This is an automated email from the ASF dual-hosted git repository.
adoroszlai pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git
The following commit(s) were added to refs/heads/master by this push:
new 4ff6300 HDDS-6398. Add audit logs for DelegationToken (#3163)
4ff6300 is described below
commit 4ff630082b39ca0ebbb9080913f52f9a7b9d7d18
Author: Jyotinder Singh <[email protected]>
AuthorDate: Wed Mar 23 19:16:18 2022 +0530
HDDS-6398. Add audit logs for DelegationToken (#3163)
---
.../java/org/apache/hadoop/ozone/OzoneConsts.java | 4 ++
.../org/apache/hadoop/ozone/audit/OMAction.java | 4 ++
.../org/apache/hadoop/ozone/om/OzoneManager.java | 3 ++
.../apache/hadoop/ozone/om/OzoneManagerUtils.java | 22 +++++++++
.../security/OMCancelDelegationTokenRequest.java | 42 +++++++++++++++--
.../security/OMGetDelegationTokenRequest.java | 54 ++++++++++++++++++----
.../security/OMRenewDelegationTokenRequest.java | 51 ++++++++++++++++++--
.../security/TestOMGetDelegationTokenRequest.java | 10 +++-
8 files changed, 169 insertions(+), 21 deletions(-)
diff --git
a/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConsts.java
b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConsts.java
index bdc8789..0430283 100644
--- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConsts.java
+++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConsts.java
@@ -449,4 +449,8 @@ public final class OzoneConsts {
public static final String OZONE_HTTP_SECURITY_ENABLED_SECURE = "true";
public static final String OZONE_HTTP_FILTER_INITIALIZERS_SECURE =
"org.apache.hadoop.security.AuthenticationFilterInitializer";
+
+ public static final String DELEGATION_TOKEN_KIND = "kind";
+ public static final String DELEGATION_TOKEN_SERVICE = "service";
+ public static final String DELEGATION_TOKEN_RENEWER = "renewer";
}
diff --git
a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/audit/OMAction.java
b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/audit/OMAction.java
index f969e75..9c382fe 100644
---
a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/audit/OMAction.java
+++
b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/audit/OMAction.java
@@ -56,6 +56,10 @@ public enum OMAction implements AuditAction {
LIST_MULTIPART_UPLOAD_PARTS,
LIST_MULTIPART_UPLOADS,
ABORT_MULTIPART_UPLOAD,
+ GET_DELEGATION_TOKEN,
+ RENEW_DELEGATION_TOKEN,
+ CANCEL_DELEGATION_TOKEN,
+ GET_SERVICE_LIST,
//ACL Actions
ADD_ACL,
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
index 16183da..1d1d5d9 100644
---
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
@@ -2896,6 +2896,9 @@ public final class OzoneManager extends
ServiceRuntimeInfoImpl
// so failure metrics is not handled. In future if there is any need to
// handle exception in this method, we need to incorporate
// metrics.incNumGetServiceListFails()
+ AUDIT.logReadSuccess(
+ buildAuditMessageForSuccess(OMAction.GET_SERVICE_LIST,
+ new LinkedHashMap<>()));
return services;
}
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManagerUtils.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManagerUtils.java
index 4eae6df..43fc316 100644
---
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManagerUtils.java
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManagerUtils.java
@@ -18,13 +18,18 @@
package org.apache.hadoop.ozone.om;
import org.apache.commons.lang3.tuple.Pair;
+import org.apache.hadoop.ozone.OzoneConsts;
import org.apache.hadoop.ozone.om.exceptions.OMException;
import org.apache.hadoop.ozone.om.helpers.BucketLayout;
import org.apache.hadoop.ozone.om.helpers.OmBucketInfo;
+import org.apache.hadoop.ozone.security.OzoneTokenIdentifier;
+import org.apache.hadoop.security.token.Token;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.IOException;
+import java.util.LinkedHashMap;
+import java.util.Map;
import java.util.Set;
import static
org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes.DETECTED_LOOP_IN_BUCKET_LINKS;
@@ -177,4 +182,21 @@ public final class OzoneManagerUtils {
}
return bucketInfo;
}
+
+ /**
+ * Builds an audit map based on the Delegation Token passed to the method.
