ES-90 (#368)

* [BUGFIX] updated kernel.keymanager depenency version to resolve build issues

* added thumprint related logic

* Changes made in Jws builder

* modified consentHelperService

* done some changes in consentHelperService

* added modified testcase with signature verification

* done signature related changes

* [ES-90] done modification regarding signature verification now it is working

* done change accorting to review comments

* added new method for getting public key registry

* now we are using idHash isnted of psuToken to find public Key registroy

* verifid signature varification with postman now using Idhash istead of Psutoke

* done some correction

* add signatureFormate anotation for LinkedConsentRequestV2 :

* review changes

* review changes

* added test case and done review changes

* Modified the version

* added migration script to add thumbprint

* review changes

* review changes

* review changes

* review changes

* review changes

* review changes

* review changes

* review changes

* reveiw changes

* merged the develop and corrected some test cases

* review changes

* cherry pick from 1.1.0 dp_upgrade_script

* changes for deployment in dev1

* soran cloud coverage increased

* review changes

* review changes

* review changes

* review chages

* review changes  (#346)

* review changes

* review changes

* review change for consent and updatescript (#365)

* review changes

* review changes

* review changes

* review changes in consentHelperService and upgradeScript

* review changes

* Review comments fix

---------

Co-authored-by: Hitesh Jain <jainhitesh9998@gmail.com>
Co-authored-by: kaifk468 <74772315+kaifk468@users.noreply.github.com>
Co-authored-by: Mohd Kaif Siddique <kaifk468@gmail.com>
Co-authored-by: Venkata Saidurga Polamraju <saidurgacsea@gmail.com>
Co-authored-by: Vishwa <visu.vs1@gmail.com>
Co-authored-by: ase-101 <>

binding-service-impl/src/main/java/io/mosip/esignet/entity/PublicKeyRegistry.java

@@ -53,11 +53,17 @@ public class PublicKeyRegistry {
 	@Column(name = "public_key_hash")
 	private String publicKeyHash;
 
+	@NotBlank
+	@Column(name = "thumbprint")
+	private String thumbprint;
+
 	@NotBlank
 	@Column(name = "certificate")
 	private String certificate;
 
 	@Column(name = "cr_dtimes")
 	private LocalDateTime createdtimes;
 
+
+
 }

binding-service-impl/src/main/java/io/mosip/esignet/repository/PublicKeyRegistryRepository.java

@@ -32,4 +32,6 @@ public interface PublicKeyRegistryRepository extends JpaRepository<PublicKeyRegi
 	@Query("UPDATE PublicKeyRegistry  pkr set pkr.publicKey= :publicKey , pkr.publicKeyHash= :publicKeyHash , pkr.expiredtimes= :expireDTimes, " +
 			"pkr.certificate= :certificate where pkr.psuToken= :psuToken and pkr.authFactor= :authFactor")
 	int updatePublicKeyRegistry(String publicKey, String publicKeyHash, LocalDateTime expireDTimes, String psuToken, String certificate, String authFactor);
+
+	Optional<PublicKeyRegistry>findFirstByIdHashAndThumbprintAndExpiredtimesGreaterThanOrderByExpiredtimesDesc(String idHash, String thumbPrint, LocalDateTime currentDate);
 }

binding-service-impl/src/main/java/io/mosip/esignet/services/KeyBindingHelperService.java

@@ -72,6 +72,7 @@ public PublicKeyRegistry storeKeyBindingDetailsInRegistry(String individualId, S
         publicKeyRegistry.setExpiredtimes(expireDTimes);
         publicKeyRegistry.setWalletBindingId(walletBindingId == null ? generateWalletBindingId(partnerSpecificUserToken) : walletBindingId);
         publicKeyRegistry.setCertificate(certificateData);
+        publicKeyRegistry.setThumbprint(IdentityProviderUtil.generateCertificateThumbprint(certificateData));
         publicKeyRegistry.setCreatedtimes(LocalDateTime.now(ZoneId.of("UTC")));
         publicKeyRegistry = publicKeyRegistryRepository.save(publicKeyRegistry);
         log.info("Saved PublicKeyRegistry details successfully");

binding-service-impl/src/main/java/io/mosip/esignet/services/PublicKeyRegistryServiceImpl.java

