Commit Graph

889 Commits

Author SHA1 Message Date
Dmitry Shulyak cba00153e2 Replace request ID when same request is restarted (#1453) 2019-05-01 12:33:18 +02:00
Dmitry Shulyak 218a35e609
Notify users that envelope was discarded and retry sending it (#1446)
API for querying mail servers that skips already received data on subsequent requests
2019-04-30 09:46:12 +03:00
Andrea Maria Piana 354e6981ba
Add network incentivisation service (#1452) 2019-04-29 14:05:49 +02:00
Dmitry Shulyak a904d9325e
Notify users that envelope was discarded and retry sending it (#1424)
* Notify users that envelope was discarded and retry sending it

* Update Gopkg files with released whisper version

* Forgot to remove signal after refactoring
2019-04-02 13:40:45 +03:00
Andrea Franz 8fe14e8f23
hash typed data (#1426)
* add HashTypedData to backend

* add HashTypedData to backand, lib, and mobile

* rename typeddata.Hash to typeddata.ValidateAndHash
2019-03-28 15:56:21 +01:00
Adam Babik 4b790adf34
add shhext_requestMessagesNew (#1412) 2019-03-15 14:27:08 +01:00
Dmitry Shulyak aa28f652e3 Re-send user payload if previously sent envelope wasn't acknowledged (#1386)
* Split shhext.tracker into envelopes and mail monitors

* Send envelopes on every new attempt to deliver a message

* Re-send user payloads if previous envelopes weren't acknowledged

* Remove debug api across the codebase
2019-03-01 14:36:21 +01:00
Andrea Maria Piana 38e5335e18
Allow messages to be decrypted from previous bundles (#1400)
Currently we only decrypt messages if received on the current bundle.
This changes the behavior so that messages can be decrypted if sent to
previous bundles as well, as otherwise is a bit restrictive
2019-02-28 13:09:43 +01:00
Dmitry ccce8b9a80 Clear all request internal cache when node is stopped 2019-02-27 07:44:38 +02:00
Andrea Maria Piana e88e590028
Fix wrong datadir in desktop (#1389)
Desktop was wrongly passing a network dependent data-dir (mainnet_rpc).
The code migrates the db if present, moving it to the new location.
2019-02-25 08:51:25 +01:00
Dmitry f2a400dc44 Split shhext.tracker into envelopes and mail monitors 2019-02-22 09:33:46 +02:00
Dmitry Shulyak 224bc7857c Mark envelope as confirmed when it was received from a mail server (#1378) 2019-02-20 18:10:59 +01:00
Dmitry 381a1941a0 Unregister request whisper failed to send it 2019-02-20 16:09:45 +02:00
Andrea Maria Piana 81d8ca82a2
Add confirm messages processed by ID (#1375)
Currently PFS messages are decrypted and therefore modified before being
passed to the client. This make IDs computation difficult, as we pass
the whole object to the client and expect the object be passed back once
confirmed.
This changes the behavior allowing confirmation by ID, which is passed
to the client instead of the raw object.
This is a breaking change, but status-react is already forward
compatible.
2019-02-19 13:58:42 +01:00
Andrea Maria Piana 2a4382369a
Add GetContactCode call, add DH flag (#1367)
This PR does a few things:

1) Add a call GetContactCode to check whether we have a bundle for a
given user.

2) Add a DH flag to the API (non-breaking change), for those messages
that we want to target all devices (contact-requests for example).

3) Fixes a few small issues with installations, namely if for example a
messages is sent without a bundle (currently not done by any client),
we still infer installation info, so that we can communicate securely
and making it truly optional.
2019-02-12 12:07:13 +01:00
Ivan Daniluk 4f3f5ee574 Gomobile support (#1164) 2019-02-01 18:02:52 +01:00
Andrea Franz 0e0c3cd859
add shhext.InitProtocolWithEncryptionKey (#1362)
* add shhext.InitProtocolWithEncryptionKey

