package io.jans.as.server.auth;

import io.jans.as.common.model.registration.Client;
import io.jans.as.common.model.session.SessionId;
import io.jans.as.common.model.session.SessionIdState;
import io.jans.as.model.ciba.BackchannelAuthenticationErrorResponseType;
import io.jans.as.model.common.AuthenticationMethod;
import io.jans.as.model.common.GrantType;
import io.jans.as.model.common.Prompt;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.crypto.AbstractCryptoProvider;
import io.jans.as.model.error.ErrorResponseFactory;
import io.jans.as.model.exception.InvalidJwtException;
import io.jans.as.model.token.ClientAssertionType;
import io.jans.as.model.token.TokenErrorResponseType;
import io.jans.as.model.util.Util;
import io.jans.as.server.model.common.AbstractToken;
import io.jans.as.server.model.common.AuthorizationCodeGrant;
import io.jans.as.server.model.common.AuthorizationGrant;
import io.jans.as.server.model.common.AuthorizationGrantList;
import io.jans.as.server.model.token.ClientAssertion;
import io.jans.as.server.model.token.HttpAuthTokenType;
import io.jans.as.server.service.ClientFilterService;
import io.jans.as.server.service.ClientService;
import io.jans.as.server.service.CookieService;
import io.jans.as.server.service.GrantService;
import io.jans.as.server.service.SessionIdService;
import io.jans.as.server.service.stat.StatService;
import io.jans.as.server.service.token.TokenService;
import io.jans.as.server.util.TokenHashUtil;
import io.jans.model.security.Identity;
import io.jans.model.token.TokenEntity;
import io.jans.service.CacheService;
import io.jans.util.StringHelper;
import jakarta.inject.Inject;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.annotation.WebFilter;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.ws.rs.WebApplicationException;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.List;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.http.entity.ContentType;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;

@WebFilter(filterName = "AuthenticationFilter", asyncSupported = true, urlPatterns = {"/restv1/authorize", "/restv1/token", "/restv1/userinfo", "/restv1/revoke", "/restv1/revoke_session", "/restv1/bc-authorize", "/restv1/par", "/restv1/device_authorization", "/restv1/register", "/restv1/ssa", "/restv1/ssa/jwt"}, displayName = "oxAuth")
/* loaded from: input_file:io/jans/as/server/auth/AuthenticationFilter.class */
public class AuthenticationFilter implements Filter {
    private static final String REALM_CONSTANT = "jans-auth";

    @Inject
    private Logger log;

    @Inject
    private Authenticator authenticator;

    @Inject
    private SessionIdService sessionIdService;

    @Inject
    private CookieService cookieService;

    @Inject
    private ClientService clientService;

    @Inject
    private ClientFilterService clientFilterService;

    @Inject
    private ErrorResponseFactory errorResponseFactory;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private Identity identity;

    @Inject
    private AuthorizationGrantList authorizationGrantList;

    @Inject
    private AbstractCryptoProvider cryptoProvider;

    @Inject
    private MTLSService mtlsService;

    @Inject
    private TokenService tokenService;

    @Inject
    private CacheService cacheService;

    @Inject
    private GrantService grantService;

    @Inject
    private DpopService dPoPService;
    private String realm;