@@ -12,6 +12,8 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import java.time.LocalDateTime;
+import java.time.ZoneOffset;
 import java.util.Optional;
 
 @Slf4j
@@ -33,4 +35,20 @@ public Optional<PublicKeyRegistry> findLatestPublicKeyByPsuTokenAndAuthFactor(St
         }
         return Optional.empty();
     }
+
+    @Override
+    public Optional<PublicKeyRegistry> findFirstByIdHashAndThumbprintAndExpiredtimes(String idHash, String thumbPrint) {
+        Optional<io.mosip.esignet.entity.PublicKeyRegistry> optionalPublicKeyRegistry=publicKeyRegistryRepository
+                .findFirstByIdHashAndThumbprintAndExpiredtimesGreaterThanOrderByExpiredtimesDesc(idHash,thumbPrint,LocalDateTime.now(ZoneOffset.UTC));
+        if(optionalPublicKeyRegistry.isPresent()) {
+            PublicKeyRegistry publicKeyRegistry = new PublicKeyRegistry();
+            publicKeyRegistry.setPublicKey(optionalPublicKeyRegistry.get().getPublicKey());
+            publicKeyRegistry.setPsuToken(optionalPublicKeyRegistry.get().getPsuToken());
+            publicKeyRegistry.setAuthFactor(optionalPublicKeyRegistry.get().getAuthFactor());
+            publicKeyRegistry.setCertificate(optionalPublicKeyRegistry.get().getCertificate());
+            return Optional.of(publicKeyRegistry);
+        }
+        return Optional.empty();
+
+    }
 }

binding-service-impl/src/test/java/io/mosip/esignet/BindingValidatorServiceImplTest.java

@@ -90,7 +90,7 @@ public void validateBinding_withValidDetails_thenPass() throws Exception {
 		authChallenge.setChallenge(wlaToken);
 
 		PublicKeyRegistry publicKeyRegistry = new PublicKeyRegistry("id-hash", "WLA", "test-psu-token", clientJWK.toJSONString(),
-				LocalDateTime.now().plusDays(4), "test-binding-id", "test-public-key-hash",
+				LocalDateTime.now().plusDays(4), "test-binding-id", "test-public-key-hash","thumbprint",
 				getPemData(certificate), LocalDateTime.now());
 		when(publicKeyRegistryRepository.findByIdHashAndAuthFactorInAndExpiredtimesGreaterThan(anyString(), any(), any()))
 				.thenReturn(Arrays.asList(publicKeyRegistry));
@@ -117,7 +117,7 @@ public void validateBinding_withInvalidSha256Thumbprint_thenFail() throws Except
 		authChallenge.setChallenge(IdentityProviderUtil.b64Encode(headerJson.toJSONString())+"."+chunks[1]+"."+chunks[2]);
 
 		PublicKeyRegistry publicKeyRegistry = new PublicKeyRegistry("id-hash", "WLA", "test-psu-token", clientJWK.toJSONString(),
-				LocalDateTime.now().plusDays(4), "test-binding-id", "test-public-key-hash",
+				LocalDateTime.now().plusDays(4), "test-binding-id", "test-public-key-hash","thumbprint",
 				getPemData(certificate), LocalDateTime.now());
 		when(publicKeyRegistryRepository.findByIdHashAndAuthFactorInAndExpiredtimesGreaterThan(anyString(), any(), any()))
 				.thenReturn(Arrays.asList(publicKeyRegistry));
@@ -144,7 +144,7 @@ public void validateBinding_withoutSha256Thumbprint_thenFail() throws Exception
 		authChallenge.setChallenge(wlaToken);
 
