nlcurl 0.6.0 → 0.7.0

package/dist/tls/stealth/tls12-handshake.js

@@ -0,0 +1,462 @@
+import { createHash, createHmac, createECDH, createVerify, X509Certificate, createCipheriv, createDecipheriv } from "node:crypto";
+import { rootCertificates } from "node:tls";
+import { BufferReader } from "../../utils/buffer-reader.js";
+import { BufferWriter } from "../../utils/buffer-writer.js";
+import { RecordType, HandshakeType, ProtocolVersion, AlertDescription, SignatureScheme } from "../constants.js";
+import { TLSError } from "../../core/errors.js";
+import { readRecord, writeRecord } from "./record-layer.js";
+import { verifyPinnedPublicKey } from "../pin-verification.js";
+function tls12CipherInfo(suite) {
+    switch (suite) {
+        case 0xc02f:
+            return { kx: "ECDHE", auth: "RSA", aead: "aes-128-gcm", hash: "sha256", keyLen: 16, ivLen: 4, isAEAD: true };
+        case 0xc030:
+            return { kx: "ECDHE", auth: "RSA", aead: "aes-256-gcm", hash: "sha384", keyLen: 32, ivLen: 4, isAEAD: true };
+        case 0xc02b:
+            return { kx: "ECDHE", auth: "ECDSA", aead: "aes-128-gcm", hash: "sha256", keyLen: 16, ivLen: 4, isAEAD: true };
+        case 0xc02c:
+            return { kx: "ECDHE", auth: "ECDSA", aead: "aes-256-gcm", hash: "sha384", keyLen: 32, ivLen: 4, isAEAD: true };
+        case 0xcca8:
+            return { kx: "ECDHE", auth: "RSA", aead: "chacha20-poly1305", hash: "sha256", keyLen: 32, ivLen: 12, isAEAD: true };
+        case 0xcca9:
+            return { kx: "ECDHE", auth: "ECDSA", aead: "chacha20-poly1305", hash: "sha256", keyLen: 32, ivLen: 12, isAEAD: true };
+        default:
+            return null;
+    }
+}
+function tls12CipherName(suite) {
+    switch (suite) {
+        case 0xc02f:
+            return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
+        case 0xc030:
+            return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
+        case 0xc02b:
+            return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
+        case 0xc02c:
+            return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
+        case 0xcca8:
+            return "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
+        case 0xcca9:
+            return "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
+        default:
+            return "unknown";
+    }
+}
+function pHash(alg, secret, seed, length) {
+    const result = Buffer.alloc(length);
+    let a = seed;
+    let offset = 0;
+    while (offset < length) {
+        a = Buffer.from(createHmac(alg, secret).update(a).digest());
+        const output = Buffer.from(createHmac(alg, secret)
+            .update(Buffer.concat([a, seed]))
+            .digest());
+        const toCopy = Math.min(output.length, length - offset);
+        output.copy(result, offset, 0, toCopy);
+        offset += toCopy;
+    }
+    return result;
+}
+function tls12PRF(alg, secret, label, seed, length) {
+    const labelBuf = Buffer.from(label, "ascii");
+    const fullSeed = Buffer.concat([labelBuf, seed]);
+    return pHash(alg, secret, fullSeed, length);
+}
+const CURVE_NIDS = {
+    0x0017: "prime256v1",
+    0x0018: "secp384r1",
+    0x0019: "secp521r1",
+};
+function parseServerKeyExchange(body) {
+    const r = new BufferReader(body);
+    const curveType = r.readUInt8();
+    if (curveType !== 3)
+        throw new TLSError("Expected named_curve in ServerKeyExchange");
+    const paramsStart = 0;
+    const curveId = r.readUInt16();
+    const pubLen = r.readUInt8();
+    const serverPublicKey = Buffer.from(r.readBytes(pubLen));
+    const signedParams = body.subarray(paramsStart, r.position);
+    const signatureScheme = r.readUInt16();
+    const sigLen = r.readUInt16();
+    const signature = Buffer.from(r.readBytes(sigLen));
+    return { curveId, serverPublicKey, signatureScheme, signature, signedParams };
+}
+function parseTLS12CertificateMessage(body) {
+    const r = new BufferReader(body);
+    const certs = [];
+    const listLen = (r.readUInt8() << 16) | (r.readUInt8() << 8) | r.readUInt8();
+    const listEnd = r.position + listLen;
+    while (r.position < listEnd) {