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            String stringBuffer = httpServletRequest.getRequestURL().toString();
            this.log.trace("Get request to: '{}'", stringBuffer);
            String method = httpServletRequest.getMethod();
            if (this.appConfiguration.isSkipAuthenticationFilterOptionsMethod().booleanValue() && "OPTIONS".equals(method)) {
                this.log.trace("Ignoring '{}' request to to: '{}'", method, stringBuffer);
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            boolean endsWith = stringBuffer.endsWith("/token");
            boolean endsWith2 = stringBuffer.endsWith("/revoke");
            boolean endsWith3 = stringBuffer.endsWith("/bc-authorize");
            boolean endsWith4 = stringBuffer.endsWith("/device_authorization");
            boolean endsWith5 = stringBuffer.endsWith("/revoke_session");
            boolean endsWith6 = stringBuffer.endsWith("/par");
            boolean z = stringBuffer.endsWith("/ssa") && Arrays.asList("POST", "GET", "DELETE").contains(httpServletRequest.getMethod());
            boolean z2 = stringBuffer.endsWith("/ssa/jwt") && httpServletRequest.getMethod().equals("GET");
            String header = httpServletRequest.getHeader("Authorization");
            String header2 = httpServletRequest.getHeader(DpopService.DPOP);
            if (processMTLS(httpServletRequest, httpServletResponse, filterChain)) {
                return;
            }
            if ((endsWith2 || endsWith4) && this.clientService.isPublic(httpServletRequest.getParameter("client_id"))) {
                this.log.trace("Skipped authentication for {} for public client.", endsWith2 ? "Token Revocation" : "Device Authorization");
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            if (endsWith || endsWith5 || endsWith2 || endsWith4 || endsWith6 || z || z2) {
                this.log.debug("Starting endpoint authentication {}", stringBuffer);
                String token = this.tokenService.getToken(header, HttpAuthTokenType.Bearer, HttpAuthTokenType.AccessToken);
                if (StringUtils.isNotBlank(token)) {
                    processAuthByAccessToken(token, httpServletRequest, httpServletResponse, filterChain);
                    return;
                }
                if (httpServletRequest.getParameter("client_assertion") != null && httpServletRequest.getParameter("client_assertion_type") != null) {
                    this.log.debug("Starting JWT token endpoint authentication");
                    processJwtAuth(httpServletRequest, httpServletResponse, filterChain);
                } else if (this.tokenService.isBasicAuthToken(header)) {
                    this.log.debug("Starting Basic Auth token endpoint authentication");
                    processBasicAuth(httpServletRequest, httpServletResponse, filterChain);
                } else if (endsWith && StringUtils.isNotBlank(header2)) {
                    processDPoP(httpServletRequest, httpServletResponse, filterChain);
                } else {
                    this.log.debug("Starting POST Auth token endpoint authentication");
                    processPostAuth(this.clientFilterService, httpServletRequest, httpServletResponse, filterChain, endsWith);
                }
            } else if (endsWith3) {
                if (httpServletRequest.getParameter("client_assertion") != null && httpServletRequest.getParameter("client_assertion_type") != null) {
                    this.log.debug("Starting JWT token endpoint authentication");
                    processJwtAuth(httpServletRequest, httpServletResponse, filterChain);
                } else if (this.tokenService.isBasicAuthToken(header)) {
                    processBasicAuth(httpServletRequest, httpServletResponse, filterChain);
                } else {
                    String errorAsJson = this.errorResponseFactory.getErrorAsJson(BackchannelAuthenticationErrorResponseType.INVALID_REQUEST);
                    httpServletResponse.setStatus(400);
                    httpServletResponse.addHeader("WWW-Authenticate", getRealmHeaderValue());
                    httpServletResponse.setContentType(ContentType.APPLICATION_JSON.toString());
                    httpServletResponse.setHeader("Content-Length", String.valueOf(errorAsJson.length()));
                    PrintWriter writer = httpServletResponse.getWriter();
                    writer.print(errorAsJson);
                    writer.flush();
                }
            } else if (header == null || this.tokenService.isNegotiateAuthToken(header)) {
                String sessionIdFromCookie = this.cookieService.getSessionIdFromCookie(httpServletRequest);
                List fromString = Prompt.fromString(httpServletRequest.getParameter("prompt"), " ");
                if (StringUtils.isBlank(sessionIdFromCookie) && BooleanUtils.isTrue(this.appConfiguration.getSessionIdRequestParameterEnabled())) {
                    sessionIdFromCookie = httpServletRequest.getParameter(CookieService.SESSION_ID_COOKIE_NAME);
                }
                SessionId sessionId = null;
                if (StringUtils.isNotBlank(sessionIdFromCookie)) {
                    sessionId = this.sessionIdService.getSessionId(sessionIdFromCookie);
                }
                if (sessionId == null || SessionIdState.AUTHENTICATED != sessionId.getState() || fromString.contains(Prompt.LOGIN)) {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                } else {
                    processSessionAuth(sessionIdFromCookie, httpServletRequest, httpServletResponse, filterChain);
                }
            } else if (this.tokenService.isBearerAuthToken(header)) {
                processBearerAuth(httpServletRequest, httpServletResponse, filterChain);
            } else if (this.tokenService.isBasicAuthToken(header)) {
                processBasicAuth(httpServletRequest, httpServletResponse, filterChain);
            } else {
                httpServletResponse.addHeader("WWW-Authenticate", getRealmHeaderValue());
                httpServletResponse.sendError(401, "Not authorized");
            }
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
        } catch (WebApplicationException e2) {
            this.log.trace(e2.getMessage(), e2);
            if (e2.getResponse() != null) {
                sendResponse(httpServletResponse, e2);
            } else {
                this.log.error(e2.getMessage(), e2);
            }
        }
    }