* update test to avoid lint error
2019-01-25 11:31:51 +01:00
Dmitry c8a616688c Add request with retries api call 2019-01-24 14:31:56 +02:00
Andrea Maria Piana 2df5422337
Add backward compatibility for single bundle (#1355)
We change the protocol to accomodate publishing multiple bundles, in
order to propagate bundles for group chats and have a way to extend it
further.
This commit re-introduces backward compatibility for direct messages,
to be removed once that is not an issue anymore.
2019-01-21 12:33:18 +01:00
Andrea Maria Piana ad51c019e8
Fix broken migration (#1354)
The migration from unencrypted->encrypted did not work properly, it was
deleting and re-creating the database. This correctly migrates the db.
2019-01-19 08:30:05 +01:00
Dmitry aa09d854ca Prevent frequent requests with same topics 2019-01-18 14:52:33 +02:00
Andrea Franz 4939268edf
Unlock wallet and chat keys (#1346)
* select account decrypting wallet and chat keys

* adapt account tests to use chat and wallet account/keys

* fix tests using chat address

* changes after review

* fix status service e2e tests

* add account.Info struct returned when creating and recovering an account

* use s.EqualValues to compare recovered accounts

* return Info instead of *Info

* add both address and walletAddress to responses

* Update lib/types.go

Co-Authored-By: gravityblast <andrea@gravityblast.com>

* Update lib/types.go

Co-Authored-By: gravityblast <andrea@gravityblast.com>

* update comment to fix lint
2019-01-18 10:01:14 +01:00
Dmitry Shulyak 863d07f798 Accept status service config directly from json input (#1337) 2019-01-17 13:56:22 +01:00
Adam Babik fd48ad8b29
geth: upgrade geth to 1.8.21 (#1350) 2019-01-16 15:42:00 +01:00
Andrea Maria Piana 59426d628c
Migrate from nokey on ios to re-keyed (#1345) 2019-01-11 11:55:18 +01:00
Roman Volosovskyi :: Darkviolet Lightgreen Halcyon d6216f1aa4 [slow sign in] Reduce number of kdf iterations for PDF database key (#1343)
`kdf_iter` parameter is reduced to 3200. This change is done because of
performance reasons, currently key derivation is too slow on some mobile
devices. The number of iterations before this commit is 64000, default
value in `sqlcipher` from version `3.0.0`.
fda4c68bb4/CHANGELOG.md (300---2013-11-05)

Implementation:
`sqlcipher_export` is used for migration, check out the link below
for details
https://www.zetetic.net/sqlcipher/sqlcipher-api/#sqlcipher_export
2019-01-11 11:12:23 +01:00
Adam Babik fa97e6927d
Add CreateAccount RPC function (#1330) (#1334) 2018-12-28 12:37:22 +01:00
Andrea Maria Piana 30dbacdcca
Initialize public key (#1332) 2018-12-24 08:18:27 +01:00
Andrea Maria Piana 3292538b41
Allow multiple bundles, change n devices & bundle refresh (#1331)
Change to support sending multiple bundles, as needed for group chats,
limit number of devices to 3 as already done in the UI and refresh
bundle daily.
2018-12-21 11:07:25 +01:00
Andrea Maria Piana 79bf92bea5
Allow specify topic in rpc endpoint (#1328) 2018-12-18 16:27:12 +01:00
Adam Babik 74cb16c456
add SyncMessages method to shhext api (#1309) 2018-12-14 12:21:34 +01:00
Dmitry Shulyak f2c6fef64c
Persist selected mail server using separate monitor (#1303)
This change allows to connect to the mail server that we were using before the app was restarted. Separate loop is listening for whisper events, and when we receive event that request was completed we will update time on a peer record.

Records are stored in leveldb. Body of the record is marshaled using json. At this point the only field is a timestamp when record was used.

This loop doesn't control connections, it only tracks what mail server we ended up using. It works asynchronously to connection management loop. Which tracks events that are related to connection state and expiry of the requests.

When app starts we look into the database and select the most recently used record. This record is added to connection management loop first. So if this server is available we will stick to using it. If we weren't able to connect to the same server in configured timeout (5s) we will try to connect to any other server from list of active servers.

closes: #1285
2018-12-12 11:39:00 +02:00
Adam Babik e2682486fd
Fix cursor encoding (#1308)
It fixes encoding and decoding cursor sent in historic messages requests. `hex` package from the standard library is used.
2018-12-11 11:23:47 +01:00
Andrea Maria Piana b676de9dac
Hash password before using it (#1306) 2018-12-10 14:11:19 +01:00
Adam Babik db691fd763
fix golang/mock (#1310) 2018-12-10 13:53:27 +01:00
Dmitry Shulyak d51761f83e Ensure sent event is received from a mailserver (#1304)
In previous change i used same filtering for a handler that processes confirmations.
But if we are connected with peers that do not support confirmations on whisper level,
whisper may send "Sent" event when envelope is written to a socket. This is our old behaviour.

