@push.rocks/smartproxy 4.1.14 → 4.1.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist_ts/00_commitinfo_data.js +1 -1
- package/dist_ts/classes.pp.connectionhandler.js +86 -72
- package/dist_ts/classes.pp.interfaces.d.ts +1 -0
- package/dist_ts/classes.pp.tlsalert.d.ts +131 -0
- package/dist_ts/classes.pp.tlsalert.js +191 -0
- package/package.json +1 -1
- package/ts/00_commitinfo_data.ts +1 -1
- package/ts/classes.pp.connectionhandler.ts +115 -83
- package/ts/classes.pp.interfaces.ts +1 -0
- package/ts/classes.pp.tlsalert.ts +218 -0
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
*/
|
|
4
4
|
export const commitinfo = {
|
|
5
5
|
name: '@push.rocks/smartproxy',
|
|
6
|
-
version: '4.1.
|
|
6
|
+
version: '4.1.16',
|
|
7
7
|
description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.'
|
|
8
8
|
};
|
|
9
9
|
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiMDBfY29tbWl0aW5mb19kYXRhLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vdHMvMDBfY29tbWl0aW5mb19kYXRhLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOztHQUVHO0FBQ0gsTUFBTSxDQUFDLE1BQU0sVUFBVSxHQUFHO0lBQ3hCLElBQUksRUFBRSx3QkFBd0I7SUFDOUIsT0FBTyxFQUFFLFFBQVE7SUFDakIsV0FBVyxFQUFFLG1PQUFtTztDQUNqUCxDQUFBIn0=
|
|
@@ -6,6 +6,7 @@ import { TlsManager } from './classes.pp.tlsmanager.js';
|
|
|
6
6
|
import { NetworkProxyBridge } from './classes.pp.networkproxybridge.js';
|
|
7
7
|
import { TimeoutManager } from './classes.pp.timeoutmanager.js';
|
|
8
8
|
import { PortRangeManager } from './classes.pp.portrangemanager.js';
|
|
9
|
+
import { TlsAlert } from './classes.pp.tlsalert.js';
|
|
9
10
|
/**
|
|
10
11
|
* Handles new connection processing and setup logic
|
|
11
12
|
*/
|
|
@@ -386,82 +387,94 @@ export class ConnectionHandler {
|
|
|
386
387
|
!serverName) {
|
|
387
388
|
// Block ClientHello without SNI when allowSessionTicket is false
|
|
388
389
|
console.log(`[${connectionId}] No SNI detected in ClientHello and allowSessionTicket=false. ` +
|
|
389
|
-
`Sending
|
|
390
|
-
// Set the termination reason first
|
|
391
|
-
if (record.incomingTerminationReason === null) {
|
|
392
|
-
record.incomingTerminationReason = 'session_ticket_blocked_no_sni';
|
|
393
|
-
this.connectionManager.incrementTerminationStat('incoming', 'session_ticket_blocked_no_sni');
|
|
394
|
-
}
|
|
395
|
-
// Create a warning-level alert for unrecognized_name
|
|
396
|
-
// This encourages Chrome to retry immediately with SNI
|
|
397
|
-
const serverNameUnknownAlertData = Buffer.from([
|
|
398
|
-
0x15, // Alert record type
|
|
399
|
-
0x03,
|
|
400
|
-
0x03, // TLS 1.2 version
|
|
401
|
-
0x00,
|
|
402
|
-
0x02, // Length
|
|
403
|
-
0x01, // Warning alert level (not fatal)
|
|
404
|
-
0x70, // unrecognized_name alert (code 112)
|
|
405
|
-
]);
|
|
406
|
-
// Send a handshake_failure alert instead of unrecognized_name
|
|
407
|
-
const sslHandshakeFailureAlertData = Buffer.from([
|
|
408
|
-
0x15, // Alert record type
|
|
409
|
-
0x03,
|
|
410
|
-
0x03, // TLS 1.2 version
|
|
411
|
-
0x00,
|
|
412
|
-
0x02, // Length
|
|
413
|
-
0x01, // Warning alert level (not fatal)
|
|
414
|
-
0x28, // handshake_failure alert (40) instead of unrecognized_name (112)
|
|
415
|
-
]);
|
|
416
|
-
const closeNotifyAlert = Buffer.from([
|
|
417
|
-
0x15, // Alert record type
|
|
418
|
-
0x03,
|
|
419
|
-
0x03, // TLS 1.2 version
|
|
420
|
-
0x00,
|
|
421
|
-
0x02, // Length
|
|
422
|
-
0x01, // Warning alert level (1)
|
|
423
|
-
0x00, // close_notify alert (0)
|
|
424
|
-
]);
|
|
425
|
-
const certificateExpiredAlert = Buffer.from([
|
|
426
|
-
0x15, // Alert record type
|
|
427
|
-
0x03,
|
|
428
|
-
0x03, // TLS 1.2 version
|
|
429
|
-
0x00,
|
|
430
|
-
0x02, // Length
|
|
431
|
-
0x01, // Warning alert level (1)
|
|
432
|
-
0x2F, // certificate_expired alert (47)
|
|
433
|
-
]);
|
|
390
|
+
`Sending unrecognized_name alert to encourage immediate retry with SNI on same connection.`);
|
|
434
391
|
try {
|
|
435
|
-
//
|
|
392
|
+
// Send the alert but do NOT end the connection
|
|
393
|
+
// Using our new TlsAlert class for better alert management
|
|
436
394
|
socket.cork();
|
|
437
|
-
|
|
395
|
+
socket.write(TlsAlert.alerts.unrecognizedName);
|
|
438
396
|
socket.uncork();
|
|
439
|
-
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
//
|
|
445
|
-
|
|
446
|
-
|
|
447
|
-
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
|
|
451
|
-
|
|
452
|
-
|
|
453
|
-
|
|
454
|
-
|
|
455
|
-
|
|
456
|
-
|
|
457
|
-
|
|
397
|
+
console.log(`[${connectionId}] Alert sent, waiting for new ClientHello on same connection...`);
|
|
398
|
+
// Remove existing data listener and wait for a new ClientHello
|
|
399
|
+
socket.removeAllListeners('data');
|
|
400
|
+
// Set up a new data handler to capture the next message
|
|
401
|
+
socket.once('data', (retryChunk) => {
|
|
402
|
+
// Cancel the fallback timeout as we received data
|
|
403
|
+
if (record.alertFallbackTimeout) {
|
|
404
|
+
clearTimeout(record.alertFallbackTimeout);
|
|
405
|
+
record.alertFallbackTimeout = null;
|
|
406
|
+
}
|
|
407
|
+
// Check if this is a new ClientHello
|
|
408
|
+
if (this.tlsManager.isClientHello(retryChunk)) {
|
|
409
|
+
console.log(`[${connectionId}] Received new ClientHello after alert`);
|
|
410
|
+
// Extract SNI from the new ClientHello
|
|
411
|
+
const newServerName = this.tlsManager.extractSNI(retryChunk, connInfo) || '';
|
|
412
|
+
if (newServerName) {
|
|
413
|
+
console.log(`[${connectionId}] New ClientHello contains SNI: ${newServerName}`);
|
|
414
|
+
// Update the record with the new SNI
|
|
415
|
+
record.lockedDomain = newServerName;
|
|
416
|
+
// Continue with normal connection setup using the new chunk with SNI
|
|
417
|
+
setupConnection(newServerName, retryChunk);
|
|
418
|
+
}
|
|
419
|
+
else {
|
|
420
|
+
console.log(`[${connectionId}] New ClientHello still missing SNI, closing connection`);
|
|
421
|
+
// If still no SNI after retry, now we can close the connection
|
|
422
|
+
if (record.incomingTerminationReason === null) {
|
|
423
|
+
record.incomingTerminationReason = 'session_ticket_blocked_no_sni';
|
|
424
|
+
this.connectionManager.incrementTerminationStat('incoming', 'session_ticket_blocked_no_sni');
|
|
425
|
+
}
|
|
426
|
+
// Send a close_notify alert before ending the connection
|
|
427
|
+
TlsAlert.sendCloseNotify(socket)
|
|
428
|
+
.catch((err) => {
|
|
429
|
+
console.log(`[${connectionId}] Error sending close_notify: ${err.message}`);
|
|
430
|
+
})
|
|
431
|
+
.finally(() => {
|
|
432
|
+
// Clean up even if sending the alert fails
|
|
433
|
+
this.connectionManager.cleanupConnection(record, 'session_ticket_blocked_no_sni');
|
|
434
|
+
});
|
|
435
|
+
}
|
|
436
|
+
}
|
|
437
|
+
else {
|
|
438
|
+
console.log(`[${connectionId}] Received non-ClientHello data after alert, closing connection`);
|
|
439
|
+
// If we got something other than a ClientHello, close the connection
|
|
440
|
+
if (record.incomingTerminationReason === null) {
|
|
441
|
+
record.incomingTerminationReason = 'invalid_protocol';
|
|
442
|
+
this.connectionManager.incrementTerminationStat('incoming', 'invalid_protocol');
|
|
443
|
+
}
|
|
444
|
+
// Send a protocol_version alert before ending the connection
|
|
445
|
+
TlsAlert.send(socket, TlsAlert.LEVEL_FATAL, TlsAlert.PROTOCOL_VERSION, true)
|
|
446
|
+
.catch((err) => {
|
|
447
|
+
console.log(`[${connectionId}] Error sending protocol_version alert: ${err.message}`);
|
|
448
|
+
})
|
|
449
|
+
.finally(() => {
|
|
450
|
+
// Clean up even if sending the alert fails
|
|
451
|
+
this.connectionManager.cleanupConnection(record, 'invalid_protocol');
|
|
452
|
+
});
|
|
453
|
+
}
|
|
454
|
+
});
|
|
455
|
+
// Set a fallback timeout in case the client doesn't respond
|
|
456
|
+
const fallbackTimeout = setTimeout(() => {
|
|
457
|
+
console.log(`[${connectionId}] No response after alert, closing connection`);
|
|
458
|
+
if (record.incomingTerminationReason === null) {
|
|
459
|
+
record.incomingTerminationReason = 'alert_timeout';
|
|
460
|
+
this.connectionManager.incrementTerminationStat('incoming', 'alert_timeout');
|
|
461
|
+
}
|
|
462
|
+
// Send a close_notify alert before ending the connection
|
|
463
|
+
TlsAlert.sendCloseNotify(socket)
|
|
464
|
+
.catch((err) => {
|
|
465
|
+
console.log(`[${connectionId}] Error sending close_notify: ${err.message}`);
|
|
466
|
+
})
|
|
467
|
+
.finally(() => {
|
|
468
|
+
// Clean up even if sending the alert fails
|
|
469
|
+
this.connectionManager.cleanupConnection(record, 'alert_timeout');
|
|
458
470
|
});
|
|
459
|
-
|
|
460
|
-
|
|
461
|
-
|
|
462
|
-
|
|
463
|
-
}, 400); // Increased from 250ms to 400ms
|
|
471
|
+
}, 10000); // 10 second timeout
|
|
472
|
+
// Make sure the timeout doesn't keep the process alive
|
|
473
|
+
if (fallbackTimeout.unref) {
|
|
474
|
+
fallbackTimeout.unref();
|
|
464
475
|
}
|
|
476
|
+
// Store the timeout in the record so it can be cleared during cleanup
|
|
477
|
+
record.alertFallbackTimeout = fallbackTimeout;
|
|
465
478
|
}
|
|
466
479
|
catch (err) {
|
|
467
480
|
// If we can't send the alert, fall back to immediate termination
|
|
@@ -469,6 +482,7 @@ export class ConnectionHandler {
|
|
|
469
482
|
socket.end();
|
|
470
483
|
this.connectionManager.cleanupConnection(record, 'session_ticket_blocked_no_sni');
|
|
471
484
|
}
|
|
485
|
+
// Return early to prevent the normal flow
|
|
472
486
|
return;
|
|
473
487
|
}
|
|
474
488
|
}
|
|
@@ -784,4 +798,4 @@ export class ConnectionHandler {
|
|
|
784
798
|
});
|
|
785
799
|
}
|
|
786
800
|
}
|
|
787
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5wcC5jb25uZWN0aW9uaGFuZGxlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3RzL2NsYXNzZXMucHAuY29ubmVjdGlvbmhhbmRsZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLE9BQU8sTUFBTSxjQUFjLENBQUM7QUFNeEMsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0sbUNBQW1DLENBQUM7QUFDdEUsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLGlDQUFpQyxDQUFDO0FBQ2xFLE9BQU8sRUFBRSxtQkFBbUIsRUFBRSxNQUFNLHFDQUFxQyxDQUFDO0FBQzFFLE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSw0QkFBNEIsQ0FBQztBQUN4RCxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSxvQ0FBb0MsQ0FBQztBQUN4RSxPQUFPLEVBQUUsY0FBYyxFQUFFLE1BQU0sZ0NBQWdDLENBQUM7QUFDaEUsT0FBTyxFQUFFLGdCQUFnQixFQUFFLE1BQU0sa0NBQWtDLENBQUM7QUFFcEU7O0dBRUc7QUFDSCxNQUFNLE9BQU8saUJBQWlCO0lBQzVCLFlBQ1UsUUFBNEIsRUFDNUIsaUJBQW9DLEVBQ3BDLGVBQWdDLEVBQ2hDLG1CQUF3QyxFQUN4QyxVQUFzQixFQUN0QixrQkFBc0MsRUFDdEMsY0FBOEIsRUFDOUIsZ0JBQWtDO1FBUGxDLGFBQVEsR0FBUixRQUFRLENBQW9CO1FBQzVCLHNCQUFpQixHQUFqQixpQkFBaUIsQ0FBbUI7UUFDcEMsb0JBQWUsR0FBZixlQUFlLENBQWlCO1FBQ2hDLHdCQUFtQixHQUFuQixtQkFBbUIsQ0FBcUI7UUFDeEMsZUFBVSxHQUFWLFVBQVUsQ0FBWTtRQUN0Qix1QkFBa0IsR0FBbEIsa0JBQWtCLENBQW9CO1FBQ3RDLG1CQUFjLEdBQWQsY0FBYyxDQUFnQjtRQUM5QixxQkFBZ0IsR0FBaEIsZ0JBQWdCLENBQWtCO0lBQ3pDLENBQUM7SUFFSjs7T0FFRztJQUNJLGdCQUFnQixDQUFDLE1BQTBCO1FBQ2hELE1BQU0sUUFBUSxHQUFHLE1BQU0sQ0FBQyxhQUFhLElBQUksRUFBRSxDQUFDO1FBQzVDLE1BQU0sU0FBUyxHQUFHLE1BQU0sQ0FBQyxTQUFTLElBQUksQ0FBQyxDQUFDO1FBRXhDLHdEQUF3RDtRQUN4RCxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsZUFBZSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUMvRCxJQUFJLENBQUMsWUFBWSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQzFCLE9BQU8sQ0FBQyxHQUFHLENBQUMsNEJBQTRCLFFBQVEsS0FBSyxZQUFZLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQztZQUM1RSxNQUFNLENBQUMsR0FBRyxFQUFFLENBQUM7WUFDYixNQUFNLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDakIsT0FBTztRQUNULENBQUM7UUFFRCxpQ0FBaUM7UUFDakMsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLGlCQUFpQixDQUFDLGdCQUFnQixDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQy9ELE1BQU0sWUFBWSxHQUFHLE1BQU0sQ0FBQyxFQUFFLENBQUM7UUFFL0IsNkJBQTZCO1FBQzdCLE1BQU0sQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUV6Qyx1Q0FBdUM7UUFDdkMsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQzVCLE1BQU0sQ0FBQyxZQUFZLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLENBQUMsQ0FBQztZQUMvRCxNQUFNLENBQUMsWUFBWSxHQUFHLElBQUksQ0FBQztZQUUzQixtREFBbUQ7WUFDbkQsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFLENBQUM7Z0JBQ3hDLElBQUksQ0FBQztvQkFDSCx1REFBdUQ7b0JBQ3ZELElBQUksb0JBQW9CLElBQUksTUFBTSxFQUFFLENBQUM7d0JBQ2xDLE1BQWMsQ0FBQyxrQkFBa0IsQ0FBQyxFQUFFLENBQUMsQ0FBQztvQkFDekMsQ0FBQztvQkFDRCxJQUFJLHNCQUFzQixJQUFJLE1BQU0sRUFBRSxDQUFDO3dCQUNwQyxNQUFjLENBQUMsb0JBQW9CLENBQUMsSUFBSSxDQUFDLENBQUM7b0JBQzdDLENBQUM7Z0JBQ0gsQ0FBQztnQkFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO29CQUNiLGtEQUFrRDtvQkFDbEQsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFLENBQUM7d0JBQ3hDLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxZQUFZLHFEQUFxRCxHQUFHLEVBQUUsQ0FBQyxDQUFDO29CQUMxRixDQUFDO2dCQUNILENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUVELElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO1lBQ3hDLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLHlCQUF5QixRQUFRLFlBQVksU0FBUyxJQUFJO2dCQUN4RSxlQUFlLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsVUFBVSxJQUFJO2dCQUMvRCx1QkFBdUIsSUFBSSxDQUFDLGlCQUFpQixDQUFDLGtCQUFrQixFQUFFLEVBQUUsQ0FDdkUsQ0FBQztRQUNKLENBQUM7YUFBTSxDQUFDO1lBQ04sT0FBTyxDQUFDLEdBQUcsQ0FDVCx1QkFBdUIsUUFBUSxZQUFZLFNBQVMseUJBQXlCLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxrQkFBa0IsRUFBRSxFQUFFLENBQzNILENBQUM7UUFDSixDQUFDO1FBRUQsd0VBQXdFO1FBQ3hFLElBQUksSUFBSSxDQUFDLGdCQUFnQixDQUFDLHFCQUFxQixDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUM7WUFDM0QsSUFBSSxDQUFDLDRCQUE0QixDQUFDLE1BQU0sRUFBRSxNQUFNLENBQUMsQ0FBQztRQUNwRCxDQUFDO2FBQU0sQ0FBQztZQUNOLDZEQUE2RDtZQUM3RCxJQUFJLENBQUMsd0JBQXdCLENBQUMsTUFBTSxFQUFFLE1BQU0sQ0FBQyxDQUFDO1FBQ2hELENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSyw0QkFBNEIsQ0FDbEMsTUFBMEIsRUFDMUIsTUFBeUI7UUFFekIsTUFBTSxZQUFZLEdBQUcsTUFBTSxDQUFDLEVBQUUsQ0FBQztRQUMvQixJQUFJLG1CQUFtQixHQUFHLEtBQUssQ0FBQztRQUVoQyw0Q0FBNEM7UUFDNUMsSUFBSSxjQUFjLEdBQTBCLFVBQVUsQ0FBQyxHQUFHLEVBQUU7WUFDMUQsSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7Z0JBQ3pCLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLDJCQUEyQixJQUFJLENBQUMsUUFBUSxDQUFDLGtCQUFrQiwyQkFBMkIsTUFBTSxDQUFDLFFBQVEsRUFBRSxDQUN4SCxDQUFDO2dCQUVGLHNEQUFzRDtnQkFDdEQsVUFBVSxDQUFDLEdBQUcsRUFBRTtvQkFDZCxJQUFJLENBQUMsbUJBQW1CLEVBQUUsQ0FBQzt3QkFDekIsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLFlBQVksaURBQWlELENBQUMsQ0FBQzt3QkFDL0UsSUFBSSxNQUFNLENBQUMseUJBQXlCLEtBQUssSUFBSSxFQUFFLENBQUM7NEJBQzlDLE1BQU0sQ0FBQyx5QkFBeUIsR0FBRyxpQkFBaUIsQ0FBQzs0QkFDckQsSUFBSSxDQUFDLGlCQUFpQixDQUFDLHdCQUF3QixDQUFDLFVBQVUsRUFBRSxpQkFBaUIsQ0FBQyxDQUFDO3dCQUNqRixDQUFDO3dCQUNELE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQzt3QkFDYixJQUFJLENBQUMsaUJBQWlCLENBQUMsaUJBQWlCLENBQUMsTUFBTSxFQUFFLGlCQUFpQixDQUFDLENBQUM7b0JBQ3RFLENBQUM7Z0JBQ0gsQ0FBQyxFQUFFLEtBQUssQ0FBQyxDQUFDLENBQUMseUJBQXlCO1lBQ3RDLENBQUM7UUFDSCxDQUFDLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxrQkFBbUIsQ0FBQyxDQUFDO1FBRXRDLG1EQUFtRDtRQUNuRCxJQUFJLGNBQWMsQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUN6QixjQUFjLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDekIsQ0FBQztRQUVELHVCQUF1QjtRQUN2QixNQUFNLENBQUMsRUFBRSxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsaUJBQWlCLENBQUMsV0FBVyxDQUFDLFVBQVUsRUFBRSxNQUFNLENBQUMsQ0FBQyxDQUFDO1FBRTNFLHVFQUF1RTtRQUN2RSxNQUFNLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDLEtBQWEsRUFBRSxFQUFFO1lBQ3BDLHNEQUFzRDtZQUN0RCxJQUFJLGNBQWMsRUFBRSxDQUFDO2dCQUNuQixZQUFZLENBQUMsY0FBYyxDQUFDLENBQUM7Z0JBQzdCLGNBQWMsR0FBRyxJQUFJLENBQUM7WUFDeEIsQ0FBQztZQUVELG1CQUFtQixHQUFHLElBQUksQ0FBQztZQUMzQixNQUFNLENBQUMsc0JBQXNCLEdBQUcsSUFBSSxDQUFDO1lBRXJDLHdDQUF3QztZQUN4QyxNQUFNLFNBQVMsR0FBRyxNQUFNLENBQUMsU0FBUyxDQUFDO1lBQ25DLElBQUksQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLGNBQWMsQ0FBQyxLQUFLLENBQUMsSUFBSSxTQUFTLEtBQUssR0FBRyxFQUFFLENBQUM7Z0JBQ2hFLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLDZDQUE2QztvQkFDM0QsOEVBQThFLENBQ2pGLENBQUM7Z0JBQ0YsSUFBSSxNQUFNLENBQUMseUJBQXlCLEtBQUssSUFBSSxFQUFFLENBQUM7b0JBQzlDLE1BQU0sQ0FBQyx5QkFBeUIsR0FBRyxpQkFBaUIsQ0FBQztvQkFDckQsSUFBSSxDQUFDLGlCQUFpQixDQUFDLHdCQUF3QixDQUFDLFVBQVUsRUFBRSxpQkFBaUIsQ0FBQyxDQUFDO2dCQUNqRixDQUFDO2dCQUNELE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQztnQkFDYixJQUFJLENBQUMsaUJBQWlCLENBQUMsaUJBQWlCLENBQUMsTUFBTSxFQUFFLGlCQUFpQixDQUFDLENBQUM7Z0JBQ3BFLE9BQU87WUFDVCxDQUFDO1lBRUQsMkNBQTJDO1lBQzNDLElBQUksSUFBSSxDQUFDLFVBQVUsQ0FBQyxjQUFjLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztnQkFDMUMsTUFBTSxDQUFDLEtBQUssR0FBRyxJQUFJLENBQUM7Z0JBRXBCLCtFQUErRTtnQkFDL0UsSUFBSSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO29CQUN6Qyw0Q0FBNEM7b0JBQzVDLE1BQU0sUUFBUSxHQUFHO3dCQUNmLFFBQVEsRUFBRSxNQUFNLENBQUMsUUFBUTt3QkFDekIsVUFBVSxFQUFFLE1BQU0sQ0FBQyxVQUFVLElBQUksQ0FBQzt3QkFDbEMsTUFBTSxFQUFFLE1BQU0sQ0FBQyxZQUFZLElBQUksRUFBRTt3QkFDakMsUUFBUSxFQUFFLE1BQU0sQ0FBQyxTQUFTLElBQUksQ0FBQztxQkFDaEMsQ0FBQztvQkFFRixxRUFBcUU7b0JBQ3JFLE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLEtBQUssRUFBRSxRQUFRLENBQUMsQ0FBQztvQkFFL0QsNkVBQTZFO29CQUM3RSx5RkFBeUY7b0JBQ3pGLElBQUksVUFBVSxFQUFFLENBQUM7d0JBQ2Ysa0RBQWtEO3dCQUNsRCxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsbUJBQW1CLENBQUMsZ0JBQWdCLENBQUMsVUFBVSxDQUFDLENBQUM7d0JBQzNFLE1BQU0sQ0FBQyxZQUFZLEdBQUcsWUFBWSxDQUFDO3dCQUNuQyxNQUFNLENBQUMsWUFBWSxHQUFHLFVBQVUsQ0FBQzt3QkFFakMsc0RBQXNEO3dCQUN0RCxJQUFJLFlBQVksSUFBSSxJQUFJLENBQUMsbUJBQW1CLENBQUMscUJBQXFCLENBQUMsWUFBWSxDQUFDLEVBQUUsQ0FBQzs0QkFDakYsTUFBTSxnQkFBZ0IsR0FBRyxJQUFJLENBQUMsbUJBQW1CLENBQUMsbUJBQW1CLENBQUMsWUFBWSxDQUFDLENBQUM7NEJBRXBGLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO2dDQUN4QyxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSw0Q0FBNEMsVUFBVSxZQUFZLGdCQUFnQixFQUFFLENBQ3JHLENBQUM7NEJBQ0osQ0FBQzs0QkFFRCxvREFBb0Q7NEJBQ3BELElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxxQkFBcUIsQ0FDM0MsWUFBWSxFQUNaLE1BQU0sRUFDTixNQUFNLEVBQ04sS0FBSyxFQUNMLGdCQUFnQixFQUNoQixDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLG1CQUFtQixDQUFDLE1BQU0sRUFBRSxNQUFNLENBQUMsQ0FDdkUsQ0FBQzs0QkFDRixPQUFPO3dCQUNULENBQUM7b0JBQ0gsQ0FBQzt5QkFBTSxJQUNMLElBQUksQ0FBQyxRQUFRLENBQUMsa0JBQWtCLEtBQUssS0FBSzt3QkFDMUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsRUFDbkMsQ0FBQzt3QkFDRCw0RUFBNEU7d0JBQzVFLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLHVFQUF1RSxDQUN4RixDQUFDO29CQUNKLENBQUM7Z0JBQ0gsQ0FBQztnQkFFRCxvRUFBb0U7Z0JBQ3BFLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxxQkFBcUIsQ0FDM0MsWUFBWSxFQUNaLE1BQU0sRUFDTixNQUFNLEVBQ04sS0FBSyxFQUNMLFNBQVMsRUFDVCxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLG1CQUFtQixDQUFDLE1BQU0sRUFBRSxNQUFNLENBQUMsQ0FDdkUsQ0FBQztZQUNKLENBQUM7aUJBQU0sQ0FBQztnQkFDTiwyQ0FBMkM7Z0JBQzNDLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLDZDQUE2QyxNQUFNLENBQUMsU0FBUyxFQUFFLENBQ2hGLENBQUM7Z0JBQ0YsSUFBSSxDQUFDLHFCQUFxQixDQUFDLE1BQU0sRUFBRSxNQUFNLEVBQUUsU0FBUyxFQUFFLFNBQVMsRUFBRSxLQUFLLENBQUMsQ0FBQztZQUMxRSxDQUFDO1FBQ0gsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQ7O09BRUc7SUFDSyx3QkFBd0IsQ0FBQyxNQUEwQixFQUFFLE1BQXlCO1FBQ3BGLE1BQU0sWUFBWSxHQUFHLE1BQU0sQ0FBQyxFQUFFLENBQUM7UUFDL0IsTUFBTSxTQUFTLEdBQUcsTUFBTSxDQUFDLFNBQVMsQ0FBQztRQUVuQywyQ0FBMkM7UUFDM0MsTUFBTSx3QkFBd0IsR0FBRyxDQUFDLE1BQWMsRUFBRSxVQUFrQixFQUFFLEVBQUU7WUFDdEUsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLFlBQVksS0FBSyxVQUFVLEVBQUUsQ0FBQyxDQUFDO1lBQy9DLE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQztZQUNiLElBQUksTUFBTSxDQUFDLHlCQUF5QixLQUFLLElBQUksRUFBRSxDQUFDO2dCQUM5QyxNQUFNLENBQUMseUJBQXlCLEdBQUcsTUFBTSxDQUFDO2dCQUMxQyxJQUFJLENBQUMsaUJBQWlCLENBQUMsd0JBQXdCLENBQUMsVUFBVSxFQUFFLE1BQU0sQ0FBQyxDQUFDO1lBQ3RFLENBQUM7WUFDRCxJQUFJLENBQUMsaUJBQWlCLENBQUMsaUJBQWlCLENBQUMsTUFBTSxFQUFFLE1BQU0sQ0FBQyxDQUFDO1FBQzNELENBQUMsQ0FBQztRQUVGLElBQUksbUJBQW1CLEdBQUcsS0FBSyxDQUFDO1FBRWhDLGdEQUFnRDtRQUNoRCxJQUFJLGNBQWMsR0FBMEIsSUFBSSxDQUFDO1FBQ2pELElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUM3QixjQUFjLEdBQUcsVUFBVSxDQUFDLEdBQUcsRUFBRTtnQkFDL0IsSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7b0JBQ3pCLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLDJCQUEyQixJQUFJLENBQUMsUUFBUSxDQUFDLGtCQUFrQiwyQkFBMkIsTUFBTSxDQUFDLFFBQVEsRUFBRSxDQUN4SCxDQUFDO29CQUVGLHNEQUFzRDtvQkFDdEQsVUFBVSxDQUFDLEdBQUcsRUFBRTt3QkFDZCxJQUFJLENBQUMsbUJBQW1CLEVBQUUsQ0FBQzs0QkFDekIsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLFlBQVksaURBQWlELENBQUMsQ0FBQzs0QkFDL0UsSUFBSSxNQUFNLENBQUMseUJBQXlCLEtBQUssSUFBSSxFQUFFLENBQUM7Z0NBQzlDLE1BQU0sQ0FBQyx5QkFBeUIsR0FBRyxpQkFBaUIsQ0FBQztnQ0FDckQsSUFBSSxDQUFDLGlCQUFpQixDQUFDLHdCQUF3QixDQUFDLFVBQVUsRUFBRSxpQkFBaUIsQ0FBQyxDQUFDOzRCQUNqRixDQUFDOzRCQUNELE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQzs0QkFDYixJQUFJLENBQUMsaUJBQWlCLENBQUMsaUJBQWlCLENBQUMsTUFBTSxFQUFFLGlCQUFpQixDQUFDLENBQUM7d0JBQ3RFLENBQUM7b0JBQ0gsQ0FBQyxFQUFFLEtBQUssQ0FBQyxDQUFDLENBQUMseUJBQXlCO2dCQUN0QyxDQUFDO1lBQ0gsQ0FBQyxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsa0JBQW1CLENBQUMsQ0FBQztZQUV0QyxtREFBbUQ7WUFDbkQsSUFBSSxjQUFjLENBQUMsS0FBSyxFQUFFLENBQUM7Z0JBQ3pCLGNBQWMsQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUN6QixDQUFDO1FBQ0gsQ0FBQzthQUFNLENBQUM7WUFDTixtQkFBbUIsR0FBRyxJQUFJLENBQUM7WUFDM0IsTUFBTSxDQUFDLHNCQUFzQixHQUFHLElBQUksQ0FBQztRQUN2QyxDQUFDO1FBRUQsTUFBTSxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDLGlCQUFpQixDQUFDLFdBQVcsQ0FBQyxVQUFVLEVBQUUsTUFBTSxDQUFDLENBQUMsQ0FBQztRQUUzRSxnQ0FBZ0M7UUFDaEMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxLQUFhLEVBQUUsRUFBRTtZQUNsQyxNQUFNLENBQUMsYUFBYSxJQUFJLEtBQUssQ0FBQyxNQUFNLENBQUM7WUFDckMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDLENBQUM7WUFFM0MscURBQXFEO1lBQ3JELElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7Z0JBQzNELE1BQU0sQ0FBQyxLQUFLLEdBQUcsSUFBSSxDQUFDO2dCQUVwQixJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLEVBQUUsQ0FBQztvQkFDeEMsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVksaUNBQWlDLE1BQU0sQ0FBQyxRQUFRLEtBQUssS0FBSyxDQUFDLE1BQU0sUUFBUSxDQUMxRixDQUFDO2dCQUNKLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQyxDQUFDLENBQUM7UUFFSDs7V0FFRztRQUNILE1BQU0sZUFBZSxHQUFHLENBQ3RCLFVBQWtCLEVBQ2xCLFlBQXFCLEVBQ3JCLFlBQTRCLEVBQzVCLFlBQXFCLEVBQ3JCLEVBQUU7WUFDRixzREFBc0Q7WUFDdEQsSUFBSSxjQUFjLEVBQUUsQ0FBQztnQkFDbkIsWUFBWSxDQUFDLGNBQWMsQ0FBQyxDQUFDO2dCQUM3QixjQUFjLEdBQUcsSUFBSSxDQUFDO1lBQ3hCLENBQUM7WUFFRCx3Q0FBd0M7WUFDeEMsbUJBQW1CLEdBQUcsSUFBSSxDQUFDO1lBQzNCLE1BQU0sQ0FBQyxzQkFBc0IsR0FBRyxJQUFJLENBQUM7WUFFckMsMkNBQTJDO1lBQzNDLElBQUksWUFBWSxJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDLFlBQVksQ0FBQyxFQUFFLENBQUM7Z0JBQ2pFLE1BQU0sQ0FBQyxLQUFLLEdBQUcsSUFBSSxDQUFDO2dCQUVwQixJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLEVBQUUsQ0FBQztvQkFDeEMsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVksc0NBQXNDLFlBQVksQ0FBQyxNQUFNLFFBQVEsQ0FDbEYsQ0FBQztnQkFDSixDQUFDO1lBQ0gsQ0FBQztZQUVELCtGQUErRjtZQUMvRixNQUFNLFlBQVksR0FBRyxZQUFZO2dCQUMvQixDQUFDLENBQUMsWUFBWTtnQkFDZCxDQUFDLENBQUMsVUFBVTtvQkFDWixDQUFDLENBQUMsSUFBSSxDQUFDLG1CQUFtQixDQUFDLGdCQUFnQixDQUFDLFVBQVUsQ0FBQztvQkFDdkQsQ0FBQyxDQUFDLFNBQVMsQ0FBQztZQUVkLDBDQUEwQztZQUMxQyxNQUFNLENBQUMsWUFBWSxHQUFHLFlBQVksQ0FBQztZQUVuQyx5RUFBeUU7WUFDekUsSUFDRSxZQUFZO2dCQUNaLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxxQkFBcUIsQ0FBQyxZQUFZLENBQUM7Z0JBQzVELElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxlQUFlLEVBQUUsRUFDekMsQ0FBQztnQkFDRCxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLEVBQUUsQ0FBQztvQkFDeEMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLFlBQVksWUFBWSxVQUFVLG9DQUFvQyxDQUFDLENBQUM7Z0JBQzFGLENBQUM7Z0JBRUQsTUFBTSxnQkFBZ0IsR0FBRyxJQUFJLENBQUMsbUJBQW1CLENBQUMsbUJBQW1CLENBQUMsWUFBWSxDQUFDLENBQUM7Z0JBRXBGLElBQUksWUFBWSxJQUFJLE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQztvQkFDakMsa0VBQWtFO29CQUNsRSxJQUFJLENBQUMsa0JBQWtCLENBQUMscUJBQXFCLENBQzNDLFlBQVksRUFDWixNQUFNLEVBQ04sTUFBTSxFQUNOLFlBQVksRUFDWixnQkFBZ0IsRUFDaEIsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxtQkFBbUIsQ0FBQyxNQUFNLEVBQUUsTUFBTSxDQUFDLENBQ3ZFLENBQUM7b0JBQ0YsT0FBTyxDQUFDLCtCQUErQjtnQkFDekMsQ0FBQztZQUNILENBQUM7WUFFRCxnQkFBZ0I7WUFDaEIsSUFBSSxZQUFZLEVBQUUsQ0FBQztnQkFDakIsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLG1CQUFtQixDQUFDLG1CQUFtQixDQUFDLFlBQVksQ0FBQyxDQUFDO2dCQUUzRSw0Q0FBNEM7Z0JBQzVDLElBQ0UsWUFBWSxDQUFDLFVBQVUsQ0FBQyxNQUFNLEdBQUcsQ0FBQztvQkFDbEMsQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDLGNBQWMsQ0FDbEMsTUFBTSxDQUFDLFFBQVEsRUFDZixPQUFPLENBQUMsVUFBVSxFQUNsQixPQUFPLENBQUMsVUFBVSxDQUNuQixFQUNELENBQUM7b0JBQ0QsT0FBTyx3QkFBd0IsQ0FDN0IsVUFBVSxFQUNWLDJCQUNFLE1BQU0sQ0FBQyxRQUNULDJCQUEyQixZQUFZLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUM3RCxDQUFDO2dCQUNKLENBQUM7WUFDSCxDQUFDO2lCQUFNLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztnQkFDekYsSUFDRSxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsY0FBYyxDQUNsQyxNQUFNLENBQUMsUUFBUSxFQUNmLElBQUksQ0FBQyxRQUFRLENBQUMsaUJBQWlCLEVBQy9CLElBQUksQ0FBQyxRQUFRLENBQUMsaUJBQWlCLElBQUksRUFBRSxDQUN0QyxFQUNELENBQUM7b0JBQ0QsT0FBTyx3QkFBd0IsQ0FDN0IsVUFBVSxFQUNWLDJCQUEyQixNQUFNLENBQUMsUUFBUSxzQ0FBc0MsQ0FDakYsQ0FBQztnQkFDSixDQUFDO1lBQ0gsQ0FBQztZQUVELHVCQUF1QjtZQUN2QixJQUFJLFVBQVUsRUFBRSxDQUFDO2dCQUNmLE1BQU0sQ0FBQyxZQUFZLEdBQUcsVUFBVSxDQUFDO1lBQ25DLENBQUM7WUFFRCwrQkFBK0I7WUFDL0IsSUFBSSxDQUFDLHFCQUFxQixDQUN4QixNQUFNLEVBQ04sTUFBTSxFQUNOLFlBQVksRUFDWixVQUFVLEVBQ1YsWUFBWSxFQUNaLFlBQVksQ0FDYixDQUFDO1FBQ0osQ0FBQyxDQUFDO1FBRUYsb0NBQW9DO1FBQ3BDLDRGQUE0RjtRQUM1RixJQUFJLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxvQkFBb0IsQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUFDO1lBQzFELElBQUksSUFBSSxDQUFDLGdCQUFnQixDQUFDLHlCQUF5QixDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUM7Z0JBQy9ELElBQ0UsSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUI7b0JBQy9CLElBQUksQ0FBQyxRQUFRLENBQUMsaUJBQWlCLENBQUMsTUFBTSxHQUFHLENBQUM7b0JBQzFDLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDLFFBQVEsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDLEVBQ3RGLENBQUM7b0JBQ0QsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVkscUJBQXFCLE1BQU0sQ0FBQyxRQUFRLGlCQUFpQixNQUFNLENBQUMsUUFBUSw4Q0FBOEMsQ0FDbkksQ0FBQztvQkFDRixNQUFNLENBQUMsR0FBRyxFQUFFLENBQUM7b0JBQ2IsT0FBTztnQkFDVCxDQUFDO2dCQUNELElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO29CQUN4QyxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSxnQ0FBZ0MsTUFBTSxDQUFDLFFBQVEsWUFBWSxTQUFTLGtDQUFrQyxJQUFJLENBQUMsUUFBUSxDQUFDLFFBQVEsR0FBRyxDQUNoSixDQUFDO2dCQUNKLENBQUM7Z0JBQ0QsZUFBZSxDQUNiLEVBQUUsRUFDRixTQUFTLEVBQ1Q7b0JBQ0UsT0FBTyxFQUFFLENBQUMsUUFBUSxDQUFDO29CQUNuQixVQUFVLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsSUFBSSxFQUFFO29CQUNqRCxVQUFVLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsSUFBSSxFQUFFO29CQUNqRCxTQUFTLEVBQUUsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLFFBQVMsQ0FBQztvQkFDcEMsVUFBVSxFQUFFLEVBQUU7aUJBQ2YsRUFDRCxTQUFTLENBQ1YsQ0FBQztnQkFDRixPQUFPO1lBQ1QsQ0FBQztpQkFBTSxDQUFDO2dCQUNOLDJFQUEyRTtnQkFDM0UsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLG1CQUFtQixDQUFDLHVCQUF1QixDQUFDLFNBQVMsQ0FBQyxDQUFDO2dCQUVqRixJQUFJLFlBQVksRUFBRSxDQUFDO29CQUNqQixNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsbUJBQW1CLENBQUMsbUJBQW1CLENBQUMsWUFBWSxDQUFDLENBQUM7b0JBRTNFLElBQ0UsQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDLGNBQWMsQ0FDbEMsTUFBTSxDQUFDLFFBQVEsRUFDZixPQUFPLENBQUMsVUFBVSxFQUNsQixPQUFPLENBQUMsVUFBVSxDQUNuQixFQUNELENBQUM7d0JBQ0QsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVkscUJBQ2QsTUFBTSxDQUFDLFFBQ1Qsd0NBQXdDLFlBQVksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUMvRCxJQUFJLENBQ0wsWUFBWSxTQUFTLEdBQUcsQ0FDMUIsQ0FBQzt3QkFDRixNQUFNLENBQUMsR0FBRyxFQUFFLENBQUM7d0JBQ2IsT0FBTztvQkFDVCxDQUFDO29CQUVELElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO3dCQUN4QyxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSxnQ0FDZCxNQUFNLENBQUMsUUFDVCxZQUFZLFNBQVMsbUJBQW1CLFlBQVksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQzNFLENBQUM7b0JBQ0osQ0FBQztvQkFFRCxlQUFlLENBQUMsRUFBRSxFQUFFLFNBQVMsRUFBRSxZQUFZLEVBQUUsU0FBUyxDQUFDLENBQUM7b0JBQ3hELE9BQU87Z0JBQ1QsQ0FBQztnQkFDRCw0RUFBNEU7WUFDOUUsQ0FBQztRQUNILENBQUM7UUFFRCx5RUFBeUU7UUFDekUsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQzdCLG1CQUFtQixHQUFHLEtBQUssQ0FBQztZQUU1QixNQUFNLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDLEtBQWEsRUFBRSxFQUFFO2dCQUNwQyw0QkFBNEI7Z0JBQzVCLElBQUksY0FBYyxFQUFFLENBQUM7b0JBQ25CLFlBQVksQ0FBQyxjQUFjLENBQUMsQ0FBQztvQkFDN0IsY0FBYyxHQUFHLElBQUksQ0FBQztnQkFDeEIsQ0FBQztnQkFFRCxtQkFBbUIsR0FBRyxJQUFJLENBQUM7Z0JBRTNCLHdDQUF3QztnQkFDeEMsSUFBSSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDLEtBQUssQ0FBQyxJQUFJLFNBQVMsS0FBSyxHQUFHLEVBQUUsQ0FBQztvQkFDaEUsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVksNERBQTREO3dCQUMxRSw4RUFBOEUsQ0FDakYsQ0FBQztvQkFDRixJQUFJLE1BQU0sQ0FBQyx5QkFBeUIsS0FBSyxJQUFJLEVBQUUsQ0FBQzt3QkFDOUMsTUFBTSxDQUFDLHlCQUF5QixHQUFHLGlCQUFpQixDQUFDO3dCQUNyRCxJQUFJLENBQUMsaUJBQWlCLENBQUMsd0JBQXdCLENBQUMsVUFBVSxFQUFFLGlCQUFpQixDQUFDLENBQUM7b0JBQ2pGLENBQUM7b0JBQ0QsTUFBTSxDQUFDLEdBQUcsRUFBRSxDQUFDO29CQUNiLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxpQkFBaUIsQ0FBQyxNQUFNLEVBQUUsaUJBQWlCLENBQUMsQ0FBQztvQkFDcEUsT0FBTztnQkFDVCxDQUFDO2dCQUVELHFCQUFxQjtnQkFDckIsSUFBSSxVQUFVLEdBQUcsRUFBRSxDQUFDO2dCQUVwQixJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7b0JBQzFDLE1BQU0sQ0FBQyxLQUFLLEdBQUcsSUFBSSxDQUFDO29CQUVwQixJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLEVBQUUsQ0FBQzt3QkFDeEMsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVksd0NBQXdDLEtBQUssQ0FBQyxNQUFNLFFBQVEsQ0FDN0UsQ0FBQztvQkFDSixDQUFDO29CQUVELG1EQUFtRDtvQkFDbkQsTUFBTSxRQUFRLEdBQUc7d0JBQ2YsUUFBUSxFQUFFLE1BQU0sQ0FBQyxRQUFRO3dCQUN6QixVQUFVLEVBQUUsTUFBTSxDQUFDLFVBQVUsSUFBSSxDQUFDO3dCQUNsQyxNQUFNLEVBQUUsTUFBTSxDQUFDLFlBQVksSUFBSSxFQUFFO3dCQUNqQyxRQUFRLEVBQUUsTUFBTSxDQUFDLFNBQVMsSUFBSSxDQUFDO3FCQUNoQyxDQUFDO29CQUVGLGNBQWM7b0JBQ2QsVUFBVSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLEtBQUssRUFBRSxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7b0JBRS9ELGlHQUFpRztvQkFDakcsSUFDRSxJQUFJLENBQUMsUUFBUSxDQUFDLGtCQUFrQixLQUFLLEtBQUs7d0JBQzFDLElBQUksQ0FBQyxVQUFVLENBQUMsYUFBYSxDQUFDLEtBQUssQ0FBQzt3QkFDcEMsQ0FBQyxVQUFVLEVBQ1gsQ0FBQzt3QkFDRCxpRUFBaUU7d0JBQ2pFLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLGlFQUFpRTs0QkFDL0UsZ0ZBQWdGLENBQ25GLENBQUM7d0JBRUYsbUNBQW1DO3dCQUNuQyxJQUFJLE1BQU0sQ0FBQyx5QkFBeUIsS0FBSyxJQUFJLEVBQUUsQ0FBQzs0QkFDOUMsTUFBTSxDQUFDLHlCQUF5QixHQUFHLCtCQUErQixDQUFDOzRCQUNuRSxJQUFJLENBQUMsaUJBQWlCLENBQUMsd0JBQXdCLENBQzdDLFVBQVUsRUFDViwrQkFBK0IsQ0FDaEMsQ0FBQzt3QkFDSixDQUFDO3dCQUVELHFEQUFxRDt3QkFDckQsdURBQXVEO3dCQUN2RCxNQUFNLDBCQUEwQixHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUM7NEJBQzdDLElBQUksRUFBRSxvQkFBb0I7NEJBQzFCLElBQUk7NEJBQ0osSUFBSSxFQUFFLGtCQUFrQjs0QkFDeEIsSUFBSTs0QkFDSixJQUFJLEVBQUUsU0FBUzs0QkFDZixJQUFJLEVBQUUsa0NBQWtDOzRCQUN4QyxJQUFJLEVBQUUscUNBQXFDO3lCQUM1QyxDQUFDLENBQUM7d0JBRUgsOERBQThEO3dCQUM5RCxNQUFNLDRCQUE0QixHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUM7NEJBQy9DLElBQUksRUFBRSxvQkFBb0I7NEJBQzFCLElBQUk7NEJBQ0osSUFBSSxFQUFFLGtCQUFrQjs0QkFDeEIsSUFBSTs0QkFDSixJQUFJLEVBQUUsU0FBUzs0QkFDZixJQUFJLEVBQUUsa0NBQWtDOzRCQUN4QyxJQUFJLEVBQUUsa0VBQWtFO3lCQUN6RSxDQUFDLENBQUM7d0JBRUgsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLENBQUMsSUFBSSxDQUFDOzRCQUNuQyxJQUFJLEVBQUUsb0JBQW9COzRCQUMxQixJQUFJOzRCQUNKLElBQUksRUFBRSxrQkFBa0I7NEJBQ3hCLElBQUk7NEJBQ0osSUFBSSxFQUFFLFNBQVM7NEJBQ2YsSUFBSSxFQUFFLDBCQUEwQjs0QkFDaEMsSUFBSSxFQUFFLHlCQUF5Qjt5QkFDaEMsQ0FBQyxDQUFDO3dCQUVILE1BQU0sdUJBQXVCLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQzs0QkFDMUMsSUFBSSxFQUFFLG9CQUFvQjs0QkFDMUIsSUFBSTs0QkFDSixJQUFJLEVBQUUsa0JBQWtCOzRCQUN4QixJQUFJOzRCQUNKLElBQUksRUFBRSxTQUFTOzRCQUNmLElBQUksRUFBRSwwQkFBMEI7NEJBQ2hDLElBQUksRUFBRSxpQ0FBaUM7eUJBQ3hDLENBQUMsQ0FBQzt3QkFFSCxJQUFJLENBQUM7NEJBQ0gsaUVBQWlFOzRCQUNqRSxNQUFNLENBQUMsSUFBSSxFQUFFLENBQUM7NEJBQ2QsTUFBTSxlQUFlLEdBQUcsTUFBTSxDQUFDLEtBQUssQ0FBQywwQkFBMEIsQ0FBQyxDQUFDOzRCQUNqRSxNQUFNLENBQUMsTUFBTSxFQUFFLENBQUM7NEJBRWhCLHVFQUF1RTs0QkFDdkUsTUFBTSxnQkFBZ0IsR0FBRyxHQUFHLEVBQUU7Z0NBQzVCLDREQUE0RDtnQ0FDNUQsaUZBQWlGO2dDQUNqRixNQUFNLENBQUMsR0FBRyxFQUFFLENBQUM7Z0NBRWIsK0NBQStDO2dDQUMvQyxVQUFVLENBQUMsR0FBRyxFQUFFO29DQUNkLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxpQkFBaUIsQ0FBQyxNQUFNLEVBQUUsK0JBQStCLENBQUMsQ0FBQztnQ0FDcEYsQ0FBQyxFQUFFLElBQUksQ0FBQyxDQUFDLENBQUMsc0RBQXNEOzRCQUNsRSxDQUFDLENBQUM7NEJBRUYsSUFBSSxlQUFlLEVBQUUsQ0FBQztnQ0FDcEIsOEVBQThFO2dDQUM5RSxVQUFVLENBQUMsZ0JBQWdCLEVBQUUsR0FBRyxDQUFDLENBQUMsQ0FBQywrQkFBK0I7NEJBQ3BFLENBQUM7aUNBQU0sQ0FBQztnQ0FDTiwwREFBMEQ7Z0NBQzFELE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxFQUFFLEdBQUcsRUFBRTtvQ0FDeEIsa0NBQWtDO29DQUNsQyxVQUFVLENBQUMsZ0JBQWdCLEVBQUUsR0FBRyxDQUFDLENBQUM7Z0NBQ3BDLENBQUMsQ0FBQyxDQUFDO2dDQUVILGtDQUFrQztnQ0FDbEMsVUFBVSxDQUFDLEdBQUcsRUFBRTtvQ0FDZCxNQUFNLENBQUMsa0JBQWtCLENBQUMsT0FBTyxDQUFDLENBQUM7b0NBQ25DLGdCQUFnQixFQUFFLENBQUM7Z0NBQ3JCLENBQUMsRUFBRSxHQUFHLENBQUMsQ0FBQyxDQUFDLGdDQUFnQzs0QkFDM0MsQ0FBQzt3QkFDSCxDQUFDO3dCQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7NEJBQ2IsaUVBQWlFOzRCQUNqRSxPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksWUFBWSw4QkFBOEIsR0FBRyxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7NEJBQ3pFLE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQzs0QkFDYixJQUFJLENBQUMsaUJBQWlCLENBQUMsaUJBQWlCLENBQUMsTUFBTSxFQUFFLCtCQUErQixDQUFDLENBQUM7d0JBQ3BGLENBQUM7d0JBRUQsT0FBTztvQkFDVCxDQUFDO2dCQUNILENBQUM7Z0JBRUQsNkNBQTZDO2dCQUM3QyxNQUFNLENBQUMsWUFBWSxHQUFHLFVBQVUsQ0FBQztnQkFFakMsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFLENBQUM7b0JBQ3hDLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLDhCQUE4QixNQUFNLENBQUMsUUFBUSxjQUMzRCxVQUFVLElBQUksU0FDaEIsRUFBRSxDQUNILENBQUM7Z0JBQ0osQ0FBQztnQkFFRCxlQUFlLENBQUMsVUFBVSxFQUFFLEtBQUssQ0FBQyxDQUFDO1lBQ3JDLENBQUMsQ0FBQyxDQUFDO1FBQ0wsQ0FBQzthQUFNLENBQUM7WUFDTixtQkFBbUIsR0FBRyxJQUFJLENBQUM7WUFDM0IsTUFBTSxDQUFDLHNCQUFzQixHQUFHLElBQUksQ0FBQztZQUVyQyxJQUNFLElBQUksQ0FBQyxRQUFRLENBQUMsaUJBQWlCO2dCQUMvQixJQUFJLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDLE1BQU0sR0FBRyxDQUFDO2dCQUMxQyxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsY0FBYyxDQUFDLE1BQU0sQ0FBQyxRQUFRLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQyxFQUN0RixDQUFDO2dCQUNELE9BQU8sd0JBQXdCLENBQzdCLFVBQVUsRUFDViwyQkFBMkIsTUFBTSxDQUFDLFFBQVEscUNBQXFDLENBQ2hGLENBQUM7WUFDSixDQUFDO1lBRUQsZUFBZSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ3RCLENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSyxxQkFBcUIsQ0FDM0IsTUFBMEIsRUFDMUIsTUFBeUIsRUFDekIsWUFBNEIsRUFDNUIsVUFBbUIsRUFDbkIsWUFBcUIsRUFDckIsWUFBcUI7UUFFckIsTUFBTSxZQUFZLEdBQUcsTUFBTSxDQUFDLEVBQUUsQ0FBQztRQUUvQix3QkFBd0I7UUFDeEIsTUFBTSxVQUFVLEdBQUcsWUFBWTtZQUM3QixDQUFDLENBQUMsSUFBSSxDQUFDLG1CQUFtQixDQUFDLFdBQVcsQ0FBQyxZQUFZLENBQUM7WUFDcEQsQ0FBQyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsUUFBUyxDQUFDO1FBRTVCLHdCQUF3QjtRQUN4QixNQUFNLFVBQVUsR0FBRyxZQUFZLEtBQUssU0FBUyxDQUFDLENBQUMsQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDO1FBRXBGLDJCQUEyQjtRQUMzQixNQUFNLGlCQUFpQixHQUErQjtZQUNwRCxJQUFJLEVBQUUsVUFBVTtZQUNoQixJQUFJLEVBQUUsVUFBVTtTQUNqQixDQUFDO1FBRUYsbUNBQW1DO1FBQ25DLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1lBQ25DLGlCQUFpQixDQUFDLFlBQVksR0FBRyxNQUFNLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxTQUFTLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDMUUsQ0FBQztRQUVELHdDQUF3QztRQUN4QyxNQUFNLFNBQVMsR0FBYSxFQUFFLENBQUM7UUFDL0IsSUFBSSxTQUFTLEdBQUcsQ0FBQyxDQUFDO1FBQ2xCLElBQUksZUFBZSxHQUFHLEtBQUssQ0FBQztRQUM1QixJQUFJLFlBQVksR0FBRyxLQUFLLENBQUM7UUFDekIsSUFBSSxpQkFBaUIsR0FBRyxLQUFLLENBQUM7UUFFOUIsd0RBQXdEO1FBQ3hELE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUVmLGtFQUFrRTtRQUNsRSxNQUFNLGdCQUFnQixHQUFHLEdBQUcsRUFBRTtZQUM1QixJQUFJLGVBQWUsSUFBSSxTQUFTLENBQUMsTUFBTSxLQUFLLENBQUMsSUFBSSxpQkFBaUI7Z0JBQUUsT0FBTztZQUUzRSxlQUFlLEdBQUcsSUFBSSxDQUFDO1lBRXZCLElBQUksQ0FBQztnQkFDSCw0REFBNEQ7Z0JBQzVELE9BQU8sU0FBUyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztvQkFDNUIsTUFBTSxLQUFLLEdBQUcsU0FBUyxDQUFDLEtBQUssRUFBRyxDQUFDO29CQUNqQyxTQUFTLElBQUksS0FBSyxDQUFDLE1BQU0sQ0FBQztvQkFFMUIscURBQXFEO29CQUNyRCx5REFBeUQ7b0JBQ3pELElBQUksaUJBQWlCLElBQUksTUFBTSxDQUFDLFFBQVEsRUFBRSxDQUFDO3dCQUN6QyxNQUFNLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQzt3QkFDN0IsU0FBUztvQkFDWCxDQUFDO29CQUVELHVCQUF1QjtvQkFDdkIsTUFBTSxDQUFDLGFBQWEsSUFBSSxLQUFLLENBQUMsTUFBTSxDQUFDO29CQUVyQywwQkFBMEI7b0JBQzFCLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7d0JBQzNELE1BQU0sQ0FBQyxLQUFLLEdBQUcsSUFBSSxDQUFDO3dCQUVwQixJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLEVBQUUsQ0FBQzs0QkFDeEMsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVksZ0RBQWdELEtBQUssQ0FBQyxNQUFNLFFBQVEsQ0FDckYsQ0FBQzt3QkFDSixDQUFDO29CQUNILENBQUM7b0JBRUQsMkRBQTJEO29CQUMzRCxNQUFNLE9BQU8sR0FBRyxNQUFNLENBQUMsZUFBZSxHQUFHLEtBQUssQ0FBQyxNQUFNLENBQUM7b0JBRXRELElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxrQkFBa0IsSUFBSSxPQUFPLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO3dCQUNuRixPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSwrQ0FBK0MsTUFBTSxDQUFDLFFBQVEsS0FBSyxPQUFPLFlBQVksSUFBSSxDQUFDLFFBQVEsQ0FBQyxrQkFBa0IsUUFBUSxDQUMvSSxDQUFDO3dCQUNGLE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDLDhCQUE4Qjt3QkFDNUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLG1CQUFtQixDQUFDLE1BQU0sRUFBRSx1QkFBdUIsQ0FBQyxDQUFDO3dCQUM1RSxPQUFPO29CQUNULENBQUM7b0JBRUQsK0NBQStDO29CQUMvQyxNQUFNLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUM7b0JBQzVDLE1BQU0sQ0FBQyxlQUFlLEdBQUcsT0FBTyxDQUFDO29CQUNqQyxJQUFJLENBQUMsY0FBYyxDQUFDLGNBQWMsQ0FBQyxNQUFNLENBQUMsQ0FBQztnQkFDN0MsQ0FBQztZQUNILENBQUM7b0JBQVMsQ0FBQztnQkFDVCxlQUFlLEdBQUcsS0FBSyxDQUFDO2dCQUV4Qiw2REFBNkQ7Z0JBQzdELHdFQUF3RTtnQkFDeEUsSUFBSSxZQUFZLElBQUksU0FBUyxDQUFDLE1BQU0sS0FBSyxDQUFDLElBQUksQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO29CQUNqRSxZQUFZLEdBQUcsS0FBSyxDQUFDO29CQUNyQixNQUFNLENBQUMsTUFBTSxFQUFFLENBQUM7Z0JBQ2xCLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQyxDQUFDO1FBRUYsd0RBQXdEO1FBQ3hELE1BQU0sZUFBZSxHQUFHLENBQUMsS0FBYSxFQUFFLEVBQUU7WUFDeEMsZ0VBQWdFO1lBQ2hFLElBQUksaUJBQWlCO2dCQUFFLE9BQU87WUFFOUIsMENBQTBDO1lBQzFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMseUJBQXlCO1lBQzdELFNBQVMsSUFBSSxLQUFLLENBQUMsTUFBTSxDQUFDO1lBRTFCLDREQUE0RDtZQUM1RCxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsa0JBQWtCLElBQUksU0FBUyxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsa0JBQWtCLEdBQUcsR0FBRyxFQUFFLENBQUM7Z0JBQzNGLE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQztnQkFDZixZQUFZLEdBQUcsSUFBSSxDQUFDO1lBQ3RCLENBQUM7WUFFRCxvQkFBb0I7WUFDcEIsZ0JBQWdCLEVBQUUsQ0FBQztRQUNyQixDQUFDLENBQUM7UUFFRiw0QkFBNEI7UUFDNUIsTUFBTSxDQUFDLEVBQUUsQ0FBQyxNQUFNLEVBQUUsZUFBZSxDQUFDLENBQUM7UUFFbkMsK0NBQStDO1FBQy9DLElBQUksWUFBWSxFQUFFLENBQUM7WUFDakIsTUFBTSxDQUFDLGFBQWEsSUFBSSxZQUFZLENBQUMsTUFBTSxDQUFDO1lBQzVDLE1BQU0sQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQztZQUNuRCxNQUFNLENBQUMsZUFBZSxHQUFHLFlBQVksQ0FBQyxNQUFNLENBQUM7UUFDL0MsQ0FBQztRQUVELCtEQUErRDtRQUMvRCxNQUFNLFlBQVksR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO1FBQzVELE1BQU0sQ0FBQyxRQUFRLEdBQUcsWUFBWSxDQUFDO1FBQy9CLE1BQU0sQ0FBQyxpQkFBaUIsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFFdEMsNkJBQTZCO1FBQzdCLFlBQVksQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUUvQywrREFBK0Q7UUFDL0QsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQzVCLFlBQVksQ0FBQyxZQUFZLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLENBQUMsQ0FBQztZQUVyRSxtREFBbUQ7WUFDbkQsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFLENBQUM7Z0JBQ3hDLElBQUksQ0FBQztvQkFDSCxJQUFJLG9CQUFvQixJQUFJLFlBQVksRUFBRSxDQUFDO3dCQUN4QyxZQUFvQixDQUFDLGtCQUFrQixDQUFDLEVBQUUsQ0FBQyxDQUFDO29CQUMvQyxDQUFDO29CQUNELElBQUksc0JBQXNCLElBQUksWUFBWSxFQUFFLENBQUM7d0JBQzFDLFlBQW9CLENBQUMsb0JBQW9CLENBQUMsSUFBSSxDQUFDLENBQUM7b0JBQ25ELENBQUM7Z0JBQ0gsQ0FBQztnQkFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO29CQUNiLGtEQUFrRDtvQkFDbEQsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFLENBQUM7d0JBQ3hDLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLGdFQUFnRSxHQUFHLEVBQUUsQ0FDdEYsQ0FBQztvQkFDSixDQUFDO2dCQUNILENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUVELG9EQUFvRDtRQUNwRCxZQUFZLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDLEdBQUcsRUFBRSxFQUFFO1lBQ2pDLGtFQUFrRTtZQUNsRSxNQUFNLElBQUksR0FBSSxHQUFXLENBQUMsSUFBSSxDQUFDO1lBQy9CLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLCtCQUErQixVQUFVLElBQUksaUJBQWlCLENBQUMsSUFBSSxLQUFLLEdBQUcsQ0FBQyxPQUFPLEtBQUssSUFBSSxHQUFHLENBQ2hILENBQUM7WUFFRix3REFBd0Q7WUFDeEQsTUFBTSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBRWhCLElBQUksSUFBSSxLQUFLLGNBQWMsRUFBRSxDQUFDO2dCQUM1QixPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSxZQUFZLFVBQVUsSUFBSSxpQkFBaUIsQ0FBQyxJQUFJLHFCQUFxQixDQUN0RixDQUFDO1lBQ0osQ0FBQztpQkFBTSxJQUFJLElBQUksS0FBSyxXQUFXLEVBQUUsQ0FBQztnQkFDaEMsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVksbUJBQW1CLFVBQVUsSUFBSSxpQkFBaUIsQ0FBQyxJQUFJLFlBQVksQ0FDcEYsQ0FBQztZQUNKLENBQUM7aUJBQU0sSUFBSSxJQUFJLEtBQUssWUFBWSxFQUFFLENBQUM7Z0JBQ2pDLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLG1CQUFtQixVQUFVLElBQUksaUJBQWlCLENBQUMsSUFBSSxZQUFZLENBQ3BGLENBQUM7WUFDSixDQUFDO2lCQUFNLElBQUksSUFBSSxLQUFLLGNBQWMsRUFBRSxDQUFDO2dCQUNuQyxPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksWUFBWSxVQUFVLFVBQVUsaUJBQWlCLENBQUMsQ0FBQztZQUNyRSxDQUFDO1lBRUQsMERBQTBEO1lBQzFELFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxPQUFPLENBQUMsQ0FBQztZQUV6Qyw4REFBOEQ7WUFDOUQsWUFBWSxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDLGlCQUFpQixDQUFDLFdBQVcsQ0FBQyxVQUFVLEVBQUUsTUFBTSxDQUFDLENBQUMsQ0FBQztZQUVqRixJQUFJLE1BQU0sQ0FBQyx5QkFBeUIsS0FBSyxJQUFJLEVBQUUsQ0FBQztnQkFDOUMsTUFBTSxDQUFDLHlCQUF5QixHQUFHLG1CQUFtQixDQUFDO2dCQUN2RCxJQUFJLENBQUMsaUJBQWlCLENBQUMsd0JBQXdCLENBQUMsVUFBVSxFQUFFLG1CQUFtQixDQUFDLENBQUM7WUFDbkYsQ0FBQztZQUVELDBCQUEwQjtZQUMxQixJQUFJLENBQUMsaUJBQWlCLENBQUMsbUJBQW1CLENBQUMsTUFBTSxFQUFFLHFCQUFxQixJQUFJLEVBQUUsQ0FBQyxDQUFDO1FBQ2xGLENBQUMsQ0FBQyxDQUFDO1FBRUgsc0JBQXNCO1FBQ3RCLFlBQVksQ0FBQyxFQUFFLENBQUMsT0FBTyxFQUFFLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxXQUFXLENBQUMsVUFBVSxFQUFFLE1BQU0sQ0FBQyxDQUFDLENBQUM7UUFDakYsTUFBTSxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDLGlCQUFpQixDQUFDLFdBQVcsQ0FBQyxVQUFVLEVBQUUsTUFBTSxDQUFDLENBQUMsQ0FBQztRQUUzRSw0Q0FBNEM7UUFDNUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxTQUFTLEVBQUUsR0FBRyxFQUFFO1lBQ3hCLG9FQUFvRTtZQUNwRSxJQUFJLE1BQU0sQ0FBQyxZQUFZLEVBQUUsQ0FBQztnQkFDeEIsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVksMERBQ2QsTUFBTSxDQUFDLFFBQ1QsVUFBVSxPQUFPLENBQUMsUUFBUSxDQUN4QixJQUFJLENBQUMsUUFBUSxDQUFDLGFBQWEsSUFBSSxPQUFPLENBQ3ZDLHlCQUF5QixDQUMzQixDQUFDO2dCQUNGLE9BQU87WUFDVCxDQUFDO1lBRUQsOERBQThEO1lBQzlELE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLG1DQUNkLE1BQU0sQ0FBQyxRQUNULFVBQVUsT0FBTyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLGFBQWEsSUFBSSxPQUFPLENBQUMsRUFBRSxDQUNyRSxDQUFDO1lBQ0YsSUFBSSxNQUFNLENBQUMseUJBQXlCLEtBQUssSUFBSSxFQUFFLENBQUM7Z0JBQzlDLE1BQU0sQ0FBQyx5QkFBeUIsR0FBRyxTQUFTLENBQUM7Z0JBQzdDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyx3QkFBd0IsQ0FBQyxVQUFVLEVBQUUsU0FBUyxDQUFDLENBQUM7WUFDekUsQ0FBQztZQUNELElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxtQkFBbUIsQ0FBQyxNQUFNLEVBQUUsa0JBQWtCLENBQUMsQ0FBQztRQUN6RSxDQUFDLENBQUMsQ0FBQztRQUVILFlBQVksQ0FBQyxFQUFFLENBQUMsU0FBUyxFQUFFLEdBQUcsRUFBRTtZQUM5QixvRUFBb0U7WUFDcEUsSUFBSSxNQUFNLENBQUMsWUFBWSxFQUFFLENBQUM7Z0JBQ3hCLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLDBEQUNkLE1BQU0sQ0FBQyxRQUNULFVBQVUsT0FBTyxDQUFDLFFBQVEsQ0FDeEIsSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLElBQUksT0FBTyxDQUN2Qyx5QkFBeUIsQ0FDM0IsQ0FBQztnQkFDRixPQUFPO1lBQ1QsQ0FBQztZQUVELDhEQUE4RDtZQUM5RCxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSxtQ0FDZCxNQUFNLENBQUMsUUFDVCxVQUFVLE9BQU8sQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLElBQUksT0FBTyxDQUFDLEVBQUUsQ0FDckUsQ0FBQztZQUNGLElBQUksTUFBTSxDQUFDLHlCQUF5QixLQUFLLElBQUksRUFBRSxDQUFDO2dCQUM5QyxNQUFNLENBQUMseUJBQXlCLEdBQUcsU0FBUyxDQUFDO2dCQUM3QyxJQUFJLENBQUMsaUJBQWlCLENBQUMsd0JBQXdCLENBQUMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxDQUFDO1lBQ3pFLENBQUM7WUFDRCxJQUFJLENBQUMsaUJBQWlCLENBQUMsbUJBQW1CLENBQUMsTUFBTSxFQUFFLGtCQUFrQixDQUFDLENBQUM7UUFDekUsQ0FBQyxDQUFDLENBQUM7UUFFSCx3QkFBd0I7UUFDeEIsSUFBSSxDQUFDLGNBQWMsQ0FBQyxtQkFBbUIsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUVoRCx5Q0FBeUM7UUFDekMsWUFBWSxDQUFDLEVBQUUsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxLQUFhLEVBQUUsRUFBRTtZQUN4QyxNQUFNLENBQUMsU0FBUyxJQUFJLEtBQUssQ0FBQyxNQUFNLENBQUM7WUFDakMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDN0MsQ0FBQyxDQUFDLENBQUM7UUFFSCx3RUFBd0U7UUFDeEUsWUFBWSxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsR0FBRyxFQUFFO1lBQ2hDLDZDQUE2QztZQUM3QyxZQUFZLENBQUMsa0JBQWtCLENBQUMsT0FBTyxDQUFDLENBQUM7WUFFekMsMkRBQTJEO1lBQzNELFlBQVksQ0FBQyxFQUFFLENBQUMsT0FBTyxFQUFFLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxXQUFXLENBQUMsVUFBVSxFQUFFLE1BQU0sQ0FBQyxDQUFDLENBQUM7WUFFakYscUVBQXFFO1lBQ3JFLGdCQUFnQixFQUFFLENBQUM7WUFFbkIsNEJBQTRCO1lBQzVCLGlCQUFpQixHQUFHLElBQUksQ0FBQztZQUV6QixtQ0FBbUM7WUFDbkMsSUFBSSxNQUFNLENBQUMsV0FBVyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztnQkFDbEMsTUFBTSxZQUFZLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLENBQUM7Z0JBRXZELElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO29CQUN4QyxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSxnQkFBZ0IsWUFBWSxDQUFDLE1BQU0sa0NBQWtDLENBQ3RGLENBQUM7Z0JBQ0osQ0FBQztnQkFFRCxpQ0FBaUM7Z0JBQ2pDLFlBQVksQ0FBQyxLQUFLLENBQUMsWUFBWSxFQUFFLENBQUMsR0FBRyxFQUFFLEVBQUU7b0JBQ3ZDLElBQUksR0FBRyxFQUFFLENBQUM7d0JBQ1IsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLFlBQVksMkNBQTJDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO3dCQUN0RixPQUFPLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxtQkFBbUIsQ0FBQyxNQUFNLEVBQUUsYUFBYSxDQUFDLENBQUM7b0JBQzNFLENBQUM7Z0JBQ0gsQ0FBQyxDQUFDLENBQUM7Z0JBRUgsK0NBQStDO2dCQUMvQyxNQUFNLENBQUMsV0FBVyxHQUFHLEVBQUUsQ0FBQztnQkFDeEIsTUFBTSxDQUFDLGVBQWUsR0FBRyxDQUFDLENBQUM7WUFDN0IsQ0FBQztZQUVELHFEQUFxRDtZQUNyRCxNQUFNLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUFDO1lBQzFCLFlBQVksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7WUFFMUIseUNBQXlDO1lBQ3pDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUVoQix1REFBdUQ7WUFDdkQsSUFBSSxTQUFTLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUN6QixnRUFBZ0U7Z0JBQ2hFLEtBQUssTUFBTSxLQUFLLElBQUksU0FBUyxFQUFFLENBQUM7b0JBQzlCLFlBQVksQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUM7Z0JBQzVCLENBQUM7Z0JBQ0Qsa0JBQWtCO2dCQUNsQixTQUFTLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQztnQkFDckIsU0FBUyxHQUFHLENBQUMsQ0FBQztZQUNoQixDQUFDO1lBRUQsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFLENBQUM7Z0JBQ3hDLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLDZCQUE2QixNQUFNLENBQUMsUUFBUSxPQUFPLFVBQVUsSUFBSSxpQkFBaUIsQ0FBQyxJQUFJLEVBQUU7b0JBQ3ZHLEdBQ0UsVUFBVTt3QkFDUixDQUFDLENBQUMsVUFBVSxVQUFVLEdBQUc7d0JBQ3pCLENBQUMsQ0FBQyxZQUFZOzRCQUNkLENBQUMsQ0FBQyw0QkFBNEIsWUFBWSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEdBQUc7NEJBQ2hFLENBQUMsQ0FBQyxFQUNOLEVBQUU7b0JBQ0YsU0FBUyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLElBQUksaUJBQ2xDLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsSUFDaEMsRUFBRSxDQUNMLENBQUM7WUFDSixDQUFDO2lCQUFNLENBQUM7Z0JBQ04sT0FBTyxDQUFDLEdBQUcsQ0FDVCwyQkFBMkIsTUFBTSxDQUFDLFFBQVEsT0FBTyxVQUFVLElBQUksaUJBQWlCLENBQUMsSUFBSSxFQUFFO29CQUNyRixHQUNFLFVBQVU7d0JBQ1IsQ0FBQyxDQUFDLFVBQVUsVUFBVSxHQUFHO3dCQUN6QixDQUFDLENBQUMsWUFBWTs0QkFDZCxDQUFDLENBQUMsNEJBQTRCLFlBQVksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHOzRCQUNoRSxDQUFDLENBQUMsRUFDTixFQUFFLENBQ0wsQ0FBQztZQUNKLENBQUM7WUFFRCxtREFBbUQ7WUFDbkQsSUFBSSxVQUFVLEVBQUUsQ0FBQztnQkFDZiw0REFBNEQ7Z0JBQzVELE1BQU0sUUFBUSxHQUFHO29CQUNmLFFBQVEsRUFBRSxNQUFNLENBQUMsUUFBUTtvQkFDekIsVUFBVSxFQUFFLE1BQU0sQ0FBQyxRQUFRLENBQUMsVUFBVSxJQUFJLENBQUM7b0JBQzNDLE1BQU0sRUFBRSxNQUFNLENBQUMsUUFBUSxDQUFDLFlBQVksSUFBSSxFQUFFO29CQUMxQyxRQUFRLEVBQUUsTUFBTSxDQUFDLFFBQVEsQ0FBQyxTQUFTLElBQUksQ0FBQztpQkFDekMsQ0FBQztnQkFFRiwwQ0FBMEM7Z0JBQzFDLE1BQU0sb0JBQW9CLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQywwQkFBMEIsQ0FDckUsWUFBWSxFQUNaLFVBQVUsRUFDVixRQUFRLEVBQ1IsQ0FBQyxZQUFZLEVBQUUsTUFBTSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsaUJBQWlCLENBQUMsbUJBQW1CLENBQUMsTUFBTSxFQUFFLE1BQU0sQ0FBQyxDQUNyRixDQUFDO2dCQUVGLGdGQUFnRjtnQkFDaEYsTUFBTSxDQUFDLG9CQUFvQixHQUFHLG9CQUFvQixDQUFDO2dCQUVuRCxnQ0FBZ0M7Z0JBQ2hDLE1BQU0sQ0FBQyxFQUFFLENBQUMsTUFBTSxFQUFFLG9CQUFvQixDQUFDLENBQUM7Z0JBRXhDLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO29CQUN4QyxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSx5REFBeUQsVUFBVSxFQUFFLENBQ3RGLENBQUM7b0JBQ0YsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLGtCQUFrQixLQUFLLEtBQUssRUFBRSxDQUFDO3dCQUMvQyxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSx3RkFBd0YsQ0FDekcsQ0FBQztvQkFDSixDQUFDO2dCQUNILENBQUM7WUFDSCxDQUFDO1lBRUQseUJBQXlCO1lBQ3pCLE1BQU0sQ0FBQyxZQUFZLEdBQUcsSUFBSSxDQUFDLGNBQWMsQ0FBQyxzQkFBc0IsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxNQUFNLEVBQUUsTUFBTSxFQUFFLEVBQUU7Z0JBQzFGLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLHFCQUFxQixNQUFNLENBQUMsUUFBUSwwQ0FBMEMsQ0FDL0YsQ0FBQztnQkFDRixJQUFJLENBQUMsaUJBQWlCLENBQUMsbUJBQW1CLENBQUMsTUFBTSxFQUFFLE1BQU0sQ0FBQyxDQUFDO1lBQzdELENBQUMsQ0FBQyxDQUFDO1lBRUgscURBQXFEO1lBQ3JELElBQUksTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDO2dCQUNqQixNQUFNLENBQUMsb0JBQW9CLEdBQUcsSUFBSSxDQUFDO2dCQUVuQyxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLEVBQUUsQ0FBQztvQkFDeEMsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVksZ0RBQWdELE1BQU0sQ0FBQyxRQUFRLEVBQUUsQ0FDbEYsQ0FBQztnQkFDSixDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztDQUNGIn0=
|
|
801
