + public Attributes size(long size) { + setSize(size); + return this; + } + + public void setSize(long size) { + this.size = size; + addFlag(Attribute.Size); + } + + public String getOwner() { + return owner; + } + + public Attributes owner(String owner) { + setOwner(owner); + return this; + } + + public void setOwner(String owner) { + this.owner = owner; + /* + * According to https://tools.ietf.org/wg/secsh/draft-ietf-secsh-filexfer/draft-ietf-secsh-filexfer-13.txt + * section 7.5 + * + * If either the owner or group field is zero length, the field should be considered absent, and no change + * should be made to that specific field during a modification operation. + */ + if (GenericUtils.isEmpty(owner)) { + removeFlag(Attribute.OwnerGroup); + } else { + addFlag(Attribute.OwnerGroup); + } + } + + public String getGroup() { + return group; + } + + public Attributes group(String group) { + setGroup(group); + return this; + } + + public void setGroup(String group) { + this.group = group; + /* + * According to https://tools.ietf.org/wg/secsh/draft-ietf-secsh-filexfer/draft-ietf-secsh-filexfer-13.txt + * section 7.5 + * + * If either the owner or group field is zero length, the field should be considered absent, and no change + * should be made to that specific field during a modification operation. + */ + if (GenericUtils.isEmpty(group)) { + removeFlag(Attribute.OwnerGroup); + } else { + addFlag(Attribute.OwnerGroup); + } + } + + public int getUserId() { + return uid; + } + + public int getGroupId() { + return gid; + } + + public Attributes owner(int uid, int gid) { + this.uid = uid; + this.gid = gid; + addFlag(Attribute.UidGid); + return this; + } + + public int getPermissions() { + return perms; + } + + public Attributes perms(int perms) { + setPermissions(perms); + return this; + } + + public void setPermissions(int perms) { + this.perms = perms; + addFlag(Attribute.Perms); + } + + public FileTime getAccessTime() { + return accessTime; + } + + public Attributes accessTime(long atime) { + return accessTime(atime, TimeUnit.SECONDS); + } + + public Attributes accessTime(long atime, TimeUnit unit) { + return accessTime(FileTime.from(atime, unit)); + } + + public Attributes accessTime(FileTime atime) { + setAccessTime(atime); + return this; + } + + public void setAccessTime(FileTime atime) { + accessTime = Objects.requireNonNull(atime, "No access time"); + addFlag(Attribute.AccessTime); + } + + public FileTime getCreateTime() { + return createTime; + } + + public Attributes createTime(long ctime) { + return createTime(ctime, TimeUnit.SECONDS); + } + + public Attributes createTime(long ctime, TimeUnit unit) { + return createTime(FileTime.from(ctime, unit)); + } + + public Attributes createTime(FileTime ctime) { + setCreateTime(ctime); + return this; + } + + public void setCreateTime(FileTime ctime) { + createTime = Objects.requireNonNull(ctime, "No create time"); + addFlag(Attribute.CreateTime); + } + + public FileTime getModifyTime() { + return modifyTime; + } + + public Attributes modifyTime(long mtime) { + return modifyTime(mtime, TimeUnit.SECONDS); + } + + public Attributes modifyTime(long mtime, TimeUnit unit) { + return modifyTime(FileTime.from(mtime, unit)); + } + + public Attributes modifyTime(FileTime mtime) { + setModifyTime(mtime); + return this; + } + + public void setModifyTime(FileTime mtime) { + modifyTime = Objects.requireNonNull(mtime, "No modify time"); + addFlag(Attribute.ModifyTime); + } + + public List getAcl() { + return acl; + } + + public Attributes acl(List acl) { + setAcl(acl); + return this; + } + + public void setAcl(List acl) { + this.acl = Objects.requireNonNull(acl, "No ACLs"); + addFlag(Attribute.Acl); + } + + public Map getExtensions() { + return extensions; + } + + public Attributes extensions(Map extensions) { + setExtensions(extensions); + return this; + } + + public void setStringExtensions(Map extensions) { + setExtensions(SftpHelper.toBinaryExtensions(extensions)); + } + + public void setExtensions(Map extensions) { + this.extensions = Objects.requireNonNull(extensions, "No extensions"); + addFlag(Attribute.Extensions); + } + + public boolean isRegularFile() { + return (getPermissions() & SftpConstants.S_IFMT) == SftpConstants.S_IFREG; + } + + public boolean isDirectory() { + return (getPermissions() & SftpConstants.S_IFMT) == SftpConstants.S_IFDIR; + } + + public boolean isSymbolicLink() { + return (getPermissions() & SftpConstants.S_IFMT) == SftpConstants.S_IFLNK; + } + + public boolean isOther() { + return !isRegularFile() && !isDirectory() && !isSymbolicLink(); + } + + @Override + public String toString() { + return "type=" + getType() + ";size=" + getSize() + ";uid=" + getUserId() + ";gid=" + getGroupId() + ";perms=0x" + + Integer.toHexString(getPermissions()) + ";flags=" + getFlags() + ";owner=" + getOwner() + ";group=" + + getGroup() + ";aTime=" + getAccessTime() + ";cTime=" + getCreateTime() + ";mTime=" + getModifyTime() + + ";extensions=" + getExtensions().keySet(); + } + } + + class DirEntry { + public static final Comparator BY_CASE_SENSITIVE_FILENAME = (e1, e2) -> { + if (GenericUtils.isSameReference(e1, e2)) { + return 0; + } else if (e1 == null) { + return 1; + } else if (e2 == null) { + return -1; + } else { + return GenericUtils.safeCompare(e1.getFilename(), e2.getFilename(), true); + } + }; + + public static final Comparator BY_CASE_INSENSITIVE_FILENAME = (e1, e2) -> { + if (GenericUtils.isSameReference(e1, e2)) { + return 0; + } else if (e1 == null) { + return 1; + } else if (e2 == null) { + return -1; + } else { + return GenericUtils.safeCompare(e1.getFilename(), e2.getFilename(), false); + } + }; + + private final String filename; + private final String longFilename; + private final Attributes attributes; + + public DirEntry(DirEntry other) { + this(other.getFilename(), other.getLongFilename(), other.getAttributes()); + } + + public DirEntry(String filename, String longFilename, Attributes attributes) { + this.filename = filename; + this.longFilename = longFilename; + this.attributes = attributes; + } + + public String getFilename() { + return filename; + } + + public String getLongFilename() { + return longFilename; + } + + public Attributes getAttributes() { + return attributes; + } + + @Override + public String toString() { + return getFilename() + "[" + getLongFilename() + "]: " + getAttributes(); + } + } + + DirEntry[] EMPTY_DIR_ENTRIES = new DirEntry[0]; + + // default values used if none specified + int MIN_BUFFER_SIZE = 256; + int MIN_READ_BUFFER_SIZE = MIN_BUFFER_SIZE; + int MIN_WRITE_BUFFER_SIZE = MIN_BUFFER_SIZE; + int IO_BUFFER_SIZE = 32 * 1024; + + int DEFAULT_READ_BUFFER_SIZE = IO_BUFFER_SIZE; + int DEFAULT_WRITE_BUFFER_SIZE = IO_BUFFER_SIZE; + long DEFAULT_WAIT_TIMEOUT = TimeUnit.SECONDS.toMillis(15L); + + /** + * Default modes for opening a channel if no specific modes specified + */ + Set DEFAULT_CHANNEL_MODES = Collections.unmodifiableSet(EnumSet.of(OpenMode.Read, OpenMode.Write)); + + /** + * @return The negotiated SFTP protocol version + */ + int getVersion(); + + @Override + default String getName() { + return SftpConstants.SFTP_SUBSYSTEM_NAME; + } + + /** + * @return The (never {@code null}) {@link Charset} used to decode referenced files/folders names + * @see SftpModuleProperties#NAME_DECODING_CHARSET + */ + Charset getNameDecodingCharset(); + + void setNameDecodingCharset(Charset cs); + + /** + * @return An (unmodifiable) {@link NavigableMap} of the reported server extensions. where key=extension name (case + * insensitive) + */ + NavigableMap getServerExtensions(); + + boolean isClosing(); + + // + // Low level API + // + + /** + * Opens a remote file for read + * + * @param path The remote path + * @return The file's {@link CloseableHandle} + * @throws IOException If failed to open the remote file + * @see #open(String, Collection) + */ + default CloseableHandle open(String path) throws IOException { + return open(path, Collections.emptySet()); + } + + /** + * Opens a remote file with the specified mode(s) + * + * @param path The remote path + * @param options The desired mode - if none specified then {@link OpenMode#Read} is assumed + * @return The file's {@link CloseableHandle} + * @throws IOException If failed to open the remote file + * @see #open(String, Collection) + */ + default CloseableHandle open(String path, OpenMode... options) throws IOException { + return open(path, GenericUtils.of(options)); + } + + /** + * Opens a remote file with the specified mode(s) + * + * @param path The remote path + * @param options The desired mode - if none specified then {@link OpenMode#Read} is assumed + * @return The file's {@link CloseableHandle} + * @throws IOException If failed to open the remote file + */ + CloseableHandle open(String path, Collection options) throws IOException; + + /** + * Close the handle obtained from one of the {@code open} methods + * + * @param handle The {@code Handle} to close + * @throws IOException If failed to execute + */ + void close(Handle handle) throws IOException; + + /** + * @param path The remote path to remove + * @throws IOException If failed to execute + */ + void remove(String path) throws IOException; + + default void rename(String oldPath, String newPath) throws IOException { + rename(oldPath, newPath, Collections.emptySet()); + } + + default void rename(String oldPath, String newPath, CopyMode... options) throws IOException { + rename(oldPath, newPath, GenericUtils.of(options)); + } + + void rename(String oldPath, String newPath, Collection options) throws IOException; + + /** + * Reads data from the open (file) handle + * + * @param handle The file {@link Handle} to read from + * @param fileOffset The file offset to read from + * @param dst The destination buffer + * @return Number of read bytes - {@code -1} if EOF reached + * @throws IOException If failed to read the data + * @see #read(Handle, long, byte[], int, int) + */ + default int read(Handle handle, long fileOffset, byte[] dst) throws IOException { + return read(handle, fileOffset, dst, null); + } + + /** + * Reads data from the open (file) handle + * + * @param handle The file {@link Handle} to read from + * @param fileOffset The file offset to read from + * @param dst The destination buffer + * @param eofSignalled If not {@code null} then upon return holds a value indicating whether EOF was reached due to + * the read. If {@code null} indicator value then this indication is not available + * @return Number of read bytes - {@code -1} if EOF reached + * @throws IOException If failed to read the data + * @see #read(Handle, long, byte[], int, int, AtomicReference) + * @see SFTP v6 - + * section 9.3 + */ + default int read(Handle handle, long fileOffset, byte[] dst, AtomicReference eofSignalled) throws IOException { + return read(handle, fileOffset, dst, 0, dst.length, eofSignalled); + } + + default int read(Handle handle, long fileOffset, byte[] dst, int dstOffset, int len) throws IOException { + return read(handle, fileOffset, dst, dstOffset, len, null); + } + + /** + * Reads data from the open (file) handle + * + * @param handle The file {@link Handle} to read from + * @param fileOffset The file offset to read from + * @param dst The destination buffer + * @param dstOffset Offset in destination buffer to place the read data + * @param len Available destination buffer size to read + * @param eofSignalled If not {@code null} then upon return holds a value indicating whether EOF was reached due to + * the read. If {@code null} indicator value then this indication is not available + * @return Number of read bytes - {@code -1} if EOF reached + * @throws IOException If failed to read the data + * @see SFTP v6 - + * section 9.3 + */ + int read(Handle handle, long fileOffset, byte[] dst, int dstOffset, int len, AtomicReference eofSignalled) + throws IOException; + + default void write(Handle handle, long fileOffset, byte[] src) throws IOException { + write(handle, fileOffset, src, 0, src.length); + } + + /** + * Write data to (open) file handle + * + * @param handle The file {@link Handle} + * @param fileOffset Zero-based offset to write in file + * @param src Data buffer + * @param srcOffset Offset of valid data in buffer + * @param len Number of bytes to write + * @throws IOException If failed to write the data + */ + void write(Handle handle, long fileOffset, byte[] src, int srcOffset, int len) throws IOException; + + /** + * Create remote directory + * + * @param path Remote directory path + * @throws IOException If failed to execute + */ + void mkdir(String path) throws IOException; + + /** + * Remove remote directory + * + * @param path Remote directory path + * @throws IOException If failed to execute + */ + void rmdir(String path) throws IOException; + + /** + * Obtain a handle for a directory + * + * @param path Remote directory path + * @return The associated directory {@link Handle} + * @throws IOException If failed to execute + */ + CloseableHandle openDir(String path) throws IOException; + + /** + * @param handle Directory {@link Handle} to read from + * @return A {@link List} of entries - {@code null} to indicate no more entries Note: the list + * may be incomplete since the client and server have some internal imposed limit on the + * number of entries they can process. Therefore several calls to this method may be required + * (until {@code null}). In order to iterate over all the entries use {@link #readDir(String)} + * @throws IOException If failed to access the remote site + */ + default List readDir(Handle handle) throws IOException { + return readDir(handle, null); + } + + /** + * @param handle Directory {@link Handle} to read from + * @return A {@link List} of entries - {@code null} to indicate no more entries + * @param eolIndicator An indicator that can be used to get information whether end of list has been reached - + * ignored if {@code null}. Upon return, set value indicates whether all entries have been + * exhausted - a {@code null} value means that this information cannot be provided and another + * call to {@code readDir} is necessary in order to verify that no more entries are pending + * @throws IOException If failed to access the remote site + * @see SFTP v6 - + * section 9.4 + */ + List readDir(Handle handle, AtomicReference eolIndicator) throws IOException; + + /** + * @param handle A directory {@link Handle} + * @return An {@link Iterable} that can be used to iterate over all the directory entries (like + * {@link #readDir(String)}). Note: the iterable instance is not re-usable - i.e., files + * can be iterated only once + * @throws IOException If failed to access the directory + */ + Iterable listDir(Handle handle) throws IOException; + + /** + * The effective "normalized" remote path + * + * @param path The requested path - may be relative, and/or contain dots - e.g., ".", + * "..", "./foo", "../bar" + * + * @return The effective "normalized" remote path + * @throws IOException If failed to execute + */ + String canonicalPath(String path) throws IOException; + + /** + * Retrieve remote path meta-data - follow symbolic links if encountered + * + * @param path The remote path + * @return The associated {@link Attributes} + * @throws IOException If failed to execute + */ + Attributes stat(String path) throws IOException; + + /** + * Retrieve remote path meta-data - do not follow symbolic links + * + * @param path The remote path + * @return The associated {@link Attributes} + * @throws IOException If failed to execute + */ + Attributes lstat(String path) throws IOException; + + /** + * Retrieve file/directory handle meta-data + * + * @param handle The {@link Handle} obtained via one of the {@code open} calls + * @return The associated {@link Attributes} + * @throws IOException If failed to execute + */ + Attributes stat(Handle handle) throws IOException; + + /** + * Update remote node meta-data + * + * @param path The remote path + * @param attributes The {@link Attributes} to update + * @throws IOException If failed to execute + */ + void setStat(String path, Attributes attributes) throws IOException; + + /** + * Update remote node meta-data + * + * @param handle The {@link Handle} obtained via one of the {@code open} calls + * @param attributes The {@link Attributes} to update + * @throws IOException If failed to execute + */ + void setStat(Handle handle, Attributes attributes) throws IOException; + + /** + * Retrieve target of a link + * + * @param path Remote path that represents a link + * @return The link target + * @throws IOException If failed to execute + */ + String readLink(String path) throws IOException; + + /** + * Create symbolic link + * + * @param linkPath The link location + * @param targetPath The referenced target by the link + * @throws IOException If failed to execute + * @see #link(String, String, boolean) + */ + default void symLink(String linkPath, String targetPath) throws IOException { + link(linkPath, targetPath, true); + } + + /** + * Create a link + * + * @param linkPath The link location + * @param targetPath The referenced target by the link + * @param symbolic If {@code true} then make this a symbolic link, otherwise a hard one + * @throws IOException If failed to execute + */ + void link(String linkPath, String targetPath, boolean symbolic) throws IOException; + + // see SSH_FXP_BLOCK / SSH_FXP_UNBLOCK for byte range locks + void lock(Handle handle, long offset, long length, int mask) throws IOException; + + void unlock(Handle handle, long offset, long length) throws IOException; + + // + // High level API + // + + default FileChannel openRemotePathChannel(String path, OpenOption... options) throws IOException { + return openRemotePathChannel(path, GenericUtils.isEmpty(options) ? Collections.emptyList() : Arrays.asList(options)); + } + + default FileChannel openRemotePathChannel(String path, Collection options) throws IOException { + return openRemoteFileChannel(path, OpenMode.fromOpenOptions(options)); + } + + default FileChannel openRemoteFileChannel(String path, OpenMode... modes) throws IOException { + return openRemoteFileChannel(path, GenericUtils.isEmpty(modes) ? Collections.emptyList() : Arrays.asList(modes)); + } + + /** + * Opens an {@link FileChannel} on the specified remote path + * + * @param path The remote path + * @param modes The access mode(s) - if {@code null}/empty then the {@link #DEFAULT_CHANNEL_MODES} are used + * @return The open {@link FileChannel} - Note: do not close this owner client instance until the + * channel is no longer needed since it uses the client for providing the channel's + * functionality. + * @throws IOException If failed to open the channel + * @see java.nio.channels.Channels#newInputStream(java.nio.channels.ReadableByteChannel) + * @see java.nio.channels.Channels#newOutputStream(java.nio.channels.WritableByteChannel) + */ + FileChannel openRemoteFileChannel(String path, Collection modes) throws IOException; + + /** + * @param path The remote directory path + * @return An {@link Iterable} that can be used to iterate over all the directory entries (unlike + * {@link #readDir(Handle)}) + * @throws IOException If failed to access the remote site + * @see #readDir(Handle) + */ + Iterable readDir(String path) throws IOException; + + /** + * Reads all entries available for a directory + * + * @param path Remote directory path + * @return A {@link Collection} of all the entries in the remote directory + * @throws IOException If failed to retrieve the entries + * @see #readDir(String) + */ + default Collection readEntries(String path) throws IOException { + Iterable iter = readDir(path); + Collection entries = new LinkedList<>(); + for (DirEntry d : iter) { + entries.add(d); + } + + return entries; + } + + default InputStream read(String path) throws IOException { + return read(path, 0); + } + + default InputStream read(String path, int bufferSize) throws IOException { + return read(path, bufferSize, EnumSet.of(OpenMode.Read)); + } + + default InputStream read(String path, OpenMode... mode) throws IOException { + return read(path, 0, mode); + } + + default InputStream read(String path, int bufferSize, OpenMode... mode) throws IOException { + return read(path, bufferSize, GenericUtils.of(mode)); + } + + default InputStream read(String path, Collection mode) throws IOException { + return read(path, 0, mode); + } + + /** + * Read a remote file's data via an input stream + * + * @param path The remote file path + * @param bufferSize The internal read buffer size + * @param mode The remote file {@link OpenMode}s + * @return An {@link InputStream} for reading the remote file data + * @throws IOException If failed to execute + */ + InputStream read(String path, int bufferSize, Collection mode) throws IOException; + + default OutputStream write(String path) throws IOException { + return write(path, 0); + } + + default OutputStream write(String path, int bufferSize) throws IOException { + return write(path, bufferSize, EnumSet.of(OpenMode.Write, OpenMode.Create, OpenMode.Truncate)); + } + + default OutputStream write(String path, OpenMode... mode) throws IOException { + return write(path, 0, mode); + } + + default OutputStream write(String path, int bufferSize, OpenMode... mode) throws IOException { + return write(path, bufferSize, GenericUtils.of(mode)); + } + + default OutputStream write(String path, Collection mode) throws IOException { + return write(path, 0, mode); + } + + /** + * Write to a remote file via an output stream + * + * @param path The remote file path + * @param bufferSize The internal write buffer size + * @param mode The remote file {@link OpenMode}s + * @return An {@link OutputStream} for writing the data + * @throws IOException If failed to execute + */ + OutputStream write(String path, int bufferSize, Collection mode) throws IOException; + + /** + * @param The generic extension type + * @param extensionType The extension type + * @return The extension instance - Note: it is up to the caller to invoke + * {@link SftpClientExtension#isSupported()} - {@code null} if this extension type is not + * implemented by the client + * @see #getServerExtensions() + */ + default E getExtension(Class extensionType) { + Object instance = getExtension(BuiltinSftpClientExtensions.fromType(extensionType)); + if (instance == null) { + return null; + } else { + return extensionType.cast(instance); + } + } + + /** + * @param extensionName The extension name + * @return The extension instance - Note: it is up to the caller to invoke + * {@link SftpClientExtension#isSupported()} - {@code null} if this extension type is not + * implemented by the client + * @see #getServerExtensions() + */ + default SftpClientExtension getExtension(String extensionName) { + return getExtension(BuiltinSftpClientExtensions.fromName(extensionName)); + } + + /** + * + * @param factory The {@link SftpClientExtensionFactory} instance to use - ignored if {@code null} + * @return The extension instance - Note: it is up to the caller to invoke + * {@link SftpClientExtension#isSupported()} - {@code null} if this extension type is not + * implemented by the client + */ + SftpClientExtension getExtension(SftpClientExtensionFactory factory); + + /** + * Creates an {@link SftpClient} instance that also closes the underlying {@link #getClientSession() client session} + * when the client instance is closed. + * + * @return The wrapper instance + */ + default SftpClient singleSessionInstance() { + return FullAccessSftpClient.singleSessionInstance(this); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/SftpClientFactory.java b/files-sftp/src/main/java/org/apache/sshd/client/SftpClientFactory.java new file mode 100644 index 0000000..f391312 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/SftpClientFactory.java @@ -0,0 +1,68 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client; + +import java.io.IOException; + +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.client.impl.DefaultSftpClientFactory; + +/** + * TODO Add javadoc + * + * @author Apache MINA SSHD Project + */ +public interface SftpClientFactory { + + static SftpClientFactory instance() { + return DefaultSftpClientFactory.INSTANCE; + } + + /** + * Create an SFTP client from this session. + * + * @param session The {@link ClientSession} to be used for creating the SFTP client + * @return The created {@link SftpClient} + * @throws IOException if failed to create the client + */ + default SftpClient createSftpClient(ClientSession session) throws IOException { + return createSftpClient(session, SftpVersionSelector.CURRENT); + } + + /** + * Creates an SFTP client using the specified version + * + * @param session The {@link ClientSession} to be used for creating the SFTP client + * @param version The version to use - Note: if the specified version is not supported by the server + * then an exception will occur + * @return The created {@link SftpClient} + * @throws IOException If failed to create the client or use the specified version + */ + default SftpClient createSftpClient(ClientSession session, int version) throws IOException { + return createSftpClient(session, SftpVersionSelector.fixedVersionSelector(version)); + } + + /** + * @param session The {@link ClientSession} to which the SFTP client should be attached + * @param selector The {@link SftpVersionSelector} to use in order to negotiate the SFTP version + * @return The created {@link SftpClient} instance + * @throws IOException If failed to create the client + */ + SftpClient createSftpClient(ClientSession session, SftpVersionSelector selector) throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/SftpVersionSelector.java b/files-sftp/src/main/java/org/apache/sshd/client/SftpVersionSelector.java new file mode 100644 index 0000000..c8ed37b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/SftpVersionSelector.java @@ -0,0 +1,194 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client; + +import java.util.Collection; +import java.util.List; +import java.util.Objects; +import java.util.stream.Stream; +import java.util.stream.StreamSupport; + +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface SftpVersionSelector { + /** + * An {@link SftpVersionSelector} that returns the current version + */ + NamedVersionSelector CURRENT = new NamedVersionSelector("CURRENT", (session, initial, current, available) -> current); + + /** + * An {@link SftpVersionSelector} that returns the maximum available version + */ + NamedVersionSelector MAXIMUM = new NamedVersionSelector( + "MAXIMUM", + (session, initial, current, available) -> GenericUtils.stream(available).mapToInt(Integer::intValue).max() + .orElse(current)); + + /** + * An {@link SftpVersionSelector} that returns the minimum available version + */ + NamedVersionSelector MINIMUM = new NamedVersionSelector( + "MINIMUM", + (session, initial, current, available) -> GenericUtils.stream(available).mapToInt(Integer::intValue).min() + .orElse(current)); + + /** + * @param session The {@link ClientSession} through which the SFTP connection is made + * @param initial If {@code true} then this is the initial version sent via {@code SSH_FXP_INIT} otherwise it is + * a re-negotiation. + * @param current The current version negotiated with the server + * @param available Extra versions available - may be empty and/or contain only the current one + * @return The new requested version - if same as current, then nothing is done + */ + int selectVersion(ClientSession session, boolean initial, int current, List available); + + /** + * Creates a selector the always returns the requested (fixed version) regardless of what the current or reported + * available versions are. If the requested version is not reported as available then an exception will be + * eventually thrown by the client during re-negotiation phase. + * + * @param version The requested version + * @return The {@link NamedVersionSelector} wrapping the requested version + */ + static NamedVersionSelector fixedVersionSelector(int version) { + return new NamedVersionSelector(Integer.toString(version), (session, initial, current, available) -> version); + } + + /** + * Selects a version in order of preference - if none of the preferred versions is listed as available then an + * exception is thrown when the {@link SftpVersionSelector#selectVersion(ClientSession, boolean, int, List)} method + * is invoked + * + * @param preferred The preferred versions in decreasing order of preference (i.e., most preferred is 1st) - may + * not be {@code null}/empty + * @return A {@link NamedVersionSelector} that attempts to select the most preferred version that is also + * listed as available. + */ + static NamedVersionSelector preferredVersionSelector(int... preferred) { + return preferredVersionSelector(NumberUtils.asList(preferred)); + } + + /** + * Selects a version in order of preference - if none of the preferred versions is listed as available then an + * exception is thrown when the {@link SftpVersionSelector#selectVersion(ClientSession, boolean, int, List)} method + * is invoked + * + * @param preferred The preferred versions in decreasing order of preference (i.e., most preferred is 1st) + * @return A {@link NamedVersionSelector} that attempts to select the most preferred version that is also + * listed as available. + */ + static NamedVersionSelector preferredVersionSelector(Iterable preferred) { + ValidateUtils.checkNotNullAndNotEmpty((Collection) preferred, "Empty preferred versions"); + return new NamedVersionSelector( + GenericUtils.join(preferred, ','), + (session, initial, current, available) -> StreamSupport.stream(preferred.spliterator(), false) + .mapToInt(Number::intValue) + .filter(v -> (v == current) || available.contains(v)) + .findFirst() + .orElseThrow(() -> new IllegalStateException( + "Preferred versions (" + preferred + ") not available: " + available))); + } + + /** + * Parses the input string to see if it matches one of the "known" selectors names (case insensitive). If + * not, then checks if it is a single number and uses it as a {@link #fixedVersionSelector(int) fixed} version. + * Otherwise, assumes a comma separated list of versions in preferred order. + * + * @param selector The selector value - if {@code null}/empty then returns {@link #CURRENT} + * @return Parsed {@link NamedVersionSelector} + */ + static NamedVersionSelector resolveVersionSelector(String selector) { + if (GenericUtils.isEmpty(selector)) { + return SftpVersionSelector.CURRENT; + } else if (selector.equalsIgnoreCase(SftpVersionSelector.CURRENT.getName())) { + return SftpVersionSelector.CURRENT; + } else if (selector.equalsIgnoreCase(SftpVersionSelector.MINIMUM.getName())) { + return SftpVersionSelector.MINIMUM; + } else if (selector.equalsIgnoreCase(SftpVersionSelector.MAXIMUM.getName())) { + return SftpVersionSelector.MAXIMUM; + } else if (NumberUtils.isIntegerNumber(selector)) { + return SftpVersionSelector.fixedVersionSelector(Integer.parseInt(selector)); + } else { + String[] preferred = GenericUtils.split(selector, ','); + int[] prefs = Stream.of(preferred).mapToInt(Integer::parseInt).toArray(); + return SftpVersionSelector.preferredVersionSelector(prefs); + } + } + + /** + * Wraps a {@link SftpVersionSelector} and assigns it a name. Note: {@link NamedVersionSelector} are + * considered equal if they are assigned the same name - case insensitive + * + * @author Apache MINA SSHD Project + */ + class NamedVersionSelector implements SftpVersionSelector, NamedResource { + protected final SftpVersionSelector selector; + + private final String name; + + public NamedVersionSelector(String name, SftpVersionSelector selector) { + this.name = ValidateUtils.checkNotNullAndNotEmpty(name, "No name provided"); + this.selector = Objects.requireNonNull(selector, "No delegate selector provided"); + } + + @Override + public int selectVersion(ClientSession session, boolean initial, int current, List available) { + return selector.selectVersion(session, initial, current, available); + } + + @Override + public String getName() { + return name; + } + + @Override + public int hashCode() { + return GenericUtils.hashCode(getName(), Boolean.TRUE); + } + + @Override + public boolean equals(Object obj) { + if (obj == null) { + return false; + } + if (obj == this) { + return true; + } + if (getClass() != obj.getClass()) { + return false; + } + + return NamedResource.safeCompareByName(this, (NamedVersionSelector) obj, false) == 0; + } + + @Override + public String toString() { + return getName(); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/SimpleSftpClient.java b/files-sftp/src/main/java/org/apache/sshd/client/SimpleSftpClient.java new file mode 100644 index 0000000..34a82d1 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/SimpleSftpClient.java @@ -0,0 +1,181 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.InetSocketAddress; +import java.net.SocketAddress; +import java.nio.channels.Channel; +import java.security.KeyPair; +import java.util.Objects; + +import org.apache.sshd.client.simple.SimpleClientConfigurator; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * A simplified synchronous API for obtaining SFTP sessions. + * + * @author Apache MINA SSHD Project + */ +public interface SimpleSftpClient extends Channel { + /** + * Creates an SFTP session on the default port and logs in using the provided credentials + * + * @param host The target host name or address + * @param username Username + * @param password Password + * @return Created {@link SftpClient} - Note: closing the client also closes its underlying + * session + * @throws IOException If failed to login or authenticate + */ + default SftpClient sftpLogin(String host, String username, String password) throws IOException { + return sftpLogin(host, SimpleClientConfigurator.DEFAULT_PORT, username, password); + } + + /** + * Creates an SFTP session using the provided credentials + * + * @param host The target host name or address + * @param port The target port + * @param username Username + * @param password Password + * @return Created {@link SftpClient} - Note: closing the client also closes its underlying + * session + * @throws IOException If failed to login or authenticate + */ + default SftpClient sftpLogin(String host, int port, String username, String password) throws IOException { + return sftpLogin(InetAddress.getByName(ValidateUtils.checkNotNullAndNotEmpty(host, "No host")), port, username, + password); + } + + /** + * Creates an SFTP session on the default port and logs in using the provided credentials + * + * @param host The target host name or address + * @param username Username + * @param identity The {@link KeyPair} identity + * @return Created {@link SftpClient} - Note: closing the client also closes its underlying + * session + * @throws IOException If failed to login or authenticate + */ + default SftpClient sftpLogin(String host, String username, KeyPair identity) throws IOException { + return sftpLogin(host, SimpleClientConfigurator.DEFAULT_PORT, username, identity); + } + + /** + * Creates an SFTP session using the provided credentials + * + * @param host The target host name or address + * @param port The target port + * @param username Username + * @param identity The {@link KeyPair} identity + * @return Created {@link SftpClient} - Note: closing the client also closes its underlying + * session + * @throws IOException If failed to login or authenticate + */ + default SftpClient sftpLogin(String host, int port, String username, KeyPair identity) throws IOException { + return sftpLogin(InetAddress.getByName(ValidateUtils.checkNotNullAndNotEmpty(host, "No host")), port, username, + identity); + } + + /** + * Creates an SFTP session on the default port and logs in using the provided credentials + * + * @param host The target host {@link InetAddress} + * @param username Username + * @param password Password + * @return Created {@link SftpClient} - Note: closing the client also closes its underlying + * session + * @throws IOException If failed to login or authenticate + */ + default SftpClient sftpLogin(InetAddress host, String username, String password) throws IOException { + return sftpLogin(host, SimpleClientConfigurator.DEFAULT_PORT, username, password); + } + + /** + * Creates an SFTP session using the provided credentials + * + * @param host The target host {@link InetAddress} + * @param port The target port + * @param username Username + * @param password Password + * @return Created {@link SftpClient} - Note: closing the client also closes its underlying + * session + * @throws IOException If failed to login or authenticate + */ + default SftpClient sftpLogin(InetAddress host, int port, String username, String password) throws IOException { + return sftpLogin(new InetSocketAddress(Objects.requireNonNull(host, "No host address"), port), username, password); + } + + /** + * Creates an SFTP session on the default port and logs in using the provided credentials + * + * @param host The target host {@link InetAddress} + * @param username Username + * @param identity The {@link KeyPair} identity + * @return Created {@link SftpClient} - Note: closing the client also closes its underlying + * session + * @throws IOException If failed to login or authenticate + */ + default SftpClient sftpLogin(InetAddress host, String username, KeyPair identity) throws IOException { + return sftpLogin(host, SimpleClientConfigurator.DEFAULT_PORT, username, identity); + } + + /** + * Creates an SFTP session using the provided credentials + * + * @param host The target host {@link InetAddress} + * @param port The target port + * @param username Username + * @param identity The {@link KeyPair} identity + * @return Created {@link SftpClient} - Note: closing the client also closes its underlying + * session + * @throws IOException If failed to login or authenticate + */ + default SftpClient sftpLogin(InetAddress host, int port, String username, KeyPair identity) throws IOException { + return sftpLogin(new InetSocketAddress(Objects.requireNonNull(host, "No host address"), port), username, identity); + } + + /** + * Creates an SFTP session using the provided credentials + * + * @param target The target {@link SocketAddress} + * @param username Username + * @param password Password + * @return Created {@link SftpClient} - Note: closing the client also closes its underlying + * session + * @throws IOException If failed to login or authenticate + */ + SftpClient sftpLogin(SocketAddress target, String username, String password) throws IOException; + + /** + * Creates an SFTP session using the provided credentials + * + * @param target The target {@link SocketAddress} + * @param username Username + * @param identity The {@link KeyPair} identity + * @return Created {@link SftpClient} - Note: closing the client also closes its underlying + * session + * @throws IOException If failed to login or authenticate + */ + SftpClient sftpLogin(SocketAddress target, String username, KeyPair identity) throws IOException; + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/SshClient.java b/files-sftp/src/main/java/org/apache/sshd/client/SshClient.java new file mode 100644 index 0000000..0743024 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/SshClient.java @@ -0,0 +1,875 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client; + +import java.io.IOException; +import java.net.InetSocketAddress; +import java.net.SocketAddress; +import java.net.SocketTimeoutException; +import java.net.URI; +import java.nio.channels.UnsupportedAddressTypeException; +import java.nio.file.LinkOption; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.time.Duration; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.Iterator; +import java.util.List; +import java.util.Objects; +import java.util.concurrent.CopyOnWriteArrayList; +import java.util.concurrent.atomic.AtomicBoolean; +import java.util.stream.Collectors; + +import org.apache.sshd.client.auth.AuthenticationIdentitiesProvider; +import org.apache.sshd.client.auth.UserAuthFactory; +import org.apache.sshd.client.auth.hostbased.HostBasedAuthenticationReporter; +import org.apache.sshd.client.auth.keyboard.UserAuthKeyboardInteractiveFactory; +import org.apache.sshd.client.auth.keyboard.UserInteraction; +import org.apache.sshd.client.auth.password.PasswordAuthenticationReporter; +import org.apache.sshd.client.auth.password.PasswordIdentityProvider; +import org.apache.sshd.client.auth.password.UserAuthPasswordFactory; +import org.apache.sshd.client.auth.pubkey.PublicKeyAuthenticationReporter; +import org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyFactory; +import org.apache.sshd.client.config.hosts.HostConfigEntry; +import org.apache.sshd.client.config.hosts.HostConfigEntryResolver; +import org.apache.sshd.client.config.keys.ClientIdentity; +import org.apache.sshd.client.config.keys.ClientIdentityLoader; +import org.apache.sshd.client.config.keys.DefaultClientIdentitiesWatcher; +import org.apache.sshd.client.future.AuthFuture; +import org.apache.sshd.client.future.ConnectFuture; +import org.apache.sshd.client.future.DefaultConnectFuture; +import org.apache.sshd.client.keyverifier.ServerKeyVerifier; +import org.apache.sshd.client.session.AbstractClientSession; +import org.apache.sshd.client.session.ClientConnectionServiceFactory; +import org.apache.sshd.client.session.ClientProxyConnector; +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.client.session.ClientUserAuthServiceFactory; +import org.apache.sshd.client.session.SessionFactory; +import org.apache.sshd.client.session.forward.ExplicitPortForwardingTracker; +import org.apache.sshd.client.simple.AbstractSimpleClientSessionCreator; +import org.apache.sshd.client.simple.SimpleClient; +import org.apache.sshd.common.AttributeRepository; +import org.apache.sshd.common.Closeable; +import org.apache.sshd.common.Factory; +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.ServiceFactory; +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.config.keys.PublicKeyEntry; +import org.apache.sshd.common.future.SshFutureListener; +import org.apache.sshd.common.helpers.AbstractFactoryManager; +import org.apache.sshd.common.io.IoConnectFuture; +import org.apache.sshd.common.io.IoConnector; +import org.apache.sshd.common.io.IoSession; +import org.apache.sshd.common.keyprovider.KeyIdentityProvider; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.session.helpers.AbstractSession; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.io.resource.PathResource; +import org.apache.sshd.common.util.net.SshdSocketAddress; +import org.apache.sshd.common.CoreModuleProperties; + +/** + *

    + * Entry point for the client side of the SSH protocol. + *

    + * + *

    + * The default configured client can be created using the {@link #setUpDefaultClient()}. The next step is to configure + * and then start the client using the {@link #start()} method. + *

    + * + *

    + * Sessions can then be created using on of the {@link #connect(String, String, int)} or + * {@link #connect(String, SocketAddress)} methods. + *

    + * + *

    + * The client can be stopped any time using the {@link #stop()} method. + *

    + * + *

    + * Following is an example of using the {@code SshClient}: + *

    + * + * 
    + * 
+ * try (SshClient client = SshClient.setUpDefaultClient()) {
+ *      ...further configuration of the client...
+ *      client.start();
+ *
+ *      try (ClientSession session = client.connect(login, host, port)
+ *                  .verify(...timeout...)
+ *                  .getSession()) {
+ *          session.addPasswordIdentity(password);
+ *          session.auth().verify(...timeout...);
+ *
+ *          try (ClientChannel channel = session.createChannel(ClientChannel.CHANNEL_SHELL)) {
+ *              channel.setIn(new NoCloseInputStream(System.in));
+ *              channel.setOut(new NoCloseOutputStream(System.out));
+ *              channel.setErr(new NoCloseOutputStream(System.err));
+ *              channel.open();
+ *              channel.waitFor(ClientChannel.CLOSED, 0);
+ *          } finally {
+ *              session.close(false);
+ *          }
+ *    } finally {
+ *        client.stop();
+ *    }
+ * }
+ * 
+ *
    + * + * Note: the idea is to have one {@code SshClient} instance for the entire application and re-use it + * repeatedly in order to create as many sessions as necessary - possibly with different hosts, ports, users, passwords, + * etc. - including concurrently. In other words, except for exceptional cases, it is recommended to initialize + * one instance of {@code SshClient} for the application and then use throughout - including for multi-threading. As + * long as the {@code SshClient} is not re-configured it should be multi-thread safe regardless of the target session + * being created. + * + * @author Apache MINA SSHD Project + */ +public class SshClient extends AbstractFactoryManager implements ClientFactoryManager, Closeable { + public static final Factory DEFAULT_SSH_CLIENT_FACTORY = SshClient::new; + + /** + * Default user authentication preferences if not set + * + * @see ssh_config(5) - PreferredAuthentications + */ + public static final List DEFAULT_USER_AUTH_FACTORIES = Collections.unmodifiableList( + Arrays.asList( + UserAuthPublicKeyFactory.INSTANCE, + UserAuthKeyboardInteractiveFactory.INSTANCE, + UserAuthPasswordFactory.INSTANCE)); + public static final List DEFAULT_SERVICE_FACTORIES = Collections.unmodifiableList( + Arrays.asList( + ClientUserAuthServiceFactory.INSTANCE, + ClientConnectionServiceFactory.INSTANCE)); + + protected IoConnector connector; + protected SessionFactory sessionFactory; + protected List userAuthFactories; + + private ClientProxyConnector proxyConnector; + private ServerKeyVerifier serverKeyVerifier; + private HostConfigEntryResolver hostConfigEntryResolver; + private ClientIdentityLoader clientIdentityLoader; + private KeyIdentityProvider keyIdentityProvider; + private PublicKeyAuthenticationReporter publicKeyAuthenticationReporter; + private FilePasswordProvider filePasswordProvider; + private PasswordIdentityProvider passwordIdentityProvider; + private PasswordAuthenticationReporter passwordAuthenticationReporter; + private HostBasedAuthenticationReporter hostBasedAuthenticationReporter; + private UserInteraction userInteraction; + + private final List identities = new CopyOnWriteArrayList<>(); + private final AuthenticationIdentitiesProvider identitiesProvider; + private final AtomicBoolean started = new AtomicBoolean(false); + + public SshClient() { + identitiesProvider = AuthenticationIdentitiesProvider.wrapIdentities(identities); + } + + public SessionFactory getSessionFactory() { + return sessionFactory; + } + + public void setSessionFactory(SessionFactory sessionFactory) { + this.sessionFactory = sessionFactory; + } + + @Override + public ClientProxyConnector getClientProxyConnector() { + return proxyConnector; + } + + @Override + public void setClientProxyConnector(ClientProxyConnector proxyConnector) { + this.proxyConnector = proxyConnector; + } + + @Override + public ServerKeyVerifier getServerKeyVerifier() { + return serverKeyVerifier; + } + + @Override + public void setServerKeyVerifier(ServerKeyVerifier serverKeyVerifier) { + this.serverKeyVerifier = Objects.requireNonNull(serverKeyVerifier, "No server key verifier"); + } + + @Override + public HostConfigEntryResolver getHostConfigEntryResolver() { + return hostConfigEntryResolver; + } + + @Override + public void setHostConfigEntryResolver(HostConfigEntryResolver resolver) { + this.hostConfigEntryResolver = Objects.requireNonNull(resolver, "No host configuration entry resolver"); + } + + @Override + public FilePasswordProvider getFilePasswordProvider() { + return filePasswordProvider; + } + + @Override + public void setFilePasswordProvider(FilePasswordProvider provider) { + this.filePasswordProvider = Objects.requireNonNull(provider, "No file password provider"); + } + + @Override + public ClientIdentityLoader getClientIdentityLoader() { + return clientIdentityLoader; + } + + @Override + public void setClientIdentityLoader(ClientIdentityLoader loader) { + this.clientIdentityLoader = Objects.requireNonNull(loader, "No client identity loader"); + } + + @Override + public UserInteraction getUserInteraction() { + return userInteraction; + } + + @Override + public void setUserInteraction(UserInteraction userInteraction) { + this.userInteraction = userInteraction; + } + + @Override + public PasswordAuthenticationReporter getPasswordAuthenticationReporter() { + return passwordAuthenticationReporter; + } + + @Override + public void setPasswordAuthenticationReporter(PasswordAuthenticationReporter reporter) { + this.passwordAuthenticationReporter = reporter; + } + + @Override + public HostBasedAuthenticationReporter getHostBasedAuthenticationReporter() { + return hostBasedAuthenticationReporter; + } + + @Override + public void setHostBasedAuthenticationReporter(HostBasedAuthenticationReporter reporter) { + this.hostBasedAuthenticationReporter = reporter; + } + + @Override + public List getUserAuthFactories() { + return userAuthFactories; + } + + @Override + public void setUserAuthFactories(List userAuthFactories) { + this.userAuthFactories = ValidateUtils.checkNotNullAndNotEmpty(userAuthFactories, "No user auth factories"); + } + + @Override + public AuthenticationIdentitiesProvider getRegisteredIdentities() { + return identitiesProvider; + } + + @Override + public PasswordIdentityProvider getPasswordIdentityProvider() { + return passwordIdentityProvider; + } + + @Override + public void setPasswordIdentityProvider(PasswordIdentityProvider provider) { + passwordIdentityProvider = provider; + } + + @Override + public void addPasswordIdentity(String password) { + // DO NOT USE checkNotNullOrNotEmpty SINCE IT TRIMS THE RESULT + ValidateUtils.checkTrue((password != null) && (!password.isEmpty()), "No password provided"); + identities.add(password); + } + + @Override + public String removePasswordIdentity(String password) { + if (GenericUtils.isEmpty(password)) { + return null; + } + + int index = AuthenticationIdentitiesProvider.findIdentityIndex( + identities, AuthenticationIdentitiesProvider.PASSWORD_IDENTITY_COMPARATOR, password); + if (index >= 0) { + return (String) identities.remove(index); + } else { + return null; + } + } + + @Override + public void addPublicKeyIdentity(KeyPair kp) { + Objects.requireNonNull(kp, "No key-pair to add"); + Objects.requireNonNull(kp.getPublic(), "No public key"); + Objects.requireNonNull(kp.getPrivate(), "No private key"); + + identities.add(kp); + + } + + @Override + public KeyPair removePublicKeyIdentity(KeyPair kp) { + if (kp == null) { + return null; + } + + int index = AuthenticationIdentitiesProvider.findIdentityIndex( + identities, AuthenticationIdentitiesProvider.KEYPAIR_IDENTITY_COMPARATOR, kp); + if (index >= 0) { + return (KeyPair) identities.remove(index); + } else { + return null; + } + } + + @Override + public KeyIdentityProvider getKeyIdentityProvider() { + return keyIdentityProvider; + } + + @Override + public void setKeyIdentityProvider(KeyIdentityProvider keyIdentityProvider) { + this.keyIdentityProvider = keyIdentityProvider; + } + + @Override + public PublicKeyAuthenticationReporter getPublicKeyAuthenticationReporter() { + return publicKeyAuthenticationReporter; + } + + @Override + public void setPublicKeyAuthenticationReporter(PublicKeyAuthenticationReporter reporter) { + this.publicKeyAuthenticationReporter = reporter; + } + + @Override + protected void checkConfig() { + super.checkConfig(); + + Objects.requireNonNull(getServerKeyVerifier(), "ServerKeyVerifier not set"); + Objects.requireNonNull(getHostConfigEntryResolver(), "HostConfigEntryResolver not set"); + Objects.requireNonNull(getClientIdentityLoader(), "ClientIdentityLoader not set"); + Objects.requireNonNull(getFilePasswordProvider(), "FilePasswordProvider not set"); + + // if no client identities override use the default + KeyIdentityProvider defaultIdentities = getKeyIdentityProvider(); + if (defaultIdentities == null) { + KeyIdentityProvider idsWatcher = new DefaultClientIdentitiesWatcher( + this::getClientIdentityLoader, this::getFilePasswordProvider); + setKeyIdentityProvider(idsWatcher); + } + + if (GenericUtils.isEmpty(getServiceFactories())) { + setServiceFactories(DEFAULT_SERVICE_FACTORIES); + } + + if (GenericUtils.isEmpty(getUserAuthFactories())) { + setUserAuthFactories(DEFAULT_USER_AUTH_FACTORIES); + } + } + + public boolean isStarted() { + return started.get(); + } + + /** + * Starts the SSH client and can start creating sessions using it. Ignored if already {@link #isStarted() started}. + */ + public void start() { + if (isClosed()) { + throw new IllegalStateException("Can not start the client again"); + } + if (isStarted()) { + return; + } + + checkConfig(); + if (sessionFactory == null) { + sessionFactory = createSessionFactory(); + } + + setupSessionTimeout(sessionFactory); + + connector = createConnector(); + started.set(true); + } + + public void stop() { + if (!started.getAndSet(false)) { + return; + } + + try { + Duration maxWait = CoreModuleProperties.STOP_WAIT_TIME.getRequired(this); + boolean successful = close(true).await(maxWait); + if (!successful) { + throw new SocketTimeoutException( + "Failed to receive closure confirmation within " + maxWait + " millis"); + } + } catch (IOException e) { + } finally { + // clear the attributes since we close stop the client + clearAttributes(); + } + } + + public void open() throws IOException { + start(); + } + + @Override + protected Closeable getInnerCloseable() { + Object closeId = toString(); + return builder() + .run(closeId, () -> removeSessionTimeout(sessionFactory)) + .sequential(connector, ioServiceFactory) + .run(closeId, () -> { + connector = null; + ioServiceFactory = null; + if (shutdownExecutor && (executor != null) && (!executor.isShutdown())) { + try { + executor.shutdownNow(); + } finally { + executor = null; + } + } + }) + .build(); + } + + @Override + public ConnectFuture connect(String uriStr) throws IOException { + Objects.requireNonNull(uriStr, "No uri address"); + URI uri = URI.create(uriStr.contains("//") ? uriStr : "ssh://" + uriStr); + if (GenericUtils.isNotEmpty(uri.getScheme()) && !"ssh".equals(uri.getScheme())) { + throw new IllegalArgumentException("Unsupported scheme for uri: " + uri); + } + String host = uri.getHost(); + int port = uri.getPort(); + String userInfo = uri.getUserInfo(); + return connect(userInfo, host, port); + } + + @Override + public ConnectFuture connect( + String username, SocketAddress targetAddress, + AttributeRepository context, SocketAddress localAddress) + throws IOException { + Objects.requireNonNull(targetAddress, "No target address"); + if (!(targetAddress instanceof InetSocketAddress)) { + throw new UnsupportedAddressTypeException(); + } + InetSocketAddress inetAddress = (InetSocketAddress) targetAddress; + String host = ValidateUtils.checkNotNullAndNotEmpty(inetAddress.getHostString(), "No host"); + int port = inetAddress.getPort(); + ValidateUtils.checkTrue(port > 0, "Invalid port: %d", port); + return connect(username, host, port, context, localAddress); + } + + @Override + public ConnectFuture connect( + String username, String host, int port, + AttributeRepository context, SocketAddress localAddress) + throws IOException { + HostConfigEntry entry = resolveHost(username, host, port, context, localAddress); + return connect(entry, context, localAddress); + } + + @Override + public ConnectFuture connect( + HostConfigEntry hostConfig, AttributeRepository context, SocketAddress localAddress) + throws IOException { + List jumps = parseProxyJumps(hostConfig.getProxyJump(), context); + return doConnect(hostConfig, jumps, context, localAddress); + } + + protected ConnectFuture doConnect( + HostConfigEntry hostConfig, List jumps, + AttributeRepository context, SocketAddress localAddress) + throws IOException { + Objects.requireNonNull(hostConfig, "No host configuration"); + String host = ValidateUtils.checkNotNullAndNotEmpty(hostConfig.getHostName(), "No target host"); + int port = hostConfig.getPort(); + ValidateUtils.checkTrue(port > 0, "Invalid port: %d", port); + Collection hostIds = hostConfig.getIdentities(); + Collection idFiles = GenericUtils.stream(hostIds) + .map(Paths::get) + .map(PathResource::new) + .collect(Collectors.toCollection(() -> new ArrayList<>(hostIds.size()))); + KeyIdentityProvider keys = preloadClientIdentities(idFiles); + String username = hostConfig.getUsername(); + InetSocketAddress targetAddress = new InetSocketAddress(hostConfig.getHostName(), hostConfig.getPort()); + if (GenericUtils.isNotEmpty(jumps)) { + ConnectFuture connectFuture = new DefaultConnectFuture(username + "@" + targetAddress, null); + HostConfigEntry jump = jumps.remove(0); + ConnectFuture f1 = doConnect(jump, jumps, context, null); + f1.addListener(f2 -> { + if (f2.isConnected()) { + ClientSession proxySession = f2.getClientSession(); + try { + AuthFuture auth = proxySession.auth(); + auth.addListener(f3 -> { + if (f3.isSuccess()) { + try { + SshdSocketAddress address + = new SshdSocketAddress(hostConfig.getHostName(), hostConfig.getPort()); + ExplicitPortForwardingTracker tracker = proxySession + .createLocalPortForwardingTracker(SshdSocketAddress.LOCALHOST_ADDRESS, address); + SshdSocketAddress bound = tracker.getBoundAddress(); + ConnectFuture f4 = doConnect(hostConfig.getUsername(), bound.toInetSocketAddress(), + context, localAddress, keys, !hostConfig.isIdentitiesOnly()); + f4.addListener(f5 -> { + if (f5.isConnected()) { + ClientSession clientSession = f5.getClientSession(); + clientSession.setAttribute(TARGET_SERVER, address); + connectFuture.setSession(clientSession); + proxySession.addCloseFutureListener(f6 -> clientSession.close(true)); + clientSession.addCloseFutureListener(f6 -> proxySession.close(true)); + } else { + proxySession.close(true); + connectFuture.setException(f5.getException()); + } + }); + } catch (IOException e) { + proxySession.close(true); + connectFuture.setException(e); + } + } else { + proxySession.close(true); + connectFuture.setException(f3.getException()); + } + }); + } catch (IOException e) { + proxySession.close(true); + connectFuture.setException(e); + } + } else { + connectFuture.setException(f2.getException()); + } + }); + return connectFuture; + } else { + return doConnect(hostConfig.getUsername(), new InetSocketAddress(host, port), + context, localAddress, keys, !hostConfig.isIdentitiesOnly()); + } + } + + protected ConnectFuture doConnect( + String username, SocketAddress targetAddress, + AttributeRepository context, SocketAddress localAddress, + KeyIdentityProvider identities, boolean useDefaultIdentities) + throws IOException { + if (connector == null) { + throw new IllegalStateException( + "SshClient not started. Please call start() method before connecting to a server"); + } + + ConnectFuture connectFuture = new DefaultConnectFuture(username + "@" + targetAddress, null); + SshFutureListener listener = createConnectCompletionListener( + connectFuture, username, targetAddress, identities, useDefaultIdentities); + IoConnectFuture connectingFuture = connector.connect(targetAddress, context, localAddress); + connectingFuture.addListener(listener); + return connectFuture; + } + + protected List parseProxyJumps(String proxyJump, AttributeRepository context) throws IOException { + List jumps = new ArrayList<>(); + for (String jump : GenericUtils.split(proxyJump, ',')) { + String j = jump.trim(); + URI uri = URI.create(j.contains("//") ? j : "ssh://" + j); + if (GenericUtils.isNotEmpty(uri.getScheme()) && !"ssh".equals(uri.getScheme())) { + throw new IllegalArgumentException("Unsupported scheme for proxy jump: " + jump); + } + String host = uri.getHost(); + int port = uri.getPort(); + String userInfo = uri.getUserInfo(); + HostConfigEntry entry = resolveHost(userInfo, host, port, context, null); + jumps.add(entry); + } + return jumps; + } + + protected HostConfigEntry resolveHost( + String username, String host, int port, AttributeRepository context, SocketAddress localAddress) + throws IOException { + HostConfigEntryResolver resolver = getHostConfigEntryResolver(); + HostConfigEntry entry = resolver.resolveEffectiveHost(host, port, localAddress, username, null, context); + if (entry == null) { + + // IPv6 addresses have a format which means they need special treatment, separate from pattern validation + if (SshdSocketAddress.isIPv6Address(host)) { + // Not using a pattern as the host name passed in was a valid IPv6 address + entry = new HostConfigEntry("", host, port, username, null); + } else { + entry = new HostConfigEntry(host, host, port, username, null); + } + } else { + } + return entry; + } + + protected KeyIdentityProvider preloadClientIdentities( + Collection locations) + throws IOException { + return GenericUtils.isEmpty(locations) + ? KeyIdentityProvider.EMPTY_KEYS_PROVIDER + : ClientIdentityLoader.asKeyIdentityProvider( + Objects.requireNonNull(getClientIdentityLoader(), "No ClientIdentityLoader"), + locations, getFilePasswordProvider(), + CoreModuleProperties.IGNORE_INVALID_IDENTITIES.getRequired(this)); + } + + protected SshFutureListener createConnectCompletionListener( + ConnectFuture connectFuture, String username, SocketAddress address, + KeyIdentityProvider identities, boolean useDefaultIdentities) { + return new SshFutureListener() { + @Override + @SuppressWarnings("synthetic-access") + public void operationComplete(IoConnectFuture future) { + if (future.isCanceled()) { + connectFuture.cancel(); + return; + } + + Throwable t = future.getException(); + if (t != null) { + connectFuture.setException(t); + } else { + IoSession ioSession = future.getSession(); + try { + onConnectOperationComplete(ioSession, connectFuture, username, address, identities, + useDefaultIdentities); + } catch (RuntimeException e) { + connectFuture.setException(e); + + ioSession.close(true); + } + } + } + + @Override + public String toString() { + return "ConnectCompletionListener[" + username + "@" + address + "]"; + } + }; + } + + protected void onConnectOperationComplete( + IoSession ioSession, ConnectFuture connectFuture, String username, + SocketAddress address, KeyIdentityProvider identities, boolean useDefaultIdentities) { + AbstractClientSession session = (AbstractClientSession) AbstractSession.getSession(ioSession); + session.setUsername(username); + session.setConnectAddress(address); + + if (useDefaultIdentities) { + setupDefaultSessionIdentities(session, identities); + } else { + session.setKeyIdentityProvider( + (identities == null) + ? KeyIdentityProvider.EMPTY_KEYS_PROVIDER + : identities); + } + + connectFuture.setSession(session); + } + + protected void setupDefaultSessionIdentities( + ClientSession session, KeyIdentityProvider extraIdentities) { + // check if session listener intervened + KeyIdentityProvider kpSession = session.getKeyIdentityProvider(); + KeyIdentityProvider kpClient = getKeyIdentityProvider(); + if (GenericUtils.isSameReference(kpSession, kpClient)) { + } + + // Prefer the extra identities to come first since they were probably indicate by the host-config entry + KeyIdentityProvider kpEffective = KeyIdentityProvider.resolveKeyIdentityProvider(extraIdentities, kpSession); + if (!GenericUtils.isSameReference(kpSession, kpEffective)) { + session.setKeyIdentityProvider(kpEffective); + } + + PasswordIdentityProvider passSession = session.getPasswordIdentityProvider(); + PasswordIdentityProvider passClient = getPasswordIdentityProvider(); + if (!GenericUtils.isSameReference(passSession, passClient)) { + } + + AuthenticationIdentitiesProvider idsClient = getRegisteredIdentities(); + for (Iterator iter = GenericUtils.iteratorOf((idsClient == null) ? null : idsClient.loadIdentities()); + iter.hasNext();) { + Object id = iter.next(); + if (id instanceof String) { + session.addPasswordIdentity((String) id); + } else if (id instanceof KeyPair) { + KeyPair kp = (KeyPair) id; + session.addPublicKeyIdentity(kp); + } else { + } + } + } + + protected IoConnector createConnector() { + return getIoServiceFactory().createConnector(getSessionFactory()); + } + + protected SessionFactory createSessionFactory() { + return new SessionFactory(this); + } + + @Override + public String toString() { + return getClass().getSimpleName() + "[" + Integer.toHexString(hashCode()) + "]"; + } + + /** + * Setup a default client, starts it and then wraps it as a {@link SimpleClient} + * + * @return The {@link SimpleClient} wrapper. Note: when the wrapper is closed the client is also stopped + * @see #setUpDefaultClient() + * @see #wrapAsSimpleClient(SshClient) + */ + public static SimpleClient setUpDefaultSimpleClient() { + SshClient client = setUpDefaultClient(); + client.start(); + return wrapAsSimpleClient(client); + } + + /** + * Wraps an {@link SshClient} instance as a {@link SimpleClient} + * + * @param client The client instance - never {@code null}. Note: client must be started before the + * simple client wrapper is used. + * @return The {@link SimpleClient} wrapper. Note: when the wrapper is closed the client is also + * stopped + */ + public static SimpleClient wrapAsSimpleClient(SshClient client) { + Objects.requireNonNull(client, "No client instance"); + // wrap the client so that close() is also stop() + final java.nio.channels.Channel channel = new java.nio.channels.Channel() { + @Override + public boolean isOpen() { + return client.isOpen(); + } + + @Override + public void close() throws IOException { + Exception err = null; + try { + client.close(); + } catch (Exception e) { + err = GenericUtils.accumulateException(err, e); + } + + try { + client.stop(); + } catch (Exception e) { + err = GenericUtils.accumulateException(err, e); + } + + if (err != null) { + if (err instanceof IOException) { + throw (IOException) err; + } else { + throw new IOException(err); + } + } + } + }; + + return AbstractSimpleClientSessionCreator.wrap(client, channel); + } + + /** + * Setup a default client. The client does not require any additional setup. + * + * @return a newly create {@link SshClient} with default configurations + */ + public static SshClient setUpDefaultClient() { + ClientBuilder builder = ClientBuilder.builder(); + return builder.build(); + } + + /** + * @param The generic client class + * @param client The {@link SshClient} to updated + * @param strict If {@code true} then files that do not have the required access rights are + * excluded from consideration + * @param supportedOnly If {@code true} then ignore identities that are not supported internally + * @param provider A {@link FilePasswordProvider} - may be {@code null} if the loaded keys are + * guaranteed not to be encrypted. The argument to + * {@code FilePasswordProvider#getPassword} is the path of the file whose key is to + * be loaded + * @param options The {@link LinkOption}s to apply when checking for existence + * @return The updated client instance - provided a non-{@code null} + * {@link KeyPairProvider} was generated + * @throws IOException If failed to access the file system + * @throws GeneralSecurityException If failed to load the keys + * @see #setKeyPairProvider(SshClient, Path, boolean, boolean, FilePasswordProvider, + * LinkOption...) + */ + public static C setKeyPairProvider( + C client, boolean strict, boolean supportedOnly, FilePasswordProvider provider, LinkOption... options) + throws IOException, GeneralSecurityException { + return setKeyPairProvider( + client, PublicKeyEntry.getDefaultKeysFolderPath(), strict, supportedOnly, provider, options); + } + + /** + * @param The generic client class + * @param client The {@link SshClient} to updated + * @param dir The folder to scan for the built-in identities + * @param strict If {@code true} then files that do not have the required access rights are + * excluded from consideration + * @param supportedOnly If {@code true} then ignore identities that are not supported internally + * @param provider A {@link FilePasswordProvider} - may be {@code null} if the loaded keys are + * guaranteed not to be encrypted. The argument to + * {@code FilePasswordProvider#getPassword} is the path of the file whose key is to + * be loaded + * @param options The {@link LinkOption}s to apply when checking for existence + * @return The updated client instance - provided a non-{@code null} + * {@link KeyIdentityProvider} was generated + * @throws IOException If failed to access the file system + * @throws GeneralSecurityException If failed to load the keys + * @see ClientIdentity#loadDefaultKeyPairProvider(Path, boolean, boolean, + * FilePasswordProvider, LinkOption...) + */ + public static C setKeyPairProvider( + C client, Path dir, boolean strict, boolean supportedOnly, FilePasswordProvider provider, LinkOption... options) + throws IOException, GeneralSecurityException { + KeyIdentityProvider kpp = ClientIdentity.loadDefaultKeyPairProvider(dir, strict, supportedOnly, provider, options); + if (kpp != null) { + client.setKeyIdentityProvider(kpp); + } + + return client; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/AbstractUserAuth.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/AbstractUserAuth.java new file mode 100644 index 0000000..f48dc87 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/AbstractUserAuth.java @@ -0,0 +1,88 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.auth; + +import java.util.Objects; + +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractUserAuth implements UserAuth { + private final String name; + private ClientSession clientSession; + private String service; + + protected AbstractUserAuth(String name) { + this.name = ValidateUtils.checkNotNullAndNotEmpty(name, "No name"); + } + + @Override + public ClientSession getClientSession() { + return clientSession; + } + + @Override + public ClientSession getSession() { + return getClientSession(); + } + + @Override + public final String getName() { + return name; + } + + public String getService() { + return service; + } + + @Override + public void init(ClientSession session, String service) throws Exception { + this.clientSession = Objects.requireNonNull(session, "No client session"); + this.service = ValidateUtils.checkNotNullAndNotEmpty(service, "No service"); + } + + @Override + public boolean process(Buffer buffer) throws Exception { + ClientSession session = getClientSession(); + String service = getService(); + if (buffer == null) { + return sendAuthDataRequest(session, service); + } else { + return processAuthDataRequest(session, service, buffer); + } + } + + protected abstract boolean sendAuthDataRequest(ClientSession session, String service) throws Exception; + + protected abstract boolean processAuthDataRequest(ClientSession session, String service, Buffer buffer) throws Exception; + + @Override + public void destroy() { + } + + @Override + public String toString() { + return getName() + ": " + getSession() + "[" + getService() + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/AbstractUserAuthFactory.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/AbstractUserAuthFactory.java new file mode 100644 index 0000000..e609ccd --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/AbstractUserAuthFactory.java @@ -0,0 +1,34 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.auth; + +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.auth.AbstractUserAuthMethodFactory; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractUserAuthFactory + extends AbstractUserAuthMethodFactory + implements UserAuthFactory { + protected AbstractUserAuthFactory(String name) { + super(name); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/AuthenticationIdentitiesProvider.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/AuthenticationIdentitiesProvider.java new file mode 100644 index 0000000..3b54c9d --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/AuthenticationIdentitiesProvider.java @@ -0,0 +1,101 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.auth; + +import java.security.KeyPair; +import java.util.Comparator; +import java.util.List; + +import org.apache.sshd.client.auth.password.PasswordIdentityProvider; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.keyprovider.KeyIdentityProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.helper.LazyMatchingTypeIterable; + +/** + * @author Apache MINA SSHD Project + */ +public interface AuthenticationIdentitiesProvider extends KeyIdentityProvider, PasswordIdentityProvider { + + /** + * Compares 2 password identities - returns zero ONLY if both compared objects are {@link String}s and equal + * to each other + */ + Comparator PASSWORD_IDENTITY_COMPARATOR = (o1, o2) -> { + if (!(o1 instanceof String) || !(o2 instanceof String)) { + return -1; + } else { + return ((String) o1).compareTo((String) o2); + } + }; + + /** + * Compares 2 {@link KeyPair} identities - returns zero ONLY if both compared objects are {@link KeyPair}s + * and equal to each other + */ + Comparator KEYPAIR_IDENTITY_COMPARATOR = (o1, o2) -> { + if ((!(o1 instanceof KeyPair)) || (!(o2 instanceof KeyPair))) { + return -1; + } else if (KeyUtils.compareKeyPairs((KeyPair) o1, (KeyPair) o2)) { + return 0; + } else { + return 1; + } + }; + + /** + * @return All the currently available identities - passwords, keys, etc... + */ + Iterable loadIdentities(); + + static int findIdentityIndex(List identities, Comparator comp, Object target) { + for (int index = 0; index < identities.size(); index++) { + Object value = identities.get(index); + if (comp.compare(value, target) == 0) { + return index; + } + } + + return -1; + } + + /** + * @param identities The {@link Iterable} identities - OK if {@code null}/empty + * @return An {@link AuthenticationIdentitiesProvider} wrapping the identities + */ + static AuthenticationIdentitiesProvider wrapIdentities(Iterable identities) { + return new AuthenticationIdentitiesProvider() { + @Override + public Iterable loadKeys(SessionContext session) { + return LazyMatchingTypeIterable.lazySelectMatchingTypes(identities, KeyPair.class); + } + + @Override + public Iterable loadPasswords() { + return LazyMatchingTypeIterable.lazySelectMatchingTypes(identities, String.class); + } + + @Override + public Iterable loadIdentities() { + return LazyMatchingTypeIterable.lazySelectMatchingTypes(identities, Object.class); + } + }; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/BuiltinUserAuthFactories.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/BuiltinUserAuthFactories.java new file mode 100644 index 0000000..a43c5d6 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/BuiltinUserAuthFactories.java @@ -0,0 +1,140 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.auth; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.EnumSet; +import java.util.List; +import java.util.Objects; +import java.util.Set; + +import org.apache.sshd.client.auth.hostbased.UserAuthHostBasedFactory; +import org.apache.sshd.client.auth.keyboard.UserAuthKeyboardInteractiveFactory; +import org.apache.sshd.client.auth.password.UserAuthPasswordFactory; +import org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyFactory; +import org.apache.sshd.common.Factory; +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.config.NamedFactoriesListParseResult; +import org.apache.sshd.common.util.GenericUtils; + +/** + * Provides a centralized location for the default built-in authentication factories + * + * @author Apache MINA SSHD Project + */ +public enum BuiltinUserAuthFactories implements NamedFactory { + PASSWORD(UserAuthPasswordFactory.INSTANCE), + PUBLICKEY(UserAuthPublicKeyFactory.INSTANCE), + KBINTERACTIVE(UserAuthKeyboardInteractiveFactory.INSTANCE), + HOSTBASED(UserAuthHostBasedFactory.INSTANCE); + + public static final Set VALUES + = Collections.unmodifiableSet(EnumSet.allOf(BuiltinUserAuthFactories.class)); + + private final UserAuthFactory factory; + + BuiltinUserAuthFactories(UserAuthFactory factory) { + this.factory = Objects.requireNonNull(factory, "No delegate factory instance"); + } + + @Override + public UserAuthFactory create() { + return factory; + } + + @Override + public String getName() { + return factory.getName(); + } + + /** + * @param name The factory name (case insensitive) - ignored if {@code null}/empty + * @return The matching factory instance - {@code null} if no match found + */ + public static UserAuthFactory fromFactoryName(String name) { + Factory factory = NamedResource.findByName(name, String.CASE_INSENSITIVE_ORDER, VALUES); + if (factory == null) { + return null; + } + + return factory.create(); + } + + /** + * @param factories A comma-separated list of factories' names - ignored if {@code null}/empty + * @return A {@link ParseResult} containing the successfully parsed factories and the unknown ones. + * Note: it is up to caller to ensure that the lists do not contain duplicates + */ + public static ParseResult parseFactoriesList(String factories) { + return parseFactoriesList(GenericUtils.split(factories, ',')); + } + + public static ParseResult parseFactoriesList(String... factories) { + return parseFactoriesList( + GenericUtils.isEmpty((Object[]) factories) ? Collections.emptyList() : Arrays.asList(factories)); + } + + public static ParseResult parseFactoriesList(Collection factories) { + if (GenericUtils.isEmpty(factories)) { + return ParseResult.EMPTY; + } + + List resolved = new ArrayList<>(factories.size()); + List unknown = Collections.emptyList(); + for (String name : factories) { + UserAuthFactory c = resolveFactory(name); + if (c != null) { + resolved.add(c); + } else { + // replace the (unmodifiable) empty list with a real one + if (unknown.isEmpty()) { + unknown = new ArrayList<>(); + } + unknown.add(name); + } + } + + return new ParseResult(resolved, unknown); + } + + public static UserAuthFactory resolveFactory(String name) { + if (GenericUtils.isEmpty(name)) { + return null; + } + + return fromFactoryName(name); + } + + /** + * Holds the result of {@link BuiltinUserAuthFactories#parseFactoriesList(String)} + * + * @author Apache MINA SSHD Project + */ + public static class ParseResult extends NamedFactoriesListParseResult { + public static final ParseResult EMPTY = new ParseResult(Collections.emptyList(), Collections.emptyList()); + + public ParseResult(List parsed, List unsupported) { + super(parsed, unsupported); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/UserAuth.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/UserAuth.java new file mode 100644 index 0000000..1822584 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/UserAuth.java @@ -0,0 +1,84 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.auth; + +import java.util.List; + +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.client.session.ClientSessionHolder; +import org.apache.sshd.common.auth.UserAuthInstance; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * Represents a user authentication mechanism + * + * @author Apache MINA SSHD Project + */ +public interface UserAuth extends ClientSessionHolder, UserAuthInstance { + /** + * @param session The {@link ClientSession} + * @param service The requesting service name + * @throws Exception If failed to initialize the mechanism + */ + void init(ClientSession session, String service) throws Exception; + + /** + * @param buffer The {@link Buffer} to process - {@code null} if not a response buffer, i.e., the underlying + * authentication mechanism should initiate whatever challenge/response mechanism is required + * @return {@code true} if request handled - {@code false} if the next authentication mechanism should be + * used + * @throws Exception If failed to process the request + */ + boolean process(Buffer buffer) throws Exception; + + /** + * Signal reception of {@code SSH_MSG_USERAUTH_SUCCESS} message + * + * @param session The {@link ClientSession} + * @param service The requesting service name + * @param buffer The {@link Buffer} containing the success message (after having consumed the relevant data from + * it) + * @throws Exception If failed to handle the callback - Note: may cause session close + */ + default void signalAuthMethodSuccess(ClientSession session, String service, Buffer buffer) throws Exception { + // ignored + } + + /** + * Signals reception of {@code SSH_MSG_USERAUTH_FAILURE} message + * + * @param session The {@link ClientSession} + * @param service The requesting service name + * @param partial {@code true} if some partial authentication success so far + * @param serverMethods The {@link List} of authentication methods that can continue + * @param buffer The {@link Buffer} containing the failure message (after having consumed the relevant data + * from it) + * @throws Exception If failed to handle the callback - Note: may cause session close + */ + default void signalAuthMethodFailure( + ClientSession session, String service, boolean partial, List serverMethods, Buffer buffer) + throws Exception { + // ignored + } + + /** + * Called to release any allocated resources + */ + void destroy(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/UserAuthFactory.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/UserAuthFactory.java new file mode 100644 index 0000000..31426b1 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/UserAuthFactory.java @@ -0,0 +1,31 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.auth; + +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.auth.UserAuthMethodFactory; + +/** + * @author Apache MINA SSHD Project + */ +// CHECKSTYLE:OFF +public interface UserAuthFactory extends UserAuthMethodFactory { + // nothing extra +} +//CHECKSTYLE:ON diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/hostbased/HostBasedAuthenticationReporter.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/hostbased/HostBasedAuthenticationReporter.java new file mode 100644 index 0000000..749b5bc --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/hostbased/HostBasedAuthenticationReporter.java @@ -0,0 +1,99 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.auth.hostbased; + +import java.security.KeyPair; +import java.util.List; + +import org.apache.sshd.client.session.ClientSession; + +/** + * Provides report about the client side host-based authentication progress + * + * @see RFC-4252 section 9 + * @author Apache MINA SSHD Project + */ +public interface HostBasedAuthenticationReporter { + /** + * Sending the initial request to use host based authentication + * + * @param session The {@link ClientSession} + * @param service The requesting service name + * @param identity The {@link KeyPair} identity being attempted + * @param hostname The host name value sent to the server + * @param username The username value sent to the server + * @param signature The signature data that is being sent to the server + * @throws Exception If failed to handle the callback - Note: may cause session close + */ + default void signalAuthenticationAttempt( + ClientSession session, String service, KeyPair identity, String hostname, String username, byte[] signature) + throws Exception { + // ignored + } + + /** + * Signals end of host based attempts and optionally switching to other authentication methods. Note: neither + * {@link #signalAuthenticationSuccess(ClientSession, String, KeyPair, String, String) signalAuthenticationSuccess} + * nor {@link #signalAuthenticationFailure(ClientSession, String, KeyPair, String, String, boolean, List) + * signalAuthenticationFailure} are invoked. + * + * @param session The {@link ClientSession} + * @param service The requesting service name + * @param hostname The host name value sent to the server + * @param username The username value sent to the server + * @throws Exception If failed to handle the callback - Note: may cause session close + */ + default void signalAuthenticationExhausted( + ClientSession session, String service, String hostname, String username) + throws Exception { + // ignored + } + + /** + * @param session The {@link ClientSession} + * @param service The requesting service name + * @param identity The {@link KeyPair} identity being attempted + * @param hostname The host name value sent to the server + * @param username The username value sent to the server + * @throws Exception If failed to handle the callback - Note: may cause session close + */ + default void signalAuthenticationSuccess( + ClientSession session, String service, KeyPair identity, String hostname, String username) + throws Exception { + // ignored + } + + /** + * @param session The {@link ClientSession} + * @param service The requesting service name + * @param identity The {@link KeyPair} identity being attempted + * @param hostname The host name value sent to the server + * @param username The username value sent to the server + * @param partial {@code true} if some partial authentication success so far + * @param serverMethods The {@link List} of authentication methods that can continue + * @throws Exception If failed to handle the callback - Note: may cause session close + */ + default void signalAuthenticationFailure( + ClientSession session, String service, KeyPair identity, + String hostname, String username, boolean partial, List serverMethods) + throws Exception { + // ignored + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/hostbased/HostKeyIdentityProvider.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/hostbased/HostKeyIdentityProvider.java new file mode 100644 index 0000000..3df5601 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/hostbased/HostKeyIdentityProvider.java @@ -0,0 +1,54 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.auth.hostbased; + +import java.security.KeyPair; +import java.security.cert.X509Certificate; +import java.util.AbstractMap.SimpleImmutableEntry; +import java.util.Collections; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +import org.apache.sshd.common.util.GenericUtils; + +/** + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface HostKeyIdentityProvider { + /** + * @return The host keys as a {@link Map.Entry} of key + certificates (which can be {@code null}/empty) + */ + Iterable>> loadHostKeys(); + + static Iterator>> iteratorOf(HostKeyIdentityProvider provider) { + return GenericUtils.iteratorOf((provider == null) ? null : provider.loadHostKeys()); + } + + static HostKeyIdentityProvider wrap(KeyPair... pairs) { + return wrap(GenericUtils.asList(pairs)); + } + + static HostKeyIdentityProvider wrap(Iterable pairs) { + return () -> GenericUtils.wrapIterable(pairs, + kp -> new SimpleImmutableEntry<>(kp, Collections. emptyList())); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/hostbased/UserAuthHostBased.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/hostbased/UserAuthHostBased.java new file mode 100644 index 0000000..302dc31 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/hostbased/UserAuthHostBased.java @@ -0,0 +1,253 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.auth.hostbased; + +import java.security.KeyPair; +import java.security.PublicKey; +import java.security.cert.X509Certificate; +import java.util.Collection; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +import org.apache.sshd.client.auth.AbstractUserAuth; +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.signature.Signature; +import org.apache.sshd.common.signature.SignatureFactoriesManager; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.OsUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.BufferUtils; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.common.util.net.SshdSocketAddress; + +/** + * @author Apache MINA SSHD Project + */ +public class UserAuthHostBased extends AbstractUserAuth implements SignatureFactoriesManager { + public static final String NAME = UserAuthHostBasedFactory.NAME; + + protected Iterator>> keys; + protected Map.Entry> keyInfo; + protected final HostKeyIdentityProvider clientHostKeys; + private List> factories; + private String clientUsername; + private String clientHostname; + + public UserAuthHostBased(HostKeyIdentityProvider clientHostKeys) { + super(NAME); + this.clientHostKeys = clientHostKeys; // OK if null + } + + @Override + public void init(ClientSession session, String service) throws Exception { + super.init(session, service); + keys = HostKeyIdentityProvider.iteratorOf(clientHostKeys); // in case multiple calls to the method + } + + @Override + public List> getSignatureFactories() { + return factories; + } + + @Override + public void setSignatureFactories(List> factories) { + this.factories = factories; + } + + public String getClientUsername() { + return clientUsername; + } + + public void setClientUsername(String clientUsername) { + this.clientUsername = clientUsername; + } + + public String getClientHostname() { + return clientHostname; + } + + public void setClientHostname(String clientHostname) { + this.clientHostname = clientHostname; + } + + @Override + protected boolean sendAuthDataRequest(ClientSession session, String service) throws Exception { + String name = getName(); + String clientUsername = resolveClientUsername(session); + String clientHostname = resolveClientHostname(session); + HostBasedAuthenticationReporter reporter = session.getHostBasedAuthenticationReporter(); + keyInfo = ((keys != null) && keys.hasNext()) ? keys.next() : null; + if (keyInfo == null) { + + if (reporter != null) { + reporter.signalAuthenticationExhausted(session, service, clientUsername, clientHostname); + } + + return false; + } + + KeyPair kp = keyInfo.getKey(); + PublicKey pub = kp.getPublic(); + String keyType = KeyUtils.getKeyType(pub); + + Collection> factories = ValidateUtils.checkNotNullAndNotEmpty( + SignatureFactoriesManager.resolveSignatureFactories(this, session), + "No signature factories for session=%s", + session); + Signature verifier = ValidateUtils.checkNotNull( + NamedFactory.create(factories, keyType), + "No signer could be located for key type=%s", + keyType); + + byte[] id = session.getSessionId(); + String username = session.getUsername(); + + Buffer buffer = session.createBuffer(SshConstants.SSH_MSG_USERAUTH_REQUEST, + id.length + username.length() + service.length() + + clientUsername.length() + + clientHostname.length() + + keyType.length() + + ByteArrayBuffer.DEFAULT_SIZE + Long.SIZE); + buffer.clear(); + + buffer.putRawPublicKey(pub); + + Collection certs = keyInfo.getValue(); + if (GenericUtils.size(certs) > 0) { + for (X509Certificate c : certs) { + // TODO make sure this yields DER encoding + buffer.putRawBytes(c.getEncoded()); + } + } + verifier.initSigner(session, kp.getPrivate()); + + byte[] keyBytes = buffer.getCompactData(); + buffer = session.prepareBuffer( + SshConstants.SSH_MSG_USERAUTH_REQUEST, BufferUtils.clear(buffer)); + buffer.putString(username); + buffer.putString(service); + buffer.putString(name); + buffer.putString(keyType); + buffer.putBytes(keyBytes); + buffer.putString(clientHostname); + buffer.putString(clientUsername); + + byte[] signature = appendSignature( + session, service, keyType, pub, keyBytes, + clientHostname, clientUsername, verifier, buffer); + if (reporter != null) { + reporter.signalAuthenticationAttempt( + session, service, kp, clientHostname, clientUsername, signature); + } + + session.writePacket(buffer); + return true; + } + + @SuppressWarnings("checkstyle:ParameterNumber") + protected byte[] appendSignature( + ClientSession session, String service, + String keyType, PublicKey key, byte[] keyBytes, + String clientHostname, String clientUsername, + Signature verifier, Buffer buffer) + throws Exception { + byte[] id = session.getSessionId(); + String username = session.getUsername(); + String name = getName(); + Buffer bs = new ByteArrayBuffer( + id.length + username.length() + service.length() + name.length() + + keyType.length() + keyBytes.length + + clientHostname.length() + clientUsername.length() + + ByteArrayBuffer.DEFAULT_SIZE + Long.SIZE, + false); + bs.putBytes(id); + bs.putByte(SshConstants.SSH_MSG_USERAUTH_REQUEST); + bs.putString(username); + bs.putString(service); + bs.putString(name); + bs.putString(keyType); + bs.putBytes(keyBytes); + bs.putString(clientHostname); + bs.putString(clientUsername); + + verifier.update(session, bs.array(), bs.rpos(), bs.available()); + byte[] signature = verifier.sign(session); + + bs.clear(); + + bs.putString(keyType); + bs.putBytes(signature); + buffer.putBytes(bs.array(), bs.rpos(), bs.available()); + return signature; + } + + @Override + protected boolean processAuthDataRequest( + ClientSession session, String service, Buffer buffer) + throws Exception { + int cmd = buffer.getUByte(); + throw new IllegalStateException( + "processAuthDataRequest(" + session + ")[" + service + "]" + + " received unknown packet: cmd=" + SshConstants.getCommandMessageName(cmd)); + } + + @Override + public void signalAuthMethodSuccess(ClientSession session, String service, Buffer buffer) throws Exception { + HostBasedAuthenticationReporter reporter = session.getHostBasedAuthenticationReporter(); + if (reporter != null) { + reporter.signalAuthenticationSuccess( + session, service, (keyInfo == null) ? null : keyInfo.getKey(), + resolveClientHostname(session), resolveClientUsername(session)); + } + } + + @Override + public void signalAuthMethodFailure( + ClientSession session, String service, boolean partial, List serverMethods, Buffer buffer) + throws Exception { + HostBasedAuthenticationReporter reporter = session.getHostBasedAuthenticationReporter(); + if (reporter != null) { + reporter.signalAuthenticationFailure( + session, service, (keyInfo == null) ? null : keyInfo.getKey(), + resolveClientHostname(session), resolveClientUsername(session), + partial, serverMethods); + } + } + + protected String resolveClientUsername(ClientSession session) { + String value = getClientUsername(); + return GenericUtils.isEmpty(value) ? OsUtils.getCurrentUser() : value; + } + + protected String resolveClientHostname(ClientSession session) { + String value = getClientHostname(); + if (GenericUtils.isEmpty(value)) { + value = SshdSocketAddress.toAddressString( + SshdSocketAddress.getFirstExternalNetwork4Address()); + } + + return GenericUtils.isEmpty(value) ? SshdSocketAddress.LOCALHOST_IPV4 : value; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/hostbased/UserAuthHostBasedFactory.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/hostbased/UserAuthHostBasedFactory.java new file mode 100644 index 0000000..de00c8c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/hostbased/UserAuthHostBasedFactory.java @@ -0,0 +1,138 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.auth.hostbased; + +import java.io.IOException; +import java.util.List; + +import org.apache.sshd.client.auth.AbstractUserAuthFactory; +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.signature.Signature; +import org.apache.sshd.common.signature.SignatureFactoriesManager; +import org.apache.sshd.common.util.GenericUtils; + +/** + * @author Apache MINA SSHD Project + */ +public class UserAuthHostBasedFactory extends AbstractUserAuthFactory implements SignatureFactoriesManager { + public static final String NAME = HOST_BASED; + public static final UserAuthHostBasedFactory INSTANCE = new UserAuthHostBasedFactory() { + @Override + public List> getSignatureFactories() { + return null; + } + + @Override + public void setSignatureFactories(List> factories) { + if (!GenericUtils.isEmpty(factories)) { + throw new UnsupportedOperationException("Not allowed to change default instance signature factories"); + } + } + + @Override + public HostKeyIdentityProvider getClientHostKeys() { + return null; + } + + @Override + public void setClientHostKeys(HostKeyIdentityProvider clientHostKeys) { + if (clientHostKeys != null) { + throw new UnsupportedOperationException("Not allowed to change default instance client host keys"); + } + } + + @Override + public String getClientUsername() { + return null; + } + + @Override + public void setClientUsername(String clientUsername) { + if (!GenericUtils.isEmpty(clientUsername)) { + throw new UnsupportedOperationException("Not allowed to change default instance client username"); + } + } + + @Override + public String getClientHostname() { + return null; + } + + @Override + public void setClientHostname(String clientHostname) { + if (!GenericUtils.isEmpty(clientHostname)) { + throw new UnsupportedOperationException("Not allowed to change default instance client hostname"); + } + } + }; + + private List> factories; + private HostKeyIdentityProvider clientHostKeys; + private String clientUsername; + private String clientHostname; + + public UserAuthHostBasedFactory() { + super(NAME); + } + + @Override + public List> getSignatureFactories() { + return factories; + } + + @Override + public void setSignatureFactories(List> factories) { + this.factories = factories; + } + + public HostKeyIdentityProvider getClientHostKeys() { + return clientHostKeys; + } + + public void setClientHostKeys(HostKeyIdentityProvider clientHostKeys) { + this.clientHostKeys = clientHostKeys; + } + + public String getClientUsername() { + return clientUsername; + } + + public void setClientUsername(String clientUsername) { + this.clientUsername = clientUsername; + } + + public String getClientHostname() { + return clientHostname; + } + + public void setClientHostname(String clientHostname) { + this.clientHostname = clientHostname; + } + + @Override + public UserAuthHostBased createUserAuth(ClientSession session) throws IOException { + UserAuthHostBased auth = new UserAuthHostBased(getClientHostKeys()); + auth.setClientHostname(getClientHostname()); + auth.setClientUsername(getClientUsername()); + auth.setSignatureFactories(getSignatureFactories()); + return auth; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/keyboard/UserAuthKeyboardInteractive.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/keyboard/UserAuthKeyboardInteractive.java new file mode 100644 index 0000000..9278ccb --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/keyboard/UserAuthKeyboardInteractive.java @@ -0,0 +1,291 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.auth.keyboard; + +import java.util.Iterator; +import java.util.concurrent.atomic.AtomicBoolean; +import java.util.concurrent.atomic.AtomicInteger; + +import org.apache.sshd.client.auth.AbstractUserAuth; +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.PropertyResolverUtils; +import org.apache.sshd.common.RuntimeSshException; +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.CoreModuleProperties; + +/** + * Manages a "keyboard-interactive" exchange according to + * RFC4256 + * + * @author Apache MINA SSHD Project + */ +public class UserAuthKeyboardInteractive extends AbstractUserAuth { + public static final String NAME = UserAuthKeyboardInteractiveFactory.NAME; + + private final AtomicBoolean requestPending = new AtomicBoolean(false); + private final AtomicInteger trialsCount = new AtomicInteger(0); + private final AtomicInteger emptyCount = new AtomicInteger(0); + private Iterator passwords; + private int maxTrials; + + public UserAuthKeyboardInteractive() { + super(NAME); + } + + @Override + public void init(ClientSession session, String service) throws Exception { + super.init(session, service); + passwords = ClientSession.passwordIteratorOf(session); + maxTrials = CoreModuleProperties.PASSWORD_PROMPTS.getRequired(session); + ValidateUtils.checkTrue(maxTrials > 0, "Non-positive max. trials: %d", maxTrials); + } + + @Override + protected boolean sendAuthDataRequest(ClientSession session, String service) throws Exception { + String name = getName(); + if (requestPending.get()) { + return false; + } + + if (!verifyTrialsCount(session, service, SshConstants.SSH_MSG_USERAUTH_REQUEST, trialsCount.get(), maxTrials)) { + return false; + } + + String username = session.getUsername(); + String lang = getExchangeLanguageTag(session); + String subMethods = getExchangeSubMethods(session); + + Buffer buffer = session.createBuffer(SshConstants.SSH_MSG_USERAUTH_REQUEST, + username.length() + service.length() + name.length() + + GenericUtils.length(lang) + + GenericUtils.length(subMethods) + + Long.SIZE /* + * a bit extra for the + * lengths + */); + buffer.putString(username); + buffer.putString(service); + buffer.putString(name); + buffer.putString(lang); + buffer.putString(subMethods); + requestPending.set(true); + session.writePacket(buffer); + return true; + } + + @Override + protected boolean processAuthDataRequest(ClientSession session, String service, Buffer buffer) throws Exception { + int cmd = buffer.getUByte(); + if (cmd != SshConstants.SSH_MSG_USERAUTH_INFO_REQUEST) { + throw new IllegalStateException( + "processAuthDataRequest(" + session + ")[" + service + "]" + + " received unknown packet: cmd=" + SshConstants.getCommandMessageName(cmd)); + } + + requestPending.set(false); + + String name = buffer.getString(); + String instruction = buffer.getString(); + String lang = buffer.getString(); + int num = buffer.getInt(); + // Protect against malicious or corrupted packets + if ((num < 0) || (num > SshConstants.SSH_REQUIRED_PAYLOAD_PACKET_LENGTH_SUPPORT)) { + throw new IndexOutOfBoundsException("Illogical challenges count: " + num); + } + + + // SSHD-866 + int retriesCount = (num > 0) ? trialsCount.incrementAndGet() : emptyCount.incrementAndGet(); + if (!verifyTrialsCount(session, service, cmd, retriesCount, maxTrials)) { + return false; + } + + String[] prompt = (num > 0) ? new String[num] : GenericUtils.EMPTY_STRING_ARRAY; + boolean[] echo = (num > 0) ? new boolean[num] : GenericUtils.EMPTY_BOOLEAN_ARRAY; + for (int i = 0; i < num; i++) { + // TODO according to RFC4256: "The prompt field(s) MUST NOT be empty strings." + prompt[i] = buffer.getString(); + echo[i] = buffer.getBoolean(); + + } + + String[] rep = getUserResponses(name, instruction, lang, prompt, echo); + if (rep == null) { + return false; + } + + /* + * According to RFC4256: + * + * If the num-responses field does not match the num-prompts field in the request message, the server MUST send + * a failure message. + * + * However it is the server's (!) responsibility to fail, so we only warn... + */ + if (num != rep.length) { + } + + int numResponses = rep.length; + buffer = session.createBuffer( + SshConstants.SSH_MSG_USERAUTH_INFO_RESPONSE, numResponses * Long.SIZE + Byte.SIZE); + buffer.putInt(numResponses); + for (int index = 0; index < numResponses; index++) { + String r = rep[index]; + buffer.putString(r); + } + + session.writePacket(buffer); + return true; + } + + protected String getExchangeLanguageTag(ClientSession session) { + return CoreModuleProperties.INTERACTIVE_LANGUAGE_TAG.getRequired(session); + } + + protected String getExchangeSubMethods(ClientSession session) { + return CoreModuleProperties.INTERACTIVE_SUBMETHODS.getRequired(session); + } + + protected String getCurrentPasswordCandidate() { + if ((passwords != null) && passwords.hasNext()) { + return passwords.next(); + } else { + return null; + } + } + + protected boolean verifyTrialsCount( + ClientSession session, String service, int cmd, int nbTrials, int maxAllowed) { + + return nbTrials <= maxAllowed; + } + + /** + * @param name The interaction name - may be empty + * @param instruction The instruction - may be empty + * @param lang The language tag - may be empty + * @param prompt The prompts - may be empty + * @param echo Whether to echo the response for the prompt or not - same length as the prompts + * @return The response for each prompt - if {@code null} then the assumption is that some internal + * error occurred and no response is sent. Note: according to + * RFC4256 the number of responses should be + * exactly the same as the number of prompts. However, since it is the server's + * responsibility to enforce this we do not validate the response (other than logging it as a + * warning...) + */ + protected String[] getUserResponses( + String name, String instruction, String lang, String[] prompt, boolean[] echo) { + ClientSession session = getClientSession(); + int num = GenericUtils.length(prompt); + /* + * According to RFC 4256 - section 3.4 + * + * In the case that the server sends a `0' num-prompts field in the request message, the client MUST send a + * response message with a `0' num-responses field to complete the exchange. + */ + if (num == 0) { + return GenericUtils.EMPTY_STRING_ARRAY; + } + + if (PropertyResolverUtils.getBooleanProperty( + session, UserInteraction.AUTO_DETECT_PASSWORD_PROMPT, + UserInteraction.DEFAULT_AUTO_DETECT_PASSWORD_PROMPT)) { + String candidate = getCurrentPasswordCandidate(); + if (useCurrentPassword(session, candidate, name, instruction, lang, prompt, echo)) { + return new String[] { candidate }; + } + } + + UserInteraction ui = session.getUserInteraction(); + try { + if ((ui != null) && ui.isInteractionAllowed(session)) { + return ui.interactive(session, name, instruction, lang, prompt, echo); + } + } catch (Error e) { + throw new RuntimeSshException(e); + } + + return null; + } + + /** + * Checks if we have a candidate password and exactly one prompt is requested with no echo, and the prompt + * matches a configurable pattern. + * + * @param session The {@link ClientSession} through which the request is received + * @param password The current password candidate to use + * @param name The service name + * @param instruction The request instruction + * @param lang The reported language tag + * @param prompt The requested prompts + * @param echo The matching prompts echo flags + * @return Whether to use the password candidate as reply to the prompts + * @see UserInteraction#INTERACTIVE_PASSWORD_PROMPT INTERACTIVE_PASSWORD_PROMPT + * @see UserInteraction#CHECK_INTERACTIVE_PASSWORD_DELIM CHECK_INTERACTIVE_PASSWORD_DELIM + */ + protected boolean useCurrentPassword( + ClientSession session, String password, String name, + String instruction, String lang, String[] prompt, boolean[] echo) { + int num = GenericUtils.length(prompt); + if ((num != 1) || (password == null) || echo[0]) { + return false; + } + + // check if prompt is something like "XXX password YYY:" + String value = GenericUtils.trimToEmpty(prompt[0]); + // Don't care about the case + value = value.toLowerCase(); + + String promptList = PropertyResolverUtils.getStringProperty( + session, UserInteraction.INTERACTIVE_PASSWORD_PROMPT, + UserInteraction.DEFAULT_INTERACTIVE_PASSWORD_PROMPT); + int passPos = UserInteraction.findPromptComponentLastPosition(value, promptList); + if (passPos < 0) { // no password keyword in prompt + return false; + } + + String delimList = PropertyResolverUtils.getStringProperty( + session, UserInteraction.CHECK_INTERACTIVE_PASSWORD_DELIM, + UserInteraction.DEFAULT_CHECK_INTERACTIVE_PASSWORD_DELIM); + if (PropertyResolverUtils.isNoneValue(delimList)) { + return true; + } + + int sepPos = UserInteraction.findPromptComponentLastPosition(value, delimList); + if (sepPos < passPos) { + return false; + } + + return true; + } + + public static String getAuthCommandName(int cmd) { + switch (cmd) { + case SshConstants.SSH_MSG_USERAUTH_REQUEST: + return "SSH_MSG_USERAUTH_REQUEST"; + case SshConstants.SSH_MSG_USERAUTH_INFO_REQUEST: + return "SSH_MSG_USERAUTH_INFO_REQUEST"; + default: + return SshConstants.getCommandMessageName(cmd); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/keyboard/UserAuthKeyboardInteractiveFactory.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/keyboard/UserAuthKeyboardInteractiveFactory.java new file mode 100644 index 0000000..47f1b34 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/keyboard/UserAuthKeyboardInteractiveFactory.java @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.auth.keyboard; + +import java.io.IOException; + +import org.apache.sshd.client.auth.AbstractUserAuthFactory; +import org.apache.sshd.client.session.ClientSession; + +/** + * @author Apache MINA SSHD Project + */ +public class UserAuthKeyboardInteractiveFactory extends AbstractUserAuthFactory { + public static final String NAME = KB_INTERACTIVE; + public static final UserAuthKeyboardInteractiveFactory INSTANCE = new UserAuthKeyboardInteractiveFactory(); + + public UserAuthKeyboardInteractiveFactory() { + super(NAME); + } + + @Override + public UserAuthKeyboardInteractive createUserAuth(ClientSession session) throws IOException { + return new UserAuthKeyboardInteractive(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/keyboard/UserInteraction.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/keyboard/UserInteraction.java new file mode 100644 index 0000000..53304c4 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/keyboard/UserInteraction.java @@ -0,0 +1,193 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.auth.keyboard; + +import java.security.KeyPair; +import java.util.List; + +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.util.GenericUtils; + +/** + * Interface used by the ssh client to communicate with the end user. + * + * @author Apache MINA SSHD Project + * @see RFC 4256 + */ +public interface UserInteraction { + /** + * Whether to auto-detect password challenge prompt + * + * @see #INTERACTIVE_PASSWORD_PROMPT + * @see #CHECK_INTERACTIVE_PASSWORD_DELIM + */ + String AUTO_DETECT_PASSWORD_PROMPT = "user-interaction-auto-detect-password-prompt"; + + /** Default value for {@value #AUTO_DETECT_PASSWORD_PROMPT} */ + boolean DEFAULT_AUTO_DETECT_PASSWORD_PROMPT = true; + + /** + * Comma separated list of values used to detect request for a password in interactive mode. Note: the + * matched prompt is assumed to be lowercase. + */ + String INTERACTIVE_PASSWORD_PROMPT = "user-interaction-password-prompt"; + + /** Default value for {@value #INTERACTIVE_PASSWORD_PROMPT} */ + String DEFAULT_INTERACTIVE_PASSWORD_PROMPT = "password"; + + /** + * If password prompt detected then check it ends with any of the comma separated list of these values. Use + * "none" to disable this extra check. Note: the matched prompt is assumed to be lowercase. + */ + String CHECK_INTERACTIVE_PASSWORD_DELIM = "user-interaction-check-password-delimiter"; + + /** Default value of {@value #CHECK_INTERACTIVE_PASSWORD_DELIM} */ + String DEFAULT_CHECK_INTERACTIVE_PASSWORD_DELIM = ":"; + + /** + * A useful "placeholder" that indicates that no interaction is expected. Note: throws + * {@link IllegalStateException} is any of the interaction methods is called + */ + UserInteraction NONE = new UserInteraction() { + @Override + public boolean isInteractionAllowed(ClientSession session) { + return false; + } + + @Override + public String[] interactive( + ClientSession session, String name, String instruction, + String lang, String[] prompt, boolean[] echo) { + throw new IllegalStateException("interactive(" + session + ")[" + name + "] unexpected call"); + } + + @Override + public String getUpdatedPassword(ClientSession session, String prompt, String lang) { + throw new IllegalStateException("getUpdatedPassword(" + session + ")[" + prompt + "] unexpected call"); + } + + @Override + public String toString() { + return "NONE"; + } + }; + + /** + * @param session The {@link ClientSession} + * @return {@code true} if user interaction allowed for this session (default) + */ + default boolean isInteractionAllowed(ClientSession session) { + return true; + } + + /** + * Called if the server sent any extra information beyond the standard version line + * + * @param session The {@link ClientSession} through which this information was received + * @param lines The sent extra lines - without the server version + * @see RFC 4253 - section 4.2 + */ + default void serverVersionInfo(ClientSession session, List lines) { + // do nothing + } + + /** + * Displays the welcome banner to the user. + * + * @param session The {@link ClientSession} through which the banner was received + * @param banner The welcome banner + * @param lang The banner language code - may be empty + */ + default void welcome(ClientSession session, String banner, String lang) { + // do nothing + } + + /** + * Invoked when "keyboard-interactive" authentication mechanism is used in order to provide responses for + * the server's challenges (a.k.a. prompts) + * + * @param session The {@link ClientSession} through which the request was received + * @param name The interaction name (may be empty) + * @param instruction The instruction (may be empty) + * @param lang The language for the data (may be empty) + * @param prompt The prompts to be displayed (may be empty) + * @param echo For each prompt whether to echo the user's response + * @return The replies - Note: the protocol states that the number of replies should be + * exactly the same as the number of prompts, however we do not enforce it since it is + * defined as the server's job to check and manage this violation. + */ + String[] interactive( + ClientSession session, String name, String instruction, String lang, String[] prompt, boolean[] echo); + + /** + * Invoked when the server returns an {@code SSH_MSG_USERAUTH_PASSWD_CHANGEREQ} response indicating that the + * password should be changed - e.g., expired or not strong enough (as per the server's policy). + * + * @param session The {@link ClientSession} through which the request was received + * @param prompt The server's prompt (may be empty) + * @param lang The prompt's language (may be empty) + * @return The password to use - if {@code null}/empty then no updated password was provided - thus failing + * the authentication via passwords (Note: authentication might still succeed via some other + * means - be it other passwords, public keys, etc...) + */ + String getUpdatedPassword(ClientSession session, String prompt, String lang); + + /** + * Invoked during password authentication when no more pre-registered passwords are available + * + * @param session The {@link ClientSession} through which the request was received + * @return The password to use - {@code null} signals no more passwords available + * @throws Exception if failed to handle the request - Note: may cause session termination + */ + default String resolveAuthPasswordAttempt(ClientSession session) throws Exception { + return null; + } + + /** + * Invoked during public key authentication when no more pre-registered keys are available + * + * @param session The {@link ClientSession} through which the request was received + * @return The {@link KeyPair} to use - {@code null} signals no more keys available + * @throws Exception if failed to handle the request - Note: may cause session termination + */ + default KeyPair resolveAuthPublicKeyIdentityAttempt(ClientSession session) throws Exception { + return null; + } + + /** + * @param prompt The user interaction prompt + * @param tokensList A comma-separated list of tokens whose last index is prompt is sought. + * @return The position of any token in the prompt - negative if not found + */ + static int findPromptComponentLastPosition(String prompt, String tokensList) { + if (GenericUtils.isEmpty(prompt) || GenericUtils.isEmpty(tokensList)) { + return -1; + } + + String[] tokens = GenericUtils.split(tokensList, ','); + for (String t : tokens) { + int pos = prompt.lastIndexOf(t); + if (pos >= 0) { + return pos; + } + } + + return -1; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/password/PasswordAuthenticationReporter.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/password/PasswordAuthenticationReporter.java new file mode 100644 index 0000000..1a0643e --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/password/PasswordAuthenticationReporter.java @@ -0,0 +1,84 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.auth.password; + +import java.util.List; + +import org.apache.sshd.client.session.ClientSession; + +/** + * Used to inform the about the progress of a password authentication + * + * @author Apache MINA SSHD Project + * @see RFC-4252 section 8 + */ +public interface PasswordAuthenticationReporter { + /** + * @param session The {@link ClientSession} + * @param service The requesting service name + * @param oldPassword The password being attempted + * @param modified {@code true} if this is an attempt due to {@code SSH_MSG_USERAUTH_PASSWD_CHANGEREQ} + * @param newPassword The changed password + * @throws Exception If failed to handle the callback - Note: may cause session close + */ + default void signalAuthenticationAttempt( + ClientSession session, String service, String oldPassword, boolean modified, String newPassword) + throws Exception { + // ignored + } + + /** + * Signals end of passwords attempts and optionally switching to other authentication methods. Note: neither + * {@link #signalAuthenticationSuccess(ClientSession, String, String) signalAuthenticationSuccess} nor + * {@link #signalAuthenticationFailure(ClientSession, String, String, boolean, List) signalAuthenticationFailure} + * are invoked. + * + * @param session The {@link ClientSession} + * @param service The requesting service name + * @throws Exception If failed to handle the callback - Note: may cause session close + */ + default void signalAuthenticationExhausted(ClientSession session, String service) throws Exception { + // ignored + } + + /** + * @param session The {@link ClientSession} + * @param service The requesting service name + * @param password The password that was attempted + * @throws Exception If failed to handle the callback - Note: may cause session close + */ + default void signalAuthenticationSuccess(ClientSession session, String service, String password) throws Exception { + // ignored + } + + /** + * @param session The {@link ClientSession} + * @param service The requesting service name + * @param password The password that was attempted + * @param partial {@code true} if some partial authentication success so far + * @param serverMethods The {@link List} of authentication methods that can continue + * @throws Exception If failed to handle the callback - Note: may cause session close + */ + default void signalAuthenticationFailure( + ClientSession session, String service, String password, boolean partial, List serverMethods) + throws Exception { + // ignored + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/password/PasswordIdentityProvider.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/password/PasswordIdentityProvider.java new file mode 100644 index 0000000..a0d6eca --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/password/PasswordIdentityProvider.java @@ -0,0 +1,166 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.auth.password; + +import java.util.Collection; +import java.util.Collections; +import java.util.Iterator; +import java.util.function.Function; +import java.util.function.Supplier; + +import org.apache.sshd.common.util.GenericUtils; + +/** + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface PasswordIdentityProvider { + + /** + * An "empty" implementation of {@link PasswordIdentityProvider} that returns and empty group of passwords + */ + PasswordIdentityProvider EMPTY_PASSWORDS_PROVIDER = new PasswordIdentityProvider() { + @Override + public Iterable loadPasswords() { + return Collections.emptyList(); + } + + @Override + public String toString() { + return "EMPTY"; + } + }; + + /** + * Invokes {@link PasswordIdentityProvider#loadPasswords()} and returns the result. Ignores {@code null} providers + * (i.e., returns an empty iterable instance) + */ + Function> LOADER + = p -> (p == null) ? Collections.emptyList() : p.loadPasswords(); + + /** + * @return The currently available passwords - ignored if {@code null} + */ + Iterable loadPasswords(); + + /** + * Creates a "unified" {@link Iterator} of passwords out of 2 possible {@link PasswordIdentityProvider} + * + * @param identities The registered passwords + * @param passwords Extra available passwords + * @return The wrapping iterator + * @see #resolvePasswordIdentityProvider(PasswordIdentityProvider, PasswordIdentityProvider) + */ + static Iterator iteratorOf(PasswordIdentityProvider identities, PasswordIdentityProvider passwords) { + return iteratorOf(resolvePasswordIdentityProvider(identities, passwords)); + } + + /** + * Resolves a non-{@code null} iterator of the available passwords + * + * @param provider The {@link PasswordIdentityProvider} - ignored if {@code null} (i.e., return an empty iterator) + * @return A non-{@code null} iterator - which may be empty if no provider or no passwords + */ + static Iterator iteratorOf(PasswordIdentityProvider provider) { + return GenericUtils.iteratorOf((provider == null) ? null : provider.loadPasswords()); + } + + /** + *

    + * Creates a "unified" {@link PasswordIdentityProvider} out of 2 possible ones as follows: + *

    + *
    + *
      + *
    • If both are {@code null} then return {@code null}.
      • + *
    • If either one is {@code null} then use the non-{@code null} one.
      • + *
    • If both are the same instance then use it. + *
    • Otherwise, returns a wrapper that groups both providers.
      • + *
    + * + * @param identities The registered passwords + * @param passwords The extra available passwords + * @return The resolved provider + * @see #multiProvider(PasswordIdentityProvider...) + */ + static PasswordIdentityProvider resolvePasswordIdentityProvider( + PasswordIdentityProvider identities, PasswordIdentityProvider passwords) { + if ((passwords == null) || (identities == passwords)) { + return identities; + } else if (identities == null) { + return passwords; + } else { + return multiProvider(identities, passwords); + } + } + + /** + * Wraps a group of {@link PasswordIdentityProvider} into a single one + * + * @param providers The providers - ignored if {@code null}/empty (i.e., returns {@link #EMPTY_PASSWORDS_PROVIDER} + * @return The wrapping provider + * @see #multiProvider(Collection) + */ + static PasswordIdentityProvider multiProvider(PasswordIdentityProvider... providers) { + return multiProvider(GenericUtils.asList(providers)); + } + + /** + * Wraps a group of {@link PasswordIdentityProvider} into a single one + * + * @param providers The providers - ignored if {@code null}/empty (i.e., returns {@link #EMPTY_PASSWORDS_PROVIDER} + * @return The wrapping provider + */ + static PasswordIdentityProvider multiProvider(Collection providers) { + return GenericUtils.isEmpty(providers) ? EMPTY_PASSWORDS_PROVIDER : wrapPasswords(iterableOf(providers)); + } + + /** + * Wraps a group of {@link PasswordIdentityProvider} into an {@link Iterable} of their combined passwords + * + * @param providers The providers - ignored if {@code null}/empty (i.e., returns an empty iterable instance) + * @return The wrapping iterable + */ + static Iterable iterableOf(Collection providers) { + Iterable>> passwordSuppliers = GenericUtils.>> wrapIterable(providers, p -> p::loadPasswords); + return GenericUtils.multiIterableSuppliers(passwordSuppliers); + } + + /** + * Wraps a group of passwords into a {@link PasswordIdentityProvider} + * + * @param passwords The passwords - ignored if {@code null}/empty (i.e., returns {@link #EMPTY_PASSWORDS_PROVIDER}) + * @return The provider wrapper + */ + static PasswordIdentityProvider wrapPasswords(String... passwords) { + return wrapPasswords(GenericUtils.asList(passwords)); + } + + /** + * Wraps a group of passwords into a {@link PasswordIdentityProvider} + * + * @param passwords The passwords {@link Iterable} - ignored if {@code null} (i.e., returns + * {@link #EMPTY_PASSWORDS_PROVIDER}) + * @return The provider wrapper + */ + static PasswordIdentityProvider wrapPasswords(Iterable passwords) { + return (passwords == null) ? EMPTY_PASSWORDS_PROVIDER : () -> passwords; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/password/UserAuthPassword.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/password/UserAuthPassword.java new file mode 100644 index 0000000..58c54bf --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/password/UserAuthPassword.java @@ -0,0 +1,205 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.auth.password; + +import java.util.Iterator; +import java.util.List; +import java.util.Objects; + +import org.apache.sshd.client.auth.AbstractUserAuth; +import org.apache.sshd.client.auth.keyboard.UserInteraction; +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.RuntimeSshException; +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.auth.UserAuthMethodFactory; +import org.apache.sshd.common.io.IoWriteFuture; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * Implements the client-side "password" authentication mechanism + * + * @author Apache MINA SSHD Project + */ +public class UserAuthPassword extends AbstractUserAuth { + public static final String NAME = UserAuthPasswordFactory.NAME; + + private Iterator passwords; + private String current; + + public UserAuthPassword() { + super(NAME); + } + + @Override + public void init(ClientSession session, String service) throws Exception { + super.init(session, service); + passwords = ClientSession.passwordIteratorOf(session); + } + + @Override + protected boolean sendAuthDataRequest(ClientSession session, String service) throws Exception { + if (!UserAuthMethodFactory.isSecureAuthenticationTransport(session)) { + return false; + } + + current = resolveAttemptedPassword(session, service); + if (current == null) { + + PasswordAuthenticationReporter reporter = session.getPasswordAuthenticationReporter(); + if (reporter != null) { + reporter.signalAuthenticationExhausted(session, service); + } + + return false; + } + + String username = session.getUsername(); + Buffer buffer = session.createBuffer(SshConstants.SSH_MSG_USERAUTH_REQUEST, + username.length() + service.length() + + GenericUtils.length(getName()) + + current.length() + + Integer.SIZE /* + * a few extra + * encoding fields + * overhead + */); + sendPassword(buffer, session, current, current); + return true; + } + + protected String resolveAttemptedPassword(ClientSession session, String service) throws Exception { + if ((passwords != null) && passwords.hasNext()) { + return passwords.next(); + } + + UserInteraction ui = session.getUserInteraction(); + if ((ui == null) || (!ui.isInteractionAllowed(session))) { + return null; + } + + return ui.resolveAuthPasswordAttempt(session); + } + + @Override + protected boolean processAuthDataRequest( + ClientSession session, String service, Buffer buffer) + throws Exception { + int cmd = buffer.getUByte(); + if (cmd != SshConstants.SSH_MSG_USERAUTH_PASSWD_CHANGEREQ) { + throw new IllegalStateException( + "processAuthDataRequest(" + session + ")[" + service + "]" + + " received unknown packet: cmd=" + SshConstants.getCommandMessageName(cmd)); + } + + if (!UserAuthMethodFactory.isSecureAuthenticationTransport(session)) { + return false; + } + + if (!UserAuthMethodFactory.isDataIntegrityAuthenticationTransport(session)) { + return false; + } + + String prompt = buffer.getString(); + String lang = buffer.getString(); + UserInteraction ui = session.getUserInteraction(); + boolean interactive; + String password; + try { + interactive = (ui != null) && ui.isInteractionAllowed(session); + password = interactive ? ui.getUpdatedPassword(session, prompt, lang) : null; + } catch (Error e) { + throw new RuntimeSshException(e); + } + + if (interactive) { + if (GenericUtils.isEmpty(password)) { + return false; + } else { + sendPassword(buffer, session, password, password); + return true; + } + } + + return false; + } + + /** + * Sends the password via a {@code SSH_MSG_USERAUTH_REQUEST} message. If old and new password are not the same then + * it requests a password modification from the server (which may be denied if the server does not support this + * feature). + * + * @param buffer The {@link Buffer} to re-use for sending the message + * @param session The target {@link ClientSession} + * @param oldPassword The previous password + * @param newPassword The new password + * @return An {@link IoWriteFuture} that can be used to wait and check on the success/failure of the + * request packet being sent + * @throws Exception If failed to send the message. + */ + protected IoWriteFuture sendPassword( + Buffer buffer, ClientSession session, String oldPassword, String newPassword) + throws Exception { + String username = session.getUsername(); + String service = getService(); + String name = getName(); + boolean modified = !Objects.equals(oldPassword, newPassword); + + buffer = session.createBuffer(SshConstants.SSH_MSG_USERAUTH_REQUEST, + GenericUtils.length(username) + GenericUtils.length(service) + + GenericUtils.length(name) + + GenericUtils.length(oldPassword) + + (modified ? GenericUtils.length(newPassword) : 0) + + Long.SIZE); + buffer.putString(username); + buffer.putString(service); + buffer.putString(name); + buffer.putBoolean(modified); + // see RFC-4252 section 8 + buffer.putString(oldPassword); + if (modified) { + buffer.putString(newPassword); + } + + PasswordAuthenticationReporter reporter = session.getPasswordAuthenticationReporter(); + if (reporter != null) { + reporter.signalAuthenticationAttempt(session, service, oldPassword, modified, newPassword); + } + + return session.writePacket(buffer); + } + + @Override + public void signalAuthMethodSuccess(ClientSession session, String service, Buffer buffer) throws Exception { + PasswordAuthenticationReporter reporter = session.getPasswordAuthenticationReporter(); + if (reporter != null) { + reporter.signalAuthenticationSuccess(session, service, current); + } + } + + @Override + public void signalAuthMethodFailure( + ClientSession session, String service, boolean partial, List serverMethods, Buffer buffer) + throws Exception { + PasswordAuthenticationReporter reporter = session.getPasswordAuthenticationReporter(); + if (reporter != null) { + reporter.signalAuthenticationFailure(session, service, current, partial, serverMethods); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/password/UserAuthPasswordFactory.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/password/UserAuthPasswordFactory.java new file mode 100644 index 0000000..e19526a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/password/UserAuthPasswordFactory.java @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.auth.password; + +import java.io.IOException; + +import org.apache.sshd.client.auth.AbstractUserAuthFactory; +import org.apache.sshd.client.session.ClientSession; + +/** + * @author Apache MINA SSHD Project + */ +public class UserAuthPasswordFactory extends AbstractUserAuthFactory { + public static final String NAME = PASSWORD; + public static final UserAuthPasswordFactory INSTANCE = new UserAuthPasswordFactory(); + + public UserAuthPasswordFactory() { + super(NAME); + } + + @Override + public UserAuthPassword createUserAuth(ClientSession session) throws IOException { + return new UserAuthPassword(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/pubkey/AbstractKeyPairIterator.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/pubkey/AbstractKeyPairIterator.java new file mode 100644 index 0000000..46a2fa9 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/pubkey/AbstractKeyPairIterator.java @@ -0,0 +1,61 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.auth.pubkey; + +import java.util.Iterator; +import java.util.Objects; + +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.client.session.ClientSessionHolder; +import org.apache.sshd.common.session.SessionHolder; + +/** + * @param Type of {@link PublicKeyIdentity} being iterated + * @author Apache MINA SSHD Project + */ +public abstract class AbstractKeyPairIterator + implements Iterator, SessionHolder, ClientSessionHolder { + + private final ClientSession session; + + protected AbstractKeyPairIterator(ClientSession session) { + this.session = Objects.requireNonNull(session, "No session"); + } + + @Override + public final ClientSession getClientSession() { + return session; + } + + @Override + public final ClientSession getSession() { + return getClientSession(); + } + + @Override + public void remove() { + throw new UnsupportedOperationException("No removal allowed"); + } + + @Override + public String toString() { + return getClass().getSimpleName() + "[" + getClientSession() + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/pubkey/KeyPairIdentity.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/pubkey/KeyPairIdentity.java new file mode 100644 index 0000000..6dfcf72 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/pubkey/KeyPairIdentity.java @@ -0,0 +1,97 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.auth.pubkey; + +import java.security.KeyPair; +import java.security.PublicKey; +import java.util.AbstractMap.SimpleImmutableEntry; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.Objects; + +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.signature.Signature; +import org.apache.sshd.common.signature.SignatureFactoriesHolder; +import org.apache.sshd.common.signature.SignatureFactoriesManager; +import org.apache.sshd.common.signature.SignatureFactory; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * Uses a {@link KeyPair} to generate the identity signature + * + * @author Apache MINA SSHD Project + */ +public class KeyPairIdentity implements PublicKeyIdentity, SignatureFactoriesHolder { + private final KeyPair pair; + private final List> signatureFactories; + + public KeyPairIdentity(SignatureFactoriesManager primary, SignatureFactoriesManager secondary, KeyPair pair) { + this.signatureFactories = Collections.unmodifiableList( + ValidateUtils.checkNotNullAndNotEmpty( + SignatureFactoriesManager.resolveSignatureFactories(primary, secondary), + "No available signature factories")); + this.pair = Objects.requireNonNull(pair, "No key pair"); + } + + @Override + public KeyPair getKeyIdentity() { + return pair; + } + + @Override + public List> getSignatureFactories() { + return signatureFactories; + } + + @Override + public Map.Entry sign(SessionContext session, String algo, byte[] data) throws Exception { + NamedFactory factory; + if (GenericUtils.isEmpty(algo)) { + KeyPair kp = getKeyIdentity(); + algo = KeyUtils.getKeyType(kp.getPublic()); + // SSHD-1104 check if the key type is aliased + factory = SignatureFactory.resolveSignatureFactory(algo, getSignatureFactories()); + } else { + factory = NamedResource.findByName(algo, String.CASE_INSENSITIVE_ORDER, getSignatureFactories()); + } + + Signature verifier = (factory == null) ? null : factory.create(); + ValidateUtils.checkNotNull(verifier, "No signer could be located for key type=%s", algo); + verifier.initSigner(session, pair.getPrivate()); + verifier.update(session, data); + + byte[] signature = verifier.sign(session); + return new SimpleImmutableEntry<>(factory.getName(), signature); + } + + @Override + public String toString() { + KeyPair kp = getKeyIdentity(); + PublicKey pubKey = kp.getPublic(); + return getClass().getSimpleName() + + " type=" + KeyUtils.getKeyType(pubKey) + + ", factories=" + getSignatureFactoriesNameList() + + ", fingerprint=" + KeyUtils.getFingerPrint(pubKey); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/pubkey/PublicKeyAuthenticationReporter.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/pubkey/PublicKeyAuthenticationReporter.java new file mode 100644 index 0000000..7719721 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/pubkey/PublicKeyAuthenticationReporter.java @@ -0,0 +1,106 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.auth.pubkey; + +import java.security.KeyPair; +import java.util.List; + +import org.apache.sshd.client.session.ClientSession; + +/** + * Provides report about the client side public key authentication progress + * + * @see RFC-4252 section 7 + * @author Apache MINA SSHD Project + */ +public interface PublicKeyAuthenticationReporter { + /** + * Sending the initial request to use public key authentication + * + * @param session The {@link ClientSession} + * @param service The requesting service name + * @param identity The {@link KeyPair} identity being attempted - Note: for agent based authentications the + * private key may be {@code null} + * @param signature The type of signature that is being used + * @throws Exception If failed to handle the callback - Note: may cause session close + */ + default void signalAuthenticationAttempt( + ClientSession session, String service, KeyPair identity, String signature) + throws Exception { + // ignored + } + + /** + * Signals end of public key attempts and optionally switching to other authentication methods. Note: neither + * {@link #signalAuthenticationSuccess(ClientSession, String, KeyPair) signalAuthenticationSuccess} nor + * {@link #signalAuthenticationFailure(ClientSession, String, KeyPair, boolean, List) signalAuthenticationFailure} + * are invoked. + * + * @param session The {@link ClientSession} + * @param service The requesting service name + * @throws Exception If failed to handle the callback - Note: may cause session close + */ + default void signalAuthenticationExhausted(ClientSession session, String service) throws Exception { + // ignored + } + + /** + * Sending the signed response to the server's challenge + * + * @param session The {@link ClientSession} + * @param service The requesting service name + * @param identity The {@link KeyPair} identity being attempted - Note: for agent based authentications the + * private key may be {@code null} + * @param signature The type of signature that is being used + * @param signed The generated signature data + * @throws Exception If failed to handle the callback - Note: may cause session close + */ + default void signalSignatureAttempt( + ClientSession session, String service, KeyPair identity, String signature, byte[] signed) + throws Exception { + // ignored + } + + /** + * @param session The {@link ClientSession} + * @param service The requesting service name + * @param identity The {@link KeyPair} identity being attempted - Note: for agent based authentications the + * private key may be {@code null} + * @throws Exception If failed to handle the callback - Note: may cause session close + */ + default void signalAuthenticationSuccess(ClientSession session, String service, KeyPair identity) throws Exception { + // ignored + } + + /** + * @param session The {@link ClientSession} + * @param service The requesting service name + * @param identity The {@link KeyPair} identity being attempted - Note: for agent based authentications + * the private key may be {@code null} + * @param partial {@code true} if some partial authentication success so far + * @param serverMethods The {@link List} of authentication methods that can continue + * @throws Exception If failed to handle the callback - Note: may cause session close + */ + default void signalAuthenticationFailure( + ClientSession session, String service, KeyPair identity, boolean partial, List serverMethods) + throws Exception { + // ignored + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/pubkey/PublicKeyIdentity.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/pubkey/PublicKeyIdentity.java new file mode 100644 index 0000000..f0f3634 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/pubkey/PublicKeyIdentity.java @@ -0,0 +1,50 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.auth.pubkey; + +import java.security.KeyPair; +import java.util.Map; + +import org.apache.sshd.common.session.SessionContext; + +/** + * Represents a public key identity + * + * @author Apache MINA SSHD Project + */ +public interface PublicKeyIdentity { + /** + * @return The {@link KeyPair} identity value + */ + KeyPair getKeyIdentity(); + + /** + * Proves the public key identity by signing the given data + * + * @param session The {@link SessionContext} for calling this method - may be {@code null} if not called within a + * session context + * @param algo Recommended signature algorithm - if {@code null}/empty then one will be selected based on the + * key type and/or signature factories. Note: even if specific algorithm specified, the + * implementation may disregard and choose another + * @param data Data to sign + * @return used algorithm + signed data - using the identity + * @throws Exception If failed to sign the data + */ + Map.Entry sign(SessionContext session, String algo, byte[] data) throws Exception; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/pubkey/SessionKeyPairIterator.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/pubkey/SessionKeyPairIterator.java new file mode 100644 index 0000000..8be46b5 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/pubkey/SessionKeyPairIterator.java @@ -0,0 +1,50 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.auth.pubkey; + +import java.security.KeyPair; +import java.util.Iterator; + +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.signature.SignatureFactoriesManager; + +/** + * @author Apache MINA SSHD Project + */ +public class SessionKeyPairIterator extends AbstractKeyPairIterator { + private final SignatureFactoriesManager signatureFactories; + private final Iterator keys; + + public SessionKeyPairIterator(ClientSession session, SignatureFactoriesManager signatureFactories, Iterator keys) { + super(session); + this.signatureFactories = signatureFactories; // OK if null + this.keys = keys; // OK if null + } + + @Override + public boolean hasNext() { + return (keys != null) && keys.hasNext(); + } + + @Override + public KeyPairIdentity next() { + return new KeyPairIdentity(signatureFactories, getClientSession(), keys.next()); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKey.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKey.java new file mode 100644 index 0000000..004b47a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKey.java @@ -0,0 +1,314 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.auth.pubkey; + +import java.io.Closeable; +import java.io.IOException; +import java.security.KeyPair; +import java.security.PublicKey; +import java.security.spec.InvalidKeySpecException; +import java.util.Collection; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +import org.apache.sshd.client.auth.AbstractUserAuth; +import org.apache.sshd.client.auth.keyboard.UserInteraction; +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.RuntimeSshException; +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.signature.Signature; +import org.apache.sshd.common.signature.SignatureFactoriesHolder; +import org.apache.sshd.common.signature.SignatureFactoriesManager; +import org.apache.sshd.common.signature.SignatureFactory; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.BufferUtils; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; + +/** + * Implements the "publickey" authentication mechanism + * + * @author Apache MINA SSHD Project + */ +public class UserAuthPublicKey extends AbstractUserAuth implements SignatureFactoriesManager { + public static final String NAME = UserAuthPublicKeyFactory.NAME; + + protected Iterator keys; + protected PublicKeyIdentity current; + protected List> factories; + + public UserAuthPublicKey() { + this(null); + } + + public UserAuthPublicKey(List> factories) { + super(NAME); + this.factories = factories; // OK if null/empty + } + + @Override + public List> getSignatureFactories() { + return factories; + } + + @Override + public void setSignatureFactories(List> factories) { + this.factories = factories; + } + + @Override + public void init(ClientSession session, String service) throws Exception { + super.init(session, service); + releaseKeys(); // just making sure in case multiple calls to the method + + try { + keys = new UserAuthPublicKeyIterator(session, this); + } catch (Error e) { + throw new RuntimeSshException(e); + } + } + + @Override + protected boolean sendAuthDataRequest(ClientSession session, String service) throws Exception { + try { + current = resolveAttemptedPublicKeyIdentity(session, service); + } catch (Error e) { + throw new RuntimeSshException(e); + } + + PublicKeyAuthenticationReporter reporter = session.getPublicKeyAuthenticationReporter(); + if (current == null) { + + if (reporter != null) { + reporter.signalAuthenticationExhausted(session, service); + } + + return false; + } + + + KeyPair keyPair; + try { + keyPair = current.getKeyIdentity(); + } catch (Error e) { + throw new RuntimeSshException(e); + } + + PublicKey pubKey = keyPair.getPublic(); + String keyType = KeyUtils.getKeyType(pubKey); + NamedFactory factory; + // SSHD-1104 check if the key type is aliased + if (current instanceof SignatureFactoriesHolder) { + factory = SignatureFactory.resolveSignatureFactory( + keyType, ((SignatureFactoriesHolder) current).getSignatureFactories()); + } else { + factory = SignatureFactory.resolveSignatureFactory(keyType, getSignatureFactories()); + } + + String algo = (factory == null) ? keyType : factory.getName(); + String name = getName(); + + if (reporter != null) { + reporter.signalAuthenticationAttempt(session, service, keyPair, algo); + } + + Buffer buffer = session.createBuffer(SshConstants.SSH_MSG_USERAUTH_REQUEST); + buffer.putString(session.getUsername()); + buffer.putString(service); + buffer.putString(name); + buffer.putBoolean(false); + buffer.putString(algo); + buffer.putPublicKey(pubKey); + session.writePacket(buffer); + return true; + } + + protected PublicKeyIdentity resolveAttemptedPublicKeyIdentity(ClientSession session, String service) throws Exception { + if ((keys != null) && keys.hasNext()) { + return keys.next(); + } + + UserInteraction ui = session.getUserInteraction(); + if ((ui == null) || (!ui.isInteractionAllowed(session))) { + return null; + } + + KeyPair kp = ui.resolveAuthPublicKeyIdentityAttempt(session); + if (kp == null) { + return null; + } + + return new KeyPairIdentity(this, session, kp); + } + + @Override + protected boolean processAuthDataRequest(ClientSession session, String service, Buffer buffer) throws Exception { + String name = getName(); + int cmd = buffer.getUByte(); + if (cmd != SshConstants.SSH_MSG_USERAUTH_PK_OK) { + throw new IllegalStateException( + "processAuthDataRequest(" + session + ")[" + service + "][" + name + "]" + + " received unknown packet: cmd=" + SshConstants.getCommandMessageName(cmd)); + } + + /* + * Make sure the server echo-ed the same key we sent as sanctioned by RFC4252 section 7 + */ + KeyPair keyPair; + try { + keyPair = current.getKeyIdentity(); + } catch (Error e) { + throw new RuntimeSshException(e); + } + + PublicKey pubKey = keyPair.getPublic(); + String curKeyType = KeyUtils.getKeyType(pubKey); + String rspKeyType = buffer.getString(); + Collection aliases = KeyUtils.getAllEquivalentKeyTypes(curKeyType); + String algo; + // SSHD-1104 see if key aliases used + if (GenericUtils.isEmpty(aliases)) { + algo = curKeyType; + if (!rspKeyType.equals(algo)) { + throw new InvalidKeySpecException( + "processAuthDataRequest(" + session + ")[" + service + "][" + name + "]" + + " mismatched key types: expected=" + algo + ", actual=" + rspKeyType); + } + } else { + if (GenericUtils.findFirstMatchingMember(n -> n.equalsIgnoreCase(rspKeyType), aliases) == null) { + throw new InvalidKeySpecException( + "processAuthDataRequest(" + session + ")[" + service + "][" + name + "]" + + " unsupported key type: expected=" + aliases + ", actual=" + rspKeyType); + } + algo = rspKeyType; + } + + PublicKey rspKey = buffer.getPublicKey(); + if (!KeyUtils.compareKeys(rspKey, pubKey)) { + throw new InvalidKeySpecException( + "processAuthDataRequest(" + session + ")[" + service + "][" + name + "]" + + " mismatched " + algo + " keys: expected=" + KeyUtils.getFingerPrint(pubKey) + + ", actual=" + KeyUtils.getFingerPrint(rspKey)); + } + + + String username = session.getUsername(); + buffer = session.createBuffer(SshConstants.SSH_MSG_USERAUTH_REQUEST, + GenericUtils.length(username) + GenericUtils.length(service) + + GenericUtils.length(name) + + GenericUtils.length(algo) + + ByteArrayBuffer.DEFAULT_SIZE + Long.SIZE); + buffer.putString(username); + buffer.putString(service); + buffer.putString(name); + buffer.putBoolean(true); + buffer.putString(algo); + buffer.putPublicKey(pubKey); + + byte[] sig = appendSignature(session, service, name, username, algo, pubKey, buffer); + PublicKeyAuthenticationReporter reporter = session.getPublicKeyAuthenticationReporter(); + if (reporter != null) { + reporter.signalSignatureAttempt(session, service, keyPair, algo, sig); + } + + session.writePacket(buffer); + return true; + } + + protected byte[] appendSignature( + ClientSession session, String service, String name, String username, String algo, PublicKey key, Buffer buffer) + throws Exception { + byte[] id = session.getSessionId(); + Buffer bs = new ByteArrayBuffer( + id.length + username.length() + service.length() + name.length() + + algo.length() + ByteArrayBuffer.DEFAULT_SIZE + Long.SIZE, + false); + bs.putBytes(id); + bs.putByte(SshConstants.SSH_MSG_USERAUTH_REQUEST); + bs.putString(username); + bs.putString(service); + bs.putString(name); + bs.putBoolean(true); + bs.putString(algo); + bs.putPublicKey(key); + + byte[] contents = bs.getCompactData(); + byte[] sig; + try { + Map.Entry result = current.sign(session, algo, contents); + String factoryName = result.getKey(); + ValidateUtils.checkState(algo.equalsIgnoreCase(factoryName), + "Mismatched signature type generated: requested=%s, used=%s", algo, factoryName); + sig = result.getValue(); + } catch (Error e) { + throw new RuntimeSshException(e); + } + + + bs.clear(); + bs.putString(algo); + bs.putBytes(sig); + buffer.putBytes(bs.array(), bs.rpos(), bs.available()); + return sig; + } + + @Override + public void signalAuthMethodSuccess(ClientSession session, String service, Buffer buffer) throws Exception { + PublicKeyAuthenticationReporter reporter = session.getPublicKeyAuthenticationReporter(); + if (reporter != null) { + reporter.signalAuthenticationSuccess(session, service, (current == null) ? null : current.getKeyIdentity()); + } + } + + @Override + public void signalAuthMethodFailure( + ClientSession session, String service, boolean partial, List serverMethods, Buffer buffer) + throws Exception { + PublicKeyAuthenticationReporter reporter = session.getPublicKeyAuthenticationReporter(); + if (reporter != null) { + KeyPair identity = (current == null) ? null : current.getKeyIdentity(); + reporter.signalAuthenticationFailure(session, service, identity, partial, serverMethods); + } + } + + @Override + public void destroy() { + try { + releaseKeys(); + } catch (IOException e) { + throw new RuntimeException("Failed (" + e.getClass().getSimpleName() + ") to close agent: " + e.getMessage(), e); + } + + super.destroy(); // for logging + } + + protected void releaseKeys() throws IOException { + try { + if (keys instanceof Closeable) { + ((Closeable) keys).close(); + } + } finally { + keys = null; + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKeyFactory.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKeyFactory.java new file mode 100644 index 0000000..8897499 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKeyFactory.java @@ -0,0 +1,75 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.auth.pubkey; + +import java.io.IOException; +import java.util.List; + +import org.apache.sshd.client.auth.AbstractUserAuthFactory; +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.signature.Signature; +import org.apache.sshd.common.signature.SignatureFactoriesManager; +import org.apache.sshd.common.util.GenericUtils; + +/** + * @author Apache MINA SSHD Project + */ +public class UserAuthPublicKeyFactory extends AbstractUserAuthFactory implements SignatureFactoriesManager { + public static final String NAME = PUBLIC_KEY; + public static final UserAuthPublicKeyFactory INSTANCE = new UserAuthPublicKeyFactory() { + @Override + public List> getSignatureFactories() { + return null; + } + + @Override + public void setSignatureFactories(List> factories) { + if (!GenericUtils.isEmpty(factories)) { + throw new UnsupportedOperationException("Not allowed to change default instance signature factories"); + } + } + }; + + private List> factories; + + public UserAuthPublicKeyFactory() { + this(null); + } + + public UserAuthPublicKeyFactory(List> factories) { + super(NAME); + this.factories = factories; // OK if null/empty + } + + @Override + public List> getSignatureFactories() { + return factories; + } + + @Override + public void setSignatureFactories(List> factories) { + this.factories = factories; + } + + @Override + public UserAuthPublicKey createUserAuth(ClientSession session) throws IOException { + return new UserAuthPublicKey(getSignatureFactories()); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKeyIterator.java b/files-sftp/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKeyIterator.java new file mode 100644 index 0000000..fb59bb6 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKeyIterator.java @@ -0,0 +1,151 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.auth.pubkey; + +import java.io.IOException; +import java.nio.channels.Channel; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.Iterator; +import java.util.NoSuchElementException; +import java.util.Objects; +import java.util.concurrent.atomic.AtomicBoolean; +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.keyprovider.KeyIdentityProvider; +import org.apache.sshd.common.signature.SignatureFactoriesManager; +import org.apache.sshd.common.util.helper.LazyIterablesConcatenator; +import org.apache.sshd.common.util.helper.LazyMatchingTypeIterator; + +/** + * @author Apache MINA SSHD Project + */ +public class UserAuthPublicKeyIterator extends AbstractKeyPairIterator implements Channel { + private final AtomicBoolean open = new AtomicBoolean(true); + private Iterator current; + + public UserAuthPublicKeyIterator(ClientSession session, SignatureFactoriesManager signatureFactories) throws Exception { + super(session); + + try { + Collection> identities = new ArrayList<>(2); + Iterable sessionIds = initializeSessionIdentities(session, signatureFactories); + if (sessionIds != null) { + identities.add(sessionIds); + } + + if (identities.isEmpty()) { + current = Collections.emptyIterator(); + } else { + Iterable keys = LazyIterablesConcatenator.lazyConcatenateIterables(identities); + current = LazyMatchingTypeIterator.lazySelectMatchingTypes(keys.iterator(), PublicKeyIdentity.class); + } + } catch (Exception e) { + throw e; + } + } + + @SuppressWarnings("checkstyle:anoninnerlength") + protected Iterable initializeSessionIdentities( + ClientSession session, SignatureFactoriesManager signatureFactories) { + return new Iterable() { + private final String sessionId = session.toString(); + private final AtomicReference> keysHolder = new AtomicReference<>(); + + @Override + public Iterator iterator() { + // Lazy load the keys the 1st time the iterator is called + if (keysHolder.get() == null) { + try { + KeyIdentityProvider sessionKeysProvider = ClientSession.providerOf(session); + keysHolder.set(sessionKeysProvider.loadKeys(session)); + } catch (IOException | GeneralSecurityException e) { + throw new RuntimeException( + "Unexpected " + e.getClass().getSimpleName() + ")" + + " keys loading exception: " + e.getMessage(), + e); + } + } + + return new Iterator() { + private final Iterator keys; + + { + @SuppressWarnings("synthetic-access") + Iterable sessionKeys = Objects.requireNonNull(keysHolder.get(), "No session keys available"); + keys = sessionKeys.iterator(); + } + + @Override + public boolean hasNext() { + return keys.hasNext(); + } + + @Override + public KeyPairIdentity next() { + KeyPair kp = keys.next(); + return new KeyPairIdentity(signatureFactories, session, kp); + } + + @Override + @SuppressWarnings("synthetic-access") + public String toString() { + return KeyPairIdentity.class.getSimpleName() + "[iterator][" + sessionId + "]"; + } + }; + } + + @Override + public String toString() { + return KeyPairIdentity.class.getSimpleName() + "[iterable][" + sessionId + "]"; + } + }; + } + + @Override + public boolean hasNext() { + if (!isOpen()) { + return false; + } + + return current.hasNext(); + } + + @Override + public PublicKeyIdentity next() { + if (!isOpen()) { + throw new NoSuchElementException("Iterator is closed"); + } + return current.next(); + } + + @Override + public boolean isOpen() { + return open.get(); + } + + @Override + public void close() throws IOException { + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/channel/AbstractClientChannel.java b/files-sftp/src/main/java/org/apache/sshd/client/channel/AbstractClientChannel.java new file mode 100644 index 0000000..95b6ac1 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/channel/AbstractClientChannel.java @@ -0,0 +1,420 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.channel; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.util.Collection; +import java.util.Collections; +import java.util.EnumSet; +import java.util.Objects; +import java.util.Set; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.atomic.AtomicBoolean; +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.client.channel.exit.ExitSignalChannelRequestHandler; +import org.apache.sshd.client.channel.exit.ExitStatusChannelRequestHandler; +import org.apache.sshd.client.future.DefaultOpenFuture; +import org.apache.sshd.common.future.OpenFuture; +import org.apache.sshd.common.Closeable; +import org.apache.sshd.common.FactoryManager; +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.SshException; +import org.apache.sshd.common.channel.AbstractChannel; +import org.apache.sshd.common.channel.Channel; +import org.apache.sshd.common.channel.ChannelAsyncInputStream; +import org.apache.sshd.common.channel.ChannelAsyncOutputStream; +import org.apache.sshd.common.channel.RequestHandler; +import org.apache.sshd.common.channel.Window; +import org.apache.sshd.common.channel.exception.SshChannelOpenException; +import org.apache.sshd.common.io.IoInputStream; +import org.apache.sshd.common.io.IoOutputStream; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.EventNotifier; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.common.util.io.IoUtils; + +/** + * TODO Add javadoc + * + * @author Apache MINA SSHD Project + */ +public abstract class AbstractClientChannel extends AbstractChannel implements ClientChannel { + protected final AtomicBoolean opened = new AtomicBoolean(); + + protected Streaming streaming; + + protected ChannelAsyncOutputStream asyncIn; + protected ChannelAsyncInputStream asyncOut; + protected ChannelAsyncInputStream asyncErr; + + protected InputStream in; + protected OutputStream invertedIn; + protected OutputStream out; + protected InputStream invertedOut; + protected OutputStream err; + protected InputStream invertedErr; + protected final AtomicReference exitStatusHolder = new AtomicReference<>(null); + protected final AtomicReference exitSignalHolder = new AtomicReference<>(null); + protected int openFailureReason; + protected String openFailureMsg; + protected String openFailureLang; + protected OpenFuture openFuture; + + private final String channelType; + + protected AbstractClientChannel(String type) { + this(type, Collections.emptyList()); + } + + protected AbstractClientChannel(String type, Collection> handlers) { + super(true, handlers); + this.channelType = ValidateUtils.checkNotNullAndNotEmpty(type, "No channel type specified"); + this.streaming = Streaming.Sync; + + addChannelSignalRequestHandlers(event -> { + notifyStateChanged(event); + }); + } + + protected void addChannelSignalRequestHandlers(EventNotifier notifier) { + addRequestHandler(new ExitStatusChannelRequestHandler(exitStatusHolder, notifier)); + addRequestHandler(new ExitSignalChannelRequestHandler(exitSignalHolder, notifier)); + } + + @Override + public String getChannelType() { + return channelType; + } + + @Override + public Streaming getStreaming() { + return streaming; + } + + @Override + public void setStreaming(Streaming streaming) { + this.streaming = streaming; + } + + @Override + public IoOutputStream getAsyncIn() { + return asyncIn; + } + + @Override + public IoInputStream getAsyncOut() { + return asyncOut; + } + + @Override + public IoInputStream getAsyncErr() { + return asyncErr; + } + + @Override + public OutputStream getInvertedIn() { + return invertedIn; + } + + public InputStream getIn() { + return in; + } + + @Override + public void setIn(InputStream in) { + this.in = in; + } + + @Override + public InputStream getInvertedOut() { + return invertedOut; + } + + public OutputStream getOut() { + return out; + } + + @Override + public void setOut(OutputStream out) { + this.out = out; + } + + @Override + public InputStream getInvertedErr() { + return invertedErr; + } + + public OutputStream getErr() { + return err; + } + + @Override + public void setErr(OutputStream err) { + this.err = err; + } + + @Override + protected Closeable getInnerCloseable() { + return builder() + .when(openFuture) + .run(toString(), () -> { + // If the channel has not been opened yet, + // skip the SSH_MSG_CHANNEL_CLOSE exchange + if (openFuture == null) { + gracefulFuture.setClosed(); + } + // Close inverted streams after + // If the inverted stream is closed before, there's a small time window + // in which we have: + // ChannelPipedInputStream#closed = true + // ChannelPipedInputStream#writerClosed = false + // which leads to an IOException("Pipe closed") when reading. + IoUtils.closeQuietly(in, out, err); + IoUtils.closeQuietly(invertedIn, invertedOut, invertedErr); + }) + .parallel(asyncIn, asyncOut, asyncErr) + .close(super.getInnerCloseable()) + .build(); + } + + @Override + public Set waitFor(Collection mask, long timeout) { + Objects.requireNonNull(mask, "No mask specified"); + long startTime = System.currentTimeMillis(); + /* + * NOTE !!! we must use the futureLock since some of the events that we wait on are related to open/close + * future(s) + */ + synchronized (futureLock) { + long remWait = timeout; + for (Set cond = EnumSet.noneOf(ClientChannelEvent.class);; cond.clear()) { + updateCurrentChannelState(cond); + boolean nothingInCommon = Collections.disjoint(mask, cond); + if (!nothingInCommon) { + return cond; + } + + if (timeout > 0L) { + long now = System.currentTimeMillis(); + long usedTime = now - startTime; + if ((usedTime >= timeout) || (remWait <= 0L)) { + cond.add(ClientChannelEvent.TIMEOUT); + return cond; + } + } + + long nanoStart = System.nanoTime(); + try { + if (timeout > 0L) { + futureLock.wait(remWait); + } else { + futureLock.wait(); + } + + long nanoEnd = System.nanoTime(); + long nanoDuration = nanoEnd - nanoStart; + + if (timeout > 0L) { + long waitDuration = TimeUnit.MILLISECONDS.convert(nanoDuration, TimeUnit.NANOSECONDS); + if (waitDuration <= 0L) { + waitDuration = 123L; + } + remWait -= waitDuration; + } + } catch (InterruptedException e) { + long nanoEnd = System.nanoTime(); + long nanoDuration = nanoEnd - nanoStart; + } + } + } + } + + @Override + public Set getChannelState() { + Set cond = EnumSet.noneOf(ClientChannelEvent.class); + synchronized (futureLock) { + return updateCurrentChannelState(cond); + } + } + + // NOTE: assumed to be called under lock + protected > C updateCurrentChannelState(C state) { + if ((openFuture != null) && openFuture.isOpened()) { + state.add(ClientChannelEvent.OPENED); + } + if (closeFuture.isClosed() || closeSignaled.get() || unregisterSignaled.get() || isClosed()) { + state.add(ClientChannelEvent.CLOSED); + } + if (isEofSignalled()) { + state.add(ClientChannelEvent.EOF); + } + if (exitStatusHolder.get() != null) { + state.add(ClientChannelEvent.EXIT_STATUS); + } + if (exitSignalHolder.get() != null) { + state.add(ClientChannelEvent.EXIT_SIGNAL); + } + + return state; + } + + @Override + public synchronized OpenFuture open() throws IOException { + if (isClosing()) { + throw new SshException("Session has been closed: " + state); + } + + openFuture = new DefaultOpenFuture(this.toString(), futureLock); + String type = getChannelType(); + + Session session = getSession(); + Window wLocal = getLocalWindow(); + Buffer buffer = session.createBuffer(SshConstants.SSH_MSG_CHANNEL_OPEN, type.length() + Integer.SIZE); + buffer.putString(type); + buffer.putInt(getId()); + buffer.putInt(wLocal.getSize()); + buffer.putInt(wLocal.getPacketSize()); + writePacket(buffer); + return openFuture; + } + + @Override + public OpenFuture open(int recipient, long rwSize, long packetSize, Buffer buffer) { + throw new UnsupportedOperationException( + "open(" + recipient + "," + rwSize + "," + packetSize + ") N/A"); + } + + @Override + public void handleOpenSuccess(int recipient, long rwSize, long packetSize, Buffer buffer) { + setRecipient(recipient); + + Session session = getSession(); + FactoryManager manager = Objects.requireNonNull(session.getFactoryManager(), "No factory manager"); + Window wRemote = getRemoteWindow(); + wRemote.init(rwSize, packetSize, manager); + + String changeEvent = "SSH_MSG_CHANNEL_OPEN_CONFIRMATION"; + try { + doOpen(); + + signalChannelOpenSuccess(); + this.opened.set(true); + this.openFuture.setOpened(); + } catch (Throwable t) { + Throwable e = GenericUtils.peelException(t); + changeEvent = e.getClass().getName(); + signalChannelOpenFailure(e); + this.openFuture.setException(e); + this.closeFuture.setClosed(); + this.doCloseImmediately(); + } finally { + notifyStateChanged(changeEvent); + } + } + + protected abstract void doOpen() throws IOException; + + @Override + public void handleOpenFailure(Buffer buffer) { + int reason = buffer.getInt(); + String msg = buffer.getString(); + String lang = buffer.getString(); + + this.openFailureReason = reason; + this.openFailureMsg = msg; + this.openFailureLang = lang; + this.openFuture.setException(new SshChannelOpenException(getId(), reason, msg)); + this.closeFuture.setClosed(); + this.doCloseImmediately(); + notifyStateChanged("SSH_MSG_CHANNEL_OPEN_FAILURE"); + } + + @Override + protected void doWriteData(byte[] data, int off, long len) throws IOException { + // If we're already closing, ignore incoming data + if (isClosing()) { + + return; + } + ValidateUtils.checkTrue( + len <= Integer.MAX_VALUE, "Data length exceeds int boundaries: %d", len); + + if (asyncOut != null) { + asyncOut.write(new ByteArrayBuffer(data, off, (int) len)); + } else if (out != null) { + out.write(data, off, (int) len); + out.flush(); + + if (invertedOut == null) { + Window wLocal = getLocalWindow(); + wLocal.consumeAndCheck(len); + } + } else { + throw new IllegalStateException("No output stream for channel"); + } + } + + @Override + protected void doWriteExtendedData(byte[] data, int off, long len) throws IOException { + // If we're already closing, ignore incoming data + if (isClosing()) { + return; + } + ValidateUtils.checkTrue( + len <= Integer.MAX_VALUE, "Extended data length exceeds int boundaries: %d", len); + + if (asyncErr != null) { + asyncErr.write(new ByteArrayBuffer(data, off, (int) len)); + } else if (err != null) { + err.write(data, off, (int) len); + err.flush(); + + if (invertedErr == null) { + Window wLocal = getLocalWindow(); + wLocal.consumeAndCheck(len); + } + } else { + throw new IllegalStateException("No error stream for channel"); + } + } + + @Override + public void handleWindowAdjust(Buffer buffer) throws IOException { + super.handleWindowAdjust(buffer); + if (asyncIn != null) { + asyncIn.onWindowExpanded(); + } + } + + @Override + public Integer getExitStatus() { + return exitStatusHolder.get(); + } + + @Override + public String getExitSignal() { + return exitSignalHolder.get(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/channel/ChannelDirectTcpip.java b/files-sftp/src/main/java/org/apache/sshd/client/channel/ChannelDirectTcpip.java new file mode 100644 index 0000000..8e9acda --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/channel/ChannelDirectTcpip.java @@ -0,0 +1,130 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.channel; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.UnknownHostException; + +import org.apache.sshd.client.future.DefaultOpenFuture; +import org.apache.sshd.common.future.OpenFuture; +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.SshException; +import org.apache.sshd.common.channel.ChannelAsyncInputStream; +import org.apache.sshd.common.channel.ChannelAsyncOutputStream; +import org.apache.sshd.common.channel.ChannelOutputStream; +import org.apache.sshd.common.channel.ChannelPipedInputStream; +import org.apache.sshd.common.channel.ChannelPipedOutputStream; +import org.apache.sshd.common.channel.Window; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.net.SshdSocketAddress; + +/** + * TODO Add javadoc + * + * @author Apache MINA SSHD Project + */ +public class ChannelDirectTcpip extends AbstractClientChannel { + + private final SshdSocketAddress local; + private final SshdSocketAddress remote; + private ChannelPipedOutputStream pipe; + + public ChannelDirectTcpip(SshdSocketAddress local, SshdSocketAddress remote) { + super("direct-tcpip"); + if (local == null) { + try { + InetAddress localHost = InetAddress.getLocalHost(); + local = new SshdSocketAddress(localHost.getHostName(), 0); + } catch (UnknownHostException e) { + throw new IllegalStateException("Unable to retrieve local host name"); + } + } + if (remote == null) { + throw new IllegalArgumentException("Remote address must not be null"); + } + this.local = local; + this.remote = remote; + } + + @Override + public synchronized OpenFuture open() throws IOException { + if (closeFuture.isClosed()) { + throw new SshException("Session has been closed"); + } + + openFuture = new DefaultOpenFuture(remote, futureLock); + + Session session = getSession(); + String remoteName = remote.getHostName(); + String localName = local.getHostName(); + Window wLocal = getLocalWindow(); + String type = getChannelType(); + Buffer buffer = session.createBuffer(SshConstants.SSH_MSG_CHANNEL_OPEN, + type.length() + remoteName.length() + localName.length() + Long.SIZE); + buffer.putString(type); + buffer.putInt(getId()); + buffer.putInt(wLocal.getSize()); + buffer.putInt(wLocal.getPacketSize()); + buffer.putString(remoteName); + buffer.putInt(remote.getPort()); + buffer.putString(localName); + buffer.putInt(local.getPort()); + writePacket(buffer); + return openFuture; + } + + @Override + protected void doOpen() throws IOException { + if (streaming == Streaming.Async) { + asyncIn = new ChannelAsyncOutputStream(this, SshConstants.SSH_MSG_CHANNEL_DATA); + asyncOut = new ChannelAsyncInputStream(this); + } else { + out = new ChannelOutputStream( + this, getRemoteWindow(), SshConstants.SSH_MSG_CHANNEL_DATA, true); + invertedIn = out; + + ChannelPipedInputStream pis = new ChannelPipedInputStream(this, getLocalWindow()); + pipe = new ChannelPipedOutputStream(pis); + in = pis; + invertedOut = in; + } + } + + @Override + protected void doWriteData(byte[] data, int off, long len) throws IOException { + ValidateUtils.checkTrue(len <= Integer.MAX_VALUE, + "Data length exceeds int boundaries: %d", len); + pipe.write(data, off, (int) len); + pipe.flush(); + + Window wLocal = getLocalWindow(); + wLocal.consumeAndCheck(len); + } + + public SshdSocketAddress getLocalSocketAddress() { + return this.local; + } + + public SshdSocketAddress getRemoteSocketAddress() { + return this.remote; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/channel/ChannelExec.java b/files-sftp/src/main/java/org/apache/sshd/client/channel/ChannelExec.java new file mode 100644 index 0000000..d3c0bdc --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/channel/ChannelExec.java @@ -0,0 +1,76 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.channel; + +import java.io.IOException; +import java.util.Date; +import java.util.Map; + +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.channel.Channel; +import org.apache.sshd.common.channel.PtyChannelConfigurationHolder; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.CoreModuleProperties; + +/** + * Client channel to run a remote command + * + * @author Apache MINA SSHD Project + */ +public class ChannelExec extends PtyCapableChannelSession { + + private final String command; + + public ChannelExec(String command, PtyChannelConfigurationHolder configHolder, Map env) { + super(false, configHolder, env); + this.command = ValidateUtils.checkNotNullAndNotEmpty(command, "Command may not be null/empty"); + } + + @Override + protected void doOpen() throws IOException { + doOpenPty(); + + Session session = getSession(); + boolean wantReply = CoreModuleProperties.REQUEST_EXEC_REPLY.getRequired(this); + Buffer buffer = session.createBuffer(SshConstants.SSH_MSG_CHANNEL_REQUEST, command.length() + Integer.SIZE); + buffer.putInt(getRecipient()); + buffer.putString(Channel.CHANNEL_EXEC); + buffer.putBoolean(wantReply); + buffer.putString(command); + addPendingRequest(Channel.CHANNEL_EXEC, wantReply); + writePacket(buffer); + + super.doOpen(); + } + + @Override + public void handleSuccess() throws IOException { + Date pending = removePendingRequest(Channel.CHANNEL_EXEC); + } + + @Override + public void handleFailure() throws IOException { + Date pending = removePendingRequest(Channel.CHANNEL_EXEC); + if (pending != null) { + close(true); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/channel/ChannelSession.java b/files-sftp/src/main/java/org/apache/sshd/client/channel/ChannelSession.java new file mode 100644 index 0000000..248ba67 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/channel/ChannelSession.java @@ -0,0 +1,205 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.channel; + +import java.io.IOException; +import java.io.InputStream; +import java.util.concurrent.Future; + +import org.apache.sshd.common.Closeable; +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.channel.ChannelAsyncInputStream; +import org.apache.sshd.common.channel.ChannelAsyncOutputStream; +import org.apache.sshd.common.channel.ChannelOutputStream; +import org.apache.sshd.common.channel.ChannelPipedInputStream; +import org.apache.sshd.common.channel.ChannelPipedOutputStream; +import org.apache.sshd.common.channel.RequestHandler; +import org.apache.sshd.common.channel.Window; +import org.apache.sshd.common.future.CloseFuture; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.threads.CloseableExecutorService; +import org.apache.sshd.common.util.threads.ThreadUtils; +import org.apache.sshd.common.CoreModuleProperties; + +/** + * Client side channel session + * + * @author Apache MINA SSHD Project + */ +public class ChannelSession extends AbstractClientChannel { + + private CloseableExecutorService pumperService; + private Future pumper; + + public ChannelSession() { + super("session"); + } + + @Override + protected void doOpen() throws IOException { + if (Streaming.Async.equals(streaming)) { + asyncIn = new ChannelAsyncOutputStream(this, SshConstants.SSH_MSG_CHANNEL_DATA) { + @SuppressWarnings("synthetic-access") + @Override + protected CloseFuture doCloseGracefully() { + try { + sendEof(); + } catch (IOException e) { + Session session = getSession(); + session.exceptionCaught(e); + } + return super.doCloseGracefully(); + } + }; + asyncOut = new ChannelAsyncInputStream(this); + asyncErr = new ChannelAsyncInputStream(this); + } else { + invertedIn = new ChannelOutputStream( + this, getRemoteWindow(), SshConstants.SSH_MSG_CHANNEL_DATA, true); + + Window wLocal = getLocalWindow(); + if (out == null) { + ChannelPipedInputStream pis = new ChannelPipedInputStream(this, wLocal); + ChannelPipedOutputStream pos = new ChannelPipedOutputStream(pis); + out = pos; + invertedOut = pis; + } + if (err == null) { + ChannelPipedInputStream pis = new ChannelPipedInputStream(this, wLocal); + ChannelPipedOutputStream pos = new ChannelPipedOutputStream(pis); + err = pos; + invertedErr = pis; + } + + if (in != null) { + // allocate a temporary executor service if none provided + CloseableExecutorService service = getExecutorService(); + if (service == null) { + pumperService = ThreadUtils.newSingleThreadExecutor( + "ClientInputStreamPump[" + this + "]"); + } else { + pumperService = ThreadUtils.noClose(service); + } + + // Interrupt does not really work and the thread will only exit when + // the call to read() will return. So ensure this thread is a daemon + // to avoid blocking the whole app + pumper = pumperService.submit(this::pumpInputStream); + } + } + } + + @Override + protected RequestHandler.Result handleInternalRequest(String req, boolean wantReply, Buffer buffer) + throws IOException { + switch (req) { + case "xon-xoff": + return handleXonXoff(buffer, wantReply); + default: + return super.handleInternalRequest(req, wantReply, buffer); + } + } + + // see RFC4254 section 6.8 + protected RequestHandler.Result handleXonXoff(Buffer buffer, boolean wantReply) throws IOException { + boolean clientCanDo = buffer.getBoolean(); + + return RequestHandler.Result.ReplySuccess; + } + + @Override + protected Closeable getInnerCloseable() { + return builder() + .close(super.getInnerCloseable()) + .run(toString(), this::closeImmediately0) + .build(); + } + + protected void closeImmediately0() { + if ((pumper != null) && (pumperService != null) && (!pumperService.isShutdown())) { + try { + if (!pumper.isDone()) { + pumper.cancel(true); + } + + pumperService.shutdownNow(); + } catch (Exception e) { + } finally { + pumper = null; + pumperService = null; + } + } + } + + protected void pumpInputStream() { + try { + Session session = getSession(); + Window wRemote = getRemoteWindow(); + long packetSize = wRemote.getPacketSize(); + ValidateUtils.checkTrue((packetSize > 0) && (packetSize < Integer.MAX_VALUE), + "Invalid remote packet size int boundary: %d", packetSize); + byte[] buffer = new byte[(int) packetSize]; + int maxChunkSize = CoreModuleProperties.INPUT_STREAM_PUMP_CHUNK_SIZE.getRequired(session); + maxChunkSize = Math.max(maxChunkSize, CoreModuleProperties.INPUT_STREAM_PUMP_CHUNK_SIZE.getRequiredDefault()); + + while (!closeFuture.isClosed()) { + int len = securedRead(in, maxChunkSize, buffer, 0, buffer.length); + if (len < 0) { + sendEof(); + return; + } + + session.resetIdleTimeout(); + if (len > 0) { + invertedIn.write(buffer, 0, len); + invertedIn.flush(); + } + } + + } catch (Exception e) { + if (!isClosing()) { + close(false); + } + } + } + + protected int securedRead( + InputStream in, int maxChunkSize, byte[] buf, int off, int len) + throws IOException { + for (int n = 0;;) { + int nread = in.read(buf, off + n, Math.min(maxChunkSize, len - n)); + if (nread <= 0) { + return (n == 0) ? nread : n; + } + + n += nread; + if (n >= len) { + return n; + } + + // if not closed but no bytes available, return + int availLen = in.available(); + if (availLen <= 0) { + return n; + } + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/channel/ChannelShell.java b/files-sftp/src/main/java/org/apache/sshd/client/channel/ChannelShell.java new file mode 100644 index 0000000..02e1cd9 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/channel/ChannelShell.java @@ -0,0 +1,71 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.channel; + +import java.io.IOException; +import java.util.Date; +import java.util.Map; + +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.channel.Channel; +import org.apache.sshd.common.channel.PtyChannelConfigurationHolder; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.CoreModuleProperties; + +/** + * Client channel to open a remote shell + * + * @author Apache MINA SSHD Project + */ +public class ChannelShell extends PtyCapableChannelSession { + + public ChannelShell(PtyChannelConfigurationHolder configHolder, Map env) { + super(true, configHolder, env); + } + + @Override + protected void doOpen() throws IOException { + doOpenPty(); + + Session session = getSession(); + boolean wantReply = CoreModuleProperties.REQUEST_SHELL_REPLY.getRequired(this); + Buffer buffer = session.createBuffer(SshConstants.SSH_MSG_CHANNEL_REQUEST, Integer.SIZE); + buffer.putInt(getRecipient()); + buffer.putString(Channel.CHANNEL_SHELL); + buffer.putBoolean(wantReply); + addPendingRequest(Channel.CHANNEL_SHELL, wantReply); + writePacket(buffer); + + super.doOpen(); + } + + @Override + public void handleSuccess() throws IOException { + Date pending = removePendingRequest(Channel.CHANNEL_SHELL); + } + + @Override + public void handleFailure() throws IOException { + Date pending = removePendingRequest(Channel.CHANNEL_SHELL); + if (pending != null) { + close(true); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/channel/ChannelSubsystem.java b/files-sftp/src/main/java/org/apache/sshd/client/channel/ChannelSubsystem.java new file mode 100644 index 0000000..c0f5893 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/channel/ChannelSubsystem.java @@ -0,0 +1,97 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.channel; + +import java.io.IOException; +import java.util.Date; + +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.channel.Channel; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.CoreModuleProperties; + +/** + * Client channel to run a subsystem + * + * @author Apache MINA SSHD Project + */ +public class ChannelSubsystem extends ChannelSession { + + private final String subsystem; + + /** + * @param subsystem The subsystem name for the channel - never {@code null} or empty + */ + public ChannelSubsystem(String subsystem) { + this.subsystem = ValidateUtils.checkNotNullAndNotEmpty(subsystem, "Subsystem may not be null/empty"); + } + + /** + * The subsystem name + * + * @return The subsystem name for the channel - never {@code null} or empty + */ + public final String getSubsystem() { + return subsystem; + } + + @Override + protected void doOpen() throws IOException { + String systemName = getSubsystem(); + + Session session = getSession(); + boolean wantReply = CoreModuleProperties.REQUEST_SUBSYSTEM_REPLY.getRequired(this); + Buffer buffer = session.createBuffer(SshConstants.SSH_MSG_CHANNEL_REQUEST, + Channel.CHANNEL_SUBSYSTEM.length() + systemName.length() + Integer.SIZE); + buffer.putInt(getRecipient()); + buffer.putString(Channel.CHANNEL_SUBSYSTEM); + buffer.putBoolean(wantReply); + buffer.putString(systemName); + addPendingRequest(Channel.CHANNEL_SUBSYSTEM, wantReply); + writePacket(buffer); + + super.doOpen(); + } + + @Override + public void handleSuccess() throws IOException { + String systemName = getSubsystem(); + Date pending = removePendingRequest(Channel.CHANNEL_SUBSYSTEM); + } + + @Override + public void handleFailure() throws IOException { + String systemName = getSubsystem(); + Date pending = removePendingRequest(Channel.CHANNEL_SUBSYSTEM); + if (pending != null) { + close(true); + } + } + + public void onClose(final Runnable run) { + closeFuture.addListener(future -> run.run()); + } + + @Override + public String toString() { + return super.toString() + "[" + getSubsystem() + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/channel/ClientChannel.java b/files-sftp/src/main/java/org/apache/sshd/client/channel/ClientChannel.java new file mode 100644 index 0000000..ecf69cb --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/channel/ClientChannel.java @@ -0,0 +1,126 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.channel; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.time.Duration; +import java.util.Collection; +import java.util.Set; + +import org.apache.sshd.common.future.OpenFuture; +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.client.session.ClientSessionHolder; +import org.apache.sshd.common.channel.Channel; +import org.apache.sshd.common.channel.StreamingChannel; +import org.apache.sshd.common.io.IoInputStream; +import org.apache.sshd.common.io.IoOutputStream; + +/** + * A client channel used to communicate with the SSH server. Client channels can be shells, simple commands or + * subsystems. Note: client channels may be associated with a server session if they are opened by the + * server - e.g., for agent proxy, port forwarding, etc.. + * + * @author Apache MINA SSHD Project + */ +public interface ClientChannel extends Channel, StreamingChannel, ClientSessionHolder { + + @Override + default ClientSession getClientSession() { + return (ClientSession) getSession(); + } + + /** + * @return The type of channel reported when it was created + */ + String getChannelType(); + + IoOutputStream getAsyncIn(); + + IoInputStream getAsyncOut(); + + IoInputStream getAsyncErr(); + + /** + * Access to an output stream to send data directly to the remote channel. This can be used instead of using + * {@link #setIn(InputStream)} method and having the channel polling for data in that stream. + * + * @return an OutputStream to be used to send data + */ + OutputStream getInvertedIn(); + + InputStream getInvertedOut(); + + InputStream getInvertedErr(); + + /** + * Set an input stream that will be read by this channel and forwarded to the remote channel. Note that using such a + * stream will create an additional thread for pumping the stream which will only be able to end when that stream is + * actually closed or some data is read. It is recommended to use the {@link #getInvertedIn()} method instead and + * write data directly. + * + * @param in an InputStream to be polled and forwarded + */ + void setIn(InputStream in); + + void setOut(OutputStream out); + + void setErr(OutputStream err); + + OpenFuture open() throws IOException; + + /** + * @return A snapshot of the current channel state + * @see #waitFor(Collection, long) + */ + Set getChannelState(); + + /** + * Waits until any of the specified events in the mask is signaled + * + * @param mask The {@link ClientChannelEvent}s mask + * @param timeout The timeout to wait (msec.) - if non-positive then forever + * @return The actual signaled event - includes {@link ClientChannelEvent#TIMEOUT} if timeout expired before + * the expected event was signaled + */ + Set waitFor(Collection mask, long timeout); + + /** + * Waits until any of the specified events in the mask is signaled + * + * @param mask The {@link ClientChannelEvent}s mask + * @param timeout The timeout to wait - if null then forever + * @return The actual signaled event - includes {@link ClientChannelEvent#TIMEOUT} if timeout expired before + * the expected event was signaled + */ + default Set waitFor(Collection mask, Duration timeout) { + return waitFor(mask, timeout != null ? timeout.toMillis() : -1); + } + + /** + * @return The signaled exit status via "exit-status" request - {@code null} if not signaled + */ + Integer getExitStatus(); + + /** + * @return The signaled exit signal via "exit-signal" - {@code null} if not signaled + */ + String getExitSignal(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/channel/ClientChannelEvent.java b/files-sftp/src/main/java/org/apache/sshd/client/channel/ClientChannelEvent.java new file mode 100644 index 0000000..d0d6c10 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/channel/ClientChannelEvent.java @@ -0,0 +1,59 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.channel; + +import java.util.Collections; +import java.util.EnumSet; +import java.util.Set; + +/** + * Various events used by {@link ClientChannel#waitFor(java.util.Collection, long)} + * + * @author Apache MINA SSHD Project + */ +public enum ClientChannelEvent { + /** + * Timeout while waiting for other events - Note: meaningful only as a member of the returned events + **/ + TIMEOUT, + /** Channel has been marked as closed **/ + CLOSED, + /** Received STDOUT (a.k.a. channel) data **/ + STDOUT_DATA, + /** Received STDERR (a.k.a. extended) data **/ + STDERR_DATA, + /** Received EOF signal from remote peer **/ + EOF, + /** + * Received exit status from remote peer + * + * @see ClientChannel#getExitStatus() + **/ + EXIT_STATUS, + /** + * Received exit signal from remote peer + * + * @see ClientChannel#getExitSignal() + */ + EXIT_SIGNAL, + /** Channel has been successfully opened */ + OPENED; + + public static final Set VALUES = Collections.unmodifiableSet(EnumSet.allOf(ClientChannelEvent.class)); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/channel/ClientChannelHolder.java b/files-sftp/src/main/java/org/apache/sshd/client/channel/ClientChannelHolder.java new file mode 100644 index 0000000..d639ff3 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/channel/ClientChannelHolder.java @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.channel; + +import org.apache.sshd.common.channel.Channel; +import org.apache.sshd.common.channel.ChannelHolder; + +/** + * TODO Add javadoc + * + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface ClientChannelHolder extends ChannelHolder { + @Override + default Channel getChannel() { + return getClientChannel(); + } + + /** + * @return The underlying {@link ClientChannel} used + */ + ClientChannel getClientChannel(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/channel/ClientChannelPendingMessagesQueue.java b/files-sftp/src/main/java/org/apache/sshd/client/channel/ClientChannelPendingMessagesQueue.java new file mode 100644 index 0000000..021dd57 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/channel/ClientChannelPendingMessagesQueue.java @@ -0,0 +1,249 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.channel; + +import java.io.EOFException; +import java.io.IOException; +import java.io.OutputStream; +import java.nio.channels.Channel; +import java.util.AbstractMap.SimpleImmutableEntry; +import java.util.Deque; +import java.util.LinkedList; +import java.util.Map; +import java.util.Objects; +import java.util.concurrent.CancellationException; +import java.util.concurrent.atomic.AtomicBoolean; +import java.util.function.Consumer; + +import org.apache.sshd.client.future.DefaultOpenFuture; +import org.apache.sshd.common.future.OpenFuture; +import org.apache.sshd.common.future.SshFutureListener; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * This is a specialized {@link SshFutureListener} that is used to enqueue data that is sent while the channel is being + * set-up, so that when it is established it will send them in the same order as they have been received. + * + * It also serves as a "backstop" in case session is closed (normally) while the packets as still being + * written. + * + * @author Apache MINA SSHD Project + */ +public class ClientChannelPendingMessagesQueue + implements SshFutureListener, Channel, ClientChannelHolder { + protected final Deque>> pendingQueue = new LinkedList<>(); + protected final DefaultOpenFuture completedFuture; + + private final ClientChannel clientChannel; + private final AtomicBoolean open = new AtomicBoolean(true); + + public ClientChannelPendingMessagesQueue(ClientChannel channel) { + this.clientChannel = Objects.requireNonNull(channel, "No channel provided"); + this.completedFuture = new DefaultOpenFuture(getClass().getSimpleName() + "[" + channel + "]", null); + } + + @Override + public ClientChannel getClientChannel() { + return clientChannel; + } + + /** + * @return An internal {@link OpenFuture} that can be used to wait for all internal pending messages to be flushed + * before actually signaling that operation is complete + */ + public OpenFuture getCompletedFuture() { + return completedFuture; + } + + @Override + public boolean isOpen() { + return open.get(); + } + + @Override + public void close() throws IOException { + markClosed(); + + // NOTE: do not close the channel here - it may need to remain open for other purposes + int numPending = clearPendingQueue(); + } + + /** + * Marks the queue as closed + * + * @return {@code true} if was open and now is closed + */ + protected boolean markClosed() { + OpenFuture f = getCompletedFuture(); + if (!f.isDone()) { + f.setException(new CancellationException("Cancelled")); + } + return open.getAndSet(false); + } + + /** + * Checks if the future is already open and manages the message handling accordingly: + *
      + *

      + *

    • If channel is not open yet, it enqueues the request
      • + *

      + * + *

      + *

    • If channel is open but there are still pending messages not yet written out, it will wait for them to be + * written (or exception signaled) before proceeding to write out the incoming message.
      • + *

      + * + *

      + *

    • Otherwise (i.e., channel is open and no pending messages yet) it will write the message to the underlying + * channel immediately.
      • + *

      + *
    + * + * @param buffer The message {@link Buffer} + * @param errHandler The error handler to invoke it had to enqueue the message and was unsuccessful in writing it. + * Must be non-{@code null} if future not open yet. Otherwise, if {@code null} and exception + * occurs it will be simple re-thrown + * @return The total number of still pending messages - zero if none and message was written (either + * immediately or after waiting for the pending ones to be written). + * @throws IOException If wrote the message directly, encountered an error and no handler was provided. + */ + public int handleIncomingMessage(Buffer buffer, Consumer errHandler) throws IOException { + if (!isOpen()) { + throw new EOFException("Queue is closed"); + } + + Objects.requireNonNull(buffer, "No message to enqueue"); + OpenFuture future = getCompletedFuture(); + synchronized (pendingQueue) { + boolean enqueue = !future.isDone(); + if (enqueue) { + Objects.requireNonNull(errHandler, "No pending message error handler provided"); + } + + if (enqueue) { + pendingQueue.add(new SimpleImmutableEntry<>(buffer, errHandler)); + pendingQueue.notifyAll(); // in case anyone is waiting + } else { + writeMessage(buffer, errHandler); + } + + return pendingQueue.size(); + } + } + + protected void writeMessage(Buffer buffer, Consumer errHandler) throws IOException { + ClientChannel channel = getClientChannel(); + try { + if (!isOpen()) { + throw new EOFException("Queue is marked as closed"); + } + + if (!channel.isOpen()) { + throw new EOFException("Client channel is closed/closing"); + } + + Session session = channel.getSession(); + if (!session.isOpen()) { + throw new EOFException("Client session is closed/closing"); + } + + OutputStream outputStream = channel.getInvertedIn(); + outputStream.write(buffer.array(), buffer.rpos(), buffer.available()); + outputStream.flush(); + } catch (IOException e) { + if (errHandler != null) { + errHandler.accept(e); + } + + markCompletionException(e); + throw e; + } + } + + @Override + public void operationComplete(OpenFuture future) { + Throwable err = future.getException(); + if (err != null) { + markCompletionException(err); + + if (markClosed()) { + } else { + } + + clearPendingQueue(); + } else { + flushPendingQueue(); + } + } + + protected void flushPendingQueue() { + int numSent = 0; + try { + synchronized (pendingQueue) { + for (; !pendingQueue.isEmpty(); numSent++) { + Map.Entry> msgEntry = pendingQueue.removeFirst(); + writeMessage(msgEntry.getKey(), msgEntry.getValue()); + } + + markCompletionSuccessful(); + } + + } catch (IOException e) { + markCompletionException(e); + + boolean closed = markClosed(); + int numPending = clearPendingQueue(); + } + } + + protected OpenFuture markCompletionSuccessful() { + OpenFuture f = getCompletedFuture(); + f.setOpened(); + return f; + } + + protected OpenFuture markCompletionException(Throwable err) { + OpenFuture f = getCompletedFuture(); + f.setException(err); + return f; + } + + protected int clearPendingQueue() { + int numEntries; + synchronized (pendingQueue) { + numEntries = pendingQueue.size(); + if (numEntries > 0) { + pendingQueue.clear(); + } + pendingQueue.notifyAll(); // in case anyone waiting + } + + return numEntries; + } + + @Override + public String toString() { + return getClass().getSimpleName() + + "[channel=" + getClientChannel() + + ", open=" + isOpen() + + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/channel/PtyCapableChannelSession.java b/files-sftp/src/main/java/org/apache/sshd/client/channel/PtyCapableChannelSession.java new file mode 100644 index 0000000..08f3781 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/channel/PtyCapableChannelSession.java @@ -0,0 +1,296 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.channel; + +import java.io.IOException; +import java.util.Collections; +import java.util.LinkedHashMap; +import java.util.Map; +import java.util.Objects; + +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.channel.PtyChannelConfiguration; +import org.apache.sshd.common.channel.PtyChannelConfigurationHolder; +import org.apache.sshd.common.channel.PtyChannelConfigurationMutator; +import org.apache.sshd.common.channel.PtyMode; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.common.CoreModuleProperties; + +/** + *

    + * Serves as the base channel session for executing remote commands - including a full shell. Note: all the + * configuration changes via the various {@code setXXX} methods must be made before the channel is actually open. + * If they are invoked afterwards then they have no effect (silently ignored). + *

    + *

    + * A typical code snippet would be: + *

    + * + * 
    + * 
+ * try (client = SshClient.setUpDefaultClient()) {
+ *      client.start();
+ *
+ *      try (ClientSession s = client.connect(getCurrentTestName(), "localhost", port).verify(CONNECT_TIMEOUT).getSession()) {
+ *          s.addPasswordIdentity(getCurrentTestName());
+ *          s.auth().verify(AUTH_TIMEOUT);
+ *
+ *          try (ChannelExec shell = s.createExecChannel("my super duper command")) {
+ *              shell.setEnv("var1", "val1");
+ *              shell.setEnv("var2", "val2");
+ *              ...etc...
+ *
+ *              shell.setPtyType(...);
+ *              shell.setPtyLines(...);
+ *              ...etc...
+ *
+ *              shell.open().verify(OPEN_TIMEOUT);
+ *              shell.waitFor(ClientChannel.CLOSED, TimeUnit.SECONDS.toMillis(17L));    // can use zero for infinite wait
+ *
+ *              Integer status = shell.getExitStatus();
+ *              if (status.intValue() != 0) {
+ *                  ...error...
+ *              }
+ *          }
+ *      } finally {
+ *          client.stop();
+ *      }
+ * }
+ * 
+ *
    + * + * @author Apache MINA SSHD Project + */ +public class PtyCapableChannelSession extends ChannelSession implements PtyChannelConfigurationMutator { + private boolean agentForwarding; + private boolean usePty; + private final Map env = new LinkedHashMap<>(); + private final PtyChannelConfiguration config; + + public PtyCapableChannelSession( + boolean usePty, PtyChannelConfigurationHolder configHolder, Map env) { + this.usePty = usePty; + this.config = PtyChannelConfigurationMutator.copyConfiguration( + configHolder, new PtyChannelConfiguration()); + this.config.setPtyType(resolvePtyType(this.config)); + if (GenericUtils.isNotEmpty(env)) { + for (Map.Entry ee : env.entrySet()) { + setEnv(ee.getKey(), ee.getValue()); + } + } + } + + protected String resolvePtyType(PtyChannelConfigurationHolder configHolder) { + String ptyType = configHolder.getPtyType(); + if (GenericUtils.isNotEmpty(ptyType)) { + return ptyType; + } + + ptyType = System.getenv("TERM"); + if (GenericUtils.isNotEmpty(ptyType)) { + return ptyType; + } + + return DUMMY_PTY_TYPE; + } + + public void setupSensibleDefaultPty() { + try { + PtyChannelConfigurationMutator.setupSensitiveDefaultPtyConfiguration(this); + } catch (Throwable t) { + } + } + + public boolean isAgentForwarding() { + return agentForwarding; + } + + public void setAgentForwarding(boolean agentForwarding) { + this.agentForwarding = agentForwarding; + } + + public boolean isUsePty() { + return usePty; + } + + public void setUsePty(boolean usePty) { + this.usePty = usePty; + } + + @Override + public String getPtyType() { + return config.getPtyType(); + } + + @Override + public void setPtyType(String ptyType) { + config.setPtyType(ptyType); + } + + @Override + public int getPtyColumns() { + return config.getPtyColumns(); + } + + @Override + public void setPtyColumns(int ptyColumns) { + config.setPtyColumns(ptyColumns); + } + + @Override + public int getPtyLines() { + return config.getPtyLines(); + } + + @Override + public void setPtyLines(int ptyLines) { + config.setPtyLines(ptyLines); + } + + @Override + public int getPtyWidth() { + return config.getPtyWidth(); + } + + @Override + public void setPtyWidth(int ptyWidth) { + config.setPtyWidth(ptyWidth); + } + + @Override + public int getPtyHeight() { + return config.getPtyHeight(); + } + + @Override + public void setPtyHeight(int ptyHeight) { + config.setPtyHeight(ptyHeight); + } + + @Override + public Map getPtyModes() { + return config.getPtyModes(); + } + + @Override + public void setPtyModes(Map ptyModes) { + config.setPtyModes((ptyModes == null) ? Collections.emptyMap() : ptyModes); + } + + /** + * @param key The (never {@code null}) key (Note: may be empty...) + * @param value The value to set - if {@code null} then the pre-existing value for the key (if any) is + * removed. + * @return The replaced/removed previous value - {@code null} if no previous value set for the key. + */ + public Object setEnv(String key, Object value) { + ValidateUtils.checkNotNull(key, "No key provided"); + if (value == null) { + return env.remove(key); + } else { + return env.put(key, value); + } + } + + public void sendWindowChange(int columns, int lines) throws IOException { + sendWindowChange(columns, lines, getPtyHeight(), getPtyWidth()); + } + + public void sendWindowChange(int columns, int lines, int height, int width) throws IOException { + + setPtyColumns(columns); + setPtyLines(lines); + setPtyHeight(height); + setPtyWidth(width); + + Session session = getSession(); + Buffer buffer = session.createBuffer(SshConstants.SSH_MSG_CHANNEL_REQUEST, Long.SIZE); + buffer.putInt(getRecipient()); + buffer.putString("window-change"); + buffer.putBoolean(false); // want-reply + buffer.putInt(getPtyColumns()); + buffer.putInt(getPtyLines()); + buffer.putInt(getPtyHeight()); + buffer.putInt(getPtyWidth()); + writePacket(buffer); + } + + protected void doOpenPty() throws IOException { + Session session = getSession(); + if (agentForwarding) { + + String channelType = CoreModuleProperties.PROXY_AUTH_CHANNEL_TYPE.getRequired(session); + Buffer buffer = session.createBuffer( + SshConstants.SSH_MSG_CHANNEL_REQUEST, Long.SIZE); + buffer.putInt(getRecipient()); + buffer.putString(channelType); + buffer.putBoolean(false); // want-reply + writePacket(buffer); + } + + if (usePty) { + + Buffer buffer = session.createBuffer( + SshConstants.SSH_MSG_CHANNEL_REQUEST, Byte.MAX_VALUE); + buffer.putInt(getRecipient()); + buffer.putString("pty-req"); + buffer.putBoolean(false); // want-reply + buffer.putString(getPtyType()); + buffer.putInt(getPtyColumns()); + buffer.putInt(getPtyLines()); + buffer.putInt(getPtyHeight()); + buffer.putInt(getPtyWidth()); + + Map ptyModes = getPtyModes(); + int numModes = GenericUtils.size(ptyModes); + Buffer modes = new ByteArrayBuffer(numModes * (1 + Integer.BYTES) + Long.SIZE, false); + if (numModes > 0) { + ptyModes.forEach((mode, value) -> { + modes.putByte((byte) mode.toInt()); + modes.putInt(value.longValue()); + }); + } + modes.putByte(PtyMode.TTY_OP_END); + buffer.putBytes(modes.getCompactData()); + writePacket(buffer); + } + + if (GenericUtils.size(env) > 0) { + + // Cannot use forEach because of the IOException being thrown by writePacket + for (Map.Entry entry : env.entrySet()) { + String key = entry.getKey(); + Object value = entry.getValue(); + String str = Objects.toString(value); + Buffer buffer = session.createBuffer( + SshConstants.SSH_MSG_CHANNEL_REQUEST, key.length() + GenericUtils.length(str) + Integer.SIZE); + buffer.putInt(getRecipient()); + buffer.putString("env"); + buffer.putBoolean(false); // want-reply + buffer.putString(key); + buffer.putString(str); + writePacket(buffer); + } + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/channel/exit/AbstractChannelExitRequestHandler.java b/files-sftp/src/main/java/org/apache/sshd/client/channel/exit/AbstractChannelExitRequestHandler.java new file mode 100644 index 0000000..cb10e2c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/channel/exit/AbstractChannelExitRequestHandler.java @@ -0,0 +1,112 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.channel.exit; + +import java.util.Objects; +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.channel.AbstractChannelRequestHandler; +import org.apache.sshd.common.channel.Channel; +import org.apache.sshd.common.util.EventNotifier; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * Provides a common base class for channel request handlers that deal with various "exit-XXX" + * requests. Once such a request has been successfully processed, an {@link EventNotifier} can be invoked indicating the + * processed event. + * + * @param Type of data being extracted from the request when processed + * @author Apache MINA SSHD Project + */ +public abstract class AbstractChannelExitRequestHandler extends AbstractChannelRequestHandler implements NamedResource { + protected final AtomicReference holder; + protected final EventNotifier notifier; + + /** + * @param holder An {@link AtomicReference} that will hold the extracted request data + * @param notifier An {@link EventNotifier} to be invoked when request is successfully processed and the holder has + * been updated with the processed request data + */ + protected AbstractChannelExitRequestHandler(AtomicReference holder, EventNotifier notifier) { + this.holder = Objects.requireNonNull(holder, "No exit status holder"); + this.notifier = Objects.requireNonNull(notifier, "No event notifier"); + } + + @Override // see RFC4254 section 6.10 + public Result process(Channel channel, String request, boolean wantReply, Buffer buffer) throws Exception { + String name = getName(); + if (name.equals(request)) { + V value = processRequestValue(channel, request, buffer); + if (value != null) { + + holder.set(value); + notifyStateChanged(channel, request, value); + return Result.ReplySuccess; + } + } + + return Result.Unsupported; + } + + /** + * Invoked by default from {@link #process(Channel, String, boolean, Buffer)} when a request matching the handler's + * name is received + * + * @param channel The {@link Channel} through which the request was received + * @param request The received request - Note: guaranteed to match the handler's name if invoked from + * {@link #process(Channel, String, boolean, Buffer)} + * @param buffer The received {@link Buffer} for extracting the data + * @return The extracted data - if {@code null} then request is ignored and {@code Unsupported} is + * returned + * @throws Exception If failed to process the received request buffer + */ + protected abstract V processRequestValue(Channel channel, String request, Buffer buffer) throws Exception; + + /** + * Notifies that some change has been made to the data in the holder. The reported event is obtained via the + * {@link #getEvent(Channel, String, Object)} call + * + * @param channel The {@link Channel} through which the request was received + * @param request The processed request + * @param value The processed value + */ + protected void notifyStateChanged(Channel channel, String request, V value) { + String event = getEvent(channel, request, value); + try { + notifier.notifyEvent(event); + } catch (Exception e) { + if (e instanceof RuntimeException) { + throw (RuntimeException) e; + } else { + throw new RuntimeException(e); + } + } + } + + /** + * @param channel The {@link Channel} through which the request was received + * @param request The processed request + * @param value The processed value + * @return The event name to be used - default: {@link #getName()} value + */ + protected String getEvent(Channel channel, String request, V value) { + return getName(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/channel/exit/ExitSignalChannelRequestHandler.java b/files-sftp/src/main/java/org/apache/sshd/client/channel/exit/ExitSignalChannelRequestHandler.java new file mode 100644 index 0000000..7aa5de6 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/channel/exit/ExitSignalChannelRequestHandler.java @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.channel.exit; + +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.common.channel.Channel; +import org.apache.sshd.common.util.EventNotifier; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * @author Apache MINA SSHD Project + * @see RFC4254 section 6.10 + */ +public class ExitSignalChannelRequestHandler extends AbstractChannelExitRequestHandler { + public static final String NAME = "exit-signal"; + + public ExitSignalChannelRequestHandler(AtomicReference holder, EventNotifier notifier) { + super(holder, notifier); + } + + @Override + public final String getName() { + return NAME; + } + + @Override + protected String processRequestValue(Channel channel, String request, Buffer buffer) throws Exception { + return processRequestValue(channel, buffer.getString(), buffer.getBoolean(), buffer.getString(), buffer.getString()); + } + + protected String processRequestValue(Channel channel, String signalName, boolean coreDumped, String message, String lang) + throws Exception { + + return signalName; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/channel/exit/ExitStatusChannelRequestHandler.java b/files-sftp/src/main/java/org/apache/sshd/client/channel/exit/ExitStatusChannelRequestHandler.java new file mode 100644 index 0000000..3657b8b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/channel/exit/ExitStatusChannelRequestHandler.java @@ -0,0 +1,52 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.channel.exit; + +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.common.channel.Channel; +import org.apache.sshd.common.util.EventNotifier; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * @author Apache MINA SSHD Project + * @see RFC4254 section 6.10 + */ +public class ExitStatusChannelRequestHandler extends AbstractChannelExitRequestHandler { + public static final String NAME = "exit-status"; + + public ExitStatusChannelRequestHandler(AtomicReference holder, EventNotifier notifier) { + super(holder, notifier); + } + + @Override + public final String getName() { + return NAME; + } + + @Override + protected Integer processRequestValue(Channel channel, String request, Buffer buffer) throws Exception { + return processRequestValue(channel, buffer.getInt()); + } + + protected Integer processRequestValue(Channel channel, int exitStatus) throws Exception { + + return exitStatus; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/config/SshClientConfigFileReader.java b/files-sftp/src/main/java/org/apache/sshd/client/config/SshClientConfigFileReader.java new file mode 100644 index 0000000..16aae25 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/config/SshClientConfigFileReader.java @@ -0,0 +1,96 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.config; + +import java.time.Duration; +import java.util.Map; + +import org.apache.sshd.client.ClientBuilder; +import org.apache.sshd.client.SshClient; +import org.apache.sshd.common.CommonModuleProperties; +import org.apache.sshd.common.Property; +import org.apache.sshd.common.PropertyResolver; +import org.apache.sshd.common.PropertyResolverUtils; +import org.apache.sshd.common.config.SshConfigFileReader; +import org.apache.sshd.common.session.SessionHeartbeatController.HeartbeatType; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.CoreModuleProperties; + +/** + * @author Apache MINA SSHD Project + */ +public final class SshClientConfigFileReader { + public static final String SETENV_PROP = "SetEnv"; + public static final String SENDENV_PROP = "SendEnv"; + public static final String REQUEST_TTY_OPTION = "RequestTTY"; + + public static final Property CLIENT_LIVECHECK_INTERVAL_PROP + = Property.duration("ClientAliveInterval", Duration.ZERO); + + public static final Property CLIENT_LIVECHECK_USE_NULLS = Property.bool("ClientAliveUseNullPackets", false); + + public static final Property CLIENT_LIVECHECK_REPLIES_WAIT + = Property.duration("ClientAliveReplyWait", Duration.ZERO); + public static final long DEFAULT_LIVECHECK_REPLY_WAIT = 0L; + + private SshClientConfigFileReader() { + throw new UnsupportedOperationException("No instance allowed"); + } + + public static C setupClientHeartbeat(C client, PropertyResolver props) { + if ((client == null) || (props == null)) { + return client; + } + + Duration interval = CLIENT_LIVECHECK_INTERVAL_PROP.getRequired(props); + if (GenericUtils.isNegativeOrNull(interval)) { + return client; + } + + if (CLIENT_LIVECHECK_USE_NULLS.getRequired(props)) { + CommonModuleProperties.SESSION_HEARTBEAT_TYPE.set(client, HeartbeatType.IGNORE); + CommonModuleProperties.SESSION_HEARTBEAT_INTERVAL.set(client, interval); + } else { + CoreModuleProperties.HEARTBEAT_INTERVAL.set(client, interval); + + interval = CLIENT_LIVECHECK_REPLIES_WAIT.getRequired(props); + if (!GenericUtils.isNegativeOrNull(interval)) { + CoreModuleProperties.HEARTBEAT_REPLY_WAIT.set(client, interval); + } + } + + return client; + } + + public static C setupClientHeartbeat(C client, Map options) { + if ((client == null) || GenericUtils.isEmpty(options)) { + return client; + } + + return setupClientHeartbeat(client, PropertyResolverUtils.toPropertyResolver(options)); + } + + public static C configure( + C client, PropertyResolver props, boolean lenient, boolean ignoreUnsupported) { + SshConfigFileReader.configure(client, props, lenient, ignoreUnsupported); + SshConfigFileReader.configureKeyExchanges(client, props, lenient, ClientBuilder.DH2KEX, ignoreUnsupported); + setupClientHeartbeat(client, props); + return client; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/ConfigFileHostEntryResolver.java b/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/ConfigFileHostEntryResolver.java new file mode 100644 index 0000000..75b53fb --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/ConfigFileHostEntryResolver.java @@ -0,0 +1,97 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.config.hosts; + +import java.io.IOException; +import java.net.SocketAddress; +import java.nio.file.LinkOption; +import java.nio.file.Path; +import java.util.Collection; +import java.util.List; +import java.util.Objects; +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.common.AttributeRepository; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.io.IoUtils; +import org.apache.sshd.common.util.io.ModifiableFileWatcher; + +/** + * Watches for changes in a configuration file and automatically reloads any changes + * + * @author Apache MINA SSHD Project + */ +public class ConfigFileHostEntryResolver extends ModifiableFileWatcher implements HostConfigEntryResolver { + private final AtomicReference delegateHolder = // assumes initially empty + new AtomicReference<>(HostConfigEntryResolver.EMPTY); + + public ConfigFileHostEntryResolver(Path file) { + this(file, IoUtils.EMPTY_LINK_OPTIONS); + } + + public ConfigFileHostEntryResolver(Path file, LinkOption... options) { + super(file, options); + } + + @Override + public HostConfigEntry resolveEffectiveHost( + String host, int port, SocketAddress localAddress, String username, String proxyJump, AttributeRepository context) + throws IOException { + try { + HostConfigEntryResolver delegate + = Objects.requireNonNull(resolveEffectiveResolver(host, port, username, proxyJump), "No delegate"); + HostConfigEntry entry = delegate.resolveEffectiveHost(host, port, localAddress, username, proxyJump, context); + + return entry; + } catch (Throwable e) { + if (e instanceof IOException) { + throw (IOException) e; + } else { + throw new IOException(e); + } + } + } + + protected HostConfigEntryResolver resolveEffectiveResolver(String host, int port, String username, String proxyJump) + throws IOException { + if (checkReloadRequired()) { + delegateHolder.set(HostConfigEntryResolver.EMPTY); // start fresh + + Path path = getPath(); + if (exists()) { + Collection entries = reloadHostConfigEntries(path, host, port, username, proxyJump); + if (GenericUtils.size(entries) > 0) { + delegateHolder.set(HostConfigEntry.toHostConfigEntryResolver(entries)); + } + } else { + } + } + + return delegateHolder.get(); + } + + protected List reloadHostConfigEntries( + Path path, String host, int port, String username, String proxyJump) + throws IOException { + List entries = HostConfigEntry.readHostConfigEntries(path); + updateReloadAttributes(); + return entries; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/DefaultConfigFileHostEntryResolver.java b/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/DefaultConfigFileHostEntryResolver.java new file mode 100644 index 0000000..a5b41b3 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/DefaultConfigFileHostEntryResolver.java @@ -0,0 +1,80 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.config.hosts; + +import java.io.IOException; +import java.nio.file.LinkOption; +import java.nio.file.Path; +import java.util.Collections; +import java.util.List; +import java.util.Map; + +/** + * Monitors the {@code ~/.ssh/config} file of the user currently running the client, re-loading it if necessary. It also + * (optionally) enforces the same permissions regime as {@code OpenSSH} + * + * @author Apache MINA SSHD Project + */ +public class DefaultConfigFileHostEntryResolver extends ConfigFileHostEntryResolver { + /** + * The default instance that enforces the same permissions regime as {@code OpenSSH} + */ + public static final DefaultConfigFileHostEntryResolver INSTANCE = new DefaultConfigFileHostEntryResolver(true); + + private final boolean strict; + + /** + * @param strict If {@code true} then makes sure that the containing folder has 0700 access and the file 0644. + * Note: for Windows it does not check these permissions + * @see #validateStrictConfigFilePermissions(Path, LinkOption...) + */ + public DefaultConfigFileHostEntryResolver(boolean strict) { + this(HostConfigEntry.getDefaultHostConfigFile(), strict); + } + + public DefaultConfigFileHostEntryResolver(Path path, boolean strict, LinkOption... options) { + super(path, options); + this.strict = strict; + } + + /** + * @return If {@code true} then makes sure that the containing folder has 0700 access and the file 0644. + * Note: for Windows it does not check these permissions + * @see #validateStrictConfigFilePermissions(Path, LinkOption...) + */ + public final boolean isStrict() { + return strict; + } + + @Override + protected List reloadHostConfigEntries(Path path, String host, int port, String username, String proxyJump) + throws IOException { + if (isStrict()) { + + Map.Entry violation = validateStrictConfigFilePermissions(path); + if (violation != null) { + updateReloadAttributes(); + return Collections.emptyList(); + } + } + + return super.reloadHostConfigEntries(path, host, port, username, proxyJump); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/HostConfigEntry.java b/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/HostConfigEntry.java new file mode 100644 index 0000000..3ae8828 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/HostConfigEntry.java @@ -0,0 +1,1206 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.config.hosts; + +import java.io.BufferedReader; +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.OutputStream; +import java.io.OutputStreamWriter; +import java.io.Reader; +import java.io.StreamCorruptedException; +import java.io.Writer; +import java.net.InetAddress; +import java.net.URL; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.OpenOption; +import java.nio.file.Path; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import java.util.NavigableSet; +import java.util.Objects; +import java.util.TreeMap; + +import org.apache.sshd.common.auth.MutableUserHolder; +import org.apache.sshd.common.config.ConfigFileReaderSupport; +import org.apache.sshd.common.config.keys.IdentityUtils; +import org.apache.sshd.common.config.keys.PublicKeyEntry; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.MapEntryUtils.NavigableMapBuilder; +import org.apache.sshd.common.util.OsUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.io.IoUtils; +import org.apache.sshd.common.util.io.NoCloseInputStream; +import org.apache.sshd.common.util.io.NoCloseOutputStream; +import org.apache.sshd.common.util.io.NoCloseReader; + +/** + * Represents an entry in the client's configuration file as defined by the + * ssh_config configuration file format + * + * @author Apache MINA SSHD Project + * @see OpenSSH Config File + * Examples + */ +public class HostConfigEntry extends HostPatternsHolder implements MutableUserHolder { + /** + * Standard OpenSSH config file name + */ + public static final String STD_CONFIG_FILENAME = "config"; + + public static final String HOST_CONFIG_PROP = "Host"; + public static final String HOST_NAME_CONFIG_PROP = "HostName"; + public static final String PORT_CONFIG_PROP = ConfigFileReaderSupport.PORT_CONFIG_PROP; + public static final String USER_CONFIG_PROP = "User"; + public static final String PROXY_JUMP_CONFIG_PROP = "ProxyJump"; + public static final String IDENTITY_FILE_CONFIG_PROP = "IdentityFile"; + /** + * Use only the identities specified in the host entry (if any) + */ + public static final String EXCLUSIVE_IDENTITIES_CONFIG_PROP = "IdentitiesOnly"; + public static final boolean DEFAULT_EXCLUSIVE_IDENTITIES = false; + + /** + * A case insensitive {@link NavigableSet} of the properties that receive special handling + */ + public static final NavigableSet EXPLICIT_PROPERTIES = Collections.unmodifiableNavigableSet( + GenericUtils.asSortedSet(String.CASE_INSENSITIVE_ORDER, + HOST_CONFIG_PROP, HOST_NAME_CONFIG_PROP, PORT_CONFIG_PROP, + USER_CONFIG_PROP, IDENTITY_FILE_CONFIG_PROP, EXCLUSIVE_IDENTITIES_CONFIG_PROP)); + + public static final String MULTI_VALUE_SEPARATORS = " ,"; + + public static final char HOME_TILDE_CHAR = '~'; + public static final char PATH_MACRO_CHAR = '%'; + public static final char LOCAL_HOME_MACRO = 'd'; + public static final char LOCAL_USER_MACRO = 'u'; + public static final char LOCAL_HOST_MACRO = 'l'; + public static final char REMOTE_HOST_MACRO = 'h'; + public static final char REMOTE_USER_MACRO = 'r'; + // Extra - not part of the standard + public static final char REMOTE_PORT_MACRO = 'p'; + + private static final class LazyDefaultConfigFileHolder { + private static final Path CONFIG_FILE = PublicKeyEntry.getDefaultKeysFolderPath().resolve(STD_CONFIG_FILENAME); + + private LazyDefaultConfigFileHolder() { + throw new UnsupportedOperationException("No instance allowed"); + } + } + + private String host; + private String hostName; + private int port; + private String username; + private String proxyJump; + private Boolean exclusiveIdentites; + private Collection identities = Collections.emptyList(); + private Map properties = Collections.emptyMap(); + + public HostConfigEntry() { + super(); + } + + public HostConfigEntry(String pattern, String host, int port, String username) { + this(pattern, host, port, username, null); + } + + public HostConfigEntry(String pattern, String host, int port, String username, String proxyJump) { + setHost(pattern); + setHostName(host); + setPort(port); + setUsername(username); + setProxyJump(proxyJump); + } + + /** + * @return The pattern(s) represented by this entry + */ + public String getHost() { + return host; + } + + public void setHost(String host) { + this.host = host; + setPatterns(parsePatterns(parseConfigValue(host))); + } + + public void setHost(Collection patterns) { + this.host = GenericUtils.join(ValidateUtils.checkNotNullAndNotEmpty(patterns, "No patterns"), ','); + setPatterns(parsePatterns(patterns)); + } + + /** + * @return The effective host name to connect to if the pattern matches + */ + public String getHostName() { + return hostName; + } + + public void setHostName(String hostName) { + this.hostName = hostName; + } + + public String resolveHostName(String originalHost) { + return resolveHostName(originalHost, getHostName()); + } + + /** + * @return A port override - if positive + */ + public int getPort() { + return port; + } + + public void setPort(int port) { + this.port = port; + } + + /** + * Resolves the effective port to use + * + * @param originalPort The original requested port + * @return If the host entry port is positive, then it is used, otherwise the original requested port + * @see #resolvePort(int, int) + */ + public int resolvePort(int originalPort) { + return resolvePort(originalPort, getPort()); + } + + /** + * @return A username override - if not {@code null}/empty + */ + @Override + public String getUsername() { + return username; + } + + @Override + public void setUsername(String username) { + this.username = username; + } + + /** + * Resolves the effective username + * + * @param originalUser The original requested username + * @return If the configured host entry username is not {@code null}/empty then it is used, otherwise + * the original one. + * @see #resolveUsername(String) + */ + public String resolveUsername(String originalUser) { + return resolveUsername(originalUser, getUsername()); + } + + /** + * @return the host to use as a proxy + */ + public String getProxyJump() { + return proxyJump; + } + + public void setProxyJump(String proxyJump) { + this.proxyJump = proxyJump; + } + + /** + * Resolves the effective proxyJump + * + * @param originalProxyJump The original requested proxyJump + * @return If the configured host entry proxyJump is not {@code null}/empty then it is used, + * otherwise the original one. + * @see #resolveUsername(String) + */ + public String resolveProxyJump(String originalProxyJump) { + return resolveProxyJump(originalProxyJump, getProxyJump()); + } + + /** + * @return The current identities file paths - may be {@code null}/empty + */ + public Collection getIdentities() { + return identities; + } + + /** + * @param path A {@link Path} to a file that contains an identity key - never {@code null} + */ + public void addIdentity(Path path) { + addIdentity(Objects.requireNonNull(path, "No path").toAbsolutePath().normalize().toString()); + } + + /** + * Adds a path to an identity file + * + * @param id The identity path to add - never {@code null} + */ + public void addIdentity(String id) { + String path = ValidateUtils.checkNotNullAndNotEmpty(id, "No identity provided"); + if (GenericUtils.isEmpty(identities)) { + identities = new LinkedList<>(); + } + identities.add(path); + } + + public void setIdentities(Collection identities) { + this.identities = (identities == null) ? Collections.emptyList() : identities; + } + + /** + * @return {@code true} if must use only the identities in this entry + */ + public boolean isIdentitiesOnly() { + return (exclusiveIdentites == null) ? DEFAULT_EXCLUSIVE_IDENTITIES : exclusiveIdentites; + } + + public void setIdentitiesOnly(boolean identitiesOnly) { + exclusiveIdentites = identitiesOnly; + } + + /** + * @return A {@link Map} of extra properties that have been read - may be {@code null}/empty, or even contain some + * values that have been parsed and set as members of the entry (e.g., host, port, etc.). Note: + * multi-valued keys use a comma-separated list of values + */ + public Map getProperties() { + return properties; + } + + /** + * @param name Property name - never {@code null}/empty + * @return Property value or {@code null} if no such property + * @see #getProperty(String, String) + */ + public String getProperty(String name) { + return getProperty(name, null); + } + + /** + * @param name Property name - never {@code null}/empty + * @param defaultValue Default value to return if no such property + * @return The property value or the default one if no such property + */ + public String getProperty(String name, String defaultValue) { + String key = ValidateUtils.checkNotNullAndNotEmpty(name, "No property name"); + Map props = getProperties(); + if (GenericUtils.isEmpty(props)) { + return defaultValue; + } + + String value = props.get(key); + if (GenericUtils.isEmpty(value)) { + return defaultValue; + } else { + return value; + } + } + + /** + * Updates the values that are not already configured with those from the global entry + * + * @param globalEntry The global entry - ignored if {@code null} or same reference as this entry + * @return {@code true} if anything updated + */ + public boolean processGlobalValues(HostConfigEntry globalEntry) { + if ((globalEntry == null) || (this == globalEntry)) { + return false; + } + + boolean modified = false; + /* + * NOTE !!! DO NOT TRY TO CHANGE THE ORDER OF THE OR-ing AS IT WOULD CAUSE INVALID CODE EXECUTION + */ + modified = updateGlobalPort(globalEntry.getPort()) || modified; + modified = updateGlobalHostName(globalEntry.getHostName()) || modified; + modified = updateGlobalUserName(globalEntry.getUsername()) || modified; + modified = updateGlobalIdentities(globalEntry.getIdentities()) || modified; + modified = updateGlobalIdentityOnly(globalEntry.isIdentitiesOnly()) || modified; + + Map updated = updateGlobalProperties(globalEntry.getProperties()); + modified = (GenericUtils.size(updated) > 0) || modified; + + return modified; + } + + /** + * Sets all the properties for which no current value exists in the entry + * + * @param props The global properties - ignored if {@code null}/empty + * @return A {@link Map} of the updated properties + */ + public Map updateGlobalProperties(Map props) { + if (GenericUtils.isEmpty(props)) { + return Collections.emptyMap(); + } + + Map updated = null; + // Cannot use forEach because of the modification of the updated map value (non-final) + for (Map.Entry pe : props.entrySet()) { + String key = pe.getKey(); + String curValue = getProperty(key); + if (GenericUtils.length(curValue) > 0) { + continue; + } + + String newValue = pe.getValue(); + setProperty(key, newValue); + + if (updated == null) { + updated = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + } + + updated.put(key, newValue); + } + + if (updated == null) { + return Collections.emptyMap(); + } else { + return updated; + } + } + + /** + * @param ids Global identities - ignored if {@code null}/empty or already have configured identities + * @return {@code true} if updated identities + */ + public boolean updateGlobalIdentities(Collection ids) { + if (GenericUtils.isEmpty(ids) || (GenericUtils.size(getIdentities()) > 0)) { + return false; + } + + for (String id : ids) { + addIdentity(id); + } + + return true; + } + + /** + * @param user The global user name - ignored if {@code null}/empty or already have a configured user + * @return {@code true} if updated the username + */ + public boolean updateGlobalUserName(String user) { + if (GenericUtils.isEmpty(user) || (GenericUtils.length(getUsername()) > 0)) { + return false; + } + + setUsername(user); + return true; + } + + /** + * @param name The global host name - ignored if {@code null}/empty or already have a configured target host + * @return {@code true} if updated the target host + */ + public boolean updateGlobalHostName(String name) { + if (GenericUtils.isEmpty(name) || (GenericUtils.length(getHostName()) > 0)) { + return false; + } + + setHostName(name); + return true; + } + + /** + * @param portValue The global port value - ignored if not positive or already have a configured port + * @return {@code true} if updated the port value + */ + public boolean updateGlobalPort(int portValue) { + if ((portValue <= 0) || (getPort() > 0)) { + return false; + } + + setPort(portValue); + return true; + } + + /** + * @param identitiesOnly Whether to use only the identities in this entry. Ignored if already set + * @return {@code true} if updated the option value + */ + public boolean updateGlobalIdentityOnly(boolean identitiesOnly) { + if (exclusiveIdentites != null) { + return false; + } + + setIdentitiesOnly(identitiesOnly); + return true; + } + + /** + * @param name Property name - never {@code null}/empty + * @param valsList The available values for the property + * @param ignoreAlreadyInitialized If {@code false} and one of the "known" properties is encountered then + * throws an exception + * @throws IllegalArgumentException If an existing value is overwritten and ignoreAlreadyInitialized is + * {@code false} (except for {@link #IDENTITY_FILE_CONFIG_PROP} which is + * cumulative + * @see #HOST_NAME_CONFIG_PROP + * @see #PORT_CONFIG_PROP + * @see #USER_CONFIG_PROP + * @see #IDENTITY_FILE_CONFIG_PROP + */ + public void processProperty(String name, Collection valsList, boolean ignoreAlreadyInitialized) { + String key = ValidateUtils.checkNotNullAndNotEmpty(name, "No property name"); + String joinedValue = GenericUtils.join(valsList, ','); + appendPropertyValue(key, joinedValue); + + if (HOST_NAME_CONFIG_PROP.equalsIgnoreCase(key)) { + ValidateUtils.checkTrue(GenericUtils.size(valsList) == 1, "Multiple target hosts N/A: %s", joinedValue); + + String curValue = getHostName(); + ValidateUtils.checkTrue(GenericUtils.isEmpty(curValue) || ignoreAlreadyInitialized, "Already initialized %s: %s", + key, curValue); + setHostName(joinedValue); + } else if (PORT_CONFIG_PROP.equalsIgnoreCase(key)) { + ValidateUtils.checkTrue(GenericUtils.size(valsList) == 1, "Multiple target ports N/A: %s", joinedValue); + + int curValue = getPort(); + ValidateUtils.checkTrue((curValue <= 0) || ignoreAlreadyInitialized, "Already initialized %s: %d", key, curValue); + + int newValue = Integer.parseInt(joinedValue); + ValidateUtils.checkTrue(newValue > 0, "Bad new port value: %d", newValue); + setPort(newValue); + } else if (USER_CONFIG_PROP.equalsIgnoreCase(key)) { + ValidateUtils.checkTrue(GenericUtils.size(valsList) == 1, "Multiple target users N/A: %s", joinedValue); + + String curValue = getUsername(); + ValidateUtils.checkTrue(GenericUtils.isEmpty(curValue) || ignoreAlreadyInitialized, "Already initialized %s: %s", + key, curValue); + setUsername(joinedValue); + } else if (IDENTITY_FILE_CONFIG_PROP.equalsIgnoreCase(key)) { + ValidateUtils.checkTrue(GenericUtils.size(valsList) > 0, "No identity files specified"); + for (String id : valsList) { + addIdentity(id); + } + } else if (EXCLUSIVE_IDENTITIES_CONFIG_PROP.equalsIgnoreCase(key)) { + setIdentitiesOnly( + ConfigFileReaderSupport.parseBooleanValue( + ValidateUtils.checkNotNullAndNotEmpty(joinedValue, "No identities option value"))); + } else if (PROXY_JUMP_CONFIG_PROP.equalsIgnoreCase(key)) { + String curValue = getProxyJump(); + ValidateUtils.checkTrue(GenericUtils.isEmpty(curValue) || ignoreAlreadyInitialized, "Already initialized %s: %s", + key, curValue); + setProxyJump(joinedValue); + } + } + + /** + * Appends a value using a comma to an existing one. If no previous value then same as calling + * {@link #setProperty(String, String)}. + * + * @param name Property name - never {@code null}/empty + * @param value The value to be appended - ignored if {@code null}/empty + * @return The value before appending - {@code null} if no previous value + */ + public String appendPropertyValue(String name, String value) { + String key = ValidateUtils.checkNotNullAndNotEmpty(name, "No property name"); + String curVal = getProperty(key); + if (GenericUtils.isEmpty(value)) { + return curVal; + } + + if (GenericUtils.isEmpty(curVal)) { + return setProperty(key, value); + } + + return setProperty(key, curVal + ',' + value); + } + + /** + * Sets / Replaces the property value + * + * @param name Property name - never {@code null}/empty + * @param value Property value - if {@code null}/empty then {@link #removeProperty(String)} is called + * @return The previous property value - {@code null} if no such name + */ + public String setProperty(String name, String value) { + if (GenericUtils.isEmpty(value)) { + return removeProperty(name); + } + + String key = ValidateUtils.checkNotNullAndNotEmpty(name, "No property name"); + if (GenericUtils.isEmpty(properties)) { + properties = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + } + + return properties.put(key, value); + } + + /** + * @param name Property name - never {@code null}/empty + * @return The removed property value - {@code null} if no such property name + */ + public String removeProperty(String name) { + String key = ValidateUtils.checkNotNullAndNotEmpty(name, "No property name"); + Map props = getProperties(); + if (GenericUtils.isEmpty(props)) { + return null; + } else { + return props.remove(key); + } + } + + /** + * @param properties The properties to set - if {@code null} then an empty map is effectively set. Note: it + * is highly recommended to use a case insensitive key mapper. + */ + public void setProperties(Map properties) { + this.properties = (properties == null) ? Collections.emptyMap() : properties; + } + + public A append(A sb) throws IOException { + sb.append(HOST_CONFIG_PROP).append(' ').append(ValidateUtils.checkNotNullAndNotEmpty(getHost(), "No host pattern")) + .append(IoUtils.EOL); + appendNonEmptyProperty(sb, HOST_NAME_CONFIG_PROP, getHostName()); + appendNonEmptyPort(sb, PORT_CONFIG_PROP, getPort()); + appendNonEmptyProperty(sb, USER_CONFIG_PROP, getUsername()); + appendNonEmptyValues(sb, IDENTITY_FILE_CONFIG_PROP, getIdentities()); + if (exclusiveIdentites != null) { + appendNonEmptyProperty(sb, EXCLUSIVE_IDENTITIES_CONFIG_PROP, + ConfigFileReaderSupport.yesNoValueOf(exclusiveIdentites)); + } + appendNonEmptyProperties(sb, getProperties()); + return sb; + } + + @Override + public String toString() { + return getHost() + ": " + getUsername() + "@" + getHostName() + ":" + getPort(); + } + + /** + * @param The {@link Appendable} type + * @param sb The target appender + * @param name The property name - never {@code null}/empty + * @param port The port value - ignored if non-positive + * @return The target appender after having appended (or not) the value + * @throws IOException If failed to append the requested data + * @see #appendNonEmptyProperty(Appendable, String, Object) + */ + public static A appendNonEmptyPort(A sb, String name, int port) throws IOException { + return appendNonEmptyProperty(sb, name, (port > 0) ? Integer.toString(port) : null); + } + + /** + * Appends the extra properties - while skipping the {@link #EXPLICIT_PROPERTIES} ones + * + * @param The {@link Appendable} type + * @param sb The target appender + * @param props The {@link Map} of properties - ignored if {@code null}/empty + * @return The target appender after having appended (or not) the value + * @throws IOException If failed to append the requested data + * @see #appendNonEmptyProperty(Appendable, String, Object) + */ + public static A appendNonEmptyProperties(A sb, Map props) throws IOException { + if (GenericUtils.isEmpty(props)) { + return sb; + } + + // Cannot use forEach because of the IOException being thrown by appendNonEmptyProperty + for (Map.Entry pe : props.entrySet()) { + String name = pe.getKey(); + if (EXPLICIT_PROPERTIES.contains(name)) { + continue; + } + + appendNonEmptyProperty(sb, name, pe.getValue()); + } + + return sb; + } + + /** + * @param The {@link Appendable} type + * @param sb The target appender + * @param name The property name - never {@code null}/empty + * @param value The property value - ignored if {@code null}. Note: if the string representation of + * the value contains any commas, they are assumed to indicate a multi-valued property which is + * broken down to individual lines - one per value. + * @return The target appender after having appended (or not) the value + * @throws IOException If failed to append the requested data + * @see #appendNonEmptyValues(Appendable, String, Object...) + */ + public static A appendNonEmptyProperty(A sb, String name, Object value) throws IOException { + String s = Objects.toString(value, null); + String[] vals = GenericUtils.split(s, ','); + return appendNonEmptyValues(sb, name, (Object[]) vals); + } + + /** + * @param The {@link Appendable} type + * @param sb The target appender + * @param name The property name - never {@code null}/empty + * @param values The values to be added - one per line - ignored if {@code null}/empty + * @return The target appender after having appended (or not) the value + * @throws IOException If failed to append the requested data + * @see #appendNonEmptyValues(Appendable, String, Collection) + */ + public static A appendNonEmptyValues(A sb, String name, Object... values) throws IOException { + return appendNonEmptyValues(sb, name, GenericUtils.isEmpty(values) ? Collections.emptyList() : Arrays.asList(values)); + } + + /** + * @param The {@link Appendable} type + * @param sb The target appender + * @param name The property name - never {@code null}/empty + * @param values The values to be added - one per line - ignored if {@code null}/empty + * @return The target appender after having appended (or not) the value + * @throws IOException If failed to append the requested data + */ + public static A appendNonEmptyValues(A sb, String name, Collection values) throws IOException { + String k = ValidateUtils.checkNotNullAndNotEmpty(name, "No property name"); + if (GenericUtils.isEmpty(values)) { + return sb; + } + + for (Object v : values) { + sb.append(" ").append(k).append(' ').append(Objects.toString(v)).append(IoUtils.EOL); + } + + return sb; + } + + /** + * @param entries The entries - ignored if {@code null}/empty + * @return A {@link HostConfigEntryResolver} wrapper using the entries + */ + public static HostConfigEntryResolver toHostConfigEntryResolver(Collection entries) { + if (GenericUtils.isEmpty(entries)) { + return HostConfigEntryResolver.EMPTY; + } else { + return (host1, port1, lclAddress, username1, proxyJump1, ctx) -> { + List matches = findMatchingEntries(host1, entries); + int numMatches = GenericUtils.size(matches); + if (numMatches <= 0) { + return null; + } + + HostConfigEntry match = (numMatches == 1) ? matches.get(0) : findBestMatch(matches); + if (match == null) { + ValidateUtils.throwIllegalArgumentException("No best match found for %s@%s:%d out of %d matches", username1, + host1, port1, numMatches); + } + + return normalizeEntry(match, host1, port1, username1, proxyJump1); + }; + } + } + + /** + * @param entry The original entry - ignored if {@code null} + * @param host The original host name / address + * @param port The original port + * @param username The original user name + * @param proxyJump And optional proxy jump setting + * @return A cloned entry whose values are resolved - including expanding macros in the + * identities files + * @throws IOException If failed to normalize the entry + * @see #resolveHostName(String) + * @see #resolvePort(int) + * @see #resolveUsername(String) + * @see #resolveIdentityFilePath(String, String, int, String) + */ + public static HostConfigEntry normalizeEntry( + HostConfigEntry entry, String host, int port, String username, String proxyJump) + throws IOException { + if (entry == null) { + return null; + } + + HostConfigEntry normal = new HostConfigEntry(); + normal.setHost(host); + normal.setHostName(entry.resolveHostName(host)); + normal.setPort(entry.resolvePort(port)); + normal.setUsername(entry.resolveUsername(username)); + normal.setProxyJump(entry.resolveProxyJump(proxyJump)); + + Map props = entry.getProperties(); + if (GenericUtils.size(props) > 0) { + normal.setProperties( + NavigableMapBuilder. builder(String.CASE_INSENSITIVE_ORDER) + .putAll(props) + .build()); + } + + Collection ids = entry.getIdentities(); + if (GenericUtils.isEmpty(ids)) { + return normal; + } + + normal.setIdentities(Collections.emptyList()); // start fresh + for (String id : ids) { + String path = resolveIdentityFilePath(id, host, port, username); + normal.addIdentity(path); + } + + return normal; + } + + /** + * Resolves the effective target host + * + * @param originalName The original requested host + * @param entryName The configured host + * @return If the configured host entry is not {@code null}/empty then it is used, otherwise the + * original one. + */ + public static String resolveHostName(String originalName, String entryName) { + if (GenericUtils.isEmpty(entryName)) { + return originalName; + } else { + return entryName; + } + } + + /** + * Resolves the effective username + * + * @param originalUser The original requested username + * @param entryUser The configured host entry username + * @return If the configured host entry username is not {@code null}/empty then it is used, otherwise + * the original one. + */ + public static String resolveUsername(String originalUser, String entryUser) { + if (GenericUtils.isEmpty(entryUser)) { + return originalUser; + } else { + return entryUser; + } + } + + /** + * Resolves the effective port to use + * + * @param originalPort The original requested port + * @param entryPort The configured host entry port + * @return If the host entry port is positive, then it is used, otherwise the original requested port + */ + public static int resolvePort(int originalPort, int entryPort) { + if (entryPort <= 0) { + return originalPort; + } else { + return entryPort; + } + } + + /** + * Resolves the effective proxyJump + * + * @param originalProxyJump The original requested proxyJump + * @param entryProxyJump The configured host entry proxyJump + * @return If the configured host entry proxyJump is not {@code null}/empty then it is used, + * otherwise the original one. + */ + public static String resolveProxyJump(String originalProxyJump, String entryProxyJump) { + if (GenericUtils.isEmpty(entryProxyJump)) { + return originalProxyJump; + } else { + return entryProxyJump; + } + } + + public static List readHostConfigEntries(Path path, OpenOption... options) throws IOException { + try (InputStream input = Files.newInputStream(path, options)) { + return readHostConfigEntries(input, true); + } + } + + public static List readHostConfigEntries(URL url) throws IOException { + try (InputStream input = url.openStream()) { + return readHostConfigEntries(input, true); + } + } + + public static List readHostConfigEntries(InputStream inStream, boolean okToClose) throws IOException { + try (Reader reader + = new InputStreamReader(NoCloseInputStream.resolveInputStream(inStream, okToClose), StandardCharsets.UTF_8)) { + return readHostConfigEntries(reader, true); + } + } + + public static List readHostConfigEntries(Reader rdr, boolean okToClose) throws IOException { + try (BufferedReader buf = new BufferedReader(NoCloseReader.resolveReader(rdr, okToClose))) { + return readHostConfigEntries(buf); + } + } + + /** + * Reads configuration entries + * + * @param rdr The {@link BufferedReader} to use + * @return The {@link List} of read {@link HostConfigEntry}-ies + * @throws IOException If failed to parse the read configuration + */ + public static List readHostConfigEntries(BufferedReader rdr) throws IOException { + HostConfigEntry curEntry = null; + HostConfigEntry globalEntry = null; + List entries = null; + + int lineNumber = 1; + for (String line = rdr.readLine(); line != null; line = rdr.readLine(), lineNumber++) { + line = GenericUtils.replaceWhitespaceAndTrim(line); + if (GenericUtils.isEmpty(line)) { + continue; + } + + int pos = line.indexOf(ConfigFileReaderSupport.COMMENT_CHAR); + if (pos == 0) { + continue; + } + + if (pos > 0) { + line = line.substring(0, pos); + line = line.trim(); + } + + /* + * Some options use '=', others use ' ' - try both NOTE: we do not validate the format for each option + * separately + */ + pos = line.indexOf(' '); + if (pos < 0) { + pos = line.indexOf('='); + } + + if (pos < 0) { + throw new StreamCorruptedException("No configuration value delimiter at line " + lineNumber + ": " + line); + } + + String key = line.substring(0, pos); + String value = line.substring(pos + 1); + List valsList = parseConfigValue(value); + + if (HOST_CONFIG_PROP.equalsIgnoreCase(key)) { + if (GenericUtils.isEmpty(valsList)) { + throw new StreamCorruptedException("Missing host pattern(s) at line " + lineNumber + ": " + line); + } + + // If the all-hosts pattern is used, make sure no global section already active + for (String name : valsList) { + if (ALL_HOSTS_PATTERN.equalsIgnoreCase(name) && (globalEntry != null)) { + throw new StreamCorruptedException( + "Overriding the global section with a specific one at line " + lineNumber + ": " + line); + } + } + + if (curEntry != null) { + curEntry.processGlobalValues(globalEntry); + } + + entries = updateEntriesList(entries, curEntry); + + curEntry = new HostConfigEntry(); + curEntry.setHost(valsList); + } else if (curEntry == null) { + // if 1st encountered property is NOT for a specific host, then configuration applies to ALL + curEntry = new HostConfigEntry(); + curEntry.setHost(Collections.singletonList(ALL_HOSTS_PATTERN)); + globalEntry = curEntry; + } + + try { + curEntry.processProperty(key, valsList, false); + } catch (RuntimeException e) { + throw new StreamCorruptedException( + "Failed (" + e.getClass().getSimpleName() + ")" + + " to process line #" + lineNumber + " (" + line + ")" + + ": " + e.getMessage()); + } + } + + if (curEntry != null) { + curEntry.processGlobalValues(globalEntry); + } + + entries = updateEntriesList(entries, curEntry); + if (entries == null) { + return Collections.emptyList(); + } else { + return entries; + } + } + + /** + * Finds the best match out of the given ones. + * + * @param matches The available matches - ignored if {@code null}/empty + * @return The best match or {@code null} if no matches or no best match found + * @see #findBestMatch(Iterator) + */ + public static HostConfigEntry findBestMatch(Collection matches) { + if (GenericUtils.isEmpty(matches)) { + return null; + } else { + return findBestMatch(matches.iterator()); + } + } + + /** + * Finds the best match out of the given ones. + * + * @param matches The available matches - ignored if {@code null}/empty + * @return The best match or {@code null} if no matches or no best match found + * @see #findBestMatch(Iterator) + */ + public static HostConfigEntry findBestMatch(Iterable matches) { + if (matches == null) { + return null; + } else { + return findBestMatch(matches.iterator()); + } + } + + /** + * Finds the best match out of the given ones. The best match is defined as one whose pattern is as specific + * as possible (if more than one match is available). I.e., a non-global match is preferred over global one, and a + * match with no wildcards is preferred over one with such a pattern. + * + * @param matches The available matches - ignored if {@code null}/empty + * @return The best match or {@code null} if no matches or no best match found + * @see #isSpecificHostPattern(String) + */ + public static HostConfigEntry findBestMatch(Iterator matches) { + if ((matches == null) || (!matches.hasNext())) { + return null; + } + + HostConfigEntry candidate = matches.next(); + int wildcardMatches = 0; + while (matches.hasNext()) { + HostConfigEntry entry = matches.next(); + String entryPattern = entry.getHost(); + String candidatePattern = candidate.getHost(); + // prefer non-global entry over global entry + if (ALL_HOSTS_PATTERN.equalsIgnoreCase(candidatePattern)) { + // unlikely, but handle it + if (ALL_HOSTS_PATTERN.equalsIgnoreCase(entryPattern)) { + wildcardMatches++; + } else { + candidate = entry; + wildcardMatches = 0; + } + continue; + } + + if (isSpecificHostPattern(entryPattern)) { + // if both are specific then no best match + if (isSpecificHostPattern(candidatePattern)) { + return null; + } + + candidate = entry; + wildcardMatches = 0; + continue; + } + + wildcardMatches++; + } + + String candidatePattern = candidate.getHost(); + // best match either has specific host or no wildcard matches + if ((wildcardMatches <= 0) || (isSpecificHostPattern(candidatePattern))) { + return candidate; + } + + return null; + } + + public static List updateEntriesList(List entries, HostConfigEntry curEntry) { + if (curEntry == null) { + return entries; + } + + if (entries == null) { + entries = new ArrayList<>(); + } + + entries.add(curEntry); + return entries; + } + + public static void writeHostConfigEntries( + Path path, Collection entries, OpenOption... options) + throws IOException { + try (OutputStream outputStream = Files.newOutputStream(path, options)) { + writeHostConfigEntries(outputStream, true, entries); + } + } + + public static void writeHostConfigEntries( + OutputStream outputStream, boolean okToClose, Collection entries) + throws IOException { + if (GenericUtils.isEmpty(entries)) { + return; + } + + try (Writer w = new OutputStreamWriter( + NoCloseOutputStream.resolveOutputStream(outputStream, okToClose), StandardCharsets.UTF_8)) { + appendHostConfigEntries(w, entries); + } + } + + public static A appendHostConfigEntries(A sb, Collection entries) + throws IOException { + if (GenericUtils.isEmpty(entries)) { + return sb; + } + + for (HostConfigEntry entry : entries) { + entry.append(sb); + } + + return sb; + } + + /** + * Checks if this is a multi-value - allow space and comma + * + * @param value The value - ignored if {@code null}/empty (after trimming) + * @return A {@link List} of the encountered values + */ + public static List parseConfigValue(String value) { + String s = GenericUtils.replaceWhitespaceAndTrim(value); + if (GenericUtils.isEmpty(s)) { + return Collections.emptyList(); + } + + for (int index = 0; index < MULTI_VALUE_SEPARATORS.length(); index++) { + char sep = MULTI_VALUE_SEPARATORS.charAt(index); + int pos = s.indexOf(sep); + if (pos >= 0) { + String[] vals = GenericUtils.split(s, sep); + if (GenericUtils.isEmpty(vals)) { + return Collections.emptyList(); + } else { + return Arrays.asList(vals); + } + } + } + + // this point is reached if no separators found + return Collections.singletonList(s); + } + + // The file name may use the tilde syntax to refer to a user’s home directory or one of the following escape + // characters: + // '%d' (local user's home directory), '%u' (local user name), '%l' (local host name), '%h' (remote host name) or + // '%r' (remote user name). + public static String resolveIdentityFilePath(String id, String host, int port, String username) throws IOException { + if (GenericUtils.isEmpty(id)) { + return id; + } + + String path = id.replace('/', File.separatorChar); // make sure all separators are local + String[] elements = GenericUtils.split(path, File.separatorChar); + StringBuilder sb = new StringBuilder(path.length() + Long.SIZE); + for (int index = 0; index < elements.length; index++) { + String elem = elements[index]; + if (index > 0) { + sb.append(File.separatorChar); + } + + for (int curPos = 0; curPos < elem.length(); curPos++) { + char ch = elem.charAt(curPos); + if (ch == HOME_TILDE_CHAR) { + ValidateUtils.checkTrue((curPos == 0) && (index == 0), "Home tilde must be first: %s", id); + appendUserHome(sb); + } else if (ch == PATH_MACRO_CHAR) { + curPos++; + ValidateUtils.checkTrue(curPos < elem.length(), "Missing macro modifier in %s", id); + ch = elem.charAt(curPos); + switch (ch) { + case PATH_MACRO_CHAR: + sb.append(ch); + break; + case LOCAL_HOME_MACRO: + ValidateUtils.checkTrue((curPos == 1) && (index == 0), "Home macro must be first: %s", id); + appendUserHome(sb); + break; + case LOCAL_USER_MACRO: + sb.append(ValidateUtils.checkNotNullAndNotEmpty(OsUtils.getCurrentUser(), + "No local user name value")); + break; + case LOCAL_HOST_MACRO: { + InetAddress address = Objects.requireNonNull(InetAddress.getLocalHost(), "No local address"); + sb.append(ValidateUtils.checkNotNullAndNotEmpty(address.getHostName(), "No local name")); + break; + } + case REMOTE_HOST_MACRO: + sb.append(ValidateUtils.checkNotNullAndNotEmpty(host, "No remote host provided")); + break; + case REMOTE_USER_MACRO: + sb.append(ValidateUtils.checkNotNullAndNotEmpty(username, "No remote user provided")); + break; + case REMOTE_PORT_MACRO: + ValidateUtils.checkTrue(port > 0, "Bad remote port value: %d", port); + sb.append(port); + break; + default: + ValidateUtils.throwIllegalArgumentException("Bad modifier '%s' in %s", String.valueOf(ch), id); + } + } else { + sb.append(ch); + } + } + } + + return sb.toString(); + } + + public static StringBuilder appendUserHome(StringBuilder sb) { + return appendUserHome(sb, IdentityUtils.getUserHomeFolder()); + } + + public static StringBuilder appendUserHome(StringBuilder sb, Path userHome) { + return appendUserHome(sb, Objects.requireNonNull(userHome, "No user home folder").toString()); + } + + public static StringBuilder appendUserHome(StringBuilder sb, String userHome) { + if (GenericUtils.isEmpty(userHome)) { + return sb; + } + + sb.append(userHome); + // strip any ending separator since we add our own + int len = sb.length(); + if (sb.charAt(len - 1) == File.separatorChar) { + sb.setLength(len - 1); + } + + return sb; + } + + /** + * @return The default {@link Path} location of the OpenSSH hosts entries configuration file + */ + @SuppressWarnings("synthetic-access") + public static Path getDefaultHostConfigFile() { + return LazyDefaultConfigFileHolder.CONFIG_FILE; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/HostConfigEntryResolver.java b/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/HostConfigEntryResolver.java new file mode 100644 index 0000000..cc0766a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/HostConfigEntryResolver.java @@ -0,0 +1,70 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.config.hosts; + +import java.io.IOException; +import java.net.SocketAddress; + +import org.apache.sshd.common.AttributeRepository; + +/** + * @author Apache MINA SSHD Project + * @see ssh_config + */ +@FunctionalInterface +public interface HostConfigEntryResolver { + /** + * An "empty" implementation that does not resolve any entry - i.e., uses the original entry as-is + */ + HostConfigEntryResolver EMPTY = new HostConfigEntryResolver() { + @Override + public HostConfigEntry resolveEffectiveHost( + String host, int port, SocketAddress localAddress, String username, String proxyJump, + AttributeRepository context) + throws IOException { + return null; + } + + @Override + public String toString() { + return "EMPTY"; + } + }; + + /** + * Invoked when creating a new client session in order to allow for overriding of the original parameters + * + * @param host The requested host - never {@code null}/empty + * @param port The requested port + * @param localAddress Optional binding endpoint for the local peer + * @param username The requested username + * @param proxyJump The requested proxyJump + * @param context An optional "context" provided during the connection request (to be attached to + * the established session if successfully connected) + * @return A {@link HostConfigEntry} for the actual target - {@code null} if use original parameters. + * Note: if any identity files are attached to the configuration then they must point to + * existing locations. This means that any macros such as ~, %d, %h, etc. + * must be resolved prior to returning the value + * @throws IOException If failed to resolve the configuration + */ + HostConfigEntry resolveEffectiveHost( + String host, int port, SocketAddress localAddress, String username, String proxyJump, AttributeRepository context) + throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/HostPatternValue.java b/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/HostPatternValue.java new file mode 100644 index 0000000..16f63d2 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/HostPatternValue.java @@ -0,0 +1,99 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.config.hosts; + +import java.io.IOException; +import java.util.regex.Pattern; + +import org.apache.sshd.common.util.GenericUtils; + +/** + * Represents a pattern definition in the known_hosts file + * + * @author Apache MINA SSHD Project + * @see + * OpenSSH cookbook - About the Contents of the known hosts Files + */ +public class HostPatternValue { + private Pattern pattern; + private int port; + private boolean negated; + + public HostPatternValue() { + super(); + } + + public HostPatternValue(Pattern pattern, boolean negated) { + this(pattern, 0, negated); + } + + public HostPatternValue(Pattern pattern, int port, boolean negated) { + this.pattern = pattern; + this.port = port; + this.negated = negated; + } + + public Pattern getPattern() { + return pattern; + } + + public void setPattern(Pattern pattern) { + this.pattern = pattern; + } + + public int getPort() { + return port; + } + + public void setPort(int port) { + this.port = port; + } + + public boolean isNegated() { + return negated; + } + + public void setNegated(boolean negated) { + this.negated = negated; + } + + @Override + public String toString() { + Pattern p = getPattern(); + String purePattern = (p == null) ? null : p.pattern(); + StringBuilder sb = new StringBuilder(GenericUtils.length(purePattern) + Short.SIZE); + if (isNegated()) { + sb.append(HostPatternsHolder.NEGATION_CHAR_PATTERN); + } + + int portValue = getPort(); + try { + KnownHostHashValue.appendHostPattern(sb, purePattern, portValue); + } catch (IOException e) { + throw new RuntimeException( + "Unexpected (" + e.getClass().getSimpleName() + ") failure" + + " to append host pattern of " + purePattern + ":" + portValue + ": " + e.getMessage(), + e); + } + + return sb.toString(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/HostPatternsHolder.java b/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/HostPatternsHolder.java new file mode 100644 index 0000000..7a7a88c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/HostPatternsHolder.java @@ -0,0 +1,354 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.config.hosts; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.LinkedList; +import java.util.List; +import java.util.Objects; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class HostPatternsHolder { + + /** + * Used in a host pattern to denote zero or more consecutive characters + */ + public static final char WILDCARD_PATTERN = '*'; + public static final String ALL_HOSTS_PATTERN = String.valueOf(WILDCARD_PATTERN); + + /** + * Used in a host pattern to denote any one character + */ + public static final char SINGLE_CHAR_PATTERN = '?'; + + /** + * Used to negate a host pattern + */ + public static final char NEGATION_CHAR_PATTERN = '!'; + + /** + * The available pattern characters + */ + public static final String PATTERN_CHARS + = new String(new char[] { WILDCARD_PATTERN, SINGLE_CHAR_PATTERN, NEGATION_CHAR_PATTERN }); + + /** Port value separator if non-standard port pattern used */ + public static final char PORT_VALUE_DELIMITER = ':'; + + /** Non-standard port specification host pattern enclosure start delimiter */ + public static final char NON_STANDARD_PORT_PATTERN_ENCLOSURE_START_DELIM = '['; + + /** Non-standard port specification host pattern enclosure end delimiter */ + public static final char NON_STANDARD_PORT_PATTERN_ENCLOSURE_END_DELIM = ']'; + + private Collection patterns = new LinkedList<>(); + + protected HostPatternsHolder() { + super(); + } + + public Collection getPatterns() { + return patterns; + } + + public void setPatterns(Collection patterns) { + this.patterns = patterns; + } + + /** + * Checks if a given host name / address matches the entry's host pattern(s) + * + * @param host The host name / address - ignored if {@code null}/empty + * @param port The connection port + * @return {@code true} if the name / address matches the pattern(s) + * @see #isHostMatch(String, Pattern) + */ + public boolean isHostMatch(String host, int port) { + return isHostMatch(host, port, getPatterns()); + } + + /** + * @param pattern The pattern to check - ignored if {@code null}/empty + * @return {@code true} if the pattern is not empty and contains no wildcard characters + * @see #WILDCARD_PATTERN + * @see #SINGLE_CHAR_PATTERN + * @see #SINGLE_CHAR_PATTERN + */ + public static boolean isSpecificHostPattern(String pattern) { + if (GenericUtils.isEmpty(pattern)) { + return false; + } + + for (int index = 0; index < PATTERN_CHARS.length(); index++) { + char ch = PATTERN_CHARS.charAt(index); + if (pattern.indexOf(ch) >= 0) { + return false; + } + } + + return true; + } + + /** + * Locates all the matching entries for a give host name / address + * + * @param host The host name / address - ignored if {@code null}/empty + * @param entries The {@link HostConfigEntry}-ies to scan - ignored if {@code null}/empty + * @return A {@link List} of all the matching entries + * @see #isHostMatch(String, int) + */ + public static List findMatchingEntries(String host, HostConfigEntry... entries) { + // TODO in Java-8 use Stream(s) + predicate + if (GenericUtils.isEmpty(host) || GenericUtils.isEmpty(entries)) { + return Collections.emptyList(); + } else { + return findMatchingEntries(host, Arrays.asList(entries)); + } + } + + /** + * Locates all the matching entries for a give host name / address + * + * @param host The host name / address - ignored if {@code null}/empty + * @param entries The {@link HostConfigEntry}-ies to scan - ignored if {@code null}/empty + * @return A {@link List} of all the matching entries + * @see #isHostMatch(String, int) + */ + public static List findMatchingEntries(String host, Collection entries) { + // TODO in Java-8 use Stream(s) + predicate + if (GenericUtils.isEmpty(host) || GenericUtils.isEmpty(entries)) { + return Collections.emptyList(); + } + + List matches = null; + for (HostConfigEntry entry : entries) { + if (!entry.isHostMatch(host, 0 /* any port */)) { + continue; // debug breakpoint + } + + if (matches == null) { + matches = new ArrayList<>(entries.size()); // in case ALL of them match + } + + matches.add(entry); + } + + if (matches == null) { + return Collections.emptyList(); + } else { + return matches; + } + } + + public static boolean isHostMatch(String host, int port, Collection patterns) { + if (GenericUtils.isEmpty(patterns)) { + return false; + } + + boolean matchFound = false; + for (HostPatternValue pv : patterns) { + boolean negated = pv.isNegated(); + /* + * If already found a match we are interested only in negations + */ + if (matchFound && (!negated)) { + continue; + } + + if (!isHostMatch(host, pv.getPattern())) { + continue; + } + + if (!isPortMatch(port, pv.getPort())) { + continue; + } + + /* + * According to https://www.freebsd.org/cgi/man.cgi?query=ssh_config&sektion=5: + * + * If a negated entry is matched, then the Host entry is ignored, regardless of whether any other patterns + * on the line match. + */ + if (negated) { + return false; + } + + matchFound = true; + } + + return matchFound; + } + + /** + * @param port1 1st port value - if non-positive the assumed to be {@link SshConstants#DEFAULT_PORT DEFAULT_PORT} + * @param port2 2nd port value - if non-positive the assumed to be {@link SshConstants#DEFAULT_PORT DEFAULT_PORT} + * @return {@code true} if ports are effectively equal + */ + public static boolean isPortMatch(int port1, int port2) { + return SshConstants.TO_EFFECTIVE_PORT.applyAsInt(port1) == SshConstants.TO_EFFECTIVE_PORT.applyAsInt(port2); + } + + /** + * Checks if a given host name / address matches a host pattern + * + * @param host The host name / address - ignored if {@code null}/empty + * @param pattern The host {@link Pattern} - ignored if {@code null} + * @return {@code true} if the name / address matches the pattern + */ + public static boolean isHostMatch(String host, Pattern pattern) { + if (GenericUtils.isEmpty(host) || (pattern == null)) { + return false; + } + + Matcher m = pattern.matcher(host); + return m.matches(); + } + + public static List parsePatterns(CharSequence... patterns) { + return parsePatterns(GenericUtils.isEmpty(patterns) ? Collections.emptyList() : Arrays.asList(patterns)); + } + + public static List parsePatterns(Collection patterns) { + if (GenericUtils.isEmpty(patterns)) { + return Collections.emptyList(); + } + + List result = new ArrayList<>(patterns.size()); + for (CharSequence p : patterns) { + result.add(ValidateUtils.checkNotNull(toPattern(p), "No pattern for %s", p)); + } + + return result; + } + + /** + * Converts a host pattern string to a regular expression matcher. Note: pattern matching is case + * insensitive + * + * @param patternString The original pattern string - ignored if {@code null}/empty + * @return The regular expression matcher {@link Pattern} and the indication whether it is a negating + * pattern or not - {@code null} if no original string + * @see #NON_STANDARD_PORT_PATTERN_ENCLOSURE_START_DELIM + * @see #NON_STANDARD_PORT_PATTERN_ENCLOSURE_END_DELIM + * @see #WILDCARD_PATTERN + * @see #SINGLE_CHAR_PATTERN + * @see #NEGATION_CHAR_PATTERN + */ + public static HostPatternValue toPattern(CharSequence patternString) { + String pattern = GenericUtils.replaceWhitespaceAndTrim(Objects.toString(patternString, null)); + if (GenericUtils.isEmpty(pattern)) { + return null; + } + + int patternLen = pattern.length(); + int port = 0; + // Check if non-standard port value used + StringBuilder sb = new StringBuilder(patternLen); + if (pattern.charAt(0) == HostPatternsHolder.NON_STANDARD_PORT_PATTERN_ENCLOSURE_START_DELIM) { + int pos = GenericUtils.lastIndexOf(pattern, HostPatternsHolder.PORT_VALUE_DELIMITER); + ValidateUtils.checkTrue(pos > 0, "Missing non-standard port value delimiter in %s", pattern); + ValidateUtils.checkTrue(pos < (patternLen - 1), "Missing non-standard port value number in %s", pattern); + ValidateUtils.checkTrue(pattern.charAt(pos - 1) == HostPatternsHolder.NON_STANDARD_PORT_PATTERN_ENCLOSURE_END_DELIM, + "Invalid non-standard port value host pattern enclosure delimiters in %s", pattern); + + String csPort = pattern.substring(pos + 1, patternLen); + port = Integer.parseInt(csPort); + ValidateUtils.checkTrue((port > 0) && (port <= 0xFFFF), "Invalid non-start port value (%d) in %s", port, pattern); + + pattern = pattern.substring(1, pos - 1); + patternLen = pattern.length(); + } + + boolean negated = false; + for (int curPos = 0; curPos < patternLen; curPos++) { + char ch = pattern.charAt(curPos); + ValidateUtils.checkTrue(isValidPatternChar(ch), "Invalid host pattern char in %s", pattern); + + switch (ch) { + case '.': // need to escape it + sb.append('\\').append(ch); + break; + case SINGLE_CHAR_PATTERN: + sb.append('.'); + break; + case WILDCARD_PATTERN: + sb.append(".*"); + break; + case NEGATION_CHAR_PATTERN: + ValidateUtils.checkTrue(!negated, "Double negation in %s", pattern); + ValidateUtils.checkTrue(curPos == 0, "Negation must be 1st char: %s", pattern); + negated = true; + break; + default: + sb.append(ch); + } + } + + return new HostPatternValue(Pattern.compile(sb.toString(), Pattern.CASE_INSENSITIVE), port, negated); + } + + /** + * Checks if the given character is valid for a host pattern. Valid characters are: + *
      + *
    • A-Z
      • + *
    • a-z
      • + *
    • 0-9
      • + *
    • Underscore (_)
      • + *
    • Hyphen (-)
      • + *
    • Dot (.)
      • + *
    • Colon (:)
      • + *
    • Percent (%) for scoped ipv6
      • + *
    • The {@link #WILDCARD_PATTERN}
      • + *
    • The {@link #SINGLE_CHAR_PATTERN}
      • + *
    + * + * @param ch The character to validate + * @return {@code true} if valid pattern character + */ + public static boolean isValidPatternChar(char ch) { + if ((ch <= ' ') || (ch >= 0x7E)) { + return false; + } + if ((ch >= 'a') && (ch <= 'z')) { + return true; + } + if ((ch >= 'A') && (ch <= 'Z')) { + return true; + } + if ((ch >= '0') && (ch <= '9')) { + return true; + } + if ("-_.:%".indexOf(ch) >= 0) { + return true; + } + return PATTERN_CHARS.indexOf(ch) >= 0; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/KnownHostDigest.java b/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/KnownHostDigest.java new file mode 100644 index 0000000..e974f5c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/KnownHostDigest.java @@ -0,0 +1,65 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.config.hosts; + +import java.util.Collections; +import java.util.EnumSet; +import java.util.Objects; +import java.util.Set; + +import org.apache.sshd.common.Factory; +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.mac.BuiltinMacs; +import org.apache.sshd.common.mac.Mac; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * Available digesters for known hosts entries + * + * @author Apache MINA SSHD Project + */ +public enum KnownHostDigest implements NamedFactory { + SHA1("1", BuiltinMacs.hmacsha1); + + public static final Set VALUES = Collections.unmodifiableSet(EnumSet.allOf(KnownHostDigest.class)); + + private final String name; + private final Factory factory; + + KnownHostDigest(String name, Factory factory) { + this.name = ValidateUtils.checkNotNullAndNotEmpty(name, "No name"); + this.factory = Objects.requireNonNull(factory, "No factory"); + } + + @Override + public String getName() { + return name; + } + + @Override + public Mac create() { + return factory.create(); + } + + public static KnownHostDigest fromName(String name) { + return NamedResource.findByName(name, String.CASE_INSENSITIVE_ORDER, VALUES); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java b/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java new file mode 100644 index 0000000..077c00d --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java @@ -0,0 +1,262 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.config.hosts; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.Reader; +import java.io.StreamCorruptedException; +import java.net.URL; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.OpenOption; +import java.nio.file.Path; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import org.apache.sshd.common.config.ConfigFileReaderSupport; +import org.apache.sshd.common.config.keys.AuthorizedKeyEntry; +import org.apache.sshd.common.config.keys.PublicKeyEntry; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.io.NoCloseInputStream; +import org.apache.sshd.common.util.io.NoCloseReader; + +/** + * Contains a representation of an entry in the known_hosts file + * + * @author Apache MINA SSHD Project + * @see sshd(8) man page + */ +public class KnownHostEntry extends HostPatternsHolder { + /** + * Character that denotes that start of a marker + */ + public static final char MARKER_INDICATOR = '@'; + + /** + * Standard OpenSSH config file name + */ + public static final String STD_HOSTS_FILENAME = "known_hosts"; + + private static final class LazyDefaultConfigFileHolder { + private static final Path HOSTS_FILE = PublicKeyEntry.getDefaultKeysFolderPath().resolve(STD_HOSTS_FILENAME); + + private LazyDefaultConfigFileHolder() { + throw new UnsupportedOperationException("No instance allowed"); + } + } + + private String line; + private String marker; + private AuthorizedKeyEntry keyEntry; + private KnownHostHashValue hashedEntry; + + public KnownHostEntry() { + super(); + } + + /** + * @param line The original line from which this entry was created + */ + public KnownHostEntry(String line) { + this.line = line; + } + + /** + * @return The original line from which this entry was created + */ + public String getConfigLine() { + return line; + } + + public void setConfigLine(String line) { + this.line = line; + } + + public String getMarker() { + return marker; + } + + public void setMarker(String marker) { + this.marker = marker; + } + + public AuthorizedKeyEntry getKeyEntry() { + return keyEntry; + } + + public void setKeyEntry(AuthorizedKeyEntry keyEntry) { + this.keyEntry = keyEntry; + } + + public KnownHostHashValue getHashedEntry() { + return hashedEntry; + } + + public void setHashedEntry(KnownHostHashValue hashedEntry) { + this.hashedEntry = hashedEntry; + } + + @Override + public boolean isHostMatch(String host, int port) { + if (super.isHostMatch(host, port)) { + return true; + } + + KnownHostHashValue hash = getHashedEntry(); + return (hash != null) && hash.isHostMatch(host, port); + } + + @Override + public String toString() { + return getConfigLine(); + } + + /** + * @return The default {@link Path} location of the OpenSSH known hosts file + */ + @SuppressWarnings("synthetic-access") + public static Path getDefaultKnownHostsFile() { + return LazyDefaultConfigFileHolder.HOSTS_FILE; + } + + public static List readKnownHostEntries(Path path, OpenOption... options) throws IOException { + try (InputStream input = Files.newInputStream(path, options)) { + return readKnownHostEntries(input, true); + } + } + + public static List readKnownHostEntries(URL url) throws IOException { + try (InputStream input = url.openStream()) { + return readKnownHostEntries(input, true); + } + } + + public static List readKnownHostEntries(InputStream inStream, boolean okToClose) throws IOException { + try (Reader reader + = new InputStreamReader(NoCloseInputStream.resolveInputStream(inStream, okToClose), StandardCharsets.UTF_8)) { + return readKnownHostEntries(reader, true); + } + } + + public static List readKnownHostEntries(Reader rdr, boolean okToClose) throws IOException { + try (BufferedReader buf = new BufferedReader(NoCloseReader.resolveReader(rdr, okToClose))) { + return readKnownHostEntries(buf); + } + } + + /** + * Reads configuration entries + * + * @param rdr The {@link BufferedReader} to use + * @return The {@link List} of read {@link KnownHostEntry}-ies + * @throws IOException If failed to parse the read configuration + */ + public static List readKnownHostEntries(BufferedReader rdr) throws IOException { + List entries = null; + + int lineNumber = 1; + for (String line = rdr.readLine(); line != null; line = rdr.readLine(), lineNumber++) { + line = GenericUtils.trimToEmpty(line); + if (GenericUtils.isEmpty(line)) { + continue; + } + + int pos = line.indexOf(ConfigFileReaderSupport.COMMENT_CHAR); + if (pos == 0) { + continue; + } + + if (pos > 0) { + line = line.substring(0, pos); + line = line.trim(); + } + + try { + KnownHostEntry entry = parseKnownHostEntry(line); + if (entry == null) { + continue; + } + + if (entries == null) { + entries = new ArrayList<>(); + } + entries.add(entry); + } catch (RuntimeException | Error e) { // TODO consider consulting a user callback + throw new StreamCorruptedException( + "Failed (" + e.getClass().getSimpleName() + ")" + " to parse line #" + lineNumber + " '" + line + "': " + + e.getMessage()); + } + } + + if (entries == null) { + return Collections.emptyList(); + } else { + return entries; + } + } + + public static KnownHostEntry parseKnownHostEntry(String line) { + return parseKnownHostEntry(GenericUtils.isEmpty(line) ? null : new KnownHostEntry(), line); + } + + public static E parseKnownHostEntry(E entry, String data) { + String line = GenericUtils.replaceWhitespaceAndTrim(data); + if (GenericUtils.isEmpty(line) || (line.charAt(0) == PublicKeyEntry.COMMENT_CHAR)) { + return entry; + } + + entry.setConfigLine(line); + + if (line.charAt(0) == MARKER_INDICATOR) { + int pos = line.indexOf(' '); + ValidateUtils.checkTrue(pos > 0, "Missing marker name end delimiter in line=%s", data); + ValidateUtils.checkTrue(pos > 1, "No marker name after indicator in line=%s", data); + entry.setMarker(line.substring(1, pos)); + line = line.substring(pos + 1).trim(); + } else { + entry.setMarker(null); + } + + int pos = line.indexOf(' '); + ValidateUtils.checkTrue(pos > 0, "Missing host patterns end delimiter in line=%s", data); + String hostPattern = line.substring(0, pos); + line = line.substring(pos + 1).trim(); + + if (hostPattern.charAt(0) == KnownHostHashValue.HASHED_HOST_DELIMITER) { + KnownHostHashValue hash = ValidateUtils.checkNotNull(KnownHostHashValue.parse(hostPattern), + "Failed to extract host hash value from line=%s", data); + entry.setHashedEntry(hash); + entry.setPatterns(null); + } else { + entry.setHashedEntry(null); + entry.setPatterns(parsePatterns(GenericUtils.split(hostPattern, ','))); + } + + AuthorizedKeyEntry key = ValidateUtils.checkNotNull(AuthorizedKeyEntry.parseAuthorizedKeyEntry(line), + "No valid key entry recovered from line=%s", data); + entry.setKeyEntry(key); + return entry; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/KnownHostHashValue.java b/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/KnownHostHashValue.java new file mode 100644 index 0000000..bb7bd72 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/config/hosts/KnownHostHashValue.java @@ -0,0 +1,205 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.config.hosts; + +import java.io.IOException; +import java.nio.charset.StandardCharsets; +import java.util.Arrays; +import java.util.Base64; +import java.util.Objects; + +import org.apache.sshd.common.Factory; +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.RuntimeSshException; +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.mac.Mac; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.BufferUtils; + +/** + * @author Apache MINA SSHD Project + */ +public class KnownHostHashValue { + /** + * Character used to indicate a hashed host pattern + */ + public static final char HASHED_HOST_DELIMITER = '|'; + + public static final NamedFactory DEFAULT_DIGEST = KnownHostDigest.SHA1; + + private NamedFactory digester = DEFAULT_DIGEST; + private byte[] saltValue; + private byte[] digestValue; + + public KnownHostHashValue() { + super(); + } + + public NamedFactory getDigester() { + return digester; + } + + public void setDigester(NamedFactory digester) { + this.digester = digester; + } + + public byte[] getSaltValue() { + return saltValue; + } + + public void setSaltValue(byte[] saltValue) { + this.saltValue = saltValue; + } + + public byte[] getDigestValue() { + return digestValue; + } + + public void setDigestValue(byte[] digestValue) { + this.digestValue = digestValue; + } + + /** + * Checks if the host matches the hash + * + * @param host The host name/address - ignored if {@code null}/empty + * @param port The access port - ignored if non-positive or SSH default + * @return {@code true} if host matches the hash + * @throws RuntimeException If entry not properly initialized + */ + public boolean isHostMatch(String host, int port) { + if (GenericUtils.isEmpty(host)) { + return false; + } + + try { + byte[] expected = getDigestValue(); + byte[] actual = calculateHashValue(host, port, getDigester(), getSaltValue()); + return Arrays.equals(expected, actual); + } catch (Throwable t) { + if (t instanceof RuntimeException) { + throw (RuntimeException) t; + } + throw new RuntimeSshException( + "Failed (" + t.getClass().getSimpleName() + ")" + " to calculate hash value: " + t.getMessage(), t); + } + } + + @Override + public String toString() { + if ((getDigester() == null) || NumberUtils.isEmpty(getSaltValue()) || NumberUtils.isEmpty(getDigestValue())) { + return Objects.toString(getDigester(), null) + + "-" + BufferUtils.toHex(':', getSaltValue()) + + "-" + BufferUtils.toHex(':', getDigestValue()); + } + + try { + return append(new StringBuilder(Byte.MAX_VALUE), this).toString(); + } catch (IOException | RuntimeException e) { // unexpected + return e.getClass().getSimpleName() + ": " + e.getMessage(); + } + } + + // see http://nms.lcs.mit.edu/projects/ssh/README.hashed-hosts + public static byte[] calculateHashValue(String host, int port, Factory factory, byte[] salt) + throws Exception { + return calculateHashValue(host, port, factory.create(), salt); + } + + public static byte[] calculateHashValue(String host, int port, Mac mac, byte[] salt) throws Exception { + mac.init(salt); + + String hostPattern = createHostPattern(host, port); + byte[] hostBytes = hostPattern.getBytes(StandardCharsets.UTF_8); + mac.update(hostBytes); + return mac.doFinal(); + } + + public static String createHostPattern(String host, int port) { + if (SshConstants.TO_EFFECTIVE_PORT.applyAsInt(port) == SshConstants.DEFAULT_PORT) { + return host; + } + + try { + return appendHostPattern(new StringBuilder(host.length() + 8 /* port if necessary */), host, port).toString(); + } catch (IOException e) { + throw new RuntimeException( + "Unexpected (" + e.getClass().getSimpleName() + ") failure" + " to generate host pattern of " + host + ":" + + port + ": " + e.getMessage(), + e); + } + } + + public static A appendHostPattern(A sb, String host, int port) throws IOException { + boolean nonDefaultPort = SshConstants.TO_EFFECTIVE_PORT.applyAsInt(port) != SshConstants.DEFAULT_PORT; + if (nonDefaultPort) { + sb.append(HostPatternsHolder.NON_STANDARD_PORT_PATTERN_ENCLOSURE_START_DELIM); + } + sb.append(host); + if (nonDefaultPort) { + sb.append(HostPatternsHolder.NON_STANDARD_PORT_PATTERN_ENCLOSURE_END_DELIM); + sb.append(HostPatternsHolder.PORT_VALUE_DELIMITER); + sb.append(Integer.toString(port)); + } + return sb; + } + + public static A append(A sb, KnownHostHashValue hashValue) throws IOException { + return (hashValue == null) + ? sb : append(sb, hashValue.getDigester(), hashValue.getSaltValue(), hashValue.getDigestValue()); + } + + public static A append(A sb, NamedResource factory, byte[] salt, byte[] digest) throws IOException { + Base64.Encoder encoder = Base64.getEncoder(); + sb.append(HASHED_HOST_DELIMITER).append(factory.getName()); + sb.append(HASHED_HOST_DELIMITER).append(encoder.encodeToString(salt)); + sb.append(HASHED_HOST_DELIMITER).append(encoder.encodeToString(digest)); + return sb; + } + + public static KnownHostHashValue parse(String patternString) { + String pattern = GenericUtils.replaceWhitespaceAndTrim(patternString); + return parse(pattern, GenericUtils.isEmpty(pattern) ? null : new KnownHostHashValue()); + } + + public static V parse(String patternString, V value) { + String pattern = GenericUtils.replaceWhitespaceAndTrim(patternString); + if (GenericUtils.isEmpty(pattern)) { + return value; + } + + String[] components = GenericUtils.split(pattern, HASHED_HOST_DELIMITER); + ValidateUtils.checkTrue(components.length == 4 /* 1st one is empty */, "Invalid hash pattern (insufficient data): %s", + pattern); + ValidateUtils.checkTrue(GenericUtils.isEmpty(components[0]), "Invalid hash pattern (unexpected extra data): %s", + pattern); + + NamedFactory factory = ValidateUtils.checkNotNull(KnownHostDigest.fromName(components[1]), + "Invalid hash pattern (unknown digest): %s", pattern); + Base64.Decoder decoder = Base64.getDecoder(); + value.setDigester(factory); + value.setSaltValue(decoder.decode(components[2])); + value.setDigestValue(decoder.decode(components[3])); + return value; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/config/keys/BuiltinClientIdentitiesWatcher.java b/files-sftp/src/main/java/org/apache/sshd/client/config/keys/BuiltinClientIdentitiesWatcher.java new file mode 100644 index 0000000..07b73d1 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/config/keys/BuiltinClientIdentitiesWatcher.java @@ -0,0 +1,107 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.config.keys; + +import java.nio.file.Path; +import java.security.KeyPair; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Objects; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.config.keys.BuiltinIdentities; +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.config.keys.FilePasswordProviderHolder; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; + +/** + * @author Apache MINA SSHD Project + */ +public class BuiltinClientIdentitiesWatcher extends ClientIdentitiesWatcher { + private final boolean supportedOnly; + + public BuiltinClientIdentitiesWatcher(Path keysFolder, boolean supportedOnly, + ClientIdentityLoader loader, FilePasswordProvider provider, boolean strict) { + this(keysFolder, NamedResource.getNameList(BuiltinIdentities.VALUES), supportedOnly, loader, provider, strict); + } + + public BuiltinClientIdentitiesWatcher(Path keysFolder, Collection ids, boolean supportedOnly, + ClientIdentityLoader loader, FilePasswordProvider provider, boolean strict) { + this(keysFolder, ids, supportedOnly, + ClientIdentityLoaderHolder.loaderHolderOf(Objects.requireNonNull(loader, "No client identity loader")), + FilePasswordProviderHolder.providerHolderOf(Objects.requireNonNull(provider, "No password provider")), + strict); + } + + public BuiltinClientIdentitiesWatcher(Path keysFolder, boolean supportedOnly, + ClientIdentityLoaderHolder loader, FilePasswordProviderHolder provider, + boolean strict) { + this(keysFolder, NamedResource.getNameList(BuiltinIdentities.VALUES), supportedOnly, loader, provider, strict); + } + + public BuiltinClientIdentitiesWatcher(Path keysFolder, Collection ids, boolean supportedOnly, + ClientIdentityLoaderHolder loader, FilePasswordProviderHolder provider, + boolean strict) { + super(getBuiltinIdentitiesPaths(keysFolder, ids), loader, provider, strict); + this.supportedOnly = supportedOnly; + } + + public final boolean isSupportedOnly() { + return supportedOnly; + } + + @Override + public Iterable loadKeys(SessionContext session) { + return isSupportedOnly() + ? loadKeys(session, p -> isSupported(session, p)) + : super.loadKeys(session); + } + + protected boolean isSupported(SessionContext session, KeyPair kp) { + BuiltinIdentities id = BuiltinIdentities.fromKeyPair(kp); + if ((id != null) && id.isSupported()) { + return true; + } + return false; + } + + public static List getDefaultBuiltinIdentitiesPaths(Path keysFolder) { + return getBuiltinIdentitiesPaths(keysFolder, NamedResource.getNameList(BuiltinIdentities.VALUES)); + } + + public static List getBuiltinIdentitiesPaths(Path keysFolder, Collection ids) { + Objects.requireNonNull(keysFolder, "No keys folder"); + if (GenericUtils.isEmpty(ids)) { + return Collections.emptyList(); + } + + List paths = new ArrayList<>(ids.size()); + for (String id : ids) { + String fileName = ClientIdentity.getIdentityFileName(id); + paths.add(keysFolder.resolve(fileName)); + } + + return paths; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/config/keys/ClientIdentitiesWatcher.java b/files-sftp/src/main/java/org/apache/sshd/client/config/keys/ClientIdentitiesWatcher.java new file mode 100644 index 0000000..841004d --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/config/keys/ClientIdentitiesWatcher.java @@ -0,0 +1,110 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.config.keys; + +import java.nio.file.Path; +import java.security.KeyPair; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Objects; +import java.util.function.Predicate; + +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.config.keys.FilePasswordProviderHolder; +import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; + +/** + * Watches over a group of files that contains client identities + * + * @author Apache MINA SSHD Project + */ +public class ClientIdentitiesWatcher extends AbstractKeyPairProvider implements KeyPairProvider { + private final Collection providers; + + public ClientIdentitiesWatcher(Collection paths, + ClientIdentityLoader loader, FilePasswordProvider provider) { + this(paths, loader, provider, true); + } + + public ClientIdentitiesWatcher(Collection paths, + ClientIdentityLoader loader, FilePasswordProvider provider, boolean strict) { + this(paths, + ClientIdentityLoaderHolder.loaderHolderOf(Objects.requireNonNull(loader, "No client identity loader")), + FilePasswordProviderHolder.providerHolderOf(Objects.requireNonNull(provider, "No password provider")), + strict); + } + + public ClientIdentitiesWatcher(Collection paths, + ClientIdentityLoaderHolder loader, FilePasswordProviderHolder provider) { + this(paths, loader, provider, true); + } + + public ClientIdentitiesWatcher(Collection paths, + ClientIdentityLoaderHolder loader, FilePasswordProviderHolder provider, boolean strict) { + this(buildProviders(paths, loader, provider, strict)); + } + + public ClientIdentitiesWatcher(Collection providers) { + this.providers = providers; + } + + @Override + public Iterable loadKeys(SessionContext session) { + return loadKeys(session, null); + } + + protected Iterable loadKeys(SessionContext session, Predicate filter) { + return ClientIdentityProvider.lazyKeysLoader(providers, p -> doGetKeyPairs(session, p), filter); + } + + protected Iterable doGetKeyPairs(SessionContext session, ClientIdentityProvider p) { + try { + Iterable kp = p.getClientIdentities(session); + if (kp == null) { + } + + return kp; + } catch (Throwable e) { + return null; + } + } + + public static List buildProviders( + Collection paths, ClientIdentityLoader loader, FilePasswordProvider provider, boolean strict) { + return buildProviders(paths, + ClientIdentityLoaderHolder.loaderHolderOf(Objects.requireNonNull(loader, "No client identity loader")), + FilePasswordProviderHolder.providerHolderOf(Objects.requireNonNull(provider, "No password provider")), + strict); + } + + public static List buildProviders( + Collection paths, ClientIdentityLoaderHolder loader, + FilePasswordProviderHolder provider, boolean strict) { + if (GenericUtils.isEmpty(paths)) { + return Collections.emptyList(); + } + + return GenericUtils.map(paths, p -> new ClientIdentityFileWatcher(p, loader, provider, strict)); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/config/keys/ClientIdentity.java b/files-sftp/src/main/java/org/apache/sshd/client/config/keys/ClientIdentity.java new file mode 100644 index 0000000..d6ac30c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/config/keys/ClientIdentity.java @@ -0,0 +1,260 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.config.keys; + +import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.LinkOption; +import java.nio.file.Path; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.util.Collection; +import java.util.Collections; +import java.util.Map; +import java.util.TreeMap; +import java.util.function.Function; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.config.keys.BuiltinIdentities; +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.config.keys.IdentityUtils; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.config.keys.PublicKeyEntry; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.io.FileInfoExtractor; +import org.apache.sshd.common.util.io.IoUtils; + +/** + * Provides keys loading capability from the user's keys folder - e.g., {@code id_rsa} + * + * @author Apache MINA SSHD Project + * @see org.apache.sshd.common.util.security.SecurityUtils#getKeyPairResourceParser() + */ +public final class ClientIdentity { + + public static final String ID_FILE_PREFIX = "id_"; + + public static final String ID_FILE_SUFFIX = ""; + + public static final Function ID_GENERATOR = ClientIdentity::getIdentityFileName; + + private ClientIdentity() { + throw new UnsupportedOperationException("No instance"); + } + + /** + * @param name The file name - ignored if {@code null}/empty + * @return The identity type - {@code null} if cannot determine it - e.g., does not start with the + * {@link #ID_FILE_PREFIX} + */ + public static String getIdentityType(String name) { + if (GenericUtils.isEmpty(name) + || (name.length() <= ID_FILE_PREFIX.length()) + || (!name.startsWith(ID_FILE_PREFIX))) { + return null; + } else { + return name.substring(ID_FILE_PREFIX.length()); + } + } + + public static String getIdentityFileName(NamedResource r) { + return getIdentityFileName((r == null) ? null : r.getName()); + } + + /** + * @param type The identity type - e.g., {@code rsa} - ignored if {@code null}/empty + * @return The matching file name for the identity - {@code null} if no name + * @see #ID_FILE_PREFIX + * @see #ID_FILE_SUFFIX + * @see IdentityUtils#getIdentityFileName(String, String, String) + */ + public static String getIdentityFileName(String type) { + return IdentityUtils.getIdentityFileName(ID_FILE_PREFIX, type, ID_FILE_SUFFIX); + } + + /** + * @param strict If {@code true} then files that do not have the required access rights are + * excluded from consideration + * @param supportedOnly If {@code true} then ignore identities that are not supported internally + * @param provider A {@link FilePasswordProvider} - may be {@code null} if the loaded keys are + * guaranteed not to be encrypted. The argument to + * {@code FilePasswordProvider#getPassword} is the path of the file whose key is to + * be loaded + * @param options The {@link LinkOption}s to apply when checking for existence + * @return A {@link KeyPair} for the identities - {@code null} if no identities available + * (e.g., after filtering unsupported ones or strict permissions) + * @throws IOException If failed to access the file system + * @throws GeneralSecurityException If failed to load the keys + * @see PublicKeyEntry#getDefaultKeysFolderPath() + * @see #loadDefaultIdentities(Path, boolean, FilePasswordProvider, LinkOption...) + */ + public static KeyPairProvider loadDefaultKeyPairProvider( + boolean strict, boolean supportedOnly, FilePasswordProvider provider, LinkOption... options) + throws IOException, GeneralSecurityException { + return loadDefaultKeyPairProvider(PublicKeyEntry.getDefaultKeysFolderPath(), strict, supportedOnly, provider, options); + } + + /** + * @param dir The folder to scan for the built-in identities + * @param strict If {@code true} then files that do not have the required access rights are + * excluded from consideration + * @param supportedOnly If {@code true} then ignore identities that are not supported internally + * @param provider A {@link FilePasswordProvider} - may be {@code null} if the loaded keys are + * guaranteed not to be encrypted. The argument to + * {@code FilePasswordProvider#getPassword} is the path of the file whose key is to + * be loaded + * @param options The {@link LinkOption}s to apply when checking for existence + * @return A {@link KeyPair} for the identities - {@code null} if no identities available + * (e.g., after filtering unsupported ones or strict permissions) + * @throws IOException If failed to access the file system + * @throws GeneralSecurityException If failed to load the keys + * @see #loadDefaultIdentities(Path, boolean, FilePasswordProvider, LinkOption...) + * @see IdentityUtils#createKeyPairProvider(Map, boolean) + */ + public static KeyPairProvider loadDefaultKeyPairProvider( + Path dir, boolean strict, boolean supportedOnly, FilePasswordProvider provider, LinkOption... options) + throws IOException, GeneralSecurityException { + Map ids = loadDefaultIdentities(dir, strict, provider, options); + return IdentityUtils.createKeyPairProvider(ids, supportedOnly); + } + + /** + * @param strict If {@code true} then files that do not have the required access rights are + * excluded from consideration + * @param provider A {@link FilePasswordProvider} - may be {@code null} if the loaded keys are + * guaranteed not to be encrypted. The argument to + * {@code FilePasswordProvider#getPassword} is the path of the file whose key is to + * be loaded + * @param options The {@link LinkOption}s to apply when checking for existence + * @return A {@link Map} of the found files where key=identity type (case + * insensitive), value=the {@link KeyPair} of the identity + * @throws IOException If failed to access the file system + * @throws GeneralSecurityException If failed to load the keys + * @see PublicKeyEntry#getDefaultKeysFolderPath() + * @see #loadDefaultIdentities(Path, boolean, FilePasswordProvider, LinkOption...) + */ + public static Map loadDefaultIdentities( + boolean strict, FilePasswordProvider provider, LinkOption... options) + throws IOException, GeneralSecurityException { + return loadDefaultIdentities(PublicKeyEntry.getDefaultKeysFolderPath(), strict, provider, options); + } + + /** + * @param dir The folder to scan for the built-in identities + * @param strict If {@code true} then files that do not have the required access rights are + * excluded from consideration + * @param provider A {@link FilePasswordProvider} - may be {@code null} if the loaded keys are + * guaranteed not to be encrypted. The argument to + * {@code FilePasswordProvider#getPassword} is the path of the file whose key is to + * be loaded + * @param options The {@link LinkOption}s to apply when checking for existence + * @return A {@link Map} of the found files where key=identity type (case + * insensitive), value=the {@link KeyPair} of the identity + * @throws IOException If failed to access the file system + * @throws GeneralSecurityException If failed to load the keys + * @see BuiltinIdentities + */ + public static Map loadDefaultIdentities( + Path dir, boolean strict, FilePasswordProvider provider, LinkOption... options) + throws IOException, GeneralSecurityException { + return loadIdentities(null, dir, strict, BuiltinIdentities.NAMES, ID_GENERATOR, provider, options); + } + + /** + * Scans a folder and loads all available identity files + * + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} + * if not invoked within a session context (e.g., offline tool or session unknown). + * @param dir The {@link Path} of the folder to scan - ignored if not exists + * @param strict If {@code true} then files that do not have the required access rights are + * excluded from consideration + * @param types The identity types - ignored if {@code null}/empty + * @param idGenerator A {@link Function} to derive the file name holding the specified type + * @param provider A {@link FilePasswordProvider} - may be {@code null} if the loaded keys are + * guaranteed not to be encrypted. The argument to + * {@code FilePasswordProvider#getPassword} is the path of the file whose key is to + * be loaded + * @param options The {@link LinkOption}s to apply when checking for existence + * @return A {@link Map} of the found files where key=identity type (case + * insensitive), value=the {@link KeyPair} of the identity + * @throws IOException If failed to access the file system + * @throws GeneralSecurityException If failed to load the keys + */ + public static Map loadIdentities( + SessionContext session, Path dir, boolean strict, + Collection types, Function idGenerator, + FilePasswordProvider provider, LinkOption... options) + throws IOException, GeneralSecurityException { + Map paths = scanIdentitiesFolder(dir, strict, types, idGenerator, options); + return IdentityUtils.loadIdentities(session, paths, provider, IoUtils.EMPTY_OPEN_OPTIONS); + } + + /** + * Scans a folder for possible identity files + * + * @param dir The {@link Path} of the folder to scan - ignored if not exists + * @param strict If {@code true} then files that do not have the required access rights are excluded from + * consideration + * @param types The identity types - ignored if {@code null}/empty + * @param idGenerator A {@link Function} to derive the file name holding the specified type + * @param options The {@link LinkOption}s to apply when checking for existence + * @return A {@link Map} of the found files where key=identity type (case insensitive), value=the + * {@link Path} of the file holding the key + * @throws IOException If failed to access the file system + * @see KeyUtils#validateStrictKeyFilePermissions(Path, LinkOption...) + */ + public static Map scanIdentitiesFolder( + Path dir, boolean strict, Collection types, Function idGenerator, + LinkOption... options) + throws IOException { + if (GenericUtils.isEmpty(types)) { + return Collections.emptyMap(); + } + + if (!Files.exists(dir, options)) { + return Collections.emptyMap(); + } + + ValidateUtils.checkTrue(FileInfoExtractor.ISDIR.infoOf(dir, options), "Not a directory: %s", dir); + + Map paths = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + for (String t : types) { + String fileName = idGenerator.apply(t); + Path p = dir.resolve(fileName); + if (!Files.exists(p, options)) { + continue; + } + + if (strict) { + if (KeyUtils.validateStrictKeyFilePermissions(p, options) != null) { + continue; + } + } + + Path prev = paths.put(t, p); + ValidateUtils.checkTrue(prev == null, "Multiple mappings for type=%s", t); + } + + return paths; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/config/keys/ClientIdentityFileWatcher.java b/files-sftp/src/main/java/org/apache/sshd/client/config/keys/ClientIdentityFileWatcher.java new file mode 100644 index 0000000..99c4142 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/config/keys/ClientIdentityFileWatcher.java @@ -0,0 +1,130 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.config.keys; + +import java.io.IOException; +import java.nio.file.Path; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.security.PublicKey; +import java.util.Map; +import java.util.Objects; +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.config.keys.FilePasswordProviderHolder; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.io.IoUtils; +import org.apache.sshd.common.util.io.ModifiableFileWatcher; +import org.apache.sshd.common.util.io.resource.PathResource; + +/** + * A {@link ClientIdentityProvider} that watches a given key file re-loading its contents if it is ever modified, + * deleted or (re-)created + * + * @author Apache MINA SSHD Project + */ +public class ClientIdentityFileWatcher + extends ModifiableFileWatcher + implements ClientIdentityProvider, ClientIdentityLoaderHolder, FilePasswordProviderHolder { + private final AtomicReference> identitiesHolder = new AtomicReference<>(null); + private final ClientIdentityLoaderHolder loaderHolder; + private final FilePasswordProviderHolder providerHolder; + private final boolean strict; + + public ClientIdentityFileWatcher(Path path, ClientIdentityLoader loader, FilePasswordProvider provider) { + this(path, loader, provider, true); + } + + public ClientIdentityFileWatcher(Path path, ClientIdentityLoader loader, FilePasswordProvider provider, boolean strict) { + this(path, + ClientIdentityLoaderHolder.loaderHolderOf(Objects.requireNonNull(loader, "No client identity loader")), + FilePasswordProviderHolder.providerHolderOf(Objects.requireNonNull(provider, "No password provider")), + strict); + } + + public ClientIdentityFileWatcher( + Path path, ClientIdentityLoaderHolder loader, FilePasswordProviderHolder provider) { + this(path, loader, provider, true); + } + + public ClientIdentityFileWatcher( + Path path, ClientIdentityLoaderHolder loader, FilePasswordProviderHolder provider, + boolean strict) { + super(path); + this.loaderHolder = Objects.requireNonNull(loader, "No client identity loader"); + this.providerHolder = Objects.requireNonNull(provider, "No password provider"); + this.strict = strict; + } + + public boolean isStrict() { + return strict; + } + + @Override + public ClientIdentityLoader getClientIdentityLoader() { + return loaderHolder.getClientIdentityLoader(); + } + + @Override + public FilePasswordProvider getFilePasswordProvider() { + return providerHolder.getFilePasswordProvider(); + } + + @Override + public Iterable getClientIdentities(SessionContext session) + throws IOException, GeneralSecurityException { + if (!checkReloadRequired()) { + return identitiesHolder.get(); + } + + Iterable kp = identitiesHolder.getAndSet(null); // start fresh + Path path = getPath(); + if (!exists()) { + return identitiesHolder.get(); + } + + kp = reloadClientIdentities(session, path); + updateReloadAttributes(); + identitiesHolder.set(kp); + return kp; + } + + protected Iterable reloadClientIdentities(SessionContext session, Path path) + throws IOException, GeneralSecurityException { + if (isStrict()) { + Map.Entry violation = KeyUtils.validateStrictKeyFilePermissions(path, IoUtils.EMPTY_LINK_OPTIONS); + if (violation != null) { + return null; + } + } + + PathResource location = new PathResource(path); + ClientIdentityLoader idLoader = Objects.requireNonNull(getClientIdentityLoader(), "No client identity loader"); + if (idLoader.isValidLocation(location)) { + Iterable ids = idLoader.loadClientIdentities(session, location, getFilePasswordProvider()); + + return ids; + } + + return null; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/config/keys/ClientIdentityLoader.java b/files-sftp/src/main/java/org/apache/sshd/client/config/keys/ClientIdentityLoader.java new file mode 100644 index 0000000..9dc2189 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/config/keys/ClientIdentityLoader.java @@ -0,0 +1,132 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.config.keys; + +import java.io.IOException; +import java.io.InputStream; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.util.Collection; +import java.util.Objects; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.keyprovider.KeyIdentityProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.io.IoUtils; +import org.apache.sshd.common.util.io.resource.PathResource; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * @author Apache MINA SSHD Project + */ +public interface ClientIdentityLoader { + /** + *

    + * A default implementation that assumes a file location that must exist. + *

    + * + *

    + * Note: It calls + * {@link SecurityUtils#loadKeyPairIdentities(SessionContext, NamedResource, InputStream, FilePasswordProvider)} + *

