Inicio Explorar Ayuda
Iniciar sesión
urbanu619
/
yunbaolive
1
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Árbol: 341424f617
Ramas Etiquetas
yunbaolive
/
web
/
sdk
/
aws
/
Aws
/
Credentials
/
InstanceProfileProvider.php

InstanceProfileProvider.php 16 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466 
  1. <?php
    2. 

  2. namespace Aws\Credentials;
    3. 

  3. 

  4. use Aws\Configuration\ConfigurationResolver;
    5. 

  5. use Aws\Exception\CredentialsException;
    6. 

  6. use Aws\Exception\InvalidJsonException;
    7. 

  7. use Aws\Sdk;
    8. 

  8. use GuzzleHttp\Exception\TransferException;
    9. 

  9. use GuzzleHttp\Promise;
    10. 

  10. use GuzzleHttp\Psr7\Request;
    11. 

  11. use GuzzleHttp\Promise\PromiseInterface;
    12. 

  12. use Psr\Http\Message\ResponseInterface;
    13. 

  13. 

  14. /**
    15. 

  15.  * Credential provider that provides credentials from the EC2 metadata service.
    16. 

  16.  */
    17. 

  17. class InstanceProfileProvider
    18. 

  18. {
    19. 

  19.     const CRED_PATH = 'meta-data/iam/security-credentials/';
    20. 

  20.     const TOKEN_PATH = 'api/token';
    21. 

  21.     const ENV_DISABLE = 'AWS_EC2_METADATA_DISABLED';
    22. 

  22.     const ENV_TIMEOUT = 'AWS_METADATA_SERVICE_TIMEOUT';
    23. 

  23.     const ENV_RETRIES = 'AWS_METADATA_SERVICE_NUM_ATTEMPTS';
    24. 

  24.     const CFG_EC2_METADATA_V1_DISABLED = 'ec2_metadata_v1_disabled';
    25. 

  25.     const CFG_EC2_METADATA_SERVICE_ENDPOINT = 'ec2_metadata_service_endpoint';
    26. 

  26.     const CFG_EC2_METADATA_SERVICE_ENDPOINT_MODE = 'ec2_metadata_service_endpoint_mode';
    27. 

  27.     const DEFAULT_TIMEOUT = 1.0;
    28. 

  28.     const DEFAULT_RETRIES = 3;
    29. 

  29.     const DEFAULT_TOKEN_TTL_SECONDS = 21600;
    30. 

  30.     const DEFAULT_AWS_EC2_METADATA_V1_DISABLED = false;
    31. 

  31.     const ENDPOINT_MODE_IPv4 = 'IPv4';
    32. 

  32.     const ENDPOINT_MODE_IPv6 = 'IPv6';
    33. 

  33.     const DEFAULT_METADATA_SERVICE_IPv4_ENDPOINT = 'http://169.254.169.254';
    34. 

  34.     const DEFAULT_METADATA_SERVICE_IPv6_ENDPOINT = 'http://[fd00:ec2::254]';
    35. 

  35. 

  36.     /** @var string */
    37. 

  37.     private $profile;
    38. 

  38. 

  39.     /** @var callable */
    40. 

  40.     private $client;
    41. 

  41. 

  42.     /** @var int */
    43. 

  43.     private $retries;
    44. 

  44. 

  45.     /** @var int */
    46. 

  46.     private $attempts;
    47. 

  47. 

  48.     /** @var float|mixed */
    49. 

  49.     private $timeout;
    50. 

  50. 

  51.     /** @var bool */
    52. 

  52.     private $secureMode = true;
    53. 

  53. 

  54.     /** @var bool|null */
    55. 

  55.     private $ec2MetadataV1Disabled;
    56. 

  56. 

  57.     /** @var string */
    58. 

  58.     private $endpoint;
    59. 

  59. 

  60.     /** @var string */
    61. 

  61.     private $endpointMode;
    62. 

  62. 

  63.     /** @var array */
    64. 

  64.     private $config;
    65. 

  65. 

  66.     /**
    67. 

  67.      * The constructor accepts the following options:
    68. 

  68.      *
    69. 

