1.1 --- a/MYParsedCertificate.m Fri Jun 05 08:57:18 2009 -0700
1.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
1.3 @@ -1,496 +0,0 @@
1.4 -//
1.5 -// MYParsedCertificate.m
1.6 -// MYCrypto
1.7 -//
1.8 -// Created by Jens Alfke on 6/2/09.
1.9 -// Copyright 2009 Jens Alfke. All rights reserved.
1.10 -//
1.11 -
1.12 -// References:
1.13 -// <http://www.columbia.edu/~ariel/ssleay/layman.html> "Layman's Guide To ASN.1/BER/DER"
1.14 -// <http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt> "X.509 Style Guide"
1.15 -// <http://en.wikipedia.org/wiki/X.509> Wikipedia article on X.509
1.16 -
1.17 -
1.18 -#import "MYParsedCertificate.h"
1.19 -#import "MYASN1Object.h"
1.20 -#import "MYOID.h"
1.21 -#import "MYBERParser.h"
1.22 -#import "MYDEREncoder.h"
1.23 -#import "MYPublicKey.h"
1.24 -#import "MYPrivateKey.h"
1.25 -#import "MYCertificate.h"
1.26 -#import "MYErrorUtils.h"
1.27 -
1.28 -
1.29 -#define kDefaultExpirationTime (60.0 * 60.0 * 24.0 * 365.0)
1.30 -
1.31 -
1.32 -static id $atIf(NSArray *array, NSUInteger index) {
1.33 - return index < array.count ?[array objectAtIndex: index] :nil;
1.34 -}
1.35 -
1.36 -
1.37 -@interface MYCertificateName ()
1.38 -- (id) _initWithComponents: (NSArray*)components;
1.39 -@end
1.40 -
1.41 -
1.42 -#pragma mark -
1.43 -@implementation MYParsedCertificate
1.44 -
1.45 -
1.46 -static MYOID *kRSAAlgorithmID, *kRSAWithSHA1AlgorithmID, *kCommonNameOID,
1.47 - *kGivenNameOID, *kSurnameOID, *kDescriptionOID, *kEmailOID;
1.48 -
1.49 -
1.50 -+ (void) initialize {
1.51 - if (!kEmailOID) {
1.52 - kRSAAlgorithmID = [[MYOID alloc] initWithComponents: (UInt32[]){1, 2, 840, 113549, 1, 1, 1,}
1.53 - count: 7];
1.54 - kRSAWithSHA1AlgorithmID = [[MYOID alloc] initWithComponents: (UInt32[]){1, 2, 840, 113549, 1, 1, 5}
1.55 - count: 7];
1.56 - kCommonNameOID = [[MYOID alloc] initWithComponents: (UInt32[]){2, 5, 4, 3}
1.57 - count: 4];
1.58 - kGivenNameOID = [[MYOID alloc] initWithComponents: (UInt32[]){2, 5, 4, 42}
1.59 - count: 4];
1.60 - kSurnameOID = [[MYOID alloc] initWithComponents: (UInt32[]){2, 5, 4, 4}
1.61 - count: 4];
1.62 - kDescriptionOID = [[MYOID alloc] initWithComponents: (UInt32[]){2, 5, 4, 13}
1.63 - count: 7];
1.64 - kEmailOID = [[MYOID alloc] initWithComponents: (UInt32[]){1, 2, 840, 113549, 1, 9, 1}
1.65 - count: 7];
1.66 - }
1.67 -
1.68 -}
1.69 -
1.70 -+ (NSString*) validate: (id)root {
1.71 - NSArray *top = $castIf(NSArray,root);
1.72 - if (top.count < 3)
1.73 - return @"Too few top-level components";
1.74 - NSArray *info = $castIf(NSArray, [top objectAtIndex: 0]);
1.75 - if (info.count < 7)
1.76 - return @"Too few identity components";
1.77 - MYASN1Object *version = $castIf(MYASN1Object, [info objectAtIndex: 0]);
1.78 - if (!version || version.tag != 0)
1.79 - return @"Missing or invalid version";
1.80 - NSArray *versionComps = $castIf(NSArray, version.components);
1.81 - if (!versionComps || versionComps.count != 1)