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5wcC5jb25uZWN0aW9uaGFuZGxlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3RzL2NsYXNzZXMucHAuY29ubmVjdGlvbmhhbmRsZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLE9BQU8sTUFBTSxjQUFjLENBQUM7QUFNeEMsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0sbUNBQW1DLENBQUM7QUFDdEUsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLGlDQUFpQyxDQUFDO0FBQ2xFLE9BQU8sRUFBRSxtQkFBbUIsRUFBRSxNQUFNLHFDQUFxQyxDQUFDO0FBQzFFLE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSw0QkFBNEIsQ0FBQztBQUN4RCxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSxvQ0FBb0MsQ0FBQztBQUN4RSxPQUFPLEVBQUUsY0FBYyxFQUFFLE1BQU0sZ0NBQWdDLENBQUM7QUFDaEUsT0FBTyxFQUFFLGdCQUFnQixFQUFFLE1BQU0sa0NBQWtDLENBQUM7QUFDcEUsT0FBTyxFQUFFLFFBQVEsRUFBRSxNQUFNLDBCQUEwQixDQUFDO0FBRXBEOztHQUVHO0FBQ0gsTUFBTSxPQUFPLGlCQUFpQjtJQUM1QixZQUNVLFFBQTRCLEVBQzVCLGlCQUFvQyxFQUNwQyxlQUFnQyxFQUNoQyxtQkFBd0MsRUFDeEMsVUFBc0IsRUFDdEIsa0JBQXNDLEVBQ3RDLGNBQThCLEVBQzlCLGdCQUFrQztRQVBsQyxhQUFRLEdBQVIsUUFBUSxDQUFvQjtRQUM1QixzQkFBaUIsR0FBakIsaUJBQWlCLENBQW1CO1FBQ3BDLG9CQUFlLEdBQWYsZUFBZSxDQUFpQjtRQUNoQyx3QkFBbUIsR0FBbkIsbUJBQW1CLENBQXFCO1FBQ3hDLGVBQVUsR0FBVixVQUFVLENBQVk7UUFDdEIsdUJBQWtCLEdBQWxCLGtCQUFrQixDQUFvQjtRQUN0QyxtQkFBYyxHQUFkLGNBQWMsQ0FBZ0I7UUFDOUIscUJBQWdCLEdBQWhCLGdCQUFnQixDQUFrQjtJQUN6QyxDQUFDO0lBRUo7O09BRUc7SUFDSSxnQkFBZ0IsQ0FBQyxNQUEwQjtRQUNoRCxNQUFNLFFBQVEsR0FBRyxNQUFNLENBQUMsYUFBYSxJQUFJLEVBQUUsQ0FBQztRQUM1QyxNQUFNLFNBQVMsR0FBRyxNQUFNLENBQUMsU0FBUyxJQUFJLENBQUMsQ0FBQztRQUV4Qyx3REFBd0Q7UUFDeEQsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLGVBQWUsQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDL0QsSUFBSSxDQUFDLFlBQVksQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUMxQixPQUFPLENBQUMsR0FBRyxDQUFDLDRCQUE0QixRQUFRLEtBQUssWUFBWSxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUM7WUFDNUUsTUFBTSxDQUFDLEdBQUcsRUFBRSxDQUFDO1lBQ2IsTUFBTSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ2pCLE9BQU87UUFDVCxDQUFDO1FBRUQsaUNBQWlDO1FBQ2pDLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxnQkFBZ0IsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUMvRCxNQUFNLFlBQVksR0FBRyxNQUFNLENBQUMsRUFBRSxDQUFDO1FBRS9CLDZCQUE2QjtRQUM3QixNQUFNLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUM7UUFFekMsdUNBQXVDO1FBQ3ZDLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUM1QixNQUFNLENBQUMsWUFBWSxDQUFDLElBQUksRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixDQUFDLENBQUM7WUFDL0QsTUFBTSxDQUFDLFlBQVksR0FBRyxJQUFJLENBQUM7WUFFM0IsbURBQW1EO1lBQ25ELElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO2dCQUN4QyxJQUFJLENBQUM7b0JBQ0gsdURBQXVEO29CQUN2RCxJQUFJLG9CQUFvQixJQUFJLE1BQU0sRUFBRSxDQUFDO3dCQUNsQyxNQUFjLENBQUMsa0JBQWtCLENBQUMsRUFBRSxDQUFDLENBQUM7b0JBQ3pDLENBQUM7b0JBQ0QsSUFBSSxzQkFBc0IsSUFBSSxNQUFNLEVBQUUsQ0FBQzt3QkFDcEMsTUFBYyxDQUFDLG9CQUFvQixDQUFDLElBQUksQ0FBQyxDQUFDO29CQUM3QyxDQUFDO2dCQUNILENBQUM7Z0JBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztvQkFDYixrREFBa0Q7b0JBQ2xELElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO3dCQUN4QyxPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksWUFBWSxxREFBcUQsR0FBRyxFQUFFLENBQUMsQ0FBQztvQkFDMUYsQ0FBQztnQkFDSCxDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUM7UUFFRCxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLEVBQUUsQ0FBQztZQUN4QyxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSx5QkFBeUIsUUFBUSxZQUFZLFNBQVMsSUFBSTtnQkFDeEUsZUFBZSxNQUFNLENBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDLFVBQVUsSUFBSTtnQkFDL0QsdUJBQXVCLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxrQkFBa0IsRUFBRSxFQUFFLENBQ3ZFLENBQUM7UUFDSixDQUFDO2FBQU0sQ0FBQztZQUNOLE9BQU8sQ0FBQyxHQUFHLENBQ1QsdUJBQXVCLFFBQVEsWUFBWSxTQUFTLHlCQUF5QixJQUFJLENBQUMsaUJBQWlCLENBQUMsa0JBQWtCLEVBQUUsRUFBRSxDQUMzSCxDQUFDO1FBQ0osQ0FBQztRQUVELHdFQUF3RTtRQUN4RSxJQUFJLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxxQkFBcUIsQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUFDO1lBQzNELElBQUksQ0FBQyw0QkFBNEIsQ0FBQyxNQUFNLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFDcEQsQ0FBQzthQUFNLENBQUM7WUFDTiw2REFBNkQ7WUFDN0QsSUFBSSxDQUFDLHdCQUF3QixDQUFDLE1BQU0sRUFBRSxNQUFNLENBQUMsQ0FBQztRQUNoRCxDQUFDO0lBQ0gsQ0FBQztJQUVEOztPQUVHO0lBQ0ssNEJBQTRCLENBQ2xDLE1BQTBCLEVBQzFCLE1BQXlCO1FBRXpCLE1BQU0sWUFBWSxHQUFHLE1BQU0sQ0FBQyxFQUFFLENBQUM7UUFDL0IsSUFBSSxtQkFBbUIsR0FBRyxLQUFLLENBQUM7UUFFaEMsNENBQTRDO1FBQzVDLElBQUksY0FBYyxHQUEwQixVQUFVLENBQUMsR0FBRyxFQUFFO1lBQzFELElBQUksQ0FBQyxtQkFBbUIsRUFBRSxDQUFDO2dCQUN6QixPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSwyQkFBMkIsSUFBSSxDQUFDLFFBQVEsQ0FBQyxrQkFBa0IsMkJBQTJCLE1BQU0sQ0FBQyxRQUFRLEVBQUUsQ0FDeEgsQ0FBQztnQkFFRixzREFBc0Q7Z0JBQ3RELFVBQVUsQ0FBQyxHQUFHLEVBQUU7b0JBQ2QsSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7d0JBQ3pCLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxZQUFZLGlEQUFpRCxDQUFDLENBQUM7d0JBQy9FLElBQUksTUFBTSxDQUFDLHlCQUF5QixLQUFLLElBQUksRUFBRSxDQUFDOzRCQUM5QyxNQUFNLENBQUMseUJBQXlCLEdBQUcsaUJBQWlCLENBQUM7NEJBQ3JELElBQUksQ0FBQyxpQkFBaUIsQ0FBQyx3QkFBd0IsQ0FBQyxVQUFVLEVBQUUsaUJBQWlCLENBQUMsQ0FBQzt3QkFDakYsQ0FBQzt3QkFDRCxNQUFNLENBQUMsR0FBRyxFQUFFLENBQUM7d0JBQ2IsSUFBSSxDQUFDLGlCQUFpQixDQUFDLGlCQUFpQixDQUFDLE1BQU0sRUFBRSxpQkFBaUIsQ0FBQyxDQUFDO29CQUN0RSxDQUFDO2dCQUNILENBQUMsRUFBRSxLQUFLLENBQUMsQ0FBQyxDQUFDLHlCQUF5QjtZQUN0QyxDQUFDO1FBQ0gsQ0FBQyxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsa0JBQW1CLENBQUMsQ0FBQztRQUV0QyxtREFBbUQ7UUFDbkQsSUFBSSxjQUFjLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDekIsY0FBYyxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQ3pCLENBQUM7UUFFRCx1QkFBdUI7UUFDdkIsTUFBTSxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDLGlCQUFpQixDQUFDLFdBQVcsQ0FBQyxVQUFVLEVBQUUsTUFBTSxDQUFDLENBQUMsQ0FBQztRQUUzRSx1RUFBdUU7UUFDdkUsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQyxLQUFhLEVBQUUsRUFBRTtZQUNwQyxzREFBc0Q7WUFDdEQsSUFBSSxjQUFjLEVBQUUsQ0FBQztnQkFDbkIsWUFBWSxDQUFDLGNBQWMsQ0FBQyxDQUFDO2dCQUM3QixjQUFjLEdBQUcsSUFBSSxDQUFDO1lBQ3hCLENBQUM7WUFFRCxtQkFBbUIsR0FBRyxJQUFJLENBQUM7WUFDM0IsTUFBTSxDQUFDLHNCQUFzQixHQUFHLElBQUksQ0FBQztZQUVyQyx3Q0FBd0M7WUFDeEMsTUFBTSxTQUFTLEdBQUcsTUFBTSxDQUFDLFNBQVMsQ0FBQztZQUNuQyxJQUFJLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxjQUFjLENBQUMsS0FBSyxDQUFDLElBQUksU0FBUyxLQUFLLEdBQUcsRUFBRSxDQUFDO2dCQUNoRSxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSw2Q0FBNkM7b0JBQzNELDhFQUE4RSxDQUNqRixDQUFDO2dCQUNGLElBQUksTUFBTSxDQUFDLHlCQUF5QixLQUFLLElBQUksRUFBRSxDQUFDO29CQUM5QyxNQUFNLENBQUMseUJBQXlCLEdBQUcsaUJBQWlCLENBQUM7b0JBQ3JELElBQUksQ0FBQyxpQkFBaUIsQ0FBQyx3QkFBd0IsQ0FBQyxVQUFVLEVBQUUsaUJBQWlCLENBQUMsQ0FBQztnQkFDakYsQ0FBQztnQkFDRCxNQUFNLENBQUMsR0FBRyxFQUFFLENBQUM7Z0JBQ2IsSUFBSSxDQUFDLGlCQUFpQixDQUFDLGlCQUFpQixDQUFDLE1BQU0sRUFBRSxpQkFBaUIsQ0FBQyxDQUFDO2dCQUNwRSxPQUFPO1lBQ1QsQ0FBQztZQUVELDJDQUEyQztZQUMzQyxJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7Z0JBQzFDLE1BQU0sQ0FBQyxLQUFLLEdBQUcsSUFBSSxDQUFDO2dCQUVwQiwrRUFBK0U7Z0JBQy9FLElBQUksSUFBSSxDQUFDLFVBQVUsQ0FBQyxhQUFhLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztvQkFDekMsNENBQTRDO29CQUM1QyxNQUFNLFFBQVEsR0FBRzt3QkFDZixRQUFRLEVBQUUsTUFBTSxDQUFDLFFBQVE7d0JBQ3pCLFVBQVUsRUFBRSxNQUFNLENBQUMsVUFBVSxJQUFJLENBQUM7d0JBQ2xDLE1BQU0sRUFBRSxNQUFNLENBQUMsWUFBWSxJQUFJLEVBQUU7d0JBQ2pDLFFBQVEsRUFBRSxNQUFNLENBQUMsU0FBUyxJQUFJLENBQUM7cUJBQ2hDLENBQUM7b0JBRUYscUVBQXFFO29CQUNyRSxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLFVBQVUsQ0FBQyxLQUFLLEVBQUUsUUFBUSxDQUFDLENBQUM7b0JBRS9ELDZFQUE2RTtvQkFDN0UseUZBQXlGO29CQUN6RixJQUFJLFVBQVUsRUFBRSxDQUFDO3dCQUNmLGtEQUFrRDt3QkFDbEQsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLG1CQUFtQixDQUFDLGdCQUFnQixDQUFDLFVBQVUsQ0FBQyxDQUFDO3dCQUMzRSxNQUFNLENBQUMsWUFBWSxHQUFHLFlBQVksQ0FBQzt3QkFDbkMsTUFBTSxDQUFDLFlBQVksR0FBRyxVQUFVLENBQUM7d0JBRWpDLHNEQUFzRDt3QkFDdEQsSUFBSSxZQUFZLElBQUksSUFBSSxDQUFDLG1CQUFtQixDQUFDLHFCQUFxQixDQUFDLFlBQVksQ0FBQyxFQUFFLENBQUM7NEJBQ2pGLE1BQU0sZ0JBQWdCLEdBQUcsSUFBSSxDQUFDLG1CQUFtQixDQUFDLG1CQUFtQixDQUFDLFlBQVksQ0FBQyxDQUFDOzRCQUVwRixJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLEVBQUUsQ0FBQztnQ0FDeEMsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVksNENBQTRDLFVBQVUsWUFBWSxnQkFBZ0IsRUFBRSxDQUNyRyxDQUFDOzRCQUNKLENBQUM7NEJBRUQsb0RBQW9EOzRCQUNwRCxJQUFJLENBQUMsa0JBQWtCLENBQUMscUJBQXFCLENBQzNDLFlBQVksRUFDWixNQUFNLEVBQ04sTUFBTSxFQUNOLEtBQUssRUFDTCxnQkFBZ0IsRUFDaEIsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxtQkFBbUIsQ0FBQyxNQUFNLEVBQUUsTUFBTSxDQUFDLENBQ3ZFLENBQUM7NEJBQ0YsT0FBTzt3QkFDVCxDQUFDO29CQUNILENBQUM7eUJBQU0sSUFDTCxJQUFJLENBQUMsUUFBUSxDQUFDLGtCQUFrQixLQUFLLEtBQUs7d0JBQzFDLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLEVBQ25DLENBQUM7d0JBQ0QsNEVBQTRFO3dCQUM1RSxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSx1RUFBdUUsQ0FDeEYsQ0FBQztvQkFDSixDQUFDO2dCQUNILENBQUM7Z0JBRUQsb0VBQW9FO2dCQUNwRSxJQUFJLENBQUMsa0JBQWtCLENBQUMscUJBQXFCLENBQzNDLFlBQVksRUFDWixNQUFNLEVBQ04sTUFBTSxFQUNOLEtBQUssRUFDTCxTQUFTLEVBQ1QsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxtQkFBbUIsQ0FBQyxNQUFNLEVBQUUsTUFBTSxDQUFDLENBQ3ZFLENBQUM7WUFDSixDQUFDO2lCQUFNLENBQUM7Z0JBQ04sMkNBQTJDO2dCQUMzQyxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSw2Q0FBNkMsTUFBTSxDQUFDLFNBQVMsRUFBRSxDQUNoRixDQUFDO2dCQUNGLElBQUksQ0FBQyxxQkFBcUIsQ0FBQyxNQUFNLEVBQUUsTUFBTSxFQUFFLFNBQVMsRUFBRSxTQUFTLEVBQUUsS0FBSyxDQUFDLENBQUM7WUFDMUUsQ0FBQztRQUNILENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVEOztPQUVHO0lBQ0ssd0JBQXdCLENBQUMsTUFBMEIsRUFBRSxNQUF5QjtRQUNwRixNQUFNLFlBQVksR0FBRyxNQUFNLENBQUMsRUFBRSxDQUFDO1FBQy9CLE1BQU0sU0FBUyxHQUFHLE1BQU0sQ0FBQyxTQUFTLENBQUM7UUFFbkMsMkNBQTJDO1FBQzNDLE1BQU0sd0JBQXdCLEdBQUcsQ0FBQyxNQUFjLEVBQUUsVUFBa0IsRUFBRSxFQUFFO1lBQ3RFLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxZQUFZLEtBQUssVUFBVSxFQUFFLENBQUMsQ0FBQztZQUMvQyxNQUFNLENBQUMsR0FBRyxFQUFFLENBQUM7WUFDYixJQUFJLE1BQU0sQ0FBQyx5QkFBeUIsS0FBSyxJQUFJLEVBQUUsQ0FBQztnQkFDOUMsTUFBTSxDQUFDLHlCQUF5QixHQUFHLE1BQU0sQ0FBQztnQkFDMUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLHdCQUF3QixDQUFDLFVBQVUsRUFBRSxNQUFNLENBQUMsQ0FBQztZQUN0RSxDQUFDO1lBQ0QsSUFBSSxDQUFDLGlCQUFpQixDQUFDLGlCQUFpQixDQUFDLE1BQU0sRUFBRSxNQUFNLENBQUMsQ0FBQztRQUMzRCxDQUFDLENBQUM7UUFFRixJQUFJLG1CQUFtQixHQUFHLEtBQUssQ0FBQztRQUVoQyxnREFBZ0Q7UUFDaEQsSUFBSSxjQUFjLEdBQTBCLElBQUksQ0FBQztRQUNqRCxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDN0IsY0FBYyxHQUFHLFVBQVUsQ0FBQyxHQUFHLEVBQUU7Z0JBQy9CLElBQUksQ0FBQyxtQkFBbUIsRUFBRSxDQUFDO29CQUN6QixPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSwyQkFBMkIsSUFBSSxDQUFDLFFBQVEsQ0FBQyxrQkFBa0IsMkJBQTJCLE1BQU0sQ0FBQyxRQUFRLEVBQUUsQ0FDeEgsQ0FBQztvQkFFRixzREFBc0Q7b0JBQ3RELFVBQVUsQ0FBQyxHQUFHLEVBQUU7d0JBQ2QsSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7NEJBQ3pCLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxZQUFZLGlEQUFpRCxDQUFDLENBQUM7NEJBQy9FLElBQUksTUFBTSxDQUFDLHlCQUF5QixLQUFLLElBQUksRUFBRSxDQUFDO2dDQUM5QyxNQUFNLENBQUMseUJBQXlCLEdBQUcsaUJBQWlCLENBQUM7Z0NBQ3JELElBQUksQ0FBQyxpQkFBaUIsQ0FBQyx3QkFBd0IsQ0FBQyxVQUFVLEVBQUUsaUJBQWlCLENBQUMsQ0FBQzs0QkFDakYsQ0FBQzs0QkFDRCxNQUFNLENBQUMsR0FBRyxFQUFFLENBQUM7NEJBQ2IsSUFBSSxDQUFDLGlCQUFpQixDQUFDLGlCQUFpQixDQUFDLE1BQU0sRUFBRSxpQkFBaUIsQ0FBQyxDQUFDO3dCQUN0RSxDQUFDO29CQUNILENBQUMsRUFBRSxLQUFLLENBQUMsQ0FBQyxDQUFDLHlCQUF5QjtnQkFDdEMsQ0FBQztZQUNILENBQUMsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLGtCQUFtQixDQUFDLENBQUM7WUFFdEMsbURBQW1EO1lBQ25ELElBQUksY0FBYyxDQUFDLEtBQUssRUFBRSxDQUFDO2dCQUN6QixjQUFjLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDekIsQ0FBQztRQUNILENBQUM7YUFBTSxDQUFDO1lBQ04sbUJBQW1CLEdBQUcsSUFBSSxDQUFDO1lBQzNCLE1BQU0sQ0FBQyxzQkFBc0IsR0FBRyxJQUFJLENBQUM7UUFDdkMsQ0FBQztRQUVELE1BQU0sQ0FBQyxFQUFFLENBQUMsT0FBTyxFQUFFLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxXQUFXLENBQUMsVUFBVSxFQUFFLE1BQU0sQ0FBQyxDQUFDLENBQUM7UUFFM0UsZ0NBQWdDO1FBQ2hDLE1BQU0sQ0FBQyxFQUFFLENBQUMsTUFBTSxFQUFFLENBQUMsS0FBYSxFQUFFLEVBQUU7WUFDbEMsTUFBTSxDQUFDLGFBQWEsSUFBSSxLQUFLLENBQUMsTUFBTSxDQUFDO1lBQ3JDLElBQUksQ0FBQyxjQUFjLENBQUMsY0FBYyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBRTNDLHFEQUFxRDtZQUNyRCxJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssSUFBSSxJQUFJLENBQUMsVUFBVSxDQUFDLGNBQWMsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO2dCQUMzRCxNQUFNLENBQUMsS0FBSyxHQUFHLElBQUksQ0FBQztnQkFFcEIsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFLENBQUM7b0JBQ3hDLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLGlDQUFpQyxNQUFNLENBQUMsUUFBUSxLQUFLLEtBQUssQ0FBQyxNQUFNLFFBQVEsQ0FDMUYsQ0FBQztnQkFDSixDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUMsQ0FBQyxDQUFDO1FBRUg7O1dBRUc7UUFDSCxNQUFNLGVBQWUsR0FBRyxDQUN0QixVQUFrQixFQUNsQixZQUFxQixFQUNyQixZQUE0QixFQUM1QixZQUFxQixFQUNyQixFQUFFO1lBQ0Ysc0RBQXNEO1lBQ3RELElBQUksY0FBYyxFQUFFLENBQUM7Z0JBQ25CLFlBQVksQ0FBQyxjQUFjLENBQUMsQ0FBQztnQkFDN0IsY0FBYyxHQUFHLElBQUksQ0FBQztZQUN4QixDQUFDO1lBRUQsd0NBQXdDO1lBQ3hDLG1CQUFtQixHQUFHLElBQUksQ0FBQztZQUMzQixNQUFNLENBQUMsc0JBQXNCLEdBQUcsSUFBSSxDQUFDO1lBRXJDLDJDQUEyQztZQUMzQyxJQUFJLFlBQVksSUFBSSxJQUFJLENBQUMsVUFBVSxDQUFDLGNBQWMsQ0FBQyxZQUFZLENBQUMsRUFBRSxDQUFDO2dCQUNqRSxNQUFNLENBQUMsS0FBSyxHQUFHLElBQUksQ0FBQztnQkFFcEIsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFLENBQUM7b0JBQ3hDLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLHNDQUFzQyxZQUFZLENBQUMsTUFBTSxRQUFRLENBQ2xGLENBQUM7Z0JBQ0osQ0FBQztZQUNILENBQUM7WUFFRCwrRkFBK0Y7WUFDL0YsTUFBTSxZQUFZLEdBQUcsWUFBWTtnQkFDL0IsQ0FBQyxDQUFDLFlBQVk7Z0JBQ2QsQ0FBQyxDQUFDLFVBQVU7b0JBQ1osQ0FBQyxDQUFDLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxnQkFBZ0IsQ0FBQyxVQUFVLENBQUM7b0JBQ3ZELENBQUMsQ0FBQyxTQUFTLENBQUM7WUFFZCwwQ0FBMEM7WUFDMUMsTUFBTSxDQUFDLFlBQVksR0FBRyxZQUFZLENBQUM7WUFFbkMseUVBQXlFO1lBQ3pFLElBQ0UsWUFBWTtnQkFDWixJQUFJLENBQUMsbUJBQW1CLENBQUMscUJBQXFCLENBQUMsWUFBWSxDQUFDO2dCQUM1RCxJQUFJLENBQUMsa0JBQWtCLENBQUMsZUFBZSxFQUFFLEVBQ3pDLENBQUM7Z0JBQ0QsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFLENBQUM7b0JBQ3hDLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxZQUFZLFlBQVksVUFBVSxvQ0FBb0MsQ0FBQyxDQUFDO2dCQUMxRixDQUFDO2dCQUVELE1BQU0sZ0JBQWdCLEdBQUcsSUFBSSxDQUFDLG1CQUFtQixDQUFDLG1CQUFtQixDQUFDLFlBQVksQ0FBQyxDQUFDO2dCQUVwRixJQUFJLFlBQVksSUFBSSxNQUFNLENBQUMsS0FBSyxFQUFFLENBQUM7b0JBQ2pDLGtFQUFrRTtvQkFDbEUsSUFBSSxDQUFDLGtCQUFrQixDQUFDLHFCQUFxQixDQUMzQyxZQUFZLEVBQ1osTUFBTSxFQUNOLE1BQU0sRUFDTixZQUFZLEVBQ1osZ0JBQWdCLEVBQ2hCLENBQUMsTUFBTSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsaUJBQWlCLENBQUMsbUJBQW1CLENBQUMsTUFBTSxFQUFFLE1BQU0sQ0FBQyxDQUN2RSxDQUFDO29CQUNGLE9BQU8sQ0FBQywrQkFBK0I7Z0JBQ3pDLENBQUM7WUFDSCxDQUFDO1lBRUQsZ0JBQWdCO1lBQ2hCLElBQUksWUFBWSxFQUFFLENBQUM7Z0JBQ2pCLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxtQkFBbUIsQ0FBQyxZQUFZLENBQUMsQ0FBQztnQkFFM0UsNENBQTRDO2dCQUM1QyxJQUNFLFlBQVksQ0FBQyxVQUFVLENBQUMsTUFBTSxHQUFHLENBQUM7b0JBQ2xDLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxjQUFjLENBQ2xDLE1BQU0sQ0FBQyxRQUFRLEVBQ2YsT0FBTyxDQUFDLFVBQVUsRUFDbEIsT0FBTyxDQUFDLFVBQVUsQ0FDbkIsRUFDRCxDQUFDO29CQUNELE9BQU8sd0JBQXdCLENBQzdCLFVBQVUsRUFDViwyQkFDRSxNQUFNLENBQUMsUUFDVCwyQkFBMkIsWUFBWSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FDN0QsQ0FBQztnQkFDSixDQUFDO1lBQ0gsQ0FBQztpQkFBTSxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsaUJBQWlCLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7Z0JBQ3pGLElBQ0UsQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDLGNBQWMsQ0FDbEMsTUFBTSxDQUFDLFFBQVEsRUFDZixJQUFJLENBQUMsUUFBUSxDQUFDLGlCQUFpQixFQUMvQixJQUFJLENBQUMsUUFBUSxDQUFDLGlCQUFpQixJQUFJLEVBQUUsQ0FDdEMsRUFDRCxDQUFDO29CQUNELE9BQU8sd0JBQXdCLENBQzdCLFVBQVUsRUFDViwyQkFBMkIsTUFBTSxDQUFDLFFBQVEsc0NBQXNDLENBQ2pGLENBQUM7Z0JBQ0osQ0FBQztZQUNILENBQUM7WUFFRCx1QkFBdUI7WUFDdkIsSUFBSSxVQUFVLEVBQUUsQ0FBQztnQkFDZixNQUFNLENBQUMsWUFBWSxHQUFHLFVBQVUsQ0FBQztZQUNuQyxDQUFDO1lBRUQsK0JBQStCO1lBQy9CLElBQUksQ0FBQyxxQkFBcUIsQ0FDeEIsTUFBTSxFQUNOLE1BQU0sRUFDTixZQUFZLEVBQ1osVUFBVSxFQUNWLFlBQVksRUFDWixZQUFZLENBQ2IsQ0FBQztRQUNKLENBQUMsQ0FBQztRQUVGLG9DQUFvQztRQUNwQyw0RkFBNEY7UUFDNUYsSUFBSSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsb0JBQW9CLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQztZQUMxRCxJQUFJLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyx5QkFBeUIsQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUFDO2dCQUMvRCxJQUNFLElBQUksQ0FBQyxRQUFRLENBQUMsaUJBQWlCO29CQUMvQixJQUFJLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDLE1BQU0sR0FBRyxDQUFDO29CQUMxQyxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsY0FBYyxDQUFDLE1BQU0sQ0FBQyxRQUFRLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQyxFQUN0RixDQUFDO29CQUNELE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLHFCQUFxQixNQUFNLENBQUMsUUFBUSxpQkFBaUIsTUFBTSxDQUFDLFFBQVEsOENBQThDLENBQ25JLENBQUM7b0JBQ0YsTUFBTSxDQUFDLEdBQUcsRUFBRSxDQUFDO29CQUNiLE9BQU87Z0JBQ1