wreq-rb 0.3.0

data/vendor/wreq/src/tls/x509/identity.rs

@@ -0,0 +1,122 @@
+use boring2::{
+    pkcs12::Pkcs12,
+    pkey::{PKey, Private},
+    x509::X509,
+};
+
+use crate::Error;
+
+/// Represents a private key and X509 cert as a client certificate.
+#[derive(Debug, Clone)]
+pub struct Identity {
+    pkey: PKey<Private>,
+    cert: X509,
+    chain: Vec<X509>,
+}
+
+impl Identity {
+    /// Parses a DER-formatted PKCS #12 archive, using the specified password to decrypt the key.
+    ///
+    /// The archive should contain a leaf certificate and its private key, as well any intermediate
+    /// certificates that allow clients to build a chain to a trusted root.
+    /// The chain certificates should be in order from the leaf certificate towards the root.
+    ///
+    /// PKCS #12 archives typically have the file extension `.p12` or `.pfx`, and can be created
+    /// with the OpenSSL `pkcs12` tool:
+    ///
+    /// ```bash
+    /// openssl pkcs12 -export -out identity.pfx -inkey key.pem -in cert.pem -certfile chain_certs.pem
+    /// ```
+    ///
+    /// # Examples
+    ///
+    /// ```
+    /// # use std::fs::File;
+    /// # use std::io::Read;
+    /// # fn pkcs12() -> Result<(), Box<dyn std::error::Error>> {
+    /// let mut buf = Vec::new();
+    /// File::open("my-ident.pfx")?.read_to_end(&mut buf)?;
+    /// let pkcs12 = wreq::Identity::from_pkcs12_der(&buf, "my-privkey-password")?;
+    /// # drop(pkcs12);
+    /// # Ok(())
+    /// # }
+    /// ```
+    pub fn from_pkcs12_der(buf: &[u8], pass: &str) -> crate::Result<Identity> {
+        let pkcs12 = Pkcs12::from_der(buf).map_err(Error::tls)?;
+        let parsed = pkcs12.parse(pass).map_err(Error::tls)?;
+        Ok(Identity {
+            pkey: parsed.pkey,
+            cert: parsed.cert,
+            // > The stack is the reverse of what you might expect due to the way
+            // > PKCS12_parse is implemented, so we need to load it backwards.
+            // > https://github.com/sfackler/rust-native-tls/commit/05fb5e583be589ab63d9f83d986d095639f8ec44
+            chain: parsed.chain.into_iter().flatten().rev().collect(),
+        })
+    }
+
+    /// Parses a chain of PEM encoded X509 certificates, with the leaf certificate first.
+    /// `key` is a PEM encoded PKCS #8 formatted private key for the leaf certificate.
+    ///
+    /// The certificate chain should contain any intermediate certificates that should be sent to
+    /// clients to allow them to build a chain to a trusted root.
+    ///
+    /// A certificate chain here means a series of PEM encoded certificates concatenated together.
+    ///
+    /// # Examples
+    ///
+    /// ```
+    /// # use std::fs;
+    /// # fn pkcs8() -> Result<(), Box<dyn std::error::Error>> {
+    /// let cert = fs::read("client.pem")?;
+    /// let key = fs::read("key.pem")?;
+    /// let pkcs8 = wreq::Identity::from_pkcs8_pem(&cert, &key)?;
+    /// # drop(pkcs8);
+    /// # Ok(())
+    /// # }
+    /// ```
+    pub fn from_pkcs8_pem(buf: &[u8], key: &[u8]) -> crate::Result<Identity> {
+        if !key.starts_with(b"-----BEGIN PRIVATE KEY-----") {
+            return Err(Error::builder("expected PKCS#8 PEM"));
+        }
+
+        let pkey = PKey::private_key_from_pem(key).map_err(Error::tls)?;
+        let mut cert_chain = X509::stack_from_pem(buf).map_err(Error::tls)?.into_iter();
+        let cert = cert_chain.next().ok_or_else(|| {
+            Error::builder("at least one certificate must be provided to create an identity")
+        })?;
+        let chain = cert_chain.collect();
+        Ok(Identity { pkey, cert, chain })
+    }
+
+    pub(crate) fn add_to_tls(
+        &self,
+        connector: &mut boring2::ssl::SslConnectorBuilder,
+    ) -> crate::Result<()> {
+        connector.set_certificate(&self.cert).map_err(Error::tls)?;
+        connector.set_private_key(&self.pkey).map_err(Error::tls)?;
+        for cert in self.chain.iter() {
+            // https://www.openssl.org/docs/manmaster/man3/SSL_CTX_add_extra_chain_cert.html
+            // specifies that "When sending a certificate chain, extra chain certificates are
+            // sent in order following the end entity certificate."
+            connector
+                .add_extra_chain_cert(cert.clone())
+                .map_err(Error::tls)?;
+        }
+        Ok(())
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use super::Identity;
+
+    #[test]
+    fn identity_from_pkcs12_der_invalid() {
+        Identity::from_pkcs12_der(b"not der", "nope").unwrap_err();
+    }
+
+    #[test]
+    fn identity_from_pkcs8_pem_invalid() {
+        Identity::from_pkcs8_pem(b"not pem", b"not key").unwrap_err();
+    }
+}

