Граф коммитов

141 Коммитов

Автор SHA1 Сообщение Дата
J.C. Jones a51561a1c4 Bug 1260318 - Scope U2F Soft Tokens to a single AppID r=qdot,rbarnes
This change includes the FIDO "App ID" as part of the function used to generate
the wrapping key used in the NSS-based U2F soft token, cryptographically binding
the "Key Handle" to the site that Key Handle is intended for.

This is a breaking change with existing registered U2F keys, but since our soft
token is hidden behind a pref, it does not attempt to be backward-compatible.

- Updated for rbarnes' and qdot's reviews comments. Thanks!
- Made more strict in size restrictions, and added a version field
  to help us be this strict.
- Bugfix for an early unprotected buffer use (Thanks again rbarnes!)
- Fix a sneaky memory leak re: CryptoBuffer.ToSECItem

MozReview-Commit-ID: Jf6gNPauT4Y

--HG--
extra : rebase_source : 4ff5898e93e4a0a75576e5e54035a1cb6dd952d7
2017-02-01 15:21:04 -07:00
Iris Hsiao 940ee4003b Backed out changeset 713c0a78c2c1 (bug 1260318) for leak issue 2017-03-08 14:01:56 +08:00
J.C. Jones 8effd5c124 Bug 1260318 - Scope U2F Soft Tokens to a single AppID r=qdot,rbarnes
This change includes the FIDO "App ID" as part of the function used to generate
the wrapping key used in the NSS-based U2F soft token, cryptographically binding
the "Key Handle" to the site that Key Handle is intended for.

This is a breaking change with existing registered U2F keys, but since our soft
token is hidden behind a pref, it does not attempt to be backward-compatible.

- Updated for rbarnes' and qdot's reviews comments. Thanks!
- Made more strict in size restrictions, and added a version field
  to help us be this strict.
- Bugfix for an early unprotected buffer use (Thanks again rbarnes!)

MozReview-Commit-ID: Jf6gNPauT4Y

--HG--
extra : rebase_source : 52d10287d10698292e1480e04f580f6f8b4847cb
2017-02-01 15:21:04 -07:00
Daniel Holbert 417e3ff20b Bug 1344830: Convert to range-based 'for' loops in U2F.cpp. r=jcj
MozReview-Commit-ID: 2PRQw4Pxquq

--HG--
extra : rebase_source : 72818e2d14a90caea154f50a8ecd44ad25e2df93
2017-03-06 11:16:54 -08:00
Daniel Holbert 17a88fd2c2 Bug 1344816: Remove unused 'this' variable lambda-captures from U2F.cpp. r=jcj
MozReview-Commit-ID: 8GL2Mb7n3GU

--HG--
extra : rebase_source : 2ceb937215f8fe713eec989ce8d093a075cb3414
2017-03-06 11:05:46 -08:00
Tom Tromey 5f8f360823 Bug 1060419 - make log_print use Printf.h, r=froydnj
MozReview-Commit-ID: BIZ1GQEZ1vs

--HG--
extra : rebase_source : 2f1f0aa12493c44f352d9a7e8683e7bb72d2d75b
2016-12-15 20:16:31 -07:00
Joel Maher c203f27827 Bug 1335099 - add BUG_COMPONENT to many dom/* subdir files. r=overholt
MozReview-Commit-ID: CyIIs98hnUI
2017-02-06 09:45:55 -05:00
Sebastian Hengst 7225ec6170 Backed out changeset 9a332af74af5 (bug 1335099) for build bustage (moz.build rule matches no files). r=backout on a CLOSED TREE 2017-02-06 16:21:20 +01:00
Joel Maher 60e61eed48 Bug 1335099 - add BUG_COMPONENT to many dom/* subdir files. r=overholt
MozReview-Commit-ID: CyIIs98hnUI
2017-02-06 09:45:55 -05:00
J.C. Jones 4fc5b851c3 Bug 1335899 - Tolerate token failures in U2F.cpp r=keeler
If there's a second token (say, USB anyone?) that fails early, U2F.cpp's
U2FStatus object should not be told to "stop" unless it's actually done.

So basically, in the promise failures for U2F::Sign and U2F::Register, don't
call Stop - let the stop come implicitly when no tokens respond correctly.

This changes U2FStatus to be used the same way WebAuthn does its WebAuthnRequest
object, for the same purpose.

