diff --git a/README.md b/README.md new file mode 100644 index 0000000..049bcdc --- /dev/null +++ b/README.md @@ -0,0 +1,10 @@ +# Bulwark Experiments + +This repository hosts the case studies for the "Bulwark: Holistic and Verified Security Monitoring of Web Protocols" ESORICS paper. +- The technical report is provided in the [docs](./docs) folder. +- The ideal specifications and the executable monitors generated by Bulwark are provided in the [bulwark](./bulwark) folder. +- The source code of all vulnerable applications and docker-based deployment scripts to test the monitors are provided in the [casestudies-src](./casestudies-src) folder. + +## News + +- The Overleaf developers aknowledged and fixed the vulnerability in the Google OAuth 2.0 integration. More details, a PoC attack, and the generated monitor can be found [here](./casestudies-src/overleaf) diff --git a/bulwark/README.md b/bulwark/README.md new file mode 100644 index 0000000..09deb62 --- /dev/null +++ b/bulwark/README.md @@ -0,0 +1,19 @@ +# Bulwark Monitors + +## Ideal Specifications + +The ideal specifications are provided in the [specifications](./specifications) folder. +Each specification is defined using our [customized version](./specifications/webspi_custom.pvl) of the WebSpi library + +### Running ProVerif + +The `proverif_wrapper.sh` script simplifies ProVerif output by showing only color-coded RESULT lines from the ProVerif invocation. + +```sh +./proverif_wrapper.sh -lib webspi_custom.pvl oauth.pv +``` + +## Executable Monitors + +The [monitors](./monitors) folder contains the generated monitors. +For each monitor we provide the pi-calculus model, the generated code in the target language, and a configuration file. diff --git a/bulwark/monitors/oauth_idp_proxy/monitor.pv b/bulwark/monitors/oauth_idp_proxy/monitor.pv new file mode 100644 index 0000000..ec125fb --- /dev/null +++ b/bulwark/monitors/oauth_idp_proxy/monitor.pv @@ -0,0 +1,30 @@ + +let IDPMonitor(h:Host) = + (in(httpServerRequest, (cs__1000:Uri, hs:Headers, req:HttpRequest, corr:bitstring)); + let (uri(=https(), =h, =oauthpath(), codereqparams(appidX, reduriX, stateX))) = cs__1000 in + out(mC_1_out, (cs__1000, hs, req, corr)); + in(mC_1_in, (cs__1101:Uri, resp:HttpResponse, cp:CookiePair, cs__1100:ReferrerPolicy, =corr)); + let (=noReferrer()) = cs__1100 in + let (=uri(https(), h, oauthpath(), codereqparams(appidX, reduriX, stateX))) = cs__1101 in + out(httpServerResponse, (cs__1101, resp, cp, cs__1100, corr))) + |((in(httpServerRequest, (cs__1000:Uri, hs:Headers, req:HttpRequest, corr:bitstring)); + let (uri(=https(), =h, =oauthpath(), codereqparams(=appid, uri(=https(), rh, rp, =nullParams()), state))) = cs__1000 in + out(mC_1_out, (cs__1000, hs, req, corr)); + in(mC_1_in, (cs__1102:Uri, cs__1100:HttpResponse, cp:CookiePair, cs__1101:ReferrerPolicy, =corr)); + let (httpRedirect(uri(=https(), =rh, =rp, coderesparams(code, =state)))) = cs__1100 in + let (=unsafeUrl()) = cs__1101 in + let (=uri(https(), h, oauthpath(), codereqparams(appid, uri(https(), rh, rp, nullParams()), state))) = cs__1102 in + insert MIDPAuthCodes(h, appid, uri(https(), rh, rp, nullParams()), code); + out(httpServerResponse, (cs__1102, cs__1100, cp, cs__1101, corr))) + |(in(httpServerRequest, (cs__1000:Uri, hs:Headers, cs__1001:HttpRequest, corr:bitstring)); + let (uri(=https(), =h, =tokenpath(), tokenreqparams(=appid, reduri, =appsecret, code))) = cs__1000 in + let (=httpGet()) = cs__1001 in + get MIDPAuthCodes(=h, =appid, =reduri, =code) in + out(mC_1_out, (cs__1000, hs, cs__1001, corr)); + in(mC_1_in, (cs__1203:Uri, cs__1200:HttpResponse, cs__1201:CookiePair, cs__1202:ReferrerPolicy, =corr)); + let (httpOk(tokenresjson(token))) = cs__1200 in + let (=getCookie(hs)) = cs__1201 in + let (=unsafeUrl()) = cs__1202 in + let (=uri(https(), h, tokenpath(), tokenreqparams(appid, reduri, appsecret, code))) = cs__1203 in + out(httpServerResponse, (cs__1203, cs__1200, cs__1201, cs__1202, corr)))). + diff --git a/bulwark/monitors/oauth_idp_proxy/monitor_auth_server.config b/bulwark/monitors/oauth_idp_proxy/monitor_auth_server.config new file mode 100644 index 0000000..19259b6 --- /dev/null +++ b/bulwark/monitors/oauth_idp_proxy/monitor_auth_server.config @@ -0,0 +1,47 @@ + +h = "auth-server.com" +oauthpath = "/oauth2/auth" +tokenpath = "/oauth2/token" + +appid = "67538654696" +appsecret = "Pq9LAGblNUnLswc3dtlXlccSXOe31S6I" + +MIDPAuthCodes = None + +def configure(updated): + global MIDPAuthCodes + + try: + mongoclient = pymongo.MongoClient(host='mongo-idp', port=27017) + mongodb = mongoclient['pvmonitor'] + MIDPAuthCodes = mongodb['MIDPAuthCodes'] + except: + import traceback + print(traceback.format_exc()) + +def codereqparams(qs): + params = urllib.parse.parse_qs(qs) + return [ + params['client_id'][0], + urllib.parse.urlparse(params['redirect_uri'][0]), + params['state'][0] + ] + +def coderesparams(qs): + params = urllib.parse.parse_qs(qs) + return [ + params['code'][0], + params['state'][0] + ] + +def tokenreqparams(qs): + params = urllib.parse.parse_qs(qs) + return [ + params['client_id'][0], + urllib.parse.urlparse(params['redirect_uri'][0]), + params['client_secret'][0], + params['code'][0] + ] + +def tokenresjson(p): + return [ json.loads(p)['token'] ] diff --git a/bulwark/monitors/oauth_idp_proxy/monitor_idp.py b/bulwark/monitors/oauth_idp_proxy/monitor_idp.py new file mode 100644 index 0000000..b76429a --- /dev/null +++ b/bulwark/monitors/oauth_idp_proxy/monitor_idp.py @@ -0,0 +1,251 @@ +#!/usb/bin/env python3 + +import re + +from mitmproxy import http, ctx +from mitmproxy.script import concurrent + +import pymongo + +import os +import json +import threading +import urllib.parse + +################################################################################ +## LIB + +class PVThread(threading.Thread): + pass + +class Obj(object): + def __init__(self, **kwargs): + self._dict = kwargs + def __getattr__(self, name): + if name == '_dict': + return super(Obj, self).__getattr__(name) + return self._dict[name] + def __setattr__(self, name, value): + if name == '_dict': + return super(Obj, self).__setattr__(name,value) + self._dict[name] = value + +CV = {} +https = "https" + +################################################################################ +## CONFIG + +CONFIG = "monitor_auth_server.config" +with open(os.path.join(os.path.dirname(__file__), CONFIG), 'r') as f: + exec(f.read()) + + +################################################################################ +## PROCESSES + +def process_1(flow): + try: + # in(httpServerRequest, (cs__1000:Uri, hs:Headers, req:HttpRequest, corr:bitstring)) + with CV[flow]: CV[flow].wait() + assert flow.request is not None + cs__1000 = urllib.parse.urlparse(flow.request.pretty_url) + hs = Obj(referer=flow.request.headers['referer'] if 'referer' in flow.request.headers else None, cookie=dict(flow.request.cookies)) + req = flow.request + # let uri(=https(), =h, =oauthpath(), codereqparams(appidX, reduriX, stateX)) = cs__1000 + if not ((https) == ((cs__1000).scheme)): raise RuntimeError('Match failed!') + if not ((h) == ((cs__1000).netloc)): raise RuntimeError('Match failed!') + if not ((oauthpath) == ((cs__1000).path)): raise RuntimeError('Match failed!') + appidX = codereqparams((cs__1000).query)[0] + reduriX = codereqparams((cs__1000).query)[1] + stateX = codereqparams((cs__1000).query)[2] + # out(mC_1_out, (cs__1000, hs, req, corr)) + flow.request.url = urllib.parse.urlunparse(cs__1000) + if (hs).referer: flow.request.headers['referer'] = (hs).referer + flow.request.cookies = (hs).cookie.items() + flow.request.method = (req).method + if flow.request.method == 'POST': + flow.request.raw_content = (req).raw_content + with CV[flow]: CV[flow].notify_all() + # in(mC_1_in, (cs__1101:Uri, resp:HttpResponse, cp:CookiePair, cs__1100:ReferrerPolicy, =corr)) + with CV[flow]: CV[flow].wait_for(lambda: flow.response is not None) + cs__1101 = urllib.parse.urlparse(flow.request.pretty_url) + resp = flow.response + cp = dict(flow.response.cookies if flow.response.cookies else flow.request.cookies) + cs__1100 = flow.response.headers['referrer-policy'] if 'referer-policy' in flow.response.headers else 'unsafe-url' + # let =noReferrer() = cs__1100 + # let =uri(https(), h, oauthpath(), codereqparams(appidX, reduriX, stateX)) = cs__1101 + if not ((https) == ((cs__1101).scheme)): raise RuntimeError('Match failed!') + if not ((h) == ((cs__1101).netloc)): raise RuntimeError('Match failed!') + if not ((oauthpath) == ((cs__1101).path)): raise RuntimeError('Match failed!') + if not ((appidX) == (codereqparams((cs__1101).query)[0])): raise RuntimeError('Match failed!') + if not ((reduriX) == (codereqparams((cs__1101).query)[1])): raise RuntimeError('Match failed!') + if not ((stateX) == (codereqparams((cs__1101).query)[2])): raise RuntimeError('Match failed!') + # out(httpServerResponse, (cs__1101, resp, cp, cs__1100, corr)) + flow.response.status_code = (resp).status_code + flow.response.text = (resp).text + flow.response.headers['referrer-policy'] = cs__1100 + if flow in CV: + with CV[flow]: CV[flow].notify_all() + except: + import traceback + print(traceback.format_exc()) + + +def process_2(flow): + try: + # in(httpServerRequest, (cs__1000:Uri, hs:Headers, req:HttpRequest, corr:bitstring)) + with CV[flow]: CV[flow].wait() + assert flow.request is not None + cs__1000 = urllib.parse.urlparse(flow.request.pretty_url) + hs = Obj(referer=flow.request.headers['referer'] if 'referer' in flow.request.headers else None, cookie=dict(flow.request.cookies)) + req = flow.request + # let uri(=https(), =h, =oauthpath(), codereqparams(=appid, uri(=https(), rh, rp, =nullParams()), state)) = cs__1000 + if not ((https) == ((cs__1000).scheme)): raise RuntimeError('Match failed!') + if not ((h) == ((cs__1000).netloc)): raise RuntimeError('Match failed!') + if not ((oauthpath) == ((cs__1000).path)): raise RuntimeError('Match failed!') + if not ((appid) == (codereqparams((cs__1000).query)[0])): raise RuntimeError('Match failed!') + if not ((https) == ((codereqparams((cs__1000).query)[1]).scheme)): raise RuntimeError('Match failed!') + rh = (codereqparams((cs__1000).query)[1]).netloc + rp = (codereqparams((cs__1000).query)[1]).path + if not (("") == ((codereqparams((cs__1000).query)[1]).query)): raise RuntimeError('Match failed!') + state = codereqparams((cs__1000).query)[2] + # out(mC_1_out, (cs__1000, hs, req, corr)) + flow.request.url = urllib.parse.urlunparse(cs__1000) + if (hs).referer: flow.request.headers['referer'] = (hs).referer + flow.request.cookies = (hs).cookie.items() + flow.request.method = (req).method + if flow.request.method == 'POST': + flow.request.raw_content = (req).raw_content + with CV[flow]: CV[flow].notify_all() + # in(mC_1_in, (cs__1102:Uri, cs__1100:HttpResponse, cp:CookiePair, cs__1101:ReferrerPolicy, =corr)) + with CV[flow]: CV[flow].wait_for(lambda: flow.response is not None) + cs__1102 = urllib.parse.urlparse(flow.request.pretty_url) + cs__1100 = flow.response + cp = dict(flow.response.cookies if flow.response.cookies else flow.request.cookies) + cs__1101 = flow.response.headers['referrer-policy'] if 'referer-policy' in flow.response.headers else 'unsafe-url' + # let httpRedirect(uri(=https(), =rh, =rp, coderesparams(code, =state))) = cs__1100 + if not ((cs__1100).status_code >= 300 and (cs__1100).status_code <= 307): raise RuntimeError('Match failed!') + if not ((https) == ((urllib.parse.urlparse((cs__1100).headers['location'])).scheme)): raise RuntimeError('Match failed!') + if not ((rh) == ((urllib.parse.urlparse((cs__1100).headers['location'])).netloc)): raise RuntimeError('Match failed!') + if not ((rp) == ((urllib.parse.urlparse((cs__1100).headers['location'])).path)): raise RuntimeError('Match failed!') + code = coderesparams((urllib.parse.urlparse((cs__1100).headers['location'])).query)[0] + if not ((state) == (coderesparams((urllib.parse.urlparse((cs__1100).headers['location'])).query)[1])): raise RuntimeError('Match failed!') + # let =unsafeUrl() = cs__1101 + # let =uri(https(), h, oauthpath(), codereqparams(appid, uri(https(), rh, rp, nullParams()), state)) = cs__1102 + if not ((https) == ((cs__1102).scheme)): raise RuntimeError('Match failed!') + if not ((h) == ((cs__1102).netloc)): raise RuntimeError('Match failed!') + if not ((oauthpath) == ((cs__1102).path)): raise RuntimeError('Match failed!') + if not ((appid) == (codereqparams((cs__1102).query)[0])): raise RuntimeError('Match failed!') + if not ((https) == ((codereqparams((cs__1102).query)[1]).scheme)): raise RuntimeError('Match failed!') + if not ((rh) == ((codereqparams((cs__1102).query)[1]).netloc)): raise RuntimeError('Match failed!') + if not ((rp) == ((codereqparams((cs__1102).query)[1]).path)): raise RuntimeError('Match failed!') + if not (("") == ((codereqparams((cs__1102).query)[1]).query)): raise RuntimeError('Match failed!') + if not ((state) == (codereqparams((cs__1102).query)[2])): raise RuntimeError('Match failed!') + # insert MIDPAuthCodes(h, appid, uri(https(), rh, rp, nullParams()), code) + MIDPAuthCodes.insert({'col_1': h, 'col_2': appid, 'col_3': urllib.parse.urlparse(https+'://'+rh+rp), 'col_4': code}) + # out(httpServerResponse, (cs__1102, cs__1100, cp, cs__1101, corr)) + flow.response.status_code = (cs__1100).status_code + flow.response.text = (cs__1100).text + flow.response.headers['referrer-policy'] = cs__1101 + if flow in CV: + with CV[flow]: CV[flow].notify_all() + except: + import traceback + print(traceback.format_exc()) + + +def process_3(flow): + try: + # in(httpServerRequest, (cs__1000:Uri, hs:Headers, cs__1001:HttpRequest, corr:bitstring)) + with CV[flow]: CV[flow].wait() + assert flow.request is not None + cs__1000 = urllib.parse.urlparse(flow.request.pretty_url) + hs = Obj(referer=flow.request.headers['referer'] if 'referer' in flow.request.headers else None, cookie=dict(flow.request.cookies)) + cs__1001 = flow.request + # let uri(=https(), =h, =tokenpath(), tokenreqparams(=appid, reduri, =appsecret, code)) = cs__1000 + if not ((https) == ((cs__1000).scheme)): raise RuntimeError('Match failed!') + if not ((h) == ((cs__1000).netloc)): raise RuntimeError('Match failed!') + if not ((tokenpath) == ((cs__1000).path)): raise RuntimeError('Match failed!') + if not ((appid) == (tokenreqparams((cs__1000).query)[0])): raise RuntimeError('Match failed!') + reduri = tokenreqparams((cs__1000).query)[1] + if not ((appsecret) == (tokenreqparams((cs__1000).query)[2])): raise RuntimeError('Match failed!') + code = tokenreqparams((cs__1000).query)[3] + # let =httpGet() = cs__1001 + if not (("GET") == ((cs__1001).method)): raise RuntimeError('Match failed!') + # get MIDPAuthCodes(=h, =appid, =reduri, =code) in + __table_res = MIDPAuthCodes.find_one({'col_1': {'$eq': h}, 'col_2': {'$eq': appid}, 'col_3': {'$eq': reduri}, 'col_4': {'$eq': code}}) + if not (__table_res): raise RuntimeError('Match failed!') + # out(mC_1_out, (cs__1000, hs, cs__1001, corr)) + flow.request.url = urllib.parse.urlunparse(cs__1000) + if (hs).referer: flow.request.headers['referer'] = (hs).referer + flow.request.cookies = (hs).cookie.items() + flow.request.method = (cs__1001).method + if flow.request.method == 'POST': + flow.request.raw_content = (cs__1001).raw_content + with CV[flow]: CV[flow].notify_all() + # in(mC_1_in, (cs__1203:Uri, cs__1200:HttpResponse, cs__1201:CookiePair, cs__1202:ReferrerPolicy, =corr)) + with CV[flow]: CV[flow].wait_for(lambda: flow.response is not None) + cs__1203 = urllib.parse.urlparse(flow.request.pretty_url) + cs__1200 = flow.response + cs__1201 = dict(flow.response.cookies if flow.response.cookies else flow.request.cookies) + cs__1202 = flow.response.headers['referrer-policy'] if 'referer-policy' in flow.response.headers else 'unsafe-url' + # let httpOk(tokenresjson(token)) = cs__1200 + if not ((cs__1200).status_code == 200): raise RuntimeError('Match failed!') + token = tokenresjson((cs__1200).text)[0] + # let =getCookie(hs) = cs__1201 + if not (((hs).cookie) == (cs__1201)): raise RuntimeError('Match failed!') + # let =unsafeUrl() = cs__1202 + # let =uri(https(), h, tokenpath(), tokenreqparams(appid, reduri, appsecret, code)) = cs__1203 + if not ((https) == ((cs__1203).scheme)): raise RuntimeError('Match failed!') + if not ((h) == ((cs__1203).netloc)): raise RuntimeError('Match failed!') + if not ((tokenpath) == ((cs__1203).path)): raise RuntimeError('Match failed!') + if not ((appid) == (tokenreqparams((cs__1203).query)[0])): raise RuntimeError('Match failed!') + if not ((reduri) == (tokenreqparams((cs__1203).query)[1])): raise RuntimeError('Match failed!') + if not ((appsecret) == (tokenreqparams((cs__1203).query)[2])): raise RuntimeError('Match failed!') + if not ((code) == (tokenreqparams((cs__1203).query)[3])): raise RuntimeError('Match failed!') + # out(httpServerResponse, (cs__1203, cs__1200, cs__1201, cs__1202, corr)) + flow.response.status_code = (cs__1200).status_code + flow.response.text = (cs__1200).text + flow.response.headers['referrer-policy'] = cs__1202 + if flow in CV: + with CV[flow]: CV[flow].notify_all() + except: + import traceback + print(traceback.format_exc()) + + + +HANDLERS = [process_1, process_2, process_3] +PATHS = [oauthpath, tokenpath] + + +################################################################################ +## MITMPROXY ENTRYPOINT + +def response(flow: http.HTTPFlow) -> None: + if flow.request.path.split('?')[0] not in PATHS: return + + with CV[flow]: + CV[flow].notify_all() + with CV[flow]: + if not CV[flow].wait(timeout=1.5): + ctx.log.warn(" Wait timeout: response match error!") + flow.response = http.make_error_response(500, "Wait timeout: response match error!") + + del CV[flow] + +def request(flow: http.HTTPFlow) -> None: + if flow.request.path.split('?')[0] not in PATHS: return + + CV[flow] = threading.Condition() + ts = [] + for h in HANDLERS: + t = PVThread(target=h, args=(flow,)) + t.daemon = True + t.start() + with CV[flow]: CV[flow].notify_all() + with CV[flow]: + if not CV[flow].wait(timeout=1.5): + ctx.log.warn(" Wait timeout: request match error!") + flow.response = http.make_error_response(500, "Wait timeout: request match error!") diff --git a/bulwark/monitors/oauth_overleaf_serviceworker/sw.js b/bulwark/monitors/oauth_overleaf_serviceworker/sw.js new file mode 100644 index 0000000..55cc6c4 --- /dev/null +++ b/bulwark/monitors/oauth_overleaf_serviceworker/sw.js @@ -0,0 +1,133 @@ +self.importScripts("sw_include.js") +self.importScripts("sw_config_overleaf.js") + +/* in(serviceWorkerFetch(b), (u:Uri, cs__1001, cs__1000, sw__p:Page, sw__aj:Ajax)) */ +self.addEventListener('fetch', function(event) { + try { + let u = new URL(event.request.url); + let cs__1001 = event.request; + let cs__1000 = event.request.referrer? new URL(event.request.referrer) : null; + /* let uri(=https(), refh, refp, refq) = cs__1000 */ + if (cs__1000 && !(("https") == ((cs__1000).protocol.slice(0,-1)))) throw new MatchFail(); + let refh = (cs__1000)? (cs__1000).host : ""; + let refp = (cs__1000)? (cs__1000).pathname : ""; + let refq = (cs__1000)? (cs__1000).search : ""; + /* let =httpGet() = cs__1001 */ + if (!(("GET") == ((cs__1001).method))) throw new MatchFail(); + /* let uri(=https(), =h, =loginredirectpath(), =nullParams()) = u */ + if (("https") == ((u).protocol.slice(0,-1)) && (h) == ((u).host) && (loginredirectpath) == ((u).pathname)) { + event.respondWith((async () => { + try { + /* out(rawRequest(b), (u, cs__1001, cs__1000, sw__p, sw__aj)) */ + var __fetchd = await fetch((u).href, { + method: (cs__1001).method, + headers: event.request.headers, + }); + /* in(serviceWorkerResult(b), (=u, cs__1100:HttpResponse, cs__1101:ReferrerPolicy, sw__foo:XDR, sw__corr:bitstring)) */ + let cs__1100 = __fetchd; + let cs__1101 = __fetchd.headers['referrer-policy']; + /* let =httpRedirect(uri(https(), fb, oauthpath(), codereqparams(appid, uri(https(), h, callbackpath(), nullParams()), noState()))) = cs__1100 */ + if (!((cs__1100).redirected)) throw new MatchFail(); + if (!(("https") == ((new URL((cs__1100).url)).protocol.slice(0,-1)))) throw new MatchFail(); + if (!((fb) == ((new URL((cs__1100).url)).host))) throw new MatchFail(); + if (!((oauthpath) == ((new URL((cs__1100).url)).pathname))) throw new MatchFail(); + if (!((appid) == (codereqparams((new URL((cs__1100).url)).search)[0]))) throw new MatchFail(); + if (!(("https") == ((codereqparams((new URL((cs__1100).url)).search)[1]).protocol.slice(0,-1)))) throw new MatchFail(); + if (!((h) == ((codereqparams((new URL((cs__1100).url)).search)[1]).host))) throw new MatchFail(); + if (!((callbackpath) == ((codereqparams((new URL((cs__1100).url)).search)[1]).pathname))) throw new MatchFail(); + if (!(("") == ((codereqparams((new URL((cs__1100).url)).search)[1]).search))) throw new MatchFail(); + /* let =unsafeUrl() = cs__1101 */ + /* out(serviceWorkerSendHttpResponse(b), (u, cs__1100, cs__1101, sw__foo, sw__corr)) */ + var __response = (cs__1100) + if (cs__1101) + __response = await appendHeader(__response, 'referrer-policy', cs__1101) + return cleanResponse(__response); + } catch (e) { + console.log(e) + console.log('Match error: '+event.request.url) + return errorResponse('match error!'); + } + })()); + } else { + /* let uri(=https(), =h, =loginpath(), =nullParams()) = u */ + if (("https") == ((u).protocol.slice(0,-1)) && (h) == ((u).host) && (loginpath) == ((u).pathname) && ("") == ((u).search)) { + event.respondWith((async () => { + try { + /* out(rawRequest(b), (u, cs__1001, cs__1000, sw__p, sw__aj)) */ + var __fetchd = await fetch((u).href, { + method: (cs__1001).method, + headers: event.request.headers, + }); + /* in(serviceWorkerResult(b), (=u, cs__1100:HttpResponse, cs__1101:ReferrerPolicy, sw__foo:XDR, sw__corr:bitstring)) */ + let cs__1100 = __fetchd; + let cs__1101 = __fetchd.headers['referrer-policy']; + /* let =httpOk(pagewithlink(uri(https(), fb, oauthpath(), codereqparams(appid, uri(https(), h, callbackpath(), nullParams()), noState())))) = cs__1100 */ + if (!((cs__1100).status == 200)) throw new MatchFail(); + var __fetchd_body = await (cs__1100).clone().text(); + var __pagewithlink_match = (new RegExp("(?:.*?)"+"://"+fb+"(?:.*?)"+"\\?"+"(?=.*?=(?:[^&]+))[^\\\"\\' ]+")).exec(__fetchd_body); + if (!((__pagewithlink_match))) throw new MatchFail(); + if (!(("https") == ((new URL((__pagewithlink_match)[0])).protocol.slice(0,-1)))) throw new MatchFail(); + if (!((fb) == ((new URL((__pagewithlink_match)[0])).host))) throw new MatchFail(); + if (!((oauthpath) == ((new URL((__pagewithlink_match)[0])).pathname))) throw new MatchFail(); + if (!((appid) == (codereqparams((new URL((__pagewithlink_match)[0])).search)[0]))) throw new MatchFail(); + if (!(("https") == ((codereqparams((new URL((__pagewithlink_match)[0])).search)[1]).protocol.slice(0,-1)))) throw new MatchFail(); + if (!((h) == ((codereqparams((new URL((__pagewithlink_match)[0])).search)[1]).host))) throw new MatchFail(); + if (!((callbackpath) == ((codereqparams((new URL((__pagewithlink_match)[0])).search)[1]).pathname))) throw new MatchFail(); + if (!(("") == ((codereqparams((new URL((__pagewithlink_match)[0])).search)[1]).search))) throw new MatchFail(); + /* let =unsafeUrl() = cs__1101 */ + /* insert MRPSessions(noState()) */ + await MRPSessions.insert({col_1: noState}) + /* out(serviceWorkerSendHttpResponse(b), (u, cs__1100, cs__1101, sw__foo, sw__corr)) */ + var __response = (cs__1100) + if (cs__1101) + __response = await appendHeader(__response, 'referrer-policy', cs__1101) + return cleanResponse(__response); + } catch (e) { + console.log(e) + console.log('Match error: '+event.request.url) + return errorResponse('match error!'); + } + })()); + } else { + /* let uri(=https(), =h, =callbackpath(), coderesparams(code, state)) = u */ + if (("https") == ((u).protocol.slice(0,-1)) && (h) == ((u).host) && (callbackpath) == ((u).pathname)) { + let code = coderesparams((u).search)[0]; + let state = coderesparams((u).search)[1]; + event.respondWith((async () => { + try { + /* get MRPSessions(=state) in */ + var __table_res = await MRPSessions.findOne({col_1: {$eq: state}}) + /* if refh = h || refh = fb then */ + if (((refh) == (h)) || ((refh) == (fb))) { + /* out(rawRequest(b), (u, cs__1001, cs__1000, sw__p, sw__aj)) */ + var __fetchd = await fetch((u).href, { + method: (cs__1001).method, + headers: event.request.headers, + }); + /* in(serviceWorkerResult(b), (=u, cs__1200:HttpResponse, cs__1201:ReferrerPolicy, sw__foo:XDR, sw__corr:bitstring)) */ + let cs__1200 = __fetchd; + let cs__1201 = __fetchd.headers['referrer-policy']; + /* let =httpOk(success()) = cs__1200 */ + if (!((cs__1200).status == 200)) throw new MatchFail(); + var __fetchd_body = await (cs__1200).clone().text(); + /* let =noReferrer() = cs__1201 */ + /* out(serviceWorkerSendHttpResponse(b), (u, cs__1200, cs__1201, sw__foo, sw__corr)) */ + var __response = (cs__1200) + if (cs__1201) + __response = await appendHeader(__response, 'referrer-policy', cs__1201) + return cleanResponse(__response); + } else throw new MatchFail() + } catch (e) { + console.log(e) + console.log('Match error: '+event.request.url) + return errorResponse('match error!'); + } + })()); + } else { + /* event forwardRequest() */ + } + } + } + } catch (e) { + } +}); diff --git a/bulwark/monitors/oauth_overleaf_serviceworker/sw.pv b/bulwark/monitors/oauth_overleaf_serviceworker/sw.pv new file mode 100644 index 0000000..98621f0 --- /dev/null +++ b/bulwark/monitors/oauth_overleaf_serviceworker/sw.pv @@ -0,0 +1,27 @@ + +let MonitorSW(b:Browser, h:Host, fb:Host) = + in(serviceWorkerFetch(b), (u:Uri, cs__1001, cs__1000, sw__p:Page, sw__aj:Ajax)); + let (uri(=https(), refh, refp, refq)) = cs__1000 in + let (=httpGet()) = cs__1001 in + let (uri(=https(), =h, =loginredirectpath(), =nullParams())) = u in + (out(rawRequest(b), (u, cs__1001, cs__1000, sw__p, sw__aj)); + in(serviceWorkerResult(b), (=u, cs__1100:HttpResponse, cs__1101:ReferrerPolicy, sw__foo:XDR, sw__corr:bitstring)); + let (=httpRedirect(uri(https(), fb, oauthpath(), codereqparams(appid, uri(https(), h, callbackpath(), nullParams()), noState())))) = cs__1100 in + let (=unsafeUrl()) = cs__1101 in + out(serviceWorkerSendHttpResponse(b), (u, cs__1100, cs__1101, sw__foo, sw__corr))) + else let (uri(=https(), =h, =loginpath(), =nullParams())) = u in + (out(rawRequest(b), (u, cs__1001, cs__1000, sw__p, sw__aj)); + in(serviceWorkerResult(b), (=u, cs__1100:HttpResponse, cs__1101:ReferrerPolicy, sw__foo:XDR, sw__corr:bitstring)); + let (=httpOk(pagewithlink(uri(https(), fb, oauthpath(), codereqparams(appid, uri(https(), h, callbackpath(), nullParams()), noState()))))) = cs__1100 in + let (=unsafeUrl()) = cs__1101 in + insert MRPSessions(noState()); + out(serviceWorkerSendHttpResponse(b), (u, cs__1100, cs__1101, sw__foo, sw__corr))) + else let (uri(=https(), =h, =callbackpath(), coderesparams(code, state))) = u in + (get MRPSessions(=state) in + if refh = h || refh = fb then + out(rawRequest(b), (u, cs__1001, cs__1000, sw__p, sw__aj)); + in(serviceWorkerResult(b), (=u, cs__1200:HttpResponse, cs__1201:ReferrerPolicy, sw__foo:XDR, sw__corr:bitstring)); + let (=httpOk(success())) = cs__1200 in + let (=noReferrer()) = cs__1201 in + out(serviceWorkerSendHttpResponse(b), (u, cs__1200, cs__1201, sw__foo, sw__corr))) + else event forwardRequest(). diff --git a/bulwark/monitors/oauth_overleaf_serviceworker/sw_config_overleaf.js b/bulwark/monitors/oauth_overleaf_serviceworker/sw_config_overleaf.js new file mode 100644 index 0000000..09bc168 --- /dev/null +++ b/bulwark/monitors/oauth_overleaf_serviceworker/sw_config_overleaf.js @@ -0,0 +1,31 @@ + +const h = "www.overleaf.com" +const fb = "accounts.google.com" +const loginpath = "XXXX" // the login with button is not present +const loginredirectpath = "XXXX" // The sw cannot intercept cross-origin redirect +const callbackpath = "/users/auth/google_oauth2/callback" +const oauthpath = "/o/oauth2/v2/auth" +const appid = "47304055603.apps.googleusercontent.com" + +const noState = "NOSTATE" + +let db = new zango.Db('SW', { MRPSessions: ['col_1'] }) +let MRPSessions = db.collection('MRPSessions') + +const codereqparams = (qs) => { + let params = parseQuery(qs) + return [ + params['client_id'], + new URL(params['redirect_uri']), + params['state'] + ] +} + +const coderesparams = (qs) => { + let params = parseQuery(qs) + return [ + params['code'], + params['state'] + ] +} + diff --git a/bulwark/monitors/oauth_overleaf_serviceworker/sw_include.js b/bulwark/monitors/oauth_overleaf_serviceworker/sw_include.js new file mode 100644 index 0000000..8176daf --- /dev/null +++ b/bulwark/monitors/oauth_overleaf_serviceworker/sw_include.js @@ -0,0 +1,57 @@ +//////////////////////////////////////////////////////////////////////////////// +// LIB + +self.importScripts("https://unpkg.com/zangodb@1.0.7/dist/zangodb.min.js") + +const parseQuery = (n) => n.replace('?','').split('&').reduce((s,c) => { + let t = c.split('='); + s[t[0]] = decodeURIComponent(t[1]); return s; +},{}) + +function errorResponse(error) { + return new Response("

Error

"+ error +"", { + status: 418, + statusText: "I'm a teapot", + headers: { + 'Content-Type': 'text/html' + } + }); +} + +async function appendHeader(response, h, v) { + const newHeaders = new Headers(response.headers); + newHeaders.set(h, v); + let body = await response.blob() + return new Response(body, { + status: response.status, + statusText: response.statusText, + headers: newHeaders + }) +} + +const unsafeUrl = 'unsafe-url' +const noReferrer = 'no-referrer' + +//function MatchFail() {} +MatchFail = Error + + + +function cleanResponse(response) { + const clonedResponse = response.clone(); + + // Not all browsers support the Response.body stream, so fall back to reading + // the entire body into memory as a blob. + const bodyPromise = 'body' in clonedResponse ? + Promise.resolve(clonedResponse.body) : + clonedResponse.blob(); + + return bodyPromise.then((body) => { + // new Response() is happy when passed either a stream or a Blob. + return new Response(body, { + headers: clonedResponse.headers, + status: clonedResponse.status, + statusText: clonedResponse.statusText, + }); + }); +} diff --git a/bulwark/monitors/oauth_rp_serviceworker/sw.js b/bulwark/monitors/oauth_rp_serviceworker/sw.js new file mode 100644 index 0000000..48fc944 --- /dev/null +++ b/bulwark/monitors/oauth_rp_serviceworker/sw.js @@ -0,0 +1,92 @@ +self.importScripts("/extensions/sw_monitor/sw_include.js") +self.importScripts("/extensions/sw_monitor/sw_config_auth_server.js") + +/* in(serviceWorkerFetch(b), (u:Uri, cs__1000, sw__ref:Uri, sw__p:Page, sw__aj:Ajax)) */ +self.addEventListener('fetch', function(event) { + try { + let u = new URL(event.request.url); + let cs__1000 = event.request; + let sw__ref = event.request.referer; + /* let =httpGet() = cs__1000 */ + if (!(("GET") == ((cs__1000).method))) throw new MatchFail(); + /* let uri(=https(), =h, =loginpath(), =nullParams()) = u */ + if (("https") == ((u).protocol.slice(0,-1)) && (h) == ((u).host) && (loginpath) == ((u).pathname) && ("") == ((u).search)) { + event.respondWith((async () => { + try { + /* out(rawRequest(b), (u, cs__1000, sw__ref, sw__p, sw__aj)) */ + var __fetchd = await fetch((u).href, { + method: (cs__1000).method, + headers: event.request.headers, + }); + /* in(serviceWorkerResult(b), (=u, cs__1100:HttpResponse, cs__1101:ReferrerPolicy, sw__foo:XDR, sw__corr:bitstring)) */ + let cs__1100 = __fetchd; + let cs__1101 = __fetchd.headers['referrer-policy']; + /* let httpOk(pagewithlink(uri(=https(), =fb, =oauthpath(), codereqparams(=appid, =uri(https(), h, callbackpath(), nullParams()), state)))) = cs__1100 */ + if (!((cs__1100).status == 200)) throw new MatchFail(); + var __fetchd_body = await (cs__1100).clone().text(); + var __pagewithlink_match = (new RegExp((u).protocol.slice(0,-1)+"://"+fb+oauthpath+"\\?"+"(?=.*?=(?:[^&]+))[^\\\"\\' ]+")).exec(__fetchd_body); + if (!((__pagewithlink_match))) throw new MatchFail(); + if (!(("https") == ((new URL((__pagewithlink_match)[0])).protocol.slice(0,-1)))) throw new MatchFail(); + if (!((fb) == ((new URL((__pagewithlink_match)[0])).host))) throw new MatchFail(); + if (!((oauthpath) == ((new URL((__pagewithlink_match)[0])).pathname))) throw new MatchFail(); + if (!((appid) == (codereqparams((new URL((__pagewithlink_match)[0])).search)[0]))) throw new MatchFail(); + if (!(("https") == ((codereqparams((new URL((__pagewithlink_match)[0])).search)[1]).protocol.slice(0,-1)))) throw new MatchFail(); + if (!((h) == ((codereqparams((new URL((__pagewithlink_match)[0])).search)[1]).host))) throw new MatchFail(); + if (!((callbackpath) == ((codereqparams((new URL((__pagewithlink_match)[0])).search)[1]).pathname))) throw new MatchFail(); + if (!(("") == ((codereqparams((new URL((__pagewithlink_match)[0])).search)[1]).search))) throw new MatchFail(); + let state = codereqparams((new URL((__pagewithlink_match)[0])).search)[2]; + /* let =unsafeUrl() = cs__1101 */ + /* insert MRPSessions(state) */ + await MRPSessions.insert({col_1: state}) + /* out(serviceWorkerSendHttpResponse(b), (u, cs__1100, cs__1101, sw__foo, sw__corr)) */ + var __response = (cs__1100) + if (cs__1101) + __response = await appendHeader(__response, 'referrer-policy', cs__1101) + return cleanResponse(__response); + } catch (e) { + console.log(e) + console.log('Match error: '+event.request.url) + return errorResponse('match error!'); + } + })()); + } else { + /* let uri(=https(), =h, =callbackpath(), coderesparams(code, state)) = u */ + if (("https") == ((u).protocol.slice(0,-1)) && (h) == ((u).host) && (callbackpath) == ((u).pathname)) { + let code = coderesparams((u).search)[0]; + let state = coderesparams((u).search)[1]; + event.respondWith((async () => { + try { + /* get MRPSessions(=state) in */ + var __table_res = await MRPSessions.findOne({col_1: {$eq: state}}) + if (!(__table_res)) throw new MatchFail(); + if (!((state) == (__table_res.col_1))) throw new MatchFail(); + /* out(rawRequest(b), (u, cs__1000, sw__ref, sw__p, sw__aj)) */ + var __fetchd = await fetch((u).href, { + method: (cs__1000).method, + headers: event.request.headers, + }); + /* in(serviceWorkerResult(b), (=u, cs__1200:HttpResponse, cs__1201:ReferrerPolicy, sw__foo:XDR, sw__corr:bitstring)) */ + let cs__1200 = __fetchd; + let cs__1201 = __fetchd.headers['referrer-policy']; + /* let =httpOk(success()) = cs__1200 */ + if (!((cs__1200).status == 200)) throw new MatchFail(); + var __fetchd_body = await (cs__1200).clone().text(); + /* let =noReferrer() = cs__1201 */ + /* out(serviceWorkerSendHttpResponse(b), (u, cs__1200, cs__1201, sw__foo, sw__corr)) */ + var __response = (cs__1200) + if (cs__1201) + __response = await appendHeader(__response, 'referrer-policy', cs__1201) + return cleanResponse(__response); + } catch (e) { + console.log(e) + console.log('Match error: '+event.request.url) + return errorResponse('match error!'); + } + })()); + } else { + /* event forwardRequest() */ + } + } + } catch (e) {} +}); + diff --git a/bulwark/monitors/oauth_rp_serviceworker/sw.pv b/bulwark/monitors/oauth_rp_serviceworker/sw.pv new file mode 100644 index 0000000..424aff0 --- /dev/null +++ b/bulwark/monitors/oauth_rp_serviceworker/sw.pv @@ -0,0 +1,21 @@ + +let MonitorSW(b:Browser, h:Host, fb:Host) = + in(serviceWorkerFetch(b), (u:Uri, cs__1000, sw__ref:Uri, sw__p:Page, sw__aj:Ajax)); + let (=httpGet()) = cs__1000 in + let (uri(=https(), =h, =loginpath(), =nullParams())) = u in + (out(rawRequest(b), (u, cs__1000, sw__ref, sw__p, sw__aj)); + in(serviceWorkerResult(b), (=u, cs__1100:HttpResponse, cs__1101:ReferrerPolicy, sw__foo:XDR, sw__corr:bitstring)); + let (httpOk(pagewithlink(uri(=https(), =fb, =oauthpath(), codereqparams(=appid, =uri(https(), h, callbackpath(), nullParams()), state))))) = cs__1100 in + let (=unsafeUrl()) = cs__1101 in + insert MRPSessions(state); + out(serviceWorkerSendHttpResponse(b), (u, cs__1100, cs__1101, sw__foo, sw__corr))) + else let (uri(=https(), =h, =callbackpath(), coderesparams(code, state))) = u in + (get MRPSessions(=state) in + out(rawRequest(b), (u, cs__1000, sw__ref, sw__p, sw__aj)); + in(serviceWorkerResult(b), (=u, cs__1200:HttpResponse, cs__1201:ReferrerPolicy, sw__foo:XDR, sw__corr:bitstring)); + let (=httpOk(success())) = cs__1200 in + let (=noReferrer()) = cs__1201 in + out(serviceWorkerSendHttpResponse(b), (u, cs__1200, cs__1201, sw__foo, sw__corr))) + else event forwardRequest(). + + diff --git a/bulwark/monitors/oauth_rp_serviceworker/sw_config_auth_server.js b/bulwark/monitors/oauth_rp_serviceworker/sw_config_auth_server.js new file mode 100644 index 0000000..843ade6 --- /dev/null +++ b/bulwark/monitors/oauth_rp_serviceworker/sw_config_auth_server.js @@ -0,0 +1,28 @@ + +const h = "integrator.com" +const fb = "auth-server.com" +const loginpath = "/login" +const callbackpath = "/as-verify" +const oauthpath = "/oauth2/auth" +const appid = "67538654696" + +let db = new zango.Db('SW', { MRPSessions: ['col_1'] }) +let MRPSessions = db.collection('MRPSessions') + +const codereqparams = (qs) => { + let params = parseQuery(qs) + return [ + params['client_id'], + new URL(params['redirect_uri']), + params['state'] + ] +} + +const coderesparams = (qs) => { + let params = parseQuery(qs) + return [ + params['code'], + params['state'] + ] +} + diff --git a/bulwark/monitors/oauth_rp_serviceworker/sw_config_facebook.js b/bulwark/monitors/oauth_rp_serviceworker/sw_config_facebook.js new file mode 100644 index 0000000..5cf838c --- /dev/null +++ b/bulwark/monitors/oauth_rp_serviceworker/sw_config_facebook.js @@ -0,0 +1,28 @@ + +const h = "integrator.com" +const fb = "www.facebook.com" +const loginpath = "/login" +const callbackpath = "/fb-callback" +const oauthpath = "/v3.2/dialog/oauth" +const appid = "390639234906615" + +let db = new zango.Db('SW', { MRPSessions: ['col_1'] }) +let MRPSessions = db.collection('MRPSessions') + +const codereqparams = (qs) => { + let params = parseQuery(qs) + return [ + params['client_id'], + new URL(params['redirect_uri']), + params['state'] + ] +} + +const coderesparams = (qs) => { + let params = parseQuery(qs) + return [ + params['code'], + params['state'] + ] +} + diff --git a/bulwark/monitors/oauth_rp_serviceworker/sw_config_google.js b/bulwark/monitors/oauth_rp_serviceworker/sw_config_google.js new file mode 100644 index 0000000..c3cd50c --- /dev/null +++ b/bulwark/monitors/oauth_rp_serviceworker/sw_config_google.js @@ -0,0 +1,28 @@ + +const h = "integrator.com" +const fb = "accounts.google.com" +const loginpath = "/login" +const callbackpath = "/google-verify" +const oauthpath = "/o/oauth2/auth" +const appid = "996805361802-2tbmasivof6joftmsfqtgcuehpuokl71.apps.googleusercontent.com" + +let db = new zango.Db('SW', { MRPSessions: ['col_1'] }) +let MRPSessions = db.collection('MRPSessions') + +const codereqparams = (qs) => { + let params = parseQuery(qs) + return [ + params['client_id'], + new URL(params['redirect_uri']), + params['state'] + ] +} + +const coderesparams = (qs) => { + let params = parseQuery(qs) + return [ + params['code'], + params['state'] + ] +} + diff --git a/bulwark/monitors/oauth_rp_serviceworker/sw_config_vk.js b/bulwark/monitors/oauth_rp_serviceworker/sw_config_vk.js new file mode 100644 index 0000000..8d73582 --- /dev/null +++ b/bulwark/monitors/oauth_rp_serviceworker/sw_config_vk.js @@ -0,0 +1,28 @@ + +const h = "integrator.com" +const fb = "oauth.vk.com" +const loginpath = "/login" +const callbackpath = "/vk-verify" +const oauthpath = "/authorize" +const appid = "7054259" + +let db = new zango.Db('SW', { MRPSessions: ['col_1'] }) +let MRPSessions = db.collection('MRPSessions') + +const codereqparams = (qs) => { + let params = parseQuery(qs) + return [ + params['client_id'], + new URL(params['redirect_uri']), + params['state'] + ] +} + +const coderesparams = (qs) => { + let params = parseQuery(qs) + return [ + params['code'], + params['state'] + ] +} + diff --git a/bulwark/monitors/oauth_rp_serviceworker/sw_include.js b/bulwark/monitors/oauth_rp_serviceworker/sw_include.js new file mode 100644 index 0000000..8176daf --- /dev/null +++ b/bulwark/monitors/oauth_rp_serviceworker/sw_include.js @@ -0,0 +1,57 @@ +//////////////////////////////////////////////////////////////////////////////// +// LIB + +self.importScripts("https://unpkg.com/zangodb@1.0.7/dist/zangodb.min.js") + +const parseQuery = (n) => n.replace('?','').split('&').reduce((s,c) => { + let t = c.split('='); + s[t[0]] = decodeURIComponent(t[1]); return s; +},{}) + +function errorResponse(error) { + return new Response("

Error