+ * @param token Delegation Token
+ * @return AuditMap
+ */
+ public static Map<String, String> buildTokenAuditMap(
+ Token<OzoneTokenIdentifier> token) {
+ Map<String, String> auditMap = new LinkedHashMap<>();
+ auditMap.put(OzoneConsts.DELEGATION_TOKEN_KIND,
+ token.getKind() == null ? "" : token.getKind().toString());
+ auditMap.put(OzoneConsts.DELEGATION_TOKEN_SERVICE,
+ token.getService() == null ? "" : token.getService().toString());
+
+ return auditMap;
+ }
+
}
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/security/OMCancelDelegationTokenRequest.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/security/OMCancelDelegationTokenRequest.java
index 8963aa5..6bdcfa4 100644
---
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/security/OMCancelDelegationTokenRequest.java
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/security/OMCancelDelegationTokenRequest.java
@@ -19,6 +19,8 @@
package org.apache.hadoop.ozone.om.request.security;
import com.google.common.base.Optional;
+import org.apache.hadoop.ozone.audit.AuditLogger;
+import org.apache.hadoop.ozone.audit.OMAction;
import org.apache.hadoop.ozone.om.OMMetadataManager;
import org.apache.hadoop.ozone.om.OzoneManager;
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
@@ -40,6 +42,9 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.IOException;
+import java.util.Map;
+
+import static org.apache.hadoop.ozone.om.OzoneManagerUtils.buildTokenAuditMap;
/**
* Handle CancelDelegationToken Request.
@@ -55,12 +60,28 @@ public class OMCancelDelegationTokenRequest extends
OMClientRequest {
@Override
public OMRequest preExecute(OzoneManager ozoneManager) throws IOException {
+ // We need to populate user info in our request object.
+ OMRequest request = super.preExecute(ozoneManager);
- // Call OM to cancel token, this does check whether we can cancel token
- // or not. This does not remove token from DB/in-memory.
- ozoneManager.cancelDelegationToken(getToken());
+ AuditLogger auditLogger = ozoneManager.getAuditLogger();
+ Map<String, String> auditMap = null;
- return super.preExecute(ozoneManager);
+ try {
+ Token<OzoneTokenIdentifier> token = OMPBHelper.convertToDelegationToken(
+ request.getCancelDelegationTokenRequest().getToken());
+ auditMap = buildTokenAuditMap(token);
+
+ // Call OM to cancel token, this does check whether we can cancel token
+ // or not. This does not remove token from DB/in-memory.
+ ozoneManager.cancelDelegationToken(token);
+ return request;
+
+ } catch (IOException ioe) {
+ auditLog(auditLogger,
+ buildAuditMessage(OMAction.CANCEL_DELEGATION_TOKEN, auditMap, ioe,
+ request.getUserInfo()));
+ throw ioe;
+ }
}
@Override
@@ -69,14 +90,20 @@ public class OMCancelDelegationTokenRequest extends
OMClientRequest {
OzoneManagerDoubleBufferHelper ozoneManagerDoubleBufferHelper) {
OMMetadataManager omMetadataManager = ozoneManager.getMetadataManager();
+ Token<OzoneTokenIdentifier> token = getToken();
+
+ AuditLogger auditLogger = ozoneManager.getAuditLogger();
+ Map<String, String> auditMap = buildTokenAuditMap(token);
OMClientResponse omClientResponse = null;
OMResponse.Builder omResponse = OmResponseUtil.getOMResponseBuilder(
getOmRequest());
OzoneTokenIdentifier ozoneTokenIdentifier = null;
+ IOException exception = null;
+
try {
ozoneTokenIdentifier =
- OzoneTokenIdentifier.readProtoBuf(getToken().getIdentifier());
+ OzoneTokenIdentifier.readProtoBuf(token.getIdentifier());
// Remove token from in-memory.
