package com.alfaariss.oa.authentication.remote.saml2.profile.re;

import com.alfaariss.oa.OAException;
import com.alfaariss.oa.RequestorEvent;
import com.alfaariss.oa.api.configuration.IConfigurationManager;
import com.alfaariss.oa.api.session.ISession;
import com.alfaariss.oa.api.session.SessionState;
import com.alfaariss.oa.api.user.IUser;
import com.alfaariss.oa.authentication.remote.saml2.SAML2AuthNConstants;
import com.alfaariss.oa.authentication.remote.saml2.profile.re.metadata.SPSSODescriptorBuilder;
import com.alfaariss.oa.engine.core.Engine;
import com.alfaariss.oa.engine.core.crypto.CryptoManager;
import com.alfaariss.oa.engine.core.idp.IDPStorageManager;
import com.alfaariss.oa.util.logging.RequestorEventLogItem;
import com.alfaariss.oa.util.saml2.SAML2Exchange;
import com.alfaariss.oa.util.saml2.SAML2IssueInstantWindow;
import com.alfaariss.oa.util.saml2.SAML2Requestors;
import com.alfaariss.oa.util.saml2.SAML2SecurityException;
import com.alfaariss.oa.util.saml2.binding.AbstractDecodingFactory;
import com.alfaariss.oa.util.saml2.binding.BindingProperties;
import com.alfaariss.oa.util.saml2.idp.SAML2IDP;
import com.alfaariss.oa.util.saml2.profile.AbstractSAML2Profile;
import com.alfaariss.oa.util.validation.SessionValidator;
import java.io.IOException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.servlet.RequestDispatcher;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.SignableSAMLObject;
import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
import org.opensaml.saml2.binding.artifact.SAML2ArtifactType0004;
import org.opensaml.saml2.binding.artifact.SAML2ArtifactType0004Builder;
import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.saml2.metadata.ArtifactResolutionService;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.util.Base64;
import org.w3c.dom.Element;

/* loaded from: input_file:com/alfaariss/oa/authentication/remote/saml2/profile/re/ResponseEndpoint.class */
public class ResponseEndpoint extends AbstractSAML2Profile {
    private static final String REDIRECTER = "redirect";
    private static final String DEFAULT_UR_REQUESTOR_ID = "saml_ur";
    private static final String SSO_LOGOUT_URI = "logout";
    private IDPStorageManager _idpStorageManager;
    private boolean _bAuthNRequestSigned;
    private boolean _bWantAssertionsSigned;
    private Log _logger = LogFactory.getLog(ResponseEndpoint.class);
    private SPSSODescriptor _spSsoDescriptor = null;
    private BindingProperties _bindingProperties = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.alfaariss.oa.authentication.remote.saml2.profile.re.ResponseEndpoint$1, reason: invalid class name */
    /* loaded from: input_file:com/alfaariss/oa/authentication/remote/saml2/profile/re/ResponseEndpoint$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$alfaariss$oa$api$session$SessionState = new int[SessionState.values().length];

        static {
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.SESSION_CREATED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.USER_LOGOUT_IN_PROGRESS.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public void init(IConfigurationManager iConfigurationManager, Element element, EntityDescriptor entityDescriptor, String str, String str2, SAML2Requestors sAML2Requestors, SAML2IssueInstantWindow sAML2IssueInstantWindow, String str3) throws OAException {
        super.init(iConfigurationManager, element, entityDescriptor, str, str2, sAML2Requestors, sAML2IssueInstantWindow, str3);
        Element section = iConfigurationManager.getSection(element, "bindings");
        if (section == null) {
            this._logger.error("No 'bindings' section found in 'profile' section in configuration");
            throw new OAException(17);
        }
        this._bindingProperties = new BindingProperties(iConfigurationManager, section);
        this._bAuthNRequestSigned = true;
        this._bWantAssertionsSigned = true;
        Element section2 = iConfigurationManager.getSection(element, "signing");
        if (section2 == null) {
            this._logger.debug("No 'signing' section found, using signing defaults");
        } else {
            String param = iConfigurationManager.getParam(section2, "authnRequestsSigned");
            if (param == null) {
                this._logger.debug("No 'authnRequestsSigned' option in 'signing' section found, using signing default");
            } else if (Boolean.FALSE.toString().equalsIgnoreCase(param)) {
                this._bAuthNRequestSigned = false;
            } else if (!Boolean.TRUE.toString().equalsIgnoreCase(param)) {
                this._logger.error("'authnRequestsSigned' option in 'signing' section found, but with illegal value.");
                throw new OAException(17);
            }
            String param2 = iConfigurationManager.getParam(section2, "wantAssertionsSigned");
            if (param2 == null) {
                this._logger.debug("No 'wantAssertionsSigned' option in 'signing' section found, using signing default");
            } else if (Boolean.FALSE.toString().equalsIgnoreCase(param2)) {
                this._bWantAssertionsSigned = false;
            } else if (!Boolean.TRUE.toString().equalsIgnoreCase(param2)) {
                this._logger.error("'wantAssertionsSigned' option in 'signing' section found, but with illegal value.");
                throw new OAException(17);
            }
            StringBuffer stringBuffer = new StringBuffer("SPSSO role using signing parameters: 'authnRequestsSigned' = ");
            stringBuffer.append(this._bAuthNRequestSigned);
            stringBuffer.append(", 'wantAssertionsSigned' = ");
            stringBuffer.append(this._bWantAssertionsSigned);
            this._logger.info(stringBuffer.toString());
        }
        updateEntityDescriptor(iConfigurationManager, element, Engine.getInstance().getCryptoManager(), entityDescriptor, this._sProfileURL, this._bindingProperties);
        SAML2Exchange.setEntityDescriptor(str3, entityDescriptor);
        SAML2Exchange.setSPSSOBindingProperties(str3, this._bindingProperties);
        this._idpStorageManager = Engine.getInstance().getIDPStorageManager();
    }