  69.      * - timeout: Connection timeout, in seconds.
    70. 

  70.      * - profile: Optional EC2 profile name, if known.
    71. 

  71.      * - retries: Optional number of retries to be attempted.
    72. 

  72.      * - ec2_metadata_v1_disabled: Optional for disabling the fallback to IMDSv1.
    73. 

  73.      * - endpoint: Optional for overriding the default endpoint to be used for fetching credentials.
    74. 

  74.      *   The value must contain a valid URI scheme. If the URI scheme is not https, it must
    75. 

  75.      *   resolve to a loopback address.
    76. 

  76.      * - endpoint_mode: Optional for overriding the default endpoint mode (IPv4|IPv6) to be used for
    77. 

  77.      *   resolving the default endpoint.
    78. 

  78.      * - use_aws_shared_config_files: Decides whether the shared config file should be considered when
    79. 

  79.      *   using the ConfigurationResolver::resolve method.
    80. 

  80.      *
    81. 

  81.      * @param array $config Configuration options.
    82. 

  82.      */
    83. 

  83.     public function __construct(array $config = [])
    84. 

  84.     {
    85. 

  85.         $this->timeout = (float) getenv(self::ENV_TIMEOUT) ?: ($config['timeout'] ?? self::DEFAULT_TIMEOUT);
    86. 

  86.         $this->profile = $config['profile'] ?? null;
    87. 

  87.         $this->retries = (int) getenv(self::ENV_RETRIES) ?: ($config['retries'] ?? self::DEFAULT_RETRIES);
    88. 

  88.         $this->client = $config['client'] ?? \Aws\default_http_handler();
    89. 

  89.         $this->ec2MetadataV1Disabled = $config[self::CFG_EC2_METADATA_V1_DISABLED] ?? null;
    90. 

  90.         $this->endpoint = $config[self::CFG_EC2_METADATA_SERVICE_ENDPOINT] ?? null;
    91. 

  91.         if (!empty($this->endpoint) && !$this->isValidEndpoint($this->endpoint)) {
    92. 

  92.             throw new \InvalidArgumentException('The provided URI "' . $this->endpoint . '" is invalid, or contains an unsupported host');
    93. 

  93.         }
    94. 

  94. 

  95.         $this->endpointMode = $config[self::CFG_EC2_METADATA_SERVICE_ENDPOINT_MODE] ?? null;
    96. 

  96.         $this->config = $config;
    97. 

  97.     }
    98. 

  98. 

  99.     /**
    100. 

  100.      * Loads instance profile credentials.
    101. 

  101.      *
    102. 

  102.      * @return PromiseInterface
    103. 

  103.      */
    104. 

  104.     public function __invoke($previousCredentials = null)
    105. 

  105.     {
    106. 

  106.         $this->attempts = 0;
    107. 

  107.         return Promise\Coroutine::of(function () use ($previousCredentials) {
    108. 

  108. 

  109.             // Retrieve token or switch out of secure mode
    110. 

  110.             $token = null;
    111. 

  111.             while ($this->secureMode && is_null($token)) {
    112. 

  112.                 try {
    113. 

  113.                     $token = (yield $this->request(
    114. 

  114.                         self::TOKEN_PATH,
    115. 

  115.                         'PUT',
    116. 

  116.                         [
    117. 

  117.                             'x-aws-ec2-metadata-token-ttl-seconds' => self::DEFAULT_TOKEN_TTL_SECONDS
    118. 

  118.                         ]
    119. 

  119.                     ));
    120. 

  120.                 } catch (TransferException $e) {
    121. 

  121.                     if ($this->getExceptionStatusCode($e) === 500
    122. 

  122.                         && $previousCredentials instanceof Credentials
    123. 

  123.                     ) {
    124. 

  124.                         goto generateCredentials;
    125. 

  125.                     } elseif ($this->shouldFallbackToIMDSv1()
    126. 

  126.                         && (!method_exists($e, 'getResponse')
    127. 

  127.                         || empty($e->getResponse())
    128. 

  128.                         || !in_array(
    129. 

  129.                             $e->getResponse()->getStatusCode(),
    130. 