"+ error +"", { + status: 418, + statusText: "I'm a teapot", + headers: { + 'Content-Type': 'text/html' + } + }); +} + +async function appendHeader(response, h, v) { + const newHeaders = new Headers(response.headers); + newHeaders.set(h, v); + let body = await response.blob() + return new Response(body, { + status: response.status, + statusText: response.statusText, + headers: newHeaders + }) +} + +const unsafeUrl = 'unsafe-url' +const noReferrer = 'no-referrer' + +//function MatchFail() {} +MatchFail = Error + + + +function cleanResponse(response) { + const clonedResponse = response.clone(); + + // Not all browsers support the Response.body stream, so fall back to reading + // the entire body into memory as a blob. + const bodyPromise = 'body' in clonedResponse ? + Promise.resolve(clonedResponse.body) : + clonedResponse.blob(); + + return bodyPromise.then((body) => { + // new Response() is happy when passed either a stream or a Blob. + return new Response(body, { + headers: clonedResponse.headers, + status: clonedResponse.status, + statusText: clonedResponse.statusText, + }); + }); +} diff --git a/bulwark/monitors/paypal_ipn_proxy/monitor_backchan.py b/bulwark/monitors/paypal_ipn_proxy/monitor_backchan.py new file mode 100644 index 0000000..cbdbaf3 --- /dev/null +++ b/bulwark/monitors/paypal_ipn_proxy/monitor_backchan.py @@ -0,0 +1,47 @@ +#!/usb/bin/env python3 + +# This script runs on the back channel and forwards requests and responses to the generated monitor `monitor_rp.py`. + +import re + +from mitmproxy import http, ctx +from mitmproxy.script import concurrent + +import threading +import time +import urllib.parse + +import pickle +import zmq + +PORT = 65534 +zmq_socket = None + +def configure(updated): + global zmq_socket + try: + ctx = zmq.Context() + zmq_socket = ctx.socket(zmq.REQ) + zmq_socket.bind("tcp://*:%s" % PORT) + except: + import traceback + print(traceback.format_exc()) + + +def request(flow: http.HTTPFlow) -> None: + print ("REQ|", flow.request) + data = dict(request=flow.request, response=flow.response) + zmq_socket.send_multipart((b"REQ|", pickle.dumps(data))) + _, action = zmq_socket.recv_multipart() + if action == b'DROP': + print("BACKCHAN killing request!") + flow.kill() + +def response(flow: http.HTTPFlow) -> None: + print ("RES|", flow.response) + data = dict(request=flow.request, response=flow.response) + zmq_socket.send_multipart((b"RES|", pickle.dumps(data))) + _, action = zmq_socket.recv_multipart() + if action == b'DROP': + print("BACKCHAN killing response!") + flow.kill() diff --git a/bulwark/monitors/paypal_ipn_proxy/monitor_paypal.config b/bulwark/monitors/paypal_ipn_proxy/monitor_paypal.config new file mode 100644 index 0000000..3604c15 --- /dev/null +++ b/bulwark/monitors/paypal_ipn_proxy/monitor_paypal.config @@ -0,0 +1,54 @@ +h = 'integrator.com' +paypalcom = 'www.sandbox.paypal.com' +checkoutpath = '/checkout_confirmation.php' +callbackpath = '/checkout_process.php' +ipnpath = '/ext/modules/payment/paypal/standard_ipn.php' +webscr = '/cgi-bin/webscr' +integratorMerchantId = 'alberto.lupo@business.example.com' +verified = 'VERIFIED' + +MTransactions = None + +def configure(updated): + global MTransactions + + try: + mongoclient = pymongo.MongoClient(host='mongo-rp', port=27017) + mongodb = mongoclient['pvmonitor'] + MTransactions = mongodb['MTransactions'] + setup_backchannels() + except: + import traceback + print(traceback.format_exc()) + + +def webscrData(filledform): + return [ + filledform['business'], + float(filledform['amount']) + float(filledform['shipping']) , + filledform['invoice'], + urllib.parse.urlparse(filledform['notify_url']), + urllib.parse.urlparse(filledform['return']) + ] + +def filledForm(form): + return [form] + +def formGen(text): + res = re.findall('
', text) + assert res + form = dict(re.findall('', text)) + return [form, urllib.parse.urlparse(res[0])] + +def ipnData(post): + params = urllib.parse.parse_qs(post.decode()) + return [ + params['business'][0], + float(params['payment_gross'][0]), + params['invoice'][0], + params['payer_email'][0], + params['verify_sign'][0] + ] + +def httpPost(request): + return [request.raw_content] diff --git a/bulwark/monitors/paypal_ipn_proxy/monitor_rp.pv b/bulwark/monitors/paypal_ipn_proxy/monitor_rp.pv new file mode 100644 index 0000000..892c346 --- /dev/null +++ b/bulwark/monitors/paypal_ipn_proxy/monitor_rp.pv @@ -0,0 +1,43 @@ + +let RPMonitor(h:Host) = + (in(httpServerRequest, (cs__1000:Uri, hs:Headers, cs__1001:HttpRequest, corr:bitstring)); + let (uri(=https(), =h, =checkoutpath(), =nullParams())) = cs__1000 in + let (=httpGet()) = cs__1001 in + out(mC_1_out, (cs__1000, hs, cs__1001, corr)); + in(mC_1_in, (cs__1102:Uri, cs__1100:HttpResponse, cp:CookiePair, cs__1101:ReferrerPolicy, =corr)); + let (httpOk(formGen(filledForm(webscrData(=integratorMerchantId, amt, inv, =uri(https(), h, ipnpath(), nullParams()), =uri(https(), h, callbackpath(), nullParams()))), =uri(https(), paypalcom, webscr(), nullParams())))) = cs__1100 in + let (=unsafeUrl()) = cs__1101 in + let (=uri(https(), h, checkoutpath(), nullParams())) = cs__1102 in + insert MTransactions(inv, amt); + out(httpServerResponse, (cs__1102, cs__1100, cp, cs__1101, corr))) + |((in(httpServerRequest, (cs__1000:Uri, hs:Headers, cs__1001:HttpRequest, corr:bitstring)); + let (uri(=https(), =h, =callbackpath(), =nullParams())) = cs__1000 in + let (=httpGet()) = cs__1001 in + out(mC_1_out, (cs__1000, hs, cs__1001, corr)); + in(mC_1_in, (cs__1103:Uri, cs__1101:HttpResponse, cs__1100:CookiePair, cs__1102:ReferrerPolicy, =corr)); + let (=getCookie(hs)) = cs__1100 in + let (=httpOk(success())) = cs__1101 in + let (=unsafeUrl()) = cs__1102 in + let (=uri(https(), h, callbackpath(), nullParams())) = cs__1103 in + out(httpServerResponse, (cs__1103, cs__1101, cs__1100, cs__1102, corr))) + |(in(httpServerRequest, (cs__1001:Uri, hs:Headers, cs__1000:HttpRequest, corr:bitstring)); + let (httpPost(ipnData(merchantId, amt, inv, payerId, verisign))) = cs__1000 in + let (uri(=https(), =h, =ipnpath(), =nullParams())) = cs__1001 in + if merchantId = integratorMerchantId then + get MTransactions(=inv, =amt) in + out(mC_1_out, (cs__1001, hs, cs__1000, corr)); + in(mC_2_in, (cs__1202:Uri, cs__1200:Headers, cs__1201:HttpRequest, ncorr:bitstring)); + let (headers(noneUri, =nullCookiePair(), =notajax())) = cs__1200 in + let (=httpPost(ipnData(merchantId, amt, inv, payerId, verisign))) = cs__1201 in + let (=uri(https(), paypalcom, webscr(), nullParams())) = cs__1202 in + out(httpServerRequest, (cs__1202, cs__1200, cs__1201, ncorr)); + in(httpServerResponse, (cs__1301:Uri, cs__1300:HttpResponse, cpXX:CookiePair, rpXX:ReferrerPolicy, =ncorr)); + let (httpOk(=verified())) = cs__1300 in + let (=uri(https(), paypalcom, webscr(), nullParams())) = cs__1301 in + out(mC_2_out, (cs__1301, cs__1300, cpXX, rpXX, ncorr)); + in(mC_1_in, (cs__1403:Uri, cs__1401:HttpResponse, cs__1400:CookiePair, cs__1402:ReferrerPolicy, =corr)); + let (=getCookie(hs)) = cs__1400 in + let (=httpOk(empty())) = cs__1401 in + let (=unsafeUrl()) = cs__1402 in + let (=uri(https(), h, ipnpath(), nullParams())) = cs__1403 in + out(httpServerResponse, (cs__1403, cs__1401, cs__1400, cs__1402, corr)))). \ No newline at end of file diff --git a/bulwark/monitors/paypal_ipn_proxy/monitor_rp.py b/bulwark/monitors/paypal_ipn_proxy/monitor_rp.py new file mode 100644 index 0000000..2345744 --- /dev/null +++ b/bulwark/monitors/paypal_ipn_proxy/monitor_rp.py @@ -0,0 +1,366 @@ +#!/usb/bin/env python3 + +import re + +from mitmproxy import http, ctx +from mitmproxy.script import concurrent + +import pymongo +import zmq + +import os +import json +import pickle +import threading +import queue +import time +import urllib.parse + +class PVThread(threading.Thread): + pass + +class Obj(object): + def __init__(self, **kwargs): + self._dict = kwargs + def __getattr__(self, name): + if name == '_dict': + return super(Obj, self).__getattr__(name) + return self._dict[name] + def __setattr__(self, name, value): + if name == '_dict': + return super(Obj, self).__setattr__(name,value) + self._dict[name] = value + +# Globals +CV = {} +PORT = 65534 +zmq_socket = None +queue_req = None +queue_req_actions = None +queue_res = None +queue_res_actions = None +https = 'http' + +################################################################################ +## CONFIG + +CONFIG = "monitor_paypal.config" +with open(os.path.join(os.path.dirname(__file__), CONFIG), 'r') as f: + exec(f.read()) + +################################################################################ +## PROCESSES + +def process_1(flow): + try: + # in(httpServerRequest, (cs__1000:Uri, hs:Headers, cs__1001:HttpRequest, corr:bitstring)) + with CV[flow]: CV[flow].wait() + assert flow.request is not None + cs__1000 = urllib.parse.urlparse(flow.request.pretty_url) + hs = Obj(referer=flow.request.headers['referer'] if 'referer' in flow.request.headers else None, cookie=dict(flow.request.cookies)) + cs__1001 = flow.request + # let uri(=https(), =h, =checkoutpath(), =nullParams()) = cs__1000 + if not ((https) == ((cs__1000).scheme)): raise RuntimeError('Match failed!') + if not ((h) == ((cs__1000).netloc)): raise RuntimeError('Match failed!') + if not ((checkoutpath) == ((cs__1000).path)): raise RuntimeError('Match failed!') + if not (("") == ((cs__1000).query)): raise RuntimeError('Match failed!') + # out(mC_1_out, (cs__1000, hs, cs__1001, corr)) + flow.request.url = urllib.parse.urlunparse(cs__1000) + if (hs).referer: flow.request.headers['referer'] = (hs).referer + flow.request.cookies = (hs).cookie.items() + flow.request.method = (cs__1001).method + if flow.request.method == 'POST': + flow.request.raw_content = (cs__1001).raw_content + with CV[flow]: CV[flow].notify_all() + # in(mC_1_in, (cs__1102:Uri, cs__1100:HttpResponse, cp:CookiePair, cs__1101:ReferrerPolicy, =corr)) + with CV[flow]: CV[flow].wait_for(lambda: flow.response is not None) + cs__1102 = urllib.parse.urlparse(flow.request.pretty_url) + cs__1100 = flow.response + cp = dict(flow.response.cookies if flow.response.cookies else flow.request.cookies) + cs__1101 = flow.response.headers['referrer-policy'] if 'referer-policy' in flow.response.headers else 'unsafe-url' + # let httpOk(formGen(filledForm(webscrData(=integratorMerchantId, amt, inv, =uri(https(), h, ipnpath(), nullParams()), =uri(https(), h, callbackpath(), nullParams()))), =uri(https(), paypalcom, webscr(), nullParams()))) = cs__1100 + if not ((cs__1100).status_code == 200): raise RuntimeError('Match failed!') + if not ((integratorMerchantId) == (webscrData(filledForm(formGen((cs__1100).text)[0])[0])[0])): raise RuntimeError('Match failed!') + amt = webscrData(filledForm(formGen((cs__1100).text)[0])[0])[1] + inv = webscrData(filledForm(formGen((cs__1100).text)[0])[0])[2] + if not ((https) == ((webscrData(filledForm(formGen((cs__1100).text)[0])[0])[3]).scheme)): raise RuntimeError('Match failed!') + #if not ((h) == ((webscrData(filledForm(formGen((cs__1100).text)[0])[0])[3]).netloc)): raise RuntimeError('Match failed!') + if not ((ipnpath) == ((webscrData(filledForm(formGen((cs__1100).text)[0])[0])[3]).path)): raise RuntimeError('Match failed!') + if not (("") == ((webscrData(filledForm(formGen((cs__1100).text)[0])[0])[3]).query)): raise RuntimeError('Match failed!') + if not ((https) == ((webscrData(filledForm(formGen((cs__1100).text)[0])[0])[4]).scheme)): raise RuntimeError('Match failed!') + #if not ((h) == ((webscrData(filledForm(formGen((cs__1100).text)[0])[0])[4]).netloc)): raise RuntimeError('Match failed!') + if not ((callbackpath) == ((webscrData(filledForm(formGen((cs__1100).text)[0])[0])[4]).path)): raise RuntimeError('Match failed!') + if not (("") == ((webscrData(filledForm(formGen((cs__1100).text)[0])[0])[4]).query)): raise RuntimeError('Match failed!') + if not (("https") == ((formGen((cs__1100).text)[1]).scheme)): raise RuntimeError('Match failed!') + if not ((paypalcom) == ((formGen((cs__1100).text)[1]).netloc)): raise RuntimeError('Match failed!') + if not ((webscr) == ((formGen((cs__1100).text)[1]).path)): raise RuntimeError('Match failed!') + if not (("") == ((formGen((cs__1100).text)[1]).query)): raise RuntimeError('Match failed!') + # let =unsafeUrl() = cs__1101 + # let =uri(https(), h, checkoutpath(), nullParams()) = cs__1102 + if not ((https) == ((cs__1102).scheme)): raise RuntimeError('Match failed!') + if not ((h) == ((cs__1102).netloc)): raise RuntimeError('Match failed!') + if not ((checkoutpath) == ((cs__1102).path)): raise RuntimeError('Match failed!') + if not (("") == ((cs__1102).query)): raise RuntimeError('Match failed!') + # insert MTransactions(inv, amt) + MTransactions.insert({'col_1': inv, 'col_2': amt}) + # out(httpServerResponse, (cs__1102, cs__1100, cp, cs__1101, corr)) + flow.response.status_code = (cs__1100).status_code + flow.response.text = (cs__1100).text + flow.response.headers['referrer-policy'] = cs__1101 + if flow in CV: + with CV[flow]: CV[flow].notify_all() + except: + import traceback + print(traceback.format_exc()) + + +def process_2(flow): + try: + # in(httpServerRequest, (cs__1000:Uri, hs:Headers, cs__1001:HttpRequest, corr:bitstring)) + with CV[flow]: CV[flow].wait() + assert flow.request is not None + cs__1000 = urllib.parse.urlparse(flow.request.pretty_url) + hs = Obj(referer=flow.request.headers['referer'] if 'referer' in flow.request.headers else None, cookie=dict(flow.request.cookies)) + cs__1001 = flow.request + # let uri(=https(), =h, =callbackpath(), =nullParams()) = cs__1000 + if not ((https) == ((cs__1000).scheme)): raise RuntimeError('Match failed!') + if not ((h) == ((cs__1000).netloc)): raise RuntimeError('Match failed!') + if not ((callbackpath) == ((cs__1000).path)): raise RuntimeError('Match failed!') + if not (("") == ((cs__1000).query)): raise RuntimeError('Match failed!') + # let =httpGet() = cs__1001 + if not (("GET") == ((cs__1001).method)): raise RuntimeError('Match failed!') + # out(mC_1_out, (cs__1000, hs, cs__1001, corr)) + flow.request.url = urllib.parse.urlunparse(cs__1000) + if (hs).referer: flow.request.headers['referer'] = (hs).referer + flow.request.cookies = (hs).cookie.items() + flow.request.method = (cs__1001).method + if flow.request.method == 'POST': + flow.request.raw_content = (cs__1001).raw_content + with CV[flow]: CV[flow].notify_all() + # in(mC_1_in, (cs__1103:Uri, cs__1101:HttpResponse, cs__1100:CookiePair, cs__1102:ReferrerPolicy, =corr)) + with CV[flow]: CV[flow].wait_for(lambda: flow.response is not None) + cs__1103 = urllib.parse.urlparse(flow.request.pretty_url) + cs__1101 = flow.response + cs__1100 = dict(flow.response.cookies if flow.response.cookies else flow.request.cookies) + cs__1102 = flow.response.headers['referrer-policy'] if 'referer-policy' in flow.response.headers else 'unsafe-url' + # let =getCookie(hs) = cs__1100 + # let =httpOk(success()) = cs__1101 + # let =unsafeUrl() = cs__1102 + # let =uri(https(), h, callbackpath(), nullParams()) = cs__1103 + if not ((https) == ((cs__1103).scheme)): raise RuntimeError('Match failed!') + if not ((h) == ((cs__1103).netloc)): raise RuntimeError('Match failed!') + if not ((callbackpath) == ((cs__1103).path)): raise RuntimeError('Match failed!') + if not (("") == ((cs__1103).query)): raise RuntimeError('Match failed!') + # out(httpServerResponse, (cs__1103, cs__1101, cs__1100, cs__1102, corr)) + flow.response.status_code = (cs__1101).status_code + flow.response.text = (cs__1101).text + flow.response.headers['referrer-policy'] = cs__1102 + if flow in CV: + with CV[flow]: CV[flow].notify_all() + except: + import traceback + print(traceback.format_exc()) + + +def process_3(flow): + try: + # in(httpServerRequest, (cs__1001:Uri, hs:Headers, cs__1000:HttpRequest, corr:bitstring)) + with CV[flow]: CV[flow].wait() + assert flow.request is not None + cs__1001 = urllib.parse.urlparse(flow.request.pretty_url) + hs = Obj(referer=flow.request.headers['referer'] if 'referer' in flow.request.headers else None, cookie=dict(flow.request.cookies)) + cs__1000 = flow.request + # let httpPost(ipnData(merchantId, amt, inv, payerId, verisign)) = cs__1000 + merchantId = ipnData(httpPost(cs__1000)[0])[0] + amt = ipnData(httpPost(cs__1000)[0])[1] + inv = ipnData(httpPost(cs__1000)[0])[2] + payerId = ipnData(httpPost(cs__1000)[0])[3] + verisign = ipnData(httpPost(cs__1000)[0])[4] + # let uri(=https(), =h, =ipnpath(), =nullParams()) = cs__1001 + if not ((https) == ((cs__1001).scheme)): raise RuntimeError('Match failed!') + if not ((h) == ((cs__1001).netloc)): raise RuntimeError('Match failed!') + if not ((ipnpath) == ((cs__1001).path)): raise RuntimeError('Match failed!') + if not (("") == ((cs__1001).query)): raise RuntimeError('Match failed!') + # if merchantId = integratorMerchantId then + if (merchantId) == (integratorMerchantId): + # get MTransactions(=inv, =amt) in + __table_res = MTransactions.find_one({'col_1': {'$eq': inv}, 'col_2': {'$eq': amt}}) + if not (__table_res): raise RuntimeError('Match failed!') + # out(mC_1_out, (cs__1001, hs, cs__1000, corr)) + flow.request.url = urllib.parse.urlunparse(cs__1001) + if (hs).referer: flow.request.headers['referer'] = (hs).referer + flow.request.cookies = (hs).cookie.items() + flow.request.method = (cs__1000).method + if flow.request.method == 'POST': + flow.request.raw_content = (cs__1000).raw_content + with CV[flow]: CV[flow].notify_all() + # in(mC_2_in, (cs__1202:Uri, cs__1200:Headers, cs__1201:HttpRequest, ncorr:bitstring)) + __backchan_req = queue_req.get(timeout=1) + cs__1202 = urllib.parse.urlparse(__backchan_req['request'].pretty_url) + cs__1200 = Obj(referer=__backchan_req['request'].headers['referer'] if 'referer' in __backchan_req['request'].headers else None, cookie=dict(__backchan_req['request'].cookies)) + cs__1201 = __backchan_req['request'] + # let headers(noneUri, =nullCookiePair(), =notajax()) = cs__1200 + noneUri = (cs__1200).referer + if not (((cs__1200).cookie == {})): raise RuntimeError('Match failed!') + # let =httpPost(ipnData(merchantId, amt, inv, payerId, verisign)) = cs__1201 + if not ((merchantId) == (ipnData(httpPost(cs__1201)[0])[0])): raise RuntimeError('Match failed!') + if not ((amt) == (ipnData(httpPost(cs__1201)[0])[1])): raise RuntimeError('Match failed!') + if not ((inv) == (ipnData(httpPost(cs__1201)[0])[2])): raise RuntimeError('Match failed!') + if not ((payerId) == (ipnData(httpPost(cs__1201)[0])[3])): raise RuntimeError('Match failed!') + if not ((verisign) == (ipnData(httpPost(cs__1201)[0])[4])): raise RuntimeError('Match failed!') + # let =uri(https(), paypalcom, webscr(), nullParams()) = cs__1202 + if not (("https") == ((cs__1202).scheme)): raise RuntimeError('Match failed!') + if not ((paypalcom) == ((cs__1202).netloc)): raise RuntimeError('Match failed!') + if not ((webscr) == ((cs__1202).path)): raise RuntimeError('Match failed!') + if not (("") == ((cs__1202).query)): raise RuntimeError('Match failed!') + # out(httpServerRequest, (cs__1202, cs__1200, cs__1201, ncorr)) + queue_req_actions.put(b'ok') + # in(httpServerResponse, (cs__1301:Uri, cs__1300:HttpResponse, cpXX:CookiePair, rpXX:ReferrerPolicy, =ncorr)) + __backchan_res = queue_res.get(timeout=1) + cs__1301 = urllib.parse.urlparse(__backchan_res['request'].pretty_url) + cs__1300 = __backchan_res['response'] + cpXX = __backchan_res['response'].cookies + rpXX = __backchan_res['response'].headers['referrer-policy'] if 'referer-policy' in __backchan_res['response'].headers else 'unsafe-url' + # let httpOk(=verified()) = cs__1300 + if not ((cs__1300).status_code == 200): raise RuntimeError('Match failed!') + if not ((verified) == ((cs__1300).text)): raise RuntimeError('Match failed!') + # let =uri(https(), paypalcom, webscr(), nullParams()) = cs__1301 + if not (("https") == ((cs__1301).scheme)): raise RuntimeError('Match failed!') + if not ((paypalcom) == ((cs__1301).netloc)): raise RuntimeError('Match failed!') + if not ((webscr) == ((cs__1301).path)): raise RuntimeError('Match failed!') + if not (("") == ((cs__1301).query)): raise RuntimeError('Match failed!') + # out(mC_2_out, (cs__1301, cs__1300, cpXX, rpXX, ncorr)) + queue_res_actions.put(b'ok') + # in(mC_1_in, (cs__1403:Uri, cs__1401:HttpResponse, cs__1400:CookiePair, cs__1402:ReferrerPolicy, =corr)) + with CV[flow]: CV[flow].wait_for(lambda: flow.response is not None) + cs__1403 = urllib.parse.urlparse(flow.request.pretty_url) + cs__1401 = flow.response + cs__1400 = dict(flow.response.cookies if flow.response.cookies else flow.request.cookies) + cs__1402 = flow.response.headers['referrer-policy'] if 'referer-policy' in flow.response.headers else 'unsafe-url' + # let =getCookie(hs) = cs__1400 + # let =httpOk(empty()) = cs__1401 + if not ((cs__1401).status_code == 200): raise RuntimeError('Match failed!') + # let =unsafeUrl() = cs__1402 + # let =uri(https(), h, ipnpath(), nullParams()) = cs__1403 + if not ((https) == ((cs__1403).scheme)): raise RuntimeError('Match failed!') + if not ((h) == ((cs__1403).netloc)): raise RuntimeError('Match failed!') + if not ((ipnpath) == ((cs__1403).path)): raise RuntimeError('Match failed!') + if not (("") == ((cs__1403).query)): raise RuntimeError('Match failed!') + # out(httpServerResponse, (cs__1403, cs__1401, cs__1400, cs__1402, corr)) + flow.response.status_code = (cs__1401).status_code + flow.response.text = (cs__1401).text + flow.response.headers['referrer-policy'] = cs__1402 + if flow in CV: + with CV[flow]: CV[flow].notify_all() + else: + raise RuntimeError('if Failed!') + except: + import traceback + print(traceback.format_exc()) + + + +HANDLERS = [process_1, process_2, process_3] +PATHS = [checkoutpath, callbackpath, ipnpath] +BACKCHAN_PATHS = [webscr] + + + +################################################################################ +## MITMPROXY ENTRYPOINT + +def zmq_worker(zmq_socket, queue_req, queue_req_actions, queue_res, queue_res_actions): + while True: + try: + msgtype, data = zmq_socket.recv_multipart() + flow = pickle.loads(data) + print("==> NEW DATA on back channel:") + print(flow) + + if urllib.parse.urlparse(flow['request'].pretty_url).path in BACKCHAN_PATHS: + if msgtype == b'REQ|': + queue_req.put(flow) + try: + act = queue_req_actions.get(timeout=0.5) + zmq_socket.send_multipart((msgtype, act)) + except queue.Empty: + zmq_socket.send_multipart((msgtype, b'DROP')) + + if msgtype == b'RES|': + queue_res.put(flow) + try: + act = queue_res_actions.get(timeout=0.5) + print(act) + zmq_socket.send_multipart((msgtype, act)) + except queue.Empty: + zmq_socket.send_multipart((msgtype, b'DROP')) + else: + zmq_socket.send_multipart((msgtype, b'ok')) + + except zmq.ZMQError as e: + # the queue is closed + print(" zmq error!! {}".format(e)) + return + except pickle.PickleError as e: + # there something wrong with the data + print(" pickle error!! {}".format(e)) + except Exception as e: + import traceback + print(traceback.format_exc()) + + +def setup_backchannels(): + global zmq_socket + global queue_req + global queue_req_actions + global queue_res + global queue_res_actions + + try: + time.sleep(3) + print("Connecting to the backchannel proxy...") + ctx = zmq.Context() + zmq_socket = ctx.socket(zmq.REP) + zmq_socket.connect("tcp://mitmback:%s" % PORT) + print (zmq_socket) + + print("Making queues...") + queue_req = queue.Queue() + queue_req_actions = queue.Queue() + queue_res = queue.Queue() + queue_res_actions = queue.Queue() + zmq_t = threading.Thread( + target=zmq_worker, + args=[zmq_socket, queue_req, queue_req_actions, queue_res, queue_res_actions], + daemon=True) + zmq_t.start() + except: + import traceback + print(traceback.format_exc()) + +def response(flow: http.HTTPFlow) -> None: + if flow.request.path.split('?')[0] not in PATHS: return + + with CV[flow]: + CV[flow].notify_all() + with CV[flow]: + if not CV[flow].wait(timeout=3): + ctx.log.warn(" Wait timeout: response match error!") + flow.response = http.make_error_response(500, "Wait timeout: response match error!") + + del CV[flow] + +def request(flow: http.HTTPFlow) -> None: + if flow.request.path.split('?')[0] not in PATHS: return + + CV[flow] = threading.Condition() + ts = [] + for h in HANDLERS: + t = PVThread(target=h, args=(flow,)) + t.daemon = True + t.start() + with CV[flow]: CV[flow].notify_all() + with CV[flow]: + if not CV[flow].wait(timeout=3): + ctx.log.warn(" Wait timeout: request match error!") + flow.response = http.make_error_response(500, "Wait timeout: request match error!") diff --git a/bulwark/specifications/oauth.pv b/bulwark/specifications/oauth.pv new file mode 100644 index 0000000..08a8ef1 --- /dev/null +++ b/bulwark/specifications/oauth.pv @@ -0,0 +1,197 @@ + +fun loginpath(): Path[data]. (* = "/login" *) +fun oauthpath(): Path[data]. (* = "/v[0-9]\.[0-9]/dialog/oauth" *) +fun callbackpath(): Path[data]. (* = "/callback" *) +fun tokenpath(): Path[data]. (* = /v[0-9]\.[0-9]/oauth/access_token*) + +fun codereqparams(Id, Uri, bitstring): Params[data]. (* = {"client_id", "redirect_uri", "state"} *) +fun coderesparams(bitstring, bitstring): Params[data]. (* = {"code", "state"} *) +fun tokenreqparams(Id, Uri, Secret, bitstring): Params[data]. (* = {"client_id", "redirect_uri", "client_secret", "code"} *) + +fun success(): bitstring[data]. +fun tokenresjson(bitstring): bitstring[data]. +fun pagewithlink(Uri): bitstring[data]. + +const appid:Id. +const appsecret:Secret [private]. + +free ttpcom: Host. +free integratorcom: Host. + +fun mkCookie(bitstring): Cookie [private]. + +letfun session_start(cj:CookiePair, corr:bitstring) = + let cookiePair(session_cookie,path_cookie) = cj in + if session_cookie <> nullCookie() then + cj + else + cookiePair(mkCookie(corr), nullCookie()). + +let mkserver(h:Host) = + (new sk:privkey; + let pubk = pk(sk) in + insert serverIdentities(orig(https(),h), pubk,sk,xdr()); + out(pub,pubk)). + +(* Setup a malicious server *) +let MaliciousServer() = mkserver(mallory). + +(* App that leaks to the attacker everything it receives *) +let AttackerLeakApp(h:Host) = + !(in(httpServerRequest,(u:Uri,hs:Headers,r:HttpRequest,corr:bitstring)); + let uri(=https(), =h, p, q) = u in + out(pub, (u, hs, r))). + +(* events *) +event rp_begin(Host, Host, CookiePair, Id, Uri, bitstring). +event rp_end(Host, Host, CookiePair,Id, Uri, Secret, bitstring, bitstring, bitstring). +event idp_begin(Host, Id, Uri, bitstring). +event idp_end(Host, Id, Secret, Uri, bitstring, bitstring). +event ua_begin(Browser, Host, Host, Id, bitstring). +event ua_end(Browser, Host, Host, bitstring, bitstring). + +(* reachability queries: every event must be reachable *) +query h:Host,idph:Host, reduri:Uri, b:Browser, id:Id, c:CookiePair, sec:Secret, + state:bitstring, code:bitstring, token:bitstring; + event( rp_begin(h,idph,c,id,reduri,state) ); + event( rp_end(h,idph,c,id,reduri,sec,state,code,token) ); + event( idp_begin(idph,id,reduri,code) ); + event( idp_end(idph,id,sec,reduri,code,token) ); + event( ua_begin(b,h, idph, id, state) ); + event( ua_end(b, h,idph,state, code) ); + event( rp_end(h,idph,c,id,reduri,sec,state,code,token) ) && + event( idp_end(idph,id,sec,reduri,code,token) ) && + event( ua_end(b, h,idph,state, code) ). + +(* correspondence assertions *) +query h:Host, idph:Host, c:CookiePair, aid:Id, sec:Secret,reduri:Uri, state:bitstring,code:bitstring, token:bitstring, + b:Browser; + event( ua_end(b, h, idph, state, code) ) && + event( rp_end(h,idph,c,aid,reduri,sec,state,code,token) ) ==> event( rp_begin(h,idph,c,aid,reduri,state) ). + +query h:Host, reduri:Uri, aid:Id, sec:Secret, code:bitstring, state:bitstring, token:bitstring; + event( idp_end(h,aid,sec,reduri,code,token) ) ==> event( idp_begin(h,aid,reduri,code) ). + +query b:Browser, h:Host, idph:Host, id:Id, state:bitstring, code:bitstring; + event( ua_end(b, h,idph, state, code) ) ==> event( ua_begin(b, h,idph, id, state) ). + +query h:Host, idph:Host, c:CookiePair, code:bitstring, aid:Id, sec:Secret,reduri:Uri, state:bitstring, token:bitstring, + b:Browser; + event( ua_end(b, h, idph, state, code) ) && + event( idp_end(idph,aid,sec,reduri,code,token) ) ==> event( rp_begin(h,idph,c,aid,reduri,state) ). + +query h:Host, idph:Host, c:CookiePair, aid:Id, sec:Secret, code:bitstring, state:bitstring, token:bitstring,reduri:Uri, + b:Browser; + event( ua_end(b, h, idph, state, code) ) && + event( rp_end(h,idph,c,aid,reduri,sec,state,code,token) ) ==> event( idp_begin(idph,aid,reduri,code) ). + +query h:Host, idph:Host, b:Browser, c:CookiePair, aid:Id, code:bitstring, state:bitstring, token:bitstring, reduri:Uri; + event( ua_end(b, h, idph, state, code) ) + ==> event( idp_begin(idph,aid,reduri,code) ) && event( rp_begin(h,idph,c,aid,reduri,state) ). + +query h:Host,idph:Host, b:Browser, c:CookiePair,aid:Id, sec:Secret, code:bitstring, state:bitstring, token:bitstring, reduri:Uri; + event( ua_end(b, h, idph, state, code) ) + ==> event( rp_end(h,idph,c,aid,reduri,sec,state,code,token) ) + && event( idp_end(idph,aid,sec,reduri, code,token) ). + +(* Secrecy of the tokens and states *) +query code:bitstring, token:bitstring, b:Browser, h:Host, idph:Host, aid:Id, sec:Secret, c:CookiePair, state:bitstring, reduri:Uri; + event( ua_end(b, h,idph, state, code) ) + && event( rp_end(h,idph,c,aid,reduri,sec,state,code,token) ) + && event( idp_end(idph,aid,sec,reduri, code, token) ) + && attacker(code); + event( ua_end(b, h,idph,state, code) ) + && event( rp_end(h,idph,c,aid,reduri,sec,state,code,token) ) + && event( idp_end(idph,aid,sec,reduri, code, token) ) + && attacker(token); + event( ua_end(b, h,idph,state, code) ) + && event( rp_end(h,idph,c,aid,reduri,sec,state,code,token) ) + && event( idp_end(idph,aid,sec,reduri, code, token) ) + && attacker(state). + + +table RPSessions(CookiePair, bitstring). + +let RPApp(h:Host, fb:Host) = + let reduri = uri(https(), h, callbackpath(), nullParams()) in + ( + (in(httpServerRequest,(u:Uri,hs:Headers,=httpGet(),corr:bitstring)); + let uri(=https(), =h, =loginpath(), =nullParams()) = u in + let cj = getCookie(hs) in + let cp = session_start(cj, corr) in + new state:bitstring; + insert RPSessions(cp,state); + let fb_uri = uri(https(), fb, oauthpath(), codereqparams(appid, reduri, state)) in + event rp_begin(h, fb, cp, appid, reduri, state); + out(httpServerResponse, (u, httpOk(pagewithlink(fb_uri)), cp, unsafeUrl(), corr))) + | + (in(httpServerRequest,(u:Uri,hs:Headers,=httpGet(),corr:bitstring)); + let uri(=https(), =h, =callbackpath(), coderesparams(code, state)) = u in + get RPSessions(=getCookie(hs), =state) in + let cp = getCookie(hs) in + let req_uri = uri(https(), fb, tokenpath(), tokenreqparams(appid, reduri, appsecret, code)) in + new ncorr:bitstring; + out(httpServerRequest, + (req_uri,headers(noneUri, nullCookiePair(), notajax()), httpGet(), ncorr)); + in(httpServerResponse, (=req_uri, httpOk(tokenresjson(token)), cp1:CookiePair, rp1:ReferrerPolicy, =ncorr)); + event rp_end(h, fb, cp, appid, reduri, appsecret, state, code, token); + out(httpServerResponse, (u, httpOk(success()), cp, noReferrer(), corr)))). + + +table IDPAuthCodes(Host,Id, Uri, bitstring). + +let IDPApp(h:Host) = +( + (in(httpServerRequest,(u:Uri,hs:Headers,req:HttpRequest,corr:bitstring)); + let uri(=https(), =h, =oauthpath(), codereqparams(appidX, reduriX, stateX)) = u in + let cp = session_start(getCookie(hs), corr) in + new resp:HttpResponse; + out(httpServerResponse, (u, resp, cp, noReferrer(), corr))) +| + (in(httpServerRequest,(u:Uri,hs:Headers,req:HttpRequest,corr:bitstring)); + let uri(=https(), =h, =oauthpath(), codereqparams(=appid, reduri, state)) = u in + let uri(=https(), rh, rp, =nullParams()) = reduri in + let cp = session_start(getCookie(hs), corr) in + new code:bitstring; + insert IDPAuthCodes(h,appid, reduri, code); + let nuri = uri(https(), rh, rp, coderesparams(code, state)) in + event idp_begin(h, appid, reduri, code); + out(httpServerResponse, (u, httpRedirect(nuri), cp, unsafeUrl(), corr))) +| + (in(httpServerRequest,(u:Uri,hs:Headers,=httpGet(),corr:bitstring)); + let uri(=https(), =h, =tokenpath(), tokenreqparams(=appid, reduri, =appsecret, code)) = u in + get IDPAuthCodes(=h,=appid, =reduri, =code) in + new token:bitstring; + event idp_end(h, appid, appsecret, reduri, code, token); + out(httpServerResponse, (u, httpOk(tokenresjson(token)), getCookie(hs), unsafeUrl(), corr)))). + + +let UA(b:Browser) = + (let loginURI = uri(https(), integratorcom, loginpath(), nullParams()) in + out(browserRequest(b), (loginURI, httpGet()))) +| + (in (newPage(b),(p1:Page,=uri(https(), integratorcom, loginpath(), nullParams()),pagewithlink(sso_uri))); + let uri(=https(), idp, =oauthpath(), codereqparams(aid, red_uri, state)) = sso_uri in + event ua_begin(b, integratorcom, idp, aid, state); + out(pageClick(b), (p1, sso_uri, httpGet()))) +| + (in(newPage(b),(p2:Page, reduri:Uri, =success())); + let uri(=https(), =integratorcom, =callbackpath(), coderesparams(code,state1)) = reduri in + event ua_end(b, integratorcom, ttpcom, state1, code)). + + +let OAuth() = + ( + mkserver(ttpcom) | mkserver(integratorcom) + | (!IDPApp(ttpcom)) + | (!RPApp(integratorcom, ttpcom)) + | !(in(pub, b:Browser); + (* !UAFetchResources(b,mallory) |*) !NoServiceWorker(b) | !UA(b))). + +set reconstructDerivation = false. +process ( + BrowserProcess() | HttpServer() | Network() + | OAuth() + | MaliciousServer() + | AttackerLeakApp(mallory) +) diff --git a/bulwark/specifications/oauth_overleaf.pv b/bulwark/specifications/oauth_overleaf.pv new file mode 100644 index 0000000..bc85992 --- /dev/null +++ b/bulwark/specifications/oauth_overleaf.pv @@ -0,0 +1,215 @@ + +fun loginpath(): Path[data]. (* = "/login" *) +fun loginredirectpath(): Path[data]. +fun oauthpath(): Path[data]. (* = "/v[0-9]\.[0-9]/dialog/oauth" *) +fun callbackpath(): Path[data]. (* = "/callback" *) +fun tokenpath(): Path[data]. (* = /v[0-9]\.[0-9]/oauth/access_token*) + +fun noState(): bitstring[data]. +fun codereqparams(Id, Uri, bitstring): Params[data]. (* = {"client_id", "redirect_uri", "state"} *) +fun coderesparams(bitstring, bitstring): Params[data]. (* = {"code", "state"} *) +fun tokenreqparams(Id, Uri, Secret, bitstring): Params[data]. (* = {"client_id", "redirect_uri", "client_secret", "code"} *) + +fun success(): bitstring[data]. +fun tokenresjson(bitstring): bitstring[data]. +fun pagewithlink(Uri): bitstring[data]. + +const appid:Id. +const appsecret:Secret [private]. + +free ttpcom: Host. +free integratorcom: Host. + +fun mkCookie(bitstring): Cookie [private]. + +letfun session_start(cj:CookiePair, corr:bitstring) = + let cookiePair(session_cookie,path_cookie) = cj in + if session_cookie <> nullCookie() then + cj + else + cookiePair(mkCookie(corr), nullCookie()). + +let mkserver(h:Host) = + (new sk:privkey; + let pubk = pk(sk) in + insert serverIdentities(orig(https(),h), pubk,sk,xdr()); + out(pub,pubk)). + +(* Setup a malicious server *) +let MaliciousServer() = mkserver(mallory). + +(* App that leaks to the attacker everything it receives *) +let AttackerLeakApp(h:Host) = + !(in(httpServerRequest,(u:Uri,hs:Headers,r:HttpRequest,corr:bitstring)); + let uri(=https(), =h, p, q) = u in + out(pub, (u, hs, r))). + +(* events *) +event rp_begin(Host, Host, CookiePair, Id, Uri, bitstring). +event rp_end(Host, Host, CookiePair,Id, Uri, Secret, bitstring, bitstring, bitstring). +event idp_begin(Host, Id, Uri, bitstring). +event idp_end(Host, Id, Secret, Uri, bitstring, bitstring). +event ua_begin(Browser, Host, Host, Id, bitstring). +event ua_end(Browser, Host, Host, bitstring, bitstring). + +(* reachability queries: every event must be reachable *) +query h:Host,idph:Host, reduri:Uri, b:Browser, id:Id, c:CookiePair, sec:Secret, + state:bitstring, code:bitstring, token:bitstring; + event( rp_begin(h,idph,c,id,reduri,state) ); + event( rp_end(h,idph,c,id,reduri,sec,state,code,token) ); + event( idp_begin(idph,id,reduri,code) ); + event( idp_end(idph,id,sec,reduri,code,token) ); + event( ua_begin(b,h, idph, id, state) ); + event( ua_end(b, h,idph,state, code) ); + event( rp_end(h,idph,c,id,reduri,sec,state,code,token) ) && + event( idp_end(idph,id,sec,reduri,code,token) ) && + event( ua_end(b, h,idph,state, code) ). + +(* correspondence assertions *) +query h:Host, idph:Host, c:CookiePair, aid:Id, sec:Secret,reduri:Uri, state:bitstring,code:bitstring, token:bitstring, + b:Browser; + event( ua_end(b, h, idph, state, code) ) && + event( rp_end(h,idph,c,aid,reduri,sec,state,code,token) ) ==> event( rp_begin(h,idph,c,aid,reduri,state) ). + +query h:Host, reduri:Uri, aid:Id, sec:Secret, code:bitstring, state:bitstring, token:bitstring; + event( idp_end(h,aid,sec,reduri,code,token) ) ==> event( idp_begin(h,aid,reduri,code) ). + +query b:Browser, h:Host, idph:Host, id:Id, state:bitstring, code:bitstring; + event( ua_end(b, h,idph, state, code) ) ==> event( ua_begin(b, h,idph, id, state) ). + +query h:Host, idph:Host, c:CookiePair, code:bitstring, aid:Id, sec:Secret,reduri:Uri, state:bitstring, token:bitstring, + b:Browser; + event( ua_end(b, h, idph, state, code) ) && + event( idp_end(idph,aid,sec,reduri,code,token) ) ==> event( rp_begin(h,idph,c,aid,reduri,state) ). + +query h:Host, idph:Host, c:CookiePair, aid:Id, sec:Secret, code:bitstring, state:bitstring, token:bitstring,reduri:Uri, + b:Browser; + event( ua_end(b, h, idph, state, code) ) && + event( rp_end(h,idph,c,aid,reduri,sec,state,code,token) ) ==> event( idp_begin(idph,aid,reduri,code) ). + +query h:Host, idph:Host, b:Browser, c:CookiePair, aid:Id, code:bitstring, state:bitstring, token:bitstring, reduri:Uri; + event( ua_end(b, h, idph, state, code) ) + ==> event( idp_begin(idph,aid,reduri,code) ) && event( rp_begin(h,idph,c,aid,reduri,state) ). + +query h:Host,idph:Host, b:Browser, c:CookiePair,aid:Id, sec:Secret, code:bitstring, state:bitstring, token:bitstring, reduri:Uri; + event( ua_end(b, h, idph, state, code) ) + ==> event( rp_end(h,idph,c,aid,reduri,sec,state,code,token) ) + && event( idp_end(idph,aid,sec,reduri, code,token) ). + +(* Secrecy of the tokens and states *) +query code:bitstring, token:bitstring, b:Browser, h:Host, idph:Host, aid:Id, sec:Secret, c:CookiePair, state:bitstring, reduri:Uri; + event( ua_end(b, h,idph, state, code) ) + && event( rp_end(h,idph,c,aid,reduri,sec,state,code,token) ) + && event( idp_end(idph,aid,sec,reduri, code, token) ) + && attacker(code); + event( ua_end(b, h,idph,state, code) ) + && event( rp_end(h,idph,c,aid,reduri,sec,state,code,token) ) + && event( idp_end(idph,aid,sec,reduri, code, token) ) + && attacker(token); + event( ua_end(b, h,idph,state, code) ) + && event( rp_end(h,idph,c,aid,reduri,sec,state,code,token) ) + && event( idp_end(idph,aid,sec,reduri, code, token) ) + && attacker(state) ==> state = noState(). (* the attacker may omit the state *) + + +table RPSessions(CookiePair, bitstring). + +let RPApp(h:Host, fb:Host) = + let reduri = uri(https(), h, callbackpath(), nullParams()) in + ( + (in(httpServerRequest,(u:Uri,hs:Headers,=httpGet(),corr:bitstring)); + let uri(=https(), =h, =loginredirectpath(), =nullParams()) = u in + let cj = getCookie(hs) in + let cp = session_start(cj, corr) in + let fb_uri = uri(https(), fb, oauthpath(), codereqparams(appid, reduri, noState())) in + event rp_begin(h, fb, cp, appid, reduri, noState()); + out(httpServerResponse, (u, httpRedirect(fb_uri), cp, unsafeUrl(), corr))) + | + (in(httpServerRequest,(u:Uri,hs:Headers,=httpGet(),corr:bitstring)); + let uri(=https(), =h, =loginpath(), =nullParams()) = u in + let cj = getCookie(hs) in + let cp = session_start(cj, corr) in + new state:bitstring; + let state = noState() in + insert RPSessions(cp,state); + let fb_uri = uri(https(), fb, oauthpath(), codereqparams(appid, reduri, state)) in + event rp_begin(h, fb, cp, appid, reduri, state); + out(httpServerResponse, (u, httpOk(pagewithlink(fb_uri)), cp, unsafeUrl(), corr))) + | + (in(httpServerRequest,(u:Uri,hs:Headers,=httpGet(),corr:bitstring)); + let uri(=https(), =h, =callbackpath(), coderesparams(code, state)) = u in + get RPSessions(=getCookie(hs), =state) in + let cp = getCookie(hs) in + if cp <> nullCookiePair() then + let ref = getReferer(hs) in + let uri(=https(), refh, refp, refq) = ref in + if refh = h || refh = fb then + let req_uri = uri(https(), fb, tokenpath(), tokenreqparams(appid, reduri, appsecret, code)) in + new ncorr:bitstring; + out(httpServerRequest, + (req_uri,headers(noneUri, nullCookiePair(), notajax()), httpGet(), ncorr)); + in(httpServerResponse, (=req_uri, httpOk(tokenresjson(token)), cp1:CookiePair, rp1:ReferrerPolicy, =ncorr)); + event rp_end(h, fb, cp, appid, reduri, appsecret, state, code, token); + out(httpServerResponse, (u, httpOk(success()), cp, noReferrer(), corr)))). + +table IDPAuthCodes(Host,Id, Uri, bitstring). + +let IDPApp(h:Host) = +( + (in(httpServerRequest,(u:Uri,hs:Headers,req:HttpRequest,corr:bitstring)); + let uri(=https(), =h, =oauthpath(), codereqparams(appidX, reduriX, stateX)) = u in + let cp = session_start(getCookie(hs), corr) in + new resp:HttpResponse; + out(httpServerResponse, (u, resp, cp, noReferrer(), corr))) +| + (in(httpServerRequest,(u:Uri,hs:Headers,req:HttpRequest,corr:bitstring)); + let uri(=https(), =h, =oauthpath(), codereqparams(=appid, reduri, state)) = u in + let uri(=https(), rh, rp, =nullParams()) = reduri in + let cp = session_start(getCookie(hs), corr) in + new code:bitstring; + insert IDPAuthCodes(h,appid, reduri, code); + let nuri = uri(https(), rh, rp, coderesparams(code, state)) in + event idp_begin(h, appid, reduri, code); + out(httpServerResponse, (u, httpRedirect(nuri), cp, unsafeUrl(), corr))) +| + (in(httpServerRequest,(u:Uri,hs:Headers,=httpGet(),corr:bitstring)); + let uri(=https(), =h, =tokenpath(), tokenreqparams(=appid, reduri, =appsecret, code)) = u in + get IDPAuthCodes(=h,=appid, =reduri, =code) in + new token:bitstring; + event idp_end(h, appid, appsecret, reduri, code, token); + out(httpServerResponse, (u, httpOk(tokenresjson(token)), getCookie(hs), unsafeUrl(), corr)))). + + +let UA(b:Browser) = + (let loginURI = uri(https(), integratorcom, loginpath(), nullParams()) in + out(browserRequest(b), (loginURI, httpGet()))) +| + (let loginURI = uri(https(), integratorcom, loginredirectpath(), nullParams()) in + event ua_begin(b, integratorcom, ttpcom, appid, noState()); + out(browserRequest(b), (loginURI, httpGet()))) +| + (in (newPage(b),(p1:Page,=uri(https(), integratorcom, loginpath(), nullParams()),pagewithlink(sso_uri))); + let uri(=https(), idp, =oauthpath(), codereqparams(aid, red_uri, state)) = sso_uri in + event ua_begin(b, integratorcom, idp, aid, state); + out(pageClick(b), (p1, sso_uri, httpGet()))) +| + (in(newPage(b),(p2:Page, reduri:Uri, =success())); + let uri(=https(), =integratorcom, =callbackpath(), coderesparams(code,state1)) = reduri in + event ua_end(b, integratorcom, ttpcom, state1, code)). + + +let OAuth() = + ( + mkserver(ttpcom) | mkserver(integratorcom) + | (!IDPApp(ttpcom)) + | (!RPApp(integratorcom, ttpcom)) + | !