- Review updates from Keeler; thanks!


MozReview-Commit-ID: HaTKopFakDB

--HG--
extra : rebase_source : f55918f76117abb0f120b21a742c3705c2640225
2017-02-01 15:00:34 -07:00
J.C. Jones ff0d7b7db5 Bug 1333592 - Fix a regression with U2F sign() called with multiple keys r=keeler
Add a test that U2F supports signing with multiple keys.

Reorder the WaitGroupDone calls to ensure they always fire, even if there
are multiple actions in flight.

Also, change the status lanbda captures to capture by reference, and disable
the copy constructor that would let the by-value work. Interestingly, the
compiler is choosing by-reference by default -- at least logs show that the
behavior is correct without this change, but still - this is the right thing to
do.

Updated: Fix the unit tests and write a README that explains why they have to
         use an iframe, while WebAuthn tests do not.

MozReview-Commit-ID: AqSyxU5N4yu

--HG--
extra : rebase_source : b8f18973891ba63ac364203dece65a0689f46ee5
2017-01-26 15:18:50 -07:00
Bevis Tseng 07d4b0dc79 Bug 1314833 - Part 4: Factor out AbstractThread::MainThread() used in U2F. r=billm
MozReview-Commit-ID: 7TcbTE9wab0

--HG--
extra : rebase_source : b2c090e6e154d170f185d0f59ecfb456c074d94c
2016-11-22 14:19:06 +08:00
Kyle Machulis eddc328040 Bug 1330138 - Remove unused USBToken class from U2F API; r=jcj
MozReview-Commit-ID: HAWLD202fwi
2017-01-19 14:18:32 -08:00
Kyle Machulis 14bcecc66f Bug 1330138 - Divide U2F and WebAuthn into separate directories; r=jcj
MozReview-Commit-ID: FCCSL6XWhTf


--HG--
rename : dom/u2f/NSSU2FTokenRemote.cpp => dom/webauthn/NSSU2FTokenRemote.cpp
rename : dom/u2f/NSSU2FTokenRemote.h => dom/webauthn/NSSU2FTokenRemote.h
rename : dom/u2f/ScopedCredential.cpp => dom/webauthn/ScopedCredential.cpp
rename : dom/u2f/ScopedCredential.h => dom/webauthn/ScopedCredential.h
rename : dom/u2f/ScopedCredentialInfo.cpp => dom/webauthn/ScopedCredentialInfo.cpp
rename : dom/u2f/ScopedCredentialInfo.h => dom/webauthn/ScopedCredentialInfo.h
rename : dom/u2f/WebAuthnAssertion.cpp => dom/webauthn/WebAuthnAssertion.cpp
rename : dom/u2f/WebAuthnAssertion.h => dom/webauthn/WebAuthnAssertion.h
rename : dom/u2f/WebAuthnAttestation.cpp => dom/webauthn/WebAuthnAttestation.cpp
rename : dom/u2f/WebAuthnAttestation.h => dom/webauthn/WebAuthnAttestation.h
rename : dom/u2f/tests/test_webauthn_get_assertion.html => dom/webauthn/tests/test_webauthn_get_assertion.html
rename : dom/u2f/tests/test_webauthn_loopback.html => dom/webauthn/tests/test_webauthn_loopback.html
rename : dom/u2f/tests/test_webauthn_make_credential.html => dom/webauthn/tests/test_webauthn_make_credential.html
rename : dom/u2f/tests/test_webauthn_no_token.html => dom/webauthn/tests/test_webauthn_no_token.html
rename : dom/u2f/tests/test_webauthn_sameorigin.html => dom/webauthn/tests/test_webauthn_sameorigin.html
2017-01-19 14:18:32 -08:00
J.C. Jones 0851d956ab Bug 1329802 - WebAuthn Unit Tests: Add Unit Tests r=keeler
This uses the new mochitest "scheme" option from Bug 1286312. This cannot land
until after Bug 1286312 does.

For now, you can test locally by adding
  --setpref dom.securecontext.whitelist=mochi.test
to your command line, such as:

~/hg/mozilla-central/mach mochitest \
  --setpref dom.securecontext.whitelist=mochi.test ./dom/u2f/tests/

Updated:
Review fixes (thanks keeler!)