    public void process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OAException {
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        if (stringBuffer.endsWith("/")) {
            stringBuffer = stringBuffer.substring(0, stringBuffer.length() - 1);
        }
        this._logger.debug("Servicing response: " + stringBuffer);
        try {
            if (stringBuffer.endsWith(REDIRECTER)) {
                processRedirect(httpServletRequest, httpServletResponse);
            } else {
                AbstractDecodingFactory resolveInstance = AbstractDecodingFactory.resolveInstance(httpServletRequest, httpServletResponse, this._bindingProperties);
                if (resolveInstance == null) {
                    this._logger.error("No decode factory available for request");
                    throw new OAException(1);
                }
                SAMLMessageDecoder decoder = resolveInstance.getDecoder();
                String bindingURI = decoder.getBindingURI();
                if (!this._bindingProperties.isSupported(bindingURI)) {
                    this._logger.error("The binding is not supported by this protocol: " + bindingURI);
                    throw new OAException(1);
                }
                SAMLMessageContext<SignableSAMLObject, SignableSAMLObject, SAMLObject> context = resolveInstance.getContext();
                String parameter = httpServletRequest.getParameter("SAMLart");
                if (parameter != null) {
                    SAML2ArtifactType0004 buildArtifact = new SAML2ArtifactType0004Builder().buildArtifact(Base64.decode(parameter));
                    SAML2IDP idp = this._idpStorageManager.getIDP(buildArtifact.getSourceID(), "sourceid");
                    if (idp == null || !(idp instanceof SAML2IDP)) {
                        StringBuffer stringBuffer2 = new StringBuffer("Unknown organization specified with with SourceID '");
                        stringBuffer2.append(Arrays.toString(buildArtifact.getSourceID()));
                        stringBuffer2.append("' in artifact: ");
                        stringBuffer2.append(parameter);
                        this._logger.debug(stringBuffer2.toString());
                        throw new MessageDecodingException("Could not find metadata for decoding artifact");
                    }
                    SAML2IDP saml2idp = idp;
                    context.setMetadataProvider(saml2idp.getMetadataProvider());
                    context.setInboundMessageIssuer(saml2idp.getID());
                    context.setOutboundMessageIssuer(this._sEntityID);
                }
                decoder.decode(context);
                processResponse(httpServletRequest, httpServletResponse, context);
            }
        } catch (OAException e) {
            throw e;
        } catch (MessageDecodingException e2) {
            this._logger.debug("Could not decode XML in SAML request message", e2);
            try {
                if (!httpServletResponse.isCommitted()) {
                    httpServletResponse.sendError(400);
                }
            } catch (IOException e3) {
                this._logger.warn("Could not send response", e3);
            }
        } catch (SecurityException e4) {
            this._logger.debug("the decoded message does not meet the required security constraints", e4);
            try {
                if (!httpServletResponse.isCommitted()) {
                    httpServletResponse.sendError(403);
                }
            } catch (IOException e5) {
                this._logger.warn("Could not send response", e5);
            }
        } catch (Exception e6) {
            this._logger.fatal("Could not process SAML request message", e6);
            throw new OAException(1);
        }
    }