(in(pub, b:Browser); + (*!UAFetchResources(b,mallory) |*) !NoServiceWorker(b) | !UA(b))). + +set reconstructDerivation = false. +process ( + BrowserProcess() | HttpServer() | Network() + | OAuth() + | MaliciousServer() + | AttackerLeakApp(mallory) +) diff --git a/bulwark/specifications/paypal_ipn.pv b/bulwark/specifications/paypal_ipn.pv new file mode 100644 index 0000000..c25b44a --- /dev/null +++ b/bulwark/specifications/paypal_ipn.pv @@ -0,0 +1,177 @@ + +fun ipnpath(): Path [data]. (* = "/ext/modules/payment/paypal/standard_ipn.php" *) +fun checkoutpath(): Path [data]. (* = "/checkout_confirmation.php" *) +fun callbackpath(): Path [data]. (* = "/checkout_process.php" *) +fun webscr(): Path [data]. (* = "/cgi-bin/webscr" *) + +free integratorcom: Host. (* = "integrator.com" *) +free paypalcom: Host. (* = "www.sandbox.paypal.com"*) + +free integratorMerchantId: Id. (* = "alberto.lupo@business.example.com" *) + + +type Amount. +type Invoice. +fun filledForm(Params): HTMLtag [data]. +fun webscrData(Id, Amount, Invoice, Uri, Uri): Params [data]. (* = {"business", "amount", "invoice", "notify_url", "return"} *) + +fun ipnData(Id, Amount, Invoice, Id, bitstring): Params [data]. + +fun jslink(Uri):bitstring [data]. +fun verified():bitstring [data]. +fun success(): bitstring [data]. +fun empty(): bitstring [data]. + + +(* Queries *) +event rp_begin(Id, Amount, Invoice, Uri, Uri). +event rp_checkout_done(). +event rp_ipn_verified(Id, Amount, Invoice, Id). +event paypal_checkout_complete(Id, Amount, Invoice, Id). +event paypal_verified(Id, Amount, Invoice, Id). +event ua_begin(Uri, Id, Amount, Invoice, Uri, Uri). +event ua_end(). + +query id:Id, amt:Amount, inv:Invoice, ntf:Uri, ret:Uri; event( rp_begin(id, amt, inv, ntf, ret) ). +query event( rp_checkout_done( ) ). +query id:Id, amt:Amount, inv:Invoice, payerid:Id; event( rp_ipn_verified(id, amt, inv, payerid) ). +query id:Id, amt:Amount, inv:Invoice, payerid:Id; event( paypal_checkout_complete(id, amt, inv, payerid) ). +query id:Id, amt:Amount, inv:Invoice, payerid:Id; event( paypal_verified(id, amt, inv, payerid) ). +query payuri:Uri, id:Id, amt:Amount, inv:Invoice, ntf:Uri, ret:Uri; event( ua_begin(payuri, id, amt, inv, ntf, ret) ). +query event( ua_end( ) ). + +query payuri:Uri, id:Id, amt:Amount, inv:Invoice, ntf:Uri, ret:Uri, payerid:Id; + event( paypal_checkout_complete(id, amt, inv, payerid) ) + && event( paypal_verified(id, amt, inv, payerid) ) + && event( rp_ipn_verified(id, amt, inv, payerid) ). + + +query id:Id, amt:Amount, inv:Invoice, payerid:Id, ntf:Uri, ret:Uri; + event( rp_ipn_verified(id, amt, inv, payerid) ) + ==> event( rp_begin(id, amt, inv, ntf, ret) ). + +query id:Id, amt:Amount, inv:Invoice, payerid:Id, ntf:Uri, ret:Uri; + event( rp_ipn_verified(id, amt, inv, payerid) ) + ==> event( paypal_checkout_complete(id, amt, inv, payerid) ). + + +(* Utils *) +fun mkCookie(bitstring): Cookie [private]. + +letfun session_start(cj:CookiePair, corr:bitstring) = + let cookiePair(session_cookie,path_cookie) = cj in + if session_cookie <> nullCookie() then + cj + else + cookiePair(mkCookie(corr), nullCookie()). + +let mkserver(h:Host) = + (new sk:privkey; + let pubk = pk(sk) in + insert serverIdentities(orig(https(),h), pubk,sk,xdr()); + out(pub,pubk)). + +(* Processes *) +table Transactions(Invoice, Amount). + +let RP(h:Host) = + let webscruri = uri(https(), paypalcom, webscr(), nullParams()) in + let returi = uri(https(), h, callbackpath(), nullParams()) in + let notifyuri = uri(https(), h, ipnpath(), nullParams()) in +( + (in(httpServerRequest, (u:Uri, hs:Headers, =httpGet(), corr:bitstring)); + let uri(=https(), =h, =checkoutpath(), =nullParams()) = u in + let cp = session_start(getCookie(hs), corr) in + new amt: Amount; + new inv: Invoice; + insert Transactions(inv, amt); + event rp_begin(integratorMerchantId, amt, inv, notifyuri, returi); + let resp = httpOk(formGen(filledForm(webscrData(integratorMerchantId, amt, inv, notifyuri, returi)), webscruri)) in + out(httpServerResponse, (u, resp, cp, unsafeUrl(), corr))) +| + (in(httpServerRequest, (u:Uri, hs:Headers, =httpGet(), corr:bitstring)); + let uri(=https(), =h, =callbackpath(), =nullParams()) = u in + let cp = getCookie(hs) in + event rp_checkout_done(); + let resp = httpOk(success()) in + out(httpServerResponse, (u, resp, cp, unsafeUrl(), corr))) +| + (in(httpServerRequest, (u:Uri, hs:Headers, req:HttpRequest, corr:bitstring)); + let uri(=https(), =h, =ipnpath(), =nullParams()) = u in + let httpPost(ipnd) = req in + let ipnData(merchantId, amt, inv, payerId, verisign) = ipnd in + let cp = getCookie(hs) in + (* validate merchant id *) + if merchantId = integratorMerchantId then + (* validate invoice and amount *) + get Transactions(=inv, =amt) in + (* validate ipn data *) + new ncorr: bitstring; + out(httpServerRequest, (webscruri, headers(noneUri, nullCookiePair(), notajax()), httpPost(ipnd), ncorr)); + in(httpServerResponse, (=webscruri, httpOk(=verified()), cpXX:CookiePair, rpXX:ReferrerPolicy, =ncorr)); + event rp_ipn_verified(merchantId, amt, inv, payerId); + let resp = httpOk(empty()) in + out(httpServerResponse, (u, resp, cp, unsafeUrl(), corr)))). + +table ValidSignatures(bitstring, Id, Amount, Invoice, Id). + +let PayPal(h:Host) = +( + (in(httpServerRequest, (u:Uri, hs:Headers, req:HttpRequest, corr:bitstring)); + let uri(=https(), =h, =webscr(), =nullParams()) = u in + let httpPost(webscrData(mch, amt, inv, ntf, ret)) = req in + let cp = (*session_start(getCookie(hs), corr) in*) getCookie(hs) in + (* ... login/pay ... *) + new verisign: bitstring; + new payerId: Id; + insert ValidSignatures(verisign, mch, amt, inv, payerId); + event paypal_checkout_complete(mch, amt, inv, payerId); + (* Send ipn *) + (let ipnd = ipnData(mch, amt, inv, payerId, verisign) in + new ncorr:bitstring; + out(httpServerRequest, (ntf, headers(noneUri, nullCookiePair(), notajax()), httpPost(ipnd), ncorr)); + in(httpServerResponse, (=ntf, httpOk(=empty()), cpXX:CookiePair, rpXX:ReferrerPolicy, =ncorr))) + (* redirect to returi *) + |(let d = jslink(ret) in + out(httpServerResponse, (u, httpOk(d), cp, unsafeUrl(), corr)))) +| + (in(httpServerRequest, (u:Uri, hs:Headers, req:HttpRequest, corr:bitstring)); + let uri(=https(), =h, =webscr(), =nullParams()) = u in + let httpPost(ipnData(merchantId, amt, inv, payerId, verisign)) = req in + let cp = getCookie(hs) in + get ValidSignatures(=verisign, =merchantId, =amt, =inv, =payerId) in + event paypal_verified(merchantId, amt, inv, payerId); + let resp = httpOk(verified()) in + out(httpServerResponse, (u, resp, cp, unsafeUrl(), corr)))). + + +let UA(b:Browser) = +( + (let checkouturi = uri(https(), integratorcom, checkoutpath(), nullParams()) in + out(browserRequest(b), (checkouturi, httpGet()))) + | + (in (newPage(b),(p:Page, u:Uri ,d:bitstring)); + let uri(=https(), =integratorcom, =checkoutpath(), =nullParams()) = u in + let formGen(filledForm(webscrData(mch, amt, inv, ntf, ret)), payuri) = d in + event ua_begin(payuri, mch, amt, inv, ntf, ret); + out(pageClick(b), (p, payuri, httpPost(webscrData(mch, amt, inv, ntf, ret))))) + | + (in (newPage(b),(p:Page, u:Uri ,d:bitstring)); + let uri(=https(), =paypalcom, =webscr(), =nullParams()) = u in + (* ... login/pay ... *) + let jslink(returi) = d in + out(pageClick(b), (p, returi, httpGet()))) + | + (in (newPage(b),(p:Page, u:Uri ,d:bitstring)); + let uri(=https(), =integratorcom, =callbackpath(), =nullParams()) = u in + let (=success()) = d in + event ua_end())). + + +set reconstructDerivation = false. +(* Network *) +process + BrowserProcess() | HttpServer() | Network() | + mkserver(paypalcom) | !PayPal(paypalcom) | + mkserver(integratorcom) | !RP(integratorcom) | + (in(pub, b:Browser); (!NoServiceWorker(b) | !UA(b))) diff --git a/bulwark/specifications/proverif_wrapper.sh b/bulwark/specifications/proverif_wrapper.sh new file mode 100755 index 0000000..eb71aeb --- /dev/null +++ b/bulwark/specifications/proverif_wrapper.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +ESC="$(printf '\033')" +RST="$ESC[0m" +GRN="$ESC[37;42m" +RED="$ESC[37;41m" + +time proverif $@ \ + | sed "s/\(is true\)/$GRN\1$RST/" \ + | sed "s/\(cannot be proved\|is false\)/$RED\1$RST/" \ + | grep --color RESULT diff --git a/bulwark/specifications/webspi_custom.pvl b/bulwark/specifications/webspi_custom.pvl new file mode 100644 index 0000000..dbb80f5 --- /dev/null +++ b/bulwark/specifications/webspi_custom.pvl @@ -0,0 +1,396 @@ + +(* UserAgent -> Page -> HttpClient *) + +(* UserAgent models user behaviour; + Page models HTML + JavaScript; + HttpClient models Browser. + + UserAgent can load any url at any time; + this leads to a page being loaded. + + Each Page has an origin. + JavaScript/HTML on the page can make a Get request or a Post request + to any URI (but the result goes to a new Page; new Heap; + we could allow the original page to detect success/failure). + It can make an XmlHttpRequest to the same origin and get the response back. + It can try to make an XmlHttpRequest to a different origin if the server enables CORS. + + XSS: Enable the attacker to get control over Pages loaded from a particular URL. + + HttpClient keeps a table indexed by origin of cookies (4 categories: http-only X Secure) + HttpClient keeps a table indexed by origin of localStorage + Each Page is given read/write access to JS cookies and localStorage for its origin. +*) + +set reconstructTrace = false. +event Check(). +(* query event(Check()). *) + +type Browser. +type Uri. +fun noneUri():Uri. +(* Uri modeled as http[s]://Host/Path?Params *) +type Protocol. +fun https():Protocol [data]. +fun http():Protocol [data]. +type Host. +type Path. +type Params. +type Origin. +type Data. +fun orig(Protocol,Host):Origin [data]. +fun uri(Protocol,Host,Path,Params):Uri [data]. +fun nullParams():Params. +fun nullStore():Data. +fun nullData():bitstring. +fun slash():Path. + +reduc forall r:Protocol,h:Host,p:Path,q:Params; protocol(uri(r,h,p,q)) = r. +reduc forall r:Protocol,h:Host,p:Path,q:Params; path(uri(r,h,p,q)) = p. +reduc forall r:Protocol,h:Host,p:Path,q:Params; host(uri(r,h,p,q)) = h. +reduc forall r:Protocol,h:Host,p:Path,q:Params; origin(uri(r,h,p,q)) = orig(r,h). + + +type Cookie. +type CookiePair. +fun cookie(bitstring,bitstring,bitstring,bitstring):Cookie [data]. +fun cookiePair(Cookie,Cookie):CookiePair [data]. +fun pathCookie(Cookie,Path):Cookie [data]. + +fun nullCookieFragment() :bitstring [data]. +fun nullCookie():Cookie [data]. +letfun nullCookiePair() = cookiePair(nullCookie(), nullCookie()). + +reduc forall sh:bitstring,ih:bitstring,sj:bitstring,ij:bitstring; domcookie(cookie(sh,ih,sj,ij)) = cookie(nullCookieFragment(),nullCookieFragment(),sj,ij); + domcookie(nullCookie()) = nullCookie(). + + +reduc forall sh:bitstring,ih:bitstring,sj:bitstring,ij:bitstring,nsj:bitstring,nij:bitstring; + updatedomcookie(cookie(sh,ih,sj,ij),nsj,nij) = cookie(sh,ih,nsj,nij); + forall nsj:bitstring,nij:bitstring; + updatedomcookie(nullCookie(),nsj,nij) = cookie(nullCookieFragment(),nullCookieFragment(),nsj,nij). + +reduc forall sj:bitstring; sjcookie(sj) = cookie(nullCookieFragment(),nullCookieFragment(),sj,nullCookieFragment()). +reduc forall sh:bitstring; shcookie(sh) = cookie(sh,nullCookieFragment(),nullCookieFragment(),nullCookieFragment()). + +reduc forall sh:bitstring,ih:bitstring,sj:bitstring,ij:bitstring; securehttp(cookie(sh,ih,sj,ij)) = sh. +reduc forall sh:bitstring,ih:bitstring,sj:bitstring,ij:bitstring; securejs(cookie(sh,ih,sj,ij)) = sj. +reduc forall sh:bitstring,ih:bitstring,sj:bitstring,ij:bitstring; insecurehttp(cookie(sh,ih,sj,ij)) = ih. +reduc forall sh:bitstring,ih:bitstring,sj:bitstring,ij:bitstring; insecurejs(cookie(sh,ih,sj,ij)) = ij. + +table cookies(Browser,Origin,Path,Cookie). +table storage(Browser,Origin,Data). + +type HttpRequest. +fun httpGet():HttpRequest [data]. +fun httpPost(Params):HttpRequest [data]. + +type HttpResponse. +fun httpOk(bitstring):HttpResponse [data]. +fun httpRedirect(Uri):HttpResponse [data]. +fun httpError():HttpResponse [data]. + +(* Headers = referer, cookie, XmlHttpRequest *) +type Ajax. +fun notajax():Ajax [data]. +fun ajax():Ajax [data]. + +type XDR. +fun noxdr():XDR [data]. +fun xdr():XDR [data]. + +type Headers. +fun headers(Uri, CookiePair, Ajax): Headers [data]. +reduc forall c:CookiePair, u:Uri, a:Ajax; getCookie(headers(u, c, a)) = c. +reduc forall c:CookiePair, u:Uri, a:Ajax; getReferer(headers(u, c, a)) = u. +reduc forall c:CookiePair, u:Uri, a:Ajax; getAjax(headers(u, c, a)) = a. + +type ReferrerPolicy. +fun noReferrer(): ReferrerPolicy. +fun rorigin(): ReferrerPolicy. +fun sameOrigin(): ReferrerPolicy. +fun unsafeUrl(): ReferrerPolicy. + +fun httpReq(Uri,Headers,HttpRequest) : bitstring [data]. +fun httpResp(HttpResponse,CookiePair,ReferrerPolicy,XDR) : bitstring [data]. + +type Page. +fun aboutBlank():Page. + +event Compromised(Origin). + +table pageOrigin(Page,Origin,Path,Uri, ReferrerPolicy). + +fun rawRequest(Browser):channel [private]. +fun browserRequest(Browser):channel [private]. +fun ajaxRequest(Browser):channel [private]. +fun ajaxResponse(Browser):channel [private]. +fun getCookieStorage(Browser):channel [private]. +fun setCookieStorage(Browser):channel [private]. +fun newPage(Browser):channel [private]. +fun pageClick(Browser):channel [private]. + +fun serviceWorkerHttpResponse(Browser): channel [private]. +fun serviceWorkerSendHttpResponse(Browser): channel [private]. +fun serviceWorkerRawRequest(Browser): channel [private]. + +type Id. +type Secret. + +free net:channel. + +(* Authenticated Encryption *) +type symkey. +fun aenc(bitstring,symkey): bitstring. +reduc forall b:bitstring,k:symkey; adec(aenc(b,k),k) = b. + +(* Key Derivation *) +fun pbkdf2(Secret,bitstring): symkey. +fun keygen(bitstring): symkey. + +(* MAC *) +type Mac. +fun mac(bitstring, symkey):Mac. + +(* Public-key Encryption and Signatures *) +type privkey. +type pubkey. +fun pk(privkey):pubkey. +fun wrap(symkey,pubkey): bitstring. +reduc forall k:symkey,dk:privkey; unwrap(wrap(k,pk(dk)),dk) = k. +fun sign(bitstring,privkey): bitstring. +reduc forall b:bitstring,sk:privkey; verify(sign(b,sk),pk(sk)) = b. + +(* Derived notion of host-based encryption *) +letfun hostenc(x:bitstring, host:Host, p:pubkey) = + new k:symkey; + (k,(wrap(k,p),aenc((host,x),k))). +letfun hostdec(m:bitstring, host:Host, s:privkey) = + let (ek:bitstring,ex:bitstring) = m in + let k = unwrap(ek,s) in + let (=host,x:bitstring) = adec(ex,k) in + (k,x). + +(* Derived notion of HTTP/HTTPS encryption *) +free nullkey:symkey. +letfun reqenc(o:Origin,x:bitstring,p:pubkey) = + let orig(=https(),h) = o in + hostenc(x,h,p) + else (nullkey,x). +letfun reqdec(o:Origin,m:bitstring,s:privkey) = + let orig(=https(),h) = o in + hostdec(m,h,s) + else (nullkey,m). + +letfun respenc(o:Origin,x:bitstring,k:symkey) = + let orig(=https(),h) = o in + aenc(x,k) else x. +letfun respdec(o:Origin,m:bitstring,k:symkey) = + let orig(=https(),h) = o in + adec(m,k) else m. + +table serverIdentities(Origin,pubkey,privkey,XDR). + +free pub:channel. +type Command. + +fun initRequest(Browser,Uri,HttpRequest) : Command [data]. +fun initPageClick(Browser,Page,Uri,HttpRequest) : Command [data]. +fun initAjaxRequest(Browser,Page,Uri,HttpRequest) : Command [data]. +fun fetchCookieStorage(Browser,Page) : Command [data]. +fun injectCookieStorage(Browser,Page,Cookie,Data) : Command [data]. + +let AttackerProxy() = + (in (pub,initRequest(b,u,req)); + out (browserRequest(b),(u,req))) + | (in (pub,initPageClick(b,p,u,req)); + out (pageClick(b),(p,u,req))) + | (in (pub,initAjaxRequest(b,p,u,req)); + out (ajaxRequest(b),(p,u,req)); + in (ajaxResponse(b),(=p,=u,dataIn:bitstring)); + out (pub,dataIn)) + | (in (pub,fetchCookieStorage(b:Browser,p:Page)); + in (getCookieStorage(b),(=p,c:CookiePair,s:Data)); + out (pub, (c,s))) + | (in (pub,injectCookieStorage(b,p,c,s)); + out (setCookieStorage(b),(p,c,s))). + +fun mkPage(Uri):Page [private]. + + +let NoServiceWorker(b:Browser) = +( + (in(serviceWorkerRawRequest(b), (u:Uri,req:HttpRequest,ref:Uri,p:Page,aj:Ajax)); + out(rawRequest(b), (u,req,ref,p,aj))) +| (in(serviceWorkerHttpResponse(b), (u:Uri, resp:HttpResponse,rp:ReferrerPolicy, foo:XDR, corr:bitstring)); + out(serviceWorkerSendHttpResponse(b), (u, resp, rp, foo,corr)))). + + + +fun mkCorrelator(symkey):bitstring [data]. + +(* ?params#params *) +fun withFragment(Params,Params):Params [data]. + +letfun stripUriFragment(u:Uri) = + let uri(pr:Protocol, h:Host, p:Path, withFragment(ps, fs)) = u in + uri(pr, h, p, ps) + else u. + + +free referrerPolicy:channel [private]. +free referrerPolicyResult:channel [private]. + +(*--- HttpClientBegin *) +let HttpClient(b:Browser) = + (in (browserRequest(b),(u:Uri,req:HttpRequest)); + out (serviceWorkerRawRequest(b),(u,req,noneUri,aboutBlank(),notajax()))) + | (in (pageClick(b),(p:Page,u:Uri,req:HttpRequest)); + get pageOrigin(=p,oldorig,h,ref, rp) in + (* apply referer-policy *) + ((if rp = unsafeUrl() then + out (serviceWorkerRawRequest(b),(u,req,ref,aboutBlank(),notajax()))) + |(if rp = noReferrer() then + out (serviceWorkerRawRequest(b),(u,req,noneUri,aboutBlank(),notajax()))) + |(if rp = rorigin() then + out (serviceWorkerRawRequest(b),(u,req,uri(protocol(ref), host(ref), slash(), nullParams()),aboutBlank(),notajax()))) + |(if rp = sameOrigin()then + (if origin(ref) = origin(u) then + out (serviceWorkerRawRequest(b),(u,req,ref,aboutBlank(),notajax())) + else + out (serviceWorkerRawRequest(b),(u,req,noneUri,aboutBlank(),notajax())))))) + | (in (ajaxRequest(b),(p:Page,u:Uri,req:HttpRequest)); + get pageOrigin(=p,oldorig,h,ref, rp) in + (* apply referrer-policy *) + ((if rp = unsafeUrl() then + out (serviceWorkerRawRequest(b),(u,req,ref,p,ajax()))) + |(if rp = noReferrer() then + out (serviceWorkerRawRequest(b),(u,req,noneUri,p,ajax()))) + |(if rp = rorigin() then + out (serviceWorkerRawRequest(b),(u,req,uri(protocol(ref), host(ref), slash(), nullParams()),p,ajax()))) + |(if rp = sameOrigin()then + (if origin(ref) = origin(u) then + out (serviceWorkerRawRequest(b),(u,req,ref,p,ajax())) + else + out (serviceWorkerRawRequest(b),(u,req,noneUri,p,ajax())))))) + | (in (rawRequest(b),(u:Uri,req:HttpRequest,ref1:Uri,p:Page,aj:Ajax)); + let o = origin(u) in + let h = path(u) in + get cookies(=b,=o,=slash(),cs) in + get cookies(=b,=o,=h,ch) in + let ref = stripUriFragment(ref1) in + let header = headers(ref, cookiePair(cs,ch), aj) in + get serverIdentities(=o,pk_host,xxxx,xdrp) in + let m = httpReq(stripUriFragment(u),header,req) in + let (k:symkey,e:bitstring) = reqenc(o,m,pk_host) in + out(net,(b, o, e)); + in(net,(=o,=b,x:bitstring)); + let httpResp(resp1,cookiePair(csn,chn), rp1, foo1) = respdec(o,x,k) in + + (* no cookies for our service worker :( *) + (* https://fetch.spec.whatwg.org/#forbidden-response-header-name *) + let corr = mkCorrelator(k) in + out(serviceWorkerHttpResponse(b), (u, resp1, rp1, foo1, corr)); + in(serviceWorkerSendHttpResponse(b), (u:Uri, resp:HttpResponse, rp:ReferrerPolicy, foo:XDR, =corr)); + + insert cookies(b,o,slash(),csn); + let pathCookie(nc,nh) = chn in + (insert cookies(b,o,nh,nc); + ((let httpOk(dataIn) = resp in + if p = aboutBlank() then + (let p1 = mkPage(u) in + insert pageOrigin(p1,o,h,u,rp); (* insert referrer policy*) + out (newPage(b),(p1,u,dataIn))) + else + (get pageOrigin(=p,oldorig,oldh,olduri,refp) in + if (foo = xdr() || oldorig = o) then + out (ajaxResponse(b),(p,u,dataIn)))) + |(let httpRedirect(redir) = resp in + out (serviceWorkerRawRequest(b),(redir,httpGet(),ref,p,notajax()))))) + else + (insert cookies(b,o,h,chn); + ((let httpOk(dataIn) = resp in + if p = aboutBlank() then + (let p1 = mkPage(u) in + insert pageOrigin(p1,o,h,u,rp); (* insert referrer policy*) + out (newPage(b),(p1,u,dataIn))) + else + (get pageOrigin(=p,oldorig,oldh,olduri,refp) in + if (foo = xdr() || oldorig = o) then + out (ajaxResponse(b),(p,u,dataIn)))) + |(let httpRedirect(redir) = resp in + out (serviceWorkerRawRequest(b),(redir,httpGet(),ref,p,notajax())))))) + | (get pageOrigin(p,o,h,ref,refp) in + get cookies(=b,=o,=slash(),cs) in + get cookies(=b,=o,=h,ch) in + get storage(=b,=o,s) in + out (getCookieStorage(b),(p,cookiePair(domcookie(cs),domcookie(ch)),s))) + | (in (setCookieStorage(b),(p:Page,dc:Cookie,ns:Data)); + get pageOrigin(=p,o,h,ref,refp) in + get cookies(=b,=o,=h,ck) in + insert cookies(b,o,h,updatedomcookie(ck,securejs(dc),insecurejs(dc))); + insert storage(b,o,ns)) + | (in(pub,(o:Origin,h:Path)); + insert cookies(b,o,h,nullCookie()); + insert storage(b,o,nullStore)). +(*--- HttpClientEnd *) + +(* ---------------------------- Server Starts --------------------- *) + +type Session. +type HTMLtag. + +free httpServerRequest : channel [private]. +free httpServerResponse : channel [private]. + +(* Website Forms *) + +fun formGen(HTMLtag,Uri): bitstring [data]. +reduc forall tag: HTMLtag, action:Uri; formAction(formGen(tag,action))=action . +reduc forall tag: HTMLtag, action:Uri; formTag(formGen(tag,action))=tag . + +(*fun mkCorrelator(symkey):bitstring [data].*) + +(* +free corrconst:bitstring. +letfun mkCorrelator(k:bitstring) = corrconst. +*) + +(*--- HttpServerBegin *) +let HttpServer() = + !in(net,(b:Browser,o:Origin,m:bitstring)); + get serverIdentities(=o,pk_P,sk_P,xdrp) in + let (k:symkey,httpReq(u,hs,req)) = reqdec(o,m,sk_P) in + if origin(u) = o then + let corr = mkCorrelator(k) in + out(httpServerRequest,(u,hs,req,corr)); + in(httpServerResponse,(=u,resp:HttpResponse,cookieOut:CookiePair,rp:ReferrerPolicy, =corr)); + out(net,(o,b,respenc(o,httpResp(resp,cookieOut,rp,xdrp),k))). +(*--- HttpServerEnd *) + + +let BrowserProcess() = + !(new b:Browser; + out(pub,b); + HttpClient(b)). + +let Network()= + !AttackerProxy(). + +free mallory:Host. +let MaliciousApp() = + (new sk:privkey; + let pubk = pk(sk) in + insert serverIdentities(orig(https(),mallory), pubk,sk,xdr()); + out(pub,(sk,pubk))) | + !(get pageOrigin(p,o,h,u,refp) in + let orig(x,=mallory) = o in + out (pub,p)). + + +fun resource(): Path [data]. + +let UAFetchResources(b:Browser, h:Host) = + (in(newPage(b), (p:Page, u:Uri, d:bitstring)); + let res = uri(https(), h, resource(), nullParams()) in + out(pageClick(b), (p, res, httpGet()))). \ No newline at end of file diff --git a/casestudies-src/README.md b/casestudies-src/README.md new file mode 100644 index 0000000..b2d01a5 --- /dev/null +++ b/casestudies-src/README.md @@ -0,0 +1,85 @@ +# Case studies + +## OAuth 2.0 + +### Set-Up + +#### Obtaining OAuth Credentials + +- Auth Server: the artificial RP is already configured with the artificial IdP (AS) integration +- Google: [guide](https://developers.google.com/identity/protocols/oauth2/web-server#creatingcred) +- Facebook: [guide](https://developers.facebook.com/docs/facebook-login/web#redirecturl) +- VK: [documentation](https://vk.com/dev/authcode_flow_user) + +#### Running the Artificial RP + +```sh +docker-compose -f docker-compose.oauth.yml up --build +``` +A proxy server is listening on port `8080`. +This proxy is the only way to connect to the case study virtual network: the artificial RP is reachable through the proxy at `https://integrator.com`. + +The `docker-compose` command sets up a testing environment composed of four proxies: +- a **reverse proxy** in front of the artificial RP. Web interface on port `8082`. +- a **proxy** between the artificial RP and the IdPs (back channels). Web interface on port `8083`. +- a **reverse proxy** in front of the artificial IdP. Web interface on port `8084`. +- a **proxy** through which the virtual network is accessible (listening on port `8080`). Web interface on port `8081`. + +The artificial IdP "AS" is already configured and can be tested with the following user account: +- `alberto.lupo@null.net:qwerty` (username:password) + + +### Attacker controlled website + +The `http://attacker.com` website is accessible through the proxy on port `8080`. +This malicious website integrates the AS IdP using the honest `client_id` and a malicious `redirect_uri` and can be used to mount the *Unauthorized login by auth. code redirection* attack. In particular, the attack is executed as follows +1. The victim is tricked into clicking on the "Log in with AS" button at `attacker.com` +2. The victim is redirected to the `/get-code.php` page that saves the code and show an error. +3. The attacker can replay the obtained code (in `attacker.com/log.txt`) to the artificial RP to log in as the victim. + +### Monitors + +1. The service worker monitor on the artificial RP is enabled by default and can be disabled by removing the `sw_monitor` folder in `/casestudies-src/artificial_rp/estensions/`. The monitor is currently configured for the AS (artificial IdP) integration: the configuration can be changed by editing the [sw.js](https://github.com/6Lp5GZYvrcWGwb20/bulwark_experiments/blob/master/casestudies-src/artificial_rp/extensions/sw_monitor/sw.js#L2) file. +2. The proxy monitor on the artificial IdP can be enabled by decommenting [line 47](https://github.com/6Lp5GZYvrcWGwb20/bulwark_experiments/blob/master/casestudies-src/docker-compose.oauth.yml#L47) of the `docker-compose.oauth.yml` file. + +## PayPal + +### Set-Up + + This case study needs to be deployed on a **public IP** address, that needs to be specified as an environment variable (`APPHOST=`) in `docker-compose.paypal.yml`. + +The following steps refer to the *osCommerce* case study, they can easily be applied to the other two case studies by changing the integration specific parameters: +- return and IPN URLs in the PayPal business account settings; +- `build` and `image` directives in the `docker-compose.paypal.yml` file. + +#### On PayPal Website + +1. Create a sandbox business account; +2. Log into [sandbox.paypal.com](https://sandbox.paypal.com) using the newly created business account; +3. Go to **Settings** -> **Account Settings** -> **Website payments**: + 1. Under **Website preferences** enable **Auto return** and set the Return URI to `http:///checkout_process.php`; + 2. Under **Instant Payment Notification** turn on IPN messages and edit the **Notification URL** to be `http://:80/ext/modules/payment/paypal/standard_ipn.php`. + +#### On Your Server + +Run the e-commerce website: + +```sh +docker-compose -f docker-compose.paypal.yml up --build +``` + +A proxy server is listening on port `9090`. +The `docker-compose` command sets up a testing environment composed of three proxies listening on the same ports as in the OAuth case study. +You need to connect to the **public IP** of the website through this proxy (`9090`) for the ca sestudy to work correctly. + +1. Go to `http:///admin` and log in using the admin credentials `toto:toto`; +2. Select **Modules** -> **Payment** on the sidebar, then **PayPal Website Payments Standard** and click **Edit**: + 1. Set your business account in the **E-Mail Address** field; + 2. Select **Delivered** in the **Set PayPal Acknowledged Order Status** dropdown; + 3. Click **Save**. + +The website is now configured and you can test the integration using the `user1@example.com:user1pass` account. + +### Monitors + +1. The proxy monitor can be enabled by decommenting [line 32](https://github.com/6Lp5GZYvrcWGwb20/bulwark_experiments/blob/master/casestudies-src/docker-compose.paypal.yml#L32) **and** [line 48](https://github.com/6Lp5GZYvrcWGwb20/bulwark_experiments/blob/master/casestudies-src/docker-compose.paypal.yml#L48) of the `docker-compose.paypal.yml` file. diff --git a/casestudies-src/artificial_idp/Dockerfile b/casestudies-src/artificial_idp/Dockerfile new file mode 100644 index 0000000..9af2d4a --- /dev/null +++ b/casestudies-src/artificial_idp/Dockerfile @@ -0,0 +1,7 @@ +FROM python:3.6 +ENV MONGO_HOST mongo + +COPY . /app +WORKDIR /app +RUN pip install -r requirements.txt +CMD "python main.py --init && python main.py --ssl --port 443" diff --git a/casestudies-src/artificial_idp/README.md b/casestudies-src/artificial_idp/README.md new file mode 100644 index 0000000..13196c8 --- /dev/null +++ b/casestudies-src/artificial_idp/README.md @@ -0,0 +1,12 @@ +# Auth Server - Artificial IdP + +## Set-Up + +```sh +docker build -t auth-server:latest . +docker run -p 443:443 -e MONGO_HOST=127.0.0.1 auth-server:latest +``` + +## Users + +- `alberto.lupo@null.net:qwerty` diff --git a/casestudies-src/artificial_idp/main.py b/casestudies-src/artificial_idp/main.py new file mode 100644 index 0000000..190e297 --- /dev/null +++ b/casestudies-src/artificial_idp/main.py @@ -0,0 +1,208 @@ +#!/usr/bin/env python3 + +import urllib.parse +import string +import random +import logging +import sys +import os +import argparse + +import pymongo + +from flask import Flask, render_template, request, session, redirect, abort, flash, url_for, jsonify + + +app = Flask(__name__) +app.secret_key = 'auth_serverSec' + +mongo_host = os.environ.get('MONGO_HOST', 'localhost') + +mongo_client = pymongo.MongoClient(host=mongo_host, connect=False) +db = mongo_client['auth_server'] +DB_USERS = 'users' +DB_CLIENTS = 'clients' +DB_CODES = 'codes' +DB_TOKENS = 'tokens' + + +logger = logging.getLogger(__name__) +logging.basicConfig(stream=sys.stdout, level=logging.INFO, + format='[%(asctime)-15s] <%(name)s:%(levelname)s> %(message)s') + + +@app.route('/') +def index(): + return render_template('index.html') + +@app.route('/login', methods=['GET', 'POST']) +def login(): + if 'username' in session: + next_url = request.args.get('next', url_for('index')) + return redirect(urllib.parse.unquote(next_url)) + + if request.method == 'POST': + if db[DB_USERS].find({ + 'username': request.form['username'], + 'password': request.form['password'] + }).count() > 0: + session['username'] = request.form['username'] + next_url = request.args.get('next', url_for('index')) + return redirect(urllib.parse.unquote(next_url)) + + flash('Invalid username or password!') + return render_template('login.html') + + return render_template('login.html') + + +@app.route('/logout') +def logout(): + while 'username' in session: + session.pop('username', None) + while 'scope' in session: + session.pop('scope', None) + return redirect(url_for('index')) + +@app.route('/oauth2/auth', methods=['GET', 'POST']) +def auth(): + response_type = request.args.get('response_type') + redirect_uri = request.args.get('redirect_uri') + scope = request.args.get('scope') + client_id = request.args.get('client_id') + state = request.args.get('state') + + assert response_type == 'code' + assert redirect_uri + assert scope + assert client_id + + if request.method == 'POST': + if request.form['action'] == 'ok': + session['scope'] = scope + if request.form['action'] == 'nope': + return redirect(url_for('index')) + + client = db[DB_CLIENTS].find_one({'client_id': client_id}) + if not client: + abort(401) + + if 'username' in session and 'scope' in session and session['scope'] == scope: + code = ''.join(random.choice(string.ascii_letters+'/') for _ in range(128)) + + # Save the code + db[DB_CODES].insert({ + 'client_id': client_id, + 'code': code, + 'redirect_uri':redirect_uri, + 'scope': scope, + 'username': session['username'] + }) + + reduri = "{}?code={}".format(redirect_uri, code) + if state: + reduri += '&state={}'.format(state) + return redirect(reduri, code=302) + + if not 'username' in session: + return redirect('/login?next={}'.format(urllib.parse.quote_plus(request.full_path))) + if not 'scope' in session: + return render_template( + 'authorize.html', + client_id=client_id, + client_name=client['name'], + scope=scope.split(" ") + ) + + +@app.route('/oauth2/token') +def token(): + redirect_uri = request.args.get('redirect_uri') + code = request.args.get('code') + client_id = request.args.get('client_id') + client_secret = request.args.get('client_secret') + + assert redirect_uri + assert code + assert client_id + assert client_secret + + client = db[DB_CLIENTS].find_one({ + 'client_id': client_id, + 'client_secret': client_secret + }) + issued_code = db[DB_CODES].find_one({ + 'client_id': client_id, + 'code': code + }) + + if client and issued_code: + + token = ''.join(random.choice(string.ascii_letters+'/') for _ in range(128)) + + # Delete code (code is single use) + db[DB_CODES].delete_one({ + 'client_id': client_id, + 'code': code + }) + + # Save the token + db[DB_TOKENS].insert({ + 'client_id': client_id, + 'token': token, + 'scope': issued_code['scope'], + 'username': issued_code['username'] + }) + + return jsonify({'token': token}) + + else: + abort(401) + + +@app.route('/info') +def info(): + authorization = request.headers.get('Authorization') + try: + _, auth_token = authorization.split(" ") + + token_record = db[DB_TOKENS].find_one({ + 'token': auth_token + }) + if not token_record: + raise RuntimeError() + + return jsonify({'email': token_record['username']}) + + except: + abort(401) + + +################################################################################ + +def main(): + parser = argparse.ArgumentParser('AUTH_SERVER') + parser.add_argument('--host', default='0.0.0.0') + parser.add_argument('--port', default=8080, type=int) + parser.add_argument('--ssl', action='store_true', default=False) + parser.add_argument('--debug', action='store_true', default=False) + parser.add_argument('--init', action='store_true', default=False) + args = parser.parse_args() + + if args.init: + db.drop_collection(DB_USERS) + db.drop_collection(DB_CLIENTS) + db.drop_collection(DB_CODES) + db.drop_collection(DB_TOKENS) + db[DB_USERS].insert({"username" : "alberto.lupo@null.net", "password" : "qwerty" }) + db[DB_CLIENTS].insert({"client_id" : "67538654696", "name" : "App", "client_secret" : "Pq9LAGblNUnLswc3dtlXlccSXOe31S6I" }) + sys.exit(0) + + ssl_context = None + if args.ssl: + ssl_context='adhoc' + + app.run(host=args.host, port=args.port, threaded=True, debug=args.debug, ssl_context=ssl_context) + +if __name__ == '__main__': + main() diff --git a/casestudies-src/artificial_idp/requirements.txt b/casestudies-src/artificial_idp/requirements.txt new file mode 100644 index 0000000..286ccd5 --- /dev/null +++ b/casestudies-src/artificial_idp/requirements.txt @@ -0,0 +1,3 @@ +flask +pymongo +pyopenssl diff --git a/casestudies-src/artificial_idp/static/css/bootstrap-theme.min.css b/casestudies-src/artificial_idp/static/css/bootstrap-theme.min.css new file mode 100644 index 0000000..5e39401 --- /dev/null +++ b/casestudies-src/artificial_idp/static/css/bootstrap-theme.min.css @@ -0,0 +1,6 @@ +/*! + * Bootstrap v3.3.7 (http://getbootstrap.com) + * Copyright 2011-2016 Twitter, Inc. + * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) + */.btn-danger,.btn-default,.btn-info,.btn-primary,.btn-success,.btn-warning{text-shadow:0 -1px 0 rgba(0,0,0,.2);-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 rgba(255,255,255,.15),0 1px 1px rgba(0,0,0,.075)}.btn-danger.active,.btn-danger:active,.btn-default.active,.btn-default:active,.btn-info.active,.btn-info:active,.btn-primary.active,.btn-primary:active,.btn-success.active,.btn-success:active,.btn-warning.active,.btn-warning:active{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125);box-shadow:inset 0 3px 5px rgba(0,0,0,.125)}.btn-danger.disabled,.btn-danger[disabled],.btn-default.disabled,.btn-default[disabled],.btn-info.disabled,.btn-info[disabled],.btn-primary.disabled,.btn-primary[disabled],.btn-success.disabled,.btn-success[disabled],.btn-warning.disabled,.btn-warning[disabled],fieldset[disabled] .btn-danger,fieldset[disabled] .btn-default,fieldset[disabled] .btn-info,fieldset[disabled] .btn-primary,fieldset[disabled] .btn-success,fieldset[disabled] .btn-warning{-webkit-box-shadow:none;box-shadow:none}.btn-danger .badge,.btn-default .badge,.btn-info .badge,.btn-primary .badge,.btn-success .badge,.btn-warning .badge{text-shadow:none}.btn.active,.btn:active{background-image:none}.btn-default{text-shadow:0 1px 0 #fff;background-image:-webkit-linear-gradient(top,#fff 0,#e0e0e0 100%);background-image:-o-linear-gradient(top,#fff 0,#e0e0e0 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#fff),to(#e0e0e0));background-image:linear-gradient(to bottom,#fff 0,#e0e0e0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#ffe0e0e0', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);background-repeat:repeat-x;border-color:#dbdbdb;border-color:#ccc}.btn-default:focus,.btn-default:hover{background-color:#e0e0e0;background-position:0 -15px}.btn-default.active,.btn-default:active{background-color:#e0e0e0;border-color:#dbdbdb}.btn-default.disabled,.btn-default.disabled.active,.btn-default.disabled.focus,.btn-default.disabled:active,.btn-default.disabled:focus,.btn-default.disabled:hover,.btn-default[disabled],.btn-default[disabled].active,.btn-default[disabled].focus,.btn-default[disabled]:active,.btn-default[disabled]:focus,.btn-default[disabled]:hover,fieldset[disabled] .btn-default,fieldset[disabled] .btn-default.active,fieldset[disabled] .btn-default.focus,fieldset[disabled] .btn-default:active,fieldset[disabled] .btn-default:focus,fieldset[disabled] .btn-default:hover{background-color:#e0e0e0;background-image:none}.btn-primary{background-image:-webkit-linear-gradient(top,#337ab7 0,#265a88 100%);background-image:-o-linear-gradient(top,#337ab7 0,#265a88 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#337ab7),to(#265a88));background-image:linear-gradient(to bottom,#337ab7 0,#265a88 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff337ab7', endColorstr='#ff265a88', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);background-repeat:repeat-x;border-color:#245580}.btn-primary:focus,.btn-primary:hover{background-color:#265a88;background-position:0 -15px}.btn-primary.active,.btn-primary:active{background-color:#265a88;border-color:#245580}.btn-primary.disabled,.btn-primary.disabled.active,.btn-primary.disabled.focus,.btn-primary.disabled:active,.btn-primary.disabled:focus,.btn-primary.disabled:hover,.btn-primary[disabled],.btn-primary[disabled].active,.btn-primary[disabled].focus,.btn-primary[disabled]:active,.btn-primary[disabled]:focus,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary,fieldset[disabled] .btn-primary.active,fieldset[disabled] .btn-primary.focus,fieldset[disabled] .btn-primary:active,fieldset[disabled] .btn-primary:focus,fieldset[disabled] .btn-primary:hover{background-color:#265a88;background-image:none}.btn-success{background-image:-webkit-linear-gradient(top,#5cb85c 0,#419641 100%);background-image:-o-linear-gradient(top,#5cb85c 0,#419641 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#5cb85c),to(#419641));background-image:linear-gradient(to bottom,#5cb85c 0,#419641 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5cb85c', endColorstr='#ff419641', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);background-repeat:repeat-x;border-color:#3e8f3e}.btn-success:focus,.btn-success:hover{background-color:#419641;background-position:0 -15px}.btn-success.active,.btn-success:active{background-color:#419641;border-color:#3e8f3e}.btn-success.disabled,.btn-success.disabled.active,.btn-success.disabled.focus,.btn-success.disabled:active,.btn-success.disabled:focus,.btn-success.disabled:hover,.btn-success[disabled],.btn-success[disabled].active,.btn-success[disabled].focus,.btn-success[disabled]:active,.btn-success[disabled]:focus,.btn-success[disabled]:hover,fieldset[disabled] .btn-success,fieldset[disabled] .btn-success.active,fieldset[disabled] .btn-success.focus,fieldset[disabled] .btn-success:active,fieldset[disabled] .btn-success:focus,fieldset[disabled] .btn-success:hover{background-color:#419641;background-image:none}.btn-info{background-image:-webkit-linear-gradient(top,#5bc0de 0,#2aabd2 100%);background-image:-o-linear-gradient(top,#5bc0de 0,#2aabd2 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#5bc0de),to(#2aabd2));background-image:linear-gradient(to bottom,#5bc0de 0,#2aabd2 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff2aabd2', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);background-repeat:repeat-x;border-color:#28a4c9}.btn-info:focus,.btn-info:hover{background-color:#2aabd2;background-position:0 -15px}.btn-info.active,.btn-info:active{background-color:#2aabd2;border-color:#28a4c9}.btn-info.disabled,.btn-info.disabled.active,.btn-info.disabled.focus,.btn-info.disabled:active,.btn-info.disabled:focus,.btn-info.disabled:hover,.btn-info[disabled],.btn-info[disabled].active,.btn-info[disabled].focus,.btn-info[disabled]:active,.btn-info[disabled]:focus,.btn-info[disabled]:hover,fieldset[disabled] .btn-info,fieldset[disabled] .btn-info.active,fieldset[disabled] .btn-info.focus,fieldset[disabled] .btn-info:active,fieldset[disabled] .btn-info:focus,fieldset[disabled] .btn-info:hover{background-color:#2aabd2;background-image:none}.btn-warning{background-image:-webkit-linear-gradient(top,#f0ad4e 0,#eb9316 100%);background-image:-o-linear-gradient(top,#f0ad4e 0,#eb9316 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#f0ad4e),to(#eb9316));background-image:linear-gradient(to bottom,#f0ad4e 0,#eb9316 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff0ad4e', endColorstr='#ffeb9316', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);background-repeat:repeat-x;border-color:#e38d13}.btn-warning:focus,.btn-warning:hover{background-color:#eb9316;background-position:0 -15px}.btn-warning.active,.btn-warning:active{background-color:#eb9316;border-color:#e38d13}.btn-warning.disabled,.btn-warning.disabled.active,.btn-warning.disabled.focus,.btn-warning.disabled:active,.btn-warning.disabled:focus,.btn-warning.disabled:hover,.btn-warning[disabled],.btn-warning[disabled].active,.btn-warning[disabled].focus,.btn-warning[disabled]:active,.btn-warning[disabled]:focus,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning,fieldset[disabled] .btn-warning.active,fieldset[disabled] .btn-warning.focus,fieldset[disabled] .btn-warning:active,fieldset[disabled] .btn-warning:focus,fieldset[disabled] .btn-warning:hover{background-color:#eb9316;background-image:none}.btn-danger{background-image:-webkit-linear-gradient(top,#d9534f 0,#c12e2a 100%);background-image:-o-linear-gradient(top,#d9534f 0,#c12e2a 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#d9534f),to(#c12e2a));background-image:linear-gradient(to bottom,#d9534f 0,#c12e2a 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9534f', endColorstr='#ffc12e2a', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);background-repeat:repeat-x;border-color:#b92c28}.btn-danger:focus,.btn-danger:hover{background-color:#c12e2a;background-position:0 -15px}.btn-danger.active,.btn-danger:active{background-color:#c12e2a;border-color:#b92c28}.btn-danger.disabled,.btn-danger.disabled.active,.btn-danger.disabled.focus,.btn-danger.disabled:active,.btn-danger.disabled:focus,.btn-danger.disabled:hover,.btn-danger[disabled],.btn-danger[disabled].active,.btn-danger[disabled].focus,.btn-danger[disabled]:active,.btn-danger[disabled]:focus,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger,fieldset[disabled] .btn-danger.active,fieldset[disabled] .btn-danger.focus,fieldset[disabled] .btn-danger:active,fieldset[disabled] .btn-danger:focus,fieldset[disabled] .btn-danger:hover{background-color:#c12e2a;background-image:none}.img-thumbnail,.thumbnail{-webkit-box-shadow:0 