@serve.zone/dcrouter 13.17.0 → 13.17.3

package/dist_ts/security/classes.ipreputationchecker.d.ts

@@ -0,0 +1,145 @@
+/**
+ * Reputation check result information
+ */
+export interface IReputationResult {
+    score: number;
+    isSpam: boolean;
+    isProxy: boolean;
+    isTor: boolean;
+    isVPN: boolean;
+    country?: string;
+    asn?: string;
+    org?: string;
+    blacklists?: string[];
+    timestamp: number;
+    error?: string;
+}
+/**
+ * Reputation threshold scores
+ */
+export declare enum ReputationThreshold {
+    HIGH_RISK = 20,// Score below this is considered high risk
+    MEDIUM_RISK = 50,// Score below this is considered medium risk
+    LOW_RISK = 80
+}
+/**
+ * IP type classifications
+ */
+export declare enum IPType {
+    RESIDENTIAL = "residential",
+    DATACENTER = "datacenter",
+    PROXY = "proxy",
+    TOR = "tor",
+    VPN = "vpn",
+    UNKNOWN = "unknown"
+}
+/**
+ * Options for the IP Reputation Checker
+ */
+export interface IIPReputationOptions {
+    maxCacheSize?: number;
+    cacheTTL?: number;
+    dnsblServers?: string[];
+    highRiskThreshold?: number;
+    mediumRiskThreshold?: number;
+    lowRiskThreshold?: number;
+    enableLocalCache?: boolean;
+    enableDNSBL?: boolean;
+    enableIPInfo?: boolean;
+}
+/**
+ * Class for checking IP reputation of inbound email senders
+ */
+export declare class IPReputationChecker {
+    private static instance;
+    private reputationCache;
+    private options;
+    private static readonly DEFAULT_DNSBL_SERVERS;
+    private static readonly DEFAULT_OPTIONS;
+    /**
+     * Constructor for IPReputationChecker
+     * @param options Configuration options
+     */
+    constructor(options?: IIPReputationOptions);
+    /**
+     * Get the singleton instance of the checker
+     * @param options Configuration options
+     * @returns Singleton instance
+     */
+    static getInstance(options?: IIPReputationOptions): IPReputationChecker;
+    /**
+     * Reset the singleton instance (for shutdown/testing)
+     */
+    static resetInstance(): void;
+    /**
+     * Check an IP address's reputation
+     * @param ip IP address to check
+     * @returns Reputation check result
+     */
+    checkReputation(ip: string): Promise<IReputationResult>;
+    /**
+     * Check an IP against DNS blacklists
+     * @param ip IP address to check
+     * @returns DNSBL check results
+     */
+    private checkDNSBL;
+    /**
+     * Get information about an IP address
+     * @param ip IP address to check
+     * @returns IP information
+     */
+    private getIPInfo;
+    /**
+     * Simplified method to determine country from IP
+     * In a real implementation, this would use a geolocation database or service
+     * @param ip IP address
+     * @returns Country code
+     */
+    private determineCountry;
+    /**
+     * Simplified method to determine organization from IP
+     * In a real implementation, this would use an IP-to-org database or service
+     * @param ip IP address
+     * @returns Organization name
+     */
+    private determineOrg;
+    /**
+     * Reverse an IP address for DNSBL lookups (e.g., 1.2.3.4 -> 4.3.2.1)
+     * @param ip IP address to reverse
+     * @returns Reversed IP for DNSBL queries
+     */
+    private reverseIP;
+    /**
+     * Create an error result for when reputation check fails
+     * @param ip IP address
+     * @param errorMessage Error message
+     * @returns Error result
+     */
+    private createErrorResult;
+    /**
+     * Validate IP address format
+     * @param ip IP address to validate
+     * @returns Whether the IP is valid
+     */
+    private isValidIPAddress;
+    /**
+     * Log reputation check to security logger
+     * @param ip IP address
+     * @param result Reputation result
+     */
+    private logReputationCheck;
+    /**
+     * Persist a single IP reputation result to the database via CachedIPReputation
+     */
+    private persistReputationToDb;
+    /**
+     * Load persisted reputations from CachedIPReputation documents into the in-memory LRU cache
+     */
+    private loadCacheFromDb;
+    /**
+     * Get the risk level for a reputation score
+     * @param score Reputation score (0-100)
+     * @returns Risk level description
+     */
+    static getRiskLevel(score: number): 'high' | 'medium' | 'low' | 'trusted';
+}

package/dist_ts/security/classes.ipreputationchecker.js

@@ -0,0 +1,458 @@
+import * as plugins from '../plugins.js';
+import { logger } from '../logger.js';
+import { SecurityLogger, SecurityLogLevel, SecurityEventType } from './classes.securitylogger.js';
+import { LRUCache } from 'lru-cache';
+import { CachedIPReputation } from '../db/documents/classes.cached.ip.reputation.js';
+/**
+ * Reputation threshold scores
+ */
+export var ReputationThreshold;
+(function (ReputationThreshold) {