MozReview-Commit-ID: 7jTxF3Mrtcg

--HG--
extra : rebase_source : 72c24bdc028e440705598c694f3c4119d5304d83
2017-01-09 13:28:02 -07:00
Florian Quèze 85611a7b6d Bug 1331081 - script generated patch to omit addEventListener/removeEventListener's third parameter when it's false, r=jaws.
--HG--
extra : rebase_source : a22344ee1569f58f1f0a01017bfe0d46a6a14602
2017-01-17 11:50:25 +01:00
J.C. Jones 0109e409da Bug 1309284 - WebAuthn JS API [part 3]: Support origin relax algorithm r=keeler
The WebAuthn specification calls for running the HTML5.1 algorithm that
occurs when you modify document.domain from JS, and use that algorithm's
output for the "Relying Party ID" through the rest of the WebAuthn algorithm.

This code paves the way for that to be added in Bug 1329764, once the spec
issues upstream are resolved.


MozReview-Commit-ID: DNNcr3Gh1Be

--HG--
extra : rebase_source : f9e956fcb7c4b1418bbab5d45dec684c0c20b00b
2017-01-09 13:55:59 -07:00
J.C. Jones a1af416c57 Bug 1309284 - WebAuthn JS API [part 2]: Bugfixes from testing r=keeler
Add more debugging information to signing operations for the NSS Soft Token.

Bugfixes in WebAuthentication.cpp:
- Calculate ArrayBuffer/View before using.
- Fix an instance where we should return NotSupportedError.
- Fix several instances where we should return Out Of Memory.
- Fix a MozPromise assertion that occurs in GetAssertion if you coerce an early
  return.
- Mark all constructors explicit.

MozReview-Commit-ID: DQWHqZIlau9

--HG--
extra : rebase_source : f0f2bdde650e61c90b9b47c20c2427f1340f2d97
2016-12-16 10:44:56 -07:00
J.C. Jones e6dd50ba10 Bug 1309284 - Implement W3C Web Authentication JS API [part 1] r=keeler,qdot
This patch implements the W3C Web Authentication API from
https://www.w3.org/TR/webauthn/, currently the 28 September 2016
working draft.

It utilizes a tentative binding of the U2F NSS Soft Token to provide
authentication services while waiting on Bug 1245527 to support USB HID-based
U2F tokens. This binding is not in the specification yet, so it should be
considered an experiment to help the specification move fowrard.

There are also a handful of deviations from the specification's WebIDL, which
are annotated with comments in WebAuthentication.webidl.

There are no tests in this commit; they are in Part 4 of this commit series.
There is a small script online at https://webauthn.bin.coffee/ to exercise this
code, but it doesn't do any automated checks.

There are also a handful of TODOS:
1) The algorithm to relax the same-origin restriction is in Part 3.
2) The use of AlgorithmIdentifier and having a way to coerce an object to a
   string is still missing.
3) Timeouts and deadlines aren't there, and are pending reworking how
   the nsIU2FToken interface works.

UPDATED:
- Address qdot, keeler review comments (thanks!)
- Address more qdot, keeler review comments (thanks!)

MozReview-Commit-ID: JITapI38iOh

--HG--
extra : rebase_source : 9a09e852dd0c8dc47f42dabbcf8b845a6828b225
2017-01-09 13:22:49 -07:00
Andi-Bogdan Postelnicu 359856eb75 Bug 1308868 - Add ignore-initialization-check annotation to mErrorCode from U2FStatus. r=baku
MozReview-Commit-ID: 1dIKcbbeStW
2016-10-17 16:10:17 +03:00
J.C. Jones 0f6b60fc2f Bug 1297552 - Reorder parts of U2F.cpp r=keeler
MozReview-Commit-ID: L1juEjU6AMJ

--HG--
extra : transplant_source : %7FpE%29%9C%A2%B5%40%8716%16%1C%B7%B56%F5%19VJ
2016-10-06 14:35:57 -07:00
J.C. Jones 4b548ed05e Bug 1297552 - Use MozPromise to run U2F operations in parallel. r=keeler
This patch sets up the U2F system to support multiple nsIU2FToken
"authenticators" simultaneously, such as having both a USB and a Bluetooth Smart
implementation enabled at the same time. It also paves the way to support
timeout interruptions (for Bug 1301793).