1px 2px rgba(0,0,0,.075);box-shadow:0 1px 2px rgba(0,0,0,.075)}.dropdown-menu>li>a:focus,.dropdown-menu>li>a:hover{background-color:#e8e8e8;background-image:-webkit-linear-gradient(top,#f5f5f5 0,#e8e8e8 100%);background-image:-o-linear-gradient(top,#f5f5f5 0,#e8e8e8 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#f5f5f5),to(#e8e8e8));background-image:linear-gradient(to bottom,#f5f5f5 0,#e8e8e8 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5', endColorstr='#ffe8e8e8', GradientType=0);background-repeat:repeat-x}.dropdown-menu>.active>a,.dropdown-menu>.active>a:focus,.dropdown-menu>.active>a:hover{background-color:#2e6da4;background-image:-webkit-linear-gradient(top,#337ab7 0,#2e6da4 100%);background-image:-o-linear-gradient(top,#337ab7 0,#2e6da4 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#337ab7),to(#2e6da4));background-image:linear-gradient(to bottom,#337ab7 0,#2e6da4 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff337ab7', endColorstr='#ff2e6da4', GradientType=0);background-repeat:repeat-x}.navbar-default{background-image:-webkit-linear-gradient(top,#fff 0,#f8f8f8 100%);background-image:-o-linear-gradient(top,#fff 0,#f8f8f8 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#fff),to(#f8f8f8));background-image:linear-gradient(to bottom,#fff 0,#f8f8f8 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#fff8f8f8', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);background-repeat:repeat-x;border-radius:4px;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,.15),0 1px 5px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 rgba(255,255,255,.15),0 1px 5px rgba(0,0,0,.075)}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.open>a{background-image:-webkit-linear-gradient(top,#dbdbdb 0,#e2e2e2 100%);background-image:-o-linear-gradient(top,#dbdbdb 0,#e2e2e2 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#dbdbdb),to(#e2e2e2));background-image:linear-gradient(to bottom,#dbdbdb 0,#e2e2e2 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdbdbdb', endColorstr='#ffe2e2e2', GradientType=0);background-repeat:repeat-x;-webkit-box-shadow:inset 0 3px 9px rgba(0,0,0,.075);box-shadow:inset 0 3px 9px rgba(0,0,0,.075)}.navbar-brand,.navbar-nav>li>a{text-shadow:0 1px 0 rgba(255,255,255,.25)}.navbar-inverse{background-image:-webkit-linear-gradient(top,#3c3c3c 0,#222 100%);background-image:-o-linear-gradient(top,#3c3c3c 0,#222 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#3c3c3c),to(#222));background-image:linear-gradient(to bottom,#3c3c3c 0,#222 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff3c3c3c', endColorstr='#ff222222', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);background-repeat:repeat-x;border-radius:4px}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.open>a{background-image:-webkit-linear-gradient(top,#080808 0,#0f0f0f 100%);background-image:-o-linear-gradient(top,#080808 0,#0f0f0f 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#080808),to(#0f0f0f));background-image:linear-gradient(to bottom,#080808 0,#0f0f0f 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff080808', endColorstr='#ff0f0f0f', GradientType=0);background-repeat:repeat-x;-webkit-box-shadow:inset 0 3px 9px rgba(0,0,0,.25);box-shadow:inset 0 3px 9px rgba(0,0,0,.25)}.navbar-inverse .navbar-brand,.navbar-inverse .navbar-nav>li>a{text-shadow:0 -1px 0 rgba(0,0,0,.25)}.navbar-fixed-bottom,.navbar-fixed-top,.navbar-static-top{border-radius:0}@media (max-width:767px){.navbar .navbar-nav .open .dropdown-menu>.active>a,.navbar .navbar-nav .open .dropdown-menu>.active>a:focus,.navbar .navbar-nav .open .dropdown-menu>.active>a:hover{color:#fff;background-image:-webkit-linear-gradient(top,#337ab7 0,#2e6da4 100%);background-image:-o-linear-gradient(top,#337ab7 0,#2e6da4 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#337ab7),to(#2e6da4));background-image:linear-gradient(to bottom,#337ab7 0,#2e6da4 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff337ab7', endColorstr='#ff2e6da4', GradientType=0);background-repeat:repeat-x}}.alert{text-shadow:0 1px 0 rgba(255,255,255,.2);-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,.25),0 1px 2px rgba(0,0,0,.05);box-shadow:inset 0 1px 0 rgba(255,255,255,.25),0 1px 2px rgba(0,0,0,.05)}.alert-success{background-image:-webkit-linear-gradient(top,#dff0d8 0,#c8e5bc 100%);background-image:-o-linear-gradient(top,#dff0d8 0,#c8e5bc 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#dff0d8),to(#c8e5bc));background-image:linear-gradient(to bottom,#dff0d8 0,#c8e5bc 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdff0d8', endColorstr='#ffc8e5bc', GradientType=0);background-repeat:repeat-x;border-color:#b2dba1}.alert-info{background-image:-webkit-linear-gradient(top,#d9edf7 0,#b9def0 100%);background-image:-o-linear-gradient(top,#d9edf7 0,#b9def0 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#d9edf7),to(#b9def0));background-image:linear-gradient(to bottom,#d9edf7 0,#b9def0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9edf7', endColorstr='#ffb9def0', GradientType=0);background-repeat:repeat-x;border-color:#9acfea}.alert-warning{background-image:-webkit-linear-gradient(top,#fcf8e3 0,#f8efc0 100%);background-image:-o-linear-gradient(top,#fcf8e3 0,#f8efc0 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#fcf8e3),to(#f8efc0));background-image:linear-gradient(to bottom,#fcf8e3 0,#f8efc0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffcf8e3', endColorstr='#fff8efc0', GradientType=0);background-repeat:repeat-x;border-color:#f5e79e}.alert-danger{background-image:-webkit-linear-gradient(top,#f2dede 0,#e7c3c3 100%);background-image:-o-linear-gradient(top,#f2dede 0,#e7c3c3 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#f2dede),to(#e7c3c3));background-image:linear-gradient(to bottom,#f2dede 0,#e7c3c3 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2dede', endColorstr='#ffe7c3c3', GradientType=0);background-repeat:repeat-x;border-color:#dca7a7}.progress{background-image:-webkit-linear-gradient(top,#ebebeb 0,#f5f5f5 100%);background-image:-o-linear-gradient(top,#ebebeb 0,#f5f5f5 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#ebebeb),to(#f5f5f5));background-image:linear-gradient(to bottom,#ebebeb 0,#f5f5f5 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffebebeb', endColorstr='#fff5f5f5', GradientType=0);background-repeat:repeat-x}.progress-bar{background-image:-webkit-linear-gradient(top,#337ab7 0,#286090 100%);background-image:-o-linear-gradient(top,#337ab7 0,#286090 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#337ab7),to(#286090));background-image:linear-gradient(to bottom,#337ab7 0,#286090 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff337ab7', endColorstr='#ff286090', GradientType=0);background-repeat:repeat-x}.progress-bar-success{background-image:-webkit-linear-gradient(top,#5cb85c 0,#449d44 100%);background-image:-o-linear-gradient(top,#5cb85c 0,#449d44 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#5cb85c),to(#449d44));background-image:linear-gradient(to bottom,#5cb85c 0,#449d44 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5cb85c', endColorstr='#ff449d44', GradientType=0);background-repeat:repeat-x}.progress-bar-info{background-image:-webkit-linear-gradient(top,#5bc0de 0,#31b0d5 100%);background-image:-o-linear-gradient(top,#5bc0de 0,#31b0d5 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#5bc0de),to(#31b0d5));background-image:linear-gradient(to bottom,#5bc0de 0,#31b0d5 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff31b0d5', GradientType=0);background-repeat:repeat-x}.progress-bar-warning{background-image:-webkit-linear-gradient(top,#f0ad4e 0,#ec971f 100%);background-image:-o-linear-gradient(top,#f0ad4e 0,#ec971f 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#f0ad4e),to(#ec971f));background-image:linear-gradient(to bottom,#f0ad4e 0,#ec971f 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff0ad4e', endColorstr='#ffec971f', GradientType=0);background-repeat:repeat-x}.progress-bar-danger{background-image:-webkit-linear-gradient(top,#d9534f 0,#c9302c 100%);background-image:-o-linear-gradient(top,#d9534f 0,#c9302c 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#d9534f),to(#c9302c));background-image:linear-gradient(to bottom,#d9534f 0,#c9302c 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9534f', endColorstr='#ffc9302c', GradientType=0);background-repeat:repeat-x}.progress-bar-striped{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent)}.list-group{border-radius:4px;-webkit-box-shadow:0 1px 2px rgba(0,0,0,.075);box-shadow:0 1px 2px rgba(0,0,0,.075)}.list-group-item.active,.list-group-item.active:focus,.list-group-item.active:hover{text-shadow:0 -1px 0 #286090;background-image:-webkit-linear-gradient(top,#337ab7 0,#2b669a 100%);background-image:-o-linear-gradient(top,#337ab7 0,#2b669a 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#337ab7),to(#2b669a));background-image:linear-gradient(to bottom,#337ab7 0,#2b669a 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff337ab7', endColorstr='#ff2b669a', GradientType=0);background-repeat:repeat-x;border-color:#2b669a}.list-group-item.active .badge,.list-group-item.active:focus .badge,.list-group-item.active:hover .badge{text-shadow:none}.panel{-webkit-box-shadow:0 1px 2px rgba(0,0,0,.05);box-shadow:0 1px 2px rgba(0,0,0,.05)}.panel-default>.panel-heading{background-image:-webkit-linear-gradient(top,#f5f5f5 0,#e8e8e8 100%);background-image:-o-linear-gradient(top,#f5f5f5 0,#e8e8e8 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#f5f5f5),to(#e8e8e8));background-image:linear-gradient(to bottom,#f5f5f5 0,#e8e8e8 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5', endColorstr='#ffe8e8e8', GradientType=0);background-repeat:repeat-x}.panel-primary>.panel-heading{background-image:-webkit-linear-gradient(top,#337ab7 0,#2e6da4 100%);background-image:-o-linear-gradient(top,#337ab7 0,#2e6da4 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#337ab7),to(#2e6da4));background-image:linear-gradient(to bottom,#337ab7 0,#2e6da4 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff337ab7', endColorstr='#ff2e6da4', GradientType=0);background-repeat:repeat-x}.panel-success>.panel-heading{background-image:-webkit-linear-gradient(top,#dff0d8 0,#d0e9c6 100%);background-image:-o-linear-gradient(top,#dff0d8 0,#d0e9c6 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#dff0d8),to(#d0e9c6));background-image:linear-gradient(to bottom,#dff0d8 0,#d0e9c6 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdff0d8', endColorstr='#ffd0e9c6', GradientType=0);background-repeat:repeat-x}.panel-info>.panel-heading{background-image:-webkit-linear-gradient(top,#d9edf7 0,#c4e3f3 100%);background-image:-o-linear-gradient(top,#d9edf7 0,#c4e3f3 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#d9edf7),to(#c4e3f3));background-image:linear-gradient(to bottom,#d9edf7 0,#c4e3f3 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9edf7', endColorstr='#ffc4e3f3', GradientType=0);background-repeat:repeat-x}.panel-warning>.panel-heading{background-image:-webkit-linear-gradient(top,#fcf8e3 0,#faf2cc 100%);background-image:-o-linear-gradient(top,#fcf8e3 0,#faf2cc 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#fcf8e3),to(#faf2cc));background-image:linear-gradient(to bottom,#fcf8e3 0,#faf2cc 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffcf8e3', endColorstr='#fffaf2cc', GradientType=0);background-repeat:repeat-x}.panel-danger>.panel-heading{background-image:-webkit-linear-gradient(top,#f2dede 0,#ebcccc 100%);background-image:-o-linear-gradient(top,#f2dede 0,#ebcccc 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#f2dede),to(#ebcccc));background-image:linear-gradient(to bottom,#f2dede 0,#ebcccc 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2dede', endColorstr='#ffebcccc', GradientType=0);background-repeat:repeat-x}.well{background-image:-webkit-linear-gradient(top,#e8e8e8 0,#f5f5f5 100%);background-image:-o-linear-gradient(top,#e8e8e8 0,#f5f5f5 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#e8e8e8),to(#f5f5f5));background-image:linear-gradient(to bottom,#e8e8e8 0,#f5f5f5 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffe8e8e8', endColorstr='#fff5f5f5', GradientType=0);background-repeat:repeat-x;border-color:#dcdcdc;-webkit-box-shadow:inset 0 1px 3px rgba(0,0,0,.05),0 1px 0 rgba(255,255,255,.1);box-shadow:inset 0 1px 3px rgba(0,0,0,.05),0 1px 0 rgba(255,255,255,.1)} +/*# sourceMappingURL=bootstrap-theme.min.css.map */ \ No newline at end of file diff --git a/casestudies-src/artificial_idp/static/css/bootstrap.min.css b/casestudies-src/artificial_idp/static/css/bootstrap.min.css new file mode 100644 index 0000000..ed3905e --- /dev/null +++ b/casestudies-src/artificial_idp/static/css/bootstrap.min.css @@ -0,0 +1,6 @@ +/*! + * Bootstrap v3.3.7 (http://getbootstrap.com) + * Copyright 2011-2016 Twitter, Inc. + * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) + *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{margin:.67em 0;font-size:2em}mark{color:#000;background:#ff0}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{height:0;-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{margin:0;font:inherit;color:inherit}button{overflow:visible}button,select{text-transform:none}button,html input[type=button],input[type=reset],input[type=submit]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{padding:0;border:0}input{line-height:normal}input[type=checkbox],input[type=radio]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;padding:0}input[type=number]::-webkit-inner-spin-button,input[type=number]::-webkit-outer-spin-button{height:auto}input[type=search]{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-appearance:textfield}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration{-webkit-appearance:none}fieldset{padding:.35em .625em .75em;margin:0 2px;border:1px solid silver}legend{padding:0;border:0}textarea{overflow:auto}optgroup{font-weight:700}table{border-spacing:0;border-collapse:collapse}td,th{padding:0}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */@media print{*,:after,:before{color:#000!important;text-shadow:none!important;background:0 0!important;-webkit-box-shadow:none!important;box-shadow:none!important}a,a:visited{text-decoration:underline}a[href]:after{content:" (" attr(href) ")"}abbr[title]:after{content:" (" attr(title) ")"}a[href^="javascript:"]:after,a[href^="#"]:after{content:""}blockquote,pre{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}img,tr{page-break-inside:avoid}img{max-width:100%!important}h2,h3,p{orphans:3;widows:3}h2,h3{page-break-after:avoid}.navbar{display:none}.btn>.caret,.dropup>.btn>.caret{border-top-color:#000!important}.label{border:1px solid #000}.table{border-collapse:collapse!important}.table td,.table th{background-color:#fff!important}.table-bordered td,.table-bordered th{border:1px solid #ddd!important}}@font-face{font-family:'Glyphicons Halflings';src:url(../fonts/glyphicons-halflings-regular.eot);src:url(../fonts/glyphicons-halflings-regular.eot?#iefix) format('embedded-opentype'),url(../fonts/glyphicons-halflings-regular.woff2) format('woff2'),url(../fonts/glyphicons-halflings-regular.woff) format('woff'),url(../fonts/glyphicons-halflings-regular.ttf) format('truetype'),url(../fonts/glyphicons-halflings-regular.svg#glyphicons_halflingsregular) format('svg')}.glyphicon{position:relative;top:1px;display:inline-block;font-family:'Glyphicons Halflings';font-style:normal;font-weight:400;line-height:1;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.glyphicon-asterisk:before{content:"\002a"}.glyphicon-plus:before{content:"\002b"}.glyphicon-eur:before,.glyphicon-euro:before{content:"\20ac"}.glyphicon-minus:before{content:"\2212"}.glyphicon-cloud:before{content:"\2601"}.glyphicon-envelope:before{content:"\2709"}.glyphicon-pencil:before{content:"\270f"}.glyphicon-glass:before{content:"\e001"}.glyphicon-music:before{content:"\e002"}.glyphicon-search:before{content:"\e003"}.glyphicon-heart:before{content:"\e005"}.glyphicon-star:before{content:"\e006"}.glyphicon-star-empty:before{content:"\e007"}.glyphicon-user:before{content:"\e008"}.glyphicon-film:before{content:"\e009"}.glyphicon-th-large:before{content:"\e010"}.glyphicon-th:before{content:"\e011"}.glyphicon-th-list:before{content:"\e012"}.glyphicon-ok:before{content:"\e013"}.glyphicon-remove:before{content:"\e014"}.glyphicon-zoom-in:before{content:"\e015"}.glyphicon-zoom-out:before{content:"\e016"}.glyphicon-off:before{content:"\e017"}.glyphicon-signal:before{content:"\e018"}.glyphicon-cog:before{content:"\e019"}.glyphicon-trash:before{content:"\e020"}.glyphicon-home:before{content:"\e021"}.glyphicon-file:before{content:"\e022"}.glyphicon-time:before{content:"\e023"}.glyphicon-road:before{content:"\e024"}.glyphicon-download-alt:before{content:"\e025"}.glyphicon-download:before{content:"\e026"}.glyphicon-upload:before{content:"\e027"}.glyphicon-inbox:before{content:"\e028"}.glyphicon-play-circle:before{content:"\e029"}.glyphicon-repeat:before{content:"\e030"}.glyphicon-refresh:before{content:"\e031"}.glyphicon-list-alt:before{content:"\e032"}.glyphicon-lock:before{content:"\e033"}.glyphicon-flag:before{content:"\e034"}.glyphicon-headphones:before{content:"\e035"}.glyphicon-volume-off:before{content:"\e036"}.glyphicon-volume-down:before{content:"\e037"}.glyphicon-volume-up:before{content:"\e038"}.glyphicon-qrcode:before{content:"\e039"}.glyphicon-barcode:before{content:"\e040"}.glyphicon-tag:before{content:"\e041"}.glyphicon-tags:before{content:"\e042"}.glyphicon-book:before{content:"\e043"}.glyphicon-bookmark:before{content:"\e044"}.glyphicon-print:before{content:"\e045"}.glyphicon-camera:before{content:"\e046"}.glyphicon-font:before{content:"\e047"}.glyphicon-bold:before{content:"\e048"}.glyphicon-italic:before{content:"\e049"}.glyphicon-text-height:before{content:"\e050"}.glyphicon-text-width:before{content:"\e051"}.glyphicon-align-left:before{content:"\e052"}.glyphicon-align-center:before{content:"\e053"}.glyphicon-align-right:before{content:"\e054"}.glyphicon-align-justify:before{content:"\e055"}.glyphicon-list:before{content:"\e056"}.glyphicon-indent-left:before{content:"\e057"}.glyphicon-indent-right:before{content:"\e058"}.glyphicon-facetime-video:before{content:"\e059"}.glyphicon-picture:before{content:"\e060"}.glyphicon-map-marker:before{content:"\e062"}.glyphicon-adjust:before{content:"\e063"}.glyphicon-tint:before{content:"\e064"}.glyphicon-edit:before{content:"\e065"}.glyphicon-share:before{content:"\e066"}.glyphicon-check:before{content:"\e067"}.glyphicon-move:before{content:"\e068"}.glyphicon-step-backward:before{content:"\e069"}.glyphicon-fast-backward:before{content:"\e070"}.glyphicon-backward:before{content:"\e071"}.glyphicon-play:before{content:"\e072"}.glyphicon-pause:before{content:"\e073"}.glyphicon-stop:before{content:"\e074"}.glyphicon-forward:before{content:"\e075"}.glyphicon-fast-forward:before{content:"\e076"}.glyphicon-step-forward:before{content:"\e077"}.glyphicon-eject:before{content:"\e078"}.glyphicon-chevron-left:before{content:"\e079"}.glyphicon-chevron-right:before{content:"\e080"}.glyphicon-plus-sign:before{content:"\e081"}.glyphicon-minus-sign:before{content:"\e082"}.glyphicon-remove-sign:before{content:"\e083"}.glyphicon-ok-sign:before{content:"\e084"}.glyphicon-question-sign:before{content:"\e085"}.glyphicon-info-sign:before{content:"\e086"}.glyphicon-screenshot:before{content:"\e087"}.glyphicon-remove-circle:before{content:"\e088"}.glyphicon-ok-circle:before{content:"\e089"}.glyphicon-ban-circle:before{content:"\e090"}.glyphicon-arrow-left:before{content:"\e091"}.glyphicon-arrow-right:before{content:"\e092"}.glyphicon-arrow-up:before{content:"\e093"}.glyphicon-arrow-down:before{content:"\e094"}.glyphicon-share-alt:before{content:"\e095"}.glyphicon-resize-full:before{content:"\e096"}.glyphicon-resize-small:before{content:"\e097"}.glyphicon-exclamation-sign:before{content:"\e101"}.glyphicon-gift:before{content:"\e102"}.glyphicon-leaf:before{content:"\e103"}.glyphicon-fire:before{content:"\e104"}.glyphicon-eye-open:before{content:"\e105"}.glyphicon-eye-close:before{content:"\e106"}.glyphicon-warning-sign:before{content:"\e107"}.glyphicon-plane:before{content:"\e108"}.glyphicon-calendar:before{content:"\e109"}.glyphicon-random:before{content:"\e110"}.glyphicon-comment:before{content:"\e111"}.glyphicon-magnet:before{content:"\e112"}.glyphicon-chevron-up:before{content:"\e113"}.glyphicon-chevron-down:before{content:"\e114"}.glyphicon-retweet:before{content:"\e115"}.glyphicon-shopping-cart:before{content:"\e116"}.glyphicon-folder-close:before{content:"\e117"}.glyphicon-folder-open:before{content:"\e118"}.glyphicon-resize-vertical:before{content:"\e119"}.glyphicon-resize-horizontal:before{content:"\e120"}.glyphicon-hdd:before{content:"\e121"}.glyphicon-bullhorn:before{content:"\e122"}.glyphicon-bell:before{content:"\e123"}.glyphicon-certificate:before{content:"\e124"}.glyphicon-thumbs-up:before{content:"\e125"}.glyphicon-thumbs-down:before{content:"\e126"}.glyphicon-hand-right:before{content:"\e127"}.glyphicon-hand-left:before{content:"\e128"}.glyphicon-hand-up:before{content:"\e129"}.glyphicon-hand-down:before{content:"\e130"}.glyphicon-circle-arrow-right:before{content:"\e131"}.glyphicon-circle-arrow-left:before{content:"\e132"}.glyphicon-circle-arrow-up:before{content:"\e133"}.glyphicon-circle-arrow-down:before{content:"\e134"}.glyphicon-globe:before{content:"\e135"}.glyphicon-wrench:before{content:"\e136"}.glyphicon-tasks:before{content:"\e137"}.glyphicon-filter:before{content:"\e138"}.glyphicon-briefcase:before{content:"\e139"}.glyphicon-fullscreen:before{content:"\e140"}.glyphicon-dashboard:before{content:"\e141"}.glyphicon-paperclip:before{content:"\e142"}.glyphicon-heart-empty:before{content:"\e143"}.glyphicon-link:before{content:"\e144"}.glyphicon-phone:before{content:"\e145"}.glyphicon-pushpin:before{content:"\e146"}.glyphicon-usd:before{content:"\e148"}.glyphicon-gbp:before{content:"\e149"}.glyphicon-sort:before{content:"\e150"}.glyphicon-sort-by-alphabet:before{content:"\e151"}.glyphicon-sort-by-alphabet-alt:before{content:"\e152"}.glyphicon-sort-by-order:before{content:"\e153"}.glyphicon-sort-by-order-alt:before{content:"\e154"}.glyphicon-sort-by-attributes:before{content:"\e155"}.glyphicon-sort-by-attributes-alt:before{content:"\e156"}.glyphicon-unchecked:before{content:"\e157"}.glyphicon-expand:before{content:"\e158"}.glyphicon-collapse-down:before{content:"\e159"}.glyphicon-collapse-up:before{content:"\e160"}.glyphicon-log-in:before{content:"\e161"}.glyphicon-flash:before{content:"\e162"}.glyphicon-log-out:before{content:"\e163"}.glyphicon-new-window:before{content:"\e164"}.glyphicon-record:before{content:"\e165"}.glyphicon-save:before{content:"\e166"}.glyphicon-open:before{content:"\e167"}.glyphicon-saved:before{content:"\e168"}.glyphicon-import:before{content:"\e169"}.glyphicon-export:before{content:"\e170"}.glyphicon-send:before{content:"\e171"}.glyphicon-floppy-disk:before{content:"\e172"}.glyphicon-floppy-saved:before{content:"\e173"}.glyphicon-floppy-remove:before{content:"\e174"}.glyphicon-floppy-save:before{content:"\e175"}.glyphicon-floppy-open:before{content:"\e176"}.glyphicon-credit-card:before{content:"\e177"}.glyphicon-transfer:before{content:"\e178"}.glyphicon-cutlery:before{content:"\e179"}.glyphicon-header:before{content:"\e180"}.glyphicon-compressed:before{content:"\e181"}.glyphicon-earphone:before{content:"\e182"}.glyphicon-phone-alt:before{content:"\e183"}.glyphicon-tower:before{content:"\e184"}.glyphicon-stats:before{content:"\e185"}.glyphicon-sd-video:before{content:"\e186"}.glyphicon-hd-video:before{content:"\e187"}.glyphicon-subtitles:before{content:"\e188"}.glyphicon-sound-stereo:before{content:"\e189"}.glyphicon-sound-dolby:before{content:"\e190"}.glyphicon-sound-5-1:before{content:"\e191"}.glyphicon-sound-6-1:before{content:"\e192"}.glyphicon-sound-7-1:before{content:"\e193"}.glyphicon-copyright-mark:before{content:"\e194"}.glyphicon-registration-mark:before{content:"\e195"}.glyphicon-cloud-download:before{content:"\e197"}.glyphicon-cloud-upload:before{content:"\e198"}.glyphicon-tree-conifer:before{content:"\e199"}.glyphicon-tree-deciduous:before{content:"\e200"}.glyphicon-cd:before{content:"\e201"}.glyphicon-save-file:before{content:"\e202"}.glyphicon-open-file:before{content:"\e203"}.glyphicon-level-up:before{content:"\e204"}.glyphicon-copy:before{content:"\e205"}.glyphicon-paste:before{content:"\e206"}.glyphicon-alert:before{content:"\e209"}.glyphicon-equalizer:before{content:"\e210"}.glyphicon-king:before{content:"\e211"}.glyphicon-queen:before{content:"\e212"}.glyphicon-pawn:before{content:"\e213"}.glyphicon-bishop:before{content:"\e214"}.glyphicon-knight:before{content:"\e215"}.glyphicon-baby-formula:before{content:"\e216"}.glyphicon-tent:before{content:"\26fa"}.glyphicon-blackboard:before{content:"\e218"}.glyphicon-bed:before{content:"\e219"}.glyphicon-apple:before{content:"\f8ff"}.glyphicon-erase:before{content:"\e221"}.glyphicon-hourglass:before{content:"\231b"}.glyphicon-lamp:before{content:"\e223"}.glyphicon-duplicate:before{content:"\e224"}.glyphicon-piggy-bank:before{content:"\e225"}.glyphicon-scissors:before{content:"\e226"}.glyphicon-bitcoin:before{content:"\e227"}.glyphicon-btc:before{content:"\e227"}.glyphicon-xbt:before{content:"\e227"}.glyphicon-yen:before{content:"\00a5"}.glyphicon-jpy:before{content:"\00a5"}.glyphicon-ruble:before{content:"\20bd"}.glyphicon-rub:before{content:"\20bd"}.glyphicon-scale:before{content:"\e230"}.glyphicon-ice-lolly:before{content:"\e231"}.glyphicon-ice-lolly-tasted:before{content:"\e232"}.glyphicon-education:before{content:"\e233"}.glyphicon-option-horizontal:before{content:"\e234"}.glyphicon-option-vertical:before{content:"\e235"}.glyphicon-menu-hamburger:before{content:"\e236"}.glyphicon-modal-window:before{content:"\e237"}.glyphicon-oil:before{content:"\e238"}.glyphicon-grain:before{content:"\e239"}.glyphicon-sunglasses:before{content:"\e240"}.glyphicon-text-size:before{content:"\e241"}.glyphicon-text-color:before{content:"\e242"}.glyphicon-text-background:before{content:"\e243"}.glyphicon-object-align-top:before{content:"\e244"}.glyphicon-object-align-bottom:before{content:"\e245"}.glyphicon-object-align-horizontal:before{content:"\e246"}.glyphicon-object-align-left:before{content:"\e247"}.glyphicon-object-align-vertical:before{content:"\e248"}.glyphicon-object-align-right:before{content:"\e249"}.glyphicon-triangle-right:before{content:"\e250"}.glyphicon-triangle-left:before{content:"\e251"}.glyphicon-triangle-bottom:before{content:"\e252"}.glyphicon-triangle-top:before{content:"\e253"}.glyphicon-console:before{content:"\e254"}.glyphicon-superscript:before{content:"\e255"}.glyphicon-subscript:before{content:"\e256"}.glyphicon-menu-left:before{content:"\e257"}.glyphicon-menu-right:before{content:"\e258"}.glyphicon-menu-down:before{content:"\e259"}.glyphicon-menu-up:before{content:"\e260"}*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}:after,:before{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:10px;-webkit-tap-highlight-color:rgba(0,0,0,0)}body{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:1.42857143;color:#333;background-color:#fff}button,input,select,textarea{font-family:inherit;font-size:inherit;line-height:inherit}a{color:#337ab7;text-decoration:none}a:focus,a:hover{color:#23527c;text-decoration:underline}a:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}figure{margin:0}img{vertical-align:middle}.carousel-inner>.item>a>img,.carousel-inner>.item>img,.img-responsive,.thumbnail a>img,.thumbnail>img{display:block;max-width:100%;height:auto}.img-rounded{border-radius:6px}.img-thumbnail{display:inline-block;max-width:100%;height:auto;padding:4px;line-height:1.42857143;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;-o-transition:all .2s ease-in-out;transition:all .2s ease-in-out}.img-circle{border-radius:50%}hr{margin-top:20px;margin-bottom:20px;border:0;border-top:1px solid #eee}.sr-only{position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0,0,0,0);border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;margin:0;overflow:visible;clip:auto}[role=button]{cursor:pointer}.h1,.h2,.h3,.h4,.h5,.h6,h1,h2,h3,h4,h5,h6{font-family:inherit;font-weight:500;line-height:1.1;color:inherit}.h1 .small,.h1 small,.h2 .small,.h2 small,.h3 .small,.h3 small,.h4 .small,.h4 small,.h5 .small,.h5 small,.h6 .small,.h6 small,h1 .small,h1 small,h2 .small,h2 small,h3 .small,h3 small,h4 .small,h4 small,h5 .small,h5 small,h6 .small,h6 small{font-weight:400;line-height:1;color:#777}.h1,.h2,.h3,h1,h2,h3{margin-top:20px;margin-bottom:10px}.h1 .small,.h1 small,.h2 .small,.h2 small,.h3 .small,.h3 small,h1 .small,h1 small,h2 .small,h2 small,h3 .small,h3 small{font-size:65%}.h4,.h5,.h6,h4,h5,h6{margin-top:10px;margin-bottom:10px}.h4 .small,.h4 small,.h5 .small,.h5 small,.h6 .small,.h6 small,h4 .small,h4 small,h5 .small,h5 small,h6 .small,h6 small{font-size:75%}.h1,h1{font-size:36px}.h2,h2{font-size:30px}.h3,h3{font-size:24px}.h4,h4{font-size:18px}.h5,h5{font-size:14px}.h6,h6{font-size:12px}p{margin:0 0 10px}.lead{margin-bottom:20px;font-size:16px;font-weight:300;line-height:1.4}@media (min-width:768px){.lead{font-size:21px}}.small,small{font-size:85%}.mark,mark{padding:.2em;background-color:#fcf8e3}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}.text-justify{text-align:justify}.text-nowrap{white-space:nowrap}.text-lowercase{text-transform:lowercase}.text-uppercase{text-transform:uppercase}.text-capitalize{text-transform:capitalize}.text-muted{color:#777}.text-primary{color:#337ab7}a.text-primary:focus,a.text-primary:hover{color:#286090}.text-success{color:#3c763d}a.text-success:focus,a.text-success:hover{color:#2b542c}.text-info{color:#31708f}a.text-info:focus,a.text-info:hover{color:#245269}.text-warning{color:#8a6d3b}a.text-warning:focus,a.text-warning:hover{color:#66512c}.text-danger{color:#a94442}a.text-danger:focus,a.text-danger:hover{color:#843534}.bg-primary{color:#fff;background-color:#337ab7}a.bg-primary:focus,a.bg-primary:hover{background-color:#286090}.bg-success{background-color:#dff0d8}a.bg-success:focus,a.bg-success:hover{background-color:#c1e2b3}.bg-info{background-color:#d9edf7}a.bg-info:focus,a.bg-info:hover{background-color:#afd9ee}.bg-warning{background-color:#fcf8e3}a.bg-warning:focus,a.bg-warning:hover{background-color:#f7ecb5}.bg-danger{background-color:#f2dede}a.bg-danger:focus,a.bg-danger:hover{background-color:#e4b9b9}.page-header{padding-bottom:9px;margin:40px 0 20px;border-bottom:1px solid #eee}ol,ul{margin-top:0;margin-bottom:10px}ol ol,ol ul,ul ol,ul ul{margin-bottom:0}.list-unstyled{padding-left:0;list-style:none}.list-inline{padding-left:0;margin-left:-5px;list-style:none}.list-inline>li{display:inline-block;padding-right:5px;padding-left:5px}dl{margin-top:0;margin-bottom:20px}dd,dt{line-height:1.42857143}dt{font-weight:700}dd{margin-left:0}@media (min-width:768px){.dl-horizontal dt{float:left;width:160px;overflow:hidden;clear:left;text-align:right;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:180px}}abbr[data-original-title],abbr[title]{cursor:help;border-bottom:1px dotted #777}.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:10px 20px;margin:0 0 20px;font-size:17.5px;border-left:5px solid #eee}blockquote ol:last-child,blockquote p:last-child,blockquote ul:last-child{margin-bottom:0}blockquote .small,blockquote footer,blockquote small{display:block;font-size:80%;line-height:1.42857143;color:#777}blockquote .small:before,blockquote footer:before,blockquote small:before{content:'\2014 \00A0'}.blockquote-reverse,blockquote.pull-right{padding-right:15px;padding-left:0;text-align:right;border-right:5px solid #eee;border-left:0}.blockquote-reverse .small:before,.blockquote-reverse footer:before,.blockquote-reverse small:before,blockquote.pull-right .small:before,blockquote.pull-right footer:before,blockquote.pull-right small:before{content:''}.blockquote-reverse .small:after,.blockquote-reverse footer:after,.blockquote-reverse small:after,blockquote.pull-right .small:after,blockquote.pull-right footer:after,blockquote.pull-right small:after{content:'\00A0 \2014'}address{margin-bottom:20px;font-style:normal;line-height:1.42857143}code,kbd,pre,samp{font-family:Menlo,Monaco,Consolas,"Courier New",monospace}code{padding:2px 4px;font-size:90%;color:#c7254e;background-color:#f9f2f4;border-radius:4px}kbd{padding:2px 4px;font-size:90%;color:#fff;background-color:#333;border-radius:3px;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,.25);box-shadow:inset 0 -1px 0 rgba(0,0,0,.25)}kbd kbd{padding:0;font-size:100%;font-weight:700;-webkit-box-shadow:none;box-shadow:none}pre{display:block;padding:9.5px;margin:0 0 10px;font-size:13px;line-height:1.42857143;color:#333;word-break:break-all;word-wrap:break-word;background-color:#f5f5f5;border:1px solid #ccc;border-radius:4px}pre code{padding:0;font-size:inherit;color:inherit;white-space:pre-wrap;background-color:transparent;border-radius:0}.pre-scrollable{max-height:340px;overflow-y:scroll}.container{padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}@media (min-width:768px){.container{width:750px}}@media (min-width:992px){.container{width:970px}}@media (min-width:1200px){.container{width:1170px}}.container-fluid{padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}.row{margin-right:-15px;margin-left:-15px}.col-lg-1,.col-lg-10,.col-lg-11,.col-lg-12,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9,.col-md-1,.col-md-10,.col-md-11,.col-md-12,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-sm-1,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-xs-1,.col-xs-10,.col-xs-11,.col-xs-12,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9{position:relative;min-height:1px;padding-right:15px;padding-left:15px}.col-xs-1,.col-xs-10,.col-xs-11,.col-xs-12,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9{float:left}.col-xs-12{width:100%}.col-xs-11{width:91.66666667%}.col-xs-10{width:83.33333333%}.col-xs-9{width:75%}.col-xs-8{width:66.66666667%}.col-xs-7{width:58.33333333%}.col-xs-6{width:50%}.col-xs-5{width:41.66666667%}.col-xs-4{width:33.33333333%}.col-xs-3{width:25%}.col-xs-2{width:16.66666667%}.col-xs-1{width:8.33333333%}.col-xs-pull-12{right:100%}.col-xs-pull-11{right:91.66666667%}.col-xs-pull-10{right:83.33333333%}.col-xs-pull-9{right:75%}.col-xs-pull-8{right:66.66666667%}.col-xs-pull-7{right:58.33333333%}.col-xs-pull-6{right:50%}.col-xs-pull-5{right:41.66666667%}.col-xs-pull-4{right:33.33333333%}.col-xs-pull-3{right:25%}.col-xs-pull-2{right:16.66666667%}.col-xs-pull-1{right:8.33333333%}.col-xs-pull-0{right:auto}.col-xs-push-12{left:100%}.col-xs-push-11{left:91.66666667%}.col-xs-push-10{left:83.33333333%}.col-xs-push-9{left:75%}.col-xs-push-8{left:66.66666667%}.col-xs-push-7{left:58.33333333%}.col-xs-push-6{left:50%}.col-xs-push-5{left:41.66666667%}.col-xs-push-4{left:33.33333333%}.col-xs-push-3{left:25%}.col-xs-push-2{left:16.66666667%}.col-xs-push-1{left:8.33333333%}.col-xs-push-0{left:auto}.col-xs-offset-12{margin-left:100%}.col-xs-offset-11{margin-left:91.66666667%}.col-xs-offset-10{margin-left:83.33333333%}.col-xs-offset-9{margin-left:75%}.col-xs-offset-8{margin-left:66.66666667%}.col-xs-offset-7{margin-left:58.33333333%}.col-xs-offset-6{margin-left:50%}.col-xs-offset-5{margin-left:41.66666667%}.col-xs-offset-4{margin-left:33.33333333%}.col-xs-offset-3{margin-left:25%}.col-xs-offset-2{margin-left:16.66666667%}.col-xs-offset-1{margin-left:8.33333333%}.col-xs-offset-0{margin-left:0}@media (min-width:768px){.col-sm-1,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9{float:left}.col-sm-12{width:100%}.col-sm-11{width:91.66666667%}.col-sm-10{width:83.33333333%}.col-sm-9{width:75%}.col-sm-8{width:66.66666667%}.col-sm-7{width:58.33333333%}.col-sm-6{width:50%}.col-sm-5{width:41.66666667%}.col-sm-4{width:33.33333333%}.col-sm-3{width:25%}.col-sm-2{width:16.66666667%}.col-sm-1{width:8.33333333%}.col-sm-pull-12{right:100%}.col-sm-pull-11{right:91.66666667%}.col-sm-pull-10{right:83.33333333%}.col-sm-pull-9{right:75%}.col-sm-pull-8{right:66.66666667%}.col-sm-pull-7{right:58.33333333%}.col-sm-pull-6{right:50%}.col-sm-pull-5{right:41.66666667%}.col-sm-pull-4{right:33.33333333%}.col-sm-pull-3{right:25%}.col-sm-pull-2{right:16.66666667%}.col-sm-pull-1{right:8.33333333%}.col-sm-pull-0{right:auto}.col-sm-push-12{left:100%}.col-sm-push-11{left:91.66666667%}.col-sm-push-10{left:83.33333333%}.col-sm-push-9{left:75%}.col-sm-push-8{left:66.66666667%}.col-sm-push-7{left:58.33333333%}.col-sm-push-6{left:50%}.col-sm-push-5{left:41.66666667%}.col-sm-push-4{left:33.33333333%}.col-sm-push-3{left:25%}.col-sm-push-2{left:16.66666667%}.col-sm-push-1{left:8.33333333%}.col-sm-push-0{left:auto}.col-sm-offset-12{margin-left:100%}.col-sm-offset-11{margin-left:91.66666667%}.col-sm-offset-10{margin-left:83.33333333%}.col-sm-offset-9{margin-left:75%}.col-sm-offset-8{margin-left:66.66666667%}.col-sm-offset-7{margin-left:58.33333333%}.col-sm-offset-6{margin-left:50%}.col-sm-offset-5{margin-left:41.66666667%}.col-sm-offset-4{margin-left:33.33333333%}.col-sm-offset-3{margin-left:25%}.col-sm-offset-2{margin-left:16.66666667%}.col-sm-offset-1{margin-left:8.33333333%}.col-sm-offset-0{margin-left:0}}@media (min-width:992px){.col-md-1,.col-md-10,.col-md-11,.col-md-12,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9{float:left}.col-md-12{width:100%}.col-md-11{width:91.66666667%}.col-md-10{width:83.33333333%}.col-md-9{width:75%}.col-md-8{width:66.66666667%}.col-md-7{width:58.33333333%}.col-md-6{width:50%}.col-md-5{width:41.66666667%}.col-md-4{width:33.33333333%}.col-md-3{width:25%}.col-md-2{width:16.66666667%}.col-md-1{width:8.33333333%}.col-md-pull-12{right:100%}.col-md-pull-11{right:91.66666667%}.col-md-pull-10{right:83.33333333%}.col-md-pull-9{right:75%}.col-md-pull-8{right:66.66666667%}.col-md-pull-7{right:58.33333333%}.col-md-pull-6{right:50%}.col-md-pull-5{right:41.66666667%}.col-md-pull-4{right:33.33333333%}.col-md-pull-3{right:25%}.col-md-pull-2{right:16.66666667%}.col-md-pull-1{right:8.33333333%}.col-md-pull-0{right:auto}.col-md-push-12{left:100%}.col-md-push-11{left:91.66666667%}.col-md-push-10{left:83.33333333%}.col-md-push-9{left:75%}.col-md-push-8{left:66.66666667%}.col-md-push-7{left:58.33333333%}.col-md-push-6{left:50%}.col-md-push-5{left:41.66666667%}.col-md-push-4{left:33.33333333%}.col-md-push-3{left:25%}.col-md-push-2{left:16.66666667%}.col-md-push-1{left:8.33333333%}.col-md-push-0{left:auto}.col-md-offset-12{margin-left:100%}.col-md-offset-11{margin-left:91.66666667%}.col-md-offset-10{margin-left:83.33333333%}.col-md-offset-9{margin-left:75%}.col-md-offset-8{margin-left:66.66666667%}.col-md-offset-7{margin-left:58.33333333%}.col-md-offset-6{margin-left:50%}.col-md-offset-5{margin-left:41.66666667%}.col-md-offset-4{margin-left:33.33333333%}.col-md-offset-3{margin-left:25%}.col-md-offset-2{margin-left:16.66666667%}.col-md-offset-1{margin-left:8.33333333%}.col-md-offset-0{margin-left:0}}@media (min-width:1200px){.col-lg-1,.col-lg-10,.col-lg-11,.col-lg-12,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9{float:left}.col-lg-12{width:100%}.col-lg-11{width:91.66666667%}.col-lg-10{width:83.33333333%}.col-lg-9{width:75%}.col-lg-8{width:66.66666667%}.col-lg-7{width:58.33333333%}.col-lg-6{width:50%}.col-lg-5{width:41.66666667%}.col-lg-4{width:33.33333333%}.col-lg-3{width:25%}.col-lg-2{width:16.66666667%}.col-lg-1{width:8.33333333%}.col-lg-pull-12{right:100%}.col-lg-pull-11{right:91.66666667%}.col-lg-pull-10{right:83.33333333%}.col-lg-pull-9{right:75%}.col-lg-pull-8{right:66.66666667%}.col-lg-pull-7{right:58.33333333%}.col-lg-pull-6{right:50%}.col-lg-pull-5{right:41.66666667%}.col-lg-pull-4{right:33.33333333%}.col-lg-pull-3{right:25%}.col-lg-pull-2{right:16.66666667%}.col-lg-pull-1{right:8.33333333%}.col-lg-pull-0{right:auto}.col-lg-push-12{left:100%}.col-lg-push-11{left:91.66666667%}.col-lg-push-10{left:83.33333333%}.col-lg-push-9{left:75%}.col-lg-push-8{left:66.66666667%}.col-lg-push-7{left:58.33333333%}.col-lg-push-6{left:50%}.col-lg-push-5{left:41.66666667%}.col-lg-push-4{left:33.33333333%}.col-lg-push-3{left:25%}.col-lg-push-2{left:16.66666667%}.col-lg-push-1{left:8.33333333%}.col-lg-push-0{left:auto}.col-lg-offset-12{margin-left:100%}.col-lg-offset-11{margin-left:91.66666667%}.col-lg-offset-10{margin-left:83.33333333%}.col-lg-offset-9{margin-left:75%}.col-lg-offset-8{margin-left:66.66666667%}.col-lg-offset-7{margin-left:58.33333333%}.col-lg-offset-6{margin-left:50%}.col-lg-offset-5{margin-left:41.66666667%}.col-lg-offset-4{margin-left:33.33333333%}.col-lg-offset-3{margin-left:25%}.col-lg-offset-2{margin-left:16.66666667%}.col-lg-offset-1{margin-left:8.33333333%}.col-lg-offset-0{margin-left:0}}table{background-color:transparent}caption{padding-top:8px;padding-bottom:8px;color:#777;text-align:left}th{text-align:left}.table{width:100%;max-width:100%;margin-bottom:20px}.table>tbody>tr>td,.table>tbody>tr>th,.table>tfoot>tr>td,.table>tfoot>tr>th,.table>thead>tr>td,.table>thead>tr>th{padding:8px;line-height:1.42857143;vertical-align:top;border-top:1px solid #ddd}.table>thead>tr>th{vertical-align:bottom;border-bottom:2px solid #ddd}.table>caption+thead>tr:first-child>td,.table>caption+thead>tr:first-child>th,.table>colgroup+thead>tr:first-child>td,.table>colgroup+thead>tr:first-child>th,.table>thead:first-child>tr:first-child>td,.table>thead:first-child>tr:first-child>th{border-top:0}.table>tbody+tbody{border-top:2px solid #ddd}.table .table{background-color:#fff}.table-condensed>tbody>tr>td,.table-condensed>tbody>tr>th,.table-condensed>tfoot>tr>td,.table-condensed>tfoot>tr>th,.table-condensed>thead>tr>td,.table-condensed>thead>tr>th{padding:5px}.table-bordered{border:1px solid #ddd}.table-bordered>tbody>tr>td,.table-bordered>tbody>tr>th,.table-bordered>tfoot>tr>td,.table-bordered>tfoot>tr>th,.table-bordered>thead>tr>td,.table-bordered>thead>tr>th{border:1px