data/vendor/wreq/src/tls/x509/parser.rs

@@ -0,0 +1,71 @@
+use boring2::x509::store::{X509Store, X509StoreBuilder};
+
+use super::{Certificate, CertificateInput};
+use crate::{Error, Result};
+
+pub fn parse_certs<'c, I>(
+    certs: I,
+    parser: fn(&'c [u8]) -> crate::Result<Certificate>,
+) -> Result<X509Store>
+where
+    I: IntoIterator,
+    I::Item: Into<CertificateInput<'c>>,
+{
+    let mut store = X509StoreBuilder::new().map_err(Error::tls)?;
+    let certs = filter_map_certs(certs, parser);
+    process_certs(certs.into_iter(), &mut store)?;
+    Ok(store.build())
+}
+
+pub fn parse_certs_with_stack<C, F>(certs: C, parse: F) -> Result<X509Store>
+where
+    C: AsRef<[u8]>,
+    F: Fn(C) -> Result<Vec<Certificate>>,
+{
+    let mut store = X509StoreBuilder::new().map_err(Error::tls)?;
+    let certs = parse(certs)?;
+    process_certs(certs.into_iter(), &mut store)?;
+    Ok(store.build())
+}
+
+pub fn process_certs<I>(iter: I, store: &mut X509StoreBuilder) -> Result<()>
+where
+    I: Iterator<Item = Certificate>,
+{
+    let mut valid_count = 0;
+    let mut invalid_count = 0;
+    for cert in iter {
+        if let Err(_err) = store.add_cert(cert.0) {
+            invalid_count += 1;
+            warn!("tls failed to parse certificate: {:?}", _err);
+        } else {
+            valid_count += 1;
+        }
+    }
+
+    if valid_count == 0 && invalid_count > 0 {
+        return Err(Error::builder("invalid certificate"));
+    }
+
+    Ok(())
+}
+
+pub fn filter_map_certs<'c, I>(
+    certs: I,
+    parser: fn(&'c [u8]) -> Result<Certificate>,
+) -> impl Iterator<Item = Certificate>
+where
+    I: IntoIterator,
+    I::Item: Into<CertificateInput<'c>>,
+{
+    certs
+        .into_iter()
+        .map(Into::into)
+        .filter_map(move |data| match data.with_parser(parser) {
+            Ok(cert) => Some(cert),
+            Err(_err) => {
+                warn!("tls failed to parse certificate: {:?}", _err);
+                None
+            }
+        })
+}