ozoneManager.getDelegationTokenMgr().removeToken(ozoneTokenIdentifier);
@@ -94,6 +121,7 @@ public class OMCancelDelegationTokenRequest extends
OMClientRequest {
.newBuilder())).build());
} catch (IOException ex) {
LOG.error("Error in cancel DelegationToken {}", ozoneTokenIdentifier,
ex);
+ exception = ex;
omClientResponse = new OMCancelDelegationTokenResponse(null,
createErrorOMResponse(omResponse, ex));
} finally {
@@ -101,6 +129,10 @@ public class OMCancelDelegationTokenRequest extends
OMClientRequest {
ozoneManagerDoubleBufferHelper);
}
+ auditLog(auditLogger,
+ buildAuditMessage(OMAction.CANCEL_DELEGATION_TOKEN, auditMap,
exception,
+ getOmRequest().getUserInfo()));
+
if (LOG.isDebugEnabled()) {
LOG.debug("Cancelled delegation token: {}", ozoneTokenIdentifier);
}
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/security/OMGetDelegationTokenRequest.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/security/OMGetDelegationTokenRequest.java
index 33ca1d3..45af702 100644
---
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/security/OMGetDelegationTokenRequest.java
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/security/OMGetDelegationTokenRequest.java
@@ -20,6 +20,9 @@ package org.apache.hadoop.ozone.om.request.security;
import com.google.common.base.Optional;
import org.apache.hadoop.io.Text;
+import org.apache.hadoop.ozone.OzoneConsts;
+import org.apache.hadoop.ozone.audit.AuditLogger;
+import org.apache.hadoop.ozone.audit.OMAction;
import org.apache.hadoop.ozone.om.OMMetadataManager;
import org.apache.hadoop.ozone.om.OzoneManager;
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
@@ -42,6 +45,10 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.IOException;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+import static org.apache.hadoop.ozone.om.OzoneManagerUtils.buildTokenAuditMap;
/**
* Handle GetDelegationToken Request.
@@ -57,12 +64,25 @@ public class OMGetDelegationTokenRequest extends
OMClientRequest {
@Override
public OMRequest preExecute(OzoneManager ozoneManager) throws IOException {
+ // We need to populate user info in our request object.
+ OMRequest request = super.preExecute(ozoneManager);
+
GetDelegationTokenRequestProto getDelegationTokenRequest =
- getOmRequest().getGetDelegationTokenRequest();
+ request.getGetDelegationTokenRequest();
- // Call OM to create token
- Token<OzoneTokenIdentifier> token = ozoneManager
- .getDelegationToken(new Text(getDelegationTokenRequest.getRenewer()));
+ AuditLogger auditLogger = ozoneManager.getAuditLogger();
+
+ Token<OzoneTokenIdentifier> token;
+ try {
+ // Call OM to create token
+ token = ozoneManager
+ .getDelegationToken(new
Text(getDelegationTokenRequest.getRenewer()));
+ } catch (IOException ioe) {
+ auditLog(auditLogger,
+ buildAuditMessage(OMAction.GET_DELEGATION_TOKEN,
+ new LinkedHashMap<>(), ioe, request.getUserInfo()));
+ throw ioe;
+ }
// Client issues GetDelegationToken request, when received by OM leader
// it will generate a token. Original GetDelegationToken request is
@@ -88,8 +108,8 @@ public class OMGetDelegationTokenRequest extends
OMClientRequest {
.build())
.setTokenRenewInterval(ozoneManager.getDelegationTokenMgr()
.getTokenRenewInterval()))
- .setCmdType(getOmRequest().getCmdType())
- .setClientId(getOmRequest().getClientId());
+ .setCmdType(request.getCmdType())
+ .setClientId(request.getClientId());
} else {
@@ -99,11 +119,11 @@ public class OMGetDelegationTokenRequest extends
OMClientRequest {
UpdateGetDelegationTokenRequest.newBuilder()
.setGetDelegationTokenResponse(
GetDelegationTokenResponseProto.newBuilder()))
- .setCmdType(getOmRequest().getCmdType())
- .setClientId(getOmRequest().getClientId());
+ .setCmdType(request.getCmdType())
+ .setClientId(request.getClientId());
}
- if (getOmRequest().hasTraceID()) {
- omRequest.setTraceID(getOmRequest().getTraceID());
+ if (request.hasTraceID()) {
+ omRequest.setTraceID(request.getTraceID());
}
return omRequest.build();
}
@@ -140,11 +160,20 @@ public class OMGetDelegationTokenRequest extends
OMClientRequest {
Token<OzoneTokenIdentifier> ozoneTokenIdentifierToken =
OMPBHelper.convertToDelegationToken(tokenProto);
+ AuditLogger auditLogger = ozoneManager.getAuditLogger();
+ Map<String, String> auditMap =
+ buildTokenAuditMap(ozoneTokenIdentifierToken);
+
OMMetadataManager omMetadataManager = ozoneManager.getMetadataManager();
+ IOException exception = null;
+
try {
OzoneTokenIdentifier ozoneTokenIdentifier = OzoneTokenIdentifier.