solid #ddd}.table-bordered>thead>tr>td,.table-bordered>thead>tr>th{border-bottom-width:2px}.table-striped>tbody>tr:nth-of-type(odd){background-color:#f9f9f9}.table-hover>tbody>tr:hover{background-color:#f5f5f5}table col[class*=col-]{position:static;display:table-column;float:none}table td[class*=col-],table th[class*=col-]{position:static;display:table-cell;float:none}.table>tbody>tr.active>td,.table>tbody>tr.active>th,.table>tbody>tr>td.active,.table>tbody>tr>th.active,.table>tfoot>tr.active>td,.table>tfoot>tr.active>th,.table>tfoot>tr>td.active,.table>tfoot>tr>th.active,.table>thead>tr.active>td,.table>thead>tr.active>th,.table>thead>tr>td.active,.table>thead>tr>th.active{background-color:#f5f5f5}.table-hover>tbody>tr.active:hover>td,.table-hover>tbody>tr.active:hover>th,.table-hover>tbody>tr:hover>.active,.table-hover>tbody>tr>td.active:hover,.table-hover>tbody>tr>th.active:hover{background-color:#e8e8e8}.table>tbody>tr.success>td,.table>tbody>tr.success>th,.table>tbody>tr>td.success,.table>tbody>tr>th.success,.table>tfoot>tr.success>td,.table>tfoot>tr.success>th,.table>tfoot>tr>td.success,.table>tfoot>tr>th.success,.table>thead>tr.success>td,.table>thead>tr.success>th,.table>thead>tr>td.success,.table>thead>tr>th.success{background-color:#dff0d8}.table-hover>tbody>tr.success:hover>td,.table-hover>tbody>tr.success:hover>th,.table-hover>tbody>tr:hover>.success,.table-hover>tbody>tr>td.success:hover,.table-hover>tbody>tr>th.success:hover{background-color:#d0e9c6}.table>tbody>tr.info>td,.table>tbody>tr.info>th,.table>tbody>tr>td.info,.table>tbody>tr>th.info,.table>tfoot>tr.info>td,.table>tfoot>tr.info>th,.table>tfoot>tr>td.info,.table>tfoot>tr>th.info,.table>thead>tr.info>td,.table>thead>tr.info>th,.table>thead>tr>td.info,.table>thead>tr>th.info{background-color:#d9edf7}.table-hover>tbody>tr.info:hover>td,.table-hover>tbody>tr.info:hover>th,.table-hover>tbody>tr:hover>.info,.table-hover>tbody>tr>td.info:hover,.table-hover>tbody>tr>th.info:hover{background-color:#c4e3f3}.table>tbody>tr.warning>td,.table>tbody>tr.warning>th,.table>tbody>tr>td.warning,.table>tbody>tr>th.warning,.table>tfoot>tr.warning>td,.table>tfoot>tr.warning>th,.table>tfoot>tr>td.warning,.table>tfoot>tr>th.warning,.table>thead>tr.warning>td,.table>thead>tr.warning>th,.table>thead>tr>td.warning,.table>thead>tr>th.warning{background-color:#fcf8e3}.table-hover>tbody>tr.warning:hover>td,.table-hover>tbody>tr.warning:hover>th,.table-hover>tbody>tr:hover>.warning,.table-hover>tbody>tr>td.warning:hover,.table-hover>tbody>tr>th.warning:hover{background-color:#faf2cc}.table>tbody>tr.danger>td,.table>tbody>tr.danger>th,.table>tbody>tr>td.danger,.table>tbody>tr>th.danger,.table>tfoot>tr.danger>td,.table>tfoot>tr.danger>th,.table>tfoot>tr>td.danger,.table>tfoot>tr>th.danger,.table>thead>tr.danger>td,.table>thead>tr.danger>th,.table>thead>tr>td.danger,.table>thead>tr>th.danger{background-color:#f2dede}.table-hover>tbody>tr.danger:hover>td,.table-hover>tbody>tr.danger:hover>th,.table-hover>tbody>tr:hover>.danger,.table-hover>tbody>tr>td.danger:hover,.table-hover>tbody>tr>th.danger:hover{background-color:#ebcccc}.table-responsive{min-height:.01%;overflow-x:auto}@media screen and (max-width:767px){.table-responsive{width:100%;margin-bottom:15px;overflow-y:hidden;-ms-overflow-style:-ms-autohiding-scrollbar;border:1px solid #ddd}.table-responsive>.table{margin-bottom:0}.table-responsive>.table>tbody>tr>td,.table-responsive>.table>tbody>tr>th,.table-responsive>.table>tfoot>tr>td,.table-responsive>.table>tfoot>tr>th,.table-responsive>.table>thead>tr>td,.table-responsive>.table>thead>tr>th{white-space:nowrap}.table-responsive>.table-bordered{border:0}.table-responsive>.table-bordered>tbody>tr>td:first-child,.table-responsive>.table-bordered>tbody>tr>th:first-child,.table-responsive>.table-bordered>tfoot>tr>td:first-child,.table-responsive>.table-bordered>tfoot>tr>th:first-child,.table-responsive>.table-bordered>thead>tr>td:first-child,.table-responsive>.table-bordered>thead>tr>th:first-child{border-left:0}.table-responsive>.table-bordered>tbody>tr>td:last-child,.table-responsive>.table-bordered>tbody>tr>th:last-child,.table-responsive>.table-bordered>tfoot>tr>td:last-child,.table-responsive>.table-bordered>tfoot>tr>th:last-child,.table-responsive>.table-bordered>thead>tr>td:last-child,.table-responsive>.table-bordered>thead>tr>th:last-child{border-right:0}.table-responsive>.table-bordered>tbody>tr:last-child>td,.table-responsive>.table-bordered>tbody>tr:last-child>th,.table-responsive>.table-bordered>tfoot>tr:last-child>td,.table-responsive>.table-bordered>tfoot>tr:last-child>th{border-bottom:0}}fieldset{min-width:0;padding:0;margin:0;border:0}legend{display:block;width:100%;padding:0;margin-bottom:20px;font-size:21px;line-height:inherit;color:#333;border:0;border-bottom:1px solid #e5e5e5}label{display:inline-block;max-width:100%;margin-bottom:5px;font-weight:700}input[type=search]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}input[type=checkbox],input[type=radio]{margin:4px 0 0;margin-top:1px\9;line-height:normal}input[type=file]{display:block}input[type=range]{display:block;width:100%}select[multiple],select[size]{height:auto}input[type=file]:focus,input[type=checkbox]:focus,input[type=radio]:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}output{display:block;padding-top:7px;font-size:14px;line-height:1.42857143;color:#555}.form-control{display:block;width:100%;height:34px;padding:6px 12px;font-size:14px;line-height:1.42857143;color:#555;background-color:#fff;background-image:none;border:1px solid #ccc;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075);-webkit-transition:border-color ease-in-out .15s,-webkit-box-shadow ease-in-out .15s;-o-transition:border-color ease-in-out .15s,box-shadow ease-in-out .15s;transition:border-color ease-in-out .15s,box-shadow ease-in-out .15s}.form-control:focus{border-color:#66afe9;outline:0;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 8px rgba(102,175,233,.6);box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 8px rgba(102,175,233,.6)}.form-control::-moz-placeholder{color:#999;opacity:1}.form-control:-ms-input-placeholder{color:#999}.form-control::-webkit-input-placeholder{color:#999}.form-control::-ms-expand{background-color:transparent;border:0}.form-control[disabled],.form-control[readonly],fieldset[disabled] .form-control{background-color:#eee;opacity:1}.form-control[disabled],fieldset[disabled] .form-control{cursor:not-allowed}textarea.form-control{height:auto}input[type=search]{-webkit-appearance:none}@media screen and (-webkit-min-device-pixel-ratio:0){input[type=date].form-control,input[type=time].form-control,input[type=datetime-local].form-control,input[type=month].form-control{line-height:34px}.input-group-sm input[type=date],.input-group-sm input[type=time],.input-group-sm input[type=datetime-local],.input-group-sm input[type=month],input[type=date].input-sm,input[type=time].input-sm,input[type=datetime-local].input-sm,input[type=month].input-sm{line-height:30px}.input-group-lg input[type=date],.input-group-lg input[type=time],.input-group-lg input[type=datetime-local],.input-group-lg input[type=month],input[type=date].input-lg,input[type=time].input-lg,input[type=datetime-local].input-lg,input[type=month].input-lg{line-height:46px}}.form-group{margin-bottom:15px}.checkbox,.radio{position:relative;display:block;margin-top:10px;margin-bottom:10px}.checkbox label,.radio label{min-height:20px;padding-left:20px;margin-bottom:0;font-weight:400;cursor:pointer}.checkbox input[type=checkbox],.checkbox-inline input[type=checkbox],.radio input[type=radio],.radio-inline input[type=radio]{position:absolute;margin-top:4px\9;margin-left:-20px}.checkbox+.checkbox,.radio+.radio{margin-top:-5px}.checkbox-inline,.radio-inline{position:relative;display:inline-block;padding-left:20px;margin-bottom:0;font-weight:400;vertical-align:middle;cursor:pointer}.checkbox-inline+.checkbox-inline,.radio-inline+.radio-inline{margin-top:0;margin-left:10px}fieldset[disabled] input[type=checkbox],fieldset[disabled] input[type=radio],input[type=checkbox].disabled,input[type=checkbox][disabled],input[type=radio].disabled,input[type=radio][disabled]{cursor:not-allowed}.checkbox-inline.disabled,.radio-inline.disabled,fieldset[disabled] .checkbox-inline,fieldset[disabled] .radio-inline{cursor:not-allowed}.checkbox.disabled label,.radio.disabled label,fieldset[disabled] .checkbox label,fieldset[disabled] .radio label{cursor:not-allowed}.form-control-static{min-height:34px;padding-top:7px;padding-bottom:7px;margin-bottom:0}.form-control-static.input-lg,.form-control-static.input-sm{padding-right:0;padding-left:0}.input-sm{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-sm{height:30px;line-height:30px}select[multiple].input-sm,textarea.input-sm{height:auto}.form-group-sm .form-control{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.form-group-sm select.form-control{height:30px;line-height:30px}.form-group-sm select[multiple].form-control,.form-group-sm textarea.form-control{height:auto}.form-group-sm .form-control-static{height:30px;min-height:32px;padding:6px 10px;font-size:12px;line-height:1.5}.input-lg{height:46px;padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}select.input-lg{height:46px;line-height:46px}select[multiple].input-lg,textarea.input-lg{height:auto}.form-group-lg .form-control{height:46px;padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}.form-group-lg select.form-control{height:46px;line-height:46px}.form-group-lg select[multiple].form-control,.form-group-lg textarea.form-control{height:auto}.form-group-lg .form-control-static{height:46px;min-height:38px;padding:11px 16px;font-size:18px;line-height:1.3333333}.has-feedback{position:relative}.has-feedback .form-control{padding-right:42.5px}.form-control-feedback{position:absolute;top:0;right:0;z-index:2;display:block;width:34px;height:34px;line-height:34px;text-align:center;pointer-events:none}.form-group-lg .form-control+.form-control-feedback,.input-group-lg+.form-control-feedback,.input-lg+.form-control-feedback{width:46px;height:46px;line-height:46px}.form-group-sm .form-control+.form-control-feedback,.input-group-sm+.form-control-feedback,.input-sm+.form-control-feedback{width:30px;height:30px;line-height:30px}.has-success .checkbox,.has-success .checkbox-inline,.has-success .control-label,.has-success .help-block,.has-success .radio,.has-success .radio-inline,.has-success.checkbox label,.has-success.checkbox-inline label,.has-success.radio label,.has-success.radio-inline label{color:#3c763d}.has-success .form-control{border-color:#3c763d;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-success .form-control:focus{border-color:#2b542c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #67b168;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #67b168}.has-success .input-group-addon{color:#3c763d;background-color:#dff0d8;border-color:#3c763d}.has-success .form-control-feedback{color:#3c763d}.has-warning .checkbox,.has-warning .checkbox-inline,.has-warning .control-label,.has-warning .help-block,.has-warning .radio,.has-warning .radio-inline,.has-warning.checkbox label,.has-warning.checkbox-inline label,.has-warning.radio label,.has-warning.radio-inline label{color:#8a6d3b}.has-warning .form-control{border-color:#8a6d3b;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-warning .form-control:focus{border-color:#66512c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #c0a16b;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #c0a16b}.has-warning .input-group-addon{color:#8a6d3b;background-color:#fcf8e3;border-color:#8a6d3b}.has-warning .form-control-feedback{color:#8a6d3b}.has-error .checkbox,.has-error .checkbox-inline,.has-error .control-label,.has-error .help-block,.has-error .radio,.has-error .radio-inline,.has-error.checkbox label,.has-error.checkbox-inline label,.has-error.radio label,.has-error.radio-inline label{color:#a94442}.has-error .form-control{border-color:#a94442;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-error .form-control:focus{border-color:#843534;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #ce8483;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #ce8483}.has-error .input-group-addon{color:#a94442;background-color:#f2dede;border-color:#a94442}.has-error .form-control-feedback{color:#a94442}.has-feedback label~.form-control-feedback{top:25px}.has-feedback label.sr-only~.form-control-feedback{top:0}.help-block{display:block;margin-top:5px;margin-bottom:10px;color:#737373}@media (min-width:768px){.form-inline .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.form-inline .form-control{display:inline-block;width:auto;vertical-align:middle}.form-inline .form-control-static{display:inline-block}.form-inline .input-group{display:inline-table;vertical-align:middle}.form-inline .input-group .form-control,.form-inline .input-group .input-group-addon,.form-inline .input-group .input-group-btn{width:auto}.form-inline .input-group>.form-control{width:100%}.form-inline .control-label{margin-bottom:0;vertical-align:middle}.form-inline .checkbox,.form-inline .radio{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.form-inline .checkbox label,.form-inline .radio label{padding-left:0}.form-inline .checkbox input[type=checkbox],.form-inline .radio input[type=radio]{position:relative;margin-left:0}.form-inline .has-feedback .form-control-feedback{top:0}}.form-horizontal .checkbox,.form-horizontal .checkbox-inline,.form-horizontal .radio,.form-horizontal .radio-inline{padding-top:7px;margin-top:0;margin-bottom:0}.form-horizontal .checkbox,.form-horizontal .radio{min-height:27px}.form-horizontal .form-group{margin-right:-15px;margin-left:-15px}@media (min-width:768px){.form-horizontal .control-label{padding-top:7px;margin-bottom:0;text-align:right}}.form-horizontal .has-feedback .form-control-feedback{right:15px}@media (min-width:768px){.form-horizontal .form-group-lg .control-label{padding-top:11px;font-size:18px}}@media (min-width:768px){.form-horizontal .form-group-sm .control-label{padding-top:6px;font-size:12px}}.btn{display:inline-block;padding:6px 12px;margin-bottom:0;font-size:14px;font-weight:400;line-height:1.42857143;text-align:center;white-space:nowrap;vertical-align:middle;-ms-touch-action:manipulation;touch-action:manipulation;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;background-image:none;border:1px solid transparent;border-radius:4px}.btn.active.focus,.btn.active:focus,.btn.focus,.btn:active.focus,.btn:active:focus,.btn:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn.focus,.btn:focus,.btn:hover{color:#333;text-decoration:none}.btn.active,.btn:active{background-image:none;outline:0;-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125);box-shadow:inset 0 3px 5px rgba(0,0,0,.125)}.btn.disabled,.btn[disabled],fieldset[disabled] .btn{cursor:not-allowed;filter:alpha(opacity=65);-webkit-box-shadow:none;box-shadow:none;opacity:.65}a.btn.disabled,fieldset[disabled] a.btn{pointer-events:none}.btn-default{color:#333;background-color:#fff;border-color:#ccc}.btn-default.focus,.btn-default:focus{color:#333;background-color:#e6e6e6;border-color:#8c8c8c}.btn-default:hover{color:#333;background-color:#e6e6e6;border-color:#adadad}.btn-default.active,.btn-default:active,.open>.dropdown-toggle.btn-default{color:#333;background-color:#e6e6e6;border-color:#adadad}.btn-default.active.focus,.btn-default.active:focus,.btn-default.active:hover,.btn-default:active.focus,.btn-default:active:focus,.btn-default:active:hover,.open>.dropdown-toggle.btn-default.focus,.open>.dropdown-toggle.btn-default:focus,.open>.dropdown-toggle.btn-default:hover{color:#333;background-color:#d4d4d4;border-color:#8c8c8c}.btn-default.active,.btn-default:active,.open>.dropdown-toggle.btn-default{background-image:none}.btn-default.disabled.focus,.btn-default.disabled:focus,.btn-default.disabled:hover,.btn-default[disabled].focus,.btn-default[disabled]:focus,.btn-default[disabled]:hover,fieldset[disabled] .btn-default.focus,fieldset[disabled] .btn-default:focus,fieldset[disabled] .btn-default:hover{background-color:#fff;border-color:#ccc}.btn-default .badge{color:#fff;background-color:#333}.btn-primary{color:#fff;background-color:#337ab7;border-color:#2e6da4}.btn-primary.focus,.btn-primary:focus{color:#fff;background-color:#286090;border-color:#122b40}.btn-primary:hover{color:#fff;background-color:#286090;border-color:#204d74}.btn-primary.active,.btn-primary:active,.open>.dropdown-toggle.btn-primary{color:#fff;background-color:#286090;border-color:#204d74}.btn-primary.active.focus,.btn-primary.active:focus,.btn-primary.active:hover,.btn-primary:active.focus,.btn-primary:active:focus,.btn-primary:active:hover,.open>.dropdown-toggle.btn-primary.focus,.open>.dropdown-toggle.btn-primary:focus,.open>.dropdown-toggle.btn-primary:hover{color:#fff;background-color:#204d74;border-color:#122b40}.btn-primary.active,.btn-primary:active,.open>.dropdown-toggle.btn-primary{background-image:none}.btn-primary.disabled.focus,.btn-primary.disabled:focus,.btn-primary.disabled:hover,.btn-primary[disabled].focus,.btn-primary[disabled]:focus,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary.focus,fieldset[disabled] .btn-primary:focus,fieldset[disabled] .btn-primary:hover{background-color:#337ab7;border-color:#2e6da4}.btn-primary .badge{color:#337ab7;background-color:#fff}.btn-success{color:#fff;background-color:#5cb85c;border-color:#4cae4c}.btn-success.focus,.btn-success:focus{color:#fff;background-color:#449d44;border-color:#255625}.btn-success:hover{color:#fff;background-color:#449d44;border-color:#398439}.btn-success.active,.btn-success:active,.open>.dropdown-toggle.btn-success{color:#fff;background-color:#449d44;border-color:#398439}.btn-success.active.focus,.btn-success.active:focus,.btn-success.active:hover,.btn-success:active.focus,.btn-success:active:focus,.btn-success:active:hover,.open>.dropdown-toggle.btn-success.focus,.open>.dropdown-toggle.btn-success:focus,.open>.dropdown-toggle.btn-success:hover{color:#fff;background-color:#398439;border-color:#255625}.btn-success.active,.btn-success:active,.open>.dropdown-toggle.btn-success{background-image:none}.btn-success.disabled.focus,.btn-success.disabled:focus,.btn-success.disabled:hover,.btn-success[disabled].focus,.btn-success[disabled]:focus,.btn-success[disabled]:hover,fieldset[disabled] .btn-success.focus,fieldset[disabled] .btn-success:focus,fieldset[disabled] .btn-success:hover{background-color:#5cb85c;border-color:#4cae4c}.btn-success .badge{color:#5cb85c;background-color:#fff}.btn-info{color:#fff;background-color:#5bc0de;border-color:#46b8da}.btn-info.focus,.btn-info:focus{color:#fff;background-color:#31b0d5;border-color:#1b6d85}.btn-info:hover{color:#fff;background-color:#31b0d5;border-color:#269abc}.btn-info.active,.btn-info:active,.open>.dropdown-toggle.btn-info{color:#fff;background-color:#31b0d5;border-color:#269abc}.btn-info.active.focus,.btn-info.active:focus,.btn-info.active:hover,.btn-info:active.focus,.btn-info:active:focus,.btn-info:active:hover,.open>.dropdown-toggle.btn-info.focus,.open>.dropdown-toggle.btn-info:focus,.open>.dropdown-toggle.btn-info:hover{color:#fff;background-color:#269abc;border-color:#1b6d85}.btn-info.active,.btn-info:active,.open>.dropdown-toggle.btn-info{background-image:none}.btn-info.disabled.focus,.btn-info.disabled:focus,.btn-info.disabled:hover,.btn-info[disabled].focus,.btn-info[disabled]:focus,.btn-info[disabled]:hover,fieldset[disabled] .btn-info.focus,fieldset[disabled] .btn-info:focus,fieldset[disabled] .btn-info:hover{background-color:#5bc0de;border-color:#46b8da}.btn-info .badge{color:#5bc0de;background-color:#fff}.btn-warning{color:#fff;background-color:#f0ad4e;border-color:#eea236}.btn-warning.focus,.btn-warning:focus{color:#fff;background-color:#ec971f;border-color:#985f0d}.btn-warning:hover{color:#fff;background-color:#ec971f;border-color:#d58512}.btn-warning.active,.btn-warning:active,.open>.dropdown-toggle.btn-warning{color:#fff;background-color:#ec971f;border-color:#d58512}.btn-warning.active.focus,.btn-warning.active:focus,.btn-warning.active:hover,.btn-warning:active.focus,.btn-warning:active:focus,.btn-warning:active:hover,.open>.dropdown-toggle.btn-warning.focus,.open>.dropdown-toggle.btn-warning:focus,.open>.dropdown-toggle.btn-warning:hover{color:#fff;background-color:#d58512;border-color:#985f0d}.btn-warning.active,.btn-warning:active,.open>.dropdown-toggle.btn-warning{background-image:none}.btn-warning.disabled.focus,.btn-warning.disabled:focus,.btn-warning.disabled:hover,.btn-warning[disabled].focus,.btn-warning[disabled]:focus,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning.focus,fieldset[disabled] .btn-warning:focus,fieldset[disabled] .btn-warning:hover{background-color:#f0ad4e;border-color:#eea236}.btn-warning .badge{color:#f0ad4e;background-color:#fff}.btn-danger{color:#fff;background-color:#d9534f;border-color:#d43f3a}.btn-danger.focus,.btn-danger:focus{color:#fff;background-color:#c9302c;border-color:#761c19}.btn-danger:hover{color:#fff;background-color:#c9302c;border-color:#ac2925}.btn-danger.active,.btn-danger:active,.open>.dropdown-toggle.btn-danger{color:#fff;background-color:#c9302c;border-color:#ac2925}.btn-danger.active.focus,.btn-danger.active:focus,.btn-danger.active:hover,.btn-danger:active.focus,.btn-danger:active:focus,.btn-danger:active:hover,.open>.dropdown-toggle.btn-danger.focus,.open>.dropdown-toggle.btn-danger:focus,.open>.dropdown-toggle.btn-danger:hover{color:#fff;background-color:#ac2925;border-color:#761c19}.btn-danger.active,.btn-danger:active,.open>.dropdown-toggle.btn-danger{background-image:none}.btn-danger.disabled.focus,.btn-danger.disabled:focus,.btn-danger.disabled:hover,.btn-danger[disabled].focus,.btn-danger[disabled]:focus,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger.focus,fieldset[disabled] .btn-danger:focus,fieldset[disabled] .btn-danger:hover{background-color:#d9534f;border-color:#d43f3a}.btn-danger .badge{color:#d9534f;background-color:#fff}.btn-link{font-weight:400;color:#337ab7;border-radius:0}.btn-link,.btn-link.active,.btn-link:active,.btn-link[disabled],fieldset[disabled] .btn-link{background-color:transparent;-webkit-box-shadow:none;box-shadow:none}.btn-link,.btn-link:active,.btn-link:focus,.btn-link:hover{border-color:transparent}.btn-link:focus,.btn-link:hover{color:#23527c;text-decoration:underline;background-color:transparent}.btn-link[disabled]:focus,.btn-link[disabled]:hover,fieldset[disabled] .btn-link:focus,fieldset[disabled] .btn-link:hover{color:#777;text-decoration:none}.btn-group-lg>.btn,.btn-lg{padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}.btn-group-sm>.btn,.btn-sm{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-group-xs>.btn,.btn-xs{padding:1px 5px;font-size:12px;line-height:1.5;border-radius:3px}.btn-block{display:block;width:100%}.btn-block+.btn-block{margin-top:5px}input[type=button].btn-block,input[type=reset].btn-block,input[type=submit].btn-block{width:100%}.fade{opacity:0;-webkit-transition:opacity .15s linear;-o-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{display:none}.collapse.in{display:block}tr.collapse.in{display:table-row}tbody.collapse.in{display:table-row-group}.collapsing{position:relative;height:0;overflow:hidden;-webkit-transition-timing-function:ease;-o-transition-timing-function:ease;transition-timing-function:ease;-webkit-transition-duration:.35s;-o-transition-duration:.35s;transition-duration:.35s;-webkit-transition-property:height,visibility;-o-transition-property:height,visibility;transition-property:height,visibility}.caret{display:inline-block;width:0;height:0;margin-left:2px;vertical-align:middle;border-top:4px dashed;border-top:4px solid\9;border-right:4px solid transparent;border-left:4px solid transparent}.dropdown,.dropup{position:relative}.dropdown-toggle:focus{outline:0}.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:160px;padding:5px 0;margin:2px 0 0;font-size:14px;text-align:left;list-style:none;background-color:#fff;-webkit-background-clip:padding-box;background-clip:padding-box;border:1px solid #ccc;border:1px solid rgba(0,0,0,.15);border-radius:4px;-webkit-box-shadow:0 6px 12px rgba(0,0,0,.175);box-shadow:0 6px 12px rgba(0,0,0,.175)}.dropdown-menu.pull-right{right:0;left:auto}.dropdown-menu .divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.dropdown-menu>li>a{display:block;padding:3px 20px;clear:both;font-weight:400;line-height:1.42857143;color:#333;white-space:nowrap}.dropdown-menu>li>a:focus,.dropdown-menu>li>a:hover{color:#262626;text-decoration:none;background-color:#f5f5f5}.dropdown-menu>.active>a,.dropdown-menu>.active>a:focus,.dropdown-menu>.active>a:hover{color:#fff;text-decoration:none;background-color:#337ab7;outline:0}.dropdown-menu>.disabled>a,.dropdown-menu>.disabled>a:focus,.dropdown-menu>.disabled>a:hover{color:#777}.dropdown-menu>.disabled>a:focus,.dropdown-menu>.disabled>a:hover{text-decoration:none;cursor:not-allowed;background-color:transparent;background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.open>.dropdown-menu{display:block}.open>a{outline:0}.dropdown-menu-right{right:0;left:auto}.dropdown-menu-left{right:auto;left:0}.dropdown-header{display:block;padding:3px 20px;font-size:12px;line-height:1.42857143;color:#777;white-space:nowrap}.dropdown-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:990}.pull-right>.dropdown-menu{right:0;left:auto}.dropup .caret,.navbar-fixed-bottom .dropdown .caret{content:"";border-top:0;border-bottom:4px dashed;border-bottom:4px solid\9}.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{top:auto;bottom:100%;margin-bottom:2px}@media (min-width:768px){.navbar-right .dropdown-menu{right:0;left:auto}.navbar-right .dropdown-menu-left{right:auto;left:0}}.btn-group,.btn-group-vertical{position:relative;display:inline-block;vertical-align:middle}.btn-group-vertical>.btn,.btn-group>.btn{position:relative;float:left}.btn-group-vertical>.btn.active,.btn-group-vertical>.btn:active,.btn-group-vertical>.btn:focus,.btn-group-vertical>.btn:hover,.btn-group>.btn.active,.btn-group>.btn:active,.btn-group>.btn:focus,.btn-group>.btn:hover{z-index:2}.btn-group .btn+.btn,.btn-group .btn+.btn-group,.btn-group .btn-group+.btn,.btn-group .btn-group+.btn-group{margin-left:-1px}.btn-toolbar{margin-left:-5px}.btn-toolbar .btn,.btn-toolbar .btn-group,.btn-toolbar .input-group{float:left}.btn-toolbar>.btn,.btn-toolbar>.btn-group,.btn-toolbar>.input-group{margin-left:5px}.btn-group>.btn:not(:first-child):not(:last-child):not(.dropdown-toggle){border-radius:0}.btn-group>.btn:first-child{margin-left:0}.btn-group>.btn:first-child:not(:last-child):not(.dropdown-toggle){border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn:last-child:not(:first-child),.btn-group>.dropdown-toggle:not(:first-child){border-top-left-radius:0;border-bottom-left-radius:0}.btn-group>.btn-group{float:left}.btn-group>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn-group:last-child:not(:first-child)>.btn:first-child{border-top-left-radius:0;border-bottom-left-radius:0}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group>.btn+.dropdown-toggle{padding-right:8px;padding-left:8px}.btn-group>.btn-lg+.dropdown-toggle{padding-right:12px;padding-left:12px}.btn-group.open .dropdown-toggle{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125);box-shadow:inset 0 3px 5px rgba(0,0,0,.125)}.btn-group.open .dropdown-toggle.btn-link{-webkit-box-shadow:none;box-shadow:none}.btn .caret{margin-left:0}.btn-lg .caret{border-width:5px 5px 0;border-bottom-width:0}.dropup .btn-lg .caret{border-width:0 5px 5px}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group,.btn-group-vertical>.btn-group>.btn{display:block;float:none;width:100%;max-width:100%}.btn-group-vertical>.btn-group>.btn{float:none}.btn-group-vertical>.btn+.btn,.btn-group-vertical>.btn+.btn-group,.btn-group-vertical>.btn-group+.btn,.btn-group-vertical>.btn-group+.btn-group{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn:not(:first-child):not(:last-child){border-radius:0}.btn-group-vertical>.btn:first-child:not(:last-child){border-top-left-radius:4px;border-top-right-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn:last-child:not(:first-child){border-top-left-radius:0;border-top-right-radius:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}.btn-group-vertical>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group-vertical>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group-vertical>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn-group:last-child:not(:first-child)>.btn:first-child{border-top-left-radius:0;border-top-right-radius:0}.btn-group-justified{display:table;width:100%;table-layout:fixed;border-collapse:separate}.btn-group-justified>.btn,.btn-group-justified>.btn-group{display:table-cell;float:none;width:1%}.btn-group-justified>.btn-group .btn{width:100%}.btn-group-justified>.btn-group .dropdown-menu{left:auto}[data-toggle=buttons]>.btn input[type=checkbox],[data-toggle=buttons]>.btn input[type=radio],[data-toggle=buttons]>.btn-group>.btn input[type=checkbox],[data-toggle=buttons]>.btn-group>.btn input[type=radio]{position:absolute;clip:rect(0,0,0,0);pointer-events:none}.input-group{position:relative;display:table;border-collapse:separate}.input-group[class*=col-]{float:none;padding-right:0;padding-left:0}.input-group .form-control{position:relative;z-index:2;float:left;width:100%;margin-bottom:0}.input-group .form-control:focus{z-index:3}.input-group-lg>.form-control,.input-group-lg>.input-group-addon,.input-group-lg>.input-group-btn>.btn{height:46px;padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}select.input-group-lg>.form-control,select.input-group-lg>.input-group-addon,select.input-group-lg>.input-group-btn>.btn{height:46px;line-height:46px}select[multiple].input-group-lg>.form-control,select[multiple].input-group-lg>.input-group-addon,select[multiple].input-group-lg>.input-group-btn>.btn,textarea.input-group-lg>.form-control,textarea.input-group-lg>.input-group-addon,textarea.input-group-lg>.input-group-btn>.btn{height:auto}.input-group-sm>.form-control,.input-group-sm>.input-group-addon,.input-group-sm>.input-group-btn>.btn{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-group-sm>.form-control,select.input-group-sm>.input-group-addon,select.input-group-sm>.input-group-btn>.btn{height:30px;line-height:30px}select[multiple].input-group-sm>.form-control,select[multiple].input-group-sm>.input-group-addon,select[multiple].input-group-sm>.input-group-btn>.btn,textarea.input-group-sm>.form-control,textarea.input-group-sm>.input-group-addon,textarea.input-group-sm>.input-group-btn>.btn{height:auto}.input-group .form-control,.input-group-addon,.input-group-btn{display:table-cell}.input-group .form-control:not(:first-child):not(:last-child),.input-group-addon:not(:first-child):not(:last-child),.input-group-btn:not(:first-child):not(:last-child){border-radius:0}.input-group-addon,.input-group-btn{width:1%;white-space:nowrap;vertical-align:middle}.input-group-addon{padding:6px 12px;font-size:14px;font-weight:400;line-height:1;color:#555;text-align:center;background-color:#eee;border:1px solid #ccc;border-radius:4px}.input-group-addon.input-sm{padding:5px 10px;font-size:12px;border-radius:3px}.input-group-addon.input-lg{padding:10px 16px;font-size:18px;border-radius:6px}.input-group-addon input[type=checkbox],.input-group-addon input[type=radio]{margin-top:0}.input-group .form-control:first-child,.input-group-addon:first-child,.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group>.btn,.input-group-btn:first-child>.dropdown-toggle,.input-group-btn:last-child>.btn-group:not(:last-child)>.btn,.input-group-btn:last-child>.btn:not(:last-child):not(.dropdown-toggle){border-top-right-radius:0;border-bottom-right-radius:0}.input-group-addon:first-child{border-right:0}.input-group .form-control:last-child,.input-group-addon:last-child,.input-group-btn:first-child>.btn-group:not(:first-child)>.btn,.input-group-btn:first-child>.btn:not(:first-child),.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group>.btn,.input-group-btn:last-child>.dropdown-toggle{border-top-left-radius:0;border-bottom-left-radius:0}.input-group-addon:last-child{border-left:0}.input-group-btn{position:relative;font-size:0;white-space:nowrap}.input-group-btn>.btn{position:relative}.input-group-btn>.btn+.btn{margin-left:-1px}.input-group-btn>.btn:active,.input-group-btn>.btn:focus,.input-group-btn>.btn:hover{z-index:2}.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group{margin-right:-1px}.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group{z-index:2;margin-left:-1px}.nav{padding-left:0;margin-bottom:0;list-style:none}.nav>li{position:relative;display:block}.nav>li>a{position:relative;display:block;padding:10px 15px}.nav>li>a:focus,.nav>li>a:hover{text-decoration:none;background-color:#eee}.nav>li.disabled>a{color:#777}.nav>li.disabled>a:focus,.nav>li.disabled>a:hover{color:#777;text-decoration:none;cursor:not-allowed;background-color:transparent}.nav .open>a,.nav .open>a:focus,.nav .open>a:hover{background-color:#eee;border-color:#337ab7}.nav .nav-divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.nav>li>a>img{max-width:none}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{float:left;margin-bottom:-1px}.nav-tabs>li>a{margin-right:2px;line-height:1.42857143;border:1px solid transparent;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover{border-color:#eee #eee #ddd}.nav-tabs>li.active>a,.nav-tabs>li.active>a:focus,.nav-tabs>li.active>a:hover{color:#555;cursor:default;background-color:#fff;border:1px solid #ddd;border-bottom-color:transparent}.nav-tabs.nav-justified{width:100%;border-bottom:0}.nav-tabs.nav-justified>li{float:none}.nav-tabs.nav-justified>li>a{margin-bottom:5px;text-align:center}.nav-tabs.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-tabs.nav-justified>li{display:table-cell;width:1%}.nav-tabs.nav-justified>li>a{margin-bottom:0}}.nav-tabs.nav-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:focus,.nav-tabs.nav-justified>.active>a:hover{border:1px solid #ddd}@media (min-width:768px){.nav-tabs.nav-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:focus,.nav-tabs.nav-justified>.active>a:hover{border-bottom-color:#fff}}.nav-pills>li{float:left}.nav-pills>li>a{border-radius:4px}.nav-pills>li+li{margin-left:2px}.nav-pills>li.active>a,.nav-pills>li.active>a:focus,.nav-pills>li.active>a:hover{color:#fff;background-color:#337ab7}.nav-stacked>li{float:none}.nav-stacked>li+li{margin-top:2px;margin-left:0}.nav-justified{width:100%}.nav-justified>li{float:none}.nav-justified>li>a{margin-bottom:5px;text-align:center}.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-justified>li{display:table-cell;width:1%}.nav-justified>li>a{margin-bottom:0}}.nav-tabs-justified{border-bottom:0}.nav-tabs-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:focus,.nav-tabs-justified>.active>a:hover{border:1px solid #ddd}@media (min-width:768px){.nav-tabs-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:focus,.nav-tabs-justified>.active>a:hover{border-bottom-color:#fff}}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.nav-tabs .dropdown-menu{margin-top:-1px;border-top-left-radius:0;border-top-right-radius:0}.navbar{position:relative;min-height:50px;margin-bottom:20px;border:1px solid transparent}@media (min-width:768px){.navbar{border-radius:4px}}@media (min-width:768px){.navbar-header{float:left}}.navbar-collapse{padding-right:15px;padding-left:15px;overflow-x:visible;-webkit-overflow-scrolling:touch;border-top:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,.1);box-shadow:inset 0 1px 0 rgba(255,255,255,.1)}.navbar-collapse.in{overflow-y:auto}@media (min-width:768px){.navbar-collapse{width:auto;border-top:0;-webkit-box-shadow:none;box-shadow:none}.navbar-collapse.collapse{display:block!important;height:auto!important;padding-bottom:0;overflow:visible!important}.navbar-collapse.in{overflow-y:visible}.navbar-fixed-bottom .navbar-collapse,.navbar-fixed-top .navbar-collapse,.navbar-static-top .navbar-collapse{padding-right:0;padding-left:0}}.navbar-fixed-bottom .navbar-collapse,.navbar-fixed-top .navbar-collapse{max-height:340px}@media (max-device-width:480px) and (orientation:landscape){.navbar-fixed-bottom .navbar-collapse,.navbar-fixed-top .navbar-collapse{max-height:200px}}.container-fluid>.navbar-collapse,.container-fluid>.navbar-header,.container>.navbar-collapse,.container>.navbar-header{margin-right:-15px;margin-left:-15px}@media (min-width:768px){.container-fluid>.navbar-collapse,.container-fluid>.navbar-header,.container>.navbar-collapse,.container>.navbar-header{margin-right:0;margin-left:0}}.navbar-static-top{z-index:1000;border-width:0 0 1px}@media (min-width:768px){.navbar-static-top{border-radius:0}}.navbar-fixed-bottom,.navbar-fixed-top{position:fixed;right:0;left:0;z-index:1030}@media (min-width:768px){.navbar-fixed-bottom,.navbar-fixed-top{border-radius:0}}.navbar-fixed-top{top:0;border-width:0 0 1px}.navbar-fixed-bottom{bottom:0;margin-bottom:0;border-width:1px 0 0}.navbar-brand{float:left;height:50px;padding:15px 15px;font-size:18px;line-height:20px}.navbar-brand:focus,.navbar-brand:hover{text-decoration:none}.navbar-brand>img{display:block}@media (min-width:768px){.navbar>.container .navbar-brand,.navbar>.container-fluid .navbar-brand{margin-left:-15px}}.navbar-toggle{position:relative;float:right;padding:9px 10px;margin-top:8px;margin-right:15px;margin-bottom:8px;background-color:transparent;background-image:none;border:1px solid transparent;border-radius:4px}.navbar-toggle:focus{outline:0}.navbar-toggle .icon-bar{display:block;width:22px;height:2px;border-radius:1px}.navbar-toggle .icon-bar+.icon-bar{margin-top:4px}@media (min-width:768px){.navbar-toggle{display:none}}.navbar-nav{margin:7.5px -15px}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px;line-height:20px}@media (max-width:767px){.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;-webkit-box-shadow:none;box-shadow:none}.navbar-nav .open .dropdown-menu .dropdown-header,.navbar-nav .open .dropdown-menu>li>a{padding:5px 15px 5px 25px}.navbar-nav .open .dropdown-menu>li>a{line-height:20px}.navbar-nav .open .dropdown-menu>li>a:focus,.navbar-nav .open .dropdown-menu>li>a:hover{background-image:none}}@media (min-width:768px){.navbar-nav{float:left;margin:0}.navbar-nav>li{float:left}.navbar-nav>li>a{padding-top:15px;padding-bottom:15px}}.navbar-form{padding:10px 15px;margin-top:8px;margin-right:-15px;margin-bottom:8px;margin-left:-15px;border-top:1px solid transparent;border-bottom:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,.1),0 1px 0 rgba(255,255,255,.1);box-shadow:inset 0 1px 0 rgba(255,255,255,.1),0 1px 0 rgba(255,255,255,.1)}@media (min-width:768px){.navbar-form .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.navbar-form .form-control{display:inline-block;width:auto;vertical-align:middle}.navbar-form .form-control-static{display:inline-block}.navbar-form .input-group{display:inline-table;vertical-align:middle}.navbar-form .input-group .form-control,.navbar-form .input-group .input-group-addon,.navbar-form .input-group .input-group-btn{width:auto}.navbar-form .input-group>.form-control{width:100%}.navbar-form .control-label{margin-bottom:0;vertical-align:middle}.navbar-form .checkbox,.navbar-form .radio{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.navbar-form .checkbox label,.navbar-form .radio label{padding-left:0}.navbar-form .checkbox input[type=checkbox],.navbar-form .radio input[type=radio]{position:relative;margin-left:0}.navbar-form .has-feedback .form-control-feedback{top:0}}@media (max-width:767px){.navbar-form .form-group{margin-bottom:5px}.navbar-form .form-group:last-child{margin-bottom:0}}@media (min-width:768px){.navbar-form{width:auto;padding-top:0;padding-bottom:0;margin-right:0;margin-left:0;border:0;-webkit-box-shadow:none;box-shadow:none}}.navbar-nav>li>.dropdown-menu{margin-top:0;border-top-left-radius:0;border-top-right-radius:0}.navbar-fixed-bottom .navbar-nav>li>.dropdown-menu{margin-bottom:0;border-top-left-radius:4px;border-top-right-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.navbar-btn{margin-top:8px;margin-bottom:8px}.navbar-btn.btn-sm{margin-top:10px;margin-bottom:10px}.navbar-btn.btn-xs{margin-top:14px;margin-bottom:14px}.navbar-text{margin-top:15px;margin-bottom:15px}@media (min-width:768px){.navbar-text{float:left;margin-right:15px;margin-left:15px}}@media (min-width:768px){.navbar-left{float:left!important}.navbar-right{float:right!important;margin-right:-15px}.navbar-right~.navbar-right{margin-right:0}}.navbar-default{background-color:#f8f8f8;border-color:#e7e7e7}.navbar-default .navbar-brand{color:#777}.navbar-default .navbar-brand:focus,.navbar-default .navbar-brand:hover{color:#5e5e5e;background-color:transparent}.navbar-default .navbar-text{color:#777}.navbar-default .navbar-nav>li>a{color:#777}.navbar-default .navbar-nav>li>a:focus,.navbar-default .navbar-nav>li>a:hover{color:#333;background-color:transparent}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.active>a:focus,.navbar-default .navbar-nav>.active>a:hover{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav>.disabled>a,.navbar-default .navbar-nav>.disabled>a:focus,.navbar-default .navbar-nav>.disabled>a:hover{color:#ccc;background-color:transparent}.navbar-default .navbar-toggle{border-color:#ddd}.navbar-default .navbar-toggle:focus,.navbar-default .navbar-toggle:hover{background-color:#ddd}.navbar-default .navbar-toggle .icon-bar{background-color:#888}.navbar-default .navbar-collapse,.navbar-default .navbar-form{border-color:#e7e7e7}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.open>a:focus,.navbar-default .navbar-nav>.open>a:hover{color:#555;background-color:#e7e7e7}@media (max-width:767px){.navbar-default .navbar-nav .open .dropdown-menu>li>a{color:#777}.navbar-default .navbar-nav .open .dropdown-menu>li>a:focus,.navbar-default .navbar-nav .open .dropdown-menu>li>a:hover{color:#333;background-color:transparent}.navbar-default .navbar-nav .open .dropdown-menu>.active>a,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:focus,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:hover{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:focus,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:hover{color:#ccc;background-color:transparent}}.navbar-default .navbar-link{color:#777}.navbar-default .navbar-link:hover{color:#333}.navbar-default .btn-link{color:#777}.navbar-default .btn-link:focus,.navbar-default .btn-link:hover{color:#333}.navbar-default .btn-link[disabled]:focus,.navbar-default .btn-link[disabled]:hover,fieldset[disabled] .navbar-default .btn-link:focus,fieldset[disabled] .navbar-default .btn-link:hover{color:#ccc}.navbar-inverse{background-color:#222;border-color:#080808}.navbar-inverse .navbar-brand{color:#9d9d9d}.navbar-inverse .navbar-brand:focus,.navbar-inverse .navbar-brand:hover{color:#fff;background-color:transparent}.navbar-inverse .navbar-text{color:#9d9d9d}.navbar-inverse .navbar-nav>li>a{color:#9d9d9d}.navbar-inverse .navbar-nav>li>a:focus,.navbar-inverse .navbar-nav>li>a:hover{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.active>a:focus,.navbar-inverse .navbar-nav>.active>a:hover{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav>.disabled>a,.navbar-inverse .navbar-nav>.disabled>a:focus,.navbar-inverse .navbar-nav>.disabled>a:hover{color:#444;background-color:transparent}.navbar-inverse .navbar-toggle{border-color:#333}.navbar-inverse .navbar-toggle:focus,.navbar-inverse .navbar-toggle:hover{background-color:#333}.navbar-inverse .navbar-toggle .icon-bar{background-color:#fff}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#101010}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.open>a:focus,.navbar-inverse .navbar-nav>.open>a:hover{color:#fff;background-color:#080808}@media (max-width:767px){.navbar-inverse .navbar-nav .open .dropdown-menu>.dropdown-header{border-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu .divider{background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a{color:#9d9d9d}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:focus,.