1.82 - return @"Invalid version";
1.83 - NSNumber *versionNum = $castIf(NSNumber, [versionComps objectAtIndex: 0]);
1.84 - if (!versionNum || versionNum.intValue < 0 || versionNum.intValue > 2)
1.85 - return @"Unrecognized version number";
1.86 - return nil;
1.87 -}
1.88 -
1.89 -
1.90 -- (id) initWithCertificateData: (NSData*)data error: (NSError**)outError;
1.91 -{
1.92 - self = [super init];
1.93 - if (self != nil) {
1.94 - if (outError) *outError = nil;
1.95 - id root = MYBERParse(data,outError);
1.96 - NSString *errorMsg = [[self class] validate: root];
1.97 - if (errorMsg) {
1.98 - if (!*outError)
1.99 - *outError = MYError(2, MYASN1ErrorDomain, @"Invalid certificate: %@", errorMsg);
1.100 - [self release];
1.101 - return nil;
1.102 - }
1.103 - _root = [root retain];
1.104 - _data = [data copy];
1.105 - }
1.106 - return self;
1.107 -}
1.108 -
1.109 -- (void) dealloc
1.110 -{
1.111 -
1.112 - [_root release];
1.113 - [_issuerCertificate release];
1.114 - [_data release];
1.115 - [super dealloc];
1.116 -}
1.117 -
1.118 -
1.119 -- (NSArray*) _info {return $castIf(NSArray,$atIf(_root,0));}
1.120 -
1.121 -- (NSArray*) _validDates {return $castIf(NSArray, [self._info objectAtIndex: 4]);}
1.122 -
1.123 -@synthesize issuerCertificate=_issuerCertificate, certificateData=_data;
1.124 -
1.125 -
1.126 -- (NSDate*) validFrom {return $castIf(NSDate, $atIf(self._validDates, 0));}
1.127 -- (NSDate*) validTo {return $castIf(NSDate, $atIf(self._validDates, 1));}
1.128 -
1.129 -- (MYCertificateName*) subject {
1.130 - return [[[MYCertificateName alloc] _initWithComponents: [self._info objectAtIndex: 5]] autorelease];
1.131 -}
1.132 -
1.133 -- (MYCertificateName*) issuer {
1.134 - return [[[MYCertificateName alloc] _initWithComponents: [self._info objectAtIndex: 3]] autorelease];
1.135 -}
1.136 -
1.137 -- (BOOL) isSigned {return [_root count] >= 3;}
1.138 -
1.139 -- (BOOL) isRoot {
1.140 - id issuer = $atIf(self._info,3);
1.141 - return $equal(issuer, $atIf(self._info,5)) || $equal(issuer, $array());
1.142 -}
1.143 -
1.144 -
1.145 -- (MYPublicKey*) subjectPublicKey {
1.146 - NSArray *keyInfo = $cast(NSArray, $atIf(self._info, 6));
1.147 - MYOID *keyAlgorithmID = $castIf(MYOID, $atIf($castIf(NSArray,$atIf(keyInfo,0)), 0));
1.148 - if (!$equal(keyAlgorithmID, kRSAAlgorithmID))
1.149 - return nil;
1.150 - MYBitString *keyData = $cast(MYBitString, $atIf(keyInfo, 1));
1.151 - if (!keyData) return nil;
1.152 - return [[[MYPublicKey alloc] initWithKeyData: keyData.bits] autorelease];
1.153 -}
1.154 -
1.155 -- (MYPublicKey*) issuerPublicKey {
1.156 - if (_issuerCertificate)
1.157 - return _issuerCertificate.publicKey;
1.158 - else if (self.isRoot)
1.159 - return self.subjectPublicKey;
1.160 - else
1.161 - return nil;
1.162 -}
1.163 -
1.164 -- (NSData*) signedData {
1.165 - // The root object is a sequence; we want to extract the 1st object of that sequence.
