@serve.zone/dcrouter 13.1.1 → 13.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist_serve/bundle.js +714 -686
  2. package/dist_ts/00_commitinfo_data.js +1 -1
  3. package/dist_ts/opsserver/handlers/certificate.handler.d.ts +31 -0
  4. package/dist_ts/opsserver/handlers/certificate.handler.js +117 -2
  5. package/dist_ts_web/00_commitinfo_data.js +1 -1
  6. package/package.json +2 -2
  7. package/ts/00_commitinfo_data.ts +1 -1
  8. package/ts/opsserver/handlers/certificate.handler.ts +125 -1
  9. package/ts_web/00_commitinfo_data.ts +1 -1
package/dist_ts/00_commitinfo_data.js CHANGED
@@ -3,7 +3,7 @@
3
3
  */
4
4
  export const commitinfo = {
5
5
  name: '@serve.zone/dcrouter',
6
- version: '13.1.1',
6
+ version: '13.1.3',
7
7
  description: 'A multifaceted routing service handling mail and SMS delivery functions.'
8
8
  };
9
9
  //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiMDBfY29tbWl0aW5mb19kYXRhLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vdHMvMDBfY29tbWl0aW5mb19kYXRhLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOztHQUVHO0FBQ0gsTUFBTSxDQUFDLE1BQU0sVUFBVSxHQUFHO0lBQ3hCLElBQUksRUFBRSxzQkFBc0I7SUFDNUIsT0FBTyxFQUFFLFFBQVE7SUFDakIsV0FBVyxFQUFFLDBFQUEwRTtDQUN4RixDQUFBIn0=
package/dist_ts/opsserver/handlers/certificate.handler.d.ts CHANGED
@@ -1,4 +1,17 @@
1
1
  import type { OpsServer } from '../classes.opsserver.js';
2
+ /**
3
+ * Mirrors `SmartacmeCertMatcher.getCertificateDomainNameByDomainName` from
4
+ * @push.rocks/smartacme. Inlined here because the original is `private` on
5
+ * SmartAcme. The cert identity ('task.vc' for both 'outline.task.vc' and
6
+ * '*.task.vc') is what AcmeCertDoc is keyed by, so two route domains with
7
+ * the same identity share the same underlying ACME cert.
8
+ *
9
+ * Returns undefined for domains with 4+ levels (matching smartacme's
10
+ * "deeper domains not supported" behavior) and for malformed inputs.
11
+ *
12
+ * Exported for unit testing.
13
+ */
14
+ export declare function deriveCertDomainName(domain: string): string | undefined;
2
15
  export declare class CertificateHandler {
3
16
  private opsServerRef;
4
17
  constructor(opsServerRef: OpsServer);
@@ -31,6 +44,24 @@ export declare class CertificateHandler {
31
44
  * we trigger via routeConfigManager.applyRoutes().
32
45
  */
33
46
  private reprovisionCertificateDomain;
47
+ /**
48
+ * After a force-renew, walk every route in the smartproxy that resolves to
49
+ * the same cert identity as `forcedDomain` and write the freshly-issued cert
50
+ * PEM into ProxyCertDoc for each. This guarantees that the next applyRoutes
51
+ * → provisionCertificatesViaCallback iteration will hot-swap every sibling's
52
+ * rust loaded_certs entry with the new (correct) PEM, rather than relying on
53
+ * the in-memory cert returned by smartacme's per-domain cache.
54
+ *
55
+ * Why this is necessary:
56
+ * Rust's `loaded_certs` is a HashMap<domain, TlsCertConfig>. Each
57
+ * bridge.loadCertificate(domain, ...) only swaps that one entry. The
58
+ * fire-and-forget cert provisioning path triggered by updateRoutes does
59
+ * eventually iterate every auto-cert route, but it returns the cached
60
+ * (broken pre-fix) cert from smartacme's per-domain mutex. With this
61
+ * helper, ProxyCertDoc is updated synchronously to the correct PEM before
62
+ * applyRoutes runs, so even the transient window stays consistent.
63
+ */
64
+ private propagateCertToSiblings;
34
65
  /**
35
66
  * Delete certificate data for a domain from storage
36
67
  */
package/dist_ts/opsserver/handlers/certificate.handler.js CHANGED
@@ -1,6 +1,28 @@
1
1
  import * as plugins from '../../plugins.js';
2
2
  import * as interfaces from '../../../dist_ts_interfaces/index.js';
3
3
  import { AcmeCertDoc, ProxyCertDoc } from '../../db/index.js';
4
+ import { logger } from '../../logger.js';
5
+ /**
6
+ * Mirrors `SmartacmeCertMatcher.getCertificateDomainNameByDomainName` from
7
+ * @push.rocks/smartacme. Inlined here because the original is `private` on
8
+ * SmartAcme. The cert identity ('task.vc' for both 'outline.task.vc' and
9
+ * '*.task.vc') is what AcmeCertDoc is keyed by, so two route domains with
10
+ * the same identity share the same underlying ACME cert.
11
+ *
12
+ * Returns undefined for domains with 4+ levels (matching smartacme's
13
+ * "deeper domains not supported" behavior) and for malformed inputs.
14
+ *
15
+ * Exported for unit testing.
16
+ */
17
+ export function deriveCertDomainName(domain) {
18
+ if (domain.startsWith('*.')) {
19
+ return domain.slice(2);
20
+ }
21
+ const parts = domain.split('.');
22
+ if (parts.length < 2 || parts.length > 3)
23
+ return undefined;
24
+ return parts.slice(-2).join('.');
25
+ }
4
26
  export class CertificateHandler {
5
27
  opsServerRef;
6
28
  constructor(opsServerRef) {
@@ -307,13 +329,35 @@ export class CertificateHandler {
307
329
  }
308
330
  // If forceRenew, order a fresh cert from ACME now so it's already in
309
331
  // AcmeCertDoc by the time certProvisionFunction is invoked below.
332
+ //
333
+ // includeWildcard: when forcing a non-wildcard subdomain renewal, we still
334
+ // want the wildcard SAN in the order so the new cert keeps covering every
335
+ // sibling. Without this, smartacme defaults to includeWildcard: false and
336
+ // the re-issued cert would have only the base domain as SAN, breaking every
337
+ // sibling subdomain that was previously covered by the same wildcard cert.
310
338
  if (forceRenew && dcRouter.smartAcme) {
339
+ let newCert;
311
340
  try {
312
- await dcRouter.smartAcme.getCertificateForDomain(domain, { forceRenew: true });
341
+ newCert = await dcRouter.smartAcme.getCertificateForDomain(domain, {
342
+ forceRenew: true,
343
+ includeWildcard: !domain.startsWith('*.'),
344
+ });
313
345
  }
314
346
  catch (err) {
315
347
  return { success: false, message: `Failed to renew certificate for ${domain}: ${err.message}` };
316
348
  }
349
+ // Propagate the freshly-issued cert PEM to every sibling route domain that
350
+ // shares the same cert identity. Without this, the rust hot-swap (keyed by
351
+ // exact domain in `loaded_certs`) only fires for the clicked route via the
352
+ // fire-and-forget cert provisioning path, leaving siblings serving the
353
+ // stale in-memory cert until the next background reload completes.
354
+ try {
355
+ await this.propagateCertToSiblings(domain, newCert);
356
+ }
357
+ catch (err) {
358
+ // Best-effort: failure here doesn't undo the cert issuance, just log.
359
+ logger.log('warn', `Failed to propagate force-renewed cert to siblings of ${domain}: ${err.message}`);
360
+ }
317
361
  }
318
362
  // Clear status map entry so it gets refreshed by the certificate-issued event
319
363
  dcRouter.certificateStatusMap.delete(domain);
@@ -336,6 +380,77 @@ export class CertificateHandler {
336
380
  return { success: false, message: err.message || `Failed to reprovision certificate for ${domain}` };
337
381
  }
338
382
  }
383
+ /**
384
+ * After a force-renew, walk every route in the smartproxy that resolves to
385
+ * the same cert identity as `forcedDomain` and write the freshly-issued cert
386
+ * PEM into ProxyCertDoc for each. This guarantees that the next applyRoutes
387
+ * → provisionCertificatesViaCallback iteration will hot-swap every sibling's
388
+ * rust loaded_certs entry with the new (correct) PEM, rather than relying on
389
+ * the in-memory cert returned by smartacme's per-domain cache.
390
+ *
391
+ * Why this is necessary:
392
+ * Rust's `loaded_certs` is a HashMap<domain, TlsCertConfig>. Each
393
+ * bridge.loadCertificate(domain, ...) only swaps that one entry. The
394
+ * fire-and-forget cert provisioning path triggered by updateRoutes does
395
+ * eventually iterate every auto-cert route, but it returns the cached
396
+ * (broken pre-fix) cert from smartacme's per-domain mutex. With this
397
+ * helper, ProxyCertDoc is updated synchronously to the correct PEM before
398
+ * applyRoutes runs, so even the transient window stays consistent.
399
+ */
400
+ async propagateCertToSiblings(forcedDomain, newCert) {
401
+ const dcRouter = this.opsServerRef.dcRouterRef;
402
+ const smartProxy = dcRouter.smartProxy;
403
+ if (!smartProxy)
404
+ return;
405
+ const certIdentity = deriveCertDomainName(forcedDomain);
406
+ if (!certIdentity)
407
+ return;
408
+ // Collect every route domain whose cert identity matches.
409
+ const affected = new Set();
410
+ for (const route of smartProxy.routeManager.getRoutes()) {
411
+ if (!route.match.domains)
412
+ continue;
413
+ const routeDomains = Array.isArray(route.match.domains)
414
+ ? route.match.domains
415
+ : [route.match.domains];
416
+ for (const routeDomain of routeDomains) {
417
+ if (deriveCertDomainName(routeDomain) === certIdentity) {
418
+ affected.add(routeDomain);
419
+ }
420
+ }
421
+ }
422
+ if (affected.size === 0)
423
+ return;
424
+ // Parse expiry from PEM (defense-in-depth — same pattern as
425
+ // ts/classes.dcrouter.ts:988-995 and the existing certStore.save callback).