So, this PR allows to use confirmations from a mail servers and ensure that transition between
multiple version of peers will be smooth.
2018-12-06 10:30:57 +01:00
Dmitry Shulyak a609b468fe
Mail peer store and connection manager (#1295)
This change implements connection manager that monitors 3 types of events:
1. update of the selected mail servers
2. disconnect from a mail server
3. errors for requesting mail history

When selected mail servers provided we will try to connect with as many as possible, and later disconnect the surplus. For example if we want to connect with one mail server and 3 were selected, we try to connect with all (3), and later disconnect with 2. It will to establish connection with live mail server faster.

If mail server disconnects we will choose any other mail server from the list of selected. Unless we have only one mail server. In such case we don't have any other choice and we will leave things as is.

If request for history was expired we will disconnect such peer and try to find another one. We will follow same rules as described above.

We will have two components that will rely on this logic:
1. requesting history

If target peer is provided we will use that peer, otherwise we will request history from any selected mail server that is connected at the time of request.

2. confirmation from selected mail server

Confirmation from any selected mail server will bee used to send a feedback that envelope was sent.

I will add several extensions, but probably in separate PRs:
1. prioritize connection with mail server that was used before reboot
2. disconnect from mail servers if history request wasn't expired but failed.
3. wait some time in RequestsMessage RPC to establish connection with any mail server

Currently this feature is hidden, as certain changes will be necessary in status-react. 

partially implements: https://github.com/status-im/status-go/issues/1285
2018-12-05 15:57:05 +02:00
Andrea Maria Piana afc3017e07
Notify user when the device is missing (#1298)
* Notify user when the device is missing

* Update services/shhext/chat/encryption.go

Co-Authored-By: cammellos <andrea.maria.piana@gmail.com>
2018-12-05 09:22:49 +01:00
Andrea Maria Piana 38bb4d8ef3
Add versioning & tests, migrate db files (#1293)
We are preparing for the release of this to general public, so a few
things have been added:

1) Add versioning for bundles, and make refresh interval configurable
2) Move files to installationID so no metadata is leaked
3) Re-key using user password db
2018-11-28 12:34:39 +01:00
Dmitry e60dbe3c1b Update selected mail servers that are used in envelope tracker 2018-11-28 11:16:37 +02:00
Andrea Maria Piana 6112ca0289
Add tests for multi-device and refactor encryption service config (#1277) 2018-11-27 09:54:20 +01:00
Dmitry Shulyak aac706fe4c
Use confirmation that bundle is delivered for sending feedback to user (#1284)
* Pull whisper confirmations changes

* Use batch confirmations as a signal that envelope was sent into the network
2018-11-27 08:30:15 +02:00
Adam Babik 52a1bdfed6
Upgrade geth 1.8.17 plus add metrics during compilation time (#1273)
This commit updates geth to 1.8.17 and adds a possibility to enable metrics during compilation time.

The cascade of issues forced us to upgrade geth to 1.8.17 in order to allow enabling metrics during compilation time. 1.8.17 introduced `NodeID` refactoring and `enode` package which affected our peers pool and integration with Discovery V5.
2018-11-14 08:03:58 +01:00
Andrea Maria Piana 1f6cccd0fc
Add enabling/disabling of installations (#1264)
This commit adds a list new table, installations, which is used to keep
track of which installation are active for a given identity key.

In general, we limit the number of installation that we keep
synchronized to 5, to avoid excessive usage of resources.

Any installation coming from our own identity, will have to be manually
enabled, otherwise we trust the other peer has correctly paired their
devices.