+    ReputationThreshold[ReputationThreshold["HIGH_RISK"] = 20] = "HIGH_RISK";
+    ReputationThreshold[ReputationThreshold["MEDIUM_RISK"] = 50] = "MEDIUM_RISK";
+    ReputationThreshold[ReputationThreshold["LOW_RISK"] = 80] = "LOW_RISK"; // Score below this is considered low risk (but not trusted)
+})(ReputationThreshold || (ReputationThreshold = {}));
+/**
+ * IP type classifications
+ */
+export var IPType;
+(function (IPType) {
+    IPType["RESIDENTIAL"] = "residential";
+    IPType["DATACENTER"] = "datacenter";
+    IPType["PROXY"] = "proxy";
+    IPType["TOR"] = "tor";
+    IPType["VPN"] = "vpn";
+    IPType["UNKNOWN"] = "unknown";
+})(IPType || (IPType = {}));
+/**
+ * Class for checking IP reputation of inbound email senders
+ */
+export class IPReputationChecker {
+    static instance;
+    reputationCache;
+    options;
+    // Default DNSBL servers
+    static DEFAULT_DNSBL_SERVERS = [
+        'zen.spamhaus.org', // Spamhaus
+        'bl.spamcop.net', // SpamCop
+        'b.barracudacentral.org', // Barracuda
+        'spam.dnsbl.sorbs.net', // SORBS
+        'dnsbl.sorbs.net', // SORBS (expanded)
+        'cbl.abuseat.org', // Composite Blocking List
+        'xbl.spamhaus.org', // Spamhaus XBL
+        'pbl.spamhaus.org', // Spamhaus PBL
+        'dnsbl-1.uceprotect.net', // UCEPROTECT
+        'psbl.surriel.com' // PSBL
+    ];
+    // Default options
+    static DEFAULT_OPTIONS = {
+        maxCacheSize: 10000,
+        cacheTTL: 24 * 60 * 60 * 1000, // 24 hours
+        dnsblServers: IPReputationChecker.DEFAULT_DNSBL_SERVERS,
+        highRiskThreshold: ReputationThreshold.HIGH_RISK,
+        mediumRiskThreshold: ReputationThreshold.MEDIUM_RISK,
+        lowRiskThreshold: ReputationThreshold.LOW_RISK,
+        enableLocalCache: true,
+        enableDNSBL: true,
+        enableIPInfo: true
+    };
+    /**
+     * Constructor for IPReputationChecker
+     * @param options Configuration options
+     */
+    constructor(options = {}) {
+        // Merge with default options
+        this.options = {
+            ...IPReputationChecker.DEFAULT_OPTIONS,
+            ...options
+        };
+        // Initialize reputation cache
+        this.reputationCache = new LRUCache({
+            max: this.options.maxCacheSize,
+            ttl: this.options.cacheTTL, // Cache TTL
+        });
+        // Load persisted reputations into in-memory cache
+        if (this.options.enableLocalCache) {
+            this.loadCacheFromDb().catch((error) => {
+                logger.log('error', `Failed to load IP reputation cache during initialization: ${error.message}`);
+            });
+        }
+    }
+    /**
+     * Get the singleton instance of the checker
+     * @param options Configuration options
+     * @returns Singleton instance
+     */
+    static getInstance(options = {}) {
+        if (!IPReputationChecker.instance) {
+            IPReputationChecker.instance = new IPReputationChecker(options);
+        }
+        return IPReputationChecker.instance;
+    }
+    /**
+     * Reset the singleton instance (for shutdown/testing)
+     */
+    static resetInstance() {
+        IPReputationChecker.instance = undefined;
+    }
+    /**
+     * Check an IP address's reputation
+     * @param ip IP address to check
+     * @returns Reputation check result
+     */
+    async checkReputation(ip) {
+        try {
+            // Validate IP address format
+            if (!this.isValidIPAddress(ip)) {
+                logger.log('warn', `Invalid IP address format: ${ip}`);
+                return this.createErrorResult(ip, 'Invalid IP address format');
+            }
+            // Check in-memory LRU cache first (fast path)
+            const cachedResult = this.reputationCache.get(ip);
+            if (cachedResult) {
+                logger.log('info', `Using cached reputation data for IP ${ip}`, {
+                    score: cachedResult.score,
+                    isSpam: cachedResult.isSpam
+                });
+                return cachedResult;
+            }
+            // Initialize empty result
+            const result = {
+                score: 100, // Start with perfect score
+                isSpam: false,
+                isProxy: false,
+                isTor: false,
+                isVPN: false,
+                timestamp: Date.now()
+            };
+            // Check IP against DNS blacklists if enabled
+            if (this.options.enableDNSBL) {
+                const dnsblResult = await this.checkDNSBL(ip);
+                // Update result with DNSBL information
+                result.score -= dnsblResult.listCount * 10; // Subtract 10 points per blacklist
+                result.isSpam = dnsblResult.listCount > 0;
+                result.blacklists = dnsblResult.lists;
+            }
+            // Get additional IP information if enabled