426
+ let validUntil = newCert.validUntil;
427
+ let validFrom;
428
+ if (newCert.publicKey) {
429
+ try {
430
+ const x509 = new plugins.crypto.X509Certificate(newCert.publicKey);
431
+ validUntil = new Date(x509.validTo).getTime();
432
+ validFrom = new Date(x509.validFrom).getTime();
433
+ }
434
+ catch { /* fall back to smartacme's value */ }
435
+ }
436
+ // Persist new cert PEM under each affected route domain
437
+ for (const routeDomain of affected) {
438
+ let doc = await ProxyCertDoc.findByDomain(routeDomain);
439
+ if (!doc) {
440
+ doc = new ProxyCertDoc();
441
+ doc.domain = routeDomain;
442
+ }
443
+ doc.publicKey = newCert.publicKey;
444
+ doc.privateKey = newCert.privateKey;
445
+ doc.ca = '';
446
+ doc.validUntil = validUntil || 0;
447
+ doc.validFrom = validFrom || 0;
448
+ await doc.save();
449
+ // Clear status so the next event refresh shows the new cert
450
+ dcRouter.certificateStatusMap.delete(routeDomain);
451
+ }
452
+ logger.log('info', `Propagated force-renewed cert for ${forcedDomain} (cert identity '${certIdentity}') to ${affected.size} sibling route domain(s): ${[...affected].join(', ')}`);
453
+ }
339
454
  /**
340
455
  * Delete certificate data for a domain from storage
341
456
  */
@@ -456,4 +571,4 @@ export class CertificateHandler {
456
571
  return { success: true, message: `Certificate imported for '${cert.domainName}'` };
457
572
  }
458
573
  }
459
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2VydGlmaWNhdGUuaGFuZGxlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3RzL29wc3NlcnZlci9oYW5kbGVycy9jZXJ0aWZpY2F0ZS5oYW5kbGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxPQUFPLE1BQU0sa0JBQWtCLENBQUM7QUFFNUMsT0FBTyxLQUFLLFVBQVUsTUFBTSxpQ0FBaUMsQ0FBQztBQUM5RCxPQUFPLEVBQUUsV0FBVyxFQUFFLFlBQVksRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBRTlELE1BQU0sT0FBTyxrQkFBa0I7SUFDVDtJQUFwQixZQUFvQixZQUF1QjtRQUF2QixpQkFBWSxHQUFaLFlBQVksQ0FBVztRQUN6QyxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztJQUMxQixDQUFDO0lBRU8sZ0JBQWdCO1FBQ3RCLE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsVUFBVSxDQUFDO1FBQ2hELE1BQU0sV0FBVyxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDO1FBRWxELGlGQUFpRjtRQUVqRiwyQkFBMkI7UUFDM0IsVUFBVSxDQUFDLGVBQWUsQ0FDeEIsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FDbkMsd0JBQXdCLEVBQ3hCLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtZQUNoQixNQUFNLFlBQVksR0FBRyxNQUFNLElBQUksQ0FBQyx3QkFBd0IsRUFBRSxDQUFDO1lBQzNELE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUFDLENBQUM7WUFDaEQsT0FBTyxFQUFFLFlBQVksRUFBRSxPQUFPLEVBQUUsQ0FBQztRQUNuQyxDQUFDLENBQ0YsQ0FDRixDQUFDO1FBRUYsbUZBQW1GO1FBRW5GLG1EQUFtRDtRQUNuRCxXQUFXLENBQUMsZUFBZSxDQUN6QixJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUNuQyx3QkFBd0IsRUFDeEIsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFO1lBQ2hCLE9BQU8sSUFBSSxDQUFDLDZCQUE2QixDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUMvRCxDQUFDLENBQ0YsQ0FDRixDQUFDO1FBRUYsdUNBQXVDO1FBQ3ZDLFdBQVcsQ0FBQyxlQUFlLENBQ3pCLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxZQUFZLENBQ25DLDhCQUE4QixFQUM5QixLQUFLLEVBQUUsT0FBTyxFQUFFLEVBQUU7WUFDaEIsT0FBTyxJQUFJLENBQUMsNEJBQTRCLENBQUMsT0FBTyxDQUFDLE1BQU0sRUFBRSxPQUFPLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDL0UsQ0FBQyxDQUNGLENBQ0YsQ0FBQztRQUVGLHFCQUFxQjtRQUNyQixXQUFXLENBQUMsZUFBZSxDQUN6QixJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUNuQyxtQkFBbUIsRUFDbkIsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFO1lBQ2hCLE9BQU8sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNoRCxDQUFDLENBQ0YsQ0FDRixDQUFDO1FBRUYscUJBQXFCO1FBQ3JCLFdBQVcsQ0FBQyxlQUFlLENBQ3pCLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxZQUFZLENBQ25DLG1CQUFtQixFQUNuQixLQUFLLEVBQUUsT0FBTyxFQUFFLEVBQUU7WUFDaEIsT0FBTyxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2hELENBQUMsQ0FDRixDQUNGLENBQUM7UUFFRixxQkFBcUI7UUFDckIsV0FBVyxDQUFDLGVBQWUsQ0FDekIsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FDbkMsbUJBQW1CLEVBQ25CLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtZQUNoQixPQUFPLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDOUMsQ0FBQyxDQUNGLENBQ0YsQ0FBQztJQUNKLENBQUM7SUFFRDs7O09BR0c7SUFDSyxLQUFLLENBQUMsd0JBQXdCO1FBQ3BDLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDO1FBQy9DLE1BQU0sVUFBVSxHQUFHLFFBQVEsQ0FBQyxVQUFVLENBQUM7UUFDdkMsSUFBSSxDQUFDLFVBQVU7WUFBRSxPQUFPLEVBQUUsQ0FBQztRQUUzQixNQUFNLE1BQU0sR0FBRyxVQUFVLENBQUMsWUFBWSxDQUFDLFNBQVMsRUFBRSxDQUFDO1FBRW5ELG1FQUFtRTtRQUNuRSxNQUFNLFNBQVMsR0FBRyxJQUFJLEdBQUcsRUFLckIsQ0FBQztRQUVMLEtBQUssTUFBTSxLQUFLLElBQUksTUFBTSxFQUFFLENBQUM7WUFDM0IsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJO2dCQUFFLFNBQVM7WUFFMUIsTUFBTSxHQUFHLEdBQUcsS0FBSyxDQUFDLE1BQU0sRUFBRSxHQUFHLENBQUM7WUFDOUIsSUFBSSxDQUFDLEdBQUc7Z0JBQUUsU0FBUztZQUVuQiwyREFBMkQ7WUFDM0QsSUFBSSxHQUFHLENBQUMsSUFBSSxLQUFLLGFBQWE7Z0JBQUUsU0FBUztZQUV6QyxNQUFNLFlBQVksR0FBRyxLQUFLLENBQUMsS0FBSyxDQUFDLE9BQU87Z0JBQ3RDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQztnQkFDcEYsQ0FBQyxDQUFDLEVBQUUsQ0FBQztZQUVQLG1CQUFtQjtZQUNuQixJQUFJLE1BQU0sR0FBMkMsTUFBTSxDQUFDO1lBQzVELElBQUksR0FBRyxDQUFDLFdBQVcsS0FBSyxNQUFNLEVBQUUsQ0FBQztnQkFDL0IsSUFBSyxVQUFVLENBQUMsUUFBZ0IsQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO29CQUN2RCxNQUFNLEdBQUcsb0JBQW9CLENBQUM7Z0JBQ2hDLENBQUM7cUJBQU0sQ0FBQztvQkFDTixNQUFNLEdBQUcsTUFBTSxDQUFDO2dCQUNsQixDQUFDO1lBQ0gsQ0FBQztpQkFBTSxJQUFJLEdBQUcsQ0FBQyxXQUFXLElBQUksT0FBTyxHQUFHLENBQUMsV0FBVyxLQUFLLFFBQVEsRUFBRSxDQUFDO2dCQUNsRSxNQUFNLEdBQUcsUUFBUSxDQUFDO1lBQ3BCLENBQUM7WUFFRCxNQUFNLGNBQWMsR0FBRyxNQUFNLEtBQUssTUFBTSxJQUFJLE1BQU0sS0FBSyxvQkFBb0IsQ0FBQztZQUM1RSxNQUFNLE9BQU8sR0FBRyxHQUFHLENBQUMsSUFBK0QsQ0FBQztZQUVwRixLQUFLLE1BQU0sTUFBTSxJQUFJLFlBQVksRUFBRSxDQUFDO2dCQUNsQyxNQUFNLFFBQVEsR0FBRyxTQUFTLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDO2dCQUN2QyxJQUFJLFFBQVEsRUFBRSxDQUFDO29CQUNiLG1EQUFtRDtvQkFDbkQsSUFBSSxDQUFDLFFBQVEsQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDO3dCQUM5QyxRQUFRLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLENBQUM7b0JBQ3ZDLENBQUM7b0JBQ0Qsa0NBQWtDO29CQUNsQyxJQUFJLFFBQVEsQ0FBQyxNQUFNLEtBQUssTUFBTSxJQUFJLE1BQU0sS0FBSyxNQUFNLEVBQUUsQ0FBQzt3QkFDcEQsUUFBUSxDQUFDLE1BQU0sR0FBRyxNQUFNLENBQUM7d0JBQ3pCLFFBQVEsQ0FBQyxjQUFjLEdBQUcsY0FBYyxDQUFDO29CQUMzQyxDQUFDO2dCQUNILENBQUM7cUJBQU0sQ0FBQztvQkFDTixTQUFTLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRTt3QkFDcEIsVUFBVSxFQUFFLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQzt3QkFDeEIsTUFBTTt3QkFDTixPQUFPO3dCQUNQLGNBQWM7cUJBQ2YsQ0FBQyxDQUFDO2dCQUNMLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUVELGlEQUFpRDtRQUNqRCxNQUFNLFlBQVksR0FBMkMsRUFBRSxDQUFDO1FBRWhFLEtBQUssTUFBTSxDQUFDLE1BQU0sRUFBRSxJQUFJLENBQUMsSUFBSSxTQUFTLEVBQUUsQ0FBQztZQUN2QyxJQUFJLE1BQU0sR0FBMkMsU0FBUyxDQUFDO1lBQy9ELElBQUksVUFBOEIsQ0FBQztZQUNuQyxJQUFJLFFBQTRCLENBQUM7WUFDakMsSUFBSSxNQUEwQixDQUFDO1lBQy9CLElBQUksS0FBeUIsQ0FBQztZQUU5QiwyRUFBMkU7WUFDM0UsTUFBTSxXQUFXLEdBQUcsUUFBUSxDQUFDLG9CQUFvQixDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUM5RCxJQUFJLFdBQVcsRUFBRSxDQUFDO2dCQUNoQixNQUFNLEdBQUcsV0FBVyxDQUFDLE1BQU0sQ0FBQztnQkFDNUIsVUFBVSxHQUFHLFdBQVcsQ0FBQyxVQUFVLENBQUM7Z0JBQ3BDLFFBQVEsR0FBRyxXQUFXLENBQUMsUUFBUSxDQUFDO2dCQUNoQyxLQUFLLEdBQUcsV0FBVyxDQUFDLEtBQUssQ0FBQztnQkFDMUIsSUFBSSxXQUFXLENBQUMsTUFBTSxFQUFFLENBQUM7b0JBQ3ZCLE1BQU0sR0FBRyxXQUFXLENBQUMsTUFBTSxDQUFDO2dCQUM5QixDQUFDO1lBQ0gsQ0FBQztZQUVELHFEQUFxRDtZQUNyRCxJQUFJLE1BQU0sS0FBSyxTQUFTLElBQUksSUFBSSxDQUFDLFVBQVUsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7Z0JBQ3ZELElBQUksQ0FBQztvQkFDSCxNQUFNLFVBQVUsR0FBRyxNQUFNLFVBQVUsQ0FBQyxvQkFBb0IsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7b0JBQzdFLElBQUksVUFBVSxFQUFFLENBQUM7d0JBQ2YsSUFBSSxVQUFVLENBQUMsVUFBVTs0QkFBRSxVQUFVLEdBQUcsVUFBVSxDQUFDLFVBQVUsQ0FBQzt3QkFDOUQsSUFBSSxVQUFVLENBQUMsTUFBTTs0QkFBRSxNQUFNLEdBQUcsVUFBVSxDQUFDLE1BQU0sQ0FBQzt3QkFDbEQsSUFBSSxVQUFVLENBQUMsUUFBUTs0QkFBRSxRQUFRLEdBQUcsVUFBVSxDQUFDLFFBQVEsQ0FBQzt3QkFDeEQsSUFBSSxVQUFVLENBQUMsTUFBTSxLQUFLLE9BQU8sSUFBSSxVQUFVLENBQUMsTUFBTSxLQUFLLFNBQVMsRUFBRSxDQUFDOzRCQUNyRSxNQUFNLEdBQUcsVUFBVSxDQUFDLE1BQU0sQ0FBQzt3QkFDN0IsQ0FBQztvQkFDSCxDQUFDO2dCQUNILENBQUM