We use a timestamp to decide which installations to keep synchronized as
a logical clock would have make the creation of the bundle more
complicated, but this can always be converted to a logical clock at
later stages without breaking compatibility.
2018-11-06 09:05:32 +01:00
Dmitry Shulyak 3fe5b25ff2
Implement eth_getFilterLogs (#1265)
Queries logs from remote server using original filter criteria.
2018-11-06 07:41:36 +01:00
Dmitry Shulyak db786ef1d2
Sign typed data implementation (#1250)
* Implement EIP 712

* Cover majority of cases with tests

* Add solidity and signer tests and cover integer edges case

* Add thin api to sign type data using selected status account

* All integers are extended to int256 and marshalled into big.Int

* Document how deps works

* Fix linter

* Fix errors test

* Add validation tests

* Unmarshal every atomic type in separate functions
2018-11-06 07:26:12 +01:00
Andrea Maria Piana ee3c05c79b
Change handling of skipped/deleted keys & add version (#1261)
- Skipped keys

The purpose of limiting the number of skipped keys generated is to avoid a dos
attack whereby an attacker would send a large N, forcing the device to
compute all the keys between currentN..N .

Previously the logic for handling skipped keys was:

- If in the current receiving chain there are more than maxSkip keys,
throw an error

This is problematic as in long-lived session dropped/unreceived messages starts
piling up, eventually reaching the threshold (1000 dropped/unreceived
messages).

This logic has been changed to be more inline with signals spec, and now
it is:

- If N is > currentN + maxSkip, throw an error

The purpose of limiting the number of skipped keys stored is to avoid a dos
attack whereby an attacker would force us to store a large number of
keys, filling up our storage.

Previously the logic for handling old keys was:

- Once you have maxKeep ratchet steps, delete any key from
currentRatchet - maxKeep.

This, in combination with the maxSkip implementation, capped the number of stored keys to
maxSkip * maxKeep.

The logic has been changed to:

- Keep a maximum of MaxMessageKeysPerSession

and additionally we delete any key that has a sequence number <
currentSeqNum - maxKeep

- Version

We check now the version of the bundle so that when we get a bundle from
the same installationID with a higher version, we mark the previous
bundle as expired and use the new bundle the next time a message is sent
2018-11-05 20:00:04 +01:00
Dmitry Shulyak 539fa01d48
Implement cache for recording removed logs due to reorg (#1241)
Adjust criteria if replaced logs were received and add more tests

Improve validation

Changes after review
2018-10-28 17:12:16 +01:00
Andrea Maria Piana 22eb53ea8c shhext: increase max skip keys (#1257) 2018-10-26 10:44:10 +02:00
b00ris bdbceba6eb
added ulc config params (#1255)
* added ulc config params

* fmt

* fix lint
2018-10-24 19:31:41 +03:00
Dmitry Shulyak 29b55bd445
Add local implementation of the newFilter call using remote getLogs call (#1235)
* Implement subscriptions and filtering

* Add e2e test with log filter polling logs from EVM with clique backend

* Apply review comments

* Move devnode to t/devtests to avoid cycle in imports
2018-10-23 08:11:11 +03:00
Adam Babik a75f9c34cf
Request historical messages in batches (#1245) 2018-10-19 11:09:13 +02:00
Igor Mandrigin ba504e99c4
Mailserver: return error response. (#1244) 2018-10-18 12:25:00 +02:00
Ivan Daniluk e7c588fcd0
Change API of BuildDirectMessage function to use variadic arguments (#1243) 2018-10-16 17:22:28 +02:00
Andrea Maria Piana e4ba365b8a
Add bundles.added signal & pairing endpoint (#1237) 2018-10-16 12:31:05 +02:00
Andrea Franz c86f8bf6ca
allow multiple topics in mailserver requests (#1240)
* allow multiple topics in mailserver requests

* simplify topicsToBloom function

* create test topics simply from the string without hash

* add deprecated comment to MessagesRequest.Topic
2018-10-15 23:15:04 +02:00
Andrea Maria Piana 9f8f0089a3
Add extract group membership signatures (#1226) 2018-10-04 18:53:48 +02:00
Dmitry 5b551c67fa Use status-im whisper/whisperv6 module everywhere 2018-10-03 09:27:51 +03:00
Andrea Maria Piana b309718fdc
Add sign & verify api calls (#1218) 2018-09-27 15:07:32 +02:00
Andrea Maria Piana dcaf8caed0
Add x3dh key exchange (#1127)
* Add x3dh key exchange

* Encrypt using the double ratchet

* Multi device with auto-pairing

* Add pfs enabled flag
2018-09-24 20:07:34 +02:00
Sebastian Delgado 4afd9e6c6c Remove transactions queue 1027 (#1125)
Remove `PendingSignRequests` queue from the sign module.