  130.                             [400, 500, 502, 503, 504]
    131. 

  131.                         ))
    132. 

  132.                     ) {
    133. 

  133.                         $this->secureMode = false;
    134. 

  134.                     } else {
    135. 

  135.                         $this->handleRetryableException(
    136. 

  136.                             $e,
    137. 

  137.                             [],
    138. 

  138.                             $this->createErrorMessage(
    139. 

  139.                                 'Error retrieving metadata token'
    140. 

  140.                             )
    141. 

  141.                         );
    142. 

  142.                     }
    143. 

  143.                 }
    144. 

  144.                 $this->attempts++;
    145. 

  145.             }
    146. 

  146. 

  147.             // Set token header only for secure mode
    148. 

  148.             $headers = [];
    149. 

  149.             if ($this->secureMode) {
    150. 

  150.                 $headers = [
    151. 

  151.                     'x-aws-ec2-metadata-token' => $token
    152. 

  152.                 ];
    153. 

  153.             }
    154. 

  154. 

  155.             // Retrieve profile
    156. 

  156.             while (!$this->profile) {
    157. 

  157.                 try {
    158. 

  158.                     $this->profile = (yield $this->request(
    159. 

  159.                         self::CRED_PATH,
    160. 

  160.                         'GET',
    161. 

  161.                         $headers
    162. 

  162.                     ));
    163. 

  163.                 } catch (TransferException $e) {
    164. 

  164.                     // 401 indicates insecure flow not supported, switch to
    165. 

  165.                     // attempting secure mode for subsequent calls
    166. 

  166.                     if (!empty($this->getExceptionStatusCode($e))
    167. 

  167.                         && $this->getExceptionStatusCode($e) === 401
    168. 

  168.                     ) {
    169. 

  169.                         $this->secureMode = true;
    170. 

  170.                     }
    171. 

  171.                     $this->handleRetryableException(
    172. 

  172.                         $e,
    173. 

  173.                         [ 'blacklist' => [401, 403] ],
    174. 

  174.                         $this->createErrorMessage($e->getMessage())
    175. 

  175.                     );
    176. 

  176.                 }
    177. 

  177. 

  178.                 $this->attempts++;
    179. 

  179.             }
    180. 

  180. 

  181.             // Retrieve credentials
    182. 

  182.             $result = null;
    183. 

  183.             while ($result == null) {
    184. 

  184.                 try {
    185. 

  185.                     $json = (yield $this->request(
    186. 

  186.                         self::CRED_PATH . $this->profile,
    187. 

  187.                         'GET',
    188. 

  188.                         $headers
    189. 

  189.                     ));
    190. 

  190.                     $result = $this->decodeResult($json);
    191. 

  191.                 } catch (InvalidJsonException $e) {
    192. 

  192.                     $this->handleRetryableException(
    193. 

  193.                         $e,
    194. 

  194.                         [ 'blacklist' => [401, 403] ],
    195. 

  195.                         $this->createErrorMessage(
    196. 

  196.                             'Invalid JSON response, retries exhausted'
    197. 

  197.                         )
    198. 

  198.                     );
    199. 

  199.                 } catch (TransferException $e) {
    200. 

  200.                     // 401 indicates insecure flow not supported, switch to
    201. 

  201.                     // attempting secure mode for subsequent calls
    202. 

  202.                     if (($this->getExceptionStatusCode($e) === 500
    203. 

  203.                             || strpos($e->getMessage(), "cURL error 28") !== false)
    204. 

  204.                         && $previousCredentials instanceof Credentials
    205. 

  205.                     ) {
    206. 

  206.                         goto generateCredentials;
    207. 

  207.                     } elseif (!empty($this->getExceptionStatusCode($e))
    208. 

  208.                         && $this->getExceptionStatusCode($e) === 401
    209. 

  209.                     ) {
    210. 

  210.                         $this->secureMode = true;
    211. 

  211.                     }
    212. 

  212.                     $this->handleRetryableException(
    213. 

  213.                         $e,
    214. 

  214.                         [ 'blacklist' => [401, 403] ],
    215. 

  215.                         $this->createErrorMessage($e->getMessage())
    216. 