    private void processResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SAMLMessageContext<SignableSAMLObject, SignableSAMLObject, SAMLObject> sAMLMessageContext) throws OAException {
        ISession createSession;
        String str;
        try {
            String inboundMessageIssuer = sAMLMessageContext.getInboundMessageIssuer();
            if (inboundMessageIssuer != null) {
                this._logger.debug("issuer: " + inboundMessageIssuer);
            }
            if (this._idpStorageManager.getIDP(inboundMessageIssuer) == null) {
                this._logger.debug("Processing of SAML2 message failed because issuer is not known: " + inboundMessageIssuer);
                throw new SAML2SecurityException(RequestorEvent.REQUEST_INVALID);
            }
            StatusResponseType statusResponseType = (SignableSAMLObject) sAMLMessageContext.getInboundSAMLMessage();
            if (statusResponseType == null) {
                this._logger.debug("No SAML message object in request from issuer: " + inboundMessageIssuer);
                throw new SAML2SecurityException(RequestorEvent.REQUEST_INVALID);
            }
            if (this._logger.isDebugEnabled()) {
                logXML(statusResponseType);
            }
            String str2 = null;
            String str3 = null;
            if (!(statusResponseType instanceof StatusResponseType)) {
                this._logger.debug("Incoming SAML object is not a valid SAML response");
                throw new SAML2SecurityException(RequestorEvent.REQUEST_INVALID);
            }
            String inResponseTo = statusResponseType.getInResponseTo();
            if (inResponseTo != null) {
                if (inResponseTo.length() <= 33) {
                    StringBuffer stringBuffer = new StringBuffer("Invalid InResponseTo ID supplied (");
                    stringBuffer.append(inResponseTo);
                    stringBuffer.append(") is must have a length that is at least bigger then: ");
                    stringBuffer.append(33);
                    this._logger.warn(stringBuffer.toString());
                    throw new SAML2SecurityException(RequestorEvent.REQUEST_INVALID);
                }
                str3 = inResponseTo.substring(0, 33);
                str2 = inResponseTo.substring(33);
            }
            if (str2 == null) {
                createSession = this._sessionFactory.createSession(DEFAULT_UR_REQUESTOR_ID);
                String relayState = sAMLMessageContext.getRelayState();
                if (relayState == null) {
                    str = httpServletRequest.getParameter("TARGET");
                    if (str == null) {
                        this._logger.debug("No session ID and no target found in SAML response");
                        throw new SAML2SecurityException(RequestorEvent.REQUEST_INVALID);
                    }
                } else {
                    str = relayState;
                }
                createSession.getAttributes().put(ResponseEndpoint.class, SAML2AuthNConstants.ATTR_TARGET, str);
            } else {
                if (!SessionValidator.validateDefaultSessionId(str2)) {
                    StringBuffer stringBuffer2 = new StringBuffer("Invalid '");
                    stringBuffer2.append("asid");
                    stringBuffer2.append("' in request: ");
                    stringBuffer2.append(str2);
                    this._logger.debug(stringBuffer2.toString());
                    throw new SAML2SecurityException(RequestorEvent.REQUEST_INVALID);
                }
                createSession = this._sessionFactory.retrieve(str2);
                if (createSession == null || createSession.isExpired()) {
                    this._logger.debug("Could not process SAML response; Session expired");
                    throw new SAML2SecurityException(RequestorEvent.REQUEST_INVALID);
                }
                if (createSession.getAttributes().contains(SAML2AuthNConstants.class, SAML2AuthNConstants.AUTHNREQUEST_ID_PREFIX)) {
                    String str4 = (String) createSession.getAttributes().get(SAML2AuthNConstants.class, SAML2AuthNConstants.AUTHNREQUEST_ID_PREFIX);
                    if (str4 != null && str3 != null && !str4.equals(str3)) {
                        StringBuffer stringBuffer3 = new StringBuffer("Invalid InResponseTo session ID prefix in request: expected '");
                        stringBuffer3.append(str4);
                        stringBuffer3.append("' but recieved: ");
                        stringBuffer3.append(str3);
                        this._logger.debug(stringBuffer3.toString());
                        throw new SAML2SecurityException(RequestorEvent.REQUEST_INVALID);
                    }
                }
            }
            httpServletRequest.setAttribute(SAML2AuthNConstants.SESSION_ATTRIBUTE_NAME, sAMLMessageContext);
            httpServletRequest.setAttribute(SAML2AuthNConstants.RESPONSE_ENDPOINT_PARAM, new Boolean(true));
            switch (AnonymousClass1.$SwitchMap$com$alfaariss$oa$api$session$SessionState[createSession.getState().ordinal()]) {
                case 1:
                    processUnsolicitedResponse(httpServletRequest, httpServletResponse, createSession);
                    break;
                case 2:
                    processLogoutResponse(httpServletRequest, httpServletResponse, createSession);
                    break;
                default:
                    processAuthNResponse(httpServletRequest, httpServletResponse, createSession);
                    break;
            }
        } catch (OAException e) {
            this._logger.error("Could not process Response", e);
            this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.REQUEST_INVALID, (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, (String) null));
            throw e;
        } catch (Exception e2) {
            this._logger.error("Could not process Response", e2);
            this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.INTERNAL_ERROR, (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, (String) null));
            throw new OAException(1);
        } catch (SAML2SecurityException e3) {
            this._logger.debug("Error processing SAML message for: " + ((String) null), e3);
            this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, e3.getEvent(), (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, "Error processing SAML message for: " + ((String) null)));
            try {
                if (!httpServletResponse.isCommitted()) {
                    httpServletResponse.sendError(400);
                }
            } catch (IOException e4) {
                this._logger.warn("Could not send response", e4);
            }
        }
    }