This closes #1027 by removing the pending sign requests queue dependency from the SendTransaction, SignMessage and Recover.
2018-08-16 13:37:53 +02:00
Pedro Pombeiro 840b5b64d2 Implement mailserver canary service. Closes #1086 2018-08-07 17:17:59 +02:00
Sebastian Delgado 7577296b3c
Implement eth_newPendingTransactionFilter (#1113)
Implement eth_newPendingTransactionFilter
2018-07-27 08:54:40 -07:00
Adrià Cidre bfbb02019f
Discover mail servers on demand. (#1082)
* [#1076] Discover mail servers on start up.

* [#1076] On-demand mail-server discovery
2018-07-16 09:40:40 +02:00
Adrià Cidre d61c39bbd8
Fix timeout issues with TestRequestMessagesSuccess (#1091) 2018-07-11 16:42:51 +02:00
Adam Babik 38a60135b2 Add asymmetric key support for MailServer requests (#1075)
* add Asymmetric Key support for MailServer requests

* remove deprecated notice

* fix linter

* refactoring Whisper config related to MailServer

* fix race condition
2018-07-04 11:30:57 +02:00
Andrea Franz 809db97e54
mailserver pagination (#1039)
* mailserver sends envelopes in descending order

* add limit value in mailserver request payload

* mailserver sends messages up to the limit specified in the request

* update Archive method to return key and error

* processRequest returns the next page cursor

* add cursor to mailserver request

* add limit and cursor to request payload

* fix request limit encoding

* wait for request completed event in TrackerSuite/TestRequestCompleted

* add cursor to mailserver response

* fix cursor position in payload

* add e2e test for mail server pagination

* validate mail server response size

* remove old limitReached var

* fix lint warnings

* add whisper patch

* fix tests after rebase

* check all return values to avoid lint warnings

* check that all messages have been retrieved after 2 paginated requests

* fix lint warnings

* rename geth patch

* merge mailserver patches into one

* add last envelope hash to mailserver response and EventEnvelopeAvailable event

* update whisper patch

* add docs to MailServerResponse

* update whisper patch

* fix tests and lint warnings

* send mailserver response data on EventMailServerRequestCompleted signal

* update tracker tests

* optimise pagination test waiting for mailserver to archive only before requesting

* rollback mailserver interface changes

* refactoring and docs changes

* fix payload size check to determine if a limit is specified

* add more docs to the processRequest method

* add constants for request payload field lengths

* add const noLimits to specify that limit=0 means no limits
2018-07-02 09:38:10 +02:00
Andrea Franz 1bc63df5f2
validate query range on requestMessages API (#1060) 2018-06-26 10:41:03 +02:00
Adrià Cidre 5bbfabde94
New debug_postSync endpoint (#1046)
* [#ISSUE-1041] New debug_postconfirm endpoint

* move debug service api inside shhext service
2018-06-25 15:27:17 +02:00
Andrea Franz fa390a52ae
RequestHistoricMessages response (#1009)
* refactor TestRequestMessageFromMailboxAsync to use s.requestHistoricMessages helper

* send p2pRequestResponseCode from mailserver

* send p2p message response to after sending all historic messages

* mailserver sends `whisper.NewSentMessage` as response

* add mailserver Client and p2pRequestAckCode watchers

* send event with envelopeFeed when p2pRequestAckCode is received

* test request completed event in tracker

* rename mailserver response events and code to RequestCompleteCode

* wait for mailserver response in e2e test

* use SendHistoricMessageResponse method name for mailserver response

* fix lint warnings

* add mailserver request expiration

* send mailserver response without envelope

* add `ttl` to Request struct in shhext_requestMessages

* test that tracker calls handler.MailServerRequestExpired

* add geth patch

* rename TTL to Timeout

* split tracker.handleEvent in multiple methods
2018-06-15 17:12:31 +02:00
Pedro Pombeiro 354e23aaf5 Fix issues reported by lint. Part of #1017 2018-06-14 13:52:51 +02:00
Adrià Cidre d5be8c525d
[#856] move geth subpackages to root level (#1007) 2018-06-08 13:29:50 +02:00
Adrià Cidre c82d5635b6
Allow gas and gas input as argument on signing TTXX (#1000)
* Allow gas and gas input as argument on signing TTXX