    @NotNull
    public String getRealmHeaderValue() {
        return String.format("Basic realm=\"%s\"", getRealm());
    }

    private boolean processMTLS(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws Exception {
        if (this.cryptoProvider == null) {
            this.log.debug("Unable to create cryptoProvider.");
            return false;
        }
        String parameter = httpServletRequest.getParameter("client_id");
        if (StringUtils.isNotBlank(parameter)) {
            Client client = this.clientService.getClient(parameter);
            if (client == null) {
                return false;
            }
            if (client.hasAuthenticationMethod(AuthenticationMethod.TLS_CLIENT_AUTH) || client.hasAuthenticationMethod(AuthenticationMethod.SELF_SIGNED_TLS_CLIENT_AUTH)) {
                return this.mtlsService.processMTLS(httpServletRequest, httpServletResponse, filterChain, client);
            }
            return false;
        }
        boolean endsWith = httpServletRequest.getRequestURL().toString().endsWith("/register");
        boolean equalsIgnoreCase = "POST".equalsIgnoreCase(httpServletRequest.getMethod());
        if (this.appConfiguration.getDcrAuthorizationWithMTLS().booleanValue() && equalsIgnoreCase && endsWith) {
            return this.mtlsService.processRegisterMTLS(httpServletRequest);
        }
        return false;
    }

    private void processAuthByAccessToken(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) {
        try {
            this.log.trace("Authenticating client by access token {} ...", str);
            if (StringUtils.isBlank(str)) {
                sendError(httpServletResponse);
                return;
            }
            AuthorizationGrant authorizationGrantByAccessToken = this.authorizationGrantList.getAuthorizationGrantByAccessToken(str);
            if (authorizationGrantByAccessToken == null) {
                sendError(httpServletResponse);
                return;
            }
            AbstractToken accessToken = authorizationGrantByAccessToken.getAccessToken(str);
            if (accessToken == null || !accessToken.isValid()) {
                sendError(httpServletResponse);
                return;
            }
            this.authenticator.configureSessionClient(authorizationGrantByAccessToken.getClient());
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            this.log.error("Failed to authenticate client by access_token", e);
            sendError(httpServletResponse);
        }
    }

    private void processSessionAuth(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) {
        boolean z = !this.authenticator.authenticateBySessionId(str);
        if (this.log.isTraceEnabled()) {
            this.log.trace("Process Session Auth, sessionId = {}, requireAuth = {}", Util.escapeLog(str), Boolean.valueOf(z));
        }
        if (!z) {
            try {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } catch (Exception e) {
                this.log.error("Failed to process session authentication", e);
                z = true;
            }
        }
        if (z) {
            sendError(httpServletResponse);
        }
    }

    private void processBasicAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) {
        boolean z = true;
        try {
            String header = httpServletRequest.getHeader("Authorization");
            if (this.tokenService.isBasicAuthToken(header)) {
                String str = new String(Base64.decodeBase64(this.tokenService.getBasicToken(header)), StandardCharsets.UTF_8);
                String str2 = "";
                String str3 = "";
                int indexOf = str.indexOf(":");
                if (indexOf != -1) {
                    str2 = URLDecoder.decode(str.substring(0, indexOf), "UTF-8");
                    str3 = URLDecoder.decode(str.substring(indexOf + 1), "UTF-8");
                }
                z = (StringHelper.equals(str2, this.identity.getCredentials().getUsername()) && this.identity.isLoggedIn()) ? false : true;
                if ((z && !str2.equals(this.identity.getCredentials().getUsername())) || !this.identity.isLoggedIn()) {
                    this.identity.getCredentials().setUsername(str2);
                    this.identity.getCredentials().setPassword(str3);
                    if (httpServletRequest.getRequestURI().endsWith("/token") || httpServletRequest.getRequestURI().endsWith("/revoke") || httpServletRequest.getRequestURI().endsWith("/revoke_session") || httpServletRequest.getRequestURI().endsWith("/userinfo") || httpServletRequest.getRequestURI().endsWith("/bc-authorize") || httpServletRequest.getRequestURI().endsWith("/par") || httpServletRequest.getRequestURI().endsWith("/device_authorization")) {
                        Client client = this.clientService.getClient(str2);
                        if (client == null || !client.hasAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC)) {
                            throw new Exception("The Token Authentication Method is not valid.");
                        }
                        z = !this.authenticator.authenticateClient(httpServletRequest);
                    } else {
                        z = !this.authenticator.authenticateUser(httpServletRequest);
                    }
                }
            }
            if (!z) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
        } catch (Exception e) {
            this.log.info("Basic authentication failed", e);
        }
        if (!z || this.identity.isLoggedIn()) {
            return;
        }
        sendError(httpServletResponse);
    }