QsQ0FBQztnQkFDRCxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLEVBQUUsQ0FBQztvQkFDeEMsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVksZ0NBQWdDLE1BQU0sQ0FBQyxRQUFRLFlBQVksU0FBUyxrQ0FBa0MsSUFBSSxDQUFDLFFBQVEsQ0FBQyxRQUFRLEdBQUcsQ0FDaEosQ0FBQztnQkFDSixDQUFDO2dCQUNELGVBQWUsQ0FDYixFQUFFLEVBQ0YsU0FBUyxFQUNUO29CQUNFLE9BQU8sRUFBRSxDQUFDLFFBQVEsQ0FBQztvQkFDbkIsVUFBVSxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsaUJBQWlCLElBQUksRUFBRTtvQkFDakQsVUFBVSxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsaUJBQWlCLElBQUksRUFBRTtvQkFDakQsU0FBUyxFQUFFLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxRQUFTLENBQUM7b0JBQ3BDLFVBQVUsRUFBRSxFQUFFO2lCQUNmLEVBQ0QsU0FBUyxDQUNWLENBQUM7Z0JBQ0YsT0FBTztZQUNULENBQUM7aUJBQU0sQ0FBQztnQkFDTiwyRUFBMkU7Z0JBQzNFLE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyx1QkFBdUIsQ0FBQyxTQUFTLENBQUMsQ0FBQztnQkFFakYsSUFBSSxZQUFZLEVBQUUsQ0FBQztvQkFDakIsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLG1CQUFtQixDQUFDLG1CQUFtQixDQUFDLFlBQVksQ0FBQyxDQUFDO29CQUUzRSxJQUNFLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxjQUFjLENBQ2xDLE1BQU0sQ0FBQyxRQUFRLEVBQ2YsT0FBTyxDQUFDLFVBQVUsRUFDbEIsT0FBTyxDQUFDLFVBQVUsQ0FDbkIsRUFDRCxDQUFDO3dCQUNELE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLHFCQUNkLE1BQU0sQ0FBQyxRQUNULHdDQUF3QyxZQUFZLENBQUMsT0FBTyxDQUFDLElBQUksQ0FDL0QsSUFBSSxDQUNMLFlBQVksU0FBUyxHQUFHLENBQzFCLENBQUM7d0JBQ0YsTUFBTSxDQUFDLEdBQUcsRUFBRSxDQUFDO3dCQUNiLE9BQU87b0JBQ1QsQ0FBQztvQkFFRCxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLEVBQUUsQ0FBQzt3QkFDeEMsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVksZ0NBQ2QsTUFBTSxDQUFDLFFBQ1QsWUFBWSxTQUFTLG1CQUFtQixZQUFZLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUMzRSxDQUFDO29CQUNKLENBQUM7b0JBRUQsZUFBZSxDQUFDLEVBQUUsRUFBRSxTQUFTLEVBQUUsWUFBWSxFQUFFLFNBQVMsQ0FBQyxDQUFDO29CQUN4RCxPQUFPO2dCQUNULENBQUM7Z0JBQ0QsNEVBQTRFO1lBQzlFLENBQUM7UUFDSCxDQUFDO1FBRUQseUVBQXlFO1FBQ3pFLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUM3QixtQkFBbUIsR0FBRyxLQUFLLENBQUM7WUFFNUIsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQyxLQUFhLEVBQUUsRUFBRTtnQkFDcEMsNEJBQTRCO2dCQUM1QixJQUFJLGNBQWMsRUFBRSxDQUFDO29CQUNuQixZQUFZLENBQUMsY0FBYyxDQUFDLENBQUM7b0JBQzdCLGNBQWMsR0FBRyxJQUFJLENBQUM7Z0JBQ3hCLENBQUM7Z0JBRUQsbUJBQW1CLEdBQUcsSUFBSSxDQUFDO2dCQUUzQix3Q0FBd0M7Z0JBQ3hDLElBQUksQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLGNBQWMsQ0FBQyxLQUFLLENBQUMsSUFBSSxTQUFTLEtBQUssR0FBRyxFQUFFLENBQUM7b0JBQ2hFLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLDREQUE0RDt3QkFDMUUsOEVBQThFLENBQ2pGLENBQUM7b0JBQ0YsSUFBSSxNQUFNLENBQUMseUJBQXlCLEtBQUssSUFBSSxFQUFFLENBQUM7d0JBQzlDLE1BQU0sQ0FBQyx5QkFBeUIsR0FBRyxpQkFBaUIsQ0FBQzt3QkFDckQsSUFBSSxDQUFDLGlCQUFpQixDQUFDLHdCQUF3QixDQUFDLFVBQVUsRUFBRSxpQkFBaUIsQ0FBQyxDQUFDO29CQUNqRixDQUFDO29CQUNELE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQztvQkFDYixJQUFJLENBQUMsaUJBQWlCLENBQUMsaUJBQWlCLENBQUMsTUFBTSxFQUFFLGlCQUFpQixDQUFDLENBQUM7b0JBQ3BFLE9BQU87Z0JBQ1QsQ0FBQztnQkFFRCxxQkFBcUI7Z0JBQ3JCLElBQUksVUFBVSxHQUFHLEVBQUUsQ0FBQztnQkFFcEIsSUFBSSxJQUFJLENBQUMsVUFBVSxDQUFDLGNBQWMsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO29CQUMxQyxNQUFNLENBQUMsS0FBSyxHQUFHLElBQUksQ0FBQztvQkFFcEIsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFLENBQUM7d0JBQ3hDLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLHdDQUF3QyxLQUFLLENBQUMsTUFBTSxRQUFRLENBQzdFLENBQUM7b0JBQ0osQ0FBQztvQkFFRCxtREFBbUQ7b0JBQ25ELE1BQU0sUUFBUSxHQUFHO3dCQUNmLFFBQVEsRUFBRSxNQUFNLENBQUMsUUFBUTt3QkFDekIsVUFBVSxFQUFFLE1BQU0sQ0FBQyxVQUFVLElBQUksQ0FBQzt3QkFDbEMsTUFBTSxFQUFFLE1BQU0sQ0FBQyxZQUFZLElBQUksRUFBRTt3QkFDakMsUUFBUSxFQUFFLE1BQU0sQ0FBQyxTQUFTLElBQUksQ0FBQztxQkFDaEMsQ0FBQztvQkFFRixjQUFjO29CQUNkLFVBQVUsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLFVBQVUsQ0FBQyxLQUFLLEVBQUUsUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDO29CQUUvRCxpR0FBaUc7b0JBQ2pHLElBQ0UsSUFBSSxDQUFDLFFBQVEsQ0FBQyxrQkFBa0IsS0FBSyxLQUFLO3dCQUMxQyxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsQ0FBQyxLQUFLLENBQUM7d0JBQ3BDLENBQUMsVUFBVSxFQUNYLENBQUM7d0JBQ0QsaUVBQWlFO3dCQUNqRSxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSxpRUFBaUU7NEJBQy9FLDJGQUEyRixDQUM5RixDQUFDO3dCQUVGLElBQUksQ0FBQzs0QkFDSCwrQ0FBK0M7NEJBQy9DLDJEQUEyRDs0QkFDM0QsTUFBTSxDQUFDLElBQUksRUFBRSxDQUFDOzRCQUNkLE1BQU0sQ0FBQyxLQUFLLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDOzRCQUMvQyxNQUFNLENBQUMsTUFBTSxFQUFFLENBQUM7NEJBRWhCLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLGlFQUFpRSxDQUNsRixDQUFDOzRCQUVGLCtEQUErRDs0QkFDL0QsTUFBTSxDQUFDLGtCQUFrQixDQUFDLE1BQU0sQ0FBQyxDQUFDOzRCQUVsQyx3REFBd0Q7NEJBQ3hELE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLENBQUMsVUFBVSxFQUFFLEVBQUU7Z0NBQ2pDLGtEQUFrRDtnQ0FDbEQsSUFBSSxNQUFNLENBQUMsb0JBQW9CLEVBQUUsQ0FBQztvQ0FDaEMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO29DQUMxQyxNQUFNLENBQUMsb0JBQW9CLEdBQUcsSUFBSSxDQUFDO2dDQUNyQyxDQUFDO2dDQUVELHFDQUFxQztnQ0FDckMsSUFBSSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsQ0FBQyxVQUFVLENBQUMsRUFBRSxDQUFDO29DQUM5QyxPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksWUFBWSx3Q0FBd0MsQ0FBQyxDQUFDO29DQUV0RSx1Q0FBdUM7b0NBQ3ZDLE1BQU0sYUFBYSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLFVBQVUsRUFBRSxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7b0NBRTdFLElBQUksYUFBYSxFQUFFLENBQUM7d0NBQ2xCLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxZQUFZLG1DQUFtQyxhQUFhLEVBQUUsQ0FBQyxDQUFDO3dDQUVoRixxQ0FBcUM7d0NBQ3JDLE1BQU0sQ0FBQyxZQUFZLEdBQUcsYUFBYSxDQUFDO3dDQUVwQyxxRUFBcUU7d0NBQ3JFLGVBQWUsQ0FBQyxhQUFhLEVBQUUsVUFBVSxDQUFDLENBQUM7b0NBQzdDLENBQUM7eUNBQU0sQ0FBQzt3Q0FDTixPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSx5REFBeUQsQ0FDMUUsQ0FBQzt3Q0FFRiwrREFBK0Q7d0NBQy9ELElBQUksTUFBTSxDQUFDLHlCQUF5QixLQUFLLElBQUksRUFBRSxDQUFDOzRDQUM5QyxNQUFNLENBQUMseUJBQXlCLEdBQUcsK0JBQStCLENBQUM7NENBQ25FLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyx3QkFBd0IsQ0FDN0MsVUFBVSxFQUNWLCtCQUErQixDQUNoQyxDQUFDO3dDQUNKLENBQUM7d0NBRUQseURBQXlEO3dDQUN6RCxRQUFRLENBQUMsZUFBZSxDQUFDLE1BQU0sQ0FBQzs2Q0FDN0IsS0FBSyxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUU7NENBQ2IsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLFlBQVksaUNBQWlDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO3dDQUM5RSxDQUFDLENBQUM7NkNBQ0QsT0FBTyxDQUFDLEdBQUcsRUFBRTs0Q0FDWiwyQ0FBMkM7NENBQzNDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxpQkFBaUIsQ0FDdEMsTUFBTSxFQUNOLCtCQUErQixDQUNoQyxDQUFDO3dDQUNKLENBQUMsQ0FBQyxDQUFDO29DQUNQLENBQUM7Z0NBQ0gsQ0FBQztxQ0FBTSxDQUFDO29DQUNOLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLGlFQUFpRSxDQUNsRixDQUFDO29DQUVGLHFFQUFxRTtvQ0FDckUsSUFBSSxNQUFNLENBQUMseUJBQXlCLEtBQUssSUFBSSxFQUFFLENBQUM7d0NBQzlDLE1BQU0sQ0FBQyx5QkFBeUIsR0FBRyxrQkFBa0IsQ0FBQzt3Q0FDdEQsSUFBSSxDQUFDLGlCQUFpQixDQUFDLHdCQUF3QixDQUFDLFVBQVUsRUFBRSxrQkFBa0IsQ0FBQyxDQUFDO29DQUNsRixDQUFDO29DQUVELDZEQUE2RDtvQ0FDN0QsUUFBUSxDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsUUFBUSxDQUFDLFdBQVcsRUFBRSxRQUFRLENBQUMsZ0JBQWdCLEVBQUUsSUFBSSxDQUFDO3lDQUN6RSxLQUFLLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRTt3Q0FDYixPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSwyQ0FBMkMsR0FBRyxDQUFDLE9BQU8sRUFBRSxDQUN6RSxDQUFDO29DQUNKLENBQUMsQ0FBQzt5Q0FDRCxPQUFPLENBQUMsR0FBRyxFQUFFO3dDQUNaLDJDQUEyQzt3Q0FDM0MsSUFBSSxDQUFDLGlCQUFpQixDQUFDLGlCQUFpQixDQUFDLE1BQU0sRUFBRSxrQkFBa0IsQ0FBQyxDQUFDO29DQUN2RSxDQUFDLENBQUMsQ0FBQztnQ0FDUCxDQUFDOzRCQUNILENBQUMsQ0FBQyxDQUFDOzRCQUVILDREQUE0RDs0QkFDNUQsTUFBTSxlQUFlLEdBQUcsVUFBVSxDQUFDLEdBQUcsRUFBRTtnQ0FDdEMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLFlBQVksK0NBQStDLENBQUMsQ0FBQztnQ0FFN0UsSUFBSSxNQUFNLENBQUMseUJBQXlCLEtBQUssSUFBSSxFQUFFLENBQUM7b0NBQzlDLE1BQU0sQ0FBQyx5QkFBeUIsR0FBRyxlQUFlLENBQUM7b0NBQ25ELElBQUksQ0FBQyxpQkFBaUIsQ0FBQyx3QkFBd0IsQ0FBQyxVQUFVLEVBQUUsZUFBZSxDQUFDLENBQUM7Z0NBQy9FLENBQUM7Z0NBRUQseURBQXlEO2dDQUN6RCxRQUFRLENBQUMsZUFBZSxDQUFDLE1BQU0sQ0FBQztxQ0FDN0IsS0FBSyxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUU7b0NBQ2IsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLFlBQVksaUNBQWlDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO2dDQUM5RSxDQUFDLENBQUM7cUNBQ0QsT0FBTyxDQUFDLEdBQUcsRUFBRTtvQ0FDWiwyQ0FBMkM7b0NBQzNDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxpQkFBaUIsQ0FBQyxNQUFNLEVBQUUsZUFBZSxDQUFDLENBQUM7Z0NBQ3BFLENBQUMsQ0FBQyxDQUFDOzRCQUNQLENBQUMsRUFBRSxLQUFLLENBQUMsQ0FBQyxDQUFDLG9CQUFvQjs0QkFFL0IsdURBQXVEOzRCQUN2RCxJQUFJLGVBQWUsQ0FBQyxLQUFLLEVBQUUsQ0FBQztnQ0FDMUIsZUFBZSxDQUFDLEtBQUssRUFBRSxDQUFDOzRCQUMxQixDQUFDOzRCQUVELHNFQUFzRTs0QkFDdEUsTUFBTSxDQUFDLG9CQUFvQixHQUFHLGVBQWUsQ0FBQzt3QkFDaEQsQ0FBQzt3QkFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDOzRCQUNiLGlFQUFpRTs0QkFDakUsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLFlBQVksOEJBQThCLEdBQUcsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDOzRCQUN6RSxNQUFNLENBQUMsR0FBRyxFQUFFLENBQUM7NEJBQ2IsSUFBSSxDQUFDLGlCQUFpQixDQUFDLGlCQUFpQixDQUFDLE1BQU0sRUFBRSwrQkFBK0IsQ0FBQyxDQUFDO3dCQUNwRixDQUFDO3dCQUVELDBDQUEwQzt3QkFDMUMsT0FBTztvQkFDVCxDQUFDO2dCQUNILENBQUM7Z0JBRUQsNkNBQTZDO2dCQUM3QyxNQUFNLENBQUMsWUFBWSxHQUFHLFVBQVUsQ0FBQztnQkFFakMsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFLENBQUM7b0JBQ3hDLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLDhCQUE4QixNQUFNLENBQUMsUUFBUSxjQUMzRCxVQUFVLElBQUksU0FDaEIsRUFBRSxDQUNILENBQUM7Z0JBQ0osQ0FBQztnQkFFRCxlQUFlLENBQUMsVUFBVSxFQUFFLEtBQUssQ0FBQyxDQUFDO1lBQ3JDLENBQUMsQ0FBQyxDQUFDO1FBQ0wsQ0FBQzthQUFNLENBQUM7WUFDTixtQkFBbUIsR0FBRyxJQUFJLENBQUM7WUFDM0IsTUFBTSxDQUFDLHNCQUFzQixHQUFHLElBQUksQ0FBQztZQUVyQyxJQUNFLElBQUksQ0FBQyxRQUFRLENBQUMsaUJBQWlCO2dCQUMvQixJQUFJLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDLE1BQU0sR0FBRyxDQUFDO2dCQUMxQyxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsY0FBYyxDQUFDLE1BQU0sQ0FBQyxRQUFRLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQyxFQUN0RixDQUFDO2dCQUNELE9BQU8sd0JBQXdCLENBQzdCLFVBQVUsRUFDViwyQkFBMkIsTUFBTSxDQUFDLFFBQVEscUNBQXFDLENBQ2hGLENBQUM7WUFDSixDQUFDO1lBRUQsZUFBZSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ3RCLENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSyxxQkFBcUIsQ0FDM0IsTUFBMEIsRUFDMUIsTUFBeUIsRUFDekIsWUFBNEIsRUFDNUIsVUFBbUIsRUFDbkIsWUFBcUIsRUFDckIsWUFBcUI7UUFFckIsTUFBTSxZQUFZLEdBQUcsTUFBTSxDQUFDLEVBQUUsQ0FBQztRQUUvQix3QkFBd0I7UUFDeEIsTUFBTSxVQUFVLEdBQUcsWUFBWTtZQUM3QixDQUFDLENBQUMsSUFBSSxDQUFDLG1CQUFtQixDQUFDLFdBQVcsQ0FBQyxZQUFZLENBQUM7WUFDcEQsQ0FBQyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsUUFBUyxDQUFDO1FBRTVCLHdCQUF3QjtRQUN4QixNQUFNLFVBQVUsR0FBRyxZQUFZLEtBQUssU0FBUyxDQUFDLENBQUMsQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDO1FBRXBGLDJCQUEyQjtRQUMzQixNQUFNLGlCQUFpQixHQUErQjtZQUNwRCxJQUFJLEVBQUUsVUFBVTtZQUNoQixJQUFJLEVBQUUsVUFBVTtTQUNqQixDQUFDO1FBRUYsbUNBQW1DO1FBQ25DLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1lBQ25DLGlCQUFpQixDQUFDLFlBQVksR0FBRyxNQUFNLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxTQUFTLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDMUUsQ0FBQztRQUVELHdDQUF3QztRQUN4QyxNQUFNLFNBQVMsR0FBYSxFQUFFLENBQUM7UUFDL0IsSUFBSSxTQUFTLEdBQUcsQ0FBQyxDQUFDO1FBQ2xCLElBQUksZUFBZSxHQUFHLEtBQUssQ0FBQztRQUM1QixJQUFJLFlBQVksR0FBRyxLQUFLLENBQUM7UUFDekIsSUFBSSxpQkFBaUIsR0FBRyxLQUFLLENBQUM7UUFFOUIsd0RBQXdEO1FBQ3hELE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUVmLGtFQUFrRTtRQUNsRSxNQUFNLGdCQUFnQixHQUFHLEdBQUcsRUFBRTtZQUM1QixJQUFJLGVBQWUsSUFBSSxTQUFTLENBQUMsTUFBTSxLQUFLLENBQUMsSUFBSSxpQkFBaUI7Z0JBQUUsT0FBTztZQUUzRSxlQUFlLEdBQUcsSUFBSSxDQUFDO1lBRXZCLElBQUksQ0FBQztnQkFDSCw0REFBNEQ7Z0JBQzVELE9BQU8sU0FBUyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztvQkFDNUIsTUFBTSxLQUFLLEdBQUcsU0FBUyxDQUFDLEtBQUssRUFBRyxDQUFDO29CQUNqQyxTQUFTLElBQUksS0FBSyxDQUFDLE1BQU0sQ0FBQztvQkFFMUIscURBQXFEO29CQUNyRCx5REFBeUQ7b0JBQ3pELElBQUksaUJBQWlCLElBQUksTUFBTSxDQUFDLFFBQVEsRUFBRSxDQUFDO3dCQUN6QyxNQUFNLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQzt3QkFDN0IsU0FBUztvQkFDWCxDQUFDO29CQUVELHVCQUF1QjtvQkFDdkIsTUFBTSxDQUFDLGFBQWEsSUFBSSxLQUFLLENBQUMsTUFBTSxDQUFDO29CQUVyQywwQkFBMEI7b0JBQzFCLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7d0JBQzNELE1BQU0sQ0FBQyxLQUFLLEdBQUcsSUFBSSxDQUFDO3dCQUVwQixJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLEVBQUUsQ0FBQzs0QkFDeEMsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVksZ0RBQWdELEtBQUssQ0FBQyxNQUFNLFFBQVEsQ0FDckYsQ0FBQzt3QkFDSixDQUFDO29CQUNILENBQUM7b0JBRUQsMkRBQTJEO29CQUMzRCxNQUFNLE9BQU8sR0FBRyxNQUFNLENBQUMsZUFBZSxHQUFHLEtBQUssQ0FBQyxNQUFNLENBQUM7b0JBRXRELElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxrQkFBa0IsSUFBSSxPQUFPLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO3dCQUNuRixPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSwrQ0FBK0MsTUFBTSxDQUFDLFFBQVEsS0FBSyxPQUFPLFlBQVksSUFBSSxDQUFDLFFBQVEsQ0FBQyxrQkFBa0IsUUFBUSxDQUMvSSxDQUFDO3dCQUNGLE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDLDhCQUE4Qjt3QkFDNUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLG1CQUFtQixDQUFDLE1BQU0sRUFBRSx1QkFBdUIsQ0FBQyxDQUFDO3dCQUM1RSxPQUFPO29CQUNULENBQUM7b0JBRUQsK0NBQStDO29CQUMvQyxNQUFNLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUM7b0JBQzVDLE1BQU0sQ0FBQyxlQUFlLEdBQUcsT0FBTyxDQUFDO29CQUNqQyxJQUFJLENBQUMsY0FBYyxDQUFDLGNBQWMsQ0FBQyxNQUFNLENBQUMsQ0FBQztnQkFDN0MsQ0FBQztZQUNILENBQUM7b0JBQVMsQ0FBQztnQkFDVCxlQUFlLEdBQUcsS0FBSyxDQUFDO2dCQUV4Qiw2REFBNkQ7Z0JBQzdELHdFQUF3RTtnQkFDeEUsSUFBSSxZQUFZLElBQUksU0FBUyxDQUFDLE1BQU0sS0FBSyxDQUFDLElBQUksQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO29CQUNqRSxZQUFZLEdBQUcsS0FBSyxDQUFDO29CQUNyQixNQUFNLENBQUMsTUFBTSxFQUFFLENBQUM7Z0JBQ2xCLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQyxDQUFDO1FBRUYsd0RBQXdEO1FBQ3hELE1BQU0sZUFBZSxHQUFHLENBQUMsS0FBYSxFQUFFLEVBQUU7WUFDeEMsZ0VBQWdFO1lBQ2hFLElBQUksaUJBQWlCO2dCQUFFLE9BQU87WUFFOUIsMENBQTBDO1lBQzFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMseUJBQXlCO1lBQzdELFNBQVMsSUFBSSxLQUFLLENBQUMsTUFBTSxDQUFDO1lBRTFCLDREQUE0RDtZQUM1RCxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsa0JBQWtCLElBQUksU0FBUyxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsa0JBQWtCLEdBQUcsR0FBRyxFQUFFLENBQUM7Z0JBQzNGLE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQztnQkFDZixZQUFZLEdBQUcsSUFBSSxDQUFDO1lBQ3RCLENBQUM7WUFFRCxvQkFBb0I7WUFDcEIsZ0JBQWdCLEVBQUUsQ0FBQztRQUNyQixDQUFDLENBQUM7UUFFRiw0QkFBNEI7UUFDNUIsTUFBTSxDQUFDLEVBQUUsQ0FBQyxNQUFNLEVBQUUsZUFBZSxDQUFDLENBQUM7UUFFbkMsK0NBQStDO1FBQy9DLElBQUksWUFBWSxFQUFFLENBQUM7WUFDakIsTUFBTSxDQUFDLGFBQWEsSUFBSSxZQUFZLENBQUMsTUFBTSxDQUFDO1lBQzVDLE1BQU0sQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQztZQUNuRCxNQUFNLENBQUMsZUFBZSxHQUFHLFlBQVksQ0FBQyxNQUFNLENBQUM7UUFDL0MsQ0FBQztRQUVELCtEQUErRDtRQUMvRCxNQUFNLFlBQVksR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO1FBQzVELE1BQU0sQ0FBQyxRQUFRLEdBQUcsWUFBWSxDQUFDO1FBQy9CLE1BQU0sQ0FBQyxpQkFBaUIsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFFdEMsNkJBQTZCO1FBQzdCLFlBQVksQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUUvQywrREFBK0Q7UUFDL0QsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQzVCLFlBQVksQ0FBQyxZQUFZLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLENBQUMsQ0FBQztZQUVyRSxtREFBbUQ7WUFDbkQsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFLENBQUM7Z0JBQ3hDLElBQUksQ0FBQztvQkFDSCxJQUFJLG9CQUFvQixJQUFJLFlBQVksRUFBRSxDQUFDO3dCQUN4QyxZQUFvQixDQUFDLGtCQUFrQixDQUFDLEVBQUUsQ0FBQyxDQUFDO29CQUMvQyxDQUFDO29CQUNELElBQUksc0JBQXNCLElBQUksWUFBWSxFQUFFLENBQUM7d0JBQzFDLFlBQW9CLENBQUMsb0JBQW9CLENBQUMsSUFBSSxDQUFDLENBQUM7b0JBQ25ELENBQUM7Z0JBQ0gsQ0FBQztnQkFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO29CQUNiLGtEQUFrRDtvQkFDbEQsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFLENBQUM7d0JBQ3hDLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLGdFQUFnRSxHQUFHLEVBQUUsQ0FDdEYsQ0FBQztvQkFDSixDQUFDO2dCQUNILENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUVELG9EQUFvRDtRQUNwRCxZQUFZLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDLEdBQUcsRUFBRSxFQUFFO1lBQ2pDLGtFQUFrRTtZQUNsRSxNQUFNLElBQUksR0FBSSxHQUFXLENBQUMsSUFBSSxDQUFDO1lBQy9CLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLCtCQUErQixVQUFVLElBQUksaUJBQWlCLENBQUMsSUFBSSxLQUFLLEdBQUcsQ0FBQyxPQUFPLEtBQUssSUFBSSxHQUFHLENBQ2hILENBQUM7WUFFRix3REFBd0Q7WUFDeEQsTUFBTSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBRWhCLElBQUksSUFBSSxLQUFLLGNBQWMsRUFBRSxDQUFDO2dCQUM1QixPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSxZQUFZLFVBQVUsSUFBSSxpQkFBaUIsQ0FBQyxJQUFJLHFCQUFxQixDQUN0RixDQUFDO1lBQ0osQ0FBQztpQkFBTSxJQUFJLElBQUksS0FBSyxXQUFXLEVBQUUsQ0FBQztnQkFDaEMsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVksbUJBQW1CLFVBQVUsSUFBSSxpQkFBaUIsQ0FBQyxJQUFJLFlBQVksQ0FDcEYsQ0FBQztZQUNKLENBQUM7aUJBQU0sSUFBSSxJQUFJLEtBQUssWUFBWSxFQUFFLENBQUM7Z0JBQ2pDLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLG1CQUFtQixVQUFVLElBQUksaUJBQWlCLENBQUMsSUFBSSxZQUFZLENBQ3BGLENBQUM7WUFDSixDQUFDO2lCQUFNLElBQUksSUFBSSxLQUFLLGNBQWMsRUFBRSxDQUFDO2dCQUNuQyxPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksWUFBWSxVQUFVLFVBQVUsaUJBQWlCLENBQUMsQ0FBQztZQUNyRSxDQUFDO1lBRUQsMERBQTBEO1lBQzFELFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxPQUFPLENBQUMsQ0FBQztZQUV6Qyw4REFBOEQ7WUFDOUQsWUFBWSxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDLGlCQUFpQixDQUFDLFdBQVcsQ0FBQyxVQUFVLEVBQUUsTUFBTSxDQUFDLENBQUMsQ0FBQztZQUVqRixJQUFJLE1BQU0sQ0FBQyx5QkFBeUIsS0FBSyxJQUFJLEVBQUUsQ0FBQztnQkFDOUMsTUFBTSxDQUFDLHlCQUF5QixHQUFHLG1CQUFtQixDQUFDO2dCQUN2RCxJQUFJLENBQUMsaUJBQWlCLENBQUMsd0JBQXdCLENBQUMsVUFBVSxFQUFFLG1CQUFtQixDQUFDLENBQUM7WUFDbkYsQ0FBQztZQUVELDBCQUEwQjtZQUMxQixJQUFJLENBQUMsaUJBQWlCLENBQUMsbUJBQW1CLENBQUMsTUFBTSxFQUFFLHFCQUFxQixJQUFJLEVBQUUsQ0FBQyxDQUFDO1FBQ2xGLENBQUMsQ0FBQyxDQUFDO1FBRUgsc0JBQXNCO1FBQ3RCLFlBQVksQ0FBQyxFQUFFLENBQUMsT0FBTyxFQUFFLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxXQUFXLENBQUMsVUFBVSxFQUFFLE1BQU0sQ0FBQyxDQUFDLENBQUM7UUFDakYsTUFBTSxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDLGlCQUFpQixDQUFDLFdBQVcsQ0FBQyxVQUFVLEVBQUUsTUFBTSxDQUFDLENBQUMsQ0FBQztRQUUzRSw0Q0FBNEM7UUFDNUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxTQUFTLEVBQUUsR0FBRyxFQUFFO1lBQ3hCLG9FQUFvRTtZQUNwRSxJQUFJLE1BQU0sQ0FBQyxZQUFZLEVBQUUsQ0FBQztnQkFDeEIsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVksMERBQ2QsTUFBTSxDQUFDLFFBQ1QsVUFBVSxPQUFPLENBQUMsUUFBUSxDQUN4QixJQUFJLENBQUMsUUFBUSxDQUFDLGFBQWEsSUFBSSxPQUFPLENBQ3ZDLHlCQUF5QixDQUMzQixDQUFDO2dCQUNGLE9BQU87WUFDVCxDQUFDO1lBRUQsOERBQThEO1lBQzlELE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLG1DQUNkLE1BQU0sQ0FBQyxRQUNULFVBQVUsT0FBTyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLGFBQWEsSUFBSSxPQUFPLENBQUMsRUFBRSxDQUNyRSxDQUFDO1lBQ0YsSUFBSSxNQUFNLENBQUMseUJBQXlCLEtBQUssSUFBSSxFQUFFLENBQUM7Z0JBQzlDLE1BQU0sQ0FBQyx5QkFBeUIsR0FBRyxTQUFTLENBQUM7Z0JBQzdDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyx3QkFBd0IsQ0FBQyxVQUFVLEVBQUUsU0FBUyxDQUFDLENBQUM7WUFDekUsQ0FBQztZQUNELElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxtQkFBbUIsQ0FBQyxNQUFNLEVBQUUsa0JBQWtCLENBQUMsQ0FBQztRQUN6RSxDQUFDLENBQUMsQ0FBQztRQUVILFlBQVksQ0FBQyxFQUFFLENBQUMsU0FBUyxFQUFFLEdBQUcsRUFBRTtZQUM5QixvRUFBb0U7WUFDcEUsSUFBSSxNQUFNLENBQUMsWUFBWSxFQUFFLENBQUM7Z0JBQ3hCLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLDBEQUNkLE1BQU0sQ0FBQyxRQUNULFVBQVUsT0FBTyxDQUFDLFFBQVEsQ0FDeEIsSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLElBQUksT0FBTyxDQUN2Qyx5QkFBeUIsQ0FDM0IsQ0FBQztnQkFDRixPQUFPO1lBQ1QsQ0FBQztZQUVELDhEQUE4RDtZQUM5RCxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSxtQ0FDZCxNQUFNLENBQUMsUUFDVCxVQUFVLE9BQU8sQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLElBQUksT0FBTyxDQUFDLEVBQUUsQ0FDckUsQ0FBQztZQUNGLElBQUksTUFBTSxDQUFDLHlCQUF5QixLQUFLLElBQUksRUFBRSxDQUFDO2dCQUM5QyxNQUFNLENBQUMseUJBQXlCLEdBQUcsU0FBUyxDQUFDO2dCQUM3QyxJQUFJLENBQUMsaUJBQWlCLENBQUMsd0JBQXdCLENBQUMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxDQUFDO1lBQ3pFLENBQUM7WUFDRCxJQUFJLENBQUMsaUJBQWlCLENBQUMsbUJBQW1CLENBQUMsTUFBTSxFQUFFLGtCQUFrQixDQUFDLENBQUM7UUFDekUsQ0FBQyxDQUFDLENBQUM7UUFFSCx3QkFBd0I7UUFDeEIsSUFBSSxDQUFDLGNBQWMsQ0FBQyxtQkFBbUIsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUVoRCx5Q0FBeUM7UUFDekMsWUFBWSxDQUFDLEVBQUUsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxLQUFhLEVBQUUsRUFBRTtZQUN4QyxNQUFNLENBQUMsU0FBUyxJQUFJLEtBQUssQ0FBQyxNQUFNLENBQUM7WUFDakMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDN0MsQ0FBQyxDQUFDLENBQUM7UUFFSCx3RUFBd0U7UUFDeEUsWUFBWSxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsR0FBRyxFQUFFO1lBQ2hDLDZDQUE2QztZQUM3QyxZQUFZLENBQUMsa0JBQWtCLENBQUMsT0FBTyxDQUFDLENBQUM7WUFFekMsMkRBQTJEO1lBQzNELFlBQVksQ0FBQyxFQUFFLENBQUMsT0FBTyxFQUFFLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxXQUFXLENBQUMsVUFBVSxFQUFFLE1BQU0sQ0FBQyxDQUFDLENBQUM7WUFFakYscUVBQXFFO1lBQ3JFLGdCQUFnQixFQUFFLENBQUM7WUFFbkIsNEJBQTRCO1lBQzVCLGlCQUFpQixHQUFHLElBQUksQ0FBQztZQUV6QixtQ0FBbUM7WUFDbkMsSUFBSSxNQUFNLENBQUMsV0FBVyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztnQkFDbEMsTUFBTSxZQUFZLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLENBQUM7Z0JBRXZELElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO29CQUN4QyxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSxnQkFBZ0IsWUFBWSxDQUFDLE1BQU0sa0NBQWtDLENBQ3RGLENBQUM7Z0JBQ0osQ0FBQztnQkFFRCxpQ0FBaUM7Z0JBQ2pDLFlBQVksQ0FBQyxLQUFLLENBQUMsWUFBWSxFQUFFLENBQUMsR0FBRyxFQUFFLEVBQUU7b0JBQ3ZDLElBQUksR0FBRyxFQUFFLENBQUM7d0JBQ1IsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLFlBQVksMkNBQTJDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO3dCQUN0RixPQUFPLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxtQkFBbUIsQ0FBQyxNQUFNLEVBQUUsYUFBYSxDQUFDLENBQUM7b0JBQzNFLENBQUM7Z0JBQ0gsQ0FBQyxDQUFDLENBQUM7Z0JBRUgsK0NBQStDO2dCQUMvQyxNQUFNLENBQUMsV0FBVyxHQUFHLEVBQUUsQ0FBQztnQkFDeEIsTUFBTSxDQUFDLGVBQWUsR0FBRyxDQUFDLENBQUM7WUFDN0IsQ0FBQztZQUVELHFEQUFxRDtZQUNyRCxNQUFNLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUFDO1lBQzFCLFlBQVksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7WUFFMUIseUNBQXlDO1lBQ3pDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUVoQix1REFBdUQ7WUFDdkQsSUFBSSxTQUFTLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUN6QixnRUFBZ0U7Z0JBQ2hFLEtBQUssTUFBTSxLQUFLLElBQUksU0FBUyxFQUFFLENBQUM7b0JBQzlCLFlBQVksQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUM7Z0JBQzVCLENBQUM7Z0JBQ0Qsa0JBQWtCO2dCQUNsQixTQUFTLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQztnQkFDckIsU0FBUyxHQUFHLENBQUMsQ0FBQztZQUNoQixDQUFDO1lBRUQsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFLENBQUM7Z0JBQ3hDLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLDZCQUE2QixNQUFNLENBQUMsUUFBUSxPQUFPLFVBQVUsSUFBSSxpQkFBaUIsQ0FBQyxJQUFJLEVBQUU7b0JBQ3ZHLEdBQ0UsVUFBVTt3QkFDUixDQUFDLENBQUMsVUFBVSxVQUFVLEdBQUc7d0JBQ3pCLENBQUMsQ0FBQyxZQUFZOzRCQUNkLENBQUMsQ0FBQyw0QkFBNEIsWUFBWSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEdBQUc7NEJBQ2hFLENBQUMsQ0FBQyxFQUNOLEVBQUU7b0JBQ0YsU0FBUyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLElBQUksaUJBQ2xDLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsSUFDaEMsRUFBRSxDQUNMLENBQUM7WUFDSixDQUFDO2lCQUFNLENBQUM7Z0JBQ04sT0FBTyxDQUFDLEdBQUcsQ0FDVCwyQkFBMkIsTUFBTSxDQUFDLFFBQVEsT0FBTyxVQUFVLElBQUksaUJBQWlCLENBQUMsSUFBSSxFQUFFO29CQUNyRixHQUNFLFVBQVU7d0JBQ1IsQ0FBQyxDQUFDLFVBQVUsVUFBVSxHQUFHO3dCQUN6QixDQUFDLENBQUMsWUFBWTs0QkFDZCxDQUFDLENBQUMsNEJBQTRCLFlBQVksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHOzRCQUNoRSxDQUFDLENBQUMsRUFDTixFQUFFLENBQ0wsQ0FBQztZQUNKLENBQUM7WUFFRCxtREFBbUQ7WUFDbkQsSUFBSSxVQUFVLEVBQUUsQ0FBQztnQkFDZiw0REFBNEQ7Z0JBQzVELE1BQU0sUUFBUSxHQUFHO29CQUNmLFFBQVEsRUFBRSxNQUFNLENBQUMsUUFBUTtvQkFDekIsVUFBVSxFQUFFLE1BQU0sQ0FBQyxRQUFRLENBQUMsVUFBVSxJQUFJLENBQUM7b0JBQzNDLE1BQU0sRUFBRSxNQUFNLENBQUMsUUFBUSxDQUFDLFlBQVksSUFBSSxFQUFFO29CQUMxQyxRQUFRLEVBQUUsTUFBTSxDQUFDLFFBQVEsQ0FBQyxTQUFTLElBQUksQ0FBQztpQkFDekMsQ0FBQztnQkFFRiwwQ0FBMEM7Z0JBQzFDLE1BQU0sb0JBQW9CLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQywwQkFBMEIsQ0FDckUsWUFBWSxFQUNaLFVBQVUsRUFDVixRQUFRLEVBQ1IsQ0FBQyxZQUFZLEVBQUUsTUFBTSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsaUJBQWlCLENBQUMsbUJBQW1CLENBQUMsTUFBTSxFQUFFLE1BQU0sQ0FBQyxDQUNyRixDQUFDO2dCQUVGLGdGQUFnRjtnQkFDaEYsTUFBTSxDQUFDLG9CQUFvQixHQUFHLG9CQUFvQixDQUFDO2dCQUVuRCxnQ0FBZ0M7Z0JBQ2hDLE1BQU0sQ0FBQyxFQUFFLENBQUMsTUFBTSxFQUFFLG9CQUFvQixDQUFDLENBQUM7Z0JBRXhDLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO29CQUN4QyxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSx5REFBeUQsVUFBVSxFQUFFLENBQ3RGLENBQUM7b0JBQ0YsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLGtCQUFrQixLQUFLLEtBQUssRUFBRSxDQUFDO3dCQUMvQyxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSx3RkFBd0YsQ0FDekcsQ0FBQztvQkFDSixDQUFDO2dCQUNILENBQUM7WUFDSCxDQUFDO1lBRUQseUJBQXlCO1lBQ3pCLE1BQU0sQ0FBQyxZQUFZLEdBQUcsSUFBSSxDQUFDLGNBQWMsQ0FBQyxzQkFBc0IsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxNQUFNLEVBQUUsTUFBTSxFQUFFLEVBQUU7Z0JBQzFGLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLHFCQUFxQixNQUFNLENBQUMsUUFBUSwwQ0FBMEMsQ0FDL0YsQ0FBQztnQkFDRixJQUFJLENBQUMsaUJBQWlCLENBQUMsbUJBQW1CLENBQUMsTUFBTSxFQUFFLE1BQU0sQ0FBQyxDQUFDO1lBQzdELENBQUMsQ0FBQyxDQUFDO1lBRUgscURBQXFEO1lBQ3JELElBQUksTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDO2dCQUNqQixNQUFNLENBQUMsb0JBQW9CLEdBQUcsSUFBSSxDQUFDO2dCQUVuQyxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLEVBQUUsQ0FBQztvQkFDeEMsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVksZ0RBQWdELE1BQU0sQ0FBQyxRQUFRLEVBQUUsQ0FDbEYsQ0FBQztnQkFDSixDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztDQUNGIn0=
|
|
@@ -0,0 +1,131 @@
|
|
|
1
|
+
import * as net from 'net';
|
|
2
|
+
/**
|
|
3
|
+
* TlsAlert class for managing TLS alert messages
|
|
4
|
+
*/
|
|
5
|
+
export declare class TlsAlert {
|
|
6
|
+
static readonly LEVEL_WARNING = 1;
|
|
7
|
+
static readonly LEVEL_FATAL = 2;
|
|
8
|
+
static readonly CLOSE_NOTIFY = 0;
|
|
9
|
+
static readonly UNEXPECTED_MESSAGE = 10;
|
|
10
|
+
static readonly BAD_RECORD_MAC = 20;
|
|
11
|
+
static readonly DECRYPTION_FAILED = 21;
|
|
12
|
+
static readonly RECORD_OVERFLOW = 22;
|
|
13
|
+
static readonly DECOMPRESSION_FAILURE = 30;
|
|
14
|
+
static readonly HANDSHAKE_FAILURE = 40;
|
|
15
|
+
static readonly NO_CERTIFICATE = 41;
|
|
16
|
+
static readonly BAD_CERTIFICATE = 42;
|
|
17
|
+
static readonly UNSUPPORTED_CERTIFICATE = 43;
|
|
18
|
+
static readonly CERTIFICATE_REVOKED = 44;
|
|
19
|
+
static readonly CERTIFICATE_EXPIRED = 47;
|
|
20
|
+
static readonly CERTIFICATE_UNKNOWN = 48;
|
|
21
|
+
static readonly ILLEGAL_PARAMETER = 47;
|
|
22
|
+
static readonly UNKNOWN_CA = 48;
|
|
23
|
+
static readonly ACCESS_DENIED = 49;
|
|
24
|
+
static readonly DECODE_ERROR = 50;
|
|
25
|
+
static readonly DECRYPT_ERROR = 51;
|
|
26
|
+
static readonly EXPORT_RESTRICTION = 60;
|
|
27
|
+
static readonly PROTOCOL_VERSION = 70;
|
|
28
|
+
static readonly INSUFFICIENT_SECURITY = 71;
|
|
29
|
+
static readonly INTERNAL_ERROR = 80;
|
|
30
|
+
static readonly INAPPROPRIATE_FALLBACK = 86;
|
|
31
|
+
static readonly USER_CANCELED = 90;
|
|
32
|
+
static readonly NO_RENEGOTIATION = 100;
|
|
33
|
+
static readonly MISSING_EXTENSION = 109;
|
|
34
|
+
static readonly UNSUPPORTED_EXTENSION = 110;
|
|
35
|
+
static readonly CERTIFICATE_REQUIRED = 111;
|
|
36
|
+
static readonly UNRECOGNIZED_NAME = 112;
|
|
37
|
+
static readonly BAD_CERTIFICATE_STATUS_RESPONSE = 113;
|
|
38
|
+
static readonly BAD_CERTIFICATE_HASH_VALUE = 114;
|
|
39
|
+
static readonly UNKNOWN_PSK_IDENTITY = 115;
|
|
40
|
+
static readonly CERTIFICATE_REQUIRED_1_3 = 116;
|
|
41
|
+
static readonly NO_APPLICATION_PROTOCOL = 120;
|
|
42
|
+
/**
|
|
43
|
+
* Create a TLS alert buffer with the specified level and description code
|
|
44
|
+
*
|
|
45
|
+
* @param level Alert level (warning or fatal)
|
|
46
|
+
* @param description Alert description code
|
|
47
|
+
* @param tlsVersion TLS version bytes (default is TLS 1.2: 0x0303)
|
|
48
|
+
* @returns Buffer containing the TLS alert message
|
|
49
|
+
*/
|
|
50
|
+
static create(level: number, description: number, tlsVersion?: [number, number]): Buffer;
|
|
51
|
+
/**
|
|
52
|
+
* Create a warning-level TLS alert
|
|
53
|
+
*
|
|
54
|
+
* @param description Alert description code
|
|
55
|
+
* @returns Buffer containing the warning-level TLS alert message
|
|
56
|
+
*/
|
|
57
|
+
static createWarning(description: number): Buffer;
|
|
58
|
+
/**
|
|
59
|
+
* Create a fatal-level TLS alert
|
|
60
|
+
*
|
|
61
|
+
* @param description Alert description code
|
|
62
|
+
* @returns Buffer containing the fatal-level TLS alert message
|
|
63
|
+
*/
|
|
64
|
+
static createFatal(description: number): Buffer;
|
|
65
|
+
/**
|
|
66
|
+
* Send a TLS alert to a socket and optionally close the connection
|
|
67
|
+
*
|
|
68
|
+
* @param socket The socket to send the alert to
|
|
69
|
+
* @param level Alert level (warning or fatal)
|
|
70
|
+
* @param description Alert description code
|
|
71
|
+
* @param closeAfterSend Whether to close the connection after sending the alert
|
|
72
|
+
* @param closeDelay Milliseconds to wait before closing the connection (default: 200ms)
|
|
73
|
+
* @returns Promise that resolves when the alert has been sent
|
|
74
|
+
*/
|
|
75
|
+
static send(socket: net.Socket, level: number, description: number, closeAfterSend?: boolean, closeDelay?: number): Promise<void>;
|
|
76
|
+
/**
|
|
77
|
+
* Pre-defined TLS alert messages
|
|
78
|
+
*/
|
|
79
|
+
static readonly alerts: {
|
|
80
|
+
closeNotify: Buffer<ArrayBufferLike>;
|
|
81
|
+
unsupportedExtension: Buffer<ArrayBufferLike>;
|
|
82
|
+
certificateRequired: Buffer<ArrayBufferLike>;
|
|
83
|
+
unrecognizedName: Buffer<ArrayBufferLike>;
|
|
84
|
+
noRenegotiation: Buffer<ArrayBufferLike>;
|
|
85
|
+
userCanceled: Buffer<ArrayBufferLike>;
|
|
86
|
+
certificateExpiredWarning: Buffer<ArrayBufferLike>;
|
|
87
|
+
handshakeFailureWarning: Buffer<ArrayBufferLike>;
|
|
88
|
+
insufficientSecurityWarning: Buffer<ArrayBufferLike>;
|
|
89
|
+
unexpectedMessage: Buffer<ArrayBufferLike>;
|
|
90
|
+
badRecordMac: Buffer<ArrayBufferLike>;
|
|
91
|
+
recordOverflow: Buffer<ArrayBufferLike>;
|
|
92
|
+
handshakeFailure: Buffer<ArrayBufferLike>;
|
|
93
|
+
badCertificate: Buffer<ArrayBufferLike>;
|
|
94
|
+
certificateExpired: Buffer<ArrayBufferLike>;
|
|
95
|
+
certificateUnknown: Buffer<ArrayBufferLike>;
|
|
96
|
+
illegalParameter: Buffer<ArrayBufferLike>;
|
|
97
|
+
unknownCA: Buffer<ArrayBufferLike>;
|
|
98
|
+
accessDenied: Buffer<ArrayBufferLike>;
|
|
99
|
+
decodeError: Buffer<ArrayBufferLike>;
|
|
100
|
+
decryptError: Buffer<ArrayBufferLike>;
|
|
101
|
+
protocolVersion: Buffer<ArrayBufferLike>;
|
|
102
|
+
insufficientSecurity: Buffer<ArrayBufferLike>;
|
|
103
|
+
internalError: Buffer<ArrayBufferLike>;
|
|
104
|
+
};
|
|
105
|
+
/**
|
|
106
|
+
* Utility method to send a warning-level unrecognized_name alert
|
|
107
|
+
* Specifically designed for SNI issues to encourage the client to retry with SNI
|
|
108
|
+
*
|
|
109
|
+
* @param socket The socket to send the alert to
|
|
110
|
+
* @returns Promise that resolves when the alert has been sent
|
|
111
|
+
*/
|
|
112
|
+
static sendSniRequired(socket: net.Socket): Promise<void>;
|
|
113
|
+
/**
|
|
114
|
+
* Utility method to send a close_notify alert and close the connection
|
|
115
|
+
*
|
|
116
|
+
* @param socket The socket to send the alert to
|
|
117
|
+
* @param closeDelay Milliseconds to wait before closing the connection (default: 200ms)
|
|
118
|
+
* @returns Promise that resolves when the alert has been sent and the connection closed
|
|
119
|
+
*/
|
|
120
|
+
static sendCloseNotify(socket: net.Socket, closeDelay?: number): Promise<void>;
|
|
121
|
+
/**
|
|
122
|
+
* Utility method to send a certificate_expired alert to force new TLS session
|
|
123
|
+
*
|
|
124
|
+
* @param socket The socket to send the alert to
|
|
125
|
+
* @param fatal Whether to send as a fatal alert (default: false)
|
|
126
|
+
* @param closeAfterSend Whether to close the connection after sending the alert (default: true)
|
|
127
|
+
* @param closeDelay Milliseconds to wait before closing the connection (default: 200ms)
|
|
128
|
+
* @returns Promise that resolves when the alert has been sent
|
|
129
|
+
*/
|
|
130
|
+
static sendCertificateExpired(socket: net.Socket, fatal?: boolean, closeAfterSend?: boolean, closeDelay?: number): Promise<void>;
|
|
131
|
+
}
|
|
@@ -0,0 +1,191 @@
|
|
|
1
|
+
import * as net from 'net';
|
|
2
|
+
/**
|
|
3
|
+
* TlsAlert class for managing TLS alert messages
|
|
4
|
+
*/
|
|
5
|
+
export class TlsAlert {
|
|
6
|
+
// TLS Alert Levels
|
|
7
|
+
static { this.LEVEL_WARNING = 0x01; }
|
|
8
|
+
static { this.LEVEL_FATAL = 0x02; }
|
|
9
|
+
// TLS Alert Description Codes - RFC 8446 (TLS 1.3) / RFC 5246 (TLS 1.2)
|
|
10
|
+
static { this.CLOSE_NOTIFY = 0x00; }
|
|
11
|
+
static { this.UNEXPECTED_MESSAGE = 0x0A; }
|
|
12
|
+
static { this.BAD_RECORD_MAC = 0x14; }
|
|
13
|
+
static { this.DECRYPTION_FAILED = 0x15; } // TLS 1.0 only
|
|
14
|
+
static { this.RECORD_OVERFLOW = 0x16; }
|
|
15
|
+
static { this.DECOMPRESSION_FAILURE = 0x1E; } // TLS 1.2 and below
|
|
16
|
+
static { this.HANDSHAKE_FAILURE = 0x28; }
|
|
17
|
+
static { this.NO_CERTIFICATE = 0x29; } // SSLv3 only
|
|
18
|
+