7Z0JBQUMsTUFBTSxDQUFDO29CQUNQLHdEQUF3RDtnQkFDMUQsQ0FBQztZQUNILENBQUM7WUFFRCw0REFBNEQ7WUFDNUQsSUFBSSxNQUFNLEtBQUssU0FBUyxFQUFFLENBQUM7Z0JBQ3pCLE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQyxPQUFPLENBQUMsUUFBUSxFQUFFLEVBQUUsQ0FBQyxDQUFDO2dCQUNqRCxzRkFBc0Y7Z0JBQ3RGLE1BQU0sS0FBSyxHQUFHLFdBQVcsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7Z0JBQ3JDLE1BQU0sVUFBVSxHQUFHLEtBQUssQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxXQUFXLENBQUM7Z0JBQzlFLE1BQU0sT0FBTyxHQUFHLE1BQU0sV0FBVyxDQUFDLFlBQVksQ0FBQyxVQUFVLENBQUM7dUJBQ3JELENBQUMsVUFBVSxLQUFLLFdBQVcsQ0FBQyxDQUFDLENBQUMsTUFBTSxXQUFXLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQztnQkFDdkYsTUFBTSxRQUFRLEdBQUcsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLE1BQU0sWUFBWSxDQUFDLFlBQVksQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDO2dCQUUzRSxJQUFJLE9BQU8sRUFBRSxVQUFVLEVBQUUsQ0FBQztvQkFDeEIsVUFBVSxHQUFHLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxVQUFVLENBQUMsQ0FBQyxXQUFXLEVBQUUsQ0FBQztvQkFDeEQsSUFBSSxPQUFPLENBQUMsT0FBTyxFQUFFLENBQUM7d0JBQ3BCLFFBQVEsR0FBRyxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLENBQUMsV0FBVyxFQUFFLENBQUM7b0JBQ3JELENBQUM7b0JBQ0QsTUFBTSxHQUFHLGtCQUFrQixDQUFDO2dCQUM5QixDQUFDO3FCQUFNLElBQUksUUFBUSxFQUFFLFNBQVMsRUFBRSxDQUFDO29CQUMvQixnREFBZ0Q7b0JBQ2hELElBQUksQ0FBQzt3QkFDSCxNQUFNLElBQUksR0FBRyxJQUFJLE9BQU8sQ0FBQyxNQUFNLENBQUMsZUFBZSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsQ0FBQzt3QkFDcEUsVUFBVSxHQUFHLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQyxXQUFXLEVBQUUsQ0FBQzt3QkFDbEQsUUFBUSxHQUFHLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQyxXQUFXLEVBQUUsQ0FBQztvQkFDcEQsQ0FBQztvQkFBQyxNQUFNLENBQUMsQ0FBQyx3QkFBd0IsQ0FBQyxDQUFDO29CQUNwQyxNQUFNLEdBQUcsT0FBTyxDQUFDO29CQUNqQixNQUFNLEdBQUcsWUFBWSxDQUFDO2dCQUN4QixDQUFDO3FCQUFNLElBQUksT0FBTyxJQUFJLFFBQVEsRUFBRSxDQUFDO29CQUMvQixNQUFNLEdBQUcsT0FBTyxDQUFDO29CQUNqQixNQUFNLEdBQUcsWUFBWSxDQUFDO2dCQUN4QixDQUFDO1lBQ0gsQ0FBQztZQUVELGtDQUFrQztZQUNsQyxJQUFJLFVBQVUsSUFBSSxDQUFDLE1BQU0sS0FBSyxPQUFPLElBQUksTUFBTSxLQUFLLFNBQVMsQ0FBQyxFQUFFLENBQUM7Z0JBQy9ELE1BQU0sTUFBTSxHQUFHLElBQUksSUFBSSxDQUFDLFVBQVUsQ0FBQyxDQUFDO2dCQUNwQyxNQUFNLEdBQUcsR0FBRyxJQUFJLElBQUksRUFBRSxDQUFDO2dCQUN2QixNQUFNLGVBQWUsR0FBRyxDQUFDLE1BQU0sQ0FBQyxPQUFPLEVBQUUsR0FBRyxHQUFHLENBQUMsT0FBTyxFQUFFLENBQUMsR0FBRyxDQUFDLElBQUksR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsQ0FBQyxDQUFDO2dCQUVuRixJQUFJLGVBQWUsR0FBRyxDQUFDLEVBQUUsQ0FBQztvQkFDeEIsTUFBTSxHQUFHLFNBQVMsQ0FBQztnQkFDckIsQ0FBQztxQkFBTSxJQUFJLGVBQWUsR0FBRyxFQUFFLEVBQUUsQ0FBQztvQkFDaEMsTUFBTSxHQUFHLFVBQVUsQ0FBQztnQkFDdEIsQ0FBQztxQkFBTSxDQUFDO29CQUNOLE1BQU0sR0FBRyxPQUFPLENBQUM7Z0JBQ25CLENBQUM7WUFDSCxDQUFDO1lBRUQscURBQXFEO1lBQ3JELElBQUksSUFBSSxDQUFDLE1BQU0sS0FBSyxRQUFRLElBQUksTUFBTSxLQUFLLFNBQVMsRUFBRSxDQUFDO2dCQUNyRCxNQUFNLEdBQUcsT0FBTyxDQUFDO1lBQ25CLENBQUM7WUFFRCwwRUFBMEU7WUFDMUUsSUFBSSxNQUFNLEtBQUssU0FBUyxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sS0FBSyxNQUFNLElBQUksSUFBSSxDQUFDLE1BQU0sS0FBSyxvQkFBb0IsQ0FBQyxFQUFFLENBQUM7Z0JBQzdGLE1BQU0sR0FBRyxjQUFjLENBQUM7WUFDMUIsQ0FBQztZQUVELCtCQUErQjtZQUMvQixJQUFJLFdBQWdFLENBQUM7WUFDckUsSUFBSSxRQUFRLENBQUMsc0JBQXNCLEVBQUUsQ0FBQztnQkFDcEMsTUFBTSxFQUFFLEdBQUcsTUFBTSxRQUFRLENBQUMsc0JBQXNCLENBQUMsY0FBYyxDQUFDLE1BQU0sQ0FBQyxDQUFDO2dCQUN4RSxJQUFJLEVBQUUsRUFBRSxDQUFDO29CQUNQLFdBQVcsR0FBRyxFQUFFLENBQUM7Z0JBQ25CLENBQUM7WUFDSCxDQUFDO1lBRUQsWUFBWSxDQUFDLElBQUksQ0FBQztnQkFDaEIsTUFBTTtnQkFDTixVQUFVLEVBQUUsSUFBSSxDQUFDLFVBQVU7Z0JBQzNCLE1BQU07Z0JBQ04sTUFBTSxFQUFFLElBQUksQ0FBQyxNQUFNO2dCQUNuQixPQUFPLEVBQUUsSUFBSSxDQUFDLE9BQU87Z0JBQ3JCLFVBQVU7Z0JBQ1YsTUFBTTtnQkFDTixRQUFRO2dCQUNSLEtBQUs7Z0JBQ0wsY0FBYyxFQUFFLElBQUksQ0FBQyxjQUFjO2dCQUNuQyxXQUFXO2FBQ1osQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUVELE9BQU8sWUFBWSxDQUFDO0lBQ3RCLENBQUM7SUFFTyxZQUFZLENBQUMsWUFBb0Q7UUFRdkUsTUFBTSxPQUFPLEdBQUcsRUFBRSxLQUFLLEVBQUUsQ0FBQyxFQUFFLEtBQUssRUFBRSxDQUFDLEVBQUUsUUFBUSxFQUFFLENBQUMsRUFBRSxPQUFPLEVBQUUsQ0FBQyxFQUFFLE1BQU0sRUFBRSxDQUFDLEVBQUUsT0FBTyxFQUFFLENBQUMsRUFBRSxDQUFDO1FBQ3ZGLE9BQU8sQ0FBQyxLQUFLLEdBQUcsWUFBWSxDQUFDLE1BQU0sQ0FBQztRQUNwQyxLQUFLLE1BQU0sSUFBSSxJQUFJLFlBQVksRUFBRSxDQUFDO1lBQ2hDLFFBQVEsSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO2dCQUNwQixLQUFLLE9BQU87b0JBQUUsT0FBTyxDQUFDLEtBQUssRUFBRSxDQUFDO29CQUFDLE1BQU07Z0JBQ3JDLEtBQUssVUFBVTtvQkFBRSxPQUFPLENBQUMsUUFBUSxFQUFFLENBQUM7b0JBQUMsTUFBTTtnQkFDM0MsS0FBSyxTQUFTO29CQUFFLE9BQU8sQ0FBQyxPQUFPLEVBQUUsQ0FBQztvQkFBQyxNQUFNO2dCQUN6QyxLQUFLLFFBQVE7b0JBQUUsT0FBTyxDQUFDLE1BQU0sRUFBRSxDQUFDO29CQUFDLE1BQU07Z0JBQ3ZDLEtBQUssY0FBYyxDQUFDLENBQUMsbUJBQW1CO2dCQUN4QyxLQUFLLFNBQVM7b0JBQUUsT0FBTyxDQUFDLE9BQU8sRUFBRSxDQUFDO29CQUFDLE1BQU07WUFDM0MsQ0FBQztRQUNILENBQUM7UUFDRCxPQUFPLE9BQU8sQ0FBQztJQUNqQixDQUFDO0lBRUQ7Ozs7Ozs7T0FPRztJQUNLLEtBQUssQ0FBQyw2QkFBNkIsQ0FBQyxTQUFpQjtRQUMzRCxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQztRQUMvQyxNQUFNLFVBQVUsR0FBRyxRQUFRLENBQUMsVUFBVSxDQUFDO1FBRXZDLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUNoQixPQUFPLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUUsMkJBQTJCLEVBQUUsQ0FBQztRQUNsRSxDQUFDO1FBRUQsNERBQTREO1FBQzVELDRDQUE0QztRQUM1QyxLQUFLLE1BQU0sQ0FBQyxNQUFNLEVBQUUsS0FBSyxDQUFDLElBQUksUUFBUSxDQUFDLG9CQUFvQixFQUFFLENBQUM7WUFDNUQsSUFBSSxLQUFLLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUFDO2dCQUN6QyxRQUFRLENBQUMsb0JBQW9CLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQy9DLENBQUM7UUFDSCxDQUFDO1FBRUQsSUFBSSxDQUFDO1lBQ0gsSUFBSSxRQUFRLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztnQkFDaEMsTUFBTSxRQUFRLENBQUMsa0JBQWtCLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDbEQsQ0FBQztpQkFBTSxDQUFDO2dCQUNOLE1BQU0sVUFBVSxDQUFDLFlBQVksQ0FBQyxVQUFVLENBQUMsWUFBWSxDQUFDLFNBQVMsRUFBRSxDQUFDLENBQUM7WUFDckUsQ0FBQztZQUNELE9BQU8sRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLE9BQU8sRUFBRSxtREFBbUQsU0FBUyxHQUFHLEVBQUUsQ0FBQztRQUNyRyxDQUFDO1FBQUMsT0FBTyxHQUFZLEVBQUUsQ0FBQztZQUN0QixPQUFPLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUcsR0FBYSxDQUFDLE9BQU8sSUFBSSxtQ0FBbUMsRUFBRSxDQUFDO1FBQ3BHLENBQUM7SUFDSCxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7O09BV0c7SUFDSyxLQUFLLENBQUMsNEJBQTRCLENBQUMsTUFBYyxFQUFFLFVBQW9CO1FBQzdFLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDO1FBQy9DLE1BQU0sVUFBVSxHQUFHLFFBQVEsQ0FBQyxVQUFVLENBQUM7UUFFdkMsSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQ2hCLE9BQU8sRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRSwyQkFBMkIsRUFBRSxDQUFDO1FBQ2xFLENBQUM7UUFFRCxnREFBZ0Q7UUFDaEQsSUFBSSxRQUFRLENBQUMsc0JBQXNCLEVBQUUsQ0FBQztZQUNwQyxNQUFNLFFBQVEsQ0FBQyxzQkFBc0IsQ0FBQyxZQUFZLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDN0QsQ0FBQztRQUVELDhEQUE4RDtRQUM5RCxNQUFNLFVBQVUsR0FBRyxRQUFRLENBQUMsdUJBQXVCLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDNUQsSUFBSSxVQUFVLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQzVCLE9BQU8sRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRSwrQkFBK0IsTUFBTSxHQUFHLEVBQUUsQ0FBQztRQUMvRSxDQUFDO1FBRUQscUVBQXFFO1FBQ3JFLGtFQUFrRTtRQUNsRSxJQUFJLFVBQVUsSUFBSSxRQUFRLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDckMsSUFBSSxDQUFDO2dCQUNILE1BQU0sUUFBUSxDQUFDLFNBQVMsQ0FBQyx1QkFBdUIsQ0FBQyxNQUFNLEVBQUUsRUFBRSxVQUFVLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztZQUNqRixDQUFDO1lBQUMsT0FBTyxHQUFZLEVBQUUsQ0FBQztnQkFDdEIsT0FBTyxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUUsT0FBTyxFQUFFLG1DQUFtQyxNQUFNLEtBQU0sR0FBYSxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUM7WUFDN0csQ0FBQztRQUNILENBQUM7UUFFRCw4RUFBOEU7UUFDOUUsUUFBUSxDQUFDLG9CQUFvQixDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUU3Qyx5Q0FBeUM7UUFDekMsb0VBQW9FO1FBQ3BFLHdFQUF3RTtRQUN4RSw2REFBNkQ7UUFDN0QsNERBQTREO1FBQzVELElBQUksQ0FBQztZQUNILElBQUksUUFBUSxDQUFDLGtCQUFrQixFQUFFLENBQUM7Z0JBQ2hDLE1BQU0sUUFBUSxDQUFDLGtCQUFrQixDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ2xELENBQUM7aUJBQU0sQ0FBQztnQkFDTixrRUFBa0U7Z0JBQ2xFLE1BQU0sVUFBVSxDQUFDLFlBQVksQ0FBQyxVQUFVLENBQUMsWUFBWSxDQUFDLFNBQVMsRUFBRSxDQUFDLENBQUM7WUFDckUsQ0FBQztZQUNELE9BQU8sRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLE9BQU8sRUFBRSxVQUFVLENBQUMsQ0FBQyxDQUFDLHlDQUF5QyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUMsb0RBQW9ELE1BQU0sR0FBRyxFQUFFLENBQUM7UUFDckssQ0FBQztRQUFDLE9BQU8sR0FBWSxFQUFFLENBQUM7WUFDdEIsT0FBTyxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUUsT0FBTyxFQUFHLEdBQWEsQ0FBQyxPQUFPLElBQUkseUNBQXlDLE1BQU0sRUFBRSxFQUFFLENBQUM7UUFDbEgsQ0FBQztJQUNILENBQUM7SUFFRDs7T0FFRztJQUNLLEtBQUssQ0FBQyxpQkFBaUIsQ0FBQyxNQUFjO1FBQzVDLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDO1FBQy9DLE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQyxPQUFPLENBQUMsUUFBUSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQ2pELE1BQU0sS0FBSyxHQUFHLFdBQVcsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDckMsTUFBTSxVQUFVLEdBQUcsS0FBSyxDQUFDLE1BQU0sR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLFdBQVcsQ0FBQztRQUU5RSw2RUFBNkU7UUFDN0UsTUFBTSxPQUFPLEdBQUcsTUFBTSxXQUFXLENBQUMsWUFBWSxDQUFDLFVBQVUsQ0FBQztlQUNyRCxDQUFDLFVBQVUsS0FBSyxXQUFXLENBQUMsQ0FBQyxDQUFDLE1BQU0sV0FBVyxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDdkYsSUFBSSxPQUFPLEVBQUUsQ0FBQztZQUNaLE1BQU0sT0FBTyxDQUFDLE1BQU0sRUFBRSxDQUFDO1FBQ3pCLENBQUM7UUFFRCw0REFBNEQ7UUFDNUQsS0FBSyxNQUFNLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxXQUFXLENBQUMsRUFBRSxDQUFDO1lBQ3RDLE1BQU0sUUFBUSxHQUFHLE1BQU0sWUFBWSxDQUFDLFlBQVksQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUNwRCxJQUFJLFFBQVEsRUFBRSxDQUFDO2dCQUNiLE1BQU0sUUFBUSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQzFCLENBQUM7UUFDSCxDQUFDO1FBRUQsa0NBQWtDO1FBQ2xDLFFBQVEsQ0FBQyxvQkFBb0IsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFN0MscUJBQXFCO1FBQ3JCLElBQUksUUFBUSxDQUFDLHNCQUFzQixFQUFFLENBQUM7WUFDcEMsTUFBTSxRQUFRLENBQUMsc0JBQXNCLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQzdELENBQUM7UUFFRCxPQUFPLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxPQUFPLEVBQUUsaUNBQWlDLE1BQU0sR0FBRyxFQUFFLENBQUM7SUFDaEYsQ0FBQztJQUVEOztPQUVHO0lBQ0ssS0FBSyxDQUFDLGlCQUFpQixDQUFDLE1BQWM7UUFhNUMsTUFBTSxXQUFXLEdBQUcsTUFBTSxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakQsZ0RBQWdEO1FBQ2hELE1BQU0sT0FBTyxHQUFHLE1BQU0sV0FBVyxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUM1RCxJQUFJLE9BQU8sSUFBSSxPQUFPLENBQUMsU0FBUyxJQUFJLE9BQU8sQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUN2RCxPQUFPO2dCQUNMLE9BQU8sRUFBRSxJQUFJO2dCQUNiLElBQUksRUFBRTtvQkFDSixFQUFFLEVBQUUsT0FBTyxDQUFDLEVBQUUsSUFBSSxPQUFPLENBQUMsTUFBTSxDQUFDLFVBQVUsRUFBRTtvQkFDN0MsVUFBVSxFQUFFLE9BQU8sQ0FBQyxVQUFVLElBQUksTUFBTTtvQkFDeEMsT0FBTyxFQUFFLE9BQU8sQ0FBQyxPQUFPLElBQUksSUFBSSxDQUFDLEdBQUcsRUFBRTtvQkFDdEMsVUFBVSxFQUFFLE9BQU8sQ0FBQyxVQUFVLElBQUksQ0FBQztvQkFDbkMsVUFBVSxFQUFFLE9BQU8sQ0FBQyxVQUFVO29CQUM5QixTQUFTLEVBQUUsT0FBTyxDQUFDLFNBQVM7b0JBQzVCLEdBQUcsRUFBRSxPQUFPLENBQUMsR0FBRyxJQUFJLEVBQUU7aUJBQ3ZCO2FBQ0YsQ0FBQztRQUNKLENBQUM7UUFFRCxxRUFBcUU7UUFDckUsSUFBSSxRQUFRLEdBQUcsTUFBTSxZQUFZLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ3ZELElBQUksQ0FBQyxRQUFRLElBQUksQ0FBQyxRQUFRLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDckMsUUFBUSxHQUFHLE1BQU0sWUFBWSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUMxRCxDQUFDO1FBRUQsSUFBSSxRQUFRLElBQUksUUFBUSxDQUFDLFNBQVMsSUFBSSxRQUFRLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDMUQsT0FBTztnQkFDTCxPQUFPLEVBQUUsSUFBSTtnQkFDYixJQUFJLEVBQUU7b0JBQ0osRUFBRSxFQUFFLE9BQU8sQ0FBQyxNQUFNLENBQUMsVUFBVSxFQUFFO29CQUMvQixVQUFVLEVBQUUsTUFBTTtvQkFDbEIsT0FBTyxFQUFFLFFBQVEsQ0FBQyxTQUFTLElBQUksSUFBSSxDQUFDLEdBQUcsRUFBRTtvQkFDekMsVUFBVSxFQUFFLFFBQVEsQ0FBQyxVQUFVLElBQUksQ0FBQztvQkFDcEMsVUFBVSxFQUFFLFFBQVEsQ0FBQyxVQUFVO29CQUMvQixTQUFTLEVBQUUsUUFBUSxDQUFDLFNBQVM7b0JBQzdCLEdBQUcsRUFBRSxFQUFFO2lCQUNSO2FBQ0YsQ0FBQztRQUNKLENBQUM7UUFFRCxPQUFPLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUUsa0NBQWtDLE1BQU0sR0FBRyxFQUFFLENBQUM7SUFDbEYsQ0FBQztJQUVEOztPQUVHO0lBQ0ssS0FBSyxDQUFDLGlCQUFpQixDQUFDLElBUS9CO1FBQ0MsdUJBQXVCO1FBQ3ZCLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsNkJBQTZCLENBQUMsRUFBRSxDQUFDO1lBQy9FLE9BQU8sRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRSwyREFBMkQsRUFBRSxDQUFDO1FBQ2xHLENBQUM7UUFDRCxJQUFJLENBQUMsSUFBSSxDQUFDLFVBQVUsSUFBSSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLFlBQVksQ0FBQyxFQUFFLENBQUM7WUFDaEUsT0FBTyxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUUsT0FBTyxFQUFFLG9EQUFvRCxFQUFFLENBQUM7UUFDM0YsQ0FBQztRQUVELE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDO1FBQy9DLE1BQU0sV0FBVyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDLFFBQVEsRUFBRSxFQUFFLENBQUMsQ0FBQztRQUUxRCw2Q0FBNkM7UUFDN0MsSUFBSSxPQUFPLEdBQUcsTUFBTSxXQUFXLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQzFELElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNiLE9BQU8sR0FBRyxJQUFJLFdBQVcsRUFBRSxDQUFDO1lBQzVCLE9BQU8sQ0FBQyxVQUFVLEdBQUcsV0FBVyxDQUFDO1FBQ25DLENBQUM7UUFDRCxPQUFPLENBQUMsRUFBRSxHQUFHLElBQUksQ0FBQyxFQUFFLENBQUM7UUFDckIsT0FBTyxDQUFDLE9BQU8sR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDO1FBQy9CLE9BQU8sQ0FBQyxVQUFVLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQztRQUNyQyxPQUFPLENBQUMsVUFBVSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUM7UUFDckMsT0FBTyxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDO1FBQ25DLE9BQU8sQ0FBQyxHQUFHLEdBQUcsSUFBSSxDQUFDLEdBQUcsSUFBSSxFQUFFLENBQUM7UUFDN0IsTUFBTSxPQUFPLENBQUMsSUFBSSxFQUFFLENBQUM7UUFFckIsZ0RBQWdEO1FBQ2hELElBQUksUUFBUSxHQUFHLE1BQU0sWUFBWSxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDaEUsSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ2QsUUFBUSxHQUFHLElBQUksWUFBWSxFQUFFLENBQUM7WUFDOUIsUUFBUSxDQUFDLE1BQU0sR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDO1FBQ3BDLENBQUM7UUFDRCxRQUFRLENBQUMsU0FBUyxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUM7UUFDcEMsUUFBUSxDQUFDLFVBQVUsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDO1FBQ3RDLFFBQVEsQ0FBQyxFQUFFLEdBQUcsRUFBRSxDQUFDO1FBQ2pCLFFBQVEsQ0FBQyxVQUFVLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQztRQUN0QyxRQUFRLENBQUMsU0FBUyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUM7UUFDbEMsTUFBTSxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7UUFFdEIsOEJBQThCO1FBQzlCLFFBQVEsQ0FBQyxvQkFBb0IsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRTtZQUNqRCxNQUFNLEVBQUUsT0FBTztZQUNmLE1BQU0sRUFBRSxRQUFRO1lBQ2hCLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQyxJQUFJLElBQUksQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLENBQUMsV0FBVyxFQUFFLENBQUMsQ0FBQyxDQUFDLFNBQVM7WUFDakYsUUFBUSxFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQyxXQUFXLEVBQUUsQ0FBQyxDQUFDLENBQUMsU0FBUztZQUN6RSxVQUFVLEVBQUUsRUFBRTtTQUNmLENBQUMsQ0FBQztRQUVILE9BQU8sRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLE9BQU8sRUFBRSw2QkFBNkIsSUFBSSxDQUFDLFVBQVUsR0FBRyxFQUFFLENBQUM7SUFDckYsQ0FBQztDQUNGIn0=
574
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2VydGlmaWNhdGUuaGFuZGxlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3RzL29wc3NlcnZlci9oYW5kbGVycy9jZXJ0aWZpY2F0ZS5oYW5kbGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxPQUFPLE1BQU0sa0JBQWtCLENBQUM7QUFFNUMsT0FBTyxLQUFLLFVBQVUsTUFBTSxpQ0FBaUMsQ0FBQztBQUM5RCxPQUFPLEVBQUUsV0FBVyxFQUFFLFlBQVksRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBQzlELE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxpQkFBaUIsQ0FBQztBQUV6Qzs7Ozs7Ozs7Ozs7R0FXRztBQUNILE1BQU0sVUFBVSxvQkFBb0IsQ0FBQyxNQUFjO0lBQ2pELElBQUksTUFBTSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDO1FBQzVCLE9BQU8sTUFBTSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUN6QixDQUFDO0lBQ0QsTUFBTSxLQUFLLEdBQUcsTUFBTSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNoQyxJQUFJLEtBQUssQ0FBQyxNQUFNLEdBQUcsQ0FBQyxJQUFJLEtBQUssQ0FBQyxNQUFNLEdBQUcsQ0FBQztRQUFFLE9BQU8sU0FBUyxDQUFDO0lBQzNELE9BQU8sS0FBSyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztBQUNuQyxDQUFDO0FBRUQsTUFBTSxPQUFPLGtCQUFrQjtJQUNUO0lBQXBCLFlBQW9CLFlBQXVCO1FBQXZCLGlCQUFZLEdBQVosWUFBWSxDQUFXO1FBQ3pDLElBQUksQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO0lBQzFCLENBQUM7SUFFTyxnQkFBZ0I7UUFDdEIsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxVQUFVLENBQUM7UUFDaEQsTUFBTSxXQUFXLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUM7UUFFbEQsaUZBQWlGO1FBRWpGLDJCQUEyQjtRQUMzQixVQUFVLENBQUMsZUFBZSxDQUN4QixJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUNuQyx3QkFBd0IsRUFDeEIsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFO1lBQ2hCLE1BQU0sWUFBWSxHQUFHLE1BQU0sSUFBSSxDQUFDLHdCQUF3QixFQUFFLENBQUM7WUFDM0QsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxZQUFZLENBQUMsQ0FBQztZQUNoRCxPQUFPLEVBQUUsWUFBWSxFQUFFLE9BQU8sRUFBRSxDQUFDO1FBQ25DLENBQUMsQ0FDRixDQUNGLENBQUM7UUFFRixtRkFBbUY7UUFFbkYsbURBQW1EO1FBQ25ELFdBQVcsQ0FBQyxlQUFlLENBQ3pCLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxZQUFZLENBQ25DLHdCQUF3QixFQUN4QixLQUFLLEVBQUUsT0FBTyxFQUFFLEVBQUU7WUFDaEIsT0FBTyxJQUFJLENBQUMsNkJBQTZCLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQy9ELENBQUMsQ0FDRixDQUNGLENBQUM7UUFFRix1Q0FBdUM7UUFDdkMsV0FBVyxDQUFDLGVBQWUsQ0FDekIsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FDbkMsOEJBQThCLEVBQzlCLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtZQUNoQixPQUFPLElBQUksQ0FBQyw0QkFBNEIsQ0FBQyxPQUFPLENBQUMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUMvRSxDQUFDLENBQ0YsQ0FDRixDQUFDO1FBRUYscUJBQXFCO1FBQ3JCLFdBQVcsQ0FBQyxlQUFlLENBQ3pCLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxZQUFZLENBQ25DLG1CQUFtQixFQUNuQixLQUFLLEVBQUUsT0FBTyxFQUFFLEVBQUU7WUFDaEIsT0FBTyxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2hELENBQUMsQ0FDRixDQUNGLENBQUM7UUFFRixxQkFBcUI7UUFDckIsV0FBVyxDQUFDLGVBQWUsQ0FDekIsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FDbkMsbUJBQW1CLEVBQ25CLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtZQUNoQixPQUFPLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDaEQsQ0FBQyxDQUNGLENBQ0YsQ0FBQztRQUVGLHFCQUFxQjtRQUNyQixXQUFXLENBQUMsZUFBZSxDQUN6QixJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUNuQyxtQkFBbUIsRUFDbkIsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFO1lBQ2hCLE9BQU8sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUM5QyxDQUFDLENBQ0YsQ0FDRixDQUFDO0lBQ0osQ0FBQztJQUVEOzs7T0FHRztJQUNLLEtBQUssQ0FBQyx3QkFBd0I7UUFDcEMsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUM7UUFDL0MsTUFBTSxVQUFVLEdBQUcsUUFBUSxDQUFDLFVBQVUsQ0FBQztRQUN2QyxJQUFJLENBQUMsVUFBVTtZQUFFLE9BQU8sRUFBRSxDQUFDO1FBRTNCLE1BQU0sTUFBTSxHQUFHLFVBQVUsQ0FBQyxZQUFZLENBQUMsU0FBUyxFQUFFLENBQUM7UUFFbkQsbUVBQW1FO1FBQ25FLE1BQU0sU0FBUyxHQUFHLElBQUksR0FBRyxFQUtyQixDQUFDO1FBRUwsS0FBSyxNQUFNLEtBQUssSUFBSSxNQUFNLEVBQUUsQ0FBQztZQUMzQixJQUFJLENBQUMsS0FBSyxDQUFDLElBQUk7Z0JBQUUsU0FBUztZQUUxQixNQUFNLEdBQUcsR0FBRyxLQUFLLENBQUMsTUFBTSxFQUFFLEdBQUcsQ0FBQztZQUM5QixJQUFJLENBQUMsR0FBRztnQkFBRSxTQUFTO1lBRW5CLDJEQUEyRDtZQUMzRCxJQUFJLEdBQUcsQ0FBQyxJQUFJLEtBQUssYUFBYTtnQkFBRSxTQUFTO1lBRXpDLE1BQU0sWUFBWSxHQUFHLEtBQUssQ0FBQyxLQUFLLENBQUMsT0FBTztnQkFDdEMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDO2dCQUNwRixDQUFDLENBQUMsRUFBRSxDQUFDO1lBRVAsbUJBQW1CO1lBQ25CLElBQUksTUFBTSxHQUEyQyxNQUFNLENBQUM7WUFDNUQsSUFBSSxHQUFHLENBQUMsV0FBVyxLQUFLLE1BQU0sRUFBRSxDQUFDO2dCQUMvQixJQUFLLFVBQVUsQ0FBQyxRQUFnQixDQUFDLHFCQUFxQixFQUFFLENBQUM7b0JBQ3ZELE1BQU0sR0FBRyxvQkFBb0IsQ0FBQztnQkFDaEMsQ0FBQztxQkFBTSxDQUFDO29CQUNOLE1BQU0sR0FBRyxNQUFNLENBQUM7Z0JBQ2xCLENBQUM7WUFDSCxDQUFDO2lCQUFNLElBQUksR0FBRyxDQUFDLFdBQVcsSUFBSSxPQUFPLEdBQUcsQ0FBQyxXQUFXLEtBQUssUUFBUSxFQUFFLENBQUM7Z0JBQ2xFLE1BQU0sR0FBRyxRQUFRLENBQUM7WUFDcEIsQ0FBQztZQUVELE1BQU0sY0FBYyxHQUFHLE1BQU0sS0FBSyxNQUFNLElBQUksTUFBTSxLQUFLLG9CQUFvQixDQUFDO1lBQzVFLE1BQU0sT0FBTyxHQUFHLEdBQUcsQ0FBQyxJQUErRCxDQUFDO1lBRXBGLEtBQUssTUFBTSxNQUFNLElBQUksWUFBWSxFQUFFLENBQUM7Z0JBQ2xDLE1BQU0sUUFBUSxHQUFHLFNBQVMsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUM7Z0JBQ3ZDLElBQUksUUFBUSxFQUFFLENBQUM7b0JBQ2IsbURBQW1EO29CQUNuRCxJQUFJLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUM7d0JBQzlDLFFBQVEsQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsQ0FBQztvQkFDdkMsQ0FBQztvQkFDRCxrQ0FBa0M7b0JBQ2xDLElBQUksUUFBUSxDQUFDLE1BQU0sS0FBSyxNQUFNLElBQUksTUFBTSxLQUFLLE1BQU0sRUFBRSxDQUFDO3dCQUNwRCxRQUFRLENBQUMsTUFBTSxHQUFHLE1BQU0sQ0FBQzt3QkFDekIsUUFBUSxDQUFDLGNBQWMsR0FBRyxjQUFjLENBQUM7b0JBQzNDLENBQUM7Z0JBQ0gsQ0FBQztxQkFBTSxDQUFDO29CQUNOLFNBQVMsQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFO3dCQUNwQixVQUFVLEVBQUUsQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDO3dCQUN4QixNQUFNO3dCQUNOLE9BQU87d0JBQ1AsY0FBYztxQkFDZixDQUFDLENBQUM7Z0JBQ0wsQ0FBQztZQUNILENBQUM7UUFDSCxDQUFDO1FBRUQsaURBQWlEO1FBQ2pELE1BQU0sWUFBWSxHQUEyQyxFQUFFLENBQUM7UUFFaEUsS0FBSyxNQUFNLENBQUMsTUFBTSxFQUFFLElBQUksQ0FBQyxJQUFJLFNBQVMsRUFBRSxDQUFDO1lBQ3ZDLElBQUksTUFBTSxHQUEyQyxTQUFTLENBQUM7WUFDL0QsSUFBSSxVQUE4QixDQUFDO1lBQ25DLElBQUksUUFBNEIsQ0FBQztZQUNqQyxJQUFJLE1BQTBCLENBQUM7WUFDL0IsSUFBSSxLQUF5QixDQUFDO1lBRTlCLDJFQUEyRTtZQUMzRSxNQUFNLFdBQVcsR0FBRyxRQUFRLENBQUMsb0JBQW9CLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQzlELElBQUksV0FBVyxFQUFFLENBQUM7Z0JBQ2hCLE1BQU0sR0FBRyxXQUFXLENBQUMsTUFBTSxDQUFDO2dCQUM1QixVQUFVLEdBQUcsV0FBVyxDQUFDLFVBQVUsQ0FBQztnQkFDcEMsUUFBUSxHQUFHLFdBQVcsQ0FBQyxRQUFRLENBQUM7Z0JBQ2hDLEtBQUssR0FBRyxXQUFXLENBQUMsS0FBSyxDQUFDO2dCQUMxQixJQUFJLFdBQVcsQ0FBQyxNQUFNLEVBQUUsQ0FBQztvQkFDdkIsTUFBTSxHQUFHLFdBQVcsQ0FBQyxNQUFNLENBQUM7Z0JBQzlCLENBQUM7WUFDSCxDQUFDO1lBRUQscURBQXFEO1lBQ3JELElBQUksTUFBTSxLQUFLLFNBQVMsSUFBSSxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztnQkFDdkQsSUFBSSxDQUFDO29CQUNILE1BQU0sVUFBVSxHQUFHLE1BQU0sVUFBVSxDQUFDLG9CQUFvQixDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztvQkFDN0UsSUFBSSxVQUFVLEVBQUUsQ0FBQzt3QkFDZixJQUFJLFVBQVUsQ0FBQyxVQUFVOzRCQUFFLFVBQVUsR0FBRyxVQUFVLENBQUMsVUFBVSxDQUFDO3dCQUM5RCxJQUFJLFVBQVUsQ0FBQyxNQUFNOzRCQUFFLE1BQU0sR0FBRyxVQUFVLENBQUMsTUFBTSxDQUFDO3dCQUNsRCxJQUFJLFVBQVUsQ0FBQyxRQUFROzRCQUFFLFFBQVEsR0FBRyxVQUFVLENBQUMsUUFBUSxDQUFDO3dCQUN4RCxJQUFJLFVBQVUsQ0FBQyxNQUFNLEtBQUssT0FBTyxJQUFJLFVBQVUsQ0FBQyxNQUFNLEtBQUssU0FBUyxFQUFFLENBQUM7NEJBQ3JFLE1BQU0sR0FBRyxVQUFVLENBQUMsTUFBTSxDQUFDO3dCQUM3QixDQUFDO29CQUNILENBQUM7Z0JBQ0gsQ0FBQztnQkFBQyxNQUFNLENBQUM7b0JBQ1Asd0RBQXdEO2dCQUMxRCxDQUFDO1lBQ0gsQ0FBQztZQUVELDREQUE0RDtZQUM1RCxJQUFJLE1BQU0sS0FBSyxTQUFTLEVBQUUsQ0FBQztnQkFDekIsTUFBTSxXQUFXLEdBQUcsTUFBTSxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsRUFBRSxDQUFDLENBQUM7Z0JBQ2pELHNGQUFzRjtnQkFDdEYsTUFBTSxLQUFLLEdBQUcsV0FBVyxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztnQkFDckMsTUFBTSxVQUFVLEdBQUcsS0FBSyxDQUFDLE1BQU0sR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLFdBQVcsQ0FBQztnQkFDOUUsTUFBTSxPQUFPLEdBQUcsTUFBTSxXQUFXLENBQUMsWUFBWSxDQUFDLFVBQVUsQ0FBQzt1QkFDckQsQ0FBQyxVQUFVLEtBQUssV0FBVyxDQUFDLENBQUMsQ0FBQyxNQUFNLFdBQVcsQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDO2dCQUN2RixNQUFNLFFBQVEsR0FBRyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsTUFBTSxZQUFZLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUM7Z0JBRTNFLElBQUksT0FBTyxFQUFFLFVBQVUsRUFBRSxDQUFDO29CQUN4QixVQUFVLEdBQUcsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxDQUFDLFdBQVcsRUFBRSxDQUFDO29CQUN4RCxJQUFJLE9BQU8sQ0FBQyxPQUFPLEVBQUUsQ0FBQzt3QkFDcEIsUUFBUSxHQUFHLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsQ0FBQyxXQUFXLEVBQUUsQ0FBQztvQkFDckQsQ0FBQztvQkFDRCxNQUFNLEdBQUcsa0JBQWtCLENBQUM7Z0JBQzlCLENBQUM7cUJBQU0sSUFBSSxRQUFRLEVBQUUsU0FBUyxFQUFFLENBQUM7b0JBQy9CLGdEQUFnRDtvQkFDaEQsSUFBSSxDQUFDO3dCQUNILE1BQU0sSUFBSSxHQUFHLElBQUksT0FBTyxDQUFDLE1BQU0sQ0FBQyxlQUFlLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQyxDQUFDO3dCQUNwRSxVQUFVLEdBQUcsSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDLFdBQVcsRUFBRSxDQUFDO3dCQUNsRCxRQUFRLEdBQUcsSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDLFdBQVcsRUFBRSxDQUFDO29CQUNwRCxDQUFDO29CQUFDLE1BQU0sQ0FBQyxDQUFDLHdCQUF3QixDQUFDLENBQUM7b0JBQ3BDLE1BQU0sR0FBRyxPQUFPLENBQUM7b0JBQ2pCLE1BQU0sR0FBRyxZQUFZLENBQUM7Z0JBQ3hCLENBQUM7cUJBQU0sSUFBSSxPQUFPLElBQUksUUFBUSxFQUFFLENBQUM7b0JBQy9CLE1BQU0sR0FBRyxPQUFPLENBQUM7b0JBQ2pCLE1BQU0sR0FBRyxZQUFZLENBQUM7Z0JBQ3hCLENBQUM7WUFDSCxDQUFDO1lBRUQsa0NBQWtDO1lBQ2xDLElBQUksVUFBVSxJQUFJLENBQUMsTUFBTSxLQUFLLE9BQU8sSUFBSSxNQUFNLEtBQUssU0FBUyxDQUFDLEVBQUUsQ0FBQztnQkFDL0QsTUFBTSxNQUFNLEdBQUcsSUFBSSxJQUFJLENBQUMsVUFBVSxDQUFDLENBQUM7Z0JBQ3BDLE1BQU0sR0FBRyxHQUFHLElBQUksSUFBSSxFQUFFLENBQUM7Z0JBQ3ZCLE1BQU0sZUFBZSxHQUFHLENBQUMsTUFBTSxDQUFDLE9BQU8sRUFBRSxHQUFHLEdBQUcsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxHQUFHLENBQUMsSUFBSSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxDQUFDLENBQUM7Z0JBRW5GLElBQUksZUFBZSxHQUFHLENBQUMsRUFBRSxDQUFDO29CQUN4QixNQUFNLEdBQUcsU0FBUyxDQUFDO2dCQUNyQixDQUFDO3FCQUFNLElBQUksZUFBZSxHQUFHLEVBQUUsRUFBRSxDQUFDO29CQUNoQyxNQUFNLEdBQUcsVUFBVSxDQUFDO2dCQUN0QixDQUFDO3FCQUFNLENBQUM7b0JBQ04sTUFBTSxHQUFHLE9BQU8sQ0FBQztnQkFDbkIsQ0FBQztZQUNILENBQUM7WUFFRCxxREFBcUQ7WUFDckQsSUFBSSxJQUFJLENBQUMsTUFBTSxLQUFLLFFBQVEsSUFBSSxNQUFNLEtBQUssU0FBUyxFQUFFLENBQUM7Z0JBQ3JELE1BQU0sR0FBRyxPQUFPLENBQUM7WUFDbkIsQ0FBQztZQUVELDBFQUEwRTtZQUMxRSxJQUFJLE1BQU0sS0FBSyxTQUFTLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxLQUFLLE1BQU0sSUFBSSxJQUFJLENBQUMsTUFBTSxLQUFLLG9CQUFvQixDQUFDLEVBQUUsQ0FBQztnQkFDN0YsTUFBTSxHQUFHLGNBQWMsQ0FBQztZQUMxQixDQUFDO1lBRUQsK0JBQStCO1lBQy9CLElBQUksV0FBZ0UsQ0FBQztZQUNyRSxJQUFJLFFBQVEsQ0FBQyxzQkFBc0IsRUFBRSxDQUFDO2dCQUNwQyxNQUFNLEVBQUUsR0FBRyxNQUFNLFFBQVEsQ0FBQyxzQkFBc0IsQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDLENBQUM7Z0JBQ3hFLElBQUksRUFBRSxFQUFFLENBQUM7b0JBQ1AsV0FBVyxHQUFHLEVBQUUsQ0FBQztnQkFDbkIsQ0FBQztZQUNILENBQUM7WUFFRCxZQUFZLENBQUMsSUFBSSxDQUFDO2dCQUNoQixNQUFNO2dCQUNOLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVTtnQkFDM0IsTUFBTTtnQkFDTixNQUFNLEVBQUUsSUFBSSxDQUFDLE1BQU07Z0JBQ25CLE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTztnQkFDckIsVUFBVTtnQkFDVixNQUFNO2dCQUNOLFFBQVE7Z0JBQ1IsS0FBSztnQkFDTCxjQUFjLEVBQUUsSUFBSSxDQUFDLGNBQWM7Z0JBQ25DLFdBQVc7YUFDWixDQUFDLENBQUM7UUFDTCxDQUFDO1FBRUQsT0FBTyxZQUFZLENBQUM7SUFDdEIsQ0FBQztJQUVPLFlBQVksQ0FBQyxZQUFvRDtRQVF2RSxNQUFNLE9BQU8sR0FBRyxFQUFFLEtBQUssRUFBRSxDQUFDLEVBQUUsS0FBSyxFQUFFLENBQUMsRUFBRSxRQUFRLEVBQUUsQ0FBQyxFQUFFLE9BQU8sRUFBRSxDQUFDLEVBQUUsTUFBTSxFQUFFLENBQUMsRUFBRSxPQUFPLEVBQUUsQ0FBQyxFQUFFLENBQUM7UUFDdkYsT0FBTyxDQUFDLEtBQUssR0FBRyxZQUFZLENBQUMsTUFBTSxDQUFDO1FBQ3BDLEtBQUssTUFBTSxJQUFJLElBQUksWUFBWSxFQUFFLENBQUM7WUFDaEMsUUFBUSxJQUFJLENBQUMsTUFBTSxFQUFFLENBQUM7Z0JBQ3BCLEtBQUssT0FBTztvQkFBRSxPQUFPLENBQUMsS0FBSyxFQUFFLENBQUM7b0JBQUMsTUFBTTtnQkFDckMsS0FBSyxVQUFVO29CQUFFLE9BQU8sQ0FBQyxRQUFRLEVBQUUsQ0FBQztvQkFBQyxNQUFNO2dCQUMzQyxLQUFLLFNBQVM7b0JBQUUsT0FBTyxDQUFDLE9BQU8sRUFBRSxDQUFDO29CQUFDLE1BQU07Z0JBQ3pDLEtBQUssUUFBUTtvQkFBRSxPQUFPLENBQUMsTUFBTSxFQUFFLENBQUM7b0JBQUMsTUFBTTtnQkFDdkMsS0FBSyxjQUFjLENBQUMsQ0FBQyxtQkFBbUI7Z0JBQ3hDLEtBQUssU0FBUztvQkFBRSxPQUFPLENBQUMsT0FBTyxFQUFFLENBQUM7b0JBQUMsTUFBTTtZQUMzQyxDQUFDO1FBQ0gsQ0FBQztRQUNELE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7SUFFRDs7Ozs7OztPQU9HO0lBQ0ssS0FBSyxDQUFDLDZCQUE2QixDQUFDLFNBQWlCO1FBQzNELE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDO1FBQy9DLE1BQU0sVUFBVSxHQUFHLFFBQVEsQ0FBQyxVQUFVLENBQUM7UUFFdkMsSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQ2hCLE9BQU8sRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRSwyQkFBMkIsRUFBRSxDQUFDO1FBQ2xFLENBQUM7UUFFRCw0REFBNEQ7UUFDNUQsNENBQTRDO1FBQzVDLEtBQUssTUFBTSxDQUFDLE1BQU0sRUFBRSxLQUFLLENBQUMsSUFBSSxRQUFRLENBQUMsb0JBQW9CLEVBQUUsQ0FBQztZQUM1RCxJQUFJLEtBQUssQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUM7Z0JBQ3pDLFFBQVEsQ0FBQyxvQkFBb0IsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUM7WUFDL0MsQ0FBQztRQUNILENBQUM7UUFFRCxJQUFJLENBQUM7WUFDSCxJQUFJLFFBQVEsQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO2dCQUNoQyxNQUFNLFFBQVEsQ0FBQyxrQkFBa0IsQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUNsRCxDQUFDO2lCQUFNLENBQUM7Z0JBQ04sTUFBTSxVQUFVLENBQUMsWUFBWSxDQUFDLFVBQVUsQ0FBQyxZQUFZLENBQUMsU0FBUyxFQUFFLENBQUMsQ0FBQztZQUNyRSxDQUFDO1lBQ0QsT0FBTyxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsT0FBTyxFQUFFLG1EQUFtRCxTQUFTLEdBQUcsRUFBRSxDQUFDO1FBQ3JHLENBQUM7UUFBQyxPQUFPLEdBQVksRUFBRSxDQUFDO1lBQ3RCLE9BQU8sRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRyxHQUFhLENBQUMsT0FBTyxJQUFJLG1DQUFtQyxFQUFFLENBQUM7UUFDcEcsQ0FBQztJQUNILENBQUM7SUFFRDs7Ozs7Ozs7Ozs7T0FXRztJQUNLLEtBQUssQ0FBQyw0QkFBNEIsQ0FBQyxNQUFjLEVBQUUsVUFBb0I7UUFDN0UsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUM7UUFDL0MsTUFBTSxVQUFVLEdBQUcsUUFBUSxDQUFDLFVBQVUsQ0FBQztRQUV2QyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDaEIsT0FBTyxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUUsT0FBTyxFQUFFLDJCQUEyQixFQUFFLENBQUM7UUFDbEUsQ0FBQztRQUVELGdEQUFnRDtRQUNoRCxJQUFJLFFBQVEsQ0FBQyxzQkFBc0IsRUFBRSxDQUFDO1lBQ3BDLE1BQU0sUUFBUSxDQUFDLHNCQUFzQixDQUFDLFlBQVksQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUM3RCxDQUFDO1FBRUQsOERBQThEO1FBQzlELE1BQU0sVUFBVSxHQUFHLFFBQVEsQ0FBQyx1QkFBdUIsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUM1RCxJQUFJLFVBQVUsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDNUIsT0FBTyxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUUsT0FBTyxFQUFFLCtCQUErQixNQUFNLEdBQUcsRUFBRSxDQUFDO1FBQy9FLENBQUM7UUFFRCxxRUFBcUU7UUFDckUsa0VBQWtFO1FBQ2xFLEVBQUU7UUFDRiwyRUFBMkU7UUFDM0UsMEVBQTBFO1FBQzFFLDBFQUEwRTtRQUMxRSw0RUFBNEU7UUFDNUUsMkVBQTJFO1FBQzNFLElBQUksVUFBVSxJQUFJLFFBQVEsQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUNyQyxJQUFJLE9BQStCLENBQUM7WUFDcEMsSUFBSSxDQUFDO2dCQUNILE9BQU8sR0FBRyxNQUFNLFFBQVEsQ0FBQyxTQUFTLENBQUMsdUJBQXVCLENBQUMsTUFBTSxFQUFFO29CQUNqRSxVQUFVLEVBQUUsSUFBSTtvQkFDaEIsZUFBZSxFQUFFLENBQUMsTUFBTSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUM7aUJBQzFDLENBQUMsQ0FBQztZQUNMLENBQUM7WUFBQyxPQUFPLEdBQVksRUFBRSxDQUFDO2dCQUN0QixPQUFPLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUUsbUNBQW1DLE1BQU0sS0FBTSxHQUFhLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQztZQUM3RyxDQUFDO1lBRUQsMkVBQTJFO1lBQzNFLDJFQUEyRTtZQUMzRSwyRUFBMkU7WUFDM0UsdUVBQXVFO1lBQ3ZFLG1FQUFtRTtZQUNuRSxJQUFJLENBQUM7Z0JBQ0gsTUFBTSxJQUFJLENBQUMsdUJBQXVCLENBQUMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxDQUFDO1lBQ3RELENBQUM7WUFBQyxPQUFPLEdBQVksRUFBRSxDQUFDO2dCQUN0QixzRUFBc0U7Z0JBQ3RFLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLHlEQUF5RCxNQUFNLEtBQU0sR0FBYSxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7WUFDbkgsQ0FBQztRQUNILENBQUM7UUFFRCw4RUFBOEU7UUFDOUUsUUFBUSxDQUFDLG9CQUFvQixDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUU3Qyx5Q0FBeUM7UUFDekMsb0VBQW9FO1FBQ3BFLHdFQUF3RTtRQUN4RSw2REFBNkQ7UUFDN0QsNERBQTREO1FBQzVELElBQUksQ0FBQztZQUNILElBQUksUUFBUSxDQUFDLGtCQUFrQixFQUFFLENBQUM7Z0JBQ2hDLE1BQU0sUUFBUSxDQUFDLGtCQUFrQixDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ2xELENBQUM7aUJBQU0sQ0FBQztnQkFDTixrRUFBa0U7Z0JBQ2xFLE1BQU0sVUFBVSxDQUFDLFlBQVksQ0FBQyxVQUFVLENBQUMsWUFBWSxDQUFDLFNBQVMsRUFBRSxDQUFDLENBQUM7WUFDckUsQ0FBQztZQUNELE9BQU8sRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLE9BQU8sRUFBRSxVQUFVLENBQUMsQ0FBQyxDQUFDLHlDQUF5QyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUMsb0RBQW9ELE1BQU0sR0FBRyxFQUFFLENBQUM7UUFDckssQ0FBQztRQUFDLE9BQU8sR0FBWSxFQUFFLENBQUM7WUFDdEIsT0FBTyxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUUsT0FBTyxFQUFHLEdBQWEsQ0FBQyxPQUFPLElBQUkseUNBQXlDLE1BQU0sRUFBRSxFQUFFLENBQUM7UUFDbEgsQ0FBQztJQUNILENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7OztPQWdCRztJQUNLLEtBQUssQ0FBQyx1QkFBdUIsQ0FDbkMsWUFBb0IsRUFDcEIsT0FBK0I7UUFFL0IsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUM7UUFDL0MsTUFBTSxVQUFVLEdBQUcsUUFBUSxDQUFDLFVBQVUsQ0FBQztRQUN2QyxJQUFJLENBQUMsVUFBVTtZQUFFLE9BQU87UUFFeEIsTUFBTSxZQUFZLEdBQUcsb0JBQW9CLENBQUMsWUFBWSxDQUFDLENBQUM7UUFDeEQsSUFBSSxDQUFDLFlBQVk7WUFBRSxPQUFPO1FBRTFCLDBEQUEwRDtRQUMxRCxNQUFNLFFBQVEsR0FBRyxJQUFJLEdBQUcsRUFBVSxDQUFDO1FBQ25DLEtBQUssTUFBTSxLQUFLLElBQUksVUFBVSxDQUFDLFlBQVksQ0FBQyxTQUFTLEVBQUUsRUFBRSxDQUFDO1lBQ3hELElBQUksQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLE9BQU87Z0JBQUUsU0FBUztZQUNuQyxNQUFNLFlBQVksR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDO2dCQUNyRCxDQUFDLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxPQUFPO2dCQUNyQixDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1lBQzFCLEtBQUssTUFBTSxXQUFXLElBQUksWUFBWSxFQUFFLENBQUM7Z0JBQ3ZDLElBQUksb0JBQW9CLENBQUMsV0FBVyxDQUFDLEtBQUssWUFBWSxFQUFFLENBQUM7b0JBQ3ZELFFBQVEsQ0FBQyxHQUFHLENBQUMsV0FBVyxDQUFDLENBQUM7Z0JBQzVCLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUVELElBQUksUUFBUSxDQUFDLElBQUksS0FBSyxDQUFDO1lBQUUsT0FBTztRQUVoQyw0REFBNEQ7UUFDNUQsNEVBQTRFO1FBQzVFLElBQUksVUFBVSxHQUFHLE9BQU8sQ0FBQyxVQUFVLENBQUM7UUFDcEMsSUFBSSxTQUE2QixDQUFDO1FBQ2xDLElBQUksT0FBTyxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQ3RCLElBQUksQ0FBQztnQkFDSCxNQUFNLElBQUksR0FBRyxJQUFJLE9BQU8sQ0FBQyxNQUFNLENBQUMsZUFBZSxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FBQztnQkFDbkUsVUFBVSxHQUFHLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQyxPQUFPLEVBQUUsQ0FBQztnQkFDOUMsU0FBUyxHQUFHLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNqRCxDQUFDO1lBQUMsTUFBTSxDQUFDLENBQUMsb0NBQW9DLENBQUMsQ0FBQztRQUNsRCxDQUFDO1FBRUQsd0RBQXdEO1FBQ3hELEtBQUssTUFBTSxXQUFXLElBQUksUUFBUSxFQUFFLENBQUM7WUFDbkMsSUFBSSxHQUFHLEdBQUcsTUFBTSxZQUFZLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBQ3ZELElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztnQkFDVCxHQUFHLEdBQUcsSUFBSSxZQUFZLEVBQUUsQ0FBQztnQkFDekIsR0FBRyxDQUFDLE1BQU0sR0FBRyxXQUFXLENBQUM7WUFDM0IsQ0FBQztZQUNELEdBQUcsQ0FBQyxTQUFTLEdBQUcsT0FBTyxDQUFDLFNBQVMsQ0FBQztZQUNsQyxHQUFHLENBQUMsVUFBVSxHQUFHLE9BQU8sQ0FBQyxVQUFVLENBQUM7WUFDcEMsR0FBRyxDQUFDLEVBQUUsR0FBRyxFQUFFLENBQUM7WUFDWixHQUFHLENBQUMsVUFBVSxHQUFHLFVBQVUsSUFBSSxDQUFDLENBQUM7WUFDakMsR0FBRyxDQUFDLFNBQVMsR0FBRyxTQUFTLElBQUksQ0FBQyxDQUFDO1lBQy9CLE1BQU0sR0FBRyxDQUFDLElBQUksRUFBRSxDQUFDO1lBRWpCLDREQUE0RDtZQUM1RCxRQUFRLENBQUMsb0JBQW9CLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQ3BELENBQUM7UUFFRCxNQUFNLENBQUMsR0FBRyxDQUNSLE1BQU0sRUFDTixxQ0FBcUMsWUFBWSxvQkFBb0IsWUFBWSxTQUFTLFFBQVEsQ0FBQyxJQUFJLDZCQUE2QixDQUFDLEdBQUcsUUFBUSxDQUFDLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQy9KLENBQUM7SUFDSixDQUFDO0lBRUQ7O09BRUc7SUFDSyxLQUFLLENBQUMsaUJBQWlCLENBQUMsTUFBYztRQUM1QyxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQztRQUMvQyxNQUFNLFdBQVcsR0FBRyxNQUFNLENBQUMsT0FBTyxDQUFDLFFBQVEsRUFBRSxFQUFFLENBQUMsQ0FBQztRQUNqRCxNQUFNLEtBQUssR0FBRyxXQUFXLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ3JDLE1BQU0sVUFBVSxHQUFHLEtBQUssQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxXQUFXLENBQUM7UUFFOUUsNkVBQTZFO1FBQzdFLE1BQU0sT0FBTyxHQUFHLE1BQU0sV0FBVyxDQUFDLFlBQVksQ0FBQyxVQUFVLENBQUM7ZUFDckQsQ0FBQyxVQUFVLEtBQUssV0FBVyxDQUFDLENBQUMsQ0FBQyxNQUFNLFdBQVcsQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ3ZGLElBQUksT0FBTyxFQUFFLENBQUM7WUFDWixNQUFNLE9BQU8sQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQUN6QixDQUFDO1FBRUQsNERBQTREO1FBQzVELEtBQUssTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsV0FBVyxDQUFDLEVBQUUsQ0FBQztZQUN0QyxNQUFNLFFBQVEsR0FBRyxNQUFNLFlBQVksQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDcEQsSUFBSSxRQUFRLEVBQUUsQ0FBQztnQkFDYixNQUFNLFFBQVEsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUMxQixDQUFDO1FBQ0gsQ0FBQztRQUVELGtDQUFrQztRQUNsQyxRQUFRLENBQUMsb0JBQW9CLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBRTdDLHFCQUFxQjtRQUNyQixJQUFJLFFBQVEsQ0FBQyxzQkFBc0IsRUFBRSxDQUFDO1lBQ3BDLE1BQU0sUUFBUSxDQUFDLHNCQUFzQixDQUFDLFlBQVksQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUM3RCxDQUFDO1FBRUQsT0FBTyxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsT0FBTyxFQUFFLGlDQUFpQyxNQUFNLEdBQUcsRUFBRSxDQUFDO0lBQ2hGLENBQUM7SUFFRDs7T0FFRztJQUNLLEtBQUssQ0FBQyxpQkFBaUIsQ0FBQyxNQUFjO1FBYTVDLE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQyxPQUFPLENBQUMsUUFBUSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBRWpELGdEQUFnRDtRQUNoRCxNQUFNLE9BQU8sR0FBRyxNQUFNLFdBQVcsQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLENBQUM7UUFDNUQsSUFBSSxPQUFPLElBQUksT0FBTyxDQUFDLFNBQVMsSUFBSSxPQUFPLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDdkQsT0FBTztnQkFDTCxPQUFPLEVBQUUsSUFBSTtnQkFDYixJQUFJLEVBQUU7b0JBQ0osRUFBRSxFQUFFLE9BQU8sQ0FBQyxFQUFFLElBQUksT0FBTyxDQUFDLE1BQU0sQ0FBQyxVQUFVLEVBQUU7b0JBQzdDLFVBQVUsRUFBRSxPQUFPLENBQUMsVUFBVSxJQUFJLE1BQU07b0JBQ3hDLE9BQU8sRUFBRSxPQUFPLENBQUMsT0FBTyxJQUFJLElBQUksQ0FBQyxHQUFHLEVBQUU7b0JBQ3RDLFVBQVUsRUFBRSxPQUFPLENBQUMsVUFBVSxJQUFJLENBQUM7b0JBQ25DLFVBQVUsRUFBRSxPQUFPLENBQUMsVUFBVTtvQkFDOUIsU0FBUyxFQUFFLE9BQU8sQ0FBQyxTQUFTO29CQUM1QixHQUFHLEVBQUUsT0FBTyxDQUFDLEdBQUcsSUFBSSxFQUFFO2lCQUN2QjthQUNGLENBQUM7UUFDSixDQUFDO1FBRUQscUVBQXFFO1FBQ3JFLElBQUksUUFBUSxHQUFHLE1BQU0sWUFBWSxDQUFDLFlBQVksQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUN2RCxJQUFJLENBQUMsUUFBUSxJQUFJLENBQUMsUUFBUSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQ3JDLFFBQVEsR0FBRyxNQUFNLFlBQVksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLENBQUM7UUFDMUQsQ0FBQztRQUVELElBQUksUUFBUSxJQUFJLFFBQVEsQ0FBQyxTQUFTLElBQUksUUFBUSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQzFELE9BQU87Z0JBQ0wsT0FBTyxFQUFFLElBQUk7Z0JBQ2IsSUFBSSxFQUFFO29CQUNKLEVBQUUsRUFBRSxPQUFPLENBQUMsTUFBTSxDQUFDLFVBQVUsRUFBRTtvQkFDL0IsVUFBVSxFQUFFLE1BQU07b0JBQ2xCLE9BQU8sRUFBRSxRQUFRLENBQUMsU0FBUyxJQUFJLElBQUksQ0FBQyxHQUFHLEVBQUU7b0JBQ3pDLFVBQVUsRUFBRSxRQUFRLENBQUMsVUFBVSxJQUFJLENBQUM7b0JBQ3BDLFVBQVUsRUFBRSxRQUFRLENBQUMsVUFBVTtvQkFDL0IsU0FBUyxFQUFFLFFBQVEsQ0FBQyxTQUFTO29CQUM3QixHQUFHLEVBQUUsRUFBRTtpQkFDUjthQUNGLENBQUM7UUFDSixDQUFDO1FBRUQsT0FBTyxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUUsT0FBTyxFQUFFLGtDQUFrQyxNQUFNLEdBQUcsRUFBRSxDQUFDO0lBQ2xGLENBQUM7SUFFRDs7T0FFRztJQUNLLEtBQUssQ0FBQyxpQkFBaUIsQ0FBQyxJQVEvQjtRQUNDLHVCQUF1QjtRQUN2QixJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLDZCQUE2QixDQUFDLEVBQUUsQ0FBQztZQUMvRSxPQUFPLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUUsMkRBQTJELEVBQUUsQ0FBQztRQUNsRyxDQUFDO1FBQ0QsSUFBSSxDQUFDLElBQUksQ0FBQyxVQUFVLElBQUksQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxZQUFZLENBQUMsRUFBRSxDQUFDO1lBQ2hFLE9BQU8sRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRSxvREFBb0QsRUFBRSxDQUFDO1FBQzNGLENBQUM7UUFFRCxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQztRQUMvQyxNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFMUQsNkNBQTZDO1FBQzdDLElBQUksT0FBTyxHQUFHLE1BQU0sV0FBVyxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUMxRCxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDYixPQUFPLEdBQUcsSUFBSSxXQUFXLEVBQUUsQ0FBQztZQUM1QixPQUFPLENBQUMsVUFBVSxHQUFHLFdBQVcsQ0FBQztRQUNuQyxDQUFDO1FBQ0QsT0FBTyxDQUFDLEVBQUUsR0FBRyxJQUFJLENBQUMsRUFBRSxDQUFDO1FBQ3JCLE9BQU8sQ0FBQyxPQUFPLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQztRQUMvQixPQUFPLENBQUMsVUFBVSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUM7UUFDckMsT0FBTyxDQUFDLFVBQVUsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDO1FBQ3JDLE9BQU8sQ0FBQyxTQUFTLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQztRQUNuQyxPQUFPLENBQUMsR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLElBQUksRUFBRSxDQUFDO1FBQzdCLE1BQU0sT0FBTyxDQUFDLElBQUksRUFBRSxDQUFDO1FBRXJCLGdEQUFnRDtRQUNoRCxJQUFJLFFBQVEsR0FBRyxNQUFNLFlBQVksQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBQ2hFLElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUNkLFFBQVEsR0FBRyxJQUFJLFlBQVksRUFBRSxDQUFDO1lBQzlCLFFBQVEsQ0FBQyxNQUFNLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQztRQUNwQyxDQUFDO1FBQ0QsUUFBUSxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDO1FBQ3BDLFFBQVEsQ0FBQyxVQUFVLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQztRQUN0QyxRQUFRLENBQUMsRUFBRSxHQUFHLEVBQUUsQ0FBQztRQUNqQixRQUFRLENBQUMsVUFBVSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUM7UUFDdEMsUUFBUSxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDO1FBQ2xDLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDO1FBRXRCLDhCQUE4QjtRQUM5QixRQUFRLENBQUMsb0JBQW9CLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxVQUFVLEVBQUU7WUFDakQsTUFBTSxFQUFFLE9BQU87WUFDZixNQUFNLEVBQUUsUUFBUTtZQUNoQixVQUFVLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUMsSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxDQUFDLFdBQVcsRUFBRSxDQUFDLENBQUMsQ0FBQyxTQUFTO1lBQ2pGLFFBQVEsRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxJQUFJLElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUMsV0FBVyxFQUFFLENBQUMsQ0FBQyxDQUFDLFNBQVM7WUFDekUsVUFBVSxFQUFFLEVBQUU7U0FDZixDQUFDLENBQUM7UUFFSCxPQUFPLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxPQUFPLEVBQUUsNkJBQTZCLElBQUksQ0FBQyxVQUFVLEdBQUcsRUFBRSxDQUFDO0lBQ3JGLENBQUM7Q0FDRiJ9
package/dist_ts_web/00_commitinfo_data.js CHANGED
@@ -3,7 +3,7 @@
3
3
  */
4
4
  export const commitinfo = {
5
5
  name: '@serve.zone/dcrouter',
6
- version: '13.1.1',
6
+ version: '13.1.3',
7
7
  description: 'A multifaceted routing service handling mail and SMS delivery functions.'