    + */ + ClientIdentityLoader DEFAULT = new ClientIdentityLoader() { + @Override + public boolean isValidLocation(NamedResource location) throws IOException { + Path path = toPath(location); + return Files.exists(path, IoUtils.EMPTY_LINK_OPTIONS); + } + + @Override + public Iterable loadClientIdentities( + SessionContext session, NamedResource location, FilePasswordProvider provider) + throws IOException, GeneralSecurityException { + Path path = toPath(location); + PathResource resource = new PathResource(path); + try (InputStream inputStream = resource.openInputStream()) { + return SecurityUtils.loadKeyPairIdentities(session, resource, inputStream, provider); + } + } + + @Override + public String toString() { + return "DEFAULT"; + } + + private Path toPath(NamedResource location) { + Objects.requireNonNull(location, "No location provided"); + + Path path = Paths + .get(ValidateUtils.checkNotNullAndNotEmpty(location.getName(), "No location value for %s", location)); + path = path.toAbsolutePath(); + path = path.normalize(); + return path; + } + }; + + /** + * @param location The identity key-pair location - the actual meaning (file, URL, etc.) depends on the + * implementation. + * @return {@code true} if it represents a valid location - the actual meaning of the validity depends + * on the implementation + * @throws IOException If failed to validate the location + */ + boolean isValidLocation(NamedResource location) throws IOException; + + /** + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} + * if not invoked within a session context (e.g., offline tool). + * @param location The identity key-pair location - the actual meaning (file, URL, etc.) depends on + * the implementation. + * @param provider The {@link FilePasswordProvider} to consult if the location contains an + * encrypted identity + * @return The loaded {@link KeyPair} - {@code null} if location is empty and it is OK that + * it does not exist + * @throws IOException If failed to access / process the remote location + * @throws GeneralSecurityException If failed to convert the contents into a valid identity + */ + Iterable loadClientIdentities( + SessionContext session, NamedResource location, FilePasswordProvider provider) + throws IOException, GeneralSecurityException; + + /** + * Uses the provided {@link ClientIdentityLoader} to lazy load the keys locations + * + * @param loader The loader instance to use + * @param locations The locations to load - ignored if {@code null}/empty + * @param passwordProvider The {@link FilePasswordProvider} to use if any encrypted keys found + * @param ignoreNonExisting Whether to ignore non existing locations as indicated by + * {@link #isValidLocation(NamedResource)} + * @return The {@link KeyIdentityProvider} wrapper + */ + static KeyIdentityProvider asKeyIdentityProvider( + ClientIdentityLoader loader, Collection locations, + FilePasswordProvider passwordProvider, boolean ignoreNonExisting) { + return GenericUtils.isEmpty(locations) + ? KeyIdentityProvider.EMPTY_KEYS_PROVIDER + : new LazyClientKeyIdentityProvider(loader, locations, passwordProvider, ignoreNonExisting); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/config/keys/ClientIdentityLoaderHolder.java b/files-sftp/src/main/java/org/apache/sshd/client/config/keys/ClientIdentityLoaderHolder.java new file mode 100644 index 0000000..d2c4785 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/config/keys/ClientIdentityLoaderHolder.java @@ -0,0 +1,35 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.config.keys; + +/** + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface ClientIdentityLoaderHolder { + /** + * @return The {@link ClientIdentityLoader} to use in order to load client key pair identities - never {@code null} + */ + ClientIdentityLoader getClientIdentityLoader(); + + static ClientIdentityLoaderHolder loaderHolderOf(ClientIdentityLoader loader) { + return () -> loader; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/config/keys/ClientIdentityLoaderManager.java b/files-sftp/src/main/java/org/apache/sshd/client/config/keys/ClientIdentityLoaderManager.java new file mode 100644 index 0000000..9aa2e55 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/config/keys/ClientIdentityLoaderManager.java @@ -0,0 +1,29 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.config.keys; + +/** + * TODO Add javadoc + * + * @author Apache MINA SSHD Project + */ +public interface ClientIdentityLoaderManager extends ClientIdentityLoaderHolder { + void setClientIdentityLoader(ClientIdentityLoader loader); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/config/keys/ClientIdentityProvider.java b/files-sftp/src/main/java/org/apache/sshd/client/config/keys/ClientIdentityProvider.java new file mode 100644 index 0000000..1a8fe61 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/config/keys/ClientIdentityProvider.java @@ -0,0 +1,124 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.config.keys; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.util.Collections; +import java.util.Iterator; +import java.util.Objects; +import java.util.function.Function; +import java.util.function.Predicate; + +import org.apache.sshd.common.session.SessionContext; + +/** + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface ClientIdentityProvider { + /** + * Provides a {@link KeyPair} representing the client identity + * + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} + * if not invoked within a session context (e.g., offline tool). + * @return The client identities - may be {@code null}/empty if no currently available + * identity from this provider. Note: the provider may return a + * different value every time this method is called - e.g., if it is + * (re-)loading contents from a file. + * @throws IOException If failed to load the identity + * @throws GeneralSecurityException If failed to parse the identity + */ + Iterable getClientIdentities(SessionContext session) + throws IOException, GeneralSecurityException; + + /** + * Wraps a {@link KeyPair} into a {@link ClientIdentityProvider} that simply returns this value as it + * {@link #getClientIdentities(SessionContext)}. + * + * @param kp The {@link KeyPair} instance (including {@code null}) + * @return The wrapping provider + */ + static ClientIdentityProvider of(KeyPair kp) { + return session -> Collections.singletonList(kp); + } + + /** + * Wraps several {@link ClientIdentityProvider} into a {@link KeyPair} {@link Iterable} that invokes each provider + * "lazily" - i.e., only when {@link Iterator#hasNext()} is invoked. This prevents password protected + * private keys to be decrypted until they are actually needed. + * + * @param providers The providers - ignored if {@code null} + * @param kpExtractor The (never {@code null}) extractor of the {@link KeyPair} from the + * {@link ClientIdentityProvider} argument. If returned pair is {@code null} then next provider + * is queried. + * @param filter Any further filter to apply on (non-{@code null}) key pairs before returning it as the + * {@link Iterator#next()} result. + * @return The wrapper {@link Iterable}. Note: a new {@link Iterator} instance is returned + * on each {@link Iterable#iterator()} call - i.e., any encrypted private key may require the + * user to re-enter the relevant password. If the default {@code ClientIdentityFileWatcher} is + * used, this is not a problem since it caches the decoded result (unless the file has changed). + */ + static Iterable lazyKeysLoader( + Iterable providers, + Function> kpExtractor, + Predicate filter) { + Objects.requireNonNull(kpExtractor, "No key pair extractor provided"); + if (providers == null) { + return Collections.emptyList(); + } + + return new Iterable() { + @Override + public Iterator iterator() { + return lazyKeysIterator(providers.iterator(), kpExtractor, filter); + } + + @Override + public String toString() { + return ClientIdentityProvider.class.getSimpleName() + "[lazy-iterable]"; + } + }; + } + + /** + * Wraps several {@link ClientIdentityProvider} into a {@link KeyPair} {@link Iterator} that invokes each provider + * "lazily" - i.e., only when {@link Iterator#hasNext()} is invoked. This prevents password protected + * private keys to be decrypted until they are actually needed. + * + * @param providers The providers - ignored if {@code null} + * @param kpExtractor The (never {@code null}) extractor of the {@link KeyPair} from the + * {@link ClientIdentityProvider} argument. If returned pair is {@code null} then next provider + * is queried. + * @param filter Any further filter to apply on (non-{@code null}) key pairs before returning it as the + * {@link Iterator#next()} result. + * @return The wrapper {@link Iterator} + */ + static Iterator lazyKeysIterator( + Iterator providers, + Function> kpExtractor, + Predicate filter) { + Objects.requireNonNull(kpExtractor, "No key pair extractor provided"); + return (providers == null) + ? Collections.emptyIterator() + : new LazyClientIdentityIterator(providers, kpExtractor, filter); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/config/keys/DefaultClientIdentitiesWatcher.java b/files-sftp/src/main/java/org/apache/sshd/client/config/keys/DefaultClientIdentitiesWatcher.java new file mode 100644 index 0000000..67430ed --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/config/keys/DefaultClientIdentitiesWatcher.java @@ -0,0 +1,69 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.config.keys; + +import java.nio.file.Path; +import java.util.List; +import java.util.Objects; + +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.config.keys.FilePasswordProviderHolder; +import org.apache.sshd.common.config.keys.PublicKeyEntry; + +/** + * @author Apache MINA SSHD Project + */ +public class DefaultClientIdentitiesWatcher extends BuiltinClientIdentitiesWatcher { + public DefaultClientIdentitiesWatcher(ClientIdentityLoader loader, FilePasswordProvider provider) { + this(loader, provider, true); + } + + public DefaultClientIdentitiesWatcher(ClientIdentityLoader loader, FilePasswordProvider provider, boolean strict) { + this(true, loader, provider, strict); + } + + public DefaultClientIdentitiesWatcher( + boolean supportedOnly, ClientIdentityLoader loader, FilePasswordProvider provider, + boolean strict) { + this(supportedOnly, + ClientIdentityLoaderHolder.loaderHolderOf(Objects.requireNonNull(loader, "No client identity loader")), + FilePasswordProviderHolder.providerHolderOf(Objects.requireNonNull(provider, "No password provider")), + strict); + } + + public DefaultClientIdentitiesWatcher(ClientIdentityLoaderHolder loader, FilePasswordProviderHolder provider) { + this(loader, provider, true); + } + + public DefaultClientIdentitiesWatcher(ClientIdentityLoaderHolder loader, FilePasswordProviderHolder provider, + boolean strict) { + this(true, loader, provider, strict); + } + + public DefaultClientIdentitiesWatcher(boolean supportedOnly, + ClientIdentityLoaderHolder loader, FilePasswordProviderHolder provider, + boolean strict) { + super(PublicKeyEntry.getDefaultKeysFolderPath(), supportedOnly, loader, provider, strict); + } + + public static List getDefaultBuiltinIdentitiesPaths() { + return getDefaultBuiltinIdentitiesPaths(PublicKeyEntry.getDefaultKeysFolderPath()); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/config/keys/LazyClientIdentityIterator.java b/files-sftp/src/main/java/org/apache/sshd/client/config/keys/LazyClientIdentityIterator.java new file mode 100644 index 0000000..aaa19e2 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/config/keys/LazyClientIdentityIterator.java @@ -0,0 +1,138 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.config.keys; + +import java.security.KeyPair; +import java.util.Iterator; +import java.util.NoSuchElementException; +import java.util.Objects; +import java.util.function.Function; +import java.util.function.Predicate; + +import org.apache.sshd.common.keyprovider.KeyIdentityProvider; + +/** + * Wraps several {@link ClientIdentityProvider} into a {@link KeyPair} {@link Iterator} that invokes each provider + * "lazily" - i.e., only when {@link Iterator#hasNext()} is invoked. This prevents password protected private + * keys to be decrypted until they are actually needed. + * + * @author Apache MINA SSHD Project + */ +public class LazyClientIdentityIterator implements Iterator { + protected boolean finished; + protected Iterator currentIdentities; + protected KeyPair currentPair; + + private final Iterator providers; + private final Function> kpExtractor; + private final Predicate filter; + + /** + * @param providers The providers - ignored if {@code null} + * @param kpExtractor The (never {@code null}) extractor of the {@link KeyPair} from the + * {@link ClientIdentityProvider} argument. If returned pair is {@code null} then next provider + * is queried. + * @param filter Any further filter to apply on (non-{@code null}) key pairs before returning it as the + * {@link Iterator#next()} result. + */ + public LazyClientIdentityIterator( + Iterator providers, + Function> kpExtractor, + Predicate filter) { + this.providers = providers; + this.kpExtractor = Objects.requireNonNull(kpExtractor, "No key pair extractor provided"); + this.filter = filter; + } + + public Iterator getProviders() { + return providers; + } + + public Function> getIdentitiesExtractor() { + return kpExtractor; + } + + public Predicate getFilter() { + return filter; + } + + @Override + public boolean hasNext() { + if (finished) { + return false; + } + + Iterator provs = getProviders(); + if (provs == null) { + finished = true; + return false; + } + + currentPair = KeyIdentityProvider.exhaustCurrentIdentities(currentIdentities); + if (currentPair != null) { + return true; + } + + Function> x = getIdentitiesExtractor(); + Predicate f = getFilter(); + while (provs.hasNext()) { + ClientIdentityProvider p = provs.next(); + if (p == null) { + continue; + } + + Iterable ids = x.apply(p); + currentIdentities = (ids == null) ? null : ids.iterator(); + currentPair = KeyIdentityProvider.exhaustCurrentIdentities(currentIdentities); + if (currentPair == null) { + continue; + } + + if ((f != null) && (!f.test(currentPair))) { + continue; + } + + return true; + } + + finished = true; + return false; + } + + @Override + public KeyPair next() { + if (finished) { + throw new NoSuchElementException("All identities have been exhausted"); + } + + if (currentPair == null) { + throw new IllegalStateException("'next()' called without asking 'hasNext()'"); + } + + KeyPair kp = currentPair; + currentPair = null; + return kp; + } + + @Override + public String toString() { + return ClientIdentityProvider.class.getSimpleName() + "[lazy-iterator]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/config/keys/LazyClientKeyIdentityProvider.java b/files-sftp/src/main/java/org/apache/sshd/client/config/keys/LazyClientKeyIdentityProvider.java new file mode 100644 index 0000000..4d8fc5a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/config/keys/LazyClientKeyIdentityProvider.java @@ -0,0 +1,170 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.config.keys; + +import java.io.FileNotFoundException; +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.util.Collection; +import java.util.Collections; +import java.util.Iterator; +import java.util.NoSuchElementException; +import java.util.Objects; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.config.keys.FilePasswordProviderHolder; +import org.apache.sshd.common.keyprovider.KeyIdentityProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; + +/** + * TODO Add javadoc + * + * @author Apache MINA SSHD Project + */ +public class LazyClientKeyIdentityProvider + implements KeyIdentityProvider, ClientIdentityLoaderHolder, FilePasswordProviderHolder { + private final ClientIdentityLoader clientIdentityLoader; + private final Collection locations; + private final FilePasswordProvider passwordProvider; + private final boolean ignoreNonExisting; + + public LazyClientKeyIdentityProvider( + ClientIdentityLoader loader, Collection locations, + FilePasswordProvider passwordProvider, boolean ignoreNonExisting) { + this.clientIdentityLoader = Objects.requireNonNull(loader, "No client identity loader provided"); + this.locations = locations; + this.passwordProvider = passwordProvider; + this.ignoreNonExisting = ignoreNonExisting; + } + + @Override + public ClientIdentityLoader getClientIdentityLoader() { + return clientIdentityLoader; + } + + public Collection getLocations() { + return locations; + } + + @Override + public FilePasswordProvider getFilePasswordProvider() { + return passwordProvider; + } + + public boolean isIgnoreNonExisting() { + return ignoreNonExisting; + } + + @Override + @SuppressWarnings("checkstyle:anoninnerlength") + public Iterable loadKeys(SessionContext session) + throws IOException, GeneralSecurityException { + Collection locs = getLocations(); + if (GenericUtils.isEmpty(locs)) { + return Collections.emptyList(); + } + + return () -> new Iterator() { + private final Iterator iter = locs.iterator(); + private Iterator currentIdentities; + private KeyPair currentPair; + private boolean finished; + + @Override + public boolean hasNext() { + if (finished) { + return false; + } + + currentPair = KeyIdentityProvider.exhaustCurrentIdentities(currentIdentities); + if (currentPair != null) { + return true; + } + + while (iter.hasNext()) { + NamedResource l = iter.next(); + Iterable ids; + try { + ids = loadClientIdentities(session, l); + } catch (IOException | GeneralSecurityException e) { + throw new RuntimeException( + "Failed (" + e.getClass().getSimpleName() + ")" + + " to load key from " + l.getName() + ": " + e.getMessage(), + e); + } + + currentIdentities = (ids == null) ? null : ids.iterator(); + currentPair = KeyIdentityProvider.exhaustCurrentIdentities(currentIdentities); + if (currentPair != null) { + return true; + } + } + + finished = true; + return false; + } + + @Override + public KeyPair next() { + if (finished) { + throw new NoSuchElementException("All identities have been exhausted"); + } + if (currentPair == null) { + throw new IllegalStateException("'next()' called without asking 'hasNext()'"); + } + + KeyPair kp = currentPair; + currentPair = null; + return kp; + } + + @Override + public String toString() { + return Iterator.class.getSimpleName() + "[" + LazyClientKeyIdentityProvider.class.getSimpleName() + "]"; + } + }; + } + + protected Iterable loadClientIdentities(SessionContext session, NamedResource location) + throws IOException, GeneralSecurityException { + ClientIdentityLoader loader = getClientIdentityLoader(); + boolean ignoreInvalid = isIgnoreNonExisting(); + try { + if (!loader.isValidLocation(location)) { + if (ignoreInvalid) { + return null; + } + + throw new FileNotFoundException("Invalid identity location: " + location.getName()); + } + } catch (IOException e) { + if (ignoreInvalid) { + return null; + } + + throw e; + } + + return loader.loadClientIdentities(session, location, getFilePasswordProvider()); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/BuiltinSftpClientExtensions.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/BuiltinSftpClientExtensions.java new file mode 100644 index 0000000..c422ba9 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/BuiltinSftpClientExtensions.java @@ -0,0 +1,182 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions; + +import java.util.Collections; +import java.util.EnumSet; +import java.util.Map; +import java.util.Set; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.client.RawSftpClient; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.extensions.helpers.CheckFileHandleExtensionImpl; +import org.apache.sshd.client.extensions.helpers.CheckFileNameExtensionImpl; +import org.apache.sshd.client.extensions.helpers.CopyDataExtensionImpl; +import org.apache.sshd.client.extensions.helpers.CopyFileExtensionImpl; +import org.apache.sshd.client.extensions.helpers.MD5FileExtensionImpl; +import org.apache.sshd.client.extensions.helpers.MD5HandleExtensionImpl; +import org.apache.sshd.client.extensions.helpers.SpaceAvailableExtensionImpl; +import org.apache.sshd.client.extensions.openssh.OpenSSHFsyncExtension; +import org.apache.sshd.client.extensions.openssh.OpenSSHPosixRenameExtension; +import org.apache.sshd.client.extensions.openssh.OpenSSHStatHandleExtension; +import org.apache.sshd.client.extensions.openssh.OpenSSHStatPathExtension; +import org.apache.sshd.client.extensions.openssh.helpers.OpenSSHFsyncExtensionImpl; +import org.apache.sshd.client.extensions.openssh.helpers.OpenSSHPosixRenameExtensionImpl; +import org.apache.sshd.client.extensions.openssh.helpers.OpenSSHStatHandleExtensionImpl; +import org.apache.sshd.client.extensions.openssh.helpers.OpenSSHStatPathExtensionImpl; +import org.apache.sshd.common.SftpConstants; +import org.apache.sshd.common.extensions.ParserUtils; +import org.apache.sshd.common.extensions.openssh.FstatVfsExtensionParser; +import org.apache.sshd.common.extensions.openssh.FsyncExtensionParser; +import org.apache.sshd.common.extensions.openssh.PosixRenameExtensionParser; +import org.apache.sshd.common.extensions.openssh.StatVfsExtensionParser; + +/** + * @author Apache MINA SSHD Project + */ +public enum BuiltinSftpClientExtensions implements SftpClientExtensionFactory { + COPY_FILE(SftpConstants.EXT_COPY_FILE, CopyFileExtension.class) { + @Override // co-variant return + public CopyFileExtension create( + SftpClient client, RawSftpClient raw, Map extensions, Map parsed) { + return new CopyFileExtensionImpl(client, raw, ParserUtils.supportedExtensions(parsed)); + } + }, + COPY_DATA(SftpConstants.EXT_COPY_DATA, CopyDataExtension.class) { + @Override // co-variant return + public CopyDataExtension create( + SftpClient client, RawSftpClient raw, Map extensions, Map parsed) { + return new CopyDataExtensionImpl(client, raw, ParserUtils.supportedExtensions(parsed)); + } + }, + MD5_FILE(SftpConstants.EXT_MD5_HASH, MD5FileExtension.class) { + @Override // co-variant return + public MD5FileExtension create( + SftpClient client, RawSftpClient raw, Map extensions, Map parsed) { + return new MD5FileExtensionImpl(client, raw, ParserUtils.supportedExtensions(parsed)); + } + }, + MD5_HANDLE(SftpConstants.EXT_MD5_HASH_HANDLE, MD5HandleExtension.class) { + @Override // co-variant return + public MD5HandleExtension create( + SftpClient client, RawSftpClient raw, Map extensions, Map parsed) { + return new MD5HandleExtensionImpl(client, raw, ParserUtils.supportedExtensions(parsed)); + } + }, + CHECK_FILE_NAME(SftpConstants.EXT_CHECK_FILE_NAME, CheckFileNameExtension.class) { + @Override // co-variant return + public CheckFileNameExtension create( + SftpClient client, RawSftpClient raw, Map extensions, Map parsed) { + return new CheckFileNameExtensionImpl(client, raw, ParserUtils.supportedExtensions(parsed)); + } + }, + CHECK_FILE_HANDLE(SftpConstants.EXT_CHECK_FILE_HANDLE, CheckFileHandleExtension.class) { + @Override // co-variant return + public CheckFileHandleExtension create( + SftpClient client, RawSftpClient raw, Map extensions, Map parsed) { + return new CheckFileHandleExtensionImpl(client, raw, ParserUtils.supportedExtensions(parsed)); + } + }, + SPACE_AVAILABLE(SftpConstants.EXT_SPACE_AVAILABLE, SpaceAvailableExtension.class) { + @Override // co-variant return + public SpaceAvailableExtension create( + SftpClient client, RawSftpClient raw, Map extensions, Map parsed) { + return new SpaceAvailableExtensionImpl(client, raw, ParserUtils.supportedExtensions(parsed)); + } + }, + OPENSSH_FSYNC(FsyncExtensionParser.NAME, OpenSSHFsyncExtension.class) { + @Override // co-variant return + public OpenSSHFsyncExtension create( + SftpClient client, RawSftpClient raw, Map extensions, Map parsed) { + return new OpenSSHFsyncExtensionImpl(client, raw, extensions); + } + }, + OPENSSH_STAT_HANDLE(FstatVfsExtensionParser.NAME, OpenSSHStatHandleExtension.class) { + @Override // co-variant return + public OpenSSHStatHandleExtension create( + SftpClient client, RawSftpClient raw, Map extensions, Map parsed) { + return new OpenSSHStatHandleExtensionImpl(client, raw, extensions); + } + }, + OPENSSH_STAT_PATH(StatVfsExtensionParser.NAME, OpenSSHStatPathExtension.class) { + @Override // co-variant return + public OpenSSHStatPathExtension create( + SftpClient client, RawSftpClient raw, Map extensions, Map parsed) { + return new OpenSSHStatPathExtensionImpl(client, raw, extensions); + } + }, + OPENSSH_POSIX_RENAME(PosixRenameExtensionParser.NAME, OpenSSHPosixRenameExtension.class) { + @Override // co-variant return + public OpenSSHPosixRenameExtension create( + SftpClient client, RawSftpClient raw, Map extensions, Map parsed) { + return new OpenSSHPosixRenameExtensionImpl(client, raw, extensions); + } + }; + + public static final Set VALUES + = Collections.unmodifiableSet(EnumSet.allOf(BuiltinSftpClientExtensions.class)); + + private final String name; + + private final Class type; + + BuiltinSftpClientExtensions(String name, Class type) { + this.name = name; + this.type = type; + } + + @Override + public final String getName() { + return name; + } + + public final Class getType() { + return type; + } + + public static BuiltinSftpClientExtensions fromName(String n) { + return NamedResource.findByName(n, String.CASE_INSENSITIVE_ORDER, VALUES); + } + + public static BuiltinSftpClientExtensions fromInstance(Object o) { + return fromType((o == null) ? null : o.getClass()); + } + + public static BuiltinSftpClientExtensions fromType(Class type) { + if ((type == null) || (!SftpClientExtension.class.isAssignableFrom(type))) { + return null; + } + + // the base class is assignable to everybody so we cannot distinguish between the enum(s) + if (SftpClientExtension.class == type) { + return null; + } + + for (BuiltinSftpClientExtensions v : VALUES) { + Class vt = v.getType(); + if (vt.isAssignableFrom(type)) { + return v; + } + } + + return null; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/CheckFileHandleExtension.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/CheckFileHandleExtension.java new file mode 100644 index 0000000..952ec76 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/CheckFileHandleExtension.java @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions; + +import java.io.IOException; +import java.util.Collection; +import java.util.Map; + +import org.apache.sshd.client.SftpClient.Handle; + +/** + * @author Apache MINA SSHD Project + * @see DRAFT 09 + * - section 9.1.2 + */ +public interface CheckFileHandleExtension extends SftpClientExtension { + /** + * @param handle Remote file {@link Handle} - must be a file and opened for read + * @param algorithms Hash algorithms in preferred order + * @param startOffset Start offset of the hash + * @param length Length of data to hash - if zero then till EOF + * @param blockSize Input block size to calculate individual hashes - if zero the one hash of all + * the data + * @return An immutable {@link Map.Entry} where key=hash algorithm name, value=the + * calculated hashes. + * @throws IOException If failed to execute the command + */ + Map.Entry> checkFileHandle( + Handle handle, Collection algorithms, long startOffset, long length, int blockSize) + throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/CheckFileNameExtension.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/CheckFileNameExtension.java new file mode 100644 index 0000000..bbec9a0 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/CheckFileNameExtension.java @@ -0,0 +1,46 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions; + +import java.io.IOException; +import java.util.Collection; +import java.util.Map; + +/** + * @author Apache MINA SSHD Project + * @see DRAFT 09 + * - section 9.1.2 + */ +public interface CheckFileNameExtension extends SftpClientExtension { + /** + * @param name Remote file name/path + * @param algorithms Hash algorithms in preferred order + * @param startOffset Start offset of the hash + * @param length Length of data to hash - if zero then till EOF + * @param blockSize Input block size to calculate individual hashes - if zero the one hash of all + * the data + * @return An immutable {@link Map.Entry} key left=hash algorithm name, value=the + * calculated hashes. + * @throws IOException If failed to execute the command + */ + Map.Entry> checkFileName( + String name, Collection algorithms, long startOffset, long length, int blockSize) + throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/CopyDataExtension.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/CopyDataExtension.java new file mode 100644 index 0000000..20785f6 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/CopyDataExtension.java @@ -0,0 +1,34 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions; + +import java.io.IOException; + +import org.apache.sshd.client.SftpClient.Handle; + +/** + * Implements the "copy-data" extension + * + * @author Apache MINA SSHD Project + * @see DRAFT 00 section 7 + */ +public interface CopyDataExtension extends SftpClientExtension { + void copyData(Handle readHandle, long readOffset, long readLength, Handle writeHandle, long writeOffset) throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/CopyFileExtension.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/CopyFileExtension.java new file mode 100644 index 0000000..df92120 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/CopyFileExtension.java @@ -0,0 +1,37 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions; + +import java.io.IOException; + +/** + * @author Apache MINA SSHD Project + * @see copy-file + * extension + */ +public interface CopyFileExtension extends SftpClientExtension { + /** + * @param src The (remote) file source path + * @param dst The (remote) file destination path + * @param overwriteDestination If {@code true} then OK to override destination if exists + * @throws IOException If failed to execute the command or extension not supported + */ + void copyFile(String src, String dst, boolean overwriteDestination) throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/MD5FileExtension.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/MD5FileExtension.java new file mode 100644 index 0000000..5edba2c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/MD5FileExtension.java @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions; + +import java.io.IOException; + +/** + * @author Apache MINA SSHD Project + * @see DRAFT 09 + * - section 9.1.1 + */ +public interface MD5FileExtension extends SftpClientExtension { + /** + * @param path The (remote) path + * @param offset The offset to start calculating the hash + * @param length The number of data bytes to calculate the hash on - if greater than available, then up to + * whatever is available + * @param quickHash A quick-hash of the 1st 2048 bytes - ignored if {@code null}/empty + * @return The hash value if the quick hash matches (or {@code null}/empty), or {@code null}/empty if + * the quick hash is provided and it does not match + * @throws IOException If failed to calculate the hash + */ + byte[] getHash(String path, long offset, long length, byte[] quickHash) throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/MD5HandleExtension.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/MD5HandleExtension.java new file mode 100644 index 0000000..d6be05e --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/MD5HandleExtension.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions; + +import java.io.IOException; + +import org.apache.sshd.client.SftpClient; + +/** + * @author Apache MINA SSHD Project + * @see DRAFT 09 + * - section 9.1.1 + */ +public interface MD5HandleExtension extends SftpClientExtension { + /** + * @param handle The (remote) file {@code Handle} + * @param offset The offset to start calculating the hash + * @param length The number of data bytes to calculate the hash on - if greater than available, then up to + * whatever is available + * @param quickHash A quick-hash of the 1st 2048 bytes - ignored if {@code null}/empty + * @return The hash value if the quick hash matches (or {@code null}/empty), or {@code null}/empty if + * the quick hash is provided and it does not match + * @throws IOException If failed to calculate the hash + */ + byte[] getHash(SftpClient.Handle handle, long offset, long length, byte[] quickHash) throws IOException; + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/SftpClientExtension.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/SftpClientExtension.java new file mode 100644 index 0000000..cb1027d --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/SftpClientExtension.java @@ -0,0 +1,34 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.OptionalFeature; +import org.apache.sshd.client.SftpClient; + +/** + * @author Apache MINA SSHD Project + */ +public interface SftpClientExtension extends NamedResource, OptionalFeature { + /** + * @return The {@link SftpClient} used to issue the extended command + */ + SftpClient getClient(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/SftpClientExtensionFactory.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/SftpClientExtensionFactory.java new file mode 100644 index 0000000..f102d50 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/SftpClientExtensionFactory.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions; + +import java.util.Map; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.client.RawSftpClient; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.common.extensions.ParserUtils; + +/** + * @author Apache MINA SSHD Project + */ +public interface SftpClientExtensionFactory extends NamedResource { + default SftpClientExtension create(SftpClient client, RawSftpClient raw) { + Map extensions = client.getServerExtensions(); + return create(client, raw, extensions, ParserUtils.parse(extensions)); + } + + SftpClientExtension create(SftpClient client, RawSftpClient raw, Map extensions, Map parsed); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/SpaceAvailableExtension.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/SpaceAvailableExtension.java new file mode 100644 index 0000000..ee31f12 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/SpaceAvailableExtension.java @@ -0,0 +1,35 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions; + +import java.io.IOException; + +import org.apache.sshd.common.extensions.SpaceAvailableExtensionInfo; + +/** + * Implements the "space-available" extension + * + * @author Apache MINA SSHD Project + * @see DRAFT 09 + * section 9.2 + */ +public interface SpaceAvailableExtension extends SftpClientExtension { + SpaceAvailableExtensionInfo available(String path) throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/AbstractCheckFileExtension.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/AbstractCheckFileExtension.java new file mode 100644 index 0000000..80c8597 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/AbstractCheckFileExtension.java @@ -0,0 +1,73 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions.helpers; + +import java.io.IOException; +import java.io.StreamCorruptedException; +import java.util.AbstractMap.SimpleImmutableEntry; +import java.util.Collection; +import java.util.LinkedList; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.BufferUtils; +import org.apache.sshd.client.RawSftpClient; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.common.SftpConstants; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractCheckFileExtension extends AbstractSftpClientExtension { + protected AbstractCheckFileExtension(String name, SftpClient client, RawSftpClient raw, Collection extras) { + super(name, client, raw, extras); + } + + protected SimpleImmutableEntry> doGetHash( + Object target, Collection algorithms, long offset, long length, int blockSize) + throws IOException { + Buffer buffer = getCommandBuffer(target, Byte.MAX_VALUE); + putTarget(buffer, target); + buffer.putString(GenericUtils.join(algorithms, ',')); + buffer.putLong(offset); + buffer.putLong(length); + buffer.putInt(blockSize); + + buffer = checkExtendedReplyBuffer(receive(sendExtendedCommand(buffer))); + if (buffer == null) { + throw new StreamCorruptedException("Missing extended reply data"); + } + + String targetType = buffer.getString(); + if (String.CASE_INSENSITIVE_ORDER.compare(targetType, SftpConstants.EXT_CHECK_FILE) != 0) { + throw new StreamCorruptedException( + "Mismatched reply type: expected=" + SftpConstants.EXT_CHECK_FILE + ", actual=" + targetType); + } + + String algo = buffer.getString(); + Collection hashes = new LinkedList<>(); + while (buffer.available() > 0) { + byte[] hashValue = buffer.getBytes(); + hashes.add(hashValue); + } + + return new SimpleImmutableEntry<>(algo, hashes); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/AbstractMD5HashExtension.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/AbstractMD5HashExtension.java new file mode 100644 index 0000000..4d138d9 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/AbstractMD5HashExtension.java @@ -0,0 +1,63 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions.helpers; + +import java.io.IOException; +import java.io.StreamCorruptedException; +import java.util.Collection; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.BufferUtils; +import org.apache.sshd.client.RawSftpClient; +import org.apache.sshd.client.SftpClient; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractMD5HashExtension extends AbstractSftpClientExtension { + protected AbstractMD5HashExtension(String name, SftpClient client, RawSftpClient raw, Collection extras) { + super(name, client, raw, extras); + } + + protected byte[] doGetHash(Object target, long offset, long length, byte[] quickHash) throws IOException { + Buffer buffer = getCommandBuffer(target, Long.SIZE + 2 * Long.BYTES + Integer.BYTES + NumberUtils.length(quickHash)); + String opcode = getName(); + putTarget(buffer, target); + buffer.putLong(offset); + buffer.putLong(length); + buffer.putBytes((quickHash == null) ? GenericUtils.EMPTY_BYTE_ARRAY : quickHash); + + buffer = checkExtendedReplyBuffer(receive(sendExtendedCommand(buffer))); + if (buffer == null) { + throw new StreamCorruptedException("Missing extended reply data"); + } + + String targetType = buffer.getString(); + if (String.CASE_INSENSITIVE_ORDER.compare(targetType, opcode) != 0) { + throw new StreamCorruptedException("Mismatched reply target type: expected=" + opcode + ", actual=" + targetType); + } + + byte[] hashValue = buffer.getBytes(); + + return hashValue; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/AbstractSftpClientExtension.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/AbstractSftpClientExtension.java new file mode 100644 index 0000000..942494a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/AbstractSftpClientExtension.java @@ -0,0 +1,220 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions.helpers; + +import java.io.IOException; +import java.io.StreamCorruptedException; +import java.time.Duration; +import java.util.Collection; +import java.util.Map; +import java.util.Objects; + +import org.apache.sshd.common.SshException; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.client.RawSftpClient; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.SftpClient.Handle; +import org.apache.sshd.client.extensions.SftpClientExtension; +import org.apache.sshd.common.SftpConstants; +import org.apache.sshd.common.SftpException; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractSftpClientExtension implements SftpClientExtension, RawSftpClient { + private final String name; + private final SftpClient client; + private final RawSftpClient raw; + private final boolean supported; + + protected AbstractSftpClientExtension(String name, SftpClient client, RawSftpClient raw, Collection extras) { + this(name, client, raw, GenericUtils.isNotEmpty(extras) && extras.contains(name)); + } + + protected AbstractSftpClientExtension(String name, SftpClient client, RawSftpClient raw, Map extensions) { + this(name, client, raw, GenericUtils.isNotEmpty(extensions) && extensions.containsKey(name)); + } + + protected AbstractSftpClientExtension(String name, SftpClient client, RawSftpClient raw, boolean supported) { + this.name = ValidateUtils.checkNotNullAndNotEmpty(name, "No extension name"); + this.client = Objects.requireNonNull(client, "No client instance"); + this.raw = Objects.requireNonNull(raw, "No raw access"); + this.supported = supported; + } + + @Override + public final String getName() { + return name; + } + + @Override + public final SftpClient getClient() { + return client; + } + + protected void sendAndCheckExtendedCommandStatus(Buffer buffer) throws IOException { + int reqId = sendExtendedCommand(buffer); + checkStatus(receive(reqId)); + } + + protected int sendExtendedCommand(Buffer buffer) throws IOException { + return send(SftpConstants.SSH_FXP_EXTENDED, buffer); + } + + @Override + public int send(int cmd, Buffer buffer) throws IOException { + return raw.send(cmd, buffer); + } + + @Override + public Buffer receive(int id) throws IOException { + return raw.receive(id); + } + + @Override + public Buffer receive(int id, long timeout) throws IOException { + return raw.receive(id, timeout); + } + + @Override + public Buffer receive(int id, Duration timeout) throws IOException { + return raw.receive(id, timeout); + } + + @Override + public final boolean isSupported() { + return supported; + } + + protected void checkStatus(Buffer buffer) throws IOException { + if (checkExtendedReplyBuffer(buffer) != null) { + throw new StreamCorruptedException("Unexpected extended reply received"); + } + } + + /** + * @param buffer The {@link Buffer} + * @param target A target path {@link String} or {@link Handle} or {@code byte[]} to be + * encoded in the buffer + * @return The updated buffer + * @throws UnsupportedOperationException If target is not one of the above supported types + */ + public Buffer putTarget(Buffer buffer, Object target) { + if (target instanceof CharSequence) { + buffer.putString(target.toString()); + } else if (target instanceof byte[]) { + buffer.putBytes((byte[]) target); + } else if (target instanceof Handle) { + buffer.putBytes(((Handle) target).getIdentifier()); + } else { + throw new UnsupportedOperationException("Unknown target type: " + target); + } + + return buffer; + } + + /** + * @param target A target path {@link String} or {@link Handle} or {@code byte[]} to be encoded in the buffer + * @return A {@link Buffer} with the extension name set + * @see #getCommandBuffer(Object, int) + */ + protected Buffer getCommandBuffer(Object target) { + return getCommandBuffer(target, 0); + } + + /** + * @param target A target path {@link String} or {@link Handle} or {@code byte[]} to be encoded in the buffer + * @param extraSize Extra size - beyond the path/handle to be allocated + * @return A {@link Buffer} with the extension name set + * @see #getCommandBuffer(int) + */ + protected Buffer getCommandBuffer(Object target, int extraSize) { + if (target instanceof CharSequence) { + return getCommandBuffer(Integer.BYTES + ((CharSequence) target).length() + extraSize); + } else if (target instanceof byte[]) { + return getCommandBuffer(Integer.BYTES + ((byte[]) target).length + extraSize); + } else if (target instanceof Handle) { + return getCommandBuffer(Integer.BYTES + ((Handle) target).length() + extraSize); + } else { + return getCommandBuffer(extraSize); + } + } + + /** + * @param extraSize Extra size - besides the extension name + * @return A {@link Buffer} with the extension name set + */ + protected Buffer getCommandBuffer(int extraSize) { + String opcode = getName(); + Buffer buffer = new ByteArrayBuffer(Integer.BYTES + GenericUtils.length(opcode) + extraSize + Byte.SIZE, false); + buffer.putString(opcode); + return buffer; + } + + /** + * @param buffer The {@link Buffer} to check + * @return The {@link Buffer} if this is an {@link SftpConstants#SSH_FXP_EXTENDED_REPLY}, or + * {@code null} if this is a {@link SftpConstants#SSH_FXP_STATUS} carrying an + * {@link SftpConstants#SSH_FX_OK} result + * @throws IOException If a non-{@link SftpConstants#SSH_FX_OK} result or not a + * {@link SftpConstants#SSH_FXP_EXTENDED_REPLY} buffer + */ + protected Buffer checkExtendedReplyBuffer(Buffer buffer) throws IOException { + int length = buffer.getInt(); + int type = buffer.getUByte(); + int id = buffer.getInt(); + validateIncomingResponse(SftpConstants.SSH_FXP_EXTENDED, id, type, length, buffer); + + if (type == SftpConstants.SSH_FXP_STATUS) { + int substatus = buffer.getInt(); + String msg = buffer.getString(); + String lang = buffer.getString(); + + if (substatus != SftpConstants.SSH_FX_OK) { + throwStatusException(id, substatus, msg, lang); + } + + return null; + } else if (type == SftpConstants.SSH_FXP_EXTENDED_REPLY) { + return buffer; + } else { + throw new SshException("Unexpected SFTP packet received: type=" + type + ", id=" + id + ", length=" + length); + } + } + + protected void validateIncomingResponse( + int cmd, int id, int type, int length, Buffer buffer) + throws IOException { + int remaining = buffer.available(); + if ((length < 0) || (length > (remaining + 5 /* type + id */))) { + throw new SshException( + "Bad length (" + length + ") for remaining data (" + remaining + ")" + + " in response to " + SftpConstants.getCommandMessageName(cmd) + + ": type=" + SftpConstants.getCommandMessageName(type) + ", id=" + id); + } + } + + protected void throwStatusException(int id, int substatus, String msg, String lang) throws IOException { + throw new SftpException(substatus, msg); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/CheckFileHandleExtensionImpl.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/CheckFileHandleExtensionImpl.java new file mode 100644 index 0000000..8639628 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/CheckFileHandleExtensionImpl.java @@ -0,0 +1,50 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions.helpers; + +import java.io.IOException; +import java.util.AbstractMap.SimpleImmutableEntry; +import java.util.Collection; + +import org.apache.sshd.client.RawSftpClient; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.SftpClient.Handle; +import org.apache.sshd.client.extensions.CheckFileHandleExtension; +import org.apache.sshd.common.SftpConstants; + +/** + * Implements "check-file-handle" extension + * + * @see DRAFT 09 + * - section 9.1.2 + * @author Apache MINA SSHD Project + */ +public class CheckFileHandleExtensionImpl extends AbstractCheckFileExtension implements CheckFileHandleExtension { + public CheckFileHandleExtensionImpl(SftpClient client, RawSftpClient raw, Collection extras) { + super(SftpConstants.EXT_CHECK_FILE_HANDLE, client, raw, extras); + } + + @Override + public SimpleImmutableEntry> checkFileHandle( + Handle handle, Collection algorithms, long startOffset, long length, int blockSize) + throws IOException { + return doGetHash(handle.getIdentifier(), algorithms, startOffset, length, blockSize); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/CheckFileNameExtensionImpl.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/CheckFileNameExtensionImpl.java new file mode 100644 index 0000000..33f1182 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/CheckFileNameExtensionImpl.java @@ -0,0 +1,49 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions.helpers; + +import java.io.IOException; +import java.util.AbstractMap.SimpleImmutableEntry; +import java.util.Collection; + +import org.apache.sshd.client.RawSftpClient; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.extensions.CheckFileNameExtension; +import org.apache.sshd.common.SftpConstants; + +/** + * Implements "check-file-name" extension + * + * @see DRAFT 09 + * - section 9.1.2 + * @author Apache MINA SSHD Project + */ +public class CheckFileNameExtensionImpl extends AbstractCheckFileExtension implements CheckFileNameExtension { + public CheckFileNameExtensionImpl(SftpClient client, RawSftpClient raw, Collection extras) { + super(SftpConstants.EXT_CHECK_FILE_NAME, client, raw, extras); + } + + @Override + public SimpleImmutableEntry> checkFileName( + String name, Collection algorithms, long startOffset, long length, int blockSize) + throws IOException { + return doGetHash(name, algorithms, startOffset, length, blockSize); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/CopyDataExtensionImpl.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/CopyDataExtensionImpl.java new file mode 100644 index 0000000..56cd64c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/CopyDataExtensionImpl.java @@ -0,0 +1,59 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions.helpers; + +import java.io.IOException; +import java.util.Collection; + +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.client.RawSftpClient; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.SftpClient.Handle; +import org.apache.sshd.client.extensions.CopyDataExtension; +import org.apache.sshd.common.SftpConstants; + +/** + * Implements the "copy-data" extension + * + * @see DRFAT 00 - section 7 + * @author Apache MINA SSHD Project + */ +public class CopyDataExtensionImpl extends AbstractSftpClientExtension implements CopyDataExtension { + public CopyDataExtensionImpl(SftpClient client, RawSftpClient raw, Collection extra) { + super(SftpConstants.EXT_COPY_DATA, client, raw, extra); + } + + @Override + public void copyData(Handle readHandle, long readOffset, long readLength, Handle writeHandle, long writeOffset) + throws IOException { + byte[] srcId = readHandle.getIdentifier(); + byte[] dstId = writeHandle.getIdentifier(); + Buffer buffer = getCommandBuffer(Integer.BYTES + NumberUtils.length(srcId) + + Integer.BYTES + NumberUtils.length(dstId) + + (3 * (Long.SIZE + Integer.BYTES))); + buffer.putBytes(srcId); + buffer.putLong(readOffset); + buffer.putLong(readLength); + buffer.putBytes(dstId); + buffer.putLong(writeOffset); + sendAndCheckExtendedCommandStatus(buffer); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/CopyFileExtensionImpl.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/CopyFileExtensionImpl.java new file mode 100644 index 0000000..e71bcbb --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/CopyFileExtensionImpl.java @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions.helpers; + +import java.io.IOException; +import java.util.Collection; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.client.RawSftpClient; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.extensions.CopyFileExtension; +import org.apache.sshd.common.SftpConstants; + +/** + * Implements the "copy-file" extension + * + * @see DRFAT 00 - section 6 + * @author Apache MINA SSHD Project + */ +public class CopyFileExtensionImpl extends AbstractSftpClientExtension implements CopyFileExtension { + public CopyFileExtensionImpl(SftpClient client, RawSftpClient raw, Collection extra) { + super(SftpConstants.EXT_COPY_FILE, client, raw, extra); + } + + @Override + public void copyFile(String src, String dst, boolean overwriteDestination) throws IOException { + Buffer buffer = getCommandBuffer(Integer.BYTES + GenericUtils.length(src) + + Integer.BYTES + GenericUtils.length(dst) + + 1 /* override destination */); + buffer.putString(src); + buffer.putString(dst); + buffer.putBoolean(overwriteDestination); + sendAndCheckExtendedCommandStatus(buffer); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/MD5FileExtensionImpl.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/MD5FileExtensionImpl.java new file mode 100644 index 0000000..c094025 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/MD5FileExtensionImpl.java @@ -0,0 +1,46 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions.helpers; + +import java.io.IOException; +import java.util.Collection; + +import org.apache.sshd.client.RawSftpClient; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.extensions.MD5FileExtension; +import org.apache.sshd.common.SftpConstants; + +/** + * Implements "md5-hash" extension + * + * @see DRAFT 09 + * - section 9.1.1 + * @author Apache MINA SSHD Project + */ +public class MD5FileExtensionImpl extends AbstractMD5HashExtension implements MD5FileExtension { + public MD5FileExtensionImpl(SftpClient client, RawSftpClient raw, Collection extra) { + super(SftpConstants.EXT_MD5_HASH, client, raw, extra); + } + + @Override + public byte[] getHash(String path, long offset, long length, byte[] quickHash) throws IOException { + return doGetHash(path, offset, length, quickHash); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/MD5HandleExtensionImpl.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/MD5HandleExtensionImpl.java new file mode 100644 index 0000000..4d9cc07 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/MD5HandleExtensionImpl.java @@ -0,0 +1,47 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions.helpers; + +import java.io.IOException; +import java.util.Collection; + +import org.apache.sshd.client.RawSftpClient; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.extensions.MD5HandleExtension; +import org.apache.sshd.common.SftpConstants; + +/** + * Implements "md5-hash-handle" extension + * + * @see DRAFT 09 + * - section 9.1.1 + * @author Apache MINA SSHD Project + */ +public class MD5HandleExtensionImpl extends AbstractMD5HashExtension implements MD5HandleExtension { + public MD5HandleExtensionImpl(SftpClient client, RawSftpClient raw, Collection extra) { + super(SftpConstants.EXT_MD5_HASH_HANDLE, client, raw, extra); + } + + @Override + public byte[] getHash(SftpClient.Handle handle, long offset, long length, byte[] quickHash) throws IOException { + return doGetHash(handle.getIdentifier(), offset, length, quickHash); + } + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/SpaceAvailableExtensionImpl.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/SpaceAvailableExtensionImpl.java new file mode 100644 index 0000000..46bef1b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/helpers/SpaceAvailableExtensionImpl.java @@ -0,0 +1,57 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions.helpers; + +import java.io.IOException; +import java.io.StreamCorruptedException; +import java.util.Collection; + +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.client.RawSftpClient; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.extensions.SpaceAvailableExtension; +import org.apache.sshd.common.SftpConstants; +import org.apache.sshd.common.extensions.SpaceAvailableExtensionInfo; + +/** + * Implements "space-available" extension + * + * @see DRAFT 09 + * - section 9.3 + * @author Apache MINA SSHD Project + */ +public class SpaceAvailableExtensionImpl extends AbstractSftpClientExtension implements SpaceAvailableExtension { + public SpaceAvailableExtensionImpl(SftpClient client, RawSftpClient raw, Collection extra) { + super(SftpConstants.EXT_SPACE_AVAILABLE, client, raw, extra); + } + + @Override + public SpaceAvailableExtensionInfo available(String path) throws IOException { + Buffer buffer = getCommandBuffer(path); + buffer.putString(path); + buffer = checkExtendedReplyBuffer(receive(sendExtendedCommand(buffer))); + + if (buffer == null) { + throw new StreamCorruptedException("Missing extended reply data"); + } + + return new SpaceAvailableExtensionInfo(buffer); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/OpenSSHFsyncExtension.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/OpenSSHFsyncExtension.java new file mode 100644 index 0000000..1b3e5ce --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/OpenSSHFsyncExtension.java @@ -0,0 +1,35 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions.openssh; + +import java.io.IOException; + +import org.apache.sshd.client.SftpClient.Handle; +import org.apache.sshd.client.extensions.SftpClientExtension; + +/** + * Implements the "fsync@openssh.com" extension + * + * @author Apache MINA SSHD Project + * @see OpenSSH - section 10 + */ +public interface OpenSSHFsyncExtension extends SftpClientExtension { + void fsync(Handle fileHandle) throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/OpenSSHPosixRenameExtension.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/OpenSSHPosixRenameExtension.java new file mode 100644 index 0000000..ec48b9c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/OpenSSHPosixRenameExtension.java @@ -0,0 +1,31 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions.openssh; + +import java.io.IOException; + +import org.apache.sshd.client.extensions.SftpClientExtension; + +/** + * Implements the "posix-rename@openssh.com" extension + */ +public interface OpenSSHPosixRenameExtension extends SftpClientExtension { + void posixRename(String oldPath, String newPath) throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/OpenSSHStatExtensionInfo.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/OpenSSHStatExtensionInfo.java new file mode 100644 index 0000000..754c43c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/OpenSSHStatExtensionInfo.java @@ -0,0 +1,151 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions.openssh; + +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * Response for the "statvfs@openssh.com" and "fstatvfs@openssh.com" extension commands. + * + * @author Apache MINA SSHD Project + * @see OpenSSH + * section 3.4 + */ +public class OpenSSHStatExtensionInfo implements Cloneable { + // The values of the f_flag bitmask + public static final long SSH_FXE_STATVFS_ST_RDONLY = 0x1; /* read-only */ + public static final long SSH_FXE_STATVFS_ST_NOSUID = 0x2; /* no setuid */ + + // CHECKSTYLE:OFF + public long f_bsize; /* file system block size */ + public long f_frsize; /* fundamental fs block size */ + public long f_blocks; /* number of blocks (unit f_frsize) */ + public long f_bfree; /* free blocks in file system */ + public long f_bavail; /* free blocks for non-root */ + public long f_files; /* total file inodes */ + public long f_ffree; /* free file inodes */ + public long f_favail; /* free file inodes for to non-root */ + public long f_fsid; /* file system id */ + public long f_flag; /* bit mask of f_flag values */ + public long f_namemax; /* maximum filename length */ + // CHECKSTYLE:ON + + public OpenSSHStatExtensionInfo() { + super(); + } + + public OpenSSHStatExtensionInfo(Buffer buffer) { + decode(buffer, this); + } + + @Override + public int hashCode() { + return NumberUtils.hashCode(this.f_bsize, this.f_frsize, this.f_blocks, + this.f_bfree, this.f_bavail, this.f_files, this.f_ffree, + this.f_favail, this.f_fsid, this.f_flag, this.f_namemax); + } + + @Override + public boolean equals(Object obj) { + if (obj == null) { + return false; + } + if (this == obj) { + return true; + } + if (getClass() != obj.getClass()) { + return false; + } + + OpenSSHStatExtensionInfo other = (OpenSSHStatExtensionInfo) obj; + // debug breakpoint + return this.f_bsize == other.f_bsize + && this.f_frsize == other.f_frsize + && this.f_blocks == other.f_blocks + && this.f_bfree == other.f_bfree + && this.f_bavail == other.f_bavail + && this.f_files == other.f_files + && this.f_ffree == other.f_ffree + && this.f_favail == other.f_favail + && this.f_fsid == other.f_fsid + && this.f_flag == other.f_flag + && this.f_namemax == other.f_namemax; + } + + @Override + public OpenSSHStatExtensionInfo clone() { + try { + return getClass().cast(super.clone()); + } catch (CloneNotSupportedException e) { + throw new RuntimeException("Failed to close " + toString() + ": " + e.getMessage()); + } + } + + @Override + public String toString() { + return "f_bsize=" + f_bsize + + ",f_frsize=" + f_frsize + + ",f_blocks=" + f_blocks + + ",f_bfree=" + f_bfree + + ",f_bavail=" + f_bavail + + ",f_files=" + f_files + + ",f_ffree=" + f_ffree + + ",f_favail=" + f_favail + + ",f_fsid=" + f_fsid + + ",f_flag=0x" + Long.toHexString(f_flag) + + ",f_namemax=" + f_namemax; + } + + public static void encode(Buffer buffer, OpenSSHStatExtensionInfo info) { + buffer.putLong(info.f_bsize); + buffer.putLong(info.f_frsize); + buffer.putLong(info.f_blocks); + buffer.putLong(info.f_bfree); + buffer.putLong(info.f_bavail); + buffer.putLong(info.f_files); + buffer.putLong(info.f_ffree); + buffer.putLong(info.f_favail); + buffer.putLong(info.f_fsid); + buffer.putLong(info.f_flag); + buffer.putLong(info.f_namemax); + } + + public static OpenSSHStatExtensionInfo decode(Buffer buffer) { + OpenSSHStatExtensionInfo info = new OpenSSHStatExtensionInfo(); + decode(buffer, info); + return info; + } + + public static void decode(Buffer buffer, OpenSSHStatExtensionInfo info) { + info.f_bsize = buffer.getLong(); + info.f_frsize = buffer.getLong(); + info.f_blocks = buffer.getLong(); + info.f_bfree = buffer.getLong(); + info.f_bavail = buffer.getLong(); + info.f_files = buffer.getLong(); + info.f_ffree = buffer.getLong(); + info.f_favail = buffer.getLong(); + info.f_fsid = buffer.getLong(); + info.f_flag = buffer.getLong(); + info.f_namemax = buffer.getLong(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/OpenSSHStatHandleExtension.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/OpenSSHStatHandleExtension.java new file mode 100644 index 0000000..e1aba82 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/OpenSSHStatHandleExtension.java @@ -0,0 +1,34 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions.openssh; + +import java.io.IOException; + +import org.apache.sshd.client.SftpClient.Handle; +import org.apache.sshd.client.extensions.SftpClientExtension; + +/** + * Implements the "fstatvfs@openssh.com" extension command + * + * @author Apache MINA SSHD Project + */ +public interface OpenSSHStatHandleExtension extends SftpClientExtension { + OpenSSHStatExtensionInfo stat(Handle handle) throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/OpenSSHStatPathExtension.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/OpenSSHStatPathExtension.java new file mode 100644 index 0000000..91c32b2 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/OpenSSHStatPathExtension.java @@ -0,0 +1,36 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions.openssh; + +import java.io.IOException; + +import org.apache.sshd.client.extensions.SftpClientExtension; + +/** + * Implements the "statvfs@openssh.com" extension command + * + * @author Apache MINA SSHD Project + * @see OpenSSH + * section 3.4 + */ +public interface OpenSSHStatPathExtension extends SftpClientExtension { + OpenSSHStatExtensionInfo stat(String path) throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/helpers/AbstractOpenSSHStatCommandExtension.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/helpers/AbstractOpenSSHStatCommandExtension.java new file mode 100644 index 0000000..acd5742 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/helpers/AbstractOpenSSHStatCommandExtension.java @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions.openssh.helpers; + +import java.io.IOException; +import java.io.StreamCorruptedException; +import java.util.Map; + +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.BufferUtils; +import org.apache.sshd.client.RawSftpClient; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.extensions.helpers.AbstractSftpClientExtension; +import org.apache.sshd.client.extensions.openssh.OpenSSHStatExtensionInfo; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractOpenSSHStatCommandExtension extends AbstractSftpClientExtension { + protected AbstractOpenSSHStatCommandExtension(String name, SftpClient client, RawSftpClient raw, + Map extensions) { + super(name, client, raw, extensions); + } + + protected OpenSSHStatExtensionInfo doGetStat(Object target) throws IOException { + Buffer buffer = getCommandBuffer(target); + putTarget(buffer, target); + + buffer = checkExtendedReplyBuffer(receive(sendExtendedCommand(buffer))); + if (buffer == null) { + throw new StreamCorruptedException("Missing extended reply data"); + } + + return new OpenSSHStatExtensionInfo(buffer); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/helpers/OpenSSHFsyncExtensionImpl.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/helpers/OpenSSHFsyncExtensionImpl.java new file mode 100644 index 0000000..b1b9300 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/helpers/OpenSSHFsyncExtensionImpl.java @@ -0,0 +1,49 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions.openssh.helpers; + +import java.io.IOException; +import java.util.Map; + +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.client.RawSftpClient; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.SftpClient.Handle; +import org.apache.sshd.client.extensions.helpers.AbstractSftpClientExtension; +import org.apache.sshd.client.extensions.openssh.OpenSSHFsyncExtension; +import org.apache.sshd.common.extensions.openssh.FsyncExtensionParser; + +/** + * @author Apache MINA SSHD Project + */ +public class OpenSSHFsyncExtensionImpl extends AbstractSftpClientExtension implements OpenSSHFsyncExtension { + public OpenSSHFsyncExtensionImpl(SftpClient client, RawSftpClient raw, Map extensions) { + super(FsyncExtensionParser.NAME, client, raw, extensions); + } + + @Override + public void fsync(Handle fileHandle) throws IOException { + byte[] handle = fileHandle.getIdentifier(); + Buffer buffer = getCommandBuffer(Integer.BYTES + NumberUtils.length(handle)); + buffer.putBytes(handle); + sendAndCheckExtendedCommandStatus(buffer); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/helpers/OpenSSHPosixRenameExtensionImpl.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/helpers/OpenSSHPosixRenameExtensionImpl.java new file mode 100644 index 0000000..ae25047 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/helpers/OpenSSHPosixRenameExtensionImpl.java @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions.openssh.helpers; + +import java.io.IOException; +import java.util.Map; + +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.client.RawSftpClient; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.extensions.helpers.AbstractSftpClientExtension; +import org.apache.sshd.client.extensions.openssh.OpenSSHPosixRenameExtension; +import org.apache.sshd.common.extensions.openssh.PosixRenameExtensionParser; + +/** + * @author Christian Schou Jødal + */ +public class OpenSSHPosixRenameExtensionImpl extends AbstractSftpClientExtension implements OpenSSHPosixRenameExtension { + public OpenSSHPosixRenameExtensionImpl(SftpClient client, RawSftpClient raw, Map extensions) { + super(PosixRenameExtensionParser.NAME, client, raw, extensions); + } + + @Override + public void posixRename(String oldPath, String newPath) throws IOException { + Buffer buffer = getCommandBuffer(Integer.BYTES + oldPath.length() + newPath.length()); + putTarget(buffer, oldPath); + putTarget(buffer, newPath); + + checkExtendedReplyBuffer(receive(sendExtendedCommand(buffer))); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/helpers/OpenSSHStatHandleExtensionImpl.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/helpers/OpenSSHStatHandleExtensionImpl.java new file mode 100644 index 0000000..190b893 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/helpers/OpenSSHStatHandleExtensionImpl.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions.openssh.helpers; + +import java.io.IOException; +import java.util.Map; + +import org.apache.sshd.client.RawSftpClient; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.SftpClient.Handle; +import org.apache.sshd.client.extensions.openssh.OpenSSHStatExtensionInfo; +import org.apache.sshd.client.extensions.openssh.OpenSSHStatHandleExtension; +import org.apache.sshd.common.extensions.openssh.FstatVfsExtensionParser; + +/** + * @author Apache MINA SSHD Project + */ +public class OpenSSHStatHandleExtensionImpl extends AbstractOpenSSHStatCommandExtension implements OpenSSHStatHandleExtension { + public OpenSSHStatHandleExtensionImpl(SftpClient client, RawSftpClient raw, Map extensions) { + super(FstatVfsExtensionParser.NAME, client, raw, extensions); + } + + @Override + public OpenSSHStatExtensionInfo stat(Handle handle) throws IOException { + return doGetStat(handle.getIdentifier()); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/helpers/OpenSSHStatPathExtensionImpl.java b/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/helpers/OpenSSHStatPathExtensionImpl.java new file mode 100644 index 0000000..a1e19bc --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/extensions/openssh/helpers/OpenSSHStatPathExtensionImpl.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.extensions.openssh.helpers; + +import java.io.IOException; +import java.util.Map; + +import org.apache.sshd.client.RawSftpClient; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.extensions.openssh.OpenSSHStatExtensionInfo; +import org.apache.sshd.client.extensions.openssh.OpenSSHStatPathExtension; +import org.apache.sshd.common.extensions.openssh.StatVfsExtensionParser; + +/** + * @author Apache MINA SSHD Project + */ +public class OpenSSHStatPathExtensionImpl extends AbstractOpenSSHStatCommandExtension implements OpenSSHStatPathExtension { + public OpenSSHStatPathExtensionImpl(SftpClient client, RawSftpClient raw, Map extensions) { + super(StatVfsExtensionParser.NAME, client, raw, extensions); + } + + @Override + public OpenSSHStatExtensionInfo stat(String path) throws IOException { + return doGetStat(path); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/future/AuthFuture.java b/files-sftp/src/main/java/org/apache/sshd/client/future/AuthFuture.java new file mode 100644 index 0000000..12bd52e --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/future/AuthFuture.java @@ -0,0 +1,77 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.future; + +import org.apache.sshd.common.future.SshFuture; +import org.apache.sshd.common.future.VerifiableFuture; + +/** + * An {@link SshFuture} for asynchronous authentication requests. + * + * @author Apache MINA SSHD Project + */ +public interface AuthFuture extends SshFuture, VerifiableFuture { + /** + * Returns the cause of the authentication failure. + * + * @return {@code null} if the authentication operation is not finished yet, or if the connection attempt is + * successful (use {@link #isDone()} to distinguish between the two). + */ + Throwable getException(); + + /** + * @return true if the authentication operation is finished successfully. Note: calling this + * method while the operation is in progress returns {@code false}. Should check {@link #isDone()} in order + * to ensure that the result is valid. + */ + boolean isSuccess(); + + /** + * @return false if the authentication operation failed. Note: the operation is considered + * failed if an exception is received instead of a success/fail response code or the operation is in + * progress. Should check {@link #isDone()} in order to ensure that the result is valid. + */ + boolean isFailure(); + + /** + * @return {@code true} if the connect operation has been canceled by {@link #cancel()} method. + */ + boolean isCanceled(); + + /** + * Notifies that the session has been authenticated. This method is invoked by SSHD internally. Please do not call + * this method directly. + * + * @param authed Authentication success state + */ + void setAuthed(boolean authed); + + /** + * Sets the exception caught due to connection failure and notifies all threads waiting for this future. This method + * is invoked by SSHD internally. Please do not call this method directly. + * + * @param exception The caught {@link Throwable} + */ + void setException(Throwable exception); + + /** + * Cancels the authentication attempt and notifies all threads waiting for this future. + */ + void cancel(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/future/ConnectFuture.java b/files-sftp/src/main/java/org/apache/sshd/client/future/ConnectFuture.java new file mode 100644 index 0000000..3947793 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/future/ConnectFuture.java @@ -0,0 +1,81 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.future; + +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.client.session.ClientSessionHolder; +import org.apache.sshd.common.future.SshFuture; +import org.apache.sshd.common.future.VerifiableFuture; +import org.apache.sshd.common.session.SessionHolder; + +/** + * An {@link SshFuture} for asynchronous connections requests. + * + * @author Apache MINA SSHD Project + */ +public interface ConnectFuture + extends SshFuture, + VerifiableFuture, + SessionHolder, + ClientSessionHolder { + + @Override + default ClientSession getClientSession() { + return getSession(); + } + + /** + * @return true if the connect operation is finished successfully. + */ + boolean isConnected(); + + /** + * @return {@code true} if the connect operation has been canceled by {@link #cancel()} method. + */ + boolean isCanceled(); + + /** + * Sets the newly connected session and notifies all threads waiting for this future. This method is invoked by SSHD + * internally. Please do not call this method directly. + * + * @param session The {@link ClientSession} + */ + void setSession(ClientSession session); + + /** + * Returns the cause of the connection failure. + * + * @return {@code null} if the connect operation is not finished yet, or if the connection attempt is successful + * (use {@link #isDone()} to distinguish between the two) + */ + Throwable getException(); + + /** + * Sets the exception caught due to connection failure and notifies all threads waiting for this future. This method + * is invoked by SSHD internally. Please do not call this method directly. + * + * @param exception The caught {@link Throwable} + */ + void setException(Throwable exception); + + /** + * Cancels the connection attempt and notifies all threads waiting for this future. + */ + void cancel(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/future/DefaultAuthFuture.java b/files-sftp/src/main/java/org/apache/sshd/client/future/DefaultAuthFuture.java new file mode 100644 index 0000000..8090456 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/future/DefaultAuthFuture.java @@ -0,0 +1,86 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.future; + +import java.io.IOException; +import java.util.Objects; + +import org.apache.sshd.common.SshException; +import org.apache.sshd.common.future.DefaultVerifiableSshFuture; + +/** + * A default implementation of {@link AuthFuture}. + * + * @author Apache MINA SSHD Project + */ +public class DefaultAuthFuture extends DefaultVerifiableSshFuture implements AuthFuture { + public DefaultAuthFuture(Object id, Object lock) { + super(id, lock); + } + + @Override + public AuthFuture verify(long timeoutMillis) throws IOException { + Boolean result = verifyResult(Boolean.class, timeoutMillis); + if (!result) { + throw formatExceptionMessage( + SshException::new, + "Authentication failed while waiting %d msec.", + timeoutMillis); + } + + return this; + } + + @Override + public Throwable getException() { + Object v = getValue(); + if (v instanceof Throwable) { + return (Throwable) v; + } else { + return null; + } + } + + @Override + public boolean isSuccess() { + Object v = getValue(); + return (v instanceof Boolean) && (Boolean) v; + } + + @Override + public boolean isFailure() { + Object v = getValue(); + if (v instanceof Boolean) { + return !(Boolean) v; + } else { + return true; + } + } + + @Override + public void setAuthed(boolean authed) { + setValue(authed); + } + + @Override + public void setException(Throwable exception) { + Objects.requireNonNull(exception, "No exception provided"); + setValue(exception); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/future/DefaultConnectFuture.java b/files-sftp/src/main/java/org/apache/sshd/client/future/DefaultConnectFuture.java new file mode 100644 index 0000000..e65dd19 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/future/DefaultConnectFuture.java @@ -0,0 +1,89 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.future; + +import java.io.IOException; +import java.util.Objects; + +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.RuntimeSshException; +import org.apache.sshd.common.future.DefaultVerifiableSshFuture; +import org.apache.sshd.common.io.IoSession; + +/** + * A default implementation of {@link ConnectFuture}. + * + * @author Apache MINA SSHD Project + */ +public class DefaultConnectFuture extends DefaultVerifiableSshFuture implements ConnectFuture { + public DefaultConnectFuture(Object id, Object lock) { + super(id, lock); + } + + @Override + public ConnectFuture verify(long timeout) throws IOException { + long startTime = System.nanoTime(); + ClientSession session = verifyResult(ClientSession.class, timeout); + long endTime = System.nanoTime(); + return this; + } + + @Override + public ClientSession getSession() { + Object v = getValue(); + if (v instanceof RuntimeException) { + throw (RuntimeException) v; + } else if (v instanceof Error) { + throw (Error) v; + } else if (v instanceof Throwable) { + throw new RuntimeSshException("Failed to get the session.", (Throwable) v); + } else if (v instanceof ClientSession) { + return (ClientSession) v; + } else { + return null; + } + } + + @Override + public Throwable getException() { + Object v = getValue(); + if (v instanceof Throwable) { + return (Throwable) v; + } else { + return null; + } + } + + @Override + public boolean isConnected() { + return getValue() instanceof ClientSession; + } + + @Override + public void setSession(ClientSession session) { + Objects.requireNonNull(session, "No client session provided"); + setValue(session); + } + + @Override + public void setException(Throwable exception) { + Objects.requireNonNull(exception, "No exception provided"); + setValue(exception); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/future/DefaultOpenFuture.java b/files-sftp/src/main/java/org/apache/sshd/client/future/DefaultOpenFuture.java new file mode 100644 index 0000000..1e28de3 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/future/DefaultOpenFuture.java @@ -0,0 +1,77 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.future; + +import java.io.IOException; +import java.util.Objects; + +import org.apache.sshd.common.SshException; +import org.apache.sshd.common.future.DefaultVerifiableSshFuture; +import org.apache.sshd.common.future.OpenFuture; + +/** + * A default implementation of {@link OpenFuture}. + * + * @author Apache MINA SSHD Project + */ +public class DefaultOpenFuture extends DefaultVerifiableSshFuture implements OpenFuture { + public DefaultOpenFuture(Object id, Object lock) { + super(id, lock); + } + + @Override + public OpenFuture verify(long timeoutMillis) throws IOException { + Boolean result = verifyResult(Boolean.class, timeoutMillis); + if (!result) { + throw formatExceptionMessage( + SshException::new, + "Channel opening failed while waiting %d msec.", + timeoutMillis); + } + + return this; + } + + @Override + public Throwable getException() { + Object v = getValue(); + if (v instanceof Throwable) { + return (Throwable) v; + } else { + return null; + } + } + + @Override + public boolean isOpened() { + Object value = getValue(); + return (value instanceof Boolean) && (Boolean) value; + } + + @Override + public void setOpened() { + setValue(Boolean.TRUE); + } + + @Override + public void setException(Throwable exception) { + Objects.requireNonNull(exception, "No exception provided"); + setValue(exception); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/global/OpenSshHostKeysHandler.java b/files-sftp/src/main/java/org/apache/sshd/client/global/OpenSshHostKeysHandler.java new file mode 100644 index 0000000..40f8963 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/global/OpenSshHostKeysHandler.java @@ -0,0 +1,61 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.global; + +import java.security.PublicKey; +import java.util.Collection; + +import org.apache.sshd.common.global.AbstractOpenSshHostKeysHandler; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.keys.BufferPublicKeyParser; + +/** + * A handler for the "hostkeys-00@openssh.com" request - for now, only reads the presented host key. One can + * override the {@link #handleHostKeys(Session, Collection, boolean, Buffer)} methods in order to do something with the + * keys + * + * @author Apache MINA SSHD Project + * @see OpenSSH protocol - section 2.5 + */ +public class OpenSshHostKeysHandler extends AbstractOpenSshHostKeysHandler { + public static final String REQUEST = "hostkeys-00@openssh.com"; + public static final OpenSshHostKeysHandler INSTANCE = new OpenSshHostKeysHandler(); + + public OpenSshHostKeysHandler() { + super(REQUEST); + } + + public OpenSshHostKeysHandler(BufferPublicKeyParser parser) { + super(REQUEST, parser); + } + + @Override + protected Result handleHostKeys( + Session session, Collection keys, boolean wantReply, Buffer buffer) + throws Exception { + // according to the spec, no reply should be required + ValidateUtils.checkTrue(!wantReply, "Unexpected reply required for the host keys of %s", session); + + return Result.Replied; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/impl/AbstractSftpClient.java b/files-sftp/src/main/java/org/apache/sshd/client/impl/AbstractSftpClient.java new file mode 100644 index 0000000..c371afe --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/impl/AbstractSftpClient.java @@ -0,0 +1,1254 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.impl; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.nio.channels.FileChannel; +import java.nio.charset.Charset; +import java.nio.file.attribute.FileTime; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.EnumSet; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.concurrent.atomic.AtomicInteger; +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.client.channel.ClientChannel; +import org.apache.sshd.client.subsystem.AbstractSubsystemClient; +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.SshException; +import org.apache.sshd.common.channel.Channel; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.common.SftpModuleProperties; +import org.apache.sshd.client.FullAccessSftpClient; +import org.apache.sshd.client.extensions.BuiltinSftpClientExtensions; +import org.apache.sshd.client.extensions.SftpClientExtension; +import org.apache.sshd.client.extensions.SftpClientExtensionFactory; +import org.apache.sshd.common.SftpConstants; +import org.apache.sshd.common.SftpException; +import org.apache.sshd.common.SftpHelper; +import org.apache.sshd.common.extensions.ParserUtils; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractSftpClient extends AbstractSubsystemClient implements FullAccessSftpClient { + public static final int INIT_COMMAND_SIZE = Byte.BYTES /* command */ + Integer.BYTES /* version */; + + private final Attributes fileOpenAttributes = new Attributes(); + private final AtomicReference> parsedExtensionsHolder = new AtomicReference<>(null); + + protected AbstractSftpClient() { + fileOpenAttributes.setType(SftpConstants.SSH_FILEXFER_TYPE_REGULAR); + } + + @Override + public Channel getChannel() { + return getClientChannel(); + } + + @Override + public E getExtension(Class extensionType) { + Object instance = getExtension(BuiltinSftpClientExtensions.fromType(extensionType)); + if (instance == null) { + return null; + } else { + return extensionType.cast(instance); + } + } + + @Override + public SftpClientExtension getExtension(SftpClientExtensionFactory factory) { + if (factory == null) { + return null; + } + + Map extensions = getServerExtensions(); + Map parsed = getParsedServerExtensions(extensions); + return factory.create(this, this, extensions, parsed); + } + + protected Map getParsedServerExtensions() { + return getParsedServerExtensions(getServerExtensions()); + } + + protected Map getParsedServerExtensions(Map extensions) { + Map parsed = parsedExtensionsHolder.get(); + if (parsed == null) { + parsed = ParserUtils.parse(extensions); + if (parsed == null) { + parsed = Collections.emptyMap(); + } + parsedExtensionsHolder.set(parsed); + } + + return parsed; + } + + /** + * @param cmd The command that was sent whose response contains the name to be decoded + * @param buf The {@link Buffer} containing the encoded name + * @param nameIndex The zero-based order of the requested names for the command - e.g., + *
      + *
    • When listing a directory's contents each successive name will have an increasing index. + *
      • + * + *
    • For SFTP version 3, when retrieving a single name, short name will have index=0 and the + * long one index=1.
      • + *
    + * @return The decoded referenced name + */ + protected String getReferencedName(int cmd, Buffer buf, int nameIndex) { + Charset cs = getNameDecodingCharset(); + return buf.getString(cs); + } + + /** + * @param Type of {@link Buffer} being updated + * @param cmd The command for which this name is being added + * @param buf The buffer instance to update + * @param name The name to place in the buffer + * @param nameIndex The zero-based order of the name for the specific command if more than one name required - + * e.g., rename, link/symbolic link + * @return The updated buffer + */ + protected B putReferencedName(int cmd, B buf, String name, int nameIndex) { + Charset cs = getNameDecodingCharset(); + buf.putString(name, cs); + return buf; + } + + /** + * Sends the specified command, waits for the response and then invokes {@link #checkResponseStatus(int, Buffer)} + * + * @param cmd The command to send + * @param request The request {@link Buffer} + * @throws IOException If failed to send, receive or check the returned status + * @see #send(int, Buffer) + * @see #receive(int) + * @see #checkResponseStatus(int, Buffer) + */ + protected void checkCommandStatus(int cmd, Buffer request) throws IOException { + int reqId = send(cmd, request); + Buffer response = receive(reqId); + checkResponseStatus(cmd, response); + } + + /** + * Checks if the incoming response is an {@code SSH_FXP_STATUS} one, and if so whether the substatus is + * {@code SSH_FX_OK}. + * + * @param cmd The sent command opcode + * @param buffer The received response {@link Buffer} + * @throws IOException If response does not carry a status or carries a bad status code + * @see #checkResponseStatus(int, int, int, String, String) + */ + protected void checkResponseStatus(int cmd, Buffer buffer) throws IOException { + int length = buffer.getInt(); + int type = buffer.getUByte(); + int id = buffer.getInt(); + validateIncomingResponse(cmd, id, type, length, buffer); + + if (type == SftpConstants.SSH_FXP_STATUS) { + int substatus = buffer.getInt(); + String msg = buffer.getString(); + String lang = buffer.getString(); + checkResponseStatus(cmd, id, substatus, msg, lang); + } else { + IOException err = handleUnexpectedPacket(cmd, SftpConstants.SSH_FXP_STATUS, id, type, length, buffer); + if (err != null) { + throw err; + } + } + } + + /** + * @param cmd The sent command opcode + * @param id The request id + * @param substatus The sub-status value + * @param msg The message + * @param lang The language + * @throws IOException if the sub-status is not {@code SSH_FX_OK} + * @see #throwStatusException(int, int, int, String, String) + */ + protected void checkResponseStatus(int cmd, int id, int substatus, String msg, String lang) throws IOException { + + if (substatus != SftpConstants.SSH_FX_OK) { + throwStatusException(cmd, id, substatus, msg, lang); + } + } + + protected void throwStatusException(int cmd, int id, int substatus, String msg, String lang) throws IOException { + throw new SftpException(substatus, msg); + } + + /** + * @param cmd Command to be sent + * @param request The {@link Buffer} containing the request + * @return The received handle identifier + * @throws IOException If failed to send/receive or process the response + * @see #send(int, Buffer) + * @see #receive(int) + * @see #checkHandleResponse(int, Buffer) + */ + protected byte[] checkHandle(int cmd, Buffer request) throws IOException { + int reqId = send(cmd, request); + Buffer response = receive(reqId); + return checkHandleResponse(cmd, response); + } + + protected byte[] checkHandleResponse(int cmd, Buffer buffer) throws IOException { + int length = buffer.getInt(); + int type = buffer.getUByte(); + int id = buffer.getInt(); + validateIncomingResponse(cmd, id, type, length, buffer); + + if (type == SftpConstants.SSH_FXP_HANDLE) { + return ValidateUtils.checkNotNullAndNotEmpty(buffer.getBytes(), "Null/empty handle in buffer", + GenericUtils.EMPTY_OBJECT_ARRAY); + } + + if (type == SftpConstants.SSH_FXP_STATUS) { + int substatus = buffer.getInt(); + String msg = buffer.getString(); + String lang = buffer.getString(); + throwStatusException(cmd, id, substatus, msg, lang); + } + + return handleUnexpectedHandlePacket(cmd, id, type, length, buffer); + } + + protected byte[] handleUnexpectedHandlePacket(int cmd, int id, int type, int length, Buffer buffer) throws IOException { + IOException err = handleUnexpectedPacket(cmd, SftpConstants.SSH_FXP_HANDLE, id, type, length, buffer); + if (err != null) { + throw err; + } + + throw new SshException( + "No handling for unexpected handle packet id=" + id + + ", type=" + SftpConstants.getCommandMessageName(type) + ", length=" + length); + } + + /** + * @param cmd Command to be sent + * @param request Request {@link Buffer} + * @return The decoded response {@code Attributes} + * @throws IOException If failed to send/receive or process the response + * @see #send(int, Buffer) + * @see #receive(int) + * @see #checkAttributesResponse(int, Buffer) + */ + protected Attributes checkAttributes(int cmd, Buffer request) throws IOException { + int reqId = send(cmd, request); + Buffer response = receive(reqId); + return checkAttributesResponse(cmd, response); + } + + protected Attributes checkAttributesResponse(int cmd, Buffer buffer) throws IOException { + int length = buffer.getInt(); + int type = buffer.getUByte(); + int id = buffer.getInt(); + validateIncomingResponse(cmd, id, type, length, buffer); + + if (type == SftpConstants.SSH_FXP_ATTRS) { + return readAttributes(cmd, buffer, new AtomicInteger(0)); + } + + if (type == SftpConstants.SSH_FXP_STATUS) { + int substatus = buffer.getInt(); + String msg = buffer.getString(); + String lang = buffer.getString(); + throwStatusException(cmd, id, substatus, msg, lang); + } + + return handleUnexpectedAttributesPacket(cmd, id, type, length, buffer); + } + + protected Attributes handleUnexpectedAttributesPacket(int cmd, int id, int type, int length, Buffer buffer) + throws IOException { + IOException err = handleUnexpectedPacket(cmd, SftpConstants.SSH_FXP_ATTRS, id, type, length, buffer); + if (err != null) { + throw err; + } + + return null; + } + + /** + * @param cmd Command to be sent + * @param request The request {@link Buffer} + * @return The retrieved name + * @throws IOException If failed to send/receive or process the response + * @see #send(int, Buffer) + * @see #receive(int) + * @see #checkOneNameResponse(int, Buffer) + */ + protected String checkOneName(int cmd, Buffer request) throws IOException { + int reqId = send(cmd, request); + Buffer response = receive(reqId); + return checkOneNameResponse(cmd, response); + } + + protected String checkOneNameResponse(int cmd, Buffer buffer) throws IOException { + int length = buffer.getInt(); + int type = buffer.getUByte(); + int id = buffer.getInt(); + validateIncomingResponse(cmd, id, type, length, buffer); + + if (type == SftpConstants.SSH_FXP_NAME) { + int len = buffer.getInt(); + if (len != 1) { + throw new SshException("SFTP error: received " + len + " names instead of 1"); + } + + AtomicInteger nameIndex = new AtomicInteger(0); + String name = getReferencedName(cmd, buffer, nameIndex.getAndIncrement()); + + String longName = null; + int version = getVersion(); + if (version == SftpConstants.SFTP_V3) { + longName = getReferencedName(cmd, buffer, nameIndex.getAndIncrement()); + } + + Attributes attrs = readAttributes(cmd, buffer, nameIndex); + Boolean indicator = SftpHelper.getEndOfListIndicatorValue(buffer, version); + // TODO decide what to do if not-null and not TRUE + return name; + } + + if (type == SftpConstants.SSH_FXP_STATUS) { + int substatus = buffer.getInt(); + String msg = buffer.getString(); + String lang = buffer.getString(); + + throwStatusException(cmd, id, substatus, msg, lang); + } + + return handleUnknownOneNamePacket(cmd, id, type, length, buffer); + } + + protected String handleUnknownOneNamePacket(int cmd, int id, int type, int length, Buffer buffer) throws IOException { + IOException err = handleUnexpectedPacket(cmd, SftpConstants.SSH_FXP_NAME, id, type, length, buffer); + if (err != null) { + throw err; + } + + return null; + } + + protected Attributes readAttributes(int cmd, Buffer buffer, AtomicInteger nameIndex) throws IOException { + Attributes attrs = new Attributes(); + int flags = buffer.getInt(); + int version = getVersion(); + if (version == SftpConstants.SFTP_V3) { + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_SIZE) != 0) { + attrs.setSize(buffer.getLong()); + } + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_UIDGID) != 0) { + attrs.owner(buffer.getInt(), buffer.getInt()); + } + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_PERMISSIONS) != 0) { + int perms = buffer.getInt(); + attrs.setPermissions(perms); + attrs.setType(SftpHelper.permissionsToFileType(perms)); + } + + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_ACMODTIME) != 0) { + attrs.setAccessTime(SftpHelper.readTime(buffer, version, flags)); + attrs.setModifyTime(SftpHelper.readTime(buffer, version, flags)); + } + } else if (version >= SftpConstants.SFTP_V4) { + attrs.setType(buffer.getUByte()); + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_SIZE) != 0) { + attrs.setSize(buffer.getLong()); + } + + if ((version >= SftpConstants.SFTP_V6) && ((flags & SftpConstants.SSH_FILEXFER_ATTR_ALLOCATION_SIZE) != 0)) { + @SuppressWarnings("unused") + long allocSize = buffer.getLong(); // TODO handle allocation size + } + + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_OWNERGROUP) != 0) { + attrs.setOwner(buffer.getString()); + attrs.setGroup(buffer.getString()); + } + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_PERMISSIONS) != 0) { + attrs.setPermissions(buffer.getInt()); + } + + // update the permissions according to the type + int perms = attrs.getPermissions(); + perms |= SftpHelper.fileTypeToPermission(attrs.getType()); + attrs.setPermissions(perms); + + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_ACCESSTIME) != 0) { + attrs.setAccessTime(SftpHelper.readTime(buffer, version, flags)); + } + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_CREATETIME) != 0) { + attrs.setCreateTime(SftpHelper.readTime(buffer, version, flags)); + } + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_MODIFYTIME) != 0) { + attrs.setModifyTime(SftpHelper.readTime(buffer, version, flags)); + } + if ((version >= SftpConstants.SFTP_V6) && (flags & SftpConstants.SSH_FILEXFER_ATTR_CTIME) != 0) { + @SuppressWarnings("unused") + FileTime attrsChangedTime = SftpHelper.readTime(buffer, version, flags); // TODO the last time the file + // attributes were changed + } + + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_ACL) != 0) { + attrs.setAcl(SftpHelper.readACLs(buffer, version)); + } + + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_BITS) != 0) { + @SuppressWarnings("unused") + int bits = buffer.getInt(); + @SuppressWarnings("unused") + int valid = 0xffffffff; + if (version >= SftpConstants.SFTP_V6) { + valid = buffer.getInt(); + } + // TODO: handle attrib bits + } + + if (version >= SftpConstants.SFTP_V6) { + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_TEXT_HINT) != 0) { + @SuppressWarnings("unused") + boolean text = buffer.getBoolean(); // TODO: handle text + } + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_MIME_TYPE) != 0) { + @SuppressWarnings("unused") + String mimeType = buffer.getString(); // TODO: handle mime-type + } + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_LINK_COUNT) != 0) { + @SuppressWarnings("unused") + int nlink = buffer.getInt(); // TODO: handle link-count + } + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_UNTRANSLATED_NAME) != 0) { + @SuppressWarnings("unused") + String untranslated = getReferencedName(cmd, buffer, nameIndex.getAndIncrement()); // TODO: handle + // untranslated-name + } + } + } else { + throw new IllegalStateException("readAttributes - unsupported version: " + version); + } + + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_EXTENDED) != 0) { + attrs.setExtensions(SftpHelper.readExtensions(buffer)); + } + + return attrs; + } + + protected B writeAttributes(int cmd, B buffer, Attributes attributes) throws IOException { + int version = getVersion(); + int flagsMask = 0; + Collection flags = Objects.requireNonNull(attributes, "No attributes").getFlags(); + if (version == SftpConstants.SFTP_V3) { + for (Attribute a : flags) { + switch (a) { + case Size: + flagsMask |= SftpConstants.SSH_FILEXFER_ATTR_SIZE; + break; + case UidGid: + flagsMask |= SftpConstants.SSH_FILEXFER_ATTR_UIDGID; + break; + case Perms: + flagsMask |= SftpConstants.SSH_FILEXFER_ATTR_PERMISSIONS; + break; + case AccessTime: + if (flags.contains(Attribute.ModifyTime)) { + flagsMask |= SftpConstants.SSH_FILEXFER_ATTR_ACMODTIME; + } + break; + case ModifyTime: + if (flags.contains(Attribute.AccessTime)) { + flagsMask |= SftpConstants.SSH_FILEXFER_ATTR_ACMODTIME; + } + break; + case Extensions: + flagsMask |= SftpConstants.SSH_FILEXFER_ATTR_EXTENDED; + break; + default: // do nothing + } + } + buffer.putInt(flagsMask); + if ((flagsMask & SftpConstants.SSH_FILEXFER_ATTR_SIZE) != 0) { + buffer.putLong(attributes.getSize()); + } + if ((flagsMask & SftpConstants.SSH_FILEXFER_ATTR_UIDGID) != 0) { + buffer.putInt(attributes.getUserId()); + buffer.putInt(attributes.getGroupId()); + } + if ((flagsMask & SftpConstants.SSH_FILEXFER_ATTR_PERMISSIONS) != 0) { + buffer.putInt(attributes.getPermissions()); + } + + if ((flagsMask & SftpConstants.SSH_FILEXFER_ATTR_ACMODTIME) != 0) { + buffer = SftpHelper.writeTime(buffer, version, flagsMask, attributes.getAccessTime()); + buffer = SftpHelper.writeTime(buffer, version, flagsMask, attributes.getModifyTime()); + } + } else if (version >= SftpConstants.SFTP_V4) { + for (Attribute a : flags) { + switch (a) { + case Size: + flagsMask |= SftpConstants.SSH_FILEXFER_ATTR_SIZE; + break; + case OwnerGroup: { + /* + * According to + * https://tools.ietf.org/wg/secsh/draft-ietf-secsh-filexfer/draft-ietf-secsh-filexfer-13.txt + * section 7.5 + * + * If either the owner or group field is zero length, the field should be considered absent, and + * no change should be made to that specific field during a modification operation. + */ + String owner = attributes.getOwner(); + String group = attributes.getGroup(); + if (GenericUtils.isNotEmpty(owner) && GenericUtils.isNotEmpty(group)) { + flagsMask |= SftpConstants.SSH_FILEXFER_ATTR_OWNERGROUP; + } + break; + } + case Perms: + flagsMask |= SftpConstants.SSH_FILEXFER_ATTR_PERMISSIONS; + break; + case AccessTime: + flagsMask |= SftpConstants.SSH_FILEXFER_ATTR_ACCESSTIME; + break; + case ModifyTime: + flagsMask |= SftpConstants.SSH_FILEXFER_ATTR_MODIFYTIME; + break; + case CreateTime: + flagsMask |= SftpConstants.SSH_FILEXFER_ATTR_CREATETIME; + break; + case Acl: + flagsMask |= SftpConstants.SSH_FILEXFER_ATTR_ACL; + break; + case Extensions: + flagsMask |= SftpConstants.SSH_FILEXFER_ATTR_EXTENDED; + break; + default: // do nothing + } + } + buffer.putInt(flagsMask); + buffer.putByte((byte) attributes.getType()); + if ((flagsMask & SftpConstants.SSH_FILEXFER_ATTR_SIZE) != 0) { + buffer.putLong(attributes.getSize()); + } + if ((flagsMask & SftpConstants.SSH_FILEXFER_ATTR_OWNERGROUP) != 0) { + String owner = attributes.getOwner(); + buffer.putString(owner); + + String group = attributes.getGroup(); + buffer.putString(group); + } + if ((flagsMask & SftpConstants.SSH_FILEXFER_ATTR_PERMISSIONS) != 0) { + buffer.putInt(attributes.getPermissions()); + } + if ((flagsMask & SftpConstants.SSH_FILEXFER_ATTR_ACCESSTIME) != 0) { + buffer = SftpHelper.writeTime(buffer, version, flagsMask, attributes.getAccessTime()); + } + if ((flagsMask & SftpConstants.SSH_FILEXFER_ATTR_CREATETIME) != 0) { + buffer = SftpHelper.writeTime(buffer, version, flagsMask, attributes.getCreateTime()); + } + if ((flagsMask & SftpConstants.SSH_FILEXFER_ATTR_MODIFYTIME) != 0) { + buffer = SftpHelper.writeTime(buffer, version, flagsMask, attributes.getModifyTime()); + } + if ((flagsMask & SftpConstants.SSH_FILEXFER_ATTR_ACL) != 0) { + buffer = SftpHelper.writeACLs(buffer, version, attributes.getAcl()); + } + + // TODO: for v5 ? 6? add CTIME (see https://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#page-16 - v6) + } else { + throw new UnsupportedOperationException("writeAttributes(" + attributes + ") unsupported version: " + version); + } + + if ((flagsMask & SftpConstants.SSH_FILEXFER_ATTR_EXTENDED) != 0) { + buffer = SftpHelper.writeExtensions(buffer, attributes.getExtensions()); + } + + return buffer; + } + + @Override + public CloseableHandle open(String path, Collection options) throws IOException { + if (!isOpen()) { + throw new IOException("open(" + path + ")[" + options + "] client is closed"); + } + + /* + * Be consistent with FileChannel#open - if no mode specified then READ is assumed + */ + if (GenericUtils.isEmpty(options)) { + options = EnumSet.of(OpenMode.Read); + } + + Buffer buffer = new ByteArrayBuffer(path.length() + Long.SIZE /* some extra fields */, false); + buffer = putReferencedName(SftpConstants.SSH_FXP_OPEN, buffer, path, 0); + + int version = getVersion(); + int mode = 0; + if (version < SftpConstants.SFTP_V5) { + for (OpenMode m : options) { + switch (m) { + case Read: + mode |= SftpConstants.SSH_FXF_READ; + break; + case Write: + mode |= SftpConstants.SSH_FXF_WRITE; + break; + case Append: + mode |= SftpConstants.SSH_FXF_APPEND; + break; + case Create: + mode |= SftpConstants.SSH_FXF_CREAT; + break; + case Truncate: + mode |= SftpConstants.SSH_FXF_TRUNC; + break; + case Exclusive: + mode |= SftpConstants.SSH_FXF_EXCL; + break; + default: // do nothing + } + } + } else { + int access = 0; + if (options.contains(OpenMode.Read)) { + access |= SftpConstants.ACE4_READ_DATA | SftpConstants.ACE4_READ_ATTRIBUTES; + } + if (options.contains(OpenMode.Write)) { + access |= SftpConstants.ACE4_WRITE_DATA | SftpConstants.ACE4_WRITE_ATTRIBUTES; + } + if (options.contains(OpenMode.Append)) { + access |= SftpConstants.ACE4_APPEND_DATA; + } + buffer.putInt(access); + + if (options.contains(OpenMode.Create) && options.contains(OpenMode.Exclusive)) { + mode |= SftpConstants.SSH_FXF_CREATE_NEW; + } else if (options.contains(OpenMode.Create) && options.contains(OpenMode.Truncate)) { + mode |= SftpConstants.SSH_FXF_CREATE_TRUNCATE; + } else if (options.contains(OpenMode.Create)) { + mode |= SftpConstants.SSH_FXF_OPEN_OR_CREATE; + } else if (options.contains(OpenMode.Truncate)) { + mode |= SftpConstants.SSH_FXF_TRUNCATE_EXISTING; + } else { + mode |= SftpConstants.SSH_FXF_OPEN_EXISTING; + } + } + buffer.putInt(mode); + buffer = writeAttributes(SftpConstants.SSH_FXP_OPEN, buffer, fileOpenAttributes); + + CloseableHandle handle = new DefaultCloseableHandle(this, path, checkHandle(SftpConstants.SSH_FXP_OPEN, buffer)); + return handle; + } + + @Override + public void close(Handle handle) throws IOException { + if (!isOpen()) { + throw new IOException("close(" + handle + ") client is closed"); + } + + + byte[] id = Objects.requireNonNull(handle, "No handle").getIdentifier(); + Buffer buffer = new ByteArrayBuffer(id.length + Long.SIZE /* some extra fields */, false); + buffer.putBytes(id); + checkCommandStatus(SftpConstants.SSH_FXP_CLOSE, buffer); + } + + @Override + public void remove(String path) throws IOException { + if (!isOpen()) { + throw new IOException("remove(" + path + ") client is closed"); + } + + + Buffer buffer = new ByteArrayBuffer(path.length() + Long.SIZE /* some extra fields */, false); + buffer = putReferencedName(SftpConstants.SSH_FXP_REMOVE, buffer, path, 0); + checkCommandStatus(SftpConstants.SSH_FXP_REMOVE, buffer); + } + + @Override + public void rename(String oldPath, String newPath, Collection options) throws IOException { + if (!isOpen()) { + throw new IOException("rename(" + oldPath + " => " + newPath + ")[" + options + "] client is closed"); + } + + + Buffer buffer = new ByteArrayBuffer(oldPath.length() + newPath.length() + Long.SIZE /* some extra fields */, false); + buffer = putReferencedName(SftpConstants.SSH_FXP_RENAME, buffer, oldPath, 0); + buffer = putReferencedName(SftpConstants.SSH_FXP_RENAME, buffer, newPath, 1); + + int numOptions = GenericUtils.size(options); + int version = getVersion(); + if (version >= SftpConstants.SFTP_V5) { + int opts = 0; + if (numOptions > 0) { + for (CopyMode opt : options) { + switch (opt) { + case Atomic: + opts |= SftpConstants.SSH_FXP_RENAME_ATOMIC; + break; + case Overwrite: + opts |= SftpConstants.SSH_FXP_RENAME_OVERWRITE; + break; + default: // do nothing + } + } + } + buffer.putInt(opts); + } else if (numOptions > 0) { + throw new UnsupportedOperationException( + "rename(" + oldPath + " => " + newPath + ")" + + " - copy options can not be used with this SFTP version: " + options); + } + checkCommandStatus(SftpConstants.SSH_FXP_RENAME, buffer); + } + + @Override + public int read(Handle handle, long fileOffset, byte[] dst, int dstOffset, int len, AtomicReference eofSignalled) + throws IOException { + if (eofSignalled != null) { + eofSignalled.set(null); + } + if (!isOpen()) { + throw new IOException("read(" + handle + "/" + fileOffset + ")[" + dstOffset + "/" + len + "] client is closed"); + } + + byte[] id = Objects.requireNonNull(handle, "No handle").getIdentifier(); + Buffer buffer = new ByteArrayBuffer(id.length + Long.SIZE /* some extra fields */, false); + buffer.putBytes(id); + buffer.putLong(fileOffset); + buffer.putInt(len); + return checkData(SftpConstants.SSH_FXP_READ, buffer, dstOffset, dst, eofSignalled); + } + + protected int checkData( + int cmd, Buffer request, int dstOffset, byte[] dst, AtomicReference eofSignalled) + throws IOException { + if (eofSignalled != null) { + eofSignalled.set(null); + } + int reqId = send(cmd, request); + Buffer response = receive(reqId); + return checkDataResponse(cmd, response, dstOffset, dst, eofSignalled); + } + + protected int checkDataResponse( + int cmd, Buffer buffer, int dstoff, byte[] dst, AtomicReference eofSignalled) + throws IOException { + if (eofSignalled != null) { + eofSignalled.set(null); + } + + int length = buffer.getInt(); + int type = buffer.getUByte(); + int id = buffer.getInt(); + validateIncomingResponse(cmd, id, type, length, buffer); + + if (type == SftpConstants.SSH_FXP_DATA) { + int len = buffer.getInt(); + buffer.getRawBytes(dst, dstoff, len); + Boolean indicator = SftpHelper.getEndOfFileIndicatorValue(buffer, getVersion()); + if (eofSignalled != null) { + eofSignalled.set(indicator); + } + + return len; + } + + if (type == SftpConstants.SSH_FXP_STATUS) { + int substatus = buffer.getInt(); + String msg = buffer.getString(); + String lang = buffer.getString(); + + if (substatus == SftpConstants.SSH_FX_EOF) { + return -1; + } + + throwStatusException(cmd, id, substatus, msg, lang); + } + + return handleUnknownDataPacket(cmd, id, type, length, buffer); + } + + protected int handleUnknownDataPacket(int cmd, int id, int type, int length, Buffer buffer) throws IOException { + IOException err = handleUnexpectedPacket(cmd, SftpConstants.SSH_FXP_DATA, id, type, length, buffer); + if (err != null) { + throw err; + } + + return 0; + } + + @Override + public void write(Handle handle, long fileOffset, byte[] src, int srcOffset, int len) throws IOException { + // do some bounds checking first + if ((fileOffset < 0L) || (srcOffset < 0) || (len < 0)) { + throw new IllegalArgumentException( + "write(" + handle + ") please ensure all parameters " + + " are non-negative values: file-offset=" + fileOffset + + ", src-offset=" + srcOffset + ", len=" + len); + } + if ((srcOffset + len) > src.length) { + throw new IllegalArgumentException( + "write(" + handle + ")" + + " cannot read bytes " + srcOffset + " to " + (srcOffset + len) + + " when array is only of length " + src.length); + } + if (!isOpen()) { + throw new IOException("write(" + handle + "/" + fileOffset + ")[" + srcOffset + "/" + len + "] client is closed"); + } + + Channel clientChannel = getClientChannel(); + int chunkSize = SftpModuleProperties.WRITE_CHUNK_SIZE.getRequired(clientChannel); + ValidateUtils.checkState(chunkSize > ByteArrayBuffer.DEFAULT_SIZE, "Write chunk size too small: %d", chunkSize); + + byte[] id = Objects.requireNonNull(handle, "No handle").getIdentifier(); + // NOTE: we don't want to filter out zero-length write requests + int remLen = len; + do { + int writeSize = Math.min(remLen, chunkSize); + Buffer buffer = new ByteArrayBuffer(id.length + writeSize + Long.SIZE /* some extra fields */, false); + buffer.putBytes(id); + buffer.putLong(fileOffset); + buffer.putBytes(src, srcOffset, writeSize); + + + checkCommandStatus(SftpConstants.SSH_FXP_WRITE, buffer); + + fileOffset += writeSize; + srcOffset += writeSize; + remLen -= writeSize; + } while (remLen > 0); + } + + @Override + public void mkdir(String path) throws IOException { + if (!isOpen()) { + throw new IOException("mkdir(" + path + ") client is closed"); + } + + + Buffer buffer = new ByteArrayBuffer(path.length() + Long.SIZE /* some extra fields */, false); + buffer = putReferencedName(SftpConstants.SSH_FXP_MKDIR, buffer, path, 0); + buffer.putInt(0); + + int version = getVersion(); + if (version != SftpConstants.SFTP_V3) { + buffer.putByte((byte) 0); + } + + checkCommandStatus(SftpConstants.SSH_FXP_MKDIR, buffer); + } + + @Override + public void rmdir(String path) throws IOException { + if (!isOpen()) { + throw new IOException("rmdir(" + path + ") client is closed"); + } + + + Buffer buffer = new ByteArrayBuffer(path.length() + Long.SIZE /* some extra fields */, false); + buffer = putReferencedName(SftpConstants.SSH_FXP_RMDIR, buffer, path, 0); + checkCommandStatus(SftpConstants.SSH_FXP_RMDIR, buffer); + } + + @Override + public CloseableHandle openDir(String path) throws IOException { + if (!isOpen()) { + throw new IOException("openDir(" + path + ") client is closed"); + } + + Buffer buffer = new ByteArrayBuffer(path.length() + Long.SIZE /* some extra fields */, false); + buffer = putReferencedName(SftpConstants.SSH_FXP_OPENDIR, buffer, path, 0); + + CloseableHandle handle = new DefaultCloseableHandle(this, path, checkHandle(SftpConstants.SSH_FXP_OPENDIR, buffer)); + + return handle; + } + + @Override + public List readDir(Handle handle, AtomicReference eolIndicator) throws IOException { + if (eolIndicator != null) { + eolIndicator.set(null); // assume unknown information + } + if (!isOpen()) { + throw new IOException("readDir(" + handle + ") client is closed"); + } + + byte[] id = Objects.requireNonNull(handle, "No handle").getIdentifier(); + Buffer buffer = new ByteArrayBuffer(id.length + Byte.SIZE /* some extra fields */, false); + buffer.putBytes(id); + + int cmdId = send(SftpConstants.SSH_FXP_READDIR, buffer); + Buffer response = receive(cmdId); + return checkDirResponse(SftpConstants.SSH_FXP_READDIR, response, eolIndicator); + } + + protected List checkDirResponse(int cmd, Buffer buffer, AtomicReference eolIndicator) + throws IOException { + if (eolIndicator != null) { + eolIndicator.set(null); // assume unknown + } + + int length = buffer.getInt(); + int type = buffer.getUByte(); + int id = buffer.getInt(); + validateIncomingResponse(cmd, id, type, length, buffer); + + if (type == SftpConstants.SSH_FXP_NAME) { + ClientChannel channel = getClientChannel(); + int count = buffer.getInt(); + int version = getVersion(); + // Protect against malicious or corrupted packets + if ((count < 0) || (count > SshConstants.SSH_REQUIRED_PAYLOAD_PACKET_LENGTH_SUPPORT)) { + throw new SshException("Illogical dir entries count: " + count); + } + + + List entries = new ArrayList<>(count); + AtomicInteger nameIndex = new AtomicInteger(0); + for (int index = 1; index <= count; index++) { + String name = getReferencedName(cmd, buffer, nameIndex.getAndIncrement()); + String longName = null; + if (version == SftpConstants.SFTP_V3) { + longName = getReferencedName(cmd, buffer, nameIndex.getAndIncrement()); + } + + Attributes attrs = readAttributes(cmd, buffer, nameIndex); + + entries.add(new DirEntry(name, longName, attrs)); + } + + Boolean indicator = SftpHelper.getEndOfListIndicatorValue(buffer, version); + if (eolIndicator != null) { + eolIndicator.set(indicator); + } + + return entries; + } + + if (type == SftpConstants.SSH_FXP_STATUS) { + int substatus = buffer.getInt(); + String msg = buffer.getString(); + String lang = buffer.getString(); + + if (substatus == SftpConstants.SSH_FX_EOF) { + return null; + } + + throwStatusException(cmd, id, substatus, msg, lang); + } + + return handleUnknownDirListingPacket(cmd, id, type, length, buffer); + } + + protected void validateIncomingResponse( + int cmd, int id, int type, int length, Buffer buffer) + throws IOException { + int remaining = buffer.available(); + if ((length < 0) || (length > (remaining + 5 /* type + id */))) { + throw new SshException( + "Bad length (" + length + ") for remaining data (" + remaining + ")" + + " in response to " + SftpConstants.getCommandMessageName(cmd) + + ": type=" + SftpConstants.getCommandMessageName(type) + ", id=" + id); + } + } + + protected List handleUnknownDirListingPacket( + int cmd, int id, int type, int length, Buffer buffer) + throws IOException { + IOException err = handleUnexpectedPacket(cmd, SftpConstants.SSH_FXP_NAME, id, type, length, buffer); + if (err != null) { + throw err; + } + return Collections.emptyList(); + } + + /** + * @param cmd The initial command sent + * @param expected The expected packet type + * @param id The reported identifier + * @param type The reported SFTP response type + * @param length The packet length + * @param buffer The {@link Buffer} after reading from it whatever data led to this call + * @return The exception to throw - if {@code null} then implementor assumed to handle the exception + * internal. Otherwise, the exception is re-thrown + * @throws IOException If failed to handle the exception internally + */ + protected IOException handleUnexpectedPacket( + int cmd, int expected, int id, int type, int length, Buffer buffer) + throws IOException { + return new SshException( + "Unexpected SFTP packet received while awaiting " + SftpConstants.getCommandMessageName(expected) + + " response to " + SftpConstants.getCommandMessageName(cmd) + + ": type=" + SftpConstants.getCommandMessageName(type) + ", id=" + id + ", length=" + length); + } + + @Override + public String canonicalPath(String path) throws IOException { + if (!isOpen()) { + throw new IOException("canonicalPath(" + path + ") client is closed"); + } + + Buffer buffer = new ByteArrayBuffer(path.length() + Long.SIZE, false); + buffer = putReferencedName(SftpConstants.SSH_FXP_REALPATH, buffer, path, 0); + return checkOneName(SftpConstants.SSH_FXP_REALPATH, buffer); + } + + @Override + public Attributes stat(String path) throws IOException { + if (!isOpen()) { + throw new IOException("stat(" + path + ") client is closed"); + } + + Buffer buffer = new ByteArrayBuffer(path.length() + Long.SIZE, false); + buffer = putReferencedName(SftpConstants.SSH_FXP_STAT, buffer, path, 0); + + int version = getVersion(); + if (version >= SftpConstants.SFTP_V4) { + buffer.putInt(SftpConstants.SSH_FILEXFER_ATTR_ALL); + } + + return checkAttributes(SftpConstants.SSH_FXP_STAT, buffer); + } + + @Override + public Attributes lstat(String path) throws IOException { + if (!isOpen()) { + throw new IOException("lstat(" + path + ") client is closed"); + } + + Buffer buffer = new ByteArrayBuffer(path.length() + Long.SIZE, false); + buffer = putReferencedName(SftpConstants.SSH_FXP_LSTAT, buffer, path, 0); + + int version = getVersion(); + if (version >= SftpConstants.SFTP_V4) { + buffer.putInt(SftpConstants.SSH_FILEXFER_ATTR_ALL); + } + + return checkAttributes(SftpConstants.SSH_FXP_LSTAT, buffer); + } + + @Override + public Attributes stat(Handle handle) throws IOException { + if (!isOpen()) { + throw new IOException("stat(" + handle + ") client is closed"); + } + + byte[] id = Objects.requireNonNull(handle, "No handle").getIdentifier(); + Buffer buffer = new ByteArrayBuffer(id.length + Byte.SIZE /* a bit extra */, false); + buffer.putBytes(id); + + int version = getVersion(); + if (version >= SftpConstants.SFTP_V4) { + buffer.putInt(SftpConstants.SSH_FILEXFER_ATTR_ALL); + } + + return checkAttributes(SftpConstants.SSH_FXP_FSTAT, buffer); + } + + @Override + public void setStat(String path, Attributes attributes) throws IOException { + if (!isOpen()) { + throw new IOException("setStat(" + path + ")[" + attributes + "] client is closed"); + } + + + Buffer buffer = new ByteArrayBuffer(); + buffer = putReferencedName(SftpConstants.SSH_FXP_SETSTAT, buffer, path, 0); + buffer = writeAttributes(SftpConstants.SSH_FXP_SETSTAT, buffer, attributes); + checkCommandStatus(SftpConstants.SSH_FXP_SETSTAT, buffer); + } + + @Override + public void setStat(Handle handle, Attributes attributes) throws IOException { + if (!isOpen()) { + throw new IOException("setStat(" + handle + ")[" + attributes + "] client is closed"); + } + + byte[] id = Objects.requireNonNull(handle, "No handle").getIdentifier(); + Buffer buffer = new ByteArrayBuffer(id.length + (2 * Long.SIZE) /* some extras */, false); + buffer.putBytes(id); + buffer = writeAttributes(SftpConstants.SSH_FXP_FSETSTAT, buffer, attributes); + checkCommandStatus(SftpConstants.SSH_FXP_FSETSTAT, buffer); + } + + @Override + public String readLink(String path) throws IOException { + if (!isOpen()) { + throw new IOException("readLink(" + path + ") client is closed"); + } + + Buffer buffer = new ByteArrayBuffer(path.length() + Long.SIZE /* some extra fields */, false); + buffer = putReferencedName(SftpConstants.SSH_FXP_READLINK, buffer, path, 0); + return checkOneName(SftpConstants.SSH_FXP_READLINK, buffer); + } + + @Override + public void link(String linkPath, String targetPath, boolean symbolic) throws IOException { + if (!isOpen()) { + throw new IOException("link(" + linkPath + " => " + targetPath + ")[symbolic=" + symbolic + "] client is closed"); + } + + + Buffer buffer = new ByteArrayBuffer(linkPath.length() + targetPath.length() + Long.SIZE /* some extra fields */, false); + int version = getVersion(); + if (version < SftpConstants.SFTP_V6) { + if (!symbolic) { + throw new UnsupportedOperationException("Hard links are not supported in sftp v" + version); + } + buffer = putReferencedName(SftpConstants.SSH_FXP_SYMLINK, buffer, targetPath, 0); + buffer = putReferencedName(SftpConstants.SSH_FXP_SYMLINK, buffer, linkPath, 1); + + checkCommandStatus(SftpConstants.SSH_FXP_SYMLINK, buffer); + } else { + buffer = putReferencedName(SftpConstants.SSH_FXP_SYMLINK, buffer, targetPath, 0); + buffer = putReferencedName(SftpConstants.SSH_FXP_SYMLINK, buffer, linkPath, 1); + buffer.putBoolean(symbolic); + + checkCommandStatus(SftpConstants.SSH_FXP_LINK, buffer); + } + } + + @Override + public void lock(Handle handle, long offset, long length, int mask) throws IOException { + if (!isOpen()) { + throw new IOException( + "lock(" + handle + ")[offset=" + offset + ", length=" + length + ", mask=0x" + Integer.toHexString(mask) + + "] client is closed"); + } + + + byte[] id = Objects.requireNonNull(handle, "No handle").getIdentifier(); + Buffer buffer = new ByteArrayBuffer(id.length + Long.SIZE /* a bit extra */, false); + buffer.putBytes(id); + buffer.putLong(offset); + buffer.putLong(length); + buffer.putInt(mask); + checkCommandStatus(SftpConstants.SSH_FXP_BLOCK, buffer); + } + + @Override + public void unlock(Handle handle, long offset, long length) throws IOException { + if (!isOpen()) { + throw new IOException("unlock" + handle + ")[offset=" + offset + ", length=" + length + "] client is closed"); + } + + + byte[] id = Objects.requireNonNull(handle, "No handle").getIdentifier(); + Buffer buffer = new ByteArrayBuffer(id.length + Long.SIZE /* a bit extra */, false); + buffer.putBytes(id); + buffer.putLong(offset); + buffer.putLong(length); + checkCommandStatus(SftpConstants.SSH_FXP_UNBLOCK, buffer); + } + + @Override + public Iterable readDir(String path) throws IOException { + if (!isOpen()) { + throw new IOException("readDir(" + path + ") client is closed"); + } + + return new SftpIterableDirEntry(this, path); + } + + @Override + public Iterable listDir(Handle handle) throws IOException { + if (!isOpen()) { + throw new IOException("listDir(" + handle + ") client is closed"); + } + + return new StfpIterableDirHandle(this, handle); + } + + @Override + public FileChannel openRemoteFileChannel(String path, Collection modes) throws IOException { + return new SftpRemotePathChannel(path, this, false, GenericUtils.isEmpty(modes) ? DEFAULT_CHANNEL_MODES : modes); + } + + @Override + public InputStream read(String path, int bufferSize, Collection mode) throws IOException { + if (bufferSize <= 0) { + bufferSize = getReadBufferSize(); + } + if (bufferSize < MIN_WRITE_BUFFER_SIZE) { + throw new IllegalArgumentException( + "Insufficient read buffer size: " + bufferSize + ", min.=" + + MIN_READ_BUFFER_SIZE); + } + + if (!isOpen()) { + throw new IOException("write(" + path + ")[" + mode + "] size=" + bufferSize + ": client is closed"); + } + + return new SftpInputStreamAsync(this, bufferSize, path, mode); + } + + @Override + public InputStream read(String path, Collection mode) throws IOException { + int packetSize = (int) getChannel().getRemoteWindow().getPacketSize(); + return read(path, packetSize, mode); + } + + @Override + public OutputStream write(String path, int bufferSize, Collection mode) throws IOException { + if (bufferSize <= 0) { + bufferSize = getWriteBufferSize(); + } + if (bufferSize < MIN_WRITE_BUFFER_SIZE) { + throw new IllegalArgumentException( + "Insufficient write buffer size: " + bufferSize + ", min.=" + + MIN_WRITE_BUFFER_SIZE); + } + + if (!isOpen()) { + throw new IOException("write(" + path + ")[" + mode + "] size=" + bufferSize + ": client is closed"); + } + + return new SftpOutputStreamAsync(this, bufferSize, path, mode); + } + + @Override + public OutputStream write(String path, Collection mode) throws IOException { + int packetSize = (int) getChannel().getRemoteWindow().getPacketSize(); + return write(path, packetSize, mode); + } + + protected int getReadBufferSize() { + return (int) getClientChannel().getLocalWindow().getPacketSize() - 13; + } + + protected int getWriteBufferSize() { + return (int) getClientChannel().getLocalWindow().getPacketSize() - 13; + } + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/impl/DefaultCloseableHandle.java b/files-sftp/src/main/java/org/apache/sshd/client/impl/DefaultCloseableHandle.java new file mode 100644 index 0000000..df68b2b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/impl/DefaultCloseableHandle.java @@ -0,0 +1,66 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.impl; + +import java.io.IOException; +import java.util.concurrent.atomic.AtomicBoolean; + +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.SftpClient.CloseableHandle; + +/** + * @author Apache MINA SSHD Project + */ +public class DefaultCloseableHandle extends CloseableHandle { + private final AtomicBoolean open = new AtomicBoolean(true); + private final SftpClient client; + + public DefaultCloseableHandle(SftpClient client, String path, byte[] id) { + super(path, id); + this.client = ValidateUtils.checkNotNull(client, "No client for path=%s", path); + } + + public final SftpClient getSftpClient() { + return client; + } + + @Override + public boolean isOpen() { + return open.get(); + } + + @Override + public void close() throws IOException { + if (open.getAndSet(false)) { + client.close(this); + } + } + + @Override // to avoid Findbugs[EQ_DOESNT_OVERRIDE_EQUALS] + public int hashCode() { + return super.hashCode(); + } + + @Override // to avoid Findbugs[EQ_DOESNT_OVERRIDE_EQUALS] + public boolean equals(Object obj) { + return super.equals(obj); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/impl/DefaultSftpClient.java b/files-sftp/src/main/java/org/apache/sshd/client/impl/DefaultSftpClient.java new file mode 100644 index 0000000..052ceff --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/impl/DefaultSftpClient.java @@ -0,0 +1,561 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.impl; + +import java.io.EOFException; +import java.io.IOException; +import java.io.InterruptedIOException; +import java.io.OutputStream; +import java.io.StreamCorruptedException; +import java.net.SocketTimeoutException; +import java.nio.charset.Charset; +import java.time.Duration; +import java.time.Instant; +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.NavigableMap; +import java.util.Objects; +import java.util.TreeMap; +import java.util.concurrent.atomic.AtomicBoolean; +import java.util.concurrent.atomic.AtomicInteger; +import java.util.stream.Collectors; +import java.util.stream.IntStream; + +import org.apache.sshd.client.channel.ChannelSubsystem; +import org.apache.sshd.client.channel.ClientChannel; +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.SshException; +import org.apache.sshd.common.channel.Channel; +import org.apache.sshd.common.channel.ChannelAsyncOutputStream; +import org.apache.sshd.common.future.CloseFuture; +import org.apache.sshd.common.io.IoOutputStream; +import org.apache.sshd.common.io.IoWriteFuture; +import org.apache.sshd.common.session.ConnectionService; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.common.util.io.NullOutputStream; +import org.apache.sshd.common.CoreModuleProperties; +import org.apache.sshd.common.SftpModuleProperties; +import org.apache.sshd.client.SftpVersionSelector; +import org.apache.sshd.common.SftpConstants; +import org.apache.sshd.common.extensions.ParserUtils; +import org.apache.sshd.common.extensions.VersionsParser.Versions; + +/** + * @author Apache MINA SSHD Project + */ +public class DefaultSftpClient extends AbstractSftpClient { + private final ClientSession clientSession; + private final ChannelSubsystem channel; + private final Map messages = new HashMap<>(); + private final AtomicInteger cmdId = new AtomicInteger(100); + private final Buffer receiveBuffer = new ByteArrayBuffer(); + private final AtomicInteger versionHolder = new AtomicInteger(0); + private final AtomicBoolean closing = new AtomicBoolean(false); + private final NavigableMap extensions = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + private final NavigableMap exposedExtensions = Collections.unmodifiableNavigableMap(extensions); + private Charset nameDecodingCharset; + + /** + * @param clientSession The {@link ClientSession} + * @param initialVersionSelector The initial {@link SftpVersionSelector} - if {@code null} then version 6 is + * assumed. + * @throws IOException If failed to initialize + */ + public DefaultSftpClient(ClientSession clientSession, SftpVersionSelector initialVersionSelector) throws IOException { + this.nameDecodingCharset = SftpModuleProperties.NAME_DECODING_CHARSET.getRequired(clientSession); + this.clientSession = Objects.requireNonNull(clientSession, "No client session"); + this.channel = createSftpChannelSubsystem(clientSession); + clientSession.getService(ConnectionService.class).registerChannel(channel); + + Duration initializationTimeout = SftpModuleProperties.SFTP_CHANNEL_OPEN_TIMEOUT.getRequired(clientSession); + this.channel.open().verifyDuration(initializationTimeout); + this.channel.onClose(() -> { + synchronized (messages) { + closing.set(true); + messages.notifyAll(); + } + + if (versionHolder.get() <= 0) { + } + }); + + try { + init(clientSession, initialVersionSelector, initializationTimeout); + } catch (IOException | RuntimeException | Error e) { + this.channel.close(true); + throw e; + } + } + + @Override + public int getVersion() { + return versionHolder.get(); + } + + @Override + public ClientSession getClientSession() { + return clientSession; + } + + @Override + public ClientChannel getClientChannel() { + return channel; + } + + @Override + public NavigableMap getServerExtensions() { + return exposedExtensions; + } + + @Override + public Charset getNameDecodingCharset() { + return nameDecodingCharset; + } + + @Override + public void setNameDecodingCharset(Charset nameDecodingCharset) { + this.nameDecodingCharset = Objects.requireNonNull(nameDecodingCharset, "No charset provided"); + } + + @Override + public boolean isClosing() { + return closing.get(); + } + + @Override + public boolean isOpen() { + return this.channel.isOpen(); + } + + @Override + public void close() throws IOException { + if (isOpen()) { + this.channel.close(false); + } + } + + /** + * Receive binary data + * + * @param buf The buffer for the incoming data + * @param start Offset in buffer to place the data + * @param len Available space in buffer for the data + * @return Actual size of received data + * @throws IOException If failed to receive incoming data + */ + protected int data(byte[] buf, int start, int len) throws IOException { + Buffer incoming = new ByteArrayBuffer(buf, start, len); + // If we already have partial data, we need to append it to the buffer and use it + if (receiveBuffer.available() > 0) { + receiveBuffer.putBuffer(incoming); + incoming = receiveBuffer; + } + + // Process commands + int rpos = incoming.rpos(); + for (int count = 1; receive(incoming); count++) { + } + + int read = incoming.rpos() - rpos; + // Compact and add remaining data + receiveBuffer.compact(); + if ((receiveBuffer != incoming) && (incoming.available() > 0)) { + receiveBuffer.putBuffer(incoming); + } + + return read; + } + + /** + * Read SFTP packets from buffer + * + * @param incoming The received {@link Buffer} + * @return {@code true} if data from incoming buffer was processed + * @throws IOException if failed to process the buffer + * @see #process(Buffer) + */ + protected boolean receive(Buffer incoming) throws IOException { + int rpos = incoming.rpos(); + int wpos = incoming.wpos(); + ClientSession session = getClientSession(); + session.resetIdleTimeout(); + + if ((wpos - rpos) > 4) { + int length = incoming.getInt(); + if (length < 5) { + throw new IOException("Illegal sftp packet length: " + length); + } + if (length > (8 * SshConstants.SSH_REQUIRED_PAYLOAD_PACKET_LENGTH_SUPPORT)) { + throw new StreamCorruptedException("Illogical sftp packet length: " + length); + } + if ((wpos - rpos) >= (length + 4)) { + incoming.rpos(rpos); + incoming.wpos(rpos + 4 + length); + process(incoming); + incoming.rpos(rpos + 4 + length); + incoming.wpos(wpos); + return true; + } + } + incoming.rpos(rpos); + return false; + } + + /** + * Process an SFTP packet + * + * @param incoming The received {@link Buffer} + * @throws IOException if failed to process the buffer + */ + protected void process(Buffer incoming) throws IOException { + // create a copy of the buffer in case it is being re-used + Buffer buffer = new ByteArrayBuffer(incoming.available() + Long.SIZE, false); + buffer.putBuffer(incoming); + + int rpos = buffer.rpos(); + int length = buffer.getInt(); + int type = buffer.getUByte(); + Integer id = buffer.getInt(); + buffer.rpos(rpos); + + synchronized (messages) { + messages.put(id, buffer); + messages.notifyAll(); + } + } + + @Override + public int send(int cmd, Buffer buffer) throws IOException { + int id = cmdId.incrementAndGet(); + int len = buffer.available(); + + Buffer buf; + int hdr = Integer.BYTES /* length */ + 1 /* cmd */ + Integer.BYTES /* id */; + if (buffer.rpos() >= hdr) { + int wpos = buffer.wpos(); + int s = buffer.rpos() - hdr; + buffer.rpos(s); + buffer.wpos(s); + buffer.putInt(1 /* cmd */ + Integer.BYTES /* id */ + len); // length + buffer.putByte((byte) (cmd & 0xFF)); // cmd + buffer.putInt(id); // id + buffer.wpos(wpos); + buf = buffer; + } else { + buf = new ByteArrayBuffer(hdr + len); + buf.putInt(1 /* cmd */ + Integer.BYTES /* id */ + len); + buf.putByte((byte) (cmd & 0xFF)); + buf.putInt(id); + buf.putBuffer(buffer); + } + + IoOutputStream asyncIn = channel.getAsyncIn(); + IoWriteFuture writeFuture = asyncIn.writeBuffer(buf); + writeFuture.verify(); + return id; + } + + @Override + public Buffer receive(int id) throws IOException { + Session session = getClientSession(); + Duration idleTimeout = CoreModuleProperties.IDLE_TIMEOUT.getRequired(session); + if (GenericUtils.isNegativeOrNull(idleTimeout)) { + idleTimeout = CoreModuleProperties.IDLE_TIMEOUT.getRequiredDefault(); + } + + Instant now = Instant.now(); + Instant waitEnd = now.plus(idleTimeout); + for (int count = 1;; count++) { + if (isClosing() || (!isOpen())) { + throw new SshException("Channel is being closed"); + } + if (now.compareTo(waitEnd) > 0) { + throw new SshException("Timeout expired while waiting for id=" + id); + } + + Buffer buffer = receive(id, Duration.between(now, waitEnd)); + if (buffer != null) { + return buffer; + } + + now = Instant.now(); + } + } + + @Override + public Buffer receive(int id, long idleTimeout) throws IOException { + return receive(id, Duration.ofMillis(idleTimeout)); + } + + @Override + public Buffer receive(int id, Duration idleTimeout) throws IOException { + synchronized (messages) { + Buffer buffer = messages.remove(id); + if (buffer != null) { + return buffer; + } + if (GenericUtils.isPositive(idleTimeout)) { + try { + messages.wait(idleTimeout.toMillis(), idleTimeout.getNano() % 1_000_000); + } catch (InterruptedException e) { + throw (IOException) new InterruptedIOException("Interrupted while waiting for messages").initCause(e); + } + } + } + return null; + } + + int LOWER_SFTP_IMPL = SftpConstants.SFTP_V3; // Working implementation from v3 + + int HIGHER_SFTP_IMPL = SftpConstants.SFTP_V6; // .. up to and including + + List SUPPORTED_SFTP_VERSIONS = Collections.unmodifiableList( + IntStream.rangeClosed(LOWER_SFTP_IMPL, HIGHER_SFTP_IMPL) + .boxed() + .collect(Collectors.toList())); + + protected void init(ClientSession session, SftpVersionSelector initialVersionSelector, Duration initializationTimeout) + throws IOException { + int initialVersion = (initialVersionSelector == null) + ? SftpConstants.SFTP_V6 + : initialVersionSelector.selectVersion( + session, true, SftpConstants.SFTP_V6, SUPPORTED_SFTP_VERSIONS); + ValidateUtils.checkState(SUPPORTED_SFTP_VERSIONS.contains(initialVersion), + "Unsupported initial version selected: %d", initialVersion); + + // Send init packet + Buffer buf = new ByteArrayBuffer(INIT_COMMAND_SIZE + SshConstants.SSH_PACKET_HEADER_LEN); + buf.putInt(INIT_COMMAND_SIZE); + buf.putByte((byte) SftpConstants.SSH_FXP_INIT); + buf.putInt(initialVersion); + + IoOutputStream asyncIn = channel.getAsyncIn(); + ClientChannel clientChannel = getClientChannel(); + IoWriteFuture writeFuture = asyncIn.writeBuffer(buf); + writeFuture.verify(); + + Buffer buffer = waitForInitResponse(initializationTimeout); + handleInitResponse(buffer); + } + + protected void handleInitResponse(Buffer buffer) throws IOException { + ClientChannel clientChannel = getClientChannel(); + int length = buffer.getInt(); + int type = buffer.getUByte(); + int id = buffer.getInt(); + + if (type == SftpConstants.SSH_FXP_VERSION) { + if ((id < SftpConstants.SFTP_V3) || (id > SftpConstants.SFTP_V6)) { + throw new SshException("Unsupported sftp version " + id); + } + versionHolder.set(id); + + + while (buffer.available() > 0) { + String name = buffer.getString(); + byte[] data = buffer.getBytes(); + extensions.put(name, data); + } + } else if (type == SftpConstants.SSH_FXP_STATUS) { + int substatus = buffer.getInt(); + String msg = buffer.getString(); + String lang = buffer.getString(); + + throwStatusException(SftpConstants.SSH_FXP_INIT, id, substatus, msg, lang); + } else { + IOException err = handleUnexpectedPacket( + SftpConstants.SSH_FXP_INIT, SftpConstants.SSH_FXP_VERSION, id, type, length, buffer); + if (err != null) { + throw err; + } + + } + } + + protected Buffer waitForInitResponse(Duration initializationTimeout) throws IOException { + ValidateUtils.checkTrue(GenericUtils.isPositive(initializationTimeout), "Invalid initialization timeout: %d", + initializationTimeout); + + synchronized (messages) { + /* + * We need to use a timeout since if the remote server does not support SFTP, we will not know it + * immediately. This is due to the fact that the request for the subsystem does not contain a reply as to + * its success or failure. Thus, the SFTP channel is created by the client, but there is no one on the other + * side to reply - thus the need for the timeout + */ + Instant now = Instant.now(); + Instant max = now.plus(initializationTimeout); + while ((now.compareTo(max) < 0) && messages.isEmpty() && (!isClosing()) && isOpen()) { + try { + Duration rem = Duration.between(now, max); + messages.wait(rem.toMillis(), rem.getNano() % 1_000_000); + now = Instant.now(); + } catch (InterruptedException e) { + throw (IOException) new InterruptedIOException( + "Interrupted init() while " + Duration.between(now, max) + " remaining").initCause(e); + } + } + + if (isClosing() || (!isOpen())) { + throw new EOFException("Closing while await init message"); + } + + if (messages.isEmpty()) { + throw new SocketTimeoutException( + "No incoming initialization response received within " + initializationTimeout + " msec."); + } + + Collection ids = messages.keySet(); + Iterator iter = ids.iterator(); + Integer reqId = iter.next(); + return messages.remove(reqId); + } + } + + /** + * @param selector The {@link SftpVersionSelector} to use - ignored if {@code null} + * @return The selected version (may be same as current) + * @throws IOException If failed to negotiate + */ + public int negotiateVersion(SftpVersionSelector selector) throws IOException { + ClientChannel clientChannel = getClientChannel(); + int current = getVersion(); + if (selector == null) { + return current; + } + + Map parsed = getParsedServerExtensions(); + Collection extensions = ParserUtils.supportedExtensions(parsed); + List availableVersions = Collections.emptyList(); + if ((GenericUtils.size(extensions) > 0) + && extensions.contains(SftpConstants.EXT_VERSION_SELECT)) { + Versions vers = GenericUtils.isEmpty(parsed) + ? null + : (Versions) parsed.get(SftpConstants.EXT_VERSIONS); + availableVersions = (vers == null) + ? Collections.singletonList(current) + : vers.resolveAvailableVersions(current); + } else { + availableVersions = Collections.singletonList(current); + } + + ClientSession session = getClientSession(); + int selected = selector.selectVersion(session, false, current, availableVersions); + + if (selected == current) { + return current; + } + + if (!availableVersions.contains(selected)) { + throw new StreamCorruptedException( + "Selected version (" + selected + ") not part of available: " + availableVersions); + } + + String verVal = String.valueOf(selected); + Buffer buffer = new ByteArrayBuffer( + Integer.BYTES + SftpConstants.EXT_VERSION_SELECT.length() // extension name + + Integer.BYTES + verVal.length() + Byte.SIZE, + false); + buffer.putString(SftpConstants.EXT_VERSION_SELECT); + buffer.putString(verVal); + checkCommandStatus(SftpConstants.SSH_FXP_EXTENDED, buffer); + versionHolder.set(selected); + return selected; + } + + protected ChannelSubsystem createSftpChannelSubsystem(ClientSession clientSession) { + return new SftpChannelSubsystem(); + } + + protected class SftpChannelSubsystem extends ChannelSubsystem { + protected SftpChannelSubsystem() { + super(SftpConstants.SFTP_SUBSYSTEM_NAME); + } + + @Override + protected void doOpen() throws IOException { + String systemName = getSubsystem(); + Session session = getSession(); + boolean wantReply = CoreModuleProperties.REQUEST_SUBSYSTEM_REPLY.getRequired(this); + Buffer buffer = session.createBuffer(SshConstants.SSH_MSG_CHANNEL_REQUEST, + Channel.CHANNEL_SUBSYSTEM.length() + systemName.length() + Integer.SIZE); + buffer.putInt(getRecipient()); + buffer.putString(Channel.CHANNEL_SUBSYSTEM); + buffer.putBoolean(wantReply); + buffer.putString(systemName); + addPendingRequest(Channel.CHANNEL_SUBSYSTEM, wantReply); + writePacket(buffer); + + asyncIn = createAsyncInput(session); + setOut(createStdOutputStream(session)); + setErr(createErrOutputStream(session)); + } + + protected ChannelAsyncOutputStream createAsyncInput(Session session) { + return new ChannelAsyncOutputStream(this, SshConstants.SSH_MSG_CHANNEL_DATA) { + @SuppressWarnings("synthetic-access") + @Override + protected CloseFuture doCloseGracefully() { + try { + sendEof(); + } catch (IOException e) { + session.exceptionCaught(e); + } + return super.doCloseGracefully(); + } + }; + } + + protected OutputStream createStdOutputStream(Session session) { + return new OutputStream() { + private final byte[] singleByte = new byte[1]; + + @Override + public void write(int b) throws IOException { + synchronized (singleByte) { + singleByte[0] = (byte) b; + write(singleByte); + } + } + + @Override + public void write(byte[] b, int off, int len) throws IOException { + data(b, off, len); + } + }; + } + + protected OutputStream createErrOutputStream(Session session) { + /* + * The protocol does not specify how to handle such data but we are lenient and ignore it - similar to + * /dev/null + */ + return new NullOutputStream(); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/impl/DefaultSftpClientFactory.java b/files-sftp/src/main/java/org/apache/sshd/client/impl/DefaultSftpClientFactory.java new file mode 100644 index 0000000..5ba6a74 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/impl/DefaultSftpClientFactory.java @@ -0,0 +1,59 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.impl; + +import java.io.IOException; + +import org.apache.sshd.client.ClientFactoryManager; +import org.apache.sshd.client.SshClient; +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.SftpClientFactory; +import org.apache.sshd.client.SftpVersionSelector; + +/** + * TODO Add javadoc + * + * @author Apache MINA SSHD Project + */ +public class DefaultSftpClientFactory implements SftpClientFactory { + public static final DefaultSftpClientFactory INSTANCE = new DefaultSftpClientFactory(); + + public DefaultSftpClientFactory() { + super(); + } + + @Override + public SftpClient createSftpClient(ClientSession session, SftpVersionSelector selector) throws IOException { + DefaultSftpClient client = createDefaultSftpClient(session, selector); + try { + client.negotiateVersion(selector); + } catch (IOException | RuntimeException | Error e) { + client.close(); + throw e; + } + + return client; + } + + protected DefaultSftpClient createDefaultSftpClient(ClientSession session, SftpVersionSelector selector) + throws IOException { + return new DefaultSftpClient(session, selector); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/impl/SftpAckData.java b/files-sftp/src/main/java/org/apache/sshd/client/impl/SftpAckData.java new file mode 100644 index 0000000..85e2da1 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/impl/SftpAckData.java @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.impl; + +/** + * @author Apache MINA SSHD Project + */ +@SuppressWarnings("checkstyle:VisibilityModifier") +public class SftpAckData { + public final int id; + public final long offset; + public final int length; + + public SftpAckData(int id, long offset, int length) { + this.id = id; + this.offset = offset; + this.length = length; + } + + @Override + public String toString() { + return getClass().getSimpleName() + + "[id=" + id + + ", offset=" + offset + + ", length=" + length + + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/impl/SftpDirEntryIterator.java b/files-sftp/src/main/java/org/apache/sshd/client/impl/SftpDirEntryIterator.java new file mode 100644 index 0000000..d59bb9d --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/impl/SftpDirEntryIterator.java @@ -0,0 +1,179 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.impl; + +import java.io.Closeable; +import java.io.IOException; +import java.nio.channels.Channel; +import java.util.Iterator; +import java.util.List; +import java.util.Objects; +import java.util.concurrent.atomic.AtomicBoolean; +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.SftpClient.DirEntry; +import org.apache.sshd.client.SftpClient.Handle; + +/** + * Iterates over the available directory entries for a given path. Note: if the iteration is carried out until no + * more entries are available, then no need to close the iterator. Otherwise, it is recommended to close it so as to + * release the internal handle. + * + * @author Apache MINA SSHD Project + */ +public class SftpDirEntryIterator implements Iterator, Channel { + private final AtomicReference eolIndicator = new AtomicReference<>(); + private final AtomicBoolean open = new AtomicBoolean(true); + private final SftpClient client; + private final String dirPath; + private final boolean closeOnFinished; + private Handle dirHandle; + private List dirEntries; + private int index; + + /** + * @param client The {@link SftpClient} instance to use for the iteration + * @param path The remote directory path + * @throws IOException If failed to gain access to the remote directory path + */ + public SftpDirEntryIterator(SftpClient client, String path) throws IOException { + this(client, path, client.openDir(path), true); + } + + /** + * @param client The {@link SftpClient} instance to use for the iteration + * @param dirHandle The directory {@link Handle} to use for listing the entries + */ + public SftpDirEntryIterator(SftpClient client, Handle dirHandle) { + this(client, Objects.toString(dirHandle, null), dirHandle, false); + } + + /** + * @param client The {@link SftpClient} instance to use for the iteration + * @param path A hint as to the remote directory path - used only for logging + * @param dirHandle The directory {@link Handle} to use for listing the entries + * @param closeOnFinished If {@code true} then close the directory handle when all entries have been exhausted + */ + public SftpDirEntryIterator(SftpClient client, String path, Handle dirHandle, boolean closeOnFinished) { + this.client = Objects.requireNonNull(client, "No SFTP client instance"); + this.dirPath = ValidateUtils.checkNotNullAndNotEmpty(path, "No path"); + this.dirHandle = Objects.requireNonNull(dirHandle, "No directory handle"); + this.closeOnFinished = closeOnFinished; + this.dirEntries = load(dirHandle); + } + + /** + * The client instance + * + * @return {@link SftpClient} instance used to access the remote folder + */ + public final SftpClient getClient() { + return client; + } + + /** + * The remotely accessed directory path + * + * @return Remote directory hint - may be the handle's value if accessed directly via a {@link Handle} instead of + * via a path - used only for logging + */ + public final String getPath() { + return dirPath; + } + + /** + * @return The directory {@link Handle} used to access the remote directory + */ + public final Handle getHandle() { + return dirHandle; + } + + @Override + public boolean hasNext() { + return (dirEntries != null) && (index < dirEntries.size()); + } + + @Override + public DirEntry next() { + DirEntry entry = dirEntries.get(index++); + if (index >= dirEntries.size()) { + index = 0; + + try { + dirEntries = load(getHandle()); + } catch (RuntimeException e) { + dirEntries = null; + throw e; + } + } + + return entry; + } + + @Override + public boolean isOpen() { + return open.get(); + } + + public boolean isCloseOnFinished() { + return closeOnFinished; + } + + @Override + public void close() throws IOException { + if (open.getAndSet(false)) { + Handle handle = getHandle(); + if ((handle instanceof Closeable) && isCloseOnFinished()) { + ((Closeable) handle).close(); + } + } + } + + protected List load(Handle handle) { + try { + // check if previous call yielded an end-of-list indication + Boolean eolReached = eolIndicator.getAndSet(null); + if ((eolReached != null) && eolReached) { + return null; + } + + List entries = client.readDir(handle, eolIndicator); + eolReached = eolIndicator.get(); + if ((entries == null) || ((eolReached != null) && eolReached)) { + close(); + } + + return entries; + } catch (IOException e) { + try { + close(); + } catch (IOException t) { + e.addSuppressed(t); + } + throw new RuntimeException(e); + } + } + + @Override + public void remove() { + throw new UnsupportedOperationException("readDir(" + getPath() + ")[" + getHandle() + "] Iterator#remove() N/A"); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/impl/SftpInputStreamAsync.java b/files-sftp/src/main/java/org/apache/sshd/client/impl/SftpInputStreamAsync.java new file mode 100644 index 0000000..a840c70 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/impl/SftpInputStreamAsync.java @@ -0,0 +1,347 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.impl; + +import java.io.IOException; +import java.io.OutputStream; +import java.nio.ByteBuffer; +import java.nio.channels.WritableByteChannel; +import java.util.Collection; +import java.util.Deque; +import java.util.LinkedList; +import java.util.Objects; +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.channel.Channel; +import org.apache.sshd.common.channel.Window; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.common.util.io.InputStreamWithChannel; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.SftpClient.CloseableHandle; +import org.apache.sshd.client.SftpClient.OpenMode; +import org.apache.sshd.common.SftpConstants; +import org.apache.sshd.common.SftpHelper; + +public class SftpInputStreamAsync extends InputStreamWithChannel { + protected final byte[] bb = new byte[1]; + protected final int bufferSize; + protected final long fileSize; + protected Buffer buffer; + protected CloseableHandle handle; + protected long requestOffset; + protected long clientOffset; + protected final Deque pendingReads = new LinkedList<>(); + protected boolean eofIndicator; + + private final AbstractSftpClient clientInstance; + private final String path; + + public SftpInputStreamAsync(AbstractSftpClient client, int bufferSize, + String path, Collection mode) throws IOException { + this.clientInstance = Objects.requireNonNull(client, "No SFTP client instance"); + this.path = path; + this.handle = client.open(path, mode); + this.bufferSize = bufferSize; + this.fileSize = client.stat(handle).getSize(); + } + + public SftpInputStreamAsync(AbstractSftpClient client, int bufferSize, long clientOffset, long fileSize, + String path, CloseableHandle handle) { + this.clientInstance = Objects.requireNonNull(client, "No SFTP client instance"); + this.path = path; + this.handle = handle; + this.bufferSize = bufferSize; + this.clientOffset = clientOffset; + this.fileSize = fileSize; + } + + /** + * The client instance + * + * @return {@link SftpClient} instance used to access the remote file + */ + public final AbstractSftpClient getClient() { + return clientInstance; + } + + /** + * The remotely accessed file path + * + * @return Remote file path + */ + public final String getPath() { + return path; + } + + /** + * Check if the stream is at EOF + * + * @return true if all the data has been consumer + */ + public boolean isEof() { + return eofIndicator && hasNoData(); + } + + @Override + public boolean isOpen() { + return (handle != null) && handle.isOpen(); + } + + @Override + public int read() throws IOException { + int read = read(bb, 0, 1); + if (read > 0) { + return bb[0] & 0xFF; + } + return read; + } + + @Override + public int read(byte[] b, int off, int len) throws IOException { + if (!isOpen()) { + throw new IOException("read(" + getPath() + ") stream closed"); + } + + int idx = off; + while ((len > 0) && (!eofIndicator)) { + if (hasNoData()) { + fillData(); + if (eofIndicator && (hasNoData())) { + break; + } + sendRequests(); + } else { + int nb = Math.min(buffer.available(), len); + buffer.getRawBytes(b, off, nb); + off += nb; + len -= nb; + clientOffset += nb; + } + } + + int res = off - idx; + if ((res == 0) && eofIndicator) { + res = -1; + } + return res; + } + + public long transferTo(long max, WritableByteChannel out) throws IOException { + if (!isOpen()) { + throw new IOException("transferTo(" + getPath() + ") stream closed"); + } + + long orgOffset = clientOffset; + long totalRequested = max; + while ((!eofIndicator) && (max > 0L)) { + if (hasNoData()) { + fillData(); + if (eofIndicator && hasNoData()) { + break; + } + sendRequests(); + } else { + int nb = buffer.available(); + int toRead = (int) Math.min(nb, max); + ByteBuffer bb = ByteBuffer.wrap(buffer.array(), buffer.rpos(), toRead); + while (bb.hasRemaining()) { + out.write(bb); + } + buffer.rpos(buffer.rpos() + toRead); + clientOffset += toRead; + max -= toRead; + } + } + + long numXfered = clientOffset - orgOffset; + return numXfered; + } + + @SuppressWarnings("PMD.MissingOverride") + public long transferTo(OutputStream out) throws IOException { + if (!isOpen()) { + throw new IOException("transferTo(" + getPath() + ") stream closed"); + } + + long orgOffset = clientOffset; + while (!eofIndicator) { + if (hasNoData()) { + fillData(); + if (eofIndicator && hasNoData()) { + break; + } + sendRequests(); + } else { + int nb = buffer.available(); + out.write(buffer.array(), buffer.rpos(), nb); + buffer.rpos(buffer.rpos() + nb); + clientOffset += nb; + } + } + + long numXfered = clientOffset - orgOffset; + return numXfered; + } + + @Override + public long skip(long n) throws IOException { + if (!isOpen()) { + throw new IOException("skip(" + getPath() + ") stream closed"); + } + + if ((clientOffset == 0L) && pendingReads.isEmpty()) { + clientOffset = n; + return n; + } + + return super.skip(n); + } + + protected boolean hasNoData() { + return (buffer == null) || (buffer.available() == 0); + } + + protected void sendRequests() throws IOException { + if (eofIndicator) { + return; + } + + AbstractSftpClient client = getClient(); + Channel channel = client.getChannel(); + Window localWindow = channel.getLocalWindow(); + long windowSize = localWindow.getMaxSize(); + Session session = client.getSession(); + byte[] id = handle.getIdentifier(); + for (int ackIndex = 1; + (pendingReads.size() < (int) (windowSize / bufferSize)) && (requestOffset < (fileSize + bufferSize)) + || pendingReads.isEmpty(); + ackIndex++) { + Buffer buf = session.createBuffer(SshConstants.SSH_MSG_CHANNEL_DATA, + 23 /* sftp packet */ + 16 + id.length); + buf.rpos(23); + buf.wpos(23); + buf.putBytes(id); + buf.putLong(requestOffset); + buf.putInt(bufferSize); + int reqId = client.send(SftpConstants.SSH_FXP_READ, buf); + SftpAckData ack = new SftpAckData(reqId, requestOffset, bufferSize); + pendingReads.add(ack); + requestOffset += bufferSize; + } + } + + protected void fillData() throws IOException { + SftpAckData ack = pendingReads.pollFirst(); + if (ack == null) { + return; + } + + pollBuffer(ack); + + if ((!eofIndicator) && (clientOffset < ack.offset)) { + // we are actually missing some data + // so request is synchronously + byte[] data = new byte[(int) (ack.offset - clientOffset + buffer.available())]; + int nb = (int) (ack.offset - clientOffset); + + AtomicReference eof = new AtomicReference<>(); + SftpClient client = getClient(); + for (int cur = 0; cur < nb;) { + int dlen = client.read(handle, clientOffset, data, cur, nb - cur, eof); + Boolean eofSignal = eof.getAndSet(null); + if ((dlen < 0) || ((eofSignal != null) && eofSignal.booleanValue())) { + eofIndicator = true; + } + cur += dlen; + } + + buffer.getRawBytes(data, nb, buffer.available()); + buffer = new ByteArrayBuffer(data); + } + } + + protected void pollBuffer(SftpAckData ack) throws IOException { + + AbstractSftpClient client = getClient(); + Buffer buf = client.receive(ack.id); + int length = buf.getInt(); + int type = buf.getUByte(); + int id = buf.getInt(); + client.validateIncomingResponse(SshConstants.SSH_MSG_CHANNEL_DATA, id, type, length, buf); + + if (type == SftpConstants.SSH_FXP_DATA) { + int dlen = buf.getInt(); + int rpos = buf.rpos(); + buf.rpos(rpos + dlen); + Boolean b = SftpHelper.getEndOfFileIndicatorValue(buf, client.getVersion()); + if ((b != null) && b.booleanValue()) { + eofIndicator = true; + } + buf.rpos(rpos); + buf.wpos(rpos + dlen); + this.buffer = buf; + } else if (type == SftpConstants.SSH_FXP_STATUS) { + int substatus = buf.getInt(); + String msg = buf.getString(); + String lang = buf.getString(); + if (substatus == SftpConstants.SSH_FX_EOF) { + eofIndicator = true; + } else { + client.checkResponseStatus(SshConstants.SSH_MSG_CHANNEL_DATA, id, substatus, msg, lang); + } + } else { + IOException err = client.handleUnexpectedPacket(SshConstants.SSH_MSG_CHANNEL_DATA, + SftpConstants.SSH_FXP_STATUS, id, type, length, buf); + if (err != null) { + throw err; + } + } + } + + @Override + public void close() throws IOException { + if (!isOpen()) { + return; + } + + try { + try { + for (int ackIndex = 1; !pendingReads.isEmpty(); ackIndex++) { + SftpAckData ack = pendingReads.removeFirst(); + pollBuffer(ack); + } + } finally { + handle.close(); + } + } finally { + handle = null; + } + } + + @Override + public String toString() { + SftpClient client = getClient(); + return getClass().getSimpleName() + + "[" + client.getSession() + "]" + + "[" + getPath() + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/impl/SftpIterableDirEntry.java b/files-sftp/src/main/java/org/apache/sshd/client/impl/SftpIterableDirEntry.java new file mode 100644 index 0000000..cfa3ff2 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/impl/SftpIterableDirEntry.java @@ -0,0 +1,72 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.impl; + +import java.io.IOException; +import java.util.Objects; + +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.SftpClient.DirEntry; + +/** + * Provides an {@link Iterable} implementation of the {@link DirEntry}-ies for a remote directory + * + * @author Apache MINA SSHD Project + */ +public class SftpIterableDirEntry implements Iterable { + private final SftpClient client; + private final String path; + + /** + * @param client The {@link SftpClient} instance to use for the iteration + * @param path The remote directory path + */ + public SftpIterableDirEntry(SftpClient client, String path) { + this.client = Objects.requireNonNull(client, "No client instance"); + this.path = ValidateUtils.checkNotNullAndNotEmpty(path, "No remote path"); + } + + /** + * The client instance + * + * @return {@link SftpClient} instance used to access the remote file + */ + public final SftpClient getClient() { + return client; + } + + /** + * The remotely accessed directory path + * + * @return Remote directory path + */ + public final String getPath() { + return path; + } + + @Override + public SftpDirEntryIterator iterator() { + try { + return new SftpDirEntryIterator(getClient(), getPath()); + } catch (IOException e) { + throw new RuntimeException(e); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/impl/SftpOutputStreamAsync.java b/files-sftp/src/main/java/org/apache/sshd/client/impl/SftpOutputStreamAsync.java new file mode 100644 index 0000000..dc49673 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/impl/SftpOutputStreamAsync.java @@ -0,0 +1,225 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.impl; + +import java.io.IOException; +import java.util.Collection; +import java.util.Deque; +import java.util.LinkedList; +import java.util.Objects; + +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.common.util.io.OutputStreamWithChannel; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.SftpClient.CloseableHandle; +import org.apache.sshd.client.SftpClient.OpenMode; +import org.apache.sshd.common.SftpConstants; + +/** + * Implements an output stream for a given remote file + * + * @author Apache MINA SSHD Project + */ +public class SftpOutputStreamAsync extends OutputStreamWithChannel { + protected final byte[] bb = new byte[1]; + protected final int bufferSize; + protected Buffer buffer; + protected CloseableHandle handle; + protected long offset; + protected final Deque pendingWrites = new LinkedList<>(); + + private final AbstractSftpClient clientInstance; + private final String path; + + public SftpOutputStreamAsync(AbstractSftpClient client, int bufferSize, + String path, Collection mode) throws IOException { + this.clientInstance = Objects.requireNonNull(client, "No SFTP client instance"); + this.path = path; + this.handle = client.open(path, mode); + this.bufferSize = bufferSize; + } + + public SftpOutputStreamAsync(AbstractSftpClient client, int bufferSize, + String path, CloseableHandle handle) throws IOException { + this.clientInstance = Objects.requireNonNull(client, "No SFTP client instance"); + this.path = path; + this.handle = handle; + this.bufferSize = bufferSize; + } + + /** + * The client instance + * + * @return {@link SftpClient} instance used to access the remote file + */ + public final AbstractSftpClient getClient() { + return clientInstance; + } + + public void setOffset(long offset) { + this.offset = offset; + } + + /** + * The remotely accessed file path + * + * @return Remote file path + */ + public final String getPath() { + return path; + } + + @Override + public boolean isOpen() { + return (handle != null) && handle.isOpen(); + } + + @Override + public void write(int b) throws IOException { + bb[0] = (byte) b; + write(bb, 0, 1); + } + + @Override + public void write(byte[] b, int off, int len) throws IOException { + byte[] id = handle.getIdentifier(); + SftpClient client = getClient(); + Session session = client.getSession(); + + int writtenCount = 0; + int totalLen = len; + do { + if (buffer == null) { + + buffer = session.createBuffer(SshConstants.SSH_MSG_CHANNEL_DATA, bufferSize); + int hdr = 9 + 16 + 8 + id.length + buffer.wpos(); + buffer.rpos(hdr); + buffer.wpos(hdr); + } + + int max = bufferSize - (9 + 16 + id.length + 72); + int nb = Math.min(len, Math.max(0, max - buffer.available())); + buffer.putRawBytes(b, off, nb); + + off += nb; + len -= nb; + writtenCount += nb; + + if (buffer.available() >= max) { + flush(); + } + } while (len > 0); + } + + @Override + public void flush() throws IOException { + if (!isOpen()) { + throw new IOException("flush(" + getPath() + ") stream is closed"); + } + + AbstractSftpClient client = getClient(); + for (int ackIndex = 0;;) { + SftpAckData ack = pendingWrites.peek(); + if (ack == null) { + break; + } + + ackIndex++; + + Buffer response = client.receive(ack.id, 0L); + if (response == null) { + break; + } + + + ack = pendingWrites.removeFirst(); + client.checkResponseStatus(SftpConstants.SSH_FXP_WRITE, response); + } + + if (buffer == null) { + return; + } + + byte[] id = handle.getIdentifier(); + int avail = buffer.available(); + Buffer buf; + if (buffer.rpos() >= (16 + id.length)) { + int wpos = buffer.wpos(); + buffer.rpos(buffer.rpos() - 16 - id.length); + buffer.wpos(buffer.rpos()); + buffer.putBytes(id); + buffer.putLong(offset); + buffer.putInt(avail); + buffer.wpos(wpos); + buf = buffer; + } else { + buf = new ByteArrayBuffer(id.length + avail + Long.SIZE /* some extra fields */, false); + buf.putBytes(id); + buf.putLong(offset); + buf.putBytes(buffer.array(), buffer.rpos(), avail); + } + + int reqId = client.send(SftpConstants.SSH_FXP_WRITE, buf); + SftpAckData ack = new SftpAckData(reqId, offset, avail); + pendingWrites.add(ack); + + offset += avail; + buffer = null; + } + + @Override + public void close() throws IOException { + if (!isOpen()) { + return; + } + + try { + + try { + int pendingSize = (buffer == null) ? 0 : buffer.available(); + if (pendingSize > 0) { + flush(); + } + + AbstractSftpClient client = getClient(); + for (int ackIndex = 1; !pendingWrites.isEmpty(); ackIndex++) { + SftpAckData ack = pendingWrites.removeFirst(); + + Buffer response = client.receive(ack.id); + client.checkResponseStatus(SftpConstants.SSH_FXP_WRITE, response); + } + } finally { + handle.close(); + } + } finally { + handle = null; + } + } + + @Override + public String toString() { + SftpClient client = getClient(); + return getClass().getSimpleName() + + "[" + client.getSession() + "]" + + "[" + getPath() + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/impl/SftpRemotePathChannel.java b/files-sftp/src/main/java/org/apache/sshd/client/impl/SftpRemotePathChannel.java new file mode 100644 index 0000000..4859368 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/impl/SftpRemotePathChannel.java @@ -0,0 +1,486 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.impl; + +import java.io.IOException; +import java.io.StreamCorruptedException; +import java.nio.ByteBuffer; +import java.nio.MappedByteBuffer; +import java.nio.channels.AsynchronousCloseException; +import java.nio.channels.ClosedChannelException; +import java.nio.channels.FileChannel; +import java.nio.channels.FileLock; +import java.nio.channels.OverlappingFileLockException; +import java.nio.channels.ReadableByteChannel; +import java.nio.channels.WritableByteChannel; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.EnumSet; +import java.util.Objects; +import java.util.Set; +import java.util.concurrent.atomic.AtomicBoolean; +import java.util.concurrent.atomic.AtomicLong; +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.SftpModuleProperties; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.SftpClient.Attributes; +import org.apache.sshd.client.SftpClient.OpenMode; +import org.apache.sshd.common.SftpConstants; +import org.apache.sshd.common.SftpException; + +/** + * @author Apache MINA SSHD Project + */ +public class SftpRemotePathChannel extends FileChannel { + + public static final Set READ_MODES = Collections.unmodifiableSet(EnumSet.of(OpenMode.Read)); + + public static final Set WRITE_MODES = Collections.unmodifiableSet( + EnumSet.of(OpenMode.Write, OpenMode.Append, OpenMode.Create, OpenMode.Truncate)); + + protected final Collection modes; + protected final boolean closeOnExit; + protected final SftpClient sftp; + protected final SftpClient.CloseableHandle handle; + protected final Object lock = new Object(); + protected final AtomicLong posTracker = new AtomicLong(0L); + protected final AtomicReference blockingThreadHolder = new AtomicReference<>(null); + + private final String path; + + public SftpRemotePathChannel(String path, SftpClient sftp, boolean closeOnExit, + Collection modes) throws IOException { + this.path = ValidateUtils.checkNotNullAndNotEmpty(path, "No remote file path specified"); + this.modes = Objects.requireNonNull(modes, "No channel modes specified"); + this.sftp = Objects.requireNonNull(sftp, "No SFTP client instance"); + this.closeOnExit = closeOnExit; + this.handle = sftp.open(path, modes); + } + + public String getRemotePath() { + return path; + } + + @Override + public int read(ByteBuffer dst) throws IOException { + long totalRead = doRead(Collections.singletonList(dst), -1L); + if (totalRead >= Integer.MAX_VALUE) { + throw new StreamCorruptedException("Total read size exceeds integer: " + totalRead); + } + return (int) totalRead; + } + + @Override + public int read(ByteBuffer dst, long position) throws IOException { + if (position < 0L) { + throw new IllegalArgumentException( + "read(" + getRemotePath() + ")" + + " illegal position to read from: " + position); + } + + long totalRead = doRead(Collections.singletonList(dst), position); + if (totalRead >= Integer.MAX_VALUE) { + throw new StreamCorruptedException("Total read size exceeds integer: " + totalRead); + } + return (int) totalRead; + } + + @Override + public long read(ByteBuffer[] dsts, int offset, int length) throws IOException { + Collection buffers = Arrays.asList(dsts) + .subList(offset, offset + length); + return doRead(buffers, -1L); + } + + protected long doRead(Collection buffers, long position) throws IOException { + ensureOpen(READ_MODES); + + ClientSession clientSession = sftp.getClientSession(); + int copySize = SftpModuleProperties.COPY_BUF_SIZE.getRequired(clientSession); + + boolean completed = false; + boolean eof = false; + long totalRead = 0; + int numBufsUsed = 0; + + synchronized (lock) { + long curPos = (position >= 0L) ? position : posTracker.get(); + try { + beginBlocking("doRead"); + + loop: for (ByteBuffer buffer : buffers) { + numBufsUsed++; + + while (buffer.remaining() > 0) { + ByteBuffer wrap = buffer; + if (!buffer.hasArray()) { + wrap = ByteBuffer.allocate(Math.min(copySize, buffer.remaining())); + } + + int read = sftp.read(handle, curPos, wrap.array(), + wrap.arrayOffset() + wrap.position(), wrap.remaining()); + if (read > 0) { + // reference equality on purpose + if (wrap == buffer) { + wrap.position(wrap.position() + read); + } else { + buffer.put(wrap.array(), wrap.arrayOffset(), read); + } + curPos += read; + totalRead += read; + } else { + eof = read == -1; + break loop; + } + } + } + completed = true; + } finally { + if (position < 0L) { + posTracker.set(curPos); + } + endBlocking("doRead", completed); + } + } + + + if (totalRead > 0L) { + return totalRead; + } + + if (eof) { + return -1L; + } else { + return 0L; + } + } + + @Override + public int write(ByteBuffer src) throws IOException { + long totalWritten = doWrite(Collections.singletonList(src), -1L); + if (totalWritten >= Integer.MAX_VALUE) { + throw new StreamCorruptedException("Total written size exceeds integer: " + totalWritten); + } + + return (int) totalWritten; + } + + @Override + public int write(ByteBuffer src, long position) throws IOException { + if (position < 0L) { + throw new IllegalArgumentException( + "write(" + getRemotePath() + ")" + + " illegal position to write to: " + position); + } + + long totalWritten = doWrite(Collections.singletonList(src), position); + if (totalWritten >= Integer.MAX_VALUE) { + throw new StreamCorruptedException("Total written size exceeds integer: " + totalWritten); + } + + return (int) totalWritten; + } + + @Override + public long write(ByteBuffer[] srcs, int offset, int length) throws IOException { + Collection buffers = Arrays.asList(srcs) + .subList(offset, offset + length); + return doWrite(buffers, -1L); + } + + protected long doWrite(Collection buffers, long position) throws IOException { + ensureOpen(WRITE_MODES); + + ClientSession clientSession = sftp.getClientSession(); + int copySize = SftpModuleProperties.COPY_BUF_SIZE.getRequired(clientSession); + + boolean completed = false; + long totalWritten = 0L; + int numBufsUsed = 0; + + synchronized (lock) { + long curPos = (position >= 0L) ? position : posTracker.get(); + try { + beginBlocking("doWrite"); + + for (ByteBuffer buffer : buffers) { + numBufsUsed++; + + while (buffer.remaining() > 0) { + ByteBuffer wrap = buffer; + if (!buffer.hasArray()) { + wrap = ByteBuffer.allocate(Math.min(copySize, buffer.remaining())); + buffer.get(wrap.array(), wrap.arrayOffset(), wrap.remaining()); + } + + int written = wrap.remaining(); + sftp.write(handle, curPos, wrap.array(), + wrap.arrayOffset() + wrap.position(), written); + // reference equality on purpose + if (wrap == buffer) { + wrap.position(wrap.position() + written); + } + curPos += written; + totalWritten += written; + } + } + completed = true; + } finally { + if (position < 0L) { + posTracker.set(curPos); + } + endBlocking("doWrite", completed); + } + } + + + return totalWritten; + } + + @Override + public long position() throws IOException { + ensureOpen(Collections.emptySet()); + return posTracker.get(); + } + + @Override + public FileChannel position(long newPosition) throws IOException { + if (newPosition < 0L) { + throw new IllegalArgumentException( + "position(" + getRemotePath() + ")" + + " illegal file channel position: " + newPosition); + } + + ensureOpen(Collections.emptySet()); + posTracker.set(newPosition); + return this; + } + + @Override + public long size() throws IOException { + ensureOpen(Collections.emptySet()); + Attributes stat = sftp.stat(handle); + return stat.getSize(); + } + + @Override + public FileChannel truncate(long size) throws IOException { + ensureOpen(Collections.emptySet()); + sftp.setStat(handle, new Attributes().size(size)); + return this; + } + + @Override + public void force(boolean metaData) throws IOException { + ensureOpen(Collections.emptySet()); + } + + @Override + public long transferTo(long position, long count, WritableByteChannel target) throws IOException { + if ((position < 0L) || (count < 0L)) { + throw new IllegalArgumentException( + "transferTo(" + getRemotePath() + ")" + + " illegal position (" + position + ") or count (" + count + ")"); + } + ensureOpen(READ_MODES); + + ClientSession clientSession = sftp.getClientSession(); + int copySize = SftpModuleProperties.COPY_BUF_SIZE.getRequired(clientSession); + + boolean completed = false; + boolean eof; + long totalRead; + + synchronized (lock) { + try { + beginBlocking("transferTo"); + + // DO NOT CLOSE THE STREAM AS IT WOULD CLOSE THE HANDLE + @SuppressWarnings("resource") + SftpInputStreamAsync input = new SftpInputStreamAsync( + (AbstractSftpClient) sftp, + copySize, position, count, getRemotePath(), handle); + totalRead = input.transferTo(count, target); + eof = input.isEof(); + completed = true; + } finally { + endBlocking("transferTo", completed); + } + } + + + return (totalRead > 0L) ? totalRead : eof ? -1L : 0L; + } + + @Override + public long transferFrom(ReadableByteChannel src, long position, long count) throws IOException { + if ((position < 0L) || (count < 0L)) { + throw new IllegalArgumentException( + "transferFrom(" + getRemotePath() + ")" + + " illegal position (" + position + ") or count (" + count + ")"); + } + ensureOpen(WRITE_MODES); + + ClientSession clientSession = sftp.getClientSession(); + int copySize = SftpModuleProperties.COPY_BUF_SIZE.getRequired(clientSession); + + boolean completed = false; + long totalRead = 0L; + byte[] buffer = new byte[(int) Math.min(copySize, count)]; + + synchronized (lock) { + try { + beginBlocking("transferFrom"); + + // DO NOT CLOSE THE OUTPUT STREAM AS IT WOULD CLOSE THE HANDLE + @SuppressWarnings("resource") + SftpOutputStreamAsync output = new SftpOutputStreamAsync( + (AbstractSftpClient) sftp, + copySize, getRemotePath(), handle); + while (totalRead < count) { + ByteBuffer wrap = ByteBuffer.wrap( + buffer, 0, (int) Math.min(buffer.length, count - totalRead)); + int read = src.read(wrap); + if (read > 0) { + output.write(buffer, 0, read); + totalRead += read; + } else { + break; + } + } + output.flush(); + // DO NOT CLOSE THE OUTPUT STREAM AS IT WOULD CLOSE THE HANDLE + completed = true; + } finally { + endBlocking("transferFrom", completed); + } + } + + return totalRead; + } + + @Override + public MappedByteBuffer map(MapMode mode, long position, long size) throws IOException { + throw new UnsupportedOperationException( + "map(" + getRemotePath() + ")[" + mode + "," + position + "," + size + "] N/A"); + } + + @Override + public FileLock lock(long position, long size, boolean shared) throws IOException { + return tryLock(position, size, shared); + } + + @Override + public FileLock tryLock(long position, long size, boolean shared) throws IOException { + ensureOpen(Collections.emptySet()); + + try { + sftp.lock(handle, position, size, 0); + } catch (SftpException e) { + if (e.getStatus() == SftpConstants.SSH_FX_LOCK_CONFLICT) { + throw new OverlappingFileLockException(); + } + throw e; + } + + return new FileLock(this, position, size, shared) { + private final AtomicBoolean valid = new AtomicBoolean(true); + + @Override + public boolean isValid() { + return acquiredBy().isOpen() && valid.get(); + } + + @Override + public void release() throws IOException { + if (valid.compareAndSet(true, false)) { + sftp.unlock(handle, position, size); + } + } + }; + } + + @Override + protected void implCloseChannel() throws IOException { + + try { + Thread thread = blockingThreadHolder.get(); + if (thread != null) { + thread.interrupt(); + } + } finally { + try { + handle.close(); + } finally { + if (closeOnExit) { + sftp.close(); + } + } + } + } + + protected void beginBlocking(Object actionHint) { + + begin(); + blockingThreadHolder.set(Thread.currentThread()); + } + + protected void endBlocking(Object actionHint, boolean completed) + throws AsynchronousCloseException { + + blockingThreadHolder.set(null); + end(completed); + } + + /** + * Checks that the channel is open and that its current mode contains at least one of the required ones + * + * @param reqModes The required modes - ignored if {@code null}/empty + * @throws IOException If channel not open or the required modes are not satisfied + */ + private void ensureOpen(Collection reqModes) throws IOException { + if (!isOpen()) { + throw new ClosedChannelException(); + } + + if (GenericUtils.size(reqModes) > 0) { + for (OpenMode m : reqModes) { + if (this.modes.contains(m)) { + return; + } + } + + throw new IOException( + "ensureOpen(" + getRemotePath() + ")" + + " current channel modes (" + this.modes + ")" + + " do contain any of the required ones: " + reqModes); + } + } + + @Override + public String toString() { + return getRemotePath(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/impl/SimpleSftpClientImpl.java b/files-sftp/src/main/java/org/apache/sshd/client/impl/SimpleSftpClientImpl.java new file mode 100644 index 0000000..7f9378e --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/impl/SimpleSftpClientImpl.java @@ -0,0 +1,142 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.impl; + +import java.io.IOException; +import java.net.SocketAddress; +import java.security.KeyPair; + +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.client.simple.SimpleClient; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.io.functors.IOFunction; +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.SftpClientFactory; +import org.apache.sshd.client.SimpleSftpClient; + +/** + * @author Apache MINA SSHD Project + */ +public class SimpleSftpClientImpl implements SimpleSftpClient { + private SimpleClient clientInstance; + private SftpClientFactory sftpClientFactory; + + public SimpleSftpClientImpl() { + this(null); + } + + public SimpleSftpClientImpl(SimpleClient client) { + this(client, null); + } + + public SimpleSftpClientImpl(SimpleClient client, SftpClientFactory sftpClientFactory) { + this.clientInstance = client; + setSftpClientFactory(sftpClientFactory); + } + + public SimpleClient getClient() { + return clientInstance; + } + + public void setClient(SimpleClient client) { + this.clientInstance = client; + } + + public SftpClientFactory getSftpClientFactory() { + return sftpClientFactory; + } + + public void setSftpClientFactory(SftpClientFactory sftpClientFactory) { + this.sftpClientFactory = (sftpClientFactory != null) ? sftpClientFactory : SftpClientFactory.instance(); + } + + @Override + public SftpClient sftpLogin(SocketAddress target, String username, String password) throws IOException { + return createSftpClient(client -> client.sessionLogin(target, username, password)); + } + + @Override + public SftpClient sftpLogin(SocketAddress target, String username, KeyPair identity) throws IOException { + return createSftpClient(client -> client.sessionLogin(target, username, identity)); + } + + protected SftpClient createSftpClient(IOFunction sessionProvider) + throws IOException { + SimpleClient client = getClient(); + ClientSession session = sessionProvider.apply(client); + try { + SftpClient sftp = createSftpClient(session); + session = null; // disable auto-close at finally block + return sftp; + } finally { + if (session != null) { + session.close(); + } + } + } + + protected SftpClient createSftpClient(ClientSession session) throws IOException { + Exception err = null; + try { + SftpClient client = sftpClientFactory.createSftpClient(session); + try { + SftpClient closer = client.singleSessionInstance(); + client = null; // disable auto-close at finally block + return closer; + } catch (Exception e) { + err = GenericUtils.accumulateException(err, e); + } finally { + if (client != null) { + try { + client.close(); + } catch (Exception t) { + err = GenericUtils.accumulateException(err, t); + } + } + } + } catch (Exception e) { + err = GenericUtils.accumulateException(err, e); + } + + // This point is reached if error occurred + + try { + session.close(); + } catch (Exception e) { + err = GenericUtils.accumulateException(err, e); + } + + if (err instanceof IOException) { + throw (IOException) err; + } else { + throw new IOException(err); + } + } + + @Override + public boolean isOpen() { + return true; + } + + @Override + public void close() throws IOException { + // Do nothing + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/impl/StfpIterableDirHandle.java b/files-sftp/src/main/java/org/apache/sshd/client/impl/StfpIterableDirHandle.java new file mode 100644 index 0000000..e81d562 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/impl/StfpIterableDirHandle.java @@ -0,0 +1,60 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.impl; + +import java.util.Objects; + +import org.apache.sshd.client.SftpClient; +import org.apache.sshd.client.SftpClient.DirEntry; +import org.apache.sshd.client.SftpClient.Handle; + +public class StfpIterableDirHandle implements Iterable { + private final SftpClient client; + private final Handle handle; + + /** + * @param client The {@link SftpClient} to use for iteration + * @param handle The remote directory {@link Handle} + */ + public StfpIterableDirHandle(SftpClient client, Handle handle) { + this.client = Objects.requireNonNull(client, "No client instance"); + this.handle = handle; + } + + /** + * The client instance + * + * @return {@link SftpClient} instance used to access the remote file + */ + public final SftpClient getClient() { + return client; + } + + /** + * @return The remote directory {@link Handle} + */ + public final Handle getHandle() { + return handle; + } + + @Override + public SftpDirEntryIterator iterator() { + return new SftpDirEntryIterator(getClient(), getHandle()); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/kex/AbstractDHClientKeyExchange.java b/files-sftp/src/main/java/org/apache/sshd/client/kex/AbstractDHClientKeyExchange.java new file mode 100644 index 0000000..92f10e8 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/kex/AbstractDHClientKeyExchange.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.kex; + +import org.apache.sshd.client.session.AbstractClientSession; +import org.apache.sshd.client.session.ClientSessionHolder; +import org.apache.sshd.common.kex.dh.AbstractDHKeyExchange; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractDHClientKeyExchange + extends AbstractDHKeyExchange + implements ClientSessionHolder { + + protected AbstractDHClientKeyExchange(Session session) { + super(ValidateUtils.checkInstanceOf(session, AbstractClientSession.class, + "Non-AbstractClientSession: %s", session)); + } + + @Override + public final AbstractClientSession getClientSession() { + return (AbstractClientSession) getSession(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/kex/DHGClient.java b/files-sftp/src/main/java/org/apache/sshd/client/kex/DHGClient.java new file mode 100644 index 0000000..9dd7914 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/kex/DHGClient.java @@ -0,0 +1,264 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.kex; + +import java.net.InetSocketAddress; +import java.net.SocketAddress; +import java.security.PublicKey; +import java.util.Collection; +import java.util.Objects; +import java.util.concurrent.TimeUnit; + +import org.apache.sshd.client.session.AbstractClientSession; +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.SshException; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.config.keys.OpenSshCertificate; +import org.apache.sshd.common.kex.AbstractDH; +import org.apache.sshd.common.kex.DHFactory; +import org.apache.sshd.common.kex.KexProposalOption; +import org.apache.sshd.common.kex.KeyExchange; +import org.apache.sshd.common.kex.KeyExchangeFactory; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.signature.Signature; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.common.util.net.SshdSocketAddress; +import org.apache.sshd.common.CoreModuleProperties; + +/** + * Base class for DHG key exchange algorithms. Implementations will only have to configure the required data on the + * {@link org.apache.sshd.common.kex.DHG} class in the {@link #getDH()} method. + * + * @author Apache MINA SSHD Project + */ +public class DHGClient extends AbstractDHClientKeyExchange { + protected final DHFactory factory; + protected AbstractDH dh; + + protected DHGClient(DHFactory factory, Session session) { + super(session); + + this.factory = Objects.requireNonNull(factory, "No factory"); + } + + @Override + public final String getName() { + return factory.getName(); + } + + public static KeyExchangeFactory newFactory(DHFactory delegate) { + return new KeyExchangeFactory() { + @Override + public String getName() { + return delegate.getName(); + } + + @Override + public KeyExchange createKeyExchange(Session session) throws Exception { + return new DHGClient(delegate, session); + } + + @Override + public String toString() { + return NamedFactory.class.getSimpleName() + + "<" + KeyExchange.class.getSimpleName() + ">" + + "[" + getName() + "]"; + } + }; + } + + @Override + public void init(byte[] v_s, byte[] v_c, byte[] i_s, byte[] i_c) throws Exception { + super.init(v_s, v_c, i_s, i_c); + + dh = getDH(); + hash = dh.getHash(); + hash.init(); + + byte[] e = updateE(dh.getE()); + + Session s = getSession(); + Buffer buffer = s.createBuffer(SshConstants.SSH_MSG_KEXDH_INIT, e.length + Integer.SIZE); + buffer.putMPInt(e); + + s.writePacket(buffer); + } + + protected AbstractDH getDH() throws Exception { + return factory.create(); + } + + @Override + @SuppressWarnings("checkstyle:VariableDeclarationUsageDistance") + public boolean next(int cmd, Buffer buffer) throws Exception { + AbstractClientSession session = getClientSession(); + + if (cmd != SshConstants.SSH_MSG_KEXDH_REPLY) { + throw new SshException( + SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED, + "Protocol error: expected packet SSH_MSG_KEXDH_REPLY, got " + KeyExchange.getSimpleKexOpcodeName(cmd)); + } + + byte[] k_s = buffer.getBytes(); + byte[] f = updateF(buffer); + byte[] sig = buffer.getBytes(); + + dh.setF(f); + k = dh.getK(); + + buffer = new ByteArrayBuffer(k_s); + PublicKey serverKey = buffer.getRawPublicKey(); + PublicKey serverPublicHostKey = serverKey; + + if (serverKey instanceof OpenSshCertificate) { + OpenSshCertificate openSshKey = (OpenSshCertificate) serverKey; + serverPublicHostKey = openSshKey.getServerHostKey(); + + try { + verifyCertificate(session, openSshKey); + } catch (SshException e) { + if (CoreModuleProperties.ABORT_ON_INVALID_CERTIFICATE.getRequired(session)) { + throw e; + } else { + // ignore certificate + serverKey = openSshKey.getServerHostKey(); + } + } + } + + String keyAlg = session.getNegotiatedKexParameter(KexProposalOption.SERVERKEYS); + if (GenericUtils.isEmpty(keyAlg)) { + throw new SshException( + "Unsupported server key type: " + serverPublicHostKey.getAlgorithm() + + "[" + serverPublicHostKey.getFormat() + "]"); + } + + buffer = new ByteArrayBuffer(); + buffer.putBytes(v_c); + buffer.putBytes(v_s); + buffer.putBytes(i_c); + buffer.putBytes(i_s); + buffer.putBytes(k_s); + buffer.putMPInt(getE()); + buffer.putMPInt(f); + buffer.putMPInt(k); + hash.update(buffer.array(), 0, buffer.available()); + h = hash.digest(); + + Signature verif = ValidateUtils.checkNotNull( + NamedFactory.create(session.getSignatureFactories(), keyAlg), + "No verifier located for algorithm=%s", keyAlg); + verif.initVerifier(session, serverPublicHostKey); + verif.update(session, h); + if (!verif.verify(session, sig)) { + throw new SshException( + SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED, + "KeyExchange signature verification failed for key type=" + keyAlg); + } + + session.setServerKey(serverKey); + return true; + } + + protected void verifyCertificate(Session session, OpenSshCertificate openSshKey) throws Exception { + PublicKey signatureKey = openSshKey.getCaPubKey(); + String keyAlg = KeyUtils.getKeyType(signatureKey); + String keyId = openSshKey.getId(); + + // allow sha2 signatures for legacy reasons + String variant = openSshKey.getSignatureAlg(); + if ((!GenericUtils.isEmpty(variant)) + && KeyPairProvider.SSH_RSA.equals(KeyUtils.getCanonicalKeyType(variant))) { + keyAlg = variant; + } else { + throw new SshException( + SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED, + "Found invalid signature alg " + variant + " for key ID=" + keyId); + } + + Signature verif = ValidateUtils.checkNotNull( + NamedFactory.create(session.getSignatureFactories(), keyAlg), + "No KeyExchange CA verifier located for algorithm=%s of key ID=%s", keyAlg, keyId); + verif.initVerifier(session, signatureKey); + verif.update(session, openSshKey.getMessage()); + + if (!verif.verify(session, openSshKey.getSignature())) { + throw new SshException( + SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED, + "KeyExchange CA signature verification failed for key type=" + keyAlg + " of key ID=" + keyId); + } + + if (openSshKey.getType() != OpenSshCertificate.SSH_CERT_TYPE_HOST) { + throw new SshException( + SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED, + "KeyExchange signature verification failed, not a host key (2) " + + openSshKey.getType() + " for key ID=" + keyId); + } + + long now = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis()); + // valid after <= current time < valid before + if (!((openSshKey.getValidAfter() <= now) && (now < openSshKey.getValidBefore()))) { + throw new SshException( + SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED, + "KeyExchange signature verification failed, CA expired " + + openSshKey.getValidAfterDate() + " - " + + openSshKey.getValidBeforeDate() + + " for key ID=" + keyId); + } + + /* + * We compare only the connect address against the principals and do not do any reverse DNS lookups. If one + * wants to connect with the IP it has to be included in the principals list of the certificate. + */ + SocketAddress connectSocketAddress = getClientSession().getConnectAddress(); + if (connectSocketAddress instanceof SshdSocketAddress) { + connectSocketAddress = ((SshdSocketAddress) connectSocketAddress).toInetSocketAddress(); + } + + if (connectSocketAddress instanceof InetSocketAddress) { + String hostName = ((InetSocketAddress) connectSocketAddress).getHostString(); + Collection principals = openSshKey.getPrincipals(); + if (GenericUtils.isEmpty(principals) || (!principals.contains(hostName))) { + throw new SshException( + SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED, + "KeyExchange signature verification failed, invalid principal " + + hostName + " for key ID=" + keyId + + " - allowed=" + principals); + } + } else { + throw new SshException( + SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED, + "KeyExchange signature verification failed, could not determine connect host for key ID=" + keyId); + } + + if (!GenericUtils.isEmpty(openSshKey.getCriticalOptions())) { + // no critical option defined for host keys yet + throw new SshException( + SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED, + "KeyExchange signature verification failed, unrecognized critical options " + + openSshKey.getCriticalOptions() + " for key ID=" + + keyId); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/kex/DHGEXClient.java b/files-sftp/src/main/java/org/apache/sshd/client/kex/DHGEXClient.java new file mode 100644 index 0000000..9c56d12 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/kex/DHGEXClient.java @@ -0,0 +1,238 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.kex; + +import java.math.BigInteger; +import java.security.PublicKey; +import java.util.Objects; + +import org.apache.sshd.client.session.AbstractClientSession; +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.SshException; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.kex.AbstractDH; +import org.apache.sshd.common.kex.DHFactory; +import org.apache.sshd.common.kex.KeyExchange; +import org.apache.sshd.common.kex.KeyExchangeFactory; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.signature.Signature; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.BufferUtils; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.common.util.security.SecurityUtils; +import org.apache.sshd.common.CoreModuleProperties; + +/** + * @author Apache MINA SSHD Project + */ +public class DHGEXClient extends AbstractDHClientKeyExchange { + + protected final DHFactory factory; + protected byte expected; + protected int min; + protected int prf; + protected int max; + protected AbstractDH dh; + protected byte[] g; + + private byte[] p; + private BigInteger pValue; + + protected DHGEXClient(DHFactory factory, Session session) { + super(session); + this.factory = Objects.requireNonNull(factory, "No factory"); + + // SSHD-941 give the user a chance to intervene in the choice + min = CoreModuleProperties.PROP_DHGEX_CLIENT_MIN_KEY.get(session) + .orElse(SecurityUtils.getMinDHGroupExchangeKeySize()); + max = CoreModuleProperties.PROP_DHGEX_CLIENT_MAX_KEY.get(session) + .orElse(SecurityUtils.getMaxDHGroupExchangeKeySize()); + prf = CoreModuleProperties.PROP_DHGEX_CLIENT_PRF_KEY.get(session) + .orElse(Math.min(SecurityUtils.PREFERRED_DHGEX_KEY_SIZE, max)); + } + + @Override + public final String getName() { + return factory.getName(); + } + + protected byte[] getP() { + return p; + } + + protected BigInteger getPValue() { + if (pValue == null) { + pValue = BufferUtils.fromMPIntBytes(getP()); + } + + return pValue; + } + + protected void setP(byte[] p) { + this.p = p; + + if (pValue != null) { + pValue = null; // force lazy re-initialization + } + } + + protected void validateEValue() throws Exception { + validateEValue(getPValue()); + } + + protected void validateFValue() throws Exception { + validateFValue(getPValue()); + } + + public static KeyExchangeFactory newFactory(DHFactory delegate) { + return new KeyExchangeFactory() { + @Override + public String getName() { + return delegate.getName(); + } + + @Override + public KeyExchange createKeyExchange(Session session) throws Exception { + return new DHGEXClient(delegate, session); + } + + @Override + public String toString() { + return NamedFactory.class.getSimpleName() + + "<" + KeyExchange.class.getSimpleName() + ">" + + "[" + getName() + "]"; + } + }; + } + + @Override + public void init(byte[] v_s, byte[] v_c, byte[] i_s, byte[] i_c) throws Exception { + super.init(v_s, v_c, i_s, i_c); + + Session s = getSession(); + if ((max < min) || (prf < min) || (max < prf)) { + throw new SshException( + SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED, + "Protocol error: bad parameters " + min + " !< " + prf + " !< " + max); + } + + Buffer buffer = s.createBuffer(SshConstants.SSH_MSG_KEX_DH_GEX_REQUEST, Integer.SIZE); + buffer.putInt(min); + buffer.putInt(prf); + buffer.putInt(max); + s.writePacket(buffer); + + expected = SshConstants.SSH_MSG_KEX_DH_GEX_GROUP; + } + + @Override + @SuppressWarnings("checkstyle:VariableDeclarationUsageDistance") + public boolean next(int cmd, Buffer buffer) throws Exception { + AbstractClientSession session = getClientSession(); + + if (cmd != expected) { + throw new SshException( + SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED, + "Protocol error: expected packet " + KeyExchange.getGroupKexOpcodeName(expected) + + ", got " + KeyExchange.getGroupKexOpcodeName(cmd)); + } + + if (cmd == SshConstants.SSH_MSG_KEX_DH_GEX_GROUP) { + setP(buffer.getMPIntAsBytes()); + g = buffer.getMPIntAsBytes(); + + dh = getDH(getPValue(), new BigInteger(g)); + hash = dh.getHash(); + hash.init(); + + byte[] e = updateE(dh.getE()); + validateEValue(); + + + buffer = session.createBuffer( + SshConstants.SSH_MSG_KEX_DH_GEX_INIT, e.length + Byte.SIZE); + buffer.putMPInt(e); + session.writePacket(buffer); + expected = SshConstants.SSH_MSG_KEX_DH_GEX_REPLY; + return false; + } + + if (cmd == SshConstants.SSH_MSG_KEX_DH_GEX_REPLY) { + + byte[] k_s = buffer.getBytes(); + byte[] f = updateF(buffer); + byte[] sig = buffer.getBytes(); + + validateFValue(); + + dh.setF(f); + k = dh.getK(); + + buffer = new ByteArrayBuffer(k_s); + PublicKey serverKey = buffer.getRawPublicKey(); + + String keyAlg = KeyUtils.getKeyType(serverKey); + if (GenericUtils.isEmpty(keyAlg)) { + throw new SshException( + "Unsupported server key type: " + serverKey.getAlgorithm() + + " [" + serverKey.getFormat() + "]"); + } + + buffer = new ByteArrayBuffer(); + buffer.putBytes(v_c); + buffer.putBytes(v_s); + buffer.putBytes(i_c); + buffer.putBytes(i_s); + buffer.putBytes(k_s); + buffer.putInt(min); + buffer.putInt(prf); + buffer.putInt(max); + buffer.putMPInt(getP()); + buffer.putMPInt(g); + buffer.putMPInt(getE()); + buffer.putMPInt(f); + buffer.putMPInt(k); + hash.update(buffer.array(), 0, buffer.available()); + h = hash.digest(); + + Signature verif = ValidateUtils.checkNotNull( + NamedFactory.create(session.getSignatureFactories(), keyAlg), + "No verifier located for algorithm=%s", keyAlg); + verif.initVerifier(session, serverKey); + verif.update(session, h); + if (!verif.verify(session, sig)) { + throw new SshException( + SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED, + "KeyExchange signature verification failed for key type=" + keyAlg); + } + session.setServerKey(serverKey); + return true; + } + + throw new IllegalStateException("Unknown command value: " + KeyExchange.getGroupKexOpcodeName(cmd)); + } + + protected AbstractDH getDH(BigInteger p, BigInteger g) throws Exception { + return factory.create(p, g); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/AcceptAllServerKeyVerifier.java b/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/AcceptAllServerKeyVerifier.java new file mode 100644 index 0000000..4268601 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/AcceptAllServerKeyVerifier.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.keyverifier; + +/** + * A ServerKeyVerifier that accepts all server keys. + * + * @author Apache MINA SSHD Project + */ +public final class AcceptAllServerKeyVerifier extends StaticServerKeyVerifier { + public static final AcceptAllServerKeyVerifier INSTANCE = new AcceptAllServerKeyVerifier(); + + private AcceptAllServerKeyVerifier() { + super(true); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/DefaultKnownHostsServerKeyVerifier.java b/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/DefaultKnownHostsServerKeyVerifier.java new file mode 100644 index 0000000..93f0767 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/DefaultKnownHostsServerKeyVerifier.java @@ -0,0 +1,85 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.keyverifier; + +import java.io.File; +import java.io.IOException; +import java.nio.file.LinkOption; +import java.nio.file.Path; +import java.security.GeneralSecurityException; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.Objects; + +import org.apache.sshd.client.config.hosts.KnownHostEntry; +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.util.io.IoUtils; + +/** + * Monitors the {@code ~/.ssh/known_hosts} file of the user currently running the client, updating and re-loading it if + * necessary. It also (optionally) enforces the same permissions regime as {@code OpenSSH}. + * + * @author Apache MINA SSHD Project + */ +public class DefaultKnownHostsServerKeyVerifier extends KnownHostsServerKeyVerifier { + private final boolean strict; + + public DefaultKnownHostsServerKeyVerifier(ServerKeyVerifier delegate) { + this(delegate, true); + } + + public DefaultKnownHostsServerKeyVerifier(ServerKeyVerifier delegate, boolean strict) { + this(delegate, strict, KnownHostEntry.getDefaultKnownHostsFile(), IoUtils.getLinkOptions(true)); + } + + public DefaultKnownHostsServerKeyVerifier(ServerKeyVerifier delegate, boolean strict, File file) { + this(delegate, strict, Objects.requireNonNull(file, "No file provided").toPath(), IoUtils.getLinkOptions(true)); + } + + public DefaultKnownHostsServerKeyVerifier(ServerKeyVerifier delegate, boolean strict, Path file, LinkOption... options) { + super(delegate, file, options); + this.strict = strict; + } + + /** + * @return If {@code true} then makes sure that the containing folder has 0700 access and the file 0644. + * Note: for Windows it does not check these permissions + * @see #validateStrictConfigFilePermissions(Path, LinkOption...) + */ + public final boolean isStrict() { + return strict; + } + + @Override + protected List reloadKnownHosts(ClientSession session, Path file) + throws IOException, GeneralSecurityException { + if (isStrict()) { + + Map.Entry violation = validateStrictConfigFilePermissions(file); + if (violation != null) { + updateReloadAttributes(); + return Collections.emptyList(); + } + } + + return super.reloadKnownHosts(session, file); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/DelegatingServerKeyVerifier.java b/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/DelegatingServerKeyVerifier.java new file mode 100644 index 0000000..2e8bff8 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/DelegatingServerKeyVerifier.java @@ -0,0 +1,50 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.keyverifier; + +import java.net.SocketAddress; +import java.security.PublicKey; +import java.util.Map; + +import org.apache.sshd.client.session.ClientSession; + +/** + * A {@link ServerKeyVerifier} that delegates verification to the instance found in the {@link ClientSession} metadata + * The verifier can be specified at the {@code SshClient} level, which may have connections to multiple hosts. This + * technique lets each connection have its own verifier instance. + * + * @author Apache MINA SSHD Project + */ +public class DelegatingServerKeyVerifier implements ServerKeyVerifier { + public DelegatingServerKeyVerifier() { + super(); + } + + @Override + public boolean verifyServerKey( + ClientSession session, SocketAddress remoteAddress, PublicKey serverKey) { + Map metadataMap = session.getMetadataMap(); + Object verifier = metadataMap.get(ServerKeyVerifier.class); + if (verifier == null) { + return true; + } + // We throw if it's not a ServerKeyVerifier... + return ((ServerKeyVerifier) verifier).verifyServerKey(session, remoteAddress, serverKey); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/KnownHostsServerKeyVerifier.java b/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/KnownHostsServerKeyVerifier.java new file mode 100644 index 0000000..5d10e87 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/KnownHostsServerKeyVerifier.java @@ -0,0 +1,700 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.keyverifier; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.OutputStream; +import java.io.Writer; +import java.net.SocketAddress; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.LinkOption; +import java.nio.file.Path; +import java.nio.file.StandardOpenOption; +import java.security.GeneralSecurityException; +import java.security.PublicKey; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Objects; +import java.util.TreeSet; +import java.util.concurrent.atomic.AtomicReference; +import java.util.function.Supplier; + +import org.apache.sshd.client.config.hosts.KnownHostEntry; +import org.apache.sshd.client.config.hosts.KnownHostHashValue; +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.Factory; +import org.apache.sshd.common.FactoryManager; +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.config.ConfigFileReaderSupport; +import org.apache.sshd.common.config.keys.AuthorizedKeyEntry; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.config.keys.PublicKeyEntry; +import org.apache.sshd.common.config.keys.PublicKeyEntryResolver; +import org.apache.sshd.common.mac.Mac; +import org.apache.sshd.common.random.Random; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.io.IoUtils; +import org.apache.sshd.common.util.io.ModifiableFileWatcher; +import org.apache.sshd.common.util.net.SshdSocketAddress; + +/** + * @author Apache MINA SSHD Project + */ +public class KnownHostsServerKeyVerifier + extends ModifiableFileWatcher + implements ServerKeyVerifier, ModifiedServerKeyAcceptor { + + /** + * Standard option used to indicate whether to use strict host key checking or not. Values may be + * "yes/no", "true/false" or "on/off" + */ + public static final String STRICT_CHECKING_OPTION = "StrictHostKeyChecking"; + + /** + * Standard option used to indicate alternative known hosts file location + */ + public static final String KNOWN_HOSTS_FILE_OPTION = "UserKnownHostsFile"; + + /** + * Represents an entry in the internal verifier's cache + * + * @author Apache MINA SSHD Project + */ + public static class HostEntryPair { + private KnownHostEntry hostEntry; + private PublicKey serverKey; + + public HostEntryPair() { + super(); + } + + public HostEntryPair(KnownHostEntry entry, PublicKey key) { + this.hostEntry = Objects.requireNonNull(entry, "No entry"); + this.serverKey = Objects.requireNonNull(key, "No key"); + } + + public KnownHostEntry getHostEntry() { + return hostEntry; + } + + public void setHostEntry(KnownHostEntry hostEntry) { + this.hostEntry = hostEntry; + } + + public PublicKey getServerKey() { + return serverKey; + } + + public void setServerKey(PublicKey serverKey) { + this.serverKey = serverKey; + } + + @Override + public String toString() { + return String.valueOf(getHostEntry()); + } + } + + protected final Object updateLock = new Object(); + private final ServerKeyVerifier delegate; + private final AtomicReference>> keysSupplier + = new AtomicReference<>(getKnownHostSupplier(null, getPath())); + private ModifiedServerKeyAcceptor modKeyAcceptor; + + public KnownHostsServerKeyVerifier(ServerKeyVerifier delegate, Path file) { + this(delegate, file, IoUtils.EMPTY_LINK_OPTIONS); + } + + public KnownHostsServerKeyVerifier(ServerKeyVerifier delegate, Path file, LinkOption... options) { + super(file, options); + this.delegate = Objects.requireNonNull(delegate, "No delegate"); + } + + public ServerKeyVerifier getDelegateVerifier() { + return delegate; + } + + /** + * @return The delegate {@link ModifiedServerKeyAcceptor} to consult if a server presents a modified key. If + * {@code null} then assumed to reject such a modification + */ + public ModifiedServerKeyAcceptor getModifiedServerKeyAcceptor() { + return modKeyAcceptor; + } + + /** + * @param acceptor The delegate {@link ModifiedServerKeyAcceptor} to consult if a server presents a modified key. If + * {@code null} then assumed to reject such a modification + */ + public void setModifiedServerKeyAcceptor(ModifiedServerKeyAcceptor acceptor) { + modKeyAcceptor = acceptor; + } + + @Override + public boolean verifyServerKey(ClientSession clientSession, SocketAddress remoteAddress, PublicKey serverKey) { + try { + if (checkReloadRequired()) { + Path file = getPath(); + if (exists()) { + updateReloadAttributes(); + keysSupplier.set(GenericUtils.memoizeLock(getKnownHostSupplier(clientSession, file))); + } else { + keysSupplier.set(GenericUtils.memoizeLock(Collections::emptyList)); + } + } + } catch (Throwable t) { + return acceptIncompleteHostKeys(clientSession, remoteAddress, serverKey, t); + } + + Collection knownHosts = keysSupplier.get().get(); + + return acceptKnownHostEntries(clientSession, remoteAddress, serverKey, knownHosts); + } + + protected Supplier> getKnownHostSupplier(ClientSession clientSession, Path file) { + return () -> { + try { + return reloadKnownHosts(clientSession, file); + } catch (Exception e) { + return Collections.emptyList(); + } + }; + } + + protected void setLoadedHostsEntries(Collection keys) { + keysSupplier.set(() -> keys); + } + + /** + * @param session The {@link ClientSession} that triggered this request + * @param file The {@link Path} to reload from + * @return A {@link List} of the loaded {@link HostEntryPair}s - may be {@code null}/empty + * @throws IOException If failed to parse the file + * @throws GeneralSecurityException If failed to resolve the encoded public keys + */ + protected List reloadKnownHosts(ClientSession session, Path file) + throws IOException, GeneralSecurityException { + Collection entries = KnownHostEntry.readKnownHostEntries(file); + updateReloadAttributes(); + + if (GenericUtils.isEmpty(entries)) { + return Collections.emptyList(); + } + + List keys = new ArrayList<>(entries.size()); + PublicKeyEntryResolver resolver = getFallbackPublicKeyEntryResolver(); + for (KnownHostEntry entry : entries) { + try { + PublicKey key = resolveHostKey(session, entry, resolver); + if (key != null) { + keys.add(new HostEntryPair(entry, key)); + } + } catch (Throwable t) { + } + } + + return keys; + } + + /** + * Recover the associated public key from a known host entry + * + * @param session The {@link ClientSession} that triggered this request + * @param entry The {@link KnownHostEntry} - ignored if {@code null} + * @param resolver The {@link PublicKeyEntryResolver} to use if immediate - decoding does not work + * - ignored if {@code null} + * @return The extracted {@link PublicKey} - {@code null} if none + * @throws IOException If failed to decode the key + * @throws GeneralSecurityException If failed to generate the key + * @see #getFallbackPublicKeyEntryResolver() + * @see AuthorizedKeyEntry#resolvePublicKey(SessionContext, PublicKeyEntryResolver) + */ + protected PublicKey resolveHostKey( + ClientSession session, KnownHostEntry entry, PublicKeyEntryResolver resolver) + throws IOException, GeneralSecurityException { + if (entry == null) { + return null; + } + + AuthorizedKeyEntry authEntry = ValidateUtils.checkNotNull(entry.getKeyEntry(), "No key extracted from %s", entry); + PublicKey key = authEntry.resolvePublicKey(session, resolver); + + return key; + } + + protected PublicKeyEntryResolver getFallbackPublicKeyEntryResolver() { + return PublicKeyEntryResolver.IGNORING; + } + + protected boolean acceptKnownHostEntries( + ClientSession clientSession, SocketAddress remoteAddress, PublicKey serverKey, + Collection knownHosts) { + // TODO allow for several candidates and check if ANY of them matches the key and has 'revoked' marker + HostEntryPair match = findKnownHostEntry(clientSession, remoteAddress, knownHosts); + if (match == null) { + return acceptUnknownHostKey(clientSession, remoteAddress, serverKey); + } + + KnownHostEntry entry = match.getHostEntry(); + PublicKey expected = match.getServerKey(); + if (KeyUtils.compareKeys(expected, serverKey)) { + return acceptKnownHostEntry(clientSession, remoteAddress, serverKey, entry); + } + + try { + if (!acceptModifiedServerKey(clientSession, remoteAddress, entry, expected, serverKey)) { + return false; + } + } catch (Throwable t) { + return false; + } + + Path file = getPath(); + try { + updateModifiedServerKey(clientSession, remoteAddress, match, serverKey, file, knownHosts); + } catch (Throwable t) { + handleModifiedServerKeyUpdateFailure(clientSession, remoteAddress, match, serverKey, file, knownHosts, t); + } + + return true; + } + + /** + * Invoked if a matching host entry was found, but the key did not match and + * {@link #acceptModifiedServerKey(ClientSession, SocketAddress, KnownHostEntry, PublicKey, PublicKey)} returned + * {@code true}. By default it locates the line to be updated and updates only its key data, marking the file for + * reload on next verification just to be on the safe side. + * + * @param clientSession The {@link ClientSession} + * @param remoteAddress The remote host address + * @param match The {@link HostEntryPair} whose key does not match + * @param actual The presented server {@link PublicKey} to be updated + * @param file The file {@link Path} to be updated + * @param knownHosts The currently loaded entries + * @throws Exception If failed to update the file - Note: this may mean the file is now corrupted + * @see #handleModifiedServerKeyUpdateFailure(ClientSession, SocketAddress, HostEntryPair, + * PublicKey, Path, Collection, Throwable) + * @see #prepareModifiedServerKeyLine(ClientSession, SocketAddress, KnownHostEntry, String, + * PublicKey, PublicKey) + */ + protected void updateModifiedServerKey( + ClientSession clientSession, SocketAddress remoteAddress, HostEntryPair match, PublicKey actual, + Path file, Collection knownHosts) + throws Exception { + KnownHostEntry entry = match.getHostEntry(); + String matchLine = ValidateUtils.checkNotNullAndNotEmpty(entry.getConfigLine(), "No entry config line"); + String newLine = prepareModifiedServerKeyLine( + clientSession, remoteAddress, entry, matchLine, match.getServerKey(), actual); + if (GenericUtils.isEmpty(newLine)) { + return; + } + + if (matchLine.equals(newLine)) { + return; + } + + List lines = new ArrayList<>(); + synchronized (updateLock) { + int matchingIndex = -1; // read all lines but replace the updated one + try (BufferedReader rdr = Files.newBufferedReader(file, StandardCharsets.UTF_8)) { + for (String line = rdr.readLine(); line != null; line = rdr.readLine()) { + // skip if already replaced the original line + if (matchingIndex >= 0) { + lines.add(line); + continue; + } + line = GenericUtils.trimToEmpty(line); + if (GenericUtils.isEmpty(line)) { + lines.add(line); + continue; + } + + int pos = line.indexOf(ConfigFileReaderSupport.COMMENT_CHAR); + if (pos == 0) { + lines.add(line); + continue; + } + + if (pos > 0) { + line = line.substring(0, pos); + line = line.trim(); + } + + if (!matchLine.equals(line)) { + lines.add(line); + continue; + } + + lines.add(newLine); + matchingIndex = lines.size(); + } + } + + ValidateUtils.checkTrue(matchingIndex >= 0, "No match found for line=%s", matchLine); + + try (Writer w = Files.newBufferedWriter(file, StandardCharsets.UTF_8)) { + for (String l : lines) { + w.append(l).append(IoUtils.EOL); + } + } + + synchronized (match) { + match.setServerKey(actual); + entry.setConfigLine(newLine); + } + } + + resetReloadAttributes(); // force reload on next verification + } + + /** + * Invoked by + * {@link #updateModifiedServerKey(ClientSession, SocketAddress, HostEntryPair, PublicKey, Path, Collection)} in + * order to prepare the replacement - by default it replaces the key part with the new one + * + * @param clientSession The {@link ClientSession} + * @param remoteAddress The remote host address + * @param entry The {@link KnownHostEntry} + * @param curLine The current entry line data + * @param expected The expected {@link PublicKey} + * @param actual The present key to be update + * @return The updated line - ignored if {@code null}/empty or same as original one + * @throws Exception if failed to prepare the line + */ + protected String prepareModifiedServerKeyLine( + ClientSession clientSession, SocketAddress remoteAddress, KnownHostEntry entry, + String curLine, PublicKey expected, PublicKey actual) + throws Exception { + if ((entry == null) || GenericUtils.isEmpty(curLine)) { + return curLine; // just to be on the safe side + } + + int pos = curLine.indexOf(' '); + if (curLine.charAt(0) == KnownHostEntry.MARKER_INDICATOR) { + // skip marker till next token + for (pos++; pos < curLine.length(); pos++) { + if (curLine.charAt(pos) != ' ') { + break; + } + } + + pos = (pos < curLine.length()) ? curLine.indexOf(' ', pos) : -1; + } + + ValidateUtils.checkTrue((pos > 0) && (pos < (curLine.length() - 1)), "Missing encoded key in line=%s", curLine); + StringBuilder sb = new StringBuilder(curLine.length()); + sb.append(curLine.substring(0, pos)); // copy the marker/patterns as-is + PublicKeyEntry.appendPublicKeyEntry(sb.append(' '), actual); + return sb.toString(); + } + + /** + * Invoked if {@code #updateModifiedServerKey(ClientSession, SocketAddress, HostEntryPair, PublicKey, Path)} throws + * an exception. This may mean the file is corrupted, but it can be recovered from the known hosts that are being + * provided. By default, it only logs a warning and does not attempt to recover the file + * + * @param clientSession The {@link ClientSession} + * @param remoteAddress The remote host address + * @param match The {@link HostEntryPair} whose key does not match + * @param serverKey The presented server {@link PublicKey} to be updated + * @param file The file {@link Path} to be updated + * @param knownHosts The currently cached entries (may be {@code null}/empty) + * @param reason The failure reason + */ + protected void handleModifiedServerKeyUpdateFailure( + ClientSession clientSession, SocketAddress remoteAddress, HostEntryPair match, + PublicKey serverKey, Path file, Collection knownHosts, Throwable reason) { + // NOTE !!! this may mean the file is corrupted, but it can be recovered from the known hosts + } + + /** + * Invoked after known host entry located and keys match - by default checks that entry has not been revoked + * + * @param clientSession The {@link ClientSession} + * @param remoteAddress The remote host address + * @param serverKey The presented server {@link PublicKey} + * @param entry The {@link KnownHostEntry} value - if {@code null} then no known matching host entry was + * found - default will call + * {@link #acceptUnknownHostKey(ClientSession, SocketAddress, PublicKey)} + * @return {@code true} if OK to accept the server + */ + protected boolean acceptKnownHostEntry( + ClientSession clientSession, SocketAddress remoteAddress, PublicKey serverKey, KnownHostEntry entry) { + if (entry == null) { // not really expected, but manage it + return acceptUnknownHostKey(clientSession, remoteAddress, serverKey); + } + + if ("revoked".equals(entry.getMarker())) { + return false; + } + + return true; + } + + protected HostEntryPair findKnownHostEntry( + ClientSession clientSession, SocketAddress remoteAddress, Collection knownHosts) { + if (GenericUtils.isEmpty(knownHosts)) { + return null; + } + + Collection candidates = resolveHostNetworkIdentities(clientSession, remoteAddress); + + if (GenericUtils.isEmpty(candidates)) { + return null; + } + + for (HostEntryPair match : knownHosts) { + KnownHostEntry entry = match.getHostEntry(); + for (SshdSocketAddress host : candidates) { + try { + if (entry.isHostMatch(host.getHostName(), host.getPort())) { + return match; + } + } catch (RuntimeException | Error e) { + } + } + } + + return null; // no match found + } + + /** + * Called if failed to reload known hosts - by default invokes + * {@link #acceptUnknownHostKey(ClientSession, SocketAddress, PublicKey)} + * + * @param clientSession The {@link ClientSession} + * @param remoteAddress The remote host address + * @param serverKey The presented server {@link PublicKey} + * @param reason The {@link Throwable} that indicates the reload failure + * @return {@code true} if accept the server key anyway + * @see #acceptUnknownHostKey(ClientSession, SocketAddress, PublicKey) + */ + protected boolean acceptIncompleteHostKeys( + ClientSession clientSession, SocketAddress remoteAddress, PublicKey serverKey, Throwable reason) { + return acceptUnknownHostKey(clientSession, remoteAddress, serverKey); + } + + /** + * Invoked if none of the known hosts matches the current one - by default invokes the delegate. If the delegate + * accepts the key, then it is appended to the currently monitored entries and the file is updated + * + * @param clientSession The {@link ClientSession} + * @param remoteAddress The remote host address + * @param serverKey The presented server {@link PublicKey} + * @return {@code true} if accept the server key + * @see #updateKnownHostsFile(ClientSession, SocketAddress, PublicKey, Path, Collection) + * @see #handleKnownHostsFileUpdateFailure(ClientSession, SocketAddress, PublicKey, Path, + * Collection, Throwable) + */ + protected boolean acceptUnknownHostKey(ClientSession clientSession, SocketAddress remoteAddress, PublicKey serverKey) { + + if (delegate.verifyServerKey(clientSession, remoteAddress, serverKey)) { + Path file = getPath(); + Collection keys = keysSupplier.get().get(); + try { + updateKnownHostsFile(clientSession, remoteAddress, serverKey, file, keys); + } catch (Throwable t) { + handleKnownHostsFileUpdateFailure(clientSession, remoteAddress, serverKey, file, keys, t); + } + + return true; + } + + return false; + } + + /** + * Invoked when {@link #updateKnownHostsFile(ClientSession, SocketAddress, PublicKey, Path, Collection)} fails - by + * default just issues a warning. Note: there is a chance that the file is now corrupted and cannot be + * re-used, so we provide a way to recover it via overriding this method and using the cached entries to re-created + * it. + * + * @param clientSession The {@link ClientSession} + * @param remoteAddress The remote host address + * @param serverKey The server {@link PublicKey} that was attempted to update + * @param file The file {@link Path} to be updated + * @param knownHosts The currently known entries (may be {@code null}/empty + * @param reason The failure reason + */ + protected void handleKnownHostsFileUpdateFailure( + ClientSession clientSession, SocketAddress remoteAddress, PublicKey serverKey, + Path file, Collection knownHosts, Throwable reason) { + } + + /** + * Invoked if a new previously unknown host key has been accepted - by default appends a new entry at the end of the + * currently monitored known hosts file + * + * @param clientSession The {@link ClientSession} + * @param remoteAddress The remote host address + * @param serverKey The server {@link PublicKey} that to update + * @param file The file {@link Path} to be updated + * @param knownHosts The currently cached entries (may be {@code null}/empty) + * @return The generated {@link KnownHostEntry} or {@code null} if nothing updated. If anything + * updated then the file will be re-loaded on next verification regardless of which server is + * verified + * @throws Exception If failed to update the file - Note: in this case the file may be corrupted so + * {@link #handleKnownHostsFileUpdateFailure(ClientSession, SocketAddress, PublicKey, Path, Collection, Throwable)} + * will be called in order to enable recovery of its data + * @see #resetReloadAttributes() + */ + protected KnownHostEntry updateKnownHostsFile( + ClientSession clientSession, SocketAddress remoteAddress, PublicKey serverKey, + Path file, Collection knownHosts) + throws Exception { + KnownHostEntry entry = prepareKnownHostEntry(clientSession, remoteAddress, serverKey); + if (entry == null) { + + return null; + } + + String line = entry.getConfigLine(); + byte[] lineData = line.getBytes(StandardCharsets.UTF_8); + boolean reuseExisting = Files.exists(file) && (Files.size(file) > 0); + byte[] eolBytes = IoUtils.getEOLBytes(); + synchronized (updateLock) { + try (OutputStream output = reuseExisting + ? Files.newOutputStream(file, StandardOpenOption.APPEND) + : Files.newOutputStream(file)) { + if (reuseExisting) { + output.write(eolBytes); // separate from previous lines + } + + output.write(lineData); + output.write(eolBytes); // add another separator for trailing lines - in case regular SSH client appends + // to it + } + } + + resetReloadAttributes(); // force reload on next verification + return entry; + } + + /** + * Invoked by {@link #updateKnownHostsFile(ClientSession, SocketAddress, PublicKey, Path, Collection)} in order to + * generate the host entry to be written + * + * @param clientSession The {@link ClientSession} + * @param remoteAddress The remote host address + * @param serverKey The server {@link PublicKey} that was attempted to update + * @return The {@link KnownHostEntry} to use - if {@code null} then entry is not updated in the file + * @throws Exception If failed to generate the entry - e.g. failed to hash + * @see #resolveHostNetworkIdentities(ClientSession, SocketAddress) + * @see KnownHostEntry#getConfigLine() + */ + protected KnownHostEntry prepareKnownHostEntry( + ClientSession clientSession, SocketAddress remoteAddress, PublicKey serverKey) + throws Exception { + Collection patterns = resolveHostNetworkIdentities(clientSession, remoteAddress); + if (GenericUtils.isEmpty(patterns)) { + return null; + } + + StringBuilder sb = new StringBuilder(Byte.MAX_VALUE); + Random rnd = null; + for (SshdSocketAddress hostIdentity : patterns) { + if (sb.length() > 0) { + sb.append(','); + } + + NamedFactory digester = getHostValueDigester(clientSession, remoteAddress, hostIdentity); + if (digester != null) { + if (rnd == null) { + FactoryManager manager = Objects.requireNonNull(clientSession.getFactoryManager(), "No factory manager"); + Factory factory = Objects.requireNonNull(manager.getRandomFactory(), "No random factory"); + rnd = Objects.requireNonNull(factory.create(), "No randomizer created"); + } + + Mac mac = digester.create(); + int blockSize = mac.getDefaultBlockSize(); + byte[] salt = new byte[blockSize]; + rnd.fill(salt); + + byte[] digestValue = KnownHostHashValue.calculateHashValue( + hostIdentity.getHostName(), hostIdentity.getPort(), mac, salt); + KnownHostHashValue.append(sb, digester, salt, digestValue); + } else { + KnownHostHashValue.appendHostPattern(sb, hostIdentity.getHostName(), hostIdentity.getPort()); + } + } + + PublicKeyEntry.appendPublicKeyEntry(sb.append(' '), serverKey); + return KnownHostEntry.parseKnownHostEntry(sb.toString()); + } + + /** + * Invoked by {@link #prepareKnownHostEntry(ClientSession, SocketAddress, PublicKey)} in order to query whether to + * use a hashed value instead of a plain one for the written host name/address - default returns {@code null} - + * i.e., no hashing + * + * @param clientSession The {@link ClientSession} + * @param remoteAddress The remote host address + * @param hostIdentity The entry's host name/address + * @return The digester {@link NamedFactory} - {@code null} if no hashing is to be made + */ + protected NamedFactory getHostValueDigester( + ClientSession clientSession, SocketAddress remoteAddress, SshdSocketAddress hostIdentity) { + return null; + } + + /** + * Retrieves the host identities to be used when matching or updating an entry for it - by default returns the + * reported remote address and the original connection target host name/address (if same, then only one value is + * returned) + * + * @param clientSession The {@link ClientSession} + * @param remoteAddress The remote host address + * @return A {@link Collection} of the {@code InetSocketAddress}-es to use - if {@code null}/empty + * then ignored (i.e., no matching is done or no entry is generated) + * @see ClientSession#getConnectAddress() + * @see SshdSocketAddress#toSshdSocketAddress(SocketAddress) + */ + protected Collection resolveHostNetworkIdentities( + ClientSession clientSession, SocketAddress remoteAddress) { + /* + * NOTE !!! we do not resolve the fully-qualified name to avoid long DNS timeouts. Instead we use the reported + * peer address and the original connection target host + */ + Collection candidates = new TreeSet<>(SshdSocketAddress.BY_HOST_AND_PORT); + candidates.add(SshdSocketAddress.toSshdSocketAddress(remoteAddress)); + SocketAddress connectAddress = clientSession.getConnectAddress(); + candidates.add(SshdSocketAddress.toSshdSocketAddress(connectAddress)); + return candidates; + } + + @Override + public boolean acceptModifiedServerKey( + ClientSession clientSession, SocketAddress remoteAddress, + KnownHostEntry entry, PublicKey expected, PublicKey actual) + throws Exception { + ModifiedServerKeyAcceptor acceptor = getModifiedServerKeyAcceptor(); + if (acceptor != null) { + return acceptor.acceptModifiedServerKey(clientSession, remoteAddress, entry, expected, actual); + } + + return false; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/ModifiedServerKeyAcceptor.java b/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/ModifiedServerKeyAcceptor.java new file mode 100644 index 0000000..966a970 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/ModifiedServerKeyAcceptor.java @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.keyverifier; + +import java.net.SocketAddress; +import java.security.PublicKey; + +import org.apache.sshd.client.config.hosts.KnownHostEntry; +import org.apache.sshd.client.session.ClientSession; + +/** + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface ModifiedServerKeyAcceptor { + /** + * Invoked when a matching known host key was found but it does not match the presented one. + * + * @param clientSession The {@link ClientSession} + * @param remoteAddress The remote host address + * @param entry The original {@link KnownHostEntry} whose key did not match + * @param expected The expected server {@link PublicKey} + * @param actual The presented server {@link PublicKey} + * @return {@code true} if accept the server key anyway + * @throws Exception if cannot process the request - equivalent to {@code false} return value + */ + boolean acceptModifiedServerKey( + ClientSession clientSession, SocketAddress remoteAddress, + KnownHostEntry entry, PublicKey expected, PublicKey actual) + throws Exception; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/RejectAllServerKeyVerifier.java b/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/RejectAllServerKeyVerifier.java new file mode 100644 index 0000000..de41202 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/RejectAllServerKeyVerifier.java @@ -0,0 +1,31 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.keyverifier; + +/** + * @author Apache MINA SSHD Project + */ +public final class RejectAllServerKeyVerifier extends StaticServerKeyVerifier { + public static final RejectAllServerKeyVerifier INSTANCE = new RejectAllServerKeyVerifier(); + + private RejectAllServerKeyVerifier() { + super(false); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/RequiredServerKeyVerifier.java b/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/RequiredServerKeyVerifier.java new file mode 100644 index 0000000..7cef148 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/RequiredServerKeyVerifier.java @@ -0,0 +1,51 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.keyverifier; + +import java.net.SocketAddress; +import java.security.PublicKey; + +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.util.buffer.BufferUtils; + +/** + * A ServerKeyVerifier that accepts one server key (specified in the constructor) + * + * @author Apache MINA SSHD Project + */ +public class RequiredServerKeyVerifier implements ServerKeyVerifier { + private final PublicKey requiredKey; + + public RequiredServerKeyVerifier(PublicKey requiredKey) { + this.requiredKey = requiredKey; + } + + public final PublicKey getRequiredKey() { + return requiredKey; + } + + @Override + public boolean verifyServerKey(ClientSession sshClientSession, SocketAddress remoteAddress, PublicKey serverKey) { + if (requiredKey.equals(serverKey)) { + return true; + } else { + return false; + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/ServerKeyVerifier.java b/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/ServerKeyVerifier.java new file mode 100644 index 0000000..2eaa258 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/ServerKeyVerifier.java @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.keyverifier; + +import java.net.SocketAddress; +import java.security.PublicKey; + +import org.apache.sshd.client.session.ClientSession; + +/** + * The ServerKeyVerifier is used on the client side to authenticate the key provided by the server. + * + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface ServerKeyVerifier { + /** + * Verify that the server key provided is really the one of the host. + * + * @param clientSession the current {@link ClientSession} + * @param remoteAddress the host's {@link SocketAddress} + * @param serverKey the presented server {@link PublicKey} + * @return true if the key is accepted for the host + */ + boolean verifyServerKey(ClientSession clientSession, SocketAddress remoteAddress, PublicKey serverKey); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/StaticServerKeyVerifier.java b/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/StaticServerKeyVerifier.java new file mode 100644 index 0000000..b5f63ec --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/keyverifier/StaticServerKeyVerifier.java @@ -0,0 +1,62 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.keyverifier; + +import java.net.SocketAddress; +import java.security.PublicKey; + +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.config.keys.KeyUtils; + +/** + * Returns the same constant answer {@code true/false} regardless + * + * @author Apache MINA SSHD Project + */ +public abstract class StaticServerKeyVerifier implements ServerKeyVerifier { + private final boolean acceptance; + + protected StaticServerKeyVerifier(boolean acceptance) { + this.acceptance = acceptance; + } + + public final boolean isAccepted() { + return acceptance; + } + + @Override + public final boolean verifyServerKey(ClientSession sshClientSession, SocketAddress remoteAddress, PublicKey serverKey) { + boolean accepted = isAccepted(); + if (accepted) { + handleAcceptance(sshClientSession, remoteAddress, serverKey); + } else { + handleRejection(sshClientSession, remoteAddress, serverKey); + } + + return accepted; + } + + protected void handleAcceptance(ClientSession sshClientSession, SocketAddress remoteAddress, PublicKey serverKey) { + // accepting without really checking is dangerous, thus the warning + } + + protected void handleRejection(ClientSession sshClientSession, SocketAddress remoteAddress, PublicKey serverKey) { + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/session/AbstractClientSession.java b/files-sftp/src/main/java/org/apache/sshd/client/session/AbstractClientSession.java new file mode 100644 index 0000000..ebb1d46 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/session/AbstractClientSession.java @@ -0,0 +1,642 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.session; + +import java.io.IOException; +import java.net.SocketAddress; +import java.security.KeyPair; +import java.security.PublicKey; +import java.util.Collections; +import java.util.EnumMap; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.concurrent.CopyOnWriteArrayList; + +import org.apache.sshd.client.ClientFactoryManager; +import org.apache.sshd.client.auth.AuthenticationIdentitiesProvider; +import org.apache.sshd.client.auth.UserAuthFactory; +import org.apache.sshd.client.auth.hostbased.HostBasedAuthenticationReporter; +import org.apache.sshd.client.auth.keyboard.UserInteraction; +import org.apache.sshd.client.auth.password.PasswordAuthenticationReporter; +import org.apache.sshd.client.auth.password.PasswordIdentityProvider; +import org.apache.sshd.client.auth.pubkey.PublicKeyAuthenticationReporter; +import org.apache.sshd.client.channel.ChannelDirectTcpip; +import org.apache.sshd.client.channel.ChannelExec; +import org.apache.sshd.client.channel.ChannelShell; +import org.apache.sshd.client.channel.ChannelSubsystem; +import org.apache.sshd.client.channel.ClientChannel; +import org.apache.sshd.client.keyverifier.ServerKeyVerifier; +import org.apache.sshd.common.AttributeRepository; +import org.apache.sshd.common.FactoryManager; +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.RuntimeSshException; +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.SshException; +import org.apache.sshd.common.channel.Channel; +import org.apache.sshd.common.channel.PtyChannelConfigurationHolder; +import org.apache.sshd.common.cipher.BuiltinCiphers; +import org.apache.sshd.common.cipher.CipherNone; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.config.keys.OpenSshCertificate; +import org.apache.sshd.common.forward.Forwarder; +import org.apache.sshd.common.future.DefaultKeyExchangeFuture; +import org.apache.sshd.common.future.KeyExchangeFuture; +import org.apache.sshd.common.io.IoSession; +import org.apache.sshd.common.io.IoWriteFuture; +import org.apache.sshd.common.kex.KexProposalOption; +import org.apache.sshd.common.kex.KexState; +import org.apache.sshd.common.kex.extension.KexExtensionHandler; +import org.apache.sshd.common.kex.extension.KexExtensionHandler.AvailabilityPhase; +import org.apache.sshd.common.keyprovider.KeyIdentityProvider; +import org.apache.sshd.common.session.ConnectionService; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.session.SessionDisconnectHandler; +import org.apache.sshd.common.session.helpers.AbstractConnectionService; +import org.apache.sshd.common.session.helpers.AbstractSession; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.net.SshdSocketAddress; +import org.apache.sshd.common.CoreModuleProperties; + +/** + * Provides default implementations of {@link ClientSession} related methods + * + * @author Apache MINA SSHD Project + */ +public abstract class AbstractClientSession extends AbstractSession implements ClientSession { + protected final boolean sendImmediateClientIdentification; + protected final boolean sendImmediateKexInit; + + private final List identities = new CopyOnWriteArrayList<>(); + private final AuthenticationIdentitiesProvider identitiesProvider; + private final AttributeRepository connectionContext; + + private PublicKey serverKey; + private ServerKeyVerifier serverKeyVerifier; + private UserInteraction userInteraction; + private PasswordIdentityProvider passwordIdentityProvider; + private PasswordAuthenticationReporter passwordAuthenticationReporter; + private KeyIdentityProvider keyIdentityProvider; + private PublicKeyAuthenticationReporter publicKeyAuthenticationReporter; + private HostBasedAuthenticationReporter hostBasedAuthenticationReporter; + private List userAuthFactories; + private SocketAddress connectAddress; + private ClientProxyConnector proxyConnector; + + protected AbstractClientSession(ClientFactoryManager factoryManager, IoSession ioSession) { + super(false, factoryManager, ioSession); + + sendImmediateClientIdentification = CoreModuleProperties.SEND_IMMEDIATE_IDENTIFICATION.getRequired(this); + sendImmediateKexInit = CoreModuleProperties.SEND_IMMEDIATE_KEXINIT.getRequired(this); + + identitiesProvider = AuthenticationIdentitiesProvider.wrapIdentities(identities); + connectionContext = (AttributeRepository) ioSession.getAttribute(AttributeRepository.class); + } + + @Override + public AttributeRepository getConnectionContext() { + return connectionContext; + } + + @Override + public ClientFactoryManager getFactoryManager() { + return (ClientFactoryManager) super.getFactoryManager(); + } + + @Override + public SocketAddress getConnectAddress() { + return resolvePeerAddress(connectAddress); + } + + public void setConnectAddress(SocketAddress connectAddress) { + this.connectAddress = connectAddress; + } + + @Override + public PublicKey getServerKey() { + return serverKey; + } + + public void setServerKey(PublicKey serverKey) { + + this.serverKey = serverKey; + } + + @Override + public ServerKeyVerifier getServerKeyVerifier() { + ClientFactoryManager manager = getFactoryManager(); + return resolveEffectiveProvider(ServerKeyVerifier.class, serverKeyVerifier, manager.getServerKeyVerifier()); + } + + @Override + public void setServerKeyVerifier(ServerKeyVerifier serverKeyVerifier) { + this.serverKeyVerifier = serverKeyVerifier; // OK if null - inherit from parent + } + + @Override + public UserInteraction getUserInteraction() { + ClientFactoryManager manager = getFactoryManager(); + return resolveEffectiveProvider(UserInteraction.class, userInteraction, manager.getUserInteraction()); + } + + @Override + public void setUserInteraction(UserInteraction userInteraction) { + this.userInteraction = userInteraction; // OK if null - inherit from parent + } + + @Override + public PasswordAuthenticationReporter getPasswordAuthenticationReporter() { + ClientFactoryManager manager = getFactoryManager(); + return resolveEffectiveProvider(PasswordAuthenticationReporter.class, passwordAuthenticationReporter, + manager.getPasswordAuthenticationReporter()); + } + + @Override + public void setPasswordAuthenticationReporter(PasswordAuthenticationReporter reporter) { + this.passwordAuthenticationReporter = reporter; + } + + @Override + public List getUserAuthFactories() { + ClientFactoryManager manager = getFactoryManager(); + return resolveEffectiveFactories(userAuthFactories, manager.getUserAuthFactories()); + } + + @Override + public void setUserAuthFactories(List userAuthFactories) { + this.userAuthFactories = userAuthFactories; // OK if null/empty - inherit from parent + } + + @Override + public AuthenticationIdentitiesProvider getRegisteredIdentities() { + return identitiesProvider; + } + + @Override + public PasswordIdentityProvider getPasswordIdentityProvider() { + ClientFactoryManager manager = getFactoryManager(); + return resolveEffectiveProvider(PasswordIdentityProvider.class, passwordIdentityProvider, + manager.getPasswordIdentityProvider()); + } + + @Override + public void setPasswordIdentityProvider(PasswordIdentityProvider provider) { + passwordIdentityProvider = provider; + } + + @Override + public KeyIdentityProvider getKeyIdentityProvider() { + ClientFactoryManager manager = getFactoryManager(); + return resolveEffectiveProvider(KeyIdentityProvider.class, keyIdentityProvider, + manager.getKeyIdentityProvider()); + } + + @Override + public void setKeyIdentityProvider(KeyIdentityProvider keyIdentityProvider) { + this.keyIdentityProvider = keyIdentityProvider; + } + + @Override + public PublicKeyAuthenticationReporter getPublicKeyAuthenticationReporter() { + ClientFactoryManager manager = getFactoryManager(); + return resolveEffectiveProvider(PublicKeyAuthenticationReporter.class, publicKeyAuthenticationReporter, + manager.getPublicKeyAuthenticationReporter()); + } + + @Override + public void setPublicKeyAuthenticationReporter(PublicKeyAuthenticationReporter reporter) { + this.publicKeyAuthenticationReporter = reporter; + } + + @Override + public HostBasedAuthenticationReporter getHostBasedAuthenticationReporter() { + ClientFactoryManager manager = getFactoryManager(); + return resolveEffectiveProvider(HostBasedAuthenticationReporter.class, hostBasedAuthenticationReporter, + manager.getHostBasedAuthenticationReporter()); + } + + @Override + public void setHostBasedAuthenticationReporter(HostBasedAuthenticationReporter reporter) { + this.hostBasedAuthenticationReporter = reporter; + } + + @Override + public ClientProxyConnector getClientProxyConnector() { + ClientFactoryManager manager = getFactoryManager(); + return resolveEffectiveProvider(ClientProxyConnector.class, proxyConnector, manager.getClientProxyConnector()); + } + + @Override + public void setClientProxyConnector(ClientProxyConnector proxyConnector) { + this.proxyConnector = proxyConnector; + } + + @Override + public void addPasswordIdentity(String password) { + // DO NOT USE checkNotNullOrNotEmpty SINCE IT TRIMS THE RESULT + ValidateUtils.checkTrue((password != null) && (!password.isEmpty()), "No password provided"); + identities.add(password); + } + + @Override + public String removePasswordIdentity(String password) { + if (GenericUtils.isEmpty(password)) { + return null; + } + + int index = AuthenticationIdentitiesProvider.findIdentityIndex(identities, + AuthenticationIdentitiesProvider.PASSWORD_IDENTITY_COMPARATOR, password); + if (index >= 0) { + return (String) identities.remove(index); + } else { + return null; + } + } + + @Override + public void addPublicKeyIdentity(KeyPair kp) { + Objects.requireNonNull(kp, "No key-pair to add"); + Objects.requireNonNull(kp.getPublic(), "No public key"); + Objects.requireNonNull(kp.getPrivate(), "No private key"); + + identities.add(kp); + + } + + @Override + public KeyPair removePublicKeyIdentity(KeyPair kp) { + if (kp == null) { + return null; + } + + int index = AuthenticationIdentitiesProvider.findIdentityIndex(identities, + AuthenticationIdentitiesProvider.KEYPAIR_IDENTITY_COMPARATOR, kp); + if (index >= 0) { + return (KeyPair) identities.remove(index); + } else { + return null; + } + } + + protected void initializeKeyExchangePhase() throws Exception { + KexExtensionHandler extHandler = getKexExtensionHandler(); + if ((extHandler == null) || (!extHandler.isKexExtensionsAvailable(this, AvailabilityPhase.PREKEX))) { + kexState.set(KexState.INIT); + sendKexInit(); + } else { + } + } + + protected void initializeProxyConnector() throws Exception { + ClientProxyConnector proxyConnector = getClientProxyConnector(); + if (proxyConnector == null) { + return; + } + + try { + + proxyConnector.sendClientProxyMetadata(this); + + } catch (Throwable t) { + + if (t instanceof Exception) { + throw (Exception) t; + } else { + throw new RuntimeSshException(t); + } + } + } + + protected IoWriteFuture sendClientIdentification() throws Exception { + clientVersion = resolveIdentificationString(CoreModuleProperties.CLIENT_IDENTIFICATION.getName()); + // Note: we intentionally use an unmodifiable list in order to enforce the fact that client cannot send header lines + signalSendIdentification(clientVersion, Collections.emptyList()); + return sendIdentification(clientVersion, Collections.emptyList()); + } + + @Override + public ClientChannel createChannel(String type) throws IOException { + return createChannel(type, null); + } + + @Override + public ClientChannel createChannel(String type, String subType) throws IOException { + if (Channel.CHANNEL_SHELL.equals(type)) { + return createShellChannel(); + } else if (Channel.CHANNEL_EXEC.equals(type)) { + return createExecChannel(subType); + } else if (Channel.CHANNEL_SUBSYSTEM.equals(type)) { + return createSubsystemChannel(subType); + } else { + throw new IllegalArgumentException("Unsupported channel type requested: " + type); + } + } + + @Override + public ChannelExec createExecChannel(String command, PtyChannelConfigurationHolder ptyConfig, Map env) + throws IOException { + ChannelExec channel = new ChannelExec(command, ptyConfig, env); + ConnectionService service = getConnectionService(); + int id = service.registerChannel(channel); + return channel; + } + + @Override + public ChannelSubsystem createSubsystemChannel(String subsystem) throws IOException { + ChannelSubsystem channel = new ChannelSubsystem(subsystem); + ConnectionService service = getConnectionService(); + int id = service.registerChannel(channel); + return channel; + } + + @Override + public ChannelDirectTcpip createDirectTcpipChannel(SshdSocketAddress local, SshdSocketAddress remote) + throws IOException { + ChannelDirectTcpip channel = new ChannelDirectTcpip(local, remote); + ConnectionService service = getConnectionService(); + int id = service.registerChannel(channel); + return channel; + } + + protected ClientUserAuthService getUserAuthService() { + return getService(ClientUserAuthService.class); + } + + @Override + protected ConnectionService getConnectionService() { + return getService(ConnectionService.class); + } + + @Override + public SshdSocketAddress startLocalPortForwarding(SshdSocketAddress local, SshdSocketAddress remote) + throws IOException { + Forwarder forwarder = getForwarder(); + return forwarder.startLocalPortForwarding(local, remote); + } + + @Override + public void stopLocalPortForwarding(SshdSocketAddress local) throws IOException { + Forwarder forwarder = getForwarder(); + forwarder.stopLocalPortForwarding(local); + } + + @Override + public SshdSocketAddress startRemotePortForwarding(SshdSocketAddress remote, SshdSocketAddress local) + throws IOException { + Forwarder forwarder = getForwarder(); + return forwarder.startRemotePortForwarding(remote, local); + } + + @Override + public void stopRemotePortForwarding(SshdSocketAddress remote) throws IOException { + Forwarder forwarder = getForwarder(); + forwarder.stopRemotePortForwarding(remote); + } + + @Override + public SshdSocketAddress startDynamicPortForwarding(SshdSocketAddress local) throws IOException { + Forwarder forwarder = getForwarder(); + return forwarder.startDynamicPortForwarding(local); + } + + @Override + public void stopDynamicPortForwarding(SshdSocketAddress local) throws IOException { + Forwarder forwarder = getForwarder(); + forwarder.stopDynamicPortForwarding(local); + } + + @Override + protected Forwarder getForwarder() { + ConnectionService service = Objects.requireNonNull(getConnectionService(), "No connection service"); + return Objects.requireNonNull(service.getForwarder(), "No forwarder"); + } + + @Override + protected String resolveAvailableSignaturesProposal(FactoryManager manager) { + // the client does not have to provide keys for the available signatures + ValidateUtils.checkTrue(manager == getFactoryManager(), "Mismatched factory manager instances"); + return NamedResource.getNames(getSignatureFactories()); + } + + @Override + public void startService(String name, Buffer buffer) throws Exception { + SessionDisconnectHandler handler = getSessionDisconnectHandler(); + if ((handler != null) && handler.handleUnsupportedServiceDisconnectReason(this, + SshConstants.SSH_MSG_SERVICE_REQUEST, name, buffer)) { + return; + } + + throw new IllegalStateException("Starting services is not supported on the client side: " + name); + } + + @Override + public ChannelShell createShellChannel(PtyChannelConfigurationHolder ptyConfig, Map env) + throws IOException { + if ((inCipher instanceof CipherNone) || (outCipher instanceof CipherNone)) { + throw new IllegalStateException("Interactive channels are not supported with none cipher"); + } + + ChannelShell channel = new ChannelShell(ptyConfig, env); + ConnectionService service = getConnectionService(); + int id = service.registerChannel(channel); + return channel; + } + + @Override + protected boolean readIdentification(Buffer buffer) throws Exception { + List ident = doReadIdentification(buffer, false); + int numLines = GenericUtils.size(ident); + serverVersion = (numLines <= 0) ? null : ident.remove(numLines - 1); + if (serverVersion == null) { + return false; + } + + if (!SessionContext.isValidVersionPrefix(serverVersion)) { + throw new SshException( + SshConstants.SSH2_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED, + "Unsupported protocol version: " + serverVersion); + } + + signalExtraServerVersionInfo(serverVersion, ident); + + // Now that we have the server's identity reported see if have delayed any of our duties... + if (!sendImmediateClientIdentification) { + sendClientIdentification(); + // if client identification not sent then KEX-INIT was not sent either + initializeKeyExchangePhase(); + } else if (!sendImmediateKexInit) { + // if client identification sent, perhaps we delayed KEX-INIT + initializeKeyExchangePhase(); + } + + return true; + } + + protected void signalExtraServerVersionInfo(String version, List lines) throws Exception { + signalPeerIdentificationReceived(version, lines); + + if (GenericUtils.isEmpty(lines)) { + return; + } + + UserInteraction ui = getUserInteraction(); + try { + if ((ui != null) && ui.isInteractionAllowed(this)) { + ui.serverVersionInfo(this, lines); + } + } catch (Error e) { + throw new RuntimeSshException(e); + } + } + + @Override + protected byte[] sendKexInit(Map proposal) throws Exception { + mergeProposals(clientProposal, proposal); + return super.sendKexInit(proposal); + } + + @Override + protected void setKexSeed(byte... seed) { + setClientKexData(seed); + } + + @Override + protected byte[] receiveKexInit(Buffer buffer) throws Exception { + byte[] seed = super.receiveKexInit(buffer); + /* + * Check if the session has delayed its KEX-INIT until the server's one was received in order to support KEX + * extension negotiation (RFC 8308). + */ + if (kexState.compareAndSet(KexState.UNKNOWN, KexState.RUN)) { + kexState.set(KexState.INIT); + sendKexInit(); + } + + return seed; + } + + @Override + protected void receiveKexInit(Map proposal, byte[] seed) throws IOException { + mergeProposals(serverProposal, proposal); + setServerKexData(seed); + } + + @Override + protected void checkKeys() throws IOException { + ServerKeyVerifier serverKeyVerifier = Objects.requireNonNull(getServerKeyVerifier(), "No server key verifier"); + IoSession networkSession = getIoSession(); + SocketAddress remoteAddress = networkSession.getRemoteAddress(); + PublicKey serverKey = Objects.requireNonNull(getServerKey(), "No server key to verify"); + SshdSocketAddress targetServerAddress = getAttribute(ClientSessionCreator.TARGET_SERVER); + if (targetServerAddress != null) { + remoteAddress = targetServerAddress.toInetSocketAddress(); + } + + boolean verified = false; + if (serverKey instanceof OpenSshCertificate) { + // check if we trust the CA + verified = serverKeyVerifier.verifyServerKey(this, remoteAddress, ((OpenSshCertificate) serverKey).getCaPubKey()); + + if (!verified) { + // fallback to actual public host key + serverKey = ((OpenSshCertificate) serverKey).getServerHostKey(); + } + } + + if (!verified) { + verified = serverKeyVerifier.verifyServerKey(this, remoteAddress, serverKey); + } + + if (!verified) { + throw new SshException(SshConstants.SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE, "Server key did not validate"); + } + } + + @Override + public KeyExchangeFuture switchToNoneCipher() throws IOException { + if (!(currentService instanceof AbstractConnectionService) + || !GenericUtils.isEmpty(((AbstractConnectionService) currentService).getChannels())) { + throw new IllegalStateException( + "The switch to the none cipher must be done immediately after authentication"); + } + + if (kexState.compareAndSet(KexState.DONE, KexState.INIT)) { + DefaultKeyExchangeFuture kexFuture = new DefaultKeyExchangeFuture(toString(), null); + DefaultKeyExchangeFuture prev = kexFutureHolder.getAndSet(kexFuture); + if (prev != null) { + synchronized (prev) { + Object value = prev.getValue(); + if (value == null) { + prev.setValue(new SshException("Switch to none cipher while previous KEX is ongoing")); + } + } + } + + String c2sEncServer; + String s2cEncServer; + synchronized (serverProposal) { + c2sEncServer = serverProposal.get(KexProposalOption.C2SENC); + s2cEncServer = serverProposal.get(KexProposalOption.S2CENC); + } + boolean c2sEncServerNone = BuiltinCiphers.Constants.isNoneCipherIncluded(c2sEncServer); + boolean s2cEncServerNone = BuiltinCiphers.Constants.isNoneCipherIncluded(s2cEncServer); + + String c2sEncClient; + String s2cEncClient; + synchronized (clientProposal) { + c2sEncClient = clientProposal.get(KexProposalOption.C2SENC); + s2cEncClient = clientProposal.get(KexProposalOption.S2CENC); + } + + boolean c2sEncClientNone = BuiltinCiphers.Constants.isNoneCipherIncluded(c2sEncClient); + boolean s2cEncClientNone = BuiltinCiphers.Constants.isNoneCipherIncluded(s2cEncClient); + + if ((!c2sEncServerNone) || (!s2cEncServerNone)) { + kexFuture.setValue(new SshException("Server does not support none cipher")); + } else if ((!c2sEncClientNone) || (!s2cEncClientNone)) { + kexFuture.setValue(new SshException("Client does not support none cipher")); + } else { + + Map proposal = new EnumMap<>(KexProposalOption.class); + synchronized (clientProposal) { + proposal.putAll(clientProposal); + } + + proposal.put(KexProposalOption.C2SENC, BuiltinCiphers.Constants.NONE); + proposal.put(KexProposalOption.S2CENC, BuiltinCiphers.Constants.NONE); + + try { + synchronized (kexState) { + byte[] seed = sendKexInit(proposal); + setKexSeed(seed); + } + } catch (Exception e) { + GenericUtils.rethrowAsIoException(e); + } + } + + return Objects.requireNonNull(kexFutureHolder.get(), "No current KEX future"); + } else { + throw new SshException("In flight key exchange"); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/session/ClientConnectionService.java b/files-sftp/src/main/java/org/apache/sshd/client/session/ClientConnectionService.java new file mode 100644 index 0000000..3368eca --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/session/ClientConnectionService.java @@ -0,0 +1,136 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.session; + +import java.io.IOException; +import java.time.Duration; +import java.util.concurrent.ScheduledExecutorService; +import java.util.concurrent.ScheduledFuture; +import java.util.concurrent.TimeUnit; + +import org.apache.sshd.common.FactoryManager; +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.SshException; +import org.apache.sshd.common.io.IoWriteFuture; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.session.helpers.AbstractConnectionService; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.CoreModuleProperties; + +/** + * Client side ssh-connection service. + * + * @author Apache MINA SSHD Project + */ +public class ClientConnectionService + extends AbstractConnectionService + implements ClientSessionHolder { + protected final String heartbeatRequest; + protected final Duration heartbeatInterval; + protected final Duration heartbeatReplyMaxWait; + /** Non-null only if using the "keep-alive" request mechanism */ + protected ScheduledFuture clientHeartbeat; + + public ClientConnectionService(AbstractClientSession s) throws SshException { + super(s); + + heartbeatRequest = CoreModuleProperties.HEARTBEAT_REQUEST.getRequired(this); + heartbeatInterval = CoreModuleProperties.HEARTBEAT_INTERVAL.getRequired(this); + heartbeatReplyMaxWait = CoreModuleProperties.HEARTBEAT_REPLY_WAIT.getRequired(this); + } + + @Override + public final ClientSession getClientSession() { + return getSession(); + } + + @Override // co-variant return + public AbstractClientSession getSession() { + return (AbstractClientSession) super.getSession(); + } + + @Override + public void start() { + ClientSession session = getClientSession(); + if (!session.isAuthenticated()) { + throw new IllegalStateException("Session is not authenticated"); + } + super.start(); + } + + @Override + protected synchronized ScheduledFuture startHeartBeat() { + if (!GenericUtils.isNegativeOrNull(heartbeatInterval) && GenericUtils.isNotEmpty(heartbeatRequest)) { + stopHeartBeat(); + + ClientSession session = getClientSession(); + FactoryManager manager = session.getFactoryManager(); + ScheduledExecutorService service = manager.getScheduledExecutorService(); + clientHeartbeat = service.scheduleAtFixedRate( + this::sendHeartBeat, heartbeatInterval.toMillis(), heartbeatInterval.toMillis(), TimeUnit.MILLISECONDS); + + return clientHeartbeat; + } else { + return super.startHeartBeat(); + } + } + + @Override + protected synchronized void stopHeartBeat() { + try { + super.stopHeartBeat(); + } finally { + // No need to cancel since this is the same reference as the superclass heartbeat future + if (clientHeartbeat != null) { + clientHeartbeat = null; + } + } + } + + @Override + protected boolean sendHeartBeat() { + if (clientHeartbeat == null) { + return super.sendHeartBeat(); + } + + Session session = getSession(); + try { + boolean withReply = !GenericUtils.isNegativeOrNull(heartbeatReplyMaxWait); + Buffer buf = session.createBuffer( + SshConstants.SSH_MSG_GLOBAL_REQUEST, heartbeatRequest.length() + Byte.SIZE); + buf.putString(heartbeatRequest); + buf.putBoolean(withReply); + + if (withReply) { + Buffer reply = session.request(heartbeatRequest, buf, heartbeatReplyMaxWait); + if (reply != null) { + } + } else { + IoWriteFuture future = session.writePacket(buf); + future.addListener(this::futureDone); + } + heartbeatCount.incrementAndGet(); + return true; + } catch (IOException | RuntimeException | Error e) { + session.exceptionCaught(e); + return false; + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/session/ClientConnectionServiceFactory.java b/files-sftp/src/main/java/org/apache/sshd/client/session/ClientConnectionServiceFactory.java new file mode 100644 index 0000000..13ddbbf --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/session/ClientConnectionServiceFactory.java @@ -0,0 +1,69 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.session; + +import java.io.IOException; + +import org.apache.sshd.common.Service; +import org.apache.sshd.common.ServiceFactory; +import org.apache.sshd.common.forward.PortForwardingEventListener; +import org.apache.sshd.common.session.AbstractConnectionServiceFactory; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * @author Apache MINA SSHD Project + */ +public class ClientConnectionServiceFactory extends AbstractConnectionServiceFactory implements ServiceFactory { + public static final ClientConnectionServiceFactory INSTANCE = new ClientConnectionServiceFactory() { + @Override + public void addPortForwardingEventListener(PortForwardingEventListener listener) { + throw new UnsupportedOperationException("addPortForwardingListener(" + listener + ") N/A on default instance"); + } + + @Override + public void removePortForwardingEventListener(PortForwardingEventListener listener) { + throw new UnsupportedOperationException( + "removePortForwardingEventListener(" + listener + ") N/A on default instance"); + } + + @Override + public PortForwardingEventListener getPortForwardingEventListenerProxy() { + return PortForwardingEventListener.EMPTY; + } + }; + + public ClientConnectionServiceFactory() { + super(); + } + + @Override + public String getName() { + return "ssh-connection"; + } + + @Override + public Service create(Session session) throws IOException { + AbstractClientSession abstractSession + = ValidateUtils.checkInstanceOf(session, AbstractClientSession.class, "Not a client session: %s", session); + ClientConnectionService service = new ClientConnectionService(abstractSession); + service.addPortForwardingEventListenerManager(this); + return service; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/session/ClientProxyConnector.java b/files-sftp/src/main/java/org/apache/sshd/client/session/ClientProxyConnector.java new file mode 100644 index 0000000..a765e67 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/session/ClientProxyConnector.java @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.session; + +import org.apache.sshd.common.CoreModuleProperties; + +/** + * Provides a way to implement proxied connections where some metadata about the client is sent before the actual + * SSH protocol is executed - e.g., the PROXY + * protocol. The implementor should use the {@code IoSession#write(Buffer)} method to send any packets with the + * meta-data. + * + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface ClientProxyConnector { + /** + * Invoked once initial connection has been established so that the proxy can open its channel and send the + * meta-data to its peer. Upon successful return the SSH identification line is eventually sent and the protocol + * proceeds as usual. + * + * @param session The {@link ClientSession} instance - Note: at this stage the client's identification + * line is not set yet. + * @throws Exception If failed to initialize the proxy - which will also terminate the session + * @see CoreModuleProperties#SEND_IMMEDIATE_IDENTIFICATION SEND_IMMEDIATE_IDENTIFICATION + */ + void sendClientProxyMetadata(ClientSession session) throws Exception; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/session/ClientProxyConnectorHolder.java b/files-sftp/src/main/java/org/apache/sshd/client/session/ClientProxyConnectorHolder.java new file mode 100644 index 0000000..6de3bc3 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/session/ClientProxyConnectorHolder.java @@ -0,0 +1,29 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.session; + +/** + * @author Apache MINA SSHD Project + */ +public interface ClientProxyConnectorHolder { + ClientProxyConnector getClientProxyConnector(); + + void setClientProxyConnector(ClientProxyConnector proxyConnector); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/session/ClientSession.java b/files-sftp/src/main/java/org/apache/sshd/client/session/ClientSession.java new file mode 100644 index 0000000..b1a76a9 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/session/ClientSession.java @@ -0,0 +1,373 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.session; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.OutputStream; +import java.net.SocketAddress; +import java.net.SocketTimeoutException; +import java.nio.charset.Charset; +import java.nio.charset.StandardCharsets; +import java.security.KeyPair; +import java.security.PublicKey; +import java.time.Duration; +import java.util.Collection; +import java.util.Collections; +import java.util.EnumSet; +import java.util.Iterator; +import java.util.Map; +import java.util.Set; + +import org.apache.sshd.client.ClientAuthenticationManager; +import org.apache.sshd.client.ClientFactoryManager; +import org.apache.sshd.client.auth.password.PasswordIdentityProvider; +import org.apache.sshd.client.channel.ChannelDirectTcpip; +import org.apache.sshd.client.channel.ChannelExec; +import org.apache.sshd.client.channel.ChannelShell; +import org.apache.sshd.client.channel.ChannelSubsystem; +import org.apache.sshd.client.channel.ClientChannel; +import org.apache.sshd.client.channel.ClientChannelEvent; +import org.apache.sshd.client.future.AuthFuture; +import org.apache.sshd.client.session.forward.DynamicPortForwardingTracker; +import org.apache.sshd.client.session.forward.ExplicitPortForwardingTracker; +import org.apache.sshd.common.AttributeRepository; +import org.apache.sshd.common.channel.PtyChannelConfigurationHolder; +import org.apache.sshd.common.forward.PortForwardingManager; +import org.apache.sshd.common.future.KeyExchangeFuture; +import org.apache.sshd.common.keyprovider.KeyIdentityProvider; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.io.NoCloseOutputStream; +import org.apache.sshd.common.util.io.NullOutputStream; +import org.apache.sshd.common.util.net.SshdSocketAddress; + +/** + *

    + * An authenticated session to a given SSH server. + *

    + * + *

    + * A client session is established using the {@link org.apache.sshd.client.SshClient}. Once the session has been + * created, the user has to authenticate using either {@link #addPasswordIdentity(String)} or + * {@link #addPublicKeyIdentity(KeyPair)} followed by a call to {@link #auth()}. + *

    + * + *

    + * From this session, channels can be created using the {@link #createChannel(String)} method. Multiple channels can be + * created on a given session concurrently. + *

    + * + *

    + * When using the client in an interactive mode, the {@link #waitFor(Collection, long)} method can be used to listen to + * specific events such as the session being established, authenticated or closed. + *

    + * + * When a given session is no longer used, it must be closed using the {@link #close(boolean)} method. + * + * @author Apache MINA SSHD Project + */ +public interface ClientSession + extends Session, ClientProxyConnectorHolder, + ClientAuthenticationManager, PortForwardingManager { + enum ClientSessionEvent { + TIMEOUT, + CLOSED, + WAIT_AUTH, + AUTHED + } + + Set REMOTE_COMMAND_WAIT_EVENTS = Collections.unmodifiableSet(EnumSet.of(ClientChannelEvent.CLOSED)); + + /** + * Returns the original address (after having been translated through host configuration entries if any) that was + * request to connect. It contains the original host or address string that was used. Note: this may be + * different than the result of the {@link #getIoSession()} report of the remote peer + * + * @return The original requested address + */ + SocketAddress getConnectAddress(); + + /** + * @return The "context" data provided when session connection was established - {@code null} if none. + */ + AttributeRepository getConnectionContext(); + + /** + * Starts the authentication process. User identities will be tried until the server successfully authenticate the + * user. User identities must be provided before calling this method using {@link #addPasswordIdentity(String)} or + * {@link #addPublicKeyIdentity(KeyPair)}. + * + * @return the authentication future + * @throws IOException if failed to generate the future + * @see #addPasswordIdentity(String) + * @see #addPublicKeyIdentity(KeyPair) + */ + AuthFuture auth() throws IOException; + + /** + * Retrieves the server's key + * + * @return The server's {@link PublicKey} - {@code null} if KEX not started or not completed + */ + PublicKey getServerKey(); + + /** + * Create a channel of the given type. Same as calling createChannel(type, null). + * + * @param type The channel type + * @return The created {@link ClientChannel} + * @throws IOException If failed to create the requested channel + */ + ClientChannel createChannel(String type) throws IOException; + + /** + * Create a channel of the given type and sub-type. + * + * @param type The channel type + * @param subType The channel sub-type + * @return The created {@link ClientChannel} + * @throws IOException If failed to create the requested channel + */ + ClientChannel createChannel(String type, String subType) throws IOException; + + /** + * Create a channel to start a shell using default PTY settings and environment. + * + * @return The created {@link ChannelShell} + * @throws IOException If failed to create the requested channel + */ + default ChannelShell createShellChannel() throws IOException { + return createShellChannel(null, Collections.emptyMap()); + } + + /** + * Create a channel to start a shell using specific PTY settings and/or environment. + * + * @param ptyConfig The PTY configuration to use - if {@code null} then internal defaults are used + * @param env Extra environment configuration to be transmitted to the server - ignored if + * {@code null}/empty. + * @return The created {@link ChannelShell} + * @throws IOException If failed to create the requested channel + */ + ChannelShell createShellChannel( + PtyChannelConfigurationHolder ptyConfig, Map env) + throws IOException; + + /** + * Create a channel to execute a command using default PTY settings and environment. + * + * @param command The command to execute + * @return The created {@link ChannelExec} + * @throws IOException If failed to create the requested channel + */ + default ChannelExec createExecChannel(String command) throws IOException { + return createExecChannel(command, null, Collections.emptyMap()); + } + + /** + * Create a channel to execute a command using specific PTY settings and/or environment. + * + * @param command The command to execute + * @param ptyConfig The PTY configuration to use - if {@code null} then internal defaults are used + * @param env Extra environment configuration to be transmitted to the server - ignored if + * {@code null}/empty. + * @return The created {@link ChannelExec} + * @throws IOException If failed to create the requested channel + */ + ChannelExec createExecChannel( + String command, PtyChannelConfigurationHolder ptyConfig, Map env) + throws IOException; + + /** + * Create a subsystem channel. + * + * @param subsystem The subsystem name + * @return The created {@link ChannelSubsystem} + * @throws IOException If failed to create the requested channel + */ + ChannelSubsystem createSubsystemChannel(String subsystem) throws IOException; + + /** + * Create a direct tcp-ip channel which can be used to stream data to a remote port from the server. + * + * @param local The local address + * @param remote The remote address + * @return The created {@link ChannelDirectTcpip} + * @throws IOException If failed to create the requested channel + */ + ChannelDirectTcpip createDirectTcpipChannel( + SshdSocketAddress local, SshdSocketAddress remote) + throws IOException; + + /** + * Starts a local port forwarding and returns a tracker that stops the forwarding when the {@code close()} method is + * called. This tracker can be used in a {@code try-with-resource} block to ensure cleanup of the set up forwarding. + * + * @param localPort The local port - if zero one is allocated + * @param remote The remote address + * @return The tracker instance + * @throws IOException If failed to set up the requested forwarding + * @see #startLocalPortForwarding(SshdSocketAddress, SshdSocketAddress) + */ + default ExplicitPortForwardingTracker createLocalPortForwardingTracker( + int localPort, SshdSocketAddress remote) + throws IOException { + return createLocalPortForwardingTracker(new SshdSocketAddress(localPort), remote); + } + + /** + * Starts a local port forwarding and returns a tracker that stops the forwarding when the {@code close()} method is + * called. This tracker can be used in a {@code try-with-resource} block to ensure cleanup of the set up forwarding. + * + * @param local The local address + * @param remote The remote address + * @return The tracker instance + * @throws IOException If failed to set up the requested forwarding + * @see #startLocalPortForwarding(SshdSocketAddress, SshdSocketAddress) + */ + default ExplicitPortForwardingTracker createLocalPortForwardingTracker( + SshdSocketAddress local, SshdSocketAddress remote) + throws IOException { + return new ExplicitPortForwardingTracker( + this, true, local, remote, startLocalPortForwarding(local, remote)); + } + + /** + * Starts a remote port forwarding and returns a tracker that stops the forwarding when the {@code close()} method + * is called. This tracker can be used in a {@code try-with-resource} block to ensure cleanup of the set up + * forwarding. + * + * @param remote The remote address + * @param local The local address + * @return The tracker instance + * @throws IOException If failed to set up the requested forwarding + * @see #startRemotePortForwarding(SshdSocketAddress, SshdSocketAddress) + */ + default ExplicitPortForwardingTracker createRemotePortForwardingTracker( + SshdSocketAddress remote, SshdSocketAddress local) + throws IOException { + return new ExplicitPortForwardingTracker( + this, false, local, remote, startRemotePortForwarding(remote, local)); + } + + /** + * Starts a dynamic port forwarding and returns a tracker that stops the forwarding when the {@code close()} method + * is called. This tracker can be used in a {@code try-with-resource} block to ensure cleanup of the set up + * forwarding. + * + * @param local The local address + * @return The tracker instance + * @throws IOException If failed to set up the requested forwarding + * @see #startDynamicPortForwarding(SshdSocketAddress) + */ + default DynamicPortForwardingTracker createDynamicPortForwardingTracker(SshdSocketAddress local) throws IOException { + return new DynamicPortForwardingTracker(this, local, startDynamicPortForwarding(local)); + } + + /** + * @return A snapshot of the current session state + * @see #waitFor(Collection, long) + */ + Set getSessionState(); + + /** + * Wait for any one of a specific state to be signaled. + * + * @param mask The request {@link ClientSessionEvent}s mask + * @param timeout Wait time in milliseconds - non-positive means forever + * @return The actual state that was detected either due to the mask yielding one of the states or due to + * timeout (in which case the {@link ClientSessionEvent#TIMEOUT} value is set) + */ + Set waitFor(Collection mask, long timeout); + + /** + * Wait for any one of a specific state to be signaled. + * + * @param mask The request {@link ClientSessionEvent}s mask + * @param timeout Wait time - null means forever + * @return The actual state that was detected either due to the mask yielding one of the states or due to + * timeout (in which case the {@link ClientSessionEvent#TIMEOUT} value is set) + */ + default Set waitFor(Collection mask, Duration timeout) { + return waitFor(mask, timeout != null ? timeout.toMillis() : -1); + } + + /** + * Access to the metadata. + * + * @return The metadata {@link Map} - Note: access to the map is not {@code synchronized} in any way - up to + * the user to take care of mutual exclusion if necessary + */ + Map getMetadataMap(); + + /** + * @return The ClientFactoryManager for this session. + */ + @Override + ClientFactoryManager getFactoryManager(); + + /** + *

    + * Switch to a none cipher for performance. + *

    + * + *

    + * This should be done after the authentication phase has been performed. After such a switch, interactive channels + * are not allowed anymore. Both client and server must have been configured to support the none cipher. If that's + * not the case, the returned future will be set with an exception. + *

    + * + * @return an {@link KeyExchangeFuture} that can be used to wait for the exchange to be finished + * @throws IOException if a key exchange is already running + */ + KeyExchangeFuture switchToNoneCipher() throws IOException; + + /** + * Creates a "unified" {@link KeyIdentityProvider} of key pairs out of the registered {@link KeyPair} + * identities and the extra available ones as a single iterator of key pairs + * + * + * @param session The {@link ClientSession} - ignored if {@code null} (i.e., empty iterator returned) + * @return The wrapping KeyIdentityProvider + * @see ClientSession#getRegisteredIdentities() + * @see ClientSession#getKeyIdentityProvider() + */ + static KeyIdentityProvider providerOf(ClientSession session) { + return (session == null) + ? KeyIdentityProvider.EMPTY_KEYS_PROVIDER + : KeyIdentityProvider.resolveKeyIdentityProvider( + session.getRegisteredIdentities(), session.getKeyIdentityProvider()); + } + + /** + * Creates a "unified" {@link Iterator} of passwords out of the registered passwords and the extra + * available ones as a single iterator of passwords + * + * @param session The {@link ClientSession} - ignored if {@code null} (i.e., empty iterator returned) + * @return The wrapping iterator + * @see ClientSession#getRegisteredIdentities() + * @see ClientSession#getPasswordIdentityProvider() + */ + static Iterator passwordIteratorOf(ClientSession session) { + return (session == null) + ? Collections. emptyIterator() + : PasswordIdentityProvider.iteratorOf( + session.getRegisteredIdentities(), session.getPasswordIdentityProvider()); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/session/ClientSessionCreator.java b/files-sftp/src/main/java/org/apache/sshd/client/session/ClientSessionCreator.java new file mode 100644 index 0000000..d0e3c7e --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/session/ClientSessionCreator.java @@ -0,0 +1,225 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.session; + +import java.io.IOException; +import java.net.SocketAddress; + +import org.apache.sshd.client.config.hosts.HostConfigEntry; +import org.apache.sshd.client.future.ConnectFuture; +import org.apache.sshd.common.AttributeRepository; +import org.apache.sshd.common.util.net.SshdSocketAddress; + +/** + * @author Apache MINA SSHD Project + */ +public interface ClientSessionCreator { + + AttributeRepository.AttributeKey TARGET_SERVER = new AttributeRepository.AttributeKey<>(); + + /** + * Resolves the effective {@link HostConfigEntry} and connects to it + * + * @param uri The server uri to connect to + * @return A {@link ConnectFuture} + * @throws IOException If failed to resolve the effective target or connect to it + * @see #connect(HostConfigEntry) + */ + ConnectFuture connect(String uri) throws IOException; + + /** + * Resolves the effective {@link HostConfigEntry} and connects to it + * + * @param username The intended username + * @param host The target host name/address - never {@code null}/empty + * @param port The target port + * @return A {@link ConnectFuture} + * @throws IOException If failed to resolve the effective target or connect to it + * @see #connect(HostConfigEntry) + */ + default ConnectFuture connect(String username, String host, int port) throws IOException { + return connect(username, host, port, (AttributeRepository) null); + } + + /** + * Resolves the effective {@link HostConfigEntry} and connects to it + * + * @param username The intended username + * @param host The target host name/address - never {@code null}/empty + * @param port The target port + * @param context An optional "context" to be attached to the established session if successfully + * connected + * @return A {@link ConnectFuture} + * @throws IOException If failed to resolve the effective target or connect to it + */ + default ConnectFuture connect( + String username, String host, int port, AttributeRepository context) + throws IOException { + return connect(username, host, port, context, null); + } + + /** + * Resolves the effective {@link HostConfigEntry} and connects to it + * + * @param username The intended username + * @param host The target host name/address - never {@code null}/empty + * @param port The target port + * @param localAddress The local address to use - if {@code null} an automatic ephemeral port and bind address is + * used + * @return A {@link ConnectFuture} + * @throws IOException If failed to resolve the effective target or connect to it + * @see #connect(HostConfigEntry) + */ + default ConnectFuture connect( + String username, String host, int port, SocketAddress localAddress) + throws IOException { + return connect(username, host, port, null, localAddress); + } + + /** + * Resolves the effective {@link HostConfigEntry} and connects to it + * + * @param username The intended username + * @param host The target host name/address - never {@code null}/empty + * @param port The target port + * @param context An optional "context" to be attached to the established session if successfully + * connected + * @param localAddress The local address to use - if {@code null} an automatic ephemeral port and bind address is + * used + * @return A {@link ConnectFuture} + * @throws IOException If failed to resolve the effective target or connect to it + */ + ConnectFuture connect( + String username, String host, int port, AttributeRepository context, SocketAddress localAddress) + throws IOException; + + /** + * Resolves the effective {@link HostConfigEntry} and connects to it + * + * @param username The intended username + * @param address The intended {@link SocketAddress} - never {@code null}. If this is an + * {@link java.net.InetSocketAddress} then the effective {@link HostConfigEntry} is + * resolved and used. + * @return A {@link ConnectFuture} + * @throws IOException If failed to resolve the effective target or connect to it + * @see #connect(HostConfigEntry) + */ + default ConnectFuture connect(String username, SocketAddress address) throws IOException { + return connect(username, address, (AttributeRepository) null); + } + + /** + * Resolves the effective {@link HostConfigEntry} and connects to it + * + * @param username The intended username + * @param address The intended {@link SocketAddress} - never {@code null}. If this is an + * {@link java.net.InetSocketAddress} then the effective {@link HostConfigEntry} is + * resolved and used. + * @param context An optional "context" to be attached to the established session if successfully + * connected + * @return A {@link ConnectFuture} + * @throws IOException If failed to resolve the effective target or connect to it + */ + default ConnectFuture connect( + String username, SocketAddress address, AttributeRepository context) + throws IOException { + return connect(username, address, context, null); + } + + /** + * Resolves the effective {@link HostConfigEntry} and connects to it + * + * @param username The intended username + * @param targetAddress The intended target {@link SocketAddress} - never {@code null}. If this is an + * {@link java.net.InetSocketAddress} then the effective {@link HostConfigEntry} is + * resolved and used. + * @param localAddress The local address to use - if {@code null} an automatic ephemeral port and bind address is + * used + * @return A {@link ConnectFuture} + * @throws IOException If failed to resolve the effective target or connect to it + * @see #connect(HostConfigEntry) + */ + default ConnectFuture connect( + String username, SocketAddress targetAddress, SocketAddress localAddress) + throws IOException { + return connect(username, targetAddress, null, localAddress); + } + + /** + * Resolves the effective {@link HostConfigEntry} and connects to it + * + * @param username The intended username + * @param targetAddress The intended target {@link SocketAddress} - never {@code null}. If this is an + * {@link java.net.InetSocketAddress} then the effective {@link HostConfigEntry} is + * resolved and used. + * @param context An optional "context" to be attached to the established session if successfully + * connected + * @param localAddress The local address to use - if {@code null} an automatic ephemeral port and bind address is + * used + * @return A {@link ConnectFuture} + * @throws IOException If failed to resolve the effective target or connect to it + */ + ConnectFuture connect( + String username, SocketAddress targetAddress, AttributeRepository context, SocketAddress localAddress) + throws IOException; + + /** + * @param hostConfig The effective {@link HostConfigEntry} to connect to - never {@code null} + * @return A {@link ConnectFuture} + * @throws IOException If failed to create the connection future + */ + default ConnectFuture connect(HostConfigEntry hostConfig) throws IOException { + return connect(hostConfig, (AttributeRepository) null); + } + + /** + * @param hostConfig The effective {@link HostConfigEntry} to connect to - never {@code null} + * @param context An optional "context" to be attached to the established session if successfully + * connected + * @return A {@link ConnectFuture} + * @throws IOException If failed to create the connection future + */ + default ConnectFuture connect(HostConfigEntry hostConfig, AttributeRepository context) throws IOException { + return connect(hostConfig, context, null); + } + + /** + * @param hostConfig The effective {@link HostConfigEntry} to connect to - never {@code null} + * @param localAddress The local address to use - if {@code null} an automatic ephemeral port and bind address is + * used + * @return A {@link ConnectFuture} + * @throws IOException If failed to create the connection future + */ + default ConnectFuture connect(HostConfigEntry hostConfig, SocketAddress localAddress) throws IOException { + return connect(hostConfig, null, localAddress); + } + + /** + * @param hostConfig The effective {@link HostConfigEntry} to connect to - never {@code null} + * @param context An optional "context" to be attached to the established session if successfully + * connected + * @param localAddress The local address to use - if {@code null} an automatic ephemeral port and bind address is + * used + * @return A {@link ConnectFuture} + * @throws IOException If failed to create the connection future + */ + ConnectFuture connect( + HostConfigEntry hostConfig, AttributeRepository context, SocketAddress localAddress) + throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/session/ClientSessionHolder.java b/files-sftp/src/main/java/org/apache/sshd/client/session/ClientSessionHolder.java new file mode 100644 index 0000000..41072cf --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/session/ClientSessionHolder.java @@ -0,0 +1,31 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.session; + +/** + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface ClientSessionHolder { + /** + * @return The underlying {@link ClientSession} used + */ + ClientSession getClientSession(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/session/ClientSessionImpl.java b/files-sftp/src/main/java/org/apache/sshd/client/session/ClientSessionImpl.java new file mode 100644 index 0000000..de57109 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/session/ClientSessionImpl.java @@ -0,0 +1,325 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.session; + +import java.io.IOException; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.EnumSet; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.Set; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.client.ClientFactoryManager; +import org.apache.sshd.client.future.AuthFuture; +import org.apache.sshd.common.Service; +import org.apache.sshd.common.ServiceFactory; +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.SshException; +import org.apache.sshd.common.io.IoSession; +import org.apache.sshd.common.kex.KexState; +import org.apache.sshd.common.session.SessionListener; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * The default implementation of a {@link ClientSession} + * + * @author Apache MINA SSHD Project + */ +public class ClientSessionImpl extends AbstractClientSession { + + /** + * The authentication future created by the last call to {@link #auth()}; {@code null} before the first call to + * {@link #auth()}. + * + * Volatile because of unsynchronized access in {@link #updateCurrentSessionState(Collection)}. + */ + private volatile AuthFuture authFuture; + + private final AtomicReference beforeAuthErrorHolder = new AtomicReference<>(); + /** Also guards setting an earlyError and the authFuture together. */ + private final AtomicReference authErrorHolder = new AtomicReference<>(); + + /** + * For clients to store their own metadata + */ + private Map metadataMap = new HashMap<>(); + + // TODO: clean service support a bit + private boolean initialServiceRequestSent; + private ServiceFactory currentServiceFactory; + private Service nextService; + private ServiceFactory nextServiceFactory; + + public ClientSessionImpl(ClientFactoryManager client, IoSession ioSession) throws Exception { + super(client, ioSession); + // Need to set the initial service early as calling code likes to start trying to + // manipulate it before the connection has even been established. For instance, to + // set the authPassword. + List factories = client.getServiceFactories(); + int numFactories = GenericUtils.size(factories); + ValidateUtils.checkTrue((numFactories > 0) && (numFactories <= 2), "One or two services must be configured: %d", + numFactories); + + currentServiceFactory = factories.get(0); + currentService = currentServiceFactory.create(this); + if (numFactories > 1) { + nextServiceFactory = factories.get(1); + nextService = nextServiceFactory.create(this); + } else { + nextServiceFactory = null; + } + + signalSessionCreated(ioSession); + + /* + * Must be called regardless of whether the client identification is sent or not immediately in order to allow + * opening any underlying proxy protocol - e.g., SOCKS or HTTP CONNECT - otherwise the server's identification + * will never arrive + */ + initializeProxyConnector(); + + if (sendImmediateClientIdentification) { + sendClientIdentification(); + + if (sendImmediateKexInit) { + initializeKeyExchangePhase(); + } + } + } + + @Override + protected List getServices() { + if (nextService != null) { + return Arrays.asList(currentService, nextService); + } else { + return super.getServices(); + } + } + + @Override + public AuthFuture auth() throws IOException { + if (getUsername() == null) { + throw new IllegalStateException("No username specified when the session was created"); + } + + ClientUserAuthService authService = getUserAuthService(); + String serviceName = nextServiceName(); + Throwable earlyError; + AuthFuture future; + // Guard both getting early errors and setting authFuture + synchronized (authErrorHolder) { + future = ValidateUtils.checkNotNull( + authService.auth(serviceName), "No auth future generated by service=%s", serviceName); + // If have an error before the 1st auth then make it "sticky" + Throwable beforeAuthError = beforeAuthErrorHolder.get(); + if (authFuture != null) { + earlyError = authErrorHolder.getAndSet(beforeAuthError); + } else { + earlyError = beforeAuthError; + } + authFuture = future; + } + + if (earlyError != null) { + future.setException(earlyError); + // TODO consider throw directly: + // throw new IOException(earlyError.getMessage(), earlyError); + } + + return future; + } + + @Override + public void exceptionCaught(Throwable t) { + signalAuthFailure(t); + super.exceptionCaught(t); + } + + @Override + protected void preClose() { + signalAuthFailure(new SshException("Session is being closed")); + super.preClose(); + } + + @Override + protected void handleDisconnect(int code, String msg, String lang, Buffer buffer) throws Exception { + signalAuthFailure(new SshException(code, msg)); + super.handleDisconnect(code, msg, lang, buffer); + } + + protected void signalAuthFailure(Throwable t) { + AuthFuture future = authFuture; + boolean firstError = false; + if (future == null) { + synchronized (authErrorHolder) { + // save only the 1st newly signaled exception + firstError = authErrorHolder.compareAndSet(null, t); + future = authFuture; + // save in special location errors before the 1st auth attempt + if (future == null) { + beforeAuthErrorHolder.compareAndSet(null, t); + } + } + } + + if (future != null) { + future.setException(t); + } + + } + + protected String nextServiceName() { + synchronized (sessionLock) { + return nextServiceFactory.getName(); + } + } + + public void switchToNextService() throws IOException { + synchronized (sessionLock) { + if (nextService == null) { + throw new IllegalStateException("No service available"); + } + currentServiceFactory = nextServiceFactory; + currentService = nextService; + nextServiceFactory = null; + nextService = null; + currentService.start(); + } + } + + @Override + protected void signalSessionEvent(SessionListener.Event event) throws Exception { + if (SessionListener.Event.KeyEstablished.equals(event)) { + sendInitialServiceRequest(); + } + synchronized (futureLock) { + futureLock.notifyAll(); + } + super.signalSessionEvent(event); + } + + protected void sendInitialServiceRequest() throws IOException { + if (initialServiceRequestSent) { + return; + } + initialServiceRequestSent = true; + String serviceName = currentServiceFactory.getName(); + + Buffer request = createBuffer(SshConstants.SSH_MSG_SERVICE_REQUEST, serviceName.length() + Byte.SIZE); + request.putString(serviceName); + writePacket(request); + // Assuming that MINA-SSHD only implements "explicit server authentication" it is permissible + // for the client's service to start sending data before the service-accept has been received. + // If "implicit authentication" were to ever be supported, then this would need to be + // called after service-accept comes back. See SSH-TRANSPORT. + currentService.start(); + } + + @Override + public Set waitFor(Collection mask, long timeout) { + Objects.requireNonNull(mask, "No mask specified"); + long startTime = System.currentTimeMillis(); + /* + * NOTE: we need to use the futureLock since some of the events depend on auth/kex/close future(s) + */ + synchronized (futureLock) { + long remWait = timeout; + for (Set cond = EnumSet.noneOf(ClientSessionEvent.class);; cond.clear()) { + updateCurrentSessionState(cond); + + boolean nothingInCommon = Collections.disjoint(cond, mask); + if (!nothingInCommon) { + return cond; + } + + if (timeout > 0L) { + long now = System.currentTimeMillis(); + long usedTime = now - startTime; + if ((usedTime >= timeout) || (remWait <= 0L)) { + cond.add(ClientSessionEvent.TIMEOUT); + return cond; + } + } + + + long nanoStart = System.nanoTime(); + try { + if (timeout > 0L) { + futureLock.wait(remWait); + } else { + futureLock.wait(); + } + + long nanoEnd = System.nanoTime(); + long nanoDuration = nanoEnd - nanoStart; + + if (timeout > 0L) { + long waitDuration = TimeUnit.MILLISECONDS.convert(nanoDuration, TimeUnit.NANOSECONDS); + if (waitDuration <= 0L) { + waitDuration = 123L; + } + remWait -= waitDuration; + } + } catch (InterruptedException e) { + long nanoEnd = System.nanoTime(); + long nanoDuration = nanoEnd - nanoStart; + } + } + } + } + + @Override + public Set getSessionState() { + Set state = EnumSet.noneOf(ClientSessionEvent.class); + synchronized (futureLock) { + return updateCurrentSessionState(state); + } + } + + // NOTE: assumed to be called under lock + protected > C updateCurrentSessionState(C state) { + if (closeFuture.isClosed()) { + state.add(ClientSessionEvent.CLOSED); + } + if (isAuthenticated()) { // authFuture.isSuccess() + state.add(ClientSessionEvent.AUTHED); + } + if (KexState.DONE.equals(kexState.get())) { + AuthFuture future = authFuture; + if (future == null || future.isFailure()) { + state.add(ClientSessionEvent.WAIT_AUTH); + } + } + + return state; + } + + @Override + public Map getMetadataMap() { + return metadataMap; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/session/ClientUserAuthService.java b/files-sftp/src/main/java/org/apache/sshd/client/session/ClientUserAuthService.java new file mode 100644 index 0000000..d4bfc36 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/session/ClientUserAuthService.java @@ -0,0 +1,334 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.session; + +import java.io.IOException; +import java.io.InterruptedIOException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.atomic.AtomicReference; +import java.util.logging.Logger; + +import org.apache.sshd.client.auth.UserAuth; +import org.apache.sshd.client.auth.UserAuthFactory; +import org.apache.sshd.client.auth.keyboard.UserInteraction; +import org.apache.sshd.client.future.AuthFuture; +import org.apache.sshd.client.future.DefaultAuthFuture; +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.RuntimeSshException; +import org.apache.sshd.common.Service; +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.SshException; +import org.apache.sshd.common.auth.UserAuthMethodFactory; +import org.apache.sshd.common.io.IoWriteFuture; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.closeable.AbstractCloseable; +import org.apache.sshd.common.CoreModuleProperties; + +/** + * Client side ssh-auth service. + * + * @author Apache MINA SSHD Project + */ +public class ClientUserAuthService extends AbstractCloseable implements Service, ClientSessionHolder { + + private static final Logger logger = Logger.getLogger(ClientUserAuthService.class.getName()); + /** + * The AuthFuture that is being used by the current auth request. This encodes the state. isSuccess -> + * authenticated, else if isDone -> server waiting for user auth, else authenticating. + */ + protected final AtomicReference authFutureHolder = new AtomicReference<>(); + protected final ClientSessionImpl clientSession; + protected final List authFactories; + protected final List clientMethods; + protected List serverMethods; + + private final Map properties = new ConcurrentHashMap<>(); + + private String service; + private UserAuth userAuth; + private int currentMethod; + + public ClientUserAuthService(Session s) { + clientSession = ValidateUtils.checkInstanceOf( + s, ClientSessionImpl.class, "Client side service used on server side: %s", s); + authFactories = ValidateUtils.checkNotNullAndNotEmpty( + clientSession.getUserAuthFactories(), "No user auth factories for %s", s); + clientMethods = new ArrayList<>(); + + String prefs = CoreModuleProperties.PREFERRED_AUTHS.getOrNull(s); + if (GenericUtils.isEmpty(prefs)) { + for (UserAuthFactory factory : authFactories) { + clientMethods.add(factory.getName()); + } + } else { + + for (String pref : GenericUtils.split(prefs, ',')) { + UserAuthFactory factory = NamedResource.findByName(pref, String.CASE_INSENSITIVE_ORDER, authFactories); + if (factory != null) { + clientMethods.add(pref); + } else { + } + } + } + + clientSession.resetAuthTimeout(); + } + + @Override + public ClientSession getSession() { + return getClientSession(); + } + + @Override + public ClientSession getClientSession() { + return clientSession; + } + + @Override + public Map getProperties() { + return properties; + } + + @Override + public void start() { + // ignored + } + + public String getCurrentServiceName() { + return service; + } + + public AuthFuture auth(String service) throws IOException { + this.service = ValidateUtils.checkNotNullAndNotEmpty(service, "No service name"); + + ClientSession session = getClientSession(); + AuthFuture authFuture = updateCurrentAuthFuture(session, service); + + // start from scratch + serverMethods = null; + currentMethod = 0; + if (userAuth != null) { + try { + userAuth.destroy(); + } finally { + userAuth = null; + } + } + + sendInitialAuthRequest(session, service); + return authFuture; + } + + protected AuthFuture updateCurrentAuthFuture(ClientSession session, String service) throws IOException { + // check if any previous future in use + AuthFuture authFuture = createAuthFuture(session, service); + AuthFuture currentFuture = authFutureHolder.getAndSet(authFuture); + if (currentFuture != null) { + if (currentFuture.isDone()) { + } else { + currentFuture.setException( + new InterruptedIOException("New authentication started before previous completed")); + } + } + + return authFuture; + } + + protected AuthFuture createAuthFuture(ClientSession session, String service) throws IOException { + return new DefaultAuthFuture(service, clientSession.getFutureLock()); + } + + protected IoWriteFuture sendInitialAuthRequest(ClientSession session, String service) throws IOException { + logger.fine("send SSH_MSG_USERAUTH_REQUEST for 'none' " + session + " " + service); + + String username = session.getUsername(); + Buffer buffer = session.createBuffer(SshConstants.SSH_MSG_USERAUTH_REQUEST, + username.length() + service.length() + Integer.SIZE); + buffer.putString(username); + buffer.putString(service); + buffer.putString("none"); + return session.writePacket(buffer); + } + + @Override + public void process(int cmd, Buffer buffer) throws Exception { + ClientSession session = getClientSession(); + AuthFuture authFuture = authFutureHolder.get(); + if ((authFuture != null) && authFuture.isSuccess()) { + logger.severe("process unexpected authenticated client command: " + + session + " " + SshConstants.getCommandMessageName(cmd)); + + throw new IllegalStateException("UserAuth message delivered to authenticated client"); + } else if ((authFuture != null) && authFuture.isDone()) { + // ignore for now; TODO: random packets + } else if (cmd == SshConstants.SSH_MSG_USERAUTH_BANNER) { + String welcome = buffer.getString(); + String lang = buffer.getString(); + logger.fine("process welcome banner " + session + " " + lang + " " + welcome); + + UserInteraction ui = session.getUserInteraction(); + try { + if ((ui != null) && ui.isInteractionAllowed(session)) { + ui.welcome(session, welcome, lang); + } + } catch (Error e) { + throw new RuntimeSshException(e); + } + } else { + buffer.rpos(buffer.rpos() - 1); + processUserAuth(buffer); + } + } + + /** + * Execute one step in user authentication. + * + * @param buffer The input {@link Buffer} + * @throws Exception If failed to process + */ + protected void processUserAuth(Buffer buffer) throws Exception { + int cmd = buffer.getUByte(); + ClientSession session = getClientSession(); + if (cmd == SshConstants.SSH_MSG_USERAUTH_SUCCESS) { + + if (userAuth != null) { + try { + try { + userAuth.signalAuthMethodSuccess(session, service, buffer); + } finally { + userAuth.destroy(); + } + } finally { + userAuth = null; + } + } + session.setAuthenticated(); + ((ClientSessionImpl) session).switchToNextService(); + + AuthFuture authFuture = Objects.requireNonNull(authFutureHolder.get(), "No current future"); + // Will wake up anyone sitting in waitFor + authFuture.setAuthed(true); + return; + } + + if (cmd == SshConstants.SSH_MSG_USERAUTH_FAILURE) { + String mths = buffer.getString(); + boolean partial = buffer.getBoolean(); + if (partial || (serverMethods == null)) { + serverMethods = Arrays.asList(GenericUtils.split(mths, ',')); + currentMethod = 0; + if (userAuth != null) { + try { + try { + userAuth.signalAuthMethodFailure( + session, service, partial, Collections.unmodifiableList(serverMethods), buffer); + } finally { + userAuth.destroy(); + } + } finally { + userAuth = null; + } + } + } + + tryNext(cmd); + return; + } + + if (userAuth == null) { + throw new IllegalStateException( + "Received unknown packet: " + SshConstants.getCommandMessageName(cmd)); + } + + + buffer.rpos(buffer.rpos() - 1); + if (!userAuth.process(buffer)) { + tryNext(cmd); + } + } + + protected void tryNext(int cmd) throws Exception { + ClientSession session = getClientSession(); + while(true) { + if (userAuth == null) { + logger.fine("tryNext starting authentication mechanisms: " + + session + " + " + clientMethods + " " + serverMethods); + } else if (!userAuth.process(null)) { + try { + userAuth.destroy(); + } finally { + userAuth = null; + } + + currentMethod++; + } else { + return; + } + + String method = null; + for (; currentMethod < clientMethods.size(); currentMethod++) { + method = clientMethods.get(currentMethod); + if (serverMethods.contains(method)) { + break; + } + } + + if (currentMethod >= clientMethods.size()) { + logger.fine("tryNext exhausted all methods " + + session + " + " + clientMethods + " " + serverMethods); + + // also wake up anyone sitting in waitFor + AuthFuture authFuture = Objects.requireNonNull(authFutureHolder.get(), "No current future"); + authFuture.setException(new SshException( + SshConstants.SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE, + "No more authentication methods available")); + return; + } + + userAuth = UserAuthMethodFactory.createUserAuth(session, authFactories, method); + if (userAuth == null) { + throw new UnsupportedOperationException( + "Failed to find a user-auth factory for method=" + method); + } + + logger.fine("tryNext attempting method " + session + " " + method); + + userAuth.init(session, service); + } + } + + @Override + protected void preClose() { + AuthFuture authFuture = authFutureHolder.get(); + if ((authFuture != null) && (!authFuture.isDone())) { + authFuture.setException(new SshException("Session is closed")); + } + + super.preClose(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/session/ClientUserAuthServiceFactory.java b/files-sftp/src/main/java/org/apache/sshd/client/session/ClientUserAuthServiceFactory.java new file mode 100644 index 0000000..7d7656f --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/session/ClientUserAuthServiceFactory.java @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.session; + +import java.io.IOException; + +import org.apache.sshd.common.Service; +import org.apache.sshd.common.auth.AbstractUserAuthServiceFactory; +import org.apache.sshd.common.session.Session; + +/** + * @author Apache MINA SSHD Project + */ +public class ClientUserAuthServiceFactory extends AbstractUserAuthServiceFactory { + public static final ClientUserAuthServiceFactory INSTANCE = new ClientUserAuthServiceFactory(); + + public ClientUserAuthServiceFactory() { + super(); + } + + @Override + public Service create(Session session) throws IOException { + return new ClientUserAuthService(session); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/session/SessionFactory.java b/files-sftp/src/main/java/org/apache/sshd/client/session/SessionFactory.java new file mode 100644 index 0000000..12803f8 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/session/SessionFactory.java @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.client.session; + +import org.apache.sshd.client.ClientFactoryManager; +import org.apache.sshd.common.io.IoSession; +import org.apache.sshd.common.session.helpers.AbstractSessionFactory; + +/** + * A factory of client sessions. This class can be used as a way to customize the creation of client sessions. + * + * @author Apache MINA SSHD Project + * @see org.apache.sshd.client.SshClient#setSessionFactory(SessionFactory) + */ +public class SessionFactory extends AbstractSessionFactory { + + public SessionFactory(ClientFactoryManager client) { + super(client); + } + + public final ClientFactoryManager getClient() { + return getFactoryManager(); + } + + @Override + protected ClientSessionImpl doCreateSession(IoSession ioSession) throws Exception { + return new ClientSessionImpl(getClient(), ioSession); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/session/forward/DynamicPortForwardingTracker.java b/files-sftp/src/main/java/org/apache/sshd/client/session/forward/DynamicPortForwardingTracker.java new file mode 100644 index 0000000..5c3ab4e --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/session/forward/DynamicPortForwardingTracker.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.session.forward; + +import java.io.IOException; + +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.forward.PortForwardingManager; +import org.apache.sshd.common.util.net.SshdSocketAddress; + +/** + * @author Apache MINA SSHD Project + */ +public class DynamicPortForwardingTracker extends PortForwardingTracker { + public DynamicPortForwardingTracker( + ClientSession session, SshdSocketAddress localAddress, SshdSocketAddress boundAddress) { + super(session, localAddress, boundAddress); + } + + @Override + public void close() throws IOException { + if (open.getAndSet(false)) { + PortForwardingManager manager = getClientSession(); + manager.stopDynamicPortForwarding(getBoundAddress()); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/session/forward/ExplicitPortForwardingTracker.java b/files-sftp/src/main/java/org/apache/sshd/client/session/forward/ExplicitPortForwardingTracker.java new file mode 100644 index 0000000..9c665f7 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/session/forward/ExplicitPortForwardingTracker.java @@ -0,0 +1,73 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.session.forward; + +import java.io.IOException; +import java.util.Objects; + +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.forward.PortForwardingManager; +import org.apache.sshd.common.util.net.ConnectionEndpointsIndicator; +import org.apache.sshd.common.util.net.SshdSocketAddress; + +/** + * @author Apache MINA SSHD Project + */ +public class ExplicitPortForwardingTracker extends PortForwardingTracker implements ConnectionEndpointsIndicator { + private final boolean localForwarding; + private final SshdSocketAddress remoteAddress; + + public ExplicitPortForwardingTracker(ClientSession session, boolean localForwarding, + SshdSocketAddress localAddress, SshdSocketAddress remoteAddress, + SshdSocketAddress boundAddress) { + super(session, localAddress, boundAddress); + this.localForwarding = localForwarding; + this.remoteAddress = Objects.requireNonNull(remoteAddress, "No remote address specified"); + } + + public boolean isLocalForwarding() { + return localForwarding; + } + + @Override + public SshdSocketAddress getRemoteAddress() { + return remoteAddress; + } + + @Override + public void close() throws IOException { + if (open.getAndSet(false)) { + PortForwardingManager manager = getClientSession(); + if (isLocalForwarding()) { + manager.stopLocalPortForwarding(getLocalAddress()); + } else { + manager.stopRemotePortForwarding(getRemoteAddress()); + } + } + } + + @Override + public String toString() { + return super.toString() + + "[localForwarding=" + isLocalForwarding() + + ", remote=" + getRemoteAddress() + + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/session/forward/PortForwardingTracker.java b/files-sftp/src/main/java/org/apache/sshd/client/session/forward/PortForwardingTracker.java new file mode 100644 index 0000000..89d9651 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/session/forward/PortForwardingTracker.java @@ -0,0 +1,80 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.session.forward; + +import java.nio.channels.Channel; +import java.util.Objects; +import java.util.concurrent.atomic.AtomicBoolean; + +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.client.session.ClientSessionHolder; +import org.apache.sshd.common.session.SessionHolder; +import org.apache.sshd.common.util.net.SshdSocketAddress; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class PortForwardingTracker + implements Channel, SessionHolder, ClientSessionHolder { + protected final AtomicBoolean open = new AtomicBoolean(true); + private final ClientSession session; + private final SshdSocketAddress localAddress; + private final SshdSocketAddress boundAddress; + + protected PortForwardingTracker( + ClientSession session, SshdSocketAddress localAddress, SshdSocketAddress boundAddress) { + this.session = Objects.requireNonNull(session, "No client session provided"); + this.localAddress = Objects.requireNonNull(localAddress, "No local address specified"); + this.boundAddress = Objects.requireNonNull(boundAddress, "No bound address specified"); + } + + @Override + public boolean isOpen() { + return open.get(); + } + + public SshdSocketAddress getLocalAddress() { + return localAddress; + } + + public SshdSocketAddress getBoundAddress() { + return boundAddress; + } + + @Override + public ClientSession getClientSession() { + return session; + } + + @Override + public ClientSession getSession() { + return getClientSession(); + } + + @Override + public String toString() { + return getClass().getSimpleName() + + "[session=" + getClientSession() + + ", localAddress=" + getLocalAddress() + + ", boundAddress=" + getBoundAddress() + + ", open=" + isOpen() + + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/simple/AbstractSimpleClient.java b/files-sftp/src/main/java/org/apache/sshd/client/simple/AbstractSimpleClient.java new file mode 100644 index 0000000..64e8706 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/simple/AbstractSimpleClient.java @@ -0,0 +1,29 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.simple; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractSimpleClient implements SimpleClient { + protected AbstractSimpleClient() { + super(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/simple/AbstractSimpleClientSessionCreator.java b/files-sftp/src/main/java/org/apache/sshd/client/simple/AbstractSimpleClientSessionCreator.java new file mode 100644 index 0000000..e32bf28 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/simple/AbstractSimpleClientSessionCreator.java @@ -0,0 +1,246 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.simple; + +import java.io.IOException; +import java.net.SocketAddress; +import java.nio.channels.Channel; +import java.security.KeyPair; +import java.util.Objects; + +import org.apache.sshd.client.config.hosts.HostConfigEntry; +import org.apache.sshd.client.future.AuthFuture; +import org.apache.sshd.client.future.ConnectFuture; +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.client.session.ClientSessionCreator; +import org.apache.sshd.common.AttributeRepository; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractSimpleClientSessionCreator extends AbstractSimpleClient implements ClientSessionCreator { + private long connectTimeout; + private long authenticateTimeout; + + protected AbstractSimpleClientSessionCreator() { + this(DEFAULT_CONNECT_TIMEOUT, DEFAULT_AUTHENTICATION_TIMEOUT); + } + + protected AbstractSimpleClientSessionCreator(long connTimeout, long authTimeout) { + setConnectTimeout(connTimeout); + setAuthenticationTimeout(authTimeout); + } + + @Override + public long getConnectTimeout() { + return connectTimeout; + } + + @Override + public void setConnectTimeout(long timeout) { + ValidateUtils.checkTrue(timeout > 0, "Non-positive connect timeout: %d", timeout); + connectTimeout = timeout; + } + + @Override + public long getAuthenticationTimeout() { + return authenticateTimeout; + } + + @Override + public void setAuthenticationTimeout(long timeout) { + ValidateUtils.checkTrue(timeout > 0, "Non-positive authentication timeout: %d", timeout); + authenticateTimeout = timeout; + } + + @Override + public ClientSession sessionLogin(SocketAddress target, String username, String password) throws IOException { + return loginSession(connect(username, target), password); + } + + @Override + public ClientSession sessionLogin(SocketAddress target, String username, KeyPair identity) throws IOException { + return loginSession(connect(username, target), identity); + } + + @Override + public ClientSession sessionLogin(String uri, String password) throws IOException { + return loginSession(connect(uri), password); + } + + @Override + public ClientSession sessionLogin(String uri, KeyPair identity) throws IOException { + return loginSession(connect(uri), identity); + } + + protected ClientSession loginSession(ConnectFuture future, String password) throws IOException { + return authSession(future.verify(getConnectTimeout()), password); + } + + protected ClientSession loginSession(ConnectFuture future, KeyPair identity) throws IOException { + return authSession(future.verify(getConnectTimeout()), identity); + } + + protected ClientSession authSession(ConnectFuture future, String password) throws IOException { + ClientSession session = future.getSession(); + session.addPasswordIdentity(password); + return authSession(session); + } + + protected ClientSession authSession(ConnectFuture future, KeyPair identity) throws IOException { + ClientSession session = future.getSession(); + session.addPublicKeyIdentity(identity); + return authSession(session); + } + + protected ClientSession authSession(ClientSession clientSession) throws IOException { + ClientSession session = clientSession; + IOException err = null; + try { + AuthFuture auth = session.auth(); + auth.verify(getAuthenticationTimeout()); + session = null; // disable auto-close + } catch (IOException e) { + err = GenericUtils.accumulateException(err, e); + } finally { + if (session != null) { + try { + session.close(); + } catch (IOException e) { + err = GenericUtils.accumulateException(err, e); + } + } + } + + if (err != null) { + throw err; + } + + return clientSession; + } + + /** + * Wraps an existing {@link ClientSessionCreator} into a {@link SimpleClient} + * + * @param creator The {@link ClientSessionCreator} - never {@code null} + * @param channel The {@link Channel} representing the creator for relaying {@link #isOpen()} and {@link #close()} + * calls + * @return The {@link SimpleClient} wrapper. Note: closing the wrapper also closes the underlying + * sessions creator. + */ + @SuppressWarnings("checkstyle:anoninnerlength") + public static SimpleClient wrap(ClientSessionCreator creator, Channel channel) { + Objects.requireNonNull(creator, "No sessions creator"); + Objects.requireNonNull(channel, "No channel"); + return new AbstractSimpleClientSessionCreator() { + @Override + public ConnectFuture connect(String uri) throws IOException { + return creator.connect(uri); + } + + @Override + public ConnectFuture connect(String username, String host, int port) throws IOException { + return creator.connect(username, host, port); + } + + @Override + public ConnectFuture connect(String username, String host, int port, SocketAddress localAddress) + throws IOException { + return creator.connect(username, host, port, localAddress); + } + + @Override + public ConnectFuture connect(String username, SocketAddress address) throws IOException { + return creator.connect(username, address); + } + + @Override + public ConnectFuture connect(String username, SocketAddress targetAddress, SocketAddress localAddress) + throws IOException { + return creator.connect(username, targetAddress, localAddress); + } + + @Override + public ConnectFuture connect(HostConfigEntry hostConfig) throws IOException { + return creator.connect(hostConfig); + } + + @Override + public ConnectFuture connect(HostConfigEntry hostConfig, SocketAddress localAddress) throws IOException { + return creator.connect(hostConfig, localAddress); + } + + @Override + public ConnectFuture connect( + HostConfigEntry hostConfig, AttributeRepository context, SocketAddress localAddress) + throws IOException { + return creator.connect(hostConfig, context, localAddress); + } + + @Override + public ConnectFuture connect( + String username, SocketAddress targetAddress, AttributeRepository context, SocketAddress localAddress) + throws IOException { + return creator.connect(username, targetAddress, context, localAddress); + } + + @Override + public ConnectFuture connect( + String username, String host, int port, AttributeRepository context, SocketAddress localAddress) + throws IOException { + return creator.connect(username, host, port, context, localAddress); + } + + @Override + public ConnectFuture connect(HostConfigEntry hostConfig, AttributeRepository context) throws IOException { + return creator.connect(hostConfig, context); + } + + @Override + public ConnectFuture connect(String username, SocketAddress address, AttributeRepository context) + throws IOException { + return creator.connect(username, address, context); + } + + @Override + public ConnectFuture connect(String username, String host, int port, AttributeRepository context) + throws IOException { + return creator.connect(username, host, port, context); + } + + @Override + public boolean isOpen() { + return channel.isOpen(); + } + + @Override + public void close() throws IOException { + channel.close(); + } + + @Override + public String toString() { + return SimpleClient.class.getSimpleName() + "[" + channel + "]"; + } + }; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/simple/SimpleClient.java b/files-sftp/src/main/java/org/apache/sshd/client/simple/SimpleClient.java new file mode 100644 index 0000000..819f6af --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/simple/SimpleClient.java @@ -0,0 +1,36 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.simple; + +import java.nio.channels.Channel; + +/** + * Provides a simplified and synchronous view of the available SSH client functionality. If more fine-grained + * control and configuration of the SSH client behavior and features is required then the + * {@link org.apache.sshd.client.SshClient} object should be used + * + * @author Apache MINA SSHD Project + */ +public interface SimpleClient + extends SimpleClientConfigurator, + SimpleSessionClient, + Channel { + // marker interface +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/simple/SimpleClientConfigurator.java b/files-sftp/src/main/java/org/apache/sshd/client/simple/SimpleClientConfigurator.java new file mode 100644 index 0000000..0a38c83 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/simple/SimpleClientConfigurator.java @@ -0,0 +1,59 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.simple; + +import org.apache.sshd.common.SshConstants; + +/** + * @author Apache MINA SSHD Project + */ +public interface SimpleClientConfigurator { + /** + * Default connect timeout (msec.) unless {@link #setConnectTimeout(long)} is used + */ + long DEFAULT_CONNECT_TIMEOUT = Long.MAX_VALUE; // virtually infinite + + /** + * Default authentication timeout (msec.) unless {@link #setAuthenticationTimeout(long)} is used + */ + long DEFAULT_AUTHENTICATION_TIMEOUT = Long.MAX_VALUE; // virtually infinite + + int DEFAULT_PORT = SshConstants.DEFAULT_PORT; + + /** + * @return Current connect timeout (msec.) - always positive + */ + long getConnectTimeout(); + + /** + * @param timeout Requested connect timeout (msec.) - always positive + */ + void setConnectTimeout(long timeout); + + /** + * @return Current authentication timeout (msec.) - always positive + */ + long getAuthenticationTimeout(); + + /** + * @param timeout Requested authentication timeout (msec.) - always positive + */ + void setAuthenticationTimeout(long timeout); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/simple/SimpleSessionClient.java b/files-sftp/src/main/java/org/apache/sshd/client/simple/SimpleSessionClient.java new file mode 100644 index 0000000..658abe1 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/simple/SimpleSessionClient.java @@ -0,0 +1,190 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.simple; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.InetSocketAddress; +import java.net.SocketAddress; +import java.nio.channels.Channel; +import java.security.KeyPair; +import java.util.Objects; + +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * A simplified synchronous API for creating client sessions + * + * @author Apache MINA SSHD Project + */ +public interface SimpleSessionClient extends SimpleClientConfigurator, Channel { + /** + * Creates a session on the default port and logs in using the provided credentials + * + * @param host The target host name or address + * @param username Username + * @param password Password + * @return Created {@link ClientSession} + * @throws IOException If failed to login or authenticate + */ + default ClientSession sessionLogin(String host, String username, String password) throws IOException { + return sessionLogin(host, DEFAULT_PORT, username, password); + } + + /** + * Creates a session and logs in using the provided credentials + * + * @param host The target host name or address + * @param port The target port + * @param username Username + * @param password Password + * @return Created {@link ClientSession} + * @throws IOException If failed to login or authenticate + */ + default ClientSession sessionLogin(String host, int port, String username, String password) throws IOException { + return sessionLogin(InetAddress.getByName(ValidateUtils.checkNotNullAndNotEmpty(host, "No host")), port, username, + password); + } + + /** + * Creates a session on the default port and logs in using the provided credentials + * + * @param host The target host name or address + * @param username Username + * @param identity The {@link KeyPair} identity + * @return Created {@link ClientSession} + * @throws IOException If failed to login or authenticate + */ + default ClientSession sessionLogin(String host, String username, KeyPair identity) throws IOException { + return sessionLogin(host, DEFAULT_PORT, username, identity); + } + + /** + * Creates a session and logs in using the provided credentials + * + * @param host The target host name or address + * @param port The target port + * @param username Username + * @param identity The {@link KeyPair} identity + * @return Created {@link ClientSession} + * @throws IOException If failed to login or authenticate + */ + default ClientSession sessionLogin(String host, int port, String username, KeyPair identity) throws IOException { + return sessionLogin(InetAddress.getByName(ValidateUtils.checkNotNullAndNotEmpty(host, "No host")), port, username, + identity); + } + + /** + * Creates a session on the default port and logs in using the provided credentials + * + * @param host The target host {@link InetAddress} + * @param username Username + * @param password Password + * @return Created {@link ClientSession} + * @throws IOException If failed to login or authenticate + */ + default ClientSession sessionLogin(InetAddress host, String username, String password) throws IOException { + return sessionLogin(host, DEFAULT_PORT, username, password); + } + + /** + * Creates a session and logs in using the provided credentials + * + * @param host The target host {@link InetAddress} + * @param port The target port + * @param username Username + * @param password Password + * @return Created {@link ClientSession} + * @throws IOException If failed to login or authenticate + */ + default ClientSession sessionLogin(InetAddress host, int port, String username, String password) throws IOException { + return sessionLogin(new InetSocketAddress(Objects.requireNonNull(host, "No host address"), port), username, password); + } + + /** + * Creates a session on the default port and logs in using the provided credentials + * + * @param host The target host {@link InetAddress} + * @param username Username + * @param identity The {@link KeyPair} identity + * @return Created {@link ClientSession} + * @throws IOException If failed to login or authenticate + */ + default ClientSession sessionLogin(InetAddress host, String username, KeyPair identity) throws IOException { + return sessionLogin(host, DEFAULT_PORT, username, identity); + } + + /** + * Creates a session and logs in using the provided credentials + * + * @param host The target host {@link InetAddress} + * @param port The target port + * @param username Username + * @param identity The {@link KeyPair} identity + * @return Created {@link ClientSession} + * @throws IOException If failed to login or authenticate + */ + default ClientSession sessionLogin(InetAddress host, int port, String username, KeyPair identity) throws IOException { + return sessionLogin(new InetSocketAddress(Objects.requireNonNull(host, "No host address"), port), username, identity); + } + + /** + * Creates a session and logs in using the provided credentials + * + * @param target The target {@link SocketAddress} + * @param username Username + * @param password Password + * @return Created {@link ClientSession} + * @throws IOException If failed to login or authenticate + */ + ClientSession sessionLogin(SocketAddress target, String username, String password) throws IOException; + + /** + * Creates a session and logs in using the provided credentials + * + * @param target The target {@link SocketAddress} + * @param username Username + * @param identity The {@link KeyPair} identity + * @return Created {@link ClientSession} + * @throws IOException If failed to login or authenticate + */ + ClientSession sessionLogin(SocketAddress target, String username, KeyPair identity) throws IOException; + + /** + * Creates a session and logs in using the provided credentials + * + * @param uri The target uri + * @param password Password + * @return Created {@link ClientSession} + * @throws IOException If failed to login or authenticate + */ + ClientSession sessionLogin(String uri, String password) throws IOException; + + /** + * Creates a session and logs in using the provided credentials + * + * @param uri The target uri + * @param identity The {@link KeyPair} identity + * @return Created {@link ClientSession} + * @throws IOException If failed to login or authenticate + */ + ClientSession sessionLogin(String uri, KeyPair identity) throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/subsystem/AbstractSubsystemClient.java b/files-sftp/src/main/java/org/apache/sshd/client/subsystem/AbstractSubsystemClient.java new file mode 100644 index 0000000..5e3cbf2 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/subsystem/AbstractSubsystemClient.java @@ -0,0 +1,37 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.subsystem; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractSubsystemClient implements SubsystemClient { + protected AbstractSubsystemClient() { + super(); + } + + @Override + public String toString() { + return getClass().getSimpleName() + + "[name=" + getName() + + ", session=" + getSession() + + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/client/subsystem/SubsystemClient.java b/files-sftp/src/main/java/org/apache/sshd/client/subsystem/SubsystemClient.java new file mode 100644 index 0000000..5402799 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/client/subsystem/SubsystemClient.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.subsystem; + +import java.nio.channels.Channel; + +import org.apache.sshd.client.channel.ClientChannelHolder; +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.client.session.ClientSessionHolder; +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.session.SessionHolder; + +/** + * @author Apache MINA SSHD Project + */ +public interface SubsystemClient + extends SessionHolder, + ClientSessionHolder, + NamedResource, + Channel, + ClientChannelHolder { + @Override + default ClientSession getSession() { + return getClientSession(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/AlgorithmNameProvider.java b/files-sftp/src/main/java/org/apache/sshd/common/AlgorithmNameProvider.java new file mode 100644 index 0000000..87d4959 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/AlgorithmNameProvider.java @@ -0,0 +1,27 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common; + +/** + * @author Apache MINA SSHD Project + */ +public interface AlgorithmNameProvider { + String getAlgorithm(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/AttributeRepository.java b/files-sftp/src/main/java/org/apache/sshd/common/AttributeRepository.java new file mode 100644 index 0000000..bd9e561 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/AttributeRepository.java @@ -0,0 +1,130 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common; + +import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; +import java.util.Map; +import java.util.Objects; + +import org.apache.sshd.common.util.GenericUtils; + +/** + * @author Apache MINA SSHD Project + */ +public interface AttributeRepository { + /** + *

    + * Type safe key for storage of user attributes. Typically it is used as a static variable that is shared between + * the producer and the consumer. To further restrict access the setting or getting it from the store one can add + * static {@code get/set methods} e.g: + *

    + * + * 
    +     * 
+     * public static final AttributeKey<MyValue> MY_KEY = new AttributeKey<MyValue>();
+     *
+     * public static MyValue getMyValue(Session s) {
+     *   return s.getAttribute(MY_KEY);
+     * }
+     *
+     * public static void setMyValue(Session s, MyValue value) {
+     *   s.setAttribute(MY_KEY, value);
+     * }
+     * 
+     *
    + * + * @param type of value stored in the attribute. + * @author Apache MINA SSHD Project + */ + // CHECKSTYLE:OFF + class AttributeKey { + public AttributeKey() { + super(); + } + } + // CHECKSTYLE:ON + + /** + * @return Current number of user-defined attributes stored in the repository + */ + int getAttributesCount(); + + /** + * Returns the value of the user-defined attribute. + * + * @param The generic attribute type + * @param key The key of the attribute; must not be {@code null}. + * @return {@code null} if there is no value associated with the specified key + */ + T getAttribute(AttributeKey key); + + /** + * Attempts to resolve the associated value by going up the store's hierarchy (if any) + * + * @param The generic attribute type + * @param key The key of the attribute; must not be {@code null}. + * @return {@code null} if there is no value associated with the specified key either in this repository or any + * of its ancestors (if any available) + */ + default T resolveAttribute(AttributeKey key) { + return getAttribute(key); + } + + /** + * @return A {@link Collection} snapshot of all the currently registered attributes in the repository + */ + Collection> attributeKeys(); + + static AttributeRepository ofKeyValuePair(AttributeKey key, A value) { + Objects.requireNonNull(key, "No key provided"); + Objects.requireNonNull(value, "No value provided"); + return ofAttributesMap(Collections.singletonMap(key, value)); + } + + static AttributeRepository ofAttributesMap(Map, ?> attributes) { + return new AttributeRepository() { + @Override + public int getAttributesCount() { + return attributes.size(); + } + + @Override + @SuppressWarnings("unchecked") + public T getAttribute(AttributeKey key) { + Objects.requireNonNull(key, "No key provided"); + return GenericUtils.isEmpty(attributes) ? null : (T) attributes.get(key); + } + + @Override + public Collection> attributeKeys() { + return GenericUtils.isEmpty(attributes) + ? Collections.emptySet() + : new HashSet<>(attributes.keySet()); + } + + @Override + public String toString() { + return AttributeRepository.class.getSimpleName() + "[" + attributes + "]"; + } + }; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/AttributeStore.java b/files-sftp/src/main/java/org/apache/sshd/common/AttributeStore.java new file mode 100644 index 0000000..8639793 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/AttributeStore.java @@ -0,0 +1,83 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common; + +import java.util.Objects; +import java.util.function.Function; + +/** + * Provides the capability to attach in-memory attributes to the entity + * + * @author Apache MINA SSHD Project + */ +public interface AttributeStore extends AttributeRepository { + /** + * If the specified key is not already associated with a value (or is mapped to {@code null}), attempts to compute + * its value using the given mapping function and enters it into this map unless {@code null}. + * + * @param The generic attribute type + * @param key The key of the attribute; must not be {@code null}. + * @param resolver The (never {@code null}) mapping function to use if value not already mapped. If returns + * {@code null} then value is not mapped to the provided key. + * @return The resolved value - {@code null} if value not mapped and resolver did not return a + * non-{@code null} value for it + */ + default T computeAttributeIfAbsent( + AttributeKey key, Function, ? extends T> resolver) { + Objects.requireNonNull(resolver, "No resolver provided"); + + T value = getAttribute(key); + if (value != null) { + return value; + } + + value = resolver.apply(key); + if (value == null) { + return null; + } + + setAttribute(key, value); + return value; + } + + /** + * Sets a user-defined attribute. + * + * @param The generic attribute type + * @param key The key of the attribute; must not be {@code null}. + * @param value The value of the attribute; must not be {@code null}. + * @return The old value of the attribute; {@code null} if it is new. + */ + T setAttribute(AttributeKey key, T value); + + /** + * Removes the user-defined attribute + * + * @param The generic attribute type + * @param key The key of the attribute; must not be {@code null}. + * @return The removed value; {@code null} if no previous value + */ + T removeAttribute(AttributeKey key); + + /** + * Removes all currently stored user-defined attributes + */ + void clearAttributes(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/BaseBuilder.java b/files-sftp/src/main/java/org/apache/sshd/common/BaseBuilder.java new file mode 100644 index 0000000..c586258 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/BaseBuilder.java @@ -0,0 +1,314 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common; + +import java.util.Arrays; +import java.util.Collections; +import java.util.List; + +import org.apache.sshd.common.channel.ChannelFactory; +import org.apache.sshd.common.channel.RequestHandler; +import org.apache.sshd.common.channel.throttle.ChannelStreamWriterResolver; +import org.apache.sshd.common.cipher.BuiltinCiphers; +import org.apache.sshd.common.cipher.Cipher; +import org.apache.sshd.common.compression.Compression; +import org.apache.sshd.common.file.FileSystemFactory; +import org.apache.sshd.common.file.nativefs.NativeFileSystemFactory; +import org.apache.sshd.common.forward.ForwarderFactory; +import org.apache.sshd.common.helpers.AbstractFactoryManager; +import org.apache.sshd.common.kex.BuiltinDHFactories; +import org.apache.sshd.common.kex.KeyExchangeFactory; +import org.apache.sshd.common.mac.BuiltinMacs; +import org.apache.sshd.common.mac.Mac; +import org.apache.sshd.common.random.Random; +import org.apache.sshd.common.random.SingletonRandomFactory; +import org.apache.sshd.common.session.ConnectionService; +import org.apache.sshd.common.session.UnknownChannelReferenceHandler; +import org.apache.sshd.common.session.helpers.DefaultUnknownChannelReferenceHandler; +import org.apache.sshd.common.signature.BuiltinSignatures; +import org.apache.sshd.common.signature.Signature; +import org.apache.sshd.common.util.ObjectBuilder; +import org.apache.sshd.common.util.security.SecurityUtils; +import org.apache.sshd.common.forward.ForwardingFilter; +import org.apache.sshd.common.forward.RejectAllForwardingFilter; + +/** + * Base class for dedicated client/server instance builders + * + * @param Type of {@link AbstractFactoryManager} being built + * @param Type of builder + * @author Apache MINA SSHD Project + */ +public class BaseBuilder> implements ObjectBuilder { + public static final FileSystemFactory DEFAULT_FILE_SYSTEM_FACTORY = NativeFileSystemFactory.INSTANCE; + + public static final ForwardingFilter DEFAULT_FORWARDING_FILTER = RejectAllForwardingFilter.INSTANCE; + + /** + * The default {@link BuiltinCiphers} setup in order of preference as specified by + * ssh_config(5) + */ + public static final List DEFAULT_CIPHERS_PREFERENCE = Collections.unmodifiableList( + Arrays.asList( + BuiltinCiphers.aes128ctr, + BuiltinCiphers.aes192ctr, + BuiltinCiphers.aes256ctr, + BuiltinCiphers.aes128gcm, + BuiltinCiphers.aes256gcm, + BuiltinCiphers.aes128cbc, + BuiltinCiphers.aes192cbc, + BuiltinCiphers.aes256cbc)); + + /** + * The default {@link BuiltinDHFactories} setup in order of preference as specified by + * ssh_config(5) + */ + public static final List DEFAULT_KEX_PREFERENCE = Collections.unmodifiableList( + Arrays.asList( + BuiltinDHFactories.ecdhp521, + BuiltinDHFactories.ecdhp384, + BuiltinDHFactories.ecdhp256, + + BuiltinDHFactories.dhgex256, + + BuiltinDHFactories.dhg18_512, + BuiltinDHFactories.dhg17_512, + BuiltinDHFactories.dhg16_512, + BuiltinDHFactories.dhg15_512, + BuiltinDHFactories.dhg14_256)); + + /** + * The default {@link BuiltinMacs} setup in order of preference as specified by + * ssh_config(5) + */ + public static final List DEFAULT_MAC_PREFERENCE = Collections.unmodifiableList( + Arrays.asList( + BuiltinMacs.hmacsha256etm, + BuiltinMacs.hmacsha512etm, + BuiltinMacs.hmacsha1etm, + BuiltinMacs.hmacsha256, + BuiltinMacs.hmacsha512, + BuiltinMacs.hmacsha1)); + + /** + * Preferred {@link BuiltinSignatures} according to + * sshd_config(5) - HostKeyAlgorithms + * {@code HostKeyAlgorithms} recommendation + */ + public static final List DEFAULT_SIGNATURE_PREFERENCE = Collections.unmodifiableList( + Arrays.asList( + BuiltinSignatures.nistp256_cert, + BuiltinSignatures.nistp384_cert, + BuiltinSignatures.nistp521_cert, + BuiltinSignatures.ed25519_cert, + BuiltinSignatures.rsaSHA512_cert, + BuiltinSignatures.rsaSHA256_cert, + BuiltinSignatures.nistp256, + BuiltinSignatures.nistp384, + BuiltinSignatures.nistp521, + BuiltinSignatures.ed25519, + BuiltinSignatures.sk_ecdsa_sha2_nistp256, + BuiltinSignatures.sk_ssh_ed25519, + BuiltinSignatures.rsaSHA512, + BuiltinSignatures.rsaSHA256, + BuiltinSignatures.rsa)); + + public static final UnknownChannelReferenceHandler DEFAULT_UNKNOWN_CHANNEL_REFERENCE_HANDLER + = DefaultUnknownChannelReferenceHandler.INSTANCE; + + protected Factory factory; + protected List keyExchangeFactories; + protected List> cipherFactories; + protected List> compressionFactories; + protected List> macFactories; + protected List> signatureFactories; + protected Factory randomFactory; + protected List channelFactories; + protected FileSystemFactory fileSystemFactory; + protected ForwarderFactory forwarderFactory; + protected List> globalRequestHandlers; + protected ForwardingFilter forwardingFilter; + protected ChannelStreamWriterResolver channelStreamPacketWriterResolver; + protected UnknownChannelReferenceHandler unknownChannelReferenceHandler; + + public BaseBuilder() { + super(); + } + + protected S fillWithDefaultValues() { + if (randomFactory == null) { + randomFactory = new SingletonRandomFactory(SecurityUtils.getRandomFactory()); + } + + if (cipherFactories == null) { + cipherFactories = setUpDefaultCiphers(false); + } + + if (macFactories == null) { + macFactories = setUpDefaultMacs(false); + } + + if (fileSystemFactory == null) { + fileSystemFactory = DEFAULT_FILE_SYSTEM_FACTORY; + } + + if (forwardingFilter == null) { + forwardingFilter = DEFAULT_FORWARDING_FILTER; + } + + if (unknownChannelReferenceHandler == null) { + unknownChannelReferenceHandler = DEFAULT_UNKNOWN_CHANNEL_REFERENCE_HANDLER; + } + + return me(); + } + + public S keyExchangeFactories(List keyExchangeFactories) { + this.keyExchangeFactories = keyExchangeFactories; + return me(); + } + + public S signatureFactories(List> signatureFactories) { + this.signatureFactories = signatureFactories; + return me(); + } + + public S randomFactory(Factory randomFactory) { + this.randomFactory = randomFactory; + return me(); + } + + public S cipherFactories(List> cipherFactories) { + this.cipherFactories = cipherFactories; + return me(); + } + + public S compressionFactories(List> compressionFactories) { + this.compressionFactories = compressionFactories; + return me(); + } + + public S macFactories(List> macFactories) { + this.macFactories = macFactories; + return me(); + } + + public S channelFactories(List channelFactories) { + this.channelFactories = channelFactories; + return me(); + } + + public S fileSystemFactory(FileSystemFactory fileSystemFactory) { + this.fileSystemFactory = fileSystemFactory; + return me(); + } + + public S forwardingFilter(ForwardingFilter filter) { + this.forwardingFilter = filter; + return me(); + } + + public S forwarderFactory(ForwarderFactory forwarderFactory) { + this.forwarderFactory = forwarderFactory; + return me(); + } + + public S globalRequestHandlers(List> globalRequestHandlers) { + this.globalRequestHandlers = globalRequestHandlers; + return me(); + } + + public S factory(Factory factory) { + this.factory = factory; + return me(); + } + + public S channelStreamPacketWriterResolver(ChannelStreamWriterResolver resolver) { + channelStreamPacketWriterResolver = resolver; + return me(); + } + + public S unknownChannelReferenceHandler(UnknownChannelReferenceHandler handler) { + unknownChannelReferenceHandler = handler; + return me(); + } + + public T build(boolean isFillWithDefaultValues) { + if (isFillWithDefaultValues) { + fillWithDefaultValues(); + } + + T ssh = factory.create(); + + ssh.setKeyExchangeFactories(keyExchangeFactories); + ssh.setSignatureFactories(signatureFactories); + ssh.setRandomFactory(randomFactory); + ssh.setCipherFactories(cipherFactories); + ssh.setCompressionFactories(compressionFactories); + ssh.setMacFactories(macFactories); + ssh.setChannelFactories(channelFactories); + ssh.setFileSystemFactory(fileSystemFactory); + ssh.setForwardingFilter(forwardingFilter); + ssh.setForwarderFactory(forwarderFactory); + ssh.setGlobalRequestHandlers(globalRequestHandlers); + ssh.setChannelStreamWriterResolver(channelStreamPacketWriterResolver); + ssh.setUnknownChannelReferenceHandler(unknownChannelReferenceHandler); + return ssh; + } + + @Override + public T build() { + return build(true); + } + + @SuppressWarnings("unchecked") + protected S me() { + return (S) this; + } + + /** + * @param ignoreUnsupported If {@code true} then all the default ciphers are included, regardless of whether they + * are currently supported by the JCE. Otherwise, only the supported ones out of the list + * are included + * @return A {@link List} of the default {@link NamedFactory} instances of the {@link Cipher}s + * according to the preference order defined by {@link #DEFAULT_CIPHERS_PREFERENCE}. + * Note: the list may be filtered to exclude unsupported JCE ciphers according to + * the ignoreUnsupported parameter + * @see BuiltinCiphers#isSupported() + */ + @SuppressWarnings({ "unchecked", "rawtypes" }) // safe due to the hierarchy + public static List> setUpDefaultCiphers(boolean ignoreUnsupported) { + return (List) NamedFactory.setUpBuiltinFactories(ignoreUnsupported, DEFAULT_CIPHERS_PREFERENCE); + } + + /** + * @param ignoreUnsupported If {@code true} all the available built-in {@link Mac} factories are added, otherwise + * only those that are supported by the current JDK setup + * @return A {@link List} of the default {@link NamedFactory} instances of the {@link Mac}s + * according to the preference order defined by {@link #DEFAULT_MAC_PREFERENCE}. + * Note: the list may be filtered to exclude unsupported JCE MACs according to the + * ignoreUnsupported parameter + * @see BuiltinMacs#isSupported() + */ + @SuppressWarnings({ "unchecked", "rawtypes" }) // safe due to the hierarchy + public static List> setUpDefaultMacs(boolean ignoreUnsupported) { + return (List) NamedFactory.setUpBuiltinFactories(ignoreUnsupported, DEFAULT_MAC_PREFERENCE); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/BuiltinFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/BuiltinFactory.java new file mode 100644 index 0000000..b10fca1 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/BuiltinFactory.java @@ -0,0 +1,40 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common; + +import java.util.Collection; +import java.util.List; +import java.util.stream.Collectors; + +import org.apache.sshd.common.util.GenericUtils; + +/** + * A named optional factory. + * + * @param The create object instance type + * @author Apache MINA SSHD Project + */ +public interface BuiltinFactory extends NamedFactory, OptionalFeature { + static > List> setUpFactories( + boolean ignoreUnsupported, Collection preferred) { + return GenericUtils.stream(preferred) + .filter(f -> ignoreUnsupported || f.isSupported()) + .collect(Collectors.toList()); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/Closeable.java b/files-sftp/src/main/java/org/apache/sshd/common/Closeable.java new file mode 100644 index 0000000..e6880a7 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/Closeable.java @@ -0,0 +1,109 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common; + +import java.io.IOException; +import java.net.SocketTimeoutException; +import java.nio.channels.Channel; +import java.time.Duration; + +import org.apache.sshd.common.future.CloseFuture; +import org.apache.sshd.common.future.SshFutureListener; + +/** + * A {@code Closeable} is a resource that can be closed. The close method is invoked to release resources that the + * object is holding. The user can pre-register listeners to be notified when resource close is completed (successfully + * or otherwise) + * + * @author Apache MINA SSHD Project + */ +public interface Closeable extends Channel { + + /** + * Close this resource asynchronously and return a future. Resources support two closing modes: a graceful mode + * which will cleanly close the resource and an immediate mode which will close the resources abruptly. + * + * @param immediately true if the resource should be shut down abruptly, false for a + * graceful close + * @return a {@link CloseFuture} representing the close request + */ + CloseFuture close(boolean immediately); + + /** + * Pre-register a listener to be informed when resource is closed. If resource is already closed, the listener will + * be invoked immediately and not registered for future notification + * + * @param listener The notification {@link SshFutureListener} - never {@code null} + */ + void addCloseFutureListener(SshFutureListener listener); + + /** + * Remove a pre-registered close event listener + * + * @param listener The register {@link SshFutureListener} - never {@code null}. Ignored if not registered or + * resource already closed + */ + void removeCloseFutureListener(SshFutureListener listener); + + /** + * Returns true if this object has been closed. + * + * @return true if closing + */ + boolean isClosed(); + + /** + * Returns true if the {@link #close(boolean)} method has been called. Note that this method will + * return true even if this {@link #isClosed()} returns true. + * + * @return true if closing + */ + boolean isClosing(); + + @Override + default boolean isOpen() { + return !(isClosed() || isClosing()); + } + + @Override + default void close() throws IOException { + Closeable.close(this); + } + + static Duration getMaxCloseWaitTime(PropertyResolver resolver) { + return CommonModuleProperties.CLOSE_WAIT_TIMEOUT.getRequired(resolver); + } + + static void close(Closeable closeable) throws IOException { + if (closeable == null) { + return; + } + + if ((!closeable.isClosed()) && (!closeable.isClosing())) { + CloseFuture future = closeable.close(true); + Duration maxWait = (closeable instanceof PropertyResolver) + ? getMaxCloseWaitTime((PropertyResolver) closeable) + : CommonModuleProperties.CLOSE_WAIT_TIMEOUT.getRequiredDefault(); + boolean successful = future.await(maxWait); + if (!successful) { + throw new SocketTimeoutException("Failed to receive closure confirmation within " + maxWait + " millis"); + } + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/CommonModuleProperties.java b/files-sftp/src/main/java/org/apache/sshd/common/CommonModuleProperties.java new file mode 100644 index 0000000..7b53274 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/CommonModuleProperties.java @@ -0,0 +1,74 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common; + +import java.time.Duration; + +import org.apache.sshd.common.future.CloseFuture; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.session.SessionHeartbeatController; + +/** + * Configurable properties for sshd-common. + * + * @author Apache MINA SSHD Project + */ +public final class CommonModuleProperties { + + /** + * If set to {@code true} then + * {@link org.apache.sshd.common.auth.UserAuthMethodFactory#isSecureAuthenticationTransport(SessionContext)} returns + * {@code true} even if transport is insecure. + */ + public static final Property ALLOW_INSECURE_AUTH + = Property.bool("allow-insecure-auth", false); + + /** + * If set to {@code true} then + * {@link org.apache.sshd.common.auth.UserAuthMethodFactory#isDataIntegrityAuthenticationTransport(SessionContext)} + * returns {@code true} even if transport has no MAC(s) to verify message integrity + */ + public static final Property ALLOW_NON_INTEGRITY_AUTH + = Property.bool("allow-non-integrity-auth", false); + + /** + * Property used to register the {@link SessionHeartbeatController.HeartbeatType} - + * if non-existent or {@code NONE} then disabled. Same if some unknown string value is set as the property value. + */ + public static final Property SESSION_HEARTBEAT_TYPE + = Property.enum_("session-connection-heartbeat-type", SessionHeartbeatController.HeartbeatType.class, + SessionHeartbeatController.HeartbeatType.NONE); + + /** Property used to register the interval for the heartbeat - if not set or non-positive then disabled */ + public static final Property SESSION_HEARTBEAT_INTERVAL + = Property.duration("session-connection-heartbeat-interval", Duration.ZERO); + + public static final Property HEXDUMP_CHUNK_SIZE + = Property.integer("sshd-hexdump-chunk-size", 64); + + /** + * Timeout (milliseconds) for waiting on a {@link CloseFuture} to successfully complete its action. + */ + public static final Property CLOSE_WAIT_TIMEOUT + = Property.duration("sshd-close-wait-time", Duration.ofSeconds(15L)); + + private CommonModuleProperties() { + throw new UnsupportedOperationException("No instance"); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/CoreModuleProperties.java b/files-sftp/src/main/java/org/apache/sshd/common/CoreModuleProperties.java new file mode 100644 index 0000000..abf3c5e --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/CoreModuleProperties.java @@ -0,0 +1,698 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common; + +import java.io.IOException; +import java.nio.charset.Charset; +import java.time.Duration; + +import org.apache.sshd.common.channel.Channel; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.OsUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.io.IoUtils; +import org.apache.sshd.common.util.net.SshdSocketAddress; +import org.apache.sshd.common.auth.WelcomeBannerPhase; + +/** + * Configurable properties for sshd-core. + * + * @author Apache MINA SSHD Project + */ +public final class CoreModuleProperties { + + /** + * Value that can be set in order to control the type of authentication channel being requested when forwarding a + * PTY session. + */ + public static final Property PROXY_AUTH_CHANNEL_TYPE + = Property.string("ssh-agent-factory-proxy-auth-channel-type", "auth-agent-req@openssh.com"); + + /** + * See {@link org.apache.sshd.agent.local.ProxyAgentFactory#getChannelForwardingFactories} + */ + public static final Property PREFER_UNIX_AGENT + = Property.bool("ssh-prefer-unix-agent", OsUtils.isUNIX()); + + /** + * Value that can be set on the {@link FactoryManager} or the session to configure the + * channel open timeout value (millis). + */ + public static final Property CHANNEL_OPEN_TIMEOUT + = Property.duration("ssh-agent-server-channel-open-timeout", Duration.ofSeconds(30)); + + /** + * Value used to configure the type of proxy forwarding channel to be used. See also + * https://tools.ietf.org/html/draft-ietf-secsh-agent-02 + */ + public static final Property PROXY_CHANNEL_TYPE + = Property.string("ssh-agent-server-channel-proxy-type", "auth-agent@openssh.com"); + + /** + * Property that can be set on the {@link Session} in order to control the authentication timeout (millis). + */ + public static final Property AUTH_SOCKET_TIMEOUT + = Property.duration("ssh-agent-server-proxy-auth-socket-timeout", Duration.ofHours(1)); + + public static final int DEFAULT_FORWARDER_BUF_SIZE = 1024; + public static final int MIN_FORWARDER_BUF_SIZE = 127; + public static final int MAX_FORWARDER_BUF_SIZE = 32767; + + /** + * Property that can be set on the factory manager in order to control the buffer size used to forward data from the + * established channel + * + * @see #MIN_FORWARDER_BUF_SIZE + * @see #MAX_FORWARDER_BUF_SIZE + * @see #DEFAULT_FORWARDER_BUF_SIZE + */ + public static final Property FORWARDER_BUFFER_SIZE + = Property.integer("channel-agent-fwd-buf-size", DEFAULT_FORWARDER_BUF_SIZE); + + /** + * Ordered comma separated list of authentications methods. Authentications methods accepted by the server will be + * tried in the given order. If not configured or {@code null}/empty, then the session's + * {@link org.apache.sshd.client.ClientAuthenticationManager#getUserAuthFactories()} is used as-is + */ + public static final Property PREFERRED_AUTHS + = Property.string("preferred-auths"); + + /** + * Specifies the number of interactive prompts before giving up. The argument to this keyword must be an integer. + */ + public static final Property PASSWORD_PROMPTS + = Property.integer("password-prompts", 3); + + /** + * Key used to retrieve the value of the client identification string. If set, then it is appended to the + * (standard) "SSH-2.0-" prefix. Otherwise a default is sent that consists of "SSH-2.0-" plus + * the current SSHD artifact name and version in uppercase - e.g., "SSH-2.0-APACHE-SSHD-1.0.0" + */ + public static final Property CLIENT_IDENTIFICATION + = Property.string("client-identification"); + + /** + * Whether to send the identification string immediately upon session connection being established or wait for the + * server's identification before sending our own. + * + * @see RFC 4253 - section 4.2 - Protocol Version + * Exchange + */ + public static final Property SEND_IMMEDIATE_IDENTIFICATION + = Property.bool("send-immediate-identification", true); + + /** + * Whether to send {@code SSH_MSG_KEXINIT} immediately after sending the client identification string or wait until + * the severer's one has been received. + * + * @see #SEND_IMMEDIATE_IDENTIFICATION + */ + public static final Property SEND_IMMEDIATE_KEXINIT + = Property.bool("send-immediate-kex-init", true); + + /** + * Key used to set the heartbeat interval in milliseconds (0 to disable = default) + */ + public static final Property HEARTBEAT_INTERVAL + = Property.duration("heartbeat-interval", Duration.ZERO); + + /** + * Key used to check the heartbeat request that should be sent to the server + */ + public static final Property HEARTBEAT_REQUEST + = Property.string("heartbeat-request", "keepalive@sshd.apache.org"); + + /** + * Key used to indicate that the heartbeat request is also expecting a reply - time in milliseconds to wait + * for the reply. If non-positive then no reply is expected (nor requested). + */ + public static final Property HEARTBEAT_REPLY_WAIT + = Property.durationSec("heartbeat-reply-wait", Duration.ofMinutes(5)); + + /** + * Whether to ignore invalid identities files when pre-initializing the client session + * + * @see ClientIdentityLoader#isValidLocation(NamedResource) + */ + public static final Property IGNORE_INVALID_IDENTITIES + = Property.bool("ignore-invalid-identities", true); + + /** + * Defines if we should abort in case we encounter an invalid (e.g. expired) openssh certificate. + */ + public static final Property ABORT_ON_INVALID_CERTIFICATE + = Property.bool("abort-on-invalid-certificate", false); + + /** + * As per RFC-4256: + * + * The language tag is deprecated and SHOULD be the empty string. It may be removed in a future revision of this + * specification. Instead, the server SHOULD select the language to be used based on the tags communicated during + * key exchange + */ + public static final Property INTERACTIVE_LANGUAGE_TAG + = Property.string("kb-client-interactive-language-tag", ""); + + /** + * As per RFC-4256: + * + * The submethods field is included so the user can give a hint of which actual methods he wants to use. It is a + * comma-separated list of authentication submethods (software or hardware) that the user prefers. If the client has + * knowledge of the submethods preferred by the user, presumably through a configuration setting, it MAY use the + * submethods field to pass this information to the server. Otherwise, it MUST send the empty string. + * + * The actual names of the submethods is something the user and the server need to agree upon. + * + * Server interpretation of the submethods field is implementation- dependent. + */ + public static final Property INTERACTIVE_SUBMETHODS + = Property.string("kb-client-interactive-sub-methods", ""); + + /** + * Configure whether reply for the "exec" request is required + */ + public static final Property REQUEST_EXEC_REPLY + = Property.bool("channel-exec-want-reply", false); + + /** + * On some platforms, a call to {@ode System.in.read(new byte[65536], 0, 32768)} always throws an + * {@link IOException}. So we need to protect against that and chunk the call into smaller calls. This problem was + * found on Windows, JDK 1.6.0_03-b05. + */ + public static final Property INPUT_STREAM_PUMP_CHUNK_SIZE + = Property.integer("stdin-pump-chunk-size", 1024); + + /** + * Configure whether reply for the "shell" request is required + */ + public static final Property REQUEST_SHELL_REPLY + = Property.bool("channel-shell-want-reply", false); + + /** + * Configure whether reply for the "subsystem&quoot; request is required + * + *

    + * Default value for {@link #REQUEST_SUBSYSTEM_REPLY} - according to + * RFC4254 section 6.5: + *

    + *

    + * It is RECOMMENDED that the reply to these messages be requested and checked. + *

    + */ + public static final Property REQUEST_SUBSYSTEM_REPLY + = Property.bool("channel-subsystem-want-reply", true); + + public static final Property PROP_DHGEX_CLIENT_MIN_KEY + = Property.integer("dhgex-client-min"); + + public static final Property PROP_DHGEX_CLIENT_MAX_KEY + = Property.integer("dhgex-client-max"); + + public static final Property PROP_DHGEX_CLIENT_PRF_KEY + = Property.integer("dhgex-client-prf"); + + /** + * Key used to retrieve the value of the channel window size in the configuration properties map. + */ + public static final Property WINDOW_SIZE + = Property.long_("window-size", 0x200000L); + + /** + * Key used to retrieve timeout (msec.) to wait for data to become available when reading from a channel. If not set + * or non-positive then infinite value is assumed + */ + public static final Property WINDOW_TIMEOUT + = Property.duration("window-timeout", Duration.ZERO); + + /** + * Key used to retrieve the value of the maximum packet size in the configuration properties map. + */ + public static final Property MAX_PACKET_SIZE + = Property.long_("packet-size", 0x8000L); + + /** + * A safety value that is designed to avoid an attack that uses large channel packet sizes + */ + public static final Property LIMIT_PACKET_SIZE + = Property.long_("max-packet-size", Integer.MAX_VALUE / 4L); + + /** + * Number of NIO worker threads to use. + */ + public static final Property NIO_WORKERS + = Property.validating(Property.integer("nio-workers", Runtime.getRuntime().availableProcessors() + 1), + w -> ValidateUtils.checkTrue(w > 0, "Number of NIO workers must be positive: %d", w)); + + /** + * Key used to retrieve the value of the timeout after which it will close the connection if the other side has not + * been authenticated - in milliseconds. + */ + public static final Property AUTH_TIMEOUT + = Property.duration("auth-timeout", Duration.ofMinutes(2)); + + /** + * Key used to retrieve the value of idle timeout after which it will close the connection - in milliseconds. + */ + public static final Property IDLE_TIMEOUT + = Property.duration("idle-timeout", Duration.ofMinutes(10)); + + /** + * Key used to retrieve the value of the socket read timeout for NIO2 session implementation - in milliseconds. + */ + public static final Property NIO2_READ_TIMEOUT + = Property.duration("nio2-read-timeout", Duration.ZERO); + + /** + * Minimum NIO2 write wait timeout for a single outgoing packet - in milliseconds + */ + public static final Property NIO2_MIN_WRITE_TIMEOUT + = Property.duration("nio2-min-write-timeout", Duration.ofSeconds(30L)); + + /** + * Key used to retrieve the value of the disconnect timeout which is used when a disconnection is attempted. If the + * disconnect message has not been sent before the timeout, the underlying socket will be forcibly closed - in + * milliseconds. + */ + public static final Property DISCONNECT_TIMEOUT + = Property.duration("disconnect-timeout", Duration.ofSeconds(10)); + + /** + * Key used to configure the timeout used when writing a close request on a channel. If the message can not be + * written before the specified timeout elapses, the channel will be immediately closed. In milliseconds. + */ + public static final Property CHANNEL_CLOSE_TIMEOUT + = Property.duration("channel-close-timeout", Duration.ofSeconds(5)); + + /** + * Timeout (milliseconds) to wait for client / server stop request if immediate stop requested. + */ + public static final Property STOP_WAIT_TIME + = Property.duration("stop-wait-time", Duration.ofMinutes(1)); + + /** + * Socket backlog. See {@link java.nio.channels.AsynchronousServerSocketChannel#bind(java.net.SocketAddress, int)} + */ + public static final Property SOCKET_BACKLOG + = Property.integer("socket-backlog", 0); + + /** + * Socket keep-alive. See {@link java.net.StandardSocketOptions#SO_KEEPALIVE} + */ + public static final Property SOCKET_KEEPALIVE + = Property.bool("socket-keepalive", false); + + /** + * Socket send buffer size. See {@link java.net.StandardSocketOptions#SO_SNDBUF} + */ + public static final Property SOCKET_SNDBUF + = Property.integer("socket-sndbuf"); + + /** + * Socket receive buffer size. See {@link java.net.StandardSocketOptions#SO_RCVBUF} + */ + public static final Property SOCKET_RCVBUF + = Property.integer("socket-rcvbuf"); + + /** + * Socket reuse address. See {@link java.net.StandardSocketOptions#SO_REUSEADDR} + */ + public static final Property SOCKET_REUSEADDR + = Property.bool("socket-reuseaddr", true); + /** + * Socket linger. See {@link java.net.StandardSocketOptions#SO_LINGER} + */ + public static final Property SOCKET_LINGER + = Property.integer("socket-linger", -1); + + /** + * Socket tcp no-delay. See {@link java.net.StandardSocketOptions#TCP_NODELAY} + */ + public static final Property TCP_NODELAY + = Property.bool("tcp-nodelay", false); + + /** + * Read buffer size for NIO2 sessions See {@link org.apache.sshd.common.io.nio2.Nio2Session} + */ + public static final Property NIO2_READ_BUFFER_SIZE + = Property.integer("nio2-read-buf-size", 32 * 1024); + + /** + * Maximum allowed size of the initial identification text sent during the handshake + */ + public static final Property MAX_IDENTIFICATION_SIZE + = Property.integer("max-identification-size", 16 * 1024); + + /** + * Key re-exchange will be automatically performed after the session has sent or received the given amount of bytes. + * If non-positive, then disabled. + */ + public static final Property REKEY_BYTES_LIMIT + = Property.long_("rekey-bytes-limit", 1024L * 1024L * 1024L); // 1GB + + /** + * Key re-exchange will be automatically performed after the specified amount of time has elapsed since the last key + * exchange - in milliseconds. If non-positive then disabled. + * + * @see RFC4253 section 9 + */ + public static final Property REKEY_TIME_LIMIT + = Property.duration("rekey-time-limit", Duration.ofHours(1)); + + /** + * Key re-exchange will be automatically performed after the specified number of packets has been exchanged - + * positive 64-bit value. If non-positive then disabled. + * + * @see RFC4344 section 3.1 + */ + public static final Property REKEY_PACKETS_LIMIT + = Property.long_("rekey-packets-limit", 1L << 31); + + /** + * Key re-exchange will be automatically performed after the specified number of cipher blocks has been processed - + * positive 64-bit value. If non-positive then disabled. The default is calculated according to + * RFC4344 section 3.2 + */ + public static final Property REKEY_BLOCKS_LIMIT + = Property.long_("rekey-blocks-limit", 0L); + + /** + * Average number of packets to be skipped before an {@code SSH_MSG_IGNORE} message is inserted in the stream. If + * non-positive, then feature is disabled + * + * @see #IGNORE_MESSAGE_VARIANCE + * @see RFC4251 section 9.3.1 + */ + public static final Property IGNORE_MESSAGE_FREQUENCY + = Property.long_("ignore-message-frequency", 1024L); + + /** + * The variance to be used around the configured {@link #IGNORE_MESSAGE_FREQUENCY} value in order to avoid insertion + * at a set frequency. If zero, then exact frequency is used. If negative, then the absolute value is + * used. If greater or equal to the frequency, then assumed to be zero - i.e., no variance + * + * @see RFC4251 section 9.3.1 + */ + public static final Property IGNORE_MESSAGE_VARIANCE + = Property.integer("ignore-message-variance", 32); + + /** + * Minimum size of {@code SSH_MSG_IGNORE} payload to send if feature enabled. If non-positive then no message is + * sent. Otherwise, the actual size is between this size and twice its value + * + * @see RFC4251 section 9.3.1 + */ + public static final Property IGNORE_MESSAGE_SIZE + = Property.integer("ignore-message-size", 16); + + /** + * The request type of agent forwarding. The value may be {@value #AGENT_FORWARDING_TYPE_IETF} or + * {@value #AGENT_FORWARDING_TYPE_OPENSSH}. + */ + public static final String AGENT_FORWARDING_TYPE = "agent-fw-auth-type"; + + /** + * The agent forwarding type defined by IETF (https://tools.ietf.org/html/draft-ietf-secsh-agent-02). + */ + public static final String AGENT_FORWARDING_TYPE_IETF = "auth-agent-req"; + + /** + * The agent forwarding type defined by OpenSSH. + */ + public static final String AGENT_FORWARDING_TYPE_OPENSSH = "auth-agent-req@openssh.com"; + + /** + * Configure max. wait time (millis) to wait for space to become available + */ + public static final Property WAIT_FOR_SPACE_TIMEOUT + = Property.duration("channel-output-wait-for-space-timeout", Duration.ofSeconds(30L)); + + /** + * Used to configure the timeout (milliseconds) for receiving a response for the forwarding request + */ + public static final Property FORWARD_REQUEST_TIMEOUT + = Property.duration("tcpip-forward-request-timeout", Duration.ofSeconds(15L)); + + /** + * Property that can be used to configure max. allowed concurrent active channels + * + * @see org.apache.sshd.common.session.ConnectionService#registerChannel(Channel) + */ + public static final Property MAX_CONCURRENT_CHANNELS + = Property.integer("max-sshd-channels", Integer.MAX_VALUE); + + /** + * RFC4254 does not clearly specify how to handle {@code SSH_MSG_CHANNEL_DATA} and + * {@code SSH_MSG_CHANNEL_EXTENDED_DATA} received through an unknown channel. Therefore, we provide a configurable + * approach to it with the default set to ignore it. + */ + public static final Property SEND_REPLY_FOR_CHANNEL_DATA + = Property.bool("send-unknown-channel-data-reply", false); + + /** + * Key used to retrieve the value in the configuration properties map of the maximum number of failed authentication + * requests before the server closes the connection. + */ + public static final Property MAX_AUTH_REQUESTS + = Property.integer("max-auth-requests", 20); + + /** + * Key used to retrieve the value of welcome banner that will be displayed when a user connects to the server. If + * {@code null}/empty then no banner will be sent. The value can be one of the following: + *
      + *

      + *

    • A {@link java.io.File} or {@link java.nio.file.Path}, in which case its contents will be transmitted. + * Note: if the file is empty or does not exits, no banner will be transmitted.
      • + *

      + * + *

      + *

    • A {@link java.net.URI} or a string starting with "file:/", in which case it will be converted to a + * {@link java.nio.file.Path} and handled accordingly.
      • + *

      + * + *

      + *

    • A string containing a special value indicator - e.g., {@link #AUTO_WELCOME_BANNER_VALUE}, in which case the + * relevant banner content will be generated.
      • + *

      + * + *

      + *

    • Any other object whose {@code toString()} value yields a non empty string will be used as the banner + * contents.
      • + *

      + *
    + * + * @see RFC-4252 section 5.4 + */ + public static final Property WELCOME_BANNER + = Property.object("welcome-banner"); + + /** + * Special value that can be set for the {@link #WELCOME_BANNER} property indicating that the server should generate + * a banner consisting of the random art of the server's keys (if any are provided). If no server keys are + * available, then no banner will be sent + */ + public static final String AUTO_WELCOME_BANNER_VALUE = "#auto-welcome-banner"; + + /** + * Key used to denote the language code for the welcome banner (if such a banner is configured). + */ + public static final Property WELCOME_BANNER_LANGUAGE + = Property.string("welcome-banner-language", "en"); + + /** + * The {@link WelcomeBannerPhase} value - either as an enum or a string + */ + public static final Property WELCOME_BANNER_PHASE + = Property.enum_("welcome-banner-phase", WelcomeBannerPhase.class, WelcomeBannerPhase.IMMEDIATE); + + /** + * The charset to use if the configured welcome banner points to a file - if not specified (either as a string or a + * {@link Charset} then the local default is used. + */ + public static final Property WELCOME_BANNER_CHARSET + = Property.charset("welcome-banner-charset", Charset.defaultCharset()); + + /** + * This key is used when configuring multi-step authentications. The value needs to be a blank separated list of + * comma separated list of authentication method names. For example, an argument of + * publickey,password publickey,keyboard-interactive would require the user to complete public key + * authentication, followed by either password or keyboard interactive authentication. Only methods that are next in + * one or more lists are offered at each stage, so for this example, it would not be possible to attempt password or + * keyboard-interactive authentication before public key. + */ + public static final Property AUTH_METHODS + = Property.string("auth-methods"); + + /** + * Key used to retrieve the value of the maximum concurrent open session count per username. If not set, then + * unlimited + */ + public static final Property MAX_CONCURRENT_SESSIONS + = Property.integer("max-concurrent-sessions"); + + /** + * Key used to retrieve any extra lines to be sent during initial protocol handshake before the + * identification. The configured string value should use {@value #SERVER_EXTRA_IDENT_LINES_SEPARATOR} character to + * denote line breaks + */ + public static final Property SERVER_EXTRA_IDENTIFICATION_LINES + = Property.string("server-extra-identification-lines"); + + /** + * Separator used in the {@link #SERVER_EXTRA_IDENTIFICATION_LINES} configuration string to indicate new line break + */ + public static final char SERVER_EXTRA_IDENT_LINES_SEPARATOR = '|'; + + /** + * Key used to retrieve the value of the server identification string. If set, then it is appended to the + * (standard) "SSH-2.0-" prefix. Otherwise a default is sent that consists of "SSH-2.0-" plus + * the current SSHD artifact name and version in uppercase - e.g., "SSH-2.0-APACHE-SSHD-1.0.0" + */ + public static final Property SERVER_IDENTIFICATION + = Property.string("server-identification"); + + /** + * Key used to configure the timeout used when receiving a close request on a channel to wait until the command + * cleanly exits after setting an EOF on the input stream. + */ + public static final Property COMMAND_EXIT_TIMEOUT + = Property.duration("command-exit-timeout", Duration.ofMillis(5L)); + + /** + * A URL pointing to the moduli file. If not specified, the default internal file will be used. + */ + public static final Property MODULI_URL + = Property.string("moduli-url"); + + /** + * See {@link org.apache.sshd.server.auth.keyboard.DefaultKeyboardInteractiveAuthenticator}. + */ + public static final Property KB_SERVER_INTERACTIVE_NAME + = Property.string("kb-server-interactive-name", "Password authentication"); + + /** + * See {@link org.apache.sshd.server.auth.keyboard.DefaultKeyboardInteractiveAuthenticator}. + */ + public static final Property KB_SERVER_INTERACTIVE_INSTRUCTION + = Property.string("kb-server-interactive-instruction", ""); + + /** + * See {@link org.apache.sshd.server.auth.keyboard.DefaultKeyboardInteractiveAuthenticator}. + */ + public static final Property KB_SERVER_INTERACTIVE_LANG + = Property.string("kb-server-interactive-language", "en-US"); + + /** + * See {@link org.apache.sshd.server.auth.keyboard.DefaultKeyboardInteractiveAuthenticator}. + */ + public static final Property KB_SERVER_INTERACTIVE_PROMPT + = Property.string("kb-server-interactive-prompt", "Password: "); + + /** + * See {@link org.apache.sshd.server.auth.keyboard.DefaultKeyboardInteractiveAuthenticator}. + */ + public static final Property KB_SERVER_INTERACTIVE_ECHO_PROMPT + = Property.bool("kb-server-interactive-echo-prompt", false); + + /** + * Maximum amount of extended (a.k.a. STDERR) data allowed to be accumulated until a {@link ChannelDataReceiver} for + * the data is registered + */ + public static final Property MAX_EXTDATA_BUFSIZE + = Property.integer("channel-session-max-extdata-bufsize", 0); + + /** + * See {@link org.apache.sshd.server.kex.DHGEXServer}. + */ + public static final Property PROP_DHGEX_SERVER_MIN_KEY + = Property.integer("dhgex-server-min"); + + /** + * See {@link org.apache.sshd.server.kex.DHGEXServer}. + */ + public static final Property PROP_DHGEX_SERVER_MAX_KEY + = Property.integer("dhgex-server-max"); + /** + * Value used by the {@link org.apache.sshd.server.shell.InvertedShellWrapper} to control the "busy-wait" + * sleep time (millis) on the pumping loop if nothing was pumped - must be positive. + */ + public static final Property PUMP_SLEEP_TIME + = Property.duration("inverted-shell-wrapper-pump-sleep", Duration.ofMillis(1)); + + /** + * Value used by the {@link org.apache.sshd.server.shell.InvertedShellWrapper} to control copy buffer size. + */ + public static final Property BUFFER_SIZE + = Property.integer("inverted-shell-wrapper-buffer-size", IoUtils.DEFAULT_COPY_SIZE); + + /** + * Configuration value for the {@link org.apache.sshd.server.x11.X11ForwardSupport} to control the channel open + * timeout. + */ + public static final Property X11_OPEN_TIMEOUT + = Property.duration("x11-fwd-open-timeout", Duration.ofSeconds(30L)); + + /** + * Configuration value for the {@link org.apache.sshd.server.x11.X11ForwardSupport} to control from which X11 + * display number to start looking for a free value. + */ + public static final Property X11_DISPLAY_OFFSET + = Property.integer("x11-fwd-display-offset", 10); + + /** + * Configuration value for the {@link org.apache.sshd.server.x11.X11ForwardSupport} to control up to which (but not + * including) X11 display number to look or a free value. + */ + public static final Property X11_MAX_DISPLAYS + = Property.integer("x11-fwd-max-display", 1000); + + /** + * Configuration value for the {@link org.apache.sshd.server.x11.X11ForwardSupport} to control the base port number + * for the X11 display number socket binding. + */ + public static final Property X11_BASE_PORT + = Property.integer("x11-fwd-base-port", 6000); + + /** + * Configuration value for the {@link org.apache.sshd.server.x11.X11ForwardSupport} to control the host used to bind + * to for the X11 display when looking for a free port. + */ + public static final Property X11_BIND_HOST + = Property.string("x11-fwd-bind-host", SshdSocketAddress.LOCALHOST_IPV4); + + /** + * Configuration value for the {@link org.apache.sshd.server.forward.TcpipServerChannel} to control the higher + * theshold for the data to be buffered waiting to be sent. If the buffered data size reaches this value, the + * session will pause reading until the data length goes below the + * {@link #TCPIP_SERVER_CHANNEL_BUFFER_SIZE_THRESHOLD_LOW} threshold. + */ + public static final Property TCPIP_SERVER_CHANNEL_BUFFER_SIZE_THRESHOLD_HIGH + = Property.long_("tcpip-server-channel-buffer-size-threshold-high", 1024 * 1024); + + /** + * The lower threshold. If not set, half the higher threshold will be used. + * + * @see #TCPIP_SERVER_CHANNEL_BUFFER_SIZE_THRESHOLD_HIGH + */ + public static final Property TCPIP_SERVER_CHANNEL_BUFFER_SIZE_THRESHOLD_LOW + = Property.long_("tcpip-server-channel-buffer-size-threshold-low"); + + private CoreModuleProperties() { + throw new UnsupportedOperationException("No instance"); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/DefaultGroupPrincipal.java b/files-sftp/src/main/java/org/apache/sshd/common/DefaultGroupPrincipal.java new file mode 100644 index 0000000..9f1443f --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/DefaultGroupPrincipal.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common; + +import java.nio.file.attribute.GroupPrincipal; + +/** + * @author Apache MINA SSHD Project + */ +public class DefaultGroupPrincipal extends PrincipalBase implements GroupPrincipal { + + public DefaultGroupPrincipal(String name) { + super(name); + } + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/DefaultUserPrincipal.java b/files-sftp/src/main/java/org/apache/sshd/common/DefaultUserPrincipal.java new file mode 100644 index 0000000..b1aa099 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/DefaultUserPrincipal.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common; + +import java.nio.file.attribute.UserPrincipal; + +/** + * @author Apache MINA SSHD Project + */ +public class DefaultUserPrincipal extends PrincipalBase implements UserPrincipal { + + public DefaultUserPrincipal(String name) { + super(name); + } + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/Factory.java b/files-sftp/src/main/java/org/apache/sshd/common/Factory.java new file mode 100644 index 0000000..b8ace58 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/Factory.java @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common; + +import java.util.function.Supplier; + +/** + * Factory is a simple interface that is used to create other objects. + * + * @param type of object this factory will create + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface Factory extends Supplier { + + @Override + default T get() { + return create(); + } + + /** + * @return A new instance + */ + T create(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/FactoryManager.java b/files-sftp/src/main/java/org/apache/sshd/common/FactoryManager.java new file mode 100644 index 0000000..13c1ba2 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/FactoryManager.java @@ -0,0 +1,142 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common; + +import java.util.List; +import java.util.Objects; +import java.util.concurrent.ScheduledExecutorService; + +import org.apache.sshd.common.channel.ChannelFactory; +import org.apache.sshd.common.channel.ChannelListenerManager; +import org.apache.sshd.common.channel.RequestHandler; +import org.apache.sshd.common.channel.throttle.ChannelStreamWriterResolverManager; +import org.apache.sshd.common.file.FileSystemFactory; +import org.apache.sshd.common.forward.ForwarderFactory; +import org.apache.sshd.common.forward.PortForwardingEventListenerManager; +import org.apache.sshd.common.io.IoServiceEventListenerManager; +import org.apache.sshd.common.io.IoServiceFactory; +import org.apache.sshd.common.kex.KexFactoryManager; +import org.apache.sshd.common.random.Random; +import org.apache.sshd.common.session.ConnectionService; +import org.apache.sshd.common.session.ReservedSessionMessagesManager; +import org.apache.sshd.common.session.SessionDisconnectHandlerManager; +import org.apache.sshd.common.session.SessionHeartbeatController; +import org.apache.sshd.common.session.SessionListenerManager; +import org.apache.sshd.common.session.UnknownChannelReferenceHandlerManager; + +/** + * This interface allows retrieving all the NamedFactory used in the SSH protocol. + * + * @author Apache MINA SSHD Project + */ +public interface FactoryManager + extends KexFactoryManager, + SessionListenerManager, + ReservedSessionMessagesManager, + SessionDisconnectHandlerManager, + ChannelListenerManager, + ChannelStreamWriterResolverManager, + UnknownChannelReferenceHandlerManager, + PortForwardingEventListenerManager, + IoServiceEventListenerManager, + AttributeStore, + SessionHeartbeatController { + + /** + * The default {@code REPORTED_VERSION} of {@link FactoryManager#getVersion()} if the built-in version information + * cannot be accessed + */ + String DEFAULT_VERSION = "SSHD-UNKNOWN"; + + /** + * An upper case string identifying the version of the software used on client or server side. This version includes + * the name and version of the software and usually looks like this: SSHD-CORE-1.0 + * + * @return the version of the software + */ + String getVersion(); + + IoServiceFactory getIoServiceFactory(); + + /** + * Retrieve the Random factory to be used. + * + * @return The Random factory, never {@code null} + */ + Factory getRandomFactory(); + + /** + * Retrieve the list of named factories for Channel objects. + * + * @return A list of {@link ChannelFactory}-ies, never {@code null} + */ + List getChannelFactories(); + + /** + * Retrieve the ScheduledExecutorService to be used. + * + * @return The {@link ScheduledExecutorService}, never {@code null} + */ + ScheduledExecutorService getScheduledExecutorService(); + + /** + * Retrieve the forwarder factory used to support forwarding. + * + * @return The {@link ForwarderFactory} + */ + ForwarderFactory getForwarderFactory(); + + /** + * Retrieve the FileSystemFactory to be used to traverse the file system. + * + * @return a valid {@link FileSystemFactory} instance or {@code null} if file based interactions are not supported + * on this server + */ + FileSystemFactory getFileSystemFactory(); + + /** + * Retrieve the list of SSH Service factories. + * + * @return a list of named Service factories, never {@code null} + */ + List getServiceFactories(); + + /** + * Retrieve the list of global request handlers. + * + * @return a list of named GlobalRequestHandler + */ + List> getGlobalRequestHandlers(); + + @Override + default T resolveAttribute(AttributeKey key) { + return resolveAttribute(this, key); + } + + /** + * @param The generic attribute type + * @param manager The {@link FactoryManager} - ignored if {@code null} + * @param key The attribute key - never {@code null} + * @return Associated value - {@code null} if not found + */ + static T resolveAttribute(FactoryManager manager, AttributeKey key) { + Objects.requireNonNull(key, "No key"); + return (manager == null) ? null : manager.getAttribute(key); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/FactoryManagerHolder.java b/files-sftp/src/main/java/org/apache/sshd/common/FactoryManagerHolder.java new file mode 100644 index 0000000..9b2f938 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/FactoryManagerHolder.java @@ -0,0 +1,31 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common; + +/** + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface FactoryManagerHolder { + /** + * @return The currently associated {@link FactoryManager} + */ + FactoryManager getFactoryManager(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/NamedFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/NamedFactory.java new file mode 100644 index 0000000..566e5f2 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/NamedFactory.java @@ -0,0 +1,65 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common; + +import java.util.Collection; +import java.util.List; +import java.util.function.Function; +import java.util.stream.Collectors; + +/** + * A named factory is a factory identified by a name. Such names are used mainly in the algorithm negotiation at the + * beginning of the SSH connection. + * + * @param The create object instance type + * @author Apache MINA SSHD Project + */ +public interface NamedFactory extends Factory, NamedResource { + /** + * Create an instance of the specified name by looking up the needed factory in the list. + * + * @param factories list of available factories + * @param name the factory name to use + * @param type of object to create + * @return a newly created object or {@code null} if the factory is not in the list + */ + static T create(Collection> factories, String name) { + NamedFactory f = NamedResource.findByName(name, String.CASE_INSENSITIVE_ORDER, factories); + if (f != null) { + return f.create(); + } else { + return null; + } + } + + static List setUpTransformedFactories( + boolean ignoreUnsupported, Collection preferred, Function xform) { + return preferred.stream() + .filter(f -> ignoreUnsupported || f.isSupported()) + .map(xform) + .collect(Collectors.toList()); + } + + static List setUpBuiltinFactories( + boolean ignoreUnsupported, Collection preferred) { + return preferred.stream() + .filter(f -> ignoreUnsupported || f.isSupported()) + .collect(Collectors.toList()); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/NamedResource.java b/files-sftp/src/main/java/org/apache/sshd/common/NamedResource.java new file mode 100644 index 0000000..b124579 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/NamedResource.java @@ -0,0 +1,142 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common; + +import java.util.Collection; +import java.util.Comparator; +import java.util.List; +import java.util.function.Function; + +import org.apache.sshd.common.util.GenericUtils; + +/** + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface NamedResource { + + /** + * Returns the value of {@link #getName()} - or {@code null} if argument is {@code null} + */ + Function NAME_EXTRACTOR = input -> input == null ? null : input.getName(); + + /** + * Compares 2 {@link NamedResource}s according to their {@link #getName()} value case insensitive + */ + Comparator BY_NAME_COMPARATOR = Comparator.comparing(NAME_EXTRACTOR, String.CASE_INSENSITIVE_ORDER); + + /** + * @return The resource name + */ + String getName(); + + /** + * @param resources The named resources + * @return A {@link List} of all the factories names - in same order as they appear in the input + * collection + */ + static List getNameList(Collection resources) { + return GenericUtils.map(resources, NamedResource::getName); + } + + /** + * @param resources list of available resources + * @return A comma separated list of factory names + */ + static String getNames(Collection resources) { + Collection nameList = getNameList(resources); + return GenericUtils.join(nameList, ','); + } + + /** + * Remove the resource identified by the name from the list. + * + * @param The generic resource type + * @param name Name of the resource - ignored if {@code null}/empty + * @param c The {@link Comparator} to decide whether the {@link NamedResource#getName()} matches the + * name parameter + * @param resources The {@link NamedResource} to check - ignored if {@code null}/empty + * @return the removed resource from the list or {@code null} if not in the list + */ + static R removeByName( + String name, Comparator c, Collection resources) { + R r = findByName(name, c, resources); + if (r != null) { + resources.remove(r); + } + return r; + } + + /** + * @param The generic resource type + * @param name Name of the resource - ignored if {@code null}/empty + * @param c The {@link Comparator} to decide whether the {@link NamedResource#getName()} matches the + * name parameter + * @param resources The {@link NamedResource} to check - ignored if {@code null}/empty + * @return The first resource whose name matches the parameter (by invoking + * {@link Comparator#compare(Object, Object)} - {@code null} if no match found + */ + static R findByName( + String name, Comparator c, Collection resources) { + return (GenericUtils.isEmpty(name) || GenericUtils.isEmpty(resources)) + ? null + : GenericUtils.stream(resources) + .filter(r -> c.compare(name, r.getName()) == 0) + .findFirst() + .orElse(null); + } + + static R findFirstMatchByName( + Collection names, Comparator c, Collection resources) { + return (GenericUtils.isEmpty(names) || GenericUtils.isEmpty(resources)) + ? null + : GenericUtils.stream(resources) + .filter(r -> GenericUtils.findFirstMatchingMember(n -> c.compare(n, r.getName()) == 0, names) != null) + .findFirst() + .orElse(null); + + } + + /** + * Wraps a name value inside a {@link NamedResource} + * + * @param name The name value to wrap + * @return The wrapper instance + */ + static NamedResource ofName(String name) { + return new NamedResource() { + @Override + public String getName() { + return name; + } + + @Override + public String toString() { + return getName(); + } + }; + } + + static int safeCompareByName(NamedResource r1, NamedResource r2, boolean caseSensitive) { + String n1 = (r1 == null) ? null : r1.getName(); + String n2 = (r2 == null) ? null : r2.getName(); + return GenericUtils.safeCompare(n1, n2, caseSensitive); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/OptionalFeature.java b/files-sftp/src/main/java/org/apache/sshd/common/OptionalFeature.java new file mode 100644 index 0000000..1afa864 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/OptionalFeature.java @@ -0,0 +1,92 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common; + +import java.util.Collection; + +import org.apache.sshd.common.util.GenericUtils; + +/** + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface OptionalFeature { + OptionalFeature TRUE = new OptionalFeature() { + @Override + public boolean isSupported() { + return true; + } + + @Override + public String toString() { + return "TRUE"; + } + }; + + OptionalFeature FALSE = new OptionalFeature() { + @Override + public boolean isSupported() { + return false; + } + + @Override + public String toString() { + return "FALSE"; + } + }; + + boolean isSupported(); + + static OptionalFeature of(boolean supported) { + return supported ? TRUE : FALSE; + } + + static OptionalFeature all(Collection features) { + return () -> { + if (GenericUtils.isEmpty(features)) { + return false; + } + + for (OptionalFeature f : features) { + if (!f.isSupported()) { + return false; + } + } + + return true; + }; + } + + static OptionalFeature any(Collection features) { + return () -> { + if (GenericUtils.isEmpty(features)) { + return false; + } + + for (OptionalFeature f : features) { + if (f.isSupported()) { + return true; + } + } + + return false; + }; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/PrincipalBase.java b/files-sftp/src/main/java/org/apache/sshd/common/PrincipalBase.java new file mode 100644 index 0000000..c3a4d17 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/PrincipalBase.java @@ -0,0 +1,65 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common; + +import java.security.Principal; +import java.util.Objects; + +/** + * @author Apache MINA SSHD Project + */ +public class PrincipalBase implements Principal { + + private final String name; + + public PrincipalBase(String name) { + if (name == null) { + throw new IllegalArgumentException("name is null"); + } + this.name = name; + } + + @Override + public final String getName() { + return name; + } + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if ((o == null) || (getClass() != o.getClass())) { + return false; + } + + Principal that = (Principal) o; + return Objects.equals(getName(), that.getName()); + } + + @Override + public int hashCode() { + return Objects.hashCode(getName()); + } + + @Override + public String toString() { + return getName(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/Property.java b/files-sftp/src/main/java/org/apache/sshd/common/Property.java new file mode 100644 index 0000000..a8055c2 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/Property.java @@ -0,0 +1,443 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common; + +import java.nio.charset.Charset; +import java.time.Duration; +import java.util.Collection; +import java.util.Collections; +import java.util.EnumSet; +import java.util.NoSuchElementException; +import java.util.Objects; +import java.util.Optional; +import java.util.function.Consumer; + +import org.apache.sshd.common.util.ValidateUtils; + +/** + * Property definition. + * + * @param The generic property type + * @author Apache MINA SSHD Project + */ +public interface Property extends NamedResource { + + static Property string(String name) { + return string(name, null); + } + + static Property string(String name, String def) { + return new StringProperty(name, def); + } + + static Property bool(String name) { + return new BooleanProperty(name); + } + + static Property bool(String name, boolean def) { + return new BooleanProperty(name, def); + } + + static Property integer(String name) { + return new IntegerProperty(name); + } + + static Property integer(String name, int def) { + return new IntegerProperty(name, def); + } + + // CHECKSTYLE:OFF + static Property long_(String name) { + return new LongProperty(name); + } + + static Property long_(String name, long def) { + return new LongProperty(name, def); + } + + static > Property enum_(String name, Class type) { + return enum_(name, type, null); + } + + static > Property enum_(String name, Class type, T def) { + return new EnumProperty<>(name, type, def); + } + // CHECKSTYLE:ON + + static Property duration(String name) { + return duration(name, null); + } + + static Property duration(String name, Duration def) { + return new DurationProperty(name, def); + } + + static Property durationSec(String name) { + return durationSec(name, null); + } + + static Property durationSec(String name, Duration def) { + return new DurationInSecondsProperty(name, def); + } + + static Property charset(String name) { + return charset(name, null); + } + + static Property charset(String name, Charset def) { + return new CharsetProperty(name, def); + } + + static Property object(String name) { + return object(name, null); + } + + static Property object(String name, Object def) { + return new ObjectProperty(name, def); + } + + static Property validating(Property prop, Consumer validator) { + return new Validating<>(prop, validator); + } + + abstract class BaseProperty implements Property { + private final String name; + private final Class type; + private final Optional defaultValue; + + protected BaseProperty(String name, Class type) { + this(name, type, null); + } + + protected BaseProperty(String name, Class type, T defaultValue) { + this.name = ValidateUtils.checkNotNullAndNotEmpty(name, "No name provided"); + this.type = Objects.requireNonNull(type, "Type must be provided"); + this.defaultValue = Optional.ofNullable(defaultValue); + } + + @Override + public String getName() { + return name; + } + + @Override + public Class getType() { + return type; + } + + @Override + public Optional getDefault() { + return defaultValue; + } + + @Override + public Optional get(PropertyResolver resolver) { + Object propValue = PropertyResolverUtils.resolvePropertyValue(resolver, getName()); + return (propValue != null) ? Optional.of(fromStorage(propValue)) : getDefault(); + } + + @Override + public T getOrCustomDefault(PropertyResolver resolver, T defaultValue) { + Object propValue = PropertyResolverUtils.resolvePropertyValue(resolver, getName()); + return (propValue != null) ? fromStorage(propValue) : defaultValue; + } + + @Override + public void set(PropertyResolver resolver, T value) { + PropertyResolverUtils.updateProperty(resolver, getName(), toStorage(value)); + } + + protected Object toStorage(T value) { + return value; + } + + protected abstract T fromStorage(Object value); + + @Override + public String toString() { + return "Property[" + getName() + "](" + getType().getSimpleName() + "]"; + } + } + + class DurationProperty extends BaseProperty { + public DurationProperty(String name) { + this(name, null); + } + + public DurationProperty(String name, Duration def) { + super(name, Duration.class, def); + } + + @Override + protected Object toStorage(Duration value) { + return (value != null) ? value.toMillis() : null; + } + + @Override + protected Duration fromStorage(Object value) { + Long val = PropertyResolverUtils.toLong(value); + return (val != null) ? Duration.ofMillis(val) : null; + } + } + + class DurationInSecondsProperty extends DurationProperty { + public DurationInSecondsProperty(String name) { + this(name, null); + } + + public DurationInSecondsProperty(String name, Duration def) { + super(name, def); + } + + @Override + protected Object toStorage(Duration value) { + return (value != null) ? (value.toMillis() / 1_000L) : null; + } + + @Override + protected Duration fromStorage(Object value) { + Long val = PropertyResolverUtils.toLong(value); + return val != null ? Duration.ofSeconds(val) : null; + } + } + + class StringProperty extends BaseProperty { + public StringProperty(String name) { + this(name, null); + } + + public StringProperty(String name, String def) { + super(name, String.class, def); + } + + @Override + protected String fromStorage(Object value) { + return (value != null) ? value.toString() : null; + } + } + + class BooleanProperty extends BaseProperty { + public BooleanProperty(String name) { + this(name, null); + } + + public BooleanProperty(String name, Boolean defaultValue) { + super(name, Boolean.class, defaultValue); + } + + @Override + protected Boolean fromStorage(Object value) { + return PropertyResolverUtils.toBoolean(value); + } + } + + class LongProperty extends BaseProperty { + public LongProperty(String name) { + this(name, null); + } + + public LongProperty(String name, Long defaultValue) { + super(name, Long.class, defaultValue); + } + + @Override + protected Long fromStorage(Object value) { + return PropertyResolverUtils.toLong(value); + } + } + + class IntegerProperty extends BaseProperty { + public IntegerProperty(String name) { + this(name, null); + } + + public IntegerProperty(String name, Integer defaultValue) { + super(name, Integer.class, defaultValue); + } + + @Override + protected Integer fromStorage(Object value) { + return PropertyResolverUtils.toInteger(value); + } + } + + class CharsetProperty extends BaseProperty { + public CharsetProperty(String name) { + this(name, null); + } + + public CharsetProperty(String name, Charset defaultValue) { + super(name, Charset.class, defaultValue); + } + + @Override + protected Charset fromStorage(Object value) { + return PropertyResolverUtils.toCharset(value); + } + } + + class ObjectProperty extends BaseProperty { + public ObjectProperty(String name) { + this(name, null); + } + + public ObjectProperty(String name, Object defaultValue) { + super(name, Object.class, defaultValue); + } + + @Override + protected Object fromStorage(Object value) { + return value; + } + } + + class EnumProperty> extends BaseProperty { + protected final Collection values; + + public EnumProperty(String name, Class type) { + this(name, type, null); + } + + public EnumProperty(String name, Class type, T def) { + super(name, type, def); + values = Collections.unmodifiableSet(EnumSet.allOf(type)); + } + + @Override + protected T fromStorage(Object value) { + Class type = getType(); + return PropertyResolverUtils.toEnum(type, value, false, values); + } + } + + class Validating implements Property { + protected final Property delegate; + protected final Consumer validator; + + public Validating(Property delegate, Consumer validator) { + this.delegate = delegate; + this.validator = validator; + } + + @Override + public String getName() { + return delegate.getName(); + } + + @Override + public Class getType() { + return delegate.getType(); + } + + @Override + public Optional getDefault() { + return delegate.getDefault(); + } + + @Override + public T getRequiredDefault() { + return delegate.getRequiredDefault(); + } + + @Override + public Optional get(PropertyResolver resolver) { + Optional t = delegate.get(resolver); + t.ifPresent(validator); + return t; + } + + @Override + public T getOrCustomDefault(PropertyResolver resolver, T defaultValue) { + T value = delegate.getOrCustomDefault(resolver, defaultValue); + validator.accept(value); + return value; + } + + @Override + public void set(PropertyResolver resolver, T value) { + validator.accept(value); + delegate.set(resolver, value); + } + + @Override + public void remove(PropertyResolver resolver) { + delegate.remove(resolver); + } + } + + /** + * @return Property type - Note: for primitive types the wrapper equivalent is returned + */ + Class getType(); + + /** + * @return The {@link Optional} pre-defined default value + */ + Optional getDefault(); + + default T getRequiredDefault() { + return getDefault().get(); + } + + /** + * @param resolver The {@link PropertyResolver} to query for the property value. + * @return The {@link Optional} result - if resolver contains a value then the resolver's value, otherwise + * the pre-defined {@link #getDefault() default} + */ + Optional get(PropertyResolver resolver); + + /** + * @param resolver The {@link PropertyResolver} to query for the property value. + * @return The resolved value + * @throws NoSuchElementException if resolver contains no value and no {@link #getDefault()} defined + */ + default T getRequired(PropertyResolver resolver) { + return get(resolver).get(); + } + + /** + * @param resolver The {@link PropertyResolver} to query for the property value. + * @return The resolver's value or {@code null} if no specific value found in the resolver - regardless of + * whether there is a default value + */ + default T getOrNull(PropertyResolver resolver) { + return getOrCustomDefault(resolver, null); + } + + /** + * @param resolver The {@link PropertyResolver} to query for the property value. + * @param defaultValue The default value to return if no specific value found in resolver + * @return The resolver's value or specified default if no specific value found in the resolver - + * regardless of whether there is a default value + */ + T getOrCustomDefault(PropertyResolver resolver, T defaultValue); + + /** + * @param resolver The {@link PropertyResolver} to update with the property value. + * @param value The value to set + */ + void set(PropertyResolver resolver, T value); + + /** + * @param resolver The {@link PropertyResolver} to remove the property from + */ + default void remove(PropertyResolver resolver) { + PropertyResolverUtils.updateProperty(resolver, getName(), null); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/PropertyResolver.java b/files-sftp/src/main/java/org/apache/sshd/common/PropertyResolver.java new file mode 100644 index 0000000..64ddffc --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/PropertyResolver.java @@ -0,0 +1,125 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common; + +import java.nio.charset.Charset; +import java.util.Collections; +import java.util.Map; + +/** + * Indicates an entity that can be configured using properties. The properties are simple name-value pairs where the + * actual value type depends on the property. Some automatic conversions may be available - e.g., from a string to a + * numeric or {@code boolean} value, or from {@code int} to {@code long}, etc.. Note: implementations may decide + * to use case insensitive property names, therefore it is highly discouraged to use names that + * differ from each other only in case sensitivity. Also, implementations may choose to trim whitespaces, thus such are + * also highly discouraged. + * + * @author Apache MINA SSHD Project + */ +public interface PropertyResolver { + /** + * An "empty" resolver with no properties and no parent + */ + PropertyResolver EMPTY = new PropertyResolver() { + @Override + public PropertyResolver getParentPropertyResolver() { + return null; + } + + @Override + public Map getProperties() { + return Collections.emptyMap(); + } + + @Override + public String toString() { + return "EMPTY"; + } + }; + + /** + * @return The parent resolver that can be used to query for missing properties - {@code null} if no parent + */ + PropertyResolver getParentPropertyResolver(); + + /** + *

    + * A map of properties that can be used to configure the SSH server or client. This map will never be changed by + * either the server or client and is not supposed to be changed at runtime (changes are not bound to have any + * effect on a running client or server), though it may affect the creation of sessions later as these values are + * usually not cached. + *

    + * + *

    + * Note: the type of the mapped property should match the expected configuration value type - + * {@code Long, Integer, Boolean, + * String}, etc.... If it doesn't, the {@code toString()} result of the mapped value is used to convert it to the + * required type. E.g., if the mapped value is the string "1234" and the expected value is a + * {@code long} then it will be parsed into one. Also, if the mapped value is an {@code Integer} but a {@code long} + * is expected, then it will be converted into one. + *

    + * + * @return a valid Map containing configuration values, never {@code null}. Note: may be + * immutable. + */ + Map getProperties(); + + default long getLongProperty(String name, long def) { + return PropertyResolverUtils.getLongProperty(this, name, def); + } + + default Long getLong(String name) { + return PropertyResolverUtils.getLong(this, name); + } + + default int getIntProperty(String name, int def) { + return PropertyResolverUtils.getIntProperty(this, name, def); + } + + default Integer getInteger(String name) { + return PropertyResolverUtils.getInteger(this, name); + } + + default boolean getBooleanProperty(String name, boolean def) { + return PropertyResolverUtils.getBooleanProperty(this, name, def); + } + + default Boolean getBoolean(String name) { + return PropertyResolverUtils.getBoolean(this, name); + } + + default String getStringProperty(String name, String def) { + return PropertyResolverUtils.getStringProperty(this, name, def); + } + + default String getString(String name) { + return PropertyResolverUtils.getString(this, name); + } + + default Object getObject(String name) { + return PropertyResolverUtils.getObject(this, name); + } + + default Charset getCharset(String name, Charset defaultValue) { + Object value = getObject(name); + return (value == null) ? defaultValue : PropertyResolverUtils.toCharset(value); + } + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/PropertyResolverUtils.java b/files-sftp/src/main/java/org/apache/sshd/common/PropertyResolverUtils.java new file mode 100644 index 0000000..a42cd1c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/PropertyResolverUtils.java @@ -0,0 +1,553 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common; + +import java.nio.charset.Charset; +import java.util.Collection; +import java.util.Collections; +import java.util.Map; +import java.util.NavigableSet; +import java.util.NoSuchElementException; +import java.util.Objects; +import java.util.Properties; +import java.util.concurrent.ConcurrentHashMap; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * @author Apache MINA SSHD Project + */ +public final class PropertyResolverUtils { + public static final String NONE_VALUE = "none"; + + /** + * Case insensitive {@link NavigableSet} of values considered {@code true} by {@link #parseBoolean(String)} + */ + public static final NavigableSet TRUE_VALUES = Collections.unmodifiableNavigableSet( + GenericUtils.asSortedSet( + String.CASE_INSENSITIVE_ORDER, "true", "t", "yes", "y", "on")); + + /** + * Case insensitive {@link NavigableSet} of values considered {@code false} by {@link #parseBoolean(String)} + */ + public static final NavigableSet FALSE_VALUES = Collections.unmodifiableNavigableSet( + GenericUtils.asSortedSet( + String.CASE_INSENSITIVE_ORDER, "false", "f", "no", "n", "off")); + + private PropertyResolverUtils() { + throw new UnsupportedOperationException("No instance allowed"); + } + + /** + * @param v Value to examine + * @return {@code true} if equals to {@value #NONE_VALUE} - case insensitive + */ + public static boolean isNoneValue(String v) { + return NONE_VALUE.equalsIgnoreCase(v); + } + + /** + * @param resolver The {@link PropertyResolver} instance - ignored if {@code null} + * @param name The property name + * @param defaultValue The default value to return if the specified property does not exist in the + * properties map + * @return The resolved property + * @throws NumberFormatException if malformed value + * @see #toLong(Object, long) + */ + public static long getLongProperty(PropertyResolver resolver, String name, long defaultValue) { + return toLong(resolvePropertyValue(resolver, name), defaultValue); + } + + public static long getLongProperty(Map props, String name, long defaultValue) { + return toLong(resolvePropertyValue(props, name), defaultValue); + } + + /** + * Converts a generic object value to a {@code long} if possible: + *
      + *
    • If value is {@code null} the default is returned
      • + * + *
    • If value is a {@link Number} then its {@link Number#longValue()} is returned
      • + * + *
    • Otherwise, the value's {@code toString()} is parsed as a {@code long}
      • + *
    + * + * @param value The resolved value - may be {@code null} + * @param defaultValue The default to use if {@code null} resolved value + * @return The resolved value + * @throws NumberFormatException if malformed value + * @see Long#parseLong(String) + */ + public static long toLong(Object value, long defaultValue) { + if (value == null) { + return defaultValue; + } else if (value instanceof Number) { + return ((Number) value).longValue(); + } else { // we parse the string in case it is not a valid long value + return Long.parseLong(value.toString()); + } + } + + /** + * @param resolver The {@link PropertyResolver} instance - ignored if {@code null} + * @param name The property name + * @return The {@link Long} value or {@code null} if property not found + * @throws NumberFormatException if malformed value + * @see #toLong(Object) + */ + public static Long getLong(PropertyResolver resolver, String name) { + return toLong(resolvePropertyValue(resolver, name)); + } + + public static Long getLong(Map props, String name) { + return toLong(resolvePropertyValue(props, name)); + } + + /** + * Converts a generic object into a {@link Long}: + *
      + *
    • If the value is {@code null} then returns {@code null}.
      • + * + *
    • If the value is already a {@link Long} then it is returned as such.
      • + * + *
    • If value is a {@link Number} then its {@link Number#longValue()} is wrapped as a {@link Long}
      • + * + *
    • Otherwise, the value's {@code toString()} is parsed as a {@link Long}
      • + *
    + * + * @param value The resolved value - may be {@code null} + * @return The {@link Long} value or {@code null} if property not found + * @throws NumberFormatException if malformed value + * @see Long#valueOf(long) + * @see Long#valueOf(String) + */ + public static Long toLong(Object value) { + if (value == null) { + return null; + } else if (value instanceof Long) { + return (Long) value; + } else if (value instanceof Number) { + return ((Number) value).longValue(); + } else { // we parse the string in case it is not a valid long value + return Long.valueOf(value.toString()); + } + } + + /** + * Converts an enumerated configuration value: + *
      + *

      + *

    • If value is {@code null} then return {@code null}
      • + *

      + * + *

      + *

    • If value already of the expected type then simply cast and return it.
      • + *

      + * + *

      + *

    • If value is a {@link CharSequence} then convert it to a string and look for a matching enumerated value name + * - case insensitive.
      • + *

      + * > + *
    + * + * @param Type of enumerated value + * @param enumType The enumerated class type + * @param value The configured value - ignored if {@code null} + * @param failIfNoMatch Whether to fail if no matching name found + * @param available The available values to compare the name + * @return The matching enumerated value - {@code null} if no match found + * @throws IllegalArgumentException If value is neither {@code null}, nor the enumerated type nor a + * {@link CharSequence} + * @throws NoSuchElementException If no matching string name found and failIfNoMatch is {@code true} + */ + public static > E toEnum( + Class enumType, Object value, boolean failIfNoMatch, Collection available) { + if (value == null) { + return null; + } else if (enumType.isInstance(value)) { + return enumType.cast(value); + } else if (value instanceof CharSequence) { + String name = value.toString(); + if (GenericUtils.size(available) > 0) { + for (E v : available) { + if (name.equalsIgnoreCase(v.name())) { + return v; + } + } + } + + if (failIfNoMatch) { + throw new NoSuchElementException("No match found for " + enumType.getSimpleName() + "[" + name + "]"); + } + + return null; + } else { + throw new IllegalArgumentException( + "Bad value type for enum conversion: " + value.getClass().getSimpleName()); + } + } + + public static Object updateProperty(PropertyResolver resolver, String name, long value) { + return updateProperty(resolver.getProperties(), name, value); + } + + public static Object updateProperty(Map props, String name, long value) { + return updateProperty(props, name, Long.valueOf(value)); + } + + public static int getIntProperty(PropertyResolver resolver, String name, int defaultValue) { + return toInteger(resolvePropertyValue(resolver, name), defaultValue); + } + + public static int getIntProperty(Map props, String name, int defaultValue) { + return toInteger(resolvePropertyValue(props, name), defaultValue); + } + + public static int toInteger(Object value, int defaultValue) { + if (value == null) { + return defaultValue; + } else if (value instanceof Number) { + return ((Number) value).intValue(); + } else { // we parse the string in case this is NOT an integer + return Integer.parseInt(value.toString()); + } + } + + public static Integer getInteger(PropertyResolver resolver, String name) { + return toInteger(resolvePropertyValue(resolver, name)); + } + + public static Integer getInteger(Map props, String name) { + return toInteger(resolvePropertyValue(props, name)); + } + + public static Integer toInteger(Object value) { + if (value == null) { + return null; + } else if (value instanceof Integer) { + return (Integer) value; + } else if (value instanceof Number) { + return ((Number) value).intValue(); + } else { // we parse the string in case this is NOT a valid integer string + return Integer.valueOf(value.toString()); + } + } + + public static Object updateProperty(PropertyResolver resolver, String name, int value) { + return updateProperty(resolver.getProperties(), name, value); + } + + public static Object updateProperty(Map props, String name, int value) { + return updateProperty(props, name, Integer.valueOf(value)); + } + + public static boolean getBooleanProperty(PropertyResolver resolver, String name, boolean defaultValue) { + return toBoolean(getObject(resolver, name), defaultValue); + } + + public static boolean getBooleanProperty(Map props, String name, boolean defaultValue) { + return toBoolean(getObject(props, name), defaultValue); + } + + /** + * @param value The value to convert + * @param defaultValue The default value to return if value is {@code null} or and empty string, then returns the + * default value. + * @return The resolved value + * @see #toBoolean(Object) + */ + public static boolean toBoolean(Object value, boolean defaultValue) { + Boolean bool = toBoolean(value); + if (bool == null) { + return defaultValue; + } else { + return bool; + } + } + + public static Boolean getBoolean(PropertyResolver resolver, String name) { + Object propValue = resolvePropertyValue(resolver, name); + return toBoolean(propValue); + } + + public static Boolean getBoolean(Map props, String name) { + Object propValue = resolvePropertyValue(props, name); + return toBoolean(propValue); + } + + /** + *

    + * Attempts to convert the object into a {@link Boolean} value as follows: + *

    + *
    + *
      + *

      + *

    • If {@code null} or an empty string then return {@code null}.
      • + *

      + * + *

      + *

    • If already a {@link Boolean} then return as-is
      • + *

      + * + *

      + *

    • If a {@link CharSequence} then invoke {@link #parseBoolean(String)}
      • + *