    private void processRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OAException {
        ISession iSession = null;
        String parameter = httpServletRequest.getParameter("asid");
        try {
            try {
                if (parameter == null) {
                    this._logger.debug("Could not redirect to webapp; Parameter 'asid' missing");
                    if (!httpServletResponse.isCommitted()) {
                        httpServletResponse.sendError(400);
                    }
                    if (iSession != null) {
                        return;
                    } else {
                        return;
                    }
                }
                if (!SessionValidator.validateDefaultSessionId(parameter)) {
                    StringBuffer stringBuffer = new StringBuffer("Invalid '");
                    stringBuffer.append("asid");
                    stringBuffer.append("' in request: ");
                    stringBuffer.append(parameter);
                    this._logger.debug(stringBuffer.toString());
                    if (!httpServletResponse.isCommitted()) {
                        httpServletResponse.sendError(400);
                    }
                    if (0 != 0) {
                        iSession.expire();
                        iSession.persist();
                        return;
                    }
                    return;
                }
                ISession retrieve = this._sessionFactory.retrieve(parameter);
                if (retrieve == null) {
                    this._logger.debug("Could not redirect to webapp; Could not retrieve session");
                    if (!httpServletResponse.isCommitted()) {
                        httpServletResponse.sendError(400);
                    }
                    if (retrieve != null) {
                        retrieve.expire();
                        retrieve.persist();
                        return;
                    }
                    return;
                }
                if (retrieve.isExpired()) {
                    this._logger.debug("Could not redirect to webapp; Session expired");
                    if (!httpServletResponse.isCommitted()) {
                        httpServletResponse.sendError(403);
                    }
                    if (retrieve != null) {
                        retrieve.expire();
                        retrieve.persist();
                        return;
                    }
                    return;
                }
                if (retrieve.getState() == SessionState.AUTHN_OK) {
                    String str = (String) retrieve.getAttributes().get(ResponseEndpoint.class, SAML2AuthNConstants.ATTR_TARGET);
                    if (str == null) {
                        this._logger.debug("Could not redirect to webapp; Cannot retrieve target");
                        throw new OAException(35);
                    }
                    if (!httpServletResponse.isCommitted()) {
                        httpServletResponse.sendRedirect(str);
                    }
                    if (retrieve != null) {
                        retrieve.expire();
                        retrieve.persist();
                        return;
                    }
                    return;
                }
                IUser user = retrieve.getUser();
                String str2 = null;
                if (user != null) {
                    str2 = user.getID();
                }
                if (str2 == null) {
                    str2 = "<not found>";
                }
                this._logger.debug("Could not redirect to webapp; AuthN failed (uid: " + str2 + ")");
                if (!httpServletResponse.isCommitted()) {
                    httpServletResponse.sendError(403);
                }
                if (retrieve != null) {
                    retrieve.expire();
                    retrieve.persist();
                }
            } catch (IOException e) {
                this._logger.error("Could not redirect to webapp; I/O error", e);
                this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.INTERNAL_ERROR, (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, (String) null));
                throw new OAException(1);
            } catch (ClassCastException e2) {
                this._logger.error("Could not redirect to webapp; Target in wrong format", e2);
                this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.SESSION_INVALID, (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, (String) null));
                throw new OAException(1);
            }
        } finally {
            if (0 != 0) {
                iSession.expire();
                iSession.persist();
            }
        }
    }