data/vendor/wreq/src/tls/x509/store.rs

@@ -0,0 +1,228 @@
+use std::sync::Arc;
+
+use boring2::{
+    ssl::SslConnectorBuilder,
+    x509::store::{X509Store, X509StoreBuilder},
+};
+
+use super::{
+    Certificate, CertificateInput,
+    parser::{filter_map_certs, parse_certs, parse_certs_with_stack, process_certs},
+};
+use crate::{Error, Result};
+
+/// A builder for constructing a `CertStore`.
+pub struct CertStoreBuilder {
+    builder: Result<X509StoreBuilder>,
+}
+
+// ====== impl CertStoreBuilder ======
+
+impl CertStoreBuilder {
+    /// Adds a DER-encoded certificate to the certificate store.
+    #[inline]
+    pub fn add_der_cert<'c, C>(self, cert: C) -> Self
+    where
+        C: Into<CertificateInput<'c>>,
+    {
+        self.parse_cert(cert, Certificate::from_der)
+    }
+
+    /// Adds a PEM-encoded certificate to the certificate store.
+    #[inline]
+    pub fn add_pem_cert<'c, C>(self, cert: C) -> Self
+    where
+        C: Into<CertificateInput<'c>>,
+    {
+        self.parse_cert(cert, Certificate::from_pem)
+    }
+
+    /// Adds multiple DER-encoded certificates to the certificate store.
+    #[inline]
+    pub fn add_der_certs<'c, I>(self, certs: I) -> Self
+    where
+        I: IntoIterator,
+        I::Item: Into<CertificateInput<'c>>,
+    {
+        self.parse_certs(certs, Certificate::from_der)
+    }
+
+    /// Adds multiple PEM-encoded certificates to the certificate store.
+    #[inline]
+    pub fn add_pem_certs<'c, I>(self, certs: I) -> Self
+    where
+        I: IntoIterator,
+        I::Item: Into<CertificateInput<'c>>,
+    {
+        self.parse_certs(certs, Certificate::from_pem)
+    }
+
+    /// Adds a PEM-encoded certificate stack to the certificate store.
+    pub fn add_stack_pem_certs<C>(mut self, certs: C) -> Self
+    where
+        C: AsRef<[u8]>,
+    {
+        if let Ok(ref mut builder) = self.builder {
+            let result = Certificate::stack_from_pem(certs.as_ref())
+                .and_then(|certs| process_certs(certs.into_iter(), builder));
+
+            if let Err(err) = result {
+                self.builder = Err(err);
+            }
+        }
+        self
+    }
+
+    /// Load certificates from their default locations.
+    ///
+    /// These locations are read from the `SSL_CERT_FILE` and `SSL_CERT_DIR`
+    /// environment variables if present, or defaults specified at OpenSSL
+    /// build time otherwise.
+    pub fn set_default_paths(mut self) -> Self {
+        if let Ok(ref mut builder) = self.builder {
+            if let Err(err) = builder.set_default_paths() {
+                self.builder = Err(Error::tls(err));
+            }
+        }
+        self
+    }
+
+    /// Constructs the `CertStore`.
+    ///
+    /// This method finalizes the builder and constructs the `CertStore`
+    /// containing all the added certificates.
+    #[inline]
+    pub fn build(self) -> Result<CertStore> {
+        self.builder
+            .map(X509StoreBuilder::build)
+            .map(Arc::new)
+            .map(CertStore)
+    }
+}
+
+impl CertStoreBuilder {
+    fn parse_cert<'c, C, P>(mut self, cert: C, parser: P) -> Self
+    where
+        C: Into<CertificateInput<'c>>,
+        P: Fn(&'c [u8]) -> Result<Certificate>,
+    {
+        if let Ok(ref mut builder) = self.builder {
+            let input = cert.into();
+            let result = input
+                .with_parser(parser)
+                .and_then(|cert| builder.add_cert(cert.0).map_err(Error::tls));
+