- Executes operations across a list of authenticators.
- Uses runnables, via MozPromise and SharedThreadPool.
- Remove nsNSSShutDownPreventionLock from U2F*Task and move to U2F*Runnable
- Review updates
- Some of the review updates from earlier changeset are ... painful to merge
  back before this one, so I'm just tacking them on here.

It's still missing some things, though:
- It's not actually executing the operations in parallel yet, as invoking
  methods on NSSU2FTokenRemote from a worker thread throws exceptions while
  obtaining ContentChild::GetSingleton().

MozReview-Commit-ID: EUdZQesASo2
***
Bug 1297552 - Updates per review r?keeler


MozReview-Commit-ID: EHIWM74tfYG

--HG--
extra : transplant_source : %F9%9E%9E%5B7%19R0%7D%C1%B1%FB%BD%97%26%B2%A3%9CTg
2016-10-12 20:56:56 -07:00
J.C. Jones 4f92cc6d96 Bug 1297552 - Only permit U2F operations in e10s mode r=keeler
- Breaks compatibility with non-e10s windows, as the underlying USB
  implementation from Bug 1298838 won't support non-e10s either.
- Now that U2F doesn't support non-e10s, disable tests if we're not in
  e10s mode.

MozReview-Commit-ID: 5F2323xtXEC

--HG--
extra : transplant_source : v%1Fl%C0%2AJ%26k4%89/%95v%89%12%87%94Y%3Cs
2016-10-07 17:28:52 -07:00
J.C. Jones ec6a7a9491 Bug 1297552 - Perform U2F hash operations more efficiently r=keeler
Moves hash calculations to happen only once per JS-invoked Register/Sign
operation.

MozReview-Commit-ID: FuA95qCl1rG

--HG--
extra : transplant_source : %81%A48%8D%FF%82%89M%A7%C4%11%07%B6%94M%C2U%1FY%E8
2016-10-06 13:07:17 -07:00
J.C. Jones 91e424db5d Bug 1306142 - Unchecked return code in U2F. r=keeler
The U2F.cpp code fails to test all returns from CryptoBuffer.Assign(),
leading (when OOM) to potentially empty registration keys (during Register),
or empty attestations (during Sign).

This is a protocol violation, and forced testing at Dropbox,
u2fdemo.appspot.com, and u2f.bin.coffee show that those Relying Parties'
implementations properly error out if the registration or attestation is empty,
as would happen in this instance.

As this is only on an OOM condition, it's not really feasible to add an
automated test.

Also catches one other Assign() that isn't properly returning
"NS_ERROR_OUT_OF_MEMORY".
2016-10-07 16:48:55 -07:00
J.C. Jones 6981fcdfd8 Bug 1281932 - Fix intermittent u2f tests r=keeler
This is reworking the U2F tests to do two things:

1) Don't run all the tests in one big frame; that makes it hard to tell
   what test is actually dying in Treeherder.
2) Fix the obvious possible test races with the async functions which could be
   causing the intermittent

- Review updates per keeler
- Change inappropriate uses of 'var' to 'let' in u2futil.js (kudos, keeler)
- Rework frame_no_token.html to follow the same pattern as the others
- Catch unexpected messages on the u2f testing harness
- Update 2: Go back to a pre-set number of expected async tests.

MozReview-Commit-ID: 6uLt5O1lUa3

--HG--
rename : dom/u2f/tests/test_frame_appid_facet.html => dom/u2f/tests/frame_appid_facet.html
rename : dom/u2f/tests/test_frame_appid_facet_insecure.html => dom/u2f/tests/frame_appid_facet_insecure.html
rename : dom/u2f/tests/test_frame_appid_facet_subdomain.html => dom/u2f/tests/frame_appid_facet_subdomain.html
rename : dom/u2f/tests/test_frame_register.html => dom/u2f/tests/frame_register.html
rename : dom/u2f/tests/test_frame_register_sign.html => dom/u2f/tests/frame_register_sign.html
extra : rebase_source : 1255bd8ba17a141c3c8205a277c06c483540de90
2016-10-10 17:06:31 -07:00
Nicholas Nethercote 34dcc7b852 Bug 1299384 - Use MOZ_MUST_USE with NS_warn_if_impl(). r=erahm.
This change avoids lots of false positives for Coverity's CHECKED_RETURN
warning, caused by NS_WARN_IF's current use in both statement-style and
expression-style.