1.166 - const UInt8 *certStart = _data.bytes;
1.167 - const UInt8 *start = MYBERGetContents(_data, nil);
1.168 - if (!start) return nil;
1.169 - size_t length = MYBERGetLength([NSData dataWithBytesNoCopy: (void*)start
1.170 - length: _data.length - (start-certStart)
1.171 - freeWhenDone: NO],
1.172 - NULL);
1.173 - if (length==0)
1.174 - return nil;
1.175 - return [NSData dataWithBytes: start length: (start + length - certStart)];
1.176 -}
1.177 -
1.178 -- (MYOID*) signatureAlgorithmID {
1.179 - return $castIf(MYOID, $atIf($castIf(NSArray,$atIf(_root,1)), 0));
1.180 -}
1.181 -
1.182 -- (NSData*) signature {
1.183 - id signature = $atIf(_root,2);
1.184 - if ([signature isKindOfClass: [MYBitString class]])
1.185 - signature = [signature bits];
1.186 - return $castIf(NSData,signature);
1.187 -}
1.188 -
1.189 -- (BOOL) validateSignature {
1.190 - if (!$equal(self.signatureAlgorithmID, kRSAWithSHA1AlgorithmID))
1.191 - return NO;
1.192 - NSData *signedData = self.signedData;
1.193 - NSData *signature = self.signature;
1.194 - MYPublicKey *pubKey = self.issuerPublicKey;
1.195 - if (!signature || !pubKey) return NO;
1.196 - return [pubKey verifySignature: signature ofData: signedData];
1.197 -}
1.198 -
1.199 -
1.200 -#pragma mark -
1.201 -#pragma mark CERTIFICATE GENERATION:
1.202 -
1.203 -
1.204 -- (id) initWithPublicKey: (MYPublicKey*)pubKey {
1.205 - Assert(pubKey);
1.206 - self = [super init];
1.207 - if (self != nil) {
1.208 - id empty = [NSNull null];
1.209 - id version = [[MYASN1Object alloc] initWithTag: 0 ofClass: 2 components: $array($object(0))];
1.210 - _root = $array( $marray(version,
1.211 - empty, // serial #
1.212 - $array(kRSAAlgorithmID),
1.213 - $marray(),
1.214 - $marray(empty, empty),
1.215 - $marray(),
1.216 - $array( $array(kRSAAlgorithmID, empty),
1.217 - [MYBitString bitStringWithData: pubKey.keyData] ) ) );
1.218 - [version release];
1.219 - [_root retain];
1.220 - }
1.221 - return self;
1.222 -}
1.223 -
1.224 -
1.225 -- (void) setValidFrom: (NSDate*)validFrom {
1.226 - [(NSMutableArray*)self._validDates replaceObjectAtIndex: 0 withObject: validFrom];
1.227 -}
1.228 -
1.229 -- (void) setValidTo: (NSDate*)validTo {
1.230 - [(NSMutableArray*)self._validDates replaceObjectAtIndex: 1 withObject: validTo];
1.231 -}
1.232 -
1.233 -
1.234 -- (BOOL) selfSignWithPrivateKey: (MYPrivateKey*)privateKey error: (NSError**)outError {
1.235 - // Copy subject to issuer:
1.236 - NSMutableArray *info = (NSMutableArray*)self._info;
1.237 - [info replaceObjectAtIndex: 3 withObject: [info objectAtIndex: 5]];
1.238 -
1.239 - // Set serial number if there isn't one yet:
1.240 - if (!$castIf(NSNumber, [info objectAtIndex: 1])) {
1.241 - UInt64 serial = floor(CFAbsoluteTimeGetCurrent() * 1000);
1.242 - [info replaceObjectAtIndex: 1 withObject: $object(serial)];
1.243 - }
1.244 -
1.245 - // Set up valid date range if there isn't one yet:
1.246 - NSDate *validFrom = self.validFrom;
1.247 - if (!validFrom)
1.248 - validFrom = self.validFrom = [NSDate date];
1.249 - NSDate *validTo = self.validTo;
1.250 - if (!validTo)
1.251 - self.validTo = [validFrom addTimeInterval: kDefaultExpirationTime];
1.252 -
1.253 - // Append signature to cert structure:
1.254 - NSData *dataToSign = [MYDEREncoder encodeRootObject: info error: outError];
1.255 - if (!dataToSign)
1.256 - return NO;
1.257 - setObj(&_root, $array(info,
1.258 - $array(kRSAWithSHA1AlgorithmID, [NSNull null]),
1.259 - [MYBitString bitStringWithData: [privateKey signData: dataToSign]]));
1.260 -
1.261 - setObj(&_data, [MYDEREncoder encodeRootObject: _root error: outError]);
1.262 - return _data!=nil;
1.263 -}
1.264 -
1.265 -
1.266 -@end
1.267 -
1.268 -
1.269 -
1.270 -#pragma mark -
1.271 -@implementation MYCertificateName
1.272 -
1.273 -- (id) _initWithComponents: (NSArray*)components
1.274 -{
1.275 - self = [super init];
1.276 - if (self != nil) {
1.277 - _components = [components retain];
1.278 - }
1.279 - return self;
1.280 -}
1.281 -
1.282 -- (void) dealloc
1.283 -{
1.284 - [_components release];
1.285 - [super dealloc];
1.286 -}
1.287 -
1.288 -- (BOOL) isEqual: (id)object {
1.289 - return [object isKindOfClass: [MYCertificateName class]]
1.290 - && [_components isEqual: ((MYCertificateName*)object)->_components];
1.291 -}
1.292 -
1.293 -- (NSArray*) _pairForOID: (MYOID*)oid {
1.294 - for (id nameEntry in _components) {
1.295 - for (id pair in $castIf(NSSet,nameEntry)) {
1.296 - if ([pair isKindOfClass: [NSArray class]] && [pair count] == 2) {
1.297 - if ($equal(oid, [pair objectAtIndex: 0]))
1.298 - return pair;
1.299 - }
1.300 - }
1.301 - }
1.302 - return nil;
1.303 -}
1.304 -
1.305 -- (NSString*) stringForOID: (MYOID*)oid {
1.306 - return [[self _pairForOID: oid] objectAtIndex: 1];
1.307 -}
1.308 -
1.309 -- (void) setString: (NSString*)value forOID: (MYOID*)oid {
1.310 - NSMutableArray *pair = (NSMutableArray*) [self _pairForOID: oid];
1.311 - if (pair)
1.312 - [pair replaceObjectAtIndex: 1 withObject: value];
1.313 - else
1.314 - [(NSMutableArray*)_components addObject: [NSSet setWithObject: $marray(oid,value)]];
1.315 -}
1.316 -
1.317 -- (NSString*) commonName {return [self stringForOID: kCommonNameOID];}
1.318 -- (NSString*) givenName {return [self stringForOID: kGivenNameOID];}
1.319 -- (NSString*) surname {return [self stringForOID: kSurnameOID];}
1.320 -- (NSString*) nameDescription {return [self stringForOID: kDescriptionOID];}
1.321 -- (NSString*) emailAddress {return [self stringForOID: kEmailOID];}
1.322 -
1.323 -- (void) setCommonName: (NSString*)commonName {[self setString: commonName forOID: kCommonNameOID];}
1.324 -- (void) setGivenName: (NSString*)givenName {[self setString: givenName forOID: kGivenNameOID];}
1.325 -- (void) setSurname: (NSString*)surname {[self setString: surname forOID: kSurnameOID];}
1.326 -- (void) setNameDescription: (NSString*)desc {[self setString: desc forOID: kDescriptionOID];}
1.327 -- (void) setEmailAddress: (NSString*)email {[self setString: email forOID: kEmailOID];}
1.328 -
1.329 -
1.330 -@end
1.331 -
1.332 -
1.333 -
1.334 -#pragma mark -
1.335 -#pragma mark TEST CASES:
1.336 -
1.337 -#if DEBUG
1.338 -
1.339 -
1.340 -static MYParsedCertificate* testCert(NSString *filename, BOOL selfSigned) {
1.341 - Log(@"--- Creating MYParsedCertificate from %@", filename);
1.342 - NSData *certData = [NSData dataWithContentsOfFile: filename];
1.343 - //Log(@"Cert Data =\n%@", certData);