readProtoBuf(ozoneTokenIdentifierToken.getIdentifier());
+ auditMap.put(OzoneConsts.DELEGATION_TOKEN_RENEWER,
+ ozoneTokenIdentifier.getRenewer() == null ? "" :
+ ozoneTokenIdentifier.getRenewer().toString());
// Update in memory map of token.
long tokenRenewInterval = updateGetDelegationTokenRequest
@@ -166,6 +195,7 @@ public class OMGetDelegationTokenRequest extends
OMClientRequest {
} catch (IOException ex) {
LOG.error("Error in Updating DelegationToken {}",
ozoneTokenIdentifierToken, ex);
+ exception = ex;
omClientResponse = new OMGetDelegationTokenResponse(null, -1L,
createErrorOMResponse(omResponse, ex));
} finally {
@@ -173,6 +203,10 @@ public class OMGetDelegationTokenRequest extends
OMClientRequest {
ozoneManagerDoubleBufferHelper);
}
+ auditLog(auditLogger,
+ buildAuditMessage(OMAction.GET_DELEGATION_TOKEN, auditMap, exception,
+ getOmRequest().getUserInfo()));
+
if (LOG.isDebugEnabled()) {
LOG.debug("Updated delegation token in-memory map: {}",
ozoneTokenIdentifierToken);
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/security/OMRenewDelegationTokenRequest.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/security/OMRenewDelegationTokenRequest.java
index ca0a854..64355cf 100644
---
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/security/OMRenewDelegationTokenRequest.java
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/security/OMRenewDelegationTokenRequest.java
@@ -19,7 +19,11 @@
package org.apache.hadoop.ozone.om.request.security;
import java.io.IOException;
+import java.util.Map;
+import org.apache.hadoop.ozone.OzoneConsts;
+import org.apache.hadoop.ozone.audit.AuditLogger;
+import org.apache.hadoop.ozone.audit.OMAction;
import org.apache.hadoop.ozone.om.request.util.OmResponseUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -41,6 +45,7 @@ import
org.apache.hadoop.ozone.security.proto.SecurityProtos.RenewDelegationToke
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.hdds.utils.db.cache.CacheKey;
import org.apache.hadoop.hdds.utils.db.cache.CacheValue;
+import static org.apache.hadoop.ozone.om.OzoneManagerUtils.buildTokenAuditMap;
/**
* Handle RenewDelegationToken Request.
@@ -56,13 +61,35 @@ public class OMRenewDelegationTokenRequest extends
OMClientRequest {
@Override
public OMRequest preExecute(OzoneManager ozoneManager) throws IOException {
+ // We need to populate user info in our request object.
+ OMRequest request = super.preExecute(ozoneManager);
+
RenewDelegationTokenRequestProto renewDelegationTokenRequest =
- getOmRequest().getRenewDelegationTokenRequest();
+ request.getRenewDelegationTokenRequest();
+
+ AuditLogger auditLogger = ozoneManager.getAuditLogger();
+ Map<String, String> auditMap = null;
- // Call OM to renew token
- long renewTime = ozoneManager.renewDelegationToken(
- OMPBHelper.convertToDelegationToken(
- renewDelegationTokenRequest.getToken()));
+ long renewTime;
+ try {
+ Token<OzoneTokenIdentifier> token = OMPBHelper.convertToDelegationToken(
+ renewDelegationTokenRequest.getToken());
+ auditMap = buildTokenAuditMap(token);
+
+ OzoneTokenIdentifier ozoneTokenIdentifier = OzoneTokenIdentifier.