static { this.BAD_CERTIFICATE = 0x2A; }
|
|
19
|
+
static { this.UNSUPPORTED_CERTIFICATE = 0x2B; }
|
|
20
|
+
static { this.CERTIFICATE_REVOKED = 0x2C; }
|
|
21
|
+
static { this.CERTIFICATE_EXPIRED = 0x2F; }
|
|
22
|
+
static { this.CERTIFICATE_UNKNOWN = 0x30; }
|
|
23
|
+
static { this.ILLEGAL_PARAMETER = 0x2F; }
|
|
24
|
+
static { this.UNKNOWN_CA = 0x30; }
|
|
25
|
+
static { this.ACCESS_DENIED = 0x31; }
|
|
26
|
+
static { this.DECODE_ERROR = 0x32; }
|
|
27
|
+
static { this.DECRYPT_ERROR = 0x33; }
|
|
28
|
+
static { this.EXPORT_RESTRICTION = 0x3C; } // TLS 1.0 only
|
|
29
|
+
static { this.PROTOCOL_VERSION = 0x46; }
|
|
30
|
+
static { this.INSUFFICIENT_SECURITY = 0x47; }
|
|
31
|
+
static { this.INTERNAL_ERROR = 0x50; }
|
|
32
|
+
static { this.INAPPROPRIATE_FALLBACK = 0x56; }
|
|
33
|
+
static { this.USER_CANCELED = 0x5A; }
|
|
34
|
+
static { this.NO_RENEGOTIATION = 0x64; } // TLS 1.2 and below
|
|
35
|
+
static { this.MISSING_EXTENSION = 0x6D; } // TLS 1.3
|
|
36
|
+
static { this.UNSUPPORTED_EXTENSION = 0x6E; } // TLS 1.3
|
|
37
|
+
static { this.CERTIFICATE_REQUIRED = 0x6F; } // TLS 1.3
|
|
38
|
+
static { this.UNRECOGNIZED_NAME = 0x70; }
|
|
39
|
+
static { this.BAD_CERTIFICATE_STATUS_RESPONSE = 0x71; }
|
|
40
|
+
static { this.BAD_CERTIFICATE_HASH_VALUE = 0x72; } // TLS 1.2 and below
|
|
41
|
+
static { this.UNKNOWN_PSK_IDENTITY = 0x73; }
|
|
42
|
+
static { this.CERTIFICATE_REQUIRED_1_3 = 0x74; } // TLS 1.3
|
|
43
|
+
static { this.NO_APPLICATION_PROTOCOL = 0x78; }
|
|
44
|
+
/**
|
|
45
|
+
* Create a TLS alert buffer with the specified level and description code
|
|
46
|
+
*
|
|
47
|
+
* @param level Alert level (warning or fatal)
|
|
48
|
+
* @param description Alert description code
|
|
49
|
+
* @param tlsVersion TLS version bytes (default is TLS 1.2: 0x0303)
|
|
50
|
+
* @returns Buffer containing the TLS alert message
|
|
51
|
+
*/
|
|
52
|
+
static create(level, description, tlsVersion = [0x03, 0x03]) {
|
|
53
|
+
return Buffer.from([
|
|
54
|
+
0x15, // Alert record type
|
|
55
|
+
tlsVersion[0],
|
|
56
|
+
tlsVersion[1], // TLS version (default to TLS 1.2: 0x0303)
|
|
57
|
+
0x00,
|
|
58
|
+
0x02, // Length
|
|
59
|
+
level, // Alert level
|
|
60
|
+
description, // Alert description
|
|
61
|
+
]);
|
|
62
|
+
}
|
|
63
|
+
/**
|
|
64
|
+
* Create a warning-level TLS alert
|
|
65
|
+
*
|
|
66
|
+
* @param description Alert description code
|
|
67
|
+
* @returns Buffer containing the warning-level TLS alert message
|
|
68
|
+
*/
|
|
69
|
+
static createWarning(description) {
|
|
70
|
+
return this.create(this.LEVEL_WARNING, description);
|
|
71
|
+
}
|
|
72
|
+
/**
|
|
73
|
+
* Create a fatal-level TLS alert
|
|
74
|
+
*
|
|
75
|
+
* @param description Alert description code
|
|
76
|
+
* @returns Buffer containing the fatal-level TLS alert message
|
|
77
|
+
*/
|
|
78
|
+
static createFatal(description) {
|
|
79
|
+
return this.create(this.LEVEL_FATAL, description);
|
|
80
|
+
}
|
|
81
|
+
/**
|
|
82
|
+
* Send a TLS alert to a socket and optionally close the connection
|
|
83
|
+
*
|
|
84
|
+
* @param socket The socket to send the alert to
|
|
85
|
+
* @param level Alert level (warning or fatal)
|
|
86
|
+
* @param description Alert description code
|
|
87
|
+
* @param closeAfterSend Whether to close the connection after sending the alert
|
|
88
|
+
* @param closeDelay Milliseconds to wait before closing the connection (default: 200ms)
|
|
89
|
+
* @returns Promise that resolves when the alert has been sent
|
|
90
|
+
*/
|
|
91
|
+
static async send(socket, level, description, closeAfterSend = false, closeDelay = 200) {
|
|
92
|
+
const alert = this.create(level, description);
|
|
93
|
+
return new Promise((resolve, reject) => {
|
|
94
|
+
try {
|
|
95
|
+
// Ensure the alert is written as a single packet
|
|
96
|
+
socket.cork();
|
|
97
|
+
const writeSuccessful = socket.write(alert, (err) => {
|
|
98
|
+
if (err) {
|
|
99
|
+
reject(err);
|
|
100
|
+
return;
|
|
101
|
+
}
|
|
102
|
+
if (closeAfterSend) {
|
|
103
|
+
setTimeout(() => {
|
|
104
|
+
socket.end();
|
|
105
|
+
resolve();
|
|
106
|
+
}, closeDelay);
|
|
107
|
+
}
|
|
108
|
+
else {
|
|
109
|
+
resolve();
|
|
110
|
+
}
|
|
111
|
+
});
|
|
112
|
+
socket.uncork();
|
|
113
|
+
// If write wasn't successful immediately, wait for drain
|
|
114
|
+
if (!writeSuccessful && !closeAfterSend) {
|
|
115
|
+
socket.once('drain', () => {
|
|
116
|
+
resolve();
|
|
117
|
+
});
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
catch (err) {
|
|
121
|
+
reject(err);
|
|
122
|
+
}
|
|
123
|
+
});
|
|
124
|
+
}
|
|
125
|
+
/**
|
|
126
|
+
* Pre-defined TLS alert messages
|
|
127
|
+
*/
|
|
128
|
+
static { this.alerts = {
|
|
129
|
+
// Warning level alerts
|
|
130
|
+
closeNotify: TlsAlert.createWarning(TlsAlert.CLOSE_NOTIFY),
|
|
131
|
+
unsupportedExtension: TlsAlert.createWarning(TlsAlert.UNSUPPORTED_EXTENSION),
|
|
132
|
+
certificateRequired: TlsAlert.createWarning(TlsAlert.CERTIFICATE_REQUIRED),
|
|
133
|
+
unrecognizedName: TlsAlert.createWarning(TlsAlert.UNRECOGNIZED_NAME),
|
|
134
|
+
noRenegotiation: TlsAlert.createWarning(TlsAlert.NO_RENEGOTIATION),
|
|
135
|
+
userCanceled: TlsAlert.createWarning(TlsAlert.USER_CANCELED),
|
|
136
|
+
// Warning level alerts for session resumption
|
|
137
|
+
certificateExpiredWarning: TlsAlert.createWarning(TlsAlert.CERTIFICATE_EXPIRED),
|
|
138
|
+
handshakeFailureWarning: TlsAlert.createWarning(TlsAlert.HANDSHAKE_FAILURE),
|
|
139
|
+
insufficientSecurityWarning: TlsAlert.createWarning(TlsAlert.INSUFFICIENT_SECURITY),
|
|
140
|
+
// Fatal level alerts
|
|
141
|
+
unexpectedMessage: TlsAlert.createFatal(TlsAlert.UNEXPECTED_MESSAGE),
|
|
142
|
+
badRecordMac: TlsAlert.createFatal(TlsAlert.BAD_RECORD_MAC),
|
|
143
|
+
recordOverflow: TlsAlert.createFatal(TlsAlert.RECORD_OVERFLOW),
|
|
144
|
+
handshakeFailure: TlsAlert.createFatal(TlsAlert.HANDSHAKE_FAILURE),
|
|
145
|
+
badCertificate: TlsAlert.createFatal(TlsAlert.BAD_CERTIFICATE),
|
|
146
|
+
certificateExpired: TlsAlert.createFatal(TlsAlert.CERTIFICATE_EXPIRED),
|
|
147
|
+
certificateUnknown: TlsAlert.createFatal(TlsAlert.CERTIFICATE_UNKNOWN),
|
|
148
|
+
illegalParameter: TlsAlert.createFatal(TlsAlert.ILLEGAL_PARAMETER),
|
|
149
|
+
unknownCA: TlsAlert.createFatal(TlsAlert.UNKNOWN_CA),
|
|
150
|
+
accessDenied: TlsAlert.createFatal(TlsAlert.ACCESS_DENIED),
|
|
151
|
+
decodeError: TlsAlert.createFatal(TlsAlert.DECODE_ERROR),
|
|
152
|
+
decryptError: TlsAlert.createFatal(TlsAlert.DECRYPT_ERROR),
|
|
153
|
+
protocolVersion: TlsAlert.createFatal(TlsAlert.PROTOCOL_VERSION),
|
|
154
|
+
insufficientSecurity: TlsAlert.createFatal(TlsAlert.INSUFFICIENT_SECURITY),
|
|
155
|
+
internalError: TlsAlert.createFatal(TlsAlert.INTERNAL_ERROR),
|
|
156
|
+
}; }
|
|
157
|
+
/**
|
|
158
|
+
* Utility method to send a warning-level unrecognized_name alert
|
|
159
|
+
* Specifically designed for SNI issues to encourage the client to retry with SNI
|
|
160
|
+
*
|
|
161
|
+
* @param socket The socket to send the alert to
|
|
162
|
+
* @returns Promise that resolves when the alert has been sent
|
|
163
|
+
*/
|
|
164
|
+
static async sendSniRequired(socket) {
|
|
165
|
+
return this.send(socket, this.LEVEL_WARNING, this.UNRECOGNIZED_NAME);
|
|
166
|
+
}
|
|
167
|
+
/**
|
|
168
|
+
* Utility method to send a close_notify alert and close the connection
|
|
169
|
+
*
|
|
170
|
+
* @param socket The socket to send the alert to
|
|
171
|
+
* @param closeDelay Milliseconds to wait before closing the connection (default: 200ms)
|
|
172
|
+
* @returns Promise that resolves when the alert has been sent and the connection closed
|
|
173
|
+
*/
|
|
174
|
+
static async sendCloseNotify(socket, closeDelay = 200) {
|
|
175
|
+
return this.send(socket, this.LEVEL_WARNING, this.CLOSE_NOTIFY, true, closeDelay);
|
|
176
|
+
}
|
|
177
|
+
/**
|
|
178
|
+
* Utility method to send a certificate_expired alert to force new TLS session
|
|
179
|
+
*
|
|
180
|
+
* @param socket The socket to send the alert to
|
|
181
|
+
* @param fatal Whether to send as a fatal alert (default: false)
|
|
182
|
+
* @param closeAfterSend Whether to close the connection after sending the alert (default: true)
|
|
183
|
+
* @param closeDelay Milliseconds to wait before closing the connection (default: 200ms)
|
|
184
|
+
* @returns Promise that resolves when the alert has been sent
|
|
185
|
+
*/
|
|
186
|
+
static async sendCertificateExpired(socket, fatal = false, closeAfterSend = true, closeDelay = 200) {
|
|
187
|
+
const level = fatal ? this.LEVEL_FATAL : this.LEVEL_WARNING;
|
|
188
|
+
return this.send(socket, level, this.CERTIFICATE_EXPIRED, closeAfterSend, closeDelay);
|
|
189
|
+
}
|
|
190
|
+
}
|
|
191
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5wcC50bHNhbGVydC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3RzL2NsYXNzZXMucHAudGxzYWxlcnQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLEdBQUcsTUFBTSxLQUFLLENBQUM7QUFFM0I7O0dBRUc7QUFDSCxNQUFNLE9BQU8sUUFBUTtJQUNuQixtQkFBbUI7YUFDSCxrQkFBYSxHQUFHLElBQUksQ0FBQzthQUNyQixnQkFBVyxHQUFHLElBQUksQ0FBQztJQUVuQyx3RUFBd0U7YUFDeEQsaUJBQVksR0FBRyxJQUFJLENBQUM7YUFDcEIsdUJBQWtCLEdBQUcsSUFBSSxDQUFDO2FBQzFCLG1CQUFjLEdBQUcsSUFBSSxDQUFDO2FBQ3RCLHNCQUFpQixHQUFHLElBQUksQ0FBQyxHQUFDLGVBQWU7YUFDekMsb0JBQWUsR0FBRyxJQUFJLENBQUM7YUFDdkIsMEJBQXFCLEdBQUcsSUFBSSxDQUFDLEdBQUMsb0JBQW9CO2FBQ2xELHNCQUFpQixHQUFHLElBQUksQ0FBQzthQUN6QixtQkFBYyxHQUFHLElBQUksQ0FBQyxHQUFDLGFBQWE7YUFDcEMsb0JBQWUsR0FBRyxJQUFJLENBQUM7YUFDdkIsNEJBQXVCLEdBQUcsSUFBSSxDQUFDO2FBQy9CLHdCQUFtQixHQUFHLElBQUksQ0FBQzthQUMzQix3QkFBbUIsR0FBRyxJQUFJLENBQUM7YUFDM0Isd0JBQW1CLEdBQUcsSUFBSSxDQUFDO2FBQzNCLHNCQUFpQixHQUFHLElBQUksQ0FBQzthQUN6QixlQUFVLEdBQUcsSUFBSSxDQUFDO2FBQ2xCLGtCQUFhLEdBQUcsSUFBSSxDQUFDO2FBQ3JCLGlCQUFZLEdBQUcsSUFBSSxDQUFDO2FBQ3BCLGtCQUFhLEdBQUcsSUFBSSxDQUFDO2FBQ3JCLHVCQUFrQixHQUFHLElBQUksQ0FBQyxHQUFDLGVBQWU7YUFDMUMscUJBQWdCLEdBQUcsSUFBSSxDQUFDO2FBQ3hCLDBCQUFxQixHQUFHLElBQUksQ0FBQzthQUM3QixtQkFBYyxHQUFHLElBQUksQ0FBQzthQUN0QiwyQkFBc0IsR0FBRyxJQUFJLENBQUM7YUFDOUIsa0JBQWEsR0FBRyxJQUFJLENBQUM7YUFDckIscUJBQWdCLEdBQUcsSUFBSSxDQUFDLEdBQUMsb0JBQW9CO2FBQzdDLHNCQUFpQixHQUFHLElBQUksQ0FBQyxHQUFDLFVBQVU7YUFDcEMsMEJBQXFCLEdBQUcsSUFBSSxDQUFDLEdBQUMsVUFBVTthQUN4Qyx5QkFBb0IsR0FBRyxJQUFJLENBQUMsR0FBQyxVQUFVO2FBQ3ZDLHNCQUFpQixHQUFHLElBQUksQ0FBQzthQUN6QixvQ0FBK0IsR0FBRyxJQUFJLENBQUM7YUFDdkMsK0JBQTBCLEdBQUcsSUFBSSxDQUFDLEdBQUMsb0JBQW9CO2FBQ3ZELHlCQUFvQixHQUFHLElBQUksQ0FBQzthQUM1Qiw2QkFBd0IsR0FBRyxJQUFJLENBQUMsR0FBQyxVQUFVO2FBQzNDLDRCQUF1QixHQUFHLElBQUksQ0FBQztJQUUvQzs7Ozs7OztPQU9HO0lBQ0gsTUFBTSxDQUFDLE1BQU0sQ0FDWCxLQUFhLEVBQ2IsV0FBbUIsRUFDbkIsYUFBK0IsQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDO1FBRTNDLE9BQU8sTUFBTSxDQUFDLElBQUksQ0FBQztZQUNqQixJQUFJLEVBQUUsb0JBQW9CO1lBQzFCLFVBQVUsQ0FBQyxDQUFDLENBQUM7WUFDYixVQUFVLENBQUMsQ0FBQyxDQUFDLEVBQUUsMkNBQTJDO1lBQzFELElBQUk7WUFDSixJQUFJLEVBQUUsU0FBUztZQUNmLEtBQUssRUFBRSxjQUFjO1lBQ3JCLFdBQVcsRUFBRSxvQkFBb0I7U0FDbEMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0gsTUFBTSxDQUFDLGFBQWEsQ0FBQyxXQUFtQjtRQUN0QyxPQUFPLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGFBQWEsRUFBRSxXQUFXLENBQUMsQ0FBQztJQUN0RCxDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSCxNQUFNLENBQUMsV0FBVyxDQUFDLFdBQW1CO1FBQ3BDLE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLFdBQVcsQ0FBQyxDQUFDO0lBQ3BELENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSCxNQUFNLENBQUMsS0FBSyxDQUFDLElBQUksQ0FDZixNQUFrQixFQUNsQixLQUFhLEVBQ2IsV0FBbUIsRUFDbkIsaUJBQTBCLEtBQUssRUFDL0IsYUFBcUIsR0FBRztRQUV4QixNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssRUFBRSxXQUFXLENBQUMsQ0FBQztRQUU5QyxPQUFPLElBQUksT0FBTyxDQUFPLENBQUMsT0FBTyxFQUFFLE1BQU0sRUFBRSxFQUFFO1lBQzNDLElBQUksQ0FBQztnQkFDSCxpREFBaUQ7Z0JBQ2pELE1BQU0sQ0FBQyxJQUFJLEVBQUUsQ0FBQztnQkFDZCxNQUFNLGVBQWUsR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLEtBQUssRUFBRSxDQUFDLEdBQUcsRUFBRSxFQUFFO29CQUNsRCxJQUFJLEdBQUcsRUFBRSxDQUFDO3dCQUNSLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQzt3QkFDWixPQUFPO29CQUNULENBQUM7b0JBRUQsSUFBSSxjQUFjLEVBQUUsQ0FBQzt3QkFDbkIsVUFBVSxDQUFDLEdBQUcsRUFBRTs0QkFDZCxNQUFNLENBQUMsR0FBRyxFQUFFLENBQUM7NEJBQ2IsT0FBTyxFQUFFLENBQUM7d0JBQ1osQ0FBQyxFQUFFLFVBQVUsQ0FBQyxDQUFDO29CQUNqQixDQUFDO3lCQUFNLENBQUM7d0JBQ04sT0FBTyxFQUFFLENBQUM7b0JBQ1osQ0FBQztnQkFDSCxDQUFDLENBQUMsQ0FBQztnQkFDSCxNQUFNLENBQUMsTUFBTSxFQUFFLENBQUM7Z0JBRWhCLHlEQUF5RDtnQkFDekQsSUFBSSxDQUFDLGVBQWUsSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDO29CQUN4QyxNQUFNLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxHQUFHLEVBQUU7d0JBQ3hCLE9BQU8sRUFBRSxDQUFDO29CQUNaLENBQUMsQ0FBQyxDQUFDO2dCQUNMLENBQUM7WUFDSCxDQUFDO1lBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztnQkFDYixNQUFNLENBQUMsR0FBRyxDQUFDLENBQUM7WUFDZCxDQUFDO1FBQ0gsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQ7O09BRUc7YUFDYSxXQUFNLEdBQUc7UUFDdkIsdUJBQXVCO1FBQ3ZCLFdBQVcsRUFBRSxRQUFRLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxZQUFZLENBQUM7UUFDMUQsb0JBQW9CLEVBQUUsUUFBUSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMscUJBQXFCLENBQUM7UUFDNUUsbUJBQW1CLEVBQUUsUUFBUSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsb0JBQW9CLENBQUM7UUFDMUUsZ0JBQWdCLEVBQUUsUUFBUSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsaUJBQWlCLENBQUM7UUFDcEUsZUFBZSxFQUFFLFFBQVEsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLGdCQUFnQixDQUFDO1FBQ2xFLFlBQVksRUFBRSxRQUFRLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUM7UUFFNUQsOENBQThDO1FBQzlDLHlCQUF5QixFQUFFLFFBQVEsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLG1CQUFtQixDQUFDO1FBQy9FLHVCQUF1QixFQUFFLFFBQVEsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDO1FBQzNFLDJCQUEyQixFQUFFLFFBQVEsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLHFCQUFxQixDQUFDO1FBRW5GLHFCQUFxQjtRQUNyQixpQkFBaUIsRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxrQkFBa0IsQ0FBQztRQUNwRSxZQUFZLEVBQUUsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsY0FBYyxDQUFDO1FBQzNELGNBQWMsRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxlQUFlLENBQUM7UUFDOUQsZ0JBQWdCLEVBQUUsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsaUJBQWlCLENBQUM7UUFDbEUsY0FBYyxFQUFFLFFBQVEsQ0FBQyxXQUFXLENBQUMsUUFBUSxDQUFDLGVBQWUsQ0FBQztRQUM5RCxrQkFBa0IsRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxtQkFBbUIsQ0FBQztRQUN0RSxrQkFBa0IsRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxtQkFBbUIsQ0FBQztRQUN0RSxnQkFBZ0IsRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQztRQUNsRSxTQUFTLEVBQUUsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDO1FBQ3BELFlBQVksRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUM7UUFDMUQsV0FBVyxFQUFFLFFBQVEsQ0FBQyxXQUFXLENBQUMsUUFBUSxDQUFDLFlBQVksQ0FBQztRQUN4RCxZQUFZLEVBQUUsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDO1FBQzFELGVBQWUsRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxnQkFBZ0IsQ0FBQztRQUNoRSxvQkFBb0IsRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsQ0FBQztRQUMxRSxhQUFhLEVBQUUsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsY0FBYyxDQUFDO0tBQzdELENBQUM7SUFFRjs7Ozs7O09BTUc7SUFDSCxNQUFNLENBQUMsS0FBSyxDQUFDLGVBQWUsQ0FBQyxNQUFrQjtRQUM3QyxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLElBQUksQ0FBQyxhQUFhLEVBQUUsSUFBSSxDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDdkUsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNILE1BQU0sQ0FBQyxLQUFLLENBQUMsZUFBZSxDQUFDLE1BQWtCLEVBQUUsYUFBcUIsR0FBRztRQUN2RSxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLElBQUksQ0FBQyxhQUFhLEVBQUUsSUFBSSxDQUFDLFlBQVksRUFBRSxJQUFJLEVBQUUsVUFBVSxDQUFDLENBQUM7SUFDcEYsQ0FBQztJQUVEOzs7Ozs7OztPQVFHO0lBQ0gsTUFBTSxDQUFDLEtBQUssQ0FBQyxzQkFBc0IsQ0FDakMsTUFBa0IsRUFDbEIsUUFBaUIsS0FBSyxFQUN0QixpQkFBMEIsSUFBSSxFQUM5QixhQUFxQixHQUFHO1FBRXhCLE1BQU0sS0FBSyxHQUFHLEtBQUssQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQztRQUM1RCxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLEtBQUssRUFBRSxJQUFJLENBQUMsbUJBQW1CLEVBQUUsY0FBYyxFQUFFLFVBQVUsQ0FBQyxDQUFDO0lBQ3hGLENBQUMifQ==
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@push.rocks/smartproxy",
|
|
3
|
-
"version": "4.1.
|
|
3
|
+
"version": "4.1.16",
|
|
4
4
|
"private": false,
|
|
5
5
|
"description": "A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.",
|
|
6
6
|
"main": "dist_ts/index.js",
|
package/ts/00_commitinfo_data.ts
CHANGED
|
@@ -3,6 +3,6 @@
|
|
|
3
3
|
*/
|
|
4
4
|
export const commitinfo = {
|
|
5
5
|
name: '@push.rocks/smartproxy',
|
|
6
|
-
version: '4.1.
|
|
6
|
+
version: '4.1.16',
|
|
7
7
|
description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.'