 		PublicKeyRegistry publicKeyRegistry = new PublicKeyRegistry("id-hash", "WLA", "test-psu-token", clientJWK.toJSONString(),
-				LocalDateTime.now().plusDays(4), "test-binding-id", "test-public-key-hash",
+				LocalDateTime.now().plusDays(4), "test-binding-id", "test-public-key-hash","thumbprint",
 				getPemData(certificate), LocalDateTime.now());
 		when(publicKeyRegistryRepository.findByIdHashAndAuthFactorInAndExpiredtimesGreaterThan(anyString(), any(), any()))
 				.thenReturn(Arrays.asList(publicKeyRegistry));
@@ -180,7 +180,7 @@ public void validateBinding_withUnBoundId_thenFail() throws EsignetException {
 	@Test
 	public void validateBinding_withUnBoundAuthFactors_thenFail() throws EsignetException {
 		PublicKeyRegistry publicKeyRegistry = new PublicKeyRegistry("id-hash", "WLA", "test-psu-token", clientJWK.toJSONString(),
-				LocalDateTime.now().plusDays(4), "test-binding-id", "test-public-key-hash",
+				LocalDateTime.now().plusDays(4), "test-binding-id", "test-public-key-hash","thumbprint",
 				"certificate", LocalDateTime.now());
 		when(publicKeyRegistryRepository.findByIdHashAndAuthFactorInAndExpiredtimesGreaterThan(anyString(), any(), any())).thenReturn(Arrays.asList(publicKeyRegistry));
 
@@ -206,7 +206,7 @@ public void validateBinding_withUnBoundAuthFactors_thenFail() throws EsignetExce
 	@Test
 	public void validateBinding_withInvalidChallenge_thenFail() throws EsignetException {
         PublicKeyRegistry publicKeyRegistry = new PublicKeyRegistry("id-hash", "WLA", "test-psu-token", clientJWK.toJSONString(),
-                LocalDateTime.now().plusDays(4), "test-binding-id", "test-public-key-hash",
+                LocalDateTime.now().plusDays(4), "test-binding-id", "test-public-key-hash","certificate",
                 "certificate", LocalDateTime.now());
         when(publicKeyRegistryRepository.findByIdHashAndAuthFactorInAndExpiredtimesGreaterThan(anyString(), any(), any())).thenReturn(Arrays.asList(publicKeyRegistry));
 

binding-service-impl/src/test/java/io/mosip/esignet/KeyBindingHelperServiceTest.java

@@ -36,6 +36,24 @@
 @RunWith(MockitoJUnitRunner.class)
 public class KeyBindingHelperServiceTest {
 
+    private static final String certificateString="-----BEGIN CERTIFICATE-----\n" +
+            "MIICrzCCAZegAwIBAgIGAYk++jfeMA0GCSqGSIb3DQEBCwUAMBMxETAPBgNVBAMT\n" +
+            "CE1vY2stSURBMB4XDTIzMDcxMDAzMTUzM1oXDTIzMDcyMDAzMTUzM1owHjEcMBoG\n" +
+            "A1UEAxMTU2lkZGhhcnRoIEsgTWFuc291cjCCASIwDQYJKoZIhvcNAQEBBQADggEP\n" +
+            "ADCCAQoCggEBAJy7TzHJJNkjlnSi87fkUr8NMM9k3UIkoAtAqiH7J4uPG1wcdgQK\n" +
+            "luX1wfhsed7TUnblrZCZXOaxqT2kN1uniC28bekQPkWs/e0Mm8s3r7ncxyTtCMlS\n" +
+            "kSlg6ZFN3bV2m3x893vFx81yOGk534Jc9O9qxouxB7WMHn8ynM9BE8k0VaNXyj2/\n" +
+            "z0E7IXqpei4UDNdTU0avmqYGjw/YTsTdlrwQebwn9clwVvld2ZFV4jdgErTqLJ/Y\n" +
+            "u7wIZmYzL3ib5kf2+tVZhY/MnqsT0Bx+TFatnd2Aout5/Hs2V2HdwSBY6ET6SXVT\n" +
+            "NXKDtH3Sw6AyNPj+jo6l5IARsuOvWioTrfsCAwEAATANBgkqhkiG9w0BAQsFAAOC\n" +
+            "AQEAgOtPRuk9IyrRGOFWyFlwJdqZxqVO+78UAJKJmBiko6xxeezkYqqiAuwcyWFj\n" +
+            "XWmvvcwlTdCyfEnGWRi74r4ma7u0h5O4U3AJxPF0/BKklCF9nabRqtSC9ENPKHpf\n" +
+            "/MAsZF/dQkzQ+k8oqCVKgg/OpgmLGg1dBFvBUOsSUtzp2Mv3GhQO8cjHb32YsS2C\n" +
+            "EL2oRcBvJ0SQ9kmYaZ4Pb08xlbTTWbNtPJDj58w4S5Xs2PFlbJr/Ibe3DZM7nYym\n" +
+            "zfeCZDzlkLcSCpEaFCMdeuZSpmdSrRaJ9gquR+Ix3uYrqKNmd6eVq+yr1F5DXu9e\n" +
+            "c6Ny6Ira8ylf96JLLRfh3b5G4w==\n" +
+            "-----END CERTIFICATE-----\n";
+
     @InjectMocks
     private KeyBindingHelperService keyBindingHelperService;
 