      + * + *

      + *

    • Otherwise, throws an {@link UnsupportedOperationException}
      • + *

      + *
    + * + * @param value The value to be converted + * @return The result - {@code null} if {@code null} or an empty string + * @throws UnsupportedOperationException If value cannot be converted to a boolean - e.g., a number. + * @see #parseBoolean(String) + */ + public static Boolean toBoolean(Object value) { + if (value == null) { + return null; + } else if (value instanceof Boolean) { + return (Boolean) value; + } else if (value instanceof CharSequence) { + return parseBoolean(value.toString()); + } else { + throw new UnsupportedOperationException( + "Cannot convert " + value.getClass().getSimpleName() + "[" + value + "] to boolean"); + } + } + + /** + * Converts a string to a {@link Boolean} value by looking for it in either the {@link #TRUE_VALUES} or + * {@link #FALSE_VALUES} + * + * @param value The value to parse + * @return The result - {@code null} if value is {@code null}/empty + * @throws IllegalArgumentException If non-empty string that does not match (case insensitive) either of the + * known values for boolean. + */ + public static Boolean parseBoolean(String value) { + if (GenericUtils.isEmpty(value)) { + return null; + } else if (TRUE_VALUES.contains(value)) { + return Boolean.TRUE; + } else if (FALSE_VALUES.contains(value)) { + return Boolean.FALSE; + } else { + throw new IllegalArgumentException("Unknown boolean value: '" + value + "'"); + } + } + + public static Object updateProperty(PropertyResolver resolver, String name, boolean value) { + return updateProperty(resolver.getProperties(), name, value); + } + + public static Object updateProperty(Map props, String name, boolean value) { + return updateProperty(props, name, Boolean.valueOf(value)); + } + + /** + * @param resolver The {@link PropertyResolver} to use - ignored if {@code null} + * @param name The property name + * @param defaultValue The default value to return if property not set or empty + * @return The set value (if not {@code null}/empty) or default one + */ + public static String getStringProperty( + PropertyResolver resolver, String name, String defaultValue) { + String value = getString(resolver, name); + if (GenericUtils.isEmpty(value)) { + return defaultValue; + } else { + return value; + } + } + + public static String getStringProperty(Map props, String name, String defaultValue) { + Object value = resolvePropertyValue(props, name); + if (value == null) { + return defaultValue; + } else { + return Objects.toString(value); + } + } + + public static Charset getCharset(PropertyResolver resolver, String name, Charset defaultValue) { + Object value = getObject(resolver, name); + return (value == null) ? defaultValue : toCharset(value); + } + + public static Charset getCharset(Map props, String name, Charset defaultValue) { + Object value = getObject(props, name); + return (value == null) ? defaultValue : toCharset(value); + } + + public static Charset toCharset(Object value) { + if (value == null) { + return null; + } else if (value instanceof Charset) { + return (Charset) value; + } else if (value instanceof CharSequence) { + return Charset.forName(value.toString()); + } else { + throw new IllegalArgumentException("Invalid charset conversion value: " + value); + } + } + + public static String getString(PropertyResolver resolver, String name) { + Object value = getObject(resolver, name); + return Objects.toString(value, null); + } + + public static String getString(Map props, String name) { + Object value = getObject(props, name); + return Objects.toString(value, null); + } + + public static Object getObject(PropertyResolver resolver, String name) { + return resolvePropertyValue(resolver, name); + } + + public static Object getObject(PropertyResolver resolver, String name, Object defaultValue) { + Object value = resolvePropertyValue(resolver, name); + return value != null ? value : defaultValue; + } + + // for symmetrical reasons... + public static Object getObject(Map props, String name) { + return resolvePropertyValue(props, name); + } + + public static Object resolvePropertyValue(Map props, String name) { + String key = ValidateUtils.checkNotNullAndNotEmpty(name, "No property name"); + return (props != null) ? props.get(key) : null; + } + + /** + * @param resolver The {@link PropertyResolver} instance + * @param name The property name + * @param value The new value - if {@code null} or an empty {@link CharSequence} the property is removed + * @return The previous value - {@code null} if none + */ + public static Object updateProperty(PropertyResolver resolver, String name, Object value) { + return updateProperty(resolver.getProperties(), name, value); + } + + public static Object updateProperty(Map props, String name, Object value) { + String key = ValidateUtils.checkNotNullAndNotEmpty(name, "No property name"); + if ((value == null) || ((value instanceof CharSequence) && GenericUtils.isEmpty((CharSequence) value))) { + return props.remove(key); + } else { + return props.put(key, value); + } + } + + /** + * Unwinds the resolvers hierarchy until found one with a non-{@code null} value for the requested property or + * reached top. If still no value found and the key starts with "org.apache.sshd" then the system + * properties are also consulted + * + * @param resolver The {@link PropertyResolver} to start from - ignored if {@code null} + * @param name The requested property name + * @return The found value or {@code null} + */ + public static Object resolvePropertyValue(PropertyResolver resolver, String name) { + String key = ValidateUtils.checkNotNullAndNotEmpty(name, "No property name"); + for (PropertyResolver r = resolver; r != null; r = r.getParentPropertyResolver()) { + Map props = r.getProperties(); + Object value = getObject(props, key); + if (value != null) { + return value; + } + } + + return null; + } + + /** + * Unwinds the resolvers hierarchy until found one with a non-{@code null} value for the requested property or + * reached top. + * + * @param resolver The {@link PropertyResolver} to start from - ignored if {@code null} + * @param name The requested property name + * @return The found properties {@link Map} or {@code null} + */ + public static Map resolvePropertiesSource(PropertyResolver resolver, String name) { + String key = ValidateUtils.checkNotNullAndNotEmpty(name, "No property name"); + for (PropertyResolver r = resolver; r != null; r = r.getParentPropertyResolver()) { + Map props = r.getProperties(); + Object value = getObject(props, key); + if (value != null) { + return props; + } + } + + return null; + } + + public static PropertyResolver toPropertyResolver(Properties props) { + if (GenericUtils.isEmpty(props)) { + return PropertyResolver.EMPTY; + } + + Collection names = props.stringPropertyNames(); + Map propsMap = new ConcurrentHashMap<>(GenericUtils.size(names)); + for (String key : names) { + String value = props.getProperty(key); + if (value == null) { + continue; + } + propsMap.put(key, value); + } + + return toPropertyResolver(propsMap); + } + + /** + * Wraps a {@link Map} into a {@link PropertyResolver} so it can be used with these utilities + * + * @param props The properties map - may be {@code null}/empty if no properties are updated + * @return The resolver wrapper + */ + public static PropertyResolver toPropertyResolver(Map props) { + return toPropertyResolver(props, null); + } + + public static PropertyResolver toPropertyResolver(Map props, PropertyResolver parent) { + return new PropertyResolver() { + @Override + public PropertyResolver getParentPropertyResolver() { + return parent; + } + + @Override + @SuppressWarnings({ "unchecked", "rawtypes" }) + public Map getProperties() { + return (Map) props; + } + + @Override + public String toString() { + return Objects.toString(props); + } + }; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/RuntimeSshException.java b/files-sftp/src/main/java/org/apache/sshd/common/RuntimeSshException.java new file mode 100644 index 0000000..8c9164f --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/RuntimeSshException.java @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common; + +/** + * Exception used in the SSH client or server. + * + * @author Apache MINA SSHD Project + */ +public class RuntimeSshException extends RuntimeException { + private static final long serialVersionUID = -2423550196146939503L; + + public RuntimeSshException() { + this(null, null); + } + + public RuntimeSshException(String message) { + this(message, null); + } + + public RuntimeSshException(Throwable cause) { + this(null, cause); + } + + public RuntimeSshException(String message, Throwable cause) { + super(message); + if (cause != null) { + initCause(cause); + } + } + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/Service.java b/files-sftp/src/main/java/org/apache/sshd/common/Service.java new file mode 100644 index 0000000..c8c6bae --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/Service.java @@ -0,0 +1,47 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common; + +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.session.SessionHolder; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * See RFC 4253 [SSH-TRANS] and the SSH_MSG_SERVICE_REQUEST packet. Examples include "ssh-userauth" and + * "ssh-connection" but developers are also free to implement their own custom service. + * + * @author Apache MINA SSHD Project + */ +public interface Service extends SessionHolder, PropertyResolver, Closeable { + @Override + default PropertyResolver getParentPropertyResolver() { + return getSession(); + } + + void start(); + + /** + * Service the request. + * + * @param cmd The incoming command type + * @param buffer The {@link Buffer} containing optional command parameters + * @throws Exception If failed to process the command + */ + void process(int cmd, Buffer buffer) throws Exception; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/ServiceFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/ServiceFactory.java new file mode 100644 index 0000000..d4f0a6c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/ServiceFactory.java @@ -0,0 +1,47 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common; + +import java.io.IOException; +import java.util.Collection; + +import org.apache.sshd.common.session.Session; + +public interface ServiceFactory extends NamedResource { + Service create(Session session) throws IOException; + + /** + * Create an instance of the specified name by looking up the needed factory in the list (case insensitive. + * + * @param factories list of available factories + * @param name the factory name to use + * @param session the referenced {@link Session} + * @return a newly created object or {@code null} if the factory is not in the list + * @throws IOException if session creation failed + * @see ServiceFactory#create(Session) + */ + static Service create(Collection factories, String name, Session session) throws IOException { + ServiceFactory factory = NamedResource.findByName(name, String.CASE_INSENSITIVE_ORDER, factories); + if (factory == null) { + return null; + } else { + return factory.create(session); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/SftpConstants.java b/files-sftp/src/main/java/org/apache/sshd/common/SftpConstants.java new file mode 100644 index 0000000..7edd468 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/SftpConstants.java @@ -0,0 +1,424 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common; + +import java.lang.reflect.Field; +import java.lang.reflect.Modifier; +import java.util.Collection; +import java.util.Collections; +import java.util.Comparator; +import java.util.Map; +import java.util.NavigableMap; +import java.util.TreeMap; +import java.util.function.Predicate; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.ReflectionUtils; + +/** + * @author Apache MINA SSHD Project + */ +@SuppressWarnings("PMD.AvoidUsingOctalValues") +public final class SftpConstants { + public static final String SFTP_SUBSYSTEM_NAME = "sftp"; + + public static final int SSH_FXP_INIT = 1; + public static final int SSH_FXP_VERSION = 2; + public static final int SSH_FXP_OPEN = 3; + public static final int SSH_FXP_CLOSE = 4; + public static final int SSH_FXP_READ = 5; + public static final int SSH_FXP_WRITE = 6; + public static final int SSH_FXP_LSTAT = 7; + public static final int SSH_FXP_FSTAT = 8; + public static final int SSH_FXP_SETSTAT = 9; + public static final int SSH_FXP_FSETSTAT = 10; + public static final int SSH_FXP_OPENDIR = 11; + public static final int SSH_FXP_READDIR = 12; + public static final int SSH_FXP_REMOVE = 13; + public static final int SSH_FXP_MKDIR = 14; + public static final int SSH_FXP_RMDIR = 15; + public static final int SSH_FXP_REALPATH = 16; + public static final int SSH_FXP_STAT = 17; + public static final int SSH_FXP_RENAME = 18; + public static final int SSH_FXP_READLINK = 19; + public static final int SSH_FXP_SYMLINK = 20; // v3 -> v5 + public static final int SSH_FXP_LINK = 21; // v6 + public static final int SSH_FXP_BLOCK = 22; // v6 + public static final int SSH_FXP_UNBLOCK = 23; // v6 + public static final int SSH_FXP_STATUS = 101; + public static final int SSH_FXP_HANDLE = 102; + public static final int SSH_FXP_DATA = 103; + public static final int SSH_FXP_NAME = 104; + public static final int SSH_FXP_ATTRS = 105; + public static final int SSH_FXP_EXTENDED = 200; + public static final int SSH_FXP_EXTENDED_REPLY = 201; + + public static final int SSH_FX_OK = 0; + public static final int SSH_FX_EOF = 1; + public static final int SSH_FX_NO_SUCH_FILE = 2; + public static final int SSH_FX_PERMISSION_DENIED = 3; + public static final int SSH_FX_FAILURE = 4; + public static final int SSH_FX_BAD_MESSAGE = 5; + public static final int SSH_FX_NO_CONNECTION = 6; + public static final int SSH_FX_CONNECTION_LOST = 7; + public static final int SSH_FX_OP_UNSUPPORTED = 8; + public static final int SSH_FX_INVALID_HANDLE = 9; + public static final int SSH_FX_NO_SUCH_PATH = 10; + public static final int SSH_FX_FILE_ALREADY_EXISTS = 11; + public static final int SSH_FX_WRITE_PROTECT = 12; + public static final int SSH_FX_NO_MEDIA = 13; + public static final int SSH_FX_NO_SPACE_ON_FILESYSTEM = 14; + public static final int SSH_FX_QUOTA_EXCEEDED = 15; + public static final int SSH_FX_UNKNOWN_PRINCIPAL = 16; + public static final int SSH_FX_LOCK_CONFLICT = 17; + public static final int SSH_FX_DIR_NOT_EMPTY = 18; + public static final int SSH_FX_NOT_A_DIRECTORY = 19; + public static final int SSH_FX_INVALID_FILENAME = 20; + public static final int SSH_FX_LINK_LOOP = 21; + public static final int SSH_FX_CANNOT_DELETE = 22; + public static final int SSH_FX_INVALID_PARAMETER = 23; + public static final int SSH_FX_FILE_IS_A_DIRECTORY = 24; + public static final int SSH_FX_BYTE_RANGE_LOCK_CONFLICT = 25; + public static final int SSH_FX_BYTE_RANGE_LOCK_REFUSED = 26; + public static final int SSH_FX_DELETE_PENDING = 27; + public static final int SSH_FX_FILE_CORRUPT = 28; + public static final int SSH_FX_OWNER_INVALID = 29; + public static final int SSH_FX_GROUP_INVALID = 30; + public static final int SSH_FX_NO_MATCHING_BYTE_RANGE_LOCK = 31; + + public static final int SSH_FILEXFER_ATTR_SIZE = 0x00000001; + public static final int SSH_FILEXFER_ATTR_UIDGID = 0x00000002; + public static final int SSH_FILEXFER_ATTR_PERMISSIONS = 0x00000004; + public static final int SSH_FILEXFER_ATTR_ACMODTIME = 0x00000008; // v3 naming convention + public static final int SSH_FILEXFER_ATTR_ACCESSTIME = 0x00000008; // v4 + public static final int SSH_FILEXFER_ATTR_CREATETIME = 0x00000010; // v4 + public static final int SSH_FILEXFER_ATTR_MODIFYTIME = 0x00000020; // v4 + public static final int SSH_FILEXFER_ATTR_ACL = 0x00000040; // v4 + public static final int SSH_FILEXFER_ATTR_OWNERGROUP = 0x00000080; // v4 + public static final int SSH_FILEXFER_ATTR_SUBSECOND_TIMES = 0x00000100; // v5 + public static final int SSH_FILEXFER_ATTR_BITS = 0x00000200; // v5 + public static final int SSH_FILEXFER_ATTR_ALLOCATION_SIZE = 0x00000400; // v6 + public static final int SSH_FILEXFER_ATTR_TEXT_HINT = 0x00000800; // v6 + public static final int SSH_FILEXFER_ATTR_MIME_TYPE = 0x00001000; // v6 + public static final int SSH_FILEXFER_ATTR_LINK_COUNT = 0x00002000; // v6 + public static final int SSH_FILEXFER_ATTR_UNTRANSLATED_NAME = 0x00004000; // v6 + public static final int SSH_FILEXFER_ATTR_CTIME = 0x00008000; // v6 + public static final int SSH_FILEXFER_ATTR_EXTENDED = 0x80000000; + + public static final int SSH_FILEXFER_ATTR_ALL = 0x0000FFFF; // All attributes + + public static final int SSH_FILEXFER_ATTR_FLAGS_READONLY = 0x00000001; + public static final int SSH_FILEXFER_ATTR_FLAGS_SYSTEM = 0x00000002; + public static final int SSH_FILEXFER_ATTR_FLAGS_HIDDEN = 0x00000004; + public static final int SSH_FILEXFER_ATTR_FLAGS_CASE_INSENSITIVE = 0x00000008; + public static final int SSH_FILEXFER_ATTR_FLAGS_ARCHIVE = 0x00000010; + public static final int SSH_FILEXFER_ATTR_FLAGS_ENCRYPTED = 0x00000020; + public static final int SSH_FILEXFER_ATTR_FLAGS_COMPRESSED = 0x00000040; + public static final int SSH_FILEXFER_ATTR_FLAGS_SPARSE = 0x00000080; + public static final int SSH_FILEXFER_ATTR_FLAGS_APPEND_ONLY = 0x00000100; + public static final int SSH_FILEXFER_ATTR_FLAGS_IMMUTABLE = 0x00000200; + public static final int SSH_FILEXFER_ATTR_FLAGS_SYNC = 0x00000400; + + public static final int SSH_FILEXFER_TYPE_REGULAR = 1; + public static final int SSH_FILEXFER_TYPE_DIRECTORY = 2; + public static final int SSH_FILEXFER_TYPE_SYMLINK = 3; + public static final int SSH_FILEXFER_TYPE_SPECIAL = 4; + public static final int SSH_FILEXFER_TYPE_UNKNOWN = 5; + public static final int SSH_FILEXFER_TYPE_SOCKET = 6; // v5 + public static final int SSH_FILEXFER_TYPE_CHAR_DEVICE = 7; // v5 + public static final int SSH_FILEXFER_TYPE_BLOCK_DEVICE = 8; // v5 + public static final int SSH_FILEXFER_TYPE_FIFO = 9; // v5 + + public static final int SSH_FXF_READ = 0x00000001; + public static final int SSH_FXF_WRITE = 0x00000002; + public static final int SSH_FXF_APPEND = 0x00000004; + public static final int SSH_FXF_CREAT = 0x00000008; + public static final int SSH_FXF_TRUNC = 0x00000010; + public static final int SSH_FXF_EXCL = 0x00000020; + public static final int SSH_FXF_TEXT = 0x00000040; + + public static final int SSH_FXF_ACCESS_DISPOSITION = 0x00000007; + public static final int SSH_FXF_CREATE_NEW = 0x00000000; + public static final int SSH_FXF_CREATE_TRUNCATE = 0x00000001; + public static final int SSH_FXF_OPEN_EXISTING = 0x00000002; + public static final int SSH_FXF_OPEN_OR_CREATE = 0x00000003; + public static final int SSH_FXF_TRUNCATE_EXISTING = 0x00000004; + public static final int SSH_FXF_APPEND_DATA = 0x00000008; + public static final int SSH_FXF_APPEND_DATA_ATOMIC = 0x00000010; + public static final int SSH_FXF_TEXT_MODE = 0x00000020; + public static final int SSH_FXF_READ_LOCK = 0x00000040; + public static final int SSH_FXF_WRITE_LOCK = 0x00000080; + public static final int SSH_FXF_DELETE_LOCK = 0x00000100; + public static final int SSH_FXF_BLOCK_ADVISORY = 0x00000200; + public static final int SSH_FXF_NOFOLLOW = 0x00000400; + public static final int SSH_FXF_DELETE_ON_CLOSE = 0x00000800; + public static final int SSH_FXF_ACCESS_AUDIT_ALARM_INFO = 0x00001000; + public static final int SSH_FXF_ACCESS_BACKUP = 0x00002000; + public static final int SSH_FXF_BACKUP_STREAM = 0x00004000; + public static final int SSH_FXF_OVERRIDE_OWNER = 0x00008000; + + public static final int SSH_FXP_RENAME_OVERWRITE = 0x00000001; + public static final int SSH_FXP_RENAME_ATOMIC = 0x00000002; + public static final int SSH_FXP_RENAME_NATIVE = 0x00000004; + + public static final int SSH_FXP_REALPATH_NO_CHECK = 0x00000001; + public static final int SSH_FXP_REALPATH_STAT_IF = 0x00000002; + public static final int SSH_FXP_REALPATH_STAT_ALWAYS = 0x00000003; + + public static final int SSH_FXF_RENAME_OVERWRITE = 0x00000001; + public static final int SSH_FXF_RENAME_ATOMIC = 0x00000002; + public static final int SSH_FXF_RENAME_NATIVE = 0x00000004; + + public static final int SFX_ACL_CONTROL_INCLUDED = 0x00000001; + public static final int SFX_ACL_CONTROL_PRESENT = 0x00000002; + public static final int SFX_ACL_CONTROL_INHERITED = 0x00000004; + public static final int SFX_ACL_AUDIT_ALARM_INCLUDED = 0x00000010; + public static final int SFX_ACL_AUDIT_ALARM_INHERITED = 0x00000020; + + public static final int ACE4_ACCESS_ALLOWED_ACE_TYPE = 0x00000000; + public static final int ACE4_ACCESS_DENIED_ACE_TYPE = 0x00000001; + public static final int ACE4_SYSTEM_AUDIT_ACE_TYPE = 0x00000002; + public static final int ACE4_SYSTEM_ALARM_ACE_TYPE = 0x00000003; + + public static final int ACE4_FILE_INHERIT_ACE = 0x00000001; + public static final int ACE4_DIRECTORY_INHERIT_ACE = 0x00000002; + public static final int ACE4_NO_PROPAGATE_INHERIT_ACE = 0x00000004; + public static final int ACE4_INHERIT_ONLY_ACE = 0x00000008; + public static final int ACE4_SUCCESSFUL_ACCESS_ACE_FLAG = 0x00000010; + public static final int ACE4_FAILED_ACCESS_ACE_FLAG = 0x00000020; + public static final int ACE4_IDENTIFIER_GROUP = 0x00000040; + + public static final int ACE4_READ_DATA = 0x00000001; + public static final int ACE4_LIST_DIRECTORY = 0x00000001; + public static final int ACE4_WRITE_DATA = 0x00000002; + public static final int ACE4_ADD_FILE = 0x00000002; + public static final int ACE4_APPEND_DATA = 0x00000004; + public static final int ACE4_ADD_SUBDIRECTORY = 0x00000004; + public static final int ACE4_READ_NAMED_ATTRS = 0x00000008; + public static final int ACE4_WRITE_NAMED_ATTRS = 0x00000010; + public static final int ACE4_EXECUTE = 0x00000020; + public static final int ACE4_DELETE_CHILD = 0x00000040; + public static final int ACE4_READ_ATTRIBUTES = 0x00000080; + public static final int ACE4_WRITE_ATTRIBUTES = 0x00000100; + public static final int ACE4_DELETE = 0x00010000; + public static final int ACE4_READ_ACL = 0x00020000; + public static final int ACE4_WRITE_ACL = 0x00040000; + public static final int ACE4_WRITE_OWNER = 0x00080000; + public static final int ACE4_SYNCHRONIZE = 0x00100000; + + public static final int S_IFMT = 0170000; // bitmask for the file type bitfields + public static final int S_IFSOCK = 0140000; // socket + public static final int S_IFLNK = 0120000; // symbolic link + public static final int S_IFREG = 0100000; // regular file + public static final int S_IFBLK = 0060000; // block device + public static final int S_IFDIR = 0040000; // directory + public static final int S_IFCHR = 0020000; // character device + public static final int S_IFIFO = 0010000; // fifo + public static final int S_ISUID = 0004000; // set UID bit + public static final int S_ISGID = 0002000; // set GID bit + public static final int S_ISVTX = 0001000; // sticky bit + public static final int S_IRUSR = 0000400; + public static final int S_IWUSR = 0000200; + public static final int S_IXUSR = 0000100; + public static final int S_IRGRP = 0000040; + public static final int S_IWGRP = 0000020; + public static final int S_IXGRP = 0000010; + public static final int S_IROTH = 0000004; + public static final int S_IWOTH = 0000002; + public static final int S_IXOTH = 0000001; + + public static final int SFTP_V3 = 3; + public static final int SFTP_V4 = 4; + public static final int SFTP_V5 = 5; + public static final int SFTP_V6 = 6; + + // (Some) names of known extensions + public static final String EXT_VERSIONS = "versions"; + public static final String EXT_NEWLINE = "newline"; + public static final String EXT_VENDOR_ID = "vendor-id"; + public static final String EXT_SUPPORTED = "supported"; + public static final String EXT_SUPPORTED2 = "supported2"; + public static final String EXT_TEXT_SEEK = "text-seek"; + public static final String EXT_VERSION_SELECT = "version-select"; + public static final String EXT_COPY_FILE = "copy-file"; + + public static final String EXT_MD5_HASH = "md5-hash"; + public static final String EXT_MD5_HASH_HANDLE = "md5-hash-handle"; + public static final int MD5_QUICK_HASH_SIZE = 2048; + + public static final String EXT_CHECK_FILE_HANDLE = "check-file-handle"; + public static final String EXT_CHECK_FILE_NAME = "check-file-name"; + public static final int MIN_CHKFILE_BLOCKSIZE = 256; + + public static final String EXT_CHECK_FILE = "check-file"; + public static final String EXT_COPY_DATA = "copy-data"; + public static final String EXT_SPACE_AVAILABLE = "space-available"; + + // see https://tools.ietf.org/html/draft-ietf-secsh-filexfer-11 section 5.4 + public static final String EXT_ACL_SUPPORTED = "acl-supported"; + public static final int SSH_ACL_CAP_ALLOW = 0x00000001; + public static final int SSH_ACL_CAP_DENY = 0x00000002; + public static final int SSH_ACL_CAP_AUDIT = 0x00000004; + public static final int SSH_ACL_CAP_ALARM = 0x00000008; + public static final int SSH_ACL_CAP_INHERIT_ACCESS = 0x00000010; + public static final int SSH_ACL_CAP_INHERIT_AUDIT_ALARM = 0x00000020; + + private SftpConstants() { + throw new UnsupportedOperationException("No instance"); + } + + private static final class LazyCommandNameHolder { + private static final Map NAMES_MAP = Collections.unmodifiableMap( + generateMnemonicMap(SftpConstants.class, f -> { + String name = f.getName(); + return name.startsWith("SSH_FXP_") + // exclude the rename modes which are not opcodes + && (!name.startsWith("SSH_FXP_RENAME_")) + // exclude the realpath modes wich are not opcodes + && (!name.startsWith("SSH_FXP_REALPATH_")); + })); + + private LazyCommandNameHolder() { + throw new UnsupportedOperationException("No instance allowed"); + } + } + + + /** + * Scans using reflection API for all fields that are {@code public static final} that start with the given common + * prefix (case sensitive) and are of type {@link Number}. + * + * @param clazz The {@link Class} to query + * @param commonPrefix The expected common prefix + * @return A {@link NavigableMap} of all the matching fields, where key=the field's {@link Integer} + * value and mapping=the field's name + * @see #generateMnemonicMap(Class, Predicate) + */ + public static NavigableMap generateMnemonicMap(Class clazz, final String commonPrefix) { + return generateMnemonicMap(clazz, f -> { + String name = f.getName(); + return name.startsWith(commonPrefix); + }); + } + + /** + * Scans using reflection API for all numeric {@code public static final} fields that are also accepted by + * the predicate. Any field that is not such or fail to retrieve its value, or has a duplicate value is + * silently skipped. + * + * @param clazz The {@link Class} to query + * @param acceptor The {@link Predicate} used to decide whether to process the {@link Field} (besides being a + * {@link Number} and {@code public static final}). + * @return A {@link NavigableMap} of all the matching fields, where key=the field's {@link Integer} value + * and mapping=the field's name + */ + public static NavigableMap generateMnemonicMap(Class clazz, Predicate acceptor) { + Collection fields = getMnemonicFields(clazz, acceptor); + if (GenericUtils.isEmpty(fields)) { + return Collections.emptyNavigableMap(); + } + + NavigableMap result = new TreeMap<>(Comparator.naturalOrder()); + for (Field f : fields) { + String name = f.getName(); + try { + Number value = (Number) f.get(null); + String prev = result.put(NumberUtils.toInteger(value), name); + if (prev != null) { + // noinspection UnnecessaryContinue + continue; // debug breakpoint + } + } catch (Exception e) { + // noinspection UnnecessaryContinue + continue; // debug breakpoint + } + } + + return result; + } + + /** + * Scans using reflection API for all numeric {@code public static final} fields that are also accepted by + * the predicate. + * + * @param clazz The {@link Class} to query + * @param acceptor The {@link Predicate} used to decide whether to process the {@link Field} (besides being a + * {@link Number} and {@code public static final}). + * @return A {@link Collection} of all the fields that have satisfied all conditions + */ + public static Collection getMnemonicFields(Class clazz, Predicate acceptor) { + return ReflectionUtils.getMatchingFields(clazz, f -> { + int mods = f.getModifiers(); + if ((!Modifier.isPublic(mods)) || (!Modifier.isStatic(mods)) || (!Modifier.isFinal(mods))) { + return false; + } + + Class type = f.getType(); + if (!NumberUtils.isNumericClass(type)) { + return false; + } + + return acceptor.test(f); + }); + } + + /** + * Converts a command value to a user-friendly name + * + * @param cmd The command value + * @return The user-friendly name - if not one of the defined {@code SSH_FXP_XXX} values then returns the string + * representation of the command's value + */ + public static String getCommandMessageName(int cmd) { + @SuppressWarnings("synthetic-access") + String name = LazyCommandNameHolder.NAMES_MAP.get(cmd); + if (GenericUtils.isEmpty(name)) { + return Integer.toString(cmd); + } else { + return name; + } + } + + private static final class LazyStatusNameHolder { + private static final Map STATUS_MAP = Collections.unmodifiableMap( + generateMnemonicMap(SftpConstants.class, "SSH_FX_")); + + private LazyStatusNameHolder() { + throw new UnsupportedOperationException("No instance allowed"); + } + } + + /** + * Converts a return status value to a user-friendly name + * + * @param status The status value + * @return The user-friendly name - if not one of the defined {@code SSH_FX_XXX} values then returns the + * string representation of the status value + */ + public static String getStatusName(int status) { + @SuppressWarnings("synthetic-access") + String name = LazyStatusNameHolder.STATUS_MAP.get(status); + if (GenericUtils.isEmpty(name)) { + return Integer.toString(status); + } else { + return name; + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/SftpException.java b/files-sftp/src/main/java/org/apache/sshd/common/SftpException.java new file mode 100644 index 0000000..a5d8b78 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/SftpException.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common; + +import java.io.IOException; + +/** + * @author Apache MINA Project + */ +public class SftpException extends IOException { + private static final long serialVersionUID = 8096963562429466995L; + private final int status; + + public SftpException(int status, String msg) { + super(msg); + this.status = status; + } + + public int getStatus() { + return status; + } + + @Override + public String toString() { + return "SFTP error (" + SftpConstants.getStatusName(getStatus()) + "): " + getMessage(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/SftpHelper.java b/files-sftp/src/main/java/org/apache/sshd/common/SftpHelper.java new file mode 100644 index 0000000..d1687bc --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/SftpHelper.java @@ -0,0 +1,1125 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common; + +import java.io.EOFException; +import java.io.FileNotFoundException; +import java.net.UnknownServiceException; +import java.nio.channels.OverlappingFileLockException; +import java.nio.charset.StandardCharsets; +import java.nio.file.AccessDeniedException; +import java.nio.file.DirectoryNotEmptyException; +import java.nio.file.FileAlreadyExistsException; +import java.nio.file.FileSystemLoopException; +import java.nio.file.InvalidPathException; +import java.nio.file.NoSuchFileException; +import java.nio.file.NotDirectoryException; +import java.nio.file.attribute.AclEntry; +import java.nio.file.attribute.AclEntryFlag; +import java.nio.file.attribute.AclEntryPermission; +import java.nio.file.attribute.AclEntryType; +import java.nio.file.attribute.FileTime; +import java.nio.file.attribute.PosixFilePermission; +import java.nio.file.attribute.PosixFilePermissions; +import java.nio.file.attribute.UserPrincipal; +import java.nio.file.attribute.UserPrincipalNotFoundException; +import java.security.Principal; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.Comparator; +import java.util.EnumSet; +import java.util.List; +import java.util.Map; +import java.util.NavigableMap; +import java.util.Objects; +import java.util.Set; +import java.util.TreeMap; +import java.util.concurrent.TimeUnit; + +import org.apache.sshd.common.PropertyResolver; +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.OsUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.BufferUtils; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.common.SftpModuleProperties; + +/** + * @author Apache MINA SSHD Project + */ +public final class SftpHelper { + + public static final Map DEFAULT_SUBSTATUS_MESSAGE; + + static { + Map map = new TreeMap<>(Comparator.naturalOrder()); + map.put(SftpConstants.SSH_FX_OK, "Success"); + map.put(SftpConstants.SSH_FX_EOF, "End of file"); + map.put(SftpConstants.SSH_FX_NO_SUCH_FILE, "No such file or directory"); + map.put(SftpConstants.SSH_FX_PERMISSION_DENIED, "Permission denied"); + map.put(SftpConstants.SSH_FX_FAILURE, "General failure"); + map.put(SftpConstants.SSH_FX_BAD_MESSAGE, "Bad message data"); + map.put(SftpConstants.SSH_FX_NO_CONNECTION, "No connection to server"); + map.put(SftpConstants.SSH_FX_CONNECTION_LOST, "Connection lost"); + map.put(SftpConstants.SSH_FX_OP_UNSUPPORTED, "Unsupported operation requested"); + map.put(SftpConstants.SSH_FX_INVALID_HANDLE, "Invalid handle value"); + map.put(SftpConstants.SSH_FX_NO_SUCH_PATH, "No such path"); + map.put(SftpConstants.SSH_FX_FILE_ALREADY_EXISTS, "File/Directory already exists"); + map.put(SftpConstants.SSH_FX_WRITE_PROTECT, "File/Directory is write-protected"); + map.put(SftpConstants.SSH_FX_NO_MEDIA, "No such meadia"); + map.put(SftpConstants.SSH_FX_NO_SPACE_ON_FILESYSTEM, "No space left on device"); + map.put(SftpConstants.SSH_FX_QUOTA_EXCEEDED, "Quota exceeded"); + map.put(SftpConstants.SSH_FX_UNKNOWN_PRINCIPAL, "Unknown user/group"); + map.put(SftpConstants.SSH_FX_LOCK_CONFLICT, "Lock conflict"); + map.put(SftpConstants.SSH_FX_DIR_NOT_EMPTY, "Directory not empty"); + map.put(SftpConstants.SSH_FX_NOT_A_DIRECTORY, "Accessed location is not a directory"); + map.put(SftpConstants.SSH_FX_INVALID_FILENAME, "Invalid filename"); + map.put(SftpConstants.SSH_FX_LINK_LOOP, "Link loop"); + map.put(SftpConstants.SSH_FX_CANNOT_DELETE, "Cannot remove"); + map.put(SftpConstants.SSH_FX_INVALID_PARAMETER, "Invalid parameter"); + map.put(SftpConstants.SSH_FX_FILE_IS_A_DIRECTORY, "Accessed location is a directory"); + map.put(SftpConstants.SSH_FX_BYTE_RANGE_LOCK_CONFLICT, "Range lock conflict"); + map.put(SftpConstants.SSH_FX_BYTE_RANGE_LOCK_REFUSED, "Range lock refused"); + map.put(SftpConstants.SSH_FX_DELETE_PENDING, "Delete pending"); + map.put(SftpConstants.SSH_FX_FILE_CORRUPT, "Corrupted file/directory"); + map.put(SftpConstants.SSH_FX_OWNER_INVALID, "Invalid file/directory owner"); + map.put(SftpConstants.SSH_FX_GROUP_INVALID, "Invalid file/directory group"); + map.put(SftpConstants.SSH_FX_NO_MATCHING_BYTE_RANGE_LOCK, "No matching byte range lock"); + DEFAULT_SUBSTATUS_MESSAGE = Collections.unmodifiableMap(map); + } + + private SftpHelper() { + throw new UnsupportedOperationException("No instance allowed"); + } + + /** + * Retrieves the end-of-file indicator for {@code SSH_FXP_DATA} responses, provided the version is at least 6, and + * the buffer has enough available data + * + * @param buffer The {@link Buffer} to retrieve the data from + * @param version The SFTP version being used + * @return The indicator value - {@code null} if none retrieved + * @see SFTP v6 - section + * 9.3 + */ + public static Boolean getEndOfFileIndicatorValue(Buffer buffer, int version) { + return (version < SftpConstants.SFTP_V6) || (buffer.available() < 1) ? null : buffer.getBoolean(); + } + + /** + * Retrieves the end-of-list indicator for {@code SSH_FXP_NAME} responses, provided the version is at least 6, and + * the buffer has enough available data + * + * @param buffer The {@link Buffer} to retrieve the data from + * @param version The SFTP version being used + * @return The indicator value - {@code null} if none retrieved + * @see SFTP v6 - section + * 9.4 + * @see #indicateEndOfNamesList(Buffer, int, PropertyResolver, boolean) + */ + public static Boolean getEndOfListIndicatorValue(Buffer buffer, int version) { + return (version < SftpConstants.SFTP_V6) || (buffer.available() < 1) ? null : buffer.getBoolean(); + } + + /** + * Appends the end-of-list={@code TRUE} indicator for {@code SSH_FXP_NAME} responses, provided the version is at + * least 6 and the feature is enabled + * + * @param buffer The {@link Buffer} to append the indicator + * @param version The SFTP version being used + * @param resolver The {@link PropertyResolver} to query whether to enable the feature + * @return The actual indicator value used - {@code null} if none appended + * @see #indicateEndOfNamesList(Buffer, int, PropertyResolver, boolean) + */ + public static Boolean indicateEndOfNamesList(Buffer buffer, int version, PropertyResolver resolver) { + return indicateEndOfNamesList(buffer, version, resolver, true); + } + + /** + * Appends the end-of-list indicator for {@code SSH_FXP_NAME} responses, provided the version is at least 6, the + * feature is enabled and the indicator value is not {@code null} + * + * @param buffer The {@link Buffer} to append the indicator + * @param version The SFTP version being used + * @param resolver The {@link PropertyResolver} to query whether to enable the feature + * @param indicatorValue The indicator value - {@code null} means don't append the indicator + * @return The actual indicator value used - {@code null} if none appended + * @see SFTP v6 - + * section 9.4 + * @see SftpModuleProperties#APPEND_END_OF_LIST_INDICATOR + */ + public static Boolean indicateEndOfNamesList( + Buffer buffer, int version, PropertyResolver resolver, boolean indicatorValue) { + if (version < SftpConstants.SFTP_V6) { + return null; + } + + if (!SftpModuleProperties.APPEND_END_OF_LIST_INDICATOR.getRequired(resolver)) { + return null; + } + + buffer.putBoolean(indicatorValue); + return indicatorValue; + } + + /** + * Writes a file / folder's attributes to a buffer + * + * @param Type of {@link Buffer} being updated + * @param buffer The target buffer instance + * @param version The output encoding version + * @param attributes The {@link Map} of attributes + * @return The updated buffer + * @see #writeAttrsV3(Buffer, int, Map) + * @see #writeAttrsV4(Buffer, int, Map) + */ + public static B writeAttrs(B buffer, int version, Map attributes) { + if (version == SftpConstants.SFTP_V3) { + return writeAttrsV3(buffer, version, attributes); + } else if (version >= SftpConstants.SFTP_V4) { + return writeAttrsV4(buffer, version, attributes); + } else { + throw new IllegalStateException("Unsupported SFTP version: " + version); + } + } + + /** + * Writes the retrieved file / directory attributes in V3 format + * + * @param Type of {@link Buffer} being updated + * @param buffer The target buffer instance + * @param version The actual version - must be {@link SftpConstants#SFTP_V3} + * @param attributes The {@link Map} of attributes + * @return The updated buffer + */ + public static B writeAttrsV3(B buffer, int version, Map attributes) { + ValidateUtils.checkTrue(version == SftpConstants.SFTP_V3, "Illegal version: %d", version); + + boolean isReg = getBool((Boolean) attributes.get("isRegularFile")); + boolean isDir = getBool((Boolean) attributes.get("isDirectory")); + boolean isLnk = getBool((Boolean) attributes.get("isSymbolicLink")); + @SuppressWarnings("unchecked") + Collection perms = (Collection) attributes.get("permissions"); + Number size = (Number) attributes.get("size"); + FileTime lastModifiedTime = (FileTime) attributes.get("lastModifiedTime"); + FileTime lastAccessTime = (FileTime) attributes.get("lastAccessTime"); + Map extensions = (Map) attributes.get("extended"); + int flags = ((isReg || isLnk) && (size != null) ? SftpConstants.SSH_FILEXFER_ATTR_SIZE : 0) + | (attributes.containsKey("uid") && attributes.containsKey("gid") + ? SftpConstants.SSH_FILEXFER_ATTR_UIDGID : 0) + | ((perms != null) ? SftpConstants.SSH_FILEXFER_ATTR_PERMISSIONS : 0) + | (((lastModifiedTime != null) && (lastAccessTime != null)) ? SftpConstants.SSH_FILEXFER_ATTR_ACMODTIME : 0) + | ((extensions != null) ? SftpConstants.SSH_FILEXFER_ATTR_EXTENDED : 0); + buffer.putInt(flags); + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_SIZE) != 0) { + buffer.putLong(size.longValue()); + } + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_UIDGID) != 0) { + buffer.putInt(((Number) attributes.get("uid")).intValue()); + buffer.putInt(((Number) attributes.get("gid")).intValue()); + } + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_PERMISSIONS) != 0) { + buffer.putInt(attributesToPermissions(isReg, isDir, isLnk, perms)); + } + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_ACMODTIME) != 0) { + buffer = writeTime(buffer, version, flags, lastAccessTime); + buffer = writeTime(buffer, version, flags, lastModifiedTime); + } + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_EXTENDED) != 0) { + buffer = writeExtensions(buffer, extensions); + } + + return buffer; + } + + /** + * Writes the retrieved file / directory attributes in V4+ format + * + * @param Type of {@link Buffer} being updated + * @param buffer The target buffer instance + * @param version The actual version - must be at least {@link SftpConstants#SFTP_V4} + * @param attributes The {@link Map} of attributes + * @return The updated buffer + */ + public static B writeAttrsV4(B buffer, int version, Map attributes) { + ValidateUtils.checkTrue(version >= SftpConstants.SFTP_V4, "Illegal version: %d", version); + + boolean isReg = getBool((Boolean) attributes.get("isRegularFile")); + boolean isDir = getBool((Boolean) attributes.get("isDirectory")); + boolean isLnk = getBool((Boolean) attributes.get("isSymbolicLink")); + @SuppressWarnings("unchecked") + Collection perms = (Collection) attributes.get("permissions"); + Number size = (Number) attributes.get("size"); + FileTime lastModifiedTime = (FileTime) attributes.get("lastModifiedTime"); + FileTime lastAccessTime = (FileTime) attributes.get("lastAccessTime"); + FileTime creationTime = (FileTime) attributes.get("creationTime"); + @SuppressWarnings("unchecked") + Collection acl = (Collection) attributes.get("acl"); + Map extensions = (Map) attributes.get("extended"); + int flags = (((isReg || isLnk) && (size != null)) ? SftpConstants.SSH_FILEXFER_ATTR_SIZE : 0) + | ((attributes.containsKey("owner") && attributes.containsKey("group")) + ? SftpConstants.SSH_FILEXFER_ATTR_OWNERGROUP : 0) + | ((perms != null) ? SftpConstants.SSH_FILEXFER_ATTR_PERMISSIONS : 0) + | ((lastModifiedTime != null) ? SftpConstants.SSH_FILEXFER_ATTR_MODIFYTIME : 0) + | ((creationTime != null) ? SftpConstants.SSH_FILEXFER_ATTR_CREATETIME : 0) + | ((lastAccessTime != null) ? SftpConstants.SSH_FILEXFER_ATTR_ACCESSTIME : 0) + | ((acl != null) ? SftpConstants.SSH_FILEXFER_ATTR_ACL : 0) + | ((extensions != null) ? SftpConstants.SSH_FILEXFER_ATTR_EXTENDED : 0); + buffer.putInt(flags); + buffer.putByte((byte) (isReg ? SftpConstants.SSH_FILEXFER_TYPE_REGULAR + : isDir ? SftpConstants.SSH_FILEXFER_TYPE_DIRECTORY + : isLnk ? SftpConstants.SSH_FILEXFER_TYPE_SYMLINK + : SftpConstants.SSH_FILEXFER_TYPE_UNKNOWN)); + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_SIZE) != 0) { + buffer.putLong(size.longValue()); + } + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_OWNERGROUP) != 0) { + buffer.putString(Objects.toString(attributes.get("owner"), SftpUniversalOwnerAndGroup.Owner.getName())); + buffer.putString(Objects.toString(attributes.get("group"), SftpUniversalOwnerAndGroup.Group.getName())); + } + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_PERMISSIONS) != 0) { + buffer.putInt(attributesToPermissions(isReg, isDir, isLnk, perms)); + } + + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_ACCESSTIME) != 0) { + buffer = writeTime(buffer, version, flags, lastAccessTime); + } + + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_CREATETIME) != 0) { + buffer = writeTime(buffer, version, flags, lastAccessTime); + } + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_MODIFYTIME) != 0) { + buffer = writeTime(buffer, version, flags, lastModifiedTime); + } + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_ACL) != 0) { + buffer = writeACLs(buffer, version, acl); + } + // TODO: ctime + // TODO: bits + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_EXTENDED) != 0) { + buffer = writeExtensions(buffer, extensions); + } + + return buffer; + } + + /** + * @param bool The {@link Boolean} value + * @return {@code true} it the argument is non-{@code null} and its {@link Boolean#booleanValue()} is + * {@code true} + */ + public static boolean getBool(Boolean bool) { + return bool != null && bool; + } + + /** + * Converts a file / folder's attributes into a mask + * + * @param isReg {@code true} if this is a normal file + * @param isDir {@code true} if this is a directory + * @param isLnk {@code true} if this is a symbolic link + * @param perms The file / folder's access {@link PosixFilePermission}s + * @return A mask encoding the file / folder's attributes + */ + public static int attributesToPermissions( + boolean isReg, boolean isDir, boolean isLnk, Collection perms) { + int pf = 0; + if (perms != null) { + for (PosixFilePermission p : perms) { + switch (p) { + case OWNER_READ: + pf |= SftpConstants.S_IRUSR; + break; + case OWNER_WRITE: + pf |= SftpConstants.S_IWUSR; + break; + case OWNER_EXECUTE: + pf |= SftpConstants.S_IXUSR; + break; + case GROUP_READ: + pf |= SftpConstants.S_IRGRP; + break; + case GROUP_WRITE: + pf |= SftpConstants.S_IWGRP; + break; + case GROUP_EXECUTE: + pf |= SftpConstants.S_IXGRP; + break; + case OTHERS_READ: + pf |= SftpConstants.S_IROTH; + break; + case OTHERS_WRITE: + pf |= SftpConstants.S_IWOTH; + break; + case OTHERS_EXECUTE: + pf |= SftpConstants.S_IXOTH; + break; + default: // ignored + } + } + } + pf |= isReg ? SftpConstants.S_IFREG : 0; + pf |= isDir ? SftpConstants.S_IFDIR : 0; + pf |= isLnk ? SftpConstants.S_IFLNK : 0; + return pf; + } + + /** + * Converts a POSIX permissions mask to a file type value + * + * @param perms The POSIX permissions mask + * @return The file type - see {@code SSH_FILEXFER_TYPE_xxx} values + */ + public static int permissionsToFileType(int perms) { + if ((SftpConstants.S_IFLNK & perms) == SftpConstants.S_IFLNK) { + return SftpConstants.SSH_FILEXFER_TYPE_SYMLINK; + } else if ((SftpConstants.S_IFREG & perms) == SftpConstants.S_IFREG) { + return SftpConstants.SSH_FILEXFER_TYPE_REGULAR; + } else if ((SftpConstants.S_IFDIR & perms) == SftpConstants.S_IFDIR) { + return SftpConstants.SSH_FILEXFER_TYPE_DIRECTORY; + } else if ((SftpConstants.S_IFSOCK & perms) == SftpConstants.S_IFSOCK) { + return SftpConstants.SSH_FILEXFER_TYPE_SOCKET; + } else if ((SftpConstants.S_IFBLK & perms) == SftpConstants.S_IFBLK) { + return SftpConstants.SSH_FILEXFER_TYPE_BLOCK_DEVICE; + } else if ((SftpConstants.S_IFCHR & perms) == SftpConstants.S_IFCHR) { + return SftpConstants.SSH_FILEXFER_TYPE_CHAR_DEVICE; + } else if ((SftpConstants.S_IFIFO & perms) == SftpConstants.S_IFIFO) { + return SftpConstants.SSH_FILEXFER_TYPE_FIFO; + } else { + return SftpConstants.SSH_FILEXFER_TYPE_UNKNOWN; + } + } + + /** + * Converts a file type into a POSIX permission mask value + * + * @param type File type - see {@code SSH_FILEXFER_TYPE_xxx} values + * @return The matching POSIX permission mask value + */ + public static int fileTypeToPermission(int type) { + switch (type) { + case SftpConstants.SSH_FILEXFER_TYPE_REGULAR: + return SftpConstants.S_IFREG; + case SftpConstants.SSH_FILEXFER_TYPE_DIRECTORY: + return SftpConstants.S_IFDIR; + case SftpConstants.SSH_FILEXFER_TYPE_SYMLINK: + return SftpConstants.S_IFLNK; + case SftpConstants.SSH_FILEXFER_TYPE_SOCKET: + return SftpConstants.S_IFSOCK; + case SftpConstants.SSH_FILEXFER_TYPE_BLOCK_DEVICE: + return SftpConstants.S_IFBLK; + case SftpConstants.SSH_FILEXFER_TYPE_CHAR_DEVICE: + return SftpConstants.S_IFCHR; + case SftpConstants.SSH_FILEXFER_TYPE_FIFO: + return SftpConstants.S_IFIFO; + default: + return 0; + } + } + + /** + * Translates a mask of permissions into its enumeration values equivalents + * + * @param perms The permissions mask + * @return A {@link Set} of the equivalent {@link PosixFilePermission}s + */ + public static Set permissionsToAttributes(int perms) { + Set p = EnumSet.noneOf(PosixFilePermission.class); + if ((perms & SftpConstants.S_IRUSR) != 0) { + p.add(PosixFilePermission.OWNER_READ); + } + if ((perms & SftpConstants.S_IWUSR) != 0) { + p.add(PosixFilePermission.OWNER_WRITE); + } + if ((perms & SftpConstants.S_IXUSR) != 0) { + p.add(PosixFilePermission.OWNER_EXECUTE); + } + if ((perms & SftpConstants.S_IRGRP) != 0) { + p.add(PosixFilePermission.GROUP_READ); + } + if ((perms & SftpConstants.S_IWGRP) != 0) { + p.add(PosixFilePermission.GROUP_WRITE); + } + if ((perms & SftpConstants.S_IXGRP) != 0) { + p.add(PosixFilePermission.GROUP_EXECUTE); + } + if ((perms & SftpConstants.S_IROTH) != 0) { + p.add(PosixFilePermission.OTHERS_READ); + } + if ((perms & SftpConstants.S_IWOTH) != 0) { + p.add(PosixFilePermission.OTHERS_WRITE); + } + if ((perms & SftpConstants.S_IXOTH) != 0) { + p.add(PosixFilePermission.OTHERS_EXECUTE); + } + return p; + } + + /** + * Returns the most adequate sub-status for the provided exception + * + * @param t The thrown {@link Throwable} + * @return The matching sub-status + */ + @SuppressWarnings("checkstyle:ReturnCount") + public static int resolveSubstatus(Throwable t) { + if ((t instanceof NoSuchFileException) || (t instanceof FileNotFoundException)) { + return SftpConstants.SSH_FX_NO_SUCH_FILE; + } else if (t instanceof FileAlreadyExistsException) { + return SftpConstants.SSH_FX_FILE_ALREADY_EXISTS; + } else if (t instanceof DirectoryNotEmptyException) { + return SftpConstants.SSH_FX_DIR_NOT_EMPTY; + } else if (t instanceof NotDirectoryException) { + return SftpConstants.SSH_FX_NOT_A_DIRECTORY; + } else if (t instanceof AccessDeniedException) { + return SftpConstants.SSH_FX_PERMISSION_DENIED; + } else if (t instanceof EOFException) { + return SftpConstants.SSH_FX_EOF; + } else if (t instanceof OverlappingFileLockException) { + return SftpConstants.SSH_FX_LOCK_CONFLICT; + } else if ((t instanceof UnsupportedOperationException) + || (t instanceof UnknownServiceException)) { + return SftpConstants.SSH_FX_OP_UNSUPPORTED; + } else if (t instanceof InvalidPathException) { + return SftpConstants.SSH_FX_INVALID_FILENAME; + } else if (t instanceof IllegalArgumentException) { + return SftpConstants.SSH_FX_INVALID_PARAMETER; + } else if (t instanceof UserPrincipalNotFoundException) { + return SftpConstants.SSH_FX_UNKNOWN_PRINCIPAL; + } else if (t instanceof FileSystemLoopException) { + return SftpConstants.SSH_FX_LINK_LOOP; + } else if (t instanceof SftpException) { + return ((SftpException) t).getStatus(); + } else { + return SftpConstants.SSH_FX_FAILURE; + } + } + + public static String resolveStatusMessage(int subStatus) { + String message = DEFAULT_SUBSTATUS_MESSAGE.get(subStatus); + return GenericUtils.isEmpty(message) ? ("Unknown error: " + subStatus) : message; + } + + public static NavigableMap readAttrs(Buffer buffer, int version) { + NavigableMap attrs = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + int flags = buffer.getInt(); + if (version >= SftpConstants.SFTP_V4) { + int type = buffer.getUByte(); + switch (type) { + case SftpConstants.SSH_FILEXFER_TYPE_REGULAR: + attrs.put("isRegular", Boolean.TRUE); + break; + case SftpConstants.SSH_FILEXFER_TYPE_DIRECTORY: + attrs.put("isDirectory", Boolean.TRUE); + break; + case SftpConstants.SSH_FILEXFER_TYPE_SYMLINK: + attrs.put("isSymbolicLink", Boolean.TRUE); + break; + case SftpConstants.SSH_FILEXFER_TYPE_SOCKET: + case SftpConstants.SSH_FILEXFER_TYPE_CHAR_DEVICE: + case SftpConstants.SSH_FILEXFER_TYPE_BLOCK_DEVICE: + case SftpConstants.SSH_FILEXFER_TYPE_FIFO: + attrs.put("isOther", Boolean.TRUE); + break; + default: // ignored + } + } + + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_SIZE) != 0) { + attrs.put("size", buffer.getLong()); + } + + if (version == SftpConstants.SFTP_V3) { + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_UIDGID) != 0) { + attrs.put("uid", buffer.getInt()); + attrs.put("gid", buffer.getInt()); + } + } else { + if ((version >= SftpConstants.SFTP_V6) && ((flags & SftpConstants.SSH_FILEXFER_ATTR_ALLOCATION_SIZE) != 0)) { + @SuppressWarnings("unused") + long allocSize = buffer.getLong(); // TODO handle allocation size + } + + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_OWNERGROUP) != 0) { + attrs.put("owner", new DefaultGroupPrincipal(buffer.getString())); + attrs.put("group", new DefaultGroupPrincipal(buffer.getString())); + } + } + + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_PERMISSIONS) != 0) { + attrs.put("permissions", permissionsToAttributes(buffer.getInt())); + } + + if (version == SftpConstants.SFTP_V3) { + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_ACMODTIME) != 0) { + attrs.put("lastAccessTime", readTime(buffer, version, flags)); + attrs.put("lastModifiedTime", readTime(buffer, version, flags)); + } + } else if (version >= SftpConstants.SFTP_V4) { + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_ACCESSTIME) != 0) { + attrs.put("lastAccessTime", readTime(buffer, version, flags)); + } + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_CREATETIME) != 0) { + attrs.put("creationTime", readTime(buffer, version, flags)); + } + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_MODIFYTIME) != 0) { + attrs.put("lastModifiedTime", readTime(buffer, version, flags)); + } + if ((version >= SftpConstants.SFTP_V6) && (flags & SftpConstants.SSH_FILEXFER_ATTR_CTIME) != 0) { + attrs.put("ctime", readTime(buffer, version, flags)); + } + + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_ACL) != 0) { + attrs.put("acl", readACLs(buffer, version)); + } + + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_BITS) != 0) { + @SuppressWarnings("unused") + int bits = buffer.getInt(); + @SuppressWarnings("unused") + int valid = 0xffffffff; + if (version >= SftpConstants.SFTP_V6) { + valid = buffer.getInt(); + } + // TODO: handle attrib bits + } + + if (version >= SftpConstants.SFTP_V6) { + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_TEXT_HINT) != 0) { + @SuppressWarnings("unused") + boolean text = buffer.getBoolean(); // TODO: handle text + } + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_MIME_TYPE) != 0) { + @SuppressWarnings("unused") + String mimeType = buffer.getString(); // TODO: handle mime-type + } + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_LINK_COUNT) != 0) { + @SuppressWarnings("unused") + int nlink = buffer.getInt(); // TODO: handle link-count + } + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_UNTRANSLATED_NAME) != 0) { + @SuppressWarnings("unused") + String untranslated = buffer.getString(); // TODO: handle untranslated-name + } + } + } + + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_EXTENDED) != 0) { + attrs.put("extended", readExtensions(buffer)); + } + + return attrs; + } + + public static NavigableMap readExtensions(Buffer buffer) { + int count = buffer.getInt(); + // Protect against malicious or malformed packets + if ((count < 0) || (count > SshConstants.SSH_REQUIRED_PAYLOAD_PACKET_LENGTH_SUPPORT)) { + throw new IndexOutOfBoundsException("Illogical extensions count: " + count); + } + + // NOTE + NavigableMap extended = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + for (int i = 1; i <= count; i++) { + String key = buffer.getString(); + byte[] val = buffer.getBytes(); + byte[] prev = extended.put(key, val); + ValidateUtils.checkTrue(prev == null, "Duplicate values for extended key=%s", key); + } + + return extended; + } + + public static B writeExtensions(B buffer, Map extensions) { + int numExtensions = GenericUtils.size(extensions); + buffer.putInt(numExtensions); + if (numExtensions <= 0) { + return buffer; + } + + for (Map.Entry ee : extensions.entrySet()) { + Object key = Objects.requireNonNull(ee.getKey(), "No extension type"); + Object value = Objects.requireNonNull(ee.getValue(), "No extension value"); + buffer.putString(key.toString()); + if (value instanceof byte[]) { + buffer.putBytes((byte[]) value); + } else { + buffer.putString(value.toString()); + } + } + + return buffer; + } + + public static NavigableMap toStringExtensions(Map extensions) { + if (GenericUtils.isEmpty(extensions)) { + return Collections.emptyNavigableMap(); + } + + // NOTE: even though extensions are probably case sensitive we do not allow duplicate name that differs only in + // case + NavigableMap map = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + for (Map.Entry ee : extensions.entrySet()) { + Object key = Objects.requireNonNull(ee.getKey(), "No extension type"); + Object value = ValidateUtils.checkNotNull(ee.getValue(), "No value for extension=%s", key); + String prev = map.put(key.toString(), + (value instanceof byte[]) ? new String((byte[]) value, StandardCharsets.UTF_8) : value.toString()); + ValidateUtils.checkTrue(prev == null, "Multiple values for extension=%s", key); + } + + return map; + } + + public static NavigableMap toBinaryExtensions(Map extensions) { + if (GenericUtils.isEmpty(extensions)) { + return Collections.emptyNavigableMap(); + } + + // NOTE: even though extensions are probably case sensitive we do not allow duplicate name that differs only in + // case + NavigableMap map = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + extensions.forEach((key, value) -> { + ValidateUtils.checkNotNull(value, "No value for extension=%s", key); + byte[] prev = map.put(key, value.getBytes(StandardCharsets.UTF_8)); + ValidateUtils.checkTrue(prev == null, "Multiple values for extension=%s", key); + }); + + return map; + } + + // for v4,5 see https://tools.ietf.org/html/draft-ietf-secsh-filexfer-05#page-15 + // for v6 see https://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#page-21 + public static List readACLs(Buffer buffer, int version) { + int aclSize = buffer.getInt(); + // Protect against malicious or malformed packets + if ((aclSize < 0) || (aclSize > (2 * SshConstants.SSH_REQUIRED_PAYLOAD_PACKET_LENGTH_SUPPORT))) { + throw new IndexOutOfBoundsException("Illogical ACL entries size: " + aclSize); + } + + int startPos = buffer.rpos(); + Buffer aclBuffer = new ByteArrayBuffer(buffer.array(), startPos, aclSize, true); + List acl = decodeACLs(aclBuffer, version); + buffer.rpos(startPos + aclSize); + return acl; + } + + public static List decodeACLs(Buffer buffer, int version) { + @SuppressWarnings("unused") + int aclFlags = 0; // TODO handle ACL flags + if (version >= SftpConstants.SFTP_V6) { + aclFlags = buffer.getInt(); + } + + int count = buffer.getInt(); + /* + * NOTE: although the value is defined as UINT32 we do not expected a count greater than several hundreds + + * protect against malicious or corrupted packets + */ + if ((count < 0) || (count > SshConstants.SSH_REQUIRED_PAYLOAD_PACKET_LENGTH_SUPPORT)) { + throw new IndexOutOfBoundsException("Illogical ACL entries count: " + count); + } + + ValidateUtils.checkTrue(count >= 0, "Invalid ACL entries count: %d", count); + if (count == 0) { + return Collections.emptyList(); + } + + List acls = new ArrayList<>(count); + for (int i = 1; i <= count; i++) { + int aclType = buffer.getInt(); + int aclFlag = buffer.getInt(); + int aclMask = buffer.getInt(); + String aclWho = buffer.getString(); + acls.add(buildAclEntry(aclType, aclFlag, aclMask, aclWho)); + } + + return acls; + } + + public static AclEntry buildAclEntry(int aclType, int aclFlag, int aclMask, String aclWho) { + UserPrincipal who = new DefaultGroupPrincipal(aclWho); + return AclEntry.newBuilder() + .setType(ValidateUtils.checkNotNull(decodeAclEntryType(aclType), "Unknown ACL type: %d", aclType)) + .setFlags(decodeAclFlags(aclFlag)) + .setPermissions(decodeAclMask(aclMask)) + .setPrincipal(who) + .build(); + } + + /** + * @param aclType The {@code ACE4_ACCESS_xxx_ACE_TYPE} value + * @return The matching {@link AclEntryType} or {@code null} if unknown value + */ + public static AclEntryType decodeAclEntryType(int aclType) { + switch (aclType) { + case SftpConstants.ACE4_ACCESS_ALLOWED_ACE_TYPE: + return AclEntryType.ALLOW; + case SftpConstants.ACE4_ACCESS_DENIED_ACE_TYPE: + return AclEntryType.DENY; + case SftpConstants.ACE4_SYSTEM_AUDIT_ACE_TYPE: + return AclEntryType.AUDIT; + case SftpConstants.ACE4_SYSTEM_ALARM_ACE_TYPE: + return AclEntryType.ALARM; + default: + return null; + } + } + + public static Set decodeAclFlags(int aclFlag) { + Set flags = EnumSet.noneOf(AclEntryFlag.class); + if ((aclFlag & SftpConstants.ACE4_FILE_INHERIT_ACE) != 0) { + flags.add(AclEntryFlag.FILE_INHERIT); + } + if ((aclFlag & SftpConstants.ACE4_DIRECTORY_INHERIT_ACE) != 0) { + flags.add(AclEntryFlag.DIRECTORY_INHERIT); + } + if ((aclFlag & SftpConstants.ACE4_NO_PROPAGATE_INHERIT_ACE) != 0) { + flags.add(AclEntryFlag.NO_PROPAGATE_INHERIT); + } + if ((aclFlag & SftpConstants.ACE4_INHERIT_ONLY_ACE) != 0) { + flags.add(AclEntryFlag.INHERIT_ONLY); + } + + return flags; + } + + public static Set decodeAclMask(int aclMask) { + Set mask = EnumSet.noneOf(AclEntryPermission.class); + if ((aclMask & SftpConstants.ACE4_READ_DATA) != 0) { + mask.add(AclEntryPermission.READ_DATA); + } + if ((aclMask & SftpConstants.ACE4_LIST_DIRECTORY) != 0) { + mask.add(AclEntryPermission.LIST_DIRECTORY); + } + if ((aclMask & SftpConstants.ACE4_WRITE_DATA) != 0) { + mask.add(AclEntryPermission.WRITE_DATA); + } + if ((aclMask & SftpConstants.ACE4_ADD_FILE) != 0) { + mask.add(AclEntryPermission.ADD_FILE); + } + if ((aclMask & SftpConstants.ACE4_APPEND_DATA) != 0) { + mask.add(AclEntryPermission.APPEND_DATA); + } + if ((aclMask & SftpConstants.ACE4_ADD_SUBDIRECTORY) != 0) { + mask.add(AclEntryPermission.ADD_SUBDIRECTORY); + } + if ((aclMask & SftpConstants.ACE4_READ_NAMED_ATTRS) != 0) { + mask.add(AclEntryPermission.READ_NAMED_ATTRS); + } + if ((aclMask & SftpConstants.ACE4_WRITE_NAMED_ATTRS) != 0) { + mask.add(AclEntryPermission.WRITE_NAMED_ATTRS); + } + if ((aclMask & SftpConstants.ACE4_EXECUTE) != 0) { + mask.add(AclEntryPermission.EXECUTE); + } + if ((aclMask & SftpConstants.ACE4_DELETE_CHILD) != 0) { + mask.add(AclEntryPermission.DELETE_CHILD); + } + if ((aclMask & SftpConstants.ACE4_READ_ATTRIBUTES) != 0) { + mask.add(AclEntryPermission.READ_ATTRIBUTES); + } + if ((aclMask & SftpConstants.ACE4_WRITE_ATTRIBUTES) != 0) { + mask.add(AclEntryPermission.WRITE_ATTRIBUTES); + } + if ((aclMask & SftpConstants.ACE4_DELETE) != 0) { + mask.add(AclEntryPermission.DELETE); + } + if ((aclMask & SftpConstants.ACE4_READ_ACL) != 0) { + mask.add(AclEntryPermission.READ_ACL); + } + if ((aclMask & SftpConstants.ACE4_WRITE_ACL) != 0) { + mask.add(AclEntryPermission.WRITE_ACL); + } + if ((aclMask & SftpConstants.ACE4_WRITE_OWNER) != 0) { + mask.add(AclEntryPermission.WRITE_OWNER); + } + if ((aclMask & SftpConstants.ACE4_SYNCHRONIZE) != 0) { + mask.add(AclEntryPermission.SYNCHRONIZE); + } + + return mask; + } + + public static B writeACLs(B buffer, int version, Collection acl) { + int lenPos = buffer.wpos(); + buffer.putInt(0); // length placeholder + buffer = encodeACLs(buffer, version, acl); + BufferUtils.updateLengthPlaceholder(buffer, lenPos); + return buffer; + } + + public static B encodeACLs(B buffer, int version, Collection acl) { + Objects.requireNonNull(acl, "No ACL"); + if (version >= SftpConstants.SFTP_V6) { + buffer.putInt(0); // TODO handle ACL flags + } + + int numEntries = GenericUtils.size(acl); + buffer.putInt(numEntries); + if (numEntries > 0) { + for (AclEntry e : acl) { + buffer = writeAclEntry(buffer, e); + } + } + + return buffer; + } + + public static B writeAclEntry(B buffer, AclEntry acl) { + Objects.requireNonNull(acl, "No ACL"); + + AclEntryType type = acl.type(); + int aclType = encodeAclEntryType(type); + ValidateUtils.checkTrue(aclType >= 0, "Unknown ACL type: %s", type); + buffer.putInt(aclType); + buffer.putInt(encodeAclFlags(acl.flags())); + buffer.putInt(encodeAclMask(acl.permissions())); + + Principal user = acl.principal(); + buffer.putString(user.getName()); + return buffer; + } + + /** + * Returns the equivalent SFTP value for the ACL type + * + * @param type The {@link AclEntryType} + * @return The equivalent {@code ACE_SYSTEM_xxx_TYPE} or negative if {@code null} or unknown type + */ + public static int encodeAclEntryType(AclEntryType type) { + if (type == null) { + return Integer.MIN_VALUE; + } + + switch (type) { + case ALARM: + return SftpConstants.ACE4_SYSTEM_ALARM_ACE_TYPE; + case ALLOW: + return SftpConstants.ACE4_ACCESS_ALLOWED_ACE_TYPE; + case AUDIT: + return SftpConstants.ACE4_SYSTEM_AUDIT_ACE_TYPE; + case DENY: + return SftpConstants.ACE4_ACCESS_DENIED_ACE_TYPE; + default: + return -1; + } + } + + public static long encodeAclFlags(Collection flags) { + if (GenericUtils.isEmpty(flags)) { + return 0L; + } + + long aclFlag = 0L; + if (flags.contains(AclEntryFlag.FILE_INHERIT)) { + aclFlag |= SftpConstants.ACE4_FILE_INHERIT_ACE; + } + if (flags.contains(AclEntryFlag.DIRECTORY_INHERIT)) { + aclFlag |= SftpConstants.ACE4_DIRECTORY_INHERIT_ACE; + } + if (flags.contains(AclEntryFlag.NO_PROPAGATE_INHERIT)) { + aclFlag |= SftpConstants.ACE4_NO_PROPAGATE_INHERIT_ACE; + } + if (flags.contains(AclEntryFlag.INHERIT_ONLY)) { + aclFlag |= SftpConstants.ACE4_INHERIT_ONLY_ACE; + } + + return aclFlag; + } + + public static long encodeAclMask(Collection mask) { + if (GenericUtils.isEmpty(mask)) { + return 0L; + } + + long aclMask = 0L; + if (mask.contains(AclEntryPermission.READ_DATA)) { + aclMask |= SftpConstants.ACE4_READ_DATA; + } + if (mask.contains(AclEntryPermission.LIST_DIRECTORY)) { + aclMask |= SftpConstants.ACE4_LIST_DIRECTORY; + } + if (mask.contains(AclEntryPermission.WRITE_DATA)) { + aclMask |= SftpConstants.ACE4_WRITE_DATA; + } + if (mask.contains(AclEntryPermission.ADD_FILE)) { + aclMask |= SftpConstants.ACE4_ADD_FILE; + } + if (mask.contains(AclEntryPermission.APPEND_DATA)) { + aclMask |= SftpConstants.ACE4_APPEND_DATA; + } + if (mask.contains(AclEntryPermission.ADD_SUBDIRECTORY)) { + aclMask |= SftpConstants.ACE4_ADD_SUBDIRECTORY; + } + if (mask.contains(AclEntryPermission.READ_NAMED_ATTRS)) { + aclMask |= SftpConstants.ACE4_READ_NAMED_ATTRS; + } + if (mask.contains(AclEntryPermission.WRITE_NAMED_ATTRS)) { + aclMask |= SftpConstants.ACE4_WRITE_NAMED_ATTRS; + } + if (mask.contains(AclEntryPermission.EXECUTE)) { + aclMask |= SftpConstants.ACE4_EXECUTE; + } + if (mask.contains(AclEntryPermission.DELETE_CHILD)) { + aclMask |= SftpConstants.ACE4_DELETE_CHILD; + } + if (mask.contains(AclEntryPermission.READ_ATTRIBUTES)) { + aclMask |= SftpConstants.ACE4_READ_ATTRIBUTES; + } + if (mask.contains(AclEntryPermission.WRITE_ATTRIBUTES)) { + aclMask |= SftpConstants.ACE4_WRITE_ATTRIBUTES; + } + if (mask.contains(AclEntryPermission.DELETE)) { + aclMask |= SftpConstants.ACE4_DELETE; + } + if (mask.contains(AclEntryPermission.READ_ACL)) { + aclMask |= SftpConstants.ACE4_READ_ACL; + } + if (mask.contains(AclEntryPermission.WRITE_ACL)) { + aclMask |= SftpConstants.ACE4_WRITE_ACL; + } + if (mask.contains(AclEntryPermission.WRITE_OWNER)) { + aclMask |= SftpConstants.ACE4_WRITE_OWNER; + } + if (mask.contains(AclEntryPermission.SYNCHRONIZE)) { + aclMask |= SftpConstants.ACE4_SYNCHRONIZE; + } + + return aclMask; + } + + /** + * Encodes a {@link FileTime} value into a buffer + * + * @param Type of {@link Buffer} being updated + * @param buffer The target buffer instance + * @param version The encoding version + * @param flags The encoding flags + * @param time The value to encode + * @return The updated buffer + */ + public static B writeTime(B buffer, int version, int flags, FileTime time) { + // for v3 see https://tools.ietf.org/html/draft-ietf-secsh-filexfer-02#page-8 + // for v6 see https://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#page-16 + if (version >= SftpConstants.SFTP_V4) { + buffer.putLong(time.to(TimeUnit.SECONDS)); + if ((flags & SftpConstants.SSH_FILEXFER_ATTR_SUBSECOND_TIMES) != 0) { + long nanos = time.to(TimeUnit.NANOSECONDS); + nanos = nanos % TimeUnit.SECONDS.toNanos(1); + buffer.putInt((int) nanos); + } + } else { + buffer.putInt(time.to(TimeUnit.SECONDS)); + } + + return buffer; + } + + /** + * Decodes a {@link FileTime} value from a buffer + * + * @param buffer The source {@link Buffer} + * @param version The encoding version + * @param flags The encoding flags + * @return The decoded value + */ + public static FileTime readTime(Buffer buffer, int version, int flags) { + // for v3 see https://tools.ietf.org/html/draft-ietf-secsh-filexfer-02#page-8 + // for v6 see https://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#page-16 + long secs = (version >= SftpConstants.SFTP_V4) ? buffer.getLong() : buffer.getUInt(); + long millis = TimeUnit.SECONDS.toMillis(secs); + if ((version >= SftpConstants.SFTP_V4) && ((flags & SftpConstants.SSH_FILEXFER_ATTR_SUBSECOND_TIMES) != 0)) { + long nanoseconds = buffer.getUInt(); + millis += TimeUnit.NANOSECONDS.toMillis(nanoseconds); + } + return FileTime.from(millis, TimeUnit.MILLISECONDS); + } + + /** + * Creates an "ls -l" compatible long name string + * + * @param shortName The short file name - can also be "." or ".." + * @param attributes The file's attributes - e.g., size, owner, permissions, etc. + * @return A {@link String} representing the "long" file name as per + * SFTP version 3 - section + * 7 + */ + public static String getLongName(String shortName, Map attributes) { + String owner = Objects.toString(attributes.get("owner"), null); + String username = OsUtils.getCanonicalUser(owner); + if (GenericUtils.isEmpty(username)) { + username = SftpUniversalOwnerAndGroup.Owner.getName(); + } + + String group = Objects.toString(attributes.get("group"), null); + group = OsUtils.resolveCanonicalGroup(group, owner); + if (GenericUtils.isEmpty(group)) { + group = SftpUniversalOwnerAndGroup.Group.getName(); + } + + Number length = (Number) attributes.get("size"); + if (length == null) { + length = 0L; + } + + String lengthString = String.format("%1$8s", length); + String linkCount = Objects.toString(attributes.get("nlink"), null); + if (GenericUtils.isEmpty(linkCount)) { + linkCount = "1"; + } + + Boolean isDirectory = (Boolean) attributes.get("isDirectory"); + Boolean isLink = (Boolean) attributes.get("isSymbolicLink"); + @SuppressWarnings("unchecked") + Set perms = (Set) attributes.get("permissions"); + if (perms == null) { + perms = EnumSet.noneOf(PosixFilePermission.class); + } + String permsString = PosixFilePermissions.toString(perms); + String timeStamp = UnixDateFormat.getUnixDate((FileTime) attributes.get("lastModifiedTime")); + StringBuilder sb = new StringBuilder( + GenericUtils.length(linkCount) + GenericUtils.length(username) + GenericUtils.length(group) + + GenericUtils.length(timeStamp) + GenericUtils.length(lengthString) + + GenericUtils.length(permsString) + GenericUtils.length(shortName) + + Integer.SIZE); + sb.append(SftpHelper.getBool(isDirectory) ? 'd' : (SftpHelper.getBool(isLink) ? 'l' : '-')).append(permsString); + + sb.append(' '); + for (int index = linkCount.length(); index < 3; index++) { + sb.append(' '); + } + sb.append(linkCount); + + sb.append(' ').append(username); + for (int index = username.length(); index < 8; index++) { + sb.append(' '); + } + + sb.append(' ').append(group); + for (int index = group.length(); index < 8; index++) { + sb.append(' '); + } + + sb.append(' ').append(lengthString).append(' ').append(timeStamp).append(' ').append(shortName); + return sb.toString(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/SftpModuleProperties.java b/files-sftp/src/main/java/org/apache/sshd/common/SftpModuleProperties.java new file mode 100644 index 0000000..b5b7bff --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/SftpModuleProperties.java @@ -0,0 +1,213 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common; + +import java.nio.charset.Charset; +import java.nio.charset.StandardCharsets; +import java.nio.file.Path; +import java.time.Duration; + +import org.apache.sshd.common.Property; +import org.apache.sshd.common.PropertyResolver; +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.io.IoUtils; + +/** + * Configurable properties for sshd-sftp. + * + * @author Apache MINA SSHD Project + */ +public final class SftpModuleProperties { + + /** + * Used to indicate the {@link Charset} (or its name) for decoding referenced files/folders names - extracted from + * the client session when 1st initialized. + * + * @see SftpClient#getNameDecodingCharset() + * @see SftpClient#setNameDecodingCharset(Charset) + */ + public static final Property NAME_DECODING_CHARSET + = Property.charset("sftp-name-decoding-charset", StandardCharsets.UTF_8); + + /** + * Property that can be used on the {@link FactoryManager} to control the internal timeout + * used by the client to open a channel. + */ + public static final Property SFTP_CHANNEL_OPEN_TIMEOUT + = Property.duration("sftp-channel-open-timeout", Duration.ofSeconds(15L)); + + /** + * See {@link org.apache.sshd.sftp.client.fs.SftpFileSystem}. + */ + public static final Property POOL_SIZE + = Property.integer("sftp-fs-pool-size", 8); + + /** + * See {@link org.apache.sshd.sftp.client.fs.SftpFileSystemProvider}. + */ + public static final Property READ_BUFFER_SIZE + = Property.integer("sftp-fs-read-buffer-size"); + + /** + * See {@link org.apache.sshd.sftp.client.fs.SftpFileSystemProvider}. + */ + public static final Property WRITE_BUFFER_SIZE + = Property.integer("sftp-fs-write-buffer-size"); + + /** + * See {@link org.apache.sshd.sftp.client.fs.SftpFileSystemProvider}. + */ + public static final Property CONNECT_TIME + = Property.duration("sftp-fs-connect-time", Duration.ofSeconds(15L)); + + /** + * See {@link org.apache.sshd.sftp.client.fs.SftpFileSystemProvider}. + */ + public static final Property AUTH_TIME + = Property.duration("sftp-fs-auth-time", Duration.ofSeconds(15L)); + + /** + * See {@link org.apache.sshd.sftp.client.fs.SftpFileSystemProvider}. + */ + public static final Property NAME_DECODER_CHARSET + = Property.charset("sftp-fs-name-decoder-charset", StandardCharsets.UTF_8); + + /** + * Property used to avoid large buffers when + * {@link org.apache.sshd.sftp.client.impl.AbstractSftpClient#write(SftpClient.Handle, long, byte[], int, int)} is + * invoked with a large buffer size. + */ + public static final Property WRITE_CHUNK_SIZE + = Property.integer("sftp-client-write-chunk-size", + SshConstants.SSH_REQUIRED_PAYLOAD_PACKET_LENGTH_SUPPORT - Long.SIZE); + + /** + * Internal allocate buffer size when copying data to/from the channel + */ + public static final Property COPY_BUF_SIZE + = Property.integer("sftp-channel-copy-buf-size", IoUtils.DEFAULT_COPY_SIZE); + + /** + * Used to control whether to append the end-of-list indicator for SSH_FXP_NAME responses via + * {@link SftpHelper#indicateEndOfNamesList(Buffer, int, PropertyResolver, boolean)} call, as indicated by + * SFTP v6 - section 9.4 + */ + public static final Property APPEND_END_OF_LIST_INDICATOR + = Property.bool("sftp-append-eol-indicator", true); + + /** + * Whether to automatically follow symbolic links when resolving paths + */ + public static final Property AUTO_FOLLOW_LINKS + = Property.bool("sftp-auto-follow-links", true); + + /** + * Allows controlling reports of which client extensions are supported (and reported via "support" and + * "support2" server extensions) as a comma-separate list of names. Note: requires overriding the + * {@link AbstractSftpSubsystemHelper#executeExtendedCommand(Buffer, int, String)} command accordingly. If empty + * string is set then no server extensions are reported + * + * @see AbstractSftpSubsystemHelper#DEFAULT_SUPPORTED_CLIENT_EXTENSIONS + */ + public static final Property CLIENT_EXTENSIONS + = Property.string("sftp-client-extensions"); + + /** + * Comma-separated list of which {@code OpenSSH} extensions are reported and what version is reported for each - + * format: {@code name=version}. If empty value set, then no such extensions are reported. Otherwise, the + * {@link AbstractSftpSubsystemHelper#DEFAULT_OPEN_SSH_EXTENSIONS} are used + */ + public static final Property OPENSSH_EXTENSIONS + = Property.string("sftp-openssh-extensions"); + + /** + * Comma separate list of {@code SSH_ACL_CAP_xxx} names - where name can be without the prefix. If not defined then + * {@link AbstractSftpSubsystemHelper#DEFAULT_ACL_SUPPORTED_MASK} is used + */ + public static final Property ACL_SUPPORTED_MASK + = Property.string("sftp-acl-supported-mask"); + + /** + * Property that can be used to set the reported NL value. If not set, then {@link IoUtils#EOL} is used + */ + public static final Property NEWLINE_VALUE + = Property.string("sftp-newline", IoUtils.EOL); + + /** + * Force the use of a max. packet length for {@link AbstractSftpSubsystemHelper#doRead(Buffer, int)} protection + * against malicious packets + */ + public static final Property MAX_READDATA_PACKET_LENGTH + = Property.integer("sftp-max-readdata-packet-length", 63 * 1024); + + /** + * Properties key for the maximum of available open handles per session. + */ + public static final Property MAX_OPEN_HANDLES_PER_SESSION + = Property.integer("max-open-handles-per-session", Integer.MAX_VALUE); + + public static final int MIN_FILE_HANDLE_SIZE = 4; // ~uint32 + public static final int DEFAULT_FILE_HANDLE_SIZE = 16; + public static final int MAX_FILE_HANDLE_SIZE = 64; // ~sha512 + + /** + * Size in bytes of the opaque handle value + * + * @see #DEFAULT_FILE_HANDLE_SIZE + */ + public static final Property FILE_HANDLE_SIZE + = Property.validating(Property.integer("sftp-handle-size", DEFAULT_FILE_HANDLE_SIZE), + fhs -> { + ValidateUtils.checkTrue(fhs >= MIN_FILE_HANDLE_SIZE, "File handle size too small: %d", fhs); + ValidateUtils.checkTrue(fhs <= MAX_FILE_HANDLE_SIZE, "File handle size too big: %d", fhs); + }); + + public static final int MIN_FILE_HANDLE_ROUNDS = 1; + public static final int DEFAULT_FILE_HANDLE_ROUNDS = MIN_FILE_HANDLE_SIZE; + public static final int MAX_FILE_HANDLE_ROUNDS = MAX_FILE_HANDLE_SIZE; + + /** + * Max. rounds to attempt to create a unique file handle - if all handles already in use after these many rounds, + * then an exception is thrown + * + * @see SftpSubsystem#generateFileHandle(Path) + * @see #DEFAULT_FILE_HANDLE_ROUNDS + */ + public static final Property MAX_FILE_HANDLE_RAND_ROUNDS + = Property.validating( + Property.integer("sftp-handle-rand-max-rounds", DEFAULT_FILE_HANDLE_ROUNDS), + fhrr -> { + ValidateUtils.checkTrue(fhrr >= MIN_FILE_HANDLE_ROUNDS, "File handle rounds too small: %d", fhrr); + ValidateUtils.checkTrue(fhrr <= MAX_FILE_HANDLE_ROUNDS, "File handle rounds too big: %d", fhrr); + }); + + /** + * Maximum amount of data allocated for listing the contents of a directory in any single invocation of + * {@link SftpSubsystem#doReadDir(Buffer, int)} + */ + public static final Property MAX_READDIR_DATA_SIZE + = Property.integer("sftp-max-readdir-data-size", 16 * 1024); + + private SftpModuleProperties() { + throw new UnsupportedOperationException("No instance"); + } + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/SftpUniversalOwnerAndGroup.java b/files-sftp/src/main/java/org/apache/sshd/common/SftpUniversalOwnerAndGroup.java new file mode 100644 index 0000000..0faee4a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/SftpUniversalOwnerAndGroup.java @@ -0,0 +1,68 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common; + +import java.util.Collections; +import java.util.EnumSet; +import java.util.Set; + +import org.apache.sshd.common.NamedResource; + +/** + * Some universal identifiers used in owner and/or group specification strings + * + * @author Apache MINA SSHD Project + * @see SFTP ACL + */ +public enum SftpUniversalOwnerAndGroup implements NamedResource { + Owner, // The owner of the file. + Group, // The group associated with the file. + Everyone, // The world. + Interactive, // Accessed from an interactive terminal. + Network, // Accessed via the network. + Dialup, // Accessed as a dialup user to the server. + Batch, // Accessed from a batch job. + Anonymous, // Accessed without any authentication. + Authenticated, // Any authenticated user (opposite of ANONYMOUS). + Service; // Access from a system service. + + public static final Set VALUES + = Collections.unmodifiableSet(EnumSet.allOf(SftpUniversalOwnerAndGroup.class)); + + private final String name; + + SftpUniversalOwnerAndGroup() { + name = name().toUpperCase() + "@"; + } + + @Override + public String getName() { + return name; + } + + @Override + public String toString() { + return getName(); + } + + public static SftpUniversalOwnerAndGroup fromName(String name) { + return NamedResource.findByName(name, String.CASE_INSENSITIVE_ORDER, VALUES); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/SshConstants.java b/files-sftp/src/main/java/org/apache/sshd/common/SshConstants.java new file mode 100644 index 0000000..c12b8f3 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/SshConstants.java @@ -0,0 +1,354 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common; + +import java.lang.reflect.Field; +import java.lang.reflect.Modifier; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.Comparator; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.TreeMap; +import java.util.function.IntUnaryOperator; +import java.util.function.Predicate; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.ReflectionUtils; + +/** + * This interface defines constants for the SSH protocol. + * + * @author Apache MINA SSHD Project + */ +public final class SshConstants { + public static final int DEFAULT_PORT = 22; + + /** Converts non-positive port value to {@value #DEFAULT_PORT} */ + public static final IntUnaryOperator TO_EFFECTIVE_PORT = port -> (port > 0) ? port : DEFAULT_PORT; + + // + // SSH message identifiers + // + + public static final byte SSH_MSG_DISCONNECT = 1; + public static final byte SSH_MSG_IGNORE = 2; + public static final byte SSH_MSG_UNIMPLEMENTED = 3; + public static final byte SSH_MSG_DEBUG = 4; + public static final byte SSH_MSG_SERVICE_REQUEST = 5; + public static final byte SSH_MSG_SERVICE_ACCEPT = 6; + + public static final byte SSH_MSG_KEXINIT = 20; + public static final int MSG_KEX_COOKIE_SIZE = 16; + public static final byte SSH_MSG_NEWKEYS = 21; + + public static final byte SSH_MSG_KEX_FIRST = 30; + public static final byte SSH_MSG_KEX_LAST = 49; + + public static final byte SSH_MSG_KEXDH_INIT = 30; + public static final byte SSH_MSG_KEXDH_REPLY = 31; + + public static final byte SSH_MSG_KEX_DH_GEX_REQUEST_OLD = 30; + public static final byte SSH_MSG_KEX_DH_GEX_GROUP = 31; + public static final byte SSH_MSG_KEX_DH_GEX_INIT = 32; + public static final byte SSH_MSG_KEX_DH_GEX_REPLY = 33; + public static final byte SSH_MSG_KEX_DH_GEX_REQUEST = 34; + + public static final byte SSH_MSG_USERAUTH_REQUEST = 50; + public static final byte SSH_MSG_USERAUTH_FAILURE = 51; + public static final byte SSH_MSG_USERAUTH_SUCCESS = 52; + public static final byte SSH_MSG_USERAUTH_BANNER = 53; + + public static final byte SSH_MSG_USERAUTH_INFO_REQUEST = 60; + public static final byte SSH_MSG_USERAUTH_INFO_RESPONSE = 61; + + public static final byte SSH_MSG_USERAUTH_PK_OK = 60; + + public static final byte SSH_MSG_USERAUTH_PASSWD_CHANGEREQ = 60; + + public static final byte SSH_MSG_USERAUTH_GSSAPI_MIC = 66; + + public static final byte SSH_MSG_GLOBAL_REQUEST = 80; + public static final byte SSH_MSG_REQUEST_SUCCESS = 81; + public static final byte SSH_MSG_REQUEST_FAILURE = 82; + public static final byte SSH_MSG_CHANNEL_OPEN = 90; + public static final byte SSH_MSG_CHANNEL_OPEN_CONFIRMATION = 91; + public static final byte SSH_MSG_CHANNEL_OPEN_FAILURE = 92; + public static final byte SSH_MSG_CHANNEL_WINDOW_ADJUST = 93; + public static final byte SSH_MSG_CHANNEL_DATA = 94; + public static final byte SSH_MSG_CHANNEL_EXTENDED_DATA = 95; + public static final byte SSH_MSG_CHANNEL_EOF = 96; + public static final byte SSH_MSG_CHANNEL_CLOSE = 97; + public static final byte SSH_MSG_CHANNEL_REQUEST = 98; + public static final byte SSH_MSG_CHANNEL_SUCCESS = 99; + public static final byte SSH_MSG_CHANNEL_FAILURE = 100; + + // + // Disconnect error codes + // + public static final int SSH2_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT = 1; + public static final int SSH2_DISCONNECT_PROTOCOL_ERROR = 2; + public static final int SSH2_DISCONNECT_KEY_EXCHANGE_FAILED = 3; + public static final int SSH2_DISCONNECT_HOST_AUTHENTICATION_FAILED = 4; + public static final int SSH2_DISCONNECT_RESERVED = 4; + public static final int SSH2_DISCONNECT_MAC_ERROR = 5; + public static final int SSH2_DISCONNECT_COMPRESSION_ERROR = 6; + public static final int SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE = 7; + public static final int SSH2_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED = 8; + public static final int SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE = 9; + public static final int SSH2_DISCONNECT_CONNECTION_LOST = 10; + public static final int SSH2_DISCONNECT_BY_APPLICATION = 11; + public static final int SSH2_DISCONNECT_TOO_MANY_CONNECTIONS = 12; + public static final int SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER = 13; + public static final int SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE = 14; + public static final int SSH2_DISCONNECT_ILLEGAL_USER_NAME = 15; + + // + // Open error codes + // + + public static final int SSH_OPEN_ADMINISTRATIVELY_PROHIBITED = 1; + public static final int SSH_OPEN_CONNECT_FAILED = 2; + public static final int SSH_OPEN_UNKNOWN_CHANNEL_TYPE = 3; + public static final int SSH_OPEN_RESOURCE_SHORTAGE = 4; + + // Some more constants + public static final int SSH_EXTENDED_DATA_STDERR = 1; // see RFC4254 section 5.2 + // 32-bit length + 8-bit pad length + public static final int SSH_PACKET_HEADER_LEN = Integer.BYTES + Byte.BYTES; + /* + * See https://tools.ietf.org/html/rfc4253#section-6.1: + * + * All implementations MUST be able to process packets with an uncompressed payload length of 32768 bytes or less + * and a total packet size of 35000 bytes or less + */ + public static final int SSH_REQUIRED_PAYLOAD_PACKET_LENGTH_SUPPORT = 32768; + public static final int SSH_REQUIRED_TOTAL_PACKET_LENGTH_SUPPORT = 35000; + + private SshConstants() { + throw new UnsupportedOperationException("No instance allowed"); + } + + private static final class LazyAmbiguousOpcodesHolder { + private static final Set AMBIGUOUS_OPCODES = Collections.unmodifiableSet( + new HashSet<>( + getAmbiguousMenmonics(SshConstants.class, "SSH_MSG_").values())); + + private LazyAmbiguousOpcodesHolder() { + throw new UnsupportedOperationException("No instance allowed"); + } + } + + /** + * Scans using reflection API for all numeric {@code public static final} fields that have a common prefix + * and whose value is used by several of the other matching fields + * + * @param clazz The {@link Class} to query + * @param commonPrefix The expected common prefix + * @return A {@link Map} of all the mnemonic fields names whose value is the same as other fields in + * this map. The key is the field's name and value is its associated opcode. + * @see #getAmbiguousMenmonics(Class, Predicate) + */ + public static Map getAmbiguousMenmonics(Class clazz, String commonPrefix) { + return getAmbiguousMenmonics(clazz, f -> { + String name = f.getName(); + return name.startsWith(commonPrefix); + }); + } + + /** + * Scans using reflection API for all numeric {@code public static final} fields that are also accepted by + * the predicate and whose value is used by several of the other matching fields + * + * @param clazz The {@link Class} to query + * @param acceptor The {@link Predicate} used to decide whether to process the {@link Field} (besides being a + * {@link Number} and {@code public static final}). + * @return A {@link Map} of all the mnemonic fields names whose value is the same as other fields in this + * map. The key is the field's name and value is its associated opcode. + */ + public static Map getAmbiguousMenmonics(Class clazz, Predicate acceptor) { + Collection fields = getMnemonicFields(clazz, acceptor); + if (GenericUtils.isEmpty(fields)) { + return Collections.emptyMap(); + } + + Map result = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + Map> opcodesMap = new TreeMap<>(Comparator.naturalOrder()); + for (Field f : fields) { + String name = f.getName(); + try { + Number value = (Number) f.get(null); + Integer key = NumberUtils.toInteger(value); + List nameList = opcodesMap.get(key); + if (nameList == null) { + nameList = new ArrayList<>(); + opcodesMap.put(key, nameList); + } + nameList.add(name); + + int numOpcodes = nameList.size(); + if (numOpcodes > 1) { + result.put(name, key); + if (numOpcodes == 2) { // add the 1st name as well + result.put(nameList.get(0), key); + } + } + } catch (Exception e) { + continue; // debug breakpoint + } + } + + return result; + } + + /** + * Scans using reflection API for all numeric {@code public static final} fields that are also accepted by + * the predicate. + * + * @param clazz The {@link Class} to query + * @param acceptor The {@link Predicate} used to decide whether to process the {@link Field} (besides being a + * {@link Number} and {@code public static final}). + * @return A {@link Collection} of all the fields that have satisfied all conditions + */ + public static Collection getMnemonicFields(Class clazz, Predicate acceptor) { + return ReflectionUtils.getMatchingFields(clazz, f -> { + int mods = f.getModifiers(); + if ((!Modifier.isPublic(mods)) || (!Modifier.isStatic(mods)) || (!Modifier.isFinal(mods))) { + return false; + } + + Class type = f.getType(); + if (!NumberUtils.isNumericClass(type)) { + return false; + } + + return acceptor.test(f); + }); + } + + /** + * @param cmd The command value + * @return {@code true} if this value is used by several different messages + * @see #getAmbiguousOpcodes() + */ + public static boolean isAmbiguousOpcode(int cmd) { + Collection ambiguousOpcodes = getAmbiguousOpcodes(); + return ambiguousOpcodes.contains(cmd); + } + + /** + * @return A {@link Set} of opcodes that are used by several different messages + */ + @SuppressWarnings("synthetic-access") + public static Set getAmbiguousOpcodes() { + return LazyAmbiguousOpcodesHolder.AMBIGUOUS_OPCODES; + } + + private static final class LazyMessagesMapHolder { + private static final Map MESSAGES_MAP = SftpConstants.generateMnemonicMap(SshConstants.class, f -> { + String name = f.getName(); + if (!name.startsWith("SSH_MSG_")) { + return false; + } + + try { + return !isAmbiguousOpcode(f.getByte(null)); + } catch (Exception e) { + return false; + } + }); + + private LazyMessagesMapHolder() { + throw new UnsupportedOperationException("No instance allowed"); + } + } + + /** + * Converts a command value to a user-friendly name + * + * @param cmd The command value + * @return The user-friendly name - if not one of the defined {@code SSH_MSG_XXX} values then returns the string + * representation of the command's value + */ + public static String getCommandMessageName(int cmd) { + @SuppressWarnings("synthetic-access") + String name = LazyMessagesMapHolder.MESSAGES_MAP.get(cmd); + if (GenericUtils.isEmpty(name)) { + return Integer.toString(cmd); + } else { + return name; + } + } + + private static final class LazyReasonsMapHolder { + private static final Map REASONS_MAP + = SftpConstants.generateMnemonicMap(SshConstants.class, "SSH2_DISCONNECT_"); + + private LazyReasonsMapHolder() { + throw new UnsupportedOperationException("No instance allowed"); + } + } + + /** + * Converts a disconnect reason value to a user-friendly name + * + * @param reason The disconnect reason value + * @return The user-friendly name - if not one of the defined {@code SSH2_DISCONNECT_} values then returns + * the string representation of the reason's value + */ + public static String getDisconnectReasonName(int reason) { + @SuppressWarnings("synthetic-access") + String name = LazyReasonsMapHolder.REASONS_MAP.get(reason); + if (GenericUtils.isEmpty(name)) { + return Integer.toString(reason); + } else { + return name; + } + } + + private static final class LazyOpenCodesMapHolder { + private static final Map OPEN_CODES_MAP + = SftpConstants.generateMnemonicMap(SshConstants.class, "SSH_OPEN_"); + + private LazyOpenCodesMapHolder() { + throw new UnsupportedOperationException("No instance allowed"); + } + } + + /** + * Converts an open error value to a user-friendly name + * + * @param code The open error value + * @return The user-friendly name - if not one of the defined {@code SSH_OPEN_} values then returns the string + * representation of the reason's value + */ + public static String getOpenErrorCodeName(int code) { + @SuppressWarnings("synthetic-access") + String name = LazyOpenCodesMapHolder.OPEN_CODES_MAP.get(code); + if (GenericUtils.isEmpty(name)) { + return Integer.toString(code); + } else { + return name; + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/SshException.java b/files-sftp/src/main/java/org/apache/sshd/common/SshException.java new file mode 100644 index 0000000..4280d08 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/SshException.java @@ -0,0 +1,72 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common; + +import java.io.IOException; +import java.util.Objects; + +import org.apache.sshd.common.util.GenericUtils; + +/** + * Represents an SSH related exception + * + * @author Apache MINA SSHD Project + */ +public class SshException extends IOException { + + private static final long serialVersionUID = -7349477687125144606L; + + private final int disconnectCode; + + public SshException(String message) { + this(message, null); + } + + public SshException(Throwable cause) { + this(Objects.requireNonNull(cause, "No cause").getMessage(), cause); + } + + public SshException(String message, Throwable cause) { + this(0, message, cause); + } + + public SshException(int disconnectCode) { + this(disconnectCode, SshConstants.getDisconnectReasonName(disconnectCode)); + } + + public SshException(int disconnectCode, String message) { + this(disconnectCode, message, null); + } + + public SshException(int disconnectCode, Throwable cause) { + this(disconnectCode, SshConstants.getDisconnectReasonName(disconnectCode), cause); + } + + public SshException(int disconnectCode, String message, Throwable cause) { + super(GenericUtils.isEmpty(message) ? SshConstants.getDisconnectReasonName(disconnectCode) : message); + this.disconnectCode = disconnectCode; + if (cause != null) { + initCause(cause); + } + } + + public int getDisconnectCode() { + return disconnectCode; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/SyspropsMapWrapper.java b/files-sftp/src/main/java/org/apache/sshd/common/SyspropsMapWrapper.java new file mode 100644 index 0000000..0cf3d54 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/SyspropsMapWrapper.java @@ -0,0 +1,217 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common; + +import java.util.AbstractMap.SimpleImmutableEntry; +import java.util.Collection; +import java.util.Map; +import java.util.Objects; +import java.util.Properties; +import java.util.Set; +import java.util.TreeSet; +import java.util.stream.Collectors; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.MapEntryUtils; + +/** + * A wrapper that exposes a read-only {@link Map} access to the system properties. Any attempt to modify it will throw + * {@link UnsupportedOperationException}. The mapper uses the {@link #SYSPROPS_MAPPED_PREFIX} to filter and access' only + * these properties, ignoring all others + * + * @author Apache MINA SSHD Project + */ +public final class SyspropsMapWrapper implements Map { + /** + * Prefix of properties used by the mapper to identify SSHD related settings + */ + public static final String SYSPROPS_MAPPED_PREFIX = "org.apache.sshd.config"; + + /** + * Exposes the "raw" system properties as a {@link PropertyResolver} without any further filtering + */ + public static final PropertyResolver RAW_PROPS_RESOLVER = PropertyResolverUtils.toPropertyResolver(System.getProperties()); + + /** + * The one and only wrapper instance + */ + public static final SyspropsMapWrapper INSTANCE = new SyspropsMapWrapper(); + + /** + * A {@link PropertyResolver} with no parent that exposes the system properties + */ + public static final PropertyResolver SYSPROPS_RESOLVER = new PropertyResolver() { + @Override + public Map getProperties() { + return SyspropsMapWrapper.INSTANCE; + } + + @Override + public PropertyResolver getParentPropertyResolver() { + return null; + } + + @Override + public String toString() { + return "SYSPROPS"; + } + }; + + private SyspropsMapWrapper() { + super(); + } + + @Override + public void clear() { + throw new UnsupportedOperationException("sysprops#clear() N/A"); + } + + @Override + public boolean containsKey(Object key) { + return get(key) != null; + } + + @Override + public boolean containsValue(Object value) { + // not the most efficient implementation, but we do not expect it to be called much + Properties props = System.getProperties(); + for (String key : props.stringPropertyNames()) { + if (!isMappedSyspropKey(key)) { + continue; + } + + Object v = props.getProperty(key); + if (Objects.equals(v, value)) { + return true; + } + } + + return false; + } + + @Override + public Set> entrySet() { + Properties props = System.getProperties(); + // return a copy in order to avoid concurrent modifications + Set> entries = new TreeSet<>(MapEntryUtils.byKeyEntryComparator()); + for (String key : props.stringPropertyNames()) { + if (!isMappedSyspropKey(key)) { + continue; + } + + Object v = props.getProperty(key); + if (v != null) { + String unmappedKey = getUnmappedSyspropKey(key); + entries.add(new SimpleImmutableEntry<>(unmappedKey, v)); + } + } + + return entries; + } + + @Override + public Object get(Object key) { + String propName = getMappedSyspropKey(key); + return (key instanceof String) ? System.getProperty(propName) : null; + } + + @Override + public boolean isEmpty() { + return GenericUtils.isEmpty(keySet()); + } + + @Override + public Set keySet() { + return System.getProperties() + .stringPropertyNames() + .stream() + // filter out any non-SSHD properties + .filter(SyspropsMapWrapper::isMappedSyspropKey) + .map(SyspropsMapWrapper::getUnmappedSyspropKey) + .collect(Collectors.toSet()); + } + + @Override + public Object put(String key, Object value) { + throw new UnsupportedOperationException("sysprops#put(" + key + ")[" + value + "] N/A"); + } + + @Override + public void putAll(Map m) { + throw new UnsupportedOperationException("sysprops#putAll(" + m + ") N/A"); + } + + @Override + public Object remove(Object key) { + throw new UnsupportedOperationException("sysprops#remove(" + key + ") N/A"); + } + + @Override + public int size() { + return GenericUtils.size(keySet()); + } + + @Override + public Collection values() { + Properties props = System.getProperties(); + // return a copy in order to avoid concurrent modifications + return props + .stringPropertyNames() + .stream() + .filter(SyspropsMapWrapper::isMappedSyspropKey) + .map(props::get) + .collect(Collectors.toList()); + } + + @Override + public String toString() { + return Objects.toString(entrySet(), null); + } + + /** + * @param key Key to be tested + * @return {@code true} if key starts with {@link #SYSPROPS_MAPPED_PREFIX} and continues with a dot followed by + * some characters + */ + public static boolean isMappedSyspropKey(String key) { + return (GenericUtils.length(key) > (SYSPROPS_MAPPED_PREFIX.length() + 1)) + && key.startsWith(SYSPROPS_MAPPED_PREFIX) + && (key.charAt(SYSPROPS_MAPPED_PREFIX.length()) == '.'); + } + + /** + * @param key Key to be transformed + * @return The "pure" key name if a mapped one, same as input otherwise + * @see #isMappedSyspropKey(String) + */ + public static String getUnmappedSyspropKey(Object key) { + String s = Objects.toString(key); + return isMappedSyspropKey(s) ? s.substring(SYSPROPS_MAPPED_PREFIX.length() + 1 /* skip dot */) : s; + } + + /** + * @param key The original key + * @return A key prefixed by {@link #SYSPROPS_MAPPED_PREFIX} + * @see #isMappedSyspropKey(String) + */ + public static String getMappedSyspropKey(Object key) { + return SYSPROPS_MAPPED_PREFIX + "." + key; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/UnixDateFormat.java b/files-sftp/src/main/java/org/apache/sshd/common/UnixDateFormat.java new file mode 100644 index 0000000..5864e3c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/UnixDateFormat.java @@ -0,0 +1,107 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common; + +import java.nio.file.attribute.FileTime; +import java.util.Arrays; +import java.util.Calendar; +import java.util.Collections; +import java.util.GregorianCalendar; +import java.util.List; + +/** + * @author Apache MINA SSHD Project + */ +public final class UnixDateFormat { + + /** + * A {@link List} of short months names where Jan=0, Feb=1, etc. + */ + public static final List MONTHS = Collections.unmodifiableList( + Arrays.asList( + "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec")); + + /** + * Six months duration in msec. + */ + public static final long SIX_MONTHS = 183L * 24L * 60L * 60L * 1000L; + + private UnixDateFormat() { + throw new UnsupportedOperationException("No instance allowed"); + } + + /** + * Get unix style date string. + * + * @param time The {@link FileTime} to format - ignored if {@code null} + * @return The formatted date string + * @see #getUnixDate(long) + */ + public static String getUnixDate(FileTime time) { + return getUnixDate((time != null) ? time.toMillis() : -1L); + } + + public static String getUnixDate(long millis) { + if (millis < 0L) { + return "------------"; + } + + StringBuilder sb = new StringBuilder(16); + Calendar cal = new GregorianCalendar(); + cal.setTimeInMillis(millis); + + // month + sb.append(MONTHS.get(cal.get(Calendar.MONTH))); + sb.append(' '); + + // day + int day = cal.get(Calendar.DATE); + if (day < 10) { + sb.append(' '); + } + sb.append(day); + sb.append(' '); + + long nowTime = System.currentTimeMillis(); + if (Math.abs(nowTime - millis) > SIX_MONTHS) { + + // year + int year = cal.get(Calendar.YEAR); + sb.append(' '); + sb.append(year); + } else { + // hour + int hh = cal.get(Calendar.HOUR_OF_DAY); + if (hh < 10) { + sb.append('0'); + } + sb.append(hh); + sb.append(':'); + + // minute + int mm = cal.get(Calendar.MINUTE); + if (mm < 10) { + sb.append('0'); + } + sb.append(mm); + } + + return sb.toString(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/auth/AbstractUserAuthMethodFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/auth/AbstractUserAuthMethodFactory.java new file mode 100644 index 0000000..9451df5 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/auth/AbstractUserAuthMethodFactory.java @@ -0,0 +1,47 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.auth; + +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * @param The type of {@link SessionContext} being provided + * @param Type of user authentication method + * @author Apache MINA SSHD Project + */ +public abstract class AbstractUserAuthMethodFactory> + implements UserAuthMethodFactory { + private final String name; + + protected AbstractUserAuthMethodFactory(String name) { + this.name = ValidateUtils.checkNotNullAndNotEmpty(name, "No factory name provided"); + } + + @Override + public final String getName() { + return name; + } + + @Override + public String toString() { + return getClass().getSimpleName() + "[" + getName() + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/auth/AbstractUserAuthServiceFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/auth/AbstractUserAuthServiceFactory.java new file mode 100644 index 0000000..a3f7a23 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/auth/AbstractUserAuthServiceFactory.java @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.auth; + +import org.apache.sshd.common.ServiceFactory; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractUserAuthServiceFactory implements ServiceFactory { + public static final String DEFAULT_NAME = "ssh-userauth"; + + private final String name; + + protected AbstractUserAuthServiceFactory() { + this(DEFAULT_NAME); + } + + protected AbstractUserAuthServiceFactory(String name) { + this.name = ValidateUtils.checkNotNullAndNotEmpty(name, "No factory name"); + } + + @Override + public final String getName() { + return name; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/auth/BasicCredentialsImpl.java b/files-sftp/src/main/java/org/apache/sshd/common/auth/BasicCredentialsImpl.java new file mode 100644 index 0000000..8a1f61a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/auth/BasicCredentialsImpl.java @@ -0,0 +1,92 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.auth; + +import java.util.Objects; + +/** + * @author Apache MINA SSHD Project + */ +public class BasicCredentialsImpl implements MutableBasicCredentials, Cloneable { + private String username; + private String password; + + public BasicCredentialsImpl() { + super(); + } + + public BasicCredentialsImpl(String username, String password) { + this.username = username; + this.password = password; + } + + @Override + public String getUsername() { + return username; + } + + @Override + public void setUsername(String username) { + this.username = username; + } + + @Override + public String getPassword() { + return password; + } + + @Override + public void setPassword(String password) { + this.password = password; + } + + @Override + public BasicCredentialsImpl clone() { + try { + return getClass().cast(super.clone()); + } catch (CloneNotSupportedException e) { + throw new UnsupportedOperationException("Unexpected failure to clone: " + e.getMessage(), e); + } + } + + @Override + public int hashCode() { + return Objects.hash(getUsername(), getPassword()); + } + + @Override + public boolean equals(Object obj) { + if (obj == null) { + return false; + } + if (obj == this) { + return true; + } + if (getClass() != obj.getClass()) { + return false; + } + + BasicCredentialsImpl other = (BasicCredentialsImpl) obj; + return Objects.equals(getUsername(), other.getUsername()) + && Objects.equals(getPassword(), other.getPassword()); + } + + // NOTE: do not implement 'toString' on purpose to avoid inadvertent logging of contents +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/auth/BasicCredentialsProvider.java b/files-sftp/src/main/java/org/apache/sshd/common/auth/BasicCredentialsProvider.java new file mode 100644 index 0000000..7ddde04 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/auth/BasicCredentialsProvider.java @@ -0,0 +1,27 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.auth; + +/** + * @author Apache MINA SSHD Project + */ +public interface BasicCredentialsProvider extends UsernameHolder, PasswordHolder { + // Nothing extra +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/auth/MutableBasicCredentials.java b/files-sftp/src/main/java/org/apache/sshd/common/auth/MutableBasicCredentials.java new file mode 100644 index 0000000..a7bb1d5 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/auth/MutableBasicCredentials.java @@ -0,0 +1,27 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.auth; + +/** + * @author Apache MINA SSHD Project + */ +public interface MutableBasicCredentials extends BasicCredentialsProvider, MutableUserHolder, MutablePassword { + // Nothing extra +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/auth/MutablePassword.java b/files-sftp/src/main/java/org/apache/sshd/common/auth/MutablePassword.java new file mode 100644 index 0000000..07e4843 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/auth/MutablePassword.java @@ -0,0 +1,27 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.auth; + +/** + * @author Apache MINA SSHD Project + */ +public interface MutablePassword extends PasswordHolder { + void setPassword(String password); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/auth/MutableUserHolder.java b/files-sftp/src/main/java/org/apache/sshd/common/auth/MutableUserHolder.java new file mode 100644 index 0000000..485f2f2 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/auth/MutableUserHolder.java @@ -0,0 +1,27 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.auth; + +/** + * @author Apache MINA SSHD Project + */ +public interface MutableUserHolder extends UsernameHolder { + void setUsername(String username); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/auth/PasswordHolder.java b/files-sftp/src/main/java/org/apache/sshd/common/auth/PasswordHolder.java new file mode 100644 index 0000000..5f2eff7 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/auth/PasswordHolder.java @@ -0,0 +1,28 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.auth; + +/** + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface PasswordHolder { + String getPassword(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/auth/UserAuthFactoriesManager.java b/files-sftp/src/main/java/org/apache/sshd/common/auth/UserAuthFactoriesManager.java new file mode 100644 index 0000000..5d09e97 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/auth/UserAuthFactoriesManager.java @@ -0,0 +1,69 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.auth; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.List; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; + +/** + * @param Type of session being managed + * @param Type of {@code UserAuth} being used + * @param Type of user authentication mechanism factory + * @author Apache MINA SSHD Project + */ +public interface UserAuthFactoriesManager< + S extends SessionContext, + M extends UserAuthInstance, F extends UserAuthMethodFactory> { + /** + * Retrieve the list of named factories for UserAuth objects. + * + * @return a list of named UserAuth factories, never {@code null}/empty + */ + List getUserAuthFactories(); + + default String getUserAuthFactoriesNameList() { + return NamedResource.getNames(getUserAuthFactories()); + } + + default List getUserAuthFactoriesNames() { + return NamedResource.getNameList(getUserAuthFactories()); + } + + void setUserAuthFactories(List userAuthFactories); + + default void setUserAuthFactoriesNameList(String names) { + setUserAuthFactoriesNames(GenericUtils.split(names, ',')); + } + + default void setUserAuthFactoriesNames(String... names) { + setUserAuthFactoriesNames( + GenericUtils.isEmpty((Object[]) names) + ? Collections.emptyList() + : Arrays.asList(names)); + } + + void setUserAuthFactoriesNames(Collection names); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/auth/UserAuthInstance.java b/files-sftp/src/main/java/org/apache/sshd/common/auth/UserAuthInstance.java new file mode 100644 index 0000000..3756ec8 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/auth/UserAuthInstance.java @@ -0,0 +1,37 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.auth; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.session.SessionContext; + +/** + * Represents an authentication-in-progress tracker for a specific session + * + * @param The type of session being tracked by the instance + * @author Apache MINA SSHD Project + */ +public interface UserAuthInstance extends NamedResource { + /** + * @return The current session for which the authentication is being tracked. Note: may be {@code null} if + * the instance has not been initialized yet + */ + S getSession(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/auth/UserAuthMethodFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/auth/UserAuthMethodFactory.java new file mode 100644 index 0000000..1043f4a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/auth/UserAuthMethodFactory.java @@ -0,0 +1,133 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.auth; + +import java.io.IOException; +import java.util.Collection; + +import org.apache.sshd.common.CommonModuleProperties; +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.session.SessionContext; + +/** + * Represents a user authentication method + * + * @param The type of {@link SessionContext} being provided to the instance creator + * @param The authentication method factory type + * @author Apache MINA SSHD Project + */ +public interface UserAuthMethodFactory> extends NamedResource { + /** + * Password authentication method name + */ + String PASSWORD = "password"; + + /** + * Public key authentication method name + */ + String PUBLIC_KEY = "publickey"; + + /** + * Keyboard interactive authentication method + */ + String KB_INTERACTIVE = "keyboard-interactive"; + + /** + * Host-based authentication method + */ + String HOST_BASED = "hostbased"; + + /** + * @param session The session for which authentication is required + * @return The authenticator instance + * @throws IOException If failed to create the instance + */ + M createUserAuth(S session) throws IOException; + + /** + * @param The type of {@link SessionContext} being provided to the instance creator + * @param The authentication method factory type + * @param session The session through which the request is being made + * @param factories The available factories + * @param name The requested factory name + * @return The created authenticator instance - {@code null} if no matching factory + * @throws IOException If failed to create the instance + */ + static > M createUserAuth( + S session, Collection> factories, String name) + throws IOException { + UserAuthMethodFactory f = NamedResource.findByName(name, String.CASE_INSENSITIVE_ORDER, factories); + if (f != null) { + return f.createUserAuth(session); + } else { + return null; + } + } + + /** + * According to RFC 4252 - section 8: + * + * 
    +     *      Both the server and the client should check whether the underlying
+     *      transport layer provides confidentiality (i.e., if encryption is
+     *      being used).  If no confidentiality is provided ("none" cipher),
+     *      password authentication SHOULD be disabled.  If there is no
+     *      confidentiality or no MAC, password change SHOULD be disabled.
+     *
    + * + * @param session The {@link SessionContext} being used for authentication + * @return {@code true} if the context is not {@code null} and the ciphers have been established to anything + * other than "none". + * @see CommonModuleProperties#ALLOW_INSECURE_AUTH + * @see SessionContext#isSecureSessionTransport(SessionContext) + */ + static boolean isSecureAuthenticationTransport(SessionContext session) { + if (session == null) { + return false; + } + + boolean allowInsecure = CommonModuleProperties.ALLOW_INSECURE_AUTH.getRequired(session); + if (allowInsecure) { + return true; + } + + return SessionContext.isSecureSessionTransport(session); + } + + /** + * @param session The {@link SessionContext} being used for authentication + * @return {@code true} if the context is not {@code null} and the MAC(s) used to verify packet integrity + * have been established. + * @see CommonModuleProperties#ALLOW_NON_INTEGRITY_AUTH + * @see SessionContext#isDataIntegrityTransport(SessionContext) + */ + static boolean isDataIntegrityAuthenticationTransport(SessionContext session) { + if (session == null) { + return false; + } + + boolean allowNonValidated = CommonModuleProperties.ALLOW_NON_INTEGRITY_AUTH.getRequired(session); + if (allowNonValidated) { + return true; + } + + return SessionContext.isDataIntegrityTransport(session); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/auth/UsernameHolder.java b/files-sftp/src/main/java/org/apache/sshd/common/auth/UsernameHolder.java new file mode 100644 index 0000000..019f05b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/auth/UsernameHolder.java @@ -0,0 +1,31 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.auth; + +/** + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface UsernameHolder { + /** + * @return The attached username - may be {@code null}/empty if holder not yet initialized + */ + String getUsername(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/auth/WelcomeBannerPhase.java b/files-sftp/src/main/java/org/apache/sshd/common/auth/WelcomeBannerPhase.java new file mode 100644 index 0000000..7db3f79 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/auth/WelcomeBannerPhase.java @@ -0,0 +1,50 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.auth; + +import java.util.Collections; +import java.util.EnumSet; +import java.util.Set; + +/** + * Used to indicate at which authentication phase to send the welcome banner (if any configured) + * + * @author Apache MINA SSHD Project + * @see RFC-4252 section 5.4 + */ +public enum WelcomeBannerPhase { + /** Immediately after receiving "ssh-userauth" request */ + IMMEDIATE, + /** On first {@code SSH_MSG_USERAUTH_REQUEST} */ + FIRST_REQUEST, + /** On first {@code SSH_MSG_USERAUTH_XXX} extension command */ + FIRST_AUTHCMD, + /** On first {@code SSH_MSG_USERAUTH_FAILURE} */ + FIRST_FAILURE, + /** After user successfully authenticates */ + POST_SUCCESS, + /** + * Do not send a welcome banner even if one is configured. Note: this option is useful when a global welcome + * banner has been configured but we want to disable it for a specific session. + */ + NEVER; + + public static final Set VALUES = Collections.unmodifiableSet(EnumSet.allOf(WelcomeBannerPhase.class)); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/AbstractChannel.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/AbstractChannel.java new file mode 100644 index 0000000..8c0fcb6 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/AbstractChannel.java @@ -0,0 +1,888 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.channel; + +import java.io.EOFException; +import java.io.IOException; +import java.time.Duration; +import java.util.Collection; +import java.util.Collections; +import java.util.Date; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.CopyOnWriteArrayList; +import java.util.concurrent.CopyOnWriteArraySet; +import java.util.concurrent.atomic.AtomicBoolean; +import java.util.concurrent.atomic.AtomicReference; +import java.util.function.Function; +import java.util.function.IntUnaryOperator; + +import org.apache.sshd.common.AttributeRepository; +import org.apache.sshd.common.Closeable; +import org.apache.sshd.common.FactoryManager; +import org.apache.sshd.common.PropertyResolver; +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.channel.throttle.ChannelStreamWriterResolver; +import org.apache.sshd.common.channel.throttle.ChannelStreamWriterResolverManager; +import org.apache.sshd.common.future.CloseFuture; +import org.apache.sshd.common.future.DefaultCloseFuture; +import org.apache.sshd.common.future.SshFutureListener; +import org.apache.sshd.common.io.AbstractIoWriteFuture; +import org.apache.sshd.common.io.IoWriteFuture; +import org.apache.sshd.common.session.ConnectionService; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.EventListenerUtils; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.Int2IntFunction; +import org.apache.sshd.common.util.Invoker; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.BufferUtils; +import org.apache.sshd.common.util.closeable.AbstractInnerCloseable; +import org.apache.sshd.common.util.closeable.IoBaseCloseable; +import org.apache.sshd.common.util.io.IoUtils; +import org.apache.sshd.common.util.threads.CloseableExecutorService; +import org.apache.sshd.common.util.threads.ExecutorServiceCarrier; +import org.apache.sshd.common.CoreModuleProperties; + +/** + * Provides common client/server channel functionality + * + * @author Apache MINA SSHD Project + */ +public abstract class AbstractChannel extends AbstractInnerCloseable implements Channel, ExecutorServiceCarrier { + + /** + * Default growth factor function used to resize response buffers + */ + public static final IntUnaryOperator RESPONSE_BUFFER_GROWTH_FACTOR = Int2IntFunction.add(Byte.SIZE); + + protected enum GracefulState { + Opened, + CloseSent, + CloseReceived, + Closed + } + + protected ConnectionService service; + protected final AtomicBoolean initialized = new AtomicBoolean(false); + protected final AtomicBoolean eofReceived = new AtomicBoolean(false); + protected final AtomicBoolean eofSent = new AtomicBoolean(false); + protected final AtomicBoolean unregisterSignaled = new AtomicBoolean(false); + protected final AtomicBoolean closeSignaled = new AtomicBoolean(false); + protected AtomicReference gracefulState = new AtomicReference<>(GracefulState.Opened); + protected final DefaultCloseFuture gracefulFuture; + /** + * Channel events listener + */ + protected final Collection channelListeners = new CopyOnWriteArraySet<>(); + protected final ChannelListener channelListenerProxy; + + private int id = -1; + private int recipient = -1; + private Session sessionInstance; + private CloseableExecutorService executor; + private final List> requestHandlers = new CopyOnWriteArrayList<>(); + + private final Window localWindow; + private final Window remoteWindow; + private ChannelStreamWriterResolver channelStreamPacketWriterResolver; + + /** + * A {@link Map} of sent requests - key = request name, value = timestamp when request was sent. + */ + private final Map pendingRequests = new ConcurrentHashMap<>(); + private final Map properties = new ConcurrentHashMap<>(); + private final Map, Object> attributes = new ConcurrentHashMap<>(); + + protected AbstractChannel(boolean client) { + this("", client); + } + + protected AbstractChannel(boolean client, Collection> handlers) { + this("", client, handlers, null); + } + + protected AbstractChannel(String discriminator, boolean client) { + this(discriminator, client, Collections.emptyList(), null); + } + + protected AbstractChannel(String discriminator, boolean client, + Collection> handlers, + CloseableExecutorService executorService) { + super(discriminator); + gracefulFuture = new DefaultCloseFuture(discriminator, futureLock); + localWindow = new Window(this, null, client, true); + remoteWindow = new Window(this, null, client, false); + channelListenerProxy = EventListenerUtils.proxyWrapper(ChannelListener.class, channelListeners); + executor = executorService; + addRequestHandlers(handlers); + } + + @Override + public List> getRequestHandlers() { + return requestHandlers; + } + + @Override + public void addRequestHandler(RequestHandler handler) { + requestHandlers.add(Objects.requireNonNull(handler, "No handler instance")); + } + + @Override + public void removeRequestHandler(RequestHandler handler) { + requestHandlers.remove(Objects.requireNonNull(handler, "No handler instance")); + } + + @Override + public int getId() { + return id; + } + + @Override + public int getRecipient() { + return recipient; + } + + protected void setRecipient(int recipient) { + this.recipient = recipient; + } + + @Override + public Window getLocalWindow() { + return localWindow; + } + + @Override + public Window getRemoteWindow() { + return remoteWindow; + } + + @Override + public Session getSession() { + return sessionInstance; + } + + @Override + public PropertyResolver getParentPropertyResolver() { + return getSession(); + } + + @Override + public CloseableExecutorService getExecutorService() { + return executor; + } + + @Override + public ChannelStreamWriterResolver getChannelStreamWriterResolver() { + return channelStreamPacketWriterResolver; + } + + @Override + public void setChannelStreamWriterResolver(ChannelStreamWriterResolver resolver) { + channelStreamPacketWriterResolver = resolver; + } + + @Override + public ChannelStreamWriterResolver resolveChannelStreamWriterResolver() { + ChannelStreamWriterResolver resolver = getChannelStreamWriterResolver(); + if (resolver != null) { + return resolver; + } + + ChannelStreamWriterResolverManager manager = getSession(); + return manager.resolveChannelStreamWriterResolver(); + } + + /** + * Add a channel request to the tracked pending ones if reply is expected + * + * @param request The request type + * @param wantReply {@code true} if reply is expected + * @return The allocated {@link Date} timestamp - {@code null} if no reply is expected (in + * which case the request is not tracked) + * @throws IllegalArgumentException If the request is already being tracked + * @see #removePendingRequest(String) + */ + protected Date addPendingRequest(String request, boolean wantReply) { + if (!wantReply) { + return null; + } + + Date pending = new Date(System.currentTimeMillis()); + Date prev = pendingRequests.put(request, pending); + ValidateUtils.checkTrue(prev == null, "Multiple pending requests of type=%s", request); + return pending; + } + + /** + * Removes a channel request from the tracked ones + * + * @param request The request type + * @return The allocated {@link Date} timestamp - {@code null} if the specified request type is not being + * tracked or has not been added to the tracked ones to begin with + * @see #addPendingRequest(String, boolean) + */ + protected Date removePendingRequest(String request) { + Date pending = pendingRequests.remove(request); + return pending; + } + + @Override + public void handleRequest(Buffer buffer) throws IOException { + handleChannelRequest(buffer.getString(), buffer.getBoolean(), buffer); + } + + protected void handleChannelRequest(String req, boolean wantReply, Buffer buffer) throws IOException { + + Collection> handlers = getRequestHandlers(); + for (RequestHandler handler : handlers) { + RequestHandler.Result result; + try { + result = handler.process(this, req, wantReply, buffer); + } catch (Throwable e) { + result = RequestHandler.Result.ReplyFailure; + } + + // if Unsupported then check the next handler in line + if (RequestHandler.Result.Unsupported.equals(result)) { + } else { + sendResponse(buffer, req, result, wantReply); + return; + } + } + + // none of the handlers processed the request + handleUnknownChannelRequest(req, wantReply, buffer); + } + + /** + * Called when none of the register request handlers reported handling the request + * + * @param req The request type + * @param wantReply Whether reply is requested + * @param buffer The {@link Buffer} containing extra request-specific data + * @throws IOException If failed to send the response (if needed) + * @see #handleInternalRequest(String, boolean, Buffer) + */ + protected void handleUnknownChannelRequest(String req, boolean wantReply, Buffer buffer) throws IOException { + RequestHandler.Result r = handleInternalRequest(req, wantReply, buffer); + if ((r == null) || RequestHandler.Result.Unsupported.equals(r)) { + sendResponse(buffer, req, RequestHandler.Result.Unsupported, wantReply); + } else { + sendResponse(buffer, req, r, wantReply); + } + } + + /** + * Called by {@link #handleUnknownChannelRequest(String, boolean, Buffer)} in order to allow channel request + * handling if none of the registered handlers processed the request - last chance. + * + * @param req The request type + * @param wantReply Whether reply is requested + * @param buffer The {@link Buffer} containing extra request-specific data + * @return The handling result - if {@code null} or {@code Unsupported} and reply is required then a + * failure message will be sent + * @throws IOException If failed to process the request internally + */ + protected RequestHandler.Result handleInternalRequest(String req, boolean wantReply, Buffer buffer) + throws IOException { + return RequestHandler.Result.Unsupported; + } + + protected IoWriteFuture sendResponse(Buffer buffer, String req, RequestHandler.Result result, boolean wantReply) + throws IOException { + + if (RequestHandler.Result.Replied.equals(result) || (!wantReply)) { + return new AbstractIoWriteFuture(req, null) { + { + setValue(Boolean.TRUE); + } + }; + } + + byte cmd = RequestHandler.Result.ReplySuccess.equals(result) + ? SshConstants.SSH_MSG_CHANNEL_SUCCESS + : SshConstants.SSH_MSG_CHANNEL_FAILURE; + Session session = getSession(); + Buffer rsp = session.createBuffer(cmd, Integer.BYTES); + rsp.putInt(recipient); + return session.writePacket(rsp); + } + + @Override + public void init(ConnectionService service, Session session, int id) throws IOException { + this.service = service; + this.sessionInstance = session; + this.id = id; + + signalChannelInitialized(); + configureWindow(); + initialized.set(true); + } + + protected void signalChannelInitialized() throws IOException { + try { + invokeChannelSignaller(l -> { + signalChannelInitialized(l); + return null; + }); + + notifyStateChanged("init"); + } catch (Throwable err) { + Throwable e = GenericUtils.peelException(err); + if (e instanceof IOException) { + throw (IOException) e; + } else if (e instanceof RuntimeException) { + throw (RuntimeException) e; + } else { + throw new IOException( + "Failed (" + e.getClass().getSimpleName() + ") to notify channel " + this + + " initialization: " + e.getMessage(), + e); + } + } + } + + protected void signalChannelInitialized(ChannelListener listener) { + if (listener == null) { + return; + } + + listener.channelInitialized(this); + } + + protected void signalChannelOpenSuccess() { + try { + invokeChannelSignaller(l -> { + signalChannelOpenSuccess(l); + return null; + }); + } catch (Throwable err) { + if (err instanceof RuntimeException) { + throw (RuntimeException) err; + } else if (err instanceof Error) { + throw (Error) err; + } else { + throw new RuntimeException(err); + } + } + } + + protected void signalChannelOpenSuccess(ChannelListener listener) { + if (listener == null) { + return; + } + + listener.channelOpenSuccess(this); + } + + @Override + public boolean isInitialized() { + return initialized.get(); + } + + @Override + public void handleChannelRegistrationResult( + ConnectionService service, Session session, int channelId, + boolean registered) { + notifyStateChanged("registered=" + registered); + if (registered) { + return; + } + + RuntimeException reason = new IllegalStateException( + "Channel id=" + channelId + " not registered because session is being closed: " + this); + signalChannelClosed(reason); + throw reason; + } + + protected void signalChannelOpenFailure(Throwable reason) { + try { + invokeChannelSignaller(l -> { + signalChannelOpenFailure(l, reason); + return null; + }); + } catch (Throwable err) { + Throwable ignored = GenericUtils.peelException(err); + } + } + + protected void signalChannelOpenFailure(ChannelListener listener, Throwable reason) { + if (listener == null) { + return; + } + + listener.channelOpenFailure(this, reason); + } + + protected void notifyStateChanged(String hint) { + try { + invokeChannelSignaller(l -> { + notifyStateChanged(l, hint); + return null; + }); + } catch (Throwable err) { + Throwable e = GenericUtils.peelException(err); + } finally { + synchronized (futureLock) { + futureLock.notifyAll(); + } + } + } + + protected void notifyStateChanged(ChannelListener listener, String hint) { + if (listener == null) { + return; + } + + listener.channelStateChanged(this, hint); + } + + @Override + public void addChannelListener(ChannelListener listener) { + ChannelListener.validateListener(listener); + // avoid race conditions on notifications while channel is being closed + if (!isOpen()) { + return; + } + + if (this.channelListeners.add(listener)) { + } else { + } + } + + @Override + public void removeChannelListener(ChannelListener listener) { + if (listener == null) { + return; + } + + ChannelListener.validateListener(listener); + if (this.channelListeners.remove(listener)) { + } else { + } + } + + @Override + public ChannelListener getChannelListenerProxy() { + return channelListenerProxy; + } + + @Override + public void handleClose() throws IOException { + + try { + if (!isEofSent()) { + } + + if (gracefulState.compareAndSet(GracefulState.Opened, GracefulState.CloseReceived)) { + close(false); + } else if (gracefulState.compareAndSet(GracefulState.CloseSent, GracefulState.Closed)) { + gracefulFuture.setClosed(); + } + } finally { + notifyStateChanged("SSH_MSG_CHANNEL_CLOSE"); + } + } + + @Override + protected Closeable getInnerCloseable() { + Closeable closer = builder().sequential(new GracefulChannelCloseable(), getExecutorService()) + .run(toString(), () -> { + if (service != null) { + service.unregisterChannel(AbstractChannel.this); + } + }).build(); + closer.addCloseFutureListener(future -> clearAttributes()); + return closer; + } + + public class GracefulChannelCloseable extends IoBaseCloseable { + private final AtomicBoolean closing = new AtomicBoolean(false); + + public GracefulChannelCloseable() { + super(); + } + + @Override + public void addCloseFutureListener(SshFutureListener listener) { + gracefulFuture.addListener(listener); + } + + @Override + public void removeCloseFutureListener(SshFutureListener listener) { + gracefulFuture.removeListener(listener); + } + + @Override + public boolean isClosing() { + return closing.get(); + } + + public void setClosing(boolean on) { + closing.set(on); + } + + @Override + public boolean isClosed() { + return gracefulFuture.isClosed(); + } + + @Override + public CloseFuture close(boolean immediately) { + Channel channel = AbstractChannel.this; + + setClosing(true); + if (immediately) { + gracefulFuture.setClosed(); + } else if (!gracefulFuture.isClosed()) { + + Session s = getSession(); + Buffer buffer = s.createBuffer(SshConstants.SSH_MSG_CHANNEL_CLOSE, Short.SIZE); + buffer.putInt(getRecipient()); + + try { + Duration timeout = CoreModuleProperties.CHANNEL_CLOSE_TIMEOUT.getRequired(channel); + s.writePacket(buffer, timeout).addListener(future -> { + if (future.isWritten()) { + handleClosePacketWritten(channel, immediately); + } else { + handleClosePacketWriteFailure(channel, immediately, future.getException()); + } + }); + } catch (IOException e) { + channel.close(true); + } + } + + CloseableExecutorService service = getExecutorService(); + if ((service != null) && (!service.isShutdown())) { + Collection running = service.shutdownNow(); + } + + return gracefulFuture; + } + + protected void handleClosePacketWritten(Channel channel, boolean immediately) { + + if (gracefulState.compareAndSet(GracefulState.Opened, GracefulState.CloseSent)) { + // Waiting for CLOSE message to come back from the remote side + return; + } else if (gracefulState.compareAndSet(GracefulState.CloseReceived, GracefulState.Closed)) { + gracefulFuture.setClosed(); + } + } + + protected void handleClosePacketWriteFailure(Channel channel, boolean immediately, Throwable t) { + channel.close(true); + } + + @Override + public String toString() { + return getClass().getSimpleName() + "[" + AbstractChannel.this + "]"; + } + } + + @Override + protected void preClose() { + if (!isEofSent()) { + } + + try { + signalChannelClosed(null); + } finally { + // clear the listeners since we are closing the channel (quicker GC) + this.channelListeners.clear(); + } + + IOException err = IoUtils.closeQuietly(getLocalWindow(), getRemoteWindow()); + if (err != null) { + } + + super.preClose(); + } + + @Override + public void handleChannelUnregistration(ConnectionService service) { + if (!unregisterSignaled.getAndSet(true)) { + } + + notifyStateChanged("unregistered"); + } + + public void signalChannelClosed(Throwable reason) { + String event = (reason == null) ? "signalChannelClosed" : reason.getClass().getSimpleName(); + try { + if (!closeSignaled.getAndSet(true)) { + } + + invokeChannelSignaller(l -> { + signalChannelClosed(l, reason); + return null; + }); + } catch (Throwable err) { + Throwable e = GenericUtils.peelException(err); + } finally { + notifyStateChanged(event); + } + } + + protected void signalChannelClosed(ChannelListener listener, Throwable reason) { + if (listener == null) { + return; + } + + listener.channelClosed(this, reason); + } + + protected void invokeChannelSignaller(Invoker invoker) throws Throwable { + Session session = getSession(); + FactoryManager manager = (session == null) ? null : session.getFactoryManager(); + ChannelListener[] listeners = { + (manager == null) ? null : manager.getChannelListenerProxy(), + (session == null) ? null : session.getChannelListenerProxy(), getChannelListenerProxy() }; + + Throwable err = null; + for (ChannelListener l : listeners) { + if (l == null) { + continue; + } + try { + invoker.invoke(l); + } catch (Throwable t) { + err = GenericUtils.accumulateException(err, t); + } + } + + if (err != null) { + throw err; + } + } + + @Override + public IoWriteFuture writePacket(Buffer buffer) throws IOException { + if (!isClosing()) { + Session s = getSession(); + return s.writePacket(buffer); + } + + return new AbstractIoWriteFuture(toString(), null) { + { + setValue(new EOFException("Channel is being closed")); + } + }; + } + + @Override + public void handleData(Buffer buffer) throws IOException { + long len = validateIncomingDataSize(SshConstants.SSH_MSG_CHANNEL_DATA, buffer.getUInt()); + if (isEofSignalled()) { + // TODO consider throwing an exception + } + doWriteData(buffer.array(), buffer.rpos(), len); + } + + @Override + public void handleExtendedData(Buffer buffer) throws IOException { + int ex = buffer.getInt(); + // Only accept extended data for stderr + if (ex != SshConstants.SSH_EXTENDED_DATA_STDERR) { + Session s = getSession(); + Buffer rsp = s.createBuffer(SshConstants.SSH_MSG_CHANNEL_FAILURE, Integer.BYTES); + rsp.putInt(getRecipient()); + writePacket(rsp); + return; + } + + long len = validateIncomingDataSize(SshConstants.SSH_MSG_CHANNEL_EXTENDED_DATA, buffer.getUInt()); + if (isEofSignalled()) { + // TODO consider throwing an exception + } + doWriteExtendedData(buffer.array(), buffer.rpos(), len); + } + + protected long validateIncomingDataSize( + int cmd, + long len /* actually a uint32 */) { + if (!BufferUtils.isValidUint32Value(len)) { + throw new IllegalArgumentException( + "Non UINT32 length (" + len + ") for command=" + SshConstants.getCommandMessageName(cmd)); + } + + /* + * According to RFC 4254 section 5.1 + * + * The 'maximum packet size' specifies the maximum size of an individual + * data packet that can be sent to the sender + * + * The local window reflects our preference - i.e., how much our peer + * should send at most + */ + Window wLocal = getLocalWindow(); + long maxLocalSize = wLocal.getPacketSize(); + + /* + * The reason for the +4 is that there seems to be some confusion + * whether the max. packet size includes the length field or not + */ + if (len > (maxLocalSize + 4L)) { + throw new IllegalStateException( + "Bad length (" + len + ") " + " for cmd=" + + SshConstants.getCommandMessageName(cmd) + " - max. allowed=" + maxLocalSize); + } + + return len; + } + + @Override + public void handleEof() throws IOException { + if (eofReceived.getAndSet(true)) { + // TODO consider throwing an exception + } else { + } + notifyStateChanged("SSH_MSG_CHANNEL_EOF"); + } + + @Override + public boolean isEofSignalled() { + return eofReceived.get(); + } + + @Override + public void handleWindowAdjust(Buffer buffer) throws IOException { + int window = buffer.getInt(); + Window wRemote = getRemoteWindow(); + wRemote.expand(window); + notifyStateChanged("SSH_MSG_CHANNEL_WINDOW_ADJUST"); + } + + @Override + public void handleSuccess() throws IOException { + } + + @Override + public void handleFailure() throws IOException { + // TODO: do something to report failed requests? + } + + protected abstract void doWriteData(byte[] data, int off, long len) throws IOException; + + protected abstract void doWriteExtendedData(byte[] data, int off, long len) throws IOException; + + /** + * Sends {@code SSH_MSG_CHANNEL_EOF} provided not already sent and current channel state allows it. + * + * @return The {@link IoWriteFuture} of the sent packet - {@code null} if message not sent due to + * channel state (or already sent) + * @throws IOException If failed to send the packet + */ + protected IoWriteFuture sendEof() throws IOException { + State channelState = state.get(); + // OK to send EOF if channel is open or being closed gracefully + if ((channelState != State.Opened) && (channelState != State.Graceful)) { + return null; + } + + if (eofSent.getAndSet(true)) { + return null; + } + + + Session s = getSession(); + Buffer buffer = s.createBuffer(SshConstants.SSH_MSG_CHANNEL_EOF, Short.SIZE); + buffer.putInt(getRecipient()); + /* + * The default "writePacket" does not send packets if state is not open + * so we need to bypass it. + */ + return s.writePacket(buffer); + } + + public boolean isEofSent() { + return eofSent.get(); + } + + @Override + public Map getProperties() { + return properties; + } + + @Override + public int getAttributesCount() { + return attributes.size(); + } + + @Override + @SuppressWarnings("unchecked") + public T getAttribute(AttributeKey key) { + return (T) attributes.get(Objects.requireNonNull(key, "No key")); + } + + @Override + public Collection> attributeKeys() { + return attributes.isEmpty() ? Collections.emptySet() : new HashSet<>(attributes.keySet()); + } + + @Override + @SuppressWarnings({ "unchecked", "rawtypes" }) + public T computeAttributeIfAbsent( + AttributeKey key, + Function, ? extends T> resolver) { + return (T) attributes.computeIfAbsent(Objects.requireNonNull(key, "No key"), (Function) resolver); + } + + @Override + @SuppressWarnings("unchecked") + public T setAttribute(AttributeKey key, T value) { + return (T) attributes.put(Objects.requireNonNull(key, "No key"), Objects.requireNonNull(value, "No value")); + } + + @Override + @SuppressWarnings("unchecked") + public T removeAttribute(AttributeKey key) { + return (T) attributes.remove(Objects.requireNonNull(key, "No key")); + } + + @Override + public void clearAttributes() { + attributes.clear(); + } + + protected void configureWindow() { + localWindow.init(this); + } + + protected void sendWindowAdjust(long len) throws IOException { + Session s = getSession(); + Buffer buffer = s.createBuffer(SshConstants.SSH_MSG_CHANNEL_WINDOW_ADJUST, Short.SIZE); + buffer.putInt(getRecipient()); + buffer.putInt(len); + writePacket(buffer); + } + + @Override + public String toString() { + return getClass().getSimpleName() + "[id=" + getId() + ", recipient=" + getRecipient() + "]" + "-" + + getSession(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/AbstractChannelRequestHandler.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/AbstractChannelRequestHandler.java new file mode 100644 index 0000000..0a00c53 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/AbstractChannelRequestHandler.java @@ -0,0 +1,29 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.channel; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractChannelRequestHandler extends AbstractRequestHandler implements ChannelRequestHandler { + protected AbstractChannelRequestHandler() { + super(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/AbstractRequestHandler.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/AbstractRequestHandler.java new file mode 100644 index 0000000..a43637b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/AbstractRequestHandler.java @@ -0,0 +1,30 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.channel; + +/** + * @param Request type + * @author Apache MINA SSHD Project + */ +public abstract class AbstractRequestHandler implements RequestHandler { + protected AbstractRequestHandler() { + super(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/BufferedIoOutputStream.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/BufferedIoOutputStream.java new file mode 100644 index 0000000..c6404ae --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/BufferedIoOutputStream.java @@ -0,0 +1,109 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.channel; + +import java.io.EOFException; +import java.io.IOException; +import java.util.Queue; +import java.util.concurrent.ConcurrentLinkedQueue; +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.common.Closeable; +import org.apache.sshd.common.future.SshFutureListener; +import org.apache.sshd.common.io.IoOutputStream; +import org.apache.sshd.common.io.IoWriteFuture; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.closeable.AbstractInnerCloseable; + +/** + * An {@link IoOutputStream} capable of queuing write requests. + */ +public class BufferedIoOutputStream extends AbstractInnerCloseable implements IoOutputStream { + protected final IoOutputStream out; + protected final Queue writes = new ConcurrentLinkedQueue<>(); + protected final AtomicReference currentWrite = new AtomicReference<>(); + protected final Object id; + + public BufferedIoOutputStream(Object id, IoOutputStream out) { + this.out = out; + this.id = id; + } + + public Object getId() { + return id; + } + + @Override + public IoWriteFuture writeBuffer(Buffer buffer) throws IOException { + if (isClosing()) { + throw new EOFException("Closed - state=" + state); + } + + IoWriteFutureImpl future = new IoWriteFutureImpl(getId(), buffer); + writes.add(future); + startWriting(); + return future; + } + + protected void startWriting() throws IOException { + IoWriteFutureImpl future = writes.peek(); + if (future == null) { + return; + } + + if (!currentWrite.compareAndSet(null, future)) { + return; + } + + out.writeBuffer(future.getBuffer()).addListener( + new SshFutureListener() { + @Override + public void operationComplete(IoWriteFuture f) { + if (f.isWritten()) { + future.setValue(Boolean.TRUE); + } else { + future.setValue(f.getException()); + } + finishWrite(future); + } + }); + } + + protected void finishWrite(IoWriteFutureImpl future) { + writes.remove(future); + currentWrite.compareAndSet(future, null); + try { + startWriting(); + } catch (IOException e) { + } + } + + @Override + protected Closeable getInnerCloseable() { + return builder() + .when(getId(), writes) + .close(out) + .build(); + } + + @Override + public String toString() { + return getClass().getSimpleName() + "[" + out + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/Channel.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/Channel.java new file mode 100644 index 0000000..aae831a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/Channel.java @@ -0,0 +1,255 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.channel; + +import java.io.IOException; +import java.util.Collection; +import java.util.List; +import java.util.Objects; + +import org.apache.sshd.common.future.OpenFuture; +import org.apache.sshd.common.AttributeStore; +import org.apache.sshd.common.Closeable; +import org.apache.sshd.common.PropertyResolver; +import org.apache.sshd.common.channel.throttle.ChannelStreamWriterResolverManager; +import org.apache.sshd.common.io.IoWriteFuture; +import org.apache.sshd.common.session.ConnectionService; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.session.SessionHolder; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * Represents a channel opened over an SSH session - holds information that is common both to server and client + * channels. + * + * @author Apache MINA SSHD Project + */ +public interface Channel + extends SessionHolder, + ChannelListenerManager, + PropertyResolver, + AttributeStore, + ChannelStreamWriterResolverManager, + Closeable { + // Known types of channels + String CHANNEL_EXEC = "exec"; + String CHANNEL_SHELL = "shell"; + String CHANNEL_SUBSYSTEM = "subsystem"; + + /** + * @return Local channel identifier + */ + int getId(); + + /** + * @return Remote channel identifier + */ + int getRecipient(); + + Window getLocalWindow(); + + Window getRemoteWindow(); + + List> getRequestHandlers(); + + void addRequestHandler(RequestHandler handler); + + default void addRequestHandlers(Collection> handlers) { + GenericUtils.forEach(handlers, this::addRequestHandler); + } + + void removeRequestHandler(RequestHandler handler); + + default void removeRequestHandlers(Collection> handlers) { + GenericUtils.forEach(handlers, this::removeRequestHandler); + } + + /** + * Invoked when SSH_MSG_CHANNEL_CLOSE received + * + * @throws IOException If failed to handle the message + */ + void handleClose() throws IOException; + + /** + * Invoked when SSH_MSG_CHANNEL_WINDOW_ADJUST received + * + * @param buffer The rest of the message data {@link Buffer} after decoding the channel identifiers + * @throws IOException If failed to handle the message + */ + void handleWindowAdjust(Buffer buffer) throws IOException; + + /** + * Invoked when SSH_MSG_CHANNEL_REQUEST received + * + * @param buffer The rest of the message data {@link Buffer} after decoding the channel identifiers + * @throws IOException If failed to handle the message + */ + void handleRequest(Buffer buffer) throws IOException; + + /** + * Invoked when SSH_MSG_CHANNEL_DATA received + * + * @param buffer The rest of the message data {@link Buffer} after decoding the channel identifiers + * @throws IOException If failed to handle the message + */ + void handleData(Buffer buffer) throws IOException; + + /** + * Invoked when SSH_MSG_CHANNEL_EXTENDED_DATA received + * + * @param buffer The rest of the message data {@link Buffer} after decoding the channel identifiers + * @throws IOException If failed to handle the message + */ + void handleExtendedData(Buffer buffer) throws IOException; + + /** + * Invoked when SSH_MSG_CHANNEL_EOF received + * + * @throws IOException If failed to handle the message + */ + void handleEof() throws IOException; + + /** + * Invoked when SSH_MSG_CHANNEL_SUCCESS received + * + * @throws IOException If failed to handle the message + */ + void handleSuccess() throws IOException; + + /** + * Invoked when SSH_MSG_CHANNEL_FAILURE received + * + * @throws IOException If failed to handle the message + */ + void handleFailure() throws IOException; + + /** + * Invoked when the local channel is initial created + * + * @param service The {@link ConnectionService} through which the channel is initialized + * @param session The {@link Session} associated with the channel + * @param id The locally assigned channel identifier + * @throws IOException If failed to process the initialization + */ + void init(ConnectionService service, Session session, int id) throws IOException; + + /** + * Invoked after being successfully registered by the connection service - should throw a {@link RuntimeException} + * if not registered + * + * @param service The {@link ConnectionService} through which the channel is registered + * @param session The {@link Session} associated with the channel + * @param id The locally assigned channel identifier + * @param registered Whether registration was successful or not + */ + void handleChannelRegistrationResult(ConnectionService service, Session session, int id, boolean registered); + + /** + * Called by the connection service to inform the channel that it has bee unregistered. + * + * @param service The {@link ConnectionService} through which the channel is unregistered + */ + void handleChannelUnregistration(ConnectionService service); + + /** + * @return {@code true} if call to {@link #init(ConnectionService, Session, int)} was successfully completed + */ + boolean isInitialized(); + + /** + * @return {@code true} if the peer signaled that it will not send any more data + * @see RFC 4254 - section 5.3 - + * SSH_MSG_CHANNEL_EOF + */ + boolean isEofSignalled(); + + /** + * For a server channel, this method will actually open the channel + * + * @param recipient Recipient identifier + * @param rwSize Read/Write window size ({@code uint32}) + * @param packetSize Preferred maximum packet size ({@code uint32}) + * @param buffer Incoming {@link Buffer} that triggered the call. Note: the buffer's read position is + * exactly after the information that read to this call was decoded + * @return An {@link OpenFuture} for the channel open request + */ + OpenFuture open(int recipient, long rwSize, long packetSize, Buffer buffer); + + /** + * For a client channel, this method will be called internally by the session when the confirmation has been + * received. + * + * @param recipient Recipient identifier + * @param rwSize Read/Write window size ({@code uint32}) + * @param packetSize Preferred maximum packet size ({@code uint32}) + * @param buffer Incoming {@link Buffer} that triggered the call. Note: the buffer's read position is + * exactly after the information that read to this call was decoded + * @throws IOException If failed to handle the success + */ + void handleOpenSuccess(int recipient, long rwSize, long packetSize, Buffer buffer) throws IOException; + + /** + * For a client channel, this method will be called internally by the session when the server has rejected this + * channel opening. + * + * @param buffer Incoming {@link Buffer} that triggered the call. Note: the buffer's read position is + * exactly after the information that read to this call was decoded + * @throws IOException If failed to handle the success + */ + void handleOpenFailure(Buffer buffer) throws IOException; + + @Override + default T resolveAttribute(AttributeKey key) { + return resolveAttribute(this, key); + } + + /** + * Attempts to use the channel attribute, if not found then tries the session + * + * @param The generic attribute type + * @param channel The {@link Channel} - ignored if {@code null} + * @param key The attribute key - never {@code null} + * @return Associated value - {@code null} if not found + * @see #getSession() + * @see Session#resolveAttribute(Session, AttributeKey) + */ + static T resolveAttribute(Channel channel, AttributeKey key) { + Objects.requireNonNull(key, "No key"); + if (channel == null) { + return null; + } + + T value = channel.getAttribute(key); + return (value != null) ? value : Session.resolveAttribute(channel.getSession(), key); + } + + /** + * Encode and send the given buffer. Note: for session packets the buffer has to have 5 bytes free at the + * beginning to allow the encoding to take place. Also, the write position of the buffer has to be set to the + * position of the last byte to write. + * + * @param buffer the buffer to encode and send. NOTE: the buffer must not be touched until the returned + * write future is completed. + * @return An {@code IoWriteFuture} that can be used to check when the packet has actually been sent + * @throws IOException if an error occurred when encoding or sending the packet + */ + IoWriteFuture writePacket(Buffer buffer) throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelAsyncInputStream.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelAsyncInputStream.java new file mode 100644 index 0000000..45c5d1a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelAsyncInputStream.java @@ -0,0 +1,199 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.channel; + +import java.io.IOException; +import java.util.Objects; + +import org.apache.sshd.common.RuntimeSshException; +import org.apache.sshd.common.SshException; +import org.apache.sshd.common.future.CloseFuture; +import org.apache.sshd.common.future.DefaultVerifiableSshFuture; +import org.apache.sshd.common.io.IoInputStream; +import org.apache.sshd.common.io.IoReadFuture; +import org.apache.sshd.common.io.ReadPendingException; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.Readable; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.common.util.closeable.AbstractCloseable; + +/** + * @author Apache MINA SSHD Project + */ +public class ChannelAsyncInputStream extends AbstractCloseable implements IoInputStream, ChannelHolder { + private final Channel channelInstance; + private final Buffer buffer = new ByteArrayBuffer(); + private final Object readFutureId; + private IoReadFutureImpl pending; + + public ChannelAsyncInputStream(Channel channel) { + this.channelInstance = Objects.requireNonNull(channel, "No channel"); + this.readFutureId = toString(); + } + + @Override + public Channel getChannel() { + return channelInstance; + } + + public void write(Readable src) throws IOException { + synchronized (buffer) { + buffer.putBuffer(src); + } + doRead(true); + } + + @Override + public IoReadFuture read(Buffer buf) { + IoReadFutureImpl future = new IoReadFutureImpl(readFutureId, buf); + if (isClosing()) { + synchronized (buffer) { + if (pending != null) { + throw new ReadPendingException("Previous pending read not handled"); + } + if (buffer.available() > 0) { + Buffer fb = future.getBuffer(); + int nbRead = fb.putBuffer(buffer, false); + buffer.compact(); + future.setValue(nbRead); + } else { + future.setValue(new IOException("Closed")); + } + } + } else { + synchronized (buffer) { + if (pending != null) { + throw new ReadPendingException("Previous pending read not handled"); + } + pending = future; + } + doRead(false); + } + return future; + } + + @Override + protected void preClose() { + synchronized (buffer) { + if (buffer.available() == 0) { + if (pending != null) { + pending.setValue(new SshException("Closed")); + } + } + } + super.preClose(); + } + + @Override + protected CloseFuture doCloseGracefully() { + synchronized (buffer) { + return builder().when(pending).build().close(false); + } + } + + @SuppressWarnings("synthetic-access") + private void doRead(boolean resume) { + IoReadFutureImpl future = null; + int nbRead = 0; + synchronized (buffer) { + if (buffer.available() > 0) { + if (resume) { + } + future = pending; + pending = null; + if (future != null) { + nbRead = future.buffer.putBuffer(buffer, false); + buffer.compact(); + } + } else { + if (!resume) { + } + } + } + if (nbRead > 0) { + Channel channel = getChannel(); + try { + Window wLocal = channel.getLocalWindow(); + wLocal.consumeAndCheck(nbRead); + } catch (IOException e) { + Session session = channel.getSession(); + session.exceptionCaught(e); + } + future.setValue(nbRead); + } + } + + @Override + public String toString() { + return getClass().getSimpleName() + "[" + getChannel() + "]"; + } + + public static class IoReadFutureImpl extends DefaultVerifiableSshFuture implements IoReadFuture { + private final Buffer buffer; + + public IoReadFutureImpl(Object id, Buffer buffer) { + super(id, null); + this.buffer = buffer; + } + + @Override + public Buffer getBuffer() { + return buffer; + } + + @Override + public IoReadFuture verify(long timeoutMillis) throws IOException { + long startTime = System.nanoTime(); + Number result = verifyResult(Number.class, timeoutMillis); + long endTime = System.nanoTime(); + + return this; + } + + @Override + public int getRead() { + Object v = getValue(); + if (v instanceof RuntimeException) { + throw (RuntimeException) v; + } else if (v instanceof Error) { + throw (Error) v; + } else if (v instanceof Throwable) { + throw new RuntimeSshException("Error reading from channel.", (Throwable) v); + } else if (v instanceof Number) { + return ((Number) v).intValue(); + } else { + throw formatExceptionMessage( + IllegalStateException::new, + "Unknown read value type: %s", + (v == null) ? "null" : v.getClass().getName()); + } + } + + @Override + public Throwable getException() { + Object v = getValue(); + if (v instanceof Throwable) { + return (Throwable) v; + } else { + return null; + } + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelAsyncOutputStream.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelAsyncOutputStream.java new file mode 100644 index 0000000..b1cac89 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelAsyncOutputStream.java @@ -0,0 +1,193 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.channel; + +import java.io.EOFException; +import java.io.IOException; +import java.util.Objects; +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.channel.throttle.ChannelStreamWriter; +import org.apache.sshd.common.future.CloseFuture; +import org.apache.sshd.common.io.IoOutputStream; +import org.apache.sshd.common.io.IoWriteFuture; +import org.apache.sshd.common.io.WritePendingException; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.common.util.closeable.AbstractCloseable; + +public class ChannelAsyncOutputStream extends AbstractCloseable implements IoOutputStream, ChannelHolder { + private final Channel channelInstance; + private final ChannelStreamWriter packetWriter; + private final byte cmd; + private final AtomicReference pendingWrite = new AtomicReference<>(); + private final Object packetWriteId; + + public ChannelAsyncOutputStream(Channel channel, byte cmd) { + this.channelInstance = Objects.requireNonNull(channel, "No channel"); + this.packetWriter = channelInstance.resolveChannelStreamWriter(channel, cmd); + this.cmd = cmd; + this.packetWriteId = channel.toString() + "[" + SshConstants.getCommandMessageName(cmd) + "]"; + } + + @Override + public Channel getChannel() { + return channelInstance; + } + + public void onWindowExpanded() throws IOException { + doWriteIfPossible(true); + } + + @Override + public synchronized IoWriteFuture writeBuffer(Buffer buffer) throws IOException { + if (isClosing()) { + throw new EOFException("Closing: " + state); + } + + IoWriteFutureImpl future = new IoWriteFutureImpl(packetWriteId, buffer); + if (!pendingWrite.compareAndSet(null, future)) { + throw new WritePendingException("A write operation is already pending"); + } + doWriteIfPossible(false); + return future; + } + + @Override + protected void preClose() { + if (!(packetWriter instanceof Channel)) { + try { + packetWriter.close(); + } catch (IOException e) { + } + } + + super.preClose(); + } + + @Override + protected CloseFuture doCloseGracefully() { + return builder().when(pendingWrite.get()).build().close(false); + } + + protected synchronized void doWriteIfPossible(boolean resume) { + IoWriteFutureImpl future = pendingWrite.get(); + if (future == null) { + return; + } + + Buffer buffer = future.getBuffer(); + int total = buffer.available(); + if (total > 0) { + Channel channel = getChannel(); + Window remoteWindow = channel.getRemoteWindow(); + long length; + long remoteWindowSize = remoteWindow.getSize(); + long packetSize = remoteWindow.getPacketSize(); + if (total > remoteWindowSize) { + // if we have a big message and there is enough space, send the next chunk + if (remoteWindowSize >= packetSize) { + // send the first chunk as we have enough space in the window + length = packetSize; + } else { + // do not chunk when the window is smaller than the packet size + length = 0; + // do a defensive copy in case the user reuses the buffer + IoWriteFutureImpl f = new IoWriteFutureImpl(future.getId(), new ByteArrayBuffer(buffer.getCompactData())); + f.addListener(w -> future.setValue(w.getException() != null ? w.getException() : w.isWritten())); + pendingWrite.set(f); + } + } else if (total > packetSize) { + if (buffer.rpos() > 0) { + // do a defensive copy in case the user reuses the buffer + IoWriteFutureImpl f = new IoWriteFutureImpl(future.getId(), new ByteArrayBuffer(buffer.getCompactData())); + f.addListener(w -> future.setValue(w.getException() != null ? w.getException() : w.isWritten())); + pendingWrite.set(f); + length = packetSize; + doWriteIfPossible(resume); + return; + } else { + length = packetSize; + } + } else { + length = total; + } + + if (length > 0) { + if (resume) { + } + + if (length >= (Integer.MAX_VALUE - 12)) { + throw new IllegalArgumentException( + "Command " + SshConstants.getCommandMessageName(cmd) + " length (" + length + + ") exceeds int boundaries"); + } + + Buffer buf = createSendBuffer(buffer, channel, length); + remoteWindow.consume(length); + + try { + IoWriteFuture writeFuture = packetWriter.writeData(buf); + writeFuture.addListener(f -> onWritten(future, total, length, f)); + } catch (IOException e) { + future.setValue(e); + } + } else if (!resume) { + } + } else { + boolean nullified = pendingWrite.compareAndSet(future, null); + future.setValue(Boolean.TRUE); + } + } + + protected void onWritten(IoWriteFutureImpl future, int total, long length, IoWriteFuture f) { + if (f.isWritten()) { + if (total > length) { + doWriteIfPossible(false); + } else { + boolean nullified = pendingWrite.compareAndSet(future, null); + future.setValue(Boolean.TRUE); + } + } else { + Throwable reason = f.getException(); + boolean nullified = pendingWrite.compareAndSet(future, null); + future.setValue(reason); + } + } + + protected Buffer createSendBuffer(Buffer buffer, Channel channel, long length) { + Session s = channel.getSession(); + Buffer buf = s.createBuffer(cmd, (int) length + 12); + buf.putInt(channel.getRecipient()); + if (cmd == SshConstants.SSH_MSG_CHANNEL_EXTENDED_DATA) { + buf.putInt(SshConstants.SSH_EXTENDED_DATA_STDERR); + } + buf.putInt(length); + buf.putRawBytes(buffer.array(), buffer.rpos(), (int) length); + buffer.rpos(buffer.rpos() + (int) length); + return buf; + } + + @Override + public String toString() { + return getClass().getSimpleName() + "[" + getChannel() + "] cmd=" + SshConstants.getCommandMessageName(cmd & 0xFF); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelFactory.java new file mode 100644 index 0000000..51ed522 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelFactory.java @@ -0,0 +1,56 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.channel; + +import java.io.IOException; +import java.util.Collection; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.session.Session; + +/** + * @author Apache MINA SSHD Project + */ +public interface ChannelFactory extends NamedResource { + /** + * @param session The {@link Session} through which the request is made + * @return The relevant {@link Channel} + * @throws IOException If failed to create the requested instance + */ + Channel createChannel(Session session) throws IOException; + + /** + * @param session The {@link Session} through which the request is made + * @param factories The available factories + * @param name The required factory name to use + * @return The created {@link Channel} - {@code null} if no match found + * @throws IOException If failed to create the requested instance + */ + static Channel createChannel( + Session session, Collection factories, String name) + throws IOException { + ChannelFactory f = NamedResource.findByName(name, String.CASE_INSENSITIVE_ORDER, factories); + if (f != null) { + return f.createChannel(session); + } else { + return null; + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelHolder.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelHolder.java new file mode 100644 index 0000000..0016503 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelHolder.java @@ -0,0 +1,31 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.channel; + +/** + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface ChannelHolder { + /** + * @return The associated {@link Channel} instance + */ + Channel getChannel(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelListener.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelListener.java new file mode 100644 index 0000000..1b57038 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelListener.java @@ -0,0 +1,99 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.channel; + +import org.apache.sshd.common.util.SshdEventListener; + +/** + * Provides a simple listener for client / server channels being established or torn down. Note: for server-side + * listeners, some of the established channels may be client - especially where connection proxy or forwarding is + * concerned + * + * @author Apache MINA SSHD Project + */ +public interface ChannelListener extends SshdEventListener { + ChannelListener EMPTY = new ChannelListener() { + @Override + public String toString() { + return "EMPTY"; + } + }; + + /** + * Called to inform about initial setup of a channel via the + * {@link Channel#init(org.apache.sshd.common.session.ConnectionService, org.apache.sshd.common.session.Session, int)} + * method. Note: this method is guaranteed to be called before either of the + * {@link #channelOpenSuccess(Channel)} or {@link #channelOpenFailure(Channel, Throwable)} will be called + * + * @param channel The initialized {@link Channel} + */ + default void channelInitialized(Channel channel) { + // ignored + } + + /** + * Called to inform about a channel being successfully opened for a session. Note: when the call is made, the + * channel is known to be open but nothing beyond that. + * + * @param channel The newly opened {@link Channel} + */ + default void channelOpenSuccess(Channel channel) { + // ignored + } + + /** + * Called to inform about the failure to open a channel + * + * @param channel The failed {@link Channel} + * @param reason The {@link Throwable} reason - Note: if the {@link #channelOpenSuccess(Channel)} + * notification throws an exception it will cause this method to be invoked + */ + default void channelOpenFailure(Channel channel, Throwable reason) { + // ignored + } + + /** + * Called to inform that the channel state may have changed - e.g., received EOF, window adjustment, etc.. + * + * @param channel The {@link Channel} whose state has changed + * @param hint A "hint" as to the nature of the state change. it can be a request name or a + * {@code SSH_MSG_CHANNEL_XXX} command or the name of an exception class + */ + default void channelStateChanged(Channel channel, String hint) { + // ignored + } + + /** + * Called to inform about a channel being closed. Note: when the call is made there are no guarantees about + * the channel's actual state except that it either has been already closed or may be in the process of being + * closed. Note: this method is guaranteed to be called regardless of whether + * {@link #channelOpenSuccess(Channel)} or {@link #channelOpenFailure(Channel, Throwable)} have been called + * + * @param channel The referenced {@link Channel} + * @param reason The reason why the channel is being closed - if {@code null} then normal closure + */ + default void channelClosed(Channel channel, Throwable reason) { + // ignored + } + + static L validateListener(L listener) { + return SshdEventListener.validateListener(listener, ChannelListener.class.getSimpleName()); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelListenerManager.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelListenerManager.java new file mode 100644 index 0000000..67abe04 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelListenerManager.java @@ -0,0 +1,46 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.channel; + +/** + * @author Apache MINA SSHD Project + */ +public interface ChannelListenerManager { + /** + * Add a channel listener + * + * @param listener The {@link ChannelListener} to add - not {@code null} + */ + void addChannelListener(ChannelListener listener); + + /** + * Remove a channel listener + * + * @param listener The {@link ChannelListener} to remove + */ + void removeChannelListener(ChannelListener listener); + + /** + * @return A (never {@code null} proxy {@link ChannelListener} that represents all the currently registered + * listeners. Any method invocation on the proxy is replicated to the currently registered listeners + */ + ChannelListener getChannelListenerProxy(); + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelOutputStream.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelOutputStream.java new file mode 100644 index 0000000..612c9ee --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelOutputStream.java @@ -0,0 +1,272 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.channel; + +import java.io.IOException; +import java.io.InterruptedIOException; +import java.io.OutputStream; +import java.io.StreamCorruptedException; +import java.time.Duration; +import java.util.Objects; +import java.util.concurrent.atomic.AtomicBoolean; + +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.SshException; +import org.apache.sshd.common.channel.exception.SshChannelClosedException; +import org.apache.sshd.common.channel.throttle.ChannelStreamWriter; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.CoreModuleProperties; + +/** + * @author Apache MINA SSHD Project + */ +public class ChannelOutputStream extends OutputStream implements java.nio.channels.Channel, ChannelHolder { + + private final AbstractChannel channelInstance; + private final ChannelStreamWriter packetWriter; + private final Window remoteWindow; + private final Duration maxWaitTimeout; + private final byte cmd; + private final boolean eofOnClose; + private final byte[] b = new byte[1]; + private final AtomicBoolean closedState = new AtomicBoolean(false); + private Buffer buffer; + private int bufferLength; + private int lastSize; + private boolean noDelay; + + public ChannelOutputStream(AbstractChannel channel, Window remoteWindow, byte cmd, boolean eofOnClose) { + this(channel, remoteWindow, CoreModuleProperties.WAIT_FOR_SPACE_TIMEOUT.getRequired(channel), cmd, eofOnClose); + } + + public ChannelOutputStream(AbstractChannel channel, Window remoteWindow, long maxWaitTimeout, byte cmd, + boolean eofOnClose) { + this(channel, remoteWindow, Duration.ofMillis(maxWaitTimeout), cmd, eofOnClose); + } + + public ChannelOutputStream( + AbstractChannel channel, Window remoteWindow, Duration maxWaitTimeout, byte cmd, + boolean eofOnClose) { + this.channelInstance = Objects.requireNonNull(channel, "No channel"); + this.packetWriter = channelInstance.resolveChannelStreamWriter(channel, cmd); + this.remoteWindow = Objects.requireNonNull(remoteWindow, "No remote window"); + Objects.requireNonNull(maxWaitTimeout, "No maxWaitTimeout"); + ValidateUtils.checkTrue(GenericUtils.isPositive(maxWaitTimeout), "Non-positive max. wait time: %s", + maxWaitTimeout.toString()); + this.maxWaitTimeout = maxWaitTimeout; + this.cmd = cmd; + this.eofOnClose = eofOnClose; + newBuffer(0); + } + + @Override // co-variant return + public AbstractChannel getChannel() { + return channelInstance; + } + + public boolean isEofOnClose() { + return eofOnClose; + } + + public void setNoDelay(boolean noDelay) { + this.noDelay = noDelay; + } + + public boolean isNoDelay() { + return noDelay; + } + + @Override + public boolean isOpen() { + return !closedState.get(); + } + + @Override + public synchronized void write(int w) throws IOException { + b[0] = (byte) w; + write(b, 0, 1); + } + + @Override + public synchronized void write(byte[] buf, int s, int l) throws IOException { + Channel channel = getChannel(); + if (!isOpen()) { + throw new SshChannelClosedException( + channel.getId(), + "write(" + this + ") len=" + l + " - channel already closed"); + } + + Session session = channel.getSession(); + while (l > 0) { + // The maximum amount we should admit without flushing again + // is enough to make up one full packet within our allowed + // window size. We give ourselves a credit equal to the last + // packet we sent to allow the producer to race ahead and fill + // out the next packet before we block and wait for space to + // become available again. + long minReqLen = Math.min(remoteWindow.getSize() + lastSize, remoteWindow.getPacketSize()); + long l2 = Math.min(l, minReqLen - bufferLength); + if (l2 <= 0) { + if (bufferLength > 0) { + flush(); + } else { + session.resetIdleTimeout(); + try { + long available = remoteWindow.waitForSpace(maxWaitTimeout); + } catch (IOException e) { + + if ((e instanceof WindowClosedException) && (!closedState.getAndSet(true))) { + } + + throw e; + } catch (InterruptedException e) { + throw (IOException) new InterruptedIOException( + "Interrupted while waiting for remote space on write len=" + l + " to " + this) + .initCause(e); + } + } + session.resetIdleTimeout(); + continue; + } + + ValidateUtils.checkTrue(l2 <= Integer.MAX_VALUE, + "Accumulated bytes length exceeds int boundary: %d", l2); + buffer.putRawBytes(buf, s, (int) l2); + bufferLength += l2; + s += l2; + l -= l2; + } + + if (isNoDelay()) { + flush(); + } else { + session.resetIdleTimeout(); + } + } + + @Override + public synchronized void flush() throws IOException { + AbstractChannel channel = getChannel(); + if (!isOpen()) { + throw new SshChannelClosedException( + channel.getId(), + "flush(" + this + ") length=" + bufferLength + " - stream is already closed"); + } + + try { + Session session = channel.getSession(); + while (bufferLength > 0) { + session.resetIdleTimeout(); + + Buffer buf = buffer; + long total = bufferLength; + long available; + try { + available = remoteWindow.waitForSpace(maxWaitTimeout); + } catch (IOException e) { + throw e; + } + + long lenToSend = Math.min(available, total); + long length = Math.min(lenToSend, remoteWindow.getPacketSize()); + if (length > Integer.MAX_VALUE) { + throw new StreamCorruptedException( + "Accumulated " + SshConstants.getCommandMessageName(cmd) + + " command bytes size (" + length + ") exceeds int boundaries"); + } + + int pos = buf.wpos(); + buf.wpos((cmd == SshConstants.SSH_MSG_CHANNEL_EXTENDED_DATA) ? 14 : 10); + buf.putInt(length); + buf.wpos(buf.wpos() + (int) length); + if (total == length) { + newBuffer((int) length); + } else { + long leftover = total - length; + newBuffer((int) Math.max(leftover, length)); + buffer.putRawBytes(buf.array(), pos - (int) leftover, (int) leftover); + bufferLength = (int) leftover; + } + lastSize = (int) length; + + session.resetIdleTimeout(); + remoteWindow.waitAndConsume(length, maxWaitTimeout); + packetWriter.writeData(buf); + } + } catch (WindowClosedException e) { + if (!closedState.getAndSet(true)) { + } + throw e; + } catch (Exception e) { + if (e instanceof IOException) { + throw (IOException) e; + } else if (e instanceof InterruptedException) { + throw (IOException) new InterruptedIOException( + "Interrupted while waiting for remote space flush len=" + bufferLength + " to " + this) + .initCause(e); + } else { + throw new SshException(e); + } + } + } + + @Override + public synchronized void close() throws IOException { + if (!isOpen()) { + return; + } + + try { + flush(); + + if (isEofOnClose()) { + AbstractChannel channel = getChannel(); + channel.sendEof(); + } + } finally { + try { + if (!(packetWriter instanceof Channel)) { + packetWriter.close(); + } + } finally { + closedState.set(true); + } + } + } + + protected void newBuffer(int size) { + Channel channel = getChannel(); + Session session = channel.getSession(); + buffer = session.createBuffer(cmd, size <= 0 ? 12 : 12 + size); + buffer.putInt(channel.getRecipient()); + if (cmd == SshConstants.SSH_MSG_CHANNEL_EXTENDED_DATA) { + buffer.putInt(SshConstants.SSH_EXTENDED_DATA_STDERR); + } + buffer.putInt(0); + bufferLength = 0; + } + + @Override + public String toString() { + return getClass().getSimpleName() + "[" + getChannel() + "] " + SshConstants.getCommandMessageName(cmd & 0xFF); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelPipedInputStream.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelPipedInputStream.java new file mode 100644 index 0000000..e9cc02e --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelPipedInputStream.java @@ -0,0 +1,201 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.channel; + +import java.io.IOException; +import java.io.InputStream; +import java.io.InterruptedIOException; +import java.net.SocketException; +import java.time.Duration; +import java.util.Objects; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.atomic.AtomicBoolean; +import java.util.concurrent.locks.Condition; +import java.util.concurrent.locks.Lock; +import java.util.concurrent.locks.ReentrantLock; + +import org.apache.sshd.common.PropertyResolver; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.common.CoreModuleProperties; + +/** + * TODO Add javadoc + * + * @author Apache MINA SSHD Project + */ +public class ChannelPipedInputStream extends InputStream implements ChannelPipedSink { + private final Window localWindow; + private final Buffer buffer = new ByteArrayBuffer(); + private final byte[] b = new byte[1]; + private final AtomicBoolean open = new AtomicBoolean(true); + private final AtomicBoolean eofSent = new AtomicBoolean(false); + + private final Lock lock = new ReentrantLock(); + private final Condition dataAvailable = lock.newCondition(); + + /** + * {@link ChannelPipedOutputStream} is already closed and so we will not receive additional data. This is different + * from the {@link #isOpen()}, which indicates that the reader of this {@link InputStream} will not be reading data + * any more. + */ + private final AtomicBoolean writerClosed = new AtomicBoolean(false); + + private long timeout; + + public ChannelPipedInputStream(PropertyResolver resolver, Window localWindow) { + this(localWindow, CoreModuleProperties.WINDOW_TIMEOUT.getRequired(resolver)); + } + + public ChannelPipedInputStream(Window localWindow, Duration windowTimeout) { + this(localWindow, Objects.requireNonNull(windowTimeout, "No window timeout provided").toMillis()); + } + + public ChannelPipedInputStream(Window localWindow, long windowTimeout) { + this.localWindow = Objects.requireNonNull(localWindow, "No local window provided"); + this.timeout = windowTimeout; + } + + @Override + public boolean isOpen() { + return open.get(); + } + + public void setTimeout(long timeout) { + this.timeout = timeout; + } + + public long getTimeout() { + return timeout; + } + + @Override + public int available() throws IOException { + lock.lock(); + try { + int avail = buffer.available(); + if ((avail == 0) && writerClosed.get()) { + return -1; + } + return avail; + } finally { + lock.unlock(); + } + } + + @Override + public int read() throws IOException { + synchronized (b) { + int l = read(b, 0, 1); + if (l == -1) { + return -1; + } + return b[0] & 0xff; + } + } + + @Override + public int read(byte[] b, int off, int len) throws IOException { + if (len == 0) { + return 0; + } + + long startTime = System.currentTimeMillis(); + lock.lock(); + try { + for (int index = 0;; index++) { + boolean openState = isOpen(); + boolean writerClosedState = writerClosed.get(); + if (((!openState) && writerClosedState && eofSent.get()) || ((!openState) && (!writerClosedState))) { + throw new IOException("Pipe closed after " + index + " cycles"); + } + if (buffer.available() > 0) { + break; + } + if (writerClosed.get()) { + eofSent.set(true); + return -1; // no more data to read + } + + try { + if (timeout > 0L) { + long remaining = timeout - (System.currentTimeMillis() - startTime); + if (remaining <= 0) { + throw new SocketException("Timeout (" + timeout + ") exceeded after " + index + " cycles"); + } + dataAvailable.await(remaining, TimeUnit.MILLISECONDS); + } else { + dataAvailable.await(); + } + } catch (InterruptedException e) { + throw (IOException) new InterruptedIOException( + "Interrupted at cycle #" + index + " while waiting for data to become available").initCause(e); + } + } + + if (len > buffer.available()) { + len = buffer.available(); + } + buffer.getRawBytes(b, off, len); + if ((buffer.rpos() > localWindow.getPacketSize()) || (buffer.available() == 0)) { + buffer.compact(); + } + } finally { + lock.unlock(); + } + localWindow.consumeAndCheck(len); + return len; + } + + @Override + public void eof() { + lock.lock(); + try { + writerClosed.set(true); + dataAvailable.signalAll(); + } finally { + lock.unlock(); + } + } + + @Override + public void close() throws IOException { + lock.lock(); + try { + dataAvailable.signalAll(); + } finally { + open.set(false); + lock.unlock(); + } + } + + @Override + public void receive(byte[] bytes, int off, int len) throws IOException { + lock.lock(); + try { + if (writerClosed.get() || (!isOpen())) { + throw new IOException("Pipe closed"); + } + buffer.putRawBytes(bytes, off, len); + dataAvailable.signalAll(); + } finally { + lock.unlock(); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelPipedOutputStream.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelPipedOutputStream.java new file mode 100644 index 0000000..01aba22 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelPipedOutputStream.java @@ -0,0 +1,78 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.channel; + +import java.io.IOException; +import java.io.OutputStream; +import java.nio.channels.Channel; + +/** + * TODO Add javadoc + * + * @author Apache MINA SSHD Project + */ +public class ChannelPipedOutputStream extends OutputStream implements Channel { + + private final ChannelPipedSink sink; + private final byte[] b = new byte[1]; + private boolean closed; + + public ChannelPipedOutputStream(ChannelPipedSink sink) { + this.sink = sink; + } + + @Override + public void write(int i) throws IOException { + synchronized (b) { + b[0] = (byte) i; + write(b, 0, 1); + } + } + + @Override + public void write(byte[] b, int off, int len) throws IOException { + if (!isOpen()) { + throw new IOException("write(len=" + len + ") Stream has been closed"); + } + sink.receive(b, off, len); + } + + @Override + public boolean isOpen() { + return !closed; + } + + @Override + public void flush() throws IOException { + if (!isOpen()) { + throw new IOException("flush() Stream has been closed"); + } + } + + @Override + public void close() throws IOException { + if (isOpen()) { + try { + sink.eof(); + } finally { + closed = true; + } + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelPipedSink.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelPipedSink.java new file mode 100644 index 0000000..c501a43 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelPipedSink.java @@ -0,0 +1,40 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.channel; + +import java.io.IOException; + +/** + * @author Apache MINA SSHD Project + */ +public interface ChannelPipedSink extends java.nio.channels.Channel { + /** + * @param bytes Bytes to be sent to the sink + * @param off Offset in buffer + * @param len Number of bytes + * @throws IOException If failed to send the data + */ + void receive(byte[] bytes, int off, int len) throws IOException; + + /** + * Signal end of writing to the sink + */ + void eof(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelRequestHandler.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelRequestHandler.java new file mode 100644 index 0000000..2b97bc0 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/ChannelRequestHandler.java @@ -0,0 +1,38 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.channel; + +import java.util.function.Function; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * @author Apache MINA SSHD Project + */ +public interface ChannelRequestHandler extends RequestHandler { + + // required because of generics issues + Function> CHANN2HNDLR = GenericUtils.downcast(); + + @Override + Result process(Channel channel, String request, boolean wantReply, Buffer buffer) throws Exception; + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/IoWriteFutureImpl.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/IoWriteFutureImpl.java new file mode 100644 index 0000000..d81951e --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/IoWriteFutureImpl.java @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.channel; + +import java.util.Objects; + +import org.apache.sshd.common.io.AbstractIoWriteFuture; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * @author Apache MINA SSHD Project + */ +public class IoWriteFutureImpl extends AbstractIoWriteFuture { + private final Buffer buffer; + + public IoWriteFutureImpl(Object id, Buffer buffer) { + super(id, null); + this.buffer = Objects.requireNonNull(buffer, "No buffer provided"); + } + + public Buffer getBuffer() { + return buffer; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/PtyChannelConfiguration.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/PtyChannelConfiguration.java new file mode 100644 index 0000000..6369766 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/PtyChannelConfiguration.java @@ -0,0 +1,111 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.channel; + +import java.util.EnumMap; +import java.util.Map; + +/** + * @author Apache MINA SSHD Project + */ +public class PtyChannelConfiguration implements PtyChannelConfigurationMutator { + private String ptyType; + private int ptyColumns = DEFAULT_COLUMNS_COUNT; + private int ptyLines = DEFAULT_ROWS_COUNT; + private int ptyWidth = DEFAULT_WIDTH; + private int ptyHeight = DEFAULT_HEIGHT; + private Map ptyModes = new EnumMap<>(PtyMode.class); + + public PtyChannelConfiguration() { + ptyModes.putAll(DEFAULT_PTY_MODES); + } + + @Override + public String getPtyType() { + return ptyType; + } + + @Override + public void setPtyType(String ptyType) { + this.ptyType = ptyType; + } + + @Override + public int getPtyColumns() { + return ptyColumns; + } + + @Override + public void setPtyColumns(int ptyColumns) { + this.ptyColumns = ptyColumns; + } + + @Override + public int getPtyLines() { + return ptyLines; + } + + @Override + public void setPtyLines(int ptyLines) { + this.ptyLines = ptyLines; + } + + @Override + public int getPtyWidth() { + return ptyWidth; + } + + @Override + public void setPtyWidth(int ptyWidth) { + this.ptyWidth = ptyWidth; + } + + @Override + public int getPtyHeight() { + return ptyHeight; + } + + @Override + public void setPtyHeight(int ptyHeight) { + this.ptyHeight = ptyHeight; + } + + @Override + public Map getPtyModes() { + return ptyModes; + } + + @Override + public void setPtyModes(Map ptyModes) { + this.ptyModes = ptyModes; + } + + @Override + public String toString() { + return getClass().getSimpleName() + + "[type=" + getPtyType() + + ", lines=" + getPtyLines() + + ", columns=" + getPtyColumns() + + ", height=" + getPtyHeight() + + ", width=" + getPtyWidth() + + ", modes=" + getPtyModes() + + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/PtyChannelConfigurationHolder.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/PtyChannelConfigurationHolder.java new file mode 100644 index 0000000..7199057 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/PtyChannelConfigurationHolder.java @@ -0,0 +1,59 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.channel; + +import java.util.Map; + +import org.apache.sshd.common.util.MapEntryUtils.EnumMapBuilder; + +/** + * @author Apache MINA SSHD Project + */ +public interface PtyChannelConfigurationHolder { + int DEFAULT_COLUMNS_COUNT = 80; + int DEFAULT_ROWS_COUNT = 24; + int DEFAULT_WIDTH = 640; + int DEFAULT_HEIGHT = 480; + + String DUMMY_PTY_TYPE = "dummy"; + String WINDOWS_PTY_TYPE = "windows"; + + Map DEFAULT_PTY_MODES = EnumMapBuilder. builder(PtyMode.class) + .put(PtyMode.ISIG, 1) + .put(PtyMode.ICANON, 1) + .put(PtyMode.ECHO, 1) + .put(PtyMode.ECHOE, 1) + .put(PtyMode.ECHOK, 1) + .put(PtyMode.ECHONL, 0) + .put(PtyMode.NOFLSH, 0) + .immutable(); + + String getPtyType(); + + int getPtyColumns(); + + int getPtyLines(); + + int getPtyWidth(); + + int getPtyHeight(); + + Map getPtyModes(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/PtyChannelConfigurationMutator.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/PtyChannelConfigurationMutator.java new file mode 100644 index 0000000..1d721b4 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/PtyChannelConfigurationMutator.java @@ -0,0 +1,82 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.channel; + +import java.io.IOException; +import java.util.Map; + +import org.apache.sshd.common.util.OsUtils; + +/** + * @author Apache MINA SSHD Project + */ +public interface PtyChannelConfigurationMutator extends PtyChannelConfigurationHolder { + void setPtyType(String ptyType); + + void setPtyColumns(int ptyColumns); + + void setPtyLines(int ptyLines); + + void setPtyWidth(int ptyWidth); + + void setPtyHeight(int ptyHeight); + + void setPtyModes(Map ptyModes); + + static M copyConfiguration(PtyChannelConfigurationHolder src, M dst) { + if ((src == null) || (dst == null)) { + return dst; + } + + dst.setPtyColumns(src.getPtyColumns()); + dst.setPtyHeight(src.getPtyHeight()); + dst.setPtyLines(src.getPtyLines()); + dst.setPtyModes(src.getPtyModes()); + dst.setPtyType(src.getPtyType()); + dst.setPtyWidth(src.getPtyWidth()); + return dst; + } + + /** + * Uses O/S detection to initialize some default PTY related values + * + * @param Generic {@link PtyChannelConfigurationMutator} instance + * @param mutator The mutator to update - ignored if {@code null} + * @return The updated mutator + * @throws IOException If failed to access some O/S related configuration + * @throws InterruptedException If interrupted during access of O/S related configuration + */ + static M setupSensitiveDefaultPtyConfiguration(M mutator) + throws IOException, InterruptedException { + if (mutator == null) { + return null; + } + + if (OsUtils.isUNIX()) { + mutator.setPtyModes(SttySupport.getUnixPtyModes()); + mutator.setPtyColumns(SttySupport.getTerminalWidth()); + mutator.setPtyLines(SttySupport.getTerminalHeight()); + } else { + mutator.setPtyType(WINDOWS_PTY_TYPE); + } + + return mutator; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/PtyMode.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/PtyMode.java new file mode 100644 index 0000000..b79c11d --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/PtyMode.java @@ -0,0 +1,506 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.channel; + +import java.util.Collection; +import java.util.Collections; +import java.util.Comparator; +import java.util.EnumMap; +import java.util.EnumSet; +import java.util.Map; +import java.util.NavigableMap; +import java.util.Set; +import java.util.function.Function; +import java.util.function.ToIntFunction; + +import org.apache.sshd.common.util.GenericUtils; + +/** + * A enum describing the tty modes according to RFC 4254 - + * section 8. + * + * @author Apache MINA SSHD Project + */ +public enum PtyMode { + + /////////////////////////////// Chars //////////////////////////////////// + + /** + * Interrupt character; 255 if none. Similarly for the other characters. Not all of these characters are supported + * on all systems. + */ + VINTR(1), + /** + * The quit character (sends SIGQUIT signal on POSIX systems). + */ + VQUIT(2), + /** + * Erase the character to left of the cursor. + */ + VERASE(3), + /** + * Kill the current input line. + */ + VKILL(4), + /** + * End-of-file character (sends EOF from the terminal). + */ + VEOF(5), + /** + * End-of-line character in addition to carriage return and/or line-feed. + */ + VEOL(6), + /** + * Additional end-of-line character. + */ + VEOL2(7), + /** + * Continues paused output (normally control-Q). + */ + VSTART(8), + /** + * Pauses output (normally control-S). + */ + VSTOP(9), + /** + * Suspends the current program. + */ + VSUSP(10), + /** + * Another suspend character. + */ + VDSUSP(11), + /** + * Reprints the current input line. + */ + VREPRINT(12), + /** + * Erases a word left of cursor. + */ + VWERASE(13), + /** + * Enter the next character typed literally, even if it is a special character + */ + VLNEXT(14), + /** + * Character to flush output. + */ + VFLUSH(15), + /** + * Switch to a different shell layer. + */ + VSWTCH(16), + /** + * Prints system status line (load, command, pid, etc). + */ + VSTATUS(17), + /** + * Toggles the flushing of terminal output. + */ + VDISCARD(18), + + ///////////////////////////////// I-flags //////////////////////////////// + + /** + * The ignore parity flag. The parameter SHOULD be 0 if this flag is FALSE, and 1 if it is TRUE. + */ + IGNPAR(30), + /** + * Mark parity and framing errors. + */ + PARMRK(31), + /** + * Enable checking of parity errors. + */ + INPCK(32), + /** + * Strip 8th bit off characters. + */ + ISTRIP(33), + /** + * Map NL into CR on input. + */ + INLCR(34), + /** + * Ignore CR on input. + */ + IGNCR(35), + /** + * Map CR to NL on input. + */ + ICRNL(36), + /** + * Translate uppercase characters to lowercase. + */ + IUCLC(37), + /** + * Enable output flow control. + */ + IXON(38), + /** + * Any char will restart after stop. + */ + IXANY(39), + /** + * Enable input flow control. + */ + IXOFF(40), + /** + * Ring bell on input queue full. + */ + IMAXBEL(41), + /** + * @see IUTF8 Terminal Mode in Secure Shell + */ + IUTF8(42), + + /////////////////////////////// L-flags ////////////////////////////////// + + /** + * Enable signals INTR, QUIT, [D]SUSP. + */ + ISIG(50), + /** + * Canonicalize input lines. + */ + ICANON(51), + /** + * Enable input and output of uppercase characters by preceding their lowercase equivalents with "\". + */ + XCASE(52), + /** + * Enable echoing. + */ + ECHO(53), + /** + * Visually erase chars. + */ + ECHOE(54), + /** + * Kill character discards current line. + */ + ECHOK(55), + /** + * Echo NL even if ECHO is off. + */ + ECHONL(56), + /** + * Don't flush after interrupt. + */ + NOFLSH(57), + /** + * Stop background jobs from output. + */ + TOSTOP(58), + /** + * Enable extensions. + */ + IEXTEN(59), + /** + * Echo control characters as ^(Char). + */ + ECHOCTL(60), + /** + * Visual erase for line kill. + */ + ECHOKE(61), + /** + * Retype pending input. + */ + PENDIN(62), + + /////////////////////////// O-flags ////////////////////////////////////// + + /** + * Enable output processing. + */ + OPOST(70), + /** + * Convert lowercase to uppercase. + */ + OLCUC(71), + /** + * Map NL to CR-NL. + */ + ONLCR(72), + /** + * Translate carriage return to newline (output). + */ + OCRNL(73), + /** + * Translate newline to carriage return-newline (output). + */ + ONOCR(74), + /** + * Newline performs a carriage return (output). + */ + ONLRET(75), + + //////////////////////////////// C-flags ///////////////////////////////// + + /** + * 7 bit mode. + */ + CS7(90), + /** + * 8 bit mode. + */ + CS8(91), + /** + * Parity enable. + */ + PARENB(92), + /** + * Odd parity, else even. + */ + PARODD(93), + + /////////////////////////// Speed(s) ///////////////////////////////////// + + /** + * Specifies the input baud rate in bits per second. + */ + TTY_OP_ISPEED(128), + /** + * Specifies the output baud rate in bits per second. + */ + TTY_OP_OSPEED(129); + + public static final byte TTY_OP_END = 0x00; + + // objects that can be used to set {@link PtyMode}s as {@code true} or {@code false} + public static final Integer FALSE_SETTING = 0; + public static final Integer TRUE_SETTING = 1; + + /** + * An un-modifiable {@link Set} of all defined {@link PtyMode}s + */ + public static final Set MODES = Collections.unmodifiableSet(EnumSet.allOf(PtyMode.class)); + + public static final NavigableMap COMMANDS = Collections.unmodifiableNavigableMap( + GenericUtils.toSortedMap(MODES, PtyMode::toInt, Function.identity(), Comparator.naturalOrder())); + + /** + * A {@code null}-safe {@link ToIntFunction} that returns the {@link PtyMode#toInt()} value and (-1) for + * {@code null} + */ + public static final ToIntFunction OPCODE_EXTRACTOR = v -> (v == null) ? -1 : v.toInt(); + + /** + * A {@code null}-safe {@link Comparator} of {@link PtyMode} values according to their {@link PtyMode#toInt()} value + * + * @see #OPCODE_EXTRACTOR + */ + public static final Comparator BY_OPCODE = new Comparator() { + @Override + public int compare(PtyMode o1, PtyMode o2) { + int v1 = OPCODE_EXTRACTOR.applyAsInt(o1); + int v2 = OPCODE_EXTRACTOR.applyAsInt(o2); + return Integer.compare(v1, v2); + } + }; + + private final int v; + + PtyMode(int v) { + this.v = v; + } + + public int toInt() { + return v; + } + + /** + * @param b The numeric value of the option + * @return The matching {@link PtyMode} or {@code null} if no match found + * @see #toInt() + */ + public static PtyMode fromInt(int b) { + return COMMANDS.get(0x00FF & b); + } + + public static PtyMode fromName(String name) { + if (GenericUtils.isEmpty(name)) { + return null; + } + + for (PtyMode m : MODES) { + if (name.equalsIgnoreCase(m.name())) { + return m; + } + } + + return null; + } + + /** + * @param options The options to enable - ignored if {@code null}/empty + * @return A {@link Map} where all the specified {@link PtyMode}s have {@link #TRUE_SETTING} + */ + public static Map createEnabledOptions(PtyMode... options) { + return createEnabledOptions(GenericUtils.of(options)); + } + + /** + * @param options The options to enable - ignored if {@code null}/empty + * @return A {@link Map} where all the specified {@link PtyMode}s have {@link #TRUE_SETTING} + */ + public static Map createEnabledOptions(Collection options) { + if (GenericUtils.isEmpty(options)) { + return Collections.emptyMap(); + } + + Map modes = new EnumMap<>(PtyMode.class); + for (PtyMode m : options) { + modes.put(m, TRUE_SETTING); + } + + return modes; + } + + public static Set resolveEnabledOptions(Map modes, PtyMode... options) { + return resolveEnabledOptions(modes, GenericUtils.of(options)); + } + + /** + * @param modes The PTY settings - ignored if {@code null}/empty + * @param options The options that should be enabled + * @return A {@link Set} of all the {@link PtyMode}s that appeared in the settings and were enabled + * @see #getBooleanSettingValue(Map, PtyMode) + */ + public static Set resolveEnabledOptions(Map modes, Collection options) { + if (GenericUtils.isEmpty(modes) || GenericUtils.isEmpty(options)) { + return Collections.emptySet(); + } + + Set enabled = EnumSet.noneOf(PtyMode.class); + for (PtyMode m : options) { + if (getBooleanSettingValue(modes, m)) { + enabled.add(m); + } + } + + return enabled; + } + + /** + * @param modes The current modes {@link Map}-ing + * @param m The required {@link PtyMode} + * @return {@code true} if all of these conditions hold:
    + *
      + *
    • Modes map is not {@code null}/empty
      • + *
    • Required mode setting is not {@code null}
      • + *
    • The setting has a mapped value
      • + *
    • The mapped value is a {@link Number}
      • + *
    • The {@link Number#intValue()} is non-zero
      • + *
    + * @see #getBooleanSettingValue(Object) + */ + public static boolean getBooleanSettingValue(Map modes, PtyMode m) { + if ((m == null) || GenericUtils.isEmpty(modes)) { + return false; + } else { + return getBooleanSettingValue(modes.get(m)); + } + } + + /** + * @param modes The {@link Map} of {@link PtyMode}s resolved by the "pty-req" message. + * @param enablers A {@link Collection} of enabler settings to be consulted + * @param defaultValue The default value to be used if no definite setting could be deduced + * @return {@code true} if the CR mode is enabled:
    + *
      + *
    • Ifmodes or enablers are {@code null}/empty then defaultValue + * is used
      • + * + *
    • If any of the enablers modes are enabled then the CR mode is enabled. + *
      • + * + *
    • If none of the enablers modes were specified then use + * defaultValue
      • + * + *
    • Otherwise (i.e., at least one or more of the enablers modes were specified, but + * all of them said {@code no}) then {@code false}.
      • + *
    + */ + public static boolean getBooleanSettingValue( + Map modes, Collection enablers, boolean defaultValue) { + if (GenericUtils.isEmpty(modes) || GenericUtils.isEmpty(enablers)) { + return defaultValue; + } + + int settingsCount = 0; + for (PtyMode m : enablers) { + Object v = modes.get(m); + if (v == null) { + continue; + } + + settingsCount++; + + // if any setting says yes then use it + if (getBooleanSettingValue(v)) { + return true; + } + } + + // ALL (!) settings have said NO + if (settingsCount > 0) { + return false; + } else { + return defaultValue; // none of the settings has been found - assume default + } + } + + /** + * @param v The value to be tested + * @return {@code true} if all of these conditions hold:
    + *
      + *
    • The mapped value is a {@link Number}
      • + *
    • The {@link Number#intValue()} is non-zero
      • + *
    + * @see #getBooleanSettingValue(int) + */ + public static boolean getBooleanSettingValue(Object v) { + return (v instanceof Number) && getBooleanSettingValue(((Number) v).intValue()); + } + + /** + * @param v The setting value + * @return {@code true} if value is non-zero + */ + public static boolean getBooleanSettingValue(int v) { + return v != 0; + } + + /** + * @param m The {@link PtyMode} + * @return {@code true} if not {@code null} and one of the settings that refers to a character value - name + * usually starts with {@code Vxxx} + */ + public static boolean isCharSetting(PtyMode m) { + if (m == null) { + return false; + } + + String name = m.name(); + char ch = name.charAt(0); + return (ch == 'v') || (ch == 'V'); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/RequestHandler.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/RequestHandler.java new file mode 100644 index 0000000..1feb723 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/RequestHandler.java @@ -0,0 +1,77 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.channel; + +import java.util.Collections; +import java.util.EnumSet; +import java.util.Set; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * A global request handler. + * + * @param Request type + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface RequestHandler { + + enum Result { + Unsupported, + Replied, + ReplySuccess, + ReplyFailure; + + public static final Set VALUES = Collections.unmodifiableSet(EnumSet.allOf(Result.class)); + + /** + * @param name The result name - ignored if {@code null}/empty + * @return The matching {@link Result} value (case insensitive) or {@code null} if no match found + */ + public static Result fromName(String name) { + if (GenericUtils.isEmpty(name)) { + return null; + } + + for (Result r : VALUES) { + if (name.equalsIgnoreCase(r.name())) { + return r; + } + } + + return null; + } + } + + /** + * Process an SSH request. If an exception is thrown, the ConnectionService will send a failure message if needed + * and the request will be considered handled. + * + * @param t The input parameter + * @param request The request string + * @param wantReply Whether a reply is requested + * @param buffer The {@link Buffer} with request specific data + * @return The {@link Result} + * @throws Exception If failed to handle the request - Note: in order to signal an unsupported request the + * {@link Result#Unsupported} value should be returned + */ + Result process(T t, String request, boolean wantReply, Buffer buffer) throws Exception; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/SimpleIoOutputStream.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/SimpleIoOutputStream.java new file mode 100644 index 0000000..7bdba6b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/SimpleIoOutputStream.java @@ -0,0 +1,66 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.channel; + +import java.io.IOException; + +import org.apache.sshd.common.io.AbstractIoWriteFuture; +import org.apache.sshd.common.io.IoOutputStream; +import org.apache.sshd.common.io.IoWriteFuture; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.closeable.AbstractCloseable; +import org.apache.sshd.common.util.io.IoUtils; + +/** + * An implementation of {@link IoOutputStream} using a synchronous {@link ChannelOutputStream}. + * + * @author Apache MINA SSHD Project + */ +public class SimpleIoOutputStream extends AbstractCloseable implements IoOutputStream { + + protected final ChannelOutputStream os; + + public SimpleIoOutputStream(ChannelOutputStream os) { + this.os = os; + } + + @Override + protected void doCloseImmediately() { + IoUtils.closeQuietly(os); + super.doCloseImmediately(); + } + + @Override + public IoWriteFuture writeBuffer(Buffer buffer) throws IOException { + os.write(buffer.array(), buffer.rpos(), buffer.available()); + os.flush(); + DefaultIoWriteFuture f = new DefaultIoWriteFuture(this, null); + f.setValue(true); + return f; + } + + protected static class DefaultIoWriteFuture extends AbstractIoWriteFuture { + + public DefaultIoWriteFuture(Object id, Object lock) { + super(id, lock); + } + + } + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/StreamingChannel.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/StreamingChannel.java new file mode 100644 index 0000000..0b33ad5 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/StreamingChannel.java @@ -0,0 +1,37 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.channel; + +/** + * A channel that can be either configured to use synchronous or asynchrounous streams. + * + * @author Apache MINA SSHD Project + */ +public interface StreamingChannel { + + enum Streaming { + Async, + Sync + } + + Streaming getStreaming(); + + void setStreaming(Streaming streaming); + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/SttySupport.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/SttySupport.java new file mode 100644 index 0000000..8ba2984 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/SttySupport.java @@ -0,0 +1,299 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.channel; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.nio.charset.Charset; +import java.util.EnumMap; +import java.util.Map; +import java.util.StringTokenizer; +import java.util.concurrent.atomic.AtomicLong; +import java.util.concurrent.atomic.AtomicReference; + +/** + * Support for stty command on unix + * + * @author Apache MINA SSHD Project + */ +public final class SttySupport { + public static final int DEFAULT_TERMINAL_WIDTH = 80; + public static final int DEFAULT_TERMINAL_HEIGHT = 24; + + public static final String SSHD_STTY_COMMAND_PROP = "sshd.sttyCommand"; + public static final String DEFAULT_SSHD_STTY_COMMAND = "stty"; + + private static final AtomicReference STTY_COMMAND_HOLDER + = new AtomicReference<>(System.getProperty(SSHD_STTY_COMMAND_PROP, DEFAULT_SSHD_STTY_COMMAND)); + private static final AtomicReference TTY_PROPS_HOLDER = new AtomicReference<>(null); + private static final AtomicLong TTY_PROPS_LAST_FETCHED_HOLDER = new AtomicLong(0L); + + private SttySupport() { + throw new UnsupportedOperationException("No instance allowed"); + } + + public static Map getUnixPtyModes() throws IOException, InterruptedException { + return parsePtyModes(getTtyProps()); + } + + public static Map parsePtyModes(String stty) { + Map modes = new EnumMap<>(PtyMode.class); + for (PtyMode mode : PtyMode.MODES) { + if ((mode == PtyMode.TTY_OP_ISPEED) || (mode == PtyMode.TTY_OP_OSPEED)) { + // TODO ... + continue; + } + + String str = mode.name().toLowerCase(); + // Are we looking for a character? + if (str.charAt(0) == 'v') { + str = str.substring(1); + int v = findChar(stty, str); + if ((v < 0) && "reprint".equals(str)) { + v = findChar(stty, "rprnt"); + } + if (v >= 0) { + modes.put(mode, v); + } + } else { + int v = findFlag(stty, str); + if (v >= 0) { + modes.put(mode, v); + } + } + } + + return modes; + } + + private static int findFlag(String stty, String name) { + int cur = 0; + while (cur < stty.length()) { + int idx1 = stty.indexOf(name, cur); + int idx2 = idx1 + name.length(); + if (idx1 < 0) { + return -1; + } + if ((idx1 > 0) && Character.isLetterOrDigit(stty.charAt(idx1 - 1)) + || ((idx2 < stty.length()) && Character.isLetterOrDigit(stty.charAt(idx2)))) { + cur = idx2; + continue; + } + return idx1 == 0 ? 1 : stty.charAt(idx1 - 1) == '-' ? 0 : 1; + } + return -1; + } + + private static int findChar(String stty, String name) { + int cur = 0; + while (cur < stty.length()) { + int idx1 = stty.indexOf(name, cur); + int idx2 = stty.indexOf('=', idx1); + int idx3 = stty.indexOf(';', idx1); + if (idx1 < 0 || idx2 < 0 || idx3 < idx2) { + // Invalid syntax + return -1; + } + if (idx1 > 0 && Character.isLetterOrDigit(stty.charAt(idx1 - 1)) + || (idx2 < stty.length() && Character.isLetterOrDigit(stty.charAt(idx2)))) { + cur = idx1 + name.length(); + continue; + } + String val = stty.substring(idx2 + 1, idx3 < 0 ? stty.length() : idx3).trim(); + if (val.contains("undef")) { + return -1; + } + if (val.length() == 2 && val.charAt(0) == '^') { + int v = (val.charAt(1) - 'A' + 129) % 128; + return v; + } else { + try { + return Integer.parseInt(val); + } catch (NumberFormatException e) { + // what else ? + } + } + return -1; + } + return -1; + } + + /** + *

    + * Returns the value of "stty size" width param. + *

    + * + *

    + * Note: this method caches the value from the first time it is called in order to increase speed, + * which means that changing to size of the terminal will not be reflected in the console. + *

    + * + * @return The terminal width + */ + public static int getTerminalWidth() { + try { + int val = getTerminalProperty("columns"); + if (val == -1) { + val = DEFAULT_TERMINAL_WIDTH; + } + + return val; + } catch (Exception e) { + return DEFAULT_TERMINAL_WIDTH; // debug breakpoint + } + } + + /** + *

    + * Returns the value of "stty size" height param. + *

    + * + *

    + * Note: this method caches the value from the first time it is called in order to increase speed, + * which means that changing to size of the terminal will not be reflected in the console. + *

    + * + * @return The terminal height + */ + public static int getTerminalHeight() { + try { + int val = getTerminalProperty("rows"); + if (val == -1) { + val = DEFAULT_TERMINAL_HEIGHT; + } + + return val; + } catch (Exception e) { + return DEFAULT_TERMINAL_HEIGHT; // debug breakpoint + } + } + + public static int getTerminalProperty(String prop) throws IOException, InterruptedException { + // need to be able handle both output formats: + // speed 9600 baud; 24 rows; 140 columns; + // and: + // speed 38400 baud; rows = 49; columns = 111; ypixels = 0; xpixels = 0; + for (StringTokenizer tok = new StringTokenizer(getTtyProps(), ";\n"); tok.hasMoreTokens();) { + String str = tok.nextToken().trim(); + + if (str.startsWith(prop)) { + int index = str.lastIndexOf(' '); + + return Integer.parseInt(str.substring(index).trim()); + } else if (str.endsWith(prop)) { + int index = str.indexOf(' '); + + return Integer.parseInt(str.substring(0, index).trim()); + } + } + + return -1; + } + + public static String getTtyProps() throws IOException, InterruptedException { + // tty properties are cached so we don't have to worry too much about getting term width/height + long now = System.currentTimeMillis(); + long lastFetched = TTY_PROPS_LAST_FETCHED_HOLDER.get(); + if ((TTY_PROPS_HOLDER.get() == null) || ((now - lastFetched) > 1000L)) { + TTY_PROPS_HOLDER.set(stty("-a")); + TTY_PROPS_LAST_FETCHED_HOLDER.set(System.currentTimeMillis()); + } + + return TTY_PROPS_HOLDER.get(); + } + + /** + * Execute the stty command with the specified arguments against the current active terminal. + * + * @param args The command arguments + * @return The execution result + * @throws IOException If failed to execute the command + * @throws InterruptedException If interrupted while awaiting command execution + * @see #exec(String) + */ + public static String stty(String args) throws IOException, InterruptedException { + return exec("stty " + args + " < /dev/tty").trim(); + } + + /** + * Execute the specified command and return the output (both stdout and stderr). + * + * @param cmd The command to execute + * @return The execution result + * @throws IOException If failed to execute the command + * @throws InterruptedException If interrupted while awaiting command execution + * @see #exec(String[]) + */ + public static String exec(final String cmd) + throws IOException, InterruptedException { + return exec("sh", "-c", cmd); + } + + /** + * Execute the specified command and return the output (both stdout and stderr). + * + * @param cmd The command components + * @return The execution result + * @throws IOException If failed to execute the command + * @throws InterruptedException If interrupted while awaiting command execution + */ + private static String exec(String... cmd) + throws IOException, InterruptedException { + try (ByteArrayOutputStream bout = new ByteArrayOutputStream()) { + Process p = Runtime.getRuntime().exec(cmd); + copyStream(p.getInputStream(), bout); + copyStream(p.getErrorStream(), bout); + p.waitFor(); + + String result = new String(bout.toByteArray(), Charset.defaultCharset()); + return result; + } + } + + private static int copyStream(InputStream in, OutputStream bout) throws IOException { + int count = 0; + while (true) { + int c = in.read(); + if (c == -1) { + return count; + } + + bout.write(c); + count++; + } + } + + /** + * @return The command to use to set the terminal options. + * @see #setSttyCommand(String) + */ + public static String getSttyCommand() { + return STTY_COMMAND_HOLDER.get(); + } + + /** + * @param cmd The command to use to set the terminal options. Defaults to {@link #DEFAULT_SSHD_STTY_COMMAND}, or the + * value of the {@link #SSHD_STTY_COMMAND_PROP} system property if not set via this method + */ + public static void setSttyCommand(String cmd) { + STTY_COMMAND_HOLDER.set(cmd); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/Window.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/Window.java new file mode 100644 index 0000000..ff24793 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/Window.java @@ -0,0 +1,338 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.channel; + +import java.io.IOException; +import java.io.StreamCorruptedException; +import java.net.SocketTimeoutException; +import java.time.Duration; +import java.time.Instant; +import java.util.Objects; +import java.util.concurrent.atomic.AtomicBoolean; +import java.util.function.Predicate; + +import org.apache.sshd.common.PropertyResolver; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.BufferUtils; +import org.apache.sshd.common.CoreModuleProperties; + +/** + * A Window for a given channel. Windows are used to not overflow the client or server when sending datas. Both clients + * and servers have a local and remote window and won't send anymore data until the window has been expanded. When the + * local window is + * + * @author Apache MINA SSHD Project + */ +public class Window implements java.nio.channels.Channel, ChannelHolder { + /** + * Default {@link Predicate} used to test if space became available + */ + public static final Predicate SPACE_AVAILABLE_PREDICATE = input -> { + // NOTE: we do not call "getSize()" on purpose in order to avoid the lock + return input.size > 0; + }; + + private final AtomicBoolean closed = new AtomicBoolean(false); + private final AtomicBoolean initialized = new AtomicBoolean(false); + private final AbstractChannel channelInstance; + private final Object lock; + private final String suffix; + + private long size; // the window size + private long maxSize; // actually uint32 + private long packetSize; // actually uint32 + + public Window(AbstractChannel channel, Object lock, boolean client, boolean local) { + this.channelInstance = Objects.requireNonNull(channel, "No channel provided"); + this.lock = (lock != null) ? lock : this; + this.suffix = (client ? "client" : "server") + "/" + (local ? "local" : "remote"); + } + + @Override // co-variant return + public AbstractChannel getChannel() { + return channelInstance; + } + + public long getSize() { + synchronized (lock) { + return size; + } + } + + public long getMaxSize() { + return maxSize; + } + + public long getPacketSize() { + return packetSize; + } + + public void init(PropertyResolver resolver) { + init(CoreModuleProperties.WINDOW_SIZE.getRequired(resolver), + CoreModuleProperties.MAX_PACKET_SIZE.getRequired(resolver), + resolver); + } + + public void init(long size, long packetSize, PropertyResolver resolver) { + BufferUtils.validateUint32Value(size, "Illegal initial size: %d"); + BufferUtils.validateUint32Value(packetSize, "Illegal packet size: %d"); + ValidateUtils.checkTrue(packetSize > 0L, "Packet size must be positive: %d", packetSize); + long limitPacketSize = CoreModuleProperties.LIMIT_PACKET_SIZE.getRequired(resolver); + if (packetSize > limitPacketSize) { + throw new IllegalArgumentException( + "Requested packet size (" + packetSize + ") exceeds max. allowed: " + limitPacketSize); + } + + synchronized (lock) { + this.maxSize = size; + this.packetSize = packetSize; + updateSize(size); + } + + if (initialized.getAndSet(true)) { + } + + } + + public void expand(int window) { + ValidateUtils.checkTrue(window >= 0, "Negative window size: %d", window); + checkInitialized("expand"); + + long expandedSize; + synchronized (lock) { + /* + * See RFC-4254 section 5.2: + * + * "Implementations MUST correctly handle window sizes of up to 2^32 - 1 bytes. The window MUST NOT be + * increased above 2^32 - 1 bytes. + */ + expandedSize = size + window; + if (expandedSize > BufferUtils.MAX_UINT32_VALUE) { + updateSize(BufferUtils.MAX_UINT32_VALUE); + } else { + updateSize(expandedSize); + } + } + } + + public void consume(long len) { + BufferUtils.validateUint32Value(len, "Invalid consumption length: %d"); + checkInitialized("consume"); + + long remainLen; + synchronized (lock) { + remainLen = size - len; + if (remainLen >= 0L) { + updateSize(remainLen); + } + } + + if (remainLen < 0L) { + throw new IllegalStateException( + "consume(" + this + ") required length (" + len + ") above available: " + (remainLen + len)); + } + + } + + public void consumeAndCheck(long len) throws IOException { + synchronized (lock) { + try { + consume(len); + check(maxSize); + } catch (RuntimeException e) { + throw new StreamCorruptedException( + "consumeAndCheck(" + this + ")" + + " failed (" + e.getClass().getSimpleName() + ")" + + " to consume " + len + " bytes" + + ": " + e.getMessage()); + } + } + } + + public void check(long maxFree) throws IOException { + BufferUtils.validateUint32Value(maxFree, "Invalid check size: %d"); + checkInitialized("check"); + + long adjustSize = -1L; + AbstractChannel channel = getChannel(); + synchronized (lock) { + // TODO make the adjust factor configurable via FactoryManager property + long size = this.size; + if (size < (maxFree / 2)) { + adjustSize = maxFree - size; + channel.sendWindowAdjust(adjustSize); + updateSize(maxFree); + } + } + + if (adjustSize >= 0L) { + } + } + + /** + * Waits for enough data to become available to consume the specified size + * + * @param len Size of data to consume + * @param maxWaitTime Max. time (millis) to wait for enough data to become available + * @throws InterruptedException If interrupted while waiting + * @throws WindowClosedException If window closed while waiting + * @throws SocketTimeoutException If timeout expired before enough data became available + * @see #waitForCondition(Predicate, Duration) + * @see #consume(long) + */ + public void waitAndConsume(long len, long maxWaitTime) + throws InterruptedException, WindowClosedException, SocketTimeoutException { + waitAndConsume(len, Duration.ofMillis(maxWaitTime)); + } + + /** + * Waits for enough data to become available to consume the specified size + * + * @param len Size of data to consume + * @param maxWaitTime Max. time to wait for enough data to become available + * @throws InterruptedException If interrupted while waiting + * @throws WindowClosedException If window closed while waiting + * @throws SocketTimeoutException If timeout expired before enough data became available + * @see #waitForCondition(Predicate, Duration) + * @see #consume(long) + */ + public void waitAndConsume(long len, Duration maxWaitTime) + throws InterruptedException, WindowClosedException, SocketTimeoutException { + BufferUtils.validateUint32Value(len, "Invalid wait consume length: %d", len); + checkInitialized("waitAndConsume"); + + synchronized (lock) { + waitForCondition(input -> { + // NOTE: we do not call "getSize()" on purpose in order to avoid the lock + return input.size >= len; + }, maxWaitTime); + + + consume(len); + } + } + + /** + * Waits until some data becomes available or timeout expires + * + * @param maxWaitTime Max. time (millis) to wait for space to become available + * @return Amount of available data - always positive + * @throws InterruptedException If interrupted while waiting + * @throws WindowClosedException If window closed while waiting + * @throws SocketTimeoutException If timeout expired before space became available + * @see #waitForCondition(Predicate, Duration) + */ + public long waitForSpace(long maxWaitTime) throws InterruptedException, WindowClosedException, SocketTimeoutException { + return waitForSpace(Duration.ofMillis(maxWaitTime)); + } + + /** + * Waits until some data becomes available or timeout expires + * + * @param maxWaitTime Max. time to wait for space to become available + * @return Amount of available data - always positive + * @throws InterruptedException If interrupted while waiting + * @throws WindowClosedException If window closed while waiting + * @throws SocketTimeoutException If timeout expired before space became available + * @see #waitForCondition(Predicate, Duration) + */ + public long waitForSpace(Duration maxWaitTime) throws InterruptedException, WindowClosedException, SocketTimeoutException { + checkInitialized("waitForSpace"); + + long available; + synchronized (lock) { + waitForCondition(SPACE_AVAILABLE_PREDICATE, maxWaitTime); + available = size; + } + + return available; + } + + /** + * Waits up to a specified amount of time for a condition to be satisfied and signaled via the lock. Note: + * assumes that lock is acquired when this method is called. + * + * @param predicate The {@link Predicate} to check if the condition has been satisfied - the argument + * to the predicate is {@code this} reference + * @param maxWaitTime Max. time to wait for the condition to be satisfied + * @throws WindowClosedException If window closed while waiting + * @throws InterruptedException If interrupted while waiting + * @throws SocketTimeoutException If timeout expired before condition was satisfied + * @see #isOpen() + */ + protected void waitForCondition(Predicate predicate, Duration maxWaitTime) + throws WindowClosedException, InterruptedException, SocketTimeoutException { + Objects.requireNonNull(predicate, "No condition"); + ValidateUtils.checkTrue(GenericUtils.isPositive(maxWaitTime), "Non-positive max. wait time: %s", + maxWaitTime.toString()); + + Instant cur = Instant.now(); + Instant waitEnd = cur.plus(maxWaitTime); + // The loop takes care of spurious wakeups + while (isOpen() && (cur.compareTo(waitEnd) < 0)) { + if (predicate.test(this)) { + return; + } + + Duration rem = Duration.between(cur, waitEnd); + lock.wait(rem.toMillis(), rem.getNano() % 1_000_000); + cur = Instant.now(); + } + + if (!isOpen()) { + throw new WindowClosedException(toString()); + } + + throw new SocketTimeoutException("waitForCondition(" + this + ") timeout exceeded: " + maxWaitTime); + } + + protected void updateSize(long size) { + BufferUtils.validateUint32Value(size, "Invalid updated size: %d", size); + this.size = size; + lock.notifyAll(); + } + + protected void checkInitialized(String location) { + if (!initialized.get()) { + throw new IllegalStateException(location + " - window not initialized: " + this); + } + } + + @Override + public boolean isOpen() { + return !closed.get(); + } + + @Override + public void close() throws IOException { + if (!closed.getAndSet(true)) { + } + + // just in case someone is still waiting + synchronized (lock) { + lock.notifyAll(); + } + } + + @Override + public String toString() { + return getClass().getSimpleName() + "[" + suffix + "](" + getChannel() + ")"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/WindowClosedException.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/WindowClosedException.java new file mode 100644 index 0000000..e710cb6 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/WindowClosedException.java @@ -0,0 +1,34 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.channel; + +import org.apache.sshd.common.SshException; + +/** + * Indicates a {@link Window} has been closed. + * + * @author Apache MINA SSHD Project + */ +public class WindowClosedException extends SshException { + private static final long serialVersionUID = -5345787686165334234L; + + public WindowClosedException(String name) { + super("Already closed: " + name); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/exception/SshChannelClosedException.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/exception/SshChannelClosedException.java new file mode 100644 index 0000000..ee4b6ff --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/exception/SshChannelClosedException.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.channel.exception; + +/** + * @author Apache MINA SSHD Project + */ +public class SshChannelClosedException extends SshChannelException { + private static final long serialVersionUID = 4201656251593797929L; + + public SshChannelClosedException(int channelId, String message) { + this(channelId, message, null); + } + + public SshChannelClosedException(int channelId, Throwable cause) { + this(channelId, cause.getMessage(), cause); + } + + public SshChannelClosedException(int channelId, String message, Throwable cause) { + super(channelId, message, cause); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/exception/SshChannelException.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/exception/SshChannelException.java new file mode 100644 index 0000000..57c9669 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/exception/SshChannelException.java @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.channel.exception; + +import java.io.IOException; + +/** + * @author Apache MINA SSHD Project + */ +public class SshChannelException extends IOException { + private static final long serialVersionUID = 7355720478400167933L; + + private final int channelId; + + public SshChannelException(int channelId, String message) { + this(channelId, message, null); + } + + public SshChannelException(int channelId, Throwable cause) { + this(channelId, cause.getMessage(), cause); + } + + public SshChannelException(int channelId, String message, Throwable cause) { + super(message, cause); + this.channelId = channelId; + } + + public int getChannelId() { + return channelId; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/exception/SshChannelNotFoundException.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/exception/SshChannelNotFoundException.java new file mode 100644 index 0000000..26fb9ab --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/exception/SshChannelNotFoundException.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.channel.exception; + +/** + * @author Apache MINA SSHD Project + */ +public class SshChannelNotFoundException extends SshChannelException { + private static final long serialVersionUID = 6235323779982884257L; + + public SshChannelNotFoundException(int channelId, String message) { + this(channelId, message, null); + } + + public SshChannelNotFoundException(int channelId, Throwable cause) { + this(channelId, cause.getMessage(), cause); + } + + public SshChannelNotFoundException(int channelId, String message, Throwable cause) { + super(channelId, message, cause); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/exception/SshChannelOpenException.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/exception/SshChannelOpenException.java new file mode 100644 index 0000000..e272d2b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/exception/SshChannelOpenException.java @@ -0,0 +1,54 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.channel.exception; + +/** + * Documents failure of a channel to open as expected. + * + * @author Apache MINA SSHD Project + */ +public class SshChannelOpenException extends SshChannelException { + private static final long serialVersionUID = 3591321447714889771L; + + private final int code; + + public SshChannelOpenException(int channelId, int code, String message) { + this(channelId, code, message, null); + } + + public SshChannelOpenException(int channelId, int code, String message, Throwable cause) { + super(channelId, message, cause); + this.code = code; + } + + /** + * The reason code as specified by RFC 4254. + *
      + *
    • {@link org.apache.sshd.common.SshConstants#SSH_OPEN_ADMINISTRATIVELY_PROHIBITED} + *
    • {@link org.apache.sshd.common.SshConstants#SSH_OPEN_CONNECT_FAILED} + *
    • {@link org.apache.sshd.common.SshConstants#SSH_OPEN_UNKNOWN_CHANNEL_TYPE} + *
    • {@link org.apache.sshd.common.SshConstants#SSH_OPEN_RESOURCE_SHORTAGE} + *
    + * + * @return reason code; 0 if no standardized reason code is given. + */ + public int getReasonCode() { + return code; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/throttle/ChannelStreamWriter.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/throttle/ChannelStreamWriter.java new file mode 100644 index 0000000..a9b643a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/throttle/ChannelStreamWriter.java @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.channel.throttle; + +import java.io.IOException; +import java.nio.channels.Channel; + +import org.apache.sshd.common.io.IoWriteFuture; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * The ChannelStreamWriter is used when writing to the channel data stream. This data is encoded and sent with the + * {@link org.apache.sshd.common.SshConstants#SSH_MSG_CHANNEL_DATA} and + * {@link org.apache.sshd.common.SshConstants#SSH_MSG_CHANNEL_EXTENDED_DATA} commands. + * + * @author Apache MINA SSHD Project + */ +public interface ChannelStreamWriter extends Channel { + + /** + * Encode and send the given data packet buffer. Note: the buffer has to have 5 bytes free at the beginning + * to allow the encoding to take place. Also, the write position of the buffer has to be set to the position of the + * last byte to write. + * + * @param buffer the buffer to encode and send. NOTE: the buffer must not be touched until the returned + * write future is completed. + * @return An {@code IoWriteFuture} that can be used to check when the packet has actually been sent + * @throws IOException if an error occurred when encoding or sending the packet + */ + IoWriteFuture writeData(Buffer buffer) throws IOException; + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/throttle/ChannelStreamWriterResolver.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/throttle/ChannelStreamWriterResolver.java new file mode 100644 index 0000000..0b71544 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/throttle/ChannelStreamWriterResolver.java @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.channel.throttle; + +import org.apache.sshd.common.channel.Channel; + +/** + * A special mechanism that enables users to intervene in the way packets are sent from {@code ChannelOutputStream}-s - + * e.g., by introducing throttling + * + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface ChannelStreamWriterResolver { + /** + * An identity resolver - i.e., no special intervention - simply use the channel itself + */ + ChannelStreamWriterResolver NONE = (channel, cmd) -> new DefaultChannelStreamWriter(channel); + + /** + * @param channel The original {@link Channel} + * @param cmd The {@code SSH_MSG_CHANNEL_DATA} or {@code SSH_MSG_CHANNEL_EXTENDED_DATA} command that triggered + * the resolution + * @return The {@link ChannelStreamWriter} to use - Note: if the return value is not a + * {@link Channel} then it will be closed when the stream is closed + */ + ChannelStreamWriter resolveChannelStreamWriter(Channel channel, byte cmd); + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/throttle/ChannelStreamWriterResolverManager.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/throttle/ChannelStreamWriterResolverManager.java new file mode 100644 index 0000000..34f8391 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/throttle/ChannelStreamWriterResolverManager.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.channel.throttle; + +import org.apache.sshd.common.channel.Channel; + +/** + * TODO Add javadoc + * + * @author Apache MINA SSHD Project + */ +public interface ChannelStreamWriterResolverManager extends ChannelStreamWriterResolver { + ChannelStreamWriterResolver getChannelStreamWriterResolver(); + + void setChannelStreamWriterResolver(ChannelStreamWriterResolver resolver); + + default ChannelStreamWriterResolver resolveChannelStreamWriterResolver() { + return getChannelStreamWriterResolver(); + } + + @Override + default ChannelStreamWriter resolveChannelStreamWriter(Channel channel, byte cmd) { + ChannelStreamWriterResolver resolver = resolveChannelStreamWriterResolver(); + ChannelStreamWriterResolver actual = (resolver == null) ? ChannelStreamWriterResolver.NONE : resolver; + return actual.resolveChannelStreamWriter(channel, cmd); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/channel/throttle/DefaultChannelStreamWriter.java b/files-sftp/src/main/java/org/apache/sshd/common/channel/throttle/DefaultChannelStreamWriter.java new file mode 100644 index 0000000..83b1a91 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/channel/throttle/DefaultChannelStreamWriter.java @@ -0,0 +1,58 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.channel.throttle; + +import java.io.IOException; + +import org.apache.sshd.common.channel.Channel; +import org.apache.sshd.common.io.IoWriteFuture; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * A ChannelStreamWriter that simply calls the {@link Channel#writePacket(Buffer)} method. + * + * @author Apache MINA SSHD Project + */ +public class DefaultChannelStreamWriter implements ChannelStreamWriter { + + protected final Channel channel; + protected volatile boolean closed; + + public DefaultChannelStreamWriter(Channel channel) { + this.channel = channel; + } + + @Override + public IoWriteFuture writeData(Buffer buffer) throws IOException { + if (closed) { + throw new IOException("ChannelStreamPacketWriter has been closed"); + } + return channel.writePacket(buffer); + } + + @Override + public boolean isOpen() { + return !closed; + } + + @Override + public void close() throws IOException { + closed = true; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/cipher/BaseCipher.java b/files-sftp/src/main/java/org/apache/sshd/common/cipher/BaseCipher.java new file mode 100644 index 0000000..1288af0 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/cipher/BaseCipher.java @@ -0,0 +1,156 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.cipher; + +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; + +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * Base class for all Cipher implementations delegating to the JCE provider. + * + * @author Apache MINA SSHD Project + */ +public class BaseCipher implements Cipher { + + private javax.crypto.Cipher cipher; + private final int ivsize; + private final int authSize; + private final int kdfSize; + private final String algorithm; + private final int keySize; + private final int blkSize; + private final String transformation; + private String s; + + public BaseCipher( + int ivsize, int authSize, int kdfSize, String algorithm, + int keySize, String transformation, int blkSize) { + this.ivsize = ivsize; + this.authSize = authSize; + this.kdfSize = kdfSize; + this.algorithm = ValidateUtils.checkNotNullAndNotEmpty(algorithm, "No algorithm"); + this.keySize = keySize; + this.transformation = ValidateUtils.checkNotNullAndNotEmpty(transformation, "No transformation"); + this.blkSize = blkSize; + } + + @Override + public String getAlgorithm() { + return algorithm; + } + + @Override + public int getKeySize() { + return keySize; + } + + @Override + public String getTransformation() { + return transformation; + } + + @Override + public int getIVSize() { + return ivsize; + } + + @Override + public int getAuthenticationTagSize() { + return authSize; + } + + @Override + public int getKdfSize() { + return kdfSize; + } + + @Override + public int getCipherBlockSize() { + return blkSize; + } + + @Override + public void init(Mode mode, byte[] key, byte[] iv) throws Exception { + key = initializeKeyData(mode, key, getKdfSize()); + iv = initializeIVData(mode, iv, getIVSize()); + cipher = createCipherInstance(mode, key, iv); + } + + protected javax.crypto.Cipher getCipherInstance() { + return cipher; + } + + protected javax.crypto.Cipher createCipherInstance(Mode mode, byte[] key, byte[] iv) throws Exception { + javax.crypto.Cipher instance = SecurityUtils.getCipher(getTransformation()); + instance.init( + Mode.Encrypt.equals(mode) + ? javax.crypto.Cipher.ENCRYPT_MODE + : javax.crypto.Cipher.DECRYPT_MODE, + new SecretKeySpec(key, getAlgorithm()), + new IvParameterSpec(iv)); + return instance; + } + + protected byte[] initializeKeyData(Mode mode, byte[] key, int reqLen) { + return resize(key, reqLen); + } + + protected byte[] initializeIVData(Mode mode, byte[] iv, int reqLen) { + return resize(iv, reqLen); + } + + @Override + public void update(byte[] input, int inputOffset, int inputLen) throws Exception { + cipher.update(input, inputOffset, inputLen, input, inputOffset); + } + + @Override + public void updateAAD(byte[] data, int offset, int length) throws Exception { + throw new UnsupportedOperationException(getClass() + " does not support AAD operations"); + } + + protected static byte[] resize(byte[] data, int size) { + if (data.length > size) { + byte[] tmp = new byte[size]; + System.arraycopy(data, 0, tmp, 0, size); + data = tmp; + } + return data; + } + + @Override + public String toString() { + synchronized (this) { + if (s == null) { + s = getClass().getSimpleName() + + "[" + getAlgorithm() + + ", ivSize=" + getIVSize() + + ", kdfSize=" + getKdfSize() + + "," + getTransformation() + + ", blkSize=" + getCipherBlockSize() + + "]"; + } + } + + return s; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/cipher/BaseGCMCipher.java b/files-sftp/src/main/java/org/apache/sshd/common/cipher/BaseGCMCipher.java new file mode 100644 index 0000000..d1b3191 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/cipher/BaseGCMCipher.java @@ -0,0 +1,109 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.cipher; + +import javax.crypto.Cipher; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.SecretKeySpec; + +import org.apache.sshd.common.util.buffer.BufferUtils; +import org.apache.sshd.common.util.security.SecurityUtils; + +public class BaseGCMCipher extends BaseCipher { + + protected Mode mode; + protected boolean initialized; + protected CounterGCMParameterSpec parameters; + protected SecretKey secretKey; + + public BaseGCMCipher( + int ivsize, int authSize, int kdfSize, String algorithm, int keySize, String transformation, + int blkSize) { + super(ivsize, authSize, kdfSize, algorithm, keySize, transformation, blkSize); + } + + @Override + protected Cipher createCipherInstance(Mode mode, byte[] key, byte[] iv) throws Exception { + this.mode = mode; + secretKey = new SecretKeySpec(key, getAlgorithm()); + parameters = new CounterGCMParameterSpec(getAuthenticationTagSize() * Byte.SIZE, iv); + return SecurityUtils.getCipher(getTransformation()); + } + + protected Cipher getInitializedCipherInstance() throws Exception { + Cipher cipher = getCipherInstance(); + if (!initialized) { + cipher.init(mode == Mode.Encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, secretKey, parameters); + initialized = true; + } + return cipher; + } + + @Override + public void updateAAD(byte[] data, int offset, int length) throws Exception { + getInitializedCipherInstance().updateAAD(data, offset, length); + } + + @Override + public void update(byte[] input, int inputOffset, int inputLen) throws Exception { + if (mode == Mode.Decrypt) { + inputLen += getAuthenticationTagSize(); + } + Cipher cipher = getInitializedCipherInstance(); + cipher.doFinal(input, inputOffset, inputLen, input, inputOffset); + parameters.incrementCounter(); + initialized = false; + } + + /** + * Algorithm parameters for AES/GCM that assumes the IV uses an 8-byte counter field as its most significant bytes. + */ + protected static class CounterGCMParameterSpec extends GCMParameterSpec { + protected final byte[] iv; + protected final long initialCounter; + + protected CounterGCMParameterSpec(int tLen, byte[] src) { + super(tLen, src); + if (src.length != 12) { + throw new IllegalArgumentException("GCM nonce must be 12 bytes, but given len=" + src.length); + } + iv = src.clone(); + initialCounter = BufferUtils.getLong(iv, iv.length - Long.BYTES, Long.BYTES); + } + + protected void incrementCounter() { + int off = iv.length - Long.BYTES; + long counter = BufferUtils.getLong(iv, off, Long.BYTES); + long newCounter = counter + 1L; + if (newCounter == initialCounter) { + throw new IllegalStateException("GCM IV would be reused"); + } + BufferUtils.putLong(newCounter, iv, off, Long.BYTES); + } + + @Override + public byte[] getIV() { + // JCE implementation of GCM will complain if the reference doesn't change between inits + return iv.clone(); + } + } + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/cipher/BaseRC4Cipher.java b/files-sftp/src/main/java/org/apache/sshd/common/cipher/BaseRC4Cipher.java new file mode 100644 index 0000000..a8b1f14 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/cipher/BaseRC4Cipher.java @@ -0,0 +1,56 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.cipher; + +import javax.crypto.spec.SecretKeySpec; + +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * @author Apache MINA SSHD Project + */ +public class BaseRC4Cipher extends BaseCipher { + public static final int SKIP_SIZE = 1536; + + public BaseRC4Cipher(int ivsize, int kdfSize, int keySize, int blkSize) { + super(ivsize, 0, kdfSize, "ARCFOUR", keySize, "RC4", blkSize); + } + + @Override + protected byte[] initializeIVData(Mode mode, byte[] iv, int reqLen) { + return iv; // not used in any way + } + + @Override + protected javax.crypto.Cipher createCipherInstance(Mode mode, byte[] key, byte[] iv) throws Exception { + javax.crypto.Cipher instance = SecurityUtils.getCipher(getTransformation()); + instance.init( + Mode.Encrypt.equals(mode) + ? javax.crypto.Cipher.ENCRYPT_MODE + : javax.crypto.Cipher.DECRYPT_MODE, + new SecretKeySpec(key, getAlgorithm())); + + byte[] foo = new byte[1]; + for (int i = 0; i < SKIP_SIZE; i++) { + instance.update(foo, 0, 1, foo, 0); + } + + return instance; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/cipher/BuiltinCiphers.java b/files-sftp/src/main/java/org/apache/sshd/common/cipher/BuiltinCiphers.java new file mode 100644 index 0000000..732901b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/cipher/BuiltinCiphers.java @@ -0,0 +1,393 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.cipher; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.EnumSet; +import java.util.List; +import java.util.Map; +import java.util.NavigableSet; +import java.util.Objects; +import java.util.Set; +import java.util.SortedSet; +import java.util.TreeMap; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.config.NamedFactoriesListParseResult; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * Provides easy access to the currently implemented ciphers + * + * @author Apache MINA SSHD Project + */ +public enum BuiltinCiphers implements CipherFactory { + none(Constants.NONE, 0, 0, 0, "None", 0, "None", 0) { + @Override + public Cipher create() { + return new CipherNone(); + } + }, + aes128cbc(Constants.AES128_CBC, 16, 0, 16, "AES", 128, "AES/CBC/NoPadding", 16), + aes128ctr(Constants.AES128_CTR, 16, 0, 16, "AES", 128, "AES/CTR/NoPadding", 16), + aes128gcm(Constants.AES128_GCM, 12, 16, 16, "AES", 128, "AES/GCM/NoPadding", 16) { + @Override + public Cipher create() { + return new BaseGCMCipher( + getIVSize(), getAuthenticationTagSize(), getKdfSize(), getAlgorithm(), + getKeySize(), getTransformation(), getCipherBlockSize()); + } + }, + aes256gcm(Constants.AES256_GCM, 12, 16, 32, "AES", 256, "AES/GCM/NoPadding", 16) { + @Override + public Cipher create() { + return new BaseGCMCipher( + getIVSize(), getAuthenticationTagSize(), getKdfSize(), getAlgorithm(), + getKeySize(), getTransformation(), getCipherBlockSize()); + } + }, + aes192cbc(Constants.AES192_CBC, 16, 0, 24, "AES", 192, "AES/CBC/NoPadding", 16), + aes192ctr(Constants.AES192_CTR, 16, 0, 24, "AES", 192, "AES/CTR/NoPadding", 16), + aes256cbc(Constants.AES256_CBC, 16, 0, 32, "AES", 256, "AES/CBC/NoPadding", 16), + aes256ctr(Constants.AES256_CTR, 16, 0, 32, "AES", 256, "AES/CTR/NoPadding", 16), + /** + * @deprecated + * @see SSHD-1004 + */ + @Deprecated + arcfour128(Constants.ARCFOUR128, 8, 0, 16, "ARCFOUR", 128, "RC4", 16) { + @Override + public Cipher create() { + return new BaseRC4Cipher(getIVSize(), getKdfSize(), getKeySize(), getCipherBlockSize()); + } + }, + /** + * @deprecated + * @see SSHD-1004 + */ + @Deprecated + arcfour256(Constants.ARCFOUR256, 8, 0, 32, "ARCFOUR", 256, "RC4", 32) { + @Override + public Cipher create() { + return new BaseRC4Cipher(getIVSize(), getKdfSize(), getKeySize(), getCipherBlockSize()); + } + }, + /** + * @deprecated + * @see SSHD-1004 + */ + @Deprecated + blowfishcbc(Constants.BLOWFISH_CBC, 8, 0, 16, "Blowfish", 128, "Blowfish/CBC/NoPadding", 8), + /** + * @deprecated + * @see SSHD-1004 + */ + @Deprecated + tripledescbc(Constants.TRIPLE_DES_CBC, 8, 0, 24, "DESede", 192, "DESede/CBC/NoPadding", 8); + + public static final Set VALUES = Collections.unmodifiableSet(EnumSet.allOf(BuiltinCiphers.class)); + + private static final Map EXTENSIONS = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + + private final String factoryName; + private final int ivsize; + private final int authSize; + private final int kdfSize; + private final int keysize; + private final int blkSize; + private final String algorithm; + private final String transformation; + private final boolean supported; + + BuiltinCiphers( + String factoryName, int ivsize, int authSize, int kdfSize, + String algorithm, int keySize, String transformation, int blkSize) { + this.factoryName = factoryName; + this.ivsize = ivsize; + this.authSize = authSize; + this.kdfSize = kdfSize; + this.keysize = keySize; + this.algorithm = algorithm; + this.transformation = transformation; + this.blkSize = blkSize; + /* + * This can be done once since in order to change the support the JVM needs to be stopped, some + * unlimited-strength files need be installed and then the JVM re-started. Therefore, the answer is not going to + * change while the JVM is running + */ + this.supported = Constants.NONE.equals(factoryName) || Cipher.checkSupported(this.transformation, this.keysize); + } + + @Override + public final String getName() { + return factoryName; + } + + @Override + public final String toString() { + return getName(); + } + + /** + * @return {@code true} if the current JVM configuration supports this cipher - e.g., AES-256 requires the + * Java Cryptography Extension (JCE) + */ + @Override + public boolean isSupported() { + return supported; + } + + @Override + public int getKeySize() { + return keysize; + } + + @Override + public int getIVSize() { + return ivsize; + } + + @Override + public int getAuthenticationTagSize() { + return authSize; + } + + @Override + public int getKdfSize() { + return kdfSize; + } + + @Override + public int getCipherBlockSize() { + return blkSize; + } + + @Override + public String getAlgorithm() { + return algorithm; + } + + @Override + public String getTransformation() { + return transformation; + } + + @Override + public Cipher create() { + return new BaseCipher( + getIVSize(), getAuthenticationTagSize(), getKdfSize(), getAlgorithm(), + getKeySize(), getTransformation(), getCipherBlockSize()); + } + + /** + * Registered a {@link NamedFactory} to be available besides the built-in ones when parsing configuration + * + * @param extension The factory to register + * @throws IllegalArgumentException if factory instance is {@code null}, or overrides a built-in one or overrides + * another registered factory with the same name (case insensitive). + */ + public static void registerExtension(CipherFactory extension) { + String name = Objects.requireNonNull(extension, "No extension provided").getName(); + ValidateUtils.checkTrue(fromFactoryName(name) == null, "Extension overrides built-in: %s", name); + + synchronized (EXTENSIONS) { + ValidateUtils.checkTrue(!EXTENSIONS.containsKey(name), "Extension overrides existing: %s", name); + EXTENSIONS.put(name, extension); + } + } + + /** + * @return A {@link SortedSet} of the currently registered extensions, sorted according to the factory name (case + * insensitive) + */ + public static NavigableSet getRegisteredExtensions() { + synchronized (EXTENSIONS) { + return GenericUtils.asSortedSet(NamedResource.BY_NAME_COMPARATOR, EXTENSIONS.values()); + } + } + + /** + * Unregisters specified extension + * + * @param name The factory name - ignored if {@code null}/empty + * @return The registered extension - {@code null} if not found + */ + public static NamedFactory unregisterExtension(String name) { + if (GenericUtils.isEmpty(name)) { + return null; + } + + synchronized (EXTENSIONS) { + return EXTENSIONS.remove(name); + } + } + + /** + * @param s The {@link Enum}'s name - ignored if {@code null}/empty + * @return The matching {@link BuiltinCiphers} whose {@link Enum#name()} matches (case insensitive) the + * provided argument - {@code null} if no match + */ + public static BuiltinCiphers fromString(String s) { + if (GenericUtils.isEmpty(s)) { + return null; + } + + for (BuiltinCiphers c : VALUES) { + if (s.equalsIgnoreCase(c.name())) { + return c; + } + } + + return null; + } + + /** + * @param factory The {@link NamedFactory} for the cipher - ignored if {@code null} + * @return The matching {@link BuiltinCiphers} whose factory name matches (case insensitive) the + * cipher factory name + * @see #fromFactoryName(String) + */ + public static BuiltinCiphers fromFactory(NamedFactory factory) { + if (factory == null) { + return null; + } else { + return fromFactoryName(factory.getName()); + } + } + + /** + * @param name The factory name - ignored if {@code null}/empty + * @return The matching {@link BuiltinCiphers} whose factory name matches (case insensitive) the + * provided name - {@code null} if no match + */ + public static BuiltinCiphers fromFactoryName(String name) { + return NamedResource.findByName(name, String.CASE_INSENSITIVE_ORDER, VALUES); + } + + /** + * @param ciphers A comma-separated list of ciphers' names - ignored if {@code null}/empty + * @return A {@link ParseResult} containing the successfully parsed factories and the unknown ones. + * Note: it is up to caller to ensure that the lists do not contain duplicates + */ + public static ParseResult parseCiphersList(String ciphers) { + return parseCiphersList(GenericUtils.split(ciphers, ',')); + } + + public static ParseResult parseCiphersList(String... ciphers) { + return parseCiphersList(GenericUtils.isEmpty((Object[]) ciphers) ? Collections.emptyList() : Arrays.asList(ciphers)); + } + + public static ParseResult parseCiphersList(Collection ciphers) { + if (GenericUtils.isEmpty(ciphers)) { + return ParseResult.EMPTY; + } + + List factories = new ArrayList<>(ciphers.size()); + List unknown = Collections.emptyList(); + for (String name : ciphers) { + CipherFactory c = resolveFactory(name); + if (c != null) { + factories.add(c); + } else { + // replace the (unmodifiable) empty list with a real one + if (unknown.isEmpty()) { + unknown = new ArrayList<>(); + } + unknown.add(name); + } + } + + return new ParseResult(factories, unknown); + } + + /** + * @param name The factory name + * @return The factory or {@code null} if it is neither a built-in one or a registered extension + */ + public static CipherFactory resolveFactory(String name) { + if (GenericUtils.isEmpty(name)) { + return null; + } + + CipherFactory c = fromFactoryName(name); + if (c != null) { + return c; + } + + synchronized (EXTENSIONS) { + return EXTENSIONS.get(name); + } + } + + /** + * Holds the result of {@link BuiltinCiphers#parseCiphersList(String)} + * + * @author Apache MINA SSHD Project + */ + public static class ParseResult extends NamedFactoriesListParseResult { + public static final ParseResult EMPTY = new ParseResult(Collections.emptyList(), Collections.emptyList()); + + public ParseResult(List parsed, List unsupported) { + super(parsed, unsupported); + } + } + + public static final class Constants { + public static final String NONE = "none"; + public static final Pattern NONE_CIPHER_PATTERN = Pattern.compile("(^|.*,)" + NONE + "($|,.*)"); + + public static final String AES128_CBC = "aes128-cbc"; + public static final String AES128_CTR = "aes128-ctr"; + public static final String AES128_GCM = "aes128-gcm@openssh.com"; + public static final String AES192_CBC = "aes192-cbc"; + public static final String AES192_CTR = "aes192-ctr"; + public static final String AES256_CBC = "aes256-cbc"; + public static final String AES256_CTR = "aes256-ctr"; + public static final String AES256_GCM = "aes256-gcm@openssh.com"; + public static final String ARCFOUR128 = "arcfour128"; + public static final String ARCFOUR256 = "arcfour256"; + public static final String BLOWFISH_CBC = "blowfish-cbc"; + public static final String TRIPLE_DES_CBC = "3des-cbc"; + + private Constants() { + throw new UnsupportedOperationException("No instance allowed"); + } + + /** + * @param s A comma-separated list of ciphers - ignored if {@code null}/empty + * @return {@code true} if the {@link #NONE} cipher name appears in it + */ + public static boolean isNoneCipherIncluded(String s) { + if (GenericUtils.isEmpty(s)) { + return false; + } + Matcher m = NONE_CIPHER_PATTERN.matcher(s); + return m.matches(); + } + + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/cipher/Cipher.java b/files-sftp/src/main/java/org/apache/sshd/common/cipher/Cipher.java new file mode 100644 index 0000000..09e5aaf --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/cipher/Cipher.java @@ -0,0 +1,123 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.cipher; + +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * Wrapper for a cryptographic cipher, used either for encryption or decryption. + * + * @author Apache MINA SSHD Project + */ +public interface Cipher extends CipherInformation { + + enum Mode { + Encrypt, + Decrypt + } + + /** + * Initialize the cipher for encryption or decryption with the given key and initialization vector + * + * @param mode Encrypt/Decrypt initialization + * @param key Key bytes + * @param iv Initialization vector bytes + * @throws Exception If failed to initialize + */ + void init(Mode mode, byte[] key, byte[] iv) throws Exception; + + /** + * Performs in-place encryption or decryption on the given data. + * + * @param input The input/output bytes + * @throws Exception If failed to execute + * @see #update(byte[], int, int) + */ + default void update(byte[] input) throws Exception { + update(input, 0, NumberUtils.length(input)); + } + + /** + * Performs in-place encryption or decryption on the given data. + * + * @param input The input/output bytes + * @param inputOffset The offset of the data in the data buffer + * @param inputLen The number of bytes to update - starting at the given offset + * @throws Exception If failed to execute + */ + void update(byte[] input, int inputOffset, int inputLen) throws Exception; + + /** + * Adds the provided input data as additional authenticated data during encryption or decryption. + * + * @param data The data to authenticate + * @throws Exception If failed to execute + */ + default void updateAAD(byte[] data) throws Exception { + updateAAD(data, 0, NumberUtils.length(data)); + } + + /** + * Adds the provided input data as additional authenticated data during encryption or decryption. + * + * @param data The additional data to authenticate + * @param offset The offset of the additional data in the buffer + * @param length The number of bytes in the buffer to use for authentication + * @throws Exception If failed to execute + */ + void updateAAD(byte[] data, int offset, int length) throws Exception; + + /** + * Performs in-place authenticated encryption or decryption with additional data (AEAD). Authentication tags are + * implicitly appended after the output ciphertext or implicitly verified after the input ciphertext. Header data + * indicated by the {@code aadLen} parameter are authenticated but not encrypted/decrypted, while payload data + * indicated by the {@code inputLen} parameter are authenticated and encrypted/decrypted. + * + * @param input The input/output bytes + * @param offset The offset of the data in the input buffer + * @param aadLen The number of bytes to use as additional authenticated data - starting at offset + * @param inputLen The number of bytes to update - starting at offset + aadLen + * @throws Exception If failed to execute + */ + default void updateWithAAD(byte[] input, int offset, int aadLen, int inputLen) throws Exception { + updateAAD(input, offset, aadLen); + update(input, offset + aadLen, inputLen); + } + + /** + * @param xform The full cipher transformation - e.g., AES/CBC/NoPadding - never {@code null}/empty + * @param keyLength The required key length in bits - always positive + * @return {@code true} if the cipher transformation and required key length are supported + * @see javax.crypto.Cipher#getMaxAllowedKeyLength(String) + */ + static boolean checkSupported(String xform, int keyLength) { + ValidateUtils.checkNotNullAndNotEmpty(xform, "No transformation"); + if (keyLength <= 0) { + throw new IllegalArgumentException("Bad key length (" + keyLength + ") for cipher=" + xform); + } + + try { + int maxKeyLength = javax.crypto.Cipher.getMaxAllowedKeyLength(xform); + return maxKeyLength >= keyLength; + } catch (Exception e) { + return false; + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/cipher/CipherFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/cipher/CipherFactory.java new file mode 100644 index 0000000..36909f3 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/cipher/CipherFactory.java @@ -0,0 +1,31 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.cipher; + +import org.apache.sshd.common.BuiltinFactory; + +/** + * @author Apache MINA SSHD Project + */ +// CHECKSTYLE:OFF +public interface CipherFactory extends BuiltinFactory, CipherInformation { + // nothing extra +} +//CHECKSTYLE:ON diff --git a/files-sftp/src/main/java/org/apache/sshd/common/cipher/CipherInformation.java b/files-sftp/src/main/java/org/apache/sshd/common/cipher/CipherInformation.java new file mode 100644 index 0000000..96a74c5 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/cipher/CipherInformation.java @@ -0,0 +1,57 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.cipher; + +import org.apache.sshd.common.AlgorithmNameProvider; +import org.apache.sshd.common.keyprovider.KeySizeIndicator; + +/** + * The reported algorithm name refers to the cipher base name - e.g., "AES", "ARCFOUR", etc. + * + * @author Apache MINA SSHD Project + */ +public interface CipherInformation extends AlgorithmNameProvider, KeySizeIndicator { + /** + * @return The actual transformation used - e.g., AES/CBC/NoPadding + */ + String getTransformation(); + + /** + * @return Size of the initialization vector (in bytes) + */ + int getIVSize(); + + /** + * @return Size of the authentication tag (AT) in bytes or 0 if this cipher does not support authentication + */ + int getAuthenticationTagSize(); + + /** + * @return Size of block data used by the cipher (in bytes). For stream ciphers this value is (currently) used to + * indicate some average work buffer size to be used for the automatic re-keying mechanism described in + * RFC 4253 - Section 9 + */ + int getCipherBlockSize(); + + /** + * @return The block size (in bytes) used to derive the secret key for this cipher + */ + int getKdfSize(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/cipher/CipherNone.java b/files-sftp/src/main/java/org/apache/sshd/common/cipher/CipherNone.java new file mode 100644 index 0000000..0a312a2 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/cipher/CipherNone.java @@ -0,0 +1,81 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.cipher; + +/** + * Represents a no-op cipher. This cipher can not really be used during authentication and should only be used after, so + * that authentication remains secured, but not the remaining of the exchanges. + * + * @author Apache MINA SSHD Project + */ +public class CipherNone implements Cipher { + public CipherNone() { + super(); + } + + @Override + public String getAlgorithm() { + return "none"; + } + + @Override + public int getKeySize() { + return 0; + } + + @Override + public String getTransformation() { + return "none"; + } + + @Override + public int getIVSize() { + return 8; // dummy - not zero in order to avoid some code that uses it as divisor + } + + @Override + public int getAuthenticationTagSize() { + return 0; + } + + @Override + public int getKdfSize() { + return 16; // dummy - not zero in order to avoid some code that uses it as divisor + } + + @Override + public int getCipherBlockSize() { + return 8; // dummy - not zero in order to avoid some code that uses it as divisor + } + + @Override + public void init(Mode mode, byte[] key, byte[] iv) throws Exception { + // ignored - always succeeds + } + + @Override + public void updateAAD(byte[] data, int offset, int length) throws Exception { + // ignored - always succeeds + } + + @Override + public void update(byte[] input, int inputOffset, int inputLen) throws Exception { + // ignored - always succeeds + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/cipher/ECCurves.java b/files-sftp/src/main/java/org/apache/sshd/common/cipher/ECCurves.java new file mode 100644 index 0000000..4b09d01 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/cipher/ECCurves.java @@ -0,0 +1,601 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.cipher; + +import java.io.ByteArrayOutputStream; +import java.io.EOFException; +import java.io.IOException; +import java.io.OutputStream; +import java.io.StreamCorruptedException; +import java.math.BigInteger; +import java.security.interfaces.ECKey; +import java.security.spec.ECField; +import java.security.spec.ECFieldFp; +import java.security.spec.ECParameterSpec; +import java.security.spec.ECPoint; +import java.security.spec.EllipticCurve; +import java.util.Collections; +import java.util.Comparator; +import java.util.EnumSet; +import java.util.List; +import java.util.NavigableSet; +import java.util.Objects; +import java.util.Set; +import java.util.stream.Collectors; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.OptionalFeature; +import org.apache.sshd.common.config.keys.KeyEntryResolver; +import org.apache.sshd.common.digest.BuiltinDigests; +import org.apache.sshd.common.digest.Digest; +import org.apache.sshd.common.digest.DigestFactory; +import org.apache.sshd.common.keyprovider.KeySizeIndicator; +import org.apache.sshd.common.keyprovider.KeyTypeIndicator; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * Utilities for working with elliptic curves. + * + * @author Apache MINA SSHD Project + */ +public enum ECCurves implements KeyTypeIndicator, KeySizeIndicator, NamedResource, OptionalFeature { + nistp256(Constants.NISTP256, new int[] { 1, 2, 840, 10045, 3, 1, 7 }, + new ECParameterSpec( + new EllipticCurve( + new ECFieldFp( + new BigInteger("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", 16)), + new BigInteger("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", 16), + new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16)), + new ECPoint( + new BigInteger("6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", 16), + new BigInteger("4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", 16)), + new BigInteger("FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", 16), + 1), + 32, + BuiltinDigests.sha256), + nistp384(Constants.NISTP384, new int[] { 1, 3, 132, 0, 34 }, + new ECParameterSpec( + new EllipticCurve( + new ECFieldFp( + new BigInteger( + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF", + 16)), + new BigInteger( + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC", + 16), + new BigInteger( + "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF", + 16)), + new ECPoint( + new BigInteger( + "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7", + 16), + new BigInteger( + "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F", + 16)), + new BigInteger( + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973", + 16), + 1), + 48, + BuiltinDigests.sha384), + nistp521(Constants.NISTP521, new int[] { 1, 3, 132, 0, 35 }, + new ECParameterSpec( + new EllipticCurve( + new ECFieldFp( + new BigInteger( + "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + 16)), + new BigInteger( + "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", + 16), + new BigInteger( + "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951" + + "EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", + 16)), + new ECPoint( + new BigInteger( + "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77" + + "EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", + 16), + new BigInteger( + "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE7299" + + "5EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650", + 16)), + new BigInteger( + "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B" + + "7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", + 16), + 1), + 66, + BuiltinDigests.sha512); + + /** + * A {@link Set} of all the known curves + */ + public static final Set VALUES = Collections.unmodifiableSet(EnumSet.allOf(ECCurves.class)); + + /** + * A {@link Set} of all the known curves names + */ + public static final NavigableSet NAMES = Collections.unmodifiableNavigableSet( + GenericUtils.mapSort(VALUES, ECCurves::getName, String.CASE_INSENSITIVE_ORDER)); + + /** + * A {@link Set} of all the known curves key types + */ + public static final NavigableSet KEY_TYPES = Collections.unmodifiableNavigableSet( + GenericUtils.mapSort(VALUES, ECCurves::getKeyType, String.CASE_INSENSITIVE_ORDER)); + + public static final Comparator BY_KEY_SIZE = (o1, o2) -> { + int k1 = (o1 == null) ? Integer.MAX_VALUE : o1.getKeySize(); + int k2 = (o2 == null) ? Integer.MAX_VALUE : o2.getKeySize(); + return Integer.compare(k1, k2); + }; + + public static final List SORTED_KEY_SIZE = Collections.unmodifiableList(VALUES.stream() + .sorted(BY_KEY_SIZE) + .collect(Collectors.toList())); + + private final String name; + private final String keyType; + private final String oidString; + private final List oidValue; + private final ECParameterSpec params; + private final int keySize; + private final int numOctets; + private final DigestFactory digestFactory; + + ECCurves(String name, int[] oid, ECParameterSpec params, int numOctets, DigestFactory digestFactory) { + this.name = ValidateUtils.checkNotNullAndNotEmpty(name, "No curve name"); + this.oidString = NumberUtils.join('.', ValidateUtils.checkNotNullAndNotEmpty(oid, "No OID")); + this.oidValue = Collections.unmodifiableList(NumberUtils.asList(oid)); + this.keyType = Constants.ECDSA_SHA2_PREFIX + name; + this.params = ValidateUtils.checkNotNull(params, "No EC params for %s", name); + this.keySize = getCurveSize(params); + this.numOctets = numOctets; + this.digestFactory = Objects.requireNonNull(digestFactory, "No digestFactory"); + } + + @Override // The curve's standard name + public final String getName() { + return name; + } + + public final String getOID() { + return oidString; + } + + public final List getOIDValue() { + return oidValue; + } + + @Override + public final String getKeyType() { + return keyType; + } + + @Override + public final boolean isSupported() { + return SecurityUtils.isECCSupported() && digestFactory.isSupported(); + } + + public final ECParameterSpec getParameters() { + return params; + } + + @Override + public final int getKeySize() { + return keySize; + } + + /** + * @return The number of octets used to represent the point(s) for the curve + */ + public final int getNumPointOctets() { + return numOctets; + } + + /** + * @return The {@link Digest} to use when hashing the curve's parameters + */ + public final Digest getDigestForParams() { + return digestFactory.create(); + } + + /** + * @param type The key type value - ignored if {@code null}/empty + * @return The matching {@link ECCurves} constant - {@code null} if no match found case insensitive + */ + public static ECCurves fromKeyType(String type) { + if (GenericUtils.isEmpty(type)) { + return null; + } + + for (ECCurves c : VALUES) { + if (type.equalsIgnoreCase(c.getKeyType())) { + return c; + } + } + + return null; + } + + /** + * @param name The curve name (case insensitive - ignored if {@code null}/empty + * @return The matching {@link ECCurves} instance - {@code null} if no match found + */ + public static ECCurves fromCurveName(String name) { + return NamedResource.findByName(name, String.CASE_INSENSITIVE_ORDER, VALUES); + } + + /** + * @param key The {@link ECKey} - ignored if {@code null} + * @return The matching {@link ECCurves} instance - {@code null} if no match found + */ + public static ECCurves fromECKey(ECKey key) { + return fromCurveParameters((key == null) ? null : key.getParams()); + } + + /** + * @param params The curve's {@link ECParameterSpec} - ignored if {@code null} + * @return The matching {@link ECCurves} value - {@code null} if no match found + * @see #getCurveSize(ECParameterSpec) + * @see #fromCurveSize(int) + */ + public static ECCurves fromCurveParameters(ECParameterSpec params) { + if (params == null) { + return null; + } else { + return fromCurveSize(getCurveSize(params)); + } + } + + /** + * @param keySize The key size (in bits) + * @return The matching {@link ECCurves} value - {@code null} if no match found + */ + public static ECCurves fromCurveSize(int keySize) { + if (keySize <= 0) { + return null; + } + + for (ECCurves c : VALUES) { + if (keySize == c.getKeySize()) { + return c; + } + } + + return null; + } + + public static ECCurves fromOIDValue(List oid) { + if (GenericUtils.isEmpty(oid)) { + return null; + } + + for (ECCurves c : VALUES) { + List v = c.getOIDValue(); + if (oid.size() != v.size()) { + continue; + } + + boolean matches = true; + for (int index = 0; index < v.size(); index++) { + Number exp = v.get(index); + Number act = oid.get(index); + if (exp.intValue() != act.intValue()) { + matches = false; + break; + } + } + + if (matches) { + return c; + } + } + + return null; + } + + public static ECCurves fromOID(String oid) { + if (GenericUtils.isEmpty(oid)) { + return null; + } + + for (ECCurves c : VALUES) { + if (oid.equalsIgnoreCase(c.getOID())) { + return c; + } + } + + return null; + } + + /** + * @param params The curve's {@link ECParameterSpec} + * @return The curve's key size in bits + * @throws IllegalArgumentException if invalid parameters provided + */ + public static int getCurveSize(ECParameterSpec params) { + EllipticCurve curve = Objects.requireNonNull(params, "No EC params").getCurve(); + ECField field = Objects.requireNonNull(curve, "No EC curve").getField(); + return Objects.requireNonNull(field, "No EC field").getFieldSize(); + } + + public static byte[] encodeECPoint(ECPoint group, ECParameterSpec params) { + return encodeECPoint(group, params.getCurve()); + } + + public static byte[] encodeECPoint(ECPoint group, EllipticCurve curve) { + // M has len 2 ceil(log_2(q)/8) + 1 ? + int elementSize = (curve.getField().getFieldSize() + 7) / 8; + byte[] m = new byte[2 * elementSize + 1]; + + // Uncompressed format + m[0] = 0x04; + + byte[] affineX = removeLeadingZeroes(group.getAffineX().toByteArray()); + System.arraycopy(affineX, 0, m, 1 + elementSize - affineX.length, affineX.length); + + byte[] affineY = removeLeadingZeroes(group.getAffineY().toByteArray()); + System.arraycopy(affineY, 0, m, 1 + elementSize + elementSize - affineY.length, affineY.length); + + return m; + } + + private static byte[] removeLeadingZeroes(byte[] input) { + if (input[0] != 0x00) { + return input; + } + + int pos = 1; + while (pos < input.length - 1 && input[pos] == 0x00) { + pos++; + } + + byte[] output = new byte[input.length - pos]; + System.arraycopy(input, pos, output, 0, output.length); + return output; + } + + /** + * Converts the given octet string (defined by ASN.1 specifications) to a {@link BigInteger} As octet strings always + * represent positive integers, a zero-byte is prepended to the given array if necessary (if is MSB equal to 1), + * then this is converted to BigInteger The conversion is defined in the Section 2.3.8 + * + * @param octets - octet string bytes to be converted + * @return The {@link BigInteger} representation of the octet string + */ + public static BigInteger octetStringToInteger(byte... octets) { + if (octets == null) { + return null; + } else if (octets.length == 0) { + return BigInteger.ZERO; + } else { + return new BigInteger(1, octets); + } + } + + public static ECPoint octetStringToEcPoint(byte... octets) { + if (NumberUtils.isEmpty(octets)) { + return null; + } + + int startIndex = findFirstNonZeroIndex(octets); + if (startIndex < 0) { + throw new IllegalArgumentException("All zeroes ECPoint N/A"); + } + + byte indicator = octets[startIndex]; + ECPointCompression compression = ECPointCompression.fromIndicatorValue(indicator); + if (compression == null) { + throw new UnsupportedOperationException( + "Unknown compression indicator value: 0x" + Integer.toHexString(indicator & 0xFF)); + } + + // The coordinates actually start after the compression indicator + return compression.octetStringToEcPoint(octets, startIndex + 1, octets.length - startIndex - 1); + } + + private static int findFirstNonZeroIndex(byte... octets) { + if (NumberUtils.isEmpty(octets)) { + return -1; + } + + for (int index = 0; index < octets.length; index++) { + if (octets[index] != 0) { + return index; + } + } + + return -1; // all zeroes + } + + public static final class Constants { + /** + * Standard prefix of NISTP key types when encoded + */ + public static final String ECDSA_SHA2_PREFIX = "ecdsa-sha2-"; + + public static final String NISTP256 = "nistp256"; + public static final String NISTP384 = "nistp384"; + public static final String NISTP521 = "nistp521"; + + private Constants() { + throw new UnsupportedOperationException("No instance allowed"); + } + } + + /** + * The various {@link ECPoint} representation compression indicators + * + * @author Apache MINA SSHD Project + * @see RFC-5480 - section 2.2 + */ + public enum ECPointCompression { + // see http://tools.ietf.org/html/draft-jivsov-ecc-compact-00 + // see + // http://crypto.stackexchange.com/questions/8914/ecdsa-compressed-public-key-point-back-to-uncompressed-public-key-point + VARIANT2((byte) 0x02) { + @Override + public ECPoint octetStringToEcPoint(byte[] octets, int startIndex, int len) { + byte[] xp = new byte[len]; + System.arraycopy(octets, startIndex, xp, 0, len); + BigInteger x = octetStringToInteger(xp); + + // TODO derive even Y... + throw new UnsupportedOperationException( + "octetStringToEcPoint(" + name() + ")(X=" + x + ") compression support N/A"); + } + }, + VARIANT3((byte) 0x03) { + @Override + public ECPoint octetStringToEcPoint(byte[] octets, int startIndex, int len) { + byte[] xp = new byte[len]; + System.arraycopy(octets, startIndex, xp, 0, len); + BigInteger x = octetStringToInteger(xp); + + // TODO derive odd Y... + throw new UnsupportedOperationException( + "octetStringToEcPoint(" + name() + ")(X=" + x + ") compression support N/A"); + } + }, + UNCOMPRESSED((byte) 0x04) { + @Override + public ECPoint octetStringToEcPoint(byte[] octets, int startIndex, int len) { + int numElements = len / 2; /* x, y */ + if (len != (numElements * 2)) { // make sure length is not odd + throw new IllegalArgumentException( + "octetStringToEcPoint(" + name() + ") " + + " invalid remainder octets representation: " + + " expected=" + (2 * numElements) + ", actual=" + len); + } + + byte[] xp = new byte[numElements]; + byte[] yp = new byte[numElements]; + System.arraycopy(octets, startIndex, xp, 0, numElements); + System.arraycopy(octets, startIndex + numElements, yp, 0, numElements); + + BigInteger x = octetStringToInteger(xp); + BigInteger y = octetStringToInteger(yp); + return new ECPoint(x, y); + } + + @Override + public void writeECPoint(OutputStream s, String curveName, ECPoint p) throws IOException { + ECCurves curve = fromCurveName(curveName); + if (curve == null) { + throw new StreamCorruptedException( + "writeECPoint(" + name() + ")[" + curveName + "] cannot determine octets count"); + } + + int numElements = curve.getNumPointOctets(); + KeyEntryResolver.encodeInt(s, 1 /* the indicator */ + 2 * numElements); + s.write(getIndicatorValue()); + writeCoordinate(s, "X", p.getAffineX(), numElements); + writeCoordinate(s, "Y", p.getAffineY(), numElements); + } + }; + + public static final Set VALUES + = Collections.unmodifiableSet(EnumSet.allOf(ECPointCompression.class)); + + private final byte indicatorValue; + + ECPointCompression(byte indicator) { + indicatorValue = indicator; + } + + public final byte getIndicatorValue() { + return indicatorValue; + } + + public abstract ECPoint octetStringToEcPoint(byte[] octets, int startIndex, int len); + + public byte[] ecPointToOctetString(String curveName, ECPoint p) { + try (ByteArrayOutputStream baos = new ByteArrayOutputStream((2 * 66) + Long.SIZE)) { + writeECPoint(baos, curveName, p); + return baos.toByteArray(); + } catch (IOException e) { + throw new RuntimeException( + "ecPointToOctetString(" + curveName + ")" + + " failed (" + e.getClass().getSimpleName() + ")" + + " to write data: " + e.getMessage(), + e); + } + } + + public void writeECPoint(OutputStream s, String curveName, ECPoint p) throws IOException { + if (s == null) { + throw new EOFException("No output stream"); + } + + throw new StreamCorruptedException("writeECPoint(" + name() + ")[" + p + "] N/A"); + } + + protected void writeCoordinate(OutputStream s, String n, BigInteger v, int numElements) throws IOException { + byte[] vp = v.toByteArray(); + int startIndex = 0; + int vLen = vp.length; + if (vLen > numElements) { + if (vp[0] == 0) { // skip artificial positive sign + startIndex++; + vLen--; + } + } + + if (vLen > numElements) { + throw new StreamCorruptedException( + "writeCoordinate(" + name() + ")[" + n + "]" + + " value length (" + vLen + ") exceeds max. (" + numElements + ")" + + " for " + v); + } + + if (vLen < numElements) { + byte[] tmp = new byte[numElements]; + System.arraycopy(vp, startIndex, tmp, numElements - vLen, vLen); + vp = tmp; + startIndex = 0; + vLen = vp.length; + } + + s.write(vp, startIndex, vLen); + } + + public static ECPointCompression fromIndicatorValue(int value) { + if ((value < 0) || (value > 0xFF)) { + return null; // must be a byte value + } + + for (ECPointCompression c : VALUES) { + if (value == c.getIndicatorValue()) { + return c; + } + } + + return null; + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/compression/BaseCompression.java b/files-sftp/src/main/java/org/apache/sshd/common/compression/BaseCompression.java new file mode 100644 index 0000000..ff31947 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/compression/BaseCompression.java @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.compression; + +import org.apache.sshd.common.util.ValidateUtils; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class BaseCompression implements Compression { + private final String name; + + protected BaseCompression(String name) { + this.name = ValidateUtils.checkNotNullAndNotEmpty(name, "No compression name"); + } + + @Override + public final String getName() { + return name; + } + + @Override + public boolean isCompressionExecuted() { + return true; + } + + @Override + public String toString() { + return getName(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/compression/BuiltinCompressions.java b/files-sftp/src/main/java/org/apache/sshd/common/compression/BuiltinCompressions.java new file mode 100644 index 0000000..cc02e09 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/compression/BuiltinCompressions.java @@ -0,0 +1,234 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.compression; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.EnumSet; +import java.util.List; +import java.util.Map; +import java.util.NavigableSet; +import java.util.Objects; +import java.util.Set; +import java.util.SortedSet; +import java.util.TreeMap; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.config.NamedFactoriesListParseResult; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * @author Apache MINA SSHD Project + */ +public enum BuiltinCompressions implements CompressionFactory { + none(Constants.NONE) { + @Override + public Compression create() { + return new CompressionNone(); + } + + @Override + public boolean isCompressionExecuted() { + return false; + } + }, + zlib(Constants.ZLIB) { + @Override + public Compression create() { + return new CompressionZlib(); + } + }, + delayedZlib(Constants.DELAYED_ZLIB) { + @Override + public Compression create() { + return new CompressionDelayedZlib(); + } + + @Override + public boolean isDelayed() { + return true; + } + }; + + public static final Set VALUES = Collections.unmodifiableSet(EnumSet.allOf(BuiltinCompressions.class)); + + private static final Map EXTENSIONS = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + + private final String name; + + BuiltinCompressions(String n) { + name = n; + } + + @Override + public final String getName() { + return name; + } + + @Override + public boolean isDelayed() { + return false; + } + + @Override + public boolean isCompressionExecuted() { + return true; + } + + @Override + public final String toString() { + return getName(); + } + + @Override + public final boolean isSupported() { + return true; + } + + /** + * Registered a {@link org.apache.sshd.common.NamedFactory} to be available besides the built-in ones when parsing + * configuration + * + * @param extension The factory to register + * @throws IllegalArgumentException if factory instance is {@code null}, or overrides a built-in one or overrides + * another registered factory with the same name (case insensitive). + */ + public static void registerExtension(CompressionFactory extension) { + String name = Objects.requireNonNull(extension, "No extension provided").getName(); + ValidateUtils.checkTrue(fromFactoryName(name) == null, "Extension overrides built-in: %s", name); + + synchronized (EXTENSIONS) { + ValidateUtils.checkTrue(!EXTENSIONS.containsKey(name), "Extension overrides existing: %s", name); + EXTENSIONS.put(name, extension); + } + } + + /** + * @return A {@link SortedSet} of the currently registered extensions, sorted according to the factory name (case + * insensitive) + */ + public static NavigableSet getRegisteredExtensions() { + synchronized (EXTENSIONS) { + return GenericUtils.asSortedSet(NamedResource.BY_NAME_COMPARATOR, EXTENSIONS.values()); + } + } + + /** + * Unregisters specified extension + * + * @param name The factory name - ignored if {@code null}/empty + * @return The registered extension - {@code null} if not found + */ + public static CompressionFactory unregisterExtension(String name) { + if (GenericUtils.isEmpty(name)) { + return null; + } + + synchronized (EXTENSIONS) { + return EXTENSIONS.remove(name); + } + } + + public static BuiltinCompressions fromFactoryName(String name) { + return NamedResource.findByName(name, String.CASE_INSENSITIVE_ORDER, VALUES); + } + + /** + * @param compressions A comma-separated list of Compressions' names - ignored if {@code null}/empty + * @return A {@link ParseResult} containing the successfully parsed factories and the unknown ones. + * Note: it is up to caller to ensure that the lists do not contain duplicates + */ + public static ParseResult parseCompressionsList(String compressions) { + return parseCompressionsList(GenericUtils.split(compressions, ',')); + } + + public static ParseResult parseCompressionsList(String... compressions) { + return parseCompressionsList( + GenericUtils.isEmpty((Object[]) compressions) ? Collections.emptyList() : Arrays.asList(compressions)); + } + + public static ParseResult parseCompressionsList(Collection compressions) { + if (GenericUtils.isEmpty(compressions)) { + return ParseResult.EMPTY; + } + + List factories = new ArrayList<>(compressions.size()); + List unknown = Collections.emptyList(); + for (String name : compressions) { + CompressionFactory c = resolveFactory(name); + if (c != null) { + factories.add(c); + } else { + // replace the (unmodifiable) empty list with a real one + if (unknown.isEmpty()) { + unknown = new ArrayList<>(); + } + unknown.add(name); + } + } + + return new ParseResult(factories, unknown); + } + + /** + * @param name The factory name + * @return The factory or {@code null} if it is neither a built-in one or a registered extension + */ + public static CompressionFactory resolveFactory(String name) { + if (GenericUtils.isEmpty(name)) { + return null; + } + + CompressionFactory c = fromFactoryName(name); + if (c != null) { + return c; + } + + synchronized (EXTENSIONS) { + return EXTENSIONS.get(name); + } + } + + /** + * Holds the result of {@link BuiltinCompressions#parseCompressionsList(String)} + * + * @author Apache MINA SSHD Project + */ + public static class ParseResult extends NamedFactoriesListParseResult { + public static final ParseResult EMPTY = new ParseResult(Collections.emptyList(), Collections.emptyList()); + + public ParseResult(List parsed, List unsupported) { + super(parsed, unsupported); + } + } + + public static final class Constants { + public static final String NONE = "none"; + public static final String ZLIB = "zlib"; + public static final String DELAYED_ZLIB = "zlib@openssh.com"; + + private Constants() { + throw new UnsupportedOperationException("No instance allowed"); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/compression/Compression.java b/files-sftp/src/main/java/org/apache/sshd/common/compression/Compression.java new file mode 100644 index 0000000..23a94af --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/compression/Compression.java @@ -0,0 +1,66 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.compression; + +import java.io.IOException; + +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * Interface used to compress the stream of data between the SSH server and clients. + * + * @author Apache MINA SSHD Project + */ +public interface Compression extends CompressionInformation { + + /** + * Enum identifying if this object will be used to compress or uncompress data. + */ + enum Type { + Inflater, + Deflater + } + + /** + * Initialize this object to either compress or uncompress data. This method must be called prior to any calls to + * either compress or uncompress. Once the object has been initialized, only one of + * compress or uncompress methods can be called. + * + * @param type compression type + * @param level compression level + */ + void init(Type type, int level); + + /** + * Compress the given buffer in place. + * + * @param buffer the buffer containing the data to compress + * @throws IOException if an error occurs + */ + void compress(Buffer buffer) throws IOException; + + /** + * Uncompress the data in a buffer into another buffer. + * + * @param from the buffer containing the data to uncompress + * @param to the buffer receiving the uncompressed data + * @throws IOException if an error occurs + */ + void uncompress(Buffer from, Buffer to) throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/compression/CompressionDelayedZlib.java b/files-sftp/src/main/java/org/apache/sshd/common/compression/CompressionDelayedZlib.java new file mode 100644 index 0000000..51d0d8e --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/compression/CompressionDelayedZlib.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.compression; + +/** + * ZLib delayed compression. + * + * @author Apache MINA SSHD Project + * @see Compression#isDelayed() + */ +public class CompressionDelayedZlib extends CompressionZlib { + /** + * Create a new instance of a delayed ZLib compression + */ + public CompressionDelayedZlib() { + super(BuiltinCompressions.Constants.DELAYED_ZLIB); + } + + @Override + public boolean isDelayed() { + return true; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/compression/CompressionFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/compression/CompressionFactory.java new file mode 100644 index 0000000..355594a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/compression/CompressionFactory.java @@ -0,0 +1,31 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.compression; + +import org.apache.sshd.common.BuiltinFactory; + +/** + * @author Apache MINA SSHD Project + */ +// CHECKSTYLE:OFF +public interface CompressionFactory extends BuiltinFactory, CompressionInformation { + // nothing extra +} +//CHECKSTYLE:ON diff --git a/files-sftp/src/main/java/org/apache/sshd/common/compression/CompressionInformation.java b/files-sftp/src/main/java/org/apache/sshd/common/compression/CompressionInformation.java new file mode 100644 index 0000000..53f7e4c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/compression/CompressionInformation.java @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.compression; + +import org.apache.sshd.common.NamedResource; + +/** + * @author Apache MINA SSHD Project + */ +public interface CompressionInformation extends NamedResource { + /** + * Delayed compression is an Open-SSH specific feature which informs both the client and server to not compress data + * before the session has been authenticated. + * + * @return if the compression is delayed after authentication or not + */ + boolean isDelayed(); + + /** + * @return {@code true} if there is any compression executed by this "compressor" - special case for + * 'none' + */ + boolean isCompressionExecuted(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/compression/CompressionNone.java b/files-sftp/src/main/java/org/apache/sshd/common/compression/CompressionNone.java new file mode 100644 index 0000000..815e8ce --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/compression/CompressionNone.java @@ -0,0 +1,76 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.compression; + +import java.io.IOException; +import java.io.StreamCorruptedException; + +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * @author Apache MINA SSHD Project + */ +public class CompressionNone extends BaseCompression { + private Type type; + private int level; + + public CompressionNone() { + super(BuiltinCompressions.Constants.NONE); + } + + @Override + public void init(Type type, int level) { + this.type = type; + this.level = level; + } + + @Override + public boolean isCompressionExecuted() { + return false; + } + + @Override + public void compress(Buffer buffer) throws IOException { + if (!Type.Deflater.equals(type)) { + throw new StreamCorruptedException("Not set up for compression: " + type); + } + } + + @Override + public void uncompress(Buffer from, Buffer to) throws IOException { + if (!Type.Inflater.equals(type)) { + throw new StreamCorruptedException("Not set up for de-compression: " + type); + } + + if (from != to) { + throw new StreamCorruptedException("Separate de-compression buffers provided"); + } + } + + @Override + public boolean isDelayed() { + return false; + } + + @Override + public String toString() { + return super.toString() + "[" + type + "/" + level + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/compression/CompressionZlib.java b/files-sftp/src/main/java/org/apache/sshd/common/compression/CompressionZlib.java new file mode 100644 index 0000000..2f5eb22 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/compression/CompressionZlib.java @@ -0,0 +1,85 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.compression; + +import java.io.IOException; +import java.util.zip.DataFormatException; +import java.util.zip.Deflater; +import java.util.zip.Inflater; + +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * ZLib based Compression. + * + * @author Apache MINA SSHD Project + */ +public class CompressionZlib extends BaseCompression { + + private static final int BUF_SIZE = 4096; + + private byte[] tmpbuf = new byte[BUF_SIZE]; + private Deflater compresser; + private Inflater decompresser; + + /** + * Create a new instance of a ZLib base compression + */ + public CompressionZlib() { + this(BuiltinCompressions.Constants.ZLIB); + } + + protected CompressionZlib(String name) { + super(name); + } + + @Override + public boolean isDelayed() { + return false; + } + + @Override + public void init(Type type, int level) { + compresser = new Deflater(level); + decompresser = new Inflater(); + } + + @Override + public void compress(Buffer buffer) throws IOException { + compresser.setInput(buffer.array(), buffer.rpos(), buffer.available()); + buffer.wpos(buffer.rpos()); + for (int len = compresser.deflate(tmpbuf, 0, tmpbuf.length, Deflater.SYNC_FLUSH); + len > 0; + len = compresser.deflate(tmpbuf, 0, tmpbuf.length, Deflater.SYNC_FLUSH)) { + buffer.putRawBytes(tmpbuf, 0, len); + } + } + + @Override + public void uncompress(Buffer from, Buffer to) throws IOException { + decompresser.setInput(from.array(), from.rpos(), from.available()); + try { + for (int len = decompresser.inflate(tmpbuf); len > 0; len = decompresser.inflate(tmpbuf)) { + to.putRawBytes(tmpbuf, 0, len); + } + } catch (DataFormatException e) { + throw new IOException("Error decompressing data", e); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/CompressionConfigValue.java b/files-sftp/src/main/java/org/apache/sshd/common/config/CompressionConfigValue.java new file mode 100644 index 0000000..712b974 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/CompressionConfigValue.java @@ -0,0 +1,94 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config; + +import java.util.Collections; +import java.util.EnumSet; +import java.util.Set; + +import org.apache.sshd.common.compression.BuiltinCompressions; +import org.apache.sshd.common.compression.Compression; +import org.apache.sshd.common.compression.CompressionFactory; +import org.apache.sshd.common.util.GenericUtils; + +/** + * Provides a "bridge" between the configuration values and the actual + * {@link org.apache.sshd.common.NamedFactory} for the {@link Compression}. + * + * @author Apache MINA SSHD Project + */ +public enum CompressionConfigValue implements CompressionFactory { + YES(BuiltinCompressions.zlib), + NO(BuiltinCompressions.none), + DELAYED(BuiltinCompressions.delayedZlib); + + public static final Set VALUES + = Collections.unmodifiableSet(EnumSet.allOf(CompressionConfigValue.class)); + + private final CompressionFactory factory; + + CompressionConfigValue(CompressionFactory delegate) { + factory = delegate; + } + + @Override + public final String getName() { + return factory.getName(); + } + + @Override + public final Compression create() { + return factory.create(); + } + + @Override + public boolean isSupported() { + return factory.isSupported(); + } + + @Override + public final String toString() { + return getName(); + } + + @Override + public boolean isDelayed() { + return factory.isDelayed(); + } + + @Override + public boolean isCompressionExecuted() { + return factory.isCompressionExecuted(); + } + + public static CompressionConfigValue fromName(String n) { + if (GenericUtils.isEmpty(n)) { + return null; + } + + for (CompressionConfigValue v : VALUES) { + if (n.equalsIgnoreCase(v.name())) { + return v; + } + } + + return null; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/ConfigFileReaderSupport.java b/files-sftp/src/main/java/org/apache/sshd/common/config/ConfigFileReaderSupport.java new file mode 100644 index 0000000..f57ff6b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/ConfigFileReaderSupport.java @@ -0,0 +1,203 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.Reader; +import java.io.StreamCorruptedException; +import java.net.URL; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.OpenOption; +import java.nio.file.Path; +import java.util.Properties; +import java.util.concurrent.TimeUnit; + +import org.apache.sshd.common.PropertyResolverUtils; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.io.NoCloseInputStream; +import org.apache.sshd.common.util.io.NoCloseReader; +import org.apache.sshd.common.util.net.SshdSocketAddress; + +/** + * @author Apache MINA SSHD Project + * @see ssh_config(5) + */ +public final class ConfigFileReaderSupport { + + public static final char COMMENT_CHAR = '#'; + + public static final String COMPRESSION_PROP = "Compression"; + public static final String DEFAULT_COMPRESSION = CompressionConfigValue.NO.getName(); + public static final String MAX_SESSIONS_CONFIG_PROP = "MaxSessions"; + public static final int DEFAULT_MAX_SESSIONS = 10; + + public static final String PUBKEY_AUTH_CONFIG_PROP = "PubkeyAuthentication"; + public static final String DEFAULT_PUBKEY_AUTH = "yes"; + public static final boolean DEFAULT_PUBKEY_AUTH_VALUE = parseBooleanValue(DEFAULT_PUBKEY_AUTH); + + public static final String PASSWORD_AUTH_CONFIG_PROP = "PasswordAuthentication"; + public static final String DEFAULT_PASSWORD_AUTH = "yes"; + public static final boolean DEFAULT_PASSWORD_AUTH_VALUE = parseBooleanValue(DEFAULT_PASSWORD_AUTH); + + public static final String KBD_INTERACTIVE_CONFIG_PROP = "KbdInteractiveAuthentication"; + public static final String DEFAULT_KBD_INTERACTIVE_AUTH = "yes"; + public static final boolean DEFAULT_KBD_INTERACTIVE_AUTH_VALUE = parseBooleanValue(DEFAULT_KBD_INTERACTIVE_AUTH); + + public static final String PREFERRED_AUTHS_CONFIG_PROP = "PreferredAuthentications"; + + public static final String LISTEN_ADDRESS_CONFIG_PROP = "ListenAddress"; + public static final String DEFAULT_BIND_ADDRESS = SshdSocketAddress.IPV4_ANYADDR; + public static final String PORT_CONFIG_PROP = "Port"; + public static final String KEEP_ALIVE_CONFIG_PROP = "TCPKeepAlive"; + public static final boolean DEFAULT_KEEP_ALIVE = true; + public static final String USE_DNS_CONFIG_PROP = "UseDNS"; + // NOTE: the usual default is TRUE + public static final boolean DEFAULT_USE_DNS = true; + public static final String AUTH_KEYS_FILE_CONFIG_PROP = "AuthorizedKeysFile"; + public static final String MAX_AUTH_TRIES_CONFIG_PROP = "MaxAuthTries"; + public static final int DEFAULT_MAX_AUTH_TRIES = 6; + public static final String MAX_STARTUPS_CONFIG_PROP = "MaxStartups"; + public static final int DEFAULT_MAX_STARTUPS = 10; + public static final String LOGIN_GRACE_TIME_CONFIG_PROP = "LoginGraceTime"; + public static final long DEFAULT_LOGIN_GRACE_TIME = TimeUnit.SECONDS.toMillis(120); + public static final String KEY_REGENERATE_INTERVAL_CONFIG_PROP = "KeyRegenerationInterval"; + public static final long DEFAULT_REKEY_TIME_LIMIT = TimeUnit.HOURS.toMillis(1L); + // see http://manpages.ubuntu.com/manpages/precise/en/man5/sshd_config.5.html + public static final String CIPHERS_CONFIG_PROP = "Ciphers"; + // see http://manpages.ubuntu.com/manpages/precise/en/man5/sshd_config.5.html + public static final String MACS_CONFIG_PROP = "MACs"; + // see http://manpages.ubuntu.com/manpages/precise/en/man5/sshd_config.5.html + public static final String KEX_ALGORITHMS_CONFIG_PROP = "KexAlgorithms"; + // see http://linux.die.net/man/5/ssh_config + public static final String HOST_KEY_ALGORITHMS_CONFIG_PROP = "HostKeyAlgorithms"; + public static final String SUBSYSTEM_CONFIG_PROP = "Subsystem"; + + private ConfigFileReaderSupport() { + throw new UnsupportedOperationException("No instance"); + } + + public static Properties readConfigFile(Path path, OpenOption... options) throws IOException { + try (InputStream input = Files.newInputStream(path, options)) { + return readConfigFile(input, true); + } + } + + public static Properties readConfigFile(URL url) throws IOException { + try (InputStream input = url.openStream()) { + return readConfigFile(input, true); + } + } + + public static Properties readConfigFile(InputStream input, boolean okToClose) throws IOException { + try (Reader reader = new InputStreamReader( + NoCloseInputStream.resolveInputStream(input, okToClose), StandardCharsets.UTF_8)) { + return readConfigFile(reader, true); + } + } + + public static Properties readConfigFile(Reader reader, boolean okToClose) throws IOException { + try (BufferedReader buf = new BufferedReader(NoCloseReader.resolveReader(reader, okToClose))) { + return readConfigFile(buf); + } + } + + /** + * Reads the configuration file contents into a {@link Properties} instance. Note: multiple keys value are + * concatenated using a comma - it is up to the caller to know which keys are expected to have multiple values and + * handle the split accordingly + * + * @param rdr The {@link BufferedReader} for reading the file + * @return The read properties + * @throws IOException If failed to read or malformed content + */ + public static Properties readConfigFile(BufferedReader rdr) throws IOException { + Properties props = new Properties(); + int lineNumber = 1; + for (String line = rdr.readLine(); line != null; line = rdr.readLine(), lineNumber++) { + line = GenericUtils.replaceWhitespaceAndTrim(line); + if (GenericUtils.isEmpty(line)) { + continue; + } + + int pos = line.indexOf(COMMENT_CHAR); + if (pos == 0) { + continue; + } + + if (pos > 0) { + line = line.substring(0, pos); + line = line.trim(); + } + + /* + * Some options use '=', others use ' ' - try both NOTE: we do not validate the format for each option + * separately + */ + pos = line.indexOf(' '); + if (pos < 0) { + pos = line.indexOf('='); + } + + if (pos < 0) { + throw new StreamCorruptedException("No delimiter at line " + lineNumber + ": " + line); + } + + String key = line.substring(0, pos); + String value = line.substring(pos + 1).trim(); + // see if need to concatenate multi-valued keys + String prev = props.getProperty(key); + if (!GenericUtils.isEmpty(prev)) { + value = prev + "," + value; + } + + props.setProperty(key, value); + } + + return props; + } + + /** + * @param v Checks if the value is "yes", "y", "on", "t" or + * "true". + * @return The result - Note: {@code null}/empty values are interpreted as {@code false} + * @see PropertyResolverUtils#TRUE_VALUES + */ + public static boolean parseBooleanValue(String v) { + if (GenericUtils.isEmpty(v)) { + return false; + } + + return PropertyResolverUtils.TRUE_VALUES.contains(v); + } + + /** + * Returns a "yes" or "no" value based on the input parameter + * + * @param flag The required state + * @return "yes" if {@code true}, "no" otherwise + */ + public static String yesNoValueOf(boolean flag) { + return flag ? "yes" : "no"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/FactoriesListParseResult.java b/files-sftp/src/main/java/org/apache/sshd/common/config/FactoriesListParseResult.java new file mode 100644 index 0000000..6d425c0 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/FactoriesListParseResult.java @@ -0,0 +1,51 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config; + +import java.util.List; + +import org.apache.sshd.common.Factory; +import org.apache.sshd.common.NamedResource; + +/** + * @param Result type + * @param Factory type + * @author Apache MINA SSHD Project + */ +public abstract class FactoriesListParseResult extends ListParseResult { + protected FactoriesListParseResult(List parsed, List unsupported) { + super(parsed, unsupported); + } + + /** + * @return The {@link List} of successfully parsed {@link Factory} instances in the same order as they were + * encountered during parsing + */ + public final List getParsedFactories() { + return getParsedValues(); + } + + /** + * @return A {@link List} of unknown/unsupported configuration values for the factories + */ + public List getUnsupportedFactories() { + return getUnsupportedValues(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/ListParseResult.java b/files-sftp/src/main/java/org/apache/sshd/common/config/ListParseResult.java new file mode 100644 index 0000000..f160234 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/ListParseResult.java @@ -0,0 +1,64 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config; + +import java.util.List; + +import org.apache.sshd.common.util.GenericUtils; + +/** + * Used to hold the result of parsing a list of value. Such result contains known and unknown values - which are + * accessible via the respective {@link #getParsedValues()} and {@link #getUnsupportedValues()} methods. Note: + * the returned {@link List}s may be un-modifiable, so it is recommended to avoid attempting changing the, returned + * list(s) + * + * @param Type of list item + * @author Apache MINA SSHD Project + */ +public abstract class ListParseResult { + private final List parsed; + private final List unsupported; + + protected ListParseResult(List parsed, List unsupported) { + this.parsed = parsed; + this.unsupported = unsupported; + } + + /** + * @return The {@link List} of successfully parsed value instances in the same order as they were encountered + * during parsing + */ + public final List getParsedValues() { + return parsed; + } + + /** + * @return A {@link List} of unknown/unsupported configuration values for the factories + */ + public List getUnsupportedValues() { + return unsupported; + } + + @Override + public String toString() { + return "parsed=" + GenericUtils.join(getParsedValues(), ',') + + ";unsupported=" + GenericUtils.join(getUnsupportedValues(), ','); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/NamedFactoriesListParseResult.java b/files-sftp/src/main/java/org/apache/sshd/common/config/NamedFactoriesListParseResult.java new file mode 100644 index 0000000..3935b25 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/NamedFactoriesListParseResult.java @@ -0,0 +1,47 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config; + +import java.util.List; + +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.util.GenericUtils; + +/** + * Holds the result of parsing a list of {@link NamedFactory}ies + * + * @param Result type + * @param Factory type + * @author Apache MINA SSHD Project + */ +public abstract class NamedFactoriesListParseResult + extends FactoriesListParseResult { + + protected NamedFactoriesListParseResult(List parsed, List unsupported) { + super(parsed, unsupported); + } + + @Override + public String toString() { + return "parsed=" + NamedResource.getNames(getParsedFactories()) + + ";unknown=" + GenericUtils.join(getUnsupportedFactories(), ','); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/NamedResourceListParseResult.java b/files-sftp/src/main/java/org/apache/sshd/common/config/NamedResourceListParseResult.java new file mode 100644 index 0000000..c90079b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/NamedResourceListParseResult.java @@ -0,0 +1,56 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config; + +import java.util.List; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.util.GenericUtils; + +/** + * @param Type of result {@link NamedResource} + * @author Apache MINA SSHD Project + */ +public abstract class NamedResourceListParseResult extends ListParseResult { + protected NamedResourceListParseResult(List parsed, List unsupported) { + super(parsed, unsupported); + } + + /** + * @return The {@link List} of successfully parsed {@link NamedResource} instances in the same order as they + * were encountered during parsing + */ + public final List getParsedResources() { + return getParsedValues(); + } + + /** + * @return A {@link List} of unknown/unsupported configuration values for the resources + */ + public List getUnsupportedResources() { + return getUnsupportedValues(); + } + + @Override + public String toString() { + return "parsed=" + NamedResource.getNames(getParsedResources()) + + ";unknown=" + GenericUtils.join(getUnsupportedResources(), ','); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/SshConfigFileReader.java b/files-sftp/src/main/java/org/apache/sshd/common/config/SshConfigFileReader.java new file mode 100644 index 0000000..e4244a1 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/SshConfigFileReader.java @@ -0,0 +1,345 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config; + +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Objects; +import java.util.Properties; +import java.util.function.Function; + +import org.apache.sshd.common.BuiltinFactory; +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.PropertyResolver; +import org.apache.sshd.common.cipher.BuiltinCiphers; +import org.apache.sshd.common.cipher.Cipher; +import org.apache.sshd.common.compression.BuiltinCompressions; +import org.apache.sshd.common.compression.Compression; +import org.apache.sshd.common.compression.CompressionFactory; +import org.apache.sshd.common.helpers.AbstractFactoryManager; +import org.apache.sshd.common.kex.BuiltinDHFactories; +import org.apache.sshd.common.kex.DHFactory; +import org.apache.sshd.common.kex.KeyExchange; +import org.apache.sshd.common.kex.KeyExchangeFactory; +import org.apache.sshd.common.mac.BuiltinMacs; +import org.apache.sshd.common.mac.Mac; +import org.apache.sshd.common.signature.BuiltinSignatures; +import org.apache.sshd.common.signature.Signature; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * Reads and interprets some useful configurations from an OpenSSH configuration file. + * + * @author Apache MINA SSHD Project + * @see ssh_config(5) + */ +public final class SshConfigFileReader { + private SshConfigFileReader() { + throw new UnsupportedOperationException("No instance allowed"); + } + + /** + * @param props The {@link PropertyResolver} - ignored if {@code null}/empty + * @return A {@code ParseResult} of all the {@link NamedFactory}-ies whose name appears in the string and + * represent a built-in cipher. Any unknown name is ignored. The order of the returned result + * is the same as the original order - bar the unknown ciphers. Note: it is up to caller to + * ensure that the lists do not contain duplicates + * @see ConfigFileReaderSupport#CIPHERS_CONFIG_PROP CIPHERS_CONFIG_PROP + * @see BuiltinCiphers#parseCiphersList(String) + */ + public static BuiltinCiphers.ParseResult getCiphers(PropertyResolver props) { + return BuiltinCiphers.parseCiphersList( + (props == null) ? null : props.getString(ConfigFileReaderSupport.CIPHERS_CONFIG_PROP)); + } + + /** + * @param props The {@link PropertyResolver} - ignored if {@code null}/empty + * @return A {@code ParseResult} of all the {@link NamedFactory}-ies whose name appears in the string and + * represent a built-in MAC. Any unknown name is ignored. The order of the returned result is + * the same as the original order - bar the unknown MACs. Note: it is up to caller to ensure + * that the list does not contain duplicates + * @see ConfigFileReaderSupport#MACS_CONFIG_PROP MACS_CONFIG_PROP + * @see BuiltinMacs#parseMacsList(String) + */ + public static BuiltinMacs.ParseResult getMacs(PropertyResolver props) { + return BuiltinMacs.parseMacsList( + (props == null) ? null : props.getString(ConfigFileReaderSupport.MACS_CONFIG_PROP)); + } + + /** + * @param props The {@link PropertyResolver} - ignored if {@code null}/empty + * @return A {@code ParseResult} of all the {@link NamedFactory} whose name appears in the string and + * represent a built-in signature. Any unknown name is ignored. The order of the returned + * result is the same as the original order - bar the unknown signatures. Note: it is up to + * caller to ensure that the list does not contain duplicates + * @see ConfigFileReaderSupport#HOST_KEY_ALGORITHMS_CONFIG_PROP HOST_KEY_ALGORITHMS_CONFIG_PROP + * @see BuiltinSignatures#parseSignatureList(String) + */ + public static BuiltinSignatures.ParseResult getSignatures(PropertyResolver props) { + return BuiltinSignatures.parseSignatureList( + (props == null) ? null : props.getString(ConfigFileReaderSupport.HOST_KEY_ALGORITHMS_CONFIG_PROP)); + } + + /** + * @param props The {@link PropertyResolver} - ignored if {@code null}/empty + * @return A {@code ParseResult} of all the {@link DHFactory}-ies whose name appears in the string and + * represent a built-in value. Any unknown name is ignored. The order of the returned result is + * the same as the original order - bar the unknown ones. Note: it is up to caller to ensure + * that the list does not contain duplicates + * @see ConfigFileReaderSupport#KEX_ALGORITHMS_CONFIG_PROP KEX_ALGORITHMS_CONFIG_PROP + * @see BuiltinDHFactories#parseDHFactoriesList(String) + */ + public static BuiltinDHFactories.ParseResult getKexFactories(PropertyResolver props) { + return BuiltinDHFactories.parseDHFactoriesList( + (props == null) ? null : props.getString(ConfigFileReaderSupport.KEX_ALGORITHMS_CONFIG_PROP)); + } + + /** + * @param props The {@link PropertyResolver} - ignored if {@code null}/empty + * @return The matching {@link NamedFactory} for the configured value. {@code null} if no configuration or + * unknown name specified + * @see ConfigFileReaderSupport#COMPRESSION_PROP COMPRESSION_PROP + */ + public static CompressionFactory getCompression(PropertyResolver props) { + return CompressionConfigValue.fromName( + (props == null) ? null : props.getString(ConfigFileReaderSupport.COMPRESSION_PROP)); + } + + /** + *

    + * Configures an {@link AbstractFactoryManager} with the values read from some configuration. Currently it + * configures: + *

    + *
      + *
    • The {@link Cipher}s - via the {@link ConfigFileReaderSupport#CIPHERS_CONFIG_PROP}
      • + *
    • The {@link Mac}s - via the {@link ConfigFileReaderSupport#MACS_CONFIG_PROP}
      • + *
    • The {@link Signature}s - via the {@link ConfigFileReaderSupport#HOST_KEY_ALGORITHMS_CONFIG_PROP}
      • + *
    • The {@link Compression} - via the {@link ConfigFileReaderSupport#COMPRESSION_PROP}
      • + *
    + * + * @param The generic factory manager + * @param manager The {@link AbstractFactoryManager} to configure + * @param props The {@link PropertyResolver} to use for configuration - Note: if any known + * configuration value has a default and does not appear in the properties, the default is + * used + * @param lenient If {@code true} then any unknown configuration values are ignored. Otherwise an + * {@link IllegalArgumentException} is thrown + * @param ignoreUnsupported filter out unsupported configuration values (e.g., ciphers, key exchanges, etc..). + * Note: if after filtering out all the unknown or unsupported values there is an + * empty configuration exception is thrown + * @return The configured manager + */ + public static M configure( + M manager, PropertyResolver props, boolean lenient, boolean ignoreUnsupported) { + configureCiphers(manager, props, lenient, ignoreUnsupported); + configureSignatures(manager, props, lenient, ignoreUnsupported); + configureMacs(manager, props, lenient, ignoreUnsupported); + configureCompression(manager, props, lenient, ignoreUnsupported); + + return manager; + } + + public static M configureCiphers( + M manager, PropertyResolver props, boolean lenient, boolean ignoreUnsupported) { + Objects.requireNonNull(props, "No properties to configure"); + return configureCiphers(manager, + props.getString(ConfigFileReaderSupport.CIPHERS_CONFIG_PROP), + lenient, ignoreUnsupported); + } + + public static M configureCiphers( + M manager, String value, boolean lenient, boolean ignoreUnsupported) { + Objects.requireNonNull(manager, "No manager to configure"); + if (GenericUtils.isEmpty(value)) { + return manager; + } + + BuiltinCiphers.ParseResult result = BuiltinCiphers.parseCiphersList(value); + Collection unsupported = result.getUnsupportedFactories(); + ValidateUtils.checkTrue(lenient || GenericUtils.isEmpty(unsupported), + "Unsupported cipher(s) (%s) in %s", unsupported, value); + + List> factories + = BuiltinFactory.setUpFactories(ignoreUnsupported, result.getParsedFactories()); + manager.setCipherFactories( + ValidateUtils.checkNotNullAndNotEmpty(factories, "No known/unsupported ciphers(s): %s", value)); + return manager; + } + + public static M configureSignatures( + M manager, PropertyResolver props, boolean lenient, boolean ignoreUnsupported) { + Objects.requireNonNull(props, "No properties to configure"); + return configureSignatures(manager, + props.getString(ConfigFileReaderSupport.HOST_KEY_ALGORITHMS_CONFIG_PROP), + lenient, ignoreUnsupported); + } + + public static M configureSignatures( + M manager, String value, boolean lenient, boolean ignoreUnsupported) { + Objects.requireNonNull(manager, "No manager to configure"); + if (GenericUtils.isEmpty(value)) { + return manager; + } + + BuiltinSignatures.ParseResult result = BuiltinSignatures.parseSignatureList(value); + Collection unsupported = result.getUnsupportedFactories(); + ValidateUtils.checkTrue(lenient || GenericUtils.isEmpty(unsupported), + "Unsupported signatures (%s) in %s", unsupported, value); + + List> factories + = BuiltinFactory.setUpFactories(ignoreUnsupported, result.getParsedFactories()); + manager.setSignatureFactories( + ValidateUtils.checkNotNullAndNotEmpty(factories, "No known/supported signatures: %s", value)); + return manager; + } + + public static M configureMacs( + M manager, PropertyResolver resolver, boolean lenient, boolean ignoreUnsupported) { + Objects.requireNonNull(resolver, "No properties to configure"); + return configureMacs(manager, + resolver.getString(ConfigFileReaderSupport.MACS_CONFIG_PROP), + lenient, ignoreUnsupported); + } + + public static M configureMacs( + M manager, String value, boolean lenient, boolean ignoreUnsupported) { + Objects.requireNonNull(manager, "No manager to configure"); + if (GenericUtils.isEmpty(value)) { + return manager; + } + + BuiltinMacs.ParseResult result = BuiltinMacs.parseMacsList(value); + Collection unsupported = result.getUnsupportedFactories(); + ValidateUtils.checkTrue(lenient || GenericUtils.isEmpty(unsupported), + "Unsupported MAC(s) (%s) in %s", unsupported, value); + + List> factories = BuiltinFactory.setUpFactories(ignoreUnsupported, result.getParsedFactories()); + manager.setMacFactories( + ValidateUtils.checkNotNullAndNotEmpty(factories, "No known/supported MAC(s): %s", value)); + return manager; + } + + /** + * @param The generic factory manager + * @param manager The {@link AbstractFactoryManager} to set up (may not be {@code null}) + * @param props The (non-{@code null}) {@link PropertyResolver} containing the configuration + * @param lenient If {@code true} then any unknown/unsupported configuration values are ignored. + * Otherwise an {@link IllegalArgumentException} is thrown + * @param xformer A {@link Function} to convert the configured {@link DHFactory}-ies to + * {@link NamedFactory}-ies of {@link KeyExchange} + * @param ignoreUnsupported Filter out any un-supported configurations - Note: if after ignoring the unknown + * and un-supported values the result is an empty list of factories and exception is + * thrown + * @return The configured manager + * @see ConfigFileReaderSupport#KEX_ALGORITHMS_CONFIG_PROP KEX_ALGORITHMS_CONFIG_PROP + */ + public static M configureKeyExchanges( + M manager, PropertyResolver props, boolean lenient, + Function xformer, boolean ignoreUnsupported) { + Objects.requireNonNull(props, "No properties to configure"); + return configureKeyExchanges(manager, + props.getString(ConfigFileReaderSupport.KEX_ALGORITHMS_CONFIG_PROP), + lenient, xformer, ignoreUnsupported); + } + + public static M configureKeyExchanges( + M manager, String value, boolean lenient, + Function xformer, boolean ignoreUnsupported) { + Objects.requireNonNull(manager, "No manager to configure"); + Objects.requireNonNull(xformer, "No DHFactory transformer"); + if (GenericUtils.isEmpty(value)) { + return manager; + } + + BuiltinDHFactories.ParseResult result = BuiltinDHFactories.parseDHFactoriesList(value); + Collection unsupported = result.getUnsupportedFactories(); + ValidateUtils.checkTrue(lenient || GenericUtils.isEmpty(unsupported), + "Unsupported KEX(s) (%s) in %s", unsupported, value); + + List factories + = NamedFactory.setUpTransformedFactories(ignoreUnsupported, result.getParsedFactories(), xformer); + manager.setKeyExchangeFactories( + ValidateUtils.checkNotNullAndNotEmpty(factories, "No known/supported KEXS(s): %s", value)); + return manager; + } + + /** + * Configure the factory manager using one of the known {@link CompressionConfigValue}s. + * + * @param The generic factory manager + * @param manager The {@link AbstractFactoryManager} to configure + * @param props The configuration {@link Properties} + * @param lenient If {@code true} and an unknown value is provided then it is ignored + * @param ignoreUnsupported If {@code false} then check if the compression is currently supported before setting it + * @return The configured manager - Note: if the result of filtering due to lenient mode or + * ignored unsupported value is empty then no factories are set + */ + public static M configureCompression( + M manager, PropertyResolver props, boolean lenient, boolean ignoreUnsupported) { + Objects.requireNonNull(manager, "No manager to configure"); + Objects.requireNonNull(props, "No properties to configure"); + + String value = props.getString(ConfigFileReaderSupport.COMPRESSION_PROP); + if (GenericUtils.isEmpty(value)) { + return manager; + } + + CompressionFactory factory = CompressionConfigValue.fromName(value); + ValidateUtils.checkTrue(lenient || (factory != null), "Unsupported compression value: %s", value); + if ((factory != null) && factory.isSupported()) { + manager.setCompressionFactories(Collections.singletonList(factory)); + } + + return manager; + } + + // accepts BOTH CompressionConfigValue(s) and/or BuiltinCompressions - including extensions + public static M configureCompression( + M manager, String value, boolean lenient, boolean ignoreUnsupported) { + Objects.requireNonNull(manager, "No manager to configure"); + if (GenericUtils.isEmpty(value)) { + return manager; + } + + CompressionFactory factory = CompressionConfigValue.fromName(value); + if (factory != null) { + // SSH can work without compression + if (ignoreUnsupported || factory.isSupported()) { + manager.setCompressionFactories(Collections.singletonList(factory)); + } + } else { + BuiltinCompressions.ParseResult result = BuiltinCompressions.parseCompressionsList(value); + Collection unsupported = result.getUnsupportedFactories(); + ValidateUtils.checkTrue(lenient || GenericUtils.isEmpty(unsupported), "Unsupported compressions(s) (%s) in %s", + unsupported, value); + + List> factories + = BuiltinFactory.setUpFactories(ignoreUnsupported, result.getParsedFactories()); + // SSH can work without compression + if (GenericUtils.size(factories) > 0) { + manager.setCompressionFactories(factories); + } + } + + return manager; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/TimeValueConfig.java b/files-sftp/src/main/java/org/apache/sshd/common/config/TimeValueConfig.java new file mode 100644 index 0000000..9652a90 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/TimeValueConfig.java @@ -0,0 +1,182 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config; + +import java.util.Collections; +import java.util.EnumMap; +import java.util.EnumSet; +import java.util.Map; +import java.util.Set; +import java.util.concurrent.TimeUnit; + +import org.apache.sshd.common.util.GenericUtils; + +/** + * @author Apache MINA SSHD Project + * @see Time formats for SSH configuration values + */ +public enum TimeValueConfig { + SECONDS('s', 'S', TimeUnit.SECONDS.toMillis(1L)), + MINUTES('m', 'M', TimeUnit.MINUTES.toMillis(1L)), + HOURS('h', 'H', TimeUnit.HOURS.toMillis(1L)), + DAYS('d', 'D', TimeUnit.DAYS.toMillis(1L)), + WEEKS('w', 'W', TimeUnit.DAYS.toMillis(7L)); + + public static final Set VALUES = Collections.unmodifiableSet(EnumSet.allOf(TimeValueConfig.class)); + + private final char loChar; + private final char hiChar; + private final long interval; + + TimeValueConfig(char lo, char hi, long interval) { + loChar = lo; + hiChar = hi; + this.interval = interval; + } + + public final char getLowerCaseValue() { + return loChar; + } + + public final char getUpperCaseValue() { + return hiChar; + } + + public final long getInterval() { + return interval; + } + + public static TimeValueConfig fromValueChar(char ch) { + if ((ch <= ' ') || (ch >= 0x7F)) { + return null; + } + + for (TimeValueConfig v : VALUES) { + if ((v.getLowerCaseValue() == ch) || (v.getUpperCaseValue() == ch)) { + return v; + } + } + + return null; + } + + /** + * @param s A time specification + * @return The specified duration in milliseconds + * @see #parse(String) + * @see #durationOf(Map) + */ + public static long durationOf(String s) { + Map spec = parse(s); + return durationOf(spec); + } + + /** + * @param s An input time specification containing possibly mixed numbers and units - e.g., + * {@code 3h10m} to indicate 3 hours and 10 minutes + * @return A {@link Map} specifying for each time unit its count + * @throws NumberFormatException If bad numbers found - e.g., negative counts + * @throws IllegalArgumentException If bad format - e.g., unknown unit + */ + public static Map parse(String s) throws IllegalArgumentException { + if (GenericUtils.isEmpty(s)) { + return Collections.emptyMap(); + } + + int lastPos = 0; + Map spec = new EnumMap<>(TimeValueConfig.class); + for (int curPos = 0; curPos < s.length(); curPos++) { + char ch = s.charAt(curPos); + if ((ch >= '0') && (ch <= '9')) { + continue; + } + + if (curPos <= lastPos) { + throw new IllegalArgumentException("parse(" + s + ") missing count value at index=" + curPos); + } + + TimeValueConfig c = fromValueChar(ch); + if (c == null) { + throw new IllegalArgumentException("parse(" + s + ") unknown time value character: '" + ch + "'"); + } + + String v = s.substring(lastPos, curPos); + long count = Long.parseLong(v); + if (count < 0L) { + throw new IllegalArgumentException("parse(" + s + ") negative count (" + v + ") for " + c.name()); + } + + Long prev = spec.put(c, count); + if (prev != null) { + throw new IllegalArgumentException( + "parse(" + s + ") " + c.name() + " value re-specified: current=" + count + ", previous=" + prev); + } + + lastPos = curPos + 1; + if (lastPos >= s.length()) { + break; + } + } + + if (lastPos < s.length()) { + String v = s.substring(lastPos); + long count = Long.parseLong(v); + if (count < 0L) { + throw new IllegalArgumentException("parse(" + s + ") negative count (" + v + ") for last component"); + } + + Long prev = spec.put(SECONDS, count); + if (prev != null) { + throw new IllegalArgumentException( + "parse(" + s + ") last component (" + SECONDS.name() + ") value re-specified: current=" + count + + ", previous=" + prev); + } + } + + return spec; + } + + /** + * @param spec The {@link Map} specifying the count for each {@link TimeValueConfig} + * @return The total duration in milliseconds + * @throws IllegalArgumentException If negative count for a time unit + */ + public static long durationOf(Map spec) throws IllegalArgumentException { + if (GenericUtils.isEmpty(spec)) { + return -1L; + } + + long total = 0L; + // Cannot use forEach because the total value is not effectively final + for (Map.Entry se : spec.entrySet()) { + TimeValueConfig v = se.getKey(); + Number c = se.getValue(); + long factor = c.longValue(); + if (factor < 0L) { + throw new IllegalArgumentException("valueOf(" + spec + ") bad factor (" + c + ") for " + v.name()); + } + + long added = v.getInterval() * factor; + total += added; + } + + return total; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/VersionProperties.java b/files-sftp/src/main/java/org/apache/sshd/common/config/VersionProperties.java new file mode 100644 index 0000000..b5b0def --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/VersionProperties.java @@ -0,0 +1,100 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config; + +import java.io.InputStream; +import java.util.Collections; +import java.util.Iterator; +import java.util.NavigableMap; +import java.util.Properties; +import java.util.TreeMap; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.threads.ThreadUtils; + +/** + * @author Apache MINA SSHD Project + */ +public final class VersionProperties { + /** + * Property used to hold the reported version + */ + public static final String REPORTED_VERSION = "sshd-version"; + + private static final class LazyVersionPropertiesHolder { + private static final NavigableMap PROPERTIES = Collections.unmodifiableNavigableMap( + loadVersionProperties(LazyVersionPropertiesHolder.class)); + + private LazyVersionPropertiesHolder() { + throw new UnsupportedOperationException("No instance allowed"); + } + + private static NavigableMap loadVersionProperties(Class anchor) { + return loadVersionProperties(anchor, ThreadUtils.iterateDefaultClassLoaders(anchor)); + } + + private static NavigableMap loadVersionProperties( + Class anchor, Iterator loaders) { + while ((loaders != null) && loaders.hasNext()) { + ClassLoader cl = loaders.next(); + Properties props; + try (InputStream input = cl.getResourceAsStream("org/apache/sshd/sshd-version.properties")) { + if (input == null) { + continue; + } + + props = new Properties(); + props.load(input); + } catch (Exception e) { + continue; + } + + NavigableMap result = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + for (String key : props.stringPropertyNames()) { + String propValue = props.getProperty(key); + String value = GenericUtils.trimToEmpty(propValue); + if (GenericUtils.isEmpty(value)) { + continue; // we have no need for empty values + } + + String prev = result.put(key, value); + if (prev != null) { + } + } + + return result; + } + + return Collections.emptyNavigableMap(); + } + } + + private VersionProperties() { + throw new UnsupportedOperationException("No instance"); + } + + /** + * @return A case insensitive un-modifiable {@link NavigableMap} of the {@code sshd-version.properties} data + */ + @SuppressWarnings("synthetic-access") + public static NavigableMap getVersionProperties() { + return LazyVersionPropertiesHolder.PROPERTIES; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/AuthorizedKeyEntry.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/AuthorizedKeyEntry.java new file mode 100644 index 0000000..b584b40 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/AuthorizedKeyEntry.java @@ -0,0 +1,470 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.Reader; +import java.io.StreamCorruptedException; +import java.net.URL; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.OpenOption; +import java.nio.file.Path; +import java.security.GeneralSecurityException; +import java.security.PublicKey; +import java.security.spec.InvalidKeySpecException; +import java.util.AbstractMap.SimpleImmutableEntry; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.NavigableMap; +import java.util.TreeMap; + +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.io.NoCloseInputStream; +import org.apache.sshd.common.util.io.NoCloseReader; + +/** + * Represents an entry in the user's {@code authorized_keys} file according to the + * OpenSSH + * format. Note: {@code equals/hashCode} check only the key type and data - the comment and/or login options + * are not considered part of equality + * + * @author Apache MINA SSHD Project + * @see sshd(8) - AUTHORIZED_KEYS_FILE_FORMAT + */ +public class AuthorizedKeyEntry extends PublicKeyEntry { + public static final char BOOLEAN_OPTION_NEGATION_INDICATOR = '!'; + + private static final long serialVersionUID = -9007505285002809156L; + + private String comment; + // for options that have no value, "true" is used + private Map loginOptions = Collections.emptyMap(); + + public AuthorizedKeyEntry() { + super(); + } + + public String getComment() { + return comment; + } + + public void setComment(String value) { + this.comment = value; + } + + public Map getLoginOptions() { + return loginOptions; + } + + public void setLoginOptions(Map value) { + if (value == null) { + this.loginOptions = Collections.emptyMap(); + } else { + this.loginOptions = value; + } + } + + /** + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} + * if not invoked within a session context (e.g., offline tool or session unknown). + * @param fallbackResolver The {@link PublicKeyEntryResolver} to consult if none of the built-in ones can + * be used. If {@code null} and no built-in resolver can be used then an + * {@link InvalidKeySpecException} is thrown. + * @return The resolved {@link PublicKey} - or {@code null} if could not be resolved. + * Note: may be called only after key type and data bytes have been set or + * exception(s) may be thrown + * @throws IOException If failed to decode the key + * @throws GeneralSecurityException If failed to generate the key + * @see PublicKeyEntry#resolvePublicKey(SessionContext, Map, PublicKeyEntryResolver) + */ + public PublicKey resolvePublicKey( + SessionContext session, PublicKeyEntryResolver fallbackResolver) + throws IOException, GeneralSecurityException { + return resolvePublicKey(session, getLoginOptions(), fallbackResolver); + } + + @Override + public PublicKey appendPublicKey( + SessionContext session, Appendable sb, PublicKeyEntryResolver fallbackResolver) + throws IOException, GeneralSecurityException { + Map options = getLoginOptions(); + if (!GenericUtils.isEmpty(options)) { + int index = 0; + // Cannot use forEach because the index value is not effectively final + for (Map.Entry oe : options.entrySet()) { + String key = oe.getKey(); + String value = oe.getValue(); + if (index > 0) { + sb.append(','); + } + sb.append(key); + // TODO figure out a way to remember which options where quoted + // TODO figure out a way to remember which options had no value + if (!"true".equals(value)) { + sb.append('=').append(value); + } + index++; + } + + if (index > 0) { + sb.append(' '); + } + } + + PublicKey key = super.appendPublicKey(session, sb, fallbackResolver); + String kc = getComment(); + if (!GenericUtils.isEmpty(kc)) { + sb.append(' ').append(kc); + } + + return key; + } + + @Override // to avoid Findbugs[EQ_DOESNT_OVERRIDE_EQUALS] + public int hashCode() { + return super.hashCode(); + } + + @Override // to avoid Findbugs[EQ_DOESNT_OVERRIDE_EQUALS] + public boolean equals(Object obj) { + return super.equals(obj); + } + + @Override + public String toString() { + String entry = super.toString(); + String kc = getComment(); + Map ko = getLoginOptions(); + return (GenericUtils.isEmpty(ko) ? "" : ko.toString() + " ") + + entry + + (GenericUtils.isEmpty(kc) ? "" : " " + kc); + } + + /** + * Reads read the contents of an {@code authorized_keys} file + * + * @param url The {@link URL} to read from + * @return A {@link List} of all the {@link AuthorizedKeyEntry}-ies found there + * @throws IOException If failed to read or parse the entries + * @see #readAuthorizedKeys(InputStream, boolean) + */ + public static List readAuthorizedKeys(URL url) throws IOException { + try (InputStream in = url.openStream()) { + return readAuthorizedKeys(in, true); + } + } + + /** + * Reads read the contents of an {@code authorized_keys} file + * + * @param path {@link Path} to read from + * @param options The {@link OpenOption}s to use - if unspecified then appropriate defaults assumed + * @return A {@link List} of all the {@link AuthorizedKeyEntry}-ies found there + * @throws IOException If failed to read or parse the entries + * @see #readAuthorizedKeys(InputStream, boolean) + * @see Files#newInputStream(Path, OpenOption...) + */ + public static List readAuthorizedKeys(Path path, OpenOption... options) throws IOException { + try (InputStream in = Files.newInputStream(path, options)) { + return readAuthorizedKeys(in, true); + } + } + + /** + * Reads read the contents of an {@code authorized_keys} file + * + * @param in The {@link InputStream} to use to read the contents of an {@code authorized_keys} file + * @param okToClose {@code true} if method may close the input regardless success or failure + * @return A {@link List} of all the {@link AuthorizedKeyEntry}-ies found there + * @throws IOException If failed to read or parse the entries + * @see #readAuthorizedKeys(Reader, boolean) + */ + public static List readAuthorizedKeys(InputStream in, boolean okToClose) throws IOException { + try (Reader rdr = new InputStreamReader( + NoCloseInputStream.resolveInputStream(in, okToClose), StandardCharsets.UTF_8)) { + return readAuthorizedKeys(rdr, true); + } + } + + /** + * Reads read the contents of an {@code authorized_keys} file + * + * @param rdr The {@link Reader} to use to read the contents of an {@code authorized_keys} file + * @param okToClose {@code true} if method may close the input regardless success or failure + * @return A {@link List} of all the {@link AuthorizedKeyEntry}-ies found there + * @throws IOException If failed to read or parse the entries + * @see #readAuthorizedKeys(BufferedReader) + */ + public static List readAuthorizedKeys(Reader rdr, boolean okToClose) throws IOException { + try (BufferedReader buf = new BufferedReader(NoCloseReader.resolveReader(rdr, okToClose))) { + return readAuthorizedKeys(buf); + } + } + + /** + * @param rdr The {@link BufferedReader} to use to read the contents of an {@code authorized_keys} file + * @return A {@link List} of all the {@link AuthorizedKeyEntry}-ies found there + * @throws IOException If failed to read or parse the entries + * @see #parseAuthorizedKeyEntry(String) + */ + public static List readAuthorizedKeys(BufferedReader rdr) throws IOException { + List entries = null; + for (String line = rdr.readLine(); line != null; line = rdr.readLine()) { + AuthorizedKeyEntry entry; + try { + entry = parseAuthorizedKeyEntry(line); + if (entry == null) { + continue; // null, empty or comment line + } + } catch (RuntimeException | Error e) { + throw new StreamCorruptedException( + "Failed (" + e.getClass().getSimpleName() + ")" + + " to parse key entry=" + line + ": " + e.getMessage()); + } + + if (entries == null) { + entries = new ArrayList<>(); + } + + entries.add(entry); + } + + if (entries == null) { + return Collections.emptyList(); + } else { + return entries; + } + } + + /** + * @param value Original line from an {@code authorized_keys} file + * @return {@link AuthorizedKeyEntry} or {@code null} if the line is {@code null}/empty or + * a comment line + * @throws IllegalArgumentException If failed to parse/decode the line + * @see #parseAuthorizedKeyEntry(String, PublicKeyEntryDataResolver) + */ + public static AuthorizedKeyEntry parseAuthorizedKeyEntry(String value) throws IllegalArgumentException { + return parseAuthorizedKeyEntry(value, null); + } + + /** + * @param value Original line from an {@code authorized_keys} file + * @param resolver The {@link PublicKeyEntryDataResolver} to use - if {@code null} one will be + * automatically resolved from the key type + * @return {@link AuthorizedKeyEntry} or {@code null} if the line is {@code null}/empty or + * a comment line + * @throws IllegalArgumentException If failed to parse/decode the line + */ + public static AuthorizedKeyEntry parseAuthorizedKeyEntry( + String value, PublicKeyEntryDataResolver resolver) + throws IllegalArgumentException { + String line = GenericUtils.replaceWhitespaceAndTrim(value); + if (GenericUtils.isEmpty(line) || (line.charAt(0) == COMMENT_CHAR) /* comment ? */) { + return null; + } + + int startPos = line.indexOf(' '); + if (startPos <= 0) { + throw new IllegalArgumentException("Bad format (no key data delimiter): " + line); + } + + int endPos = line.indexOf(' ', startPos + 1); + if (endPos <= startPos) { + endPos = line.length(); + } + + String keyType = line.substring(0, startPos); + Object decoder = PublicKeyEntry.getKeyDataEntryResolver(keyType); + if (decoder == null) { + decoder = KeyUtils.getPublicKeyEntryDecoder(keyType); + } + + AuthorizedKeyEntry entry; + // assume this is due to the fact that it starts with login options + if (decoder == null) { + Map.Entry comps = resolveEntryComponents(line); + entry = parseAuthorizedKeyEntry(comps.getValue()); + ValidateUtils.checkTrue(entry != null, "Bad format (no key data after login options): %s", line); + entry.setLoginOptions(parseLoginOptions(comps.getKey())); + } else { + String encData = (endPos < (line.length() - 1)) ? line.substring(0, endPos).trim() : line; + String comment = (endPos < (line.length() - 1)) ? line.substring(endPos + 1).trim() : null; + entry = parsePublicKeyEntry(new AuthorizedKeyEntry(), encData, resolver); + entry.setComment(comment); + } + + return entry; + } + + /** + * Parses a single line from an {@code authorized_keys} file that is known to contain login options and + * separates it to the options and the rest of the line. + * + * @param entryLine The line to be parsed + * @return A {@link SimpleImmutableEntry} representing the parsed data where key=login options part and + * value=rest of the data - {@code null} if no data in line or line starts with comment character + * @see sshd(8) - + * AUTHORIZED_KEYS_FILE_FORMAT + */ + public static SimpleImmutableEntry resolveEntryComponents(String entryLine) { + String line = GenericUtils.replaceWhitespaceAndTrim(entryLine); + if (GenericUtils.isEmpty(line) || (line.charAt(0) == COMMENT_CHAR) /* comment ? */) { + return null; + } + + for (int lastPos = 0; lastPos < line.length();) { + int startPos = line.indexOf(' ', lastPos); + if (startPos < lastPos) { + throw new IllegalArgumentException("Bad format (no key data delimiter): " + line); + } + + int quotePos = line.indexOf('"', startPos + 1); + // If found quotes after the space then assume part of a login option + if (quotePos > startPos) { + lastPos = quotePos + 1; + continue; + } + + String loginOptions = line.substring(0, startPos).trim(); + String remainder = line.substring(startPos + 1).trim(); + return new SimpleImmutableEntry<>(loginOptions, remainder); + } + + throw new IllegalArgumentException("Bad format (no key data contents): " + line); + } + + /** + *

    + * Parses login options line according to + * sshd(8) - AUTHORIZED_KEYS_FILE_FORMAT + * guidelines. Note: + *

    + * + *
      + *

      + *

    • Options that have a value are automatically stripped of any surrounding double quotes./
      • + *

      + * + *

      + *

    • Options that have no value are marked as {@code true/false} - according to the + * {@link #BOOLEAN_OPTION_NEGATION_INDICATOR}.
      • + *

      + * + *

      + *

    • Options that appear multiple times are simply concatenated using comma as separator.
      • + *

      + *
    + * + * @param options The options line to parse - ignored if {@code null}/empty/blank + * @return A {@link NavigableMap} where key=case insensitive option name and value=the parsed value. + * @see #addLoginOption(Map, String) addLoginOption + */ + public static NavigableMap parseLoginOptions(String options) { + String line = GenericUtils.replaceWhitespaceAndTrim(options); + int len = GenericUtils.length(line); + if (len <= 0) { + return Collections.emptyNavigableMap(); + } + + NavigableMap optsMap = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + int lastPos = 0; + for (int curPos = 0; curPos < len; curPos++) { + int nextPos = line.indexOf(',', curPos); + if (nextPos < curPos) { + break; + } + + // check if "true" comma or one inside quotes + int quotePos = line.indexOf('"', curPos); + if ((quotePos >= lastPos) && (quotePos < nextPos)) { + nextPos = line.indexOf('"', quotePos + 1); + if (nextPos <= quotePos) { + throw new IllegalArgumentException("Bad format (imbalanced quoted command): " + line); + } + + // Make sure either comma or no more options follow the 2nd quote + for (nextPos++; nextPos < len; nextPos++) { + char ch = line.charAt(nextPos); + if (ch == ',') { + break; + } + + if (ch != ' ') { + throw new IllegalArgumentException("Bad format (incorrect list format): " + line); + } + } + } + + addLoginOption(optsMap, line.substring(lastPos, nextPos)); + lastPos = nextPos + 1; + curPos = lastPos; + } + + // Any leftovers at end of line ? + if (lastPos < len) { + addLoginOption(optsMap, line.substring(lastPos)); + } + + return optsMap; + } + + /** + * Parses and adds a new option to the options map. If a valued option is re-specified then its value(s) are + * concatenated using comma as separator. + * + * @param optsMap Options map to add to + * @param option The option data to parse - ignored if {@code null}/empty/blank + * @return The updated entry - {@code null} if no option updated in the map + * @throws IllegalStateException If a boolean option is re-specified + */ + public static SimpleImmutableEntry addLoginOption(Map optsMap, String option) { + String p = GenericUtils.trimToEmpty(option); + if (GenericUtils.isEmpty(p)) { + return null; + } + + int pos = p.indexOf('='); + String name = (pos < 0) ? p : GenericUtils.trimToEmpty(p.substring(0, pos)); + CharSequence value = (pos < 0) ? null : GenericUtils.trimToEmpty(p.substring(pos + 1)); + value = GenericUtils.stripQuotes(value); + if (value == null) { + value = Boolean.toString(name.charAt(0) != BOOLEAN_OPTION_NEGATION_INDICATOR); + } + + SimpleImmutableEntry entry = new SimpleImmutableEntry<>(name, value.toString()); + String prev = optsMap.put(entry.getKey(), entry.getValue()); + if (prev != null) { + if (pos < 0) { + throw new IllegalStateException("Bad format (boolean option (" + name + ") re-specified): " + p); + } + optsMap.put(entry.getKey(), prev + "," + entry.getValue()); + } + + return entry; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/BuiltinIdentities.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/BuiltinIdentities.java new file mode 100644 index 0000000..2b6c9f6 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/BuiltinIdentities.java @@ -0,0 +1,254 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys; + +import java.security.Key; +import java.security.KeyPair; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.interfaces.DSAPrivateKey; +import java.security.interfaces.DSAPublicKey; +import java.security.interfaces.ECPrivateKey; +import java.security.interfaces.ECPublicKey; +import java.security.interfaces.RSAPrivateKey; +import java.security.interfaces.RSAPublicKey; +import java.util.Collection; +import java.util.Collections; +import java.util.EnumSet; +import java.util.NavigableSet; +import java.util.Objects; +import java.util.Set; +import java.util.stream.Collectors; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.cipher.ECCurves; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.keyprovider.KeyTypeIndicator; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * @author Apache MINA SSHD Project + */ +public enum BuiltinIdentities implements Identity { + RSA(Constants.RSA, RSAPublicKey.class, RSAPrivateKey.class, KeyPairProvider.SSH_RSA), + DSA(Constants.DSA, DSAPublicKey.class, DSAPrivateKey.class, KeyPairProvider.SSH_DSS), + ECDSA(Constants.ECDSA, KeyUtils.EC_ALGORITHM, ECPublicKey.class, ECPrivateKey.class, + ECCurves.VALUES.stream().map(KeyTypeIndicator::getKeyType).collect(Collectors.toList())) { + @Override + public boolean isSupported() { + return SecurityUtils.isECCSupported(); + } + }, + ED25119(Constants.ED25519, SecurityUtils.EDDSA, + SecurityUtils.getEDDSAPublicKeyType(), + SecurityUtils.getEDDSAPrivateKeyType(), + KeyPairProvider.SSH_ED25519) { + @Override + public boolean isSupported() { + return SecurityUtils.isEDDSACurveSupported(); + } + }; + + public static final Set VALUES = Collections.unmodifiableSet(EnumSet.allOf(BuiltinIdentities.class)); + + /** + * A case insensitive {@link NavigableSet} of all built-in identities names + */ + public static final NavigableSet NAMES = Collections.unmodifiableNavigableSet( + GenericUtils.asSortedSet( + String.CASE_INSENSITIVE_ORDER, NamedResource.getNameList(VALUES))); + + private final String name; + private final String algorithm; + private final Class pubType; + private final Class prvType; + private final NavigableSet types; + + BuiltinIdentities(String type, Class pubType, Class prvType, String keyType) { + this(type, type, pubType, prvType, keyType); + } + + BuiltinIdentities(String name, String algorithm, + Class pubType, + Class prvType, + String keyType) { + this(name, algorithm, pubType, prvType, + Collections.singletonList( + ValidateUtils.checkNotNullAndNotEmpty(keyType, "No key type specified"))); + } + + BuiltinIdentities(String name, String algorithm, + Class pubType, + Class prvType, + Collection keyTypes) { + this.name = name.toLowerCase(); + this.algorithm = algorithm.toUpperCase(); + this.pubType = pubType; + this.prvType = prvType; + this.types = Collections.unmodifiableNavigableSet( + GenericUtils.asSortedSet(String.CASE_INSENSITIVE_ORDER, + ValidateUtils.checkNotNullAndNotEmpty(keyTypes, "No key type names provided"))); + } + + @Override + public final String getName() { + return name; + } + + @Override + public boolean isSupported() { + return true; + } + + @Override + public NavigableSet getSupportedKeyTypes() { + return types; + } + + @Override + public String getAlgorithm() { + return algorithm; + } + + @Override + public final Class getPublicKeyType() { + return pubType; + } + + @Override + public final Class getPrivateKeyType() { + return prvType; + } + + /** + * @param name The identity name - ignored if {@code null}/empty + * @return The matching {@link BuiltinIdentities} whose {@link #getName()} value matches case + * insensitive or {@code null} if no match found + */ + public static BuiltinIdentities fromName(String name) { + return NamedResource.findByName(name, String.CASE_INSENSITIVE_ORDER, VALUES); + } + + /** + * @param algorithm The algorithm - ignored if {@code null}/empty + * @return The matching {@link BuiltinIdentities} whose {@link #getAlgorithm()} value matches case + * insensitive or {@code null} if no match found + */ + public static BuiltinIdentities fromAlgorithm(String algorithm) { + if (GenericUtils.isEmpty(algorithm)) { + return null; + } + + for (BuiltinIdentities id : VALUES) { + if (algorithm.equalsIgnoreCase(id.getAlgorithm())) { + return id; + } + } + + return null; + } + + /** + * @param kp The {@link KeyPair} - ignored if {@code null} + * @return The matching {@link BuiltinIdentities} provided both public and public keys are of the same + * type - {@code null} if no match could be found + * @see #fromKey(Key) + */ + public static BuiltinIdentities fromKeyPair(KeyPair kp) { + if (kp == null) { + return null; + } + + BuiltinIdentities i1 = fromKey(kp.getPublic()); + BuiltinIdentities i2 = fromKey(kp.getPrivate()); + if (Objects.equals(i1, i2)) { + return i1; + } else { + return null; // some kind of mixed keys... + } + } + + /** + * @param key The {@link Key} instance - ignored if {@code null} + * @return The matching {@link BuiltinIdentities} whose either public or private key type matches the requested + * one or {@code null} if no match found + * @see #fromKeyType(Class) + */ + public static BuiltinIdentities fromKey(Key key) { + return fromKeyType((key == null) ? null : key.getClass()); + } + + /** + * @param clazz The key type - ignored if {@code null} or not a {@link Key} class + * @return The matching {@link BuiltinIdentities} whose either public or private key type matches the + * requested one or {@code null} if no match found + * @see #getPublicKeyType() + * @see #getPrivateKeyType() + */ + public static BuiltinIdentities fromKeyType(Class clazz) { + if ((clazz == null) || (!Key.class.isAssignableFrom(clazz))) { + return null; + } + + for (BuiltinIdentities id : VALUES) { + Class pubType = id.getPublicKeyType(); + Class prvType = id.getPrivateKeyType(); + // Ignore placeholder classes (e.g., if ed25519 is not supported) + if ((prvType == null) || (pubType == null)) { + continue; + } + if ((prvType == PrivateKey.class) || (pubType == PublicKey.class)) { + continue; + } + if (pubType.isAssignableFrom(clazz) || prvType.isAssignableFrom(clazz)) { + return id; + } + } + + return null; + } + + /** + * @param typeName The {@code OpenSSH} key type e.g., {@code ssh-rsa, ssh-dss, ecdsa-sha2-nistp384}. Ignored if + * {@code null}/empty. + * @return The {@link BuiltinIdentities} that reported the type name as its {@link #getSupportedKeyTypes()} + * (case insensitive) - {@code null} if no match found + * @see KeyTypeNamesSupport#findSupporterByKeyTypeName(String, Collection) + */ + public static BuiltinIdentities fromKeyTypeName(String typeName) { + return KeyTypeNamesSupport.findSupporterByKeyTypeName(typeName, VALUES); + } + + /** + * Contains the names of the identities + */ + public static final class Constants { + public static final String RSA = KeyUtils.RSA_ALGORITHM; + public static final String DSA = KeyUtils.DSS_ALGORITHM; + public static final String ECDSA = "ECDSA"; + public static final String ED25519 = "ED25519"; + + private Constants() { + throw new UnsupportedOperationException("No instance allowed"); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/FilePasswordProvider.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/FilePasswordProvider.java new file mode 100644 index 0000000..cab86c7 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/FilePasswordProvider.java @@ -0,0 +1,93 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.util.Collections; +import java.util.EnumSet; +import java.util.Set; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.session.SessionContext; + +/** + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface FilePasswordProvider { + enum ResourceDecodeResult { + /** Re-throw the decoding exception */ + TERMINATE, + /** Try again the decoding process - including password prompt */ + RETRY, + /** Skip attempt and see if can proceed without the key */ + IGNORE; + + public static final Set VALUES + = Collections.unmodifiableSet(EnumSet.allOf(ResourceDecodeResult.class)); + } + + /** + * An "empty" provider that returns {@code null} - i.e., unprotected key file + */ + FilePasswordProvider EMPTY = (session, resourceKey, retryIndex) -> null; + + /** + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} if not + * invoked within a session context (e.g., offline tool or session unknown). + * @param resourceKey The resource key representing the private file + * @param retryIndex The zero-based index of the invocation for the specific resource (in case invoked several + * times for the same resource) + * @return The password - if {@code null}/empty then no password is required + * @throws IOException if cannot resolve password + * @see #handleDecodeAttemptResult(SessionContext, NamedResource, int, String, Exception) + */ + String getPassword(SessionContext session, NamedResource resourceKey, int retryIndex) throws IOException; + + /** + * Invoked to inform the password provide about the decoding result. Note: any exception thrown from this + * method (including if called to inform about success) will be propagated instead of the original (if any was + * reported) + * + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} + * if not invoked within a session context (e.g., offline tool or session unknown). + * @param resourceKey The resource key representing the private file + * @param retryIndex The zero-based index of the invocation for the specific resource (in case + * invoked several times for the same resource). If success report, it indicates + * the number of retries it took to succeed + * @param password The password that was attempted + * @param err The attempt result - {@code null} for success + * @return How to proceed in case of error - ignored if invoked in order to report + * success. Note: {@code null} is same as + * {@link ResourceDecodeResult#TERMINATE}. + * @throws IOException If cannot resolve a new password + * @throws GeneralSecurityException If not attempting to resolve a new password + */ + default ResourceDecodeResult handleDecodeAttemptResult( + SessionContext session, NamedResource resourceKey, int retryIndex, String password, Exception err) + throws IOException, GeneralSecurityException { + return ResourceDecodeResult.TERMINATE; + } + + static FilePasswordProvider of(String password) { + return (session, resource, index) -> password; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/FilePasswordProviderHolder.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/FilePasswordProviderHolder.java new file mode 100644 index 0000000..3d55630 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/FilePasswordProviderHolder.java @@ -0,0 +1,36 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys; + +/** + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface FilePasswordProviderHolder { + /** + * @return The {@link FilePasswordProvider} to use if need to load encrypted identities keys - never {@code null} + * @see FilePasswordProvider#EMPTY + */ + FilePasswordProvider getFilePasswordProvider(); + + static FilePasswordProviderHolder providerHolderOf(FilePasswordProvider provider) { + return () -> provider; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/FilePasswordProviderManager.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/FilePasswordProviderManager.java new file mode 100644 index 0000000..e38443a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/FilePasswordProviderManager.java @@ -0,0 +1,29 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys; + +/** + * TODO Add javadoc + * + * @author Apache MINA SSHD Project + */ +public interface FilePasswordProviderManager extends FilePasswordProviderHolder { + void setFilePasswordProvider(FilePasswordProvider provider); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/Identity.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/Identity.java new file mode 100644 index 0000000..cc80510 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/Identity.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys; + +import java.security.PrivateKey; +import java.security.PublicKey; + +import org.apache.sshd.common.AlgorithmNameProvider; +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.OptionalFeature; + +/** + * Represents an SSH key type - the referenced algorithm is the one used to generate the key - e.g., "RSA", + * "DSA", "EC". + * + * @author Apache MINA SSHD Project + */ +public interface Identity + extends AlgorithmNameProvider, + NamedResource, + OptionalFeature, + KeyTypeNamesSupport { + Class getPublicKeyType(); + + Class getPrivateKeyType(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/IdentityResourceLoader.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/IdentityResourceLoader.java new file mode 100644 index 0000000..026c69b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/IdentityResourceLoader.java @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.config.keys; + +import java.math.BigInteger; +import java.security.PrivateKey; +import java.security.PublicKey; + +/** + * @param Type of {@link PublicKey} + * @param Type of {@link PrivateKey} + * @author Apache MINA SSHD Project + */ +public interface IdentityResourceLoader extends KeyTypeNamesSupport { + /** + * A reasonable max. number of octets used for a {@link BigInteger} in the context of keys based on such numbers + */ + int MAX_BIGINT_OCTETS_COUNT = Short.MAX_VALUE; + + /** + * @return The {@link Class} of the {@link PublicKey} that is the result of decoding + */ + Class getPublicKeyType(); + + /** + * @return The {@link Class} of the {@link PrivateKey} that matches the public one + */ + Class getPrivateKeyType(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/IdentityUtils.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/IdentityUtils.java new file mode 100644 index 0000000..370b5f9 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/IdentityUtils.java @@ -0,0 +1,172 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys; + +import java.io.IOException; +import java.io.InputStream; +import java.nio.file.OpenOption; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.util.Collections; +import java.util.Map; +import java.util.NavigableMap; +import java.util.TreeMap; + +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.keyprovider.MappedKeyPairProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.io.resource.PathResource; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * @author Apache MINA SSHD Project + */ +public final class IdentityUtils { + private IdentityUtils() { + throw new UnsupportedOperationException("No instance"); + } + + private static final class LazyDefaultUserHomeFolderHolder { + private static final Path PATH + = Paths.get(ValidateUtils.checkNotNullAndNotEmpty(System.getProperty("user.home"), "No user home")) + .toAbsolutePath() + .normalize(); + + private LazyDefaultUserHomeFolderHolder() { + throw new UnsupportedOperationException("No instance allowed"); + } + } + + /** + * @return The {@link Path} to the currently running user home + */ + @SuppressWarnings("synthetic-access") + public static Path getUserHomeFolder() { + return LazyDefaultUserHomeFolderHolder.PATH; + } + + /** + * @param prefix The file name prefix - ignored if {@code null}/empty + * @param type The identity type - ignored if {@code null}/empty + * @param suffix The file name suffix - ignored if {@code null}/empty + * @return The identity file name or {@code null} if no name + */ + public static String getIdentityFileName(String prefix, String type, String suffix) { + if (GenericUtils.isEmpty(type)) { + return null; + } else { + return GenericUtils.trimToEmpty(prefix) + + type.toLowerCase() + + GenericUtils.trimToEmpty(suffix); + } + } + + /** + * @param ids A {@link Map} of the loaded identities where key=the identity type, value=the matching + * {@link KeyPair} - ignored if {@code null}/empty + * @param supportedOnly If {@code true} then ignore identities that are not supported internally + * @return A {@link KeyPair} for the identities - {@code null} if no identities available (e.g., after + * filtering unsupported ones) + * @see BuiltinIdentities + */ + public static KeyPairProvider createKeyPairProvider(Map ids, boolean supportedOnly) { + if (GenericUtils.isEmpty(ids)) { + return null; + } + + Map pairsMap = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + ids.forEach((type, kp) -> { + BuiltinIdentities id = BuiltinIdentities.fromName(type); + if (id == null) { + id = BuiltinIdentities.fromKeyPair(kp); + } + + if (supportedOnly && ((id == null) || (!id.isSupported()))) { + return; + } + + String keyType = KeyUtils.getKeyType(kp); + if (GenericUtils.isEmpty(keyType)) { + return; + } + + KeyPair prev = pairsMap.put(keyType, kp); + if (prev != null) { + return; // less of an offense if 2 pairs mapped to same key type + } + }); + + if (GenericUtils.isEmpty(pairsMap)) { + return null; + } else { + return new MappedKeyPairProvider(pairsMap); + } + } + + /** + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} + * if not invoked within a session context (e.g., offline tool or session unknown). + * @param paths A {@link Map} of the identities where key=identity type (case + * insensitive), value=the {@link Path} of file with the identity key + * @param provider A {@link FilePasswordProvider} - may be {@code null} if the loaded keys are + * guaranteed not to be encrypted. The argument to + * {@code FilePasswordProvider#getPassword} is the path of the file whose key is to + * be loaded + * @param options The {@link OpenOption}s to use when reading the key data + * @return A {@link NavigableMap} of the identities where key=identity type (case + * insensitive), value=the {@link KeyPair} of the identity + * @throws IOException If failed to access the file system + * @throws GeneralSecurityException If failed to load the keys + */ + public static NavigableMap loadIdentities( + SessionContext session, Map paths, FilePasswordProvider provider, OpenOption... options) + throws IOException, GeneralSecurityException { + if (GenericUtils.isEmpty(paths)) { + return Collections.emptyNavigableMap(); + } + + NavigableMap ids = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + // Cannot use forEach because the potential for IOExceptions being thrown + for (Map.Entry pe : paths.entrySet()) { + String type = pe.getKey(); + Path path = pe.getValue(); + PathResource location = new PathResource(path, options); + Iterable pairs; + try (InputStream inputStream = location.openInputStream()) { + pairs = SecurityUtils.loadKeyPairIdentities(session, location, inputStream, provider); + } + + if (pairs == null) { + continue; + } + + for (KeyPair kp : pairs) { + KeyPair prev = ids.put(type, kp); + ValidateUtils.checkTrue(prev == null, "Multiple keys for type=%s due to %s", type, path); + } + } + + return ids; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/KeyEntryResolver.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/KeyEntryResolver.java new file mode 100644 index 0000000..3dd5e7b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/KeyEntryResolver.java @@ -0,0 +1,295 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.StreamCorruptedException; +import java.math.BigInteger; +import java.nio.charset.Charset; +import java.nio.charset.StandardCharsets; +import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.util.AbstractMap.SimpleImmutableEntry; +import java.util.Map; + +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.io.IoUtils; + +/** + * @param Type of {@link PublicKey} + * @param Type of {@link PrivateKey} + * @author Apache MINA SSHD Project + */ +public interface KeyEntryResolver + extends IdentityResourceLoader { + /** + * @param keySize Key size in bits + * @return A {@link KeyPair} with the specified key size + * @throws GeneralSecurityException if unable to generate the pair + */ + default KeyPair generateKeyPair(int keySize) throws GeneralSecurityException { + KeyPairGenerator gen = getKeyPairGenerator(); + gen.initialize(keySize); + return gen.generateKeyPair(); + } + + /** + * @param kp The {@link KeyPair} to be cloned - ignored if {@code null} + * @return A cloned pair (or {@code null} if no original pair) + * @throws GeneralSecurityException If failed to clone - e.g., provided key pair does not contain keys of the + * expected type + * @see #getPublicKeyType() + * @see #getPrivateKeyType() + */ + default KeyPair cloneKeyPair(KeyPair kp) throws GeneralSecurityException { + if (kp == null) { + return null; + } + + PUB pubCloned = null; + PublicKey pubOriginal = kp.getPublic(); + Class pubExpected = getPublicKeyType(); + if (pubOriginal != null) { + Class orgType = pubOriginal.getClass(); + if (!pubExpected.isAssignableFrom(orgType)) { + throw new InvalidKeyException( + "Mismatched public key types: expected=" + pubExpected.getSimpleName() + ", actual=" + + orgType.getSimpleName()); + } + + PUB castPub = pubExpected.cast(pubOriginal); + pubCloned = clonePublicKey(castPub); + } + + PRV prvCloned = null; + PrivateKey prvOriginal = kp.getPrivate(); + Class prvExpected = getPrivateKeyType(); + if (prvOriginal != null) { + Class orgType = prvOriginal.getClass(); + if (!prvExpected.isAssignableFrom(orgType)) { + throw new InvalidKeyException( + "Mismatched private key types: expected=" + prvExpected.getSimpleName() + ", actual=" + + orgType.getSimpleName()); + } + + PRV castPrv = prvExpected.cast(prvOriginal); + prvCloned = clonePrivateKey(castPrv); + } + + return new KeyPair(pubCloned, prvCloned); + } + + /** + * @param key The {@link PublicKey} to clone - ignored if {@code null} + * @return The cloned key (or {@code null} if no original key) + * @throws GeneralSecurityException If failed to clone the key + */ + PUB clonePublicKey(PUB key) throws GeneralSecurityException; + + /** + * @param key The {@link PrivateKey} to clone - ignored if {@code null} + * @return The cloned key (or {@code null} if no original key) + * @throws GeneralSecurityException If failed to clone the key + */ + PRV clonePrivateKey(PRV key) throws GeneralSecurityException; + + /** + * @return A {@link KeyPairGenerator} suitable for this decoder + * @throws GeneralSecurityException If failed to create the generator + */ + KeyPairGenerator getKeyPairGenerator() throws GeneralSecurityException; + + /** + * @return A {@link KeyFactory} suitable for the specific decoder type + * @throws GeneralSecurityException If failed to create one + */ + KeyFactory getKeyFactoryInstance() throws GeneralSecurityException; + + static int encodeString(OutputStream s, String v) throws IOException { + return encodeString(s, v, StandardCharsets.UTF_8); + } + + static int encodeString(OutputStream s, String v, String charset) throws IOException { + return encodeString(s, v, Charset.forName(charset)); + } + + static int encodeString(OutputStream s, String v, Charset cs) throws IOException { + return writeRLEBytes(s, v.getBytes(cs)); + } + + static int encodeBigInt(OutputStream s, BigInteger v) throws IOException { + return writeRLEBytes(s, v.toByteArray()); + } + + static int writeRLEBytes(OutputStream s, byte... bytes) throws IOException { + return writeRLEBytes(s, bytes, 0, bytes.length); + } + + static int writeRLEBytes(OutputStream s, byte[] bytes, int off, int len) throws IOException { + byte[] lenBytes = encodeInt(s, len); + s.write(bytes, off, len); + return lenBytes.length + len; + } + + static byte[] encodeInt(OutputStream s, int v) throws IOException { + byte[] bytes = { + (byte) ((v >> 24) & 0xFF), + (byte) ((v >> 16) & 0xFF), + (byte) ((v >> 8) & 0xFF), + (byte) (v & 0xFF) + }; + s.write(bytes); + return bytes; + } + + static String decodeString(InputStream s, int maxChars) throws IOException { + return decodeString(s, StandardCharsets.UTF_8, maxChars); + } + + static String decodeString(InputStream s, String charset, int maxChars) throws IOException { + return decodeString(s, Charset.forName(charset), maxChars); + } + + static String decodeString(InputStream s, Charset cs, int maxChars) throws IOException { + byte[] bytes = readRLEBytes(s, maxChars * 4 /* in case UTF-8 with weird characters */); + return new String(bytes, cs); + } + + static BigInteger decodeBigInt(InputStream s) throws IOException { + return new BigInteger(readRLEBytes(s, IdentityResourceLoader.MAX_BIGINT_OCTETS_COUNT)); + } + + static byte[] readRLEBytes(InputStream s, int maxAllowed) throws IOException { + int len = decodeInt(s); + if (len > maxAllowed) { + throw new StreamCorruptedException( + "Requested block length (" + len + ") exceeds max. allowed (" + maxAllowed + ")"); + } + if (len < 0) { + throw new StreamCorruptedException("Negative block length requested: " + len); + } + + byte[] bytes = new byte[len]; + IoUtils.readFully(s, bytes); + return bytes; + } + + static int decodeInt(InputStream s) throws IOException { + byte[] bytes = { 0, 0, 0, 0 }; + IoUtils.readFully(s, bytes); + return ((bytes[0] & 0xFF) << 24) + | ((bytes[1] & 0xFF) << 16) + | ((bytes[2] & 0xFF) << 8) + | (bytes[3] & 0xFF); + } + + static Map.Entry decodeString(byte[] buf, int maxChars) { + return decodeString(buf, 0, NumberUtils.length(buf), maxChars); + } + + static Map.Entry decodeString(byte[] buf, int offset, int available, int maxChars) { + return decodeString(buf, offset, available, StandardCharsets.UTF_8, maxChars); + } + + static Map.Entry decodeString(byte[] buf, Charset cs, int maxChars) { + return decodeString(buf, 0, NumberUtils.length(buf), cs, maxChars); + } + + /** + * Decodes a run-length encoded string + * + * @param buf The buffer with the data bytes + * @param offset The offset in the buffer to decode the string + * @param available The max. available data starting from the offset + * @param cs The {@link Charset} to use to decode the string + * @param maxChars Max. allowed characters in string - if more than that is encoded then an + * {@link IndexOutOfBoundsException} will be thrown + * @return The decoded string + the offset of the next byte after it + * @see #readRLEBytes(byte[], int, int, int) + */ + static Map.Entry decodeString( + byte[] buf, int offset, int available, Charset cs, int maxChars) { + Map.Entry result = readRLEBytes(buf, offset, available, maxChars * 4 /* + * in case UTF-8 with + * weird characters + */); + byte[] bytes = result.getKey(); + Integer nextOffset = result.getValue(); + return new SimpleImmutableEntry<>(new String(bytes, cs), nextOffset); + } + + static Map.Entry readRLEBytes(byte[] buf, int maxAllowed) { + return readRLEBytes(buf, 0, NumberUtils.length(buf), maxAllowed); + } + + /** + * Decodes a run-length encoded byte array + * + * @param buf The buffer with the data bytes + * @param offset The offset in the buffer to decode the array + * @param available The max. available data starting from the offset + * @param maxAllowed Max. allowed data in decoded buffer - if more than that is encoded then an + * {@link IndexOutOfBoundsException} will be thrown + * @return The decoded data buffer + the offset of the next byte after it + */ + static Map.Entry readRLEBytes(byte[] buf, int offset, int available, int maxAllowed) { + int len = decodeInt(buf, offset, available); + if (len > maxAllowed) { + throw new IndexOutOfBoundsException( + "Requested block length (" + len + ") exceeds max. allowed (" + maxAllowed + ")"); + } + if (len < 0) { + throw new IndexOutOfBoundsException("Negative block length requested: " + len); + } + + available -= Integer.BYTES; + if (len > available) { + throw new IndexOutOfBoundsException("Requested block length (" + len + ") exceeds remaing (" + available + ")"); + } + + byte[] bytes = new byte[len]; + offset += Integer.BYTES; + System.arraycopy(buf, offset, bytes, 0, len); + return new SimpleImmutableEntry<>(bytes, Integer.valueOf(offset + len)); + } + + static int decodeInt(byte[] buf) { + return decodeInt(buf, 0, NumberUtils.length(buf)); + } + + static int decodeInt(byte[] buf, int offset, int available) { + if (available < Integer.BYTES) { + throw new IndexOutOfBoundsException( + "Available data length (" + available + ") cannot accommodate integer encoding"); + } + + return ((buf[offset] & 0xFF) << 24) + | ((buf[offset + 1] & 0xFF) << 16) + | ((buf[offset + 2] & 0xFF) << 8) + | (buf[offset + 3] & 0xFF); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/KeyRandomArt.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/KeyRandomArt.java new file mode 100644 index 0000000..eed719f --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/KeyRandomArt.java @@ -0,0 +1,323 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys; + +import java.io.IOException; +import java.io.StreamCorruptedException; +import java.security.KeyPair; +import java.security.PublicKey; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; +import java.util.Objects; + +import org.apache.sshd.common.AlgorithmNameProvider; +import org.apache.sshd.common.Factory; +import org.apache.sshd.common.digest.Digest; +import org.apache.sshd.common.keyprovider.KeyIdentityProvider; +import org.apache.sshd.common.keyprovider.KeySizeIndicator; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * Draw an ASCII-Art representing the fingerprint so human brain can profit from its built-in pattern recognition + * ability. This technique is called "random art" and can be found in some scientific publications like this original + * paper: + * + * "Hash Visualization: a New Technique to improve Real-World Security", Perrig A. and Song D., 1999, + * International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99) + * + * @author Apache MINA SSHD Project + * @see Original article + * @see C implementation + */ +public class KeyRandomArt implements AlgorithmNameProvider, KeySizeIndicator { + public static final int FLDBASE = 8; + public static final int FLDSIZE_Y = FLDBASE + 1; + public static final int FLDSIZE_X = FLDBASE * 2 + 1; + public static final String AUGMENTATION_STRING = " .o+=*BOX@%&#/^SE"; + + private final String algorithm; + private final int keySize; + private final char[][] field = new char[FLDSIZE_X][FLDSIZE_Y]; + + public KeyRandomArt(PublicKey key) throws Exception { + this(key, KeyUtils.getDefaultFingerPrintFactory()); + } + + public KeyRandomArt(PublicKey key, Factory f) throws Exception { + this(key, Objects.requireNonNull(f, "No digest factory").create()); + } + + public KeyRandomArt(PublicKey key, Digest d) throws Exception { + this(Objects.requireNonNull(key, "No key provided").getAlgorithm(), + KeyUtils.getKeySize(key), + KeyUtils.getRawFingerprint(Objects.requireNonNull(d, "No key digest"), key)); + } + + /** + * @param algorithm The key algorithm + * @param keySize The key size in bits + * @param digest The key digest + */ + public KeyRandomArt(String algorithm, int keySize, byte[] digest) { + this.algorithm = ValidateUtils.checkNotNullAndNotEmpty(algorithm, "No algorithm provided"); + ValidateUtils.checkTrue(keySize > 0, "Invalid key size: %d", keySize); + this.keySize = keySize; + Objects.requireNonNull(digest, "No key digest provided"); + + int x = FLDSIZE_X / 2; + int y = FLDSIZE_Y / 2; + int len = AUGMENTATION_STRING.length() - 1; + for (int i = 0; i < digest.length; i++) { + /* each byte conveys four 2-bit move commands */ + int input = digest[i] & 0xFF; + for (int b = 0; b < 4; b++) { + /* evaluate 2 bit, rest is shifted later */ + x += ((input & 0x1) != 0) ? 1 : -1; + y += ((input & 0x2) != 0) ? 1 : -1; + + /* assure we are still in bounds */ + x = Math.max(x, 0); + y = Math.max(y, 0); + x = Math.min(x, FLDSIZE_X - 1); + y = Math.min(y, FLDSIZE_Y - 1); + + /* augment the field */ + if (field[x][y] < (len - 2)) { + field[x][y]++; + } + input = input >> 2; + } + } + + /* mark starting point and end point */ + field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = (char) (len - 1); + field[x][y] = (char) len; + } + + /** + * @return The algorithm that was used to generate the key - e.g., "RSA", "DSA", "EC". + */ + @Override + public String getAlgorithm() { + return algorithm; + } + + @Override + public int getKeySize() { + return keySize; + } + + /** + * Outputs the generated random art + * + * @param The {@link Appendable} output writer + * @param sb The writer + * @return The updated writer instance + * @throws IOException If failed to write the combined result + */ + public A append(A sb) throws IOException { + // Upper border + String s = String.format("+--[%4s %4d]", getAlgorithm(), getKeySize()); + sb.append(s); + for (int index = s.length(); index <= FLDSIZE_X; index++) { + sb.append('-'); + } + sb.append('+'); + sb.append('\n'); + + // contents + int len = AUGMENTATION_STRING.length() - 1; + for (int y = 0; y < FLDSIZE_Y; y++) { + sb.append('|'); + for (int x = 0; x < FLDSIZE_X; x++) { + char ch = field[x][y]; + sb.append(AUGMENTATION_STRING.charAt(Math.min(ch, len))); + } + sb.append('|'); + sb.append('\n'); + } + + // lower border + sb.append('+'); + for (int index = 0; index < FLDSIZE_X; index++) { + sb.append('-'); + } + + sb.append('+'); + sb.append('\n'); + return sb; + } + + @Override + public String toString() { + try { + return append(new StringBuilder((FLDSIZE_X + 4) * (FLDSIZE_Y + 3))).toString(); + } catch (IOException e) { + return e.getClass().getSimpleName(); // unexpected + } + } + + /** + * Combines the arts in a user-friendly way so they are aligned with each other + * + * @param separator The separator to use between the arts - if empty char ('\0') then no separation is done + * @param arts The {@link KeyRandomArt}s to combine - ignored if {@code null}/empty + * @return The combined result + */ + public static String combine(char separator, Collection arts) { + if (GenericUtils.isEmpty(arts)) { + return ""; + } + + try { + return combine(new StringBuilder(arts.size() * (FLDSIZE_X + 4) * (FLDSIZE_Y + 3)), separator, arts).toString(); + } catch (IOException e) { + return e.getClass().getSimpleName(); // unexpected + } + } + + /** + * Creates the combined representation of the random art entries for the provided keys + * + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} if not invoked + * within a session context (e.g., offline tool or session unknown). + * @param separator The separator to use between the arts - if empty char ('\0') then no separation is done + * @param provider The {@link KeyIdentityProvider} - ignored if {@code null} or has no keys to provide + * @return The combined representation + * @throws Exception If failed to extract or combine the entries + * @see #combine(SessionContext, Appendable, char, KeyIdentityProvider) + */ + public static String combine( + SessionContext session, char separator, KeyIdentityProvider provider) + throws Exception { + return combine(session, new StringBuilder(4 * (FLDSIZE_X + 4) * (FLDSIZE_Y + 3)), separator, provider).toString(); + } + + /** + * Appends the combined random art entries for the provided keys + * + * @param The {@link Appendable} output writer + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} if not invoked + * within a session context (e.g., offline tool or session unknown). + * @param sb The writer + * @param separator The separator to use between the arts - if empty char ('\0') then no separation is done + * @param provider The {@link KeyIdentityProvider} - ignored if {@code null} or has no keys to provide + * @return The updated writer instance + * @throws Exception If failed to extract or write the entries + * @see #generate(SessionContext, KeyIdentityProvider) + * @see #combine(Appendable, char, Collection) + */ + public static A combine( + SessionContext session, A sb, char separator, KeyIdentityProvider provider) + throws Exception { + return combine(sb, separator, generate(session, provider)); + } + + /** + * Extracts and generates random art entries for all key in the provider + * + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} if not invoked + * within a session context (e.g., offline tool or session unknown). + * @param provider The {@link KeyIdentityProvider} - ignored if {@code null} or has no keys to provide + * @return The extracted {@link KeyRandomArt}s + * @throws Exception If failed to extract the entries + * @see KeyIdentityProvider#loadKeys(SessionContext) + */ + public static Collection generate( + SessionContext session, KeyIdentityProvider provider) + throws Exception { + Iterable keys = (provider == null) ? null : provider.loadKeys(session); + Iterator iter = (keys == null) ? null : keys.iterator(); + if ((iter == null) || (!iter.hasNext())) { + return Collections.emptyList(); + } + + Collection arts = new LinkedList<>(); + do { + KeyPair kp = iter.next(); + KeyRandomArt a = new KeyRandomArt(kp.getPublic()); + arts.add(a); + } while (iter.hasNext()); + + return arts; + } + + /** + * Combines the arts in a user-friendly way so they are aligned with each other + * + * @param The {@link Appendable} output writer + * @param sb The writer + * @param separator The separator to use between the arts - if empty char ('\0') then no separation is done + * @param arts The {@link KeyRandomArt}s to combine - ignored if {@code null}/empty + * @return The updated writer instance + * @throws IOException If failed to write the combined result + */ + public static A combine(A sb, char separator, Collection arts) + throws IOException { + if (GenericUtils.isEmpty(arts)) { + return sb; + } + + List allLines = new ArrayList<>(arts.size()); + int numLines = -1; + for (KeyRandomArt a : arts) { + String s = a.toString(); + String[] lines = GenericUtils.split(s, '\n'); + if (numLines <= 0) { + numLines = lines.length; + } else { + if (numLines != lines.length) { + throw new StreamCorruptedException( + "Mismatched lines count: expected=" + numLines + ", actual=" + lines.length); + } + } + + for (int index = 0; index < lines.length; index++) { + String l = lines[index]; + if ((l.length() > 0) && (l.charAt(l.length() - 1) == '\r')) { + l = l.substring(0, l.length() - 1); + lines[index] = l; + } + } + + allLines.add(lines); + } + + for (int row = 0; row < numLines; row++) { + for (int index = 0; index < allLines.size(); index++) { + String[] lines = allLines.get(index); + String l = lines[row]; + sb.append(l); + if ((index > 0) && (separator != '\0')) { + sb.append(separator); + } + } + sb.append('\n'); + } + + return sb; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/KeyTypeNamesSupport.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/KeyTypeNamesSupport.java new file mode 100644 index 0000000..911b1f7 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/KeyTypeNamesSupport.java @@ -0,0 +1,61 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys; + +import java.util.Collection; +import java.util.Collections; +import java.util.NavigableSet; + +import org.apache.sshd.common.util.GenericUtils; + +/** + * TODO Add javadoc + * + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface KeyTypeNamesSupport { + /** + * @return The case insensitive {@link NavigableSet} of {@code OpenSSH} key type names that are supported by this + * decoder - e.g., {@code ssh-rsa, ssh-dss, ecdsa-sha2-nistp384}. This is not a single name - e.g., ECDSA + * keys have several curve names. Caveat: this collection may be un-modifiable... + */ + NavigableSet getSupportedKeyTypes(); + + /** + * @param Generic supporter type + * @param typeName The {@code OpenSSH} key type e.g., {@code ssh-rsa, ssh-dss, ecdsa-sha2-nistp384}. Ignored if + * {@code null}/empty. + * @param supporters The {@link KeyTypeNamesSupport}-ers to query - ignored if {@code null}/empty. + * @return The first instance whose {@link #getSupportedKeyTypes()} contains the type name. + */ + static S findSupporterByKeyTypeName(String typeName, Collection supporters) { + return (GenericUtils.isEmpty(typeName) || GenericUtils.isEmpty(supporters)) + ? null + : supporters.stream() + .filter(s -> { + Collection names = (s == null) + ? Collections.emptyNavigableSet() + : s.getSupportedKeyTypes(); + return GenericUtils.isNotEmpty(names) && names.contains(typeName); + }).findFirst() + .orElse(null); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/KeyUtils.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/KeyUtils.java new file mode 100644 index 0000000..19d6a0e --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/KeyUtils.java @@ -0,0 +1,1199 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.config.keys; + +import java.io.IOException; +import java.math.BigInteger; +import java.nio.charset.Charset; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.LinkOption; +import java.nio.file.Path; +import java.nio.file.attribute.PosixFilePermission; +import java.security.GeneralSecurityException; +import java.security.Key; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.interfaces.DSAKey; +import java.security.interfaces.DSAParams; +import java.security.interfaces.DSAPrivateKey; +import java.security.interfaces.DSAPublicKey; +import java.security.interfaces.ECKey; +import java.security.interfaces.ECPrivateKey; +import java.security.interfaces.ECPublicKey; +import java.security.interfaces.RSAKey; +import java.security.interfaces.RSAPrivateCrtKey; +import java.security.interfaces.RSAPrivateKey; +import java.security.interfaces.RSAPublicKey; +import java.security.spec.DSAPublicKeySpec; +import java.security.spec.ECParameterSpec; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.RSAPublicKeySpec; +import java.util.AbstractMap.SimpleImmutableEntry; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.EnumSet; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.NavigableSet; +import java.util.Objects; +import java.util.Set; +import java.util.TreeMap; +import java.util.TreeSet; +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.common.Factory; +import org.apache.sshd.common.cipher.ECCurves; +import org.apache.sshd.common.config.keys.impl.DSSPublicKeyEntryDecoder; +import org.apache.sshd.common.config.keys.impl.ECDSAPublicKeyEntryDecoder; +import org.apache.sshd.common.config.keys.impl.OpenSSHCertificateDecoder; +import org.apache.sshd.common.config.keys.impl.RSAPublicKeyDecoder; +import org.apache.sshd.common.config.keys.impl.SkECDSAPublicKeyEntryDecoder; +import org.apache.sshd.common.config.keys.impl.SkED25519PublicKeyEntryDecoder; +import org.apache.sshd.common.digest.BuiltinDigests; +import org.apache.sshd.common.digest.Digest; +import org.apache.sshd.common.digest.DigestFactory; +import org.apache.sshd.common.digest.DigestUtils; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.u2f.SkED25519PublicKey; +import org.apache.sshd.common.u2f.SkEcdsaPublicKey; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.MapEntryUtils.NavigableMapBuilder; +import org.apache.sshd.common.util.OsUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.common.util.io.IoUtils; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * Utility class for keys + * + * @author Apache MINA SSHD Project + */ +public final class KeyUtils { + /** + * Name of algorithm for RSA keys to be used when calling security provider + */ + public static final String RSA_ALGORITHM = "RSA"; + + /** + * The most commonly used RSA public key exponent + */ + public static final BigInteger DEFAULT_RSA_PUBLIC_EXPONENT = new BigInteger("65537"); + + /** + * Name of algorithm for DSS keys to be used when calling security provider + */ + public static final String DSS_ALGORITHM = "DSA"; + + /** + * Name of algorithm for EC keys to be used when calling security provider + */ + public static final String EC_ALGORITHM = "EC"; + + /** + * The {@link Set} of {@link PosixFilePermission} not allowed if strict permissions are enforced on key files + */ + public static final Set STRICTLY_PROHIBITED_FILE_PERMISSION = Collections.unmodifiableSet( + EnumSet.of( + PosixFilePermission.GROUP_READ, PosixFilePermission.GROUP_WRITE, PosixFilePermission.GROUP_EXECUTE, + PosixFilePermission.OTHERS_READ, PosixFilePermission.OTHERS_WRITE, PosixFilePermission.OTHERS_EXECUTE)); + + /** + * System property that can be used to control the default fingerprint factory used for keys. If not set the + * {@link #DEFAULT_FINGERPRINT_DIGEST_FACTORY} is used + */ + public static final String KEY_FINGERPRINT_FACTORY_PROP = "org.apache.sshd.keyFingerprintFactory"; + + /** + * The default {@link Factory} of {@link Digest}s initialized as the value of + * {@link #getDefaultFingerPrintFactory()} if not overridden by {@link #KEY_FINGERPRINT_FACTORY_PROP} or + * {@link #setDefaultFingerPrintFactory(DigestFactory)} + */ + public static final DigestFactory DEFAULT_FINGERPRINT_DIGEST_FACTORY = BuiltinDigests.sha256; + + /** @see https://tools.ietf.org/html/rfc8332#section-3 */ + public static final String RSA_SHA256_KEY_TYPE_ALIAS = "rsa-sha2-256"; + public static final String RSA_SHA512_KEY_TYPE_ALIAS = "rsa-sha2-512"; + public static final String RSA_SHA256_CERT_TYPE_ALIAS = "rsa-sha2-256-cert-v01@openssh.com"; + public static final String RSA_SHA512_CERT_TYPE_ALIAS = "rsa-sha2-512-cert-v01@openssh.com"; + + private static final AtomicReference DEFAULT_DIGEST_HOLDER = new AtomicReference<>(); + + private static final Map> BY_KEY_TYPE_DECODERS_MAP + = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + + private static final Map, PublicKeyEntryDecoder> BY_KEY_CLASS_DECODERS_MAP = new HashMap<>(); + + private static final Map KEY_TYPE_ALIASES + = NavigableMapBuilder. builder(String.CASE_INSENSITIVE_ORDER) + .put(RSA_SHA256_KEY_TYPE_ALIAS, KeyPairProvider.SSH_RSA) + .put(RSA_SHA512_KEY_TYPE_ALIAS, KeyPairProvider.SSH_RSA) + .put(RSA_SHA256_CERT_TYPE_ALIAS, KeyPairProvider.SSH_RSA_CERT) + .put(RSA_SHA512_CERT_TYPE_ALIAS, KeyPairProvider.SSH_RSA_CERT) + .build(); + + static { + registerPublicKeyEntryDecoder(OpenSSHCertificateDecoder.INSTANCE); + registerPublicKeyEntryDecoder(RSAPublicKeyDecoder.INSTANCE); + registerPublicKeyEntryDecoder(DSSPublicKeyEntryDecoder.INSTANCE); + + if (SecurityUtils.isECCSupported()) { + registerPublicKeyEntryDecoder(ECDSAPublicKeyEntryDecoder.INSTANCE); + registerPublicKeyEntryDecoder(SkECDSAPublicKeyEntryDecoder.INSTANCE); + } + if (SecurityUtils.isEDDSACurveSupported()) { + registerPublicKeyEntryDecoder(SecurityUtils.getEDDSAPublicKeyEntryDecoder()); + registerPublicKeyEntryDecoder(SkED25519PublicKeyEntryDecoder.INSTANCE); + } + } + + private KeyUtils() { + throw new UnsupportedOperationException("No instance"); + } + + /** + *

    + * Checks if a path has strict permissions + *

    + *
      + *
    • + *

      + * The path may not have {@link PosixFilePermission#OTHERS_EXECUTE} permission + *

      + *
      • + * + *
    • + *

      + * (For {@code Unix}) The path may not have group or others permissions + *

      + *
      • + * + *
    • + *

      + * (For {@code Unix}) If the path is a file, then its folder may not have group or others permissions + *

      + *
      • + * + *
    • + *

      + * The path must be owned by current user. + *

      + *
      • + * + *
    • + *

      + * (For {@code Unix}) The path may be owned by root. + *

      + *
      • + * + *
    • + *

      + * (For {@code Unix}) If the path is a file, then its folder must also have valid owner. + *