+ readProtoBuf(token.getIdentifier());
+ auditMap.put(OzoneConsts.DELEGATION_TOKEN_RENEWER,
+ ozoneTokenIdentifier.getRenewer() == null ? "" :
+ ozoneTokenIdentifier.getRenewer().toString());
+
+ // Call OM to renew token
+ renewTime = ozoneManager.renewDelegationToken(token);
+ } catch (IOException ioe) {
+ auditLog(auditLogger,
+ buildAuditMessage(OMAction.RENEW_DELEGATION_TOKEN, auditMap, ioe,
+ request.getUserInfo()));
+ throw ioe;
+ }
RenewDelegationTokenResponseProto.Builder renewResponse =
RenewDelegationTokenResponseProto.newBuilder();
@@ -111,6 +138,10 @@ public class OMRenewDelegationTokenRequest extends
OMClientRequest {
OMPBHelper.convertToDelegationToken(updateRenewDelegationTokenRequest
.getRenewDelegationTokenRequest().getToken());
+ AuditLogger auditLogger = ozoneManager.getAuditLogger();
+ Map<String, String> auditMap =
+ buildTokenAuditMap(ozoneTokenIdentifierToken);
+
long renewTime = updateRenewDelegationTokenRequest
.getRenewDelegationTokenResponse().getResponse().getNewExpiryTime();
@@ -119,10 +150,15 @@ public class OMRenewDelegationTokenRequest extends
OMClientRequest {
OMClientResponse omClientResponse = null;
OMResponse.Builder omResponse = OmResponseUtil.getOMResponseBuilder(
getOmRequest());
+ IOException exception = null;
+
try {
OzoneTokenIdentifier ozoneTokenIdentifier = OzoneTokenIdentifier.
readProtoBuf(ozoneTokenIdentifierToken.getIdentifier());
+ auditMap.put(OzoneConsts.DELEGATION_TOKEN_RENEWER,
+ ozoneTokenIdentifier.getRenewer() == null ? "" :
+ ozoneTokenIdentifier.getRenewer().toString());
// Update in memory map of token.
ozoneManager.getDelegationTokenMgr()
@@ -142,6 +178,7 @@ public class OMRenewDelegationTokenRequest extends
OMClientRequest {
} catch (IOException ex) {
LOG.error("Error in Updating Renew DelegationToken {}",
ozoneTokenIdentifierToken, ex);
+ exception = ex;
omClientResponse = new OMRenewDelegationTokenResponse(null, -1L,
createErrorOMResponse(omResponse, ex));
} finally {
@@ -149,6 +186,10 @@ public class OMRenewDelegationTokenRequest extends
OMClientRequest {
ozoneManagerDoubleBufferHelper);
}
+ auditLog(auditLogger,
+ buildAuditMessage(OMAction.RENEW_DELEGATION_TOKEN, auditMap, exception,
+ getOmRequest().getUserInfo()));
+
if (LOG.isDebugEnabled()) {
LOG.debug("Updated renew delegation token in-memory map: {} with expiry"
+
" time {}", ozoneTokenIdentifierToken, renewTime);
diff --git
a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/security/TestOMGetDelegationTokenRequest.java
b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/security/TestOMGetDelegationTokenRequest.java
index d7ca680..162962f 100644
---
a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/security/TestOMGetDelegationTokenRequest.java
+++
b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/security/TestOMGetDelegationTokenRequest.java
@@ -22,7 +22,11 @@ import java.io.IOException;
import java.nio.charset.StandardCharsets;
import com.google.common.base.Optional;
import java.util.UUID;
+
+import org.apache.hadoop.ozone.audit.AuditLogger;
+import org.apache.hadoop.ozone.audit.AuditLoggerType;
import org.apache.hadoop.ozone.om.response.OMClientResponse;
+import org.apache.hadoop.ozone.om.upgrade.OMLayoutVersionManager;
import org.apache.hadoop.ozone.security.OzoneDelegationTokenSecretManager;
import org.apache.hadoop.ozone.security.OzoneTokenIdentifier;
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.Type;
@@ -59,9 +63,13 @@ public class TestOMGetDelegationTokenRequest extends
private static final String CHECK_RESPONSE = "";
@Before
- public void setupGetDelegationToken() {
+ public void setupGetDelegationToken() throws IOException {
secretManager = Mockito.mock(OzoneDelegationTokenSecretManager.class);
when(ozoneManager.getDelegationTokenMgr()).thenReturn(secretManager);
+ when(ozoneManager.getAuditLogger()).thenReturn(new AuditLogger(
+ AuditLoggerType.OMLOGGER));
+ when(ozoneManager.getVersionManager()).thenReturn(
+ new OMLayoutVersionManager());
setupToken();
setupRequest();
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