@@ -64,12 +82,13 @@ public void storeKeyBindingDetailsInRegistry_withValidValue_thenPass() throws Ex
         Mockito.when(keymanagerUtil.convertToCertificate(Mockito.anyString())).thenReturn(certificate);
         PublicKeyRegistry publicKeyRegistry = new PublicKeyRegistry();
         publicKeyRegistry.setWalletBindingId("wallet-binding-id");
+        publicKeyRegistry.setCertificate(certificateString);
         Mockito.when(publicKeyRegistryRepository.findLatestByPsuTokenAndAuthFactor(Mockito.anyString(),
                 Mockito.anyString())).thenReturn(Optional.of(publicKeyRegistry));
         Mockito.when(publicKeyRegistryRepository.save(Mockito.any(PublicKeyRegistry.class))).thenReturn(publicKeyRegistry);
 
         publicKeyRegistry = keyBindingHelperService.storeKeyBindingDetailsInRegistry("individualId", "psut", "publicKey",
-                "certificate", "WLA");
+                certificateString, "WLA");
         Assert.assertNotNull(publicKeyRegistry);
     }
 
@@ -97,7 +116,7 @@ public void storeKeyBindingDetailsInRegistry_withFirstTimeBinding_thenPass() thr
                 Mockito.anyString())).thenReturn(Optional.empty());
         Mockito.when(publicKeyRegistryRepository.save(Mockito.any(PublicKeyRegistry.class))).thenReturn(new PublicKeyRegistry());
         Assert.assertNotNull(keyBindingHelperService.storeKeyBindingDetailsInRegistry("individualId", "psut", "publicKey",
-                "certificate", "WLA"));
+                certificateString, "WLA"));
     }
 
     private X509Certificate getCertificate(JWK jwk) throws Exception {

binding-service-impl/src/test/java/io/mosip/esignet/KeyBindingServiceTest.java

@@ -215,6 +215,30 @@ public void bindWallet_withUnsupportedFormat_thenFail() throws EsignetException,
 		}
 	}
 
+	@Test
+	public void bindWallet_withInvalidAuthChallenge_thenFail() throws EsignetException, JsonProcessingException {
+		WalletBindingRequest walletBindingRequest = new WalletBindingRequest();
+		walletBindingRequest.setIndividualId("8267411571");
+		walletBindingRequest.setAuthFactorType("WLA");
+		walletBindingRequest.setFormat("wt");
+
+		AuthChallenge authChallenge = new AuthChallenge();
+		authChallenge.setAuthFactorType("OTP");
+		authChallenge.setChallenge("111111");
+		authChallenge.setFormat("alpha");
+		List<AuthChallenge> authChallengeList = new ArrayList();
+		authChallengeList.add(authChallenge);
+		walletBindingRequest.setChallengeList(authChallengeList);
+		walletBindingRequest.setPublicKey(
+				(Map<String, Object>) objectMapper.readValue(clientJWK.toJSONString(), HashMap.class));
+		try {
+			Assert.assertNotNull(keyBindingService.bindWallet(walletBindingRequest, new HashMap<>()));
+			Assert.fail();
+		} catch (EsignetException e) {
+			Assert.assertTrue(e.getErrorCode().equals(ErrorConstants.INVALID_AUTH_FACTOR_TYPE_OR_CHALLENGE_FORMAT));
+		}
+	}
+
 	@Test
 	public void bindWallet_withInvalidKeyBindingResult_thenFail() throws IOException, EsignetException, KeyBindingException {
 		WalletBindingRequest walletBindingRequest = new WalletBindingRequest();

binding-service-impl/src/test/java/io/mosip/esignet/PublicKeyRegistryRepositoryTest.java