* Two different bindings ApproveSignRequest and ApproveSignRequestWithArgs
2018-06-06 09:35:32 +02:00
Adam Babik 717d0fbadb
Fix another round of flaky tests (#996) 2018-05-29 13:24:23 +02:00
Andrea Franz 6c469299b6
fix default range value for shhext_requestMessages (#934)
* fix default range value for shhext_requestMessages

* use t.Run to run scenarions

* fix case when To - 24 hours is negative
2018-05-10 16:47:54 +02:00
Igor Mandrigin a933885806 Deduplicator: add API to confirm received messages. 2018-05-10 15:28:48 +02:00
Igor Mandrigin 0241f95d6a Support chain diverges in block filters. 2018-05-09 18:07:26 +02:00
Igor Mandrigin 31cf2297d2 Implement block filters API for the RPC mode.
Some operations (like deploying contracts) require filter APIs to work.
Since these operations aren't supported on Infura anymore, and we don't
run LES, a separate implemenation of filters is required.

Signed-off-by: Igor Mandrigin <i@mandrigin.ru>
2018-05-08 19:46:25 +02:00
Adrià Cidre 246c5321ac
Fix services mock generation (#901) 2018-05-07 10:22:38 +02:00
Pedro Pombeiro 5d802abe9e Increase timeouts in order to accommodate `-race` flag
- Fixes https://jenkins.status.im/job/status-go/job/race-check/56/console
2018-05-04 14:02:13 +02:00
Dmitry Shulyak 707221954f
Make whisper tolerant to local time skews (#864)
This change adds adds an ability to use different source of time for whisper:

when envelope is created it is used to set expiry
to track when envelope needs to be expired
This time is then used to check validity of the envelope when it is received. Currently If we receive an envelope that is sent from future - peer will get disconnected. If envelope that was received has an expiry less then now it will be simply dropped, if expiry is less than now + 10*2 seconds peer will get dropped.

So, it is clear that whisper depends on time. And any time we get a skew with peers that is > 20s reliability will be grealy reduced.

In this change another source of time for whisper will be used. This time source will use ntp servers from pool.ntp.org to compute offset. When whisper queries time - this offset will be added/substracted from current time.

Query is executed every 2 mins, queries 5 different servers, cut offs min and max and the computes mean value. pool.ntp.org is resolved to different servers and according to documentation you will rarely hit the same.

Closes: #687
2018-05-04 11:23:38 +03:00
Adrià Cidre 8c9db81bec
Expose status specific methods (login/signup/joinpublicchannel) through the RPC api (#877) 2018-05-03 12:36:56 +02:00
Ivan Danyliuk 953c26e8cf
Move signal logic into signal package 2018-05-03 09:35:58 +02:00
Igor Mandrigin f4cd8d27b5 Add `shhext_getNewFilterMessages` function to RPC APIs.
This function returns only the new messages from the filter, never
returns the same message for the same user twice.
2018-04-27 15:24:37 +02:00
Frank Mueller 92e02189c7
Add doc for shhext_requestMessages (#872) 2018-04-27 13:59:01 +02:00
Frank Mueller b543d32a31
Move ssh_requestMessages to sshext_requestMessages (#862)
* Add RequestMessage to sshext

* E2E tests now use shhext_requestMessages

* Typo in comment

* Enhanced maintainability

* Drop former mailservice

* Code reorg after review

* Fix missed changes after update to 1.8.5
2018-04-26 07:56:19 +02:00
Dmitry Shulyak b37fda7731
Update go-ethereum to 1.8.5 (#854)
* Rebase on 1.8.5

* Remove outdated patches and apply all others

* Use shh_post that returns hash

* Use bloom filter for request to mailserver

* Remove tests for sending messages without subbing first

* Fix deadlock in ethdb

* Expect null if receipt is not yet created

* Subscribe to messages before sending them in whisper test
2018-04-24 18:50:26 +03:00
Igor Mandrigin f0f55d408f Make sure that only `personal_sign` and `personal_ecRecover` are exported. 2018-04-18 18:22:21 +02:00
Igor Mandrigin 4cc6028d59 Implement `personal_sign`.
This commit implements `personal_sign` RPC or web3 personal.sign
methods.

NB! Contains breaking API changes.
2018-04-17 11:18:58 +02:00