    private void updateEntityDescriptor(IConfigurationManager iConfigurationManager, Element element, CryptoManager cryptoManager, EntityDescriptor entityDescriptor, String str, BindingProperties bindingProperties) throws OAException {
        this._spSsoDescriptor = entityDescriptor.getSPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol");
        SPSSODescriptorBuilder sPSSODescriptorBuilder = new SPSSODescriptorBuilder(iConfigurationManager, element, this._spSsoDescriptor);
        sPSSODescriptorBuilder.buildNameIDFormats();
        sPSSODescriptorBuilder.buildAuthnRequestsSigned(this._bAuthNRequestSigned);
        sPSSODescriptorBuilder.buildWantAssertionsSigned(this._bWantAssertionsSigned);
        sPSSODescriptorBuilder.buildAssertionConsumerServices(str, bindingProperties);
        sPSSODescriptorBuilder.buildProtocolSupportEnumeration();
        List artifactResolutionServices = entityDescriptor.getIDPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol").getArtifactResolutionServices();
        if (artifactResolutionServices == null || artifactResolutionServices.size() <= 0) {
            this._logger.debug("No artifact resolution service found while configuring SP role. If this is incorrect, please place ResponseEndpoint configuration below the AR config.");
        } else {
            Iterator it = artifactResolutionServices.iterator();
            while (it.hasNext()) {
                sPSSODescriptorBuilder.buildArtifactResolutionService(((ArtifactResolutionService) it.next()).getLocation());
            }
        }
        if (cryptoManager.getPrivateKey() != null) {
            sPSSODescriptorBuilder.buildSigningKeyDescriptor(cryptoManager, entityDescriptor.getEntityID());
        }
        entityDescriptor.getRoleDescriptors().add(0, sPSSODescriptorBuilder.m7getResult());
    }

    private void processUnsolicitedResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ISession iSession) throws OAException {
        iSession.persist();
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        StringBuffer stringBuffer2 = new StringBuffer(stringBuffer);
        if (!stringBuffer.endsWith("/")) {
            stringBuffer2.append("/");
        }
        stringBuffer2.append(REDIRECTER);
        stringBuffer2.append("?");
        stringBuffer2.append("asid");
        stringBuffer2.append("=");
        stringBuffer2.append(iSession.getId());
        iSession.setProfileURL(stringBuffer2.toString());
        forwardToSSOWeb(httpServletRequest, httpServletResponse, iSession);
    }

    private void processLogoutResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ISession iSession) throws OAException {
        forwardToSSOLogout(httpServletRequest, httpServletResponse, iSession);
    }

    private void processAuthNResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ISession iSession) throws OAException {
        forwardToSSOWeb(httpServletRequest, httpServletResponse, iSession);
    }

    private void forwardToSSOWeb(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ISession iSession) throws OAException {
        try {
            httpServletRequest.setAttribute("asid", iSession);
            RequestDispatcher requestDispatcher = httpServletRequest.getRequestDispatcher(this._sWebSSOPath);
            if (requestDispatcher == null) {
                this._logger.warn("There is no requestor dispatcher supported with name: " + this._sWebSSOPath);
                throw new OAException(1);
            }
            requestDispatcher.forward(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            this._logger.fatal("Internal error during forward to sso web", e);
            throw new OAException(1);
        } catch (OAException e2) {
            throw e2;
        }
    }

    private void forwardToSSOLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ISession iSession) throws OAException {
        try {
            httpServletRequest.setAttribute("asid", iSession);
            StringBuffer stringBuffer = new StringBuffer(this._sWebSSOPath);
            if (!this._sWebSSOPath.endsWith("/")) {
                stringBuffer.append("/");
            }
            stringBuffer.append(SSO_LOGOUT_URI);
            RequestDispatcher requestDispatcher = httpServletRequest.getRequestDispatcher(stringBuffer.toString());
            if (requestDispatcher == null) {
                this._logger.warn("There is no requestor dispatcher supported with name: " + stringBuffer.toString());
                throw new OAException(1);
            }
            requestDispatcher.forward(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            this._logger.fatal("Internal error during forward to sso logout", e);
            throw new OAException(1);
        } catch (OAException e2) {
            throw e2;
        }
    }
}