@@ -45,10 +45,16 @@ public void createPublicKeyRegistry_withValidDetail_thenPass() {
 		publicKeyRegistry.setCertificate("certificate");
 		publicKeyRegistry.setAuthFactor("WLA");
 		publicKeyRegistry.setPublicKeyHash("test_public_key_hash");
+		publicKeyRegistry.setThumbprint("thumbprint");
 		publicKeyRegistryRepository.save(publicKeyRegistry);
 		publicKeyRegistryRepository.flush();
 		Assert.assertNotNull(publicKeyRegistry);
 
+		Optional<PublicKeyRegistry> publicKeyRegistryOptional=publicKeyRegistryRepository.
+				findFirstByIdHashAndThumbprintAndExpiredtimesGreaterThanOrderByExpiredtimesDesc("test_id_hash","thumbprint",LocalDateTime.now().plus(4,ChronoUnit.DAYS));
+		Assert.assertFalse(publicKeyRegistryOptional.isEmpty());
+		Assert.assertEquals(publicKeyRegistryOptional.get(),publicKeyRegistry);
+
 		List<PublicKeyRegistry> list = publicKeyRegistryRepository.findByIdHashAndAuthFactorInAndExpiredtimesGreaterThan("test_id_hash",
 				Set.of("WLA"), LocalDateTime.now());
 		Assert.assertFalse(list.isEmpty());
@@ -278,6 +284,7 @@ public void findWalletBindingIdWithPsuToken_withValidDetail_thenPass() {
 		publicKeyRegistry.setPublicKeyHash("test_public_key_hash");
 		publicKeyRegistry.setCertificate("certificate");
 		publicKeyRegistry.setAuthFactor("WLA");
+		publicKeyRegistry.setThumbprint("thumbprint");
 		publicKeyRegistry = publicKeyRegistryRepository.save(publicKeyRegistry);
 		Assert.assertNotNull(publicKeyRegistry);
 
@@ -291,6 +298,7 @@ public void findWalletBindingIdWithPsuToken_withValidDetail_thenPass() {
 		publicKeyRegistry.setPublicKeyHash("test_public_key_hash");
 		publicKeyRegistry.setCertificate("certificate");
 		publicKeyRegistry.setAuthFactor("WLA");
+		publicKeyRegistry.setThumbprint("thumbprint");
 		publicKeyRegistry = publicKeyRegistryRepository.save(publicKeyRegistry);
 		Assert.assertNotNull(publicKeyRegistry);
 
@@ -313,6 +321,7 @@ public void findByPublicKeyHashWithPsuToken_withValidDetail_thenPass() {
 		publicKeyRegistry.setPublicKeyHash("test_public_key_hash");
 		publicKeyRegistry.setCertificate("certificate");
 		publicKeyRegistry.setAuthFactor("WLA");
+		publicKeyRegistry.setThumbprint("thumbprint");
 		publicKeyRegistry = publicKeyRegistryRepository.save(publicKeyRegistry);
 		Assert.assertNotNull(publicKeyRegistry);
 
@@ -333,6 +342,7 @@ public void updatePublicKeyRegistry_withValidDetail_thenPass() {
 		publicKeyRegistry.setPublicKeyHash("test_public_key_hash");
 		publicKeyRegistry.setCertificate("certificate");
 		publicKeyRegistry.setAuthFactor("WLA");
+		publicKeyRegistry.setThumbprint("thumbprint");
 		publicKeyRegistryRepository.save(publicKeyRegistry);
 		publicKeyRegistryRepository.flush();
 		Assert.assertNotNull(publicKeyRegistry);

binding-service-impl/src/test/java/io/mosip/esignet/PublicKeyRegistryServiceImplTest.java