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:hover{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:focus,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:hover{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:focus,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:hover{color:#444;background-color:transparent}}.navbar-inverse .navbar-link{color:#9d9d9d}.navbar-inverse .navbar-link:hover{color:#fff}.navbar-inverse .btn-link{color:#9d9d9d}.navbar-inverse .btn-link:focus,.navbar-inverse .btn-link:hover{color:#fff}.navbar-inverse .btn-link[disabled]:focus,.navbar-inverse .btn-link[disabled]:hover,fieldset[disabled] .navbar-inverse .btn-link:focus,fieldset[disabled] .navbar-inverse .btn-link:hover{color:#444}.breadcrumb{padding:8px 15px;margin-bottom:20px;list-style:none;background-color:#f5f5f5;border-radius:4px}.breadcrumb>li{display:inline-block}.breadcrumb>li+li:before{padding:0 5px;color:#ccc;content:"/\00a0"}.breadcrumb>.active{color:#777}.pagination{display:inline-block;padding-left:0;margin:20px 0;border-radius:4px}.pagination>li{display:inline}.pagination>li>a,.pagination>li>span{position:relative;float:left;padding:6px 12px;margin-left:-1px;line-height:1.42857143;color:#337ab7;text-decoration:none;background-color:#fff;border:1px solid #ddd}.pagination>li:first-child>a,.pagination>li:first-child>span{margin-left:0;border-top-left-radius:4px;border-bottom-left-radius:4px}.pagination>li:last-child>a,.pagination>li:last-child>span{border-top-right-radius:4px;border-bottom-right-radius:4px}.pagination>li>a:focus,.pagination>li>a:hover,.pagination>li>span:focus,.pagination>li>span:hover{z-index:2;color:#23527c;background-color:#eee;border-color:#ddd}.pagination>.active>a,.pagination>.active>a:focus,.pagination>.active>a:hover,.pagination>.active>span,.pagination>.active>span:focus,.pagination>.active>span:hover{z-index:3;color:#fff;cursor:default;background-color:#337ab7;border-color:#337ab7}.pagination>.disabled>a,.pagination>.disabled>a:focus,.pagination>.disabled>a:hover,.pagination>.disabled>span,.pagination>.disabled>span:focus,.pagination>.disabled>span:hover{color:#777;cursor:not-allowed;background-color:#fff;border-color:#ddd}.pagination-lg>li>a,.pagination-lg>li>span{padding:10px 16px;font-size:18px;line-height:1.3333333}.pagination-lg>li:first-child>a,.pagination-lg>li:first-child>span{border-top-left-radius:6px;border-bottom-left-radius:6px}.pagination-lg>li:last-child>a,.pagination-lg>li:last-child>span{border-top-right-radius:6px;border-bottom-right-radius:6px}.pagination-sm>li>a,.pagination-sm>li>span{padding:5px 10px;font-size:12px;line-height:1.5}.pagination-sm>li:first-child>a,.pagination-sm>li:first-child>span{border-top-left-radius:3px;border-bottom-left-radius:3px}.pagination-sm>li:last-child>a,.pagination-sm>li:last-child>span{border-top-right-radius:3px;border-bottom-right-radius:3px}.pager{padding-left:0;margin:20px 0;text-align:center;list-style:none}.pager li{display:inline}.pager li>a,.pager li>span{display:inline-block;padding:5px 14px;background-color:#fff;border:1px solid #ddd;border-radius:15px}.pager li>a:focus,.pager li>a:hover{text-decoration:none;background-color:#eee}.pager .next>a,.pager .next>span{float:right}.pager .previous>a,.pager .previous>span{float:left}.pager .disabled>a,.pager .disabled>a:focus,.pager .disabled>a:hover,.pager .disabled>span{color:#777;cursor:not-allowed;background-color:#fff}.label{display:inline;padding:.2em .6em .3em;font-size:75%;font-weight:700;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:.25em}a.label:focus,a.label:hover{color:#fff;text-decoration:none;cursor:pointer}.label:empty{display:none}.btn .label{position:relative;top:-1px}.label-default{background-color:#777}.label-default[href]:focus,.label-default[href]:hover{background-color:#5e5e5e}.label-primary{background-color:#337ab7}.label-primary[href]:focus,.label-primary[href]:hover{background-color:#286090}.label-success{background-color:#5cb85c}.label-success[href]:focus,.label-success[href]:hover{background-color:#449d44}.label-info{background-color:#5bc0de}.label-info[href]:focus,.label-info[href]:hover{background-color:#31b0d5}.label-warning{background-color:#f0ad4e}.label-warning[href]:focus,.label-warning[href]:hover{background-color:#ec971f}.label-danger{background-color:#d9534f}.label-danger[href]:focus,.label-danger[href]:hover{background-color:#c9302c}.badge{display:inline-block;min-width:10px;padding:3px 7px;font-size:12px;font-weight:700;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:middle;background-color:#777;border-radius:10px}.badge:empty{display:none}.btn .badge{position:relative;top:-1px}.btn-group-xs>.btn .badge,.btn-xs .badge{top:0;padding:1px 5px}a.badge:focus,a.badge:hover{color:#fff;text-decoration:none;cursor:pointer}.list-group-item.active>.badge,.nav-pills>.active>a>.badge{color:#337ab7;background-color:#fff}.list-group-item>.badge{float:right}.list-group-item>.badge+.badge{margin-right:5px}.nav-pills>li>a>.badge{margin-left:3px}.jumbotron{padding-top:30px;padding-bottom:30px;margin-bottom:30px;color:inherit;background-color:#eee}.jumbotron .h1,.jumbotron h1{color:inherit}.jumbotron p{margin-bottom:15px;font-size:21px;font-weight:200}.jumbotron>hr{border-top-color:#d5d5d5}.container .jumbotron,.container-fluid .jumbotron{padding-right:15px;padding-left:15px;border-radius:6px}.jumbotron .container{max-width:100%}@media screen and (min-width:768px){.jumbotron{padding-top:48px;padding-bottom:48px}.container .jumbotron,.container-fluid .jumbotron{padding-right:60px;padding-left:60px}.jumbotron .h1,.jumbotron h1{font-size:63px}}.thumbnail{display:block;padding:4px;margin-bottom:20px;line-height:1.42857143;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:border .2s ease-in-out;-o-transition:border .2s ease-in-out;transition:border .2s ease-in-out}.thumbnail a>img,.thumbnail>img{margin-right:auto;margin-left:auto}a.thumbnail.active,a.thumbnail:focus,a.thumbnail:hover{border-color:#337ab7}.thumbnail .caption{padding:9px;color:#333}.alert{padding:15px;margin-bottom:20px;border:1px solid transparent;border-radius:4px}.alert h4{margin-top:0;color:inherit}.alert .alert-link{font-weight:700}.alert>p,.alert>ul{margin-bottom:0}.alert>p+p{margin-top:5px}.alert-dismissable,.alert-dismissible{padding-right:35px}.alert-dismissable .close,.alert-dismissible .close{position:relative;top:-2px;right:-21px;color:inherit}.alert-success{color:#3c763d;background-color:#dff0d8;border-color:#d6e9c6}.alert-success hr{border-top-color:#c9e2b3}.alert-success .alert-link{color:#2b542c}.alert-info{color:#31708f;background-color:#d9edf7;border-color:#bce8f1}.alert-info hr{border-top-color:#a6e1ec}.alert-info .alert-link{color:#245269}.alert-warning{color:#8a6d3b;background-color:#fcf8e3;border-color:#faebcc}.alert-warning hr{border-top-color:#f7e1b5}.alert-warning .alert-link{color:#66512c}.alert-danger{color:#a94442;background-color:#f2dede;border-color:#ebccd1}.alert-danger hr{border-top-color:#e4b9c0}.alert-danger .alert-link{color:#843534}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{height:20px;margin-bottom:20px;overflow:hidden;background-color:#f5f5f5;border-radius:4px;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,.1);box-shadow:inset 0 1px 2px rgba(0,0,0,.1)}.progress-bar{float:left;width:0;height:100%;font-size:12px;line-height:20px;color:#fff;text-align:center;background-color:#337ab7;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,.15);-webkit-transition:width .6s ease;-o-transition:width .6s ease;transition:width .6s ease}.progress-bar-striped,.progress-striped .progress-bar{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);-webkit-background-size:40px 40px;background-size:40px 40px}.progress-bar.active,.progress.active .progress-bar{-webkit-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-bar-success{background-color:#5cb85c}.progress-striped .progress-bar-success{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent)}.progress-bar-info{background-color:#5bc0de}.progress-striped .progress-bar-info{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent)}.progress-bar-warning{background-color:#f0ad4e}.progress-striped .progress-bar-warning{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent)}.progress-bar-danger{background-color:#d9534f}.progress-striped .progress-bar-danger{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent)}.media{margin-top:15px}.media:first-child{margin-top:0}.media,.media-body{overflow:hidden;zoom:1}.media-body{width:10000px}.media-object{display:block}.media-object.img-thumbnail{max-width:none}.media-right,.media>.pull-right{padding-left:10px}.media-left,.media>.pull-left{padding-right:10px}.media-body,.media-left,.media-right{display:table-cell;vertical-align:top}.media-middle{vertical-align:middle}.media-bottom{vertical-align:bottom}.media-heading{margin-top:0;margin-bottom:5px}.media-list{padding-left:0;list-style:none}.list-group{padding-left:0;margin-bottom:20px}.list-group-item{position:relative;display:block;padding:10px 15px;margin-bottom:-1px;background-color:#fff;border:1px solid #ddd}.list-group-item:first-child{border-top-left-radius:4px;border-top-right-radius:4px}.list-group-item:last-child{margin-bottom:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}a.list-group-item,button.list-group-item{color:#555}a.list-group-item .list-group-item-heading,button.list-group-item .list-group-item-heading{color:#333}a.list-group-item:focus,a.list-group-item:hover,button.list-group-item:focus,button.list-group-item:hover{color:#555;text-decoration:none;background-color:#f5f5f5}button.list-group-item{width:100%;text-align:left}.list-group-item.disabled,.list-group-item.disabled:focus,.list-group-item.disabled:hover{color:#777;cursor:not-allowed;background-color:#eee}.list-group-item.disabled .list-group-item-heading,.list-group-item.disabled:focus .list-group-item-heading,.list-group-item.disabled:hover .list-group-item-heading{color:inherit}.list-group-item.disabled .list-group-item-text,.list-group-item.disabled:focus .list-group-item-text,.list-group-item.disabled:hover .list-group-item-text{color:#777}.list-group-item.active,.list-group-item.active:focus,.list-group-item.active:hover{z-index:2;color:#fff;background-color:#337ab7;border-color:#337ab7}.list-group-item.active .list-group-item-heading,.list-group-item.active .list-group-item-heading>.small,.list-group-item.active .list-group-item-heading>small,.list-group-item.active:focus .list-group-item-heading,.list-group-item.active:focus .list-group-item-heading>.small,.list-group-item.active:focus .list-group-item-heading>small,.list-group-item.active:hover .list-group-item-heading,.list-group-item.active:hover .list-group-item-heading>.small,.list-group-item.active:hover .list-group-item-heading>small{color:inherit}.list-group-item.active .list-group-item-text,.list-group-item.active:focus .list-group-item-text,.list-group-item.active:hover .list-group-item-text{color:#c7ddef}.list-group-item-success{color:#3c763d;background-color:#dff0d8}a.list-group-item-success,button.list-group-item-success{color:#3c763d}a.list-group-item-success .list-group-item-heading,button.list-group-item-success .list-group-item-heading{color:inherit}a.list-group-item-success:focus,a.list-group-item-success:hover,button.list-group-item-success:focus,button.list-group-item-success:hover{color:#3c763d;background-color:#d0e9c6}a.list-group-item-success.active,a.list-group-item-success.active:focus,a.list-group-item-success.active:hover,button.list-group-item-success.active,button.list-group-item-success.active:focus,button.list-group-item-success.active:hover{color:#fff;background-color:#3c763d;border-color:#3c763d}.list-group-item-info{color:#31708f;background-color:#d9edf7}a.list-group-item-info,button.list-group-item-info{color:#31708f}a.list-group-item-info .list-group-item-heading,button.list-group-item-info .list-group-item-heading{color:inherit}a.list-group-item-info:focus,a.list-group-item-info:hover,button.list-group-item-info:focus,button.list-group-item-info:hover{color:#31708f;background-color:#c4e3f3}a.list-group-item-info.active,a.list-group-item-info.active:focus,a.list-group-item-info.active:hover,button.list-group-item-info.active,button.list-group-item-info.active:focus,button.list-group-item-info.active:hover{color:#fff;background-color:#31708f;border-color:#31708f}.list-group-item-warning{color:#8a6d3b;background-color:#fcf8e3}a.list-group-item-warning,button.list-group-item-warning{color:#8a6d3b}a.list-group-item-warning .list-group-item-heading,button.list-group-item-warning .list-group-item-heading{color:inherit}a.list-group-item-warning:focus,a.list-group-item-warning:hover,button.list-group-item-warning:focus,button.list-group-item-warning:hover{color:#8a6d3b;background-color:#faf2cc}a.list-group-item-warning.active,a.list-group-item-warning.active:focus,a.list-group-item-warning.active:hover,button.list-group-item-warning.active,button.list-group-item-warning.active:focus,button.list-group-item-warning.active:hover{color:#fff;background-color:#8a6d3b;border-color:#8a6d3b}.list-group-item-danger{color:#a94442;background-color:#f2dede}a.list-group-item-danger,button.list-group-item-danger{color:#a94442}a.list-group-item-danger .list-group-item-heading,button.list-group-item-danger .list-group-item-heading{color:inherit}a.list-group-item-danger:focus,a.list-group-item-danger:hover,button.list-group-item-danger:focus,button.list-group-item-danger:hover{color:#a94442;background-color:#ebcccc}a.list-group-item-danger.active,a.list-group-item-danger.active:focus,a.list-group-item-danger.active:hover,button.list-group-item-danger.active,button.list-group-item-danger.active:focus,button.list-group-item-danger.active:hover{color:#fff;background-color:#a94442;border-color:#a94442}.list-group-item-heading{margin-top:0;margin-bottom:5px}.list-group-item-text{margin-bottom:0;line-height:1.3}.panel{margin-bottom:20px;background-color:#fff;border:1px solid transparent;border-radius:4px;-webkit-box-shadow:0 1px 1px rgba(0,0,0,.05);box-shadow:0 1px 1px rgba(0,0,0,.05)}.panel-body{padding:15px}.panel-heading{padding:10px 15px;border-bottom:1px solid transparent;border-top-left-radius:3px;border-top-right-radius:3px}.panel-heading>.dropdown .dropdown-toggle{color:inherit}.panel-title{margin-top:0;margin-bottom:0;font-size:16px;color:inherit}.panel-title>.small,.panel-title>.small>a,.panel-title>a,.panel-title>small,.panel-title>small>a{color:inherit}.panel-footer{padding:10px 15px;background-color:#f5f5f5;border-top:1px solid #ddd;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.list-group,.panel>.panel-collapse>.list-group{margin-bottom:0}.panel>.list-group .list-group-item,.panel>.panel-collapse>.list-group .list-group-item{border-width:1px 0;border-radius:0}.panel>.list-group:first-child .list-group-item:first-child,.panel>.panel-collapse>.list-group:first-child .list-group-item:first-child{border-top:0;border-top-left-radius:3px;border-top-right-radius:3px}.panel>.list-group:last-child .list-group-item:last-child,.panel>.panel-collapse>.list-group:last-child .list-group-item:last-child{border-bottom:0;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.panel-heading+.panel-collapse>.list-group .list-group-item:first-child{border-top-left-radius:0;border-top-right-radius:0}.panel-heading+.list-group .list-group-item:first-child{border-top-width:0}.list-group+.panel-footer{border-top-width:0}.panel>.panel-collapse>.table,.panel>.table,.panel>.table-responsive>.table{margin-bottom:0}.panel>.panel-collapse>.table caption,.panel>.table caption,.panel>.table-responsive>.table caption{padding-right:15px;padding-left:15px}.panel>.table-responsive:first-child>.table:first-child,.panel>.table:first-child{border-top-left-radius:3px;border-top-right-radius:3px}.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child,.panel>.table:first-child>thead:first-child>tr:first-child{border-top-left-radius:3px;border-top-right-radius:3px}.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table:first-child>thead:first-child>tr:first-child th:first-child{border-top-left-radius:3px}.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table:first-child>thead:first-child>tr:first-child th:last-child{border-top-right-radius:3px}.panel>.table-responsive:last-child>.table:last-child,.panel>.table:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:first-child{border-bottom-left-radius:3px}.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:last-child{border-bottom-right-radius:3px}.panel>.panel-body+.table,.panel>.panel-body+.table-responsive,.panel>.table+.panel-body,.panel>.table-responsive+.panel-body{border-top:1px solid #ddd}.panel>.table>tbody:first-child>tr:first-child td,.panel>.table>tbody:first-child>tr:first-child th{border-top:0}.panel>.table-bordered,.panel>.table-responsive>.table-bordered{border:0}.panel>.table-bordered>tbody>tr>td:first-child,.panel>.table-bordered>tbody>tr>th:first-child,.panel>.table-bordered>tfoot>tr>td:first-child,.panel>.table-bordered>tfoot>tr>th:first-child,.panel>.table-bordered>thead>tr>td:first-child,.panel>.table-bordered>thead>tr>th:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:first-child,.panel>.table-responsive>.table-bordered>thead>tr>td:first-child,.panel>.table-responsive>.table-bordered>thead>tr>th:first-child{border-left:0}.panel>.table-bordered>tbody>tr>td:last-child,.panel>.table-bordered>tbody>tr>th:last-child,.panel>.table-bordered>tfoot>tr>td:last-child,.panel>.table-bordered>tfoot>tr>th:last-child,.panel>.table-bordered>thead>tr>td:last-child,.panel>.table-bordered>thead>tr>th:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:last-child,.panel>.table-responsive>.table-bordered>thead>tr>td:last-child,.panel>.table-responsive>.table-bordered>thead>tr>th:last-child{border-right:0}.panel>.table-bordered>tbody>tr:first-child>td,.panel>.table-bordered>tbody>tr:first-child>th,.panel>.table-bordered>thead>tr:first-child>td,.panel>.table-bordered>thead>tr:first-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>th,.panel>.table-responsive>.table-bordered>thead>tr:first-child>td,.panel>.table-responsive>.table-bordered>thead>tr:first-child>th{border-bottom:0}.panel>.table-bordered>tbody>tr:last-child>td,.panel>.table-bordered>tbody>tr:last-child>th,.panel>.table-bordered>tfoot>tr:last-child>td,.panel>.table-bordered>tfoot>tr:last-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>th,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>td,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>th{border-bottom:0}.panel>.table-responsive{margin-bottom:0;border:0}.panel-group{margin-bottom:20px}.panel-group .panel{margin-bottom:0;border-radius:4px}.panel-group .panel+.panel{margin-top:5px}.panel-group .panel-heading{border-bottom:0}.panel-group .panel-heading+.panel-collapse>.list-group,.panel-group .panel-heading+.panel-collapse>.panel-body{border-top:1px solid #ddd}.panel-group .panel-footer{border-top:0}.panel-group .panel-footer+.panel-collapse .panel-body{border-bottom:1px solid #ddd}.panel-default{border-color:#ddd}.panel-default>.panel-heading{color:#333;background-color:#f5f5f5;border-color:#ddd}.panel-default>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ddd}.panel-default>.panel-heading .badge{color:#f5f5f5;background-color:#333}.panel-default>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ddd}.panel-primary{border-color:#337ab7}.panel-primary>.panel-heading{color:#fff;background-color:#337ab7;border-color:#337ab7}.panel-primary>.panel-heading+.panel-collapse>.panel-body{border-top-color:#337ab7}.panel-primary>.panel-heading .badge{color:#337ab7;background-color:#fff}.panel-primary>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#337ab7}.panel-success{border-color:#d6e9c6}.panel-success>.panel-heading{color:#3c763d;background-color:#dff0d8;border-color:#d6e9c6}.panel-success>.panel-heading+.panel-collapse>.panel-body{border-top-color:#d6e9c6}.panel-success>.panel-heading .badge{color:#dff0d8;background-color:#3c763d}.panel-success>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#d6e9c6}.panel-info{border-color:#bce8f1}.panel-info>.panel-heading{color:#31708f;background-color:#d9edf7;border-color:#bce8f1}.panel-info>.panel-heading+.panel-collapse>.panel-body{border-top-color:#bce8f1}.panel-info>.panel-heading .badge{color:#d9edf7;background-color:#31708f}.panel-info>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#bce8f1}.panel-warning{border-color:#faebcc}.panel-warning>.panel-heading{color:#8a6d3b;background-color:#fcf8e3;border-color:#faebcc}.panel-warning>.panel-heading+.panel-collapse>.panel-body{border-top-color:#faebcc}.panel-warning>.panel-heading .badge{color:#fcf8e3;background-color:#8a6d3b}.panel-warning>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#faebcc}.panel-danger{border-color:#ebccd1}.panel-danger>.panel-heading{color:#a94442;background-color:#f2dede;border-color:#ebccd1}.panel-danger>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ebccd1}.panel-danger>.panel-heading .badge{color:#f2dede;background-color:#a94442}.panel-danger>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ebccd1}.embed-responsive{position:relative;display:block;height:0;padding:0;overflow:hidden}.embed-responsive .embed-responsive-item,.embed-responsive embed,.embed-responsive iframe,.embed-responsive object,.embed-responsive video{position:absolute;top:0;bottom:0;left:0;width:100%;height:100%;border:0}.embed-responsive-16by9{padding-bottom:56.25%}.embed-responsive-4by3{padding-bottom:75%}.well{min-height:20px;padding:19px;margin-bottom:20px;background-color:#f5f5f5;border:1px solid #e3e3e3;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.05);box-shadow:inset 0 1px 1px rgba(0,0,0,.05)}.well blockquote{border-color:#ddd;border-color:rgba(0,0,0,.15)}.well-lg{padding:24px;border-radius:6px}.well-sm{padding:9px;border-radius:3px}.close{float:right;font-size:21px;font-weight:700;line-height:1;color:#000;text-shadow:0 1px 0 #fff;filter:alpha(opacity=20);opacity:.2}.close:focus,.close:hover{color:#000;text-decoration:none;cursor:pointer;filter:alpha(opacity=50);opacity:.5}button.close{-webkit-appearance:none;padding:0;cursor:pointer;background:0 0;border:0}.modal-open{overflow:hidden}.modal{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1050;display:none;overflow:hidden;-webkit-overflow-scrolling:touch;outline:0}.modal.fade .modal-dialog{-webkit-transition:-webkit-transform .3s ease-out;-o-transition:-o-transform .3s ease-out;transition:transform .3s ease-out;-webkit-transform:translate(0,-25%);-ms-transform:translate(0,-25%);-o-transform:translate(0,-25%);transform:translate(0,-25%)}.modal.in .modal-dialog{-webkit-transform:translate(0,0);-ms-transform:translate(0,0);-o-transform:translate(0,0);transform:translate(0,0)}.modal-open .modal{overflow-x:hidden;overflow-y:auto}.modal-dialog{position:relative;width:auto;margin:10px}.modal-content{position:relative;background-color:#fff;-webkit-background-clip:padding-box;background-clip:padding-box;border:1px solid #999;border:1px solid rgba(0,0,0,.2);border-radius:6px;outline:0;-webkit-box-shadow:0 3px 9px rgba(0,0,0,.5);box-shadow:0 3px 9px rgba(0,0,0,.5)}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;background-color:#000}.modal-backdrop.fade{filter:alpha(opacity=0);opacity:0}.modal-backdrop.in{filter:alpha(opacity=50);opacity:.5}.modal-header{padding:15px;border-bottom:1px solid #e5e5e5}.modal-header .close{margin-top:-2px}.modal-title{margin:0;line-height:1.42857143}.modal-body{position:relative;padding:15px}.modal-footer{padding:15px;text-align:right;border-top:1px solid #e5e5e5}.modal-footer .btn+.btn{margin-bottom:0;margin-left:5px}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}.modal-scrollbar-measure{position:absolute;top:-9999px;width:50px;height:50px;overflow:scroll}@media (min-width:768px){.modal-dialog{width:600px;margin:30px auto}.modal-content{-webkit-box-shadow:0 5px 15px rgba(0,0,0,.5);box-shadow:0 5px 15px rgba(0,0,0,.5)}.modal-sm{width:300px}}@media (min-width:992px){.modal-lg{width:900px}}.tooltip{position:absolute;z-index:1070;display:block;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:12px;font-style:normal;font-weight:400;line-height:1.42857143;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;word-spacing:normal;word-wrap:normal;white-space:normal;filter:alpha(opacity=0);opacity:0;line-break:auto}.tooltip.in{filter:alpha(opacity=90);opacity:.9}.tooltip.top{padding:5px 0;margin-top:-3px}.tooltip.right{padding:0 5px;margin-left:3px}.tooltip.bottom{padding:5px 0;margin-top:3px}.tooltip.left{padding:0 5px;margin-left:-3px}.tooltip-inner{max-width:200px;padding:3px 8px;color:#fff;text-align:center;background-color:#000;border-radius:4px}.tooltip-arrow{position:absolute;width:0;height:0;border-color:transparent;border-style:solid}.tooltip.top .tooltip-arrow{bottom:0;left:50%;margin-left:-5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.top-left .tooltip-arrow{right:5px;bottom:0;margin-bottom:-5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.top-right .tooltip-arrow{bottom:0;left:5px;margin-bottom:-5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.right .tooltip-arrow{top:50%;left:0;margin-top:-5px;border-width:5px 5px 5px 0;border-right-color:#000}.tooltip.left .tooltip-arrow{top:50%;right:0;margin-top:-5px;border-width:5px 0 5px 5px;border-left-color:#000}.tooltip.bottom .tooltip-arrow{top:0;left:50%;margin-left:-5px;border-width:0 5px 5px;border-bottom-color:#000}.tooltip.bottom-left .tooltip-arrow{top:0;right:5px;margin-top:-5px;border-width:0 5px 5px;border-bottom-color:#000}.tooltip.bottom-right .tooltip-arrow{top:0;left:5px;margin-top:-5px;border-width:0 5px 5px;border-bottom-color:#000}.popover{position:absolute;top:0;left:0;z-index:1060;display:none;max-width:276px;padding:1px;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;font-style:normal;font-weight:400;line-height:1.42857143;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;word-spacing:normal;word-wrap:normal;white-space:normal;background-color:#fff;-webkit-background-clip:padding-box;background-clip:padding-box;border:1px solid #ccc;border:1px solid rgba(0,0,0,.2);border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,.2);box-shadow:0 5px 10px rgba(0,0,0,.2);line-break:auto}.popover.top{margin-top:-10px}.popover.right{margin-left:10px}.popover.bottom{margin-top:10px}.popover.left{margin-left:-10px}.popover-title{padding:8px 14px;margin:0;font-size:14px;background-color:#f7f7f7;border-bottom:1px solid #ebebeb;border-radius:5px 5px 0 0}.popover-content{padding:9px 14px}.popover>.arrow,.popover>.arrow:after{position:absolute;display:block;width:0;height:0;border-color:transparent;border-style:solid}.popover>.arrow{border-width:11px}.popover>.arrow:after{content:"";border-width:10px}.popover.top>.arrow{bottom:-11px;left:50%;margin-left:-11px;border-top-color:#999;border-top-color:rgba(0,0,0,.25);border-bottom-width:0}.popover.top>.arrow:after{bottom:1px;margin-left:-10px;content:" ";border-top-color:#fff;border-bottom-width:0}.popover.right>.arrow{top:50%;left:-11px;margin-top:-11px;border-right-color:#999;border-right-color:rgba(0,0,0,.25);border-left-width:0}.popover.right>.arrow:after{bottom:-10px;left:1px;content:" ";border-right-color:#fff;border-left-width:0}.popover.bottom>.arrow{top:-11px;left:50%;margin-left:-11px;border-top-width:0;border-bottom-color:#999;border-bottom-color:rgba(0,0,0,.25)}.popover.bottom>.arrow:after{top:1px;margin-left:-10px;content:" ";border-top-width:0;border-bottom-color:#fff}.popover.left>.arrow{top:50%;right:-11px;margin-top:-11px;border-right-width:0;border-left-color:#999;border-left-color:rgba(0,0,0,.25)}.popover.left>.arrow:after{right:1px;bottom:-10px;content:" ";border-right-width:0;border-left-color:#fff}.carousel{position:relative}.carousel-inner{position:relative;width:100%;overflow:hidden}.carousel-inner>.item{position:relative;display:none;-webkit-transition:.6s ease-in-out left;-o-transition:.6s ease-in-out left;transition:.6s ease-in-out left}.carousel-inner>.item>a>img,.carousel-inner>.item>img{line-height:1}@media all and (transform-3d),(-webkit-transform-3d){.carousel-inner>.item{-webkit-transition:-webkit-transform .6s ease-in-out;-o-transition:-o-transform .6s ease-in-out;transition:transform .6s ease-in-out;-webkit-backface-visibility:hidden;backface-visibility:hidden;-webkit-perspective:1000px;perspective:1000px}.carousel-inner>.item.active.right,.carousel-inner>.item.next{left:0;-webkit-transform:translate3d(100%,0,0);transform:translate3d(100%,0,0)}.carousel-inner>.item.active.left,.carousel-inner>.item.prev{left:0;-webkit-transform:translate3d(-100%,0,0);transform:translate3d(-100%,0,0)}.carousel-inner>.item.active,.carousel-inner>.item.next.left,.carousel-inner>.item.prev.right{left:0;-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0)}}.carousel-inner>.active,.carousel-inner>.next,.carousel-inner>.prev{display:block}.carousel-inner>.active{left:0}.carousel-inner>.next,.carousel-inner>.prev{position:absolute;top:0;width:100%}.carousel-inner>.next{left:100%}.carousel-inner>.prev{left:-100%}.carousel-inner>.next.left,.carousel-inner>.prev.right{left:0}.carousel-inner>.active.left{left:-100%}.carousel-inner>.active.right{left:100%}.carousel-control{position:absolute;top:0;bottom:0;left:0;width:15%;font-size:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,.6);background-color:rgba(0,0,0,0);filter:alpha(opacity=50);opacity:.5}.carousel-control.left{background-image:-webkit-linear-gradient(left,rgba(0,0,0,.5) 0,rgba(0,0,0,.0001) 100%);background-image:-o-linear-gradient(left,rgba(0,0,0,.5) 0,rgba(0,0,0,.0001) 100%);background-image:-webkit-gradient(linear,left top,right top,from(rgba(0,0,0,.5)),to(rgba(0,0,0,.0001)));background-image:linear-gradient(to right,rgba(0,0,0,.5) 0,rgba(0,0,0,.0001) 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#80000000', endColorstr='#00000000', GradientType=1);background-repeat:repeat-x}.carousel-control.right{right:0;left:auto;background-image:-webkit-linear-gradient(left,rgba(0,0,0,.0001) 0,rgba(0,0,0,.5) 100%);background-image:-o-linear-gradient(left,rgba(0,0,0,.0001) 0,rgba(0,0,0,.5) 100%);background-image:-webkit-gradient(linear,left top,right top,from(rgba(0,0,0,.0001)),to(rgba(0,0,0,.5)));background-image:linear-gradient(to right,rgba(0,0,0,.0001) 0,rgba(0,0,0,.5) 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#00000000', endColorstr='#80000000', GradientType=1);background-repeat:repeat-x}.carousel-control:focus,.carousel-control:hover{color:#fff;text-decoration:none;filter:alpha(opacity=90);outline:0;opacity:.9}.carousel-control .glyphicon-chevron-left,.carousel-control .glyphicon-chevron-right,.carousel-control .icon-next,.carousel-control .icon-prev{position:absolute;top:50%;z-index:5;display:inline-block;margin-top:-10px}.carousel-control .glyphicon-chevron-left,.carousel-control .icon-prev{left:50%;margin-left:-10px}.carousel-control .glyphicon-chevron-right,.carousel-control .icon-next{right:50%;margin-right:-10px}.carousel-control .icon-next,.carousel-control .icon-prev{width:20px;height:20px;font-family:serif;line-height:1}.carousel-control .icon-prev:before{content:'\2039'}.carousel-control .icon-next:before{content:'\203a'}.carousel-indicators{position:absolute;bottom:10px;left:50%;z-index:15;width:60%;padding-left:0;margin-left:-30%;text-align:center;list-style:none}.carousel-indicators li{display:inline-block;width:10px;height:10px;margin:1px;text-indent:-999px;cursor:pointer;background-color:#000\9;background-color:rgba(0,0,0,0);border:1px solid #fff;border-radius:10px}.carousel-indicators .active{width:12px;height:12px;margin:0;background-color:#fff}.carousel-caption{position:absolute;right:15%;bottom:20px;left:15%;z-index:10;padding-top:20px;padding-bottom:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,.6)}.carousel-caption .btn{text-shadow:none}@media screen and (min-width:768px){.carousel-control .glyphicon-chevron-left,.carousel-control .glyphicon-chevron-right,.carousel-control .icon-next,.carousel-control .icon-prev{width:30px;height:30px;margin-top:-10px;font-size:30px}.carousel-control .glyphicon-chevron-left,.carousel-control .icon-prev{margin-left:-10px}.carousel-control .glyphicon-chevron-right,.carousel-control .icon-next{margin-right:-10px}.carousel-caption{right:20%;left:20%;padding-bottom:30px}.carousel-indicators{bottom:20px}}.btn-group-vertical>.btn-group:after,.btn-group-vertical>.btn-group:before,.btn-toolbar:after,.btn-toolbar:before,.clearfix:after,.clearfix:before,.container-fluid:after,.container-fluid:before,.container:after,.container:before,.dl-horizontal dd:after,.dl-horizontal dd:before,.form-horizontal .form-group:after,.form-horizontal .form-group:before,.modal-footer:after,.modal-footer:before,.modal-header:after,.modal-header:before,.nav:after,.nav:before,.navbar-collapse:after,.navbar-collapse:before,.navbar-header:after,.navbar-header:before,.navbar:after,.navbar:before,.pager:after,.pager:before,.panel-body:after,.panel-body:before,.row:after,.row:before{display:table;content:" "}.btn-group-vertical>.btn-group:after,.btn-toolbar:after,.clearfix:after,.container-fluid:after,.container:after,.dl-horizontal dd:after,.form-horizontal .form-group:after,.modal-footer:after,.modal-header:after,.nav:after,.navbar-collapse:after,.navbar-header:after,.navbar:after,.pager:after,.panel-body:after,.row:after{clear:both}.center-block{display:block;margin-right:auto;margin-left:auto}.pull-right{float:right!important}.pull-left{float:left!important}.hide{display:none!important}.show{display:block!important}.invisible{visibility:hidden}.text-hide{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.hidden{display:none!important}.affix{position:fixed}@-ms-viewport{width:device-width}.visible-lg,.visible-md,.visible-sm,.visible-xs{display:none!important}.visible-lg-block,.visible-lg-inline,.visible-lg-inline-block,.visible-md-block,.visible-md-inline,.visible-md-inline-block,.visible-sm-block,.visible-sm-inline,.visible-sm-inline-block,.visible-xs-block,.visible-xs-inline,.visible-xs-inline-block{display:none!important}@media (max-width:767px){.visible-xs{display:block!important}table.visible-xs{display:table!important}tr.visible-xs{display:table-row!important}td.visible-xs,th.visible-xs{display:table-cell!important}}@media (max-width:767px){.visible-xs-block{display:block!important}}@media (max-width:767px){.visible-xs-inline{display:inline!important}}@media (max-width:767px){.visible-xs-inline-block{display:inline-block!important}}@media (min-width:768px) and (max-width:991px){.visible-sm{display:block!important}table.visible-sm{display:table!important}tr.visible-sm{display:table-row!important}td.visible-sm,th.visible-sm{display:table-cell!important}}@media (min-width:768px) and (max-width:991px){.visible-sm-block{display:block!important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline{display:inline!important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline-block{display:inline-block!important}}@media (min-width:992px) and (max-width:1199px){.visible-md{display:block!important}table.visible-md{display:table!important}tr.visible-md{display:table-row!important}td.visible-md,th.visible-md{display:table-cell!important}}@media (min-width:992px) and (max-width:1199px){.visible-md-block{display:block!important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline{display:inline!important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline-block{display:inline-block!important}}@media (min-width:1200px){.visible-lg{display:block!important}table.visible-lg{display:table!important}tr.visible-lg{display:table-row!important}td.visible-lg,th.visible-lg{display:table-cell!important}}@media (min-width:1200px){.visible-lg-block{display:block!important}}@media (min-width:1200px){.visible-lg-inline{display:inline!important}}@media (min-width:1200px){.visible-lg-inline-block{display:inline-block!important}}@media (max-width:767px){.hidden-xs{display:none!important}}@media (min-width:768px) and (max-width:991px){.hidden-sm{display:none!important}}@media (min-width:992px) and (max-width:1199px){.hidden-md{display:none!important}}@media (min-width:1200px){.hidden-lg{display:none!important}}.visible-print{display:none!important}@media print{.visible-print{display:block!important}table.visible-print{display:table!important}tr.visible-print{display:table-row!important}td.visible-print,th.visible-print{display:table-cell!important}}.visible-print-block{display:none!important}@media print{.visible-print-block{display:block!important}}.visible-print-inline{display:none!important}@media print{.visible-print-inline{display:inline!important}}.visible-print-inline-block{display:none!important}@media print{.visible-print-inline-block{display:inline-block!important}}@media print{.hidden-print{display:none!important}} +/*# sourceMappingURL=bootstrap.min.css.map */ \ No newline at end of file diff --git a/casestudies-src/artificial_idp/static/fonts/glyphicons-halflings-regular.eot b/casestudies-src/artificial_idp/static/fonts/glyphicons-halflings-regular.eot new file mode 100644 index 0000000..b93a495 Binary files /dev/null and b/casestudies-src/artificial_idp/static/fonts/glyphicons-halflings-regular.eot differ diff --git a/casestudies-src/artificial_idp/static/fonts/glyphicons-halflings-regular.svg b/casestudies-src/artificial_idp/static/fonts/glyphicons-halflings-regular.svg new file mode 100644 index 0000000..94fb549 --- /dev/null +++ b/casestudies-src/artificial_idp/static/fonts/glyphicons-halflings-regular.svg @@ -0,0 +1,288 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/casestudies-src/artificial_idp/static/fonts/glyphicons-halflings-regular.ttf b/casestudies-src/artificial_idp/static/fonts/glyphicons-halflings-regular.ttf new file mode 100644 index 0000000..1413fc6 Binary files /dev/null and b/casestudies-src/artificial_idp/static/fonts/glyphicons-halflings-regular.ttf differ diff --git a/casestudies-src/artificial_idp/static/fonts/glyphicons-halflings-regular.woff b/casestudies-src/artificial_idp/static/fonts/glyphicons-halflings-regular.woff new file mode 100644 index 0000000..9e61285 Binary files /dev/null and b/casestudies-src/artificial_idp/static/fonts/glyphicons-halflings-regular.woff differ diff --git a/casestudies-src/artificial_idp/static/fonts/glyphicons-halflings-regular.woff2 b/casestudies-src/artificial_idp/static/fonts/glyphicons-halflings-regular.woff2 new file mode 100644 index 0000000..64539b5 Binary files /dev/null and b/casestudies-src/artificial_idp/static/fonts/glyphicons-halflings-regular.woff2 differ diff --git a/casestudies-src/artificial_idp/static/js/bootstrap.min.js b/casestudies-src/artificial_idp/static/js/bootstrap.min.js new file mode 100644 index 0000000..9bcd2fc --- /dev/null +++ b/casestudies-src/artificial_idp/static/js/bootstrap.min.js @@ -0,0 +1,7 @@ +/*! + * Bootstrap v3.3.7 (http://getbootstrap.com) + * Copyright 2011-2016 Twitter, Inc. + * Licensed under the MIT license + */ +if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");+function(a){"use strict";var b=a.fn.jquery.split(" ")[0].split(".");if(b[0]<2&&b[1]<9||1==b[0]&&9==b[1]&&b[2]<1||b[0]>3)throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4")}(jQuery),+function(a){"use strict";function b(){var a=document.createElement("bootstrap"),b={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var c in b)if(void 0!