    private void processBearerAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) {
        try {
            if (this.tokenService.isBearerAuthToken(httpServletRequest.getHeader("Authorization"))) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            }
        } catch (Exception e) {
            this.log.info("Bearer authorization failed.", e);
        }
    }

    private void processPostAuth(ClientFilterService clientFilterService, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, boolean z) {
        Client client;
        try {
            String str = "";
            String str2 = "";
            boolean z2 = false;
            if (StringHelper.isNotEmpty(httpServletRequest.getParameter("client_id")) && StringHelper.isNotEmpty(httpServletRequest.getParameter("client_secret"))) {
                str = httpServletRequest.getParameter("client_id");
                str2 = httpServletRequest.getParameter("client_secret");
                z2 = true;
            }
            this.log.trace("isExistUserPassword: {}", Boolean.valueOf(z2));
            boolean z3 = (StringHelper.equals(str, this.identity.getCredentials().getUsername()) && this.identity.isLoggedIn()) ? false : true;
            this.log.debug("requireAuth: '{}'", Boolean.valueOf(z3));
            if (z3) {
                if (z2) {
                    Client client2 = this.clientService.getClient(str);
                    if (client2 != null && client2.hasAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST)) {
                        if (str.equals(this.identity.getCredentials().getUsername()) && this.identity.isLoggedIn()) {
                            this.authenticator.configureSessionClient(client2);
                        } else {
                            this.identity.logout();
                            this.identity.getCredentials().setUsername(str);
                            this.identity.getCredentials().setPassword(str2);
                            z3 = !this.authenticator.authenticateClient(httpServletRequest);
                        }
                    }
                } else if (Boolean.TRUE.equals(this.appConfiguration.getClientAuthenticationFiltersEnabled())) {
                    String processAuthenticationFilters = clientFilterService.processAuthenticationFilters(httpServletRequest.getParameterMap());
                    if (processAuthenticationFilters != null) {
                        Client clientByDn = this.clientService.getClientByDn(processAuthenticationFilters);
                        this.identity.logout();
                        this.identity.getCredentials().setUsername(clientByDn.getClientId());
                        this.identity.getCredentials().setPassword((String) null);
                        z3 = !this.authenticator.authenticateClient(httpServletRequest, true);
                    }
                } else if (z && (client = this.clientService.getClient(httpServletRequest.getParameter("client_id"))) != null && client.hasAuthenticationMethod(AuthenticationMethod.NONE)) {
                    this.identity.logout();
                    this.identity.getCredentials().setUsername(client.getClientId());
                    this.identity.getCredentials().setPassword((String) null);
                    z3 = !this.authenticator.authenticateClient(httpServletRequest, true);
                }
            }
            if (!z3) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } else {
                if (!this.identity.isLoggedIn()) {
                    sendError(httpServletResponse);
                }
            }
        } catch (Exception e) {
            this.log.error("Post authentication failed.", e);
        }
    }

    private void processJwtAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) {
        boolean z = false;
        try {
            if (httpServletRequest.getParameter("client_assertion") != null && httpServletRequest.getParameter("client_assertion_type") != null) {
                String parameter = httpServletRequest.getParameter("client_id");
                ClientAssertionType fromString = ClientAssertionType.fromString(httpServletRequest.getParameter("client_assertion_type"));
                String parameter2 = httpServletRequest.getParameter("client_assertion");
                if (fromString == ClientAssertionType.JWT_BEARER) {
                    ClientAssertion clientAssertion = new ClientAssertion(this.appConfiguration, this.cryptoProvider, parameter, fromString, parameter2);
                    String subjectIdentifier = clientAssertion.getSubjectIdentifier();
                    String clientSecret = clientAssertion.getClientSecret();
                    if (!subjectIdentifier.equals(this.identity.getCredentials().getUsername()) || !this.identity.isLoggedIn()) {
                        this.identity.getCredentials().setUsername(subjectIdentifier);
                        this.identity.getCredentials().setPassword(clientSecret);
                        this.authenticator.authenticateClient(httpServletRequest, true);
                        z = true;
                    }
                }
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (ServletException | IOException | InvalidJwtException e) {
            this.log.info("JWT authentication failed.", e);
        }
        if (z) {
            return;
        }
        sendError(httpServletResponse);
    }