1.344 - NSError *error = nil;
1.345 - MYParsedCertificate *pcert = [[MYParsedCertificate alloc] initWithCertificateData: certData
1.346 - error: &error];
1.347 - CAssertNil(error);
1.348 - CAssert(pcert != nil);
1.349 -
1.350 - CAssertEq(pcert.isRoot, selfSigned);
1.351 -
1.352 - NSData *signedData = pcert.signedData;
1.353 - //Log(@"Signed Data = (length=%x)\n%@", signedData.length, signedData);
1.354 - CAssertEqual(signedData, [certData subdataWithRange: NSMakeRange(4,signedData.length)]);
1.355 -
1.356 - Log(@"AlgID = %@", pcert.signatureAlgorithmID);
1.357 - Log(@"Signature = %@", pcert.signature);
1.358 - CAssertEqual(pcert.signatureAlgorithmID, kRSAWithSHA1AlgorithmID);
1.359 - CAssert(pcert.signature != nil);
1.360 - Log(@"Subject Public Key = %@", pcert.subjectPublicKey);
1.361 - CAssert(pcert.subjectPublicKey);
1.362 - if (selfSigned) {
1.363 - Log(@"Issuer Public Key = %@", pcert.issuerPublicKey);
1.364 - CAssert(pcert.issuerPublicKey);
1.365 -
1.366 - CAssert(pcert.validateSignature);
1.367 - }
1.368 - MYCertificateName *subject = pcert.subject;
1.369 - Log(@"Common Name = %@", subject.commonName);
1.370 - Log(@"Given Name = %@", subject.givenName);
1.371 - Log(@"Surname = %@", subject.surname);
1.372 - Log(@"Desc = %@", subject.nameDescription);
1.373 - Log(@"Email = %@", subject.emailAddress);
1.374 - return pcert;
1.375 -}
1.376 -
1.377 -
1.378 -TestCase(ParsedCert) {
1.379 - testCert(@"../../Tests/selfsigned.cer", YES);
1.380 - testCert(@"../../Tests/iphonedev.cer", NO);
1.381 -}
1.382 -
1.383 -
1.384 -#import "MYKeychain.h"
1.385 -
1.386 -TestCase(CreateCert) {
1.387 - MYPrivateKey *privateKey = [[MYKeychain defaultKeychain] generateRSAKeyPairOfSize: 512];
1.388 - MYParsedCertificate *pcert = [[MYParsedCertificate alloc] initWithPublicKey: privateKey.publicKey];
1.389 - MYCertificateName *subject = pcert.subject;
1.390 - subject.commonName = @"testcase";
1.391 - subject.givenName = @"Test";
1.392 - subject.surname = @"Case";
1.393 - subject.nameDescription = @"Just a test certificate created by MYCrypto";
1.394 - subject.emailAddress = @"testcase@example.com";
1.395 -
1.396 - subject = pcert.subject;
1.397 - CAssertEqual(subject.commonName, @"testcase");
1.398 - CAssertEqual(subject.givenName, @"Test");
1.399 - CAssertEqual(subject.surname, @"Case");
1.400 - CAssertEqual(subject.nameDescription, @"Just a test certificate created by MYCrypto");
1.401 - CAssertEqual(subject.emailAddress, @"testcase@example.com");
1.402 -
1.403 - Log(@"Signing...");
1.404 - NSError *error;
1.405 - CAssert([pcert selfSignWithPrivateKey: privateKey error: &error]);
1.406 - CAssertNil(error);
1.407 - NSData *certData = pcert.certificateData;
1.408 - Log(@"Generated cert = \n%@", certData);
1.409 - CAssert(certData);
1.410 - [certData writeToFile: @"../../Tests/generated.cer" atomically: YES];
1.411 - MYParsedCertificate *pcert2 = testCert(@"../../Tests/generated.cer", YES);
1.412 -
1.413 - Log(@"Verifying...");
1.414 - MYCertificateName *subject2 = pcert2.subject;
1.415 - CAssertEqual(subject2,subject);
1.416 - CAssertEqual(subject2.commonName, @"testcase");
1.417 - CAssertEqual(subject2.givenName, @"Test");