==a.style[c])return{end:b[c]};return!1}a.fn.emulateTransitionEnd=function(b){var c=!1,d=this;a(this).one("bsTransitionEnd",function(){c=!0});var e=function(){c||a(d).trigger(a.support.transition.end)};return setTimeout(e,b),this},a(function(){a.support.transition=b(),a.support.transition&&(a.event.special.bsTransitionEnd={bindType:a.support.transition.end,delegateType:a.support.transition.end,handle:function(b){if(a(b.target).is(this))return b.handleObj.handler.apply(this,arguments)}})})}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var c=a(this),e=c.data("bs.alert");e||c.data("bs.alert",e=new d(this)),"string"==typeof b&&e[b].call(c)})}var c='[data-dismiss="alert"]',d=function(b){a(b).on("click",c,this.close)};d.VERSION="3.3.7",d.TRANSITION_DURATION=150,d.prototype.close=function(b){function c(){g.detach().trigger("closed.bs.alert").remove()}var e=a(this),f=e.attr("data-target");f||(f=e.attr("href"),f=f&&f.replace(/.*(?=#[^\s]*$)/,""));var g=a("#"===f?[]:f);b&&b.preventDefault(),g.length||(g=e.closest(".alert")),g.trigger(b=a.Event("close.bs.alert")),b.isDefaultPrevented()||(g.removeClass("in"),a.support.transition&&g.hasClass("fade")?g.one("bsTransitionEnd",c).emulateTransitionEnd(d.TRANSITION_DURATION):c())};var e=a.fn.alert;a.fn.alert=b,a.fn.alert.Constructor=d,a.fn.alert.noConflict=function(){return a.fn.alert=e,this},a(document).on("click.bs.alert.data-api",c,d.prototype.close)}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.button"),f="object"==typeof b&&b;e||d.data("bs.button",e=new c(this,f)),"toggle"==b?e.toggle():b&&e.setState(b)})}var c=function(b,d){this.$element=a(b),this.options=a.extend({},c.DEFAULTS,d),this.isLoading=!1};c.VERSION="3.3.7",c.DEFAULTS={loadingText:"loading..."},c.prototype.setState=function(b){var c="disabled",d=this.$element,e=d.is("input")?"val":"html",f=d.data();b+="Text",null==f.resetText&&d.data("resetText",d[e]()),setTimeout(a.proxy(function(){d[e](null==f[b]?this.options[b]:f[b]),"loadingText"==b?(this.isLoading=!0,d.addClass(c).attr(c,c).prop(c,!0)):this.isLoading&&(this.isLoading=!1,d.removeClass(c).removeAttr(c).prop(c,!1))},this),0)},c.prototype.toggle=function(){var a=!0,b=this.$element.closest('[data-toggle="buttons"]');if(b.length){var c=this.$element.find("input");"radio"==c.prop("type")?(c.prop("checked")&&(a=!1),b.find(".active").removeClass("active"),this.$element.addClass("active")):"checkbox"==c.prop("type")&&(c.prop("checked")!==this.$element.hasClass("active")&&(a=!1),this.$element.toggleClass("active")),c.prop("checked",this.$element.hasClass("active")),a&&c.trigger("change")}else this.$element.attr("aria-pressed",!this.$element.hasClass("active")),this.$element.toggleClass("active")};var d=a.fn.button;a.fn.button=b,a.fn.button.Constructor=c,a.fn.button.noConflict=function(){return a.fn.button=d,this},a(document).on("click.bs.button.data-api",'[data-toggle^="button"]',function(c){var d=a(c.target).closest(".btn");b.call(d,"toggle"),a(c.target).is('input[type="radio"], input[type="checkbox"]')||(c.preventDefault(),d.is("input,button")?d.trigger("focus"):d.find("input:visible,button:visible").first().trigger("focus"))}).on("focus.bs.button.data-api blur.bs.button.data-api",'[data-toggle^="button"]',function(b){a(b.target).closest(".btn").toggleClass("focus",/^focus(in)?$/.test(b.type))})}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.carousel"),f=a.extend({},c.DEFAULTS,d.data(),"object"==typeof b&&b),g="string"==typeof b?b:f.slide;e||d.data("bs.carousel",e=new c(this,f)),"number"==typeof b?e.to(b):g?e[g]():f.interval&&e.pause().cycle()})}var c=function(b,c){this.$element=a(b),this.$indicators=this.$element.find(".carousel-indicators"),this.options=c,this.paused=null,this.sliding=null,this.interval=null,this.$active=null,this.$items=null,this.options.keyboard&&this.$element.on("keydown.bs.carousel",a.proxy(this.keydown,this)),"hover"==this.options.pause&&!("ontouchstart"in document.documentElement)&&this.$element.on("mouseenter.bs.carousel",a.proxy(this.pause,this)).on("mouseleave.bs.carousel",a.proxy(this.cycle,this))};c.VERSION="3.3.7",c.TRANSITION_DURATION=600,c.DEFAULTS={interval:5e3,pause:"hover",wrap:!0,keyboard:!0},c.prototype.keydown=function(a){if(!/input|textarea/i.test(a.target.tagName)){switch(a.which){case 37:this.prev();break;case 39:this.next();break;default:return}a.preventDefault()}},c.prototype.cycle=function(b){return b||(this.paused=!1),this.interval&&clearInterval(this.interval),this.options.interval&&!this.paused&&(this.interval=setInterval(a.proxy(this.next,this),this.options.interval)),this},c.prototype.getItemIndex=function(a){return this.$items=a.parent().children(".item"),this.$items.index(a||this.$active)},c.prototype.getItemForDirection=function(a,b){var c=this.getItemIndex(b),d="prev"==a&&0===c||"next"==a&&c==this.$items.length-1;if(d&&!this.options.wrap)return b;var e="prev"==a?-1:1,f=(c+e)%this.$items.length;return this.$items.eq(f)},c.prototype.to=function(a){var b=this,c=this.getItemIndex(this.$active=this.$element.find(".item.active"));if(!(a>this.$items.length-1||a<0))return this.sliding?this.$element.one("slid.bs.carousel",function(){b.to(a)}):c==a?this.pause().cycle():this.slide(a>c?"next":"prev",this.$items.eq(a))},c.prototype.pause=function(b){return b||(this.paused=!0),this.$element.find(".next, .prev").length&&a.support.transition&&(this.$element.trigger(a.support.transition.end),this.cycle(!0)),this.interval=clearInterval(this.interval),this},c.prototype.next=function(){if(!this.sliding)return this.slide("next")},c.prototype.prev=function(){if(!this.sliding)return this.slide("prev")},c.prototype.slide=function(b,d){var e=this.$element.find(".item.active"),f=d||this.getItemForDirection(b,e),g=this.interval,h="next"==b?"left":"right",i=this;if(f.hasClass("active"))return this.sliding=!1;var j=f[0],k=a.Event("slide.bs.carousel",{relatedTarget:j,direction:h});if(this.$element.trigger(k),!k.isDefaultPrevented()){if(this.sliding=!0,g&&this.pause(),this.$indicators.length){this.$indicators.find(".active").removeClass("active");var l=a(this.$indicators.children()[this.getItemIndex(f)]);l&&l.addClass("active")}var m=a.Event("slid.bs.carousel",{relatedTarget:j,direction:h});return a.support.transition&&this.$element.hasClass("slide")?(f.addClass(b),f[0].offsetWidth,e.addClass(h),f.addClass(h),e.one("bsTransitionEnd",function(){f.removeClass([b,h].join(" ")).addClass("active"),e.removeClass(["active",h].join(" ")),i.sliding=!1,setTimeout(function(){i.$element.trigger(m)},0)}).emulateTransitionEnd(c.TRANSITION_DURATION)):(e.removeClass("active"),f.addClass("active"),this.sliding=!1,this.$element.trigger(m)),g&&this.cycle(),this}};var d=a.fn.carousel;a.fn.carousel=b,a.fn.carousel.Constructor=c,a.fn.carousel.noConflict=function(){return a.fn.carousel=d,this};var e=function(c){var d,e=a(this),f=a(e.attr("data-target")||(d=e.attr("href"))&&d.replace(/.*(?=#[^\s]+$)/,""));if(f.hasClass("carousel")){var g=a.extend({},f.data(),e.data()),h=e.attr("data-slide-to");h&&(g.interval=!1),b.call(f,g),h&&f.data("bs.carousel").to(h),c.preventDefault()}};a(document).on("click.bs.carousel.data-api","[data-slide]",e).on("click.bs.carousel.data-api","[data-slide-to]",e),a(window).on("load",function(){a('[data-ride="carousel"]').each(function(){var c=a(this);b.call(c,c.data())})})}(jQuery),+function(a){"use strict";function b(b){var c,d=b.attr("data-target")||(c=b.attr("href"))&&c.replace(/.*(?=#[^\s]+$)/,"");return a(d)}function c(b){return this.each(function(){var c=a(this),e=c.data("bs.collapse"),f=a.extend({},d.DEFAULTS,c.data(),"object"==typeof b&&b);!e&&f.toggle&&/show|hide/.test(b)&&(f.toggle=!1),e||c.data("bs.collapse",e=new d(this,f)),"string"==typeof b&&e[b]()})}var d=function(b,c){this.$element=a(b),this.options=a.extend({},d.DEFAULTS,c),this.$trigger=a('[data-toggle="collapse"][href="#'+b.id+'"],[data-toggle="collapse"][data-target="#'+b.id+'"]'),this.transitioning=null,this.options.parent?this.$parent=this.getParent():this.addAriaAndCollapsedClass(this.$element,this.$trigger),this.options.toggle&&this.toggle()};d.VERSION="3.3.7",d.TRANSITION_DURATION=350,d.DEFAULTS={toggle:!0},d.prototype.dimension=function(){var a=this.$element.hasClass("width");return a?"width":"height"},d.prototype.show=function(){if(!this.transitioning&&!this.$element.hasClass("in")){var b,e=this.$parent&&this.$parent.children(".panel").children(".in, .collapsing");if(!(e&&e.length&&(b=e.data("bs.collapse"),b&&b.transitioning))){var f=a.Event("show.bs.collapse");if(this.$element.trigger(f),!f.isDefaultPrevented()){e&&e.length&&(c.call(e,"hide"),b||e.data("bs.collapse",null));var g=this.dimension();this.$element.removeClass("collapse").addClass("collapsing")[g](0).attr("aria-expanded",!0),this.$trigger.removeClass("collapsed").attr("aria-expanded",!0),this.transitioning=1;var h=function(){this.$element.removeClass("collapsing").addClass("collapse in")[g](""),this.transitioning=0,this.$element.trigger("shown.bs.collapse")};if(!a.support.transition)return h.call(this);var i=a.camelCase(["scroll",g].join("-"));this.$element.one("bsTransitionEnd",a.proxy(h,this)).emulateTransitionEnd(d.TRANSITION_DURATION)[g](this.$element[0][i])}}}},d.prototype.hide=function(){if(!this.transitioning&&this.$element.hasClass("in")){var b=a.Event("hide.bs.collapse");if(this.$element.trigger(b),!b.isDefaultPrevented()){var c=this.dimension();this.$element[c](this.$element[c]())[0].offsetHeight,this.$element.addClass("collapsing").removeClass("collapse in").attr("aria-expanded",!1),this.$trigger.addClass("collapsed").attr("aria-expanded",!1),this.transitioning=1;var e=function(){this.transitioning=0,this.$element.removeClass("collapsing").addClass("collapse").trigger("hidden.bs.collapse")};return a.support.transition?void this.$element[c](0).one("bsTransitionEnd",a.proxy(e,this)).emulateTransitionEnd(d.TRANSITION_DURATION):e.call(this)}}},d.prototype.toggle=function(){this[this.$element.hasClass("in")?"hide":"show"]()},d.prototype.getParent=function(){return a(this.options.parent).find('[data-toggle="collapse"][data-parent="'+this.options.parent+'"]').each(a.proxy(function(c,d){var e=a(d);this.addAriaAndCollapsedClass(b(e),e)},this)).end()},d.prototype.addAriaAndCollapsedClass=function(a,b){var c=a.hasClass("in");a.attr("aria-expanded",c),b.toggleClass("collapsed",!c).attr("aria-expanded",c)};var e=a.fn.collapse;a.fn.collapse=c,a.fn.collapse.Constructor=d,a.fn.collapse.noConflict=function(){return a.fn.collapse=e,this},a(document).on("click.bs.collapse.data-api",'[data-toggle="collapse"]',function(d){var e=a(this);e.attr("data-target")||d.preventDefault();var f=b(e),g=f.data("bs.collapse"),h=g?"toggle":e.data();c.call(f,h)})}(jQuery),+function(a){"use strict";function b(b){var c=b.attr("data-target");c||(c=b.attr("href"),c=c&&/#[A-Za-z]/.test(c)&&c.replace(/.*(?=#[^\s]*$)/,""));var d=c&&a(c);return d&&d.length?d:b.parent()}function c(c){c&&3===c.which||(a(e).remove(),a(f).each(function(){var d=a(this),e=b(d),f={relatedTarget:this};e.hasClass("open")&&(c&&"click"==c.type&&/input|textarea/i.test(c.target.tagName)&&a.contains(e[0],c.target)||(e.trigger(c=a.Event("hide.bs.dropdown",f)),c.isDefaultPrevented()||(d.attr("aria-expanded","false"),e.removeClass("open").trigger(a.Event("hidden.bs.dropdown",f)))))}))}function d(b){return this.each(function(){var c=a(this),d=c.data("bs.dropdown");d||c.data("bs.dropdown",d=new g(this)),"string"==typeof b&&d[b].call(c)})}var e=".dropdown-backdrop",f='[data-toggle="dropdown"]',g=function(b){a(b).on("click.bs.dropdown",this.toggle)};g.VERSION="3.3.7",g.prototype.toggle=function(d){var e=a(this);if(!e.is(".disabled, :disabled")){var f=b(e),g=f.hasClass("open");if(c(),!g){"ontouchstart"in document.documentElement&&!f.closest(".navbar-nav").length&&a(document.createElement("div")).addClass("dropdown-backdrop").insertAfter(a(this)).on("click",c);var h={relatedTarget:this};if(f.trigger(d=a.Event("show.bs.dropdown",h)),d.isDefaultPrevented())return;e.trigger("focus").attr("aria-expanded","true"),f.toggleClass("open").trigger(a.Event("shown.bs.dropdown",h))}return!1}},g.prototype.keydown=function(c){if(/(38|40|27|32)/.test(c.which)&&!/input|textarea/i.test(c.target.tagName)){var d=a(this);if(c.preventDefault(),c.stopPropagation(),!d.is(".disabled, :disabled")){var e=b(d),g=e.hasClass("open");if(!g&&27!=c.which||g&&27==c.which)return 27==c.which&&e.find(f).trigger("focus"),d.trigger("click");var h=" li:not(.disabled):visible a",i=e.find(".dropdown-menu"+h);if(i.length){var j=i.index(c.target);38==c.which&&j>0&&j--,40==c.which&&jdocument.documentElement.clientHeight;this.$element.css({paddingLeft:!this.bodyIsOverflowing&&a?this.scrollbarWidth:"",paddingRight:this.bodyIsOverflowing&&!a?this.scrollbarWidth:""})},c.prototype.resetAdjustments=function(){this.$element.css({paddingLeft:"",paddingRight:""})},c.prototype.checkScrollbar=function(){var a=window.innerWidth;if(!a){var b=document.documentElement.getBoundingClientRect();a=b.right-Math.abs(b.left)}this.bodyIsOverflowing=document.body.clientWidth
',trigger:"hover focus",title:"",delay:0,html:!1,container:!1,viewport:{selector:"body",padding:0}},c.prototype.init=function(b,c,d){if(this.enabled=!0,this.type=b,this.$element=a(c),this.options=this.getOptions(d),this.$viewport=this.options.viewport&&a(a.isFunction(this.options.viewport)?this.options.viewport.call(this,this.$element):this.options.viewport.selector||this.options.viewport),this.inState={click:!1,hover:!1,focus:!1},this.$element[0]instanceof document.constructor&&!this.options.selector)throw new Error("`selector` option must be specified when initializing "+this.type+" on the window.document object!");for(var e=this.options.trigger.split(" "),f=e.length;f--;){var g=e[f];if("click"==g)this.$element.on("click."+this.type,this.options.selector,a.proxy(this.toggle,this));else if("manual"!=g){var h="hover"==g?"mouseenter":"focusin",i="hover"==g?"mouseleave":"focusout";this.$element.on(h+"."+this.type,this.options.selector,a.proxy(this.enter,this)),this.$element.on(i+"."+this.type,this.options.selector,a.proxy(this.leave,this))}}this.options.selector?this._options=a.extend({},this.options,{trigger:"manual",selector:""}):this.fixTitle()},c.prototype.getDefaults=function(){return c.DEFAULTS},c.prototype.getOptions=function(b){return b=a.extend({},this.getDefaults(),this.$element.data(),b),b.delay&&"number"==typeof b.delay&&(b.delay={show:b.delay,hide:b.delay}),b},c.prototype.getDelegateOptions=function(){var b={},c=this.getDefaults();return this._options&&a.each(this._options,function(a,d){c[a]!=d&&(b[a]=d)}),b},c.prototype.enter=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget).data("bs."+this.type);return c||(c=new this.constructor(b.currentTarget,this.getDelegateOptions()),a(b.currentTarget).data("bs."+this.type,c)),b instanceof a.Event&&(c.inState["focusin"==b.type?"focus":"hover"]=!0),c.tip().hasClass("in")||"in"==c.hoverState?void(c.hoverState="in"):(clearTimeout(c.timeout),c.hoverState="in",c.options.delay&&c.options.delay.show?void(c.timeout=setTimeout(function(){"in"==c.hoverState&&c.show()},c.options.delay.show)):c.show())},c.prototype.isInStateTrue=function(){for(var a in this.inState)if(this.inState[a])return!0;return!1},c.prototype.leave=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget).data("bs."+this.type);if(c||(c=new this.constructor(b.currentTarget,this.getDelegateOptions()),a(b.currentTarget).data("bs."+this.type,c)),b instanceof a.Event&&(c.inState["focusout"==b.type?"focus":"hover"]=!1),!c.isInStateTrue())return clearTimeout(c.timeout),c.hoverState="out",c.options.delay&&c.options.delay.hide?void(c.timeout=setTimeout(function(){"out"==c.hoverState&&c.hide()},c.options.delay.hide)):c.hide()},c.prototype.show=function(){var b=a.Event("show.bs."+this.type);if(this.hasContent()&&this.enabled){this.$element.trigger(b);var d=a.contains(this.$element[0].ownerDocument.documentElement,this.$element[0]);if(b.isDefaultPrevented()||!d)return;var e=this,f=this.tip(),g=this.getUID(this.type);this.setContent(),f.attr("id",g),this.$element.attr("aria-describedby",g),this.options.animation&&f.addClass("fade");var h="function"==typeof this.options.placement?this.options.placement.call(this,f[0],this.$element[0]):this.options.placement,i=/\s?auto?\s?/i,j=i.test(h);j&&(h=h.replace(i,"")||"top"),f.detach().css({top:0,left:0,display:"block"}).addClass(h).data("bs."+this.type,this),this.options.container?f.appendTo(this.options.container):f.insertAfter(this.$element),this.$element.trigger("inserted.bs."+this.type);var k=this.getPosition(),l=f[0].offsetWidth,m=f[0].offsetHeight;if(j){var n=h,o=this.getPosition(this.$viewport);h="bottom"==h&&k.bottom+m>o.bottom?"top":"top"==h&&k.top-mo.width?"left":"left"==h&&k.left-lg.top+g.height&&(e.top=g.top+g.height-i)}else{var j=b.left-f,k=b.left+f+c;jg.right&&(e.left=g.left+g.width-k)}return e},c.prototype.getTitle=function(){var a,b=this.$element,c=this.options;return a=b.attr("data-original-title")||("function"==typeof c.title?c.title.call(b[0]):c.title)},c.prototype.getUID=function(a){do a+=~~(1e6*Math.random());while(document.getElementById(a));return a},c.prototype.tip=function(){if(!this.$tip&&(this.$tip=a(this.options.template),1!=this.$tip.length))throw new Error(this.type+" `template` option must consist of exactly 1 top-level element!");return this.$tip},c.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".tooltip-arrow")},c.prototype.enable=function(){this.enabled=!0},c.prototype.disable=function(){this.enabled=!1},c.prototype.toggleEnabled=function(){this.enabled=!this.enabled},c.prototype.toggle=function(b){var c=this;b&&(c=a(b.currentTarget).data("bs."+this.type),c||(c=new this.constructor(b.currentTarget,this.getDelegateOptions()),a(b.currentTarget).data("bs."+this.type,c))),b?(c.inState.click=!c.inState.click,c.isInStateTrue()?c.enter(c):c.leave(c)):c.tip().hasClass("in")?c.leave(c):c.enter(c)},c.prototype.destroy=function(){var a=this;clearTimeout(this.timeout),this.hide(function(){a.$element.off("."+a.type).removeData("bs."+a.type),a.$tip&&a.$tip.detach(),a.$tip=null,a.$arrow=null,a.$viewport=null,a.$element=null})};var d=a.fn.tooltip;a.fn.tooltip=b,a.fn.tooltip.Constructor=c,a.fn.tooltip.noConflict=function(){return a.fn.tooltip=d,this}}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.popover"),f="object"==typeof b&&b;!e&&/destroy|hide/.test(b)||(e||d.data("bs.popover",e=new c(this,f)),"string"==typeof b&&e[b]())})}var c=function(a,b){this.init("popover",a,b)};if(!a.fn.tooltip)throw new Error("Popover requires tooltip.js");c.VERSION="3.3.7",c.DEFAULTS=a.extend({},a.fn.tooltip.Constructor.DEFAULTS,{placement:"right",trigger:"click",content:"",template:''}),c.prototype=a.extend({},a.fn.tooltip.Constructor.prototype),c.prototype.constructor=c,c.prototype.getDefaults=function(){return c.DEFAULTS},c.prototype.setContent=function(){var a=this.tip(),b=this.getTitle(),c=this.getContent();a.find(".popover-title")[this.options.html?"html":"text"](b),a.find(".popover-content").children().detach().end()[this.options.html?"string"==typeof c?"html":"append":"text"](c),a.removeClass("fade top bottom left right in"),a.find(".popover-title").html()||a.find(".popover-title").hide()},c.prototype.hasContent=function(){return this.getTitle()||this.getContent()},c.prototype.getContent=function(){var a=this.$element,b=this.options;return a.attr("data-content")||("function"==typeof b.content?b.content.call(a[0]):b.content)},c.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".arrow")};var d=a.fn.popover;a.fn.popover=b,a.fn.popover.Constructor=c,a.fn.popover.noConflict=function(){return a.fn.popover=d,this}}(jQuery),+function(a){"use strict";function b(c,d){this.$body=a(document.body),this.$scrollElement=a(a(c).is(document.body)?window:c),this.options=a.extend({},b.DEFAULTS,d),this.selector=(this.options.target||"")+" .nav li > a",this.offsets=[],this.targets=[],this.activeTarget=null,this.scrollHeight=0,this.$scrollElement.on("scroll.bs.scrollspy",a.proxy(this.process,this)),this.refresh(),this.process()}function c(c){return this.each(function(){var d=a(this),e=d.data("bs.scrollspy"),f="object"==typeof c&&c;e||d.data("bs.scrollspy",e=new b(this,f)),"string"==typeof c&&e[c]()})}b.VERSION="3.3.7",b.DEFAULTS={offset:10},b.prototype.getScrollHeight=function(){return this.$scrollElement[0].scrollHeight||Math.max(this.$body[0].scrollHeight,document.documentElement.scrollHeight)},b.prototype.refresh=function(){var b=this,c="offset",d=0;this.offsets=[],this.targets=[],this.scrollHeight=this.getScrollHeight(),a.isWindow(this.$scrollElement[0])||(c="position",d=this.$scrollElement.scrollTop()),this.$body.find(this.selector).map(function(){var b=a(this),e=b.data("target")||b.attr("href"),f=/^#./.test(e)&&a(e);return f&&f.length&&f.is(":visible")&&[[f[c]().top+d,e]]||null}).sort(function(a,b){return a[0]-b[0]}).each(function(){b.offsets.push(this[0]),b.targets.push(this[1])})},b.prototype.process=function(){var a,b=this.$scrollElement.scrollTop()+this.options.offset,c=this.getScrollHeight(),d=this.options.offset+c-this.$scrollElement.height(),e=this.offsets,f=this.targets,g=this.activeTarget;if(this.scrollHeight!=c&&this.refresh(),b>=d)return g!=(a=f[f.length-1])&&this.activate(a);if(g&&b=e[a]&&(void 0===e[a+1]||b .dropdown-menu > .active").removeClass("active").end().find('[data-toggle="tab"]').attr("aria-expanded",!1),b.addClass("active").find('[data-toggle="tab"]').attr("aria-expanded",!0),h?(b[0].offsetWidth,b.addClass("in")):b.removeClass("fade"),b.parent(".dropdown-menu").length&&b.closest("li.dropdown").addClass("active").end().find('[data-toggle="tab"]').attr("aria-expanded",!0),e&&e()}var g=d.find("> .active"),h=e&&a.support.transition&&(g.length&&g.hasClass("fade")||!!d.find("> .fade").length);g.length&&h?g.one("bsTransitionEnd",f).emulateTransitionEnd(c.TRANSITION_DURATION):f(),g.removeClass("in")};var d=a.fn.tab;a.fn.tab=b,a.fn.tab.Constructor=c,a.fn.tab.noConflict=function(){return a.fn.tab=d,this};var e=function(c){c.preventDefault(),b.call(a(this),"show")};a(document).on("click.bs.tab.data-api",'[data-toggle="tab"]',e).on("click.bs.tab.data-api",'[data-toggle="pill"]',e)}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.affix"),f="object"==typeof b&&b;e||d.data("bs.affix",e=new c(this,f)),"string"==typeof b&&e[b]()})}var c=function(b,d){this.options=a.extend({},c.DEFAULTS,d),this.$target=a(this.options.target).on("scroll.bs.affix.data-api",a.proxy(this.checkPosition,this)).on("click.bs.affix.data-api",a.proxy(this.checkPositionWithEventLoop,this)),this.$element=a(b),this.affixed=null,this.unpin=null,this.pinnedOffset=null,this.checkPosition()};c.VERSION="3.3.7",c.RESET="affix affix-top affix-bottom",c.DEFAULTS={offset:0,target:window},c.prototype.getState=function(a,b,c,d){var e=this.$target.scrollTop(),f=this.$element.offset(),g=this.$target.height();if(null!=c&&"top"==this.affixed)return e=a-d&&"bottom"},c.prototype.getPinnedOffset=function(){if(this.pinnedOffset)return this.pinnedOffset;this.$element.removeClass(c.RESET).addClass("affix");var a=this.$target.scrollTop(),b=this.$element.offset();return this.pinnedOffset=b.top-a},c.prototype.checkPositionWithEventLoop=function(){setTimeout(a.proxy(this.checkPosition,this),1)},c.prototype.checkPosition=function(){if(this.$element.is(":visible")){var b=this.$element.height(),d=this.options.offset,e=d.top,f=d.bottom,g=Math.max(a(document).height(),a(document.body).height());"object"!=typeof d&&(f=e=d),"function"==typeof e&&(e=d.top(this.$element)),"function"==typeof f&&(f=d.bottom(this.$element));var h=this.getState(g,b,e,f);if(this.affixed!=h){null!=this.unpin&&this.$element.css("top","");var i="affix"+(h?"-"+h:""),j=a.Event(i+".bs.affix");if(this.$element.trigger(j),j.isDefaultPrevented())return;this.affixed=h,this.unpin="bottom"==h?this.getPinnedOffset():null,this.$element.removeClass(c.RESET).addClass(i).trigger(i.replace("affix","affixed")+".bs.affix")}"bottom"==h&&this.$element.offset({top:g-b-f})}};var d=a.fn.affix;a.fn.affix=b,a.fn.affix.Constructor=c,a.fn.affix.noConflict=function(){return a.fn.affix=d,this},a(window).on("load",function(){a('[data-spy="affix"]').each(function(){var c=a(this),d=c.data();d.offset=d.offset||{},null!=d.offsetBottom&&(d.offset.bottom=d.offsetBottom),null!=d.offsetTop&&(d.offset.top=d.offsetTop),b.call(c,d)})})}(jQuery); \ No newline at end of file diff --git a/casestudies-src/artificial_idp/static/js/jquery-2.0.3.min.js b/casestudies-src/artificial_idp/static/js/jquery-2.0.3.min.js new file mode 100644 index 0000000..2be209d --- /dev/null +++ b/casestudies-src/artificial_idp/static/js/jquery-2.0.3.min.js @@ -0,0 +1,6 @@ +/*! jQuery v2.0.3 | (c) 2005, 2013 jQuery Foundation, Inc. | jquery.org/license +//@ sourceMappingURL=jquery-2.0.3.min.map +*/ +(function(e,undefined){var t,n,r=typeof undefined,i=e.location,o=e.document,s=o.documentElement,a=e.jQuery,u=e.$,l={},c=[],p="2.0.3",f=c.concat,h=c.push,d=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,x=function(e,n){return new x.fn.init(e,n,t)},b=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,w=/\S+/g,T=/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]*))$/,C=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,k=/^-ms-/,N=/-([\da-z])/gi,E=function(e,t){return t.toUpperCase()},S=function(){o.removeEventListener("DOMContentLoaded",S,!1),e.removeEventListener("load",S,!1),x.ready()};x.fn=x.prototype={jquery:p,constructor:x,init:function(e,t,n){var r,i;if(!e)return this;if("string"==typeof e){if(r="<"===e.charAt(0)&&">"===e.charAt(e.length-1)&&e.length>=3?[null,e,null]:T.exec(e),!r||!r[1]&&t)return!t||t.jquery?(t||n).find(e):this.constructor(t).find(e);if(r[1]){if(t=t instanceof x?t[0]:t,x.merge(this,x.parseHTML(r[1],t&&t.nodeType?t.ownerDocument||t:o,!0)),C.test(r[1])&&x.isPlainObject(t))for(r in t)x.isFunction(this[r])?this[r](t[r]):this.attr(r,t[r]);return this}return i=o.getElementById(r[2]),i&&i.parentNode&&(this.length=1,this[0]=i),this.context=o,this.selector=e,this}return e.nodeType?(this.context=this[0]=e,this.length=1,this):x.isFunction(e)?n.ready(e):(e.selector!==undefined&&(this.selector=e.selector,this.context=e.context),x.makeArray(e,this))},selector:"",length:0,toArray:function(){return d.call(this)},get:function(e){return null==e?this.toArray():0>e?this[this.length+e]:this[e]},pushStack:function(e){var t=x.merge(this.constructor(),e);return t.prevObject=this,t.context=this.context,t},each:function(e,t){return x.each(this,e,t)},ready:function(e){return x.ready.promise().done(e),this},slice:function(){return this.pushStack(d.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(e){var t=this.length,n=+e+(0>e?t:0);return this.pushStack(n>=0&&t>n?[this[n]]:[])},map:function(e){return this.pushStack(x.map(this,function(t,n){return e.call(t,n,t)}))},end:function(){return this.prevObject||this.constructor(null)},push:h,sort:[].sort,splice:[].splice},x.fn.init.prototype=x.fn,x.extend=x.fn.extend=function(){var e,t,n,r,i,o,s=arguments[0]||{},a=1,u=arguments.length,l=!1;for("boolean"==typeof s&&(l=s,s=arguments[1]||{},a=2),"object"==typeof s||x.isFunction(s)||(s={}),u===a&&(s=this,--a);u>a;a++)if(null!=(e=arguments[a]))for(t in e)n=s[t],r=e[t],s!==r&&(l&&r&&(x.isPlainObject(r)||(i=x.isArray(r)))?(i?(i=!1,o=n&&x.isArray(n)?n:[]):o=n&&x.isPlainObject(n)?n:{},s[t]=x.extend(l,o,r)):r!==undefined&&(s[t]=r));return s},x.extend({expando:"jQuery"+(p+Math.random()).replace(/\D/g,""),noConflict:function(t){return e.$===x&&(e.$=u),t&&e.jQuery===x&&(e.jQuery=a),x},isReady:!1,readyWait:1,holdReady:function(e){e?x.readyWait++:x.ready(!0)},ready:function(e){(e===!0?--x.readyWait:x.isReady)||(x.isReady=!0,e!==!0&&--x.readyWait>0||(n.resolveWith(o,[x]),x.fn.trigger&&x(o).trigger("ready").off("ready")))},isFunction:function(e){return"function"===x.type(e)},isArray:Array.isArray,isWindow:function(e){return null!=e&&e===e.window},isNumeric:function(e){return!isNaN(parseFloat(e))&&isFinite(e)},type:function(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?l[m.call(e)]||"object":typeof e},isPlainObject:function(e){if("object"!==x.type(e)||e.nodeType||x.isWindow(e))return!1;try{if(e.constructor&&!y.call(e.constructor.prototype,"isPrototypeOf"))return!1}catch(t){return!1}return!0},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},error:function(e){throw Error(e)},parseHTML:function(e,t,n){if(!e||"string"!=typeof e)return null;"boolean"==typeof t&&(n=t,t=!1),t=t||o;var r=C.exec(e),i=!n&&[];return r?[t.createElement(r[1])]:(r=x.buildFragment([e],t,i),i&&x(i).remove(),x.merge([],r.childNodes))},parseJSON:JSON.parse,parseXML:function(e){var t,n;if(!e||"string"!=typeof e)return null;try{n=new DOMParser,t=n.parseFromString(e,"text/xml")}catch(r){t=undefined}return(!t||t.getElementsByTagName("parsererror").length)&&x.error("Invalid XML: "+e),t},noop:function(){},globalEval:function(e){var t,n=eval;e=x.trim(e),e&&(1===e.indexOf("use strict")?(t=o.createElement("script"),t.text=e,o.head.appendChild(t).parentNode.removeChild(t)):n(e))},camelCase:function(e){return e.replace(k,"ms-").replace(N,E)},nodeName:function(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()},each:function(e,t,n){var r,i=0,o=e.length,s=j(e);if(n){if(s){for(;o>i;i++)if(r=t.apply(e[i],n),r===!1)break}else for(i in e)if(r=t.apply(e[i],n),r===!1)break}else if(s){for(;o>i;i++)if(r=t.call(e[i],i,e[i]),r===!1)break}else for(i in e)if(r=t.call(e[i],i,e[i]),r===!1)break;return e},trim:function(e){return null==e?"":v.call(e)},makeArray:function(e,t){var n=t||[];return null!=e&&(j(Object(e))?x.merge(n,"string"==typeof e?[e]:e):h.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:g.call(t,e,n)},merge:function(e,t){var n=t.length,r=e.length,i=0;if("number"==typeof n)for(;n>i;i++)e[r++]=t[i];else while(t[i]!==undefined)e[r++]=t[i++];return e.length=r,e},grep:function(e,t,n){var r,i=[],o=0,s=e.length;for(n=!!n;s>o;o++)r=!!t(e[o],o),n!==r&&i.push(e[o]);return i},map:function(e,t,n){var r,i=0,o=e.length,s=j(e),a=[];if(s)for(;o>i;i++)r=t(e[i],i,n),null!=r&&(a[a.length]=r);else for(i in e)r=t(e[i],i,n),null!=r&&(a[a.length]=r);return f.apply([],a)},guid:1,proxy:function(e,t){var n,r,i;return"string"==typeof t&&(n=e[t],t=e,e=n),x.isFunction(e)?(r=d.call(arguments,2),i=function(){return e.apply(t||this,r.concat(d.call(arguments)))},i.guid=e.guid=e.guid||x.guid++,i):undefined},access:function(e,t,n,r,i,o,s){var a=0,u=e.length,l=null==n;if("object"===x.type(n)){i=!0;for(a in n)x.access(e,t,a,n[a],!0,o,s)}else if(r!==undefined&&(i=!0,x.isFunction(r)||(s=!0),l&&(s?(t.call(e,r),t=null):(l=t,t=function(e,t,n){return l.call(x(e),n)})),t))for(;u>a;a++)t(e[a],n,s?r:r.call(e[a],a,t(e[a],n)));return i?e:l?t.call(e):u?t(e[0],n):o},now:Date.now,swap:function(e,t,n,r){var i,o,s={};for(o in t)s[o]=e.style[o],e.style[o]=t[o];i=n.apply(e,r||[]);for(o in t)e.style[o]=s[o];return i}}),x.ready.promise=function(t){return n||(n=x.Deferred(),"complete"===o.readyState?setTimeout(x.ready):(o.addEventListener("DOMContentLoaded",S,!1),e.addEventListener("load",S,!1))),n.promise(t)},x.each("Boolean Number String Function Array Date RegExp Object Error".split(" "),function(e,t){l["[object "+t+"]"]=t.toLowerCase()});function j(e){var t=e.length,n=x.type(e);return x.isWindow(e)?!1:1===e.nodeType&&t?!0:"array"===n||"function"!==n&&(0===t||"number"==typeof t&&t>0&&t-1 in e)}t=x(o),function(e,undefined){var t,n,r,i,o,s,a,u,l,c,p,f,h,d,g,m,y,v="sizzle"+-new Date,b=e.document,w=0,T=0,C=st(),k=st(),N=st(),E=!1,S=function(e,t){return e===t?(E=!0,0):0},j=typeof undefined,D=1<<31,A={}.hasOwnProperty,L=[],q=L.pop,H=L.push,O=L.push,F=L.slice,P=L.indexOf||function(e){var t=0,n=this.length;for(;n>t;t++)if(this[t]===e)return t;return-1},R="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",M="[\\x20\\t\\r\\n\\f]",W="(?:\\\\.|[\\w-]|[^\\x00-\\xa0])+",$=W.replace("w","w#"),B="\\["+M+"*("+W+")"+M+"*(?:([*^$|!~]?=)"+M+"*(?:(['\"])((?:\\\\.|[^\\\\])*?)\\3|("+$+")|)|)"+M+"*\\]",I=":("+W+")(?:\\(((['\"])((?:\\\\.|[^\\\\])*?)\\3|((?:\\\\.|[^\\\\()[\\]]|"+B.replace(3,8)+")*)|.*)\\)|)",z=RegExp("^"+M+"+|((?:^|[^\\\\])(?:\\\\.)*)"+M+"+$","g"),_=RegExp("^"+M+"*,"+M+"*"),X=RegExp("^"+M+"*([>+~]|"+M+")"+M+"*"),U=RegExp(M+"*[+~]"),Y=RegExp("="+M+"*([^\\]'\"]*)"+M+"*\\]","g"),V=RegExp(I),G=RegExp("^"+$+"$"),J={ID:RegExp("^#("+W+")"),CLASS:RegExp("^\\.("+W+")"),TAG:RegExp("^("+W.replace("w","w*")+")"),ATTR:RegExp("^"+B),PSEUDO:RegExp("^"+I),CHILD:RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+M+"*(even|odd|(([+-]|)(\\d*)n|)"+M+"*(?:([+-]|)"+M+"*(\\d+)|))"+M+"*\\)|)","i"),bool:RegExp("^(?:"+R+")$","i"),needsContext:RegExp("^"+M+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+M+"*((?:-\\d)?\\d*)"+M+"*\\)|)(?=[^-]|$)","i")},Q=/^[^{]+\{\s*\[native \w/,K=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,Z=/^(?:input|select|textarea|button)$/i,et=/^h\d$/i,tt=/'|\\/g,nt=RegExp("\\\\([\\da-f]{1,6}"+M+"?|("+M+")|.)","ig"),rt=function(e,t,n){var r="0x"+t-65536;return r!==r||n?t:0>r?String.fromCharCode(r+65536):String.fromCharCode(55296|r>>10,56320|1023&r)};try{O.apply(L=F.call(b.childNodes),b.childNodes),L[b.childNodes.length].nodeType}catch(it){O={apply:L.length?function(e,t){H.apply(e,F.call(t))}:function(e,t){var n=e.length,r=0;while(e[n++]=t[r++]);e.length=n-1}}}function ot(e,t,r,i){var o,s,a,u,l,f,g,m,x,w;if((t?t.ownerDocument||t:b)!==p&&c(t),t=t||p,r=r||[],!e||"string"!=typeof e)return r;if(1!==(u=t.nodeType)&&9!==u)return[];if(h&&!i){if(o=K.exec(e))if(a=o[1]){if(9===u){if(s=t.getElementById(a),!s||!s.parentNode)return r;if(s.id===a)return r.push(s),r}else if(t.ownerDocument&&(s=t.ownerDocument.getElementById(a))&&y(t,s)&&s.id===a)return r.push(s),r}else{if(o[2])return O.apply(r,t.getElementsByTagName(e)),r;if((a=o[3])&&n.getElementsByClassName&&t.getElementsByClassName)return O.apply(r,t.getElementsByClassName(a)),r}if(n.qsa&&(!d||!d.test(e))){if(m=g=v,x=t,w=9===u&&e,1===u&&"object"!==t.nodeName.toLowerCase()){f=gt(e),(g=t.getAttribute("id"))?m=g.replace(tt,"\\$&"):t.setAttribute("id",m),m="[id='"+m+"'] ",l=f.length;while(l--)f[l]=m+mt(f[l]);x=U.test(e)&&t.parentNode||t,w=f.join(",")}if(w)try{return O.apply(r,x.querySelectorAll(w)),r}catch(T){}finally{g||t.removeAttribute("id")}}}return kt(e.replace(z,"$1"),t,r,i)}function st(){var e=[];function t(n,r){return e.push(n+=" ")>i.cacheLength&&delete t[e.shift()],t[n]=r}return t}function at(e){return e[v]=!0,e}function ut(e){var t=p.createElement("div");try{return!!e(t)}catch(n){return!1}finally{t.parentNode&&t.parentNode.removeChild(t),t=null}}function lt(e,t){var n=e.split("|"),r=e.length;while(r--)i.attrHandle[n[r]]=t}function ct(e,t){var n=t&&e,r=n&&1===e.nodeType&&1===t.nodeType&&(~t.sourceIndex||D)-(~e.sourceIndex||D);if(r)return r;if(n)while(n=n.nextSibling)if(n===t)return-1;return e?1:-1}function pt(e){return function(t){var n=t.nodeName.toLowerCase();return"input"===n&&t.type===e}}function ft(e){return function(t){var n=t.nodeName.toLowerCase();return("input"===n||"button"===n)&&t.type===e}}function ht(e){return at(function(t){return t=+t,at(function(n,r){var i,o=e([],n.length,t),s=o.length;while(s--)n[i=o[s]]&&(n[i]=!(r[i]=n[i]))})})}s=ot.isXML=function(e){var t=e&&(e.ownerDocument||e).documentElement;return t?"HTML"!==t.nodeName:!1},n=ot.support={},c=ot.setDocument=function(e){var t=e?e.ownerDocument||e:b,r=t.defaultView;return t!==p&&9===t.nodeType&&t.documentElement?(p=t,f=t.documentElement,h=!s(t),r&&r.attachEvent&&r!==r.top&&r.attachEvent("onbeforeunload",function(){c()}),n.attributes=ut(function(e){return e.className="i",!e.getAttribute("className")}),n.getElementsByTagName=ut(function(e){return e.appendChild(t.createComment("")),!e.getElementsByTagName("*").length}),n.getElementsByClassName=ut(function(e){return e.innerHTML="
",e.firstChild.className="i",2===e.getElementsByClassName("i").length}),n.getById=ut(function(e){return f.appendChild(e).id=v,!t.getElementsByName||!t.getElementsByName(v).length}),n.getById?(i.find.ID=function(e,t){if(typeof t.getElementById!==j&&h){var n=t.getElementById(e);return n&&n.parentNode?[n]:[]}},i.filter.ID=function(e){var t=e.replace(nt,rt);return function(e){return e.getAttribute("id")===t}}):(delete i.find.ID,i.filter.ID=function(e){var t=e.replace(nt,rt);return function(e){var n=typeof e.getAttributeNode!==j&&e.getAttributeNode("id");return n&&n.value===t}}),i.find.TAG=n.getElementsByTagName?function(e,t){return typeof t.getElementsByTagName!==j?t.getElementsByTagName(e):undefined}:function(e,t){var n,r=[],i=0,o=t.getElementsByTagName(e);if("*"===e){while(n=o[i++])1===n.nodeType&&r.push(n);return r}return o},i.find.CLASS=n.getElementsByClassName&&function(e,t){return typeof t.getElementsByClassName!==j&&h?t.getElementsByClassName(e):undefined},g=[],d=[],(n.qsa=Q.test(t.querySelectorAll))&&(ut(function(e){e.innerHTML="",e.querySelectorAll("[selected]").length||d.push("\\["+M+"*(?:value|"+R+")"),e.querySelectorAll(":checked").length||d.push(":checked")}),ut(function(e){var n=t.createElement("input");n.setAttribute("type","hidden"),e.appendChild(n).setAttribute("t",""),e.querySelectorAll("[t^='']").length&&d.push("[*^$]="+M+"*(?:''|\"\")"),e.querySelectorAll(":enabled").length||d.push(":enabled",":disabled"),e.querySelectorAll("*,:x"),d.push(",.*:")})),(n.matchesSelector=Q.test(m=f.webkitMatchesSelector||f.mozMatchesSelector||f.oMatchesSelector||f.msMatchesSelector))&&ut(function(e){n.disconnectedMatch=m.call(e,"div"),m.call(e,"[s!='']:x"),g.push("!=",I)}),d=d.length&&RegExp(d.join("|")),g=g.length&&RegExp(g.join("|")),y=Q.test(f.contains)||f.compareDocumentPosition?function(e,t){var n=9===e.nodeType?e.documentElement:e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},S=f.compareDocumentPosition?function(e,r){if(e===r)return E=!0,0;var i=r.compareDocumentPosition&&e.compareDocumentPosition&&e.compareDocumentPosition(r);return i?1&i||!n.sortDetached&&r.compareDocumentPosition(e)===i?e===t||y(b,e)?-1:r===t||y(b,r)?1:l?P.call(l,e)-P.call(l,r):0:4&i?-1:1:e.compareDocumentPosition?-1:1}:function(e,n){var r,i=0,o=e.parentNode,s=n.parentNode,a=[e],u=[n];if(e===n)return E=!0,0;if(!o||!s)return e===t?-1:n===t?1:o?-1:s?1:l?P.call(l,e)-P.call(l,n):0;if(o===s)return ct(e,n);r=e;while(r=r.parentNode)a.unshift(r);r=n;while(r=r.parentNode)u.unshift(r);while(a[i]===u[i])i++;return i?ct(a[i],u[i]):a[i]===b?-1:u[i]===b?1:0},t):p},ot.matches=function(e,t){return ot(e,null,null,t)},ot.matchesSelector=function(e,t){if((e.ownerDocument||e)!==p&&c(e),t=t.replace(Y,"='$1']"),!(!n.matchesSelector||!h||g&&g.test(t)||d&&d.test(t)))try{var r=m.call(e,t);if(r||n.disconnectedMatch||e.document&&11!==e.document.nodeType)return r}catch(i){}return ot(t,p,null,[e]).length>0},ot.contains=function(e,t){return(e.ownerDocument||e)!==p&&c(e),y(e,t)},ot.attr=function(e,t){(e.ownerDocument||e)!==p&&c(e);var r=i.attrHandle[t.toLowerCase()],o=r&&A.call(i.attrHandle,t.toLowerCase())?r(e,t,!h):undefined;return o===undefined?n.attributes||!h?e.getAttribute(t):(o=e.getAttributeNode(t))&&o.specified?o.value:null:o},ot.error=function(e){throw Error("Syntax error, unrecognized expression: "+e)},ot.uniqueSort=function(e){var t,r=[],i=0,o=0;if(E=!n.detectDuplicates,l=!n.sortStable&&e.slice(0),e.sort(S),E){while(t=e[o++])t===e[o]&&(i=r.push(o));while(i--)e.splice(r[i],1)}return e},o=ot.getText=function(e){var t,n="",r=0,i=e.nodeType;if(i){if(1===i||9===i||11===i){if("string"==typeof e.textContent)return e.textContent;for(e=e.firstChild;e;e=e.nextSibling)n+=o(e)}else if(3===i||4===i)return e.nodeValue}else for(;t=e[r];r++)n+=o(t);return n},i=ot.selectors={cacheLength:50,createPseudo:at,match:J,attrHandle:{},find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace(nt,rt),e[3]=(e[4]||e[5]||"").replace(nt,rt),"~="===e[2]&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),"nth"===e[1].slice(0,3)?(e[3]||ot.error(e[0]),e[4]=+(e[4]?e[5]+(e[6]||1):2*("even"===e[3]||"odd"===e[3])),e[5]=+(e[7]+e[8]||"odd"===e[3])):e[3]&&ot.error(e[0]),e},PSEUDO:function(e){var t,n=!e[5]&&e[2];return J.CHILD.test(e[0])?null:(e[3]&&e[4]!==undefined?e[2]=e[4]:n&&V.test(n)&&(t=gt(n,!0))&&(t=n.indexOf(")",n.length-t)-n.length)&&(e[0]=e[0].slice(0,t),e[2]=n.slice(0,t)),e.slice(0,3))}},filter:{TAG:function(e){var t=e.replace(nt,rt).toLowerCase();return"*"===e?function(){return!0}:function(e){return e.nodeName&&e.nodeName.toLowerCase()===t}},CLASS:function(e){var t=C[e+" "];return t||(t=RegExp("(^|"+M+")"+e+"("+M+"|$)"))&&C(e,function(e){return t.test("string"==typeof e.className&&e.className||typeof e.getAttribute!==j&&e.getAttribute("class")||"")})},ATTR:function(e,t,n){return function(r){var i=ot.attr(r,e);return null==i?"!="===t:t?(i+="","="===t?i===n:"!="===t?i!==n:"^="===t?n&&0===i.indexOf(n):"*="===t?n&&i.indexOf(n)>-1:"$="===t?n&&i.slice(-n.length)===n:"~="===t?(" "+i+" ").indexOf(n)>-1:"|="===t?i===n||i.slice(0,n.length+1)===n+"-":!1):!0}},CHILD:function(e,t,n,r,i){var o="nth"!==e.slice(0,3),s="last"!==e.slice(-4),a="of-type"===t;return 1===r&&0===i?function(e){return!!e.parentNode}:function(t,n,u){var l,c,p,f,h,d,g=o!==s?"nextSibling":"previousSibling",m=t.parentNode,y=a&&t.nodeName.toLowerCase(),x=!u&&!a;if(m){if(o){while(g){p=t;while(p=p[g])if(a?p.nodeName.toLowerCase()===y:1===p.nodeType)return!1;d=g="only"===e&&!d&&"nextSibling"}return!0}if(d=[s?m.firstChild:m.lastChild],s&&x){c=m[v]||(m[v]={}),l=c[e]||[],h=l[0]===w&&l[1],f=l[0]===w&&l[2],p=h&&m.childNodes[h];while(p=++h&&p&&p[g]||(f=h=0)||d.pop())if(1===p.nodeType&&++f&&p===t){c[e]=[w,h,f];break}}else if(x&&(l=(t[v]||(t[v]={}))[e])&&l[0]===w)f=l[1];else while(p=++h&&p&&p[g]||(f=h=0)||d.pop())if((a?p.nodeName.toLowerCase()===y:1===p.nodeType)&&++f&&(x&&((p[v]||(p[v]={}))[e]=[w,f]),p===t))break;return f-=i,f===r||0===f%r&&f/r>=0}}},PSEUDO:function(e,t){var n,r=i.pseudos[e]||i.setFilters[e.toLowerCase()]||ot.error("unsupported pseudo: "+e);return r[v]?r(t):r.length>1?(n=[e,e,"",t],i.setFilters.hasOwnProperty(e.toLowerCase())?at(function(e,n){var i,o=r(e,t),s=o.length;while(s--)i=P.call(e,o[s]),e[i]=!(n[i]=o[s])}):function(e){return r(e,0,n)}):r}},pseudos:{not:at(function(e){var t=[],n=[],r=a(e.replace(z,"$1"));return r[v]?at(function(e,t,n,i){var o,s=r(e,null,i,[]),a=e.length;while(a--)(o=s[a])&&(e[a]=!(t[a]=o))}):function(e,i,o){return t[0]=e,r(t,null,o,n),!n.pop()}}),has:at(function(e){return function(t){return ot(e,t).length>0}}),contains:at(function(e){return function(t){return(t.textContent||t.innerText||o(t)).indexOf(e)>-1}}),lang:at(function(e){return G.test(e||"")||ot.error("unsupported lang: "+e),e=e.replace(nt,rt).toLowerCase(),function(t){var n;do if(n=h?t.lang:t.getAttribute("xml:lang")||t.getAttribute("lang"))return n=n.toLowerCase(),n===e||0===n.indexOf(e+"-");while((t=t.parentNode)&&1===t.nodeType);return!1}}),target:function(t){var n=e.location&&e.location.hash;return n&&n.slice(1)===t.id},root:function(e){return e===f},focus:function(e){return e===p.activeElement&&(!p.hasFocus||p.hasFocus())&&!!