+            if (this.options.enableIPInfo) {
+                const ipInfo = await this.getIPInfo(ip);
+                // Update result with IP info
+                result.country = ipInfo.country;
+                result.asn = ipInfo.asn;
+                result.org = ipInfo.org;
+                // Adjust score based on IP type
+                if (ipInfo.type === IPType.PROXY || ipInfo.type === IPType.TOR || ipInfo.type === IPType.VPN) {
+                    result.score -= 30; // Subtract 30 points for proxies, Tor, VPNs
+                    // Set proxy flags
+                    result.isProxy = ipInfo.type === IPType.PROXY;
+                    result.isTor = ipInfo.type === IPType.TOR;
+                    result.isVPN = ipInfo.type === IPType.VPN;
+                }
+            }
+            // Ensure score is between 0 and 100
+            result.score = Math.max(0, Math.min(100, result.score));
+            // Update in-memory LRU cache
+            this.reputationCache.set(ip, result);
+            // Persist to database if enabled (fire and forget)
+            if (this.options.enableLocalCache) {
+                this.persistReputationToDb(ip, result).catch((error) => {
+                    logger.log('error', `Failed to persist IP reputation for ${ip}: ${error.message}`);
+                });
+            }
+            // Log the reputation check
+            this.logReputationCheck(ip, result);
+            return result;
+        }
+        catch (error) {
+            logger.log('error', `Error checking IP reputation for ${ip}: ${error.message}`, {
+                ip,
+                stack: error.stack
+            });
+            return this.createErrorResult(ip, error.message);
+        }
+    }
+    /**
+     * Check an IP against DNS blacklists
+     * @param ip IP address to check
+     * @returns DNSBL check results
+     */
+    async checkDNSBL(ip) {
+        try {
+            // Reverse the IP for DNSBL queries
+            const reversedIP = this.reverseIP(ip);
+            const results = await Promise.allSettled(this.options.dnsblServers.map(async (server) => {
+                try {
+                    const lookupDomain = `${reversedIP}.${server}`;
+                    await plugins.dns.promises.resolve(lookupDomain);
+                    return server; // IP is listed in this DNSBL
+                }
+                catch (error) {
+                    if (error.code === 'ENOTFOUND') {
+                        return null; // IP is not listed in this DNSBL
+                    }
+                    throw error; // Other error
+                }
+            }));
+            // Extract successful lookups (listed in DNSBL)
+            const lists = results
+                .filter((result) => result.status === 'fulfilled' && result.value !== null)
+                .map(result => result.value);
+            return {
+                listCount: lists.length,
+                lists
+            };
+        }
+        catch (error) {
+            logger.log('error', `Error checking DNSBL for ${ip}: ${error.message}`);
+            return {
+                listCount: 0,
+                lists: []
+            };
+        }
+    }
+    /**
+     * Get information about an IP address
+     * @param ip IP address to check
+     * @returns IP information
+     */
+    async getIPInfo(ip) {
+        try {
+            // In a real implementation, this would use an IP data service API
+            // For this implementation, we'll use a simplified approach
+            // Check if it's a known Tor exit node (simplified)
+            const isTor = ip.startsWith('171.25.') || ip.startsWith('185.220.') || ip.startsWith('95.216.');
+            // Check if it's a known VPN (simplified)
+            const isVPN = ip.startsWith('185.156.') || ip.startsWith('37.120.');
+            // Check if it's a known proxy (simplified)
+            const isProxy = ip.startsWith('34.92.') || ip.startsWith('34.206.');
+            // Determine IP type
+            let type = IPType.UNKNOWN;
+            if (isTor) {
+                type = IPType.TOR;
+            }
+            else if (isVPN) {
+                type = IPType.VPN;
+            }
+            else if (isProxy) {
+                type = IPType.PROXY;
+            }
+            else {
+                // Simple datacenters detection (major cloud providers)
+                if (ip.startsWith('13.') || // AWS
+                    ip.startsWith('35.') || // Google Cloud
+                    ip.startsWith('52.') || // AWS
+                    ip.startsWith('34.') || // Google Cloud
+                    ip.startsWith('104.') // Various providers
+                ) {
+                    type = IPType.DATACENTER;
+                }
+                else {
+                    type = IPType.RESIDENTIAL;