  216.                     );
    217. 

  217.                 }
    218. 

  218.                 $this->attempts++;
    219. 

  219.             }
    220. 

  220.             generateCredentials:
    221. 

  221. 

  222.             if (!isset($result)) {
    223. 

  223.                 $credentials = $previousCredentials;
    224. 

  224.             } else {
    225. 

  225.                 $credentials = new Credentials(
    226. 

  226.                     $result['AccessKeyId'],
    227. 

  227.                     $result['SecretAccessKey'],
    228. 

  228.                     $result['Token'],
    229. 

  229.                     strtotime($result['Expiration'])
    230. 

  230.                 );
    231. 

  231.             }
    232. 

  232. 

  233.             if ($credentials->isExpired()) {
    234. 

  234.                 $credentials->extendExpiration();
    235. 

  235.             }
    236. 

  236. 

  237.             yield $credentials;
    238. 

  238.         });
    239. 

  239.     }
    240. 

  240. 

  241.     /**
    242. 

  242.      * @param string $url
    243. 

  243.      * @param string $method
    244. 

  244.      * @param array $headers
    245. 

  245.      * @return PromiseInterface Returns a promise that is fulfilled with the
    246. 

  246.      *                          body of the response as a string.
    247. 

  247.      */
    248. 

  248.     private function request($url, $method = 'GET', $headers = [])
    249. 

  249.     {
    250. 

  250.         $disabled = getenv(self::ENV_DISABLE) ?: false;
    251. 

  251.         if (strcasecmp($disabled, 'true') === 0) {
    252. 

  252.             throw new CredentialsException(
    253. 

  253.                 $this->createErrorMessage('EC2 metadata service access disabled')
    254. 

  254.             );
    255. 

  255.         }
    256. 

  256. 

  257.         $fn = $this->client;
    258. 

  258.         $request = new Request($method, $this->resolveEndpoint() . $url);
    259. 

  259.         $userAgent = 'aws-sdk-php/' . Sdk::VERSION;
    260. 

  260.         if (defined('HHVM_VERSION')) {
    261. 

  261.             $userAgent .= ' HHVM/' . HHVM_VERSION;
    262. 

  262.         }
    263. 

  263.         $userAgent .= ' ' . \Aws\default_user_agent();
    264. 

  264.         $request = $request->withHeader('User-Agent', $userAgent);
    265. 

  265.         foreach ($headers as $key => $value) {
    266. 

  266.             $request = $request->withHeader($key, $value);
    267. 

  267.         }
    268. 

  268. 

  269.         return $fn($request, ['timeout' => $this->timeout])
    270. 

  270.             ->then(function (ResponseInterface $response) {
    271. 

  271.                 return (string) $response->getBody();
    272. 

  272.             })->otherwise(function (array $reason) {
    273. 

  273.                 $reason = $reason['exception'];
    274. 

  274.                 if ($reason instanceof TransferException) {
    275. 

  275.                     throw $reason;
    276. 

  276.                 }
    277. 

  277.                 $msg = $reason->getMessage();
    278. 

  278.                 throw new CredentialsException(
    279. 

  279.                     $this->createErrorMessage($msg)
    280. 

  280.                 );
    281. 

  281.             });
    282. 

  282.     }
    283. 

  283. 

  284.     private function handleRetryableException(
    285. 

  285.         \Exception $e,
    286. 

  286.         $retryOptions,
    287. 

  287.         $message
    288. 

  288.     ) {
    289. 

  289.         $isRetryable = true;
    290. 

  290.         if (!empty($status = $this->getExceptionStatusCode($e))
    291. 

  291.             && isset($retryOptions['blacklist'])
    292. 

  292.             && in_array($status, $retryOptions['blacklist'])
    293. 

  293.         ) {
    294. 

  294.             $isRetryable = false;
    295. 

  295.         }
    296. 

  296.         if ($isRetryable && $this->attempts < $this->retries) {
    297. 

  297.             sleep((int) pow(1.2, $this->attempts));
    298. 

  298.         } else {
    299. 

  299.             throw new CredentialsException($message);
    300. 

  300.         }
    301. 

  301.     }
    302. 