      + *
      • + * + *
    + * + * @param path The {@link Path} to be checked - ignored if {@code null} or does not exist + * @param options The {@link LinkOption}s to use to query the file's permissions + * @return The violated permission as {@link SimpleImmutableEntry} where key is a message and value is + * the offending object {@link PosixFilePermission} or {@link String} for owner - {@code null} + * if no violations detected + * @throws IOException If failed to retrieve the permissions + * @see #STRICTLY_PROHIBITED_FILE_PERMISSION + */ + public static SimpleImmutableEntry validateStrictKeyFilePermissions(Path path, LinkOption... options) + throws IOException { + if ((path == null) || (!Files.exists(path, options))) { + return null; + } + + Collection perms = IoUtils.getPermissions(path, options); + if (GenericUtils.isEmpty(perms)) { + return null; + } + + if (perms.contains(PosixFilePermission.OTHERS_EXECUTE)) { + PosixFilePermission p = PosixFilePermission.OTHERS_EXECUTE; + return new SimpleImmutableEntry<>(String.format("Permissions violation (%s)", p), p); + } + + if (OsUtils.isUNIX()) { + PosixFilePermission p = IoUtils.validateExcludedPermissions(perms, STRICTLY_PROHIBITED_FILE_PERMISSION); + if (p != null) { + return new SimpleImmutableEntry<>(String.format("Permissions violation (%s)", p), p); + } + + if (Files.isRegularFile(path, options)) { + Path parent = path.getParent(); + p = IoUtils.validateExcludedPermissions(IoUtils.getPermissions(parent, options), + STRICTLY_PROHIBITED_FILE_PERMISSION); + if (p != null) { + return new SimpleImmutableEntry<>(String.format("Parent permissions violation (%s)", p), p); + } + } + } + + String owner = IoUtils.getFileOwner(path, options); + if (GenericUtils.isEmpty(owner)) { + // we cannot get owner + // general issue: jvm does not support permissions + // security issue: specific filesystem does not support permissions + return null; + } + + String current = OsUtils.getCurrentUser(); + Set expected = new HashSet<>(); + expected.add(current); + if (OsUtils.isUNIX()) { + // Windows "Administrator" was considered however in Windows most likely a group is used. + expected.add(OsUtils.ROOT_USER); + } + + if (!expected.contains(owner)) { + return new SimpleImmutableEntry<>(String.format("Owner violation (%s)", owner), owner); + } + + if (OsUtils.isUNIX()) { + if (Files.isRegularFile(path, options)) { + String parentOwner = IoUtils.getFileOwner(path.getParent(), options); + if ((!GenericUtils.isEmpty(parentOwner)) && (!expected.contains(parentOwner))) { + return new SimpleImmutableEntry<>(String.format("Parent owner violation (%s)", parentOwner), parentOwner); + } + } + } + + return null; + } + + /** + * @param keyType The key type - {@code OpenSSH} name - e.g., {@code ssh-rsa, ssh-dss} + * @param keySize The key size (in bits) + * @return A {@link KeyPair} of the specified type and size + * @throws GeneralSecurityException If failed to generate the key pair + * @see #getPublicKeyEntryDecoder(String) + * @see PublicKeyEntryDecoder#generateKeyPair(int) + */ + public static KeyPair generateKeyPair(String keyType, int keySize) throws GeneralSecurityException { + PublicKeyEntryDecoder decoder = getPublicKeyEntryDecoder(keyType); + if (decoder == null) { + throw new InvalidKeySpecException("No decoder for key type=" + keyType); + } + + return decoder.generateKeyPair(keySize); + } + + /** + * Performs a deep-clone of the original {@link KeyPair} - i.e., creates new public/private keys that are + * clones of the original one + * + * @param keyType The key type - {@code OpenSSH} name - e.g., {@code ssh-rsa, ssh-dss} + * @param kp The {@link KeyPair} to clone - ignored if {@code null} + * @return The cloned instance + * @throws GeneralSecurityException If failed to clone the pair + */ + public static KeyPair cloneKeyPair(String keyType, KeyPair kp) throws GeneralSecurityException { + PublicKeyEntryDecoder decoder = getPublicKeyEntryDecoder(keyType); + if (decoder == null) { + throw new InvalidKeySpecException("No decoder for key type=" + keyType); + } + + return decoder.cloneKeyPair(kp); + } + + /** + * @param decoder The decoder to register + * @throws IllegalArgumentException if no decoder or not key type or no supported names for the decoder + * @see PublicKeyEntryDecoder#getPublicKeyType() + * @see PublicKeyEntryDecoder#getSupportedKeyTypes() + */ + public static void registerPublicKeyEntryDecoder(PublicKeyEntryDecoder decoder) { + Objects.requireNonNull(decoder, "No decoder specified"); + + Class pubType = Objects.requireNonNull(decoder.getPublicKeyType(), "No public key type declared"); + Class prvType = Objects.requireNonNull(decoder.getPrivateKeyType(), "No private key type declared"); + synchronized (BY_KEY_CLASS_DECODERS_MAP) { + BY_KEY_CLASS_DECODERS_MAP.put(pubType, decoder); + BY_KEY_CLASS_DECODERS_MAP.put(prvType, decoder); + } + + registerPublicKeyEntryDecoderKeyTypes(decoder); + } + + /** + * Registers the specified decoder for all the types it {@link PublicKeyEntryDecoder#getSupportedKeyTypes() + * supports} + * + * @param decoder The (never {@code null}) {@link PublicKeyEntryDecoder decoder} to register + * @see #registerPublicKeyEntryDecoderForKeyType(String, PublicKeyEntryDecoder) + */ + public static void registerPublicKeyEntryDecoderKeyTypes(PublicKeyEntryDecoder decoder) { + Objects.requireNonNull(decoder, "No decoder specified"); + + Collection names + = ValidateUtils.checkNotNullAndNotEmpty(decoder.getSupportedKeyTypes(), "No supported key types"); + for (String n : names) { + PublicKeyEntryDecoder prev = registerPublicKeyEntryDecoderForKeyType(n, decoder); + if (prev != null) { + // noinspection UnnecessaryContinue + continue; // debug breakpoint + } + } + } + + /** + * @param keyType The key (never {@code null}/empty) key type + * @param decoder The (never {@code null}) {@link PublicKeyEntryDecoder decoder} to register + * @return The previously registered decoder for this key type - {@code null} if none + */ + public static PublicKeyEntryDecoder registerPublicKeyEntryDecoderForKeyType( + String keyType, PublicKeyEntryDecoder decoder) { + keyType = ValidateUtils.checkNotNullAndNotEmpty(keyType, "No key type specified"); + Objects.requireNonNull(decoder, "No decoder specified"); + + synchronized (BY_KEY_TYPE_DECODERS_MAP) { + return BY_KEY_TYPE_DECODERS_MAP.put(keyType, decoder); + } + } + + /** + * @param decoder The (never {@code null}) {@link PublicKeyEntryDecoder decoder} to unregister + * @return The case insensitive {@link NavigableSet} of all the effectively un-registered key types + * out of all the {@link PublicKeyEntryDecoder#getSupportedKeyTypes() supported} ones. + * @see #unregisterPublicKeyEntryDecoderKeyTypes(PublicKeyEntryDecoder) + */ + public static NavigableSet unregisterPublicKeyEntryDecoder(PublicKeyEntryDecoder decoder) { + Objects.requireNonNull(decoder, "No decoder specified"); + + Class pubType = Objects.requireNonNull(decoder.getPublicKeyType(), "No public key type declared"); + Class prvType = Objects.requireNonNull(decoder.getPrivateKeyType(), "No private key type declared"); + synchronized (BY_KEY_CLASS_DECODERS_MAP) { + BY_KEY_CLASS_DECODERS_MAP.remove(pubType); + BY_KEY_CLASS_DECODERS_MAP.remove(prvType); + } + + return unregisterPublicKeyEntryDecoderKeyTypes(decoder); + } + + /** + * Unregisters the specified decoder for all the types it supports + * + * @param decoder The (never {@code null}) {@link PublicKeyEntryDecoder decoder} to unregister + * @return The case insensitive {@link NavigableSet} of all the effectively un-registered key types + * out of all the {@link PublicKeyEntryDecoder#getSupportedKeyTypes() supported} ones. + * @see #unregisterPublicKeyEntryDecoderForKeyType(String) + */ + public static NavigableSet unregisterPublicKeyEntryDecoderKeyTypes(PublicKeyEntryDecoder decoder) { + Objects.requireNonNull(decoder, "No decoder specified"); + + Collection names = ValidateUtils.checkNotNullAndNotEmpty( + decoder.getSupportedKeyTypes(), "No supported key types"); + NavigableSet removed = Collections.emptyNavigableSet(); + for (String n : names) { + PublicKeyEntryDecoder prev = unregisterPublicKeyEntryDecoderForKeyType(n); + if (prev == null) { + continue; + } + + if (removed.isEmpty()) { + removed = new TreeSet<>(String.CASE_INSENSITIVE_ORDER); + } + + if (!removed.add(n)) { + // noinspection UnnecessaryContinue + continue; // debug breakpoint + } + } + + return removed; + } + + /** + * Unregister the decoder registered for the specified key type + * + * @param keyType The key (never {@code null}/empty) key type + * @return The unregistered {@link PublicKeyEntryDecoder} - {@code null} if none registered for this key + * type + */ + public static PublicKeyEntryDecoder unregisterPublicKeyEntryDecoderForKeyType(String keyType) { + keyType = ValidateUtils.checkNotNullAndNotEmpty(keyType, "No key type specified"); + + synchronized (BY_KEY_TYPE_DECODERS_MAP) { + return BY_KEY_TYPE_DECODERS_MAP.remove(keyType); + } + } + + /** + * @param keyType The {@code OpenSSH} key type string - e.g., {@code ssh-rsa, ssh-dss} - ignored if + * {@code null}/empty + * @return The registered {@link PublicKeyEntryDecoder} or {code null} if not found + */ + public static PublicKeyEntryDecoder getPublicKeyEntryDecoder(String keyType) { + if (GenericUtils.isEmpty(keyType)) { + return null; + } + + synchronized (BY_KEY_TYPE_DECODERS_MAP) { + return BY_KEY_TYPE_DECODERS_MAP.get(keyType); + } + } + + /** + * @param kp The {@link KeyPair} to examine - ignored if {@code null} + * @return The matching {@link PublicKeyEntryDecoder} provided both the public and private keys have the + * same decoder - {@code null} if no match found + * @see #getPublicKeyEntryDecoder(Key) + */ + public static PublicKeyEntryDecoder getPublicKeyEntryDecoder(KeyPair kp) { + if (kp == null) { + return null; + } + + PublicKeyEntryDecoder d1 = getPublicKeyEntryDecoder(kp.getPublic()); + PublicKeyEntryDecoder d2 = getPublicKeyEntryDecoder(kp.getPrivate()); + if (d1 == d2) { + return d1; + } else { + return null; // some kind of mixed keys... + } + } + + /** + * @param key The {@link Key} (public or private) - ignored if {@code null} + * @return The registered {@link PublicKeyEntryDecoder} for this key or {code null} if no match found + * @see #getPublicKeyEntryDecoder(Class) + */ + public static PublicKeyEntryDecoder getPublicKeyEntryDecoder(Key key) { + if (key == null) { + return null; + } else { + return getPublicKeyEntryDecoder(key.getClass()); + } + } + + /** + * @param keyType The key {@link Class} - ignored if {@code null} or not a {@link Key} compatible type + * @return The registered {@link PublicKeyEntryDecoder} or {code null} if no match found + */ + public static PublicKeyEntryDecoder getPublicKeyEntryDecoder(Class keyType) { + if ((keyType == null) || (!Key.class.isAssignableFrom(keyType))) { + return null; + } + + synchronized (BY_KEY_TYPE_DECODERS_MAP) { + PublicKeyEntryDecoder decoder = BY_KEY_CLASS_DECODERS_MAP.get(keyType); + if (decoder != null) { + return decoder; + } + + // in case it is a derived class + for (PublicKeyEntryDecoder dec : BY_KEY_CLASS_DECODERS_MAP.values()) { + Class pubType = dec.getPublicKeyType(); + Class prvType = dec.getPrivateKeyType(); + if (pubType.isAssignableFrom(keyType) || prvType.isAssignableFrom(keyType)) { + return dec; + } + } + } + + return null; + } + + /** + * @return The default {@link DigestFactory} by the {@link #getFingerPrint(PublicKey)} and + * {@link #getFingerPrint(String)} methods + * @see #KEY_FINGERPRINT_FACTORY_PROP + * @see #setDefaultFingerPrintFactory(DigestFactory) + */ + public static DigestFactory getDefaultFingerPrintFactory() { + DigestFactory factory = null; + synchronized (DEFAULT_DIGEST_HOLDER) { + factory = DEFAULT_DIGEST_HOLDER.get(); + if (factory != null) { + return factory; + } + + String propVal = System.getProperty(KEY_FINGERPRINT_FACTORY_PROP); + if (GenericUtils.isEmpty(propVal)) { + factory = DEFAULT_FINGERPRINT_DIGEST_FACTORY; + } else { + factory = ValidateUtils.checkNotNull(BuiltinDigests.fromFactoryName(propVal), "Unknown digest factory: %s", + propVal); + } + + ValidateUtils.checkTrue(factory.isSupported(), "Selected fingerprint digest not supported: %s", factory.getName()); + DEFAULT_DIGEST_HOLDER.set(factory); + } + + return factory; + } + + /** + * @param f The {@link DigestFactory} of {@link Digest}s to be used - may not be {@code null} + */ + public static void setDefaultFingerPrintFactory(DigestFactory f) { + synchronized (DEFAULT_DIGEST_HOLDER) { + DEFAULT_DIGEST_HOLDER.set(Objects.requireNonNull(f, "No digest factory")); + } + } + + /** + * @param key the public key - ignored if {@code null} + * @return the fingerprint or {@code null} if no key. Note: if exception encountered then returns the + * exception's simple class name + * @see #getFingerPrint(Factory, PublicKey) + */ + public static String getFingerPrint(PublicKey key) { + return getFingerPrint(getDefaultFingerPrintFactory(), key); + } + + /** + * @param password The {@link String} to digest - ignored if {@code null}/empty, otherwise its UTF-8 representation + * is used as input for the fingerprint + * @return The fingerprint - {@code null} if {@code null}/empty input. Note: if exception + * encountered then returns the exception's simple class name + * @see #getFingerPrint(String, Charset) + */ + public static String getFingerPrint(String password) { + return getFingerPrint(password, StandardCharsets.UTF_8); + } + + /** + * @param password The {@link String} to digest - ignored if {@code null}/empty + * @param charset The {@link Charset} to use in order to convert the string to its byte representation to use as + * input for the fingerprint + * @return The fingerprint - {@code null} if {@code null}/empty input. Note: if exception + * encountered then returns the exception's simple class name + * @see #getFingerPrint(Factory, String, Charset) + * @see #getDefaultFingerPrintFactory() + */ + public static String getFingerPrint(String password, Charset charset) { + return getFingerPrint(getDefaultFingerPrintFactory(), password, charset); + } + + /** + * @param f The {@link Factory} to create the {@link Digest} to use + * @param key the public key - ignored if {@code null} + * @return the fingerprint or {@code null} if no key. Note: if exception encountered then returns the + * exception's simple class name + * @see #getFingerPrint(Digest, PublicKey) + */ + public static String getFingerPrint(Factory f, PublicKey key) { + return (key == null) ? null : getFingerPrint(Objects.requireNonNull(f, "No digest factory").create(), key); + } + + /** + * @param d The {@link Digest} to use + * @param key the public key - ignored if {@code null} + * @return the fingerprint or {@code null} if no key. Note: if exception encountered then returns the + * exception's simple class name + * @see DigestUtils#getFingerPrint(Digest, byte[], int, int) + */ + public static String getFingerPrint(Digest d, PublicKey key) { + if (key == null) { + return null; + } + + try { + Buffer buffer = new ByteArrayBuffer(); + buffer.putRawPublicKey(key); + return DigestUtils.getFingerPrint(d, buffer.array(), 0, buffer.wpos()); + } catch (Exception e) { + return e.getClass().getSimpleName(); + } + } + + public static byte[] getRawFingerprint(PublicKey key) throws Exception { + return getRawFingerprint(getDefaultFingerPrintFactory(), key); + } + + public static byte[] getRawFingerprint(Factory f, PublicKey key) throws Exception { + return (key == null) ? null : getRawFingerprint(Objects.requireNonNull(f, "No digest factory").create(), key); + } + + public static byte[] getRawFingerprint(Digest d, PublicKey key) throws Exception { + if (key == null) { + return null; + } + + Buffer buffer = new ByteArrayBuffer(); + buffer.putRawPublicKey(key); + return DigestUtils.getRawFingerprint(d, buffer.array(), 0, buffer.wpos()); + } + + /** + * @param f The {@link Factory} to create the {@link Digest} to use + * @param s The {@link String} to digest - ignored if {@code null}/empty, otherwise its UTF-8 representation is + * used as input for the fingerprint + * @return The fingerprint - {@code null} if {@code null}/empty input. Note: if exception encountered then + * returns the exception's simple class name + * @see #getFingerPrint(Digest, String, Charset) + */ + public static String getFingerPrint(Factory f, String s) { + return getFingerPrint(f, s, StandardCharsets.UTF_8); + } + + /** + * @param f The {@link Factory} to create the {@link Digest} to use + * @param s The {@link String} to digest - ignored if {@code null}/empty + * @param charset The {@link Charset} to use in order to convert the string to its byte representation to use as + * input for the fingerprint + * @return The fingerprint - {@code null} if {@code null}/empty input Note: if exception encountered + * then returns the exception's simple class name + * @see DigestUtils#getFingerPrint(Digest, String, Charset) + */ + public static String getFingerPrint(Factory f, String s, Charset charset) { + return getFingerPrint(f.create(), s, charset); + } + + /** + * @param d The {@link Digest} to use + * @param s The {@link String} to digest - ignored if {@code null}/empty, otherwise its UTF-8 representation is + * used as input for the fingerprint + * @return The fingerprint - {@code null} if {@code null}/empty input. Note: if exception encountered then + * returns the exception's simple class name + * @see DigestUtils#getFingerPrint(Digest, String, Charset) + */ + public static String getFingerPrint(Digest d, String s) { + return getFingerPrint(d, s, StandardCharsets.UTF_8); + } + + /** + * @param d The {@link Digest} to use to calculate the fingerprint + * @param s The string to digest - ignored if {@code null}/empty + * @param charset The {@link Charset} to use in order to convert the string to its byte representation to use as + * input for the fingerprint + * @return The fingerprint - {@code null} if {@code null}/empty input. Note: if exception encountered + * then returns the exception's simple class name + * @see DigestUtils#getFingerPrint(Digest, String, Charset) + */ + public static String getFingerPrint(Digest d, String s, Charset charset) { + if (GenericUtils.isEmpty(s)) { + return null; + } + + try { + return DigestUtils.getFingerPrint(d, s, charset); + } catch (Exception e) { + return e.getClass().getSimpleName(); + } + } + + /** + * @param expected The expected fingerprint if {@code null} or empty then returns a failure with the default + * fingerprint. + * @param key the {@link PublicKey} - if {@code null} then returns null. + * @return SimpleImmutableEntry - key is success indicator, value is actual fingerprint, + * {@code null} if no key. + * @see #getDefaultFingerPrintFactory() + * @see #checkFingerPrint(String, Factory, PublicKey) + */ + public static SimpleImmutableEntry checkFingerPrint(String expected, PublicKey key) { + return checkFingerPrint(expected, getDefaultFingerPrintFactory(), key); + } + + /** + * @param expected The expected fingerprint if {@code null} or empty then returns a failure with the default + * fingerprint. + * @param f The {@link Factory} to be used to generate the default {@link Digest} for the key + * @param key the {@link PublicKey} - if {@code null} then returns null. + * @return SimpleImmutableEntry - key is success indicator, value is actual fingerprint, + * {@code null} if no key. + */ + public static SimpleImmutableEntry checkFingerPrint( + String expected, Factory f, PublicKey key) { + return checkFingerPrint(expected, Objects.requireNonNull(f, "No digest factory").create(), key); + } + + /** + * @param expected The expected fingerprint if {@code null} or empty then returns a failure with the default + * fingerprint. + * @param d The {@link Digest} to be used to generate the default fingerprint for the key + * @param key the {@link PublicKey} - if {@code null} then returns null. + * @return SimpleImmutableEntry - key is success indicator, value is actual fingerprint, + * {@code null} if no key. + */ + public static SimpleImmutableEntry checkFingerPrint(String expected, Digest d, PublicKey key) { + if (key == null) { + return null; + } + + if (GenericUtils.isEmpty(expected)) { + return new SimpleImmutableEntry<>(false, getFingerPrint(d, key)); + } + + // de-construct fingerprint + int pos = expected.indexOf(':'); + if ((pos < 0) || (pos >= (expected.length() - 1))) { + return new SimpleImmutableEntry<>(false, getFingerPrint(d, key)); + } + + String name = expected.substring(0, pos); + String value = expected.substring(pos + 1); + DigestFactory expectedFactory; + // We know that all digest names have a length > 2 - if 2 (or less) then assume a pure HEX value + if (name.length() > 2) { + expectedFactory = BuiltinDigests.fromFactoryName(name); + if (expectedFactory == null) { + return new SimpleImmutableEntry<>(false, getFingerPrint(d, key)); + } + + expected = name.toUpperCase() + ":" + value; + } else { + expectedFactory = BuiltinDigests.md5; + expected = expectedFactory.getName().toUpperCase() + ":" + expected; + } + + String fingerprint = getFingerPrint(expectedFactory, key); + boolean matches = BuiltinDigests.md5.getName().equals(expectedFactory.getName()) + ? expected.equalsIgnoreCase(fingerprint) // HEX is case insensitive + : expected.equals(fingerprint); + return new SimpleImmutableEntry<>(matches, fingerprint); + } + + /** + * @param kp a key pair - ignored if {@code null}. If the private key is non-{@code null} then it is used to + * determine the type, otherwise the public one is used. + * @return the key type or {@code null} if cannot determine it + * @see #getKeyType(Key) + */ + public static String getKeyType(KeyPair kp) { + if (kp == null) { + return null; + } + PrivateKey key = kp.getPrivate(); + if (key != null) { + return getKeyType(key); + } else { + return getKeyType(kp.getPublic()); + } + } + + /** + * @param key a public or private key + * @return the key type or {@code null} if cannot determine it + */ + public static String getKeyType(Key key) { + if (key == null) { + return null; + } else if (key instanceof DSAKey) { + return KeyPairProvider.SSH_DSS; + } else if (key instanceof RSAKey) { + return KeyPairProvider.SSH_RSA; + } else if (key instanceof ECKey) { + ECKey ecKey = (ECKey) key; + ECParameterSpec ecSpec = ecKey.getParams(); + ECCurves curve = ECCurves.fromCurveParameters(ecSpec); + if (curve == null) { + return null; // debug breakpoint + } else { + return curve.getKeyType(); + } + } else if (SecurityUtils.EDDSA.equalsIgnoreCase(key.getAlgorithm())) { + return KeyPairProvider.SSH_ED25519; + } else if (key instanceof OpenSshCertificate) { + return ((OpenSshCertificate) key).getKeyType(); + } + + return null; + } + + /** + * @param keyType A key type name - ignored if {@code null}/empty + * @return A {@link List} of they canonical key name and all its aliases + * @see #getCanonicalKeyType(String) + */ + public static List getAllEquivalentKeyTypes(String keyType) { + if (GenericUtils.isEmpty(keyType)) { + return Collections.emptyList(); + } + + String canonicalName = getCanonicalKeyType(keyType); + List equivalents = new ArrayList<>(); + equivalents.add(canonicalName); + synchronized (KEY_TYPE_ALIASES) { + for (Map.Entry ae : KEY_TYPE_ALIASES.entrySet()) { + String alias = ae.getKey(); + String name = ae.getValue(); + if (canonicalName.equalsIgnoreCase(name)) { + equivalents.add(alias); + } + } + } + + return equivalents; + } + + /** + * @param keyType The available key-type - ignored if {@code null}/empty + * @return The canonical key type - same as input if no alias registered for the provided key type + * @see #RSA_SHA256_KEY_TYPE_ALIAS + * @see #RSA_SHA512_KEY_TYPE_ALIAS + */ + public static String getCanonicalKeyType(String keyType) { + if (GenericUtils.isEmpty(keyType)) { + return keyType; + } + + String canonicalName; + synchronized (KEY_TYPE_ALIASES) { + canonicalName = KEY_TYPE_ALIASES.get(keyType); + } + + if (GenericUtils.isEmpty(canonicalName)) { + return keyType; + } + + return canonicalName; + } + + /** + * @return A case insensitive {@link NavigableSet} of the currently registered key type "aliases". + * @see #getCanonicalKeyType(String) + */ + public static NavigableSet getRegisteredKeyTypeAliases() { + synchronized (KEY_TYPE_ALIASES) { + return KEY_TYPE_ALIASES.isEmpty() + ? Collections.emptyNavigableSet() + : GenericUtils.asSortedSet(String.CASE_INSENSITIVE_ORDER, KEY_TYPE_ALIASES.keySet()); + } + } + + /** + * Registers a collection of aliases to a canonical key type + * + * @param keyType The (never {@code null}/empty) canonical name + * @param aliases The (never {@code null}/empty) aliases + * @return A {@link List} of the replaced aliases - empty if no previous aliases for the canonical name + */ + public static List registerCanonicalKeyTypes(String keyType, Collection aliases) { + ValidateUtils.checkNotNullAndNotEmpty(keyType, "No key type value"); + ValidateUtils.checkNotNullAndNotEmpty(aliases, "No aliases provided"); + + List replaced = Collections.emptyList(); + synchronized (KEY_TYPE_ALIASES) { + for (String a : aliases) { + ValidateUtils.checkNotNullAndNotEmpty(a, "Null/empty alias registration for %s", keyType); + String prev = KEY_TYPE_ALIASES.put(a, keyType); + if (GenericUtils.isEmpty(prev)) { + continue; + } + + if (replaced.isEmpty()) { + replaced = new ArrayList<>(); + } + replaced.add(prev); + } + } + + return replaced; + } + + /** + * @param alias The alias to unregister (ignored if {@code null}/empty) + * @return The associated canonical key type - {@code null} if alias not registered + */ + public static String unregisterCanonicalKeyTypeAlias(String alias) { + if (GenericUtils.isEmpty(alias)) { + return alias; + } + + synchronized (KEY_TYPE_ALIASES) { + return KEY_TYPE_ALIASES.remove(alias); + } + } + + /** + * Determines the key size in bits + * + * @param key The {@link Key} to examine - ignored if {@code null} + * @return The key size - non-positive value if cannot determine it + */ + public static int getKeySize(Key key) { + if (key == null) { + return -1; + } else if (key instanceof RSAKey) { + BigInteger n = ((RSAKey) key).getModulus(); + return n.bitLength(); + } else if (key instanceof DSAKey) { + DSAParams params = ((DSAKey) key).getParams(); + BigInteger p = params.getP(); + return p.bitLength(); + } else if (key instanceof ECKey) { + ECParameterSpec ecSpec = ((ECKey) key).getParams(); + ECCurves curve = ECCurves.fromCurveParameters(ecSpec); + if (curve != null) { + return curve.getKeySize(); + } + } else if (SecurityUtils.EDDSA.equalsIgnoreCase(key.getAlgorithm())) { + return SecurityUtils.getEDDSAKeySize(key); + } + + return -1; + } + + /** + * @param key The {@link PublicKey} to be checked - ignored if {@code null} + * @param keySet The keys to be searched - ignored if {@code null}/empty + * @return The matching {@link PublicKey} from the keys or {@code null} if no match found + * @see #compareKeys(PublicKey, PublicKey) + */ + public static PublicKey findMatchingKey(PublicKey key, PublicKey... keySet) { + if (key == null || GenericUtils.isEmpty(keySet)) { + return null; + } else { + return findMatchingKey(key, Arrays.asList(keySet)); + } + } + + /** + * @param key The {@link PublicKey} to be checked - ignored if {@code null} + * @param keySet The keys to be searched - ignored if {@code null}/empty + * @return The matching {@link PublicKey} from the keys or {@code null} if no match found + * @see #compareKeys(PublicKey, PublicKey) + */ + public static PublicKey findMatchingKey(PublicKey key, Collection keySet) { + if (key == null || GenericUtils.isEmpty(keySet)) { + return null; + } + for (PublicKey k : keySet) { + if (compareKeys(key, k)) { + return k; + } + } + return null; + } + + public static boolean compareKeyPairs(KeyPair k1, KeyPair k2) { + if (Objects.equals(k1, k2)) { + return true; + } else if ((k1 == null) || (k2 == null)) { + return false; // both null is covered by Objects#equals + } else { + return compareKeys(k1.getPublic(), k2.getPublic()) + && compareKeys(k1.getPrivate(), k2.getPrivate()); + } + } + + public static boolean compareKeys(PublicKey k1, PublicKey k2) { + if ((k1 instanceof RSAPublicKey) && (k2 instanceof RSAPublicKey)) { + return compareRSAKeys(RSAPublicKey.class.cast(k1), RSAPublicKey.class.cast(k2)); + } else if ((k1 instanceof DSAPublicKey) && (k2 instanceof DSAPublicKey)) { + return compareDSAKeys(DSAPublicKey.class.cast(k1), DSAPublicKey.class.cast(k2)); + } else if ((k1 instanceof ECPublicKey) && (k2 instanceof ECPublicKey)) { + return compareECKeys(ECPublicKey.class.cast(k1), ECPublicKey.class.cast(k2)); + } else if ((k1 instanceof SkEcdsaPublicKey) && (k2 instanceof SkEcdsaPublicKey)) { + return compareSkEcdsaKeys(SkEcdsaPublicKey.class.cast(k1), SkEcdsaPublicKey.class.cast(k2)); + } else if ((k1 != null) && SecurityUtils.EDDSA.equalsIgnoreCase(k1.getAlgorithm()) + && (k2 != null) && SecurityUtils.EDDSA.equalsIgnoreCase(k2.getAlgorithm())) { + return SecurityUtils.compareEDDSAPPublicKeys(k1, k2); + } else if ((k1 instanceof SkED25519PublicKey) && (k2 instanceof SkED25519PublicKey)) { + return compareSkEd25519Keys(SkED25519PublicKey.class.cast(k1), SkED25519PublicKey.class.cast(k2)); + } else { + return false; // either key is null or not of same class + } + } + + public static PublicKey recoverPublicKey(PrivateKey key) throws GeneralSecurityException { + if (key instanceof RSAPrivateKey) { + return recoverRSAPublicKey((RSAPrivateKey) key); + } else if (key instanceof DSAPrivateKey) { + return recoverDSAPublicKey((DSAPrivateKey) key); + } else if ((key != null) && SecurityUtils.EDDSA.equalsIgnoreCase(key.getAlgorithm())) { + return SecurityUtils.recoverEDDSAPublicKey(key); + } else { + return null; + } + } + + public static boolean compareKeys(PrivateKey k1, PrivateKey k2) { + if ((k1 instanceof RSAPrivateKey) && (k2 instanceof RSAPrivateKey)) { + return compareRSAKeys(RSAPrivateKey.class.cast(k1), RSAPrivateKey.class.cast(k2)); + } else if ((k1 instanceof DSAPrivateKey) && (k2 instanceof DSAPrivateKey)) { + return compareDSAKeys(DSAPrivateKey.class.cast(k1), DSAPrivateKey.class.cast(k2)); + } else if ((k1 instanceof ECPrivateKey) && (k2 instanceof ECPrivateKey)) { + return compareECKeys(ECPrivateKey.class.cast(k1), ECPrivateKey.class.cast(k2)); + } else if ((k1 != null) && SecurityUtils.EDDSA.equalsIgnoreCase(k1.getAlgorithm()) + && (k2 != null) && SecurityUtils.EDDSA.equalsIgnoreCase(k2.getAlgorithm())) { + return SecurityUtils.compareEDDSAPrivateKeys(k1, k2); + } else { + return false; // either key is null or not of same class + } + } + + public static boolean compareRSAKeys(RSAPublicKey k1, RSAPublicKey k2) { + if (Objects.equals(k1, k2)) { + return true; + } else if (k1 == null || k2 == null) { + return false; // both null is covered by Objects#equals + } else { + return Objects.equals(k1.getPublicExponent(), k2.getPublicExponent()) + && Objects.equals(k1.getModulus(), k2.getModulus()); + } + } + + public static boolean compareRSAKeys(RSAPrivateKey k1, RSAPrivateKey k2) { + if (Objects.equals(k1, k2)) { + return true; + } else if (k1 == null || k2 == null) { + return false; // both null is covered by Objects#equals + } else { + return Objects.equals(k1.getModulus(), k2.getModulus()) + && Objects.equals(k1.getPrivateExponent(), k2.getPrivateExponent()); + } + } + + public static RSAPublicKey recoverRSAPublicKey(RSAPrivateKey privateKey) throws GeneralSecurityException { + if (privateKey instanceof RSAPrivateCrtKey) { + return recoverFromRSAPrivateCrtKey((RSAPrivateCrtKey) privateKey); + } else { + // Not ideal, but best we can do under the circumstances + return recoverRSAPublicKey(privateKey.getModulus(), DEFAULT_RSA_PUBLIC_EXPONENT); + } + } + + public static RSAPublicKey recoverFromRSAPrivateCrtKey(RSAPrivateCrtKey rsaKey) throws GeneralSecurityException { + return recoverRSAPublicKey(rsaKey.getPrimeP(), rsaKey.getPrimeQ(), rsaKey.getPublicExponent()); + } + + public static RSAPublicKey recoverRSAPublicKey(BigInteger p, BigInteger q, BigInteger publicExponent) + throws GeneralSecurityException { + return recoverRSAPublicKey(p.multiply(q), publicExponent); + } + + public static RSAPublicKey recoverRSAPublicKey(BigInteger modulus, BigInteger publicExponent) + throws GeneralSecurityException { + KeyFactory kf = SecurityUtils.getKeyFactory(RSA_ALGORITHM); + return (RSAPublicKey) kf.generatePublic(new RSAPublicKeySpec(modulus, publicExponent)); + } + + public static boolean compareDSAKeys(DSAPublicKey k1, DSAPublicKey k2) { + if (Objects.equals(k1, k2)) { + return true; + } else if (k1 == null || k2 == null) { + return false; // both null is covered by Objects#equals + } else { + return Objects.equals(k1.getY(), k2.getY()) + && compareDSAParams(k1.getParams(), k2.getParams()); + } + } + + public static boolean compareDSAKeys(DSAPrivateKey k1, DSAPrivateKey k2) { + if (Objects.equals(k1, k2)) { + return true; + } else if (k1 == null || k2 == null) { + return false; // both null is covered by Objects#equals + } else { + return Objects.equals(k1.getX(), k2.getX()) + && compareDSAParams(k1.getParams(), k2.getParams()); + } + } + + public static boolean compareDSAParams(DSAParams p1, DSAParams p2) { + if (Objects.equals(p1, p2)) { + return true; + } else if (p1 == null || p2 == null) { + return false; // both null is covered by Objects#equals + } else { + return Objects.equals(p1.getG(), p2.getG()) + && Objects.equals(p1.getP(), p2.getP()) + && Objects.equals(p1.getQ(), p2.getQ()); + } + } + + // based on code from + // https://github.com/alexo/SAML-2.0/blob/master/java-opensaml/opensaml-security-api/src/main/java/org/opensaml/xml/security/SecurityHelper.java + public static DSAPublicKey recoverDSAPublicKey(DSAPrivateKey privateKey) throws GeneralSecurityException { + DSAParams keyParams = privateKey.getParams(); + BigInteger p = keyParams.getP(); + BigInteger x = privateKey.getX(); + BigInteger q = keyParams.getQ(); + BigInteger g = keyParams.getG(); + BigInteger y = g.modPow(x, p); + KeyFactory kf = SecurityUtils.getKeyFactory(DSS_ALGORITHM); + return (DSAPublicKey) kf.generatePublic(new DSAPublicKeySpec(y, p, q, g)); + } + + public static boolean compareECKeys(ECPrivateKey k1, ECPrivateKey k2) { + if (Objects.equals(k1, k2)) { + return true; + } else if (k1 == null || k2 == null) { + return false; // both null is covered by Objects#equals + } else { + return Objects.equals(k1.getS(), k2.getS()) + && compareECParams(k1.getParams(), k2.getParams()); + } + } + + public static boolean compareECKeys(ECPublicKey k1, ECPublicKey k2) { + if (Objects.equals(k1, k2)) { + return true; + } else if (k1 == null || k2 == null) { + return false; // both null is covered by Objects#equals + } else { + return Objects.equals(k1.getW(), k2.getW()) + && compareECParams(k1.getParams(), k2.getParams()); + } + } + + public static boolean compareECParams(ECParameterSpec s1, ECParameterSpec s2) { + if (Objects.equals(s1, s2)) { + return true; + } else if (s1 == null || s2 == null) { + return false; // both null is covered by Objects#equals + } else { + return Objects.equals(s1.getOrder(), s2.getOrder()) + && (s1.getCofactor() == s2.getCofactor()) + && Objects.equals(s1.getGenerator(), s2.getGenerator()) + && Objects.equals(s1.getCurve(), s2.getCurve()); + } + } + + public static boolean compareSkEcdsaKeys(SkEcdsaPublicKey k1, SkEcdsaPublicKey k2) { + if (Objects.equals(k1, k2)) { + return true; + } else if (k1 == null || k2 == null) { + return false; // both null is covered by Objects#equals + } else { + return Objects.equals(k1.getAppName(), k2.getAppName()) + && Objects.equals(k1.isNoTouchRequired(), k2.isNoTouchRequired()) + && compareECKeys(k1.getDelegatePublicKey(), k2.getDelegatePublicKey()); + } + } + + public static boolean compareSkEd25519Keys(SkED25519PublicKey k1, SkED25519PublicKey k2) { + if (Objects.equals(k1, k2)) { + return true; + } else if (k1 == null || k2 == null) { + return false; // both null is covered by Objects#equals + } else { + return Objects.equals(k1.getAppName(), k2.getAppName()) + && Objects.equals(k1.isNoTouchRequired(), k2.isNoTouchRequired()) + && SecurityUtils.compareEDDSAPPublicKeys(k1.getDelegatePublicKey(), k2.getDelegatePublicKey()); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/OpenSshCertificate.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/OpenSshCertificate.java new file mode 100644 index 0000000..90406e4 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/OpenSshCertificate.java @@ -0,0 +1,85 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.config.keys; + +import java.security.PrivateKey; +import java.security.PublicKey; +import java.util.Collection; +import java.util.Date; +import java.util.List; +import java.util.concurrent.TimeUnit; + +/** + * Represents and OpenSSH certificate key as specified in + * PROTOCOL.certkeys + * + * @author Apache MINA SSHD Project + */ +public interface OpenSshCertificate extends PublicKey, PrivateKey { + int SSH_CERT_TYPE_USER = 1; + int SSH_CERT_TYPE_HOST = 2; + + String getRawKeyType(); + + byte[] getNonce(); + + String getKeyType(); + + PublicKey getServerHostKey(); + + long getSerial(); + + int getType(); + + String getId(); + + Collection getPrincipals(); + + // Seconds after epoch + long getValidAfter(); + + default Date getValidAfterDate() { + return getValidDate(getValidAfter()); + } + + // Seconds after epoch + long getValidBefore(); + + default Date getValidBeforeDate() { + return getValidDate(getValidBefore()); + } + + List getCriticalOptions(); + + List getExtensions(); + + String getReserved(); + + PublicKey getCaPubKey(); + + byte[] getMessage(); + + byte[] getSignature(); + + String getSignatureAlg(); + + static Date getValidDate(long timestamp) { + return (timestamp == 0L) ? null : new Date(TimeUnit.SECONDS.toMillis(timestamp)); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/OpenSshCertificateImpl.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/OpenSshCertificateImpl.java new file mode 100644 index 0000000..94742f8 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/OpenSshCertificateImpl.java @@ -0,0 +1,226 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.config.keys; + +import java.security.PublicKey; +import java.util.Collection; +import java.util.List; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; + +/** + * @author Apache MINA SSHD Project + */ +public class OpenSshCertificateImpl implements OpenSshCertificate { + + private static final long serialVersionUID = -3592634724148744943L; + + private String keyType; + private byte[] nonce; + private PublicKey serverHostKey; + private long serial; + private int type; + private String id; + private Collection principals; + private long validAfter; + private long validBefore; + private List criticalOptions; + private List extensions; + private String reserved; + private PublicKey caPubKey; + private byte[] message; + private byte[] signature; + + public OpenSshCertificateImpl() { + super(); + } + + @Override + public String getRawKeyType() { + return GenericUtils.isEmpty(keyType) ? null : keyType.split("@")[0].substring(0, keyType.indexOf("-cert")); + } + + @Override + public byte[] getNonce() { + return nonce; + } + + @Override + public String getKeyType() { + return keyType; + } + + @Override + public PublicKey getServerHostKey() { + return serverHostKey; + } + + @Override + public long getSerial() { + return serial; + } + + @Override + public int getType() { + return type; + } + + @Override + public String getId() { + return id; + } + + @Override + public Collection getPrincipals() { + return principals; + } + + @Override + public long getValidAfter() { + return validAfter; + } + + @Override + public long getValidBefore() { + return validBefore; + } + + @Override + public List getCriticalOptions() { + return criticalOptions; + } + + @Override + public List getExtensions() { + return extensions; + } + + @Override + public String getReserved() { + return reserved; + } + + @Override + public PublicKey getCaPubKey() { + return caPubKey; + } + + @Override + public byte[] getMessage() { + return message; + } + + @Override + public byte[] getSignature() { + return signature; + } + + @Override + public String getSignatureAlg() { + return NumberUtils.isEmpty(signature) ? null : new ByteArrayBuffer(signature).getString(); + } + + @Override + public String getAlgorithm() { + return null; + } + + @Override + public String getFormat() { + return null; + } + + @Override + public byte[] getEncoded() { + return GenericUtils.EMPTY_BYTE_ARRAY; + } + + public void setKeyType(String keyType) { + this.keyType = keyType; + } + + public void setNonce(byte[] nonce) { + this.nonce = nonce; + } + + public void setServerHostKey(PublicKey serverHostKey) { + this.serverHostKey = serverHostKey; + } + + public void setSerial(long serial) { + this.serial = serial; + } + + public void setType(int type) { + this.type = type; + } + + public void setId(String id) { + this.id = id; + } + + public void setPrincipals(Collection principals) { + this.principals = principals; + } + + public void setValidAfter(long validAfter) { + this.validAfter = validAfter; + } + + public void setValidBefore(long validBefore) { + this.validBefore = validBefore; + } + + public void setCriticalOptions(List criticalOptions) { + this.criticalOptions = criticalOptions; + } + + public void setExtensions(List extensions) { + this.extensions = extensions; + } + + public void setReserved(String reserved) { + this.reserved = reserved; + } + + public void setCaPubKey(PublicKey caPubKey) { + this.caPubKey = caPubKey; + } + + public void setMessage(byte[] message) { + this.message = message; + } + + public void setSignature(byte[] signature) { + this.signature = signature; + } + + @Override + public String toString() { + return getKeyType() + + "[id=" + getId() + + ", serial=" + getSerial() + + ", type=" + getType() + + ", validAfter=" + getValidAfterDate() + + ", validBefore=" + getValidBeforeDate() + + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/PrivateKeyEntryDecoder.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/PrivateKeyEntryDecoder.java new file mode 100644 index 0000000..0e61acc --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/PrivateKeyEntryDecoder.java @@ -0,0 +1,154 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.StreamCorruptedException; +import java.security.GeneralSecurityException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.spec.InvalidKeySpecException; +import java.util.Collection; +import java.util.Objects; + +import org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.io.SecureByteArrayOutputStream; + +/** + * @param Type of {@link PublicKey} + * @param Type of {@link PrivateKey} + * @author Apache MINA SSHD Project + */ +public interface PrivateKeyEntryDecoder + extends KeyEntryResolver, PrivateKeyEntryResolver { + + @Override + default PrivateKey resolve( + SessionContext session, String keyType, byte[] keyData) + throws IOException, GeneralSecurityException { + ValidateUtils.checkNotNullAndNotEmpty(keyType, "No key type provided"); + Collection supported = getSupportedKeyTypes(); + if ((GenericUtils.size(supported) > 0) && supported.contains(keyType)) { + return decodePrivateKey(session, FilePasswordProvider.EMPTY, keyData); + } + + throw new InvalidKeySpecException("resolve(" + keyType + ") not in listed supported types: " + supported); + } + + /** + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} + * if not invoked within a session context (e.g., offline tool or session unknown). + * @param passwordProvider The {@link FilePasswordProvider} to use in case the data is encrypted - may be + * {@code null} if no encrypted data is expected + * @param keyData The key data bytes in {@code OpenSSH} format (after BASE64 decoding) - ignored + * if {@code null}/empty + * @return The decoded {@link PrivateKey} - or {@code null} if no data + * @throws IOException If failed to decode the key + * @throws GeneralSecurityException If failed to generate the key + */ + default PRV decodePrivateKey( + SessionContext session, FilePasswordProvider passwordProvider, byte... keyData) + throws IOException, GeneralSecurityException { + return decodePrivateKey(session, passwordProvider, keyData, 0, NumberUtils.length(keyData)); + } + + default PRV decodePrivateKey( + SessionContext session, FilePasswordProvider passwordProvider, byte[] keyData, int offset, int length) + throws IOException, GeneralSecurityException { + if (length <= 0) { + return null; + } + + try (InputStream stream = new ByteArrayInputStream(keyData, offset, length)) { + return decodePrivateKey(session, passwordProvider, stream); + } + } + + default PRV decodePrivateKey( + SessionContext session, FilePasswordProvider passwordProvider, InputStream keyData) + throws IOException, GeneralSecurityException { + // the actual data is preceded by a string that repeats the key type + String type = KeyEntryResolver.decodeString(keyData, KeyPairResourceLoader.MAX_KEY_TYPE_NAME_LENGTH); + if (GenericUtils.isEmpty(type)) { + throw new StreamCorruptedException("Missing key type string"); + } + + Collection supported = getSupportedKeyTypes(); + if (GenericUtils.isEmpty(supported) || (!supported.contains(type))) { + throw new InvalidKeySpecException("Reported key type (" + type + ") not in supported list: " + supported); + } + + return decodePrivateKey(session, type, passwordProvider, keyData); + } + + /** + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} + * if not invoked within a session context (e.g., offline tool or session unknown). + * @param keyType The reported / encode key type + * @param passwordProvider The {@link FilePasswordProvider} to use in case the data is encrypted - may be + * {@code null} if no encrypted data is expected + * @param keyData The key data bytes stream positioned after the key type decoding and making sure + * it is one of the supported types + * @return The decoded {@link PrivateKey} + * @throws IOException If failed to read from the data stream + * @throws GeneralSecurityException If failed to generate the key + */ + PRV decodePrivateKey( + SessionContext session, String keyType, FilePasswordProvider passwordProvider, InputStream keyData) + throws IOException, GeneralSecurityException; + + /** + * Encodes the {@link PrivateKey} using the {@code OpenSSH} format - same one used by the {@code decodePublicKey} + * method(s) + * + * @param s The {@link SecureByteArrayOutputStream} to write the data to. + * @param key The {@link PrivateKey} - may not be {@code null} + * @param pubKey The {@link PublicKey} belonging to the private key - must be non-{@code null} if + * {@link #isPublicKeyRecoverySupported() public key recovery} is not supported + * @return The key type value - one of the {@link #getSupportedKeyTypes()} or {@code null} if encoding + * not supported + * @throws IOException If failed to generate the encoding + */ + default String encodePrivateKey(SecureByteArrayOutputStream s, PRV key, PUB pubKey) throws IOException { + Objects.requireNonNull(key, "No private key provided"); + return null; + } + + default boolean isPublicKeyRecoverySupported() { + return false; + } + + /** + * Attempts to recover the public key given the private one + * + * @param prvKey The {@link PrivateKey} + * @return The recovered {@link PublicKey} - {@code null} if cannot recover it + * @throws GeneralSecurityException If failed to generate the public key + */ + default PUB recoverPublicKey(PRV prvKey) throws GeneralSecurityException { + return null; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/PrivateKeyEntryResolver.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/PrivateKeyEntryResolver.java new file mode 100644 index 0000000..4af14bd --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/PrivateKeyEntryResolver.java @@ -0,0 +1,77 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.PrivateKey; +import java.security.spec.InvalidKeySpecException; + +import org.apache.sshd.common.session.SessionContext; + +/** + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface PrivateKeyEntryResolver { + /** + * A resolver that ignores all input + */ + PrivateKeyEntryResolver IGNORING = new PrivateKeyEntryResolver() { + @Override + public PrivateKey resolve(SessionContext session, String keyType, byte[] keyData) + throws IOException, GeneralSecurityException { + return null; + } + + @Override + public String toString() { + return "IGNORING"; + } + }; + + /** + * A resolver that fails on all input + */ + PrivateKeyEntryResolver FAILING = new PrivateKeyEntryResolver() { + @Override + public PrivateKey resolve(SessionContext session, String keyType, byte[] keyData) + throws IOException, GeneralSecurityException { + throw new InvalidKeySpecException("Failing resolver on key type=" + keyType); + } + + @Override + public String toString() { + return "FAILING"; + } + }; + + /** + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} + * if not invoked within a session context (e.g., offline tool or session unknown). + * @param keyType The {@code OpenSSH} reported key type + * @param keyData The {@code OpenSSH} encoded key data + * @return The extracted {@link PrivateKey} - ignored if {@code null} + * @throws IOException If failed to parse the key data + * @throws GeneralSecurityException If failed to generate the key + */ + PrivateKey resolve(SessionContext session, String keyType, byte[] keyData) + throws IOException, GeneralSecurityException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntry.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntry.java new file mode 100644 index 0000000..8dc634c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntry.java @@ -0,0 +1,516 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.Serializable; +import java.io.StreamCorruptedException; +import java.nio.file.Path; +import java.security.GeneralSecurityException; +import java.security.PublicKey; +import java.security.spec.InvalidKeySpecException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.NavigableMap; +import java.util.Objects; +import java.util.TreeMap; + +import org.apache.sshd.common.keyprovider.KeyTypeIndicator; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + *

    + * Represents a {@link PublicKey} whose data is formatted according to the + * OpenSSH format: + *

    + * + * 
    + * <key-type> <base64-encoded-public-key-data>
+ *
    + * + * @author Apache MINA SSHD Project + */ +public class PublicKeyEntry implements Serializable, KeyTypeIndicator { + /** + * Character used to denote a comment line in the keys file + */ + public static final char COMMENT_CHAR = '#'; + + /** + * Standard folder name used by OpenSSH to hold key files + */ + public static final String STD_KEYFILE_FOLDER_NAME = ".ssh"; + + private static final long serialVersionUID = -585506072687602760L; + + private static final NavigableMap KEY_DATA_RESOLVERS + = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + + private String keyType; + private byte[] keyData; + private PublicKeyEntryDataResolver keyDataResolver = PublicKeyEntryDataResolver.DEFAULT; + + public PublicKeyEntry() { + super(); + } + + public PublicKeyEntry(String keyType, byte... keyData) { + this.keyType = keyType; + this.keyData = keyData; + } + + @Override + public String getKeyType() { + return keyType; + } + + public void setKeyType(String value) { + this.keyType = value; + } + + public byte[] getKeyData() { + return keyData; + } + + public void setKeyData(byte[] value) { + this.keyData = value; + } + + public PublicKeyEntryDataResolver getKeyDataResolver() { + return keyDataResolver; + } + + public void setKeyDataResolver(PublicKeyEntryDataResolver keyDataResolver) { + this.keyDataResolver = keyDataResolver; + } + + /** + * If a {@link PublicKeyEntryDataResolver} has been set, then uses it - otherwise uses the + * {@link PublicKeyEntryDataResolver#DEFAULT default one}. + * + * @return The resolved instance + */ + public PublicKeyEntryDataResolver resolvePublicKeyEntryDataResolver() { + PublicKeyEntryDataResolver resolver = getKeyDataResolver(); + return (resolver == null) ? PublicKeyEntryDataResolver.DEFAULT : resolver; + } + + /** + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} + * if not invoked within a session context (e.g., offline tool or session unknown). + * @param headers Any headers that may have been available when data was read + * @param fallbackResolver The {@link PublicKeyEntryResolver} to consult if none of the built-in ones can + * be used. If {@code null} and no built-in resolver can be used then an + * {@link InvalidKeySpecException} is thrown. + * @return The resolved {@link PublicKey} - or {@code null} if could not be resolved. + * Note: may be called only after key type and data bytes have been set or + * exception(s) may be thrown + * @throws IOException If failed to decode the key + * @throws GeneralSecurityException If failed to generate the key + */ + public PublicKey resolvePublicKey( + SessionContext session, Map headers, PublicKeyEntryResolver fallbackResolver) + throws IOException, GeneralSecurityException { + String kt = getKeyType(); + PublicKeyEntryResolver decoder = KeyUtils.getPublicKeyEntryDecoder(kt); + if (decoder == null) { + decoder = fallbackResolver; + } + if (decoder == null) { + throw new InvalidKeySpecException("No decoder available for key type=" + kt); + } + + return decoder.resolve(session, kt, getKeyData(), headers); + } + + /** + * @param session The {@link SessionContext} for invoking this command - may be {@code null} if + * not invoked within a session context (e.g., offline tool or session unknown). + * @param sb The {@link Appendable} instance to encode the data into + * @param fallbackResolver The {@link PublicKeyEntryResolver} to consult if none of the built-in ones can + * be used. If {@code null} and no built-in resolver can be used then an + * {@link InvalidKeySpecException} is thrown. + * @return The {@link PublicKey} or {@code null} if could not resolve it + * @throws IOException If failed to decode/encode the key + * @throws GeneralSecurityException If failed to generate the key + * @see #resolvePublicKey(SessionContext, Map, PublicKeyEntryResolver) + */ + public PublicKey appendPublicKey( + SessionContext session, Appendable sb, PublicKeyEntryResolver fallbackResolver) + throws IOException, GeneralSecurityException { + PublicKey key = resolvePublicKey(session, Collections.emptyMap(), fallbackResolver); + if (key != null) { + appendPublicKeyEntry(sb, key, resolvePublicKeyEntryDataResolver()); + } + return key; + } + + @Override + public int hashCode() { + return Objects.hashCode(getKeyType()) + Arrays.hashCode(getKeyData()); + } + + /* + * In case some derived class wants to define some "extended" equality without having to repeat this code + */ + protected boolean isEquivalent(PublicKeyEntry e) { + if (this == e) { + return true; + } + return Objects.equals(getKeyType(), e.getKeyType()) + && Arrays.equals(getKeyData(), e.getKeyData()); + } + + @Override + public boolean equals(Object obj) { + if (obj == null) { + return false; + } + if (this == obj) { + return true; + } + if (getClass() != obj.getClass()) { + return false; + } + return isEquivalent((PublicKeyEntry) obj); + } + + @Override + public String toString() { + PublicKeyEntryDataResolver resolver = resolvePublicKeyEntryDataResolver(); + String encData = resolver.encodeEntryKeyData(getKeyData()); + return getKeyType() + " " + (GenericUtils.isEmpty(encData) ? "" : encData); + } + + /** + * @param session The {@link SessionContext} for invoking this command - may be {@code null} if + * not invoked within a session context (e.g., offline tool or session unknown). + * @param entries The entries to convert - ignored if {@code null}/empty + * @param fallbackResolver The {@link PublicKeyEntryResolver} to consult if none of the built-in ones can + * be used. If {@code null} and no built-in resolver can be used then an + * {@link InvalidKeySpecException} is thrown. + * @return The {@link List} of all {@link PublicKey}-s that have been resolved + * @throws IOException If failed to decode the key data + * @throws GeneralSecurityException If failed to generate the {@link PublicKey} from the decoded data + * @see #resolvePublicKey(SessionContext, Map, PublicKeyEntryResolver) + */ + public static List resolvePublicKeyEntries( + SessionContext session, Collection entries, PublicKeyEntryResolver fallbackResolver) + throws IOException, GeneralSecurityException { + int numEntries = GenericUtils.size(entries); + if (numEntries <= 0) { + return Collections.emptyList(); + } + + List keys = new ArrayList<>(numEntries); + for (PublicKeyEntry e : entries) { + Map headers = (e instanceof AuthorizedKeyEntry) + ? ((AuthorizedKeyEntry) e).getLoginOptions() + : Collections.emptyMap(); + PublicKey k = e.resolvePublicKey(session, headers, fallbackResolver); + if (k != null) { + keys.add(k); + } + } + + return keys; + } + + /** + * Registers a specialized decoder for the public key entry data bytes instead of the + * {@link PublicKeyEntryDataResolver#DEFAULT default} one. + * + * @param keyType The key-type value (case insensitive) that will trigger the usage of this decoder - e.g., + * "ssh-rsa", "pgp-sign-dss", etc. + * @param resolver The decoder to use + */ + public static void registerKeyDataEntryResolver(String keyType, PublicKeyEntryDataResolver resolver) { + ValidateUtils.checkNotNullAndNotEmpty(keyType, "No key type provided"); + Objects.requireNonNull(resolver, "No resolver provided"); + + synchronized (KEY_DATA_RESOLVERS) { + KEY_DATA_RESOLVERS.put(keyType, resolver); + } + } + + /** + * @param keyType The key-type value (case insensitive) that may have been previously + * {@link #registerKeyDataEntryResolver(String, PublicKeyEntryDataResolver) registered} - e.g., + * "ssh-rsa", "pgp-sign-dss", etc. + * @return The registered resolver instance - {@code null} if none was registered + */ + public static PublicKeyEntryDataResolver getKeyDataEntryResolver(String keyType) { + keyType = ValidateUtils.checkNotNullAndNotEmpty(keyType, "No key type provided"); + + synchronized (KEY_DATA_RESOLVERS) { + return KEY_DATA_RESOLVERS.get(keyType); + } + } + + /** + * @param keyType The key-type value (case insensitive) that may have been previously + * {@link #registerKeyDataEntryResolver(String, PublicKeyEntryDataResolver) registered} - e.g., + * "ssh-rsa", "pgp-sign-dss", etc. + * @return The un-registered resolver instance - {@code null} if none was registered + */ + public static PublicKeyEntryDataResolver unregisterKeyDataEntryResolver(String keyType) { + keyType = ValidateUtils.checkNotNullAndNotEmpty(keyType, "No key type provided"); + + synchronized (KEY_DATA_RESOLVERS) { + return KEY_DATA_RESOLVERS.remove(keyType); + } + } + + /** + * @param keyType keyType The key-type value (case insensitive) whose data is to be resolved - e.g., + * "ssh-rsa", "pgp-sign-dss", etc. + * @return If a specific resolver has been previously + * {@link #registerKeyDataEntryResolver(String, PublicKeyEntryDataResolver) registered} then uses + * it, otherwise the {@link PublicKeyEntryDataResolver#DEFAULT default} one. + */ + public static PublicKeyEntryDataResolver resolveKeyDataEntryResolver(String keyType) { + keyType = ValidateUtils.checkNotNullAndNotEmpty(keyType, "No key type provided"); + + PublicKeyEntryDataResolver resolver = getKeyDataEntryResolver(keyType); + if (resolver != null) { + return resolver; // debug breakpoint + } + + return PublicKeyEntryDataResolver.DEFAULT; + } + + /** + * @return A snapshot of the currently registered specialized {@link PublicKeyEntryDataResolver}-s, where key=the + * key-type value (case insensitive) - e.g., "ssh-rsa", "pgp-sign-dss", etc., + * value=the associated {@link PublicKeyEntryDataResolver} for the key type + */ + public static NavigableMap getRegisteredKeyDataEntryResolvers() { + NavigableMap decoders; + synchronized (KEY_DATA_RESOLVERS) { + if (KEY_DATA_RESOLVERS.isEmpty()) { + return Collections.emptyNavigableMap(); + } + + decoders = new TreeMap<>(KEY_DATA_RESOLVERS.comparator()); + decoders.putAll(KEY_DATA_RESOLVERS); + } + + return decoders; + } + + /** + * @param encData Assumed to contain at least {@code key-type base64-data} (anything beyond the + * BASE64 data is ignored) - ignored if {@code null}/empty + * @return A {@link PublicKeyEntry} or {@code null} if no data + * @throws IllegalArgumentException if bad format found + * @see #parsePublicKeyEntry(String, PublicKeyEntryDataResolver) + */ + public static PublicKeyEntry parsePublicKeyEntry(String encData) throws IllegalArgumentException { + return parsePublicKeyEntry(encData, (PublicKeyEntryDataResolver) null); + } + + /** + * @param encData Assumed to contain at least {@code key-type base64-data} (anything beyond the + * BASE64 data is ignored) - ignored if {@code null}/empty + * @param decoder The {@link PublicKeyEntryDataResolver} to use in order to decode the key data + * string into its bytes - if {@code null} then one is automatically + * {@link #resolveKeyDataEntryResolver(String) resolved} + * @return A {@link PublicKeyEntry} or {@code null} if no data + * @throws IllegalArgumentException if bad format found + * @see #parsePublicKeyEntry(PublicKeyEntry, String, PublicKeyEntryDataResolver) + */ + public static PublicKeyEntry parsePublicKeyEntry( + String encData, PublicKeyEntryDataResolver decoder) + throws IllegalArgumentException { + String data = GenericUtils.replaceWhitespaceAndTrim(encData); + if (GenericUtils.isEmpty(data)) { + return null; + } else { + return parsePublicKeyEntry(new PublicKeyEntry(), data, decoder); + } + } + + /** + * @param The generic entry type + * @param entry The {@link PublicKeyEntry} whose contents are to be updated - ignored if + * {@code null} + * @param encData Assumed to contain at least {@code key-type base64-data} (anything beyond the + * BASE64 data is ignored) - ignored if {@code null}/empty + * @return The updated entry instance + * @throws IllegalArgumentException if bad format found + * @see #parsePublicKeyEntry(PublicKeyEntry, String, PublicKeyEntryDataResolver) + */ + public static E parsePublicKeyEntry(E entry, String encData) + throws IllegalArgumentException { + return parsePublicKeyEntry(entry, encData, null); + } + + /** + * @param The generic entry type + * @param entry The {@link PublicKeyEntry} whose contents are to be updated - ignored if + * {@code null} + * @param encData Assumed to contain at least {@code key-type base64-data} (anything beyond the + * BASE64 data is ignored) - ignored if {@code null}/empty + * @param decoder The {@link PublicKeyEntryDataResolver} to use in order to decode the key data + * string into its bytes - if {@code null} then one is automatically + * {@link #resolveKeyDataEntryResolver(String) resolved} + * @return The updated entry instance + * @throws IllegalArgumentException if bad format found + */ + public static E parsePublicKeyEntry( + E entry, String encData, PublicKeyEntryDataResolver decoder) + throws IllegalArgumentException { + String data = GenericUtils.replaceWhitespaceAndTrim(encData); + if (GenericUtils.isEmpty(data) || (entry == null)) { + return entry; + } + + int startPos = data.indexOf(' '); + if (startPos <= 0) { + throw new IllegalArgumentException("Bad format (no key data delimiter): " + data); + } + + int endPos = data.indexOf(' ', startPos + 1); + if (endPos <= startPos) { // OK if no continuation beyond the encoded key data + endPos = data.length(); + } + + String keyType = data.substring(0, startPos); + if (decoder == null) { + decoder = resolveKeyDataEntryResolver(keyType); + } + String b64Data = data.substring(startPos + 1, endPos).trim(); + byte[] keyData = decoder.decodeEntryKeyData(b64Data); + if (NumberUtils.isEmpty(keyData)) { + throw new IllegalArgumentException("Bad format (no BASE64 key data): " + data); + } + + entry.setKeyType(keyType); + entry.setKeyDataResolver(decoder); + entry.setKeyData(keyData); + return entry; + } + + /** + * @param key The {@link PublicKey} + * @return The {@code OpenSSH} encoded data + * @throws IllegalArgumentException If failed to encode + * @see #toString(PublicKey, PublicKeyEntryDataResolver) + */ + public static String toString(PublicKey key) throws IllegalArgumentException { + return toString(key, null); + } + + /** + * @param key The {@link PublicKey} + * @param encoder The {@link PublicKeyEntryDataResolver} to use in order to encode the key data + * bytes into a string representation - if {@code null} then one is automatically + * {@link #resolveKeyDataEntryResolver(String) resolved} + * @return The {@code OpenSSH} encoded data + * @throws IllegalArgumentException If failed to encode + * @see #appendPublicKeyEntry(Appendable, PublicKey, PublicKeyEntryDataResolver) + */ + public static String toString( + PublicKey key, PublicKeyEntryDataResolver encoder) + throws IllegalArgumentException { + try { + return appendPublicKeyEntry(new StringBuilder(Byte.MAX_VALUE), key, encoder).toString(); + } catch (IOException e) { + throw new IllegalArgumentException("Failed (" + e.getClass().getSimpleName() + ") to encode: " + e.getMessage(), e); + } + } + + /** + * Encodes a public key data the same way as the {@link #parsePublicKeyEntry(String)} expects it + * + * @param The generic appendable class + * @param sb The {@link Appendable} instance to encode the data into + * @param key The {@link PublicKey} - ignored if {@code null} + * @return The updated appendable instance + * @throws IOException If failed to append the data + * @see #appendPublicKeyEntry(Appendable, PublicKey, PublicKeyEntryDataResolver) + */ + public static A appendPublicKeyEntry(A sb, PublicKey key) throws IOException { + return appendPublicKeyEntry(sb, key, null); + } + + /** + * @param The generic appendable class + * @param sb The {@link Appendable} instance to encode the data into + * @param key The {@link PublicKey} - ignored if {@code null} + * @param encoder The {@link PublicKeyEntryDataResolver} to use in order to encode the key data bytes into a + * string representation - if {@code null} then one is automatically + * {@link #resolveKeyDataEntryResolver(String) resolved} + * @return The updated appendable instance + * @throws IOException If failed to append the data + */ + public static A appendPublicKeyEntry( + A sb, PublicKey key, PublicKeyEntryDataResolver encoder) + throws IOException { + if (key == null) { + return sb; + } + + @SuppressWarnings("unchecked") + PublicKeyEntryDecoder decoder + = (PublicKeyEntryDecoder) KeyUtils.getPublicKeyEntryDecoder(key); + if (decoder == null) { + throw new StreamCorruptedException("Cannot retrieve decoder for key=" + key.getAlgorithm()); + } + + try (ByteArrayOutputStream s = new ByteArrayOutputStream(Byte.MAX_VALUE)) { + String keyType = decoder.encodePublicKey(s, key); + byte[] bytes = s.toByteArray(); + if (encoder == null) { + encoder = resolveKeyDataEntryResolver(keyType); + } + + String encData = encoder.encodeEntryKeyData(bytes); + sb.append(keyType).append(' ').append(encData); + } + + return sb; + } + + private static final class LazyDefaultKeysFolderHolder { + private static final Path PATH = IdentityUtils.getUserHomeFolder().resolve(STD_KEYFILE_FOLDER_NAME); + + private LazyDefaultKeysFolderHolder() { + throw new UnsupportedOperationException("No instance allowed"); + } + } + + /** + * @return The default OpenSSH folder used to hold key files - e.g., {@code known_hosts}, {@code authorized_keys}, + * etc. + */ + @SuppressWarnings("synthetic-access") + public static Path getDefaultKeysFolderPath() { + return LazyDefaultKeysFolderHolder.PATH; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntryDataResolver.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntryDataResolver.java new file mode 100644 index 0000000..3b65b81 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntryDataResolver.java @@ -0,0 +1,71 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys; + +import java.util.Base64; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; + +/** + * TODO Add javadoc + * + * @author Apache MINA SSHD Project + */ +public interface PublicKeyEntryDataResolver { + PublicKeyEntryDataResolver DEFAULT = new PublicKeyEntryDataResolver() { + @Override + public String toString() { + return "DEFAULT"; + } + }; + + /** + * Decodes the public key entry data bytes from their string representation - by default it assume {@link Base64} + * encoding. + * + * @param encData The encoded data - ignored if {@code null}/empty + * @return The decoded data bytes + */ + default byte[] decodeEntryKeyData(String encData) { + if (GenericUtils.isEmpty(encData)) { + return GenericUtils.EMPTY_BYTE_ARRAY; + } + + Base64.Decoder decoder = Base64.getDecoder(); + return decoder.decode(encData); + } + + /** + * Encodes the public key entry data bytes into their string representation - by default it assume {@link Base64} + * encoding. + * + * @param keyData The key data bytes - ignored if {@code null}/empty + * @return The encoded data bytes + */ + default String encodeEntryKeyData(byte[] keyData) { + if (NumberUtils.isEmpty(keyData)) { + return ""; + } + + Base64.Encoder encoder = Base64.getEncoder(); + return encoder.encodeToString(keyData); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntryDecoder.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntryDecoder.java new file mode 100644 index 0000000..ca1fdfc --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntryDecoder.java @@ -0,0 +1,89 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.StreamCorruptedException; +import java.security.GeneralSecurityException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.spec.InvalidKeySpecException; +import java.util.Collection; +import java.util.Map; + +import org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * Represents a decoder of an {@code OpenSSH} encoded key data + * + * @param Type of {@link PublicKey} + * @param Type of {@link PrivateKey} + * @author Apache MINA SSHD Project + */ +public interface PublicKeyEntryDecoder + extends KeyEntryResolver, PublicKeyRawDataDecoder, PublicKeyEntryResolver { + + @Override + default PublicKey resolve( + SessionContext session, String keyType, byte[] keyData, Map headers) + throws IOException, GeneralSecurityException { + ValidateUtils.checkNotNullAndNotEmpty(keyType, "No key type provided"); + Collection supported = getSupportedKeyTypes(); + if ((GenericUtils.size(supported) > 0) && supported.contains(keyType)) { + return decodePublicKey(session, keyType, keyData, headers); + } + + throw new InvalidKeySpecException("resolve(" + keyType + ") not in listed supported types: " + supported); + } + + @Override + default PUB decodePublicKeyByType( + SessionContext session, String keyType, InputStream keyData, Map headers) + throws IOException, GeneralSecurityException { + // the actual data is preceded by a string that repeats the key type + String type = KeyEntryResolver.decodeString(keyData, KeyPairResourceLoader.MAX_KEY_TYPE_NAME_LENGTH); + if (GenericUtils.isEmpty(type)) { + throw new StreamCorruptedException("Missing key type string"); + } + + Collection supported = getSupportedKeyTypes(); + if (GenericUtils.isEmpty(supported) || (!supported.contains(type))) { + throw new InvalidKeySpecException("Reported key type (" + type + ") not in supported list: " + supported); + } + + return decodePublicKey(session, type, keyData, headers); + } + + /** + * Encodes the {@link PublicKey} using the {@code OpenSSH} format - same one used by the {@code decodePublicKey} + * method(s) + * + * @param s The {@link OutputStream} to write the data to + * @param key The {@link PublicKey} - may not be {@code null} + * @return The key type value - one of the {@link #getSupportedKeyTypes()} + * @throws IOException If failed to generate the encoding + */ + String encodePublicKey(OutputStream s, PUB key) throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntryResolver.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntryResolver.java new file mode 100644 index 0000000..f998e1d --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntryResolver.java @@ -0,0 +1,79 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.PublicKey; +import java.security.spec.InvalidKeySpecException; +import java.util.Map; + +import org.apache.sshd.common.session.SessionContext; + +/** + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface PublicKeyEntryResolver { + /** + * A resolver that ignores all input + */ + PublicKeyEntryResolver IGNORING = new PublicKeyEntryResolver() { + @Override + public PublicKey resolve(SessionContext session, String keyType, byte[] keyData, Map headers) + throws IOException, GeneralSecurityException { + return null; + } + + @Override + public String toString() { + return "IGNORING"; + } + }; + + /** + * A resolver that fails on all input + */ + PublicKeyEntryResolver FAILING = new PublicKeyEntryResolver() { + @Override + public PublicKey resolve(SessionContext session, String keyType, byte[] keyData, Map headers) + throws IOException, GeneralSecurityException { + throw new InvalidKeySpecException("Failing resolver on key type=" + keyType); + } + + @Override + public String toString() { + return "FAILING"; + } + }; + + /** + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} + * if not invoked within a session context (e.g., offline tool or session unknown). + * @param keyType The {@code OpenSSH} reported key type + * @param keyData The {@code OpenSSH} encoded key data + * @param headers Any headers that may have been available when data was read + * @return The extracted {@link PublicKey} - ignored if {@code null} + * @throws IOException If failed to parse the key data + * @throws GeneralSecurityException If failed to generate the key + */ + PublicKey resolve(SessionContext session, String keyType, byte[] keyData, Map headers) + throws IOException, GeneralSecurityException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/PublicKeyRawDataDecoder.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/PublicKeyRawDataDecoder.java new file mode 100644 index 0000000..6f15409 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/PublicKeyRawDataDecoder.java @@ -0,0 +1,83 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.security.GeneralSecurityException; +import java.security.PublicKey; +import java.util.Map; + +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.NumberUtils; + +/** + * @param Generic {@link PublicKey} type + * @author Apache MINA SSHD Project + */ +public interface PublicKeyRawDataDecoder { + /** + * @param session The {@link SessionContext} for invoking this command - may be {@code null} if + * not invoked within a session context (e.g., offline tool or session unknown). + * @param keyType The {@code OpenSSH} reported key type + * @param keyData The key data bytes in {@code OpenSSH} format (after BASE64 decoding) - ignored + * if {@code null}/empty + * @param headers Any headers that may have been available when data was read + * @return The decoded {@link PublicKey} - or {@code null} if no data + * @throws IOException If failed to decode the key + * @throws GeneralSecurityException If failed to generate the key + */ + default PUB decodePublicKey( + SessionContext session, String keyType, byte[] keyData, Map headers) + throws IOException, GeneralSecurityException { + return decodePublicKey(session, keyType, keyData, 0, NumberUtils.length(keyData), headers); + } + + default PUB decodePublicKey( + SessionContext session, String keyType, byte[] keyData, int offset, int length, Map headers) + throws IOException, GeneralSecurityException { + if (length <= 0) { + return null; + } + + try (InputStream stream = new ByteArrayInputStream(keyData, offset, length)) { + return decodePublicKeyByType(session, keyType, stream, headers); + } + } + + PUB decodePublicKeyByType( + SessionContext session, String keyType, InputStream keyData, Map headers) + throws IOException, GeneralSecurityException; + + /** + * @param session The {@link SessionContext} for invoking this command - may be {@code null} if + * not invoked within a session context (e.g., offline tool or session unknown). + * @param keyType The reported / encode key type + * @param keyData The key data bytes stream positioned after the key type decoding and making sure + * it is one of the supported types + * @param headers Any headers that may have been available when data was read + * @return The decoded {@link PublicKey} + * @throws IOException If failed to read from the data stream + * @throws GeneralSecurityException If failed to generate the key + */ + PUB decodePublicKey(SessionContext session, String keyType, InputStream keyData, Map headers) + throws IOException, GeneralSecurityException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/PublicKeyRawDataReader.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/PublicKeyRawDataReader.java new file mode 100644 index 0000000..8ac9e21 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/PublicKeyRawDataReader.java @@ -0,0 +1,120 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.Reader; +import java.net.URL; +import java.nio.charset.Charset; +import java.nio.charset.StandardCharsets; +import java.nio.file.OpenOption; +import java.nio.file.Path; +import java.security.GeneralSecurityException; +import java.security.PublicKey; +import java.util.List; +import java.util.Objects; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.io.IoUtils; +import org.apache.sshd.common.util.io.resource.IoResource; +import org.apache.sshd.common.util.io.resource.PathResource; +import org.apache.sshd.common.util.io.resource.URLResource; + +/** + * @param The generic {@link PublicKey} type + * @author Apache MINA SSHD Project + */ +public interface PublicKeyRawDataReader { + default PUB readPublicKey(SessionContext session, Path path, OpenOption... options) + throws IOException, GeneralSecurityException { + return readPublicKey(session, path, StandardCharsets.UTF_8, options); + } + + default PUB readPublicKey( + SessionContext session, Path path, Charset cs, OpenOption... options) + throws IOException, GeneralSecurityException { + return readPublicKey(session, new PathResource(path, options), cs); + } + + default PUB readPublicKey(SessionContext session, URL url) + throws IOException, GeneralSecurityException { + return readPublicKey(session, url, StandardCharsets.UTF_8); + } + + default PUB readPublicKey(SessionContext session, URL url, Charset cs) + throws IOException, GeneralSecurityException { + return readPublicKey(session, new URLResource(url), cs); + } + + default PUB readPublicKey(SessionContext session, IoResource resource) + throws IOException, GeneralSecurityException { + return readPublicKey(session, resource, StandardCharsets.UTF_8); + } + + default PUB readPublicKey( + SessionContext session, IoResource resource, Charset cs) + throws IOException, GeneralSecurityException { + try (InputStream stream = Objects.requireNonNull(resource, "No resource data").openInputStream()) { + return readPublicKey(session, resource, stream, cs); + } + } + + default PUB readPublicKey( + SessionContext session, NamedResource resourceKey, InputStream stream) + throws IOException, GeneralSecurityException { + return readPublicKey(session, resourceKey, stream, StandardCharsets.UTF_8); + } + + default PUB readPublicKey( + SessionContext session, NamedResource resourceKey, InputStream stream, Charset cs) + throws IOException, GeneralSecurityException { + try (Reader reader = new InputStreamReader( + Objects.requireNonNull(stream, "No stream instance"), Objects.requireNonNull(cs, "No charset"))) { + return readPublicKey(session, resourceKey, reader); + } + } + + default PUB readPublicKey( + SessionContext session, NamedResource resourceKey, Reader rdr) + throws IOException, GeneralSecurityException { + try (BufferedReader br + = new BufferedReader(Objects.requireNonNull(rdr, "No reader instance"), IoUtils.DEFAULT_COPY_SIZE)) { + return readPublicKey(session, resourceKey, br); + } + } + + default PUB readPublicKey( + SessionContext session, NamedResource resourceKey, BufferedReader rdr) + throws IOException, GeneralSecurityException { + List lines = IoUtils.readAllLines(rdr); + try { + return readPublicKey(session, resourceKey, lines); + } finally { + lines.clear(); // clean up sensitive data a.s.a.p. + } + } + + PUB readPublicKey(SessionContext session, NamedResource resourceKey, List lines) + throws IOException, GeneralSecurityException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/AbstractIdentityResourceLoader.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/AbstractIdentityResourceLoader.java new file mode 100644 index 0000000..8113cce --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/AbstractIdentityResourceLoader.java @@ -0,0 +1,66 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.config.keys.impl; + +import java.security.PrivateKey; +import java.security.PublicKey; +import java.util.Collection; +import java.util.Collections; +import java.util.NavigableSet; +import java.util.Objects; + +import org.apache.sshd.common.config.keys.IdentityResourceLoader; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * @param Generic public key type + * @param Generic private key type + * @author Apache MINA SSHD Project + */ +public abstract class AbstractIdentityResourceLoader + implements IdentityResourceLoader { + private final Class pubType; + private final Class prvType; + private final NavigableSet types; + + protected AbstractIdentityResourceLoader( + Class pubType, Class prvType, Collection keyTypes) { + this.pubType = Objects.requireNonNull(pubType, "No public key type specified"); + this.prvType = Objects.requireNonNull(prvType, "No private key type specified"); + this.types = Collections.unmodifiableNavigableSet( + GenericUtils.asSortedSet(String.CASE_INSENSITIVE_ORDER, + ValidateUtils.checkNotNullAndNotEmpty(keyTypes, "No key type names provided"))); + } + + @Override + public final Class getPublicKeyType() { + return pubType; + } + + @Override + public final Class getPrivateKeyType() { + return prvType; + } + + @Override + public NavigableSet getSupportedKeyTypes() { + return types; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/AbstractKeyEntryResolver.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/AbstractKeyEntryResolver.java new file mode 100644 index 0000000..d7c88a6 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/AbstractKeyEntryResolver.java @@ -0,0 +1,59 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.impl; + +import java.security.GeneralSecurityException; +import java.security.KeyFactory; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.spec.KeySpec; +import java.util.Collection; + +import org.apache.sshd.common.config.keys.KeyEntryResolver; + +/** + * @param Type of {@link PublicKey} + * @param Type of {@link PrivateKey} + * @author Apache MINA SSHD Project + */ +public abstract class AbstractKeyEntryResolver + extends AbstractIdentityResourceLoader + implements KeyEntryResolver { + protected AbstractKeyEntryResolver(Class pubType, Class prvType, Collection names) { + super(pubType, prvType, names); + } + + public PUB generatePublicKey(KeySpec keySpec) throws GeneralSecurityException { + KeyFactory factory = getKeyFactoryInstance(); + Class keyType = getPublicKeyType(); + return keyType.cast(factory.generatePublic(keySpec)); + } + + public PRV generatePrivateKey(KeySpec keySpec) throws GeneralSecurityException { + KeyFactory factory = getKeyFactoryInstance(); + Class keyType = getPrivateKeyType(); + return keyType.cast(factory.generatePrivate(keySpec)); + } + + @Override + public String toString() { + return getPublicKeyType().getSimpleName() + ": " + getSupportedKeyTypes(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/AbstractPrivateKeyEntryDecoder.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/AbstractPrivateKeyEntryDecoder.java new file mode 100644 index 0000000..0015788 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/AbstractPrivateKeyEntryDecoder.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.impl; + +import java.security.PrivateKey; +import java.security.PublicKey; +import java.util.Collection; + +import org.apache.sshd.common.config.keys.PrivateKeyEntryDecoder; + +/** + * @param Type of {@link PublicKey} + * @param Type of {@link PrivateKey} + * @author Apache MINA SSHD Project + */ +public abstract class AbstractPrivateKeyEntryDecoder + extends AbstractKeyEntryResolver + implements PrivateKeyEntryDecoder { + protected AbstractPrivateKeyEntryDecoder(Class pubType, Class prvType, Collection names) { + super(pubType, prvType, names); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/AbstractPublicKeyEntryDecoder.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/AbstractPublicKeyEntryDecoder.java new file mode 100644 index 0000000..9241d9d --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/AbstractPublicKeyEntryDecoder.java @@ -0,0 +1,61 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.impl; + +import java.security.PrivateKey; +import java.security.PublicKey; +import java.util.Collection; +import java.util.Map; + +import org.apache.sshd.common.PropertyResolverUtils; +import org.apache.sshd.common.config.keys.PublicKeyEntryDecoder; +import org.apache.sshd.common.util.GenericUtils; + +/** + * Useful base class implementation for a decoder of an {@code OpenSSH} encoded key data + * + * @param Type of {@link PublicKey} + * @param Type of {@link PrivateKey} + * @author Apache MINA SSHD Project + */ +public abstract class AbstractPublicKeyEntryDecoder + extends AbstractKeyEntryResolver + implements PublicKeyEntryDecoder { + protected AbstractPublicKeyEntryDecoder(Class pubType, Class prvType, Collection names) { + super(pubType, prvType, names); + } + + protected final boolean parseBooleanHeader(Map headers, String propertyKey, boolean defaultVal) { + if (GenericUtils.isEmpty(headers) || !headers.containsKey(propertyKey)) { + return defaultVal; + } + String stringVal = headers.get(propertyKey); + Boolean boolVal; + try { + boolVal = PropertyResolverUtils.parseBoolean(stringVal); + } catch (IllegalArgumentException e) { + boolVal = null; + } + if (boolVal == null) { + return defaultVal; + } + return boolVal; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/DSSPublicKeyEntryDecoder.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/DSSPublicKeyEntryDecoder.java new file mode 100644 index 0000000..cb1fd9e --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/DSSPublicKeyEntryDecoder.java @@ -0,0 +1,124 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.impl; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.math.BigInteger; +import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; +import java.security.KeyFactory; +import java.security.KeyPairGenerator; +import java.security.interfaces.DSAParams; +import java.security.interfaces.DSAPrivateKey; +import java.security.interfaces.DSAPublicKey; +import java.security.spec.DSAPrivateKeySpec; +import java.security.spec.DSAPublicKeySpec; +import java.security.spec.InvalidKeySpecException; +import java.util.Collections; +import java.util.Map; +import java.util.Objects; + +import org.apache.sshd.common.config.keys.KeyEntryResolver; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * @author Apache MINA SSHD Project + */ +public class DSSPublicKeyEntryDecoder extends AbstractPublicKeyEntryDecoder { + public static final DSSPublicKeyEntryDecoder INSTANCE = new DSSPublicKeyEntryDecoder(); + + public DSSPublicKeyEntryDecoder() { + super(DSAPublicKey.class, DSAPrivateKey.class, + Collections.unmodifiableList(Collections.singletonList(KeyPairProvider.SSH_DSS))); + } + + @Override + public DSAPublicKey decodePublicKey( + SessionContext session, String keyType, InputStream keyData, Map headers) + throws IOException, GeneralSecurityException { + if (!KeyPairProvider.SSH_DSS.equals(keyType)) { // just in case we were invoked directly + throw new InvalidKeySpecException("Unexpected key type: " + keyType); + } + + BigInteger p = KeyEntryResolver.decodeBigInt(keyData); + BigInteger q = KeyEntryResolver.decodeBigInt(keyData); + BigInteger g = KeyEntryResolver.decodeBigInt(keyData); + BigInteger y = KeyEntryResolver.decodeBigInt(keyData); + + return generatePublicKey(new DSAPublicKeySpec(y, p, q, g)); + } + + @Override + public String encodePublicKey(OutputStream s, DSAPublicKey key) throws IOException { + Objects.requireNonNull(key, "No public key provided"); + + DSAParams keyParams = Objects.requireNonNull(key.getParams(), "No DSA params available"); + KeyEntryResolver.encodeString(s, KeyPairProvider.SSH_DSS); + KeyEntryResolver.encodeBigInt(s, keyParams.getP()); + KeyEntryResolver.encodeBigInt(s, keyParams.getQ()); + KeyEntryResolver.encodeBigInt(s, keyParams.getG()); + KeyEntryResolver.encodeBigInt(s, key.getY()); + + return KeyPairProvider.SSH_DSS; + } + + @Override + public DSAPublicKey clonePublicKey(DSAPublicKey key) throws GeneralSecurityException { + if (key == null) { + return null; + } + + DSAParams params = key.getParams(); + if (params == null) { + throw new InvalidKeyException("Missing parameters in key"); + } + + return generatePublicKey(new DSAPublicKeySpec(key.getY(), params.getP(), params.getQ(), params.getG())); + } + + @Override + public DSAPrivateKey clonePrivateKey(DSAPrivateKey key) throws GeneralSecurityException { + if (key == null) { + return null; + } + + DSAParams params = key.getParams(); + if (params == null) { + throw new InvalidKeyException("Missing parameters in key"); + } + + return generatePrivateKey(new DSAPrivateKeySpec(key.getX(), params.getP(), params.getQ(), params.getG())); + } + + @Override + public KeyPairGenerator getKeyPairGenerator() throws GeneralSecurityException { + return SecurityUtils.getKeyPairGenerator(KeyUtils.DSS_ALGORITHM); + } + + @Override + public KeyFactory getKeyFactoryInstance() throws GeneralSecurityException { + return SecurityUtils.getKeyFactory(KeyUtils.DSS_ALGORITHM); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/ECDSAPublicKeyEntryDecoder.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/ECDSAPublicKeyEntryDecoder.java new file mode 100644 index 0000000..41a9262 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/ECDSAPublicKeyEntryDecoder.java @@ -0,0 +1,194 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.impl; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchProviderException; +import java.security.interfaces.ECPrivateKey; +import java.security.interfaces.ECPublicKey; +import java.security.spec.ECParameterSpec; +import java.security.spec.ECPoint; +import java.security.spec.ECPrivateKeySpec; +import java.security.spec.ECPublicKeySpec; +import java.security.spec.InvalidKeySpecException; +import java.util.Map; +import java.util.Objects; + +import org.apache.sshd.common.cipher.ECCurves; +import org.apache.sshd.common.config.keys.IdentityResourceLoader; +import org.apache.sshd.common.config.keys.KeyEntryResolver; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.buffer.BufferUtils; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * @author Apache MINA SSHD Project + */ +public class ECDSAPublicKeyEntryDecoder extends AbstractPublicKeyEntryDecoder { + public static final int MAX_ALLOWED_POINT_SIZE = IdentityResourceLoader.MAX_BIGINT_OCTETS_COUNT; + public static final int MAX_CURVE_NAME_LENGTH = 1024; + + public static final ECDSAPublicKeyEntryDecoder INSTANCE = new ECDSAPublicKeyEntryDecoder(); + + // see rfc5480 section 2.2 + public static final byte ECPOINT_UNCOMPRESSED_FORM_INDICATOR = 0x04; + public static final byte ECPOINT_COMPRESSED_VARIANT_2 = 0x02; + public static final byte ECPOINT_COMPRESSED_VARIANT_3 = 0x02; + + public ECDSAPublicKeyEntryDecoder() { + super(ECPublicKey.class, ECPrivateKey.class, ECCurves.KEY_TYPES); + } + + @Override + public ECPublicKey decodePublicKey( + SessionContext session, String keyType, InputStream keyData, Map headers) + throws IOException, GeneralSecurityException { + ECCurves curve = ECCurves.fromKeyType(keyType); + if (curve == null) { + throw new InvalidKeySpecException("Not an EC curve name: " + keyType); + } + + return decodePublicKey(curve, keyData); + } + + ECPublicKey decodePublicKey(ECCurves curve, InputStream keyData) throws IOException, GeneralSecurityException { + if (!SecurityUtils.isECCSupported()) { + throw new NoSuchProviderException("ECC not supported"); + } + + String keyCurveName = curve.getName(); + // see rfc5656 section 3.1 + String encCurveName = KeyEntryResolver.decodeString(keyData, MAX_CURVE_NAME_LENGTH); + if (!keyCurveName.equals(encCurveName)) { + throw new InvalidKeySpecException( + "Mismatched key curve name (" + keyCurveName + ") vs. encoded one (" + encCurveName + ")"); + } + + byte[] octets = KeyEntryResolver.readRLEBytes(keyData, MAX_ALLOWED_POINT_SIZE); + ECPoint w; + try { + w = ECCurves.octetStringToEcPoint(octets); + if (w == null) { + throw new InvalidKeySpecException( + "No ECPoint generated for curve=" + keyCurveName + " from octets=" + BufferUtils.toHex(':', octets)); + } + } catch (RuntimeException e) { + throw new InvalidKeySpecException( + "Failed (" + e.getClass().getSimpleName() + ")" + " to generate ECPoint for curve=" + keyCurveName + + " from octets=" + BufferUtils.toHex(':', octets) + ": " + e.getMessage()); + } + + ECParameterSpec paramSpec = curve.getParameters(); + return generatePublicKey(new ECPublicKeySpec(w, paramSpec)); + } + + @Override + public ECPublicKey clonePublicKey(ECPublicKey key) throws GeneralSecurityException { + if (!SecurityUtils.isECCSupported()) { + throw new NoSuchProviderException("ECC not supported"); + } + + if (key == null) { + return null; + } + + ECParameterSpec params = key.getParams(); + if (params == null) { + throw new InvalidKeyException("Missing parameters in key"); + } + + return generatePublicKey(new ECPublicKeySpec(key.getW(), params)); + } + + @Override + public ECPrivateKey clonePrivateKey(ECPrivateKey key) throws GeneralSecurityException { + if (!SecurityUtils.isECCSupported()) { + throw new NoSuchProviderException("ECC not supported"); + } + + if (key == null) { + return null; + } + + ECParameterSpec params = key.getParams(); + if (params == null) { + throw new InvalidKeyException("Missing parameters in key"); + } + + return generatePrivateKey(new ECPrivateKeySpec(key.getS(), params)); + } + + @Override + public String encodePublicKey(OutputStream s, ECPublicKey key) throws IOException { + Objects.requireNonNull(key, "No public key provided"); + + ECParameterSpec params = Objects.requireNonNull(key.getParams(), "No EC parameters available"); + ECCurves curve = Objects.requireNonNull(ECCurves.fromCurveParameters(params), "Cannot determine curve"); + String keyType = curve.getKeyType(); + encodePublicKey(s, keyType, curve, key.getW()); + return keyType; + } + + static void encodePublicKey(OutputStream s, String keyType, ECCurves curve, ECPoint w) throws IOException { + String curveName = curve.getName(); + KeyEntryResolver.encodeString(s, keyType); + // see rfc5656 section 3.1 + KeyEntryResolver.encodeString(s, curveName); + ECCurves.ECPointCompression.UNCOMPRESSED.writeECPoint(s, curveName, w); + } + + @Override + public KeyFactory getKeyFactoryInstance() throws GeneralSecurityException { + if (SecurityUtils.isECCSupported()) { + return SecurityUtils.getKeyFactory(KeyUtils.EC_ALGORITHM); + } else { + throw new NoSuchProviderException("ECC not supported"); + } + } + + @Override + public KeyPair generateKeyPair(int keySize) throws GeneralSecurityException { + ECCurves curve = ECCurves.fromCurveSize(keySize); + if (curve == null) { + throw new InvalidKeySpecException("Unknown curve for key size=" + keySize); + } + + KeyPairGenerator gen = getKeyPairGenerator(); + gen.initialize(curve.getParameters()); + return gen.generateKeyPair(); + } + + @Override + public KeyPairGenerator getKeyPairGenerator() throws GeneralSecurityException { + if (SecurityUtils.isECCSupported()) { + return SecurityUtils.getKeyPairGenerator(KeyUtils.EC_ALGORITHM); + } else { + throw new NoSuchProviderException("ECC not supported"); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/OpenSSHCertificateDecoder.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/OpenSSHCertificateDecoder.java new file mode 100644 index 0000000..d8d947f --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/OpenSSHCertificateDecoder.java @@ -0,0 +1,113 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.impl; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.security.GeneralSecurityException; +import java.security.KeyFactory; +import java.security.KeyPairGenerator; +import java.util.Arrays; +import java.util.Collections; +import java.util.Map; +import java.util.Objects; + +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.config.keys.OpenSshCertificate; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.common.util.buffer.keys.OpenSSHCertPublicKeyParser; +import org.apache.sshd.common.util.io.IoUtils; + +/** + * @author Apache MINA SSHD Project + */ +public class OpenSSHCertificateDecoder extends AbstractPublicKeyEntryDecoder { + public static final OpenSSHCertificateDecoder INSTANCE = new OpenSSHCertificateDecoder(); + + public OpenSSHCertificateDecoder() { + super(OpenSshCertificate.class, OpenSshCertificate.class, + Collections.unmodifiableList(Arrays.asList( + KeyUtils.RSA_SHA256_CERT_TYPE_ALIAS, + KeyUtils.RSA_SHA512_CERT_TYPE_ALIAS, + KeyPairProvider.SSH_RSA_CERT, + KeyPairProvider.SSH_DSS_CERT, + KeyPairProvider.SSH_ED25519_CERT, + KeyPairProvider.SSH_ECDSA_SHA2_NISTP256_CERT, + KeyPairProvider.SSH_ECDSA_SHA2_NISTP384_CERT, + KeyPairProvider.SSH_ECDSA_SHA2_NISTP521_CERT))); + } + + @Override + public OpenSshCertificate decodePublicKey( + SessionContext session, String keyType, InputStream keyData, Map headers) + throws IOException, GeneralSecurityException { + byte[] bytes = IoUtils.toByteArray(keyData); + ByteArrayBuffer buffer = new ByteArrayBuffer(bytes); + OpenSshCertificate cert = OpenSSHCertPublicKeyParser.INSTANCE.getRawPublicKey(keyType, buffer); + if (cert.getType() != OpenSshCertificate.SSH_CERT_TYPE_HOST) { + throw new GeneralSecurityException("The provided certificate is not a Host certificate."); + } + + return cert; + } + + @Override + public String encodePublicKey(OutputStream s, OpenSshCertificate key) throws IOException { + Objects.requireNonNull(key, "No public key provided"); + + ByteArrayBuffer buffer = new ByteArrayBuffer(); + buffer.putRawPublicKeyBytes(key); + s.write(buffer.getCompactData()); + + return key.getKeyType(); + } + + @Override + public OpenSshCertificate clonePublicKey(OpenSshCertificate key) throws GeneralSecurityException { + try (ByteArrayOutputStream outStream = new ByteArrayOutputStream()) { + String keyType = encodePublicKey(outStream, key); + try (InputStream inStream = new ByteArrayInputStream(outStream.toByteArray())) { + return decodePublicKey(null, keyType, inStream, null); + } + } catch (IOException e) { + throw new GeneralSecurityException("Unable to clone key ID=" + key.getId(), e); + } + } + + @Override + public OpenSshCertificate clonePrivateKey(OpenSshCertificate key) throws GeneralSecurityException { + return clonePublicKey(key); + } + + @Override + public KeyPairGenerator getKeyPairGenerator() throws GeneralSecurityException { + return null; + } + + @Override + public KeyFactory getKeyFactoryInstance() throws GeneralSecurityException { + return null; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/RSAPublicKeyDecoder.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/RSAPublicKeyDecoder.java new file mode 100644 index 0000000..1cbe32b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/RSAPublicKeyDecoder.java @@ -0,0 +1,129 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.impl; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.math.BigInteger; +import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; +import java.security.KeyFactory; +import java.security.KeyPairGenerator; +import java.security.interfaces.RSAPrivateCrtKey; +import java.security.interfaces.RSAPrivateKey; +import java.security.interfaces.RSAPublicKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.RSAPrivateCrtKeySpec; +import java.security.spec.RSAPublicKeySpec; +import java.util.Arrays; +import java.util.Collections; +import java.util.Map; +import java.util.Objects; + +import org.apache.sshd.common.config.keys.KeyEntryResolver; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * @author Apache MINA SSHD Project + */ +public class RSAPublicKeyDecoder extends AbstractPublicKeyEntryDecoder { + public static final RSAPublicKeyDecoder INSTANCE = new RSAPublicKeyDecoder(); + + public RSAPublicKeyDecoder() { + super(RSAPublicKey.class, RSAPrivateKey.class, + Collections.unmodifiableList( + Arrays.asList(KeyPairProvider.SSH_RSA, + // Not really required, but allow it + KeyUtils.RSA_SHA256_KEY_TYPE_ALIAS, + KeyUtils.RSA_SHA512_KEY_TYPE_ALIAS))); + } + + @Override + public RSAPublicKey decodePublicKey( + SessionContext session, String keyType, InputStream keyData, Map headers) + throws IOException, GeneralSecurityException { + // Not really required, but allow it + String canonicalName = KeyUtils.getCanonicalKeyType(keyType); + if (!KeyPairProvider.SSH_RSA.equals(canonicalName)) { // just in case we were invoked directly + throw new InvalidKeySpecException("Unexpected key type: " + keyType); + } + + BigInteger e = KeyEntryResolver.decodeBigInt(keyData); + BigInteger n = KeyEntryResolver.decodeBigInt(keyData); + + return generatePublicKey(new RSAPublicKeySpec(n, e)); + } + + @Override + public String encodePublicKey(OutputStream s, RSAPublicKey key) throws IOException { + Objects.requireNonNull(key, "No public key provided"); + KeyEntryResolver.encodeString(s, KeyPairProvider.SSH_RSA); + KeyEntryResolver.encodeBigInt(s, key.getPublicExponent()); + KeyEntryResolver.encodeBigInt(s, key.getModulus()); + + return KeyPairProvider.SSH_RSA; + } + + @Override + public RSAPublicKey clonePublicKey(RSAPublicKey key) throws GeneralSecurityException { + if (key == null) { + return null; + } else { + return generatePublicKey(new RSAPublicKeySpec(key.getModulus(), key.getPublicExponent())); + } + } + + @Override + public RSAPrivateKey clonePrivateKey(RSAPrivateKey key) throws GeneralSecurityException { + if (key == null) { + return null; + } + + if (!(key instanceof RSAPrivateCrtKey)) { + throw new InvalidKeyException("Cannot clone a non-RSAPrivateCrtKey: " + key.getClass().getSimpleName()); + } + + RSAPrivateCrtKey rsaPrv = (RSAPrivateCrtKey) key; + return generatePrivateKey( + new RSAPrivateCrtKeySpec( + rsaPrv.getModulus(), + rsaPrv.getPublicExponent(), + rsaPrv.getPrivateExponent(), + rsaPrv.getPrimeP(), + rsaPrv.getPrimeQ(), + rsaPrv.getPrimeExponentP(), + rsaPrv.getPrimeExponentQ(), + rsaPrv.getCrtCoefficient())); + } + + @Override + public KeyPairGenerator getKeyPairGenerator() throws GeneralSecurityException { + return SecurityUtils.getKeyPairGenerator(KeyUtils.RSA_ALGORITHM); + } + + @Override + public KeyFactory getKeyFactoryInstance() throws GeneralSecurityException { + return SecurityUtils.getKeyFactory(KeyUtils.RSA_ALGORITHM); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/SkECDSAPublicKeyEntryDecoder.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/SkECDSAPublicKeyEntryDecoder.java new file mode 100644 index 0000000..7c1f865 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/SkECDSAPublicKeyEntryDecoder.java @@ -0,0 +1,108 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.impl; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.security.GeneralSecurityException; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.PrivateKey; +import java.security.interfaces.ECPublicKey; +import java.security.spec.InvalidKeySpecException; +import java.util.Collections; +import java.util.Map; +import java.util.Objects; + +import org.apache.sshd.common.cipher.ECCurves; +import org.apache.sshd.common.config.keys.KeyEntryResolver; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.u2f.SkEcdsaPublicKey; + +/** + * @author Apache MINA SSHD Project + */ +public class SkECDSAPublicKeyEntryDecoder extends AbstractPublicKeyEntryDecoder { + public static final String KEY_TYPE = "sk-ecdsa-sha2-nistp256@openssh.com"; + public static final int MAX_APP_NAME_LENGTH = 1024; + + public static final SkECDSAPublicKeyEntryDecoder INSTANCE = new SkECDSAPublicKeyEntryDecoder(); + + private static final String NO_TOUCH_REQUIRED_HEADER = "no-touch-required"; + + public SkECDSAPublicKeyEntryDecoder() { + super(SkEcdsaPublicKey.class, PrivateKey.class, Collections.singleton(KEY_TYPE)); + } + + @Override + public SkEcdsaPublicKey decodePublicKey( + SessionContext session, String keyType, InputStream keyData, Map headers) + throws IOException, GeneralSecurityException { + if (!KEY_TYPE.equals(keyType)) { + throw new InvalidKeySpecException("Invalid keyType: " + keyType); + } + + boolean noTouchRequired = parseBooleanHeader(headers, NO_TOUCH_REQUIRED_HEADER, false); + ECPublicKey ecPublicKey = ECDSAPublicKeyEntryDecoder.INSTANCE.decodePublicKey(ECCurves.nistp256, keyData); + String appName = KeyEntryResolver.decodeString(keyData, MAX_APP_NAME_LENGTH); + return new SkEcdsaPublicKey(appName, noTouchRequired, ecPublicKey); + } + + @Override + public SkEcdsaPublicKey clonePublicKey(SkEcdsaPublicKey key) throws GeneralSecurityException { + if (key == null) { + return null; + } + + return new SkEcdsaPublicKey( + key.getAppName(), key.isNoTouchRequired(), + ECDSAPublicKeyEntryDecoder.INSTANCE.clonePublicKey(key.getDelegatePublicKey())); + } + + @Override + public String encodePublicKey(OutputStream s, SkEcdsaPublicKey key) throws IOException { + Objects.requireNonNull(key, "No public key provided"); + ECDSAPublicKeyEntryDecoder.encodePublicKey(s, KEY_TYPE, ECCurves.nistp256, key.getDelegatePublicKey().getW()); + KeyEntryResolver.encodeString(s, key.getAppName()); + return KEY_TYPE; + } + + @Override + public PrivateKey clonePrivateKey(PrivateKey key) { + throw new UnsupportedOperationException("Private key operations are not supported for security keys."); + } + + @Override + public KeyFactory getKeyFactoryInstance() { + throw new UnsupportedOperationException("Private key operations are not supported for security keys."); + } + + @Override + public KeyPair generateKeyPair(int keySize) { + throw new UnsupportedOperationException("Private key operations are not supported for security keys."); + } + + @Override + public KeyPairGenerator getKeyPairGenerator() { + throw new UnsupportedOperationException("Private key operations are not supported for security keys."); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/SkED25519PublicKeyEntryDecoder.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/SkED25519PublicKeyEntryDecoder.java new file mode 100644 index 0000000..bae6506 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/impl/SkED25519PublicKeyEntryDecoder.java @@ -0,0 +1,110 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.impl; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.security.GeneralSecurityException; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.PrivateKey; +import java.security.spec.InvalidKeySpecException; +import java.util.Collections; +import java.util.Map; +import java.util.Objects; + +import org.apache.sshd.common.config.keys.KeyEntryResolver; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.u2f.SkED25519PublicKey; +import org.apache.sshd.common.util.security.eddsa.Ed25519PublicKeyDecoder; +import org.xbib.io.sshd.eddsa.EdDSAPublicKey; + +/** + * @author Apache MINA SSHD Project + */ +public class SkED25519PublicKeyEntryDecoder extends AbstractPublicKeyEntryDecoder { + public static final String KEY_TYPE = "sk-ssh-ed25519@openssh.com"; + public static final int MAX_APP_NAME_LENGTH = 1024; + + public static final SkED25519PublicKeyEntryDecoder INSTANCE = new SkED25519PublicKeyEntryDecoder(); + + private static final String NO_TOUCH_REQUIRED_HEADER = "no-touch-required"; + + public SkED25519PublicKeyEntryDecoder() { + super(SkED25519PublicKey.class, PrivateKey.class, Collections.singleton(KEY_TYPE)); + } + + @Override + public SkED25519PublicKey decodePublicKey( + SessionContext session, String keyType, InputStream keyData, Map headers) + throws IOException, GeneralSecurityException { + if (!KEY_TYPE.equals(keyType)) { + throw new InvalidKeySpecException("Invalid keyType: " + keyType); + } + + boolean noTouchRequired = parseBooleanHeader(headers, NO_TOUCH_REQUIRED_HEADER, false); + EdDSAPublicKey edDSAPublicKey + = Ed25519PublicKeyDecoder.INSTANCE.decodePublicKey(session, KeyPairProvider.SSH_ED25519, keyData, headers); + String appName = KeyEntryResolver.decodeString(keyData, MAX_APP_NAME_LENGTH); + return new SkED25519PublicKey(appName, noTouchRequired, edDSAPublicKey); + } + + @Override + public SkED25519PublicKey clonePublicKey(SkED25519PublicKey key) { + if (key == null) { + return null; + } + + return new SkED25519PublicKey(key.getAppName(), key.isNoTouchRequired(), key.getDelegatePublicKey()); + } + + @Override + public String encodePublicKey(OutputStream s, SkED25519PublicKey key) throws IOException { + Objects.requireNonNull(key, "No public key provided"); + KeyEntryResolver.encodeString(s, KEY_TYPE); + byte[] seed = Ed25519PublicKeyDecoder.getSeedValue(key.getDelegatePublicKey()); + KeyEntryResolver.writeRLEBytes(s, seed); + KeyEntryResolver.encodeString(s, key.getAppName()); + return KEY_TYPE; + } + + @Override + public PrivateKey clonePrivateKey(PrivateKey key) { + throw new UnsupportedOperationException("Private key operations are not supported for security keys."); + } + + @Override + public KeyFactory getKeyFactoryInstance() { + throw new UnsupportedOperationException("Private key operations are not supported for security keys."); + } + + @Override + public KeyPair generateKeyPair(int keySize) { + throw new UnsupportedOperationException("Private key operations are not supported for security keys."); + } + + @Override + public KeyPairGenerator getKeyPairGenerator() { + throw new UnsupportedOperationException("Private key operations are not supported for security keys."); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/AESPrivateKeyObfuscator.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/AESPrivateKeyObfuscator.java new file mode 100644 index 0000000..08a24bb --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/AESPrivateKeyObfuscator.java @@ -0,0 +1,145 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.config.keys.loader; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.Key; +import java.security.NoSuchAlgorithmException; +import java.security.spec.InvalidKeySpecException; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.function.Predicate; + +import javax.crypto.Cipher; +import javax.crypto.spec.SecretKeySpec; + +import org.apache.sshd.common.cipher.BuiltinCiphers; +import org.apache.sshd.common.cipher.CipherInformation; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * @author Apache MINA SSHD Project + */ +public class AESPrivateKeyObfuscator extends AbstractPrivateKeyObfuscator { + public static final String CIPHER_NAME = "AES"; + public static final AESPrivateKeyObfuscator INSTANCE = new AESPrivateKeyObfuscator(); + + public AESPrivateKeyObfuscator() { + super(CIPHER_NAME); + } + + @Override + public List getSupportedKeySizes() { + return getAvailableKeyLengths(); + } + + @Override + public byte[] applyPrivateKeyCipher( + byte[] bytes, PrivateKeyEncryptionContext encContext, boolean encryptIt) + throws GeneralSecurityException, IOException { + int keyLength = resolveKeyLength(encContext); + byte[] keyValue = deriveEncryptionKey(encContext, keyLength / Byte.SIZE); + return applyPrivateKeyCipher(bytes, encContext, keyLength, keyValue, encryptIt); + } + + @Override + protected int resolveInitializationVectorLength(PrivateKeyEncryptionContext encContext) + throws GeneralSecurityException { + int keyLength = resolveKeyLength(encContext); + CipherInformation ci = resolveCipherInformation(keyLength, encContext.getCipherMode()); + if (ci == null) { + throw new NoSuchAlgorithmException("No match found for " + encContext); + } + return ci.getIVSize(); + } + + protected CipherInformation resolveCipherInformation(int keyLength, String cipherMode) { + Predicate selector = createCipherSelector(keyLength, cipherMode); + return BuiltinCiphers.VALUES.stream() + .filter(selector) + .findFirst() + .orElse(null); + } + + @Override + protected int resolveKeyLength(PrivateKeyEncryptionContext encContext) throws GeneralSecurityException { + String cipherType = encContext.getCipherType(); + try { + int keyLength = Integer.parseInt(cipherType); + List sizes = getSupportedKeySizes(); + for (Integer s : sizes) { + if (s.intValue() == keyLength) { + return keyLength; + } + } + + throw new InvalidKeySpecException( + "Unknown " + getCipherName() + " key length: " + cipherType + " - supported: " + sizes); + } catch (NumberFormatException e) { + throw new InvalidKeySpecException( + "Bad " + getCipherName() + " key length (" + cipherType + "): " + e.getMessage(), e); + } + } + + /** + * @return A {@link List} of {@link Integer}s holding the available key lengths values (in bits) for the JVM. + * Note: AES 256 requires special JCE policy extension installation (e.g., for Java 7 see + * this + * link) + */ + @SuppressWarnings("synthetic-access") + public static List getAvailableKeyLengths() { + return LazyKeyLengthsHolder.KEY_LENGTHS; + } + + public static Predicate createCipherSelector(int keyLength, String cipherMode) { + String xformMode = "/" + cipherMode.toUpperCase() + "/"; + return c -> CIPHER_NAME.equalsIgnoreCase(c.getAlgorithm()) + && (keyLength == c.getKeySize()) + && c.getTransformation().contains(xformMode); + } + + private static final class LazyKeyLengthsHolder { + private static final List KEY_LENGTHS = Collections.unmodifiableList(detectSupportedKeySizes()); + + private LazyKeyLengthsHolder() { + throw new UnsupportedOperationException("No instance allowed"); + } + + // AES 256 requires special JCE policy extension installation + private static List detectSupportedKeySizes() { + List sizes = new ArrayList<>(); + for (int keyLength = 128; keyLength < Short.MAX_VALUE /* just so it doesn't go forever */; keyLength += 64) { + try { + byte[] keyAsBytes = new byte[keyLength / Byte.SIZE]; + Key key = new SecretKeySpec(keyAsBytes, CIPHER_NAME); + Cipher c = SecurityUtils.getCipher(CIPHER_NAME); + c.init(Cipher.DECRYPT_MODE, key); + sizes.add(Integer.valueOf(keyLength)); + } catch (GeneralSecurityException e) { + return sizes; + } + } + + throw new IllegalStateException("No limit encountered: " + sizes); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/AbstractKeyPairResourceParser.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/AbstractKeyPairResourceParser.java new file mode 100644 index 0000000..0d82ac5 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/AbstractKeyPairResourceParser.java @@ -0,0 +1,216 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.loader; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.StreamCorruptedException; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.util.AbstractMap.SimpleImmutableEntry; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractKeyPairResourceParser implements KeyPairResourceParser { + private final List beginners; + private final List enders; + private final List> endingMarkers; + + /** + * @param beginners The markers that indicate the beginning of a parsing block + * @param enders The matching (by position) markers that indicate the end of a parsing block + */ + protected AbstractKeyPairResourceParser(List beginners, List enders) { + this.beginners = ValidateUtils.checkNotNullAndNotEmpty(beginners, "No begin markers"); + this.enders = ValidateUtils.checkNotNullAndNotEmpty(enders, "No end markers"); + ValidateUtils.checkTrue( + beginners.size() == enders.size(), + "Mismatched begin(%d)/end(%d) markers sizes", + beginners.size(), enders.size()); + endingMarkers = new ArrayList<>(enders.size()); + enders.forEach(m -> endingMarkers.add(Collections.singletonList(m))); + } + + public List getBeginners() { + return beginners; + } + + public List getEnders() { + return enders; + } + + /** + * @return A {@link List} of same size as the ending markers, where each ending marker is encapsulated inside a + * singleton list and resides as the same index as the marker it encapsulates + */ + public List> getEndingMarkers() { + return endingMarkers; + } + + @Override + public boolean canExtractKeyPairs(NamedResource resourceKey, List lines) + throws IOException, GeneralSecurityException { + return KeyPairResourceParser.containsMarkerLine(lines, getBeginners()); + } + + @Override + public Collection loadKeyPairs( + SessionContext session, NamedResource resourceKey, FilePasswordProvider passwordProvider, List lines) + throws IOException, GeneralSecurityException { + Collection keyPairs = Collections.emptyList(); + List beginMarkers = getBeginners(); + List> endMarkers = getEndingMarkers(); + for (Map.Entry markerPos = KeyPairResourceParser.findMarkerLine(lines, beginMarkers); + markerPos != null;) { + int startIndex = markerPos.getKey(); + String startLine = lines.get(startIndex); + startIndex++; + + int markerIndex = markerPos.getValue(); + List ender = endMarkers.get(markerIndex); + markerPos = KeyPairResourceParser.findMarkerLine(lines, startIndex, ender); + if (markerPos == null) { + throw new StreamCorruptedException("Missing end marker (" + ender + ") after line #" + startIndex); + } + + int endIndex = markerPos.getKey(); + String endLine = lines.get(endIndex); + Map.Entry, ? extends List> result = separateDataLinesFromHeaders( + session, resourceKey, startLine, endLine, lines.subList(startIndex, endIndex)); + Map headers = result.getKey(); + List dataLines = result.getValue(); + Collection kps = extractKeyPairs( + session, resourceKey, startLine, endLine, passwordProvider, + (dataLines == null) ? Collections.emptyList() : dataLines, + (headers == null) ? Collections.emptyMap() : headers); + if (GenericUtils.isNotEmpty(kps)) { + if (GenericUtils.isEmpty(keyPairs)) { + keyPairs = new LinkedList<>(kps); + } else { + keyPairs.addAll(kps); + } + } + + // see if there are more + markerPos = KeyPairResourceParser.findMarkerLine(lines, endIndex + 1, beginMarkers); + } + + return keyPairs; + } + + protected Map.Entry, List> separateDataLinesFromHeaders( + SessionContext session, NamedResource resourceKey, String startLine, String endLine, List dataLines) + throws IOException, GeneralSecurityException { + return new SimpleImmutableEntry<>(Collections.emptyMap(), dataLines); + } + + /** + * Extracts the key pairs within a single delimited by markers block of lines. By default cleans up the empty + * lines, joins them and converts them from BASE64 + * + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} + * if not invoked within a session context (e.g., offline tool or session unknown). + * @param resourceKey A hint as to the origin of the text lines + * @param beginMarker The line containing the begin marker + * @param endMarker The line containing the end marker + * @param passwordProvider The {@link FilePasswordProvider} to use in case the data is encrypted - may be + * {@code null} if no encrypted + * @param lines The block of lines between the markers + * @param headers Any headers that may have been available when data was read + * @return The extracted {@link KeyPair}s - may be {@code null}/empty if none. + * @throws IOException If failed to parse the data + * @throws GeneralSecurityException If failed to generate the keys + */ + public Collection extractKeyPairs( + SessionContext session, NamedResource resourceKey, + String beginMarker, String endMarker, + FilePasswordProvider passwordProvider, + List lines, Map headers) + throws IOException, GeneralSecurityException { + byte[] dataBytes = KeyPairResourceParser.extractDataBytes(lines); + try { + return extractKeyPairs(session, resourceKey, beginMarker, endMarker, passwordProvider, dataBytes, headers); + } finally { + Arrays.fill(dataBytes, (byte) 0); // clean up sensitive data a.s.a.p. + } + } + + /** + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} + * if not invoked within a session context (e.g., offline tool or session unknown). + * @param resourceKey A hint as to the origin of the text lines + * @param beginMarker The line containing the begin marker + * @param endMarker The line containing the end marker + * @param passwordProvider The {@link FilePasswordProvider} to use in case the data is encrypted - may be + * {@code null} if no encrypted + * @param bytes The decoded bytes from the lines containing the data + * @param headers Any headers that may have been available when data was read + * @return The extracted {@link KeyPair}s - may be {@code null}/empty if none. + * @throws IOException If failed to parse the data + * @throws GeneralSecurityException If failed to generate the keys + */ + public Collection extractKeyPairs( + SessionContext session, NamedResource resourceKey, + String beginMarker, String endMarker, + FilePasswordProvider passwordProvider, + byte[] bytes, Map headers) + throws IOException, GeneralSecurityException { + + try (InputStream bais = new ByteArrayInputStream(bytes)) { + return extractKeyPairs(session, resourceKey, beginMarker, endMarker, passwordProvider, bais, headers); + } + } + + /** + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} + * if not invoked within a session context (e.g., offline tool or session unknown). + * @param resourceKey A hint as to the origin of the text lines + * @param beginMarker The line containing the begin marker + * @param endMarker The line containing the end marker + * @param passwordProvider The {@link FilePasswordProvider} to use in case the data is encrypted - may be + * {@code null} if no encrypted + * @param stream The decoded data {@link InputStream} + * @param headers Any headers that may have been available when data was read + * @return The extracted {@link KeyPair}s - may be {@code null}/empty if none. + * @throws IOException If failed to parse the data + * @throws GeneralSecurityException If failed to generate the keys + */ + public abstract Collection extractKeyPairs( + SessionContext session, NamedResource resourceKey, + String beginMarker, String endMarker, + FilePasswordProvider passwordProvider, + InputStream stream, Map headers) + throws IOException, GeneralSecurityException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/AbstractPrivateKeyObfuscator.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/AbstractPrivateKeyObfuscator.java new file mode 100644 index 0000000..2bfc970 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/AbstractPrivateKeyObfuscator.java @@ -0,0 +1,205 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.config.keys.loader; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.nio.charset.StandardCharsets; +import java.security.GeneralSecurityException; +import java.security.MessageDigest; +import java.security.SecureRandom; +import java.security.spec.InvalidKeySpecException; +import java.util.Arrays; +import java.util.Objects; +import java.util.Random; + +import javax.crypto.Cipher; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; + +import org.apache.sshd.common.digest.BuiltinDigests; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.BufferUtils; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractPrivateKeyObfuscator implements PrivateKeyObfuscator { + private final String algName; + + protected AbstractPrivateKeyObfuscator(String name) { + algName = ValidateUtils.checkNotNullAndNotEmpty(name, "No name specified"); + } + + @Override + public final String getCipherName() { + return algName; + } + + @Override + public byte[] generateInitializationVector(PrivateKeyEncryptionContext encContext) + throws GeneralSecurityException { + int ivSize = resolveInitializationVectorLength(encContext); + byte[] initVector = new byte[ivSize]; + Random randomizer = new SecureRandom(); // TODO consider using some pre-created singleton instance + randomizer.nextBytes(initVector); + return initVector; + } + + @Override + public A appendPrivateKeyEncryptionContext( + A sb, PrivateKeyEncryptionContext encContext) + throws IOException { + if (encContext == null) { + return sb; + } + + sb.append("DEK-Info: ").append(encContext.getCipherName()) + .append('-').append(encContext.getCipherType()) + .append('-').append(encContext.getCipherMode()); + + byte[] initVector = encContext.getInitVector(); + Objects.requireNonNull(initVector, "No encryption init vector"); + ValidateUtils.checkTrue(initVector.length > 0, "Empty encryption init vector"); + BufferUtils.appendHex(sb.append(','), BufferUtils.EMPTY_HEX_SEPARATOR, initVector); + sb.append(System.lineSeparator()); + return sb; + } + + protected abstract int resolveInitializationVectorLength(PrivateKeyEncryptionContext encContext) + throws GeneralSecurityException; + + protected abstract int resolveKeyLength(PrivateKeyEncryptionContext encContext) throws GeneralSecurityException; + + // see http://martin.kleppmann.com/2013/05/24/improving-security-of-ssh-private-keys.html + // see http://www.ict.griffith.edu.au/anthony/info/crypto/openssl.hints (Password to Encryption Key section) + // see http://openssl.6102.n7.nabble.com/DES-EDE3-CBC-technical-details-td24883.html + protected byte[] deriveEncryptionKey(PrivateKeyEncryptionContext encContext, int outputKeyLength) + throws IOException, GeneralSecurityException { + Objects.requireNonNull(encContext, "No encryption context"); + ValidateUtils.checkNotNullAndNotEmpty(encContext.getCipherName(), "No cipher name"); + ValidateUtils.checkNotNullAndNotEmpty(encContext.getCipherType(), "No cipher type"); + ValidateUtils.checkNotNullAndNotEmpty(encContext.getCipherMode(), "No cipher mode"); + + byte[] initVector = Objects.requireNonNull(encContext.getInitVector(), "No encryption init vector"); + ValidateUtils.checkTrue(initVector.length > 0, "Empty encryption init vector"); + + String password = ValidateUtils.checkNotNullAndNotEmpty(encContext.getPassword(), "No encryption password"); + byte[] passBytes = password.getBytes(StandardCharsets.UTF_8); + byte[] prevHash = GenericUtils.EMPTY_BYTE_ARRAY; + try { + byte[] keyValue = new byte[outputKeyLength]; + MessageDigest hash = SecurityUtils.getMessageDigest(BuiltinDigests.Constants.MD5); + for (int index = 0, remLen = keyValue.length; index < keyValue.length;) { + hash.reset(); // just making sure + + hash.update(prevHash, 0, prevHash.length); + hash.update(passBytes, 0, passBytes.length); + hash.update(initVector, 0, Math.min(initVector.length, 8)); + + prevHash = hash.digest(); + + System.arraycopy(prevHash, 0, keyValue, index, Math.min(remLen, prevHash.length)); + index += prevHash.length; + remLen -= prevHash.length; + } + + return keyValue; + } finally { + password = null; + Arrays.fill(passBytes, (byte) 0); // clean up sensitive data a.s.a.p. + Arrays.fill(prevHash, (byte) 0); // clean up sensitive data a.s.a.p. + } + } + + protected byte[] applyPrivateKeyCipher( + byte[] bytes, PrivateKeyEncryptionContext encContext, int numBits, byte[] keyValue, boolean encryptIt) + throws IOException, GeneralSecurityException { + Objects.requireNonNull(encContext, "No encryption context"); + String cipherName = ValidateUtils.checkNotNullAndNotEmpty(encContext.getCipherName(), "No cipher name"); + ValidateUtils.checkNotNullAndNotEmpty(encContext.getCipherType(), "No cipher type"); + String cipherMode = ValidateUtils.checkNotNullAndNotEmpty(encContext.getCipherMode(), "No cipher mode"); + + Objects.requireNonNull(bytes, "No source data"); + Objects.requireNonNull(keyValue, "No encryption key"); + ValidateUtils.checkTrue(keyValue.length > 0, "Empty encryption key"); + + byte[] initVector = Objects.requireNonNull(encContext.getInitVector(), "No encryption init vector"); + ValidateUtils.checkTrue(initVector.length > 0, "Empty encryption init vector"); + + String xform = cipherName + "/" + cipherMode + "/NoPadding"; + int maxAllowedBits = Cipher.getMaxAllowedKeyLength(xform); + // see http://www.javamex.com/tutorials/cryptography/unrestricted_policy_files.shtml + if (numBits > maxAllowedBits) { + throw new InvalidKeySpecException( + "applyPrivateKeyCipher(" + xform + ")[encrypt=" + encryptIt + "]" + + " required key length (" + numBits + ")" + + " exceeds max. available: " + maxAllowedBits); + } + + SecretKeySpec skeySpec = new SecretKeySpec(keyValue, cipherName); + IvParameterSpec ivspec = new IvParameterSpec(initVector); + Cipher cipher = SecurityUtils.getCipher(xform); + int blockSize = cipher.getBlockSize(); + int dataSize = bytes.length; + cipher.init(encryptIt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, skeySpec, ivspec); + if (blockSize <= 0) { + return cipher.doFinal(bytes); + } + + int remLen = dataSize % blockSize; + if (remLen <= 0) { + return cipher.doFinal(bytes); + } + + int updateSize = dataSize - remLen; + byte[] lastBlock = new byte[blockSize]; + + // TODO for some reason, calling cipher.update followed by cipher.doFinal does not work + ByteArrayOutputStream baos = new ByteArrayOutputStream(dataSize); + try { + Arrays.fill(lastBlock, (byte) 10); + System.arraycopy(bytes, updateSize, lastBlock, 0, remLen); + + try { + byte[] buf = cipher.update(bytes, 0, updateSize); + try { + baos.write(buf); + } finally { + Arrays.fill(buf, (byte) 0); // get rid of sensitive data a.s.a.p. + } + + buf = cipher.doFinal(lastBlock); + try { + baos.write(buf); + } finally { + Arrays.fill(buf, (byte) 0); // get rid of sensitive data a.s.a.p. + } + } finally { + baos.close(); + } + } finally { + Arrays.fill(lastBlock, (byte) 0); + } + + return baos.toByteArray(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/DESPrivateKeyObfuscator.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/DESPrivateKeyObfuscator.java new file mode 100644 index 0000000..411ca85 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/DESPrivateKeyObfuscator.java @@ -0,0 +1,80 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.config.keys.loader; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.util.Collections; +import java.util.List; + +/** + * @author Apache MINA SSHD Project + */ +public class DESPrivateKeyObfuscator extends AbstractPrivateKeyObfuscator { + public static final int DEFAULT_KEY_LENGTH = 24 /* hardwired size for 3DES */; + public static final List AVAILABLE_KEY_LENGTHS = Collections.unmodifiableList( + Collections.singletonList( + Integer.valueOf(DEFAULT_KEY_LENGTH))); + public static final DESPrivateKeyObfuscator INSTANCE = new DESPrivateKeyObfuscator(); + + public DESPrivateKeyObfuscator() { + super("DES"); + } + + @Override + public byte[] applyPrivateKeyCipher( + byte[] bytes, PrivateKeyEncryptionContext encContext, boolean encryptIt) + throws GeneralSecurityException, IOException { + PrivateKeyEncryptionContext effContext = resolveEffectiveContext(encContext); + byte[] keyValue = deriveEncryptionKey(effContext, DEFAULT_KEY_LENGTH); + return applyPrivateKeyCipher(bytes, effContext, keyValue.length * Byte.SIZE, keyValue, encryptIt); + } + + @Override + public List getSupportedKeySizes() { + return AVAILABLE_KEY_LENGTHS; + } + + @Override + protected int resolveKeyLength(PrivateKeyEncryptionContext encContext) throws GeneralSecurityException { + return DEFAULT_KEY_LENGTH; + } + + @Override + protected int resolveInitializationVectorLength(PrivateKeyEncryptionContext encContext) throws GeneralSecurityException { + return 8; + } + + public static final PrivateKeyEncryptionContext resolveEffectiveContext(PrivateKeyEncryptionContext encContext) { + if (encContext == null) { + return null; + } + + String cipherName = encContext.getCipherName(); + String cipherType = encContext.getCipherType(); + PrivateKeyEncryptionContext effContext = encContext; + if ("EDE3".equalsIgnoreCase(cipherType)) { + cipherName += "ede"; + effContext = encContext.clone(); + effContext.setCipherName(cipherName); + } + + return effContext; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/FileWatcherKeyPairResourceLoader.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/FileWatcherKeyPairResourceLoader.java new file mode 100644 index 0000000..e74cab5 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/FileWatcherKeyPairResourceLoader.java @@ -0,0 +1,105 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.loader; + +import java.io.IOException; +import java.nio.file.LinkOption; +import java.nio.file.Path; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Objects; +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.io.IoUtils; +import org.apache.sshd.common.util.io.ModifiableFileWatcher; +import org.apache.sshd.common.util.io.resource.PathResource; + +/** + * Tracks a file containing {@link KeyPair}-s an re-loads it whenever a change has been sensed in the monitored file (if + * it exists) + * + * @author Apache MINA SSHD Project + */ +public class FileWatcherKeyPairResourceLoader extends ModifiableFileWatcher implements KeyPairResourceLoader { + protected final AtomicReference> keysHolder = new AtomicReference<>(Collections.emptyList()); + private KeyPairResourceLoader delegateLoader; + + public FileWatcherKeyPairResourceLoader(Path file, KeyPairResourceLoader delegateLoader) { + this(file, delegateLoader, IoUtils.getLinkOptions(true)); + } + + public FileWatcherKeyPairResourceLoader( + Path file, KeyPairResourceLoader delegateLoader, LinkOption... options) { + super(file, options); + this.delegateLoader = Objects.requireNonNull(delegateLoader, "No delegate loader provided"); + } + + public KeyPairResourceLoader getKeyPairResourceLoader() { + return delegateLoader; + } + + public void setKeyPairResourceLoader(KeyPairResourceLoader loader) { + this.delegateLoader = Objects.requireNonNull(loader, "No delegate loader provided"); + } + + @Override + public Collection loadKeyPairs( + SessionContext session, NamedResource resourceKey, + FilePasswordProvider passwordProvider, List lines) + throws IOException, GeneralSecurityException { + + Collection ids = keysHolder.get(); + if (GenericUtils.isEmpty(ids) || checkReloadRequired()) { + keysHolder.set(Collections.emptyList()); // mark stale + + if (!exists()) { + return keysHolder.get(); + } + + Path path = getPath(); + ids = reloadKeyPairs(session, new PathResource(path), passwordProvider, lines); + int numKeys = GenericUtils.size(ids); + + if (numKeys > 0) { + keysHolder.set(ids); + updateReloadAttributes(); + } + } + + return ids; + } + + protected Collection reloadKeyPairs( + SessionContext session, NamedResource resourceKey, + FilePasswordProvider passwordProvider, List lines) + throws IOException, GeneralSecurityException { + KeyPairResourceLoader loader + = ValidateUtils.checkNotNull(getKeyPairResourceLoader(), "No resource loader for %s", resourceKey.getName()); + return loader.loadKeyPairs(session, resourceKey, passwordProvider, lines); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/KeyPairResourceLoader.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/KeyPairResourceLoader.java new file mode 100644 index 0000000..6f4103c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/KeyPairResourceLoader.java @@ -0,0 +1,181 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.loader; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.Reader; +import java.io.StringReader; +import java.net.URL; +import java.nio.charset.Charset; +import java.nio.charset.StandardCharsets; +import java.nio.file.OpenOption; +import java.nio.file.Path; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Objects; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.io.IoUtils; +import org.apache.sshd.common.util.io.resource.IoResource; +import org.apache.sshd.common.util.io.resource.PathResource; +import org.apache.sshd.common.util.io.resource.URLResource; + +/** + * Loads {@link KeyPair}s from text resources + * + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface KeyPairResourceLoader { + int MAX_CIPHER_NAME_LENGTH = 256; + int MAX_KEY_TYPE_NAME_LENGTH = 256; + int MAX_KEY_COMMENT_LENGTH = 1024; + int MAX_PUBLIC_KEY_DATA_SIZE = 2 * Short.MAX_VALUE; + int MAX_PRIVATE_KEY_DATA_SIZE = 4 * MAX_PUBLIC_KEY_DATA_SIZE; + + /** + * An empty loader that never fails but always returns an empty list + */ + KeyPairResourceLoader EMPTY = (session, resourceKey, passwordProvider, lines) -> Collections.emptyList(); + + /** + * Loads private key data - Note: any non-ASCII characters are assumed to be UTF-8 encoded + * + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} + * if not invoked within a session context (e.g., offline tool or session unknown). + * @param path The private key file {@link Path} + * @param passwordProvider The {@link FilePasswordProvider} to use in case the data is encrypted - may be + * {@code null} if no encrypted data is expected + * @param options The {@link OpenOption}-s to use to access the file data + * @return The extracted {@link KeyPair}s - may be {@code null}/empty if none. Note: + * the resource loader may decide to skip unknown lines if more than one key pair + * type is encoded in it + * @throws IOException If failed to process the lines + * @throws GeneralSecurityException If failed to generate the keys from the parsed data + */ + default Collection loadKeyPairs( + SessionContext session, Path path, FilePasswordProvider passwordProvider, OpenOption... options) + throws IOException, GeneralSecurityException { + return loadKeyPairs(session, path, passwordProvider, StandardCharsets.UTF_8, options); + } + + default Collection loadKeyPairs( + SessionContext session, Path path, FilePasswordProvider passwordProvider, Charset cs, OpenOption... options) + throws IOException, GeneralSecurityException { + return loadKeyPairs(session, new PathResource(path, options), passwordProvider, cs); + } + + default Collection loadKeyPairs( + SessionContext session, URL url, FilePasswordProvider passwordProvider) + throws IOException, GeneralSecurityException { + return loadKeyPairs(session, url, passwordProvider, StandardCharsets.UTF_8); + } + + default Collection loadKeyPairs( + SessionContext session, URL url, FilePasswordProvider passwordProvider, Charset cs) + throws IOException, GeneralSecurityException { + return loadKeyPairs(session, new URLResource(url), passwordProvider, cs); + } + + default Collection loadKeyPairs( + SessionContext session, IoResource resource, FilePasswordProvider passwordProvider) + throws IOException, GeneralSecurityException { + return loadKeyPairs(session, resource, passwordProvider, StandardCharsets.UTF_8); + } + + default Collection loadKeyPairs( + SessionContext session, IoResource resource, FilePasswordProvider passwordProvider, Charset cs) + throws IOException, GeneralSecurityException { + try (InputStream stream = Objects.requireNonNull(resource, "No resource data").openInputStream()) { + return loadKeyPairs(session, resource, passwordProvider, stream, cs); + } + } + + default Collection loadKeyPairs( + SessionContext session, NamedResource resourceKey, FilePasswordProvider passwordProvider, String data) + throws IOException, GeneralSecurityException { + try (Reader reader = new StringReader((data == null) ? "" : data)) { + return loadKeyPairs(session, resourceKey, passwordProvider, reader); + } + } + + default Collection loadKeyPairs( + SessionContext session, NamedResource resourceKey, FilePasswordProvider passwordProvider, InputStream stream) + throws IOException, GeneralSecurityException { + return loadKeyPairs(session, resourceKey, passwordProvider, stream, StandardCharsets.UTF_8); + } + + default Collection loadKeyPairs( + SessionContext session, NamedResource resourceKey, FilePasswordProvider passwordProvider, InputStream stream, + Charset cs) + throws IOException, GeneralSecurityException { + try (Reader reader = new InputStreamReader( + Objects.requireNonNull(stream, "No stream instance"), Objects.requireNonNull(cs, "No charset"))) { + return loadKeyPairs(session, resourceKey, passwordProvider, reader); + } + } + + default Collection loadKeyPairs( + SessionContext session, NamedResource resourceKey, FilePasswordProvider passwordProvider, Reader r) + throws IOException, GeneralSecurityException { + try (BufferedReader br + = new BufferedReader(Objects.requireNonNull(r, "No reader instance"), IoUtils.DEFAULT_COPY_SIZE)) { + return loadKeyPairs(session, resourceKey, passwordProvider, br); + } + } + + default Collection loadKeyPairs( + SessionContext session, NamedResource resourceKey, FilePasswordProvider passwordProvider, BufferedReader r) + throws IOException, GeneralSecurityException { + List lines = IoUtils.readAllLines(r); + try { + return loadKeyPairs(session, resourceKey, passwordProvider, lines); + } finally { + lines.clear(); // clean up sensitive data a.s.a.p. + } + } + + /** + * Loads key pairs from the given resource text lines + * + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} + * if not invoked within a session context (e.g., offline tool or session unknown). + * @param resourceKey A hint as to the origin of the text lines + * @param passwordProvider The {@link FilePasswordProvider} to use in case the data is encrypted - may be + * {@code null} if no encrypted data is expected + * @param lines The {@link List} of lines as read from the resource + * @return The extracted {@link KeyPair}s - may be {@code null}/empty if none. Note: + * the resource loader may decide to skip unknown lines if more than one key pair + * type is encoded in it + * @throws IOException If failed to process the lines + * @throws GeneralSecurityException If failed to generate the keys from the parsed data + */ + Collection loadKeyPairs( + SessionContext session, NamedResource resourceKey, FilePasswordProvider passwordProvider, List lines) + throws IOException, GeneralSecurityException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/KeyPairResourceParser.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/KeyPairResourceParser.java new file mode 100644 index 0000000..7b5ce2d --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/KeyPairResourceParser.java @@ -0,0 +1,199 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.loader; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.util.AbstractMap.SimpleImmutableEntry; +import java.util.Arrays; +import java.util.Base64; +import java.util.Collection; +import java.util.Collections; +import java.util.LinkedList; +import java.util.List; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * @author Apache MINA SSHD Project + */ +public interface KeyPairResourceParser extends KeyPairResourceLoader { + /** + * An empty parser that never fails, but always report that it cannot extract key pairs and returns empty list if + * asked to load + */ + KeyPairResourceParser EMPTY = new KeyPairResourceParser() { + @Override + public Collection loadKeyPairs( + SessionContext session, NamedResource resourceKey, FilePasswordProvider passwordProvider, List lines) + throws IOException, GeneralSecurityException { + return Collections.emptyList(); + } + + @Override + public boolean canExtractKeyPairs(NamedResource resourceKey, List lines) + throws IOException, GeneralSecurityException { + return false; + } + + @Override + public String toString() { + return "EMPTY"; + } + }; + + /** + * @param resourceKey A hint as to the origin of the text lines + * @param lines The resource lines + * @return {@code true} if the parser can extract some key pairs from the lines + * @throws IOException If failed to process the lines + * @throws GeneralSecurityException If failed to extract information regarding the possibility to extract the key + * pairs + */ + boolean canExtractKeyPairs(NamedResource resourceKey, List lines) + throws IOException, GeneralSecurityException; + + /** + * Converts the lines assumed to contain BASE-64 encoded data into the actual content bytes. + * + * @param lines The data lines - empty lines and spaces are automatically deleted before BASE-64 decoding + * takes place. + * @return The decoded data bytes + * @see #joinDataLines(Collection) + */ + static byte[] extractDataBytes(Collection lines) { + String data = joinDataLines(lines); + Base64.Decoder decoder = Base64.getDecoder(); + return decoder.decode(data); + } + + static String joinDataLines(Collection lines) { + String data = GenericUtils.join(lines, ' '); + data = data.replaceAll("\\s", ""); + data = data.trim(); + return data; + } + + static boolean containsMarkerLine(List lines, String marker) { + return containsMarkerLine( + lines, Collections.singletonList(ValidateUtils.checkNotNullAndNotEmpty(marker, "No marker"))); + } + + static boolean containsMarkerLine(List lines, List markers) { + return findMarkerLine(lines, markers) != null; + } + + /** + * Attempts to locate a line that contains one of the markers + * + * @param lines The list of lines to scan - ignored if {@code null}/empty + * @param markers The markers to match - ignored if {@code null}/empty + * @return A {@link SimpleImmutableEntry} whose key is the first line index that matched and value + * the matched marker index - {@code null} if no match found + * @see #findMarkerLine(List, int, List) + */ + static SimpleImmutableEntry findMarkerLine(List lines, List markers) { + return findMarkerLine(lines, 0, markers); + } + + /** + * Attempts to locate a line that contains one of the markers + * + * @param lines The list of lines to scan - ignored if {@code null}/empty + * @param startLine The scan start line index + * @param markers The markers to match - ignored if {@code null}/empty + * @return A {@link SimpleImmutableEntry} whose key is the first line index that matched and value + * the matched marker index - {@code null} if no match found + */ + static SimpleImmutableEntry findMarkerLine(List lines, int startLine, List markers) { + if (GenericUtils.isEmpty(lines) || GenericUtils.isEmpty(markers)) { + return null; + } + + for (int lineIndex = startLine; lineIndex < lines.size(); lineIndex++) { + String l = lines.get(lineIndex); + for (int markerIndex = 0; markerIndex < markers.size(); markerIndex++) { + String m = markers.get(markerIndex); + if (l.contains(m)) { + return new SimpleImmutableEntry<>(lineIndex, markerIndex); + } + } + } + + return null; + } + + static KeyPairResourceParser aggregate(KeyPairResourceParser... parsers) { + return aggregate(Arrays.asList(ValidateUtils.checkNotNullAndNotEmpty(parsers, "No parsers to aggregate"))); + } + + static KeyPairResourceParser aggregate(Collection parsers) { + ValidateUtils.checkNotNullAndNotEmpty(parsers, "No parsers to aggregate"); + return new KeyPairResourceParser() { + @Override + public Collection loadKeyPairs( + SessionContext session, NamedResource resourceKey, FilePasswordProvider passwordProvider, + List lines) + throws IOException, GeneralSecurityException { + Collection keyPairs = Collections.emptyList(); + for (KeyPairResourceParser p : parsers) { + if (!p.canExtractKeyPairs(resourceKey, lines)) { + continue; + } + + Collection kps = p.loadKeyPairs(session, resourceKey, passwordProvider, lines); + if (GenericUtils.isEmpty(kps)) { + continue; + } + + if (GenericUtils.isEmpty(keyPairs)) { + keyPairs = new LinkedList<>(kps); + } else { + keyPairs.addAll(kps); + } + } + + return keyPairs; + } + + @Override + public boolean canExtractKeyPairs(NamedResource resourceKey, List lines) + throws IOException, GeneralSecurityException { + for (KeyPairResourceParser p : parsers) { + if (p.canExtractKeyPairs(resourceKey, lines)) { + return true; + } + } + + return false; + } + + @Override + public String toString() { + return KeyPairResourceParser.class.getSimpleName() + "[aggregate]"; + } + }; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/PrivateKeyEncryptionContext.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/PrivateKeyEncryptionContext.java new file mode 100644 index 0000000..1399ff8 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/PrivateKeyEncryptionContext.java @@ -0,0 +1,277 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.config.keys.loader; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.NavigableSet; +import java.util.Objects; +import java.util.TreeMap; +import java.util.function.Function; +import java.util.stream.Collectors; +import java.util.stream.Stream; + +import org.apache.sshd.common.auth.MutablePassword; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * @author Apache MINA SSHD Project + */ +public class PrivateKeyEncryptionContext implements MutablePassword, Cloneable { + public static final String DEFAULT_CIPHER_MODE = "CBC"; + + private static final Map OBFUSCATORS + = Stream.of(AESPrivateKeyObfuscator.INSTANCE, DESPrivateKeyObfuscator.INSTANCE) + .collect(Collectors.toMap( + AbstractPrivateKeyObfuscator::getCipherName, Function.identity(), + GenericUtils.throwingMerger(), () -> new TreeMap<>(String.CASE_INSENSITIVE_ORDER))); + + private String cipherName; + private String cipherType; + private String cipherMode = DEFAULT_CIPHER_MODE; + private String password; + private byte[] initVector; + private transient PrivateKeyObfuscator obfuscator; + + public PrivateKeyEncryptionContext() { + super(); + } + + public PrivateKeyEncryptionContext(String algInfo) { + parseAlgorithmInfo(algInfo); + } + + public String getCipherName() { + return cipherName; + } + + public void setCipherName(String value) { + cipherName = value; + } + + public String getCipherType() { + return cipherType; + } + + public void setCipherType(String value) { + cipherType = value; + } + + public String getCipherMode() { + return cipherMode; + } + + public void setCipherMode(String value) { + cipherMode = value; + } + + @Override + public String getPassword() { + return password; + } + + @Override + public void setPassword(String value) { + password = value; + } + + public byte[] getInitVector() { + return initVector; + } + + public void setInitVector(byte... values) { + initVector = values; + } + + public PrivateKeyObfuscator getPrivateKeyObfuscator() { + return obfuscator; + } + + public void setPrivateKeyObfuscator(PrivateKeyObfuscator value) { + obfuscator = value; + } + + public PrivateKeyObfuscator resolvePrivateKeyObfuscator() { + PrivateKeyObfuscator value = getPrivateKeyObfuscator(); + if (value != null) { + return value; + } + + return getRegisteredPrivateKeyObfuscator(getCipherName()); + } + + public static PrivateKeyObfuscator registerPrivateKeyObfuscator(PrivateKeyObfuscator o) { + return registerPrivateKeyObfuscator(Objects.requireNonNull(o, "No instance provided").getCipherName(), o); + } + + public static PrivateKeyObfuscator registerPrivateKeyObfuscator(String cipherName, PrivateKeyObfuscator o) { + ValidateUtils.checkNotNullAndNotEmpty(cipherName, "No cipher name"); + Objects.requireNonNull(o, "No instance provided"); + + synchronized (OBFUSCATORS) { + return OBFUSCATORS.put(cipherName, o); + } + } + + public static boolean unregisterPrivateKeyObfuscator(PrivateKeyObfuscator o) { + Objects.requireNonNull(o, "No instance provided"); + String cipherName = o.getCipherName(); + ValidateUtils.checkNotNullAndNotEmpty(cipherName, "No cipher name"); + + synchronized (OBFUSCATORS) { + PrivateKeyObfuscator prev = OBFUSCATORS.get(cipherName); + if (prev != o) { + return false; + } + + OBFUSCATORS.remove(cipherName); + } + + return true; + } + + public static PrivateKeyObfuscator unregisterPrivateKeyObfuscator(String cipherName) { + ValidateUtils.checkNotNullAndNotEmpty(cipherName, "No cipher name"); + + synchronized (OBFUSCATORS) { + return OBFUSCATORS.remove(cipherName); + } + } + + public static final PrivateKeyObfuscator getRegisteredPrivateKeyObfuscator(String cipherName) { + if (GenericUtils.isEmpty(cipherName)) { + return null; + } + + synchronized (OBFUSCATORS) { + return OBFUSCATORS.get(cipherName); + } + } + + public static final NavigableSet getRegisteredPrivateKeyObfuscatorCiphers() { + synchronized (OBFUSCATORS) { + Collection names = OBFUSCATORS.keySet(); + return GenericUtils.asSortedSet(String.CASE_INSENSITIVE_ORDER, names); + } + } + + public static final List getRegisteredPrivateKeyObfuscators() { + synchronized (OBFUSCATORS) { + Collection l = OBFUSCATORS.values(); + if (GenericUtils.isEmpty(l)) { + return Collections.emptyList(); + } else { + return new ArrayList<>(l); + } + } + } + + /** + * @param algInfo The algorithm info - format: {@code name-type-mode} + * @return The updated context instance + * @see #parseAlgorithmInfo(PrivateKeyEncryptionContext, String) + */ + public PrivateKeyEncryptionContext parseAlgorithmInfo(String algInfo) { + return parseAlgorithmInfo(this, algInfo); + } + + @Override + public PrivateKeyEncryptionContext clone() { + try { + PrivateKeyEncryptionContext copy = getClass().cast(super.clone()); + byte[] v = copy.getInitVector(); + if (v != null) { + v = v.clone(); + copy.setInitVector(v); + } + return copy; + } catch (CloneNotSupportedException e) { // unexpected + throw new RuntimeException("Failed to clone: " + toString()); + } + } + + @Override + public int hashCode() { + return GenericUtils.hashCode(getCipherName(), Boolean.TRUE) + + GenericUtils.hashCode(getCipherType(), Boolean.TRUE) + + GenericUtils.hashCode(getCipherMode(), Boolean.TRUE) + + Objects.hashCode(getPassword()) + + Arrays.hashCode(getInitVector()); + } + + @Override + public boolean equals(Object obj) { + if (obj == null) { + return false; + } + if (this == obj) { + return true; + } + if (getClass() != obj.getClass()) { + return false; + } + + PrivateKeyEncryptionContext other = (PrivateKeyEncryptionContext) obj; + return (GenericUtils.safeCompare(getCipherName(), other.getCipherName(), false) == 0) + && (GenericUtils.safeCompare(getCipherType(), other.getCipherType(), false) == 0) + && (GenericUtils.safeCompare(getCipherMode(), other.getCipherMode(), false) == 0) + && (GenericUtils.safeCompare(getPassword(), other.getPassword(), true) == 0) + && Arrays.equals(getInitVector(), other.getInitVector()); + } + + @Override + public String toString() { + return GenericUtils.join(new String[] { getCipherName(), getCipherType(), getCipherMode() }, '-'); + } + + /** + * @param Generic context type + * @param context The {@link PrivateKeyEncryptionContext} to update + * @param algInfo The algorithm info - format: {@code name-type-mode} + * @return The updated context + */ + public static final C parseAlgorithmInfo(C context, String algInfo) { + ValidateUtils.checkNotNullAndNotEmpty(algInfo, "No encryption algorithm data"); + + String[] cipherData = GenericUtils.split(algInfo, '-'); + ValidateUtils.checkTrue(cipherData.length == 3, "Bad encryption algorithm data: %s", algInfo); + + context.setCipherName(cipherData[0]); + context.setCipherType(cipherData[1]); + context.setCipherMode(cipherData[2]); + return context; + } + + public static final PrivateKeyEncryptionContext newPrivateKeyEncryptionContext(PrivateKeyObfuscator o, String password) { + return initializeObfuscator(new PrivateKeyEncryptionContext(), o, password); + } + + public static final < + C extends PrivateKeyEncryptionContext> C initializeObfuscator(C context, PrivateKeyObfuscator o, String password) { + context.setCipherName(o.getCipherName()); + context.setPrivateKeyObfuscator(o); + context.setPassword(password); + return context; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/PrivateKeyObfuscator.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/PrivateKeyObfuscator.java new file mode 100644 index 0000000..c856adf --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/PrivateKeyObfuscator.java @@ -0,0 +1,70 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.config.keys.loader; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.util.List; + +/** + * @author Apache MINA SSHD Project + */ +public interface PrivateKeyObfuscator { + /** + * @return Basic cipher used to obfuscate + */ + String getCipherName(); + + /** + * @return A {@link List} of the supported key sizes - Note: every call returns a and un-modifiable + * instance. + */ + List getSupportedKeySizes(); + + /** + * @param Appendable generic type + * @param sb The {@link Appendable} instance to update + * @param encContext + * @return Same appendable instance + * @throws IOException + */ + A appendPrivateKeyEncryptionContext( + A sb, PrivateKeyEncryptionContext encContext) + throws IOException; + + /** + * @param encContext The encryption context + * @return An initialization vector suitable to the specified context + * @throws GeneralSecurityException + */ + byte[] generateInitializationVector(PrivateKeyEncryptionContext encContext) + throws GeneralSecurityException; + + /** + * @param bytes Original bytes + * @param encContext The encryption context + * @param encryptIt If {@code true} then encrypt the original bytes, otherwise decrypt them + * @return The result of applying the cipher to the original bytes + * @throws IOException If malformed input + * @throws GeneralSecurityException If cannot encrypt/decrypt + */ + byte[] applyPrivateKeyCipher( + byte[] bytes, PrivateKeyEncryptionContext encContext, boolean encryptIt) + throws IOException, GeneralSecurityException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHDSSPrivateKeyEntryDecoder.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHDSSPrivateKeyEntryDecoder.java new file mode 100644 index 0000000..b543ea9 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHDSSPrivateKeyEntryDecoder.java @@ -0,0 +1,151 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.loader.openssh; + +import java.io.IOException; +import java.io.InputStream; +import java.math.BigInteger; +import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; +import java.security.KeyFactory; +import java.security.KeyPairGenerator; +import java.security.interfaces.DSAParams; +import java.security.interfaces.DSAPrivateKey; +import java.security.interfaces.DSAPublicKey; +import java.security.spec.DSAPrivateKeySpec; +import java.security.spec.DSAPublicKeySpec; +import java.security.spec.InvalidKeySpecException; +import java.util.Collections; +import java.util.Objects; + +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.config.keys.KeyEntryResolver; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.config.keys.impl.AbstractPrivateKeyEntryDecoder; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.io.SecureByteArrayOutputStream; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * @author Apache MINA SSHD Project + */ +public class OpenSSHDSSPrivateKeyEntryDecoder extends AbstractPrivateKeyEntryDecoder { + public static final OpenSSHDSSPrivateKeyEntryDecoder INSTANCE = new OpenSSHDSSPrivateKeyEntryDecoder(); + + public OpenSSHDSSPrivateKeyEntryDecoder() { + super(DSAPublicKey.class, DSAPrivateKey.class, + Collections.unmodifiableList(Collections.singletonList(KeyPairProvider.SSH_DSS))); + } + + @Override + public DSAPrivateKey decodePrivateKey( + SessionContext session, String keyType, FilePasswordProvider passwordProvider, InputStream keyData) + throws IOException, GeneralSecurityException { + if (!KeyPairProvider.SSH_DSS.equals(keyType)) { // just in case we were invoked directly + throw new InvalidKeySpecException("Unexpected key type: " + keyType); + } + + BigInteger p = KeyEntryResolver.decodeBigInt(keyData); + BigInteger q = KeyEntryResolver.decodeBigInt(keyData); + BigInteger g = KeyEntryResolver.decodeBigInt(keyData); + BigInteger y = KeyEntryResolver.decodeBigInt(keyData); + Objects.requireNonNull(y, "No public key data"); // TODO run some validation on it + BigInteger x = KeyEntryResolver.decodeBigInt(keyData); + + try { + return generatePrivateKey(new DSAPrivateKeySpec(x, p, q, g)); + } finally { + // get rid of sensitive data a.s.a.p + p = null; + q = null; + g = null; + y = null; + x = null; + } + } + + @Override + public String encodePrivateKey(SecureByteArrayOutputStream s, DSAPrivateKey key, DSAPublicKey pubKey) throws IOException { + Objects.requireNonNull(key, "No private key provided"); + + DSAParams keyParams = Objects.requireNonNull(key.getParams(), "No DSA params available"); + BigInteger p = keyParams.getP(); + KeyEntryResolver.encodeBigInt(s, p); + KeyEntryResolver.encodeBigInt(s, keyParams.getQ()); + + BigInteger g = keyParams.getG(); + KeyEntryResolver.encodeBigInt(s, g); + + BigInteger x = key.getX(); + BigInteger y = pubKey != null ? pubKey.getY() : g.modPow(x, p); + KeyEntryResolver.encodeBigInt(s, y); + KeyEntryResolver.encodeBigInt(s, x); + return KeyPairProvider.SSH_DSS; + } + + @Override + public boolean isPublicKeyRecoverySupported() { + return true; + } + + @Override + public DSAPublicKey recoverPublicKey(DSAPrivateKey privateKey) throws GeneralSecurityException { + return KeyUtils.recoverDSAPublicKey(privateKey); + } + + @Override + public DSAPublicKey clonePublicKey(DSAPublicKey key) throws GeneralSecurityException { + if (key == null) { + return null; + } + + DSAParams params = key.getParams(); + if (params == null) { + throw new InvalidKeyException("Missing parameters in key"); + } + + return generatePublicKey(new DSAPublicKeySpec(key.getY(), params.getP(), params.getQ(), params.getG())); + } + + @Override + public DSAPrivateKey clonePrivateKey(DSAPrivateKey key) throws GeneralSecurityException { + if (key == null) { + return null; + } + + DSAParams params = key.getParams(); + if (params == null) { + throw new InvalidKeyException("Missing parameters in key"); + } + + return generatePrivateKey(new DSAPrivateKeySpec(key.getX(), params.getP(), params.getQ(), params.getG())); + } + + @Override + public KeyPairGenerator getKeyPairGenerator() throws GeneralSecurityException { + return SecurityUtils.getKeyPairGenerator(KeyUtils.DSS_ALGORITHM); + } + + @Override + public KeyFactory getKeyFactoryInstance() throws GeneralSecurityException { + return SecurityUtils.getKeyFactory(KeyUtils.DSS_ALGORITHM); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHECDSAPrivateKeyEntryDecoder.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHECDSAPrivateKeyEntryDecoder.java new file mode 100644 index 0000000..ee33129 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHECDSAPrivateKeyEntryDecoder.java @@ -0,0 +1,183 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.loader.openssh; + +import java.io.IOException; +import java.io.InputStream; +import java.math.BigInteger; +import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchProviderException; +import java.security.interfaces.ECPrivateKey; +import java.security.interfaces.ECPublicKey; +import java.security.spec.ECParameterSpec; +import java.security.spec.ECPrivateKeySpec; +import java.security.spec.ECPublicKeySpec; +import java.security.spec.InvalidKeySpecException; +import java.util.Objects; + +import org.apache.sshd.common.cipher.ECCurves; +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.config.keys.KeyEntryResolver; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.config.keys.impl.AbstractPrivateKeyEntryDecoder; +import org.apache.sshd.common.config.keys.impl.ECDSAPublicKeyEntryDecoder; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.io.SecureByteArrayOutputStream; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * @author Apache MINA SSHD Project + */ +public class OpenSSHECDSAPrivateKeyEntryDecoder extends AbstractPrivateKeyEntryDecoder { + public static final OpenSSHECDSAPrivateKeyEntryDecoder INSTANCE = new OpenSSHECDSAPrivateKeyEntryDecoder(); + + public OpenSSHECDSAPrivateKeyEntryDecoder() { + super(ECPublicKey.class, ECPrivateKey.class, ECCurves.KEY_TYPES); + } + + @Override + public ECPrivateKey decodePrivateKey( + SessionContext session, String keyType, FilePasswordProvider passwordProvider, InputStream keyData) + throws IOException, GeneralSecurityException { + ECCurves curve = ECCurves.fromKeyType(keyType); + if (curve == null) { + throw new InvalidKeySpecException("Not an EC curve name: " + keyType); + } + + if (!SecurityUtils.isECCSupported()) { + throw new NoSuchProviderException("ECC not supported"); + } + + String keyCurveName = curve.getName(); + // see rfc5656 section 3.1 + String encCurveName = KeyEntryResolver.decodeString(keyData, ECDSAPublicKeyEntryDecoder.MAX_CURVE_NAME_LENGTH); + if (!keyCurveName.equals(encCurveName)) { + throw new InvalidKeySpecException( + "Mismatched key curve name (" + keyCurveName + ") vs. encoded one (" + encCurveName + ")"); + } + + byte[] pubKey = KeyEntryResolver.readRLEBytes(keyData, ECDSAPublicKeyEntryDecoder.MAX_ALLOWED_POINT_SIZE); + Objects.requireNonNull(pubKey, "No public point"); // TODO validate it is a valid ECPoint + BigInteger s = KeyEntryResolver.decodeBigInt(keyData); + ECParameterSpec params = curve.getParameters(); + try { + return generatePrivateKey(new ECPrivateKeySpec(s, params)); + } finally { + // get rid of sensitive data a.s.a.p + s = null; + } + } + + @Override + public String encodePrivateKey(SecureByteArrayOutputStream s, ECPrivateKey key, ECPublicKey pubKey) throws IOException { + Objects.requireNonNull(key, "No private key provided"); + Objects.requireNonNull(pubKey, "No public key provided"); + ECCurves curve = ECCurves.fromECKey(key); + if (curve == null) { + return null; + } + String curveName = curve.getName(); + KeyEntryResolver.encodeString(s, curveName); + ECCurves.ECPointCompression.UNCOMPRESSED.writeECPoint(s, + curveName, pubKey.getW()); + KeyEntryResolver.encodeBigInt(s, key.getS()); + return curve.getKeyType(); + } + + @Override + public ECPublicKey recoverPublicKey(ECPrivateKey prvKey) throws GeneralSecurityException { + ECCurves curve = ECCurves.fromECKey(prvKey); + if (curve == null) { + throw new InvalidKeyException("Unknown curve"); + } + // TODO see how we can figure out the public value + return super.recoverPublicKey(prvKey); + } + + @Override + public ECPublicKey clonePublicKey(ECPublicKey key) throws GeneralSecurityException { + if (!SecurityUtils.isECCSupported()) { + throw new NoSuchProviderException("ECC not supported"); + } + + if (key == null) { + return null; + } + + ECParameterSpec params = key.getParams(); + if (params == null) { + throw new InvalidKeyException("Missing parameters in key"); + } + + return generatePublicKey(new ECPublicKeySpec(key.getW(), params)); + } + + @Override + public ECPrivateKey clonePrivateKey(ECPrivateKey key) throws GeneralSecurityException { + if (!SecurityUtils.isECCSupported()) { + throw new NoSuchProviderException("ECC not supported"); + } + + if (key == null) { + return null; + } + + ECParameterSpec params = key.getParams(); + if (params == null) { + throw new InvalidKeyException("Missing parameters in key"); + } + + return generatePrivateKey(new ECPrivateKeySpec(key.getS(), params)); + } + + @Override + public KeyFactory getKeyFactoryInstance() throws GeneralSecurityException { + if (SecurityUtils.isECCSupported()) { + return SecurityUtils.getKeyFactory(KeyUtils.EC_ALGORITHM); + } else { + throw new NoSuchProviderException("ECC not supported"); + } + } + + @Override + public KeyPair generateKeyPair(int keySize) throws GeneralSecurityException { + ECCurves curve = ECCurves.fromCurveSize(keySize); + if (curve == null) { + throw new InvalidKeySpecException("Unknown curve for key size=" + keySize); + } + + KeyPairGenerator gen = getKeyPairGenerator(); + gen.initialize(curve.getParameters()); + return gen.generateKeyPair(); + } + + @Override + public KeyPairGenerator getKeyPairGenerator() throws GeneralSecurityException { + if (SecurityUtils.isECCSupported()) { + return SecurityUtils.getKeyPairGenerator(KeyUtils.EC_ALGORITHM); + } else { + throw new NoSuchProviderException("ECC not supported"); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKdfOptions.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKdfOptions.java new file mode 100644 index 0000000..78d9103 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKdfOptions.java @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.loader.openssh; + +import java.io.IOException; +import java.util.function.Predicate; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.util.GenericUtils; + +/** + * @author Apache MINA SSHD Project + */ +public interface OpenSSHKdfOptions extends NamedResource, OpenSSHKeyDecryptor { + int MAX_KDF_NAME_LENGTH = 1024; + + int MAX_KDF_OPTIONS_SIZE = Short.MAX_VALUE; + + String NONE_KDF = "none"; + + Predicate IS_NONE_KDF = c -> GenericUtils.isEmpty(c) || NONE_KDF.equalsIgnoreCase(c); + + void initialize(String name, byte[] kdfOptions) throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyDecryptor.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyDecryptor.java new file mode 100644 index 0000000..ecfdab4 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyDecryptor.java @@ -0,0 +1,37 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.loader.openssh; + +import java.io.IOException; +import java.security.GeneralSecurityException; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.session.SessionContext; + +/** + * @author Apache MINA SSHD Project + */ +public interface OpenSSHKeyDecryptor { + boolean isEncrypted(); + + byte[] decodePrivateKeyBytes( + SessionContext session, NamedResource resourceKey, String cipherName, byte[] privateDataBytes, String password) + throws IOException, GeneralSecurityException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParser.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParser.java new file mode 100644 index 0000000..7f473fd --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParser.java @@ -0,0 +1,426 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.config.keys.loader.openssh; + +import java.io.ByteArrayInputStream; +import java.io.EOFException; +import java.io.IOException; +import java.io.InputStream; +import java.io.StreamCorruptedException; +import java.net.ProtocolException; +import java.nio.charset.StandardCharsets; +import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.KeyPair; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.util.AbstractMap.SimpleImmutableEntry; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.TreeMap; + +import javax.security.auth.login.FailedLoginException; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.config.keys.FilePasswordProvider.ResourceDecodeResult; +import org.apache.sshd.common.config.keys.KeyEntryResolver; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.config.keys.PrivateKeyEntryDecoder; +import org.apache.sshd.common.config.keys.PublicKeyEntryDecoder; +import org.apache.sshd.common.config.keys.loader.AbstractKeyPairResourceParser; +import org.apache.sshd.common.config.keys.loader.openssh.kdf.BCryptKdfOptions; +import org.apache.sshd.common.config.keys.loader.openssh.kdf.RawKdfOptions; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.BufferUtils; +import org.apache.sshd.common.util.io.IoUtils; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * Basic support for OpenSSH + * key file(s) + * + * @author Apache MINA SSHD Project + */ +public class OpenSSHKeyPairResourceParser extends AbstractKeyPairResourceParser { + public static final String BEGIN_MARKER = "BEGIN OPENSSH PRIVATE KEY"; + public static final List BEGINNERS = Collections.unmodifiableList(Collections.singletonList(BEGIN_MARKER)); + + public static final String END_MARKER = "END OPENSSH PRIVATE KEY"; + public static final List ENDERS = Collections.unmodifiableList(Collections.singletonList(END_MARKER)); + + public static final String AUTH_MAGIC = "openssh-key-v1"; + public static final OpenSSHKeyPairResourceParser INSTANCE = new OpenSSHKeyPairResourceParser(); + + private static final byte[] AUTH_MAGIC_BYTES = AUTH_MAGIC.getBytes(StandardCharsets.UTF_8); + private static final Map> BY_KEY_TYPE_DECODERS_MAP + = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + + private static final Map, PrivateKeyEntryDecoder> BY_KEY_CLASS_DECODERS_MAP = new HashMap<>(); + + static { + registerPrivateKeyEntryDecoder(OpenSSHRSAPrivateKeyDecoder.INSTANCE); + registerPrivateKeyEntryDecoder(OpenSSHDSSPrivateKeyEntryDecoder.INSTANCE); + + if (SecurityUtils.isECCSupported()) { + registerPrivateKeyEntryDecoder(OpenSSHECDSAPrivateKeyEntryDecoder.INSTANCE); + } + if (SecurityUtils.isEDDSACurveSupported()) { + registerPrivateKeyEntryDecoder(SecurityUtils.getOpenSSHEDDSAPrivateKeyEntryDecoder()); + } + } + + public OpenSSHKeyPairResourceParser() { + super(BEGINNERS, ENDERS); + } + + @Override + public Collection extractKeyPairs( + SessionContext session, NamedResource resourceKey, + String beginMarker, String endMarker, + FilePasswordProvider passwordProvider, + InputStream stream, Map headers) + throws IOException, GeneralSecurityException { + + stream = validateStreamMagicMarker(session, resourceKey, stream); + + String cipher = KeyEntryResolver.decodeString(stream, MAX_CIPHER_NAME_LENGTH); + OpenSSHKdfOptions kdfOptions = resolveKdfOptions(session, resourceKey, beginMarker, endMarker, stream, headers); + OpenSSHParserContext context = new OpenSSHParserContext(cipher, kdfOptions); + int numKeys = KeyEntryResolver.decodeInt(stream); + if (numKeys <= 0) { + return Collections.emptyList(); + } + + + List publicKeys = new ArrayList<>(numKeys); + for (int index = 1; index <= numKeys; index++) { + PublicKey pubKey = readPublicKey(session, resourceKey, context, stream, headers); + ValidateUtils.checkNotNull(pubKey, "Empty public key #%d in %s", index, resourceKey); + publicKeys.add(pubKey); + } + + byte[] privateData = KeyEntryResolver.readRLEBytes(stream, MAX_PRIVATE_KEY_DATA_SIZE); + try { + if (!context.isEncrypted()) { + try (InputStream bais = new ByteArrayInputStream(privateData)) { + return readPrivateKeys(session, resourceKey, context, publicKeys, passwordProvider, bais); + } + } + + if (passwordProvider == null) { + throw new FailedLoginException("No password provider for encrypted key in " + resourceKey); + } + + for (int retryCount = 0;; retryCount++) { + String pwd = passwordProvider.getPassword(session, resourceKey, retryCount); + if (GenericUtils.isEmpty(pwd)) { + return Collections.emptyList(); + } + + List keys; + try { + byte[] decryptedData = kdfOptions.decodePrivateKeyBytes( + session, resourceKey, context.getCipherName(), privateData, pwd); + try (InputStream bais = new ByteArrayInputStream(decryptedData)) { + keys = readPrivateKeys(session, resourceKey, context, publicKeys, passwordProvider, bais); + } finally { + Arrays.fill(decryptedData, (byte) 0); // get rid of sensitive data a.s.a.p. + } + } catch (IOException | GeneralSecurityException | RuntimeException e) { + ResourceDecodeResult result + = passwordProvider.handleDecodeAttemptResult(session, resourceKey, retryCount, pwd, e); + pwd = null; // get rid of sensitive data a.s.a.p. + if (result == null) { + result = ResourceDecodeResult.TERMINATE; + } + + switch (result) { + case TERMINATE: + throw e; + case RETRY: + continue; + case IGNORE: + return Collections.emptyList(); + default: + throw new ProtocolException( + "Unsupported decode attempt result (" + result + ") for " + resourceKey); + } + } + + passwordProvider.handleDecodeAttemptResult(session, resourceKey, retryCount, pwd, null); + pwd = null; // get rid of sensitive data a.s.a.p. + return keys; + } + } finally { + Arrays.fill(privateData, (byte) 0); // get rid of sensitive data a.s.a.p. + } + } + + protected OpenSSHKdfOptions resolveKdfOptions( + SessionContext session, NamedResource resourceKey, + String beginMarker, String endMarker, InputStream stream, Map headers) + throws IOException, GeneralSecurityException { + String kdfName = KeyEntryResolver.decodeString(stream, OpenSSHKdfOptions.MAX_KDF_NAME_LENGTH); + byte[] kdfOptions = KeyEntryResolver.readRLEBytes(stream, OpenSSHKdfOptions.MAX_KDF_OPTIONS_SIZE); + OpenSSHKdfOptions options; + // TODO define a factory class where users can register extra KDF options + if (BCryptKdfOptions.NAME.equalsIgnoreCase(kdfName)) { + options = new BCryptKdfOptions(); + } else { + options = new RawKdfOptions(); + } + + options.initialize(kdfName, kdfOptions); + return options; + } + + protected PublicKey readPublicKey( + SessionContext session, NamedResource resourceKey, + OpenSSHParserContext context, + InputStream stream, Map headers) + throws IOException, GeneralSecurityException { + byte[] keyData = KeyEntryResolver.readRLEBytes(stream, MAX_PUBLIC_KEY_DATA_SIZE); + try (InputStream bais = new ByteArrayInputStream(keyData)) { + String keyType = KeyEntryResolver.decodeString(bais, MAX_KEY_TYPE_NAME_LENGTH); + PublicKeyEntryDecoder decoder = KeyUtils.getPublicKeyEntryDecoder(keyType); + if (decoder == null) { + throw new NoSuchAlgorithmException("Unsupported key type (" + keyType + ") in " + resourceKey); + } + + return decoder.decodePublicKey(session, keyType, bais, headers); + } + } + + /* + * NOTE: called AFTER decrypting the original bytes, however we still propagate the password provider - just in case + * some "sub-encryption" is detected + */ + protected List readPrivateKeys( + SessionContext session, NamedResource resourceKey, + OpenSSHParserContext context, Collection publicKeys, + FilePasswordProvider passwordProvider, InputStream stream) + throws IOException, GeneralSecurityException { + if (GenericUtils.isEmpty(publicKeys)) { + return Collections.emptyList(); + } + + int check1 = KeyEntryResolver.decodeInt(stream); + int check2 = KeyEntryResolver.decodeInt(stream); + + /* + * According to the documentation: + * + * Before the key is encrypted, a random integer is assigned to both checkint fields so successful decryption + * can be quickly checked by verifying that both checkint fields hold the same value. + */ + if (check1 != check2) { + throw new StreamCorruptedException( + "Mismatched private key check values (" + + Integer.toHexString(check1) + "/" + Integer.toHexString(check2) + ") in " + + resourceKey); + } + + List keyPairs = new ArrayList<>(publicKeys.size()); + for (PublicKey pubKey : publicKeys) { + String pubType = KeyUtils.getKeyType(pubKey); + int keyIndex = keyPairs.size() + 1; + + Map.Entry prvData + = readPrivateKey(session, resourceKey, context, pubType, passwordProvider, stream); + PrivateKey prvKey = (prvData == null) ? null : prvData.getKey(); + ValidateUtils.checkNotNull(prvKey, "Empty private key #%d in %s", keyIndex, resourceKey); + + String prvType = KeyUtils.getKeyType(prvKey); + ValidateUtils.checkTrue(Objects.equals(pubType, prvType), + "Mismatched public (%s) vs. private (%s) key type #%d in %s", + pubType, prvType, keyIndex, resourceKey); + + keyPairs.add(new KeyPair(pubKey, prvKey)); + } + + return keyPairs; + } + + protected Map.Entry readPrivateKey( + SessionContext session, NamedResource resourceKey, + OpenSSHParserContext context, String keyType, + FilePasswordProvider passwordProvider, InputStream stream) + throws IOException, GeneralSecurityException { + String prvType = KeyEntryResolver.decodeString(stream, MAX_KEY_TYPE_NAME_LENGTH); + if (!Objects.equals(keyType, prvType)) { + throw new StreamCorruptedException( + "Mismatched private key type: " + + ", expected=" + keyType + ", actual=" + prvType + + " in " + resourceKey); + } + + PrivateKeyEntryDecoder decoder = getPrivateKeyEntryDecoder(prvType); + if (decoder == null) { + throw new NoSuchAlgorithmException("Unsupported key type (" + prvType + ") in " + resourceKey); + } + + PrivateKey prvKey = decoder.decodePrivateKey(session, prvType, passwordProvider, stream); + if (prvKey == null) { + throw new InvalidKeyException("Cannot parse key type (" + prvType + ") in " + resourceKey); + } + + String comment = KeyEntryResolver.decodeString(stream, MAX_KEY_COMMENT_LENGTH); + return new SimpleImmutableEntry<>(prvKey, comment); + } + + protected S validateStreamMagicMarker( + SessionContext session, NamedResource resourceKey, S stream) + throws IOException { + byte[] actual = new byte[AUTH_MAGIC_BYTES.length]; + IoUtils.readFully(stream, actual); + if (!Arrays.equals(AUTH_MAGIC_BYTES, actual)) { + throw new StreamCorruptedException( + resourceKey + ": Mismatched magic marker value: " + BufferUtils.toHex(':', actual)); + } + + int eos = stream.read(); + if (eos == -1) { + throw new EOFException(resourceKey + ": Premature EOF after magic marker value"); + } + + if (eos != 0) { + throw new StreamCorruptedException( + resourceKey + ": Missing EOS after magic marker value: 0x" + Integer.toHexString(eos)); + } + + return stream; + } + + /** + * @param decoder The decoder to register + * @throws IllegalArgumentException if no decoder or not key type or no supported names for the decoder + * @see PrivateKeyEntryDecoder#getPublicKeyType() + * @see PrivateKeyEntryDecoder#getSupportedKeyTypes() + */ + public static void registerPrivateKeyEntryDecoder(PrivateKeyEntryDecoder decoder) { + Objects.requireNonNull(decoder, "No decoder specified"); + + Class pubType = Objects.requireNonNull(decoder.getPublicKeyType(), "No public key type declared"); + Class prvType = Objects.requireNonNull(decoder.getPrivateKeyType(), "No private key type declared"); + synchronized (BY_KEY_CLASS_DECODERS_MAP) { + BY_KEY_CLASS_DECODERS_MAP.put(pubType, decoder); + BY_KEY_CLASS_DECODERS_MAP.put(prvType, decoder); + } + + Collection names + = ValidateUtils.checkNotNullAndNotEmpty(decoder.getSupportedKeyTypes(), "No supported key type"); + synchronized (BY_KEY_TYPE_DECODERS_MAP) { + for (String n : names) { + PrivateKeyEntryDecoder prev = BY_KEY_TYPE_DECODERS_MAP.put(n, decoder); + if (prev != null) { + // noinspection UnnecessaryContinue + continue; // debug breakpoint + } + } + } + } + + /** + * @param keyType The {@code OpenSSH} key type string - e.g., {@code ssh-rsa, ssh-dss} - ignored if + * {@code null}/empty + * @return The registered {@link PrivateKeyEntryDecoder} or {code null} if not found + */ + public static PrivateKeyEntryDecoder getPrivateKeyEntryDecoder(String keyType) { + if (GenericUtils.isEmpty(keyType)) { + return null; + } + + synchronized (BY_KEY_TYPE_DECODERS_MAP) { + return BY_KEY_TYPE_DECODERS_MAP.get(keyType); + } + } + + /** + * @param kp The {@link KeyPair} to examine - ignored if {@code null} + * @return The matching {@link PrivateKeyEntryDecoder} provided both the public and private keys have the + * same decoder - {@code null} if no match found + * @see #getPrivateKeyEntryDecoder(Key) + */ + public static PrivateKeyEntryDecoder getPrivateKeyEntryDecoder(KeyPair kp) { + if (kp == null) { + return null; + } + + PrivateKeyEntryDecoder d1 = getPrivateKeyEntryDecoder(kp.getPublic()); + PrivateKeyEntryDecoder d2 = getPrivateKeyEntryDecoder(kp.getPrivate()); + if (d1 == d2) { + return d1; + } else { + return null; // some kind of mixed keys... + } + } + + /** + * @param key The {@link Key} (public or private) - ignored if {@code null} + * @return The registered {@link PrivateKeyEntryDecoder} for this key or {code null} if no match found + * @see #getPrivateKeyEntryDecoder(Class) + */ + public static PrivateKeyEntryDecoder getPrivateKeyEntryDecoder(Key key) { + if (key == null) { + return null; + } else { + return getPrivateKeyEntryDecoder(key.getClass()); + } + } + + /** + * @param keyType The key {@link Class} - ignored if {@code null} or not a {@link Key} compatible type + * @return The registered {@link PrivateKeyEntryDecoder} or {code null} if no match found + */ + public static PrivateKeyEntryDecoder getPrivateKeyEntryDecoder(Class keyType) { + if ((keyType == null) || (!Key.class.isAssignableFrom(keyType))) { + return null; + } + + synchronized (BY_KEY_TYPE_DECODERS_MAP) { + PrivateKeyEntryDecoder decoder = BY_KEY_CLASS_DECODERS_MAP.get(keyType); + if (decoder != null) { + return decoder; + } + + // in case it is a derived class + for (PrivateKeyEntryDecoder dec : BY_KEY_CLASS_DECODERS_MAP.values()) { + Class pubType = dec.getPublicKeyType(); + Class prvType = dec.getPrivateKeyType(); + if (pubType.isAssignableFrom(keyType) || prvType.isAssignableFrom(keyType)) { + return dec; + } + } + } + + return null; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHParserContext.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHParserContext.java new file mode 100644 index 0000000..698e3d7 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHParserContext.java @@ -0,0 +1,95 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.loader.openssh; + +import java.io.IOException; +import java.io.StreamCorruptedException; +import java.security.GeneralSecurityException; +import java.util.function.Predicate; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; + +/** + * @author Apache MINA SSHD Project + */ +public class OpenSSHParserContext implements OpenSSHKeyDecryptor { + public static final String NONE_CIPHER = "none"; + public static final Predicate IS_NONE_CIPHER = c -> GenericUtils.isEmpty(c) || NONE_CIPHER.equalsIgnoreCase(c); + + private String cipherName; + private OpenSSHKdfOptions kdfOptions; + + public OpenSSHParserContext() { + super(); + } + + public OpenSSHParserContext(String cipherName, OpenSSHKdfOptions kdfOptions) { + setCipherName(cipherName); + setKdfOptions(kdfOptions); + } + + @Override + public boolean isEncrypted() { + if (!IS_NONE_CIPHER.test(getCipherName())) { + return true; + } + + OpenSSHKdfOptions options = getKdfOptions(); + return (options != null) && options.isEncrypted(); + } + + public String getCipherName() { + return cipherName; + } + + public void setCipherName(String cipherName) { + this.cipherName = cipherName; + } + + public OpenSSHKdfOptions getKdfOptions() { + return kdfOptions; + } + + public void setKdfOptions(OpenSSHKdfOptions kdfOptions) { + this.kdfOptions = kdfOptions; + } + + @Override + public byte[] decodePrivateKeyBytes( + SessionContext session, NamedResource resourceKey, String cipherName, byte[] privateDataBytes, String password) + throws IOException, GeneralSecurityException { + OpenSSHKdfOptions options = getKdfOptions(); + if (options == null) { + throw new StreamCorruptedException("No KDF options available for decrypting " + resourceKey); + } + + return options.decodePrivateKeyBytes(session, resourceKey, cipherName, privateDataBytes, password); + } + + @Override + public String toString() { + return getClass().getSimpleName() + + "[cipher=" + getCipherName() + + ", kdfOptions=" + getKdfOptions() + + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHRSAPrivateKeyDecoder.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHRSAPrivateKeyDecoder.java new file mode 100644 index 0000000..55b610b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHRSAPrivateKeyDecoder.java @@ -0,0 +1,160 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.loader.openssh; + +import java.io.IOException; +import java.io.InputStream; +import java.math.BigInteger; +import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; +import java.security.KeyFactory; +import java.security.KeyPairGenerator; +import java.security.interfaces.RSAPrivateCrtKey; +import java.security.interfaces.RSAPrivateKey; +import java.security.interfaces.RSAPublicKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.RSAPrivateCrtKeySpec; +import java.security.spec.RSAPublicKeySpec; +import java.util.Collections; +import java.util.Objects; + +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.config.keys.KeyEntryResolver; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.config.keys.impl.AbstractPrivateKeyEntryDecoder; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.io.SecureByteArrayOutputStream; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * @author Apache MINA SSHD Project + */ +public class OpenSSHRSAPrivateKeyDecoder extends AbstractPrivateKeyEntryDecoder { + public static final BigInteger DEFAULT_PUBLIC_EXPONENT = new BigInteger("65537"); + public static final OpenSSHRSAPrivateKeyDecoder INSTANCE = new OpenSSHRSAPrivateKeyDecoder(); + + public OpenSSHRSAPrivateKeyDecoder() { + super(RSAPublicKey.class, RSAPrivateKey.class, + Collections.unmodifiableList(Collections.singletonList(KeyPairProvider.SSH_RSA))); + } + + @Override + public RSAPrivateKey decodePrivateKey( + SessionContext session, String keyType, FilePasswordProvider passwordProvider, InputStream keyData) + throws IOException, GeneralSecurityException { + if (!KeyPairProvider.SSH_RSA.equals(keyType)) { // just in case we were invoked directly + throw new InvalidKeySpecException("Unexpected key type: " + keyType); + } + + BigInteger n = KeyEntryResolver.decodeBigInt(keyData); + BigInteger e = KeyEntryResolver.decodeBigInt(keyData); + if (!Objects.equals(e, DEFAULT_PUBLIC_EXPONENT)) { + } + + BigInteger d = KeyEntryResolver.decodeBigInt(keyData); + BigInteger inverseQmodP = KeyEntryResolver.decodeBigInt(keyData); + Objects.requireNonNull(inverseQmodP, "Missing iqmodp"); // TODO run some validation on it + BigInteger p = KeyEntryResolver.decodeBigInt(keyData); + BigInteger q = KeyEntryResolver.decodeBigInt(keyData); + BigInteger modulus = p.multiply(q); + if (!Objects.equals(n, modulus)) { + } + try { + return generatePrivateKey(new RSAPrivateCrtKeySpec( + n, e, d, p, q, d.mod(p.subtract(BigInteger.ONE)), d.mod(q.subtract(BigInteger.ONE)), inverseQmodP)); + } finally { + // get rid of sensitive data a.s.a.p + d = null; + inverseQmodP = null; + p = null; + q = null; + } + } + + @Override + public String encodePrivateKey(SecureByteArrayOutputStream s, RSAPrivateKey key, RSAPublicKey pubKey) throws IOException { + Objects.requireNonNull(key, "No private key provided"); + if (key instanceof RSAPrivateCrtKey) { + RSAPrivateCrtKey a = (RSAPrivateCrtKey) key; + KeyEntryResolver.encodeBigInt(s, a.getModulus()); // n + KeyEntryResolver.encodeBigInt(s, a.getPublicExponent()); // e + KeyEntryResolver.encodeBigInt(s, a.getPrivateExponent()); // d + // CRT coefficient q^-1 mod p + KeyEntryResolver.encodeBigInt(s, a.getCrtCoefficient()); + KeyEntryResolver.encodeBigInt(s, a.getPrimeP()); // p + KeyEntryResolver.encodeBigInt(s, a.getPrimeQ()); // q + return KeyPairProvider.SSH_RSA; + } + return null; + } + + @Override + public boolean isPublicKeyRecoverySupported() { + return true; + } + + @Override + public RSAPublicKey recoverPublicKey(RSAPrivateKey privateKey) throws GeneralSecurityException { + return KeyUtils.recoverRSAPublicKey(privateKey); + } + + @Override + public RSAPublicKey clonePublicKey(RSAPublicKey key) throws GeneralSecurityException { + if (key == null) { + return null; + } else { + return generatePublicKey(new RSAPublicKeySpec(key.getModulus(), key.getPublicExponent())); + } + } + + @Override + public RSAPrivateKey clonePrivateKey(RSAPrivateKey key) throws GeneralSecurityException { + if (key == null) { + return null; + } + + if (!(key instanceof RSAPrivateCrtKey)) { + throw new InvalidKeyException("Cannot clone a non-RSAPrivateCrtKey: " + key.getClass().getSimpleName()); + } + + RSAPrivateCrtKey rsaPrv = (RSAPrivateCrtKey) key; + return generatePrivateKey( + new RSAPrivateCrtKeySpec( + rsaPrv.getModulus(), + rsaPrv.getPublicExponent(), + rsaPrv.getPrivateExponent(), + rsaPrv.getPrimeP(), + rsaPrv.getPrimeQ(), + rsaPrv.getPrimeExponentP(), + rsaPrv.getPrimeExponentQ(), + rsaPrv.getCrtCoefficient())); + } + + @Override + public KeyPairGenerator getKeyPairGenerator() throws GeneralSecurityException { + return SecurityUtils.getKeyPairGenerator(KeyUtils.RSA_ALGORITHM); + } + + @Override + public KeyFactory getKeyFactoryInstance() throws GeneralSecurityException { + return SecurityUtils.getKeyFactory(KeyUtils.RSA_ALGORITHM); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/kdf/BCrypt.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/kdf/BCrypt.java new file mode 100644 index 0000000..20a8b76 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/kdf/BCrypt.java @@ -0,0 +1,885 @@ +/* + * Copyright (c) 2006 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +// CHECKSTYLE:OFF +package org.apache.sshd.common.config.keys.loader.openssh.kdf; + +// This code comes from https://github.com/kruton/jbcrypt/blob/37a5a77/jbcrypt/src/main/java/org/mindrot/jbcrypt/BCrypt.java . +// It's available on maven as artifact org.connectbot.jbcrypt:jbcrypt:1.0.0. pbkdf method added 2016 by Kenny Root. +// Modifications for Apache MINA sshd: this comment, plus changed the package from org.mindrot.jbcrypt to avoid conflicts. +import java.io.UnsupportedEncodingException; +import java.security.DigestException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; + +/** +* BCrypt implements OpenBSD-style Blowfish password hashing using +* the scheme described in "A Future-Adaptable Password Scheme" by +* Niels Provos and David Mazieres. +*

    +* This password hashing system tries to thwart off-line password +* cracking using a computationally-intensive hashing algorithm, +* based on Bruce Schneier's Blowfish cipher. The work factor of +* the algorithm is parameterised, so it can be increased as +* computers get faster. +*

    +* Usage is really simple. To hash a password for the first time, +* call the hashpw method with a random salt, like this: +*

    +* +* String pw_hash = BCrypt.hashpw(plain_password, BCrypt.gensalt());
    +*     +*

    +* To check whether a plaintext password matches one that has been +* hashed previously, use the checkpw method: +*

    +* +* if (BCrypt.checkpw(candidate_password, stored_hash))
    +*     System.out.println("It matches");
    +* else
    +*     System.out.println("It does not match");
    +*     +*

    +* The gensalt() method takes an optional parameter (log_rounds) +* that determines the computational complexity of the hashing: +*

    +* +* String strong_salt = BCrypt.gensalt(10)
    +* String stronger_salt = BCrypt.gensalt(12)
    +*     +*

    +* The amount of work increases exponentially (2**log_rounds), so +* each increment is twice as much work. The default log_rounds is +* 10, and the valid range is 4 to 30. +* +* @author Damien Miller +* @version 0.2 +*/ +public class BCrypt { + // BCrypt parameters + private static final int GENSALT_DEFAULT_LOG2_ROUNDS = 10; + private static final int BCRYPT_SALT_LEN = 16; + + // Blowfish parameters + private static final int BLOWFISH_NUM_ROUNDS = 16; + + // Initial contents of key schedule + private static final int P_orig[] = { + 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, + 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89, + 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, + 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, + 0x9216d5d9, 0x8979fb1b + }; + private static final int S_orig[] = { + 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, + 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99, + 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, + 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, + 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee, + 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, + 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, + 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e, + 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, + 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, + 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce, + 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, + 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, + 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677, + 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, + 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, + 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88, + 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, + 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, + 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0, + 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, + 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, + 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88, + 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, + 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, + 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d, + 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, + 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, + 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba, + 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, + 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, + 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09, + 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, + 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, + 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279, + 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, + 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, + 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82, + 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, + 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, + 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0, + 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, + 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, + 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8, + 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, + 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, + 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7, + 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, + 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, + 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1, + 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, + 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, + 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477, + 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, + 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, + 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af, + 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, + 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, + 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41, + 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, + 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, + 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915, + 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, + 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a, + 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, + 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266, + 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, + 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, + 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6, + 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, + 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, + 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1, + 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, + 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, + 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff, + 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, + 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, + 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7, + 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, + 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, + 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf, + 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, + 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, + 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87, + 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, + 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, + 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16, + 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, + 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, + 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509, + 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, + 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, + 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f, + 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, + 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, + 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960, + 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, + 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, + 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802, + 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, + 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, + 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf, + 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, + 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, + 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50, + 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, + 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, + 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281, + 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, + 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, + 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128, + 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, + 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, + 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0, + 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, + 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, + 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3, + 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, + 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, + 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061, + 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, + 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, + 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735, + 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, + 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, + 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340, + 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, + 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7, + 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, + 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068, + 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, + 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, + 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45, + 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, + 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, + 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb, + 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, + 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, + 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42, + 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, + 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, + 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb, + 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, + 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, + 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33, + 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, + 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, + 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc, + 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, + 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, + 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b, + 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, + 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, + 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728, + 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, + 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, + 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37, + 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, + 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, + 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b, + 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, + 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, + 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d, + 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, + 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, + 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9, + 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, + 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, + 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d, + 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, + 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, + 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61, + 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, + 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, + 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2, + 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, + 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, + 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633, + 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, + 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, + 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52, + 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, + 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, + 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62, + 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, + 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, + 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, + 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, + 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, + 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c, + 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, + 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0, + 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, + 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe, + 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, + 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, + 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8, + 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, + 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, + 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22, + 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, + 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, + 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9, + 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, + 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, + 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51, + 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, + 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, + 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b, + 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, + 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, + 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd, + 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, + 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, + 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb, + 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, + 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, + 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32, + 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, + 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, + 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae, + 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, + 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, + 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47, + 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, + 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, + 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84, + 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, + 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, + 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd, + 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, + 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, + 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38, + 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, + 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, + 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525, + 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, + 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, + 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964, + 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, + 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, + 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d, + 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, + 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, + 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02, + 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, + 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, + 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a, + 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, + 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, + 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0, + 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, + 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, + 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9, + 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, + 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6 + }; + + // OpenBSD IV: "OxychromaticBlowfishSwatDynamite" in big endian + private static final int[] openbsd_iv = new int[] { + 0x4f787963, 0x68726f6d, 0x61746963, 0x426c6f77, + 0x66697368, 0x53776174, 0x44796e61, 0x6d697465, + }; + + // bcrypt IV: "OrpheanBeholderScryDoubt". The C implementation calls + // this "ciphertext", but it is really plaintext or an IV. We keep + // the name to make code comparison easier. + static private final int bf_crypt_ciphertext[] = { + 0x4f727068, 0x65616e42, 0x65686f6c, + 0x64657253, 0x63727944, 0x6f756274 + }; + + // Table for Base64 encoding + static private final char base64_code[] = { + '.', '/', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', + 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', + 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', + 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', + 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', + '6', '7', '8', '9' + }; + + // Table for Base64 decoding + static private final byte index_64[] = { + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 0, 1, 54, 55, + 56, 57, 58, 59, 60, 61, 62, 63, -1, -1, + -1, -1, -1, -1, -1, 2, 3, 4, 5, 6, + 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, + 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, + -1, -1, -1, -1, -1, -1, 28, 29, 30, + 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, + 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, + 51, 52, 53, -1, -1, -1, -1, -1 + }; + + // Expanded Blowfish key + private int P[]; + private int S[]; + + /** + * Encode a byte array using bcrypt's slightly-modified base64 + * encoding scheme. Note that this is *not* compatible with + * the standard MIME-base64 encoding. + * + * @param d the byte array to encode + * @param len the number of bytes to encode + * @return base64-encoded string + * @exception IllegalArgumentException if the length is invalid + */ + private static String encode_base64(byte d[], int len) + throws IllegalArgumentException { + int off = 0; + StringBuffer rs = new StringBuffer(); + int c1, c2; + + if (len <= 0 || len > d.length) + throw new IllegalArgumentException ("Invalid len"); + + while (off < len) { + c1 = d[off++] & 0xff; + rs.append(base64_code[(c1 >> 2) & 0x3f]); + c1 = (c1 & 0x03) << 4; + if (off >= len) { + rs.append(base64_code[c1 & 0x3f]); + break; + } + c2 = d[off++] & 0xff; + c1 |= (c2 >> 4) & 0x0f; + rs.append(base64_code[c1 & 0x3f]); + c1 = (c2 & 0x0f) << 2; + if (off >= len) { + rs.append(base64_code[c1 & 0x3f]); + break; + } + c2 = d[off++] & 0xff; + c1 |= (c2 >> 6) & 0x03; + rs.append(base64_code[c1 & 0x3f]); + rs.append(base64_code[c2 & 0x3f]); + } + return rs.toString(); + } + + /** + * Look up the 3 bits base64-encoded by the specified character, + * range-checking againt conversion table + * @param x the base64-encoded value + * @return the decoded value of x + */ + private static byte char64(char x) { + if (x < 0 || x > index_64.length) + return -1; + return index_64[x]; + } + + /** + * Decode a string encoded using bcrypt's base64 scheme to a + * byte array. Note that this is *not* compatible with + * the standard MIME-base64 encoding. + * @param s the string to decode + * @param maxolen the maximum number of bytes to decode + * @return an array containing the decoded bytes + * @throws IllegalArgumentException if maxolen is invalid + */ + private static byte[] decode_base64(String s, int maxolen) + throws IllegalArgumentException { + StringBuffer rs = new StringBuffer(); + int off = 0, slen = s.length(), olen = 0; + byte ret[]; + byte c1, c2, c3, c4, o; + + if (maxolen <= 0) + throw new IllegalArgumentException ("Invalid maxolen"); + + while (off < slen - 1 && olen < maxolen) { + c1 = char64(s.charAt(off++)); + c2 = char64(s.charAt(off++)); + if (c1 == -1 || c2 == -1) + break; + o = (byte)(c1 << 2); + o |= (c2 & 0x30) >> 4; + rs.append((char)o); + if (++olen >= maxolen || off >= slen) + break; + c3 = char64(s.charAt(off++)); + if (c3 == -1) + break; + o = (byte)((c2 & 0x0f) << 4); + o |= (c3 & 0x3c) >> 2; + rs.append((char)o); + if (++olen >= maxolen || off >= slen) + break; + c4 = char64(s.charAt(off++)); + o = (byte)((c3 & 0x03) << 6); + o |= c4; + rs.append((char)o); + ++olen; + } + + ret = new byte[olen]; + for (off = 0; off < olen; off++) + ret[off] = (byte)rs.charAt(off); + return ret; + } + + /** + * Blowfish encipher a single 64-bit block encoded as + * two 32-bit halves + * @param lr an array containing the two 32-bit half blocks + * @param off the position in the array of the blocks + */ + private final void encipher(int lr[], int off) { + int i, n, l = lr[off], r = lr[off + 1]; + + l ^= P[0]; + for (i = 0; i <= BLOWFISH_NUM_ROUNDS - 2;) { + // Feistel substitution on left word + n = S[(l >> 24) & 0xff]; + n += S[0x100 | ((l >> 16) & 0xff)]; + n ^= S[0x200 | ((l >> 8) & 0xff)]; + n += S[0x300 | (l & 0xff)]; + r ^= n ^ P[++i]; + + // Feistel substitution on right word + n = S[(r >> 24) & 0xff]; + n += S[0x100 | ((r >> 16) & 0xff)]; + n ^= S[0x200 | ((r >> 8) & 0xff)]; + n += S[0x300 | (r & 0xff)]; + l ^= n ^ P[++i]; + } + lr[off] = r ^ P[BLOWFISH_NUM_ROUNDS + 1]; + lr[off + 1] = l; + } + + /** + * Cycically extract a word of key material + * @param data the string to extract the data from + * @param offp a "pointer" (as a one-entry array) to the + * current offset into data + * @return the next word of material from data + */ + private static int streamtoword(byte data[], int offp[]) { + int i; + int word = 0; + int off = offp[0]; + + for (i = 0; i < 4; i++) { + word = (word << 8) | (data[off] & 0xff); + off = (off + 1) % data.length; + } + + offp[0] = off; + return word; + } + + /** + * Initialise the Blowfish key schedule + */ + private void init_key() { + P = P_orig.clone(); + S = S_orig.clone(); + } + + /** + * Key the Blowfish cipher + * @param key an array containing the key + */ + private void key(byte key[]) { + int i; + int koffp[] = { 0 }; + int lr[] = { 0, 0 }; + int plen = P.length, slen = S.length; + + for (i = 0; i < plen; i++) + P[i] = P[i] ^ streamtoword(key, koffp); + + for (i = 0; i < plen; i += 2) { + encipher(lr, 0); + P[i] = lr[0]; + P[i + 1] = lr[1]; + } + + for (i = 0; i < slen; i += 2) { + encipher(lr, 0); + S[i] = lr[0]; + S[i + 1] = lr[1]; + } + } + + /** + * Perform the "enhanced key schedule" step described by + * Provos and Mazieres in "A Future-Adaptable Password Scheme" + * http://www.openbsd.org/papers/bcrypt-paper.ps + * @param data salt information + * @param key password information + */ + private void ekskey(byte data[], byte key[]) { + int i; + int koffp[] = { 0 }, doffp[] = { 0 }; + int lr[] = { 0, 0 }; + int plen = P.length, slen = S.length; + + for (i = 0; i < plen; i++) + P[i] = P[i] ^ streamtoword(key, koffp); + + for (i = 0; i < plen; i += 2) { + lr[0] ^= streamtoword(data, doffp); + lr[1] ^= streamtoword(data, doffp); + encipher(lr, 0); + P[i] = lr[0]; + P[i + 1] = lr[1]; + } + + for (i = 0; i < slen; i += 2) { + lr[0] ^= streamtoword(data, doffp); + lr[1] ^= streamtoword(data, doffp); + encipher(lr, 0); + S[i] = lr[0]; + S[i + 1] = lr[1]; + } + } + + /** + * Compatibility with new OpenBSD function. + * @param hpass The hash password bytes + * @param hsalt The hash salt bytes + * @param output Target hash output buffer + */ + public void hash(byte[] hpass, byte[] hsalt, byte[] output) { + init_key(); + ekskey(hsalt, hpass); + for (int i = 0; i < 64; i++) { + key(hsalt); + key(hpass); + } + + int[] buf = new int[openbsd_iv.length]; + System.arraycopy(openbsd_iv, 0, buf, 0, openbsd_iv.length); + for (int i = 0; i < 8; i += 2) { + for (int j = 0; j < 64; j++) { + encipher(buf, i); + } + } + + for (int i = 0, j = 0; i < buf.length; i++) { + // Output of this is little endian + output[j++] = (byte)(buf[i] & 0xff); + output[j++] = (byte)((buf[i] >> 8) & 0xff); + output[j++] = (byte)((buf[i] >> 16) & 0xff); + output[j++] = (byte)((buf[i] >> 24) & 0xff); + } + } + + /** + * Compatibility with new OpenBSD function. + * + * @param password The password bytes + * @param salt The salt bytes + * @param rounds Number of hash rounds + * @param output Hash output buffer + */ + public void pbkdf(byte[] password, byte[] salt, int rounds, byte[] output) { + try { + MessageDigest sha512 = MessageDigest.getInstance("SHA-512"); + + int nblocks = (output.length + 31) / 32; + byte[] hpass = sha512.digest(password); + + byte[] hsalt = new byte[64]; + byte[] block_b = new byte[4]; + byte[] out = new byte[32]; + byte[] tmp = new byte[32]; + for (int block = 1; block <= nblocks; block++) { + // Block count is in big endian + block_b[0] = (byte) ((block >> 24) & 0xFF); + block_b[1] = (byte) ((block >> 16) & 0xFF); + block_b[2] = (byte) ((block >> 8) & 0xFF); + block_b[3] = (byte) (block & 0xFF); + + sha512.reset(); + sha512.update(salt); + sha512.update(block_b); + sha512.digest(hsalt, 0, hsalt.length); + + hash(hpass, hsalt, out); + System.arraycopy(out, 0, tmp, 0, out.length); + + for (int round = 1; round < rounds; round++) { + sha512.reset(); + sha512.update(tmp); + sha512.digest(hsalt, 0, hsalt.length); + + hash(hpass, hsalt, tmp); + + for (int i = 0; i < tmp.length; i++) { + out[i] ^= tmp[i]; + } + } + + for (int i = 0; i < out.length; i++) { + int idx = i * nblocks + (block - 1); + if (idx < output.length) { + output[idx] = out[i]; + } + } + } + } catch (DigestException e) { + throw new RuntimeException(e); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } + } + + /** + * Perform the central password hashing step in the + * bcrypt scheme + * @param password the password to hash + * @param salt the binary salt to hash with the password + * @param log_rounds the binary logarithm of the number + * of rounds of hashing to apply + * @param cdata the plaintext to encrypt + * @return an array containing the binary hashed password + */ + public byte[] crypt_raw(byte password[], byte salt[], int log_rounds, + int cdata[]) { + int rounds, i, j; + int clen = cdata.length; + byte ret[]; + + if (log_rounds < 4 || log_rounds > 30) + throw new IllegalArgumentException ("Bad number of rounds"); + rounds = 1 << log_rounds; + if (salt.length != BCRYPT_SALT_LEN) + throw new IllegalArgumentException ("Bad salt length"); + + init_key(); + ekskey(salt, password); + for (i = 0; i != rounds; i++) { + key(password); + key(salt); + } + + for (i = 0; i < 64; i++) { + for (j = 0; j < (clen >> 1); j++) + encipher(cdata, j << 1); + } + + ret = new byte[clen * 4]; + for (i = 0, j = 0; i < clen; i++) { + ret[j++] = (byte)((cdata[i] >> 24) & 0xff); + ret[j++] = (byte)((cdata[i] >> 16) & 0xff); + ret[j++] = (byte)((cdata[i] >> 8) & 0xff); + ret[j++] = (byte)(cdata[i] & 0xff); + } + return ret; + } + + /** + * Hash a password using the OpenBSD bcrypt scheme + * @param password the password to hash + * @param salt the salt to hash with (perhaps generated + * using BCrypt.gensalt) + * @return the hashed password + */ + public static String hashpw(String password, String salt) { + BCrypt B; + String real_salt; + byte passwordb[], saltb[], hashed[]; + char minor = (char)0; + int rounds, off = 0; + StringBuffer rs = new StringBuffer(); + + if (salt.charAt(0) != '$' || salt.charAt(1) != '2') + throw new IllegalArgumentException ("Invalid salt version"); + if (salt.charAt(2) == '$') + off = 3; + else { + minor = salt.charAt(2); + if (minor != 'a' || salt.charAt(3) != '$') + throw new IllegalArgumentException ("Invalid salt revision"); + off = 4; + } + + // Extract number of rounds + if (salt.charAt(off + 2) > '$') + throw new IllegalArgumentException ("Missing salt rounds"); + rounds = Integer.parseInt(salt.substring(off, off + 2)); + + real_salt = salt.substring(off + 3, off + 25); + try { + passwordb = (password + (minor >= 'a' ? "\000" : "")).getBytes("UTF-8"); + } catch (UnsupportedEncodingException uee) { + throw new AssertionError("UTF-8 is not supported"); + } + + saltb = decode_base64(real_salt, BCRYPT_SALT_LEN); + + B = new BCrypt(); + hashed = B.crypt_raw(passwordb, saltb, rounds, + bf_crypt_ciphertext.clone()); + + rs.append("$2"); + if (minor >= 'a') + rs.append(minor); + rs.append("$"); + if (rounds < 10) + rs.append("0"); + if (rounds > 30) { + throw new IllegalArgumentException( + "rounds exceeds maximum (30)"); + } + rs.append(Integer.toString(rounds)); + rs.append("$"); + rs.append(encode_base64(saltb, saltb.length)); + rs.append(encode_base64(hashed, + bf_crypt_ciphertext.length * 4 - 1)); + return rs.toString(); + } + + /** + * Generate a salt for use with the BCrypt.hashpw() method + * @param log_rounds the log2 of the number of rounds of + * hashing to apply - the work factor therefore increases as + * 2**log_rounds. + * @param random an instance of SecureRandom to use + * @return an encoded salt value + */ + public static String gensalt(int log_rounds, SecureRandom random) { + StringBuffer rs = new StringBuffer(); + byte rnd[] = new byte[BCRYPT_SALT_LEN]; + + random.nextBytes(rnd); + + rs.append("$2a$"); + if (log_rounds < 10) + rs.append("0"); + if (log_rounds > 30) { + throw new IllegalArgumentException( + "log_rounds exceeds maximum (30)"); + } + rs.append(Integer.toString(log_rounds)); + rs.append("$"); + rs.append(encode_base64(rnd, rnd.length)); + return rs.toString(); + } + + /** + * Generate a salt for use with the BCrypt.hashpw() method + * @param log_rounds the log2 of the number of rounds of + * hashing to apply - the work factor therefore increases as + * 2**log_rounds. + * @return an encoded salt value + */ + public static String gensalt(int log_rounds) { + return gensalt(log_rounds, new SecureRandom()); + } + + /** + * Generate a salt for use with the BCrypt.hashpw() method, + * selecting a reasonable default for the number of hashing + * rounds to apply + * @return an encoded salt value + */ + public static String gensalt() { + return gensalt(GENSALT_DEFAULT_LOG2_ROUNDS); + } + + /** + * Check that a plaintext password matches a previously hashed + * one + * @param plaintext the plaintext password to verify + * @param hashed the previously-hashed password + * @return true if the passwords match, false otherwise + */ + public static boolean checkpw(String plaintext, String hashed) { + byte hashed_bytes[]; + byte try_bytes[]; + try { + String try_pw = hashpw(plaintext, hashed); + hashed_bytes = hashed.getBytes("UTF-8"); + try_bytes = try_pw.getBytes("UTF-8"); + } catch (UnsupportedEncodingException uee) { + return false; + } + if (hashed_bytes.length != try_bytes.length) + return false; + byte ret = 0; + for (int i = 0; i < try_bytes.length; i++) + ret |= hashed_bytes[i] ^ try_bytes[i]; + return ret == 0; + } +} + +//CHECKSTYLE:ON diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/kdf/BCryptKdfOptions.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/kdf/BCryptKdfOptions.java new file mode 100644 index 0000000..9fbc35e --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/kdf/BCryptKdfOptions.java @@ -0,0 +1,260 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.loader.openssh.kdf; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.StreamCorruptedException; +import java.nio.charset.StandardCharsets; +import java.security.GeneralSecurityException; +import java.security.NoSuchAlgorithmException; +import java.util.Arrays; +import java.util.concurrent.atomic.AtomicInteger; + +import javax.crypto.Cipher; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.RuntimeSshException; +import org.apache.sshd.common.cipher.BuiltinCiphers; +import org.apache.sshd.common.cipher.CipherFactory; +import org.apache.sshd.common.config.keys.KeyEntryResolver; +import org.apache.sshd.common.config.keys.loader.openssh.OpenSSHKdfOptions; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.BufferUtils; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * @author Apache MINA SSHD Project + */ +public class BCryptKdfOptions implements OpenSSHKdfOptions { + public static final String NAME = "bcrypt"; + + /** + * Various discussions on the net seem to indicate that 64 is the value at which many computers seem to slow down + * noticeably, so we are rather generous here. The default value (unless overridden by the {@code -a} parameter to + * the {@code ssh-keygen} command) is usually 16. + */ + public static final int DEFAULT_MAX_ROUNDS = 0xFF; + private static final AtomicInteger MAX_ROUNDS_HOLDER = new AtomicInteger(DEFAULT_MAX_ROUNDS); + + private byte[] salt; + private int numRounds; + + public BCryptKdfOptions() { + super(); + } + + @Override + public void initialize(String name, byte[] kdfOptions) throws IOException { + if (!NAME.equalsIgnoreCase(name)) { + throw new StreamCorruptedException("Mismatched KDF name: " + name); + } + + if (NumberUtils.isEmpty(kdfOptions)) { + throw new StreamCorruptedException("Missing KDF options for " + name); + } + + // Minus 8: 4 bytes for the RLE of the salt itself, plus 4 bytes for the rounds + int expectedSaltLength = kdfOptions.length - 2 * Integer.BYTES; + try (InputStream stream = new ByteArrayInputStream(kdfOptions)) { + initialize(stream, expectedSaltLength); + } + + byte[] saltValue = getSalt(); + int actualSaltLength = NumberUtils.length(saltValue); + if (actualSaltLength != expectedSaltLength) { + throw new StreamCorruptedException( + "Mismatched salt data length:" + + " expected=" + expectedSaltLength + ", actual=" + actualSaltLength); + } + } + + protected void initialize(InputStream stream, int maxSaltSize) throws IOException { + setSalt(KeyEntryResolver.readRLEBytes(stream, maxSaltSize)); + setNumRounds(KeyEntryResolver.decodeInt(stream)); + } + + @Override + public boolean isEncrypted() { + return true; + } + + @Override + public byte[] decodePrivateKeyBytes( + SessionContext session, NamedResource resourceKey, String cipherName, byte[] privateDataBytes, String password) + throws IOException, GeneralSecurityException { + if (NumberUtils.isEmpty(privateDataBytes)) { + return privateDataBytes; + } + + CipherFactory cipherSpec = BuiltinCiphers.resolveFactory(cipherName); + if ((cipherSpec == null) || (!cipherSpec.isSupported())) { + throw new NoSuchAlgorithmException("Unsupported cipher: " + cipherName); + } + + int blockSize = cipherSpec.getCipherBlockSize(); + if ((privateDataBytes.length % blockSize) != 0) { + throw new StreamCorruptedException( + "Encrypted data size (" + privateDataBytes.length + ")" + + " is not aligned to " + cipherName + " block size (" + blockSize + ")"); + } + + byte[] pwd = password.getBytes(StandardCharsets.UTF_8); + // Get cipher key & IV sizes. + int keySize = cipherSpec.getKdfSize(); + int ivSize = cipherSpec.getIVSize(); + byte[] cipherInput = new byte[keySize + ivSize]; + try { + bcryptKdf(pwd, cipherInput); + + byte[] kv = Arrays.copyOfRange(cipherInput, 0, keySize); + byte[] iv = Arrays.copyOfRange(cipherInput, keySize, cipherInput.length); + try { + Cipher cipher = SecurityUtils.getCipher(cipherSpec.getTransformation()); + SecretKeySpec keySpec = new SecretKeySpec(kv, cipherSpec.getAlgorithm()); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec); + return cipher.doFinal(privateDataBytes); + } finally { + // Don't keep cipher data in memory longer than necessary + Arrays.fill(kv, (byte) 0); + Arrays.fill(iv, (byte) 0); + } + } catch (RuntimeException e) { + Throwable t = GenericUtils.peelException(e); + Throwable err = null; + if ((t instanceof IOException) || (t instanceof GeneralSecurityException)) { + err = t; + } else { + t = GenericUtils.resolveExceptionCause(e); + if ((t instanceof IOException) || (t instanceof GeneralSecurityException)) { + err = t; + } + } + + if (err instanceof IOException) { + throw (IOException) err; + } else if (err instanceof GeneralSecurityException) { + throw (GeneralSecurityException) err; + } else { + throw e; + } + } finally { + Arrays.fill(pwd, (byte) 0); // Don't keep password data in memory longer than necessary + Arrays.fill(cipherInput, (byte) 0); // Don't keep cipher data in memory longer than necessary + } + } + + protected void bcryptKdf(byte[] password, byte[] output) throws IOException, GeneralSecurityException { + BCrypt bcrypt = new BCrypt(); + bcrypt.pbkdf(password, getSalt(), getNumRounds(), output); + } + + @Override + public final String getName() { + return NAME; + } + + public byte[] getSalt() { + return NumberUtils.emptyIfNull(salt); + } + + public void setSalt(byte[] salt) { + this.salt = NumberUtils.emptyIfNull(salt); + } + + public int getNumRounds() { + return numRounds; + } + + public void setNumRounds(int numRounds) { + int maxAllowed = getMaxAllowedRounds(); + if ((numRounds <= 0) || (numRounds > maxAllowed)) { + throw new BCryptBadRoundsException( + numRounds, "Bad rounds value (" + numRounds + ") - max. allowed " + maxAllowed); + } + + this.numRounds = numRounds; + } + + @Override + public int hashCode() { + return 31 * getNumRounds() + Arrays.hashCode(getSalt()); + } + + @Override + public boolean equals(Object obj) { + if (obj == null) { + return false; + } + if (this == obj) { + return true; + } + if (getClass() != obj.getClass()) { + return false; + } + + BCryptKdfOptions other = (BCryptKdfOptions) obj; + return (getNumRounds() == other.getNumRounds()) + && Arrays.equals(getSalt(), other.getSalt()); + } + + @Override + public String toString() { + return getName() + ": rounds=" + getNumRounds() + ", salt=" + BufferUtils.toHex(':', getSalt()); + } + + public static int getMaxAllowedRounds() { + return MAX_ROUNDS_HOLDER.get(); + } + + public static void setMaxAllowedRounds(int value) { + ValidateUtils.checkTrue(value > 0, "Invalid max. rounds value: %d", value); + MAX_ROUNDS_HOLDER.set(value); + } + + public static class BCryptBadRoundsException extends RuntimeSshException { + private static final long serialVersionUID = 1724985268892193553L; + private final int rounds; + + public BCryptBadRoundsException(int rounds) { + this(rounds, "Bad rounds value: " + rounds); + } + + public BCryptBadRoundsException(int rounds, String message) { + this(rounds, message, null); + } + + public BCryptBadRoundsException(int rounds, String message, Throwable reason) { + super(message, reason); + this.rounds = rounds; + } + + public int getRounds() { + return rounds; + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/kdf/RawKdfOptions.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/kdf/RawKdfOptions.java new file mode 100644 index 0000000..d1c5736 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/kdf/RawKdfOptions.java @@ -0,0 +1,108 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.loader.openssh.kdf; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.NoSuchAlgorithmException; +import java.util.Arrays; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.config.keys.loader.openssh.OpenSSHKdfOptions; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.buffer.BufferUtils; + +/** + * Generic options + * + * @author Apache MINA SSHD Project + */ +public class RawKdfOptions implements OpenSSHKdfOptions { + private String name; + private byte[] options; + + public RawKdfOptions() { + super(); + } + + @Override + public void initialize(String name, byte[] kdfOptions) throws IOException { + setName(name); + setOptions(options); + } + + @Override + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + public byte[] getOptions() { + return NumberUtils.emptyIfNull(options); + } + + public void setOptions(byte[] options) { + this.options = NumberUtils.emptyIfNull(options); + } + + @Override + public boolean isEncrypted() { + return !IS_NONE_KDF.test(getName()); + } + + @Override + public byte[] decodePrivateKeyBytes( + SessionContext session, NamedResource resourceKey, String cipherName, byte[] privateDataBytes, String password) + throws IOException, GeneralSecurityException { + throw new NoSuchAlgorithmException("Unsupported KDF algorithm (" + getName() + ")"); + } + + @Override + public int hashCode() { + return GenericUtils.hashCode(getName(), Boolean.FALSE) + Arrays.hashCode(getOptions()); + } + + @Override + public boolean equals(Object obj) { + if (obj == null) { + return false; + } + if (this == obj) { + return true; + } + if (getClass() != obj.getClass()) { + return false; + } + + RawKdfOptions other = (RawKdfOptions) obj; + return (GenericUtils.safeCompare(getName(), other.getName(), false) == 0) + && Arrays.equals(getOptions(), other.getOptions()); + } + + @Override + public String toString() { + return getName() + ": options=" + BufferUtils.toHex(':', getOptions()); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/pem/AbstractPEMResourceKeyPairParser.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/pem/AbstractPEMResourceKeyPairParser.java new file mode 100644 index 0000000..d659b7b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/pem/AbstractPEMResourceKeyPairParser.java @@ -0,0 +1,227 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.config.keys.loader.pem; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.StreamCorruptedException; +import java.net.ProtocolException; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.security.NoSuchAlgorithmException; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.TreeMap; + +import javax.security.auth.login.CredentialException; +import javax.security.auth.login.FailedLoginException; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.config.keys.FilePasswordProvider.ResourceDecodeResult; +import org.apache.sshd.common.config.keys.loader.AbstractKeyPairResourceParser; +import org.apache.sshd.common.config.keys.loader.KeyPairResourceParser; +import org.apache.sshd.common.config.keys.loader.PrivateKeyEncryptionContext; +import org.apache.sshd.common.config.keys.loader.PrivateKeyObfuscator; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.BufferUtils; + +/** + * Base class for PEM file key-pair loaders + * + * @author Apache MINA SSHD Project + */ +public abstract class AbstractPEMResourceKeyPairParser + extends AbstractKeyPairResourceParser + implements KeyPairPEMResourceParser { + private final String algo; + private final String algId; + + protected AbstractPEMResourceKeyPairParser( + String algo, String algId, List beginners, List enders) { + super(beginners, enders); + this.algo = ValidateUtils.checkNotNullAndNotEmpty(algo, "No encryption algorithm provided"); + this.algId = ValidateUtils.checkNotNullAndNotEmpty(algId, "No algorithm identifier provided"); + } + + @Override + public String getAlgorithm() { + return algo; + } + + @Override + public String getAlgorithmIdentifier() { + return algId; + } + + @Override + public Collection extractKeyPairs( + SessionContext session, NamedResource resourceKey, + String beginMarker, String endMarker, + FilePasswordProvider passwordProvider, + List lines, Map headers) + throws IOException, GeneralSecurityException { + if (GenericUtils.isEmpty(lines)) { + return Collections.emptyList(); + } + + Boolean encrypted = null; + byte[] initVector = null; + String algInfo = null; + int dataStartIndex = -1; + boolean hdrsAvailable = GenericUtils.isNotEmpty(headers); + for (int index = 0; index < lines.size(); index++) { + String line = GenericUtils.trimToEmpty(lines.get(index)); + if (GenericUtils.isEmpty(line)) { + continue; + } + + // check if header line - if not, assume data lines follow + int headerPos = line.indexOf(':'); + if (headerPos < 0) { + dataStartIndex = index; + break; + } + + String hdrName = line.substring(0, headerPos).trim(); + String hdrValue = line.substring(headerPos + 1).trim(); + if (!hdrsAvailable) { + Map accHeaders = GenericUtils.isEmpty(headers) + ? new TreeMap<>(String.CASE_INSENSITIVE_ORDER) + : headers; + accHeaders.put(hdrName, hdrValue); + } + + if (hdrName.equalsIgnoreCase("Proc-Type")) { + if (encrypted != null) { + throw new StreamCorruptedException("Multiple encryption indicators in " + resourceKey); + } + + hdrValue = hdrValue.toUpperCase(); + encrypted = Boolean.valueOf(line.contains("ENCRYPTED")); + } else if (hdrName.equalsIgnoreCase("DEK-Info")) { + if ((initVector != null) || (algInfo != null)) { + throw new StreamCorruptedException("Multiple encryption settings in " + resourceKey); + } + + int infoPos = hdrValue.indexOf(','); + if (infoPos < 0) { + throw new StreamCorruptedException( + resourceKey + ": Missing encryption data values separator in line '" + line + "'"); + } + + algInfo = hdrValue.substring(0, infoPos).trim(); + + String algInitVector = hdrValue.substring(infoPos + 1).trim(); + initVector = BufferUtils.decodeHex(BufferUtils.EMPTY_HEX_SEPARATOR, algInitVector); + } + } + + if (dataStartIndex < 0) { + throw new StreamCorruptedException("No data lines (only headers or empty) found in " + resourceKey); + } + + List dataLines = lines.subList(dataStartIndex, lines.size()); + if ((encrypted != null) || (algInfo != null) || (initVector != null)) { + if (passwordProvider == null) { + throw new CredentialException("Missing password provider for encrypted resource=" + resourceKey); + } + + for (int retryIndex = 0;; retryIndex++) { + String password = passwordProvider.getPassword(session, resourceKey, retryIndex); + Collection keys; + try { + if (GenericUtils.isEmpty(password)) { + throw new FailedLoginException("No password data for encrypted resource=" + resourceKey); + } + + PrivateKeyEncryptionContext encContext = new PrivateKeyEncryptionContext(algInfo); + encContext.setPassword(password); + encContext.setInitVector(initVector); + + byte[] encryptedData = GenericUtils.EMPTY_BYTE_ARRAY; + byte[] decodedData = GenericUtils.EMPTY_BYTE_ARRAY; + try { + encryptedData = KeyPairResourceParser.extractDataBytes(dataLines); + decodedData = applyPrivateKeyCipher(encryptedData, encContext, false); + try (InputStream bais = new ByteArrayInputStream(decodedData)) { + keys = extractKeyPairs(session, resourceKey, beginMarker, endMarker, passwordProvider, bais, + headers); + } + } finally { + Arrays.fill(encryptedData, (byte) 0); // get rid of sensitive data a.s.a.p. + Arrays.fill(decodedData, (byte) 0); // get rid of sensitive data a.s.a.p. + } + } catch (IOException | GeneralSecurityException | RuntimeException e) { + ResourceDecodeResult result + = passwordProvider.handleDecodeAttemptResult(session, resourceKey, retryIndex, password, e); + password = null; // get rid of sensitive data a.s.a.p. + if (result == null) { + result = ResourceDecodeResult.TERMINATE; + } + + switch (result) { + case TERMINATE: + throw e; + case RETRY: + continue; + case IGNORE: + return Collections.emptyList(); + default: + throw new ProtocolException( + "Unsupported decode attempt result (" + result + ") for " + resourceKey); + } + } + + passwordProvider.handleDecodeAttemptResult(session, resourceKey, retryIndex, password, null); + password = null; // get rid of sensitive data a.s.a.p. + return keys; + } + } + + return super.extractKeyPairs(session, resourceKey, beginMarker, endMarker, passwordProvider, dataLines, headers); + } + + protected byte[] applyPrivateKeyCipher( + byte[] bytes, PrivateKeyEncryptionContext encContext, boolean encryptIt) + throws GeneralSecurityException, IOException { + String cipherName = encContext.getCipherName(); + PrivateKeyObfuscator o = encContext.resolvePrivateKeyObfuscator(); + if (o == null) { + throw new NoSuchAlgorithmException( + "decryptPrivateKeyData(" + encContext + ")[encrypt=" + encryptIt + "] unknown cipher: " + cipherName); + } + + if (encryptIt) { + byte[] initVector = encContext.getInitVector(); + if (GenericUtils.isEmpty(initVector)) { + initVector = o.generateInitializationVector(encContext); + encContext.setInitVector(initVector); + } + } + + return o.applyPrivateKeyCipher(bytes, encContext, encryptIt); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/pem/DSSPEMResourceKeyPairParser.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/pem/DSSPEMResourceKeyPairParser.java new file mode 100644 index 0000000..796bf60 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/pem/DSSPEMResourceKeyPairParser.java @@ -0,0 +1,134 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.loader.pem; + +import java.io.IOException; +import java.io.InputStream; +import java.io.StreamCorruptedException; +import java.math.BigInteger; +import java.security.GeneralSecurityException; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.spec.DSAPrivateKeySpec; +import java.security.spec.DSAPublicKeySpec; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Map; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.io.NoCloseInputStream; +import org.apache.sshd.common.util.io.der.ASN1Object; +import org.apache.sshd.common.util.io.der.ASN1Type; +import org.apache.sshd.common.util.io.der.DERParser; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * @author Apache MINA SSHD Project + * @see RFC-3279 section 2.3.2 + */ +public class DSSPEMResourceKeyPairParser extends AbstractPEMResourceKeyPairParser { + // Not exactly according to standard but good enough + public static final String BEGIN_MARKER = "BEGIN DSA PRIVATE KEY"; + public static final List BEGINNERS = Collections.unmodifiableList(Collections.singletonList(BEGIN_MARKER)); + + public static final String END_MARKER = "END DSA PRIVATE KEY"; + public static final List ENDERS = Collections.unmodifiableList(Collections.singletonList(END_MARKER)); + + public static final String DSS_OID = "1.2.840.10040.4.1"; + + public static final DSSPEMResourceKeyPairParser INSTANCE = new DSSPEMResourceKeyPairParser(); + + public DSSPEMResourceKeyPairParser() { + super(KeyUtils.DSS_ALGORITHM, DSS_OID, BEGINNERS, ENDERS); + } + + @Override + public Collection extractKeyPairs( + SessionContext session, NamedResource resourceKey, + String beginMarker, String endMarker, + FilePasswordProvider passwordProvider, + InputStream stream, Map headers) + throws IOException, GeneralSecurityException { + KeyPair kp = decodeDSSKeyPair(SecurityUtils.getKeyFactory(KeyUtils.DSS_ALGORITHM), stream, false); + return Collections.singletonList(kp); + } + + /** + *

    + * The ASN.1 syntax for the private key: + *

    + * + * 
    +     * 
+     * DSAPrivateKey ::= SEQUENCE {
+     *      version Version,
+     *      p       INTEGER,
+     *      q       INTEGER,
+     *      g       INTEGER,
+     *      y       INTEGER,
+     *      x       INTEGER
+     * }
+     * 
+     *
    + * + * @param kf The {@link KeyFactory} To use to generate the keys + * @param s The {@link InputStream} containing the encoded bytes + * @param okToClose true if the method may close the input stream regardless of success + * or failure + * @return The recovered {@link KeyPair} + * @throws IOException If failed to read or decode the bytes + * @throws GeneralSecurityException If failed to generate the keys + */ + public static KeyPair decodeDSSKeyPair(KeyFactory kf, InputStream s, boolean okToClose) + throws IOException, GeneralSecurityException { + ASN1Object sequence; + try (DERParser parser = new DERParser(NoCloseInputStream.resolveInputStream(s, okToClose))) { + sequence = parser.readObject(); + } + + if (!ASN1Type.SEQUENCE.equals(sequence.getObjType())) { + throw new IOException("Invalid DER: not a sequence: " + sequence.getObjType()); + } + + // Parse inside the sequence + try (DERParser parser = sequence.createParser()) { + // Skip version + ASN1Object version = parser.readObject(); + if (version == null) { + throw new StreamCorruptedException("No version"); + } + + BigInteger p = parser.readObject().asInteger(); + BigInteger q = parser.readObject().asInteger(); + BigInteger g = parser.readObject().asInteger(); + BigInteger y = parser.readObject().asInteger(); + BigInteger x = parser.readObject().asInteger(); + PublicKey pubKey = kf.generatePublic(new DSAPublicKeySpec(y, p, q, g)); + PrivateKey prvKey = kf.generatePrivate(new DSAPrivateKeySpec(x, p, q, g)); + return new KeyPair(pubKey, prvKey); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/pem/ECDSAPEMResourceKeyPairParser.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/pem/ECDSAPEMResourceKeyPairParser.java new file mode 100644 index 0000000..08fe839 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/pem/ECDSAPEMResourceKeyPairParser.java @@ -0,0 +1,329 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.loader.pem; + +import java.io.IOException; +import java.io.InputStream; +import java.io.StreamCorruptedException; +import java.math.BigInteger; +import java.security.GeneralSecurityException; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.NoSuchProviderException; +import java.security.interfaces.ECPrivateKey; +import java.security.interfaces.ECPublicKey; +import java.security.spec.ECPoint; +import java.security.spec.ECPrivateKeySpec; +import java.security.spec.ECPublicKeySpec; +import java.util.AbstractMap.SimpleImmutableEntry; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Map; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.cipher.ECCurves; +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.io.NoCloseInputStream; +import org.apache.sshd.common.util.io.der.ASN1Object; +import org.apache.sshd.common.util.io.der.ASN1Type; +import org.apache.sshd.common.util.io.der.DERParser; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * @author Apache MINA SSHD Project + * @see RFC 5915 + */ +public class ECDSAPEMResourceKeyPairParser extends AbstractPEMResourceKeyPairParser { + public static final String BEGIN_MARKER = "BEGIN EC PRIVATE KEY"; + public static final List BEGINNERS = Collections.unmodifiableList(Collections.singletonList(BEGIN_MARKER)); + + public static final String END_MARKER = "END EC PRIVATE KEY"; + public static final List ENDERS = Collections.unmodifiableList(Collections.singletonList(END_MARKER)); + + /** + * @see RFC-3279 section 2.3.5 + */ + public static final String ECDSA_OID = "1.2.840.10045.2.1"; + + public static final ECDSAPEMResourceKeyPairParser INSTANCE = new ECDSAPEMResourceKeyPairParser(); + + public ECDSAPEMResourceKeyPairParser() { + super(KeyUtils.EC_ALGORITHM, ECDSA_OID, BEGINNERS, ENDERS); + } + + @Override + public Collection extractKeyPairs( + SessionContext session, NamedResource resourceKey, + String beginMarker, String endMarker, + FilePasswordProvider passwordProvider, + InputStream stream, Map headers) + throws IOException, GeneralSecurityException { + + KeyPair kp = parseECKeyPair(stream, false); + return Collections.singletonList(kp); + } + + public static KeyPair parseECKeyPair( + InputStream inputStream, boolean okToClose) + throws IOException, GeneralSecurityException { + try (DERParser parser = new DERParser(NoCloseInputStream.resolveInputStream(inputStream, okToClose))) { + return parseECKeyPair(null, parser); + } + } + + /** + * @param curve The {@link ECCurves curve} represented by this data (in case it was optional and + * somehow known externally) if {@code null} then it is assumed to be part of the + * parsed data. then it is assumed to be part of the data. + * @param parser The {@link DERParser} for the data + * @return The parsed {@link KeyPair} + * @throws IOException If failed to parse the data + * @throws GeneralSecurityException If failed to generate the keys + */ + public static KeyPair parseECKeyPair(ECCurves curve, DERParser parser) + throws IOException, GeneralSecurityException { + ASN1Object sequence = parser.readObject(); + Map.Entry spec = decodeECPrivateKeySpec(curve, sequence); + if (!SecurityUtils.isECCSupported()) { + throw new NoSuchProviderException("ECC not supported"); + } + + KeyFactory kf = SecurityUtils.getKeyFactory(KeyUtils.EC_ALGORITHM); + ECPublicKey pubKey = (ECPublicKey) kf.generatePublic(spec.getKey()); + ECPrivateKey prvKey = (ECPrivateKey) kf.generatePrivate(spec.getValue()); + return new KeyPair(pubKey, prvKey); + } + + /** + *

    + * ASN.1 syntax according to RFC 5915 is: + *

    + *
    + * + * 
    +     * 
+     * ECPrivateKey ::= SEQUENCE {
+     *      version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+     *      privateKey     OCTET STRING,
+     *      parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
+     *      publicKey  [1] BIT STRING OPTIONAL
+     * }
+     * 
+     *
    + *

    + * ECParameters syntax according to RFC5480: + *

    + *
    + * + * 
    +     * 
+     * ECParameters ::= CHOICE {
+     *      namedCurve         OBJECT IDENTIFIER
+     *      -- implicitCurve   NULL
+     *      -- specifiedCurve  SpecifiedECDomain
+     * }
+     * 
+     *
    + * + * @param curve The {@link ECCurves curve} represented by this data (in case it was optional and somehow + * known externally) if {@code null} then it is assumed to be part of the parsed data. + * @param sequence The {@link ASN1Object} sequence containing the DER encoded data + * @return The decoded {@link SimpleImmutableEntry} of {@link ECPublicKeySpec} and + * {@link ECPrivateKeySpec} + * @throws IOException If failed to to decode the DER stream + */ + public static Map.Entry decodeECPrivateKeySpec(ECCurves curve, ASN1Object sequence) + throws IOException { + ASN1Type objType = (sequence == null) ? null : sequence.getObjType(); + if (!ASN1Type.SEQUENCE.equals(objType)) { + throw new IOException("Invalid DER: not a sequence: " + objType); + } + + try (DERParser parser = sequence.createParser()) { + Map.Entry result = decodeECPrivateKeySpec(curve, parser); + ECPrivateKeySpec prvSpec = result.getKey(); + ASN1Object publicData = result.getValue(); + ECPoint w = (publicData == null) ? decodeECPublicKeyValue(parser) : decodeECPointData(publicData); + ECPublicKeySpec pubSpec = new ECPublicKeySpec(w, prvSpec.getParams()); + return new SimpleImmutableEntry<>(pubSpec, prvSpec); + } + } + + /* + * According to https://tools.ietf.org/html/rfc5915 - section 3 + * + * ECPrivateKey ::= SEQUENCE { + * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), + * privateKey OCTET STRING, + * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, + * publicKey [1] BIT STRING OPTIONAL + * } + */ + public static Map.Entry decodeECPrivateKeySpec(ECCurves curve, DERParser parser) + throws IOException { + // see openssl asn1parse -inform PEM -in ...file... -dump + ASN1Object versionObject = parser.readObject(); + if (versionObject == null) { + throw new StreamCorruptedException("No version"); + } + + /* + * According to https://tools.ietf.org/html/rfc5915 - section 3 + * + * For this version of the document, it SHALL be set to ecPrivkeyVer1, + * which is of type INTEGER and whose value is one (1) + */ + BigInteger version = versionObject.asInteger(); + if (!BigInteger.ONE.equals(version)) { + throw new StreamCorruptedException("Bad version value: " + version); + } + + ASN1Object keyObject = parser.readObject(); + if (keyObject == null) { + throw new StreamCorruptedException("No private key value"); + } + + ASN1Type objType = keyObject.getObjType(); + if (!ASN1Type.OCTET_STRING.equals(objType)) { + throw new StreamCorruptedException("Non-matching private key object type: " + objType); + } + + /* + * According to https://tools.ietf.org/html/rfc5915 - section 3 + * + * parameters specifies the elliptic curve domain parameters associated to the private key. The type + * ECParameters is discussed in [RFC5480]. As specified in [RFC5480], only the namedCurve CHOICE is permitted. + * namedCurve is an object identifier that fully identifies the required values for a particular set of elliptic + * curve domain parameters. Though the ASN.1 indicates that the parameters field is OPTIONAL, implementations + * that conform to this document MUST always include the parameters field. + */ + Map.Entry result = parseCurveParameter(parser); + ECCurves namedParam = (result == null) ? null : result.getKey(); + if (namedParam == null) { + if (curve == null) { + throw new StreamCorruptedException("Cannot determine curve type"); + } + } else if (curve == null) { + curve = namedParam; + } else if (namedParam != curve) { + throw new StreamCorruptedException("Mismatched provide (" + curve + ") vs. parsed curve (" + namedParam + ")"); + } + + BigInteger s = ECCurves.octetStringToInteger(keyObject.getPureValueBytes()); + ECPrivateKeySpec keySpec = new ECPrivateKeySpec(s, curve.getParameters()); + return new SimpleImmutableEntry<>(keySpec, (result == null) ? null : result.getValue()); + } + + public static Map.Entry parseCurveParameter(DERParser parser) throws IOException { + return parseCurveParameter(parser.readObject()); + } + + public static Map.Entry parseCurveParameter(ASN1Object paramsObject) throws IOException { + if (paramsObject == null) { + return null; + } + + ASN1Type objType = paramsObject.getObjType(); + if (objType == ASN1Type.NULL) { + return null; + } + + List curveOID; + try (DERParser paramsParser = paramsObject.createParser()) { + ASN1Object namedCurve = paramsParser.readObject(); + if (namedCurve == null) { + throw new StreamCorruptedException("Missing named curve parameter"); + } + + /* + * The curve OID is OPTIONAL - if it is not there then the + * public key data replaces it + */ + objType = namedCurve.getObjType(); + if (objType == ASN1Type.BIT_STRING) { + return new SimpleImmutableEntry<>(null, namedCurve); + } + + curveOID = namedCurve.asOID(); + } + + ECCurves curve = ECCurves.fromOIDValue(curveOID); + if (curve == null) { + throw new StreamCorruptedException("Unknown curve OID: " + curveOID); + } + + return new SimpleImmutableEntry<>(curve, null); + } + + /** + *

    + * ASN.1 syntax according to rfc5915 is: + *

    + *
    + * + * 
    +     * 
+     *      publicKey  [1] BIT STRING OPTIONAL
+     * 
+     *
    + * + * @param parser The {@link DERParser} assumed to be positioned at the start of the data + * @return The encoded {@link ECPoint} + * @throws IOException If failed to create the point + */ + public static final ECPoint decodeECPublicKeyValue(DERParser parser) throws IOException { + return decodeECPublicKeyValue(parser.readObject()); + } + + public static final ECPoint decodeECPublicKeyValue(ASN1Object dataObject) throws IOException { + // see openssl asn1parse -inform PEM -in ...file... -dump + if (dataObject == null) { + throw new StreamCorruptedException("No public key data bytes"); + } + + /* + * According to https://tools.ietf.org/html/rfc5915 + * + * Though the ASN.1 indicates publicKey is OPTIONAL, implementations + * that conform to this document SHOULD always include the publicKey field + */ + try (DERParser dataParser = dataObject.createParser()) { + return decodeECPointData(dataParser.readObject()); + } + } + + public static final ECPoint decodeECPointData(ASN1Object pointData) throws IOException { + if (pointData == null) { + throw new StreamCorruptedException("Missing public key data parameter"); + } + + ASN1Type objType = pointData.getObjType(); + if (!ASN1Type.BIT_STRING.equals(objType)) { + throw new StreamCorruptedException("Non-matching public key object type: " + objType); + } + + // see https://tools.ietf.org/html/rfc5480#section-2.2 + byte[] octets = pointData.getValue(); + return ECCurves.octetStringToEcPoint(octets); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/pem/KeyPairPEMResourceParser.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/pem/KeyPairPEMResourceParser.java new file mode 100644 index 0000000..d9457f7 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/pem/KeyPairPEMResourceParser.java @@ -0,0 +1,35 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.loader.pem; + +import org.apache.sshd.common.AlgorithmNameProvider; +import org.apache.sshd.common.config.keys.loader.KeyPairResourceParser; + +/** + * The reported algorithm name refers to the encryption algorithm name - e.g., "RSA", "DSA" + * + * @author Apache MINA SSHD Project + */ +public interface KeyPairPEMResourceParser extends AlgorithmNameProvider, KeyPairResourceParser { + /** + * @return The OID used to identify this algorithm in DER encodings - e.g., RSA=1.2.840.113549.1.1.1 + */ + String getAlgorithmIdentifier(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/pem/PEMResourceParserUtils.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/pem/PEMResourceParserUtils.java new file mode 100644 index 0000000..df7a72f --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/pem/PEMResourceParserUtils.java @@ -0,0 +1,117 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.loader.pem; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.TreeMap; +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.config.keys.loader.KeyPairResourceParser; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * @author Apache MINA SSHD Project + */ +public final class PEMResourceParserUtils { + public static final KeyPairResourceParser PROXY = new KeyPairResourceParser() { + @Override + public Collection loadKeyPairs( + SessionContext session, NamedResource resourceKey, FilePasswordProvider passwordProvider, List lines) + throws IOException, GeneralSecurityException { + @SuppressWarnings("synthetic-access") + KeyPairResourceParser proxy = PROXY_HOLDER.get(); + return (proxy == null) + ? Collections.emptyList() : proxy.loadKeyPairs(session, resourceKey, passwordProvider, lines); + } + + @Override + public boolean canExtractKeyPairs(NamedResource resourceKey, List lines) + throws IOException, GeneralSecurityException { + @SuppressWarnings("synthetic-access") + KeyPairResourceParser proxy = PROXY_HOLDER.get(); + return (proxy != null) && proxy.canExtractKeyPairs(resourceKey, lines); + } + }; + + private static final Map BY_OID_MAP = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + private static final Map BY_ALGORITHM_MAP = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + private static final AtomicReference PROXY_HOLDER + = new AtomicReference<>(KeyPairResourceParser.EMPTY); + + static { + registerPEMResourceParser(RSAPEMResourceKeyPairParser.INSTANCE); + registerPEMResourceParser(DSSPEMResourceKeyPairParser.INSTANCE); + registerPEMResourceParser(ECDSAPEMResourceKeyPairParser.INSTANCE); + registerPEMResourceParser(PKCS8PEMResourceKeyPairParser.INSTANCE); + } + + private PEMResourceParserUtils() { + throw new UnsupportedOperationException("No instance"); + } + + public static void registerPEMResourceParser(KeyPairPEMResourceParser parser) { + Objects.requireNonNull(parser, "No parser to register"); + synchronized (BY_OID_MAP) { + BY_OID_MAP.put(ValidateUtils.checkNotNullAndNotEmpty(parser.getAlgorithmIdentifier(), "No OID value"), parser); + } + + synchronized (BY_ALGORITHM_MAP) { + BY_ALGORITHM_MAP.put(ValidateUtils.checkNotNullAndNotEmpty(parser.getAlgorithm(), "No algorithm value"), parser); + // Use a copy in order to avoid concurrent modifications + PROXY_HOLDER.set(KeyPairResourceParser.aggregate(new ArrayList<>(BY_ALGORITHM_MAP.values()))); + } + } + + public static KeyPairPEMResourceParser getPEMResourceParserByOidValues(Collection oid) { + return getPEMResourceParserByOid(GenericUtils.join(oid, '.')); + } + + public static KeyPairPEMResourceParser getPEMResourceParserByOid(String oid) { + if (GenericUtils.isEmpty(oid)) { + return null; + } + + synchronized (BY_OID_MAP) { + return BY_OID_MAP.get(oid); + } + } + + public static KeyPairPEMResourceParser getPEMResourceParserByAlgorithm(String algorithm) { + if (GenericUtils.isEmpty(algorithm)) { + return null; + } + + synchronized (BY_ALGORITHM_MAP) { + return BY_ALGORITHM_MAP.get(algorithm); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParser.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParser.java new file mode 100644 index 0000000..2ef18aa --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParser.java @@ -0,0 +1,144 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.loader.pem; + +import java.io.IOException; +import java.io.InputStream; +import java.security.GeneralSecurityException; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.spec.PKCS8EncodedKeySpec; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Map; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.cipher.ECCurves; +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.io.IoUtils; +import org.apache.sshd.common.util.io.der.ASN1Object; +import org.apache.sshd.common.util.io.der.ASN1Type; +import org.apache.sshd.common.util.io.der.DERParser; +import org.apache.sshd.common.util.security.SecurityUtils; +import org.apache.sshd.common.util.security.eddsa.Ed25519PEMResourceKeyParser; + +/** + * @author Apache MINA SSHD Project + * @see RFC 5208 + */ +public class PKCS8PEMResourceKeyPairParser extends AbstractPEMResourceKeyPairParser { + // Not exactly according to standard but good enough + public static final String BEGIN_MARKER = "BEGIN PRIVATE KEY"; + public static final List BEGINNERS = Collections.unmodifiableList(Collections.singletonList(BEGIN_MARKER)); + + public static final String END_MARKER = "END PRIVATE KEY"; + public static final List ENDERS = Collections.unmodifiableList(Collections.singletonList(END_MARKER)); + + public static final String PKCS8_FORMAT = "PKCS#8"; + + public static final PKCS8PEMResourceKeyPairParser INSTANCE = new PKCS8PEMResourceKeyPairParser(); + + public PKCS8PEMResourceKeyPairParser() { + super(PKCS8_FORMAT, PKCS8_FORMAT, BEGINNERS, ENDERS); + } + + @Override + public Collection extractKeyPairs( + SessionContext session, NamedResource resourceKey, + String beginMarker, String endMarker, + FilePasswordProvider passwordProvider, + InputStream stream, Map headers) + throws IOException, GeneralSecurityException { + // Save the data before getting the algorithm OID since we will need it + byte[] encBytes = IoUtils.toByteArray(stream); + PKCS8PrivateKeyInfo pkcs8Info = new PKCS8PrivateKeyInfo(encBytes); + return extractKeyPairs( + session, resourceKey, beginMarker, endMarker, + passwordProvider, encBytes, pkcs8Info, headers); + } + + public Collection extractKeyPairs( + SessionContext session, NamedResource resourceKey, + String beginMarker, String endMarker, + FilePasswordProvider passwordProvider, byte[] encBytes, + PKCS8PrivateKeyInfo pkcs8Info, Map headers) + throws IOException, GeneralSecurityException { + List oidAlgorithm = pkcs8Info.getAlgorithmIdentifier(); + String oid = GenericUtils.join(oidAlgorithm, '.'); + KeyPair kp; + if (SecurityUtils.isECCSupported() + && ECDSAPEMResourceKeyPairParser.ECDSA_OID.equals(oid)) { + ASN1Object privateKeyBytes = pkcs8Info.getPrivateKeyBytes(); + ASN1Object extraInfo = pkcs8Info.getAlgorithmParameter(); + ASN1Type objType = (extraInfo == null) ? ASN1Type.NULL : extraInfo.getObjType(); + List oidCurve = (objType == ASN1Type.NULL) ? Collections.emptyList() : extraInfo.asOID(); + ECCurves curve = null; + if (GenericUtils.isNotEmpty(oidCurve)) { + curve = ECCurves.fromOIDValue(oidCurve); + if (curve == null) { + throw new NoSuchAlgorithmException("Cannot match EC curve OID=" + oidCurve); + } + } + + try (DERParser parser = privateKeyBytes.createParser()) { + kp = ECDSAPEMResourceKeyPairParser.parseECKeyPair(curve, parser); + } + } else if (SecurityUtils.isEDDSACurveSupported() + && Ed25519PEMResourceKeyParser.ED25519_OID.endsWith(oid)) { + ASN1Object privateKeyBytes = pkcs8Info.getPrivateKeyBytes(); + kp = Ed25519PEMResourceKeyParser.decodeEd25519KeyPair(privateKeyBytes.getPureValueBytes()); + } else { + PrivateKey prvKey = decodePEMPrivateKeyPKCS8(oidAlgorithm, encBytes); + PublicKey pubKey = ValidateUtils.checkNotNull(KeyUtils.recoverPublicKey(prvKey), + "Failed to recover public key of OID=%s", oidAlgorithm); + kp = new KeyPair(pubKey, prvKey); + } + + return Collections.singletonList(kp); + } + + public static PrivateKey decodePEMPrivateKeyPKCS8(List oidAlgorithm, byte[] keyBytes) + throws GeneralSecurityException { + ValidateUtils.checkNotNullAndNotEmpty(oidAlgorithm, "No PKCS8 algorithm OID"); + return decodePEMPrivateKeyPKCS8(GenericUtils.join(oidAlgorithm, '.'), keyBytes); + } + + public static PrivateKey decodePEMPrivateKeyPKCS8(String oid, byte[] keyBytes) + throws GeneralSecurityException { + KeyPairPEMResourceParser parser = PEMResourceParserUtils.getPEMResourceParserByOid( + ValidateUtils.checkNotNullAndNotEmpty(oid, "No PKCS8 algorithm OID")); + if (parser == null) { + throw new NoSuchAlgorithmException("decodePEMPrivateKeyPKCS8(" + oid + ") unknown algorithm identifier"); + } + + String algorithm = ValidateUtils.checkNotNullAndNotEmpty(parser.getAlgorithm(), "No parser algorithm"); + KeyFactory factory = SecurityUtils.getKeyFactory(algorithm); + PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes); + return factory.generatePrivate(keySpec); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PrivateKeyInfo.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PrivateKeyInfo.java new file mode 100644 index 0000000..b8732b5 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PrivateKeyInfo.java @@ -0,0 +1,200 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.loader.pem; + +import java.io.IOException; +import java.io.StreamCorruptedException; +import java.math.BigInteger; +import java.util.List; + +import org.apache.sshd.common.util.io.der.ASN1Object; +import org.apache.sshd.common.util.io.der.ASN1Type; +import org.apache.sshd.common.util.io.der.DERParser; + +/** + * 
    + * 
+ * PrivateKeyInfo ::= SEQUENCE {
+ *          version Version,
+ *          privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
+ *          privateKey PrivateKey,
+ *          attributes [0] IMPLICIT Attributes OPTIONAL
+ *  }
+ *
+ * Version ::= INTEGER
+ * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
+ * PrivateKey ::= OCTET STRING
+ * Attributes ::= SET OF Attribute
+ * AlgorithmIdentifier ::= SEQUENCE {
+ *      algorithm       OBJECT IDENTIFIER,
+ *      parameters      ANY DEFINED BY algorithm OPTIONAL
+ * }
+ * 
+ *
    + * + * @author Apache MINA SSHD Project + * @see RFC 5208 - section 5 + */ +public class PKCS8PrivateKeyInfo /* TODO Cloneable */ { + private BigInteger version; + private List algorithmIdentifier; + private ASN1Object algorithmParameter; + private ASN1Object privateKeyBytes; + + public PKCS8PrivateKeyInfo() { + super(); + } + + public PKCS8PrivateKeyInfo(byte[] encBytes) throws IOException { + decode(encBytes); + } + + public PKCS8PrivateKeyInfo(DERParser parser) throws IOException { + this(parser.readObject()); + } + + public PKCS8PrivateKeyInfo(ASN1Object privateKeyInfo) throws IOException { + decode(privateKeyInfo); + } + + public BigInteger getVersion() { + return version; + } + + public void setVersion(BigInteger version) { + this.version = version; + } + + public List getAlgorithmIdentifier() { + return algorithmIdentifier; + } + + public void setAlgorithmIdentifier(List algorithmIdentifier) { + this.algorithmIdentifier = algorithmIdentifier; + } + + public ASN1Object getAlgorithmParameter() { + return algorithmParameter; + } + + public void setAlgorithmParameter(ASN1Object algorithmParameter) { + this.algorithmParameter = algorithmParameter; + } + + public ASN1Object getPrivateKeyBytes() { + return privateKeyBytes; + } + + public void setPrivateKeyBytes(ASN1Object privateKeyBytes) { + this.privateKeyBytes = privateKeyBytes; + } + + public void decode(byte[] encBytes) throws IOException { + try (DERParser parser = new DERParser(encBytes)) { + decode(parser); + } + } + + public void decode(DERParser parser) throws IOException { + decode(parser.readObject()); + } + + /** + * Decodes the current information with the data from the provided encoding. Note: User should + * {@link #clear()} the current information before parsing + * + * @param privateKeyInfo The {@link ASN1Object} encoding + * @throws IOException If failed to parse the encoding + */ + public void decode(ASN1Object privateKeyInfo) throws IOException { + /* + * SEQUENCE { + * INTEGER 0x00 (0 decimal) + * SEQUENCE { + * OBJECTIDENTIFIER encryption type + * OBJECTIDENTIFIER extra info - may be NULL + * } + * OCTETSTRING private key + * } + */ + ASN1Type objType = privateKeyInfo.getObjType(); + if (objType != ASN1Type.SEQUENCE) { + throw new StreamCorruptedException("Not a top level sequence: " + objType); + } + + try (DERParser parser = privateKeyInfo.createParser()) { + ASN1Object versionObject = parser.readObject(); + if (versionObject == null) { + throw new StreamCorruptedException("No version"); + } + + setVersion(versionObject.asInteger()); + + ASN1Object privateKeyAlgorithm = parser.readObject(); + if (privateKeyAlgorithm == null) { + throw new StreamCorruptedException("No private key algorithm"); + } + + objType = privateKeyInfo.getObjType(); + if (objType != ASN1Type.SEQUENCE) { + throw new StreamCorruptedException("Not an algorithm parameters sequence: " + objType); + } + + try (DERParser oidParser = privateKeyAlgorithm.createParser()) { + ASN1Object oid = oidParser.readObject(); + setAlgorithmIdentifier(oid.asOID()); + + // Extra information is OPTIONAL + ASN1Object extraInfo = oidParser.readObject(); + objType = (extraInfo == null) ? ASN1Type.NULL : extraInfo.getObjType(); + if (objType != ASN1Type.NULL) { + setAlgorithmParameter(extraInfo); + } + } + + ASN1Object privateKeyData = parser.readObject(); + if (privateKeyData == null) { + throw new StreamCorruptedException("No private key data"); + } + + objType = privateKeyData.getObjType(); + if (objType != ASN1Type.OCTET_STRING) { + throw new StreamCorruptedException("Private key data not an " + ASN1Type.OCTET_STRING + ": " + objType); + } + + setPrivateKeyBytes(privateKeyData); + // TODO add implicit attributes parsing + } + } + + public void clear() { + setVersion(null); + setAlgorithmIdentifier(null); + setPrivateKeyBytes(null); + } + + @Override + public String toString() { + return getClass().getSimpleName() + + "[version=" + getVersion() + + ", algorithmIdentifier=" + getAlgorithmIdentifier() + + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/pem/RSAPEMResourceKeyPairParser.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/pem/RSAPEMResourceKeyPairParser.java new file mode 100644 index 0000000..161a0ac --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/pem/RSAPEMResourceKeyPairParser.java @@ -0,0 +1,150 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.loader.pem; + +import java.io.IOException; +import java.io.InputStream; +import java.io.StreamCorruptedException; +import java.math.BigInteger; +import java.security.GeneralSecurityException; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.spec.RSAPrivateCrtKeySpec; +import java.security.spec.RSAPrivateKeySpec; +import java.security.spec.RSAPublicKeySpec; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Map; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.io.NoCloseInputStream; +import org.apache.sshd.common.util.io.der.ASN1Object; +import org.apache.sshd.common.util.io.der.ASN1Type; +import org.apache.sshd.common.util.io.der.DERParser; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * @author Apache MINA SSHD Project + * @see RFC-3279 section 2.3.1 + */ +public class RSAPEMResourceKeyPairParser extends AbstractPEMResourceKeyPairParser { + // Not exactly according to standard but good enough + public static final String BEGIN_MARKER = "BEGIN RSA PRIVATE KEY"; + public static final List BEGINNERS = Collections.unmodifiableList(Collections.singletonList(BEGIN_MARKER)); + + public static final String END_MARKER = "END RSA PRIVATE KEY"; + public static final List ENDERS = Collections.unmodifiableList(Collections.singletonList(END_MARKER)); + + public static final String RSA_OID = "1.2.840.113549.1.1.1"; + + public static final RSAPEMResourceKeyPairParser INSTANCE = new RSAPEMResourceKeyPairParser(); + + public RSAPEMResourceKeyPairParser() { + super(KeyUtils.RSA_ALGORITHM, RSA_OID, BEGINNERS, ENDERS); + } + + @Override + public Collection extractKeyPairs( + SessionContext session, NamedResource resourceKey, + String beginMarker, String endMarker, + FilePasswordProvider passwordProvider, + InputStream stream, Map headers) + throws IOException, GeneralSecurityException { + KeyPair kp = decodeRSAKeyPair(SecurityUtils.getKeyFactory(KeyUtils.RSA_ALGORITHM), stream, false); + return Collections.singletonList(kp); + } + + /** + *

    + * The ASN.1 syntax for the private key as per RFC-3447 section A.1.2: + *

    + * + * 
    +     * 
+     * RSAPrivateKey ::= SEQUENCE {
+     *   version           Version,
+     *   modulus           INTEGER,  -- n
+     *   publicExponent    INTEGER,  -- e
+     *   privateExponent   INTEGER,  -- d
+     *   prime1            INTEGER,  -- p
+     *   prime2            INTEGER,  -- q
+     *   exponent1         INTEGER,  -- d mod (p-1)
+     *   exponent2         INTEGER,  -- d mod (q-1)
+     *   coefficient       INTEGER,  -- (inverse of q) mod p
+     *   otherPrimeInfos   OtherPrimeInfos OPTIONAL
+     * }
+     * 
+     *
    + * + * @param kf The {@link KeyFactory} To use to generate the keys + * @param s The {@link InputStream} containing the encoded bytes + * @param okToClose true if the method may close the input stream regardless of success + * or failure + * @return The recovered {@link KeyPair} + * @throws IOException If failed to read or decode the bytes + * @throws GeneralSecurityException If failed to generate the keys + */ + public static KeyPair decodeRSAKeyPair(KeyFactory kf, InputStream s, boolean okToClose) + throws IOException, GeneralSecurityException { + ASN1Object sequence; + try (DERParser parser = new DERParser(NoCloseInputStream.resolveInputStream(s, okToClose))) { + sequence = parser.readObject(); + } + + if (!ASN1Type.SEQUENCE.equals(sequence.getObjType())) { + throw new IOException("Invalid DER: not a sequence: " + sequence.getObjType()); + } + + try (DERParser parser = sequence.createParser()) { + // Skip version + ASN1Object versionObject = parser.readObject(); + if (versionObject == null) { + throw new StreamCorruptedException("No version"); + } + + // as per RFC-3447 section A.1.2 + BigInteger version = versionObject.asInteger(); + if (!BigInteger.ZERO.equals(version)) { + throw new StreamCorruptedException("Multi-primes N/A"); + } + + BigInteger modulus = parser.readObject().asInteger(); + BigInteger publicExp = parser.readObject().asInteger(); + PublicKey pubKey = kf.generatePublic(new RSAPublicKeySpec(modulus, publicExp)); + + BigInteger privateExp = parser.readObject().asInteger(); + BigInteger primeP = parser.readObject().asInteger(); + BigInteger primeQ = parser.readObject().asInteger(); + BigInteger primeExponentP = parser.readObject().asInteger(); + BigInteger primeExponentQ = parser.readObject().asInteger(); + BigInteger crtCoef = parser.readObject().asInteger(); + RSAPrivateKeySpec prvSpec = new RSAPrivateCrtKeySpec( + modulus, publicExp, privateExp, primeP, primeQ, primeExponentP, primeExponentQ, crtCoef); + PrivateKey prvKey = kf.generatePrivate(prvSpec); + return new KeyPair(pubKey, prvKey); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/ssh2/Ssh2PublicKeyEntryDecoder.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/ssh2/Ssh2PublicKeyEntryDecoder.java new file mode 100644 index 0000000..2458b7b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/loader/ssh2/Ssh2PublicKeyEntryDecoder.java @@ -0,0 +1,226 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.loader.ssh2; + +import java.io.IOException; +import java.io.InputStream; +import java.io.StreamCorruptedException; +import java.security.GeneralSecurityException; +import java.security.PublicKey; +import java.security.spec.InvalidKeySpecException; +import java.util.AbstractMap.SimpleImmutableEntry; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.NavigableSet; +import java.util.TreeMap; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.config.keys.KeyEntryResolver; +import org.apache.sshd.common.config.keys.KeyTypeNamesSupport; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.config.keys.PublicKeyEntryDecoder; +import org.apache.sshd.common.config.keys.PublicKeyEntryResolver; +import org.apache.sshd.common.config.keys.PublicKeyRawDataDecoder; +import org.apache.sshd.common.config.keys.PublicKeyRawDataReader; +import org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader; +import org.apache.sshd.common.config.keys.loader.KeyPairResourceParser; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * Decodes a public key file encoded according to The Secure Shell (SSH) + * Public Key File Format + * + * @author Apache MINA SSHD Project + */ +public class Ssh2PublicKeyEntryDecoder + implements PublicKeyRawDataDecoder, PublicKeyEntryResolver, + PublicKeyRawDataReader, KeyTypeNamesSupport { + public static final NavigableSet SUPPORTED_KEY_TYPES = Collections.unmodifiableNavigableSet( + GenericUtils.asSortedSet(String.CASE_INSENSITIVE_ORDER, + KeyPairProvider.SSH_RSA, KeyPairProvider.SSH_DSS, KeyPairProvider.SSH_ED25519, + KeyPairProvider.ECDSA_SHA2_NISTP256, KeyPairProvider.ECDSA_SHA2_NISTP384, + KeyPairProvider.ECDSA_SHA2_NISTP521)); + + public static final String BEGIN_MARKER = "BEGIN SSH2 PUBLIC KEY"; + public static final List START_MARKERS = Collections.singletonList(BEGIN_MARKER); + + public static final String END_MARKER = "END SSH2 PUBLIC KEY"; + public static final List STOP_MARKERS = Collections.singletonList(END_MARKER); + + /** + * According to RFC-4716 section 3.3: + * + *

    + * + * A line is continued if the last character in the line is a "\". If + * the last character of a line is a "\", then the logical contents of + * the line are formed by removing the "\" and the line termination + * characters, and appending the contents of the next line. + * + *

    + */ + public static final char HEADER_CONTINUATION_INDICATOR = '\\'; + + public static final Ssh2PublicKeyEntryDecoder INSTANCE = new Ssh2PublicKeyEntryDecoder(); + + public Ssh2PublicKeyEntryDecoder() { + super(); + } + + @Override + public NavigableSet getSupportedKeyTypes() { + return SUPPORTED_KEY_TYPES; + } + + @Override + public PublicKey resolve( + SessionContext session, String keyType, byte[] keyData, Map headers) + throws IOException, GeneralSecurityException { + ValidateUtils.checkNotNullAndNotEmpty(keyType, "No key type provided"); + Collection supported = getSupportedKeyTypes(); + if ((GenericUtils.size(supported) > 0) && supported.contains(keyType)) { + return decodePublicKey(session, keyType, keyData, headers); + } + + throw new InvalidKeySpecException("resolve(" + keyType + ") not in listed supported types: " + supported); + } + + @Override + public PublicKey decodePublicKey( + SessionContext session, String keyType, InputStream keyData, Map headers) + throws IOException, GeneralSecurityException { + return decodePublicKeyByType(session, keyType, keyData, headers); + } + + @Override + public PublicKey decodePublicKeyByType( + SessionContext session, String keyType, InputStream keyData, Map headers) + throws IOException, GeneralSecurityException { + PublicKeyEntryDecoder decoder = KeyUtils.getPublicKeyEntryDecoder(keyType); + if (decoder == null) { + throw new InvalidKeySpecException("No decoder for key type=" + keyType); + } + + return decoder.decodePublicKeyByType(session, keyType, keyData, headers); + } + + @Override + public PublicKey readPublicKey(SessionContext session, NamedResource resourceKey, List lines) + throws IOException, GeneralSecurityException { + Map.Entry markerPos = KeyPairResourceParser.findMarkerLine(lines, START_MARKERS); + if (markerPos == null) { + return null; // be lenient + } + + int startIndex = markerPos.getKey(); + String startLine = lines.get(startIndex); + startIndex++; // skip the starting marker + + markerPos = KeyPairResourceParser.findMarkerLine(lines, startIndex, STOP_MARKERS); + if (markerPos == null) { + throw new StreamCorruptedException("Missing end marker (" + END_MARKER + ") after line #" + startIndex); + } + + int endIndex = markerPos.getKey(); + String endLine = lines.get(endIndex); + Map.Entry, ? extends List> result = separateDataLinesFromHeaders( + session, resourceKey, startLine, endLine, lines.subList(startIndex, endIndex)); + Map headers = result.getKey(); + List dataLines = result.getValue(); + return readPublicKey(session, resourceKey, BEGIN_MARKER, END_MARKER, + (dataLines == null) ? Collections.emptyList() : dataLines, + (headers == null) ? Collections.emptyMap() : headers); + } + + public PublicKey readPublicKey( + SessionContext session, NamedResource resourceKey, + String beginMarker, String endMarker, + List lines, Map headers) + throws IOException, GeneralSecurityException { + byte[] dataBytes = KeyPairResourceParser.extractDataBytes(lines); + try { + return readPublicKey(session, resourceKey, beginMarker, endMarker, dataBytes, headers); + } finally { + Arrays.fill(dataBytes, (byte) 0); // clean up sensitive data a.s.a.p. + } + } + + public PublicKey readPublicKey( + SessionContext session, NamedResource resourceKey, + String beginMarker, String endMarker, + byte[] dataBytes, Map headers) + throws IOException, GeneralSecurityException { + Map.Entry result + = KeyEntryResolver.decodeString(dataBytes, KeyPairResourceLoader.MAX_KEY_TYPE_NAME_LENGTH); + String keyType = result.getKey(); + return resolve(session, keyType, dataBytes, headers); + } + + protected Map.Entry, List> separateDataLinesFromHeaders( + SessionContext session, NamedResource resourceKey, String startLine, String endLine, List lines) + throws IOException, GeneralSecurityException { + // According to RFC-4716: The Header-tag is case-insensitive + Map headers = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + int len = lines.size(); + for (int index = 0; index < len; index++) { + String l = lines.get(index); + l = l.trim(); + if (l.isEmpty()) { + continue; + } + + int pos = l.indexOf(':'); + // assume all the rest are data lines + if (pos < 0) { + return new SimpleImmutableEntry<>(headers, lines.subList(index, len)); + } + + String name = l.substring(0, pos).trim(); + String value = l.substring(pos + 1).trim(); + int vLen = value.length(); + if (value.charAt(vLen - 1) == HEADER_CONTINUATION_INDICATOR) { + value = value.substring(0, vLen - 1); + for (index++ /* skip current line */; index < len; index++) { + l = lines.get(index); + vLen = l.length(); + + if (l.charAt(vLen - 1) == HEADER_CONTINUATION_INDICATOR) { + value += l.substring(0, vLen - 1); + continue; // still continuation + } + + value += l; + break; // no more continuations + } + } + + headers.put(name, value.trim()); + } + + throw new StreamCorruptedException( + "No viable data lines found in " + resourceKey.getName() + " after " + startLine); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/writer/KeyPairResourceWriter.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/writer/KeyPairResourceWriter.java new file mode 100644 index 0000000..9201aea --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/writer/KeyPairResourceWriter.java @@ -0,0 +1,84 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.writer; + +import java.io.IOException; +import java.io.OutputStream; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.security.PublicKey; + +import org.apache.sshd.common.config.keys.loader.PrivateKeyEncryptionContext; + +/** + * A {@code KeyPairResourceWriter} can serialize keys to an external representation. + * + * @param The type of {@link PrivateKeyEncryptionContext} to use with this {@code KeyPairResourceWriter}. + */ +public interface KeyPairResourceWriter { + /** + * Writes a serialization of a private key from a given {@link KeyPair} to a given {@link OutputStream}. + * + * @param key to write the private key of + * @param comment to write with the private key + * @param options for writing the key; may be {@code null} if no encryption is wanted. The caller + * is responsible for clearing the options when no longer needed. If the passphrase + * obtained from the context is {@code null} or an empty/blank string (length zero + * or containing only whitespace), the key is written unencrypted. + * @param out The {@link OutputStream} to write to - recommend using a + * {@code SecureByteArrayOutputStream} in order to reduce sensitive data exposure + * in memory + * @throws GeneralSecurityException if the key is inconsistent or unknown, or the encryption specified cannot be + * applied + * @throws IOException if the key cannot be written + */ + void writePrivateKey(KeyPair key, String comment, OPTIONS options, OutputStream out) + throws IOException, GeneralSecurityException; + + /** + * Writes a serialization of a public key from a given {@link KeyPair} to a given {@link OutputStream}. + * + * @param key to write the public key of + * @param comment to write with the public key + * @param out The {@link OutputStream} to write to - recommend using a + * {@code SecureByteArrayOutputStream} in order to reduce sensitive data exposure + * in memory + * @throws GeneralSecurityException if the key is unknown + * @throws IOException if the key cannot be written + */ + default void writePublicKey(KeyPair key, String comment, OutputStream out) + throws IOException, GeneralSecurityException { + writePublicKey(key.getPublic(), comment, out); + } + + /** + * Writes a serialization of a {@link PublicKey} to a given {@link OutputStream}. + * + * @param key to write + * @param comment to write with the key + * @param out The {@link OutputStream} to write to - recommend using a + * {@code SecureByteArrayOutputStream} in order to reduce sensitive data exposure + * in memory + * @throws GeneralSecurityException if the key is unknown + * @throws IOException if the key cannot be written + */ + void writePublicKey(PublicKey key, String comment, OutputStream out) + throws IOException, GeneralSecurityException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/writer/openssh/OpenSSHKeyEncryptionContext.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/writer/openssh/OpenSSHKeyEncryptionContext.java new file mode 100644 index 0000000..477211a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/writer/openssh/OpenSSHKeyEncryptionContext.java @@ -0,0 +1,76 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.writer.openssh; + +import org.apache.sshd.common.config.keys.loader.PrivateKeyEncryptionContext; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * A {@link PrivateKeyEncryptionContext} for use with a {@link OpenSSHKeyPairResourceWriter}. + */ +public class OpenSSHKeyEncryptionContext extends PrivateKeyEncryptionContext { + + /** Default number of bcrypt KDF rounds to apply. */ + public static final int DEFAULT_KDF_ROUNDS = 16; + + public static final String AES = "AES"; + + private int kdfRounds = DEFAULT_KDF_ROUNDS; + + public OpenSSHKeyEncryptionContext() { + setCipherMode("CTR"); // Set default to CTR, as in OpenSSH + } + + @Override + public String getCipherName() { + return AES; + } + + @Override + public void setCipherName(String value) { + ValidateUtils.checkTrue((value != null) && value.equalsIgnoreCase(AES), + "OpenSSHKeyEncryptionContext works only with AES encryption"); + } + + /** + * Retrieves the number of KDF rounds to apply. + * + * @return the default number of KDF rounds, >= {@link #DEFAULT_KDF_ROUNDS} + */ + public int getKdfRounds() { + return kdfRounds; + } + + /** + * Sets the number of KDF rounds to apply. If smaller than the {@link #DEFAULT_KDF_ROUNDS}, set that default. + * + * @param rounds number of rounds to apply + */ + public void setKdfRounds(int rounds) { + this.kdfRounds = Math.max(DEFAULT_KDF_ROUNDS, rounds); + } + + /** + * @return the cipher's factory name. + */ + protected String getCipherFactoryName() { + return getCipherName().toLowerCase() + getCipherType() + '-' + getCipherMode().toLowerCase(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/config/keys/writer/openssh/OpenSSHKeyPairResourceWriter.java b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/writer/openssh/OpenSSHKeyPairResourceWriter.java new file mode 100644 index 0000000..dd91e85 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/config/keys/writer/openssh/OpenSSHKeyPairResourceWriter.java @@ -0,0 +1,329 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config.keys.writer.openssh; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.OutputStream; +import java.nio.ByteBuffer; +import java.nio.CharBuffer; +import java.nio.charset.StandardCharsets; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.SecureRandom; +import java.util.Arrays; +import java.util.Base64; +import java.util.Objects; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import org.apache.sshd.common.cipher.BuiltinCiphers; +import org.apache.sshd.common.cipher.CipherInformation; +import org.apache.sshd.common.config.keys.KeyEntryResolver; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.config.keys.PrivateKeyEntryDecoder; +import org.apache.sshd.common.config.keys.PublicKeyEntry; +import org.apache.sshd.common.config.keys.PublicKeyEntryDecoder; +import org.apache.sshd.common.config.keys.loader.AESPrivateKeyObfuscator; +import org.apache.sshd.common.config.keys.loader.PrivateKeyEncryptionContext; +import org.apache.sshd.common.config.keys.loader.openssh.OpenSSHKeyPairResourceParser; +import org.apache.sshd.common.config.keys.loader.openssh.OpenSSHParserContext; +import org.apache.sshd.common.config.keys.loader.openssh.kdf.BCrypt; +import org.apache.sshd.common.config.keys.loader.openssh.kdf.BCryptKdfOptions; +import org.apache.sshd.common.config.keys.writer.KeyPairResourceWriter; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.io.SecureByteArrayOutputStream; + +/** + * A {@link KeyPairResourceWriter} for writing keys in the modern OpenSSH format, using the OpenBSD bcrypt KDF for + * passphrase-protected encrypted private keys. + */ +public class OpenSSHKeyPairResourceWriter implements KeyPairResourceWriter { + + public static final String DASHES = "-----"; //$NON-NLS-1$ + + public static final int LINE_LENGTH = 70; + + public static final OpenSSHKeyPairResourceWriter INSTANCE = new OpenSSHKeyPairResourceWriter(); + + private static final Pattern VERTICALSPACE = Pattern.compile("\\v"); //$NON-NLS-1$ + + public OpenSSHKeyPairResourceWriter() { + super(); + } + + @Override + public void writePrivateKey(KeyPair key, String comment, OpenSSHKeyEncryptionContext options, OutputStream out) + throws IOException, GeneralSecurityException { + Objects.requireNonNull(key, "Cannot write null key"); + String keyType = KeyUtils.getKeyType(key); + if (GenericUtils.isEmpty(keyType)) { + throw new GeneralSecurityException("Unsupported key: " + key.getClass().getName()); + } + OpenSSHKeyEncryptionContext opt = determineEncryption(options); + // See https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key + write(out, DASHES + OpenSSHKeyPairResourceParser.BEGIN_MARKER + DASHES); // $NON-NLS-1$ + // OpenSSH expects a single \n here, not a system line terminator! + out.write('\n'); + String cipherName = OpenSSHParserContext.NONE_CIPHER; + int blockSize = 8; // OpenSSH "none" cipher has block size 8 + if (opt != null) { + cipherName = opt.getCipherFactoryName(); + CipherInformation spec = BuiltinCiphers.fromFactoryName(cipherName); + if (spec == null) { + // Internal error, no translation + throw new IllegalArgumentException("Unsupported cipher " + cipherName); //$NON-NLS-1$ + } + blockSize = spec.getCipherBlockSize(); + } + byte[] privateBytes = encodePrivateKey(key, keyType, blockSize, comment); + String kdfName = OpenSSHParserContext.NONE_CIPHER; + byte[] kdfOptions = GenericUtils.EMPTY_BYTE_ARRAY; + try (SecureByteArrayOutputStream bytes = new SecureByteArrayOutputStream()) { + write(bytes, OpenSSHKeyPairResourceParser.AUTH_MAGIC); + bytes.write(0); + if (opt != null) { + KeyEncryptor encryptor = new KeyEncryptor(opt); + opt.setPrivateKeyObfuscator(encryptor); + + byte[] encodedBytes = encryptor.applyPrivateKeyCipher(privateBytes, opt, true); + Arrays.fill(privateBytes, (byte) 0); + privateBytes = encodedBytes; + kdfName = BCryptKdfOptions.NAME; + kdfOptions = encryptor.getKdfOptions(); + } + KeyEntryResolver.encodeString(bytes, cipherName); + KeyEntryResolver.encodeString(bytes, kdfName); + KeyEntryResolver.writeRLEBytes(bytes, kdfOptions); + KeyEntryResolver.encodeInt(bytes, 1); // 1 key only. + KeyEntryResolver.writeRLEBytes(bytes, encodePublicKey(key.getPublic(), keyType)); + KeyEntryResolver.writeRLEBytes(bytes, privateBytes); + write(out, bytes.toByteArray(), LINE_LENGTH); + } finally { + Arrays.fill(privateBytes, (byte) 0); + } + write(out, DASHES + OpenSSHKeyPairResourceParser.END_MARKER + DASHES); // $NON-NLS-1$ + out.write('\n'); + } + + public static OpenSSHKeyEncryptionContext determineEncryption(OpenSSHKeyEncryptionContext options) { + CharSequence password = (options == null) ? null : options.getPassword(); + if (GenericUtils.isEmpty(password)) { + return null; + } + + for (int pos = 0, len = password.length(); pos < len; pos++) { + char ch = password.charAt(pos); + if (!Character.isWhitespace(ch)) { + return options; + } + } + + return null; + } + + public static byte[] encodePrivateKey(KeyPair key, String keyType, int blockSize, String comment) + throws IOException, GeneralSecurityException { + try (SecureByteArrayOutputStream out = new SecureByteArrayOutputStream()) { + int check = new SecureRandom().nextInt(); + KeyEntryResolver.encodeInt(out, check); + KeyEntryResolver.encodeInt(out, check); + KeyEntryResolver.encodeString(out, keyType); + @SuppressWarnings("unchecked") // Problem with generics + PrivateKeyEntryDecoder encoder + = (PrivateKeyEntryDecoder) OpenSSHKeyPairResourceParser + .getPrivateKeyEntryDecoder(keyType); + if (encoder.encodePrivateKey(out, key.getPrivate(), key.getPublic()) == null) { + throw new GeneralSecurityException("Cannot encode key of type " + keyType); + } + KeyEntryResolver.encodeString(out, comment == null ? "" : comment); //$NON-NLS-1$ + if (blockSize > 1) { + // Padding + int size = out.size(); + int extra = size % blockSize; + if (extra != 0) { + for (int i = 1; i <= blockSize - extra; i++) { + out.write(i & 0xFF); + } + } + } + return out.toByteArray(); + } + } + + public static byte[] encodePublicKey(PublicKey key, String keyType) + throws IOException, GeneralSecurityException { + @SuppressWarnings("unchecked") // Problem with generics. + PublicKeyEntryDecoder decoder + = (PublicKeyEntryDecoder) KeyUtils.getPublicKeyEntryDecoder(keyType); + if (decoder == null) { + throw new GeneralSecurityException("Unknown key type: " + keyType); + } + try (ByteArrayOutputStream out = new ByteArrayOutputStream()) { + decoder.encodePublicKey(out, key); + return out.toByteArray(); + } + } + + public static void write(OutputStream out, byte[] bytes, int lineLength) throws IOException { + byte[] encoded = Base64.getEncoder().encode(bytes); + Arrays.fill(bytes, (byte) 0); + try { + int last = encoded.length; + for (int i = 0; i < last; i += lineLength) { + if ((i + lineLength) <= last) { + out.write(encoded, i, lineLength); + } else { + out.write(encoded, i, last - i); + } + out.write('\n'); + } + } finally { + Arrays.fill(encoded, (byte) 0); + } + } + + /** + * {@inheritDoc} + * + * Writes the public key in the single-line OpenSSH format "key-type pub-key comment" without terminating line + * ending. If the comment has multiple lines, only the first line is written. + */ + @Override + public void writePublicKey(PublicKey key, String comment, OutputStream out) + throws IOException, GeneralSecurityException { + StringBuilder b = new StringBuilder(82); + PublicKeyEntry.appendPublicKeyEntry(b, key); + // Append first line of comment - if available + String line = firstLine(comment); + if (GenericUtils.isNotEmpty(line)) { + b.append(' ').append(line); + } + write(out, b.toString()); + } + + public static String firstLine(String text) { + if (GenericUtils.isNotEmpty(text)) { + Matcher m = VERTICALSPACE.matcher(text); + if (m.find()) { + return text.substring(0, m.start()).trim(); + } + } + + return text; + } + + public static void write(OutputStream out, String s) throws IOException { + out.write(s.getBytes(StandardCharsets.UTF_8)); + } + + /** + * A key encryptor for modern-style OpenSSH private keys using the bcrypt KDF. + */ + public static class KeyEncryptor extends AESPrivateKeyObfuscator { + public static final int BCRYPT_SALT_LENGTH = 16; + + protected final OpenSSHKeyEncryptionContext options; + + private byte[] kdfOptions; + + public KeyEncryptor(OpenSSHKeyEncryptionContext options) { + this.options = Objects.requireNonNull(options); + } + + /** + * Retrieves the KDF options used. Valid only after + * {@link #deriveEncryptionKey(PrivateKeyEncryptionContext, int)} has been called. + * + * @return the number of KDF rounds applied + */ + public byte[] getKdfOptions() { + return kdfOptions; + } + + /** + * Derives an encryption key and set the IV on the {@code context} from the passphase provided by the context + * using the OpenBSD {@link BCrypt} KDF. + * + * @param context for the encryption, provides the passphrase and transports other encryption-related + * information including the IV + * @param keyLength number of key bytes to generate + * @return {@code keyLength} bytes to use as encryption key + */ + @Override + protected byte[] deriveEncryptionKey(PrivateKeyEncryptionContext context, int keyLength) + throws IOException, GeneralSecurityException { + byte[] iv = context.getInitVector(); + if (iv == null) { + iv = generateInitializationVector(context); + } + + byte[] salt = new byte[BCRYPT_SALT_LENGTH]; + SecureRandom random = new SecureRandom(); + random.nextBytes(salt); + + byte[] kdfOutput = new byte[keyLength + iv.length]; + BCrypt bcrypt = new BCrypt(); + // "kdf" collects the salt and number of rounds; not sensitive data. + try (ByteArrayOutputStream kdf = new ByteArrayOutputStream()) { + int rounds = options.getKdfRounds(); + byte[] pwd = convert(options.getPassword()); + try { + bcrypt.pbkdf(pwd, salt, rounds, kdfOutput); + } finally { + if (pwd != null) { + Arrays.fill(pwd, (byte) 0); + } + } + + KeyEntryResolver.writeRLEBytes(kdf, salt); + KeyEntryResolver.encodeInt(kdf, rounds); + kdfOptions = kdf.toByteArray(); + context.setInitVector(Arrays.copyOfRange(kdfOutput, keyLength, kdfOutput.length)); + return Arrays.copyOf(kdfOutput, keyLength); + } finally { + Arrays.fill(kdfOutput, (byte) 0); // Contains the IV at the end + } + } + + protected byte[] convert(String password) { + if (GenericUtils.isEmpty(password)) { + return GenericUtils.EMPTY_BYTE_ARRAY; + } + + char[] pass = password.toCharArray(); + ByteBuffer bytes; + try { + bytes = StandardCharsets.UTF_8.encode(CharBuffer.wrap(pass)); + } finally { + Arrays.fill(pass, '\0'); + } + + byte[] pwd = new byte[bytes.remaining()]; + bytes.get(pwd); + if (bytes.hasArray()) { + Arrays.fill(bytes.array(), (byte) 0); + } + return pwd; + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/digest/BaseDigest.java b/files-sftp/src/main/java/org/apache/sshd/common/digest/BaseDigest.java new file mode 100644 index 0000000..12b9d45 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/digest/BaseDigest.java @@ -0,0 +1,155 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.digest; + +import java.security.MessageDigest; +import java.util.Objects; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * Base class for Digest algorithms based on the JCE provider. + * + * @author Apache MINA SSHD Project + */ +public class BaseDigest implements Digest { + + private final String algorithm; + private final int bsize; + private int h; + private String s; + private MessageDigest md; + + /** + * Create a new digest using the given algorithm and block size. The initialization and creation of the underlying + * {@link MessageDigest} object will be done in the {@link #init()} method. + * + * @param algorithm the JCE algorithm to use for this digest + * @param bsize the block size of this digest + */ + public BaseDigest(String algorithm, int bsize) { + this.algorithm = ValidateUtils.checkNotNullAndNotEmpty(algorithm, "No algorithm"); + ValidateUtils.checkTrue(bsize > 0, "Invalid block size: %d", bsize); + this.bsize = bsize; + } + + @Override + public final String getAlgorithm() { + return algorithm; + } + + @Override + public int getBlockSize() { + return bsize; + } + + @Override + public void init() throws Exception { + this.md = SecurityUtils.getMessageDigest(getAlgorithm()); + } + + @Override + public void update(byte[] data) throws Exception { + update(data, 0, NumberUtils.length(data)); + } + + @Override + public void update(byte[] data, int start, int len) throws Exception { + Objects.requireNonNull(md, "Digest not initialized").update(data, start, len); + } + + /** + * @return The current {@link MessageDigest} - may be {@code null} if {@link #init()} not called + */ + protected MessageDigest getMessageDigest() { + return md; + } + + @Override + public byte[] digest() throws Exception { + return Objects.requireNonNull(md, "Digest not initialized").digest(); + } + + @Override + public int hashCode() { + synchronized (this) { + if (h == 0) { + h = Objects.hashCode(getAlgorithm()) + getBlockSize(); + if (h == 0) { + h = 1; + } + } + } + + return h; + } + + @Override + public int compareTo(Digest that) { + if (that == null) { + return -1; // push null(s) to end + } else if (this == that) { + return 0; + } + + String thisAlg = getAlgorithm(); + String thatAlg = that.getAlgorithm(); + int nRes = GenericUtils.safeCompare(thisAlg, thatAlg, false); + if (nRes != 0) { + return nRes; // debug breakpoint + } + + nRes = Integer.compare(this.getBlockSize(), that.getBlockSize()); + if (nRes != 0) { + return nRes; // debug breakpoint + } + + return 0; + } + + @Override + public boolean equals(Object obj) { + if (obj == null) { + return false; + } + if (obj == this) { + return true; + } + if (getClass() != obj.getClass()) { + return false; + } + + int nRes = compareTo((Digest) obj); + return nRes == 0; + } + + @Override + public String toString() { + synchronized (this) { + if (s == null) { + s = getClass().getSimpleName() + "[" + getAlgorithm() + ":" + getBlockSize() + "]"; + } + } + + return s; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/digest/BuiltinDigests.java b/files-sftp/src/main/java/org/apache/sshd/common/digest/BuiltinDigests.java new file mode 100644 index 0000000..028b248 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/digest/BuiltinDigests.java @@ -0,0 +1,164 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.digest; + +import java.util.Collections; +import java.util.EnumSet; +import java.util.Set; + +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.util.GenericUtils; + +/** + * Provides easy access to the currently implemented digests + * + * @author Apache MINA SSHD Project + */ +public enum BuiltinDigests implements DigestFactory { + md5(Constants.MD5, "MD5", 16), + sha1(Constants.SHA1, "SHA-1", 20), + sha224(Constants.SHA224, "SHA-224", 28), + sha256(Constants.SHA256, "SHA-256", 32), + sha384(Constants.SHA384, "SHA-384", 48), + sha512(Constants.SHA512, "SHA-512", 64); + + public static final Set VALUES = Collections.unmodifiableSet(EnumSet.allOf(BuiltinDigests.class)); + + private final String algorithm; + private final int blockSize; + private final String factoryName; + private final boolean supported; + + BuiltinDigests(String factoryName, String algorithm, int blockSize) { + this.factoryName = factoryName; + this.algorithm = algorithm; + this.blockSize = blockSize; + /* + * This can be done once since in order to change the support the JVM needs to be stopped, some + * unlimited-strength files need be installed and then the JVM re-started. Therefore, the answer is not going to + * change while the JVM is running + */ + this.supported = DigestUtils.checkSupported(algorithm); + } + + @Override + public final String getName() { + return factoryName; + } + + @Override + public final String getAlgorithm() { + return algorithm; + } + + @Override + public final int getBlockSize() { + return blockSize; + } + + @Override + public final String toString() { + return getName(); + } + + @Override + public final Digest create() { + return new BaseDigest(getAlgorithm(), getBlockSize()); + } + + @Override + public final boolean isSupported() { + return supported; + } + + /** + * @param s The {@link Enum}'s name - ignored if {@code null}/empty + * @return The matching {@link BuiltinDigests} whose {@link Enum#name()} matches + * (case insensitive) the provided argument - {@code null} if no match + */ + public static BuiltinDigests fromString(String s) { + if (GenericUtils.isEmpty(s)) { + return null; + } + + for (BuiltinDigests c : VALUES) { + if (s.equalsIgnoreCase(c.name())) { + return c; + } + } + + return null; + } + + /** + * @param factory The {@link NamedFactory} for the cipher - ignored if {@code null} + * @return The matching {@link BuiltinDigests} whose factory name matches + * (case insensitive) the digest factory name + * @see #fromFactoryName(String) + */ + public static BuiltinDigests fromFactory(NamedFactory factory) { + if (factory == null) { + return null; + } else { + return fromFactoryName(factory.getName()); + } + } + + /** + * @param name The factory name - ignored if {@code null}/empty + * @return The matching {@link BuiltinDigests} whose factory name matches (case + * insensitive) the provided name - {@code null} if no match + */ + public static BuiltinDigests fromFactoryName(String name) { + return NamedResource.findByName(name, String.CASE_INSENSITIVE_ORDER, VALUES); + } + + /** + * @param d The {@link Digest} instance - ignored if {@code null} + * @return The matching {@link BuiltinDigests} whose algorithm matches (case + * insensitive) the digets's algorithm - {@code null} if no match + */ + public static BuiltinDigests fromDigest(Digest d) { + return fromAlgorithm((d == null) ? null : d.getAlgorithm()); + } + + /** + * @param algo The algorithm to find - ignored if {@code null}/empty + * @return The matching {@link BuiltinDigests} whose algorithm matches (case + * insensitive) the provided name - {@code null} if no match + */ + public static BuiltinDigests fromAlgorithm(String algo) { + return DigestUtils.findFactoryByAlgorithm(algo, String.CASE_INSENSITIVE_ORDER, VALUES); + } + + public static final class Constants { + public static final String MD5 = "md5"; + public static final String SHA1 = "sha1"; + public static final String SHA224 = "sha224"; + public static final String SHA256 = "sha256"; + public static final String SHA384 = "sha384"; + public static final String SHA512 = "sha512"; + + private Constants() { + throw new UnsupportedOperationException("No instance allowed"); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/digest/Digest.java b/files-sftp/src/main/java/org/apache/sshd/common/digest/Digest.java new file mode 100644 index 0000000..fac4e2c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/digest/Digest.java @@ -0,0 +1,35 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.digest; + +/** + * Interface used to compute digests, based on algorithms such as MD5 or SHA1. The digest implementation are compared + * first by the algorithm name (case insensitive and second according to the block size + * + * @author Apache MINA SSHD Project + */ +public interface Digest extends DigestInformation, Comparable { + void init() throws Exception; + + void update(byte[] data) throws Exception; + + void update(byte[] data, int start, int len) throws Exception; + + byte[] digest() throws Exception; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/digest/DigestFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/digest/DigestFactory.java new file mode 100644 index 0000000..f00e7ba --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/digest/DigestFactory.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.digest; + +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.OptionalFeature; + +/** + * @author Apache MINA SSHD Project + */ +// CHECKSTYLE:OFF +public interface DigestFactory extends DigestInformation, NamedFactory, OptionalFeature { + // nothing extra +} +// CHECKSTYLE:ON diff --git a/files-sftp/src/main/java/org/apache/sshd/common/digest/DigestInformation.java b/files-sftp/src/main/java/org/apache/sshd/common/digest/DigestInformation.java new file mode 100644 index 0000000..400d14a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/digest/DigestInformation.java @@ -0,0 +1,34 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.digest; + +import org.apache.sshd.common.AlgorithmNameProvider; + +/** + * The reported algorithm name refers to the type of digest being calculated. + * + * @author Apache MINA SSHD Project + */ +public interface DigestInformation extends AlgorithmNameProvider { + /** + * @return The number of bytes in the digest's output + */ + int getBlockSize(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/digest/DigestUtils.java b/files-sftp/src/main/java/org/apache/sshd/common/digest/DigestUtils.java new file mode 100644 index 0000000..4356080 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/digest/DigestUtils.java @@ -0,0 +1,230 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.digest; + +import java.nio.charset.Charset; +import java.nio.charset.StandardCharsets; +import java.security.MessageDigest; +import java.util.Base64; +import java.util.Collection; +import java.util.Comparator; +import java.util.Objects; + +import org.apache.sshd.common.Factory; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.BufferUtils; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * @author Apache MINA SSHD Project + */ +public final class DigestUtils { + private DigestUtils() { + throw new UnsupportedOperationException("No instance"); + } + + /** + * @param algorithm The digest algorithm - never {@code null}/empty + * @return {@code true} if this digest algorithm is supported + * @see SecurityUtils#getMessageDigest(String) + */ + public static boolean checkSupported(String algorithm) { + ValidateUtils.checkNotNullAndNotEmpty(algorithm, "No algorithm"); + try { + MessageDigest digest = SecurityUtils.getMessageDigest(algorithm); + return digest != null; // just in case + } catch (Exception e) { + return false; + } + } + + /** + * @param The generic type of digest factory + * @param algo The required algorithm name - ignored if {@code null}/empty + * @param comp The {@link Comparator} to use to compare algorithm names + * @param digests The factories to check - ignored if {@code null}/empty + * @return The first {@link DigestFactory} whose algorithm matches the required one according to the + * comparator - {@code null} if no match found + */ + public static D findDigestByAlgorithm( + String algo, Comparator comp, Collection digests) { + if (GenericUtils.isEmpty(algo) || GenericUtils.isEmpty(digests)) { + return null; + } + + for (D d : digests) { + if (comp.compare(algo, d.getAlgorithm()) == 0) { + return d; + } + } + + return null; + } + + /** + * @param The generic type of digest factory + * @param algo The required algorithm name - ignored if {@code null}/empty + * @param comp The {@link Comparator} to use to compare algorithm names + * @param factories The factories to check - ignored if {@code null}/empty + * @return The first {@link DigestFactory} whose algorithm matches the required one according to the + * comparator - {@code null} if no match found + */ + public static F findFactoryByAlgorithm( + String algo, Comparator comp, Collection factories) { + if (GenericUtils.isEmpty(algo) || GenericUtils.isEmpty(factories)) { + return null; + } + + for (F f : factories) { + if (comp.compare(algo, f.getAlgorithm()) == 0) { + return f; + } + } + + return null; + } + + /** + * @param f The {@link Factory} to create the {@link Digest} to use + * @param s The {@link String} to digest - ignored if {@code null}/empty, otherwise its UTF-8 + * representation is used as input for the fingerprint + * @return The fingerprint - {@code null} if {@code null}/empty input + * @throws Exception If failed to calculate the digest + * @see #getFingerPrint(Digest, String, Charset) + */ + public static String getFingerPrint(Factory f, String s) throws Exception { + return getFingerPrint(f, s, StandardCharsets.UTF_8); + } + + /** + * @param f The {@link Factory} to create the {@link Digest} to use + * @param s The {@link String} to digest - ignored if {@code null}/empty + * @param charset The {@link Charset} to use in order to convert the string to its byte representation to use as + * input for the fingerprint + * @return The fingerprint - {@code null} if {@code null}/empty input + * @throws Exception If failed to calculate the digest + */ + public static String getFingerPrint(Factory f, String s, Charset charset) throws Exception { + return getFingerPrint(Objects.requireNonNull(f, "No factory").create(), s, charset); + } + + /** + * @param d The {@link Digest} to use + * @param s The {@link String} to digest - ignored if {@code null}/empty, otherwise its UTF-8 + * representation is used as input for the fingerprint + * @return The fingerprint - {@code null} if {@code null}/empty input + * @throws Exception If failed to calculate the digest + * @see #getFingerPrint(Digest, String, Charset) + */ + public static String getFingerPrint(Digest d, String s) throws Exception { + return getFingerPrint(d, s, StandardCharsets.UTF_8); + } + + /** + * @param d The {@link Digest} to use + * @param s The {@link String} to digest - ignored if {@code null}/empty + * @param charset The {@link Charset} to use in order to convert the string to its byte representation to use as + * input for the fingerprint + * @return The fingerprint - {@code null} if {@code null}/empty input + * @throws Exception If failed to calculate the digest + */ + public static String getFingerPrint(Digest d, String s, Charset charset) throws Exception { + if (GenericUtils.isEmpty(s)) { + return null; + } else { + return DigestUtils.getFingerPrint(d, s.getBytes(charset)); + } + } + + /** + * @param f The {@link Factory} to create the {@link Digest} to use + * @param buf The data buffer to be fingerprint-ed + * @return The fingerprint - {@code null} if empty data buffer + * @throws Exception If failed to calculate the fingerprint + * @see #getFingerPrint(Factory, byte[], int, int) + */ + public static String getFingerPrint(Factory f, byte... buf) throws Exception { + return getFingerPrint(f, buf, 0, NumberUtils.length(buf)); + } + + /** + * @param f The {@link Factory} to create the {@link Digest} to use + * @param buf The data buffer to be fingerprint-ed + * @param offset The offset of the data in the buffer + * @param len The length of data - ignored if non-positive + * @return The fingerprint - {@code null} if non-positive length + * @throws Exception If failed to calculate the fingerprint + */ + public static String getFingerPrint(Factory f, byte[] buf, int offset, int len) throws Exception { + return getFingerPrint(Objects.requireNonNull(f, "No factory").create(), buf, offset, len); + } + + /** + * @param d The {@link Digest} to use + * @param buf The data buffer to be fingerprint-ed + * @return The fingerprint - {@code null} if empty data buffer + * @throws Exception If failed to calculate the fingerprint + * @see #getFingerPrint(Digest, byte[], int, int) + */ + public static String getFingerPrint(Digest d, byte... buf) throws Exception { + return getFingerPrint(d, buf, 0, NumberUtils.length(buf)); + } + + /** + * @param d The {@link Digest} to use + * @param buf The data buffer to be fingerprint-ed + * @param offset The offset of the data in the buffer + * @param len The length of data - ignored if non-positive + * @return The fingerprint - {@code null} if non-positive length + * @throws Exception If failed to calculate the fingerprint + * @see #getRawFingerprint(Digest, byte[], int, int) + */ + public static String getFingerPrint(Digest d, byte[] buf, int offset, int len) throws Exception { + if (len <= 0) { + return null; + } + + byte[] data = getRawFingerprint(d, buf, offset, len); + String algo = d.getAlgorithm(); + if (BuiltinDigests.md5.getAlgorithm().equals(algo)) { + return algo + ":" + BufferUtils.toHex(':', data).toLowerCase(); + } + + Base64.Encoder encoder = Base64.getEncoder(); + return algo.replace("-", "").toUpperCase() + ":" + encoder.encodeToString(data).replaceAll("=", ""); + } + + public static byte[] getRawFingerprint(Digest d, byte... buf) throws Exception { + return getRawFingerprint(d, buf, 0, NumberUtils.length(buf)); + } + + public static byte[] getRawFingerprint(Digest d, byte[] buf, int offset, int len) throws Exception { + if (len <= 0) { + return null; + } + + Objects.requireNonNull(d, "No digest").init(); + d.update(buf, offset, len); + + return d.digest(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/digest/package.html b/files-sftp/src/main/java/org/apache/sshd/common/digest/package.html new file mode 100644 index 0000000..69ece5c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/digest/package.html @@ -0,0 +1,26 @@ + + + + + + + Digest + + implementations. + + \ No newline at end of file diff --git a/files-sftp/src/main/java/org/apache/sshd/common/extensions/AbstractParser.java b/files-sftp/src/main/java/org/apache/sshd/common/extensions/AbstractParser.java new file mode 100644 index 0000000..bcf31c9 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/extensions/AbstractParser.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.extensions; + +import org.apache.sshd.common.util.ValidateUtils; + +/** + * @param Parse result type + * @author Apache MINA SSHD Project + */ +public abstract class AbstractParser implements ExtensionParser { + private final String name; + + protected AbstractParser(String name) { + this.name = ValidateUtils.checkNotNullAndNotEmpty(name, "No extension name"); + } + + @Override + public final String getName() { + return name; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/extensions/AclSupportedParser.java b/files-sftp/src/main/java/org/apache/sshd/common/extensions/AclSupportedParser.java new file mode 100644 index 0000000..7241014 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/extensions/AclSupportedParser.java @@ -0,0 +1,220 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.extensions; + +import java.io.Serializable; +import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; +import java.util.Map; +import java.util.NavigableMap; +import java.util.NavigableSet; +import java.util.Objects; +import java.util.Set; +import java.util.TreeSet; + +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.common.SftpConstants; + +/** + * @author Apache MINA SSHD Project + */ +public class AclSupportedParser extends AbstractParser { + /** + * The "acl-supported" information as per + * DRAFT 11 - section 5.4 + * + * @author Apache MINA SSHD Project + */ + public static class AclCapabilities implements Serializable, Cloneable { + private static final long serialVersionUID = -3118426327336468237L; + private int capabilities; + + public AclCapabilities() { + this(0); + } + + public AclCapabilities(int capabilities) { + // Protect against malicious or malformed packets + ValidateUtils.checkTrue( + (capabilities >= 0) && (capabilities < SshConstants.SSH_REQUIRED_PAYLOAD_PACKET_LENGTH_SUPPORT), + "Illogical ACL capabilities count: %d", capabilities); + this.capabilities = capabilities; + } + + public int getCapabilities() { + return capabilities; + } + + public void setCapabilities(int capabilities) { + this.capabilities = capabilities; + } + + @Override + public int hashCode() { + return getCapabilities(); + } + + @Override + public boolean equals(Object obj) { + if (obj == null) { + return false; + } + if (obj == this) { + return true; + } + if (getClass() != obj.getClass()) { + return false; + } + + return ((AclCapabilities) obj).getCapabilities() == getCapabilities(); + } + + @Override + public AclCapabilities clone() { + try { + return getClass().cast(super.clone()); + } catch (CloneNotSupportedException e) { + throw new RuntimeException("Failed to clone " + toString() + ": " + e.getMessage(), e); + } + } + + @Override + public String toString() { + return Objects.toString(decodeAclCapabilities(getCapabilities())); + } + + private static final class LazyAclCapabilityNameHolder { + private static final String ACL_CAP_NAME_PREFIX = "SSH_ACL_CAP_"; + private static final NavigableMap ACL_VALUES_MAP + = SftpConstants.generateMnemonicMap(SftpConstants.class, ACL_CAP_NAME_PREFIX); + private static final NavigableMap ACL_NAMES_MAP = Collections.unmodifiableNavigableMap( + GenericUtils.flipMap( + ACL_VALUES_MAP, GenericUtils.caseInsensitiveMap(), false)); + + private LazyAclCapabilityNameHolder() { + throw new UnsupportedOperationException("No instance allowed"); + } + } + + @SuppressWarnings("synthetic-access") + public static NavigableMap getAclCapabilityNamesMap() { + return LazyAclCapabilityNameHolder.ACL_NAMES_MAP; + } + + /** + * @param name The ACL capability name - may be without the "SSH_ACL_CAP_xxx" prefix. Ignored if + * {@code null}/empty + * @return The matching {@link Integer} value - or {@code null} if no match found + */ + public static Integer getAclCapabilityValue(String name) { + if (GenericUtils.isEmpty(name)) { + return null; + } + + name = name.toUpperCase(); + if (!name.startsWith(LazyAclCapabilityNameHolder.ACL_CAP_NAME_PREFIX)) { + name += LazyAclCapabilityNameHolder.ACL_CAP_NAME_PREFIX; + } + + Map map = getAclCapabilityNamesMap(); + return map.get(name); + } + + @SuppressWarnings("synthetic-access") + public static NavigableMap getAclCapabilityValuesMap() { + return LazyAclCapabilityNameHolder.ACL_VALUES_MAP; + } + + public static String getAclCapabilityName(int aclCapValue) { + Map map = getAclCapabilityValuesMap(); + String name = map.get(aclCapValue); + if (GenericUtils.isEmpty(name)) { + return Integer.toString(aclCapValue); + } else { + return name; + } + } + + public static NavigableSet decodeAclCapabilities(int mask) { + if (mask == 0) { + return Collections.emptyNavigableSet(); + } + + NavigableSet caps = new TreeSet<>(String.CASE_INSENSITIVE_ORDER); + Map map = getAclCapabilityValuesMap(); + map.forEach((value, name) -> { + if ((mask & value) != 0) { + caps.add(name); + } + }); + + return caps; + } + + public static int constructAclCapabilities(Collection maskValues) { + if (GenericUtils.isEmpty(maskValues)) { + return 0; + } + + int mask = 0; + for (Integer v : maskValues) { + mask |= v; + } + + return mask; + } + + public static Set deconstructAclCapabilities(int mask) { + if (mask == 0) { + return Collections.emptySet(); + } + + Map map = getAclCapabilityValuesMap(); + Set caps = new HashSet<>(map.size()); + for (Integer v : map.keySet()) { + if ((mask & v) != 0) { + caps.add(v); + } + } + + return caps; + } + } + + public static final AclSupportedParser INSTANCE = new AclSupportedParser(); + + public AclSupportedParser() { + super(SftpConstants.EXT_ACL_SUPPORTED); + } + + @Override + public AclCapabilities parse(byte[] input, int offset, int len) { + return parse(new ByteArrayBuffer(input, offset, len)); + } + + public AclCapabilities parse(Buffer buffer) { + return new AclCapabilities(buffer.getInt()); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/extensions/ExtensionParser.java b/files-sftp/src/main/java/org/apache/sshd/common/extensions/ExtensionParser.java new file mode 100644 index 0000000..e9f72a6 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/extensions/ExtensionParser.java @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.extensions; + +import java.util.function.Function; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.util.NumberUtils; + +/** + * @param Result type + * @author Apache MINA SSHD Project + */ +public interface ExtensionParser extends NamedResource, Function { + default T parse(byte[] input) { + return parse(input, 0, NumberUtils.length(input)); + } + + T parse(byte[] input, int offset, int len); + + @Override + default T apply(byte[] input) { + return parse(input); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/extensions/NewlineParser.java b/files-sftp/src/main/java/org/apache/sshd/common/extensions/NewlineParser.java new file mode 100644 index 0000000..608dc55 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/extensions/NewlineParser.java @@ -0,0 +1,115 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.extensions; + +import java.io.Serializable; +import java.nio.charset.StandardCharsets; +import java.util.Objects; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.buffer.BufferUtils; +import org.apache.sshd.common.SftpConstants; + +/** + * @author Apache MINA SSHD Project + */ +public class NewlineParser extends AbstractParser { + /** + * The "newline" extension information as per + * DRAFT 09 + * Section 4.3 + * + * @author Apache MINA SSHD Project + */ + public static class Newline implements Cloneable, Serializable { + private static final long serialVersionUID = 2010656704254497899L; + private String newline; + + public Newline() { + this(null); + } + + public Newline(String newline) { + this.newline = newline; + } + + public String getNewline() { + return newline; + } + + public void setNewline(String newline) { + this.newline = newline; + } + + @Override + public int hashCode() { + return Objects.hashCode(getNewline()); + } + + @Override + public boolean equals(Object obj) { + if (obj == null) { + return false; + } + if (obj == this) { + return true; + } + if (obj.getClass() != getClass()) { + return false; + } + + return Objects.equals(((Newline) obj).getNewline(), getNewline()); + } + + @Override + public Newline clone() { + try { + return getClass().cast(super.clone()); + } catch (CloneNotSupportedException e) { + throw new RuntimeException("Failed to clone " + toString() + ": " + e.getMessage(), e); + } + } + + @Override + public String toString() { + String nl = getNewline(); + if (GenericUtils.isEmpty(nl)) { + return nl; + } else { + return BufferUtils.toHex(':', nl.getBytes(StandardCharsets.UTF_8)); + } + } + } + + public static final NewlineParser INSTANCE = new NewlineParser(); + + public NewlineParser() { + super(SftpConstants.EXT_NEWLINE); + } + + @Override + public Newline parse(byte[] input, int offset, int len) { + return parse(new String(input, offset, len, StandardCharsets.UTF_8)); + } + + public Newline parse(String value) { + return new Newline(value); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/extensions/ParserUtils.java b/files-sftp/src/main/java/org/apache/sshd/common/extensions/ParserUtils.java new file mode 100644 index 0000000..3a2f68c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/extensions/ParserUtils.java @@ -0,0 +1,190 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.extensions; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.NavigableMap; +import java.util.Objects; +import java.util.Set; +import java.util.TreeMap; +import java.util.TreeSet; +import java.util.function.Function; +import java.util.stream.Collectors; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.extensions.openssh.FstatVfsExtensionParser; +import org.apache.sshd.common.extensions.openssh.FsyncExtensionParser; +import org.apache.sshd.common.extensions.openssh.HardLinkExtensionParser; +import org.apache.sshd.common.extensions.openssh.LSetStatExtensionParser; +import org.apache.sshd.common.extensions.openssh.PosixRenameExtensionParser; +import org.apache.sshd.common.extensions.openssh.StatVfsExtensionParser; + +/** + * @author Apache MINA SSHD Project + * @see OpenSSH - section 3.4 + */ +public final class ParserUtils { + public static final Collection> BUILT_IN_PARSERS = Collections.unmodifiableList( + Arrays.> asList( + VendorIdParser.INSTANCE, + NewlineParser.INSTANCE, + VersionsParser.INSTANCE, + SupportedParser.INSTANCE, + Supported2Parser.INSTANCE, + AclSupportedParser.INSTANCE, + // OpenSSH extensions + PosixRenameExtensionParser.INSTANCE, + StatVfsExtensionParser.INSTANCE, + FstatVfsExtensionParser.INSTANCE, + HardLinkExtensionParser.INSTANCE, + FsyncExtensionParser.INSTANCE, + LSetStatExtensionParser.INSTANCE)); + + private static final NavigableMap> PARSERS_MAP = Collections.unmodifiableNavigableMap( + BUILT_IN_PARSERS.stream() + .collect(Collectors.toMap( + NamedResource::getName, Function.identity(), + GenericUtils.throwingMerger(), () -> new TreeMap<>(String.CASE_INSENSITIVE_ORDER)))); + + private ParserUtils() { + throw new UnsupportedOperationException("No instance"); + } + + /** + * @param parser The {@link ExtensionParser} to register + * @return The replaced parser (by name) - {@code null} if no previous parser for this extension name + */ + public static ExtensionParser registerParser(ExtensionParser parser) { + Objects.requireNonNull(parser, "No parser instance"); + + synchronized (PARSERS_MAP) { + return PARSERS_MAP.put(parser.getName(), parser); + } + } + + /** + * @param name The extension name - ignored if {@code null}/empty + * @return The removed {@link ExtensionParser} - {@code null} if none registered for this extension name + */ + public static ExtensionParser unregisterParser(String name) { + if (GenericUtils.isEmpty(name)) { + return null; + } + + synchronized (PARSERS_MAP) { + return PARSERS_MAP.remove(name); + } + } + + /** + * @param name The extension name - ignored if {@code null}/empty + * @return The registered {@link ExtensionParser} - {@code null} if none registered for this extension name + */ + public static ExtensionParser getRegisteredParser(String name) { + if (GenericUtils.isEmpty(name)) { + return null; + } + + synchronized (PARSERS_MAP) { + return PARSERS_MAP.get(name); + } + } + + public static Set getRegisteredParsersNames() { + synchronized (PARSERS_MAP) { + if (PARSERS_MAP.isEmpty()) { + return Collections.emptySet(); + } else { // return a copy in order to avoid concurrent modification issues + return GenericUtils.asSortedSet(String.CASE_INSENSITIVE_ORDER, PARSERS_MAP.keySet()); + } + } + } + + public static List> getRegisteredParsers() { + synchronized (PARSERS_MAP) { + if (PARSERS_MAP.isEmpty()) { + return Collections.emptyList(); + } else { // return a copy in order to avoid concurrent modification issues + return new ArrayList<>(PARSERS_MAP.values()); + } + } + } + + public static Set supportedExtensions(Map parsed) { + if (GenericUtils.isEmpty(parsed)) { + return Collections.emptySet(); + } + + SupportedParser.Supported sup = (SupportedParser.Supported) parsed.get(SupportedParser.INSTANCE.getName()); + Collection extra = (sup == null) ? null : sup.extensionNames; + Supported2Parser.Supported2 sup2 = (Supported2Parser.Supported2) parsed.get(Supported2Parser.INSTANCE.getName()); + Collection extra2 = (sup2 == null) ? null : sup2.extensionNames; + if (GenericUtils.isEmpty(extra)) { + return GenericUtils.asSortedSet(String.CASE_INSENSITIVE_ORDER, extra2); + } else if (GenericUtils.isEmpty(extra2)) { + return GenericUtils.asSortedSet(String.CASE_INSENSITIVE_ORDER, extra); + } + + Set result = new TreeSet<>(String.CASE_INSENSITIVE_ORDER); + result.addAll(extra); + result.addAll(extra2); + return result; + } + + /** + * @param extensions The received extensions in encoded form + * @return A {@link Map} of all the successfully decoded extensions where key=extension name (same as in + * the original map), value=the decoded extension value. Extensions for which there is no + * registered parser are ignored + * @see #getRegisteredParser(String) + * @see ExtensionParser#parse(byte[]) + */ + public static Map parse(Map extensions) { + if (GenericUtils.isEmpty(extensions)) { + return Collections.emptyMap(); + } + + Map data = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + extensions.forEach((name, value) -> { + Object result = parse(name, value); + if (result == null) { + return; + } + data.put(name, result); + }); + + return data; + } + + public static Object parse(String name, byte... encoded) { + ExtensionParser parser = getRegisteredParser(name); + if (parser == null) { + return null; + } else { + return parser.parse(encoded); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/extensions/SpaceAvailableExtensionInfo.java b/files-sftp/src/main/java/org/apache/sshd/common/extensions/SpaceAvailableExtensionInfo.java new file mode 100644 index 0000000..b345b0a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/extensions/SpaceAvailableExtensionInfo.java @@ -0,0 +1,126 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.extensions; + +import java.io.IOException; +import java.nio.file.FileStore; + +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * @author Apache MINA SSHD Project + * @see DRAFT 09 + * section 9.2 + */ +public class SpaceAvailableExtensionInfo implements Cloneable { + // CHECKSTYLE:OFF + public long bytesOnDevice; + public long unusedBytesOnDevice; + public long bytesAvailableToUser; + public long unusedBytesAvailableToUser; + public int bytesPerAllocationUnit; + // CHECKSTYLE:ON + + public SpaceAvailableExtensionInfo() { + super(); + } + + public SpaceAvailableExtensionInfo(Buffer buffer) { + decode(buffer, this); + } + + public SpaceAvailableExtensionInfo(FileStore store) throws IOException { + bytesOnDevice = store.getTotalSpace(); + + long unallocated = store.getUnallocatedSpace(); + long usable = store.getUsableSpace(); + unusedBytesOnDevice = Math.max(unallocated, usable); + + // the rest are intentionally left zero indicating "UNKNOWN" + } + + @Override + public int hashCode() { + return NumberUtils.hashCode(bytesOnDevice, unusedBytesOnDevice, + bytesAvailableToUser, unusedBytesAvailableToUser, + bytesPerAllocationUnit); + } + + @Override + public boolean equals(Object obj) { + if (obj == null) { + return false; + } + if (this == obj) { + return true; + } + if (getClass() != obj.getClass()) { + return false; + } + + SpaceAvailableExtensionInfo other = (SpaceAvailableExtensionInfo) obj; + return this.bytesOnDevice == other.bytesOnDevice + && this.unusedBytesOnDevice == other.unusedBytesOnDevice + && this.bytesAvailableToUser == other.bytesAvailableToUser + && this.unusedBytesAvailableToUser == other.unusedBytesAvailableToUser + && this.bytesPerAllocationUnit == other.bytesPerAllocationUnit; + } + + @Override + public SpaceAvailableExtensionInfo clone() { + try { + return getClass().cast(super.clone()); + } catch (CloneNotSupportedException e) { + throw new RuntimeException("Failed to close " + toString() + ": " + e.getMessage()); + } + } + + @Override + public String toString() { + return "bytesOnDevice=" + bytesOnDevice + + ",unusedBytesOnDevice=" + unusedBytesOnDevice + + ",bytesAvailableToUser=" + bytesAvailableToUser + + ",unusedBytesAvailableToUser=" + unusedBytesAvailableToUser + + ",bytesPerAllocationUnit=" + bytesPerAllocationUnit; + } + + public static SpaceAvailableExtensionInfo decode(Buffer buffer) { + SpaceAvailableExtensionInfo info = new SpaceAvailableExtensionInfo(); + decode(buffer, info); + return info; + } + + public static void decode(Buffer buffer, SpaceAvailableExtensionInfo info) { + info.bytesOnDevice = buffer.getLong(); + info.unusedBytesOnDevice = buffer.getLong(); + info.bytesAvailableToUser = buffer.getLong(); + info.unusedBytesAvailableToUser = buffer.getLong(); + info.bytesPerAllocationUnit = buffer.getInt(); + } + + public static void encode(Buffer buffer, SpaceAvailableExtensionInfo info) { + buffer.putLong(info.bytesOnDevice); + buffer.putLong(info.unusedBytesOnDevice); + buffer.putLong(info.bytesAvailableToUser); + buffer.putLong(info.unusedBytesAvailableToUser); + buffer.putInt(info.bytesPerAllocationUnit & 0xFFFFFFFFL); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/extensions/Supported2Parser.java b/files-sftp/src/main/java/org/apache/sshd/common/extensions/Supported2Parser.java new file mode 100644 index 0000000..b808180 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/extensions/Supported2Parser.java @@ -0,0 +1,96 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.extensions; + +import java.util.Collection; + +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.common.SftpConstants; + +/** + * Parses the "supported2" extension as defined in + * DRAFT 13 section 5.4 + * + * @author Apache MINA SSHD Project + */ +public class Supported2Parser extends AbstractParser { + /** + * @author Apache MINA SSHD Project + * @see DRAFT 13 section 5.4 + */ + public static class Supported2 { + // CHECKSTYLE:OFF + public int supportedAttributeMask; + public int supportedAttributeBits; + public int supportedOpenFlags; + public int supportedAccessMask; + public int maxReadSize; + public short supportedOpenBlockVector; + public short supportedBlock; + // uint32 attrib-extension-count + public Collection attribExtensionNames; + // uint32 extension-count + public Collection extensionNames; + // CHECKSTYLE:ON + + public Supported2() { + super(); + } + + @Override + public String toString() { + return "attrsMask=0x" + Integer.toHexString(supportedAttributeMask) + + ",attrsBits=0x" + Integer.toHexString(supportedAttributeBits) + + ",openFlags=0x" + Integer.toHexString(supportedOpenFlags) + + ",accessMask=0x" + Integer.toHexString(supportedAccessMask) + + ",maxRead=" + maxReadSize + + ",openBlock=0x" + Integer.toHexString(supportedOpenBlockVector & 0xFFFF) + + ",block=" + Integer.toHexString(supportedBlock & 0xFFFF) + + ",attribs=" + attribExtensionNames + + ",exts=" + extensionNames; + } + } + + public static final Supported2Parser INSTANCE = new Supported2Parser(); + + public Supported2Parser() { + super(SftpConstants.EXT_SUPPORTED2); + } + + @Override + public Supported2 parse(byte[] input, int offset, int len) { + return parse(new ByteArrayBuffer(input, offset, len)); + } + + public Supported2 parse(Buffer buffer) { + Supported2 sup2 = new Supported2(); + sup2.supportedAttributeMask = buffer.getInt(); + sup2.supportedAttributeBits = buffer.getInt(); + sup2.supportedOpenFlags = buffer.getInt(); + sup2.supportedAccessMask = buffer.getInt(); + sup2.maxReadSize = buffer.getInt(); + sup2.supportedOpenBlockVector = buffer.getShort(); + sup2.supportedBlock = buffer.getShort(); + sup2.attribExtensionNames = buffer.getStringList(true); + sup2.extensionNames = buffer.getStringList(true); + return sup2; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/extensions/SupportedParser.java b/files-sftp/src/main/java/org/apache/sshd/common/extensions/SupportedParser.java new file mode 100644 index 0000000..1f93334 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/extensions/SupportedParser.java @@ -0,0 +1,87 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.extensions; + +import java.util.Collection; + +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.common.SftpConstants; + +/** + * Parses the "supported" extension as defined in + * DRAFT 05 - + * section 4.4 + * + * @author Apache MINA SSHD Project + */ +public class SupportedParser extends AbstractParser { + /** + * @author Apache MINA SSHD Project + * @see DRAFT + * 05 - section 4.4 + */ + public static class Supported { + // CHECKSTYLE:OFF + public int supportedAttributeMask; + public int supportedAttributeBits; + public int supportedOpenFlags; + public int supportedAccessMask; + public int maxReadSize; + public Collection extensionNames; + // CHECKSTYLE:ON + + public Supported() { + super(); + } + + @Override + public String toString() { + return "attrsMask=0x" + Integer.toHexString(supportedAttributeMask) + + ",attrsBits=0x" + Integer.toHexString(supportedAttributeBits) + + ",openFlags=0x" + Integer.toHexString(supportedOpenFlags) + + ",accessMask=0x" + Integer.toHexString(supportedAccessMask) + + ",maxReadSize=" + maxReadSize + + ",extensions=" + extensionNames; + } + } + + public static final SupportedParser INSTANCE = new SupportedParser(); + + public SupportedParser() { + super(SftpConstants.EXT_SUPPORTED); + } + + @Override + public Supported parse(byte[] input, int offset, int len) { + return parse(new ByteArrayBuffer(input, offset, len)); + } + + public Supported parse(Buffer buffer) { + Supported sup = new Supported(); + sup.supportedAttributeMask = buffer.getInt(); + sup.supportedAttributeBits = buffer.getInt(); + sup.supportedOpenFlags = buffer.getInt(); + sup.supportedAccessMask = buffer.getInt(); + sup.maxReadSize = buffer.getInt(); + sup.extensionNames = buffer.getStringList(false); + return sup; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/extensions/VendorIdParser.java b/files-sftp/src/main/java/org/apache/sshd/common/extensions/VendorIdParser.java new file mode 100644 index 0000000..99f164c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/extensions/VendorIdParser.java @@ -0,0 +1,74 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.extensions; + +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.common.SftpConstants; + +/** + * @author Apache MINA SSHD Project + */ +public class VendorIdParser extends AbstractParser { + /** + * The "vendor-id" information as per + * DRAFT 09 - + * section 4.4 + * + * @author Apache MINA SSHD Project + */ + public static class VendorId { + // CHECKSTYLE:OFF + public String vendorName; + public String productName; + public String productVersion; + public long productBuildNumber; + // CHECKSTYLE:ON + + public VendorId() { + super(); + } + + @Override + public String toString() { + return vendorName + "-" + productName + "-" + productVersion + "-" + productBuildNumber; + } + } + + public static final VendorIdParser INSTANCE = new VendorIdParser(); + + public VendorIdParser() { + super(SftpConstants.EXT_VENDOR_ID); + } + + @Override + public VendorId parse(byte[] input, int offset, int len) { + return parse(new ByteArrayBuffer(input, offset, len)); + } + + public VendorId parse(Buffer buffer) { + VendorId id = new VendorId(); + id.vendorName = buffer.getString(); + id.productName = buffer.getString(); + id.productVersion = buffer.getString(); + id.productBuildNumber = buffer.getLong(); + return id; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/extensions/VersionsParser.java b/files-sftp/src/main/java/org/apache/sshd/common/extensions/VersionsParser.java new file mode 100644 index 0000000..c42880e --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/extensions/VersionsParser.java @@ -0,0 +1,115 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.extensions; + +import java.nio.charset.StandardCharsets; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Set; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.SftpConstants; +import org.apache.sshd.common.extensions.VersionsParser.Versions; + +/** + * @author Apache MINA SSHD Project + */ +public class VersionsParser extends AbstractParser { + /** + * The "versions" extension data as per + * DRAFT 09 + * Section 4.6 + * + * @author Apache MINA SSHD Project + */ + public static class Versions { + public static final char SEP = ','; + + private List versions; + + public Versions() { + this(null); + } + + public Versions(List versions) { + this.versions = versions; + } + + public List getVersions() { + return versions; + } + + public void setVersions(List versions) { + this.versions = versions; + } + + public List resolveAvailableVersions(int current) { + List currentlyAvailable = Collections.singletonList(current); + Collection reported = getVersions(); + if (GenericUtils.isEmpty(reported)) { + return currentlyAvailable; + } + + Set available = GenericUtils.asSortedSet(currentlyAvailable); + for (String v : reported) { + /* + * According to https://tools.ietf.org/html/draft-ietf-secsh-filexfer-11#section-5.5 versions may + * contain not only numbers + */ + if (!NumberUtils.isIntegerNumber(v)) { + continue; + } + + if (!available.add(Integer.valueOf(v))) { + continue; // debug breakpoint + } + } + + return (available.size() == 1) + ? currentlyAvailable + : new ArrayList<>(available); + } + + @Override + public String toString() { + return GenericUtils.join(getVersions(), ','); + } + } + + public static final VersionsParser INSTANCE = new VersionsParser(); + + public VersionsParser() { + super(SftpConstants.EXT_VERSIONS); + } + + @Override + public Versions parse(byte[] input, int offset, int len) { + return parse(new String(input, offset, len, StandardCharsets.UTF_8)); + } + + public Versions parse(String value) { + String[] comps = GenericUtils.split(value, Versions.SEP); + return new Versions(GenericUtils.isEmpty(comps) ? Collections.emptyList() : Arrays.asList(comps)); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/extensions/openssh/AbstractOpenSSHExtensionParser.java b/files-sftp/src/main/java/org/apache/sshd/common/extensions/openssh/AbstractOpenSSHExtensionParser.java new file mode 100644 index 0000000..8ad8a00 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/extensions/openssh/AbstractOpenSSHExtensionParser.java @@ -0,0 +1,112 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.extensions.openssh; + +import java.io.Serializable; +import java.nio.charset.StandardCharsets; +import java.util.Objects; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.extensions.AbstractParser; + +/** + * Base class for various {@code XXX@openssh.com} extension data reports + * + * @author Apache MINA SSHD Project + */ +public abstract class AbstractOpenSSHExtensionParser extends AbstractParser { + public static class OpenSSHExtension implements NamedResource, Cloneable, Serializable { + private static final long serialVersionUID = 5902797870154506909L; + private final String name; + private String version; + + public OpenSSHExtension(String name) { + this(name, null); + } + + public OpenSSHExtension(String name, String version) { + this.name = ValidateUtils.checkNotNullAndNotEmpty(name, "No extension name"); + this.version = version; + } + + @Override + public final String getName() { + return name; + } + + public String getVersion() { + return version; + } + + public void setVersion(String version) { + this.version = version; + } + + @Override + public int hashCode() { + return Objects.hash(getName(), getVersion()); + } + + @Override + public boolean equals(Object obj) { + if (obj == null) { + return false; + } + if (this == obj) { + return true; + } + if (getClass() != obj.getClass()) { + return false; + } + + OpenSSHExtension other = (OpenSSHExtension) obj; + return Objects.equals(getName(), other.getName()) + && Objects.equals(getVersion(), other.getVersion()); + } + + @Override + public OpenSSHExtension clone() { + try { + return getClass().cast(super.clone()); + } catch (CloneNotSupportedException e) { + throw new RuntimeException("Unexpected clone exception " + toString() + ": " + e.getMessage()); + } + } + + @Override + public String toString() { + return getName() + " " + getVersion(); + } + } + + protected AbstractOpenSSHExtensionParser(String name) { + super(name); + } + + @Override + public OpenSSHExtension parse(byte[] input, int offset, int len) { + return parse(new String(input, offset, len, StandardCharsets.UTF_8)); + } + + public OpenSSHExtension parse(String version) { + return new OpenSSHExtension(getName(), version); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/extensions/openssh/FstatVfsExtensionParser.java b/files-sftp/src/main/java/org/apache/sshd/common/extensions/openssh/FstatVfsExtensionParser.java new file mode 100644 index 0000000..6d107b8 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/extensions/openssh/FstatVfsExtensionParser.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.extensions.openssh; + +/** + * @author Apache MINA SSHD Project + */ +public class FstatVfsExtensionParser extends AbstractOpenSSHExtensionParser { + public static final String NAME = "fstatvfs@openssh.com"; + public static final FstatVfsExtensionParser INSTANCE = new FstatVfsExtensionParser(); + + public FstatVfsExtensionParser() { + super(NAME); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/extensions/openssh/FsyncExtensionParser.java b/files-sftp/src/main/java/org/apache/sshd/common/extensions/openssh/FsyncExtensionParser.java new file mode 100644 index 0000000..ec97e19 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/extensions/openssh/FsyncExtensionParser.java @@ -0,0 +1,33 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.extensions.openssh; + +/** + * @author Apache MINA SSHD Project + * @see OpenSSH - section 10 + */ +public class FsyncExtensionParser extends AbstractOpenSSHExtensionParser { + public static final String NAME = "fsync@openssh.com"; + public static final FsyncExtensionParser INSTANCE = new FsyncExtensionParser(); + + public FsyncExtensionParser() { + super(NAME); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/extensions/openssh/HardLinkExtensionParser.java b/files-sftp/src/main/java/org/apache/sshd/common/extensions/openssh/HardLinkExtensionParser.java new file mode 100644 index 0000000..607b29a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/extensions/openssh/HardLinkExtensionParser.java @@ -0,0 +1,33 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.extensions.openssh; + +/** + * @author Apache MINA SSHD Project + * @see OpenSSH - section 10 + */ +public class HardLinkExtensionParser extends AbstractOpenSSHExtensionParser { + public static final String NAME = "hardlink@openssh.com"; + public static final HardLinkExtensionParser INSTANCE = new HardLinkExtensionParser(); + + public HardLinkExtensionParser() { + super(NAME); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/extensions/openssh/LSetStatExtensionParser.java b/files-sftp/src/main/java/org/apache/sshd/common/extensions/openssh/LSetStatExtensionParser.java new file mode 100644 index 0000000..e0e1888 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/extensions/openssh/LSetStatExtensionParser.java @@ -0,0 +1,35 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.extensions.openssh; + +/** + * Replicates the functionality of the existing {@code SSH_FXP_SETSTAT} operation but does not follow symbolic links + * + * @author Apache MINA SSHD Project + * @see OpenSSH v8.0 release notes + */ +public class LSetStatExtensionParser extends AbstractOpenSSHExtensionParser { + public static final String NAME = "lsetstat@openssh.com"; + public static final LSetStatExtensionParser INSTANCE = new LSetStatExtensionParser(); + + public LSetStatExtensionParser() { + super(NAME); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/extensions/openssh/PosixRenameExtensionParser.java b/files-sftp/src/main/java/org/apache/sshd/common/extensions/openssh/PosixRenameExtensionParser.java new file mode 100644 index 0000000..f2ff69e --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/extensions/openssh/PosixRenameExtensionParser.java @@ -0,0 +1,33 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.extensions.openssh; + +/** + * @author Apache MINA SSHD Project + * @see OpenSSH - section 3.3 + */ +public class PosixRenameExtensionParser extends AbstractOpenSSHExtensionParser { + public static final String NAME = "posix-rename@openssh.com"; + public static final PosixRenameExtensionParser INSTANCE = new PosixRenameExtensionParser(); + + public PosixRenameExtensionParser() { + super(NAME); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/extensions/openssh/StatVfsExtensionParser.java b/files-sftp/src/main/java/org/apache/sshd/common/extensions/openssh/StatVfsExtensionParser.java new file mode 100644 index 0000000..785c3b7 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/extensions/openssh/StatVfsExtensionParser.java @@ -0,0 +1,33 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.extensions.openssh; + +/** + * @author Apache MINA SSHD Project + * @see OpenSSH - section 3.4 + */ +public class StatVfsExtensionParser extends AbstractOpenSSHExtensionParser { + public static final String NAME = "statvfs@openssh.com"; + public static final StatVfsExtensionParser INSTANCE = new StatVfsExtensionParser(); + + public StatVfsExtensionParser() { + super(NAME); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/file/FileSystemAware.java b/files-sftp/src/main/java/org/apache/sshd/common/file/FileSystemAware.java new file mode 100644 index 0000000..65817af --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/file/FileSystemAware.java @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.file; + +import java.io.IOException; +import java.nio.file.FileSystem; + +import org.apache.sshd.common.session.SessionContext; + +/** + * Interface that can be implemented by a command to be able to access the file system in which this command will be + * used. + */ +@FunctionalInterface +public interface FileSystemAware { + /** + * Sets the {@link FileSystemFactory} used to create the {@link FileSystem} to be used by the session + * + * @param factory The factory instance + * @param session The {@link SessionContext} + * @throws IOException If failed to resolve/create the file system + * @see #setFileSystem(FileSystem) + */ + default void setFileSystemFactory( + FileSystemFactory factory, SessionContext session) + throws IOException { + FileSystem fs = factory.createFileSystem(session); + setFileSystem(fs); + } + + /** + * Set the file system in which this shell will be executed. + * + * @param fileSystem the file system + */ + void setFileSystem(FileSystem fileSystem); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/file/FileSystemFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/file/FileSystemFactory.java new file mode 100644 index 0000000..37cb2b3 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/file/FileSystemFactory.java @@ -0,0 +1,50 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.file; + +import java.io.IOException; +import java.nio.file.FileSystem; +import java.nio.file.Path; + +import org.apache.sshd.common.session.SessionContext; + +/** + * Factory for file system implementations - it returns the file system for user. + * + * @author Apache MINA Project + */ +public interface FileSystemFactory { + /** + * + * @param session The session created for the user + * @return The recommended user home directory - {@code null} if none + * @throws IOException If failed to resolve user's home directory + */ + Path getUserHomeDir(SessionContext session) throws IOException; + + /** + * Create user specific file system. + * + * @param session The session created for the user + * @return The current {@link FileSystem} for the provided session + * @throws IOException if the file system can not be created + */ + FileSystem createFileSystem(SessionContext session) throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/file/nativefs/NativeFileSystemFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/file/nativefs/NativeFileSystemFactory.java new file mode 100644 index 0000000..d1b2a97 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/file/nativefs/NativeFileSystemFactory.java @@ -0,0 +1,129 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.file.nativefs; + +import java.io.IOException; +import java.nio.file.FileSystem; +import java.nio.file.FileSystems; +import java.nio.file.Files; +import java.nio.file.InvalidPathException; +import java.nio.file.NotDirectoryException; +import java.nio.file.Path; +import java.nio.file.Paths; + +import org.apache.sshd.common.file.FileSystemFactory; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.OsUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * Native file system factory. It uses the OS file system. + * + * @author Apache MINA Project + */ +public class NativeFileSystemFactory implements FileSystemFactory { + public static final String DEFAULT_USERS_HOME = OsUtils.isWin32() ? "C:\\Users" : OsUtils.isOSX() ? "/Users" : "/home"; + + public static final NativeFileSystemFactory INSTANCE = new NativeFileSystemFactory(); + + private boolean createHome; + private String usersHomeDir = DEFAULT_USERS_HOME; + + public NativeFileSystemFactory() { + this(false); + } + + public NativeFileSystemFactory(boolean createHome) { + this.createHome = createHome; + } + + /** + * @return The root location where users home is to be created - never {@code null}/empty. + */ + public String getUsersHomeDir() { + return usersHomeDir; + } + + /** + * Set the root location where users home is to be created + * + * @param usersHomeDir The root location where users home is to be created - never {@code null}/empty. + * @see #isCreateHome() + */ + public void setUsersHomeDir(String usersHomeDir) { + this.usersHomeDir = ValidateUtils.checkNotNullAndNotEmpty(usersHomeDir, "No users home dir"); + } + + /** + * Should the home directories be created automatically + * + * @return {@code true} if the file system will create the home directory if not available + */ + public boolean isCreateHome() { + return createHome; + } + + /** + * Set if the home directories be created automatically + * + * @param createHome {@code true} if the file system should create the home directory automatically if not available + * @see #getUsersHomeDir() + */ + public void setCreateHome(boolean createHome) { + this.createHome = createHome; + } + + @Override + public Path getUserHomeDir(SessionContext session) throws IOException { + String userName = session.getUsername(); + if (GenericUtils.isEmpty(userName)) { + return null; + } + + String homeRoot = getUsersHomeDir(); + if (GenericUtils.isEmpty(homeRoot)) { + return null; + } + + return Paths.get(homeRoot, userName).normalize().toAbsolutePath(); + } + + @Override + public FileSystem createFileSystem(SessionContext session) throws IOException { + // create home if does not exist + if (isCreateHome()) { + Path homeDir = getUserHomeDir(session); + if (homeDir == null) { + throw new InvalidPathException(session.getUsername(), "Cannot resolve home directory"); + } + + if (Files.exists(homeDir)) { + if (!Files.isDirectory(homeDir)) { + throw new NotDirectoryException(homeDir.toString()); + } + } else { + Path p = Files.createDirectories(homeDir); + } + } + + return FileSystems.getDefault(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/file/nonefs/NoneFileSystem.java b/files-sftp/src/main/java/org/apache/sshd/common/file/nonefs/NoneFileSystem.java new file mode 100644 index 0000000..407f7eb --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/file/nonefs/NoneFileSystem.java @@ -0,0 +1,102 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.file.nonefs; + +import java.io.IOException; +import java.nio.file.FileStore; +import java.nio.file.FileSystem; +import java.nio.file.Path; +import java.nio.file.PathMatcher; +import java.nio.file.WatchService; +import java.nio.file.attribute.UserPrincipalLookupService; +import java.nio.file.spi.FileSystemProvider; +import java.util.Collections; +import java.util.Set; + +/** + * @author Apache MINA SSHD Project + */ +public class NoneFileSystem extends FileSystem { + public static final NoneFileSystem INSTANCE = new NoneFileSystem(); + + public NoneFileSystem() { + super(); + } + + @Override + public FileSystemProvider provider() { + return NoneFileSystemProvider.INSTANCE; + } + + @Override + public void close() throws IOException { + // ignored + } + + @Override + public boolean isOpen() { + return true; + } + + @Override + public boolean isReadOnly() { + return true; + } + + @Override + public String getSeparator() { + return "/"; + } + + @Override + public Iterable getRootDirectories() { + return Collections.emptyList(); + } + + @Override + public Iterable getFileStores() { + return Collections.emptyList(); + } + + @Override + public Set supportedFileAttributeViews() { + return Collections.emptySet(); + } + + @Override + public Path getPath(String first, String... more) { + throw new UnsupportedOperationException("No paths available"); + } + + @Override + public PathMatcher getPathMatcher(String syntaxAndPattern) { + return p -> false; + } + + @Override + public UserPrincipalLookupService getUserPrincipalLookupService() { + throw new UnsupportedOperationException("UserPrincipalLookupService N/A"); + } + + @Override + public WatchService newWatchService() throws IOException { + throw new UnsupportedOperationException("WatchService N/A"); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/file/nonefs/NoneFileSystemFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/file/nonefs/NoneFileSystemFactory.java new file mode 100644 index 0000000..4775c43 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/file/nonefs/NoneFileSystemFactory.java @@ -0,0 +1,51 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.file.nonefs; + +import java.io.IOException; +import java.nio.file.FileSystem; +import java.nio.file.Path; + +import org.apache.sshd.common.file.FileSystemFactory; +import org.apache.sshd.common.session.SessionContext; + +/** + * Provides an "empty" file system that has no files/folders and throws exceptions on any attempt to access a + * file/folder on it + * + * @author Apache MINA SSHD Project + */ +public class NoneFileSystemFactory implements FileSystemFactory { + public static final NoneFileSystemFactory INSTANCE = new NoneFileSystemFactory(); + + public NoneFileSystemFactory() { + super(); + } + + @Override + public Path getUserHomeDir(SessionContext session) throws IOException { + return null; + } + + @Override + public FileSystem createFileSystem(SessionContext session) throws IOException { + return NoneFileSystem.INSTANCE; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/file/nonefs/NoneFileSystemProvider.java b/files-sftp/src/main/java/org/apache/sshd/common/file/nonefs/NoneFileSystemProvider.java new file mode 100644 index 0000000..486af88 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/file/nonefs/NoneFileSystemProvider.java @@ -0,0 +1,157 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.file.nonefs; + +import java.io.IOException; +import java.net.URI; +import java.nio.channels.SeekableByteChannel; +import java.nio.file.AccessMode; +import java.nio.file.CopyOption; +import java.nio.file.DirectoryStream; +import java.nio.file.DirectoryStream.Filter; +import java.nio.file.FileStore; +import java.nio.file.FileSystem; +import java.nio.file.LinkOption; +import java.nio.file.NoSuchFileException; +import java.nio.file.OpenOption; +import java.nio.file.Path; +import java.nio.file.attribute.BasicFileAttributes; +import java.nio.file.attribute.FileAttribute; +import java.nio.file.attribute.FileAttributeView; +import java.nio.file.spi.FileSystemProvider; +import java.util.Map; +import java.util.Objects; +import java.util.Set; + +/** + * Provides an "empty" {@link FileSystemProvider} that has no files of any type. + * + * @author Apache MINA SSHD Project + */ +public class NoneFileSystemProvider extends FileSystemProvider { + public static final String SCHEME = "none"; + + public static final NoneFileSystemProvider INSTANCE = new NoneFileSystemProvider(); + + public NoneFileSystemProvider() { + super(); + } + + @Override + public String getScheme() { + return SCHEME; + } + + @Override + public FileSystem newFileSystem(URI uri, Map env) throws IOException { + return getFileSystem(uri); + } + + @Override + public FileSystem getFileSystem(URI uri) { + if (!Objects.equals(getScheme(), uri.getScheme())) { + throw new IllegalArgumentException("Mismatched FS scheme"); + } + + return NoneFileSystem.INSTANCE; + } + + @Override + public Path getPath(URI uri) { + if (!Objects.equals(getScheme(), uri.getScheme())) { + throw new IllegalArgumentException("Mismatched FS scheme"); + } + + throw new UnsupportedOperationException("No paths available"); + } + + @Override + public SeekableByteChannel newByteChannel(Path path, Set options, FileAttribute... attrs) + throws IOException { + throw new NoSuchFileException(path.toString()); + } + + @Override + public DirectoryStream newDirectoryStream(Path dir, Filter filter) throws IOException { + throw new NoSuchFileException(dir.toString()); + } + + @Override + public void createDirectory(Path dir, FileAttribute... attrs) throws IOException { + throw new NoSuchFileException(dir.toString()); + } + + @Override + public void delete(Path path) throws IOException { + throw new NoSuchFileException(path.toString()); + } + + @Override + public void copy(Path source, Path target, CopyOption... options) throws IOException { + throw new NoSuchFileException(source.toString(), target.toString(), "N/A"); + + } + + @Override + public void move(Path source, Path target, CopyOption... options) throws IOException { + throw new NoSuchFileException(source.toString(), target.toString(), "N/A"); + } + + @Override + public boolean isSameFile(Path path1, Path path2) throws IOException { + throw new NoSuchFileException(path1.toString(), path2.toString(), "N/A"); + } + + @Override + public boolean isHidden(Path path) throws IOException { + throw new NoSuchFileException(path.toString()); + } + + @Override + public FileStore getFileStore(Path path) throws IOException { + throw new NoSuchFileException(path.toString()); + } + + @Override + public void checkAccess(Path path, AccessMode... modes) throws IOException { + throw new NoSuchFileException(path.toString()); + } + + @Override + public V getFileAttributeView(Path path, Class type, LinkOption... options) { + return null; + } + + @Override + public A readAttributes(Path path, Class type, LinkOption... options) + throws IOException { + throw new NoSuchFileException(path.toString()); + } + + @Override + public Map readAttributes(Path path, String attributes, LinkOption... options) throws IOException { + throw new NoSuchFileException(path.toString()); + } + + @Override + public void setAttribute(Path path, String attribute, Object value, LinkOption... options) throws IOException { + throw new NoSuchFileException(path.toString()); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/file/root/RootedFileSystem.java b/files-sftp/src/main/java/org/apache/sshd/common/file/root/RootedFileSystem.java new file mode 100644 index 0000000..ee7186d --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/file/root/RootedFileSystem.java @@ -0,0 +1,98 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.file.root; + +import java.io.IOException; +import java.nio.file.FileStore; +import java.nio.file.FileSystem; +import java.nio.file.Path; +import java.nio.file.attribute.UserPrincipalLookupService; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.Set; + +import org.apache.sshd.common.file.util.BaseFileSystem; + +/** + * @author Apache MINA SSHD Project + */ +public class RootedFileSystem extends BaseFileSystem { + + private final Path rootPath; + private final FileSystem rootFs; + + public RootedFileSystem(RootedFileSystemProvider fileSystemProvider, Path root, Map env) { + super(fileSystemProvider); + this.rootPath = Objects.requireNonNull(root, "No root path"); + this.rootFs = root.getFileSystem(); + } + + public FileSystem getRootFileSystem() { + return rootFs; + } + + public Path getRoot() { + return rootPath; + } + + @Override + public RootedFileSystemProvider provider() { + return (RootedFileSystemProvider) super.provider(); + } + + @Override + public void close() throws IOException { + } + + @Override + public boolean isOpen() { + return rootFs.isOpen(); + } + + @Override + public boolean isReadOnly() { + return rootFs.isReadOnly(); + } + + @Override + public Set supportedFileAttributeViews() { + return rootFs.supportedFileAttributeViews(); + } + + @Override + public UserPrincipalLookupService getUserPrincipalLookupService() { + return rootFs.getUserPrincipalLookupService(); + } + + @Override + protected RootedPath create(String root, List names) { + return new RootedPath(this, root, names); + } + + @Override + public Iterable getFileStores() { + return rootFs.getFileStores(); + } + + @Override + public String toString() { + return rootPath.toString(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/file/root/RootedFileSystemProvider.java b/files-sftp/src/main/java/org/apache/sshd/common/file/root/RootedFileSystemProvider.java new file mode 100644 index 0000000..7921ee7 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/file/root/RootedFileSystemProvider.java @@ -0,0 +1,461 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.file.root; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.URI; +import java.net.URISyntaxException; +import java.nio.channels.AsynchronousFileChannel; +import java.nio.channels.FileChannel; +import java.nio.channels.SeekableByteChannel; +import java.nio.file.AccessMode; +import java.nio.file.CopyOption; +import java.nio.file.DirectoryStream; +import java.nio.file.FileStore; +import java.nio.file.FileSystem; +import java.nio.file.FileSystemAlreadyExistsException; +import java.nio.file.FileSystemNotFoundException; +import java.nio.file.Files; +import java.nio.file.InvalidPathException; +import java.nio.file.LinkOption; +import java.nio.file.OpenOption; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.nio.file.ProviderMismatchException; +import java.nio.file.attribute.BasicFileAttributes; +import java.nio.file.attribute.FileAttribute; +import java.nio.file.attribute.FileAttributeView; +import java.nio.file.spi.FileSystemProvider; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Map; +import java.util.Objects; +import java.util.Set; +import java.util.concurrent.ExecutorService; + +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.io.IoUtils; + +/** + * File system provider which provides a rooted file system. The file system only gives access to files under the root + * directory. + * + * @author Apache MINA SSHD Project + */ +public class RootedFileSystemProvider extends FileSystemProvider { + private final Map fileSystems = new HashMap<>(); + + public RootedFileSystemProvider() { + } + + @Override + public String getScheme() { + return "root"; + } + + @Override + public FileSystem newFileSystem(URI uri, Map env) throws IOException { + return newFileSystem(uri, uriToPath(uri), env); + } + + @Override + public FileSystem getFileSystem(URI uri) { + return getFileSystem(uriToPath(uri)); + } + + @Override + public FileSystem newFileSystem(Path path, Map env) throws IOException { + return newFileSystem(path, path, env); + } + + protected FileSystem newFileSystem(Object src, Path path, Map env) throws IOException { + Path root = ensureDirectory(path).toRealPath(); + RootedFileSystem rootedFs = null; + synchronized (fileSystems) { + if (!this.fileSystems.containsKey(root)) { + rootedFs = new RootedFileSystem(this, path, env); + this.fileSystems.put(root, rootedFs); + } + } + + // do all the throwing outside the synchronized block to minimize its lock time + if (rootedFs == null) { + throw new FileSystemAlreadyExistsException("newFileSystem(" + src + ") already mapped " + root); + } + + return rootedFs; + } + + protected Path uriToPath(URI uri) { + String scheme = uri.getScheme(); + String expected = getScheme(); + if ((scheme == null) || (!scheme.equalsIgnoreCase(expected))) { + throw new IllegalArgumentException("URI scheme (" + scheme + ") is not '" + expected + "'"); + } + + String root = uri.getRawSchemeSpecificPart(); + int i = root.indexOf("!/"); + if (i != -1) { + root = root.substring(0, i); + } + + try { + return Paths.get(new URI(root)).toAbsolutePath(); + } catch (URISyntaxException e) { + throw new IllegalArgumentException(root + ": " + e.getMessage(), e); + } + } + + private static Path ensureDirectory(Path path) { + return IoUtils.ensureDirectory(path, IoUtils.getLinkOptions(true)); + } + + @Override + public Path getPath(URI uri) { + String str = uri.getSchemeSpecificPart(); + int i = str.indexOf("!/"); + if (i == -1) { + throw new IllegalArgumentException("URI: " + uri + " does not contain path info - e.g., root:file://foo/bar!/"); + } + + FileSystem fs = getFileSystem(uri); + String subPath = str.substring(i + 1); + Path p = fs.getPath(subPath); + return p; + } + + @Override + public InputStream newInputStream(Path path, OpenOption... options) throws IOException { + Path r = unroot(path); + FileSystemProvider p = provider(r); + return p.newInputStream(r, options); + } + + @Override + public OutputStream newOutputStream(Path path, OpenOption... options) throws IOException { + Path r = unroot(path); + FileSystemProvider p = provider(r); + return p.newOutputStream(r, options); + } + + @Override + public FileChannel newFileChannel(Path path, Set options, FileAttribute... attrs) + throws IOException { + Path r = unroot(path); + FileSystemProvider p = provider(r); + return p.newFileChannel(r, options, attrs); + } + + @Override + public AsynchronousFileChannel newAsynchronousFileChannel( + Path path, Set options, ExecutorService executor, FileAttribute... attrs) + throws IOException { + Path r = unroot(path); + FileSystemProvider p = provider(r); + return p.newAsynchronousFileChannel(r, options, executor, attrs); + } + + @Override + public SeekableByteChannel newByteChannel(Path path, Set options, FileAttribute... attrs) + throws IOException { + Path r = unroot(path); + FileSystemProvider p = provider(r); + return p.newByteChannel(r, options, attrs); + } + + @Override + public DirectoryStream newDirectoryStream(Path dir, DirectoryStream.Filter filter) throws IOException { + Path r = unroot(dir); + FileSystemProvider p = provider(r); + return root(((RootedPath) dir).getFileSystem(), p.newDirectoryStream(r, filter)); + } + + protected DirectoryStream root(RootedFileSystem rfs, DirectoryStream ds) { + return new DirectoryStream() { + @Override + public Iterator iterator() { + return root(rfs, ds.iterator()); + } + + @Override + public void close() throws IOException { + ds.close(); + } + }; + } + + protected Iterator root(RootedFileSystem rfs, Iterator iter) { + return new Iterator() { + @Override + public boolean hasNext() { + return iter.hasNext(); + } + + @Override + public Path next() { + return root(rfs, iter.next()); + } + }; + } + + @Override + public void createDirectory(Path dir, FileAttribute... attrs) throws IOException { + Path r = unroot(dir); + FileSystemProvider p = provider(r); + p.createDirectory(r, attrs); + } + + @Override + public void createSymbolicLink(Path link, Path target, FileAttribute... attrs) throws IOException { + createLink(link, target, true, attrs); + } + + @Override + public void createLink(Path link, Path existing) throws IOException { + createLink(link, existing, false); + } + + protected void createLink(Path link, Path target, boolean symLink, FileAttribute... attrs) throws IOException { + Path l = unroot(link); + Path t = unroot(target); + /* + * For a symbolic link preserve the relative path + */ + if (symLink && (!target.isAbsolute())) { + RootedFileSystem rfs = ((RootedPath) target).getFileSystem(); + Path root = rfs.getRoot(); + t = root.relativize(t); + } + + FileSystemProvider p = provider(l); + if (symLink) { + p.createSymbolicLink(l, t, attrs); + } else { + p.createLink(l, t); + } + + } + + @Override + public void delete(Path path) throws IOException { + Path r = unroot(path); + FileSystemProvider p = provider(r); + p.delete(r); + } + + @Override + public boolean deleteIfExists(Path path) throws IOException { + Path r = unroot(path); + FileSystemProvider p = provider(r); + return p.deleteIfExists(r); + } + + @Override + public Path readSymbolicLink(Path link) throws IOException { + Path r = unroot(link); + FileSystemProvider p = provider(r); + Path t = p.readSymbolicLink(r); + Path target = root((RootedFileSystem) link.getFileSystem(), t); + return target; + } + + @Override + public void copy(Path source, Path target, CopyOption... options) throws IOException { + Path s = unroot(source); + Path t = unroot(target); + FileSystemProvider p = provider(s); + p.copy(s, t, options); + } + + @Override + public void move(Path source, Path target, CopyOption... options) throws IOException { + Path s = unroot(source); + Path t = unroot(target); + FileSystemProvider p = provider(s); + p.move(s, t, options); + } + + @Override + public boolean isSameFile(Path path, Path path2) throws IOException { + Path r = unroot(path); + Path r2 = unroot(path2); + FileSystemProvider p = provider(r); + return p.isSameFile(r, r2); + } + + @Override + public boolean isHidden(Path path) throws IOException { + Path r = unroot(path); + FileSystemProvider p = provider(r); + return p.isHidden(r); + } + + @Override + public FileStore getFileStore(Path path) throws IOException { + RootedFileSystem fileSystem = getFileSystem(path); + Path root = fileSystem.getRoot(); + return Files.getFileStore(root); + } + + protected RootedFileSystem getFileSystem(Path path) throws FileSystemNotFoundException { + Path real = unroot(path); + Path rootInstance = null; + RootedFileSystem fsInstance = null; + synchronized (fileSystems) { + // Cannot use forEach because the referenced variable are not effectively final + for (Map.Entry fse : fileSystems.entrySet()) { + Path root = fse.getKey(); + RootedFileSystem fs = fse.getValue(); + if (real.equals(root)) { + return fs; // we were lucky to have the root + } + + if (!real.startsWith(root)) { + continue; + } + + // if already have a candidate prefer the longer match since both are prefixes of the real path + if ((rootInstance == null) || (rootInstance.getNameCount() < root.getNameCount())) { + rootInstance = root; + fsInstance = fs; + } + } + } + + if (fsInstance == null) { + throw new FileSystemNotFoundException(path.toString()); + } + + + return fsInstance; + } + + @Override + public void checkAccess(Path path, AccessMode... modes) throws IOException { + Path r = unroot(path); + FileSystemProvider p = provider(r); + p.checkAccess(r, modes); + } + + @Override + public V getFileAttributeView(Path path, Class type, LinkOption... options) { + Path r = unroot(path); + FileSystemProvider p = provider(r); + return p.getFileAttributeView(r, type, options); + } + + @Override + public A readAttributes(Path path, Class type, LinkOption... options) + throws IOException { + Path r = unroot(path); + + FileSystemProvider p = provider(r); + return p.readAttributes(r, type, options); + } + + @Override + public Map readAttributes(Path path, String attributes, LinkOption... options) throws IOException { + Path r = unroot(path); + FileSystemProvider p = provider(r); + Map attrs = p.readAttributes(r, attributes, options); + return attrs; + } + + @Override + public void setAttribute(Path path, String attribute, Object value, LinkOption... options) throws IOException { + Path r = unroot(path); + FileSystemProvider p = provider(r); + p.setAttribute(r, attribute, value, options); + } + + protected FileSystemProvider provider(Path path) { + FileSystem fs = path.getFileSystem(); + return fs.provider(); + } + + protected Path root(RootedFileSystem rfs, Path nat) { + if (nat.isAbsolute()) { + Path root = rfs.getRoot(); + Path rel = root.relativize(nat); + return rfs.getPath("/" + rel.toString()); + } else { + return rfs.getPath(nat.toString()); + } + } + + /** + * @param path The original (rooted) {@link Path} + * @return The actual absolute local {@link Path} represented by the rooted + * one + * @see #resolveLocalPath(RootedPath) + * @throws IllegalArgumentException if {@code null} path argument + * @throws ProviderMismatchException if not a {@link RootedPath} + */ + protected Path unroot(Path path) { + Objects.requireNonNull(path, "No path to unroot"); + if (!(path instanceof RootedPath)) { + throw new ProviderMismatchException( + "unroot(" + path + ") is not a " + RootedPath.class.getSimpleName() + + " but rather a " + path.getClass().getSimpleName()); + } + + return resolveLocalPath((RootedPath) path); + } + + /** + * @param path The original {@link RootedPath} - never {@code null} + * @return The actual absolute local {@link Path} represented by the rooted one + * @throws InvalidPathException If the resolved path is not a proper sub-path of the rooted file system + */ + protected Path resolveLocalPath(RootedPath path) { + RootedPath absPath = Objects.requireNonNull(path, "No rooted path to resolve").toAbsolutePath(); + RootedFileSystem rfs = absPath.getFileSystem(); + Path root = rfs.getRoot(); + FileSystem lfs = root.getFileSystem(); + + String rSep = ValidateUtils.checkNotNullAndNotEmpty(rfs.getSeparator(), "No rooted file system separator"); + ValidateUtils.checkTrue(rSep.length() == 1, "Bad rooted file system separator: %s", rSep); + char rootedSeparator = rSep.charAt(0); + + String lSep = ValidateUtils.checkNotNullAndNotEmpty(lfs.getSeparator(), "No local file system separator"); + ValidateUtils.checkTrue(lSep.length() == 1, "Bad local file system separator: %s", lSep); + char localSeparator = lSep.charAt(0); + + String r = absPath.toString(); + String subPath = r.substring(1); + if (rootedSeparator != localSeparator) { + subPath = subPath.replace(rootedSeparator, localSeparator); + } + + Path resolved = root.resolve(subPath); + resolved = resolved.normalize(); + resolved = resolved.toAbsolutePath(); + + /* + * This can happen for Windows since we represent its paths as /C:/some/path, so substring(1) yields + * C:/some/path - which is resolved as an absolute path (which we don't want). + */ + if (!resolved.startsWith(root)) { + throw new InvalidPathException(r, "Not under root"); + } + return resolved; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/file/root/RootedPath.java b/files-sftp/src/main/java/org/apache/sshd/common/file/root/RootedPath.java new file mode 100644 index 0000000..e708aed --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/file/root/RootedPath.java @@ -0,0 +1,58 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.file.root; + +import java.io.File; +import java.io.IOException; +import java.nio.file.FileSystem; +import java.nio.file.LinkOption; +import java.nio.file.Path; +import java.nio.file.spi.FileSystemProvider; +import java.util.List; + +import org.apache.sshd.common.file.util.BasePath; + +/** + * @author Apache MINA SSHD Project + */ +public class RootedPath extends BasePath { + public RootedPath(RootedFileSystem fileSystem, String root, List names) { + super(fileSystem, root, names); + } + + @Override + public File toFile() { + RootedPath absolute = toAbsolutePath(); + RootedFileSystem fs = getFileSystem(); + Path path = fs.getRoot(); + for (String n : absolute.names) { + path = path.resolve(n); + } + return path.toFile(); + } + + @Override + public RootedPath toRealPath(LinkOption... options) throws IOException { + RootedPath absolute = toAbsolutePath(); + FileSystem fs = getFileSystem(); + FileSystemProvider provider = fs.provider(); + provider.checkAccess(absolute); + return absolute; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/file/util/BaseFileSystem.java b/files-sftp/src/main/java/org/apache/sshd/common/file/util/BaseFileSystem.java new file mode 100644 index 0000000..94a5283 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/file/util/BaseFileSystem.java @@ -0,0 +1,244 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.file.util; + +import java.io.IOException; +import java.nio.file.FileStore; +import java.nio.file.FileSystem; +import java.nio.file.Path; +import java.nio.file.PathMatcher; +import java.nio.file.WatchService; +import java.nio.file.spi.FileSystemProvider; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Objects; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import org.apache.sshd.common.util.GenericUtils; + +public abstract class BaseFileSystem extends FileSystem { + private final FileSystemProvider fileSystemProvider; + + public BaseFileSystem(FileSystemProvider fileSystemProvider) { + this.fileSystemProvider = Objects.requireNonNull(fileSystemProvider, "No file system provider"); + } + + public T getDefaultDir() { + return getPath("/"); + } + + @Override + public boolean isReadOnly() { + return false; + } + + @Override + public FileSystemProvider provider() { + return fileSystemProvider; + } + + @Override + public String getSeparator() { + return "/"; + } + + @Override + public Iterable getRootDirectories() { + return Collections.singleton(create("/")); + } + + @Override + public Iterable getFileStores() { + throw new UnsupportedOperationException("No file stores available"); + } + + @Override + public T getPath(String first, String... more) { + StringBuilder sb = new StringBuilder(); + if (!GenericUtils.isEmpty(first)) { + appendDedupSep(sb, first.replace('\\', '/')); // in case we are running on Windows + } + + if (GenericUtils.length(more) > 0) { + for (String segment : more) { + if ((sb.length() > 0) && (sb.charAt(sb.length() - 1) != '/')) { + sb.append('/'); + } + // in case we are running on Windows + appendDedupSep(sb, segment.replace('\\', '/')); + } + } + + if ((sb.length() > 1) && (sb.charAt(sb.length() - 1) == '/')) { + sb.setLength(sb.length() - 1); + } + + String path = sb.toString(); + String root = null; + if (path.startsWith("/")) { + root = "/"; + path = path.substring(1); + } + + String[] names = GenericUtils.split(path, '/'); + T p = create(root, names); + + return p; + } + + protected void appendDedupSep(StringBuilder sb, CharSequence s) { + for (int i = 0; i < s.length(); i++) { + char ch = s.charAt(i); + if ((ch != '/') || (sb.length() == 0) || (sb.charAt(sb.length() - 1) != '/')) { + sb.append(ch); + } + } + } + + @Override + public PathMatcher getPathMatcher(String syntaxAndPattern) { + int colonIndex = Objects.requireNonNull(syntaxAndPattern, "No argument").indexOf(':'); + if ((colonIndex <= 0) || (colonIndex == syntaxAndPattern.length() - 1)) { + throw new IllegalArgumentException( + "syntaxAndPattern must have form \"syntax:pattern\" but was \"" + syntaxAndPattern + "\""); + } + + String syntax = syntaxAndPattern.substring(0, colonIndex); + String pattern = syntaxAndPattern.substring(colonIndex + 1); + String expr; + switch (syntax) { + case "glob": + expr = globToRegex(pattern); + break; + case "regex": + expr = pattern; + break; + default: + throw new UnsupportedOperationException("Unsupported path matcher syntax: \'" + syntax + "\'"); + } + + Pattern regex = Pattern.compile(expr); + return path -> { + Matcher m = regex.matcher(path.toString()); + return m.matches(); + }; + } + + protected String globToRegex(String pattern) { + StringBuilder sb = new StringBuilder(Objects.requireNonNull(pattern, "No pattern").length()); + int inGroup = 0; + int inClass = 0; + int firstIndexInClass = -1; + char[] arr = pattern.toCharArray(); + for (int i = 0; i < arr.length; i++) { + char ch = arr[i]; + switch (ch) { + case '\\': + i++; + if (i >= arr.length) { + sb.append('\\'); + } else { + char next = arr[i]; + switch (next) { + case ',': + // escape not needed + break; + case 'Q': + case 'E': + // extra escape needed + sb.append("\\\\"); + break; + default: + sb.append('\\'); + break; + } + sb.append(next); + } + break; + case '*': + sb.append((inClass == 0) ? ".*" : "*"); + break; + case '?': + sb.append((inClass == 0) ? '.' : '?'); + break; + case '[': + inClass++; + firstIndexInClass = i + 1; + sb.append('['); + break; + case ']': + inClass--; + sb.append(']'); + break; + case '.': + case '(': + case ')': + case '+': + case '|': + case '^': + case '$': + case '@': + case '%': + if ((inClass == 0) || ((firstIndexInClass == i) && (ch == '^'))) { + sb.append('\\'); + } + sb.append(ch); + break; + case '!': + sb.append((firstIndexInClass == i) ? '^' : '!'); + break; + case '{': + inGroup++; + sb.append('('); + break; + case '}': + inGroup--; + sb.append(')'); + break; + case ',': + sb.append((inGroup > 0) ? '|' : ','); + break; + default: + sb.append(ch); + } + } + + String regex = sb.toString(); + + return regex; + } + + @Override + public WatchService newWatchService() throws IOException { + throw new UnsupportedOperationException("Watch service N/A"); + } + + protected T create(String root, String... names) { + return create(root, GenericUtils.unmodifiableList(names)); + } + + protected T create(String root, Collection names) { + return create(root, GenericUtils.unmodifiableList(names)); + } + + protected abstract T create(String root, List names); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/file/util/BasePath.java b/files-sftp/src/main/java/org/apache/sshd/common/file/util/BasePath.java new file mode 100644 index 0000000..021ffcd --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/file/util/BasePath.java @@ -0,0 +1,426 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.file.util; + +import java.io.File; +import java.io.IOException; +import java.net.URI; +import java.nio.file.FileSystem; +import java.nio.file.Path; +import java.nio.file.ProviderMismatchException; +import java.nio.file.WatchEvent; +import java.nio.file.WatchKey; +import java.nio.file.WatchService; +import java.util.AbstractList; +import java.util.ArrayDeque; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.Deque; +import java.util.Iterator; +import java.util.List; +import java.util.Objects; + +import org.apache.sshd.common.util.GenericUtils; + +public abstract class BasePath, FS extends BaseFileSystem> implements Path { + + protected final String root; + protected final List names; + private final FS fileSystem; + private String strValue; + private int hashValue; + + public BasePath(FS fileSystem, String root, List names) { + this.fileSystem = Objects.requireNonNull(fileSystem, "No file system provided"); + this.root = root; + this.names = names; + } + + @SuppressWarnings("unchecked") + protected T asT() { + return (T) this; + } + + protected T create(String root, String... names) { + return create(root, GenericUtils.unmodifiableList(names)); + } + + protected T create(String root, Collection names) { + return create(root, GenericUtils.unmodifiableList(names)); + } + + protected T create(String root, List names) { + return fileSystem.create(root, names); + } + + @Override + public FS getFileSystem() { + return fileSystem; + } + + @Override + public boolean isAbsolute() { + return root != null; + } + + @Override + public T getRoot() { + if (isAbsolute()) { + return create(root); + } + return null; + } + + @Override + public T getFileName() { + if (!names.isEmpty()) { + return create(null, names.get(names.size() - 1)); + } + return null; + } + + @Override + public T getParent() { + if (names.isEmpty() || ((names.size() == 1) && (root == null))) { + return null; + } + return create(root, names.subList(0, names.size() - 1)); + } + + @Override + public int getNameCount() { + return names.size(); + } + + @Override + public T getName(int index) { + int maxIndex = getNameCount(); + if ((index < 0) || (index >= maxIndex)) { + throw new IllegalArgumentException("Invalid name index " + index + " - not in range [0-" + maxIndex + "]"); + } + return create(null, names.subList(index, index + 1)); + } + + @Override + public T subpath(int beginIndex, int endIndex) { + int maxIndex = getNameCount(); + if ((beginIndex < 0) || (beginIndex >= maxIndex) || (endIndex > maxIndex) || (beginIndex >= endIndex)) { + throw new IllegalArgumentException( + "subpath(" + beginIndex + "," + endIndex + ") bad index range - allowed [0-" + maxIndex + "]"); + } + return create(null, names.subList(beginIndex, endIndex)); + } + + protected boolean startsWith(List list, List other) { + return list.size() >= other.size() && list.subList(0, other.size()).equals(other); + } + + @Override + public boolean startsWith(Path other) { + T p1 = asT(); + T p2 = checkPath(other); + return Objects.equals(p1.getFileSystem(), p2.getFileSystem()) + && Objects.equals(p1.root, p2.root) + && startsWith(p1.names, p2.names); + } + + @Override + public boolean startsWith(String other) { + return startsWith(getFileSystem().getPath(other)); + } + + protected boolean endsWith(List list, List other) { + return other.size() <= list.size() && list.subList(list.size() - other.size(), list.size()).equals(other); + } + + @Override + public boolean endsWith(Path other) { + T p1 = asT(); + T p2 = checkPath(other); + if (p2.isAbsolute()) { + return p1.compareTo(p2) == 0; + } + return endsWith(p1.names, p2.names); + } + + @Override + public boolean endsWith(String other) { + return endsWith(getFileSystem().getPath(other)); + } + + protected boolean isNormal() { + int count = getNameCount(); + if ((count == 0) || ((count == 1) && !isAbsolute())) { + return true; + } + boolean foundNonParentName = isAbsolute(); // if there's a root, the path doesn't start with .. + boolean normal = true; + for (String name : names) { + if (name.equals("..")) { + if (foundNonParentName) { + normal = false; + break; + } + } else { + if (name.equals(".")) { + normal = false; + break; + } + foundNonParentName = true; + } + } + return normal; + } + + @Override + public T normalize() { + if (isNormal()) { + return asT(); + } + + Deque newNames = new ArrayDeque<>(); + for (String name : names) { + if (name.equals("..")) { + String lastName = newNames.peekLast(); + if (lastName != null && !lastName.equals("..")) { + newNames.removeLast(); + } else if (!isAbsolute()) { + // if there's a root and we have an extra ".." that would go up above the root, ignore it + newNames.add(name); + } + } else if (!name.equals(".")) { + newNames.add(name); + } + } + + return newNames.equals(names) ? asT() : create(root, newNames); + } + + @Override + public T resolve(Path other) { + T p1 = asT(); + T p2 = checkPath(other); + if (p2.isAbsolute()) { + return p2; + } + if (p2.names.isEmpty()) { + return p1; + } + String[] names = new String[p1.names.size() + p2.names.size()]; + int index = 0; + for (String p : p1.names) { + names[index++] = p; + } + for (String p : p2.names) { + names[index++] = p; + } + return create(p1.root, names); + } + + @Override + public T resolve(String other) { + return resolve(getFileSystem().getPath(other, GenericUtils.EMPTY_STRING_ARRAY)); + } + + @Override + public Path resolveSibling(Path other) { + Objects.requireNonNull(other, "Missing sibling path argument"); + T parent = getParent(); + return parent == null ? other : parent.resolve(other); + } + + @Override + public Path resolveSibling(String other) { + return resolveSibling(getFileSystem().getPath(other, GenericUtils.EMPTY_STRING_ARRAY)); + } + + @Override + public T relativize(Path other) { + T p1 = asT(); + T p2 = checkPath(other); + if (!Objects.equals(p1.getRoot(), p2.getRoot())) { + throw new IllegalArgumentException("Paths have different roots: " + this + ", " + other); + } + if (p2.equals(p1)) { + return create(null); + } + if (p1.root == null && p1.names.isEmpty()) { + return p2; + } + // Common subsequence + int sharedSubsequenceLength = 0; + for (int i = 0; i < Math.min(p1.names.size(), p2.names.size()); i++) { + if (p1.names.get(i).equals(p2.names.get(i))) { + sharedSubsequenceLength++; + } else { + break; + } + } + int extraNamesInThis = Math.max(0, p1.names.size() - sharedSubsequenceLength); + List extraNamesInOther = (p2.names.size() <= sharedSubsequenceLength) + ? Collections.emptyList() + : p2.names.subList(sharedSubsequenceLength, p2.names.size()); + List parts = new ArrayList<>(extraNamesInThis + extraNamesInOther.size()); + // add .. for each extra name in this path + parts.addAll(Collections.nCopies(extraNamesInThis, "..")); + // add each extra name in the other path + parts.addAll(extraNamesInOther); + return create(null, parts); + } + + @Override + public T toAbsolutePath() { + if (isAbsolute()) { + return asT(); + } + return fileSystem.getDefaultDir().resolve(this); + } + + @Override + public URI toUri() { + File file = toFile(); + return file.toURI(); + } + + @Override + public File toFile() { + throw new UnsupportedOperationException("To file " + toAbsolutePath() + " N/A"); + } + + @Override + public WatchKey register(WatchService watcher, WatchEvent.Kind... events) throws IOException { + return register(watcher, events, (WatchEvent.Modifier[]) null); + } + + @Override + public WatchKey register(WatchService watcher, WatchEvent.Kind[] events, WatchEvent.Modifier... modifiers) + throws IOException { + throw new UnsupportedOperationException("Register to watch " + toAbsolutePath() + " N/A"); + } + + @Override + public Iterator iterator() { + return new AbstractList() { + @Override + public Path get(int index) { + return getName(index); + } + + @Override + public int size() { + return getNameCount(); + } + }.iterator(); + } + + @Override + public int compareTo(Path paramPath) { + T p1 = asT(); + T p2 = checkPath(paramPath); + int c = compare(p1.root, p2.root); + if (c != 0) { + return c; + } + for (int i = 0; i < Math.min(p1.names.size(), p2.names.size()); i++) { + String n1 = p1.names.get(i); + String n2 = p2.names.get(i); + c = compare(n1, n2); + if (c != 0) { + return c; + } + } + return p1.names.size() - p2.names.size(); + } + + protected int compare(String s1, String s2) { + if (s1 == null) { + return s2 == null ? 0 : -1; + } else { + return s2 == null ? +1 : s1.compareTo(s2); + } + } + + @SuppressWarnings("unchecked") + protected T checkPath(Path paramPath) { + Objects.requireNonNull(paramPath, "Missing path argument"); + if (paramPath.getClass() != getClass()) { + throw new ProviderMismatchException( + "Path is not of this class: " + paramPath + "[" + paramPath.getClass().getSimpleName() + "]"); + } + T t = (T) paramPath; + + FileSystem fs = t.getFileSystem(); + if (fs.provider() != this.fileSystem.provider()) { + throw new ProviderMismatchException("Mismatched providers for " + t); + } + return t; + } + + @Override + public int hashCode() { + synchronized (this) { + if (hashValue == 0) { + hashValue = calculatedHashCode(); + if (hashValue == 0) { + hashValue = 1; + } + } + } + + return hashValue; + } + + protected int calculatedHashCode() { + return Objects.hash(getFileSystem(), root, names); + } + + @Override + public boolean equals(Object obj) { + return (obj instanceof Path) && (compareTo((Path) obj) == 0); + } + + @Override + public String toString() { + synchronized (this) { + if (strValue == null) { + strValue = asString(); + } + } + + return strValue; + } + + protected String asString() { + StringBuilder sb = new StringBuilder(); + if (root != null) { + sb.append(root); + } + + String separator = getFileSystem().getSeparator(); + for (String name : names) { + if ((sb.length() > 0) && (sb.charAt(sb.length() - 1) != '/')) { + sb.append(separator); + } + sb.append(name); + } + + return sb.toString(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/file/util/MockFileSystem.java b/files-sftp/src/main/java/org/apache/sshd/common/file/util/MockFileSystem.java new file mode 100644 index 0000000..bbc1b27 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/file/util/MockFileSystem.java @@ -0,0 +1,114 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.file.util; + +import java.io.File; +import java.io.IOException; +import java.nio.file.FileStore; +import java.nio.file.FileSystem; +import java.nio.file.Path; +import java.nio.file.PathMatcher; +import java.nio.file.WatchService; +import java.nio.file.attribute.UserPrincipalLookupService; +import java.nio.file.spi.FileSystemProvider; +import java.util.Arrays; +import java.util.Collections; +import java.util.Set; +import java.util.concurrent.atomic.AtomicBoolean; + +/** + * @author Apache MINA SSHD Project + */ +public class MockFileSystem extends FileSystem { + private final AtomicBoolean open = new AtomicBoolean(true); + private final String name; + + public MockFileSystem(String name) { + this.name = name; + } + + @Override + public FileSystemProvider provider() { + throw new UnsupportedOperationException("provider() N/A"); + } + + @Override + public void close() throws IOException { + if (open.getAndSet(false)) { + // noinspection UnnecessaryReturnStatement + return; // debug breakpoint + } + } + + @Override + public boolean isOpen() { + return open.get(); + } + + @Override + public boolean isReadOnly() { + return true; + } + + @Override + public String getSeparator() { + return File.separator; + } + + @Override + public Iterable getRootDirectories() { + return Collections.emptyList(); + } + + @Override + public Iterable getFileStores() { + return Collections.emptyList(); + } + + @Override + public Set supportedFileAttributeViews() { + return Collections.emptySet(); + } + + @Override + public Path getPath(String first, String... more) { + throw new UnsupportedOperationException("getPath(" + first + ") " + Arrays.toString(more)); + } + + @Override + public PathMatcher getPathMatcher(String syntaxAndPattern) { + throw new UnsupportedOperationException("getPathMatcher(" + syntaxAndPattern + ")"); + } + + @Override + public UserPrincipalLookupService getUserPrincipalLookupService() { + throw new UnsupportedOperationException("getUserPrincipalLookupService() N/A"); + } + + @Override + public WatchService newWatchService() throws IOException { + throw new IOException("newWatchService() N/A"); + } + + @Override + public String toString() { + return name; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/file/util/MockPath.java b/files-sftp/src/main/java/org/apache/sshd/common/file/util/MockPath.java new file mode 100644 index 0000000..bd79dce --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/file/util/MockPath.java @@ -0,0 +1,186 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.file.util; + +import java.io.File; +import java.io.IOException; +import java.net.URI; +import java.nio.file.FileSystem; +import java.nio.file.LinkOption; +import java.nio.file.Path; +import java.nio.file.WatchEvent.Kind; +import java.nio.file.WatchEvent.Modifier; +import java.nio.file.WatchKey; +import java.nio.file.WatchService; +import java.util.Collections; +import java.util.Iterator; + +/** + * @author Apache MINA SSHD Project + */ +public class MockPath implements Path { + private final String path; + private final FileSystem fs; + + public MockPath(String path) { + this.path = path; + this.fs = new MockFileSystem(path); + } + + @Override + public FileSystem getFileSystem() { + return fs; + } + + @Override + public boolean isAbsolute() { + return true; + } + + @Override + public Path getRoot() { + return this; + } + + @Override + public Path getFileName() { + return this; + } + + @Override + public Path getParent() { + return null; + } + + @Override + public int getNameCount() { + return 0; + } + + @Override + public Path getName(int index) { + if (index == 0) { + return this; + } else { + throw new IllegalArgumentException("getName - bad index: " + index); + } + } + + @Override + public Path subpath(int beginIndex, int endIndex) { + throw new UnsupportedOperationException("subPath(" + beginIndex + "," + endIndex + ") N/A"); + } + + @Override + public boolean startsWith(Path other) { + return startsWith(other.toString()); + } + + @Override + public boolean startsWith(String other) { + return path.startsWith(other); + } + + @Override + public boolean endsWith(Path other) { + return endsWith(other.toString()); + } + + @Override + public boolean endsWith(String other) { + return path.endsWith(other); + } + + @Override + public Path normalize() { + return this; + } + + @Override + public Path resolve(Path other) { + return resolve(other.toString()); + } + + @Override + public Path resolve(String other) { + throw new UnsupportedOperationException("resolve(" + other + ") N/A"); + } + + @Override + public Path resolveSibling(Path other) { + return resolveSibling(other.toString()); + } + + @Override + public Path resolveSibling(String other) { + throw new UnsupportedOperationException("resolveSibling(" + other + ") N/A"); + } + + @Override + public Path relativize(Path other) { + throw new UnsupportedOperationException("relativize(" + other + ") N/A"); + } + + @Override + public URI toUri() { + throw new UnsupportedOperationException("toUri() N/A"); + } + + @Override + public Path toAbsolutePath() { + return this; + } + + @Override + public Path toRealPath(LinkOption... options) throws IOException { + return this; + } + + @Override + public File toFile() { + throw new UnsupportedOperationException("toFile() N/A"); + } + + @Override + public WatchKey register(WatchService watcher, Kind... events) throws IOException { + return register(watcher, events, (Modifier[]) null); + } + + @Override + public WatchKey register(WatchService watcher, Kind[] events, Modifier... modifiers) throws IOException { + throw new IOException("register(" + path + ") N/A"); + } + + @Override + public Iterator iterator() { + return Collections. singleton(this).iterator(); + } + + @Override + public int compareTo(Path other) { + return path.compareTo(other.toString()); + } + + @Override + public String toString() { + return path; + } + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/file/virtualfs/VirtualFileSystemFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/file/virtualfs/VirtualFileSystemFactory.java new file mode 100644 index 0000000..7ad53e5 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/file/virtualfs/VirtualFileSystemFactory.java @@ -0,0 +1,88 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.file.virtualfs; + +import java.io.IOException; +import java.nio.file.FileSystem; +import java.nio.file.InvalidPathException; +import java.nio.file.Path; +import java.util.Collections; +import java.util.Map; +import java.util.Objects; +import java.util.concurrent.ConcurrentHashMap; + +import org.apache.sshd.common.file.FileSystemFactory; +import org.apache.sshd.common.file.root.RootedFileSystemProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * SSHd file system factory to reduce the visibility to a physical folder. + */ +public class VirtualFileSystemFactory implements FileSystemFactory { + + private Path defaultHomeDir; + private final Map homeDirs = new ConcurrentHashMap<>(); + + public VirtualFileSystemFactory() { + super(); + } + + public VirtualFileSystemFactory(Path defaultHomeDir) { + this.defaultHomeDir = defaultHomeDir; + } + + public void setDefaultHomeDir(Path defaultHomeDir) { + this.defaultHomeDir = defaultHomeDir; + } + + public Path getDefaultHomeDir() { + return defaultHomeDir; + } + + public void setUserHomeDir(String userName, Path userHomeDir) { + homeDirs.put(ValidateUtils.checkNotNullAndNotEmpty(userName, "No username"), + Objects.requireNonNull(userHomeDir, "No home dir")); + } + + public Path getUserHomeDir(String userName) { + return homeDirs.get(ValidateUtils.checkNotNullAndNotEmpty(userName, "No username")); + } + + @Override + public Path getUserHomeDir(SessionContext session) throws IOException { + String username = session.getUsername(); + Path homeDir = getUserHomeDir(username); + if (homeDir == null) { + homeDir = getDefaultHomeDir(); + } + + return homeDir; + } + + @Override + public FileSystem createFileSystem(SessionContext session) throws IOException { + Path dir = getUserHomeDir(session); + if (dir == null) { + throw new InvalidPathException(session.getUsername(), "Cannot resolve home directory"); + } + + return new RootedFileSystemProvider().newFileSystem(dir, Collections.emptyMap()); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/forward/Forwarder.java b/files-sftp/src/main/java/org/apache/sshd/common/forward/Forwarder.java new file mode 100644 index 0000000..b006820 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/forward/Forwarder.java @@ -0,0 +1,58 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.forward; + +import java.io.IOException; + +import org.apache.sshd.common.Closeable; +import org.apache.sshd.common.util.net.SshdSocketAddress; + +/** + * TODO Add javadoc + * + * @author Apache MINA SSHD Project + */ +public interface Forwarder + extends PortForwardingManager, + PortForwardingEventListenerManager, + PortForwardingEventListenerManagerHolder, + Closeable { + /** + * @param remotePort The remote port + * @return The local {@link SshdSocketAddress} that the remote port is forwarded to + */ + SshdSocketAddress getForwardedPort(int remotePort); + + /** + * Called when the other side requested a remote port forward. + * + * @param local The request address + * @return The bound local {@link SshdSocketAddress} - {@code null} if not allowed to forward + * @throws IOException If failed to handle request + */ + SshdSocketAddress localPortForwardingRequested(SshdSocketAddress local) throws IOException; + + /** + * Called when the other side cancelled a remote port forward. + * + * @param local The local {@link SshdSocketAddress} + * @throws IOException If failed to handle request + */ + void localPortForwardingCancelled(SshdSocketAddress local) throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/forward/ForwarderFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/forward/ForwarderFactory.java new file mode 100644 index 0000000..6bf06f2 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/forward/ForwarderFactory.java @@ -0,0 +1,38 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.forward; + +import org.apache.sshd.common.session.ConnectionService; + +/** + * A factory for creating forwarder objects for client port forwarding + * + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface ForwarderFactory { + + /** + * Creates the forwarder to be used for TCP/IP port forwards for this session. + * + * @param service the {@link ConnectionService} the connections are forwarded through + * @return the {@link Forwarder} that will listen for connections and set up forwarding + */ + Forwarder create(ConnectionService service); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/forward/ForwardingFilter.java b/files-sftp/src/main/java/org/apache/sshd/common/forward/ForwardingFilter.java new file mode 100644 index 0000000..6d2c3a2 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/forward/ForwardingFilter.java @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.forward; + +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.net.SshdSocketAddress; + +/** + * Determines if a forwarding request will be permitted. + * + * @author Apache MINA SSHD Project + */ +public interface ForwardingFilter extends TcpForwardingFilter { + /** + * Wraps separate filtering policies into one - any {@code null} one is assumed to be disabled + * + * @param tcpFilter The {@link TcpForwardingFilter} + * @return The combined implementation + */ + static ForwardingFilter asForwardingFilter(TcpForwardingFilter tcpFilter) { + if (tcpFilter == null) { + return RejectAllForwardingFilter.INSTANCE; + } + + return new ForwardingFilter() { + @Override + public boolean canListen(SshdSocketAddress address, Session session) { + return tcpFilter.canListen(address, session); + } + + @Override + public boolean canConnect(Type type, SshdSocketAddress address, Session session) { + return tcpFilter.canConnect(type, address, session); + } + }; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/forward/ForwardingTunnelEndpointsProvider.java b/files-sftp/src/main/java/org/apache/sshd/common/forward/ForwardingTunnelEndpointsProvider.java new file mode 100644 index 0000000..da5f77b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/forward/ForwardingTunnelEndpointsProvider.java @@ -0,0 +1,31 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.forward; + +import org.apache.sshd.common.util.net.SshdSocketAddress; + +/** + * @author Apache MINA SSHD Project + */ +public interface ForwardingTunnelEndpointsProvider { + SshdSocketAddress getTunnelEntrance(); + + SshdSocketAddress getTunnelExit(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/forward/LocalForwardingEntry.java b/files-sftp/src/main/java/org/apache/sshd/common/forward/LocalForwardingEntry.java new file mode 100644 index 0000000..033d86a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/forward/LocalForwardingEntry.java @@ -0,0 +1,207 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.forward; + +import java.net.InetSocketAddress; +import java.util.Collection; +import java.util.Objects; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.net.SshdSocketAddress; + +/** + * @author Apache MINA SSHD Project + */ +public class LocalForwardingEntry { + private final SshdSocketAddress local; + private final SshdSocketAddress bound; + private final SshdSocketAddress combined; + + public LocalForwardingEntry(SshdSocketAddress local, InetSocketAddress bound) { + this(local, new SshdSocketAddress(bound)); + } + + public LocalForwardingEntry(SshdSocketAddress local, SshdSocketAddress bound) { + this.local = Objects.requireNonNull(local, "No local address provided"); + this.bound = Objects.requireNonNull(bound, "No bound address provided"); + this.combined = resolveCombinedBoundAddress(local, bound); + } + + /** + * @return The original requested local address for binding + */ + public SshdSocketAddress getLocalAddress() { + return local; + } + + /** + * @return The actual bound address + */ + public SshdSocketAddress getBoundAddress() { + return bound; + } + + /** + * A combined address using the following logic: + *
      + *
    • If original requested local binding has a specific port and non-wildcard address then use the local binding + * as-is
      • + * + *
    • If original requested local binding has a specific address but no specific port, then combine its address + * with the actual auto-allocated port at binding.
      • + * + *
    • If original requested local binding has neither a specific address nor a specific port then use the effective + * bound address.
      • + *
        + * + * @return Combined result + */ + public SshdSocketAddress getCombinedBoundAddress() { + return combined; + } + + @Override + public boolean equals(Object o) { + if (o == null) { + return false; + } + if (o == this) { + return true; + } + if (getClass() != o.getClass()) { + return false; + } + + LocalForwardingEntry other = (LocalForwardingEntry) o; + return Objects.equals(getCombinedBoundAddress(), other.getCombinedBoundAddress()); + } + + @Override + public int hashCode() { + return Objects.hashCode(getCombinedBoundAddress()); + } + + @Override + public String toString() { + return getClass().getSimpleName() + + "[local=" + getLocalAddress() + + ", bound=" + getBoundAddress() + + ", combined=" + getCombinedBoundAddress() + "]"; + } + + public static SshdSocketAddress resolveCombinedBoundAddress(SshdSocketAddress local, SshdSocketAddress bound) { + int localPort = local.getPort(); + int boundPort = bound.getPort(); + if ((localPort > 0) && (localPort != boundPort)) { + throw new IllegalArgumentException("Mismatched ports for local (" + local + ") vs. bound (" + bound + ") entry"); + } + + if (Objects.equals(local, bound)) { + return local; + } + + String localName = local.getHostName(); + boolean wildcardLocal = SshdSocketAddress.isWildcardAddress(localName); + if (wildcardLocal) { + return bound; + } + + if (localPort > 0) { + return local; // have a specific local address + } + + // Missing the port from local address + return new SshdSocketAddress(localName, boundPort); + } + + public static LocalForwardingEntry findMatchingEntry( + String host, int port, Collection entries) { + return findMatchingEntry(host, SshdSocketAddress.isWildcardAddress(host), port, entries); + } + + /** + * @param host The host - ignored if {@code null}/empty and not wildcard address match - i.e., no match + * reported + * @param anyLocalAddress Is host the wildcard address - in which case, we try an exact match first for the host, + * and if that fails then only the port is matched + * @param port The port - ignored if non-positive - i.e., no match reported + * @param entries The {@link Collection} of {@link LocalForwardingEntry} to check - ignored if + * {@code null}/empty - i.e., no match reported + * @return The first entry whose local or bound address matches the host name - case + * insensitive and has a matching bound port - {@code null} if no match found + */ + public static LocalForwardingEntry findMatchingEntry( + String host, boolean anyLocalAddress, int port, Collection entries) { + if ((port <= 0) || (GenericUtils.isEmpty(entries))) { + return null; + } + + if (GenericUtils.isEmpty(host) && (!anyLocalAddress)) { + return null; + } + + LocalForwardingEntry candidate = null; + for (LocalForwardingEntry e : entries) { + SshdSocketAddress bound = e.getBoundAddress(); + /* + * Note we don't check the local port since it could be zero. + * If it isn't then it must be equal to the bound port (enforced in constructor) + */ + if (port != bound.getPort()) { + continue; + } + + /* + * We first try an exact match - if not found, declare this + * a candidate and return it if host is any local address + */ + + String boundName = bound.getHostName(); + if (SshdSocketAddress.isEquivalentHostName(host, boundName, false)) { + return e; + } + + SshdSocketAddress local = e.getLocalAddress(); + String localName = local.getHostName(); + if (SshdSocketAddress.isEquivalentHostName(host, localName, false)) { + return e; + } + + if (SshdSocketAddress.isLoopbackAlias(host, boundName) + || SshdSocketAddress.isLoopbackAlias(host, localName)) { + return e; + } + + if (anyLocalAddress) { + if (candidate != null) { + throw new IllegalStateException( + "Multiple candidate matches for " + host + "@" + port + ": " + candidate + ", " + e); + } + candidate = e; + } + } + + if (anyLocalAddress) { + return candidate; + } + + return null; // no match found + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/forward/PortForwardingEventListener.java b/files-sftp/src/main/java/org/apache/sshd/common/forward/PortForwardingEventListener.java new file mode 100644 index 0000000..a83e93a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/forward/PortForwardingEventListener.java @@ -0,0 +1,162 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.forward; + +import java.io.IOException; + +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.SshdEventListener; +import org.apache.sshd.common.util.net.SshdSocketAddress; + +/** + * @author Apache MINA SSHD Project + */ +public interface PortForwardingEventListener extends SshdEventListener { + PortForwardingEventListener EMPTY = new PortForwardingEventListener() { + @Override + public String toString() { + return "EMPTY"; + } + }; + + /** + * Signals the attempt to establish a local/remote port forwarding + * + * @param session The {@link Session} through which the attempt is made + * @param local The local address - may be {@code null} on the receiver side + * @param remote The remote address - may be {@code null} on the receiver side + * @param localForwarding Local/remote port forwarding indicator + * @throws IOException If failed to handle the event - in which case the attempt is aborted and the exception + * re-thrown to the caller + */ + default void establishingExplicitTunnel( + Session session, SshdSocketAddress local, SshdSocketAddress remote, boolean localForwarding) + throws IOException { + // ignored + } + + /** + * Signals a successful/failed attempt to establish a local/remote port forwarding + * + * @param session The {@link Session} through which the attempt was made + * @param local The local address - may be {@code null} on the receiver side + * @param remote The remote address - may be {@code null} on the receiver side + * @param localForwarding Local/remote port forwarding indicator + * @param boundAddress The bound address - non-{@code null} if successful + * @param reason Reason for failure - {@code null} if successful + * @throws IOException If failed to handle the event - in which case the established tunnel is aborted + */ + default void establishedExplicitTunnel( + Session session, SshdSocketAddress local, SshdSocketAddress remote, boolean localForwarding, + SshdSocketAddress boundAddress, Throwable reason) + throws IOException { + // ignored + } + + /** + * Signals a request to tear down a local/remote port forwarding + * + * @param session The {@link Session} through which the request is made + * @param address The (bound) address - local/remote according to the forwarding type + * @param localForwarding Local/remote port forwarding indicator + * @param remoteAddress The specified peer address when tunnel was established - may be {@code null} for + * server-side local tunneling requests + * @throws IOException If failed to handle the event - in which case the request is aborted + */ + default void tearingDownExplicitTunnel( + Session session, SshdSocketAddress address, boolean localForwarding, SshdSocketAddress remoteAddress) + throws IOException { + // ignored + } + + /** + * Signals a successful/failed request to tear down a local/remote port forwarding + * + * @param session The {@link Session} through which the request is made + * @param address The (bound) address - local/remote according to the forwarding type + * @param localForwarding Local/remote port forwarding indicator + * @param remoteAddress The specified peer address when tunnel was established - may be {@code null} for + * server-side local tunneling requests + * @param reason Reason for failure - {@code null} if successful + * @throws IOException If failed to handle the event - Note: the exception is propagated, but the port + * forwarding may have been torn down - no rollback + */ + default void tornDownExplicitTunnel( + Session session, SshdSocketAddress address, boolean localForwarding, SshdSocketAddress remoteAddress, + Throwable reason) + throws IOException { + // ignored + } + + /** + * Signals the attempt to establish a dynamic port forwarding + * + * @param session The {@link Session} through which the attempt is made + * @param local The local address + * @throws IOException If failed to handle the event - in which case the attempt is aborted and the exception + * re-thrown to the caller + */ + default void establishingDynamicTunnel(Session session, SshdSocketAddress local) throws IOException { + // ignored + } + + /** + * Signals a successful/failed attempt to establish a dynamic port forwarding + * + * @param session The {@link Session} through which the attempt is made + * @param local The local address + * @param boundAddress The bound address - non-{@code null} if successful + * @param reason Reason for failure - {@code null} if successful + * @throws IOException If failed to handle the event - in which case the established tunnel is aborted + */ + default void establishedDynamicTunnel( + Session session, SshdSocketAddress local, SshdSocketAddress boundAddress, Throwable reason) + throws IOException { + // ignored + } + + /** + * Signals a request to tear down a dynamic forwarding + * + * @param session The {@link Session} through which the request is made + * @param address The (bound) address - local/remote according to the forwarding type + * @throws IOException If failed to handle the event - in which case the request is aborted + */ + default void tearingDownDynamicTunnel(Session session, SshdSocketAddress address) throws IOException { + // ignored + } + + /** + * Signals a successful/failed request to tear down a dynamic port forwarding + * + * @param session The {@link Session} through which the request is made + * @param address The (bound) address - local/remote according to the forwarding type + * @param reason Reason for failure - {@code null} if successful + * @throws IOException If failed to handle the event - Note: the exception is propagated, but the port + * forwarding may have been torn down - no rollback + */ + default void tornDownDynamicTunnel(Session session, SshdSocketAddress address, Throwable reason) throws IOException { + // ignored + } + + static L validateListener(L listener) { + return SshdEventListener.validateListener(listener, PortForwardingEventListener.class.getSimpleName()); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/forward/PortForwardingEventListenerManager.java b/files-sftp/src/main/java/org/apache/sshd/common/forward/PortForwardingEventListenerManager.java new file mode 100644 index 0000000..3dbd48a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/forward/PortForwardingEventListenerManager.java @@ -0,0 +1,49 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.forward; + +/** + * Marker interface for classes that allow to add/remove port forwarding listeners. Note: if adding/removing + * listeners while tunnels are being established and/or torn down there are no guarantees as to the order of the calls + * to the recently added/removed listener's methods in the interim. The correct order is guaranteed only as of the + * next tunnel after the listener has been added/removed. + * + * @author Apache MINA SSHD Project + */ +public interface PortForwardingEventListenerManager { + /** + * Add a port forwarding listener + * + * @param listener The {@link PortForwardingEventListener} to add - never {@code null} + */ + void addPortForwardingEventListener(PortForwardingEventListener listener); + + /** + * Remove a port forwarding listener + * + * @param listener The {@link PortForwardingEventListener} to remove - ignored if {@code null} + */ + void removePortForwardingEventListener(PortForwardingEventListener listener); + + /** + * @return A proxy listener representing all the currently registered listener through this manager + */ + PortForwardingEventListener getPortForwardingEventListenerProxy(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/forward/PortForwardingEventListenerManagerHolder.java b/files-sftp/src/main/java/org/apache/sshd/common/forward/PortForwardingEventListenerManagerHolder.java new file mode 100644 index 0000000..f086cc8 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/forward/PortForwardingEventListenerManagerHolder.java @@ -0,0 +1,38 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.forward; + +import java.util.Collection; + +/** + * @author Apache MINA SSHD Project + */ +public interface PortForwardingEventListenerManagerHolder { + /** + * @return The currently registered managers. Note: it is highly recommended that implementors return either + * an un-modifiable collection or a copy of the current one. Callers, should avoid modifying the + * retrieved value. + */ + Collection getRegisteredManagers(); + + boolean addPortForwardingEventListenerManager(PortForwardingEventListenerManager manager); + + boolean removePortForwardingEventListenerManager(PortForwardingEventListenerManager manager); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/forward/PortForwardingInformationProvider.java b/files-sftp/src/main/java/org/apache/sshd/common/forward/PortForwardingInformationProvider.java new file mode 100644 index 0000000..c9c8217 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/forward/PortForwardingInformationProvider.java @@ -0,0 +1,92 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.forward; + +import java.util.List; +import java.util.Map; +import java.util.NavigableSet; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.net.SshdSocketAddress; + +/** + * @author Apache MINA SSHD Project + */ +public interface PortForwardingInformationProvider { + /** + * @return A {@link List} snapshot of the currently started local port forward bindings + */ + List getStartedLocalPortForwards(); + + /** + * @param port The port number + * @return The local bound {@link SshdSocketAddress}-es for the port + * @see #isLocalPortForwardingStartedForPort(int) isLocalPortForwardingStartedForPort + * @see #getStartedLocalPortForwards() + */ + List getBoundLocalPortForwards(int port); + + /** + * @return A snapshot of the currently bound forwarded local ports as "pairs" of local/remote + * {@link SshdSocketAddress}-es + */ + List> getLocalForwardsBindings(); + + /** + * Test if local port forwarding is started + * + * @param port The local port + * @return {@code true} if local port forwarding is started + * @see #getBoundLocalPortForwards(int) getBoundLocalPortForwards + */ + default boolean isLocalPortForwardingStartedForPort(int port) { + return GenericUtils.isNotEmpty(getBoundLocalPortForwards(port)); + } + + /** + * @return A {@link NavigableSet} snapshot of the currently started remote port forwards + */ + NavigableSet getStartedRemotePortForwards(); + + /** + * @param port The port number + * @return The remote bound {@link SshdSocketAddress} for the port - {@code null} if none bound + * @see #isRemotePortForwardingStartedForPort(int) isRemotePortForwardingStartedForPort + * @see #getStartedRemotePortForwards() + */ + SshdSocketAddress getBoundRemotePortForward(int port); + + /** + * @return A snapshot of the currently bound forwarded remote ports as "pairs" of port + bound + * {@link SshdSocketAddress} + */ + List> getRemoteForwardsBindings(); + + /** + * Test if remote port forwarding is started + * + * @param port The remote port + * @return {@code true} if remote port forwarding is started + * @see #getBoundRemotePortForward(int) getBoundRemotePortForward + */ + default boolean isRemotePortForwardingStartedForPort(int port) { + return getBoundRemotePortForward(port) != null; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/forward/PortForwardingManager.java b/files-sftp/src/main/java/org/apache/sshd/common/forward/PortForwardingManager.java new file mode 100644 index 0000000..e71eabd --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/forward/PortForwardingManager.java @@ -0,0 +1,106 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.forward; + +import java.io.IOException; + +import org.apache.sshd.common.util.net.SshdSocketAddress; + +/** + * @author Apache MINA SSHD Project + */ +public interface PortForwardingManager extends PortForwardingInformationProvider { + /** + * Start forwarding the given local port on the client to the given address on the server. + * + * @param localPort The local port - if zero then one will be allocated + * @param remote The remote address + * @return The bound {@link SshdSocketAddress} + * @throws IOException If failed to create the requested binding + */ + default SshdSocketAddress startLocalPortForwarding(int localPort, SshdSocketAddress remote) throws IOException { + return startLocalPortForwarding(new SshdSocketAddress(localPort), remote); + } + + /** + * Start forwarding the given local address on the client to the given address on the server. + * + * @param local The local address + * @param remote The remote address + * @return The bound {@link SshdSocketAddress} + * @throws IOException If failed to create the requested binding + */ + SshdSocketAddress startLocalPortForwarding(SshdSocketAddress local, SshdSocketAddress remote) throws IOException; + + /** + * Stop forwarding the given local address. + * + * @param local The local address + * @throws IOException If failed to cancel the requested binding + */ + void stopLocalPortForwarding(SshdSocketAddress local) throws IOException; + + /** + *