    private void processDPoP(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) {
        boolean z = false;
        boolean z2 = false;
        String str = null;
        try {
            this.dPoPService.validateDpopValuesCount(httpServletRequest);
            String header = httpServletRequest.getHeader(DpopService.DPOP);
            z = this.dPoPService.validateDpop(header);
            GrantType fromString = GrantType.fromString(httpServletRequest.getParameter("grant_type"));
            if (fromString == GrantType.AUTHORIZATION_CODE) {
                AuthorizationCodeGrant authorizationCodeGrant = this.authorizationGrantList.getAuthorizationCodeGrant(httpServletRequest.getParameter("code"));
                this.identity.logout();
                this.identity.getCredentials().setUsername(authorizationCodeGrant.getClient().getClientId());
                this.identity.getCredentials().setPassword((String) null);
                z2 = this.authenticator.authenticateClient(httpServletRequest, true);
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } else if (fromString == GrantType.REFRESH_TOKEN) {
                String parameter = httpServletRequest.getParameter(StatService.REFRESH_TOKEN_KEY);
                TokenEntity grantByCode = !BooleanUtils.isTrue(this.appConfiguration.getPersistRefreshToken()) ? (TokenEntity) this.cacheService.get(TokenHashUtil.hash(parameter)) : this.grantService.getGrantByCode(parameter);
                if (!this.dPoPService.getDpopJwkThumbprint(header).equals(grantByCode.getDpop())) {
                    throw new InvalidJwtException("Invalid DPoP Proof Header. The jwk header is not valid.");
                }
                AuthorizationGrant authorizationGrantByRefreshToken = this.authorizationGrantList.getAuthorizationGrantByRefreshToken(grantByCode.getClientId(), parameter);
                this.identity.logout();
                this.identity.getCredentials().setUsername(authorizationGrantByRefreshToken.getClient().getClientId());
                this.identity.getCredentials().setPassword((String) null);
                z2 = this.authenticator.authenticateClient(httpServletRequest, true);
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            }
        } catch (WebApplicationException e) {
            throw e;
        } catch (Exception e2) {
            this.log.error("Invalid DPoP.", e2);
            str = e2.getMessage();
        }
        if (!z) {
            sendInvalidDPoPError(httpServletResponse, str);
        }
        if (z2) {
            return;
        }
        sendError(httpServletResponse);
    }

    private void sendInvalidDPoPError(HttpServletResponse httpServletResponse, String str) {
        try {
            PrintWriter writer = httpServletResponse.getWriter();
            try {
                httpServletResponse.setStatus(400);
                httpServletResponse.setContentType("application/json;charset=UTF-8");
                writer.write(this.errorResponseFactory.errorAsJson(TokenErrorResponseType.INVALID_DPOP_PROOF, str));
                if (writer != null) {
                    writer.close();
                }
            } finally {
            }
        } catch (IOException e) {
            this.log.error(e.getMessage(), e);
        }
    }

    private void sendError(HttpServletResponse httpServletResponse) {
        try {
            PrintWriter writer = httpServletResponse.getWriter();
            try {
                httpServletResponse.setStatus(401);
                httpServletResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + getRealm() + "\"");
                httpServletResponse.setContentType("application/json;charset=UTF-8");
                writer.write(this.errorResponseFactory.errorAsJson(TokenErrorResponseType.INVALID_CLIENT, "Unable to authenticate client."));
                if (writer != null) {
                    writer.close();
                }
            } finally {
            }
        } catch (IOException e) {
            this.log.error(e.getMessage(), e);
        }
    }

    private void sendResponse(HttpServletResponse httpServletResponse, WebApplicationException webApplicationException) {
        try {
            PrintWriter writer = httpServletResponse.getWriter();
            try {
                httpServletResponse.setStatus(webApplicationException.getResponse().getStatus());
                httpServletResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + getRealm() + "\"");
                httpServletResponse.setContentType("application/json;charset=UTF-8");
                writer.write(webApplicationException.getResponse().getEntity().toString());
                if (writer != null) {
                    writer.close();
                }
            } finally {
            }
        } catch (IOException e) {
            this.log.error(e.getMessage(), e);
        }
    }

    public String getRealm() {
        return this.realm != null ? this.realm : REALM_CONSTANT;
    }

    public void setRealm(String str) {
        this.realm = str;
    }

    public void destroy() {
    }
}