+            if let Err(err) = result {
+                self.builder = Err(err);
+            }
+        }
+        self
+    }
+
+    fn parse_certs<'c, I>(mut self, certs: I, parser: fn(&'c [u8]) -> Result<Certificate>) -> Self
+    where
+        I: IntoIterator,
+        I::Item: Into<CertificateInput<'c>>,
+    {
+        if let Ok(ref mut builder) = self.builder {
+            let certs = filter_map_certs(certs, parser);
+            if let Err(err) = process_certs(certs, builder) {
+                self.builder = Err(err);
+            }
+        }
+        self
+    }
+}
+
+/// A thread-safe certificate store for TLS connections.
+///
+/// [`CertStore`] manages a collection of trusted certificates used for verifying peer identities.
+/// It is designed to be shared and reused across requests and connections, similar to `Client`.
+///
+/// Internally, [`CertStore`] uses an [`Arc`] for reference counting, so you do **not** need to wrap
+/// it in an additional [`Rc`] or [`Arc`] for sharing between threads or tasks.
+///
+/// To configure a [`CertStore`], use [`CertStore::builder()`]. You can also construct it from DER
+/// or PEM certificates, or load system defaults.
+///
+/// [`Rc`]: std::rc::Rc
+/// [`Arc`]: std::sync::Arc
+#[derive(Clone)]
+pub struct CertStore(Arc<X509Store>);
+
+// ====== impl CertStore ======
+
+impl CertStore {
+    /// Creates a new `CertStoreBuilder`.
+    #[inline]
+    pub fn builder() -> CertStoreBuilder {
+        CertStoreBuilder {
+            builder: X509StoreBuilder::new().map_err(Error::builder),
+        }
+    }
+
+    /// Creates a new `CertStore` from a collection of DER-encoded certificates.
+    #[inline]
+    pub fn from_der_certs<'c, C>(certs: C) -> Result<CertStore>
+    where
+        C: IntoIterator,
+        C::Item: Into<CertificateInput<'c>>,
+    {
+        parse_certs(certs, Certificate::from_der)
+            .map(Arc::new)
+            .map(CertStore)
+    }
+
+    /// Creates a new `CertStore` from a collection of PEM-encoded certificates.
+    #[inline]
+    pub fn from_pem_certs<'c, C>(certs: C) -> Result<CertStore>
+    where
+        C: IntoIterator,
+        C::Item: Into<CertificateInput<'c>>,
+    {
+        parse_certs(certs, Certificate::from_pem)
+            .map(Arc::new)
+            .map(CertStore)
+    }
+
+    /// Creates a new `CertStore` from a PEM-encoded certificate stack.
+    #[inline]
+    pub fn from_pem_stack<C>(certs: C) -> Result<CertStore>
+    where
+        C: AsRef<[u8]>,
+    {
+        parse_certs_with_stack(certs, Certificate::stack_from_pem)
+            .map(Arc::new)
+            .map(CertStore)
+    }
+}
+
+impl CertStore {
+    #[inline]
+    pub(crate) fn add_to_tls(&self, tls: &mut SslConnectorBuilder) {
+        tls.set_cert_store_ref(&self.0);
+    }
+}
+
+impl Default for CertStore {
+    fn default() -> Self {
+        #[cfg(feature = "webpki-roots")]
+        static LOAD_CERTS: std::sync::LazyLock<CertStore> = std::sync::LazyLock::new(|| {
+            CertStore::builder()
+                .add_der_certs(webpki_root_certs::TLS_SERVER_ROOT_CERTS)
+                .build()
+                .expect("failed to load default cert store")
+        });
+
+        #[cfg(not(feature = "webpki-roots"))]
+        {
+            CertStore::builder()
+                .set_default_paths()
+                .build()
+                .expect("failed to load default cert store")
+        }
+
+        #[cfg(feature = "webpki-roots")]
+        LOAD_CERTS.clone()
+    }
+}