        + * Start forwarding tcpip from the given address on the server to the given address on the client. + *

        + * The remote host name is the address to bind to on the server: + *
          + *
        • "" means that connections are to be accepted on all protocol families supported by the SSH + * implementation
          • + *
        • "0.0.0.0" means to listen on all IPv4 addresses
          • + *
        • "::" means to listen on all IPv6 addresses
          • + *
        • "localhost" means to listen on all protocol families supported by the SSH implementation on loopback + * addresses only, [RFC3330] and RFC3513]
          • + *
        • "127.0.0.1" and "::1" indicate listening on the loopback interfaces for IPv4 and IPv6 respectively
          • + *
        + * + * @param local The local address + * @param remote The remote address + * @return The bound {@link SshdSocketAddress} + * @throws IOException If failed to create the requested binding + */ + SshdSocketAddress startRemotePortForwarding(SshdSocketAddress remote, SshdSocketAddress local) throws IOException; + + /** + * Stop forwarding of the given remote address. + * + * @param remote The remote address + * @throws IOException If failed to cancel the requested binding + */ + void stopRemotePortForwarding(SshdSocketAddress remote) throws IOException; + + /** + * Start dynamic local port forwarding using a SOCKS proxy. + * + * @param local The local address + * @return The bound {@link SshdSocketAddress} + * @throws IOException If failed to create the requested binding + */ + SshdSocketAddress startDynamicPortForwarding(SshdSocketAddress local) throws IOException; + + /** + * Stop a previously started dynamic port forwarding. + * + * @param local The local address + * @throws IOException If failed to cancel the requested binding + */ + void stopDynamicPortForwarding(SshdSocketAddress local) throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/forward/RejectAllForwardingFilter.java b/files-sftp/src/main/java/org/apache/sshd/common/forward/RejectAllForwardingFilter.java new file mode 100644 index 0000000..5debead --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/forward/RejectAllForwardingFilter.java @@ -0,0 +1,30 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.forward; + +/** + * A {@link ForwardingFilter} that rejects all requests + */ +public class RejectAllForwardingFilter extends StaticDecisionForwardingFilter { + public static final RejectAllForwardingFilter INSTANCE = new RejectAllForwardingFilter(); + + public RejectAllForwardingFilter() { + super(false); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/forward/StaticDecisionForwardingFilter.java b/files-sftp/src/main/java/org/apache/sshd/common/forward/StaticDecisionForwardingFilter.java new file mode 100644 index 0000000..c21e82a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/forward/StaticDecisionForwardingFilter.java @@ -0,0 +1,61 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.forward; + +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.net.SshdSocketAddress; + +/** + * A {@link ForwardingFilter} implementation that returns the same "static" result for all the queries. + */ +public class StaticDecisionForwardingFilter implements ForwardingFilter { + private final boolean acceptance; + + /** + * @param acceptance The acceptance status for all the queries + */ + public StaticDecisionForwardingFilter(boolean acceptance) { + this.acceptance = acceptance; + } + + public final boolean isAccepted() { + return acceptance; + } + + @Override + public boolean canListen(SshdSocketAddress address, Session session) { + return checkAcceptance("tcpip-forward", session, address); + } + + @Override + public boolean canConnect(Type type, SshdSocketAddress address, Session session) { + return checkAcceptance(type.getName(), session, address); + } + + /** + * @param request The SSH request that ultimately led to this filter being consulted + * @param session The requesting {@link Session} + * @param target The request target - may be {@link SshdSocketAddress#LOCALHOST_ADDRESS} if no real target + * @return The (static) {@link #isAccepted()} flag + */ + protected boolean checkAcceptance(String request, Session session, SshdSocketAddress target) { + boolean accepted = isAccepted(); + return accepted; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/forward/TcpForwardingFilter.java b/files-sftp/src/main/java/org/apache/sshd/common/forward/TcpForwardingFilter.java new file mode 100644 index 0000000..7d87c3c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/forward/TcpForwardingFilter.java @@ -0,0 +1,154 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.forward; + +import java.util.Collections; +import java.util.EnumSet; +import java.util.Set; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.net.SshdSocketAddress; + +/** + * @author Apache MINA SSHD Project + */ +public interface TcpForwardingFilter { + // According to http://www.freebsd.org/cgi/man.cgi?query=sshd_config&sektion=5 + TcpForwardingFilter DEFAULT = new TcpForwardingFilter() { + @Override + public boolean canListen(SshdSocketAddress address, Session session) { + return true; + } + + @Override + public boolean canConnect(Type type, SshdSocketAddress address, Session session) { + return true; + } + + @Override + public String toString() { + return TcpForwardingFilter.class.getSimpleName() + "[DEFAULT]"; + } + }; + + /** + *

        + * Determine if the session may listen for inbound connections. + *

        + * + *

        + * This server process will open a new listen socket on the address given by the client (usually 127.0.0.1 but may + * be any address). Any inbound connections to this socket will be tunneled over the session to the client, which + * the client will then forward the connection to another host on the client's side of the network. + *

        + * + * @param address address the client has requested this server listen for inbound connections on, and relay them + * through the client. + * @param session The {@link Session} requesting permission to listen for connections. + * @return true if the socket is permitted; false if it must be denied. + */ + boolean canListen(SshdSocketAddress address, Session session); + + /** + * The type of requested connection forwarding. The type's {@link #getName()} method returns the SSH request type + */ + enum Type implements NamedResource { + Direct("direct-tcpip"), + Forwarded("forwarded-tcpip"); + + public static final Set VALUES = Collections.unmodifiableSet(EnumSet.allOf(Type.class)); + + private final String name; + + Type(String name) { + this.name = name; + } + + @Override + public final String getName() { + return name; + } + + /** + * @param name Either the enum name or the request - ignored if {@code null}/empty + * @return The matching {@link Type} value - case insensitive, or {@code null} if no match found + * @see #fromName(String) + * @see #fromEnumName(String) + */ + public static Type fromString(String name) { + if (GenericUtils.isEmpty(name)) { + return null; + } + + Type t = fromName(name); + if (t == null) { + t = fromEnumName(name); + } + + return t; + } + + /** + * @param name The request name - ignored if {@code null}/empty + * @return The matching {@link Type} value - case insensitive, or {@code null} if no match found + */ + public static Type fromName(String name) { + return NamedResource.findByName(name, String.CASE_INSENSITIVE_ORDER, VALUES); + } + + /** + * @param name The enum value name - ignored if {@code null}/empty + * @return The matching {@link Type} value - case insensitive, or {@code null} if no match found + */ + public static Type fromEnumName(String name) { + if (GenericUtils.isEmpty(name)) { + return null; + } + + for (Type t : VALUES) { + if (name.equalsIgnoreCase(t.name())) { + return t; + } + } + + return null; + } + } + + /** + *

        + * Determine if the session may create an outbound connection. + *

        + * + *

        + * This server process will connect to another server listening on the address specified by the client. Usually this + * is to another port on the same host (127.0.0.1) but may be to any other system this server can reach on the + * server's side of the network. + *

        + * + * @param type The {@link Type} of requested connection forwarding + * @param address address the client has requested this server listen for inbound connections on, and relay them + * through the client. + * @param session session requesting permission to listen for connections. + * @return true if the socket is permitted; false if it must be denied. + */ + boolean canConnect(Type type, SshdSocketAddress address, Session session); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/forward/TcpipForwardingExceptionMarker.java b/files-sftp/src/main/java/org/apache/sshd/common/forward/TcpipForwardingExceptionMarker.java new file mode 100644 index 0000000..4485cd7 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/forward/TcpipForwardingExceptionMarker.java @@ -0,0 +1,30 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.forward; + +/** + * Special marker interface used to signal to the forwarding filter that an exception has been caught on the forwarded + * channel + * + * @author Apache MINA SSHD Project + */ +public interface TcpipForwardingExceptionMarker { + // nothing extra +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/future/AbstractSshFuture.java b/files-sftp/src/main/java/org/apache/sshd/common/future/AbstractSshFuture.java new file mode 100644 index 0000000..03bc39f --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/future/AbstractSshFuture.java @@ -0,0 +1,189 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.future; + +import java.io.IOException; +import java.io.InterruptedIOException; +import java.io.StreamCorruptedException; +import java.util.function.Function; + +import org.apache.sshd.common.SshException; +import org.apache.sshd.common.util.GenericUtils; + +/** + * @param Type of future + * @author Apache MINA SSHD Project + */ +public abstract class AbstractSshFuture implements SshFuture { + /** + * A default value to indicate the future has been canceled + */ + protected static final Object CANCELED = new Object(); + + private final Object id; + + /** + * @param id Some identifier useful as {@code toString()} value + */ + protected AbstractSshFuture(Object id) { + this.id = id; + } + + @Override + public Object getId() { + return id; + } + + @Override + public boolean await(long timeoutMillis) throws IOException { + return await0(timeoutMillis, true) != null; + } + + @Override + public boolean awaitUninterruptibly(long timeoutMillis) { + try { + return await0(timeoutMillis, false) != null; + } catch (InterruptedIOException e) { + throw formatExceptionMessage( + msg -> new InternalError(msg, e), + "Unexpected interrupted exception wile awaitUninterruptibly %d msec: %s", + timeoutMillis, e.getMessage()); + } + } + + /** + *

        + * Waits (interruptible) for the specified timeout (msec.) and then checks the result: + *

        + *
          + *
        • + *

          + * If result is {@code null} then timeout is assumed to have expired - throw an appropriate {@link IOException} + *

          + *
          • + * + *
        • + *

          + * If the result is of the expected type, then cast and return it + *

          + *
          • + * + *
        • + *

          + * If the result is a {@link Throwable} then throw an {@link IOException} whose cause is the original exception + *

          + *
          • + * + *
        • + *

          + * Otherwise (should never happen), throw a {@link StreamCorruptedException} with the name of the result type + *

          + *
          • + *
        + * + * @param The generic result type + * @param expectedType The expected result type + * @param timeout The timeout (millis) to wait for a result + * @return The (never {@code null}) result + * @throws IOException If failed to retrieve the expected result on time + */ + protected R verifyResult(Class expectedType, long timeout) throws IOException { + Object value = await0(timeout, true); + if (value == null) { + throw formatExceptionMessage( + SshException::new, + "Failed to get operation result within specified timeout: %s", + timeout); + } + + Class actualType = value.getClass(); + if (expectedType.isAssignableFrom(actualType)) { + return expectedType.cast(value); + } + + if (Throwable.class.isAssignableFrom(actualType)) { + Throwable t = GenericUtils.peelException((Throwable) value); + + if (t instanceof SshException) { + throw new SshException(((SshException) t).getDisconnectCode(), t.getMessage(), t); + } + + Throwable cause = GenericUtils.resolveExceptionCause(t); + throw formatExceptionMessage( + msg -> new SshException(msg, cause), + "Failed (%s) to execute: %s", + t.getClass().getSimpleName(), t.getMessage()); + } else { // what else can it be ???? + throw formatExceptionMessage( + StreamCorruptedException::new, "Unknown result type: %s", actualType.getName()); + } + } + + /** + * Wait for the Future to be ready. If the requested delay is 0 or negative, this method returns immediately. + * + * @param timeoutMillis The delay we will wait for the Future to be ready + * @param interruptable Tells if the wait can be interrupted or not. If {@code true} and the thread is + * interrupted then an {@link InterruptedIOException} is thrown. + * @return The non-{@code null} result object if the Future is ready, {@code null} if the + * timeout expired and no result was received + * @throws InterruptedIOException If the thread has been interrupted when it's not allowed. + */ + protected abstract Object await0(long timeoutMillis, boolean interruptable) throws InterruptedIOException; + + @SuppressWarnings("unchecked") + protected SshFutureListener asListener(Object o) { + return (SshFutureListener) o; + } + + protected void notifyListener(SshFutureListener l) { + try { + l.operationComplete(asT()); + } catch (Throwable t) { + } + } + + @SuppressWarnings("unchecked") + protected T asT() { + return (T) this; + } + + /** + * Generates an exception whose message is prefixed by the future simple class name + {@link #getId() identifier} as + * a hint to the context of the failure. + * + * @param Type of {@link Throwable} being generated + * @param exceptionCreator The exception creator from the formatted message + * @param format The extra payload format as per {@link String#format(String, Object...)} + * @param args The formatting arguments + * @return The generated exception + */ + protected E formatExceptionMessage( + Function exceptionCreator, String format, Object... args) { + String messagePayload = String.format(format, args); + String excMessage = getClass().getSimpleName() + "[" + getId() + "]: " + messagePayload; + return exceptionCreator.apply(excMessage); + } + + @Override + public String toString() { + return getClass().getSimpleName() + "[id=" + getId() + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/future/CloseFuture.java b/files-sftp/src/main/java/org/apache/sshd/common/future/CloseFuture.java new file mode 100644 index 0000000..66d134f --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/future/CloseFuture.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.future; + +/** + * An {@link SshFuture} for asynchronous close requests. + * + * @author Apache MINA SSHD Project + */ +public interface CloseFuture extends SshFuture { + + /** + * @return true if the close request is finished and the target is closed. + */ + boolean isClosed(); + + /** + * Marks this future as closed and notifies all threads waiting for this future. This method is invoked by SSHD + * internally. Please do not call this method directly. + */ + void setClosed(); + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/future/DefaultCloseFuture.java b/files-sftp/src/main/java/org/apache/sshd/common/future/DefaultCloseFuture.java new file mode 100644 index 0000000..988b0e5 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/future/DefaultCloseFuture.java @@ -0,0 +1,52 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.future; + +/** + * A default implementation of {@link CloseFuture}. + * + * @author Apache MINA SSHD Project + */ +public class DefaultCloseFuture extends DefaultSshFuture implements CloseFuture { + + /** + * Create a new instance + * + * @param id Some identifier useful as {@code toString()} value + * @param lock A synchronization object for locking access - if {@code null} then synchronization occurs on + * {@code this} instance + */ + public DefaultCloseFuture(Object id, Object lock) { + super(id, lock); + } + + @Override + public boolean isClosed() { + if (isDone()) { + return (Boolean) getValue(); + } else { + return false; + } + } + + @Override + public void setClosed() { + setValue(Boolean.TRUE); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/future/DefaultKeyExchangeFuture.java b/files-sftp/src/main/java/org/apache/sshd/common/future/DefaultKeyExchangeFuture.java new file mode 100644 index 0000000..7f002a5 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/future/DefaultKeyExchangeFuture.java @@ -0,0 +1,58 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.future; + +import java.io.IOException; + +import org.apache.sshd.common.SshException; + +/** + * @author Apache MINA SSHD Project + */ +public class DefaultKeyExchangeFuture + extends DefaultVerifiableSshFuture + implements KeyExchangeFuture { + public DefaultKeyExchangeFuture(Object id, Object lock) { + super(id, lock); + } + + @Override + public KeyExchangeFuture verify(long timeoutMillis) throws IOException { + Boolean result = verifyResult(Boolean.class, timeoutMillis); + if (!result) { + throw formatExceptionMessage( + SshException::new, + "Key exchange failed while waiting %d msec.", + timeoutMillis); + } + + return this; + } + + @Override + public Throwable getException() { + Object v = getValue(); + if (v instanceof Throwable) { + return (Throwable) v; + } else { + return null; + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/future/DefaultSshFuture.java b/files-sftp/src/main/java/org/apache/sshd/common/future/DefaultSshFuture.java new file mode 100644 index 0000000..cfe7477 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/future/DefaultSshFuture.java @@ -0,0 +1,234 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.future; + +import java.io.InterruptedIOException; +import java.lang.reflect.Array; +import java.util.Objects; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * A default implementation of {@link SshFuture}. + * + * @param Type of future + * @author Apache MINA SSHD Project + */ +public class DefaultSshFuture extends AbstractSshFuture { + /** + * A lock used by the wait() method + */ + private final Object lock; + private Object listeners; + private Object result; + + /** + * Creates a new instance. + * + * @param id Some identifier useful as {@code toString()} value + * @param lock A synchronization object for locking access - if {@code null} then synchronization occurs on + * {@code this} instance + */ + public DefaultSshFuture(Object id, Object lock) { + super(id); + + this.lock = (lock != null) ? lock : this; + } + + @Override + protected Object await0(long timeoutMillis, boolean interruptable) throws InterruptedIOException { + ValidateUtils.checkTrue(timeoutMillis >= 0L, "Negative timeout N/A: %d", timeoutMillis); + long startTime = System.currentTimeMillis(); + long curTime = startTime; + long endTime = ((Long.MAX_VALUE - timeoutMillis) < curTime) ? Long.MAX_VALUE : (curTime + timeoutMillis); + + synchronized (lock) { + if ((result != null) || (timeoutMillis <= 0)) { + return result; + } + + for (;;) { + try { + lock.wait(endTime - curTime); + } catch (InterruptedException e) { + if (interruptable) { + curTime = System.currentTimeMillis(); + throw formatExceptionMessage(msg -> { + InterruptedIOException exc = new InterruptedIOException(msg); + exc.initCause(e); + return exc; + }, "Interrupted after %d msec.", curTime - startTime); + } + } + + curTime = System.currentTimeMillis(); + if ((result != null) || (curTime >= endTime)) { + return result; + } + } + } + } + + @Override + public boolean isDone() { + synchronized (lock) { + return result != null; + } + } + + /** + * Sets the result of the asynchronous operation, and mark it as finished. + * + * @param newValue The operation result + */ + public void setValue(Object newValue) { + synchronized (lock) { + // Allow only once. + if (result != null) { + return; + } + + result = (newValue != null) ? newValue : GenericUtils.NULL; + lock.notifyAll(); + } + + notifyListeners(); + } + + public int getNumRegisteredListeners() { + synchronized (lock) { + if (listeners == null) { + return 0; + } else if (listeners instanceof SshFutureListener) { + return 1; + } else { + int l = Array.getLength(listeners); + int count = 0; + for (int i = 0; i < l; i++) { + if (Array.get(listeners, i) != null) { + count++; + } + } + return count; + } + } + } + + /** + * @return The result of the asynchronous operation - or {@code null} if none set. + */ + public Object getValue() { + synchronized (lock) { + return (result == GenericUtils.NULL) ? null : result; + } + } + + @Override + public T addListener(SshFutureListener listener) { + Objects.requireNonNull(listener, "Missing listener argument"); + boolean notifyNow = false; + synchronized (lock) { + // if already have a result don't register the listener and invoke it directly + if (result != null) { + notifyNow = true; + } else if (listeners == null) { + listeners = listener; // 1st listener ? + } else if (listeners instanceof SshFutureListener) { + listeners = new Object[] { listeners, listener }; + } else { // increase array of registered listeners + Object[] ol = (Object[]) listeners; + int l = ol.length; + Object[] nl = new Object[l + 1]; + System.arraycopy(ol, 0, nl, 0, l); + nl[l] = listener; + listeners = nl; + } + } + + if (notifyNow) { + notifyListener(listener); + } + + return asT(); + } + + @Override + public T removeListener(SshFutureListener listener) { + Objects.requireNonNull(listener, "No listener provided"); + + synchronized (lock) { + if (result != null) { + return asT(); // the train has already left the station... + } + + if (listeners == null) { + return asT(); // no registered instances anyway + } + + if (listeners == listener) { + listeners = null; // the one and only + } else if (!(listeners instanceof SshFutureListener)) { + int l = Array.getLength(listeners); + for (int i = 0; i < l; i++) { + if (Array.get(listeners, i) == listener) { + Array.set(listeners, i, null); + break; + } + } + } + } + + return asT(); + } + + protected void notifyListeners() { + /* + * There won't be any visibility problem or concurrent modification because result value is checked in both + * addListener and removeListener calls under lock. If the result is already set then both methods will not + * modify the internal listeners + */ + if (listeners != null) { + if (listeners instanceof SshFutureListener) { + notifyListener(asListener(listeners)); + } else { + int l = Array.getLength(listeners); + for (int i = 0; i < l; i++) { + SshFutureListener listener = asListener(Array.get(listeners, i)); + if (listener != null) { + notifyListener(listener); + } + } + } + } + } + + public boolean isCanceled() { + return getValue() == CANCELED; + } + + public void cancel() { + setValue(CANCELED); + } + + @Override + public String toString() { + return super.toString() + "[value=" + result + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/future/DefaultVerifiableSshFuture.java b/files-sftp/src/main/java/org/apache/sshd/common/future/DefaultVerifiableSshFuture.java new file mode 100644 index 0000000..860b5dd --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/future/DefaultVerifiableSshFuture.java @@ -0,0 +1,33 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.future; + +/** + * @param Type of future + * @author Apache MINA SSHD Project + */ +public abstract class DefaultVerifiableSshFuture + extends DefaultSshFuture + implements VerifiableFuture { + + protected DefaultVerifiableSshFuture(Object id, Object lock) { + super(id, lock); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/future/KeyExchangeFuture.java b/files-sftp/src/main/java/org/apache/sshd/common/future/KeyExchangeFuture.java new file mode 100644 index 0000000..c523ee4 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/future/KeyExchangeFuture.java @@ -0,0 +1,33 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.future; + +/** + * @author Apache MINA SSHD Project + */ +public interface KeyExchangeFuture extends SshFuture, VerifiableFuture { + /** + * Returns the cause of the exchange failure. + * + * @return {@code null} if the exchange operation is not finished yet, or if the connection attempt is successful + * (use {@link #isDone()} to distinguish between the two). + */ + Throwable getException(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/future/OpenFuture.java b/files-sftp/src/main/java/org/apache/sshd/common/future/OpenFuture.java new file mode 100644 index 0000000..5978f99 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/future/OpenFuture.java @@ -0,0 +1,66 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.future; + +import org.apache.sshd.common.future.SshFuture; +import org.apache.sshd.common.future.VerifiableFuture; + +/** + * An {@link SshFuture} for asynchronous channel opening requests. + * + * @author Apache MINA SSHD Project + */ +public interface OpenFuture extends SshFuture, VerifiableFuture { + /** + * Returns the cause of the connection failure. + * + * @return {@code null} if the connect operation is not finished yet, or if the connection attempt is successful + * (use {@link #isDone()} to distinguish between the two). + */ + Throwable getException(); + + /** + * @return true if the connect operation is finished successfully. + */ + boolean isOpened(); + + /** + * @return {@code true} if the connect operation has been canceled by {@link #cancel()} method. + */ + boolean isCanceled(); + + /** + * Sets the newly connected session and notifies all threads waiting for this future. This method is invoked by SSHD + * internally. Please do not call this method directly. + */ + void setOpened(); + + /** + * Sets the exception caught due to connection failure and notifies all threads waiting for this future. This method + * is invoked by SSHD internally. Please do not call this method directly. + * + * @param exception The caught {@link Throwable} + */ + void setException(Throwable exception); + + /** + * Cancels the connection attempt and notifies all threads waiting for this future. + */ + void cancel(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/future/SshFuture.java b/files-sftp/src/main/java/org/apache/sshd/common/future/SshFuture.java new file mode 100644 index 0000000..ccc3348 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/future/SshFuture.java @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.future; + +/** + * Represents the completion of an asynchronous SSH operation on a given object (it may be an SSH session or an SSH + * channel). Can be listened for completion using a {@link SshFutureListener}. + * + * @param Type of future + * @author Apache MINA SSHD Project + */ +public interface SshFuture extends WaitableFuture { + /** + * Adds an event listener which is notified when this future is completed. If the listener is added after + * the completion, the listener is directly notified. + * + * @param listener The {@link SshFutureListener} instance to add + * @return The future instance + */ + T addListener(SshFutureListener listener); + + /** + * Removes an existing event listener so it won't be notified when the future is completed. + * + * @param listener The {@link SshFutureListener} instance to remove + * @return The future instance + */ + T removeListener(SshFutureListener listener); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/future/SshFutureListener.java b/files-sftp/src/main/java/org/apache/sshd/common/future/SshFutureListener.java new file mode 100644 index 0000000..59661e1 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/future/SshFutureListener.java @@ -0,0 +1,40 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.future; + +import org.apache.sshd.common.util.SshdEventListener; + +/** + * Something interested in being notified when the completion of an asynchronous SSH operation : {@link SshFuture}. + * + * @param type of future + * @author Apache MINA SSHD Project + */ +@SuppressWarnings("rawtypes") +@FunctionalInterface +public interface SshFutureListener extends SshdEventListener { + + /** + * Invoked when the operation associated with the {@link SshFuture} has been completed even if you add the listener + * after the completion. + * + * @param future The source {@link SshFuture} which called this callback. + */ + void operationComplete(T future); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/future/VerifiableFuture.java b/files-sftp/src/main/java/org/apache/sshd/common/future/VerifiableFuture.java new file mode 100644 index 0000000..d513ba5 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/future/VerifiableFuture.java @@ -0,0 +1,79 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.future; + +import java.io.IOException; +import java.time.Duration; +import java.util.concurrent.TimeUnit; + +/** + * Represents an asynchronous operation whose successful result can be verified somehow. The contract guarantees that if + * the {@code verifyXXX} method returns without an exception then the operation was completed successfully + * + * @param Type of verification result + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface VerifiableFuture { + /** + * Wait {@link Long#MAX_VALUE} msec. and verify that the operation was successful + * + * @return The (same) future instance + * @throws IOException If failed to verify successfully on time + * @see #verify(long) + */ + default T verify() throws IOException { + return verify(Long.MAX_VALUE); + } + + /** + * Wait and verify that the operation was successful + * + * @param timeout The number of time units to wait + * @param unit The wait {@link TimeUnit} + * @return The (same) future instance + * @throws IOException If failed to verify successfully on time + * @see #verify(long) + */ + default T verify(long timeout, TimeUnit unit) throws IOException { + return verify(unit.toMillis(timeout)); + } + + /** + * Wait and verify that the operation was successful + * + * @param timeout The maximum duration to wait, null to wait forever + * @return The (same) future instance + * @throws IOException If failed to verify successfully on time + * @see #verify(long) + */ + default T verifyDuration(Duration timeout) throws IOException { + return timeout != null ? verify(timeout.toMillis()) : verify(); + } + + /** + * Wait and verify that the operation was successful + * + * @param timeoutMillis Wait timeout in milliseconds + * @return The (same) future instance + * @throws IOException If failed to verify successfully on time + */ + T verify(long timeoutMillis) throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/future/WaitableFuture.java b/files-sftp/src/main/java/org/apache/sshd/common/future/WaitableFuture.java new file mode 100644 index 0000000..9bb60a4 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/future/WaitableFuture.java @@ -0,0 +1,131 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.future; + +import java.io.IOException; +import java.time.Duration; +import java.util.concurrent.TimeUnit; + +/** + * Represents an asynchronous operation which one can wait for its completion. Note: the only thing guaranteed is + * that if {@code true} is returned from one of the {@code awaitXXX} methods then the operation has completed. However, + * the caller has to determine whether it was a successful or failed completion. + * + * @author Apache MINA SSHD Project + */ +public interface WaitableFuture { + /** + * @return Some identifier useful as {@code toString()} value + */ + Object getId(); + + /** + * Wait {@link Long#MAX_VALUE} msec. for the asynchronous operation to complete. The attached listeners will be + * notified when the operation is completed. + * + * @return {@code true} if the operation is completed. + * @throws IOException if failed - specifically {@link java.io.InterruptedIOException} if waiting was interrupted + * @see #await(long) + */ + default boolean await() throws IOException { + return await(Long.MAX_VALUE); + } + + /** + * Wait for the asynchronous operation to complete with the specified timeout. + * + * @param timeout The number of time units to wait + * @param unit The {@link TimeUnit} for waiting + * @return {@code true} if the operation is completed. + * @throws IOException if failed - specifically {@link java.io.InterruptedIOException} if waiting was interrupted + * @see #await(long) + */ + default boolean await(long timeout, TimeUnit unit) throws IOException { + return await(unit.toMillis(timeout)); + } + + /** + * Wait for the asynchronous operation to complete with the specified timeout. + * + * @param timeout The maximum duration to wait, null to wait forever + * @return {@code true} if the operation is completed. + * @throws IOException if failed - specifically {@link java.io.InterruptedIOException} if waiting was interrupted + * @see #await(long) + */ + default boolean await(Duration timeout) throws IOException { + return timeout != null ? await(timeout.toMillis()) : await(); + } + + /** + * Wait for the asynchronous operation to complete with the specified timeout. + * + * @param timeoutMillis Wait time in milliseconds + * @return {@code true} if the operation is completed. + * @throws IOException if failed - specifically {@link java.io.InterruptedIOException} if waiting was interrupted + */ + boolean await(long timeoutMillis) throws IOException; + + /** + * Wait {@link Long#MAX_VALUE} msec. for the asynchronous operation to complete uninterruptibly. The attached + * listeners will be notified when the operation is completed. + * + * @return {@code true} if the operation is completed. + * @see #awaitUninterruptibly(long) + */ + default boolean awaitUninterruptibly() { + return awaitUninterruptibly(Long.MAX_VALUE); + } + + /** + * Wait for the asynchronous operation to complete with the specified timeout uninterruptibly. + * + * @param timeout The number of time units to wait + * @param unit The {@link TimeUnit} for waiting + * @return {@code true} if the operation is completed. + * @see #awaitUninterruptibly(long) + */ + default boolean awaitUninterruptibly(long timeout, TimeUnit unit) { + return awaitUninterruptibly(unit.toMillis(timeout)); + } + + /** + * Wait for the asynchronous operation to complete with the specified timeout uninterruptibly. + * + * @param timeoutMillis Wait time, null to wait forever + * @return {@code true} if the operation is finished. + */ + default boolean awaitUninterruptibly(Duration timeoutMillis) { + return timeoutMillis != null ? awaitUninterruptibly(timeoutMillis.toMillis()) : awaitUninterruptibly(); + } + + /** + * Wait for the asynchronous operation to complete with the specified timeout uninterruptibly. + * + * @param timeoutMillis Wait time in milliseconds + * @return {@code true} if the operation is finished. + */ + boolean awaitUninterruptibly(long timeoutMillis); + + /** + * @return {@code true} if the asynchronous operation is completed. Note: it is up to the caller to + * determine whether it was a successful or failed completion. + */ + boolean isDone(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/global/AbstractOpenSshHostKeysHandler.java b/files-sftp/src/main/java/org/apache/sshd/common/global/AbstractOpenSshHostKeysHandler.java new file mode 100644 index 0000000..cfd77aa --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/global/AbstractOpenSshHostKeysHandler.java @@ -0,0 +1,91 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.global; + +import java.security.PublicKey; +import java.util.Collection; +import java.util.LinkedList; +import java.util.Objects; + +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.session.ConnectionService; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.session.helpers.AbstractConnectionServiceRequestHandler; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.keys.BufferPublicKeyParser; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractOpenSshHostKeysHandler extends AbstractConnectionServiceRequestHandler { + private final String request; + private final BufferPublicKeyParser parser; + + protected AbstractOpenSshHostKeysHandler(String request) { + this(request, BufferPublicKeyParser.DEFAULT); + } + + protected AbstractOpenSshHostKeysHandler( + String request, BufferPublicKeyParser parser) { + this.request = ValidateUtils.checkNotNullAndNotEmpty(request, "No request identifier"); + this.parser = Objects.requireNonNull(parser, "No public keys extractor"); + } + + public final String getRequestName() { + return request; + } + + public BufferPublicKeyParser getPublicKeysParser() { + return parser; + } + + @Override + public Result process( + ConnectionService connectionService, String request, boolean wantReply, Buffer buffer) + throws Exception { + String expected = getRequestName(); + if (!expected.equals(request)) { + return super.process(connectionService, request, wantReply, buffer); + } + + Collection keys = new LinkedList<>(); + BufferPublicKeyParser p = getPublicKeysParser(); + if (p != null) { + while (buffer.available() > 0) { + PublicKey key = buffer.getPublicKey(p); + if (key != null) { + keys.add(key); + } + } + } + + return handleHostKeys(connectionService.getSession(), keys, wantReply, buffer); + } + + protected abstract Result handleHostKeys( + Session session, Collection keys, boolean wantReply, Buffer buffer) + throws Exception; + + @Override + public String toString() { + return getRequestName(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/helpers/AbstractFactoryManager.java b/files-sftp/src/main/java/org/apache/sshd/common/helpers/AbstractFactoryManager.java new file mode 100644 index 0000000..ffc800b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/helpers/AbstractFactoryManager.java @@ -0,0 +1,476 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.helpers; + +import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.CopyOnWriteArraySet; +import java.util.concurrent.ScheduledExecutorService; +import java.util.concurrent.ScheduledFuture; +import java.util.concurrent.TimeUnit; +import java.util.function.Function; + +import org.apache.sshd.common.Factory; +import org.apache.sshd.common.FactoryManager; +import org.apache.sshd.common.PropertyResolver; +import org.apache.sshd.common.PropertyResolverUtils; +import org.apache.sshd.common.ServiceFactory; +import org.apache.sshd.common.SyspropsMapWrapper; +import org.apache.sshd.common.channel.ChannelFactory; +import org.apache.sshd.common.channel.ChannelListener; +import org.apache.sshd.common.channel.RequestHandler; +import org.apache.sshd.common.channel.throttle.ChannelStreamWriterResolver; +import org.apache.sshd.common.config.VersionProperties; +import org.apache.sshd.common.file.FileSystemFactory; +import org.apache.sshd.common.forward.ForwarderFactory; +import org.apache.sshd.common.forward.PortForwardingEventListener; +import org.apache.sshd.common.io.DefaultIoServiceFactoryFactory; +import org.apache.sshd.common.io.IoServiceEventListener; +import org.apache.sshd.common.io.IoServiceFactory; +import org.apache.sshd.common.io.IoServiceFactoryFactory; +import org.apache.sshd.common.kex.AbstractKexFactoryManager; +import org.apache.sshd.common.random.Random; +import org.apache.sshd.common.session.ConnectionService; +import org.apache.sshd.common.session.ReservedSessionMessagesHandler; +import org.apache.sshd.common.session.SessionDisconnectHandler; +import org.apache.sshd.common.session.SessionListener; +import org.apache.sshd.common.session.UnknownChannelReferenceHandler; +import org.apache.sshd.common.session.helpers.AbstractSessionFactory; +import org.apache.sshd.common.session.helpers.SessionTimeoutListener; +import org.apache.sshd.common.util.EventListenerUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.threads.ThreadUtils; +import org.apache.sshd.common.CoreModuleProperties; +import org.apache.sshd.common.forward.ForwardingFilter; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractFactoryManager extends AbstractKexFactoryManager implements FactoryManager { + protected IoServiceFactoryFactory ioServiceFactoryFactory; + protected IoServiceFactory ioServiceFactory; + protected Factory randomFactory; + protected List channelFactories; + protected ScheduledExecutorService executor; + protected boolean shutdownExecutor; + protected ForwarderFactory forwarderFactory; + protected ForwardingFilter forwardingFilter; + protected FileSystemFactory fileSystemFactory; + protected List serviceFactories; + protected List> globalRequestHandlers; + protected SessionTimeoutListener sessionTimeoutListener; + protected ScheduledFuture timeoutListenerFuture; + protected final Collection sessionListeners = new CopyOnWriteArraySet<>(); + protected final SessionListener sessionListenerProxy; + protected final Collection channelListeners = new CopyOnWriteArraySet<>(); + protected final ChannelListener channelListenerProxy; + protected final Collection tunnelListeners = new CopyOnWriteArraySet<>(); + protected final PortForwardingEventListener tunnelListenerProxy; + + private final Map properties = new ConcurrentHashMap<>(); + private final Map, Object> attributes = new ConcurrentHashMap<>(); + private PropertyResolver parentResolver = SyspropsMapWrapper.SYSPROPS_RESOLVER; + private ReservedSessionMessagesHandler reservedSessionMessagesHandler; + private SessionDisconnectHandler sessionDisconnectHandler; + private ChannelStreamWriterResolver channelStreamWriterResolver; + private UnknownChannelReferenceHandler unknownChannelReferenceHandler; + private IoServiceEventListener eventListener; + + protected AbstractFactoryManager() { + sessionListenerProxy = EventListenerUtils.proxyWrapper(SessionListener.class, sessionListeners); + channelListenerProxy = EventListenerUtils.proxyWrapper(ChannelListener.class, channelListeners); + tunnelListenerProxy = EventListenerUtils.proxyWrapper(PortForwardingEventListener.class, tunnelListeners); + } + + @Override + public IoServiceFactory getIoServiceFactory() { + synchronized (ioServiceFactoryFactory) { + if (ioServiceFactory == null) { + ioServiceFactory = ioServiceFactoryFactory.create(this); + } + } + return ioServiceFactory; + } + + public IoServiceFactoryFactory getIoServiceFactoryFactory() { + return ioServiceFactoryFactory; + } + + public void setIoServiceFactoryFactory(IoServiceFactoryFactory ioServiceFactory) { + this.ioServiceFactoryFactory = ioServiceFactory; + } + + @Override + public IoServiceEventListener getIoServiceEventListener() { + return eventListener; + } + + @Override + public void setIoServiceEventListener(IoServiceEventListener listener) { + eventListener = listener; + } + + @Override + public Factory getRandomFactory() { + return randomFactory; + } + + public void setRandomFactory(Factory randomFactory) { + this.randomFactory = randomFactory; + } + + @Override + public Map getProperties() { + return properties; + } + + @Override + public int getAttributesCount() { + return attributes.size(); + } + + @Override + @SuppressWarnings("unchecked") + public T getAttribute(AttributeKey key) { + return (T) attributes.get(Objects.requireNonNull(key, "No key")); + } + + @Override + public Collection> attributeKeys() { + return attributes.isEmpty() ? Collections.emptySet() : new HashSet<>(attributes.keySet()); + } + + @Override + @SuppressWarnings({ "unchecked", "rawtypes" }) + public T computeAttributeIfAbsent( + AttributeKey key, + Function, ? extends T> resolver) { + return (T) attributes.computeIfAbsent(Objects.requireNonNull(key, "No key"), (Function) resolver); + } + + @Override + @SuppressWarnings("unchecked") + public T setAttribute(AttributeKey key, T value) { + return (T) attributes.put( + Objects.requireNonNull(key, "No key"), + Objects.requireNonNull(value, "No value")); + } + + @Override + @SuppressWarnings("unchecked") + public T removeAttribute(AttributeKey key) { + return (T) attributes.remove(Objects.requireNonNull(key, "No key")); + } + + @Override + public void clearAttributes() { + attributes.clear(); + } + + @Override + public PropertyResolver getParentPropertyResolver() { + return parentResolver; + } + + public void setParentPropertyResolver(PropertyResolver parent) { + parentResolver = parent; + } + + @Override + public String getVersion() { + String version = PropertyResolverUtils.getStringProperty( + VersionProperties.getVersionProperties(), + VersionProperties.REPORTED_VERSION, FactoryManager.DEFAULT_VERSION); + return version.toUpperCase(); + } + + @Override + public List getChannelFactories() { + return channelFactories; + } + + public void setChannelFactories(List channelFactories) { + this.channelFactories = channelFactories; + } + + public int getNioWorkers() { + return CoreModuleProperties.NIO_WORKERS.getRequired(this); + } + + public void setNioWorkers(int nioWorkers) { + CoreModuleProperties.NIO_WORKERS.set(this, nioWorkers); + } + + @Override + public ScheduledExecutorService getScheduledExecutorService() { + return executor; + } + + public void setScheduledExecutorService(ScheduledExecutorService executor) { + setScheduledExecutorService(executor, false); + } + + public void setScheduledExecutorService(ScheduledExecutorService executor, boolean shutdownExecutor) { + this.executor = executor; + this.shutdownExecutor = shutdownExecutor; + } + + @Override + public ForwarderFactory getForwarderFactory() { + return forwarderFactory; + } + + public void setForwarderFactory(ForwarderFactory forwarderFactory) { + this.forwarderFactory = forwarderFactory; + } + + public void setForwardingFilter(ForwardingFilter forwardingFilter) { + this.forwardingFilter = forwardingFilter; + } + + @Override + public FileSystemFactory getFileSystemFactory() { + return fileSystemFactory; + } + + public void setFileSystemFactory(FileSystemFactory fileSystemFactory) { + this.fileSystemFactory = fileSystemFactory; + } + + @Override + public List getServiceFactories() { + return serviceFactories; + } + + public void setServiceFactories(List serviceFactories) { + this.serviceFactories = serviceFactories; + } + + @Override + public List> getGlobalRequestHandlers() { + return globalRequestHandlers; + } + + public void setGlobalRequestHandlers(List> globalRequestHandlers) { + this.globalRequestHandlers = globalRequestHandlers; + } + + @Override + public ReservedSessionMessagesHandler getReservedSessionMessagesHandler() { + return reservedSessionMessagesHandler; + } + + @Override + public void setReservedSessionMessagesHandler(ReservedSessionMessagesHandler handler) { + reservedSessionMessagesHandler = handler; + } + + @Override + public SessionDisconnectHandler getSessionDisconnectHandler() { + return sessionDisconnectHandler; + } + + @Override + public void setSessionDisconnectHandler(SessionDisconnectHandler sessionDisconnectHandler) { + this.sessionDisconnectHandler = sessionDisconnectHandler; + } + + @Override + public ChannelStreamWriterResolver getChannelStreamWriterResolver() { + return channelStreamWriterResolver; + } + + @Override + public void setChannelStreamWriterResolver(ChannelStreamWriterResolver resolver) { + channelStreamWriterResolver = resolver; + } + + @Override + public UnknownChannelReferenceHandler getUnknownChannelReferenceHandler() { + return unknownChannelReferenceHandler; + } + + @Override + public void setUnknownChannelReferenceHandler(UnknownChannelReferenceHandler unknownChannelReferenceHandler) { + this.unknownChannelReferenceHandler = unknownChannelReferenceHandler; + } + + @Override + public UnknownChannelReferenceHandler resolveUnknownChannelReferenceHandler() { + return getUnknownChannelReferenceHandler(); + } + + @Override + public void addSessionListener(SessionListener listener) { + SessionListener.validateListener(listener); + + // avoid race conditions on notifications while manager is being closed + if (!isOpen()) { + return; + } + + if (this.sessionListeners.add(listener)) { + } else { + } + } + + @Override + public void removeSessionListener(SessionListener listener) { + if (listener == null) { + return; + } + + SessionListener.validateListener(listener); + + if (this.sessionListeners.remove(listener)) { + } else { + } + } + + @Override + public SessionListener getSessionListenerProxy() { + return sessionListenerProxy; + } + + @Override + public void addChannelListener(ChannelListener listener) { + ChannelListener.validateListener(listener); + + // avoid race conditions on notifications while manager is being closed + if (!isOpen()) { + return; + } + + if (this.channelListeners.add(listener)) { + } else { + } + } + + @Override + public void removeChannelListener(ChannelListener listener) { + if (listener == null) { + return; + } + + ChannelListener.validateListener(listener); + if (this.channelListeners.remove(listener)) { + } else { + } + } + + @Override + public ChannelListener getChannelListenerProxy() { + return channelListenerProxy; + } + + @Override + public PortForwardingEventListener getPortForwardingEventListenerProxy() { + return tunnelListenerProxy; + } + + @Override + public void addPortForwardingEventListener(PortForwardingEventListener listener) { + PortForwardingEventListener.validateListener(listener); + + // avoid race conditions on notifications while session is being closed + if (!isOpen()) { + return; + } + + if (this.tunnelListeners.add(listener)) { + } else { + } + } + + @Override + public void removePortForwardingEventListener(PortForwardingEventListener listener) { + if (listener == null) { + return; + } + + PortForwardingEventListener.validateListener(listener); + if (this.tunnelListeners.remove(listener)) { + } else { + } + } + + protected void setupSessionTimeout(AbstractSessionFactory sessionFactory) { + // set up the the session timeout listener and schedule it + sessionTimeoutListener = createSessionTimeoutListener(); + addSessionListener(sessionTimeoutListener); + + timeoutListenerFuture = getScheduledExecutorService() + .scheduleAtFixedRate(sessionTimeoutListener, 1, 1, TimeUnit.SECONDS); + } + + protected void removeSessionTimeout(AbstractSessionFactory sessionFactory) { + stopSessionTimeoutListener(sessionFactory); + } + + protected SessionTimeoutListener createSessionTimeoutListener() { + return new SessionTimeoutListener(); + } + + protected void stopSessionTimeoutListener(AbstractSessionFactory sessionFactory) { + // cancel the timeout monitoring task + if (timeoutListenerFuture != null) { + try { + timeoutListenerFuture.cancel(true); + } finally { + timeoutListenerFuture = null; + } + } + + // remove the sessionTimeoutListener completely; should the SSH server/client be restarted, a new one + // will be created. + if (sessionTimeoutListener != null) { + try { + removeSessionListener(sessionTimeoutListener); + } finally { + sessionTimeoutListener = null; + } + } + } + + protected void checkConfig() { + ValidateUtils.checkNotNullAndNotEmpty(getKeyExchangeFactories(), "KeyExchangeFactories not set"); + + if (getScheduledExecutorService() == null) { + setScheduledExecutorService( + ThreadUtils.newSingleThreadScheduledExecutor(this.toString() + "-timer"), + true); + } + + ValidateUtils.checkNotNullAndNotEmpty(getCipherFactories(), "CipherFactories not set"); + ValidateUtils.checkNotNullAndNotEmpty(getCompressionFactories(), "CompressionFactories not set"); + ValidateUtils.checkNotNullAndNotEmpty(getMacFactories(), "MacFactories not set"); + + Objects.requireNonNull(getRandomFactory(), "RandomFactory not set"); + + if (getIoServiceFactoryFactory() == null) { + IoServiceFactoryFactory defaultFactory = DefaultIoServiceFactoryFactory.getDefaultIoServiceFactoryFactoryInstance(); + setIoServiceFactoryFactory(defaultFactory); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/AbstractIoServiceFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/io/AbstractIoServiceFactory.java new file mode 100644 index 0000000..3824d92 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/AbstractIoServiceFactory.java @@ -0,0 +1,97 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.io; + +import java.util.Objects; +import java.util.concurrent.TimeUnit; + +import org.apache.sshd.common.FactoryManager; +import org.apache.sshd.common.FactoryManagerHolder; +import org.apache.sshd.common.util.closeable.AbstractCloseable; +import org.apache.sshd.common.util.threads.CloseableExecutorService; +import org.apache.sshd.common.util.threads.ExecutorServiceCarrier; +import org.apache.sshd.common.CoreModuleProperties; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractIoServiceFactory + extends AbstractCloseable + implements IoServiceFactory, FactoryManagerHolder, ExecutorServiceCarrier { + + private IoServiceEventListener eventListener; + private final FactoryManager manager; + private final CloseableExecutorService executor; + + protected AbstractIoServiceFactory(FactoryManager factoryManager, CloseableExecutorService executorService) { + manager = Objects.requireNonNull(factoryManager, "No factory manager provided"); + executor = Objects.requireNonNull(executorService, "No executor service provided"); + eventListener = factoryManager.getIoServiceEventListener(); + } + + @Override + public final FactoryManager getFactoryManager() { + return manager; + } + + @Override + public final CloseableExecutorService getExecutorService() { + return executor; + } + + @Override + public IoServiceEventListener getIoServiceEventListener() { + return eventListener; + } + + @Override + public void setIoServiceEventListener(IoServiceEventListener listener) { + eventListener = listener; + } + + @Override + protected void doCloseImmediately() { + try { + CloseableExecutorService service = getExecutorService(); + if ((service != null) && (!service.isShutdown())) { + service.shutdownNow(); + if (service.awaitTermination(5, TimeUnit.SECONDS)) { + } else { + } + } + } catch (Exception e) { + } finally { + super.doCloseImmediately(); + } + } + + protected S autowireCreatedService(S service) { + if (service == null) { + return service; + } + + service.setIoServiceEventListener(getIoServiceEventListener()); + return service; + } + + public static int getNioWorkers(FactoryManager manager) { + return CoreModuleProperties.NIO_WORKERS.getRequired(manager); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/AbstractIoServiceFactoryFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/io/AbstractIoServiceFactoryFactory.java new file mode 100644 index 0000000..741b485 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/AbstractIoServiceFactoryFactory.java @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.io; + +import org.apache.sshd.common.Factory; +import org.apache.sshd.common.util.threads.CloseableExecutorService; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractIoServiceFactoryFactory + implements IoServiceFactoryFactory { + + private Factory executorServiceFactory; + + /** + * @param factory The {@link CloseableExecutorService} factory to use for spawning threads. If {@code null} then an + * internal service will be allocated. + */ + protected AbstractIoServiceFactoryFactory(Factory factory) { + executorServiceFactory = factory; + } + + public Factory getExecutorServiceFactory() { + return executorServiceFactory; + } + + @Override + public void setExecutorServiceFactory(Factory factory) { + executorServiceFactory = factory; + } + + protected CloseableExecutorService newExecutor() { + return executorServiceFactory != null ? executorServiceFactory.create() : null; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/AbstractIoWriteFuture.java b/files-sftp/src/main/java/org/apache/sshd/common/io/AbstractIoWriteFuture.java new file mode 100644 index 0000000..efd0903 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/AbstractIoWriteFuture.java @@ -0,0 +1,65 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.io; + +import java.io.IOException; + +import org.apache.sshd.common.SshException; +import org.apache.sshd.common.future.DefaultVerifiableSshFuture; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractIoWriteFuture + extends DefaultVerifiableSshFuture + implements IoWriteFuture { + protected AbstractIoWriteFuture(Object id, Object lock) { + super(id, lock); + } + + @Override + public IoWriteFuture verify(long timeout) throws IOException { + Boolean result = verifyResult(Boolean.class, timeout); + if (!result) { + throw formatExceptionMessage( + SshException::new, + "Write failed signalled while wait %d msec.", + timeout); + } + + return this; + } + + @Override + public boolean isWritten() { + Object value = getValue(); + return (value instanceof Boolean) && (Boolean) value; + } + + @Override + public Throwable getException() { + Object v = getValue(); + if (v instanceof Throwable) { + return (Throwable) v; + } else { + return null; + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/BuiltinIoServiceFactoryFactories.java b/files-sftp/src/main/java/org/apache/sshd/common/io/BuiltinIoServiceFactoryFactories.java new file mode 100644 index 0000000..e64baf2 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/BuiltinIoServiceFactoryFactories.java @@ -0,0 +1,131 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.io; + +import java.util.Collections; +import java.util.EnumSet; +import java.util.Set; + +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.OptionalFeature; +import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory; +import org.apache.sshd.common.util.ReflectionUtils; + +/** + * @author Apache MINA SSHD Project + */ +public enum BuiltinIoServiceFactoryFactories implements NamedFactory, OptionalFeature { + NIO2(Nio2ServiceFactoryFactory.class), + MINA("org.apache.sshd.common.io.mina.MinaServiceFactoryFactory"), + NETTY("org.apache.sshd.netty.NettyIoServiceFactoryFactory"); + + public static final Set VALUES + = Collections.unmodifiableSet(EnumSet.allOf(BuiltinIoServiceFactoryFactories.class)); + + private final Class factoryClass; + private final String factoryClassName; + + BuiltinIoServiceFactoryFactories(Class clazz) { + factoryClass = clazz; + factoryClassName = null; + } + + BuiltinIoServiceFactoryFactories(String clazz) { + factoryClass = null; + factoryClassName = clazz; + } + + public final String getFactoryClassName() { + if (factoryClass != null) { + return factoryClass.getName(); + } else { + return factoryClassName; + } + } + + @SuppressWarnings({ "unchecked", "rawtypes" }) + public final Class getFactoryClass() { + if (factoryClass != null) { + return factoryClass; + } + + try { + return (Class) Class.forName(factoryClassName, true, BuiltinIoServiceFactoryFactories.class.getClassLoader()); + } catch (ClassNotFoundException e) { + try { + return (Class) Class.forName(factoryClassName, true, Thread.currentThread().getContextClassLoader()); + } catch (ClassNotFoundException e1) { + throw new RuntimeException(e); + } + } + } + + @Override + public final String getName() { + return name().toLowerCase(); + } + + @Override + public final IoServiceFactoryFactory create() { + Class clazz = getFactoryClass(); + try { + return ReflectionUtils.newInstance(clazz, IoServiceFactoryFactory.class); + } catch (Throwable e) { + if (e instanceof RuntimeException) { + throw (RuntimeException) e; + } else { + throw new RuntimeException(e); + } + } + } + + @Override + public boolean isSupported() { + try { + return getFactoryClass() != null; + } catch (RuntimeException e) { + return false; + } + } + + public static BuiltinIoServiceFactoryFactories fromFactoryName(String name) { + return NamedResource.findByName(name, String.CASE_INSENSITIVE_ORDER, VALUES); + } + + public static BuiltinIoServiceFactoryFactories fromFactoryClass(Class clazz) { + if ((clazz == null) || (!IoServiceFactoryFactory.class.isAssignableFrom(clazz))) { + return null; + } + + for (BuiltinIoServiceFactoryFactories f : VALUES) { + if (!f.isSupported()) { + continue; + } + + if (clazz.isAssignableFrom(f.getFactoryClass())) { + return f; + } + } + + return null; + } + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/DefaultIoServiceFactoryFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/io/DefaultIoServiceFactoryFactory.java new file mode 100644 index 0000000..b51dab5 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/DefaultIoServiceFactoryFactory.java @@ -0,0 +1,177 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.io; + +import java.util.Deque; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.ServiceLoader; + +import org.apache.sshd.common.Factory; +import org.apache.sshd.common.FactoryManager; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ReflectionUtils; +import org.apache.sshd.common.util.threads.CloseableExecutorService; + +/** + * @author Apache MINA SSHD Project + */ +public class DefaultIoServiceFactoryFactory extends AbstractIoServiceFactoryFactory { + + private IoServiceFactoryFactory factory; + + protected DefaultIoServiceFactoryFactory() { + this(null); + } + + protected DefaultIoServiceFactoryFactory(Factory factory) { + super(factory); + } + + @Override + public IoServiceFactory create(FactoryManager manager) { + IoServiceFactoryFactory factoryInstance = getIoServiceProvider(); + return factoryInstance.create(manager); + } + + /** + * @return The actual {@link IoServiceFactoryFactory} being delegated + */ + public IoServiceFactoryFactory getIoServiceProvider() { + synchronized (this) { + if (factory != null) { + return factory; + } + + factory = newInstance(IoServiceFactoryFactory.class); + if (factory == null) { + factory = BuiltinIoServiceFactoryFactories.NIO2.create(); + } else { + } + + Factory executorServiceFactory = getExecutorServiceFactory(); + if (executorServiceFactory != null) { + factory.setExecutorServiceFactory(executorServiceFactory); + } + } + + return factory; + } + + public static T newInstance(Class clazz) { + String propName = clazz.getName(); + String factory = System.getProperty(propName); + if (!GenericUtils.isEmpty(factory)) { + return newInstance(clazz, factory); + } + + Thread currentThread = Thread.currentThread(); + ClassLoader cl = currentThread.getContextClassLoader(); + if (cl != null) { + T t = tryLoad(propName, ServiceLoader.load(clazz, cl)); + if (t != null) { + return t; + } + } + + ClassLoader clDefault = DefaultIoServiceFactoryFactory.class.getClassLoader(); + if (cl != clDefault) { + T t = tryLoad(propName, ServiceLoader.load(clazz, clDefault)); + if (t != null) { + return t; + } + } + + return null; + } + + public static T tryLoad(String propName, ServiceLoader loader) { + Iterator it = loader.iterator(); + Deque services = new LinkedList<>(); + try { + while (it.hasNext()) { + try { + T instance = it.next(); + services.add(instance); + } catch (Throwable t) { + } + } + } catch (Throwable t) { + } + + int numDetected = services.size(); + if (numDetected <= 0) { + return null; + } + + if (numDetected != 1) { + for (T s : services) { + } + throw new IllegalStateException( + "Multiple (" + numDetected + ")" + + " registered " + IoServiceFactoryFactory.class.getSimpleName() + + " instances detected." + + " Please use -D" + propName + "=...factory class.. to select one" + + " or remove the extra providers from the classpath"); + } + + return services.removeFirst(); + } + + public static T newInstance(Class clazz, String factory) { + BuiltinIoServiceFactoryFactories builtin = BuiltinIoServiceFactoryFactories.fromFactoryName(factory); + if (builtin != null) { + IoServiceFactoryFactory builtinInstance = builtin.create(); + return clazz.cast(builtinInstance); + } + + Thread currentThread = Thread.currentThread(); + ClassLoader cl = currentThread.getContextClassLoader(); + if (cl != null) { + try { + Class loaded = cl.loadClass(factory); + return ReflectionUtils.newInstance(loaded, clazz); + } catch (Throwable t) { + } + } + + ClassLoader clDefault = DefaultIoServiceFactoryFactory.class.getClassLoader(); + if (cl != clDefault) { + try { + Class loaded = clDefault.loadClass(factory); + return ReflectionUtils.newInstance(loaded, clazz); + } catch (Throwable t) { + } + } + throw new IllegalStateException("Unable to create instance of class " + factory); + } + + private static final class LazyDefaultIoServiceFactoryFactoryHolder { + private static final DefaultIoServiceFactoryFactory INSTANCE = new DefaultIoServiceFactoryFactory(); + + private LazyDefaultIoServiceFactoryFactoryHolder() { + throw new UnsupportedOperationException("No instance allowed"); + } + } + + @SuppressWarnings("synthetic-access") + public static DefaultIoServiceFactoryFactory getDefaultIoServiceFactoryFactoryInstance() { + return LazyDefaultIoServiceFactoryFactoryHolder.INSTANCE; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/IoAcceptor.java b/files-sftp/src/main/java/org/apache/sshd/common/io/IoAcceptor.java new file mode 100644 index 0000000..17cba09 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/IoAcceptor.java @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.io; + +import java.io.IOException; +import java.net.SocketAddress; +import java.util.Collection; +import java.util.Set; + +/** + * @author Apache MINA SSHD Project + */ +public interface IoAcceptor extends IoService { + + void bind(Collection addresses) throws IOException; + + void bind(SocketAddress address) throws IOException; + + void unbind(Collection addresses); + + void unbind(SocketAddress address); + + void unbind(); + + Set getBoundAddresses(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/IoConnectFuture.java b/files-sftp/src/main/java/org/apache/sshd/common/io/IoConnectFuture.java new file mode 100644 index 0000000..ffc7d2d --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/IoConnectFuture.java @@ -0,0 +1,70 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.io; + +import org.apache.sshd.common.future.SshFuture; + +public interface IoConnectFuture extends SshFuture { + + /** + * @return The current {@link IoSession} - may be {@code null} if connect operation not finished yet or attempt has + * failed + * @see #getException() + */ + IoSession getSession(); + + /** + * Returns the cause of the connection failure. + * + * @return {@code null} if the connect operation is not finished yet, or if the connection attempt is successful. + * @see #getSession() + */ + Throwable getException(); + + /** + * @return true if the connect operation is finished successfully. + */ + boolean isConnected(); + + /** + * @return {@code true} if the connect operation has been canceled by {@link #cancel()} method. + */ + boolean isCanceled(); + + /** + * Sets the newly connected session and notifies all threads waiting for this future. This method is invoked by SSHD + * internally. Please do not call this method directly. + * + * @param session The connected {@link IoSession} + */ + void setSession(IoSession session); + + /** + * Sets the exception caught due to connection failure and notifies all threads waiting for this future. This method + * is invoked by SSHD internally. Please do not call this method directly. + * + * @param exception The caught {@link Throwable} + */ + void setException(Throwable exception); + + /** + * Cancels the connection attempt and notifies all threads waiting for this future. + */ + void cancel(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/IoConnector.java b/files-sftp/src/main/java/org/apache/sshd/common/io/IoConnector.java new file mode 100644 index 0000000..f891a9d --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/IoConnector.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.io; + +import java.net.SocketAddress; + +import org.apache.sshd.common.AttributeRepository; + +/** + * @author Apache MINA SSHD Project + */ +public interface IoConnector extends IoService { + /** + * @param targetAddress The target address to connect to + * @param context An optional "context" to be attached to the established session if successfully + * connected + * @param localAddress The local address to use - if {@code null} an automatic ephemeral port and bind address is + * used + * @return The {@link IoConnectFuture future} representing the connection request + */ + IoConnectFuture connect( + SocketAddress targetAddress, AttributeRepository context, SocketAddress localAddress); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/IoHandler.java b/files-sftp/src/main/java/org/apache/sshd/common/io/IoHandler.java new file mode 100644 index 0000000..42abfe5 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/IoHandler.java @@ -0,0 +1,34 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.io; + +import org.apache.sshd.common.util.Readable; + +/** + * @author Apache MINA SSHD Project + */ +public interface IoHandler { + void sessionCreated(IoSession session) throws Exception; + + void sessionClosed(IoSession session) throws Exception; + + void exceptionCaught(IoSession session, Throwable cause) throws Exception; + + void messageReceived(IoSession session, Readable message) throws Exception; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/IoHandlerFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/io/IoHandlerFactory.java new file mode 100644 index 0000000..878ebd1 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/IoHandlerFactory.java @@ -0,0 +1,31 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.io; + +import org.apache.sshd.common.Factory; + +/** + * @author Apache MINA SSHD Project + */ +// CHECKSTYLE:OFF +public interface IoHandlerFactory extends Factory { + // nothing extra +} +//CHECKSTYLE:ON diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/IoInputStream.java b/files-sftp/src/main/java/org/apache/sshd/common/io/IoInputStream.java new file mode 100644 index 0000000..8fb86e3 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/IoInputStream.java @@ -0,0 +1,37 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.io; + +import org.apache.sshd.common.Closeable; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * Represents a stream that can be read asynchronously. + * + * @author Apache MINA SSHD Project + */ +public interface IoInputStream extends Closeable { + /** + * NOTE: the buffer must not be touched until the returned read future is completed. + * + * @param buffer the {@link Buffer} to use + * @return The {@link IoReadFuture} for the operation + */ + IoReadFuture read(Buffer buffer); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/IoOutputStream.java b/files-sftp/src/main/java/org/apache/sshd/common/io/IoOutputStream.java new file mode 100644 index 0000000..64b8876 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/IoOutputStream.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.io; + +import java.io.IOException; + +import org.apache.sshd.common.Closeable; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * Represents a stream that can be written asynchronously. + * + * @author Apache MINA SSHD Project + */ +public interface IoOutputStream extends Closeable { + + /** + * Write the given buffer. + * + * @param buffer the data to write. NOTE: the buffer must not be touched until the returned write + * future is completed. + * @return An {@code IoWriteFuture} that can be used to check when the data has actually been written. + * @throws IOException if an error occurred when writing the data + */ + IoWriteFuture writeBuffer(Buffer buffer) throws IOException; + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/IoReadFuture.java b/files-sftp/src/main/java/org/apache/sshd/common/io/IoReadFuture.java new file mode 100644 index 0000000..3a4e1c2 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/IoReadFuture.java @@ -0,0 +1,40 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.io; + +import org.apache.sshd.common.future.SshFuture; +import org.apache.sshd.common.future.VerifiableFuture; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * @author Apache MINA SSHD Project + */ +public interface IoReadFuture extends SshFuture, VerifiableFuture { + Buffer getBuffer(); + + int getRead(); + + /** + * Returns the cause of the read failure. + * + * @return {@code null} if the read operation is not finished yet, or if the read attempt is successful (use + * {@link #isDone()} to distinguish between the two). + */ + Throwable getException(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/IoService.java b/files-sftp/src/main/java/org/apache/sshd/common/io/IoService.java new file mode 100644 index 0000000..10cb675 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/IoService.java @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.io; + +import java.util.Map; + +import org.apache.sshd.common.Closeable; + +/** + * @author Apache MINA SSHD Project + */ +public interface IoService extends Closeable, IoServiceEventListenerManager { + /** + * Socket reuse address. See {@link java.net.StandardSocketOptions#SO_REUSEADDR} + */ + boolean DEFAULT_REUSE_ADDRESS = true; + + /** + * Returns the map of all sessions which are currently managed by this service. The key of map is the + * {@link IoSession#getId() ID} of the session. + * + * @return the sessions. An empty collection if there's no session. + */ + Map getManagedSessions(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/IoServiceEventListener.java b/files-sftp/src/main/java/org/apache/sshd/common/io/IoServiceEventListener.java new file mode 100644 index 0000000..bf2a3b2 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/IoServiceEventListener.java @@ -0,0 +1,101 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.io; + +import java.io.IOException; +import java.net.SocketAddress; + +import org.apache.sshd.common.AttributeRepository; +import org.apache.sshd.common.util.SshdEventListener; + +/** + * @author Apache MINA SSHD Project + */ +public interface IoServiceEventListener extends SshdEventListener { + /** + * Called when a new connection has been created to a remote peer - before it was converted into a session + * + * @param connector The {@link IoConnector} through which the connection was established + * @param local The local connection endpoint + * @param context An optional "context" provided by the user when connection was requested + * @param remote The remote connection endpoint + * @throws IOException If failed to handle the event - in which case connection will be aborted + */ + default void connectionEstablished( + IoConnector connector, SocketAddress local, AttributeRepository context, SocketAddress remote) + throws IOException { + // Do nothing + } + + /** + * Called when a previously established connection has been abnormally terminated before it could be turned into a + * session + * + * @param connector The {@link IoConnector} through which the connection was established + * @param local The local connection endpoint + * @param context An optional "context" provided by the user when connection was requested + * @param remote The remote connection endpoint + * @param reason The reason for aborting - may be an exception thrown by + * {@link #connectionEstablished(IoConnector, SocketAddress, AttributeRepository, SocketAddress) + * connectionEstablished} + * @throws IOException If failed to handle the event - the exception is logged but does not prevent further + * connections from being accepted + */ + default void abortEstablishedConnection( + IoConnector connector, SocketAddress local, AttributeRepository context, SocketAddress remote, Throwable reason) + throws IOException { + // Do nothing + } + + /** + * Called when a new connection has been accepted from a remote peer - before it was converted into a session + * + * @param acceptor The {@link IoAcceptor} through which the connection was accepted + * @param local The local connection endpoint + * @param remote The remote connection endpoint + * @param service The service listen endpoint through which the connection was accepted + * @throws IOException If failed to handle the event - in which case connection will be aborted + */ + default void connectionAccepted( + IoAcceptor acceptor, SocketAddress local, SocketAddress remote, SocketAddress service) + throws IOException { + // Do nothing + } + + /** + * Called when a previously accepted connection has been abnormally terminated before it could be turned into a + * session + * + * @param acceptor The {@link IoAcceptor} through which the connection was accepted + * @param local The local connection endpoint + * @param remote The remote connection endpoint + * @param service The service listen endpoint through which the connection was accepted + * @param reason The reason for aborting - may be an exception thrown by + * {@link #connectionAccepted(IoAcceptor, SocketAddress, SocketAddress, SocketAddress) + * connectionAccepted} + * @throws IOException If failed to handle the event - the exception is logged but does not prevent further + * connections from being accepted + */ + default void abortAcceptedConnection( + IoAcceptor acceptor, SocketAddress local, SocketAddress remote, SocketAddress service, Throwable reason) + throws IOException { + // Do nothing + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/IoServiceEventListenerManager.java b/files-sftp/src/main/java/org/apache/sshd/common/io/IoServiceEventListenerManager.java new file mode 100644 index 0000000..4dcf55e --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/IoServiceEventListenerManager.java @@ -0,0 +1,28 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.io; + +/** + * @author Apache MINA SSHD Project + */ +public interface IoServiceEventListenerManager { + IoServiceEventListener getIoServiceEventListener(); + + void setIoServiceEventListener(IoServiceEventListener listener); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/IoServiceFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/io/IoServiceFactory.java new file mode 100644 index 0000000..d6c110b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/IoServiceFactory.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.io; + +import org.apache.sshd.common.Closeable; + +/** + * @author Apache MINA SSHD Project + */ +public interface IoServiceFactory extends Closeable, IoServiceEventListenerManager { + + IoConnector createConnector(IoHandler handler); + + IoAcceptor createAcceptor(IoHandler handler); + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/IoServiceFactoryFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/io/IoServiceFactoryFactory.java new file mode 100644 index 0000000..07ecb8c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/IoServiceFactoryFactory.java @@ -0,0 +1,33 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.io; + +import org.apache.sshd.common.Factory; +import org.apache.sshd.common.FactoryManager; +import org.apache.sshd.common.util.threads.CloseableExecutorService; + +/** + * @author Apache MINA SSHD Project + */ +public interface IoServiceFactoryFactory { + + IoServiceFactory create(FactoryManager manager); + + void setExecutorServiceFactory(Factory factory); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/IoSession.java b/files-sftp/src/main/java/org/apache/sshd/common/io/IoSession.java new file mode 100644 index 0000000..76b0022 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/IoSession.java @@ -0,0 +1,137 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.io; + +import java.io.IOException; +import java.net.SocketAddress; + +import org.apache.sshd.common.Closeable; +import org.apache.sshd.common.future.CloseFuture; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.net.ConnectionEndpointsIndicator; + +public interface IoSession extends ConnectionEndpointsIndicator, Closeable { + + /** + * @return a unique identifier for this session. Every session has its own ID which is different from any other. + */ + long getId(); + + /** + * @return The service address through which this session was accepted - {@code null} if session was initiated by + * this peer instead of being accepted + */ + SocketAddress getAcceptanceAddress(); + + /** + * Returns the value of the user-defined attribute of this session. + * + * @param key the key of the attribute + * @return {@code null} if there is no attribute with the specified key + */ + Object getAttribute(Object key); + + /** + * Sets a user-defined attribute. + * + * @param key the key of the attribute + * @param value the value of the attribute + * @return The old value of the attribute - {@code null} if it is new. + */ + Object setAttribute(Object key, Object value); + + /** + * Sets a user defined attribute if the attribute with the specified key is not set yet. This method is same with + * the following code except that the operation is performed atomically. + * + * 
        +     * 
+     * if (containsAttribute(key)) {
+     *     return getAttribute(key);
+     * } else {
+     *     return setAttribute(key, value);
+     * }
+     * 
+     *
        + * + * @param key The key of the attribute we want to set + * @param value The value we want to set + * @return The old value of the attribute - {@code null} if not found. + */ + Object setAttributeIfAbsent(Object key, Object value); + + /** + * Removes a user-defined attribute with the specified key. + * + * @param key The key of the attribute we want to remove + * @return The old value of the attribute - {@code null} if not found. + */ + Object removeAttribute(Object key); + + /** + * Write a packet on the socket. Multiple writes can be issued concurrently and will be queued. + * + * @param buffer the buffer send. NOTE: the buffer must not be touched until the returned write future + * is completed. + * @return An {@code IoWriteFuture} that can be used to check when the packet has actually been sent + * @throws IOException if an error occurred when sending the packet + */ + IoWriteFuture writeBuffer(Buffer buffer) throws IOException; + + /** + * Closes this session immediately or after all queued write requests are flushed. This operation is asynchronous. + * Wait for the returned {@link CloseFuture} if you want to wait for the session actually closed. + * + * @param immediately {@code true} to close this session immediately. The pending write requests will simply be + * discarded. {@code false} to close this session after all queued write requests are flushed. + * @return The generated {@link CloseFuture} + */ + @Override + CloseFuture close(boolean immediately); + + /** + * @return the {@link IoService} that created this session. + */ + IoService getService(); + + /** + * Handle received EOF. + * + * @throws IOException If failed to shutdown the stream + */ + void shutdownOutputStream() throws IOException; + + /** + * Suspend read operations on this session. May do nothing if not supported by the session implementation. + * + * If the session usage includes a graceful shutdown with messages being exchanged, the caller needs to take care of + * resuming reading the input in order to actually be able to carry on the conversation with the peer. + */ + default void suspendRead() { + // Do nothing by default, but can be overriden by implementations + } + + /** + * Resume read operations on this session. May do nothing if not supported by the session implementation. + */ + default void resumeRead() { + // Do nothing by default, but can be overriden by implementations + } + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/IoWriteFuture.java b/files-sftp/src/main/java/org/apache/sshd/common/io/IoWriteFuture.java new file mode 100644 index 0000000..37304b8 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/IoWriteFuture.java @@ -0,0 +1,35 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.io; + +import org.apache.sshd.common.future.SshFuture; +import org.apache.sshd.common.future.VerifiableFuture; + +public interface IoWriteFuture extends SshFuture, VerifiableFuture { + /** + * @return true if the write operation is finished successfully. + */ + boolean isWritten(); + + /** + * @return the cause of the write failure if and only if the write operation has failed due to an {@link Exception}. + * Otherwise, {@code null} is returned (use {@link #isDone()} to distinguish between the two. + */ + Throwable getException(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/ReadPendingException.java b/files-sftp/src/main/java/org/apache/sshd/common/io/ReadPendingException.java new file mode 100644 index 0000000..315a464 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/ReadPendingException.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.io; + +public class ReadPendingException extends IllegalStateException { + private static final long serialVersionUID = -3407225601154249841L; + + public ReadPendingException() { + super(); + } + + public ReadPendingException(String message, Throwable cause) { + super(message, cause); + } + + public ReadPendingException(String s) { + super(s); + } + + public ReadPendingException(Throwable cause) { + super(cause); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/WritePendingException.java b/files-sftp/src/main/java/org/apache/sshd/common/io/WritePendingException.java new file mode 100644 index 0000000..b85f917 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/WritePendingException.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.io; + +public class WritePendingException extends IllegalStateException { + private static final long serialVersionUID = 8814014909076826576L; + + public WritePendingException() { + super(); + } + + public WritePendingException(String message, Throwable cause) { + super(message, cause); + } + + public WritePendingException(String s) { + super(s); + } + + public WritePendingException(Throwable cause) { + super(cause); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/nio2/Nio2Acceptor.java b/files-sftp/src/main/java/org/apache/sshd/common/io/nio2/Nio2Acceptor.java new file mode 100644 index 0000000..439cdb1 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/nio2/Nio2Acceptor.java @@ -0,0 +1,325 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.io.nio2; + +import java.io.IOException; +import java.net.SocketAddress; +import java.nio.channels.AsynchronousChannelGroup; +import java.nio.channels.AsynchronousServerSocketChannel; +import java.nio.channels.AsynchronousSocketChannel; +import java.nio.channels.ClosedChannelException; +import java.nio.channels.CompletionHandler; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; +import java.util.Map; +import java.util.Objects; +import java.util.Set; +import java.util.concurrent.ConcurrentHashMap; + +import org.apache.sshd.common.Closeable; +import org.apache.sshd.common.FactoryManager; +import org.apache.sshd.common.io.IoAcceptor; +import org.apache.sshd.common.io.IoHandler; +import org.apache.sshd.common.io.IoServiceEventListener; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.io.IoUtils; +import org.apache.sshd.common.CoreModuleProperties; + +/** + * @author Apache MINA SSHD Project + */ +public class Nio2Acceptor extends Nio2Service implements IoAcceptor { + protected final Map channels = new ConcurrentHashMap<>(); + private int backlog; + + public Nio2Acceptor(FactoryManager manager, IoHandler handler, AsynchronousChannelGroup group) { + super(manager, handler, group); + backlog = CoreModuleProperties.SOCKET_BACKLOG.getRequired(manager); + } + + @Override + public void bind(Collection addresses) throws IOException { + if (GenericUtils.isEmpty(addresses)) { + return; + } + + AsynchronousChannelGroup group = getChannelGroup(); + Collection bound = new ArrayList<>(addresses.size()); + try { + for (SocketAddress address : addresses) { + + try { + AsynchronousServerSocketChannel asyncChannel = openAsynchronousServerSocketChannel(address, group); + // In case it or the other bindings fail + java.io.Closeable protector = protectInProgressBinding(address, asyncChannel); + bound.add(protector); + + AsynchronousServerSocketChannel socket = setSocketOptions(asyncChannel); + socket.bind(address, backlog); + + SocketAddress local = socket.getLocalAddress(); + + AsynchronousServerSocketChannel prev = channels.put(local, socket); + if (prev != null) { + } + + CompletionHandler handler + = ValidateUtils.checkNotNull(createSocketCompletionHandler(channels, socket), + "No completion handler created for address=%s[%s]", + address, local); + socket.accept(local, handler); + } catch (IOException | RuntimeException e) { + throw e; + } + } + + bound.clear(); // avoid auto-close at finally clause + } finally { + IOException err = IoUtils.closeQuietly(bound); + if (err != null) { + throw err; + } + } + } + + protected java.io.Closeable protectInProgressBinding( + SocketAddress address, AsynchronousServerSocketChannel asyncChannel) { + + return new java.io.Closeable() { + @Override + @SuppressWarnings("synthetic-access") + public void close() throws IOException { + try { + try { + SocketAddress local = asyncChannel.getLocalAddress(); + // make sure bound channel + if (local != null) { + channels.remove(local); + } + } finally { + + asyncChannel.close(); + } + } catch (ClosedChannelException e) { + // ignore if already closed + } + } + + @Override + public String toString() { + return "protectInProgressBinding(" + address + ")"; + } + }; + } + + protected AsynchronousServerSocketChannel openAsynchronousServerSocketChannel( + SocketAddress address, AsynchronousChannelGroup group) + throws IOException { + return AsynchronousServerSocketChannel.open(group); + } + + protected CompletionHandler createSocketCompletionHandler( + Map channelsMap, AsynchronousServerSocketChannel socket) + throws IOException { + return new AcceptCompletionHandler(socket); + } + + @Override + public void bind(SocketAddress address) throws IOException { + bind(Collections.singleton(address)); + } + + @Override + public void unbind() { + Collection addresses = getBoundAddresses(); + + unbind(addresses); + } + + @Override + public void unbind(Collection addresses) { + for (SocketAddress address : addresses) { + AsynchronousServerSocketChannel channel = channels.remove(address); + if (channel != null) { + try { + channel.close(); + } catch (IOException e) { + } + } else { + } + } + } + + @Override + public void unbind(SocketAddress address) { + unbind(Collections.singleton(address)); + } + + @Override + public Set getBoundAddresses() { + return new HashSet<>(channels.keySet()); + } + + @Override + protected void preClose() { + unbind(); + super.preClose(); + } + + @Override + protected Closeable getInnerCloseable() { + return builder() + .close(super.getInnerCloseable()) + .run(toString(), this::closeImmediately0) + .build(); + } + + protected void closeImmediately0() { + Collection boundAddresses = getBoundAddresses(); + for (SocketAddress address : boundAddresses) { + AsynchronousServerSocketChannel asyncChannel = channels.remove(address); + if (asyncChannel == null) { + continue; // debug breakpoint + } + + try { + asyncChannel.close(); + } catch (IOException e) { + } + } + } + + @Override + public String toString() { + return getClass().getSimpleName() + "[" + getBoundAddresses() + "]"; + } + + @SuppressWarnings("synthetic-access") + protected class AcceptCompletionHandler extends Nio2CompletionHandler { + protected final AsynchronousServerSocketChannel socket; + + AcceptCompletionHandler(AsynchronousServerSocketChannel socket) { + this.socket = socket; + } + + @Override + protected void onCompleted(AsynchronousSocketChannel result, SocketAddress address) { + // Verify that the address has not been unbound + if (!channels.containsKey(address)) { + return; + } + + Nio2Session session = null; + Long sessionId = null; + boolean keepAccepting; + IoServiceEventListener listener = getIoServiceEventListener(); + try { + if (listener != null) { + SocketAddress localAddress = result.getLocalAddress(); + SocketAddress remoteAddress = result.getRemoteAddress(); + listener.connectionAccepted(Nio2Acceptor.this, localAddress, remoteAddress, address); + } + + // Create a session + IoHandler handler = getIoHandler(); + setSocketOptions(result); + session = Objects.requireNonNull( + createSession(Nio2Acceptor.this, address, result, handler), + "No NIO2 session created"); + sessionId = session.getId(); + handler.sessionCreated(session); + sessions.put(sessionId, session); + if (session.isClosing()) { + try { + handler.sessionClosed(session); + } finally { + unmapSession(sessionId); + } + } else { + session.startReading(); + } + + keepAccepting = true; + } catch (Throwable exc) { + if (listener != null) { + try { + SocketAddress localAddress = result.getLocalAddress(); + SocketAddress remoteAddress = result.getRemoteAddress(); + listener.abortAcceptedConnection(Nio2Acceptor.this, localAddress, remoteAddress, address, exc); + } catch (Exception e) { + } + } + keepAccepting = okToReaccept(exc, address); + + // fail fast the accepted connection + if (session != null) { + try { + session.close(); + } catch (Throwable t) { + } + } + + unmapSession(sessionId); + } + + if (keepAccepting) { + try { + // Accept new connections + socket.accept(address, this); + } catch (Throwable exc) { + failed(exc, address); + } + } else { + } + } + + protected Nio2Session createSession( + Nio2Acceptor acceptor, SocketAddress address, AsynchronousSocketChannel channel, IoHandler handler) + throws Throwable { + return new Nio2Session(acceptor, getFactoryManager(), handler, channel, address); + } + + @Override + protected void onFailed(Throwable exc, SocketAddress address) { + if (okToReaccept(exc, address)) { + try { + // Accept new connections + socket.accept(address, this); + } catch (Throwable t) { + // Do not call failed(t, address) to avoid infinite recursion + } + } + } + + protected boolean okToReaccept(Throwable exc, SocketAddress address) { + AsynchronousServerSocketChannel channel = channels.get(address); + if (channel == null) { + return false; + } + + if (disposing.get()) { + return false; + } + return true; + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/nio2/Nio2CompletionHandler.java b/files-sftp/src/main/java/org/apache/sshd/common/io/nio2/Nio2CompletionHandler.java new file mode 100644 index 0000000..8d97438 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/nio2/Nio2CompletionHandler.java @@ -0,0 +1,54 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.io.nio2; + +import java.nio.channels.CompletionHandler; +import java.security.AccessController; +import java.security.PrivilegedAction; + +/** + * @param Result type + * @param Attachment type + * @author Apache MINA SSHD Project + */ +public abstract class Nio2CompletionHandler implements CompletionHandler { + protected Nio2CompletionHandler() { + super(); + } + + @Override + public void completed(V result, A attachment) { + AccessController.doPrivileged((PrivilegedAction) () -> { + onCompleted(result, attachment); + return null; + }); + } + + @Override + public void failed(Throwable exc, A attachment) { + AccessController.doPrivileged((PrivilegedAction) () -> { + onFailed(exc, attachment); + return null; + }); + } + + protected abstract void onCompleted(V result, A attachment); + + protected abstract void onFailed(Throwable exc, A attachment); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/nio2/Nio2Connector.java b/files-sftp/src/main/java/org/apache/sshd/common/io/nio2/Nio2Connector.java new file mode 100644 index 0000000..eab15f8 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/nio2/Nio2Connector.java @@ -0,0 +1,215 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.io.nio2; + +import java.io.IOException; +import java.net.SocketAddress; +import java.nio.channels.AsynchronousChannelGroup; +import java.nio.channels.AsynchronousSocketChannel; + +import org.apache.sshd.common.AttributeRepository; +import org.apache.sshd.common.FactoryManager; +import org.apache.sshd.common.future.DefaultSshFuture; +import org.apache.sshd.common.io.IoConnectFuture; +import org.apache.sshd.common.io.IoConnector; +import org.apache.sshd.common.io.IoHandler; +import org.apache.sshd.common.io.IoServiceEventListener; +import org.apache.sshd.common.io.IoSession; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * TODO Add javadoc + * + * @author Apache MINA SSHD Project + */ +public class Nio2Connector extends Nio2Service implements IoConnector { + public Nio2Connector(FactoryManager manager, IoHandler handler, AsynchronousChannelGroup group) { + super(manager, handler, group); + } + + @Override + public IoConnectFuture connect( + SocketAddress address, AttributeRepository context, SocketAddress localAddress) { + + IoConnectFuture future = new DefaultIoConnectFuture(address, null); + AsynchronousSocketChannel channel = null; + AsynchronousSocketChannel socket = null; + try { + AsynchronousChannelGroup group = getChannelGroup(); + channel = openAsynchronousSocketChannel(address, group); + socket = setSocketOptions(channel); + if (localAddress != null) { + socket.bind(localAddress); + } + Nio2CompletionHandler completionHandler = ValidateUtils.checkNotNull( + createConnectionCompletionHandler( + future, socket, context, getFactoryManager(), getIoHandler()), + "No connection completion handler created for %s", + address); + socket.connect(address, null, completionHandler); + } catch (Throwable exc) { + Throwable t = GenericUtils.peelException(exc); + + try { + if (socket != null) { + socket.close(); + } + } catch (IOException err) { + } + + try { + if (channel != null) { + channel.close(); + } + } catch (IOException err) { + } + + future.setException(t); + } + + return future; + } + + protected AsynchronousSocketChannel openAsynchronousSocketChannel( + SocketAddress address, AsynchronousChannelGroup group) + throws IOException { + return AsynchronousSocketChannel.open(group); + } + + protected Nio2CompletionHandler createConnectionCompletionHandler( + IoConnectFuture future, AsynchronousSocketChannel socket, + AttributeRepository context, FactoryManager manager, IoHandler handler) { + return new ConnectionCompletionHandler(future, socket, context, manager, handler); + } + + protected class ConnectionCompletionHandler extends Nio2CompletionHandler { + protected final IoConnectFuture future; + protected final AsynchronousSocketChannel socket; + protected final AttributeRepository context; + protected final FactoryManager manager; + protected final IoHandler handler; + + protected ConnectionCompletionHandler( + IoConnectFuture future, AsynchronousSocketChannel socket, + AttributeRepository context, FactoryManager manager, IoHandler handler) { + this.future = future; + this.socket = socket; + this.context = context; + this.manager = manager; + this.handler = handler; + } + + @Override + @SuppressWarnings("synthetic-access") + protected void onCompleted(Void result, Object attachment) { + Long sessionId = null; + IoServiceEventListener listener = getIoServiceEventListener(); + try { + if (listener != null) { + SocketAddress local = socket.getLocalAddress(); + SocketAddress remote = socket.getRemoteAddress(); + listener.connectionEstablished(Nio2Connector.this, local, context, remote); + } + + Nio2Session session = createSession(manager, handler, socket); + if (context != null) { + session.setAttribute(AttributeRepository.class, context); + } + + handler.sessionCreated(session); + sessionId = session.getId(); + sessions.put(sessionId, session); + future.setSession(session); + if (session.isClosing()) { + try { + handler.sessionClosed(session); + } finally { + unmapSession(sessionId); + } + } else { + session.startReading(); + } + } catch (Throwable exc) { + Throwable t = GenericUtils.peelException(exc); + if (listener != null) { + try { + SocketAddress localAddress = socket.getLocalAddress(); + SocketAddress remoteAddress = socket.getRemoteAddress(); + listener.abortEstablishedConnection( + Nio2Connector.this, localAddress, context, remoteAddress, t); + } catch (Exception e) { + } + } + + try { + socket.close(); + } catch (IOException err) { + } + + future.setException(t); + unmapSession(sessionId); + } + } + + @Override + protected void onFailed(Throwable exc, Object attachment) { + future.setException(exc); + } + } + + protected Nio2Session createSession( + FactoryManager manager, IoHandler handler, AsynchronousSocketChannel socket) + throws Throwable { + return new Nio2Session(this, manager, handler, socket, null); + } + + public static class DefaultIoConnectFuture extends DefaultSshFuture implements IoConnectFuture { + public DefaultIoConnectFuture(Object id, Object lock) { + super(id, lock); + } + + @Override + public IoSession getSession() { + Object v = getValue(); + return v instanceof IoSession ? (IoSession) v : null; + } + + @Override + public Throwable getException() { + Object v = getValue(); + return v instanceof Throwable ? (Throwable) v : null; + } + + @Override + public boolean isConnected() { + return getValue() instanceof IoSession; + } + + @Override + public void setSession(IoSession session) { + setValue(session); + } + + @Override + public void setException(Throwable exception) { + setValue(exception); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/nio2/Nio2DefaultIoWriteFuture.java b/files-sftp/src/main/java/org/apache/sshd/common/io/nio2/Nio2DefaultIoWriteFuture.java new file mode 100644 index 0000000..8d83f4c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/nio2/Nio2DefaultIoWriteFuture.java @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.io.nio2; + +import java.nio.ByteBuffer; +import java.util.Objects; + +import org.apache.sshd.common.io.AbstractIoWriteFuture; + +/** + * @author Apache MINA SSHD Project + */ +public class Nio2DefaultIoWriteFuture extends AbstractIoWriteFuture { + private final ByteBuffer buffer; + + public Nio2DefaultIoWriteFuture(Object id, Object lock, ByteBuffer buffer) { + super(id, lock); + this.buffer = buffer; + } + + public ByteBuffer getBuffer() { + return buffer; + } + + public void setWritten() { + setValue(Boolean.TRUE); + } + + public void setException(Throwable exception) { + setValue(Objects.requireNonNull(exception, "No exception specified")); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/nio2/Nio2Service.java b/files-sftp/src/main/java/org/apache/sshd/common/io/nio2/Nio2Service.java new file mode 100644 index 0000000..2c094c5 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/nio2/Nio2Service.java @@ -0,0 +1,193 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.io.nio2; + +import java.io.IOException; +import java.net.SocketOption; +import java.net.SocketTimeoutException; +import java.net.StandardSocketOptions; +import java.nio.channels.AsynchronousChannelGroup; +import java.nio.channels.NetworkChannel; +import java.time.Duration; +import java.util.AbstractMap.SimpleImmutableEntry; +import java.util.Collection; +import java.util.Collections; +import java.util.LinkedHashMap; +import java.util.Map; +import java.util.Objects; +import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.atomic.AtomicBoolean; + +import org.apache.sshd.common.Closeable; +import org.apache.sshd.common.FactoryManager; +import org.apache.sshd.common.FactoryManagerHolder; +import org.apache.sshd.common.Property; +import org.apache.sshd.common.PropertyResolver; +import org.apache.sshd.common.io.IoHandler; +import org.apache.sshd.common.io.IoService; +import org.apache.sshd.common.io.IoServiceEventListener; +import org.apache.sshd.common.io.IoSession; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.closeable.AbstractInnerCloseable; +import org.apache.sshd.common.CoreModuleProperties; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class Nio2Service extends AbstractInnerCloseable implements IoService, FactoryManagerHolder { + // Note: order may be important so that's why we use a LinkedHashMap + public static final Map, SimpleImmutableEntry, Object>> CONFIGURABLE_OPTIONS; + + static { + Map, SimpleImmutableEntry, Object>> map = new LinkedHashMap<>(); + map.put(CoreModuleProperties.SOCKET_KEEPALIVE, new SimpleImmutableEntry<>(StandardSocketOptions.SO_KEEPALIVE, null)); + map.put(CoreModuleProperties.SOCKET_LINGER, new SimpleImmutableEntry<>(StandardSocketOptions.SO_LINGER, null)); + map.put(CoreModuleProperties.SOCKET_RCVBUF, new SimpleImmutableEntry<>(StandardSocketOptions.SO_RCVBUF, null)); + map.put(CoreModuleProperties.SOCKET_REUSEADDR, + new SimpleImmutableEntry<>(StandardSocketOptions.SO_REUSEADDR, DEFAULT_REUSE_ADDRESS)); + map.put(CoreModuleProperties.SOCKET_SNDBUF, new SimpleImmutableEntry<>(StandardSocketOptions.SO_SNDBUF, null)); + map.put(CoreModuleProperties.TCP_NODELAY, new SimpleImmutableEntry<>(StandardSocketOptions.TCP_NODELAY, null)); + CONFIGURABLE_OPTIONS = Collections.unmodifiableMap(map); + } + + protected final Map sessions; + protected final AtomicBoolean disposing = new AtomicBoolean(); + private final FactoryManager manager; + private final IoHandler handler; + private final AsynchronousChannelGroup group; + private IoServiceEventListener eventListener; + + protected Nio2Service(FactoryManager manager, IoHandler handler, AsynchronousChannelGroup group) { + this.manager = Objects.requireNonNull(manager, "No factory manager provided"); + this.handler = Objects.requireNonNull(handler, "No I/O handler provided"); + this.group = Objects.requireNonNull(group, "No async. channel group provided"); + this.sessions = new ConcurrentHashMap<>(); + } + + @Override + public IoServiceEventListener getIoServiceEventListener() { + return eventListener; + } + + @Override + public void setIoServiceEventListener(IoServiceEventListener listener) { + eventListener = listener; + } + + protected AsynchronousChannelGroup getChannelGroup() { + return group; + } + + @Override + public FactoryManager getFactoryManager() { + return manager; + } + + public IoHandler getIoHandler() { + return handler; + } + + public void dispose() { + try { + if (disposing.getAndSet(true)) { + } + + Duration maxWait = Closeable.getMaxCloseWaitTime(getFactoryManager()); + boolean successful = close(true).await(maxWait); + if (!successful) { + throw new SocketTimeoutException("Failed to receive closure confirmation within " + maxWait); + } + } catch (IOException e) { + } + } + + @Override + protected Closeable getInnerCloseable() { + return builder() + .parallel(toString(), sessions.values()) + .build(); + } + + @Override + public Map getManagedSessions() { + return Collections.unmodifiableMap(sessions); + } + + public void sessionClosed(Nio2Session session) { + unmapSession(session.getId()); + } + + protected void unmapSession(Long sessionId) { + if (sessionId != null) { + IoSession ioSession = sessions.remove(sessionId); + } + } + + @SuppressWarnings("unchecked") + protected S setSocketOptions(S socket) throws IOException { + Collection> supported = socket.supportedOptions(); + if (GenericUtils.isEmpty(supported)) { + return socket; + } + + for (Map.Entry, ? extends Map.Entry, ?>> ce : CONFIGURABLE_OPTIONS.entrySet()) { + Property property = ce.getKey(); + Map.Entry, ?> defConfig = ce.getValue(); + @SuppressWarnings("rawtypes") + SocketOption option = defConfig.getKey(); + setOption(socket, property, option, defConfig.getValue()); + } + + return socket; + } + + protected boolean setOption( + NetworkChannel socket, Property property, SocketOption option, T defaultValue) + throws IOException { + PropertyResolver manager = getFactoryManager(); + String valStr = manager.getString(property.getName()); + T val = defaultValue; + if (!GenericUtils.isEmpty(valStr)) { + Class type = option.type(); + if (type == Integer.class) { + val = type.cast(Integer.valueOf(valStr)); + } else if (type == Boolean.class) { + val = type.cast(Boolean.valueOf(valStr)); + } else { + throw new IllegalStateException("Unsupported socket option type (" + type + ") " + property + "=" + valStr); + } + } + + if (val == null) { + return false; + } + + Collection> supported = socket.supportedOptions(); + if (GenericUtils.isEmpty(supported) || (!supported.contains(option))) { + return false; + } + + try { + socket.setOption(option, val); + return true; + } catch (IOException | RuntimeException e) { + return false; + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/nio2/Nio2ServiceFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/io/nio2/Nio2ServiceFactory.java new file mode 100644 index 0000000..f58ac27 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/nio2/Nio2ServiceFactory.java @@ -0,0 +1,77 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.io.nio2; + +import java.io.IOException; +import java.nio.channels.AsynchronousChannelGroup; +import java.util.concurrent.TimeUnit; + +import org.apache.sshd.common.FactoryManager; +import org.apache.sshd.common.RuntimeSshException; +import org.apache.sshd.common.io.AbstractIoServiceFactory; +import org.apache.sshd.common.io.IoAcceptor; +import org.apache.sshd.common.io.IoConnector; +import org.apache.sshd.common.io.IoHandler; +import org.apache.sshd.common.util.threads.CloseableExecutorService; +import org.apache.sshd.common.util.threads.ThreadUtils; + +/** + * @author Apache MINA SSHD Project + */ +public class Nio2ServiceFactory extends AbstractIoServiceFactory { + + private final AsynchronousChannelGroup group; + + public Nio2ServiceFactory(FactoryManager factoryManager, CloseableExecutorService service) { + super(factoryManager, + ThreadUtils.newFixedThreadPoolIf(service, factoryManager.toString() + "-nio2", getNioWorkers(factoryManager))); + try { + group = AsynchronousChannelGroup.withThreadPool(ThreadUtils.noClose(getExecutorService())); + } catch (IOException e) { + throw new RuntimeSshException(e); + } + } + + @Override + public IoConnector createConnector(IoHandler handler) { + return autowireCreatedService(new Nio2Connector(getFactoryManager(), handler, group)); + } + + @Override + public IoAcceptor createAcceptor(IoHandler handler) { + return autowireCreatedService(new Nio2Acceptor(getFactoryManager(), handler, group)); + } + + @Override + protected void doCloseImmediately() { + try { + if (!group.isShutdown()) { + group.shutdownNow(); + + // if we protect the executor then the await will fail since we didn't really shut it down... + if (group.awaitTermination(5, TimeUnit.SECONDS)) { + } else { + } + } + } catch (Exception e) { + } finally { + super.doCloseImmediately(); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/nio2/Nio2ServiceFactoryFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/io/nio2/Nio2ServiceFactoryFactory.java new file mode 100644 index 0000000..5264822 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/nio2/Nio2ServiceFactoryFactory.java @@ -0,0 +1,52 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.io.nio2; + +import java.nio.channels.AsynchronousChannel; +import java.util.Objects; + +import org.apache.sshd.common.Factory; +import org.apache.sshd.common.FactoryManager; +import org.apache.sshd.common.io.AbstractIoServiceFactoryFactory; +import org.apache.sshd.common.io.IoServiceFactory; +import org.apache.sshd.common.util.threads.CloseableExecutorService; + +/** + * @author Apache MINA SSHD Project + */ +public class Nio2ServiceFactoryFactory extends AbstractIoServiceFactoryFactory { + public Nio2ServiceFactoryFactory() { + this(null); + } + + /** + * @param executors The {@link CloseableExecutorService} to use for spawning threads. If {@code null} then an + * internal service is allocated - in which case it is automatically shutdown + */ + public Nio2ServiceFactoryFactory(Factory executors) { + super(executors); + // Make sure NIO2 is available + Objects.requireNonNull(AsynchronousChannel.class, "Missing NIO2 class"); + } + + @Override + public IoServiceFactory create(FactoryManager manager) { + return new Nio2ServiceFactory(manager, newExecutor()); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/io/nio2/Nio2Session.java b/files-sftp/src/main/java/org/apache/sshd/common/io/nio2/Nio2Session.java new file mode 100644 index 0000000..de7fd1a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/io/nio2/Nio2Session.java @@ -0,0 +1,472 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.io.nio2; + +import java.io.IOException; +import java.io.WriteAbortedException; +import java.net.SocketAddress; +import java.nio.ByteBuffer; +import java.nio.channels.AsynchronousSocketChannel; +import java.nio.channels.ClosedChannelException; +import java.time.Duration; +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; +import java.util.Queue; +import java.util.concurrent.LinkedTransferQueue; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.atomic.AtomicLong; +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.common.FactoryManager; +import org.apache.sshd.common.RuntimeSshException; +import org.apache.sshd.common.future.CloseFuture; +import org.apache.sshd.common.io.IoHandler; +import org.apache.sshd.common.io.IoSession; +import org.apache.sshd.common.io.IoWriteFuture; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.Readable; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.closeable.AbstractCloseable; +import org.apache.sshd.common.CoreModuleProperties; + +/** + * @author Apache MINA SSHD Project + */ +public class Nio2Session extends AbstractCloseable implements IoSession { + + public static final int DEFAULT_READBUF_SIZE = 32 * 1024; + + private static final AtomicLong SESSION_ID_GENERATOR = new AtomicLong(100L); + + private final long id = SESSION_ID_GENERATOR.incrementAndGet(); + private final Nio2Service service; + private final IoHandler ioHandler; + private final AsynchronousSocketChannel socketChannel; + private final Map attributes = new HashMap<>(); + private final SocketAddress localAddress; + private final SocketAddress remoteAddress; + private final SocketAddress acceptanceAddress; + private final FactoryManager manager; + private final Queue writes = new LinkedTransferQueue<>(); + private final AtomicReference currentWrite = new AtomicReference<>(); + private final AtomicLong readCyclesCounter = new AtomicLong(); + private final AtomicLong lastReadCycleStart = new AtomicLong(); + private final AtomicLong writeCyclesCounter = new AtomicLong(); + private final AtomicLong lastWriteCycleStart = new AtomicLong(); + private final Object suspendLock = new Object(); + private volatile boolean suspend; + private volatile Runnable readRunnable; + + public Nio2Session( + Nio2Service service, FactoryManager manager, IoHandler handler, AsynchronousSocketChannel socket, + SocketAddress acceptanceAddress) + throws IOException { + this.service = Objects.requireNonNull(service, "No service instance"); + this.manager = Objects.requireNonNull(manager, "No factory manager"); + this.ioHandler = Objects.requireNonNull(handler, "No IoHandler"); + this.socketChannel = Objects.requireNonNull(socket, "No socket channel"); + this.localAddress = socket.getLocalAddress(); + this.remoteAddress = socket.getRemoteAddress(); + this.acceptanceAddress = acceptanceAddress; + } + + @Override + public long getId() { + return id; + } + + @Override + public Object getAttribute(Object key) { + synchronized (attributes) { + return attributes.get(key); + } + } + + @Override + public Object setAttribute(Object key, Object value) { + synchronized (attributes) { + return attributes.put(key, value); + } + } + + @Override + public Object setAttributeIfAbsent(Object key, Object value) { + synchronized (attributes) { + return attributes.putIfAbsent(key, value); + } + } + + @Override + public Object removeAttribute(Object key) { + synchronized (attributes) { + return attributes.remove(key); + } + } + + @Override + public SocketAddress getRemoteAddress() { + return remoteAddress; + } + + @Override + public SocketAddress getLocalAddress() { + return localAddress; + } + + @Override + public SocketAddress getAcceptanceAddress() { + return acceptanceAddress; + } + + public AsynchronousSocketChannel getSocket() { + return socketChannel; + } + + public IoHandler getIoHandler() { + return ioHandler; + } + + public void suspend() { + AsynchronousSocketChannel socket = getSocket(); + try { + socket.shutdownInput(); + } catch (IOException e) { + } + + try { + socket.shutdownOutput(); + } catch (IOException e) { + } + } + + @Override + public IoWriteFuture writeBuffer(Buffer buffer) throws IOException { + + ByteBuffer buf = ByteBuffer.wrap(buffer.array(), buffer.rpos(), buffer.available()); + Nio2DefaultIoWriteFuture future = new Nio2DefaultIoWriteFuture(getRemoteAddress(), null, buf); + if (isClosing()) { + Throwable exc = new ClosedChannelException(); + future.setException(exc); + exceptionCaught(exc); + return future; + } + writes.add(future); + startWriting(); + return future; + } + + protected void exceptionCaught(Throwable exc) { + if (closeFuture.isClosed()) { + return; + } + + AsynchronousSocketChannel socket = getSocket(); + if (isOpen() && socket.isOpen()) { + IoHandler handler = getIoHandler(); + try { + handler.exceptionCaught(this, exc); + } catch (Throwable e) { + Throwable t = GenericUtils.peelException(e); + } + } + + close(true); + } + + @Override + protected CloseFuture doCloseGracefully() { + Object closeId = toString(); + return builder() + .when(closeId, writes) + .run(closeId, () -> { + try { + AsynchronousSocketChannel socket = getSocket(); + socket.shutdownOutput(); + } catch (IOException e) { + } + }).build() + .close(false); + } + + @Override + protected void doCloseImmediately() { + while (true) { + // Cancel pending requests informing them of the cancellation + Nio2DefaultIoWriteFuture future = writes.poll(); + if (future != null) { + if (future.isWritten()) { + continue; + } + + Throwable error = future.getException(); + if (error == null) { + future.setException( + new WriteAbortedException("Write request aborted due to immediate session close", null)); + } + } else { + break; + } + } + + AsynchronousSocketChannel socket = getSocket(); + try { + + socket.close(); + + } catch (IOException e) { + } + + service.sessionClosed(this); + super.doCloseImmediately(); + + IoHandler handler = getIoHandler(); + try { + handler.sessionClosed(this); + } catch (Throwable e) { + } + + synchronized (attributes) { + attributes.clear(); + } + } + + @Override // co-variant return + public Nio2Service getService() { + return service; + } + + @Override + public void shutdownOutputStream() throws IOException { + AsynchronousSocketChannel socket = getSocket(); + if (socket.isOpen()) { + socket.shutdownOutput(); + } + } + + public void startReading() { + startReading(CoreModuleProperties.NIO2_READ_BUFFER_SIZE.getRequired(manager)); + } + + public void startReading(int bufSize) { + startReading(new byte[bufSize]); + } + + public void startReading(byte[] buf) { + startReading(buf, 0, buf.length); + } + + public void startReading(byte[] buf, int offset, int len) { + startReading(ByteBuffer.wrap(buf, offset, len)); + } + + public void startReading(ByteBuffer buffer) { + doReadCycle(buffer, Readable.readable(buffer)); + } + + protected void doReadCycle(ByteBuffer buffer, Readable bufReader) { + Nio2CompletionHandler completion = Objects.requireNonNull( + createReadCycleCompletionHandler(buffer, bufReader), + "No completion handler created"); + doReadCycle(buffer, completion); + } + + protected Nio2CompletionHandler createReadCycleCompletionHandler( + ByteBuffer buffer, Readable bufReader) { + return new Nio2CompletionHandler() { + @Override + protected void onCompleted(Integer result, Object attachment) { + handleReadCycleCompletion(buffer, bufReader, this, result, attachment); + } + + @Override + protected void onFailed(Throwable exc, Object attachment) { + handleReadCycleFailure(buffer, bufReader, exc, attachment); + } + }; + } + + protected void handleReadCycleCompletion( + ByteBuffer buffer, Readable bufReader, Nio2CompletionHandler completionHandler, + Integer result, Object attachment) { + try { + if (result >= 0) { + buffer.flip(); + + IoHandler handler = getIoHandler(); + handler.messageReceived(this, bufReader); + if (!closeFuture.isClosed()) { + // re-use reference for next iteration since we finished processing it + buffer.clear(); + doReadCycle(buffer, completionHandler); + } else { + } + } else { + close(true); + } + } catch (Throwable exc) { + completionHandler.failed(exc, attachment); + } + } + + protected void handleReadCycleFailure(ByteBuffer buffer, Readable bufReader, Throwable exc, Object attachment) { + + exceptionCaught(exc); + } + + @Override + public void suspendRead() { + boolean prev = suspend; + suspend = true; + if (!prev) { + } + } + + @Override + public void resumeRead() { + if (suspend) { + Runnable runnable; + synchronized (suspendLock) { + suspend = false; + runnable = readRunnable; + } + if (runnable != null) { + runnable.run(); + } + } + } + + protected void doReadCycle(ByteBuffer buffer, Nio2CompletionHandler completion) { + if (suspend) { + synchronized (suspendLock) { + if (suspend) { + readRunnable = () -> doReadCycle(buffer, completion); + return; + } + } + } + + AsynchronousSocketChannel socket = getSocket(); + Duration readTimeout = CoreModuleProperties.NIO2_READ_TIMEOUT.getRequired(manager); + readCyclesCounter.incrementAndGet(); + lastReadCycleStart.set(System.nanoTime()); + socket.read(buffer, readTimeout.toMillis(), TimeUnit.MILLISECONDS, null, completion); + } + + protected void startWriting() { + Nio2DefaultIoWriteFuture future = writes.peek(); + if (future == null) { + return; + } + + if (!currentWrite.compareAndSet(null, future)) { + return; + } + + try { + AsynchronousSocketChannel socket = getSocket(); + ByteBuffer buffer = future.getBuffer(); + Nio2CompletionHandler handler = Objects.requireNonNull( + createWriteCycleCompletionHandler(future, socket, buffer), + "No write cycle completion handler created"); + doWriteCycle(buffer, handler); + } catch (Throwable e) { + future.setWritten(); + + if (e instanceof RuntimeException) { + throw (RuntimeException) e; + } else { + throw new RuntimeSshException(e); + } + } + } + + protected void doWriteCycle(ByteBuffer buffer, Nio2CompletionHandler completion) { + AsynchronousSocketChannel socket = getSocket(); + Duration writeTimeout = CoreModuleProperties.NIO2_MIN_WRITE_TIMEOUT.getRequired(manager); + writeCyclesCounter.incrementAndGet(); + lastWriteCycleStart.set(System.nanoTime()); + socket.write(buffer, writeTimeout.toMillis(), TimeUnit.MILLISECONDS, null, completion); + } + + protected Nio2CompletionHandler createWriteCycleCompletionHandler( + Nio2DefaultIoWriteFuture future, AsynchronousSocketChannel socket, ByteBuffer buffer) { + int writeLen = buffer.remaining(); + return new Nio2CompletionHandler() { + @Override + protected void onCompleted(Integer result, Object attachment) { + handleCompletedWriteCycle(future, socket, buffer, writeLen, this, result, attachment); + } + + @Override + protected void onFailed(Throwable exc, Object attachment) { + handleWriteCycleFailure(future, socket, buffer, writeLen, exc, attachment); + } + }; + } + + protected void handleCompletedWriteCycle( + Nio2DefaultIoWriteFuture future, AsynchronousSocketChannel socket, ByteBuffer buffer, int writeLen, + Nio2CompletionHandler completionHandler, Integer result, Object attachment) { + if (buffer.hasRemaining()) { + try { + socket.write(buffer, null, completionHandler); + } catch (Throwable t) { + future.setWritten(); + finishWrite(future); + } + } else { + + // This should be called before future.setWritten() to avoid WriteAbortedException + // to be thrown by doCloseImmediately when called in the listener of doCloseGracefully + writes.remove(future); + + future.setWritten(); + finishWrite(future); + } + } + + protected void handleWriteCycleFailure( + Nio2DefaultIoWriteFuture future, AsynchronousSocketChannel socket, + ByteBuffer buffer, int writeLen, Throwable exc, Object attachment) { + + future.setException(exc); + exceptionCaught(exc); + + // see SSHD-743 + try { + finishWrite(future); + } catch (RuntimeException e) { + } + } + + protected void finishWrite(Nio2DefaultIoWriteFuture future) { + writes.remove(future); + currentWrite.compareAndSet(future, null); + startWriting(); + } + + @Override + public String toString() { + return getClass().getSimpleName() + + "[local=" + getLocalAddress() + + ", remote=" + getRemoteAddress() + + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/kex/AbstractDH.java b/files-sftp/src/main/java/org/apache/sshd/common/kex/AbstractDH.java new file mode 100644 index 0000000..30bf554 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/kex/AbstractDH.java @@ -0,0 +1,147 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.kex; + +import javax.crypto.KeyAgreement; + +import org.apache.sshd.common.digest.Digest; +import org.apache.sshd.common.util.NumberUtils; + +/** + * Base class for the Diffie-Hellman key agreement. + */ +public abstract class AbstractDH { + protected KeyAgreement myKeyAgree; + + private byte[] k_array; // shared secret key + private byte[] e_array; // public key used in the exchange + + protected AbstractDH() { + super(); + } + + public abstract void setF(byte[] f); + + public boolean isPublicDataAvailable() { + return e_array != null; + } + + /** + * Lazy-called by {@link #getE()} if the public key data has not been generated yet. + * + * @return The calculated public key data + * @throws Exception If failed to generate the relevant data + */ + protected abstract byte[] calculateE() throws Exception; + + /** + * @return The local public key data + * @throws Exception If failed to calculate it + */ + public byte[] getE() throws Exception { + if (e_array == null) { + e_array = calculateE(); + checkKeyAgreementNecessity(); + } + + return e_array; + } + + public boolean isSharedSecretAvailable() { + return k_array != null; + } + + /** + * Lazy-called by {@link #getK()} if the shared secret data has not been calculated yet + * + * @return The shared secret data + * @throws Exception If failed to calculate it + */ + protected abstract byte[] calculateK() throws Exception; + + /** + * @return The shared secret key + * @throws Exception If failed to calculate it + */ + public byte[] getK() throws Exception { + if (k_array == null) { + k_array = calculateK(); + checkKeyAgreementNecessity(); + } + return k_array; + } + + /** + * Called after either public or private parts have been calculated in order to check if the key-agreement mediator + * is still required. By default, if both public and private parts have been calculated then key-agreement mediator + * is null-ified to enable GC for it. + * + * @see #getE() + * @see #getK() + */ + protected void checkKeyAgreementNecessity() { + if ((e_array == null) || (k_array == null)) { + return; + } + + if (myKeyAgree != null) { + myKeyAgree = null; // allow GC for key agreement object + } + } + + public abstract Digest getHash() throws Exception; + + @Override + public String toString() { + return getClass().getSimpleName() + + "[publicDataAvailable=" + isPublicDataAvailable() + + ", sharedSecretAvailable=" + isSharedSecretAvailable() + + "]"; + } + + /** + * The shared secret returned by {@link KeyAgreement#generateSecret()} is a byte array, which can (by + * chance, roughly 1 out of 256 times) begin with zero byte (some JCE providers might strip this, though). In SSH, + * the shared secret is an integer, so we need to strip the leading zero(es). + * + * @param x The original array + * @return An (possibly) sub-array guaranteed to start with a non-zero byte + * @throws IllegalArgumentException If all zeroes array + * @see SSHD-330 + */ + public static byte[] stripLeadingZeroes(byte[] x) { + int length = NumberUtils.length(x); + for (int i = 0; i < x.length; i++) { + if (x[i] == 0) { + continue; + } + + if (i == 0) { // 1st byte is non-zero so nothing to do + return x; + } + + byte[] ret = new byte[length - i]; + System.arraycopy(x, i, ret, 0, ret.length); + return ret; + } + + // all zeroes + throw new IllegalArgumentException("No non-zero values in generated secret"); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/kex/AbstractKexFactoryManager.java b/files-sftp/src/main/java/org/apache/sshd/common/kex/AbstractKexFactoryManager.java new file mode 100644 index 0000000..e4e5866 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/kex/AbstractKexFactoryManager.java @@ -0,0 +1,148 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.kex; + +import java.util.Collection; +import java.util.Collections; +import java.util.List; + +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.cipher.Cipher; +import org.apache.sshd.common.compression.Compression; +import org.apache.sshd.common.kex.extension.KexExtensionHandler; +import org.apache.sshd.common.mac.Mac; +import org.apache.sshd.common.signature.Signature; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.closeable.AbstractInnerCloseable; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractKexFactoryManager + extends AbstractInnerCloseable + implements KexFactoryManager { + private final KexFactoryManager delegate; + private List keyExchangeFactories; + private List> cipherFactories; + private List> compressionFactories; + private List> macFactories; + private List> signatureFactories; + private KexExtensionHandler kexExtensionHandler; + + protected AbstractKexFactoryManager() { + this(null); + } + + protected AbstractKexFactoryManager(KexFactoryManager delegate) { + this.delegate = delegate; + } + + protected KexFactoryManager getDelegate() { + return delegate; + } + + @Override + public List getKeyExchangeFactories() { + KexFactoryManager parent = getDelegate(); + return resolveEffectiveFactories(keyExchangeFactories, + (parent == null) ? Collections.emptyList() : parent.getKeyExchangeFactories()); + } + + @Override + public void setKeyExchangeFactories(List keyExchangeFactories) { + this.keyExchangeFactories = keyExchangeFactories; + } + + @Override + public List> getCipherFactories() { + KexFactoryManager parent = getDelegate(); + return resolveEffectiveFactories(cipherFactories, + (parent == null) ? Collections.emptyList() : parent.getCipherFactories()); + } + + @Override + public void setCipherFactories(List> cipherFactories) { + this.cipherFactories = cipherFactories; + } + + @Override + public List> getCompressionFactories() { + KexFactoryManager parent = getDelegate(); + return resolveEffectiveFactories(compressionFactories, + (parent == null) ? Collections.emptyList() : parent.getCompressionFactories()); + } + + @Override + public void setCompressionFactories(List> compressionFactories) { + this.compressionFactories = compressionFactories; + } + + @Override + public List> getMacFactories() { + KexFactoryManager parent = getDelegate(); + return resolveEffectiveFactories(macFactories, + (parent == null) ? Collections.emptyList() : parent.getMacFactories()); + } + + @Override + public void setMacFactories(List> macFactories) { + this.macFactories = macFactories; + } + + @Override + public List> getSignatureFactories() { + KexFactoryManager parent = getDelegate(); + return resolveEffectiveFactories(signatureFactories, + (parent == null) ? Collections.emptyList() : parent.getSignatureFactories()); + } + + @Override + public void setSignatureFactories(List> signatureFactories) { + this.signatureFactories = signatureFactories; + } + + @Override + public KexExtensionHandler getKexExtensionHandler() { + KexFactoryManager parent = getDelegate(); + return resolveEffectiveProvider( + KexExtensionHandler.class, kexExtensionHandler, (parent == null) ? null : parent.getKexExtensionHandler()); + } + + @Override + public void setKexExtensionHandler(KexExtensionHandler kexExtensionHandler) { + this.kexExtensionHandler = kexExtensionHandler; + } + + protected > C resolveEffectiveFactories(C local, C inherited) { + if (GenericUtils.isEmpty(local)) { + return inherited; + } else { + return local; + } + } + + protected V resolveEffectiveProvider(Class providerType, V local, V inherited) { + if (local == null) { + return inherited; + } else { + return local; + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/kex/BuiltinDHFactories.java b/files-sftp/src/main/java/org/apache/sshd/common/kex/BuiltinDHFactories.java new file mode 100644 index 0000000..f920139 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/kex/BuiltinDHFactories.java @@ -0,0 +1,425 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.kex; + +import java.math.BigInteger; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.EnumSet; +import java.util.List; +import java.util.Map; +import java.util.NavigableSet; +import java.util.Objects; +import java.util.Set; +import java.util.TreeMap; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.cipher.ECCurves; +import org.apache.sshd.common.config.NamedResourceListParseResult; +import org.apache.sshd.common.digest.BuiltinDigests; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * @author Apache MINA SSHD Project + */ +public enum BuiltinDHFactories implements DHFactory { + /** + * @deprecated + * @see SSHD-1004 + */ + @Deprecated + dhg1(Constants.DIFFIE_HELLMAN_GROUP1_SHA1) { + @Override + public DHG create(Object... params) throws Exception { + if (!GenericUtils.isEmpty(params)) { + throw new IllegalArgumentException("No accepted parameters for " + getName()); + } + return new DHG(BuiltinDigests.sha1, new BigInteger(DHGroupData.getP1()), new BigInteger(DHGroupData.getG())); + } + + @Override // see https://tools.ietf.org/html/rfc4253#page-23 + public boolean isSupported() { + return SecurityUtils.isDHOakelyGroupSupported(1024) && BuiltinDigests.sha1.isSupported(); + } + }, + /** + * @deprecated + * @see SSHD-1004 + */ + @Deprecated + dhg14(Constants.DIFFIE_HELLMAN_GROUP14_SHA1) { + @Override + public DHG create(Object... params) throws Exception { + if (!GenericUtils.isEmpty(params)) { + throw new IllegalArgumentException("No accepted parameters for " + getName()); + } + return new DHG(BuiltinDigests.sha1, new BigInteger(DHGroupData.getP14()), new BigInteger(DHGroupData.getG())); + } + + @Override // see https://tools.ietf.org/html/rfc4253#page-23 + public boolean isSupported() { + return SecurityUtils.isDHOakelyGroupSupported(2048) && BuiltinDigests.sha1.isSupported(); + } + }, + dhg14_256(Constants.DIFFIE_HELLMAN_GROUP14_SHA256) { + @Override + public DHG create(Object... params) throws Exception { + if (!GenericUtils.isEmpty(params)) { + throw new IllegalArgumentException("No accepted parameters for " + getName()); + } + return new DHG(BuiltinDigests.sha256, new BigInteger(DHGroupData.getP14()), new BigInteger(DHGroupData.getG())); + } + + @Override // see https://tools.ietf.org/html/rfc4253#page-23 + public boolean isSupported() { + return SecurityUtils.isDHOakelyGroupSupported(2048) && BuiltinDigests.sha256.isSupported(); + } + }, + dhg15_512(Constants.DIFFIE_HELLMAN_GROUP15_SHA512) { + @Override + public DHG create(Object... params) throws Exception { + if (!GenericUtils.isEmpty(params)) { + throw new IllegalArgumentException("No accepted parameters for " + getName()); + } + return new DHG(BuiltinDigests.sha512, new BigInteger(DHGroupData.getP15()), new BigInteger(DHGroupData.getG())); + } + + @Override // see https://tools.ietf.org/html/rfc4253#page-23 + public boolean isSupported() { + return SecurityUtils.isDHOakelyGroupSupported(3072) && BuiltinDigests.sha512.isSupported(); + } + }, + dhg16_512(Constants.DIFFIE_HELLMAN_GROUP16_SHA512) { + @Override + public DHG create(Object... params) throws Exception { + if (!GenericUtils.isEmpty(params)) { + throw new IllegalArgumentException("No accepted parameters for " + getName()); + } + return new DHG(BuiltinDigests.sha512, new BigInteger(DHGroupData.getP16()), new BigInteger(DHGroupData.getG())); + } + + @Override // see https://tools.ietf.org/html/rfc4253#page-23 + public boolean isSupported() { + return SecurityUtils.isDHOakelyGroupSupported(4096) && BuiltinDigests.sha512.isSupported(); + } + }, + dhg17_512(Constants.DIFFIE_HELLMAN_GROUP17_SHA512) { + @Override + public DHG create(Object... params) throws Exception { + if (!GenericUtils.isEmpty(params)) { + throw new IllegalArgumentException("No accepted parameters for " + getName()); + } + return new DHG(BuiltinDigests.sha512, new BigInteger(DHGroupData.getP17()), new BigInteger(DHGroupData.getG())); + } + + @Override // see https://tools.ietf.org/html/rfc4253#page-23 + public boolean isSupported() { + return SecurityUtils.isDHOakelyGroupSupported(6144) && BuiltinDigests.sha512.isSupported(); + } + }, + dhg18_512(Constants.DIFFIE_HELLMAN_GROUP18_SHA512) { + @Override + public DHG create(Object... params) throws Exception { + if (!GenericUtils.isEmpty(params)) { + throw new IllegalArgumentException("No accepted parameters for " + getName()); + } + return new DHG(BuiltinDigests.sha512, new BigInteger(DHGroupData.getP18()), new BigInteger(DHGroupData.getG())); + } + + @Override // see https://tools.ietf.org/html/rfc4253#page-23 + public boolean isSupported() { + return SecurityUtils.isDHOakelyGroupSupported(8192) && BuiltinDigests.sha512.isSupported(); + } + }, + /** + * @deprecated + * @see SSHD-1004 + */ + @Deprecated + dhgex(Constants.DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA1) { + @Override + public DHG create(Object... params) throws Exception { + if ((GenericUtils.length(params) != 2) + || (!(params[0] instanceof BigInteger)) + || (!(params[1] instanceof BigInteger))) { + throw new IllegalArgumentException("Bad parameters for " + getName()); + } + return new DHG(BuiltinDigests.sha1, (BigInteger) params[0], (BigInteger) params[1]); + } + + @Override + public boolean isGroupExchange() { + return true; + } + + @Override + public boolean isSupported() { // avoid "Prime size must be multiple of 64, and can only range from 512 to 2048 + // (inclusive)" + return SecurityUtils.isDHGroupExchangeSupported() && BuiltinDigests.sha1.isSupported(); + } + }, + dhgex256(Constants.DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA256) { + @Override + public AbstractDH create(Object... params) throws Exception { + if ((GenericUtils.length(params) != 2) + || (!(params[0] instanceof BigInteger)) + || (!(params[1] instanceof BigInteger))) { + throw new IllegalArgumentException("Bad parameters for " + getName()); + } + return new DHG(BuiltinDigests.sha256, (BigInteger) params[0], (BigInteger) params[1]); + } + + @Override + public boolean isSupported() { // avoid "Prime size must be multiple of 64, and can only range from 512 to 2048 + // (inclusive)" + return SecurityUtils.isDHGroupExchangeSupported() && BuiltinDigests.sha256.isSupported(); + } + + @Override + public boolean isGroupExchange() { + return true; + } + }, + ecdhp256(Constants.ECDH_SHA2_NISTP256) { + @Override + public ECDH create(Object... params) throws Exception { + if (!GenericUtils.isEmpty(params)) { + throw new IllegalArgumentException("No accepted parameters for " + getName()); + } + return new ECDH(ECCurves.nistp256); + } + + @Override + public boolean isSupported() { + return ECCurves.nistp256.isSupported(); + } + }, + ecdhp384(Constants.ECDH_SHA2_NISTP384) { + @Override + public ECDH create(Object... params) throws Exception { + if (!GenericUtils.isEmpty(params)) { + throw new IllegalArgumentException("No accepted parameters for " + getName()); + } + return new ECDH(ECCurves.nistp384); + } + + @Override + public boolean isSupported() { + return ECCurves.nistp384.isSupported(); + } + }, + ecdhp521(Constants.ECDH_SHA2_NISTP521) { + @Override + public ECDH create(Object... params) throws Exception { + if (!GenericUtils.isEmpty(params)) { + throw new IllegalArgumentException("No accepted parameters for " + getName()); + } + return new ECDH(ECCurves.nistp521); + } + + @Override + public boolean isSupported() { + return ECCurves.nistp521.isSupported(); + } + }; + + public static final Set VALUES = Collections.unmodifiableSet(EnumSet.allOf(BuiltinDHFactories.class)); + + private static final Map EXTENSIONS = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + + private final String factoryName; + + BuiltinDHFactories(String name) { + factoryName = name; + } + + @Override + public final String getName() { + return factoryName; + } + + @Override + public boolean isSupported() { + return true; + } + + @Override + public final String toString() { + return getName(); + } + + /** + * Registered a {@link org.apache.sshd.common.NamedFactory} to be available besides the built-in ones when parsing + * configuration + * + * @param extension The factory to register + * @throws IllegalArgumentException if factory instance is {@code null}, or overrides a built-in one or overrides + * another registered factory with the same name (case insensitive). + */ + public static void registerExtension(DHFactory extension) { + String name = Objects.requireNonNull(extension, "No extension provided").getName(); + ValidateUtils.checkTrue(fromFactoryName(name) == null, "Extension overrides built-in: %s", name); + + synchronized (EXTENSIONS) { + ValidateUtils.checkTrue(!EXTENSIONS.containsKey(name), "Extension overrides existing: %s", name); + EXTENSIONS.put(name, extension); + } + } + + /** + * @return A {@link NavigableSet} of the currently registered extensions, sorted according to the factory name (case + * insensitive) + */ + public static NavigableSet getRegisteredExtensions() { + synchronized (EXTENSIONS) { + return GenericUtils.asSortedSet(NamedResource.BY_NAME_COMPARATOR, EXTENSIONS.values()); + } + } + + /** + * Unregisters specified extension + * + * @param name The factory name - ignored if {@code null}/empty + * @return The registered extension - {@code null} if not found + */ + public static DHFactory unregisterExtension(String name) { + if (GenericUtils.isEmpty(name)) { + return null; + } + + synchronized (EXTENSIONS) { + return EXTENSIONS.remove(name); + } + } + + /** + * @param name The factory name - ignored if {@code null}/empty + * @return The matching {@link BuiltinDHFactories} (case insensitive) or {@code null} if no match found + */ + public static BuiltinDHFactories fromFactoryName(String name) { + return NamedResource.findByName(name, String.CASE_INSENSITIVE_ORDER, VALUES); + } + + @Override + public boolean isGroupExchange() { + return false; + } + + /** + * @param dhList A comma-separated list of ciphers' names - ignored if {@code null}/empty + * @return A {@link ParseResult} of all the {@link DHFactory}-ies whose name appears in the string and + * represent a built-in value. Any unknown name is ignored. The order of the returned result + * is the same as the original order - bar the unknown ones. Note: it is up to caller to + * ensure that the list does not contain duplicates + */ + public static ParseResult parseDHFactoriesList(String dhList) { + return parseDHFactoriesList(GenericUtils.split(dhList, ',')); + } + + public static ParseResult parseDHFactoriesList(String... dhList) { + return parseDHFactoriesList(GenericUtils.isEmpty((Object[]) dhList) ? Collections.emptyList() : Arrays.asList(dhList)); + } + + public static ParseResult parseDHFactoriesList(Collection dhList) { + if (GenericUtils.isEmpty(dhList)) { + return ParseResult.EMPTY; + } + + List factories = new ArrayList<>(dhList.size()); + List unknown = Collections.emptyList(); + for (String name : dhList) { + DHFactory f = resolveFactory(name); + if (f != null) { + factories.add(f); + } else { + // replace the (unmodifiable) empty list with a real one + if (unknown.isEmpty()) { + unknown = new ArrayList<>(); + } + unknown.add(name); + } + } + + return new ParseResult(factories, unknown); + } + + /** + * @param name The factory name + * @return The factory or {@code null} if it is neither a built-in one or a registered extension + */ + public static DHFactory resolveFactory(String name) { + if (GenericUtils.isEmpty(name)) { + return null; + } + + DHFactory s = fromFactoryName(name); + if (s != null) { + return s; + } + + synchronized (EXTENSIONS) { + return EXTENSIONS.get(name); + } + } + + /** + * Represents the result of {@link BuiltinDHFactories#parseDHFactoriesList(String)} + * + * @author Apache MINA SSHD Project + */ + public static final class ParseResult extends NamedResourceListParseResult { + public static final ParseResult EMPTY = new ParseResult(Collections.emptyList(), Collections.emptyList()); + + public ParseResult(List parsed, List unsupported) { + super(parsed, unsupported); + } + + public List getParsedFactories() { + return getParsedResources(); + } + + public List getUnsupportedFactories() { + return getUnsupportedResources(); + } + } + + public static final class Constants { + public static final String DIFFIE_HELLMAN_GROUP1_SHA1 = "diffie-hellman-group1-sha1"; + public static final String DIFFIE_HELLMAN_GROUP14_SHA1 = "diffie-hellman-group14-sha1"; + public static final String DIFFIE_HELLMAN_GROUP14_SHA256 = "diffie-hellman-group14-sha256"; + public static final String DIFFIE_HELLMAN_GROUP15_SHA512 = "diffie-hellman-group15-sha512"; + public static final String DIFFIE_HELLMAN_GROUP16_SHA512 = "diffie-hellman-group16-sha512"; + public static final String DIFFIE_HELLMAN_GROUP17_SHA512 = "diffie-hellman-group17-sha512"; + public static final String DIFFIE_HELLMAN_GROUP18_SHA512 = "diffie-hellman-group18-sha512"; + public static final String DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA1 = "diffie-hellman-group-exchange-sha1"; + public static final String DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA256 = "diffie-hellman-group-exchange-sha256"; + public static final String ECDH_SHA2_NISTP256 = "ecdh-sha2-nistp256"; + public static final String ECDH_SHA2_NISTP384 = "ecdh-sha2-nistp384"; + public static final String ECDH_SHA2_NISTP521 = "ecdh-sha2-nistp521"; + + private Constants() { + throw new UnsupportedOperationException("No instance allowed"); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/kex/DHFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/kex/DHFactory.java new file mode 100644 index 0000000..073641b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/kex/DHFactory.java @@ -0,0 +1,31 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.kex; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.OptionalFeature; + +/** + * @author Apache MINA SSHD Project + */ +public interface DHFactory extends NamedResource, OptionalFeature { + boolean isGroupExchange(); + + AbstractDH create(Object... params) throws Exception; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/kex/DHG.java b/files-sftp/src/main/java/org/apache/sshd/common/kex/DHG.java new file mode 100644 index 0000000..48e5825 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/kex/DHG.java @@ -0,0 +1,131 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.kex; + +import java.math.BigInteger; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.PublicKey; +import java.util.Objects; + +import javax.crypto.interfaces.DHPublicKey; +import javax.crypto.spec.DHParameterSpec; +import javax.crypto.spec.DHPublicKeySpec; + +import org.apache.sshd.common.Factory; +import org.apache.sshd.common.digest.Digest; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * Diffie-Hellman key generator. + * + * @author Apache MINA SSHD Project + */ +public class DHG extends AbstractDH { + public static final String KEX_TYPE = "DH"; + + private BigInteger p; + private BigInteger g; + private BigInteger f; // your public key + private Factory factory; + + public DHG(Factory digestFactory) throws Exception { + this(digestFactory, null, null); + } + + public DHG(Factory digestFactory, BigInteger pValue, BigInteger gValue) throws Exception { + myKeyAgree = SecurityUtils.getKeyAgreement(KEX_TYPE); + factory = digestFactory; + p = pValue; // do not check for null-ity since in some cases it can be + g = gValue; // do not check for null-ity since in some cases it can be + } + + @Override + protected byte[] calculateE() throws Exception { + DHParameterSpec dhSkipParamSpec = new DHParameterSpec(p, g); + KeyPairGenerator myKpairGen = SecurityUtils.getKeyPairGenerator("DH"); + myKpairGen.initialize(dhSkipParamSpec); + + KeyPair myKpair = myKpairGen.generateKeyPair(); + myKeyAgree.init(myKpair.getPrivate()); + + DHPublicKey pubKey = (DHPublicKey) myKpair.getPublic(); + BigInteger e = pubKey.getY(); + return e.toByteArray(); + } + + @Override + protected byte[] calculateK() throws Exception { + Objects.requireNonNull(f, "Missing 'f' value"); + DHPublicKeySpec keySpec = new DHPublicKeySpec(f, p, g); + KeyFactory myKeyFac = SecurityUtils.getKeyFactory("DH"); + PublicKey yourPubKey = myKeyFac.generatePublic(keySpec); + myKeyAgree.doPhase(yourPubKey, true); + return stripLeadingZeroes(myKeyAgree.generateSecret()); + } + + public void setP(byte[] p) { + setP(new BigInteger(p)); + } + + public void setG(byte[] g) { + setG(new BigInteger(g)); + } + + @Override + public void setF(byte[] f) { + setF(new BigInteger(f)); + } + + public BigInteger getP() { + return p; + } + + public void setP(BigInteger p) { + this.p = p; + } + + public BigInteger getG() { + return g; + } + + public void setG(BigInteger g) { + this.g = g; + } + + public void setF(BigInteger f) { + this.f = Objects.requireNonNull(f, "No 'f' value specified"); + } + + @Override + public Digest getHash() throws Exception { + return factory.create(); + } + + @Override + public String toString() { + return super.toString() + + "[p=" + p + + ", g=" + g + + ", f=" + f + + ", digest=" + factory + + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/kex/DHGroupData.java b/files-sftp/src/main/java/org/apache/sshd/common/kex/DHGroupData.java new file mode 100644 index 0000000..9c2c270 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/kex/DHGroupData.java @@ -0,0 +1,254 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.kex; + +import java.io.BufferedReader; +import java.io.EOFException; +import java.io.FileNotFoundException; +import java.io.IOError; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.Reader; +import java.io.StreamCorruptedException; +import java.nio.charset.StandardCharsets; +import java.util.concurrent.ConcurrentHashMap; +import java.util.stream.Collectors; +import java.util.stream.Stream; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.buffer.BufferUtils; + +/** + * Simple class holding the data for DH group key exchanges. + * + * @author Apache MINA SSHD Project + */ +public final class DHGroupData { + + private static final ConcurrentHashMap OAKLEY_GROUPS = new ConcurrentHashMap<>(); + + private DHGroupData() { + throw new UnsupportedOperationException("No instance allowed"); + } + + public static byte[] getG() { + return new byte[] { + (byte) 0x02 + }; + } + + public static byte[] getP1() { + return new byte[] { + (byte) 0x00, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xC9, (byte) 0x0F, (byte) 0xDA, (byte) 0xA2, (byte) 0x21, (byte) 0x68, (byte) 0xC2, (byte) 0x34, + (byte) 0xC4, (byte) 0xC6, (byte) 0x62, (byte) 0x8B, (byte) 0x80, (byte) 0xDC, (byte) 0x1C, (byte) 0xD1, + (byte) 0x29, (byte) 0x02, (byte) 0x4E, (byte) 0x08, (byte) 0x8A, (byte) 0x67, (byte) 0xCC, (byte) 0x74, + (byte) 0x02, (byte) 0x0B, (byte) 0xBE, (byte) 0xA6, (byte) 0x3B, (byte) 0x13, (byte) 0x9B, (byte) 0x22, + (byte) 0x51, (byte) 0x4A, (byte) 0x08, (byte) 0x79, (byte) 0x8E, (byte) 0x34, (byte) 0x04, (byte) 0xDD, + (byte) 0xEF, (byte) 0x95, (byte) 0x19, (byte) 0xB3, (byte) 0xCD, (byte) 0x3A, (byte) 0x43, (byte) 0x1B, + (byte) 0x30, (byte) 0x2B, (byte) 0x0A, (byte) 0x6D, (byte) 0xF2, (byte) 0x5F, (byte) 0x14, (byte) 0x37, + (byte) 0x4F, (byte) 0xE1, (byte) 0x35, (byte) 0x6D, (byte) 0x6D, (byte) 0x51, (byte) 0xC2, (byte) 0x45, + (byte) 0xE4, (byte) 0x85, (byte) 0xB5, (byte) 0x76, (byte) 0x62, (byte) 0x5E, (byte) 0x7E, (byte) 0xC6, + (byte) 0xF4, (byte) 0x4C, (byte) 0x42, (byte) 0xE9, (byte) 0xA6, (byte) 0x37, (byte) 0xED, (byte) 0x6B, + (byte) 0x0B, (byte) 0xFF, (byte) 0x5C, (byte) 0xB6, (byte) 0xF4, (byte) 0x06, (byte) 0xB7, (byte) 0xED, + (byte) 0xEE, (byte) 0x38, (byte) 0x6B, (byte) 0xFB, (byte) 0x5A, (byte) 0x89, (byte) 0x9F, (byte) 0xA5, + (byte) 0xAE, (byte) 0x9F, (byte) 0x24, (byte) 0x11, (byte) 0x7C, (byte) 0x4B, (byte) 0x1F, (byte) 0xE6, + (byte) 0x49, (byte) 0x28, (byte) 0x66, (byte) 0x51, (byte) 0xEC, (byte) 0xE6, (byte) 0x53, (byte) 0x81, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF + }; + } + + public static byte[] getP14() { + return new byte[] { + (byte) 0x00, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xC9, (byte) 0x0F, (byte) 0xDA, (byte) 0xA2, (byte) 0x21, (byte) 0x68, (byte) 0xC2, (byte) 0x34, + (byte) 0xC4, (byte) 0xC6, (byte) 0x62, (byte) 0x8B, (byte) 0x80, (byte) 0xDC, (byte) 0x1C, (byte) 0xD1, + (byte) 0x29, (byte) 0x02, (byte) 0x4E, (byte) 0x08, (byte) 0x8A, (byte) 0x67, (byte) 0xCC, (byte) 0x74, + (byte) 0x02, (byte) 0x0B, (byte) 0xBE, (byte) 0xA6, (byte) 0x3B, (byte) 0x13, (byte) 0x9B, (byte) 0x22, + (byte) 0x51, (byte) 0x4A, (byte) 0x08, (byte) 0x79, (byte) 0x8E, (byte) 0x34, (byte) 0x04, (byte) 0xDD, + (byte) 0xEF, (byte) 0x95, (byte) 0x19, (byte) 0xB3, (byte) 0xCD, (byte) 0x3A, (byte) 0x43, (byte) 0x1B, + (byte) 0x30, (byte) 0x2B, (byte) 0x0A, (byte) 0x6D, (byte) 0xF2, (byte) 0x5F, (byte) 0x14, (byte) 0x37, + (byte) 0x4F, (byte) 0xE1, (byte) 0x35, (byte) 0x6D, (byte) 0x6D, (byte) 0x51, (byte) 0xC2, (byte) 0x45, + (byte) 0xE4, (byte) 0x85, (byte) 0xB5, (byte) 0x76, (byte) 0x62, (byte) 0x5E, (byte) 0x7E, (byte) 0xC6, + (byte) 0xF4, (byte) 0x4C, (byte) 0x42, (byte) 0xE9, (byte) 0xA6, (byte) 0x37, (byte) 0xED, (byte) 0x6B, + (byte) 0x0B, (byte) 0xFF, (byte) 0x5C, (byte) 0xB6, (byte) 0xF4, (byte) 0x06, (byte) 0xB7, (byte) 0xED, + (byte) 0xEE, (byte) 0x38, (byte) 0x6B, (byte) 0xFB, (byte) 0x5A, (byte) 0x89, (byte) 0x9F, (byte) 0xA5, + (byte) 0xAE, (byte) 0x9F, (byte) 0x24, (byte) 0x11, (byte) 0x7C, (byte) 0x4B, (byte) 0x1F, (byte) 0xE6, + (byte) 0x49, (byte) 0x28, (byte) 0x66, (byte) 0x51, (byte) 0xEC, (byte) 0xE4, (byte) 0x5B, (byte) 0x3D, + (byte) 0xC2, (byte) 0x00, (byte) 0x7C, (byte) 0xB8, (byte) 0xA1, (byte) 0x63, (byte) 0xBF, (byte) 0x05, + (byte) 0x98, (byte) 0xDA, (byte) 0x48, (byte) 0x36, (byte) 0x1C, (byte) 0x55, (byte) 0xD3, (byte) 0x9A, + (byte) 0x69, (byte) 0x16, (byte) 0x3F, (byte) 0xA8, (byte) 0xFD, (byte) 0x24, (byte) 0xCF, (byte) 0x5F, + (byte) 0x83, (byte) 0x65, (byte) 0x5D, (byte) 0x23, (byte) 0xDC, (byte) 0xA3, (byte) 0xAD, (byte) 0x96, + (byte) 0x1C, (byte) 0x62, (byte) 0xF3, (byte) 0x56, (byte) 0x20, (byte) 0x85, (byte) 0x52, (byte) 0xBB, + (byte) 0x9E, (byte) 0xD5, (byte) 0x29, (byte) 0x07, (byte) 0x70, (byte) 0x96, (byte) 0x96, (byte) 0x6D, + (byte) 0x67, (byte) 0x0C, (byte) 0x35, (byte) 0x4E, (byte) 0x4A, (byte) 0xBC, (byte) 0x98, (byte) 0x04, + (byte) 0xF1, (byte) 0x74, (byte) 0x6C, (byte) 0x08, (byte) 0xCA, (byte) 0x18, (byte) 0x21, (byte) 0x7C, + (byte) 0x32, (byte) 0x90, (byte) 0x5E, (byte) 0x46, (byte) 0x2E, (byte) 0x36, (byte) 0xCE, (byte) 0x3B, + (byte) 0xE3, (byte) 0x9E, (byte) 0x77, (byte) 0x2C, (byte) 0x18, (byte) 0x0E, (byte) 0x86, (byte) 0x03, + (byte) 0x9B, (byte) 0x27, (byte) 0x83, (byte) 0xA2, (byte) 0xEC, (byte) 0x07, (byte) 0xA2, (byte) 0x8F, + (byte) 0xB5, (byte) 0xC5, (byte) 0x5D, (byte) 0xF0, (byte) 0x6F, (byte) 0x4C, (byte) 0x52, (byte) 0xC9, + (byte) 0xDE, (byte) 0x2B, (byte) 0xCB, (byte) 0xF6, (byte) 0x95, (byte) 0x58, (byte) 0x17, (byte) 0x18, + (byte) 0x39, (byte) 0x95, (byte) 0x49, (byte) 0x7C, (byte) 0xEA, (byte) 0x95, (byte) 0x6A, (byte) 0xE5, + (byte) 0x15, (byte) 0xD2, (byte) 0x26, (byte) 0x18, (byte) 0x98, (byte) 0xFA, (byte) 0x05, (byte) 0x10, + (byte) 0x15, (byte) 0x72, (byte) 0x8E, (byte) 0x5A, (byte) 0x8A, (byte) 0xAC, (byte) 0xAA, (byte) 0x68, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + }; + } + + public static byte[] getP15() { + return getOakleyGroupPrimeValue("group15.prime"); + } + + public static byte[] getP16() { + return getOakleyGroupPrimeValue("group16.prime"); + } + + public static byte[] getP17() { + return getOakleyGroupPrimeValue("group17.prime"); + } + + public static byte[] getP18() { + return getOakleyGroupPrimeValue("group18.prime"); + } + + /** + * @param name The name of the resource file containing the prime value data + * @return The prime value bytes suitable for building a {@code BigInteger} + */ + public static byte[] getOakleyGroupPrimeValue(String name) { + byte[] value = OAKLEY_GROUPS.computeIfAbsent(name, DHGroupData::readOakleyGroupPrimeValue); + return (value == null) ? null : value.clone(); + } + + /** + * Reads a HEX-encoded Oakley prime value from an internal resource file + * + * @param name The name of the resource file containing the prime value data. See + * {@code org.apache.sshd.common.kex} package for available primes + * @return The prime value bytes suitable for building a {@code BigInteger} + * @throws IOError If failed to access/read the required resource + * @see #readOakleyGroupPrimeValue(InputStream) + */ + public static byte[] readOakleyGroupPrimeValue(String name) throws IOError { + try (InputStream stream = DHGroupData.class.getResourceAsStream(name)) { + if (stream == null) { + throw new FileNotFoundException("Resource not found: " + name); + } + + return readOakleyGroupPrimeValue(stream); + } catch (IOException e) { + throw new IOError(e); + } + } + + public static byte[] readOakleyGroupPrimeValue(InputStream stream) throws IOException { + try (Reader rdr = new InputStreamReader(stream, StandardCharsets.UTF_8)) { + return readOakleyGroupPrimeValue(rdr); + } + } + + public static byte[] readOakleyGroupPrimeValue(Reader r) throws IOException { + try (BufferedReader br = new BufferedReader(r)) { + return readOakleyGroupPrimeValue(br); + } + } + + /** + *

        + * Reads a HEX encoded prime value from a possibly multi-line input as follows: + *

        + *
          + *

          + *

        • Lines are trimmed and all whitespaces removed.
          • + *

          + * + *

          + *

        • Empty lines (after trimming) are ignored.
          • + *

          + * + *

          + *

        • Lines beginning with "#" are ignored (assumed to be comments).
          • + *

          + * + *

          + *

        • Remaining lines are appended to one big string assumed to contain the HEX-encoded value
          • + *

          + *
        + * + * @param br The {@link BufferedReader} to read the data from + * @return The prime value bytes suitable for building a {@code BigInteger} + * @throws IOException If invalid data or no encoded value found + * @see #parseOakleyGroupPrimeValue(String) parseOakleyGroupPrimeValue + */ + public static byte[] readOakleyGroupPrimeValue(BufferedReader br) throws IOException { + try { + byte[] value = readOakleyGroupPrimeValue(br.lines()); + if (NumberUtils.isEmpty(value)) { + throw new EOFException("No prime value data found"); + } + + return value; + } catch (NumberFormatException e) { + throw new StreamCorruptedException("Invalid value: " + e.getMessage()); + } + } + + public static byte[] readOakleyGroupPrimeValue(Stream lines) throws NumberFormatException { + String str = lines + .map(GenericUtils::trimToEmpty) + .map(s -> s.replaceAll("\\s", "")) + .filter(GenericUtils::isNotEmpty) + .filter(s -> !s.startsWith("#")) + .collect(Collectors.joining()); + return parseOakleyGroupPrimeValue(str); + } + + /** + * Parses the string assumed to contain a HEX-encoded Oakely prime value in big endian format + * + * @param str The HEX-encoded string to decode - ignored if {@code null}/empty + * @return The prime value bytes suitable for building a {@code BigInteger} or empty array if + * no input + * @throws NumberFormatException if malformed encoded value + */ + public static byte[] parseOakleyGroupPrimeValue(String str) throws NumberFormatException { + int len = GenericUtils.length(str); + if (len <= 0) { + return GenericUtils.EMPTY_BYTE_ARRAY; + } + + if ((len & 0x01) != 0) { + throw new NumberFormatException("Incomplete HEX value representation"); + } + + byte[] group = new byte[(len / 2) + 1 /* the sign byte */]; + group[0] = 0; + for (int l = 1, pos = 0; l < group.length; l++, pos += 2) { + char hi = str.charAt(pos); + char lo = str.charAt(pos + 1); + group[l] = BufferUtils.fromHex(hi, lo); + } + + return group; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/kex/ECDH.java b/files-sftp/src/main/java/org/apache/sshd/common/kex/ECDH.java new file mode 100644 index 0000000..1784d8b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/kex/ECDH.java @@ -0,0 +1,120 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.kex; + +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.PublicKey; +import java.security.interfaces.ECPublicKey; +import java.security.spec.ECParameterSpec; +import java.security.spec.ECPoint; +import java.security.spec.ECPublicKeySpec; +import java.util.Objects; + +import org.apache.sshd.common.cipher.ECCurves; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.digest.Digest; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * Elliptic Curve Diffie-Hellman key agreement. + * + * @author Apache MINA SSHD Project + */ +public class ECDH extends AbstractDH { + public static final String KEX_TYPE = "ECDH"; + + private ECCurves curve; + private ECParameterSpec params; + private ECPoint f; + + public ECDH() throws Exception { + this((ECParameterSpec) null); + } + + public ECDH(String curveName) throws Exception { + this(ValidateUtils.checkNotNull(ECCurves.fromCurveName(curveName), "Unknown curve name: %s", curveName)); + } + + public ECDH(ECCurves curve) throws Exception { + this(Objects.requireNonNull(curve, "No known curve instance provided").getParameters()); + this.curve = curve; + } + + public ECDH(ECParameterSpec paramSpec) throws Exception { + myKeyAgree = SecurityUtils.getKeyAgreement(KEX_TYPE); + params = paramSpec; // do not check for null-ity since in some cases it can be + } + + @Override + protected byte[] calculateE() throws Exception { + Objects.requireNonNull(params, "No ECParameterSpec(s)"); + KeyPairGenerator myKpairGen = SecurityUtils.getKeyPairGenerator(KeyUtils.EC_ALGORITHM); + myKpairGen.initialize(params); + + KeyPair myKpair = myKpairGen.generateKeyPair(); + myKeyAgree.init(myKpair.getPrivate()); + + ECPublicKey pubKey = (ECPublicKey) myKpair.getPublic(); + ECPoint e = pubKey.getW(); + return ECCurves.encodeECPoint(e, params); + } + + @Override + protected byte[] calculateK() throws Exception { + Objects.requireNonNull(params, "No ECParameterSpec(s)"); + Objects.requireNonNull(f, "Missing 'f' value"); + ECPublicKeySpec keySpec = new ECPublicKeySpec(f, params); + KeyFactory myKeyFac = SecurityUtils.getKeyFactory(KeyUtils.EC_ALGORITHM); + PublicKey yourPubKey = myKeyFac.generatePublic(keySpec); + myKeyAgree.doPhase(yourPubKey, true); + return stripLeadingZeroes(myKeyAgree.generateSecret()); + } + + public void setCurveParameters(ECParameterSpec paramSpec) { + params = paramSpec; + } + + @Override + public void setF(byte[] f) { + Objects.requireNonNull(params, "No ECParameterSpec(s)"); + Objects.requireNonNull(f, "No 'f' value specified"); + this.f = ECCurves.octetStringToEcPoint(f); + } + + @Override + public Digest getHash() throws Exception { + if (curve == null) { + Objects.requireNonNull(params, "No ECParameterSpec(s)"); + curve = Objects.requireNonNull(ECCurves.fromCurveParameters(params), "Unknown curve parameters"); + } + + return curve.getDigestForParams(); + } + + @Override + public String toString() { + return super.toString() + + "[curve=" + curve + + ", f=" + f + + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/kex/KexFactoryManager.java b/files-sftp/src/main/java/org/apache/sshd/common/kex/KexFactoryManager.java new file mode 100644 index 0000000..5aa0cf8 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/kex/KexFactoryManager.java @@ -0,0 +1,159 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.kex; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.List; + +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.cipher.BuiltinCiphers; +import org.apache.sshd.common.cipher.Cipher; +import org.apache.sshd.common.compression.BuiltinCompressions; +import org.apache.sshd.common.compression.Compression; +import org.apache.sshd.common.kex.extension.KexExtensionHandlerManager; +import org.apache.sshd.common.mac.BuiltinMacs; +import org.apache.sshd.common.mac.Mac; +import org.apache.sshd.common.signature.SignatureFactoriesManager; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * Holds KEX negotiation stage configuration + * + * @author Apache MINA SSHD Project + */ +public interface KexFactoryManager extends SignatureFactoriesManager, KexExtensionHandlerManager { + /** + * Retrieve the list of named factories for KeyExchange. + * + * @return a list of named KeyExchange factories, never {@code null} + */ + List getKeyExchangeFactories(); + + void setKeyExchangeFactories(List keyExchangeFactories); + + /** + * Retrieve the list of named factories for Cipher. + * + * @return a list of named Cipher factories, never {@code null} + */ + List> getCipherFactories(); + + default String getCipherFactoriesNameList() { + return NamedResource.getNames(getCipherFactories()); + } + + default List getCipherFactoriesNames() { + return NamedResource.getNameList(getCipherFactories()); + } + + void setCipherFactories(List> cipherFactories); + + default void setCipherFactoriesNameList(String names) { + setCipherFactoriesNames(GenericUtils.split(names, ',')); + } + + default void setCipherFactoriesNames(String... names) { + setCipherFactoriesNames(GenericUtils.isEmpty((Object[]) names) ? Collections.emptyList() : Arrays.asList(names)); + } + + default void setCipherFactoriesNames(Collection names) { + BuiltinCiphers.ParseResult result = BuiltinCiphers.parseCiphersList(names); + @SuppressWarnings({ "rawtypes", "unchecked" }) + List> factories = (List) ValidateUtils.checkNotNullAndNotEmpty(result.getParsedFactories(), + "No supported cipher factories: %s", names); + Collection unsupported = result.getUnsupportedFactories(); + ValidateUtils.checkTrue(GenericUtils.isEmpty(unsupported), "Unsupported cipher factories found: %s", unsupported); + setCipherFactories(factories); + } + + /** + * Retrieve the list of named factories for Compression. + * + * @return a list of named Compression factories, never {@code null} + */ + List> getCompressionFactories(); + + default String getCompressionFactoriesNameList() { + return NamedResource.getNames(getCompressionFactories()); + } + + default List getCompressionFactoriesNames() { + return NamedResource.getNameList(getCompressionFactories()); + } + + void setCompressionFactories(List> compressionFactories); + + default void setCompressionFactoriesNameList(String names) { + setCompressionFactoriesNames(GenericUtils.split(names, ',')); + } + + default void setCompressionFactoriesNames(String... names) { + setCompressionFactoriesNames(GenericUtils.isEmpty((Object[]) names) ? Collections.emptyList() : Arrays.asList(names)); + } + + default void setCompressionFactoriesNames(Collection names) { + BuiltinCompressions.ParseResult result = BuiltinCompressions.parseCompressionsList(names); + @SuppressWarnings({ "rawtypes", "unchecked" }) + List> factories = (List) ValidateUtils.checkNotNullAndNotEmpty(result.getParsedFactories(), + "No supported compression factories: %s", names); + Collection unsupported = result.getUnsupportedFactories(); + ValidateUtils.checkTrue(GenericUtils.isEmpty(unsupported), "Unsupported compression factories found: %s", unsupported); + setCompressionFactories(factories); + } + + /** + * Retrieve the list of named factories for Mac. + * + * @return a list of named Mac factories, never {@code null} + */ + List> getMacFactories(); + + default String getMacFactoriesNameList() { + return NamedResource.getNames(getMacFactories()); + } + + default List getMacFactoriesNames() { + return NamedResource.getNameList(getMacFactories()); + } + + void setMacFactories(List> macFactories); + + default void setMacFactoriesNameList(String names) { + setMacFactoriesNames(GenericUtils.split(names, ',')); + } + + default void setMacFactoriesNames(String... names) { + setMacFactoriesNames(GenericUtils.isEmpty((Object[]) names) ? Collections.emptyList() : Arrays.asList(names)); + } + + default void setMacFactoriesNames(Collection names) { + BuiltinMacs.ParseResult result = BuiltinMacs.parseMacsList(names); + @SuppressWarnings({ "rawtypes", "unchecked" }) + List> factories = (List) ValidateUtils.checkNotNullAndNotEmpty(result.getParsedFactories(), + "No supported MAC factories: %s", names); + Collection unsupported = result.getUnsupportedFactories(); + ValidateUtils.checkTrue(GenericUtils.isEmpty(unsupported), "Unsupported MAC factories found: %s", unsupported); + setMacFactories(factories); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/kex/KexProposalOption.java b/files-sftp/src/main/java/org/apache/sshd/common/kex/KexProposalOption.java new file mode 100644 index 0000000..e28b715 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/kex/KexProposalOption.java @@ -0,0 +1,144 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.kex; + +import java.util.Collections; +import java.util.Comparator; +import java.util.EnumSet; +import java.util.List; +import java.util.Set; +import java.util.stream.Collectors; + +import org.apache.sshd.common.util.GenericUtils; + +/** + * @author Apache MINA SSHD Project + */ +public enum KexProposalOption { + ALGORITHMS(Constants.PROPOSAL_KEX_ALGS, "kex algorithms"), + SERVERKEYS(Constants.PROPOSAL_SERVER_HOST_KEY_ALGS, "server host key algorithms"), + C2SENC(Constants.PROPOSAL_ENC_ALGS_CTOS, "encryption algorithms (client to server)"), + S2CENC(Constants.PROPOSAL_ENC_ALGS_STOC, "encryption algorithms (server to client)"), + C2SMAC(Constants.PROPOSAL_MAC_ALGS_CTOS, "mac algorithms (client to server)"), + S2CMAC(Constants.PROPOSAL_MAC_ALGS_STOC, "mac algorithms (server to client)"), + C2SCOMP(Constants.PROPOSAL_COMP_ALGS_CTOS, "compression algorithms (client to server)"), + S2CCOMP(Constants.PROPOSAL_COMP_ALGS_STOC, "compression algorithms (server to client)"), + C2SLANG(Constants.PROPOSAL_LANG_CTOS, "languages (client to server)"), + S2CLANG(Constants.PROPOSAL_LANG_STOC, "languages (server to client)"); + + public static final Set CIPHER_PROPOSALS = Collections.unmodifiableSet(EnumSet.of(C2SENC, S2CENC)); + + public static final Set MAC_PROPOSALS = Collections.unmodifiableSet(EnumSet.of(C2SMAC, S2CMAC)); + + public static final Set COMPRESSION_PROPOSALS + = Collections.unmodifiableSet(EnumSet.of(C2SCOMP, S2CCOMP)); + + public static final Set LANGUAGE_PROPOSALS = Collections.unmodifiableSet(EnumSet.of(C2SLANG, S2CLANG)); + + public static final Set FIRST_KEX_PACKET_GUESS_MATCHES + = Collections.unmodifiableSet(EnumSet.of(ALGORITHMS, SERVERKEYS)); + + /** + * Compares values according to {@link KexProposalOption#getProposalIndex()} + */ + public static final Comparator BY_PROPOSAL_INDEX + = Comparator.comparingInt(KexProposalOption::getProposalIndex); + + /** + * A {@link List} of all the options sorted according to {@link #getProposalIndex()} + * + * @see #BY_PROPOSAL_INDEX + */ + public static final List VALUES = Collections.unmodifiableList( + EnumSet.allOf(KexProposalOption.class) + .stream() + .sorted(BY_PROPOSAL_INDEX) + .collect(Collectors.toList())); + + public static final int PROPOSAL_MAX = VALUES.size(); + + private final int proposalIndex; + + private final String description; + + KexProposalOption(int index, String desc) { + proposalIndex = index; + description = desc; + } + + /** + * @return The proposal option location in the KEX array + */ + public final int getProposalIndex() { + return proposalIndex; + } + + /** + * @return User-friendly name for the KEX negotiation item + * @see RFC-4253 - section 7.1 + */ + public final String getDescription() { + return description; + } + + /** + * @param n The option name - ignored if {@code null}/empty + * @return The matching {@link KexProposalOption#name()} - case insensitive or {@code null} if no match + * found + */ + public static KexProposalOption fromName(String n) { + if (GenericUtils.isEmpty(n)) { + return null; + } + + for (KexProposalOption o : VALUES) { + if (n.equalsIgnoreCase(o.name())) { + return o; + } + } + + return null; + } + + public static KexProposalOption fromProposalIndex(int index) { + if ((index < 0) || (index >= VALUES.size())) { + return null; + } else { + return VALUES.get(index); + } + } + + public static final class Constants { + public static final int PROPOSAL_KEX_ALGS = 0; + public static final int PROPOSAL_SERVER_HOST_KEY_ALGS = 1; + public static final int PROPOSAL_ENC_ALGS_CTOS = 2; + public static final int PROPOSAL_ENC_ALGS_STOC = 3; + public static final int PROPOSAL_MAC_ALGS_CTOS = 4; + public static final int PROPOSAL_MAC_ALGS_STOC = 5; + public static final int PROPOSAL_COMP_ALGS_CTOS = 6; + public static final int PROPOSAL_COMP_ALGS_STOC = 7; + public static final int PROPOSAL_LANG_CTOS = 8; + public static final int PROPOSAL_LANG_STOC = 9; + + private Constants() { + throw new UnsupportedOperationException("No instance allowed"); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/kex/KexState.java b/files-sftp/src/main/java/org/apache/sshd/common/kex/KexState.java new file mode 100644 index 0000000..da5d65c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/kex/KexState.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.kex; + +import java.util.Collections; +import java.util.EnumSet; +import java.util.Set; + +/** + * Used to track the key-exchange (KEX) protocol progression + * + * @author Apache MINA SSHD Project + */ +public enum KexState { + UNKNOWN, + INIT, + RUN, + KEYS, + DONE; + + public static final Set VALUES = Collections.unmodifiableSet(EnumSet.allOf(KexState.class)); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/kex/KeyExchange.java b/files-sftp/src/main/java/org/apache/sshd/common/kex/KeyExchange.java new file mode 100644 index 0000000..2bebc5b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/kex/KeyExchange.java @@ -0,0 +1,123 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.kex; + +import java.math.BigInteger; +import java.util.Collections; +import java.util.NavigableMap; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.SftpConstants; +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.digest.Digest; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.session.SessionHolder; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * Key exchange algorithm. + * + * @author Apache MINA SSHD Project + */ +public interface KeyExchange extends NamedResource, SessionHolder { + NavigableMap GROUP_KEX_OPCODES_MAP = Collections.unmodifiableNavigableMap( + SftpConstants.generateMnemonicMap(SshConstants.class, "SSH_MSG_KEX_DH_GEX_")); + + NavigableMap SIMPLE_KEX_OPCODES_MAP = Collections.unmodifiableNavigableMap( + SftpConstants.generateMnemonicMap(SshConstants.class, "SSH_MSG_KEXDH_")); + + /** + * Initialize the key exchange algorithm. + * + * @param v_s the server identification string + * @param v_c the client identification string + * @param i_s the server key initialization packet + * @param i_c the client key initialization packet + * @throws Exception if an error occurs + */ + void init(byte[] v_s, byte[] v_c, byte[] i_s, byte[] i_c) throws Exception; + + /** + * Process the next packet + * + * @param cmd the command + * @param buffer the packet contents positioned after the command + * @return a boolean indicating if the processing is complete or if more packets are to be received + * @throws Exception if an error occurs + */ + boolean next(int cmd, Buffer buffer) throws Exception; + + /** + * The message digest used by this key exchange algorithm. + * + * @return the message digest + */ + Digest getHash(); + + /** + * Retrieves the computed {@code h} parameter + * + * @return The {@code h} parameter + */ + byte[] getH(); + + /** + * Retrieves the computed k parameter + * + * @return The {@code k} parameter + */ + byte[] getK(); + + static String getGroupKexOpcodeName(int cmd) { + String name = GROUP_KEX_OPCODES_MAP.get(cmd); + if (GenericUtils.isEmpty(name)) { + return SshConstants.getCommandMessageName(cmd); + } else { + return name; + } + } + + static String getSimpleKexOpcodeName(int cmd) { + String name = SIMPLE_KEX_OPCODES_MAP.get(cmd); + if (GenericUtils.isEmpty(name)) { + return SshConstants.getCommandMessageName(cmd); + } else { + return name; + } + } + + // see https://tools.ietf.org/html/rfc8268#section-4 + static boolean isValidDHValue(BigInteger value, BigInteger p) { + if ((value == null) || (p == null)) { + return false; + } + + // 1 < value < p-1 + if (value.compareTo(BigInteger.ONE) <= 0) { + return false; + } + + if (value.compareTo(p.subtract(BigInteger.ONE)) >= 0) { + return false; + } + + return true; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/kex/KeyExchangeFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/kex/KeyExchangeFactory.java new file mode 100644 index 0000000..2f9a631 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/kex/KeyExchangeFactory.java @@ -0,0 +1,35 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.kex; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.session.Session; + +/** + * @author Apache MINA SSHD Project + */ +public interface KeyExchangeFactory extends NamedResource { + /** + * @param session The {@link Session} for which the factory is invoked + * @return The {@link KeyExchange} instance to be used + * @throws Exception If failed to create + */ + KeyExchange createKeyExchange(Session session) throws Exception; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/kex/dh/AbstractDHKeyExchange.java b/files-sftp/src/main/java/org/apache/sshd/common/kex/dh/AbstractDHKeyExchange.java new file mode 100644 index 0000000..9920fdf --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/kex/dh/AbstractDHKeyExchange.java @@ -0,0 +1,165 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.kex.dh; + +import java.math.BigInteger; +import java.util.Objects; + +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.SshException; +import org.apache.sshd.common.digest.Digest; +import org.apache.sshd.common.kex.KeyExchange; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.BufferUtils; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractDHKeyExchange implements KeyExchange { + protected byte[] v_s; + protected byte[] v_c; + protected byte[] i_s; + protected byte[] i_c; + protected Digest hash; + protected byte[] k; + protected byte[] h; + + private byte[] e; + private BigInteger eValue; + private byte[] f; + private BigInteger fValue; + + private final Session session; + + protected AbstractDHKeyExchange(Session session) { + this.session = Objects.requireNonNull(session, "No session provided"); + } + + @Override + public void init(byte[] v_s, byte[] v_c, byte[] i_s, byte[] i_c) throws Exception { + this.v_s = ValidateUtils.checkNotNullAndNotEmpty(v_s, "No v_s value"); + this.v_c = ValidateUtils.checkNotNullAndNotEmpty(v_c, "No v_c value"); + this.i_s = ValidateUtils.checkNotNullAndNotEmpty(i_s, "No i_s value"); + this.i_c = ValidateUtils.checkNotNullAndNotEmpty(i_c, "No i_c value"); + } + + @Override + public Session getSession() { + return session; + } + + @Override + public Digest getHash() { + return hash; + } + + @Override + public byte[] getH() { + return h; + } + + @Override + public byte[] getK() { + return k; + } + + protected byte[] getE() { + return e; + } + + protected BigInteger getEValue() { + if (eValue == null) { + eValue = BufferUtils.fromMPIntBytes(getE()); + } + + return eValue; + } + + protected byte[] updateE(Buffer buffer) { + return updateE(buffer.getMPIntAsBytes()); + } + + protected byte[] updateE(byte[] mpInt) { + setE(mpInt); + return mpInt; + } + + protected void setE(byte[] e) { + this.e = e; + + if (eValue != null) { + eValue = null; // force lazy re-initialization + } + } + + protected void validateEValue(BigInteger pValue) throws Exception { + BigInteger value = Objects.requireNonNull(getEValue(), "No DH 'e' value set"); + if (!KeyExchange.isValidDHValue(value, pValue)) { + throw new SshException( + SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED, + "Protocol error: invalid DH 'e' value"); + } + } + + protected byte[] getF() { + return f; + } + + protected BigInteger getFValue() { + if (fValue == null) { + fValue = BufferUtils.fromMPIntBytes(getF()); + } + + return fValue; + } + + protected byte[] updateF(Buffer buffer) { + return updateF(buffer.getMPIntAsBytes()); + } + + protected byte[] updateF(byte[] mpInt) { + setF(mpInt); + return mpInt; + } + + protected void setF(byte[] f) { + this.f = f; + + if (fValue != null) { + fValue = null; // force lazy re-initialization + } + } + + protected void validateFValue(BigInteger pValue) throws Exception { + BigInteger value = Objects.requireNonNull(getFValue(), "No DH 'f' value set"); + if (!KeyExchange.isValidDHValue(value, pValue)) { + throw new SshException( + SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED, + "Protocol error: invalid DH 'f' value"); + } + } + + @Override + public String toString() { + return getClass().getSimpleName() + "[" + getName() + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/DefaultClientKexExtensionHandler.java b/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/DefaultClientKexExtensionHandler.java new file mode 100644 index 0000000..5f66d66 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/DefaultClientKexExtensionHandler.java @@ -0,0 +1,252 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.kex.extension; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.EnumMap; +import java.util.List; +import java.util.Map; +import java.util.NavigableSet; +import java.util.Objects; +import java.util.stream.Stream; + +import org.apache.sshd.common.AttributeRepository.AttributeKey; +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.OptionalFeature; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.kex.KexProposalOption; +import org.apache.sshd.common.kex.extension.parser.ServerSignatureAlgorithms; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.signature.BuiltinSignatures; +import org.apache.sshd.common.signature.Signature; +import org.apache.sshd.common.signature.SignatureFactory; +import org.apache.sshd.common.util.GenericUtils; + +/** + * Detects if the server sends a + * "server-sig-algs" and updates the client + * session by adding the "rsa-sha2-256/512" signature + * factories (if not already added). + * + * Note: experimental - used for development purposes and as an example + * + * @author Apache MINA SSHD Project + */ +public class DefaultClientKexExtensionHandler implements KexExtensionHandler { + /** + * Session {@link AttributeKey} used to store the client's proposal + */ + public static final AttributeKey> CLIENT_PROPOSAL_KEY = new AttributeKey<>(); + + /** + * Session {@link AttributeKey} used to store the server's proposal + */ + public static final AttributeKey> SERVER_PROPOSAL_KEY = new AttributeKey<>(); + + public static final NavigableSet DEFAULT_EXTRA_SIGNATURES = Collections.unmodifiableNavigableSet( + GenericUtils.asSortedSet(String.CASE_INSENSITIVE_ORDER, + KeyUtils.RSA_SHA256_KEY_TYPE_ALIAS, + KeyUtils.RSA_SHA512_KEY_TYPE_ALIAS)); + + public static final DefaultClientKexExtensionHandler INSTANCE = new DefaultClientKexExtensionHandler(); + + public DefaultClientKexExtensionHandler() { + super(); + } + + @Override + public boolean isKexExtensionsAvailable(Session session, AvailabilityPhase phase) throws IOException { + if ((session == null) || session.isServerSession()) { + return false; + } + + // We only need to take special care during the proposal build phase + if (phase != AvailabilityPhase.PROPOSAL) { + return true; + } + + // Check if client already sent its proposal - if not, we can still influence it + Map clientProposal = session.getAttribute(CLIENT_PROPOSAL_KEY); + Map serverProposal = session.getAttribute(SERVER_PROPOSAL_KEY); + if (GenericUtils.isNotEmpty(clientProposal)) { + return false; + } + + /* + * According to https://tools.ietf.org/html/rfc8308#section-3.1: + * + * + * Note that implementations are known to exist that apply authentication penalties if the client attempts to + * use an unexpected public key algorithm. + * + * Therefore we want to be sure the server declared its support for extensions before we declare ours. + */ + if (GenericUtils.isEmpty(serverProposal)) { + return false; + } + + String algos = serverProposal.get(KexProposalOption.ALGORITHMS); + String extDeclared = Stream.of(GenericUtils.split(algos, ',')) + .filter(s -> KexExtensions.SERVER_KEX_EXTENSION.equalsIgnoreCase(s)) + .findFirst() + .orElse(null); + if (GenericUtils.isEmpty(extDeclared)) { + return false; + } + + return true; + } + + @Override + public void handleKexInitProposal( + Session session, boolean initiator, Map proposal) + throws IOException { + if (session.isServerSession()) { + return; // just in case + } + + session.setAttribute(initiator ? CLIENT_PROPOSAL_KEY : SERVER_PROPOSAL_KEY, new EnumMap<>(proposal)); + return; + } + + @Override + public boolean handleKexExtensionRequest( + Session session, int index, int count, String name, byte[] data) + throws IOException { + if (!ServerSignatureAlgorithms.NAME.equalsIgnoreCase(name)) { + return true; // process next extension (if available) + } + + Collection sigAlgos = ServerSignatureAlgorithms.INSTANCE.parseExtension(data); + updateAvailableSignatureFactories(session, sigAlgos); + return false; // don't care about any more extensions (for now) + } + + public List> updateAvailableSignatureFactories( + Session session, Collection extraAlgos) + throws IOException { + List> available = session.getSignatureFactories(); + List> updated = resolveUpdatedSignatureFactories(session, available, extraAlgos); + if (!GenericUtils.isSameReference(available, updated)) { + session.setSignatureFactories(updated); + } + + return updated; + } + + /** + * Checks if the extra signature algorithms are already included in the available ones, and adds the extra ones (if + * supported). + * + * @param session The {@link Session} for which the resolution occurs + * @param available The available signature factories + * @param extraAlgos The extra requested signatures - ignored if {@code null}/empty + * @return The resolved signature factories - same as input if nothing added + * @throws IOException If failed to resolve the factories + */ + public List> resolveUpdatedSignatureFactories( + Session session, List> available, Collection extraAlgos) + throws IOException { + List> toAdd = resolveRequestedSignatureFactories(session, extraAlgos); + if (GenericUtils.isEmpty(toAdd)) { + return available; + } + + for (int index = 0; index < toAdd.size(); index++) { + NamedFactory f = toAdd.get(index); + String name = f.getName(); + NamedFactory a = available.stream() + .filter(s -> Objects.equals(name, s.getName())) + .findFirst() + .orElse(null); + if (a == null) { + continue; + } + + toAdd.remove(index); + index--; // compensate for loop auto-increment + } + + return updateAvailableSignatureFactories(session, available, toAdd); + } + + public List> updateAvailableSignatureFactories( + Session session, List> available, Collection> toAdd) + throws IOException { + if (GenericUtils.isEmpty(toAdd)) { + return available; + } + + List> updated = new ArrayList<>(available.size() + toAdd.size()); + updated.addAll(available); + + for (NamedFactory f : toAdd) { + int index = resolvePreferredSignaturePosition(session, updated, f); + if ((index < 0) || (index >= updated.size())) { + updated.add(f); + } else { + updated.add(index, f); + } + } + + return updated; + } + + public int resolvePreferredSignaturePosition( + Session session, List> factories, NamedFactory factory) + throws IOException { + return SignatureFactory.resolvePreferredSignaturePosition(factories, factory); + } + + public List> resolveRequestedSignatureFactories( + Session session, Collection extraAlgos) + throws IOException { + if (GenericUtils.isEmpty(extraAlgos)) { + return Collections.emptyList(); + } + + List> toAdd = Collections.emptyList(); + for (String algo : extraAlgos) { + NamedFactory factory = resolveRequestedSignatureFactory(session, algo); + if (factory == null) { + continue; + } + + if ((factory instanceof OptionalFeature) && (!((OptionalFeature) factory).isSupported())) { + continue; + } + + if (toAdd.isEmpty()) { + toAdd = new ArrayList<>(extraAlgos.size()); + } + toAdd.add(factory); + } + + return toAdd; + } + + public NamedFactory resolveRequestedSignatureFactory(Session session, String name) throws IOException { + return BuiltinSignatures.fromFactoryName(name); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/KexExtensionHandler.java b/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/KexExtensionHandler.java new file mode 100644 index 0000000..745921a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/KexExtensionHandler.java @@ -0,0 +1,199 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.kex.extension; + +import java.io.IOException; +import java.util.Collections; +import java.util.EnumSet; +import java.util.Map; +import java.util.Set; + +import org.apache.sshd.common.kex.KexProposalOption; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * Used to support RFC 8308 + * + * @author Apache MINA SSHD Project + */ +public interface KexExtensionHandler { + /** + * Provides a hint as to the context in which {@code isKexExtensionsAvailable} is invoked + * + * @author Apache MINA SSHD Project + */ + enum AvailabilityPhase { + /** + * Decide whether to delay sending the KEX-INIT message until the peer one has been received. Note: + * currently invoked only by client sessions, but code should not rely on this implicit assumption. + */ + PREKEX, + + /** + * About to create the KEX-INIT proposal - should this session declare it support the KEX negotiation extension + * mechanism or not. + */ + PROPOSAL, + + /** + * About to send the {@code SSH_MSG_NEWKEYS} message + */ + NEWKEYS, + + /** + * About to send {@code SSH_MSG_USERAUTH_SUCCESS} message. Note: currently invoked only by server + * sessions, but code should not rely on this implicit assumption. + */ + AUTHOK; + } + + /** + * @param session The {@link Session} about to execute KEX + * @param phase The {@link AvailabilityPhase} hint as to why the query is being made + * @return {@code true} whether to KEX extensions are supported/allowed for the session + * @throws IOException If failed to process the request + */ + default boolean isKexExtensionsAvailable(Session session, AvailabilityPhase phase) throws IOException { + return true; + } + + /** + * Invoked when a peer is ready to send the KEX options proposal or has received such a proposal. Note: this + * method is called during the negotiation phase even if {@code isKexExtensionsAvailable} returns {@code false} for + * the session. + * + * @param session The {@link Session} initiating or receiving the proposal + * @param initiator {@code true} if the proposal is about to be sent, {@code false} if this is a proposal received + * from the peer. + * @param proposal The proposal contents - Caveat emptor: the proposal is modifiable i.e., the + * handler can modify it before being sent or before being processed (if incoming) + * @throws Exception If failed to handle the request + */ + default void handleKexInitProposal( + Session session, boolean initiator, Map proposal) + throws Exception { + // ignored + } + + /** + * Invoked during the KEX negotiation phase to inform about option being negotiated. Note: this method is + * called during the negotiation phase even if {@code isKexExtensionsAvailable} returns {@code false} for the + * session. + * + * @param session The {@link Session} executing the negotiation + * @param option The negotiated {@link KexProposalOption} + * @param nValue The negotiated option value (may be {@code null}/empty). + * @param c2sOptions The client proposals + * @param cValue The client-side value for the option (may be {@code null}/empty). + * @param s2cOptions The server proposals + * @param sValue The server-side value for the option (may be {@code null}/empty). + * @throws Exception If failed to handle the invocation + */ + default void handleKexExtensionNegotiation( + Session session, KexProposalOption option, String nValue, + Map c2sOptions, String cValue, + Map s2cOptions, String sValue) + throws Exception { + // do nothing + } + + /** + * The phase at which {@code sendKexExtensions} is invoked + * + * @author Apache MINA SSHD Project + */ + enum KexPhase { + NEWKEYS, + AUTHOK; + + public static final Set VALUES = Collections.unmodifiableSet(EnumSet.allOf(KexPhase.class)); + } + + /** + * Invoked in order to allow the handler to send an {@code SSH_MSG_EXT_INFO} message. Note: this method is + * called only if {@code isKexExtensionsAvailable} returns {@code true} for the session. + * + * @param session The {@link Session} + * @param phase The phase at which the handler is invoked + * @throws Exception If failed to handle the invocation + * @see RFC-8308 - section 2.4 + */ + default void sendKexExtensions(Session session, KexPhase phase) throws Exception { + // do nothing + } + + /** + * Parses the {@code SSH_MSG_EXT_INFO} message. Note: this method is called regardless of whether + * {@code isKexExtensionsAvailable} returns {@code true} for the session. + * + * @param session The {@link Session} through which the message was received + * @param buffer The message buffer + * @return {@code true} if message handled - if {@code false} then {@code SSH_MSG_UNIMPLEMENTED} will be + * generated + * @throws Exception If failed to handle the message + * @see RFC-8308 - section 2.3 + * @see #handleKexExtensionRequest(Session, int, int, String, byte[]) + */ + default boolean handleKexExtensionsMessage(Session session, Buffer buffer) throws Exception { + int count = buffer.getInt(); + for (int index = 0; index < count; index++) { + String name = buffer.getString(); + byte[] data = buffer.getBytes(); + if (!handleKexExtensionRequest(session, index, count, name, data)) { + break; + } + } + + return true; + } + + /** + * Parses the {@code SSH_MSG_NEWCOMPRESS} message. Note: this method is called regardless of whether + * {@code isKexExtensionsAvailable} returns {@code true} for the session. + * + * @param session The {@link Session} through which the message was received + * @param buffer The message buffer + * @return {@code true} if message handled - if {@code false} then {@code SSH_MSG_UNIMPLEMENTED} will be + * generated + * @throws Exception If failed to handle the message + * @see RFC-8308 - section 3.2 + */ + default boolean handleKexCompressionMessage(Session session, Buffer buffer) throws Exception { + return true; + } + + /** + * Invoked by {@link #handleKexExtensionsMessage(Session, Buffer)} in order to handle a specific extension. + * + * @param session The {@link Session} through which the message was received + * @param index The 0-based extension index + * @param count The total extensions in the message + * @param name The extension name + * @param data The extension data + * @return {@code true} whether to proceed to the next extension or stop processing the rest + * @throws Exception If failed to handle the extension + */ + default boolean handleKexExtensionRequest( + Session session, int index, int count, String name, byte[] data) + throws Exception { + return true; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/KexExtensionHandlerManager.java b/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/KexExtensionHandlerManager.java new file mode 100644 index 0000000..5eb87ef --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/KexExtensionHandlerManager.java @@ -0,0 +1,31 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.kex.extension; + +/** + * TODO Add javadoc + * + * @author Apache MINA SSHD Project + */ +public interface KexExtensionHandlerManager { + KexExtensionHandler getKexExtensionHandler(); + + void setKexExtensionHandler(KexExtensionHandler handler); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/KexExtensionParser.java b/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/KexExtensionParser.java new file mode 100644 index 0000000..4796b30 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/KexExtensionParser.java @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.kex.extension; + +import java.io.IOException; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; + +/** + * Parses a known KEX extension + * + * @param Extension generic type + * @author Apache MINA SSHD Project + */ +public interface KexExtensionParser extends NamedResource { + default T parseExtension(byte[] data) throws IOException { + return parseExtension(data, 0, data.length); + } + + default T parseExtension(byte[] data, int off, int len) throws IOException { + return parseExtension(new ByteArrayBuffer(data, off, len)); + } + + T parseExtension(Buffer buffer) throws IOException; + + /** + * Adds the name + value to the buffer + * + * @param value The value of the extension + * @param buffer The target {@link Buffer} + * @throws IOException If failed to encode + */ + void putExtension(T value, Buffer buffer) throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/KexExtensions.java b/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/KexExtensions.java new file mode 100644 index 0000000..7741551 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/KexExtensions.java @@ -0,0 +1,191 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.kex.extension; + +import java.io.IOException; +import java.nio.ByteBuffer; +import java.util.AbstractMap.SimpleImmutableEntry; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.NavigableMap; +import java.util.NavigableSet; +import java.util.Objects; +import java.util.TreeMap; +import java.util.function.Function; +import java.util.function.Predicate; +import java.util.stream.Collectors; +import java.util.stream.Stream; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.kex.extension.parser.DelayCompression; +import org.apache.sshd.common.kex.extension.parser.Elevation; +import org.apache.sshd.common.kex.extension.parser.NoFlowControl; +import org.apache.sshd.common.kex.extension.parser.ServerSignatureAlgorithms; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.Readable; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * Provides some helpers for RFC 8308 + * + * @author Apache MINA SSHD Project + */ +public final class KexExtensions { + public static final byte SSH_MSG_EXT_INFO = 7; + public static final byte SSH_MSG_NEWCOMPRESS = 8; + + public static final String CLIENT_KEX_EXTENSION = "ext-info-c"; + public static final String SERVER_KEX_EXTENSION = "ext-info-s"; + + @SuppressWarnings("checkstyle:Indentation") + public static final Predicate IS_KEX_EXTENSION_SIGNAL + = n -> CLIENT_KEX_EXTENSION.equalsIgnoreCase(n) || SERVER_KEX_EXTENSION.equalsIgnoreCase(n); + + /** + * A case insensitive map of all the default known {@link KexExtensionParser} where key=the extension name + */ + private static final NavigableMap> EXTENSION_PARSERS = Stream.of( + ServerSignatureAlgorithms.INSTANCE, + NoFlowControl.INSTANCE, + Elevation.INSTANCE, + DelayCompression.INSTANCE) + .collect(Collectors.toMap( + NamedResource::getName, Function.identity(), + GenericUtils.throwingMerger(), () -> new TreeMap<>(String.CASE_INSENSITIVE_ORDER))); + + private KexExtensions() { + throw new UnsupportedOperationException("No instance allowed"); + } + + /** + * @return A case insensitive copy of the currently registered {@link KexExtensionParser}s names + */ + public static NavigableSet getRegisteredExtensionParserNames() { + synchronized (EXTENSION_PARSERS) { + return EXTENSION_PARSERS.isEmpty() + ? Collections.emptyNavigableSet() + : GenericUtils.asSortedSet(String.CASE_INSENSITIVE_ORDER, EXTENSION_PARSERS.keySet()); + } + } + + /** + * @param name The (never {@code null}/empty) extension name + * @return The registered {@code KexExtensionParser} for the (case insensitive) extension name - + * {@code null} if no match found + */ + public static KexExtensionParser getRegisteredExtensionParser(String name) { + ValidateUtils.checkNotNullAndNotEmpty(name, "No extension name provided"); + synchronized (EXTENSION_PARSERS) { + return EXTENSION_PARSERS.get(name); + } + } + + /** + * Registers a {@link KexExtensionParser} for a named extension + * + * @param parser The (never {@code null}) parser to register + * @return The replaced parser for the named extension (case insensitive) - {@code null} if no + * previous parser registered for this extension + */ + public static KexExtensionParser registerExtensionParser(KexExtensionParser parser) { + Objects.requireNonNull(parser, "No parser provided"); + String name = ValidateUtils.checkNotNullAndNotEmpty(parser.getName(), "No extension name provided"); + synchronized (EXTENSION_PARSERS) { + return EXTENSION_PARSERS.put(name, parser); + } + } + + /** + * Registers {@link KexExtensionParser} for a named extension + * + * @param name The (never {@code null}/empty) extension name + * @return The removed {@code KexExtensionParser} for the (case insensitive) extension name - + * {@code null} if no match found + */ + public static KexExtensionParser unregisterExtensionParser(String name) { + ValidateUtils.checkNotNullAndNotEmpty(name, "No extension name provided"); + synchronized (EXTENSION_PARSERS) { + return EXTENSION_PARSERS.remove(name); + } + } + + /** + * Attempts to parse an {@code SSH_MSG_EXT_INFO} message + * + * @param buffer The {@link Buffer} containing the message + * @return A {@link List} of key/value "pairs" where key=the extension name, value=the parsed + * value using the matching registered {@link KexExtensionParser}. If no such parser found then + * the raw value bytes are set as the extension value. + * @throws IOException If failed to parse one of the extensions + * @see RFC-8308 - section 2.3 + */ + public static List> parseExtensions(Buffer buffer) throws IOException { + int count = buffer.getInt(); + if (count == 0) { + return Collections.emptyList(); + } + + List> entries = new ArrayList<>(count); + for (int index = 0; index < count; index++) { + String name = buffer.getString(); + byte[] data = buffer.getBytes(); + KexExtensionParser parser = getRegisteredExtensionParser(name); + Object value = (parser == null) ? data : parser.parseExtension(data); + entries.add(new SimpleImmutableEntry<>(name, value)); + } + + return entries; + } + + /** + * Creates an {@code SSH_MSG_EXT_INFO} message using the provided extensions. + * + * @param exts A {@link Collection} of key/value "pairs" where key=the extension name, value=the + * extension value. Note: if a registered {@link KexExtensionParser} exists for the name, + * then it is assumed that the value is of the correct type. If no registered parser found the + * value is assumed to be either the encoded value as an array of bytes or as another + * {@link Readable} (e.g., another {@link Buffer}) or a {@link ByteBuffer}. + * @param buffer The target {@link Buffer} - assumed to already contain the {@code SSH_MSG_EXT_INFO} opcode + * @throws IOException If failed to encode + */ + public static void putExtensions(Collection> exts, Buffer buffer) throws IOException { + int count = GenericUtils.size(exts); + buffer.putInt(count); + if (count <= 0) { + return; + } + + for (Map.Entry ee : exts) { + String name = ee.getKey(); + Object value = ee.getValue(); + @SuppressWarnings("unchecked") + KexExtensionParser parser = (KexExtensionParser) getRegisteredExtensionParser(name); + if (parser != null) { + parser.putExtension(value, buffer); + } else { + buffer.putOptionalBufferedData(value); + } + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/parser/AbstractKexExtensionParser.java b/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/parser/AbstractKexExtensionParser.java new file mode 100644 index 0000000..54b088c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/parser/AbstractKexExtensionParser.java @@ -0,0 +1,51 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.kex.extension.parser; + +import java.io.IOException; + +import org.apache.sshd.common.kex.extension.KexExtensionParser; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * @param Generic extension type + * @author Apache MINA SSHD Project + */ +public abstract class AbstractKexExtensionParser implements KexExtensionParser { + private final String name; + + protected AbstractKexExtensionParser(String name) { + this.name = ValidateUtils.checkNotNullAndNotEmpty(name, "No name provided"); + } + + @Override + public String getName() { + return name; + } + + @Override + public void putExtension(T value, Buffer buffer) throws IOException { + buffer.putString(getName()); + encode(value, buffer); + } + + protected abstract void encode(T value, Buffer buffer) throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/parser/DelayCompression.java b/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/parser/DelayCompression.java new file mode 100644 index 0000000..96a0c31 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/parser/DelayCompression.java @@ -0,0 +1,56 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.kex.extension.parser; + +import java.io.IOException; + +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.BufferUtils; + +/** + * @author Apache MINA SSHD Project + * @see RFC-8308 - section 3.2 + */ +public class DelayCompression extends AbstractKexExtensionParser { + public static final String NAME = "delay-compression"; + + public static final DelayCompression INSTANCE = new DelayCompression(); + + public DelayCompression() { + super(NAME); + } + + @Override + public DelayedCompressionAlgorithms parseExtension(Buffer buffer) throws IOException { + DelayedCompressionAlgorithms algos = new DelayedCompressionAlgorithms(); + algos.setClient2Server(buffer.getNameList()); + algos.setServer2Client(buffer.getNameList()); + return algos; + } + + @Override + protected void encode(DelayedCompressionAlgorithms algos, Buffer buffer) throws IOException { + int lenPos = buffer.wpos(); + buffer.putInt(0); // total length placeholder + buffer.putNameList(algos.getClient2Server()); + buffer.putNameList(algos.getServer2Client()); + BufferUtils.updateLengthPlaceholder(buffer, lenPos); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/parser/DelayedCompressionAlgorithms.java b/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/parser/DelayedCompressionAlgorithms.java new file mode 100644 index 0000000..6ae8bdb --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/parser/DelayedCompressionAlgorithms.java @@ -0,0 +1,95 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.kex.extension.parser; + +import java.util.List; + +import org.apache.sshd.common.util.GenericUtils; + +/** + * @author Apache MINA SSHD Project + * @see RFC-8308 - section 3.2 + */ +public class DelayedCompressionAlgorithms { + private List client2server; + private List server2client; + + public DelayedCompressionAlgorithms() { + super(); + } + + public List getClient2Server() { + return client2server; + } + + public DelayedCompressionAlgorithms withClient2Server(List client2server) { + setClient2Server(client2server); + return this; + } + + public void setClient2Server(List client2server) { + this.client2server = client2server; + } + + public List getServer2Client() { + return server2client; + } + + public DelayedCompressionAlgorithms withServer2Client(List server2client) { + setServer2Client(server2client); + return this; + } + + public void setServer2Client(List server2client) { + this.server2client = server2client; + } + + @Override + public int hashCode() { + // Order might differ + return 31 * GenericUtils.size(getClient2Server()) + + 37 * GenericUtils.size(getServer2Client()); + } + + @Override + public boolean equals(Object obj) { + if (obj == null) { + return false; + } + if (obj == this) { + return true; + } + if (getClass() != obj.getClass()) { + return false; + } + + DelayedCompressionAlgorithms other = (DelayedCompressionAlgorithms) obj; + return (GenericUtils.findFirstDifferentValueIndex(getClient2Server(), other.getClient2Server()) < 0) + && (GenericUtils.findFirstDifferentValueIndex(getServer2Client(), other.getServer2Client()) < 0); + } + + @Override + public String toString() { + return getClass().getSimpleName() + + "[client2server=" + getClient2Server() + + ", server2client=" + getServer2Client() + + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/parser/Elevation.java b/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/parser/Elevation.java new file mode 100644 index 0000000..d04a840 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/parser/Elevation.java @@ -0,0 +1,54 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.kex.extension.parser; + +import java.io.IOException; +import java.nio.charset.StandardCharsets; + +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * @author Apache MINA SSHD Project + * @see RFC-8308 - section 3.4 + */ +public class Elevation extends AbstractKexExtensionParser { + public static final String NAME = "elevation"; + + public static final Elevation INSTANCE = new Elevation(); + + public Elevation() { + super(NAME); + } + + @Override + public String parseExtension(byte[] data, int off, int len) throws IOException { + return (len <= 0) ? "" : new String(data, off, len, StandardCharsets.UTF_8); + } + + @Override + public String parseExtension(Buffer buffer) throws IOException { + return parseExtension(buffer.array(), buffer.rpos(), buffer.available()); + } + + @Override + protected void encode(String value, Buffer buffer) throws IOException { + buffer.putString(value); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/parser/NoFlowControl.java b/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/parser/NoFlowControl.java new file mode 100644 index 0000000..2c69903 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/parser/NoFlowControl.java @@ -0,0 +1,54 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.kex.extension.parser; + +import java.io.IOException; +import java.nio.charset.StandardCharsets; + +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * @author Apache MINA SSHD Project + * @see RFC-8308 - section 3.3 + */ +public class NoFlowControl extends AbstractKexExtensionParser { + public static final String NAME = "no-flow-control"; + + public static final NoFlowControl INSTANCE = new NoFlowControl(); + + public NoFlowControl() { + super(NAME); + } + + @Override + public String parseExtension(byte[] data, int off, int len) throws IOException { + return (len <= 0) ? "" : new String(data, off, len, StandardCharsets.UTF_8); + } + + @Override + public String parseExtension(Buffer buffer) throws IOException { + return parseExtension(buffer.array(), buffer.rpos(), buffer.available()); + } + + @Override + protected void encode(String value, Buffer buffer) throws IOException { + buffer.putString(value); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/parser/ServerSignatureAlgorithms.java b/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/parser/ServerSignatureAlgorithms.java new file mode 100644 index 0000000..fb30718 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/kex/extension/parser/ServerSignatureAlgorithms.java @@ -0,0 +1,60 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.kex.extension.parser; + +import java.io.IOException; +import java.nio.charset.StandardCharsets; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * @author Apache MINA SSHD Project + * @see RFC-8308 - section 3.1 + */ +public class ServerSignatureAlgorithms extends AbstractKexExtensionParser> { + public static final String NAME = "server-sig-algs"; + + public static final ServerSignatureAlgorithms INSTANCE = new ServerSignatureAlgorithms(); + + public ServerSignatureAlgorithms() { + super(NAME); + } + + @Override + public List parseExtension(byte[] data, int off, int len) throws IOException { + String s = (len <= 0) ? "" : new String(data, off, len, StandardCharsets.UTF_8); + String[] vals = GenericUtils.isEmpty(s) ? GenericUtils.EMPTY_STRING_ARRAY : GenericUtils.split(s, ','); + return GenericUtils.isEmpty(vals) ? Collections.emptyList() : Arrays.asList(vals); + } + + @Override + public List parseExtension(Buffer buffer) throws IOException { + return parseExtension(buffer.array(), buffer.rpos(), buffer.available()); + } + + @Override + protected void encode(List names, Buffer buffer) throws IOException { + buffer.putNameList(names); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/AbstractKeyPairProvider.java b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/AbstractKeyPairProvider.java new file mode 100644 index 0000000..3879b12 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/AbstractKeyPairProvider.java @@ -0,0 +1,30 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.keyprovider; + +/** + * Provides a default implementation for some {@link KeyPairProvider} methods + * + * @author Apache MINA SSHD Project + */ +public abstract class AbstractKeyPairProvider implements KeyPairProvider { + protected AbstractKeyPairProvider() { + super(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/AbstractResourceKeyPairProvider.java b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/AbstractResourceKeyPairProvider.java new file mode 100644 index 0000000..9f27d4b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/AbstractResourceKeyPairProvider.java @@ -0,0 +1,241 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.keyprovider; + +import java.io.IOException; +import java.io.InputStream; +import java.io.StreamCorruptedException; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.util.Collection; +import java.util.Collections; +import java.util.Iterator; +import java.util.Map; +import java.util.NoSuchElementException; +import java.util.Objects; +import java.util.TreeMap; +import java.util.TreeSet; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.io.resource.IoResource; +import org.apache.sshd.common.util.io.resource.ResourceStreamProvider; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * @param Type of resource from which the {@link KeyPair} is generated + * @author Apache MINA SSHD Project + */ +public abstract class AbstractResourceKeyPairProvider extends AbstractKeyPairProvider { + private FilePasswordProvider passwordFinder; + /* + * NOTE: the map is case insensitive even for Linux, as it is (very) bad practice to have 2 key files that differ + * from one another only in their case... + */ + private final Map> cacheMap = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + + protected AbstractResourceKeyPairProvider() { + super(); + } + + public FilePasswordProvider getPasswordFinder() { + return passwordFinder; + } + + public void setPasswordFinder(FilePasswordProvider passwordFinder) { + this.passwordFinder = passwordFinder; + } + + /** + * Checks which of the new resources we already loaded and can keep the associated key pair + * + * @param resources The collection of new resources - can be {@code null}/empty in which case the cache is cleared + */ + protected void resetCacheMap(Collection resources) { + // if have any cached pairs then see what we can keep from previous load + Collection toDelete = Collections.emptySet(); + synchronized (cacheMap) { + if (cacheMap.size() <= 0) { + return; // already empty - nothing to keep + } + + if (GenericUtils.isEmpty(resources)) { + cacheMap.clear(); + return; + } + + for (Object r : resources) { + String resourceKey = ValidateUtils.checkNotNullAndNotEmpty(Objects.toString(r, null), "No resource key value"); + if (cacheMap.containsKey(resourceKey)) { + continue; + } + + if (toDelete.isEmpty()) { + toDelete = new TreeSet<>(String.CASE_INSENSITIVE_ORDER); + } + + if (!toDelete.add(resourceKey)) { + continue; // debug breakpoint + } + } + + if (GenericUtils.size(toDelete) > 0) { + toDelete.forEach(cacheMap::remove); + } + } + + } + + protected Iterable loadKeys(SessionContext session, Collection resources) { + if (GenericUtils.isEmpty(resources)) { + return Collections.emptyList(); + } else { + return () -> new KeyPairIterator(session, resources); + } + } + + protected IoResource getIoResource(SessionContext session, R resource) { + return IoResource.forResource(resource); + } + + protected Iterable doLoadKeys(SessionContext session, R resource) + throws IOException, GeneralSecurityException { + IoResource ioResource + = ValidateUtils.checkNotNull(getIoResource(session, resource), "No I/O resource available for %s", resource); + String resourceKey + = ValidateUtils.checkNotNullAndNotEmpty(ioResource.getName(), "No resource string value for %s", resource); + Iterable ids; + synchronized (cacheMap) { + // check if lucky enough to have already loaded this file + ids = cacheMap.get(resourceKey); + } + + if (ids != null) { + return ids; + } + + ids = doLoadKeys(session, ioResource, resource, getPasswordFinder()); + if (ids != null) { + boolean reusedKey; + synchronized (cacheMap) { + // if somebody else beat us to it, use the cached key - just in case file contents changed + reusedKey = cacheMap.containsKey(resourceKey); + if (reusedKey) { + ids = cacheMap.get(resourceKey); + } else { + cacheMap.put(resourceKey, ids); + } + } + + } else { + } + + return ids; + } + + protected Iterable doLoadKeys( + SessionContext session, NamedResource resourceKey, R resource, FilePasswordProvider provider) + throws IOException, GeneralSecurityException { + try (InputStream inputStream = openKeyPairResource(session, resourceKey, resource)) { + return doLoadKeys(session, resourceKey, inputStream, provider); + } + } + + protected InputStream openKeyPairResource( + SessionContext session, NamedResource resourceKey, R resource) + throws IOException { + if (resourceKey instanceof ResourceStreamProvider) { + return ((ResourceStreamProvider) resourceKey).openInputStream(); + } + + throw new StreamCorruptedException("Cannot open resource data for " + resource); + } + + protected Iterable doLoadKeys( + SessionContext session, NamedResource resourceKey, InputStream inputStream, FilePasswordProvider provider) + throws IOException, GeneralSecurityException { + return SecurityUtils.loadKeyPairIdentities(session, resourceKey, inputStream, provider); + } + + protected class KeyPairIterator implements Iterator { + protected final SessionContext session; + private final Iterator iterator; + private Iterator currentIdentities; + private KeyPair nextKeyPair; + private boolean nextKeyPairSet; + + protected KeyPairIterator(SessionContext session, Collection resources) { + this.session = session; + this.iterator = resources.iterator(); + } + + @Override + public boolean hasNext() { + return nextKeyPairSet || setNextObject(); + } + + @Override + public KeyPair next() { + if (!nextKeyPairSet) { + if (!setNextObject()) { + throw new NoSuchElementException("Out of files to try"); + } + } + nextKeyPairSet = false; + return nextKeyPair; + } + + @Override + public void remove() { + throw new UnsupportedOperationException("loadKeys(files) Iterator#remove() N/A"); + } + + @SuppressWarnings("synthetic-access") + private boolean setNextObject() { + nextKeyPair = KeyIdentityProvider.exhaustCurrentIdentities(currentIdentities); + if (nextKeyPair != null) { + nextKeyPairSet = true; + return true; + } + + while (iterator.hasNext()) { + R r = iterator.next(); + try { + Iterable ids = doLoadKeys(session, r); + currentIdentities = (ids == null) ? null : ids.iterator(); + nextKeyPair = KeyIdentityProvider.exhaustCurrentIdentities(currentIdentities); + } catch (Throwable e) { + nextKeyPair = null; + continue; + } + + if (nextKeyPair != null) { + nextKeyPairSet = true; + return true; + } + } + + return false; + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/ClassLoadableResourceKeyPairProvider.java b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/ClassLoadableResourceKeyPairProvider.java new file mode 100644 index 0000000..d416128 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/ClassLoadableResourceKeyPairProvider.java @@ -0,0 +1,101 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.keyprovider; + +import java.security.KeyPair; +import java.util.Collection; +import java.util.Collections; + +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.io.resource.ClassLoaderResource; +import org.apache.sshd.common.util.io.resource.IoResource; +import org.apache.sshd.common.util.threads.ThreadUtils; + +/** + * This provider loads private keys from the specified resources that are accessible via + * {@link ClassLoader#getResourceAsStream(String)}. If no loader configured via {@link #setResourceLoader(ClassLoader)}, + * then {@link ThreadUtils#resolveDefaultClassLoader(Class)} is used + * + * @author Apache MINA SSHD Project + */ +public class ClassLoadableResourceKeyPairProvider extends AbstractResourceKeyPairProvider { + private ClassLoader classLoader; + private Collection resources; + + public ClassLoadableResourceKeyPairProvider() { + this(Collections.emptyList()); + } + + public ClassLoadableResourceKeyPairProvider(ClassLoader cl) { + this(cl, Collections.emptyList()); + } + + public ClassLoadableResourceKeyPairProvider(String res) { + this(Collections.singletonList(ValidateUtils.checkNotNullAndNotEmpty(res, "No resource specified"))); + } + + public ClassLoadableResourceKeyPairProvider(ClassLoader cl, String res) { + this(cl, Collections.singletonList(ValidateUtils.checkNotNullAndNotEmpty(res, "No resource specified"))); + } + + public ClassLoadableResourceKeyPairProvider(Collection resources) { + this.classLoader = ThreadUtils.resolveDefaultClassLoader(getClass()); + this.resources = (resources == null) ? Collections.emptyList() : resources; + } + + public ClassLoadableResourceKeyPairProvider(ClassLoader cl, Collection resources) { + this.classLoader = cl; + this.resources = (resources == null) ? Collections.emptyList() : resources; + } + + public Collection getResources() { + return resources; + } + + public void setResources(Collection resources) { + this.resources = (resources == null) ? Collections.emptyList() : resources; + } + + public ClassLoader getResourceLoader() { + return classLoader; + } + + public void setResourceLoader(ClassLoader classLoader) { + this.classLoader = classLoader; + } + + @Override + public Iterable loadKeys(SessionContext session) { + return loadKeys(session, getResources()); + } + + @Override + protected IoResource getIoResource(SessionContext session, String resource) { + return new ClassLoaderResource(resolveClassLoader(), resource); + } + + protected ClassLoader resolveClassLoader() { + ClassLoader cl = getResourceLoader(); + if (cl == null) { + cl = ThreadUtils.resolveDefaultClassLoader(getClass()); + } + return cl; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/FileHostKeyCertificateProvider.java b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/FileHostKeyCertificateProvider.java new file mode 100644 index 0000000..39db43d --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/FileHostKeyCertificateProvider.java @@ -0,0 +1,93 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.keyprovider; + +import java.io.IOException; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.Path; +import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; +import java.security.PublicKey; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.List; + +import org.apache.sshd.common.config.keys.OpenSshCertificate; +import org.apache.sshd.common.config.keys.PublicKeyEntry; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +public class FileHostKeyCertificateProvider implements HostKeyCertificateProvider { + private final Collection files; + + public FileHostKeyCertificateProvider(Path path) { + this((path == null) ? Collections.emptyList() : Collections.singletonList(path)); + } + + public FileHostKeyCertificateProvider(Path... files) { + this(GenericUtils.isEmpty(files) ? Collections.emptyList() : Arrays.asList(files)); + } + + public FileHostKeyCertificateProvider(Collection files) { + this.files = ValidateUtils.checkNotNullAndNotEmpty(files, "No paths provided"); + } + + public Collection getPaths() { + return files; + } + + @Override + public Iterable loadCertificates(SessionContext session) + throws IOException, GeneralSecurityException { + Collection keyPaths = getPaths(); + List certificates = new ArrayList<>(); + for (Path file : keyPaths) { + + Collection lines = Files.readAllLines(file, StandardCharsets.UTF_8); + for (String line : lines) { + line = GenericUtils.replaceWhitespaceAndTrim(line); + if (GenericUtils.isEmpty(line) || (line.charAt(0) == '#')) { + continue; + } + + PublicKeyEntry publicKeyEntry = PublicKeyEntry.parsePublicKeyEntry(line); + if (publicKeyEntry == null) { + continue; + } + + PublicKey publicKey = publicKeyEntry.resolvePublicKey(session, null, null); + if (publicKey == null) { + continue; + } + + if (!(publicKey instanceof OpenSshCertificate)) { + throw new InvalidKeyException("Got unexpected key type in " + file + ". Expected OpenSSHCertificate."); + } + + certificates.add((OpenSshCertificate) publicKey); + } + } + + return certificates; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/FileKeyPairProvider.java b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/FileKeyPairProvider.java new file mode 100644 index 0000000..f926ee1 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/FileKeyPairProvider.java @@ -0,0 +1,87 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.keyprovider; + +import java.io.IOException; +import java.nio.file.Path; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.Objects; + +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.io.resource.IoResource; +import org.apache.sshd.common.util.io.resource.PathResource; + +/** + * This host key provider loads private keys from the specified files. The loading is lazy - i.e., a file is not + * loaded until it is actually required. Once required though, its loaded {@link KeyPair} result is cached and + * not re-loaded. + * + * @author Apache MINA SSHD Project + */ +public class FileKeyPairProvider extends AbstractResourceKeyPairProvider { + private Collection files; + + public FileKeyPairProvider() { + super(); + } + + public FileKeyPairProvider(Path path) { + this(Collections.singletonList(Objects.requireNonNull(path, "No path provided"))); + } + + public FileKeyPairProvider(Path... files) { + this(Arrays.asList(files)); + } + + public FileKeyPairProvider(Collection files) { + this.files = files; + } + + public Collection getPaths() { + return files; + } + + public void setPaths(Collection paths) { + // use absolute path in order to have unique cache keys + Collection resolved = GenericUtils.map(paths, Path::toAbsolutePath); + resetCacheMap(resolved); + files = resolved; + } + + @Override + public Iterable loadKeys(SessionContext session) { + return loadKeys(session, getPaths()); + } + + @Override + protected IoResource getIoResource(SessionContext session, Path resource) { + return (resource == null) ? null : new PathResource(resource); + } + + @Override + protected Iterable doLoadKeys(SessionContext session, Path resource) + throws IOException, GeneralSecurityException { + return super.doLoadKeys(session, (resource == null) ? null : resource.toAbsolutePath()); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/HostKeyCertificateProvider.java b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/HostKeyCertificateProvider.java new file mode 100644 index 0000000..0f2ee56 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/HostKeyCertificateProvider.java @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.keyprovider; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.util.Objects; +import java.util.stream.StreamSupport; + +import org.apache.sshd.common.config.keys.OpenSshCertificate; +import org.apache.sshd.common.session.SessionContext; + +/** + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface HostKeyCertificateProvider { + + Iterable loadCertificates(SessionContext session) throws IOException, GeneralSecurityException; + + default OpenSshCertificate loadCertificate(SessionContext session, String keyType) + throws IOException, GeneralSecurityException { + Iterable certificates = loadCertificates(session); + return StreamSupport.stream(certificates.spliterator(), false) + .filter(pubKey -> Objects.equals(pubKey.getKeyType(), keyType)) + .findFirst() + .orElse(null); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/KeyIdentityProvider.java b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/KeyIdentityProvider.java new file mode 100644 index 0000000..af67047 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/KeyIdentityProvider.java @@ -0,0 +1,205 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.keyprovider; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.util.Collection; +import java.util.Collections; +import java.util.Iterator; + +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; + +/** + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface KeyIdentityProvider { + /** + * An "empty" implementation of {@link KeyIdentityProvider} that returns an empty group of key pairs + */ + KeyIdentityProvider EMPTY_KEYS_PROVIDER = new KeyIdentityProvider() { + @Override + public Iterable loadKeys(SessionContext session) { + return Collections.emptyList(); + } + + @Override + public String toString() { + return "EMPTY"; + } + }; + + /** + * Load available keys. + * + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} + * if not invoked within a session context (e.g., offline tool or session unknown). + * @throws IOException If failed to read/parse the keys data + * @throws GeneralSecurityException If failed to generate the keys + * @return an {@link Iterable} instance of available keys - ignored if {@code null} + */ + Iterable loadKeys(SessionContext session) throws IOException, GeneralSecurityException; + + /** + * @param provider The {@link KeyIdentityProvider} instance to verify + * @return {@code true} if instance is {@code null} or the {@link #EMPTY_KEYS_PROVIDER} + */ + static boolean isEmpty(KeyIdentityProvider provider) { + return (provider == null) || GenericUtils.isSameReference(provider, EMPTY_KEYS_PROVIDER); + } + + /** + *

        + * Creates a "unified" {@link KeyIdentityProvider} out of 2 possible ones as follows: + *

        + *
        + *
          + *
        • If both are {@code null} then return {@code null}.
          • + *
        • If either one is {@code null}/{@link #EMPTY_KEYS_PROVIDER empty} then use the non-{@code null} one.
          • + *
        • If both are the same instance then use the instance. + *
        • Otherwise, returns a wrapper that groups both providers.
          • + *
        + * + * @param identities The registered key pair identities + * @param keys The extra available key pairs + * @return The resolved provider + * @see #multiProvider(KeyIdentityProvider...) + */ + static KeyIdentityProvider resolveKeyIdentityProvider( + KeyIdentityProvider identities, KeyIdentityProvider keys) { + if (isEmpty(keys) || GenericUtils.isSameReference(identities, keys)) { + // Prefer EMPTY over null + return (identities == null) ? keys : identities; + } else if (isEmpty(identities)) { + return keys; + } else { + return multiProvider(identities, keys); + } + } + + /** + * Wraps a group of {@link KeyIdentityProvider} into a single one + * + * @param providers The providers - ignored if {@code null}/empty (i.e., returns {@link #EMPTY_KEYS_PROVIDER}) + * @return The wrapping provider + * @see #multiProvider(Collection) + */ + static KeyIdentityProvider multiProvider(KeyIdentityProvider... providers) { + return multiProvider(GenericUtils.asList(providers)); + } + + /** + * Wraps a group of {@link KeyIdentityProvider} into a single one + * + * @param providers The providers - ignored if {@code null}/empty (i.e., returns {@link #EMPTY_KEYS_PROVIDER}) + * @return The wrapping provider + * @see MultiKeyIdentityProvider + */ + static KeyIdentityProvider multiProvider(Collection providers) { + int numProviders = GenericUtils.size(providers); + if (numProviders <= 0) { + return EMPTY_KEYS_PROVIDER; + } else if (numProviders == 1) { + return GenericUtils.head(providers); + } else { + return new MultiKeyIdentityProvider(providers); + } + } + + /** + * Wraps a group of {@link KeyIdentityProvider} into an {@link Iterable} of {@link KeyPair}s + * + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} if not invoked + * within a session context (e.g., offline tool or session unknown). + * @param providers The group of providers - ignored if {@code null}/empty (i.e., returns an empty iterable + * instance) + * @return The wrapping iterable + */ + static Iterable iterableOf(SessionContext session, Collection providers) { + int numProviders = GenericUtils.size(providers); + if (numProviders <= 0) { + return Collections.emptyList(); + } else if (numProviders == 1) { + KeyIdentityProvider p = GenericUtils.head(providers); + try { + return p.loadKeys(session); + } catch (IOException | GeneralSecurityException e) { + throw new RuntimeException( + "Unexpected " + e.getClass().getSimpleName() + ")" + + " keys loading exception: " + e.getMessage(), + e); + } + } else { + return new Iterable() { + @Override + public Iterator iterator() { + return new MultiKeyIdentityIterator(session, providers); + } + + @Override + public String toString() { + return Iterable.class.getSimpleName() + "[of(providers)]"; + } + }; + } + } + + /** + * Wraps a group of {@link KeyPair}s into a {@link KeyIdentityProvider} + * + * @param pairs The key pairs - ignored if {@code null}/empty (i.e., returns {@link #EMPTY_KEYS_PROVIDER}). + * @return The provider wrapper + */ + static KeyIdentityProvider wrapKeyPairs(KeyPair... pairs) { + return wrapKeyPairs(GenericUtils.asList(pairs)); + } + + /** + * Wraps a group of {@link KeyPair}s into a {@link KeyIdentityProvider} + * + * @param pairs The key pairs {@link Iterable} - ignored if {@code null} (i.e., returns + * {@link #EMPTY_KEYS_PROVIDER}). + * @return The provider wrapper + */ + static KeyIdentityProvider wrapKeyPairs(Iterable pairs) { + return (pairs == null) ? EMPTY_KEYS_PROVIDER : session -> pairs; + } + + /** + * Attempts to find the first non-{@code null} {@link KeyPair} + * + * @param ids The {@link Iterator} - ignored if {@code null} or no next element available + * @return The first non-{@code null} key pair found in the iterator - {@code null} if all elements exhausted + * without such an entry + */ + static KeyPair exhaustCurrentIdentities(Iterator ids) { + while ((ids != null) && ids.hasNext()) { + KeyPair kp = ids.next(); + if (kp != null) { + return kp; + } + } + + return null; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/KeyIdentityProviderHolder.java b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/KeyIdentityProviderHolder.java new file mode 100644 index 0000000..cd33a7a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/KeyIdentityProviderHolder.java @@ -0,0 +1,35 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.keyprovider; + +/** + * TODO Add javadoc + * + * @author Apache MINA SSHD Project + */ +public interface KeyIdentityProviderHolder { + /** + * @return The {@link KeyIdentityProvider} used to provide key-pair(s) for public key authentication + */ + KeyIdentityProvider getKeyIdentityProvider(); + + void setKeyIdentityProvider(KeyIdentityProvider provider); + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/KeyPairProvider.java b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/KeyPairProvider.java new file mode 100644 index 0000000..a986056 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/KeyPairProvider.java @@ -0,0 +1,201 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.keyprovider; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.LinkedHashSet; +import java.util.Objects; +import java.util.stream.Collectors; + +import org.apache.sshd.common.cipher.ECCurves; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * Provider for key pairs. This provider is used on the server side to provide the host key, or on the client side to + * provide the user key. + * + * @author Apache MINA SSHD Project + */ +public interface KeyPairProvider extends KeyIdentityProvider { + + /** + * SSH identifier for RSA keys + */ + String SSH_RSA = "ssh-rsa"; + + /** + * SSH identifier for DSA keys + */ + String SSH_DSS = "ssh-dss"; + + /** + * SSH identifier for ED25519 elliptic curve keys + */ + String SSH_ED25519 = "ssh-ed25519"; + + /** + * SSH identifier for EC keys in NIST curve P-256 + */ + String ECDSA_SHA2_NISTP256 = ECCurves.nistp256.getKeyType(); + + /** + * SSH identifier for EC keys in NIST curve P-384 + */ + String ECDSA_SHA2_NISTP384 = ECCurves.nistp384.getKeyType(); + + /** + * SSH identifier for EC keys in NIST curve P-521 + */ + String ECDSA_SHA2_NISTP521 = ECCurves.nistp521.getKeyType(); + + /** + * SSH identifier for openssh cert keys + */ + String SSH_RSA_CERT = "ssh-rsa-cert-v01@openssh.com"; + String SSH_DSS_CERT = "ssh-dss-cert-v01@openssh.com"; + String SSH_ED25519_CERT = "ssh-ed25519-cert-v01@openssh.com"; + String SSH_ECDSA_SHA2_NISTP256_CERT = "ecdsa-sha2-nistp256-cert-v01@openssh.com"; + String SSH_ECDSA_SHA2_NISTP384_CERT = "ecdsa-sha2-nistp384-cert-v01@openssh.com"; + String SSH_ECDSA_SHA2_NISTP521_CERT = "ecdsa-sha2-nistp521-cert-v01@openssh.com"; + + /** + * A {@link KeyPairProvider} that has no keys + */ + KeyPairProvider EMPTY_KEYPAIR_PROVIDER = new KeyPairProvider() { + @Override + public KeyPair loadKey(SessionContext session, String type) { + return null; + } + + @Override + public Iterable getKeyTypes(SessionContext session) { + return Collections.emptySet(); + } + + @Override + public Iterable loadKeys(SessionContext session) { + return Collections.emptyList(); + } + + @Override + public String toString() { + return "EMPTY_KEYPAIR_PROVIDER"; + } + }; + + /** + * Load a key of the specified type which can be "ssh-rsa", "ssh-dss", or + * "ecdsa-sha2-nistp{256,384,521}". If there is no key of this type, return {@code null} + * + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} + * if not invoked within a session context (e.g., offline tool). + * @param type the type of key to load + * @return a valid key pair or {@code null} if this type of key is not available + * @throws IOException If failed to read/parse the keys data + * @throws GeneralSecurityException If failed to generate the keys + */ + default KeyPair loadKey(SessionContext session, String type) + throws IOException, GeneralSecurityException { + ValidateUtils.checkNotNullAndNotEmpty(type, "No key type to load"); + return GenericUtils.stream(loadKeys(session)) + .filter(key -> type.equals(KeyUtils.getKeyType(key))) + .findFirst() + .orElse(null); + } + + /** + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} + * if not invoked within a session context (e.g., offline tool). + * @return The available {@link Iterable} key types - never {@code null} + * @throws IOException If failed to read/parse the keys data + * @throws GeneralSecurityException If failed to generate the keys + */ + default Iterable getKeyTypes(SessionContext session) + throws IOException, GeneralSecurityException { + return GenericUtils.stream(loadKeys(session)) + .map(KeyUtils::getKeyType) + .filter(GenericUtils::isNotEmpty) + .collect(Collectors.toSet()); + } + + /** + * Wrap the provided {@link KeyPair}s into a {@link KeyPairProvider} + * + * @param pairs The available pairs - ignored if {@code null}/empty (i.e., returns {@link #EMPTY_KEYPAIR_PROVIDER}) + * @return The provider wrapper + * @see #wrap(Iterable) + */ + static KeyPairProvider wrap(KeyPair... pairs) { + return GenericUtils.isEmpty(pairs) ? EMPTY_KEYPAIR_PROVIDER : wrap(Arrays.asList(pairs)); + } + + /** + * Wrap the provided {@link KeyPair}s into a {@link KeyPairProvider} + * + * @param pairs The available pairs {@link Iterable} - ignored if {@code null} (i.e., returns + * {@link #EMPTY_KEYPAIR_PROVIDER}) + * @return The provider wrapper + */ + static KeyPairProvider wrap(Iterable pairs) { + return (pairs == null) ? EMPTY_KEYPAIR_PROVIDER : new KeyPairProvider() { + @Override + public Iterable loadKeys(SessionContext session) { + return pairs; + } + + @Override + public KeyPair loadKey(SessionContext session, String type) { + for (KeyPair kp : pairs) { + String t = KeyUtils.getKeyType(kp); + if (Objects.equals(type, t)) { + return kp; + } + } + + return null; + } + + @Override + public Iterable getKeyTypes(SessionContext session) { + // use a LinkedHashSet so as to preserve the order but avoid duplicates + Collection types = new LinkedHashSet<>(); + for (KeyPair kp : pairs) { + String t = KeyUtils.getKeyType(kp); + if (GenericUtils.isEmpty(t)) { + continue; // avoid unknown key types + } + + if (!types.add(t)) { + continue; // debug breakpoint + } + } + + return types; + } + }; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/KeyPairProviderHolder.java b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/KeyPairProviderHolder.java new file mode 100644 index 0000000..33602b3 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/KeyPairProviderHolder.java @@ -0,0 +1,35 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.keyprovider; + +/** + * @author Apache MINA SSHD Project + */ +public interface KeyPairProviderHolder { + /** + * Retrieve the KeyPairProvider that will be used to find the host key to use on the server side or the + * user key on the client side. + * + * @return the KeyPairProvider, never {@code null} + */ + KeyPairProvider getKeyPairProvider(); + + void setKeyPairProvider(KeyPairProvider keyPairProvider); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/KeySizeIndicator.java b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/KeySizeIndicator.java new file mode 100644 index 0000000..1a8e456 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/KeySizeIndicator.java @@ -0,0 +1,30 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.keyprovider; + +/** + * @author Apache MINA SSHD Project + */ +public interface KeySizeIndicator { + /** + * @return The number of bits used in the key + */ + int getKeySize(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/KeyTypeIndicator.java b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/KeyTypeIndicator.java new file mode 100644 index 0000000..11753e8 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/KeyTypeIndicator.java @@ -0,0 +1,55 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.keyprovider; + +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.NavigableMap; +import java.util.TreeMap; +import java.util.stream.Collectors; + +import org.apache.sshd.common.util.GenericUtils; + +/** + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface KeyTypeIndicator { + /** + * @return The SSH key type name - e.g., "ssh-rsa", "sshd-dss" etc. + */ + String getKeyType(); + + /** + * @param The {@link KeyTypeIndicator} + * @param indicators The indicators to group + * @return A {@link NavigableMap} where key=the case insensitive {@link #getKeyType() key type}, + * value = the {@link List} of all indicators having the same key type + */ + static NavigableMap> groupByKeyType(Collection indicators) { + return GenericUtils.isEmpty(indicators) + ? Collections.emptyNavigableMap() + : indicators.stream() + .collect(Collectors.groupingBy( + KeyTypeIndicator::getKeyType, () -> new TreeMap<>(String.CASE_INSENSITIVE_ORDER), + Collectors.toList())); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/MappedKeyPairProvider.java b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/MappedKeyPairProvider.java new file mode 100644 index 0000000..8b58c21 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/MappedKeyPairProvider.java @@ -0,0 +1,96 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.keyprovider; + +import java.security.KeyPair; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.Map; +import java.util.TreeMap; +import java.util.function.Function; + +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * Holds a {@link Map} of {@link String}->{@link KeyPair} where the map key is the type and value is the associated + * {@link KeyPair} + * + * @author Apache MINA SSHD Project + */ +public class MappedKeyPairProvider implements KeyPairProvider { + /** + * Transforms a {@link Map} of {@link String}->{@link KeyPair} to a {@link KeyPairProvider} where map key is the + * type and value is the associated {@link KeyPair} + */ + public static final Function, KeyPairProvider> MAP_TO_KEY_PAIR_PROVIDER = MappedKeyPairProvider::new; + + private final Map pairsMap; + + public MappedKeyPairProvider(KeyPair... pairs) { + this(GenericUtils.isEmpty(pairs) ? Collections.emptyList() : Arrays.asList(pairs)); + } + + public MappedKeyPairProvider(Collection pairs) { + this(mapUniquePairs(pairs)); + } + + public MappedKeyPairProvider(Map pairsMap) { + this.pairsMap = ValidateUtils.checkNotNullAndNotEmpty(pairsMap, "No pairs map provided"); + } + + @Override + public Iterable loadKeys(SessionContext session) { + return pairsMap.values(); + } + + @Override + public KeyPair loadKey(SessionContext session, String type) { + return pairsMap.get(type); + } + + @Override + public Iterable getKeyTypes(SessionContext session) { + return pairsMap.keySet(); + } + + @Override + public String toString() { + return String.valueOf(pairsMap.keySet()); + } + + public static Map mapUniquePairs(Collection pairs) { + if (GenericUtils.isEmpty(pairs)) { + return Collections.emptyMap(); + } + + Map pairsMap = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + for (KeyPair kp : pairs) { + String keyType = ValidateUtils.checkNotNullAndNotEmpty(KeyUtils.getKeyType(kp), "Cannot determine key type"); + KeyPair prev = pairsMap.put(keyType, kp); + ValidateUtils.checkTrue(prev == null, "Multiple keys of type=%s", keyType); + } + + return pairsMap; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/MultiKeyIdentityIterator.java b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/MultiKeyIdentityIterator.java new file mode 100644 index 0000000..0316d79 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/MultiKeyIdentityIterator.java @@ -0,0 +1,108 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.keyprovider; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.util.Iterator; +import java.util.NoSuchElementException; + +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.session.SessionContextHolder; + +/** + * Iterates over several {@link KeyIdentityProvider}-s exhausting their keys one by one (lazily). + * + * @author Apache MINA SSHD Project + */ +public class MultiKeyIdentityIterator implements Iterator, SessionContextHolder { + protected Iterator currentProvider; + protected boolean finished; + private final SessionContext sessionContext; + private final Iterator providers; + + public MultiKeyIdentityIterator(SessionContext session, Iterable providers) { + this.providers = (providers == null) ? null : providers.iterator(); + this.sessionContext = session; + } + + public Iterator getProviders() { + return providers; + } + + @Override + public SessionContext getSessionContext() { + return sessionContext; + } + + @Override + public boolean hasNext() { + if (finished) { + return false; + } + + Iterator provs = getProviders(); + if (provs == null) { + finished = true; + return false; + } + + if ((currentProvider != null) && currentProvider.hasNext()) { + return true; + } + + SessionContext session = getSessionContext(); + while (provs.hasNext()) { + KeyIdentityProvider p = provs.next(); + Iterable keys; + try { + keys = (p == null) ? null : p.loadKeys(session); + } catch (IOException | GeneralSecurityException e) { + throw new RuntimeException( + "Unexpected " + e.getClass().getSimpleName() + ")" + + " keys loading exception: " + e.getMessage(), + e); + } + currentProvider = (keys == null) ? null : keys.iterator(); + + if ((currentProvider != null) && currentProvider.hasNext()) { + return true; + } + } + + // exhausted all providers + finished = false; + return false; + } + + @Override + public KeyPair next() { + if (finished) { + throw new NoSuchElementException("All identities have been exhausted"); + } + + if (currentProvider == null) { + throw new IllegalStateException("'next()' called without asking 'hasNext()'"); + } + + return currentProvider.next(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/MultiKeyIdentityProvider.java b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/MultiKeyIdentityProvider.java new file mode 100644 index 0000000..08e4429 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/keyprovider/MultiKeyIdentityProvider.java @@ -0,0 +1,55 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.keyprovider; + +import java.security.KeyPair; +import java.util.Collections; +import java.util.Iterator; + +import org.apache.sshd.common.session.SessionContext; + +/** + * Aggregates several {@link KeyIdentityProvider}-s into a single logical one that (lazily) exposes the keys from each + * aggregated provider + * + * @author Apache MINA SSHD Project + */ +public class MultiKeyIdentityProvider implements KeyIdentityProvider { + protected final Iterable providers; + + public MultiKeyIdentityProvider(Iterable providers) { + this.providers = providers; + } + + @Override + public Iterable loadKeys(SessionContext session) { + return new Iterable() { + @Override + public Iterator iterator() { + return (providers == null) ? Collections.emptyIterator() : new MultiKeyIdentityIterator(session, providers); + } + + @Override + public String toString() { + return Iterable.class.getSimpleName() + "[" + MultiKeyIdentityProvider.class.getSimpleName() + "]"; + } + }; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/mac/BaseMac.java b/files-sftp/src/main/java/org/apache/sshd/common/mac/BaseMac.java new file mode 100644 index 0000000..036d46f --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/mac/BaseMac.java @@ -0,0 +1,119 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.mac; + +import javax.crypto.spec.SecretKeySpec; + +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * Base class for Mac implementations based on the JCE provider. + * + * @author Apache MINA SSHD Project + */ +public class BaseMac implements Mac { + + private final String algorithm; + private final int defbsize; + private final int bsize; + private final byte[] tmp; + private final boolean etmMode; + private javax.crypto.Mac mac; + private String s; + + public BaseMac(String algorithm, int bsize, int defbsize, boolean etmMode) { + this.algorithm = algorithm; + this.bsize = bsize; + this.defbsize = defbsize; + this.tmp = new byte[defbsize]; + this.etmMode = etmMode; + } + + @Override + public String getAlgorithm() { + return algorithm; + } + + @Override + public int getBlockSize() { + return bsize; + } + + @Override + public int getDefaultBlockSize() { + return defbsize; + } + + @Override + public boolean isEncryptThenMac() { + return etmMode; + } + + @Override + public void init(byte[] key) throws Exception { + if (key.length > defbsize) { + byte[] tmp = new byte[defbsize]; + System.arraycopy(key, 0, tmp, 0, defbsize); + key = tmp; + } + + SecretKeySpec skey = new SecretKeySpec(key, algorithm); + mac = SecurityUtils.getMac(algorithm); + mac.init(skey); + } + + @Override + public void updateUInt(long i) { + tmp[0] = (byte) (i >>> 24); + tmp[1] = (byte) (i >>> 16); + tmp[2] = (byte) (i >>> 8); + tmp[3] = (byte) i; + update(tmp, 0, 4); + } + + @Override + public void update(byte buf[], int offset, int len) { + mac.update(buf, offset, len); + } + + @Override + public void doFinal(byte[] buf, int offset) throws Exception { + int blockSize = getBlockSize(); + int defaultSize = getDefaultBlockSize(); + if (blockSize != defaultSize) { + mac.doFinal(tmp, 0); + System.arraycopy(tmp, 0, buf, offset, blockSize); + } else { + mac.doFinal(buf, offset); + } + } + + @Override + public String toString() { + synchronized (this) { + if (s == null) { + s = getClass().getSimpleName() + "[" + getAlgorithm() + "] - " + + " block=" + getBlockSize() + "/" + getDefaultBlockSize() + " bytes" + + ", encrypt-then-mac=" + isEncryptThenMac(); + } + } + + return s; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/mac/BuiltinMacs.java b/files-sftp/src/main/java/org/apache/sshd/common/mac/BuiltinMacs.java new file mode 100644 index 0000000..d8fe90a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/mac/BuiltinMacs.java @@ -0,0 +1,309 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.mac; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.EnumSet; +import java.util.List; +import java.util.Map; +import java.util.NavigableSet; +import java.util.Objects; +import java.util.Set; +import java.util.TreeMap; + +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.config.NamedFactoriesListParseResult; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * Provides easy access to the currently implemented macs + * + * @author Apache MINA SSHD Project + */ +public enum BuiltinMacs implements MacFactory { + /** + * @deprecated + * @see SSHD-1004 + */ + @Deprecated + hmacmd5(Constants.HMAC_MD5, "HmacMD5", 16, 16), + /** + * @deprecated + * @see SSHD-1004 + */ + @Deprecated + hmacmd596(Constants.HMAC_MD5_96, "HmacMD5", 12, 16), + hmacsha1(Constants.HMAC_SHA1, "HmacSHA1", 20, 20), + hmacsha1etm(Constants.ETM_HMAC_SHA1, "HmacSHA1", 20, 20) { + @Override + public boolean isEncryptThenMac() { + return true; + } + }, + /** + * @deprecated + * @see SSHD-1004 + */ + @Deprecated + hmacsha196(Constants.HMAC_SHA1_96, "HmacSHA1", 12, 20), + /** See RFC 6668 */ + hmacsha256(Constants.HMAC_SHA2_256, "HmacSHA256", 32, 32), + hmacsha256etm(Constants.ETM_HMAC_SHA2_256, "HmacSHA256", 32, 32) { + @Override + public boolean isEncryptThenMac() { + return true; + } + }, + /** See RFC 6668 */ + hmacsha512(Constants.HMAC_SHA2_512, "HmacSHA512", 64, 64), + hmacsha512etm(Constants.ETM_HMAC_SHA2_512, "HmacSHA512", 64, 64) { + @Override + public boolean isEncryptThenMac() { + return true; + } + }; + + public static final Set VALUES = Collections.unmodifiableSet(EnumSet.allOf(BuiltinMacs.class)); + + private static final Map EXTENSIONS = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + + private final String factoryName; + private final String algorithm; + private final int defbsize; + private final int bsize; + + BuiltinMacs(String factoryName, String algorithm, int bsize, int defbsize) { + this.factoryName = factoryName; + this.algorithm = algorithm; + this.bsize = bsize; + this.defbsize = defbsize; + } + + @Override + public Mac create() { + return new BaseMac(getAlgorithm(), getBlockSize(), getDefaultBlockSize(), isEncryptThenMac()); + } + + @Override + public final String getName() { + return factoryName; + } + + @Override + public final String getAlgorithm() { + return algorithm; + } + + @Override + public final int getBlockSize() { + return bsize; + } + + @Override + public final int getDefaultBlockSize() { + return defbsize; + } + + @Override + public final boolean isSupported() { + return true; + } + + @Override + public final String toString() { + return getName(); + } + + /** + * Registered a {@link NamedFactory} to be available besides the built-in ones when parsing configuration + * + * @param extension The factory to register + * @throws IllegalArgumentException if factory instance is {@code null}, or overrides a built-in one or overrides + * another registered factory with the same name (case insensitive). + */ + public static void registerExtension(MacFactory extension) { + String name = Objects.requireNonNull(extension, "No extension provided").getName(); + ValidateUtils.checkTrue( + fromFactoryName(name) == null, "Extension overrides built-in: %s", name); + + synchronized (EXTENSIONS) { + ValidateUtils.checkTrue( + !EXTENSIONS.containsKey(name), "Extension overrides existing: %s", name); + EXTENSIONS.put(name, extension); + } + } + + /** + * @return A {@link NavigableSet} of the currently registered extensions, sorted according to the factory name (case + * insensitive) + */ + public static NavigableSet getRegisteredExtensions() { + synchronized (EXTENSIONS) { + return GenericUtils.asSortedSet( + NamedResource.BY_NAME_COMPARATOR, EXTENSIONS.values()); + } + } + + /** + * Unregisters specified extension + * + * @param name The factory name - ignored if {@code null}/empty + * @return The registered extension - {@code null} if not found + */ + public static MacFactory unregisterExtension(String name) { + if (GenericUtils.isEmpty(name)) { + return null; + } + + synchronized (EXTENSIONS) { + return EXTENSIONS.remove(name); + } + } + + /** + * @param s The {@link Enum}'s name - ignored if {@code null}/empty + * @return The matching {@link BuiltinMacs} whose {@link Enum#name()} matches (case + * insensitive) the provided argument - {@code null} if no match + */ + public static BuiltinMacs fromString(String s) { + if (GenericUtils.isEmpty(s)) { + return null; + } + + for (BuiltinMacs c : VALUES) { + if (s.equalsIgnoreCase(c.name())) { + return c; + } + } + + return null; + } + + /** + * @param factory The {@link NamedFactory} for the MAC - ignored if {@code null} + * @return The matching {@link BuiltinMacs} whose factory name matches (case + * insensitive) the digest factory name + * @see #fromFactoryName(String) + */ + public static BuiltinMacs fromFactory(NamedFactory factory) { + if (factory == null) { + return null; + } else { + return fromFactoryName(factory.getName()); + } + } + + /** + * @param name The factory name - ignored if {@code null}/empty + * @return The matching {@link BuiltinMacs} whose factory name matches (case insensitive) the provided + * name - {@code null} if no match + */ + public static BuiltinMacs fromFactoryName(String name) { + return NamedResource.findByName(name, String.CASE_INSENSITIVE_ORDER, VALUES); + } + + /** + * @param macs A comma-separated list of MACs' names - ignored if {@code null}/empty + * @return A {@link ParseResult} containing the successfully parsed factories and the unknown ones. + * Note: it is up to caller to ensure that the lists do not contain duplicates + */ + public static ParseResult parseMacsList(String macs) { + return parseMacsList(GenericUtils.split(macs, ',')); + } + + public static ParseResult parseMacsList(String... macs) { + return parseMacsList(GenericUtils.isEmpty((Object[]) macs) + ? Collections.emptyList() + : Arrays.asList(macs)); + } + + public static ParseResult parseMacsList(Collection macs) { + if (GenericUtils.isEmpty(macs)) { + return ParseResult.EMPTY; + } + + List factories = new ArrayList<>(macs.size()); + List unknown = Collections.emptyList(); + for (String name : macs) { + MacFactory m = resolveFactory(name); + if (m != null) { + factories.add(m); + } else { + // replace the (unmodifiable) empty list with a real one + if (unknown.isEmpty()) { + unknown = new ArrayList<>(); + } + unknown.add(name); + } + } + + return new ParseResult(factories, unknown); + } + + /** + * @param name The factory name + * @return The factory or {@code null} if it is neither a built-in one or a registered extension + */ + public static MacFactory resolveFactory(String name) { + if (GenericUtils.isEmpty(name)) { + return null; + } + + MacFactory m = fromFactoryName(name); + if (m != null) { + return m; + } + + synchronized (EXTENSIONS) { + return EXTENSIONS.get(name); + } + } + + public static final class ParseResult + extends NamedFactoriesListParseResult { + public static final ParseResult EMPTY = new ParseResult(Collections.emptyList(), Collections.emptyList()); + + public ParseResult(List parsed, List unsupported) { + super(parsed, unsupported); + } + } + + public static final class Constants { + public static final String HMAC_MD5 = "hmac-md5"; + public static final String HMAC_MD5_96 = "hmac-md5-96"; + public static final String HMAC_SHA1 = "hmac-sha1"; + public static final String HMAC_SHA1_96 = "hmac-sha1-96"; + public static final String HMAC_SHA2_256 = "hmac-sha2-256"; + public static final String HMAC_SHA2_512 = "hmac-sha2-512"; + + public static final String ETM_HMAC_SHA1 = "hmac-sha1-etm@openssh.com"; + public static final String ETM_HMAC_SHA2_256 = "hmac-sha2-256-etm@openssh.com"; + public static final String ETM_HMAC_SHA2_512 = "hmac-sha2-512-etm@openssh.com"; + + private Constants() { + throw new UnsupportedOperationException("No instance allowed"); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/mac/Mac.java b/files-sftp/src/main/java/org/apache/sshd/common/mac/Mac.java new file mode 100644 index 0000000..f5ff7c4 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/mac/Mac.java @@ -0,0 +1,79 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.mac; + +import org.apache.sshd.common.util.NumberUtils; + +/** + * Message Authentication Code for use in SSH. It usually wraps a javax.crypto.Mac class. + * + * @author Apache MINA SSHD Project + */ +public interface Mac extends MacInformation { + void init(byte[] key) throws Exception; + + default void update(byte[] buf) { + update(buf, 0, NumberUtils.length(buf)); + } + + void update(byte[] buf, int start, int len); + + void updateUInt(long foo); + + default byte[] doFinal() throws Exception { + int blockSize = getBlockSize(); + byte[] buf = new byte[blockSize]; + doFinal(buf); + return buf; + } + + default void doFinal(byte[] buf) throws Exception { + doFinal(buf, 0); + } + + void doFinal(byte[] buf, int offset) throws Exception; + + /* + * Executes a more-or-less constant time verification in order + * to avoid timing side-channel information leak + */ + static boolean equals(byte[] a1, int a1Offset, byte[] a2, int a2Offset, int length) { + int len1 = NumberUtils.length(a1); + int len2 = NumberUtils.length(a2); + int result = 0; + + if (len1 < (a1Offset + length)) { + length = Math.min(length, len1 - a1Offset); + length = Math.max(length, 0); + result |= 0x00FF; + } + + if (len2 < (a2Offset + length)) { + length = Math.min(length, len2 - a2Offset); + length = Math.max(length, 0); + result |= 0xFF00; + } + + for (int cmpLen = length; cmpLen > 0; a1Offset++, a2Offset++, cmpLen--) { + result |= a1[a1Offset] ^ a2[a2Offset]; + } + + return result == 0; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/mac/MacFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/mac/MacFactory.java new file mode 100644 index 0000000..4463600 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/mac/MacFactory.java @@ -0,0 +1,31 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.mac; + +import org.apache.sshd.common.BuiltinFactory; + +/** + * @author Apache MINA SSHD Project + */ +// CHECKSTYLE:OFF +public interface MacFactory extends MacInformation, BuiltinFactory { + // nothing extra +} +//CHECKSTYLE:ON diff --git a/files-sftp/src/main/java/org/apache/sshd/common/mac/MacInformation.java b/files-sftp/src/main/java/org/apache/sshd/common/mac/MacInformation.java new file mode 100644 index 0000000..114a84d --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/mac/MacInformation.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.mac; + +import org.apache.sshd.common.AlgorithmNameProvider; + +/** + * The reported algorithm name refers to the MAC being used + * + * @author Apache MINA SSHD Project + */ +public interface MacInformation extends AlgorithmNameProvider { + /** + * @return MAC output block size in bytes - may be less than the default - e.g., MD5-96 + */ + int getBlockSize(); + + /** + * @return The "natural" MAC block size in bytes + */ + int getDefaultBlockSize(); + + default boolean isEncryptThenMac() { + return false; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/random/AbstractRandom.java b/files-sftp/src/main/java/org/apache/sshd/common/random/AbstractRandom.java new file mode 100644 index 0000000..2a1f825 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/random/AbstractRandom.java @@ -0,0 +1,34 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.random; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractRandom implements Random { + protected AbstractRandom() { + super(); + } + + @Override + public String toString() { + return getName(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/random/AbstractRandomFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/random/AbstractRandomFactory.java new file mode 100644 index 0000000..c1d7893 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/random/AbstractRandomFactory.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.random; + +import org.apache.sshd.common.util.ValidateUtils; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractRandomFactory implements RandomFactory { + private final String name; + + protected AbstractRandomFactory(String name) { + this.name = ValidateUtils.checkNotNullAndNotEmpty(name, "No name"); + } + + @Override + public final String getName() { + return name; + } + + @Override + public String toString() { + return getName(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/random/JceRandom.java b/files-sftp/src/main/java/org/apache/sshd/common/random/JceRandom.java new file mode 100644 index 0000000..ba050e6 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/random/JceRandom.java @@ -0,0 +1,60 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.random; + +import java.security.SecureRandom; + +/** + * A Random implementation using the built-in {@link SecureRandom} PRNG. + * + * @author Apache MINA SSHD Project + */ +public class JceRandom extends AbstractRandom { + public static final String NAME = "JCE"; + + private byte[] tmp = new byte[16]; + private final SecureRandom random = new SecureRandom(); + + public JceRandom() { + super(); + } + + @Override + public String getName() { + return NAME; + } + + @Override + public synchronized void fill(byte[] foo, int start, int len) { + if ((start == 0) && (len == foo.length)) { + random.nextBytes(foo); + } else { + if (len > tmp.length) { + tmp = new byte[len]; + } + random.nextBytes(tmp); + System.arraycopy(tmp, 0, foo, start, len); + } + } + + @Override + public synchronized int random(int n) { + return random.nextInt(n); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/random/JceRandomFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/random/JceRandomFactory.java new file mode 100644 index 0000000..37fb854 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/random/JceRandomFactory.java @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.random; + +/** + * Named factory for the JCE Random + */ +public class JceRandomFactory extends AbstractRandomFactory { + public static final String NAME = "default"; + public static final JceRandomFactory INSTANCE = new JceRandomFactory(); + + public JceRandomFactory() { + super(NAME); + } + + @Override + public boolean isSupported() { + return true; + } + + @Override + public Random create() { + return new JceRandom(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/random/Random.java b/files-sftp/src/main/java/org/apache/sshd/common/random/Random.java new file mode 100644 index 0000000..330424a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/random/Random.java @@ -0,0 +1,55 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.random; + +import org.apache.sshd.common.NamedResource; + +/** + * A pseudo random number generator. + * + * @author Apache MINA SSHD Project + */ +public interface Random extends NamedResource { + /** + * Fill the buffer with random values + * + * @param bytes The bytes to fill + * @see #fill(byte[], int, int) + */ + default void fill(byte[] bytes) { + fill(bytes, 0, bytes.length); + } + + /** + * Fill part of bytes with random values. + * + * @param bytes byte array to be filled. + * @param start index to start filling at. + * @param len length of segment to fill. + */ + void fill(byte[] bytes, int start, int len); + + /** + * Returns a pseudo-random uniformly distributed {@code int} in the half-open range [0, n). + * + * @param n The range upper limit + * @return The randomly selected value in the range + */ + int random(int n); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/random/RandomFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/random/RandomFactory.java new file mode 100644 index 0000000..dded06f --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/random/RandomFactory.java @@ -0,0 +1,31 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.random; + +import org.apache.sshd.common.BuiltinFactory; + +/** + * @author Apache MINA SSHD Project + */ +// CHECKSTYLE:OFF +public interface RandomFactory extends BuiltinFactory { + // nothing extra +} +//CHECKSTYLE:ON diff --git a/files-sftp/src/main/java/org/apache/sshd/common/random/SingletonRandomFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/random/SingletonRandomFactory.java new file mode 100644 index 0000000..7c4254d --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/random/SingletonRandomFactory.java @@ -0,0 +1,69 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.random; + +import java.util.Objects; + +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.OptionalFeature; + +/** + * A random factory wrapper that uses a single random instance. The underlying random instance has to be thread safe. + * + * @author Apache MINA SSHD Project + */ +public class SingletonRandomFactory extends AbstractRandom implements RandomFactory { + + private final NamedFactory factory; + private final Random random; + + public SingletonRandomFactory(NamedFactory factory) { + this.factory = Objects.requireNonNull(factory, "No factory"); + this.random = Objects.requireNonNull(factory.create(), "No random instance created"); + } + + @Override + public boolean isSupported() { + if (factory instanceof OptionalFeature) { + return ((OptionalFeature) factory).isSupported(); + } else { + return true; + } + } + + @Override + public void fill(byte[] bytes, int start, int len) { + random.fill(bytes, start, len); + } + + @Override + public int random(int max) { + return random.random(max); + } + + @Override + public String getName() { + return factory.getName(); + } + + @Override + public Random create() { + return this; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/random/package.html b/files-sftp/src/main/java/org/apache/sshd/common/random/package.html new file mode 100644 index 0000000..eda4db0 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/random/package.html @@ -0,0 +1,26 @@ + + + + + + + Random + + implementations. + + \ No newline at end of file diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/AbstractConnectionServiceFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/session/AbstractConnectionServiceFactory.java new file mode 100644 index 0000000..25427d0 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/AbstractConnectionServiceFactory.java @@ -0,0 +1,60 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.session; + +import java.util.Collection; +import java.util.Objects; +import java.util.concurrent.CopyOnWriteArraySet; + +import org.apache.sshd.common.forward.PortForwardingEventListener; +import org.apache.sshd.common.forward.PortForwardingEventListenerManager; +import org.apache.sshd.common.util.EventListenerUtils; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractConnectionServiceFactory + implements PortForwardingEventListenerManager { + private final Collection listeners = new CopyOnWriteArraySet<>(); + private final PortForwardingEventListener listenerProxy; + + protected AbstractConnectionServiceFactory() { + listenerProxy = EventListenerUtils.proxyWrapper(PortForwardingEventListener.class, listeners); + } + + @Override + public PortForwardingEventListener getPortForwardingEventListenerProxy() { + return listenerProxy; + } + + @Override + public void addPortForwardingEventListener(PortForwardingEventListener listener) { + listeners.add(Objects.requireNonNull(listener, "No listener to add")); + } + + @Override + public void removePortForwardingEventListener(PortForwardingEventListener listener) { + if (listener == null) { + return; + } + + listeners.remove(listener); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/ConnectionService.java b/files-sftp/src/main/java/org/apache/sshd/common/session/ConnectionService.java new file mode 100644 index 0000000..20108e6 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/ConnectionService.java @@ -0,0 +1,67 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.session; + +import java.io.IOException; + +import org.apache.sshd.common.Service; +import org.apache.sshd.common.channel.Channel; +import org.apache.sshd.common.forward.Forwarder; +import org.apache.sshd.common.forward.PortForwardingEventListenerManager; +import org.apache.sshd.common.forward.PortForwardingEventListenerManagerHolder; + +/** + * Interface implementing ssh-connection service. + * + * @author Apache MINA SSHD Project + */ +public interface ConnectionService + extends Service, + SessionHeartbeatController, + UnknownChannelReferenceHandlerManager, + PortForwardingEventListenerManager, + PortForwardingEventListenerManagerHolder { + + /** + * Register a newly created channel with a new unique identifier + * + * @param channel The {@link Channel} to register + * @return The assigned id of this channel + * @throws IOException If failed to initialize and register the channel + */ + int registerChannel(Channel channel) throws IOException; + + /** + * Remove this channel from the list of managed channels + * + * @param channel The {@link Channel} instance + */ + void unregisterChannel(Channel channel); + + /** + * Retrieve the forwarder instance + * + * @return The {@link Forwarder} + */ + Forwarder getForwarder(); + + boolean isAllowMoreSessions(); + + void setAllowMoreSessions(boolean allow); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/ConnectionServiceRequestHandler.java b/files-sftp/src/main/java/org/apache/sshd/common/session/ConnectionServiceRequestHandler.java new file mode 100644 index 0000000..21cbac1 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/ConnectionServiceRequestHandler.java @@ -0,0 +1,38 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.session; + +import java.util.function.Function; + +import org.apache.sshd.common.channel.RequestHandler; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * @author Apache MINA SSHD Project + */ +public interface ConnectionServiceRequestHandler extends RequestHandler { + + // required because of generics issues + Function> SVC2HNDLR = GenericUtils.downcast(); + + @Override + Result process(ConnectionService service, String request, boolean wantReply, Buffer buffer) throws Exception; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/ReservedSessionMessagesHandler.java b/files-sftp/src/main/java/org/apache/sshd/common/session/ReservedSessionMessagesHandler.java new file mode 100644 index 0000000..496f137 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/ReservedSessionMessagesHandler.java @@ -0,0 +1,128 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.session; + +import java.util.List; +import java.util.Map; + +import org.apache.sshd.common.io.IoWriteFuture; +import org.apache.sshd.common.kex.KexProposalOption; +import org.apache.sshd.common.util.SshdEventListener; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * Provides a way to listen and handle the {@code SSH_MSG_IGNORE} and {@code SSH_MSG_DEBUG} messages that are received + * by a session, as well as proprietary and/or extension messages and behavior. + * + * @author Apache MINA SSHD Project + */ +public interface ReservedSessionMessagesHandler extends SshdEventListener { + /** + * Send the initial version exchange identification in and independent manner + * + * @param session The {@code Session} through which the version is exchange is being managed + * @param version The version line that was resolved - Note: since this string is part of the KEX and is + * cached in the calling session, any changes to it require updating the session's cached + * value. + * @param extraLines Extra lines to be sent - valid only for server sessions. Note:/B> the handler may modify + * these lines and return {@code null} thus signaling the session to proceed with sending the + * identification + * @return A {@link IoWriteFuture} that can be used to wait for the data to be sent successfully. If + * {@code null} then the session will send the identification, otherwise it is assumed that the + * handler has sent it. + * @throws Exception if failed to handle the callback + * @see RFC 4253 - section 4.2 - Protocol + * Version Exchange + */ + default IoWriteFuture sendIdentification( + Session session, String version, List extraLines) + throws Exception { + return null; + } + + /** + * Invoked before sending the {@code SSH_MSG_KEXINIT} packet + * + * @param session The {@code Session} through which the key exchange is being managed + * @param proposal The KEX proposal that was used to build the packet + * @param packet The packet containing the fully encoded message - Caveat: this packet later serves as + * part of the key generation, so care must be taken if manipulating it. + * @return A non-{@code null} {@link IoWriteFuture} to signal that handler took care of the KEX packet + * delivery. + * @throws Exception if failed to handle the callback + */ + default IoWriteFuture sendKexInitRequest( + Session session, Map proposal, Buffer packet) + throws Exception { + return null; + } + + /** + * Invoked when an {@code SSH_MSG_IGNORE} packet is received + * + * @param session The {@code Session} through which the message was received + * @param buffer The {@code Buffer} containing the data + * @throws Exception If failed to handle the message + * @see RFC 4253 - section 11.2 + */ + default void handleIgnoreMessage(Session session, Buffer buffer) throws Exception { + // ignored + } + + /** + * Invoked when an {@code SSH_MSG_DEBUG} packet is received + * + * @param session The {@code Session} through which the message was received + * @param buffer The {@code Buffer} containing the data + * @throws Exception If failed to handle the message + * @see RFC 4253 - section 11.3 + */ + default void handleDebugMessage(Session session, Buffer buffer) throws Exception { + // ignored + } + + /** + * Invoked when a packet with an un-implemented message is received - including {@code SSH_MSG_UNIMPLEMENTED} itself + * + * @param session The {@code Session} through which the message was received + * @param cmd The received (un-implemented) command + * @param buffer The {@code Buffer} containing the data - positioned just beyond the command + * @return {@code true} if message handled internally, {@code false} if should return a + * {@code SSH_MSG_UNIMPLEMENTED} reply (default behavior) + * @throws Exception If failed to handle the message + * @see RFC 4253 - section 11.4 + */ + default boolean handleUnimplementedMessage(Session session, int cmd, Buffer buffer) throws Exception { + return false; + } + + /** + * Invoked if the user configured usage of a proprietary heartbeat mechanism. Note: by default throws + * {@code UnsupportedOperationException} so users who configure a proprietary heartbeat mechanism option must + * provide an implementation for this method. + * + * @param service The {@link ConnectionService} through which the heartbeat is being executed. + * @return {@code true} whether heartbeat actually sent - Note: used mainly for debugging purposes. + * @throws Exception If failed to send the heartbeat - Note: causes associated session termination. + */ + default boolean sendReservedHeartbeat(ConnectionService service) throws Exception { + throw new UnsupportedOperationException("Reserved heartbeat not implemented for " + service); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/ReservedSessionMessagesManager.java b/files-sftp/src/main/java/org/apache/sshd/common/session/ReservedSessionMessagesManager.java new file mode 100644 index 0000000..2821331 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/ReservedSessionMessagesManager.java @@ -0,0 +1,35 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.session; + +/** + * @author Apache MINA SSHD Project + */ +public interface ReservedSessionMessagesManager { + /** + * @return The currently registered {@link ReservedSessionMessagesHandler} - may be {@code null} + */ + ReservedSessionMessagesHandler getReservedSessionMessagesHandler(); + + /** + * @param handler The {@link ReservedSessionMessagesHandler} to use - may be {@code null} + */ + void setReservedSessionMessagesHandler(ReservedSessionMessagesHandler handler); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/Session.java b/files-sftp/src/main/java/org/apache/sshd/common/session/Session.java new file mode 100644 index 0000000..885af0d --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/Session.java @@ -0,0 +1,357 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.session; + +import java.io.IOException; +import java.net.SocketAddress; +import java.time.Duration; +import java.time.Instant; +import java.util.Objects; +import java.util.concurrent.TimeUnit; + +import org.apache.sshd.common.AttributeRepository; +import org.apache.sshd.common.FactoryManager; +import org.apache.sshd.common.FactoryManagerHolder; +import org.apache.sshd.common.Service; +import org.apache.sshd.common.auth.MutableUserHolder; +import org.apache.sshd.common.channel.ChannelListenerManager; +import org.apache.sshd.common.channel.throttle.ChannelStreamWriterResolverManager; +import org.apache.sshd.common.forward.PortForwardingEventListenerManager; +import org.apache.sshd.common.forward.PortForwardingInformationProvider; +import org.apache.sshd.common.future.KeyExchangeFuture; +import org.apache.sshd.common.io.IoSession; +import org.apache.sshd.common.io.IoWriteFuture; +import org.apache.sshd.common.kex.KexFactoryManager; +import org.apache.sshd.common.kex.KeyExchange; +import org.apache.sshd.common.session.helpers.TimeoutIndicator; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * Represents an SSH session. Note: the associated username for the session may be {@code null}/empty if the + * session is not yet authenticated + * + * @author Apache MINA SSHD Project + */ +public interface Session + extends SessionContext, + MutableUserHolder, + KexFactoryManager, + SessionListenerManager, + ReservedSessionMessagesManager, + SessionDisconnectHandlerManager, + ChannelListenerManager, + ChannelStreamWriterResolverManager, + PortForwardingEventListenerManager, + UnknownChannelReferenceHandlerManager, + FactoryManagerHolder, + PortForwardingInformationProvider { + + /** + * Create a new buffer for the specified SSH packet and reserve the needed space (5 bytes) for the packet header. + * + * @param cmd the SSH command + * @return a new buffer (of unknown size) ready for write + * @see #createBuffer(byte, int) + */ + default Buffer createBuffer(byte cmd) { + return createBuffer(cmd, 0); + } + + /** + * Create a new buffer for the specified SSH packet and reserve the needed space (5 bytes) for the packet header. + * + * @param cmd The SSH command to initialize the buffer with + * @param estimatedSize Estimated number of bytes the buffer will hold, 0 if unknown. + * @return a new buffer ready for write + * @see #prepareBuffer(byte, Buffer) + */ + Buffer createBuffer(byte cmd, int estimatedSize); + + /** + * Prepare a new "clean" buffer while reserving the needed space (5 bytes) for the packet header. + * + * @param cmd The SSH command to initialize the buffer with + * @param buffer The {@link Buffer} instance to initialize + * @return The initialized buffer + */ + Buffer prepareBuffer(byte cmd, Buffer buffer); + + /** + * Sends an {@code SSH_MSG_DEBUG} to the peer session + * + * @param display {@code true} if OK to display the message at the peer as-is + * @param msg The message object whose {@code toString()} value to be used - if {@code null} then the + * "null" string is sent + * @param lang The language - {@code null}/empty if some pre-agreed default is used + * @return An {@code IoWriteFuture} that can be used to check when the packet has actually been sent + * @throws IOException if an error occurred when encoding or sending the packet + * @see RFC 4253 - section 11.3 + */ + IoWriteFuture sendDebugMessage(boolean display, Object msg, String lang) throws IOException; + + /** + * Sends an {@code SSH_MSG_IGNORE} to the peer session + * + * @param data The message data + * @return An {@code IoWriteFuture} that can be used to check when the packet has actually been sent + * @throws IOException if an error occurred when encoding or sending the packet + * @see RFC 4253 - section 11.2 + */ + IoWriteFuture sendIgnoreMessage(byte... data) throws IOException; + + /** + * Encode and send the given buffer. The buffer has to have 5 bytes free at the beginning to allow the encoding to + * take place. Also, the write position of the buffer has to be set to the position of the last byte to write. + * + * @param buffer the buffer to encode and send + * @return An {@code IoWriteFuture} that can be used to check when the packet has actually been sent + * @throws IOException if an error occurred when encoding sending the packet + */ + IoWriteFuture writePacket(Buffer buffer) throws IOException; + + /** + * Encode and send the given buffer with the specified timeout. If the buffer could not be written before the + * timeout elapses, the returned {@link IoWriteFuture} will be set with a + * {@link java.util.concurrent.TimeoutException} exception to indicate a timeout. + * + * @param buffer the buffer to encode and spend + * @param timeout the (never {@code null}) timeout value - its {@link Duration#toMillis() milliseconds} value + * will be used + * @return a future that can be used to check when the packet has actually been sent + * @throws IOException if an error occurred when encoding or sending the packet + * @see #writePacket(Buffer, long) + */ + default IoWriteFuture writePacket(Buffer buffer, Duration timeout) throws IOException { + Objects.requireNonNull(timeout, "No timeout was specified"); + return writePacket(buffer, timeout.toMillis()); + } + + /** + * Encode and send the given buffer with the specified timeout. If the buffer could not be written before the + * timeout elapses, the returned {@link IoWriteFuture} will be set with a + * {@link java.util.concurrent.TimeoutException} exception to indicate a timeout. + * + * @param buffer the buffer to encode and spend + * @param maxWaitMillis the timeout in milliseconds + * @return a future that can be used to check when the packet has actually been sent + * @throws IOException if an error occurred when encoding or sending the packet + */ + default IoWriteFuture writePacket(Buffer buffer, long maxWaitMillis) throws IOException { + return writePacket(buffer, maxWaitMillis, TimeUnit.MILLISECONDS); + } + + /** + * Encode and send the given buffer with the specified timeout. If the buffer could not be written before the + * timeout elapses, the returned {@link IoWriteFuture} will be set with a + * {@link java.util.concurrent.TimeoutException} exception to indicate a timeout. + * + * @param buffer the buffer to encode and spend + * @param timeout the timeout + * @param unit the time unit of the timeout parameter + * @return a future that can be used to check when the packet has actually been sent + * @throws IOException if an error occurred when encoding or sending the packet + */ + IoWriteFuture writePacket(Buffer buffer, long timeout, TimeUnit unit) throws IOException; + + /** + * Send a global request and wait for the response. This must only be used when sending a + * {@code SSH_MSG_GLOBAL_REQUEST} with a result expected, else it will time out + * + * @param request the request name - used mainly for logging and debugging + * @param buffer the buffer containing the global request + * @param timeout The number of time units to wait - must be positive + * @param unit The {@link TimeUnit} to wait for the response + * @return the return buffer if the request was successful, {@code null} otherwise. + * @throws IOException if an error occurred when encoding or sending the packet + * @throws java.net.SocketTimeoutException If no response received within specified timeout + */ + default Buffer request( + String request, Buffer buffer, long timeout, TimeUnit unit) + throws IOException { + ValidateUtils.checkTrue(timeout > 0L, "Non-positive timeout requested: %d", timeout); + return request(request, buffer, TimeUnit.MILLISECONDS.convert(timeout, unit)); + } + + /** + * + * Send a global request and wait for the response. This must only be used when sending a + * {@code SSH_MSG_GLOBAL_REQUEST} with a result expected, else it will time out + * + * @param request the request name - used mainly for logging and debugging + * @param buffer the buffer containing the global request + * @param timeout The (never {@code null}) timeout to wait - its milliseconds value is used + * @return the return buffer if the request was successful, {@code null} otherwise. + * @throws IOException if an error occurred when encoding or sending the packet + * @throws java.net.SocketTimeoutException If no response received within specified timeout + */ + default Buffer request(String request, Buffer buffer, Duration timeout) throws IOException { + Objects.requireNonNull(timeout, "No timeout specified"); + return request(request, buffer, timeout.toMillis()); + } + + /** + * Send a global request and wait for the response. This must only be used when sending a + * {@code SSH_MSG_GLOBAL_REQUEST} with a result expected, else it will time out + * + * @param request the request name - used mainly for logging and debugging + * @param buffer the buffer containing the global request + * @param maxWaitMillis Max. time to wait for response (millis) - must be positive + * @return the return buffer if the request was successful, {@code null} otherwise. + * @throws IOException if an error occurred when encoding or sending the packet + * @throws java.net.SocketTimeoutException If no response received within specified timeout + */ + Buffer request(String request, Buffer buffer, long maxWaitMillis) throws IOException; + + /** + * Handle any exceptions that occurred on this session. The session will be closed and a disconnect packet will be + * sent before if the given exception is an {@link org.apache.sshd.common.SshException} with a positive error code + * + * @param t the exception to process + */ + void exceptionCaught(Throwable t); + + /** + * Initiate a new key exchange. + * + * @return A {@link KeyExchangeFuture} for awaiting the completion of the exchange + * @throws IOException If failed to request keys re-negotiation + */ + KeyExchangeFuture reExchangeKeys() throws IOException; + + /** + * Get the service of the specified type. If the service is not of the specified class, an IllegalStateException + * will be thrown. + * + * @param The generic {@link Service} type + * @param clazz The service class + * @return The service instance + * @throws IllegalStateException If failed to find a matching service + */ + T getService(Class clazz); + + /** + * @return The {@link IoSession} associated to this session + */ + IoSession getIoSession(); + + @Override + default SocketAddress getLocalAddress() { + IoSession s = getIoSession(); + return (s == null) ? null : s.getLocalAddress(); + } + + @Override + default SocketAddress getRemoteAddress() { + IoSession s = getIoSession(); + return (s == null) ? null : s.getRemoteAddress(); + } + + /** + * Check if timeout has occurred. + * + * @return the timeout status - never {@code null} + */ + TimeoutIndicator getTimeoutStatus(); + + /** + * @return Timeout value in milliseconds for communication + */ + Duration getIdleTimeout(); + + /** + * @return The timestamp value (milliseconds since EPOCH) when timer was started + */ + Instant getIdleTimeoutStart(); + + /** + * Re-start idle timeout timer + * + * @return The timestamp value (milliseconds since EPOCH) when timer was started + * @see #getIdleTimeoutStart() + */ + Instant resetIdleTimeout(); + + /** + * @return Timeout value in milliseconds for authentication stage + */ + Duration getAuthTimeout(); + + /** + * @return The timestamp value (milliseconds since EPOCH) when timer was started + */ + Instant getAuthTimeoutStart(); + + /** + * Re-start the authentication timeout timer + * + * @return The timestamp value (milliseconds since EPOCH) when timer was started + * @see #getAuthTimeoutStart() + */ + Instant resetAuthTimeout(); + + void setAuthenticated() throws IOException; + + /** + * @return The current {@link KeyExchange} in progress - {@code null} if KEX not started or successfully completed + */ + KeyExchange getKex(); + + /** + * Send a disconnect packet with the given reason and message. Once the packet has been sent, the session will be + * closed asynchronously. + * + * @param reason the reason code for this disconnect + * @param msg the text message + * @throws IOException if an error occurred sending the packet + */ + void disconnect(int reason, String msg) throws IOException; + + /** + * @param name Service name + * @param buffer Extra information provided when the service start request was received + * @throws Exception If failed to start it + */ + void startService(String name, Buffer buffer) throws Exception; + + @Override + default T resolveAttribute(AttributeKey key) { + return resolveAttribute(this, key); + } + + /** + * Attempts to use the session's attribute, if not found then tries the factory manager + * + * @param The generic attribute type + * @param session The {@link Session} - ignored if {@code null} + * @param key The attribute key - never {@code null} + * @return Associated value - {@code null} if not found + * @see Session#getFactoryManager() + * @see FactoryManager#resolveAttribute(FactoryManager, AttributeKey) + */ + static T resolveAttribute(Session session, AttributeKey key) { + Objects.requireNonNull(key, "No key"); + if (session == null) { + return null; + } + + T value = session.getAttribute(key); + return (value != null) ? value : FactoryManager.resolveAttribute(session.getFactoryManager(), key); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/SessionContext.java b/files-sftp/src/main/java/org/apache/sshd/common/session/SessionContext.java new file mode 100644 index 0000000..622c5db --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/SessionContext.java @@ -0,0 +1,210 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.session; + +import java.util.Map; + +import org.apache.sshd.common.AttributeStore; +import org.apache.sshd.common.Closeable; +import org.apache.sshd.common.auth.UsernameHolder; +import org.apache.sshd.common.cipher.BuiltinCiphers; +import org.apache.sshd.common.cipher.CipherInformation; +import org.apache.sshd.common.compression.CompressionInformation; +import org.apache.sshd.common.kex.KexProposalOption; +import org.apache.sshd.common.kex.KexState; +import org.apache.sshd.common.mac.MacInformation; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.net.ConnectionEndpointsIndicator; + +/** + * A "succinct" summary of the most important attributes of an SSH session + * + * @author Apache MINA SSHD Project + */ +public interface SessionContext + extends ConnectionEndpointsIndicator, + UsernameHolder, + SessionHeartbeatController, + AttributeStore, + Closeable { + /** + * Default prefix expected for the client / server identification string + * + * @see RFC 4253 - section 4.2 + */ + String DEFAULT_SSH_VERSION_PREFIX = "SSH-2.0-"; + + /** + * Backward compatible special prefix + * + * @see RFC 4253 - section 5 + */ + String FALLBACK_SSH_VERSION_PREFIX = "SSH-1.99-"; + + /** + * Maximum number of characters for any single line sent as part of the initial handshake - according to + * RFC 4253 - section 4.2:
        + * + *

        + * + * The maximum length of the string is 255 characters, + * including the Carriage Return and Line Feed. + * + *

        + */ + int MAX_VERSION_LINE_LENGTH = 256; + + /** + * @return A clone of the established session identifier - {@code null} if not yet established + */ + byte[] getSessionId(); + + /** + * Quick indication if this is a server or client session (instead of having to ask {@code instanceof}). + * + * @return {@code true} if this is a server session + */ + boolean isServerSession(); + + /** + * Retrieve the client version for this session. + * + * @return the client version - may be {@code null}/empty if versions not yet exchanged + */ + String getClientVersion(); + + /** + * @return An un-modifiable map of the latest KEX client proposal options May be empty if KEX not yet + * completed or re-keying in progress + * @see #getKexState() + */ + Map getClientKexProposals(); + + /** + * Retrieve the server version for this session. + * + * @return the server version - may be {@code null}/empty if versions not yet exchanged + */ + String getServerVersion(); + + /** + * @return An un-modifiable map of the latest KEX client proposal options. May be empty if KEX not yet + * completed or re-keying in progress + * @see #getKexState() + */ + Map getServerKexProposals(); + + KexState getKexState(); + + Map getKexNegotiationResult(); + + /** + * Retrieve one of the negotiated values during the KEX stage + * + * @param paramType The request {@link KexProposalOption} value - ignored if {@code null} + * @return The negotiated parameter value - {@code null} if invalid parameter or no negotiated value. + * @see #getKexState() + */ + String getNegotiatedKexParameter(KexProposalOption paramType); + + /** + * Retrieves current cipher information - Note: may change if key re-exchange executed + * + * @param incoming If {@code true} then the cipher for the incoming data, otherwise for the outgoing data + * @return The {@link CipherInformation} - or {@code null} if not negotiated yet. + */ + CipherInformation getCipherInformation(boolean incoming); + + /** + * Retrieves current compression information - Note: may change if key re-exchange executed + * + * @param incoming If {@code true} then the compression for the incoming data, otherwise for the outgoing data + * @return The {@link CompressionInformation} - or {@code null} if not negotiated yet. + */ + CompressionInformation getCompressionInformation(boolean incoming); + + /** + * Retrieves current MAC information - Note: may change if key re-exchange executed + * + * @param incoming If {@code true} then the MAC for the incoming data, otherwise for the outgoing data + * @return The {@link MacInformation} - or {@code null} if not negotiated yet. + */ + MacInformation getMacInformation(boolean incoming); + + /** + * @return {@code true} if session has successfully completed the authentication phase + */ + boolean isAuthenticated(); + + /** + * @param version The reported client/server version + * @return {@code true} if version not empty and starts with either {@value #DEFAULT_SSH_VERSION_PREFIX} or + * {@value #FALLBACK_SSH_VERSION_PREFIX} + */ + static boolean isValidVersionPrefix(String version) { + return GenericUtils.isNotEmpty(version) + && (version.startsWith(DEFAULT_SSH_VERSION_PREFIX) || version.startsWith(FALLBACK_SSH_VERSION_PREFIX)); + } + + /** + * @param session The {@link SessionContext} to be examined + * @return {@code true} if the context is not {@code null} and the ciphers have been established to anything + * other than "none". + * @see #getNegotiatedKexParameter(KexProposalOption) getNegotiatedKexParameter + * @see KexProposalOption#CIPHER_PROPOSALS CIPHER_PROPOSALS + */ + static boolean isSecureSessionTransport(SessionContext session) { + if (session == null) { + return false; + } + + for (KexProposalOption opt : KexProposalOption.CIPHER_PROPOSALS) { + String value = session.getNegotiatedKexParameter(opt); + if (GenericUtils.isEmpty(value) + || BuiltinCiphers.Constants.NONE.equalsIgnoreCase(value)) { + return false; + } + } + + return true; + } + + /** + * @param session The {@link SessionContext} to be examined + * @return {@code true} if the context is not {@code null} and the MAC(s) used to verify packet integrity + * have been established. + * @see #getNegotiatedKexParameter(KexProposalOption) getNegotiatedKexParameter + * @see KexProposalOption#MAC_PROPOSALS MAC_PROPOSALS + */ + static boolean isDataIntegrityTransport(SessionContext session) { + if (session == null) { + return false; + } + + for (KexProposalOption opt : KexProposalOption.MAC_PROPOSALS) { + String value = session.getNegotiatedKexParameter(opt); + if (GenericUtils.isEmpty(value)) { + return false; + } + } + + return true; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/SessionContextHolder.java b/files-sftp/src/main/java/org/apache/sshd/common/session/SessionContextHolder.java new file mode 100644 index 0000000..722fbf4 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/SessionContextHolder.java @@ -0,0 +1,28 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.session; + +/** + * @author Apache MINA SSHD Project + */ +public interface SessionContextHolder { + + public SessionContext getSessionContext(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/SessionDisconnectHandler.java b/files-sftp/src/main/java/org/apache/sshd/common/session/SessionDisconnectHandler.java new file mode 100644 index 0000000..fcf26ef --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/SessionDisconnectHandler.java @@ -0,0 +1,156 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.session; + +import java.io.IOException; +import java.util.Map; + +import org.apache.sshd.common.Service; +import org.apache.sshd.common.kex.KexProposalOption; +import org.apache.sshd.common.session.helpers.TimeoutIndicator; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.CoreModuleProperties; + +/** + * Invoked when the internal session code decides it should disconnect a session due to some consideration. Usually + * allows intervening in the decision and even canceling it. + * + * @author Apache MINA SSHD Project + */ +public interface SessionDisconnectHandler { + /** + * Invoked when an internal timeout has expired (e.g., authentication, idle). + * + * @param session The session whose timeout has expired + * @param timeoutStatus The expired timeout + * @return {@code true} if expired timeout should be reset (i.e., no disconnect). If {@code false} + * then session will disconnect due to the expired timeout + * @throws IOException If failed to handle the event + */ + default boolean handleTimeoutDisconnectReason( + Session session, TimeoutIndicator timeoutStatus) + throws IOException { + return false; + } + + /** + * Called to inform that the maximum allowed concurrent sessions threshold has been exceeded. Note: when + * handler is invoked the session is not yet marked as having been authenticated, nor has the authentication success + * been acknowledged to the peer. + * + * @param session The session that caused the excess + * @param service The {@link Service} instance through which the request was received + * @param username The authenticated username that is associated with the session. + * @param currentSessionCount The current sessions count + * @param maxSessionCount The maximum allowed sessions count + * @return {@code true} if accept the exceeding session regardless of the threshold. If + * {@code false} then exceeding session will be disconnected + * @throws IOException If failed to handle the event, Note: choosing to ignore this disconnect reason + * does not reset the current concurrent sessions counter in any way - i.e., the handler + * will be re-invoked every time the threshold is exceeded. + * @see CoreModuleProperties#MAX_CONCURRENT_SESSIONS + */ + default boolean handleSessionsCountDisconnectReason( + Session session, Service service, String username, int currentSessionCount, int maxSessionCount) + throws IOException { + return false; + } + + /** + * Invoked when a request has been made related to an unknown SSH service as described in + * RFC 4253 - section 10. + * + * @param session The session through which the command was received + * @param cmd The service related command + * @param serviceName The service name + * @param buffer Any extra data received in the packet containing the request + * @return {@code true} if disregard the request (e.g., the handler handled it) + * @throws IOException If failed to handle the request + */ + default boolean handleUnsupportedServiceDisconnectReason( + Session session, int cmd, String serviceName, Buffer buffer) + throws IOException { + return false; + } + + /** + * Invoked if the number of authentication attempts exceeded the maximum allowed + * + * @param session The session being authenticated + * @param service The {@link Service} instance through which the request was received + * @param serviceName The authentication service name + * @param method The authentication method name + * @param user The authentication username + * @param currentAuthCount The authentication attempt count + * @param maxAuthCount The maximum allowed attempts + * @return {@code true} if OK to ignore the exceeded attempt count and allow more attempts. + * Note: choosing to ignore this disconnect reason does not reset the current count + * - i.e., it will be re-invoked on the next attempt. + * @throws IOException If failed to handle the event + */ + default boolean handleAuthCountDisconnectReason( + Session session, Service service, String serviceName, String method, String user, int currentAuthCount, + int maxAuthCount) + throws IOException { + return false; + } + + /** + * Invoked if the authentication parameters changed in mid-authentication process. + * + * @param session The session being authenticated + * @param service The {@link Service} instance through which the request was received + * @param authUser The original username being authenticated + * @param username The requested username + * @param authService The original authentication service name + * @param serviceName The requested service name + * @return {@code true} if OK to ignore the change + * @throws IOException If failed to handle the event + */ + default boolean handleAuthParamsDisconnectReason( + Session session, Service service, String authUser, String username, String authService, String serviceName) + throws IOException { + return false; + } + + /** + * Invoked if after KEX negotiation parameters resolved one of the options violates some internal constraint (e.g., + * cannot negotiate a value, or RFC 8308 - section + * 2.2). + * + * @param session The session where the violation occurred + * @param c2sOptions The client options + * @param s2cOptions The server options + * @param negotiatedGuess The negotiated KEX options + * @param option The violating {@link KexProposalOption} + * @return {@code true} if disregard the violation - if {@code false} then session will disconnect + * @throws IOException if attempted to exchange some packets to fix the situation + */ + default boolean handleKexDisconnectReason( + Session session, Map c2sOptions, Map s2cOptions, + Map negotiatedGuess, KexProposalOption option) + throws IOException { + if (KexProposalOption.S2CLANG.equals(option) || KexProposalOption.C2SLANG.equals(option)) { + return true; // OK if cannot agree on a language + } + + return false; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/SessionDisconnectHandlerManager.java b/files-sftp/src/main/java/org/apache/sshd/common/session/SessionDisconnectHandlerManager.java new file mode 100644 index 0000000..d75fee4 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/SessionDisconnectHandlerManager.java @@ -0,0 +1,31 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.session; + +/** + * TODO Add javadoc + * + * @author Apache MINA SSHD Project + */ +public interface SessionDisconnectHandlerManager { + SessionDisconnectHandler getSessionDisconnectHandler(); + + void setSessionDisconnectHandler(SessionDisconnectHandler handler); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/SessionHeartbeatController.java b/files-sftp/src/main/java/org/apache/sshd/common/session/SessionHeartbeatController.java new file mode 100644 index 0000000..cb52806 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/SessionHeartbeatController.java @@ -0,0 +1,88 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.session; + +import java.time.Duration; +import java.util.EnumSet; +import java.util.Objects; +import java.util.Set; +import java.util.concurrent.TimeUnit; + +import org.apache.sshd.common.CommonModuleProperties; +import org.apache.sshd.common.PropertyResolver; +import org.apache.sshd.common.util.GenericUtils; + +/** + * @author Apache MINA SSHD Project + */ +public interface SessionHeartbeatController extends PropertyResolver { + enum HeartbeatType { + /** No heartbeat */ + NONE, + /** Use {@code SSH_MSG_IGNORE} packets */ + IGNORE, + /** Custom mechanism via {@code ReservedSessionMessagesHandler} */ + RESERVED; + + public static final Set VALUES = EnumSet.allOf(HeartbeatType.class); + + public static HeartbeatType fromName(String name) { + return GenericUtils.isEmpty(name) + ? null + : VALUES.stream() + .filter(v -> name.equalsIgnoreCase(v.name())) + .findAny() + .orElse(null); + } + } + + default HeartbeatType getSessionHeartbeatType() { + return CommonModuleProperties.SESSION_HEARTBEAT_TYPE.getRequired(this); + } + + default Duration getSessionHeartbeatInterval() { + return CommonModuleProperties.SESSION_HEARTBEAT_INTERVAL.getRequired(this); + } + + /** + * Disables the session heartbeat feature - Note: if heartbeat already in progress then it may be ignored. + */ + default void disableSessionHeartbeat() { + setSessionHeartbeat(HeartbeatType.NONE, Duration.ZERO); + } + + default void setSessionHeartbeat(HeartbeatType type, TimeUnit unit, long count) { + Objects.requireNonNull(unit, "No heartbeat time unit provided"); + setSessionHeartbeat(type, Duration.ofMillis(TimeUnit.MILLISECONDS.convert(count, unit))); + } + + /** + * Set the session heartbeat + * + * @param type The type of {@link HeartbeatType heartbeat} to use + * @param interval The (never {@code null}) heartbeat interval - its milliseconds value is used + */ + default void setSessionHeartbeat(HeartbeatType type, Duration interval) { + Objects.requireNonNull(type, "No heartbeat type specified"); + Objects.requireNonNull(interval, "No heartbeat time interval provided"); + CommonModuleProperties.SESSION_HEARTBEAT_TYPE.set(this, type); + CommonModuleProperties.SESSION_HEARTBEAT_INTERVAL.set(this, interval); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/SessionHolder.java b/files-sftp/src/main/java/org/apache/sshd/common/session/SessionHolder.java new file mode 100644 index 0000000..66e7eb0 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/SessionHolder.java @@ -0,0 +1,34 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.session; + +/** + * @param Type of {@link Session} being held + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface SessionHolder extends SessionContextHolder { + @Override + default SessionContext getSessionContext() { + return getSession(); + } + + public S getSession(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/SessionListener.java b/files-sftp/src/main/java/org/apache/sshd/common/session/SessionListener.java new file mode 100644 index 0000000..7b89478 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/SessionListener.java @@ -0,0 +1,196 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.session; + +import java.util.List; +import java.util.Map; + +import org.apache.sshd.common.kex.KexProposalOption; +import org.apache.sshd.common.util.SshdEventListener; + +/** + * Represents an interface receiving session events. + * + * @author Apache MINA SSHD Project + */ +public interface SessionListener extends SshdEventListener { + enum Event { + KeyEstablished, + Authenticated, + KexCompleted + } + + /** + * An initial session connection has been established - Caveat emptor: the main difference between this + * callback and {@link #sessionCreated(Session)} is that when this callback is called, the session is not yet fully + * initialized so not all API(s) will respond as expected. The main purpose of this callback is to allow the user to + * customize some session properties based on the peer's address and/or any provided connection context. + * + * @param session The established {@code Session} + */ + default void sessionEstablished(Session session) { + // ignored + } + + /** + * A new session just been created + * + * @param session The created {@link Session} + */ + default void sessionCreated(Session session) { + // ignored + } + + /** + * About to send identification to peer + * + * @param session The {@link Session} instance + * @param version The resolved identification version + * @param extraLines Extra data preceding the identification to be sent. Note: the list is modifiable only if + * this is a server session. The user may modify it based on the peer. + * @see RFC 4253 - section 4.2 - Protocol + * Version Exchange + */ + default void sessionPeerIdentificationSend( + Session session, String version, List extraLines) { + // ignored + } + + /** + * Successfully read a line as part of the initial peer identification + * + * @param session The {@link Session} instance + * @param line The data that was read so far - Note: might not be a full line if more packets are + * required for full identification data. Furthermore, it may be repeated data due to + * packets segmentation and re-assembly mechanism + * @param extraLines Previous lines that were before this one - Note: it may be repeated data due to + * packets segmentation and re-assembly mechanism + * @see RFC 4253 - section 4.2 - Protocol + * Version Exchange + */ + default void sessionPeerIdentificationLine( + Session session, String line, List extraLines) { + // ignored + } + + /** + * The peer's identification version was received + * + * @param session The {@link Session} instance + * @param version The retrieved identification version + * @param extraLines Extra data preceding the identification + * @see RFC 4253 - section 4.2 - Protocol + * Version Exchange + */ + default void sessionPeerIdentificationReceived( + Session session, String version, List extraLines) { + // ignored + } + + /** + * + * @param session The referenced {@link Session} + * @param proposal The proposals that will be sent to the peer - Caveat emptor: the proposal is + * modifiable i.e., the handler can modify it before being sent + */ + default void sessionNegotiationOptionsCreated(Session session, Map proposal) { + // ignored + } + + /** + * Signals the start of the negotiation options handling + * + * @param session The referenced {@link Session} + * @param clientProposal The client proposal options (un-modifiable) + * @param serverProposal The server proposal options (un-modifiable) + */ + default void sessionNegotiationStart( + Session session, + Map clientProposal, + Map serverProposal) { + // ignored + } + + /** + * Signals the end of the negotiation options handling + * + * @param session The referenced {@link Session} + * @param clientProposal The client proposal options (un-modifiable) + * @param serverProposal The server proposal options (un-modifiable) + * @param negotiatedOptions The successfully negotiated options so far - even if exception occurred (un-modifiable) + * @param reason Negotiation end reason - {@code null} if successful + */ + default void sessionNegotiationEnd( + Session session, + Map clientProposal, + Map serverProposal, + Map negotiatedOptions, + Throwable reason) { + // ignored + } + + /** + * An event has been triggered + * + * @param session The referenced {@link Session} + * @param event The generated {@link Event} + */ + default void sessionEvent(Session session, Event event) { + // ignored + } + + /** + * An exception was caught and the session will be closed (if not already so). Note: the code makes no + * guarantee that at this stage {@link #sessionClosed(Session)} will be called or perhaps has already been called + * + * @param session The referenced {@link Session} + * @param t The caught exception + */ + default void sessionException(Session session, Throwable t) { + // ignored + } + + /** + * Invoked when {@code SSH_MSG_DISCONNECT} message was sent/received + * + * @param session The referenced {@link Session} + * @param reason The signaled reason code + * @param msg The provided description message (may be empty) + * @param language The language tag indicator (may be empty) + * @param initiator Whether the session is the sender or recipient of the message + * @see RFC 4253 - section 11.1 + */ + default void sessionDisconnect( + Session session, int reason, String msg, String language, boolean initiator) { + // ignored + } + + /** + * A session has been closed + * + * @param session The closed {@link Session} + */ + default void sessionClosed(Session session) { + // ignored + } + + static L validateListener(L listener) { + return SshdEventListener.validateListener(listener, SessionListener.class.getSimpleName()); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/SessionListenerManager.java b/files-sftp/src/main/java/org/apache/sshd/common/session/SessionListenerManager.java new file mode 100644 index 0000000..2888179 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/SessionListenerManager.java @@ -0,0 +1,50 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.session; + +/** + * Marker interface for classes that allow to add/remove session listeners. Note: if adding/removing listeners + * while connections are being established and/or torn down there are no guarantees as to the order of the calls to the + * recently added/removed listener's methods in the interim. The correct order is guaranteed only as of the next + * session after the listener has been added/removed. + * + * @author Apache MINA SSHD Project + */ +public interface SessionListenerManager { + /** + * Add a session listener. + * + * @param listener The {@link SessionListener} to add - not {@code null} + */ + void addSessionListener(SessionListener listener); + + /** + * Remove a session listener. + * + * @param listener The {@link SessionListener} to remove + */ + void removeSessionListener(SessionListener listener); + + /** + * @return A (never {@code null} proxy {@link SessionListener} that represents all the currently registered + * listeners. Any method invocation on the proxy is replicated to the currently registered listeners + */ + SessionListener getSessionListenerProxy(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/SessionWorkBuffer.java b/files-sftp/src/main/java/org/apache/sshd/common/session/SessionWorkBuffer.java new file mode 100644 index 0000000..5abca14 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/SessionWorkBuffer.java @@ -0,0 +1,50 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.session; + +import java.util.Objects; + +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; + +/** + * @author Apache MINA SSHD Project + */ +public class SessionWorkBuffer extends ByteArrayBuffer implements SessionHolder { + private final Session session; + + public SessionWorkBuffer(Session session) { + this.session = Objects.requireNonNull(session, "No session"); + } + + @Override + public Session getSession() { + return session; + } + + @Override + public Buffer clear(boolean wipeData) { + throw new UnsupportedOperationException("Not allowed to clear session work buffer of " + getSession()); + } + + public void forceClear(boolean wipeData) { + super.clear(wipeData); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/UnknownChannelReferenceHandler.java b/files-sftp/src/main/java/org/apache/sshd/common/session/UnknownChannelReferenceHandler.java new file mode 100644 index 0000000..11f749d --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/UnknownChannelReferenceHandler.java @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.session; + +import java.io.IOException; + +import org.apache.sshd.common.channel.Channel; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * @see RFC 4254 + * @author Apache MINA SSHD Project + */ +public interface UnknownChannelReferenceHandler { + /** + * Invoked when the connection service responsible for handling channel messages receives a message intended for an + * unknown channel. + * + * @param service The {@link ConnectionService} instance through which the message was received + * @param cmd The requested command identifier + * @param channelId The (unknown) target channel identifier + * @param buffer The message {@link Buffer} containing the rest of the message + * @return The resolved {@link Channel} - if {@code null} then the message for the unknown channel is + * ignored. + * @throws IOException If failed to handle the request + */ + Channel handleUnknownChannelCommand(ConnectionService service, byte cmd, int channelId, Buffer buffer) throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/UnknownChannelReferenceHandlerManager.java b/files-sftp/src/main/java/org/apache/sshd/common/session/UnknownChannelReferenceHandlerManager.java new file mode 100644 index 0000000..9a6afce --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/UnknownChannelReferenceHandlerManager.java @@ -0,0 +1,47 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.session; + +import org.apache.sshd.common.channel.exception.SshChannelNotFoundException; + +/** + * @author Apache MINA SSHD Project + */ +public interface UnknownChannelReferenceHandlerManager { + /** + * @return The {@link UnknownChannelReferenceHandlerManager} to use - if {@code null} then any reference to unknown + * channel causes an {@link SshChannelNotFoundException} + */ + UnknownChannelReferenceHandler getUnknownChannelReferenceHandler(); + + /** + * @param handler The {@link UnknownChannelReferenceHandlerManager} to use - if {@code null} then any reference to + * unknown channel causes an {@link SshChannelNotFoundException} + */ + void setUnknownChannelReferenceHandler(UnknownChannelReferenceHandler handler); + + /** + * Check if current manager has a specific handler set for it - if not, try and resolve one from the + * "parent" container (if any) + * + * @return The resolved handler instance + */ + UnknownChannelReferenceHandler resolveUnknownChannelReferenceHandler(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/AbstractConnectionService.java b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/AbstractConnectionService.java new file mode 100644 index 0000000..e87633f --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/AbstractConnectionService.java @@ -0,0 +1,777 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.session.helpers; + +import java.io.IOException; +import java.time.Duration; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.Map; +import java.util.Objects; +import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.CopyOnWriteArraySet; +import java.util.concurrent.ScheduledExecutorService; +import java.util.concurrent.ScheduledFuture; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.atomic.AtomicBoolean; +import java.util.concurrent.atomic.AtomicInteger; +import java.util.concurrent.atomic.AtomicLong; +import java.util.concurrent.atomic.AtomicReference; +import java.util.function.IntUnaryOperator; + +import org.apache.sshd.common.channel.AbstractChannel; +import org.apache.sshd.common.future.OpenFuture; +import org.apache.sshd.common.Closeable; +import org.apache.sshd.common.FactoryManager; +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.channel.Channel; +import org.apache.sshd.common.channel.ChannelFactory; +import org.apache.sshd.common.channel.RequestHandler; +import org.apache.sshd.common.channel.Window; +import org.apache.sshd.common.channel.exception.SshChannelNotFoundException; +import org.apache.sshd.common.channel.exception.SshChannelOpenException; +import org.apache.sshd.common.forward.Forwarder; +import org.apache.sshd.common.forward.ForwarderFactory; +import org.apache.sshd.common.forward.PortForwardingEventListener; +import org.apache.sshd.common.forward.PortForwardingEventListenerManager; +import org.apache.sshd.common.io.AbstractIoWriteFuture; +import org.apache.sshd.common.io.IoWriteFuture; +import org.apache.sshd.common.kex.KexState; +import org.apache.sshd.common.session.ConnectionService; +import org.apache.sshd.common.session.ReservedSessionMessagesHandler; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.session.UnknownChannelReferenceHandler; +import org.apache.sshd.common.util.EventListenerUtils; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.Int2IntFunction; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.closeable.AbstractInnerCloseable; +import org.apache.sshd.common.CoreModuleProperties; + +/** + * Base implementation of ConnectionService. + * + * @author Apache MINA SSHD Project + */ +public abstract class AbstractConnectionService + extends AbstractInnerCloseable + implements ConnectionService { + + /** + * Default growth factor function used to resize response buffers + */ + public static final IntUnaryOperator RESPONSE_BUFFER_GROWTH_FACTOR = Int2IntFunction.add(Byte.SIZE); + + /** Used in {@code SSH_MSH_IGNORE} messages for the keep-alive mechanism */ + public static final String DEFAULT_SESSION_IGNORE_HEARTBEAT_STRING = "ignore@sshd.apache.org"; + + /** + * Map of channels keyed by the identifier + */ + protected final Map channels = new ConcurrentHashMap<>(); + /** + * Next channel identifier + */ + protected final AtomicInteger nextChannelId = new AtomicInteger(0); + protected final AtomicLong heartbeatCount = new AtomicLong(0L); + private ScheduledFuture heartBeat; + + private final AtomicReference forwarderHolder = new AtomicReference<>(); + private final AtomicBoolean allowMoreSessions = new AtomicBoolean(true); + private final Collection listeners = new CopyOnWriteArraySet<>(); + private final Collection managersHolder = new CopyOnWriteArraySet<>(); + private final Map properties = new ConcurrentHashMap<>(); + private final PortForwardingEventListener listenerProxy; + private final AbstractSession sessionInstance; + private UnknownChannelReferenceHandler unknownChannelReferenceHandler; + + protected AbstractConnectionService(AbstractSession session) { + sessionInstance = Objects.requireNonNull(session, "No session"); + listenerProxy = EventListenerUtils.proxyWrapper(PortForwardingEventListener.class, listeners); + } + + @Override + public Map getProperties() { + return properties; + } + + @Override + public PortForwardingEventListener getPortForwardingEventListenerProxy() { + return listenerProxy; + } + + @Override + public void addPortForwardingEventListener(PortForwardingEventListener listener) { + listeners.add(PortForwardingEventListener.validateListener(listener)); + } + + @Override + public void removePortForwardingEventListener(PortForwardingEventListener listener) { + if (listener == null) { + return; + } + + listeners.remove(PortForwardingEventListener.validateListener(listener)); + } + + @Override + public UnknownChannelReferenceHandler getUnknownChannelReferenceHandler() { + return unknownChannelReferenceHandler; + } + + @Override + public void setUnknownChannelReferenceHandler(UnknownChannelReferenceHandler handler) { + unknownChannelReferenceHandler = handler; + } + + @Override + public Collection getRegisteredManagers() { + return managersHolder.isEmpty() ? Collections.emptyList() : new ArrayList<>(managersHolder); + } + + @Override + public boolean addPortForwardingEventListenerManager(PortForwardingEventListenerManager manager) { + return managersHolder.add(Objects.requireNonNull(manager, "No manager")); + } + + @Override + public boolean removePortForwardingEventListenerManager(PortForwardingEventListenerManager manager) { + if (manager == null) { + return false; + } + + return managersHolder.remove(manager); + } + + public Collection getChannels() { + return channels.values(); + } + + @Override + public AbstractSession getSession() { + return sessionInstance; + } + + @Override + public void start() { + heartBeat = startHeartBeat(); + } + + protected synchronized ScheduledFuture startHeartBeat() { + stopHeartBeat(); // make sure any existing heartbeat is stopped + + HeartbeatType heartbeatType = getSessionHeartbeatType(); + Duration interval = getSessionHeartbeatInterval(); + Session session = getSession(); + + if ((heartbeatType == null) || (heartbeatType == HeartbeatType.NONE) || (GenericUtils.isNegativeOrNull(interval))) { + return null; + } + + FactoryManager manager = session.getFactoryManager(); + ScheduledExecutorService service = manager.getScheduledExecutorService(); + return service.scheduleAtFixedRate( + this::sendHeartBeat, interval.toMillis(), interval.toMillis(), TimeUnit.MILLISECONDS); + } + + /** + * Sends a heartbeat message/packet + * + * @return {@code true} if heartbeat successfully sent + */ + protected boolean sendHeartBeat() { + HeartbeatType heartbeatType = getSessionHeartbeatType(); + Duration interval = getSessionHeartbeatInterval(); + Session session = getSession(); + + if ((heartbeatType == null) || (GenericUtils.isNegativeOrNull(interval)) || (heartBeat == null)) { + return false; + } + + // SSHD-1059 + KexState kexState = session.getKexState(); + if ((heartbeatType != HeartbeatType.NONE) + && (kexState != KexState.DONE)) { + return false; + } + + try { + switch (heartbeatType) { + case NONE: + return false; + case IGNORE: { + Buffer buffer = session.createBuffer( + SshConstants.SSH_MSG_IGNORE, DEFAULT_SESSION_IGNORE_HEARTBEAT_STRING.length() + Byte.SIZE); + buffer.putString(DEFAULT_SESSION_IGNORE_HEARTBEAT_STRING); + + IoWriteFuture future = session.writePacket(buffer); + future.addListener(this::futureDone); + return true; + } + case RESERVED: { + ReservedSessionMessagesHandler handler = Objects.requireNonNull( + session.getReservedSessionMessagesHandler(), + "No customized heartbeat handler registered"); + return handler.sendReservedHeartbeat(this); + } + default: + throw new UnsupportedOperationException("Unsupported heartbeat type: " + heartbeatType); + } + + } catch (Throwable e) { + session.exceptionCaught(e); + return false; + } + } + + protected void futureDone(IoWriteFuture future) { + Throwable t = future.getException(); + if (t != null) { + Session session = getSession(); + session.exceptionCaught(t); + } + } + + protected synchronized void stopHeartBeat() { + Session session = getSession(); + if (heartBeat == null) { + return; + } + + try { + heartBeat.cancel(true); + } finally { + heartBeat = null; + } + + } + + @Override + public Forwarder getForwarder() { + Forwarder forwarder; + Session session = getSession(); + synchronized (forwarderHolder) { + forwarder = forwarderHolder.get(); + if (forwarder != null) { + return forwarder; + } + + forwarder = ValidateUtils.checkNotNull( + createForwardingFilter(session), "No forwarder created for %s", session); + forwarderHolder.set(forwarder); + } + + return forwarder; + } + + @Override + protected void preClose() { + stopHeartBeat(); + this.listeners.clear(); + this.managersHolder.clear(); + super.preClose(); + } + + protected Forwarder createForwardingFilter(Session session) { + FactoryManager manager = Objects.requireNonNull(session.getFactoryManager(), "No factory manager"); + ForwarderFactory factory = Objects.requireNonNull(manager.getForwarderFactory(), "No forwarder factory"); + Forwarder forwarder = factory.create(this); + forwarder.addPortForwardingEventListenerManager(this); + return forwarder; + } + + @Override + protected Closeable getInnerCloseable() { + return builder() + .sequential(forwarderHolder.get()) + .parallel(toString(), getChannels()) + .build(); + } + + protected int getNextChannelId() { + return nextChannelId.getAndIncrement(); + } + + @Override + public int registerChannel(Channel channel) throws IOException { + Session session = getSession(); + int maxChannels = CoreModuleProperties.MAX_CONCURRENT_CHANNELS.getRequired(this); + int curSize = channels.size(); + if (curSize > maxChannels) { + throw new IllegalStateException("Currently active channels (" + curSize + ") at max.: " + maxChannels); + } + + int channelId = getNextChannelId(); + channel.init(this, session, channelId); + + boolean registered = false; + synchronized (channels) { + if (!isClosing()) { + channels.put(channelId, channel); + registered = true; + } + } + + + channel.handleChannelRegistrationResult(this, session, channelId, registered); + return channelId; + } + + /** + * Remove this channel from the list of managed channels + * + * @param channel the channel + */ + @Override + public void unregisterChannel(Channel channel) { + int channelId = channel.getId(); + Channel result; + synchronized (channels) { + result = channels.remove(channelId); + } + + + if (result != null) { + result.handleChannelUnregistration(this); + } + } + + @Override + public void process(int cmd, Buffer buffer) throws Exception { + switch (cmd) { + case SshConstants.SSH_MSG_CHANNEL_OPEN: + channelOpen(buffer); + break; + case SshConstants.SSH_MSG_CHANNEL_OPEN_CONFIRMATION: + channelOpenConfirmation(buffer); + break; + case SshConstants.SSH_MSG_CHANNEL_OPEN_FAILURE: + channelOpenFailure(buffer); + break; + case SshConstants.SSH_MSG_CHANNEL_REQUEST: + channelRequest(buffer); + break; + case SshConstants.SSH_MSG_CHANNEL_DATA: + channelData(buffer); + break; + case SshConstants.SSH_MSG_CHANNEL_EXTENDED_DATA: + channelExtendedData(buffer); + break; + case SshConstants.SSH_MSG_CHANNEL_FAILURE: + channelFailure(buffer); + break; + case SshConstants.SSH_MSG_CHANNEL_SUCCESS: + channelSuccess(buffer); + break; + case SshConstants.SSH_MSG_CHANNEL_WINDOW_ADJUST: + channelWindowAdjust(buffer); + break; + case SshConstants.SSH_MSG_CHANNEL_EOF: + channelEof(buffer); + break; + case SshConstants.SSH_MSG_CHANNEL_CLOSE: + channelClose(buffer); + break; + case SshConstants.SSH_MSG_GLOBAL_REQUEST: + globalRequest(buffer); + break; + case SshConstants.SSH_MSG_REQUEST_SUCCESS: + requestSuccess(buffer); + break; + case SshConstants.SSH_MSG_REQUEST_FAILURE: + requestFailure(buffer); + break; + default: { + /* + * According to https://tools.ietf.org/html/rfc4253#section-11.4 + * + * An implementation MUST respond to all unrecognized messages with an SSH_MSG_UNIMPLEMENTED message in + * the order in which the messages were received. + */ + AbstractSession session = getSession(); + session.notImplemented(cmd, buffer); + } + } + } + + @Override + public boolean isAllowMoreSessions() { + return allowMoreSessions.get(); + } + + @Override + public void setAllowMoreSessions(boolean allow) { + allowMoreSessions.set(allow); + } + + public void channelOpenConfirmation(Buffer buffer) throws IOException { + Channel channel = getChannel(SshConstants.SSH_MSG_CHANNEL_OPEN_CONFIRMATION, buffer); + if (channel == null) { + return; // debug breakpoint + } + + int sender = buffer.getInt(); + long rwsize = buffer.getUInt(); + long rmpsize = buffer.getUInt(); + /* + * NOTE: the 'sender' of the SSH_MSG_CHANNEL_OPEN_CONFIRMATION is the recipient on the client side - see rfc4254 + * section 5.1: + * + * 'sender channel' is the channel number allocated by the other side + * + * in our case, the server + */ + channel.handleOpenSuccess(sender, rwsize, rmpsize, buffer); + } + + public void channelOpenFailure(Buffer buffer) throws IOException { + AbstractChannel channel = (AbstractChannel) getChannel(SshConstants.SSH_MSG_CHANNEL_OPEN_FAILURE, buffer); + if (channel == null) { + return; // debug breakpoint + } + + int id = channel.getId(); + + Channel removed; + synchronized (channels) { + removed = channels.remove(id); + } + + + channel.handleOpenFailure(buffer); + } + + /** + * Process incoming data on a channel + * + * @param buffer the buffer containing the data + * @throws IOException if an error occurs + */ + public void channelData(Buffer buffer) throws IOException { + Channel channel = getChannel(SshConstants.SSH_MSG_CHANNEL_DATA, buffer); + if (channel == null) { + return; // debug breakpoint + } + + channel.handleData(buffer); + } + + /** + * Process incoming extended data on a channel + * + * @param buffer the buffer containing the data + * @throws IOException if an error occurs + */ + public void channelExtendedData(Buffer buffer) throws IOException { + Channel channel = getChannel(SshConstants.SSH_MSG_CHANNEL_EXTENDED_DATA, buffer); + if (channel == null) { + return; // debug breakpoint + } + + channel.handleExtendedData(buffer); + } + + /** + * Process a window adjust packet on a channel + * + * @param buffer the buffer containing the window adjustment parameters + * @throws IOException if an error occurs + */ + public void channelWindowAdjust(Buffer buffer) throws IOException { + Channel channel = getChannel(SshConstants.SSH_MSG_CHANNEL_WINDOW_ADJUST, buffer); + if (channel == null) { + return; // debug breakpoint + } + + channel.handleWindowAdjust(buffer); + } + + /** + * Process end of file on a channel + * + * @param buffer the buffer containing the packet + * @throws IOException if an error occurs + */ + public void channelEof(Buffer buffer) throws IOException { + Channel channel = getChannel(SshConstants.SSH_MSG_CHANNEL_EOF, buffer); + if (channel == null) { + return; // debug breakpoint + } + + channel.handleEof(); + } + + /** + * Close a channel due to a close packet received + * + * @param buffer the buffer containing the packet + * @throws IOException if an error occurs + */ + public void channelClose(Buffer buffer) throws IOException { + Channel channel = getChannel(SshConstants.SSH_MSG_CHANNEL_CLOSE, buffer); + if (channel == null) { + return; // debug breakpoint + } + + channel.handleClose(); + } + + /** + * Service a request on a channel + * + * @param buffer the buffer containing the request + * @throws IOException if an error occurs + */ + public void channelRequest(Buffer buffer) throws IOException { + Channel channel = getChannel(SshConstants.SSH_MSG_CHANNEL_REQUEST, buffer); + if (channel == null) { + return; // debug breakpoint + } + + channel.handleRequest(buffer); + } + + /** + * Process a failure on a channel + * + * @param buffer the buffer containing the packet + * @throws IOException if an error occurs + */ + public void channelFailure(Buffer buffer) throws IOException { + Channel channel = getChannel(SshConstants.SSH_MSG_CHANNEL_FAILURE, buffer); + if (channel == null) { + return; // debug breakpoint + } + + channel.handleFailure(); + } + + /** + * Process a success on a channel + * + * @param buffer the buffer containing the packet + * @throws IOException if an error occurs + */ + public void channelSuccess(Buffer buffer) throws IOException { + Channel channel = getChannel(SshConstants.SSH_MSG_CHANNEL_SUCCESS, buffer); + if (channel == null) { + return; // debug breakpoint + } + + channel.handleSuccess(); + } + + /** + * Retrieve the channel designated by the given packet + * + * @param cmd The command being processed for the channel + * @param buffer the incoming packet + * @return the target channel + * @throws IOException if the channel does not exists + */ + protected Channel getChannel(byte cmd, Buffer buffer) throws IOException { + return getChannel(cmd, buffer.getInt(), buffer); + } + + protected Channel getChannel(byte cmd, int recipient, Buffer buffer) throws IOException { + Channel channel = channels.get(recipient); + if (channel != null) { + return channel; + } + + UnknownChannelReferenceHandler handler = resolveUnknownChannelReferenceHandler(); + if (handler == null) { + // Throw a special exception - SSHD-777 + throw new SshChannelNotFoundException( + recipient, + "Received " + SshConstants.getCommandMessageName(cmd) + " on unknown channel " + recipient); + } + + channel = handler.handleUnknownChannelCommand(this, cmd, recipient, buffer); + return channel; + } + + @Override + public UnknownChannelReferenceHandler resolveUnknownChannelReferenceHandler() { + UnknownChannelReferenceHandler handler = getUnknownChannelReferenceHandler(); + if (handler != null) { + return handler; + } + + Session s = getSession(); + return (s == null) ? null : s.resolveUnknownChannelReferenceHandler(); + } + + protected void channelOpen(Buffer buffer) throws Exception { + String type = buffer.getString(); + int sender = buffer.getInt(); + long rwsize = buffer.getUInt(); + long rmpsize = buffer.getUInt(); + /* + * NOTE: the 'sender' is the identifier assigned by the remote side - the server in this case + */ + + if (isClosing()) { + // TODO add language tag configurable control + sendChannelOpenFailure(buffer, sender, SshConstants.SSH_OPEN_CONNECT_FAILED, + "Server is shutting down while attempting to open channel type=" + type, ""); + return; + } + + if (!isAllowMoreSessions()) { + // TODO add language tag configurable control + sendChannelOpenFailure(buffer, sender, SshConstants.SSH_OPEN_CONNECT_FAILED, "additional sessions disabled", ""); + return; + } + + Session session = getSession(); + FactoryManager manager = Objects.requireNonNull(session.getFactoryManager(), "No factory manager"); + Channel channel = ChannelFactory.createChannel(session, manager.getChannelFactories(), type); + if (channel == null) { + // TODO add language tag configurable control + sendChannelOpenFailure(buffer, sender, + SshConstants.SSH_OPEN_UNKNOWN_CHANNEL_TYPE, "Unsupported channel type: " + type, ""); + return; + } + + int channelId = registerChannel(channel); + OpenFuture openFuture = channel.open(sender, rwsize, rmpsize, buffer); + openFuture.addListener(future -> { + try { + if (future.isOpened()) { + Window window = channel.getLocalWindow(); + Buffer buf = session.createBuffer(SshConstants.SSH_MSG_CHANNEL_OPEN_CONFIRMATION, Integer.SIZE); + buf.putInt(sender); // remote (server side) identifier + buf.putInt(channelId); // local (client side) identifier + buf.putInt(window.getSize()); + buf.putInt(window.getPacketSize()); + session.writePacket(buf); + } else { + int reasonCode = 0; + String message = "Generic error while opening channel: " + channelId; + Throwable exception = future.getException(); + if (exception != null) { + if (exception instanceof SshChannelOpenException) { + reasonCode = ((SshChannelOpenException) exception).getReasonCode(); + } else { + message = exception.getClass().getSimpleName() + " while opening channel: " + message; + } + } else { + } + + Buffer buf = session.createBuffer(SshConstants.SSH_MSG_CHANNEL_OPEN_FAILURE, message.length() + Long.SIZE); + sendChannelOpenFailure(buf, sender, reasonCode, message, ""); + } + } catch (IOException e) { + session.exceptionCaught(e); + } + }); + } + + protected IoWriteFuture sendChannelOpenFailure( + Buffer buffer, int sender, int reasonCode, String message, String lang) + throws IOException { + + Session session = getSession(); + Buffer buf = session.createBuffer(SshConstants.SSH_MSG_CHANNEL_OPEN_FAILURE, + Long.SIZE + GenericUtils.length(message) + GenericUtils.length(lang)); + buf.putInt(sender); + buf.putInt(reasonCode); + buf.putString(message); + buf.putString(lang); + return session.writePacket(buf); + } + + /** + * Process global requests + * + * @param buffer The request {@link Buffer} + * @return An {@link IoWriteFuture} representing the sent packet - Note: if no reply sent then an + * "empty" future is returned - i.e., any added listeners are triggered immediately with + * a synthetic "success" + * @throws Exception If failed to process the request + */ + protected IoWriteFuture globalRequest(Buffer buffer) throws Exception { + String req = buffer.getString(); + boolean wantReply = buffer.getBoolean(); + + Session session = getSession(); + FactoryManager manager = Objects.requireNonNull(session.getFactoryManager(), "No factory manager"); + Collection> handlers = manager.getGlobalRequestHandlers(); + if (GenericUtils.size(handlers) > 0) { + for (RequestHandler handler : handlers) { + RequestHandler.Result result; + try { + result = handler.process(this, req, wantReply, buffer); + } catch (Throwable e) { + result = RequestHandler.Result.ReplyFailure; + } + + // if Unsupported then check the next handler in line + if (RequestHandler.Result.Unsupported.equals(result)) { + } else { + return sendGlobalResponse(buffer, req, result, wantReply); + } + } + } + + return handleUnknownRequest(buffer, req, wantReply); + } + + protected IoWriteFuture handleUnknownRequest(Buffer buffer, String req, boolean wantReply) throws IOException { + return sendGlobalResponse(buffer, req, RequestHandler.Result.Unsupported, wantReply); + } + + protected IoWriteFuture sendGlobalResponse( + Buffer buffer, String req, RequestHandler.Result result, boolean wantReply) + throws IOException { + + if (RequestHandler.Result.Replied.equals(result) || (!wantReply)) { + return new AbstractIoWriteFuture(req, null) { + { + setValue(Boolean.TRUE); + } + }; + } + + byte cmd = RequestHandler.Result.ReplySuccess.equals(result) + ? SshConstants.SSH_MSG_REQUEST_SUCCESS + : SshConstants.SSH_MSG_REQUEST_FAILURE; + Session session = getSession(); + Buffer rsp = session.createBuffer(cmd, 2); + return session.writePacket(rsp); + } + + protected void requestSuccess(Buffer buffer) throws Exception { + AbstractSession s = getSession(); + s.requestSuccess(buffer); + } + + protected void requestFailure(Buffer buffer) throws Exception { + AbstractSession s = getSession(); + s.requestFailure(buffer); + } + + @Override + public String toString() { + return getClass().getSimpleName() + "[" + getSession() + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/AbstractConnectionServiceRequestHandler.java b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/AbstractConnectionServiceRequestHandler.java new file mode 100644 index 0000000..75afc99 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/AbstractConnectionServiceRequestHandler.java @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.session.helpers; + +import org.apache.sshd.common.session.ConnectionService; +import org.apache.sshd.common.session.ConnectionServiceRequestHandler; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractConnectionServiceRequestHandler + implements ConnectionServiceRequestHandler { + + protected AbstractConnectionServiceRequestHandler() { + super(); + } + + @Override + public Result process(ConnectionService connectionService, String request, boolean wantReply, Buffer buffer) + throws Exception { + + return Result.Unsupported; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/AbstractSession.java b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/AbstractSession.java new file mode 100644 index 0000000..be3c642 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/AbstractSession.java @@ -0,0 +1,2168 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.session.helpers; + +import java.io.IOException; +import java.io.InterruptedIOException; +import java.net.ProtocolException; +import java.net.SocketTimeoutException; +import java.nio.charset.StandardCharsets; +import java.security.GeneralSecurityException; +import java.time.Duration; +import java.time.Instant; +import java.util.AbstractMap.SimpleImmutableEntry; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.EnumMap; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.Queue; +import java.util.concurrent.CopyOnWriteArraySet; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.atomic.AtomicLong; +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.common.Closeable; +import org.apache.sshd.common.Factory; +import org.apache.sshd.common.FactoryManager; +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.RuntimeSshException; +import org.apache.sshd.common.Service; +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.SshException; +import org.apache.sshd.common.channel.ChannelListener; +import org.apache.sshd.common.cipher.Cipher; +import org.apache.sshd.common.cipher.CipherInformation; +import org.apache.sshd.common.compression.Compression; +import org.apache.sshd.common.compression.CompressionInformation; +import org.apache.sshd.common.digest.Digest; +import org.apache.sshd.common.forward.PortForwardingEventListener; +import org.apache.sshd.common.future.DefaultKeyExchangeFuture; +import org.apache.sshd.common.future.KeyExchangeFuture; +import org.apache.sshd.common.future.SshFutureListener; +import org.apache.sshd.common.io.IoSession; +import org.apache.sshd.common.io.IoWriteFuture; +import org.apache.sshd.common.kex.KexProposalOption; +import org.apache.sshd.common.kex.KexState; +import org.apache.sshd.common.kex.KeyExchange; +import org.apache.sshd.common.kex.KeyExchangeFactory; +import org.apache.sshd.common.kex.extension.KexExtensionHandler; +import org.apache.sshd.common.kex.extension.KexExtensionHandler.AvailabilityPhase; +import org.apache.sshd.common.kex.extension.KexExtensionHandler.KexPhase; +import org.apache.sshd.common.kex.extension.KexExtensions; +import org.apache.sshd.common.mac.Mac; +import org.apache.sshd.common.mac.MacInformation; +import org.apache.sshd.common.random.Random; +import org.apache.sshd.common.session.ReservedSessionMessagesHandler; +import org.apache.sshd.common.session.SessionDisconnectHandler; +import org.apache.sshd.common.session.SessionListener; +import org.apache.sshd.common.session.SessionWorkBuffer; +import org.apache.sshd.common.util.EventListenerUtils; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.Readable; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.BufferUtils; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.common.CoreModuleProperties; + +/** + *