8
8
  };
9
9
  //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiMDBfY29tbWl0aW5mb19kYXRhLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vdHNfd2ViLzAwX2NvbW1pdGluZm9fZGF0YS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7R0FFRztBQUNILE1BQU0sQ0FBQyxNQUFNLFVBQVUsR0FBRztJQUN4QixJQUFJLEVBQUUsc0JBQXNCO0lBQzVCLE9BQU8sRUFBRSxRQUFRO0lBQ2pCLFdBQVcsRUFBRSwwRUFBMEU7Q0FDeEYsQ0FBQSJ9
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@serve.zone/dcrouter",
3
3
  "private": false,
4
- "version": "13.1.1",
4
+ "version": "13.1.3",
5
5
  "description": "A multifaceted routing service handling mail and SMS delivery functions.",
6
6
  "type": "module",
7
7
  "exports": {
@@ -62,7 +62,7 @@
62
62
  "@push.rocks/smartunique": "^3.0.9",
63
63
  "@push.rocks/smartvpn": "1.19.2",
64
64
  "@push.rocks/taskbuffer": "^8.0.2",
65
- "@serve.zone/catalog": "^2.12.0",
65
+ "@serve.zone/catalog": "^2.12.3",
66
66
  "@serve.zone/interfaces": "^5.3.0",
67
67
  "@serve.zone/remoteingress": "^4.15.3",
68
68
  "@tsclass/tsclass": "^9.5.0",
package/ts/00_commitinfo_data.ts CHANGED
@@ -3,6 +3,6 @@
3
3
  */
4
4
  export const commitinfo = {
5
5
  name: '@serve.zone/dcrouter',
6
- version: '13.1.1',
6
+ version: '13.1.3',
7
7
  description: 'A multifaceted routing service handling mail and SMS delivery functions.'
8
8
  }
package/ts/opsserver/handlers/certificate.handler.ts CHANGED
@@ -2,6 +2,28 @@ import * as plugins from '../../plugins.js';
2
2
  import type { OpsServer } from '../classes.opsserver.js';
3
3
  import * as interfaces from '../../../ts_interfaces/index.js';
4
4
  import { AcmeCertDoc, ProxyCertDoc } from '../../db/index.js';
5
+ import { logger } from '../../logger.js';
6
+
7
+ /**
8
+ * Mirrors `SmartacmeCertMatcher.getCertificateDomainNameByDomainName` from
9
+ * @push.rocks/smartacme. Inlined here because the original is `private` on
10
+ * SmartAcme. The cert identity ('task.vc' for both 'outline.task.vc' and
11
+ * '*.task.vc') is what AcmeCertDoc is keyed by, so two route domains with
12
+ * the same identity share the same underlying ACME cert.
13
+ *
14
+ * Returns undefined for domains with 4+ levels (matching smartacme's
15
+ * "deeper domains not supported" behavior) and for malformed inputs.
16
+ *
17
+ * Exported for unit testing.
18
+ */
19
+ export function deriveCertDomainName(domain: string): string | undefined {
20
+ if (domain.startsWith('*.')) {
21
+ return domain.slice(2);
22
+ }
23
+ const parts = domain.split('.');
24
+ if (parts.length < 2 || parts.length > 3) return undefined;
25
+ return parts.slice(-2).join('.');
26
+ }
5
27
 
6
28
  export class CertificateHandler {
7
29
  constructor(private opsServerRef: OpsServer) {
@@ -363,12 +385,34 @@ export class CertificateHandler {
363
385
 
364
386
  // If forceRenew, order a fresh cert from ACME now so it's already in
365
387
  // AcmeCertDoc by the time certProvisionFunction is invoked below.
388
+ //
389
+ // includeWildcard: when forcing a non-wildcard subdomain renewal, we still
390
+ // want the wildcard SAN in the order so the new cert keeps covering every
391
+ // sibling. Without this, smartacme defaults to includeWildcard: false and
392
+ // the re-issued cert would have only the base domain as SAN, breaking every
393
+ // sibling subdomain that was previously covered by the same wildcard cert.
366
394
  if (forceRenew && dcRouter.smartAcme) {
395
+ let newCert: plugins.smartacme.Cert;
367
396
  try {
368
- await dcRouter.smartAcme.getCertificateForDomain(domain, { forceRenew: true });
397
+ newCert = await dcRouter.smartAcme.getCertificateForDomain(domain, {
398
+ forceRenew: true,
399
+ includeWildcard: !domain.startsWith('*.'),
400
+ });
369
401
  } catch (err: unknown) {
370
402
  return { success: false, message: `Failed to renew certificate for ${domain}: ${(err as Error).message}` };
371
403
  }
404
+
405
+ // Propagate the freshly-issued cert PEM to every sibling route domain that
406
+ // shares the same cert identity. Without this, the rust hot-swap (keyed by
407
+ // exact domain in `loaded_certs`) only fires for the clicked route via the
408
+ // fire-and-forget cert provisioning path, leaving siblings serving the
409
+ // stale in-memory cert until the next background reload completes.
410
+ try {
411
+ await this.propagateCertToSiblings(domain, newCert);
412
+ } catch (err: unknown) {
413
+ // Best-effort: failure here doesn't undo the cert issuance, just log.
414
+ logger.log('warn', `Failed to propagate force-renewed cert to siblings of ${domain}: ${(err as Error).message}`);
415
+ }
372
416
  }
373
417
 
374
418
  // Clear status map entry so it gets refreshed by the certificate-issued event
@@ -392,6 +436,86 @@ export class CertificateHandler {
392
436
  }
393
437
  }
394
438
 
439
+ /**
440
+ * After a force-renew, walk every route in the smartproxy that resolves to
441
+ * the same cert identity as `forcedDomain` and write the freshly-issued cert
442
+ * PEM into ProxyCertDoc for each. This guarantees that the next applyRoutes
443
+ * → provisionCertificatesViaCallback iteration will hot-swap every sibling's
444
+ * rust loaded_certs entry with the new (correct) PEM, rather than relying on
445
+ * the in-memory cert returned by smartacme's per-domain cache.
446
+ *
447
+ * Why this is necessary:
448
+ * Rust's `loaded_certs` is a HashMap<domain, TlsCertConfig>. Each
449
+ * bridge.loadCertificate(domain, ...) only swaps that one entry. The
450
+ * fire-and-forget cert provisioning path triggered by updateRoutes does
451
+ * eventually iterate every auto-cert route, but it returns the cached
452
+ * (broken pre-fix) cert from smartacme's per-domain mutex. With this
453
+ * helper, ProxyCertDoc is updated synchronously to the correct PEM before
454
+ * applyRoutes runs, so even the transient window stays consistent.
455
+ */
456
+ private async propagateCertToSiblings(
457
+ forcedDomain: string,
458
+ newCert: plugins.smartacme.Cert,
459
+ ): Promise<void> {
460
+ const dcRouter = this.opsServerRef.dcRouterRef;
461
+ const smartProxy = dcRouter.smartProxy;
462
+ if (!smartProxy) return;
463
+
464
+ const certIdentity = deriveCertDomainName(forcedDomain);
465
+ if (!certIdentity) return;
466
+
467
+ // Collect every route domain whose cert identity matches.
468
+ const affected = new Set<string>();
469
+ for (const route of smartProxy.routeManager.getRoutes()) {
470
+ if (!route.match.domains) continue;
471
+ const routeDomains = Array.isArray(route.match.domains)
472
+ ? route.match.domains
473
+ : [route.match.domains];
474
+ for (const routeDomain of routeDomains) {
475
+ if (deriveCertDomainName(routeDomain) === certIdentity) {
476
+ affected.add(routeDomain);
477
+ }
478
+ }
479
+ }
480
+
481
+ if (affected.size === 0) return;
482
+
483
+ // Parse expiry from PEM (defense-in-depth — same pattern as
484
+ // ts/classes.dcrouter.ts:988-995 and the existing certStore.save callback).
485
+ let validUntil = newCert.validUntil;
486
+ let validFrom: number | undefined;
487
+ if (newCert.publicKey) {
488
+ try {
489
+ const x509 = new plugins.crypto.X509Certificate(newCert.publicKey);
490
+ validUntil = new Date(x509.validTo).getTime();
491
+ validFrom = new Date(x509.validFrom).getTime();
492
+ } catch { /* fall back to smartacme's value */ }
493
+ }
494
+
495
+ // Persist new cert PEM under each affected route domain
496
+ for (const routeDomain of affected) {
497
+ let doc = await ProxyCertDoc.findByDomain(routeDomain);
498
+ if (!doc) {
499
+ doc = new ProxyCertDoc();
500
+ doc.domain = routeDomain;
501
+ }
502
+ doc.publicKey = newCert.publicKey;
503
+ doc.privateKey = newCert.privateKey;
504
+ doc.ca = '';
505
+ doc.validUntil = validUntil || 0;
506
+ doc.validFrom = validFrom || 0;
507
+ await doc.save();
508
+
509
+ // Clear status so the next event refresh shows the new cert
510
+ dcRouter.certificateStatusMap.delete(routeDomain);
511
+ }
512
+
513
+ logger.log(
514
+ 'info',
515
+ `Propagated force-renewed cert for ${forcedDomain} (cert identity '${certIdentity}') to ${affected.size} sibling route domain(s): ${[...affected].join(', ')}`,
516
+ );
517
+ }
518
+
395
519
  /**
396
520
  * Delete certificate data for a domain from storage
397
521
  */
package/ts_web/00_commitinfo_data.ts CHANGED
@@ -3,6 +3,6 @@
3
3
  */
4
4
  export const commitinfo = {
5
5
  name: '@serve.zone/dcrouter',
6
- version: '13.1.1',
6
+ version: '13.1.3',
7
7
  description: 'A multifaceted routing service handling mail and SMS delivery functions.'
8
8
  }