data/vendor/wreq/src/tls/x509.rs

@@ -0,0 +1,68 @@
+mod identity;
+mod parser;
+mod store;
+
+use boring2::x509::X509;
+
+pub use self::{
+    identity::Identity,
+    store::{CertStore, CertStoreBuilder},
+};
+use crate::Error;
+
+/// A certificate input.
+pub enum CertificateInput<'c> {
+    /// Raw DER or PEM data.
+    Raw(&'c [u8]),
+    /// An already parsed certificate.
+    Parsed(Certificate),
+}
+
+impl<'a> CertificateInput<'a> {
+    pub(crate) fn with_parser<F>(self, parser: F) -> crate::Result<Certificate>
+    where
+        F: Fn(&'a [u8]) -> crate::Result<Certificate>,
+    {
+        match self {
+            CertificateInput::Raw(data) => parser(data),
+            CertificateInput::Parsed(cert) => Ok(cert),
+        }
+    }
+}
+
+impl From<Certificate> for CertificateInput<'_> {
+    fn from(cert: Certificate) -> Self {
+        CertificateInput::Parsed(cert)
+    }
+}
+
+impl<'c, T: AsRef<[u8]> + ?Sized + 'c> From<&'c T> for CertificateInput<'c> {
+    fn from(value: &'c T) -> CertificateInput<'c> {
+        CertificateInput::Raw(value.as_ref())
+    }
+}
+
+/// A certificate.
+#[derive(Clone)]
+pub struct Certificate(X509);
+
+impl Certificate {
+    /// Parse a certificate from DER data.
+    #[inline]
+    pub fn from_der<C: AsRef<[u8]>>(cert: C) -> crate::Result<Self> {
+        X509::from_der(cert.as_ref()).map(Self).map_err(Error::tls)
+    }
+
+    /// Parse a certificate from PEM data.
+    #[inline]
+    pub fn from_pem<C: AsRef<[u8]>>(cert: C) -> crate::Result<Self> {
+        X509::from_pem(cert.as_ref()).map(Self).map_err(Error::tls)
+    }
+
+    /// Parse a stack of certificates from DER data.
+    #[inline]
+    pub fn stack_from_pem<C: AsRef<[u8]>>(cert: C) -> crate::Result<Vec<Self>> {
+        let certs = X509::stack_from_pem(cert.as_ref()).map_err(Error::tls)?;
+        Ok(certs.into_iter().map(Self).collect())
+    }
+}