        + * The AbstractSession handles all the basic SSH protocol such as key exchange, authentication, encoding and decoding. + * Both server side and client side sessions should inherit from this abstract class. Some basic packet processing + * methods are defined but the actual call to these methods should be done from the {@link #handleMessage(Buffer)} + * method, which is dependent on the state and side of this session. + *

        + * + * TODO: if there is any very big packet, decoderBuffer and uncompressBuffer will get quite big and they won't be + * resized down at any time. Though the packet size is really limited by the channel max packet size + * + * @author Apache MINA SSHD Project + */ +public abstract class AbstractSession extends SessionHelper { + /** + * Name of the property where this session is stored in the attributes of the underlying MINA session. See + * {@link #getSession(IoSession, boolean)} and {@link #attachSession(IoSession, AbstractSession)}. + */ + public static final String SESSION = "org.apache.sshd.session"; + + /** + * The pseudo random generator + */ + protected final Random random; + + /** + * Session listeners container + */ + protected final Collection sessionListeners = new CopyOnWriteArraySet<>(); + protected final SessionListener sessionListenerProxy; + + /** + * Channel events listener container + */ + protected final Collection channelListeners = new CopyOnWriteArraySet<>(); + protected final ChannelListener channelListenerProxy; + + /** + * Port forwarding events listener container + */ + protected final Collection tunnelListeners = new CopyOnWriteArraySet<>(); + protected final PortForwardingEventListener tunnelListenerProxy; + + /* + * Key exchange support + */ + protected byte[] sessionId; + protected String serverVersion; + protected String clientVersion; + // if empty then means not-initialized + protected final Map serverProposal = new EnumMap<>(KexProposalOption.class); + protected final Map unmodServerProposal = Collections.unmodifiableMap(serverProposal); + protected final Map clientProposal = new EnumMap<>(KexProposalOption.class); + protected final Map unmodClientProposal = Collections.unmodifiableMap(clientProposal); + protected final Map negotiationResult = new EnumMap<>(KexProposalOption.class); + protected final Map unmodNegotiationResult = Collections.unmodifiableMap(negotiationResult); + + protected KeyExchange kex; + protected Boolean firstKexPacketFollows; + protected final AtomicReference kexState = new AtomicReference<>(KexState.UNKNOWN); + protected final AtomicReference kexFutureHolder = new AtomicReference<>(null); + + /* + * SSH packets encoding / decoding support + */ + protected Cipher outCipher; + protected Cipher inCipher; + protected int outCipherSize = 8; + protected int inCipherSize = 8; + protected Mac outMac; + protected Mac inMac; + protected int outMacSize; + protected int inMacSize; + protected byte[] inMacResult; + protected Compression outCompression; + protected Compression inCompression; + protected long seqi; + protected long seqo; + protected SessionWorkBuffer uncompressBuffer; + protected final SessionWorkBuffer decoderBuffer; + protected int decoderState; + protected int decoderLength; + protected final Object encodeLock = new Object(); + protected final Object decodeLock = new Object(); + protected final Object requestLock = new Object(); + + /* + * Rekeying + */ + protected final AtomicLong inPacketsCount = new AtomicLong(0L); + protected final AtomicLong outPacketsCount = new AtomicLong(0L); + protected final AtomicLong inBytesCount = new AtomicLong(0L); + protected final AtomicLong outBytesCount = new AtomicLong(0L); + protected final AtomicLong inBlocksCount = new AtomicLong(0L); + protected final AtomicLong outBlocksCount = new AtomicLong(0L); + protected final AtomicReference lastKeyTimeValue = new AtomicReference<>(Instant.now()); + // we initialize them here in case super constructor calls some methods that use these values + protected long maxRekyPackets; + protected long maxRekeyBytes; + protected Duration maxRekeyInterval; + protected final Queue pendingPackets = new LinkedList<>(); + + protected Service currentService; + // SSHD-968 - outgoing sequence number and request name of last sent global request + protected final AtomicLong globalRequestSeqo = new AtomicLong(-1L); + protected final AtomicReference pendingGlobalRequest = new AtomicReference<>(); + + // SSH_MSG_IGNORE stream padding + protected int ignorePacketDataLength; + protected long ignorePacketsFrequency; + protected int ignorePacketsVariance; + + protected final AtomicLong maxRekeyBlocks + = new AtomicLong(CoreModuleProperties.REKEY_BYTES_LIMIT.getRequiredDefault() / 16); + protected final AtomicLong ignorePacketsCount + = new AtomicLong(CoreModuleProperties.IGNORE_MESSAGE_FREQUENCY.getRequiredDefault()); + + /** + * Used to wait for global requests result synchronous wait + */ + private final AtomicReference requestResult = new AtomicReference<>(); + + private byte[] clientKexData; // the payload of the client's SSH_MSG_KEXINIT + private byte[] serverKexData; // the payload of the server's SSH_MSG_KEXINIT + + /** + * Create a new session. + * + * @param serverSession {@code true} if this is a server session, {@code false} if client one + * @param factoryManager the factory manager + * @param ioSession the underlying I/O session + */ + protected AbstractSession( + boolean serverSession, FactoryManager factoryManager, IoSession ioSession) { + super(serverSession, factoryManager, ioSession); + + this.decoderBuffer = new SessionWorkBuffer(this); + + attachSession(ioSession, this); + + Factory factory = ValidateUtils.checkNotNull( + factoryManager.getRandomFactory(), "No random factory for %s", ioSession); + random = ValidateUtils.checkNotNull( + factory.create(), "No randomizer instance for %s", ioSession); + + refreshConfiguration(); + + sessionListenerProxy = EventListenerUtils.proxyWrapper( + SessionListener.class, sessionListeners); + channelListenerProxy = EventListenerUtils.proxyWrapper( + ChannelListener.class, channelListeners); + tunnelListenerProxy = EventListenerUtils.proxyWrapper( + PortForwardingEventListener.class, tunnelListeners); + + try { + signalSessionEstablished(ioSession); + } catch (Exception e) { + if (e instanceof RuntimeException) { + throw (RuntimeException) e; + } else { + throw new RuntimeSshException(e); + } + } + } + + /** + * @param len The packet payload size + * @param blockSize The cipher block size + * @param etmMode Whether using "encrypt-then-MAC" mode + * @return The required padding length + */ + public static int calculatePadLength(int len, int blockSize, boolean etmMode) { + /* + * Note: according to RFC-4253 section 6: + * + * The minimum size of a packet is 16 (or the cipher block size, whichever is larger) bytes (plus 'mac'). + * + * Since all out ciphers, MAC(s), etc. have a block size > 8 then the minimum size of the packet will be at + * least 16 due to the padding at the very least - so even packets that contain an opcode with no arguments will + * be above this value. This avoids an un-necessary call to Math.max(len, 16) for each and every packet + */ + + len++; // the pad length + if (!etmMode) { + len += Integer.BYTES; + } + + /* + * Note: according to RFC-4253 section 6: + * + * Note that the length of the concatenation of 'packet_length', 'padding_length', 'payload', and 'random + * padding' MUST be a multiple of the cipher block size or 8, whichever is larger. + * + * However, we currently do not have ciphers with a block size of less than 8 so we do not take this into + * account in order to accelerate the calculation and avoiding an un-necessary call to Math.max(blockSize, 8) + * for each and every packet. + */ + int pad = (-len) & (blockSize - 1); + if (pad < blockSize) { + pad += blockSize; + } + + return pad; + } + + @Override + public String getServerVersion() { + return serverVersion; + } + + @Override + public Map getServerKexProposals() { + return unmodServerProposal; + } + + @Override + public String getClientVersion() { + return clientVersion; + } + + @Override + public Map getClientKexProposals() { + return unmodClientProposal; + } + + @Override + public KeyExchange getKex() { + return kex; + } + + @Override + public KexState getKexState() { + return kexState.get(); + } + + @Override + public byte[] getSessionId() { + // return a clone to avoid anyone changing the internal value + return NumberUtils.isEmpty(sessionId) ? sessionId : sessionId.clone(); + } + + @Override + public Map getKexNegotiationResult() { + return unmodNegotiationResult; + } + + @Override + public String getNegotiatedKexParameter(KexProposalOption paramType) { + if (paramType == null) { + return null; + } + + synchronized (negotiationResult) { + return negotiationResult.get(paramType); + } + } + + @Override + public CipherInformation getCipherInformation(boolean incoming) { + return incoming ? inCipher : outCipher; + } + + @Override + public CompressionInformation getCompressionInformation(boolean incoming) { + return incoming ? inCompression : outCompression; + } + + @Override + public MacInformation getMacInformation(boolean incoming) { + return incoming ? inMac : outMac; + } + + /** + *

        + * Main input point for the MINA framework. + *

        + * + *

        + * This method will be called each time new data is received on the socket and will append it to the input buffer + * before calling the {@link #decode()} method. + *

        + * + * @param buffer the new buffer received + * @throws Exception if an error occurs while decoding or handling the data + */ + public void messageReceived(Readable buffer) throws Exception { + synchronized (decodeLock) { + decoderBuffer.putBuffer(buffer); + // One of those properties will be set by the constructor and the other + // one should be set by the readIdentification method + if ((clientVersion == null) || (serverVersion == null)) { + if (readIdentification(decoderBuffer)) { + decoderBuffer.compact(); + } else { + return; + } + } + decode(); + } + } + + /** + * Refresh whatever internal configuration is not {@code final} + */ + protected void refreshConfiguration() { + synchronized (random) { + // re-keying configuration + maxRekeyBytes = CoreModuleProperties.REKEY_BYTES_LIMIT.getRequired(this); + maxRekeyInterval = CoreModuleProperties.REKEY_TIME_LIMIT.getRequired(this); + maxRekyPackets = CoreModuleProperties.REKEY_PACKETS_LIMIT.getRequired(this); + + // intermittent SSH_MSG_IGNORE stream padding + ignorePacketDataLength = CoreModuleProperties.IGNORE_MESSAGE_SIZE.getRequired(this); + ignorePacketsFrequency = CoreModuleProperties.IGNORE_MESSAGE_FREQUENCY.getRequired(this); + ignorePacketsVariance = CoreModuleProperties.IGNORE_MESSAGE_VARIANCE.getRequired(this); + if (ignorePacketsVariance >= ignorePacketsFrequency) { + ignorePacketsVariance = 0; + } + + long countValue = calculateNextIgnorePacketCount( + random, ignorePacketsFrequency, ignorePacketsVariance); + ignorePacketsCount.set(countValue); + } + } + + /** + * Abstract method for processing incoming decoded packets. The given buffer will hold the decoded packet, starting + * from the command byte at the read position. + * + * @param buffer The {@link Buffer} containing the packet - it may be re-used to generate the response once + * request has been decoded + * @throws Exception if an exception occurs while handling this packet. + * @see #doHandleMessage(Buffer) + */ + protected void handleMessage(Buffer buffer) throws Exception { + try { + synchronized (sessionLock) { + doHandleMessage(buffer); + } + } catch (Throwable e) { + DefaultKeyExchangeFuture kexFuture = kexFutureHolder.get(); + // if have any ongoing KEX notify it about the failure + if (kexFuture != null) { + synchronized (kexFuture) { + Object value = kexFuture.getValue(); + if (value == null) { + kexFuture.setValue(e); + } + } + } + + if (e instanceof Exception) { + throw (Exception) e; + } else { + throw new RuntimeSshException(e); + } + } + } + + protected void doHandleMessage(Buffer buffer) throws Exception { + int cmd = buffer.getUByte(); + + switch (cmd) { + case SshConstants.SSH_MSG_DISCONNECT: + handleDisconnect(buffer); + break; + case SshConstants.SSH_MSG_IGNORE: + handleIgnore(buffer); + break; + case SshConstants.SSH_MSG_UNIMPLEMENTED: + handleUnimplemented(buffer); + break; + case SshConstants.SSH_MSG_DEBUG: + handleDebug(buffer); + break; + case SshConstants.SSH_MSG_SERVICE_REQUEST: + handleServiceRequest(buffer); + break; + case SshConstants.SSH_MSG_SERVICE_ACCEPT: + handleServiceAccept(buffer); + break; + case SshConstants.SSH_MSG_KEXINIT: + handleKexInit(buffer); + break; + case SshConstants.SSH_MSG_NEWKEYS: + handleNewKeys(cmd, buffer); + break; + case KexExtensions.SSH_MSG_EXT_INFO: + handleKexExtension(cmd, buffer); + break; + case KexExtensions.SSH_MSG_NEWCOMPRESS: + handleNewCompression(cmd, buffer); + break; + default: + if ((cmd >= SshConstants.SSH_MSG_KEX_FIRST) && (cmd <= SshConstants.SSH_MSG_KEX_LAST)) { + if (firstKexPacketFollows != null) { + try { + if (!handleFirstKexPacketFollows(cmd, buffer, firstKexPacketFollows)) { + break; + } + } finally { + firstKexPacketFollows = null; // avoid re-checking + } + } + + handleKexMessage(cmd, buffer); + } else if (currentService != null) { + currentService.process(cmd, buffer); + resetIdleTimeout(); + } else { + /* + * According to https://tools.ietf.org/html/rfc4253#section-11.4 + * + * An implementation MUST respond to all unrecognized messages with an SSH_MSG_UNIMPLEMENTED message + * in the order in which the messages were received. + */ + notImplemented(cmd, buffer); + } + break; + } + checkRekey(); + } + + protected boolean handleFirstKexPacketFollows(int cmd, Buffer buffer, boolean followFlag) { + if (!followFlag) { + return true; // if 1st KEX packet does not follow then process the command + } + + /* + * According to RFC4253 section 7.1: + * + * If the other party's guess was wrong, and this field was TRUE, the next packet MUST be silently ignored + */ + for (KexProposalOption option : KexProposalOption.FIRST_KEX_PACKET_GUESS_MATCHES) { + Map.Entry result = comparePreferredKexProposalOption(option); + if (result != null) { + return false; + } + } + + return true; + } + + /** + * Compares the specified {@link KexProposalOption} option value for client vs. server + * + * @param option The option to check + * @return {@code null} if option is equal, otherwise a key/value pair where key=client option value and + * value=the server-side one + */ + protected Map.Entry comparePreferredKexProposalOption(KexProposalOption option) { + String[] clientPreferences = GenericUtils.split(clientProposal.get(option), ','); + String clientValue = GenericUtils.isEmpty(clientPreferences) ? null : clientPreferences[0]; + String[] serverPreferences = GenericUtils.split(serverProposal.get(option), ','); + String serverValue = GenericUtils.isEmpty(serverPreferences) ? null : serverPreferences[0]; + if (GenericUtils.isEmpty(clientValue) || GenericUtils.isEmpty(serverValue) + || (!Objects.equals(clientValue, serverValue))) { + return new SimpleImmutableEntry<>(clientValue, serverValue); + } + + return null; + } + + /** + * Send a message to put new keys into use. + * + * @return An {@link IoWriteFuture} that can be used to wait and check the result of sending the packet + * @throws Exception if an error occurs sending the message + */ + protected IoWriteFuture sendNewKeys() throws Exception { + + Buffer buffer = createBuffer(SshConstants.SSH_MSG_NEWKEYS, Byte.SIZE); + IoWriteFuture future = writePacket(buffer); + /* + * According to https://tools.ietf.org/html/rfc8308#section-2.4: + * + * + * If a client sends SSH_MSG_EXT_INFO, it MUST send it as the next packet following the client's first + * SSH_MSG_NEWKEYS message to the server. + * + * If a server sends SSH_MSG_EXT_INFO, it MAY send it at zero, one, or both of the following opportunities: + * + * + As the next packet following the server's first SSH_MSG_NEWKEYS. + */ + KexExtensionHandler extHandler = getKexExtensionHandler(); + if ((extHandler == null) + || (!extHandler.isKexExtensionsAvailable(this, AvailabilityPhase.NEWKEYS))) { + return future; + } + + extHandler.sendKexExtensions(this, KexPhase.NEWKEYS); + return future; + } + + protected void handleKexMessage(int cmd, Buffer buffer) throws Exception { + validateKexState(cmd, KexState.RUN); + + if (kex.next(cmd, buffer)) { + checkKeys(); + sendNewKeys(); + kexState.set(KexState.KEYS); + } else { + } + } + + protected void handleKexExtension(int cmd, Buffer buffer) throws Exception { + KexExtensionHandler extHandler = getKexExtensionHandler(); + int startPos = buffer.rpos(); + if ((extHandler != null) && extHandler.handleKexExtensionsMessage(this, buffer)) { + return; + } + + buffer.rpos(startPos); // restore original read position + notImplemented(cmd, buffer); + } + + protected void handleNewCompression(int cmd, Buffer buffer) throws Exception { + KexExtensionHandler extHandler = getKexExtensionHandler(); + int startPos = buffer.rpos(); + if ((extHandler != null) && extHandler.handleKexCompressionMessage(this, buffer)) { + return; + } + + buffer.rpos(startPos); // restore original read position + notImplemented(cmd, buffer); + } + + protected void handleServiceRequest(Buffer buffer) throws Exception { + String serviceName = buffer.getString(); + handleServiceRequest(serviceName, buffer); + } + + protected boolean handleServiceRequest(String serviceName, Buffer buffer) throws Exception { + validateKexState(SshConstants.SSH_MSG_SERVICE_REQUEST, KexState.DONE); + + try { + startService(serviceName, buffer); + } catch (Throwable e) { + disconnect(SshConstants.SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE, "Bad service request: " + serviceName); + return false; + } + + Buffer response = createBuffer( + SshConstants.SSH_MSG_SERVICE_ACCEPT, Byte.SIZE + GenericUtils.length(serviceName)); + response.putString(serviceName); + writePacket(response); + return true; + } + + protected void handleServiceAccept(Buffer buffer) throws Exception { + handleServiceAccept(buffer.getString(), buffer); + } + + protected void handleServiceAccept(String serviceName, Buffer buffer) throws Exception { + validateKexState(SshConstants.SSH_MSG_SERVICE_ACCEPT, KexState.DONE); + } + + protected void handleKexInit(Buffer buffer) throws Exception { + receiveKexInit(buffer); + doKexNegotiation(); + } + + protected void doKexNegotiation() throws Exception { + if (kexState.compareAndSet(KexState.DONE, KexState.RUN)) { + sendKexInit(); + } else if (!kexState.compareAndSet(KexState.INIT, KexState.RUN)) { + throw new IllegalStateException("Received SSH_MSG_KEXINIT while key exchange is running"); + } + + Map result = negotiate(); + String kexAlgorithm = result.get(KexProposalOption.ALGORITHMS); + Collection kexFactories = getKeyExchangeFactories(); + KeyExchangeFactory kexFactory = NamedResource.findByName( + kexAlgorithm, String.CASE_INSENSITIVE_ORDER, kexFactories); + ValidateUtils.checkNotNull(kexFactory, "Unknown negotiated KEX algorithm: %s", kexAlgorithm); + synchronized (pendingPackets) { + kex = kexFactory.createKeyExchange(this); + } + + byte[] v_s = serverVersion.getBytes(StandardCharsets.UTF_8); + byte[] v_c = clientVersion.getBytes(StandardCharsets.UTF_8); + byte[] i_s; + byte[] i_c; + synchronized (kexState) { + i_s = getServerKexData(); + i_c = getClientKexData(); + } + kex.init(v_s, v_c, i_s, i_c); + + signalSessionEvent(SessionListener.Event.KexCompleted); + } + + protected void handleNewKeys(int cmd, Buffer buffer) throws Exception { + validateKexState(cmd, KexState.KEYS); + receiveNewKeys(); + + DefaultKeyExchangeFuture kexFuture = kexFutureHolder.get(); + if (kexFuture != null) { + synchronized (kexFuture) { + Object value = kexFuture.getValue(); + if (value == null) { + kexFuture.setValue(Boolean.TRUE); + } + } + } + + signalSessionEvent(SessionListener.Event.KeyEstablished); + + Collection, IoWriteFuture>> pendingWrites; + synchronized (pendingPackets) { + pendingWrites = sendPendingPackets(pendingPackets); + kex = null; // discard and GC since KEX is completed + kexState.set(KexState.DONE); + } + + int pendingCount = pendingWrites.size(); + if (pendingCount > 0) { + + for (Map.Entry, IoWriteFuture> pe : pendingWrites) { + SshFutureListener listener = pe.getKey(); + IoWriteFuture future = pe.getValue(); + if (listener != null) { + future.addListener(listener); + } + } + } + + synchronized (futureLock) { + futureLock.notifyAll(); + } + } + + protected List> sendPendingPackets( + Queue packetsQueue) + throws IOException { + if (GenericUtils.isEmpty(packetsQueue)) { + return Collections.emptyList(); + } + + int numPending = packetsQueue.size(); + List> pendingWrites = new ArrayList<>(numPending); + synchronized (encodeLock) { + for (PendingWriteFuture future = packetsQueue.poll(); + future != null; + future = packetsQueue.poll()) { + IoWriteFuture writeFuture = doWritePacket(future.getBuffer()); + pendingWrites.add(new SimpleImmutableEntry<>(future, writeFuture)); + } + } + + return pendingWrites; + } + + protected void validateKexState(int cmd, KexState expected) { + KexState actual = kexState.get(); + if (!expected.equals(actual)) { + throw new IllegalStateException( + "Received KEX command=" + SshConstants.getCommandMessageName(cmd) + + " while in state=" + actual + " instead of " + expected); + } + } + + @Override + protected Closeable getInnerCloseable() { + Closeable closer = builder() + .parallel(toString(), getServices()) + .close(getIoSession()) + .build(); + closer.addCloseFutureListener(future -> clearAttributes()); + return closer; + } + + @Override + protected void preClose() { + DefaultKeyExchangeFuture kexFuture = kexFutureHolder.get(); + if (kexFuture != null) { + // if have any pending KEX then notify it about the closing session + synchronized (kexFuture) { + Object value = kexFuture.getValue(); + if (value == null) { + kexFuture.setValue(new SshException("Session closing while KEX in progress")); + } + } + } + + // if anyone waiting for global response notify them about the closing session + signalRequestFailure(); + + // Fire 'close' event + try { + signalSessionClosed(); + } finally { + // clear the listeners since we are closing the session (quicker GC) + this.sessionListeners.clear(); + this.channelListeners.clear(); + this.tunnelListeners.clear(); + } + + super.preClose(); + } + + protected List getServices() { + return (currentService != null) + ? Collections.singletonList(currentService) + : Collections.emptyList(); + } + + @Override + public T getService(Class clazz) { + Collection registeredServices = getServices(); + ValidateUtils.checkState(GenericUtils.isNotEmpty(registeredServices), + "No registered services to look for %s", clazz.getSimpleName()); + + for (Service s : registeredServices) { + if (clazz.isInstance(s)) { + return clazz.cast(s); + } + } + + throw new IllegalStateException("Attempted to access unknown service " + clazz.getSimpleName()); + } + + @Override + protected Buffer preProcessEncodeBuffer(int cmd, Buffer buffer) throws IOException { + buffer = super.preProcessEncodeBuffer(cmd, buffer); + // SSHD-968 - remember global request outgoing sequence number + if (cmd == SshConstants.SSH_MSG_GLOBAL_REQUEST) { + long prev = globalRequestSeqo.getAndSet(seqo); + } + + return buffer; + } + + @Override + public IoWriteFuture writePacket(Buffer buffer) throws IOException { + // While exchanging key, queue high level packets + PendingWriteFuture future = enqueuePendingPacket(buffer); + if (future != null) { + return future; + } + + try { + return doWritePacket(buffer); + } finally { + resetIdleTimeout(); + try { + checkRekey(); + } catch (GeneralSecurityException e) { + throw ValidateUtils.initializeExceptionCause( + new ProtocolException( + "Failed (" + e.getClass().getSimpleName() + ")" + + " to check re-key necessity: " + e.getMessage()), + e); + } catch (Exception e) { + GenericUtils.rethrowAsIoException(e); + } + } + } + + /** + * Checks if key-exchange is done - if so, or the packet is related to the key-exchange protocol, then allows the + * packet to go through, otherwise enqueues it to be sent when key-exchange completed + * + * @param buffer The {@link Buffer} containing the packet to be sent + * @return A {@link PendingWriteFuture} if enqueued, {@code null} if packet can go through. + */ + protected PendingWriteFuture enqueuePendingPacket(Buffer buffer) { + if (KexState.DONE.equals(kexState.get())) { + return null; + } + + byte[] bufData = buffer.array(); + int cmd = bufData[buffer.rpos()] & 0xFF; + if (cmd <= SshConstants.SSH_MSG_KEX_LAST) { + return null; + } + + String cmdName = SshConstants.getCommandMessageName(cmd); + PendingWriteFuture future; + int numPending; + synchronized (pendingPackets) { + if (KexState.DONE.equals(kexState.get())) { + return null; + } + + future = new PendingWriteFuture(cmdName, buffer); + pendingPackets.add(future); + numPending = pendingPackets.size(); + } + + return future; + } + + // NOTE: must acquire encodeLock when calling this method + protected Buffer resolveOutputPacket(Buffer buffer) throws IOException { + Buffer ignoreBuf = null; + int ignoreDataLen = resolveIgnoreBufferDataLength(); + if (ignoreDataLen > 0) { + ignoreBuf = createBuffer(SshConstants.SSH_MSG_IGNORE, ignoreDataLen + Byte.SIZE); + ignoreBuf.putInt(ignoreDataLen); + + int wpos = ignoreBuf.wpos(); + synchronized (random) { + random.fill(ignoreBuf.array(), wpos, ignoreDataLen); + } + ignoreBuf.wpos(wpos + ignoreDataLen); + + } + + int curPos = buffer.rpos(); + byte[] data = buffer.array(); + int cmd = data[curPos] & 0xFF; // usually the 1st byte is the command + buffer = validateTargetBuffer(cmd, buffer); + + if (ignoreBuf != null) { + ignoreBuf = encode(ignoreBuf); + + IoSession networkSession = getIoSession(); + networkSession.writeBuffer(ignoreBuf); + } + + return encode(buffer); + } + + protected IoWriteFuture doWritePacket(Buffer buffer) throws IOException { + // Synchronize all write requests as needed by the encoding algorithm + // and also queue the write request in this synchronized block to ensure + // packets are sent in the correct order + synchronized (encodeLock) { + Buffer packet = resolveOutputPacket(buffer); + IoSession networkSession = getIoSession(); + IoWriteFuture future = networkSession.writeBuffer(packet); + return future; + } + } + + protected int resolveIgnoreBufferDataLength() { + if ((ignorePacketDataLength <= 0) + || (ignorePacketsFrequency <= 0L) + || (ignorePacketsVariance < 0)) { + return 0; + } + + long count = ignorePacketsCount.decrementAndGet(); + if (count > 0L) { + return 0; + } + + synchronized (random) { + count = calculateNextIgnorePacketCount( + random, ignorePacketsFrequency, ignorePacketsVariance); + ignorePacketsCount.set(count); + return ignorePacketDataLength + random.random(ignorePacketDataLength); + } + } + + @Override + public Buffer request(String request, Buffer buffer, long maxWaitMillis) throws IOException { + if (maxWaitMillis <= 0L) { + throw new IllegalArgumentException( + "Requested timeout for " + request + " below 1 msec: " + maxWaitMillis); + } + + + Object result; + long prevGlobalReqSeqNo = -1L; + synchronized (requestLock) { + try { + writePacket(buffer); + + synchronized (requestResult) { + pendingGlobalRequest.set(request); + + while (isOpen() && (maxWaitMillis > 0L) && (requestResult.get() == null)) { + + long waitStart = System.nanoTime(); + requestResult.wait(maxWaitMillis); + long waitEnd = System.nanoTime(); + long waitDuration = waitEnd - waitStart; + long waitMillis = TimeUnit.NANOSECONDS.toMillis(waitDuration); + if (waitMillis > 0L) { + maxWaitMillis -= waitMillis; + } else { + maxWaitMillis--; + } + } + + result = requestResult.getAndSet(null); + // SSHD-968 reset tracked request name and sequence number + prevGlobalReqSeqNo = globalRequestSeqo.getAndSet(-1L); + pendingGlobalRequest.set(null); + } + } catch (InterruptedException e) { + throw (InterruptedIOException) new InterruptedIOException( + "Interrupted while waiting for request=" + request + " result").initCause(e); + } + } + + if (!isOpen()) { + throw new IOException( + "Session is closed or closing while awaiting reply for request=" + request); + } + + + if (result == null) { + throw new SocketTimeoutException( + "No response received after " + maxWaitMillis + "ms for request=" + request); + } + + if (result instanceof Buffer) { + return (Buffer) result; + } + + return null; + } + + @Override + protected boolean doInvokeUnimplementedMessageHandler(int cmd, Buffer buffer) throws Exception { + /* + * SSHD-968 Some servers respond to global requests with SSH_MSG_UNIMPLEMENTED instead of + * SSH_MSG_REQUEST_FAILURE (as mandated by https://tools.ietf.org/html/rfc4254#section-4) so deal with it + */ + long reqSeqNo = -1L; + long msgSeqNo = -1L; + String reqGlobal = null; + boolean propagateCall = true; + if ((cmd == SshConstants.SSH_MSG_UNIMPLEMENTED) + && (globalRequestSeqo.get() >= 0L)) { + int rpos = buffer.rpos(); + msgSeqNo = buffer.rawUInt(rpos); + + synchronized (requestResult) { + // must re-fetch value under correct lock + reqSeqNo = globalRequestSeqo.get(); + if (reqSeqNo == msgSeqNo) { + reqGlobal = pendingGlobalRequest.get(); + propagateCall = false; + signalRequestFailure(); + } + } + } + + if (propagateCall) { + + return super.doInvokeUnimplementedMessageHandler(cmd, buffer); + } + + return true; // message handled internally + } + + @Override + public Buffer createBuffer(byte cmd, int len) { + if (len <= 0) { + return prepareBuffer(cmd, new ByteArrayBuffer()); + } + + // Since the caller claims to know how many bytes they will need + // increase their request to account for our headers/footers if + // they actually send exactly this amount. + boolean etmMode = outMac != null && outMac.isEncryptThenMac(); + int authLen = outCipher != null ? outCipher.getAuthenticationTagSize() : 0; + boolean authMode = authLen > 0; + int pad = calculatePadLength(len, outCipherSize, etmMode || authMode); + len += SshConstants.SSH_PACKET_HEADER_LEN + pad + authLen; + if (outMac != null) { + len += outMacSize; + } + + return prepareBuffer(cmd, new ByteArrayBuffer(new byte[len + Byte.SIZE], false)); + } + + @Override + public Buffer prepareBuffer(byte cmd, Buffer buffer) { + buffer = validateTargetBuffer(cmd & 0xFF, buffer); + buffer.rpos(SshConstants.SSH_PACKET_HEADER_LEN); + buffer.wpos(SshConstants.SSH_PACKET_HEADER_LEN); + buffer.putByte(cmd); + return buffer; + } + + /** + * Makes sure that the buffer used for output is not {@code null} or one of the session's internal ones used for + * decoding and uncompressing + * + * @param The {@link Buffer} type being validated + * @param cmd The most likely command this buffer refers to (not guaranteed to be correct) + * @param buffer The buffer to be examined + * @return The validated target instance - default same as input + * @throws IllegalArgumentException if any of the conditions is violated + */ + protected B validateTargetBuffer(int cmd, B buffer) { + ValidateUtils.checkNotNull(buffer, "No target buffer to examine for command=%d", cmd); + ValidateUtils.checkTrue( + buffer != decoderBuffer, "Not allowed to use the internal decoder buffer for command=%d", cmd); + ValidateUtils.checkTrue( + buffer != uncompressBuffer, "Not allowed to use the internal uncompress buffer for command=%d", cmd); + return buffer; + } + + /** + * Encode a buffer into the SSH protocol. Note: This method must be called inside a {@code synchronized} + * block using {@code encodeLock}. + * + * @param buffer the buffer to encode + * @return The encoded buffer - may be different than original if input buffer does not have enough room + * for {@link SshConstants#SSH_PACKET_HEADER_LEN}, in which case a substitute buffer will be + * created and used. + * @throws IOException if an exception occurs during the encoding process + */ + protected Buffer encode(Buffer buffer) throws IOException { + try { + // Check that the packet has some free space for the header + int curPos = buffer.rpos(); + int cmd = buffer.rawByte(curPos) & 0xFF; // usually the 1st byte is an SSH opcode + Buffer nb = preProcessEncodeBuffer(cmd, buffer); + if (nb != buffer) { + buffer = nb; + curPos = buffer.rpos(); + + int newCmd = buffer.rawByte(curPos) & 0xFF; + if (cmd != newCmd) { + cmd = newCmd; + } + } + + // Grab the length of the packet (excluding the 5 header bytes) + int len = buffer.available(); + + int off = curPos - SshConstants.SSH_PACKET_HEADER_LEN; + // Debug log the packet + // Compress the packet if needed + if ((outCompression != null) + && outCompression.isCompressionExecuted() + && (isAuthenticated() || (!outCompression.isDelayed()))) { + int oldLen = len; + outCompression.compress(buffer); + len = buffer.available(); + } + + // Compute padding length + boolean etmMode = outMac != null && outMac.isEncryptThenMac(); + int authSize = outCipher != null ? outCipher.getAuthenticationTagSize() : 0; + boolean authMode = authSize > 0; + int oldLen = len; + + int pad = calculatePadLength(len, outCipherSize, etmMode || authMode); + + len += Byte.BYTES + pad; + + // Write 5 header bytes + buffer.wpos(off); + buffer.putInt(len); + buffer.putByte((byte) pad); + // Make sure enough room for padding and then fill it + buffer.wpos(off + oldLen + SshConstants.SSH_PACKET_HEADER_LEN + pad); + synchronized (random) { + random.fill(buffer.array(), buffer.wpos() - pad, pad); + } + + if (authMode) { + int wpos = buffer.wpos(); + buffer.wpos(wpos + authSize); + aeadOutgoingBuffer(buffer, off, len); + } else if (etmMode) { + // Do not encrypt the length field + encryptOutgoingBuffer(buffer, off + Integer.BYTES, len); + appendOutgoingMac(buffer, off, len); + } else { + appendOutgoingMac(buffer, off, len); + encryptOutgoingBuffer(buffer, off, len + Integer.BYTES); + } + + // Increment packet id + seqo = (seqo + 1L) & 0x0ffffffffL; + + // Update counters used to track re-keying + outPacketsCount.incrementAndGet(); + outBytesCount.addAndGet(len); + + // Make buffer ready to be read + buffer.rpos(off); + return buffer; + } catch (IOException e) { + throw e; + } catch (Exception e) { + throw new SshException(e); + } + } + + protected void aeadOutgoingBuffer(Buffer buf, int offset, int len) throws Exception { + if (outCipher == null || outCipher.getAuthenticationTagSize() == 0) { + throw new IllegalArgumentException("AEAD mode requires an AEAD cipher"); + } + byte[] data = buf.array(); + outCipher.updateWithAAD(data, offset, Integer.BYTES, len); + int blocksCount = len / outCipherSize; + outBlocksCount.addAndGet(Math.max(1, blocksCount)); + } + + protected void appendOutgoingMac(Buffer buf, int offset, int len) throws Exception { + if (outMac == null) { + return; + } + + int l = buf.wpos(); + // ensure enough room for MAC in outgoing buffer + buf.wpos(l + outMacSize); + // Include sequence number + outMac.updateUInt(seqo); + // Include the length field in the MAC calculation + outMac.update(buf.array(), offset, len + Integer.BYTES); + // Append MAC to end of packet + outMac.doFinal(buf.array(), l); + } + + protected void encryptOutgoingBuffer(Buffer buf, int offset, int len) throws Exception { + if (outCipher == null) { + return; + } + outCipher.update(buf.array(), offset, len); + + int blocksCount = len / outCipherSize; + outBlocksCount.addAndGet(Math.max(1, blocksCount)); + } + + /** + * Decode the incoming buffer and handle packets as needed. + * + * @throws Exception If failed to decode + */ + protected void decode() throws Exception { + // Decoding loop + for (;;) { + + int authSize = inCipher != null ? inCipher.getAuthenticationTagSize() : 0; + boolean authMode = authSize > 0; + int macSize = inMac != null ? inMacSize : 0; + boolean etmMode = inMac != null && inMac.isEncryptThenMac(); + // Wait for beginning of packet + if (decoderState == 0) { + // The read position should always be 0 at this point because we have compacted this buffer + assert decoderBuffer.rpos() == 0; + /* + * Note: according to RFC-4253 section 6: + * + * Implementations SHOULD decrypt the length after receiving the first 8 (or cipher block size whichever + * is larger) bytes + * + * However, we currently do not have ciphers with a block size of less than 8 we avoid un-necessary + * Math.max(minBufLen, 8) for each and every packet + */ + int minBufLen = etmMode || authMode ? Integer.BYTES : inCipherSize; + // If we have received enough bytes, start processing those + if (decoderBuffer.available() > minBufLen) { + if (authMode) { + // RFC 5647: packet length encoded in additional data + inCipher.updateAAD(decoderBuffer.array(), 0, Integer.BYTES); + } else if ((inCipher != null) && (!etmMode)) { + // Decrypt the first bytes so we can extract the packet length + inCipher.update(decoderBuffer.array(), 0, inCipherSize); + + int blocksCount = inCipherSize / inCipher.getCipherBlockSize(); + inBlocksCount.addAndGet(Math.max(1, blocksCount)); + } + // Read packet length + decoderLength = decoderBuffer.getInt(); + /* + * Check packet length validity - we allow 8 times the minimum required packet length support in + * order to be aligned with some OpenSSH versions that allow up to 256k + */ + if ((decoderLength < SshConstants.SSH_PACKET_HEADER_LEN) + || (decoderLength > (8 * SshConstants.SSH_REQUIRED_PAYLOAD_PACKET_LENGTH_SUPPORT))) { + throw new SshException( + SshConstants.SSH2_DISCONNECT_PROTOCOL_ERROR, + "Invalid packet length: " + decoderLength); + } + // Ok, that's good, we can go to the next step + decoderState = 1; + } else { + // need more data + break; + } + // We have received the beginning of the packet + } else if (decoderState == 1) { + // The read position should always be after reading the packet length at this point + assert decoderBuffer.rpos() == Integer.BYTES; + // Check if the packet has been fully received + if (decoderBuffer.available() >= (decoderLength + macSize + authSize)) { + byte[] data = decoderBuffer.array(); + if (authMode) { + inCipher.update(data, Integer.BYTES /* packet length is handled by AAD */, decoderLength); + + int blocksCount = decoderLength / inCipherSize; + inBlocksCount.addAndGet(Math.max(1, blocksCount)); + } else if (etmMode) { + validateIncomingMac(data, 0, decoderLength + Integer.BYTES); + + if (inCipher != null) { + inCipher.update(data, Integer.BYTES /* packet length is unencrypted */, decoderLength); + + int blocksCount = decoderLength / inCipherSize; + inBlocksCount.addAndGet(Math.max(1, blocksCount)); + } + } else { + /* + * Decrypt the remaining of the packet - skip the block we already decoded in order to extract + * the packet length + */ + if (inCipher != null) { + int updateLen = decoderLength + Integer.BYTES - inCipherSize; + inCipher.update(data, inCipherSize, updateLen); + + int blocksCount = updateLen / inCipherSize; + inBlocksCount.addAndGet(Math.max(1, blocksCount)); + } + + validateIncomingMac(data, 0, decoderLength + Integer.BYTES); + } + + // Increment incoming packet sequence number + seqi = (seqi + 1L) & 0x0ffffffffL; + + // Get padding + int pad = decoderBuffer.getUByte(); + Buffer packet; + int wpos = decoderBuffer.wpos(); + // Decompress if needed + if ((inCompression != null) + && inCompression.isCompressionExecuted() + && (isAuthenticated() || (!inCompression.isDelayed()))) { + if (uncompressBuffer == null) { + uncompressBuffer = new SessionWorkBuffer(this); + } else { + uncompressBuffer.forceClear(true); + } + + decoderBuffer.wpos(decoderBuffer.rpos() + decoderLength - 1 - pad); + inCompression.uncompress(decoderBuffer, uncompressBuffer); + packet = uncompressBuffer; + } else { + decoderBuffer.wpos(decoderLength + Integer.BYTES - pad); + packet = decoderBuffer; + } + + // Update counters used to track re-keying + inPacketsCount.incrementAndGet(); + inBytesCount.addAndGet(packet.available()); + + // Process decoded packet + handleMessage(packet); + + // Set ready to handle next packet + decoderBuffer.rpos(decoderLength + Integer.BYTES + macSize + authSize); + decoderBuffer.wpos(wpos); + decoderBuffer.compact(); + decoderState = 0; + } else { + // need more data + break; + } + } + } + } + + protected void validateIncomingMac(byte[] data, int offset, int len) throws Exception { + if (inMac == null) { + return; + } + + // Update mac with packet id + inMac.updateUInt(seqi); + // Update mac with packet data + inMac.update(data, offset, len); + // Compute mac result + inMac.doFinal(inMacResult, 0); + + // Check the computed result with the received mac (just after the packet data) + if (!Mac.equals(inMacResult, 0, data, offset + len, inMacSize)) { + throw new SshException(SshConstants.SSH2_DISCONNECT_MAC_ERROR, "MAC Error"); + } + } + + /** + * Read the other side identification. This method is specific to the client or server side, but both should call + * {@link #doReadIdentification(Buffer, boolean)} and store the result in the needed property. + * + * @param buffer The {@link Buffer} containing the remote identification + * @return true if the identification has been fully read or false if more data + * is needed + * @throws Exception if an error occurs such as a bad protocol version or unsuccessful KEX was involved + */ + protected abstract boolean readIdentification(Buffer buffer) throws Exception; + + /** + * Send the key exchange initialization packet. This packet contains random data along with our proposal. + * + * @param proposal our proposal for key exchange negotiation + * @return the sent packet data which must be kept for later use when deriving the session keys + * @throws Exception if an error occurred sending the packet + */ + protected byte[] sendKexInit(Map proposal) throws Exception { + + Buffer buffer = createBuffer(SshConstants.SSH_MSG_KEXINIT); + int p = buffer.wpos(); + buffer.wpos(p + SshConstants.MSG_KEX_COOKIE_SIZE); + synchronized (random) { + random.fill(buffer.array(), p, SshConstants.MSG_KEX_COOKIE_SIZE); + } + + for (KexProposalOption paramType : KexProposalOption.VALUES) { + String s = proposal.get(paramType); + buffer.putString(GenericUtils.trimToEmpty(s)); + } + + buffer.putBoolean(false); // first kex packet follows + buffer.putInt(0); // reserved (FFU) + + ReservedSessionMessagesHandler handler = getReservedSessionMessagesHandler(); + IoWriteFuture future = (handler == null) ? null : handler.sendKexInitRequest(this, proposal, buffer); + byte[] data = buffer.getCompactData(); + if (future == null) { + future = writePacket(buffer); + } else { + } + + return data; + } + + /** + * Receive the remote key exchange init message. The packet data is returned for later use. + * + * @param buffer the {@link Buffer} containing the key exchange init packet + * @param proposal the remote proposal to fill + * @return the packet data + * @throws Exception If failed to handle the message + */ + protected byte[] receiveKexInit(Buffer buffer, Map proposal) throws Exception { + // Recreate the packet payload which will be needed at a later time + byte[] d = buffer.array(); + byte[] data = new byte[buffer.available() + 1 /* the opcode */]; + data[0] = SshConstants.SSH_MSG_KEXINIT; + + int size = 6; + int cookieStartPos = buffer.rpos(); + System.arraycopy(d, cookieStartPos, data, 1, data.length - 1); + // Skip random cookie data + buffer.rpos(cookieStartPos + SshConstants.MSG_KEX_COOKIE_SIZE); + size += SshConstants.MSG_KEX_COOKIE_SIZE; + + + // Read proposal + for (KexProposalOption paramType : KexProposalOption.VALUES) { + int lastPos = buffer.rpos(); + String value = buffer.getString(); + int curPos = buffer.rpos(); + int readLen = curPos - lastPos; + proposal.put(paramType, value); + size += readLen; + } + + KexExtensionHandler extHandler = getKexExtensionHandler(); + if (extHandler != null) { + + extHandler.handleKexInitProposal(this, false, proposal); + + } + + firstKexPacketFollows = buffer.getBoolean(); + + long reserved = buffer.getUInt(); + if (reserved != 0L) { + } + + // Return data + byte[] dataShrinked = new byte[size]; + System.arraycopy(data, 0, dataShrinked, 0, size); + return dataShrinked; + } + + /** + * Put new keys into use. This method will initialize the ciphers, digests, macs and compression according to the + * negotiated server and client proposals. + * + * @throws Exception if an error occurs + */ + @SuppressWarnings("checkstyle:VariableDeclarationUsageDistance") + protected void receiveNewKeys() throws Exception { + byte[] k = kex.getK(); + byte[] h = kex.getH(); + Digest hash = kex.getHash(); + + if (sessionId == null) { + sessionId = h.clone(); + } + + Buffer buffer = new ByteArrayBuffer(); + buffer.putMPInt(k); + buffer.putRawBytes(h); + buffer.putByte((byte) 0x41); + buffer.putRawBytes(sessionId); + + int pos = buffer.available(); + byte[] buf = buffer.array(); + hash.update(buf, 0, pos); + + byte[] iv_c2s = hash.digest(); + int j = pos - sessionId.length - 1; + + buf[j]++; + hash.update(buf, 0, pos); + byte[] iv_s2c = hash.digest(); + + buf[j]++; + hash.update(buf, 0, pos); + byte[] e_c2s = hash.digest(); + + buf[j]++; + hash.update(buf, 0, pos); + byte[] e_s2c = hash.digest(); + + buf[j]++; + hash.update(buf, 0, pos); + byte[] mac_c2s = hash.digest(); + + buf[j]++; + hash.update(buf, 0, pos); + byte[] mac_s2c = hash.digest(); + + boolean serverSession = isServerSession(); + String value = getNegotiatedKexParameter(KexProposalOption.S2CENC); + Cipher s2ccipher = ValidateUtils.checkNotNull( + NamedFactory.create(getCipherFactories(), value), "Unknown s2c cipher: %s", value); + e_s2c = resizeKey(e_s2c, s2ccipher.getKdfSize(), hash, k, h); + s2ccipher.init(serverSession ? Cipher.Mode.Encrypt : Cipher.Mode.Decrypt, e_s2c, iv_s2c); + + Mac s2cmac; + if (s2ccipher.getAuthenticationTagSize() == 0) { + value = getNegotiatedKexParameter(KexProposalOption.S2CMAC); + s2cmac = NamedFactory.create(getMacFactories(), value); + if (s2cmac == null) { + throw new SshException(SshConstants.SSH2_DISCONNECT_MAC_ERROR, "Unknown s2c MAC: " + value); + } + mac_s2c = resizeKey(mac_s2c, s2cmac.getBlockSize(), hash, k, h); + s2cmac.init(mac_s2c); + } else { + s2cmac = null; + } + + value = getNegotiatedKexParameter(KexProposalOption.S2CCOMP); + Compression s2ccomp = NamedFactory.create(getCompressionFactories(), value); + if (s2ccomp == null) { + throw new SshException(SshConstants.SSH2_DISCONNECT_COMPRESSION_ERROR, "Unknown s2c compression: " + value); + } + + value = getNegotiatedKexParameter(KexProposalOption.C2SENC); + Cipher c2scipher = ValidateUtils.checkNotNull( + NamedFactory.create(getCipherFactories(), value), "Unknown c2s cipher: %s", value); + e_c2s = resizeKey(e_c2s, c2scipher.getKdfSize(), hash, k, h); + c2scipher.init(serverSession ? Cipher.Mode.Decrypt : Cipher.Mode.Encrypt, e_c2s, iv_c2s); + + Mac c2smac; + if (c2scipher.getAuthenticationTagSize() == 0) { + value = getNegotiatedKexParameter(KexProposalOption.C2SMAC); + c2smac = NamedFactory.create(getMacFactories(), value); + if (c2smac == null) { + throw new SshException(SshConstants.SSH2_DISCONNECT_MAC_ERROR, "Unknown c2s MAC: " + value); + } + mac_c2s = resizeKey(mac_c2s, c2smac.getBlockSize(), hash, k, h); + c2smac.init(mac_c2s); + } else { + c2smac = null; + } + + value = getNegotiatedKexParameter(KexProposalOption.C2SCOMP); + Compression c2scomp = NamedFactory.create(getCompressionFactories(), value); + if (c2scomp == null) { + throw new SshException(SshConstants.SSH2_DISCONNECT_COMPRESSION_ERROR, "Unknown c2s compression: " + value); + } + + if (serverSession) { + outCipher = s2ccipher; + outMac = s2cmac; + outCompression = s2ccomp; + inCipher = c2scipher; + inMac = c2smac; + inCompression = c2scomp; + } else { + outCipher = c2scipher; + outMac = c2smac; + outCompression = c2scomp; + inCipher = s2ccipher; + inMac = s2cmac; + inCompression = s2ccomp; + } + + outCipherSize = outCipher.getCipherBlockSize(); + outMacSize = outMac != null ? outMac.getBlockSize() : 0; + // TODO add support for configurable compression level + outCompression.init(Compression.Type.Deflater, -1); + + inCipherSize = inCipher.getCipherBlockSize(); + inMacSize = inMac != null ? inMac.getBlockSize() : 0; + inMacResult = new byte[inMacSize]; + // TODO add support for configurable compression level + inCompression.init(Compression.Type.Inflater, -1); + + // see https://tools.ietf.org/html/rfc4344#section-3.2 + // select the lowest cipher size + int avgCipherBlockSize = Math.min(inCipherSize, outCipherSize); + long recommendedByteRekeyBlocks = 1L << Math.min((avgCipherBlockSize * Byte.SIZE) / 4, + 63); // in case (block-size / 4) > 63 + long effectiveRekeyBlocksCount = CoreModuleProperties.REKEY_BLOCKS_LIMIT.getRequired(this); + maxRekeyBlocks.set(effectiveRekeyBlocksCount > 0 ? effectiveRekeyBlocksCount : recommendedByteRekeyBlocks); + + inBytesCount.set(0L); + outBytesCount.set(0L); + inPacketsCount.set(0L); + outPacketsCount.set(0L); + inBlocksCount.set(0L); + outBlocksCount.set(0L); + lastKeyTimeValue.set(Instant.now()); + firstKexPacketFollows = null; + } + + /** + * Send a {@code SSH_MSG_UNIMPLEMENTED} packet. This packet should contain the sequence id of the unsupported + * packet: this number is assumed to be the last packet received. + * + * @param cmd The un-implemented command value + * @param buffer The {@link Buffer} that contains the command. Note: the buffer's read position is just + * beyond the command. + * @return An {@link IoWriteFuture} that can be used to wait for packet write completion - {@code null} if + * the registered {@link ReservedSessionMessagesHandler} decided to handle the command internally + * @throws Exception if an error occurred while handling the packet. + * @see #sendNotImplemented(long) + */ + protected IoWriteFuture notImplemented(int cmd, Buffer buffer) throws Exception { + if (doInvokeUnimplementedMessageHandler(cmd, buffer)) { + return null; + } + + return sendNotImplemented(seqi - 1L); + } + + /** + * Compute the negotiated proposals by merging the client and server proposal. The negotiated proposal will also be + * stored in the {@link #negotiationResult} property. + * + * @return The negotiated options {@link Map} + * @throws Exception If negotiation failed + */ + protected Map negotiate() throws Exception { + Map c2sOptions = getClientKexProposals(); + Map s2cOptions = getServerKexProposals(); + signalNegotiationStart(c2sOptions, s2cOptions); + + Map guess = new EnumMap<>(KexProposalOption.class); + Map negotiatedGuess = Collections.unmodifiableMap(guess); + try { + SessionDisconnectHandler discHandler = getSessionDisconnectHandler(); + KexExtensionHandler extHandler = getKexExtensionHandler(); + for (KexProposalOption paramType : KexProposalOption.VALUES) { + String clientParamValue = c2sOptions.get(paramType); + String serverParamValue = s2cOptions.get(paramType); + String[] c = GenericUtils.split(clientParamValue, ','); + String[] s = GenericUtils.split(serverParamValue, ','); + /* + * According to https://tools.ietf.org/html/rfc8308#section-2.2: + * + * Implementations MAY disconnect if the counterpart sends an incorrect (KEX extension) indicator + * + * TODO - for now we do not enforce this + */ + for (String ci : c) { + for (String si : s) { + if (ci.equals(si)) { + guess.put(paramType, ci); + break; + } + } + + String value = guess.get(paramType); + if (value != null) { + break; + } + } + + // check if reached an agreement + String value = guess.get(paramType); + if (extHandler != null) { + extHandler.handleKexExtensionNegotiation( + this, paramType, value, c2sOptions, clientParamValue, s2cOptions, serverParamValue); + } + + if (value != null) { + continue; + } + + try { + if ((discHandler != null) + && discHandler.handleKexDisconnectReason( + this, c2sOptions, s2cOptions, negotiatedGuess, paramType)) { + continue; + } + } catch (IOException | RuntimeException e) { + // If disconnect handler throws an exception continue with the disconnect + } + + String message = "Unable to negotiate key exchange for " + paramType.getDescription() + + " (client: " + clientParamValue + " / server: " + serverParamValue + ")"; + // OK if could not negotiate languages + if (KexProposalOption.S2CLANG.equals(paramType) || KexProposalOption.C2SLANG.equals(paramType)) { + } else { + throw new SshException(SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED, message); + } + } + + /* + * According to https://tools.ietf.org/html/rfc8308#section-2.2: + * + * If "ext-info-c" or "ext-info-s" ends up being negotiated as a key exchange method, the parties MUST + * disconnect. + */ + String kexOption = guess.get(KexProposalOption.ALGORITHMS); + if (KexExtensions.IS_KEX_EXTENSION_SIGNAL.test(kexOption)) { + if ((discHandler != null) + && discHandler.handleKexDisconnectReason( + this, c2sOptions, s2cOptions, negotiatedGuess, KexProposalOption.ALGORITHMS)) { + } else { + throw new SshException( + SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED, "Illegal KEX option negotiated: " + kexOption); + } + } + } catch (IOException | RuntimeException | Error e) { + signalNegotiationEnd(c2sOptions, s2cOptions, negotiatedGuess, e); + throw e; + } + + signalNegotiationEnd(c2sOptions, s2cOptions, negotiatedGuess, null); + return setNegotiationResult(guess); + } + + protected Map setNegotiationResult(Map guess) { + synchronized (negotiationResult) { + if (!negotiationResult.isEmpty()) { + negotiationResult.clear(); // debug breakpoint + } + negotiationResult.putAll(guess); + } + + + return guess; + } + + /** + * Indicates the reception of a {@code SSH_MSG_REQUEST_SUCCESS} message + * + * @param buffer The {@link Buffer} containing the message data + * @throws Exception If failed to handle the message + */ + protected void requestSuccess(Buffer buffer) throws Exception { + // use a copy of the original data in case it is re-used on return + Buffer resultBuf = ByteArrayBuffer.getCompactClone( + buffer.array(), buffer.rpos(), buffer.available()); + synchronized (requestResult) { + requestResult.set(resultBuf); + resetIdleTimeout(); + requestResult.notifyAll(); + } + } + + /** + * Indicates the reception of a {@code SSH_MSG_REQUEST_FAILURE} message + * + * @param buffer The {@link Buffer} containing the message data + * @throws Exception If failed to handle the message + */ + protected void requestFailure(Buffer buffer) throws Exception { + signalRequestFailure(); + } + + /** + * Marks the current pending global request result as failed + */ + protected void signalRequestFailure() { + synchronized (requestResult) { + requestResult.set(GenericUtils.NULL); + resetIdleTimeout(); + requestResult.notifyAll(); + } + } + + @Override + public void addSessionListener(SessionListener listener) { + SessionListener.validateListener(listener); + // avoid race conditions on notifications while session is being closed + if (!isOpen()) { + return; + } + + if (this.sessionListeners.add(listener)) { + } else { + } + } + + @Override + public void removeSessionListener(SessionListener listener) { + if (listener == null) { + return; + } + + SessionListener.validateListener(listener); + if (this.sessionListeners.remove(listener)) { + } else { + } + } + + @Override + public SessionListener getSessionListenerProxy() { + return sessionListenerProxy; + } + + @Override + public void addChannelListener(ChannelListener listener) { + ChannelListener.validateListener(listener); + // avoid race conditions on notifications while session is being closed + if (!isOpen()) { + return; + } + + if (this.channelListeners.add(listener)) { + } else { + } + } + + @Override + public void removeChannelListener(ChannelListener listener) { + if (listener == null) { + return; + } + + ChannelListener.validateListener(listener); + if (this.channelListeners.remove(listener)) { + } else { + } + } + + @Override + public ChannelListener getChannelListenerProxy() { + return channelListenerProxy; + } + + @Override + public PortForwardingEventListener getPortForwardingEventListenerProxy() { + return tunnelListenerProxy; + } + + @Override + public void addPortForwardingEventListener(PortForwardingEventListener listener) { + PortForwardingEventListener.validateListener(listener); + // avoid race conditions on notifications while session is being closed + if (!isOpen()) { + return; + } + + if (this.tunnelListeners.add(listener)) { + } else { + } + } + + @Override + public void removePortForwardingEventListener(PortForwardingEventListener listener) { + if (listener == null) { + return; + } + + PortForwardingEventListener.validateListener(listener); + if (this.tunnelListeners.remove(listener)) { + } else { + } + } + + @Override + public KeyExchangeFuture reExchangeKeys() throws IOException { + try { + requestNewKeysExchange(); + } catch (GeneralSecurityException e) { + throw ValidateUtils.initializeExceptionCause( + new ProtocolException( + "Failed (" + e.getClass().getSimpleName() + ")" + + " to generate keys for exchange: " + e.getMessage()), + e); + } catch (Exception e) { + GenericUtils.rethrowAsIoException(e); + return null; // actually dead code + } + + return ValidateUtils.checkNotNull( + kexFutureHolder.get(), "No current KEX future on state=%s", kexState); + } + + /** + * Checks if a re-keying is required and if so initiates it + * + * @return A {@link KeyExchangeFuture} to wait for the initiated exchange or {@code null} if no need to + * re-key or an exchange is already in progress + * @throws Exception If failed load/generate the keys or send the request + * @see #isRekeyRequired() + * @see #requestNewKeysExchange() + */ + protected KeyExchangeFuture checkRekey() throws Exception { + return isRekeyRequired() ? requestNewKeysExchange() : null; + } + + /** + * Initiates a new keys exchange if one not already in progress + * + * @return A {@link KeyExchangeFuture} to wait for the initiated exchange or {@code null} if an exchange + * is already in progress + * @throws Exception If failed to load/generate the keys or send the request + */ + protected KeyExchangeFuture requestNewKeysExchange() throws Exception { + if (!kexState.compareAndSet(KexState.DONE, KexState.INIT)) { + + return null; + } + + sendKexInit(); + + DefaultKeyExchangeFuture newFuture = new DefaultKeyExchangeFuture(toString(), null); + DefaultKeyExchangeFuture kexFuture = kexFutureHolder.getAndSet(newFuture); + if (kexFuture != null) { + synchronized (kexFuture) { + Object value = kexFuture.getValue(); + if (value == null) { + kexFuture.setValue(new SshException("New KEX started while previous one still ongoing")); + } + } + } + + return newFuture; + } + + protected boolean isRekeyRequired() { + if ((!isOpen()) || isClosing() || isClosed()) { + return false; + } + + KexState curState = kexState.get(); + if (!KexState.DONE.equals(curState)) { + return false; + } + + return isRekeyTimeIntervalExceeded() + || isRekeyPacketCountsExceeded() + || isRekeyBlocksCountExceeded() + || isRekeyDataSizeExceeded(); + } + + protected boolean isRekeyTimeIntervalExceeded() { + if (GenericUtils.isNegativeOrNull(maxRekeyInterval)) { + return false; // disabled + } + + Instant now = Instant.now(); + Duration rekeyDiff = Duration.between(lastKeyTimeValue.get(), now); + boolean rekey = rekeyDiff.compareTo(maxRekeyInterval) > 0; + return rekey; + } + + protected boolean isRekeyPacketCountsExceeded() { + if (maxRekyPackets <= 0L) { + return false; // disabled + } + + boolean rekey = (inPacketsCount.get() > maxRekyPackets) + || (outPacketsCount.get() > maxRekyPackets); + if (rekey) { + } + + return rekey; + } + + protected boolean isRekeyDataSizeExceeded() { + if (maxRekeyBytes <= 0L) { + return false; + } + + boolean rekey = (inBytesCount.get() > maxRekeyBytes) || (outBytesCount.get() > maxRekeyBytes); + if (rekey) { + } + + return rekey; + } + + protected boolean isRekeyBlocksCountExceeded() { + long maxBlocks = maxRekeyBlocks.get(); + if (maxBlocks <= 0L) { + return false; + } + + boolean rekey = (inBlocksCount.get() > maxBlocks) || (outBlocksCount.get() > maxBlocks); + if (rekey) { + } + + return rekey; + } + + @Override + protected String resolveSessionKexProposal(String hostKeyTypes) throws IOException { + String proposal = super.resolveSessionKexProposal(hostKeyTypes); + // see https://tools.ietf.org/html/rfc8308 + KexExtensionHandler extHandler = getKexExtensionHandler(); + if ((extHandler == null) || (!extHandler.isKexExtensionsAvailable(this, AvailabilityPhase.PROPOSAL))) { + return proposal; + } + + String extType = isServerSession() ? KexExtensions.SERVER_KEX_EXTENSION : KexExtensions.CLIENT_KEX_EXTENSION; + if (GenericUtils.isEmpty(proposal)) { + return extType; + } else { + return proposal + "," + extType; + } + } + + protected byte[] sendKexInit() throws Exception { + String resolvedAlgorithms = resolveAvailableSignaturesProposal(); + if (GenericUtils.isEmpty(resolvedAlgorithms)) { + throw new SshException( + SshConstants.SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE, + "sendKexInit() no resolved signatures available"); + } + + Map proposal = createProposal(resolvedAlgorithms); + KexExtensionHandler extHandler = getKexExtensionHandler(); + if (extHandler != null) { + extHandler.handleKexInitProposal(this, true, proposal); + } + + signalNegotiationOptionsCreated(proposal); + + byte[] seed; + synchronized (kexState) { + seed = sendKexInit(proposal); + setKexSeed(seed); + } + + return seed; + } + + protected byte[] getClientKexData() { + synchronized (kexState) { + return (clientKexData == null) ? null : clientKexData.clone(); + } + } + + protected void setClientKexData(byte[] data) { + ValidateUtils.checkNotNullAndNotEmpty(data, "No client KEX seed"); + synchronized (kexState) { + clientKexData = data.clone(); + } + } + + protected byte[] getServerKexData() { + synchronized (kexState) { + return (serverKexData == null) ? null : serverKexData.clone(); + } + } + + protected void setServerKexData(byte[] data) { + ValidateUtils.checkNotNullAndNotEmpty(data, "No server KEX seed"); + synchronized (kexState) { + serverKexData = data.clone(); + } + } + + /** + * @param seed The result of the KEXINIT handshake - required for correct session key establishment + */ + protected abstract void setKexSeed(byte... seed); + + /** + * @return A comma-separated list of all the signature protocols to be included in the + * proposal - {@code null}/empty if no proposal + * @throws IOException If failed to read/parse the keys data + * @throws GeneralSecurityException If failed to generate the keys + * @see #getFactoryManager() + * @see #resolveAvailableSignaturesProposal(FactoryManager) + */ + protected String resolveAvailableSignaturesProposal() + throws IOException, GeneralSecurityException { + return resolveAvailableSignaturesProposal(getFactoryManager()); + } + + /** + * @param manager The {@link FactoryManager} + * @return A comma-separated list of all the signature protocols to be included in the + * proposal - {@code null}/empty if no proposal + * @throws IOException If failed to read/parse the keys data + * @throws GeneralSecurityException If failed to generate the keys + */ + protected abstract String resolveAvailableSignaturesProposal(FactoryManager manager) + throws IOException, GeneralSecurityException; + + /** + * Indicates the the key exchange is completed and the exchanged keys can now be verified - e.g., client can verify + * the server's key + * + * @throws IOException If validation failed + */ + protected abstract void checkKeys() throws IOException; + + protected byte[] receiveKexInit(Buffer buffer) throws Exception { + Map proposal = new EnumMap<>(KexProposalOption.class); + + byte[] seed; + synchronized (kexState) { + seed = receiveKexInit(buffer, proposal); + receiveKexInit(proposal, seed); + } + + return seed; + } + + protected abstract void receiveKexInit( + Map proposal, byte[] seed) + throws IOException; + + /** + * Retrieve the SSH session from the I/O session. If the session has not been attached, an exception will be thrown + * + * @param ioSession The {@link IoSession} + * @return The SSH session attached to the I/O session + * @see #getSession(IoSession, boolean) + * @throws MissingAttachedSessionException if no attached SSH session + */ + public static AbstractSession getSession(IoSession ioSession) + throws MissingAttachedSessionException { + return getSession(ioSession, false); + } + + /** + * Attach an SSH {@link AbstractSession} to the I/O session + * + * @param ioSession The {@link IoSession} + * @param session The SSH session to attach + * @throws MultipleAttachedSessionException If a previous session already attached + */ + public static void attachSession(IoSession ioSession, AbstractSession session) + throws MultipleAttachedSessionException { + Objects.requireNonNull(ioSession, "No I/O session"); + Objects.requireNonNull(session, "No SSH session"); + Object prev = ioSession.setAttributeIfAbsent(SESSION, session); + if (prev != null) { + throw new MultipleAttachedSessionException( + "Multiple attached session to " + ioSession + ": " + prev + " and " + session); + } + } + + /** + * Retrieve the session SSH from the I/O session. If the session has not been attached and allowNull is + * false, an exception will be thrown, otherwise a {@code null} will be returned. + * + * @param ioSession The {@link IoSession} + * @param allowNull If true, a {@code null} value may be returned if no session + * is attached + * @return the session attached to the I/O session or {@code null} + * @throws MissingAttachedSessionException if no attached session and allowNull=false + */ + public static AbstractSession getSession(IoSession ioSession, boolean allowNull) + throws MissingAttachedSessionException { + AbstractSession session = (AbstractSession) ioSession.getAttribute(SESSION); + if ((session == null) && (!allowNull)) { + throw new MissingAttachedSessionException("No session attached to " + ioSession); + } + + return session; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/AbstractSessionFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/AbstractSessionFactory.java new file mode 100644 index 0000000..a99c6da --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/AbstractSessionFactory.java @@ -0,0 +1,56 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.session.helpers; + +import java.util.Objects; + +import org.apache.sshd.common.FactoryManager; +import org.apache.sshd.common.io.IoSession; + +/** + * An abstract base factory of sessions. + * + * @param Type of {@link FactoryManager} + * @param Type of {@link AbstractSession} + * @author Apache MINA SSHD Project + */ +public abstract class AbstractSessionFactory + extends AbstractSessionIoHandler { + private final M manager; + + protected AbstractSessionFactory(M manager) { + this.manager = Objects.requireNonNull(manager, "No factory manager instance"); + } + + public M getFactoryManager() { + return manager; + } + + @Override + protected S createSession(IoSession ioSession) throws Exception { + S session = doCreateSession(ioSession); + return setupSession(session); + } + + protected abstract S doCreateSession(IoSession ioSession) throws Exception; + + protected S setupSession(S session) throws Exception { + return session; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/AbstractSessionIoHandler.java b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/AbstractSessionIoHandler.java new file mode 100644 index 0000000..9ca4f53 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/AbstractSessionIoHandler.java @@ -0,0 +1,70 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.session.helpers; + +import org.apache.sshd.common.RuntimeSshException; +import org.apache.sshd.common.io.IoHandler; +import org.apache.sshd.common.io.IoSession; +import org.apache.sshd.common.util.Readable; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * TODO Add javadoc + * + * @author Apache MINA SSHD Project + */ +public abstract class AbstractSessionIoHandler implements IoHandler { + protected AbstractSessionIoHandler() { + super(); + } + + @Override + public void sessionCreated(IoSession ioSession) throws Exception { + ValidateUtils.checkNotNull(createSession(ioSession), "No session created for %s", ioSession); + } + + @Override + public void sessionClosed(IoSession ioSession) throws Exception { + AbstractSession session = AbstractSession.getSession(ioSession); + session.close(true); + } + + @Override + public void exceptionCaught(IoSession ioSession, Throwable cause) throws Exception { + AbstractSession session = AbstractSession.getSession(ioSession, true); + if (session != null) { + session.exceptionCaught(cause); + } else { + throw new MissingAttachedSessionException( + "No session available to signal caught exception=" + cause.getClass().getSimpleName(), cause); + } + } + + @Override + public void messageReceived(IoSession ioSession, Readable message) throws Exception { + AbstractSession session = AbstractSession.getSession(ioSession); + try { + session.messageReceived(message); + } catch (Error e) { + throw new RuntimeSshException(e); + } + } + + protected abstract AbstractSession createSession(IoSession ioSession) throws Exception; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/DefaultUnknownChannelReferenceHandler.java b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/DefaultUnknownChannelReferenceHandler.java new file mode 100644 index 0000000..9e8c18e --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/DefaultUnknownChannelReferenceHandler.java @@ -0,0 +1,89 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.session.helpers; + +import java.io.IOException; + +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.channel.Channel; +import org.apache.sshd.common.io.IoWriteFuture; +import org.apache.sshd.common.session.ConnectionService; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.session.UnknownChannelReferenceHandler; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.CoreModuleProperties; + +/** + * @author Apache MINA SSHD Project + */ +public class DefaultUnknownChannelReferenceHandler + implements UnknownChannelReferenceHandler { + + public static final DefaultUnknownChannelReferenceHandler INSTANCE = new DefaultUnknownChannelReferenceHandler(); + + public DefaultUnknownChannelReferenceHandler() { + super(); + } + + @Override + public Channel handleUnknownChannelCommand( + ConnectionService service, byte cmd, int channelId, Buffer buffer) + throws IOException { + Session session = service.getSession(); + + boolean wantReply = false; + switch (cmd) { + case SshConstants.SSH_MSG_CHANNEL_REQUEST: { + /* + * From RFC 4252 - section 5.4: + * + * If the request is not recognized or is not supported for the channel, SSH_MSG_CHANNEL_FAILURE is + * returned + */ + String req = buffer.getString(); + wantReply = buffer.getBoolean(); + break; + } + + case SshConstants.SSH_MSG_CHANNEL_DATA: + case SshConstants.SSH_MSG_CHANNEL_EXTENDED_DATA: + wantReply = CoreModuleProperties.SEND_REPLY_FOR_CHANNEL_DATA.getRequired(session); + break; + + default: // do nothing + } + + if (wantReply) { + sendFailureResponse(service, cmd, channelId); + } + + return null; + } + + protected IoWriteFuture sendFailureResponse( + ConnectionService service, byte cmd, int channelId) + throws IOException { + Session session = service.getSession(); + + Buffer rsp = session.createBuffer(SshConstants.SSH_MSG_CHANNEL_FAILURE, Integer.BYTES); + rsp.putInt(channelId); + return session.writePacket(rsp); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/MissingAttachedSessionException.java b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/MissingAttachedSessionException.java new file mode 100644 index 0000000..39a50c5 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/MissingAttachedSessionException.java @@ -0,0 +1,38 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.session.helpers; + +/** + * Special exception returned by {@link AbstractSession#getSession(org.apache.sshd.common.io.IoSession, boolean)} to + * indicate that there is no currently attached SSH session + * + * @author Apache MINA SSHD Project + */ +public class MissingAttachedSessionException extends IllegalStateException { + private static final long serialVersionUID = -7660805009035307684L; + + public MissingAttachedSessionException(String s) { + super(s); + } + + public MissingAttachedSessionException(String message, Throwable cause) { + super(message, cause); + } + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/MultipleAttachedSessionException.java b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/MultipleAttachedSessionException.java new file mode 100644 index 0000000..5f67fb8 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/MultipleAttachedSessionException.java @@ -0,0 +1,38 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.session.helpers; + +/** + * Special exception thrown by + * {@link AbstractSession#attachSession(org.apache.sshd.common.io.IoSession, AbstractSession)} in order to indicate an + * already attached I/O session + * + * @author Apache MINA SSHD Project + */ +public class MultipleAttachedSessionException extends IllegalStateException { + private static final long serialVersionUID = 4488792374797444445L; + + public MultipleAttachedSessionException(String s) { + super(s); + } + + public MultipleAttachedSessionException(String message, Throwable cause) { + super(message, cause); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/PendingWriteFuture.java b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/PendingWriteFuture.java new file mode 100644 index 0000000..e9ed38d --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/PendingWriteFuture.java @@ -0,0 +1,62 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.session.helpers; + +import java.util.Objects; + +import org.apache.sshd.common.future.SshFutureListener; +import org.apache.sshd.common.io.AbstractIoWriteFuture; +import org.apache.sshd.common.io.IoWriteFuture; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * Future holding a packet pending key exchange termination. + * + * @author Apache MINA SSHD Project + */ +public class PendingWriteFuture extends AbstractIoWriteFuture implements SshFutureListener { + private final Buffer buffer; + + public PendingWriteFuture(Object id, Buffer buffer) { + super(id, null); + this.buffer = Objects.requireNonNull(buffer, "No buffer provided"); + } + + public Buffer getBuffer() { + return buffer; + } + + public void setWritten() { + setValue(Boolean.TRUE); + } + + public void setException(Throwable cause) { + Objects.requireNonNull(cause, "No cause specified"); + setValue(cause); + } + + @Override + public void operationComplete(IoWriteFuture future) { + if (future.isWritten()) { + setWritten(); + } else { + setException(future.getException()); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/ReservedSessionMessagesHandlerAdapter.java b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/ReservedSessionMessagesHandlerAdapter.java new file mode 100644 index 0000000..83a2adc --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/ReservedSessionMessagesHandlerAdapter.java @@ -0,0 +1,71 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.session.helpers; + +import java.util.List; + +import org.apache.sshd.common.io.IoWriteFuture; +import org.apache.sshd.common.session.ReservedSessionMessagesHandler; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * Delegates the main interface methods to specific ones after having decoded each message buffer + * + * @author Apache MINA SSHD Project + */ +public class ReservedSessionMessagesHandlerAdapter + implements ReservedSessionMessagesHandler { + public static final ReservedSessionMessagesHandlerAdapter DEFAULT = new ReservedSessionMessagesHandlerAdapter(); + + public ReservedSessionMessagesHandlerAdapter() { + super(); + } + + @Override + public IoWriteFuture sendIdentification(Session session, String version, List extraLines) throws Exception { + + + return null; + } + + @Override + public void handleIgnoreMessage(Session session, Buffer buffer) throws Exception { + handleIgnoreMessage(session, buffer.getBytes(), buffer); + } + + public void handleIgnoreMessage(Session session, byte[] data, Buffer buffer) throws Exception { + } + + @Override + public void handleDebugMessage(Session session, Buffer buffer) throws Exception { + handleDebugMessage(session, buffer.getBoolean(), buffer.getString(), buffer.getString(), buffer); + } + + public void handleDebugMessage( + Session session, boolean display, String msg, String lang, Buffer buffer) + throws Exception { + } + + @Override + public boolean handleUnimplementedMessage(Session session, int cmd, Buffer buffer) throws Exception { + return false; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/SessionHelper.java b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/SessionHelper.java new file mode 100644 index 0000000..9b107fc --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/SessionHelper.java @@ -0,0 +1,1277 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.session.helpers; + +import java.io.IOException; +import java.io.StreamCorruptedException; +import java.net.SocketAddress; +import java.nio.charset.StandardCharsets; +import java.time.Duration; +import java.time.Instant; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.EnumMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.NavigableSet; +import java.util.Objects; +import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.ScheduledExecutorService; +import java.util.concurrent.ScheduledFuture; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.TimeoutException; +import java.util.concurrent.atomic.AtomicReference; +import java.util.function.Function; + +import org.apache.sshd.common.AttributeRepository; +import org.apache.sshd.common.FactoryManager; +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.PropertyResolver; +import org.apache.sshd.common.RuntimeSshException; +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.SshException; +import org.apache.sshd.common.channel.throttle.ChannelStreamWriterResolver; +import org.apache.sshd.common.channel.throttle.ChannelStreamWriterResolverManager; +import org.apache.sshd.common.digest.Digest; +import org.apache.sshd.common.forward.Forwarder; +import org.apache.sshd.common.future.DefaultSshFuture; +import org.apache.sshd.common.io.IoSession; +import org.apache.sshd.common.io.IoWriteFuture; +import org.apache.sshd.common.kex.AbstractKexFactoryManager; +import org.apache.sshd.common.kex.KexProposalOption; +import org.apache.sshd.common.random.Random; +import org.apache.sshd.common.session.ConnectionService; +import org.apache.sshd.common.session.ReservedSessionMessagesHandler; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.session.SessionDisconnectHandler; +import org.apache.sshd.common.session.SessionListener; +import org.apache.sshd.common.session.UnknownChannelReferenceHandler; +import org.apache.sshd.common.session.helpers.TimeoutIndicator.TimeoutStatus; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.Invoker; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.BufferUtils; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.common.util.net.SshdSocketAddress; +import org.apache.sshd.common.CoreModuleProperties; + +/** + * Contains split code in order to make {@link AbstractSession} class smaller + */ +public abstract class SessionHelper extends AbstractKexFactoryManager implements Session { + /** Session level lock for regulating access to sensitive data */ + protected final Object sessionLock = new Object(); + + // Session timeout measurements + protected Instant authStart = Instant.now(); + protected Instant idleStart = Instant.now(); + + /** Client or server side */ + private final boolean serverSession; + + /** The underlying network session */ + private final IoSession ioSession; + + /** The session specific properties */ + private final Map properties = new ConcurrentHashMap<>(); + + /** Session specific attributes */ + private final Map, Object> attributes = new ConcurrentHashMap<>(); + + // Session timeout measurements + private final AtomicReference timeoutStatus = new AtomicReference<>(TimeoutIndicator.NONE); + + private ReservedSessionMessagesHandler reservedSessionMessagesHandler; + private SessionDisconnectHandler sessionDisconnectHandler; + private UnknownChannelReferenceHandler unknownChannelReferenceHandler; + private ChannelStreamWriterResolver channelStreamPacketWriterResolver; + + /** + * The name of the authenticated user + */ + private volatile String username; + /** + * Boolean indicating if this session has been authenticated or not + */ + private volatile boolean authed; + + /** + * Create a new session. + * + * @param serverSession {@code true} if this is a server session, {@code false} if client one + * @param factoryManager the factory manager + * @param ioSession the underlying I/O session + */ + protected SessionHelper(boolean serverSession, FactoryManager factoryManager, IoSession ioSession) { + super(Objects.requireNonNull(factoryManager, "No factory manager provided")); + this.serverSession = serverSession; + this.ioSession = Objects.requireNonNull(ioSession, "No IoSession provided"); + } + + @Override + public IoSession getIoSession() { + return ioSession; + } + + @Override + public boolean isServerSession() { + return serverSession; + } + + @Override + public FactoryManager getFactoryManager() { + return (FactoryManager) getDelegate(); + } + + @Override + public PropertyResolver getParentPropertyResolver() { + return getFactoryManager(); + } + + @Override + public Map getProperties() { + return properties; + } + + @Override + public int getAttributesCount() { + return attributes.size(); + } + + @Override + @SuppressWarnings("unchecked") + public T getAttribute(AttributeKey key) { + return (T) attributes.get(Objects.requireNonNull(key, "No key")); + } + + @Override + public Collection> attributeKeys() { + return attributes.isEmpty() ? Collections.emptySet() : new HashSet<>(attributes.keySet()); + } + + @Override + @SuppressWarnings({ "unchecked", "rawtypes" }) + public T computeAttributeIfAbsent( + AttributeKey key, + Function, ? extends T> resolver) { + return (T) attributes.computeIfAbsent(Objects.requireNonNull(key, "No key"), (Function) resolver); + } + + @Override + @SuppressWarnings("unchecked") + public T setAttribute(AttributeKey key, T value) { + return (T) attributes.put( + Objects.requireNonNull(key, "No key"), + Objects.requireNonNull(value, "No value")); + } + + @Override + @SuppressWarnings("unchecked") + public T removeAttribute(AttributeKey key) { + return (T) attributes.remove(Objects.requireNonNull(key, "No key")); + } + + @Override + public void clearAttributes() { + attributes.clear(); + } + + @Override + public String getUsername() { + return username; + } + + @Override + public void setUsername(String username) { + this.username = username; + } + + @Override + public boolean isAuthenticated() { + return authed; + } + + @Override + public void setAuthenticated() throws IOException { + this.authed = true; + try { + signalSessionEvent(SessionListener.Event.Authenticated); + } catch (Exception e) { + GenericUtils.rethrowAsIoException(e); + } + } + + /** + * Checks whether the session has timed out (both authentication and idle timeouts are checked). If the session has + * timed out, a DISCONNECT message will be sent. + * + * @return An indication whether timeout has been detected + * @throws IOException If failed to check + * @see #checkAuthenticationTimeout(Instant, Duration) + * @see #checkIdleTimeout(Instant, Duration) + */ + protected TimeoutIndicator checkForTimeouts() throws IOException { + if ((!isOpen()) || isClosing() || isClosed()) { + return TimeoutIndicator.NONE; + } + + // If already detected a timeout don't check again + TimeoutIndicator result = timeoutStatus.get(); + TimeoutStatus status = (result == null) ? TimeoutStatus.NoTimeout : result.getStatus(); + if ((status != null) && (status != TimeoutStatus.NoTimeout)) { + return result; + } + + Instant now = Instant.now(); + result = checkAuthenticationTimeout(now, getAuthTimeout()); + if (result == null) { + result = checkIdleTimeout(now, getIdleTimeout()); + } + + status = (result == null) ? TimeoutStatus.NoTimeout : result.getStatus(); + if ((status == null) || TimeoutStatus.NoTimeout.equals(status)) { + return TimeoutIndicator.NONE; + } + + boolean resetTimeout = false; + try { + SessionDisconnectHandler handler = getSessionDisconnectHandler(); + resetTimeout = (handler != null) && handler.handleTimeoutDisconnectReason(this, result); + } catch (RuntimeException | IOException e) { + // If disconnect handler throws an exception continue with the disconnect + } + + if (resetTimeout) { + + switch (status) { + case AuthTimeout: + resetAuthTimeout(); + break; + case IdleTimeout: + resetIdleTimeout(); + break; + + default: // ignored + } + + return TimeoutIndicator.NONE; + } + + + timeoutStatus.set(result); + + disconnect(SshConstants.SSH2_DISCONNECT_PROTOCOL_ERROR, + "Detected " + status + " after " + result.getExpiredValue() + + "/" + result.getThresholdValue() + " ms."); + return result; + } + + @Override + public Instant getAuthTimeoutStart() { + return authStart; + } + + @Override + public Instant resetAuthTimeout() { + Instant value = getAuthTimeoutStart(); + this.authStart = Instant.now(); + return value; + } + + /** + * Checks if authentication timeout expired + * + * @param now The current time in millis + * @param authTimeout The configured timeout - if non-positive then no timeout + * @return A {@link TimeoutIndicator} specifying the timeout status and disconnect reason message if + * timeout expired, {@code null} or {@code NoTimeout} if no timeout occurred + * @see #getAuthTimeout() + */ + protected TimeoutIndicator checkAuthenticationTimeout(Instant now, Duration authTimeout) { + Duration d = Duration.between(authStart, now); + if ((!isAuthenticated()) && GenericUtils.isPositive(authTimeout) && (d.compareTo(authTimeout) > 0)) { + return new TimeoutIndicator(TimeoutStatus.AuthTimeout, authTimeout, d); + } else { + return null; + } + } + + @Override + public Instant getIdleTimeoutStart() { + return idleStart; + } + + /** + * Checks if idle timeout expired + * + * @param now The current time in millis + * @param idleTimeout The configured timeout - if non-positive then no timeout + * @return A {@link TimeoutIndicator} specifying the timeout status and disconnect reason message if + * timeout expired, {@code null} or {@code NoTimeout} if no timeout occurred + * @see #getIdleTimeout() + */ + protected TimeoutIndicator checkIdleTimeout(Instant now, Duration idleTimeout) { + Duration d = Duration.between(idleStart, now); + if (isAuthenticated() && GenericUtils.isPositive(idleTimeout) && (d.compareTo(idleTimeout) > 0)) { + return new TimeoutIndicator(TimeoutStatus.IdleTimeout, idleTimeout, d); + } else { + return null; + } + } + + @Override + public Instant resetIdleTimeout() { + Instant value = getIdleTimeoutStart(); + this.idleStart = Instant.now(); + return value; + } + + @Override + public TimeoutIndicator getTimeoutStatus() { + return timeoutStatus.get(); + } + + @Override + public ReservedSessionMessagesHandler getReservedSessionMessagesHandler() { + return resolveEffectiveProvider(ReservedSessionMessagesHandler.class, + reservedSessionMessagesHandler, getFactoryManager().getReservedSessionMessagesHandler()); + } + + @Override + public void setReservedSessionMessagesHandler(ReservedSessionMessagesHandler handler) { + reservedSessionMessagesHandler = handler; + } + + @Override + public SessionDisconnectHandler getSessionDisconnectHandler() { + return resolveEffectiveProvider(SessionDisconnectHandler.class, + sessionDisconnectHandler, getFactoryManager().getSessionDisconnectHandler()); + } + + @Override + public void setSessionDisconnectHandler(SessionDisconnectHandler sessionDisconnectHandler) { + this.sessionDisconnectHandler = sessionDisconnectHandler; + } + + protected void handleIgnore(Buffer buffer) throws Exception { + // malformed ignore message - ignore (even though we don't have to, but we can be tolerant in this case) + if (!buffer.isValidMessageStructure(byte[].class)) { + return; + } + resetIdleTimeout(); + doInvokeIgnoreMessageHandler(buffer); + } + + /** + * Invoked by {@link #handleDebug(Buffer)} after validating that the buffer structure seems well-formed and also + * resetting the idle timeout. By default, retrieves the {@link #resolveReservedSessionMessagesHandler() + * ReservedSessionMessagesHandler} and invokes its + * {@link ReservedSessionMessagesHandler#handleIgnoreMessage(Session, Buffer) handleIgnoreMessage} method. + * + * @param buffer The input {@link Buffer} + * @throws Exception if failed to handle the message + */ + protected void doInvokeIgnoreMessageHandler(Buffer buffer) throws Exception { + ReservedSessionMessagesHandler handler = resolveReservedSessionMessagesHandler(); + handler.handleIgnoreMessage(this, buffer); + } + + /** + * Sends a {@code SSH_MSG_UNIMPLEMENTED} message + * + * @param seqNoValue The referenced sequence number + * @return An {@link IoWriteFuture} that can be used to wait for packet write completion + * @throws IOException if an error occurred sending the packet + */ + protected IoWriteFuture sendNotImplemented(long seqNoValue) throws IOException { + Buffer buffer = createBuffer(SshConstants.SSH_MSG_UNIMPLEMENTED, Byte.SIZE); + buffer.putInt(seqNoValue); + return writePacket(buffer); + } + + protected void handleUnimplemented(Buffer buffer) throws Exception { + if (!buffer.isValidMessageStructure(int.class)) { + return; + } + resetIdleTimeout(); + doInvokeUnimplementedMessageHandler(SshConstants.SSH_MSG_UNIMPLEMENTED, buffer); + } + + /** + * @param cmd The unimplemented command + * @param buffer The input {@link Buffer} + * @return Result of invoking + * {@link ReservedSessionMessagesHandler#handleUnimplementedMessage(Session, int, Buffer) + * handleUnimplementedMessage} + * @throws Exception if failed to handle the message + */ + protected boolean doInvokeUnimplementedMessageHandler(int cmd, Buffer buffer) throws Exception { + ReservedSessionMessagesHandler handler = resolveReservedSessionMessagesHandler(); + return handler.handleUnimplementedMessage(this, cmd, buffer); + } + + @Override + public IoWriteFuture sendDebugMessage(boolean display, Object msg, String lang) throws IOException { + String text = Objects.toString(msg, ""); + lang = (lang == null) ? "" : lang; + + Buffer buffer = createBuffer(SshConstants.SSH_MSG_DEBUG, + text.length() + lang.length() + Integer.SIZE /* a few extras */); + buffer.putBoolean(display); + buffer.putString(text); + buffer.putString(lang); + return writePacket(buffer); + } + + protected void handleDebug(Buffer buffer) throws Exception { + // malformed ignore message - ignore (even though we don't have to, but we can be tolerant in this case) + if (!buffer.isValidMessageStructure(boolean.class, String.class, String.class)) { + return; + } + + resetIdleTimeout(); + doInvokeDebugMessageHandler(buffer); + } + + /** + * Invoked by {@link #handleDebug(Buffer)} after validating that the buffer structure seems well-formed and also + * resetting the idle timeout. By default, retrieves the {@link #resolveReservedSessionMessagesHandler() + * ReservedSessionMessagesHandler} and invokes its + * {@link ReservedSessionMessagesHandler#handleDebugMessage(Session, Buffer) handleDebugMessage} method. + * + * @param buffer The input {@link Buffer} + * @throws Exception if failed to handle the message + */ + protected void doInvokeDebugMessageHandler(Buffer buffer) throws Exception { + ReservedSessionMessagesHandler handler = resolveReservedSessionMessagesHandler(); + handler.handleDebugMessage(this, buffer); + } + + protected ReservedSessionMessagesHandler resolveReservedSessionMessagesHandler() { + ReservedSessionMessagesHandler handler = getReservedSessionMessagesHandler(); + return (handler == null) ? ReservedSessionMessagesHandlerAdapter.DEFAULT : handler; + } + + @Override + public UnknownChannelReferenceHandler getUnknownChannelReferenceHandler() { + return unknownChannelReferenceHandler; + } + + @Override + public void setUnknownChannelReferenceHandler(UnknownChannelReferenceHandler unknownChannelReferenceHandler) { + this.unknownChannelReferenceHandler = unknownChannelReferenceHandler; + } + + @Override + public UnknownChannelReferenceHandler resolveUnknownChannelReferenceHandler() { + UnknownChannelReferenceHandler handler = getUnknownChannelReferenceHandler(); + if (handler != null) { + return handler; + } + + FactoryManager mgr = getFactoryManager(); + return (mgr == null) ? null : mgr.resolveUnknownChannelReferenceHandler(); + } + + @Override + public ChannelStreamWriterResolver getChannelStreamWriterResolver() { + return channelStreamPacketWriterResolver; + } + + @Override + public void setChannelStreamWriterResolver(ChannelStreamWriterResolver resolver) { + channelStreamPacketWriterResolver = resolver; + } + + @Override + public ChannelStreamWriterResolver resolveChannelStreamWriterResolver() { + ChannelStreamWriterResolver resolver = getChannelStreamWriterResolver(); + if (resolver != null) { + return resolver; + } + + ChannelStreamWriterResolverManager manager = getFactoryManager(); + return manager.resolveChannelStreamWriterResolver(); + } + + @Override + public IoWriteFuture sendIgnoreMessage(byte... data) throws IOException { + data = (data == null) ? GenericUtils.EMPTY_BYTE_ARRAY : data; + Buffer buffer = createBuffer(SshConstants.SSH_MSG_IGNORE, data.length + Byte.SIZE); + buffer.putBytes(data); + return writePacket(buffer); + } + + @Override + public IoWriteFuture writePacket(Buffer buffer, long timeout, TimeUnit unit) throws IOException { + IoWriteFuture writeFuture = writePacket(buffer); + @SuppressWarnings("unchecked") + DefaultSshFuture future = (DefaultSshFuture) writeFuture; + FactoryManager factoryManager = getFactoryManager(); + ScheduledExecutorService executor = factoryManager.getScheduledExecutorService(); + ScheduledFuture sched = executor.schedule(() -> { + Throwable t = new TimeoutException("Timeout writing packet: " + timeout + " " + unit); + future.setValue(t); + }, timeout, unit); + future.addListener(f -> sched.cancel(false)); + return writeFuture; + } + + protected void signalSessionEstablished(IoSession ioSession) throws Exception { + try { + invokeSessionSignaller(l -> { + signalSessionEstablished(l); + return null; + }); + } catch (Throwable err) { + Throwable e = GenericUtils.peelException(err); + if (e instanceof Exception) { + throw (Exception) e; + } else { + throw new RuntimeSshException(e); + } + } + } + + protected void signalSessionEstablished(SessionListener listener) { + if (listener == null) { + return; + } + listener.sessionEstablished(this); + } + + protected void signalSessionCreated(IoSession ioSession) throws Exception { + try { + invokeSessionSignaller(l -> { + signalSessionCreated(l); + return null; + }); + } catch (Throwable err) { + Throwable e = GenericUtils.peelException(err); + if (e instanceof Exception) { + throw (Exception) e; + } else { + throw new RuntimeSshException(e); + } + } + } + + protected void signalSessionCreated(SessionListener listener) { + if (listener == null) { + return; + } + listener.sessionCreated(this); + } + + protected void signalSendIdentification(String version, List extraLines) throws Exception { + try { + invokeSessionSignaller(l -> { + signalSendIdentification(l, version, extraLines); + return null; + }); + } catch (Throwable err) { + Throwable e = GenericUtils.peelException(err); + if (e instanceof Exception) { + throw (Exception) e; + } else { + throw new RuntimeSshException(e); + } + } + } + + protected void signalSendIdentification(SessionListener listener, String version, List extraLines) { + if (listener == null) { + return; + } + + listener.sessionPeerIdentificationSend(this, version, extraLines); + } + + protected void signalReadPeerIdentificationLine(String line, List extraLines) throws Exception { + try { + invokeSessionSignaller(l -> { + signalReadPeerIdentificationLine(l, line, extraLines); + return null; + }); + } catch (Throwable err) { + Throwable e = GenericUtils.peelException(err); + if (e instanceof Exception) { + throw (Exception) e; + } else { + throw new RuntimeSshException(e); + } + } + } + + protected void signalReadPeerIdentificationLine( + SessionListener listener, String version, List extraLines) { + if (listener == null) { + return; + } + + listener.sessionPeerIdentificationLine(this, version, extraLines); + } + + protected void signalPeerIdentificationReceived(String version, List extraLines) throws Exception { + try { + invokeSessionSignaller(l -> { + signalPeerIdentificationReceived(l, version, extraLines); + return null; + }); + } catch (Throwable err) { + Throwable e = GenericUtils.peelException(err); + if (e instanceof Exception) { + throw (Exception) e; + } else { + throw new RuntimeSshException(e); + } + } + } + + protected void signalPeerIdentificationReceived( + SessionListener listener, String version, List extraLines) { + if (listener == null) { + return; + } + + listener.sessionPeerIdentificationReceived(this, version, extraLines); + } + + /** + * Sends a session event to all currently registered session listeners + * + * @param event The event to send + * @throws Exception If any of the registered listeners threw an exception. + */ + protected void signalSessionEvent(SessionListener.Event event) throws Exception { + try { + invokeSessionSignaller(l -> { + signalSessionEvent(l, event); + return null; + }); + } catch (Throwable err) { + Throwable t = GenericUtils.peelException(err); + if (t instanceof Exception) { + throw (Exception) t; + } else { + throw new RuntimeSshException(t); + } + } + } + + protected void signalSessionEvent(SessionListener listener, SessionListener.Event event) throws IOException { + if (listener == null) { + return; + } + + listener.sessionEvent(this, event); + } + + protected void invokeSessionSignaller(Invoker invoker) throws Throwable { + FactoryManager manager = getFactoryManager(); + SessionListener[] listeners = { + (manager == null) ? null : manager.getSessionListenerProxy(), + getSessionListenerProxy() + }; + + Throwable err = null; + for (SessionListener l : listeners) { + if (l == null) { + continue; + } + + try { + invoker.invoke(l); + } catch (Throwable t) { + err = GenericUtils.accumulateException(err, t); + } + } + + if (err != null) { + throw err; + } + } + + /** + * Method used while putting new keys into use that will resize the key used to initialize the cipher to the needed + * length. + * + * @param e the key to resize + * @param kdfSize the cipher key-derivation-factor (in bytes) + * @param hash the hash algorithm + * @param k the key exchange k parameter + * @param h the key exchange h parameter + * @return the resized key + * @throws Exception if a problem occur while resizing the key + */ + protected byte[] resizeKey( + byte[] e, int kdfSize, Digest hash, byte[] k, byte[] h) + throws Exception { + for (Buffer buffer = null; kdfSize > e.length; buffer = BufferUtils.clear(buffer)) { + if (buffer == null) { + buffer = new ByteArrayBuffer(); + } + + buffer.putMPInt(k); + buffer.putRawBytes(h); + buffer.putRawBytes(e); + hash.update(buffer.array(), 0, buffer.available()); + + byte[] foo = hash.digest(); + byte[] bar = new byte[e.length + foo.length]; + System.arraycopy(e, 0, bar, 0, e.length); + System.arraycopy(foo, 0, bar, e.length, foo.length); + e = bar; + } + + return e; + } + + /** + * @param knownAddress Any externally set peer address - e.g., due to some proxy mechanism meta-data + * @return The external address if not {@code null} otherwise, the {@code IoSession} peer address + */ + protected SocketAddress resolvePeerAddress(SocketAddress knownAddress) { + if (knownAddress != null) { + return knownAddress; + } + + IoSession s = getIoSession(); + return (s == null) ? null : s.getRemoteAddress(); + } + + protected long calculateNextIgnorePacketCount(Random r, long freq, int variance) { + if ((freq <= 0L) || (variance < 0)) { + return -1L; + } + + if (variance == 0) { + return freq; + } + + int extra = r.random((variance < 0) ? (0 - variance) : variance); + long count = (variance < 0) ? (freq - extra) : (freq + extra); + + return count; + } + + /** + * Resolves the identification to send to the peer session by consulting the associated {@link FactoryManager}. If a + * value is set, then it is appended to the standard {@link SessionContext#DEFAULT_SSH_VERSION_PREFIX}. + * Otherwise a default value is returned consisting of the prefix and the core artifact name + version in + * uppercase - e.g.,' "SSH-2.0-APACHE-SSHD-1.2.3.4" + * + * @param configPropName The property used to query the factory manager + * @return The resolved identification value + */ + protected String resolveIdentificationString(String configPropName) { + FactoryManager manager = getFactoryManager(); + String ident = manager.getString(configPropName); + return SessionContext.DEFAULT_SSH_VERSION_PREFIX + (GenericUtils.isEmpty(ident) ? manager.getVersion() : ident); + } + + /** + * Send our identification. + * + * @param version our identification to send + * @param extraLines Extra lines to send - used only by server sessions + * @return {@link IoWriteFuture} that can be used to wait for notification that identification has been + * send + * @throws Exception If failed to send the packet + */ + protected IoWriteFuture sendIdentification(String version, List extraLines) throws Exception { + ReservedSessionMessagesHandler handler = getReservedSessionMessagesHandler(); + IoWriteFuture future = (handler == null) ? null : handler.sendIdentification(this, version, extraLines); + if (future != null) { + + return future; + } + + String ident = version; + if (GenericUtils.size(extraLines) > 0) { + ident = GenericUtils.join(extraLines, "\r\n") + "\r\n" + version; + } + + + IoSession networkSession = getIoSession(); + byte[] data = (ident + "\r\n").getBytes(StandardCharsets.UTF_8); + return networkSession.writeBuffer(new ByteArrayBuffer(data)); + } + + /** + * Read the remote identification from this buffer. If more data is needed, the buffer will be reset to its original + * state and a {@code null} value will be returned. Else the identification string will be returned and the data + * read will be consumed from the buffer. + * + * @param buffer the buffer containing the identification string + * @param server {@code true} if it is called by the server session, {@code false} if by the client session + * @return A {@link List} of all received remote identification lines until the version line was read or + * {@code null} if more data is needed. The identification line is the last one in the list + * @throws Exception if malformed identification found + */ + protected List doReadIdentification(Buffer buffer, boolean server) throws Exception { + int maxIdentSize = CoreModuleProperties.MAX_IDENTIFICATION_SIZE.getRequired(this); + List ident = null; + int rpos = buffer.rpos(); + for (byte[] data = new byte[SessionContext.MAX_VERSION_LINE_LENGTH];;) { + int pos = 0; // start accumulating line from scratch + for (boolean needLf = false;;) { + if (buffer.available() == 0) { + // Need more data, so undo reading and return null + buffer.rpos(rpos); + return null; + } + + byte b = buffer.getByte(); + /* + * According to RFC 4253 section 4.2: + * + * "The null character MUST NOT be sent" + */ + if (b == 0) { + throw new StreamCorruptedException( + "Incorrect identification (null characters not allowed) - " + + " at line " + (GenericUtils.size(ident) + 1) + " character #" + + (pos + 1) + + " after '" + new String(data, 0, pos, StandardCharsets.UTF_8) + "'"); + } + if (b == '\r') { + needLf = true; + continue; + } + + if (b == '\n') { + break; + } + + if (needLf) { + throw new StreamCorruptedException( + "Incorrect identification (bad line ending) " + + " at line " + (GenericUtils.size(ident) + 1) + + ": " + new String(data, 0, pos, StandardCharsets.UTF_8)); + } + + if (pos >= data.length) { + throw new StreamCorruptedException( + "Incorrect identification (line too long): " + + " at line " + (GenericUtils.size(ident) + 1) + + ": " + new String(data, 0, pos, StandardCharsets.UTF_8)); + } + + data[pos++] = b; + } + + String str = new String(data, 0, pos, StandardCharsets.UTF_8); + + if (ident == null) { + ident = new ArrayList<>(); + } + + signalReadPeerIdentificationLine(str, ident); + ident.add(str); + + // if this is a server then only one line is expected from the client + if (server || str.startsWith("SSH-")) { + return ident; + } + + if (buffer.rpos() > maxIdentSize) { + throw new StreamCorruptedException("Incorrect identification (too many header lines): size > " + maxIdentSize); + } + } + } + + protected String resolveSessionKexProposal(String hostKeyTypes) throws IOException { + return NamedResource.getNames( + ValidateUtils.checkNotNullAndNotEmpty(getKeyExchangeFactories(), "No KEX factories")); + } + + /** + * Create our proposal for SSH negotiation + * + * @param hostKeyTypes The comma-separated list of supported host key types + * @return The proposal {@link Map} + * @throws IOException If internal problem - e.g., KEX extensions negotiation issue + */ + protected Map createProposal(String hostKeyTypes) throws IOException { + Map proposal = new EnumMap<>(KexProposalOption.class); + String kexProposal = resolveSessionKexProposal(hostKeyTypes); + proposal.put(KexProposalOption.ALGORITHMS, kexProposal); + proposal.put(KexProposalOption.SERVERKEYS, hostKeyTypes); + + String ciphers = NamedResource.getNames( + ValidateUtils.checkNotNullAndNotEmpty(getCipherFactories(), "No cipher factories")); + proposal.put(KexProposalOption.S2CENC, ciphers); + proposal.put(KexProposalOption.C2SENC, ciphers); + + String macs = NamedResource.getNames( + ValidateUtils.checkNotNullAndNotEmpty(getMacFactories(), "No MAC factories")); + proposal.put(KexProposalOption.S2CMAC, macs); + proposal.put(KexProposalOption.C2SMAC, macs); + + String compressions = NamedResource.getNames( + ValidateUtils.checkNotNullAndNotEmpty(getCompressionFactories(), "No compression factories")); + proposal.put(KexProposalOption.S2CCOMP, compressions); + proposal.put(KexProposalOption.C2SCOMP, compressions); + + proposal.put(KexProposalOption.S2CLANG, ""); // TODO allow configuration + proposal.put(KexProposalOption.C2SLANG, ""); // TODO allow configuration + return proposal; + } + + // returns the proposal argument + protected Map mergeProposals( + Map current, Map proposal) { + // Checking references by design + if (current == proposal) { + return proposal; // nothing to merge + } + + synchronized (current) { + if (!current.isEmpty()) { + current.clear(); // debug breakpoint + } + + if (GenericUtils.isEmpty(proposal)) { + return proposal; // debug breakpoint + } + + current.putAll(proposal); + } + + return proposal; + } + + protected void signalNegotiationOptionsCreated(Map proposal) { + try { + invokeSessionSignaller(l -> { + signalNegotiationOptionsCreated(l, proposal); + return null; + }); + } catch (Throwable t) { + Throwable err = GenericUtils.peelException(t); + if (err instanceof RuntimeException) { + throw (RuntimeException) err; + } else if (err instanceof Error) { + throw (Error) err; + } else { + throw new RuntimeException(err); + } + } + } + + protected void signalNegotiationOptionsCreated(SessionListener listener, Map proposal) { + if (listener == null) { + return; + } + + listener.sessionNegotiationOptionsCreated(this, proposal); + } + + protected void signalNegotiationStart( + Map c2sOptions, Map s2cOptions) { + try { + invokeSessionSignaller(l -> { + signalNegotiationStart(l, c2sOptions, s2cOptions); + return null; + }); + } catch (Throwable t) { + Throwable err = GenericUtils.peelException(t); + if (err instanceof RuntimeException) { + throw (RuntimeException) err; + } else if (err instanceof Error) { + throw (Error) err; + } else { + throw new RuntimeException(err); + } + } + } + + protected void signalNegotiationStart( + SessionListener listener, Map c2sOptions, Map s2cOptions) { + if (listener == null) { + return; + } + + listener.sessionNegotiationStart(this, c2sOptions, s2cOptions); + } + + protected void signalNegotiationEnd( + Map c2sOptions, Map s2cOptions, + Map negotiatedGuess, Throwable reason) { + try { + invokeSessionSignaller(l -> { + signalNegotiationEnd(l, c2sOptions, s2cOptions, negotiatedGuess, reason); + return null; + }); + } catch (Throwable t) { + Throwable err = GenericUtils.peelException(t); + if (err instanceof RuntimeException) { + throw (RuntimeException) err; + } else if (err instanceof Error) { + throw (Error) err; + } else { + throw new RuntimeException(err); + } + } + } + + protected void signalNegotiationEnd( + SessionListener listener, + Map c2sOptions, Map s2cOptions, + Map negotiatedGuess, Throwable reason) { + if (listener == null) { + return; + } + + listener.sessionNegotiationEnd(this, c2sOptions, s2cOptions, negotiatedGuess, null); + } + + /** + * Invoked by the session before encoding the buffer in order to make sure that it is at least of size + * {@link SshConstants#SSH_PACKET_HEADER_LEN SSH_PACKET_HEADER_LEN}. This is required in order to efficiently handle + * the encoding. If necessary, it re-allocates a new buffer and returns it instead. + * + * @param cmd The command stored in the buffer + * @param buffer The original {@link Buffer} - assumed to be properly formatted and be of at least the + * required minimum length. + * @return The adjusted {@link Buffer}. Note: users may use this method to totally alter the + * contents of the buffer being sent but it is highly discouraged as it may have unexpected + * results. + * @throws IOException If failed to process the buffer + */ + protected Buffer preProcessEncodeBuffer(int cmd, Buffer buffer) throws IOException { + int curPos = buffer.rpos(); + if (curPos >= SshConstants.SSH_PACKET_HEADER_LEN) { + return buffer; + } + + Buffer nb = new ByteArrayBuffer(buffer.available() + Long.SIZE, false); + nb.wpos(SshConstants.SSH_PACKET_HEADER_LEN); + nb.putBuffer(buffer); + return nb; + } + + @Override + public void disconnect(int reason, String msg) throws IOException { + String languageTag = ""; // TODO configure language... + signalDisconnect(reason, msg, languageTag, true); + + Buffer buffer = createBuffer(SshConstants.SSH_MSG_DISCONNECT, msg.length() + Short.SIZE); + buffer.putInt(reason); + buffer.putString(msg); + buffer.putString(""); + + // Write the packet with a timeout to ensure a timely close of the session + // in case the consumer does not read packets anymore. + Duration disconnectTimeout = CoreModuleProperties.DISCONNECT_TIMEOUT.getRequired(this); + IoWriteFuture packetFuture = writePacket(buffer, disconnectTimeout); + packetFuture.addListener(future -> { + Throwable t = future.getException(); + + close(true); + }); + } + + protected void handleDisconnect(Buffer buffer) throws Exception { + int code = buffer.getInt(); + String message = buffer.getString(); + String languageTag; + // SSHD-738: avoid spamming the log with uninteresting + // messages caused by buggy OpenSSH < 5.5 + if (buffer.available() > 0) { + languageTag = buffer.getString(); + } else { + languageTag = ""; + } + handleDisconnect(code, message, languageTag, buffer); + } + + protected void handleDisconnect(int code, String msg, String lang, Buffer buffer) throws Exception { + + signalDisconnect(code, msg, lang, false); + close(true); + } + + protected void signalDisconnect(int code, String msg, String lang, boolean initiator) { + try { + invokeSessionSignaller(l -> { + signalDisconnect(l, code, msg, lang, initiator); + return null; + }); + } catch (Throwable err) { + Throwable e = GenericUtils.peelException(err); + } + } + + protected void signalDisconnect( + SessionListener listener, int code, String msg, String lang, boolean initiator) { + if (listener == null) { + return; + } + + listener.sessionDisconnect(this, code, msg, lang, initiator); + } + + /** + * Handle any exceptions that occurred on this session. The session will be closed and a disconnect packet will be + * sent before if the given exception is an {@link SshException}. + * + * @param t the exception to process + */ + @Override + public void exceptionCaught(Throwable t) { + State curState = state.get(); + // Ignore exceptions that happen while closing immediately + if ((!State.Opened.equals(curState)) && (!State.Graceful.equals(curState))) { + return; + } + + + signalExceptionCaught(t); + + if (State.Opened.equals(curState) && (t instanceof SshException)) { + int code = ((SshException) t).getDisconnectCode(); + if (code > 0) { + try { + disconnect(code, t.getMessage()); + } catch (Throwable t2) { + } + return; + } + } + + close(true); + } + + protected void signalExceptionCaught(Throwable t) { + try { + invokeSessionSignaller(l -> { + signalExceptionCaught(l, t); + return null; + }); + } catch (Throwable err) { + Throwable e = GenericUtils.peelException(err); + } + } + + protected void signalExceptionCaught(SessionListener listener, Throwable t) { + if (listener == null) { + return; + } + + listener.sessionException(this, t); + } + + protected void signalSessionClosed() { + try { + invokeSessionSignaller(l -> { + signalSessionClosed(l); + return null; + }); + } catch (Throwable err) { + Throwable e = GenericUtils.peelException(err); + // Do not re-throw since session closed anyway + } + } + + protected void signalSessionClosed(SessionListener listener) { + if (listener == null) { + return; + } + + listener.sessionClosed(this); + } + + protected abstract ConnectionService getConnectionService(); + + protected Forwarder getForwarder() { + ConnectionService service = getConnectionService(); + return (service == null) ? null : service.getForwarder(); + } + + @Override + public List> getLocalForwardsBindings() { + Forwarder forwarder = getForwarder(); + return (forwarder == null) ? Collections.emptyList() : forwarder.getLocalForwardsBindings(); + } + + @Override + public boolean isLocalPortForwardingStartedForPort(int port) { + Forwarder forwarder = getForwarder(); + return (forwarder != null) && forwarder.isLocalPortForwardingStartedForPort(port); + } + + @Override + public List getStartedLocalPortForwards() { + Forwarder forwarder = getForwarder(); + return (forwarder == null) ? Collections.emptyList() : forwarder.getStartedLocalPortForwards(); + } + + @Override + public List getBoundLocalPortForwards(int port) { + Forwarder forwarder = getForwarder(); + return (forwarder == null) ? Collections.emptyList() : forwarder.getBoundLocalPortForwards(port); + } + + @Override + public List> getRemoteForwardsBindings() { + Forwarder forwarder = getForwarder(); + return (forwarder == null) ? Collections.emptyList() : forwarder.getRemoteForwardsBindings(); + } + + @Override + public boolean isRemotePortForwardingStartedForPort(int port) { + Forwarder forwarder = getForwarder(); + return (forwarder != null) && forwarder.isRemotePortForwardingStartedForPort(port); + } + + @Override + public NavigableSet getStartedRemotePortForwards() { + Forwarder forwarder = getForwarder(); + return (forwarder == null) ? Collections.emptyNavigableSet() : forwarder.getStartedRemotePortForwards(); + } + + @Override + public SshdSocketAddress getBoundRemotePortForward(int port) { + Forwarder forwarder = getForwarder(); + return (forwarder == null) ? null : forwarder.getBoundRemotePortForward(port); + } + + @Override + public Duration getAuthTimeout() { + return CoreModuleProperties.AUTH_TIMEOUT.getRequired(this); + } + + @Override + public Duration getIdleTimeout() { + return CoreModuleProperties.IDLE_TIMEOUT.getRequired(this); + } + + @Override + public String toString() { + IoSession networkSession = getIoSession(); + SocketAddress peerAddress = (networkSession == null) ? null : networkSession.getRemoteAddress(); + return getClass().getSimpleName() + "[" + getUsername() + "@" + peerAddress + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/SessionTimeoutListener.java b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/SessionTimeoutListener.java new file mode 100644 index 0000000..7064e69 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/SessionTimeoutListener.java @@ -0,0 +1,73 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.session.helpers; + +import java.util.Set; +import java.util.concurrent.CopyOnWriteArraySet; + +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.session.SessionListener; +import org.apache.sshd.common.util.GenericUtils; + +/** + * Task that iterates over all currently open {@link Session}s and checks each of them for timeouts. If the + * {@link AbstractSession} has timed out (either authentication or idle timeout), the session will be disconnected. + * + * @see SessionHelper#checkForTimeouts() + */ +public class SessionTimeoutListener + implements SessionListener, Runnable { + protected final Set sessions = new CopyOnWriteArraySet<>(); + + public SessionTimeoutListener() { + super(); + } + + @Override + public void sessionCreated(Session session) { + if ((session instanceof SessionHelper) + && (GenericUtils.isPositive(session.getAuthTimeout()) || GenericUtils.isPositive(session.getIdleTimeout()))) { + sessions.add((SessionHelper) session); + } else { + } + } + + @Override + public void sessionException(Session session, Throwable t) { + sessionClosed(session); + } + + @SuppressWarnings("SuspiciousMethodCalls") + @Override + public void sessionClosed(Session s) { + if (sessions.remove(s)) { + } else { + } + } + + @Override + public void run() { + for (SessionHelper session : sessions) { + try { + session.checkForTimeouts(); + } catch (Exception e) { + } + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/TimeoutIndicator.java b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/TimeoutIndicator.java new file mode 100644 index 0000000..18ac2d5 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/session/helpers/TimeoutIndicator.java @@ -0,0 +1,76 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.session.helpers; + +import java.time.Duration; + +/** + * Used to convey information about an expired timeout + * + * @author Apache MINA SSHD Project + */ +public class TimeoutIndicator { + /** + * Timeout status. + */ + public enum TimeoutStatus { + NoTimeout, + AuthTimeout, + IdleTimeout + } + + public static final TimeoutIndicator NONE = new TimeoutIndicator(TimeoutStatus.NoTimeout, Duration.ZERO, Duration.ZERO); + + private final TimeoutStatus status; + private final Duration thresholdValue; + private final Duration expiredValue; + + /** + * @param status The expired timeout type (if any) + * @param thresholdValue The configured timeout value + * @param expiredValue The actual value that cause the timeout + */ + public TimeoutIndicator(TimeoutStatus status, Duration thresholdValue, Duration expiredValue) { + this.status = status; + this.thresholdValue = thresholdValue; + this.expiredValue = expiredValue; + } + + public TimeoutStatus getStatus() { + return status; + } + + public Duration getThresholdValue() { + return thresholdValue; + } + + public Duration getExpiredValue() { + return expiredValue; + } + + @Override + public String toString() { + return getClass().getSimpleName() + + "[status=" + getStatus() + + ", threshold=" + getThresholdValue() + + ", expired=" + getExpiredValue() + + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/signature/AbstractSecurityKeySignature.java b/files-sftp/src/main/java/org/apache/sshd/common/signature/AbstractSecurityKeySignature.java new file mode 100644 index 0000000..8745656 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/signature/AbstractSecurityKeySignature.java @@ -0,0 +1,117 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.signature; + +import java.nio.charset.StandardCharsets; +import java.security.GeneralSecurityException; +import java.security.MessageDigest; +import java.security.PrivateKey; +import java.security.PublicKey; + +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.u2f.SecurityKeyPublicKey; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.common.util.security.SecurityUtils; + +public abstract class AbstractSecurityKeySignature implements Signature { + private static final int FLAG_USER_PRESENCE = 0x01; + + private final String keyType; + private SecurityKeyPublicKey publicKey; + private MessageDigest challengeDigest; + + protected AbstractSecurityKeySignature(String keyType) { + this.keyType = keyType; + } + + @Override + public void initVerifier(SessionContext session, PublicKey key) throws GeneralSecurityException { + if (!(key instanceof SecurityKeyPublicKey)) { + throw new IllegalArgumentException("Only instances of SecurityKeyPublicKey can be used"); + } + this.publicKey = (SecurityKeyPublicKey) key; + this.challengeDigest = SecurityUtils.getMessageDigest("SHA-256"); + } + + @Override + public void update(SessionContext session, byte[] hash, int off, int len) { + if (challengeDigest == null) { + throw new IllegalStateException("initVerifier must be called before update"); + } + challengeDigest.update(hash, off, len); + } + + protected abstract String getSignatureKeyType(); + + protected abstract Signature getDelegateSignature(); + + @Override + public boolean verify(SessionContext session, byte[] sig) throws Exception { + if (challengeDigest == null) { + throw new IllegalStateException("initVerifier must be called before verify"); + } + + ByteArrayBuffer data = new ByteArrayBuffer(sig); + String keyType = data.getString(); + if (!this.keyType.equals(keyType)) { + return false; + } + byte[] rawSig = data.getBytes(); + byte flags = data.getByte(); + long counter = data.getUInt(); + + // Return false if we don't understand the flags + if ((flags & ~FLAG_USER_PRESENCE) != 0) { + return false; + } + // Check user-presence flag is present if required by the public key + if ((flags & FLAG_USER_PRESENCE) != FLAG_USER_PRESENCE && !publicKey.isNoTouchRequired()) { + return false; + } + + // Re-encode signature in a format to match the delegate + ByteArrayBuffer encoded = new ByteArrayBuffer(); + encoded.putString(getSignatureKeyType()); + encoded.putBytes(rawSig); + + MessageDigest md = SecurityUtils.getMessageDigest("SHA-256"); + byte[] appNameDigest = md.digest(publicKey.getAppName().getBytes(StandardCharsets.UTF_8)); + byte[] challengeDigest = this.challengeDigest.digest(); + ByteArrayBuffer counterData = new ByteArrayBuffer(Integer.BYTES, false); + counterData.putInt(counter); + + Signature delegate = getDelegateSignature(); + delegate.initVerifier(session, publicKey.getDelegatePublicKey()); + delegate.update(session, appNameDigest); + delegate.update(session, new byte[] { flags }); + delegate.update(session, counterData.getCompactData()); + delegate.update(session, challengeDigest); + return delegate.verify(session, encoded.getCompactData()); + } + + @Override + public void initSigner(SessionContext session, PrivateKey key) { + throw new UnsupportedOperationException("Security key private key signatures are unsupported."); + } + + @Override + public byte[] sign(SessionContext session) { + throw new UnsupportedOperationException("Security key private key signatures are unsupported."); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/signature/AbstractSignature.java b/files-sftp/src/main/java/org/apache/sshd/common/signature/AbstractSignature.java new file mode 100644 index 0000000..d167788 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/signature/AbstractSignature.java @@ -0,0 +1,171 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.signature; + +import java.nio.charset.StandardCharsets; +import java.security.GeneralSecurityException; +import java.security.Key; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.SignatureException; +import java.util.AbstractMap.SimpleImmutableEntry; +import java.util.Collection; +import java.util.Map; +import java.util.Objects; +import java.util.function.Predicate; + +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.BufferUtils; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * Useful base class for {@link Signature} implementation + * + * @author Apache MINA SSHD Project + */ +public abstract class AbstractSignature implements Signature { + private java.security.Signature signatureInstance; + private final String algorithm; + + protected AbstractSignature(String algorithm) { + this.algorithm = ValidateUtils.checkNotNullAndNotEmpty(algorithm, "No signature algorithm specified"); + } + + @Override + public final String getAlgorithm() { + return algorithm; + } + + /** + * Initializes the internal signature instance + * + * @param session The {@link SessionContext} for calling this method - may be {@code null} if not + * called within a session context + * @param algo The signature's algorithm name + * @param key the {@link Key} that is provided for initialization - a {@link PrivateKey} for + * signing and a {@link PublicKey} for verification + * @param forSigning If {@code true} then it is being initialized for signing, otherwise for + * verifying a signature + * @return The {@link java.security.Signature} instance + * @throws GeneralSecurityException if failed to initialize + */ + protected java.security.Signature doInitSignature( + SessionContext session, String algo, Key key, boolean forSigning) + throws GeneralSecurityException { + return SecurityUtils.getSignature(algo); + } + + /** + * @return The current {@link java.security.Signature} instance - {@code null} if not initialized + * @see #doInitSignature(SessionContext, String, Key, boolean) + */ + protected java.security.Signature getSignature() { + return signatureInstance; + } + + @Override + public byte[] sign(SessionContext session) throws Exception { + java.security.Signature signature = Objects.requireNonNull(getSignature(), "Signature not initialized"); + return signature.sign(); + } + + @Override + public void initVerifier(SessionContext session, PublicKey key) throws Exception { + String algo = getAlgorithm(); + signatureInstance = Objects.requireNonNull( + doInitSignature(session, algo, key, false), "No signature instance create"); + signatureInstance.initVerify(Objects.requireNonNull(key, "No public key provided")); + } + + @Override + public void initSigner(SessionContext session, PrivateKey key) throws Exception { + String algo = getAlgorithm(); + signatureInstance = Objects.requireNonNull( + doInitSignature(session, algo, key, true), "No signature instance create"); + signatureInstance.initSign(Objects.requireNonNull(key, "No private key provided")); + } + + @Override + public void update(SessionContext session, byte[] hash, int off, int len) throws Exception { + java.security.Signature signature = Objects.requireNonNull(getSignature(), "Signature not initialized"); + signature.update(hash, off, len); + } + + /** + * Makes an attempt to detect if the signature is encoded or pure data + * + * @param sig The original signature + * @param expectedTypes The expected encoded key types + * @return A {@link SimpleImmutableEntry} where first value is the key type and second value is the + * data - {@code null} if not encoded + */ + protected Map.Entry extractEncodedSignature(byte[] sig, Collection expectedTypes) { + return GenericUtils.isEmpty(expectedTypes) ? null : extractEncodedSignature(sig, k -> expectedTypes.contains(k)); + } + + protected Map.Entry extractEncodedSignature(byte[] sig, Predicate typeSelector) { + int dataLen = NumberUtils.length(sig); + // if it is encoded then we must have at least 2 UINT32 values + if (dataLen < (2 * Integer.BYTES)) { + return null; + } + + long keyTypeLen = BufferUtils.getUInt(sig, 0, dataLen); + // after the key type we MUST have data bytes + if (keyTypeLen >= (dataLen - Integer.BYTES)) { + return null; + } + + int keyTypeStartPos = Integer.BYTES; + int keyTypeEndPos = keyTypeStartPos + (int) keyTypeLen; + int remainLen = dataLen - keyTypeEndPos; + // must have UINT32 with the data bytes length + if (remainLen < Integer.BYTES) { + return null; + } + + long dataBytesLen = BufferUtils.getUInt(sig, keyTypeEndPos, remainLen); + // make sure reported number of bytes does not exceed available + if (dataBytesLen > (remainLen - Integer.BYTES)) { + return null; + } + + String keyType = new String(sig, keyTypeStartPos, (int) keyTypeLen, StandardCharsets.UTF_8); + if (!typeSelector.test(keyType)) { + return null; + } + + byte[] data = new byte[(int) dataBytesLen]; + System.arraycopy(sig, keyTypeEndPos + Integer.BYTES, data, 0, (int) dataBytesLen); + return new SimpleImmutableEntry<>(keyType, data); + } + + protected boolean doVerify(byte[] data) throws SignatureException { + java.security.Signature signature = Objects.requireNonNull(getSignature(), "Signature not initialized"); + return signature.verify(data); + } + + @Override + public String toString() { + return getClass().getSimpleName() + "[" + getAlgorithm() + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/signature/BuiltinSignatures.java b/files-sftp/src/main/java/org/apache/sshd/common/signature/BuiltinSignatures.java new file mode 100644 index 0000000..695e9de --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/signature/BuiltinSignatures.java @@ -0,0 +1,461 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.signature; + +import java.security.spec.ECParameterSpec; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.EnumSet; +import java.util.List; +import java.util.Map; +import java.util.NavigableSet; +import java.util.Objects; +import java.util.Set; +import java.util.TreeMap; +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.cipher.ECCurves; +import org.apache.sshd.common.config.NamedFactoriesListParseResult; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.config.keys.impl.SkECDSAPublicKeyEntryDecoder; +import org.apache.sshd.common.config.keys.impl.SkED25519PublicKeyEntryDecoder; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * Provides easy access to the currently implemented signatures + * + * @author Apache MINA SSHD Project + */ +public enum BuiltinSignatures implements SignatureFactory { + /** + * @deprecated + * @see SSHD-1004 + */ + @Deprecated + dsa(KeyPairProvider.SSH_DSS) { + @Override + public Signature create() { + return new SignatureDSA(); + } + }, + /** + * @deprecated + * @see SSHD-1004 + */ + @Deprecated + dsa_cert(KeyPairProvider.SSH_DSS_CERT) { + @Override + public Signature create() { + return new SignatureDSA(); + } + }, + rsa(KeyPairProvider.SSH_RSA) { + @Override + public Signature create() { + return new SignatureRSASHA1(); + } + }, + /** + * @deprecated + * @see SSHD-1004 + */ + @Deprecated + rsa_cert(KeyPairProvider.SSH_RSA_CERT) { + @Override + public Signature create() { + return new SignatureRSASHA1(); + } + }, + rsaSHA256(KeyUtils.RSA_SHA256_KEY_TYPE_ALIAS) { + @Override + public Signature create() { + return new SignatureRSASHA256(); + } + }, + rsaSHA256_cert(KeyUtils.RSA_SHA256_CERT_TYPE_ALIAS) { + @Override + public Signature create() { + return new SignatureRSASHA256(); + } + }, + rsaSHA512(KeyUtils.RSA_SHA512_KEY_TYPE_ALIAS) { + private final AtomicReference supportHolder = new AtomicReference<>(); + + @Override + public Signature create() { + return new SignatureRSASHA512(); + } + + @Override + public boolean isSupported() { + Boolean supported = supportHolder.get(); + if (supported == null) { + try { + java.security.Signature sig = SecurityUtils.getSignature(SignatureRSASHA512.ALGORITHM); + supported = sig != null; + } catch (Exception e) { + supported = Boolean.FALSE; + } + + supportHolder.set(supported); + } + + return supported; + } + }, + rsaSHA512_cert(KeyUtils.RSA_SHA512_CERT_TYPE_ALIAS) { + private final AtomicReference supportHolder = new AtomicReference<>(); + + @Override + public Signature create() { + return new SignatureRSASHA512(); + } + + @Override + public boolean isSupported() { + Boolean supported = supportHolder.get(); + if (supported == null) { + try { + java.security.Signature sig = SecurityUtils.getSignature(SignatureRSASHA512.ALGORITHM); + supported = sig != null; + } catch (Exception e) { + supported = Boolean.FALSE; + } + + supportHolder.set(supported); + } + + return supported; + } + }, + nistp256(KeyPairProvider.ECDSA_SHA2_NISTP256) { + @Override + public Signature create() { + return new SignatureECDSA.SignatureECDSA256(); + } + + @Override + public boolean isSupported() { + return SecurityUtils.isECCSupported(); + } + }, + nistp256_cert(KeyPairProvider.SSH_ECDSA_SHA2_NISTP256_CERT) { + @Override + public Signature create() { + return new SignatureECDSA.SignatureECDSA256(); + } + + @Override + public boolean isSupported() { + return SecurityUtils.isECCSupported(); + } + }, + nistp384(KeyPairProvider.ECDSA_SHA2_NISTP384) { + @Override + public Signature create() { + return new SignatureECDSA.SignatureECDSA384(); + } + + @Override + public boolean isSupported() { + return SecurityUtils.isECCSupported(); + } + }, + nistp384_cert(KeyPairProvider.SSH_ECDSA_SHA2_NISTP384_CERT) { + @Override + public Signature create() { + return new SignatureECDSA.SignatureECDSA384(); + } + + @Override + public boolean isSupported() { + return SecurityUtils.isECCSupported(); + } + }, + nistp521(KeyPairProvider.ECDSA_SHA2_NISTP521) { + @Override + public Signature create() { + return new SignatureECDSA.SignatureECDSA521(); + } + + @Override + public boolean isSupported() { + return SecurityUtils.isECCSupported(); + } + }, + nistp521_cert(KeyPairProvider.SSH_ECDSA_SHA2_NISTP521_CERT) { + @Override + public Signature create() { + return new SignatureECDSA.SignatureECDSA521(); + } + + @Override + public boolean isSupported() { + return SecurityUtils.isECCSupported(); + } + }, + sk_ecdsa_sha2_nistp256(SkECDSAPublicKeyEntryDecoder.KEY_TYPE) { + @Override + public Signature create() { + return new SignatureSkECDSA(); + } + + @Override + public boolean isSupported() { + return SecurityUtils.isECCSupported(); + } + }, + ed25519(KeyPairProvider.SSH_ED25519) { + @Override + public Signature create() { + return SecurityUtils.getEDDSASigner(); + } + + @Override + public boolean isSupported() { + return SecurityUtils.isEDDSACurveSupported(); + } + }, + ed25519_cert(KeyPairProvider.SSH_ED25519_CERT) { + @Override + public Signature create() { + return SecurityUtils.getEDDSASigner(); + } + + @Override + public boolean isSupported() { + return SecurityUtils.isEDDSACurveSupported(); + } + }, + sk_ssh_ed25519(SkED25519PublicKeyEntryDecoder.KEY_TYPE) { + @Override + public Signature create() { + return new SignatureSkED25519(); + } + + @Override + public boolean isSupported() { + return SecurityUtils.isEDDSACurveSupported(); + } + }; + + public static final Set VALUES = Collections.unmodifiableSet(EnumSet.allOf(BuiltinSignatures.class)); + + private static final Map EXTENSIONS = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + + private final String factoryName; + + BuiltinSignatures(String facName) { + factoryName = facName; + } + + public static BuiltinSignatures getFactoryByCurveSize(ECParameterSpec params) { + int curveSize = ECCurves.getCurveSize(params); + if (curveSize <= 256) { + return nistp256; + } else if (curveSize <= 384) { + return nistp384; + } else { + return nistp521; + } + } + + public static Signature getSignerByCurveSize(ECParameterSpec params) { + NamedFactory factory = getFactoryByCurveSize(params); + return (factory == null) ? null : factory.create(); + } + + @Override + public final String getName() { + return factoryName; + } + + @Override + public final String toString() { + return getName(); + } + + @Override + public boolean isSupported() { + return true; + } + + /** + * Registered a {@link NamedFactory} to be available besides the built-in ones when parsing configuration + * + * @param extension The factory to register + * @throws IllegalArgumentException if factory instance is {@code null}, or overrides a built-in one or overrides + * another registered factory with the same name (case insensitive). + */ + public static void registerExtension(SignatureFactory extension) { + String name = Objects.requireNonNull(extension, "No extension provided").getName(); + ValidateUtils.checkTrue(fromFactoryName(name) == null, "Extension overrides built-in: %s", name); + + synchronized (EXTENSIONS) { + ValidateUtils.checkTrue(!EXTENSIONS.containsKey(name), "Extension overrides existing: %s", name); + EXTENSIONS.put(name, extension); + } + } + + /** + * @return A {@link NavigableSet} of the currently registered extensions, sorted according to the factory name (case + * insensitive) + */ + public static NavigableSet getRegisteredExtensions() { + synchronized (EXTENSIONS) { + return GenericUtils.asSortedSet(NamedResource.BY_NAME_COMPARATOR, EXTENSIONS.values()); + } + } + + /** + * Unregisters specified extension + * + * @param name The factory name - ignored if {@code null}/empty + * @return The registered extension - {@code null} if not found + */ + public static SignatureFactory unregisterExtension(String name) { + if (GenericUtils.isEmpty(name)) { + return null; + } + + synchronized (EXTENSIONS) { + return EXTENSIONS.remove(name); + } + } + + /** + * @param s The {@link Enum}'s name - ignored if {@code null}/empty + * @return The matching {@link BuiltinSignatures} whose {@link Enum#name()} + * matches (case insensitive) the provided argument - {@code null} if no match + */ + public static BuiltinSignatures fromString(String s) { + if (GenericUtils.isEmpty(s)) { + return null; + } + + for (BuiltinSignatures c : VALUES) { + if (s.equalsIgnoreCase(c.name())) { + return c; + } + } + + return null; + } + + /** + * @param factory The {@link NamedFactory} for the signature - ignored if {@code null} + * @return The matching {@link BuiltinSignatures} whose factory name + * matches (case insensitive) the digest factory name + * @see #fromFactoryName(String) + */ + public static BuiltinSignatures fromFactory(NamedFactory factory) { + if (factory == null) { + return null; + } else { + return fromFactoryName(factory.getName()); + } + } + + /** + * @param name The factory name - ignored if {@code null}/empty + * @return The matching {@link BuiltinSignatures} whose factory name matches (case insensitive) the + * provided name - {@code null} if no match + */ + public static BuiltinSignatures fromFactoryName(String name) { + return NamedResource.findByName(name, String.CASE_INSENSITIVE_ORDER, VALUES); + } + + /** + * @param sigs A comma-separated list of signatures' names - ignored if {@code null}/empty + * @return A {@link ParseResult} of all the {@link NamedFactory} whose name appears in the string and represent + * a built-in signature. Any unknown name is ignored. The order of the returned result is the + * same as the original order - bar the unknown signatures. Note: it is up to caller to ensure + * that the list does not contain duplicates + */ + public static ParseResult parseSignatureList(String sigs) { + return parseSignatureList(GenericUtils.split(sigs, ',')); + } + + public static ParseResult parseSignatureList(String... sigs) { + return parseSignatureList(GenericUtils.isEmpty((Object[]) sigs) ? Collections.emptyList() : Arrays.asList(sigs)); + } + + public static ParseResult parseSignatureList(Collection sigs) { + if (GenericUtils.isEmpty(sigs)) { + return ParseResult.EMPTY; + } + + List factories = new ArrayList<>(sigs.size()); + List unknown = Collections.emptyList(); + for (String name : sigs) { + SignatureFactory s = resolveFactory(name); + if (s != null) { + factories.add(s); + } else { + // replace the (unmodifiable) empty list with a real one + if (unknown.isEmpty()) { + unknown = new ArrayList<>(); + } + unknown.add(name); + } + } + + return new ParseResult(factories, unknown); + } + + /** + * @param name The factory name + * @return The factory or {@code null} if it is neither a built-in one or a registered extension + */ + public static SignatureFactory resolveFactory(String name) { + if (GenericUtils.isEmpty(name)) { + return null; + } + + SignatureFactory s = fromFactoryName(name); + if (s != null) { + return s; + } + + synchronized (EXTENSIONS) { + return EXTENSIONS.get(name); + } + } + + /** + * Holds the result of the {@link BuiltinSignatures#parseSignatureList(String)} + * + * @author Apache MINA SSHD Project + */ + public static final class ParseResult extends NamedFactoriesListParseResult { + public static final ParseResult EMPTY = new ParseResult(Collections.emptyList(), Collections.emptyList()); + + public ParseResult(List parsed, List unsupported) { + super(parsed, unsupported); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/signature/Signature.java b/files-sftp/src/main/java/org/apache/sshd/common/signature/Signature.java new file mode 100644 index 0000000..3f56eff --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/signature/Signature.java @@ -0,0 +1,104 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.signature; + +import java.security.PrivateKey; +import java.security.PublicKey; + +import org.apache.sshd.common.AlgorithmNameProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.NumberUtils; + +/** + * Signature interface for SSH used to sign or verify packets. Usually wraps a {@code javax.crypto.Signature} object. + * The reported algorithm name refers to the signature type being applied. + * + * @author Apache MINA SSHD Project + */ +public interface Signature extends AlgorithmNameProvider { + /** + * @param session The {@link SessionContext} for calling this method - may be {@code null} if not called within a + * session context + * @param key The {@link PublicKey} to be used for verifying signatures + * @throws Exception If failed to initialize + */ + void initVerifier(SessionContext session, PublicKey key) throws Exception; + + /** + * @param session The {@link SessionContext} for calling this method - may be {@code null} if not called within a + * session context + * @param key The {@link PrivateKey} to be used for signing + * @throws Exception If failed to initialize + */ + void initSigner(SessionContext session, PrivateKey key) throws Exception; + + /** + * Update the computed signature with the given data + * + * @param session The {@link SessionContext} for calling this method - may be {@code null} if not called within a + * session context + * @param hash The hash data buffer + * @throws Exception If failed to update + * @see #update(SessionContext, byte[], int, int) + */ + default void update(SessionContext session, byte[] hash) throws Exception { + update(session, hash, 0, NumberUtils.length(hash)); + } + + /** + * Update the computed signature with the given data + * + * @param session The {@link SessionContext} for calling this method - may be {@code null} if not called within a + * session context + * @param hash The hash data buffer + * @param off Offset of hash data in buffer + * @param len Length of hash data + * @throws Exception If failed to update + */ + void update(SessionContext session, byte[] hash, int off, int len) throws Exception; + + /** + * Verify against the given signature + * + * @param session The {@link SessionContext} for calling this method - may be {@code null} if not called within a + * session context + * @param sig The signed data + * @return {@code true} if signature is valid + * @throws Exception If failed to extract signed data for validation + */ + boolean verify(SessionContext session, byte[] sig) throws Exception; + + /** + * Compute the signature + * + * @param session The {@link SessionContext} for calling this method - may be {@code null} if not called within a + * session context + * @return The signature value + * @throws Exception If failed to calculate the signature + */ + byte[] sign(SessionContext session) throws Exception; + + /** + * @param algo - the negotiated value + * @return The original ssh name of the signature algorithm + */ + default String getSshAlgorithmName(String algo) { + return algo; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureDSA.java b/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureDSA.java new file mode 100644 index 0000000..4ee5785 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureDSA.java @@ -0,0 +1,145 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.signature; + +import java.io.StreamCorruptedException; +import java.math.BigInteger; +import java.security.SignatureException; +import java.util.Map; + +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.BufferUtils; +import org.apache.sshd.common.util.io.der.DERParser; +import org.apache.sshd.common.util.io.der.DERWriter; + +/** + * DSA Signature + * + * @author Apache MINA SSHD Project + * @see RFC4253 section 6.6 + */ +public class SignatureDSA extends AbstractSignature { + public static final String DEFAULT_ALGORITHM = "SHA1withDSA"; + + public static final int DSA_SIGNATURE_LENGTH = 40; + // result must be 40 bytes, but length of r and s may not exceed 20 bytes + public static final int MAX_SIGNATURE_VALUE_LENGTH = DSA_SIGNATURE_LENGTH / 2; + + public SignatureDSA() { + this(DEFAULT_ALGORITHM); + } + + protected SignatureDSA(String algorithm) { + super(algorithm); + } + + @Override + public byte[] sign(SessionContext session) throws Exception { + byte[] sig = super.sign(session); + + try (DERParser parser = new DERParser(sig)) { + int type = parser.read(); + if (type != 0x30) { + throw new StreamCorruptedException( + "Invalid signature format - not a DER SEQUENCE: 0x" + Integer.toHexString(type)); + } + + // length of remaining encoding of the 2 integers + int remainLen = parser.readLength(); + /* + * There are supposed to be 2 INTEGERs, each encoded with: + * + * - one byte representing the fact that it is an INTEGER - one byte of the integer encoding length - at + * least one byte of integer data (zero length is not an option) + */ + if (remainLen < (2 * 3)) { + throw new StreamCorruptedException( + "Invalid signature format - not enough encoded data length: " + remainLen); + } + + BigInteger r = parser.readBigInteger(); + BigInteger s = parser.readBigInteger(); + + byte[] result = new byte[DSA_SIGNATURE_LENGTH]; + putBigInteger(r, result, 0); + putBigInteger(s, result, MAX_SIGNATURE_VALUE_LENGTH); + return result; + } + } + + public static void putBigInteger(BigInteger value, byte[] result, int offset) { + byte[] data = value.toByteArray(); + boolean maxExceeded = data.length > MAX_SIGNATURE_VALUE_LENGTH; + int dstOffset = maxExceeded ? 0 : (MAX_SIGNATURE_VALUE_LENGTH - data.length); + System.arraycopy(data, maxExceeded ? 1 : 0, + result, offset + dstOffset, + Math.min(MAX_SIGNATURE_VALUE_LENGTH, data.length)); + } + + @Override + public boolean verify(SessionContext session, byte[] sig) throws Exception { + int sigLen = NumberUtils.length(sig); + byte[] data = sig; + + if (sigLen != DSA_SIGNATURE_LENGTH) { + // probably some encoded data + Map.Entry encoding = extractEncodedSignature(sig, k -> KeyPairProvider.SSH_DSS.equalsIgnoreCase(k)); + if (encoding != null) { + String keyType = encoding.getKey(); + ValidateUtils.checkTrue( + KeyPairProvider.SSH_DSS.equals(keyType), "Mismatched key type: %s", keyType); + data = encoding.getValue(); + sigLen = NumberUtils.length(data); + } + } + + if (sigLen != DSA_SIGNATURE_LENGTH) { + throw new SignatureException( + "Bad signature length (" + sigLen + " instead of " + DSA_SIGNATURE_LENGTH + ")" + + " for " + BufferUtils.toHex(':', data)); + } + + byte[] rEncoding; + try (DERWriter w = new DERWriter(MAX_SIGNATURE_VALUE_LENGTH + 4)) { // in case length > 0x7F + w.writeBigInteger(data, 0, MAX_SIGNATURE_VALUE_LENGTH); + rEncoding = w.toByteArray(); + } + + byte[] sEncoding; + try (DERWriter w = new DERWriter(MAX_SIGNATURE_VALUE_LENGTH + 4)) { // in case length > 0x7F + w.writeBigInteger(data, MAX_SIGNATURE_VALUE_LENGTH, MAX_SIGNATURE_VALUE_LENGTH); + sEncoding = w.toByteArray(); + } + + int length = rEncoding.length + sEncoding.length; + byte[] encoded; + try (DERWriter w = new DERWriter(1 + length + 4)) { // in case length > 0x7F + w.write(0x30); // SEQUENCE + w.writeLength(length); + w.write(rEncoding); + w.write(sEncoding); + encoded = w.toByteArray(); + } + + return doVerify(encoded); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureECDSA.java b/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureECDSA.java new file mode 100644 index 0000000..33e4251 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureECDSA.java @@ -0,0 +1,146 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.signature; + +import java.io.StreamCorruptedException; +import java.math.BigInteger; +import java.util.Map; + +import org.apache.sshd.common.cipher.ECCurves; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.common.util.io.der.DERParser; +import org.apache.sshd.common.util.io.der.DERWriter; + +/** + * Signature algorithm for EC keys using ECDSA. + * + * @author Apache MINA SSHD Project + * @see RFC3278 section 8.2 + */ +public class SignatureECDSA extends AbstractSignature { + public static class SignatureECDSA256 extends SignatureECDSA { + public static final String DEFAULT_ALGORITHM = "SHA256withECDSA"; + + public SignatureECDSA256() { + super(DEFAULT_ALGORITHM); + } + } + + public static class SignatureECDSA384 extends SignatureECDSA { + public static final String DEFAULT_ALGORITHM = "SHA384withECDSA"; + + public SignatureECDSA384() { + super(DEFAULT_ALGORITHM); + } + } + + public static class SignatureECDSA521 extends SignatureECDSA { + public static final String DEFAULT_ALGORITHM = "SHA512withECDSA"; + + public SignatureECDSA521() { + super(DEFAULT_ALGORITHM); + } + } + + protected SignatureECDSA(String algo) { + super(algo); + } + + @Override + public byte[] sign(SessionContext session) throws Exception { + byte[] sig = super.sign(session); + + try (DERParser parser = new DERParser(sig)) { + int type = parser.read(); + if (type != 0x30) { + throw new StreamCorruptedException( + "Invalid signature format - not a DER SEQUENCE: 0x" + Integer.toHexString(type)); + } + + // length of remaining encoding of the 2 integers + int remainLen = parser.readLength(); + /* + * There are supposed to be 2 INTEGERs, each encoded with: + * + * - one byte representing the fact that it is an INTEGER - one byte of the integer encoding length - at + * least one byte of integer data (zero length is not an option) + */ + if (remainLen < (2 * 3)) { + throw new StreamCorruptedException( + "Invalid signature format - not enough encoded data length: " + remainLen); + } + + BigInteger r = parser.readBigInteger(); + BigInteger s = parser.readBigInteger(); + // Write the to its own types writer. + Buffer rsBuf = new ByteArrayBuffer(); + rsBuf.putMPInt(r); + rsBuf.putMPInt(s); + + return rsBuf.getCompactData(); + } + } + + @Override + public boolean verify(SessionContext session, byte[] sig) throws Exception { + byte[] data = sig; + Map.Entry encoding = extractEncodedSignature(data, ECCurves.KEY_TYPES); + if (encoding != null) { + String keyType = encoding.getKey(); + ECCurves curve = ECCurves.fromKeyType(keyType); + ValidateUtils.checkNotNull(curve, "Unknown curve type: %s", keyType); + data = encoding.getValue(); + } + + Buffer rsBuf = new ByteArrayBuffer(data); + byte[] rArray = rsBuf.getMPIntAsBytes(); + byte[] rEncoding; + try (DERWriter w = new DERWriter(rArray.length + 4)) { // in case length > 0x7F + w.writeBigInteger(rArray); + rEncoding = w.toByteArray(); + } + + byte[] sArray = rsBuf.getMPIntAsBytes(); + byte[] sEncoding; + try (DERWriter w = new DERWriter(sArray.length + 4)) { // in case length > 0x7F + w.writeBigInteger(sArray); + sEncoding = w.toByteArray(); + } + + int remaining = rsBuf.available(); + if (remaining != 0) { + throw new StreamCorruptedException("Signature had padding - remaining=" + remaining); + } + + int length = rEncoding.length + sEncoding.length; + byte[] encoded; + try (DERWriter w = new DERWriter(1 + length + 4)) { // in case length > 0x7F + w.write(0x30); // SEQUENCE + w.writeLength(length); + w.write(rEncoding); + w.write(sEncoding); + encoded = w.toByteArray(); + } + + return doVerify(encoded); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureFactoriesHolder.java b/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureFactoriesHolder.java new file mode 100644 index 0000000..eeb4a5a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureFactoriesHolder.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.signature; + +import java.util.List; + +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.NamedResource; + +/** + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface SignatureFactoriesHolder { + /** + * @return The list of named Signature factories + */ + List> getSignatureFactories(); + + default String getSignatureFactoriesNameList() { + return NamedResource.getNames(getSignatureFactories()); + } + + default List getSignatureFactoriesNames() { + return NamedResource.getNameList(getSignatureFactories()); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureFactoriesManager.java b/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureFactoriesManager.java new file mode 100644 index 0000000..86b8cbd --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureFactoriesManager.java @@ -0,0 +1,80 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.signature; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.List; + +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * Manage the list of named factories for Signature. + * + * @author Apache MINA SSHD Project + */ +public interface SignatureFactoriesManager extends SignatureFactoriesHolder { + void setSignatureFactories(List> factories); + + default void setSignatureFactoriesNameList(String names) { + setSignatureFactoriesNames(GenericUtils.split(names, ',')); + } + + default void setSignatureFactoriesNames(String... names) { + setSignatureFactoriesNames(GenericUtils.isEmpty((Object[]) names) ? Collections.emptyList() : Arrays.asList(names)); + } + + default void setSignatureFactoriesNames(Collection names) { + BuiltinSignatures.ParseResult result = BuiltinSignatures.parseSignatureList(names); + @SuppressWarnings({ "rawtypes", "unchecked" }) + List> factories = (List) ValidateUtils.checkNotNullAndNotEmpty(result.getParsedFactories(), + "No supported signature factories: %s", names); + Collection unsupported = result.getUnsupportedFactories(); + ValidateUtils.checkTrue(GenericUtils.isEmpty(unsupported), "Unsupported signature factories found: %s", unsupported); + setSignatureFactories(factories); + } + + /** + * Attempts to use the primary manager's signature factories if not {@code null}/empty, otherwise uses the secondary + * ones (regardless of whether there are any...) + * + * @param primary The primary {@link SignatureFactoriesManager} + * @param secondary The secondary {@link SignatureFactoriesManager} + * @return The resolved signature factories - may be {@code null}/empty + * @see #getSignatureFactories(SignatureFactoriesManager) + */ + static List> resolveSignatureFactories( + SignatureFactoriesManager primary, SignatureFactoriesManager secondary) { + List> factories = getSignatureFactories(primary); + return GenericUtils.isEmpty(factories) ? getSignatureFactories(secondary) : factories; + } + + /** + * @param manager The {@link SignatureFactoriesManager} instance - ignored if {@code null} + * @return The associated list of named Signature factories or {@code null} if no manager + * instance + */ + static List> getSignatureFactories(SignatureFactoriesManager manager) { + return (manager == null) ? null : manager.getSignatureFactories(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureFactory.java new file mode 100644 index 0000000..3d08775 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureFactory.java @@ -0,0 +1,254 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.signature; + +import java.security.PublicKey; +import java.security.interfaces.DSAPublicKey; +import java.security.interfaces.ECPublicKey; +import java.security.interfaces.RSAPublicKey; +import java.security.spec.InvalidKeySpecException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.TreeMap; + +import org.apache.sshd.common.BuiltinFactory; +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * @author Apache MINA SSHD Project + */ +public interface SignatureFactory extends BuiltinFactory { + /** + * ECC signature types in ascending order of preference (i.e., most preferred 1st) + */ + List ECC_SIGNATURE_TYPE_PREFERENCES = Collections.unmodifiableList( + Arrays.asList( + KeyPairProvider.ECDSA_SHA2_NISTP521, + KeyPairProvider.ECDSA_SHA2_NISTP384, + KeyPairProvider.ECDSA_SHA2_NISTP256)); + + /** + * RSA signature types in ascending order of preference (i.e., most preferred 1st) + */ + List RSA_SIGNATURE_TYPE_PREFERENCES = Collections.unmodifiableList( + Arrays.asList( + KeyUtils.RSA_SHA512_KEY_TYPE_ALIAS, + KeyUtils.RSA_SHA256_KEY_TYPE_ALIAS, + KeyPairProvider.SSH_RSA)); + + /** + * @param provided The provided signature key types + * @param factories The available signature factories + * @return A {@link List} of the matching available factories names that are also listed as provided ones + * - in the same order of preference as they appear in the available listing. May be empty + * if no provided signature key types, or no available ones or no match found. + * @see #resolveSignatureFactoryNamesProposal(Iterable, Collection) + */ + static List resolveSignatureFactoriesProposal( + Iterable provided, Collection> factories) { + return resolveSignatureFactoryNamesProposal(provided, NamedResource.getNameList(factories)); + } + + /** + * @param provided The provided signature key types + * @param available The available signature factories names + * @return A {@link List} of the matching available factories names that are also listed as provided ones + * - in the same order of preference as they appear in the available listing. May be empty + * if no provided signature key types, or no available ones or no match found. + */ + static List resolveSignatureFactoryNamesProposal( + Iterable provided, Collection available) { + if ((provided == null) || GenericUtils.isEmpty(available)) { + return Collections.emptyList(); + } + + Set providedKeys = new HashSet<>(); + for (String providedType : provided) { + Collection equivTypes = KeyUtils.getAllEquivalentKeyTypes(providedType); + providedKeys.addAll(equivTypes); + } + + if (GenericUtils.isEmpty(providedKeys)) { + return Collections.emptyList(); + } + + // We want to preserve the original available order as it indicates the preference + List supported = new ArrayList<>(available); + for (int index = 0; index < supported.size(); index++) { + String kt = supported.get(index); + if (!providedKeys.contains(kt)) { + supported.remove(index); + index--; // compensate for auto-increment + } + } + + return supported; + } + + // returns -1 or > size() if append to end + static int resolvePreferredSignaturePosition( + List> factories, NamedFactory factory) { + if (GenericUtils.isEmpty(factories)) { + return -1; // just add it to the end + } + + String name = factory.getName(); + if (KeyPairProvider.SSH_RSA.equalsIgnoreCase(name)) { + return -1; + } + + int pos = RSA_SIGNATURE_TYPE_PREFERENCES.indexOf(name); + if (pos >= 0) { + Map posMap = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + for (int index = 0, count = factories.size(); index < count; index++) { + NamedFactory f = factories.get(index); + String keyType = f.getName(); + String canonicalName = KeyUtils.getCanonicalKeyType(keyType); + if (!KeyPairProvider.SSH_RSA.equalsIgnoreCase(canonicalName)) { + continue; // debug breakpoint + } + + posMap.put(keyType, index); + } + + return resolvePreferredSignaturePosition(RSA_SIGNATURE_TYPE_PREFERENCES, pos, posMap); + } + + pos = ECC_SIGNATURE_TYPE_PREFERENCES.indexOf(name); + if (pos >= 0) { + Map posMap = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + for (int index = 0, count = factories.size(); index < count; index++) { + NamedFactory f = factories.get(index); + String keyType = f.getName(); + if (!ECC_SIGNATURE_TYPE_PREFERENCES.contains(keyType)) { + continue; // debug breakpoint + } + + posMap.put(keyType, index); + } + + return resolvePreferredSignaturePosition(ECC_SIGNATURE_TYPE_PREFERENCES, pos, posMap); + } + + return -1; // no special preference - stick it as last + } + + static int resolvePreferredSignaturePosition( + List preferredOrder, int prefValue, Map posMap) { + if (GenericUtils.isEmpty(preferredOrder) || (prefValue < 0) || GenericUtils.isEmpty(posMap)) { + return -1; + } + + int posValue = -1; + for (Map.Entry pe : posMap.entrySet()) { + String name = pe.getKey(); + int order = preferredOrder.indexOf(name); + if (order < 0) { + continue; // should not happen, but tolerate + } + + Integer curIndex = pe.getValue(); + int resIndex; + if (order < prefValue) { + resIndex = curIndex.intValue() + 1; + } else if (order > prefValue) { + resIndex = curIndex.intValue(); // by using same index we insert in front of it in effect + } else { + continue; // should not happen, but tolerate + } + + // Preferred factories should be as close as possible to the beginning of the list + if ((posValue < 0) || (resIndex < posValue)) { + posValue = resIndex; + } + } + + return posValue; + } + + static NamedFactory resolveSignatureFactory( + String keyType, Collection> factories) { + if (GenericUtils.isEmpty(keyType) || GenericUtils.isEmpty(factories)) { + return null; + } + + Collection aliases = KeyUtils.getAllEquivalentKeyTypes(keyType); + if (GenericUtils.isEmpty(aliases)) { + return NamedResource.findByName(keyType, String.CASE_INSENSITIVE_ORDER, factories); + } else { + return NamedResource.findFirstMatchByName(aliases, String.CASE_INSENSITIVE_ORDER, factories); + } + } + + /** + * @param pubKey The intended {@link PublicKey} - ignored if {@code null} + * @param algo The intended signature algorithm - if {@code null}/empty and multiple signatures + * available for the key type then a default will be used. Otherwise, it is + * validated to make sure it matches the public key type + * @return The {@link Signature} factory or {@code null} if no match found + * @throws InvalidKeySpecException If specified algorithm does not match the selected public key + */ + static NamedFactory resolveSignatureFactoryByPublicKey(PublicKey pubKey, String algo) + throws InvalidKeySpecException { + if (pubKey == null) { + return null; + } + + NamedFactory factory = null; + if (pubKey instanceof ECPublicKey) { + ECPublicKey ecKey = (ECPublicKey) pubKey; + factory = BuiltinSignatures.getFactoryByCurveSize(ecKey.getParams()); + } else if (pubKey instanceof RSAPublicKey) { + // SSHD-1104 take into account key aliases + if (GenericUtils.isEmpty(algo)) { + factory = BuiltinSignatures.rsa; + } else if (algo.contains("rsa")) { + factory = BuiltinSignatures.fromFactoryName(algo); + } + } else if (SecurityUtils.EDDSA.equalsIgnoreCase(pubKey.getAlgorithm())) { + factory = BuiltinSignatures.ed25519; + } + + if (GenericUtils.isEmpty(algo) || (factory == null)) { + return factory; + } + + String name = factory.getName(); + if (!algo.equalsIgnoreCase(name)) { + throw new InvalidKeySpecException( + "Mismatched factory name (" + name + ")" + + " for algorithm=" + algo + " when using key type" + + KeyUtils.getKeyType(pubKey)); + } + + return factory; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureRSA.java b/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureRSA.java new file mode 100644 index 0000000..97f9ed9 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureRSA.java @@ -0,0 +1,118 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.signature; + +import java.math.BigInteger; +import java.security.PublicKey; +import java.security.interfaces.RSAKey; +import java.util.Collections; +import java.util.Map; +import java.util.NavigableSet; +import java.util.TreeSet; +import java.util.stream.Collectors; +import java.util.stream.Stream; + +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * RSA Signature + * + * @author Apache MINA SSHD Project + * @see RFC4253 section 6.6 + */ +public abstract class SignatureRSA extends AbstractSignature { + public static final NavigableSet SUPPORTED_KEY_TYPES = Collections.unmodifiableNavigableSet( + Stream.of( + KeyPairProvider.SSH_RSA, + KeyPairProvider.SSH_RSA_CERT, + KeyUtils.RSA_SHA256_KEY_TYPE_ALIAS, + KeyUtils.RSA_SHA512_KEY_TYPE_ALIAS, + KeyUtils.RSA_SHA256_CERT_TYPE_ALIAS, + KeyUtils.RSA_SHA512_CERT_TYPE_ALIAS) + .collect(Collectors.toCollection(() -> new TreeSet<>(String.CASE_INSENSITIVE_ORDER)))); + + private int verifierSignatureSize = -1; + + private final String sshAlgorithmName; + + protected SignatureRSA(String algorithm, String sshAlgorithmName) { + super(algorithm); + this.sshAlgorithmName = ValidateUtils.checkNotNullAndNotEmpty(sshAlgorithmName, + "Missing protocol name of the signature algorithm."); + } + + @Override + public String getSshAlgorithmName(String algo) { + return sshAlgorithmName; + } + + /** + * @return The expected number of bytes in the signature - non-positive if not initialized or not intended to be + * used for verification + */ + protected int getVerifierSignatureSize() { + return verifierSignatureSize; + } + + @Override + public void initVerifier(SessionContext session, PublicKey key) throws Exception { + super.initVerifier(session, key); + RSAKey rsaKey = ValidateUtils.checkInstanceOf(key, RSAKey.class, "Not an RSA key"); + verifierSignatureSize = getVerifierSignatureSize(rsaKey); + } + + public static int getVerifierSignatureSize(RSAKey key) { + BigInteger modulus = key.getModulus(); + return (modulus.bitLength() + Byte.SIZE - 1) / Byte.SIZE; + } + + @Override + public boolean verify(SessionContext session, byte[] sig) throws Exception { + byte[] data = sig; + Map.Entry encoding = extractEncodedSignature(data, SUPPORTED_KEY_TYPES); + if (encoding != null) { + String keyType = encoding.getKey(); + /* + * According to https://tools.ietf.org/html/rfc8332#section-3.2: + * + * OpenSSH 7.2 (but not 7.2p2) incorrectly encodes the algorithm in the signature as "ssh-rsa" when the + * algorithm in SSH_MSG_USERAUTH_REQUEST is "rsa-sha2-256" or "rsa-sha2-512". In this case, the signature + * does actually use either SHA-256 or SHA-512. A server MAY, but is not required to, accept this variant or + * another variant that corresponds to a good-faith implementation and is considered safe to accept. + */ + String canonicalName = KeyUtils.getCanonicalKeyType(keyType); + ValidateUtils.checkTrue(SUPPORTED_KEY_TYPES.contains(canonicalName), "Mismatched key type: %s", keyType); + data = encoding.getValue(); + } + + int expectedSize = getVerifierSignatureSize(); + ValidateUtils.checkTrue(expectedSize > 0, "Signature verification size has not been initialized"); + // Pad with zero if value is trimmed + if (data.length < expectedSize) { + byte[] pad = new byte[expectedSize]; + System.arraycopy(data, 0, pad, pad.length - data.length, data.length); + data = pad; + } + + return doVerify(data); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureRSASHA1.java b/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureRSASHA1.java new file mode 100644 index 0000000..55bfa62 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureRSASHA1.java @@ -0,0 +1,33 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.signature; + +import org.apache.sshd.common.keyprovider.KeyPairProvider; + +/** + * @author Apache MINA SSHD Project + */ +public class SignatureRSASHA1 extends SignatureRSA { + public static final String ALGORITHM = "SHA1withRSA"; + + public SignatureRSASHA1() { + super(ALGORITHM, KeyPairProvider.SSH_RSA); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureRSASHA256.java b/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureRSASHA256.java new file mode 100644 index 0000000..a875262 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureRSASHA256.java @@ -0,0 +1,33 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.signature; + +import org.apache.sshd.common.config.keys.KeyUtils; + +/** + * @author Apache MINA SSHD Project + */ +public class SignatureRSASHA256 extends SignatureRSA { + public static final String ALGORITHM = "SHA256withRSA"; + + public SignatureRSASHA256() { + super(ALGORITHM, KeyUtils.RSA_SHA256_KEY_TYPE_ALIAS); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureRSASHA512.java b/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureRSASHA512.java new file mode 100644 index 0000000..dd40802 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureRSASHA512.java @@ -0,0 +1,33 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.signature; + +import org.apache.sshd.common.config.keys.KeyUtils; + +/** + * @author Apache MINA SSHD Project + */ +public class SignatureRSASHA512 extends SignatureRSA { + public static final String ALGORITHM = "SHA512withRSA"; + + public SignatureRSASHA512() { + super(ALGORITHM, KeyUtils.RSA_SHA512_KEY_TYPE_ALIAS); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureSkECDSA.java b/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureSkECDSA.java new file mode 100644 index 0000000..a604faf --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureSkECDSA.java @@ -0,0 +1,47 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.signature; + +import org.apache.sshd.common.cipher.ECCurves; +import org.apache.sshd.common.config.keys.impl.SkECDSAPublicKeyEntryDecoder; + +public class SignatureSkECDSA extends AbstractSecurityKeySignature { + + public static final String ALGORITHM = "ECDSA-SK"; + + public SignatureSkECDSA() { + super(SkECDSAPublicKeyEntryDecoder.KEY_TYPE); + } + + @Override + public String getAlgorithm() { + return ALGORITHM; + } + + @Override + protected String getSignatureKeyType() { + return ECCurves.nistp256.getKeyType(); + } + + @Override + protected Signature getDelegateSignature() { + return new SignatureECDSA.SignatureECDSA256(); + } + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureSkED25519.java b/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureSkED25519.java new file mode 100644 index 0000000..8fc0eec --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/signature/SignatureSkED25519.java @@ -0,0 +1,47 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.signature; + +import org.apache.sshd.common.config.keys.impl.SkED25519PublicKeyEntryDecoder; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.util.security.SecurityUtils; + +public class SignatureSkED25519 extends AbstractSecurityKeySignature { + + public static final String ALGORITHM = "ED25519-SK"; + + public SignatureSkED25519() { + super(SkED25519PublicKeyEntryDecoder.KEY_TYPE); + } + + @Override + public String getAlgorithm() { + return ALGORITHM; + } + + @Override + protected String getSignatureKeyType() { + return KeyPairProvider.SSH_ED25519; + } + + @Override + protected Signature getDelegateSignature() { + return SecurityUtils.getEDDSASigner(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/u2f/SecurityKeyPublicKey.java b/files-sftp/src/main/java/org/apache/sshd/common/u2f/SecurityKeyPublicKey.java new file mode 100644 index 0000000..9496aec --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/u2f/SecurityKeyPublicKey.java @@ -0,0 +1,29 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.u2f; + +import java.security.PublicKey; + +public interface SecurityKeyPublicKey extends PublicKey { + String getAppName(); + + boolean isNoTouchRequired(); + + K getDelegatePublicKey(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/u2f/SkED25519PublicKey.java b/files-sftp/src/main/java/org/apache/sshd/common/u2f/SkED25519PublicKey.java new file mode 100644 index 0000000..6b9d2ea --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/u2f/SkED25519PublicKey.java @@ -0,0 +1,77 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.u2f; + +import org.xbib.io.sshd.eddsa.EdDSAPublicKey; + +public class SkED25519PublicKey implements SecurityKeyPublicKey { + + public static final String ALGORITHM = "ED25519-SK"; + + private static final long serialVersionUID = 4587115316266869640L; + + private final String appName; + private final boolean noTouchRequired; + private final EdDSAPublicKey delegatePublicKey; + + public SkED25519PublicKey(String appName, boolean noTouchRequired, EdDSAPublicKey delegatePublicKey) { + this.appName = appName; + this.noTouchRequired = noTouchRequired; + this.delegatePublicKey = delegatePublicKey; + } + + @Override + public String getAlgorithm() { + return ALGORITHM; + } + + @Override + public String getFormat() { + return null; + } + + @Override + public byte[] getEncoded() { + return null; + } + + @Override + public String getAppName() { + return appName; + } + + @Override + public boolean isNoTouchRequired() { + return noTouchRequired; + } + + @Override + public EdDSAPublicKey getDelegatePublicKey() { + return delegatePublicKey; + } + + @Override + public String toString() { + return getClass().getSimpleName() + + "[appName=" + getAppName() + + ", noTouchRequired=" + isNoTouchRequired() + + ", delegatePublicKey=" + getDelegatePublicKey() + + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/u2f/SkEcdsaPublicKey.java b/files-sftp/src/main/java/org/apache/sshd/common/u2f/SkEcdsaPublicKey.java new file mode 100644 index 0000000..41d3166 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/u2f/SkEcdsaPublicKey.java @@ -0,0 +1,77 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.u2f; + +import java.security.interfaces.ECPublicKey; + +public class SkEcdsaPublicKey implements SecurityKeyPublicKey { + + public static final String ALGORITHM = "ECDSA-SK"; + + private static final long serialVersionUID = -8758432826838775097L; + + private final String appName; + private final boolean noTouchRequired; + private final ECPublicKey delegatePublicKey; + + public SkEcdsaPublicKey(String appName, boolean noTouchRequired, ECPublicKey delegatePublicKey) { + this.appName = appName; + this.noTouchRequired = noTouchRequired; + this.delegatePublicKey = delegatePublicKey; + } + + @Override + public String getAlgorithm() { + return ALGORITHM; + } + + @Override + public String getFormat() { + return null; + } + + @Override + public byte[] getEncoded() { + return null; + } + + @Override + public String getAppName() { + return appName; + } + + @Override + public boolean isNoTouchRequired() { + return noTouchRequired; + } + + @Override + public ECPublicKey getDelegatePublicKey() { + return delegatePublicKey; + } + + @Override + public String toString() { + return getClass().getSimpleName() + + "[appName=" + getAppName() + + ", noTouchRequired=" + isNoTouchRequired() + + ", delegatePublicKey=" + getDelegatePublicKey() + + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/EventListenerUtils.java b/files-sftp/src/main/java/org/apache/sshd/common/util/EventListenerUtils.java new file mode 100644 index 0000000..ffc719f --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/EventListenerUtils.java @@ -0,0 +1,213 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util; + +import java.lang.reflect.Proxy; +import java.util.Collection; +import java.util.Collections; +import java.util.Comparator; +import java.util.EventListener; +import java.util.Objects; +import java.util.Set; +import java.util.TreeSet; + +/** + * @author Apache MINA SSHD Project + */ +public final class EventListenerUtils { + /** + * A special "comparator" whose only purpose is to ensure there are no same references in a listener's set + * - to be used in conjunction with a {@code TreeSet} as its comparator + */ + @SuppressWarnings("checkstyle:anoninnerlength") + public static final Comparator LISTENER_INSTANCE_COMPARATOR = (l1, l2) -> { + if (l1 == l2) { + return 0; + } else if (l1 == null) { + return 1; + } else if (l2 == null) { + return -1; + } + + Class c1 = l1.getClass(); + Class c2 = l2.getClass(); + boolean checkHashCodes = true; + if (Proxy.isProxyClass(c1)) { + if (Proxy.isProxyClass(c2)) { + checkHashCodes = false; // cannot call hashCode on a proxy + } else { + return 1; + } + } else if (Proxy.isProxyClass(c2)) { + return -1; + } + + if (checkHashCodes) { + int nRes = Integer.compare(l1.hashCode(), l2.hashCode()); + if (nRes != 0) { + return nRes; + } + } + + int nRes = Integer.compare(System.identityHashCode(l1), System.identityHashCode(l2)); + if (nRes != 0) { + return nRes; + } + + if (c1 != c2) { + return c1.getName().compareTo(c2.getName()); + } + + String s1 = Objects.toString(l1.toString(), ""); + String s2 = Objects.toString(l2.toString(), ""); + nRes = s1.compareTo(s2); + if (nRes != 0) { + return nRes; + } + throw new UnsupportedOperationException("Ran out of options to compare instance of " + s1 + " vs. " + s2); + }; + + private EventListenerUtils() { + throw new UnsupportedOperationException("No instance"); + } + + /** + * @param Type of {@link SshdEventListener} contained in the set + * @param listeners The listeners to pre-add to the create set - ignored if (@code null}/empty + * @return A (synchronized) {@link Set} for containing the listeners ensuring that if same listener + * instance is added repeatedly only one instance is actually contained + */ + public static Set synchronizedListenersSet(Collection listeners) { + Set s = EventListenerUtils.synchronizedListenersSet(); + if (GenericUtils.size(listeners) > 0) { + s.addAll(listeners); + } + + return s; + } + + /** + * @param Type of {@link SshdEventListener} contained in the set + * @return A (synchronized) {@link Set} for containing the listeners ensuring that if same listener instance is + * added repeatedly only one instance is actually contained + * @see #LISTENER_INSTANCE_COMPARATOR + */ + public static Set synchronizedListenersSet() { + return Collections.synchronizedSet(new TreeSet(LISTENER_INSTANCE_COMPARATOR)); + } + + /** + * Provides proxy wrapper around an {@link Iterable} container of listener interface implementation. Note: a + * listener interface is one whose invoked methods return only {@code void}. + * + * @param Generic listener type + * @param listenerType The expected listener interface + * @param listeners An {@link Iterable} container of listeners to be invoked. + *

        + * Note(s): + *

        + *
          + *
        • + *

          + * The invocation order is same as the {@link Iterable} container + *

          + *
          • + * + *
        • + *

          + * If any of the invoked listener methods throws an exception, the rest of the listener are + * not invoked and the exception is propagated to the caller + *

          + *
          • + * + *
        • + *

          + * It is up to the caller to ensure that the container does not change while the proxy + * is invoked + *

          + *
          • + *
        + * @return A proxy wrapper implementing the same interface, but delegating the calls to the container + * @see #proxyWrapper(Class, ClassLoader, Iterable) + */ + public static T proxyWrapper(Class listenerType, Iterable listeners) { + return proxyWrapper(listenerType, listenerType.getClassLoader(), listeners); + } + + /** + * Provides proxy wrapper around an {@link Iterable} container of listener interface implementation. Note: a + * listener interface is one whose invoked methods return only {@code void}. + * + * @param Generic {@link SshdEventListener} type + * @param listenerType The expected listener interface + * @param loader The {@link ClassLoader} to use for the proxy + * @param listeners An {@link Iterable} container of listeners to be invoked. + *

        + * Note(s): + *

        + *
          + *
        • + *

          + * The invocation order is same as the {@link Iterable} container + *

          + *
          • + * + *
        • + *

          + * If any of the invoked listener methods throws an exception, the rest of the + * listener are not invoked and the exception is propagated to the caller + *

          + *
          • + * + *
        • + *

          + * It is up to the caller to ensure that the container does not change while + * the proxy is invoked + *

          + *
          • + *
        + * @return A proxy wrapper implementing the same interface, but delegating the calls to the + * container + * @throws IllegalArgumentException if listenerType is not an interface or a {@code null} container has + * been provided + * @see #proxyWrapper(Class, ClassLoader, Iterable) + */ + public static T proxyWrapper( + Class listenerType, ClassLoader loader, Iterable listeners) { + Objects.requireNonNull(listeners, "No listeners container provided"); + + return ProxyUtils.newProxyInstance(loader, listenerType, (proxy, method, args) -> { + Throwable err = null; + for (T l : listeners) { + try { + method.invoke(l, args); + } catch (Throwable t) { + Throwable e = GenericUtils.peelException(t); + err = GenericUtils.accumulateException(err, e); + } + } + + if (err != null) { + throw ProxyUtils.unwrapInvocationThrowable(err); + } + + return null; // we assume always void return value... + }); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/EventNotifier.java b/files-sftp/src/main/java/org/apache/sshd/common/util/EventNotifier.java new file mode 100644 index 0000000..de87230 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/EventNotifier.java @@ -0,0 +1,35 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util; + +/** + * Notify about the occurrence of an event + * + * @param type of event being notified + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface EventNotifier { + /** + * @param event The event + * @throws Exception If failed to process the event notification + */ + void notifyEvent(E event) throws Exception; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/GenericUtils.java b/files-sftp/src/main/java/org/apache/sshd/common/util/GenericUtils.java new file mode 100644 index 0000000..ec57115 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/GenericUtils.java @@ -0,0 +1,1114 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util; + +import java.io.IOException; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.UndeclaredThrowableException; +import java.time.Duration; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.Comparator; +import java.util.Deque; +import java.util.EnumSet; +import java.util.HashSet; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import java.util.NavigableMap; +import java.util.NavigableSet; +import java.util.Objects; +import java.util.Set; +import java.util.SortedSet; +import java.util.TreeMap; +import java.util.TreeSet; +import java.util.concurrent.ExecutionException; +import java.util.concurrent.atomic.AtomicReference; +import java.util.function.BinaryOperator; +import java.util.function.Consumer; +import java.util.function.Function; +import java.util.function.Predicate; +import java.util.function.Supplier; +import java.util.stream.Collector; +import java.util.stream.Collectors; +import java.util.stream.Stream; +import java.util.stream.StreamSupport; + +import org.apache.sshd.common.util.functors.UnaryEquator; + +/** + * @author Apache MINA SSHD Project + */ +public final class GenericUtils { + + public static final byte[] EMPTY_BYTE_ARRAY = {}; + public static final char[] EMPTY_CHAR_ARRAY = {}; + public static final String[] EMPTY_STRING_ARRAY = {}; + public static final Object[] EMPTY_OBJECT_ARRAY = {}; + public static final boolean[] EMPTY_BOOLEAN_ARRAY = {}; + + /** + * A value indicating a {@code null} value - to be used as a placeholder where {@code null}s are not allowed + */ + public static final Object NULL = new Object(); + + /** + * The complement of {@link String#CASE_INSENSITIVE_ORDER} + */ + public static final Comparator CASE_SENSITIVE_ORDER = (s1, s2) -> { + if (s1 == s2) { + return 0; + } else { + return s1.compareTo(s2); + } + }; + + public static final String QUOTES = "\"'"; + + @SuppressWarnings("rawtypes") + private static final Supplier CASE_INSENSITIVE_MAP_FACTORY = () -> new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + + private GenericUtils() { + throw new UnsupportedOperationException("No instance"); + } + + public static String trimToEmpty(String s) { + if (s == null) { + return ""; + } else { + return s.trim(); + } + } + + public static String replaceWhitespaceAndTrim(String s) { + if (s != null) { + s = s.replace('\t', ' '); + } + + return trimToEmpty(s); + } + + /** + *

        + * Replace a String with another String inside a larger String, for the first max values of the search + * String. + *

        + * + *

        + * A {@code null} reference passed to this method is a no-op. + *

        + * + * @param text text to search and replace in + * @param repl String to search for + * @param with String to replace with + * @param max maximum number of values to replace, or -1 if no maximum + * @return the text with any replacements processed + * @author Arnout J. Kuiper ajkuiper@wxs.nl + * @author Magesh Umasankar + * @author Bruce Atherton + * @author Antoine Levy-Lambert + */ + @SuppressWarnings("PMD.AssignmentInOperand") + public static String replace(String text, String repl, String with, int max) { + if ((text == null) || (repl == null) || (with == null) || (repl.length() == 0)) { + return text; + } + + int start = 0; + StringBuilder buf = new StringBuilder(text.length()); + for (int end = text.indexOf(repl, start); end != -1; end = text.indexOf(repl, start)) { + buf.append(text.substring(start, end)).append(with); + start = end + repl.length(); + + if (--max == 0) { + break; + } + } + buf.append(text.substring(start)); + return buf.toString(); + } + + /** + * @param s The {@link String} value to calculate the hash code on - may be {@code null}/empty in which case a + * value of zero is returned + * @return The calculated hash code + * @see #hashCode(String, Boolean) + */ + public static int hashCode(String s) { + return hashCode(s, null); + } + + /** + * @param s The {@link String} value to calculate the hash code on - may be {@code null}/empty in which + * case a value of zero is returned + * @param useUppercase Whether to convert the string to uppercase, lowercase or not at all: + *
          + *
        • {@code null} - no conversion
          • + *
        • {@link Boolean#TRUE} - get hash code of uppercase
          • + *
        • {@link Boolean#FALSE} - get hash code of lowercase
          • + *
        + * @return The calculated hash code + */ + public static int hashCode(String s, Boolean useUppercase) { + if (isEmpty(s)) { + return 0; + } else if (useUppercase == null) { + return s.hashCode(); + } else if (useUppercase.booleanValue()) { + return s.toUpperCase().hashCode(); + } else { + return s.toLowerCase().hashCode(); + } + } + + public static int safeCompare(String s1, String s2, boolean caseSensitive) { + if (isSameReference(s1, s2)) { + return 0; + } else if (s1 == null) { + return +1; // push null(s) to end + } else if (s2 == null) { + return -1; // push null(s) to end + } else if (caseSensitive) { + return s1.compareTo(s2); + } else { + return s1.compareToIgnoreCase(s2); + } + } + + public static boolean isSameReference(T o1, T o2) { + return o1 == o2; + } + + public static int length(CharSequence cs) { + return cs == null ? 0 : cs.length(); + } + + public static boolean isEmpty(CharSequence cs) { + return length(cs) <= 0; + } + + public static boolean isNotEmpty(CharSequence cs) { + return !isEmpty(cs); + } + + public static int indexOf(CharSequence cs, char c) { + int len = length(cs); + for (int pos = 0; pos < len; pos++) { + char ch = cs.charAt(pos); + if (ch == c) { + return pos; + } + } + + return -1; + } + + public static int lastIndexOf(CharSequence cs, char c) { + int len = length(cs); + for (int pos = len - 1; pos >= 0; pos--) { + char ch = cs.charAt(pos); + if (ch == c) { + return pos; + } + } + + return -1; + } + + // a List would be better, but we want to be compatible with String.split(...) + public static String[] split(String s, char ch) { + if (isEmpty(s)) { + return EMPTY_STRING_ARRAY; + } + + int lastPos = 0; + int curPos = s.indexOf(ch); + if (curPos < 0) { + return new String[] { s }; + } + + Collection values = new LinkedList<>(); + do { + String v = s.substring(lastPos, curPos); + values.add(v); + + // skip separator + lastPos = curPos + 1; + if (lastPos >= s.length()) { + break; + } + + curPos = s.indexOf(ch, lastPos); + if (curPos < lastPos) { + break; // no more separators + } + } while (curPos < s.length()); + + // check if any leftovers + if (lastPos < s.length()) { + String v = s.substring(lastPos); + values.add(v); + } + + return values.toArray(new String[values.size()]); + } + + public static String join(T[] values, char ch) { + return join(isEmpty(values) ? Collections. emptyList() : Arrays.asList(values), ch); + } + + public static String join(Iterable iter, char ch) { + return join((iter == null) ? null : iter.iterator(), ch); + } + + public static String join(Iterator iter, char ch) { + if ((iter == null) || (!iter.hasNext())) { + return ""; + } + + StringBuilder sb = new StringBuilder(); + do { // we already asked hasNext... + Object o = iter.next(); + if (sb.length() > 0) { + sb.append(ch); + } + sb.append(Objects.toString(o)); + } while (iter.hasNext()); + + return sb.toString(); + } + + public static String join(T[] values, CharSequence sep) { + return join(isEmpty(values) ? Collections. emptyList() : Arrays.asList(values), sep); + } + + public static String join(Iterable iter, CharSequence sep) { + return join((iter == null) ? null : iter.iterator(), sep); + } + + public static String join(Iterator iter, CharSequence sep) { + if ((iter == null) || (!iter.hasNext())) { + return ""; + } + + StringBuilder sb = new StringBuilder(); + do { // we already asked hasNext... + Object o = iter.next(); + if (sb.length() > 0) { + sb.append(sep); + } + sb.append(Objects.toString(o)); + } while (iter.hasNext()); + + return sb.toString(); + } + + public static int size(Collection c) { + return (c == null) ? 0 : c.size(); + } + + public static boolean isEmpty(Collection c) { + return size(c) <= 0; + } + + public static boolean isNotEmpty(Collection c) { + return !isEmpty(c); + } + + /** + * + * @param Generic element type + * @param c1 First collection + * @param c2 Second collection + * @return {@code true} if the following holds: + *
          + *
        • Same size - Note: {@code null} collections are consider equal to empty ones
          • + * + *
        • First collection contains all elements of second one and vice versa
          • + *
        + */ + public static boolean equals(Collection c1, Collection c2) { + if (isEmpty(c1)) { + return isEmpty(c2); + } else if (isEmpty(c2)) { + return false; + } + + return (c1.size() == c2.size()) + && c1.containsAll(c2) + && c2.containsAll(c1); + } + + public static int size(Map m) { + return (m == null) ? 0 : m.size(); + } + + public static boolean isEmpty(Map m) { + return size(m) <= 0; + } + + public static boolean isNotEmpty(Map m) { + return !isEmpty(m); + } + + @SafeVarargs + public static int length(T... a) { + return (a == null) ? 0 : a.length; + } + + public static boolean isEmpty(Iterable iter) { + if (iter == null) { + return true; + } else if (iter instanceof Collection) { + return isEmpty((Collection) iter); + } else { + return isEmpty(iter.iterator()); + } + } + + public static boolean isNotEmpty(Iterable iter) { + return !isEmpty(iter); + } + + public static boolean isEmpty(Iterator iter) { + return (iter == null) || (!iter.hasNext()); + } + + public static boolean isNotEmpty(Iterator iter) { + return !isEmpty(iter); + } + + @SafeVarargs + public static boolean isEmpty(T... a) { + return length(a) <= 0; + } + + public static int length(char[] chars) { + return (chars == null) ? 0 : chars.length; + } + + public static boolean isEmpty(char[] chars) { + return length(chars) <= 0; + } + + /** + * Compares 2 character arrays - Note: {@code null} and empty are considered equal + * + * @param c1 1st array + * @param c2 2nd array + * @return Negative is 1st array comes first in lexicographical order, positive if 2nd array comes first and zero + * if equal + */ + public static int compare(char[] c1, char[] c2) { + int l1 = length(c1); + int l2 = length(c2); + int cmpLen = Math.min(l1, l2); + for (int index = 0; index < cmpLen; index++) { + char c11 = c1[index]; + char c22 = c2[index]; + int nRes = Character.compare(c11, c22); + if (nRes != 0) { + return nRes; + } + } + + int nRes = Integer.compare(l1, l2); + if (nRes != 0) { + return nRes; + } + + return 0; + } + + @SafeVarargs // there is no EnumSet.of(...) so we have to provide our own + public static > Set of(E... values) { + return of(isEmpty(values) ? Collections.emptySet() : Arrays.asList(values)); + } + + public static > Set of(Collection values) { + if (isEmpty(values)) { + return Collections.emptySet(); + } + + Set result = null; + for (E v : values) { + /* + * A trick to compensate for the fact that we do not have the enum Class to invoke EnumSet.noneOf + */ + if (result == null) { + result = EnumSet.of(v); + } else { + result.add(v); + } + } + + return result; + } + + public static int findFirstDifferentValueIndex(List c1, List c2) { + return findFirstDifferentValueIndex(c1, c2, UnaryEquator.defaultEquality()); + } + + public static int findFirstDifferentValueIndex( + List c1, List c2, UnaryEquator equator) { + Objects.requireNonNull(equator, "No equator provided"); + + int l1 = size(c1); + int l2 = size(c2); + for (int index = 0, count = Math.min(l1, l2); index < count; index++) { + T v1 = c1.get(index); + T v2 = c2.get(index); + if (!equator.test(v1, v2)) { + return index; + } + } + + // all common length items are equal - check length + if (l1 < l2) { + return l1; + } else if (l2 < l1) { + return l2; + } else { + return -1; + } + } + + public static int findFirstDifferentValueIndex(Iterable c1, Iterable c2) { + return findFirstDifferentValueIndex(c1, c2, UnaryEquator.defaultEquality()); + } + + public static int findFirstDifferentValueIndex( + Iterable c1, Iterable c2, UnaryEquator equator) { + return findFirstDifferentValueIndex(iteratorOf(c1), iteratorOf(c2), equator); + } + + public static int findFirstDifferentValueIndex(Iterator i1, Iterator i2) { + return findFirstDifferentValueIndex(i1, i2, UnaryEquator.defaultEquality()); + } + + public static int findFirstDifferentValueIndex( + Iterator i1, Iterator i2, UnaryEquator equator) { + Objects.requireNonNull(equator, "No equator provided"); + + i1 = iteratorOf(i1); + i2 = iteratorOf(i2); + for (int index = 0;; index++) { + if (i1.hasNext()) { + if (i2.hasNext()) { + T v1 = i1.next(); + T v2 = i2.next(); + if (!equator.test(v1, v2)) { + return index; + } + } else { + return index; + } + } else if (i2.hasNext()) { + return index; + } else { + return -1; // neither has a next value - both exhausted at the same time + } + } + } + + public static boolean containsAny( + Collection coll, Iterable values) { + if (isEmpty(coll)) { + return false; + } + + for (T v : values) { + if (coll.contains(v)) { + return true; + } + } + + return false; + } + + public static void forEach( + Iterable values, Consumer consumer) { + if (isNotEmpty(values)) { + values.forEach(consumer); + } + } + + public static List map( + Collection values, Function mapper) { + return stream(values).map(mapper).collect(Collectors.toList()); + } + + public static NavigableSet mapSort( + Collection values, Function mapper, Comparator comparator) { + return stream(values).map(mapper).collect(toSortedSet(comparator)); + } + + public static NavigableMap toSortedMap( + Iterable values, Function keyMapper, + Function valueMapper, Comparator comparator) { + return stream(values).collect(toSortedMap(keyMapper, valueMapper, comparator)); + } + + public static Collector> toSortedMap( + Function keyMapper, + Function valueMapper, + Comparator comparator) { + return Collectors.toMap(keyMapper, valueMapper, throwingMerger(), () -> new TreeMap<>(comparator)); + } + + public static BinaryOperator throwingMerger() { + return (u, v) -> { + throw new IllegalStateException(String.format("Duplicate key %s", u)); + }; + } + + public static Collector> toSortedSet(Comparator comparator) { + return Collectors.toCollection(() -> new TreeSet<>(comparator)); + } + + public static Stream stream(Iterable values) { + if (isEmpty(values)) { + return Stream.empty(); + } else if (values instanceof Collection) { + return ((Collection) values).stream(); + } else { + return StreamSupport.stream(values.spliterator(), false); + } + } + + @SafeVarargs + public static List unmodifiableList(T... values) { + return unmodifiableList(asList(values)); + } + + public static List unmodifiableList(Collection values) { + if (isEmpty(values)) { + return Collections.emptyList(); + } else { + return Collections.unmodifiableList(new ArrayList<>(values)); + } + } + + public static List unmodifiableList(Stream values) { + return unmodifiableList(values.collect(Collectors.toList())); + } + + @SafeVarargs + public static List asList(T... values) { + return isEmpty(values) ? Collections.emptyList() : Arrays.asList(values); + } + + @SafeVarargs + public static Set asSet(T... values) { + return new HashSet<>(asList(values)); + } + + @SafeVarargs + public static > NavigableSet asSortedSet(V... values) { + return asSortedSet(Comparator.naturalOrder(), values); + } + + public static > NavigableSet asSortedSet(Collection values) { + return asSortedSet(Comparator.naturalOrder(), values); + } + + /** + * @param The element type + * @param comp The (non-{@code null}) {@link Comparator} to use + * @param values The values to be added (ignored if {@code null}) + * @return A {@link NavigableSet} containing the values (if any) sorted using the provided comparator + */ + @SafeVarargs + public static NavigableSet asSortedSet(Comparator comp, V... values) { + return asSortedSet(comp, isEmpty(values) ? Collections.emptyList() : Arrays.asList(values)); + } + + /** + * @param The element type + * @param comp The (non-{@code null}) {@link Comparator} to use + * @param values The values to be added (ignored if {@code null}/empty) + * @return A {@link NavigableSet} containing the values (if any) sorted using the provided comparator + */ + public static NavigableSet asSortedSet( + Comparator comp, Collection values) { + NavigableSet set = new TreeSet<>(Objects.requireNonNull(comp, "No comparator")); + if (size(values) > 0) { + set.addAll(values); + } + return set; + } + + /** + * @param Type of mapped value + * @return A {@link Supplier} that returns a new {@link NavigableMap} whenever its {@code get()} method + * is invoked + */ + @SuppressWarnings("unchecked") + public static Supplier> caseInsensitiveMap() { + return CASE_INSENSITIVE_MAP_FACTORY; + } + + /** + * Flips between keys and values of an input map + * + * @param Original map key type + * @param Original map value type + * @param Flipped map type + * @param map The original map to flip + * @param mapCreator The creator of the target map + * @param allowDuplicates Whether to ignore duplicates on flip + * @return The flipped map result + * @throws IllegalArgumentException if allowDuplicates is {@code false} and a duplicate value found in the + * original map. + */ + public static > M flipMap( + Map map, Supplier mapCreator, boolean allowDuplicates) { + M result = Objects.requireNonNull(mapCreator.get(), "No map created"); + map.forEach((key, value) -> { + K prev = result.put(value, key); + if ((prev != null) && (!allowDuplicates)) { + ValidateUtils.throwIllegalArgumentException("Multiple values for key=%s: current=%s, previous=%s", value, key, + prev); + } + }); + + return result; + } + + @SafeVarargs + public static > M mapValues( + Function keyMapper, Supplier mapCreator, V... values) { + return mapValues(keyMapper, mapCreator, isEmpty(values) ? Collections.emptyList() : Arrays.asList(values)); + } + + /** + * Creates a map out of a group of values + * + * @param The key type + * @param The value type + * @param The result {@link Map} type + * @param keyMapper The {@link Function} that generates a key for a given value. If the returned key is + * {@code null} then the value is not mapped + * @param mapCreator The {@link Supplier} used to create/retrieve the result map - provided non-empty group of + * values + * @param values The values to be mapped + * @return The resulting {@link Map} - Note: no validation is made to ensure that 2 (or more) + * values are not mapped to the same key + */ + public static > M mapValues( + Function keyMapper, + Supplier mapCreator, + Collection values) { + M map = mapCreator.get(); + for (V v : values) { + K k = keyMapper.apply(v); + if (k == null) { + continue; // debug breakpoint + } + map.put(k, v); + } + + return map; + } + + @SafeVarargs + public static T findFirstMatchingMember(Predicate acceptor, T... values) { + return findFirstMatchingMember(acceptor, + isEmpty(values) ? Collections.emptyList() : Arrays.asList(values)); + } + + public static T findFirstMatchingMember( + Predicate acceptor, Collection values) { + List matches = selectMatchingMembers(acceptor, values); + return GenericUtils.isEmpty(matches) ? null : matches.get(0); + } + + /** + * Returns a list of all the values that were accepted by a predicate + * + * @param The type of value being evaluated + * @param acceptor The {@link Predicate} to consult whether a member is selected + * @param values The values to be scanned + * @return A {@link List} of all the values that were accepted by the predicate + */ + @SafeVarargs + public static List selectMatchingMembers(Predicate acceptor, T... values) { + return selectMatchingMembers(acceptor, + isEmpty(values) ? Collections.emptyList() : Arrays.asList(values)); + } + + /** + * Returns a list of all the values that were accepted by a predicate + * + * @param The type of value being evaluated + * @param acceptor The {@link Predicate} to consult whether a member is selected + * @param values The values to be scanned + * @return A {@link List} of all the values that were accepted by the predicate + */ + public static List selectMatchingMembers( + Predicate acceptor, Collection values) { + return GenericUtils.stream(values) + .filter(acceptor) + .collect(Collectors.toList()); + } + + /** + * @param s The {@link CharSequence} to be checked + * @return If the sequence contains any of the {@link #QUOTES} on both ends, then they are stripped, + * otherwise nothing is done + * @see #stripDelimiters(CharSequence, char) + */ + public static CharSequence stripQuotes(CharSequence s) { + if (isEmpty(s)) { + return s; + } + + for (int index = 0; index < QUOTES.length(); index++) { + char delim = QUOTES.charAt(index); + CharSequence v = stripDelimiters(s, delim); + if (v != s) { // if stripped one don't continue + return v; + } + } + + return s; + } + + /** + * @param s The {@link CharSequence} to be checked + * @param delim The expected delimiter + * @return If the sequence contains the delimiter on both ends, then it is are stripped, otherwise + * nothing is done + */ + public static CharSequence stripDelimiters(CharSequence s, char delim) { + if (isEmpty(s) || (s.length() < 2)) { + return s; + } + + int lastPos = s.length() - 1; + if ((s.charAt(0) != delim) || (s.charAt(lastPos) != delim)) { + return s; + } else { + return s.subSequence(1, lastPos); + } + } + + public static RuntimeException toRuntimeException(Throwable t) { + return toRuntimeException(t, true); + } + + /** + * Converts a thrown generic exception to a {@link RuntimeException} + * + * @param t The original thrown exception + * @param peelThrowable Whether to determine the root cause by "peeling" any enclosing exceptions + * @return The thrown cause if already a runtime exception, otherwise a runtime exception of the + * resolved exception as its cause + * @see #peelException(Throwable) + */ + public static RuntimeException toRuntimeException(Throwable t, boolean peelThrowable) { + Throwable e = peelThrowable ? peelException(t) : t; + if (e instanceof RuntimeException) { + return (RuntimeException) e; + } + + return new RuntimeException(e); + } + + /** + * Attempts to get to the "effective" exception being thrown, by taking care of some known exceptions that + * wrap the original thrown one. + * + * @param t The original {@link Throwable} - ignored if {@code null} + * @return The effective exception - same as input if not a wrapper + */ + public static Throwable peelException(Throwable t) { + // NOTE: check order is important - e.g., InvocationTargetException extends ReflectiveOperationException + if (t == null) { + return t; + } else if (t instanceof UndeclaredThrowableException) { + Throwable wrapped = ((UndeclaredThrowableException) t).getUndeclaredThrowable(); + // according to the Javadoc it may be null, in which case 'getCause' + // might contain the information we need + if (wrapped != null) { + return peelException(wrapped); + } + + wrapped = t.getCause(); + if (wrapped != t) { // make sure it is a real cause + return peelException(wrapped); + } + } else if (t instanceof InvocationTargetException) { + Throwable target = ((InvocationTargetException) t).getTargetException(); + if (target != null) { + return peelException(target); + } + } else if (t instanceof ExecutionException) { + Throwable wrapped = resolveExceptionCause(t); + if (wrapped != null) { + return peelException(wrapped); + } + } + + return t; // no special handling required or available + } + + /** + * @param t The original {@link Throwable} - ignored if {@code null} + * @return If {@link Throwable#getCause()} is non-{@code null} then the cause, otherwise the original exception - + * {@code null} if the original exception was {@code null} + */ + public static Throwable resolveExceptionCause(Throwable t) { + if (t == null) { + return t; + } + + Throwable c = t.getCause(); + if (c == null) { + return t; + } else { + return c; + } + } + + /** + * Used to "accumulate" exceptions of the same type. If the current exception is {@code null} then + * the new one becomes the current, otherwise the new one is added as a suppressed exception to the current + * one + * + * @param The exception type + * @param current The current exception + * @param extra The extra/new exception + * @return The resolved exception + * @see Throwable#addSuppressed(Throwable) + */ + public static T accumulateException(T current, T extra) { + if (current == null) { + return extra; + } + + if ((extra == null) || (extra == current)) { + return current; + } + + current.addSuppressed(extra); + return current; + } + + public static void rethrowAsIoException(Throwable e) throws IOException { + if (e instanceof IOException) { + throw (IOException) e; + } else if (e instanceof RuntimeException) { + throw (RuntimeException) e; + } else if (e instanceof Error) { + throw (Error) e; + } else { + throw new IOException(e); + } + } + + /** + * Wraps a value into a {@link Supplier} + * + * @param Type of value being supplied + * @param value The value to be supplied + * @return The supplier wrapper + */ + public static Supplier supplierOf(T value) { + return () -> value; + } + + /** + * Resolves to an always non-{@code null} iterator + * + * @param Type of value being iterated + * @param iterable The {@link Iterable} instance + * @return A non-{@code null} iterator which may be empty if no iterable instance or no iterator returned + * from it + * @see #iteratorOf(Iterator) + */ + public static Iterator iteratorOf(Iterable iterable) { + return iteratorOf((iterable == null) ? null : iterable.iterator()); + } + + /** + * @param Generic base class + * @param Generic child class + * @return An identity {@link Function} that returns its input child class as a base class + */ + public static Function downcast() { + return t -> t; + } + + /** + * Returns the first element in iterable - it has some optimization for {@link List}-s {@link Deque}-s and + * {@link SortedSet}s. + * + * @param Type of element + * @param it The {@link Iterable} instance - ignored if {@code null}/empty + * @return first element by iteration or {@code null} if none available + */ + public static T head(Iterable it) { + if (it == null) { + return null; + } else if (it instanceof Deque) { // check before (!) instanceof List since LinkedList implements List + Deque l = (Deque) it; + return (l.size() > 0) ? l.getFirst() : null; + } else if (it instanceof List) { + List l = (List) it; + return (l.size() > 0) ? l.get(0) : null; + } else if (it instanceof SortedSet) { + SortedSet s = (SortedSet) it; + return (s.size() > 0) ? s.first() : null; + } else { + Iterator iter = it.iterator(); + return ((iter == null) || (!iter.hasNext())) ? null : iter.next(); + } + } + + /** + * Resolves to an always non-{@code null} iterator + * + * @param Type of value being iterated + * @param iter The {@link Iterator} instance + * @return A non-{@code null} iterator which may be empty if no iterator instance + * @see Collections#emptyIterator() + */ + public static Iterator iteratorOf(Iterator iter) { + return (iter == null) ? Collections.emptyIterator() : iter; + } + + public static Iterable wrapIterable( + Iterable iter, Function mapper) { + return () -> wrapIterator(iter, mapper); + } + + @SuppressWarnings({ "unchecked", "rawtypes" }) + public static Iterator wrapIterator( + Iterable iter, Function mapper) { + return (Iterator) stream(iter).map(mapper).iterator(); + } + + public static Iterator wrapIterator( + Iterator iter, Function mapper) { + Iterator iterator = iteratorOf(iter); + return new Iterator() { + @Override + public boolean hasNext() { + return iterator.hasNext(); + } + + @Override + public V next() { + U value = iterator.next(); + return mapper.apply(value); + } + }; + } + + /** + * @param Generic return type + * @param values The source values - ignored if {@code null} + * @param type The (never @code null) type of values to select - any value whose type is assignable to this type + * will be selected by the iterator. + * @return The first value that matches the specified type - {@code null} if none found + */ + public static T selectNextMatchingValue(Iterator values, Class type) { + Objects.requireNonNull(type, "No type selector specified"); + if (values == null) { + return null; + } + + while (values.hasNext()) { + Object o = values.next(); + if (o == null) { + continue; + } + + Class t = o.getClass(); + if (type.isAssignableFrom(t)) { + return type.cast(o); + } + } + + return null; + } + + /** + * Wraps a group of {@link Supplier}s of {@link Iterable} instances into a "unified" {@link Iterable} of + * their values, in the same order as the suppliers - i.e., once the values from a specific supplier are exhausted, + * the next one is consulted, and so on, until all suppliers have been consulted + * + * @param Type of value being iterated + * @param providers The providers - ignored if {@code null} (i.e., return an empty iterable instance) + * @return The wrapping instance + */ + public static Iterable multiIterableSuppliers( + Iterable>> providers) { + return () -> stream(providers). flatMap(s -> stream(s.get())).map(Function.identity()).iterator(); + } + + /** + * The delegate Suppliers get() method is called exactly once and the result is cached. + * + * @param Generic type of supplied value + * @param delegate The actual Supplier + * @return The memoized Supplier + */ + public static Supplier memoizeLock(Supplier delegate) { + AtomicReference value = new AtomicReference<>(); + return () -> { + T val = value.get(); + if (val == null) { + synchronized (value) { + val = value.get(); + if (val == null) { + val = Objects.requireNonNull(delegate.get()); + value.set(val); + } + } + } + return val; + }; + } + + /** + * Check if a duration is positive + * + * @param d the duration + * @return true if the duration is greater than zero + */ + public static boolean isPositive(Duration d) { + return !isNegativeOrNull(d); + } + + /** + * Check if a duration is negative or zero + * + * @param d the duration + * @return true if the duration is negative or zero + */ + public static boolean isNegativeOrNull(Duration d) { + return d.isNegative() || d.isZero(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/IgnoringEmptyMap.java b/files-sftp/src/main/java/org/apache/sshd/common/util/IgnoringEmptyMap.java new file mode 100644 index 0000000..1903387 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/IgnoringEmptyMap.java @@ -0,0 +1,128 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util; + +import java.util.Collection; +import java.util.Collections; +import java.util.Map; +import java.util.Objects; +import java.util.Set; + +/** + * A dummy map that ignores all {@code put/remove} calls + * + * @param Key type + * @param Value type + * @author Apache MINA SSHD Project + */ +public class IgnoringEmptyMap implements Map { + @SuppressWarnings("rawtypes") + private static final IgnoringEmptyMap INSTANCE = new IgnoringEmptyMap(); + + public IgnoringEmptyMap() { + super(); + } + + @Override + public int size() { + return 0; + } + + @Override + public boolean isEmpty() { + return true; + } + + @Override + public boolean containsValue(Object value) { + Objects.requireNonNull(value, "No value provided"); + return false; + } + + @Override + public boolean containsKey(Object key) { + Objects.requireNonNull(key, "No key provided"); + return false; + } + + @Override + public V get(Object key) { + Objects.requireNonNull(key, "No key provided"); + return null; + } + + @Override + public V put(K key, V value) { + Objects.requireNonNull(key, "No key provided"); + Objects.requireNonNull(value, "No value provided"); + return null; + } + + @Override + public V remove(Object key) { + Objects.requireNonNull(key, "No key provided"); + return null; + } + + @Override + public void putAll(Map m) { + // ignored + } + + @Override + public void clear() { + // ignored + } + + @Override + public Set keySet() { + return Collections.emptySet(); + } + + @Override + public Collection values() { + return Collections.emptyList(); + } + + @Override + public boolean equals(Object o) { + return o instanceof IgnoringEmptyMap; + } + + @Override + public int hashCode() { + return 0; + } + + @Override + public String toString() { + return "{}"; + } + + @Override + public Set> entrySet() { + return Collections.emptySet(); + } + + @SuppressWarnings("unchecked") + public static IgnoringEmptyMap getInstance() { + return INSTANCE; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/Int2IntFunction.java b/files-sftp/src/main/java/org/apache/sshd/common/util/Int2IntFunction.java new file mode 100644 index 0000000..490abb0 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/Int2IntFunction.java @@ -0,0 +1,66 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util; + +import java.util.function.IntUnaryOperator; + +/** + * @author Apache MINA SSHD Project + */ +public final class Int2IntFunction { + private Int2IntFunction() { + throw new UnsupportedOperationException("No instance"); + } + + public static IntUnaryOperator sub(int delta) { + return add(0 - delta); + } + + public static IntUnaryOperator add(int delta) { + if (delta == 0) { + return IntUnaryOperator.identity(); + } else { + return value -> value + delta; + } + } + + public static IntUnaryOperator mul(int factor) { + if (factor == 0) { + return constant(0); + } else if (factor == 1) { + return IntUnaryOperator.identity(); + } else { + return value -> value * factor; + } + } + + public static IntUnaryOperator constant(int v) { + return value -> v; + } + + public static IntUnaryOperator div(int factor) { + if (factor == 1) { + return IntUnaryOperator.identity(); + } else { + ValidateUtils.checkTrue(factor != 0, "Zero division factor"); + return value -> value / factor; + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/Invoker.java b/files-sftp/src/main/java/org/apache/sshd/common/util/Invoker.java new file mode 100644 index 0000000..270c3c8 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/Invoker.java @@ -0,0 +1,137 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util; + +import java.util.AbstractMap.SimpleImmutableEntry; +import java.util.Collection; +import java.util.Map; + +/** + * The complement to the {@code Callable} interface - accepts one argument and possibly throws something + * + * @param Argument type + * @param Return type + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface Invoker { + RET invoke(ARG arg) throws Throwable; + + /** + * Wraps a bunch of {@link Invoker}-s that return no value into one that invokes them in the same order as + * they appear. Note: all invokers are used and any thrown exceptions are accumulated and + * thrown as a single exception at the end of invoking all of them. + * + * @param The argument type + * @param invokers The invokers to wrap - ignored if {@code null}/empty + * @return The wrapper + * @see #invokeAll(Object, Collection) invokeAll + */ + static Invoker wrapAll( + Collection> invokers) { + return arg -> { + invokeAll(arg, invokers); + return null; + }; + } + + /** + * Invokes all the instances ignoring the return value. Any intermediate exceptions are accumulated and + * thrown at the end. + * + * @param Argument type + * @param arg The argument to pass to the {@link #invoke(Object)} method + * @param invokers The invokers to scan - ignored if {@code null}/empty (also ignores {@code null} members) + * @throws Throwable If invocation failed + */ + static void invokeAll( + ARG arg, Collection> invokers) + throws Throwable { + if (GenericUtils.isEmpty(invokers)) { + return; + } + + Throwable err = null; + for (Invoker i : invokers) { + if (i == null) { + continue; + } + + try { + i.invoke(arg); + } catch (Throwable t) { + err = GenericUtils.accumulateException(err, t); + } + } + + if (err != null) { + throw err; + } + } + + /** + * Wraps a bunch of {@link Invoker}-s that return no value into one that invokes them in the same order as + * they appear. Note: stops when first invoker throws an exception (otherwise invokes all) + * + * @param The argument type + * @param invokers The invokers to wrap - ignored if {@code null}/empty + * @return The wrapper + * @see #invokeTillFirstFailure(Object, Collection) invokeTillFirstFailure + */ + static Invoker wrapFirst( + Collection> invokers) { + return arg -> { + Map.Entry, Throwable> result = invokeTillFirstFailure(arg, invokers); + if (result != null) { + throw result.getValue(); + } + return null; + }; + } + + /** + * Invokes all instances until 1st failure (if any) + * + * @param Argument type + * @param arg The argument to pass to the {@link #invoke(Object)} method + * @param invokers The invokers to scan - ignored if {@code null}/empty (also ignores {@code null} members) + * @return A {@link SimpleImmutableEntry} representing the first failed invocation - {@code null} if + * all were successful (or none invoked). + */ + static SimpleImmutableEntry, Throwable> invokeTillFirstFailure( + ARG arg, Collection> invokers) { + if (GenericUtils.isEmpty(invokers)) { + return null; + } + + for (Invoker i : invokers) { + if (i == null) { + continue; + } + + try { + i.invoke(arg); + } catch (Throwable t) { + return new SimpleImmutableEntry<>(i, t); + } + } + + return null; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/MapEntryUtils.java b/files-sftp/src/main/java/org/apache/sshd/common/util/MapEntryUtils.java new file mode 100644 index 0000000..e466b90 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/MapEntryUtils.java @@ -0,0 +1,221 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util; + +import java.util.Collections; +import java.util.Comparator; +import java.util.EnumMap; +import java.util.LinkedHashMap; +import java.util.Map; +import java.util.NavigableMap; +import java.util.Objects; +import java.util.TreeMap; +import java.util.function.Supplier; + +/** + * Represents an un-modifiable pair of values + * + * @author Apache MINA SSHD Project + */ +public final class MapEntryUtils { + @SuppressWarnings({ "rawtypes", "unchecked" }) + private static final Comparator> BY_KEY_COMPARATOR = (o1, o2) -> { + Comparable k1 = o1.getKey(); + Comparable k2 = o2.getKey(); + return k1.compareTo(k2); + }; + + private MapEntryUtils() { + throw new UnsupportedOperationException("No instance"); + } + + /** + * @param The {@link Comparable} key type + * @param The associated entry value + * @return A {@link Comparator} for {@link Map.Entry}-ies that compares the key values + */ + @SuppressWarnings({ "unchecked", "rawtypes" }) + public static , V> Comparator> byKeyEntryComparator() { + return (Comparator) BY_KEY_COMPARATOR; + } + + public static class GenericMapPopulator> implements Supplier { + private final M map; + + public GenericMapPopulator(M map) { + this.map = Objects.requireNonNull(map, "No map provided"); + } + + public GenericMapPopulator put(K k, V v) { + map.put(k, v); + return this; + } + + public GenericMapPopulator remove(K k) { + map.remove(k); + return this; + } + + public GenericMapPopulator putAll(Map other) { + map.putAll(other); + return this; + } + + public GenericMapPopulator clear() { + map.clear(); + return this; + } + + @Override + public M get() { + return map; + } + } + + public static class MapBuilder extends GenericMapPopulator> { + public MapBuilder() { + super(new LinkedHashMap<>()); + } + + @Override + public MapBuilder put(K k, V v) { + super.put(k, v); + return this; + } + + @Override + public MapBuilder remove(K k) { + super.remove(k); + return this; + } + + @Override + public MapBuilder putAll(Map other) { + super.putAll(other); + return this; + } + + @Override + public MapBuilder clear() { + super.clear(); + return this; + } + + public Map build() { + return get(); + } + + public Map immutable() { + return Collections.unmodifiableMap(build()); + } + + public static MapBuilder builder() { + return new MapBuilder<>(); + } + + } + + public static class NavigableMapBuilder extends GenericMapPopulator> { + public NavigableMapBuilder(Comparator comparator) { + super(new TreeMap<>(Objects.requireNonNull(comparator, "No comparator provided"))); + } + + @Override + public NavigableMapBuilder put(K k, V v) { + super.put(k, v); + return this; + } + + @Override + public NavigableMapBuilder remove(K k) { + super.remove(k); + return this; + } + + @Override + public NavigableMapBuilder putAll(Map other) { + super.putAll(other); + return this; + } + + @Override + public NavigableMapBuilder clear() { + super.clear(); + return this; + } + + public NavigableMap build() { + return get(); + } + + public NavigableMap immutable() { + return Collections.unmodifiableNavigableMap(build()); + } + + public static , V> NavigableMapBuilder builder() { + return builder(Comparator.naturalOrder()); + } + + public static NavigableMapBuilder builder(Comparator comparator) { + return new NavigableMapBuilder<>(comparator); + } + } + + public static class EnumMapBuilder, V> extends GenericMapPopulator> { + public EnumMapBuilder(Class keyType) { + super(new EnumMap<>(Objects.requireNonNull(keyType, "No enum class specified"))); + } + + @Override + public EnumMapBuilder put(K k, V v) { + super.put(k, v); + return this; + } + + @Override + public EnumMapBuilder remove(K k) { + super.remove(k); + return this; + } + + @Override + public EnumMapBuilder putAll(Map other) { + super.putAll(other); + return this; + } + + @Override + public EnumMapBuilder clear() { + super.clear(); + return this; + } + + public Map build() { + return get(); + } + + public Map immutable() { + return Collections.unmodifiableMap(build()); + } + + public static , V> EnumMapBuilder builder(Class keyType) { + return new EnumMapBuilder<>(keyType); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/NumberUtils.java b/files-sftp/src/main/java/org/apache/sshd/common/util/NumberUtils.java new file mode 100644 index 0000000..ebc9fbc --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/NumberUtils.java @@ -0,0 +1,301 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; + +/** + * @author Apache MINA SSHD Project + */ +public final class NumberUtils { + /** + * A {@link List} of all the {@link Class} types used to represent the primitive numerical values + */ + public static final List> NUMERIC_PRIMITIVE_CLASSES = GenericUtils.unmodifiableList( + Byte.TYPE, Short.TYPE, Integer.TYPE, Long.TYPE, Float.TYPE, Double.TYPE); + + private NumberUtils() { + throw new UnsupportedOperationException("No instance"); + } + + /** + * @param value The original (non-negative) value + * @return The closest positive power of 2 that is greater or equal to the value. If none can be found + * then returns the original value + */ + public static int getNextPowerOf2(int value) { + if (value < 0) { + throw new IllegalArgumentException("Negative value N/A: " + value); + } + + int j = 1; + while (j < value) { + j <<= 1; + // Did we stumble onto the realm of values beyond 2GB ? + if (j <= 0) { + return value; + } + } + + return j; + } + + public static int hashCode(long... values) { + return Arrays.hashCode(values); + } + + public static int hashCode(int... values) { + return Arrays.hashCode(values); + } + + public static int hashCode(byte... values) { + return Arrays.hashCode(values); + } + + public static int hashCode(byte[] a, int offset, int len) { + if (len == 0) { + return 0; + } + + int result = 1; + for (int pos = offset, count = 0; count < len; pos++, count++) { + byte element = a[pos]; + result = 31 * result + element; + } + + return result; + } + + public static int diffOffset(byte[] a1, int startPos1, byte[] a2, int startPos2, int len) { + for (int pos1 = startPos1, pos2 = startPos2, count = 0; count < len; pos1++, pos2++, count++) { + byte v1 = a1[pos1]; + byte v2 = a2[pos2]; + if (v1 != v2) { + return count; + } + } + + return -1; + } + + /** + * @param clazz The {@link Class} to examine - ignored if {@code null} + * @return If the class is a {@link Number} or one of the primitive numerical types + * @see #NUMERIC_PRIMITIVE_CLASSES + */ + public static boolean isNumericClass(Class clazz) { + if (clazz == null) { + return false; + } + + // turns out that the primitive types are not assignable to Number + if (Number.class.isAssignableFrom(clazz)) { + return true; + } + + return NUMERIC_PRIMITIVE_CLASSES.indexOf(clazz) >= 0; + } + + /** + * Converts a {@link Number} into an {@link Integer} if not already such + * + * @param n The {@link Number} - ignored if {@code null} + * @return The equivalent {@link Integer} value + */ + public static Integer toInteger(Number n) { + if (n == null) { + return null; + } else if (n instanceof Integer) { + return (Integer) n; + } else { + return n.intValue(); + } + } + + public static String join(CharSequence separator, long... values) { + if (NumberUtils.isEmpty(values)) { + return ""; + } + + StringBuilder sb = new StringBuilder(values.length * Byte.SIZE); + for (long v : values) { + if (sb.length() > 0) { + sb.append(separator); + } + sb.append(v); + } + + return sb.toString(); + } + + public static String join(char separator, long... values) { + if (NumberUtils.isEmpty(values)) { + return ""; + } + + StringBuilder sb = new StringBuilder(values.length * Byte.SIZE); + for (long v : values) { + if (sb.length() > 0) { + sb.append(separator); + } + sb.append(v); + } + + return sb.toString(); + } + + public static String join(CharSequence separator, boolean unsigned, byte... values) { + if (NumberUtils.isEmpty(values)) { + return ""; + } + + StringBuilder sb = new StringBuilder(values.length * Byte.SIZE); + for (byte v : values) { + if (sb.length() > 0) { + sb.append(separator); + } + sb.append(unsigned ? (v & 0xFF) : v); + } + + return sb.toString(); + } + + public static String join(char separator, boolean unsigned, byte... values) { + if (NumberUtils.isEmpty(values)) { + return ""; + } + + StringBuilder sb = new StringBuilder(values.length * Byte.SIZE); + for (byte v : values) { + if (sb.length() > 0) { + sb.append(separator); + } + sb.append(unsigned ? (v & 0xFF) : v); + } + + return sb.toString(); + } + + public static String join(CharSequence separator, int... values) { + if (NumberUtils.isEmpty(values)) { + return ""; + } + + StringBuilder sb = new StringBuilder(values.length * Byte.SIZE); + for (int v : values) { + if (sb.length() > 0) { + sb.append(separator); + } + sb.append(v); + } + + return sb.toString(); + } + + public static String join(char separator, int... values) { + if (NumberUtils.isEmpty(values)) { + return ""; + } + + StringBuilder sb = new StringBuilder(values.length * Byte.SIZE); + for (int v : values) { + if (sb.length() > 0) { + sb.append(separator); + } + sb.append(v); + } + + return sb.toString(); + } + + public static byte[] emptyIfNull(byte[] a) { + return (a == null) ? GenericUtils.EMPTY_BYTE_ARRAY : a; + } + + public static boolean isEmpty(byte[] a) { + return NumberUtils.length(a) <= 0; + } + + public static boolean isEmpty(int[] a) { + return NumberUtils.length(a) <= 0; + } + + public static boolean isEmpty(long[] a) { + return NumberUtils.length(a) <= 0; + } + + public static int length(byte... a) { + return (a == null) ? 0 : a.length; + } + + public static int length(int... a) { + return (a == null) ? 0 : a.length; + } + + public static int length(long... a) { + return (a == null) ? 0 : a.length; + } + + public static List asList(int... values) { + int len = length(values); + if (len <= 0) { + return Collections.emptyList(); + } + + List l = new ArrayList<>(len); + for (int v : values) { + l.add(v); + } + + return l; + } + + /** + * Checks if optional sign and all others are '0'-'9' + * + * @param cs The {@link CharSequence} to check + * @return {@code true} if valid integer number + */ + public static boolean isIntegerNumber(CharSequence cs) { + if (GenericUtils.isEmpty(cs)) { + return false; + } + + for (int index = 0, len = cs.length(); index < len; index++) { + char c = cs.charAt(index); + if ((c >= '0') && (c <= '9')) { + continue; + } + + if ((c == '+') || (c == '-')) { + if (index == 0) { + continue; + } + } + + return false; + } + + return true; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/ObjectBuilder.java b/files-sftp/src/main/java/org/apache/sshd/common/util/ObjectBuilder.java new file mode 100644 index 0000000..2f78581 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/ObjectBuilder.java @@ -0,0 +1,38 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util; + +import java.util.function.Supplier; + +/** + * A generic builder interface + * + * @param Type of object being built + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface ObjectBuilder extends Supplier { + @Override + default T get() { + return build(); + } + + T build(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/OsUtils.java b/files-sftp/src/main/java/org/apache/sshd/common/util/OsUtils.java new file mode 100644 index 0000000..54ca86b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/OsUtils.java @@ -0,0 +1,283 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util; + +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.concurrent.atomic.AtomicReference; + +/** + * Operating system dependent utility methods. + * + * @author Apache MINA SSHD Project + */ +public final class OsUtils { + + /** + * Property that can be used to override the reported value from {@link #getCurrentUser()}. If not set then + * "user.name" system property is used + */ + public static final String CURRENT_USER_OVERRIDE_PROP = "org.apache.sshd.currentUser"; + + /** + * Property that can be used to override the reported value from {@link #getJavaVersion()}. If not set then + * "java.version" system property is used + */ + public static final String JAVA_VERSION_OVERRIDE_PROP = "org.apache.sshd.javaVersion"; + + /** + * Property that can be used to override the reported value from {@link #isWin32()}. If not set then + * "os.name" system property is used + */ + public static final String OS_TYPE_OVERRIDE_PROP = "org.apache.sshd.osType"; + + public static final String WINDOWS_SHELL_COMMAND_NAME = "cmd.exe"; + public static final String LINUX_SHELL_COMMAND_NAME = "/bin/sh"; + + public static final String ROOT_USER = "root"; + + public static final List LINUX_COMMAND + = Collections.unmodifiableList(Arrays.asList(LINUX_SHELL_COMMAND_NAME, "-i", "-l")); + public static final List WINDOWS_COMMAND + = Collections.unmodifiableList(Collections.singletonList(WINDOWS_SHELL_COMMAND_NAME)); + + private static final AtomicReference CURRENT_USER_HOLDER = new AtomicReference<>(null); + private static final AtomicReference JAVA_VERSION_HOLDER = new AtomicReference<>(null); + private static final AtomicReference OS_TYPE_HOLDER = new AtomicReference<>(null); + + private OsUtils() { + throw new UnsupportedOperationException("No instance allowed"); + } + + /** + * @return true if the host is a UNIX system (and not Windows). + */ + public static boolean isUNIX() { + return !isWin32() && !isOSX(); + } + + /** + * @return true if the host is a OSX (and not Windows or Unix). + */ + public static boolean isOSX() { + return getOS().contains("mac"); + } + + /** + * @return true if the host is Windows (and not UNIX). + * @see #OS_TYPE_OVERRIDE_PROP + * @see #setOS(String) + */ + public static boolean isWin32() { + return getOS().contains("windows"); + } + + /** + * Can be used to enforce Win32 or Linux report from {@link #isWin32()}, {@link #isOSX()} or {@link #isUNIX()} + * + * @param os The value to set - if {@code null} then O/S type is auto-detected + * @see #isWin32() + * @see #isOSX() + * @see #isUNIX() + */ + public static void setOS(String os) { + synchronized (OS_TYPE_HOLDER) { + OS_TYPE_HOLDER.set(os); + } + } + + /** + * @return The resolved O/S type string if not already set (lowercase) + */ + private static String getOS() { + String typeValue; + synchronized (OS_TYPE_HOLDER) { + typeValue = OS_TYPE_HOLDER.get(); + if (typeValue != null) { // is it the 1st time + return typeValue; + } + + String value = System.getProperty(OS_TYPE_OVERRIDE_PROP, System.getProperty("os.name")); + typeValue = GenericUtils.trimToEmpty(value).toLowerCase(); + OS_TYPE_HOLDER.set(typeValue); + } + + return typeValue; + } + + public static String resolveDefaultInteractiveShellCommand() { + return resolveDefaultInteractiveShellCommand(isWin32()); + } + + public static String resolveDefaultInteractiveShellCommand(boolean winOS) { + return winOS ? WINDOWS_SHELL_COMMAND_NAME : LINUX_SHELL_COMMAND_NAME + " -i -l"; + } + + public static List resolveDefaultInteractiveCommandElements() { + return resolveDefaultInteractiveCommandElements(isWin32()); + } + + public static List resolveDefaultInteractiveCommandElements(boolean winOS) { + if (winOS) { + return WINDOWS_COMMAND; + } else { + return LINUX_COMMAND; + } + } + + /** + * Get current user name + * + * @return Current user + * @see #CURRENT_USER_OVERRIDE_PROP + */ + public static String getCurrentUser() { + String username = null; + synchronized (CURRENT_USER_HOLDER) { + username = CURRENT_USER_HOLDER.get(); + if (username != null) { // have we already resolved it ? + return username; + } + + username = getCanonicalUser(System.getProperty(CURRENT_USER_OVERRIDE_PROP, System.getProperty("user.name"))); + ValidateUtils.checkNotNullAndNotEmpty(username, "No username available"); + CURRENT_USER_HOLDER.set(username); + } + + return username; + } + + /** + * Remove {@code Windows} domain and/or group prefix as well as "(User);" suffix + * + * @param user The original username - ignored if {@code null}/empty + * @return The canonical user - unchanged if {@code Unix} O/S + */ + public static String getCanonicalUser(String user) { + if (GenericUtils.isEmpty(user)) { + return user; + } + + // Windows owner sometime has the domain and/or group prepended to it + if (isWin32()) { + int pos = user.lastIndexOf('\\'); + if (pos > 0) { + user = user.substring(pos + 1); + } + + pos = user.indexOf(' '); + if (pos > 0) { + user = user.substring(0, pos).trim(); + } + } + + return user; + } + + /** + * Attempts to resolve canonical group name for {@code Windows} + * + * @param group The original group name - used if not {@code null}/empty + * @param user The owner name - sometimes it contains a group name + * @return The canonical group name + */ + public static String resolveCanonicalGroup(String group, String user) { + if (isUNIX()) { + return group; + } + + // we reach this code only for Windows + if (GenericUtils.isEmpty(group)) { + int pos = GenericUtils.isEmpty(user) ? -1 : user.lastIndexOf('\\'); + return (pos > 0) ? user.substring(0, pos) : group; + } + + int pos = group.indexOf(' '); + return (pos < 0) ? group : group.substring(0, pos).trim(); + } + + /** + * Can be used to programmatically set the username reported by {@link #getCurrentUser()} + * + * @param username The username to set - if {@code null} then {@link #CURRENT_USER_OVERRIDE_PROP} will be consulted + */ + public static void setCurrentUser(String username) { + synchronized (CURRENT_USER_HOLDER) { + CURRENT_USER_HOLDER.set(username); + } + } + + /** + * Resolves the reported Java version by consulting {@link #JAVA_VERSION_OVERRIDE_PROP}. If not set, then + * "java.version" property is used + * + * @return The resolved {@link VersionInfo} - never {@code null} + * @see #setJavaVersion(VersionInfo) + */ + public static VersionInfo getJavaVersion() { + VersionInfo version; + synchronized (JAVA_VERSION_HOLDER) { + version = JAVA_VERSION_HOLDER.get(); + if (version != null) { // first time ? + return version; + } + + String value = System.getProperty(JAVA_VERSION_OVERRIDE_PROP, System.getProperty("java.version")); + // e.g.: 1.7.5_30 + value = ValidateUtils.checkNotNullAndNotEmpty(value, "No configured Java version value").replace('_', '.'); + // clean up any non-digits - in case something like 1.6.8_25-b323 + for (int index = 0; index < value.length(); index++) { + char ch = value.charAt(index); + if ((ch == '.') || ((ch >= '0') && (ch <= '9'))) { + continue; + } + + value = value.substring(0, index); + break; + } + + version = ValidateUtils.checkNotNull(VersionInfo.parse(value), "No version parsed for %s", value); + JAVA_VERSION_HOLDER.set(version); + } + + return version; + } + + /** + * Set programmatically the reported Java version + * + * @param version The version - if {@code null} then it will be automatically resolved + */ + public static void setJavaVersion(VersionInfo version) { + synchronized (JAVA_VERSION_HOLDER) { + JAVA_VERSION_HOLDER.set(version); + } + } + + /** + * @param path The original path + * @return A path that can be compared with another one where case sensitivity of the underlying O/S has been + * taken into account - never {@code null} + */ + public static String getComparablePath(String path) { + String p = (path == null) ? "" : path; + return isWin32() ? p.toLowerCase() : p; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/ProxyUtils.java b/files-sftp/src/main/java/org/apache/sshd/common/util/ProxyUtils.java new file mode 100644 index 0000000..864c5b6 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/ProxyUtils.java @@ -0,0 +1,51 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util; + +import java.lang.reflect.InvocationHandler; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Proxy; + +/** + * @author Apache MINA SSHD Project + */ +public final class ProxyUtils { + private ProxyUtils() { + throw new UnsupportedOperationException("No instance"); + } + + public static T newProxyInstance(Class type, InvocationHandler handler) { + return newProxyInstance(type.getClassLoader(), type, handler); + } + + public static T newProxyInstance(ClassLoader cl, Class type, InvocationHandler handler) { + Class[] interfaces = { type }; + Object wrapper = Proxy.newProxyInstance(cl, interfaces, handler); + return type.cast(wrapper); + } + + public static Throwable unwrapInvocationThrowable(Throwable t) { + if (t instanceof InvocationTargetException) { + return unwrapInvocationThrowable(((InvocationTargetException) t).getTargetException()); + } else { + return t; + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/Readable.java b/files-sftp/src/main/java/org/apache/sshd/common/util/Readable.java new file mode 100644 index 0000000..1daad6e --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/Readable.java @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util; + +import java.nio.ByteBuffer; +import java.util.Objects; + +/** + * @author Apache MINA SSHD Project + */ +public interface Readable { + + int available(); + + void getRawBytes(byte[] data, int offset, int len); + + /** + * Wrap a {@link ByteBuffer} as a {@link Readable} instance + * + * @param buffer The {@link ByteBuffer} to wrap - never {@code null} + * @return The {@link Readable} wrapper + */ + static Readable readable(ByteBuffer buffer) { + Objects.requireNonNull(buffer, "No buffer to wrap"); + return new Readable() { + @Override + public int available() { + return buffer.remaining(); + } + + @Override + public void getRawBytes(byte[] data, int offset, int len) { + buffer.get(data, offset, len); + } + }; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/ReflectionUtils.java b/files-sftp/src/main/java/org/apache/sshd/common/util/ReflectionUtils.java new file mode 100644 index 0000000..ffce665 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/ReflectionUtils.java @@ -0,0 +1,65 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util; + +import java.lang.reflect.Constructor; +import java.lang.reflect.Field; +import java.util.Collection; +import java.util.function.Function; +import java.util.function.Predicate; + +/** + * @author Apache MINA SSHD Project + */ +public final class ReflectionUtils { + public static final Function FIELD_NAME_EXTRACTOR = f -> (f == null) ? null : f.getName(); + + private ReflectionUtils() { + throw new UnsupportedOperationException("No instance"); + } + + public static Collection getMatchingFields(Class clazz, Predicate acceptor) { + return GenericUtils.selectMatchingMembers(acceptor, clazz.getFields()); + } + + public static Collection getMatchingDeclaredFields(Class clazz, Predicate acceptor) { + return GenericUtils.selectMatchingMembers(acceptor, clazz.getDeclaredFields()); + } + + public static boolean isClassAvailable(ClassLoader cl, String className) { + try { + cl.loadClass(className); + return true; + } catch (Throwable ignored) { + return false; + } + } + + public static Object newInstance(Class clazz) throws ReflectiveOperationException { + return newInstance(clazz, Object.class); + } + + @SuppressWarnings("checkstyle:ThrowsCount") + public static T newInstance(Class clazz, Class castType) throws ReflectiveOperationException { + Constructor ctor = clazz.getDeclaredConstructor(); + Object instance = ctor.newInstance(); + return castType.cast(instance); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/SelectorUtils.java b/files-sftp/src/main/java/org/apache/sshd/common/util/SelectorUtils.java new file mode 100644 index 0000000..3bf04fd --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/SelectorUtils.java @@ -0,0 +1,815 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util; + +import java.io.File; +import java.nio.file.FileSystem; +import java.util.ArrayList; +import java.util.List; +import java.util.Objects; +import java.util.StringTokenizer; + +/** + *

        + * This is a utility class used by selectors and DirectoryScanner. The functionality more properly belongs just to + * selectors, but unfortunately DirectoryScanner exposed these as protected methods. Thus we have to support any + * subclasses of DirectoryScanner that may access these methods. + *

        + *

        + * This is a Singleton. + *

        + * + * @author Arnout J. Kuiper ajkuiper@wxs.nl + * @author Magesh Umasankar + * @author Bruce Atherton + * @version $Id$ + * @since 1.5 + */ +public final class SelectorUtils { + + public static final String PATTERN_HANDLER_PREFIX = "["; + + public static final String PATTERN_HANDLER_SUFFIX = "]"; + + public static final String REGEX_HANDLER_PREFIX = "%regex" + PATTERN_HANDLER_PREFIX; + + public static final String ANT_HANDLER_PREFIX = "%ant" + PATTERN_HANDLER_PREFIX; + + /** + * Private Constructor + */ + private SelectorUtils() { + throw new UnsupportedOperationException("No instance allowed"); + } + + /** + *

        + * Tests whether or not a given path matches the start of a given pattern up to the first "**". + *

        + * + *

        + * This is not a general purpose test and should only be used if you can live with false positives. For example, + * pattern=**\a and str=b will yield true. + *

        + * + * @param pattern The pattern to match against. Must not be {@code null}. + * @param str The path to match, as a String. Must not be {@code null}. + * @return whether or not a given path matches the start of a given pattern up to the first "**". + */ + public static boolean matchPatternStart(String pattern, String str) { + return matchPatternStart(pattern, str, true); + } + + /** + *

        + * Tests whether or not a given path matches the start of a given pattern up to the first "**". + *

        + * + *

        + * This is not a general purpose test and should only be used if you can live with false positives. For example, + * pattern=**\a and str=b will yield true. + *

        + * + * @param pattern The pattern to match against. Must not be {@code null}. + * @param str The path to match, as a String. Must not be {@code null}. + * @param isCaseSensitive Whether or not matching should be performed case sensitively. + * @return whether or not a given path matches the start of a given pattern up to the first + * "**". + */ + public static boolean matchPatternStart(String pattern, String str, boolean isCaseSensitive) { + return matchPath(pattern, str, File.separator, isCaseSensitive); + } + + public static boolean matchPatternStart( + String pattern, String str, String separator, boolean isCaseSensitive) { + if ((pattern.length() > (REGEX_HANDLER_PREFIX.length() + PATTERN_HANDLER_SUFFIX.length() + 1)) + && pattern.startsWith(REGEX_HANDLER_PREFIX) + && pattern.endsWith(PATTERN_HANDLER_SUFFIX)) { + // FIXME: ICK! But we can't do partial matches for regex, so we have to reserve judgement until we have + // a file to deal with, or we can definitely say this is an exclusion... + return true; + } else { + if ((pattern.length() > (ANT_HANDLER_PREFIX.length() + PATTERN_HANDLER_SUFFIX.length() + 1)) + && pattern.startsWith(ANT_HANDLER_PREFIX) + && pattern.endsWith(PATTERN_HANDLER_SUFFIX)) { + pattern = pattern.substring(ANT_HANDLER_PREFIX.length(), pattern.length() - PATTERN_HANDLER_SUFFIX.length()); + } + + if (matchAntPathPatternStart(pattern, str, separator, isCaseSensitive)) { + return true; + } + + return matchAntPathPatternStart(pattern, str.replace('\\', '/'), "/", isCaseSensitive); + } + } + + public static boolean matchAntPathPatternStart( + String pattern, String str, String separator, boolean isCaseSensitive) { + // When str starts with a File.separator, pattern has to start with a + // File.separator. + // When pattern starts with a File.separator, str has to start with a + // File.separator. + if (str.startsWith(separator) != pattern.startsWith(separator)) { + return false; + } + + List patDirs = tokenizePath(pattern, separator); + List strDirs = tokenizePath(str, separator); + + int patIdxStart = 0; + int patIdxEnd = patDirs.size() - 1; + int strIdxStart = 0; + int strIdxEnd = strDirs.size() - 1; + + // up to first '**' + while (patIdxStart <= patIdxEnd && strIdxStart <= strIdxEnd) { + String patDir = patDirs.get(patIdxStart); + if (patDir.equals("**")) { + break; + } + if (!match(patDir, strDirs.get(strIdxStart), isCaseSensitive)) { + return false; + } + patIdxStart++; + strIdxStart++; + } + + // CHECKSTYLE:OFF + if (strIdxStart > strIdxEnd) { + // String is exhausted + return true; + } else { + return patIdxStart <= patIdxEnd; + } + // CHECKSTYLE:ON + } + + /** + * Tests whether or not a given path matches a given pattern. + * + * @param pattern The pattern to match against. Must not be {@code null}. + * @param str The path to match, as a String. Must not be {@code null}. + * @return true if the pattern matches against the string, or false otherwise. + */ + public static boolean matchPath(String pattern, String str) { + return matchPath(pattern, str, true); + } + + /** + * Tests whether or not a given path matches a given pattern. + * + * @param pattern The pattern to match against. Must not be {@code null}. + * @param str The path to match, as a String. Must not be {@code null}. + * @param isCaseSensitive Whether or not matching should be performed case sensitively. + * @return true if the pattern matches against the string, or false + * otherwise. + */ + public static boolean matchPath( + String pattern, String str, boolean isCaseSensitive) { + return matchPath(pattern, str, File.separator, isCaseSensitive); + } + + public static boolean matchPath( + String pattern, String str, String separator, boolean isCaseSensitive) { + if ((pattern.length() > (REGEX_HANDLER_PREFIX.length() + PATTERN_HANDLER_SUFFIX.length() + 1)) + && pattern.startsWith(REGEX_HANDLER_PREFIX) + && pattern.endsWith(PATTERN_HANDLER_SUFFIX)) { + pattern = pattern.substring(REGEX_HANDLER_PREFIX.length(), pattern.length() - PATTERN_HANDLER_SUFFIX.length()); + return str.matches(pattern); + } else { + if ((pattern.length() > (ANT_HANDLER_PREFIX.length() + PATTERN_HANDLER_SUFFIX.length() + 1)) + && pattern.startsWith(ANT_HANDLER_PREFIX) + && pattern.endsWith(PATTERN_HANDLER_SUFFIX)) { + pattern = pattern.substring(ANT_HANDLER_PREFIX.length(), pattern.length() - PATTERN_HANDLER_SUFFIX.length()); + } + + return matchAntPathPattern(pattern, str, separator, isCaseSensitive); + } + } + + public static boolean matchAntPathPattern( + String pattern, String str, boolean isCaseSensitive) { + return matchAntPathPattern(pattern, str, File.separator, isCaseSensitive); + } + + public static boolean matchAntPathPattern( + String pattern, String str, String separator, boolean isCaseSensitive) { + // When str starts with a file separator, pattern has to start with a + // file separator. + // When pattern starts with a file separator, str has to start with a + // file separator. + if (str.startsWith(separator) != pattern.startsWith(separator)) { + return false; + } + + List patDirs = tokenizePath(pattern, separator); + List strDirs = tokenizePath(str, separator); + + int patIdxStart = 0; + int patIdxEnd = patDirs.size() - 1; + int strIdxStart = 0; + int strIdxEnd = strDirs.size() - 1; + + // up to first '**' + while (patIdxStart <= patIdxEnd && strIdxStart <= strIdxEnd) { + String patDir = patDirs.get(patIdxStart); + if (patDir.equals("**")) { + break; + } + + String subDir = strDirs.get(strIdxStart); + if (!match(patDir, subDir, isCaseSensitive)) { + patDirs = null; + strDirs = null; + return false; + } + + patIdxStart++; + strIdxStart++; + } + + if (strIdxStart > strIdxEnd) { + // String is exhausted + for (int i = patIdxStart; i <= patIdxEnd; i++) { + String subPat = patDirs.get(i); + if (!subPat.equals("**")) { + patDirs = null; + strDirs = null; + return false; + } + } + return true; + } else { + if (patIdxStart > patIdxEnd) { + // String not exhausted, but pattern is. Failure. + patDirs = null; + strDirs = null; + return false; + } + } + + // up to last '**' + while (patIdxStart <= patIdxEnd && strIdxStart <= strIdxEnd) { + String patDir = patDirs.get(patIdxEnd); + if (patDir.equals("**")) { + break; + } + + String subDir = strDirs.get(strIdxEnd); + if (!match(patDir, subDir, isCaseSensitive)) { + patDirs = null; + strDirs = null; + return false; + } + + patIdxEnd--; + strIdxEnd--; + } + + if (strIdxStart > strIdxEnd) { + // String is exhausted + for (int i = patIdxStart; i <= patIdxEnd; i++) { + String subPat = patDirs.get(i); + if (!subPat.equals("**")) { + patDirs = null; + strDirs = null; + return false; + } + } + return true; + } + + while (patIdxStart != patIdxEnd && strIdxStart <= strIdxEnd) { + int patIdxTmp = -1; + for (int i = patIdxStart + 1; i <= patIdxEnd; i++) { + String subPat = patDirs.get(i); + if (subPat.equals("**")) { + patIdxTmp = i; + break; + } + } + if (patIdxTmp == patIdxStart + 1) { + // '**/**' situation, so skip one + patIdxStart++; + continue; + } + // Find the pattern between padIdxStart & padIdxTmp in str between + // strIdxStart & strIdxEnd + int patLength = patIdxTmp - patIdxStart - 1; + int strLength = strIdxEnd - strIdxStart + 1; + int foundIdx = -1; + strLoop: for (int i = 0; i <= strLength - patLength; i++) { + for (int j = 0; j < patLength; j++) { + String subPat = patDirs.get(patIdxStart + j + 1); + String subStr = strDirs.get(strIdxStart + i + j); + if (!match(subPat, subStr, isCaseSensitive)) { + continue strLoop; + } + } + + foundIdx = strIdxStart + i; + break; + } + + if (foundIdx == -1) { + patDirs = null; + strDirs = null; + return false; + } + + patIdxStart = patIdxTmp; + strIdxStart = foundIdx + patLength; + } + + for (int i = patIdxStart; i <= patIdxEnd; i++) { + String subPat = patDirs.get(i); + if (!subPat.equals("**")) { + patDirs = null; + strDirs = null; + return false; + } + } + + return true; + } + + /** + * Tests whether or not a string matches against a pattern. The pattern may contain two special characters:
        + * '*' means zero or more characters
        + * '?' means one and only one character + * + * @param pattern The pattern to match against. Must not be {@code null}. + * @param str The string which must be matched against the pattern. Must not be {@code null}. + * @return true if the string matches against the pattern, or false otherwise. + */ + public static boolean match(String pattern, String str) { + return match(pattern, str, true); + } + + /** + * Tests whether or not a string matches against a pattern. The pattern may contain two special characters:
        + * '*' means zero or more characters
        + * '?' means one and only one character + * + * @param pattern The pattern to match against. Must not be {@code null}. + * @param str The string which must be matched against the pattern. Must not be {@code null}. + * @param isCaseSensitive Whether or not matching should be performed case sensitively. + * @return true if the string matches against the pattern, or false + * otherwise. + */ + @SuppressWarnings("PMD.AssignmentInOperand") + public static boolean match(String pattern, String str, boolean isCaseSensitive) { + char[] patArr = pattern.toCharArray(); + char[] strArr = str.toCharArray(); + int patIdxStart = 0; + int patIdxEnd = patArr.length - 1; + int strIdxStart = 0; + int strIdxEnd = strArr.length - 1; + char ch; + + boolean containsStar = false; + for (char aPatArr : patArr) { + if (aPatArr == '*') { + containsStar = true; + break; + } + } + + if (!containsStar) { + // No '*'s, so we make a shortcut + if (patIdxEnd != strIdxEnd) { + return false; // Pattern and string do not have the same size + } + for (int i = 0; i <= patIdxEnd; i++) { + ch = patArr[i]; + if ((ch != '?') && (!equals(ch, strArr[i], isCaseSensitive))) { + return false; // Character mismatch + } + } + return true; // String matches against pattern + } + + if (patIdxEnd == 0) { + return true; // Pattern contains only '*', which matches anything + } + + // Process characters before first star + // CHECKSTYLE:OFF + while (((ch = patArr[patIdxStart]) != '*') && (strIdxStart <= strIdxEnd)) { + if ((ch != '?') && (!equals(ch, strArr[strIdxStart], isCaseSensitive))) { + return false; // Character mismatch + } + patIdxStart++; + strIdxStart++; + } + // CHECKSTYLE:ON + + if (strIdxStart > strIdxEnd) { + // All characters in the string are used. Check if only '*'s are + // left in the pattern. If so, we succeeded. Otherwise failure. + for (int i = patIdxStart; i <= patIdxEnd; i++) { + if (patArr[i] != '*') { + return false; + } + } + return true; + } + + // Process characters after last star + // CHECKSTYLE:OFF + while (((ch = patArr[patIdxEnd]) != '*') && (strIdxStart <= strIdxEnd)) { + if ((ch != '?') && (!equals(ch, strArr[strIdxEnd], isCaseSensitive))) { + return false; // Character mismatch + } + patIdxEnd--; + strIdxEnd--; + } + // CHECKSTYLE:ON + + if (strIdxStart > strIdxEnd) { + // All characters in the string are used. Check if only '*'s are + // left in the pattern. If so, we succeeded. Otherwise failure. + for (int i = patIdxStart; i <= patIdxEnd; i++) { + if (patArr[i] != '*') { + return false; + } + } + return true; + } + + // process pattern between stars. padIdxStart and patIdxEnd point always to a '*'. + while ((patIdxStart != patIdxEnd) && (strIdxStart <= strIdxEnd)) { + int patIdxTmp = -1; + for (int i = patIdxStart + 1; i <= patIdxEnd; i++) { + if (patArr[i] == '*') { + patIdxTmp = i; + break; + } + } + if (patIdxTmp == patIdxStart + 1) { + // Two stars next to each other, skip the first one. + patIdxStart++; + continue; + } + // Find the pattern between padIdxStart & padIdxTmp in str between + // strIdxStart & strIdxEnd + int patLength = patIdxTmp - patIdxStart - 1; + int strLength = strIdxEnd - strIdxStart + 1; + int foundIdx = -1; + strLoop: for (int i = 0; i <= strLength - patLength; i++) { + for (int j = 0; j < patLength; j++) { + ch = patArr[patIdxStart + j + 1]; + if (ch != '?' && !equals(ch, strArr[strIdxStart + i + j], isCaseSensitive)) { + continue strLoop; + } + } + + foundIdx = strIdxStart + i; + break; + } + + if (foundIdx == -1) { + return false; + } + + patIdxStart = patIdxTmp; + strIdxStart = foundIdx + patLength; + } + + // All characters in the string are used. Check if only '*'s are left + // in the pattern. If so, we succeeded. Otherwise failure. + for (int i = patIdxStart; i <= patIdxEnd; i++) { + if (patArr[i] != '*') { + return false; + } + } + return true; + } + + /** + * Tests whether two characters are equal. + * + * @param c1 1st character + * @param c2 2nd character + * @param isCaseSensitive Whether to compare case sensitive + * @return {@code true} if equal characters + */ + public static boolean equals(char c1, char c2, boolean isCaseSensitive) { + if (c1 == c2) { + return true; + } + if (!isCaseSensitive) { + // NOTE: Try both upper case and lower case as done by String.equalsIgnoreCase() + if (Character.toUpperCase(c1) == Character.toUpperCase(c2) + || Character.toLowerCase(c1) == Character.toLowerCase(c2)) { + return true; + } + } + return false; + } + + /** + * Breaks a path up into a Vector of path elements, tokenizing on File.separator. + * + * @param path Path to tokenize. Must not be {@code null}. + * @return a List of path elements from the tokenized path + */ + public static List tokenizePath(String path) { + return tokenizePath(path, File.separator); + } + + public static List tokenizePath(String path, String separator) { + List ret = new ArrayList<>(); + StringTokenizer st = new StringTokenizer(path, separator); + while (st.hasMoreTokens()) { + ret.add(st.nextToken()); + } + return ret; + } + + /** + * /** Converts a path to one matching the target file system by applying the "slashification" rules, + * converting it to a local path and then translating its separator to the target file system one (if different than + * local one) + * + * @param path The input path + * @param pathSeparator The separator used to build the input path + * @param fs The target {@link FileSystem} - may not be {@code null} + * @return The transformed path + * @see #translateToLocalFileSystemPath(String, char, String) + */ + public static String translateToLocalFileSystemPath(String path, char pathSeparator, FileSystem fs) { + return translateToLocalFileSystemPath(path, pathSeparator, + Objects.requireNonNull(fs, "No target file system").getSeparator()); + } + + /** + * Converts a path to one matching the target file system by applying the "slashification" rules, + * converting it to a local path and then translating its separator to the target file system one (if different than + * local one) + * + * @param path The input path + * @param pathSeparator The separator used to build the input path + * @param fsSeparator The target file system separator + * @return The transformed path + * @see #applySlashifyRules(String, char) + * @see #translateToLocalPath(String) + * @see #translateToFileSystemPath(String, String, String) + */ + public static String translateToLocalFileSystemPath(String path, char pathSeparator, String fsSeparator) { + // In case double slashes and other patterns are used + String slashified = applySlashifyRules(path, pathSeparator); + // In case we are running on Windows + String localPath = translateToLocalPath(slashified); + return translateToFileSystemPath(localPath, File.separator, fsSeparator); + } + + /** + * Applies the "slashification" rules as specified in + * Single Unix + * Specification version 3, section 3.266 and + * section 4.11 - + * Pathname resolution + * + * @param path The original path - ignored if {@code null}/empty or does not contain any slashes + * @param sepChar The "slash" character + * @return The effective path - may be same as input if no changes required + */ + public static String applySlashifyRules(String path, char sepChar) { + if (GenericUtils.isEmpty(path)) { + return path; + } + + int curPos = path.indexOf(sepChar); + if (curPos < 0) { + return path; // no slashes to handle + } + + int lastPos = 0; + StringBuilder sb = null; + while (curPos < path.length()) { + curPos++; // skip the 1st '/' + + /* + * As per Single Unix Specification version 3, section 3.266: + * + * Multiple successive slashes are considered to be the same as one slash + */ + int nextPos = curPos; + while ((nextPos < path.length()) && (path.charAt(nextPos) == sepChar)) { + nextPos++; + } + + /* + * At this stage, nextPos is the first non-slash character after a possibly 'seqLen' sequence of consecutive + * slashes. + */ + int seqLen = nextPos - curPos; + if (seqLen > 0) { + if (sb == null) { + sb = new StringBuilder(path.length() - seqLen); + } + + if (lastPos < curPos) { + String clrText = path.substring(lastPos, curPos); + sb.append(clrText); + } + + lastPos = nextPos; + } + + if (nextPos >= path.length()) { + break; // no more data + } + + curPos = path.indexOf(sepChar, nextPos); + if (curPos < nextPos) { + break; // no more slashes + } + } + + // check if any leftovers for the modified path + if (sb != null) { + if (lastPos < path.length()) { + String clrText = path.substring(lastPos); + sb.append(clrText); + } + + path = sb.toString(); + } + + /* + * At this point we know for sure that 'path' contains only SINGLE slashes. According to section 4.11 - Pathname + * resolution + * + * A pathname that contains at least one non-slash character and that ends with one or more trailing slashes + * shall be resolved as if a single dot character ( '.' ) were appended to the pathname. + */ + if ((path.length() > 1) && (path.charAt(path.length() - 1) == sepChar)) { + return path + "."; + } else { + return path; + } + } + + /** + * Converts a possibly '/' separated path to a local path. Note: takes special care of Windows drive paths - + * e.g., {@code C:} by converting them to "C:\" + * + * @param path The original path - ignored if {@code null}/empty + * @return The local path + */ + public static String translateToLocalPath(String path) { + if (GenericUtils.isEmpty(path) || (File.separatorChar == '/')) { + return path; + } + + // This code is reached if we are running on Windows + String localPath = path.replace('/', File.separatorChar); + // check if '/c:' prefix + if ((localPath.charAt(0) == File.separatorChar) && isWindowsDriveSpecified(localPath, 1, localPath.length() - 1)) { + localPath = localPath.substring(1); + } + if (!isWindowsDriveSpecified(localPath)) { + return localPath; // assume a relative path + } + + /* + * Here we know that we have at least a "C:" string - make sure it is followed by the local file separator. + * Note: if all we have is just the drive, we will create a "C:\" path since this is the preferred Windows way + * to refer to root drives in the file system + */ + if (localPath.length() == 2) { + return localPath + File.separator; // all we have is "C:" + } else if (localPath.charAt(2) != File.separatorChar) { + // be nice and add the missing file separator - C:foo => C:\foo + return localPath.substring(0, 2) + File.separator + localPath.substring(2); + } else { + return localPath; + } + } + + public static boolean isWindowsDriveSpecified(CharSequence cs) { + return isWindowsDriveSpecified(cs, 0, GenericUtils.length(cs)); + } + + public static boolean isWindowsDriveSpecified(CharSequence cs, int offset, int len) { + if ((len < 2) || (cs.charAt(offset + 1) != ':')) { + return false; + } + + char drive = cs.charAt(offset); + return ((drive >= 'a') && (drive <= 'z')) || ((drive >= 'A') && (drive <= 'Z')); + } + + /** + * Converts a path containing a specific separator to one using the specified file-system one + * + * @param path The input path - ignored if {@code null}/empty + * @param pathSeparator The separator used to build the input path - may not be {@code null}/empty + * @param fs The target {@link FileSystem} - may not be {@code null} + * @return The path where the separator used to build it is replaced by the file-system one (if + * different) + * @see FileSystem#getSeparator() + * @see #translateToFileSystemPath(String, String, String) + */ + public static String translateToFileSystemPath(String path, String pathSeparator, FileSystem fs) { + return translateToFileSystemPath(path, pathSeparator, + Objects.requireNonNull(fs, "No target file system").getSeparator()); + } + + /** + * Converts a path containing a specific separator to one using the specified file-system one + * + * @param path The input path - ignored if {@code null}/empty + * @param pathSeparator The separator used to build the input path - may not be {@code null}/empty + * @param fsSeparator The target file system separator - may not be {@code null}/empty + * @return The path where the separator used to build it is replaced by the file-system one + * (if different) + * @throws IllegalArgumentException if path or file-system separator are {@code null}/empty or if the separators are + * different and the path contains the target file-system separator as it would + * create an ambiguity + */ + public static String translateToFileSystemPath(String path, String pathSeparator, String fsSeparator) { + ValidateUtils.checkNotNullAndNotEmpty(pathSeparator, "Missing path separator"); + ValidateUtils.checkNotNullAndNotEmpty(fsSeparator, "Missing file-system separator"); + + if (GenericUtils.isEmpty(path) || Objects.equals(pathSeparator, fsSeparator)) { + return path; + } + + // make sure path does not contain the target separator + if (path.contains(fsSeparator)) { + ValidateUtils.throwIllegalArgumentException( + "File system replacement may yield ambiguous result for %s with separator=%s", path, fsSeparator); + } + + // check most likely case + if ((pathSeparator.length() == 1) && (fsSeparator.length() == 1)) { + return path.replace(pathSeparator.charAt(0), fsSeparator.charAt(0)); + } else { + return path.replace(pathSeparator, fsSeparator); + } + } + + /** + * Creates a single path by concatenating 2 parts and taking care not to create FS separator duplication in the + * process + * + * @param p1 prefix part - ignored if {@code null}/empty + * @param p2 suffix part - ignored if {@code null}/empty + * @param fsSeparator The expected file-system separator + * @return Concatenation result + */ + public static String concatPaths(String p1, String p2, char fsSeparator) { + if (GenericUtils.isEmpty(p1)) { + return p2; + } else if (GenericUtils.isEmpty(p2)) { + return p1; + } else if (p1.charAt(p1.length() - 1) == fsSeparator) { + if (p2.charAt(0) == fsSeparator) { + return (p2.length() == 1) ? p1 : p1 + p2.substring(1); // a/b/c/ + /d/e/f + } else { + return p1 + p2; // a/b/c/ + d/e/f + } + } else if (p2.charAt(0) == fsSeparator) { + return (p2.length() == 1) ? p1 : p1 + p2; // /a/b/c + /d/e/f + } else { + return p1 + Character.toString(fsSeparator) + p2; // /a/b/c + d/e/f + } + } + + /** + * "Flattens" a string by removing all whitespace (space, tab, line-feed, carriage return, and form-feed). This uses + * StringTokenizer and the default set of tokens as documented in the single argument constructor. + * + * @param input a String to remove all whitespace. + * @return a String that has had all whitespace removed. + */ + public static String removeWhitespace(String input) { + StringBuilder result = new StringBuilder(); + if (input != null) { + StringTokenizer st = new StringTokenizer(input); + while (st.hasMoreTokens()) { + result.append(st.nextToken()); + } + } + return result.toString(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/SshdEventListener.java b/files-sftp/src/main/java/org/apache/sshd/common/util/SshdEventListener.java new file mode 100644 index 0000000..a61f3d5 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/SshdEventListener.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util; + +import java.lang.reflect.Proxy; +import java.util.EventListener; +import java.util.Objects; + +/** + * @author Apache MINA SSHD Project + */ +public interface SshdEventListener extends EventListener { + + /** + * Makes sure that the listener is neither {@code null} nor a proxy + * + * @param Type of {@link SshdEventListener} being validation + * @param listener The listener instance + * @param prefix Prefix text to be prepended to validation failure messages + * @return The validated instance + */ + static L validateListener(L listener, String prefix) { + Objects.requireNonNull(listener, prefix + ": no instance"); + ValidateUtils.checkTrue(!Proxy.isProxyClass(listener.getClass()), prefix + ": proxies N/A"); + return listener; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/ValidateUtils.java b/files-sftp/src/main/java/org/apache/sshd/common/util/ValidateUtils.java new file mode 100644 index 0000000..35f46d9 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/ValidateUtils.java @@ -0,0 +1,228 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util; + +import java.util.Collection; +import java.util.Map; +import java.util.function.Function; + +/** + * @author Apache MINA SSHD Project + */ +public final class ValidateUtils { + private ValidateUtils() { + throw new UnsupportedOperationException("No instance"); + } + + public static T checkNotNull(T t, String message) { + checkTrue(t != null, message); + return t; + } + + public static T checkNotNull(T t, String message, Object arg) { + checkTrue(t != null, message, arg); + return t; + } + + public static T checkNotNull(T t, String message, long value) { + checkTrue(t != null, message, value); + return t; + } + + public static T checkNotNull(T t, String message, Object... args) { + checkTrue(t != null, message, args); + return t; + } + + public static String checkNotNullAndNotEmpty(String t, String message) { + t = checkNotNull(t, message).trim(); + checkTrue(GenericUtils.length(t) > 0, message); + return t; + } + + public static String checkNotNullAndNotEmpty(String t, String message, Object arg) { + t = checkNotNull(t, message, arg).trim(); + checkTrue(GenericUtils.length(t) > 0, message, arg); + return t; + } + + public static String checkNotNullAndNotEmpty(String t, String message, Object... args) { + t = checkNotNull(t, message, args).trim(); + checkTrue(GenericUtils.length(t) > 0, message, args); + return t; + } + + public static > M checkNotNullAndNotEmpty(M t, String message, Object... args) { + t = checkNotNull(t, message, args); + checkTrue(GenericUtils.size(t) > 0, message, args); + return t; + } + + public static > C checkNotNullAndNotEmpty(C t, String message, Object... args) { + t = checkNotNull(t, message, args); + checkTrue(GenericUtils.size(t) > 0, message, args); + return t; + } + + public static > C checkNotNullAndNotEmpty(C t, String message, Object... args) { + t = checkNotNull(t, message, args); + checkTrue(GenericUtils.isNotEmpty(t), message, args); + return t; + } + + public static byte[] checkNotNullAndNotEmpty(byte[] a, String message) { + a = checkNotNull(a, message); + checkTrue(NumberUtils.length(a) > 0, message); + return a; + } + + public static byte[] checkNotNullAndNotEmpty(byte[] a, String message, Object... args) { + a = checkNotNull(a, message, args); + checkTrue(NumberUtils.length(a) > 0, message, args); + return a; + } + + public static char[] checkNotNullAndNotEmpty(char[] a, String message) { + a = checkNotNull(a, message); + checkTrue(GenericUtils.length(a) > 0, message); + return a; + } + + public static char[] checkNotNullAndNotEmpty(char[] a, String message, Object... args) { + a = checkNotNull(a, message, args); + checkTrue(GenericUtils.length(a) > 0, message, args); + return a; + } + + public static int[] checkNotNullAndNotEmpty(int[] a, String message) { + a = checkNotNull(a, message); + checkTrue(NumberUtils.length(a) > 0, message); + return a; + } + + public static int[] checkNotNullAndNotEmpty(int[] a, String message, Object... args) { + a = checkNotNull(a, message, args); + checkTrue(NumberUtils.length(a) > 0, message, args); + return a; + } + + public static T[] checkNotNullAndNotEmpty(T[] t, String message, Object... args) { + t = checkNotNull(t, message, args); + checkTrue(GenericUtils.length(t) > 0, message, args); + return t; + } + + public static T checkInstanceOf(Object v, Class expected, String message, long value) { + Class actual = checkNotNull(v, message, value).getClass(); + checkTrue(expected.isAssignableFrom(actual), message, value); + return expected.cast(v); + } + + public static T checkInstanceOf(Object v, Class expected, String message) { + return checkInstanceOf(v, expected, message, GenericUtils.EMPTY_OBJECT_ARRAY); + } + + public static T checkInstanceOf(Object v, Class expected, String message, Object arg) { + Class actual = checkNotNull(v, message, arg).getClass(); + checkTrue(expected.isAssignableFrom(actual), message, arg); + return expected.cast(v); + } + + public static T checkInstanceOf(Object v, Class expected, String message, Object... args) { + Class actual = checkNotNull(v, message, args).getClass(); + checkTrue(expected.isAssignableFrom(actual), message, args); + return expected.cast(v); + } + + public static void checkTrue(boolean flag, String message) { + if (!flag) { + throwIllegalArgumentException(message, GenericUtils.EMPTY_OBJECT_ARRAY); + } + } + + public static void checkTrue(boolean flag, String message, long value) { + if (!flag) { + throwIllegalArgumentException(message, value); + } + } + + public static void checkTrue(boolean flag, String message, Object arg) { + if (!flag) { + throwIllegalArgumentException(message, arg); + } + } + + public static void checkTrue(boolean flag, String message, Object... args) { + if (!flag) { + throwIllegalArgumentException(message, args); + } + } + + public static void throwIllegalArgumentException(String format, Object... args) { + throw createFormattedException(IllegalArgumentException::new, format, args); + } + + public static void checkState(boolean flag, String message) { + if (!flag) { + throwIllegalStateException(message, GenericUtils.EMPTY_OBJECT_ARRAY); + } + } + + public static void checkState(boolean flag, String message, long value) { + if (!flag) { + throwIllegalStateException(message, value); + } + } + + public static void checkState(boolean flag, String message, Object arg) { + if (!flag) { + throwIllegalStateException(message, arg); + } + } + + public static void checkState(boolean flag, String message, Object... args) { + if (!flag) { + throwIllegalStateException(message, args); + } + } + + public static void throwIllegalStateException(String format, Object... args) { + throw createFormattedException(IllegalStateException::new, format, args); + } + + public static T createFormattedException( + Function constructor, String format, Object... args) { + String message = String.format(format, args); + return constructor.apply(message); + } + + public static T initializeExceptionCause(T err, Throwable cause) { + if (cause == null) { + return err; + } + + if (err.getCause() != null) { + return err; // already initialized - avoid IllegalStateException + } + + err.initCause(cause); + return err; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/VersionInfo.java b/files-sftp/src/main/java/org/apache/sshd/common/util/VersionInfo.java new file mode 100644 index 0000000..4104edf --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/VersionInfo.java @@ -0,0 +1,136 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util; + +import java.io.Serializable; + +/** + * @author Apache MINA SSHD Project + */ +public class VersionInfo implements Serializable, Comparable { + private static final long serialVersionUID = -9127482432228413836L; + + private final int majorVersion; + private final int minorVersion; + private final int release; + private final int buildNumber; + + public VersionInfo(int major, int minor) { + this(major, minor, 0, 0); + } + + public VersionInfo(int major, int minor, int release, int build) { + this.majorVersion = major; + this.minorVersion = minor; + this.release = release; + this.buildNumber = build; + } + + public final int getMajorVersion() { + return majorVersion; + } + + public final int getMinorVersion() { + return minorVersion; + } + + public final int getRelease() { + return release; + } + + public final int getBuildNumber() { + return buildNumber; + } + + @Override + public int hashCode() { + return NumberUtils.hashCode(getMajorVersion(), getMinorVersion(), getRelease(), getBuildNumber()); + } + + @Override + public boolean equals(Object obj) { + if (obj == null) { + return false; + } + if (this == obj) { + return true; + } + if (getClass() != obj.getClass()) { + return false; + } + return compareTo((VersionInfo) obj) == 0; + } + + @Override + public int compareTo(VersionInfo o) { + if (o == null) { + return -1; // push nulls to end + } + if (o == this) { + return 0; + } + + int nRes = Integer.compare(getMajorVersion(), o.getMajorVersion()); + if (nRes == 0) { + nRes = Integer.compare(getMinorVersion(), o.getMinorVersion()); + } + if (nRes == 0) { + nRes = Integer.compare(getRelease(), o.getRelease()); + } + if (nRes == 0) { + nRes = Integer.compare(getBuildNumber(), o.getBuildNumber()); + } + + return nRes; + } + + @Override + public String toString() { + return NumberUtils.join('.', getMajorVersion(), getMinorVersion(), getRelease(), getBuildNumber()); + } + + /** + * Parses a version string - assumed to contain at most 4 non-negative components separated by a '.'. If less than 4 + * components are found, then the rest are assumed to be zero. If more than 4 components found, then only the 1st + * ones are parsed. + * + * @param version The version string - ignored if {@code null}/empty + * @return The parsed {@link VersionInfo} - or {@code null} if empty input + * @throws NumberFormatException If failed to parse any of the components + * @throws IllegalArgumentException If any of the parsed components is negative + */ + public static VersionInfo parse(String version) throws NumberFormatException { + String[] comps = GenericUtils.split(version, '.'); + if (GenericUtils.isEmpty(comps)) { + return null; + } + + int[] values = new int[4]; + int maxValues = Math.min(comps.length, values.length); + for (int index = 0; index < maxValues; index++) { + String c = comps[index]; + int v = Integer.parseInt(c); + ValidateUtils.checkTrue(v >= 0, "Invalid version component in %s", version); + values[index] = v; + } + + return new VersionInfo(values[0], values[1], values[2], values[3]); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/Buffer.java b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/Buffer.java new file mode 100644 index 0000000..798d1ae --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/Buffer.java @@ -0,0 +1,1007 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.buffer; + +import java.math.BigInteger; +import java.nio.ByteBuffer; +import java.nio.CharBuffer; +import java.nio.charset.Charset; +import java.nio.charset.StandardCharsets; +import java.security.GeneralSecurityException; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.interfaces.DSAParams; +import java.security.interfaces.DSAPrivateKey; +import java.security.interfaces.DSAPublicKey; +import java.security.interfaces.ECPrivateKey; +import java.security.interfaces.ECPublicKey; +import java.security.interfaces.RSAPrivateCrtKey; +import java.security.interfaces.RSAPublicKey; +import java.security.spec.DSAPrivateKeySpec; +import java.security.spec.DSAPublicKeySpec; +import java.security.spec.ECParameterSpec; +import java.security.spec.ECPoint; +import java.security.spec.ECPrivateKeySpec; +import java.security.spec.ECPublicKeySpec; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.RSAPrivateCrtKeySpec; +import java.security.spec.RSAPublicKeySpec; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.LinkedList; +import java.util.List; +import java.util.Objects; +import java.util.function.IntUnaryOperator; + +import org.apache.sshd.common.SshConstants; +import org.apache.sshd.common.SshException; +import org.apache.sshd.common.cipher.ECCurves; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.config.keys.OpenSshCertificate; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.Readable; +import org.apache.sshd.common.util.buffer.keys.BufferPublicKeyParser; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * Provides an abstract message buffer for encoding SSH messages + * + * @author Apache MINA SSHD Project + */ +public abstract class Buffer implements Readable { + protected final byte[] workBuf = new byte[Long.BYTES]; + + protected Buffer() { + super(); + } + + /** + * @return Current reading position + */ + public abstract int rpos(); + + /** + * @param rpos Set current reading position + */ + public abstract void rpos(int rpos); + + /** + * @return Current writing position + */ + public abstract int wpos(); + + /** + * @param wpos Set current writing position - Note: if necessary, the underlying data buffer will be + * increased so as to allow writing from the new position + */ + public abstract void wpos(int wpos); + + /** + * @return Number of bytes that can still be written without re-sizing the internal buffer + */ + public abstract int capacity(); + + /** + * @return The raw underlying data bytes + */ + public abstract byte[] array(); + + /** + * @return The bytes consumed so far + */ + public abstract byte[] getBytesConsumed(); + + /** + * @param pos A position in the raw underlying data bytes + * @return The byte at the specified position without changing the current {@link #rpos() read position}. + * Note: no validation is made whether the position lies within array boundaries + */ + public byte rawByte(int pos) { + byte[] data = array(); + return data[pos]; + } + + /** + * @param pos A position in the raw underlying data bytes + * @return The unsigned 32 bit integer at the specified position without changing the current {@link #rpos() + * read position}. Note: no validation is made whether the position and the required extra 4 + * bytes lie within array boundaries + */ + public long rawUInt(int pos) { + byte[] data = array(); + return BufferUtils.getUInt(data, pos, Integer.BYTES); + } + + /** + * "Shift" the internal data so that reading starts from position zero. + */ + public abstract void compact(); + + public byte[] getCompactData() { + int l = available(); + if (l > 0) { + byte[] b = new byte[l]; + System.arraycopy(array(), rpos(), b, 0, l); + return b; + } else { + return GenericUtils.EMPTY_BYTE_ARRAY; + } + } + + /** + * Reset read/write positions to zero - Note: zeroes any previously existing data + * + * @return Reference to this buffer + * @see #clear(boolean) + */ + public Buffer clear() { + return clear(true); + } + + /** + * Reset read/write positions to zero + * + * @param wipeData Whether to zero any previously existing data + * @return Reference to this buffer + */ + public abstract Buffer clear(boolean wipeData); + + public boolean isValidMessageStructure(Class... fieldTypes) { + return isValidMessageStructure(GenericUtils.isEmpty(fieldTypes) ? Collections.emptyList() : Arrays.asList(fieldTypes)); + } + + public boolean isValidMessageStructure(Collection> fieldTypes) { + if (GenericUtils.isEmpty(fieldTypes)) { + return true; + } + + int remainLen = available(); + int readOffset = 0; + for (Class ft : fieldTypes) { + if ((ft == boolean.class) || (ft == Boolean.class) + || (ft == byte.class) || (ft == Byte.class)) { + if (remainLen < Byte.BYTES) { + return false; + } + + remainLen -= Byte.BYTES; + readOffset += Byte.BYTES; + } else if ((ft == short.class) || (ft == Short.class)) { + if (remainLen < Short.BYTES) { + return false; + } + + remainLen -= Short.BYTES; + readOffset += Short.BYTES; + } else if ((ft == int.class) || (ft == Integer.class)) { + if (remainLen < Integer.BYTES) { + return false; + } + + remainLen -= Integer.BYTES; + readOffset += Integer.BYTES; + } else if ((ft == long.class) || (ft == Long.class)) { + if (remainLen < Long.BYTES) { + return false; + } + + remainLen -= Long.BYTES; + readOffset += Long.BYTES; + } else if ((ft == byte[].class) || (ft == String.class)) { + if (remainLen < Integer.BYTES) { + return false; + } + + copyRawBytes(readOffset, workBuf, 0, Integer.BYTES); + remainLen -= Integer.BYTES; + readOffset += Integer.BYTES; + + long length = BufferUtils.getUInt(workBuf, 0, Integer.BYTES); + if (length > remainLen) { + return false; + } + + remainLen -= (int) length; + readOffset += (int) length; + } + } + + return true; + } + + protected abstract void copyRawBytes(int offset, byte[] buf, int pos, int len); + + public String toHex() { + return BufferUtils.toHex(array(), rpos(), available()); + } + + public int getUByte() { + return getByte() & 0xFF; + } + + public byte getByte() { + ensureAvailable(Byte.BYTES); + getRawBytes(workBuf, 0, Byte.BYTES); + return workBuf[0]; + } + + public short getShort() { + ensureAvailable(Short.BYTES); + getRawBytes(workBuf, 0, Short.BYTES); + short v = (short) ((workBuf[1] << Byte.SIZE) & 0xFF00); + v |= (short) (workBuf[0] & 0xF); + return v; + } + + public int getInt() { + return (int) getUInt(); + } + + public long getUInt() { + ensureAvailable(Integer.BYTES); + getRawBytes(workBuf, 0, Integer.BYTES); + return BufferUtils.getUInt(workBuf, 0, Integer.BYTES); + } + + public long getLong() { + ensureAvailable(Long.BYTES); + getRawBytes(workBuf, 0, Long.BYTES); + long l = ((long) workBuf[0] << 56) & 0xff00000000000000L; + l |= ((long) workBuf[1] << 48) & 0x00ff000000000000L; + l |= ((long) workBuf[2] << 40) & 0x0000ff0000000000L; + l |= ((long) workBuf[3] << 32) & 0x000000ff00000000L; + l |= ((long) workBuf[4] << 24) & 0x00000000ff000000L; + l |= ((long) workBuf[5] << 16) & 0x0000000000ff0000L; + l |= ((long) workBuf[6] << 8) & 0x000000000000ff00L; + l |= (workBuf[7]) & 0x00000000000000ffL; + return l; + } + + @SuppressWarnings("PMD.BooleanGetMethodName") + public boolean getBoolean() { + return getByte() != 0; + } + + /** + * @return Reads a UTF-8 encoded string + */ + public String getString() { + return getString(StandardCharsets.UTF_8); + } + + /** + * According to RFC 4251: + * + * A name-list is represented as a uint32 containing its length (number of bytes that follow) followed by a + * comma-separated list of zero or more names. + * + * @return The parsed result + */ + public List getNameList() { + return getNameList(StandardCharsets.UTF_8); + } + + public List getNameList(Charset charset) { + return getNameList(charset, ','); + } + + public List getNameList(char separator) { + return getNameList(StandardCharsets.UTF_8, separator); + } + + /** + * Parses a string that contains values separated by a delimiter + * + * @param charset The {@link Charset} to use to read the string + * @param separator The separator + * @return A {@link List} of the parsed values + */ + public List getNameList(Charset charset, char separator) { + String list = getString(charset); + String[] values = GenericUtils.split(list, separator); + return GenericUtils.isEmpty(values) ? Collections.emptyList() : Arrays.asList(values); + } + + /** + * @param usePrependedLength If {@code true} then there is a 32-bit value indicating the number of strings to read. + * Otherwise, the method will use a "greedy" reading of strings while more data + * available. + * @return A {@link Collection} of the read strings + * @see #getStringList(boolean, Charset) + */ + public Collection getStringList(boolean usePrependedLength) { + return getStringList(usePrependedLength, StandardCharsets.UTF_8); + } + + /** + * @param usePrependedLength If {@code true} then there is a 32-bit value indicating the number of strings to read. + * Otherwise, the method will use a "greedy" reading of strings while more data + * available. + * @param charset The {@link Charset} to use for the strings + * @return A {@link Collection} of the read strings + * @see #getStringList(int, Charset) + * @see #getAvailableStrings() + */ + public Collection getStringList(boolean usePrependedLength, Charset charset) { + if (usePrependedLength) { + int count = getInt(); + return getStringList(count, charset); + } else { + return getAvailableStrings(charset); + } + } + + /** + * @return The remaining data as a list of strings + * @see #getAvailableStrings(Charset) + */ + public Collection getAvailableStrings() { + return getAvailableStrings(StandardCharsets.UTF_8); + } + + /** + * @param charset The {@link Charset} to use for the strings + * @return The remaining data as a list of strings + * @see #available() + * @see #getString(Charset) + */ + public Collection getAvailableStrings(Charset charset) { + Collection list = new LinkedList<>(); + while (available() > 0) { + String s = getString(charset); + list.add(s); + } + + return list; + } + + /** + * @param count The exact number of strings to read - can be zero + * @return A {@link List} with the specified number of strings + * @see #getStringList(int, Charset) + */ + public List getStringList(int count) { + return getStringList(count, StandardCharsets.UTF_8); + } + + /** + * @param count The exact number of strings to read - can be zero + * @param charset The {@link Charset} of the strings + * @return A {@link List} with the specified number of strings + * @see #getString(Charset) + */ + public List getStringList(int count, Charset charset) { + if ((count < 0) || (count > SshConstants.SSH_REQUIRED_PAYLOAD_PACKET_LENGTH_SUPPORT)) { + throw new IndexOutOfBoundsException("Illogical string list length: " + count); + } + if (count == 0) { + return Collections.emptyList(); + } + + List list = new ArrayList<>(count); + for (int index = 1; index <= count; index++) { + String s = getString(charset); + list.add(s); + } + + return list; + } + + /** + * Reads a string using a given charset. + * + * @param charset The {@link Charset} to use for the string bytes + * @return The read string + */ + public abstract String getString(Charset charset); + + public BigInteger getMPInt() { + return new BigInteger(getMPIntAsBytes()); + } + + public byte[] getMPIntAsBytes() { + return getBytes(); + } + + public byte[] getBytes() { + int reqLen = getInt(); + int len = ensureAvailable(reqLen); + byte[] b = new byte[len]; + getRawBytes(b); + return b; + } + + public void getRawBytes(byte[] buf) { + getRawBytes(buf, 0, buf.length); + } + + public PublicKey getPublicKey() throws SshException { + return getPublicKey(BufferPublicKeyParser.DEFAULT); + } + + /** + * @param parser A {@link BufferPublicKeyParser} to extract the key from the buffer - never {@code null} + * @return The extracted {@link PublicKey} - may be {@code null} if the parser so decided + * @throws SshException If failed to extract the key + * @see #getRawPublicKey(BufferPublicKeyParser) + */ + public PublicKey getPublicKey(BufferPublicKeyParser parser) throws SshException { + int ow = wpos(); + int len = getInt(); + if (len < 0) { + throw new SshException("Illogical public key length: " + len); + } + + wpos(rpos() + len); + try { + return getRawPublicKey(parser); + } finally { + wpos(ow); + } + } + + public PublicKey getRawPublicKey() throws SshException { + return getRawPublicKey(BufferPublicKeyParser.DEFAULT); + } + + /** + * @param parser A {@link BufferPublicKeyParser} to extract the key from the buffer - never {@code null} + * @return The extracted {@link PublicKey} - may be {@code null} if the parser so decided + * @throws SshException If failed to extract the key + */ + public PublicKey getRawPublicKey(BufferPublicKeyParser parser) throws SshException { + Objects.requireNonNull(parser, "No key data parser"); + try { + String keyType = getString(); + if (!parser.isKeyTypeSupported(keyType)) { + throw new NoSuchAlgorithmException("Key type=" + keyType + ") not supported by parser=" + parser); + } + + return parser.getRawPublicKey(keyType, this); + } catch (GeneralSecurityException e) { + throw new SshException(e); + } + } + + public KeyPair getKeyPair() throws SshException { + try { + PublicKey pub; + PrivateKey prv; + String keyAlg = getString(); + if (KeyPairProvider.SSH_RSA.equals(keyAlg)) { + BigInteger e = getMPInt(); + BigInteger n = getMPInt(); + BigInteger d = getMPInt(); + BigInteger qInv = getMPInt(); + BigInteger q = getMPInt(); + BigInteger p = getMPInt(); + BigInteger dP = d.remainder(p.subtract(BigInteger.valueOf(1))); + BigInteger dQ = d.remainder(q.subtract(BigInteger.valueOf(1))); + KeyFactory keyFactory = SecurityUtils.getKeyFactory(KeyUtils.RSA_ALGORITHM); + pub = keyFactory.generatePublic(new RSAPublicKeySpec(n, e)); + prv = keyFactory.generatePrivate(new RSAPrivateCrtKeySpec(n, e, d, p, q, dP, dQ, qInv)); + } else if (KeyPairProvider.SSH_DSS.equals(keyAlg)) { + BigInteger p = getMPInt(); + BigInteger q = getMPInt(); + BigInteger g = getMPInt(); + BigInteger y = getMPInt(); + BigInteger x = getMPInt(); + KeyFactory keyFactory = SecurityUtils.getKeyFactory(KeyUtils.DSS_ALGORITHM); + pub = keyFactory.generatePublic(new DSAPublicKeySpec(y, p, q, g)); + prv = keyFactory.generatePrivate(new DSAPrivateKeySpec(x, p, q, g)); + } else if (KeyPairProvider.SSH_ED25519.equals(keyAlg)) { + return SecurityUtils.extractEDDSAKeyPair(this, keyAlg); + } else { + ECCurves curve = ECCurves.fromKeyType(keyAlg); + if (curve == null) { + throw new NoSuchAlgorithmException("Unsupported key pair algorithm: " + keyAlg); + } + String curveName = curve.getName(); + ECParameterSpec params = curve.getParameters(); + return extractEC(curveName, params); + } + + return new KeyPair(pub, prv); + } catch (GeneralSecurityException e) { + throw new SshException(e); + } + } + + protected KeyPair extractEC(String expectedCurveName, ECParameterSpec spec) throws GeneralSecurityException { + String curveName = getString(); + if (!expectedCurveName.equals(curveName)) { + throw new InvalidKeySpecException("extractEC(" + expectedCurveName + ") mismatched curve name: " + curveName); + } + + byte[] groupBytes = getBytes(); + BigInteger exponent = getMPInt(); + + if (spec == null) { + throw new InvalidKeySpecException("extractEC(" + expectedCurveName + ") missing parameters for curve"); + } + + ECPoint group; + try { + group = ECCurves.octetStringToEcPoint(groupBytes); + } catch (RuntimeException e) { + throw new InvalidKeySpecException( + "extractEC(" + expectedCurveName + ")" + + " failed (" + e.getClass().getSimpleName() + ")" + + " to decode EC group for curve: " + e.getMessage(), + e); + } + + KeyFactory keyFactory = SecurityUtils.getKeyFactory(KeyUtils.EC_ALGORITHM); + PublicKey pubKey = keyFactory.generatePublic(new ECPublicKeySpec(group, spec)); + PrivateKey privKey = keyFactory.generatePrivate(new ECPrivateKeySpec(exponent, spec)); + return new KeyPair(pubKey, privKey); + } + + /** + * Makes sure the buffer contains enough data to accommodate the requested length + * + * @param reqLen Requested data in bytes + * @return Same as input if validation successful + * @throws BufferException If negative length or beyond available requested + */ + public int ensureAvailable(int reqLen) throws BufferException { + if (reqLen < 0) { + throw new BufferException("Bad item length: " + reqLen); + } + + int availLen = available(); + if (availLen < reqLen) { + throw new BufferException("Underflow: requested=" + reqLen + ", available=" + availLen); + } + + return reqLen; + } + + /* + * ====================== Write methods ====================== + */ + + public void putByte(byte b) { + ensureCapacity(Byte.BYTES); + workBuf[0] = b; + putRawBytes(workBuf, 0, Byte.BYTES); + } + + /** + * Checks if the buffer argument is an array of bytes, a {@link Readable} instance or a {@link ByteBuffer} + * and invokes the appropriate {@code putXXX} method. If {@code null} then puts an empty byte array value + * + * @param buffer The buffered data object to inspect + * @see #putBufferedData(Object) + */ + public void putOptionalBufferedData(Object buffer) { + if (buffer == null) { + putBytes(GenericUtils.EMPTY_BYTE_ARRAY); + } else { + putBufferedData(buffer); + } + } + + /** + * Checks if the buffer argument is an array of bytes, a {@link Readable} instance or a {@link ByteBuffer} + * and invokes the appropriate {@code putXXX} method. + * + * @param buffer The (never {@code null}) buffer object to put + * @throws IllegalArgumentException If buffer is none of the supported types + */ + public void putBufferedData(Object buffer) { + Objects.requireNonNull(buffer, "No buffered data to encode"); + if (buffer instanceof byte[]) { + putBytes((byte[]) buffer); + } else if (buffer instanceof Readable) { + putBuffer((Readable) buffer); + } else if (buffer instanceof ByteBuffer) { + putBuffer((ByteBuffer) buffer); + } else { + throw new IllegalArgumentException( + "No buffered overload found for " + + ((buffer == null) ? null : buffer.getClass().getName())); + } + } + + public void putBuffer(Readable buffer) { + putBuffer(buffer, true); + } + + public abstract int putBuffer(Readable buffer, boolean expand); + + public abstract void putBuffer(ByteBuffer buffer); + + /** + * Writes 16 bits + * + * @param i The 16-bit value + */ + public void putShort(int i) { + ensureCapacity(Short.BYTES); + workBuf[0] = (byte) (i >> 8); + workBuf[1] = (byte) i; + putRawBytes(workBuf, 0, Short.BYTES); + } + + /** + * Writes 32 bits + * + * @param i The 32-bit value + */ + public void putInt(long i) { + BufferUtils.validateInt32Value(i, "Invalid 32-bit value: %d"); + ensureCapacity(Integer.BYTES); + BufferUtils.putUInt(i, workBuf, 0, Integer.BYTES); + putRawBytes(workBuf, 0, Integer.BYTES); + } + + /** + * Writes 64 bits + * + * @param i The 64-bit value + */ + public void putLong(long i) { + ensureCapacity(Long.BYTES); + workBuf[0] = (byte) (i >> 56); + workBuf[1] = (byte) (i >> 48); + workBuf[2] = (byte) (i >> 40); + workBuf[3] = (byte) (i >> 32); + workBuf[4] = (byte) (i >> 24); + workBuf[5] = (byte) (i >> 16); + workBuf[6] = (byte) (i >> 8); + workBuf[7] = (byte) i; + putRawBytes(workBuf, 0, Long.BYTES); + } + + public void putBoolean(boolean b) { + putByte(b ? (byte) 1 : (byte) 0); + } + + /** + * Adds the bytes to the buffer and wipes the data from the input buffer after having added it - useful for + * sensitive information such as password + * + * @param b The buffer to add - OK if {@code null} + */ + public void putAndWipeBytes(byte[] b) { + putAndWipeBytes(b, 0, NumberUtils.length(b)); + } + + public void putAndWipeBytes(byte[] b, int off, int len) { + putBytes(b, off, len); + + for (int pos = off, index = 0; index < len; pos++, index++) { + b[pos] = (byte) 0; + } + } + + public void putBytes(byte[] b) { + putBytes(b, 0, NumberUtils.length(b)); + } + + public void putBytes(byte[] b, int off, int len) { + putInt(len); + putRawBytes(b, off, len); + } + + /** + * Encodes the {@link Objects#toString(Object, String) toString} value of each member. + * + * @param objects The objects to be encoded in the buffer - OK if {@code null}/empty + * @param prependLength If {@code true} then the list is preceded by a 32-bit count of the number of members in the + * list + * @see #putStringList(Collection, Charset, boolean) + */ + public void putStringList(Collection objects, boolean prependLength) { + putStringList(objects, StandardCharsets.UTF_8, prependLength); + } + + /** + * Encodes the {@link Objects#toString(Object, String) toString} value of each member + * + * @param objects The objects to be encoded in the buffer - OK if {@code null}/empty + * @param charset The {@link Charset} to use for encoding + * @param prependLength If {@code true} then the list is preceded by a 32-bit count of the number of members in the + * list + * @see #putString(String, Charset) + */ + public void putStringList(Collection objects, Charset charset, boolean prependLength) { + int numObjects = GenericUtils.size(objects); + if (prependLength) { + putInt(numObjects); + } + + if (numObjects <= 0) { + return; + } + + for (Object o : objects) { + String s = Objects.toString(o, null); + putString(s, charset); + } + } + + /** + * According to RFC 4251: + * A name-list is represented as a uint32 containing its length (number of bytes + * that follow) followed by a comma-separated list of zero or more names. + * + * + * @param names The name list to put + */ + public void putNameList(Collection names) { + putNameList(names, StandardCharsets.UTF_8); + } + + public void putNameList(Collection names, Charset charset) { + putNameList(names, charset, ','); + } + + public void putNameList(Collection names, char separator) { + putNameList(names, StandardCharsets.UTF_8, separator); + } + + /** + * Adds a string that contains values separated by a delimiter + * + * @param names The names to set + * @param charset The {@link Charset} to use to encode the string + * @param separator The separator + */ + public void putNameList(Collection names, Charset charset, char separator) { + String list = GenericUtils.join(names, separator); + putString(list, charset); + } + + public void putString(String string) { + putString(string, StandardCharsets.UTF_8); + } + + public void putString(String string, Charset charset) { + if (GenericUtils.isEmpty(string)) { + putBytes(GenericUtils.EMPTY_BYTE_ARRAY); + } else { + byte[] bytes = string.getBytes(charset); + putBytes(bytes); + } + } + + /** + * Zeroes the input array after having put the characters in the buffer - useful for sensitive information + * such as passwords + * + * @param chars The characters to put in the buffer - may be {@code null}/empty + * @see #putAndWipeChars(char[], Charset) + * @see #putChars(char[], Charset) + */ + public void putAndWipeChars(char[] chars) { + putAndWipeChars(chars, 0, GenericUtils.length(chars)); + } + + public void putAndWipeChars(char[] chars, int offset, int len) { + putAndWipeChars(chars, offset, len, StandardCharsets.UTF_8); + } + + public void putAndWipeChars(char[] chars, Charset charset) { + putAndWipeChars(chars, 0, GenericUtils.length(chars), charset); + } + + public void putAndWipeChars(char[] chars, int offset, int len, Charset charset) { + putChars(chars, offset, len, charset); + for (int pos = offset, index = 0; index < len; index++, pos++) { + chars[pos] = '\0'; + } + } + + public void putChars(char[] chars) { + putChars(chars, 0, GenericUtils.length(chars)); + } + + public void putChars(char[] chars, int offset, int len) { + putChars(chars, offset, len, StandardCharsets.UTF_8); + } + + public void putChars(char[] chars, Charset charset) { + putChars(chars, 0, GenericUtils.length(chars), charset); + } + + public void putChars(char[] chars, int offset, int len, Charset charset) { + if (len <= 0) { + putBytes(GenericUtils.EMPTY_BYTE_ARRAY); + } else { + CharBuffer charBuf = CharBuffer.wrap(chars, offset, len); + ByteBuffer byteBuf = charset.encode(charBuf); + putBuffer(byteBuf); + } + } + + public void putMPInt(BigInteger bigint) { + putMPInt(bigint.toByteArray()); + } + + public void putMPInt(byte[] mpInt) { + if ((mpInt[0] & 0x80) != 0) { + putInt(mpInt.length + 1 /* padding */); + putByte((byte) 0); + } else { + putInt(mpInt.length); + } + putRawBytes(mpInt); + } + + public void putRawBytes(byte[] d) { + putRawBytes(d, 0, d.length); + } + + public abstract void putRawBytes(byte[] d, int off, int len); + + public void putPublicKey(PublicKey key) { + int ow = wpos(); + putInt(0); + int ow1 = wpos(); + putRawPublicKey(key); + int ow2 = wpos(); + wpos(ow); + putInt(ow2 - ow1); + wpos(ow2); + } + + public void putRawPublicKey(PublicKey key) { + putString(KeyUtils.getKeyType(key)); + putRawPublicKeyBytes(key); + } + + public void putRawPublicKeyBytes(PublicKey key) { + Objects.requireNonNull(key, "No key"); + if (key instanceof RSAPublicKey) { + RSAPublicKey rsaPub = (RSAPublicKey) key; + + putMPInt(rsaPub.getPublicExponent()); + putMPInt(rsaPub.getModulus()); + } else if (key instanceof DSAPublicKey) { + DSAPublicKey dsaPub = (DSAPublicKey) key; + DSAParams dsaParams = dsaPub.getParams(); + + putMPInt(dsaParams.getP()); + putMPInt(dsaParams.getQ()); + putMPInt(dsaParams.getG()); + putMPInt(dsaPub.getY()); + } else if (key instanceof ECPublicKey) { + ECPublicKey ecKey = (ECPublicKey) key; + ECParameterSpec ecParams = ecKey.getParams(); + ECCurves curve = ECCurves.fromCurveParameters(ecParams); + if (curve == null) { + throw new BufferException("Unsupported EC curve parameters"); + } + + byte[] ecPoint = ECCurves.encodeECPoint(ecKey.getW(), ecParams); + putString(curve.getName()); + putBytes(ecPoint); + } else if (SecurityUtils.EDDSA.equals(key.getAlgorithm())) { + SecurityUtils.putRawEDDSAPublicKey(this, key); + } else if (key instanceof OpenSshCertificate) { + OpenSshCertificate cert = (OpenSshCertificate) key; + + putBytes(cert.getNonce()); + putRawPublicKeyBytes(cert.getServerHostKey()); + putLong(cert.getSerial()); + putInt(cert.getType()); + putString(cert.getId()); + + ByteArrayBuffer tmpBuffer = new ByteArrayBuffer(); + tmpBuffer.putStringList(cert.getPrincipals(), false); + putBytes(tmpBuffer.getCompactData()); + + putLong(cert.getValidAfter()); + putLong(cert.getValidBefore()); + putNameList(cert.getCriticalOptions()); + putNameList(cert.getExtensions()); + putString(cert.getReserved()); + + tmpBuffer = new ByteArrayBuffer(); // TODO tmpBuffer.clear() instead of allocate new buffer + tmpBuffer.putRawPublicKey(cert.getCaPubKey()); + putBytes(tmpBuffer.getCompactData()); + + putBytes(cert.getSignature()); + } else { + throw new BufferException("Unsupported raw public key algorithm: " + key.getAlgorithm()); + } + } + + public void putKeyPair(KeyPair kp) { + PublicKey pubKey = kp.getPublic(); + PrivateKey prvKey = kp.getPrivate(); + if (prvKey instanceof RSAPrivateCrtKey) { + RSAPublicKey rsaPub = (RSAPublicKey) pubKey; + RSAPrivateCrtKey rsaPrv = (RSAPrivateCrtKey) prvKey; + + putString(KeyPairProvider.SSH_RSA); + putMPInt(rsaPub.getPublicExponent()); + putMPInt(rsaPub.getModulus()); + putMPInt(rsaPrv.getPrivateExponent()); + putMPInt(rsaPrv.getCrtCoefficient()); + putMPInt(rsaPrv.getPrimeQ()); + putMPInt(rsaPrv.getPrimeP()); + } else if (pubKey instanceof DSAPublicKey) { + DSAPublicKey dsaPub = (DSAPublicKey) pubKey; + DSAParams dsaParams = dsaPub.getParams(); + DSAPrivateKey dsaPrv = (DSAPrivateKey) prvKey; + + putString(KeyPairProvider.SSH_DSS); + putMPInt(dsaParams.getP()); + putMPInt(dsaParams.getQ()); + putMPInt(dsaParams.getG()); + putMPInt(dsaPub.getY()); + putMPInt(dsaPrv.getX()); + } else if (pubKey instanceof ECPublicKey) { + ECPublicKey ecPub = (ECPublicKey) pubKey; + ECPrivateKey ecPriv = (ECPrivateKey) prvKey; + ECParameterSpec ecParams = ecPub.getParams(); + ECCurves curve = ECCurves.fromCurveParameters(ecParams); + if (curve == null) { + throw new BufferException("Unsupported EC curve parameters"); + } + + byte[] ecPoint = ECCurves.encodeECPoint(ecPub.getW(), ecParams); + putString(curve.getKeyType()); + putString(curve.getName()); + putBytes(ecPoint); + putMPInt(ecPriv.getS()); + } else if (SecurityUtils.EDDSA.equals(pubKey.getAlgorithm())) { + SecurityUtils.putEDDSAKeyPair(this, pubKey, prvKey); + } else { + throw new BufferException("Unsupported key pair algorithm: " + pubKey.getAlgorithm()); + } + } + + public Buffer ensureCapacity(int capacity) { + return ensureCapacity(capacity, BufferUtils.DEFAULT_BUFFER_GROWTH_FACTOR); + } + + /** + * @param capacity The required capacity + * @param growthFactor An {@link IntUnaryOperator} that is invoked if the current capacity is insufficient. The + * argument is the minimum required new data length, the function result should be the + * effective new data length to be allocated - if less than minimum then an exception is thrown + * @return This buffer instance + */ + public abstract Buffer ensureCapacity(int capacity, IntUnaryOperator growthFactor); + + /** + * @return Current size of underlying backing data bytes array + */ + protected abstract int size(); + + @Override + public String toString() { + return getClass().getSimpleName() + + "[rpos=" + rpos() + + ", wpos=" + wpos() + + ", size=" + size() + + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/BufferException.java b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/BufferException.java new file mode 100644 index 0000000..99e7c04 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/BufferException.java @@ -0,0 +1,30 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.buffer; + +/** + * @author Apache MINA SSHD Project + */ +public class BufferException extends RuntimeException { + private static final long serialVersionUID = 658645233475011039L; + + public BufferException(String message) { + super(message); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/BufferUtils.java b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/BufferUtils.java new file mode 100644 index 0000000..779bd44 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/BufferUtils.java @@ -0,0 +1,613 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.buffer; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.StreamCorruptedException; +import java.math.BigInteger; +import java.util.function.IntUnaryOperator; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.io.IoUtils; + +/** + * TODO Add javadoc + * + * @author Apache MINA SSHD Project + */ +public final class BufferUtils { + public static final char DEFAULT_HEX_SEPARATOR = ' '; + public static final char EMPTY_HEX_SEPARATOR = '\0'; + public static final String HEX_DIGITS = "0123456789abcdef"; + + public static final IntUnaryOperator DEFAULT_BUFFER_GROWTH_FACTOR = BufferUtils::getNextPowerOf2; + + /** + * Maximum value of a {@code uint32} field + */ + public static final long MAX_UINT32_VALUE = 0x0FFFFFFFFL; + + /** + * Maximum value of a {@code uint8} field + */ + public static final int MAX_UINT8_VALUE = 0x0FF; + + /** + * Private Constructor + */ + private BufferUtils() { + throw new UnsupportedOperationException("No instance allowed"); + } + + public static String toHex(byte... array) { + return toHex(array, 0, NumberUtils.length(array)); + } + + public static String toHex(char sep, byte... array) { + return toHex(array, 0, NumberUtils.length(array), sep); + } + + public static String toHex(byte[] array, int offset, int len) { + return toHex(array, offset, len, DEFAULT_HEX_SEPARATOR); + } + + public static String toHex(byte[] array, int offset, int len, char sep) { + if (len <= 0) { + return ""; + } + + try { + return appendHex(new StringBuilder(len * 3 /* 2 HEX + sep */), array, offset, len, sep).toString(); + } catch (IOException e) { // unexpected + return e.getClass().getSimpleName() + ": " + e.getMessage(); + } + } + + public static A appendHex(A sb, char sep, byte... array) throws IOException { + return appendHex(sb, array, 0, NumberUtils.length(array), sep); + } + + public static A appendHex( + A sb, byte[] array, int offset, int len, char sep) + throws IOException { + if (len <= 0) { + return sb; + } + + for (int curOffset = offset, maxOffset = offset + len; curOffset < maxOffset; curOffset++) { + byte b = array[curOffset]; + if ((curOffset > offset) && (sep != EMPTY_HEX_SEPARATOR)) { + sb.append(sep); + } + sb.append(HEX_DIGITS.charAt((b >> 4) & 0x0F)); + sb.append(HEX_DIGITS.charAt(b & 0x0F)); + } + + return sb; + } + + /** + * @param separator The separator between the HEX values - may be {@link #EMPTY_HEX_SEPARATOR} + * @param csq The {@link CharSequence} containing the HEX encoded bytes + * @return The decoded bytes + * @throws IllegalArgumentException If invalid HEX sequence length + * @throws NumberFormatException If invalid HEX characters found + * @see #decodeHex(char, CharSequence, int, int) + */ + public static byte[] decodeHex(char separator, CharSequence csq) { + return decodeHex(separator, csq, 0, GenericUtils.length(csq)); + } + + /** + * @param separator The separator between the HEX values - may be {@link #EMPTY_HEX_SEPARATOR} + * @param csq The {@link CharSequence} containing the HEX encoded bytes + * @param start Start offset of the HEX sequence (inclusive) + * @param end End offset of the HEX sequence (exclusive) + * @return The decoded bytes + * @throws IllegalArgumentException If invalid HEX sequence length + * @throws NumberFormatException If invalid HEX characters found + */ + public static byte[] decodeHex(char separator, CharSequence csq, int start, int end) { + int len = end - start; + ValidateUtils.checkTrue(len >= 0, "Bad HEX sequence length: %d", len); + if (len == 0) { + return GenericUtils.EMPTY_BYTE_ARRAY; + } + + int delta = 2; + byte[] bytes; + if (separator != EMPTY_HEX_SEPARATOR) { + // last character cannot be the separator + ValidateUtils.checkTrue((len % 3) == 2, "Invalid separated HEX sequence length: %d", len); + bytes = new byte[(len + 1) / 3]; + delta++; + } else { + ValidateUtils.checkTrue((len & 0x01) == 0, "Invalid contiguous HEX sequence length: %d", len); + bytes = new byte[len >>> 1]; + } + + int writeLen = 0; + for (int curPos = start; curPos < end; curPos += delta, writeLen++) { + bytes[writeLen] = fromHex(csq.charAt(curPos), csq.charAt(curPos + 1)); + } + assert writeLen == bytes.length; + + return bytes; + } + + /** + * @param The {@link OutputStream} generic type + * @param stream The target {@link OutputStream} + * @param separator The separator between the HEX values - may be {@link #EMPTY_HEX_SEPARATOR} + * @param csq The {@link CharSequence} containing the HEX encoded bytes + * @return The number of bytes written to the stream + * @throws IOException If failed to write + * @throws IllegalArgumentException If invalid HEX sequence length + * @throws NumberFormatException If invalid HEX characters found + * @see #decodeHex(OutputStream, char, CharSequence, int, int) + */ + public static int decodeHex( + S stream, char separator, CharSequence csq) + throws IOException { + return decodeHex(stream, separator, csq, 0, GenericUtils.length(csq)); + } + + /** + * @param The {@link OutputStream} generic type + * @param stream The target {@link OutputStream} + * @param separator The separator between the HEX values - may be {@link #EMPTY_HEX_SEPARATOR} + * @param csq The {@link CharSequence} containing the HEX encoded bytes + * @param start Start offset of the HEX sequence (inclusive) + * @param end End offset of the HEX sequence (exclusive) + * @return The number of bytes written to the stream + * @throws IOException If failed to write + * @throws IllegalArgumentException If invalid HEX sequence length + * @throws NumberFormatException If invalid HEX characters found + */ + public static int decodeHex( + S stream, char separator, CharSequence csq, int start, int end) + throws IOException { + int len = end - start; + ValidateUtils.checkTrue(len >= 0, "Bad HEX sequence length: %d", len); + + int delta = 2; + if (separator != EMPTY_HEX_SEPARATOR) { + // last character cannot be the separator + ValidateUtils.checkTrue((len % 3) == 2, "Invalid separated HEX sequence length: %d", len); + delta++; + } else { + ValidateUtils.checkTrue((len & 0x01) == 0, "Invalid contiguous HEX sequence length: %d", len); + } + + int writeLen = 0; + for (int curPos = start; curPos < end; curPos += delta, writeLen++) { + stream.write(fromHex(csq.charAt(curPos), csq.charAt(curPos + 1)) & 0xFF); + } + + return writeLen; + } + + public static byte fromHex(char hi, char lo) throws NumberFormatException { + int hiValue = HEX_DIGITS.indexOf(((hi >= 'A') && (hi <= 'F')) ? ('a' + (hi - 'A')) : hi); + int loValue = HEX_DIGITS.indexOf(((lo >= 'A') && (lo <= 'F')) ? ('a' + (lo - 'A')) : lo); + if ((hiValue < 0) || (loValue < 0)) { + throw new NumberFormatException("fromHex(" + new String(new char[] { hi, lo }) + ") non-HEX characters"); + } + + return (byte) ((hiValue << 4) + loValue); + } + + /** + * Read a 32-bit value in network order + * + * @param input The {@link InputStream} + * @param buf Work buffer to use + * @return The read 32-bit value + * @throws IOException If failed to read 4 bytes or not enough room in work buffer + * @see #readInt(InputStream, byte[], int, int) + */ + public static int readInt(InputStream input, byte[] buf) throws IOException { + return readInt(input, buf, 0, NumberUtils.length(buf)); + } + + /** + * Read a 32-bit value in network order + * + * @param input The {@link InputStream} + * @param buf Work buffer to use + * @param offset Offset in buffer to us + * @param len Available length - must have at least 4 bytes available + * @return The read 32-bit value + * @throws IOException If failed to read 4 bytes or not enough room in work buffer + * @see #readUInt(InputStream, byte[], int, int) + */ + public static int readInt(InputStream input, byte[] buf, int offset, int len) throws IOException { + return (int) readUInt(input, buf, offset, len); + } + + /** + * Read a 32-bit value in network order + * + * @param input The {@link InputStream} + * @param buf Work buffer to use + * @return The read 32-bit value + * @throws IOException If failed to read 4 bytes or not enough room in work buffer + * @see #readUInt(InputStream, byte[], int, int) + */ + public static long readUInt(InputStream input, byte[] buf) throws IOException { + return readUInt(input, buf, 0, NumberUtils.length(buf)); + } + + /** + * Read a 32-bit value in network order + * + * @param input The {@link InputStream} + * @param buf Work buffer to use + * @param offset Offset in buffer to us + * @param len Available length - must have at least 4 bytes available + * @return The read 32-bit value + * @throws IOException If failed to read 4 bytes or not enough room in work buffer + * @see #getUInt(byte[], int, int) + */ + public static long readUInt(InputStream input, byte[] buf, int offset, int len) throws IOException { + try { + if (len < Integer.BYTES) { + throw new IllegalArgumentException( + "Not enough data for a UINT: required=" + Integer.BYTES + ", available=" + len); + } + + IoUtils.readFully(input, buf, offset, Integer.BYTES); + return getUInt(buf, offset, len); + } catch (RuntimeException | Error e) { + throw new StreamCorruptedException( + "Failed (" + e.getClass().getSimpleName() + ")" + + " to read UINT value: " + e.getMessage()); + } + } + + /** + * @param buf A buffer holding a 32-bit unsigned integer in big endian format. Note: if more than 4 + * bytes are available, then only the first 4 bytes in the buffer will be used + * @return The result as a {@code long} whose 32 high-order bits are zero + * @see #getUInt(byte[], int, int) + */ + public static long getUInt(byte... buf) { + return getUInt(buf, 0, NumberUtils.length(buf)); + } + + /** + * @param buf A buffer holding a 32-bit unsigned integer in big endian format. + * @param off The offset of the data in the buffer + * @param len The available data length. Note: if more than 4 bytes are available, then only the + * first 4 bytes in the buffer will be used (starting at the specified offset) + * @return The result as a {@code long} whose 32 high-order bits are zero + */ + public static long getUInt(byte[] buf, int off, int len) { + if (len < Integer.BYTES) { + throw new IllegalArgumentException("Not enough data for a UINT: required=" + Integer.BYTES + ", available=" + len); + } + + long l = (buf[off] << 24) & 0xff000000L; + l |= (buf[off + 1] << 16) & 0x00ff0000L; + l |= (buf[off + 2] << 8) & 0x0000ff00L; + l |= (buf[off + 3]) & 0x000000ffL; + return l; + } + + public static long getLong(byte[] buf, int off, int len) { + if (len < Long.BYTES) { + throw new IllegalArgumentException("Not enough data for a long: required=" + Long.BYTES + ", available=" + len); + } + + long l = (long) buf[off] << 56; + l |= ((long) buf[off + 1] & 0xff) << 48; + l |= ((long) buf[off + 2] & 0xff) << 40; + l |= ((long) buf[off + 3] & 0xff) << 32; + l |= ((long) buf[off + 4] & 0xff) << 24; + l |= ((long) buf[off + 5] & 0xff) << 16; + l |= ((long) buf[off + 6] & 0xff) << 8; + l |= (long) buf[off + 7] & 0xff; + + return l; + } + + public static BigInteger fromMPIntBytes(byte[] mpInt) { + if (NumberUtils.isEmpty(mpInt)) { + return null; + } + + if ((mpInt[0] & 0x80) != 0) { + return new BigInteger(0, mpInt); + } else { + return new BigInteger(mpInt); + } + } + + /** + * Writes a 32-bit value in network order (i.e., MSB 1st) + * + * @param output The {@link OutputStream} to write the value + * @param value The 32-bit value + * @param buf A work buffer to use - must have enough space to contain 4 bytes + * @throws IOException If failed to write the value or work buffer too small + * @see #writeInt(OutputStream, int, byte[], int, int) + */ + public static void writeInt(OutputStream output, int value, byte[] buf) throws IOException { + writeUInt(output, value, buf, 0, NumberUtils.length(buf)); + } + + /** + * Writes a 32-bit value in network order (i.e., MSB 1st) + * + * @param output The {@link OutputStream} to write the value + * @param value The 32-bit value + * @param buf A work buffer to use - must have enough space to contain 4 bytes + * @param off The offset to write the value + * @param len The available space + * @throws IOException If failed to write the value or work buffer too small + * @see #writeUInt(OutputStream, long, byte[], int, int) + */ + public static void writeInt( + OutputStream output, int value, byte[] buf, int off, int len) + throws IOException { + writeUInt(output, value & 0xFFFFFFFFL, buf, off, len); + } + + /** + * Writes a 32-bit value in network order (i.e., MSB 1st) + * + * @param output The {@link OutputStream} to write the value + * @param value The 32-bit value + * @param buf A work buffer to use - must have enough space to contain 4 bytes + * @throws IOException If failed to write the value or work buffer too small + * @see #writeUInt(OutputStream, long, byte[], int, int) + */ + public static void writeUInt(OutputStream output, long value, byte[] buf) throws IOException { + writeUInt(output, value, buf, 0, NumberUtils.length(buf)); + } + + /** + * Writes a 32-bit value in network order (i.e., MSB 1st) + * + * @param output The {@link OutputStream} to write the value + * @param value The 32-bit value + * @param buf A work buffer to use - must have enough space to contain 4 bytes + * @param off The offset to write the value + * @param len The available space + * @throws IOException If failed to write the value or work buffer to small + * @see #putUInt(long, byte[], int, int) + */ + public static void writeUInt( + OutputStream output, long value, byte[] buf, int off, int len) + throws IOException { + try { + int writeLen = putUInt(value, buf, off, len); + output.write(buf, off, writeLen); + } catch (RuntimeException | Error e) { + throw new StreamCorruptedException( + "Failed (" + e.getClass().getSimpleName() + ")" + + " to write UINT value=" + value + ": " + e.getMessage()); + } + } + + /** + * Writes a 32-bit value in network order (i.e., MSB 1st) + * + * @param value The 32-bit value + * @param buf The buffer + * @return The number of bytes used in the buffer + * @throws IllegalArgumentException if not enough space available + * @see #putUInt(long, byte[], int, int) + */ + public static int putUInt(long value, byte[] buf) { + return putUInt(value, buf, 0, NumberUtils.length(buf)); + } + + /** + * Writes a 32-bit value in network order (i.e., MSB 1st) + * + * @param value The 32-bit value + * @param buf The buffer + * @param off The offset to write the value + * @param len The available space + * @return The number of bytes used in the buffer + * @throws IllegalArgumentException if not enough space available + */ + public static int putUInt(long value, byte[] buf, int off, int len) { + if (len < Integer.BYTES) { + throw new IllegalArgumentException("Not enough data for a UINT: required=" + Integer.BYTES + ", available=" + len); + } + + buf[off] = (byte) ((value >> 24) & 0xFF); + buf[off + 1] = (byte) ((value >> 16) & 0xFF); + buf[off + 2] = (byte) ((value >> 8) & 0xFF); + buf[off + 3] = (byte) (value & 0xFF); + + return Integer.BYTES; + } + + public static int putLong(long value, byte[] buf, int off, int len) { + if (len < Long.BYTES) { + throw new IllegalArgumentException("Not enough data for a long: required=" + Long.BYTES + ", available=" + len); + } + + buf[off] = (byte) (value >> 56); + buf[off + 1] = (byte) (value >> 48); + buf[off + 2] = (byte) (value >> 40); + buf[off + 3] = (byte) (value >> 32); + buf[off + 4] = (byte) (value >> 24); + buf[off + 5] = (byte) (value >> 16); + buf[off + 6] = (byte) (value >> 8); + buf[off + 7] = (byte) value; + + return Long.BYTES; + } + + /** + * Compares the contents of 2 arrays of bytes - Note: do not use it to execute security related comparisons + * (e.g. MACs) since the method leaks timing information. Use {@code Mac#equals} method instead. + * + * @param a1 1st array + * @param a2 2nd array + * @return {@code true} if all bytes in the compared arrays are equal + */ + public static boolean equals(byte[] a1, byte[] a2) { + int len1 = NumberUtils.length(a1); + int len2 = NumberUtils.length(a2); + if (len1 != len2) { + return false; + } else { + return equals(a1, 0, a2, 0, len1); + } + } + + /** + * Compares the contents of 2 arrays of bytes - Note: do not use it to execute security related comparisons + * (e.g. MACs) since the method leaks timing information. Use {@code Mac#equals} method instead. + * + * @param a1 1st array + * @param a1Offset Offset to start comparing in 1st array + * @param a2 2nd array + * @param a2Offset Offset to start comparing in 2nd array + * @param length Number of bytes to compare + * @return {@code true} if all bytes in the compared arrays are equal when compared from the specified + * offsets and up to specified length + */ + @SuppressWarnings("PMD.AssignmentInOperand") + public static boolean equals(byte[] a1, int a1Offset, byte[] a2, int a2Offset, int length) { + int len1 = NumberUtils.length(a1); + int len2 = NumberUtils.length(a2); + if ((len1 < (a1Offset + length)) || (len2 < (a2Offset + length))) { + return false; + } + + while (length-- > 0) { + if (a1[a1Offset++] != a2[a2Offset++]) { + return false; + } + } + + return true; + } + + public static int getNextPowerOf2(int value) { + // for 0-7 return 8 + return (value < Byte.SIZE) + ? Byte.SIZE + : (value > (1 << 30)) + ? value + : NumberUtils.getNextPowerOf2(value); + } + + /** + * Used for encodings where we don't know the data length before adding it to the buffer. The idea is to place a + * 32-bit "placeholder", encode the data and then return back to the placeholder and update the length. + * The method calculates the encoded data length, moves the write position to the specified placeholder position, + * updates the length value and then moves the write position it back to its original value. + * + * @param buffer The {@link Buffer} + * @param lenPos The offset in the buffer where the length placeholder is to be update - Note: assumption is + * that the encoded data starts immediately after the placeholder + * @return The amount of data that has been encoded + */ + public static int updateLengthPlaceholder(Buffer buffer, int lenPos) { + int startPos = lenPos + Integer.BYTES; + int endPos = buffer.wpos(); + int dataLength = endPos - startPos; + // NOTE: although data length is defined as UINT32, we do not expected sizes above Integer.MAX_VALUE + ValidateUtils.checkTrue(dataLength >= 0, "Illegal data length: %d", dataLength); + buffer.wpos(lenPos); + buffer.putInt(dataLength); + buffer.wpos(endPos); + return dataLength; + } + + /** + * Updates a 32-bit "placeholder" location for data length - moves the write position to the specified + * placeholder position, updates the length value and then moves the write position it back to its original value. + * + * @param buffer The {@link Buffer} + * @param lenPos The offset in the buffer where the length placeholder is to be update - Note: assumption + * is that the encoded data starts immediately after the placeholder + * @param dataLength The length to update + */ + public static void updateLengthPlaceholder(Buffer buffer, int lenPos, int dataLength) { + int curPos = buffer.wpos(); + buffer.wpos(lenPos); + buffer.putInt(dataLength); + buffer.wpos(curPos); + } + + /** + * Invokes {@link Buffer#clear()} + * + * @param The generic buffer type + * @param buffer A {@link Buffer} instance - ignored if {@code null} + * @return The same as the input instance + */ + public static B clear(B buffer) { + if (buffer != null) { + buffer.clear(); + } + + return buffer; + } + + public static long validateInt32Value(long value, String message) { + ValidateUtils.checkTrue(isValidInt32Value(value), message, value); + return value; + } + + public static long validateInt32Value(long value, String format, Object arg) { + ValidateUtils.checkTrue(isValidInt32Value(value), format, arg); + return value; + } + + public static long validateInt32Value(long value, String format, Object... args) { + ValidateUtils.checkTrue(isValidInt32Value(value), format, args); + return value; + } + + public static boolean isValidInt32Value(long value) { + return (value >= Integer.MIN_VALUE) && (value <= Integer.MAX_VALUE); + } + + public static long validateUint32Value(long value, String message) { + ValidateUtils.checkTrue(isValidUint32Value(value), message, value); + return value; + } + + public static long validateUint32Value(long value, String format, Object arg) { + ValidateUtils.checkTrue(isValidUint32Value(value), format, arg); + return value; + } + + public static long validateUint32Value(long value, String format, Object... args) { + ValidateUtils.checkTrue(isValidUint32Value(value), format, args); + return value; + } + + public static boolean isValidUint32Value(long value) { + return (value >= 0L) && (value <= MAX_UINT32_VALUE); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/ByteArrayBuffer.java b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/ByteArrayBuffer.java new file mode 100644 index 0000000..04085ed --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/ByteArrayBuffer.java @@ -0,0 +1,319 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.buffer; + +import java.nio.ByteBuffer; +import java.nio.charset.Charset; +import java.util.Arrays; +import java.util.Objects; +import java.util.function.IntUnaryOperator; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.Readable; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * Provides an implementation of {@link Buffer} using a backing byte array + * + * @author Apache MINA SSHD Project + */ +public class ByteArrayBuffer extends Buffer { + /** + * Initial default allocated buffer size if none specified + */ + public static final int DEFAULT_SIZE = 256; + + private byte[] data; + private int rpos; + private int wpos; + + /** + * Allocates a buffer for writing purposes with {@value #DEFAULT_SIZE} bytes + */ + public ByteArrayBuffer() { + this(DEFAULT_SIZE, false); + } + + /** + * Allocates a buffer for writing purposes + * + * @param size Initial buffer size - Note: it is rounded to the closest power of 2 that is greater or + * equal to it. + * @see #ByteArrayBuffer(int, boolean) + */ + public ByteArrayBuffer(int size) { + this(size, true); + } + + /** + * Allocates a buffer for writing purposes + * + * @param size Initial buffer size + * @param roundOff Whether to round it to closest power of 2 that is greater or equal to the specified size + */ + public ByteArrayBuffer(int size, boolean roundOff) { + this(new byte[roundOff ? BufferUtils.getNextPowerOf2(size) : size], false); + } + + /** + * Wraps data bytes for reading + * + * @param data Data bytes to read from + * @see #ByteArrayBuffer(byte[], boolean) + */ + public ByteArrayBuffer(byte[] data) { + this(data, 0, data.length, true); + } + + /** + * @param data Data bytes to use + * @param read Whether the data bytes are for reading or writing + */ + public ByteArrayBuffer(byte[] data, boolean read) { + this(data, 0, data.length, read); + } + + /** + * Wraps data bytes for reading + * + * @param data Data bytes to read from + * @param off Offset to read from + * @param len Available bytes from given offset + * @see #ByteArrayBuffer(byte[], int, int, boolean) + */ + public ByteArrayBuffer(byte[] data, int off, int len) { + this(data, off, len, true); + } + + /** + * @param data Data bytes to use + * @param off Offset to read/write (according to read parameter) + * @param len Available bytes from given offset + * @param read Whether the data bytes are for reading or writing + */ + public ByteArrayBuffer(byte[] data, int off, int len, boolean read) { + if ((off < 0) || (len < 0)) { + throw new IndexOutOfBoundsException("Invalid offset(" + off + ")/length(" + len + ")"); + } + this.data = data; + this.rpos = off; + this.wpos = (read ? len : 0) + off; + } + + @Override + public int rpos() { + return rpos; + } + + @Override + public void rpos(int rpos) { + this.rpos = rpos; + } + + @Override + public int wpos() { + return wpos; + } + + @Override + public void wpos(int wpos) { + if (wpos > this.wpos) { + ensureCapacity(wpos - this.wpos); + } + this.wpos = wpos; + } + + @Override + public int available() { + return wpos - rpos; + } + + @Override + public int capacity() { + return data.length - wpos; + } + + @Override + public byte[] array() { + return data; + } + + @Override + public byte[] getBytesConsumed() { + byte[] consumed = new byte[rpos]; + System.arraycopy(data, 0, consumed, 0, rpos); + return consumed; + } + + @Override + public byte rawByte(int pos) { + return data[pos]; + } + + @Override + public long rawUInt(int pos) { + return BufferUtils.getUInt(data, pos, Integer.BYTES); + } + + @Override + public void compact() { + int avail = available(); + if (avail > 0) { + System.arraycopy(data, rpos, data, 0, avail); + } + wpos -= rpos; + rpos = 0; + } + + @Override + public Buffer clear(boolean wipeData) { + rpos = 0; + wpos = 0; + + if (wipeData) { + Arrays.fill(data, (byte) 0); + } + + return this; + } + + @Override + public byte getByte() { + ensureAvailable(Byte.BYTES); + return data[rpos++]; + } + + @Override + public void putByte(byte b) { + ensureCapacity(Byte.BYTES); + data[wpos++] = b; + } + + @Override + public int putBuffer(Readable buffer, boolean expand) { + int required = expand ? buffer.available() : Math.min(buffer.available(), capacity()); + ensureCapacity(required); + buffer.getRawBytes(data, wpos, required); + wpos += required; + return required; + } + + @Override + public void putBuffer(ByteBuffer buffer) { + int required = buffer.remaining(); + ensureCapacity(required + Integer.SIZE); + putInt(required); + buffer.get(data, wpos, required); + wpos += required; + } + + @Override + public void putRawBytes(byte[] d, int off, int len) { + ValidateUtils.checkTrue(len >= 0, "Negative raw bytes length: %d", len); + ensureCapacity(len); + System.arraycopy(d, off, data, wpos, len); + wpos += len; + } + + @Override + public String getString(Charset charset) { + Objects.requireNonNull(charset, "No charset specified"); + + int reqLen = getInt(); + int len = ensureAvailable(reqLen); + String s = new String(data, rpos, len, charset); + rpos += len; + return s; + } + + @Override + public void getRawBytes(byte[] buf, int off, int len) { + ensureAvailable(len); + copyRawBytes(0, buf, off, len); + rpos += len; + } + + @Override + protected void copyRawBytes(int offset, byte[] buf, int pos, int len) { + if ((offset < 0) || (pos < 0) || (len < 0)) { + throw new IndexOutOfBoundsException( + "Invalid offset(" + offset + ")/position(" + pos + ")/length(" + len + ") required"); + } + System.arraycopy(data, rpos + offset, buf, pos, len); + } + + @Override + public Buffer ensureCapacity(int capacity, IntUnaryOperator growthFactor) { + ValidateUtils.checkTrue(capacity >= 0, "Negative capacity requested: %d", capacity); + + int maxSize = size(); + int curPos = wpos(); + int remaining = maxSize - curPos; + if (remaining < capacity) { + int minimum = curPos + capacity; + int actual = growthFactor.applyAsInt(minimum); + if (actual < minimum) { + throw new IllegalStateException( + "ensureCapacity(" + capacity + ") actual (" + actual + ") below min. (" + minimum + ")"); + } + byte[] tmp = new byte[actual]; + System.arraycopy(data, 0, tmp, 0, data.length); + data = tmp; + } + + return this; + } + + @Override + protected int size() { + return data.length; + } + + /** + * Creates a compact buffer (i.e., one that starts at offset zero) containing a copy of the original data + * + * @param data The original data buffer + * @return A {@link ByteArrayBuffer} containing a copy of the original data starting at zero read + * position + * @see #getCompactClone(byte[], int, int) + */ + public static ByteArrayBuffer getCompactClone(byte[] data) { + return getCompactClone(data, 0, NumberUtils.length(data)); + } + + /** + * Creates a compact buffer (i.e., one that starts at offset zero) containing a copy of the original data + * + * @param data The original data buffer + * @param offset The offset of the valid data in the buffer + * @param len The size (in bytes) of of the valid data in the buffer + * @return A {@link ByteArrayBuffer} containing a copy of the original data starting at zero read + * position + */ + public static ByteArrayBuffer getCompactClone(byte[] data, int offset, int len) { + byte[] clone = (len > 0) ? new byte[len] : GenericUtils.EMPTY_BYTE_ARRAY; + if (len > 0) { + System.arraycopy(data, offset, clone, 0, len); + } + + return new ByteArrayBuffer(clone, true); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/AbstractBufferPublicKeyParser.java b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/AbstractBufferPublicKeyParser.java new file mode 100644 index 0000000..2635c2b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/AbstractBufferPublicKeyParser.java @@ -0,0 +1,90 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.buffer.keys; + +import java.security.GeneralSecurityException; +import java.security.KeyFactory; +import java.security.PublicKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.Objects; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * @param Type of {@link PublicKey} being extracted + * @author Apache MINA SSHD Project + */ +public abstract class AbstractBufferPublicKeyParser implements BufferPublicKeyParser { + private final Class keyClass; + private final Collection supported; + + protected AbstractBufferPublicKeyParser(Class keyClass, String... supported) { + this(keyClass, GenericUtils.isEmpty(supported) ? Collections.emptyList() : Arrays.asList(supported)); + } + + protected AbstractBufferPublicKeyParser(Class keyClass, Collection supported) { + this.keyClass = Objects.requireNonNull(keyClass, "No key class"); + this.supported + = ValidateUtils.checkNotNullAndNotEmpty(supported, "No supported types for %s", keyClass.getSimpleName()); + } + + public Collection getSupportedKeyTypes() { + return supported; + } + + public final Class getKeyClass() { + return keyClass; + } + + @Override + public boolean isKeyTypeSupported(String keyType) { + Collection keys = getSupportedKeyTypes(); + return (GenericUtils.length(keyType) > 0) + && (GenericUtils.size(keys) > 0) + && keys.contains(keyType); + } + + protected PUB generatePublicKey(String algorithm, S keySpec) throws GeneralSecurityException { + KeyFactory keyFactory = getKeyFactory(algorithm); + PublicKey key = keyFactory.generatePublic(keySpec); + Class kc = getKeyClass(); + if (!kc.isInstance(key)) { + throw new InvalidKeySpecException( + "Mismatched generated key types: expected=" + kc.getSimpleName() + ", actual=" + key); + } + + return kc.cast(key); + } + + protected KeyFactory getKeyFactory(String algorithm) throws GeneralSecurityException { + return SecurityUtils.getKeyFactory(algorithm); + } + + @Override + public String toString() { + return getClass().getSimpleName() + " - supported=" + getSupportedKeyTypes(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/BufferPublicKeyParser.java b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/BufferPublicKeyParser.java new file mode 100644 index 0000000..c6332cd --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/BufferPublicKeyParser.java @@ -0,0 +1,115 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.buffer.keys; + +import java.security.GeneralSecurityException; +import java.security.NoSuchAlgorithmException; +import java.security.PublicKey; +import java.util.Arrays; +import java.util.Collection; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * Parses a raw {@link PublicKey} from a {@link Buffer} + * + * @param Type of {@link PublicKey} being extracted + * @author Apache MINA SSHD Project + */ +public interface BufferPublicKeyParser { + + BufferPublicKeyParser EMPTY = new BufferPublicKeyParser() { + @Override + public boolean isKeyTypeSupported(String keyType) { + return false; + } + + @Override + public PublicKey getRawPublicKey(String keyType, Buffer buffer) throws GeneralSecurityException { + throw new NoSuchAlgorithmException(keyType); + } + + @Override + public String toString() { + return "EMPTY"; + } + }; + + BufferPublicKeyParser DEFAULT = aggregate( + Arrays.asList( + RSABufferPublicKeyParser.INSTANCE, + DSSBufferPublicKeyParser.INSTANCE, + ECBufferPublicKeyParser.INSTANCE, + SkECBufferPublicKeyParser.INSTANCE, + ED25519BufferPublicKeyParser.INSTANCE, + OpenSSHCertPublicKeyParser.INSTANCE, + SkED25519BufferPublicKeyParser.INSTANCE)); + + /** + * @param keyType The key type - e.g., "ssh-rsa", "ssh-dss" + * @return {@code true} if this key type is supported by the parser + */ + boolean isKeyTypeSupported(String keyType); + + /** + * @param keyType The key type - e.g., "ssh-rsa", "ssh-dss" + * @param buffer The {@link Buffer} containing the encoded raw public key + * @return The decoded {@link PublicKey} + * @throws GeneralSecurityException If failed to generate the key + */ + PUB getRawPublicKey(String keyType, Buffer buffer) throws GeneralSecurityException; + + static BufferPublicKeyParser aggregate( + Collection> parsers) { + if (GenericUtils.isEmpty(parsers)) { + return EMPTY; + } + + return new BufferPublicKeyParser() { + @Override + public boolean isKeyTypeSupported(String keyType) { + for (BufferPublicKeyParser p : parsers) { + if (p.isKeyTypeSupported(keyType)) { + return true; + } + } + + return false; + } + + @Override + public PublicKey getRawPublicKey(String keyType, Buffer buffer) throws GeneralSecurityException { + for (BufferPublicKeyParser p : parsers) { + if (p.isKeyTypeSupported(keyType)) { + return p.getRawPublicKey(keyType, buffer); + } + } + + throw new NoSuchAlgorithmException("No aggregate matcher for " + keyType); + } + + @Override + public String toString() { + return String.valueOf(parsers); + } + }; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/DSSBufferPublicKeyParser.java b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/DSSBufferPublicKeyParser.java new file mode 100644 index 0000000..4eec49a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/DSSBufferPublicKeyParser.java @@ -0,0 +1,52 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.buffer.keys; + +import java.math.BigInteger; +import java.security.GeneralSecurityException; +import java.security.interfaces.DSAPublicKey; +import java.security.spec.DSAPublicKeySpec; + +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * @author Apache MINA SSHD Project + */ +public class DSSBufferPublicKeyParser extends AbstractBufferPublicKeyParser { + public static final DSSBufferPublicKeyParser INSTANCE = new DSSBufferPublicKeyParser(); + + public DSSBufferPublicKeyParser() { + super(DSAPublicKey.class, KeyPairProvider.SSH_DSS); + } + + @Override + public DSAPublicKey getRawPublicKey(String keyType, Buffer buffer) throws GeneralSecurityException { + ValidateUtils.checkTrue(isKeyTypeSupported(keyType), "Unsupported key type: %s", keyType); + BigInteger p = buffer.getMPInt(); + BigInteger q = buffer.getMPInt(); + BigInteger g = buffer.getMPInt(); + BigInteger y = buffer.getMPInt(); + + return generatePublicKey(KeyUtils.DSS_ALGORITHM, new DSAPublicKeySpec(y, p, q, g)); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/ECBufferPublicKeyParser.java b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/ECBufferPublicKeyParser.java new file mode 100644 index 0000000..553afc3 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/ECBufferPublicKeyParser.java @@ -0,0 +1,84 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.buffer.keys; + +import java.security.GeneralSecurityException; +import java.security.NoSuchAlgorithmException; +import java.security.interfaces.ECPublicKey; +import java.security.spec.ECParameterSpec; +import java.security.spec.ECPoint; +import java.security.spec.ECPublicKeySpec; +import java.security.spec.InvalidKeySpecException; + +import org.apache.sshd.common.cipher.ECCurves; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * @author Apache MINA SSHD Project + */ +public class ECBufferPublicKeyParser extends AbstractBufferPublicKeyParser { + public static final ECBufferPublicKeyParser INSTANCE = new ECBufferPublicKeyParser(); + + public ECBufferPublicKeyParser() { + super(ECPublicKey.class, ECCurves.KEY_TYPES); + } + + @Override + public ECPublicKey getRawPublicKey(String keyType, Buffer buffer) throws GeneralSecurityException { + ValidateUtils.checkTrue(isKeyTypeSupported(keyType), "Unsupported key type: %s", keyType); + ECCurves curve = ECCurves.fromKeyType(keyType); + if (curve == null) { + throw new NoSuchAlgorithmException("Unsupported raw public algorithm: " + keyType); + } + + String curveName = curve.getName(); + ECParameterSpec params = curve.getParameters(); + return getRawECKey(curveName, params, buffer); + } + + protected ECPublicKey getRawECKey(String expectedCurve, ECParameterSpec spec, Buffer buffer) + throws GeneralSecurityException { + String curveName = buffer.getString(); + if (!expectedCurve.equals(curveName)) { + throw new InvalidKeySpecException( + "getRawECKey(" + expectedCurve + ") curve name does not match expected: " + curveName); + } + + if (spec == null) { + throw new InvalidKeySpecException("getRawECKey(" + expectedCurve + ") missing curve parameters"); + } + + byte[] octets = buffer.getBytes(); + ECPoint w; + try { + w = ECCurves.octetStringToEcPoint(octets); + } catch (RuntimeException e) { + throw new InvalidKeySpecException( + "getRawECKey(" + expectedCurve + ")" + + " cannot (" + e.getClass().getSimpleName() + ")" + + " retrieve W value: " + e.getMessage(), + e); + } + + return generatePublicKey(KeyUtils.EC_ALGORITHM, new ECPublicKeySpec(w, spec)); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/ED25519BufferPublicKeyParser.java b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/ED25519BufferPublicKeyParser.java new file mode 100644 index 0000000..36289ad --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/ED25519BufferPublicKeyParser.java @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.buffer.keys; + +import java.security.GeneralSecurityException; +import java.security.PublicKey; + +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * TODO complete this when SSHD-440 is done + * + * @author Apache MINA SSHD Project + */ +public class ED25519BufferPublicKeyParser extends AbstractBufferPublicKeyParser { + public static final ED25519BufferPublicKeyParser INSTANCE = new ED25519BufferPublicKeyParser(); + + public ED25519BufferPublicKeyParser() { + super(PublicKey.class, KeyPairProvider.SSH_ED25519); + } + + @Override + public PublicKey getRawPublicKey(String keyType, Buffer buffer) throws GeneralSecurityException { + ValidateUtils.checkTrue(isKeyTypeSupported(keyType), "Unsupported key type: %s", keyType); + byte[] seed = buffer.getBytes(); + return SecurityUtils.generateEDDSAPublicKey(keyType, seed); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/OpenSSHCertPublicKeyParser.java b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/OpenSSHCertPublicKeyParser.java new file mode 100644 index 0000000..b728ca6 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/OpenSSHCertPublicKeyParser.java @@ -0,0 +1,96 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.buffer.keys; + +import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; +import java.security.PublicKey; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.List; + +import org.apache.sshd.common.SshException; +import org.apache.sshd.common.config.keys.OpenSshCertificate; +import org.apache.sshd.common.config.keys.OpenSshCertificateImpl; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; + +public class OpenSSHCertPublicKeyParser extends AbstractBufferPublicKeyParser { + public static final List KEY_TYPES = Collections.unmodifiableList( + Arrays.asList( + KeyPairProvider.SSH_RSA_CERT, + KeyPairProvider.SSH_DSS_CERT, + KeyPairProvider.SSH_ECDSA_SHA2_NISTP256_CERT, + KeyPairProvider.SSH_ECDSA_SHA2_NISTP384_CERT, + KeyPairProvider.SSH_ECDSA_SHA2_NISTP521_CERT, + KeyPairProvider.SSH_ED25519_CERT)); + + public static final OpenSSHCertPublicKeyParser INSTANCE = new OpenSSHCertPublicKeyParser(); + + public OpenSSHCertPublicKeyParser() { + super(OpenSshCertificate.class, KEY_TYPES); + } + + @Override + public OpenSshCertificate getRawPublicKey(String keyType, Buffer buffer) throws GeneralSecurityException { + OpenSshCertificateImpl certificate = new OpenSshCertificateImpl(); + certificate.setKeyType(keyType); + + certificate.setNonce(buffer.getBytes()); + + String rawKeyType = certificate.getRawKeyType(); + PublicKey serverHostKey = DEFAULT.getRawPublicKey(rawKeyType, buffer); + certificate.setServerHostKey(serverHostKey); + + certificate.setSerial(buffer.getLong()); + certificate.setType(buffer.getInt()); + + certificate.setId(buffer.getString()); + + Collection principals = new ByteArrayBuffer(buffer.getBytes()).getStringList(false); + certificate.setPrincipals(principals); + certificate.setValidAfter(buffer.getLong()); + certificate.setValidBefore(buffer.getLong()); + + certificate.setCriticalOptions(buffer.getNameList()); + certificate.setExtensions(buffer.getNameList()); + + certificate.setReserved(buffer.getString()); + + try { + certificate.setCaPubKey(buffer.getPublicKey()); + } catch (SshException ex) { + throw new InvalidKeyException("Could not parse public CA key with ID: " + certificate.getId(), ex); + } + + certificate.setMessage(buffer.getBytesConsumed()); + certificate.setSignature(buffer.getBytes()); + + if (buffer.rpos() != buffer.wpos()) { + throw new InvalidKeyException( + "KeyExchange signature verification failed, got more data than expected: " + + buffer.rpos() + ", actual: " + buffer.wpos() + ". ID of the ca certificate: " + + certificate.getId()); + } + + return certificate; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/RSABufferPublicKeyParser.java b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/RSABufferPublicKeyParser.java new file mode 100644 index 0000000..363b07e --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/RSABufferPublicKeyParser.java @@ -0,0 +1,49 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.buffer.keys; + +import java.math.BigInteger; +import java.security.GeneralSecurityException; +import java.security.interfaces.RSAPublicKey; +import java.security.spec.RSAPublicKeySpec; + +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * @author Apache MINA SSHD Project + */ +public class RSABufferPublicKeyParser extends AbstractBufferPublicKeyParser { + public static final RSABufferPublicKeyParser INSTANCE = new RSABufferPublicKeyParser(); + + public RSABufferPublicKeyParser() { + super(RSAPublicKey.class, KeyPairProvider.SSH_RSA); + } + + @Override + public RSAPublicKey getRawPublicKey(String keyType, Buffer buffer) throws GeneralSecurityException { + ValidateUtils.checkTrue(isKeyTypeSupported(keyType), "Unsupported key type: %s", keyType); + BigInteger e = buffer.getMPInt(); + BigInteger n = buffer.getMPInt(); + return generatePublicKey(KeyUtils.RSA_ALGORITHM, new RSAPublicKeySpec(n, e)); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/SkECBufferPublicKeyParser.java b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/SkECBufferPublicKeyParser.java new file mode 100644 index 0000000..9d1dbee --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/SkECBufferPublicKeyParser.java @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.buffer.keys; + +import java.security.GeneralSecurityException; +import java.security.interfaces.ECPublicKey; + +import org.apache.sshd.common.cipher.ECCurves; +import org.apache.sshd.common.config.keys.impl.SkECDSAPublicKeyEntryDecoder; +import org.apache.sshd.common.u2f.SkEcdsaPublicKey; +import org.apache.sshd.common.util.buffer.Buffer; + +/** + * @author Apache MINA SSHD Project + */ +public class SkECBufferPublicKeyParser extends AbstractBufferPublicKeyParser { + public static final SkECBufferPublicKeyParser INSTANCE = new SkECBufferPublicKeyParser(); + + public SkECBufferPublicKeyParser() { + super(SkEcdsaPublicKey.class, SkECDSAPublicKeyEntryDecoder.KEY_TYPE); + } + + @Override + public SkEcdsaPublicKey getRawPublicKey(String keyType, Buffer buffer) throws GeneralSecurityException { + // The "sk-ecdsa-sha2-nistp256@openssh.com" keytype has the same format as the "ecdsa-sha2-nistp256" keytype + // with an appname on the end + ECPublicKey ecPublicKey = ECBufferPublicKeyParser.INSTANCE.getRawPublicKey(ECCurves.nistp256.getKeyType(), buffer); + String appName = buffer.getString(); + return new SkEcdsaPublicKey(appName, false, ecPublicKey); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/SkED25519BufferPublicKeyParser.java b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/SkED25519BufferPublicKeyParser.java new file mode 100644 index 0000000..821f187 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/buffer/keys/SkED25519BufferPublicKeyParser.java @@ -0,0 +1,49 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.buffer.keys; + +import java.security.GeneralSecurityException; +import java.security.PublicKey; + +import org.apache.sshd.common.config.keys.impl.SkED25519PublicKeyEntryDecoder; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.u2f.SkED25519PublicKey; +import org.apache.sshd.common.util.buffer.Buffer; +import org.xbib.io.sshd.eddsa.EdDSAPublicKey; + +/** + * @author Apache MINA SSHD Project + */ +public class SkED25519BufferPublicKeyParser extends AbstractBufferPublicKeyParser { + public static final SkED25519BufferPublicKeyParser INSTANCE = new SkED25519BufferPublicKeyParser(); + + public SkED25519BufferPublicKeyParser() { + super(SkED25519PublicKey.class, SkED25519PublicKeyEntryDecoder.KEY_TYPE); + } + + @Override + public SkED25519PublicKey getRawPublicKey(String keyType, Buffer buffer) throws GeneralSecurityException { + // The "sk-ssh-ed25519@openssh.com" keytype has the same format as the "ssh-ed25519" keytype with an appname on + // the end + PublicKey publicKey = ED25519BufferPublicKeyParser.INSTANCE.getRawPublicKey(KeyPairProvider.SSH_ED25519, buffer); + String appName = buffer.getString(); + return new SkED25519PublicKey(appName, false, (EdDSAPublicKey) publicKey); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/AbstractCloseable.java b/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/AbstractCloseable.java new file mode 100644 index 0000000..494990d --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/AbstractCloseable.java @@ -0,0 +1,154 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.closeable; + +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.common.future.CloseFuture; +import org.apache.sshd.common.future.DefaultCloseFuture; +import org.apache.sshd.common.future.SshFuture; +import org.apache.sshd.common.future.SshFutureListener; + +/** + * Provides some default implementations for managing channel/connection open/close state + * + * @author Apache MINA SSHD Project + */ +public abstract class AbstractCloseable extends IoBaseCloseable { + + public enum State { + /** Connection is open */ + Opened, + /** Connection is being closed gracefully */ + Graceful, + /** Connection is being terminated immediately */ + Immediate, + /** Connection is closed */ + Closed, + /* end */; + } + + /** + * Lock object for {@code Future}-s based on this closeable instance + */ + protected final Object futureLock = new Object(); + + /** + * State of this object + */ + protected final AtomicReference state = new AtomicReference<>(State.Opened); + + /** + * A future that will be set 'closed' when the object is actually closed + */ + protected final CloseFuture closeFuture; + + protected AbstractCloseable() { + this(""); + } + + protected AbstractCloseable(String discriminator) { + closeFuture = new DefaultCloseFuture(discriminator, futureLock); + } + + public Object getFutureLock() { + return futureLock; + } + + @Override + public void addCloseFutureListener(SshFutureListener listener) { + closeFuture.addListener(listener); + } + + @Override + public void removeCloseFutureListener(SshFutureListener listener) { + closeFuture.removeListener(listener); + } + + @Override + public final CloseFuture close(boolean immediately) { + if (immediately) { + if (state.compareAndSet(State.Opened, State.Immediate) + || state.compareAndSet(State.Graceful, State.Immediate)) { + preClose(); + doCloseImmediately(); + } else { + } + } else { + if (state.compareAndSet(State.Opened, State.Graceful)) { + preClose(); + SshFuture grace = doCloseGracefully(); + if (grace != null) { + grace.addListener(future -> { + if (state.compareAndSet(State.Graceful, State.Immediate)) { + doCloseImmediately(); + } + }); + } else { + if (state.compareAndSet(State.Graceful, State.Immediate)) { + doCloseImmediately(); + } + } + } else { + } + } + return closeFuture; + } + + @Override + public final boolean isClosed() { + return state.get() == State.Closed; + } + + @Override + public final boolean isClosing() { + return state.get() != State.Opened; + } + + /** + * preClose is guaranteed to be called before doCloseGracefully or doCloseImmediately. When preClose() is called, + * isClosing() == true + */ + protected void preClose() { + // nothing + } + + protected CloseFuture doCloseGracefully() { + return null; + } + + /** + *

        + * doCloseImmediately is called once and only once with state == Immediate + *

        + * + *

        + * Overriding methods should always call the base implementation. It may be called concurrently while preClose() or + * doCloseGracefully is executing + *

        + */ + protected void doCloseImmediately() { + closeFuture.setClosed(); + state.set(State.Closed); + } + + protected Builder builder() { + return new Builder(futureLock); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/AbstractInnerCloseable.java b/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/AbstractInnerCloseable.java new file mode 100644 index 0000000..5a9b13f --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/AbstractInnerCloseable.java @@ -0,0 +1,50 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.closeable; + +import org.apache.sshd.common.Closeable; +import org.apache.sshd.common.future.CloseFuture; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractInnerCloseable extends AbstractCloseable { + protected AbstractInnerCloseable() { + this(""); + } + + protected AbstractInnerCloseable(String discriminator) { + super(discriminator); + } + + protected abstract Closeable getInnerCloseable(); + + @Override + protected final CloseFuture doCloseGracefully() { + Closeable innerCloser = getInnerCloseable(); + return innerCloser.close(false); + } + + @Override + @SuppressWarnings("synthetic-access") + protected final void doCloseImmediately() { + Closeable innerCloser = getInnerCloseable(); + innerCloser.close(true).addListener(future -> AbstractInnerCloseable.super.doCloseImmediately()); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/AutoCloseableDelegateInvocationHandler.java b/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/AutoCloseableDelegateInvocationHandler.java new file mode 100644 index 0000000..ba4c93b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/AutoCloseableDelegateInvocationHandler.java @@ -0,0 +1,118 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.closeable; + +import java.lang.reflect.InvocationHandler; +import java.lang.reflect.Method; +import java.lang.reflect.Modifier; +import java.util.Objects; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ProxyUtils; + +/** + * Wraps a target instance and an {@link AutoCloseable} delegate into a proxy instance that closes both when wrapper + * {@link AutoCloseable#close() close} method called. + * + * @author Apache MINA SSHD Project + */ +public class AutoCloseableDelegateInvocationHandler implements InvocationHandler { + private final Object proxyTarget; + private final AutoCloseable delegate; + // Order is important - we want to close the proxy before the delegate + private final Object[] closers; + + public AutoCloseableDelegateInvocationHandler(Object proxyTarget, AutoCloseable delegate) { + this.proxyTarget = Objects.requireNonNull(proxyTarget, "No proxy target to wrap"); + this.delegate = Objects.requireNonNull(delegate, "No delegate to auto-close"); + this.closers = new Object[] { proxyTarget, delegate }; + } + + public Object getProxyTarget() { + return proxyTarget; + } + + public AutoCloseable getAutoCloseableDelegate() { + return delegate; + } + + @Override + public Object invoke(Object proxy, Method method, Object[] args) throws Throwable { + // If not invoking "close" then propagate to target as-is + if (!isCloseMethodInvocation(method, args)) { + Object target = getProxyTarget(); + try { + return method.invoke(target, args); + } catch (Throwable t) { + throw ProxyUtils.unwrapInvocationThrowable(t); + } + } + + Throwable err = null; + for (Object c : closers) { + if (!(c instanceof AutoCloseable)) { + continue; // OK if proxy target is not AutoCloseable + } + + try { + method.invoke(c, args); + } catch (Throwable t) { + err = GenericUtils.accumulateException(err, t); + } + } + + if (err != null) { + throw ProxyUtils.unwrapInvocationThrowable(err); + } + + return null; + } + + /** + * Wraps a target instance and an {@link AutoCloseable} delegate into a proxy instance that closes both when wrapper + * {@link AutoCloseable#close() close} method called. + * + * @param The generic {@link AutoCloseable} wrapping interface + * @param proxyTarget The (never {@code null}) target instance - if not {@link AutoCloseable} then it's + * {@code close()} method will not be invoked (i.e., only the delegate) + * @param type The target wrapping interface + * @param delegate The (never {@code null}) delegate to close. Note: the delegate is closed after + * the target instance. + * @return The wrapping proxy + */ + public static T wrapDelegateCloseable( + Object proxyTarget, Class type, AutoCloseable delegate) { + return ProxyUtils.newProxyInstance(type, new AutoCloseableDelegateInvocationHandler(proxyTarget, delegate)); + } + + public static boolean isCloseMethodInvocation(Method m, Object[] args) { + return isCloseMethod(m) && GenericUtils.isEmpty(args); + } + + public static boolean isCloseMethod(Method m) { + int mods = (m == null) ? 0 : m.getModifiers(); + return (m != null) + && "close".equals(m.getName()) + && Modifier.isPublic(mods) + && (!Modifier.isStatic(mods)) + && (void.class == m.getReturnType()) + && GenericUtils.isEmpty(m.getParameterTypes()); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/Builder.java b/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/Builder.java new file mode 100644 index 0000000..84a899e --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/Builder.java @@ -0,0 +1,115 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.closeable; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.Objects; + +import org.apache.sshd.common.Closeable; +import org.apache.sshd.common.future.SshFuture; +import org.apache.sshd.common.util.ObjectBuilder; + +/** + * @author Apache MINA SSHD Project + */ +public final class Builder implements ObjectBuilder { + private final Object lock; + private final List closeables = new ArrayList<>(); + + public Builder(Object lock) { + this.lock = Objects.requireNonNull(lock, "No lock"); + } + + public Builder run(Object id, Runnable r) { + return close(new SimpleCloseable(id, lock) { + @Override + protected void doClose(boolean immediately) { + try { + r.run(); + } finally { + super.doClose(immediately); + } + } + }); + } + + @SuppressWarnings("rawtypes") + public Builder when(SshFuture future) { + if (future != null) { + when(future.getId(), Collections.singleton(future)); + } + return this; + } + + @SuppressWarnings("rawtypes") + @SafeVarargs + public final Builder when(SshFuture... futures) { + return when(getClass().getSimpleName(), Arrays.asList(futures)); + } + + @SuppressWarnings("rawtypes") + public Builder when(Object id, Iterable> futures) { + return close(new FuturesCloseable<>(id, lock, futures)); + } + + public Builder sequential(Closeable... closeables) { + for (Closeable closeable : closeables) { + close(closeable); + } + return this; + } + + public Builder sequential(Object id, Iterable closeables) { + return close(new SequentialCloseable(id, lock, closeables)); + } + + public Builder parallel(Closeable... closeables) { + if (closeables.length == 1) { + close(closeables[0]); + } else if (closeables.length > 0) { + parallel(getClass().getSimpleName(), Arrays.asList(closeables)); + } + return this; + } + + public Builder parallel(Object id, Iterable closeables) { + return close(new ParallelCloseable(id, lock, closeables)); + } + + public Builder close(Closeable c) { + if (c != null) { + closeables.add(c); + } + return this; + } + + @Override + public Closeable build() { + if (closeables.isEmpty()) { + return new SimpleCloseable(getClass().getSimpleName(), lock); + } else if (closeables.size() == 1) { + return closeables.get(0); + } else { + return new SequentialCloseable(getClass().getSimpleName(), lock, closeables); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/FuturesCloseable.java b/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/FuturesCloseable.java new file mode 100644 index 0000000..c49660a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/FuturesCloseable.java @@ -0,0 +1,69 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.closeable; + +import java.util.Collections; +import java.util.concurrent.atomic.AtomicInteger; + +import org.apache.sshd.common.SshException; +import org.apache.sshd.common.future.DefaultSshFuture; +import org.apache.sshd.common.future.SshFuture; +import org.apache.sshd.common.future.SshFutureListener; + +/** + * @param Type of future + * @author Apache MINA SSHD Project + */ +public class FuturesCloseable extends SimpleCloseable { + + private final Iterable> futures; + + public FuturesCloseable(Object id, Object lock, Iterable> futures) { + super(id, lock); + this.futures = (futures == null) ? Collections.emptyList() : futures; + } + + @Override + protected void doClose(boolean immediately) { + if (immediately) { + for (SshFuture f : futures) { + if (f instanceof DefaultSshFuture) { + ((DefaultSshFuture) f).setValue(new SshException("Closed")); + } + } + future.setClosed(); + } else { + AtomicInteger count = new AtomicInteger(1); + SshFutureListener listener = f -> { + int pendingCount = count.decrementAndGet(); + if (pendingCount == 0) { + future.setClosed(); + } + }; + + for (SshFuture f : futures) { + if (f != null) { + int pendingCount = count.incrementAndGet(); + f.addListener(listener); + } + } + listener.operationComplete(null); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/IoBaseCloseable.java b/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/IoBaseCloseable.java new file mode 100644 index 0000000..fc8e3f4 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/IoBaseCloseable.java @@ -0,0 +1,28 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.closeable; + +import org.apache.sshd.common.Closeable; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class IoBaseCloseable implements Closeable { + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/NioChannelDelegateInvocationHandler.java b/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/NioChannelDelegateInvocationHandler.java new file mode 100644 index 0000000..a5ef9a4 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/NioChannelDelegateInvocationHandler.java @@ -0,0 +1,89 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.closeable; + +import java.lang.reflect.Method; +import java.lang.reflect.Modifier; +import java.nio.channels.Channel; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ProxyUtils; + +/** + * Wraps a target instance and a {@link Channel} delegate into a proxy instance that closes both when wrapper + * {@link AutoCloseable#close() close} method called. The {@link Channel#isOpen()} call is invoked only on the delegate + * + * @author Apache MINA SSHD Project + */ +public class NioChannelDelegateInvocationHandler extends AutoCloseableDelegateInvocationHandler { + public NioChannelDelegateInvocationHandler(Object proxyTarget, Channel delegate) { + super(proxyTarget, delegate); + } + + public Channel getChannelDelegate() { + return Channel.class.cast(super.getAutoCloseableDelegate()); + } + + @Override + public Object invoke(Object proxy, Method method, Object[] args) throws Throwable { + if (!isQueryOpenMethodInvocation(method, args)) { + return super.invoke(proxy, method, args); + } + + Channel channelDelegate = getChannelDelegate(); + try { + return method.invoke(channelDelegate, args); + } catch (Throwable t) { + Class targetType = channelDelegate.getClass(); + throw ProxyUtils.unwrapInvocationThrowable(t); + } + } + + /** + * Wraps a target instance and a {@link Channel} delegate into a proxy instance that closes both when wrapper + * {@link Channel#close() close} method called. The {@link Channel#isOpen()} call is invoked only on the delegate + * + * @param The generic {@link Channel} wrapping interface + * @param proxyTarget The (never {@code null}) target instance - if not {@link AutoCloseable} then it's + * {@code close()} method will not be invoked (i.e., only the delegate) + * @param type The target wrapping interface + * @param delegate The (never {@code null}) delegate to use. Note: the delegate is closed after + * the target instance. + * @return The wrapping proxy + */ + public static T wrapDelegateChannel( + Object proxyTarget, Class type, Channel delegate) { + return ProxyUtils.newProxyInstance(type, new NioChannelDelegateInvocationHandler(proxyTarget, delegate)); + } + + public static boolean isQueryOpenMethodInvocation(Method m, Object[] args) { + return isQueryOpenMethodInvocation(m) && GenericUtils.isEmpty(args); + } + + public static boolean isQueryOpenMethodInvocation(Method m) { + int mods = (m == null) ? 0 : m.getModifiers(); + return (m != null) + && "isOpen".equals(m.getName()) + && Modifier.isPublic(mods) + && (!Modifier.isStatic(mods)) + && (boolean.class == m.getReturnType()) + && GenericUtils.isEmpty(m.getParameterTypes()); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/ParallelCloseable.java b/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/ParallelCloseable.java new file mode 100644 index 0000000..44d596e --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/ParallelCloseable.java @@ -0,0 +1,66 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.closeable; + +import java.util.Collections; +import java.util.concurrent.atomic.AtomicInteger; + +import org.apache.sshd.common.Closeable; +import org.apache.sshd.common.future.CloseFuture; +import org.apache.sshd.common.future.SshFutureListener; + +/** + * Waits for a group of {@link Closeable}s to complete in any order, then signals the completion by setting the + * "parent" future as closed + * + * @author Apache MINA SSHD Project + */ +public class ParallelCloseable extends SimpleCloseable { + private final Iterable closeables; + + public ParallelCloseable(Object id, Object lock, Iterable closeables) { + super(id, lock); + this.closeables = (closeables == null) ? Collections.emptyList() : closeables; + } + + @Override + protected void doClose(boolean immediately) { + AtomicInteger count = new AtomicInteger(1); + SshFutureListener listener = f -> { + int pendingCount = count.decrementAndGet(); + if (pendingCount == 0) { + future.setClosed(); + } + }; + + for (Closeable c : closeables) { + if (c == null) { + continue; + } + + int pendingCount = count.incrementAndGet(); + c.close(immediately).addListener(listener); + } + /* + * Trigger the last "decrementAndGet" so that the future is marked as closed when last "operationComplete" is + * invoked (which could be this call...) + */ + listener.operationComplete(null); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/SequentialCloseable.java b/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/SequentialCloseable.java new file mode 100644 index 0000000..89681c4 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/SequentialCloseable.java @@ -0,0 +1,62 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.closeable; + +import java.util.Collections; +import java.util.Iterator; + +import org.apache.sshd.common.Closeable; +import org.apache.sshd.common.future.CloseFuture; +import org.apache.sshd.common.future.SshFutureListener; + +/** + * Waits for a group of {@link Closeable}s to complete in the given order, then signals the completion by setting the + * "parent" future as closed + * + * @author Apache MINA SSHD Project + */ +public class SequentialCloseable extends SimpleCloseable { + private final Iterable closeables; + + public SequentialCloseable(Object id, Object lock, Iterable closeables) { + super(id, lock); + this.closeables = (closeables == null) ? Collections.emptyList() : closeables; + } + + @Override + protected void doClose(boolean immediately) { + Iterator iterator = closeables.iterator(); + SshFutureListener listener = new SshFutureListener() { + @SuppressWarnings("synthetic-access") + @Override + public void operationComplete(CloseFuture previousFuture) { + while (iterator.hasNext()) { + Closeable c = iterator.next(); + if (c != null) { + CloseFuture nextFuture = c.close(immediately); + nextFuture.addListener(this); + return; + } + } + future.setClosed(); + } + }; + listener.operationComplete(null); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/SimpleCloseable.java b/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/SimpleCloseable.java new file mode 100644 index 0000000..c147f72 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/closeable/SimpleCloseable.java @@ -0,0 +1,76 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.closeable; + +import java.util.concurrent.atomic.AtomicBoolean; + +import org.apache.sshd.common.future.CloseFuture; +import org.apache.sshd.common.future.DefaultCloseFuture; +import org.apache.sshd.common.future.SshFutureListener; + +/** + * @author Apache MINA SSHD Project + */ +public class SimpleCloseable extends IoBaseCloseable { + + protected final DefaultCloseFuture future; + protected final AtomicBoolean closing; + + public SimpleCloseable(Object id, Object lock) { + future = new DefaultCloseFuture(id, lock); + closing = new AtomicBoolean(false); + } + + @Override + public boolean isClosed() { + return future.isClosed(); + } + + @Override + public boolean isClosing() { + return closing.get(); + } + + @Override + public void addCloseFutureListener(SshFutureListener listener) { + future.addListener(listener); + } + + @Override + public void removeCloseFutureListener(SshFutureListener listener) { + future.removeListener(listener); + } + + @Override + public CloseFuture close(boolean immediately) { + if (closing.compareAndSet(false, true)) { + doClose(immediately); + } + return future; + } + + protected void doClose(boolean immediately) { + future.setClosed(); + } + + @Override + public String toString() { + return getClass().getSimpleName() + "[" + future + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/functors/UnaryEquator.java b/files-sftp/src/main/java/org/apache/sshd/common/util/functors/UnaryEquator.java new file mode 100644 index 0000000..4cfb6f2 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/functors/UnaryEquator.java @@ -0,0 +1,118 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.functors; + +import java.util.Comparator; +import java.util.Objects; +import java.util.function.BiPredicate; + +import org.apache.sshd.common.util.GenericUtils; + +/** + * Checks equality between 2 entities of same type + * + * @param Type of compared entity + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface UnaryEquator extends BiPredicate { + /** + * Returns a composed equator that represents a short-circuiting logical AND of this equator and another. When + * evaluating the composed equator, if this equator is {@code false}, then the {@code other} equator is not + * evaluated. + * + * @param other The other (never {@code null} equator + * @return The compound equator + */ + default UnaryEquator and(UnaryEquator other) { + Objects.requireNonNull(other, "No other equator to compose"); + return (t1, t2) -> this.test(t1, t2) && other.test(t1, t2); + } + + /** + * Returns a composed equator that represents a short-circuiting logical AND of this equator and another. When + * evaluating the composed equator, if this equator is {@code true}, then the {@code other} equator is not + * evaluated. + * + * @param other The other (never {@code null} equator + * @return The compound equator + */ + default UnaryEquator or(UnaryEquator other) { + Objects.requireNonNull(other, "No other equator to compose"); + return (t1, t2) -> this.test(t1, t2) || other.test(t1, t2); + } + + /** + * @return an equator that represents the logical negation of this one + */ + @Override + default UnaryEquator negate() { + return (t1, t2) -> !this.test(t1, t2); + } + + /** + * @param Type of entity + * @return The default equality checker + * @see Objects#equals(Object, Object) + */ + static UnaryEquator defaultEquality() { + return Objects::equals; + } + + /** + * @param Type of entity + * @return An equator that checks reference equality + * @see GenericUtils#isSameReference(Object, Object) + */ + static UnaryEquator referenceEquality() { + return GenericUtils::isSameReference; + } + + /** + * Converts a {@link Comparator} into a {@link UnaryEquator} that returns {@code true} if the comparator returns + * zero + * + * @param Type of entity + * @param c The (never {@code null}) comparator + * @return The equivalent equator + */ + static UnaryEquator comparing(Comparator c) { + Objects.requireNonNull(c, "No comparator"); + return (o1, o2) -> c.compare(o1, o2) == 0; + } + + /** + * @param Type of evaluated entity + * @return A {@link UnaryEquator} that returns always {@code true} + * @see verum + */ + static UnaryEquator verum() { + return (o1, o2) -> true; + } + + /** + * @param Type of evaluated entity + * @return A {@link UnaryEquator} that returns always {@code false} + * @see falsum + */ + static UnaryEquator falsum() { + return (o1, o2) -> false; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/helper/LazyIterablesConcatenator.java b/files-sftp/src/main/java/org/apache/sshd/common/util/helper/LazyIterablesConcatenator.java new file mode 100644 index 0000000..9d3a99c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/helper/LazyIterablesConcatenator.java @@ -0,0 +1,113 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.helper; + +import java.util.Collections; +import java.util.Iterator; +import java.util.NoSuchElementException; + +/** + * Creates a "smooth" wrapping {@link Iterable} using several underlying ones to provide the values. The + * "lazy" denomination is due to the fact that no iterable is consulted until the one(s) before it have been + * fully exhausted. + * + * @param Type of element being iterared + * @author Apache MINA SSHD Project + */ +public class LazyIterablesConcatenator implements Iterable { + private final Iterable> iterables; + + public LazyIterablesConcatenator(Iterable> iterables) { + this.iterables = iterables; + } + + public Iterable> getIterables() { + return iterables; + } + + @Override + public Iterator iterator() { + return new Iterator() { + @SuppressWarnings("synthetic-access") + private final Iterator> itit + = (iterables == null) ? Collections.emptyIterator() : iterables.iterator(); + private Iterator currentIterator; + private boolean finished; + + @Override + public boolean hasNext() { + if (finished) { + return false; + } + + // Do we have a current iterator, and if so does it still have values in it + if ((currentIterator != null) && currentIterator.hasNext()) { + return true; + } + + while (itit.hasNext()) { + Iterable currentIterable = itit.next(); + currentIterator = currentIterable.iterator(); + if (currentIterator.hasNext()) { + return true; + } + } + + // exhausted all + finished = true; + return false; + } + + @Override + public T next() { + if (finished) { + throw new NoSuchElementException("All elements have been exhausted"); + } + + if (currentIterator == null) { + throw new IllegalStateException("'next()' called without a preceding 'hasNext()' query"); + } + + return currentIterator.next(); + } + + @Override + public String toString() { + return Iterator.class.getSimpleName() + "[lazy-concat]"; + } + }; + } + + @Override + public String toString() { + return Iterable.class.getSimpleName() + "[lazy-concat]"; + } + + /** + * @param Type if iterated element + * @param iterables The iterables to concatenate - ignored if {@code null} + * @return An {@link Iterable} that goes over all the elements in the wrapped iterables one after the + * other. The denomination "lazy" indicates that no iterable is consulted until the + * previous one has been fully exhausted. + */ + public static Iterable lazyConcatenateIterables(Iterable> iterables) { + return (iterables == null) ? Collections.emptyList() : new LazyIterablesConcatenator<>(iterables); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/helper/LazyMatchingTypeIterable.java b/files-sftp/src/main/java/org/apache/sshd/common/util/helper/LazyMatchingTypeIterable.java new file mode 100644 index 0000000..7571d6f --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/helper/LazyMatchingTypeIterable.java @@ -0,0 +1,80 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.helper; + +import java.util.Collections; +import java.util.Iterator; +import java.util.Objects; + +/** + * Provides a selective {@link Iterable} over values that match a specific type out of all available. The + * "lazy" denomination is due to the fact that the next matching value is calculated on-the-fly every time + * {@link Iterator#hasNext()} is called + * + * @param Type of element being selected + * @author Apache MINA SSHD Project + */ +public class LazyMatchingTypeIterable implements Iterable { + private final Iterable values; + private final Class type; + + public LazyMatchingTypeIterable(Iterable values, Class type) { + this.values = values; + this.type = Objects.requireNonNull(type, "No type selector specified"); + } + + public Iterable getValues() { + return values; + } + + public Class getType() { + return type; + } + + @Override + public Iterator iterator() { + Iterable vals = getValues(); + if (vals == null) { + return Collections.emptyIterator(); + } + + return LazyMatchingTypeIterator.lazySelectMatchingTypes(vals.iterator(), getType()); + } + + @Override + public String toString() { + Class t = getType(); + return Iterable.class.getSimpleName() + "[lazy-select](" + t.getSimpleName() + ")"; + } + + /** + * @param Type if iterated element + * @param values The source values - ignored if {@code null} + * @param type The (never @code null) type of values to select - any value whose type is assignable to this type + * will be selected by the iterator. + * @return {@link Iterable} whose {@link Iterator} selects only values matching the specific type. + * Note: the matching values are not pre-calculated (hence the "lazy" denomination) + * - i.e., the match is performed only when {@link Iterator#hasNext()} is called. + */ + public static Iterable lazySelectMatchingTypes(Iterable values, Class type) { + Objects.requireNonNull(type, "No type selector specified"); + return (values == null) ? Collections.emptyList() : new LazyMatchingTypeIterable<>(values, type); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/helper/LazyMatchingTypeIterator.java b/files-sftp/src/main/java/org/apache/sshd/common/util/helper/LazyMatchingTypeIterator.java new file mode 100644 index 0000000..6f47659 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/helper/LazyMatchingTypeIterator.java @@ -0,0 +1,103 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.helper; + +import java.util.Collections; +import java.util.Iterator; +import java.util.NoSuchElementException; +import java.util.Objects; + +import org.apache.sshd.common.util.GenericUtils; + +/** + * An {@link Iterator} that selects only objects of a certain type from the underlying available ones. The + * "lazy" denomination is due to the fact that selection occurs only when {@link #hasNext()} is called + * + * @param Type of iterated element + * @author Apache MINA SSHD Project + */ +public class LazyMatchingTypeIterator implements Iterator { + protected boolean finished; + protected T nextValue; + + private final Iterator values; + private final Class type; + + public LazyMatchingTypeIterator(Iterator values, Class type) { + this.values = values; + this.type = Objects.requireNonNull(type, "No type selector specified"); + } + + public Iterator getValues() { + return values; + } + + public Class getType() { + return type; + } + + @Override + public boolean hasNext() { + if (finished) { + return false; + } + + nextValue = GenericUtils.selectNextMatchingValue(getValues(), getType()); + if (nextValue == null) { + finished = true; + } + + return !finished; + } + + @Override + public T next() { + if (finished) { + throw new NoSuchElementException("All values have been exhausted"); + } + if (nextValue == null) { + throw new IllegalStateException("'next()' called without asking 'hasNext()'"); + } + + T v = nextValue; + nextValue = null; // so it will be re-fetched when 'hasNext' is called + return v; + } + + @Override + public String toString() { + Class t = getType(); + return Iterator.class.getSimpleName() + "[lazy-select](" + t.getSimpleName() + ")"; + } + + /** + * @param Type if iterated element + * @param values The source values - ignored if {@code null} + * @param type The (never @code null) type of values to select - any value whose type is assignable to this type + * will be selected by the iterator. + * @return An {@link Iterator} whose {@code next()} call selects only values matching the specific type. + * Note: the matching values are not pre-calculated (hence the "lazy" denomination) + * - i.e., the match is performed only when {@link Iterator#hasNext()} is called. + */ + public static Iterator lazySelectMatchingTypes(Iterator values, Class type) { + Objects.requireNonNull(type, "No type selector specified"); + return (values == null) ? Collections.emptyIterator() : new LazyMatchingTypeIterator<>(values, type); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/CloseableEmptyInputStream.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/CloseableEmptyInputStream.java new file mode 100644 index 0000000..c3c2209 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/CloseableEmptyInputStream.java @@ -0,0 +1,96 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io; + +import java.io.IOException; +import java.nio.channels.Channel; +import java.util.concurrent.atomic.AtomicBoolean; + +/** + * A {@code /dev/null} stream that can be closed - in which case it will throw {@link IOException}s if invoked after + * being closed + * + * @author Apache MINA SSHD Project + */ +public class CloseableEmptyInputStream extends EmptyInputStream implements Channel { + private final AtomicBoolean open = new AtomicBoolean(true); + + public CloseableEmptyInputStream() { + super(); + } + + @Override + public boolean isOpen() { + return open.get(); + } + + @Override + public int available() throws IOException { + if (isOpen()) { + return super.available(); + } else { + throw new IOException("available() stream is closed"); + } + } + + @Override + public int read() throws IOException { + if (isOpen()) { + return super.read(); + } else { + throw new IOException("read() stream is closed"); + } + } + + @Override + public int read(byte[] b, int off, int len) throws IOException { + if (isOpen()) { + return super.read(b, off, len); + } else { + throw new IOException("read([])[" + off + "," + len + "] stream is closed"); + } + } + + @Override + public long skip(long n) throws IOException { + if (isOpen()) { + return super.skip(n); + } else { + throw new IOException("skip(" + n + ") stream is closed"); + } + } + + @Override + public synchronized void reset() throws IOException { + if (isOpen()) { + super.reset(); + } else { + throw new IOException("reset() stream is closed"); + } + } + + @Override + public void close() throws IOException { + if (open.getAndSet(false)) { + // noinspection UnnecessaryReturnStatement + return; // debug breakpoint + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/DirectoryScanner.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/DirectoryScanner.java new file mode 100644 index 0000000..401d494 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/DirectoryScanner.java @@ -0,0 +1,243 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.io; + +import java.io.IOException; +import java.nio.file.DirectoryStream; +import java.nio.file.FileSystem; +import java.nio.file.Files; +import java.nio.file.Path; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.LinkedList; +import java.util.Objects; +import java.util.function.Supplier; + +import org.apache.sshd.common.util.GenericUtils; + +/** + *

        + * Class for scanning a directory for files/directories which match certain criteria. + *

        + * + *

        + * These criteria consist of selectors and patterns which have been specified. With the selectors you can select which + * files you want to have included. Files which are not selected are excluded. With patterns you can include or exclude + * files based on their filename. + *

        + * + *

        + * The idea is simple. A given directory is recursively scanned for all files and directories. Each file/directory is + * matched against a set of selectors, including special support for matching against filenames with include and and + * exclude patterns. Only files/directories which match at least one pattern of the include pattern list or other file + * selector, and don't match any pattern of the exclude pattern list or fail to match against a required selector will + * be placed in the list of files/directories found. + *

        + * + *

        + * When no list of include patterns is supplied, "**" will be used, which means that everything will be matched. When no + * list of exclude patterns is supplied, an empty list is used, such that nothing will be excluded. When no selectors + * are supplied, none are applied. + *

        + * + *

        + * The filename pattern matching is done as follows: The name to be matched is split up in path segments. A path segment + * is the name of a directory or file, which is bounded by File.separator ('/' under UNIX, '\' under + * Windows). For example, "abc/def/ghi/xyz.java" is split up in the segments "abc", "def","ghi" and "xyz.java". The same + * is done for the pattern against which should be matched. + *

        + * + *

        + * The segments of the name and the pattern are then matched against each other. When '**' is used for a path segment in + * the pattern, it matches zero or more path segments of the name. + *

        + * + *

        + * There is a special case regarding the use of File.separators at the beginning of the pattern and the + * string to match:
        + * When a pattern starts with a File.separator, the string to match must also start with a + * File.separator. When a pattern does not start with a File.separator, the string to match + * may not start with a File.separator. When one of these rules is not obeyed, the string will not match. + *

        + * + *

        + * When a name path segment is matched against a pattern path segment, the following special characters can be used:
        + * '*' matches zero or more characters
        + * '?' matches one character. + *

        + * + *

        + * Examples:
        + * "**\*.class" matches all .class files/dirs in a directory tree.
        + * "test\a??.java" matches all files/dirs which start with an 'a', then two more characters and then + * ".java", in a directory called test.
        + * "**" matches everything in a directory tree.
        + * "**\test\**\XYZ*" matches all files/dirs which start with "XYZ" and where there is a parent + * directory called test (e.g. "abc\test\def\ghi\XYZ123"). + *

        + * + *

        + * Case sensitivity may be turned off if necessary. By default, it is turned on. + *

        + * + *

        + * Example of usage: + *

        + * + * 
        + * String[] includes = { "**\\*.class" };
+ * String[] excludes = { "modules\\*\\**" };
+ * ds.setIncludes(includes);
+ * ds.setExcludes(excludes);
+ * ds.setBasedir(new File("test"));
+ * ds.setCaseSensitive(true);
+ * ds.scan();
+ *
+ * System.out.println("FILES:");
+ * String[] files = ds.getIncludedFiles();
+ * for (int i = 0; i < files.length; i++) {
+ *     System.out.println(files[i]);
+ * }
+ *
        + *

        + * This will scan a directory called test for .class files, but excludes all files in all proper subdirectories of a + * directory called "modules". + *

        + * + * @author Arnout J. Kuiper ajkuiper@wxs.nl + * @author Magesh Umasankar + * @author Bruce Atherton + * @author Antoine Levy-Lambert + */ +public class DirectoryScanner extends PathScanningMatcher { + /** + * The base directory to be scanned. + */ + protected Path basedir; + + public DirectoryScanner() { + super(); + } + + public DirectoryScanner(Path dir) { + this(dir, Collections.emptyList()); + } + + public DirectoryScanner(Path dir, String... includes) { + this(dir, GenericUtils.isEmpty(includes) ? Collections.emptyList() : Arrays.asList(includes)); + } + + public DirectoryScanner(Path dir, Collection includes) { + setBasedir(dir); + setIncludes(includes); + } + + /** + * Sets the base directory to be scanned. This is the directory which is scanned recursively. + * + * @param basedir The base directory for scanning. Should not be {@code null}. + */ + public void setBasedir(Path basedir) { + this.basedir = Objects.requireNonNull(basedir, "No base directory provided"); + } + + /** + * Returns the base directory to be scanned. This is the directory which is scanned recursively. + * + * @return the base directory to be scanned + */ + public Path getBasedir() { + return basedir; + } + + /** + * Scans the base directory for files which match at least one include pattern and don't match any exclude patterns. + * If there are selectors then the files must pass muster there, as well. + * + * @return the matching files + * @throws IllegalStateException if the base directory was set incorrectly (i.e. if it is {@code null}, doesn't + * exist, or isn't a directory). + * @throws IOException if failed to scan the directory (e.g., access denied) + */ + public Collection scan() throws IOException, IllegalStateException { + return scan(LinkedList::new); + } + + public > C scan(Supplier factory) throws IOException, IllegalStateException { + Path dir = getBasedir(); + if (dir == null) { + throw new IllegalStateException("No basedir set"); + } + if (!Files.exists(dir)) { + throw new IllegalStateException("basedir " + dir + " does not exist"); + } + if (!Files.isDirectory(dir)) { + throw new IllegalStateException("basedir " + dir + " is not a directory"); + } + if (GenericUtils.isEmpty(getIncludes())) { + throw new IllegalStateException("No includes set for " + dir); + } + + FileSystem fs = dir.getFileSystem(); + String fsSep = fs.getSeparator(); + String curSep = getSeparator(); + if (!Objects.equals(fsSep, curSep)) { + throw new IllegalStateException("Mismatched separator - expected=" + curSep + ", actual=" + fsSep); + } + + return scandir(dir, dir, factory.get()); + } + + /** + * Scans the given directory for files and directories. Found files and directories are placed in their respective + * collections, based on the matching of includes, excludes, and the selectors. When a directory is found, it is + * scanned recursively. + * + * @param Target matches collection type + * @param rootDir The directory to scan. Must not be {@code null}. + * @param dir The path relative to the root directory (needed to prevent problems with an absolute path + * when using dir). Must not be {@code null}. + * @param filesList Target {@link Collection} to accumulate the relative path matches + * @return Updated files list + * @throws IOException if failed to scan the directory + */ + protected > C scandir(Path rootDir, Path dir, C filesList) throws IOException { + try (DirectoryStream ds = Files.newDirectoryStream(dir)) { + for (Path p : ds) { + Path rel = rootDir.relativize(p); + String name = rel.toString(); + if (Files.isDirectory(p)) { + if (isIncluded(name)) { + filesList.add(p); + scandir(rootDir, p, filesList); + } else if (couldHoldIncluded(name)) { + scandir(rootDir, p, filesList); + } + } else if (Files.isRegularFile(p)) { + if (isIncluded(name)) { + filesList.add(p); + } + } + } + } + + return filesList; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/EmptyInputStream.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/EmptyInputStream.java new file mode 100644 index 0000000..4282adb --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/EmptyInputStream.java @@ -0,0 +1,67 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io; + +import java.io.IOException; +import java.io.InputStream; + +/** + * A {@code /dev/null} implementation - always open + * + * @author Apache MINA SSHD Project + */ +public class EmptyInputStream extends InputStream { + public static final EmptyInputStream DEV_NULL = new EmptyInputStream(); + + public EmptyInputStream() { + super(); + } + + @Override + public int read() throws IOException { + return -1; + } + + @Override + public int read(byte[] b, int off, int len) throws IOException { + return -1; + } + + @Override + public long skip(long n) throws IOException { + return 0L; + } + + @Override + public int available() throws IOException { + return 0; + } + + @Override + public synchronized void mark(int readlimit) { + throw new UnsupportedOperationException( + "mark(" + readlimit + ") called despite the fact that markSupported=" + markSupported()); + } + + @Override + public synchronized void reset() throws IOException { + // ignored + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/FileInfoExtractor.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/FileInfoExtractor.java new file mode 100644 index 0000000..9033344 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/FileInfoExtractor.java @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io; + +import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.LinkOption; +import java.nio.file.Path; +import java.nio.file.attribute.FileTime; +import java.nio.file.attribute.PosixFilePermission; +import java.util.Set; + +/** + * @param Type of information being extracted + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface FileInfoExtractor { + + FileInfoExtractor EXISTS = Files::exists; + + FileInfoExtractor ISDIR = Files::isDirectory; + + FileInfoExtractor ISREG = Files::isRegularFile; + + FileInfoExtractor ISSYMLINK = (file, options) -> Files.isSymbolicLink(file); + + FileInfoExtractor SIZE = (file, options) -> Files.size(file); + + FileInfoExtractor> PERMISSIONS = IoUtils::getPermissions; + + FileInfoExtractor LASTMODIFIED = Files::getLastModifiedTime; + + T infoOf(Path file, LinkOption... options) throws IOException; + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/InputStreamWithChannel.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/InputStreamWithChannel.java new file mode 100644 index 0000000..d847079 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/InputStreamWithChannel.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io; + +import java.io.InputStream; +import java.nio.channels.Channel; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class InputStreamWithChannel extends InputStream implements Channel { + protected InputStreamWithChannel() { + super(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/IoUtils.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/IoUtils.java new file mode 100644 index 0000000..f969a62 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/IoUtils.java @@ -0,0 +1,605 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.io; + +import java.io.BufferedReader; +import java.io.ByteArrayOutputStream; +import java.io.Closeable; +import java.io.EOFException; +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.OutputStream; +import java.io.Reader; +import java.net.URL; +import java.nio.charset.StandardCharsets; +import java.nio.file.CopyOption; +import java.nio.file.FileSystem; +import java.nio.file.Files; +import java.nio.file.LinkOption; +import java.nio.file.OpenOption; +import java.nio.file.Path; +import java.nio.file.StandardOpenOption; +import java.nio.file.attribute.FileAttribute; +import java.nio.file.attribute.PosixFilePermission; +import java.nio.file.attribute.UserPrincipal; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.EnumSet; +import java.util.List; +import java.util.Objects; +import java.util.Set; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.OsUtils; + +/** + * TODO Add javadoc + * + * @author Apache MINA SSHD Project + */ +public final class IoUtils { + + public static final OpenOption[] EMPTY_OPEN_OPTIONS = new OpenOption[0]; + public static final CopyOption[] EMPTY_COPY_OPTIONS = new CopyOption[0]; + public static final LinkOption[] EMPTY_LINK_OPTIONS = new LinkOption[0]; + public static final FileAttribute[] EMPTY_FILE_ATTRIBUTES = new FileAttribute[0]; + + public static final List WINDOWS_EXECUTABLE_EXTENSIONS + = Collections.unmodifiableList(Arrays.asList(".bat", ".exe", ".cmd")); + + /** + * Size of preferred work buffer when reading / writing data to / from streams + */ + public static final int DEFAULT_COPY_SIZE = 8192; + + /** + * The local O/S line separator + */ + public static final String EOL = System.lineSeparator(); + + /** + * A {@link Set} of {@link StandardOpenOption}-s that indicate an intent to create/modify a file + */ + public static final Set WRITEABLE_OPEN_OPTIONS = Collections.unmodifiableSet( + EnumSet.of( + StandardOpenOption.APPEND, StandardOpenOption.CREATE, + StandardOpenOption.CREATE_NEW, StandardOpenOption.DELETE_ON_CLOSE, + StandardOpenOption.DSYNC, StandardOpenOption.SYNC, + StandardOpenOption.TRUNCATE_EXISTING, StandardOpenOption.WRITE)); + + private static final byte[] EOL_BYTES = EOL.getBytes(StandardCharsets.UTF_8); + + private static final LinkOption[] NO_FOLLOW_OPTIONS = new LinkOption[] { LinkOption.NOFOLLOW_LINKS }; + + /** + * Private Constructor + */ + private IoUtils() { + throw new UnsupportedOperationException("No instance allowed"); + } + + /** + * @return The local platform line separator bytes as UTF-8. Note: each call returns a new instance in + * order to avoid inadvertent changes in shared objects + * @see #EOL + */ + public static byte[] getEOLBytes() { + return EOL_BYTES.clone(); + } + + public static LinkOption[] getLinkOptions(boolean followLinks) { + if (followLinks) { + return EMPTY_LINK_OPTIONS; + } else { // return a clone that modifications to the array will not affect others + return NO_FOLLOW_OPTIONS.clone(); + } + } + + public static long copy(InputStream source, OutputStream sink) throws IOException { + return copy(source, sink, DEFAULT_COPY_SIZE); + } + + public static long copy(InputStream source, OutputStream sink, int bufferSize) throws IOException { + long nread = 0L; + byte[] buf = new byte[bufferSize]; + for (int n = source.read(buf); n > 0; n = source.read(buf)) { + sink.write(buf, 0, n); + nread += n; + } + + return nread; + } + + /** + * Closes a bunch of resources suppressing any {@link IOException}s their {@link Closeable#close()} method may have + * thrown + * + * @param closeables The {@link Closeable}s to close + * @return The first {@link IOException} that occurred during closing of a resource - {@code null} + * if not exception. If more than one exception occurred, they are added as suppressed exceptions + * to the first one + * @see Throwable#getSuppressed() + */ + @SuppressWarnings("ThrowableResultOfMethodCallIgnored") + public static IOException closeQuietly(Closeable... closeables) { + return closeQuietly(GenericUtils.isEmpty(closeables) + ? Collections.emptyList() + : Arrays.asList(closeables)); + } + + /** + * Closes the specified {@link Closeable} resource + * + * @param c The resource to close - ignored if {@code null} + * @return The thrown {@link IOException} when {@code close()} was called - {@code null} if no exception was + * thrown (or no resource to close to begin with) + */ + @SuppressWarnings("ThrowableResultOfMethodCallIgnored") + public static IOException closeQuietly(Closeable c) { + if (c != null) { + try { + c.close(); + } catch (IOException e) { + return e; + } + } + + return null; + } + + /** + * Closes a bunch of resources suppressing any {@link IOException}s their {@link Closeable#close()} method may have + * thrown + * + * @param closeables The {@link Closeable}s to close + * @return The first {@link IOException} that occurred during closing of a resource - {@code null} + * if not exception. If more than one exception occurred, they are added as suppressed exceptions + * to the first one + * @see Throwable#getSuppressed() + */ + @SuppressWarnings("ThrowableResultOfMethodCallIgnored") + public static IOException closeQuietly(Collection closeables) { + if (GenericUtils.isEmpty(closeables)) { + return null; + } + + IOException err = null; + for (Closeable c : closeables) { + try { + if (c != null) { + c.close(); + } + } catch (IOException e) { + err = GenericUtils.accumulateException(err, e); + } + } + + return err; + } + + /** + * @param fileName The file name to be evaluated - ignored if {@code null}/empty + * @return {@code true} if the file ends in one of the {@link #WINDOWS_EXECUTABLE_EXTENSIONS} + */ + public static boolean isWindowsExecutable(String fileName) { + if ((fileName == null) || (fileName.length() <= 0)) { + return false; + } + for (String suffix : WINDOWS_EXECUTABLE_EXTENSIONS) { + if (fileName.endsWith(suffix)) { + return true; + } + } + return false; + } + + /** + * If the "posix" view is supported, then it returns + * {@link Files#getPosixFilePermissions(Path, LinkOption...)}, otherwise uses the + * {@link #getPermissionsFromFile(File)} method + * + * @param path The {@link Path} + * @param options The {@link LinkOption}s to use when querying the permissions + * @return A {@link Set} of {@link PosixFilePermission} + * @throws IOException If failed to access the file system in order to retrieve the permissions + */ + public static Set getPermissions(Path path, LinkOption... options) throws IOException { + FileSystem fs = path.getFileSystem(); + Collection views = fs.supportedFileAttributeViews(); + if (views.contains("posix")) { + return Files.getPosixFilePermissions(path, options); + } else { + return getPermissionsFromFile(path.toFile()); + } + } + + /** + * @param f The {@link File} to be checked + * @return A {@link Set} of {@link PosixFilePermission}s based on whether the file is + * readable/writable/executable. If so, then all the relevant permissions are set (i.e., owner, + * group and others) + */ + public static Set getPermissionsFromFile(File f) { + Set perms = EnumSet.noneOf(PosixFilePermission.class); + if (f.canRead()) { + perms.add(PosixFilePermission.OWNER_READ); + perms.add(PosixFilePermission.GROUP_READ); + perms.add(PosixFilePermission.OTHERS_READ); + } + + if (f.canWrite()) { + perms.add(PosixFilePermission.OWNER_WRITE); + perms.add(PosixFilePermission.GROUP_WRITE); + perms.add(PosixFilePermission.OTHERS_WRITE); + } + + if (isExecutable(f)) { + perms.add(PosixFilePermission.OWNER_EXECUTE); + perms.add(PosixFilePermission.GROUP_EXECUTE); + perms.add(PosixFilePermission.OTHERS_EXECUTE); + } + + return perms; + } + + public static boolean isExecutable(File f) { + if (f == null) { + return false; + } + + if (OsUtils.isWin32()) { + return isWindowsExecutable(f.getName()); + } else { + return f.canExecute(); + } + } + + /** + * If the "posix" view is supported, then it invokes {@link Files#setPosixFilePermissions(Path, Set)}, + * otherwise uses the {@link #setPermissionsToFile(File, Collection)} method + * + * @param path The {@link Path} + * @param perms The {@link Set} of {@link PosixFilePermission}s + * @throws IOException If failed to access the file system + */ + public static void setPermissions(Path path, Set perms) throws IOException { + FileSystem fs = path.getFileSystem(); + Collection views = fs.supportedFileAttributeViews(); + if (views.contains("posix")) { + Files.setPosixFilePermissions(path, perms); + } else { + setPermissionsToFile(path.toFile(), perms); + } + } + + /** + * @param f The {@link File} + * @param perms A {@link Collection} of {@link PosixFilePermission}s to set on it. Note: the file is set to + * readable/writable/executable not only by the owner if any of relevant the owner/group/others + * permission is set + */ + public static void setPermissionsToFile(File f, Collection perms) { + boolean havePermissions = GenericUtils.isNotEmpty(perms); + boolean readable = havePermissions + && (perms.contains(PosixFilePermission.OWNER_READ) + || perms.contains(PosixFilePermission.GROUP_READ) + || perms.contains(PosixFilePermission.OTHERS_READ)); + f.setReadable(readable, false); + + boolean writable = havePermissions + && (perms.contains(PosixFilePermission.OWNER_WRITE) + || perms.contains(PosixFilePermission.GROUP_WRITE) + || perms.contains(PosixFilePermission.OTHERS_WRITE)); + f.setWritable(writable, false); + + boolean executable = havePermissions + && (perms.contains(PosixFilePermission.OWNER_EXECUTE) + || perms.contains(PosixFilePermission.GROUP_EXECUTE) + || perms.contains(PosixFilePermission.OTHERS_EXECUTE)); + f.setExecutable(executable, false); + } + + /** + *

        + * Get file owner. + *

        + * + * @param path The {@link Path} + * @param options The {@link LinkOption}s to use when querying the owner + * @return Owner of the file or null if unsupported. Note: for Windows it strips any + * prepended domain or group name + * @throws IOException If failed to access the file system + * @see Files#getOwner(Path, LinkOption...) + */ + public static String getFileOwner(Path path, LinkOption... options) throws IOException { + try { + UserPrincipal principal = Files.getOwner(path, options); + String owner = (principal == null) ? null : principal.getName(); + return OsUtils.getCanonicalUser(owner); + } catch (UnsupportedOperationException e) { + return null; + } + } + + /** + *

        + * Checks if a file exists - Note: according to the + * Java tutorial - Checking a File or + * Directory: + *

        + * + * 
        +     * The methods in the Path class are syntactic, meaning that they operate
+     * on the Path instance. But eventually you must access the file system
+     * to verify that a particular Path exists, or does not exist. You can do
+     * so with the exists(Path, LinkOption...) and the notExists(Path, LinkOption...)
+     * methods. Note that !Files.exists(path) is not equivalent to Files.notExists(path).
+     * When you are testing a file's existence, three results are possible:
+     *
+     * - The file is verified to exist.
+     * - The file is verified to not exist.
+     * - The file's status is unknown.
+     *
+     * This result can occur when the program does not have access to the file.
+     * If both exists and notExists return false, the existence of the file cannot
+     * be verified.
+     *
        + * + * @param path The {@link Path} to be tested + * @param options The {@link LinkOption}s to use + * @return {@link Boolean#TRUE}/{@link Boolean#FALSE} or {@code null} according to the file status as + * explained above + */ + public static Boolean checkFileExists(Path path, LinkOption... options) { + if (Files.exists(path, options)) { + return Boolean.TRUE; + } else if (Files.notExists(path, options)) { + return Boolean.FALSE; + } else { + return null; + } + } + + /** + * Read the requested number of bytes or fail if there are not enough left. + * + * @param input where to read input from + * @param buffer destination + * @throws IOException if there is a problem reading the file + * @throws EOFException if the number of bytes read was incorrect + */ + public static void readFully(InputStream input, byte[] buffer) throws IOException { + readFully(input, buffer, 0, buffer.length); + } + + /** + * Read the requested number of bytes or fail if there are not enough left. + * + * @param input where to read input from + * @param buffer destination + * @param offset initial offset into buffer + * @param length length to read, must be ≥ 0 + * @throws IOException if there is a problem reading the file + * @throws EOFException if the number of bytes read was incorrect + */ + public static void readFully( + InputStream input, byte[] buffer, int offset, int length) + throws IOException { + int actual = read(input, buffer, offset, length); + if (actual != length) { + throw new EOFException("Premature EOF - expected=" + length + ", actual=" + actual); + } + } + + /** + * Read as many bytes as possible until EOF or achieved required length + * + * @param input where to read input from + * @param buffer destination + * @return actual length read; may be less than requested if EOF was reached + * @throws IOException if a read error occurs + */ + public static int read(InputStream input, byte[] buffer) throws IOException { + return read(input, buffer, 0, buffer.length); + } + + /** + * Read as many bytes as possible until EOF or achieved required length + * + * @param input where to read input from + * @param buffer destination + * @param offset initial offset into buffer + * @param length length to read - ignored if non-positive + * @return actual length read; may be less than requested if EOF was reached + * @throws IOException if a read error occurs + */ + public static int read( + InputStream input, byte[] buffer, int offset, int length) + throws IOException { + for (int remaining = length, curOffset = offset; remaining > 0;) { + int count = input.read(buffer, curOffset, remaining); + if (count == -1) { // EOF before achieved required length + return curOffset - offset; + } + + remaining -= count; + curOffset += count; + } + + return length; + } + + /** + * @param perms The current {@link PosixFilePermission}s - ignored if {@code null}/empty + * @param excluded The permissions not allowed to exist - ignored if {@code null}/empty + * @return The violating {@link PosixFilePermission} - {@code null} if no violating permission found + */ + public static PosixFilePermission validateExcludedPermissions( + Collection perms, Collection excluded) { + if (GenericUtils.isEmpty(perms) || GenericUtils.isEmpty(excluded)) { + return null; + } + + for (PosixFilePermission p : excluded) { + if (perms.contains(p)) { + return p; + } + } + + return null; + } + + /** + * @param path The {@link Path} to check + * @param options The {@link LinkOption}s to use when checking if path is a directory + * @return The same input path if it is a directory + * @throws UnsupportedOperationException if input path not a directory + */ + public static Path ensureDirectory(Path path, LinkOption... options) { + if (!Files.isDirectory(path, options)) { + throw new UnsupportedOperationException("Not a directory: " + path); + } + + return path; + } + + /** + * @param options The {@link LinkOption}s - OK if {@code null}/empty + * @return {@code true} if the link options are {@code null}/empty or do not contain + * {@link LinkOption#NOFOLLOW_LINKS}, {@code false} otherwise (i.e., the array is not empty and + * contains the special value) + */ + public static boolean followLinks(LinkOption... options) { + if (GenericUtils.isEmpty(options)) { + return true; + } + + for (LinkOption localLinkOption : options) { + if (localLinkOption == LinkOption.NOFOLLOW_LINKS) { + return false; + } + } + return true; + } + + public static String appendPathComponent(String prefix, String component) { + if (GenericUtils.isEmpty(prefix)) { + return component; + } + + if (GenericUtils.isEmpty(component)) { + return prefix; + } + + StringBuilder sb = new StringBuilder( + prefix.length() + component.length() + File.separator.length()) + .append(prefix); + + if (sb.charAt(prefix.length() - 1) == File.separatorChar) { + if (component.charAt(0) == File.separatorChar) { + sb.append(component.substring(1)); + } else { + sb.append(component); + } + } else { + if (component.charAt(0) != File.separatorChar) { + sb.append(File.separatorChar); + } + sb.append(component); + } + + return sb.toString(); + } + + public static byte[] toByteArray(InputStream inStream) throws IOException { + try (ByteArrayOutputStream baos = new ByteArrayOutputStream(DEFAULT_COPY_SIZE)) { + copy(inStream, baos); + return baos.toByteArray(); + } + } + + /** + * Reads all lines until no more available + * + * @param url The {@link URL} to read from + * @return The {@link List} of lines in the same order as it was read + * @throws IOException If failed to read the lines + * @see #readAllLines(InputStream) + */ + public static List readAllLines(URL url) throws IOException { + try (InputStream stream = Objects.requireNonNull(url, "No URL").openStream()) { + return readAllLines(stream); + } + } + + /** + * Reads all lines until no more available + * + * @param stream The {@link InputStream} - Note: assumed to contain {@code UTF-8} encoded data + * @return The {@link List} of lines in the same order as it was read + * @throws IOException If failed to read the lines + * @see #readAllLines(Reader) + */ + public static List readAllLines(InputStream stream) throws IOException { + try (Reader reader = new InputStreamReader( + Objects.requireNonNull(stream, "No stream instance"), StandardCharsets.UTF_8)) { + return readAllLines(reader); + } + } + + public static List readAllLines(Reader reader) throws IOException { + try (BufferedReader br = new BufferedReader( + Objects.requireNonNull(reader, "No reader instance"), DEFAULT_COPY_SIZE)) { + return readAllLines(br); + } + } + + /** + * Reads all lines until no more available + * + * @param reader The {@link BufferedReader} to read all lines + * @return The {@link List} of lines in the same order as it was read + * @throws IOException If failed to read the lines + * @see #readAllLines(BufferedReader, int) + */ + public static List readAllLines(BufferedReader reader) throws IOException { + return readAllLines(reader, -1); + } + + /** + * Reads all lines until no more available + * + * @param reader The {@link BufferedReader} to read all lines + * @param lineCountHint A hint as to the expected number of lines - non-positive means unknown - in which case some + * initial default value will be used to initialize the list used to accumulate the lines. + * @return The {@link List} of lines in the same order as it was read + * @throws IOException If failed to read the lines + */ + public static List readAllLines(BufferedReader reader, int lineCountHint) throws IOException { + List result = new ArrayList<>(Math.max(lineCountHint, Short.SIZE)); + for (String line = reader.readLine(); line != null; line = reader.readLine()) { + result.add(line); + } + return result; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/LimitInputStream.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/LimitInputStream.java new file mode 100644 index 0000000..1d5b33b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/LimitInputStream.java @@ -0,0 +1,113 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io; + +import java.io.FilterInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.nio.channels.Channel; +import java.util.concurrent.atomic.AtomicBoolean; + +/** + * Reads from another {@link InputStream} up to specified max. length + * + * @author Apache MINA SSHD Project + */ +public class LimitInputStream extends FilterInputStream implements Channel { + private final AtomicBoolean open = new AtomicBoolean(true); + private long remaining; + + public LimitInputStream(InputStream in, long length) { + super(in); + remaining = length; + } + + @Override + public boolean isOpen() { + return open.get(); + } + + @Override + public int read() throws IOException { + if (!isOpen()) { + throw new IOException("read() - stream is closed (remaining=" + remaining + ")"); + } + + if (remaining > 0) { + remaining--; + return super.read(); + } else { + return -1; + } + } + + @Override + public int read(byte[] b, int off, int len) throws IOException { + if (!isOpen()) { + throw new IOException("read(len=" + len + ") stream is closed (remaining=" + remaining + ")"); + } + + int nb = len; + if (nb > remaining) { + nb = (int) remaining; + } + if (nb > 0) { + int read = super.read(b, off, nb); + remaining -= read; + return read; + } else { + return -1; + } + } + + @Override + public long skip(long n) throws IOException { + if (!isOpen()) { + throw new IOException("skip(" + n + ") stream is closed (remaining=" + remaining + ")"); + } + + long skipped = super.skip(n); + remaining -= skipped; + return skipped; + } + + @Override + public int available() throws IOException { + if (!isOpen()) { + throw new IOException("available() stream is closed (remaining=" + remaining + ")"); + } + + int av = super.available(); + if (av > remaining) { + return (int) remaining; + } else { + return av; + } + } + + @Override + public void close() throws IOException { + // do not close the original input stream since it serves for ACK(s) + if (open.getAndSet(false)) { + // noinspection UnnecessaryReturnStatement + return; // debug breakpoint + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/ModifiableFileWatcher.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/ModifiableFileWatcher.java new file mode 100644 index 0000000..424021b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/ModifiableFileWatcher.java @@ -0,0 +1,266 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io; + +import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.LinkOption; +import java.nio.file.OpenOption; +import java.nio.file.Path; +import java.nio.file.attribute.BasicFileAttributes; +import java.nio.file.attribute.FileTime; +import java.nio.file.attribute.PosixFilePermission; +import java.util.AbstractMap.SimpleImmutableEntry; +import java.util.Collection; +import java.util.Collections; +import java.util.EnumSet; +import java.util.HashSet; +import java.util.Objects; +import java.util.Set; +import java.util.concurrent.atomic.AtomicBoolean; +import java.util.concurrent.atomic.AtomicLong; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.OsUtils; +import org.apache.sshd.common.util.io.resource.PathResource; + +/** + * Watches over changes for a file and re-loads them if file has changed - including if file is deleted or (re-)created + * + * @author Apache MINA SSHD Project + */ +public class ModifiableFileWatcher { + + /** + * The {@link Set} of {@link PosixFilePermission} not allowed if strict permissions are enforced on key files + */ + public static final Set STRICTLY_PROHIBITED_FILE_PERMISSION = Collections.unmodifiableSet( + EnumSet.of( + PosixFilePermission.GROUP_WRITE, + PosixFilePermission.OTHERS_WRITE)); + + protected final LinkOption[] options; + + private final Path file; + private final AtomicBoolean lastExisted = new AtomicBoolean(false); + private final AtomicLong lastSize = new AtomicLong(Long.MIN_VALUE); + private final AtomicLong lastModified = new AtomicLong(-1L); + + public ModifiableFileWatcher(Path file) { + this(file, IoUtils.getLinkOptions(true)); + } + + public ModifiableFileWatcher(Path file, LinkOption... options) { + this.file = Objects.requireNonNull(file, "No path to watch"); + // use a clone to avoid being sensitive to changes in the passed array + this.options = (options == null) ? IoUtils.EMPTY_LINK_OPTIONS : options.clone(); + } + + /** + * @return The watched {@link Path} + */ + public final Path getPath() { + return file; + } + + public final boolean exists() throws IOException { + return Files.exists(getPath(), options); + } + + public final long size() throws IOException { + if (exists()) { + return Files.size(getPath()); + } else { + return -1L; + } + } + + public final FileTime lastModified() throws IOException { + if (exists()) { + BasicFileAttributes attrs = Files.readAttributes(getPath(), BasicFileAttributes.class, options); + return attrs.lastModifiedTime(); + } else { + return null; + } + } + + /** + * @return {@code true} if the watched file has probably been changed + * @throws IOException If failed to query file data + */ + public boolean checkReloadRequired() throws IOException { + boolean exists = exists(); + // if existence state changed from last time + if (exists != lastExisted.getAndSet(exists)) { + return true; + } + + if (!exists) { + // file did not exist and still does not exist + resetReloadAttributes(); + return false; + } + + long size = size(); + if (size < 0L) { + // means file no longer exists + resetReloadAttributes(); + return true; + } + + // if size changed then obviously need reload + if (size != lastSize.getAndSet(size)) { + return true; + } + + FileTime modifiedTime = lastModified(); + if (modifiedTime == null) { + // means file no longer exists + resetReloadAttributes(); + return true; + } + + long timestamp = modifiedTime.toMillis(); + return timestamp != lastModified.getAndSet(timestamp); + + } + + /** + * Resets the state attributes used to detect changes to the initial construction values - i.e., file assumed not to + * exist and no known size of modify time + */ + public void resetReloadAttributes() { + lastExisted.set(false); + lastSize.set(Long.MIN_VALUE); + lastModified.set(-1L); + } + + /** + * May be called to refresh the state attributes used to detect changes e.g., file existence, size and last-modified + * time once re-loading is successfully completed. If the file does not exist then the attributes are reset to an + * "unknown" state. + * + * @throws IOException If failed to access the file (if exists) + * @see #resetReloadAttributes() + */ + public void updateReloadAttributes() throws IOException { + if (exists()) { + long size = size(); + FileTime modifiedTime = lastModified(); + + if ((size >= 0L) && (modifiedTime != null)) { + lastExisted.set(true); + lastSize.set(size); + lastModified.set(modifiedTime.toMillis()); + return; + } + } + + resetReloadAttributes(); + } + + public PathResource toPathResource() { + return toPathResource(IoUtils.EMPTY_OPEN_OPTIONS); + } + + public PathResource toPathResource(OpenOption... options) { + return new PathResource(getPath(), options); + } + + @Override + public String toString() { + return Objects.toString(getPath()); + } + + /** + *

        + * Checks if a path has strict permissions + *

        + *
          + * + *
        • + *

          + * (For {@code Unix}) The path may not have group or others write permissions + *

          + *
          • + * + *
        • + *

          + * The path must be owned by current user. + *

          + *
          • + * + *
        • + *

          + * (For {@code Unix}) The path may be owned by root. + *

          + *
          • + * + *
        + * + * @param path The {@link Path} to be checked - ignored if {@code null} or does not exist + * @param options The {@link LinkOption}s to use to query the file's permissions + * @return The violated permission as {@link SimpleImmutableEntry} where key is a loggable message and + * value is the offending object - e.g., {@link PosixFilePermission} or {@link String} for + * owner. Return value is {@code null} if no violations detected + * @throws IOException If failed to retrieve the permissions + * @see #STRICTLY_PROHIBITED_FILE_PERMISSION + */ + public static SimpleImmutableEntry validateStrictConfigFilePermissions(Path path, LinkOption... options) + throws IOException { + if ((path == null) || (!Files.exists(path, options))) { + return null; + } + + Collection perms = IoUtils.getPermissions(path, options); + if (GenericUtils.isEmpty(perms)) { + return null; + } + + if (OsUtils.isUNIX()) { + PosixFilePermission p = IoUtils.validateExcludedPermissions(perms, STRICTLY_PROHIBITED_FILE_PERMISSION); + if (p != null) { + return new SimpleImmutableEntry<>(String.format("Permissions violation (%s)", p), p); + } + } + + String owner = IoUtils.getFileOwner(path, options); + if (GenericUtils.isEmpty(owner)) { + // we cannot get owner + // general issue: jvm does not support permissions + // security issue: specific filesystem does not support permissions + return null; + } + + String current = OsUtils.getCurrentUser(); + Set expected = new HashSet<>(); + expected.add(current); + if (OsUtils.isUNIX()) { + // Windows "Administrator" was considered however in Windows most likely a group is used. + expected.add(OsUtils.ROOT_USER); + } + + if (!expected.contains(owner)) { + return new SimpleImmutableEntry<>(String.format("Owner violation (%s)", owner), owner); + } + + return null; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/NoCloseInputStream.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/NoCloseInputStream.java new file mode 100644 index 0000000..b9aedee --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/NoCloseInputStream.java @@ -0,0 +1,47 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.io; + +import java.io.FilterInputStream; +import java.io.IOException; +import java.io.InputStream; + +/** + * TODO Add javadoc + * + * @author Apache MINA SSHD Project + */ +public class NoCloseInputStream extends FilterInputStream { + public NoCloseInputStream(InputStream in) { + super(in); + } + + @Override + public void close() throws IOException { + // ignored + } + + public static InputStream resolveInputStream(InputStream input, boolean okToClose) { + if ((input == null) || okToClose) { + return input; + } else { + return new NoCloseInputStream(input); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/NoCloseOutputStream.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/NoCloseOutputStream.java new file mode 100644 index 0000000..4ba16d3 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/NoCloseOutputStream.java @@ -0,0 +1,47 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.io; + +import java.io.FilterOutputStream; +import java.io.IOException; +import java.io.OutputStream; + +/** + * TODO Add javadoc + * + * @author Apache MINA SSHD Project + */ +public class NoCloseOutputStream extends FilterOutputStream { + public NoCloseOutputStream(OutputStream out) { + super(out); + } + + @Override + public void close() throws IOException { + // ignored + } + + public static OutputStream resolveOutputStream(OutputStream output, boolean okToClose) { + if ((output == null) || okToClose) { + return output; + } else { + return new NoCloseOutputStream(output); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/NoCloseReader.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/NoCloseReader.java new file mode 100644 index 0000000..9c8b218 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/NoCloseReader.java @@ -0,0 +1,46 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io; + +import java.io.FilterReader; +import java.io.IOException; +import java.io.Reader; + +/** + * @author Apache MINA SSHD Project + */ +public class NoCloseReader extends FilterReader { + public NoCloseReader(Reader in) { + super(in); + } + + @Override + public void close() throws IOException { + // ignored + } + + public static Reader resolveReader(Reader r, boolean okToClose) { + if ((r == null) || okToClose) { + return r; + } else { + return new NoCloseReader(r); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/NoCloseWriter.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/NoCloseWriter.java new file mode 100644 index 0000000..0f92697 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/NoCloseWriter.java @@ -0,0 +1,46 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io; + +import java.io.FilterWriter; +import java.io.IOException; +import java.io.Writer; + +/** + * @author Apache MINA SSHD Project + */ +public class NoCloseWriter extends FilterWriter { + public NoCloseWriter(Writer out) { + super(out); + } + + @Override + public void close() throws IOException { + // ignored + } + + public static Writer resolveWriter(Writer r, boolean okToClose) { + if ((r == null) || okToClose) { + return r; + } else { + return new NoCloseWriter(r); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/NullInputStream.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/NullInputStream.java new file mode 100644 index 0000000..1b9b471 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/NullInputStream.java @@ -0,0 +1,91 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io; + +import java.io.EOFException; +import java.io.IOException; +import java.io.InputStream; +import java.nio.channels.Channel; +import java.util.concurrent.atomic.AtomicBoolean; + +/** + * A {@code /dev/null} input stream + * + * @author Apache MINA SSHD Project + */ +public class NullInputStream extends InputStream implements Channel { + private final AtomicBoolean open = new AtomicBoolean(true); + + public NullInputStream() { + super(); + } + + @Override + public boolean isOpen() { + return open.get(); + } + + @Override + public int read() throws IOException { + if (!isOpen()) { + throw new EOFException("Stream is closed for reading one value"); + } + return -1; + } + + @Override + public int read(byte[] b, int off, int len) throws IOException { + if (!isOpen()) { + throw new EOFException("Stream is closed for reading " + len + " bytes"); + } + return -1; + } + + @Override + public long skip(long n) throws IOException { + if (!isOpen()) { + throw new EOFException("Stream is closed for skipping " + n + " bytes"); + } + return 0L; + } + + @Override + public int available() throws IOException { + if (!isOpen()) { + throw new EOFException("Stream is closed for availability query"); + } + return 0; + } + + @Override + public synchronized void reset() throws IOException { + if (!isOpen()) { + throw new EOFException("Stream is closed for reset"); + } + } + + @Override + public void close() throws IOException { + if (open.getAndSet(false)) { + // noinspection UnnecessaryReturnStatement + return; // debug breakpoint + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/NullOutputStream.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/NullOutputStream.java new file mode 100644 index 0000000..8a0435c --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/NullOutputStream.java @@ -0,0 +1,73 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io; + +import java.io.EOFException; +import java.io.IOException; +import java.io.OutputStream; +import java.nio.channels.Channel; +import java.util.concurrent.atomic.AtomicBoolean; + +/** + * A {code /dev/null} output stream + * + * @author Apache MINA SSHD Project + */ +public class NullOutputStream extends OutputStream implements Channel { + private final AtomicBoolean open = new AtomicBoolean(true); + + public NullOutputStream() { + super(); + } + + @Override + public boolean isOpen() { + return open.get(); + } + + @Override + public void write(int b) throws IOException { + if (!isOpen()) { + throw new EOFException("Stream is closed for writing one byte"); + } + } + + @Override + public void write(byte[] b, int off, int len) throws IOException { + if (!isOpen()) { + throw new EOFException("Stream is closed for writing " + len + " bytes"); + } + } + + @Override + public void flush() throws IOException { + if (!isOpen()) { + throw new EOFException("Stream is closed for flushing"); + } + } + + @Override + public void close() throws IOException { + if (open.getAndSet(false)) { + // noinspection UnnecessaryReturnStatement + return; // debug breakpoint + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/NullPrintStream.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/NullPrintStream.java new file mode 100644 index 0000000..a21c5d2 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/NullPrintStream.java @@ -0,0 +1,172 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io; + +import java.io.PrintStream; +import java.util.Locale; + +/** + * @author Apache MINA SSHD Project + */ +public class NullPrintStream extends PrintStream { + public NullPrintStream() { + super(new NullOutputStream()); + } + + @Override + public void write(int b) { + // ignored + } + + @Override + public void write(byte[] buf, int off, int len) { + // ignored + } + + @Override + public void print(boolean b) { + // ignored + } + + @Override + public void print(char c) { + append(c); + } + + @Override + public void print(int i) { + print((long) i); + } + + @Override + public void print(long l) { + // ignored + } + + @Override + public void print(float f) { + print((double) f); + } + + @Override + public void print(double d) { + // ignored + } + + @Override + public void print(char[] s) { + // ignored + } + + @Override + public void print(String s) { + // ignored + } + + @Override + public void print(Object obj) { + // ignored + } + + @Override + public void println() { + // ignored + } + + @Override + public void println(boolean x) { + // ignored + } + + @Override + public void println(char x) { + // ignored + } + + @Override + public void println(int x) { + // ignored + } + + @Override + public void println(long x) { + // ignored + } + + @Override + public void println(float x) { + // ignored + } + + @Override + public void println(double x) { + // ignored + } + + @Override + public void println(char[] x) { + // ignored + } + + @Override + public void println(String x) { + // ignored + } + + @Override + public void println(Object x) { + // ignored + } + + @Override + public PrintStream printf(String format, Object... args) { + return printf(Locale.getDefault(), format, args); + } + + @Override + public PrintStream printf(Locale l, String format, Object... args) { + return format(l, format, args); + } + + @Override + public PrintStream format(String format, Object... args) { + return format(Locale.getDefault(), format, args); + } + + @Override + public PrintStream format(Locale l, String format, Object... args) { + return this; + } + + @Override + public PrintStream append(CharSequence csq) { + return append(csq, 0, csq.length()); + } + + @Override + public PrintStream append(CharSequence csq, int start, int end) { + return this; + } + + @Override + public PrintStream append(char c) { + return this; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/OutputStreamWithChannel.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/OutputStreamWithChannel.java new file mode 100644 index 0000000..6f81872 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/OutputStreamWithChannel.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io; + +import java.io.OutputStream; +import java.nio.channels.Channel; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class OutputStreamWithChannel extends OutputStream implements Channel { + protected OutputStreamWithChannel() { + super(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/PathScanningMatcher.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/PathScanningMatcher.java new file mode 100644 index 0000000..9dcaba4 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/PathScanningMatcher.java @@ -0,0 +1,186 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io; + +import java.io.File; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.stream.Collectors; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.OsUtils; +import org.apache.sshd.common.util.SelectorUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class PathScanningMatcher { + /** + * Whether or not the file system should be treated as a case sensitive one. + */ + protected boolean caseSensitive = OsUtils.isUNIX(); + + /** + * The file separator to use to parse paths - default=local O/S separator + */ + protected String separator = File.separator; + + /** + * The patterns for the files to be included. + */ + protected List includePatterns; + + protected PathScanningMatcher() { + super(); + } + + /** + *

        + * Sets the list of include patterns to use. All '/' and '\' characters are replaced by + * File.separatorChar, so the separator used need not match File.separatorChar. + *

        + * + *

        + * When a pattern ends with a '/' or '\', "**" is appended. + *

        + * + * @param includes A list of include patterns. May be {@code null}, indicating that all files should be included. If + * a non-{@code null} list is given, all elements must be non-{@code null}. + */ + public void setIncludes(String... includes) { + setIncludes(GenericUtils.isEmpty(includes) ? Collections.emptyList() : Arrays.asList(includes)); + } + + /** + * @return Un-modifiable list of the inclusion patterns + */ + public List getIncludes() { + return includePatterns; + } + + public void setIncludes(Collection includes) { + this.includePatterns = GenericUtils.isEmpty(includes) + ? Collections.emptyList() + : Collections.unmodifiableList( + includes.stream() + .map(v -> normalizePattern(v)) + .collect(Collectors.toCollection(() -> new ArrayList<>(includes.size())))); + } + + /** + * @return Whether or not the file system should be treated as a case sensitive one. + */ + public boolean isCaseSensitive() { + return caseSensitive; + } + + public void setCaseSensitive(boolean caseSensitive) { + this.caseSensitive = caseSensitive; + } + + /** + * @return The file separator to use to parse paths - default=local O/S separator + */ + public String getSeparator() { + return separator; + } + + public void setSeparator(String separator) { + this.separator = ValidateUtils.checkNotNullAndNotEmpty(separator, "No separator provided"); + } + + /** + * Tests whether or not a name matches against at least one include pattern. + * + * @param name The name to match. Must not be {@code null}. + * @return true when the name matches against at least one include pattern, or false + * otherwise. + */ + protected boolean isIncluded(String name) { + Collection includes = getIncludes(); + if (GenericUtils.isEmpty(includes)) { + return false; + } + + boolean cs = isCaseSensitive(); + String sep = getSeparator(); + for (String include : includes) { + if (SelectorUtils.matchPath(include, name, sep, cs)) { + return true; + } + } + + return false; + } + + /** + * Tests whether or not a name matches the start of at least one include pattern. + * + * @param name The name to match. Must not be {@code null}. + * @return true when the name matches against the start of at least one include pattern, or + * false otherwise. + */ + protected boolean couldHoldIncluded(String name) { + Collection includes = getIncludes(); + if (GenericUtils.isEmpty(includes)) { + return false; + } + + boolean cs = isCaseSensitive(); + String sep = getSeparator(); + for (String include : includes) { + if (SelectorUtils.matchPatternStart(include, name, sep, cs)) { + return true; + } + } + + return false; + } + + /** + * Normalizes the pattern, e.g. converts forward and backward slashes to the platform-specific file separator. + * + * @param pattern The pattern to normalize, must not be {@code null}. + * @return The normalized pattern, never {@code null}. + */ + public static String normalizePattern(String pattern) { + pattern = pattern.trim(); + + if (pattern.startsWith(SelectorUtils.REGEX_HANDLER_PREFIX)) { + if (File.separatorChar == '\\') { + pattern = GenericUtils.replace(pattern, "/", "\\\\", -1); + } else { + pattern = GenericUtils.replace(pattern, "\\\\", "/", -1); + } + } else { + pattern = pattern.replace(File.separatorChar == '/' ? '\\' : '/', File.separatorChar); + + if (pattern.endsWith(File.separator)) { + pattern += "**"; + } + } + + return pattern; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/PathUtils.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/PathUtils.java new file mode 100644 index 0000000..30bfd88 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/PathUtils.java @@ -0,0 +1,76 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io; + +import java.nio.file.Path; +import java.util.Comparator; +import java.util.Objects; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.functors.UnaryEquator; + +/** + * @author Apache MINA SSHD Project + */ +public final class PathUtils { + /** Compares 2 {@link Path}-s by their case insensitive {@link Path#getFileName() filename} */ + public static final Comparator BY_CASE_INSENSITIVE_FILENAME + = (p1, p2) -> PathUtils.safeCompareFilename(p1, p2, false); + + public static final UnaryEquator EQ_CASE_INSENSITIVE_FILENAME + = (p1, p2) -> BY_CASE_INSENSITIVE_FILENAME.compare(p1, p2) == 0; + + /** Compares 2 {@link Path}-s by their case sensitive {@link Path#getFileName() filename} */ + public static final Comparator BY_CASE_SENSITIVE_FILENAME = (p1, p2) -> PathUtils.safeCompareFilename(p1, p2, true); + + public static final UnaryEquator EQ_CASE_SENSITIVE_FILENAME + = (p1, p2) -> BY_CASE_SENSITIVE_FILENAME.compare(p1, p2) == 0; + + /** + * Private Constructor + */ + private PathUtils() { + throw new UnsupportedOperationException("No instance allowed"); + } + + /** + * Compares 2 {@link Path}-s by their {@link Path#getFileName() filename} while allowing for one or both to be + * {@code null}. + * + * @param p1 1st {@link Path} + * @param p2 2nd {@link Path} + * @param caseSensitive Whether comparison is case sensitive + * @return Comparison results - {@code null}-s are considered "greater" than + * non-{@code null}-s + */ + public static int safeCompareFilename(Path p1, Path p2, boolean caseSensitive) { + if (GenericUtils.isSameReference(p1, p2)) { + return 0; + } else if (p1 == null) { + return 1; + } else if (p2 == null) { + return -1; + } + + String n1 = Objects.toString(p1.getFileName(), null); + String n2 = Objects.toString(p2.getFileName(), null); + return GenericUtils.safeCompare(n1, n2, caseSensitive); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/SecureByteArrayOutputStream.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/SecureByteArrayOutputStream.java new file mode 100644 index 0000000..3cd073f --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/SecureByteArrayOutputStream.java @@ -0,0 +1,61 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io; + +import java.io.ByteArrayOutputStream; +import java.util.Arrays; + +/** + * A {@link ByteArrayOutputStream} that clears its internal buffer after resizing and when it is {@link #close() + * closed}. + */ +public final class SecureByteArrayOutputStream extends ByteArrayOutputStream { + + public SecureByteArrayOutputStream() { + super(); + } + + public SecureByteArrayOutputStream(int initialSize) { + super(initialSize); + } + + @Override + public void close() { + Arrays.fill(buf, (byte) 0); + } + + @Override + public void write(int b) { + byte[] oldBuf = buf; + super.write(b); + if (buf != oldBuf) { + Arrays.fill(oldBuf, (byte) 0); + } + } + + @Override + public void write(byte[] b, int off, int len) { + byte[] oldBuf = buf; + super.write(b, off, len); + if (buf != oldBuf) { + Arrays.fill(oldBuf, (byte) 0); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/der/ASN1Class.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/der/ASN1Class.java new file mode 100644 index 0000000..0600364 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/der/ASN1Class.java @@ -0,0 +1,96 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.io.der; + +import java.util.Arrays; +import java.util.Collections; +import java.util.List; + +import org.apache.sshd.common.util.GenericUtils; + +/** + * @author Apache MINA SSHD Project + */ +public enum ASN1Class { + // NOTE: order is crucial, so DON'T change it + UNIVERSAL((byte) 0x00), + APPLICATION((byte) 0x01), + CONTEXT((byte) 0x02), + PRIVATE((byte) 0x03); + + public static final List VALUES = Collections.unmodifiableList(Arrays.asList(values())); + + private final byte byteValue; + + ASN1Class(byte classValue) { + byteValue = classValue; + } + + public byte getClassValue() { + return byteValue; + } + + public static ASN1Class fromName(String s) { + if (GenericUtils.isEmpty(s)) { + return null; + } + + for (ASN1Class c : VALUES) { + if (s.equalsIgnoreCase(c.name())) { + return c; + } + } + + return null; + } + + /** + *

        + * The first byte in DER encoding is made of following fields + *

        + * + * 
        +     *-------------------------------------------------
+     *|Bit 8|Bit 7|Bit 6|Bit 5|Bit 4|Bit 3|Bit 2|Bit 1|
+     *-------------------------------------------------
+     *|  Class    | CF  |        Type                 |
+     *-------------------------------------------------
+     *
        + * + * @param value The original DER encoded byte + * @return The {@link ASN1Class} value - {@code null} if no match found + * @see #fromTypeValue(int) + */ + public static ASN1Class fromDERValue(int value) { + return fromTypeValue((value >> 6) & 0x03); + } + + /** + * @param value The "pure" value - unshifted and with no extras + * @return The {@link ASN1Class} value - {@code null} if no match found + */ + public static ASN1Class fromTypeValue(int value) { + // all 4 values are defined + if ((value < 0) || (value >= VALUES.size())) { + return null; + } + + return VALUES.get(value); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/der/ASN1Object.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/der/ASN1Object.java new file mode 100644 index 0000000..717c4d0 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/der/ASN1Object.java @@ -0,0 +1,336 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.io.der; + +import java.io.EOFException; +import java.io.IOException; +import java.io.Serializable; +import java.io.StreamCorruptedException; +import java.math.BigInteger; +import java.util.ArrayList; +import java.util.List; +import java.util.Objects; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.buffer.BufferUtils; + +/** + * @author Apache MINA SSHD Project + */ +public class ASN1Object implements Serializable, Cloneable { + // Constructed Flag + public static final byte CONSTRUCTED = 0x20; + + private static final long serialVersionUID = 4687581744706127265L; + + private ASN1Class objClass; + private ASN1Type objType; + private boolean constructed; + private int length; + private byte[] value; + + public ASN1Object() { + super(); + } + + /* + *

        The first byte in DER encoding is made of following fields

        +     * ------------------------------------------------- |Bit 8|Bit 7|Bit 6|Bit 5|Bit 4|Bit 3|Bit 2|Bit 1|
+     * ------------------------------------------------- | Class | CF | Type |
+     * -------------------------------------------------
        + */ + public ASN1Object(byte tag, int len, byte... data) { + this(ASN1Class.fromDERValue(tag), ASN1Type.fromDERValue(tag), (tag & CONSTRUCTED) == CONSTRUCTED, len, data); + } + + public ASN1Object(ASN1Class c, ASN1Type t, boolean ctored, int len, byte... data) { + objClass = c; + objType = t; + constructed = ctored; + length = len; + value = data; + } + + public ASN1Class getObjClass() { + return objClass; + } + + public void setObjClass(ASN1Class c) { + objClass = c; + } + + public ASN1Type getObjType() { + return objType; + } + + public void setObjType(ASN1Type y) { + objType = y; + } + + public boolean isConstructed() { + return constructed; + } + + public void setConstructed(boolean c) { + constructed = c; + } + + public int getLength() { + return length; + } + + public void setLength(int l) { + length = l; + } + + public byte[] getValue() { + return value; + } + + // if length is less than value.length then returns copy of it + public byte[] getPureValueBytes() { + byte[] bytes = getValue(); + int available = getLength(); + int numBytes = NumberUtils.length(bytes); + if (numBytes == available) { + return bytes; + } + + if (available == 0) { + return GenericUtils.EMPTY_BYTE_ARRAY; + } + + byte[] pure = new byte[available]; + System.arraycopy(bytes, 0, pure, 0, available); + return pure; + } + + public void setValue(byte[] v) { + value = v; + } + + public DERParser createParser() { + return new DERParser(getValue(), 0, getLength()); + } + + public Object asObject() throws IOException { + ASN1Type type = getObjType(); + if (type == null) { + throw new IOException("No type set"); + } + + switch (type) { + case INTEGER: + return asInteger(); + + case NUMERIC_STRING: + case PRINTABLE_STRING: + case VIDEOTEX_STRING: + case IA5_STRING: + case GRAPHIC_STRING: + case ISO646_STRING: + case GENERAL_STRING: + case BMP_STRING: + case UTF8_STRING: + return asString(); + + case OBJECT_IDENTIFIER: + return asOID(); + + case SEQUENCE: + return getValue(); + + default: + throw new IOException("Invalid DER: unsupported type: " + type); + } + } + + /** + * Get the value as {@link BigInteger} + * + * @return BigInteger + * @throws IOException if type not an {@link ASN1Type#INTEGER} + */ + public BigInteger asInteger() throws IOException { + ASN1Type typeValue = getObjType(); + if (ASN1Type.INTEGER.equals(typeValue)) { + return toInteger(); + } else { + throw new IOException("Invalid DER: object is not integer: " + typeValue); + } + } + + // does not check if this is an integer + public BigInteger toInteger() { + return new BigInteger(getPureValueBytes()); + } + + /** + * Get value as string. Most strings are treated as Latin-1. + * + * @return Java string + * @throws IOException if + */ + public String asString() throws IOException { + ASN1Type type = getObjType(); + if (type == null) { + throw new IOException("No type set"); + } + + final String encoding; + switch (type) { + // Not all are Latin-1 but it's the closest thing + case NUMERIC_STRING: + case PRINTABLE_STRING: + case VIDEOTEX_STRING: + case IA5_STRING: + case GRAPHIC_STRING: + case ISO646_STRING: + case GENERAL_STRING: + encoding = "ISO-8859-1"; + break; + + case BMP_STRING: + encoding = "UTF-16BE"; + break; + + case UTF8_STRING: + encoding = "UTF-8"; + break; + + case UNIVERSAL_STRING: + throw new IOException("Invalid DER: can't handle UCS-4 string"); + + default: + throw new IOException("Invalid DER: object is not a string: " + type); + } + + return new String(getValue(), 0, getLength(), encoding); + } + + public List asOID() throws IOException { + ASN1Type typeValue = getObjType(); + if (ASN1Type.OBJECT_IDENTIFIER.equals(typeValue)) { + return toOID(); + } else { + throw new StreamCorruptedException("Invalid DER: object is not an OID: " + typeValue); + } + } + + // Does not check that type is OID + public List toOID() throws IOException { + int vLen = getLength(); + if (vLen <= 0) { + throw new EOFException("Not enough data for an OID"); + } + + List oid = new ArrayList<>(vLen + 1); + byte[] bytes = getValue(); + int val1 = bytes[0] & 0xFF; + oid.add(Integer.valueOf(val1 / 40)); + oid.add(Integer.valueOf(val1 % 40)); + + for (int curPos = 1; curPos < vLen; curPos++) { + int v = bytes[curPos] & 0xFF; + if (v <= 0x7F) { // short form + oid.add(Integer.valueOf(v)); + continue; + } + + long curVal = v & 0x7F; + curPos++; + + for (int subLen = 1;; subLen++, curPos++) { + if (curPos >= vLen) { + throw new EOFException("Incomplete OID value"); + } + + if (subLen > 5) { // 32 bit values can span at most 5 octets + throw new StreamCorruptedException("OID component encoding beyond 5 bytes"); + } + + v = bytes[curPos] & 0xFF; + curVal = ((curVal << 7) & 0xFFFFFFFF80L) | (v & 0x7FL); + if (curVal > Integer.MAX_VALUE) { + throw new StreamCorruptedException("OID value exceeds 32 bits: " + curVal); + } + + if (v <= 0x7F) { // found last octet ? + break; + } + } + + oid.add(Integer.valueOf((int) (curVal & 0x7FFFFFFFL))); + } + + return oid; + } + + @Override + public int hashCode() { + return Objects.hash(getObjClass(), getObjType()) + + Boolean.hashCode(isConstructed()) + + getLength() + + NumberUtils.hashCode(getValue(), 0, getLength()); + } + + @Override + public boolean equals(Object obj) { + if (obj == null) { + return false; + } + if (this == obj) { + return true; + } + if (getClass() != obj.getClass()) { + return false; + } + + ASN1Object other = (ASN1Object) obj; + return Objects.equals(this.getObjClass(), other.getObjClass()) + && Objects.equals(this.getObjType(), other.getObjType()) + && (this.isConstructed() == other.isConstructed()) + && (this.getLength() == other.getLength()) + && (NumberUtils.diffOffset(this.getValue(), 0, other.getValue(), 0, this.getLength()) < 0); + } + + @Override + public ASN1Object clone() { + try { + ASN1Object cpy = getClass().cast(super.clone()); + byte[] data = cpy.getValue(); + if (data != null) { + cpy.setValue(data.clone()); + } + return cpy; + } catch (CloneNotSupportedException e) { + throw new IllegalStateException("Unexpected clone failure: " + e.getMessage(), e); + } + } + + @Override + public String toString() { + return Objects.toString(getObjClass()) + + "/" + getObjType() + + "/" + isConstructed() + + "[" + getLength() + "]" + + ": " + BufferUtils.toHex(getValue(), 0, getLength(), ':'); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/der/ASN1Type.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/der/ASN1Type.java new file mode 100644 index 0000000..906d51b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/der/ASN1Type.java @@ -0,0 +1,121 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.io.der; + +import java.util.Collections; +import java.util.EnumSet; +import java.util.Set; + +import org.apache.sshd.common.util.GenericUtils; + +/** + * @author Apache MINA SSHD Project + */ +public enum ASN1Type { + ANY((byte) 0x00), + BOOLEAN((byte) 0x01), + INTEGER((byte) 0x02), + BIT_STRING((byte) 0x03), + OCTET_STRING((byte) 0x04), + NULL((byte) 0x05), + OBJECT_IDENTIFIER((byte) 0x06), + REAL((byte) 0x09), + ENUMERATED((byte) 0x0a), + RELATIVE_OID((byte) 0x0d), + SEQUENCE((byte) 0x10), + SET((byte) 0x11), + NUMERIC_STRING((byte) 0x12), + PRINTABLE_STRING((byte) 0x13), + T61_STRING((byte) 0x14), + VIDEOTEX_STRING((byte) 0x15), + IA5_STRING((byte) 0x16), + GRAPHIC_STRING((byte) 0x19), + ISO646_STRING((byte) 0x1A), + GENERAL_STRING((byte) 0x1B), + UTF8_STRING((byte) 0x0C), + UNIVERSAL_STRING((byte) 0x1C), + BMP_STRING((byte) 0x1E), + UTC_TIME((byte) 0x17), + GENERALIZED_TIME((byte) 0x18); + + public static final Set VALUES = Collections.unmodifiableSet(EnumSet.allOf(ASN1Type.class)); + + private final byte typeValue; + + ASN1Type(byte typeVal) { + typeValue = typeVal; + } + + public byte getTypeValue() { + return typeValue; + } + + public static ASN1Type fromName(String s) { + if (GenericUtils.isEmpty(s)) { + return null; + } + + for (ASN1Type t : VALUES) { + if (s.equalsIgnoreCase(t.name())) { + return t; + } + } + + return null; + } + + /** + *

        + * The first byte in DER encoding is made of following fields + *

        + * + * 
        +     *-------------------------------------------------
+     *|Bit 8|Bit 7|Bit 6|Bit 5|Bit 4|Bit 3|Bit 2|Bit 1|
+     *-------------------------------------------------
+     *|  Class    | CF  |        Type                 |
+     *-------------------------------------------------
+     *
        + * + * @param value The original DER encoded byte + * @return The {@link ASN1Type} value - {@code null} if no match found + * @see #fromTypeValue(int) + */ + public static ASN1Type fromDERValue(int value) { + return fromTypeValue(value & 0x1F); + } + + /** + * @param value The "pure" type value - with no extra bits set + * @return The {@link ASN1Type} value - {@code null} if no match found + */ + public static ASN1Type fromTypeValue(int value) { + if ((value < 0) || (value > 0x1F)) { // only 5 bits are used + return null; + } + + for (ASN1Type t : VALUES) { + if (t.getTypeValue() == value) { + return t; + } + } + + return null; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/der/DERParser.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/der/DERParser.java new file mode 100644 index 0000000..a9fde49 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/der/DERParser.java @@ -0,0 +1,158 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io.der; + +import java.io.ByteArrayInputStream; +import java.io.FilterInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.StreamCorruptedException; +import java.math.BigInteger; +import java.util.Arrays; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.buffer.BufferUtils; + +/** + * A bare minimum DER parser - just enough to be able to decode signatures and private keys + * + * @author Apache MINA SSHD Project + */ +public class DERParser extends FilterInputStream { + /** + * Maximum size of data allowed by {@link #readLength()} - it is a bit arbitrary since one can encode 32-bit length + * data, but it is good enough for the keys + */ + public static final int MAX_DER_VALUE_LENGTH = 2 * Short.MAX_VALUE; + + private final byte[] lenBytes = new byte[Integer.BYTES]; + + public DERParser(byte... bytes) { + this(bytes, 0, NumberUtils.length(bytes)); + } + + public DERParser(byte[] bytes, int offset, int len) { + this(new ByteArrayInputStream(bytes, offset, len)); + } + + public DERParser(InputStream s) { + super(s); + } + + /** + * Decode the length of the field. Can only support length encoding up to 4 octets. In BER/DER encoding, length can + * be encoded in 2 forms: + *
          + *
        • + *

          + * Short form - One octet. Bit 8 has value "0" and bits 7-1 give the length. + *

          + *
          • + * + *
        • + *

          + * Long form - Two to 127 octets (only 4 is supported here). Bit 8 of first octet has value "1" and bits 7-1 give + * the number of additional length octets. Second and following octets give the length, base 256, most significant + * digit first. + *

          + *
          • + *
        + * + * @return The length as integer + * @throws IOException If invalid format found + */ + public int readLength() throws IOException { + int i = read(); + if (i == -1) { + throw new StreamCorruptedException("Invalid DER: length missing"); + } + + // A single byte short length + if ((i & ~0x7F) == 0) { + return i; + } + + int num = i & 0x7F; + // TODO We can't handle length longer than 4 bytes + if ((i >= 0xFF) || (num > lenBytes.length)) { + throw new StreamCorruptedException("Invalid DER: length field too big: " + i); + } + + // place the read bytes last so that the 1st ones are zeroes as big endian + Arrays.fill(lenBytes, (byte) 0); + int n = read(lenBytes, 4 - num, num); + if (n < num) { + throw new StreamCorruptedException("Invalid DER: length data too short: expected=" + num + ", actual=" + n); + } + + long len = BufferUtils.getUInt(lenBytes); + if (len < 0x7FL) { // according to standard: "the shortest possible length encoding must be used" + throw new StreamCorruptedException("Invalid DER: length not in shortest form: " + len); + } + + if (len > MAX_DER_VALUE_LENGTH) { + throw new StreamCorruptedException( + "Invalid DER: data length too big: " + len + " (max=" + MAX_DER_VALUE_LENGTH + ")"); + } + + // we know the cast is safe since it is less than MAX_DER_VALUE_LENGTH which is ~64K + return (int) len; + } + + public ASN1Object readObject() throws IOException { + int tag = read(); + if (tag == -1) { + return null; + } + + ASN1Type objType = ASN1Type.fromDERValue(tag); + if (objType == ASN1Type.NULL) { + return new ASN1Object((byte) tag, 0, GenericUtils.EMPTY_BYTE_ARRAY); + } + + int length = readLength(); + byte[] value = new byte[length]; + int n = read(value); + if (n < length) { + throw new StreamCorruptedException( + "Invalid DER: stream too short, missing value: read " + n + " out of required " + length); + } + + return new ASN1Object((byte) tag, length, value); + } + + public BigInteger readBigInteger() throws IOException { + int type = read(); + if (type != 0x02) { + throw new StreamCorruptedException("Invalid DER: data type is not an INTEGER: 0x" + Integer.toHexString(type)); + } + + int len = readLength(); + byte[] value = new byte[len]; + int n = read(value); + if (n < len) { + throw new StreamCorruptedException( + "Invalid DER: stream too short, missing value: read " + n + " out of required " + len); + } + + return new BigInteger(value); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/der/DERWriter.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/der/DERWriter.java new file mode 100644 index 0000000..fc52c82 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/der/DERWriter.java @@ -0,0 +1,172 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io.der; + +import java.io.ByteArrayOutputStream; +import java.io.FilterOutputStream; +import java.io.IOException; +import java.io.OutputStream; +import java.io.StreamCorruptedException; +import java.math.BigInteger; +import java.util.Objects; +import java.util.concurrent.atomic.AtomicBoolean; + +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.BufferUtils; +import org.apache.sshd.common.util.buffer.ByteArrayBuffer; + +/** + * A bare-minimum DER encoder - just enough so we can encoder signatures and keys data + * + * @author Apache MINA SSHD Project + */ +public class DERWriter extends FilterOutputStream { + private final byte[] lenBytes = new byte[Integer.BYTES]; + + public DERWriter() { + this(ByteArrayBuffer.DEFAULT_SIZE); + } + + public DERWriter(int initialSize) { + this(new ByteArrayOutputStream(initialSize)); + } + + public DERWriter(OutputStream stream) { + super(Objects.requireNonNull(stream, "No output stream")); + } + + public DERWriter startSequence() { + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + AtomicBoolean dataWritten = new AtomicBoolean(false); + @SuppressWarnings("resource") + DERWriter encloser = this; + return new DERWriter(baos) { + @Override + public void close() throws IOException { + baos.close(); + + if (!dataWritten.getAndSet(true)) { // detect repeated calls and write this only once + encloser.writeObject( + new ASN1Object(ASN1Class.UNIVERSAL, ASN1Type.SEQUENCE, false, baos.size(), baos.toByteArray())); + } + } + }; + } + + public void writeBigInteger(BigInteger value) throws IOException { + writeBigInteger(Objects.requireNonNull(value, "No value").toByteArray()); + } + + /** + * The integer is always considered to be positive, so if the first byte is < 0, we pad with a zero to make it + * positive + * + * @param bytes {@link BigInteger} bytes + * @throws IOException If failed to write the bytes + */ + public void writeBigInteger(byte... bytes) throws IOException { + writeBigInteger(bytes, 0, NumberUtils.length(bytes)); + } + + /** + * The integer is always considered to be positive, so if the first byte is < 0, we pad with a zero to make it + * positive + * + * @param bytes {@link BigInteger} bytes + * @param off Offset in bytes data + * @param len Number of bytes to write + * @throws IOException If failed to write the bytes + */ + public void writeBigInteger(byte[] bytes, int off, int len) throws IOException { + // Strip leading zeroes + while (len > 1 && bytes[off] == 0 && isPositive(bytes[off + 1])) { + off++; + len--; + } + // indicate it is an INTEGER + write(0x02); + // Pad with a zero if needed + if (isPositive(bytes[off])) { + writeLength(len); + } else { + writeLength(len + 1); + write(0); + } + // Write data + write(bytes, off, len); + } + + private boolean isPositive(byte b) { + return (b & 0x80) == 0; + } + + public void writeObject(ASN1Object obj) throws IOException { + Objects.requireNonNull(obj, "No ASN.1 object"); + + ASN1Type type = obj.getObjType(); + byte typeValue = type.getTypeValue(); + ASN1Class clazz = obj.getObjClass(); + byte classValue = clazz.getClassValue(); + byte tagValue = (byte) (((classValue << 6) & 0xC0) | (typeValue & 0x1F)); + writeObject(tagValue, obj.getLength(), obj.getValue()); + } + + public void writeObject(byte tag, int len, byte... data) throws IOException { + write(tag & 0xFF); + writeLength(len); + write(data, 0, len); + } + + public void writeLength(int len) throws IOException { + ValidateUtils.checkTrue(len >= 0, "Invalid length: %d", len); + + // short form - MSBit is zero + if (len <= 127) { + write(len); + return; + } + + BufferUtils.putUInt(len, lenBytes); + + int nonZeroPos = 0; + for (; nonZeroPos < lenBytes.length; nonZeroPos++) { + if (lenBytes[nonZeroPos] != 0) { + break; + } + } + + if (nonZeroPos >= lenBytes.length) { + throw new StreamCorruptedException("All zeroes length representation for len=" + len); + } + + int bytesLen = lenBytes.length - nonZeroPos; + write(0x80 | bytesLen); // indicate number of octets + write(lenBytes, nonZeroPos, bytesLen); + } + + public byte[] toByteArray() throws IOException { + if (this.out instanceof ByteArrayOutputStream) { + return ((ByteArrayOutputStream) this.out).toByteArray(); + } else { + throw new IOException("The underlying stream is not a byte[] stream"); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/functors/IOFunction.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/functors/IOFunction.java new file mode 100644 index 0000000..056f45d --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/functors/IOFunction.java @@ -0,0 +1,82 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io.functors; + +import java.io.IOException; +import java.util.Objects; + +/** + * Invokes some I/O function on the input returning some output and potentially throwing an {@link IOException} in the + * process + * + * @param Type of input + * @param Type of output + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface IOFunction { + R apply(T t) throws IOException; + + /** + * Returns a composed function that first applies the {@code before} function to its input, and then applies this + * function to the result. If evaluation of either function throws an exception, it is relayed to the caller of the + * composed function. + * + * @param the type of input to the {@code before} function, and to the composed function + * @param before the function to apply before this function is applied + * @return a composed function that first applies the {@code before} function and then applies + * this function + * @throws NullPointerException if before is null + * + * @see #andThen(IOFunction) + */ + default IOFunction compose(IOFunction before) { + Objects.requireNonNull(before, "No composing function provided"); + return (V v) -> apply(before.apply(v)); + } + + /** + * Returns a composed function that first applies this function to its input, and then applies the {@code after} + * function to the result. If evaluation of either function throws an exception, it is relayed to the caller of the + * composed function. + * + * @param the type of output of the {@code after} function, and of the composed function + * @param after the function to apply after this function is applied + * @return a composed function that first applies this function and then applies the + * {@code after} function + * @throws NullPointerException if after is null + * + * @see #compose(IOFunction) + */ + default IOFunction andThen(IOFunction after) { + Objects.requireNonNull(after, "No composing function provided"); + return (T t) -> after.apply(apply(t)); + } + + /** + * Returns a function that always returns its input argument. + * + * @param the type of the input and output objects to the function + * @return a function that always returns its input argument + */ + static IOFunction identity() { + return t -> t; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/resource/AbstractIoResource.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/resource/AbstractIoResource.java new file mode 100644 index 0000000..a8500af --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/resource/AbstractIoResource.java @@ -0,0 +1,58 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io.resource; + +import java.util.Objects; + +/** + * TODO Add javadoc + * + * @param Type of resource + * @author Apache MINA SSHD Project + */ +public abstract class AbstractIoResource implements IoResource { + private final Class resourceType; + private final T resourceValue; + + protected AbstractIoResource(Class resourceType, T resourceValue) { + this.resourceType = Objects.requireNonNull(resourceType, "No resource type specified"); + this.resourceValue = Objects.requireNonNull(resourceValue, "No resource value provided"); + } + + @Override + public Class getResourceType() { + return resourceType; + } + + @Override + public T getResourceValue() { + return resourceValue; + } + + @Override + public String getName() { + return Objects.toString(getResourceValue(), null); + } + + @Override + public String toString() { + return getName(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/resource/ClassLoaderResource.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/resource/ClassLoaderResource.java new file mode 100644 index 0000000..7dec40a --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/resource/ClassLoaderResource.java @@ -0,0 +1,67 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io.resource; + +import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.InputStream; +import java.io.StreamCorruptedException; + +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.threads.ThreadUtils; + +/** + * TODO Add javadoc + * + * @author Apache MINA SSHD Project + */ +public class ClassLoaderResource extends AbstractIoResource { + private final String resourceName; + + public ClassLoaderResource(ClassLoader loader, String resourceName) { + super(ClassLoader.class, (loader == null) ? ThreadUtils.resolveDefaultClassLoader(ClassLoaderResource.class) : loader); + this.resourceName = ValidateUtils.checkNotNullAndNotEmpty(resourceName, "No resource name provided"); + } + + public ClassLoader getResourceLoader() { + return getResourceValue(); + } + + @Override + public String getName() { + return resourceName; + } + + @Override + public InputStream openInputStream() throws IOException { + String name = getName(); + ClassLoader cl = getResourceLoader(); + if (cl == null) { + throw new StreamCorruptedException("No resource loader for " + name); + } + + InputStream input = cl.getResourceAsStream(name); + if (input == null) { + throw new FileNotFoundException("Cannot find resource " + name); + } + + return input; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/resource/IoResource.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/resource/IoResource.java new file mode 100644 index 0000000..c337e97 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/resource/IoResource.java @@ -0,0 +1,65 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io.resource; + +import java.net.URI; +import java.net.URL; +import java.nio.file.Path; + +import org.apache.sshd.common.NamedResource; + +/** + * @param Type of resource + * @author Apache MINA SSHD Project + */ +public interface IoResource extends NamedResource, ResourceStreamProvider { + /** + * @return The type of resource being represented + */ + Class getResourceType(); + + /** + * @return The resource value serving as basis for the provided data stream + */ + T getResourceValue(); + + /** + * Attempts to find the best wrapper for the resource + * + * @param resource The resource object - ignored if {@code null} + * @return The best wrapper out of the supported ones ({@code null} if no initial + * resource) + * @throws UnsupportedOperationException if no match found + */ + static IoResource forResource(Object resource) { + if (resource == null) { + return null; + } else if (resource instanceof Path) { + return new PathResource((Path) resource); + } else if (resource instanceof URL) { + return new URLResource((URL) resource); + } else if (resource instanceof URI) { + return new URIResource((URI) resource); + } else { + throw new UnsupportedOperationException( + "Unsupported resource type " + resource.getClass().getSimpleName() + ": " + resource); + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/resource/PathResource.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/resource/PathResource.java new file mode 100644 index 0000000..a11380b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/resource/PathResource.java @@ -0,0 +1,60 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io.resource; + +import java.io.IOException; +import java.io.InputStream; +import java.nio.file.Files; +import java.nio.file.OpenOption; +import java.nio.file.Path; + +import org.apache.sshd.common.util.io.IoUtils; + +/** + * @author Apache MINA SSHD Project + */ +public class PathResource extends AbstractIoResource { + private final OpenOption[] openOptions; + + public PathResource(Path path) { + super(Path.class, path); + this.openOptions = IoUtils.EMPTY_OPEN_OPTIONS; + } + + public PathResource(Path path, OpenOption... openOptions) { + super(Path.class, path); + // Use a clone to avoid shared instance modification + this.openOptions = (openOptions == null) ? IoUtils.EMPTY_OPEN_OPTIONS : openOptions.clone(); + } + + public Path getPath() { + return getResourceValue(); + } + + public OpenOption[] getOpenOptions() { + // Use a clone to avoid shared instance modification + return (openOptions.length <= 0) ? openOptions : openOptions.clone(); + } + + @Override + public InputStream openInputStream() throws IOException { + return Files.newInputStream(getPath(), getOpenOptions()); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/resource/ResourceStreamProvider.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/resource/ResourceStreamProvider.java new file mode 100644 index 0000000..51bda13 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/resource/ResourceStreamProvider.java @@ -0,0 +1,35 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io.resource; + +import java.io.IOException; +import java.io.InputStream; + +/** + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface ResourceStreamProvider { + /** + * @return an {@link InputStream} for the resource's data + * @throws IOException If failed to open the stream + */ + InputStream openInputStream() throws IOException; +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/resource/URIResource.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/resource/URIResource.java new file mode 100644 index 0000000..a43f9e5 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/resource/URIResource.java @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io.resource; + +import java.io.IOException; +import java.io.InputStream; +import java.net.URI; +import java.net.URL; + +/** + * @author Apache MINA SSHD Project + */ +public class URIResource extends AbstractIoResource { + public URIResource(URI uri) { + super(URI.class, uri); + } + + public URI getURI() { + return getResourceValue(); + } + + @Override + public InputStream openInputStream() throws IOException { + URI uri = getURI(); + URL url = uri.toURL(); + return url.openStream(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/io/resource/URLResource.java b/files-sftp/src/main/java/org/apache/sshd/common/util/io/resource/URLResource.java new file mode 100644 index 0000000..761012b --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/io/resource/URLResource.java @@ -0,0 +1,50 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.io.resource; + +import java.io.IOException; +import java.io.InputStream; +import java.net.URL; + +/** + * @author Apache MINA SSHD Project + */ +public class URLResource extends AbstractIoResource { + public URLResource(URL url) { + super(URL.class, url); + } + + public URL getURL() { + return getResourceValue(); + } + + @Override + public String getName() { + URL url = getURL(); + // URL#toString() may involve a DNS lookup + return url.toExternalForm(); + } + + @Override + public InputStream openInputStream() throws IOException { + URL url = getURL(); + return url.openStream(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/net/ConnectionEndpointsIndicator.java b/files-sftp/src/main/java/org/apache/sshd/common/util/net/ConnectionEndpointsIndicator.java new file mode 100644 index 0000000..9d56e13 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/net/ConnectionEndpointsIndicator.java @@ -0,0 +1,37 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.net; + +import java.net.SocketAddress; + +/** + * @author Apache MINA SSHD Project + */ +public interface ConnectionEndpointsIndicator { + /** + * @return the socket address of remote peer. + */ + SocketAddress getRemoteAddress(); + + /** + * @return the socket address of local machine which is associated with this session. + */ + SocketAddress getLocalAddress(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/net/NetworkConnector.java b/files-sftp/src/main/java/org/apache/sshd/common/util/net/NetworkConnector.java new file mode 100644 index 0000000..9f16a2e --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/net/NetworkConnector.java @@ -0,0 +1,88 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.net; + +import java.util.concurrent.TimeUnit; + +/** + * @author Apache MINA SSHD Project + */ +public class NetworkConnector { + public static final String DEFAULT_HOST = SshdSocketAddress.LOCALHOST_IPV4; + public static final long DEFAULT_CONNECT_TIMEOUT = TimeUnit.SECONDS.toMillis(5L); + public static final long DEFAULT_READ_TIMEOUT = TimeUnit.SECONDS.toMillis(15L); + + private String protocol; + private String host = DEFAULT_HOST; + private int port; + private long connectTimeout = DEFAULT_CONNECT_TIMEOUT; + private long readTimeout = DEFAULT_READ_TIMEOUT; + + public NetworkConnector() { + super(); + } + + public String getProtocol() { + return protocol; + } + + public void setProtocol(String protocol) { + this.protocol = protocol; + } + + public String getHost() { + return host; + } + + public void setHost(String host) { + this.host = host; + } + + public int getPort() { + return port; + } + + public void setPort(int port) { + this.port = port; + } + + public long getConnectTimeout() { + return connectTimeout; + } + + public void setConnectTimeout(long connectTimeout) { + this.connectTimeout = connectTimeout; + } + + public long getReadTimeout() { + return readTimeout; + } + + public void setReadTimeout(long readTimeout) { + this.readTimeout = readTimeout; + } + + @Override + public String toString() { + return getProtocol() + "://" + getHost() + ":" + getPort() + + ";connect=" + getConnectTimeout() + + ";read=" + getReadTimeout(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/net/SshdSocketAddress.java b/files-sftp/src/main/java/org/apache/sshd/common/util/net/SshdSocketAddress.java new file mode 100644 index 0000000..701e761 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/net/SshdSocketAddress.java @@ -0,0 +1,734 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.net; + +import java.net.Inet4Address; +import java.net.InetAddress; +import java.net.InetSocketAddress; +import java.net.NetworkInterface; +import java.net.SocketAddress; +import java.net.SocketException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.Comparator; +import java.util.Enumeration; +import java.util.LinkedHashSet; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.Set; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + *

        + * A simple socket address holding the host name and port number. The reason it does not extend + * {@link InetSocketAddress} is twofold: + *

        + *
          + *
        1. + *

          + * The {@link InetSocketAddress} performs a DNS resolution on the provided host name - which we don't want do use until + * we want to create a connection using this address (thus the {@link #toInetSocketAddress()} call which executes this + * query + *

          + *
          2. + * + *
        2. + *

          + * If empty host name is provided we replace it with the any address of 0.0.0.0 + *

          + *
          3. + *
        + * + * @author Apache MINA SSHD Project + */ +public class SshdSocketAddress extends SocketAddress { + public static final String LOCALHOST_NAME = "localhost"; + public static final String LOCALHOST_IPV4 = "127.0.0.1"; + public static final String IPV4_ANYADDR = "0.0.0.0"; + + public static final Set WELL_KNOWN_IPV4_ADDRESSES = Collections.unmodifiableSet( + new LinkedHashSet<>( + Arrays.asList(LOCALHOST_IPV4, IPV4_ANYADDR))); + + // 10.0.0.0 - 10.255.255.255 + public static final String PRIVATE_CLASS_A_PREFIX = "10."; + // 172.16.0.0 - 172.31.255.255 + public static final String PRIVATE_CLASS_B_PREFIX = "172."; + // 192.168.0.0 - 192.168.255.255 + public static final String PRIVATE_CLASS_C_PREFIX = "192.168."; + // 100.64.0.0 - 100.127.255.255 + public static final String CARRIER_GRADE_NAT_PREFIX = "100."; + // The IPv4 broadcast address + public static final String BROADCAST_ADDRESS = "255.255.255.255"; + + /** Max. number of hex groups (separated by ":") in an IPV6 address */ + public static final int IPV6_MAX_HEX_GROUPS = 8; + + /** Max. hex digits in each IPv6 group */ + public static final int IPV6_MAX_HEX_DIGITS_PER_GROUP = 4; + + public static final String IPV6_LONG_ANY_ADDRESS = "0:0:0:0:0:0:0:0"; + public static final String IPV6_SHORT_ANY_ADDRESS = "::"; + + public static final String IPV6_LONG_LOCALHOST = "0:0:0:0:0:0:0:1"; + public static final String IPV6_SHORT_LOCALHOST = "::1"; + + public static final Set WELL_KNOWN_IPV6_ADDRESSES = Collections.unmodifiableSet( + new LinkedHashSet<>( + Arrays.asList( + IPV6_LONG_LOCALHOST, IPV6_SHORT_LOCALHOST, + IPV6_LONG_ANY_ADDRESS, IPV6_SHORT_ANY_ADDRESS))); + + /** + * A dummy placeholder that can be used instead of {@code null}s + */ + public static final SshdSocketAddress LOCALHOST_ADDRESS = new SshdSocketAddress(LOCALHOST_IPV4, 0); + + /** + * Compares {@link InetAddress}-es according to their {@link InetAddress#getHostAddress()} value case + * insensitive + * + * @see #toAddressString(InetAddress) + */ + public static final Comparator BY_HOST_ADDRESS = (a1, a2) -> { + String n1 = GenericUtils.trimToEmpty(toAddressString(a1)); + String n2 = GenericUtils.trimToEmpty(toAddressString(a2)); + return String.CASE_INSENSITIVE_ORDER.compare(n1, n2); + }; + + /** + * Compares {@link SocketAddress}-es according to their host case insensitive and if equals, then according + * to their port value (if any) + * + * @see #toAddressString(SocketAddress) + * @see #toAddressPort(SocketAddress) + */ + public static final Comparator BY_HOST_AND_PORT = (a1, a2) -> { + String n1 = GenericUtils.trimToEmpty(toAddressString(a1)); + String n2 = GenericUtils.trimToEmpty(toAddressString(a2)); + int nRes = String.CASE_INSENSITIVE_ORDER.compare(n1, n2); + if (nRes != 0) { + return nRes; + } + + int p1 = toAddressPort(a1); + int p2 = toAddressPort(a2); + nRes = Integer.compare(p1, p2); + if (nRes != 0) { + return nRes; + } + + return 0; + }; + + private static final long serialVersionUID = 6461645947151952729L; + + private final String hostName; + private final int port; + + public SshdSocketAddress(int port) { + this(IPV4_ANYADDR, port); + } + + public SshdSocketAddress(InetSocketAddress addr) { + Objects.requireNonNull(addr, "No address provided"); + + String host = addr.getHostString(); + hostName = GenericUtils.isEmpty(host) ? IPV4_ANYADDR : host; + port = addr.getPort(); + ValidateUtils.checkTrue(port >= 0, "Port must be >= 0: %d", port); + } + + public SshdSocketAddress(String hostName, int port) { + Objects.requireNonNull(hostName, "Host name may not be null"); + this.hostName = GenericUtils.isEmpty(hostName) ? IPV4_ANYADDR : hostName; + + ValidateUtils.checkTrue(port >= 0, "Port must be >= 0: %d", port); + this.port = port; + } + + public String getHostName() { + return hostName; + } + + public int getPort() { + return port; + } + + public InetSocketAddress toInetSocketAddress() { + return new InetSocketAddress(getHostName(), getPort()); + } + + @Override + public String toString() { + return getHostName() + ":" + getPort(); + } + + protected boolean isEquivalent(SshdSocketAddress that) { + if (that == null) { + return false; + } else if (that == this) { + return true; + } else { + return (this.getPort() == that.getPort()) + && isEquivalentHostName(this.getHostName(), that.getHostName(), false); + } + } + + @Override + public boolean equals(Object o) { + if (o == null) { + return false; + } + if (getClass() != o.getClass()) { + return false; + } + return isEquivalent((SshdSocketAddress) o); + } + + @Override + public int hashCode() { + return GenericUtils.hashCode(getHostName(), Boolean.FALSE) + 31 * Integer.hashCode(getPort()); + } + + /** + * Returns the first external network address assigned to this machine or null if one is not found. + * + * @return Inet4Address associated with an external interface DevNote: We actually return InetAddress here, as + * Inet4Addresses are final and cannot be mocked. + */ + public static InetAddress getFirstExternalNetwork4Address() { + List addresses = getExternalNetwork4Addresses(); + return (GenericUtils.size(addresses) > 0) ? addresses.get(0) : null; + } + + /** + * @return a {@link List} of local network addresses which are not multicast or localhost sorted according to + * {@link #BY_HOST_ADDRESS} + */ + public static List getExternalNetwork4Addresses() { + List addresses = new ArrayList<>(); + try { + for (Enumeration nets = NetworkInterface.getNetworkInterfaces(); + (nets != null) && nets.hasMoreElements();) { + NetworkInterface netint = nets.nextElement(); + /* + * TODO - uncomment when 1.5 compatibility no longer required if (!netint.isUp()) { continue; // ignore + * non-running interfaces } + */ + + for (Enumeration inetAddresses = netint.getInetAddresses(); + (inetAddresses != null) && inetAddresses.hasMoreElements();) { + InetAddress inetAddress = inetAddresses.nextElement(); + if (isValidHostAddress(inetAddress)) { + addresses.add(inetAddress); + } + } + } + } catch (SocketException e) { + // swallow + } + + if (GenericUtils.size(addresses) > 1) { + Collections.sort(addresses, BY_HOST_ADDRESS); + } + + return addresses; + } + + /** + * @param addr The {@link InetAddress} to be verified + * @return + *

        + * true if the address is: + *

        + *
        + *
          + *
        • Not {@code null}
          • + *
        • An {@link Inet4Address}
          • + *
        • Not link local
          • + *
        • Not a multicast
          • + *
        • Not a loopback
          • + *
        + * @see InetAddress#isLinkLocalAddress() + * @see InetAddress#isMulticastAddress() + * @see InetAddress#isMulticastAddress() + */ + public static boolean isValidHostAddress(InetAddress addr) { + if (addr == null) { + return false; + } + + if (addr.isLinkLocalAddress()) { + return false; + } + + if (addr.isMulticastAddress()) { + return false; + } + + if (!(addr instanceof Inet4Address)) { + return false; // TODO add support for IPv6 - see SSHD-746 + } + + return !isLoopback(addr); + } + + /** + * @param addr The {@link InetAddress} to be considered + * @return true if the address is a loopback one. Note: if + * {@link InetAddress#isLoopbackAddress()} returns false the address string is + * checked + * @see #toAddressString(InetAddress) + * @see #isLoopback(String) + */ + public static boolean isLoopback(InetAddress addr) { + if (addr == null) { + return false; + } + + if (addr.isLoopbackAddress()) { + return true; + } + + String ip = toAddressString(addr); + return isLoopback(ip); + } + + /** + * @param ip IP value to be tested + * @return true if the IP is "localhost" or "127.x.x.x". + */ + public static boolean isLoopback(String ip) { + if (GenericUtils.isEmpty(ip)) { + return false; + } + + if (LOCALHOST_NAME.equals(ip)) { + return true; + } + + return isIPv4LoopbackAddress(ip) || isIPv6LoopbackAddress(ip); + } + + public static boolean isIPv4LoopbackAddress(String ip) { + if (GenericUtils.isEmpty(ip)) { + return false; + } + + if (LOCALHOST_IPV4.equals(ip)) { + return true; // most used + } + + String[] values = GenericUtils.split(ip, '.'); + if (GenericUtils.length(values) != 4) { + return false; + } + + for (int index = 0; index < values.length; index++) { + String val = values[index]; + if (!isValidIPv4AddressComponent(val)) { + return false; + } + + if (index == 0) { + int number = Integer.parseInt(val); + if (number != 127) { + return false; + } + } + } + + return true; + } + + public static boolean isIPv6LoopbackAddress(String ip) { + // TODO add more patterns - e.g., https://tools.ietf.org/id/draft-smith-v6ops-larger-ipv6-loopback-prefix-04.html + return IPV6_LONG_LOCALHOST.equals(ip) || IPV6_SHORT_LOCALHOST.equals(ip); + } + + public static boolean isEquivalentHostName(String h1, String h2, boolean allowWildcard) { + if (GenericUtils.safeCompare(h1, h2, false) == 0) { + return true; + } + + if (allowWildcard) { + return isWildcardAddress(h1) || isWildcardAddress(h2); + } + + return false; + } + + public static boolean isLoopbackAlias(String h1, String h2) { + return (LOCALHOST_NAME.equals(h1) && isLoopback(h2)) + || (LOCALHOST_NAME.equals(h2) && isLoopback(h1)); + } + + public static boolean isWildcardAddress(String addr) { + return IPV4_ANYADDR.equalsIgnoreCase(addr) + || IPV6_LONG_ANY_ADDRESS.equalsIgnoreCase(addr) + || IPV6_SHORT_ANY_ADDRESS.equalsIgnoreCase(addr); + } + + public static SshdSocketAddress toSshdSocketAddress(SocketAddress addr) { + if (addr == null) { + return null; + } else if (addr instanceof SshdSocketAddress) { + return (SshdSocketAddress) addr; + } else if (addr instanceof InetSocketAddress) { + InetSocketAddress isockAddress = (InetSocketAddress) addr; + return new SshdSocketAddress(isockAddress.getHostName(), isockAddress.getPort()); + } else { + throw new UnsupportedOperationException( + "Cannot convert " + addr.getClass().getSimpleName() + + "=" + addr + " to " + SshdSocketAddress.class.getSimpleName()); + } + } + + public static String toAddressString(SocketAddress addr) { + if (addr == null) { + return null; + } else if (addr instanceof InetSocketAddress) { + return ((InetSocketAddress) addr).getHostString(); + } else if (addr instanceof SshdSocketAddress) { + return ((SshdSocketAddress) addr).getHostName(); + } else { + return addr.toString(); + } + } + + /** + * Attempts to resolve the port value + * + * @param addr The {@link SocketAddress} to examine + * @return The associated port value - negative if failed to resolve + */ + public static int toAddressPort(SocketAddress addr) { + if (addr instanceof InetSocketAddress) { + return ((InetSocketAddress) addr).getPort(); + } else if (addr instanceof SshdSocketAddress) { + return ((SshdSocketAddress) addr).getPort(); + } else { + return -1; + } + } + + /** + *

        + * Converts a {@code SocketAddress} into an {@link InetSocketAddress} if possible: + *

        + *
        + *
          + *
        • If already an {@link InetSocketAddress} then cast it as such
          • + *
        • If an {@code SshdSocketAddress} then invoke {@link #toInetSocketAddress()}
          • + *
        • Otherwise, throw an exception
          • + *
        + * + * @param remoteAddress The {@link SocketAddress} - ignored if {@code null} + * @return The {@link InetSocketAddress} instance + * @throws ClassCastException if argument is not already an {@code InetSocketAddress} or a {@code SshdSocketAddress} + */ + public static InetSocketAddress toInetSocketAddress(SocketAddress remoteAddress) { + if (remoteAddress == null) { + return null; + } else if (remoteAddress instanceof InetSocketAddress) { + return (InetSocketAddress) remoteAddress; + } else if (remoteAddress instanceof SshdSocketAddress) { + return ((SshdSocketAddress) remoteAddress).toInetSocketAddress(); + } else { + throw new ClassCastException("Unknown remote address type: " + remoteAddress); + } + } + + public static String toAddressString(InetAddress addr) { + String ip = (addr == null) ? null : addr.toString(); + if (GenericUtils.isEmpty(ip)) { + return null; + } else { + return ip.replaceAll(".*/", ""); + } + } + + public static boolean isIPv4Address(String addr) { + addr = GenericUtils.trimToEmpty(addr); + if (GenericUtils.isEmpty(addr)) { + return false; + } + + if (WELL_KNOWN_IPV4_ADDRESSES.contains(addr)) { + return true; + } + + String[] comps = GenericUtils.split(addr, '.'); + if (GenericUtils.length(comps) != 4) { + return false; + } + + for (String c : comps) { + if (!isValidIPv4AddressComponent(c)) { + return false; + } + } + + return true; + } + + /** + * Checks if the address is one of the allocated private blocks + * + * @param addr The address string + * @return {@code true} if this is one of the allocated private blocks. Note: it assumes that the + * address string is indeed an IPv4 address + * @see #isIPv4Address(String) + * @see #PRIVATE_CLASS_A_PREFIX + * @see #PRIVATE_CLASS_B_PREFIX + * @see #PRIVATE_CLASS_C_PREFIX + * @see Wiki page + */ + public static boolean isPrivateIPv4Address(String addr) { + if (GenericUtils.isEmpty(addr)) { + return false; + } + + if (addr.startsWith(PRIVATE_CLASS_A_PREFIX) || addr.startsWith(PRIVATE_CLASS_C_PREFIX)) { + return true; + } + + // for 172.x.x.x we need further checks + if (!addr.startsWith(PRIVATE_CLASS_B_PREFIX)) { + return false; + } + + int nextCompPos = addr.indexOf('.', PRIVATE_CLASS_B_PREFIX.length()); + if (nextCompPos <= PRIVATE_CLASS_B_PREFIX.length()) { + return false; + } + + String value = addr.substring(PRIVATE_CLASS_B_PREFIX.length(), nextCompPos); + if (!isValidIPv4AddressComponent(value)) { + return false; + } + + int v = Integer.parseInt(value); + return (v >= 16) && (v <= 31); + } + + /** + * @param addr The address to be checked + * @return {@code true} if the address is in the 100.64.0.0/10 range + * @see RFC6598 + */ + public static boolean isCarrierGradeNatIPv4Address(String addr) { + if (GenericUtils.isEmpty(addr)) { + return false; + } + + if (!addr.startsWith(CARRIER_GRADE_NAT_PREFIX)) { + return false; + } + + int nextCompPos = addr.indexOf('.', CARRIER_GRADE_NAT_PREFIX.length()); + if (nextCompPos <= CARRIER_GRADE_NAT_PREFIX.length()) { + return false; + } + + String value = addr.substring(CARRIER_GRADE_NAT_PREFIX.length(), nextCompPos); + if (!isValidIPv4AddressComponent(value)) { + return false; + } + + int v = Integer.parseInt(value); + return (v >= 64) && (v <= 127); + } + + /** + *

        + * Checks if the provided argument is a valid IPv4 address component: + *

        + *
        + *
          + *
        • Not {@code null}/empty
          • + *
        • Has at most 3 digits
          • + *
        • Its value is ≤ 255
          • + *
        + * + * @param c The {@link CharSequence} to be validate + * @return {@code true} if valid IPv4 address component + */ + public static boolean isValidIPv4AddressComponent(CharSequence c) { + if (GenericUtils.isEmpty(c) || (c.length() > 3)) { + return false; + } + + char ch = c.charAt(0); + if ((ch < '0') || (ch > '9')) { + return false; + } + + if (!NumberUtils.isIntegerNumber(c)) { + return false; + } + + int v = Integer.parseInt(c.toString()); + return (v >= 0) && (v <= 255); + } + + // Based on org.apache.commons.validator.routines.InetAddressValidator#isValidInet6Address + public static boolean isIPv6Address(String address) { + address = GenericUtils.trimToEmpty(address); + if (GenericUtils.isEmpty(address)) { + return false; + } + + if (WELL_KNOWN_IPV6_ADDRESSES.contains(address)) { + return true; + } + + boolean containsCompressedZeroes = address.contains("::"); + if (containsCompressedZeroes && (address.indexOf("::") != address.lastIndexOf("::"))) { + return false; + } + + if (((address.indexOf(':') == 0) && (!address.startsWith("::"))) + || (address.endsWith(":") && (!address.endsWith("::")))) { + return false; + } + + String[] splitOctets = GenericUtils.split(address, ':'); + List octetList = new ArrayList<>(Arrays.asList(splitOctets)); + if (containsCompressedZeroes) { + if (address.endsWith("::")) { + // String.split() drops ending empty segments + octetList.add(""); + } else if (address.startsWith("::") && (!octetList.isEmpty())) { + octetList.remove(0); + } + } + + int numOctests = octetList.size(); + if (numOctests > IPV6_MAX_HEX_GROUPS) { + return false; + } + + int validOctets = 0; + int emptyOctets = 0; // consecutive empty chunks + for (int index = 0; index < numOctests; index++) { + String octet = octetList.get(index); + int pos = octet.indexOf('%'); // is it a zone index + if (pos >= 0) { + // zone index must come last + if (index != (numOctests - 1)) { + return false; + } + + octet = (pos > 0) ? octet.substring(0, pos) : ""; + } + + int octetLength = octet.length(); + if (octetLength == 0) { + emptyOctets++; + if (emptyOctets > 1) { + return false; + } + + validOctets++; + continue; + } + + emptyOctets = 0; + + // Is last chunk an IPv4 address? + if ((index == (numOctests - 1)) && (octet.indexOf('.') > 0)) { + if (!isIPv4Address(octet)) { + return false; + } + validOctets += 2; + continue; + } + + if (octetLength > IPV6_MAX_HEX_DIGITS_PER_GROUP) { + return false; + } + + int octetInt = 0; + try { + octetInt = Integer.parseInt(octet, 16); + } catch (NumberFormatException e) { + return false; + } + + if ((octetInt < 0) || (octetInt > 0x000ffff)) { + return false; + } + + validOctets++; + } + + if ((validOctets > IPV6_MAX_HEX_GROUPS) + || ((validOctets < IPV6_MAX_HEX_GROUPS) && (!containsCompressedZeroes))) { + return false; + } + return true; + } + + public static V findByOptionalWildcardAddress(Map map, SshdSocketAddress address) { + Map.Entry entry = findMatchingOptionalWildcardEntry(map, address); + return (entry == null) ? null : entry.getValue(); + } + + public static V removeByOptionalWildcardAddress(Map map, SshdSocketAddress address) { + Map.Entry entry = findMatchingOptionalWildcardEntry(map, address); + return (entry == null) ? null : map.remove(entry.getKey()); + } + + public static Map.Entry findMatchingOptionalWildcardEntry( + Map map, SshdSocketAddress address) { + if (GenericUtils.isEmpty(map) || (address == null)) { + return null; + } + + String hostName = address.getHostName(); + Map.Entry candidate = null; + for (Map.Entry e : map.entrySet()) { + SshdSocketAddress a = e.getKey(); + if (a.getPort() != address.getPort()) { + continue; + } + + String candidateName = a.getHostName(); + if (hostName.equalsIgnoreCase(candidateName)) { + return e; // If found exact match then use it + } + + if (isEquivalentHostName(hostName, candidateName, true)) { + if (candidate != null) { + throw new IllegalStateException("Multiple candidate matches for " + address + ": " + candidate + ", " + e); + } + candidate = e; + } + } + + return candidate; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/security/AbstractSecurityProviderRegistrar.java b/files-sftp/src/main/java/org/apache/sshd/common/util/security/AbstractSecurityProviderRegistrar.java new file mode 100644 index 0000000..56a4c5d --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/security/AbstractSecurityProviderRegistrar.java @@ -0,0 +1,120 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.security; + +import java.security.Provider; +import java.security.Security; +import java.util.HashMap; +import java.util.Map; +import java.util.TreeMap; +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.common.util.ValidateUtils; + +/** + * @author Apache MINA SSHD Project + */ +public abstract class AbstractSecurityProviderRegistrar + implements SecurityProviderRegistrar { + protected final Map props = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + protected final Map, Map> supportedEntities = new HashMap<>(); + protected final AtomicReference providerHolder = new AtomicReference<>(null); + + private final String name; + + protected AbstractSecurityProviderRegistrar(String name) { + this.name = ValidateUtils.checkNotNullAndNotEmpty(name, "No name provided"); + } + + @Override + public final String getName() { + return name; + } + + @Override + public Map getProperties() { + return props; + } + + @Override + public boolean isSecurityEntitySupported(Class entityType, String name) { + Map supportMap; + synchronized (supportedEntities) { + supportMap = supportedEntities.computeIfAbsent( + entityType, k -> new TreeMap<>(String.CASE_INSENSITIVE_ORDER)); + } + + Boolean supportFlag; + synchronized (supportMap) { + supportFlag = supportMap.computeIfAbsent( + name, k -> SecurityProviderRegistrar.super.isSecurityEntitySupported(entityType, name)); + } + + return supportFlag; + } + + /** + * Attempts to see if a provider with this name already registered. If not, then uses reflection API in order to + * load and instantiate the specified providerClassName + * + * @param providerClassName The fully-qualified class name to instantiate if a provider not already + * registered + * @return The resolved {@link Provider} instance - Note: the result is + * cached - i.e., successful resolution result will not cause the code + * to re-resolve the provider + * @throws ReflectiveOperationException If failed to instantiate the provider + * @throws UnsupportedOperationException If registrar not supported + * @see #isSupported() + * @see Security#getProvider(String) + * @see #createProviderInstance(String) + */ + protected Provider getOrCreateProvider(String providerClassName) throws ReflectiveOperationException { + if (!isSupported()) { + throw new UnsupportedOperationException("Provider not supported"); + } + + Provider provider; + boolean created = false; + synchronized (providerHolder) { + provider = providerHolder.get(); + if (provider != null) { + return provider; + } + + provider = Security.getProvider(getName()); + if (provider == null) { + provider = createProviderInstance(providerClassName); + created = true; + } + providerHolder.set(provider); + } + + return provider; + } + + protected Provider createProviderInstance(String providerClassName) throws ReflectiveOperationException { + return SecurityProviderChoice.createProviderInstance(getClass(), providerClassName); + } + + @Override + public String toString() { + return getClass().getSimpleName() + "[" + getName() + "]"; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/security/SecurityEntityFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/util/security/SecurityEntityFactory.java new file mode 100644 index 0000000..e425783 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/security/SecurityEntityFactory.java @@ -0,0 +1,193 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.security; + +import java.lang.reflect.Method; +import java.security.GeneralSecurityException; +import java.security.Provider; +import java.util.Objects; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * @param Type of security entity being generated by this factory + * @author Apache MINA SSHD Project + */ +public interface SecurityEntityFactory { + Class getEntityType(); + + T getInstance(String algorithm) throws GeneralSecurityException; + + /** + * Uses reflection in order to wrap the {@code getInstance} method(s) as a security entity factory. + * + * @param Type of entity being generated by the factor + * @param entityType The entity type class + * @param registrar The {@code SecurityProviderRegistrar} to use - if {@code null} then default + * provider is used (if specified). + * @param defaultProvider Default provider choice to use if no registrar provided. If + * {@code null}/empty then JCE default is used + * @return The {@link SecurityEntityFactory} for the entity + * @throws ReflectiveOperationException If failed to create the factory + * @see #toDefaultFactory(Class) + * @see #toNamedProviderFactory(Class, String) + * @see #toProviderInstanceFactory(Class, Provider) + * @see SecurityProviderChoice#isNamedProviderUsed() + * @see SecurityProviderChoice#getSecurityProvider() + */ + static SecurityEntityFactory toFactory( + Class entityType, SecurityProviderChoice registrar, SecurityProviderChoice defaultProvider) + throws ReflectiveOperationException { + if (registrar == null) { + if ((defaultProvider == null) || (defaultProvider == SecurityProviderChoice.EMPTY)) { + return toDefaultFactory(entityType); + } else if (defaultProvider.isNamedProviderUsed()) { + return toNamedProviderFactory(entityType, defaultProvider.getName()); + } else { + return toProviderInstanceFactory(entityType, defaultProvider.getSecurityProvider()); + } + } else if (registrar.isNamedProviderUsed()) { + return toNamedProviderFactory(entityType, registrar.getName()); + } else { + return toProviderInstanceFactory(entityType, registrar.getSecurityProvider()); + } + } + + static SecurityEntityFactory toDefaultFactory(Class entityType) + throws ReflectiveOperationException { + Method m = entityType.getDeclaredMethod("getInstance", String.class); + return new SecurityEntityFactory() { + private final String s = SecurityEntityFactory.class.getSimpleName() + + "[" + entityType.getSimpleName() + "]" + + "[default]"; + + @Override + public Class getEntityType() { + return entityType; + } + + @Override + public F getInstance(String algorithm) throws GeneralSecurityException { + try { + Object value = m.invoke(null, algorithm); + return entityType.cast(value); + } catch (ReflectiveOperationException t) { + Throwable e = GenericUtils.peelException(t); + if (e instanceof GeneralSecurityException) { + throw (GeneralSecurityException) e; + } else if (e instanceof RuntimeException) { + throw (RuntimeException) e; + } else if (e instanceof Error) { + throw (Error) e; + } else { + throw new GeneralSecurityException(e); + } + } + } + + @Override + public String toString() { + return s; + } + }; + } + + static SecurityEntityFactory toNamedProviderFactory(Class entityType, String name) + throws ReflectiveOperationException { + ValidateUtils.checkNotNullAndNotEmpty(name, "No provider name specified"); + Method m = entityType.getDeclaredMethod("getInstance", String.class, String.class); + return new SecurityEntityFactory() { + private final String s = SecurityEntityFactory.class.getSimpleName() + + "[" + entityType.getSimpleName() + "]" + + "[" + name + "]"; + + @Override + public Class getEntityType() { + return entityType; + } + + @Override + public F getInstance(String algorithm) throws GeneralSecurityException { + try { + Object value = m.invoke(null, algorithm, name); + return entityType.cast(value); + } catch (ReflectiveOperationException t) { + Throwable e = GenericUtils.peelException(t); + if (e instanceof GeneralSecurityException) { + throw (GeneralSecurityException) e; + } else if (e instanceof RuntimeException) { + throw (RuntimeException) e; + } else if (e instanceof Error) { + throw (Error) e; + } else { + throw new GeneralSecurityException(e); + } + } + } + + @Override + public String toString() { + return s; + } + }; + } + + static SecurityEntityFactory toProviderInstanceFactory(Class entityType, Provider provider) + throws ReflectiveOperationException { + Objects.requireNonNull(provider, "No provider instance"); + Method m = entityType.getDeclaredMethod("getInstance", String.class, Provider.class); + return new SecurityEntityFactory() { + private final String s = SecurityEntityFactory.class.getSimpleName() + + "[" + entityType.getSimpleName() + "]" + + "[" + Provider.class.getSimpleName() + "]" + + "[" + provider.getName() + "]"; + + @Override + public Class getEntityType() { + return entityType; + } + + @Override + public F getInstance(String algorithm) throws GeneralSecurityException { + try { + Object value = m.invoke(null, algorithm, provider); + return entityType.cast(value); + } catch (ReflectiveOperationException t) { + Throwable e = GenericUtils.peelException(t); + if (e instanceof GeneralSecurityException) { + throw (GeneralSecurityException) e; + } else if (e instanceof RuntimeException) { + throw (RuntimeException) e; + } else if (e instanceof Error) { + throw (Error) e; + } else { + throw new GeneralSecurityException(e); + } + } + } + + @Override + public String toString() { + return s; + } + }; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/security/SecurityProviderChoice.java b/files-sftp/src/main/java/org/apache/sshd/common/util/security/SecurityProviderChoice.java new file mode 100644 index 0000000..9f1cb35 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/security/SecurityProviderChoice.java @@ -0,0 +1,129 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.security; + +import java.security.Provider; +import java.util.Objects; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.threads.ThreadUtils; + +/** + * @author Apache MINA SSHD Project + */ +public interface SecurityProviderChoice extends NamedResource { + SecurityProviderChoice EMPTY = new SecurityProviderChoice() { + @Override + public String getName() { + return null; + } + + @Override + public boolean isNamedProviderUsed() { + return false; + } + + @Override + public Provider getSecurityProvider() { + return null; + } + + @Override + public String toString() { + return "EMPTY"; + } + }; + + /** + * @return {@code true} if to use the provider's name rather than its {@link Provider} instance - + * default={@code true}. + */ + default boolean isNamedProviderUsed() { + return true; + } + + /** + * @return The security {@link Provider} to use in case {@link #isNamedProviderUsed()} is {@code false}. Can be + * {@code null} if {@link #isNamedProviderUsed()} is {@code true}, but not recommended. + */ + Provider getSecurityProvider(); + + static SecurityProviderChoice toSecurityProviderChoice(String name) { + ValidateUtils.checkNotNullAndNotEmpty(name, "No name provided"); + return new SecurityProviderChoice() { + private final String s = SecurityProviderChoice.class.getSimpleName() + "[" + name + "]"; + + @Override + public String getName() { + return name; + } + + @Override + public boolean isNamedProviderUsed() { + return true; + } + + @Override + public Provider getSecurityProvider() { + return null; + } + + @Override + public String toString() { + return s; + } + }; + } + + static SecurityProviderChoice toSecurityProviderChoice(Provider provider) { + Objects.requireNonNull(provider, "No provider instance"); + return new SecurityProviderChoice() { + private final String s = SecurityProviderChoice.class.getSimpleName() + + "[" + Provider.class.getSimpleName() + "]" + + "[" + provider.getName() + "]"; + + @Override + public String getName() { + return provider.getName(); + } + + @Override + public boolean isNamedProviderUsed() { + return false; + } + + @Override + public Provider getSecurityProvider() { + return provider; + } + + @Override + public String toString() { + return s; + } + }; + } + + static Provider createProviderInstance(Class anchor, String providerClassName) + throws ReflectiveOperationException { + return ThreadUtils.createDefaultInstance(anchor, Provider.class, providerClassName); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/security/SecurityProviderRegistrar.java b/files-sftp/src/main/java/org/apache/sshd/common/util/security/SecurityProviderRegistrar.java new file mode 100644 index 0000000..0d8c48e --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/security/SecurityProviderRegistrar.java @@ -0,0 +1,331 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.security; + +import java.security.KeyFactory; +import java.security.KeyPairGenerator; +import java.security.MessageDigest; +import java.security.Provider; +import java.security.Security; +import java.security.Signature; +import java.security.cert.CertificateFactory; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.function.Predicate; + +import javax.crypto.Cipher; +import javax.crypto.KeyAgreement; +import javax.crypto.Mac; + +import org.apache.sshd.common.OptionalFeature; +import org.apache.sshd.common.PropertyResolver; +import org.apache.sshd.common.PropertyResolverUtils; +import org.apache.sshd.common.SyspropsMapWrapper; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.IgnoringEmptyMap; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * @author Apache MINA SSHD Project + */ +public interface SecurityProviderRegistrar extends SecurityProviderChoice, OptionalFeature, PropertyResolver { + /** + * Base name for configuration properties related to security providers + */ + String CONFIG_PROP_BASE = "org.apache.sshd.security.provider"; + + /** + * Property used to configure whether the provider is enabled regardless of whether it is supported. + * + * @see #isEnabled() + */ + String ENABLED_PROPERTY = "enabled"; + + /** + * Property used to configure whether to use the provider's name rather than its {@link Provider} instance + * + * @see #isNamedProviderUsed() + */ + String NAMED_PROVIDER_PROPERTY = "useNamed"; + + String ALL_OPTIONS_VALUE = "all"; + String ALL_OPTIONS_WILDCARD = "*"; + + String NO_OPTIONS_VALUE = "none"; + + /** + * All the entities that are used in calls to {@link #isSecurityEntitySupported(Class, String)} + */ + List> SECURITY_ENTITIES = Collections.unmodifiableList( + Arrays.asList( + Cipher.class, KeyFactory.class, MessageDigest.class, + KeyPairGenerator.class, KeyAgreement.class, Mac.class, + Signature.class, CertificateFactory.class)); + + default String getBasePropertyName() { + return CONFIG_PROP_BASE + "." + getName(); + } + + default String getConfigurationPropertyName(String name) { + return getBasePropertyName() + "." + name; + } + + /** + * @return {@code true} if the provider is enabled regardless of whether it is supported - default={@code true}. + * Note: checks if the provider has been programmatically disabled via + * {@link SecurityUtils#setAPrioriDisabledProvider(String, boolean)} + * @see #ENABLED_PROPERTY + */ + default boolean isEnabled() { + if (SecurityUtils.isAPrioriDisabledProvider(getName())) { + return false; + } + + String configPropName = getConfigurationPropertyName(ENABLED_PROPERTY); + return this.getBooleanProperty(configPropName, true); + } + + @Override + default PropertyResolver getParentPropertyResolver() { + return SyspropsMapWrapper.RAW_PROPS_RESOLVER; + } + + @Override + default Map getProperties() { + return IgnoringEmptyMap.getInstance(); + } + + /** + * @param transformation The requested {@link Cipher} transformation + * @return {@code true} if this security provider supports the transformation + * @see #isSecurityEntitySupported(Class, String) + */ + default boolean isCipherSupported(String transformation) { + return isSecurityEntitySupported(Cipher.class, transformation); + } + + /** + * @param algorithm The {@link KeyFactory} algorithm + * @return {@code true} if this security provider supports the algorithm + * @see #isSecurityEntitySupported(Class, String) + */ + default boolean isKeyFactorySupported(String algorithm) { + return isSecurityEntitySupported(KeyFactory.class, algorithm); + } + + /** + * @param algorithm The {@link MessageDigest} algorithm + * @return {@code true} if this security provider supports the algorithm + * @see #isSecurityEntitySupported(Class, String) + */ + default boolean isMessageDigestSupported(String algorithm) { + return isSecurityEntitySupported(MessageDigest.class, algorithm); + } + + /** + * @param algorithm The {@link KeyPairGenerator} algorithm + * @return {@code true} if this security provider supports the algorithm + * @see #isSecurityEntitySupported(Class, String) + */ + default boolean isKeyPairGeneratorSupported(String algorithm) { + return isSecurityEntitySupported(KeyPairGenerator.class, algorithm); + } + + /** + * @param algorithm The {@link KeyAgreement} algorithm + * @return {@code true} if this security provider supports the algorithm + * @see #isSecurityEntitySupported(Class, String) + */ + default boolean isKeyAgreementSupported(String algorithm) { + return isSecurityEntitySupported(KeyAgreement.class, algorithm); + } + + /** + * @param algorithm The {@link Mac} algorithm + * @return {@code true} if this security provider supports the algorithm + * @see #isSecurityEntitySupported(Class, String) + */ + default boolean isMacSupported(String algorithm) { + return isSecurityEntitySupported(Mac.class, algorithm); + } + + /** + * @param algorithm The {@link Signature} algorithm + * @return {@code true} if this security provider supports the algorithm + * @see #isSecurityEntitySupported(Class, String) + */ + default boolean isSignatureSupported(String algorithm) { + return isSecurityEntitySupported(Signature.class, algorithm); + } + + /** + * @param type The {@link CertificateFactory} type + * @return {@code true} if this security provider supports the algorithm + * @see #isSecurityEntitySupported(Class, String) + */ + default boolean isCertificateFactorySupported(String type) { + return isSecurityEntitySupported(CertificateFactory.class, type); + } + + /** + * @param entityType The requested entity type - its simple name serves to build the configuration property name. + * @return Configuration value to use if no specific configuration provided - default=empty + * @see #isSecurityEntitySupported(Class, String) + */ + default String getDefaultSecurityEntitySupportValue(Class entityType) { + return ""; + } + + default boolean isSecurityEntitySupported(Class entityType, String name) { + String defaultValue = getDefaultSecurityEntitySupportValue(entityType); + return isSecurityEntitySupported(this, entityType, name, defaultValue); + } + + /** + * @return {@code true} if to use the provider's name rather than its {@link Provider} instance - + * default={@code true} + * @see #NAMED_PROVIDER_PROPERTY + * @see #getSecurityProvider() + * @see #registerSecurityProvider(SecurityProviderRegistrar) + */ + @Override + default boolean isNamedProviderUsed() { + return PropertyResolverUtils.getBooleanProperty(this, + getConfigurationPropertyName(NAMED_PROVIDER_PROPERTY), + SecurityProviderChoice.super.isNamedProviderUsed()); + } + + /** + * @param v Value to be examined + * @return {@code true} if the value equals (case insensitive) to either {@link #ALL_OPTIONS_VALUE} or + * {@link #ALL_OPTIONS_WILDCARD} + */ + static boolean isAllOptionsValue(String v) { + return ALL_OPTIONS_VALUE.equalsIgnoreCase(v) + || ALL_OPTIONS_WILDCARD.equalsIgnoreCase(v); + } + + /** + * Checks whether the requested entity type algorithm/name is listed as supported by the registrar's configuration + * + * @param registrar The {@link SecurityProviderRegistrar} + * @param entityType The requested entity type - its simple name serves to build the configuration property name. + * @param name The requested algorithm/name - Note: if the requested entity is a {@link Cipher} then + * the argument is assumed to be a possible "/" separated transformation and parsed + * as such in order to retrieve the pure cipher name + * @param defaultValue Configuration value to use if no specific configuration provided + * @return {@code true} registrar is supported and the value is listed (case insensitive) or * + * the property is one of the "all" markers + * @see SecurityProviderRegistrar#isSupported() + * @see #isAllOptionsValue(String) + */ + static boolean isSecurityEntitySupported( + SecurityProviderRegistrar registrar, Class entityType, String name, String defaultValue) { + return Objects.requireNonNull(registrar, "No registrar instance").isSupported() + && isSecurityEntitySupported(registrar, registrar.getConfigurationPropertyName(entityType.getSimpleName()), + entityType, name, defaultValue); + } + + static boolean isSecurityEntitySupported( + PropertyResolver resolver, String propName, Class entityType, String name, String defaultValue) { + if (GenericUtils.isEmpty(name)) { + return false; + } + + String propValue = resolver.getString(propName); + if (GenericUtils.isEmpty(propValue)) { + propValue = defaultValue; + } + + if (NO_OPTIONS_VALUE.equalsIgnoreCase(propValue)) { + return false; + } + + String[] values = GenericUtils.split(propValue, ','); + if (GenericUtils.isEmpty(values)) { + return false; + } + + if ((values.length == 1) && isAllOptionsValue(values[0])) { + return true; + } + + String effectiveName = getEffectiveSecurityEntityName(entityType, name); + int index = Arrays.binarySearch(values, effectiveName, String.CASE_INSENSITIVE_ORDER); + return index >= 0; + } + + /** + * Determines the "pure" security entity name - e.g., for {@link Cipher}s it strips the trailing + * transformation specification in order to extract the base cipher name - e.g., "AES/CBC/NoPadding" => + * "AES" + * + * @param entityType The security entity type - ignored if {@code null} + * @param name The effective name - ignored if {@code null}/empty + * @return The resolved name + */ + static String getEffectiveSecurityEntityName(Class entityType, String name) { + if ((entityType == null) || GenericUtils.isEmpty(name) || (!Cipher.class.isAssignableFrom(entityType))) { + return name; + } + + int pos = name.indexOf('/'); + return (pos > 0) ? name.substring(0, pos) : name; + } + + /** + * Attempts to register the security provider represented by the registrar if not already registered. Note: + * if {@link SecurityProviderRegistrar#isNamedProviderUsed()} is {@code true} then the generated provider will be + * added to the system's list of known providers. + * + * @param registrar The {@link SecurityProviderRegistrar} + * @return {@code true} if no provider was previously registered + * @see Security#getProvider(String) + * @see SecurityProviderRegistrar#getSecurityProvider() + * @see Security#addProvider(Provider) + */ + static boolean registerSecurityProvider(SecurityProviderRegistrar registrar) { + String name = ValidateUtils.checkNotNullAndNotEmpty( + (registrar == null) ? null : registrar.getName(), "No name for registrar=%s", registrar); + Provider p = Security.getProvider(name); + if (p != null) { + return false; + } + + p = ValidateUtils.checkNotNull( + registrar.getSecurityProvider(), "No provider created for registrar of %s", name); + if (registrar.isNamedProviderUsed()) { + Security.addProvider(p); + } + + return true; + } + + static SecurityProviderRegistrar findSecurityProviderRegistrarBySecurityEntity( + Predicate entitySelector, + Collection registrars) { + return GenericUtils.findFirstMatchingMember( + r -> r.isEnabled() && r.isSupported() && entitySelector.test(r), registrars); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java b/files-sftp/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java new file mode 100644 index 0000000..b301947 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java @@ -0,0 +1,761 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.security; + +import java.io.IOException; +import java.io.InputStream; +import java.math.BigInteger; +import java.nio.file.Path; +import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.Signature; +import java.security.cert.CertificateFactory; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.Set; +import java.util.TreeMap; +import java.util.TreeSet; +import java.util.concurrent.atomic.AtomicBoolean; +import java.util.concurrent.atomic.AtomicInteger; +import java.util.concurrent.atomic.AtomicReference; +import java.util.function.Predicate; + +import javax.crypto.Cipher; +import javax.crypto.KeyAgreement; +import javax.crypto.Mac; +import javax.crypto.spec.DHParameterSpec; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.PropertyResolverUtils; +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.config.keys.PrivateKeyEntryDecoder; +import org.apache.sshd.common.config.keys.PublicKeyEntryDecoder; +import org.apache.sshd.common.config.keys.loader.KeyPairResourceParser; +import org.apache.sshd.common.config.keys.loader.openssh.OpenSSHKeyPairResourceParser; +import org.apache.sshd.common.config.keys.loader.pem.PEMResourceParserUtils; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.random.JceRandomFactory; +import org.apache.sshd.common.random.RandomFactory; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.security.bouncycastle.BouncyCastleKeyPairResourceParser; +import org.apache.sshd.common.util.security.bouncycastle.BouncyCastleRandomFactory; +import org.apache.sshd.common.util.security.eddsa.EdDSASecurityProviderUtils; +import org.apache.sshd.common.util.threads.ThreadUtils; + +/** + * Specific security providers related code + * + * @author Apache MINA SSHD Project + */ +public final class SecurityUtils { + /** + * Bouncycastle JCE provider name + */ + public static final String BOUNCY_CASTLE = "BC"; + + /** + * EDDSA support - should match {@code EdDSAKey.KEY_ALGORITHM} + */ + public static final String EDDSA = "EdDSA"; + + // A copy-paste from the original, but we don't want to drag the classes into the classpath + // See EdDSAEngine.SIGNATURE_ALGORITHM + public static final String CURVE_ED25519_SHA512 = "NONEwithEdDSA"; + + /** + * System property used to configure the value for the minimum supported Diffie-Hellman Group Exchange key size. If + * not set, then an internal auto-discovery mechanism is employed. If set to negative value then Diffie-Hellman + * Group Exchange is disabled. If set to a negative value then Diffie-Hellman Group Exchange is disabled + */ + public static final String MIN_DHGEX_KEY_SIZE_PROP = "org.apache.sshd.minDHGexKeySize"; + + /** + * System property used to configure the value for the maximum supported Diffie-Hellman Group Exchange key size. If + * not set, then an internal auto-discovery mechanism is employed. If set to negative value then Diffie-Hellman + * Group Exchange is disabled. If set to a negative value then Diffie-Hellman Group Exchange is disabled + */ + public static final String MAX_DHGEX_KEY_SIZE_PROP = "org.apache.sshd.maxDHGexKeySize"; + + /** + * The min. key size value used for testing whether Diffie-Hellman Group Exchange is supported or not. According to + * RFC 4419 section 3: "Servers and clients SHOULD support + * groups with a modulus length of k bits, where 1024 <= k <= 8192". + * + * Note: this has been amended by RFC 8270 + */ + public static final int MIN_DHGEX_KEY_SIZE = 2048; + public static final int PREFERRED_DHGEX_KEY_SIZE = 4096; + public static final int MAX_DHGEX_KEY_SIZE = 8192; + + /** + * Comma separated list of fully qualified {@link SecurityProviderRegistrar}s to automatically register + */ + public static final String SECURITY_PROVIDER_REGISTRARS = "org.apache.sshd.security.registrars"; + public static final List DEFAULT_SECURITY_PROVIDER_REGISTRARS = Collections.unmodifiableList( + Arrays.asList( + "org.apache.sshd.common.util.security.bouncycastle.BouncyCastleSecurityProviderRegistrar", + "org.apache.sshd.common.util.security.eddsa.EdDSASecurityProviderRegistrar")); + + /** + * System property used to control whether to automatically register the {@code Bouncyastle} JCE provider + * + * @deprecated Please use "org.apache.sshd.security.provider.BC.enabled" + */ + @Deprecated + public static final String REGISTER_BOUNCY_CASTLE_PROP = "org.apache.sshd.registerBouncyCastle"; + + /** + * System property used to control whether Elliptic Curves are supported or not. If not set then the support is + * auto-detected. Note: if set to {@code true} it is up to the user to make sure that indeed there is a + * provider for them + */ + public static final String ECC_SUPPORTED_PROP = "org.apache.sshd.eccSupport"; + + /** + * System property used to decide whether EDDSA curves are supported or not (in addition or even in spite of + * {@link #isEDDSACurveSupported()}). If not set or set to {@code true}, then the existence of the optional support + * classes determines the support. + * + * @deprecated Please use "org.apache.sshd.security.provider.EdDSA.enabled&qupt; + */ + @Deprecated + public static final String EDDSA_SUPPORTED_PROP = "org.apache.sshd.eddsaSupport"; + + public static final String PROP_DEFAULT_SECURITY_PROVIDER = "org.apache.sshd.security.defaultProvider"; + + private static final AtomicInteger MIN_DHG_KEY_SIZE_HOLDER = new AtomicInteger(0); + private static final AtomicInteger MAX_DHG_KEY_SIZE_HOLDER = new AtomicInteger(0); + + /* + * NOTE: we use a LinkedHashMap in order to preserve registration order in case several providers support the same + * security entity + */ + private static final Map REGISTERED_PROVIDERS = new LinkedHashMap<>(); + private static final AtomicReference KEYPAIRS_PARSER_HODLER = new AtomicReference<>(); + // If an entry already exists for the named provider, then it overrides its SecurityProviderRegistrar#isEnabled() + private static final Set APRIORI_DISABLED_PROVIDERS = new TreeSet<>(); + private static final AtomicBoolean REGISTRATION_STATE_HOLDER = new AtomicBoolean(false); + private static final Map, Map>> SECURITY_ENTITY_FACTORIES = new HashMap<>(); + + private static final AtomicReference DEFAULT_PROVIDER_HOLDER = new AtomicReference<>(); + + private static Boolean hasEcc; + + private SecurityUtils() { + throw new UnsupportedOperationException("No instance"); + } + + /** + * @param name The provider's name - never {@code null}/empty + * @return {@code true} if the provider is marked as disabled a-priori + * @see #setAPrioriDisabledProvider(String, boolean) + */ + public static boolean isAPrioriDisabledProvider(String name) { + ValidateUtils.checkNotNullAndNotEmpty(name, "No provider name specified"); + synchronized (APRIORI_DISABLED_PROVIDERS) { + return APRIORI_DISABLED_PROVIDERS.contains(name); + } + } + + /** + * Marks a provider's registrar as "a-priori" programatically so that when its + * {@link SecurityProviderRegistrar#isEnabled()} is eventually consulted it will return {@code false} regardless of + * the configured value for the specific provider registrar instance. Note: has no effect if the provider has + * already been registered. + * + * @param name The provider's name - never {@code null}/empty + * @param disabled {@code true} whether to disable it a-priori + * @see #isAPrioriDisabledProvider(String) + */ + public static void setAPrioriDisabledProvider(String name, boolean disabled) { + ValidateUtils.checkNotNullAndNotEmpty(name, "No provider name specified"); + synchronized (APRIORI_DISABLED_PROVIDERS) { + if (disabled) { + APRIORI_DISABLED_PROVIDERS.add(name); + } else { + APRIORI_DISABLED_PROVIDERS.remove(name); + } + } + } + + /** + * @return A copy if the current a-priori disabled providers names + */ + public static Set getAPrioriDisabledProviders() { + synchronized (APRIORI_DISABLED_PROVIDERS) { + return new TreeSet<>(APRIORI_DISABLED_PROVIDERS); + } + } + + /** + * @return {@code true} if Elliptic Curve Cryptography is supported + * @see #ECC_SUPPORTED_PROP + */ + public static boolean isECCSupported() { + if (hasEcc == null) { + String propValue = System.getProperty(ECC_SUPPORTED_PROP); + if (GenericUtils.isEmpty(propValue)) { + try { + getKeyPairGenerator(KeyUtils.EC_ALGORITHM); + hasEcc = Boolean.TRUE; + } catch (Throwable t) { + hasEcc = Boolean.FALSE; + } + } else { + hasEcc = Boolean.valueOf(propValue); + } + } + + return hasEcc; + } + + /** + * @return {@code true} if Diffie-Hellman Group Exchange is supported + * @see #getMinDHGroupExchangeKeySize() + * @see #getMaxDHGroupExchangeKeySize() + */ + public static boolean isDHGroupExchangeSupported() { + int maxSize = getMaxDHGroupExchangeKeySize(); + int minSize = getMinDHGroupExchangeKeySize(); + return (minSize > 0) && (maxSize > 0) && (minSize <= maxSize); + } + + /** + * @param keySize The expected key size + * @return {@code true} if Oakely Diffie-Hellman Group Exchange is supported for the specified key size + * @see #isDHGroupExchangeSupported() + * @see #getMaxDHGroupExchangeKeySize() + */ + public static boolean isDHOakelyGroupSupported(int keySize) { + return isDHGroupExchangeSupported() + && (getMaxDHGroupExchangeKeySize() >= keySize); + } + + /** + * @return The minimum supported Diffie-Hellman Group Exchange key size, or non-positive if not supported + */ + public static int getMinDHGroupExchangeKeySize() { + return resolveDHGEXKeySizeValue(MIN_DHG_KEY_SIZE_HOLDER, MIN_DHGEX_KEY_SIZE_PROP, MIN_DHGEX_KEY_SIZE); + } + + /** + * Set programmatically the reported value for {@link #getMinDHGroupExchangeKeySize()} + * + * @param keySize The reported key size - if zero, then it will be auto-detected, if negative then DH group exchange + * will be disabled + */ + public static void setMinDHGroupExchangeKeySize(int keySize) { + synchronized (MIN_DHG_KEY_SIZE_HOLDER) { + MIN_DHG_KEY_SIZE_HOLDER.set(keySize); + } + } + + /** + * @return The maximum supported Diffie-Hellman Group Exchange key size, or non-positive if not supported + */ + public static int getMaxDHGroupExchangeKeySize() { + return resolveDHGEXKeySizeValue(MAX_DHG_KEY_SIZE_HOLDER, MAX_DHGEX_KEY_SIZE_PROP, MAX_DHGEX_KEY_SIZE); + } + + /** + * Set programmatically the reported value for {@link #getMaxDHGroupExchangeKeySize()} + * + * @param keySize The reported key size - if zero, then it will be auto-detected, if negative then DH group exchange + * will be disabled + */ + public static void setMaxDHGroupExchangeKeySize(int keySize) { + synchronized (MAX_DHG_KEY_SIZE_HOLDER) { + MAX_DHG_KEY_SIZE_HOLDER.set(keySize); + } + } + + private static int resolveDHGEXKeySizeValue( + AtomicInteger holder, String propName, int maxKeySize) { + int maxSupportedKeySize; + synchronized (holder) { + maxSupportedKeySize = holder.get(); + if (maxSupportedKeySize != 0) { // 1st time we are called ? + return maxSupportedKeySize; + } + + String propValue = System.getProperty(propName); + if (GenericUtils.isEmpty(propValue)) { + maxSupportedKeySize = -1; + // Go down from max. to min. to ensure we stop at 1st maximum value success + for (int testKeySize = maxKeySize; testKeySize >= MIN_DHGEX_KEY_SIZE; testKeySize -= 1024) { + if (isDHGroupExchangeSupported(testKeySize)) { + maxSupportedKeySize = testKeySize; + break; + } + } + } else { + maxSupportedKeySize = Integer.parseInt(propValue); + // negative is OK - means user wants to disable DH group exchange + ValidateUtils.checkTrue(maxSupportedKeySize != 0, + "Configured " + propName + " value must be non-zero: %d", maxSupportedKeySize); + } + + holder.set(maxSupportedKeySize); + } + + return maxSupportedKeySize; + } + + public static boolean isDHGroupExchangeSupported(int maxKeySize) { + ValidateUtils.checkTrue(maxKeySize > Byte.SIZE, "Invalid max. key size: %d", maxKeySize); + + try { + BigInteger r = new BigInteger("0").setBit(maxKeySize - 1); + DHParameterSpec dhSkipParamSpec = new DHParameterSpec(r, r); + KeyPairGenerator kpg = getKeyPairGenerator("DH"); + kpg.initialize(dhSkipParamSpec); + return true; + } catch (GeneralSecurityException t) { + return false; + } + } + + public static SecurityProviderChoice getDefaultProviderChoice() { + SecurityProviderChoice choice; + synchronized (DEFAULT_PROVIDER_HOLDER) { + choice = DEFAULT_PROVIDER_HOLDER.get(); + if (choice != null) { + return choice; + } + + String name = System.getProperty(PROP_DEFAULT_SECURITY_PROVIDER); + choice = (GenericUtils.isEmpty(name) || PropertyResolverUtils.isNoneValue(name)) + ? SecurityProviderChoice.EMPTY + : SecurityProviderChoice.toSecurityProviderChoice(name); + DEFAULT_PROVIDER_HOLDER.set(choice); + } + + return choice; + } + + public static void setDefaultProviderChoice(SecurityProviderChoice choice) { + DEFAULT_PROVIDER_HOLDER.set(choice); + } + + /** + * @return A copy of the currently registered security providers + */ + public static Set getRegisteredProviders() { + // returns a COPY of the providers in order to avoid modifications + synchronized (REGISTERED_PROVIDERS) { + return new TreeSet<>(REGISTERED_PROVIDERS.keySet()); + } + } + + public static boolean isBouncyCastleRegistered() { + register(); + return isProviderRegistered(BOUNCY_CASTLE); + } + + public static boolean isProviderRegistered(String provider) { + return getRegisteredProvider(provider) != null; + } + + public static SecurityProviderRegistrar getRegisteredProvider(String provider) { + ValidateUtils.checkNotNullAndNotEmpty(provider, "No provider name specified"); + synchronized (REGISTERED_PROVIDERS) { + return REGISTERED_PROVIDERS.get(provider); + } + } + + public static boolean isRegistrationCompleted() { + return REGISTRATION_STATE_HOLDER.get(); + } + + private static void register() { + synchronized (REGISTRATION_STATE_HOLDER) { + if (REGISTRATION_STATE_HOLDER.get()) { + return; + } + + String regsList = System.getProperty(SECURITY_PROVIDER_REGISTRARS, + GenericUtils.join(DEFAULT_SECURITY_PROVIDER_REGISTRARS, ',')); + boolean bouncyCastleRegistered = false; + if ((GenericUtils.length(regsList) > 0) && (!PropertyResolverUtils.isNoneValue(regsList))) { + String[] classes = GenericUtils.split(regsList, ','); + for (String registrarClass : classes) { + SecurityProviderRegistrar r; + try { + r = ThreadUtils.createDefaultInstance(SecurityUtils.class, SecurityProviderRegistrar.class, + registrarClass); + } catch (ReflectiveOperationException t) { + Throwable e = GenericUtils.peelException(t); + if (e instanceof RuntimeException) { + throw (RuntimeException) e; + } else if (e instanceof Error) { + throw (Error) e; + } else { + throw new RuntimeException(e); + } + } + + String name = r.getName(); + SecurityProviderRegistrar registeredInstance = registerSecurityProvider(r); + if (registeredInstance == null) { + continue; // provider not registered - e.g., disabled, not supported + } + + if (BOUNCY_CASTLE.equalsIgnoreCase(name)) { + bouncyCastleRegistered = true; + } + } + } + + SecurityProviderChoice choice = getDefaultProviderChoice(); + if (((choice == null) || (choice == SecurityProviderChoice.EMPTY)) && bouncyCastleRegistered) { + setDefaultProviderChoice(SecurityProviderChoice.toSecurityProviderChoice(BOUNCY_CASTLE)); + } + + REGISTRATION_STATE_HOLDER.set(true); + } + } + + /** + * @param registrar The registrar instance to register + * @return The registered instance - may be different than required if already registered. Returns + * {@code null} if not already registered and not enabled or not supported registrar. + */ + public static SecurityProviderRegistrar registerSecurityProvider(SecurityProviderRegistrar registrar) { + Objects.requireNonNull(registrar, "No registrar instance to register"); + String name = registrar.getName(); + SecurityProviderRegistrar registeredInstance = getRegisteredProvider(name); + if ((registeredInstance == null) && registrar.isEnabled() && registrar.isSupported()) { + try { + SecurityProviderRegistrar.registerSecurityProvider(registrar); + synchronized (REGISTERED_PROVIDERS) { + REGISTERED_PROVIDERS.put(name, registrar); + } + + return registrar; + } catch (Throwable t) { + throw new RuntimeException("Failed to register " + name + " as a JCE provider", t); + } + } + + return registeredInstance; + } + + ///////////////// Bouncycastle specific implementations ////////////////// + + /* -------------------------------------------------------------------- */ + + /** + * @param session The {@link SessionContext} for invoking this load command - may be {@code null} + * if not invoked within a session context (e.g., offline tool). + * @param resourceKey An identifier of the key being loaded - used as argument to the + * {@code FilePasswordProvider#getPassword} invocation + * @param inputStream The {@link InputStream} for the private key + * @param provider A {@link FilePasswordProvider} - may be {@code null} if the loaded key is + * guaranteed not to be encrypted + * @return The loaded {@link KeyPair}-s - or {@code null} if none loaded + * @throws IOException If failed to read/parse the input stream + * @throws GeneralSecurityException If failed to generate the keys + */ + public static Iterable loadKeyPairIdentities( + SessionContext session, NamedResource resourceKey, InputStream inputStream, FilePasswordProvider provider) + throws IOException, GeneralSecurityException { + KeyPairResourceParser parser = getKeyPairResourceParser(); + if (parser == null) { + throw new NoSuchProviderException("No registered key-pair resource parser"); + } + + Collection ids = parser.loadKeyPairs(session, resourceKey, provider, inputStream); + int numLoaded = GenericUtils.size(ids); + if (numLoaded <= 0) { + return null; + } + + return ids; + } + + /* -------------------------------------------------------------------- */ + + public static KeyPairResourceParser getBouncycastleKeyPairResourceParser() { + ValidateUtils.checkTrue(isBouncyCastleRegistered(), "BouncyCastle not registered"); + return BouncyCastleKeyPairResourceParser.INSTANCE; + } + + /** + * @return If {@link #isBouncyCastleRegistered()} then a {@link BouncyCastleRandomFactory} instance, otherwise a + * {@link JceRandomFactory} one + */ + public static RandomFactory getRandomFactory() { + if (isBouncyCastleRegistered()) { + return BouncyCastleRandomFactory.INSTANCE; + } else { + return JceRandomFactory.INSTANCE; + } + } + + ///////////////////////////// ED25519 support /////////////////////////////// + + /** + * @return {@code true} if EDDSA curves (e.g., {@code ed25519}) are supported + */ + public static boolean isEDDSACurveSupported() { + register(); + + SecurityProviderRegistrar r = getRegisteredProvider(EDDSA); + return (r != null) && r.isEnabled() && r.isSupported(); + } + + /* -------------------------------------------------------------------- */ + + public static PublicKeyEntryDecoder getEDDSAPublicKeyEntryDecoder() { + if (!isEDDSACurveSupported()) { + throw new UnsupportedOperationException(EDDSA + " provider N/A"); + } + + return EdDSASecurityProviderUtils.getEDDSAPublicKeyEntryDecoder(); + } + + public static PrivateKeyEntryDecoder getOpenSSHEDDSAPrivateKeyEntryDecoder() { + if (!isEDDSACurveSupported()) { + throw new UnsupportedOperationException(EDDSA + " provider N/A"); + } + + return EdDSASecurityProviderUtils.getOpenSSHEDDSAPrivateKeyEntryDecoder(); + } + + public static org.apache.sshd.common.signature.Signature getEDDSASigner() { + if (isEDDSACurveSupported()) { + return EdDSASecurityProviderUtils.getEDDSASignature(); + } + + throw new UnsupportedOperationException(EDDSA + " Signer not available"); + } + + public static int getEDDSAKeySize(Key key) { + return EdDSASecurityProviderUtils.getEDDSAKeySize(key); + } + + public static Class getEDDSAPublicKeyType() { + return isEDDSACurveSupported() ? EdDSASecurityProviderUtils.getEDDSAPublicKeyType() : PublicKey.class; + } + + public static Class getEDDSAPrivateKeyType() { + return isEDDSACurveSupported() ? EdDSASecurityProviderUtils.getEDDSAPrivateKeyType() : PrivateKey.class; + } + + public static boolean compareEDDSAPPublicKeys(PublicKey k1, PublicKey k2) { + return isEDDSACurveSupported() ? EdDSASecurityProviderUtils.compareEDDSAPPublicKeys(k1, k2) : false; + } + + public static boolean compareEDDSAPrivateKeys(PrivateKey k1, PrivateKey k2) { + return isEDDSACurveSupported() ? EdDSASecurityProviderUtils.compareEDDSAPrivateKeys(k1, k2) : false; + } + + public static PublicKey recoverEDDSAPublicKey(PrivateKey key) throws GeneralSecurityException { + if (!isEDDSACurveSupported()) { + throw new NoSuchAlgorithmException(EDDSA + " provider not supported"); + } + + return EdDSASecurityProviderUtils.recoverEDDSAPublicKey(key); + } + + public static PublicKey generateEDDSAPublicKey(String keyType, byte[] seed) throws GeneralSecurityException { + if (!KeyPairProvider.SSH_ED25519.equals(keyType)) { + throw new InvalidKeyException("Unsupported key type: " + keyType); + } + + if (!isEDDSACurveSupported()) { + throw new NoSuchAlgorithmException(EDDSA + " provider not supported"); + } + + return EdDSASecurityProviderUtils.generateEDDSAPublicKey(seed); + } + + public static B putRawEDDSAPublicKey(B buffer, PublicKey key) { + if (!isEDDSACurveSupported()) { + throw new UnsupportedOperationException(EDDSA + " provider not supported"); + } + + return EdDSASecurityProviderUtils.putRawEDDSAPublicKey(buffer, key); + } + + public static B putEDDSAKeyPair(B buffer, KeyPair kp) { + return putEDDSAKeyPair(buffer, Objects.requireNonNull(kp, "No key pair").getPublic(), kp.getPrivate()); + } + + public static B putEDDSAKeyPair(B buffer, PublicKey pubKey, PrivateKey prvKey) { + if (!isEDDSACurveSupported()) { + throw new UnsupportedOperationException(EDDSA + " provider not supported"); + } + + return EdDSASecurityProviderUtils.putEDDSAKeyPair(buffer, pubKey, prvKey); + } + + public static KeyPair extractEDDSAKeyPair(Buffer buffer, String keyType) throws GeneralSecurityException { + if (!KeyPairProvider.SSH_ED25519.equals(keyType)) { + throw new InvalidKeyException("Unsupported key type: " + keyType); + } + + if (!isEDDSACurveSupported()) { + throw new NoSuchAlgorithmException(EDDSA + " provider not supported"); + } + + throw new GeneralSecurityException("Full SSHD-440 implementation N/A"); + } + + ////////////////////////////////////////////////////////////////////////// + + public static KeyPairResourceParser getKeyPairResourceParser() { + KeyPairResourceParser parser; + synchronized (KEYPAIRS_PARSER_HODLER) { + parser = KEYPAIRS_PARSER_HODLER.get(); + if (parser != null) { + return parser; + } + + parser = KeyPairResourceParser.aggregate( + PEMResourceParserUtils.PROXY, + OpenSSHKeyPairResourceParser.INSTANCE); + KEYPAIRS_PARSER_HODLER.set(parser); + } + + return parser; + } + + /** + * @param parser The system-wide {@code KeyPairResourceParser} to use. If set to {@code null}, then the default + * parser will be re-constructed on next call to {@link #getKeyPairResourceParser()} + */ + public static void setKeyPairResourceParser(KeyPairResourceParser parser) { + synchronized (KEYPAIRS_PARSER_HODLER) { + KEYPAIRS_PARSER_HODLER.set(parser); + } + } + + //////////////////////////// Security entities factories ///////////////////////////// + + @SuppressWarnings("unchecked") + public static SecurityEntityFactory resolveSecurityEntityFactory( + Class entityType, String algorithm, Predicate entitySelector) { + Map> factoriesMap; + synchronized (SECURITY_ENTITY_FACTORIES) { + factoriesMap = SECURITY_ENTITY_FACTORIES.computeIfAbsent( + entityType, k -> new TreeMap<>(String.CASE_INSENSITIVE_ORDER)); + } + + String effectiveName = SecurityProviderRegistrar.getEffectiveSecurityEntityName(entityType, algorithm); + SecurityEntityFactory factoryEntry; + synchronized (factoriesMap) { + factoryEntry = factoriesMap.computeIfAbsent( + effectiveName, k -> createSecurityEntityFactory(entityType, entitySelector)); + } + + return (SecurityEntityFactory) factoryEntry; + } + + public static SecurityEntityFactory createSecurityEntityFactory( + Class entityType, Predicate entitySelector) { + register(); + + SecurityProviderRegistrar registrar; + synchronized (REGISTERED_PROVIDERS) { + registrar = SecurityProviderRegistrar.findSecurityProviderRegistrarBySecurityEntity( + entitySelector, REGISTERED_PROVIDERS.values()); + } + + try { + return SecurityEntityFactory.toFactory(entityType, registrar, getDefaultProviderChoice()); + } catch (ReflectiveOperationException t) { + Throwable e = GenericUtils.peelException(t); + if (e instanceof RuntimeException) { + throw (RuntimeException) e; + } else if (e instanceof Error) { + throw (Error) e; + } else { + throw new RuntimeException(e); + } + } + } + + public static KeyFactory getKeyFactory(String algorithm) throws GeneralSecurityException { + SecurityEntityFactory factory + = resolveSecurityEntityFactory(KeyFactory.class, algorithm, r -> r.isKeyFactorySupported(algorithm)); + return factory.getInstance(algorithm); + } + + public static Cipher getCipher(String transformation) throws GeneralSecurityException { + SecurityEntityFactory factory + = resolveSecurityEntityFactory(Cipher.class, transformation, r -> r.isCipherSupported(transformation)); + return factory.getInstance(transformation); + } + + public static MessageDigest getMessageDigest(String algorithm) throws GeneralSecurityException { + SecurityEntityFactory factory + = resolveSecurityEntityFactory(MessageDigest.class, algorithm, r -> r.isMessageDigestSupported(algorithm)); + return factory.getInstance(algorithm); + } + + public static KeyPairGenerator getKeyPairGenerator(String algorithm) throws GeneralSecurityException { + SecurityEntityFactory factory = resolveSecurityEntityFactory(KeyPairGenerator.class, algorithm, + r -> r.isKeyPairGeneratorSupported(algorithm)); + return factory.getInstance(algorithm); + } + + public static KeyAgreement getKeyAgreement(String algorithm) throws GeneralSecurityException { + SecurityEntityFactory factory + = resolveSecurityEntityFactory(KeyAgreement.class, algorithm, r -> r.isKeyAgreementSupported(algorithm)); + return factory.getInstance(algorithm); + } + + public static Mac getMac(String algorithm) throws GeneralSecurityException { + SecurityEntityFactory factory + = resolveSecurityEntityFactory(Mac.class, algorithm, r -> r.isMacSupported(algorithm)); + return factory.getInstance(algorithm); + } + + public static Signature getSignature(String algorithm) throws GeneralSecurityException { + SecurityEntityFactory factory + = resolveSecurityEntityFactory(Signature.class, algorithm, r -> r.isSignatureSupported(algorithm)); + return factory.getInstance(algorithm); + } + + public static CertificateFactory getCertificateFactory(String type) throws GeneralSecurityException { + SecurityEntityFactory factory + = resolveSecurityEntityFactory(CertificateFactory.class, type, r -> r.isCertificateFactorySupported(type)); + return factory.getInstance(type); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/security/bouncycastle/BouncyCastleKeyPairResourceParser.java b/files-sftp/src/main/java/org/apache/sshd/common/util/security/bouncycastle/BouncyCastleKeyPairResourceParser.java new file mode 100644 index 0000000..14a5d4e --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/security/bouncycastle/BouncyCastleKeyPairResourceParser.java @@ -0,0 +1,176 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.security.bouncycastle; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.net.ProtocolException; +import java.nio.charset.StandardCharsets; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.security.NoSuchProviderException; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Map; + +import javax.security.auth.login.CredentialException; +import javax.security.auth.login.FailedLoginException; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.config.keys.FilePasswordProvider.ResourceDecodeResult; +import org.apache.sshd.common.config.keys.loader.AbstractKeyPairResourceParser; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.io.IoUtils; +import org.apache.sshd.common.util.security.SecurityProviderRegistrar; +import org.apache.sshd.common.util.security.SecurityUtils; +import org.bouncycastle.openssl.PEMDecryptorProvider; +import org.bouncycastle.openssl.PEMEncryptedKeyPair; +import org.bouncycastle.openssl.PEMKeyPair; +import org.bouncycastle.openssl.PEMParser; +import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter; +import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder; + +/** + * @author Apache MINA SSHD Project + */ +public class BouncyCastleKeyPairResourceParser extends AbstractKeyPairResourceParser { + public static final List BEGINNERS = Collections.unmodifiableList( + Arrays.asList( + "BEGIN RSA PRIVATE KEY", + "BEGIN DSA PRIVATE KEY", + "BEGIN EC PRIVATE KEY")); + + public static final List ENDERS = Collections.unmodifiableList( + Arrays.asList( + "END RSA PRIVATE KEY", + "END DSA PRIVATE KEY", + "END EC PRIVATE KEY")); + + public static final BouncyCastleKeyPairResourceParser INSTANCE = new BouncyCastleKeyPairResourceParser(); + + public BouncyCastleKeyPairResourceParser() { + super(BEGINNERS, ENDERS); + } + + @Override + public Collection extractKeyPairs( + SessionContext session, NamedResource resourceKey, + String beginMarker, String endMarker, + FilePasswordProvider passwordProvider, + List lines, Map headers) + throws IOException, GeneralSecurityException { + StringBuilder writer = new StringBuilder(beginMarker.length() + endMarker.length() + lines.size() * 80); + writer.append(beginMarker).append(IoUtils.EOL); + lines.forEach(l -> writer.append(l).append(IoUtils.EOL)); + writer.append(endMarker).append(IoUtils.EOL); + + String data = writer.toString(); + byte[] dataBytes = data.getBytes(StandardCharsets.UTF_8); + try (InputStream bais = new ByteArrayInputStream(dataBytes)) { + return extractKeyPairs(session, resourceKey, beginMarker, endMarker, passwordProvider, bais, headers); + } + } + + @Override + public Collection extractKeyPairs( + SessionContext session, NamedResource resourceKey, + String beginMarker, String endMarker, + FilePasswordProvider passwordProvider, + InputStream stream, Map headers) + throws IOException, GeneralSecurityException { + KeyPair kp = loadKeyPair(session, resourceKey, stream, passwordProvider); + return (kp == null) ? Collections.emptyList() : Collections.singletonList(kp); + } + + public static KeyPair loadKeyPair( + SessionContext session, NamedResource resourceKey, InputStream inputStream, FilePasswordProvider provider) + throws IOException, GeneralSecurityException { + try (PEMParser r = new PEMParser(new InputStreamReader(inputStream, StandardCharsets.UTF_8))) { + Object o = r.readObject(); + + SecurityProviderRegistrar registrar = SecurityUtils.getRegisteredProvider(SecurityUtils.BOUNCY_CASTLE); + if (registrar == null) { + throw new NoSuchProviderException(SecurityUtils.BOUNCY_CASTLE + " registrar not available"); + } + + JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); + if (registrar.isNamedProviderUsed()) { + pemConverter.setProvider(registrar.getName()); + } else { + pemConverter.setProvider(registrar.getSecurityProvider()); + } + + if (o instanceof PEMEncryptedKeyPair) { + if (provider == null) { + throw new CredentialException("Missing password provider for encrypted resource=" + resourceKey); + } + + for (int retryIndex = 0;; retryIndex++) { + String password = provider.getPassword(session, resourceKey, retryIndex); + PEMKeyPair decoded; + try { + if (GenericUtils.isEmpty(password)) { + throw new FailedLoginException("No password data for encrypted resource=" + resourceKey); + } + + JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder(); + PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(password.toCharArray()); + decoded = ((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor); + } catch (IOException | GeneralSecurityException | RuntimeException e) { + ResourceDecodeResult result + = provider.handleDecodeAttemptResult(session, resourceKey, retryIndex, password, e); + if (result == null) { + result = ResourceDecodeResult.TERMINATE; + } + switch (result) { + case TERMINATE: + throw e; + case RETRY: + continue; + case IGNORE: + return null; + default: + throw new ProtocolException( + "Unsupported decode attempt result (" + result + ") for " + resourceKey); + } + } + + o = decoded; + provider.handleDecodeAttemptResult(session, resourceKey, retryIndex, password, null); + break; + } + } + + if (o instanceof PEMKeyPair) { + return pemConverter.getKeyPair((PEMKeyPair) o); + } else if (o instanceof KeyPair) { + return (KeyPair) o; + } else { + throw new IOException("Failed to read " + resourceKey + " - unknown result object: " + o); + } + } + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/security/bouncycastle/BouncyCastleRandom.java b/files-sftp/src/main/java/org/apache/sshd/common/util/security/bouncycastle/BouncyCastleRandom.java new file mode 100644 index 0000000..3e44243 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/security/bouncycastle/BouncyCastleRandom.java @@ -0,0 +1,85 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.security.bouncycastle; + +import java.security.SecureRandom; + +import org.apache.sshd.common.random.AbstractRandom; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.security.SecurityUtils; +import org.bouncycastle.crypto.prng.RandomGenerator; +import org.bouncycastle.crypto.prng.VMPCRandomGenerator; + +/** + * BouncyCastle Random. This pseudo random number generator uses the a very fast PRNG from BouncyCastle. + * The JRE random will be used when creating a new generator to add some random data to the seed. + * + * @author Apache MINA SSHD Project + */ +public final class BouncyCastleRandom extends AbstractRandom { + public static final String NAME = SecurityUtils.BOUNCY_CASTLE; + private final RandomGenerator random; + + public BouncyCastleRandom() { + ValidateUtils.checkTrue(SecurityUtils.isBouncyCastleRegistered(), "BouncyCastle not registered"); + this.random = new VMPCRandomGenerator(); + byte[] seed = new SecureRandom().generateSeed(8); + this.random.addSeedMaterial(seed); + } + + @Override + public String getName() { + return NAME; + } + + @Override + public void fill(byte[] bytes, int start, int len) { + this.random.nextBytes(bytes, start, len); + } + + /** + * Returns a pseudo-random uniformly distributed {@code int} in the half-open range [0, n). + */ + @Override + public int random(int n) { + ValidateUtils.checkTrue(n > 0, "Limit must be positive: %d", n); + if ((n & -n) == n) { + return (int) ((n * (long) next(31)) >> 31); + } + + int bits; + int val; + do { + bits = next(31); + val = bits % n; + } while (bits - val + (n - 1) < 0); + return val; + } + + private int next(int numBits) { + int bytes = (numBits + 7) / 8; + byte next[] = new byte[bytes]; + int ret = 0; + random.nextBytes(next); + for (int i = 0; i < bytes; i++) { + ret = (next[i] & 0xFF) | (ret << 8); + } + return ret >>> (bytes * 8 - numBits); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/security/bouncycastle/BouncyCastleRandomFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/util/security/bouncycastle/BouncyCastleRandomFactory.java new file mode 100644 index 0000000..da91487 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/security/bouncycastle/BouncyCastleRandomFactory.java @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.security.bouncycastle; + +import org.apache.sshd.common.random.AbstractRandomFactory; +import org.apache.sshd.common.random.Random; +import org.apache.sshd.common.util.security.SecurityUtils; + +/** + * Named factory for the BouncyCastle Random + */ +public final class BouncyCastleRandomFactory extends AbstractRandomFactory { + public static final String NAME = "bouncycastle"; + public static final BouncyCastleRandomFactory INSTANCE = new BouncyCastleRandomFactory(); + + public BouncyCastleRandomFactory() { + super(NAME); + } + + @Override + public boolean isSupported() { + return SecurityUtils.isBouncyCastleRegistered(); + } + + @Override + public Random create() { + return new BouncyCastleRandom(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/security/bouncycastle/BouncyCastleSecurityProviderRegistrar.java b/files-sftp/src/main/java/org/apache/sshd/common/util/security/bouncycastle/BouncyCastleSecurityProviderRegistrar.java new file mode 100644 index 0000000..9ba70fd --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/security/bouncycastle/BouncyCastleSecurityProviderRegistrar.java @@ -0,0 +1,126 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.security.bouncycastle; + +import java.security.KeyFactory; +import java.security.KeyPairGenerator; +import java.security.Provider; +import java.security.Signature; +import java.util.Objects; +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ReflectionUtils; +import org.apache.sshd.common.util.security.AbstractSecurityProviderRegistrar; +import org.apache.sshd.common.util.security.SecurityUtils; +import org.apache.sshd.common.util.threads.ThreadUtils; + +/** + * @author Apache MINA SSHD Project + */ +public class BouncyCastleSecurityProviderRegistrar extends AbstractSecurityProviderRegistrar { + // We want to use reflection API so as not to require BouncyCastle to be present in the classpath + public static final String PROVIDER_CLASS = "org.bouncycastle.jce.provider.BouncyCastleProvider"; + // Do not define a static registrar instance to minimize class loading issues + private final AtomicReference supportHolder = new AtomicReference<>(null); + private final AtomicReference allSupportHolder = new AtomicReference<>(); + + public BouncyCastleSecurityProviderRegistrar() { + super(SecurityUtils.BOUNCY_CASTLE); + } + + @Override + public boolean isEnabled() { + if (!super.isEnabled()) { + return false; + } + + // For backward compatibility + return this.getBooleanProperty(SecurityUtils.REGISTER_BOUNCY_CASTLE_PROP, true); + } + + @Override + public Provider getSecurityProvider() { + try { + return getOrCreateProvider(PROVIDER_CLASS); + } catch (ReflectiveOperationException t) { + Throwable e = GenericUtils.peelException(t); + if (e instanceof RuntimeException) { + throw (RuntimeException) e; + } + + throw new RuntimeException(e); + } + } + + @Override + public String getDefaultSecurityEntitySupportValue(Class entityType) { + String allValue = allSupportHolder.get(); + if (GenericUtils.length(allValue) > 0) { + return allValue; + } + + String propName = getConfigurationPropertyName("supportAll"); + allValue = this.getStringProperty(propName, ALL_OPTIONS_VALUE); + if (GenericUtils.isEmpty(allValue)) { + allValue = NO_OPTIONS_VALUE; + } + + allSupportHolder.set(allValue); + return allValue; + } + + @Override + public boolean isSecurityEntitySupported(Class entityType, String name) { + if (!isSupported()) { + return false; + } + + // Some known values it does not support + if (KeyPairGenerator.class.isAssignableFrom(entityType) + || KeyFactory.class.isAssignableFrom(entityType)) { + if (Objects.compare(name, SecurityUtils.EDDSA, String.CASE_INSENSITIVE_ORDER) == 0) { + return false; + } + } else if (Signature.class.isAssignableFrom(entityType)) { + if (Objects.compare(name, SecurityUtils.CURVE_ED25519_SHA512, String.CASE_INSENSITIVE_ORDER) == 0) { + return false; + } + } + + return super.isSecurityEntitySupported(entityType, name); + } + + @Override + public boolean isSupported() { + Boolean supported; + synchronized (supportHolder) { + supported = supportHolder.get(); + if (supported != null) { + return supported.booleanValue(); + } + + ClassLoader cl = ThreadUtils.resolveDefaultClassLoader(getClass()); + supported = ReflectionUtils.isClassAvailable(cl, PROVIDER_CLASS); + supportHolder.set(supported); + } + + return supported.booleanValue(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/security/eddsa/Ed25519PEMResourceKeyParser.java b/files-sftp/src/main/java/org/apache/sshd/common/util/security/eddsa/Ed25519PEMResourceKeyParser.java new file mode 100644 index 0000000..6b5b4a5 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/security/eddsa/Ed25519PEMResourceKeyParser.java @@ -0,0 +1,183 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.security.eddsa; + +import java.io.IOException; +import java.io.InputStream; +import java.io.StreamCorruptedException; +import java.math.BigInteger; +import java.security.GeneralSecurityException; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.NoSuchAlgorithmException; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Map; + +import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.config.keys.loader.pem.AbstractPEMResourceKeyPairParser; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.io.NoCloseInputStream; +import org.apache.sshd.common.util.io.der.ASN1Object; +import org.apache.sshd.common.util.io.der.ASN1Type; +import org.apache.sshd.common.util.io.der.DERParser; +import org.apache.sshd.common.util.security.SecurityUtils; +import org.xbib.io.sshd.eddsa.EdDSAKey; +import org.xbib.io.sshd.eddsa.EdDSAPrivateKey; +import org.xbib.io.sshd.eddsa.EdDSAPublicKey; +import org.xbib.io.sshd.eddsa.spec.EdDSANamedCurveTable; +import org.xbib.io.sshd.eddsa.spec.EdDSAParameterSpec; +import org.xbib.io.sshd.eddsa.spec.EdDSAPrivateKeySpec; + +/** + * @author Apache MINA SSHD Project + */ +public class Ed25519PEMResourceKeyParser extends AbstractPEMResourceKeyPairParser { + // TODO find out how the markers really look like for now provide something + public static final String BEGIN_MARKER = "BEGIN EDDSA PRIVATE KEY"; + public static final List BEGINNERS = Collections.unmodifiableList(Collections.singletonList(BEGIN_MARKER)); + + public static final String END_MARKER = "END EDDSA PRIVATE KEY"; + public static final List ENDERS = Collections.unmodifiableList(Collections.singletonList(END_MARKER)); + + /** + * @see RFC8412 section 3 + */ + public static final String ED25519_OID = "1.3.101.112"; + + public static final Ed25519PEMResourceKeyParser INSTANCE = new Ed25519PEMResourceKeyParser(); + + public Ed25519PEMResourceKeyParser() { + super(EdDSAKey.KEY_ALGORITHM, ED25519_OID, BEGINNERS, ENDERS); + } + + @Override + public Collection extractKeyPairs( + SessionContext session, NamedResource resourceKey, String beginMarker, + String endMarker, FilePasswordProvider passwordProvider, + InputStream stream, Map headers) + throws IOException, GeneralSecurityException { + KeyPair kp = parseEd25519KeyPair(stream, false); + return Collections.singletonList(kp); + } + + public static KeyPair parseEd25519KeyPair( + InputStream inputStream, boolean okToClose) + throws IOException, GeneralSecurityException { + try (DERParser parser = new DERParser(NoCloseInputStream.resolveInputStream(inputStream, okToClose))) { + return parseEd25519KeyPair(parser); + } + } + + /* + * See https://tools.ietf.org/html/rfc8410#section-7 + * + * SEQUENCE { + * INTEGER 0x00 (0 decimal) + * SEQUENCE { + * OBJECTIDENTIFIER 1.3.101.112 + * } + * OCTETSTRING keyData + * } + * + * NOTE: there is another variant that also has some extra parameters + * but it has the same "prefix" structure so we don't care + */ + public static KeyPair parseEd25519KeyPair(DERParser parser) throws IOException, GeneralSecurityException { + ASN1Object obj = parser.readObject(); + if (obj == null) { + throw new StreamCorruptedException("Missing version value"); + } + + BigInteger version = obj.asInteger(); + if (!BigInteger.ZERO.equals(version)) { + throw new StreamCorruptedException("Invalid version: " + version); + } + + obj = parser.readObject(); + if (obj == null) { + throw new StreamCorruptedException("Missing OID container"); + } + + ASN1Type objType = obj.getObjType(); + if (objType != ASN1Type.SEQUENCE) { + throw new StreamCorruptedException("Unexpected OID object type: " + objType); + } + + List curveOid; + try (DERParser oidParser = obj.createParser()) { + obj = oidParser.readObject(); + if (obj == null) { + throw new StreamCorruptedException("Missing OID value"); + } + + curveOid = obj.asOID(); + } + + String oid = GenericUtils.join(curveOid, '.'); + // TODO modify if more curves supported + if (!ED25519_OID.equals(oid)) { + throw new StreamCorruptedException("Unsupported curve OID: " + oid); + } + + obj = parser.readObject(); + if (obj == null) { + throw new StreamCorruptedException("Missing key data"); + } + + return decodeEd25519KeyPair(obj.getValue()); + } + + public static KeyPair decodeEd25519KeyPair(byte[] keyData) throws IOException, GeneralSecurityException { + EdDSAPrivateKey privateKey = decodeEdDSAPrivateKey(keyData); + EdDSAPublicKey publicKey = EdDSASecurityProviderUtils.recoverEDDSAPublicKey(privateKey); + return new KeyPair(publicKey, privateKey); + } + + public static EdDSAPrivateKey decodeEdDSAPrivateKey(byte[] keyData) throws IOException, GeneralSecurityException { + try (DERParser parser = new DERParser(keyData)) { + ASN1Object obj = parser.readObject(); + if (obj == null) { + throw new StreamCorruptedException("Missing key data container"); + } + + ASN1Type objType = obj.getObjType(); + if (objType != ASN1Type.OCTET_STRING) { + throw new StreamCorruptedException("Mismatched key data container type: " + objType); + } + + return generateEdDSAPrivateKey(obj.getValue()); + } + } + + public static EdDSAPrivateKey generateEdDSAPrivateKey(byte[] seed) throws GeneralSecurityException { + if (!SecurityUtils.isEDDSACurveSupported()) { + throw new NoSuchAlgorithmException(SecurityUtils.EDDSA + " provider not supported"); + } + + EdDSAParameterSpec params = EdDSANamedCurveTable.getByName(EdDSASecurityProviderUtils.CURVE_ED25519_SHA512); + EdDSAPrivateKeySpec keySpec = new EdDSAPrivateKeySpec(seed, params); + KeyFactory factory = SecurityUtils.getKeyFactory(SecurityUtils.EDDSA); + return EdDSAPrivateKey.class.cast(factory.generatePrivate(keySpec)); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/security/eddsa/Ed25519PublicKeyDecoder.java b/files-sftp/src/main/java/org/apache/sshd/common/util/security/eddsa/Ed25519PublicKeyDecoder.java new file mode 100644 index 0000000..68085c1 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/security/eddsa/Ed25519PublicKeyDecoder.java @@ -0,0 +1,105 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.security.eddsa; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.security.GeneralSecurityException; +import java.security.KeyFactory; +import java.security.KeyPairGenerator; +import java.util.Collections; +import java.util.Map; +import java.util.Objects; + +import org.apache.sshd.common.config.keys.KeyEntryResolver; +import org.apache.sshd.common.config.keys.impl.AbstractPublicKeyEntryDecoder; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.security.SecurityUtils; +import org.xbib.io.sshd.eddsa.EdDSAPrivateKey; +import org.xbib.io.sshd.eddsa.EdDSAPublicKey; +import org.xbib.io.sshd.eddsa.spec.EdDSAPrivateKeySpec; +import org.xbib.io.sshd.eddsa.spec.EdDSAPublicKeySpec; + +/** + * @author Apache MINA SSHD Project + */ +public final class Ed25519PublicKeyDecoder extends AbstractPublicKeyEntryDecoder { + public static final int MAX_ALLOWED_SEED_LEN = 1024; // in reality it is much less than this + + public static final Ed25519PublicKeyDecoder INSTANCE = new Ed25519PublicKeyDecoder(); + + private Ed25519PublicKeyDecoder() { + super(EdDSAPublicKey.class, EdDSAPrivateKey.class, + Collections.unmodifiableList( + Collections.singletonList( + KeyPairProvider.SSH_ED25519))); + } + + @Override + public EdDSAPublicKey clonePublicKey(EdDSAPublicKey key) throws GeneralSecurityException { + if (key == null) { + return null; + } else { + return generatePublicKey(new EdDSAPublicKeySpec(key.getA(), key.getParams())); + } + } + + @Override + public EdDSAPrivateKey clonePrivateKey(EdDSAPrivateKey key) throws GeneralSecurityException { + if (key == null) { + return null; + } else { + return generatePrivateKey(new EdDSAPrivateKeySpec(key.getSeed(), key.getParams())); + } + } + + @Override + public KeyPairGenerator getKeyPairGenerator() throws GeneralSecurityException { + return SecurityUtils.getKeyPairGenerator(SecurityUtils.EDDSA); + } + + @Override + public String encodePublicKey(OutputStream s, EdDSAPublicKey key) throws IOException { + Objects.requireNonNull(key, "No public key provided"); + KeyEntryResolver.encodeString(s, KeyPairProvider.SSH_ED25519); + byte[] seed = getSeedValue(key); + KeyEntryResolver.writeRLEBytes(s, seed); + return KeyPairProvider.SSH_ED25519; + } + + @Override + public KeyFactory getKeyFactoryInstance() throws GeneralSecurityException { + return SecurityUtils.getKeyFactory(SecurityUtils.EDDSA); + } + + @Override + public EdDSAPublicKey decodePublicKey( + SessionContext session, String keyType, InputStream keyData, Map headers) + throws IOException, GeneralSecurityException { + byte[] seed = KeyEntryResolver.readRLEBytes(keyData, MAX_ALLOWED_SEED_LEN); + return EdDSAPublicKey.class.cast(SecurityUtils.generateEDDSAPublicKey(keyType, seed)); + } + + public static byte[] getSeedValue(EdDSAPublicKey key) { + // a bit of reverse-engineering on the EdDSAPublicKeySpec + return (key == null) ? null : key.getAbyte(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/security/eddsa/EdDSASecurityProviderRegistrar.java b/files-sftp/src/main/java/org/apache/sshd/common/util/security/eddsa/EdDSASecurityProviderRegistrar.java new file mode 100644 index 0000000..6658955 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/security/eddsa/EdDSASecurityProviderRegistrar.java @@ -0,0 +1,102 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.security.eddsa; + +import java.security.KeyFactory; +import java.security.KeyPairGenerator; +import java.security.Provider; +import java.security.Signature; +import java.util.Objects; +import java.util.concurrent.atomic.AtomicReference; + +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.ReflectionUtils; +import org.apache.sshd.common.util.security.AbstractSecurityProviderRegistrar; +import org.apache.sshd.common.util.security.SecurityUtils; +import org.apache.sshd.common.util.threads.ThreadUtils; + +/** + * @author Apache MINA SSHD Project + */ +public class EdDSASecurityProviderRegistrar extends AbstractSecurityProviderRegistrar { + public static final String PROVIDER_CLASS = "org.xbib.io.sshd.eddsa.EdDSASecurityProvider"; + // Do not define a static registrar instance to minimize class loading issues + private final AtomicReference supportHolder = new AtomicReference<>(null); + + public EdDSASecurityProviderRegistrar() { + super(SecurityUtils.EDDSA); + } + + @Override + public boolean isEnabled() { + if (!super.isEnabled()) { + return false; + } + + // For backward compatibility + return this.getBooleanProperty(SecurityUtils.EDDSA_SUPPORTED_PROP, true); + } + + @Override + public Provider getSecurityProvider() { + try { + return getOrCreateProvider(PROVIDER_CLASS); + } catch (ReflectiveOperationException t) { + Throwable e = GenericUtils.peelException(t); + if (e instanceof RuntimeException) { + throw (RuntimeException) e; + } + + throw new RuntimeException(e); + } + } + + @Override + public boolean isSecurityEntitySupported(Class entityType, String name) { + if (!isSupported()) { + return false; + } + + if (KeyPairGenerator.class.isAssignableFrom(entityType) + || KeyFactory.class.isAssignableFrom(entityType)) { + return Objects.compare(name, getName(), String.CASE_INSENSITIVE_ORDER) == 0; + } else if (Signature.class.isAssignableFrom(entityType)) { + return Objects.compare(SecurityUtils.CURVE_ED25519_SHA512, name, String.CASE_INSENSITIVE_ORDER) == 0; + } else { + return false; + } + } + + @Override + public boolean isSupported() { + Boolean supported; + synchronized (supportHolder) { + supported = supportHolder.get(); + if (supported != null) { + return supported.booleanValue(); + } + + ClassLoader cl = ThreadUtils.resolveDefaultClassLoader(getClass()); + supported = ReflectionUtils.isClassAvailable(cl, "org.xbib.io.sshd.eddsa.EdDSAKey"); + supportHolder.set(supported); + } + + return supported.booleanValue(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/security/eddsa/EdDSASecurityProviderUtils.java b/files-sftp/src/main/java/org/apache/sshd/common/util/security/eddsa/EdDSASecurityProviderUtils.java new file mode 100644 index 0000000..d44bbf9 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/security/eddsa/EdDSASecurityProviderUtils.java @@ -0,0 +1,203 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.security.eddsa; + +import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.KeyFactory; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.util.Arrays; +import java.util.Objects; + +import org.apache.sshd.common.config.keys.PrivateKeyEntryDecoder; +import org.apache.sshd.common.config.keys.PublicKeyEntryDecoder; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.Buffer; +import org.apache.sshd.common.util.security.SecurityUtils; +import org.xbib.io.sshd.eddsa.EdDSAEngine; +import org.xbib.io.sshd.eddsa.EdDSAKey; +import org.xbib.io.sshd.eddsa.EdDSAPrivateKey; +import org.xbib.io.sshd.eddsa.EdDSAPublicKey; +import org.xbib.io.sshd.eddsa.spec.EdDSANamedCurveTable; +import org.xbib.io.sshd.eddsa.spec.EdDSAParameterSpec; +import org.xbib.io.sshd.eddsa.spec.EdDSAPrivateKeySpec; +import org.xbib.io.sshd.eddsa.spec.EdDSAPublicKeySpec; + +/** + * @author Apache MINA SSHD Project + */ +public final class EdDSASecurityProviderUtils { + // See EdDSANamedCurveTable + public static final String CURVE_ED25519_SHA512 = "Ed25519"; + public static final int KEY_SIZE = 256; + + private EdDSASecurityProviderUtils() { + throw new UnsupportedOperationException("No instance"); + } + + public static Class getEDDSAPublicKeyType() { + return EdDSAPublicKey.class; + } + + public static Class getEDDSAPrivateKeyType() { + return EdDSAPrivateKey.class; + } + + public static boolean isEDDSAKey(Key key) { + return getEDDSAKeySize(key) == KEY_SIZE; + } + + public static int getEDDSAKeySize(Key key) { + return (SecurityUtils.isEDDSACurveSupported() && (key instanceof EdDSAKey)) ? KEY_SIZE : -1; + } + + public static boolean compareEDDSAPPublicKeys(PublicKey k1, PublicKey k2) { + if (!SecurityUtils.isEDDSACurveSupported()) { + return false; + } + + if ((k1 instanceof EdDSAPublicKey) && (k2 instanceof EdDSAPublicKey)) { + if (Objects.equals(k1, k2)) { + return true; + } else if (k1 == null || k2 == null) { + return false; // both null is covered by Objects#equals + } + + EdDSAPublicKey ed1 = (EdDSAPublicKey) k1; + EdDSAPublicKey ed2 = (EdDSAPublicKey) k2; + return Arrays.equals(ed1.getAbyte(), ed2.getAbyte()) + && compareEDDSAKeyParams(ed1.getParams(), ed2.getParams()); + } + + return false; + } + + public static boolean isEDDSASignatureAlgorithm(String algorithm) { + return EdDSAEngine.SIGNATURE_ALGORITHM.equalsIgnoreCase(algorithm); + } + + public static EdDSAPublicKey recoverEDDSAPublicKey(PrivateKey key) throws GeneralSecurityException { + ValidateUtils.checkTrue(SecurityUtils.isEDDSACurveSupported(), SecurityUtils.EDDSA + " not supported"); + if (!(key instanceof EdDSAPrivateKey)) { + throw new InvalidKeyException("Private key is not " + SecurityUtils.EDDSA); + } + + EdDSAPrivateKey prvKey = (EdDSAPrivateKey) key; + EdDSAPublicKeySpec keySpec = new EdDSAPublicKeySpec(prvKey.getAbyte(), prvKey.getParams()); + KeyFactory factory = SecurityUtils.getKeyFactory(SecurityUtils.EDDSA); + return EdDSAPublicKey.class.cast(factory.generatePublic(keySpec)); + } + + public static org.apache.sshd.common.signature.Signature getEDDSASignature() { + ValidateUtils.checkTrue(SecurityUtils.isEDDSACurveSupported(), SecurityUtils.EDDSA + " not supported"); + return new SignatureEd25519(); + } + + public static boolean isEDDSAKeyFactoryAlgorithm(String algorithm) { + return SecurityUtils.EDDSA.equalsIgnoreCase(algorithm); + } + + public static boolean isEDDSAKeyPairGeneratorAlgorithm(String algorithm) { + return SecurityUtils.EDDSA.equalsIgnoreCase(algorithm); + } + + public static PublicKeyEntryDecoder getEDDSAPublicKeyEntryDecoder() { + ValidateUtils.checkTrue(SecurityUtils.isEDDSACurveSupported(), SecurityUtils.EDDSA + " not supported"); + return Ed25519PublicKeyDecoder.INSTANCE; + } + + public static PrivateKeyEntryDecoder getOpenSSHEDDSAPrivateKeyEntryDecoder() { + ValidateUtils.checkTrue(SecurityUtils.isEDDSACurveSupported(), SecurityUtils.EDDSA + " not supported"); + return OpenSSHEd25519PrivateKeyEntryDecoder.INSTANCE; + } + + public static boolean compareEDDSAPrivateKeys(PrivateKey k1, PrivateKey k2) { + if (!SecurityUtils.isEDDSACurveSupported()) { + return false; + } + + if ((k1 instanceof EdDSAPrivateKey) && (k2 instanceof EdDSAPrivateKey)) { + if (Objects.equals(k1, k2)) { + return true; + } else if (k1 == null || k2 == null) { + return false; // both null is covered by Objects#equals + } + + EdDSAPrivateKey ed1 = (EdDSAPrivateKey) k1; + EdDSAPrivateKey ed2 = (EdDSAPrivateKey) k2; + return Arrays.equals(ed1.getSeed(), ed2.getSeed()) + && compareEDDSAKeyParams(ed1.getParams(), ed2.getParams()); + } + + return false; + } + + public static boolean compareEDDSAKeyParams(EdDSAParameterSpec s1, EdDSAParameterSpec s2) { + if (Objects.equals(s1, s2)) { + return true; + } else if (s1 == null || s2 == null) { + return false; // both null is covered by Objects#equals + } else { + return Objects.equals(s1.getHashAlgorithm(), s2.getHashAlgorithm()) + && Objects.equals(s1.getCurve(), s2.getCurve()) + && Objects.equals(s1.getB(), s2.getB()); + } + } + + public static PublicKey generateEDDSAPublicKey(byte[] seed) throws GeneralSecurityException { + if (!SecurityUtils.isEDDSACurveSupported()) { + throw new NoSuchAlgorithmException(SecurityUtils.EDDSA + " not supported"); + } + + EdDSAParameterSpec params = EdDSANamedCurveTable.getByName(CURVE_ED25519_SHA512); + EdDSAPublicKeySpec keySpec = new EdDSAPublicKeySpec(seed, params); + KeyFactory factory = SecurityUtils.getKeyFactory(SecurityUtils.EDDSA); + return factory.generatePublic(keySpec); + } + + public static PrivateKey generateEDDSAPrivateKey(byte[] seed) throws GeneralSecurityException { + if (!SecurityUtils.isEDDSACurveSupported()) { + throw new NoSuchAlgorithmException(SecurityUtils.EDDSA + " not supported"); + } + + EdDSAParameterSpec params = EdDSANamedCurveTable.getByName(CURVE_ED25519_SHA512); + EdDSAPrivateKeySpec keySpec = new EdDSAPrivateKeySpec(seed, params); + KeyFactory factory = SecurityUtils.getKeyFactory(SecurityUtils.EDDSA); + return factory.generatePrivate(keySpec); + } + + public static B putRawEDDSAPublicKey(B buffer, PublicKey key) { + ValidateUtils.checkTrue(SecurityUtils.isEDDSACurveSupported(), SecurityUtils.EDDSA + " not supported"); + EdDSAPublicKey edKey = ValidateUtils.checkInstanceOf(key, EdDSAPublicKey.class, "Not an EDDSA public key: %s", key); + byte[] seed = Ed25519PublicKeyDecoder.getSeedValue(edKey); + ValidateUtils.checkNotNull(seed, "No seed extracted from key: %s", edKey.getA()); + buffer.putBytes(seed); + return buffer; + } + + public static B putEDDSAKeyPair(B buffer, PublicKey pubKey, PrivateKey prvKey) { + ValidateUtils.checkTrue(SecurityUtils.isEDDSACurveSupported(), SecurityUtils.EDDSA + " not supported"); + ValidateUtils.checkInstanceOf(pubKey, EdDSAPublicKey.class, "Not an EDDSA public key: %s", pubKey); + ValidateUtils.checkInstanceOf(prvKey, EdDSAPrivateKey.class, "Not an EDDSA private key: %s", prvKey); + throw new UnsupportedOperationException("Full SSHD-440 implementation N/A"); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/security/eddsa/OpenSSHEd25519PrivateKeyEntryDecoder.java b/files-sftp/src/main/java/org/apache/sshd/common/util/security/eddsa/OpenSSHEd25519PrivateKeyEntryDecoder.java new file mode 100644 index 0000000..8decc40 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/security/eddsa/OpenSSHEd25519PrivateKeyEntryDecoder.java @@ -0,0 +1,186 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.security.eddsa; + +import java.io.IOException; +import java.io.InputStream; +import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; +import java.security.KeyFactory; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.util.Arrays; +import java.util.Collections; +import java.util.Locale; +import java.util.Objects; + +import org.apache.sshd.common.config.keys.FilePasswordProvider; +import org.apache.sshd.common.config.keys.KeyEntryResolver; +import org.apache.sshd.common.config.keys.impl.AbstractPrivateKeyEntryDecoder; +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.io.SecureByteArrayOutputStream; +import org.apache.sshd.common.util.security.SecurityUtils; +import org.xbib.io.sshd.eddsa.EdDSAPrivateKey; +import org.xbib.io.sshd.eddsa.EdDSAPublicKey; +import org.xbib.io.sshd.eddsa.spec.EdDSANamedCurveTable; +import org.xbib.io.sshd.eddsa.spec.EdDSAParameterSpec; +import org.xbib.io.sshd.eddsa.spec.EdDSAPrivateKeySpec; +import org.xbib.io.sshd.eddsa.spec.EdDSAPublicKeySpec; + +/** + * @author Apache MINA SSHD Project + */ +public class OpenSSHEd25519PrivateKeyEntryDecoder extends AbstractPrivateKeyEntryDecoder { + public static final OpenSSHEd25519PrivateKeyEntryDecoder INSTANCE = new OpenSSHEd25519PrivateKeyEntryDecoder(); + private static final int PK_SIZE = 32; + private static final int SK_SIZE = 32; + private static final int KEYPAIR_SIZE = PK_SIZE + SK_SIZE; + + public OpenSSHEd25519PrivateKeyEntryDecoder() { + super(EdDSAPublicKey.class, EdDSAPrivateKey.class, + Collections.unmodifiableList( + Collections.singletonList( + KeyPairProvider.SSH_ED25519))); + } + + @Override + public EdDSAPrivateKey decodePrivateKey( + SessionContext session, String keyType, FilePasswordProvider passwordProvider, InputStream keyData) + throws IOException, GeneralSecurityException { + if (!KeyPairProvider.SSH_ED25519.equals(keyType)) { + throw new InvalidKeyException("Unsupported key type: " + keyType); + } + + if (!SecurityUtils.isEDDSACurveSupported()) { + throw new NoSuchAlgorithmException(SecurityUtils.EDDSA + " provider not supported"); + } + + // ed25519 bernstein naming: pk .. public key, sk .. secret key + // we expect to find two byte arrays with the following structure (type:size): + // [pk:32], [sk:32,pk:32] + + byte[] pk = GenericUtils.EMPTY_BYTE_ARRAY; + byte[] keypair = GenericUtils.EMPTY_BYTE_ARRAY; + try { + pk = KeyEntryResolver.readRLEBytes(keyData, PK_SIZE * 2); + keypair = KeyEntryResolver.readRLEBytes(keyData, KEYPAIR_SIZE * 2); + if (pk.length != PK_SIZE) { + throw new InvalidKeyException( + String.format(Locale.ENGLISH, "Unexpected pk size: %s (expected %s)", pk.length, PK_SIZE)); + } + + if (keypair.length != KEYPAIR_SIZE) { + throw new InvalidKeyException( + String.format(Locale.ENGLISH, "Unexpected keypair size: %s (expected %s)", keypair.length, + KEYPAIR_SIZE)); + } + + // verify that the keypair contains the expected pk + // yes, it's stored redundant, this seems to mimic the output structure of the keypair generation interface + if (!Arrays.equals(pk, Arrays.copyOfRange(keypair, SK_SIZE, KEYPAIR_SIZE))) { + throw new InvalidKeyException("Keypair did not contain the public key."); + } + + byte[] sk = Arrays.copyOf(keypair, SK_SIZE); + EdDSAParameterSpec params = EdDSANamedCurveTable.getByName(EdDSASecurityProviderUtils.CURVE_ED25519_SHA512); + EdDSAPrivateKey privateKey = generatePrivateKey(new EdDSAPrivateKeySpec(sk, params)); + + // the private key class contains the calculated public key (Abyte) + // pointers to the corresponding code: + // EdDSAPrivateKeySpec.EdDSAPrivateKeySpec(byte[], EdDSAParameterSpec): A = spec.getB().scalarMultiply(a); + // EdDSAPrivateKey.EdDSAPrivateKey(EdDSAPrivateKeySpec): this.Abyte = this.A.toByteArray(); + + // we can now verify the generated pk matches the one we read + if (!Arrays.equals(privateKey.getAbyte(), pk)) { + throw new InvalidKeyException("The provided pk does NOT match the computed pk for the given sk."); + } + + return privateKey; + } finally { + // get rid of sensitive data a.s.a.p + Arrays.fill(pk, (byte) 0); + Arrays.fill(keypair, (byte) 0); + } + } + + @Override + public String encodePrivateKey(SecureByteArrayOutputStream s, EdDSAPrivateKey key, EdDSAPublicKey pubKey) + throws IOException { + Objects.requireNonNull(key, "No private key provided"); + + // ed25519 bernstein naming: pk .. public key, sk .. secret key + // we are expected to write the following arrays (type:size): + // [pk:32], [sk:32,pk:32] + + byte[] sk = key.getSeed(); + byte[] pk = key.getAbyte(); + + Objects.requireNonNull(sk, "No seed"); + + byte[] keypair = new byte[KEYPAIR_SIZE]; + System.arraycopy(sk, 0, keypair, 0, SK_SIZE); + System.arraycopy(pk, 0, keypair, SK_SIZE, PK_SIZE); + + KeyEntryResolver.writeRLEBytes(s, pk); + KeyEntryResolver.writeRLEBytes(s, keypair); + + return KeyPairProvider.SSH_ED25519; + } + + @Override + public boolean isPublicKeyRecoverySupported() { + return true; + } + + @Override + public EdDSAPublicKey recoverPublicKey(EdDSAPrivateKey prvKey) throws GeneralSecurityException { + return EdDSASecurityProviderUtils.recoverEDDSAPublicKey(prvKey); + } + + @Override + public EdDSAPublicKey clonePublicKey(EdDSAPublicKey key) throws GeneralSecurityException { + if (key == null) { + return null; + } else { + return generatePublicKey(new EdDSAPublicKeySpec(key.getA(), key.getParams())); + } + } + + @Override + public EdDSAPrivateKey clonePrivateKey(EdDSAPrivateKey key) throws GeneralSecurityException { + if (key == null) { + return null; + } else { + return generatePrivateKey(new EdDSAPrivateKeySpec(key.getSeed(), key.getParams())); + } + } + + @Override + public KeyPairGenerator getKeyPairGenerator() throws GeneralSecurityException { + return SecurityUtils.getKeyPairGenerator(SecurityUtils.EDDSA); + } + + @Override + public KeyFactory getKeyFactoryInstance() throws GeneralSecurityException { + return SecurityUtils.getKeyFactory(SecurityUtils.EDDSA); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/security/eddsa/SignatureEd25519.java b/files-sftp/src/main/java/org/apache/sshd/common/util/security/eddsa/SignatureEd25519.java new file mode 100644 index 0000000..d876170 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/security/eddsa/SignatureEd25519.java @@ -0,0 +1,51 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.security.eddsa; + +import java.util.Map; + +import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.common.signature.AbstractSignature; +import org.apache.sshd.common.util.ValidateUtils; +import org.xbib.io.sshd.eddsa.EdDSAEngine; + +/** + * @author Apache MINA SSHD Project + */ +public class SignatureEd25519 extends AbstractSignature { + public SignatureEd25519() { + super(EdDSAEngine.SIGNATURE_ALGORITHM); + } + + @Override + public boolean verify(SessionContext session, byte[] sig) throws Exception { + byte[] data = sig; + Map.Entry encoding + = extractEncodedSignature(data, k -> KeyPairProvider.SSH_ED25519.equalsIgnoreCase(k)); + if (encoding != null) { + String keyType = encoding.getKey(); + ValidateUtils.checkTrue( + KeyPairProvider.SSH_ED25519.equals(keyType), "Mismatched key type: %s", keyType); + data = encoding.getValue(); + } + + return doVerify(data); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/threads/CloseableExecutorService.java b/files-sftp/src/main/java/org/apache/sshd/common/util/threads/CloseableExecutorService.java new file mode 100644 index 0000000..0dd51f3 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/threads/CloseableExecutorService.java @@ -0,0 +1,34 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.threads; + +import java.time.Duration; +import java.util.Objects; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.TimeUnit; + +import org.apache.sshd.common.Closeable; + +public interface CloseableExecutorService extends ExecutorService, Closeable { + default boolean awaitTermination(Duration timeout) throws InterruptedException { + Objects.requireNonNull(timeout, "No timeout specified"); + return awaitTermination(timeout.toMillis(), TimeUnit.MILLISECONDS); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/threads/ExecutorServiceCarrier.java b/files-sftp/src/main/java/org/apache/sshd/common/util/threads/ExecutorServiceCarrier.java new file mode 100644 index 0000000..72603a1 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/threads/ExecutorServiceCarrier.java @@ -0,0 +1,31 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.threads; + +/** + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface ExecutorServiceCarrier { + /** + * @return The {@link CloseableExecutorService} to use + */ + CloseableExecutorService getExecutorService(); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/threads/ExecutorServiceProvider.java b/files-sftp/src/main/java/org/apache/sshd/common/util/threads/ExecutorServiceProvider.java new file mode 100644 index 0000000..94fefe4 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/threads/ExecutorServiceProvider.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.threads; + +import java.util.function.Supplier; + +/** + * @author Apache MINA SSHD Project + */ +@FunctionalInterface +public interface ExecutorServiceProvider { + /** + * @return A {@link Supplier} of {@link CloseableExecutorService} to be used when asynchronous execution required. + * If {@code null} then a single-threaded ad-hoc service is used. + */ + Supplier getExecutorServiceProvider(); + + default CloseableExecutorService resolveExecutorService() { + Supplier provider = getExecutorServiceProvider(); + return (provider == null) ? null : provider.get(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/threads/ManagedExecutorServiceSupplier.java b/files-sftp/src/main/java/org/apache/sshd/common/util/threads/ManagedExecutorServiceSupplier.java new file mode 100644 index 0000000..c42f313 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/threads/ManagedExecutorServiceSupplier.java @@ -0,0 +1,33 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.util.threads; + +import java.util.function.Supplier; + +/** + * @author Apache MINA SSHD Project + */ +public interface ManagedExecutorServiceSupplier extends ExecutorServiceProvider { + /** + * @param provider The {@link Supplier} of {@link CloseableExecutorService}-s to be used when asynchronous execution + * is required. If {@code null} then a single-threaded ad-hoc service is used. + */ + void setExecutorServiceProvider(Supplier provider); +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/threads/NoCloseExecutor.java b/files-sftp/src/main/java/org/apache/sshd/common/util/threads/NoCloseExecutor.java new file mode 100644 index 0000000..e572031 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/threads/NoCloseExecutor.java @@ -0,0 +1,160 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.threads; + +import java.io.IOException; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.concurrent.Callable; +import java.util.concurrent.ExecutionException; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Future; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.TimeoutException; + +import org.apache.sshd.common.future.CloseFuture; +import org.apache.sshd.common.future.DefaultCloseFuture; +import org.apache.sshd.common.future.SshFutureListener; +import org.apache.sshd.common.util.ValidateUtils; + +/** + * Wraps an {@link ExecutorService} as a {@link CloseableExecutorService} and avoids calling its {@code shutdown} + * methods when the wrapper is shut down + * + * @author Apache MINA SSHD Project + */ +public class NoCloseExecutor implements CloseableExecutorService { + protected final ExecutorService executor; + protected final CloseFuture closeFuture; + + public NoCloseExecutor(ExecutorService executor) { + this.executor = executor; + closeFuture = new DefaultCloseFuture(null, null); + } + + @Override + public Future submit(Callable task) { + ValidateUtils.checkState(!isShutdown(), "Executor has been shut down"); + return executor.submit(task); + } + + @Override + public Future submit(Runnable task, T result) { + ValidateUtils.checkState(!isShutdown(), "Executor has been shut down"); + return executor.submit(task, result); + } + + @Override + public Future submit(Runnable task) { + ValidateUtils.checkState(!isShutdown(), "Executor has been shut down"); + return executor.submit(task); + } + + @Override + public List> invokeAll(Collection> tasks) + throws InterruptedException { + ValidateUtils.checkState(!isShutdown(), "Executor has been shut down"); + return executor.invokeAll(tasks); + } + + @Override + public List> invokeAll(Collection> tasks, long timeout, TimeUnit unit) + throws InterruptedException { + ValidateUtils.checkState(!isShutdown(), "Executor has been shut down"); + return executor.invokeAll(tasks, timeout, unit); + } + + @Override + public T invokeAny(Collection> tasks) + throws InterruptedException, ExecutionException { + ValidateUtils.checkState(!isShutdown(), "Executor has been shut down"); + return executor.invokeAny(tasks); + } + + @Override + public T invokeAny(Collection> tasks, long timeout, TimeUnit unit) + throws InterruptedException, ExecutionException, TimeoutException { + ValidateUtils.checkState(!isShutdown(), "Executor has been shut down"); + return executor.invokeAny(tasks, timeout, unit); + } + + @Override + public void execute(Runnable command) { + ValidateUtils.checkState(!isShutdown(), "Executor has been shut down"); + executor.execute(command); + } + + @Override + public void shutdown() { + close(true); + } + + @Override + public List shutdownNow() { + close(true); + return Collections.emptyList(); + } + + @Override + public boolean isShutdown() { + return isClosed(); + } + + @Override + public boolean isTerminated() { + return isClosed(); + } + + @Override + public boolean awaitTermination(long timeout, TimeUnit unit) throws InterruptedException { + try { + return closeFuture.await(timeout, unit); + } catch (IOException e) { + throw (InterruptedException) new InterruptedException().initCause(e); + } + } + + @Override + public CloseFuture close(boolean immediately) { + closeFuture.setClosed(); + return closeFuture; + } + + @Override + public void addCloseFutureListener(SshFutureListener listener) { + closeFuture.addListener(listener); + } + + @Override + public void removeCloseFutureListener(SshFutureListener listener) { + closeFuture.removeListener(listener); + } + + @Override + public boolean isClosed() { + return closeFuture.isClosed(); + } + + @Override + public boolean isClosing() { + return isClosed(); + } + +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/threads/SshThreadPoolExecutor.java b/files-sftp/src/main/java/org/apache/sshd/common/util/threads/SshThreadPoolExecutor.java new file mode 100644 index 0000000..61d1cdb --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/threads/SshThreadPoolExecutor.java @@ -0,0 +1,140 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.threads; + +import java.util.List; +import java.util.concurrent.BlockingQueue; +import java.util.concurrent.RejectedExecutionHandler; +import java.util.concurrent.ThreadFactory; +import java.util.concurrent.ThreadPoolExecutor; +import java.util.concurrent.TimeUnit; + +import org.apache.sshd.common.future.CloseFuture; +import org.apache.sshd.common.future.SshFutureListener; +import org.apache.sshd.common.util.closeable.AbstractCloseable; + +/** + * @author Apache MINA SSHD Project + */ +public class SshThreadPoolExecutor extends ThreadPoolExecutor implements CloseableExecutorService { + protected final DelegateCloseable closeable = new DelegateCloseable(); + + protected class DelegateCloseable extends AbstractCloseable { + protected DelegateCloseable() { + super(); + } + + @Override + protected CloseFuture doCloseGracefully() { + shutdown(); + return closeFuture; + } + + @Override + protected void doCloseImmediately() { + shutdownNow(); + super.doCloseImmediately(); + } + + protected void setClosed() { + closeFuture.setClosed(); + } + } + + public SshThreadPoolExecutor(int corePoolSize, int maximumPoolSize, long keepAliveTime, TimeUnit unit, + BlockingQueue workQueue) { + super(corePoolSize, maximumPoolSize, keepAliveTime, unit, workQueue); + } + + public SshThreadPoolExecutor(int corePoolSize, int maximumPoolSize, long keepAliveTime, TimeUnit unit, + BlockingQueue workQueue, ThreadFactory threadFactory) { + super(corePoolSize, maximumPoolSize, keepAliveTime, unit, workQueue, threadFactory); + } + + public SshThreadPoolExecutor(int corePoolSize, int maximumPoolSize, long keepAliveTime, TimeUnit unit, + BlockingQueue workQueue, RejectedExecutionHandler handler) { + super(corePoolSize, maximumPoolSize, keepAliveTime, unit, workQueue, handler); + } + + public SshThreadPoolExecutor(int corePoolSize, int maximumPoolSize, long keepAliveTime, TimeUnit unit, + BlockingQueue workQueue, ThreadFactory threadFactory, + RejectedExecutionHandler handler) { + super(corePoolSize, maximumPoolSize, keepAliveTime, unit, workQueue, threadFactory, handler); + } + + @Override + protected void terminated() { + closeable.doCloseImmediately(); + } + + @Override + public void shutdown() { + super.shutdown(); + } + + @Override + public List shutdownNow() { + return super.shutdownNow(); + } + + @Override + public boolean isShutdown() { + return super.isShutdown(); + } + + @Override + public boolean isTerminating() { + return super.isTerminating(); + } + + @Override + public boolean isTerminated() { + return super.isTerminated(); + } + + @Override + public boolean awaitTermination(long timeout, TimeUnit unit) throws InterruptedException { + return super.awaitTermination(timeout, unit); + } + + @Override + public CloseFuture close(boolean immediately) { + return closeable.close(immediately); + } + + @Override + public void addCloseFutureListener(SshFutureListener listener) { + closeable.addCloseFutureListener(listener); + } + + @Override + public void removeCloseFutureListener(SshFutureListener listener) { + closeable.removeCloseFutureListener(listener); + } + + @Override + public boolean isClosed() { + return closeable.isClosed(); + } + + @Override + public boolean isClosing() { + return closeable.isClosing(); + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/threads/SshdThreadFactory.java b/files-sftp/src/main/java/org/apache/sshd/common/util/threads/SshdThreadFactory.java new file mode 100644 index 0000000..5642baa --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/threads/SshdThreadFactory.java @@ -0,0 +1,72 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.threads; + +import java.security.AccessController; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; +import java.util.concurrent.ThreadFactory; +import java.util.concurrent.atomic.AtomicInteger; + +/** + * Default {@link ThreadFactory} used by {@link ThreadUtils} to create thread pools if user did provide one + * + * @author Apache MINA SSHD Project + */ +public class SshdThreadFactory implements ThreadFactory { + private final ThreadGroup group; + private final AtomicInteger threadNumber = new AtomicInteger(1); + private final String namePrefix; + + public SshdThreadFactory(String name) { + SecurityManager s = System.getSecurityManager(); + group = (s != null) ? s.getThreadGroup() : Thread.currentThread().getThreadGroup(); + String effectiveName = name.replace(' ', '-'); + namePrefix = "sshd-" + effectiveName + "-thread-"; + } + + @Override + public Thread newThread(Runnable r) { + Thread t; + try { + // see SSHD-668 + if (System.getSecurityManager() != null) { + t = AccessController.doPrivileged((PrivilegedExceptionAction) () -> new Thread( + group, r, namePrefix + threadNumber.getAndIncrement(), 0)); + } else { + t = new Thread(group, r, namePrefix + threadNumber.getAndIncrement(), 0); + } + } catch (PrivilegedActionException e) { + Exception err = e.getException(); + if (err instanceof RuntimeException) { + throw (RuntimeException) err; + } else { + throw new RuntimeException(err); + } + } + + if (!t.isDaemon()) { + t.setDaemon(true); + } + if (t.getPriority() != Thread.NORM_PRIORITY) { + t.setPriority(Thread.NORM_PRIORITY); + } + return t; + } +} diff --git a/files-sftp/src/main/java/org/apache/sshd/common/util/threads/ThreadUtils.java b/files-sftp/src/main/java/org/apache/sshd/common/util/threads/ThreadUtils.java new file mode 100644 index 0000000..8c20928 --- /dev/null +++ b/files-sftp/src/main/java/org/apache/sshd/common/util/threads/ThreadUtils.java @@ -0,0 +1,229 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.util.threads; + +import java.util.Iterator; +import java.util.NoSuchElementException; +import java.util.concurrent.LinkedBlockingQueue; +import java.util.concurrent.ScheduledExecutorService; +import java.util.concurrent.ScheduledThreadPoolExecutor; +import java.util.concurrent.SynchronousQueue; +import java.util.concurrent.ThreadPoolExecutor; +import java.util.concurrent.TimeUnit; +import java.util.function.Supplier; + +import org.apache.sshd.common.util.ReflectionUtils; + +/** + * Utility class for thread pools. + * + * @author Apache MINA SSHD Project + */ +public final class ThreadUtils { + private ThreadUtils() { + throw new UnsupportedOperationException("No instance"); + } + + /** + * Wraps an {@link CloseableExecutorService} in such a way as to "protect" it for calls to the + * {@link CloseableExecutorService#shutdown()} or {@link CloseableExecutorService#shutdownNow()}. All other calls + * are delegated as-is to the original service. Note: the exposed wrapped proxy will answer correctly the + * {@link CloseableExecutorService#isShutdown()} query if indeed one of the {@code shutdown} methods was invoked. + * + * @param executorService The original service - ignored if {@code null} + * @param shutdownOnExit If {@code true} then it is OK to shutdown the executor so no wrapping takes place. + * @return Either the original service or a wrapped one - depending on the value of the + * shutdownOnExit parameter + */ + public static CloseableExecutorService protectExecutorServiceShutdown( + CloseableExecutorService executorService, boolean shutdownOnExit) { + if (executorService == null || shutdownOnExit || executorService instanceof NoCloseExecutor) { + return executorService; + } else { + return new NoCloseExecutor(executorService); + } + } + + public static CloseableExecutorService noClose(CloseableExecutorService executorService) { + return protectExecutorServiceShutdown(executorService, false); + } + + public static ClassLoader resolveDefaultClassLoader(Object anchor) { + return resolveDefaultClassLoader((anchor == null) ? null : anchor.getClass()); + } + + public static Iterable resolveDefaultClassLoaders(Object anchor) { + return resolveDefaultClassLoaders((anchor == null) ? null : anchor.getClass()); + } + + public static Iterable resolveDefaultClassLoaders(Class anchor) { + return () -> iterateDefaultClassLoaders(anchor); + } + + public static T createDefaultInstance( + Class anchor, Class targetType, String className) + throws ReflectiveOperationException { + return createDefaultInstance(resolveDefaultClassLoaders(anchor), targetType, className); + } + + public static T createDefaultInstance( + ClassLoader cl, Class targetType, String className) + throws ReflectiveOperationException { + Class instanceType = cl.loadClass(className); + return ReflectionUtils.newInstance(instanceType, targetType); + } + + public static T createDefaultInstance( + Iterable cls, Class targetType, String className) + throws ReflectiveOperationException { + for (ClassLoader cl : cls) { + try { + return createDefaultInstance(cl, targetType, className); + } catch (ClassNotFoundException e) { + // Ignore + } + } + throw new ClassNotFoundException(className); + } + + /** + *

        + * Attempts to find the most suitable {@link ClassLoader} as follows: + *

        + *
          + *
        • + *

          + * Check the {@link Thread#getContextClassLoader()} value + *

          + *
          • + * + *
        • + *

          + * If no thread context class loader then check the anchor class (if given) for its class loader + *

          + *
          • + * + *
        • + *

          + * If still no loader available, then use {@link ClassLoader#getSystemClassLoader()} + *

          + *
          • + *
        + * + * @param anchor The anchor {@link Class} to use if no current thread context class loader - ignored if + * {@code null} + * + * @return The resolved {@link ClassLoader} - Note: might still be {@code null} if went all the way + * "down" to the system class loader and it was also {@code null}. + */ + public static ClassLoader resolveDefaultClassLoader(Class anchor) { + Thread thread = Thread.currentThread(); + ClassLoader cl = thread.getContextClassLoader(); + if (cl != null) { + return cl; + } + + if (anchor != null) { + cl = anchor.getClassLoader(); + } + + if (cl == null) { // can happen for core Java classes + cl = ClassLoader.getSystemClassLoader(); + } + + return cl; + } + + public static Iterator iterateDefaultClassLoaders(Class anchor) { + Class effectiveAnchor = (anchor == null) ? ThreadUtils.class : anchor; + return new Iterator() { + @SuppressWarnings({ "unchecked", "checkstyle:Indentation" }) + private final Supplier[] suppliers = new Supplier[] { + () -> { + Thread thread = Thread.currentThread(); + return thread.getContextClassLoader(); + }, + () -> effectiveAnchor.getClassLoader(), + ClassLoader::getSystemClassLoader + }; + + private int index; + + @Override + public boolean hasNext() { + for (; index < suppliers.length; index++) { + Supplier scl = suppliers[index]; + ClassLoader cl = scl.get(); + if (cl != null) { + return true; + } + } + + return false; + } + + @Override + public ClassLoader next() { + if (index >= suppliers.length) { + throw new NoSuchElementException("All elements exhausted"); + } + + Supplier scl = suppliers[index]; + index++; + return scl.get(); + } + }; + } + + public static CloseableExecutorService newFixedThreadPoolIf( + CloseableExecutorService executorService, String poolName, int nThreads) { + return executorService == null ? newFixedThreadPool(poolName, nThreads) : executorService; + } + + public static CloseableExecutorService newFixedThreadPool(String poolName, int nThreads) { + return new SshThreadPoolExecutor( + nThreads, nThreads, + 0L, TimeUnit.MILLISECONDS, // TODO make this configurable + new LinkedBlockingQueue<>(), + new SshdThreadFactory(poolName), + new ThreadPoolExecutor.CallerRunsPolicy()); + } + + public static CloseableExecutorService newCachedThreadPoolIf( + CloseableExecutorService executorService, String poolName) { + return executorService == null ? newCachedThreadPool(poolName) : executorService; + } + + public static CloseableExecutorService newCachedThreadPool(String poolName) { + return new SshThreadPoolExecutor( + 0, Integer.MAX_VALUE, // TODO make this configurable + 60L, TimeUnit.SECONDS, // TODO make this configurable + new SynchronousQueue<>(), + new SshdThreadFactory(poolName), + new ThreadPoolExecutor.CallerRunsPolicy()); + } + + public static ScheduledExecutorService newSingleThreadScheduledExecutor(String poolName) { + return new ScheduledThreadPoolExecutor(1, new SshdThreadFactory(poolName)); + } + + public static CloseableExecutorService newSingleThreadExecutor(String poolName) { + return newFixedThreadPool(poolName, 1); + } +} diff --git a/files-sftp/src/main/resources/org/apache/sshd/common/kex/group1.prime b/files-sftp/src/main/resources/org/apache/sshd/common/kex/group1.prime new file mode 100644 index 0000000..357d741 --- /dev/null +++ b/files-sftp/src/main/resources/org/apache/sshd/common/kex/group1.prime @@ -0,0 +1,22 @@ +## +## Licensed to the Apache Software Foundation (ASF) under one +## or more contributor license agreements. See the NOTICE file +## distributed with this work for additional information +## regarding copyright ownership. The ASF licenses this file +## to you under the Apache License, Version 2.0 (the +## "License"); you may not use this file except in compliance +## with the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, +## software distributed under the License is distributed on an +## "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +## KIND, either express or implied. See the License for the +## specific language governing permissions and limitations +## under the License. +## +FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 +29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD +EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 +E485B576 625E7EC6 F44C42E9 A63A3620 FFFFFFFF FFFFFFFF diff --git a/files-sftp/src/main/resources/org/apache/sshd/common/kex/group14.prime b/files-sftp/src/main/resources/org/apache/sshd/common/kex/group14.prime new file mode 100644 index 0000000..568dce4 --- /dev/null +++ b/files-sftp/src/main/resources/org/apache/sshd/common/kex/group14.prime @@ -0,0 +1,29 @@ +## +## Licensed to the Apache Software Foundation (ASF) under one +## or more contributor license agreements. See the NOTICE file +## distributed with this work for additional information +## regarding copyright ownership. The ASF licenses this file +## to you under the Apache License, Version 2.0 (the +## "License"); you may not use this file except in compliance +## with the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, +## software distributed under the License is distributed on an +## "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +## KIND, either express or implied. See the License for the +## specific language governing permissions and limitations +## under the License. +## +FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 +29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD +EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 +E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED +EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D +C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F +83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D +670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B +E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 +DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510 +15728E5A 8AACAA68 FFFFFFFF FFFFFFFF diff --git a/files-sftp/src/main/resources/org/apache/sshd/common/kex/group15.prime b/files-sftp/src/main/resources/org/apache/sshd/common/kex/group15.prime new file mode 100644 index 0000000..404b368 --- /dev/null +++ b/files-sftp/src/main/resources/org/apache/sshd/common/kex/group15.prime @@ -0,0 +1,34 @@ +## +## Licensed to the Apache Software Foundation (ASF) under one +## or more contributor license agreements. See the NOTICE file +## distributed with this work for additional information +## regarding copyright ownership. The ASF licenses this file +## to you under the Apache License, Version 2.0 (the +## "License"); you may not use this file except in compliance +## with the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, +## software distributed under the License is distributed on an +## "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +## KIND, either express or implied. See the License for the +## specific language governing permissions and limitations +## under the License. +## +FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 +29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD +EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 +E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED +EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D +C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F +83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D +670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B +E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 +DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510 +15728E5A 8AAAC42D AD33170D 04507A33 A85521AB DF1CBA64 +ECFB8504 58DBEF0A 8AEA7157 5D060C7D B3970F85 A6E1E4C7 +ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226 1AD2EE6B +F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C +BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31 +43DB5BFC E0FD108E 4B82D120 A93AD2CA FFFFFFFF FFFFFFFF diff --git a/files-sftp/src/main/resources/org/apache/sshd/common/kex/group16.prime b/files-sftp/src/main/resources/org/apache/sshd/common/kex/group16.prime new file mode 100644 index 0000000..d907dd0 --- /dev/null +++ b/files-sftp/src/main/resources/org/apache/sshd/common/kex/group16.prime @@ -0,0 +1,40 @@ +## +## Licensed to the Apache Software Foundation (ASF) under one +## or more contributor license agreements. See the NOTICE file +## distributed with this work for additional information +## regarding copyright ownership. The ASF licenses this file +## to you under the Apache License, Version 2.0 (the +## "License"); you may not use this file except in compliance +## with the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, +## software distributed under the License is distributed on an +## "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +## KIND, either express or implied. See the License for the +## specific language governing permissions and limitations +## under the License. +## +FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 +29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD +EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 +E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED +EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D +C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F +83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D +670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B +E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 +DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510 +15728E5A 8AAAC42D AD33170D 04507A33 A85521AB DF1CBA64 +ECFB8504 58DBEF0A 8AEA7157 5D060C7D B3970F85 A6E1E4C7 +ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226 1AD2EE6B +F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C +BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31 +43DB5BFC E0FD108E 4B82D120 A9210801 1A723C12 A787E6D7 +88719A10 BDBA5B26 99C32718 6AF4E23C 1A946834 B6150BDA +2583E9CA 2AD44CE8 DBBBC2DB 04DE8EF9 2E8EFC14 1FBECAA6 +287C5947 4E6BC05D 99B2964F A090C3A2 233BA186 515BE7ED +1F612970 CEE2D7AF B81BDD76 2170481C D0069127 D5B05AA9 +93B4EA98 8D8FDDC1 86FFB7DC 90A6C08F 4DF435C9 34063199 +FFFFFFFF FFFFFFFF diff --git a/files-sftp/src/main/resources/org/apache/sshd/common/kex/group17.prime b/files-sftp/src/main/resources/org/apache/sshd/common/kex/group17.prime new file mode 100644 index 0000000..0506071 --- /dev/null +++ b/files-sftp/src/main/resources/org/apache/sshd/common/kex/group17.prime @@ -0,0 +1,46 @@ +## +## Licensed to the Apache Software Foundation (ASF) under one +## or more contributor license agreements. See the NOTICE file +## distributed with this work for additional information +## regarding copyright ownership. The ASF licenses this file +## to you under the Apache License, Version 2.0 (the +## "License"); you may not use this file except in compliance +## with the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, +## software distributed under the License is distributed on an +## "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +## KIND, either express or implied. See the License for the +## specific language governing permissions and limitations +## under the License. +## +FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 29024E08 +8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD EF9519B3 CD3A431B +302B0A6D F25F1437 4FE1356D 6D51C245 E485B576 625E7EC6 F44C42E9 +A637ED6B 0BFF5CB6 F406B7ED EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 +49286651 ECE45B3D C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 +FD24CF5F 83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D +670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B E39E772C +180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 DE2BCBF6 95581718 +3995497C EA956AE5 15D22618 98FA0510 15728E5A 8AAAC42D AD33170D +04507A33 A85521AB DF1CBA64 ECFB8504 58DBEF0A 8AEA7157 5D060C7D +B3970F85 A6E1E4C7 ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226 +1AD2EE6B F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C +BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31 43DB5BFC +E0FD108E 4B82D120 A9210801 1A723C12 A787E6D7 88719A10 BDBA5B26 +99C32718 6AF4E23C 1A946834 B6150BDA 2583E9CA 2AD44CE8 DBBBC2DB +04DE8EF9 2E8EFC14 1FBECAA6 287C5947 4E6BC05D 99B2964F A090C3A2 +233BA186 515BE7ED 1F612970 CEE2D7AF B81BDD76 2170481C D0069127 +D5B05AA9 93B4EA98 8D8FDDC1 86FFB7DC 90A6C08F 4DF435C9 34028492 +36C3FAB4 D27C7026 C1D4DCB2 602646DE C9751E76 3DBA37BD F8FF9406 +AD9E530E E5DB382F 413001AE B06A53ED 9027D831 179727B0 865A8918 +DA3EDBEB CF9B14ED 44CE6CBA CED4BB1B DB7F1447 E6CC254B 33205151 +2BD7AF42 6FB8F401 378CD2BF 5983CA01 C64B92EC F032EA15 D1721D03 +F482D7CE 6E74FEF6 D55E702F 46980C82 B5A84031 900B1C9E 59E7C97F +BEC7E8F3 23A97A7E 36CC88BE 0F1D45B7 FF585AC5 4BD407B2 2B4154AA +CC8F6D7E BF48E1D8 14CC5ED2 0F8037E0 A79715EE F29BE328 06A1D58B +B7C5DA76 F550AA3D 8A1FBFF0 EB19CCB1 A313D55C DA56C9EC 2EF29632 +387FE8D7 6E3C0468 043E8F66 3F4860EE 12BF2D5B 0B7474D6 E694F91E +6DCC4024 FFFFFFFF FFFFFFFF diff --git a/files-sftp/src/main/resources/org/apache/sshd/common/kex/group18.prime b/files-sftp/src/main/resources/org/apache/sshd/common/kex/group18.prime new file mode 100644 index 0000000..238e72a --- /dev/null +++ b/files-sftp/src/main/resources/org/apache/sshd/common/kex/group18.prime @@ -0,0 +1,61 @@ +## +## Licensed to the Apache Software Foundation (ASF) under one +## or more contributor license agreements. See the NOTICE file +## distributed with this work for additional information +## regarding copyright ownership. The ASF licenses this file +## to you under the Apache License, Version 2.0 (the +## "License"); you may not use this file except in compliance +## with the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, +## software distributed under the License is distributed on an +## "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +## KIND, either express or implied. See the License for the +## specific language governing permissions and limitations +## under the License. +## +FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 +29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD +EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 +E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED +EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D +C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F +83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D +670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B +E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 +DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510 +15728E5A 8AAAC42D AD33170D 04507A33 A85521AB DF1CBA64 +ECFB8504 58DBEF0A 8AEA7157 5D060C7D B3970F85 A6E1E4C7 +ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226 1AD2EE6B +F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C +BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31 +43DB5BFC E0FD108E 4B82D120 A9210801 1A723C12 A787E6D7 +88719A10 BDBA5B26 99C32718 6AF4E23C 1A946834 B6150BDA +2583E9CA 2AD44CE8 DBBBC2DB 04DE8EF9 2E8EFC14 1FBECAA6 +287C5947 4E6BC05D 99B2964F A090C3A2 233BA186 515BE7ED +1F612970 CEE2D7AF B81BDD76 2170481C D0069127 D5B05AA9 +93B4EA98 8D8FDDC1 86FFB7DC 90A6C08F 4DF435C9 34028492 +36C3FAB4 D27C7026 C1D4DCB2 602646DE C9751E76 3DBA37BD +F8FF9406 AD9E530E E5DB382F 413001AE B06A53ED 9027D831 +179727B0 865A8918 DA3EDBEB CF9B14ED 44CE6CBA CED4BB1B +DB7F1447 E6CC254B 33205151 2BD7AF42 6FB8F401 378CD2BF +5983CA01 C64B92EC F032EA15 D1721D03 F482D7CE 6E74FEF6 +D55E702F 46980C82 B5A84031 900B1C9E 59E7C97F BEC7E8F3 +23A97A7E 36CC88BE 0F1D45B7 FF585AC5 4BD407B2 2B4154AA +CC8F6D7E BF48E1D8 14CC5ED2 0F8037E0 A79715EE F29BE328 +06A1D58B B7C5DA76 F550AA3D 8A1FBFF0 EB19CCB1 A313D55C +DA56C9EC 2EF29632 387FE8D7 6E3C0468 043E8F66 3F4860EE +12BF2D5B 0B7474D6 E694F91E 6DBE1159 74A3926F 12FEE5E4 +38777CB6 A932DF8C D8BEC4D0 73B931BA 3BC832B6 8D9DD300 +741FA7BF 8AFC47ED 2576F693 6BA42466 3AAB639C 5AE4F568 +3423B474 2BF1C978 238F16CB E39D652D E3FDB8BE FC848AD9 +22222E04 A4037C07 13EB57A8 1A23F0C7 3473FC64 6CEA306B +4BCBC886 2F8385DD FA9D4B7F A2C087E8 79683303 ED5BDD3A +062B3CF5 B3A278A6 6D2A13F8 3F44F82D DF310EE0 74AB6A36 +4597E899 A0255DC1 64F31CC5 0846851D F9AB4819 5DED7EA1 +B1D510BD 7EE74D73 FAF36BC3 1ECFA268 359046F4 EB879F92 +4009438B 481C6CD7 889A002E D5EE382B C9190DA6 FC026E47 +9558E447 5677E9AA 9E3050E2 765694DF C81F56E8 80B96E71 +60C980DD 98EDD3DF FFFFFFFF FFFFFFFF diff --git a/files-sftp/src/main/resources/org/apache/sshd/common/kex/group2.prime b/files-sftp/src/main/resources/org/apache/sshd/common/kex/group2.prime new file mode 100644 index 0000000..4afe342 --- /dev/null +++ b/files-sftp/src/main/resources/org/apache/sshd/common/kex/group2.prime @@ -0,0 +1,24 @@ +## +## Licensed to the Apache Software Foundation (ASF) under one +## or more contributor license agreements. See the NOTICE file +## distributed with this work for additional information +## regarding copyright ownership. The ASF licenses this file +## to you under the Apache License, Version 2.0 (the +## "License"); you may not use this file except in compliance +## with the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, +## software distributed under the License is distributed on an +## "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +## KIND, either express or implied. See the License for the +## specific language governing permissions and limitations +## under the License. +## +FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 +29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD +EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 +E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED +EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 +FFFFFFFF FFFFFFFF diff --git a/files-sftp/src/main/resources/org/apache/sshd/common/kex/group5.prime b/files-sftp/src/main/resources/org/apache/sshd/common/kex/group5.prime new file mode 100644 index 0000000..87c69e6 --- /dev/null +++ b/files-sftp/src/main/resources/org/apache/sshd/common/kex/group5.prime @@ -0,0 +1,26 @@ +## +## Licensed to the Apache Software Foundation (ASF) under one +## or more contributor license agreements. See the NOTICE file +## distributed with this work for additional information +## regarding copyright ownership. The ASF licenses this file +## to you under the Apache License, Version 2.0 (the +## "License"); you may not use this file except in compliance +## with the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, +## software distributed under the License is distributed on an +## "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +## KIND, either express or implied. See the License for the +## specific language governing permissions and limitations +## under the License. +## +FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 +29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD +EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 +E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED +EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D +C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F +83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D +670C354E 4ABC9804 F1746C08 CA237327 FFFFFFFF FFFFFFFF diff --git a/files-sftp/src/main/resources/org/apache/sshd/moduli b/files-sftp/src/main/resources/org/apache/sshd/moduli new file mode 100644 index 0000000..cbeac9e --- /dev/null +++ b/files-sftp/src/main/resources/org/apache/sshd/moduli @@ -0,0 +1,260 @@ +## +## Licensed to the Apache Software Foundation (ASF) under one +## or more contributor license agreements. See the NOTICE file +## distributed with this work for additional information +## regarding copyright ownership. The ASF licenses this file +## to you under the Apache License, Version 2.0 (the +## "License"); you may not use this file except in compliance +## with the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, +## software distributed under the License is distributed on an +## "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +## KIND, either express or implied. See the License for the +## specific language governing permissions and limitations +## under the License. +## +# Time Type Tests Tries Size Generator Modulus +20140127140930 2 6 100 1023 5 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDB89B83F +20140127140931 2 6 100 1023 2 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDBAC2B8B +20140127140931 2 6 100 1023 5 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDBB39ACF +20140127140932 2 6 100 1023 5 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDBEC517F +20140127140932 2 6 100 1023 2 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDBFC0CC3 +20140127140933 2 6 100 1023 2 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDC06EE73 +20140127140934 2 6 100 1023 2 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDC402B03 +20140127140934 2 6 100 1023 5 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDC4579C7 +20140127140934 2 6 100 1023 5 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDC57A007 +20140127140935 2 6 100 1023 2 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDC878543 +20140127140936 2 6 100 1023 5 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDCA7E3AF +20140127140936 2 6 100 1023 2 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDCB38283 +20140127140936 2 6 100 1023 5 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDCC41AA7 +20140127140937 2 6 100 1023 5 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDCCA664F +20140127140937 2 6 100 1023 2 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDCF8D6CB +20140127140938 2 6 100 1023 2 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDD1AB723 +20140127140938 2 6 100 1023 5 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDD1F5F7F +20140127140938 2 6 100 1023 5 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDD24B05F +20140127140939 2 6 100 1023 5 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDD281A07 +20140127140939 2 6 100 1023 5 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDD2FD787 +20140127140939 2 6 100 1023 2 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDD38AC8B +20140127140939 2 6 100 1023 2 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDD3C3C2B +20140127140940 2 6 100 1023 5 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDD47D667 +20140127140940 2 6 100 1023 5 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDD598D8F +20140127140940 2 6 100 1023 2 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDD655BBB +20140127140940 2 6 100 1023 5 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDD669DB7 +20140127140941 2 6 100 1023 5 F7296031D29FD576A78C44B0D533A37ADC0046C3EE1D4A47332CBEC594D87A9A3639A7925A5B88BD117A037B8BDB5558D4CC15BC028FAE248897E52400C6226134D096F781FDFCA5055FF3015901D6ACE7E14A96109D6227615F3FD9990139E3CB9453FB35DF995EDFDD841E0D38F3E81ECAC157E8A804B105CC474EDD78EA4F +20140127142923 2 6 100 1535 5 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805B3418D7 +20140127142924 2 6 100 1535 5 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805B44F5EF +20140127142928 2 6 100 1535 2 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805B76621B +20140127142931 2 6 100 1535 2 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805BA45CFB +20140127142933 2 6 100 1535 2 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805BBB5DE3 +20140127142934 2 6 100 1535 2 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805BC337E3 +20140127142937 2 6 100 1535 5 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805BF3A6A7 +20140127142938 2 6 100 1535 5 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805BF4C83F +20140127142942 2 6 100 1535 5 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805C323CFF +20140127142943 2 6 100 1535 2 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805C408F23 +20140127142944 2 6 100 1535 5 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805C451547 +20140127142948 2 6 100 1535 5 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805C7D498F +20140127142951 2 6 100 1535 5 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805C9DE587 +20140127142953 2 6 100 1535 2 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805CBC9333 +20140127142956 2 6 100 1535 2 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805CE2F50B +20140127142958 2 6 100 1535 2 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805CF24CE3 +20140127143000 2 6 100 1535 2 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805D0477D3 +20140127143000 2 6 100 1535 2 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805D0A7FE3 +20140127143002 2 6 100 1535 2 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805D230923 +20140127143005 2 6 100 1535 5 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805D4267E7 +20140127143008 2 6 100 1535 2 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805D7FAD13 +20140127143011 2 6 100 1535 2 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805DA15C03 +20140127143012 2 6 100 1535 5 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805DB1067F +20140127143013 2 6 100 1535 5 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805DB97247 +20140127143015 2 6 100 1535 5 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805DCDB157 +20140127143015 2 6 100 1535 5 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805DCE52F7 +20140127143016 2 6 100 1535 5 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805DD08487 +20140127143017 2 6 100 1535 2 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805DE2955B +20140127143020 2 6 100 1535 2 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805E0EC02B +20140127143021 2 6 100 1535 5 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805E1D4537 +20140127143022 2 6 100 1535 2 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805E26DFF3 +20140127143025 2 6 100 1535 2 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805E5A346B +20140127143027 2 6 100 1535 2 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805E6EC673 +20140127143028 2 6 100 1535 2 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805E77D993 +20140127143031 2 6 100 1535 2 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805EA8F01B +20140127143032 2 6 100 1535 2 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805EB354EB +20140127143036 2 6 100 1535 2 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805EF3F31B +20140127143042 2 6 100 1535 5 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805F7341A7 +20140127143044 2 6 100 1535 2 D4E2E036F7A703D6721C26CBE564A344810A6F046B85684DF7C428D37DC90E3072D87FB3B6BB274ABF304C7FAE97E00125362D33F52F7AE650637505779D8026C38706A9096778596DFCD60C0EB2B5CA4DFA1530C8F6CBE7EB5A001E3904F6B277E1A4DDF11377042AAB6D782D90495EB4436C9E84668EA5E031ADCF9DF0ECC3853A3D3E1219B1AB88458BC9151DE479EB27B295FB6CDF9EC006B61BDC1B21C1BB682DB71B7912C645F3F6D4C122365A78338833C53511691C95F6805F8E3C5B +20140127140326 2 6 100 2047 2 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F12F6D10D3 +20140127140331 2 6 100 2047 2 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F12F909B43 +20140127140338 2 6 100 2047 2 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F12FC7E003 +20140127140345 2 6 100 2047 2 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F130034A7B +20140127140353 2 6 100 2047 5 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F130470DD7 +20140127140406 2 6 100 2047 5 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F130AFD06F +20140127140414 2 6 100 2047 5 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F130FB099F +20140127140427 2 6 100 2047 2 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F1316AC7B3 +20140127140434 2 6 100 2047 5 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F131A3195F +20140127140446 2 6 100 2047 5 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F1320DC71F +20140127140450 2 6 100 2047 2 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F1322860FB +20140127140452 2 6 100 2047 2 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F132364443 +20140127140456 2 6 100 2047 5 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F13253FB77 +20140127140503 2 6 100 2047 2 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F1328B7AF3 +20140127140510 2 6 100 2047 5 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F132C1EBC7 +20140127140514 2 6 100 2047 5 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F132E44A97 +20140127140516 2 6 100 2047 5 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F132EC958F +20140127140525 2 6 100 2047 2 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F13339A8FB +20140127140532 2 6 100 2047 2 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F1336B95D3 +20140127140541 2 6 100 2047 2 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F133B8CA93 +20140127140546 2 6 100 2047 2 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F133DD29EB +20140127140549 2 6 100 2047 2 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F133F677F3 +20140127140553 2 6 100 2047 5 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F134148E67 +20140127140557 2 6 100 2047 5 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F13431C117 +20140127140600 2 6 100 2047 2 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F134407E4B +20140127140606 2 6 100 2047 5 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F1346D7B9F +20140127140609 2 6 100 2047 5 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F134847EF7 +20140127140611 2 6 100 2047 5 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F1348CCDAF +20140127140621 2 6 100 2047 2 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F134E188C3 +20140127140640 2 6 100 2047 2 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F1358D75F3 +20140127140645 2 6 100 2047 2 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F135B8795B +20140127140653 2 6 100 2047 2 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F135FDA0D3 +20140127140655 2 6 100 2047 2 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F13601BB33 +20140127140701 2 6 100 2047 5 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F13637A9FF +20140127140706 2 6 100 2047 5 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F136611D8F +20140127140708 2 6 100 2047 5 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F13663BCE7 +20140127140716 2 6 100 2047 2 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F136AC647B +20140127140722 2 6 100 2047 2 CF14CEC123C83DF3CF6EA7A5A4C03FB0B1542DCAA09DDFC11B5F8AD4468D28A193BC550E267308712F30688BB9559F68224F1262331E900F9F89E04A7CE2A0126FB2B69008B71219ED6109E6E353A893977179CD9CC15C980D8921EA61C56FD36752819816E7D658F22F2FC1698C30392E4BB97023B0D9943B13286CAC1C351C342341CCE3234D8C5C70B6369158D6DEA23037045D19C690FAF4A7F50750A2ECEF42223DA315999847C624A5BCAA0CF634F0F827DC14762E4F63827A15411BC8CFF3BCAAFD3C5D69D9D033B5D99FEF178881960E09C085819EF2255BD0715378E051EA56AB9341F46698FAF86B736C745E1B152082251CBB6969E8F136DD3C1B +20140127143123 2 6 100 3071 5 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC4EA9A497 +20140127143133 2 6 100 3071 5 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC4EBBCCCF +20140127143201 2 6 100 3071 2 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC4EFF9C43 +20140127143254 2 6 100 3071 5 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC4F7C8717 +20140127143305 2 6 100 3071 2 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC4F8C3E0B +20140127143341 2 6 100 3071 5 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC4FDA3D3F +20140127143752 2 6 100 3071 2 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC51E6BCF3 +20140127144203 2 6 100 3071 2 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC5408D733 +20140127144219 2 6 100 3071 5 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC5426CD4F +20140127144309 2 6 100 3071 2 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC5494A0B3 +20140127144348 2 6 100 3071 5 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC54F6B4F7 +20140127144419 2 6 100 3071 5 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC5541844F +20140127144507 2 6 100 3071 2 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC55BCFA7B +20140127144615 2 6 100 3071 2 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC567202DB +20140127144624 2 6 100 3071 5 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC567FB08F +20140127144655 2 6 100 3071 2 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC56CBF43B +20140127144725 2 6 100 3071 2 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC57170B93 +20140127144733 2 6 100 3071 5 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC5724EEE7 +20140127144753 2 6 100 3071 2 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC5755CD3B +20140127145332 2 6 100 3071 2 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC5AC92023 +20140127145353 2 6 100 3071 2 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC5AEBDA8B +20140127145427 2 6 100 3071 2 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC5B279D83 +20140127145746 2 6 100 3071 5 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC5CACDA5F +20140127145759 2 6 100 3071 2 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC5CC0327B +20140127145813 2 6 100 3071 2 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC5CD2C39B +20140127150134 2 6 100 3071 2 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC5E557C8B +20140127150200 2 6 100 3071 2 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC5E7DC7F3 +20140127150347 2 6 100 3071 2 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC5F4F902B +20140127150504 2 6 100 3071 2 E7C0C98C9D41A9EA954B29C7818A036BA976086341E6765FB2891CBD09803DFEFE6578312244B5C1C34B4444759BB5A552DD2CB1B328714ACE98B418F9DF1C58C13158E7C493FBC7933BC483F2F224A59425DFD4B853C75A3DE8DA0457D3F62CAC105E2BE604F86A15F422D6B3EE5A735B40CFDD17EDAF0065BB9E431B08EE941C8304B98846664E1C87E9268F2166AAD33EE5D52E4F1970AA385E1D72DF9AB4721BE9EE701BED695025F96A75579C71A68E9DE8D167F4651D3349D0E9C00005E979A9ED680D69C3B36B32FC5C1A465376F18AE9871ECAE3767DF24CAE0C2615554230C891B9B680907BC70EF6EE745E4315C44144D2EAFEEDA37E83A4065674344EA004FEF0480877D5D0C8D26F33C05165CC9ECD9F75EC0A83864DD12676818E46D0B82157ABE8381078002F1E3CA8D0E159502BDA7C3D36D93FCC582C153C862EE5E8FE080D54FD70E7BCD45AF9C2750D1E69DAEE286863829EA01CB3AF1554313666551A4D05894FCBEF72365ACA3C73812F0DBED9FD415A5CCC5FDECDEB +20140127142523 2 6 100 4095 2 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215C82418D3 +20140127142642 2 6 100 4095 5 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215C86F3A6F +20140127142724 2 6 100 4095 2 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215C8915583 +20140127142901 2 6 100 4095 5 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215C901485F +20140127143012 2 6 100 4095 5 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215C942F057 +20140127143049 2 6 100 4095 2 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215C964DC73 +20140127143153 2 6 100 4095 2 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215C9A6576B +20140127143336 2 6 100 4095 2 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215CA0E5E83 +20140127143804 2 6 100 4095 2 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215CAFCD2E3 +20140127143824 2 6 100 4095 2 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215CB05A5FB +20140127144355 2 6 100 4095 5 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215CC4A19E7 +20140127144423 2 6 100 4095 5 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215CC626D9F +20140127144659 2 6 100 4095 2 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215CD165BF3 +20140127145142 2 6 100 4095 5 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215CE756DCF +20140127145732 2 6 100 4095 2 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215CFA600E3 +20140127145745 2 6 100 4095 5 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215CFA88007 +20140127145803 2 6 100 4095 5 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215CFB014A7 +20140127150113 2 6 100 4095 5 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215D051227F +20140127150130 2 6 100 4095 2 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215D057717B +20140127151528 2 6 100 4095 5 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215D36CCF77 +20140127152112 2 6 100 4095 2 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215D4B82A7B +20140127152147 2 6 100 4095 2 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215D4D44283 +20140127152449 2 6 100 4095 2 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215D57D6613 +20140127153014 2 6 100 4095 5 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215D6B2A417 +20140127153100 2 6 100 4095 2 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215D6D7622B +20140127153148 2 6 100 4095 5 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215D6FCAED7 +20140127153203 2 6 100 4095 5 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215D702EB67 +20140127154201 2 6 100 4095 5 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215D933665F +20140127154427 2 6 100 4095 2 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215D9BB7A23 +20140127154847 2 6 100 4095 2 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215DAAD9D5B +20140127155329 2 6 100 4095 2 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215DBB93E9B +20140127155549 2 6 100 4095 5 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215DC3B6CCF +20140127160207 2 6 100 4095 5 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215DDA0DD67 +20140127160233 2 6 100 4095 5 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215DDB03FD7 +20140127160916 2 6 100 4095 2 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215DF2AA26B +20140127161633 2 6 100 4095 5 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215E0C3A777 +20140127162302 2 6 100 4095 5 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215E236D70F +20140127162507 2 6 100 4095 2 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215E2A5BAE3 +20140127162755 2 6 100 4095 2 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215E33A50EB +20140127163207 2 6 100 4095 2 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215E4237843 +20140127164725 2 6 100 4095 2 C082C6D5214016F2748DBC7D756DF9A769F0FCA6A162ACAF8DF354C82684FA5D6471B940AB4283F6BF477624A7A880AE06B1AB60E0EA339B0875244F28869D5661A0DC75425A889F6BD03E937983F896DB02E3E5D782F68B7463E88DEC396ED8C03F7F832DD1D1056EAC8444AEB64C73DB754BAAFCB4CBD642CD5C6257794434494E8A2DFBA7EAA108935B4045CB49EE0E6A2EB6E75E72CFF6B9B7BE69A61D44511EE6CA207C43012CE8DA86C293AD25FE9B3610806DF16CEE48537784CCF04C2A3AA5F1CE5CA302E3D5B07B925B32910A72CCDAC361582836287AF4E7D20A0C314EC58292EDC1C67E9DEE7FC0A88A1ADCE1C6EC45D2398E523858892086888B60E12CD3374A454BF59890A98B4D7A784B64D809CB59207CF9360193C920896F731DA355CABDFCBDF827EFB03D300D94AB207C52B00E78146680A793F3EA65D4428F1BC2456AACDC99985DB10934182F431195FB517DC37F643360EC34859E86D49602E1A2454204982F4AECBC4C7411322E4FCD4AE8EE5076B0D4707E61878EF568FE50AC8B4786DDC2AD7391B8FA9D23651A5D695DF30A4C29CEFB57ABC21DE062D4C16E345AB416CCF69B3AA2C8076BD7730DDD2AF3249D7AA5D0613439F38DC97536758BF31687122B6D5FC32AEA7E306020A5DA4CBC719F9BFCB1E17EE1968D21ECCBAAB24923B7D7FFF30714C4713472C0BBF4D846D39E0215E7483963 +20140127153847 2 6 100 6143 5 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B67495FE2CAFF +20140127155006 2 6 100 6143 2 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B674960B4CB3B +20140127155244 2 6 100 6143 5 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B674960DA0077 +20140127161220 2 6 100 6143 5 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B6749624E28F7 +20140127164409 2 6 100 6143 2 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B6749649C4E7B +20140127164838 2 6 100 6143 2 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B674964D8ED63 +20140127170427 2 6 100 6143 2 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B674966275EDB +20140127171339 2 6 100 6143 2 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B674966DCA593 +20140127173958 2 6 100 6143 5 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B674969029D67 +20140127175621 2 6 100 6143 5 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B67496A63DC2F +20140127183032 2 6 100 6143 5 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B67496B9C842F +20140127191446 2 6 100 6143 2 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B67496F84A9C3 +20140127221132 2 6 100 6143 2 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B674970C52A43 +20140127233749 2 6 100 6143 5 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B674977C6B72F +20140128001200 2 6 100 6143 5 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B67497AA81907 +20140128002233 2 6 100 6143 2 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B67497B8F8C33 +20140128071028 2 6 100 6143 2 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B67497E6C8E1B +20140128075101 2 6 100 6143 2 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B674981A806EB +20140128080531 2 6 100 6143 5 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B674982C07257 +20140128085557 2 6 100 6143 5 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B674986FCB3B7 +20140128091050 2 6 100 6143 2 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B67498834366B +20140128092003 2 6 100 6143 2 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B674988ECCDC3 +20140128093442 2 6 100 6143 5 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B67498A16F1BF +20140128101520 2 6 100 6143 2 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B67498D5F2933 +20140128105516 2 6 100 6143 2 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B674990B67C43 +20140128112506 2 6 100 6143 5 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B67499328E877 +20140128113709 2 6 100 6143 5 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B6749942B8BDF +20140128114938 2 6 100 6143 2 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B67499535D7BB +20140128130910 2 6 100 6143 5 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B67499B294BE7 +20140128131726 2 6 100 6143 5 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B67499BD22FE7 +20140128132330 2 6 100 6143 2 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B67499C46B163 +20140128135052 2 6 100 6143 2 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B67499E4EE58B +20140128140553 2 6 100 6143 2 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B67499F7869EB +20140128142434 2 6 100 6143 5 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B6749A0E7E07F +20140128144629 2 6 100 6143 2 D1A0D510832FFDC8C85B7D88F15B390C9732BD815FF78F80745C4E8CAA2D44FBEB2B5A899EEE74BBB6578827FE640055BA9443ED5E17CA5EB1A1EC40BB35A1E2364D609681FC8598AD443D7099E99070FB47934683DAAC08FBEF1D4C4F027B4035EC06C856D56E71A24418F46B59867DD9EC08F4049322279D54876850055A23543889B8EB10A8A5C69064A7AAB5A4D47886A0B7A0D445849BD9F934E2C760B03D970B36E8A6C986D7375E4A919EF2CDE615727B795C4421C6E6C75F5B05185C6BB21EB3470E825098A2056E0CD08DA7E71433F0276324CCB886A9EFE81072C71BEEA1540D12E90EB4F5360CDAF653D3BBF79E99B4A380E41DC36A0ECB4CF62E365B6C000F520C088F671BC41308E060137F39E5B3C5B457C1DA6C8AB7F49788954882E9D821ADD1B32946E93083AF43FF2BFDD1DAB780243BC5A49C76BDB760401DBA4FA4784AB6D6266F7A96481A42DF41A37468DCB2590634FB9CFA12C4EF39D7E7F2D5E9B69BA7AC9BC6E220936EFC0F582E7D987948E7FC06DBD3A3B327A0BEB47632D8C0B48950A73421AA5DD56EAEF55805E9B292A6C2ABA1D15B70B1FCDD65726938A2A348479FD884BE1D555B3B30610E6B520D5FAAE4A502165D264D104F8DCAFF53EF95EA656CAFFD4FE8B5EAB36BAAE5CB35E03F9A7DDC2EEFAE0E43E8207C3FB21ABF4387C53A4B0293479358580003717A21704029F64537CD8F1E894F47FD2C47E9F8529F69149AE17E656AD3B540A1E169BE27C1FE1015161BB14AE1595E6D7538DBD6ACB35BBE4BD08226450FDB79AA0F18BFD7C1DBF7734DE15427AA2FF77C39B7DCDB95BB77DD8F73EBF77A560116AC2CB3D6B8E4C03335F518BFB89F68E9B9EDD1637199FAE18122560807481F71CFDBB064D6089D096F6F24C9BAB95D06B9FBB402D6D0EB42A3B49C16ADBB7DDA9FD6BDA2C16588DC0A5E536DBD15D3CD3D8EE9EC0D87821882E88C61B9FB54B8CAD17E0A61A7AA49A2634F63E25B1369298EEB3A98124FFFDA08CE2AE1F31A630039A846A049F412D5B8F0B8836F9D864099A16D7D8AD1CD52F87D5760612035A91B6749A2836F3B +20140127185120 2 6 100 7669 2 3EBBC157E30944F37FBBA2C1557F183EA5F1B56A337B7CF3D473DAF0C433A574BE6AD0AC0575D46837D24AFC69B59B734656E2EC48BAC56A7C0F4BC55E31DB777DAE179AF31851987319FD0ACA05D7D77D3201FC21E058D2E3DB8DCC370FCADB86FAA3682141D834718F91CFDB22B6573DA5221F7FF2E847FB27A74B3A149ADA43D4F2CFAC22E3CE52AE5BB3EC2C562C277570CAA8426918D376231782DA4976030A3887090846756E80B8F0CFE40EC286E6E3219A0B372A9B2F709598EC22D38EE361B9B1E95594D09608BAAD85B64C04FF26402AA41A49EB7315A58809A09ADAF7A9F0DEC06883CB24AD6DBF2BD0A97656605A4376AB3B18639885691172305BA1979E8FC0420B1FD14A1A45E99EE786A55762AD1B12FDBE97484A8B56AE48A3A4DF66D0B51E3FC6425B7D7701A2BD34681264E1ECC3A1CB4593993ADE7BA401DE125D3DF1C93B8943A3ADB0EDA8BB74188B1A91B7224443C5482CF239B4C150AF92889C20C8ACA6B4E1579BCB89C17020E697E459111A7B6B8A6376E56631AD23852933C5F27E845CDA350AA15C2F196B42244E0C1CBFCFAE6EF85B1C9DA9EF7E22C5F66E0D528E9CBFFB36F9D1B54492A5CE4E7EB3A9C5FD47667A8FF62E58690AFB7F800AA9493D9B81B770E745D0D5677F93195E1B829EF7B0F5A4E84AD8861B9CA6537274D11D29F0274927E337D8FD6D8258D9C278B7E313856F94B93DF3FCB9AA4A7DA43D4C62242DB9DBB57293B72F9599BC8494DE936556C6BDD403D5992AC2AEA730506A843E6B448E8756FB08374BA4280C7A0021E11E18ACB4BD7E04F609C1650E247E87D599406DBE4FB402041E9DCEAE09DCA9934AB48600D4B16FCE1479A4F0BF9059A3477373665B4F2D63452EA5E7BCE9EDE911816A82A8A3F89335E6BDB1A7B2A9CB496E7E9EDB479348B273AB52CE91D4A206FFC5F8688577F2B0B155C1987FA2516749052D89FECB2DC9BF97014C1E9CB228E9F77B4996D696C167D7D4C877CB8B564CCC89F56CDDB867D7DA320642275800A317E45AD0ADD0B89132CD6228F60A2AD2397F7B8BD7D554C790696EEF5976CF1E6E906DED1AB94AE5E76C9777B939422139762202BF18E21A58FA681BFE8E5D86E09CB3EB821B512F89EACB550F9368BD8297EE4DF69C022DBA00658C1D6C2D5A8D7EBFF0A5D662436247F7146332E2582D3FBE2FB6FB1D9B42F4108987B0FBB6B1139B5424ED923729782DFCD38592AC0BBB02C76D0B6A982E1B11116C7132632D08BA79A4100ADFFC5F10D634B453AB2137EBCD075888FA1AFC924116753847570DE375A38A4FA3E8A402D9384E286E811AB0CAD5C9EFEAE5419B833CAD6D9B43 +20140127221849 2 6 100 7669 2 3EBBC157E30944F37FBBA2C1557F183EA5F1B56A337B7CF3D473DAF0C433A574BE6AD0AC0575D46837D24AFC69B59B734656E2EC48BAC56A7C0F4BC55E31DB777DAE179AF31851987319FD0ACA05D7D77D3201FC21E058D2E3DB8DCC370FCADB86FAA3682141D834718F91CFDB22B6573DA5221F7FF2E847FB27A74B3A149ADA43D4F2CFAC22E3CE52AE5BB3EC2C562C277570CAA8426918D376231782DA4976030A3887090846756E80B8F0CFE40EC286E6E3219A0B372A9B2F709598EC22D38EE361B9B1E95594D09608BAAD85B64C04FF26402AA41A49EB7315A58809A09ADAF7A9F0DEC06883CB24AD6DBF2BD0A97656605A4376AB3B18639885691172305BA1979E8FC0420B1FD14A1A45E99EE786A55762AD1B12FDBE97484A8B56AE48A3A4DF66D0B51E3FC6425B7D7701A2BD34681264E1ECC3A1CB4593993ADE7BA401DE125D3DF1C93B8943A3ADB0EDA8BB74188B1A91B7224443C5482CF239B4C150AF92889C20C8ACA6B4E1579BCB89C17020E697E459111A7B6B8A6376E56631AD23852933C5F27E845CDA350AA15C2F196B42244E0C1CBFCFAE6EF85B1C9DA9EF7E22C5F66E0D528E9CBFFB36F9D1B54492A5CE4E7EB3A9C5FD47667A8FF62E58690AFB7F800AA9493D9B81B770E745D0D5677F93195E1B829EF7B0F5A4E84AD8861B9CA6537274D11D29F0274927E337D8FD6D8258D9C278B7E313856F94B93DF3FCB9AA4A7DA43D4C62242DB9DBB57293B72F9599BC8494DE936556C6BDD403D5992AC2AEA730506A843E6B448E8756FB08374BA4280C7A0021E11E18ACB4BD7E04F609C1650E247E87D599406DBE4FB402041E9DCEAE09DCA9934AB48600D4B16FCE1479A4F0BF9059A3477373665B4F2D63452EA5E7BCE9EDE911816A82A8A3F89335E6BDB1A7B2A9CB496E7E9EDB479348B273AB52CE91D4A206FFC5F8688577F2B0B155C1987FA2516749052D89FECB2DC9BF97014C1E9CB228E9F77B4996D696C167D7D4C877CB8B564CCC89F56CDDB867D7DA320642275800A317E45AD0ADD0B89132CD6228F60A2AD2397F7B8BD7D554C790696EEF5976CF1E6E906DED1AB94AE5E76C9777B939422139762202BF18E21A58FA681BFE8E5D86E09CB3EB821B512F89EACB550F9368BD8297EE4DF69C022DBA00658C1D6C2D5A8D7EBFF0A5D662436247F7146332E2582D3FBE2FB6FB1D9B42F4108987B0FBB6B1139B5424ED923729782DFCD38592AC0BBB02C76D0B6A982E1B11116C7132632D08BA79A4100ADFFC5F10D634B453AB2137EBCD075888FA1AFC924116753847570DE375A38A4FA3E8A402D9384E286E811AB0CAD5C9EFEAE5419B833CAFA3B87B +20140127234504 2 6 100 7669 5 3EBBC157E30944F37FBBA2C1557F183EA5F1B56A337B7CF3D473DAF0C433A574BE6AD0AC0575D46837D24AFC69B59B734656E2EC48BAC56A7C0F4BC55E31DB777DAE179AF31851987319FD0ACA05D7D77D3201FC21E058D2E3DB8DCC370FCADB86FAA3682141D834718F91CFDB22B6573DA5221F7FF2E847FB27A74B3A149ADA43D4F2CFAC22E3CE52AE5BB3EC2C562C277570CAA8426918D376231782DA4976030A3887090846756E80B8F0CFE40EC286E6E3219A0B372A9B2F709598EC22D38EE361B9B1E95594D09608BAAD85B64C04FF26402AA41A49EB7315A58809A09ADAF7A9F0DEC06883CB24AD6DBF2BD0A97656605A4376AB3B18639885691172305BA1979E8FC0420B1FD14A1A45E99EE786A55762AD1B12FDBE97484A8B56AE48A3A4DF66D0B51E3FC6425B7D7701A2BD34681264E1ECC3A1CB4593993ADE7BA401DE125D3DF1C93B8943A3ADB0EDA8BB74188B1A91B7224443C5482CF239B4C150AF92889C20C8ACA6B4E1579BCB89C17020E697E459111A7B6B8A6376E56631AD23852933C5F27E845CDA350AA15C2F196B42244E0C1CBFCFAE6EF85B1C9DA9EF7E22C5F66E0D528E9CBFFB36F9D1B54492A5CE4E7EB3A9C5FD47667A8FF62E58690AFB7F800AA9493D9B81B770E745D0D5677F93195E1B829EF7B0F5A4E84AD8861B9CA6537274D11D29F0274927E337D8FD6D8258D9C278B7E313856F94B93DF3FCB9AA4A7DA43D4C62242DB9DBB57293B72F9599BC8494DE936556C6BDD403D5992AC2AEA730506A843E6B448E8756FB08374BA4280C7A0021E11E18ACB4BD7E04F609C1650E247E87D599406DBE4FB402041E9DCEAE09DCA9934AB48600D4B16FCE1479A4F0BF9059A3477373665B4F2D63452EA5E7BCE9EDE911816A82A8A3F89335E6BDB1A7B2A9CB496E7E9EDB479348B273AB52CE91D4A206FFC5F8688577F2B0B155C1987FA2516749052D89FECB2DC9BF97014C1E9CB228E9F77B4996D696C167D7D4C877CB8B564CCC89F56CDDB867D7DA320642275800A317E45AD0ADD0B89132CD6228F60A2AD2397F7B8BD7D554C790696EEF5976CF1E6E906DED1AB94AE5E76C9777B939422139762202BF18E21A58FA681BFE8E5D86E09CB3EB821B512F89EACB550F9368BD8297EE4DF69C022DBA00658C1D6C2D5A8D7EBFF0A5D662436247F7146332E2582D3FBE2FB6FB1D9B42F4108987B0FBB6B1139B5424ED923729782DFCD38592AC0BBB02C76D0B6A982E1B11116C7132632D08BA79A4100ADFFC5F10D634B453AB2137EBCD075888FA1AFC924116753847570DE375A38A4FA3E8A402D9384E286E811AB0CAD5C9EFEAE5419B833CB38FE6E7 +20140128081253 2 6 100 7669 5 3EBBC157E30944F37FBBA2C1557F183EA5F1B56A337B7CF3D473DAF0C433A574BE6AD0AC0575D46837D24AFC69B59B734656E2EC48BAC56A7C0F4BC55E31DB777DAE179AF31851987319FD0ACA05D7D77D3201FC21E058D2E3DB8DCC370FCADB86FAA3682141D834718F91CFDB22B6573DA5221F7FF2E847FB27A74B3A149ADA43D4F2CFAC22E3CE52AE5BB3EC2C562C277570CAA8426918D376231782DA4976030A3887090846756E80B8F0CFE40EC286E6E3219A0B372A9B2F709598EC22D38EE361B9B1E95594D09608BAAD85B64C04FF26402AA41A49EB7315A58809A09ADAF7A9F0DEC06883CB24AD6DBF2BD0A97656605A4376AB3B18639885691172305BA1979E8FC0420B1FD14A1A45E99EE786A55762AD1B12FDBE97484A8B56AE48A3A4DF66D0B51E3FC6425B7D7701A2BD34681264E1ECC3A1CB4593993ADE7BA401DE125D3DF1C93B8943A3ADB0EDA8BB74188B1A91B7224443C5482CF239B4C150AF92889C20C8ACA6B4E1579BCB89C17020E697E459111A7B6B8A6376E56631AD23852933C5F27E845CDA350AA15C2F196B42244E0C1CBFCFAE6EF85B1C9DA9EF7E22C5F66E0D528E9CBFFB36F9D1B54492A5CE4E7EB3A9C5FD47667A8FF62E58690AFB7F800AA9493D9B81B770E745D0D5677F93195E1B829EF7B0F5A4E84AD8861B9CA6537274D11D29F0274927E337D8FD6D8258D9C278B7E313856F94B93DF3FCB9AA4A7DA43D4C62242DB9DBB57293B72F9599BC8494DE936556C6BDD403D5992AC2AEA730506A843E6B448E8756FB08374BA4280C7A0021E11E18ACB4BD7E04F609C1650E247E87D599406DBE4FB402041E9DCEAE09DCA9934AB48600D4B16FCE1479A4F0BF9059A3477373665B4F2D63452EA5E7BCE9EDE911816A82A8A3F89335E6BDB1A7B2A9CB496E7E9EDB479348B273AB52CE91D4A206FFC5F8688577F2B0B155C1987FA2516749052D89FECB2DC9BF97014C1E9CB228E9F77B4996D696C167D7D4C877CB8B564CCC89F56CDDB867D7DA320642275800A317E45AD0ADD0B89132CD6228F60A2AD2397F7B8BD7D554C790696EEF5976CF1E6E906DED1AB94AE5E76C9777B939422139762202BF18E21A58FA681BFE8E5D86E09CB3EB821B512F89EACB550F9368BD8297EE4DF69C022DBA00658C1D6C2D5A8D7EBFF0A5D662436247F7146332E2582D3FBE2FB6FB1D9B42F4108987B0FBB6B1139B5424ED923729782DFCD38592AC0BBB02C76D0B6A982E1B11116C7132632D08BA79A4100ADFFC5F10D634B453AB2137EBCD075888FA1AFC924116753847570DE375A38A4FA3E8A402D9384E286E811AB0CAD5C9EFEAE5419B833CB9D91ECF +20140128083705 2 6 100 7669 2 3EBBC157E30944F37FBBA2C1557F183EA5F1B56A337B7CF3D473DAF0C433A574BE6AD0AC0575D46837D24AFC69B59B734656E2EC48BAC56A7C0F4BC55E31DB777DAE179AF31851987319FD0ACA05D7D77D3201FC21E058D2E3DB8DCC370FCADB86FAA3682141D834718F91CFDB22B6573DA5221F7FF2E847FB27A74B3A149ADA43D4F2CFAC22E3CE52AE5BB3EC2C562C277570CAA8426918D376231782DA4976030A3887090846756E80B8F0CFE40EC286E6E3219A0B372A9B2F709598EC22D38EE361B9B1E95594D09608BAAD85B64C04FF26402AA41A49EB7315A58809A09ADAF7A9F0DEC06883CB24AD6DBF2BD0A97656605A4376AB3B18639885691172305BA1979E8FC0420B1FD14A1A45E99EE786A55762AD1B12FDBE97484A8B56AE48A3A4DF66D0B51E3FC6425B7D7701A2BD34681264E1ECC3A1CB4593993ADE7BA401DE125D3DF1C93B8943A3ADB0EDA8BB74188B1A91B7224443C5482CF239B4C150AF92889C20C8ACA6B4E1579BCB89C17020E697E459111A7B6B8A6376E56631AD23852933C5F27E845CDA350AA15C2F196B42244E0C1CBFCFAE6EF85B1C9DA9EF7E22C5F66E0D528E9CBFFB36F9D1B54492A5CE4E7EB3A9C5FD47667A8FF62E58690AFB7F800AA9493D9B81B770E745D0D5677F93195E1B829EF7B0F5A4E84AD8861B9CA6537274D11D29F0274927E337D8FD6D8258D9C278B7E313856F94B93DF3FCB9AA4A7DA43D4C62242DB9DBB57293B72F9599BC8494DE936556C6BDD403D5992AC2AEA730506A843E6B448E8756FB08374BA4280C7A0021E11E18ACB4BD7E04F609C1650E247E87D599406DBE4FB402041E9DCEAE09DCA9934AB48600D4B16FCE1479A4F0BF9059A3477373665B4F2D63452EA5E7BCE9EDE911816A82A8A3F89335E6BDB1A7B2A9CB496E7E9EDB479348B273AB52CE91D4A206FFC5F8688577F2B0B155C1987FA2516749052D89FECB2DC9BF97014C1E9CB228E9F77B4996D696C167D7D4C877CB8B564CCC89F56CDDB867D7DA320642275800A317E45AD0ADD0B89132CD6228F60A2AD2397F7B8BD7D554C790696EEF5976CF1E6E906DED1AB94AE5E76C9777B939422139762202BF18E21A58FA681BFE8E5D86E09CB3EB821B512F89EACB550F9368BD8297EE4DF69C022DBA00658C1D6C2D5A8D7EBFF0A5D662436247F7146332E2582D3FBE2FB6FB1D9B42F4108987B0FBB6B1139B5424ED923729782DFCD38592AC0BBB02C76D0B6A982E1B11116C7132632D08BA79A4100ADFFC5F10D634B453AB2137EBCD075888FA1AFC924116753847570DE375A38A4FA3E8A402D9384E286E811AB0CAD5C9EFEAE5419B833CBAF67C3B +20140128090727 2 6 100 7669 2 3EBBC157E30944F37FBBA2C1557F183EA5F1B56A337B7CF3D473DAF0C433A574BE6AD0AC0575D46837D24AFC69B59B734656E2EC48BAC56A7C0F4BC55E31DB777DAE179AF31851987319FD0ACA05D7D77D3201FC21E058D2E3DB8DCC370FCADB86FAA3682141D834718F91CFDB22B6573DA5221F7FF2E847FB27A74B3A149ADA43D4F2CFAC22E3CE52AE5BB3EC2C562C277570CAA8426918D376231782DA4976030A3887090846756E80B8F0CFE40EC286E6E3219A0B372A9B2F709598EC22D38EE361B9B1E95594D09608BAAD85B64C04FF26402AA41A49EB7315A58809A09ADAF7A9F0DEC06883CB24AD6DBF2BD0A97656605A4376AB3B18639885691172305BA1979E8FC0420B1FD14A1A45E99EE786A55762AD1B12FDBE97484A8B56AE48A3A4DF66D0B51E3FC6425B7D7701A2BD34681264E1ECC3A1CB4593993ADE7BA401DE125D3DF1C93B8943A3ADB0EDA8BB74188B1A91B7224443C5482CF239B4C150AF92889C20C8ACA6B4E1579BCB89C17020E697E459111A7B6B8A6376E56631AD23852933C5F27E845CDA350AA15C2F196B42244E0C1CBFCFAE6EF85B1C9DA9EF7E22C5F66E0D528E9CBFFB36F9D1B54492A5CE4E7EB3A9C5FD47667A8FF62E58690AFB7F800AA9493D9B81B770E745D0D5677F93195E1B829EF7B0F5A4E84AD8861B9CA6537274D11D29F0274927E337D8FD6D8258D9C278B7E313856F94B93DF3FCB9AA4A7DA43D4C62242DB9DBB57293B72F9599BC8494DE936556C6BDD403D5992AC2AEA730506A843E6B448E8756FB08374BA4280C7A0021E11E18ACB4BD7E04F609C1650E247E87D599406DBE4FB402041E9DCEAE09DCA9934AB48600D4B16FCE1479A4F0BF9059A3477373665B4F2D63452EA5E7BCE9EDE911816A82A8A3F89335E6BDB1A7B2A9CB496E7E9EDB479348B273AB52CE91D4A206FFC5F8688577F2B0B155C1987FA2516749052D89FECB2DC9BF97014C1E9CB228E9F77B4996D696C167D7D4C877CB8B564CCC89F56CDDB867D7DA320642275800A317E45AD0ADD0B89132CD6228F60A2AD2397F7B8BD7D554C790696EEF5976CF1E6E906DED1AB94AE5E76C9777B939422139762202BF18E21A58FA681BFE8E5D86E09CB3EB821B512F89EACB550F9368BD8297EE4DF69C022DBA00658C1D6C2D5A8D7EBFF0A5D662436247F7146332E2582D3FBE2FB6FB1D9B42F4108987B0FBB6B1139B5424ED923729782DFCD38592AC0BBB02C76D0B6A982E1B11116C7132632D08BA79A4100ADFFC5F10D634B453AB2137EBCD075888FA1AFC924116753847570DE375A38A4FA3E8A402D9384E286E811AB0CAD5C9EFEAE5419B833CBC6A316B +20140128094023 2 6 100 7669 5 3EBBC157E30944F37FBBA2C1557F183EA5F1B56A337B7CF3D473DAF0C433A574BE6AD0AC0575D46837D24AFC69B59B734656E2EC48BAC56A7C0F4BC55E31DB777DAE179AF31851987319FD0ACA05D7D77D3201FC21E058D2E3DB8DCC370FCADB86FAA3682141D834718F91CFDB22B6573DA5221F7FF2E847FB27A74B3A149ADA43D4F2CFAC22E3CE52AE5BB3EC2C562C277570CAA8426918D376231782DA4976030A3887090846756E80B8F0CFE40EC286E6E3219A0B372A9B2F709598EC22D38EE361B9B1E95594D09608BAAD85B64C04FF26402AA41A49EB7315A58809A09ADAF7A9F0DEC06883CB24AD6DBF2BD0A97656605A4376AB3B18639885691172305BA1979E8FC0420B1FD14A1A45E99EE786A55762AD1B12FDBE97484A8B56AE48A3A4DF66D0B51E3FC6425B7D7701A2BD34681264E1ECC3A1CB4593993ADE7BA401DE125D3DF1C93B8943A3ADB0EDA8BB74188B1A91B7224443C5482CF239B4C150AF92889C20C8ACA6B4E1579BCB89C17020E697E459111A7B6B8A6376E56631AD23852933C5F27E845CDA350AA15C2F196B42244E0C1CBFCFAE6EF85B1C9DA9EF7E22C5F66E0D528E9CBFFB36F9D1B54492A5CE4E7EB3A9C5FD47667A8FF62E58690AFB7F800AA9493D9B81B770E745D0D5677F93195E1B829EF7B0F5A4E84AD8861B9CA6537274D11D29F0274927E337D8FD6D8258D9C278B7E313856F94B93DF3FCB9AA4A7DA43D4C62242DB9DBB57293B72F9599BC8494DE936556C6BDD403D5992AC2AEA730506A843E6B448E8756FB08374BA4280C7A0021E11E18ACB4BD7E04F609C1650E247E87D599406DBE4FB402041E9DCEAE09DCA9934AB48600D4B16FCE1479A4F0BF9059A3477373665B4F2D63452EA5E7BCE9EDE911816A82A8A3F89335E6BDB1A7B2A9CB496E7E9EDB479348B273AB52CE91D4A206FFC5F8688577F2B0B155C1987FA2516749052D89FECB2DC9BF97014C1E9CB228E9F77B4996D696C167D7D4C877CB8B564CCC89F56CDDB867D7DA320642275800A317E45AD0ADD0B89132CD6228F60A2AD2397F7B8BD7D554C790696EEF5976CF1E6E906DED1AB94AE5E76C9777B939422139762202BF18E21A58FA681BFE8E5D86E09CB3EB821B512F89EACB550F9368BD8297EE4DF69C022DBA00658C1D6C2D5A8D7EBFF0A5D662436247F7146332E2582D3FBE2FB6FB1D9B42F4108987B0FBB6B1139B5424ED923729782DFCD38592AC0BBB02C76D0B6A982E1B11116C7132632D08BA79A4100ADFFC5F10D634B453AB2137EBCD075888FA1AFC924116753847570DE375A38A4FA3E8A402D9384E286E811AB0CAD5C9EFEAE5419B833CBDE9DE37 +20140128115717 2 6 100 7669 2 3EBBC157E30944F37FBBA2C1557F183EA5F1B56A337B7CF3D473DAF0C433A574BE6AD0AC0575D46837D24AFC69B59B734656E2EC48BAC56A7C0F4BC55E31DB777DAE179AF31851987319FD0ACA05D7D77D3201FC21E058D2E3DB8DCC370FCADB86FAA3682141D834718F91CFDB22B6573DA5221F7FF2E847FB27A74B3A149ADA43D4F2CFAC22E3CE52AE5BB3EC2C562C277570CAA8426918D376231782DA4976030A3887090846756E80B8F0CFE40EC286E6E3219A0B372A9B2F709598EC22D38EE361B9B1E95594D09608BAAD85B64C04FF26402AA41A49EB7315A58809A09ADAF7A9F0DEC06883CB24AD6DBF2BD0A97656605A4376AB3B18639885691172305BA1979E8FC0420B1FD14A1A45E99EE786A55762AD1B12FDBE97484A8B56AE48A3A4DF66D0B51E3FC6425B7D7701A2BD34681264E1ECC3A1CB4593993ADE7BA401DE125D3DF1C93B8943A3ADB0EDA8BB74188B1A91B7224443C5482CF239B4C150AF92889C20C8ACA6B4E1579BCB89C17020E697E459111A7B6B8A6376E56631AD23852933C5F27E845CDA350AA15C2F196B42244E0C1CBFCFAE6EF85B1C9DA9EF7E22C5F66E0D528E9CBFFB36F9D1B54492A5CE4E7EB3A9C5FD47667A8FF62E58690AFB7F800AA9493D9B81B770E745D0D5677F93195E1B829EF7B0F5A4E84AD8861B9CA6537274D11D29F0274927E337D8FD6D8258D9C278B7E313856F94B93DF3FCB9AA4A7DA43D4C62242DB9DBB57293B72F9599BC8494DE936556C6BDD403D5992AC2AEA730506A843E6B448E8756FB08374BA4280C7A0021E11E18ACB4BD7E04F609C1650E247E87D599406DBE4FB402041E9DCEAE09DCA9934AB48600D4B16FCE1479A4F0BF9059A3477373665B4F2D63452EA5E7BCE9EDE911816A82A8A3F89335E6BDB1A7B2A9CB496E7E9EDB479348B273AB52CE91D4A206FFC5F8688577F2B0B155C1987FA2516749052D89FECB2DC9BF97014C1E9CB228E9F77B4996D696C167D7D4C877CB8B564CCC89F56CDDB867D7DA320642275800A317E45AD0ADD0B89132CD6228F60A2AD2397F7B8BD7D554C790696EEF5976CF1E6E906DED1AB94AE5E76C9777B939422139762202BF18E21A58FA681BFE8E5D86E09CB3EB821B512F89EACB550F9368BD8297EE4DF69C022DBA00658C1D6C2D5A8D7EBFF0A5D662436247F7146332E2582D3FBE2FB6FB1D9B42F4108987B0FBB6B1139B5424ED923729782DFCD38592AC0BBB02C76D0B6A982E1B11116C7132632D08BA79A4100ADFFC5F10D634B453AB2137EBCD075888FA1AFC924116753847570DE375A38A4FA3E8A402D9384E286E811AB0CAD5C9EFEAE5419B833CC44B3BF3 +20140128145631 2 6 100 7669 2 3EBBC157E30944F37FBBA2C1557F183EA5F1B56A337B7CF3D473DAF0C433A574BE6AD0AC0575D46837D24AFC69B59B734656E2EC48BAC56A7C0F4BC55E31DB777DAE179AF31851987319FD0ACA05D7D77D3201FC21E058D2E3DB8DCC370FCADB86FAA3682141D834718F91CFDB22B6573DA5221F7FF2E847FB27A74B3A149ADA43D4F2CFAC22E3CE52AE5BB3EC2C562C277570CAA8426918D376231782DA4976030A3887090846756E80B8F0CFE40EC286E6E3219A0B372A9B2F709598EC22D38EE361B9B1E95594D09608BAAD85B64C04FF26402AA41A49EB7315A58809A09ADAF7A9F0DEC06883CB24AD6DBF2BD0A97656605A4376AB3B18639885691172305BA1979E8FC0420B1FD14A1A45E99EE786A55762AD1B12FDBE97484A8B56AE48A3A4DF66D0B51E3FC6425B7D7701A2BD34681264E1ECC3A1CB4593993ADE7BA401DE125D3DF1C93B8943A3ADB0EDA8BB74188B1A91B7224443C5482CF239B4C150AF92889C20C8ACA6B4E1579BCB89C17020E697E459111A7B6B8A6376E56631AD23852933C5F27E845CDA350AA15C2F196B42244E0C1CBFCFAE6EF85B1C9DA9EF7E22C5F66E0D528E9CBFFB36F9D1B54492A5CE4E7EB3A9C5FD47667A8FF62E58690AFB7F800AA9493D9B81B770E745D0D5677F93195E1B829EF7B0F5A4E84AD8861B9CA6537274D11D29F0274927E337D8FD6D8258D9C278B7E313856F94B93DF3FCB9AA4A7DA43D4C62242DB9DBB57293B72F9599BC8494DE936556C6BDD403D5992AC2AEA730506A843E6B448E8756FB08374BA4280C7A0021E11E18ACB4BD7E04F609C1650E247E87D599406DBE4FB402041E9DCEAE09DCA9934AB48600D4B16FCE1479A4F0BF9059A3477373665B4F2D63452EA5E7BCE9EDE911816A82A8A3F89335E6BDB1A7B2A9CB496E7E9EDB479348B273AB52CE91D4A206FFC5F8688577F2B0B155C1987FA2516749052D89FECB2DC9BF97014C1E9CB228E9F77B4996D696C167D7D4C877CB8B564CCC89F56CDDB867D7DA320642275800A317E45AD0ADD0B89132CD6228F60A2AD2397F7B8BD7D554C790696EEF5976CF1E6E906DED1AB94AE5E76C9777B939422139762202BF18E21A58FA681BFE8E5D86E09CB3EB821B512F89EACB550F9368BD8297EE4DF69C022DBA00658C1D6C2D5A8D7EBFF0A5D662436247F7146332E2582D3FBE2FB6FB1D9B42F4108987B0FBB6B1139B5424ED923729782DFCD38592AC0BBB02C76D0B6A982E1B11116C7132632D08BA79A4100ADFFC5F10D634B453AB2137EBCD075888FA1AFC924116753847570DE375A38A4FA3E8A402D9384E286E811AB0CAD5C9EFEAE5419B833CCC3477DB +20140128154502 2 6 100 7669 5 3EBBC157E30944F37FBBA2C1557F183EA5F1B56A337B7CF3D473DAF0C433A574BE6AD0AC0575D46837D24AFC69B59B734656E2EC48BAC56A7C0F4BC55E31DB777DAE179AF31851987319FD0ACA05D7D77D3201FC21E058D2E3DB8DCC370FCADB86FAA3682141D834718F91CFDB22B6573DA5221F7FF2E847FB27A74B3A149ADA43D4F2CFAC22E3CE52AE5BB3EC2C562C277570CAA8426918D376231782DA4976030A3887090846756E80B8F0CFE40EC286E6E3219A0B372A9B2F709598EC22D38EE361B9B1E95594D09608BAAD85B64C04FF26402AA41A49EB7315A58809A09ADAF7A9F0DEC06883CB24AD6DBF2BD0A97656605A4376AB3B18639885691172305BA1979E8FC0420B1FD14A1A45E99EE786A55762AD1B12FDBE97484A8B56AE48A3A4DF66D0B51E3FC6425B7D7701A2BD34681264E1ECC3A1CB4593993ADE7BA401DE125D3DF1C93B8943A3ADB0EDA8BB74188B1A91B7224443C5482CF239B4C150AF92889C20C8ACA6B4E1579BCB89C17020E697E459111A7B6B8A6376E56631AD23852933C5F27E845CDA350AA15C2F196B42244E0C1CBFCFAE6EF85B1C9DA9EF7E22C5F66E0D528E9CBFFB36F9D1B54492A5CE4E7EB3A9C5FD47667A8FF62E58690AFB7F800AA9493D9B81B770E745D0D5677F93195E1B829EF7B0F5A4E84AD8861B9CA6537274D11D29F0274927E337D8FD6D8258D9C278B7E313856F94B93DF3FCB9AA4A7DA43D4C62242DB9DBB57293B72F9599BC8494DE936556C6BDD403D5992AC2AEA730506A843E6B448E8756FB08374BA4280C7A0021E11E18ACB4BD7E04F609C1650E247E87D599406DBE4FB402041E9DCEAE09DCA9934AB48600D4B16FCE1479A4F0BF9059A3477373665B4F2D63452EA5E7BCE9EDE911816A82A8A3F89335E6BDB1A7B2A9CB496E7E9EDB479348B273AB52CE91D4A206FFC5F8688577F2B0B155C1987FA2516749052D89FECB2DC9BF97014C1E9CB228E9F77B4996D696C167D7D4C877CB8B564CCC89F56CDDB867D7DA320642275800A317E45AD0ADD0B89132CD6228F60A2AD2397F7B8BD7D554C790696EEF5976CF1E6E906DED1AB94AE5E76C9777B939422139762202BF18E21A58FA681BFE8E5D86E09CB3EB821B512F89EACB550F9368BD8297EE4DF69C022DBA00658C1D6C2D5A8D7EBFF0A5D662436247F7146332E2582D3FBE2FB6FB1D9B42F4108987B0FBB6B1139B5424ED923729782DFCD38592AC0BBB02C76D0B6A982E1B11116C7132632D08BA79A4100ADFFC5F10D634B453AB2137EBCD075888FA1AFC924116753847570DE375A38A4FA3E8A402D9384E286E811AB0CAD5C9EFEAE5419B833CCE62734F +20140128160200 2 6 100 7669 2 3EBBC157E30944F37FBBA2C1557F183EA5F1B56A337B7CF3D473DAF0C433A574BE6AD0AC0575D46837D24AFC69B59B734656E2EC48BAC56A7C0F4BC55E31DB777DAE179AF31851987319FD0ACA05D7D77D3201FC21E058D2E3DB8DCC370FCADB86FAA3682141D834718F91CFDB22B6573DA5221F7FF2E847FB27A74B3A149ADA43D4F2CFAC22E3CE52AE5BB3EC2C562C277570CAA8426918D376231782DA4976030A3887090846756E80B8F0CFE40EC286E6E3219A0B372A9B2F709598EC22D38EE361B9B1E95594D09608BAAD85B64C04FF26402AA41A49EB7315A58809A09ADAF7A9F0DEC06883CB24AD6DBF2BD0A97656605A4376AB3B18639885691172305BA1979E8FC0420B1FD14A1A45E99EE786A55762AD1B12FDBE97484A8B56AE48A3A4DF66D0B51E3FC6425B7D7701A2BD34681264E1ECC3A1CB4593993ADE7BA401DE125D3DF1C93B8943A3ADB0EDA8BB74188B1A91B7224443C5482CF239B4C150AF92889C20C8ACA6B4E1579BCB89C17020E697E459111A7B6B8A6376E56631AD23852933C5F27E845CDA350AA15C2F196B42244E0C1CBFCFAE6EF85B1C9DA9EF7E22C5F66E0D528E9CBFFB36F9D1B54492A5CE4E7EB3A9C5FD47667A8FF62E58690AFB7F800AA9493D9B81B770E745D0D5677F93195E1B829EF7B0F5A4E84AD8861B9CA6537274D11D29F0274927E337D8FD6D8258D9C278B7E313856F94B93DF3FCB9AA4A7DA43D4C62242DB9DBB57293B72F9599BC8494DE936556C6BDD403D5992AC2AEA730506A843E6B448E8756FB08374BA4280C7A0021E11E18ACB4BD7E04F609C1650E247E87D599406DBE4FB402041E9DCEAE09DCA9934AB48600D4B16FCE1479A4F0BF9059A3477373665B4F2D63452EA5E7BCE9EDE911816A82A8A3F89335E6BDB1A7B2A9CB496E7E9EDB479348B273AB52CE91D4A206FFC5F8688577F2B0B155C1987FA2516749052D89FECB2DC9BF97014C1E9CB228E9F77B4996D696C167D7D4C877CB8B564CCC89F56CDDB867D7DA320642275800A317E45AD0ADD0B89132CD6228F60A2AD2397F7B8BD7D554C790696EEF5976CF1E6E906DED1AB94AE5E76C9777B939422139762202BF18E21A58FA681BFE8E5D86E09CB3EB821B512F89EACB550F9368BD8297EE4DF69C022DBA00658C1D6C2D5A8D7EBFF0A5D662436247F7146332E2582D3FBE2FB6FB1D9B42F4108987B0FBB6B1139B5424ED923729782DFCD38592AC0BBB02C76D0B6A982E1B11116C7132632D08BA79A4100ADFFC5F10D634B453AB2137EBCD075888FA1AFC924116753847570DE375A38A4FA3E8A402D9384E286E811AB0CAD5C9EFEAE5419B833CCF2D50A3 +20140128162142 2 6 100 7669 2 3EBBC157E30944F37FBBA2C1557F183EA5F1B56A337B7CF3D473DAF0C433A574BE6AD0AC0575D46837D24AFC69B59B734656E2EC48BAC56A7C0F4BC55E31DB777DAE179AF31851987319FD0ACA05D7D77D3201FC21E058D2E3DB8DCC370FCADB86FAA3682141D834718F91CFDB22B6573DA5221F7FF2E847FB27A74B3A149ADA43D4F2CFAC22E3CE52AE5BB3EC2C562C277570CAA8426918D376231782DA4976030A3887090846756E80B8F0CFE40EC286E6E3219A0B372A9B2F709598EC22D38EE361B9B1E95594D09608BAAD85B64C04FF26402AA41A49EB7315A58809A09ADAF7A9F0DEC06883CB24AD6DBF2BD0A97656605A4376AB3B18639885691172305BA1979E8FC0420B1FD14A1A45E99EE786A55762AD1B12FDBE97484A8B56AE48A3A4DF66D0B51E3FC6425B7D7701A2BD34681264E1ECC3A1CB4593993ADE7BA401DE125D3DF1C93B8943A3ADB0EDA8BB74188B1A91B7224443C5482CF239B4C150AF92889C20C8ACA6B4E1579BCB89C17020E697E459111A7B6B8A6376E56631AD23852933C5F27E845CDA350AA15C2F196B42244E0C1CBFCFAE6EF85B1C9DA9EF7E22C5F66E0D528E9CBFFB36F9D1B54492A5CE4E7EB3A9C5FD47667A8FF62E58690AFB7F800AA9493D9B81B770E745D0D5677F93195E1B829EF7B0F5A4E84AD8861B9CA6537274D11D29F0274927E337D8FD6D8258D9C278B7E313856F94B93DF3FCB9AA4A7DA43D4C62242DB9DBB57293B72F9599BC8494DE936556C6BDD403D5992AC2AEA730506A843E6B448E8756FB08374BA4280C7A0021E11E18ACB4BD7E04F609C1650E247E87D599406DBE4FB402041E9DCEAE09DCA9934AB48600D4B16FCE1479A4F0BF9059A3477373665B4F2D63452EA5E7BCE9EDE911816A82A8A3F89335E6BDB1A7B2A9CB496E7E9EDB479348B273AB52CE91D4A206FFC5F8688577F2B0B155C1987FA2516749052D89FECB2DC9BF97014C1E9CB228E9F77B4996D696C167D7D4C877CB8B564CCC89F56CDDB867D7DA320642275800A317E45AD0ADD0B89132CD6228F60A2AD2397F7B8BD7D554C790696EEF5976CF1E6E906DED1AB94AE5E76C9777B939422139762202BF18E21A58FA681BFE8E5D86E09CB3EB821B512F89EACB550F9368BD8297EE4DF69C022DBA00658C1D6C2D5A8D7EBFF0A5D662436247F7146332E2582D3FBE2FB6FB1D9B42F4108987B0FBB6B1139B5424ED923729782DFCD38592AC0BBB02C76D0B6A982E1B11116C7132632D08BA79A4100ADFFC5F10D634B453AB2137EBCD075888FA1AFC924116753847570DE375A38A4FA3E8A402D9384E286E811AB0CAD5C9EFEAE5419B833CD01657BB +20140128165549 2 6 100 7669 5 3EBBC157E30944F37FBBA2C1557F183EA5F1B56A337B7CF3D473DAF0C433A574BE6AD0AC0575D46837D24AFC69B59B734656E2EC48BAC56A7C0F4BC55E31DB777DAE179AF31851987319FD0ACA05D7D77D3201FC21E058D2E3DB8DCC370FCADB86FAA3682141D834718F91CFDB22B6573DA5221F7FF2E847FB27A74B3A149ADA43D4F2CFAC22E3CE52AE5BB3EC2C562C277570CAA8426918D376231782DA4976030A3887090846756E80B8F0CFE40EC286E6E3219A0B372A9B2F709598EC22D38EE361B9B1E95594D09608BAAD85B64C04FF26402AA41A49EB7315A58809A09ADAF7A9F0DEC06883CB24AD6DBF2BD0A97656605A4376AB3B18639885691172305BA1979E8FC0420B1FD14A1A45E99EE786A55762AD1B12FDBE97484A8B56AE48A3A4DF66D0B51E3FC6425B7D7701A2BD34681264E1ECC3A1CB4593993ADE7BA401DE125D3DF1C93B8943A3ADB0EDA8BB74188B1A91B7224443C5482CF239B4C150AF92889C20C8ACA6B4E1579BCB89C17020E697E459111A7B6B8A6376E56631AD23852933C5F27E845CDA350AA15C2F196B42244E0C1CBFCFAE6EF85B1C9DA9EF7E22C5F66E0D528E9CBFFB36F9D1B54492A5CE4E7EB3A9C5FD47667A8FF62E58690AFB7F800AA9493D9B81B770E745D0D5677F93195E1B829EF7B0F5A4E84AD8861B9CA6537274D11D29F0274927E337D8FD6D8258D9C278B7E313856F94B93DF3FCB9AA4A7DA43D4C62242DB9DBB57293B72F9599BC8494DE936556C6BDD403D5992AC2AEA730506A843E6B448E8756FB08374BA4280C7A0021E11E18ACB4BD7E04F609C1650E247E87D599406DBE4FB402041E9DCEAE09DCA9934AB48600D4B16FCE1479A4F0BF9059A3477373665B4F2D63452EA5E7BCE9EDE911816A82A8A3F89335E6BDB1A7B2A9CB496E7E9EDB479348B273AB52CE91D4A206FFC5F8688577F2B0B155C1987FA2516749052D89FECB2DC9BF97014C1E9CB228E9F77B4996D696C167D7D4C877CB8B564CCC89F56CDDB867D7DA320642275800A317E45AD0ADD0B89132CD6228F60A2AD2397F7B8BD7D554C790696EEF5976CF1E6E906DED1AB94AE5E76C9777B939422139762202BF18E21A58FA681BFE8E5D86E09CB3EB821B512F89EACB550F9368BD8297EE4DF69C022DBA00658C1D6C2D5A8D7EBFF0A5D662436247F7146332E2582D3FBE2FB6FB1D9B42F4108987B0FBB6B1139B5424ED923729782DFCD38592AC0BBB02C76D0B6A982E1B11116C7132632D08BA79A4100ADFFC5F10D634B453AB2137EBCD075888FA1AFC924116753847570DE375A38A4FA3E8A402D9384E286E811AB0CAD5C9EFEAE5419B833CD1BA1327 +20140128213518 2 6 100 7669 2 3EBBC157E30944F37FBBA2C1557F183EA5F1B56A337B7CF3D473DAF0C433A574BE6AD0AC0575D46837D24AFC69B59B734656E2EC48BAC56A7C0F4BC55E31DB777DAE179AF31851987319FD0ACA05D7D77D3201FC21E058D2E3DB8DCC370FCADB86FAA3682141D834718F91CFDB22B6573DA5221F7FF2E847FB27A74B3A149ADA43D4F2CFAC22E3CE52AE5BB3EC2C562C277570CAA8426918D376231782DA4976030A3887090846756E80B8F0CFE40EC286E6E3219A0B372A9B2F709598EC22D38EE361B9B1E95594D09608BAAD85B64C04FF26402AA41A49EB7315A58809A09ADAF7A9F0DEC06883CB24AD6DBF2BD0A97656605A4376AB3B18639885691172305BA1979E8FC0420B1FD14A1A45E99EE786A55762AD1B12FDBE97484A8B56AE48A3A4DF66D0B51E3FC6425B7D7701A2BD34681264E1ECC3A1CB4593993ADE7BA401DE125D3DF1C93B8943A3ADB0EDA8BB74188B1A91B7224443C5482CF239B4C150AF92889C20C8ACA6B4E1579BCB89C17020E697E459111A7B6B8A6376E56631AD23852933C5F27E845CDA350AA15C2F196B42244E0C1CBFCFAE6EF85B1C9DA9EF7E22C5F66E0D528E9CBFFB36F9D1B54492A5CE4E7EB3A9C5FD47667A8FF62E58690AFB7F800AA9493D9B81B770E745D0D5677F93195E1B829EF7B0F5A4E84AD8861B9CA6537274D11D29F0274927E337D8FD6D8258D9C278B7E313856F94B93DF3FCB9AA4A7DA43D4C62242DB9DBB57293B72F9599BC8494DE936556C6BDD403D5992AC2AEA730506A843E6B448E8756FB08374BA4280C7A0021E11E18ACB4BD7E04F609C1650E247E87D599406DBE4FB402041E9DCEAE09DCA9934AB48600D4B16FCE1479A4F0BF9059A3477373665B4F2D63452EA5E7BCE9EDE911816A82A8A3F89335E6BDB1A7B2A9CB496E7E9EDB479348B273AB52CE91D4A206FFC5F8688577F2B0B155C1987FA2516749052D89FECB2DC9BF97014C1E9CB228E9F77B4996D696C167D7D4C877CB8B564CCC89F56CDDB867D7DA320642275800A317E45AD0ADD0B89132CD6228F60A2AD2397F7B8BD7D554C790696EEF5976CF1E6E906DED1AB94AE5E76C9777B939422139762202BF18E21A58FA681BFE8E5D86E09CB3EB821B512F89EACB550F9368BD8297EE4DF69C022DBA00658C1D6C2D5A8D7EBFF0A5D662436247F7146332E2582D3FBE2FB6FB1D9B42F4108987B0FBB6B1139B5424ED923729782DFCD38592AC0BBB02C76D0B6A982E1B11116C7132632D08BA79A4100ADFFC5F10D634B453AB2137EBCD075888FA1AFC924116753847570DE375A38A4FA3E8A402D9384E286E811AB0CAD5C9EFEAE5419B833CDE012663 +20140128225939 2 6 100 7669 5 3EBBC157E30944F37FBBA2C1557F183EA5F1B56A337B7CF3D473DAF0C433A574BE6AD0AC0575D46837D24AFC69B59B734656E2EC48BAC56A7C0F4BC55E31DB777DAE179AF31851987319FD0ACA05D7D77D3201FC21E058D2E3DB8DCC370FCADB86FAA3682141D834718F91CFDB22B6573DA5221F7FF2E847FB27A74B3A149ADA43D4F2CFAC22E3CE52AE5BB3EC2C562C277570CAA8426918D376231782DA4976030A3887090846756E80B8F0CFE40EC286E6E3219A0B372A9B2F709598EC22D38EE361B9B1E95594D09608BAAD85B64C04FF26402AA41A49EB7315A58809A09ADAF7A9F0DEC06883CB24AD6DBF2BD0A97656605A4376AB3B18639885691172305BA1979E8FC0420B1FD14A1A45E99EE786A55762AD1B12FDBE97484A8B56AE48A3A4DF66D0B51E3FC6425B7D7701A2BD34681264E1ECC3A1CB4593993ADE7BA401DE125D3DF1C93B8943A3ADB0EDA8BB74188B1A91B7224443C5482CF239B4C150AF92889C20C8ACA6B4E1579BCB89C17020E697E459111A7B6B8A6376E56631AD23852933C5F27E845CDA350AA15C2F196B42244E0C1CBFCFAE6EF85B1C9DA9EF7E22C5F66E0D528E9CBFFB36F9D1B54492A5CE4E7EB3A9C5FD47667A8FF62E58690AFB7F800AA9493D9B81B770E745D0D5677F93195E1B829EF7B0F5A4E84AD8861B9CA6537274D11D29F0274927E337D8FD6D8258D9C278B7E313856F94B93DF3FCB9AA4A7DA43D4C62242DB9DBB57293B72F9599BC8494DE936556C6BDD403D5992AC2AEA730506A843E6B448E8756FB08374BA4280C7A0021E11E18ACB4BD7E04F609C1650E247E87D599406DBE4FB402041E9DCEAE09DCA9934AB48600D4B16FCE1479A4F0BF9059A3477373665B4F2D63452EA5E7BCE9EDE911816A82A8A3F89335E6BDB1A7B2A9CB496E7E9EDB479348B273AB52CE91D4A206FFC5F8688577F2B0B155C1987FA2516749052D89FECB2DC9BF97014C1E9CB228E9F77B4996D696C167D7D4C877CB8B564CCC89F56CDDB867D7DA320642275800A317E45AD0ADD0B89132CD6228F60A2AD2397F7B8BD7D554C790696EEF5976CF1E6E906DED1AB94AE5E76C9777B939422139762202BF18E21A58FA681BFE8E5D86E09CB3EB821B512F89EACB550F9368BD8297EE4DF69C022DBA00658C1D6C2D5A8D7EBFF0A5D662436247F7146332E2582D3FBE2FB6FB1D9B42F4108987B0FBB6B1139B5424ED923729782DFCD38592AC0BBB02C76D0B6A982E1B11116C7132632D08BA79A4100ADFFC5F10D634B453AB2137EBCD075888FA1AFC924116753847570DE375A38A4FA3E8A402D9384E286E811AB0CAD5C9EFEAE5419B833CE1FB1EDF +20140128234252 2 6 100 7669 2 3EBBC157E30944F37FBBA2C1557F183EA5F1B56A337B7CF3D473DAF0C433A574BE6AD0AC0575D46837D24AFC69B59B734656E2EC48BAC56A7C0F4BC55E31DB777DAE179AF31851987319FD0ACA05D7D77D3201FC21E058D2E3DB8DCC370FCADB86FAA3682141D834718F91CFDB22B6573DA5221F7FF2E847FB27A74B3A149ADA43D4F2CFAC22E3CE52AE5BB3EC2C562C277570CAA8426918D376231782DA4976030A3887090846756E80B8F0CFE40EC286E6E3219A0B372A9B2F709598EC22D38EE361B9B1E95594D09608BAAD85B64C04FF26402AA41A49EB7315A58809A09ADAF7A9F0DEC06883CB24AD6DBF2BD0A97656605A4376AB3B18639885691172305BA1979E8FC0420B1FD14A1A45E99EE786A55762AD1B12FDBE97484A8B56AE48A3A4DF66D0B51E3FC6425B7D7701A2BD34681264E1ECC3A1CB4593993ADE7BA401DE125D3DF1C93B8943A3ADB0EDA8BB74188B1A91B7224443C5482CF239B4C150AF92889C20C8ACA6B4E1579BCB89C17020E697E459111A7B6B8A6376E56631AD23852933C5F27E845CDA350AA15C2F196B42244E0C1CBFCFAE6EF85B1C9DA9EF7E22C5F66E0D528E9CBFFB36F9D1B54492A5CE4E7EB3A9C5FD47667A8FF62E58690AFB7F800AA9493D9B81B770E745D0D5677F93195E1B829EF7B0F5A4E84AD8861B9CA6537274D11D29F0274927E337D8FD6D8258D9C278B7E313856F94B93DF3FCB9AA4A7DA43D4C62242DB9DBB57293B72F9599BC8494DE936556C6BDD403D5992AC2AEA730506A843E6B448E8756FB08374BA4280C7A0021E11E18ACB4BD7E04F609C1650E247E87D599406DBE4FB402041E9DCEAE09DCA9934AB48600D4B16FCE1479A4F0BF9059A3477373665B4F2D63452EA5E7BCE9EDE911816A82A8A3F89335E6BDB1A7B2A9CB496E7E9EDB479348B273AB52CE91D4A206FFC5F8688577F2B0B155C1987FA2516749052D89FECB2DC9BF97014C1E9CB228E9F77B4996D696C167D7D4C877CB8B564CCC89F56CDDB867D7DA320642275800A317E45AD0ADD0B89132CD6228F60A2AD2397F7B8BD7D554C790696EEF5976CF1E6E906DED1AB94AE5E76C9777B939422139762202BF18E21A58FA681BFE8E5D86E09CB3EB821B512F89EACB550F9368BD8297EE4DF69C022DBA00658C1D6C2D5A8D7EBFF0A5D662436247F7146332E2582D3FBE2FB6FB1D9B42F4108987B0FBB6B1139B5424ED923729782DFCD38592AC0BBB02C76D0B6A982E1B11116C7132632D08BA79A4100ADFFC5F10D634B453AB2137EBCD075888FA1AFC924116753847570DE375A38A4FA3E8A402D9384E286E811AB0CAD5C9EFEAE5419B833CE4075F03 +20140127152128 2 6 100 8191 2 D3584411656A5311623FF0D234C21F198B128AE78662AB22596F7FDB40C949394BF6CEDA3209BEA8F64DB8F6A39F3DCAA89D3EEA0821F7DA8938F20089CA1C8067BA93163268C7CAE191760CCF8B5FDC0E4168B9986E32CC396B17F69A9EF032BA06AB969DFF1BDA3B8F5A6A8A0592AAEC5B5BB1A604A8C0589DC7DE99C87E992BE1A2F74D817AD5424E8AE14808F09213B1C268A47196E5013D75CAA5F8C76B6B5A951D48D0F8E066360E409D6076D99A3AF7CAB631041B6DD14BBF9C0E0BC39B66542C9D3C7E98C97E3A1C08C25047963D6F5A0D05EB3684B3B5B31379838B1AE1D05677898A3FC986F2D01CD44A25D46AD8D9626774DD8AFE4723987E7B87AFCD1560FA3931A760C8E96C58552A1B6953441F52F4F8A49C0597C9F79B24D9650C4C901A4E862458F6CF8451D445A1A9330C65A0CD00C9254A419BBF72B4C66459B4E50CC2849782FFA6D3C9EEDFE7F7983E94A0499F8AC90F41081BB6756D22713A4D4FC61784410192827AC6ECB043870E593EB71EEDA34BAEC1CCBFB94E746367E19732FCAA22AB9736093BE512D38C293C77C175B977B0590C4D72D8CCD8CC962A77C9AEA280B43BBB7669447AF02539857442AE168E77560184CDCC495D99DECEAE61A72129A44A0A5AE9D7779B157C7F262AF465D2F6DFFD937ED535E6CAF2AF9C9FEC8C499EF734FAE66A075EA63B8DC37C0A8F1E07031C3D9EADA10D3E7ED2B7487A9E35DD5A14A147351BC5AB87AAC28D76B3CEA7CC2EF8C3F783A325C5926E48839087E123CA096623C77ACCD0509D38849D3C3AAF499905065E87F64B5BC390D9763E5FF00B80432C0747AC6753B9439ED5476C486A6B44A2A933533198700168A49C6020BC4ACDC1513604B8EAE7B7920DF6C4A963E93CEB054D5380689DA6F81E0A084C499F28D7623F9634AE2C3FF00CC267DAB9A84EB81F54470923C64852CCD7B39178BF750E9268780F317D0C6F059A401F880CEC81F8E7C502082824E0F7F0673B137DAEE72DB42BD6B72946905E0D0870B1055F0F9514FD85E0C05BA82C7244FA88CD5BFD7EF64A7C29385CE17744C2B8367EB1A9B195492B0B14A2BBC640872890B717F8B13F6AAAB8215721723C8CE036019163F5222CBAFF5DE69D4004545A60207248208C67B5C9E097B2B9EB61CA61E205E8F03AB13F08AB7C85A1BC90E143E82879E39280D825BBA3E5B3E4F61810D6760D702D97EECCDFE68F5643D0263C38D213986082EF1113508C42AE38F29F8E7A80EF785A6C57F9CE8D1F884C63A2551AE2AD80DB3A372D169596ADBFCD27BD44D127CAE086706842FB4F52420D10CD08D472AEDC5B98CD788BCB63D0CE9B04715B355B622D69AD1F5C1215DEE5B0EB8CB47A27A88ED10C5CEF6B462A65F701AF0AD828D41932E23D3E1D7A86083E3554F092D8EF81454B7B60BE78B129011D3EC8CB +20140127170623 2 6 100 8191 5 D3584411656A5311623FF0D234C21F198B128AE78662AB22596F7FDB40C949394BF6CEDA3209BEA8F64DB8F6A39F3DCAA89D3EEA0821F7DA8938F20089CA1C8067BA93163268C7CAE191760CCF8B5FDC0E4168B9986E32CC396B17F69A9EF032BA06AB969DFF1BDA3B8F5A6A8A0592AAEC5B5BB1A604A8C0589DC7DE99C87E992BE1A2F74D817AD5424E8AE14808F09213B1C268A47196E5013D75CAA5F8C76B6B5A951D48D0F8E066360E409D6076D99A3AF7CAB631041B6DD14BBF9C0E0BC39B66542C9D3C7E98C97E3A1C08C25047963D6F5A0D05EB3684B3B5B31379838B1AE1D05677898A3FC986F2D01CD44A25D46AD8D9626774DD8AFE4723987E7B87AFCD1560FA3931A760C8E96C58552A1B6953441F52F4F8A49C0597C9F79B24D9650C4C901A4E862458F6CF8451D445A1A9330C65A0CD00C9254A419BBF72B4C66459B4E50CC2849782FFA6D3C9EEDFE7F7983E94A0499F8AC90F41081BB6756D22713A4D4FC61784410192827AC6ECB043870E593EB71EEDA34BAEC1CCBFB94E746367E19732FCAA22AB9736093BE512D38C293C77C175B977B0590C4D72D8CCD8CC962A77C9AEA280B43BBB7669447AF02539857442AE168E77560184CDCC495D99DECEAE61A72129A44A0A5AE9D7779B157C7F262AF465D2F6DFFD937ED535E6CAF2AF9C9FEC8C499EF734FAE66A075EA63B8DC37C0A8F1E07031C3D9EADA10D3E7ED2B7487A9E35DD5A14A147351BC5AB87AAC28D76B3CEA7CC2EF8C3F783A325C5926E48839087E123CA096623C77ACCD0509D38849D3C3AAF499905065E87F64B5BC390D9763E5FF00B80432C0747AC6753B9439ED5476C486A6B44A2A933533198700168A49C6020BC4ACDC1513604B8EAE7B7920DF6C4A963E93CEB054D5380689DA6F81E0A084C499F28D7623F9634AE2C3FF00CC267DAB9A84EB81F54470923C64852CCD7B39178BF750E9268780F317D0C6F059A401F880CEC81F8E7C502082824E0F7F0673B137DAEE72DB42BD6B72946905E0D0870B1055F0F9514FD85E0C05BA82C7244FA88CD5BFD7EF64A7C29385CE17744C2B8367EB1A9B195492B0B14A2BBC640872890B717F8B13F6AAAB8215721723C8CE036019163F5222CBAFF5DE69D4004545A60207248208C67B5C9E097B2B9EB61CA61E205E8F03AB13F08AB7C85A1BC90E143E82879E39280D825BBA3E5B3E4F61810D6760D702D97EECCDFE68F5643D0263C38D213986082EF1113508C42AE38F29F8E7A80EF785A6C57F9CE8D1F884C63A2551AE2AD80DB3A372D169596ADBFCD27BD44D127CAE086706842FB4F52420D10CD08D472AEDC5B98CD788BCB63D0CE9B04715B355B622D69AD1F5C1215DEE5B0EB8CB47A27A88ED10C5CEF6B462A65F701AF0AD828D41932E23D3E1D7A86083E3554F092D8EF81454B7B60BE78B1290120F9B0F7 +20140127175015 2 6 100 8191 5 D3584411656A5311623FF0D234C21F198B128AE78662AB22596F7FDB40C949394BF6CEDA3209BEA8F64DB8F6A39F3DCAA89D3EEA0821F7DA8938F20089CA1C8067BA93163268C7CAE191760CCF8B5FDC0E4168B9986E32CC396B17F69A9EF032BA06AB969DFF1BDA3B8F5A6A8A0592AAEC5B5BB1A604A8C0589DC7DE99C87E992BE1A2F74D817AD5424E8AE14808F09213B1C268A47196E5013D75CAA5F8C76B6B5A951D48D0F8E066360E409D6076D99A3AF7CAB631041B6DD14BBF9C0E0BC39B66542C9D3C7E98C97E3A1C08C25047963D6F5A0D05EB3684B3B5B31379838B1AE1D05677898A3FC986F2D01CD44A25D46AD8D9626774DD8AFE4723987E7B87AFCD1560FA3931A760C8E96C58552A1B6953441F52F4F8A49C0597C9F79B24D9650C4C901A4E862458F6CF8451D445A1A9330C65A0CD00C9254A419BBF72B4C66459B4E50CC2849782FFA6D3C9EEDFE7F7983E94A0499F8AC90F41081BB6756D22713A4D4FC61784410192827AC6ECB043870E593EB71EEDA34BAEC1CCBFB94E746367E19732FCAA22AB9736093BE512D38C293C77C175B977B0590C4D72D8CCD8CC962A77C9AEA280B43BBB7669447AF02539857442AE168E77560184CDCC495D99DECEAE61A72129A44A0A5AE9D7779B157C7F262AF465D2F6DFFD937ED535E6CAF2AF9C9FEC8C499EF734FAE66A075EA63B8DC37C0A8F1E07031C3D9EADA10D3E7ED2B7487A9E35DD5A14A147351BC5AB87AAC28D76B3CEA7CC2EF8C3F783A325C5926E48839087E123CA096623C77ACCD0509D38849D3C3AAF499905065E87F64B5BC390D9763E5FF00B80432C0747AC6753B9439ED5476C486A6B44A2A933533198700168A49C6020BC4ACDC1513604B8EAE7B7920DF6C4A963E93CEB054D5380689DA6F81E0A084C499F28D7623F9634AE2C3FF00CC267DAB9A84EB81F54470923C64852CCD7B39178BF750E9268780F317D0C6F059A401F880CEC81F8E7C502082824E0F7F0673B137DAEE72DB42BD6B72946905E0D0870B1055F0F9514FD85E0C05BA82C7244FA88CD5BFD7EF64A7C29385CE17744C2B8367EB1A9B195492B0B14A2BBC640872890B717F8B13F6AAAB8215721723C8CE036019163F5222CBAFF5DE69D4004545A60207248208C67B5C9E097B2B9EB61CA61E205E8F03AB13F08AB7C85A1BC90E143E82879E39280D825BBA3E5B3E4F61810D6760D702D97EECCDFE68F5643D0263C38D213986082EF1113508C42AE38F29F8E7A80EF785A6C57F9CE8D1F884C63A2551AE2AD80DB3A372D169596ADBFCD27BD44D127CAE086706842FB4F52420D10CD08D472AEDC5B98CD788BCB63D0CE9B04715B355B622D69AD1F5C1215DEE5B0EB8CB47A27A88ED10C5CEF6B462A65F701AF0AD828D41932E23D3E1D7A86083E3554F092D8EF81454B7B60BE78B1290122A9A1C7 +20140127232007 2 6 100 8191 5 D3584411656A5311623FF0D234C21F198B128AE78662AB22596F7FDB40C949394BF6CEDA3209BEA8F64DB8F6A39F3DCAA89D3EEA0821F7DA8938F20089CA1C8067BA93163268C7CAE191760CCF8B5FDC0E4168B9986E32CC396B17F69A9EF032BA06AB969DFF1BDA3B8F5A6A8A0592AAEC5B5BB1A604A8C0589DC7DE99C87E992BE1A2F74D817AD5424E8AE14808F09213B1C268A47196E5013D75CAA5F8C76B6B5A951D48D0F8E066360E409D6076D99A3AF7CAB631041B6DD14BBF9C0E0BC39B66542C9D3C7E98C97E3A1C08C25047963D6F5A0D05EB3684B3B5B31379838B1AE1D05677898A3FC986F2D01CD44A25D46AD8D9626774DD8AFE4723987E7B87AFCD1560FA3931A760C8E96C58552A1B6953441F52F4F8A49C0597C9F79B24D9650C4C901A4E862458F6CF8451D445A1A9330C65A0CD00C9254A419BBF72B4C66459B4E50CC2849782FFA6D3C9EEDFE7F7983E94A0499F8AC90F41081BB6756D22713A4D4FC61784410192827AC6ECB043870E593EB71EEDA34BAEC1CCBFB94E746367E19732FCAA22AB9736093BE512D38C293C77C175B977B0590C4D72D8CCD8CC962A77C9AEA280B43BBB7669447AF02539857442AE168E77560184CDCC495D99DECEAE61A72129A44A0A5AE9D7779B157C7F262AF465D2F6DFFD937ED535E6CAF2AF9C9FEC8C499EF734FAE66A075EA63B8DC37C0A8F1E07031C3D9EADA10D3E7ED2B7487A9E35DD5A14A147351BC5AB87AAC28D76B3CEA7CC2EF8C3F783A325C5926E48839087E123CA096623C77ACCD0509D38849D3C3AAF499905065E87F64B5BC390D9763E5FF00B80432C0747AC6753B9439ED5476C486A6B44A2A933533198700168A49C6020BC4ACDC1513604B8EAE7B7920DF6C4A963E93CEB054D5380689DA6F81E0A084C499F28D7623F9634AE2C3FF00CC267DAB9A84EB81F54470923C64852CCD7B39178BF750E9268780F317D0C6F059A401F880CEC81F8E7C502082824E0F7F0673B137DAEE72DB42BD6B72946905E0D0870B1055F0F9514FD85E0C05BA82C7244FA88CD5BFD7EF64A7C29385CE17744C2B8367EB1A9B195492B0B14A2BBC640872890B717F8B13F6AAAB8215721723C8CE036019163F5222CBAFF5DE69D4004545A60207248208C67B5C9E097B2B9EB61CA61E205E8F03AB13F08AB7C85A1BC90E143E82879E39280D825BBA3E5B3E4F61810D6760D702D97EECCDFE68F5643D0263C38D213986082EF1113508C42AE38F29F8E7A80EF785A6C57F9CE8D1F884C63A2551AE2AD80DB3A372D169596ADBFCD27BD44D127CAE086706842FB4F52420D10CD08D472AEDC5B98CD788BCB63D0CE9B04715B355B622D69AD1F5C1215DEE5B0EB8CB47A27A88ED10C5CEF6B462A65F701AF0AD828D41932E23D3E1D7A86083E3554F092D8EF81454B7B60BE78B1290128B5120F +20140127233516 2 6 100 8191 5 D3584411656A5311623FF0D234C21F198B128AE78662AB22596F7FDB40C949394BF6CEDA3209BEA8F64DB8F6A39F3DCAA89D3EEA0821F7DA8938F20089CA1C8067BA93163268C7CAE191760CCF8B5FDC0E4168B9986E32CC396B17F69A9EF032BA06AB969DFF1BDA3B8F5A6A8A0592AAEC5B5BB1A604A8C0589DC7DE99C87E992BE1A2F74D817AD5424E8AE14808F09213B1C268A47196E5013D75CAA5F8C76B6B5A951D48D0F8E066360E409D6076D99A3AF7CAB631041B6DD14BBF9C0E0BC39B66542C9D3C7E98C97E3A1C08C25047963D6F5A0D05EB3684B3B5B31379838B1AE1D05677898A3FC986F2D01CD44A25D46AD8D9626774DD8AFE4723987E7B87AFCD1560FA3931A760C8E96C58552A1B6953441F52F4F8A49C0597C9F79B24D9650C4C901A4E862458F6CF8451D445A1A9330C65A0CD00C9254A419BBF72B4C66459B4E50CC2849782FFA6D3C9EEDFE7F7983E94A0499F8AC90F41081BB6756D22713A4D4FC61784410192827AC6ECB043870E593EB71EEDA34BAEC1CCBFB94E746367E19732FCAA22AB9736093BE512D38C293C77C175B977B0590C4D72D8CCD8CC962A77C9AEA280B43BBB7669447AF02539857442AE168E77560184CDCC495D99DECEAE61A72129A44A0A5AE9D7779B157C7F262AF465D2F6DFFD937ED535E6CAF2AF9C9FEC8C499EF734FAE66A075EA63B8DC37C0A8F1E07031C3D9EADA10D3E7ED2B7487A9E35DD5A14A147351BC5AB87AAC28D76B3CEA7CC2EF8C3F783A325C5926E48839087E123CA096623C77ACCD0509D38849D3C3AAF499905065E87F64B5BC390D9763E5FF00B80432C0747AC6753B9439ED5476C486A6B44A2A933533198700168A49C6020BC4ACDC1513604B8EAE7B7920DF6C4A963E93CEB054D5380689DA6F81E0A084C499F28D7623F9634AE2C3FF00CC267DAB9A84EB81F54470923C64852CCD7B39178BF750E9268780F317D0C6F059A401F880CEC81F8E7C502082824E0F7F0673B137DAEE72DB42BD6B72946905E0D0870B1055F0F9514FD85E0C05BA82C7244FA88CD5BFD7EF64A7C29385CE17744C2B8367EB1A9B195492B0B14A2BBC640872890B717F8B13F6AAAB8215721723C8CE036019163F5222CBAFF5DE69D4004545A60207248208C67B5C9E097B2B9EB61CA61E205E8F03AB13F08AB7C85A1BC90E143E82879E39280D825BBA3E5B3E4F61810D6760D702D97EECCDFE68F5643D0263C38D213986082EF1113508C42AE38F29F8E7A80EF785A6C57F9CE8D1F884C63A2551AE2AD80DB3A372D169596ADBFCD27BD44D127CAE086706842FB4F52420D10CD08D472AEDC5B98CD788BCB63D0CE9B04715B355B622D69AD1F5C1215DEE5B0EB8CB47A27A88ED10C5CEF6B462A65F701AF0AD828D41932E23D3E1D7A86083E3554F092D8EF81454B7B60BE78B1290129401F7F +20140127233626 2 6 100 8191 2 D3584411656A5311623FF0D234C21F198B128AE78662AB22596F7FDB40C949394BF6CEDA3209BEA8F64DB8F6A39F3DCAA89D3EEA0821F7DA8938F20089CA1C8067BA93163268C7CAE191760CCF8B5FDC0E4168B9986E32CC396B17F69A9EF032BA06AB969DFF1BDA3B8F5A6A8A0592AAEC5B5BB1A604A8C0589DC7DE99C87E992BE1A2F74D817AD5424E8AE14808F09213B1C268A47196E5013D75CAA5F8C76B6B5A951D48D0F8E066360E409D6076D99A3AF7CAB631041B6DD14BBF9C0E0BC39B66542C9D3C7E98C97E3A1C08C25047963D6F5A0D05EB3684B3B5B31379838B1AE1D05677898A3FC986F2D01CD44A25D46AD8D9626774DD8AFE4723987E7B87AFCD1560FA3931A760C8E96C58552A1B6953441F52F4F8A49C0597C9F79B24D9650C4C901A4E862458F6CF8451D445A1A9330C65A0CD00C9254A419BBF72B4C66459B4E50CC2849782FFA6D3C9EEDFE7F7983E94A0499F8AC90F41081BB6756D22713A4D4FC61784410192827AC6ECB043870E593EB71EEDA34BAEC1CCBFB94E746367E19732FCAA22AB9736093BE512D38C293C77C175B977B0590C4D72D8CCD8CC962A77C9AEA280B43BBB7669447AF02539857442AE168E77560184CDCC495D99DECEAE61A72129A44A0A5AE9D7779B157C7F262AF465D2F6DFFD937ED535E6CAF2AF9C9FEC8C499EF734FAE66A075EA63B8DC37C0A8F1E07031C3D9EADA10D3E7ED2B7487A9E35DD5A14A147351BC5AB87AAC28D76B3CEA7CC2EF8C3F783A325C5926E48839087E123CA096623C77ACCD0509D38849D3C3AAF499905065E87F64B5BC390D9763E5FF00B80432C0747AC6753B9439ED5476C486A6B44A2A933533198700168A49C6020BC4ACDC1513604B8EAE7B7920DF6C4A963E93CEB054D5380689DA6F81E0A084C499F28D7623F9634AE2C3FF00CC267DAB9A84EB81F54470923C64852CCD7B39178BF750E9268780F317D0C6F059A401F880CEC81F8E7C502082824E0F7F0673B137DAEE72DB42BD6B72946905E0D0870B1055F0F9514FD85E0C05BA82C7244FA88CD5BFD7EF64A7C29385CE17744C2B8367EB1A9B195492B0B14A2BBC640872890B717F8B13F6AAAB8215721723C8CE036019163F5222CBAFF5DE69D4004545A60207248208C67B5C9E097B2B9EB61CA61E205E8F03AB13F08AB7C85A1BC90E143E82879E39280D825BBA3E5B3E4F61810D6760D702D97EECCDFE68F5643D0263C38D213986082EF1113508C42AE38F29F8E7A80EF785A6C57F9CE8D1F884C63A2551AE2AD80DB3A372D169596ADBFCD27BD44D127CAE086706842FB4F52420D10CD08D472AEDC5B98CD788BCB63D0CE9B04715B355B622D69AD1F5C1215DEE5B0EB8CB47A27A88ED10C5CEF6B462A65F701AF0AD828D41932E23D3E1D7A86083E3554F092D8EF81454B7B60BE78B1290129410D4B +20140128111859 2 6 100 8191 2 D3584411656A5311623FF0D234C21F198B128AE78662AB22596F7FDB40C949394BF6CEDA3209BEA8F64DB8F6A39F3DCAA89D3EEA0821F7DA8938F20089CA1C8067BA93163268C7CAE191760CCF8B5FDC0E4168B9986E32CC396B17F69A9EF032BA06AB969DFF1BDA3B8F5A6A8A0592AAEC5B5BB1A604A8C0589DC7DE99C87E992BE1A2F74D817AD5424E8AE14808F09213B1C268A47196E5013D75CAA5F8C76B6B5A951D48D0F8E066360E409D6076D99A3AF7CAB631041B6DD14BBF9C0E0BC39B66542C9D3C7E98C97E3A1C08C25047963D6F5A0D05EB3684B3B5B31379838B1AE1D05677898A3FC986F2D01CD44A25D46AD8D9626774DD8AFE4723987E7B87AFCD1560FA3931A760C8E96C58552A1B6953441F52F4F8A49C0597C9F79B24D9650C4C901A4E862458F6CF8451D445A1A9330C65A0CD00C9254A419BBF72B4C66459B4E50CC2849782FFA6D3C9EEDFE7F7983E94A0499F8AC90F41081BB6756D22713A4D4FC61784410192827AC6ECB043870E593EB71EEDA34BAEC1CCBFB94E746367E19732FCAA22AB9736093BE512D38C293C77C175B977B0590C4D72D8CCD8CC962A77C9AEA280B43BBB7669447AF02539857442AE168E77560184CDCC495D99DECEAE61A72129A44A0A5AE9D7779B157C7F262AF465D2F6DFFD937ED535E6CAF2AF9C9FEC8C499EF734FAE66A075EA63B8DC37C0A8F1E07031C3D9EADA10D3E7ED2B7487A9E35DD5A14A147351BC5AB87AAC28D76B3CEA7CC2EF8C3F783A325C5926E48839087E123CA096623C77ACCD0509D38849D3C3AAF499905065E87F64B5BC390D9763E5FF00B80432C0747AC6753B9439ED5476C486A6B44A2A933533198700168A49C6020BC4ACDC1513604B8EAE7B7920DF6C4A963E93CEB054D5380689DA6F81E0A084C499F28D7623F9634AE2C3FF00CC267DAB9A84EB81F54470923C64852CCD7B39178BF750E9268780F317D0C6F059A401F880CEC81F8E7C502082824E0F7F0673B137DAEE72DB42BD6B72946905E0D0870B1055F0F9514FD85E0C05BA82C7244FA88CD5BFD7EF64A7C29385CE17744C2B8367EB1A9B195492B0B14A2BBC640872890B717F8B13F6AAAB8215721723C8CE036019163F5222CBAFF5DE69D4004545A60207248208C67B5C9E097B2B9EB61CA61E205E8F03AB13F08AB7C85A1BC90E143E82879E39280D825BBA3E5B3E4F61810D6760D702D97EECCDFE68F5643D0263C38D213986082EF1113508C42AE38F29F8E7A80EF785A6C57F9CE8D1F884C63A2551AE2AD80DB3A372D169596ADBFCD27BD44D127CAE086706842FB4F52420D10CD08D472AEDC5B98CD788BCB63D0CE9B04715B355B622D69AD1F5C1215DEE5B0EB8CB47A27A88ED10C5CEF6B462A65F701AF0AD828D41932E23D3E1D7A86083E3554F092D8EF81454B7B60BE78B12901367E2AE3 +20140128115222 2 6 100 8191 2 D3584411656A5311623FF0D234C21F198B128AE78662AB22596F7FDB40C949394BF6CEDA3209BEA8F64DB8F6A39F3DCAA89D3EEA0821F7DA8938F20089CA1C8067BA93163268C7CAE191760CCF8B5FDC0E4168B9986E32CC396B17F69A9EF032BA06AB969DFF1BDA3B8F5A6A8A0592AAEC5B5BB1A604A8C0589DC7DE99C87E992BE1A2F74D817AD5424E8AE14808F09213B1C268A47196E5013D75CAA5F8C76B6B5A951D48D0F8E066360E409D6076D99A3AF7CAB631041B6DD14BBF9C0E0BC39B66542C9D3C7E98C97E3A1C08C25047963D6F5A0D05EB3684B3B5B31379838B1AE1D05677898A3FC986F2D01CD44A25D46AD8D9626774DD8AFE4723987E7B87AFCD1560FA3931A760C8E96C58552A1B6953441F52F4F8A49C0597C9F79B24D9650C4C901A4E862458F6CF8451D445A1A9330C65A0CD00C9254A419BBF72B4C66459B4E50CC2849782FFA6D3C9EEDFE7F7983E94A0499F8AC90F41081BB6756D22713A4D4FC61784410192827AC6ECB043870E593EB71EEDA34BAEC1CCBFB94E746367E19732FCAA22AB9736093BE512D38C293C77C175B977B0590C4D72D8CCD8CC962A77C9AEA280B43BBB7669447AF02539857442AE168E77560184CDCC495D99DECEAE61A72129A44A0A5AE9D7779B157C7F262AF465D2F6DFFD937ED535E6CAF2AF9C9FEC8C499EF734FAE66A075EA63B8DC37C0A8F1E07031C3D9EADA10D3E7ED2B7487A9E35DD5A14A147351BC5AB87AAC28D76B3CEA7CC2EF8C3F783A325C5926E48839087E123CA096623C77ACCD0509D38849D3C3AAF499905065E87F64B5BC390D9763E5FF00B80432C0747AC6753B9439ED5476C486A6B44A2A933533198700168A49C6020BC4ACDC1513604B8EAE7B7920DF6C4A963E93CEB054D5380689DA6F81E0A084C499F28D7623F9634AE2C3FF00CC267DAB9A84EB81F54470923C64852CCD7B39178BF750E9268780F317D0C6F059A401F880CEC81F8E7C502082824E0F7F0673B137DAEE72DB42BD6B72946905E0D0870B1055F0F9514FD85E0C05BA82C7244FA88CD5BFD7EF64A7C29385CE17744C2B8367EB1A9B195492B0B14A2BBC640872890B717F8B13F6AAAB8215721723C8CE036019163F5222CBAFF5DE69D4004545A60207248208C67B5C9E097B2B9EB61CA61E205E8F03AB13F08AB7C85A1BC90E143E82879E39280D825BBA3E5B3E4F61810D6760D702D97EECCDFE68F5643D0263C38D213986082EF1113508C42AE38F29F8E7A80EF785A6C57F9CE8D1F884C63A2551AE2AD80DB3A372D169596ADBFCD27BD44D127CAE086706842FB4F52420D10CD08D472AEDC5B98CD788BCB63D0CE9B04715B355B622D69AD1F5C1215DEE5B0EB8CB47A27A88ED10C5CEF6B462A65F701AF0AD828D41932E23D3E1D7A86083E3554F092D8EF81454B7B60BE78B1290137D4813B +20140128154245 2 6 100 8191 2 D3584411656A5311623FF0D234C21F198B128AE78662AB22596F7FDB40C949394BF6CEDA3209BEA8F64DB8F6A39F3DCAA89D3EEA0821F7DA8938F20089CA1C8067BA93163268C7CAE191760CCF8B5FDC0E4168B9986E32CC396B17F69A9EF032BA06AB969DFF1BDA3B8F5A6A8A0592AAEC5B5BB1A604A8C0589DC7DE99C87E992BE1A2F74D817AD5424E8AE14808F09213B1C268A47196E5013D75CAA5F8C76B6B5A951D48D0F8E066360E409D6076D99A3AF7CAB631041B6DD14BBF9C0E0BC39B66542C9D3C7E98C97E3A1C08C25047963D6F5A0D05EB3684B3B5B31379838B1AE1D05677898A3FC986F2D01CD44A25D46AD8D9626774DD8AFE4723987E7B87AFCD1560FA3931A760C8E96C58552A1B6953441F52F4F8A49C0597C9F79B24D9650C4C901A4E862458F6CF8451D445A1A9330C65A0CD00C9254A419BBF72B4C66459B4E50CC2849782FFA6D3C9EEDFE7F7983E94A0499F8AC90F41081BB6756D22713A4D4FC61784410192827AC6ECB043870E593EB71EEDA34BAEC1CCBFB94E746367E19732FCAA22AB9736093BE512D38C293C77C175B977B0590C4D72D8CCD8CC962A77C9AEA280B43BBB7669447AF02539857442AE168E77560184CDCC495D99DECEAE61A72129A44A0A5AE9D7779B157C7F262AF465D2F6DFFD937ED535E6CAF2AF9C9FEC8C499EF734FAE66A075EA63B8DC37C0A8F1E07031C3D9EADA10D3E7ED2B7487A9E35DD5A14A147351BC5AB87AAC28D76B3CEA7CC2EF8C3F783A325C5926E48839087E123CA096623C77ACCD0509D38849D3C3AAF499905065E87F64B5BC390D9763E5FF00B80432C0747AC6753B9439ED5476C486A6B44A2A933533198700168A49C6020BC4ACDC1513604B8EAE7B7920DF6C4A963E93CEB054D5380689DA6F81E0A084C499F28D7623F9634AE2C3FF00CC267DAB9A84EB81F54470923C64852CCD7B39178BF750E9268780F317D0C6F059A401F880CEC81F8E7C502082824E0F7F0673B137DAEE72DB42BD6B72946905E0D0870B1055F0F9514FD85E0C05BA82C7244FA88CD5BFD7EF64A7C29385CE17744C2B8367EB1A9B195492B0B14A2BBC640872890B717F8B13F6AAAB8215721723C8CE036019163F5222CBAFF5DE69D4004545A60207248208C67B5C9E097B2B9EB61CA61E205E8F03AB13F08AB7C85A1BC90E143E82879E39280D825BBA3E5B3E4F61810D6760D702D97EECCDFE68F5643D0263C38D213986082EF1113508C42AE38F29F8E7A80EF785A6C57F9CE8D1F884C63A2551AE2AD80DB3A372D169596ADBFCD27BD44D127CAE086706842FB4F52420D10CD08D472AEDC5B98CD788BCB63D0CE9B04715B355B622D69AD1F5C1215DEE5B0EB8CB47A27A88ED10C5CEF6B462A65F701AF0AD828D41932E23D3E1D7A86083E3554F092D8EF81454B7B60BE78B12901407FCDB3 +20140128173409 2 6 100 8191 2 D3584411656A5311623FF0D234C21F198B128AE78662AB22596F7FDB40C949394BF6CEDA3209BEA8F64DB8F6A39F3DCAA89D3EEA0821F7DA8938F20089CA1C8067BA93163268C7CAE191760CCF8B5FDC0E4168B9986E32CC396B17F69A9EF032BA06AB969DFF1BDA3B8F5A6A8A0592AAEC5B5BB1A604A8C0589DC7DE99C87E992BE1A2F74D817AD5424E8AE14808F09213B1C268A47196E5013D75CAA5F8C76B6B5A951D48D0F8E066360E409D6076D99A3AF7CAB631041B6DD14BBF9C0E0BC39B66542C9D3C7E98C97E3A1C08C25047963D6F5A0D05EB3684B3B5B31379838B1AE1D05677898A3FC986F2D01CD44A25D46AD8D9626774DD8AFE4723987E7B87AFCD1560FA3931A760C8E96C58552A1B6953441F52F4F8A49C0597C9F79B24D9650C4C901A4E862458F6CF8451D445A1A9330C65A0CD00C9254A419BBF72B4C66459B4E50CC2849782FFA6D3C9EEDFE7F7983E94A0499F8AC90F41081BB6756D22713A4D4FC61784410192827AC6ECB043870E593EB71EEDA34BAEC1CCBFB94E746367E19732FCAA22AB9736093BE512D38C293C77C175B977B0590C4D72D8CCD8CC962A77C9AEA280B43BBB7669447AF02539857442AE168E77560184CDCC495D99DECEAE61A72129A44A0A5AE9D7779B157C7F262AF465D2F6DFFD937ED535E6CAF2AF9C9FEC8C499EF734FAE66A075EA63B8DC37C0A8F1E07031C3D9EADA10D3E7ED2B7487A9E35DD5A14A147351BC5AB87AAC28D76B3CEA7CC2EF8C3F783A325C5926E48839087E123CA096623C77ACCD0509D38849D3C3AAF499905065E87F64B5BC390D9763E5FF00B80432C0747AC6753B9439ED5476C486A6B44A2A933533198700168A49C6020BC4ACDC1513604B8EAE7B7920DF6C4A963E93CEB054D5380689DA6F81E0A084C499F28D7623F9634AE2C3FF00CC267DAB9A84EB81F54470923C64852CCD7B39178BF750E9268780F317D0C6F059A401F880CEC81F8E7C502082824E0F7F0673B137DAEE72DB42BD6B72946905E0D0870B1055F0F9514FD85E0C05BA82C7244FA88CD5BFD7EF64A7C29385CE17744C2B8367EB1A9B195492B0B14A2BBC640872890B717F8B13F6AAAB8215721723C8CE036019163F5222CBAFF5DE69D4004545A60207248208C67B5C9E097B2B9EB61CA61E205E8F03AB13F08AB7C85A1BC90E143E82879E39280D825BBA3E5B3E4F61810D6760D702D97EECCDFE68F5643D0263C38D213986082EF1113508C42AE38F29F8E7A80EF785A6C57F9CE8D1F884C63A2551AE2AD80DB3A372D169596ADBFCD27BD44D127CAE086706842FB4F52420D10CD08D472AEDC5B98CD788BCB63D0CE9B04715B355B622D69AD1F5C1215DEE5B0EB8CB47A27A88ED10C5CEF6B462A65F701AF0AD828D41932E23D3E1D7A86083E3554F092D8EF81454B7B60BE78B12901450F48E3 +20140128205433 2 6 100 8191 2 D3584411656A5311623FF0D234C21F198B128AE78662AB22596F7FDB40C949394BF6CEDA3209BEA8F64DB8F6A39F3DCAA89D3EEA0821F7DA8938F20089CA1C8067BA93163268C7CAE191760CCF8B5FDC0E4168B9986E32CC396B17F69A9EF032BA06AB969DFF1BDA3B8F5A6A8A0592AAEC5B5BB1A604A8C0589DC7DE99C87E992BE1A2F74D817AD5424E8AE14808F09213B1C268A47196E5013D75CAA5F8C76B6B5A951D48D0F8E066360E409D6076D99A3AF7CAB631041B6DD14BBF9C0E0BC39B66542C9D3C7E98C97E3A1C08C25047963D6F5A0D05EB3684B3B5B31379838B1AE1D05677898A3FC986F2D01CD44A25D46AD8D9626774DD8AFE4723987E7B87AFCD1560FA3931A760C8E96C58552A1B6953441F52F4F8A49C0597C9F79B24D9650C4C901A4E862458F6CF8451D445A1A9330C65A0CD00C9254A419BBF72B4C66459B4E50CC2849782FFA6D3C9EEDFE7F7983E94A0499F8AC90F41081BB6756D22713A4D4FC61784410192827AC6ECB043870E593EB71EEDA34BAEC1CCBFB94E746367E19732FCAA22AB9736093BE512D38C293C77C175B977B0590C4D72D8CCD8CC962A77C9AEA280B43BBB7669447AF02539857442AE168E77560184CDCC495D99DECEAE61A72129A44A0A5AE9D7779B157C7F262AF465D2F6DFFD937ED535E6CAF2AF9C9FEC8C499EF734FAE66A075EA63B8DC37C0A8F1E07031C3D9EADA10D3E7ED2B7487A9E35DD5A14A147351BC5AB87AAC28D76B3CEA7CC2EF8C3F783A325C5926E48839087E123CA096623C77ACCD0509D38849D3C3AAF499905065E87F64B5BC390D9763E5FF00B80432C0747AC6753B9439ED5476C486A6B44A2A933533198700168A49C6020BC4ACDC1513604B8EAE7B7920DF6C4A963E93CEB054D5380689DA6F81E0A084C499F28D7623F9634AE2C3FF00CC267DAB9A84EB81F54470923C64852CCD7B39178BF750E9268780F317D0C6F059A401F880CEC81F8E7C502082824E0F7F0673B137DAEE72DB42BD6B72946905E0D0870B1055F0F9514FD85E0C05BA82C7244FA88CD5BFD7EF64A7C29385CE17744C2B8367EB1A9B195492B0B14A2BBC640872890B717F8B13F6AAAB8215721723C8CE036019163F5222CBAFF5DE69D4004545A60207248208C67B5C9E097B2B9EB61CA61E205E8F03AB13F08AB7C85A1BC90E143E82879E39280D825BBA3E5B3E4F61810D6760D702D97EECCDFE68F5643D0263C38D213986082EF1113508C42AE38F29F8E7A80EF785A6C57F9CE8D1F884C63A2551AE2AD80DB3A372D169596ADBFCD27BD44D127CAE086706842FB4F52420D10CD08D472AEDC5B98CD788BCB63D0CE9B04715B355B622D69AD1F5C1215DEE5B0EB8CB47A27A88ED10C5CEF6B462A65F701AF0AD828D41932E23D3E1D7A86083E3554F092D8EF81454B7B60BE78B129014C9F07F3 +20140128223650 2 6 100 8191 5 D3584411656A5311623FF0D234C21F198B128AE78662AB22596F7FDB40C949394BF6CEDA3209BEA8F64DB8F6A39F3DCAA89D3EEA0821F7DA8938F20089CA1C8067BA93163268C7CAE191760CCF8B5FDC0E4168B9986E32CC396B17F69A9EF032BA06AB969DFF1BDA3B8F5A6A8A0592AAEC5B5BB1A604A8C0589DC7DE99C87E992BE1A2F74D817AD5424E8AE14808F09213B1C268A47196E5013D75CAA5F8C76B6B5A951D48D0F8E066360E409D6076D99A3AF7CAB631041B6DD14BBF9C0E0BC39B66542C9D3C7E98C97E3A1C08C25047963D6F5A0D05EB3684B3B5B31379838B1AE1D05677898A3FC986F2D01CD44A25D46AD8D9626774DD8AFE4723987E7B87AFCD1560FA3931A760C8E96C58552A1B6953441F52F4F8A49C0597C9F79B24D9650C4C901A4E862458F6CF8451D445A1A9330C65A0CD00C9254A419BBF72B4C66459B4E50CC2849782FFA6D3C9EEDFE7F7983E94A0499F8AC90F41081BB6756D22713A4D4FC61784410192827AC6ECB043870E593EB71EEDA34BAEC1CCBFB94E746367E19732FCAA22AB9736093BE512D38C293C77C175B977B0590C4D72D8CCD8CC962A77C9AEA280B43BBB7669447AF02539857442AE168E77560184CDCC495D99DECEAE61A72129A44A0A5AE9D7779B157C7F262AF465D2F6DFFD937ED535E6CAF2AF9C9FEC8C499EF734FAE66A075EA63B8DC37C0A8F1E07031C3D9EADA10D3E7ED2B7487A9E35DD5A14A147351BC5AB87AAC28D76B3CEA7CC2EF8C3F783A325C5926E48839087E123CA096623C77ACCD0509D38849D3C3AAF499905065E87F64B5BC390D9763E5FF00B80432C0747AC6753B9439ED5476C486A6B44A2A933533198700168A49C6020BC4ACDC1513604B8EAE7B7920DF6C4A963E93CEB054D5380689DA6F81E0A084C499F28D7623F9634AE2C3FF00CC267DAB9A84EB81F54470923C64852CCD7B39178BF750E9268780F317D0C6F059A401F880CEC81F8E7C502082824E0F7F0673B137DAEE72DB42BD6B72946905E0D0870B1055F0F9514FD85E0C05BA82C7244FA88CD5BFD7EF64A7C29385CE17744C2B8367EB1A9B195492B0B14A2BBC640872890B717F8B13F6AAAB8215721723C8CE036019163F5222CBAFF5DE69D4004545A60207248208C67B5C9E097B2B9EB61CA61E205E8F03AB13F08AB7C85A1BC90E143E82879E39280D825BBA3E5B3E4F61810D6760D702D97EECCDFE68F5643D0263C38D213986082EF1113508C42AE38F29F8E7A80EF785A6C57F9CE8D1F884C63A2551AE2AD80DB3A372D169596ADBFCD27BD44D127CAE086706842FB4F52420D10CD08D472AEDC5B98CD788BCB63D0CE9B04715B355B622D69AD1F5C1215DEE5B0EB8CB47A27A88ED10C5CEF6B462A65F701AF0AD828D41932E23D3E1D7A86083E3554F092D8EF81454B7B60BE78B12901508434EF +20140129073606 2 6 100 8191 2 D3584411656A5311623FF0D234C21F198B128AE78662AB22596F7FDB40C949394BF6CEDA3209BEA8F64DB8F6A39F3DCAA89D3EEA0821F7DA8938F20089CA1C8067BA93163268C7CAE191760CCF8B5FDC0E4168B9986E32CC396B17F69A9EF032BA06AB969DFF1BDA3B8F5A6A8A0592AAEC5B5BB1A604A8C0589DC7DE99C87E992BE1A2F74D817AD5424E8AE14808F09213B1C268A47196E5013D75CAA5F8C76B6B5A951D48D0F8E066360E409D6076D99A3AF7CAB631041B6DD14BBF9C0E0BC39B66542C9D3C7E98C97E3A1C08C25047963D6F5A0D05EB3684B3B5B31379838B1AE1D05677898A3FC986F2D01CD44A25D46AD8D9626774DD8AFE4723987E7B87AFCD1560FA3931A760C8E96C58552A1B6953441F52F4F8A49C0597C9F79B24D9650C4C901A4E862458F6CF8451D445A1A9330C65A0CD00C9254A419BBF72B4C66459B4E50CC2849782FFA6D3C9EEDFE7F7983E94A0499F8AC90F41081BB6756D22713A4D4FC61784410192827AC6ECB043870E593EB71EEDA34BAEC1CCBFB94E746367E19732FCAA22AB9736093BE512D38C293C77C175B977B0590C4D72D8CCD8CC962A77C9AEA280B43BBB7669447AF02539857442AE168E77560184CDCC495D99DECEAE61A72129A44A0A5AE9D7779B157C7F262AF465D2F6DFFD937ED535E6CAF2AF9C9FEC8C499EF734FAE66A075EA63B8DC37C0A8F1E07031C3D9EADA10D3E7ED2B7487A9E35DD5A14A147351BC5AB87AAC28D76B3CEA7CC2EF8C3F783A325C5926E48839087E123CA096623C77ACCD0509D38849D3C3AAF499905065E87F64B5BC390D9763E5FF00B80432C0747AC6753B9439ED5476C486A6B44A2A933533198700168A49C6020BC4ACDC1513604B8EAE7B7920DF6C4A963E93CEB054D5380689DA6F81E0A084C499F28D7623F9634AE2C3FF00CC267DAB9A84EB81F54470923C64852CCD7B39178BF750E9268780F317D0C6F059A401F880CEC81F8E7C502082824E0F7F0673B137DAEE72DB42BD6B72946905E0D0870B1055F0F9514FD85E0C05BA82C7244FA88CD5BFD7EF64A7C29385CE17744C2B8367EB1A9B195492B0B14A2BBC640872890B717F8B13F6AAAB8215721723C8CE036019163F5222CBAFF5DE69D4004545A60207248208C67B5C9E097B2B9EB61CA61E205E8F03AB13F08AB7C85A1BC90E143E82879E39280D825BBA3E5B3E4F61810D6760D702D97EECCDFE68F5643D0263C38D213986082EF1113508C42AE38F29F8E7A80EF785A6C57F9CE8D1F884C63A2551AE2AD80DB3A372D169596ADBFCD27BD44D127CAE086706842FB4F52420D10CD08D472AEDC5B98CD788BCB63D0CE9B04715B355B622D69AD1F5C1215DEE5B0EB8CB47A27A88ED10C5CEF6B462A65F701AF0AD828D41932E23D3E1D7A86083E3554F092D8EF81454B7B60BE78B129015720D7EB +20140129080628 2 6 100 8191 5 D3584411656A5311623FF0D234C21F198B128AE78662AB22596F7FDB40C949394BF6CEDA3209BEA8F64DB8F6A39F3DCAA89D3EEA0821F7DA8938F20089CA1C8067BA93163268C7CAE191760CCF8B5FDC0E4168B9986E32CC396B17F69A9EF032BA06AB969DFF1BDA3B8F5A6A8A0592AAEC5B5BB1A604A8C0589DC7DE99C87E992BE1A2F74D817AD5424E8AE14808F09213B1C268A47196E5013D75CAA5F8C76B6B5A951D48D0F8E066360E409D6076D99A3AF7CAB631041B6DD14BBF9C0E0BC39B66542C9D3C7E98C97E3A1C08C25047963D6F5A0D05EB3684B3B5B31379838B1AE1D05677898A3FC986F2D01CD44A25D46AD8D9626774DD8AFE4723987E7B87AFCD1560FA3931A760C8E96C58552A1B6953441F52F4F8A49C0597C9F79B24D9650C4C901A4E862458F6CF8451D445A1A9330C65A0CD00C9254A419BBF72B4C66459B4E50CC2849782FFA6D3C9EEDFE7F7983E94A0499F8AC90F41081BB6756D22713A4D4FC61784410192827AC6ECB043870E593EB71EEDA34BAEC1CCBFB94E746367E19732FCAA22AB9736093BE512D38C293C77C175B977B0590C4D72D8CCD8CC962A77C9AEA280B43BBB7669447AF02539857442AE168E77560184CDCC495D99DECEAE61A72129A44A0A5AE9D7779B157C7F262AF465D2F6DFFD937ED535E6CAF2AF9C9FEC8C499EF734FAE66A075EA63B8DC37C0A8F1E07031C3D9EADA10D3E7ED2B7487A9E35DD5A14A147351BC5AB87AAC28D76B3CEA7CC2EF8C3F783A325C5926E48839087E123CA096623C77ACCD0509D38849D3C3AAF499905065E87F64B5BC390D9763E5FF00B80432C0747AC6753B9439ED5476C486A6B44A2A933533198700168A49C6020BC4ACDC1513604B8EAE7B7920DF6C4A963E93CEB054D5380689DA6F81E0A084C499F28D7623F9634AE2C3FF00CC267DAB9A84EB81F54470923C64852CCD7B39178BF750E9268780F317D0C6F059A401F880CEC81F8E7C502082824E0F7F0673B137DAEE72DB42BD6B72946905E0D0870B1055F0F9514FD85E0C05BA82C7244FA88CD5BFD7EF64A7C29385CE17744C2B8367EB1A9B195492B0B14A2BBC640872890B717F8B13F6AAAB8215721723C8CE036019163F5222CBAFF5DE69D4004545A60207248208C67B5C9E097B2B9EB61CA61E205E8F03AB13F08AB7C85A1BC90E143E82879E39280D825BBA3E5B3E4F61810D6760D702D97EECCDFE68F5643D0263C38D213986082EF1113508C42AE38F29F8E7A80EF785A6C57F9CE8D1F884C63A2551AE2AD80DB3A372D169596ADBFCD27BD44D127CAE086706842FB4F52420D10CD08D472AEDC5B98CD788BCB63D0CE9B04715B355B622D69AD1F5C1215DEE5B0EB8CB47A27A88ED10C5CEF6B462A65F701AF0AD828D41932E23D3E1D7A86083E3554F092D8EF81454B7B60BE78B12901585A5047 +20140129083452 2 6 100 8191 5 D3584411656A5311623FF0D234C21F198B128AE78662AB22596F7FDB40C949394BF6CEDA3209BEA8F64DB8F6A39F3DCAA89D3EEA0821F7DA8938F20089CA1C8067BA93163268C7CAE191760CCF8B5FDC0E4168B9986E32CC396B17F69A9EF032BA06AB969DFF1BDA3B8F5A6A8A0592AAEC5B5BB1A604A8C0589DC7DE99C87E992BE1A2F74D817AD5424E8AE14808F09213B1C268A47196E5013D75CAA5F8C76B6B5A951D48D0F8E066360E409D6076D99A3AF7CAB631041B6DD14BBF9C0E0BC39B66542C9D3C7E98C97E3A1C08C25047963D6F5A0D05EB3684B3B5B31379838B1AE1D05677898A3FC986F2D01CD44A25D46AD8D9626774DD8AFE4723987E7B87AFCD1560FA3931A760C8E96C58552A1B6953441F52F4F8A49C0597C9F79B24D9650C4C901A4E862458F6CF8451D445A1A9330C65A0CD00C9254A419BBF72B4C66459B4E50CC2849782FFA6D3C9EEDFE7F7983E94A0499F8AC90F41081BB6756D22713A4D4FC61784410192827AC6ECB043870E593EB71EEDA34BAEC1CCBFB94E746367E19732FCAA22AB9736093BE512D38C293C77C175B977B0590C4D72D8CCD8CC962A77C9AEA280B43BBB7669447AF02539857442AE168E77560184CDCC495D99DECEAE61A72129A44A0A5AE9D7779B157C7F262AF465D2F6DFFD937ED535E6CAF2AF9C9FEC8C499EF734FAE66A075EA63B8DC37C0A8F1E07031C3D9EADA10D3E7ED2B7487A9E35DD5A14A147351BC5AB87AAC28D76B3CEA7CC2EF8C3F783A325C5926E48839087E123CA096623C77ACCD0509D38849D3C3AAF499905065E87F64B5BC390D9763E5FF00B80432C0747AC6753B9439ED5476C486A6B44A2A933533198700168A49C6020BC4ACDC1513604B8EAE7B7920DF6C4A963E93CEB054D5380689DA6F81E0A084C499F28D7623F9634AE2C3FF00CC267DAB9A84EB81F54470923C64852CCD7B39178BF750E9268780F317D0C6F059A401F880CEC81F8E7C502082824E0F7F0673B137DAEE72DB42BD6B72946905E0D0870B1055F0F9514FD85E0C05BA82C7244FA88CD5BFD7EF64A7C29385CE17744C2B8367EB1A9B195492B0B14A2BBC640872890B717F8B13F6AAAB8215721723C8CE036019163F5222CBAFF5DE69D4004545A60207248208C67B5C9E097B2B9EB61CA61E205E8F03AB13F08AB7C85A1BC90E143E82879E39280D825BBA3E5B3E4F61810D6760D702D97EECCDFE68F5643D0263C38D213986082EF1113508C42AE38F29F8E7A80EF785A6C57F9CE8D1F884C63A2551AE2AD80DB3A372D169596ADBFCD27BD44D127CAE086706842FB4F52420D10CD08D472AEDC5B98CD788BCB63D0CE9B04715B355B622D69AD1F5C1215DEE5B0EB8CB47A27A88ED10C5CEF6B462A65F701AF0AD828D41932E23D3E1D7A86083E3554F092D8EF81454B7B60BE78B1290159794A0F +20140129090457 2 6 100 8191 5 D3584411656A5311623FF0D234C21F198B128AE78662AB22596F7FDB40C949394BF6CEDA3209BEA8F64DB8F6A39F3DCAA89D3EEA0821F7DA8938F20089CA1C8067BA93163268C7CAE191760CCF8B5FDC0E4168B9986E32CC396B17F69A9EF032BA06AB969DFF1BDA3B8F5A6A8A0592AAEC5B5BB1A604A8C0589DC7DE99C87E992BE1A2F74D817AD5424E8AE14808F09213B1C268A47196E5013D75CAA5F8C76B6B5A951D48D0F8E066360E409D6076D99A3AF7CAB631041B6DD14BBF9C0E0BC39B66542C9D3C7E98C97E3A1C08C25047963D6F5A0D05EB3684B3B5B31379838B1AE1D05677898A3FC986F2D01CD44A25D46AD8D9626774DD8AFE4723987E7B87AFCD1560FA3931A760C8E96C58552A1B6953441F52F4F8A49C0597C9F79B24D9650C4C901A4E862458F6CF8451D445A1A9330C65A0CD00C9254A419BBF72B4C66459B4E50CC2849782FFA6D3C9EEDFE7F7983E94A0499F8AC90F41081BB6756D22713A4D4FC61784410192827AC6ECB043870E593EB71EEDA34BAEC1CCBFB94E746367E19732FCAA22AB9736093BE512D38C293C77C175B977B0590C4D72D8CCD8CC962A77C9AEA280B43BBB7669447AF02539857442AE168E77560184CDCC495D99DECEAE61A72129A44A0A5AE9D7779B157C7F262AF465D2F6DFFD937ED535E6CAF2AF9C9FEC8C499EF734FAE66A075EA63B8DC37C0A8F1E07031C3D9EADA10D3E7ED2B7487A9E35DD5A14A147351BC5AB87AAC28D76B3CEA7CC2EF8C3F783A325C5926E48839087E123CA096623C77ACCD0509D38849D3C3AAF499905065E87F64B5BC390D9763E5FF00B80432C0747AC6753B9439ED5476C486A6B44A2A933533198700168A49C6020BC4ACDC1513604B8EAE7B7920DF6C4A963E93CEB054D5380689DA6F81E0A084C499F28D7623F9634AE2C3FF00CC267DAB9A84EB81F54470923C64852CCD7B39178BF750E9268780F317D0C6F059A401F880CEC81F8E7C502082824E0F7F0673B137DAEE72DB42BD6B72946905E0D0870B1055F0F9514FD85E0C05BA82C7244FA88CD5BFD7EF64A7C29385CE17744C2B8367EB1A9B195492B0B14A2BBC640872890B717F8B13F6AAAB8215721723C8CE036019163F5222CBAFF5DE69D4004545A60207248208C67B5C9E097B2B9EB61CA61E205E8F03AB13F08AB7C85A1BC90E143E82879E39280D825BBA3E5B3E4F61810D6760D702D97EECCDFE68F5643D0263C38D213986082EF1113508C42AE38F29F8E7A80EF785A6C57F9CE8D1F884C63A2551AE2AD80DB3A372D169596ADBFCD27BD44D127CAE086706842FB4F52420D10CD08D472AEDC5B98CD788BCB63D0CE9B04715B355B622D69AD1F5C1215DEE5B0EB8CB47A27A88ED10C5CEF6B462A65F701AF0AD828D41932E23D3E1D7A86083E3554F092D8EF81454B7B60BE78B129015AA7B037 diff --git a/files-sftp/src/main/resources/org/apache/sshd/sshd-version.properties b/files-sftp/src/main/resources/org/apache/sshd/sshd-version.properties new file mode 100644 index 0000000..de4ddb4 --- /dev/null +++ b/files-sftp/src/main/resources/org/apache/sshd/sshd-version.properties @@ -0,0 +1,23 @@ +## +## Licensed to the Apache Software Foundation (ASF) under one +## or more contributor license agreements. See the NOTICE file +## distributed with this work for additional information +## regarding copyright ownership. The ASF licenses this file +## to you under the Apache License, Version 2.0 (the +## "License"); you may not use this file except in compliance +## with the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, +## software distributed under the License is distributed on an +## "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +## KIND, either express or implied. See the License for the +## specific language governing permissions and limitations +## under the License. +## + +groupId=org.apache.sshd +artifactId=sshd +version=2.6.0 +sshd-version=sshd-2.6.0 diff --git a/files-webdav-fs/build.gradle b/files-webdav-fs/build.gradle new file mode 100644 index 0000000..9fb2b0a --- /dev/null +++ b/files-webdav-fs/build.gradle @@ -0,0 +1,3 @@ +dependencies { + api project(':files-webdav') +} diff --git a/files-webdav-fs/src/main/java/module-info.java b/files-webdav-fs/src/main/java/module-info.java new file mode 100644 index 0000000..5dcfdba --- /dev/null +++ b/files-webdav-fs/src/main/java/module-info.java @@ -0,0 +1,8 @@ +import org.xbib.files.webdav.fs.WebdavFileSystemProvider; +import java.nio.file.spi.FileSystemProvider; + +module org.xbib.files.webdav.fs { + exports org.xbib.files.webdav.fs; + requires transitive org.xbib.files.webdav; + provides FileSystemProvider with WebdavFileSystemProvider; +} diff --git a/files-webdav-fs/src/main/java/org/xbib/files/webdav/fs/WebdavChannel.java b/files-webdav-fs/src/main/java/org/xbib/files/webdav/fs/WebdavChannel.java new file mode 100644 index 0000000..74cb446 --- /dev/null +++ b/files-webdav-fs/src/main/java/org/xbib/files/webdav/fs/WebdavChannel.java @@ -0,0 +1,118 @@ +package org.xbib.files.webdav.fs; + +import org.xbib.io.webdav.client.WebDavClient; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.nio.ByteBuffer; +import java.nio.channels.SeekableByteChannel; + +public class WebdavChannel implements SeekableByteChannel { + + private final WebDavClient client; + + private final WebdavPath path; + + private InputStream in; + + private ByteArrayOutputStream out; + + private int position = 0; + + public WebdavChannel(WebdavPath webdavPath) { + this.client = ((WebdavFileSystem) webdavPath.getFileSystem()).getClient(); + this.path = webdavPath; + } + + @Override + public boolean isOpen() { + return in != null || out != null; + } + + @Override + public void close() throws IOException { + synchronized (client) { + if (in != null) { + in.close(); + in = null; + } + if (out != null) { + try { + client.put(path.toUri(), new ByteArrayInputStream(out.toByteArray())); + } catch (InterruptedException e) { + throw new IOException(e); + } + out.close(); + out = null; + } + } + } + + @Override + public int read(ByteBuffer dst) throws IOException { + synchronized (client) { + if (in == null) { + try { + in = client.get(path.toUri()); + } catch (InterruptedException e) { + throw new IOException(e); + } + } + if (dst.hasArray()) { + int numBytesToRead = in.read(dst.array()); + position += numBytesToRead; + return numBytesToRead; + } + } + throw new UnsupportedOperationException(); + } + + @Override + public int write(ByteBuffer src) throws IOException { + OutputStream os = getOutputStream(); + int len = src.remaining(); + byte[] buf = new byte[len]; + while (src.hasRemaining()) { + src.get(buf); + os.write(buf); + } + position += len; + return len; + } + + private ByteArrayOutputStream getOutputStream() { + ByteArrayOutputStream os = out; + if (os == null) { + synchronized (client) { + os = out; + if (os == null) { + os = new ByteArrayOutputStream(); + this.out = os; + } + } + } + return os; + } + + @Override + public long position() throws IOException { + return position; + } + + @Override + public SeekableByteChannel position(long newPosition) throws IOException { + throw new UnsupportedOperationException(); + } + + @Override + public long size() throws IOException { + return 0; + } + + @Override + public SeekableByteChannel truncate(long size) throws IOException { + throw new UnsupportedOperationException(); + } +} diff --git a/files-webdav-fs/src/main/java/org/xbib/files/webdav/fs/WebdavFileAttributes.java b/files-webdav-fs/src/main/java/org/xbib/files/webdav/fs/WebdavFileAttributes.java new file mode 100644 index 0000000..ec4ab3b --- /dev/null +++ b/files-webdav-fs/src/main/java/org/xbib/files/webdav/fs/WebdavFileAttributes.java @@ -0,0 +1,59 @@ +package org.xbib.files.webdav.fs; + +import org.xbib.io.webdav.api.DavResource; +import java.nio.file.attribute.BasicFileAttributes; +import java.nio.file.attribute.FileTime; + +public class WebdavFileAttributes implements BasicFileAttributes { + + private final DavResource res; + + WebdavFileAttributes(DavResource res) { + this.res = res; + } + + @Override + public long size() { + return res.getContentLength(); + } + + @Override + public FileTime lastModifiedTime() { + return FileTime.fromMillis(res.getModifiedTime()); + } + + @Override + public FileTime lastAccessTime() { + return FileTime.fromMillis(System.currentTimeMillis()); + } + + @Override + public boolean isSymbolicLink() { + return false; + } + + @Override + public boolean isRegularFile() { + return !res.isDirectory(); + } + + @Override + public boolean isOther() { + return false; + } + + @Override + public boolean isDirectory() { + return res.isDirectory(); + } + + @Override + public Object fileKey() { + return null; + } + + @Override + public FileTime creationTime() { + return FileTime.fromMillis(res.getCreationTime()); + } +} diff --git a/files-webdav-fs/src/main/java/org/xbib/files/webdav/fs/WebdavFileSystem.java b/files-webdav-fs/src/main/java/org/xbib/files/webdav/fs/WebdavFileSystem.java new file mode 100644 index 0000000..b9da0b9 --- /dev/null +++ b/files-webdav-fs/src/main/java/org/xbib/files/webdav/fs/WebdavFileSystem.java @@ -0,0 +1,143 @@ +package org.xbib.files.webdav.fs; + +import org.xbib.io.webdav.client.WebDavClient; +import java.io.IOException; +import java.net.URI; +import java.nio.file.FileStore; +import java.nio.file.FileSystem; +import java.nio.file.Path; +import java.nio.file.PathMatcher; +import java.nio.file.WatchService; +import java.nio.file.attribute.UserPrincipalLookupService; +import java.nio.file.spi.FileSystemProvider; +import java.util.Set; + +public class WebdavFileSystem extends FileSystem { + + private final FileSystemProvider provider; + + private final URI uri; + + private final String password; + + private final String username; + + /** + * @param provider an instance of a WebdavFileSystemProvided. This can be a shared instance. + * @param serverUri URI for the WEBDAV server, the scheme is ignored. + */ + public WebdavFileSystem(WebdavFileSystemProvider provider, URI serverUri) { + this.provider = provider; + this.uri = serverUri; + String[] ui = serverUri.getUserInfo().split(":"); + this.username = ui[0]; + this.password = ui[1]; + } + + @Override + public FileSystemProvider provider() { + return provider; + } + + @Override + public void close() { + } + + @Override + public Iterable getFileStores() { + return null; + } + + @Override + public Path getPath(String first, String... more) { + String path; + if (more.length == 0) { + path = first; + } else { + StringBuilder sb = new StringBuilder(); + sb.append(first); + for (String segment : more) { + if (segment.length() > 0) { + if (sb.length() > 0) { + sb.append(getSeparator()); + } + sb.append(segment); + } + } + path = sb.toString(); + } + return new WebdavPath(this, path); + } + + @Override + public PathMatcher getPathMatcher(String syntaxAndPattern) { + return null; + } + + @Override + public Iterable getRootDirectories() { + return null; + } + + @Override + public String getSeparator() { + return "/"; + } + + @Override + public UserPrincipalLookupService getUserPrincipalLookupService() { + return null; + } + + @Override + public boolean isOpen() { + return false; + } + + @Override + public boolean isReadOnly() { + return false; + } + + @Override + public WatchService newWatchService() throws IOException { + return null; + } + + @Override + public Set supportedFileAttributeViews() { + return null; + } + + @Override + public boolean equals(Object other) { + if (!(other instanceof WebdavFileSystem)) { + return false; + } + WebdavFileSystem fileSystem = (WebdavFileSystem) other; + return this.uri.equals(fileSystem.uri); + } + + @Override + public int hashCode() { + return super.hashCode(); + } + + public URI getUri() { + return uri; + } + + public String getUserName() { + return this.username; + } + + public String getPassword() { + return this.password; + } + + WebDavClient getClient() { + WebDavClient client = new WebDavClient(); + client.init(uri, username, password); + return client; + } +} diff --git a/files-webdav-fs/src/main/java/org/xbib/files/webdav/fs/WebdavFileSystemProvider.java b/files-webdav-fs/src/main/java/org/xbib/files/webdav/fs/WebdavFileSystemProvider.java new file mode 100644 index 0000000..1932aac --- /dev/null +++ b/files-webdav-fs/src/main/java/org/xbib/files/webdav/fs/WebdavFileSystemProvider.java @@ -0,0 +1,215 @@ +package org.xbib.files.webdav.fs; + +import org.xbib.io.webdav.api.DavResource; +import org.xbib.io.webdav.client.WebDavClient; +import java.io.IOException; +import java.net.URI; +import java.net.URISyntaxException; +import java.nio.channels.SeekableByteChannel; +import java.nio.file.AccessMode; +import java.nio.file.CopyOption; +import java.nio.file.DirectoryStream; +import java.nio.file.DirectoryStream.Filter; +import java.nio.file.FileStore; +import java.nio.file.FileSystem; +import java.nio.file.FileSystemException; +import java.nio.file.FileSystemNotFoundException; +import java.nio.file.Files; +import java.nio.file.LinkOption; +import java.nio.file.NoSuchFileException; +import java.nio.file.OpenOption; +import java.nio.file.Path; +import java.nio.file.ProviderMismatchException; +import java.nio.file.attribute.BasicFileAttributes; +import java.nio.file.attribute.FileAttribute; +import java.nio.file.attribute.FileAttributeView; +import java.nio.file.spi.FileSystemProvider; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; + +public class WebdavFileSystemProvider extends FileSystemProvider { + + private final Map hosts = new HashMap<>(); + + @Override + public void copy(Path fileFrom, Path fileTo, CopyOption... options) throws IOException { + if (!(fileFrom instanceof WebdavPath)) { + throw new IllegalArgumentException(fileFrom.toString()); + } + if (!(fileTo instanceof WebdavPath)) { + throw new IllegalArgumentException(fileTo.toString()); + } + WebdavPath wPathTo = (WebdavPath) fileTo; + WebdavFileSystem fileSystem = (WebdavFileSystem) fileTo.getFileSystem(); + WebDavClient webdav = fileSystem.getClient(); + try { + webdav.put(wPathTo.toUri(), Files.newInputStream(fileFrom)); + } catch (InterruptedException e) { + throw new IOException(e); + } + } + + @Override + public void createDirectory(Path dir, FileAttribute... attrs) throws IOException { + if (!(dir instanceof WebdavPath)) { + throw new IllegalArgumentException(dir.toString()); + } + WebdavPath wDir = (WebdavPath) dir; + WebdavFileSystem webdavHost = (WebdavFileSystem) dir.getFileSystem(); + WebDavClient webdav = webdavHost.getClient(); + createDirectoryRecursive(webdav, wDir, attrs); + } + + private void createDirectoryRecursive(WebDavClient webdav, WebdavPath wDir, FileAttribute[] attrs) { + if (webdav.exists(wDir.toUri().toString())) { + return; + } + WebdavPath parent = (WebdavPath) wDir.getParent(); + if (parent != null) { + createDirectoryRecursive(webdav, parent, attrs); + } + webdav.createDirectory(wDir.toUri().toString()); + } + + @Override + public void delete(Path dir) { + if (!(dir instanceof WebdavPath)) { + throw new IllegalArgumentException(dir.toString()); + } + WebdavPath wDir = (WebdavPath) dir; + WebdavFileSystem webdavHost = (WebdavFileSystem) dir.getFileSystem(); + WebDavClient webdav = webdavHost.getClient(); + String dirString = wDir.toUri().toString(); + webdav.delete(dirString); + } + + @Override + public boolean deleteIfExists(Path path) throws IOException { + WebdavFileSystem webdavFs = (WebdavFileSystem) path.getFileSystem(); + String s = path.toUri().toString(); + return webdavFs.getClient().exists(s); + } + + @Override + public FileSystem getFileSystem(URI uri) { + try { + return getWebdavHost(uri, true); + } catch (URISyntaxException ex) { + throw new FileSystemNotFoundException(uri.toString()); + } + } + + @Override + public Path getPath(URI uri) { + try { + WebdavFileSystem host = getWebdavHost(uri, true); + return new WebdavPath(host, uri.getPath()); + } catch (URISyntaxException e) { + throw new FileSystemNotFoundException(uri.toString()); + } + } + + private WebdavFileSystem getWebdavHost(URI uri, boolean create) throws URISyntaxException { + String host = uri.getHost(); + int port = uri.getPort(); + if (port == -1) { + port = 80; + } + String userInfo = uri.getUserInfo(); + URI serverUri = new URI(getScheme(), userInfo, host, port, null, null, null); + synchronized (hosts) { + WebdavFileSystem fs = hosts.get(serverUri); + if (fs == null && create) { + fs = new WebdavFileSystem(this, serverUri); + hosts.put(serverUri, fs); + } + return fs; + } + } + + @Override + public String getScheme() { + return "webdav"; + } + + @Override + public V getFileAttributeView(Path path, Class type, LinkOption... options) { + throw new UnsupportedOperationException(); + } + + @Override + public FileStore getFileStore(Path path) { + throw new UnsupportedOperationException(); + } + + @Override + public void checkAccess(Path path, AccessMode... modes) throws IOException { + WebdavFileSystem webdavFs = (WebdavFileSystem) path.getFileSystem(); + final String s = path.toUri().toString(); + final boolean exists = webdavFs.getClient().exists(s); + if (!exists) { + throw new NoSuchFileException(s); + } + } + + @Override + public boolean isHidden(Path path) { + throw new UnsupportedOperationException(); + } + + @Override + public boolean isSameFile(Path path, Path path2) { + throw new UnsupportedOperationException(); + } + + @Override + public void move(Path source, Path target, CopyOption... options) { + throw new UnsupportedOperationException(); + } + + @Override + public SeekableByteChannel newByteChannel(Path path, Set options, FileAttribute... attrs) { + return new WebdavChannel((WebdavPath) path); + } + + @Override + public DirectoryStream newDirectoryStream(Path arg0, Filter arg1) { + throw new UnsupportedOperationException(); + } + + @Override + public FileSystem newFileSystem(URI uri, Map env) throws IOException { + try { + return getWebdavHost(uri, true); + } catch (URISyntaxException e) { + throw new FileSystemException(e.toString()); + } + } + + @Override + public A readAttributes(Path path, Class type, LinkOption... options) { + WebdavFileSystem wfs = (WebdavFileSystem) path.getFileSystem(); + String string = path.toUri().toString(); + List resources = wfs.getClient().list(string); + if (resources.size() != 1) { + throw new IllegalArgumentException(); + } + final DavResource res = resources.get(0); + if (!type.isAssignableFrom(WebdavFileAttributes.class)) { + throw new ProviderMismatchException(); + } + return (A) new WebdavFileAttributes(res); + } + + @Override + public Map readAttributes(Path arg0, String arg1, LinkOption... arg2) { + throw new UnsupportedOperationException(); + } + + @Override + public void setAttribute(Path arg0, String arg1, Object arg2, LinkOption... arg3) { + throw new UnsupportedOperationException(); + } +} diff --git a/files-webdav-fs/src/main/java/org/xbib/files/webdav/fs/WebdavPath.java b/files-webdav-fs/src/main/java/org/xbib/files/webdav/fs/WebdavPath.java new file mode 100644 index 0000000..ed1f565 --- /dev/null +++ b/files-webdav-fs/src/main/java/org/xbib/files/webdav/fs/WebdavPath.java @@ -0,0 +1,233 @@ +package org.xbib.files.webdav.fs; + +import java.io.File; +import java.io.IOException; +import java.net.URI; +import java.net.URISyntaxException; +import java.nio.file.FileSystem; +import java.nio.file.LinkOption; +import java.nio.file.Path; +import java.nio.file.WatchEvent.Kind; +import java.nio.file.WatchEvent.Modifier; +import java.nio.file.WatchKey; +import java.nio.file.WatchService; +import java.util.Arrays; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; + +public class WebdavPath implements Path { + + private static final String PATH_SEP = "/"; + + private static final String DEFAULT_ROOT_PATH = PATH_SEP; + + private final String path; + + private final WebdavFileSystem fileSystem; + + WebdavPath(WebdavFileSystem fileSystem, String path) { + this.fileSystem = fileSystem; + if (path == null) { + this.path = "/"; + } else { + String p = path.trim(); + if (!p.startsWith("/")) { + this.path = "/" + p; + } else { + this.path = p; + } + } + } + + @Override + public FileSystem getFileSystem() { + return this.fileSystem; + } + + @Override + public Path getRoot() { + if (path.equals(DEFAULT_ROOT_PATH)) { + return this; + } + return new WebdavPath(this.fileSystem, DEFAULT_ROOT_PATH); + } + + @Override + public boolean isAbsolute() { + return path.length() > 0 && path.startsWith(PATH_SEP); + } + + @Override + public int compareTo(Path other) { + throw new UnsupportedOperationException(); + } + + @Override + public boolean endsWith(Path other) { + throw new UnsupportedOperationException(); + } + + @Override + public boolean endsWith(String other) { + throw new UnsupportedOperationException(); + } + + @Override + public Path getFileName() { + throw new UnsupportedOperationException(); + } + + @Override + public Path getName(int index) { + throw new UnsupportedOperationException(); + } + + @Override + public int getNameCount() { + return 0; + } + + @Override + public Path getParent() { + if (path.equals(DEFAULT_ROOT_PATH)) { + return null; + } + String p1 = this.path; + if (p1.endsWith(PATH_SEP)) { + p1 = p1.substring(0, p1.length() - 1); + } + int lastSep = p1.lastIndexOf(PATH_SEP); + if (lastSep > 0) { + String parentString = p1.substring(0, lastSep + 1); + return new WebdavPath(this.fileSystem, parentString); + } + return null; + } + + @Override + public Iterator iterator() { + List plist = new LinkedList<>(); + + for (Path p = this; p != null; p = p.getParent()) { + plist.add(0, p); + } + return plist.iterator(); + } + + @Override + public Path normalize() { + try { + URI normal = new URI(path).normalize(); + return new WebdavPath(this.fileSystem, normal.getPath()); + } catch (URISyntaxException e) { + throw new IllegalArgumentException(path, e); + } + } + + @Override + public WatchKey register(WatchService watcher, Kind... events) { + throw new UnsupportedOperationException(); + } + + @Override + public WatchKey register(WatchService watcher, Kind[] events, Modifier... arg2) { + throw new UnsupportedOperationException(); + } + + @Override + public Path relativize(Path other) { + if (!(other instanceof WebdavPath)) { + throw new IllegalArgumentException(); + } + if (!other.getFileSystem().equals(this.getFileSystem())) { + throw new IllegalArgumentException("Wrong File System Type"); + } + Path base = this; + WebdavPath current = (WebdavPath) other; + String[] bParts = this.path.split(PATH_SEP); + String[] cParts = current.path.split(PATH_SEP); + if (bParts.length > 0 && !base.toString().endsWith(PATH_SEP)) { + bParts = Arrays.copyOf(bParts, bParts.length - 1); + } + int i = 0; + while (i < bParts.length && i < cParts.length && bParts[i].equals(cParts[i])) { + i++; + } + StringBuilder sb = new StringBuilder(); + sb.append(PATH_SEP.repeat(Math.max(0, (bParts.length - i)))); + for (int j = i; j < cParts.length; j++) { + if (j != i) { + sb.append(PATH_SEP); + } + sb.append(cParts[j]); + } + return new WebdavPath(this.fileSystem, sb.toString()); + } + + @Override + public Path resolve(Path other) { + if (other.isAbsolute()) { + return other; + } + throw new UnsupportedOperationException(); + } + + @Override + public Path resolve(String other) { + if (other.startsWith(PATH_SEP)) { + throw new IllegalArgumentException(other); + } + StringBuilder resolvedPath = new StringBuilder(this.path); + if (!this.path.endsWith(PATH_SEP)) { + resolvedPath.append(PATH_SEP); + } + resolvedPath.append(other); + return new WebdavPath(this.fileSystem, resolvedPath.toString()); + } + + @Override + public Path resolveSibling(Path other) { + throw new UnsupportedOperationException(); + } + + @Override + public Path resolveSibling(String other) { + throw new UnsupportedOperationException(); + } + + @Override + public boolean startsWith(Path other) { + throw new UnsupportedOperationException(); + } + + @Override + public boolean startsWith(String other) { + throw new UnsupportedOperationException(); + } + + @Override + public Path subpath(int beginIndex, int endindex) { + throw new UnsupportedOperationException(); + } + + @Override + public Path toAbsolutePath() { + return this; + } + + @Override + public File toFile() { + throw new UnsupportedOperationException(); + } + + @Override + public Path toRealPath(LinkOption... options) throws IOException { + throw new UnsupportedOperationException(); + } + + @Override + public URI toUri() { + return URI.create(fileSystem.getUri() + "/" + path); + } +} diff --git a/files-webdav/src/main/java/module-info.java b/files-webdav/src/main/java/module-info.java new file mode 100644 index 0000000..6d43cbc --- /dev/null +++ b/files-webdav/src/main/java/module-info.java @@ -0,0 +1,8 @@ +module org.xbib.files.webdav { + exports org.xbib.io.webdav.api; + exports org.xbib.io.webdav.client; + exports org.xbib.io.webdav.client.methods; + exports org.xbib.io.webdav.common; + requires transitive java.xml; + requires transitive java.net.http; +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/api/DavConstants.java b/files-webdav/src/main/java/org/xbib/io/webdav/api/DavConstants.java new file mode 100644 index 0000000..94641f7 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/api/DavConstants.java @@ -0,0 +1,113 @@ +package org.xbib.io.webdav.api; + +/** + * DavConstants provide constants for request and response + * headers, XML elements and property names defined by + * RFC 2518. In addition, + * common date formats (creation date and modification time) are included. + */ +public interface DavConstants { + + /** + * Default Namespace constant + */ + Namespace NAMESPACE = Namespace.getNamespace("D", "DAV:"); + + String HEADER_DAV = "DAV"; + String HEADER_DESTINATION = "Destination"; + String HEADER_IF = "If"; + String HEADER_AUTHORIZATION = "Authorization"; + String HEADER_CONTENT_TYPE = "Content-Type"; + String HEADER_CONTENT_LENGTH = "Content-Length"; + String HEADER_CONTENT_LANGUAGE = "Content-Language"; + String HEADER_ETAG = "ETag"; + String HEADER_LAST_MODIFIED = "Last-Modified"; + + String HEADER_LOCK_TOKEN = "Lock-Token"; + String OPAQUE_LOCK_TOKEN_PREFIX = "opaquelocktoken:"; + + String HEADER_TIMEOUT = "Timeout"; + String TIMEOUT_INFINITE = "Infinite"; + // RFC 2518: timeout value for TimeType "Second" MUST NOT be greater than 2^32-1 + long INFINITE_TIMEOUT = Integer.MAX_VALUE; + long UNDEFINED_TIMEOUT = Integer.MIN_VALUE; + + String HEADER_OVERWRITE = "Overwrite"; + + String HEADER_DEPTH = "Depth"; + String DEPTH_INFINITY_S = "infinity"; + int DEPTH_INFINITY = Integer.MAX_VALUE; + int DEPTH_0 = 0; + int DEPTH_1 = 1; + + //---< XML Element, Attribute Names >--------------------------------------- + String XML_ALLPROP = "allprop"; + String XML_COLLECTION = "collection"; + String XML_DST = "dst"; + String XML_HREF = "href"; + String XML_INCLUDE = "include"; + String XML_KEEPALIVE = "keepalive"; + String XML_LINK = "link"; + String XML_MULTISTATUS = "multistatus"; + String XML_OMIT = "omit"; + String XML_PROP = "prop"; + String XML_PROPERTYBEHAVIOR = "propertybehavior"; + String XML_PROPERTYUPDATE = "propertyupdate"; + String XML_PROPFIND = "propfind"; + String XML_PROPNAME = "propname"; + String XML_PROPSTAT = "propstat"; + String XML_REMOVE = "remove"; + String XML_RESPONSE = "response"; + String XML_RESPONSEDESCRIPTION = "responsedescription"; + String XML_SET = "set"; + String XML_SOURCE = "source"; + String XML_STATUS = "status"; + + String XML_ACTIVELOCK = "activelock"; + String XML_DEPTH = "depth"; + String XML_LOCKTOKEN = "locktoken"; + String XML_TIMEOUT = "timeout"; + String XML_LOCKSCOPE = "lockscope"; + String XML_EXCLUSIVE = "exclusive"; + String XML_SHARED = "shared"; + String XML_LOCKENTRY = "lockentry"; + String XML_LOCKINFO = "lockinfo"; + String XML_LOCKTYPE = "locktype"; + String XML_WRITE = "write"; + String XML_OWNER = "owner"; + /** + * The lockroot XML element + * + * @see RFC 4918 + */ + String XML_LOCKROOT = "lockroot"; + + /* + * Webdav property names as defined by RFC 2518
        + * Note: Microsoft webdav clients as well as Webdrive request additional + * property (e.g. href, name, owner, isRootLocation, isCollection) within the + * default namespace, which are are ignored by this implementation, except + * for the 'isCollection' property, needed for XP built-in clients. + */ + String PROPERTY_CREATIONDATE = "creationdate"; + String PROPERTY_DISPLAYNAME = "displayname"; + String PROPERTY_GETCONTENTLANGUAGE = "getcontentlanguage"; + String PROPERTY_GETCONTENTLENGTH = "getcontentlength"; + String PROPERTY_GETCONTENTTYPE = "getcontenttype"; + String PROPERTY_GETETAG = "getetag"; + String PROPERTY_GETLASTMODIFIED = "getlastmodified"; + String PROPERTY_LOCKDISCOVERY = "lockdiscovery"; + String PROPERTY_RESOURCETYPE = "resourcetype"; + String PROPERTY_SOURCE = "source"; + String PROPERTY_SUPPORTEDLOCK = "supportedlock"; + + int PROPFIND_BY_PROPERTY = 0; + int PROPFIND_ALL_PROP = 1; + int PROPFIND_PROPERTY_NAMES = 2; + int PROPFIND_ALL_PROP_INCLUDE = 3; // RFC 4918, Section 9.1 + + /** + * Marker for undefined modification or creation time. + */ + long UNDEFINED_TIME = -1; +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/api/DavResource.java b/files-webdav/src/main/java/org/xbib/io/webdav/api/DavResource.java new file mode 100644 index 0000000..bd3318e --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/api/DavResource.java @@ -0,0 +1,12 @@ +package org.xbib.io.webdav.api; + +public interface DavResource { + + long getContentLength(); + + long getCreationTime(); + + long getModifiedTime(); + + boolean isDirectory(); +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/api/EventBundle.java b/files-webdav/src/main/java/org/xbib/io/webdav/api/EventBundle.java new file mode 100644 index 0000000..17ccee2 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/api/EventBundle.java @@ -0,0 +1,9 @@ +package org.xbib.io.webdav.api; + +/** + * EventBundle defines an empty interface used to represent a bundle + * of events. + */ +public interface EventBundle extends XMLizable { + +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/api/EventType.java b/files-webdav/src/main/java/org/xbib/io/webdav/api/EventType.java new file mode 100644 index 0000000..7831e78 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/api/EventType.java @@ -0,0 +1,11 @@ +package org.xbib.io.webdav.api; + +/** + * EventType... + */ +public interface EventType extends XMLizable { + + String getName(); + + Namespace getNamespace(); +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/api/Header.java b/files-webdav/src/main/java/org/xbib/io/webdav/api/Header.java new file mode 100644 index 0000000..68e1945 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/api/Header.java @@ -0,0 +1,11 @@ +package org.xbib.io.webdav.api; + +/** + * Header... + */ +public interface Header { + + String getHeaderName(); + + String getHeaderValue(); +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/api/Namespace.java b/files-webdav/src/main/java/org/xbib/io/webdav/api/Namespace.java new file mode 100644 index 0000000..0a5ec47 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/api/Namespace.java @@ -0,0 +1,71 @@ +package org.xbib.io.webdav.api; + +/** + * Namespace + */ +public class Namespace { + + public static final Namespace EMPTY_NAMESPACE = new Namespace("", ""); + public static final Namespace XML_NAMESPACE = new Namespace("xml", "http://www.w3.org/XML/1998/namespace"); + public static final Namespace XMLNS_NAMESPACE = new Namespace("xmlns", "http://www.w3.org/2000/xmlns/"); + + private final String prefix; + private final String uri; + + private Namespace(String prefix, String uri) { + this.prefix = prefix; + this.uri = uri; + } + + public static Namespace getNamespace(String prefix, String uri) { + if (prefix == null) { + prefix = EMPTY_NAMESPACE.getPrefix(); + } + if (uri == null) { + uri = EMPTY_NAMESPACE.getURI(); + } + return new Namespace(prefix, uri); + } + + public static Namespace getNamespace(String uri) { + return getNamespace("", uri); + } + + public String getPrefix() { + return prefix; + } + + public String getURI() { + return uri; + } + + /** + * Returns true if the a Namespace built from the + * specified namespaceURI is equal to this namespace object. + * + * @param namespaceURI A namespace URI to be compared to this namespace instance. + * @return true if the a Namespace built from the + * specified namespaceURI is equal to this namespace object; + * false otherwise. + */ + public boolean isSame(String namespaceURI) { + Namespace other = getNamespace(namespaceURI); + return this.equals(other); + } + + @Override + public int hashCode() { + return uri.hashCode(); + } + + @Override + public boolean equals(Object obj) { + if (obj == this) { + return true; + } + if (obj instanceof Namespace) { + return uri.equals(((Namespace) obj).uri); + } + return false; + } +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/api/PropEntry.java b/files-webdav/src/main/java/org/xbib/io/webdav/api/PropEntry.java new file mode 100644 index 0000000..2b075d0 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/api/PropEntry.java @@ -0,0 +1,9 @@ +package org.xbib.io.webdav.api; + +/** + * Marker interface used to flag the different types of entries that form + * part of a PROPPATCH request and define the possible entries for a + * PropContainer. + */ +public interface PropEntry { +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/api/Subscription.java b/files-webdav/src/main/java/org/xbib/io/webdav/api/Subscription.java new file mode 100644 index 0000000..50b4230 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/api/Subscription.java @@ -0,0 +1,30 @@ +package org.xbib.io.webdav.api; + +/** + * Subscription represents public representation of the event + * listener created (or modified) by a successful SUBSCRIBE request.
        + * Please note that this interface extends the XmlSerializable + * interface. The Xml representation of a Subscription is + * returned in the response to a successful SUBSCRIBE request as well + * as in a PROPFIND request. + */ +public interface Subscription extends XMLizable { + + /** + * Returns the id of this subscription, that must be used for un-subscribing + * as well as for event discovery later on. + * + * @return subscriptionId + */ + String getSubscriptionId(); + + /** + * @return whether events will be returned with node type information + */ + boolean eventsProvideNodeTypeInformation(); + + /** + * @return whether events will be returned with the "noLocal" flag + */ + boolean eventsProvideNoLocalFlag(); +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/api/XMLizable.java b/files-webdav/src/main/java/org/xbib/io/webdav/api/XMLizable.java new file mode 100644 index 0000000..8e83885 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/api/XMLizable.java @@ -0,0 +1,19 @@ +package org.xbib.io.webdav.api; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +public interface XMLizable { + + /** + * Returns the xml representation of the implementing object as + * {@link Element}. The given Document is used + * as factory and represents the {@link Element#getOwnerDocument() + * owner document} of the returned DOM element. + * + * @param document to be used as factory. + * @return a w3c element representing this object + */ + Element toXml(Document document); + +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/BindInfo.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/BindInfo.java new file mode 100644 index 0000000..5b0c8c4 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/BindInfo.java @@ -0,0 +1,87 @@ +package org.xbib.io.webdav.client; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.XMLizable; +import org.xbib.io.webdav.common.DavException; +import org.xbib.io.webdav.common.DomUtil; +import org.xbib.io.webdav.common.ElementIterator; + +public class BindInfo implements XMLizable { + + private final String segment; + + private final String href; + + public BindInfo(String href, String segment) { + this.href = href; + this.segment = segment; + } + + public String getHref() { + return this.href; + } + + public String getSegment() { + return this.segment; + } + + /** + * Build an BindInfo object from the root element present + * in the request body. + * + * @param root the root element of the request body + * @return a BindInfo object containing segment and href + * @throws DavException if the BIND request is malformed + */ + public static BindInfo createFromXml(Element root) throws DavException { + if (!DomUtil.matches(root, "bind", DavConstants.NAMESPACE)) { + //log.warn("DAV:bind element expected"); + throw new DavException(400); + } + String href = null; + String segment = null; + ElementIterator it = DomUtil.getChildren(root); + while (it.hasNext()) { + Element elt = it.nextElement(); + if (DomUtil.matches(elt, "segment", DavConstants.NAMESPACE)) { + if (segment == null) { + segment = DomUtil.getText(elt); + } else { + //log.warn("unexpected multiple occurrence of DAV:segment element"); + throw new DavException(400); + } + } else if (DomUtil.matches(elt, "href", DavConstants.NAMESPACE)) { + if (href == null) { + href = DomUtil.getText(elt); + } else { + //log.warn("unexpected multiple occurrence of DAV:href element"); + throw new DavException(400); + } + } else { + //log.warn("unexpected element " + elt.getLocalName()); + throw new DavException(400); + } + } + if (href == null) { + //log.warn("DAV:href element expected"); + throw new DavException(400); + } + if (segment == null) { + //log.warn("DAV:segment element expected"); + throw new DavException(400); + } + return new BindInfo(href, segment); + } + + @Override + public Element toXml(Document document) { + Element bindElt = DomUtil.createElement(document, "bind", DavConstants.NAMESPACE); + Element hrefElt = DomUtil.createElement(document, "href", DavConstants.NAMESPACE, this.href); + Element segElt = DomUtil.createElement(document, "segment", DavConstants.NAMESPACE, this.segment); + bindElt.appendChild(hrefElt); + bindElt.appendChild(segElt); + return bindElt; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/DavAccessFailedException.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/DavAccessFailedException.java new file mode 100644 index 0000000..e030c4a --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/DavAccessFailedException.java @@ -0,0 +1,8 @@ +package org.xbib.io.webdav.client; + +public class DavAccessFailedException extends RuntimeException { + + public DavAccessFailedException(String message) { + super(message); + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/Interceptor.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/Interceptor.java new file mode 100644 index 0000000..fc4fd3c --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/Interceptor.java @@ -0,0 +1,35 @@ +package org.xbib.io.webdav.client; + +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; +import java.util.function.BiConsumer; +import java.util.function.Function; + +public class Interceptor { + + private final Function onRequest; + + private final BiConsumer, T> onResponse; + + private final BiConsumer onError; + + public Interceptor(Function onRequest, + BiConsumer, T> onResponse, + BiConsumer onError) { + this.onRequest = onRequest; + this.onResponse = onResponse; + this.onError = onError; + } + + public Function getOnRequest() { + return onRequest; + } + + public BiConsumer, T> getOnResponse() { + return onResponse; + } + + public BiConsumer getOnError() { + return onError; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/LabelInfo.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/LabelInfo.java new file mode 100644 index 0000000..6686f8c --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/LabelInfo.java @@ -0,0 +1,174 @@ +package org.xbib.io.webdav.client; + +import static org.xbib.io.webdav.api.DavConstants.NAMESPACE; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.XMLizable; +import org.xbib.io.webdav.common.DavException; +import org.xbib.io.webdav.common.DomUtil; + +/** + * LabelInfo encapsulates the request body of a LABEL request + * used to add, set or remove a label from the requested version resource or + * from that version specified with the Label header in case the requested resource + * is a version-controlled resource.