In the case where the code within the NS_WARN_IF has side-effects, I made the
following change.

> NS_WARN_IF(NS_FAILED(FunctionWithSideEffects()));
> -->
> Unused << NS_WARN_IF(NS_FAILED(FunctionWithSideEffects()));

In the case where the code within the NS_WARN_IF lacks side-effects, I made the
following change.

> NS_WARN_IF(!condWithoutSideEffects);
> -->
> NS_WARNING_ASSERTION(condWithoutSideEffects, "msg");

This has two improvements.
- The condition is not evaluated in non-debug builds.
- The sense of the condition is inverted to the familiar "this condition should
  be true" sense used in assertions.

A common variation on the side-effect-free case is the following.

> nsresult rv = Fn();
> NS_WARN_IF_(NS_FAILED(rv));
> -->
> DebugOnly<nsresult rv> = Fn();
> NS_WARNING_ASSERTION(NS_SUCCEEDED(rv), "Fn failed");

--HG--
extra : rebase_source : 58788245021096efa8372a9dc1d597a611d45611
2016-09-02 17:12:24 +10:00
Cykesiopka a16f7b0f6a Bug 1296316 - Convert nsNSSShutDownObject::CalledFromType to an enum class. r=mgoodwin
enum classes are in general safer than plain enums, and as such should be
preferred.

MozReview-Commit-ID: 1FK89SNhdk4

--HG--
extra : rebase_source : 764c4855026c02d8c9e33ca33637fec54ea5ca31
2016-08-20 23:00:19 +08:00
Tom Tromey 5538d692d3 Bug 1286877 - do not set c-basic-offset for python-mode; r=gps
This removes the unnecessary setting of c-basic-offset from all
python-mode files.

This was automatically generated using

    perl -pi -e 's/; *c-basic-offset: *[0-9]+//'

... on the affected files.

The bulk of these files are moz.build files but there a few others as
well.

MozReview-Commit-ID: 2pPf3DEiZqx

--HG--
extra : rebase_source : 0a7dcac80b924174a2c429b093791148ea6ac204
2016-07-14 10:16:42 -06:00
J.C. Jones 8524776280 Bug 1275479 - Create nsIU2FToken base interface (Part 2). r=keeler
Create a base "nsIU2FToken" interface that all tokens must implement. This
patch does not change U2F.cpp from initializing tokens monolithically, but
if/when future tokens are added, the implementer may want to do that.

MozReview-Commit-ID: GQuu6NolF4D

--HG--
extra : transplant_source : %3Fi%8E%C4n%BF%C1%DB%DB%03HjG%B5%9Ct%9EMWH
2016-05-27 13:44:20 -07:00
J.C. Jones a253e31ba2 Bug 1275479 - Refactor U2F Token Interface (Part 1). r=keeler
Rework U2F.cpp to use a collection of nsINSSU2FToken for U2F/WebAuth operations.

MozReview-Commit-ID: 9qwllawzOWh

--HG--
extra : transplant_source : %E1%7B%15%AEp%8C%1A%3C%E5%9F%13%D1%B3%1D%BB%C2%88%07%0AX
2016-05-31 20:51:24 -07:00
J.C. Jones fa14e077d5 Bug 1265211 - Fix intermittent U2F Test r=mgoodwin
- The u2futil.js script's verifySignature method was causing an intermittent
  in test_frame_register_sign.html due to incomplete ASN.1 decoding. Since
  we're calready pulling in an ASN.1 parsing library, this changes that code to
  do a complete parse and santizize, which should cover all cases.

MozReview-Commit-ID: 9kDWT2KUFdq

--HG--
extra : transplant_source : %A9CD%CD%E7E%11s%0A%82ls%5B%7B%80jQ%FC%FE%0B
2016-04-19 08:49:13 -07:00
Kyle Huey c73656947b Bug 1265927: Move nsRunnable to mozilla::Runnable, CancelableRunnable to mozilla::CancelableRunnable. r=froydnj 2016-04-25 17:23:21 -07:00
J.C. Jones f55c5966d7 Bug 1264472 - Use nsRunnables in FIDO U2F. r=keeler
- Move the AppID/FacetID algorithm into its own (potentially reentrant) method
  to facilitate Bug 1244959
- Change the Register and Sign operations to be Runnables so that in the future
  they can be executed after (future) remote fetches
- Clean up error handling
- Remove unnecessary remote-load Facet test files; we'll re-add some form of
  them when the remote load algorithm is completed