+                }
+            }
+            // Return the information
+            return {
+                country: this.determineCountry(ip), // Simplified, would use geolocation service
+                asn: 'AS12345', // Simplified, would look up real ASN
+                org: this.determineOrg(ip), // Simplified, would use real org data
+                type
+            };
+        }
+        catch (error) {
+            logger.log('error', `Error getting IP info for ${ip}: ${error.message}`);
+            return {
+                type: IPType.UNKNOWN
+            };
+        }
+    }
+    /**
+     * Simplified method to determine country from IP
+     * In a real implementation, this would use a geolocation database or service
+     * @param ip IP address
+     * @returns Country code
+     */
+    determineCountry(ip) {
+        // Simplified mapping for demo purposes
+        if (ip.startsWith('13.') || ip.startsWith('52.'))
+            return 'US';
+        if (ip.startsWith('35.') || ip.startsWith('34.'))
+            return 'US';
+        if (ip.startsWith('185.'))
+            return 'NL';
+        if (ip.startsWith('171.'))
+            return 'DE';
+        return 'XX'; // Unknown
+    }
+    /**
+     * Simplified method to determine organization from IP
+     * In a real implementation, this would use an IP-to-org database or service
+     * @param ip IP address
+     * @returns Organization name
+     */
+    determineOrg(ip) {
+        // Simplified mapping for demo purposes
+        if (ip.startsWith('13.') || ip.startsWith('52.'))
+            return 'Amazon AWS';
+        if (ip.startsWith('35.') || ip.startsWith('34.'))
+            return 'Google Cloud';
+        if (ip.startsWith('185.156.'))
+            return 'NordVPN';
+        if (ip.startsWith('37.120.'))
+            return 'ExpressVPN';
+        if (ip.startsWith('185.220.'))
+            return 'Tor Exit Node';
+        return 'Unknown';
+    }
+    /**
+     * Reverse an IP address for DNSBL lookups (e.g., 1.2.3.4 -> 4.3.2.1)
+     * @param ip IP address to reverse
+     * @returns Reversed IP for DNSBL queries
+     */
+    reverseIP(ip) {
+        return ip.split('.').reverse().join('.');
+    }
+    /**
+     * Create an error result for when reputation check fails
+     * @param ip IP address
+     * @param errorMessage Error message
+     * @returns Error result
+     */
+    createErrorResult(ip, errorMessage) {
+        return {
+            score: 50, // Neutral score for errors
+            isSpam: false,
+            isProxy: false,
+            isTor: false,
+            isVPN: false,
+            timestamp: Date.now(),
+            error: errorMessage
+        };
+    }
+    /**
+     * Validate IP address format
+     * @param ip IP address to validate
+     * @returns Whether the IP is valid
+     */
+    isValidIPAddress(ip) {
+        // IPv4 regex pattern
+        const ipv4Pattern = /^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/;
+        return ipv4Pattern.test(ip);
+    }
+    /**
+     * Log reputation check to security logger
+     * @param ip IP address
+     * @param result Reputation result
+     */
+    logReputationCheck(ip, result) {
+        // Determine log level based on reputation score
+        let logLevel = SecurityLogLevel.INFO;
+        if (result.score < this.options.highRiskThreshold) {
+            logLevel = SecurityLogLevel.WARN;
+        }
+        else if (result.score < this.options.mediumRiskThreshold) {
+            logLevel = SecurityLogLevel.INFO;
+        }
+        // Log the check
+        SecurityLogger.getInstance().logEvent({
+            level: logLevel,
+            type: SecurityEventType.IP_REPUTATION,
+            message: `IP reputation check ${result.isSpam ? 'flagged spam' : 'completed'} for ${ip}`,
+            ipAddress: ip,
+            details: {
+                score: result.score,
+                isSpam: result.isSpam,
+                isProxy: result.isProxy,
+                isTor: result.isTor,
+                isVPN: result.isVPN,
+                country: result.country,
+                blacklists: result.blacklists
+            },
+            success: !result.isSpam
+        });
+    }
+    /**
+     * Persist a single IP reputation result to the database via CachedIPReputation
+     */
+    async persistReputationToDb(ip, result) {
+        try {
+            const data = {
+                score: result.score,
+                isSpam: result.isSpam,
+                isProxy: result.isProxy,
+                isTor: result.isTor,
+                isVPN: result.isVPN,
+                country: result.country,
+                asn: result.asn,
+                org: result.org,
+                blacklists: result.blacklists,
+            };
+            const existing = await CachedIPReputation.findByIP(ip);