        + * The request body (thus the 'labelElement' passed to the constructor must be + * a DAV:label element: + * 
        + * <!ELEMENT label ANY>
+ * ANY value: A sequence of elements with at most one DAV:add,
+ * DAV:set, or DAV:remove element.
+ * <!ELEMENT add (label-name)>
+ * <!ELEMENT set (label-name)>
+ * <!ELEMENT remove (label-name)>
+ * <!ELEMENT label-name (#PCDATA)>
+ * PCDATA value: string
+ *
        + * Please note, that the given implementation only recognizes the predefined elements 'add', + * 'set' and 'remove'. + */ +public class LabelInfo implements XMLizable { + + private static final String XML_LABEL = "label"; + private static final String XML_LABEL_NAME = "label-name"; + private static final String XML_LABEL_ADD = "add"; + private static final String XML_LABEL_REMOVE = "remove"; + private static final String XML_LABEL_SET = "set"; + + public static final int TYPE_SET = 0; + public static final int TYPE_REMOVE = 1; + public static final int TYPE_ADD = 2; + + public static String[] typeNames = new String[]{XML_LABEL_SET, XML_LABEL_REMOVE, XML_LABEL_ADD}; + + private final int depth; + private final int type; + private final String labelName; + + public LabelInfo(String labelName, String type) { + if (labelName == null) { + throw new IllegalArgumentException("Label name must not be null."); + } + boolean validType = false; + int i = 0; + while (i < typeNames.length) { + if (typeNames[i].equals(type)) { + validType = true; + break; + } + i++; + } + if (!validType) { + throw new IllegalArgumentException("Invalid type: " + type); + } + this.type = i; + this.labelName = labelName; + this.depth = DavConstants.DEPTH_0; + } + + public LabelInfo(String labelName, int type) { + this(labelName, type, DavConstants.DEPTH_0); + } + + public LabelInfo(String labelName, int type, int depth) { + if (labelName == null) { + throw new IllegalArgumentException("Label name must not be null."); + } + if (type < TYPE_SET || type > TYPE_ADD) { + throw new IllegalArgumentException("Invalid type: " + type); + } + this.labelName = labelName; + this.type = type; + this.depth = depth; + } + + /** + * Create a new LabelInfo from the given element and depth + * integer. If the specified Xml element does have a {@link #XML_LABEL} + * root element or no label name is specified with the action to perform + * the creation will fail. + * + * @param labelElement + * @param depth + * @throws DavException if the specified element does not + * start with a {@link #XML_LABEL} element or if the DAV:label + * element contains illegal instructions e.g. contains multiple DAV:add, DAV:set + * or DAV:remove elements. + */ + public LabelInfo(Element labelElement, int depth) throws DavException { + if (!DomUtil.matches(labelElement, XML_LABEL, NAMESPACE)) { + //log.warn("DAV:label element expected"); + throw new DavException(400); + } + + String label = null; + int type = -1; + for (int i = 0; i < typeNames.length && type == -1; i++) { + if (DomUtil.hasChildElement(labelElement, typeNames[i], NAMESPACE)) { + type = i; + Element el = DomUtil.getChildElement(labelElement, typeNames[i], NAMESPACE); + label = DomUtil.getChildText(el, XML_LABEL_NAME, NAMESPACE); + } + } + if (label == null) { + //log.warn("DAV:label element must contain at least one set, add or remove element defining a label-name."); + throw new DavException(400); + } + this.labelName = label; + this.type = type; + this.depth = depth; + } + + /** + * Create a new LabelInfo from the given element. As depth + * the default value 0 is assumed. + * + * @param labelElement + * @throws DavException + * @see #LabelInfo(Element, int) + */ + public LabelInfo(Element labelElement) throws DavException { + this(labelElement, 0); + } + + /** + * Return the text present inside the 'DAV:label-name' element or null + * + * @return 'label-name' or null + */ + public String getLabelName() { + return labelName; + } + + /** + * Return the type of the LABEL request. This might either be {@link #TYPE_SET}, + * {@link #TYPE_ADD} or {@link #TYPE_REMOVE}. + * + * @return type + */ + public int getType() { + return type; + } + + /** + * Return the depth + * + * @return depth + */ + public int getDepth() { + return depth; + } + + /** + * @param document + * @see XMLizable#toXml(Document) + */ + public Element toXml(Document document) { + Element label = DomUtil.createElement(document, XML_LABEL, NAMESPACE); + Element typeElem = DomUtil.addChildElement(label, typeNames[type], NAMESPACE); + DomUtil.addChildElement(typeElem, XML_LABEL_NAME, NAMESPACE, labelName); + return label; + } + +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/MergeInfo.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/MergeInfo.java new file mode 100644 index 0000000..967023f --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/MergeInfo.java @@ -0,0 +1,166 @@ +package org.xbib.io.webdav.client; + +import static org.xbib.io.webdav.api.DavConstants.NAMESPACE; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.XMLizable; +import org.xbib.io.webdav.common.DavException; +import org.xbib.io.webdav.common.DavPropertyNameSet; +import org.xbib.io.webdav.common.DomUtil; +import org.xbib.io.webdav.common.ElementIterator; +import java.util.ArrayList; +import java.util.List; + +/** + * MergeInfo encapsulates the information present in the DAV:merge + * element, that forms the mandatory request body of a MERGE request.
        + * The DAV:merge element is specified to have the following form. + * 
        + * <!ELEMENT merge ANY>
+ * ANY value: A sequence of elements with one DAV:source element, at most one
+ * DAV:no-auto-merge element, at most one DAV:no-checkout element, at most one
+ * DAV:prop element, and any legal set of elements that can occur in a DAV:checkout
+ * element.
+ * <!ELEMENT source (href+)>
+ * <!ELEMENT no-auto-merge EMPTY>
+ * <!ELEMENT no-checkout EMPTY>
+ * prop: see RFC 2518, Section 12.11
+ *
        + */ +public class MergeInfo implements XMLizable { + + // merge + private static final String XML_MERGE = "merge"; + private static final String XML_N0_AUTO_MERGE = "no-auto-merge"; + private static final String XML_N0_CHECKOUT = "no-checkout"; + + private final Element mergeElement; + private final DavPropertyNameSet propertyNameSet; + + /** + * Create a new MergeInfo + * + * @param mergeElement + * @throws DavException if the mergeElement is null + * or not a DAV:merge element. + */ + public MergeInfo(Element mergeElement) throws DavException { + if (!DomUtil.matches(mergeElement, XML_MERGE, NAMESPACE)) { + //log.warn("'DAV:merge' element expected"); + throw new DavException(400); + } + + // if property name set if present + Element propElem = DomUtil.getChildElement(mergeElement, DavConstants.XML_PROP, NAMESPACE); + if (propElem != null) { + propertyNameSet = new DavPropertyNameSet(propElem); + mergeElement.removeChild(propElem); + } else { + propertyNameSet = new DavPropertyNameSet(); + } + this.mergeElement = mergeElement; + } + + /** + * Returns the URL specified with the DAV:source element or null + * if no such child element is present in the DAV:merge element. + * + * @return href present in the DAV:source child element or null. + */ + public String[] getSourceHrefs() { + List sourceHrefs = new ArrayList(); + Element srcElem = DomUtil.getChildElement(mergeElement, DavConstants.XML_SOURCE, NAMESPACE); + if (srcElem != null) { + ElementIterator it = DomUtil.getChildren(srcElem, DavConstants.XML_HREF, NAMESPACE); + while (it.hasNext()) { + String href = DomUtil.getTextTrim(it.nextElement()); + if (href != null) { + sourceHrefs.add(href); + } + } + } + return sourceHrefs.toArray(new String[sourceHrefs.size()]); + } + + /** + * Returns true if the DAV:merge element contains a DAV:no-auto-merge child element. + * + * @return true if the DAV:merge element contains a DAV:no-auto-merge child. + */ + public boolean isNoAutoMerge() { + return DomUtil.hasChildElement(mergeElement, XML_N0_AUTO_MERGE, NAMESPACE); + } + + /** + * Returns true if the DAV:merge element contains a DAV:no-checkout child element. + * + * @return true if the DAV:merge element contains a DAV:no-checkout child + */ + public boolean isNoCheckout() { + return DomUtil.hasChildElement(mergeElement, XML_N0_CHECKOUT, NAMESPACE); + } + + /** + * Returns a {@link DavPropertyNameSet}. If the DAV:merge element contains + * a DAV:prop child element the properties specified therein are included + * in the set. Otherwise an empty set is returned.
        + * + * WARNING: modifying the DavPropertyNameSet returned by this method does + * not modify this UpdateInfo. + * + * @return set listing the properties specified in the DAV:prop element indicating + * those properties that must be reported in the response body. + */ + public DavPropertyNameSet getPropertyNameSet() { + return propertyNameSet; + } + + /** + * Returns the DAV:merge element used to create this MergeInfo + * object. + * + * @return DAV:merge element + */ + public Element getMergeElement() { + return mergeElement; + } + + /** + * @param document + * @see XMLizable#toXml(Document) + */ + public Element toXml(Document document) { + Element elem = (Element) document.importNode(mergeElement, true); + if (!propertyNameSet.isEmpty()) { + elem.appendChild(propertyNameSet.toXml(document)); + } + return elem; + } + + + /** + * Factory method to create a minimal DAV:merge element to create a new + * MergeInfo object. + * + * @param mergeSource + * @param isNoAutoMerge + * @param isNoCheckout + * @param factory + * @return + */ + public static Element createMergeElement(String[] mergeSource, boolean isNoAutoMerge, boolean isNoCheckout, Document factory) { + Element mergeElem = DomUtil.createElement(factory, XML_MERGE, NAMESPACE); + Element source = DomUtil.addChildElement(mergeElem, DavConstants.XML_SOURCE, NAMESPACE); + for (String ms : mergeSource) { + source.appendChild(DomUtil.hrefToXml(ms, factory)); + } + if (isNoAutoMerge) { + DomUtil.addChildElement(mergeElem, XML_N0_AUTO_MERGE, NAMESPACE); + } + if (isNoCheckout) { + DomUtil.addChildElement(mergeElem, XML_N0_CHECKOUT, NAMESPACE); + } + return mergeElem; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/OptionsInfo.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/OptionsInfo.java new file mode 100644 index 0000000..b3345b0 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/OptionsInfo.java @@ -0,0 +1,104 @@ +package org.xbib.io.webdav.client; + +import static org.xbib.io.webdav.api.DavConstants.NAMESPACE; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.Namespace; +import org.xbib.io.webdav.api.XMLizable; +import org.xbib.io.webdav.common.DavException; +import org.xbib.io.webdav.common.DomUtil; +import org.xbib.io.webdav.common.ElementIterator; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Set; + +/** + * OptionsInfo represents the Xml request body, that may be present + * with a OPTIONS request. + *
        + * The DAV:options element is specified to have the following form. + * + * 
        + * <!ELEMENT options ANY>
+ * ANY value: A sequence of elements each at most once.
+ *
        + */ +public class OptionsInfo implements XMLizable { + + /** + * If the OPTIONS request contains a body, i must start with an DAV:options + * element. + * + * @see OptionsInfo + */ + private static final String XML_OPTIONS = "options"; + + private final Set entriesLocalNames = new HashSet(); + + /** + * Create a new OptionsInfo with the specified entries. Each entry will + * be converted to an empty Xml element when calling toXml + * + * @param entriesLocalNames + */ + public OptionsInfo(String[] entriesLocalNames) { + if (entriesLocalNames != null) { + this.entriesLocalNames.addAll(Arrays.asList(entriesLocalNames)); + } + } + + /** + * Private constructor used to create an OptionsInfo from Xml. + */ + private OptionsInfo() { + } + + /** + * Returns true if a child element with the given name and namespace is present. + * + * @param localName + * @param namespace + * @return true if such a child element exists in the options element. + */ + public boolean containsElement(String localName, Namespace namespace) { + if (NAMESPACE.equals(namespace)) { + return entriesLocalNames.contains(localName); + } + return false; + } + + /** + * @param document + * @see XMLizable#toXml(Document) + */ + public Element toXml(Document document) { + Element optionsElem = DomUtil.createElement(document, XML_OPTIONS, NAMESPACE); + for (String localName : entriesLocalNames) { + DomUtil.addChildElement(optionsElem, localName, NAMESPACE); + } + return optionsElem; + } + + /** + * Build an OptionsInfo object from the root element present + * in the request body. + * + * @param optionsElement + * @return + * @throws DavException if the optionsElement is null + * or not a DAV:options element. + */ + public static OptionsInfo createFromXml(Element optionsElement) throws DavException { + if (!DomUtil.matches(optionsElement, XML_OPTIONS, NAMESPACE)) { + //log.warn("DAV:options element expected"); + throw new DavException(400); + } + OptionsInfo oInfo = new OptionsInfo(); + ElementIterator it = DomUtil.getChildren(optionsElement); + while (it.hasNext()) { + // todo: not correct since assuming its the deltaV-namespace + oInfo.entriesLocalNames.add(it.nextElement().getLocalName()); + } + return oInfo; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/PropfindInfo.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/PropfindInfo.java new file mode 100755 index 0000000..93f8909 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/PropfindInfo.java @@ -0,0 +1,69 @@ +package org.xbib.io.webdav.client; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.XMLizable; +import org.xbib.io.webdav.common.DavPropertyNameSet; +import org.xbib.io.webdav.common.DomUtil; + +public class PropfindInfo implements XMLizable { + + private final int propfindType; + private final DavPropertyNameSet propNameSet; + + public PropfindInfo(int propfindType, DavPropertyNameSet propNameSet) { + this.propfindType = propfindType; + this.propNameSet = propNameSet; + } + + @Override + public Element toXml(Document document) { + Element propfind = DomUtil.createElement(document, DavConstants.XML_PROPFIND, DavConstants.NAMESPACE); + + // fill the propfind element + switch (propfindType) { + case DavConstants.PROPFIND_ALL_PROP: + propfind.appendChild(DomUtil.createElement(document, DavConstants.XML_ALLPROP, DavConstants.NAMESPACE)); + break; + + case DavConstants.PROPFIND_PROPERTY_NAMES: + propfind.appendChild(DomUtil.createElement(document, DavConstants.XML_PROPNAME, DavConstants.NAMESPACE)); + break; + + case DavConstants.PROPFIND_BY_PROPERTY: + if (propNameSet == null) { + // name set missing, ask for a property that is known to + // exist + Element prop = DomUtil.createElement(document, DavConstants.XML_PROP, DavConstants.NAMESPACE); + Element resourcetype = DomUtil.createElement(document, DavConstants.PROPERTY_RESOURCETYPE, + DavConstants.NAMESPACE); + prop.appendChild(resourcetype); + propfind.appendChild(prop); + } else { + propfind.appendChild(propNameSet.toXml(document)); + } + break; + + case DavConstants.PROPFIND_ALL_PROP_INCLUDE: + propfind.appendChild(DomUtil.createElement(document, DavConstants.XML_ALLPROP, DavConstants.NAMESPACE)); + if (propNameSet != null && !propNameSet.isEmpty()) { + Element include = DomUtil.createElement(document, DavConstants.XML_INCLUDE, DavConstants.NAMESPACE); + Element prop = propNameSet.toXml(document); + for (Node c = prop.getFirstChild(); c != null; c = c.getNextSibling()) { + // copy over the children of to + // element + include.appendChild(c.cloneNode(true)); + } + propfind.appendChild(include); + } + break; + + default: + throw new IllegalArgumentException("unknown propfind type"); + } + + return propfind; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/ProppatchInfo.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/ProppatchInfo.java new file mode 100644 index 0000000..73df5ec --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/ProppatchInfo.java @@ -0,0 +1,116 @@ +package org.xbib.io.webdav.client; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.common.DavProperty; +import org.xbib.io.webdav.common.DavPropertyName; +import org.xbib.io.webdav.api.PropEntry; +import org.xbib.io.webdav.api.XMLizable; +import org.xbib.io.webdav.common.DavPropertyNameSet; +import org.xbib.io.webdav.common.DavPropertySet; +import org.xbib.io.webdav.common.DomUtil; +import java.util.List; + +public class ProppatchInfo implements XMLizable { + + private final List changeList; + private final DavPropertySet setProperties; + private final DavPropertyNameSet removeProperties; + + private final DavPropertyNameSet propertyNames = new DavPropertyNameSet(); + + public ProppatchInfo(List changeList) { + if (changeList == null || changeList.isEmpty()) { + throw new IllegalArgumentException("PROPPATCH cannot be executed without properties to be set or removed."); + } + this.changeList = changeList; + this.setProperties = null; + this.removeProperties = null; + for (PropEntry entry : changeList) { + if (entry instanceof DavPropertyName) { + // DAV:remove + this.propertyNames.add((DavPropertyName) entry); + } else if (entry instanceof DavProperty) { + // DAV:set + DavProperty setProperty = (DavProperty) entry; + this.propertyNames.add(setProperty.getName()); + } else { + throw new IllegalArgumentException("ChangeList may only contain DavPropertyName and DavProperty elements."); + } + } + } + + public ProppatchInfo(DavPropertySet setProperties, DavPropertyNameSet removeProperties) { + if (setProperties == null || removeProperties == null) { + throw new IllegalArgumentException("Neither setProperties nor removeProperties must be null."); + } + if (setProperties.isEmpty() && removeProperties.isEmpty()) { + throw new IllegalArgumentException("Either setProperties or removeProperties can be empty; not both of them."); + } + this.changeList = null; + this.setProperties = setProperties; + this.removeProperties = removeProperties; + this.propertyNames.addAll(removeProperties); + for (DavPropertyName setName : setProperties.getPropertyNames()) { + this.propertyNames.add(setName); + } + } + + public DavPropertyNameSet getAffectedProperties() { + if (this.propertyNames.isEmpty()) { + throw new IllegalStateException("must be called after toXml()"); + } + return this.propertyNames; + } + + @Override + public Element toXml(Document document) { + Element proppatch = DomUtil.createElement(document, DavConstants.XML_PROPERTYUPDATE, DavConstants.NAMESPACE); + + if (changeList != null) { + Element propElement = null; + boolean isSet = false; + for (Object entry : changeList) { + if (entry instanceof DavPropertyName) { + // DAV:remove + DavPropertyName removeName = (DavPropertyName) entry; + if (propElement == null || isSet) { + isSet = false; + propElement = getPropElement(proppatch, false); + } + propElement.appendChild(removeName.toXml(document)); + } else if (entry instanceof DavProperty) { + // DAV:set + DavProperty setProperty = (DavProperty) entry; + if (propElement == null || !isSet) { + isSet = true; + propElement = getPropElement(proppatch, true); + } + propElement.appendChild(setProperty.toXml(document)); + } else { + throw new IllegalArgumentException("ChangeList may only contain DavPropertyName and DavProperty elements."); + } + } + } else { + // DAV:set + if (!setProperties.isEmpty()) { + Element set = DomUtil.addChildElement(proppatch, DavConstants.XML_SET, DavConstants.NAMESPACE); + set.appendChild(setProperties.toXml(document)); + } + // DAV:remove + if (!removeProperties.isEmpty()) { + Element remove = DomUtil.addChildElement(proppatch, DavConstants.XML_REMOVE, DavConstants.NAMESPACE); + remove.appendChild(removeProperties.toXml(document)); + } + } + + return proppatch; + } + + private Element getPropElement(Element propUpdate, boolean isSet) { + Element updateEntry = DomUtil.addChildElement(propUpdate, isSet ? DavConstants.XML_SET : DavConstants.XML_REMOVE, + DavConstants.NAMESPACE); + return DomUtil.addChildElement(updateEntry, DavConstants.XML_PROP, DavConstants.NAMESPACE); + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/QueryGrammerSet.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/QueryGrammerSet.java new file mode 100644 index 0000000..6e85cc9 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/QueryGrammerSet.java @@ -0,0 +1,126 @@ +package org.xbib.io.webdav.client; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.common.DavProperty; +import org.xbib.io.webdav.api.Namespace; +import org.xbib.io.webdav.api.XMLizable; +import org.xbib.io.webdav.common.AbstractDavProperty; +import org.xbib.io.webdav.common.DomUtil; +import java.util.HashSet; +import java.util.Set; + +/** + * QueryGrammerSet is a {@link DavProperty} that + * encapsulates the 'supported-query-grammer-set' as defined by the + * Webdav SEARCH internet draft. + */ +public class QueryGrammerSet extends AbstractDavProperty> implements SearchConstants { + + private final Set queryGrammers = new HashSet<>(); + + /** + * Create a new empty QueryGrammerSet. Supported query grammers + * may be added by calling {@link #addQueryLanguage(String, Namespace)}. + */ + public QueryGrammerSet() { + super(QUERY_GRAMMER_SET, true); + } + + /** + * Add another query queryGrammer to this set. + * + * @param grammerName + * @param namespace + */ + public void addQueryLanguage(String grammerName, Namespace namespace) { + queryGrammers.add(new Grammer(grammerName, namespace)); + } + + /** + * Return a String array containing the URIs of the query + * languages supported. + * + * @return names of the supported query languages + */ + public String[] getQueryLanguages() { + int size = queryGrammers.size(); + if (size > 0) { + String[] qLangStr = new String[size]; + Grammer[] grammers = queryGrammers.toArray(new Grammer[size]); + for (int i = 0; i < grammers.length; i++) { + qLangStr[i] = grammers[i].namespace.getURI() + grammers[i].localName; + } + return qLangStr; + } else { + return new String[0]; + } + } + + /** + * Return the Xml representation of this property according to the definition + * of the 'supported-query-grammer-set'. + * + * @param document + * @return Xml representation + * @see SearchConstants#QUERY_GRAMMER_SET + * @see XMLizable#toXml(Document) + */ + @Override + public Element toXml(Document document) { + Element elem = getName().toXml(document); + for (Grammer qGrammer : queryGrammers) { + elem.appendChild(qGrammer.toXml(document)); + } + return elem; + } + + /** + * Returns the set of supported query grammers. + * + * @return list of supported query languages. + * @see DavProperty#getValue() + */ + public Set getValue() { + return queryGrammers; + } + + private static class Grammer implements XMLizable { + + private final String localName; + private final Namespace namespace; + private final int hashCode; + + Grammer(String localName, Namespace namespace) { + this.localName = localName; + this.namespace = namespace; + hashCode = DomUtil.getExpandedName(localName, namespace).hashCode(); + } + + @Override + public int hashCode() { + return hashCode; + } + + @Override + public boolean equals(Object obj) { + if (obj == this) { + return true; + } + if (obj instanceof Grammer) { + return obj.hashCode() == hashCode(); + } + return false; + } + + /** + * @see XMLizable#toXml(Document) + */ + public Element toXml(Document document) { + Element sqg = DomUtil.createElement(document, XML_QUERY_GRAMMAR, SearchConstants.NAMESPACE); + Element grammer = DomUtil.addChildElement(sqg, XML_GRAMMER, SearchConstants.NAMESPACE); + DomUtil.addChildElement(grammer, localName, namespace); + return sqg; + } + } +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/RebindInfo.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/RebindInfo.java new file mode 100644 index 0000000..ed41f82 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/RebindInfo.java @@ -0,0 +1,86 @@ +package org.xbib.io.webdav.client; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.XMLizable; +import org.xbib.io.webdav.common.DavException; +import org.xbib.io.webdav.common.DomUtil; +import org.xbib.io.webdav.common.ElementIterator; + +public class RebindInfo implements XMLizable { + + private final String segment; + private final String href; + + public RebindInfo(String href, String segment) { + this.href = href; + this.segment = segment; + } + + public String getHref() { + return this.href; + } + + public String getSegment() { + return this.segment; + } + + /** + * Build an RebindInfo object from the root element present + * in the request body. + * + * @param root the root element of the request body + * @return a RebindInfo object containing segment and href + * @throws DavException if the REBIND request is malformed + */ + public static RebindInfo createFromXml(Element root) throws DavException { + if (!DomUtil.matches(root, "rebind", DavConstants.NAMESPACE)) { + //log.warn("DAV:rebind element expected"); + throw new DavException(400); + } + String href = null; + String segment = null; + ElementIterator it = DomUtil.getChildren(root); + while (it.hasNext()) { + Element elt = it.nextElement(); + if (DomUtil.matches(elt, "segment", DavConstants.NAMESPACE)) { + if (segment == null) { + segment = DomUtil.getText(elt); + } else { + //log.warn("unexpected multiple occurrence of DAV:segment element"); + throw new DavException(400); + } + } else if (DomUtil.matches(elt, "href", DavConstants.NAMESPACE)) { + if (href == null) { + href = DomUtil.getText(elt); + } else { + //log.warn("unexpected multiple occurrence of DAV:href element"); + throw new DavException(400); + } + } else { + //log.warn("unexpected element " + elt.getLocalName()); + throw new DavException(400); + } + } + if (href == null) { + //log.warn("DAV:href element expected"); + throw new DavException(400); + } + if (segment == null) { + //log.warn("DAV:segment element expected"); + throw new DavException(400); + } + return new RebindInfo(href, segment); + } + + @Override + public Element toXml(Document document) { + Element rebindElt = DomUtil.createElement(document, "rebind", DavConstants.NAMESPACE); + Element hrefElt = DomUtil.createElement(document, "href", DavConstants.NAMESPACE, this.href); + Element segElt = DomUtil.createElement(document, "segment", DavConstants.NAMESPACE, this.segment); + rebindElt.appendChild(hrefElt); + rebindElt.appendChild(segElt); + return rebindElt; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/ReportInfo.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/ReportInfo.java new file mode 100644 index 0000000..2075a9c --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/ReportInfo.java @@ -0,0 +1,215 @@ +package org.xbib.io.webdav.client; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.Namespace; +import org.xbib.io.webdav.api.XMLizable; +import org.xbib.io.webdav.common.DavException; +import org.xbib.io.webdav.common.DavPropertyNameSet; +import org.xbib.io.webdav.common.DomUtil; +import org.xbib.io.webdav.common.ElementIterator; +import java.util.ArrayList; +import java.util.List; + +/** + * The ReportInfo class encapsulates the body of a REPORT request. + * RFC 3253 the top Xml element + * being the name of the requested report. In addition a Depth header may + * be present (default value: {@link DavConstants#DEPTH_0}). + */ +public class ReportInfo implements XMLizable { + + private final String typeLocalName; + + private final Namespace typeNamespace; + + private final int depth; + + private final DavPropertyNameSet propertyNames; + + private final List content = new ArrayList<>(); + + /** + * Create a new ReportInfo + * + * @param typeLocalName + * @param typeNamespace + */ + public ReportInfo(String typeLocalName, Namespace typeNamespace) { + this(typeLocalName, typeNamespace, DavConstants.DEPTH_0, null); + } + + /** + * Create a new ReportInfo + * + * @param typelocalName + * @param typeNamespace + * @param depth + * @param propertyNames + */ + public ReportInfo(String typelocalName, Namespace typeNamespace, int depth, DavPropertyNameSet propertyNames) { + this.typeLocalName = typelocalName; + this.typeNamespace = typeNamespace; + this.depth = depth; + if (propertyNames != null) { + this.propertyNames = new DavPropertyNameSet(propertyNames); + } else { + this.propertyNames = new DavPropertyNameSet(); + } + } + + /** + * Create a new ReportInfo object from the given Xml element. + * + * @param reportElement + * @param depth Depth value as retrieved from the {@link DavConstants#HEADER_DEPTH}. + * @throws DavException if the report element is null. + */ + public ReportInfo(Element reportElement, int depth) throws DavException { + if (reportElement == null) { + //log.warn("Report request body must not be null."); + throw new DavException(400 /*DavServletResponse.SC_BAD_REQUEST*/); + } + + this.typeLocalName = reportElement.getLocalName(); + this.typeNamespace = DomUtil.getNamespace(reportElement); + this.depth = depth; + Element propElement = DomUtil.getChildElement(reportElement, DavConstants.XML_PROP, DavConstants.NAMESPACE); + if (propElement != null) { + propertyNames = new DavPropertyNameSet(propElement); + reportElement.removeChild(propElement); + } else { + propertyNames = new DavPropertyNameSet(); + } + + ElementIterator it = DomUtil.getChildren(reportElement); + while (it.hasNext()) { + Element el = it.nextElement(); + if (!DavConstants.XML_PROP.equals(el.getLocalName())) { + content.add(el); + } + } + } + + /** + * Returns the depth field. The request must be applied separately to the + * collection itself and to all members of the collection that satisfy the + * depth value. + * + * @return depth + */ + public int getDepth() { + return depth; + } + + /** + * Name of the report type that will be / has been requested. + * + * @return Name of the report type + */ + public String getReportName() { + return DomUtil.getExpandedName(typeLocalName, typeNamespace); + } + + /** + * Indicates whether this info contains an element with the given name/namespace. + * + * @param localName + * @param namespace + * @return true if an element with the given name/namespace is present in the + * body of the request info. + */ + public boolean containsContentElement(String localName, Namespace namespace) { + if (content.isEmpty()) { + return false; + } + for (Element elem : content) { + boolean sameNamespace = (namespace == null) ? elem.getNamespaceURI() == null : namespace.isSame(elem.getNamespaceURI()); + if (sameNamespace && elem.getLocalName().equals(localName)) { + return true; + } + } + return false; + } + + /** + * Retrieves the Xml element with the given name/namespace that is a child + * of this info. If no such child exists null is returned. If + * multiple elements with the same name exist, the first one is returned. + * + * @param localName + * @param namespace + * @return Xml element with the given name/namespace or null + */ + public Element getContentElement(String localName, Namespace namespace) { + List values = getContentElements(localName, namespace); + if (values.isEmpty()) { + return null; + } else { + return values.get(0); + } + } + + /** + * Returns a list containing all child Xml elements of this info that have + * the specified name/namespace. If this info contains no such element, + * an empty list is returned. + * + * @param localName + * @param namespace + * @return List contain all child elements with the given name/namespace + * or an empty list. + */ + public List getContentElements(String localName, Namespace namespace) { + List l = new ArrayList(); + for (Element elem : content) { + if (DomUtil.matches(elem, localName, namespace)) { + l.add(elem); + } + } + return l; + } + + /** + * Add the specified Xml element as child of this info. + * + * @param contentElement + */ + public void setContentElement(Element contentElement) { + content.add(contentElement); + } + + /** + * Returns a DavPropertyNameSet providing the property names present + * in an eventual {@link DavConstants#XML_PROP} child element. If no such + * child element is present an empty set is returned. + * + * @return {@link DavPropertyNameSet} providing the property names present + * in an eventual {@link DavConstants#XML_PROP DAV:prop} child element or an empty set. + */ + public DavPropertyNameSet getPropertyNameSet() { + return propertyNames; + } + + + /** + * @param document + * @see XMLizable#toXml(Document) + */ + public Element toXml(Document document) { + Element reportElement = DomUtil.createElement(document, typeLocalName, typeNamespace); + if (!content.isEmpty()) { + for (Element contentEntry : content) { + Node n = document.importNode(contentEntry, true); + reportElement.appendChild(n); + } + } + if (!propertyNames.isEmpty()) { + reportElement.appendChild(propertyNames.toXml(document)); + } + return reportElement; + } + +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/SearchConstants.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/SearchConstants.java new file mode 100644 index 0000000..e491d9f --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/SearchConstants.java @@ -0,0 +1,72 @@ +package org.xbib.io.webdav.client; + +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.common.DavPropertyName; +import org.xbib.io.webdav.api.Namespace; + +/** + * SearchConstants interface provide constants for request + * and response headers, Xml elements and property names used for WebDAV + * search. + */ +public interface SearchConstants { + + /** + * Namespace definition.
        + * NOTE: For convenience reasons, the namespace is defined to be the default + * {@link DavConstants#NAMESPACE DAV:} namespace. This is not correct for the + * underlying specification is still in a draft state. See also the editorial + * note inside the + * Internet Draft WebDAV Search + * document. + */ + Namespace NAMESPACE = DavConstants.NAMESPACE; + + /** + * Predefined basic query grammer. + */ + String BASICSEARCH = NAMESPACE.getPrefix() + "basicsearch"; + + /** + * The DASL response header specifying the query languages supported by + * the requested resource. + */ + String HEADER_DASL = "DASL"; + + /** + * Xml element name for a single query grammar element inside + * the {@link #QUERY_GRAMMER_SET supported-query-grammer-set property}. + */ + String XML_QUERY_GRAMMAR = "supported-query-grammar"; + + /** + * Name constant for the 'DAV:grammar' element, which is used inside the + * {@link #XML_QUERY_GRAMMAR} element. + */ + String XML_GRAMMER = "grammar"; + + /** + * Xml element name for the required request body of a SEARCH request. + * + * @see SearchInfo + * @see SearchResource#search(SearchInfo) + */ + String XML_SEARCHREQUEST = "searchrequest"; + + /** + * Optional Xml element name used in the SEARCH request body instead of {@link #XML_SEARCHREQUEST} + * in order to access a given query schema. + */ + String XML_QUERY_SCHEMA_DISCOVERY = "query-schema-discovery"; + + /** + * Property indicating the set of query languages the given resource is + * able deal with. The property has the following definition:
        + * 
        +     * <!ELEMENT supported-query-grammar-set (supported-query-grammar*)>
+     * <!ELEMENT supported-query-grammar grammar>
+     * <!ELEMENT grammar ANY>
+     *
        + */ + DavPropertyName QUERY_GRAMMER_SET = DavPropertyName.create("supported-query-grammar-set", NAMESPACE); +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/SearchInfo.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/SearchInfo.java new file mode 100644 index 0000000..e1b4d0f --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/SearchInfo.java @@ -0,0 +1,248 @@ +package org.xbib.io.webdav.client; + +import org.w3c.dom.Attr; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.Namespace; +import org.xbib.io.webdav.api.XMLizable; +import org.xbib.io.webdav.common.DavException; +import org.xbib.io.webdav.common.DomUtil; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Map; +import java.util.Set; + +/** + * SearchInfo parses the 'searchrequest' element of a SEARCH + * request body and performs basic validation. Both query language and the + * query itself can be access from the resulting object.
        + * NOTE: The query is expected to be represented by the text contained in the + * Xml element specifying the query language, thus the 'basicsearch' defined + * by the Webdav Search Internet Draft is not supported by this implementation. + *

        + *

        + * Example of a valid 'searchrequest' body + * 

        + * <d:searchrequest xmlns:d="DAV:" dcr:="http://www.day.com/jcr/webdav/1.0" >
+ *    <dcr:xpath>//sv:node[@sv:name='myapp:paragraph'][1]</dcr:xpath>
+ * </d:searchrequest>
+ *
        + *

        + * Would return the following values: + * 

        + *    getLanguageName() -> xpath
+ *    getQuery()        -> //sv:node[@sv:name='myapp:paragraph'][1]
+ *
        + */ +public class SearchInfo implements SearchConstants, XMLizable { + + public static final long NRESULTS_UNDEFINED = -1; + public static final long OFFSET_UNDEFINED = -1; + + private static final String LIMIT = "limit"; + private static final String NRESULTS = "nresults"; + private static final String OFFSET = "offset"; + + /** + * Set of namespace uri String which are ignored in the search request. + */ + private static final Set IGNORED_NAMESPACES; + + static { + Set s = new HashSet(); + s.add(Namespace.XMLNS_NAMESPACE.getURI()); + s.add(Namespace.XML_NAMESPACE.getURI()); + s.add(DavConstants.NAMESPACE.getURI()); + IGNORED_NAMESPACES = Collections.unmodifiableSet(s); + } + + private final String language; + private final Namespace languageNamespace; + private final String query; + private final Map namespaces; + + private long nresults = NRESULTS_UNDEFINED; + private long offset = OFFSET_UNDEFINED; + + /** + * Create a new SearchInfo instance. + * + * @param language + * @param languageNamespace + * @param query + * @param namespaces the re-mapped namespaces. Key=prefix, value=uri. + */ + public SearchInfo(String language, Namespace languageNamespace, String query, + Map namespaces) { + this.language = language; + this.languageNamespace = languageNamespace; + this.query = query; + this.namespaces = Collections.unmodifiableMap(new HashMap(namespaces)); + } + + /** + * Create a new SearchInfo instance. + * + * @param language + * @param languageNamespace + * @param query + */ + public SearchInfo(String language, Namespace languageNamespace, String query) { + this(language, languageNamespace, query, Collections.emptyMap()); + } + + /** + * Returns the name of the query language to be used. + * + * @return name of the query language + */ + public String getLanguageName() { + return language; + } + + /** + * Returns the namespace of the language specified with the search request element. + * + * @return namespace of the requested language. + */ + public Namespace getLanguageNameSpace() { + return languageNamespace; + } + + /** + * Return the query string. + * + * @return query string + */ + public String getQuery() { + return query; + } + + /** + * Returns the namespaces that have been re-mapped by the user. + * + * @return map of namespace to prefix mappings. Key=prefix, value=uri. + */ + public Map getNamespaces() { + return namespaces; + } + + /** + * Returns the maximal number of search results that should be returned. + * + * @return the maximal number of search results that should be returned. + */ + public long getNumberResults() { + return nresults; + } + + /** + * Sets the maximal number of search results that should be returned. + * + * @param nresults The maximal number of search results + */ + public void setNumberResults(long nresults) { + this.nresults = nresults; + } + + /** + * Returns the desired offset in the total result set. + * + * @return the desired offset in the total result set. + */ + public long getOffset() { + return offset; + } + + /** + * Sets the desired offset in the total result set. + * + * @param offset The desired offset in the total result set. + */ + public void setOffset(long offset) { + this.offset = offset; + } + + /** + * Return the xml representation of this SearchInfo instance. + * + * @param document + * @return xml representation + */ + public Element toXml(Document document) { + Element sRequestElem = DomUtil.createElement(document, XML_SEARCHREQUEST, NAMESPACE); + for (String prefix : namespaces.keySet()) { + String uri = namespaces.get(prefix); + DomUtil.setNamespaceAttribute(sRequestElem, prefix, uri); + } + DomUtil.addChildElement(sRequestElem, language, languageNamespace, query); + if (nresults != NRESULTS_UNDEFINED || offset != OFFSET_UNDEFINED) { + Element limitE = DomUtil.addChildElement(sRequestElem, LIMIT, NAMESPACE); + if (nresults != NRESULTS_UNDEFINED) { + DomUtil.addChildElement(limitE, NRESULTS, NAMESPACE, nresults + ""); + } + if (offset != OFFSET_UNDEFINED) { + // TODO define reasonable namespace... + DomUtil.addChildElement(limitE, OFFSET, Namespace.EMPTY_NAMESPACE, offset + ""); + } + } + return sRequestElem; + } + + /** + * Create a new SearchInfo from the specifying document + * retrieved from the request body. + * + * @param searchRequest + * @throws DavException if the root element's name is other than + * 'searchrequest' or if it does not contain a single child element specifying + * the query language to be used. + */ + public static SearchInfo createFromXml(Element searchRequest) throws DavException { + if (searchRequest == null || !XML_SEARCHREQUEST.equals(searchRequest.getLocalName())) { + //log.warn("The root element must be 'searchrequest'."); + throw new DavException(400); + } + Element first = DomUtil.getFirstChildElement(searchRequest); + Attr[] nsAttributes = DomUtil.getNamespaceAttributes(searchRequest); + Map namespaces = new HashMap(); + for (Attr nsAttribute : nsAttributes) { + // filter out xmlns namespace and DAV namespace + if (!IGNORED_NAMESPACES.contains(nsAttribute.getValue())) { + namespaces.put(nsAttribute.getLocalName(), nsAttribute.getValue()); + } + } + SearchInfo sInfo; + if (first != null) { + sInfo = new SearchInfo(first.getLocalName(), DomUtil.getNamespace(first), DomUtil.getText(first), namespaces); + } else { + //log.warn("A single child element is expected with the 'DAV:searchrequest'."); + throw new DavException(400); + } + + Element limit = DomUtil.getChildElement(searchRequest, LIMIT, NAMESPACE); + if (limit != null) { + // try to get the value DAV:nresults element + String nresults = DomUtil.getChildTextTrim(limit, NRESULTS, NAMESPACE); + if (nresults != null) { + try { + sInfo.setNumberResults(Long.valueOf(nresults)); + } catch (NumberFormatException e) { + //log.error("DAV:nresults cannot be parsed into a long -> ignore."); + } + } + // try of an offset is defined within the DAV:limit element. + String offset = DomUtil.getChildTextTrim(limit, OFFSET, Namespace.EMPTY_NAMESPACE); + if (offset != null) { + try { + sInfo.setOffset(Long.valueOf(offset)); + } catch (NumberFormatException e) { + //log.error("'offset' cannot be parsed into a long -> ignore."); + } + } + } + return sInfo; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/SearchResource.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/SearchResource.java new file mode 100644 index 0000000..a66c743 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/SearchResource.java @@ -0,0 +1,39 @@ +package org.xbib.io.webdav.client; + +import org.xbib.io.webdav.common.DavException; +import org.xbib.io.webdav.common.MultiStatus; + +/** + * SearchResource defines METHODS required in order to handle + * a SEARCH request. + */ +public interface SearchResource { + + /** + * The 'SEARCH' method + */ + String METHODS = "SEARCH"; + + + /** + * Returns the protected DAV:supported-method-set property which is defined + * mandatory by RTF 3253. This method call is a shortcut for + * DavResource.getProperty(SearchConstants.QUERY_GRAMMER_SET). + * + * @return the DAV:supported-query-grammer-set + * @see SearchConstants#QUERY_GRAMMER_SET + */ + QueryGrammerSet getQueryGrammerSet(); + + /** + * Runs a search with the language and query defined in the {@link SearchInfo} + * object specified and returns a {@link MultiStatus} object listing the + * results. + * + * @param sInfo SearchInfo element encapsulating the SEARCH + * request body. + * @return MultiStatus object listing the results. + * @throws DavException + */ + MultiStatus search(SearchInfo sInfo) throws DavException; +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/UnbindInfo.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/UnbindInfo.java new file mode 100644 index 0000000..78635ce --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/UnbindInfo.java @@ -0,0 +1,71 @@ +package org.xbib.io.webdav.client; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.XMLizable; +import org.xbib.io.webdav.common.DavException; +import org.xbib.io.webdav.common.DomUtil; +import org.xbib.io.webdav.common.ElementIterator; + +public class UnbindInfo implements XMLizable { + + private String segment; + + private UnbindInfo() { + } + + public UnbindInfo(String segment) { + this.segment = segment; + } + + public String getSegment() { + return this.segment; + } + + /** + * Build an UnbindInfo object from the root element present + * in the request body. + * + * @param root the root element of the request body + * @return a UnbindInfo object containing a segment identifier + * @throws DavException if the UNBIND request is malformed + */ + public static UnbindInfo createFromXml(Element root) throws DavException { + if (!DomUtil.matches(root, "unbind", DavConstants.NAMESPACE)) { + //log.warn("DAV:unbind element expected"); + throw new DavException(400); + } + String segment = null; + ElementIterator it = DomUtil.getChildren(root); + while (it.hasNext()) { + Element elt = it.nextElement(); + if (DomUtil.matches(elt, "segment", DavConstants.NAMESPACE)) { + if (segment == null) { + segment = DomUtil.getText(elt); + } else { + //log.warn("unexpected multiple occurrence of DAV:segment element"); + throw new DavException(400); + } + } else { + //log.warn("unexpected element " + elt.getLocalName()); + throw new DavException(400); + } + } + if (segment == null) { + //log.warn("DAV:segment element expected"); + throw new DavException(400); + } + return new UnbindInfo(segment); + } + + /** + * @see XMLizable#toXml(Document) + */ + public Element toXml(Document document) { + Element unbindElt = DomUtil.createElement(document, "unbind", DavConstants.NAMESPACE); + Element segElt = DomUtil.createElement(document, "segment", DavConstants.NAMESPACE, this.segment); + unbindElt.appendChild(segElt); + return unbindElt; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/UpdateInfo.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/UpdateInfo.java new file mode 100644 index 0000000..8940c8d --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/UpdateInfo.java @@ -0,0 +1,236 @@ +package org.xbib.io.webdav.client; + +import static org.xbib.io.webdav.api.DavConstants.NAMESPACE; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.XMLizable; +import org.xbib.io.webdav.common.DavException; +import org.xbib.io.webdav.common.DavPropertyNameSet; +import org.xbib.io.webdav.common.DomUtil; +import org.xbib.io.webdav.common.ElementIterator; +import java.util.ArrayList; +import java.util.List; + +/** + * UpdateInfo encapsulates the request body of an UPDATE request. + * RFC 3253 defines the request body as follows: + * 
        + * <!ELEMENT update ANY>
+ * ANY value: A sequence of elements with at most one DAV:label-name or
+ * DAV:version element (but not both).
+ * In addition at one DAV:prop element can be present.
+ *
+ * <!ELEMENT version (href)>
+ * <!ELEMENT label-name (#PCDATA)> PCDATA value: string
+ * prop: see RFC 2518, Section 12.11
+ *
        + *

        + * In order to reflect the complete range of version restoring and updating + * of nodes defined by JSR170 the definition has been extended: + * 

        + * <!ELEMENT update ( (version | label-name | workspace ) , (prop)?, (removeExisting)? ) >
+ * <!ELEMENT version (href+) >
+ * <!ELEMENT label-name (#PCDATA) >
+ * <!ELEMENT workspace (href) >
+ * <!ELEMENT prop ANY >
+ * <!ELEMENT removeExisting EMPTY >
+ *
        + */ +public class UpdateInfo implements XMLizable { + + /** + * Xml element defining the top element in the UPDATE request body. RFC 3253 + * defines the following structure for the 'update' element. + * 
        +     * <!ELEMENT update ANY>
+     * ANY value: A sequence of elements with at most one DAV:version element
+     * and at most one DAV:prop element.
+     * <!ELEMENT version (href)>
+     * prop: see RFC 2518, Section 12.11
+     *
        + */ + private static final String XML_UPDATE = "update"; + + private static final String XML_LABEL_NAME = "label-name"; + private static final String XML_VERSION = "version"; + private static final String XML_WORKSPACE = "workspace"; + + + public static final int UPDATE_BY_VERSION = 0; + public static final int UPDATE_BY_LABEL = 1; + public static final int UPDATE_BY_WORKSPACE = 2; + + private Element updateElement; + + private DavPropertyNameSet propertyNameSet = new DavPropertyNameSet(); + private String[] source; + private int type; + + public UpdateInfo(String[] updateSource, int updateType, DavPropertyNameSet propertyNameSet) { + if (updateSource == null || updateSource.length == 0) { + throw new IllegalArgumentException("Version href array must not be null and have a minimal length of 1."); + } + if (updateType < UPDATE_BY_VERSION || updateType > UPDATE_BY_WORKSPACE) { + throw new IllegalArgumentException("Illegal type of UpdateInfo."); + } + this.type = updateType; + this.source = (updateType == UPDATE_BY_VERSION) ? updateSource : new String[]{updateSource[0]}; + if (propertyNameSet != null) { + this.propertyNameSet = propertyNameSet; + } + } + + /** + * Create a new UpdateInfo object. + * + * @param updateElement + * @throws DavException if the updateElement is null + * or not a DAV:update element or if the element does not match the required + * structure. + */ + public UpdateInfo(Element updateElement) throws DavException { + if (!DomUtil.matches(updateElement, XML_UPDATE, NAMESPACE)) { + //log.warn("DAV:update element expected"); + throw new DavException(400); + } + + boolean done = false; + if (DomUtil.hasChildElement(updateElement, XML_VERSION, NAMESPACE)) { + Element vEl = DomUtil.getChildElement(updateElement, XML_VERSION, NAMESPACE); + ElementIterator hrefs = DomUtil.getChildren(vEl, DavConstants.XML_HREF, NAMESPACE); + List hrefList = new ArrayList(); + while (hrefs.hasNext()) { + hrefList.add(DomUtil.getText(hrefs.nextElement())); + } + source = hrefList.toArray(new String[hrefList.size()]); + type = UPDATE_BY_VERSION; + done = true; + } + + // alternatively 'DAV:label-name' elements may be present. + if (!done && DomUtil.hasChildElement(updateElement, XML_LABEL_NAME, NAMESPACE)) { + source = new String[]{DomUtil.getChildText(updateElement, XML_LABEL_NAME, NAMESPACE)}; + type = UPDATE_BY_LABEL; + done = true; + } + + // last possibility: a DAV:workspace element + if (!done) { + Element wspElem = DomUtil.getChildElement(updateElement, XML_WORKSPACE, NAMESPACE); + if (wspElem != null) { + source = new String[]{DomUtil.getChildTextTrim(wspElem, DavConstants.XML_HREF, NAMESPACE)}; + type = UPDATE_BY_WORKSPACE; + } else { + //log.warn("DAV:update element must contain either DAV:version, DAV:label-name or DAV:workspace child element."); + throw new DavException(400); + } + } + + // if property name set if present + if (DomUtil.hasChildElement(updateElement, DavConstants.XML_PROP, NAMESPACE)) { + Element propEl = DomUtil.getChildElement(updateElement, DavConstants.XML_PROP, NAMESPACE); + propertyNameSet = new DavPropertyNameSet(propEl); + updateElement.removeChild(propEl); + } else { + propertyNameSet = new DavPropertyNameSet(); + } + this.updateElement = updateElement; + } + + /** + * @return + */ + public String[] getVersionHref() { + return (type == UPDATE_BY_VERSION) ? source : null; + } + + /** + * @return + */ + public String[] getLabelName() { + return (type == UPDATE_BY_LABEL) ? source : null; + } + + /** + * @return + */ + public String getWorkspaceHref() { + return (type == UPDATE_BY_WORKSPACE) ? source[0] : null; + } + + /** + * Returns a {@link DavPropertyNameSet}. If the DAV:update element contains + * a DAV:prop child element the properties specified therein are included + * in the set. Otherwise an empty set is returned. + *

        + * WARNING: modifying the DavPropertyNameSet returned by this method does + * not modify this UpdateInfo. + * + * @return set listing the properties specified in the DAV:prop element indicating + * those properties that must be reported in the response body. + */ + public DavPropertyNameSet getPropertyNameSet() { + return propertyNameSet; + } + + /** + * @return + */ + public Element getUpdateElement() { + return updateElement; + } + + /** + * @param document + * @see XMLizable#toXml(Document) + */ + public Element toXml(Document document) { + Element elem; + if (updateElement != null) { + elem = (Element) document.importNode(updateElement, true); + } else { + elem = createUpdateElement(source, type, document); + } + if (!propertyNameSet.isEmpty()) { + elem.appendChild(propertyNameSet.toXml(document)); + } + return elem; + } + + /** + * Factory method to create the basic structure of an UpdateInfo + * object. + * + * @param updateSource + * @param updateType + * @param factory + * @return + */ + public static Element createUpdateElement(String[] updateSource, int updateType, Document factory) { + if (updateSource == null || updateSource.length == 0) { + throw new IllegalArgumentException("Update source must specific at least a single resource used to run the update."); + } + + Element elem = DomUtil.createElement(factory, XML_UPDATE, NAMESPACE); + switch (updateType) { + case UPDATE_BY_VERSION: + Element vE = DomUtil.addChildElement(elem, XML_VERSION, NAMESPACE); + for (String source : updateSource) { + vE.appendChild(DomUtil.hrefToXml(source, factory)); + } + break; + case UPDATE_BY_LABEL: + DomUtil.addChildElement(elem, XML_LABEL_NAME, NAMESPACE, updateSource[0]); + break; + case UPDATE_BY_WORKSPACE: + Element wspEl = DomUtil.addChildElement(elem, XML_WORKSPACE, NAMESPACE, updateSource[0]); + wspEl.appendChild(DomUtil.hrefToXml(updateSource[0], factory)); + break; + // no default. + default: + throw new IllegalArgumentException("Invalid update type: " + updateType); + } + return elem; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/WebDavClient.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/WebDavClient.java new file mode 100644 index 0000000..d7c47f1 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/WebDavClient.java @@ -0,0 +1,252 @@ +package org.xbib.io.webdav.client; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.DavResource; +import org.xbib.io.webdav.api.Namespace; +import org.xbib.io.webdav.common.DavException; +import org.xbib.io.webdav.common.DavPropertyName; +import org.xbib.io.webdav.client.methods.Mkcol; +import org.xbib.io.webdav.client.methods.Options; +import org.xbib.io.webdav.client.methods.Propfind; +import org.xbib.io.webdav.common.DavPropertyNameSet; +import org.xbib.io.webdav.common.DavPropertySet; +import org.xbib.io.webdav.common.DomUtil; +import org.xbib.io.webdav.common.EventDiscovery; +import org.xbib.io.webdav.common.MultiStatus; +import org.xbib.io.webdav.common.MultiStatusResponse; +import org.xbib.io.webdav.common.SubscriptionDiscovery; +import org.xml.sax.SAXException; +import java.io.IOException; +import java.io.InputStream; +import java.net.URI; +import java.net.http.HttpClient; +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; +import java.util.List; +import java.util.Set; +import javax.xml.parsers.ParserConfigurationException; + +public class WebDavClient { + + private static final Namespace DCR_NAMESPACE = Namespace.getNamespace("dcr", "http://www.day.com/jcr/webdav/1.0"); + + private HttpClient httpClient; + + private URI uri; + + public void init(URI uri, String username, String password) { + this.uri = uri; + this.httpClient = HttpClient.newBuilder() + .version(HttpClient.Version.HTTP_1_1) + .build(); + } + + public Set getComplianceClasses(URI uri) throws IOException, InterruptedException { + Options options = new Options(); + HttpRequest httpRequest = HttpRequest.newBuilder() + .method(options.method(), null) + .uri(uri).build(); + HttpResponse response = httpClient.send(httpRequest, options); + int status = response.statusCode(); + if (status != 200) { + throw new DavAccessFailedException("OPTIONS failed with code " + status); + } + return options.getComplianceClasses(); + } + + public InputStream get(URI uri) throws IOException, InterruptedException { + HttpRequest httpRequest = HttpRequest.newBuilder() + .GET().uri(uri).build(); + HttpResponse response = httpClient.send(httpRequest, + HttpResponse.BodyHandlers.ofInputStream()); + int status = response.statusCode(); + if (status != 200) { + throw new DavAccessFailedException("GET failed with code " + status); + } + return response.body(); + } + + public WebDavLsResult ls(URI uri) throws IOException, InterruptedException { + WebDavLsResult result = new WebDavLsResult(); + DavPropertyNameSet set = new DavPropertyNameSet(); + set.add(DavPropertyName.create(DavConstants.PROPERTY_DISPLAYNAME)); + set.add(DavPropertyName.create(DavConstants.PROPERTY_RESOURCETYPE)); + set.add(DavPropertyName.create(DavConstants.PROPERTY_SOURCE)); + set.add(DavPropertyName.create(DavConstants.PROPERTY_GETCONTENTLENGTH)); + set.add(DavPropertyName.create(DavConstants.PROPERTY_GETCONTENTTYPE)); + set.add(DavPropertyName.create(DavConstants.PROPERTY_CREATIONDATE)); + set.add(DavPropertyName.create(DavConstants.PROPERTY_GETLASTMODIFIED)); + Propfind propfind = new Propfind(set, 1); + HttpRequest httpRequest = HttpRequest.newBuilder() + .method(propfind.method(), propfind.bodyPublisher()).uri(uri).build(); + HttpResponse response = httpClient.send(httpRequest, + HttpResponse.BodyHandlers.ofInputStream()); + if (response.statusCode() < 200 || response.statusCode() >= 300) { + throw new DavAccessFailedException(propfind.method() + " failed with code = " + response.statusCode()); + } + MultiStatus multistatus = getResponseBodyAsMultiStatus(response); + MultiStatusResponse[] responses = multistatus.getResponses(); + for (MultiStatusResponse respons : responses) { + DavPropertySet found = respons.getProperties(200); + DavPropertySet notfound = respons.getProperties(404); + if (notfound.contains(DavPropertyName.GETCONTENTLENGTH)) { + result.addDirectory(new WebDavDirectory(uri, found)); + } else { + result.addFile(new WebDavFile(uri, found)); + } + } + return result; + } + + public WebDavDirectory mkdir(URI resource) throws IOException, InterruptedException { + Mkcol mkcol = new Mkcol(); + HttpRequest httpRequest = HttpRequest.newBuilder() + .method(mkcol.method(), mkcol.bodyPublisher()).uri(uri).build(); + HttpResponse response = httpClient.send(httpRequest, + HttpResponse.BodyHandlers.ofInputStream()); + if (response.statusCode() < 200 || response.statusCode() >= 300) { + throw new DavAccessFailedException(mkcol.method() + " failed with code = " + response.statusCode()); + } + WebDavLsResult webDavLsResult = ls(resource); + List webDavDirectories = webDavLsResult.getDirectories(); + if (webDavDirectories.isEmpty()) { + throw new DavAccessFailedException( + "Directory " + mkcol.toString() + " will not be found."); + } + return webDavDirectories.get(0); + } + + public WebDavFile put(URI uri, InputStream inputStream) throws IOException, InterruptedException { + HttpRequest httpRequest = HttpRequest.newBuilder() + .PUT(HttpRequest.BodyPublishers.ofInputStream(() -> inputStream)).uri(uri).build(); + HttpResponse response = httpClient.send(httpRequest, + HttpResponse.BodyHandlers.ofInputStream()); + if (response.statusCode() < 200 || response.statusCode() >= 300) { + throw new DavAccessFailedException("PUT failed with code = " + response.statusCode()); + } + WebDavLsResult webDavLsResult = ls(uri); + List webDavFileList = webDavLsResult.getFiles(); + if (webDavFileList.isEmpty()) { + throw new DavAccessFailedException("file not found: " + uri); + } + return webDavFileList.get(0); + } + + /** + * Gets a {@link Document} representing the response body. + * + * @return document or {@code null} for null entity + * @throws IOException in case of I/O or XMP pasting problems + */ + public Document getResponseBodyAsDocument(HttpResponse response) throws IOException { + try (InputStream in = response.body()) { + return DomUtil.parseDocument(in); + } catch (ParserConfigurationException | SAXException | IOException ex) { + throw new IOException(ex); + } + } + + /** + * Return response body as {@link MultiStatus} object. + * + * @throws IllegalStateException when response does not represent a {@link MultiStatus} + * @throws DavException for failures in obtaining/parsing the response body + */ + public MultiStatus getResponseBodyAsMultiStatus(HttpResponse response) throws IOException { + Document doc = getResponseBodyAsDocument(response); + if (doc == null) { + throw new DavException(response.statusCode(), "no response body"); + } + return MultiStatus.createFromXml(doc.getDocumentElement()); + } + + /** + * Return response body as {@link SubscriptionDiscovery} object. + * + * @throws IllegalStateException when response does not represent a {@link SubscriptionDiscovery} + * @throws DavException for failures in obtaining/parsing the response body + */ + public SubscriptionDiscovery getResponseBodyAsSubscriptionDiscovery(HttpResponse response) throws DavException { + try { + DavPropertyName SUBSCRIPTIONDISCOVERY = DavPropertyName.create("subscriptiondiscovery", DCR_NAMESPACE); + Document doc = getResponseBodyAsDocument(response); + if (doc == null) { + throw new DavException(response.statusCode(), "no response body"); + } + Element root = doc.getDocumentElement(); + + if (!DomUtil.matches(root, DavConstants.XML_PROP, DavConstants.NAMESPACE) + && DomUtil.hasChildElement(root, SUBSCRIPTIONDISCOVERY.getName(), + SUBSCRIPTIONDISCOVERY.getNamespace())) { + throw new DavException(response.statusCode(), + "Missing DAV:prop response body in SUBSCRIBE response."); + } + + Element sde = DomUtil.getChildElement(root, SUBSCRIPTIONDISCOVERY.getName(), + SUBSCRIPTIONDISCOVERY.getNamespace()); + SubscriptionDiscovery sd = SubscriptionDiscovery.createFromXml(sde); + if (sd.getValue().length > 0) { + return sd; + } else { + throw new DavException(response.statusCode(), + "Missing 'subscription' elements in SUBSCRIBE response body. At least a single subscription must be present if SUBSCRIBE was successful."); + } + } catch (IOException ex) { + throw new DavException(response.statusCode(), ex); + } + } + + + /** + * Return response body as {@link EventDiscovery} object. + * + * @throws IllegalStateException when response does not represent a {@link EventDiscovery} + * @throws DavException for failures in obtaining/parsing the response body + */ + public EventDiscovery getResponseBodyAsEventDiscovery(HttpResponse response) throws DavException { + try { + Document doc = getResponseBodyAsDocument(response); + if (doc == null) { + throw new DavException(response.statusCode(), "no response body"); + } + return EventDiscovery.createFromXml(doc.getDocumentElement()); + } catch (IOException ex) { + throw new DavException(response.statusCode(), ex); + } + } + + /** + * Obtain a {@link DavException} representing the response. + * + * @throws IllegalStateException when the response is considered to be successful + */ + public DavException getResponseException(HttpResponse response) { + if (response.statusCode() >= 200 && response.statusCode() < 300) { + String msg = "Cannot retrieve exception from successful response."; + throw new IllegalStateException(msg); + } + Element responseRoot = null; + try { + responseRoot = getResponseBodyAsDocument(response).getDocumentElement(); + } catch (IOException e) { + // non-parseable body -> use null element + } + return new DavException(response.statusCode(), "", null, responseRoot); + } + + public boolean exists(String path) { + return false; + } + + public void createDirectory(String path) { + } + + public void delete(String path) { + } + + public List list(String path) { + return null; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/WebDavDirectory.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/WebDavDirectory.java new file mode 100644 index 0000000..24309e6 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/WebDavDirectory.java @@ -0,0 +1,25 @@ +package org.xbib.io.webdav.client; + + +import org.xbib.io.webdav.common.DavPropertySet; +import java.net.URI; + +public final class WebDavDirectory implements WebDavElement { + + private final URI baseURI; + private final DavPropertySet propertiesPresent; + + public WebDavDirectory(URI baseURI, DavPropertySet propertiesPresent) { + this.baseURI = baseURI; + this.propertiesPresent = propertiesPresent; + } + + public URI getBaseURI() { + return baseURI; + } + + @Override + public DavPropertySet getDavPropertySet() { + return propertiesPresent; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/WebDavElement.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/WebDavElement.java new file mode 100644 index 0000000..e4a1cec --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/WebDavElement.java @@ -0,0 +1,23 @@ +package org.xbib.io.webdav.client; + +import static org.xbib.io.webdav.api.DavConstants.PROPERTY_DISPLAYNAME; +import static org.xbib.io.webdav.api.DavConstants.PROPERTY_RESOURCETYPE; +import static org.xbib.io.webdav.api.DavConstants.PROPERTY_SOURCE; +import org.xbib.io.webdav.common.DavPropertySet; + +public interface WebDavElement { + + DavPropertySet getDavPropertySet(); + + default String getName() { + return getDavPropertySet().get(PROPERTY_DISPLAYNAME).getValue().toString(); + } + + default String getResourceType() { + return getDavPropertySet().get(PROPERTY_RESOURCETYPE).getValue().toString(); + } + + default String getSource() { + return getDavPropertySet().get(PROPERTY_SOURCE).getValue().toString(); + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/WebDavFile.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/WebDavFile.java new file mode 100644 index 0000000..9718829 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/WebDavFile.java @@ -0,0 +1,53 @@ +package org.xbib.io.webdav.client; + +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.common.DavPropertySet; +import java.io.UnsupportedEncodingException; +import java.net.URI; +import java.net.URLEncoder; +import java.nio.charset.StandardCharsets; + +public class WebDavFile implements WebDavElement { + + private final URI uri; + + private final DavPropertySet davPropertySet; + + public WebDavFile(URI uri, DavPropertySet davPropertySet) { + this.uri = uri; + this.davPropertySet = davPropertySet; + } + + public String getCreated() { + return davPropertySet.get(DavConstants.PROPERTY_CREATIONDATE).getValue().toString(); + } + + public String getLastModified() { + return davPropertySet.get(DavConstants.PROPERTY_GETLASTMODIFIED).getValue().toString(); + } + + public String getContentType() { + return davPropertySet.get(DavConstants.PROPERTY_GETCONTENTTYPE).getValue().toString(); + } + + public Integer getLength() { + return Integer.valueOf(davPropertySet.get(DavConstants.PROPERTY_GETCONTENTLENGTH).getValue().toString()); + } + + public String getNameUrlEncoded() { + try { + return URLEncoder.encode(getName(), StandardCharsets.UTF_8.toString()).replaceAll("\\+", "%20"); + } catch (UnsupportedEncodingException e) { + throw new RuntimeException(e); + } + } + + public URI getUri() { + return uri; + } + + @Override + public DavPropertySet getDavPropertySet() { + return davPropertySet; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/WebDavFileInputStream.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/WebDavFileInputStream.java new file mode 100644 index 0000000..f4e4b48 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/WebDavFileInputStream.java @@ -0,0 +1,107 @@ +package org.xbib.io.webdav.client; + +import org.xbib.io.webdav.common.DavPropertySet; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; + +public class WebDavFileInputStream extends InputStream implements WebDavElement { + + private final DavPropertySet propertiesPresent; + private final InputStream inputStream; + private final File tmpFile; + + public WebDavFileInputStream(DavPropertySet propertiesPresent, InputStream inputStream, File tmpFile) { + this.propertiesPresent = propertiesPresent; + this.tmpFile = tmpFile; + this.inputStream = loadingInputStreamToTmpFile(inputStream, tmpFile); + } + + private InputStream loadingInputStreamToTmpFile(InputStream inputStream, File tmpFile) { + try (OutputStream outputStream = new FileOutputStream(tmpFile)) { + //IOUtils.copy(inputStream, outputStream); + } catch (IOException e) { + //log.error("Couldn't load file {} due to io exception.", tmpFile, e); + } + try { + return new FileInputStream(tmpFile); + } catch (FileNotFoundException e) { + //log.error("Cannot open input stream of local file {}", tmpFile , e); + } + return null; + } + + @Override + public DavPropertySet getDavPropertySet() { + return propertiesPresent; + } + + @Override + public int read() throws IOException { + return inputStream.read(); + } + + @Override + public int read(byte[] b) throws IOException { + return inputStream.read(b); + } + + @Override + public int read(byte[] b, int off, int len) throws IOException { + return inputStream.read(b, off, len); + } + + @Override + public byte[] readAllBytes() throws IOException { + return inputStream.readAllBytes(); + } + + @Override + public int readNBytes(byte[] b, int off, int len) throws IOException { + return inputStream.readNBytes(b, off, len); + } + + @Override + public long skip(long n) throws IOException { + return inputStream.skip(n); + } + + @Override + public int available() throws IOException { + return inputStream.available(); + } + + @Override + public void close() throws IOException { + inputStream.close(); + try { + tmpFile.delete(); + } finally { + + } + } + + @Override + public void mark(int readlimit) { + inputStream.mark(readlimit); + } + + @Override + public void reset() throws IOException { + inputStream.reset(); + } + + @Override + public boolean markSupported() { + return inputStream.markSupported(); + } + + @Override + public long transferTo(OutputStream out) throws IOException { + return inputStream.transferTo(out); + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/WebDavHttpClient.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/WebDavHttpClient.java new file mode 100644 index 0000000..10fdaab --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/WebDavHttpClient.java @@ -0,0 +1,210 @@ +package org.xbib.io.webdav.client; + +import java.io.IOException; +import java.net.Authenticator; +import java.net.CookieHandler; +import java.net.ProxySelector; +import java.net.http.HttpClient; +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; +import java.time.Duration; +import java.util.ArrayList; +import java.util.List; +import java.util.Optional; +import java.util.concurrent.CompletableFuture; +import java.util.concurrent.Executor; +import java.util.function.BiConsumer; +import java.util.function.Consumer; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLParameters; + +public class WebDavHttpClient extends HttpClient { + + private final HttpClient client; + + private final List> decorators; + + private final List> interceptors; + + public static Builder builder() { + return new WebDavHttpClientBuilder(); + } + + WebDavHttpClient(HttpClient client, + List> decorators, + List> interceptors) { + this.client = client; + this.decorators = decorators; + this.interceptors = interceptors; + } + + @Override + public Optional cookieHandler() { + return client.cookieHandler(); + } + + @Override + public Optional connectTimeout() { + return client.connectTimeout(); + } + + @Override + public Redirect followRedirects() { + return client.followRedirects(); + } + + @Override + public Optional proxy() { + return client.proxy(); + } + + @Override + public SSLContext sslContext() { + return client.sslContext(); + } + + @Override + public SSLParameters sslParameters() { + return client.sslParameters(); + } + + @Override + public Optional authenticator() { + return client.authenticator(); + } + + @Override + public Version version() { + return client.version(); + } + + @Override + public Optional executor() { + return client.executor(); + } + + @Override + public HttpResponse send(HttpRequest httpRequest, + HttpResponse.BodyHandler bodyHandler) + throws IOException, InterruptedException { + httpRequest = decorate(httpRequest); + if (interceptors.isEmpty()) { + return client.send(httpRequest, bodyHandler); + } else { + List values = new ArrayList<>(interceptors.size()); + for (Interceptor interceptor : interceptors) { + try { + values.add(interceptor.getOnRequest().apply(httpRequest)); + } catch (Throwable ignored) { + } + } + try { + HttpResponse response = client.send(httpRequest, bodyHandler); + for (int index = 0; index < interceptors.size(); index++) { + try { + BiConsumer onResponse = interceptors.get(index).getOnResponse(); + onResponse.accept(response, values.get(index)); + } catch (Throwable ignored) { + } + } + return response; + } catch (IOException exception) { + for (int index = 0; index < interceptors.size(); index++) { + try { + BiConsumer onResponse = interceptors.get(index).getOnError(); + onResponse.accept(exception, values.get(index)); + } catch (Throwable ignored) { + } + } + throw exception; + } + } + } + + @Override + public CompletableFuture> sendAsync(HttpRequest httpRequest, + HttpResponse.BodyHandler bodyHandler) { + return sendAsync(httpRequest, bodyHandler, null); + } + + @Override + @SuppressWarnings("unchecked") + public CompletableFuture> sendAsync(HttpRequest httpRequest, + HttpResponse.BodyHandler bodyHandler, + HttpResponse.PushPromiseHandler pushPromiseHandler) { + httpRequest = decorate(httpRequest); + if (interceptors.isEmpty()) { + return client.sendAsync(httpRequest, bodyHandler); + } else { + List values = new ArrayList<>(interceptors.size()); + for (Interceptor interceptor : interceptors) { + values.add(interceptor.getOnRequest().apply(httpRequest)); + } + return client.sendAsync(httpRequest, bodyHandler, pushPromiseHandler).handle((response, throwable) -> { + for (int index = 0; index < interceptors.size(); index++) { + if (throwable == null) { + BiConsumer onResponse = interceptors.get(index).getOnResponse(); + onResponse.accept(response, values.get(index)); + } else { + BiConsumer onResponse = interceptors.get(index).getOnError(); + onResponse.accept(throwable, values.get(index)); + } + } + return response; + }); + } + } + + private HttpRequest decorate(HttpRequest httpRequest) { + if (decorators.isEmpty()) { + return httpRequest; + } + HttpRequest.Builder builder = HttpRequest.newBuilder(httpRequest.uri()); + builder.expectContinue(httpRequest.expectContinue()); + httpRequest.headers().map().forEach((key, values) -> + values.forEach(value -> builder.header(key, value))); + httpRequest.timeout().ifPresent(builder::timeout); + httpRequest.version().ifPresent(builder::version); + for (Consumer decorator : decorators) { + decorator.accept(builder); + } + return builder.build(); + } + + public interface Builder extends HttpClient.Builder { + + @Override + Builder cookieHandler(CookieHandler cookieHandler); + + @Override + Builder connectTimeout(Duration duration); + + @Override + Builder sslContext(SSLContext sslContext); + + @Override + Builder sslParameters(SSLParameters sslParameters); + + @Override + Builder executor(Executor executor); + + @Override + Builder followRedirects(Redirect redirect); + + @Override + Builder version(Version version); + + @Override + Builder priority(int i); + + @Override + Builder proxy(ProxySelector proxySelector); + + @Override + Builder authenticator(Authenticator authenticator); + + Builder decorator(Consumer decorator); + + Builder interceptor(Interceptor interceptor); + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/WebDavHttpClientBuilder.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/WebDavHttpClientBuilder.java new file mode 100644 index 0000000..113fd24 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/WebDavHttpClientBuilder.java @@ -0,0 +1,102 @@ +package org.xbib.io.webdav.client; + +import java.net.Authenticator; +import java.net.CookieHandler; +import java.net.ProxySelector; +import java.net.http.HttpClient; +import java.net.http.HttpRequest; +import java.time.Duration; +import java.util.ArrayList; +import java.util.List; +import java.util.Objects; +import java.util.concurrent.Executor; +import java.util.function.Consumer; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLParameters; + +class WebDavHttpClientBuilder implements WebDavHttpClient.Builder { + + private final HttpClient.Builder builder = HttpClient.newBuilder(); + + private final List> decorators = new ArrayList<>(); + + private final List> interceptors = new ArrayList<>(); + + @Override + public WebDavHttpClient.Builder cookieHandler(CookieHandler cookieHandler) { + builder.cookieHandler(cookieHandler); + return this; + } + + @Override + public WebDavHttpClient.Builder connectTimeout(Duration duration) { + builder.connectTimeout(duration); + return this; + } + + @Override + public WebDavHttpClient.Builder sslContext(SSLContext sslContext) { + builder.sslContext(sslContext); + return this; + } + + @Override + public WebDavHttpClient.Builder sslParameters(SSLParameters sslParameters) { + builder.sslParameters(sslParameters); + return this; + } + + @Override + public WebDavHttpClient.Builder executor(Executor executor) { + builder.executor(executor); + return this; + } + + @Override + public WebDavHttpClient.Builder followRedirects(HttpClient.Redirect redirect) { + builder.followRedirects(redirect); + return this; + } + + @Override + public WebDavHttpClient.Builder version(HttpClient.Version version) { + builder.version(version); + return this; + } + + @Override + public WebDavHttpClient.Builder priority(int priority) { + builder.priority(priority); + return this; + } + + @Override + public WebDavHttpClient.Builder proxy(ProxySelector proxySelector) { + builder.proxy(proxySelector); + return this; + } + + @Override + public WebDavHttpClient.Builder authenticator(Authenticator authenticator) { + builder.authenticator(authenticator); + return this; + } + + @Override + public WebDavHttpClient.Builder decorator(Consumer decorator) { + Objects.requireNonNull(decorator, "decorator"); + decorators.add(decorator); + return this; + } + + @Override + public WebDavHttpClient.Builder interceptor(Interceptor interceptor) { + interceptors.add(interceptor); + return this; + } + + @Override + public HttpClient build() { + return new WebDavHttpClient(builder.build(), new ArrayList<>(decorators), new ArrayList<>(interceptors)); + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/WebDavLsResult.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/WebDavLsResult.java new file mode 100644 index 0000000..5616bb1 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/WebDavLsResult.java @@ -0,0 +1,33 @@ +package org.xbib.io.webdav.client; + +import java.util.ArrayList; +import java.util.List; + +public class WebDavLsResult { + + private final List files = new ArrayList<>(); + private final List directories = new ArrayList<>(); + + public void addFile(WebDavFile file) { + files.add(file); + } + + public void addDirectory(WebDavDirectory dir) { + directories.add(dir); + } + + public List getAllSubElements() { + ArrayList objects = new ArrayList<>(); + objects.addAll(files); + objects.addAll(directories); + return objects; + } + + public List getFiles() { + return files; + } + + public List getDirectories() { + return directories; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/AbstractMethod.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/AbstractMethod.java new file mode 100644 index 0000000..70560ed --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/AbstractMethod.java @@ -0,0 +1,73 @@ +package org.xbib.io.webdav.client.methods; + +import static java.net.http.HttpRequest.BodyPublishers.noBody; +import org.w3c.dom.Document; +import org.xbib.io.webdav.api.XMLizable; +import org.xbib.io.webdav.common.DomUtil; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.UncheckedIOException; +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; +import java.nio.charset.StandardCharsets; +import java.util.Map; +import java.util.function.Consumer; +import javax.xml.transform.OutputKeys; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; + +/** + * Base class for request classes defined in this package. + */ +public abstract class AbstractMethod + implements Method, HttpResponse.BodyHandler, Consumer { + + private static final TransformerFactory FACTORY = TransformerFactory.newInstance(); + + @Override + public HttpResponse.BodySubscriber apply(HttpResponse.ResponseInfo responseInfo) { + return HttpResponse.BodySubscribers.ofString(StandardCharsets.UTF_8); + } + + /** + * Check the provided {@link HttpResponse} for successful execution. The default implementation treats all + * 2xx status codes (RFC 7231, Section 6.3). + * Implementations can further restrict the accepted range of responses (or even check the response body). + */ + public boolean succeeded(HttpResponse response) { + return response.statusCode() >= 200 && response.statusCode() < 300; + } + + @Override + public void accept(HttpRequest.Builder httpRequest) { + httpRequest.header("content-type", "application/xml"); + httpRequest.method(method(), bodyPublisher()); + } + + public HttpRequest.BodyPublisher bodyPublisher() { + return noBody(); + } + + @Override + public Map headers() { + return Map.of(); + } + + protected static HttpRequest.BodyPublisher publish(XMLizable xmLizable) { + try { + Document document = DomUtil.createDocument(); + document.appendChild(xmLizable.toXml(document)); + ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); + Transformer transformer = FACTORY.newTransformer(); + transformer.setOutputProperty(OutputKeys.METHOD, "xml"); + transformer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); + transformer.setOutputProperty(OutputKeys.INDENT, "no"); + transformer.transform(new DOMSource(document), new StreamResult(byteArrayOutputStream)); + return HttpRequest.BodyPublishers.ofByteArray(byteArrayOutputStream.toByteArray()); + } catch (Exception e) { + throw new UncheckedIOException(new IOException(e)); + } + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Bind.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Bind.java new file mode 100644 index 0000000..c3bddb2 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Bind.java @@ -0,0 +1,34 @@ +package org.xbib.io.webdav.client.methods; + +import org.xbib.io.webdav.client.BindInfo; +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; + +/** + * Represents an HTTP BIND request. + * + * @see RFC 5842, Section 4 + */ +public class Bind extends AbstractMethod { + + private final BindInfo bindInfo; + + public Bind(BindInfo bindInfo) { + this.bindInfo = bindInfo; + } + + @Override + public String method() { + return "BIND"; + } + + @Override + public HttpRequest.BodyPublisher bodyPublisher() { + return publish(bindInfo); + } + + @Override + public boolean succeeded(HttpResponse response) { + return response.statusCode() == 200 || response.statusCode() == 201; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Checkin.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Checkin.java new file mode 100644 index 0000000..9cc8870 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Checkin.java @@ -0,0 +1,21 @@ +package org.xbib.io.webdav.client.methods; + +import java.net.http.HttpResponse; + +/** + * Represents an HTTP CHECKIN request. + * + * @see RFC 3253, Section 4.4 + */ +public class Checkin extends AbstractMethod { + + @Override + public String method() { + return "CHECKIN"; + } + + @Override + public boolean succeeded(HttpResponse response) { + return response.statusCode() == 201; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Checkout.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Checkout.java new file mode 100644 index 0000000..b85256d --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Checkout.java @@ -0,0 +1,21 @@ +package org.xbib.io.webdav.client.methods; + +import java.net.http.HttpResponse; + +/** + * Represents an HTTP CHECKOUT request. + * + * @see RFC 3253, Section 4.3 + */ +public class Checkout extends AbstractMethod { + + @Override + public String method() { + return "CHECKOUT"; + } + + @Override + public boolean succeeded(HttpResponse response) { + return response.statusCode() == 200; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Copy.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Copy.java new file mode 100644 index 0000000..0b06102 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Copy.java @@ -0,0 +1,48 @@ +package org.xbib.io.webdav.client.methods; + +import org.xbib.io.webdav.api.DavConstants; +import java.net.URI; +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; + +/** + * Represents an COPY request. + * + * @see RFC 4918, Section 9.8 + */ +public class Copy extends AbstractMethod { + + private final URI dest; + + private final boolean overwrite; + + private final boolean shallow; + + public Copy(URI dest, boolean overwrite, boolean shallow) { + this.dest = dest; + this.overwrite = overwrite; + this.shallow = shallow; + } + + @Override + public void accept(HttpRequest.Builder httpRequest) { + super.accept(httpRequest); + httpRequest.setHeader(DavConstants.HEADER_DESTINATION, dest.toASCIIString()); + if (!overwrite) { + httpRequest.setHeader(DavConstants.HEADER_OVERWRITE, "F"); + } + if (shallow) { + httpRequest.setHeader("Depth", "0"); + } + } + + @Override + public String method() { + return "COPY"; + } + + @Override + public boolean succeeded(HttpResponse response) { + return response.statusCode() == 201 || response.statusCode() == 204; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Delete.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Delete.java new file mode 100644 index 0000000..5b8348f --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Delete.java @@ -0,0 +1,13 @@ +package org.xbib.io.webdav.client.methods; + +/** + * Represents an HTTP DELETE request. + * + * @see RFC 7231, Section 4.3.5 + */ +public class Delete extends AbstractMethod { + + public String method() { + return "DELETE"; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Label.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Label.java new file mode 100644 index 0000000..9f780a0 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Label.java @@ -0,0 +1,42 @@ +package org.xbib.io.webdav.client.methods; + +import org.xbib.io.webdav.client.LabelInfo; +import org.xbib.io.webdav.common.DepthHeader; +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; + +/** + * Represents an HTTP LABEL request. + * + * @see RFC 3253, Section 8.2 + */ +public class Label extends AbstractMethod { + + private final LabelInfo labelInfo; + + public Label(LabelInfo labelInfo) { + this.labelInfo = labelInfo; + } + + @Override + public HttpRequest.BodyPublisher bodyPublisher() { + return publish(labelInfo); + } + + @Override + public void accept(HttpRequest.Builder httpRequest) { + super.accept(httpRequest); + DepthHeader dh = new DepthHeader(labelInfo.getDepth()); + httpRequest.setHeader(dh.getHeaderName(), dh.getHeaderValue()); + } + + @Override + public String method() { + return "LABEL"; + } + + @Override + public boolean succeeded(HttpResponse response) { + return response.statusCode() == 200; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Lock.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Lock.java new file mode 100644 index 0000000..9d1fdc5 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Lock.java @@ -0,0 +1,89 @@ +package org.xbib.io.webdav.client.methods; + +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.common.DepthHeader; +import org.xbib.io.webdav.common.IfHeader; +import org.xbib.io.webdav.common.LockInfo; +import org.xbib.io.webdav.common.TimeoutHeader; +import java.net.http.HttpHeaders; +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; +import java.util.List; +import java.util.Optional; + +/** + * Represents an HTTP LOCK request. + * + * @see RFC 4918, Section 9.10 + */ +public class Lock extends AbstractMethod { + + private final LockInfo lockInfo; + + private final List lockTokens; + + private final long timeout; + + private final boolean isRefresh; + + public Lock(LockInfo lockInfo) { + this.lockInfo = lockInfo; + this.timeout = 0L; + this.lockTokens = null; + this.isRefresh = false; + } + + public Lock(long timeout, List lockTokens) { + this.lockInfo = null; + this.timeout = timeout; + this.lockTokens = lockTokens; + this.isRefresh = true; + } + + @Override + public String method() { + return "LOCK"; + } + + @Override + public HttpRequest.BodyPublisher bodyPublisher() { + return publish(lockInfo); + } + + @Override + public void accept(HttpRequest.Builder httpRequest) { + super.accept(httpRequest); + if (lockInfo != null) { + TimeoutHeader th = new TimeoutHeader(lockInfo.getTimeout()); + httpRequest.setHeader(th.getHeaderName(), th.getHeaderValue()); + DepthHeader dh = new DepthHeader(lockInfo.isDeep()); + httpRequest.setHeader(dh.getHeaderName(), dh.getHeaderValue()); + } + if (timeout > 0L) { + TimeoutHeader th = new TimeoutHeader(timeout); + httpRequest.setHeader(th.getHeaderName(), th.getHeaderValue()); + } + if (lockTokens != null) { + IfHeader ifh = new IfHeader(lockTokens); + httpRequest.setHeader(ifh.getHeaderName(), ifh.getHeaderValue()); + } + } + + @Override + public boolean succeeded(HttpResponse response) { + boolean lockTokenHeaderOk = isRefresh || getLockToken(response) != null; + return lockTokenHeaderOk && (response.statusCode() == 200 || response.statusCode() == 201); + } + + private String getLockToken(HttpResponse response) { + HttpHeaders httpHeaders = response.headers(); + Optional optional = httpHeaders.firstValue(DavConstants.HEADER_LOCK_TOKEN); + if (optional.isPresent()) { + String v = optional.get().trim(); + if (v.startsWith("<") && v.endsWith(">")) { + return v.substring(1, v.length() - 1); + } + } + return null; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Merge.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Merge.java new file mode 100644 index 0000000..886ded2 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Merge.java @@ -0,0 +1,34 @@ +package org.xbib.io.webdav.client.methods; + +import org.xbib.io.webdav.client.MergeInfo; +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; + +/** + * Represents an HTTP MERGE request. + * + * @see RFC 3253, Section 11.2 + */ +public class Merge extends AbstractMethod { + + private final MergeInfo mergeInfo; + + public Merge(MergeInfo mergeInfo) { + this.mergeInfo = mergeInfo; + } + + @Override + public String method() { + return "MERGE"; + } + + @Override + public HttpRequest.BodyPublisher bodyPublisher() { + return publish(mergeInfo); + } + + @Override + public boolean succeeded(HttpResponse response) { + return response.statusCode() == 207; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Method.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Method.java new file mode 100644 index 0000000..da50d89 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Method.java @@ -0,0 +1,10 @@ +package org.xbib.io.webdav.client.methods; + +import java.util.Map; + +public interface Method { + + String method(); + + Map headers(); +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Mkcol.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Mkcol.java new file mode 100644 index 0000000..6719916 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Mkcol.java @@ -0,0 +1,21 @@ +package org.xbib.io.webdav.client.methods; + +import java.net.http.HttpResponse; + +/** + * Represents an HTTP MKCOL request. + * + * @see RFC 4918, Section 9.3 + */ +public class Mkcol extends AbstractMethod { + + @Override + public String method() { + return "MKCOL"; + } + + @Override + public boolean succeeded(HttpResponse response) { + return response.statusCode() == 201; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Mkworkspace.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Mkworkspace.java new file mode 100644 index 0000000..f73a89f --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Mkworkspace.java @@ -0,0 +1,21 @@ +package org.xbib.io.webdav.client.methods; + +import java.net.http.HttpResponse; + +/** + * Represents an HTTP MKWORKSPACE request. + * + * @see RFC 3253, Section 6.3 + */ +public class Mkworkspace extends AbstractMethod { + + @Override + public String method() { + return "MKWORKSPACE"; + } + + @Override + public boolean succeeded(HttpResponse response) { + return response.statusCode() == 201; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Move.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Move.java new file mode 100644 index 0000000..0dc0a56 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Move.java @@ -0,0 +1,41 @@ +package org.xbib.io.webdav.client.methods; + +import org.xbib.io.webdav.api.DavConstants; +import java.net.URI; +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; + +/** + * Represents an HTTP MOVE request. + * + * @see RFC 4918, Section 9.9 + */ +public class Move extends AbstractMethod { + + private final URI dest; + + private final boolean overwrite; + + public Move(URI dest, boolean overwrite) { + this.dest = dest; + this.overwrite = overwrite; + } + + @Override + public void accept(HttpRequest.Builder httpRequest) { + super.accept(httpRequest); + httpRequest.setHeader(DavConstants.HEADER_DESTINATION, dest.toASCIIString()); + if (!overwrite) { + httpRequest.setHeader(DavConstants.HEADER_OVERWRITE, "F"); + } + } + + @Override + public String method() { + return "MOVE"; + } + + public boolean succeeded(HttpResponse response) { + return response.statusCode() == 201 || response.statusCode() == 204; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Options.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Options.java new file mode 100644 index 0000000..1355491 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Options.java @@ -0,0 +1,71 @@ +package org.xbib.io.webdav.client.methods; + +import org.xbib.io.webdav.common.FieldValueParser; +import java.net.http.HttpHeaders; +import java.net.http.HttpResponse; +import java.nio.charset.StandardCharsets; +import java.util.HashSet; +import java.util.Optional; +import java.util.Set; + +/** + * Represents an HTTP OPTIONS request. + * + * @see RFC 7231, Section 4.3.7 + */ +public class Options extends AbstractMethod { + + private final Set allowedMethods = new HashSet<>(); + + private final Set complianceClasses = new HashSet<>(); + + private final Set dasl = new HashSet<>(); + + public Set getAllowedMethods() { + return allowedMethods; + } + + public Set getComplianceClasses() { + return complianceClasses; + } + + public Set getDasl() { + return dasl; + } + + public String method() { + return "OPTIONS"; + } + + /** + * This implementation will parse the Allow and DAV headers to obtain + * the set of HTTP methods and WebDAV compliance classes supported by the resource + * identified by the Request-URI. + */ + @Override + public HttpResponse.BodySubscriber apply(HttpResponse.ResponseInfo responseInfo) { + HttpHeaders httpHeaders = responseInfo.headers(); + Optional optional = httpHeaders.firstValue("Allow"); + if (optional.isPresent()) { + for (String method : optional.get().split(",")) { + allowedMethods.add(method.trim().toUpperCase()); + } + } + optional = httpHeaders.firstValue("DAV"); + if (optional.isPresent()) { + for (String s : FieldValueParser.tokenizeList(optional.get())) { + complianceClasses.add(s.trim()); + } + } + optional = httpHeaders.firstValue("DASL"); + if (optional.isPresent()) { + for (String s : FieldValueParser.tokenizeList(optional.get())) { + if (s.startsWith("<") && s.endsWith(">")) { + s = s.substring(1, s.length() - 1); + } + dasl.add(s.trim()); + } + } + return HttpResponse.BodySubscribers.ofString(StandardCharsets.UTF_8); + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Orderpatch.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Orderpatch.java new file mode 100644 index 0000000..b58f173 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Orderpatch.java @@ -0,0 +1,34 @@ +package org.xbib.io.webdav.client.methods; + +import org.xbib.io.webdav.common.OrderPatch; +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; + +/** + * Represents an HTTP ORDERPATCH request. + * + * @see RFC 3648, Section 5 + */ +public class Orderpatch extends AbstractMethod { + + OrderPatch orderPatchInfo; + + public Orderpatch(OrderPatch orderPatchInfo) { + this.orderPatchInfo = orderPatchInfo; + } + + @Override + public String method() { + return "ORDERPATCH"; + } + + @Override + public HttpRequest.BodyPublisher bodyPublisher() { + return publish(orderPatchInfo); + } + + @Override + public boolean succeeded(HttpResponse response) { + return response.statusCode() == 200; + } +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Poll.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Poll.java new file mode 100644 index 0000000..8a9995f --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Poll.java @@ -0,0 +1,42 @@ +package org.xbib.io.webdav.client.methods; + +import org.xbib.io.webdav.common.PollTimeoutHeader; +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; + +/** + * Represents an HTTP POLL request. + *

        + * Note that "POLL" is a custom HTTP extension, not defined in a standards paper. + */ +public class Poll extends AbstractMethod { + + private final String subscriptionId; + + private final long timeout; + + public Poll(String subscriptionId, long timeout) { + this.subscriptionId = subscriptionId; + this.timeout = timeout; + } + + @Override + public String method() { + return "POLL"; + } + + @Override + public void accept(HttpRequest.Builder httpRequest) { + super.accept(httpRequest); + httpRequest.setHeader("SubscriptionId", subscriptionId); + if (timeout > 0) { + PollTimeoutHeader th = new PollTimeoutHeader(timeout); + httpRequest.setHeader(th.getHeaderName(), th.getHeaderValue()); + } + } + + @Override + public boolean succeeded(HttpResponse response) { + return response.statusCode() == 200; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Propfind.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Propfind.java new file mode 100644 index 0000000..d754c81 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Propfind.java @@ -0,0 +1,58 @@ +package org.xbib.io.webdav.client.methods; + +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.client.PropfindInfo; +import org.xbib.io.webdav.common.DavPropertyNameSet; +import org.xbib.io.webdav.common.DepthHeader; +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; + +/** + * Represents an HTTP PROPFIND request. + * + * @see RFC 4918, Section 9.1 + */ +public class Propfind extends AbstractMethod { + + private final int propfindType; + + private final DavPropertyNameSet names; + + private final int depth; + + public Propfind(DavPropertyNameSet names, int depth) { + this(DavConstants.PROPFIND_BY_PROPERTY, names, depth); + } + + public Propfind(int propfindType, int depth) { + this(propfindType, new DavPropertyNameSet(), depth); + } + + public Propfind(int propfindType, DavPropertyNameSet names, int depth) { + this.propfindType = propfindType; + this.names = names; + this.depth = depth; + } + + @Override + public HttpRequest.BodyPublisher bodyPublisher() { + return publish(new PropfindInfo(propfindType, names)); + } + + @Override + public void accept(HttpRequest.Builder httpRequest) { + super.accept(httpRequest); + DepthHeader dh = new DepthHeader(depth); + httpRequest.setHeader(dh.getHeaderName(), dh.getHeaderValue()); + } + + @Override + public String method() { + return "PROPFIND"; + } + + @Override + public boolean succeeded(HttpResponse response) { + return response.statusCode() == 207; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Proppatch.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Proppatch.java new file mode 100644 index 0000000..509a532 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Proppatch.java @@ -0,0 +1,46 @@ +package org.xbib.io.webdav.client.methods; + +import org.xbib.io.webdav.api.PropEntry; +import org.xbib.io.webdav.client.ProppatchInfo; +import org.xbib.io.webdav.common.DavPropertyNameSet; +import org.xbib.io.webdav.common.DavPropertySet; +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; +import java.util.List; + +/** + * Represents an HTTP PROPPATCH request. + * + * @see RFC 4918, Section 9.2 + */ +public class Proppatch extends AbstractMethod { + + private final ProppatchInfo proppatchInfo; + + public Proppatch(List changeList) { + this(new ProppatchInfo(changeList)); + } + + public Proppatch(DavPropertySet setProperties, DavPropertyNameSet removeProperties) { + this(new ProppatchInfo(setProperties, removeProperties)); + } + + public Proppatch(ProppatchInfo proppatchInfo) { + this.proppatchInfo = proppatchInfo; + } + + @Override + public String method() { + return "PROPPATCH"; + } + + @Override + public HttpRequest.BodyPublisher bodyPublisher() { + return publish(proppatchInfo); + } + + @Override + public boolean succeeded(HttpResponse response) { + return response.statusCode() == 207; + } +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Rebind.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Rebind.java new file mode 100644 index 0000000..8413c98 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Rebind.java @@ -0,0 +1,32 @@ +package org.xbib.io.webdav.client.methods; + +import org.xbib.io.webdav.client.RebindInfo; +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; + +/** + * Represents an HTTP REBIND request. + * + * @see RFC 5842, Section 6 + */ +public class Rebind extends AbstractMethod { + + private final RebindInfo info; + + public Rebind(RebindInfo info) { + this.info = info; + } + + public String method() { + return "REBIND"; + } + + @Override + public HttpRequest.BodyPublisher bodyPublisher() { + return publish(info); + } + + public boolean succeeded(HttpResponse response) { + return response.statusCode() == 200 || response.statusCode() == 201; + } +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Report.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Report.java new file mode 100644 index 0000000..ad82d5f --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Report.java @@ -0,0 +1,51 @@ +package org.xbib.io.webdav.client.methods; + +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.client.ReportInfo; +import org.xbib.io.webdav.common.DepthHeader; +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; + +/** + * Represents an HTTP REPORT request. + * + * @see RFC 3253, Section 3.6 + */ +public class Report extends AbstractMethod { + + private final ReportInfo reportInfo; + + private final boolean isDeep; + + public Report(ReportInfo reportInfo) { + this.reportInfo = reportInfo; + this.isDeep = reportInfo.getDepth() > DavConstants.DEPTH_0; + } + + @Override + public String method() { + return "REPORT"; + } + + @Override + public HttpRequest.BodyPublisher bodyPublisher() { + return publish(reportInfo); + } + + @Override + public void accept(HttpRequest.Builder httpRequest) { + super.accept(httpRequest); + DepthHeader dh = new DepthHeader(reportInfo.getDepth()); + httpRequest.setHeader(dh.getHeaderName(), dh.getHeaderValue()); + } + + @Override + public boolean succeeded(HttpResponse response) { + int statusCode = response.statusCode(); + if (isDeep) { + return statusCode == 207; + } else { + return statusCode == 200 || statusCode == 207; + } + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Search.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Search.java new file mode 100644 index 0000000..e240568 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Search.java @@ -0,0 +1,34 @@ +package org.xbib.io.webdav.client.methods; + +import org.xbib.io.webdav.client.SearchInfo; +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; + +/** + * Represents an HTTP SEARCH request. + * + * @see RFC 5323, Section 2 + */ +public class Search extends AbstractMethod { + + private final SearchInfo searchInfo; + + public Search(SearchInfo searchInfo) { + this.searchInfo = searchInfo; + } + + @Override + public String method() { + return "SEARCH"; + } + + @Override + public HttpRequest.BodyPublisher bodyPublisher() { + return publish(searchInfo); + } + + @Override + public boolean succeeded(HttpResponse response) { + return response.statusCode() == 207; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Subscribe.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Subscribe.java new file mode 100644 index 0000000..7f2de3d --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Subscribe.java @@ -0,0 +1,64 @@ +package org.xbib.io.webdav.client.methods; + +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.common.CodedUrlHeader; +import org.xbib.io.webdav.common.DepthHeader; +import org.xbib.io.webdav.common.SubscriptionInfo; +import org.xbib.io.webdav.common.TimeoutHeader; +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; +import java.util.Optional; + +/** + * Represents an HTTP SUBSCRIBE request. + * Note that "SUBSCRIBE" is a custom HTTP extension, not defined in a standards paper. + */ +public class Subscribe extends AbstractMethod { + + private final SubscriptionInfo subscriptionInfo; + + private final String subscriptionId; + + public Subscribe(SubscriptionInfo subscriptionInfo, String subscriptionId) { + this.subscriptionInfo = subscriptionInfo; + this.subscriptionId = subscriptionId; + } + + @Override + public void accept(HttpRequest.Builder httpRequest) { + super.accept(httpRequest); + if (subscriptionId != null) { + CodedUrlHeader h = new CodedUrlHeader("SubscriptionId", subscriptionId); + httpRequest.setHeader(h.getHeaderName(), h.getHeaderValue()); + } + // optional timeout header + long to = subscriptionInfo.getTimeOut(); + if (to != DavConstants.UNDEFINED_TIMEOUT) { + TimeoutHeader h = new TimeoutHeader(subscriptionInfo.getTimeOut()); + httpRequest.setHeader(h.getHeaderName(), h.getHeaderValue()); + } + // always set depth header since value is boolean flag + DepthHeader dh = new DepthHeader(subscriptionInfo.isDeep()); + httpRequest.setHeader(dh.getHeaderName(), dh.getHeaderValue()); + } + + public String getSubscriptionId(HttpResponse response) { + Optional optional = response.headers().firstValue("SubscriptionId"); + return optional.map(s -> new CodedUrlHeader("SubscriptionId", s).getCodedUrl()).orElse(null); + } + + @Override + public String method() { + return "SUBSCRIBE"; + } + + @Override + public HttpRequest.BodyPublisher bodyPublisher() { + return publish(subscriptionInfo); + } + + @Override + public boolean succeeded(HttpResponse response) { + return response.statusCode() == 200; + } +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Unbind.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Unbind.java new file mode 100644 index 0000000..f08570f --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Unbind.java @@ -0,0 +1,34 @@ +package org.xbib.io.webdav.client.methods; + +import org.xbib.io.webdav.client.UnbindInfo; +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; + +/** + * Represents an HTTP UNBIND request. + * + * @see RFC 5842, Section 5 + */ +public class Unbind extends AbstractMethod { + + private final UnbindInfo info; + + public Unbind(UnbindInfo info) { + this.info = info; + } + + @Override + public String method() { + return "UNBIND"; + } + + @Override + public HttpRequest.BodyPublisher bodyPublisher() { + return publish(info); + } + + @Override + public boolean succeeded(HttpResponse response) { + return response.statusCode() == 200 || response.statusCode() == 204; + } +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Unlock.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Unlock.java new file mode 100644 index 0000000..805be35 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Unlock.java @@ -0,0 +1,36 @@ +package org.xbib.io.webdav.client.methods; + +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.common.CodedUrlHeader; +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; + +/** + * Represents an HTTP UNLOCK request. + * + * @see RFC 4918, Section 9.11 + */ +public class Unlock extends AbstractMethod { + + private final String lockToken; + + public Unlock(String lockToken) { + this.lockToken = lockToken; + } + + @Override + public void accept(HttpRequest.Builder httpRequest) { + super.accept(httpRequest); + CodedUrlHeader lth = new CodedUrlHeader(DavConstants.HEADER_LOCK_TOKEN, lockToken); + httpRequest.setHeader(lth.getHeaderName(), lth.getHeaderValue()); + } + + public String method() { + return "UNLOCK"; + } + + @Override + public boolean succeeded(HttpResponse response) { + return response.statusCode() == 200 || response.statusCode() == 204; + } +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Unsubscribe.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Unsubscribe.java new file mode 100644 index 0000000..d076065 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Unsubscribe.java @@ -0,0 +1,33 @@ +package org.xbib.io.webdav.client.methods; + +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; + +/** + * Represents an HTTP UNSUBSCRIBE request. + * Note that "UNSUBSCRIBE" is a custom HTTP extension, not defined in a standards paper. + */ +public class Unsubscribe extends AbstractMethod { + + private final String subscriptionId; + + public Unsubscribe(String subscriptionId) { + this.subscriptionId = subscriptionId; + } + + @Override + public String method() { + return "UNSUBSCRIBE"; + } + + @Override + public void accept(HttpRequest.Builder httpRequest) { + super.accept(httpRequest); + httpRequest.setHeader("SubscriptionId", subscriptionId); + } + + @Override + public boolean succeeded(HttpResponse response) { + return response.statusCode() == 204; + } +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Update.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Update.java new file mode 100644 index 0000000..4539034 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/Update.java @@ -0,0 +1,33 @@ +package org.xbib.io.webdav.client.methods; + +import org.xbib.io.webdav.client.UpdateInfo; +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; + +/** + * Represents an HTTP UPDATE request. + * + * @see RFC 3253, Section 7.1 + */ +public class Update extends AbstractMethod { + + private final UpdateInfo updateInfo; + + public Update(UpdateInfo updateInfo) { + this.updateInfo = updateInfo; + } + + public String method() { + return "UPDATE"; + } + + @Override + public HttpRequest.BodyPublisher bodyPublisher() { + return publish(updateInfo); + } + + @Override + public boolean succeeded(HttpResponse response) { + return response.statusCode() == 207; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/VersionControl.java b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/VersionControl.java new file mode 100644 index 0000000..1bacb80 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/client/methods/VersionControl.java @@ -0,0 +1,21 @@ +package org.xbib.io.webdav.client.methods; + +import java.net.http.HttpResponse; + +/** + * Represents an HTTP VERSION-CONTROL request. + * + * @see RFC 3253, Section 3.5 + */ +public class VersionControl extends AbstractMethod { + + @Override + public String method() { + return "VERSION-CONTROL"; + } + + @Override + public boolean succeeded(HttpResponse response) { + return response.statusCode() == 200; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/AbstractDavProperty.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/AbstractDavProperty.java new file mode 100644 index 0000000..e819440 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/AbstractDavProperty.java @@ -0,0 +1,141 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.XMLizable; +import java.util.Collection; + +/** + * AbstractDavProperty provides generic METHODS used by various + * implementations of the {@link DavProperty} interface. + */ +public abstract class AbstractDavProperty implements DavProperty { + + private final DavPropertyName name; + private final boolean isInvisibleInAllprop; + + /** + * Create a new AbstractDavProperty with the given {@link DavPropertyName} + * and a boolean flag indicating whether this property should be suppressed + * in PROPFIND/allprop responses. + */ + public AbstractDavProperty(DavPropertyName name, boolean isInvisibleInAllprop) { + this.name = name; + this.isInvisibleInAllprop = isInvisibleInAllprop; + } + + /** + * Computes the hash code using this property's name and value. + * + * @return the hash code + */ + @Override + public int hashCode() { + int hashCode = getName().hashCode(); + if (getValue() != null) { + hashCode += getValue().hashCode(); + } + return hashCode % Integer.MAX_VALUE; + } + + /** + * Checks if this property has the same {@link DavPropertyName name} + * and value as the given one. + * + * @param obj the object to compare to + * @return true if the 2 objects are equal; + * false otherwise + */ + @Override + public boolean equals(Object obj) { + if (obj instanceof DavProperty) { + DavProperty prop = (DavProperty) obj; + boolean equalName = getName().equals(prop.getName()); + boolean equalValue = (getValue() == null) ? prop.getValue() == null : getValue().equals(prop.getValue()); + return equalName && equalValue; + } + return false; + } + + + /** + * Return a XML element representation of this property. The value of the + * property will be added as text or as child element. + * 

        +     * new DavProperty("displayname", "WebDAV Directory").toXml
+     * gives a element like:
+     * <D:displayname>WebDAV Directory</D:displayname>
+     *
+     * new DavProperty("resourcetype", new Element("collection")).toXml
+     * gives a element like:
+     * <D:resourcetype><D:collection/></D:resourcetype>
+     *
+     * Element[] customVals = { new Element("bla", customNamespace), new Element("bli", customNamespace) };
+     * new DavProperty("custom-property", customVals, customNamespace).toXml
+     * gives an element like
+     * <Z:custom-property>
+     *    <Z:bla/>
+     *    <Z:bli/>
+     * </Z:custom-property>
+     *
        + * + * @param document + * @return a XML element of this property + * @see XMLizable#toXml(Document) + */ + public Element toXml(Document document) { + Element elem = getName().toXml(document); + T value = getValue(); + // todo: improve.... + if (value != null) { + if (value instanceof XMLizable) { + elem.appendChild(((XMLizable) value).toXml(document)); + } else if (value instanceof Node) { + Node n = document.importNode((Node) value, true); + elem.appendChild(n); + } else if (value instanceof Node[]) { + for (int i = 0; i < ((Node[]) value).length; i++) { + Node n = document.importNode(((Node[]) value)[i], true); + elem.appendChild(n); + } + } else if (value instanceof Collection) { + for (Object entry : ((Collection) value)) { + if (entry instanceof XMLizable) { + elem.appendChild(((XMLizable) entry).toXml(document)); + } else if (entry instanceof Node) { + Node n = document.importNode((Node) entry, true); + elem.appendChild(n); + } else { + DomUtil.setText(elem, entry.toString()); + } + } + } else { + DomUtil.setText(elem, value.toString()); + } + } + return elem; + } + + /** + * Returns the name of this property. + * + * @return name + * @see DavProperty#getName() + */ + public DavPropertyName getName() { + return name; + } + + /** + * Return true if this property should be suppressed + * in a PROPFIND/{@link DavConstants#PROPFIND_ALL_PROP DAV:allprop} + * response. See RFC 4918, Section 9.1. + * + * @see DavProperty#isInvisibleInAllprop() + */ + public boolean isInvisibleInAllprop() { + return isInvisibleInAllprop; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/CodedUrlHeader.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/CodedUrlHeader.java new file mode 100644 index 0000000..e3c65e4 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/CodedUrlHeader.java @@ -0,0 +1,91 @@ +package org.xbib.io.webdav.common; + +import org.xbib.io.webdav.api.Header; + +/** + * CodedUrlHeader... + */ +public class CodedUrlHeader implements Header { + + private final String headerName; + private final String headerValue; + + public CodedUrlHeader(String headerName, String headerValue) { + this.headerName = headerName; + if (headerValue != null && !(headerValue.startsWith("<") && headerValue.endsWith(">"))) { + headerValue = "<" + headerValue + ">"; + } + this.headerValue = headerValue; + } + + /** + * Return the name of the header + * + * @return header name + * @see Header#getHeaderName() + */ + public String getHeaderName() { + return headerName; + } + + /** + * Return the value of the header + * + * @return value + * @see Header#getHeaderValue() + */ + public String getHeaderValue() { + return headerValue; + } + + /** + * Returns the token present in the header value or null. + * If the header contained multiple tokens separated by ',' the first value + * is returned. + * + * @return token present in the CodedURL header or null if + * the header is not present. + * @see #getCodedUrls() + */ + public String getCodedUrl() { + String[] codedUrls = getCodedUrls(); + return (codedUrls != null) ? codedUrls[0] : null; + } + + /** + * Return an array of coded urls as present in the header value or null if + * no value is present. + * + * @return array of coded urls + */ + public String[] getCodedUrls() { + String[] codedUrls = null; + if (headerValue != null) { + String[] values = headerValue.split(","); + codedUrls = new String[values.length]; + for (int i = 0; i < values.length; i++) { + int p1 = values[i].indexOf('<'); + if (p1 < 0) { + throw new IllegalArgumentException("Invalid CodedURL header value:" + values[i]); + } + int p2 = values[i].indexOf('>', p1); + if (p2 < 0) { + throw new IllegalArgumentException("Invalid CodedURL header value:" + values[i]); + } + codedUrls[i] = values[i].substring(p1 + 1, p2); + } + } + return codedUrls; + } + + /** + * Retrieves the header with the given name and builds a new CodedUrlHeader. + * + * @param headerName + * @return new CodedUrlHeader instance + */ + public static CodedUrlHeader parse(/*HttpServletRequest request*/String headerName, String headerValue) { + //String headerValue = request.getHeader(headerName); + return new CodedUrlHeader(headerName, headerValue); + } +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/DavDocumentBuilderFactory.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/DavDocumentBuilderFactory.java new file mode 100644 index 0000000..c7ffe24 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/DavDocumentBuilderFactory.java @@ -0,0 +1,68 @@ +package org.xbib.io.webdav.common; + +import org.xml.sax.EntityResolver; +import org.xml.sax.helpers.DefaultHandler; +import java.io.IOException; +import javax.xml.XMLConstants; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; + +/** + * Custom {@link DocumentBuilderFactory} extended for use in WebDAV. + */ +public class DavDocumentBuilderFactory { + + private final DocumentBuilderFactory DEFAULT_FACTORY = createFactory(); + + private DocumentBuilderFactory BUILDER_FACTORY = DEFAULT_FACTORY; + + public DocumentBuilder newDocumentBuilder() throws ParserConfigurationException { + DocumentBuilder db = BUILDER_FACTORY.newDocumentBuilder(); + if (BUILDER_FACTORY == DEFAULT_FACTORY) { + // if this is the default factory: set the default entity resolver as well + db.setEntityResolver(DEFAULT_ENTITY_RESOLVER); + } + db.setErrorHandler(new DefaultHandler()); + return db; + } + + /** + * Support the replacement of {@link #BUILDER_FACTORY}. This is useful + * for injecting a customized BuilderFactory, for example with one that + * uses a local catalog resolver. This is one technique for addressing + * this issue: + * http://www.w3.org/blog/systeam/2008/02/08/w3c_s_excessive_dtd_traffic + * + * @param documentBuilderFactory + */ + public void setFactory(DocumentBuilderFactory documentBuilderFactory) { + //LOG.debug("DocumentBuilderFactory changed to: " + documentBuilderFactory); + BUILDER_FACTORY = documentBuilderFactory != null ? documentBuilderFactory : DEFAULT_FACTORY; + } + + private DocumentBuilderFactory createFactory() { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + factory.setIgnoringComments(true); + factory.setIgnoringElementContentWhitespace(true); + factory.setCoalescing(true); + try { + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + } catch (ParserConfigurationException | AbstractMethodError e) { + //LOG.warn("Secure XML processing is not supported", e); + } + return factory; + } + + /** + * An entity resolver that does not allow external entity resolution. See + * RFC 4918, Section 20.6 + */ + private static final EntityResolver DEFAULT_ENTITY_RESOLVER = (publicId, systemId) -> { + //LOG.debug("Resolution of external entities in XML payload not supported - publicId: " + publicId + ", systemId: " + // + systemId); + throw new IOException("This parser does not support resolution of external entities (publicId: " + publicId + + ", systemId: " + systemId + ")"); + }; +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/DavException.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/DavException.java new file mode 100644 index 0000000..6e35f9d --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/DavException.java @@ -0,0 +1,154 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.XMLizable; +import java.io.IOException; +import java.util.Properties; + +/** + * DavException extends the {@link IOException} class in order + * to simplify handling of exceptional situations occurring during processing + * of WebDAV requests and provides possibility to retrieve an Xml representation + * of the error. + */ +@SuppressWarnings("serial") +public class DavException extends IOException implements XMLizable { + + private static final Properties statusPhrases = new Properties(); + + static { + try { + statusPhrases.load(DavException.class.getResourceAsStream("statuscode.properties")); + } catch (IOException e) { + //log.error("Failed to load status properties: " + e.getMessage()); + } + } + + public static final String XML_ERROR = "error"; + + private final int errorCode; + + private final Element errorCondition; + + /** + * Create a new DavException. + * + * @param errorCode integer specifying any of the status codes + * @param message Human readable error message. + * @see DavException#DavException(int, String, Throwable, Element) + */ + public DavException(int errorCode, String message) { + this(errorCode, message, null, null); + } + + /** + * Create a new DavException. + * + * @param errorCode integer specifying any of the status codes + * @param cause Cause of this DavException + * @see DavException#DavException(int, String, Throwable, Element) + */ + public DavException(int errorCode, Throwable cause) { + this(errorCode, null, cause, null); + } + + /** + * Create a new DavException. + * + * @param errorCode integer specifying any of the status codes + * @see DavException#DavException(int, String, Throwable, Element) + */ + public DavException(int errorCode) { + this(errorCode, statusPhrases.getProperty(String.valueOf(errorCode)), null, null); + } + + /** + * Create a new DavException. + * + * @param errorCode integer specifying any of the status codes + * @param message Human readable error message. + * @param cause Cause of this DavException. + * @param errorCondition Xml element providing detailed information about + * the error. If the condition is not null, {@link #toXml(Document)} + */ + public DavException(int errorCode, String message, Throwable cause, Element errorCondition) { + super(message, cause); + this.errorCode = errorCode; + this.errorCondition = errorCondition; + //log.debug("DavException: (" + errorCode + ") " + message); + } + + /** + * Return the error code attached to this DavException. + * + * @return errorCode + */ + public int getErrorCode() { + return errorCode; + } + + /** + * Return the status phrase corresponding to the error code attached to + * this DavException. + * + * @return status phrase corresponding to the error code. + * @see #getErrorCode() + */ + public String getStatusPhrase() { + return getStatusPhrase(errorCode); + } + + /** + * Returns the status phrase for the given error code. + * + * @param errorCode + * @return status phrase corresponding to the given error code. + */ + public static String getStatusPhrase(int errorCode) { + return statusPhrases.getProperty(errorCode + ""); + } + + /** + * @return true if a error condition has been specified, false otherwise. + */ + public boolean hasErrorCondition() { + return errorCondition != null; + } + + /** + * Return the error condition attached to this DavException. + * + * @return errorCondition + */ + public Element getErrorCondition() { + return errorCondition; + } + + /** + * Returns a DAV:error element containing the error condition or + * null if no specific condition is available. See + * RFC 3253 + * Section 1.6 "Method Preconditions and Postconditions" for additional + * information. + * + * @param document + * @return A DAV:error element indicating the error cause or null. + * @see XMLizable#toXml(Document) + */ + public Element toXml(Document document) { + if (hasErrorCondition()) { + Element error; + if (DomUtil.matches(errorCondition, XML_ERROR, DavConstants.NAMESPACE)) { + error = (Element) document.importNode(errorCondition, true); + } else { + error = DomUtil.createElement(document, XML_ERROR, DavConstants.NAMESPACE); + error.appendChild(document.importNode(errorCondition, true)); + } + return error; + } else { + return null; + } + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/DavProperty.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/DavProperty.java new file mode 100644 index 0000000..f7b13fc --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/DavProperty.java @@ -0,0 +1,56 @@ +package org.xbib.io.webdav.common; + +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.PropEntry; +import org.xbib.io.webdav.api.XMLizable; + +/** + * The Property class represents a Property of a WebDAV + * resource. The {@link Object#hashCode()} and {@link Object#equals(Object)} methods are + * overridden in a way, such that the name and value of the property are + * respected. This means, a property is equal to another if the names + * and values are equal.
        + * The XML representation of a DavProperty: + * 
        + * new DavProperty("displayname", "WebDAV Directory").toXml
+ * gives a element like:
+ * <D:displayname>WebDAV Directory</D:displayname>
+ *
+ * new DavProperty("resourcetype", new Element("collection")).toXml
+ * gives a element like:
+ * <D:resourcetype><D:collection/></D:resourcetype>
+ *
+ * Element[] customVals = { new Element("bla", customNamespace), new Element("bli", customNamespace) };
+ * new DavProperty("custom-property", customVals, customNamespace).toXml
+ * gives an element like
+ * <Z:custom-property>
+ *    <Z:bla/>
+ *    <Z:bli/>
+ * </Z:custom-property>
+ *
        + */ +public interface DavProperty extends XMLizable, DavConstants, PropEntry { + + /** + * Returns the name of this property + * + * @return the name of this property + */ + DavPropertyName getName(); + + /** + * Returns the value of this property + * + * @return the value of this property + */ + T getValue(); + + /** + * Return true if this property should be suppressed + * in a PROPFIND/{@link DavConstants#PROPFIND_ALL_PROP DAV:allprop} + * response. See RFC 4918, Section 9.1. + * + * @return true, if this property should be suppressed in a PROPFIND/allprop response + */ + boolean isInvisibleInAllprop(); +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/DavPropertyIterator.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/DavPropertyIterator.java new file mode 100644 index 0000000..a042e3f --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/DavPropertyIterator.java @@ -0,0 +1,18 @@ +package org.xbib.io.webdav.common; + +import java.util.Iterator; +import java.util.NoSuchElementException; + +/** + * The DavPropertyIterator extends the Iterator by + * a property specific next() method. + */ +public interface DavPropertyIterator extends Iterator> { + /** + * Returns the next Property. + * + * @return the next Property in the iteration. + * @throws NoSuchElementException if iteration has no more elements. + */ + DavProperty nextProperty() throws NoSuchElementException; +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/DavPropertyName.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/DavPropertyName.java new file mode 100644 index 0000000..ee86c00 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/DavPropertyName.java @@ -0,0 +1,187 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.Namespace; +import org.xbib.io.webdav.api.PropEntry; +import org.xbib.io.webdav.api.XMLizable; +import java.util.HashMap; +import java.util.Map; + +/** + * The DavPropertyName class reflects a WebDAV property name. It + * holds together the local name of the property and its namespace. + */ +public class DavPropertyName implements DavConstants, XMLizable, PropEntry { + + /** + * internal 'cache' of created property names + */ + private static final Map> cache = new HashMap>(); + + /* some standard webdav property (that have #PCDATA) */ + public static final DavPropertyName CREATIONDATE = DavPropertyName.create(PROPERTY_CREATIONDATE); + public static final DavPropertyName DISPLAYNAME = DavPropertyName.create(PROPERTY_DISPLAYNAME); + public static final DavPropertyName GETCONTENTLANGUAGE = DavPropertyName.create(PROPERTY_GETCONTENTLANGUAGE); + public static final DavPropertyName GETCONTENTLENGTH = DavPropertyName.create(PROPERTY_GETCONTENTLENGTH); + public static final DavPropertyName GETCONTENTTYPE = DavPropertyName.create(PROPERTY_GETCONTENTTYPE); + public static final DavPropertyName GETETAG = DavPropertyName.create(PROPERTY_GETETAG); + public static final DavPropertyName GETLASTMODIFIED = DavPropertyName.create(PROPERTY_GETLASTMODIFIED); + + /* some standard webdav property (that have other elements) */ + public static final DavPropertyName LOCKDISCOVERY = DavPropertyName.create(PROPERTY_LOCKDISCOVERY); + public static final DavPropertyName RESOURCETYPE = DavPropertyName.create(PROPERTY_RESOURCETYPE); + public static final DavPropertyName SOURCE = DavPropertyName.create(PROPERTY_SOURCE); + public static final DavPropertyName SUPPORTEDLOCK = DavPropertyName.create(PROPERTY_SUPPORTEDLOCK); + + /* property use by microsoft that are not specified in the RFC 2518 */ + public static final DavPropertyName ISCOLLECTION = DavPropertyName.create("iscollection"); + + /** + * the name of the property + */ + private final String name; + + /** + * the namespace of the property + */ + private final Namespace namespace; + + /** + * Creates a new DavPropertyName with the given name and + * Namespace. + * + * @param name The local name of the new property name + * @param namespace The namespace of the new property name + * @return The WebDAV property name + */ + public synchronized static DavPropertyName create(String name, Namespace namespace) { + // get (or create) map for the given namespace + Map map = cache.computeIfAbsent(namespace, k -> new HashMap<>()); + // get (or create) property name object + DavPropertyName ret = map.get(name); + if (ret == null) { + if (namespace.equals(NAMESPACE)) { + // ensure prefix for default 'DAV:' namespace + namespace = NAMESPACE; + } + ret = new DavPropertyName(name, namespace); + map.put(name, ret); + } + return ret; + } + + /** + * Creates a new DavPropertyName with the given local name + * and the default WebDAV {@link DavConstants#NAMESPACE namespace}. + * + * @param name The local name of the new property name + * @return The WebDAV property name + */ + public static DavPropertyName create(String name) { + return create(name, NAMESPACE); + } + + /** + * Create a new DavPropertyName with the name and namespace + * of the given Xml element. + * + * @param nameElement + * @return DavPropertyName instance + */ + public synchronized static DavPropertyName createFromXml(Element nameElement) { + if (nameElement == null) { + throw new IllegalArgumentException("Cannot build DavPropertyName from a 'null' element."); + } + String ns = nameElement.getNamespaceURI(); + if (ns == null) { + return create(nameElement.getLocalName(), Namespace.EMPTY_NAMESPACE); + } else { + return create(nameElement.getLocalName(), Namespace.getNamespace(nameElement.getPrefix(), ns)); + } + } + + /** + * Creates a new DavPropertyName with the given name and + * Namespace. + * + * @param name The local name of the new property name + * @param namespace The namespace of the new property name + */ + private DavPropertyName(String name, Namespace namespace) { + if (name == null || namespace == null) { + throw new IllegalArgumentException("Name and namespace must not be 'null' for a DavPropertyName."); + } + this.name = name; + this.namespace = namespace; + } + + /** + * Return the name of this DavPropertyName. + * + * @return name + */ + public String getName() { + return name; + } + + /** + * Return the namespace of this DavPropertyName. + * + * @return namespace + */ + public Namespace getNamespace() { + return namespace; + } + + /** + * Computes the hash code using this properties name and namespace. + * + * @return the hash code + */ + @Override + public int hashCode() { + return (name.hashCode() + namespace.hashCode()) % Integer.MAX_VALUE; + } + + /** + * Checks if this property has the same name and namespace as the + * given one. + * + * @param obj the object to compare to + * @return true if the 2 objects are equal; + * false otherwise + */ + @Override + public boolean equals(Object obj) { + if (obj instanceof DavPropertyName) { + DavPropertyName propName = (DavPropertyName) obj; + return name.equals(propName.name) && namespace.equals(propName.namespace); + } + return false; + } + + /** + * Returns a string representation of this property suitable for debugging + * + * @return a human readable string representation + */ + @Override + public String toString() { + return DomUtil.getExpandedName(name, namespace); + } + + /** + * Creates a element with the name and namespace of this + * DavPropertyName. + * + * @param document + * @return A element with the name and namespace of this + * DavPropertyName. + */ + public Element toXml(Document document) { + return DomUtil.createElement(document, name, namespace); + } +} + diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/DavPropertyNameIterator.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/DavPropertyNameIterator.java new file mode 100644 index 0000000..1c1917a --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/DavPropertyNameIterator.java @@ -0,0 +1,12 @@ +package org.xbib.io.webdav.common; + +import java.util.Iterator; + +/** + * DavPropertyNameIterator... + */ +public interface DavPropertyNameIterator extends Iterator { + + DavPropertyName nextPropertyName(); + +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/DavPropertyNameSet.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/DavPropertyNameSet.java new file mode 100644 index 0000000..e426454 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/DavPropertyNameSet.java @@ -0,0 +1,183 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.Namespace; +import org.xbib.io.webdav.api.PropEntry; +import java.util.Collection; +import java.util.HashSet; +import java.util.Iterator; +import java.util.Set; + +/** + * DavPropertyNameSet represents a Set of {@link DavPropertyName} + * objects. + */ +public class DavPropertyNameSet extends PropContainer + implements Iterable { + + private final Set set = new HashSet<>(); + + /** + * Create a new empty set. + */ + public DavPropertyNameSet() { + } + + /** + * Create a new DavPropertyNameSet with the given initial values. + * + * @param initialSet + */ + public DavPropertyNameSet(DavPropertyNameSet initialSet) { + addAll(initialSet); + } + + /** + * Create a new DavPropertyNameSet from the given DAV:prop + * element. + * + * @param propElement + * @throws IllegalArgumentException if the specified element is null + * or is not a DAV:prop element. + */ + public DavPropertyNameSet(Element propElement) { + if (!DomUtil.matches(propElement, XML_PROP, NAMESPACE)) { + throw new IllegalArgumentException("'DAV:prop' element expected."); + } + + // fill the set + ElementIterator it = DomUtil.getChildren(propElement); + while (it.hasNext()) { + add(DavPropertyName.createFromXml(it.nextElement())); + } + } + + /** + * Adds the specified {@link DavPropertyName} object to this + * set if it is not already present. + * + * @param propertyName element to be added to this set. + * @return {@code true} if the set did not already contain the specified + * element. + */ + public boolean add(DavPropertyName propertyName) { + return set.add(propertyName); + } + + /** + * Creates a DavPropertyName from the given parameters and add it to this set. + * + * @param localName + * @param namespace + * @return {@code true} if the set did not already contain the specified + * property name. + */ + public boolean add(String localName, Namespace namespace) { + return set.add(DavPropertyName.create(localName, namespace)); + } + + /** + * Add the property names contained in the specified set to this set. + * + * @param propertyNames + * @return true if the set has been modified by this call. + */ + public boolean addAll(DavPropertyNameSet propertyNames) { + return set.addAll(propertyNames.set); + } + + /** + * Removes the specified {@link DavPropertyName} object from this set. + * + * @param propertyName + * @return true if the given property name could be removed. + * @see HashSet#remove(Object) + */ + public boolean remove(DavPropertyName propertyName) { + return set.remove(propertyName); + } + + /** + * @return Iterator over all DavPropertyNames contained in this + * set. + */ + public DavPropertyNameIterator iterator() { + return new PropertyNameIterator(); + } + + //------------------------------------------------------< PropContainer >--- + + /** + * @see PropContainer#contains(DavPropertyName) + */ + @Override + public boolean contains(DavPropertyName name) { + return set.contains(name); + } + + /** + * @param contentEntry NOTE that an instance of DavPropertyName + * in order to successfully add the given entry. + * @return true if contentEntry is an instance of DavPropertyName + * that could be added to this set. False otherwise. + * @see PropContainer#addContent(Object) + */ + @Override + public boolean addContent(PropEntry contentEntry) { + if (contentEntry instanceof DavPropertyName) { + return add((DavPropertyName) contentEntry); + } + //log.debug("DavPropertyName object expected. Found: " + contentEntry.getClass().toString()); + return false; + } + + /** + * @see PropContainer#isEmpty() + */ + @Override + public boolean isEmpty() { + return set.isEmpty(); + } + + /** + * @see PropContainer#getContentSize() + */ + @Override + public int getContentSize() { + return set.size(); + } + + /** + * @see PropContainer#getContent() + */ + @Override + public Collection getContent() { + return set; + } + + //--------------------------------------------------------< inner class >--- + private class PropertyNameIterator implements DavPropertyNameIterator { + + private final Iterator iter; + + private PropertyNameIterator() { + this.iter = set.iterator(); + } + + public DavPropertyName nextPropertyName() { + return iter.next(); + } + + public void remove() { + iter.remove(); + } + + public boolean hasNext() { + return iter.hasNext(); + } + + public DavPropertyName next() { + return iter.next(); + } + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/DavPropertySet.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/DavPropertySet.java new file mode 100644 index 0000000..5ea209d --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/DavPropertySet.java @@ -0,0 +1,281 @@ +package org.xbib.io.webdav.common; + +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.Namespace; +import org.xbib.io.webdav.api.PropEntry; +import java.util.Collection; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Map; +import java.util.NoSuchElementException; + +/** + * The DavPropertySet class represents a set of WebDAV + * property. + */ +public class DavPropertySet extends PropContainer + implements Iterable> { + + /** + * the set of property + */ + private final Map> map = new HashMap>(); + + /** + * Adds a new property to this set. + * + * @param property The property to add + * @return The previously assigned property or null. + */ + public DavProperty add(DavProperty property) { + return map.put(property.getName(), property); + } + + /** + * @param pset Properties to add + */ + public void addAll(DavPropertySet pset) { + map.putAll(pset.map); + } + + /** + * Retrieves the property with the specified name and the + * default WebDAV {@link DavConstants#NAMESPACE namespace}. + * + * @param name The name of the property to retrieve + * @return The desired property or null + */ + public DavProperty get(String name) { + return get(DavPropertyName.create(name)); + } + + /** + * Retrieves the property with the specified name and + * namespace. + * + * @param name The name of the property to retrieve + * @param namespace The namespace of the property to retrieve + * @return The desired property or null + */ + public DavProperty get(String name, Namespace namespace) { + return get(DavPropertyName.create(name, namespace)); + } + + /** + * Retrieves the property with the specified name + * + * @param name The webdav property name of the property to retrieve + * @return The desired property or null + */ + public DavProperty get(DavPropertyName name) { + return map.get(name); + } + + + /** + * Removes the indicated property from this set. + * + * @param name The webdav property name to remove + * @return The removed property or null + */ + public DavProperty remove(DavPropertyName name) { + return map.remove(name); + } + + /** + * Removes the property with the specified name and the + * default WebDAV {@link DavConstants#NAMESPACE namespace}. + * + * @param name The name of the property to remove + * @return The removed property or null + */ + public DavProperty remove(String name) { + return remove(DavPropertyName.create(name)); + } + + /** + * Removes the property with the specified name and + * namespace from this set. + * + * @param name The name of the property to remove + * @param namespace The namespace of the property to remove + * @return The removed property or null + */ + public DavProperty remove(String name, Namespace namespace) { + return remove(DavPropertyName.create(name, namespace)); + } + + /** + * Returns an iterator over all property in this set. + * + * @return An iterator over {@link DavProperty}. + */ + public DavPropertyIterator iterator() { + return new PropIter(); + } + + /** + * Returns an iterator over all those property in this set, that have the + * indicated namespace. + * + * @param namespace The namespace of the property in the iteration. + * @return An iterator over {@link DavProperty}. + */ + public DavPropertyIterator iterator(Namespace namespace) { + return new PropIter(namespace); + } + + /** + * Return the names of all properties present in this set. + * + * @return array of {@link DavPropertyName property names} present in this set. + */ + public DavPropertyName[] getPropertyNames() { + return map.keySet().toArray(new DavPropertyName[map.keySet().size()]); + } + + //------------------------------------------------------< PropContainer >--- + + /** + * Checks if this set contains the property with the specified name. + * + * @param name The name of the property + * @return true if this set contains the property; + * false otherwise. + * @see PropContainer#contains(DavPropertyName) + */ + @Override + public boolean contains(DavPropertyName name) { + return map.containsKey(name); + } + + /** + * @param contentEntry NOTE, that the given object must be an instance of + * DavProperty in order to be successfully added to this set. + * @return true if the specified object is an instance of DavProperty + * and false otherwise. + * @see PropContainer#addContent(PropEntry) + */ + @Override + public boolean addContent(PropEntry contentEntry) { + if (contentEntry instanceof DavProperty) { + add((DavProperty) contentEntry); + return true; + } + //log.debug("DavProperty object expected. Found: " + contentEntry.getClass().toString()); + return false; + } + + /** + * @see PropContainer#isEmpty() + */ + @Override + public boolean isEmpty() { + return map.isEmpty(); + } + + /** + * @see PropContainer#getContentSize() + */ + @Override + public int getContentSize() { + return map.size(); + } + + /** + * @see PropContainer#getContent() + */ + @Override + public Collection getContent() { + return map.values(); + } + + //---------------------------------------------------------- Inner class --- + + /** + * Implementation of a DavPropertyIterator that returns webdav property. + * Additionally, it can only return property with the given namespace. + */ + private class PropIter implements DavPropertyIterator { + + /** + * the namespace to match against + */ + private final Namespace namespace; + + /** + * the internal iterator + */ + private final Iterator> iterator; + + /** + * the next property to return + */ + private DavProperty next; + + /** + * Creates a new property iterator. + */ + private PropIter() { + this(null); + } + + /** + * Creates a new iterator with the given namespace + * + * @param namespace The namespace to match against + */ + private PropIter(Namespace namespace) { + this.namespace = namespace; + iterator = map.values().iterator(); + seek(); + } + + /** + * @see DavPropertyIterator#nextProperty(); + */ + public DavProperty nextProperty() throws NoSuchElementException { + if (next == null) { + throw new NoSuchElementException(); + } + DavProperty ret = next; + seek(); + return ret; + } + + /** + * @see DavPropertyIterator#hasNext(); + */ + public boolean hasNext() { + return next != null; + } + + /** + * @see DavPropertyIterator#next(); + */ + public DavProperty next() { + return nextProperty(); + } + + /** + * @see DavPropertyIterator#remove(); + */ + public void remove() { + throw new UnsupportedOperationException(); + } + + /** + * Seeks for the next valid property + */ + private void seek() { + while (iterator.hasNext()) { + next = iterator.next(); + if (namespace == null || namespace.equals(next.getName().getNamespace())) { + return; + } + } + next = null; + } + } +} + diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/DefaultDavProperty.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/DefaultDavProperty.java new file mode 100644 index 0000000..6de1da9 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/DefaultDavProperty.java @@ -0,0 +1,123 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.Namespace; +import java.util.List; + +/** + * DefaultDavProperty... + */ +public class DefaultDavProperty extends AbstractDavProperty { + + /** + * the value of the property + */ + private final T value; + + /** + * Creates a new WebDAV property with the given namespace, name and value. + * If the property is intended to be protected the isProtected flag must + * be set to true. + * + * @param name the name of the property + * @param value the value of the property + * @param namespace the namespace of the property + * @param isInvisibleInAllprop A value of true, defines this property to be protected. + * It will not be returned in a {@link DavConstants#PROPFIND_ALL_PROP DAV:allprop} + * PROPFIND request and cannot be set/removed with a PROPPATCH request. + */ + public DefaultDavProperty(String name, T value, Namespace namespace, boolean isInvisibleInAllprop) { + super(DavPropertyName.create(name, namespace), isInvisibleInAllprop); + this.value = value; + } + + /** + * Creates a new non-protected WebDAV property with the given namespace, name + * and value. + * + * @param name the name of the property + * @param value the value of the property + * @param namespace the namespace of the property + */ + public DefaultDavProperty(String name, T value, Namespace namespace) { + this(name, value, namespace, false); + } + + /** + * Creates a new WebDAV property with the given DavPropertyName + * and value. If the property is meant to be protected the 'isProtected' + * flag must be set to true. + * + * @param name the name of the property + * @param value the value of the property + * @param isInvisibleInAllprop A value of true, defines this property to be protected. + * It will not be returned in a {@link DavConstants#PROPFIND_ALL_PROP DAV:allprop} + * PROPFIND request and cannot be set/removed with a PROPPATCH request. + */ + public DefaultDavProperty(DavPropertyName name, T value, boolean isInvisibleInAllprop) { + super(name, isInvisibleInAllprop); + this.value = value; + } + + /** + * Creates a new non- protected WebDAV property with the given + * DavPropertyName and value. + * + * @param name the name of the property + * @param value the value of the property + */ + public DefaultDavProperty(DavPropertyName name, T value) { + this(name, value, false); + } + + /** + * Returns the value of this property + * + * @return the value of this property + */ + public T getValue() { + return value; + } + + /** + * Create a new DefaultDavProperty instance from the given Xml + * element. Name and namespace of the element are building the {@link DavPropertyName}, + * while the element's content forms the property value. The following logic + * is applied: + * 
        +     * - empty Element           -> null value
+     * - single Text content     -> String value
+     * - single non-Text content -> Element.getContent(0) is used as value
+     * - other: List obtained from Element.getContent() is used as value
+     *
        + * + * @param propertyElement + * @return + */ + public static DefaultDavProperty createFromXml(Element propertyElement) { + if (propertyElement == null) { + throw new IllegalArgumentException("Cannot create a new DavProperty from a 'null' element."); + } + DavPropertyName name = DavPropertyName.createFromXml(propertyElement); + DefaultDavProperty prop; + + if (!DomUtil.hasContent(propertyElement)) { + prop = new DefaultDavProperty(name, null, false); + } else { + List c = DomUtil.getContent(propertyElement); + if (c.size() == 1) { + Node n = c.get(0); + if (n instanceof Element) { + prop = new DefaultDavProperty(name, (Element) n, false); + } else { + prop = new DefaultDavProperty(name, n.getNodeValue(), false); + } + } else /* size > 1 */ { + prop = new DefaultDavProperty>(name, c, false); + } + } + return prop; + } +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/DefaultEventType.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/DefaultEventType.java new file mode 100644 index 0000000..d19e887 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/DefaultEventType.java @@ -0,0 +1,113 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.EventType; +import org.xbib.io.webdav.api.Namespace; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +/** + * DefaultEventType defines a simple EventType implementation that + * only consists of a qualified event name consisting of namespace plus local + * name. + */ +public class DefaultEventType implements EventType { + + private static final Namespace DCR_NAMESPACE = Namespace.getNamespace("dcr", "http://www.day.com/jcr/webdav/1.0"); + + private static final Map eventTypes = new HashMap<>(); + + private final String localName; + + private final Namespace namespace; + + /** + * Avoid instantiation of DefaultEventType. Since the amount + * of available (and registered) events is considered to be limited, the + * static {@link #create(String, Namespace) method is defined. + * + * @param localName + * @param namespace + */ + private DefaultEventType(String localName, Namespace namespace) { + this.localName = localName; + this.namespace = namespace; + } + + /** + * Factory method to create a new EventType. + * + * @param localName + * @param namespace + * @return + */ + public static EventType create(String localName, Namespace namespace) { + if (localName == null || "".equals(localName)) { + throw new IllegalArgumentException("null and '' are not valid local names of an event type."); + } + String key = DomUtil.getExpandedName(localName, namespace); + if (eventTypes.containsKey(key)) { + return eventTypes.get(key); + } else { + EventType type = new DefaultEventType(localName, namespace); + eventTypes.put(key, type); + return type; + } + } + + /** + * Factory method to create an array of new EventType for the + * specified localNames and the specified namespace. + * + * @param localNames + * @param namespace + * @return An array of event types. + */ + public static EventType[] create(String[] localNames, Namespace namespace) { + EventType[] types = new EventType[localNames.length]; + for (int i = 0; i < localNames.length; i++) { + types[i] = create(localNames[i], namespace); + } + return types; + } + + /** + * Retrieves one or multiple EventTypes from the 'eventtype' + * Xml element. While a subscription may register multiple types (thus + * the 'eventtype' contains multiple child elements), a single event may only + * refer to one single type. + * + * @param eventType + * @return + */ + public static EventType[] createFromXml(Element eventType) { + if (!DomUtil.matches(eventType, "eventtype", DCR_NAMESPACE)) { + throw new IllegalArgumentException("'eventtype' element expected which contains a least a single child element."); + } + List etypes = new ArrayList<>(); + ElementIterator it = DomUtil.getChildren(eventType); + while (it.hasNext()) { + Element el = it.nextElement(); + etypes.add(create(el.getLocalName(), DomUtil.getNamespace(el))); + } + return etypes.toArray(new EventType[etypes.size()]); + } + + @Override + public String getName() { + return localName; + } + + @Override + public Namespace getNamespace() { + return namespace; + } + + @Override + public Element toXml(Document document) { + return DomUtil.createElement(document, localName, namespace); + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/DepthHeader.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/DepthHeader.java new file mode 100644 index 0000000..b788500 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/DepthHeader.java @@ -0,0 +1,106 @@ +package org.xbib.io.webdav.common; + +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.Header; + +/** + * DepthHeader... + */ +public class DepthHeader implements Header, DavConstants { + + private final int depth; + + /** + * Create a new DepthHeader from the given integer. + * + * @param depth + */ + public DepthHeader(int depth) { + if (depth == DEPTH_0 || depth == DEPTH_1 || depth == DEPTH_INFINITY) { + this.depth = depth; + } else { + throw new IllegalArgumentException("Invalid depth: " + depth); + } + } + + /** + * Create a new DepthHeader with either value {@link #DEPTH_0 0} + * or {@link #DEPTH_INFINITY infinity}. + * + * @param isDeep + */ + public DepthHeader(boolean isDeep) { + this.depth = (isDeep) ? DEPTH_INFINITY : DEPTH_0; + } + + /** + * @return integer representation of the depth indicated by the given header. + */ + public int getDepth() { + return depth; + } + + /** + * Return {@link DavConstants#HEADER_DEPTH Depth} + * + * @return {@link DavConstants#HEADER_DEPTH Depth} + * @see DavConstants#HEADER_DEPTH + * @see Header#getHeaderName() + */ + public String getHeaderName() { + return DavConstants.HEADER_DEPTH; + } + + /** + * Returns the header value. + * + * @return header value + * @see Header#getHeaderValue() + */ + public String getHeaderValue() { + if (depth == DavConstants.DEPTH_0 || depth == DavConstants.DEPTH_1) { + return String.valueOf(depth); + } else { + return DavConstants.DEPTH_INFINITY_S; + } + } + + /** + * Retrieve the Depth header from the given request object and parse the + * value. If no header is present or the value is empty String, the + * defaultValue is used ot build a new DepthHeader instance. + * + * @param defaultValue + * @return a new DepthHeader instance + */ + public static DepthHeader parse(String headerValue, /*HttpServletRequest request*/ int defaultValue) { + //String headerValue = request.getHeader(HEADER_DEPTH); + if (headerValue == null || "".equals(headerValue)) { + return new DepthHeader(defaultValue); + } else { + return new DepthHeader(depthToInt(headerValue)); + } + } + + /** + * Convert the String depth value to an integer. + * + * @param depth + * @return integer representation of the given depth String + * @throws IllegalArgumentException if the String does not represent a valid + * depth. + */ + private static int depthToInt(String depth) { + int d; + if (depth.equalsIgnoreCase(DavConstants.DEPTH_INFINITY_S)) { + d = DavConstants.DEPTH_INFINITY; + } else if (depth.equals(DavConstants.DEPTH_0 + "")) { + d = DavConstants.DEPTH_0; + } else if (depth.equals(DavConstants.DEPTH_1 + "")) { + d = DavConstants.DEPTH_1; + } else { + throw new IllegalArgumentException("Invalid depth value: " + depth); + } + return d; + } +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/DomUtil.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/DomUtil.java new file mode 100644 index 0000000..5c8ca3b --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/DomUtil.java @@ -0,0 +1,737 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Attr; +import org.w3c.dom.CharacterData; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.NamedNodeMap; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.w3c.dom.Text; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.Namespace; +import org.xml.sax.SAXException; +import java.io.IOException; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.List; +import javax.xml.namespace.QName; +import javax.xml.parsers.ParserConfigurationException; + +/** + * DomUtil provides some common utility methods related to w3c-DOM. + */ +public class DomUtil { + + /** + * Constant for DavDocumentBuilderFactory which is used + * to create and parse DOM documents. + */ + private static final DavDocumentBuilderFactory BUILDER_FACTORY = new DavDocumentBuilderFactory(); + + /** + * Creates and returns a new empty DOM document. + * + * @return new DOM document + * @throws ParserConfigurationException if the document can not be created + */ + public static Document createDocument() throws ParserConfigurationException { + return BUILDER_FACTORY.newDocumentBuilder().newDocument(); + } + + /** + * Parses the given input stream and returns the resulting DOM document. + * + * @param stream XML input stream + * @return parsed DOM document + * @throws ParserConfigurationException if the document can not be created + * @throws SAXException if the document can not be parsed + * @throws IOException if the input stream can not be read + */ + public static Document parseDocument(InputStream stream) + throws ParserConfigurationException, SAXException, IOException { + return BUILDER_FACTORY.newDocumentBuilder().parse(stream); + } + + /** + * Returns the value of the named attribute of the current element. + * + * @param parent + * @param localName attribute local name or 'nodeName' if no namespace is + * specified. + * @param namespace or null + * @return attribute value, or null if not found + */ + public static String getAttribute(Element parent, String localName, Namespace namespace) { + if (parent == null) { + return null; + } + Attr attribute; + if (namespace == null) { + attribute = parent.getAttributeNode(localName); + } else { + attribute = parent.getAttributeNodeNS(namespace.getURI(), localName); + } + if (attribute != null) { + return attribute.getValue(); + } else { + return null; + } + } + + /** + * Returns the namespace attributes of the given element. + * + * @param element + * @return the namespace attributes. + */ + public static Attr[] getNamespaceAttributes(Element element) { + NamedNodeMap attributes = element.getAttributes(); + List nsAttr = new ArrayList(); + for (int i = 0; i < attributes.getLength(); i++) { + Attr attr = (Attr) attributes.item(i); + if (Namespace.XMLNS_NAMESPACE.getURI().equals(attr.getNamespaceURI())) { + nsAttr.add(attr); + } + } + return nsAttr.toArray(new Attr[nsAttr.size()]); + } + + /** + * Concatenates the values of all child nodes of type 'Text' or 'CDATA'/ + * + * @param element + * @return String representing the value of all Text and CDATA child nodes or + * null if the length of the resulting String is 0. + * @see #isText(Node) + */ + public static String getText(Element element) { + StringBuffer content = new StringBuffer(); + if (element != null) { + NodeList nodes = element.getChildNodes(); + for (int i = 0; i < nodes.getLength(); i++) { + Node child = nodes.item(i); + if (isText(child)) { + // cast to super class that contains Text and CData + content.append(((CharacterData) child).getData()); + } + } + } + return (content.length() == 0) ? null : content.toString(); + } + + /** + * Same as {@link #getText(Element)} except that 'defaultValue' is returned + * instead of null, if the element does not contain any text. + * + * @param element + * @param defaultValue + * @return the text contained in the specified element or + * defaultValue if the element does not contain any text. + */ + public static String getText(Element element, String defaultValue) { + String txt = getText(element); + return (txt == null) ? defaultValue : txt; + } + + /** + * Removes leading and trailing whitespace after calling {@link #getText(Element)}. + * + * @param element + * @return Trimmed text or null + */ + public static String getTextTrim(Element element) { + String txt = getText(element); + return (txt == null) ? txt : txt.trim(); + } + + /** + * Calls {@link #getText(Element)} on the first child element that matches + * the given local name and namespace. + * + * @param parent + * @param childLocalName + * @param childNamespace + * @return text contained in the first child that matches the given local name + * and namespace or null. + * @see #getText(Element) + */ + public static String getChildText(Element parent, String childLocalName, Namespace childNamespace) { + Element child = getChildElement(parent, childLocalName, childNamespace); + return (child == null) ? null : getText(child); + } + + /** + * Calls {@link #getTextTrim(Element)} on the first child element that matches + * the given local name and namespace. + * + * @param parent + * @param childLocalName + * @param childNamespace + * @return text contained in the first child that matches the given local name + * and namespace or null. Note, that leading and trailing whitespace + * is removed from the text. + * @see #getTextTrim(Element) + */ + public static String getChildTextTrim(Element parent, String childLocalName, Namespace childNamespace) { + Element child = getChildElement(parent, childLocalName, childNamespace); + return (child == null) ? null : getTextTrim(child); + } + + /** + * Calls {@link #getTextTrim(Element)} on the first child element that matches + * the given name. + * + * @param parent + * @param childName + * @return text contained in the first child that matches the given name + * or null. Note, that leading and trailing whitespace + * is removed from the text. + * @see #getTextTrim(Element) + */ + public static String getChildTextTrim(Element parent, QName childName) { + Element child = getChildElement(parent, childName); + return (child == null) ? null : getTextTrim(child); + } + + /** + * Returns true if the given parent node has a child element that matches + * the specified local name and namespace. + * + * @param parent + * @param childLocalName + * @param childNamespace + * @return returns true if a child element exists that matches the specified + * local name and namespace. + */ + public static boolean hasChildElement(Node parent, String childLocalName, Namespace childNamespace) { + return getChildElement(parent, childLocalName, childNamespace) != null; + } + + /** + * Returns the first child element that matches the given local name and + * namespace. If no child element is present or no child element matches, + * null is returned. + * + * @param parent + * @param childLocalName + * @param childNamespace + * @return first child element matching the specified names or null. + */ + public static Element getChildElement(Node parent, String childLocalName, Namespace childNamespace) { + if (parent != null) { + NodeList children = parent.getChildNodes(); + for (int i = 0; i < children.getLength(); i++) { + Node child = children.item(i); + if (isElement(child) && matches(child, childLocalName, childNamespace)) { + return (Element) child; + } + } + } + return null; + } + + /** + * Returns the first child element that matches the given {@link QName}. + * If no child element is present or no child element matches, + * null is returned. + * + * @param parent + * @param childName + * @return first child element matching the specified name or null. + */ + public static Element getChildElement(Node parent, QName childName) { + if (parent != null) { + NodeList children = parent.getChildNodes(); + for (int i = 0; i < children.getLength(); i++) { + Node child = children.item(i); + if (isElement(child) && matches(child, childName)) { + return (Element) child; + } + } + } + return null; + } + + /** + * Returns a ElementIterator containing all child elements of + * the given parent node that match the given local name and namespace. + * If the namespace is null only the localName is compared. + * + * @param parent the node the children elements should be retrieved from + * @param childLocalName + * @param childNamespace + * @return an ElementIterator giving access to all child elements + * that match the specified localName and namespace. + */ + public static ElementIterator getChildren(Element parent, String childLocalName, Namespace childNamespace) { + return new ElementIterator(parent, childLocalName, childNamespace); + } + + /** + * Returns a ElementIterator containing all child elements of + * the given parent node that match the given {@link QName}. + * + * @param parent the node the children elements should be retrieved from + * @param childName + * @return an ElementIterator giving access to all child + * elements that match the specified name. + */ + public static ElementIterator getChildren(Element parent, QName childName) { + return new ElementIterator(parent, childName); + } + + /** + * Return an ElementIterator over all child elements. + * + * @param parent + * @return + * @see #getChildren(Element, String, Namespace) for a method that only + * retrieves child elements that match a specific local name and namespace. + */ + public static ElementIterator getChildren(Element parent) { + return new ElementIterator(parent); + } + + /** + * Return the first child element + * + * @return the first child element or null if the given node has no + * child elements. + */ + public static Element getFirstChildElement(Node parent) { + if (parent != null) { + NodeList children = parent.getChildNodes(); + for (int i = 0; i < children.getLength(); i++) { + Node child = children.item(i); + if (isElement(child)) { + return (Element) child; + } + } + } + return null; + } + + /** + * Return true if the given parent contains any child that is + * either an Element, Text or CDATA. + * + * @param parent + * @return true if the given parent contains any child that is + * either an Element, Text or CDATA. + */ + public static boolean hasContent(Node parent) { + if (parent != null) { + NodeList children = parent.getChildNodes(); + for (int i = 0; i < children.getLength(); i++) { + Node child = children.item(i); + if (isAcceptedNode(child)) { + return true; + } + } + } + return false; + } + + /** + * Return a list of all child nodes that are either Element, Text or CDATA. + * + * @param parent + * @return a list of all child nodes that are either Element, Text or CDATA. + */ + public static List getContent(Node parent) { + List content = new ArrayList(); + if (parent != null) { + NodeList children = parent.getChildNodes(); + for (int i = 0; i < children.getLength(); i++) { + Node child = children.item(i); + if (isAcceptedNode(child)) { + content.add(child); + } + } + } + return content; + } + + /** + * Build a Namespace from the prefix and uri retrieved from the given element. + * + * @return the Namespace of the given element. + */ + public static Namespace getNamespace(Element element) { + String uri = element.getNamespaceURI(); + String prefix = element.getPrefix(); + if (uri == null) { + return Namespace.EMPTY_NAMESPACE; + } else { + return Namespace.getNamespace(prefix, uri); + } + } + + /** + * Returns true if the specified node matches the required names. Note, that + * that tests return true if the required name is null. + * + * @param node + * @param requiredLocalName + * @param requiredNamespace + * @return true if local name and namespace match the corresponding properties + * of the given DOM node. + */ + public static boolean matches(Node node, String requiredLocalName, Namespace requiredNamespace) { + if (node == null) { + return false; + } + boolean matchingNamespace = matchingNamespace(node, requiredNamespace); + return matchingNamespace && matchingLocalName(node, requiredLocalName); + } + + /** + * Returns true if the specified node matches the required {@link QName}. + * + * @param node + * @param requiredName + * @return true if local name and namespace match the corresponding properties + * of the given DOM node. + */ + public static boolean matches(Node node, QName requiredName) { + if (node == null) { + return false; + } else { + String nodens = node.getNamespaceURI() != null ? node.getNamespaceURI() : ""; + return nodens.equals(requiredName.getNamespaceURI()) + && node.getLocalName().equals(requiredName.getLocalPart()); + } + } + + /** + * @param node + * @param requiredNamespace + * @return true if the required namespace is null or matches + * the namespace of the specified node. + */ + private static boolean matchingNamespace(Node node, Namespace requiredNamespace) { + if (requiredNamespace == null) { + return true; + } else { + return requiredNamespace.isSame(node.getNamespaceURI()); + } + } + + /** + * @param node + * @param requiredLocalName + * @return true if the required local name is null or if the + * nodes local name matches. + */ + private static boolean matchingLocalName(Node node, String requiredLocalName) { + if (requiredLocalName == null) { + return true; + } else { + String localName = node.getLocalName(); + return requiredLocalName.equals(localName); + } + } + + /** + * @param node + * @return true if the specified node is either an element or Text or CDATA + */ + private static boolean isAcceptedNode(Node node) { + return isElement(node) || isText(node); + } + + /** + * @param node + * @return true if the given node is of type element. + */ + static boolean isElement(Node node) { + return node.getNodeType() == Node.ELEMENT_NODE; + } + + /** + * @param node + * @return true if the given node is of type text or CDATA. + */ + static boolean isText(Node node) { + int ntype = node.getNodeType(); + return ntype == Node.TEXT_NODE || ntype == Node.CDATA_SECTION_NODE; + } + + //----------------------------------------------------< factory methods >--- + + /** + * Create a new DOM element with the specified local name and namespace. + * + * @param factory + * @param localName + * @param namespace + * @return a new DOM element + * @see Document#createElement(String) + * @see Document#createElementNS(String, String) + */ + public static Element createElement(Document factory, String localName, Namespace namespace) { + if (namespace != null) { + return factory.createElementNS(namespace.getURI(), getPrefixedName(localName, namespace)); + } else { + return factory.createElement(localName); + } + } + + /** + * Create a new DOM element with the specified local name and namespace. + * + * @param factory + * @param elementName + * @return a new DOM element + * @see Document#createElement(String) + * @see Document#createElementNS(String, String) + */ + public static Element createElement(Document factory, QName elementName) { + return factory.createElementNS(elementName.getNamespaceURI(), getPrefixedName(elementName)); + } + + /** + * Create a new DOM element with the specified local name and namespace and + * add the specified text as Text node to it. + * + * @param factory + * @param localName + * @param namespace + * @param text + * @return a new DOM element + * @see Document#createElement(String) + * @see Document#createElementNS(String, String) + * @see Document#createTextNode(String) + * @see Node#appendChild(Node) + */ + public static Element createElement(Document factory, String localName, Namespace namespace, String text) { + Element elem = createElement(factory, localName, namespace); + setText(elem, text); + return elem; + } + + /** + * Add a new child element with the given local name and namespace to the + * specified parent. + * + * @param parent + * @param localName + * @param namespace + * @return the new element that was attached to the given parent. + */ + public static Element addChildElement(Element parent, String localName, Namespace namespace) { + Element elem = createElement(parent.getOwnerDocument(), localName, namespace); + parent.appendChild(elem); + return elem; + } + + /** + * Add a new child element with the given local name and namespace to the + * specified parent. + * + * @param parent + * @param localName + * @param namespace + * @return the new element that was attached to the given parent. + */ + public static Element addChildElement(Node parent, String localName, Namespace namespace) { + Document doc = parent.getOwnerDocument(); + if (parent instanceof Document) { + doc = (Document) parent; + } + Element elem = createElement(doc, localName, namespace); + parent.appendChild(elem); + return elem; + } + + /** + * Add a new child element with the given local name and namespace to the + * specified parent. The specified text is added as Text node to the created + * child element. + * + * @param parent + * @param localName + * @param namespace + * @param text + * @return child element that was added to the specified parent + * @see Document#createElement(String) + * @see Document#createElementNS(String, String) + * @see Document#createTextNode(String) + * @see Node#appendChild(Node) + */ + public static Element addChildElement(Element parent, String localName, Namespace namespace, String text) { + Element elem = createElement(parent.getOwnerDocument(), localName, namespace, text); + parent.appendChild(elem); + return elem; + } + + /** + * Create a new text node and add it as child to the given element. + * + * @param element + * @param text + */ + public static void setText(Element element, String text) { + if (text == null || "".equals(text)) { + // ignore null/empty string text + return; + } + Text txt = element.getOwnerDocument().createTextNode(text); + element.appendChild(txt); + } + + /** + * Add an attribute node to the given element. + * + * @param element + * @param attrLocalName + * @param attrNamespace + * @param attrValue + */ + public static void setAttribute(Element element, String attrLocalName, Namespace attrNamespace, String attrValue) { + if (attrNamespace == null) { + Attr attr = element.getOwnerDocument().createAttribute(attrLocalName); + attr.setValue(attrValue); + element.setAttributeNode(attr); + } else { + Attr attr = element.getOwnerDocument().createAttributeNS(attrNamespace.getURI(), getPrefixedName(attrLocalName, attrNamespace)); + attr.setValue(attrValue); + element.setAttributeNodeNS(attr); + } + } + + /** + * Adds a namespace attribute on the given element. + * + * @param element + * @param prefix + * @param uri + */ + public static void setNamespaceAttribute(Element element, String prefix, String uri) { + if (Namespace.EMPTY_NAMESPACE.equals(Namespace.getNamespace(prefix, uri))) { + /** + * don't try to set the empty namespace which will fail + * see {@link org.w3c.dom.DOMException#NAMESPACE_ERR} + * TODO: correct? + */ + return; + } + setAttribute(element, prefix, Namespace.XMLNS_NAMESPACE, uri); + } + + /** + * Converts the given timeout (long value defining the number of milli- + * second until timeout is reached) to its Xml representation as defined + * by RFC 4918.
        + * + * @param timeout number of milli-seconds until timeout is reached. + * @return 'timeout' Xml element + */ + public static Element timeoutToXml(long timeout, Document factory) { + boolean infinite = timeout / 1000 > Integer.MAX_VALUE || timeout == DavConstants.INFINITE_TIMEOUT; + String expString = infinite ? DavConstants.TIMEOUT_INFINITE : "Second-" + timeout / 1000; + return createElement(factory, DavConstants.XML_TIMEOUT, DavConstants.NAMESPACE, expString); + } + + /** + * Returns the Xml representation of a boolean isDeep, where false + * presents a depth value of '0', true a depth value of 'infinity'. + * + * @param isDeep + * @return Xml representation + */ + public static Element depthToXml(boolean isDeep, Document factory) { + return depthToXml(isDeep ? "infinity" : "0", factory); + } + + /** + * Returns the Xml representation of a depth String. Webdav defines the + * following valid values for depths: 0, 1, infinity + * + * @param depth + * @return 'deep' XML element + */ + public static Element depthToXml(String depth, Document factory) { + return createElement(factory, DavConstants.XML_DEPTH, DavConstants.NAMESPACE, depth); + } + + /** + * Builds a 'DAV:href' Xml element from the given href. + *

        + * Note that the path present needs to be a valid URI or URI reference. + * + * @param href String representing the text of the 'href' Xml element + * @param factory the Document used as factory + * @return Xml representation of a 'href' according to RFC 2518. + */ + public static Element hrefToXml(String href, Document factory) { + return createElement(factory, DavConstants.XML_HREF, DavConstants.NAMESPACE, href); + } + + /** + * Returns a string representation of the name of a DOM node consisting + * of "{" + namespace uri + "}" + localName. If the specified namespace is + * null or represents the empty namespace, the local name is + * returned. + * + * @param localName + * @param namespace + * @return String representation of the name of a DOM node consisting of "{" + namespace uri + "}" + * + localName. If the specified namespace is null or represents + * the empty namespace, the local name is returned. + */ + public static String getExpandedName(String localName, Namespace namespace) { + if (namespace == null || namespace.equals(Namespace.EMPTY_NAMESPACE)) { + return localName; + } + StringBuffer b = new StringBuffer("{"); + b.append(namespace.getURI()).append("}"); + b.append(localName); + return b.toString(); + } + + /** + * Return the qualified name of a DOM node consisting of + * namespace prefix + ":" + local name. If the specified namespace is null + * or contains an empty prefix, the local name is returned.
        + * NOTE, that this is the value to be used for the 'qualified Name' parameter + * expected with the namespace sensitive factory methods. + * + * @param localName + * @param namespace + * @return qualified name consisting of prefix, ':' and local name. + * @see Document#createAttributeNS(String, String) + * @see Document#createElementNS(String, String) + */ + public static String getPrefixedName(String localName, Namespace namespace) { + return getPrefixName(namespace.getURI(), namespace.getPrefix(), localName); + } + + /** + * Return the qualified name of a DOM node consisting of + * namespace prefix + ":" + local name. If the specified namespace is null + * or contains an empty prefix, the local name is returned.
        + * NOTE, that this is the value to be used for the 'qualified Name' parameter + * expected with the namespace sensitive factory methods. + * + * @param name + * @return qualified name consisting of prefix, ':' and local name. + * @see Document#createAttributeNS(String, String) + * @see Document#createElementNS(String, String) + */ + public static String getPrefixedName(QName name) { + return getPrefixName(name.getNamespaceURI(), name.getPrefix(), name.getLocalPart()); + } + + private static String getPrefixName(String namespaceURI, String prefix, String localName) { + if (namespaceURI == null || prefix == null || "".equals(namespaceURI) || "".equals(prefix)) { + return localName; + } else { + StringBuffer buf = new StringBuffer(prefix); + buf.append(":"); + buf.append(localName); + return buf.toString(); + } + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/ElementIterator.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/ElementIterator.java new file mode 100644 index 0000000..53050a9 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/ElementIterator.java @@ -0,0 +1,149 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.xbib.io.webdav.api.Namespace; +import java.util.Iterator; +import java.util.NoSuchElementException; +import javax.xml.namespace.QName; + +/** + * ElementIterator... + */ +public class ElementIterator implements Iterator { + + private final Namespace namespace; + private final String localName; + private final QName qName; + + private Element next; + + /** + * Create a new instance of ElementIterator with the given + * parent element. Only child elements that match the given local name + * and namespace will be respected by {@link #hasNext()} and {@link #nextElement()}. + * + * @param parent + * @param localName local name the child elements must match + * @param namespace namespace the child elements must match + */ + public ElementIterator(Element parent, String localName, Namespace namespace) { + this.localName = localName; + this.namespace = namespace; + this.qName = null; + seek(parent); + } + + /** + * Create a new instance of ElementIterator with the given + * parent element. Only child elements that match the given {@link QName} + * will be respected by {@link #hasNext()} and {@link #nextElement()}. + * + * @param parent + * @param qname name to match (exactly) + */ + public ElementIterator(Element parent, QName qname) { + this.localName = null; + this.namespace = null; + this.qName = qname; + seek(parent); + } + + /** + * Create a new instance of ElementIterator with the given + * parent element. No filtering is applied to child elements that are + * iterated. + * + * @param parent + */ + public ElementIterator(Element parent) { + this(parent, null, null); + } + + /** + * Not implemented + * + * @throws UnsupportedOperationException + */ + public void remove() { + throw new UnsupportedOperationException("Remove not implemented."); + } + + /** + * Returns true if there is a next Element + * + * @return true if a next Element is available. + */ + public boolean hasNext() { + return next != null; + } + + /** + * @see Iterator#next() + * @see #nextElement() + */ + public Element next() { + return nextElement(); + } + + /** + * Returns the next Element in the iterator. + * + * @return the next element + * @throws NoSuchElementException if there is no next element. + */ + public Element nextElement() { + if (next == null) { + throw new NoSuchElementException(); + } + Element ret = next; + seek(); + return ret; + } + + /** + * Seeks for the first matching child element + */ + private void seek(Element parent) { + NodeList nodeList = parent.getChildNodes(); + for (int i = 0; i < nodeList.getLength(); i++) { + Node n = nodeList.item(i); + if (matchesName(n)) { + next = (Element) n; + return; + } + } + } + + /** + * Seeks for the next valid element (i.e. the next valid sibling) + */ + private void seek() { + Node n = next.getNextSibling(); + while (n != null) { + if (matchesName(n)) { + next = (Element) n; + return; + } else { + n = n.getNextSibling(); + } + } + // no next element found -> set to null in order to leave the loop. + next = null; + } + + /** + * Matches the node name according to either {@link #qName} or the pair + * of {@link #localName) and {@link #namespace}. + */ + private boolean matchesName(Node n) { + if (!DomUtil.isElement(n)) { + return false; + } else if (qName != null) { + return DomUtil.matches(n, qName); + } else { + return DomUtil.matches(n, localName, namespace); + } + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/EventDiscovery.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/EventDiscovery.java new file mode 100644 index 0000000..be15355 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/EventDiscovery.java @@ -0,0 +1,104 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.EventBundle; +import org.xbib.io.webdav.api.Namespace; +import org.xbib.io.webdav.api.Subscription; +import org.xbib.io.webdav.api.XMLizable; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +/** + * EventDiscovery represents the request body of a successful + * POLL request. It reveals all events that occurred since the last POLL. The + * definition what events that particular subscription is interested in was + * specified with the initial SUBSCRIPTION that started the event listening. + */ +public class EventDiscovery implements XMLizable { + + private static final Namespace DCR_NAMESPACE = Namespace.getNamespace("dcr", "http://www.day.com/jcr/webdav/1.0"); + + private final List bundles = new ArrayList<>(); + + /** + * Add the Xml representation of an single 'eventBundle' listing the + * events that resulted from a change in the server, filtered by the + * restrictions present in the corresponding subscription. + * + * @param eventBundle + * @see Subscription + */ + public void addEventBundle(EventBundle eventBundle) { + if (eventBundle != null) { + bundles.add(eventBundle); + } + } + + /** + * Returns an iterator over the {@link EventBundle event bundles} currently + * present on this discovery. + * + * @return iterator over event bundles present. + */ + public Iterator getEventBundles() { + return bundles.iterator(); + } + + /** + * Returns true, if this event discovery does not report any events (thus + * {@link #getEventBundles()} would return an empty iterator. + * + * @return true if {@link #getEventBundles()} would return an empty iterator, + * false otherwise. + */ + public boolean isEmpty() { + return bundles.isEmpty(); + } + + /** + * Returns the XML representation of this EventDiscovery as + * being present in the POLL response body. + * + * @param document + * @return Xml representation + * @see XMLizable#toXml(Document) + */ + @Override + public Element toXml(Document document) { + Element ed = DomUtil.createElement(document, "eventdiscovery", DCR_NAMESPACE); + for (EventBundle bundle : bundles) { + ed.appendChild(bundle.toXml(document)); + } + return ed; + } + + /** + * Build a EventDiscovery from the specified xml element. + * + * @param eventDiscoveryElement + * @return new EventDiscovery instance. + * @throws IllegalArgumentException if the given document is null + * or does not provide the required element. + */ + public static EventDiscovery createFromXml(Element eventDiscoveryElement) { + if (!DomUtil.matches(eventDiscoveryElement, "eventdiscovery", DCR_NAMESPACE)) { + throw new IllegalArgumentException( + "{" + DCR_NAMESPACE + "}" + "eventdiscovery" + " element expected, but got: {" + + eventDiscoveryElement.getNamespaceURI() + "}" + eventDiscoveryElement.getLocalName()); + } + EventDiscovery eventDiscovery = new EventDiscovery(); + ElementIterator it = DomUtil.getChildren(eventDiscoveryElement, "eventbundle", DCR_NAMESPACE); + while (it.hasNext()) { + final Element ebElement = it.nextElement(); + EventBundle eb = new EventBundle() { + public Element toXml(Document document) { + return (Element) document.importNode(ebElement, true); + } + }; + eventDiscovery.addEventBundle(eb); + } + return eventDiscovery; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/FieldValueParser.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/FieldValueParser.java new file mode 100644 index 0000000..27f33e8 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/FieldValueParser.java @@ -0,0 +1,40 @@ +package org.xbib.io.webdav.common; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +public class FieldValueParser { + + /** + * Tokenize lists of token and quoted-url + * + * @param list field value + */ + public static List tokenizeList(String list) { + + String[] split = list.split(","); + if (split.length == 1) { + return Collections.singletonList(split[0].trim()); + } else { + List result = new ArrayList(); + String inCodedUrl = null; + for (String t : split) { + String trimmed = t.trim(); + // handle quoted-url containing "," + if (trimmed.startsWith("<") && !trimmed.endsWith(">")) { + inCodedUrl = trimmed + ","; + } else if (inCodedUrl != null && trimmed.endsWith(">")) { + inCodedUrl += trimmed; + result.add(inCodedUrl); + inCodedUrl = null; + } else { + if (trimmed.length() != 0) { + result.add(trimmed); + } + } + } + return Collections.unmodifiableList(result); + } + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/Filter.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/Filter.java new file mode 100644 index 0000000..20cc28d --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/Filter.java @@ -0,0 +1,53 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.Namespace; +import org.xbib.io.webdav.api.XMLizable; + +/** + * Filter... + */ +public class Filter implements XMLizable { + + private final String filterName; + private final Namespace filterNamespace; + private final String filterValue; + + public Filter(String filterName, Namespace filterNamespace, String filterValue) { + if (filterName == null) { + throw new IllegalArgumentException("filterName must not be null."); + } + this.filterName = filterName; + this.filterNamespace = filterNamespace; + this.filterValue = filterValue; + } + + public Filter(Element filterElem) { + filterName = filterElem.getLocalName(); + filterNamespace = DomUtil.getNamespace(filterElem); + filterValue = DomUtil.getTextTrim(filterElem); + } + + public String getName() { + return filterName; + } + + public Namespace getNamespace() { + return filterNamespace; + } + + public String getValue() { + return filterValue; + } + + public boolean isMatchingFilter(String localName, Namespace namespace) { + boolean matchingNsp = (filterNamespace == null) ? namespace == null : filterNamespace.equals(namespace); + return filterName.equals(localName) && matchingNsp; + } + + public Element toXml(Document document) { + return DomUtil.createElement(document, filterName, filterNamespace, filterValue); + } + +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/HrefProperty.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/HrefProperty.java new file mode 100644 index 0000000..bdcf20e --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/HrefProperty.java @@ -0,0 +1,130 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + +/** + * HrefProperty is an extension to the common {@link DavProperty}. + * The String representation of the property value is always displayed as text + * inside an extra 'href' element. If the value is a String array each array + * element is added as text to a separate 'href' element. + * + * @see DavConstants#XML_HREF + * @see DavProperty#getValue() + */ +public class HrefProperty extends AbstractDavProperty { + + private final String[] value; + + /** + * Creates a new WebDAV property with the given DavPropertyName + * + * @param name the name of the property + * @param value the value of the property + * @param isInvisibleInAllprop A value of true, defines this property to be invisible in PROPFIND/allprop + * It will not be returned in a {@link DavConstants#PROPFIND_ALL_PROP DAV:allprop} + * PROPFIND request. + */ + public HrefProperty(DavPropertyName name, String value, boolean isInvisibleInAllprop) { + super(name, isInvisibleInAllprop); + this.value = new String[]{value}; + } + + /** + * Creates a new WebDAV property with the given DavPropertyName + * + * @param name the name of the property + * @param value the value of the property + * @param isInvisibleInAllprop A value of true, defines this property to be invisible in PROPFIND/allprop + * It will not be returned in a {@link DavConstants#PROPFIND_ALL_PROP DAV:allprop} + * PROPFIND request. + */ + public HrefProperty(DavPropertyName name, String[] value, boolean isInvisibleInAllprop) { + super(name, isInvisibleInAllprop); + this.value = value; + } + + /** + * Create a new HrefProperty from the specified property. + * Please note, that the property must have a List value + * object, consisting of {@link #XML_HREF href} Element entries. + * + * @param prop + */ + public HrefProperty(DavProperty prop) { + super(prop.getName(), prop.isInvisibleInAllprop()); + if (prop instanceof HrefProperty) { + // already an HrefProperty: no parsing required + this.value = ((HrefProperty) prop).value; + } else { + // assume property has be built from xml + ArrayList hrefList = new ArrayList(); + Object val = prop.getValue(); + if (val instanceof List) { + for (Object entry : ((List) val)) { + if (entry instanceof Element && XML_HREF.equals(((Element) entry).getLocalName())) { + String href = DomUtil.getText((Element) entry); + if (href != null) { + hrefList.add(href); + } + } + } + } else if (val instanceof Element && XML_HREF.equals(((Element) val).getLocalName())) { + String href = DomUtil.getTextTrim((Element) val); + if (href != null) { + hrefList.add(href); + } + } + value = hrefList.toArray(new String[hrefList.size()]); + } + } + + /** + * Returns an Xml element with the following form: + * 

        +     * <Z:name>
+     *    <DAV:href>value</DAV:href/>
+     * </Z:name>
+     *
        + * where Z: represents the prefix of the namespace defined with the initial + * webdav property name. + * + * @param document + * @return Xml representation + * @see DomUtil#hrefToXml(String, Document) + */ + @Override + public Element toXml(Document document) { + Element elem = getName().toXml(document); + String[] value = getValue(); + if (value != null) { + for (String href : value) { + elem.appendChild(DomUtil.hrefToXml(href, document)); + } + } + return elem; + } + + /** + * Returns an array of String. + * + * @return an array of String. + * @see DavProperty#getValue() + */ + public String[] getValue() { + return value; + } + + /** + * Return an list of String containing the text of those DAV:href elements + * + * @return list of href String + */ + public List getHrefs() { + return value != null ? Arrays.asList(value) : new ArrayList<>(); + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/HttpDateTimeFormatter.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/HttpDateTimeFormatter.java new file mode 100644 index 0000000..7cb5571 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/HttpDateTimeFormatter.java @@ -0,0 +1,125 @@ +package org.xbib.io.webdav.common; + +import java.time.Instant; +import java.time.LocalDate; +import java.time.ZoneOffset; +import java.time.ZonedDateTime; +import java.time.format.DateTimeFormatter; +import java.time.format.DateTimeFormatterBuilder; +import java.time.format.DateTimeParseException; +import java.time.temporal.ChronoField; +import java.util.Locale; + +/** + * Parsers and Serializers for HTTP dates (RFC 7231, Section 7.1.1.1),. + */ +public class HttpDateTimeFormatter { + + private static final DateTimeFormatter IMFFIXDATE = DateTimeFormatter.ofPattern("EEE, dd MMM yyyy HH:mm:ss 'GMT'", Locale.ENGLISH) + .withZone(ZoneOffset.UTC); + + private static final DateTimeFormatter RFC850DATE = new DateTimeFormatterBuilder().appendPattern("EEEE, dd-MMM-") + .appendValueReduced(ChronoField.YEAR_OF_ERA, 2, 2, LocalDate.now().minusYears(50)).appendPattern(" HH:mm:ss 'GMT'") + .toFormatter().withLocale(Locale.ENGLISH).withZone(ZoneOffset.UTC); + + private static final DateTimeFormatter ASCTIMEDATE = new DateTimeFormatterBuilder().appendPattern("EEE MMM ").padNext(2, ' ') + .appendValue(ChronoField.DAY_OF_MONTH).appendPattern(" HH:mm:ss yyyy").toFormatter().withLocale(Locale.ENGLISH) + .withZone(ZoneOffset.UTC); + + /** + * Parse HTTP "IMF-fixdate" format (see RFC 7231, Section 7.1.1.1) + * + * @param fieldValue string value + * @return ms since epoch throws DateTimeParseException on invalid input + */ + public static long parseImfFixedDate(String fieldValue) { + ZonedDateTime d = ZonedDateTime.parse(fieldValue, IMFFIXDATE); + return d.toInstant().toEpochMilli(); + } + + /** + * Parse HTTP "rfc850-date" format (see RFC 7231, Section 7.1.1.1) + * + * @param fieldValue string value + * @return ms since epoch throws DateTimeParseException on invalid input + */ + public static long parseRfc850Date(String fieldValue) { + ZonedDateTime d = ZonedDateTime.parse(fieldValue, RFC850DATE); + return d.toInstant().toEpochMilli(); + } + + /** + * Parse HTTP "asctime-date" format (see RFC 7231, Section 7.1.1.1) + * + * @param fieldValue string value + * @return ms since epoch throws DateTimeParseException on invalid input + */ + public static long parseAscTimeDate(String fieldValue) { + ZonedDateTime d = ZonedDateTime.parse(fieldValue, ASCTIMEDATE); + return d.toInstant().toEpochMilli(); + } + + /** + * Parse HTTP format, trying the three allowable formats defined in RFC + * 7231, Section 7.1.1.1 + * + * @param fieldValue string value + * @return ms since epoch throws DateTimeParseException on invalid input + */ + public static long parse(String fieldValue) { + try { + return parseImfFixedDate(fieldValue); + } catch (DateTimeParseException ex) { + try { + return parseRfc850Date(fieldValue); + } catch (DateTimeParseException ex2) { + try { + return parseAscTimeDate(fieldValue); + } catch (DateTimeParseException ex3) { + // if we get here, throw original exception for IMFFIXDATE + throw ex; + } + } + } + } + + /** + * Format as HTTP default date (IMF-fixdate) (see RFC 7231, Section 7.1.1.1) + * + * @param millisSinceEpoch ms since epoch + * @return string representation + */ + public static String format(long millisSinceEpoch) { + return IMFFIXDATE.format(Instant.ofEpochMilli(millisSinceEpoch)); + } + + /** + * Format as HTTP "IMF-fixdate" (see RFC 7231, Section 7.1.1.1) + * + * @param millisSinceEpoch ms since epoch + * @return string representation + */ + public static String formatImfFixed(long millisSinceEpoch) { + return IMFFIXDATE.format(Instant.ofEpochMilli(millisSinceEpoch)); + } + + /** + * Format as HTTP "rfc850-date" (see RFC 7231, Section 7.1.1.1) + * + * @param millisSinceEpoch ms since epoch + * @return string representation + */ + public static String formatRfc850(long millisSinceEpoch) { + return RFC850DATE.format(Instant.ofEpochMilli(millisSinceEpoch)); + } + + /** + * Format as HTTP "asctime-date" (see RFC 7231, Section 7.1.1.1) + * + * @param millisSinceEpoch ms since epoch + * @return string representation + */ + public static String formatAscTime(long millisSinceEpoch) { + return ASCTIMEDATE.format(Instant.ofEpochMilli(millisSinceEpoch)); + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/IfHeader.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/IfHeader.java new file mode 100644 index 0000000..6c59114 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/IfHeader.java @@ -0,0 +1,837 @@ +package org.xbib.io.webdav.common; + +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.Header; +import java.io.IOException; +import java.io.Reader; +import java.io.StringReader; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; + +/** + * The IfHeader class represents the state lists defined + * through the HTTP If header, which is specified in RFC 2518 as + * follows : + * 
        + * If = "If" ":" ( 1*No-tag-list | 1*Tagged-list)
+ * No-tag-list = List
+ * Tagged-list = Resource 1*List
+ * Resource = Coded-URL
+ * List = "(" 1*(["Not"](State-etag | "[" entity-tag "]")) ")"
+ * State-etag = Coded-URL
+ * Coded-URL = "<" absoluteURI ">"
+ *
        + *

        + * Reformulating this specification into proper EBNF as specified by N. Wirth + * we get the following productions, which map to the parse METHODS of this + * class. Any whitespace is ignored except for white space surrounding and + * within words which is considered significant. + * 

        + * If = "If:" ( Tagged | Untagged ).
+ * Tagged = { "<" Word ">" Untagged } .
+ * Untagged = { "(" IfList ")" } .
+ * IfList = { [ "Not" ] ( ("<" Word ">" ) | ( "[" Word "]" ) ) } .
+ * Word = characters .
+ *
        + *

        + * An If header either contains untagged IfList entries or + * tagged IfList entries but not a mixture of both. An If + * header containing tagged entries is said to be of tagged type while + * an If header containing untagged entries is said to be of + * untagged type. + *

        + * An IfList is a list of tokens - words enclosed in < > + * - and etags - words enclosed in [ ]. An IfList matches a + * (token, etag) tuple if all entries in the list match. If an entry in the list + * is prefixed with the word Not (parsed case insensitively) the entry + * must not match the concrete token or etag. + *

        + * Example: The ifList (<token> [etag]) only matches + * if the concret token has the value token and the conrete etag + * has the value etag. On the other hand, the ifList + * (Not <notoken>) matches any token which is not + * notoken (in this case the concrete value of the etag is + * not taken into consideration). + */ +public class IfHeader implements Header { + + /** + * The string representation of the header value + */ + private final String headerValue; + + /** + * The list of untagged state entries + */ + private final IfHeaderInterface ifHeader; + + /** + * The list of all positive tokens present in the If header. + */ + private final List allTokens = new ArrayList<>(); + + /** + * The list of all NOT tokens present in the If header. + */ + private final List allNotTokens = new ArrayList<>(); + + /** + * Create a Untagged IfHeader if the given lock tokens. + * + * @param tokens tokens + */ + public IfHeader(List tokens) { + allTokens.addAll(tokens); + StringBuilder b = new StringBuilder(); + for (String token : tokens) { + b.append("(").append("<"); + b.append(token); + b.append(">").append(")"); + } + headerValue = b.toString(); + ifHeader = parse(); + } + + /** + * Parses the If header and creates and internal representation + * which is easy to query. + */ + public IfHeader(String headerValue) { + this.headerValue = headerValue; + ifHeader = parse(); + } + + /** + * Return {@link DavConstants#HEADER_IF If} + * + * @return {@link DavConstants#HEADER_IF If} + * @see DavConstants#HEADER_IF + */ + public String getHeaderName() { + return DavConstants.HEADER_IF; + } + + /** + * Return the String representation of the If header present on + * the given request or null. + * + * @return If header value as String or null. + */ + public String getHeaderValue() { + return headerValue; + } + + /** + * Returns true if an If header was present in the given request. False otherwise. + * + * @return true if an If header was present. + */ + public boolean hasValue() { + return ifHeader != null; + } + + /** + * Tries to match the contents of the If header with the given + * token and etag values with the restriction to only check for the tag. + *

        + * If the If header is of untagged type, the untagged IfList + * is matched against the token and etag given: A match of the token and + * etag is found if at least one of the IfList entries match the + * token and etag tuple. + * + * @param tag The tag to identify the IfList to match the token + * and etag against. + * @param token The token to compare. + * @param etag The ETag value to compare. + * @return If the If header is of untagged type the result is + * true if any of the IfList entries matches + * the token and etag values. For tagged type If header the + * result is true if either no entry for the given tag + * exists in the If header or if the IfList for the + * given tag matches the token and etag given. + */ + public boolean matches(String tag, String token, String etag) { + if (ifHeader == null) { + //log.debug("matches: No If header, assume match"); + return true; + } else { + return ifHeader.matches(tag, token, etag); + } + } + + /** + * @return an iterator over all tokens present in the if header, that were + * not denied by a leading NOT statement. + */ + public Iterator getAllTokens() { + return allTokens.iterator(); + } + + /** + * @return an iterator over all NOT tokens present in the if header, that + * were explicitly denied. + */ + public Iterator getAllNotTokens() { + return allNotTokens.iterator(); + } + + /** + * Parse the original header value and build the internal IfHeaderInterface + * object that is easy to query. + */ + private IfHeaderInterface parse() { + IfHeaderInterface ifHeader; + if (headerValue != null && headerValue.length() > 0) { + StringReader reader = null; + int firstChar = 0; + + try { + reader = new StringReader(headerValue); + // get the first character to decide - expect '(' or '<' + try { + reader.mark(1); + firstChar = readWhiteSpace(reader); + reader.reset(); + } catch (IOException ignore) { + // may be thrown according to API but is only thrown by the + // StringReader class if the reader is already closed. + } + + if (firstChar == '(') { + ifHeader = parseUntagged(reader); + } else if (firstChar == '<') { + ifHeader = parseTagged(reader); + } else { + logIllegalState("If", firstChar, "(<", null); + ifHeader = null; + } + + } finally { + if (reader != null) { + reader.close(); + } + } + + } else { + //log.debug("IfHeader: No If header in request"); + ifHeader = null; + } + return ifHeader; + } + + //---------- internal IF header parser ------------------------------------- + + /** + * Parses a tagged type If header. This method implements the + * Tagged production given in the class comment : + * 

        +     * Tagged = { "<" Word ">" Untagged } .
+     *
        + * + * @param reader + * @return + */ + private IfHeaderMap parseTagged(StringReader reader) { + IfHeaderMap map = new IfHeaderMap(); + try { + while (true) { + // read next non-white space + int c = readWhiteSpace(reader); + if (c < 0) { + // end of input, no more entries + break; + } else if (c == '<') { + // start a tag with an IfList + String resource = readWord(reader, '>'); + if (resource != null) { + // go to untagged after reading the resource + map.put(resource, parseUntagged(reader)); + } else { + break; + } + } else { + // unexpected character + // catchup to end of input or start of a tag + logIllegalState("Tagged", c, "<", reader); + } + } + } catch (IOException ioe) { + //log.error("parseTagged: Problem parsing If header: "+ioe.toString()); + } + + return map; + } + + /** + * Parses an untagged type If header. This method implements the + * Untagged production given in the class comment : + * 
        +     * Untagged = { "(" IfList ")" } .
+     *
        + * + * @param reader The StringReader to read from for parsing + * @return An ArrayList of {@link IfList} entries. + */ + private IfHeaderList parseUntagged(StringReader reader) { + IfHeaderList list = new IfHeaderList(); + try { + while (true) { + // read next non white space + reader.mark(1); + int c = readWhiteSpace(reader); + if (c < 0) { + // end of input, no more IfLists + break; + + } else if (c == '(') { + // start of an IfList, parse + list.add(parseIfList(reader)); + + } else if (c == '<') { + // start of a tag, return current list + reader.reset(); + break; + + } else { + // unexpected character + // catchup to end of input or start of an IfList + logIllegalState("Untagged", c, "(", reader); + } + } + } catch (IOException ioe) { + // log.error("parseUntagged: Problem parsing If header: "+ioe.toString()); + } + return list; + } + + /** + * Parses an IfList in the If header. This method + * implements the Tagged production given in the class comment : + * 
        +     * IfList = { [ "Not" ] ( ("<" Word ">" ) | ( "[" Word "]" ) ) } .
+     *
        + * + * @param reader The StringReader to read from for parsing + * @return The {@link IfList} for the input IfList. + * @throws IOException if a problem occurs during reading. + */ + private IfList parseIfList(StringReader reader) throws IOException { + IfList res = new IfList(); + boolean positive = true; + String word; + + ReadLoop: + while (true) { + int nextChar = readWhiteSpace(reader); + switch (nextChar) { + case 'N': + case 'n': + // read not + + // check whether o or O + int not = reader.read(); + if (not != 'o' && not != 'O') { + logIllegalState("IfList-Not", not, "o", null); + break; + } + + // check whether t or T + not = reader.read(); + if (not != 't' && not != 'T') { + logIllegalState("IfList-Not", not, "t", null); + break; + } + + // read Not ok + positive = false; + break; + + case '<': + // state token + word = readWord(reader, '>'); + if (word != null) { + res.add(new IfListEntryToken(word, positive)); + // also add the token to the list of all tokens + if (positive) { + allTokens.add(word); + } else { + allNotTokens.add(word); + } + positive = true; + } + break; + + case '[': + // etag + word = readWord(reader, ']'); + if (word != null) { + res.add(new IfListEntryEtag(word, positive)); + positive = true; + } + break; + + case ')': + // correct end of list, end the loop + //log.debug("parseIfList: End of If list, terminating loop"); + break ReadLoop; + + default: + logIllegalState("IfList", nextChar, "nN<[)", reader); + + // abort loop if EOF + if (nextChar < 0) { + break ReadLoop; + } + + break; + } + } + + // return the current list anyway + return res; + } + + /** + * Returns the first non-whitespace character from the reader or -1 if + * the end of the reader is encountered. + * + * @param reader The Reader to read from + * @return The first non-whitespace character or -1 in case of EOF. + * @throws IOException if a problem occurs during reading. + */ + private int readWhiteSpace(Reader reader) throws IOException { + int c = reader.read(); + while (c >= 0 && Character.isWhitespace((char) c)) { + c = reader.read(); + } + return c; + } + + /** + * Reads from the input until the end character is encountered and returns + * the string up to but not including this end character. If the end of input + * is reached before reading the end character null is + * returned. + *

        + * Note that this method does not support any escaping. + * + * @param reader The Reader to read from + * @param end The ending character limiting the word. + * @return The string read up to but not including the ending character or + * null if the end of input is reached before the ending + * character has been read. + * @throws IOException if a problem occurs during reading. + */ + private String readWord(Reader reader, char end) throws IOException { + StringBuffer buf = new StringBuffer(); + + // read the word value + int c = reader.read(); + for (; c >= 0 && c != end; c = reader.read()) { + buf.append((char) c); + } + + // check whether we succeeded + if (c < 0) { + //log.error("readWord: Unexpected end of input reading word"); + return null; + } + + // build the string and return it + return buf.toString(); + } + + /** + * Logs an unexpected character with the corresponding state and list of + * expected characters. If the reader parameter is not null, characters + * are read until either the end of the input is reached or any of the + * characters in the expChar string is read. + * + * @param state The name of the current parse state. This method logs this + * name in the message. The intended value would probably be the + * name of the EBNF production during which the error occurs. + * @param effChar The effective character read. + * @param expChar The list of characters acceptable in the current state. + * @param reader The reader to be caught up to any of the expected + * characters. If null the input is not caught up to + * any of the expected characters (of course ;-). + */ + private void logIllegalState(String state, int effChar, String expChar, + StringReader reader) { + + // format the effective character to be logged + String effString = (effChar < 0) ? "" : String.valueOf((char) effChar); + + // log the error + // log.error("logIllegalState: Unexpected character '"+effString+"' in state "+state+", expected any of "+expChar); + + // catch up if a reader is given + if (reader != null && effChar >= 0) { + try { + //log.debug("logIllegalState: Catch up to any of "+expChar); + do { + reader.mark(1); + effChar = reader.read(); + } while (effChar >= 0 && expChar.indexOf(effChar) < 0); + if (effChar >= 0) { + reader.reset(); + } + } catch (IOException ioe) { + //log.error("logIllegalState: IO Problem catching up to any of "+expChar); + } + } + } + + //---------- internal If header structure ---------------------------------- + + /** + * The IfListEntry abstract class is the base class for + * entries in an IfList production. This abstract base class + * provides common functionality to both types of entries, namely tokens + * enclosed in angle brackets (< >) and etags enclosed + * in square brackets ([ ]). + */ + private static abstract class IfListEntry { + + /** + * The entry string value - the semantics of this value depends on the + * implementing class. + */ + protected final String value; + + /** + * Flag to indicate, whether this is a positive match or not + */ + protected final boolean positive; + + /** + * The cached result of the {@link #toString} method. + */ + protected String stringValue; + + /** + * Sets up the final fields of this abstract class. The meaning of + * value parameter depends solely on the implementing class. From the + * point of view of this abstract class, it is simply a string value. + * + * @param value The string value of this instance + * @param positive true if matches are positive + */ + protected IfListEntry(String value, boolean positive) { + this.value = value; + this.positive = positive; + } + + /** + * Matches the value from the parameter to the internal string value. + * If the parameter and the {@link #value} field match, the method + * returns true for positive matches and false + * for negative matches. + *

        + * This helper method can be called by implementations to evaluate the + * concrete match on the correct value parameter. See + * {@link #match(String, String)} for the external API method. + * + * @param value The string value to compare to the {@link #value} + * field. + * @return true if the value parameter and the + * {@link #value} field match and the {@link #positive} field is + * true or if the values do not match and the + * {@link #positive} field is false. + */ + protected boolean match(String value) { + return positive == this.value.equals(value); + } + + /** + * Matches the entry's value to the the token or etag. Depending on the + * concrete implementation, only one of the parameters may be evaluated + * while the other may be ignored. + *

        + * Implementing METHODS may call the helper method {@link #match(String)} + * for the actual matching. + * + * @param token The token value to compare + * @param etag The etag value to compare + * @return true if the token/etag matches the IfList + * entry. + */ + public abstract boolean match(String token, String etag); + + /** + * Returns a short type name for the implementation. This method is + * used by the {@link #toString} method to build the string representation + * if the instance. + * + * @return The type name of the implementation. + */ + protected abstract String getType(); + + /** + * Returns the value of this entry. + * + * @return the value + */ + protected String getValue() { + return value; + } + + /** + * Returns the String representation of this entry. This method uses the + * {@link #getType} to build the string representation. + * + * @return the String representation of this entry. + */ + @Override + public String toString() { + if (stringValue == null) { + stringValue = getType() + ": " + (positive ? "" : "!") + value; + } + return stringValue; + } + } + + /** + * The IfListEntryToken extends the {@link IfListEntry} + * abstract class to represent an entry for token matching. + */ + private static class IfListEntryToken extends IfListEntry { + + /** + * Creates a token matching entry. + * + * @param token The token value pertinent to this instance. + * @param positive true if this is a positive match entry. + */ + IfListEntryToken(String token, boolean positive) { + super(token, positive); + } + + /** + * Matches the token parameter to the stored token value and returns + * true if the values match and if the match is positive. + * true is also returned for negative matches if the values + * do not match. + * + * @param token The token value to compare + * @param etag The etag value to compare, which is ignored in this + * implementation. + * @return true if the token matches the IfList + * entry's token value. + */ + @Override + public boolean match(String token, String etag) { + return super.match(token); + } + + /** + * Returns the type name of this implementation, which is fixed to + * be Token. + * + * @return The fixed string Token as the type name. + */ + @Override + protected String getType() { + return "Token"; + } + } + + /** + * The IfListEntryToken extends the {@link IfListEntry} + * abstract class to represent an entry for etag matching. + */ + private static class IfListEntryEtag extends IfListEntry { + + /** + * Creates an etag matching entry. + * + * @param etag The etag value pertinent to this instance. + * @param positive true if this is a positive match entry. + */ + IfListEntryEtag(String etag, boolean positive) { + super(etag, positive); + } + + /** + * Matches the etag parameter to the stored etag value and returns + * true if the values match and if the match is positive. + * true is also returned for negative matches if the values + * do not match. + * + * @param token The token value to compare, which is ignored in this + * implementation. + * @param etag The etag value to compare + * @return true if the etag matches the IfList + * entry's etag value. + */ + @Override + public boolean match(String token, String etag) { + return super.match(etag); + } + + /** + * Returns the type name of this implementation, which is fixed to + * be ETag. + * + * @return The fixed string ETag as the type name. + */ + @Override + protected String getType() { + return "ETag"; + } + } + + /** + * The IfList class extends the ArrayList class + * with the limitation to only support adding {@link IfListEntry} objects + * and adding a {@link #match} method. + *

        + * This class is a container for data contained in the If + * production IfList + * 

        +     * IfList = { [ "Not" ] ( ("<" Word ">" ) | ( "[" Word "]" ) ) } .
+     *
        + *

        + */ + @SuppressWarnings("serial") + private static class IfList extends ArrayList { + + /** + * Adds the {@link IfListEntry} at the end of the list. + * + * @param entry The {@link IfListEntry} to add to the list + * @return true (as per the general contract of Collection.add). + */ + @Override + public boolean add(IfListEntry entry) { + return super.add(entry); + } + + /** + * Adds the {@link IfListEntry} at the indicated position of the list. + * + * @param index + * @param entry + * @throws IndexOutOfBoundsException if index is out of range + * (index < 0 || index > size()). + */ + @Override + public void add(int index, IfListEntry entry) { + super.add(index, entry); + } + + /** + * Returns true if all {@link IfListEntry} objects in the + * list match the given token and etag. If the list is entry, it is + * considered to match the token and etag. + * + * @param token The token to compare. + * @param etag The etag to compare. + * @return true if all entries in the list match the + * given tag and token. + */ + public boolean match(String token, String etag) { + for (IfListEntry ile : this) { + if (!ile.match(token, etag)) { + return false; + } + } + return true; + } + } + + /** + * The IfHeaderInterface interface abstracts away the difference of + * tagged and untagged If header lists. The single method provided + * by this interface is to check whether a request may be applied to a + * resource with given token and etag. + */ + private interface IfHeaderInterface { + + /** + * Matches the resource, token, and etag against this + * IfHeaderInterface instance. + * + * @param resource The resource to match this instance against. This + * must be absolute URI of the resource as defined in Section 3 + * (URI Syntactic Components) of RFC 2396 Uniform Resource + * Identifiers (URI): Generic Syntax. + * @param token The resource's lock token to match + * @param etag The resource's etag to match + * @return true if the header matches the resource with + * token and etag, which means that the request is applicable + * to the resource according to the If header. + */ + boolean matches(String resource, String token, String etag); + } + + /** + * The IfHeaderList class implements the {@link IfHeaderInterface} + * interface to support untagged lists of {@link IfList}s. This class + * implements the data container for the production : + * 

        +     * Untagged = { "(" IfList ")" } .
+     *
        + */ + @SuppressWarnings("serial") + private static class IfHeaderList extends ArrayList implements IfHeaderInterface { + + /** + * Matches a list of {@link IfList}s against the token and etag. If any of + * the {@link IfList}s matches, the method returns true. + * On the other hand false is only returned if non of the + * {@link IfList}s match. + * + * @param resource The resource to match, which is ignored by this + * implementation. A value of null is therefor + * acceptable. + * @param token The token to compare. + * @param etag The ETag value to compare. + * @return True if any of the {@link IfList}s matches the token + * and etag, else false is returned. + */ + public boolean matches(String resource, String token, String etag) { + for (IfList il : this) { + if (il.match(token, etag)) { + return true; + } + } + return false; + } + } + + /** + * The IfHeaderMap class implements the {@link IfHeaderInterface} + * interface to support tagged lists of {@link IfList}s. This class + * implements the data container for the production : + * 
        +     * Tagged = { "<" Word ">" "(" IfList ")" } .
+     *
        + */ + @SuppressWarnings("serial") + private static class IfHeaderMap extends HashMap implements IfHeaderInterface { + + /** + * Matches the token and etag for the given resource. If the resource is + * not mentioned in the header, a match is assumed and true + * is returned in this case. + * + * @param resource The absolute URI of the resource for which to find + * a match. + * @param token The token to compare. + * @param etag The etag to compare. + * @return true if either no entry exists for the resource + * or if the entry for the resource matches the token and etag. + */ + public boolean matches(String resource, String token, String etag) { + IfHeaderList list = get(resource); + if (list == null) { + return true; + } else { + return list.matches(resource, token, etag); + } + } + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/LabelSetProperty.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/LabelSetProperty.java new file mode 100644 index 0000000..74d9943 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/LabelSetProperty.java @@ -0,0 +1,38 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; + +/** + * LabelSetProperty... + */ +public class LabelSetProperty extends AbstractDavProperty { + + private final String[] value; + + /** + * Create a new LabelSetProperty. + * + * @param labels + */ + public LabelSetProperty(String[] labels) { + super(DavPropertyName.create("label-name-set", DavConstants.NAMESPACE), true); + this.value = labels; + } + + + public String[] getValue() { + return value; + } + + @Override + public Element toXml(Document document) { + Element elem = getName().toXml(document); + for (String str : value) { + DomUtil.addChildElement(elem, "label-name", DavConstants.NAMESPACE, str); + } + return elem; + } + +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/LockInfo.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/LockInfo.java new file mode 100644 index 0000000..7fb6193 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/LockInfo.java @@ -0,0 +1,212 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.XMLizable; + +/** + * LockInfo is a simple utility class encapsulating the information + * passed with a LOCK request. It combines both the request body (which if present + * is required to by a 'lockinfo' Xml element) and the lock relevant request + * headers '{@link DavConstants#HEADER_TIMEOUT Timeout}' and + * '{@link DavConstants#HEADER_DEPTH Depth}'.
        + * Note that is class is not intended to perform any validation of the information + * given, since this left to those objects responsible for the lock creation + * on the requested resource. + */ +public class LockInfo implements DavConstants, XMLizable { + + private Type type; + private Scope scope; + private String owner; + private boolean isDeep; + private final long timeout; + + private boolean isRefreshLock; + + /** + * Create a new LockInfo used for refreshing an existing lock. + * + * @param timeout + */ + public LockInfo(long timeout) { + this.timeout = (timeout > 0) ? timeout : INFINITE_TIMEOUT; + this.isRefreshLock = true; + } + + /** + * Create a new LockInfo + * + * @param scope + * @param type + * @param owner + * @param timeout + * @param isDeep + */ + public LockInfo(Scope scope, Type type, String owner, long timeout, boolean isDeep) { + this.timeout = (timeout > 0) ? timeout : INFINITE_TIMEOUT; + this.isDeep = isDeep; + + if (scope == null || type == null) { + this.isRefreshLock = true; + } else { + this.scope = scope; + this.type = type; + this.owner = owner; + } + } + + /** + * Create a new LockInfo object from the given information. If + * liElement is null this lockinfo is assumed to + * be issued from a 'Refresh Lock' request. + * + * @param liElement 'lockinfo' element present in the request body of a LOCK request + * or null if the request was intended to refresh an existing lock. + * @param timeout Requested timespan until the lock should expire. A LOCK + * request MUST contain a '{@link DavConstants#HEADER_TIMEOUT Timeout}' + * according to RFC 2518. + * @param isDeep boolean value indicating whether the lock should be applied + * with depth infinity or only to the requested resource. + * @throws DavException if the liElement is not + * null but does not start with an 'lockinfo' element. + */ + public LockInfo(Element liElement, long timeout, boolean isDeep) throws DavException { + this.timeout = (timeout > 0) ? timeout : INFINITE_TIMEOUT; + this.isDeep = isDeep; + + if (liElement != null) { + if (!DomUtil.matches(liElement, XML_LOCKINFO, NAMESPACE)) { + throw new DavException(400 /*DavServletResponse.SC_BAD_REQUEST*/); + } + + ElementIterator it = DomUtil.getChildren(liElement); + while (it.hasNext()) { + Element child = it.nextElement(); + String childName = child.getLocalName(); + if (XML_LOCKTYPE.equals(childName)) { + type = Type.createFromXml(child); + } else if (XML_LOCKSCOPE.equals(childName)) { + scope = Scope.createFromXml(child); + } else if (XML_OWNER.equals(childName)) { + // first try if 'owner' is inside a href element + owner = DomUtil.getChildTextTrim(child, XML_HREF, NAMESPACE); + if (owner == null) { + // otherwise: assume owner is a simple text element + owner = DomUtil.getTextTrim(child); + } + } + } + isRefreshLock = false; + } else { + isRefreshLock = true; + } + } + + /** + * Returns the lock type or null if no 'lockinfo' element was + * passed to the constructor or did not contain an 'type' element and the + * type has not been set otherwise. + * + * @return type or null + */ + public Type getType() { + return type; + } + + /** + * Set the lock type. + * + * @param type + */ + public void setType(Type type) { + this.type = type; + } + + /** + * Return the lock scope or null if no 'lockinfo' element was + * passed to the constructor or did not contain an 'scope' element and the + * scope has not been set otherwise. + * + * @return scope or null + */ + public Scope getScope() { + return scope; + } + + /** + * Set the lock scope. + * + * @param scope + */ + public void setScope(Scope scope) { + this.scope = scope; + } + + /** + * Return the owner indicated by the corresponding child element from the + * 'lockinfo' element or null if no 'lockinfo' element was + * passed to the constructor or did not contain an 'owner' element. + * + * @return owner or null + */ + public String getOwner() { + return owner; + } + + /** + * Returns true if the lock must be applied with depth infinity. + * + * @return true if a deep lock must be created. + */ + public boolean isDeep() { + return isDeep; + } + + /** + * Returns the time until the lock is requested to expire. + * + * @return time until the lock should expire. + */ + public long getTimeout() { + return timeout; + } + + /** + * Returns true if this LockInfo was created for a LOCK + * request intended to refresh an existing lock rather than creating a + * new one. + * + * @return true if the corresponding LOCK request was intended to refresh + * an existing lock. + */ + public boolean isRefreshLock() { + return isRefreshLock; + } + + /** + * Returns the xml representation of this lock info.
        + * NOTE however, that the depth and the timeout are not included + * in the xml. They will be passed to the server using the corresponding + * request headers. + * + * @param document + * @return xml representation of this lock info. + * @see XMLizable#toXml(Document) + */ + public Element toXml(Document document) { + if (isRefreshLock) { + return null; + } else { + Element lockInfo = DomUtil.createElement(document, XML_LOCKINFO, NAMESPACE); + lockInfo.appendChild(scope.toXml(document)); + lockInfo.appendChild(type.toXml(document)); + if (owner != null) { + DomUtil.addChildElement(lockInfo, XML_OWNER, NAMESPACE, owner); + } + return lockInfo; + } + } + +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/MultiStatus.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/MultiStatus.java new file mode 100644 index 0000000..1a4c8d2 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/MultiStatus.java @@ -0,0 +1,114 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.XMLizable; +import java.util.LinkedHashMap; +import java.util.Map; + +/** + * MultiStatus representing the content of a multistatus response body and + * allows to retrieve the Xml representation. + */ +public class MultiStatus implements DavConstants, XMLizable { + + /** + * Map collecting the responses for this multistatus, where every href must + * only occur one single time. + */ + private final Map responses = new LinkedHashMap<>(); + + /** + * A general response description at the multistatus top level is used to + * provide a general message describing the overarching nature of the response. + * If this value is available an application may use it instead of + * presenting the individual response descriptions contained within the + * responses. + */ + private String responseDescription; + + /** + * Add a MultiStatusResponse element to this MultiStatus + *

        + * This method is synchronized to avoid the problem described in + * JCR-2755. + * + * @param response + */ + public synchronized void addResponse(MultiStatusResponse response) { + responses.put(response.getHref(), response); + } + + /** + * Returns the multistatus responses present as array. + *

        + * This method is synchronized to avoid the problem described in + * JCR-2755. + * + * @return array of all {@link MultiStatusResponse responses} present in this + * multistatus. + */ + public synchronized MultiStatusResponse[] getResponses() { + return responses.values().toArray(new MultiStatusResponse[responses.size()]); + } + + /** + * Set the response description. + * + * @param responseDescription + */ + public void setResponseDescription(String responseDescription) { + this.responseDescription = responseDescription; + } + + /** + * Returns the response description. + * + * @return responseDescription + */ + public String getResponseDescription() { + return responseDescription; + } + + /** + * Return the Xml representation of this MultiStatus. + * + * @param document + * @return Xml document + */ + public Element toXml(Document document) { + Element multistatus = DomUtil.createElement(document, XML_MULTISTATUS, NAMESPACE); + for (MultiStatusResponse resp : getResponses()) { + multistatus.appendChild(resp.toXml(document)); + } + if (responseDescription != null) { + Element respDesc = DomUtil.createElement(document, XML_RESPONSEDESCRIPTION, NAMESPACE, responseDescription); + multistatus.appendChild(respDesc); + } + return multistatus; + } + + /** + * Build a MultiStatus from the specified xml element. + * + * @param multistatusElement element + * @return new MultiStatus instance. + * @throws IllegalArgumentException if the given document is null + * or does not provide the required element. + */ + public static MultiStatus createFromXml(Element multistatusElement) { + if (!DomUtil.matches(multistatusElement, XML_MULTISTATUS, NAMESPACE)) { + throw new IllegalArgumentException("DAV:multistatus element expected."); + } + MultiStatus multistatus = new MultiStatus(); + ElementIterator it = DomUtil.getChildren(multistatusElement, XML_RESPONSE, NAMESPACE); + while (it.hasNext()) { + Element respElem = it.nextElement(); + MultiStatusResponse response = MultiStatusResponse.createFromXml(respElem); + multistatus.addResponse(response); + } + multistatus.setResponseDescription(DomUtil.getChildText(multistatusElement, XML_RESPONSEDESCRIPTION, NAMESPACE)); + return multistatus; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/MultiStatusResponse.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/MultiStatusResponse.java new file mode 100644 index 0000000..01614f9 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/MultiStatusResponse.java @@ -0,0 +1,463 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.XMLizable; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.Map; +import java.util.Set; + +/** + * MultiStatusResponse represents the DAV:multistatus element defined + * by RFC 2518: + * 

        + * <!ELEMENT response (href, ((href*, status)|(propstat+)), responsedescription?) >
+ * <!ELEMENT status (#PCDATA) >
+ * <!ELEMENT propstat (prop, status, responsedescription?) >
+ * <!ELEMENT responsedescription (#PCDATA) >
+ * <!ELEMENT prop ANY >
+ *
        + */ +public class MultiStatusResponse implements XMLizable, DavConstants { + + private static final int TYPE_PROPSTAT = 0; + private static final int TYPE_HREFSTATUS = 1; + + /** + * The type of MultiStatusResponse + */ + private final int type; + + /** + * The content the 'href' element for this response + */ + private final String href; + + /** + * An optional response description. + */ + private final String responseDescription; + + /** + * Type of MultiStatus response: Href + Status + */ + private Status status; + + /** + * Type of MultiStatus response: PropStat Hashmap containing all status + */ + private final Map statusMap = new HashMap<>(); + + private MultiStatusResponse(String href, String responseDescription, int type) { + if (!isValidHref(href)) { + throw new IllegalArgumentException("Invalid href ('" + href + "')"); + } + this.href = href; + this.responseDescription = responseDescription; + this.type = type; + } + + /** + * Constructs an WebDAV multistatus response + * + * @param href + * @param status + * @param responseDescription + */ + public MultiStatusResponse(String href, Status status, String responseDescription) { + this(href, responseDescription, TYPE_HREFSTATUS); + if (status == null) { + throw new IllegalArgumentException("Status must not be null in case of a multistatus reponse that consists of href + status only."); + } + this.status = status; + } + + /** + * Constructs an WebDAV multistatus response for a given resource. This + * would be used by COPY, MOVE, DELETE, LOCK that require a multistatus in + * case of error with a resource other than the resource identified in the + * Request-URI.
        + * The response description is set to null. + * + * @param href + * @param statusCode + */ + public MultiStatusResponse(String href, int statusCode) { + this(href, statusCode, null); + } + + /** + * Constructs an WebDAV multistatus response for a given resource. This + * would be used by COPY, MOVE, DELETE, LOCK that require a multistatus in + * case of error with a resource other than the resource identified in the + * Request-URI. + * + * @param href + * @param statusCode + * @param responseDescription + */ + public MultiStatusResponse(String href, int statusCode, String responseDescription) { + this(href, new Status(statusCode), responseDescription); + } + + /** + * Constructs an empty WebDAV multistatus response of type 'PropStat' + */ + public MultiStatusResponse(String href, String responseDescription) { + this(href, responseDescription, TYPE_PROPSTAT); + } + + /** + * Constructs a WebDAV multistatus response and retrieves the resource + * properties according to the given DavPropertyNameSet. + * + * @param resource + * @param propNameSet + */ + /*public MultiStatusResponse(DavResource resource, DavPropertyNameSet propNameSet) { + this(resource, propNameSet, PROPFIND_BY_PROPERTY); + }*/ + + /** + * Constructs a WebDAV multistatus response and retrieves the resource + * properties according to the given DavPropertyNameSet. It + * adds all known property to the '200' set, while unknown properties are + * added to the '404' set. + *

        + * Note, that the set of property names is ignored in case of a {@link + * #PROPFIND_ALL_PROP} and {@link #PROPFIND_PROPERTY_NAMES} propFindType. + * + * @param resource The resource to retrieve the property from + * @param propNameSet The property name set as obtained from the request + * body. + * @param propFindType any of the following values: {@link + * #PROPFIND_ALL_PROP}, {@link #PROPFIND_BY_PROPERTY}, {@link + * #PROPFIND_PROPERTY_NAMES}, {@link #PROPFIND_ALL_PROP_INCLUDE} + */ + /*public MultiStatusResponse(DavResource resource, DavPropertyNameSet propNameSet, + int propFindType) { + this(resource.getHref(), null, TYPE_PROPSTAT); + + if (propFindType == PROPFIND_PROPERTY_NAMES) { + // only property names requested + PropContainer status200 = getPropContainer(200, true); + for (DavPropertyName propName : resource.getPropertyNames()) { + status200.addContent(propName); + } + } else { + // all or a specified set of property and their values requested. + PropContainer status200 = getPropContainer(200, false); + + // Collection of missing property names for 404 responses + Set missing = new HashSet(propNameSet.getContent()); + + // Add requested properties or all non-protected properties, + // or non-protected properties plus requested properties (allprop/include) + if (propFindType == PROPFIND_BY_PROPERTY) { + // add explicitly requested properties (proptected or non-protected) + for (DavPropertyName propName : propNameSet) { + DavProperty prop = resource.getProperty(propName); + if (prop != null) { + status200.addContent(prop); + missing.remove(propName); + } + } + } else { + // add all non-protected properties + for (DavProperty property : resource.getProperties()) { + boolean allDeadPlusRfc4918LiveProperties = + propFindType == PROPFIND_ALL_PROP + || propFindType == PROPFIND_ALL_PROP_INCLUDE; + boolean wasRequested = missing.remove(property.getName()); + + if ((allDeadPlusRfc4918LiveProperties + && !property.isInvisibleInAllprop()) + || wasRequested) { + status200.addContent(property); + } + } + + // try if missing properties specified in the include section + // can be obtained using resource.getProperty + if (propFindType == PROPFIND_ALL_PROP_INCLUDE && !missing.isEmpty()) { + for (DavPropertyName propName : new HashSet(missing)) { + DavProperty prop = resource.getProperty(propName); + if (prop != null) { + status200.addContent(prop); + missing.remove(propName); + } + } + } + } + + if (!missing.isEmpty() && propFindType != PROPFIND_ALL_PROP) { + PropContainer status404 = getPropContainer(404, true); + for (DavPropertyName propName : missing) { + status404.addContent(propName); + } + } + } + }*/ + + /** + * Returns the href + * + * @return href + * @see MultiStatusResponse#getHref() + */ + public String getHref() { + return href; + } + + /** + * @return responseDescription + * @see MultiStatusResponse#getResponseDescription() + */ + public String getResponseDescription() { + return responseDescription; + } + + /** + * Return an array listing all 'status' available is this response object. + * Note, that a the array contains a single element if this + * MultiStatusResponse defines an response consisting of + * href and status elements. + * + * @return + */ + public Status[] getStatus() { + Status[] sts; + if (type == TYPE_PROPSTAT) { + sts = new Status[statusMap.size()]; + Iterator iter = statusMap.keySet().iterator(); + for (int i = 0; iter.hasNext(); i++) { + Integer statusKey = iter.next(); + sts[i] = new Status(statusKey); + } + } else { + sts = new Status[]{status}; + } + return sts; + } + + /** + * @return {@code true} if the response is of type "propstat" (containing information about individual properties) + */ + public boolean isPropStat() { + return this.type == TYPE_PROPSTAT; + } + + /** + * @param document + * @see XMLizable#toXml(Document) + */ + public Element toXml(Document document) { + Element response = DomUtil.createElement(document, XML_RESPONSE, NAMESPACE); + // add '' + response.appendChild(DomUtil.hrefToXml(getHref(), document)); + if (type == TYPE_PROPSTAT) { + // add '' elements + for (Integer statusKey : statusMap.keySet()) { + Status st = new Status(statusKey); + PropContainer propCont = statusMap.get(statusKey); + if (!propCont.isEmpty()) { + Element propstat = DomUtil.createElement(document, XML_PROPSTAT, NAMESPACE); + propstat.appendChild(propCont.toXml(document)); + propstat.appendChild(st.toXml(document)); + response.appendChild(propstat); + } + } + } else { + // add a single '' element + // NOTE: a href+status response cannot be created with 'null' status + response.appendChild(status.toXml(document)); + } + // add the optional '' element + String description = getResponseDescription(); + if (description != null) { + Element desc = DomUtil.createElement(document, XML_RESPONSEDESCRIPTION, NAMESPACE); + DomUtil.setText(desc, description); + response.appendChild(desc); + } + return response; + } + //----------------------------------------------< type specific methods >--- + + /** + * Adds a property to this response '200' propstat set. + * + * @param property the property to add + */ + public void add(DavProperty property) { + checkType(TYPE_PROPSTAT); + PropContainer status200 = getPropContainer(200, false); + status200.addContent(property); + } + + /** + * Adds a property name to this response '200' propstat set. + * + * @param propertyName the property name to add + */ + public void add(DavPropertyName propertyName) { + checkType(TYPE_PROPSTAT); + PropContainer status200 = getPropContainer(200, true); + status200.addContent(propertyName); + } + + /** + * Adds a property to this response + * + * @param property the property to add + * @param status the status of the response set to select + */ + public void add(DavProperty property, int status) { + checkType(TYPE_PROPSTAT); + PropContainer propCont = getPropContainer(status, false); + propCont.addContent(property); + } + + /** + * Adds a property name to this response + * + * @param propertyName the property name to add + * @param status the status of the response set to select + */ + public void add(DavPropertyName propertyName, int status) { + checkType(TYPE_PROPSTAT); + PropContainer propCont = getPropContainer(status, true); + propCont.addContent(propertyName); + } + + /** + * @param status + * @return + */ + private PropContainer getPropContainer(int status, boolean forNames) { + PropContainer propContainer = statusMap.get(status); + if (propContainer == null) { + if (forNames) { + propContainer = new DavPropertyNameSet(); + } else { + propContainer = new DavPropertySet(); + } + statusMap.put(status, propContainer); + } + return propContainer; + } + + private void checkType(int type) { + if (this.type != type) { + throw new IllegalStateException("The given MultiStatusResponse is not of the required type."); + } + } + + /** + * Get properties present in this response for the given status code. In + * case this MultiStatusResponse does not represent a 'propstat' response, + * always an empty {@link DavPropertySet} will be returned. + * + * @param status + * @return property set + */ + public DavPropertySet getProperties(int status) { + if (statusMap.containsKey(status)) { + PropContainer mapEntry = statusMap.get(status); + if (mapEntry != null && mapEntry instanceof DavPropertySet) { + return (DavPropertySet) mapEntry; + } + } + return new DavPropertySet(); + } + + /** + * Get property names present in this response for the given status code. In + * case this MultiStatusResponse does not represent a 'propstat' response, + * always an empty {@link DavPropertyNameSet} will be returned. + * + * @param status + * @return property names + */ + public DavPropertyNameSet getPropertyNames(int status) { + if (statusMap.containsKey(status)) { + PropContainer mapEntry = statusMap.get(status); + if (mapEntry != null) { + if (mapEntry instanceof DavPropertySet) { + DavPropertyNameSet set = new DavPropertyNameSet(); + for (DavPropertyName name : ((DavPropertySet) mapEntry).getPropertyNames()) { + set.add(name); + } + return set; + } else { + // is already a DavPropertyNameSet + return (DavPropertyNameSet) mapEntry; + } + } + } + return new DavPropertyNameSet(); + } + + /** + * Build a new response object from the given xml element. + * + * @param responseElement + * @return new MultiStatusResponse instance + * @throws IllegalArgumentException if the specified element is + * null or not a DAV:response element or if the mandatory + * DAV:href child is missing. + */ + public static MultiStatusResponse createFromXml(Element responseElement) { + if (!DomUtil.matches(responseElement, XML_RESPONSE, NAMESPACE)) { + throw new IllegalArgumentException("DAV:response element required."); + } + String href = DomUtil.getChildTextTrim(responseElement, XML_HREF, NAMESPACE); + if (href == null) { + throw new IllegalArgumentException("DAV:response element must contain a DAV:href element expected."); + } + String statusLine = DomUtil.getChildText(responseElement, XML_STATUS, NAMESPACE); + String responseDescription = DomUtil.getChildText(responseElement, XML_RESPONSEDESCRIPTION, NAMESPACE); + + MultiStatusResponse response; + if (statusLine != null) { + Status status = Status.parse(statusLine); + response = new MultiStatusResponse(href, status, responseDescription); + } else { + response = new MultiStatusResponse(href, responseDescription, TYPE_PROPSTAT); + // read propstat elements + ElementIterator it = DomUtil.getChildren(responseElement, XML_PROPSTAT, NAMESPACE); + while (it.hasNext()) { + Element propstat = it.nextElement(); + String propstatus = DomUtil.getChildText(propstat, XML_STATUS, NAMESPACE); + Element prop = DomUtil.getChildElement(propstat, XML_PROP, NAMESPACE); + if (propstatus != null && prop != null) { + int statusCode = Status.parse(propstatus).getStatusCode(); + ElementIterator propIt = DomUtil.getChildren(prop); + while (propIt.hasNext()) { + Element el = propIt.nextElement(); + /* + always build dav property from the given element, since + distinction between prop-names and properties not having + a value is not possible. + retrieval of the set of 'property names' is possible from + the given prop-set by calling DavPropertySet#getPropertyNameSet() + */ + DavProperty property = DefaultDavProperty.createFromXml(el); + response.add(property, statusCode); + } + } + } + } + return response; + } + + /** + * @param href + * @return false if the given href is null or empty string. + */ + private static boolean isValidHref(String href) { + return href != null && !"".equals(href); + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/OptionsResponse.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/OptionsResponse.java new file mode 100644 index 0000000..15b9591 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/OptionsResponse.java @@ -0,0 +1,117 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.Namespace; +import org.xbib.io.webdav.api.XMLizable; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +/** + * OptionsResponse encapsulates the DAV:options-response element + * present in the response body of a successful OPTIONS request (with body). + *
        + * The DAV:options-response element is defined to have the following format. + * + * 

        + * <!ELEMENT options-response ANY>
+ * ANY value: A sequence of elements
+ *
        + *

        + * Please note, that OptionsResponse represents a simplified implementation + * of the given structure. We assume, that there may only entries that consist + * of a qualified name and a set of href child elements. + * + */ +public class OptionsResponse implements XMLizable { + + private final Map entries = new HashMap<>(); + + /** + * Add a new entry to this OptionsResponse and make each + * href present in the String array being a separate {@link DavConstants#XML_HREF DAV:href} + * element within the entry. + * + * @param localName + * @param namespace + * @param hrefs + */ + public void addEntry(String localName, Namespace namespace, String[] hrefs) { + Entry entry = new Entry(localName, namespace, hrefs); + entries.put(DomUtil.getExpandedName(localName, namespace), entry); + } + + /** + * @param localName + * @param namespace + * @return + */ + public String[] getHrefs(String localName, Namespace namespace) { + String key = DomUtil.getExpandedName(localName, namespace); + if (entries.containsKey(key)) { + return entries.get(key).hrefs; + } else { + return new String[0]; + } + } + + /** + * Return the Xml representation. + * + * @param document + * @return Xml representation. + * @see XMLizable#toXml(Document) + */ + public Element toXml(Document document) { + Element optionsResponse = DomUtil.createElement(document, "options-response", DavConstants.NAMESPACE); + for (Entry entry : entries.values()) { + Element elem = DomUtil.addChildElement(optionsResponse, entry.localName, entry.namespace); + for (String href : entry.hrefs) { + elem.appendChild(DomUtil.hrefToXml(href, document)); + } + } + return optionsResponse; + } + + /** + * Build a new OptionsResponse object from the given xml element. + * + * @param orElem + * @return a new OptionsResponse object + * @throws IllegalArgumentException if the specified element is null + * or if its name is other than 'DAV:options-response'. + */ + public static OptionsResponse createFromXml(Element orElem) { + if (!DomUtil.matches(orElem, "options-response", DavConstants.NAMESPACE)) { + throw new IllegalArgumentException("DAV:options-response element expected"); + } + OptionsResponse oResponse = new OptionsResponse(); + ElementIterator it = DomUtil.getChildren(orElem); + while (it.hasNext()) { + Element el = it.nextElement(); + List hrefs = new ArrayList(); + ElementIterator hrefIt = DomUtil.getChildren(el, DavConstants.XML_HREF, DavConstants.NAMESPACE); + while (hrefIt.hasNext()) { + hrefs.add(DomUtil.getTextTrim(hrefIt.nextElement())); + } + oResponse.addEntry(el.getLocalName(), DomUtil.getNamespace(el), hrefs.toArray(new String[hrefs.size()])); + } + return oResponse; + } + + private static class Entry { + + private final String localName; + private final Namespace namespace; + private final String[] hrefs; + + private Entry(String localName, Namespace namespace, String[] hrefs) { + this.localName = localName; + this.namespace = namespace; + this.hrefs = hrefs; + } + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/OrderPatch.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/OrderPatch.java new file mode 100644 index 0000000..ef53497 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/OrderPatch.java @@ -0,0 +1,181 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.XMLizable; +import java.util.ArrayList; +import java.util.List; + +/** + * OrderPatch represents the mandatory request body of an + * ORDERPATCH request. RFC 3648 defines the following structure for it:
        + * 

        + * <!ELEMENT orderpatch (ordering-type?, order-member*) >
+ * <!ELEMENT order-member (segment, position) >
+ * <!ELEMENT position (first | last | before | after) >
+ * <!ELEMENT segment (#PCDATA) >
+ * <!ELEMENT first EMPTY >
+ * <!ELEMENT last EMPTY >
+ * <!ELEMENT before segment >
+ * <!ELEMENT after segment >
+ *
        + */ +public class OrderPatch implements XMLizable { + + private final Member[] instructions; + + private final String orderingType; + + /** + * Create a new OrderPath object. + * + * @param orderingType + * @param instruction + */ + public OrderPatch(String orderingType, Member instruction) { + this(orderingType, new Member[]{instruction}); + } + + /** + * Create a new OrderPath object. + * + * @param orderingType + * @param instructions + */ + public OrderPatch(String orderingType, Member[] instructions) { + if (orderingType == null || instructions == null) { + throw new IllegalArgumentException("ordering type and instructions cannot be null."); + } + this.orderingType = orderingType; + this.instructions = instructions; + } + + /** + * Return the ordering type. + * + * @return ordering type + */ + public String getOrderingType() { + return orderingType; + } + + /** + * Return an array of {@link Member} objects defining the re-ordering + * instructions to be applied to the requested resource. + * + * @return ordering instructions. + */ + public Member[] getOrderInstructions() { + return instructions; + } + + /** + * @param document + * @return + */ + public Element toXml(Document document) { + Element orderPatch = DomUtil.createElement(document, "orderpatch", DavConstants.NAMESPACE); + // add DAV:ordering-type below DAV:orderpatch + Element otype = DomUtil.addChildElement(orderPatch, "ordering-type", DavConstants.NAMESPACE); + otype.appendChild(DomUtil.hrefToXml(orderingType, document)); + // add DAV:member elements below DAV:orderpatch + for (Member instruction : instructions) { + orderPatch.appendChild(instruction.toXml(document)); + } + return orderPatch; + } + + /** + * Create a new OrderPath object. + * + * @param orderPatchElement + * @throws IllegalArgumentException if the specified Xml element was not valid. + */ + public static OrderPatch createFromXml(Element orderPatchElement) throws DavException { + if (!DomUtil.matches(orderPatchElement, "orderpatch", DavConstants.NAMESPACE)) { + //log.warn("ORDERPATH request body must start with an 'orderpatch' element."); + throw new DavException(400); + } + + // retrieve the href of the orderingtype element + String orderingType; + Element otype = DomUtil.getChildElement(orderPatchElement, "ordering-type", DavConstants.NAMESPACE); + if (otype != null) { + orderingType = DomUtil.getChildText(otype, DavConstants.XML_HREF, DavConstants.NAMESPACE); + } else { + //log.warn("ORDERPATH request body must contain an 'ordering-type' child element."); + throw new DavException(400); + } + + // set build the list of ordering instructions + List tmpList = new ArrayList(); + ElementIterator it = DomUtil.getChildren(orderPatchElement, "order-member", DavConstants.NAMESPACE); + while (it.hasNext()) { + Element el = it.nextElement(); + try { + // retrieve text 'DAV:segment' child of this DAV:order-member element + String segment = DomUtil.getChildText(el, "segment", DavConstants.NAMESPACE); + // retrieve the 'DAV:position' child element + Position pos = Position.createFromXml(DomUtil.getChildElement(el, "position", DavConstants.NAMESPACE)); + Member om = new Member(segment, pos); + tmpList.add(om); + } catch (IllegalArgumentException e) { + //log.warn("Invalid element in 'orderpatch' request body: " + e.getMessage()); + throw new DavException(400); + } + } + Member[] instructions = tmpList.toArray(new Member[tmpList.size()]); + return new OrderPatch(orderingType, instructions); + } + + /** + * Internal class Member represents the 'Order-Member' children + * elements of an 'OrderPatch' request body present in the ORDERPATCH request. + */ + public static class Member implements XMLizable { + + private final String memberHandle; + private final Position position; + + /** + * Create a new Member object. + * + * @param memberHandle + * @param position + */ + public Member(String memberHandle, Position position) { + this.memberHandle = memberHandle; + this.position = position; + } + + /** + * Return the handle of the internal member to be reordered. + * + * @return handle of the internal member. + */ + public String getMemberHandle() { + return memberHandle; + } + + /** + * Return the position where the internal member identified by the + * member handle should be placed. + * + * @return position for the member after the request. + * @see #getMemberHandle() + */ + public Position getPosition() { + return position; + } + + @Override + public Element toXml(Document document) { + Element memberElem = DomUtil.createElement(document, "order-member", DavConstants.NAMESPACE); + DomUtil.addChildElement(memberElem, "segment", DavConstants.NAMESPACE, memberHandle); + memberElem.appendChild(position.toXml(document)); + return memberElem; + } + + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/OrderingType.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/OrderingType.java new file mode 100644 index 0000000..fd6952e --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/OrderingType.java @@ -0,0 +1,36 @@ +package org.xbib.io.webdav.common; + +import org.xbib.io.webdav.api.DavConstants; + +/** + * OrderingType represents the + * DAV:ordering-type property as defined by + * RFC 3648. This property is + * protected cannot be set using PROPPATCH. Its value may only be set by + * including the Ordering-Type header with a MKCOL request or by submitting an + * ORDERPATCH request. + * + * @see DavProperty#isInvisibleInAllprop() + */ +public class OrderingType extends HrefProperty { + + /** + * Creates a OrderingType with the default type (e.g. default + * value). The default value is specified to be "DAV:unordered". + */ + public OrderingType() { + this(null); + } + + /** + * Create an OrderingType with the given ordering.
        + * NOTE: the ordering-type property is defined to be protected. + * + * @param href href + * @see DavProperty#isInvisibleInAllprop() + */ + public OrderingType(String href) { + // spec requires that the default value is 'DAV:unordered' + super(DavPropertyName.create("ordering-type", DavConstants.NAMESPACE), (href != null) ? href : "DAV:unordered", true); + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/ParentElement.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/ParentElement.java new file mode 100644 index 0000000..fc76058 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/ParentElement.java @@ -0,0 +1,86 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.XMLizable; + +/** + * ParentElement wraps en element of the parent set of a resource. A java.util.Set of + * ParentElement objects may serve as the value object of the ParentSet DavProperty. + */ +public class ParentElement implements XMLizable { + + private final String href; + private final String segment; + + public ParentElement(String href, String segment) { + this.href = href; + this.segment = segment; + } + + public String getHref() { + return this.href; + } + + public String getSegment() { + return this.segment; + } + + /** + * Build an ParentElement object from an XML element DAV:parent + * + * @param root the DAV:parent element + * @return a ParentElement object + * @throws DavException if the DAV:parent element is malformed + */ + public static ParentElement createFromXml(Element root) throws DavException { + if (!DomUtil.matches(root, "parent", DavConstants.NAMESPACE)) { + //log.warn("DAV:paret element expected"); + throw new DavException(400); + } + String href = null; + String segment = null; + ElementIterator it = DomUtil.getChildren(root); + while (it.hasNext()) { + Element elt = it.nextElement(); + if (DomUtil.matches(elt, "segment", DavConstants.NAMESPACE)) { + if (segment == null) { + segment = DomUtil.getText(elt); + } else { + //log.warn("unexpected multiple occurrence of DAV:segment element"); + throw new DavException(400); + } + } else if (DomUtil.matches(elt, "href", DavConstants.NAMESPACE)) { + if (href == null) { + href = DomUtil.getText(elt); + } else { + //log.warn("unexpected multiple occurrence of DAV:href element"); + throw new DavException(400); + } + } else { + //log.warn("unexpected element " + elt.getLocalName()); + throw new DavException(400); + } + } + if (href == null) { + // log.warn("DAV:href element expected"); + throw new DavException(400); + } + if (segment == null) { + // log.warn("DAV:segment element expected"); + throw new DavException(400); + } + return new ParentElement(href, segment); + } + + @Override + public Element toXml(Document document) { + Element parentElt = DomUtil.createElement(document, "parent", DavConstants.NAMESPACE); + Element hrefElt = DomUtil.createElement(document, "href", DavConstants.NAMESPACE, this.href); + Element segElt = DomUtil.createElement(document, "segment", DavConstants.NAMESPACE, this.segment); + parentElt.appendChild(hrefElt); + parentElt.appendChild(segElt); + return parentElt; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/ParentSet.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/ParentSet.java new file mode 100644 index 0000000..08b57a9 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/ParentSet.java @@ -0,0 +1,26 @@ +package org.xbib.io.webdav.common; + +import java.util.Collection; + +/** + * ParentSet represents a DAV:parent-set property. + */ +public class ParentSet extends AbstractDavProperty> { + + private final Collection parents; + + /** + * Creates a new ParentSet from a collection of ParentElement objects. + * + * @param parents + */ + public ParentSet(Collection parents) { + super(DavPropertyName.create("parent-set"), true); + this.parents = parents; + } + + @Override + public Collection getValue() { + return this.parents; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/PollTimeoutHeader.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/PollTimeoutHeader.java new file mode 100644 index 0000000..a3e1bee --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/PollTimeoutHeader.java @@ -0,0 +1,30 @@ +package org.xbib.io.webdav.common; + +/** + * Implements a timeout header for subscription polling. + */ +public class PollTimeoutHeader extends TimeoutHeader { + + public PollTimeoutHeader(long timeout) { + super(timeout); + } + + @Override + public String getHeaderName() { + return "PollTimeout"; + } + + /** + * Parses the request timeout header and converts it into a new + * PollTimeoutHeader object.
        The default value is used as + * fallback if the String is not parseable. + * + * @param defaultValue + * @return a new PollTimeoutHeader object. + */ + public static PollTimeoutHeader parseHeader(/*HttpServletRequest request,*/ String timeoutStr, long defaultValue) { + //String timeoutStr = request.getHeader(ObservationConstants.HEADER_POLL_TIMEOUT); + long timeout = parseString(timeoutStr, defaultValue); + return new PollTimeoutHeader(timeout); + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/Position.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/Position.java new file mode 100644 index 0000000..af6430a --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/Position.java @@ -0,0 +1,131 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.XMLizable; +import java.util.HashSet; +import java.util.Set; + +/** + * Position encapsulates the position in ordering information + * contained in a Webdav request. This includes both the + * header and the position Xml element present in the request body of an ORDERPATCH request. + */ +public class Position implements XMLizable { + + private static final Set VALID_TYPES = new HashSet(); + + static { + VALID_TYPES.add("first"); + VALID_TYPES.add("last"); + VALID_TYPES.add("after"); + VALID_TYPES.add("before"); + } + + private final String type; + private final String segment; + + /** + * Create a new Position object with the specified type. + * Since any type except for first and last + * must be combined with a segment, only the mentioned types are valid + * arguments. + * + * @param type first or last + * @throws IllegalArgumentException if the given type is other than first + * or last + */ + public Position(String type) { + if (!VALID_TYPES.contains(type)) { + throw new IllegalArgumentException("Invalid type: " + type); + } + if (!("first".equals(type) || "last".equals(type))) { + throw new IllegalArgumentException("If type is other than 'first' or 'last' a segment must be specified"); + } + this.type = type; + this.segment = null; + } + + /** + * Create a new Position object with the specified type and + * segment. + * + * @param type + * @param segment + * @throws IllegalArgumentException if the specified type and segment do not + * form a valid pair. + */ + public Position(String type, String segment) { + if (!VALID_TYPES.contains(type)) { + throw new IllegalArgumentException("Invalid type: " + type); + } + if (("after".equals(type) || "before".equals(type)) && (segment == null || "".equals(segment))) { + throw new IllegalArgumentException("If type is other than 'first' or 'last' a segment must be specified"); + } + this.type = type; + this.segment = segment; + } + + /** + * Return the type of this Position object + * + * @return type + */ + public String getType() { + return type; + } + + /** + * Returns the segment used to create this Position object or + * null if no segment is present with the type. + * + * @return segment or null + * @see #getType() + */ + public String getSegment() { + return segment; + } + + @Override + public Element toXml(Document document) { + Element positionElement = DomUtil.createElement(document, "position", DavConstants.NAMESPACE); + Element typeElement = DomUtil.addChildElement(positionElement, type, DavConstants.NAMESPACE); + if (segment != null) { + DomUtil.addChildElement(typeElement, "segment", DavConstants.NAMESPACE, segment); + } + return positionElement; + } + + /** + * Create a new Position object from the specified position + * element. The element must fulfill the following structure:
        + * 
        +     * <!ELEMENT position (first | last | before | after) >
+     * <!ELEMENT segment (#PCDATA) >
+     * <!ELEMENT first EMPTY >
+     * <!ELEMENT last EMPTY >
+     * <!ELEMENT before segment >
+     * <!ELEMENT after segment >
+     *
        + * + * @param positionElement Xml element defining the position. + * @throws IllegalArgumentException if the given Xml element is not valid. + */ + public static Position createFromXml(Element positionElement) { + if (!DomUtil.matches(positionElement, "position", DavConstants.NAMESPACE)) { + throw new IllegalArgumentException("The 'DAV:position' element required."); + } + ElementIterator it = DomUtil.getChildren(positionElement); + if (it.hasNext()) { + Element el = it.nextElement(); + String type = el.getLocalName(); + // read the text of DAV:segment child element inside the type + String segmentText = DomUtil.getChildText(el, "segment",DavConstants.NAMESPACE); + // stop after the first iteration + return new Position(type, segmentText); + } else { + throw new IllegalArgumentException("The 'DAV:position' element required with exact one child indicating the type."); + } + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/PropContainer.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/PropContainer.java new file mode 100644 index 0000000..9f535a5 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/PropContainer.java @@ -0,0 +1,79 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.PropEntry; +import org.xbib.io.webdav.api.XMLizable; +import java.util.Collection; + +/** + * PropContainer... + */ +public abstract class PropContainer implements XMLizable, DavConstants { + + /** + * Tries to add the specified entry to the PropContainer and + * returns a boolean indicating whether the content could be added to the + * internal set/map. + * + * @param contentEntry + * @return true if the object could be added; false otherwise + */ + public abstract boolean addContent(PropEntry contentEntry); + + /** + * Returns true if the PropContainer does not yet contain any content elements. + * + * @return true if this container is empty. + */ + public abstract boolean isEmpty(); + + /** + * Returns the number of property related content elements that are present + * in this PropContainer. + * + * @return number of content elements + */ + public abstract int getContentSize(); + + /** + * Returns the collection that contains all the content elements of this + * PropContainer. + * + * @return collection representing the contents of this PropContainer. + */ + public abstract Collection getContent(); + + /** + * Returns true if this PropContainer contains a content element + * that matches the given DavPropertyName. + * + * @param name + * @return true if any of the content elements (be it a DavProperty or a + * DavPropertyName only) matches the given name. + */ + public abstract boolean contains(DavPropertyName name); + + /** + * Returns the xml representation of a property related set with the + * following format: + * 
        +     * <!ELEMENT prop (ANY) >
+     * where ANY consists of a list of elements each reflecting the xml
+     * representation of the entries returned by {@link #getContent()}.
+     *
        + * + * @see XMLizable#toXml(Document) + */ + public Element toXml(Document document) { + Element prop = DomUtil.createElement(document, XML_PROP, NAMESPACE); + for (Object content : getContent()) { + if (content instanceof XMLizable) { + prop.appendChild(((XMLizable) content).toXml(document)); + } + } + return prop; + } + +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/Scope.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/Scope.java new file mode 100644 index 0000000..22db808 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/Scope.java @@ -0,0 +1,104 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.Namespace; +import org.xbib.io.webdav.api.XMLizable; +import java.util.HashMap; +import java.util.Map; + +/** + * The Scope class abstracts the lock scope as defined by RFC 2518. + */ +public class Scope implements XMLizable { + + private static final Map scopes = new HashMap(); + + public static final Scope EXCLUSIVE = Scope.create(DavConstants.XML_EXCLUSIVE, DavConstants.NAMESPACE); + public static final Scope SHARED = Scope.create(DavConstants.XML_SHARED, DavConstants.NAMESPACE); + + private final String localName; + private final Namespace namespace; + + /** + * Private constructor + * + * @param localName + * @param namespace + */ + private Scope(String localName, Namespace namespace) { + this.localName = localName; + this.namespace = namespace; + } + + /** + * Return the Xml representation of the lock scope object as present in + * the LOCK request and response body. + * + * @return Xml representation + * @see XMLizable#toXml(Document) + */ + public Element toXml(Document document) { + Element lockScope = DomUtil.createElement(document, DavConstants.XML_LOCKSCOPE, DavConstants.NAMESPACE); + DomUtil.addChildElement(lockScope, localName, namespace); + return lockScope; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + localName.hashCode(); + result = prime * result + namespace.hashCode(); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) { + return true; + } else if (obj instanceof Scope) { + Scope other = (Scope) obj; + return localName.equals(other.localName) && namespace.equals(other.namespace); + } else { + return false; + } + } + + /** + * Create a Scope object from the given Xml element. + * + * @param lockScope + * @return Scope object. + */ + public static Scope createFromXml(Element lockScope) { + if (lockScope != null && DavConstants.XML_LOCKSCOPE.equals(lockScope.getLocalName())) { + // we have the parent element and must retrieve the scope first + lockScope = DomUtil.getFirstChildElement(lockScope); + } + if (lockScope == null) { + throw new IllegalArgumentException("'null' is not a valid lock scope entry."); + } + Namespace namespace = Namespace.getNamespace(lockScope.getPrefix(), lockScope.getNamespaceURI()); + return create(lockScope.getLocalName(), namespace); + } + + /** + * Create a Scope object from the given name and namespace. + * + * @param localName + * @param namespace + * @return Scope object. + */ + public static Scope create(String localName, Namespace namespace) { + String key = DomUtil.getExpandedName(localName, namespace); + if (scopes.containsKey(key)) { + return scopes.get(key); + } else { + Scope scope = new Scope(localName, namespace); + scopes.put(key, scope); + return scope; + } + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/Status.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/Status.java new file mode 100644 index 0000000..233b553 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/Status.java @@ -0,0 +1,100 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.XMLizable; + +/** + * Status encapsulating the 'status' present in multi status + * responses. + */ +public class Status implements DavConstants, XMLizable { + + private final String version; + private final int code; + private final String phrase; + + public Status(int code) { + version = "HTTP/1.1"; + this.code = code; + phrase = DavException.getStatusPhrase(code); + } + + public Status(String version, int code, String phrase) { + this.version = version; + this.code = code; + this.phrase = phrase; + } + + public int getStatusCode() { + return code; + } + + public Element toXml(Document document) { + String statusLine = version + " " + code + " " + phrase; + Element e = DomUtil.createElement(document, XML_STATUS, NAMESPACE); + DomUtil.setText(e, statusLine); + return e; + } + + /** + * Parse the given status line and return a new Status object. + * + * @param statusLine + * @return a new Status + */ + public static Status parse(String statusLine) { + if (statusLine == null) { + throw new IllegalArgumentException("Unable to parse status line from null xml element."); + } + Status status; + + // code copied from org.apache.commons.httpclient.StatusLine + int length = statusLine.length(); + int at = 0; + int start = 0; + try { + while (Character.isWhitespace(statusLine.charAt(at))) { + ++at; + ++start; + } + if (!"HTTP".equals(statusLine.substring(at, at += 4))) { + //log.warn("Status-Line '" + statusLine + "' does not start with HTTP"); + } + //handle the HTTP-Version + at = statusLine.indexOf(' ', at); + if (at <= 0) { + // log.warn("Unable to parse HTTP-Version from the status line: '" + statusLine + "'"); + } + String version = (statusLine.substring(start, at)).toUpperCase(); + //advance through spaces + while (statusLine.charAt(at) == ' ') { + at++; + } + //handle the Status-Code + int code; + int to = statusLine.indexOf(' ', at); + if (to < 0) { + to = length; + } + try { + code = Integer.parseInt(statusLine.substring(at, to)); + } catch (NumberFormatException e) { + throw new IllegalArgumentException("Unable to parse status code from status line: '" + statusLine + "'"); + } + //handle the Reason-Phrase + String phrase = ""; + at = to + 1; + if (at < length) { + phrase = statusLine.substring(at).trim(); + } + + status = new Status(version, code, phrase); + + } catch (StringIndexOutOfBoundsException e) { + throw new IllegalArgumentException("Status-Line '" + statusLine + "' is not valid"); + } + return status; + } +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/SubscriptionDiscovery.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/SubscriptionDiscovery.java new file mode 100644 index 0000000..fd8bb8b --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/SubscriptionDiscovery.java @@ -0,0 +1,121 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.Namespace; +import org.xbib.io.webdav.api.Subscription; +import org.xbib.io.webdav.api.XMLizable; +import java.util.ArrayList; +import java.util.List; + +/** + * SubscriptionDiscovery encapsulates the 'subscriptiondiscovery' + * property of a webdav resource. + */ +public class SubscriptionDiscovery extends AbstractDavProperty { + + private static final Namespace DCR_NAMESPACE = Namespace.getNamespace("dcr", "http://www.day.com/jcr/webdav/1.0"); + + private static final DavPropertyName SUBSCRIPTIONDISCOVERY = DavPropertyName.create("subscriptiondiscovery", DCR_NAMESPACE); + + private final Subscription[] subscriptions; + + /** + * Create a new SubscriptionDiscovery that lists the given + * subscriptions. + * + * @param subscriptions + */ + public SubscriptionDiscovery(Subscription[] subscriptions) { + super(SUBSCRIPTIONDISCOVERY, true); + if (subscriptions != null) { + this.subscriptions = subscriptions; + } else { + this.subscriptions = new Subscription[0]; + } + } + + /** + * Create a new SubscriptionDiscovery that contains a single + * subscription entry. + * + * @param subscription + */ + public SubscriptionDiscovery(Subscription subscription) { + super(SUBSCRIPTIONDISCOVERY, true); + if (subscription != null) { + this.subscriptions = new Subscription[]{subscription}; + } else { + this.subscriptions = new Subscription[0]; + } + } + + /** + * Returns an array of {@link Subscription}s. + * + * @return an array of {@link Subscription}s + * @see DavProperty#getValue() + */ + public Subscription[] getValue() { + return subscriptions; + } + + /** + * Returns the Xml representation of the subscription discovery. + * + * @param document + * @return Xml representation + * @see XMLizable#toXml(Document) + */ + @Override + public Element toXml(Document document) { + Element elem = getName().toXml(document); + for (Subscription subscription : subscriptions) { + elem.appendChild(subscription.toXml(document)); + } + return elem; + } + + public static SubscriptionDiscovery createFromXml(Element sDiscoveryElement) { + if (!DomUtil.matches(sDiscoveryElement, SUBSCRIPTIONDISCOVERY.getName(), SUBSCRIPTIONDISCOVERY.getNamespace())) { + throw new IllegalArgumentException("'subscriptiondiscovery' element expected."); + } + + List subscriptions = new ArrayList(); + ElementIterator it = DomUtil.getChildren(sDiscoveryElement, "subscription", DCR_NAMESPACE); + while (it.hasNext()) { + final Element sb = it.nextElement(); + // anonymous inner class: Subscription interface + Subscription s = new Subscription() { + /** + * @see Subscription#getSubscriptionId() + */ + public String getSubscriptionId() { + Element ltEl = DomUtil.getChildElement(sb, "subscriptionid", DCR_NAMESPACE); + if (ltEl != null) { + return DomUtil.getChildText(sb, DavConstants.XML_HREF, DavConstants.NAMESPACE); + } + return null; + } + + public boolean eventsProvideNodeTypeInformation() { + String t = DomUtil.getChildText(sb, "eventswithnodetypes", DCR_NAMESPACE); + return Boolean.parseBoolean(t); + } + + public boolean eventsProvideNoLocalFlag() { + String t = DomUtil.getChildText(sb, "eventswithlocalflag", DCR_NAMESPACE); + return Boolean.parseBoolean(t); + } + + public Element toXml(Document document) { + return (Element) document.importNode(sb, true); + } + }; + subscriptions.add(s); + } + + return new SubscriptionDiscovery(subscriptions.toArray(new Subscription[subscriptions.size()])); + } +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/SubscriptionInfo.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/SubscriptionInfo.java new file mode 100644 index 0000000..1db0976 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/SubscriptionInfo.java @@ -0,0 +1,218 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.EventType; +import org.xbib.io.webdav.api.Namespace; +import org.xbib.io.webdav.api.XMLizable; +import java.util.ArrayList; +import java.util.List; + +/** + * SubscriptionInfo class encapsulates the subscription info + * that forms the request body of a SUBSCRIBE request.
        + * The following xml layout is defined for the subscription info: + * 
        + * <!ELEMENT subscriptioninfo ( eventtype, nolocal?, filter? ) >
+ * <!ELEMENT eventtype ANY >
+ *
+ * ANY defines any sequence of elements where at least one defines a valid
+ * eventtype. Note that a single eventtype must not occur multiple times.
+ *
+ * <!ELEMENT nolocal EMPTY >
+ * <!ELEMENT filter ANY >
+ *
+ * ANY: any sequence of elements identifying a filter for event listening but
+ * at least a single element.
+ *
        + */ +public class SubscriptionInfo implements XMLizable { + + private static final Namespace DCR_NAMESPACE = Namespace.getNamespace("dcr", "http://www.day.com/jcr/webdav/1.0"); + + private final EventType[] eventTypes; + private final Filter[] filters; + private final boolean noLocal; + private final boolean isDeep; + private final long timeout; + + /** + * Create a new SubscriptionInfo + * + * @param eventTypes + * @param isDeep + * @param timeout + */ + public SubscriptionInfo(EventType[] eventTypes, boolean isDeep, long timeout) { + this(eventTypes, null, false, isDeep, timeout); + } + + /** + * Create a new SubscriptionInfo + * + * @param eventTypes + * @param filters + * @param noLocal + * @param isDeep + * @param timeout + */ + public SubscriptionInfo(EventType[] eventTypes, Filter[] filters, boolean noLocal, boolean isDeep, long timeout) { + if (eventTypes == null || eventTypes.length == 0) { + throw new IllegalArgumentException("'subscriptioninfo' must at least indicate a single event type."); + } + + this.eventTypes = eventTypes; + this.noLocal = noLocal; + + if (filters != null) { + this.filters = filters; + } else { + this.filters = new Filter[0]; + } + + this.isDeep = isDeep; + this.timeout = timeout; + } + + /** + * Create a new SubscriptionInfo from the given Xml element + * and from additional information that is transported within the request + * header: + *
          + *
        • {@link TimeoutHeader timeout},
          • + *
        • {@link DepthHeader isDeep}
          • + *
        + * + * @param reqInfo Xml element present in the request body. + * @param timeout as defined in the {@link DavConstants#HEADER_TIMEOUT timeout header}. + * @param isDeep as defined in the {@link DavConstants#HEADER_DEPTH depth header}. + * @throws IllegalArgumentException if the reqInfo element does not contain the mandatory elements. + */ + public SubscriptionInfo(Element reqInfo, long timeout, boolean isDeep) throws DavException { + if (!DomUtil.matches(reqInfo, "subscriptioninfo", DCR_NAMESPACE)) { + //log.warn("Element with name 'subscriptioninfo' expected"); + throw new DavException(400); + } + Element el = DomUtil.getChildElement(reqInfo, "eventtype", DCR_NAMESPACE); + if (el != null) { + eventTypes = DefaultEventType.createFromXml(el); + if (eventTypes.length == 0) { + //log.warn("'subscriptioninfo' must at least indicate a single, valid event type."); + throw new DavException(400); + } + } else { + //log.warn("'subscriptioninfo' must contain an 'eventtype' child element."); + throw new DavException(400); + } + + List filters = new ArrayList(); + el = DomUtil.getChildElement(reqInfo, "filter", DCR_NAMESPACE); + if (el != null) { + ElementIterator it = DomUtil.getChildren(el); + while (it.hasNext()) { + Filter f = new Filter(it.nextElement()); + filters.add(f); + } + } + this.filters = filters.toArray(new Filter[filters.size()]); + + this.noLocal = DomUtil.hasChildElement(reqInfo, "nolocal", DCR_NAMESPACE); + this.isDeep = isDeep; + this.timeout = timeout; + } + + /** + * Return array of event type names present in the subscription info. + * + * @return array of String defining the names of the events this subscription + * should listen to. + */ + public EventType[] getEventTypes() { + return eventTypes; + } + + /** + * Return all filters defined for this SubscriptionInfo + * + * @return all filters or an empty Filter array. + */ + public Filter[] getFilters() { + return filters; + } + + /** + * Return array of filters with the specified name. + * + * @param localName the filter elements must provide. + * @param namespace + * @return array containing the text of the filter elements with the given + * name. + */ + public Filter[] getFilters(String localName, Namespace namespace) { + List l = new ArrayList(); + for (Filter filter : filters) { + if (filter.isMatchingFilter(localName, namespace)) { + l.add(filter); + } + } + return l.toArray(new Filter[l.size()]); + } + + /** + * Returns true if the nolocal element is present in this + * subscription info. + * + * @return nolocal element is present. + */ + public boolean isNoLocal() { + return noLocal; + } + + /** + * Returns true if the {@link DavConstants#HEADER_DEPTH + * depths header} defined a depth other than '0'. + * + * @return true if this subscription info was created with isDeep + * true. + */ + public boolean isDeep() { + return isDeep; + } + + /** + * Return the timeout as retrieved from the request. + * + * @return timeout. + */ + public long getTimeOut() { + return timeout; + } + + /** + * Xml representation of this SubscriptionInfo. + * + * @param document + * @return Xml representation + * @see XMLizable#toXml(Document) + */ + public Element toXml(Document document) { + Element subscrInfo = DomUtil.createElement(document, "subscriptioninfo", DCR_NAMESPACE); + Element eventType = DomUtil.addChildElement(subscrInfo, "eventtype", DCR_NAMESPACE); + for (EventType et : eventTypes) { + eventType.appendChild(et.toXml(document)); + } + + if (filters.length > 0) { + Element filter = DomUtil.addChildElement(subscrInfo, "filter", DCR_NAMESPACE); + for (Filter f : filters) { + filter.appendChild(f.toXml(document)); + } + } + + if (noLocal) { + DomUtil.addChildElement(subscrInfo, "nolocal", DCR_NAMESPACE); + } + return subscrInfo; + } +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/SupportedMethodSetProperty.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/SupportedMethodSetProperty.java new file mode 100644 index 0000000..1bdc7ec --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/SupportedMethodSetProperty.java @@ -0,0 +1,38 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; + +/** + * The SupportedMethodSetProperty + */ +public class SupportedMethodSetProperty extends AbstractDavProperty { + + private final String[] methods; + + /** + * Create a new SupportedMethodSetProperty property. + * + * @param methods that are supported by the resource having this property. + */ + public SupportedMethodSetProperty(String[] methods) { + super(DavPropertyName.create("supported-method-set", DavConstants.NAMESPACE), true); + this.methods = methods; + } + + public String[] getValue() { + return methods; + } + + @Override + public Element toXml(Document document) { + Element elem = getName().toXml(document); + for (String method : methods) { + Element methodElem = DomUtil.addChildElement(elem, "supported-method", DavConstants.NAMESPACE); + DomUtil.setAttribute(methodElem, "name", DavConstants.NAMESPACE, method); + } + return elem; + } + +} diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/TimeoutHeader.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/TimeoutHeader.java new file mode 100644 index 0000000..464e3dc --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/TimeoutHeader.java @@ -0,0 +1,79 @@ +package org.xbib.io.webdav.common; + +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.Header; + +public class TimeoutHeader implements Header, DavConstants { + + private final long timeout; + + public TimeoutHeader(long timeout) { + this.timeout = timeout; + } + + public String getHeaderName() { + return DavConstants.HEADER_TIMEOUT; + } + + public String getHeaderValue() { + if (timeout == INFINITE_TIMEOUT) { + return TIMEOUT_INFINITE; + } else { + return "Second-" + (timeout / 1000); + } + } + + public long getTimeout() { + return timeout; + } + + /** + * Parses the request timeout header and converts it into a new + * TimeoutHeader object.
        The default value is used as + * fallback if the String is not parseable. + * + * @param defaultValue + * @return a new TimeoutHeader object. + */ + public static TimeoutHeader parse(/*HttpServletRequest request*/String timeoutStr, long defaultValue) { + //String timeoutStr = request.getHeader(HEADER_TIMEOUT); + long timeout = parseString(timeoutStr, defaultValue); + return new TimeoutHeader(timeout); + } + + /** + * Parses the given timeout String and converts the timeout value + * into a long indicating the number of milliseconds until expiration time + * is reached.
        + * NOTE: If the timeout String equals to {@link #TIMEOUT_INFINITE 'infinite'} + * {@link Integer#MAX_VALUE} is returned. If the Sting is invalid or is in an + * invalid format that cannot be parsed, the default value is returned. + * + * @param timeoutStr + * @param defaultValue + * @return long representing the timeout present in the header or the default + * value if the header is missing or could not be parsed. + */ + public static long parseString(String timeoutStr, long defaultValue) { + long timeout = defaultValue; + if (timeoutStr != null && timeoutStr.length() > 0) { + int secondsInd = timeoutStr.indexOf("Second-"); + if (secondsInd >= 0) { + secondsInd += 7; // read over "Second-" + int i = secondsInd; + while (i < timeoutStr.length() && Character.isDigit(timeoutStr.charAt(i))) { + i++; + } + try { + timeout = 1000L * Long.parseLong(timeoutStr.substring(secondsInd, i)); + } catch (NumberFormatException ignore) { + // ignore and return 'undefined' timeout + //log.error("Invalid timeout format: " + timeoutStr); + } + } else if (timeoutStr.equalsIgnoreCase(TIMEOUT_INFINITE)) { + timeout = INFINITE_TIMEOUT; + } + } + return timeout; + } +} \ No newline at end of file diff --git a/files-webdav/src/main/java/org/xbib/io/webdav/common/Type.java b/files-webdav/src/main/java/org/xbib/io/webdav/common/Type.java new file mode 100644 index 0000000..0e7aba1 --- /dev/null +++ b/files-webdav/src/main/java/org/xbib/io/webdav/common/Type.java @@ -0,0 +1,105 @@ +package org.xbib.io.webdav.common; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xbib.io.webdav.api.DavConstants; +import org.xbib.io.webdav.api.Namespace; +import org.xbib.io.webdav.api.XMLizable; +import java.util.HashMap; +import java.util.Map; + +/** + * The Type class encapsulates the lock type as defined by RFC 2518. + */ +public class Type implements XMLizable { + + private static final Map types = new HashMap<>(); + + public static final Type WRITE = Type.create(DavConstants.XML_WRITE, DavConstants.NAMESPACE); + + private final String localName; + private final Namespace namespace; + + private int hashCode = -1; + + /** + * Private constructor. + * + * @param name + * @param namespace + */ + private Type(String name, Namespace namespace) { + this.localName = name; + this.namespace = namespace; + } + + /** + * Returns the Xml representation of this lock Type. + * + * @return Xml representation + * @see XMLizable#toXml(Document) + */ + public Element toXml(Document document) { + Element lockType = DomUtil.createElement(document, DavConstants.XML_LOCKTYPE, DavConstants.NAMESPACE); + DomUtil.addChildElement(lockType, localName, namespace); + return lockType; + } + + @Override + public int hashCode() { + if (hashCode == -1) { + StringBuilder b = new StringBuilder(); + b.append("LockType : {").append(namespace).append("}").append(localName); + hashCode = b.toString().hashCode(); + } + return hashCode; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) { + return true; + } + if (obj instanceof Type) { + Type other = (Type) obj; + return localName.equals(other.localName) && namespace.equals(other.namespace); + } + return false; + } + + /** + * Create a Type object from the given Xml element. + * + * @param lockType + * @return Type object. + */ + public static Type createFromXml(Element lockType) { + if (lockType != null && DavConstants.XML_LOCKTYPE.equals(lockType.getLocalName())) { + // we have the parent element and must retrieve the type first + lockType = DomUtil.getFirstChildElement(lockType); + } + if (lockType == null) { + throw new IllegalArgumentException("'null' is not valid lock type entry."); + } + Namespace namespace = Namespace.getNamespace(lockType.getPrefix(), lockType.getNamespaceURI()); + return create(lockType.getLocalName(), namespace); + } + + /** + * Create a Type object from the given localName and namespace. + * + * @param localName + * @param namespace + * @return Type object. + */ + public static Type create(String localName, Namespace namespace) { + String key = DomUtil.getExpandedName(localName, namespace); + if (types.containsKey(key)) { + return types.get(key); + } else { + Type type = new Type(localName, namespace); + types.put(key, type); + return type; + } + } +} diff --git a/gradle.properties b/gradle.properties new file mode 100644 index 0000000..92e04c8 --- /dev/null +++ b/gradle.properties @@ -0,0 +1,12 @@ +group = org.xbib +name = files +version = 3.0.0 + +org.gradle.warning.mode = ALL +gradle.wrapper.version = 7.3 +bouncycastle.version = 1.69 +log4j.version = 2.14.1 +mockftpserver.version = 2.7.1 +junit.version = 5.8.0 +junit4.version = 4.13.2 +mockito.version = 3.7.7 diff --git a/gradle/compile/groovy.gradle b/gradle/compile/groovy.gradle new file mode 100644 index 0000000..1abf883 --- /dev/null +++ b/gradle/compile/groovy.gradle @@ -0,0 +1,34 @@ +apply plugin: 'groovy' + +dependencies { + implementation "org.codehaus.groovy:groovy:${project.property('groovy.version')}:indy" +} + +compileGroovy { + sourceCompatibility = JavaVersion.VERSION_11 + targetCompatibility = JavaVersion.VERSION_11 +} + +compileTestGroovy { + sourceCompatibility = JavaVersion.VERSION_11 + targetCompatibility = JavaVersion.VERSION_11 +} + +tasks.withType(GroovyCompile) { + options.compilerArgs + if (!options.compilerArgs.contains("-processor")) { + options.compilerArgs << '-proc:none' + } + groovyOptions.optimizationOptions.indy = true +} + +task groovydocJar(type: Jar, dependsOn: 'groovydoc') { + from groovydoc.destinationDir + archiveClassifier.set('javadoc') +} + +configurations.all { + resolutionStrategy { + force "org.codehaus.groovy:groovy:${project.property('groovy.version')}:indy" + } +} diff --git a/gradle/compile/java.gradle b/gradle/compile/java.gradle new file mode 100644 index 0000000..ec9f2e2 --- /dev/null +++ b/gradle/compile/java.gradle @@ -0,0 +1,46 @@ + +apply plugin: 'java-library' + +java { + modularity.inferModulePath.set(true) +} + +compileJava { + sourceCompatibility = JavaVersion.VERSION_11 + targetCompatibility = JavaVersion.VERSION_11 +} + +compileTestJava { + sourceCompatibility = JavaVersion.VERSION_11 + targetCompatibility = JavaVersion.VERSION_11 +} + +jar { + manifest { + attributes('Implementation-Title': project.name) + attributes('Implementation-Version': project.version) + attributes('Implementation-Vendor': 'Jörg Prante') + } +} + +task sourcesJar(type: Jar, dependsOn: classes) { + classifier 'sources' + from sourceSets.main.allSource +} + +task javadocJar(type: Jar, dependsOn: javadoc) { + classifier 'javadoc' + from javadoc.destinationDir +} + +artifacts { + archives sourcesJar, javadocJar +} + +tasks.withType(JavaCompile) { + options.compilerArgs << '-Xlint:all' +} + +javadoc { + options.addStringOption('Xdoclint:none', '-quiet') +} diff --git a/gradle/documentation/asciidoc.gradle b/gradle/documentation/asciidoc.gradle new file mode 100644 index 0000000..87ba22e --- /dev/null +++ b/gradle/documentation/asciidoc.gradle @@ -0,0 +1,55 @@ +apply plugin: 'org.xbib.gradle.plugin.asciidoctor' + +configurations { + asciidoclet +} + +dependencies { + asciidoclet "org.asciidoctor:asciidoclet:${project.property('asciidoclet.version')}" +} + + +asciidoctor { + backends 'html5' + outputDir = file("${rootProject.projectDir}/docs") + separateOutputDirs = false + attributes 'source-highlighter': 'coderay', + idprefix: '', + idseparator: '-', + toc: 'left', + doctype: 'book', + icons: 'font', + encoding: 'utf-8', + sectlink: true, + sectanchors: true, + linkattrs: true, + imagesdir: 'img', + stylesheet: "${projectDir}/src/docs/asciidoc/css/foundation.css" +} + + +/*javadoc { +options.docletpath = configurations.asciidoclet.files.asType(List) +options.doclet = 'org.asciidoctor.Asciidoclet' +//options.overview = "src/docs/asciidoclet/overview.adoc" +options.addStringOption "-base-dir", "${projectDir}" +options.addStringOption "-attribute", + "name=${project.name},version=${project.version},title-link=https://github.com/xbib/${project.name}" +configure(options) { + noTimestamp = true +} +}*/ + + +/*javadoc { + options.docletpath = configurations.asciidoclet.files.asType(List) + options.doclet = 'org.asciidoctor.Asciidoclet' + options.overview = "${rootProject.projectDir}/src/docs/asciidoclet/overview.adoc" + options.addStringOption "-base-dir", "${projectDir}" + options.addStringOption "-attribute", + "name=${project.name},version=${project.version},title-link=https://github.com/xbib/${project.name}" + options.destinationDirectory(file("${projectDir}/docs/javadoc")) + configure(options) { + noTimestamp = true + } +}*/ diff --git a/gradle/ide/idea.gradle b/gradle/ide/idea.gradle new file mode 100644 index 0000000..64e2167 --- /dev/null +++ b/gradle/ide/idea.gradle @@ -0,0 +1,13 @@ +apply plugin: 'idea' + +idea { + module { + outputDir file('build/classes/java/main') + testOutputDir file('build/classes/java/test') + } +} + +if (project.convention.findPlugin(JavaPluginConvention)) { + //sourceSets.main.output.classesDirs = file("build/classes/java/main") + //sourceSets.test.output.classesDirs = file("build/classes/java/test") +} diff --git a/gradle/publishing/publication.gradle b/gradle/publishing/publication.gradle new file mode 100644 index 0000000..a0f826e --- /dev/null +++ b/gradle/publishing/publication.gradle @@ -0,0 +1,66 @@ +import java.time.Duration + +apply plugin: "de.marcphilipp.nexus-publish" + +publishing { + publications { + mavenJava(MavenPublication) { + from components.java + artifact sourcesJar + artifact javadocJar + pom { + name = project.name + description = rootProject.ext.description + url = rootProject.ext.url + inceptionYear = rootProject.ext.inceptionYear + packaging = 'jar' + organization { + name = 'xbib' + url = 'https://xbib.org' + } + developers { + developer { + id = 'jprante' + name = 'Jörg Prante' + email = 'joergprante@gmail.com' + url = 'https://github.com/jprante' + } + } + scm { + url = rootProject.ext.scmUrl + connection = rootProject.ext.scmConnection + developerConnection = rootProject.ext.scmDeveloperConnection + } + issueManagement { + system = rootProject.ext.issueManagementSystem + url = rootProject.ext.issueManagementUrl + } + licenses { + license { + name = rootProject.ext.licenseName + url = rootProject.ext.licenseUrl + distribution = 'repo' + } + } + } + } + } +} + +if (project.hasProperty("signing.keyId")) { + apply plugin: 'signing' + signing { + sign publishing.publications.mavenJava + } +} + +nexusPublishing { + repositories { + sonatype { + username = project.property('ossrhUsername') + password = project.property('ossrhPassword') + packageGroup = "org.xbib" + } + } + clientTimeout = Duration.ofSeconds(600) +} diff --git a/gradle/publishing/sonatype.gradle b/gradle/publishing/sonatype.gradle new file mode 100644 index 0000000..e85081d --- /dev/null +++ b/gradle/publishing/sonatype.gradle @@ -0,0 +1,12 @@ +import java.time.Duration + +if (project.hasProperty('ossrhUsername') && project.hasProperty('ossrhPassword')) { + + apply plugin: 'io.codearte.nexus-staging' + + nexusStaging { + username = project.property('ossrhUsername') + password = project.property('ossrhPassword') + packageGroup = "org.xbib" + } +} diff --git a/gradle/test/junit5.gradle b/gradle/test/junit5.gradle new file mode 100644 index 0000000..391ca02 --- /dev/null +++ b/gradle/test/junit5.gradle @@ -0,0 +1,28 @@ + +def junitVersion = project.hasProperty('junit.version')?project.property('junit.version'):'5.6.2' +def hamcrestVersion = project.hasProperty('hamcrest.version')?project.property('hamcrest.version'):'2.2' + +dependencies { + testImplementation "org.junit.jupiter:junit-jupiter-api:${junitVersion}" + testImplementation "org.junit.jupiter:junit-jupiter-params:${junitVersion}" + testImplementation "org.hamcrest:hamcrest-library:${hamcrestVersion}" + testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:${junitVersion}" +} + +test { + useJUnitPlatform() + systemProperty 'java.util.logging.config.file', 'src/test/resources/logging.properties' + failFast = false + testLogging { + events 'STARTED', 'PASSED', 'FAILED', 'SKIPPED' + } + afterSuite { desc, result -> + if (!desc.parent) { + println "\nTest result: ${result.resultType}" + println "Test summary: ${result.testCount} tests, " + + "${result.successfulTestCount} succeeded, " + + "${result.failedTestCount} failed, " + + "${result.skippedTestCount} skipped" + } + } +} diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar new file mode 100644 index 0000000..7454180 Binary files /dev/null and b/gradle/wrapper/gradle-wrapper.jar differ diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties new file mode 100644 index 0000000..fbce071 --- /dev/null +++ b/gradle/wrapper/gradle-wrapper.properties @@ -0,0 +1,5 @@ +distributionBase=GRADLE_USER_HOME +distributionPath=wrapper/dists +distributionUrl=https\://services.gradle.org/distributions/gradle-7.3-all.zip +zipStoreBase=GRADLE_USER_HOME +zipStorePath=wrapper/dists diff --git a/gradlew b/gradlew new file mode 100755 index 0000000..1b6c787 --- /dev/null +++ b/gradlew @@ -0,0 +1,234 @@ +#!/bin/sh + +# +# Copyright © 2015-2021 the original authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +############################################################################## +# +# Gradle start up script for POSIX generated by Gradle. +# +# Important for running: +# +# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is +# noncompliant, but you have some other compliant shell such as ksh or +# bash, then to run this script, type that shell name before the whole +# command line, like: +# +# ksh Gradle +# +# Busybox and similar reduced shells will NOT work, because this script +# requires all of these POSIX shell features: +# * functions; +# * expansions «$var», «${var}», «${var:-default}», «${var+SET}», +# «${var#prefix}», «${var%suffix}», and «$( cmd )»; +# * compound commands having a testable exit status, especially «case»; +# * various built-in commands including «command», «set», and «ulimit». +# +# Important for patching: +# +# (2) This script targets any POSIX shell, so it avoids extensions provided +# by Bash, Ksh, etc; in particular arrays are avoided. +# +# The "traditional" practice of packing multiple parameters into a +# space-separated string is a well documented source of bugs and security +# problems, so this is (mostly) avoided, by progressively accumulating +# options in "$@", and eventually passing that to Java. +# +# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS, +# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly; +# see the in-line comments for details. +# +# There are tweaks for specific operating systems such as AIX, CygWin, +# Darwin, MinGW, and NonStop. +# +# (3) This script is generated from the Groovy template +# https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# within the Gradle project. +# +# You can find Gradle at https://github.com/gradle/gradle/. +# +############################################################################## + +# Attempt to set APP_HOME + +# Resolve links: $0 may be a link +app_path=$0 + +# Need this for daisy-chained symlinks. +while + APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path + [ -h "$app_path" ] +do + ls=$( ls -ld "$app_path" ) + link=${ls#*' -> '} + case $link in #( + /*) app_path=$link ;; #( + *) app_path=$APP_HOME$link ;; + esac +done + +APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit + +APP_NAME="Gradle" +APP_BASE_NAME=${0##*/} + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD=maximum + +warn () { + echo "$*" +} >&2 + +die () { + echo + echo "$*" + echo + exit 1 +} >&2 + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +nonstop=false +case "$( uname )" in #( + CYGWIN* ) cygwin=true ;; #( + Darwin* ) darwin=true ;; #( + MSYS* | MINGW* ) msys=true ;; #( + NONSTOP* ) nonstop=true ;; +esac + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD=$JAVA_HOME/jre/sh/java + else + JAVACMD=$JAVA_HOME/bin/java + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD=java + which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." +fi + +# Increase the maximum file descriptors if we can. +if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then + case $MAX_FD in #( + max*) + MAX_FD=$( ulimit -H -n ) || + warn "Could not query maximum file descriptor limit" + esac + case $MAX_FD in #( + '' | soft) :;; #( + *) + ulimit -n "$MAX_FD" || + warn "Could not set maximum file descriptor limit to $MAX_FD" + esac +fi + +# Collect all arguments for the java command, stacking in reverse order: +# * args from the command line +# * the main class name +# * -classpath +# * -D...appname settings +# * --module-path (only if needed) +# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables. + +# For Cygwin or MSYS, switch paths to Windows format before running java +if "$cygwin" || "$msys" ; then + APP_HOME=$( cygpath --path --mixed "$APP_HOME" ) + CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" ) + + JAVACMD=$( cygpath --unix "$JAVACMD" ) + + # Now convert the arguments - kludge to limit ourselves to /bin/sh + for arg do + if + case $arg in #( + -*) false ;; # don't mess with options #( + /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath + [ -e "$t" ] ;; #( + *) false ;; + esac + then + arg=$( cygpath --path --ignore --mixed "$arg" ) + fi + # Roll the args list around exactly as many times as the number of + # args, so each arg winds up back in the position where it started, but + # possibly modified. + # + # NB: a `for` loop captures its iteration list before it begins, so + # changing the positional parameters here affects neither the number of + # iterations, nor the values presented in `arg`. + shift # remove old arg + set -- "$@" "$arg" # push replacement arg + done +fi + +# Collect all arguments for the java command; +# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of +# shell script including quotes and variable substitutions, so put them in +# double quotes to make sure that they get re-expanded; and +# * put everything else in single quotes, so that it's not re-expanded. + +set -- \ + "-Dorg.gradle.appname=$APP_BASE_NAME" \ + -classpath "$CLASSPATH" \ + org.gradle.wrapper.GradleWrapperMain \ + "$@" + +# Use "xargs" to parse quoted args. +# +# With -n1 it outputs one arg per line, with the quotes and backslashes removed. +# +# In Bash we could simply go: +# +# readarray ARGS < <( xargs -n1 <<<"$var" ) && +# set -- "${ARGS[@]}" "$@" +# +# but POSIX shell has neither arrays nor command substitution, so instead we +# post-process each arg (as a line of input to sed) to backslash-escape any +# character that might be a shell metacharacter, then use eval to reverse +# that process (while maintaining the separation between arguments), and wrap +# the whole thing up as a single "set" statement. +# +# This will of course break if any of these variables contains a newline or +# an unmatched quote. +# + +eval "set -- $( + printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" | + xargs -n1 | + sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' | + tr '\n' ' ' + )" '"$@"' + +exec "$JAVACMD" "$@" diff --git a/gradlew.bat b/gradlew.bat new file mode 100644 index 0000000..107acd3 --- /dev/null +++ b/gradlew.bat @@ -0,0 +1,89 @@ +@rem +@rem Copyright 2015 the original author or authors. +@rem +@rem Licensed under the Apache License, Version 2.0 (the "License"); +@rem you may not use this file except in compliance with the License. +@rem You may obtain a copy of the License at +@rem +@rem https://www.apache.org/licenses/LICENSE-2.0 +@rem +@rem Unless required by applicable law or agreed to in writing, software +@rem distributed under the License is distributed on an "AS IS" BASIS, +@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +@rem See the License for the specific language governing permissions and +@rem limitations under the License. +@rem + +@if "%DEBUG%" == "" @echo off +@rem ########################################################################## +@rem +@rem Gradle startup script for Windows +@rem +@rem ########################################################################## + +@rem Set local scope for the variables with windows NT shell +if "%OS%"=="Windows_NT" setlocal + +set DIRNAME=%~dp0 +if "%DIRNAME%" == "" set DIRNAME=. +set APP_BASE_NAME=%~n0 +set APP_HOME=%DIRNAME% + +@rem Resolve any "." and ".." in APP_HOME to make it shorter. +for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi + +@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" + +@rem Find java.exe +if defined JAVA_HOME goto findJavaFromJavaHome + +set JAVA_EXE=java.exe +%JAVA_EXE% -version >NUL 2>&1 +if "%ERRORLEVEL%" == "0" goto execute + +echo. +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:findJavaFromJavaHome +set JAVA_HOME=%JAVA_HOME:"=% +set JAVA_EXE=%JAVA_HOME%/bin/java.exe + +if exist "%JAVA_EXE%" goto execute + +echo. +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:execute +@rem Setup the command line + +set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + + +@rem Execute Gradle +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* + +:end +@rem End local scope for the variables with windows NT shell +if "%ERRORLEVEL%"=="0" goto mainEnd + +:fail +rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of +rem the _cmd.exe /c_ return code! +if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 +exit /b 1 + +:mainEnd +if "%OS%"=="Windows_NT" endlocal + +:omega diff --git a/settings.gradle b/settings.gradle new file mode 100644 index 0000000..03e1221 --- /dev/null +++ b/settings.gradle @@ -0,0 +1,8 @@ +include 'files-eddsa' +include 'files-zlib' +include 'files-ftp' +include 'files-ftp-fs' +include 'files-sftp' +include 'files-sftp-fs' +include 'files-webdav' +include 'files-webdav-fs'