MozReview-Commit-ID: 4K1q6ovzhgf

--HG--
extra : transplant_source : /%7F/%96o1%3E%5E%17%20%A2%D0%AA%10%21%88%19%D9%B3%C9
extra : histedit_source : 4d3c61294951920a22e1f1eb7846a2a03f7cd2f0
2016-04-18 14:49:07 -07:00
J.C. Jones c86b49406f Bug 1244960 - FIDO u2f NSSToken (Part 5): Review updates. r=keeler
MozReview-Commit-ID: BcsEltYEQAW

--HG--
extra : transplant_source : %BE%3D%08%DBeD%27q%96%3E%EC%C6z%AA%60Q%9E%E8%BE%86
2016-04-14 10:48:53 -07:00
J.C. Jones 9c17f635f9 Bug 1244960 - FIDO u2f NSSToken (Part 4): Correct FacetID base algorithm. r=keeler
Work on the FacetID/AppID algorithm showed this patch had incorrect usage of
the eTLD+1 checking, so this patch removes those checks until the more
sophisticated algorithm lands in Bug 1244959.

MozReview-Commit-ID: 2k6N5AU0J68

--HG--
extra : transplant_source : %B7n%17%00%DF%AB%F4OG%7E%D1%F0p%B1%AC%9Bq%C9%2B%D0
2016-04-13 10:32:25 -07:00
J.C. Jones 358a9ece05 Bug 1244960 - FIDO u2f NSSToken (Part 3): Review updates. r=keeler
MozReview-Commit-ID: FkPHy9GGarU

--HG--
extra : transplant_source : %8Dd0%BA%FD%E93%8E%A7%C5%01Cn%02%0F%0C%3E%5D%9C%96
2016-04-13 10:20:37 -07:00
J.C. Jones 3b81894a7e Bug 1244960 - FIDO u2f NSSToken (Part 2): Use Attestation Certificates. r=keeler
- Add an ephemeral self-signed Attestation Cert to NSSToken
  - A new one is generated at each call to Register; this is allowed by the
    protocol, and avoids fingerprinting if the NSSToken is in use.
- This now passes at https://u2fdemo.appspot.com/

MozReview-Commit-ID: Aq61MuX9oSD

--HG--
extra : transplant_source : %C1%00n6%22%01%E7q%B4/%D8-%C5W%D4%E6%86%14%25%C2
2016-03-28 18:55:52 -07:00
J.C. Jones 63f7ce5155 Bug 1244960 - Complete FIDO u2f NSSToken (Part 1). r=keeler, r=baku
- Merge in test changes from Bug 1255784.
- Remove the unnecessary mutex
- Stop doing direct memory work in NSS Token
- Clean up direct memory work in ContentParent
- In order to store persistent crypto parameters, the NSSToken had to move
  onto the main thread and be interfaced with via IDL/IPDL.
- Support Register/Sign via NSS using a long-lived secret key
- Rename the softtoken/usbtoken "enable" prefs, because of hierarchy issues
  with the WebIDL Pref shadowing.
- Also orders the includes on nsNSSModule.cpp
- Attestation Certificates are in Part 2.

Updates per keeler review comments:

- Use //-style comments everywhere
- Refactor the PrivateKeyFromKeyHandle method
- Rename the logging and fix extraneous NS_WARN_IF/logging combinations
- Other updates from review

April 11-12:

- Correct usage of the "usageCount" flag for PK11_UnwrapPrivKey
- Rebase up to latest

April 15:
- Rebase to latest

MozReview-Commit-ID: 6T8jNmwFvHJ

--HG--
extra : transplant_source : w%26%CES%2Cu%04%3EAl%04%2Cb%E2v%C9%08%3A%CC%F4
2016-04-15 09:29:12 -07:00
Andrea Marchesini 4321cda2ba Bug 1255784 - u2f tests should use SpecialPowers.pushPrefEnv, r=jjones 2016-03-11 18:20:55 +01:00
J.C. Jones 70bc936cba Bug 1231681 - "Implement window.u2f interface". r=baku, r=dkeeler 2016-02-09 16:43:00 +01:00