  302. 

  303.     private function getExceptionStatusCode(\Exception $e)
    304. 

  304.     {
    305. 

  305.         if (method_exists($e, 'getResponse')
    306. 

  306.             && !empty($e->getResponse())
    307. 

  307.         ) {
    308. 

  308.             return $e->getResponse()->getStatusCode();
    309. 

  309.         }
    310. 

  310.         return null;
    311. 

  311.     }
    312. 

  312. 

  313.     private function createErrorMessage($previous)
    314. 

  314.     {
    315. 

  315.         return "Error retrieving credentials from the instance profile "
    316. 

  316.             . "metadata service. ({$previous})";
    317. 

  317.     }
    318. 

  318. 

  319.     private function decodeResult($response)
    320. 

  320.     {
    321. 

  321.         $result = json_decode($response, true);
    322. 

  322. 

  323.         if (json_last_error() > 0) {
    324. 

  324.             throw new InvalidJsonException();
    325. 

  325.         }
    326. 

  326. 

  327.         if ($result['Code'] !== 'Success') {
    328. 

  328.             throw new CredentialsException('Unexpected instance profile '
    329. 

  329.                 .  'response code: ' . $result['Code']);
    330. 

  330.         }
    331. 

  331. 

  332.         return $result;
    333. 

  333.     }
    334. 

  334. 

  335.     /**
    336. 

  336.      * This functions checks for whether we should fall back to IMDSv1 or not.
    337. 

  337.      * If $ec2MetadataV1Disabled is null then we will try to resolve this value from
    338. 

  338.      * the following sources:
    339. 

  339.      * - From environment: "AWS_EC2_METADATA_V1_DISABLED".
    340. 

  340.      * - From config file: aws_ec2_metadata_v1_disabled
    341. 

  341.      * - Defaulted to false
    342. 

  342.      *
    343. 

  343.      * @return bool
    344. 

  344.      */
    345. 

  345.     private function shouldFallbackToIMDSv1(): bool
    346. 

  346.     {
    347. 

  347.         $isImdsV1Disabled = \Aws\boolean_value($this->ec2MetadataV1Disabled)
    348. 

  348.             ?? \Aws\boolean_value(
    349. 

  349.                 ConfigurationResolver::resolve(
    350. 

  350.                     self::CFG_EC2_METADATA_V1_DISABLED,
    351. 

  351.                     self::DEFAULT_AWS_EC2_METADATA_V1_DISABLED,
    352. 

  352.                     'bool',
    353. 

  353.                     $this->config
    354. 

  354.                 )
    355. 

  355.             )
    356. 

  356.             ?? self::DEFAULT_AWS_EC2_METADATA_V1_DISABLED;
    357. 

  357. 

  358.         return !$isImdsV1Disabled;
    359. 

  359.     }
    360. 

  360. 

  361.     /**
    362. 

  362.      * Resolves the metadata service endpoint. If the endpoint is not provided
    363. 

  363.      * or configured then, the default endpoint, based on the endpoint mode resolved,
    364. 

  364.      * will be used.
    365. 

  365.      * Example: if endpoint_mode is resolved to be IPv4 and the endpoint is not provided
    366. 

  366.      * then, the endpoint to be used will be http://169.254.169.254.
    367. 

  367.      *
    368. 

  368.      * @return string
    369. 

  369.      */
    370. 

  370.     private function resolveEndpoint(): string
    371. 

  371.     {
    372. 

  372.         $endpoint = $this->endpoint;
    373. 

  373.         if (is_null($endpoint)) {
    374. 

  374.             $endpoint = ConfigurationResolver::resolve(
    375. 

  375.                 self::CFG_EC2_METADATA_SERVICE_ENDPOINT,
    376. 

  376.                 $this->getDefaultEndpoint(),
    377. 

  377.                 'string',
    378. 

  378.                 $this->config
    379. 

  379.             );
    380. 

  380.         }
    381. 

  381. 

  382.         if (!$this->isValidEndpoint($endpoint)) {
    383. 

  383.             throw new CredentialsException('The provided URI "' . $endpoint . '" is invalid, or contains an unsupported host');
    384. 