+            if (existing) {
+                existing.updateReputation(data);
+                await existing.save();
+            }
+            else {
+                const doc = CachedIPReputation.fromReputationData(ip, data);
+                await doc.save();
+            }
+        }
+        catch (error) {
+            logger.log('error', `Failed to persist IP reputation for ${ip}: ${error.message}`);
+        }
+    }
+    /**
+     * Load persisted reputations from CachedIPReputation documents into the in-memory LRU cache
+     */
+    async loadCacheFromDb() {
+        try {
+            const docs = await CachedIPReputation.getInstances({});
+            let loadedCount = 0;
+            for (const doc of docs) {
+                // Skip expired documents
+                if (doc.isExpired()) {
+                    continue;
+                }
+                const result = {
+                    score: doc.score,
+                    isSpam: doc.isSpam,
+                    isProxy: doc.isProxy,
+                    isTor: doc.isTor,
+                    isVPN: doc.isVPN,
+                    country: doc.country || undefined,
+                    asn: doc.asn || undefined,
+                    org: doc.org || undefined,
+                    blacklists: doc.blacklists || [],
+                    timestamp: doc.lastAccessedAt?.getTime() ?? doc.createdAt?.getTime() ?? Date.now(),
+                };
+                this.reputationCache.set(doc.ipAddress, result);
+                loadedCount++;
+            }
+            if (loadedCount > 0) {
+                logger.log('info', `Loaded ${loadedCount} IP reputation cache entries from database`);
+            }
+        }
+        catch (error) {
+            logger.log('error', `Failed to load IP reputation cache from database: ${error.message}`);
+        }
+    }
+    /**
+     * Get the risk level for a reputation score
+     * @param score Reputation score (0-100)
+     * @returns Risk level description
+     */
+    static getRiskLevel(score) {
+        if (score < ReputationThreshold.HIGH_RISK) {
+            return 'high';
+        }
+        else if (score < ReputationThreshold.MEDIUM_RISK) {
+            return 'medium';
+        }
+        else if (score < ReputationThreshold.LOW_RISK) {
+            return 'low';
+        }
+        else {
+            return 'trusted';
+        }
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5pcHJlcHV0YXRpb25jaGVja2VyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vdHMvc2VjdXJpdHkvY2xhc3Nlcy5pcHJlcHV0YXRpb25jaGVja2VyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxPQUFPLE1BQU0sZUFBZSxDQUFDO0FBQ3pDLE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFDdEMsT0FBTyxFQUFFLGNBQWMsRUFBRSxnQkFBZ0IsRUFBRSxpQkFBaUIsRUFBRSxNQUFNLDZCQUE2QixDQUFDO0FBQ2xHLE9BQU8sRUFBRSxRQUFRLEVBQUUsTUFBTSxXQUFXLENBQUM7QUFDckMsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0saURBQWlELENBQUM7QUFtQnJGOztHQUVHO0FBQ0gsTUFBTSxDQUFOLElBQVksbUJBSVg7QUFKRCxXQUFZLG1CQUFtQjtJQUM3Qix3RUFBYyxDQUFBO0lBQ2QsNEVBQWdCLENBQUE7SUFDaEIsc0VBQWEsQ0FBQSxDQUFRLDREQUE0RDtBQUNuRixDQUFDLEVBSlcsbUJBQW1CLEtBQW5CLG1CQUFtQixRQUk5QjtBQUVEOztHQUVHO0FBQ0gsTUFBTSxDQUFOLElBQVksTUFPWDtBQVBELFdBQVksTUFBTTtJQUNoQixxQ0FBMkIsQ0FBQTtJQUMzQixtQ0FBeUIsQ0FBQTtJQUN6Qix5QkFBZSxDQUFBO0lBQ2YscUJBQVcsQ0FBQTtJQUNYLHFCQUFXLENBQUE7SUFDWCw2QkFBbUIsQ0FBQTtBQUNyQixDQUFDLEVBUFcsTUFBTSxLQUFOLE1BQU0sUUFPakI7QUFpQkQ7O0dBRUc7QUFDSCxNQUFNLE9BQU8sbUJBQW1CO0lBQ3RCLE1BQU0sQ0FBQyxRQUFRLENBQWtDO0lBQ2pELGVBQWUsQ0FBc0M7SUFDckQsT0FBTyxDQUFpQztJQUVoRCx3QkFBd0I7SUFDaEIsTUFBTSxDQUFVLHFCQUFxQixHQUFHO1FBQzlDLGtCQUFrQixFQUFVLFdBQVc7UUFDdkMsZ0JBQWdCLEVBQVksVUFBVTtRQUN0Qyx3QkFBd0IsRUFBSSxZQUFZO1FBQ3hDLHNCQUFzQixFQUFNLFFBQVE7UUFDcEMsaUJBQWlCLEVBQVcsbUJBQW1CO1FBQy9DLGlCQUFpQixFQUFXLDBCQUEwQjtRQUN0RCxrQkFBa0IsRUFBVSxlQUFlO1FBQzNDLGtCQUFrQixFQUFVLGVBQWU7UUFDM0Msd0JBQXdCLEVBQUksYUFBYTtRQUN6QyxrQkFBa0IsQ0FBVSxPQUFPO0tBQ3BDLENBQUM7SUFFRixrQkFBa0I7SUFDVixNQUFNLENBQVUsZUFBZSxHQUFtQztRQUN4RSxZQUFZLEVBQUUsS0FBSztRQUNuQixRQUFRLEVBQUUsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsSUFBSSxFQUFFLFdBQVc7UUFDMUMsWUFBWSxFQUFFLG1CQUFtQixDQUFDLHFCQUFxQjtRQUN2RCxpQkFBaUIsRUFBRSxtQkFBbUIsQ0FBQyxTQUFTO1FBQ2hELG1CQUFtQixFQUFFLG1CQUFtQixDQUFDLFdBQVc7UUFDcEQsZ0JBQWdCLEVBQUUsbUJBQW1CLENBQUMsUUFBUTtRQUM5QyxnQkFBZ0IsRUFBRSxJQUFJO1FBQ3RCLFdBQVcsRUFBRSxJQUFJO1FBQ2pCLFlBQVksRUFBRSxJQUFJO0tBQ25CLENBQUM7SUFFRjs7O09BR0c7SUFDSCxZQUFZLFVBQWdDLEVBQUU7UUFDNUMsNkJBQTZCO1FBQzdCLElBQUksQ0FBQyxPQUFPLEdBQUc7WUFDYixHQUFHLG1CQUFtQixDQUFDLGVBQWU7WUFDdEMsR0FBRyxPQUFPO1NBQ1gsQ0FBQztRQUVGLDhCQUE4QjtRQUM5QixJQUFJLENBQUMsZUFBZSxHQUFHLElBQUksUUFBUSxDQUE0QjtZQUM3RCxHQUFHLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxZQUFZO1lBQzlCLEdBQUcsRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsRUFBRSxZQUFZO1NBQ3pDLENBQUMsQ0FBQztRQUVILGtEQUFrRDtRQUNsRCxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztZQUNsQyxJQUFJLENBQUMsZUFBZSxFQUFFLENBQUMsS0FBSyxDQUFDLENBQUMsS0FBYyxFQUFFLEVBQUU7Z0JBQzlDLE1BQU0sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLDZEQUE4RCxLQUFlLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztZQUMvRyxDQUFDLENBQUMsQ0FBQztRQUNMLENBQUM7SUFDSCxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNJLE1BQU0sQ0FBQyxXQUFXLENBQUMsVUFBZ0MsRUFBRTtRQUMxRCxJQUFJLENBQUMsbUJBQW1CLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDbEMsbUJBQW1CLENBQUMsUUFBUSxHQUFHLElBQUksbUJBQW1CLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDbEUsQ0FBQztRQUNELE9BQU8sbUJBQW1CLENBQUMsUUFBUSxDQUFDO0lBQ3RDLENBQUM7SUFFRDs7T0FFRztJQUNJLE1BQU0sQ0FBQyxhQUFhO1FBQ3pCLG1CQUFtQixDQUFDLFFBQVEsR0FBRyxTQUFTLENBQUM7SUFDM0MsQ0FBQztJQUVEOzs7O09BSUc7SUFDSSxLQUFLLENBQUMsZUFBZSxDQUFDLEVBQVU7UUFDckMsSUFBSSxDQUFDO1lBQ0gsNkJBQTZCO1lBQzdCLElBQUksQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQztnQkFDL0IsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsOEJBQThCLEVBQUUsRUFBRSxDQUFDLENBQUM7Z0JBQ3ZELE9BQU8sSUFBSSxDQUFDLGlCQUFpQixDQUFDLEVBQUUsRUFBRSwyQkFBMkIsQ0FBQyxDQUFDO1lBQ2pFLENBQUM7WUFFRCw4Q0FBOEM7WUFDOUMsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDbEQsSUFBSSxZQUFZLEVBQUUsQ0FBQztnQkFDakIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsdUNBQXVDLEVBQUUsRUFBRSxFQUFFO29CQUM5RCxLQUFLLEVBQUUsWUFBWSxDQUFDLEtBQUs7b0JBQ3pCLE1BQU0sRUFBRSxZQUFZLENBQUMsTUFBTTtpQkFDNUIsQ0FBQyxDQUFDO2dCQUNILE9BQU8sWUFBWSxDQUFDO1lBQ3RCLENBQUM7WUFFRCwwQkFBMEI7WUFDMUIsTUFBTSxNQUFNLEdBQXNCO2dCQUNoQyxLQUFLLEVBQUUsR0FBRyxFQUFFLDJCQUEyQjtnQkFDdkMsTUFBTSxFQUFFLEtBQUs7Z0JBQ2IsT0FBTyxFQUFFLEtBQUs7Z0JBQ2QsS0FBSyxFQUFFLEtBQUs7Z0JBQ1osS0FBSyxFQUFFLEtBQUs7Z0JBQ1osU0FBUyxFQUFFLElBQUksQ0FBQyxHQUFHLEVBQUU7YUFDdEIsQ0FBQztZQUVGLDZDQUE2QztZQUM3QyxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsV0FBVyxFQUFFLENBQUM7Z0JBQzdCLE1BQU0sV0FBVyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxFQUFFLENBQUMsQ0FBQztnQkFFOUMsdUNBQXVDO2dCQUN2QyxNQUFNLENBQUMsS0FBSyxJQUFJLFdBQVcsQ0FBQyxTQUFTLEdBQUcsRUFBRSxDQUFDLENBQUMsbUNBQW1DO2dCQUMvRSxNQUFNLENBQUMsTUFBTSxHQUFHLFdBQVcsQ0FBQyxTQUFTLEdBQUcsQ0FBQyxDQUFDO2dCQUMxQyxNQUFNLENBQUMsVUFBVSxHQUFHLFdBQVcsQ0FBQyxLQUFLLENBQUM7WUFDeEMsQ0FBQztZQUVELDJDQUEyQztZQUMzQyxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxFQUFFLENBQUM7Z0JBQzlCLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUMsQ0FBQztnQkFFeEMsNkJBQTZCO2dCQUM3QixNQUFNLENBQUMsT0FBTyxHQUFHLE1BQU0sQ0FBQyxPQUFPLENBQUM7Z0JBQ2hDLE1BQU0sQ0FBQyxHQUFHLEdBQUcsTUFBTSxDQUFDLEdBQUcsQ0FBQztnQkFDeEIsTUFBTSxDQUFDLEdBQUcsR0FBRyxNQUFNLENBQUMsR0FBRyxDQUFDO2dCQUV4QixnQ0FBZ0M7Z0JBQ2hDLElBQUksTUFBTSxDQUFDLElBQUksS0FBSyxNQUFNLENBQUMsS0FBSyxJQUFJLE1BQU0sQ0FBQyxJQUFJLEtBQUssTUFBTSxDQUFDLEdBQUcsSUFBSSxNQUFNLENBQUMsSUFBSSxLQUFLLE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQztvQkFDN0YsTUFBTSxDQUFDLEtBQUssSUFBSSxFQUFFLENBQUMsQ0FBQyw0Q0FBNEM7b0JBRWhFLGtCQUFrQjtvQkFDbEIsTUFBTSxDQUFDLE9BQU8sR0FBRyxNQUFNLENBQUMsSUFBSSxLQUFLLE1BQU0sQ0FBQyxLQUFLLENBQUM7b0JBQzlDLE1BQU0sQ0FBQyxLQUFLLEdBQUcsTUFBTSxDQUFDLElBQUksS0FBSyxNQUFNLENBQUMsR0FBRyxDQUFDO29CQUMxQyxNQUFNLENBQUMsS0FBSyxHQUFHLE1BQU0sQ0FBQyxJQUFJLEtBQUssTUFBTSxDQUFDLEdBQUcsQ0FBQztnQkFDNUMsQ0FBQztZQUNILENBQUM7WUFFRCxvQ0FBb0M7WUFDcEMsTUFBTSxDQUFDLEtBQUssR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRSxJQUFJLENBQUMsR0FBRyxDQUFDLEdBQUcsRUFBRSxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztZQUV4RCw2QkFBNkI7WUFDN0IsSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLENBQUMsRUFBRSxFQUFFLE1BQU0sQ0FBQyxDQUFDO1lBRXJDLG1EQUFtRDtZQUNuRCxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztnQkFDbEMsSUFBSSxDQUFDLHFCQUFxQixDQUFDLEVBQUUsRUFBRSxNQUFNLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxLQUFjLEVBQUUsRUFBRTtvQkFDOUQsTUFBTSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsdUNBQXVDLEVBQUUsS0FBTSxLQUFlLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztnQkFDaEcsQ0FBQyxDQUFDLENBQUM7WUFDTCxDQUFDO1lBRUQsMkJBQTJCO1lBQzNCLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxFQUFFLEVBQUUsTUFBTSxDQUFDLENBQUM7WUFFcEMsT0FBTyxNQUFNLENBQUM7UUFDaEIsQ0FBQztRQUFDLE9BQU8sS0FBYyxFQUFFLENBQUM7WUFDeEIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsb0NBQW9DLEVBQUUsS0FBTSxLQUFlLENBQUMsT0FBTyxFQUFFLEVBQUU7Z0JBQ3pGLEVBQUU7Z0JBQ0YsS0FBSyxFQUFHLEtBQWUsQ0FBQyxLQUFLO2FBQzlCLENBQUMsQ0FBQztZQUVILE9BQU8sSUFBSSxDQUFDLGlCQUFpQixDQUFDLEVBQUUsRUFBRyxLQUFlLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDOUQsQ0FBQztJQUNILENBQUM7SUFFRDs7OztPQUlHO0lBQ0ssS0FBSyxDQUFDLFVBQVUsQ0FBQyxFQUFVO1FBSWpDLElBQUksQ0FBQztZQUNILG1DQUFtQztZQUNuQyxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBRXRDLE1BQU0sT0FBTyxHQUFHLE1BQU0sT0FBTyxDQUFDLFVBQVUsQ0FDdEMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLEtBQUssRUFBRSxNQUFNLEVBQUUsRUFBRTtnQkFDN0MsSUFBSSxDQUFDO29CQUNILE1BQU0sWUFBWSxHQUFHLEdBQUcsVUFBVSxJQUFJLE1BQU0sRUFBRSxDQUFDO29CQUMvQyxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUMsQ0FBQztvQkFDakQsT0FBTyxNQUFNLENBQUMsQ0FBQyw2QkFBNkI7Z0JBQzlDLENBQUM7Z0JBQUMsT0FBTyxLQUFjLEVBQUUsQ0FBQztvQkFDeEIsSUFBSyxLQUFhLENBQUMsSUFBSSxLQUFLLFdBQVcsRUFBRSxDQUFDO3dCQUN4QyxPQUFPLElBQUksQ0FBQyxDQUFDLGlDQUFpQztvQkFDaEQsQ0FBQztvQkFDRCxNQUFNLEtBQUssQ0FBQyxDQUFDLGNBQWM7Z0JBQzdCLENBQUM7WUFDSCxDQUFDLENBQUMsQ0FDSCxDQUFDO1lBRUYsK0NBQStDO1lBQy9DLE1BQU0sS0FBSyxHQUFHLE9BQU87aUJBQ2xCLE1BQU0sQ0FBQyxDQUFDLE1BQU0sRUFBNEMsRUFBRSxDQUMzRCxNQUFNLENBQUMsTUFBTSxLQUFLLFdBQVcsSUFBSSxNQUFNLENBQUMsS0FBSyxLQUFLLElBQUksQ0FDdkQ7aUJBQ0EsR0FBRyxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxDQUFDO1lBRS9CLE9BQU87Z0JBQ0wsU0FBUyxFQUFFLEtBQUssQ0FBQyxNQUFNO2dCQUN2QixLQUFLO2FBQ04sQ0FBQztRQUNKLENBQUM7UUFBQyxPQUFPLEtBQWMsRUFBRSxDQUFDO1lBQ3hCLE1BQU0sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLDRCQUE0QixFQUFFLEtBQU0sS0FBZSxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7WUFDbkYsT0FBTztnQkFDTCxTQUFTLEVBQUUsQ0FBQztnQkFDWixLQUFLLEVBQUUsRUFBRTthQUNWLENBQUM7UUFDSixDQUFDO0lBQ0gsQ0FBQztJQUVEOzs7O09BSUc7SUFDSyxLQUFLLENBQUMsU0FBUyxDQUFDLEVBQVU7UUFNaEMsSUFBSSxDQUFDO1lBQ0gsa0VBQWtFO1lBQ2xFLDJEQUEyRDtZQUUzRCxtREFBbUQ7WUFDbkQsTUFBTSxLQUFLLEdBQUcsRUFBRSxDQUFDLFVBQVUsQ0FBQyxTQUFTLENBQUMsSUFBSSxFQUFFLENBQUMsVUFBVSxDQUFDLFVBQVUsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxVQUFVLENBQUMsU0FBUyxDQUFDLENBQUM7WUFFaEcseUNBQXlDO1lBQ3pDLE1BQU0sS0FBSyxHQUFHLEVBQUUsQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLElBQUksRUFBRSxDQUFDLFVBQVUsQ0FBQyxTQUFTLENBQUMsQ0FBQztZQUVwRSwyQ0FBMkM7WUFDM0MsTUFBTSxPQUFPLEdBQUcsRUFBRSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBRXBFLG9CQUFvQjtZQUNwQixJQUFJLElBQUksR0FBRyxNQUFNLENBQUMsT0FBTyxDQUFDO1lBQzFCLElBQUksS0FBSyxFQUFFLENBQUM7Z0JBQ1YsSUFBSSxHQUFHLE1BQU0sQ0FBQyxHQUFHLENBQUM7WUFDcEIsQ0FBQztpQkFBTSxJQUFJLEtBQUssRUFBRSxDQUFDO2dCQUNqQixJQUFJLEdBQUcsTUFBTSxDQUFDLEdBQUcsQ0FBQztZQUNwQixDQUFDO2lCQUFNLElBQUksT0FBTyxFQUFFLENBQUM7Z0JBQ25CLElBQUksR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDO1lBQ3RCLENBQUM7aUJBQU0sQ0FBQztnQkFDTix1REFBdUQ7Z0JBQ3ZELElBQ0UsRUFBRSxDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQUMsSUFBSSxNQUFNO29CQUM5QixFQUFFLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxJQUFJLGVBQWU7b0JBQ3ZDLEVBQUUsQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLElBQUksTUFBTTtvQkFDOUIsRUFBRSxDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQUMsSUFBSSxlQUFlO29CQUN2QyxFQUFFLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDLG9CQUFvQjtrQkFDMUMsQ0FBQztvQkFDRCxJQUFJLEdBQUcsTUFBTSxDQUFDLFVBQVUsQ0FBQztnQkFDM0IsQ0FBQztxQkFBTSxDQUFDO29CQUNOLElBQUksR0FBRyxNQUFNLENBQUMsV0FBVyxDQUFDO2dCQUM1QixDQUFDO1lBQ0gsQ0FBQztZQUVELHlCQUF5QjtZQUN6QixPQUFPO2dCQUNMLE9BQU8sRUFBRSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsRUFBRSxDQUFDLEVBQUUsNENBQTRDO2dCQUNoRixHQUFHLEVBQUUsU0FBUyxFQUFFLHFDQUFxQztnQkFDckQsR0FBRyxFQUFFLElBQUksQ0FBQyxZQUFZLENBQUMsRUFBRSxDQUFDLEVBQUUsc0NBQXNDO2dCQUNsRSxJQUFJO2FBQ0wsQ0FBQztRQUNKLENBQUM7UUFBQyxPQUFPLEtBQWMsRUFBRSxDQUFDO1lBQ3hCLE1BQU0sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLDZCQUE2QixFQUFFLEtBQU0sS0FBZSxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7WUFDcEYsT0FBTztnQkFDTCxJQUFJLEVBQUUsTUFBTSxDQUFDLE9BQU87YUFDckIsQ0FBQztRQUNKLENBQUM7SUFDSCxDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSyxnQkFBZ0IsQ0FBQyxFQUFVO1FBQ2pDLHVDQUF1QztRQUN2QyxJQUFJLEVBQUUsQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLElBQUksRUFBRSxDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQUM7WUFBRSxPQUFPLElBQUksQ0FBQztRQUM5RCxJQUFJLEVBQUUsQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLElBQUksRUFBRSxDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQUM7WUFBRSxPQUFPLElBQUksQ0FBQztRQUM5RCxJQUFJLEVBQUUsQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDO1lBQUUsT0FBTyxJQUFJLENBQUM7UUFDdkMsSUFBSSxFQUFFLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQztZQUFFLE9BQU8sSUFBSSxDQUFDO1FBQ3ZDLE9BQU8sSUFBSSxDQUFDLENBQUMsVUFBVTtJQUN6QixDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSyxZQUFZLENBQUMsRUFBVTtRQUM3Qix1Q0FBdUM7UUFDdkMsSUFBSSxFQUFFLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxJQUFJLEVBQUUsQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDO1lBQUUsT0FBTyxZQUFZLENBQUM7UUFDdEUsSUFBSSxFQUFFLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxJQUFJLEVBQUUsQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDO1lBQUUsT0FBTyxjQUFjLENBQUM7UUFDeEUsSUFBSSxFQUFFLENBQUMsVUFBVSxDQUFDLFVBQVUsQ0FBQztZQUFFLE9BQU8sU0FBUyxDQUFDO1FBQ2hELElBQUksRUFBRSxDQUFDLFVBQVUsQ0FBQyxTQUFTLENBQUM7WUFBRSxPQUFPLFlBQVksQ0FBQztRQUNsRCxJQUFJLEVBQUUsQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDO1lBQUUsT0FBTyxlQUFlLENBQUM7UUFDdEQsT0FBTyxTQUFTLENBQUM7SUFDbkIsQ0FBQztJQUVEOzs7O09BSUc7SUFDSyxTQUFTLENBQUMsRUFBVTtRQUMxQixPQUFPLEVBQUUsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQzNDLENBQUM7SUFFRDs7Ozs7T0FLRztJQUNLLGlCQUFpQixDQUFDLEVBQVUsRUFBRSxZQUFvQjtRQUN4RCxPQUFPO1lBQ0wsS0FBSyxFQUFFLEVBQUUsRUFBRSwyQkFBMkI7WUFDdEMsTUFBTSxFQUFFLEtBQUs7WUFDYixPQUFPLEVBQUUsS0FBSztZQUNkLEtBQUssRUFBRSxLQUFLO1lBQ1osS0FBSyxFQUFFLEtBQUs7WUFDWixTQUFTLEVBQUUsSUFBSSxDQUFDLEdBQUcsRUFBRTtZQUNyQixLQUFLLEVBQUUsWUFBWTtTQUNwQixDQUFDO0lBQ0osQ0FBQztJQUVEOzs7O09BSUc7SUFDSyxnQkFBZ0IsQ0FBQyxFQUFVO1FBQ2pDLHFCQUFxQjtRQUNyQixNQUFNLFdBQVcsR0FBRyx1RkFBdUYsQ0FBQztRQUM1RyxPQUFPLFdBQVcsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDOUIsQ0FBQztJQUVEOzs7O09BSUc7SUFDSyxrQkFBa0IsQ0FBQyxFQUFVLEVBQUUsTUFBeUI7UUFDOUQsZ0RBQWdEO1FBQ2hELElBQUksUUFBUSxHQUFHLGdCQUFnQixDQUFDLElBQUksQ0FBQztRQUNyQyxJQUFJLE1BQU0sQ0FBQyxLQUFLLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO1lBQ2xELFFBQVEsR0FBRyxnQkFBZ0IsQ0FBQyxJQUFJLENBQUM7UUFDbkMsQ0FBQzthQUFNLElBQUksTUFBTSxDQUFDLEtBQUssR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFDM0QsUUFBUSxHQUFHLGdCQUFnQixDQUFDLElBQUksQ0FBQztRQUNuQyxDQUFDO1FBRUQsZ0JBQWdCO1FBQ2hCLGNBQWMsQ0FBQyxXQUFXLEVBQUUsQ0FBQyxRQUFRLENBQUM7WUFDcEMsS0FBSyxFQUFFLFFBQVE7WUFDZixJQUFJLEVBQUUsaUJBQWlCLENBQUMsYUFBYTtZQUNyQyxPQUFPLEVBQUUsdUJBQXVCLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLGNBQWMsQ0FBQyxDQUFDLENBQUMsV0FBVyxRQUFRLEVBQUUsRUFBRTtZQUN4RixTQUFTLEVBQUUsRUFBRTtZQUNiLE9BQU8sRUFBRTtnQkFDUCxLQUFLLEVBQUUsTUFBTSxDQUFDLEtBQUs7Z0JBQ25CLE1BQU0sRUFBRSxNQUFNLENBQUMsTUFBTTtnQkFDckIsT0FBTyxFQUFFLE1BQU0sQ0FBQyxPQUFPO2dCQUN2QixLQUFLLEVBQUUsTUFBTSxDQUFDLEtBQUs7Z0JBQ25CLEtBQUssRUFBRSxNQUFNLENBQUMsS0FBSztnQkFDbkIsT0FBTyxFQUFFLE1BQU0sQ0FBQyxPQUFPO2dCQUN2QixVQUFVLEVBQUUsTUFBTSxDQUFDLFVBQVU7YUFDOUI7WUFDRCxPQUFPLEVBQUUsQ0FBQyxNQUFNLENBQUMsTUFBTTtTQUN4QixDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQ7O09BRUc7SUFDSyxLQUFLLENBQUMscUJBQXFCLENBQUMsRUFBVSxFQUFFLE1BQXlCO1FBQ3ZFLElBQUksQ0FBQztZQUNILE1BQU0sSUFBSSxHQUFHO2dCQUNYLEtBQUssRUFBRSxNQUFNLENBQUMsS0FBSztnQkFDbkIsTUFBTSxFQUFFLE1BQU0sQ0FBQyxNQUFNO2dCQUNyQixPQUFPLEVBQUUsTUFBTSxDQUFDLE9BQU87Z0JBQ3ZCLEtBQUssRUFBRSxNQUFNLENBQUMsS0FBSztnQkFDbkIsS0FBSyxFQUFFLE1BQU0sQ0FBQyxLQUFLO2dCQUNuQixPQUFPLEVBQUUsTUFBTSxDQUFDLE9BQU87Z0JBQ3ZCLEdBQUcsRUFBRSxNQUFNLENBQUMsR0FBRztnQkFDZixHQUFHLEVBQUUsTUFBTSxDQUFDLEdBQUc7Z0JBQ2YsVUFBVSxFQUFFLE1BQU0sQ0FBQyxVQUFVO2FBQzlCLENBQUM7WUFFRixNQUFNLFFBQVEsR0FBRyxNQUFNLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUN2RCxJQUFJLFFBQVEsRUFBRSxDQUFDO2dCQUNiLFFBQVEsQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsQ0FBQztnQkFDaEMsTUFBTSxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDeEIsQ0FBQztpQkFBTSxDQUFDO2dCQUNOLE1BQU0sR0FBRyxHQUFHLGtCQUFrQixDQUFDLGtCQUFrQixDQUFDLEVBQUUsRUFBRSxJQUFJLENBQUMsQ0FBQztnQkFDNUQsTUFBTSxHQUFHLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDbkIsQ0FBQztRQUNILENBQUM7UUFBQyxPQUFPLEtBQWMsRUFBRSxDQUFDO1lBQ3hCLE1BQU0sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLHVDQUF1QyxFQUFFLEtBQU0sS0FBZSxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7UUFDaEcsQ0FBQztJQUNILENBQUM7SUFFRDs7T0FFRztJQUNLLEtBQUssQ0FBQyxlQUFlO1FBQzNCLElBQUksQ0FBQztZQUNILE1BQU0sSUFBSSxHQUFHLE1BQU0sa0JBQWtCLENBQUMsWUFBWSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBQ3ZELElBQUksV0FBVyxHQUFHLENBQUMsQ0FBQztZQUVwQixLQUFLLE1BQU0sR0FBRyxJQUFJLElBQUksRUFBRSxDQUFDO2dCQUN2Qix5QkFBeUI7Z0JBQ3pCLElBQUksR0FBRyxDQUFDLFNBQVMsRUFBRSxFQUFFLENBQUM7b0JBQ3BCLFNBQVM7Z0JBQ1gsQ0FBQztnQkFFRCxNQUFNLE1BQU0sR0FBc0I7b0JBQ2hDLEtBQUssRUFBRSxHQUFHLENBQUMsS0FBSztvQkFDaEIsTUFBTSxFQUFFLEdBQUcsQ0FBQyxNQUFNO29CQUNsQixPQUFPLEVBQUUsR0FBRyxDQUFDLE9BQU87b0JBQ3BCLEtBQUssRUFBRSxHQUFHLENBQUMsS0FBSztvQkFDaEIsS0FBSyxFQUFFLEdBQUcsQ0FBQyxLQUFLO29CQUNoQixPQUFPLEVBQUUsR0FBRyxDQUFDLE9BQU8sSUFBSSxTQUFTO29CQUNqQyxHQUFHLEVBQUUsR0FBRyxDQUFDLEdBQUcsSUFBSSxTQUFTO29CQUN6QixHQUFHLEVBQUUsR0FBRyxDQUFDLEdBQUcsSUFBSSxTQUFTO29CQUN6QixVQUFVLEVBQUUsR0FBRyxDQUFDLFVBQVUsSUFBSSxFQUFFO29CQUNoQyxTQUFTLEVBQUUsR0FBRyxDQUFDLGNBQWMsRUFBRSxPQUFPLEVBQUUsSUFBSSxHQUFHLENBQUMsU0FBUyxFQUFFLE9BQU8sRUFBRSxJQUFJLElBQUksQ0FBQyxHQUFHLEVBQUU7aUJBQ25GLENBQUM7Z0JBRUYsSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLFNBQVMsRUFBRSxNQUFNLENBQUMsQ0FBQztnQkFDaEQsV0FBVyxFQUFFLENBQUM7WUFDaEIsQ0FBQztZQUVELElBQUksV0FBVyxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUNwQixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxVQUFVLFdBQVcsNENBQTRDLENBQUMsQ0FBQztZQUN4RixDQUFDO1FBQ0gsQ0FBQztRQUFDLE9BQU8sS0FBYyxFQUFFLENBQUM7WUFDeEIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUscURBQXNELEtBQWUsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO1FBQ3ZHLENBQUM7SUFDSCxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNJLE1BQU0sQ0FBQyxZQUFZLENBQUMsS0FBYTtRQUN0QyxJQUFJLEtBQUssR0FBRyxtQkFBbUIsQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUMxQyxPQUFPLE1BQU0sQ0FBQztRQUNoQixDQUFDO2FBQU0sSUFBSSxLQUFLLEdBQUcsbUJBQW1CLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDbkQsT0FBTyxRQUFRLENBQUM7UUFDbEIsQ0FBQzthQUFNLElBQUksS0FBSyxHQUFHLG1CQUFtQixDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ2hELE9BQU8sS0FBSyxDQUFDO1FBQ2YsQ0FBQzthQUFNLENBQUM7WUFDTixPQUFPLFNBQVMsQ0FBQztRQUNuQixDQUFDO0lBQ0gsQ0FBQyJ9