data/vendor/wreq/src/tls.rs

@@ -0,0 +1,154 @@
+//!  TLS options configuration
+//!
+//! By default, a `Client` will make use of BoringSSL for TLS.
+//!
+//! - Various parts of TLS can also be configured or even disabled on the `ClientBuilder`.
+
+pub(crate) mod conn;
+mod keylog;
+mod options;
+mod x509;
+
+use boring2::ssl;
+pub use boring2::ssl::{CertificateCompressionAlgorithm, ExtensionType};
+use bytes::{BufMut, Bytes, BytesMut};
+
+pub use self::{
+    keylog::KeyLog,
+    options::{TlsOptions, TlsOptionsBuilder},
+    x509::{CertStore, CertStoreBuilder, Certificate, Identity},
+};
+
+/// Http extension carrying extra TLS layer information.
+/// Made available to clients on responses when `tls_info` is set.
+#[derive(Debug, Clone)]
+pub struct TlsInfo {
+    pub(crate) peer_certificate: Option<Bytes>,
+    pub(crate) peer_certificate_chain: Option<Vec<Bytes>>,
+}
+
+impl TlsInfo {
+    /// Get the DER encoded leaf certificate of the peer.
+    pub fn peer_certificate(&self) -> Option<&[u8]> {
+        self.peer_certificate.as_deref()
+    }
+
+    /// Get the DER encoded certificate chain of the peer.
+    ///
+    /// This includes the leaf certificate on the client side.
+    pub fn peer_certificate_chain(&self) -> Option<impl Iterator<Item = &[u8]>> {
+        self.peer_certificate_chain
+            .as_ref()
+            .map(|v| v.iter().map(|b| b.as_ref()))
+    }
+}
+
+/// A TLS protocol version.
+#[derive(Debug, Clone, Copy, Hash, PartialEq, Eq)]
+pub struct TlsVersion(ssl::SslVersion);
+
+impl TlsVersion {
+    /// Version 1.0 of the TLS protocol.
+    pub const TLS_1_0: TlsVersion = TlsVersion(ssl::SslVersion::TLS1);
+
+    /// Version 1.1 of the TLS protocol.
+    pub const TLS_1_1: TlsVersion = TlsVersion(ssl::SslVersion::TLS1_1);
+
+    /// Version 1.2 of the TLS protocol.
+    pub const TLS_1_2: TlsVersion = TlsVersion(ssl::SslVersion::TLS1_2);
+
+    /// Version 1.3 of the TLS protocol.
+    pub const TLS_1_3: TlsVersion = TlsVersion(ssl::SslVersion::TLS1_3);
+}
+
+/// A TLS ALPN protocol.
+#[derive(Debug, Clone, Copy, Hash, PartialEq, Eq)]
+pub struct AlpnProtocol(&'static [u8]);
+
+impl AlpnProtocol {
+    /// Prefer HTTP/1.1
+    pub const HTTP1: AlpnProtocol = AlpnProtocol(b"http/1.1");
+
+    /// Prefer HTTP/2
+    pub const HTTP2: AlpnProtocol = AlpnProtocol(b"h2");
+
+    /// Prefer HTTP/3
+    pub const HTTP3: AlpnProtocol = AlpnProtocol(b"h3");
+
+    /// Create a new [`AlpnProtocol`] from a static byte slice.
+    #[inline]
+    pub const fn new(value: &'static [u8]) -> Self {
+        AlpnProtocol(value)
+    }
+
+    #[inline]
+    fn encode(self) -> Bytes {
+        Self::encode_sequence(std::iter::once(&self))
+    }
+
+    fn encode_sequence<'a, I>(items: I) -> Bytes
+    where
+        I: IntoIterator<Item = &'a AlpnProtocol>,
+    {
+        let mut buf = BytesMut::new();
+        for item in items {
+            buf.put_u8(item.0.len() as u8);
+            buf.extend_from_slice(item.0);
+        }
+        buf.freeze()
+    }
+}
+
+/// A TLS ALPS protocol.
+#[derive(Debug, Clone, Copy, Hash, PartialEq, Eq)]
+pub struct AlpsProtocol(&'static [u8]);
+
+impl AlpsProtocol {
+    /// Prefer HTTP/1.1
+    pub const HTTP1: AlpsProtocol = AlpsProtocol(b"http/1.1");
+
+    /// Prefer HTTP/2
+    pub const HTTP2: AlpsProtocol = AlpsProtocol(b"h2");
+
+    /// Prefer HTTP/3
+    pub const HTTP3: AlpsProtocol = AlpsProtocol(b"h3");
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn alpn_protocol_encode() {
+        let alpn = AlpnProtocol::encode_sequence(&[AlpnProtocol::HTTP1, AlpnProtocol::HTTP2]);
+        assert_eq!(alpn, Bytes::from_static(b"\x08http/1.1\x02h2"));
+
+        let alpn = AlpnProtocol::encode_sequence(&[AlpnProtocol::HTTP3]);
+        assert_eq!(alpn, Bytes::from_static(b"\x02h3"));
+
+        let alpn = AlpnProtocol::encode_sequence(&[AlpnProtocol::HTTP1, AlpnProtocol::HTTP3]);
+        assert_eq!(alpn, Bytes::from_static(b"\x08http/1.1\x02h3"));
+
+        let alpn = AlpnProtocol::encode_sequence(&[AlpnProtocol::HTTP2, AlpnProtocol::HTTP3]);
+        assert_eq!(alpn, Bytes::from_static(b"\x02h2\x02h3"));
+
+        let alpn = AlpnProtocol::encode_sequence(&[
+            AlpnProtocol::HTTP1,
+            AlpnProtocol::HTTP2,
+            AlpnProtocol::HTTP3,
+        ]);
+        assert_eq!(alpn, Bytes::from_static(b"\x08http/1.1\x02h2\x02h3"));
+    }
+
+    #[test]
+    fn alpn_protocol_encode_single() {
+        let alpn = AlpnProtocol::HTTP1.encode();
+        assert_eq!(alpn, b"\x08http/1.1".as_ref());
+
+        let alpn = AlpnProtocol::HTTP2.encode();
+        assert_eq!(alpn, b"\x02h2".as_ref());
+
+        let alpn = AlpnProtocol::HTTP3.encode();
+        assert_eq!(alpn, b"\x02h3".as_ref());
+    }
+}

data/vendor/wreq/src/trace.rs

@@ -0,0 +1,55 @@
+macro_rules! debug {
+    ($($arg:tt)+) => {
+        {
+            #[cfg(feature = "tracing")]
+            {
+                ::tracing::debug!($($arg)+);
+            }
+        }
+    }
+}
+
+macro_rules! trace {
+    ($($arg:tt)*) => {
+        {
+            #[cfg(feature = "tracing")]
+            {
+                ::tracing::trace!($($arg)+);
+            }
+        }
+    }
+}
+
+macro_rules! trace_span {
+    ($($arg:tt)*) => {
+        {
+            #[cfg(feature = "tracing")]
+            {
+                let _span = ::tracing::trace_span!($($arg)+);
+                let _ = _span.entered();
+            }
+        }
+    }
+}
+
+macro_rules! warn {
+    ($($arg:tt)*) => {
+        {
+            #[cfg(feature = "tracing")]
+            {
+                ::tracing::warn!($($arg)+);
+            }
+        }
+    }
+}
+
+macro_rules! error {
+    ($($arg:tt)*) => {
+        {
+            #[cfg(feature = "tracing")]
+            {
+                ::tracing::error!($($arg)+);
+            }
+        }
+    }
+}