1.418 - CAssertEqual(subject2.surname, @"Case");
1.419 - CAssertEqual(subject2.nameDescription, @"Just a test certificate created by MYCrypto");
1.420 - CAssertEqual(subject2.emailAddress, @"testcase@example.com");
1.421 -}
1.422 -
1.423 -#endif
1.424 -
1.425 -
1.426 -
1.427 -
1.428 -/* Parsed form of selfsigned.cer:
1.429 -
1.430 -Sequence: <-- top
1.431 - Sequence: <-- info
1.432 - MYASN1Object[2/0]: <-- version (tag=0, constructed)
1.433 - 2
1.434 - 1 <-- serial number
1.435 - Sequence:
1.436 - {1 2 840 113549 1 1 1} <-- algorithm ID
1.437 - Sequence: <-- issuer
1.438 - Set:
1.439 - Sequence:
1.440 - {2 5 4 4}
1.441 - Widdershins
1.442 - Set:
1.443 - Sequence:
1.444 - {1 2 840 113549 1 9 1}
1.445 - waldo@example.com
1.446 - Set:
1.447 - Sequence:
1.448 - {2 5 4 3}
1.449 - waldo
1.450 - Set:
1.451 - Sequence:
1.452 - {2 5 4 42}
1.453 - Waldo
1.454 - Set:
1.455 - Sequence:
1.456 - {2 5 4 13}
1.457 - Just a fictitious person
1.458 - Sequence: <--validity
1.459 - 2009-04-12 21:54:35 -0700
1.460 - 2010-04-13 21:54:35 -0700
1.461 - Sequence: <-- subject
1.462 - Set:
1.463 - Sequence: <-- surname
1.464 - {2 5 4 4}
1.465 - Widdershins
1.466 - Set:
1.467 - Sequence: <-- email
1.468 - {1 2 840 113549 1 9 1}
1.469 - waldo@example.com
1.470 - Set:
1.471 - Sequence: <-- common name
1.472 - {2 5 4 3}
1.473 - waldo
1.474 - Set:
1.475 - Sequence: <-- first name
1.476 - {2 5 4 42}
1.477 - Waldo
1.478 - Set:
1.479 - Sequence: <-- description
1.480 - {2 5 4 13}
1.481 - Just a fictitious person
1.482 - Sequence: <-- public key info
1.483 - Sequence:
1.484 - {1 2 840 113549 1 1 1} <-- algorithm ID (RSA)
1.485 - <null>
1.486 - MYBitString<3082010a 02820101 0095713c 360badf2 d8575ebd 278fa26b a2e6d05e 1eb04eaa 9fa6f11b fd341556 038b3077 525c7adb f5aedf3b 249b08e6 7f77af26 7ff2feb8 5f4ccb96 5269dbd2 f01f19b6 55fc4ea3 a85f2ede 11ff80f8 fc23e662 f263f685 06a9ec07 f7ee4249 af184f21 2d9253d8 7f6f7cbc 96e6ba5c abc8f4e7 3bf6100b 06dcf3ee 999d4170 f5dd005d a24a54a1 3edaddd5 0675409d 6728a387 5fa71898 ebf7d93d 4af8742d f9a0e9ad 6dc21cfa fc2d1967 e692575b 56e5376c 8cf008e8 a442d787 6843a92e 9501b144 8a75adef 5e804fec 6d09740d 1ea8442e 67fac3be c5ea3af5 d95d9f95 2c507711 01c45942 28ad1410 23525324 62848476 d987d3c7 d65f9057 daf1e853 77020301 0001> <-- DER-encoded key
1.487 - MYASN1Object[2/3]:
1.488 - Sequence:
1.489 - Sequence:
1.490 - {2 5 29 15}
1.491 - <030202fc>
1.492 - Sequence:
1.493 - {2 5 29 37}
1.494 - <301a0608 2b060105 05070301 06082b06 01050507 03020604 551d2500>
1.495 - Sequence:
1.496 - {1 2 840 113549 1 1 5}
1.497 - <null>
1.498 - MYBitString<79c8e789 50a11fcb 7398f5fe 0cfa2595 b2476f53 62dfbea2 70ae3a8b fdaf5a57 39be6101 fc5e0929 e57a0b2b 41e3ab52 f78ef1b5 ecc8848c da7f42aa b57c3df4 df4125a9 db4e6388 197c2a1c e326c1a5 5203b4ef da057b91 4abc43aa 3eeee6aa fe4303c3 0f000175 16b916b5 72f8b74f c682a06f 920e3bbf a16cdad8 fce3f184 adccc61e 8d3b44e5 8bd103f0 46310f6a 992f240a b290354c 04c519c9 22276df6 310ccb8e 942e38f6 555ca40b 71482e52 146a9988 f021c2c0 2d285db5 59d48eaf 7b20559f 068ea1a0 f07fbaee 29284ada 28bf8344 f435f30f 6263f0c9 9c4920ce a1b7c6c0 9cfa3bbb af5a0fee 5b0e94eb 9c57d28b 1bb9c977 be53e4bb b675ffaa>
1.499 -*/
1.500 \ No newline at end of file