|
|
8
8
|
}
|
|
@@ -11,6 +11,7 @@ import { TlsManager } from './classes.pp.tlsmanager.js';
|
|
|
11
11
|
import { NetworkProxyBridge } from './classes.pp.networkproxybridge.js';
|
|
12
12
|
import { TimeoutManager } from './classes.pp.timeoutmanager.js';
|
|
13
13
|
import { PortRangeManager } from './classes.pp.portrangemanager.js';
|
|
14
|
+
import { TlsAlert } from './classes.pp.tlsalert.js';
|
|
14
15
|
|
|
15
16
|
/**
|
|
16
17
|
* Handles new connection processing and setup logic
|
|
@@ -560,95 +561,125 @@ export class ConnectionHandler {
|
|
|
560
561
|
// Block ClientHello without SNI when allowSessionTicket is false
|
|
561
562
|
console.log(
|
|
562
563
|
`[${connectionId}] No SNI detected in ClientHello and allowSessionTicket=false. ` +
|
|
563
|
-
`Sending
|
|
564
|
+
`Sending unrecognized_name alert to encourage immediate retry with SNI on same connection.`
|
|
564
565
|
);
|
|
565
566
|
|
|
566
|
-
// Set the termination reason first
|
|
567
|
-
if (record.incomingTerminationReason === null) {
|
|
568
|
-
record.incomingTerminationReason = 'session_ticket_blocked_no_sni';
|
|
569
|
-
this.connectionManager.incrementTerminationStat(
|
|
570
|
-
'incoming',
|
|
571
|
-
'session_ticket_blocked_no_sni'
|
|
572
|
-
);
|
|
573
|
-
}
|
|
574
|
-
|
|
575
|
-
// Create a warning-level alert for unrecognized_name
|
|
576
|
-
// This encourages Chrome to retry immediately with SNI
|
|
577
|
-
const serverNameUnknownAlertData = Buffer.from([
|
|
578
|
-
0x15, // Alert record type
|
|
579
|
-
0x03,
|
|
580
|
-
0x03, // TLS 1.2 version
|
|
581
|
-
0x00,
|
|
582
|
-
0x02, // Length
|
|
583
|
-
0x01, // Warning alert level (not fatal)
|
|
584
|
-
0x70, // unrecognized_name alert (code 112)
|
|
585
|
-
]);
|
|
586
|
-
|
|
587
|
-
// Send a handshake_failure alert instead of unrecognized_name
|
|
588
|
-
const sslHandshakeFailureAlertData = Buffer.from([
|
|
589
|
-
0x15, // Alert record type
|
|
590
|
-
0x03,
|
|
591
|
-
0x03, // TLS 1.2 version
|
|
592
|
-
0x00,
|
|
593
|
-
0x02, // Length
|
|
594
|
-
0x01, // Warning alert level (not fatal)
|
|
595
|
-
0x28, // handshake_failure alert (40) instead of unrecognized_name (112)
|
|
596
|
-
]);
|
|
597
|
-
|
|
598
|
-
const closeNotifyAlert = Buffer.from([
|
|
599
|
-
0x15, // Alert record type
|
|
600
|
-
0x03,
|
|
601
|
-
0x03, // TLS 1.2 version
|
|
602
|
-
0x00,
|
|
603
|
-
0x02, // Length
|
|
604
|
-
0x01, // Warning alert level (1)
|
|
605
|
-
0x00, // close_notify alert (0)
|
|
606
|
-
]);
|
|
607
|
-
|
|
608
|
-
const certificateExpiredAlert = Buffer.from([
|
|
609
|
-
0x15, // Alert record type
|
|
610
|
-
0x03,
|
|
611
|
-
0x03, // TLS 1.2 version
|
|
612
|
-
0x00,
|
|
613
|
-
0x02, // Length
|
|
614
|
-
0x01, // Warning alert level (1)
|
|
615
|
-
0x2F, // certificate_expired alert (47)
|
|
616
|
-
]);
|
|
617
|
-
|
|
618
567
|
try {
|
|
619
|
-
//
|
|
568
|
+
// Send the alert but do NOT end the connection
|
|
569
|
+
// Using our new TlsAlert class for better alert management
|
|
620
570
|
socket.cork();
|
|
621
|
-
|
|
571
|
+
socket.write(TlsAlert.alerts.unrecognizedName);
|
|
622
572
|
socket.uncork();
|
|
623
|
-
|
|
624
|
-
|
|
625
|
-
|
|
626
|
-
|
|
627
|
-
|
|
628
|
-
|
|
629
|
-
|
|
630
|
-
|
|
631
|
-
|
|
632
|
-
|
|
633
|
-
|
|
634
|
-
|
|
635
|
-
|
|
636
|
-
|
|
637
|
-
|
|
638
|
-
|
|
639
|
-
|
|
640
|
-
|
|
641
|
-
|
|
642
|
-
|
|
643
|
-
|
|
644
|
-
|
|
645
|
-
|
|
646
|
-
|
|
647
|
-
|
|
648
|
-
|
|
649
|
-
|
|
650
|
-
|
|
573
|
+
|
|
574
|
+
console.log(
|
|
575
|
+
`[${connectionId}] Alert sent, waiting for new ClientHello on same connection...`
|
|
576
|
+
);
|
|
577
|
+
|
|
578
|
+
// Remove existing data listener and wait for a new ClientHello
|
|
579
|
+
socket.removeAllListeners('data');
|
|
580
|
+
|
|
581
|
+
// Set up a new data handler to capture the next message
|
|
582
|
+
socket.once('data', (retryChunk) => {
|
|
583
|
+
// Cancel the fallback timeout as we received data
|
|
584
|
+
if (record.alertFallbackTimeout) {
|
|
585
|
+
clearTimeout(record.alertFallbackTimeout);
|
|
586
|
+
record.alertFallbackTimeout = null;
|
|
587
|
+
}
|
|
588
|
+
|
|
589
|
+
// Check if this is a new ClientHello
|
|
590
|
+
if (this.tlsManager.isClientHello(retryChunk)) {
|
|
591
|
+
console.log(`[${connectionId}] Received new ClientHello after alert`);
|
|
592
|
+
|
|
593
|
+
// Extract SNI from the new ClientHello
|
|
594
|
+
const newServerName = this.tlsManager.extractSNI(retryChunk, connInfo) || '';
|
|
595
|
+
|
|
596
|
+
if (newServerName) {
|
|
597
|
+
console.log(`[${connectionId}] New ClientHello contains SNI: ${newServerName}`);
|
|
598
|
+
|
|
599
|
+
// Update the record with the new SNI
|
|
600
|
+
record.lockedDomain = newServerName;
|
|
601
|
+
|
|
602
|
+
// Continue with normal connection setup using the new chunk with SNI
|
|
603
|
+
setupConnection(newServerName, retryChunk);
|
|
604
|
+
} else {
|
|
605
|
+
console.log(
|
|
606
|
+
`[${connectionId}] New ClientHello still missing SNI, closing connection`
|
|
607
|
+
);
|
|
608
|
+
|
|
609
|
+
// If still no SNI after retry, now we can close the connection
|
|
610
|
+
if (record.incomingTerminationReason === null) {
|
|
611
|
+
record.incomingTerminationReason = 'session_ticket_blocked_no_sni';
|
|
612
|
+
this.connectionManager.incrementTerminationStat(
|
|
613
|
+
'incoming',
|
|
614
|
+
'session_ticket_blocked_no_sni'
|
|
615
|
+
);
|
|
616
|
+
}
|
|
617
|
+
|
|
618
|
+
// Send a close_notify alert before ending the connection
|
|
619
|
+
TlsAlert.sendCloseNotify(socket)
|
|
620
|
+
.catch((err) => {
|
|
621
|
+
console.log(`[${connectionId}] Error sending close_notify: ${err.message}`);
|
|
622
|
+
})
|
|
623
|
+
.finally(() => {
|
|
624
|
+
// Clean up even if sending the alert fails
|
|
625
|
+
this.connectionManager.cleanupConnection(
|
|
626
|
+
record,
|
|
627
|
+
'session_ticket_blocked_no_sni'
|
|
628
|
+
);
|
|
629
|
+
});
|
|
630
|
+
}
|
|
631
|
+
} else {
|
|
632
|
+
console.log(
|
|
633
|
+
`[${connectionId}] Received non-ClientHello data after alert, closing connection`
|
|
634
|
+
);
|
|
635
|
+
|
|
636
|
+
// If we got something other than a ClientHello, close the connection
|
|
637
|
+
if (record.incomingTerminationReason === null) {
|
|
638
|
+
record.incomingTerminationReason = 'invalid_protocol';
|
|
639
|
+
this.connectionManager.incrementTerminationStat('incoming', 'invalid_protocol');
|
|
640
|
+
}
|
|
641
|
+
|
|
642
|
+
// Send a protocol_version alert before ending the connection
|
|
643
|
+
TlsAlert.send(socket, TlsAlert.LEVEL_FATAL, TlsAlert.PROTOCOL_VERSION, true)
|
|
644
|
+
.catch((err) => {
|
|
645
|
+
console.log(
|
|
646
|
+
`[${connectionId}] Error sending protocol_version alert: ${err.message}`
|
|
647
|
+
);
|
|
648
|
+
})
|
|
649
|
+
.finally(() => {
|
|
650
|
+
// Clean up even if sending the alert fails
|
|
651
|
+
this.connectionManager.cleanupConnection(record, 'invalid_protocol');
|
|
652
|
+
});
|
|
653
|
+
}
|
|
654
|
+
});
|
|
655
|
+
|
|
656
|
+
// Set a fallback timeout in case the client doesn't respond
|
|
657
|
+
const fallbackTimeout = setTimeout(() => {
|
|
658
|
+
console.log(`[${connectionId}] No response after alert, closing connection`);
|
|
659
|
+
|
|
660
|
+
if (record.incomingTerminationReason === null) {
|
|
661
|
+
record.incomingTerminationReason = 'alert_timeout';
|
|
662
|
+
this.connectionManager.incrementTerminationStat('incoming', 'alert_timeout');
|
|
663
|
+
}
|
|
664
|
+
|
|
665
|
+
// Send a close_notify alert before ending the connection
|
|
666
|
+
TlsAlert.sendCloseNotify(socket)
|
|
667
|
+
.catch((err) => {
|
|
668
|
+
console.log(`[${connectionId}] Error sending close_notify: ${err.message}`);
|
|
669
|
+
})
|
|
670
|
+
.finally(() => {
|
|
671
|
+
// Clean up even if sending the alert fails
|
|
672
|
+
this.connectionManager.cleanupConnection(record, 'alert_timeout');
|
|
673
|
+
});
|
|
674
|
+
}, 10000); // 10 second timeout
|
|
675
|
+
|
|
676
|
+
// Make sure the timeout doesn't keep the process alive
|
|
677
|
+
if (fallbackTimeout.unref) {
|
|
678
|
+
fallbackTimeout.unref();
|
|
651
679
|
}
|
|
680
|
+
|
|
681
|
+
// Store the timeout in the record so it can be cleared during cleanup
|
|
682
|
+
record.alertFallbackTimeout = fallbackTimeout;
|
|
652
683
|
} catch (err) {
|
|
653
684
|
// If we can't send the alert, fall back to immediate termination
|
|
654
685
|
console.log(`[${connectionId}] Error sending TLS alert: ${err.message}`);
|
|
@@ -656,6 +687,7 @@ export class ConnectionHandler {
|
|
|
656
687
|
this.connectionManager.cleanupConnection(record, 'session_ticket_blocked_no_sni');
|
|
657
688
|
}
|
|
658
689
|
|
|
690
|
+
// Return early to prevent the normal flow
|
|
659
691
|
return;
|
|
660
692
|
}
|
|
661
693
|
}
|
|
@@ -104,6 +104,7 @@ export interface IConnectionRecord {
|
|
|
104
104
|
lockedDomain?: string; // Used to lock this connection to the initial SNI
|
|
105
105
|
connectionClosed: boolean; // Flag to prevent multiple cleanup attempts
|
|
106
106
|
cleanupTimer?: NodeJS.Timeout; // Timer for max lifetime/inactivity
|
|
107
|
+
alertFallbackTimeout?: NodeJS.Timeout; // Timer for fallback after alert
|
|
107
108
|
lastActivity: number; // Last activity timestamp for inactivity detection
|
|
108
109
|
pendingData: Buffer[]; // Buffer to hold data during connection setup
|
|
109
110
|
pendingDataSize: number; // Track total size of pending data
|
|
@@ -0,0 +1,218 @@
|
|
|
1
|
+
import * as net from 'net';
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* TlsAlert class for managing TLS alert messages
|
|
5
|
+
*/
|
|
6
|
+
export class TlsAlert {
|
|
7
|
+
// TLS Alert Levels
|
|
8
|
+
static readonly LEVEL_WARNING = 0x01;
|
|
9
|
+
static readonly LEVEL_FATAL = 0x02;
|
|
10
|
+
|
|
11
|
+
// TLS Alert Description Codes - RFC 8446 (TLS 1.3) / RFC 5246 (TLS 1.2)
|
|
12
|
+
static readonly CLOSE_NOTIFY = 0x00;
|
|
13
|
+
static readonly UNEXPECTED_MESSAGE = 0x0A;
|
|
14
|
+
static readonly BAD_RECORD_MAC = 0x14;
|
|
15
|
+
static readonly DECRYPTION_FAILED = 0x15; // TLS 1.0 only
|
|
16
|
+
static readonly RECORD_OVERFLOW = 0x16;
|
|
17
|
+
static readonly DECOMPRESSION_FAILURE = 0x1E; // TLS 1.2 and below
|
|
18
|
+
static readonly HANDSHAKE_FAILURE = 0x28;
|
|
19
|
+
static readonly NO_CERTIFICATE = 0x29; // SSLv3 only
|
|
20
|
+
static readonly BAD_CERTIFICATE = 0x2A;
|
|
21
|
+
static readonly UNSUPPORTED_CERTIFICATE = 0x2B;
|
|
22
|
+
static readonly CERTIFICATE_REVOKED = 0x2C;
|
|
23
|
+
static readonly CERTIFICATE_EXPIRED = 0x2F;
|
|
24
|
+
static readonly CERTIFICATE_UNKNOWN = 0x30;
|
|
25
|
+
static readonly ILLEGAL_PARAMETER = 0x2F;
|
|
26
|
+
static readonly UNKNOWN_CA = 0x30;
|
|
27
|
+
static readonly ACCESS_DENIED = 0x31;
|
|
28
|
+
static readonly DECODE_ERROR = 0x32;
|
|
29
|
+
static readonly DECRYPT_ERROR = 0x33;
|
|
30
|
+
static readonly EXPORT_RESTRICTION = 0x3C; // TLS 1.0 only
|
|
31
|
+
static readonly PROTOCOL_VERSION = 0x46;
|
|
32
|
+
static readonly INSUFFICIENT_SECURITY = 0x47;
|
|
33
|
+
static readonly INTERNAL_ERROR = 0x50;
|
|
34
|
+
static readonly INAPPROPRIATE_FALLBACK = 0x56;
|
|
35
|
+
static readonly USER_CANCELED = 0x5A;
|
|
36
|
+
static readonly NO_RENEGOTIATION = 0x64; // TLS 1.2 and below
|
|
37
|
+
static readonly MISSING_EXTENSION = 0x6D; // TLS 1.3
|
|
38
|
+
static readonly UNSUPPORTED_EXTENSION = 0x6E; // TLS 1.3
|
|
39
|
+
static readonly CERTIFICATE_REQUIRED = 0x6F; // TLS 1.3
|
|
40
|
+
static readonly UNRECOGNIZED_NAME = 0x70;
|
|
41
|
+
static readonly BAD_CERTIFICATE_STATUS_RESPONSE = 0x71;
|
|
42
|
+
static readonly BAD_CERTIFICATE_HASH_VALUE = 0x72; // TLS 1.2 and below
|
|
43
|
+
static readonly UNKNOWN_PSK_IDENTITY = 0x73;
|
|
44
|
+
static readonly CERTIFICATE_REQUIRED_1_3 = 0x74; // TLS 1.3
|
|
45
|
+
static readonly NO_APPLICATION_PROTOCOL = 0x78;
|
|
46
|
+
|
|
47
|
+
/**
|
|
48
|
+
* Create a TLS alert buffer with the specified level and description code
|
|
49
|
+
*
|
|
50
|
+
* @param level Alert level (warning or fatal)
|
|
51
|
+
* @param description Alert description code
|
|
52
|
+
* @param tlsVersion TLS version bytes (default is TLS 1.2: 0x0303)
|
|
53
|
+
* @returns Buffer containing the TLS alert message
|
|
54
|
+
*/
|
|
55
|
+
static create(
|
|
56
|
+
level: number,
|
|
57
|
+
description: number,
|
|
58
|
+
tlsVersion: [number, number] = [0x03, 0x03]
|
|
59
|
+
): Buffer {
|
|
60
|
+
return Buffer.from([
|
|
61
|
+
0x15, // Alert record type
|
|
62
|
+
tlsVersion[0],
|
|
63
|
+
tlsVersion[1], // TLS version (default to TLS 1.2: 0x0303)
|
|
64
|
+
0x00,
|
|
65
|
+
0x02, // Length
|
|
66
|
+
level, // Alert level
|
|
67
|
+
description, // Alert description
|
|
68
|
+
]);
|
|
69
|
+
}
|
|
70
|
+
|
|
71
|
+
/**
|
|
72
|
+
* Create a warning-level TLS alert
|
|
73
|
+
*
|
|
74
|
+
* @param description Alert description code
|
|
75
|
+
* @returns Buffer containing the warning-level TLS alert message
|
|
76
|
+
*/
|
|
77
|
+
static createWarning(description: number): Buffer {
|
|
78
|
+
return this.create(this.LEVEL_WARNING, description);
|
|
79
|
+
}
|
|
80
|
+
|
|
81
|
+
/**
|
|
82
|
+
* Create a fatal-level TLS alert
|
|
83
|
+
*
|
|
84
|
+
* @param description Alert description code
|
|
85
|
+
* @returns Buffer containing the fatal-level TLS alert message
|
|
86
|
+
*/
|
|
87
|
+
static createFatal(description: number): Buffer {
|
|
88
|
+
return this.create(this.LEVEL_FATAL, description);
|
|
89
|
+
}
|
|
90
|
+
|
|
91
|
+
/**
|
|
92
|
+
* Send a TLS alert to a socket and optionally close the connection
|
|
93
|
+
*
|
|
94
|
+
* @param socket The socket to send the alert to
|
|
95
|
+
* @param level Alert level (warning or fatal)
|
|
96
|
+
* @param description Alert description code
|
|
97
|
+
* @param closeAfterSend Whether to close the connection after sending the alert
|
|
98
|
+
* @param closeDelay Milliseconds to wait before closing the connection (default: 200ms)
|
|
99
|
+
* @returns Promise that resolves when the alert has been sent
|
|
100
|
+
*/
|
|
101
|
+
static async send(
|
|
102
|
+
socket: net.Socket,
|
|
103
|
+
level: number,
|
|
104
|
+
description: number,
|
|
105
|
+
closeAfterSend: boolean = false,
|
|
106
|
+
closeDelay: number = 200
|
|
107
|
+
): Promise<void> {
|
|
108
|
+
const alert = this.create(level, description);
|
|
109
|
+
|
|
110
|
+
return new Promise<void>((resolve, reject) => {
|
|
111
|
+
try {
|
|
112
|
+
// Ensure the alert is written as a single packet
|
|
113
|
+
socket.cork();
|
|
114
|
+
const writeSuccessful = socket.write(alert, (err) => {
|
|
115
|
+
if (err) {
|
|
116
|
+
reject(err);
|
|
117
|
+
return;
|
|
118
|
+
}
|
|
119
|
+
|
|
120
|
+
if (closeAfterSend) {
|
|
121
|
+
setTimeout(() => {
|
|
122
|
+
socket.end();
|
|
123
|
+
resolve();
|
|
124
|
+
}, closeDelay);
|
|
125
|
+
} else {
|
|
126
|
+
resolve();
|
|
127
|
+
}
|
|
128
|
+
});
|
|
129
|
+
socket.uncork();
|
|
130
|
+
|
|
131
|
+
// If write wasn't successful immediately, wait for drain
|
|
132
|
+
if (!writeSuccessful && !closeAfterSend) {
|
|
133
|
+
socket.once('drain', () => {
|
|
134
|
+
resolve();
|
|
135
|
+
});
|
|
136
|
+
}
|
|
137
|
+
} catch (err) {
|
|
138
|
+
reject(err);
|
|
139
|
+
}
|
|
140
|
+
});
|
|
141
|
+
}
|
|
142
|
+
|
|
143
|
+
/**
|
|
144
|
+
* Pre-defined TLS alert messages
|
|
145
|
+
*/
|
|
146
|
+
static readonly alerts = {
|
|
147
|
+
// Warning level alerts
|
|
148
|
+
closeNotify: TlsAlert.createWarning(TlsAlert.CLOSE_NOTIFY),
|
|
149
|
+
unsupportedExtension: TlsAlert.createWarning(TlsAlert.UNSUPPORTED_EXTENSION),
|
|
150
|
+
certificateRequired: TlsAlert.createWarning(TlsAlert.CERTIFICATE_REQUIRED),
|
|
151
|
+
unrecognizedName: TlsAlert.createWarning(TlsAlert.UNRECOGNIZED_NAME),
|
|
152
|
+
noRenegotiation: TlsAlert.createWarning(TlsAlert.NO_RENEGOTIATION),
|
|
153
|
+
userCanceled: TlsAlert.createWarning(TlsAlert.USER_CANCELED),
|
|
154
|
+
|
|
155
|
+
// Warning level alerts for session resumption
|
|
156
|
+
certificateExpiredWarning: TlsAlert.createWarning(TlsAlert.CERTIFICATE_EXPIRED),
|
|
157
|
+
handshakeFailureWarning: TlsAlert.createWarning(TlsAlert.HANDSHAKE_FAILURE),
|
|
158
|
+
insufficientSecurityWarning: TlsAlert.createWarning(TlsAlert.INSUFFICIENT_SECURITY),
|
|
159
|
+
|
|
160
|
+
// Fatal level alerts
|
|
161
|
+
unexpectedMessage: TlsAlert.createFatal(TlsAlert.UNEXPECTED_MESSAGE),
|
|
162
|
+
badRecordMac: TlsAlert.createFatal(TlsAlert.BAD_RECORD_MAC),
|
|
163
|
+
recordOverflow: TlsAlert.createFatal(TlsAlert.RECORD_OVERFLOW),
|
|
164
|
+
handshakeFailure: TlsAlert.createFatal(TlsAlert.HANDSHAKE_FAILURE),
|
|
165
|
+
badCertificate: TlsAlert.createFatal(TlsAlert.BAD_CERTIFICATE),
|
|
166
|
+
certificateExpired: TlsAlert.createFatal(TlsAlert.CERTIFICATE_EXPIRED),
|
|
167
|
+
certificateUnknown: TlsAlert.createFatal(TlsAlert.CERTIFICATE_UNKNOWN),
|
|
168
|
+
illegalParameter: TlsAlert.createFatal(TlsAlert.ILLEGAL_PARAMETER),
|
|
169
|
+
unknownCA: TlsAlert.createFatal(TlsAlert.UNKNOWN_CA),
|
|
170
|
+
accessDenied: TlsAlert.createFatal(TlsAlert.ACCESS_DENIED),
|
|
171
|
+
decodeError: TlsAlert.createFatal(TlsAlert.DECODE_ERROR),
|
|
172
|
+
decryptError: TlsAlert.createFatal(TlsAlert.DECRYPT_ERROR),
|
|
173
|
+
protocolVersion: TlsAlert.createFatal(TlsAlert.PROTOCOL_VERSION),
|
|
174
|
+
insufficientSecurity: TlsAlert.createFatal(TlsAlert.INSUFFICIENT_SECURITY),
|
|
175
|
+
internalError: TlsAlert.createFatal(TlsAlert.INTERNAL_ERROR),
|
|
176
|
+
};
|
|
177
|
+
|
|
178
|
+
/**
|
|
179
|
+
* Utility method to send a warning-level unrecognized_name alert
|
|
180
|
+
* Specifically designed for SNI issues to encourage the client to retry with SNI
|
|
181
|
+
*
|
|
182
|
+
* @param socket The socket to send the alert to
|
|
183
|
+
* @returns Promise that resolves when the alert has been sent
|
|
184
|
+
*/
|
|
185
|
+
static async sendSniRequired(socket: net.Socket): Promise<void> {
|
|
186
|
+
return this.send(socket, this.LEVEL_WARNING, this.UNRECOGNIZED_NAME);
|
|
187
|
+
}
|
|
188
|
+
|
|
189
|
+
/**
|
|
190
|
+
* Utility method to send a close_notify alert and close the connection
|
|
191
|
+
*
|
|
192
|
+
* @param socket The socket to send the alert to
|
|
193
|
+
* @param closeDelay Milliseconds to wait before closing the connection (default: 200ms)
|
|
194
|
+
* @returns Promise that resolves when the alert has been sent and the connection closed
|
|
195
|
+
*/
|
|
196
|
+
static async sendCloseNotify(socket: net.Socket, closeDelay: number = 200): Promise<void> {
|
|
197
|
+
return this.send(socket, this.LEVEL_WARNING, this.CLOSE_NOTIFY, true, closeDelay);
|
|
198
|
+
}
|
|
199
|
+
|
|
200
|
+
/**
|
|
201
|
+
* Utility method to send a certificate_expired alert to force new TLS session
|
|
202
|
+
*
|
|
203
|
+
* @param socket The socket to send the alert to
|
|
204
|
+
* @param fatal Whether to send as a fatal alert (default: false)
|
|
205
|
+
* @param closeAfterSend Whether to close the connection after sending the alert (default: true)
|
|
206
|
+
* @param closeDelay Milliseconds to wait before closing the connection (default: 200ms)
|
|
207
|
+
* @returns Promise that resolves when the alert has been sent
|
|
208
|
+
*/
|
|
209
|
+
static async sendCertificateExpired(
|
|
210
|
+
socket: net.Socket,
|
|
211
|
+
fatal: boolean = false,
|
|
212
|
+
closeAfterSend: boolean = true,
|
|
213
|
+
closeDelay: number = 200
|
|
214
|
+
): Promise<void> {
|
|
215
|
+
const level = fatal ? this.LEVEL_FATAL : this.LEVEL_WARNING;
|
|
216
|
+
return this.send(socket, level, this.CERTIFICATE_EXPIRED, closeAfterSend, closeDelay);
|
|
217
|
+
}
|
|
218
|
+
}
|