@@ -0,0 +1,71 @@
+package io.mosip.esignet;
+
+import io.mosip.esignet.entity.PublicKeyRegistry;
+import io.mosip.esignet.repository.PublicKeyRegistryRepository;
+import io.mosip.esignet.services.PublicKeyRegistryServiceImpl;
+import lombok.extern.slf4j.Slf4j;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.junit.MockitoJUnitRunner;
+import java.util.Optional;
+
+@Slf4j
+@RunWith(MockitoJUnitRunner.class)
+public class PublicKeyRegistryServiceImplTest {
+
+    @Mock
+    PublicKeyRegistryRepository publicKeyRegistryRepository;
+
+    @InjectMocks
+    PublicKeyRegistryServiceImpl publicKeyRegistryService;
+
+    @Test
+    public void findLatestPublicKeyByPsuTokenAndAuthFactor_WithValidDetail_ThenPass(){
+        PublicKeyRegistry publicKeyRegistry=new PublicKeyRegistry();
+        publicKeyRegistry.setPublicKey("publicKey");
+        publicKeyRegistry.setPsuToken("pusToke");
+        publicKeyRegistry.setThumbprint("thumbprint");
+        publicKeyRegistry.setPublicKeyHash("hase");
+        publicKeyRegistry.setCertificate("cert");
+        Mockito.when(publicKeyRegistryRepository.findLatestByPsuTokenAndAuthFactor(Mockito.anyString(),Mockito.anyString())).thenReturn(Optional.of(publicKeyRegistry));
+
+        Optional<io.mosip.esignet.core.dto.PublicKeyRegistry>publicKeyRegistryOptional= publicKeyRegistryService.findLatestPublicKeyByPsuTokenAndAuthFactor(Mockito.anyString(),Mockito.anyString());
+        Assert.assertEquals(publicKeyRegistryOptional.get().getPublicKey(),publicKeyRegistry.getPublicKey());
+        Assert.assertEquals(publicKeyRegistryOptional.get().getPsuToken(),publicKeyRegistry.getPsuToken());
+    }
+
+    @Test
+    public void findLatestPublicKeyByPsuTokenAndAuthFactor_WithInValidDetail_ThenFail(){
+        Mockito.when(publicKeyRegistryRepository.findLatestByPsuTokenAndAuthFactor(Mockito.anyString(),Mockito.anyString())).thenReturn(Optional.empty());
+
+        Optional<io.mosip.esignet.core.dto.PublicKeyRegistry>publicKeyRegistryOptional= publicKeyRegistryService.findLatestPublicKeyByPsuTokenAndAuthFactor(Mockito.anyString(),Mockito.anyString());
+        Assert.assertEquals(Optional.empty(),publicKeyRegistryOptional);
+    }
+
+    @Test
+    public void findFirstByIdHashAndThumbprintAndExpiredtimes_WithValidDetail_ThenPass(){
+        PublicKeyRegistry publicKeyRegistry=new PublicKeyRegistry();
+        publicKeyRegistry.setPublicKey("publicKey");
+        publicKeyRegistry.setPsuToken("pusToke");
+        publicKeyRegistry.setThumbprint("thumbprint");
+        publicKeyRegistry.setPublicKeyHash("hase");
+        publicKeyRegistry.setCertificate("cert");
+        Mockito.when(publicKeyRegistryRepository.findFirstByIdHashAndThumbprintAndExpiredtimesGreaterThanOrderByExpiredtimesDesc(Mockito.anyString(),Mockito.anyString(),Mockito.any())).thenReturn(Optional.of(publicKeyRegistry));
+
+        Optional<io.mosip.esignet.core.dto.PublicKeyRegistry>publicKeyRegistryOptional= publicKeyRegistryService.findFirstByIdHashAndThumbprintAndExpiredtimes("idHash","thumbprint");
+        Assert.assertEquals(publicKeyRegistryOptional.get().getPublicKey(),publicKeyRegistry.getPublicKey());
+        Assert.assertEquals(publicKeyRegistryOptional.get().getPsuToken(),publicKeyRegistry.getPsuToken());
+    }
+
+    @Test
+    public void findFirstByIdHashAndThumbprintAndExpiredtimes_WithInValidDetail_ThenFail(){
+        Mockito.when(publicKeyRegistryRepository.findFirstByIdHashAndThumbprintAndExpiredtimesGreaterThanOrderByExpiredtimesDesc(Mockito.anyString(),Mockito.anyString(),Mockito.any())).thenReturn(Optional.empty());
+
+        Optional<io.mosip.esignet.core.dto.PublicKeyRegistry>publicKeyRegistryOptional= publicKeyRegistryService.findFirstByIdHashAndThumbprintAndExpiredtimes("idHash","thumbprint");
+        Assert.assertEquals(Optional.empty(),publicKeyRegistryOptional);
+    }
+}