(e.type||e.href||~e.tabIndex)},enabled:function(e){return e.disabled===!1},disabled:function(e){return e.disabled===!0},checked:function(e){var t=e.nodeName.toLowerCase();return"input"===t&&!!e.checked||"option"===t&&!!e.selected},selected:function(e){return e.parentNode&&e.parentNode.selectedIndex,e.selected===!0},empty:function(e){for(e=e.firstChild;e;e=e.nextSibling)if(e.nodeName>"@"||3===e.nodeType||4===e.nodeType)return!1;return!0},parent:function(e){return!i.pseudos.empty(e)},header:function(e){return et.test(e.nodeName)},input:function(e){return Z.test(e.nodeName)},button:function(e){var t=e.nodeName.toLowerCase();return"input"===t&&"button"===e.type||"button"===t},text:function(e){var t;return"input"===e.nodeName.toLowerCase()&&"text"===e.type&&(null==(t=e.getAttribute("type"))||t.toLowerCase()===e.type)},first:ht(function(){return[0]}),last:ht(function(e,t){return[t-1]}),eq:ht(function(e,t,n){return[0>n?n+t:n]}),even:ht(function(e,t){var n=0;for(;t>n;n+=2)e.push(n);return e}),odd:ht(function(e,t){var n=1;for(;t>n;n+=2)e.push(n);return e}),lt:ht(function(e,t,n){var r=0>n?n+t:n;for(;--r>=0;)e.push(r);return e}),gt:ht(function(e,t,n){var r=0>n?n+t:n;for(;t>++r;)e.push(r);return e})}},i.pseudos.nth=i.pseudos.eq;for(t in{radio:!0,checkbox:!0,file:!0,password:!0,image:!0})i.pseudos[t]=pt(t);for(t in{submit:!0,reset:!0})i.pseudos[t]=ft(t);function dt(){}dt.prototype=i.filters=i.pseudos,i.setFilters=new dt;function gt(e,t){var n,r,o,s,a,u,l,c=k[e+" "];if(c)return t?0:c.slice(0);a=e,u=[],l=i.preFilter;while(a){(!n||(r=_.exec(a)))&&(r&&(a=a.slice(r[0].length)||a),u.push(o=[])),n=!1,(r=X.exec(a))&&(n=r.shift(),o.push({value:n,type:r[0].replace(z," ")}),a=a.slice(n.length));for(s in i.filter)!(r=J[s].exec(a))||l[s]&&!(r=l[s](r))||(n=r.shift(),o.push({value:n,type:s,matches:r}),a=a.slice(n.length));if(!n)break}return t?a.length:a?ot.error(e):k(e,u).slice(0)}function mt(e){var t=0,n=e.length,r="";for(;n>t;t++)r+=e[t].value;return r}function yt(e,t,n){var i=t.dir,o=n&&"parentNode"===i,s=T++;return t.first?function(t,n,r){while(t=t[i])if(1===t.nodeType||o)return e(t,n,r)}:function(t,n,a){var u,l,c,p=w+" "+s;if(a){while(t=t[i])if((1===t.nodeType||o)&&e(t,n,a))return!0}else while(t=t[i])if(1===t.nodeType||o)if(c=t[v]||(t[v]={}),(l=c[i])&&l[0]===p){if((u=l[1])===!0||u===r)return u===!0}else if(l=c[i]=[p],l[1]=e(t,n,a)||r,l[1]===!0)return!0}}function vt(e){return e.length>1?function(t,n,r){var i=e.length;while(i--)if(!e[i](t,n,r))return!1;return!0}:e[0]}function xt(e,t,n,r,i){var o,s=[],a=0,u=e.length,l=null!=t;for(;u>a;a++)(o=e[a])&&(!n||n(o,r,i))&&(s.push(o),l&&t.push(a));return s}function bt(e,t,n,r,i,o){return r&&!r[v]&&(r=bt(r)),i&&!i[v]&&(i=bt(i,o)),at(function(o,s,a,u){var l,c,p,f=[],h=[],d=s.length,g=o||Ct(t||"*",a.nodeType?[a]:a,[]),m=!e||!o&&t?g:xt(g,f,e,a,u),y=n?i||(o?e:d||r)?[]:s:m;if(n&&n(m,y,a,u),r){l=xt(y,h),r(l,[],a,u),c=l.length;while(c--)(p=l[c])&&(y[h[c]]=!(m[h[c]]=p))}if(o){if(i||e){if(i){l=[],c=y.length;while(c--)(p=y[c])&&l.push(m[c]=p);i(null,y=[],l,u)}c=y.length;while(c--)(p=y[c])&&(l=i?P.call(o,p):f[c])>-1&&(o[l]=!(s[l]=p))}}else y=xt(y===s?y.splice(d,y.length):y),i?i(null,s,y,u):O.apply(s,y)})}function wt(e){var t,n,r,o=e.length,s=i.relative[e[0].type],a=s||i.relative[" "],l=s?1:0,c=yt(function(e){return e===t},a,!0),p=yt(function(e){return P.call(t,e)>-1},a,!0),f=[function(e,n,r){return!s&&(r||n!==u)||((t=n).nodeType?c(e,n,r):p(e,n,r))}];for(;o>l;l++)if(n=i.relative[e[l].type])f=[yt(vt(f),n)];else{if(n=i.filter[e[l].type].apply(null,e[l].matches),n[v]){for(r=++l;o>r;r++)if(i.relative[e[r].type])break;return bt(l>1&&vt(f),l>1&&mt(e.slice(0,l-1).concat({value:" "===e[l-2].type?"*":""})).replace(z,"$1"),n,r>l&&wt(e.slice(l,r)),o>r&&wt(e=e.slice(r)),o>r&&mt(e))}f.push(n)}return vt(f)}function Tt(e,t){var n=0,o=t.length>0,s=e.length>0,a=function(a,l,c,f,h){var d,g,m,y=[],v=0,x="0",b=a&&[],T=null!=h,C=u,k=a||s&&i.find.TAG("*",h&&l.parentNode||l),N=w+=null==C?1:Math.random()||.1;for(T&&(u=l!==p&&l,r=n);null!=(d=k[x]);x++){if(s&&d){g=0;while(m=e[g++])if(m(d,l,c)){f.push(d);break}T&&(w=N,r=++n)}o&&((d=!m&&d)&&v--,a&&b.push(d))}if(v+=x,o&&x!==v){g=0;while(m=t[g++])m(b,y,l,c);if(a){if(v>0)while(x--)b[x]||y[x]||(y[x]=q.call(f));y=xt(y)}O.apply(f,y),T&&!a&&y.length>0&&v+t.length>1&&ot.uniqueSort(f)}return T&&(w=N,u=C),b};return o?at(a):a}a=ot.compile=function(e,t){var n,r=[],i=[],o=N[e+" "];if(!o){t||(t=gt(e)),n=t.length;while(n--)o=wt(t[n]),o[v]?r.push(o):i.push(o);o=N(e,Tt(i,r))}return o};function Ct(e,t,n){var r=0,i=t.length;for(;i>r;r++)ot(e,t[r],n);return n}function kt(e,t,r,o){var s,u,l,c,p,f=gt(e);if(!o&&1===f.length){if(u=f[0]=f[0].slice(0),u.length>2&&"ID"===(l=u[0]).type&&n.getById&&9===t.nodeType&&h&&i.relative[u[1].type]){if(t=(i.find.ID(l.matches[0].replace(nt,rt),t)||[])[0],!t)return r;e=e.slice(u.shift().value.length)}s=J.needsContext.test(e)?0:u.length;while(s--){if(l=u[s],i.relative[c=l.type])break;if((p=i.find[c])&&(o=p(l.matches[0].replace(nt,rt),U.test(u[0].type)&&t.parentNode||t))){if(u.splice(s,1),e=o.length&&mt(u),!e)return O.apply(r,o),r;break}}}return a(e,f)(o,t,!h,r,U.test(e)),r}n.sortStable=v.split("").sort(S).join("")===v,n.detectDuplicates=E,c(),n.sortDetached=ut(function(e){return 1&e.compareDocumentPosition(p.createElement("div"))}),ut(function(e){return e.innerHTML="","#"===e.firstChild.getAttribute("href")})||lt("type|href|height|width",function(e,t,n){return n?undefined:e.getAttribute(t,"type"===t.toLowerCase()?1:2)}),n.attributes&&ut(function(e){return e.innerHTML="",e.firstChild.setAttribute("value",""),""===e.firstChild.getAttribute("value")})||lt("value",function(e,t,n){return n||"input"!==e.nodeName.toLowerCase()?undefined:e.defaultValue}),ut(function(e){return null==e.getAttribute("disabled")})||lt(R,function(e,t,n){var r;return n?undefined:(r=e.getAttributeNode(t))&&r.specified?r.value:e[t]===!0?t.toLowerCase():null}),x.find=ot,x.expr=ot.selectors,x.expr[":"]=x.expr.pseudos,x.unique=ot.uniqueSort,x.text=ot.getText,x.isXMLDoc=ot.isXML,x.contains=ot.contains}(e);var D={};function A(e){var t=D[e]={};return x.each(e.match(w)||[],function(e,n){t[n]=!0}),t}x.Callbacks=function(e){e="string"==typeof e?D[e]||A(e):x.extend({},e);var t,n,r,i,o,s,a=[],u=!e.once&&[],l=function(p){for(t=e.memory&&p,n=!0,s=i||0,i=0,o=a.length,r=!0;a&&o>s;s++)if(a[s].apply(p[0],p[1])===!1&&e.stopOnFalse){t=!1;break}r=!1,a&&(u?u.length&&l(u.shift()):t?a=[]:c.disable())},c={add:function(){if(a){var n=a.length;(function s(t){x.each(t,function(t,n){var r=x.type(n);"function"===r?e.unique&&c.has(n)||a.push(n):n&&n.length&&"string"!==r&&s(n)})})(arguments),r?o=a.length:t&&(i=n,l(t))}return this},remove:function(){return a&&x.each(arguments,function(e,t){var n;while((n=x.inArray(t,a,n))>-1)a.splice(n,1),r&&(o>=n&&o--,s>=n&&s--)}),this},has:function(e){return e?x.inArray(e,a)>-1:!(!a||!a.length)},empty:function(){return a=[],o=0,this},disable:function(){return a=u=t=undefined,this},disabled:function(){return!a},lock:function(){return u=undefined,t||c.disable(),this},locked:function(){return!u},fireWith:function(e,t){return!a||n&&!u||(t=t||[],t=[e,t.slice?t.slice():t],r?u.push(t):l(t)),this},fire:function(){return c.fireWith(this,arguments),this},fired:function(){return!!n}};return c},x.extend({Deferred:function(e){var t=[["resolve","done",x.Callbacks("once memory"),"resolved"],["reject","fail",x.Callbacks("once memory"),"rejected"],["notify","progress",x.Callbacks("memory")]],n="pending",r={state:function(){return n},always:function(){return i.done(arguments).fail(arguments),this},then:function(){var e=arguments;return x.Deferred(function(n){x.each(t,function(t,o){var s=o[0],a=x.isFunction(e[t])&&e[t];i[o[1]](function(){var e=a&&a.apply(this,arguments);e&&x.isFunction(e.promise)?e.promise().done(n.resolve).fail(n.reject).progress(n.notify):n[s+"With"](this===r?n.promise():this,a?[e]:arguments)})}),e=null}).promise()},promise:function(e){return null!=e?x.extend(e,r):r}},i={};return r.pipe=r.then,x.each(t,function(e,o){var s=o[2],a=o[3];r[o[1]]=s.add,a&&s.add(function(){n=a},t[1^e][2].disable,t[2][2].lock),i[o[0]]=function(){return i[o[0]+"With"](this===i?r:this,arguments),this},i[o[0]+"With"]=s.fireWith}),r.promise(i),e&&e.call(i,i),i},when:function(e){var t=0,n=d.call(arguments),r=n.length,i=1!==r||e&&x.isFunction(e.promise)?r:0,o=1===i?e:x.Deferred(),s=function(e,t,n){return function(r){t[e]=this,n[e]=arguments.length>1?d.call(arguments):r,n===a?o.notifyWith(t,n):--i||o.resolveWith(t,n)}},a,u,l;if(r>1)for(a=Array(r),u=Array(r),l=Array(r);r>t;t++)n[t]&&x.isFunction(n[t].promise)?n[t].promise().done(s(t,l,n)).fail(o.reject).progress(s(t,u,a)):--i;return i||o.resolveWith(l,n),o.promise()}}),x.support=function(t){var n=o.createElement("input"),r=o.createDocumentFragment(),i=o.createElement("div"),s=o.createElement("select"),a=s.appendChild(o.createElement("option"));return n.type?(n.type="checkbox",t.checkOn=""!==n.value,t.optSelected=a.selected,t.reliableMarginRight=!0,t.boxSizingReliable=!0,t.pixelPosition=!1,n.checked=!0,t.noCloneChecked=n.cloneNode(!0).checked,s.disabled=!0,t.optDisabled=!a.disabled,n=o.createElement("input"),n.value="t",n.type="radio",t.radioValue="t"===n.value,n.setAttribute("checked","t"),n.setAttribute("name","t"),r.appendChild(n),t.checkClone=r.cloneNode(!0).cloneNode(!0).lastChild.checked,t.focusinBubbles="onfocusin"in e,i.style.backgroundClip="content-box",i.cloneNode(!0).style.backgroundClip="",t.clearCloneStyle="content-box"===i.style.backgroundClip,x(function(){var n,r,s="padding:0;margin:0;border:0;display:block;-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box",a=o.getElementsByTagName("body")[0];a&&(n=o.createElement("div"),n.style.cssText="border:0;width:0;height:0;position:absolute;top:0;left:-9999px;margin-top:1px",a.appendChild(n).appendChild(i),i.innerHTML="",i.style.cssText="-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;padding:1px;border:1px;display:block;width:4px;margin-top:1%;position:absolute;top:1%",x.swap(a,null!=a.style.zoom?{zoom:1}:{},function(){t.boxSizing=4===i.offsetWidth}),e.getComputedStyle&&(t.pixelPosition="1%"!==(e.getComputedStyle(i,null)||{}).top,t.boxSizingReliable="4px"===(e.getComputedStyle(i,null)||{width:"4px"}).width,r=i.appendChild(o.createElement("div")),r.style.cssText=i.style.cssText=s,r.style.marginRight=r.style.width="0",i.style.width="1px",t.reliableMarginRight=!parseFloat((e.getComputedStyle(r,null)||{}).marginRight)),a.removeChild(n))}),t):t}({});var L,q,H=/(?:\{[\s\S]*\}|\[[\s\S]*\])$/,O=/([A-Z])/g;function F(){Object.defineProperty(this.cache={},0,{get:function(){return{}}}),this.expando=x.expando+Math.random()}F.uid=1,F.accepts=function(e){return e.nodeType?1===e.nodeType||9===e.nodeType:!0},F.prototype={key:function(e){if(!F.accepts(e))return 0;var t={},n=e[this.expando];if(!n){n=F.uid++;try{t[this.expando]={value:n},Object.defineProperties(e,t)}catch(r){t[this.expando]=n,x.extend(e,t)}}return this.cache[n]||(this.cache[n]={}),n},set:function(e,t,n){var r,i=this.key(e),o=this.cache[i];if("string"==typeof t)o[t]=n;else if(x.isEmptyObject(o))x.extend(this.cache[i],t);else for(r in t)o[r]=t[r];return o},get:function(e,t){var n=this.cache[this.key(e)];return t===undefined?n:n[t]},access:function(e,t,n){var r;return t===undefined||t&&"string"==typeof t&&n===undefined?(r=this.get(e,t),r!==undefined?r:this.get(e,x.camelCase(t))):(this.set(e,t,n),n!==undefined?n:t)},remove:function(e,t){var n,r,i,o=this.key(e),s=this.cache[o];if(t===undefined)this.cache[o]={};else{x.isArray(t)?r=t.concat(t.map(x.camelCase)):(i=x.camelCase(t),t in s?r=[t,i]:(r=i,r=r in s?[r]:r.match(w)||[])),n=r.length;while(n--)delete s[r[n]]}},hasData:function(e){return!x.isEmptyObject(this.cache[e[this.expando]]||{})},discard:function(e){e[this.expando]&&delete this.cache[e[this.expando]]}},L=new F,q=new F,x.extend({acceptData:F.accepts,hasData:function(e){return L.hasData(e)||q.hasData(e)},data:function(e,t,n){return L.access(e,t,n)},removeData:function(e,t){L.remove(e,t)},_data:function(e,t,n){return q.access(e,t,n)},_removeData:function(e,t){q.remove(e,t)}}),x.fn.extend({data:function(e,t){var n,r,i=this[0],o=0,s=null;if(e===undefined){if(this.length&&(s=L.get(i),1===i.nodeType&&!q.get(i,"hasDataAttrs"))){for(n=i.attributes;n.length>o;o++)r=n[o].name,0===r.indexOf("data-")&&(r=x.camelCase(r.slice(5)),P(i,r,s[r]));q.set(i,"hasDataAttrs",!0)}return s}return"object"==typeof e?this.each(function(){L.set(this,e)}):x.access(this,function(t){var n,r=x.camelCase(e);if(i&&t===undefined){if(n=L.get(i,e),n!==undefined)return n;if(n=L.get(i,r),n!==undefined)return n;if(n=P(i,r,undefined),n!==undefined)return n}else this.each(function(){var n=L.get(this,r);L.set(this,r,t),-1!==e.indexOf("-")&&n!==undefined&&L.set(this,e,t)})},null,t,arguments.length>1,null,!0)},removeData:function(e){return this.each(function(){L.remove(this,e)})}});function P(e,t,n){var r;if(n===undefined&&1===e.nodeType)if(r="data-"+t.replace(O,"-$1").toLowerCase(),n=e.getAttribute(r),"string"==typeof n){try{n="true"===n?!0:"false"===n?!1:"null"===n?null:+n+""===n?+n:H.test(n)?JSON.parse(n):n}catch(i){}L.set(e,t,n)}else n=undefined;return n}x.extend({queue:function(e,t,n){var r;return e?(t=(t||"fx")+"queue",r=q.get(e,t),n&&(!r||x.isArray(n)?r=q.access(e,t,x.makeArray(n)):r.push(n)),r||[]):undefined},dequeue:function(e,t){t=t||"fx";var n=x.queue(e,t),r=n.length,i=n.shift(),o=x._queueHooks(e,t),s=function(){x.dequeue(e,t) +};"inprogress"===i&&(i=n.shift(),r--),i&&("fx"===t&&n.unshift("inprogress"),delete o.stop,i.call(e,s,o)),!r&&o&&o.empty.fire()},_queueHooks:function(e,t){var n=t+"queueHooks";return q.get(e,n)||q.access(e,n,{empty:x.Callbacks("once memory").add(function(){q.remove(e,[t+"queue",n])})})}}),x.fn.extend({queue:function(e,t){var n=2;return"string"!=typeof e&&(t=e,e="fx",n--),n>arguments.length?x.queue(this[0],e):t===undefined?this:this.each(function(){var n=x.queue(this,e,t);x._queueHooks(this,e),"fx"===e&&"inprogress"!==n[0]&&x.dequeue(this,e)})},dequeue:function(e){return this.each(function(){x.dequeue(this,e)})},delay:function(e,t){return e=x.fx?x.fx.speeds[e]||e:e,t=t||"fx",this.queue(t,function(t,n){var r=setTimeout(t,e);n.stop=function(){clearTimeout(r)}})},clearQueue:function(e){return this.queue(e||"fx",[])},promise:function(e,t){var n,r=1,i=x.Deferred(),o=this,s=this.length,a=function(){--r||i.resolveWith(o,[o])};"string"!=typeof e&&(t=e,e=undefined),e=e||"fx";while(s--)n=q.get(o[s],e+"queueHooks"),n&&n.empty&&(r++,n.empty.add(a));return a(),i.promise(t)}});var R,M,W=/[\t\r\n\f]/g,$=/\r/g,B=/^(?:input|select|textarea|button)$/i;x.fn.extend({attr:function(e,t){return x.access(this,x.attr,e,t,arguments.length>1)},removeAttr:function(e){return this.each(function(){x.removeAttr(this,e)})},prop:function(e,t){return x.access(this,x.prop,e,t,arguments.length>1)},removeProp:function(e){return this.each(function(){delete this[x.propFix[e]||e]})},addClass:function(e){var t,n,r,i,o,s=0,a=this.length,u="string"==typeof e&&e;if(x.isFunction(e))return this.each(function(t){x(this).addClass(e.call(this,t,this.className))});if(u)for(t=(e||"").match(w)||[];a>s;s++)if(n=this[s],r=1===n.nodeType&&(n.className?(" "+n.className+" ").replace(W," "):" ")){o=0;while(i=t[o++])0>r.indexOf(" "+i+" ")&&(r+=i+" ");n.className=x.trim(r)}return this},removeClass:function(e){var t,n,r,i,o,s=0,a=this.length,u=0===arguments.length||"string"==typeof e&&e;if(x.isFunction(e))return this.each(function(t){x(this).removeClass(e.call(this,t,this.className))});if(u)for(t=(e||"").match(w)||[];a>s;s++)if(n=this[s],r=1===n.nodeType&&(n.className?(" "+n.className+" ").replace(W," "):"")){o=0;while(i=t[o++])while(r.indexOf(" "+i+" ")>=0)r=r.replace(" "+i+" "," ");n.className=e?x.trim(r):""}return this},toggleClass:function(e,t){var n=typeof e;return"boolean"==typeof t&&"string"===n?t?this.addClass(e):this.removeClass(e):x.isFunction(e)?this.each(function(n){x(this).toggleClass(e.call(this,n,this.className,t),t)}):this.each(function(){if("string"===n){var t,i=0,o=x(this),s=e.match(w)||[];while(t=s[i++])o.hasClass(t)?o.removeClass(t):o.addClass(t)}else(n===r||"boolean"===n)&&(this.className&&q.set(this,"__className__",this.className),this.className=this.className||e===!1?"":q.get(this,"__className__")||"")})},hasClass:function(e){var t=" "+e+" ",n=0,r=this.length;for(;r>n;n++)if(1===this[n].nodeType&&(" "+this[n].className+" ").replace(W," ").indexOf(t)>=0)return!0;return!1},val:function(e){var t,n,r,i=this[0];{if(arguments.length)return r=x.isFunction(e),this.each(function(n){var i;1===this.nodeType&&(i=r?e.call(this,n,x(this).val()):e,null==i?i="":"number"==typeof i?i+="":x.isArray(i)&&(i=x.map(i,function(e){return null==e?"":e+""})),t=x.valHooks[this.type]||x.valHooks[this.nodeName.toLowerCase()],t&&"set"in t&&t.set(this,i,"value")!==undefined||(this.value=i))});if(i)return t=x.valHooks[i.type]||x.valHooks[i.nodeName.toLowerCase()],t&&"get"in t&&(n=t.get(i,"value"))!==undefined?n:(n=i.value,"string"==typeof n?n.replace($,""):null==n?"":n)}}}),x.extend({valHooks:{option:{get:function(e){var t=e.attributes.value;return!t||t.specified?e.value:e.text}},select:{get:function(e){var t,n,r=e.options,i=e.selectedIndex,o="select-one"===e.type||0>i,s=o?null:[],a=o?i+1:r.length,u=0>i?a:o?i:0;for(;a>u;u++)if(n=r[u],!(!n.selected&&u!==i||(x.support.optDisabled?n.disabled:null!==n.getAttribute("disabled"))||n.parentNode.disabled&&x.nodeName(n.parentNode,"optgroup"))){if(t=x(n).val(),o)return t;s.push(t)}return s},set:function(e,t){var n,r,i=e.options,o=x.makeArray(t),s=i.length;while(s--)r=i[s],(r.selected=x.inArray(x(r).val(),o)>=0)&&(n=!0);return n||(e.selectedIndex=-1),o}}},attr:function(e,t,n){var i,o,s=e.nodeType;if(e&&3!==s&&8!==s&&2!==s)return typeof e.getAttribute===r?x.prop(e,t,n):(1===s&&x.isXMLDoc(e)||(t=t.toLowerCase(),i=x.attrHooks[t]||(x.expr.match.bool.test(t)?M:R)),n===undefined?i&&"get"in i&&null!==(o=i.get(e,t))?o:(o=x.find.attr(e,t),null==o?undefined:o):null!==n?i&&"set"in i&&(o=i.set(e,n,t))!==undefined?o:(e.setAttribute(t,n+""),n):(x.removeAttr(e,t),undefined))},removeAttr:function(e,t){var n,r,i=0,o=t&&t.match(w);if(o&&1===e.nodeType)while(n=o[i++])r=x.propFix[n]||n,x.expr.match.bool.test(n)&&(e[r]=!1),e.removeAttribute(n)},attrHooks:{type:{set:function(e,t){if(!x.support.radioValue&&"radio"===t&&x.nodeName(e,"input")){var n=e.value;return e.setAttribute("type",t),n&&(e.value=n),t}}}},propFix:{"for":"htmlFor","class":"className"},prop:function(e,t,n){var r,i,o,s=e.nodeType;if(e&&3!==s&&8!==s&&2!==s)return o=1!==s||!x.isXMLDoc(e),o&&(t=x.propFix[t]||t,i=x.propHooks[t]),n!==undefined?i&&"set"in i&&(r=i.set(e,n,t))!==undefined?r:e[t]=n:i&&"get"in i&&null!==(r=i.get(e,t))?r:e[t]},propHooks:{tabIndex:{get:function(e){return e.hasAttribute("tabindex")||B.test(e.nodeName)||e.href?e.tabIndex:-1}}}}),M={set:function(e,t,n){return t===!1?x.removeAttr(e,n):e.setAttribute(n,n),n}},x.each(x.expr.match.bool.source.match(/\w+/g),function(e,t){var n=x.expr.attrHandle[t]||x.find.attr;x.expr.attrHandle[t]=function(e,t,r){var i=x.expr.attrHandle[t],o=r?undefined:(x.expr.attrHandle[t]=undefined)!=n(e,t,r)?t.toLowerCase():null;return x.expr.attrHandle[t]=i,o}}),x.support.optSelected||(x.propHooks.selected={get:function(e){var t=e.parentNode;return t&&t.parentNode&&t.parentNode.selectedIndex,null}}),x.each(["tabIndex","readOnly","maxLength","cellSpacing","cellPadding","rowSpan","colSpan","useMap","frameBorder","contentEditable"],function(){x.propFix[this.toLowerCase()]=this}),x.each(["radio","checkbox"],function(){x.valHooks[this]={set:function(e,t){return x.isArray(t)?e.checked=x.inArray(x(e).val(),t)>=0:undefined}},x.support.checkOn||(x.valHooks[this].get=function(e){return null===e.getAttribute("value")?"on":e.value})});var I=/^key/,z=/^(?:mouse|contextmenu)|click/,_=/^(?:focusinfocus|focusoutblur)$/,X=/^([^.]*)(?:\.(.+)|)$/;function U(){return!0}function Y(){return!1}function V(){try{return o.activeElement}catch(e){}}x.event={global:{},add:function(e,t,n,i,o){var s,a,u,l,c,p,f,h,d,g,m,y=q.get(e);if(y){n.handler&&(s=n,n=s.handler,o=s.selector),n.guid||(n.guid=x.guid++),(l=y.events)||(l=y.events={}),(a=y.handle)||(a=y.handle=function(e){return typeof x===r||e&&x.event.triggered===e.type?undefined:x.event.dispatch.apply(a.elem,arguments)},a.elem=e),t=(t||"").match(w)||[""],c=t.length;while(c--)u=X.exec(t[c])||[],d=m=u[1],g=(u[2]||"").split(".").sort(),d&&(f=x.event.special[d]||{},d=(o?f.delegateType:f.bindType)||d,f=x.event.special[d]||{},p=x.extend({type:d,origType:m,data:i,handler:n,guid:n.guid,selector:o,needsContext:o&&x.expr.match.needsContext.test(o),namespace:g.join(".")},s),(h=l[d])||(h=l[d]=[],h.delegateCount=0,f.setup&&f.setup.call(e,i,g,a)!==!1||e.addEventListener&&e.addEventListener(d,a,!1)),f.add&&(f.add.call(e,p),p.handler.guid||(p.handler.guid=n.guid)),o?h.splice(h.delegateCount++,0,p):h.push(p),x.event.global[d]=!0);e=null}},remove:function(e,t,n,r,i){var o,s,a,u,l,c,p,f,h,d,g,m=q.hasData(e)&&q.get(e);if(m&&(u=m.events)){t=(t||"").match(w)||[""],l=t.length;while(l--)if(a=X.exec(t[l])||[],h=g=a[1],d=(a[2]||"").split(".").sort(),h){p=x.event.special[h]||{},h=(r?p.delegateType:p.bindType)||h,f=u[h]||[],a=a[2]&&RegExp("(^|\\.)"+d.join("\\.(?:.*\\.|)")+"(\\.|$)"),s=o=f.length;while(o--)c=f[o],!i&&g!==c.origType||n&&n.guid!==c.guid||a&&!a.test(c.namespace)||r&&r!==c.selector&&("**"!==r||!c.selector)||(f.splice(o,1),c.selector&&f.delegateCount--,p.remove&&p.remove.call(e,c));s&&!f.length&&(p.teardown&&p.teardown.call(e,d,m.handle)!==!1||x.removeEvent(e,h,m.handle),delete u[h])}else for(h in u)x.event.remove(e,h+t[l],n,r,!0);x.isEmptyObject(u)&&(delete m.handle,q.remove(e,"events"))}},trigger:function(t,n,r,i){var s,a,u,l,c,p,f,h=[r||o],d=y.call(t,"type")?t.type:t,g=y.call(t,"namespace")?t.namespace.split("."):[];if(a=u=r=r||o,3!==r.nodeType&&8!==r.nodeType&&!_.test(d+x.event.triggered)&&(d.indexOf(".")>=0&&(g=d.split("."),d=g.shift(),g.sort()),c=0>d.indexOf(":")&&"on"+d,t=t[x.expando]?t:new x.Event(d,"object"==typeof t&&t),t.isTrigger=i?2:3,t.namespace=g.join("."),t.namespace_re=t.namespace?RegExp("(^|\\.)"+g.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,t.result=undefined,t.target||(t.target=r),n=null==n?[t]:x.makeArray(n,[t]),f=x.event.special[d]||{},i||!f.trigger||f.trigger.apply(r,n)!==!1)){if(!i&&!f.noBubble&&!x.isWindow(r)){for(l=f.delegateType||d,_.test(l+d)||(a=a.parentNode);a;a=a.parentNode)h.push(a),u=a;u===(r.ownerDocument||o)&&h.push(u.defaultView||u.parentWindow||e)}s=0;while((a=h[s++])&&!t.isPropagationStopped())t.type=s>1?l:f.bindType||d,p=(q.get(a,"events")||{})[t.type]&&q.get(a,"handle"),p&&p.apply(a,n),p=c&&a[c],p&&x.acceptData(a)&&p.apply&&p.apply(a,n)===!1&&t.preventDefault();return t.type=d,i||t.isDefaultPrevented()||f._default&&f._default.apply(h.pop(),n)!==!1||!x.acceptData(r)||c&&x.isFunction(r[d])&&!x.isWindow(r)&&(u=r[c],u&&(r[c]=null),x.event.triggered=d,r[d](),x.event.triggered=undefined,u&&(r[c]=u)),t.result}},dispatch:function(e){e=x.event.fix(e);var t,n,r,i,o,s=[],a=d.call(arguments),u=(q.get(this,"events")||{})[e.type]||[],l=x.event.special[e.type]||{};if(a[0]=e,e.delegateTarget=this,!l.preDispatch||l.preDispatch.call(this,e)!==!1){s=x.event.handlers.call(this,e,u),t=0;while((i=s[t++])&&!e.isPropagationStopped()){e.currentTarget=i.elem,n=0;while((o=i.handlers[n++])&&!e.isImmediatePropagationStopped())(!e.namespace_re||e.namespace_re.test(o.namespace))&&(e.handleObj=o,e.data=o.data,r=((x.event.special[o.origType]||{}).handle||o.handler).apply(i.elem,a),r!==undefined&&(e.result=r)===!1&&(e.preventDefault(),e.stopPropagation()))}return l.postDispatch&&l.postDispatch.call(this,e),e.result}},handlers:function(e,t){var n,r,i,o,s=[],a=t.delegateCount,u=e.target;if(a&&u.nodeType&&(!e.button||"click"!==e.type))for(;u!==this;u=u.parentNode||this)if(u.disabled!==!0||"click"!==e.type){for(r=[],n=0;a>n;n++)o=t[n],i=o.selector+" ",r[i]===undefined&&(r[i]=o.needsContext?x(i,this).index(u)>=0:x.find(i,this,null,[u]).length),r[i]&&r.push(o);r.length&&s.push({elem:u,handlers:r})}return t.length>a&&s.push({elem:this,handlers:t.slice(a)}),s},props:"altKey bubbles cancelable ctrlKey currentTarget eventPhase metaKey relatedTarget shiftKey target timeStamp view which".split(" "),fixHooks:{},keyHooks:{props:"char charCode key keyCode".split(" "),filter:function(e,t){return null==e.which&&(e.which=null!=t.charCode?t.charCode:t.keyCode),e}},mouseHooks:{props:"button buttons clientX clientY offsetX offsetY pageX pageY screenX screenY toElement".split(" "),filter:function(e,t){var n,r,i,s=t.button;return null==e.pageX&&null!=t.clientX&&(n=e.target.ownerDocument||o,r=n.documentElement,i=n.body,e.pageX=t.clientX+(r&&r.scrollLeft||i&&i.scrollLeft||0)-(r&&r.clientLeft||i&&i.clientLeft||0),e.pageY=t.clientY+(r&&r.scrollTop||i&&i.scrollTop||0)-(r&&r.clientTop||i&&i.clientTop||0)),e.which||s===undefined||(e.which=1&s?1:2&s?3:4&s?2:0),e}},fix:function(e){if(e[x.expando])return e;var t,n,r,i=e.type,s=e,a=this.fixHooks[i];a||(this.fixHooks[i]=a=z.test(i)?this.mouseHooks:I.test(i)?this.keyHooks:{}),r=a.props?this.props.concat(a.props):this.props,e=new x.Event(s),t=r.length;while(t--)n=r[t],e[n]=s[n];return e.target||(e.target=o),3===e.target.nodeType&&(e.target=e.target.parentNode),a.filter?a.filter(e,s):e},special:{load:{noBubble:!0},focus:{trigger:function(){return this!==V()&&this.focus?(this.focus(),!1):undefined},delegateType:"focusin"},blur:{trigger:function(){return this===V()&&this.blur?(this.blur(),!1):undefined},delegateType:"focusout"},click:{trigger:function(){return"checkbox"===this.type&&this.click&&x.nodeName(this,"input")?(this.click(),!1):undefined},_default:function(e){return x.nodeName(e.target,"a")}},beforeunload:{postDispatch:function(e){e.result!==undefined&&(e.originalEvent.returnValue=e.result)}}},simulate:function(e,t,n,r){var i=x.extend(new x.Event,n,{type:e,isSimulated:!0,originalEvent:{}});r?x.event.trigger(i,null,t):x.event.dispatch.call(t,i),i.isDefaultPrevented()&&n.preventDefault()}},x.removeEvent=function(e,t,n){e.removeEventListener&&e.removeEventListener(t,n,!1)},x.Event=function(e,t){return this instanceof x.Event?(e&&e.type?(this.originalEvent=e,this.type=e.type,this.isDefaultPrevented=e.defaultPrevented||e.getPreventDefault&&e.getPreventDefault()?U:Y):this.type=e,t&&x.extend(this,t),this.timeStamp=e&&e.timeStamp||x.now(),this[x.expando]=!0,undefined):new x.Event(e,t)},x.Event.prototype={isDefaultPrevented:Y,isPropagationStopped:Y,isImmediatePropagationStopped:Y,preventDefault:function(){var e=this.originalEvent;this.isDefaultPrevented=U,e&&e.preventDefault&&e.preventDefault()},stopPropagation:function(){var e=this.originalEvent;this.isPropagationStopped=U,e&&e.stopPropagation&&e.stopPropagation()},stopImmediatePropagation:function(){this.isImmediatePropagationStopped=U,this.stopPropagation()}},x.each({mouseenter:"mouseover",mouseleave:"mouseout"},function(e,t){x.event.special[e]={delegateType:t,bindType:t,handle:function(e){var n,r=this,i=e.relatedTarget,o=e.handleObj;return(!i||i!==r&&!x.contains(r,i))&&(e.type=o.origType,n=o.handler.apply(this,arguments),e.type=t),n}}}),x.support.focusinBubbles||x.each({focus:"focusin",blur:"focusout"},function(e,t){var n=0,r=function(e){x.event.simulate(t,e.target,x.event.fix(e),!0)};x.event.special[t]={setup:function(){0===n++&&o.addEventListener(e,r,!0)},teardown:function(){0===--n&&o.removeEventListener(e,r,!0)}}}),x.fn.extend({on:function(e,t,n,r,i){var o,s;if("object"==typeof e){"string"!=typeof t&&(n=n||t,t=undefined);for(s in e)this.on(s,t,n,e[s],i);return this}if(null==n&&null==r?(r=t,n=t=undefined):null==r&&("string"==typeof t?(r=n,n=undefined):(r=n,n=t,t=undefined)),r===!1)r=Y;else if(!r)return this;return 1===i&&(o=r,r=function(e){return x().off(e),o.apply(this,arguments)},r.guid=o.guid||(o.guid=x.guid++)),this.each(function(){x.event.add(this,e,r,n,t)})},one:function(e,t,n,r){return this.on(e,t,n,r,1)},off:function(e,t,n){var r,i;if(e&&e.preventDefault&&e.handleObj)return r=e.handleObj,x(e.delegateTarget).off(r.namespace?r.origType+"."+r.namespace:r.origType,r.selector,r.handler),this;if("object"==typeof e){for(i in e)this.off(i,t,e[i]);return this}return(t===!1||"function"==typeof t)&&(n=t,t=undefined),n===!1&&(n=Y),this.each(function(){x.event.remove(this,e,n,t)})},trigger:function(e,t){return this.each(function(){x.event.trigger(e,t,this)})},triggerHandler:function(e,t){var n=this[0];return n?x.event.trigger(e,t,n,!0):undefined}});var G=/^.[^:#\[\.,]*$/,J=/^(?:parents|prev(?:Until|All))/,Q=x.expr.match.needsContext,K={children:!0,contents:!0,next:!0,prev:!0};x.fn.extend({find:function(e){var t,n=[],r=this,i=r.length;if("string"!=typeof e)return this.pushStack(x(e).filter(function(){for(t=0;i>t;t++)if(x.contains(r[t],this))return!0}));for(t=0;i>t;t++)x.find(e,r[t],n);return n=this.pushStack(i>1?x.unique(n):n),n.selector=this.selector?this.selector+" "+e:e,n},has:function(e){var t=x(e,this),n=t.length;return this.filter(function(){var e=0;for(;n>e;e++)if(x.contains(this,t[e]))return!0})},not:function(e){return this.pushStack(et(this,e||[],!0))},filter:function(e){return this.pushStack(et(this,e||[],!1))},is:function(e){return!!et(this,"string"==typeof e&&Q.test(e)?x(e):e||[],!1).length},closest:function(e,t){var n,r=0,i=this.length,o=[],s=Q.test(e)||"string"!=typeof e?x(e,t||this.context):0;for(;i>r;r++)for(n=this[r];n&&n!==t;n=n.parentNode)if(11>n.nodeType&&(s?s.index(n)>-1:1===n.nodeType&&x.find.matchesSelector(n,e))){n=o.push(n);break}return this.pushStack(o.length>1?x.unique(o):o)},index:function(e){return e?"string"==typeof e?g.call(x(e),this[0]):g.call(this,e.jquery?e[0]:e):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(e,t){var n="string"==typeof e?x(e,t):x.makeArray(e&&e.nodeType?[e]:e),r=x.merge(this.get(),n);return this.pushStack(x.unique(r))},addBack:function(e){return this.add(null==e?this.prevObject:this.prevObject.filter(e))}});function Z(e,t){while((e=e[t])&&1!==e.nodeType);return e}x.each({parent:function(e){var t=e.parentNode;return t&&11!==t.nodeType?t:null},parents:function(e){return x.dir(e,"parentNode")},parentsUntil:function(e,t,n){return x.dir(e,"parentNode",n)},next:function(e){return Z(e,"nextSibling")},prev:function(e){return Z(e,"previousSibling")},nextAll:function(e){return x.dir(e,"nextSibling")},prevAll:function(e){return x.dir(e,"previousSibling")},nextUntil:function(e,t,n){return x.dir(e,"nextSibling",n)},prevUntil:function(e,t,n){return x.dir(e,"previousSibling",n)},siblings:function(e){return x.sibling((e.parentNode||{}).firstChild,e)},children:function(e){return x.sibling(e.firstChild)},contents:function(e){return e.contentDocument||x.merge([],e.childNodes)}},function(e,t){x.fn[e]=function(n,r){var i=x.map(this,t,n);return"Until"!==e.slice(-5)&&(r=n),r&&"string"==typeof r&&(i=x.filter(r,i)),this.length>1&&(K[e]||x.unique(i),J.test(e)&&i.reverse()),this.pushStack(i)}}),x.extend({filter:function(e,t,n){var r=t[0];return n&&(e=":not("+e+")"),1===t.length&&1===r.nodeType?x.find.matchesSelector(r,e)?[r]:[]:x.find.matches(e,x.grep(t,function(e){return 1===e.nodeType}))},dir:function(e,t,n){var r=[],i=n!==undefined;while((e=e[t])&&9!==e.nodeType)if(1===e.nodeType){if(i&&x(e).is(n))break;r.push(e)}return r},sibling:function(e,t){var n=[];for(;e;e=e.nextSibling)1===e.nodeType&&e!==t&&n.push(e);return n}});function et(e,t,n){if(x.isFunction(t))return x.grep(e,function(e,r){return!!t.call(e,r,e)!==n});if(t.nodeType)return x.grep(e,function(e){return e===t!==n});if("string"==typeof t){if(G.test(t))return x.filter(t,e,n);t=x.filter(t,e)}return x.grep(e,function(e){return g.call(t,e)>=0!==n})}var tt=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/gi,nt=/<([\w:]+)/,rt=/<|&#?\w+;/,it=/<(?:script|style|link)/i,ot=/^(?:checkbox|radio)$/i,st=/checked\s*(?:[^=]|=\s*.checked.)/i,at=/^$|\/(?:java|ecma)script/i,ut=/^true\/(.*)/,lt=/^\s*\s*$/g,ct={option:[1,""],thead:[1,"","
"],col:[2,"","
"],tr:[2,"","
"],td:[3,"","
"],_default:[0,"",""]};ct.optgroup=ct.option,ct.tbody=ct.tfoot=ct.colgroup=ct.caption=ct.thead,ct.th=ct.td,x.fn.extend({text:function(e){return x.access(this,function(e){return e===undefined?x.text(this):this.empty().append((this[0]&&this[0].ownerDocument||o).createTextNode(e))},null,e,arguments.length)},append:function(){return this.domManip(arguments,function(e){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var t=pt(this,e);t.appendChild(e)}})},prepend:function(){return this.domManip(arguments,function(e){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var t=pt(this,e);t.insertBefore(e,t.firstChild)}})},before:function(){return this.domManip(arguments,function(e){this.parentNode&&this.parentNode.insertBefore(e,this)})},after:function(){return this.domManip(arguments,function(e){this.parentNode&&this.parentNode.insertBefore(e,this.nextSibling)})},remove:function(e,t){var n,r=e?x.filter(e,this):this,i=0;for(;null!=(n=r[i]);i++)t||1!==n.nodeType||x.cleanData(mt(n)),n.parentNode&&(t&&x.contains(n.ownerDocument,n)&&dt(mt(n,"script")),n.parentNode.removeChild(n));return this},empty:function(){var e,t=0;for(;null!=(e=this[t]);t++)1===e.nodeType&&(x.cleanData(mt(e,!1)),e.textContent="");return this},clone:function(e,t){return e=null==e?!1:e,t=null==t?e:t,this.map(function(){return x.clone(this,e,t)})},html:function(e){return x.access(this,function(e){var t=this[0]||{},n=0,r=this.length;if(e===undefined&&1===t.nodeType)return t.innerHTML;if("string"==typeof e&&!it.test(e)&&!ct[(nt.exec(e)||["",""])[1].toLowerCase()]){e=e.replace(tt,"<$1>");try{for(;r>n;n++)t=this[n]||{},1===t.nodeType&&(x.cleanData(mt(t,!1)),t.innerHTML=e);t=0}catch(i){}}t&&this.empty().append(e)},null,e,arguments.length)},replaceWith:function(){var e=x.map(this,function(e){return[e.nextSibling,e.parentNode]}),t=0;return this.domManip(arguments,function(n){var r=e[t++],i=e[t++];i&&(r&&r.parentNode!==i&&(r=this.nextSibling),x(this).remove(),i.insertBefore(n,r))},!0),t?this:this.remove()},detach:function(e){return this.remove(e,!0)},domManip:function(e,t,n){e=f.apply([],e);var r,i,o,s,a,u,l=0,c=this.length,p=this,h=c-1,d=e[0],g=x.isFunction(d);if(g||!(1>=c||"string"!=typeof d||x.support.checkClone)&&st.test(d))return this.each(function(r){var i=p.eq(r);g&&(e[0]=d.call(this,r,i.html())),i.domManip(e,t,n)});if(c&&(r=x.buildFragment(e,this[0].ownerDocument,!1,!n&&this),i=r.firstChild,1===r.childNodes.length&&(r=i),i)){for(o=x.map(mt(r,"script"),ft),s=o.length;c>l;l++)a=r,l!==h&&(a=x.clone(a,!0,!0),s&&x.merge(o,mt(a,"script"))),t.call(this[l],a,l);if(s)for(u=o[o.length-1].ownerDocument,x.map(o,ht),l=0;s>l;l++)a=o[l],at.test(a.type||"")&&!q.access(a,"globalEval")&&x.contains(u,a)&&(a.src?x._evalUrl(a.src):x.globalEval(a.textContent.replace(lt,"")))}return this}}),x.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(e,t){x.fn[e]=function(e){var n,r=[],i=x(e),o=i.length-1,s=0;for(;o>=s;s++)n=s===o?this:this.clone(!0),x(i[s])[t](n),h.apply(r,n.get());return this.pushStack(r)}}),x.extend({clone:function(e,t,n){var r,i,o,s,a=e.cloneNode(!0),u=x.contains(e.ownerDocument,e);if(!(x.support.noCloneChecked||1!==e.nodeType&&11!==e.nodeType||x.isXMLDoc(e)))for(s=mt(a),o=mt(e),r=0,i=o.length;i>r;r++)yt(o[r],s[r]);if(t)if(n)for(o=o||mt(e),s=s||mt(a),r=0,i=o.length;i>r;r++)gt(o[r],s[r]);else gt(e,a);return s=mt(a,"script"),s.length>0&&dt(s,!u&&mt(e,"script")),a},buildFragment:function(e,t,n,r){var i,o,s,a,u,l,c=0,p=e.length,f=t.createDocumentFragment(),h=[];for(;p>c;c++)if(i=e[c],i||0===i)if("object"===x.type(i))x.merge(h,i.nodeType?[i]:i);else if(rt.test(i)){o=o||f.appendChild(t.createElement("div")),s=(nt.exec(i)||["",""])[1].toLowerCase(),a=ct[s]||ct._default,o.innerHTML=a[1]+i.replace(tt,"<$1>")+a[2],l=a[0];while(l--)o=o.lastChild;x.merge(h,o.childNodes),o=f.firstChild,o.textContent=""}else h.push(t.createTextNode(i));f.textContent="",c=0;while(i=h[c++])if((!r||-1===x.inArray(i,r))&&(u=x.contains(i.ownerDocument,i),o=mt(f.appendChild(i),"script"),u&&dt(o),n)){l=0;while(i=o[l++])at.test(i.type||"")&&n.push(i)}return f},cleanData:function(e){var t,n,r,i,o,s,a=x.event.special,u=0;for(;(n=e[u])!==undefined;u++){if(F.accepts(n)&&(o=n[q.expando],o&&(t=q.cache[o]))){if(r=Object.keys(t.events||{}),r.length)for(s=0;(i=r[s])!==undefined;s++)a[i]?x.event.remove(n,i):x.removeEvent(n,i,t.handle);q.cache[o]&&delete q.cache[o]}delete L.cache[n[L.expando]]}},_evalUrl:function(e){return x.ajax({url:e,type:"GET",dataType:"script",async:!1,global:!1,"throws":!0})}});function pt(e,t){return x.nodeName(e,"table")&&x.nodeName(1===t.nodeType?t:t.firstChild,"tr")?e.getElementsByTagName("tbody")[0]||e.appendChild(e.ownerDocument.createElement("tbody")):e}function ft(e){return e.type=(null!==e.getAttribute("type"))+"/"+e.type,e}function ht(e){var t=ut.exec(e.type);return t?e.type=t[1]:e.removeAttribute("type"),e}function dt(e,t){var n=e.length,r=0;for(;n>r;r++)q.set(e[r],"globalEval",!t||q.get(t[r],"globalEval"))}function gt(e,t){var n,r,i,o,s,a,u,l;if(1===t.nodeType){if(q.hasData(e)&&(o=q.access(e),s=q.set(t,o),l=o.events)){delete s.handle,s.events={};for(i in l)for(n=0,r=l[i].length;r>n;n++)x.event.add(t,i,l[i][n])}L.hasData(e)&&(a=L.access(e),u=x.extend({},a),L.set(t,u))}}function mt(e,t){var n=e.getElementsByTagName?e.getElementsByTagName(t||"*"):e.querySelectorAll?e.querySelectorAll(t||"*"):[];return t===undefined||t&&x.nodeName(e,t)?x.merge([e],n):n}function yt(e,t){var n=t.nodeName.toLowerCase();"input"===n&&ot.test(e.type)?t.checked=e.checked:("input"===n||"textarea"===n)&&(t.defaultValue=e.defaultValue)}x.fn.extend({wrapAll:function(e){var t;return x.isFunction(e)?this.each(function(t){x(this).wrapAll(e.call(this,t))}):(this[0]&&(t=x(e,this[0].ownerDocument).eq(0).clone(!0),this[0].parentNode&&t.insertBefore(this[0]),t.map(function(){var e=this;while(e.firstElementChild)e=e.firstElementChild;return e}).append(this)),this)},wrapInner:function(e){return x.isFunction(e)?this.each(function(t){x(this).wrapInner(e.call(this,t))}):this.each(function(){var t=x(this),n=t.contents();n.length?n.wrapAll(e):t.append(e)})},wrap:function(e){var t=x.isFunction(e);return this.each(function(n){x(this).wrapAll(t?e.call(this,n):e)})},unwrap:function(){return this.parent().each(function(){x.nodeName(this,"body")||x(this).replaceWith(this.childNodes)}).end()}});var vt,xt,bt=/^(none|table(?!-c[ea]).+)/,wt=/^margin/,Tt=RegExp("^("+b+")(.*)$","i"),Ct=RegExp("^("+b+")(?!px)[a-z%]+$","i"),kt=RegExp("^([+-])=("+b+")","i"),Nt={BODY:"block"},Et={position:"absolute",visibility:"hidden",display:"block"},St={letterSpacing:0,fontWeight:400},jt=["Top","Right","Bottom","Left"],Dt=["Webkit","O","Moz","ms"];function At(e,t){if(t in e)return t;var n=t.charAt(0).toUpperCase()+t.slice(1),r=t,i=Dt.length;while(i--)if(t=Dt[i]+n,t in e)return t;return r}function Lt(e,t){return e=t||e,"none"===x.css(e,"display")||!x.contains(e.ownerDocument,e)}function qt(t){return e.getComputedStyle(t,null)}function Ht(e,t){var n,r,i,o=[],s=0,a=e.length;for(;a>s;s++)r=e[s],r.style&&(o[s]=q.get(r,"olddisplay"),n=r.style.display,t?(o[s]||"none"!==n||(r.style.display=""),""===r.style.display&&Lt(r)&&(o[s]=q.access(r,"olddisplay",Rt(r.nodeName)))):o[s]||(i=Lt(r),(n&&"none"!==n||!i)&&q.set(r,"olddisplay",i?n:x.css(r,"display"))));for(s=0;a>s;s++)r=e[s],r.style&&(t&&"none"!==r.style.display&&""!==r.style.display||(r.style.display=t?o[s]||"":"none"));return e}x.fn.extend({css:function(e,t){return x.access(this,function(e,t,n){var r,i,o={},s=0;if(x.isArray(t)){for(r=qt(e),i=t.length;i>s;s++)o[t[s]]=x.css(e,t[s],!1,r);return o}return n!==undefined?x.style(e,t,n):x.css(e,t)},e,t,arguments.length>1)},show:function(){return Ht(this,!0)},hide:function(){return Ht(this)},toggle:function(e){return"boolean"==typeof e?e?this.show():this.hide():this.each(function(){Lt(this)?x(this).show():x(this).hide()})}}),x.extend({cssHooks:{opacity:{get:function(e,t){if(t){var n=vt(e,"opacity");return""===n?"1":n}}}},cssNumber:{columnCount:!0,fillOpacity:!0,fontWeight:!0,lineHeight:!0,opacity:!0,order:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":"cssFloat"},style:function(e,t,n,r){if(e&&3!==e.nodeType&&8!==e.nodeType&&e.style){var i,o,s,a=x.camelCase(t),u=e.style;return t=x.cssProps[a]||(x.cssProps[a]=At(u,a)),s=x.cssHooks[t]||x.cssHooks[a],n===undefined?s&&"get"in s&&(i=s.get(e,!1,r))!==undefined?i:u[t]:(o=typeof n,"string"===o&&(i=kt.exec(n))&&(n=(i[1]+1)*i[2]+parseFloat(x.css(e,t)),o="number"),null==n||"number"===o&&isNaN(n)||("number"!==o||x.cssNumber[a]||(n+="px"),x.support.clearCloneStyle||""!==n||0!==t.indexOf("background")||(u[t]="inherit"),s&&"set"in s&&(n=s.set(e,n,r))===undefined||(u[t]=n)),undefined)}},css:function(e,t,n,r){var i,o,s,a=x.camelCase(t);return t=x.cssProps[a]||(x.cssProps[a]=At(e.style,a)),s=x.cssHooks[t]||x.cssHooks[a],s&&"get"in s&&(i=s.get(e,!0,n)),i===undefined&&(i=vt(e,t,r)),"normal"===i&&t in St&&(i=St[t]),""===n||n?(o=parseFloat(i),n===!0||x.isNumeric(o)?o||0:i):i}}),vt=function(e,t,n){var r,i,o,s=n||qt(e),a=s?s.getPropertyValue(t)||s[t]:undefined,u=e.style;return s&&(""!==a||x.contains(e.ownerDocument,e)||(a=x.style(e,t)),Ct.test(a)&&wt.test(t)&&(r=u.width,i=u.minWidth,o=u.maxWidth,u.minWidth=u.maxWidth=u.width=a,a=s.width,u.width=r,u.minWidth=i,u.maxWidth=o)),a};function Ot(e,t,n){var r=Tt.exec(t);return r?Math.max(0,r[1]-(n||0))+(r[2]||"px"):t}function Ft(e,t,n,r,i){var o=n===(r?"border":"content")?4:"width"===t?1:0,s=0;for(;4>o;o+=2)"margin"===n&&(s+=x.css(e,n+jt[o],!0,i)),r?("content"===n&&(s-=x.css(e,"padding"+jt[o],!0,i)),"margin"!==n&&(s-=x.css(e,"border"+jt[o]+"Width",!0,i))):(s+=x.css(e,"padding"+jt[o],!0,i),"padding"!==n&&(s+=x.css(e,"border"+jt[o]+"Width",!0,i)));return s}function Pt(e,t,n){var r=!0,i="width"===t?e.offsetWidth:e.offsetHeight,o=qt(e),s=x.support.boxSizing&&"border-box"===x.css(e,"boxSizing",!1,o);if(0>=i||null==i){if(i=vt(e,t,o),(0>i||null==i)&&(i=e.style[t]),Ct.test(i))return i;r=s&&(x.support.boxSizingReliable||i===e.style[t]),i=parseFloat(i)||0}return i+Ft(e,t,n||(s?"border":"content"),r,o)+"px"}function Rt(e){var t=o,n=Nt[e];return n||(n=Mt(e,t),"none"!==n&&n||(xt=(xt||x("