  384.         }
    385. 

  385. 

  386.         if (substr($endpoint, strlen($endpoint) - 1) !== '/') {
    387. 

  387.             $endpoint = $endpoint . '/';
    388. 

  388.         }
    389. 

  389. 

  390.         return $endpoint . 'latest/';
    391. 

  391.     }
    392. 

  392. 

  393.     /**
    394. 

  394.      * Resolves the default metadata service endpoint.
    395. 

  395.      * If endpoint_mode is resolved as IPv4 then:
    396. 

  396.      * - endpoint = http://169.254.169.254
    397. 

  397.      * If endpoint_mode is resolved as IPv6 then:
    398. 

  398.      * - endpoint = http://[fd00:ec2::254]
    399. 

  399.      *
    400. 

  400.      * @return string
    401. 

  401.      */
    402. 

  402.     private function getDefaultEndpoint(): string
    403. 

  403.     {
    404. 

  404.         $endpointMode = $this->resolveEndpointMode();
    405. 

  405.         switch ($endpointMode) {
    406. 

  406.             case self::ENDPOINT_MODE_IPv4:
    407. 

  407.                 return self::DEFAULT_METADATA_SERVICE_IPv4_ENDPOINT;
    408. 

  408.             case self::ENDPOINT_MODE_IPv6:
    409. 

  409.                 return self::DEFAULT_METADATA_SERVICE_IPv6_ENDPOINT;
    410. 

  410.         }
    411. 

  411. 

  412.         throw new CredentialsException("Invalid endpoint mode '$endpointMode' resolved");
    413. 

  413.     }
    414. 

  414. 

  415.     /**
    416. 

  416.      * Resolves the endpoint mode to be considered when resolving the default
    417. 

  417.      * metadata service endpoint.
    418. 

  418.      *
    419. 

  419.      * @return string
    420. 

  420.      */
    421. 

  421.     private function resolveEndpointMode(): string
    422. 

  422.     {
    423. 

  423.         $endpointMode = $this->endpointMode;
    424. 

  424.         if (is_null($endpointMode)) {
    425. 

  425.             $endpointMode = ConfigurationResolver::resolve(
    426. 

  426.                 self::CFG_EC2_METADATA_SERVICE_ENDPOINT_MODE,
    427. 

  427.                     self::ENDPOINT_MODE_IPv4,
    428. 

  428.                 'string',
    429. 

  429.                 $this->config
    430. 

  430.             );
    431. 

  431.         }
    432. 

  432. 

  433.         return $endpointMode;
    434. 

  434.     }
    435. 

  435. 

  436.     /**
    437. 

  437.      * This method checks for whether a provide URI is valid.
    438. 

  438.      * @param string $uri this parameter is the uri to do the validation against to.
    439. 

  439.      *
    440. 

  440.      * @return string|null
    441. 

  441.      */
    442. 

  442.     private function isValidEndpoint(
    443. 

  443.         $uri
    444. 

  444.     ): bool
    445. 

  445.     {
    446. 

  446.         // We make sure first the provided uri is a valid URL
    447. 

  447.         $isValidURL = filter_var($uri, FILTER_VALIDATE_URL) !== false;
    448. 

  448.         if (!$isValidURL) {
    449. 

  449.             return false;
    450. 

  450.         }
    451. 

  451. 

  452.         // We make sure that if is a no secure host then it must be a loop back address.
    453. 

  453.         $parsedUri = parse_url($uri);
    454. 

  454.         if ($parsedUri['scheme'] !== 'https') {
    455. 

  455.             $host = trim($parsedUri['host'], '[]');
    456. 

  456. 

  457.             return CredentialsUtils::isLoopBackAddress(gethostbyname($host))
    458. 

  458.                 || in_array(
    459. 

  459.                     $uri,
    460. 

  460.                     [self::DEFAULT_METADATA_SERVICE_IPv4_ENDPOINT, self::DEFAULT_METADATA_SERVICE_IPv6_ENDPOINT]
    461. 

  461.                 );
    462. 

  462.         }
    463. 

  463. 

  464.         return true;
    465. 

  465.     }
    466. 

  466. }
    467.