+        const certLen = (r.readUInt8() << 16) | (r.readUInt8() << 8) | r.readUInt8();
+        const certData = Buffer.from(r.readBytes(certLen));
+        certs.push(certData);
+    }
+    return certs;
+}
+function verifyCertificateChain(certs, hostname) {
+    if (certs.length === 0)
+        throw new TLSError("Server sent empty certificate chain");
+    const x509Certs = certs.map((der) => new X509Certificate(der));
+    const leafCert = x509Certs[0];
+    if (!leafCert.checkHost(hostname))
+        throw new TLSError(`Certificate hostname mismatch: expected ${hostname}`, AlertDescription.BAD_CERTIFICATE);
+    const now = new Date();
+    if (now < new Date(leafCert.validFrom) || now > new Date(leafCert.validTo))
+        throw new TLSError("Certificate has expired or is not yet valid", AlertDescription.CERTIFICATE_EXPIRED);
+    const trustedRoots = rootCertificates.map((pem) => new X509Certificate(pem));
+    for (let i = 0; i < x509Certs.length - 1; i++) {
+        const cert = x509Certs[i];
+        const issuer = x509Certs[i + 1];
+        if (!cert.checkIssued(issuer))
+            throw new TLSError("Certificate chain verification failed: issuer mismatch", AlertDescription.UNKNOWN_CA);
+    }
+    const topCert = x509Certs[x509Certs.length - 1];
+    const isTrusted = trustedRoots.some((root) => {
+        try {
+            return topCert.checkIssued(root) || topCert.fingerprint === root.fingerprint;
+        }
+        catch {
+            return false;
+        }
+    });
+    const leafTrusted = trustedRoots.some((root) => {
+        try {
+            return leafCert.fingerprint === root.fingerprint;
+        }
+        catch {
+            return false;
+        }
+    });
+    if (!isTrusted && !leafTrusted)
+        throw new TLSError("Certificate chain does not terminate at a trusted root CA", AlertDescription.UNKNOWN_CA);
+}
+function socketWrite(socket, data) {
+    return new Promise((resolve, reject) => {
+        socket.write(data, (err) => {
+            if (err)
+                reject(new TLSError(err.message));
+            else
+                resolve();
+        });
+    });
+}
+function readHandshakeRecord(socket) {
+    return new Promise((resolve, reject) => {
+        let buffer = Buffer.alloc(0);
+        let settled = false;
+        const onData = (chunk) => {
+            buffer = Buffer.concat([buffer, chunk]);
+            tryParse();
+        };
+        const onError = (err) => {
+            if (!settled) {
+                settled = true;
+                cleanup();
+                reject(new TLSError(err.message));
+            }
+        };
+        const onClose = () => {
+            if (!settled) {
+                settled = true;
+                cleanup();
+                reject(new TLSError("Connection closed during handshake"));
+            }
+        };
+        const cleanup = () => {
+            socket.removeListener("data", onData);
+            socket.removeListener("error", onError);
+            socket.removeListener("close", onClose);
+        };
+        const tryParse = () => {
+            const result = readRecord(buffer, 0);
+            if (result) {
+                settled = true;
+                cleanup();
+                if (result.bytesRead < buffer.length)
+                    socket.unshift(buffer.subarray(result.bytesRead));
+                resolve(result.record);
+            }
+        };
+        socket.on("data", onData);
+        socket.once("error", onError);
+        socket.once("close", onClose);
+        tryParse();
+    });
+}
+const AEAD_TAG_SIZE = 16;
+function buildGCMNonce(implicitIV, explicitNonce) {
+    return Buffer.concat([implicitIV, explicitNonce]);
+}
+function buildChaCha20Nonce(iv, seqNum) {
+    const nonce = Buffer.from(iv);
+    const seqBuf = Buffer.alloc(8);
+    seqBuf.writeBigUInt64BE(seqNum);
+    for (let i = 0; i < 8; i++) {
+        nonce[nonce.length - 8 + i] ^= seqBuf[i];
+    }
+    return nonce;
+}
+function buildTLS12AAD(seqNum, contentType, version, length) {
+    const aad = Buffer.alloc(13);
+    aad.writeBigUInt64BE(seqNum, 0);
+    aad[8] = contentType;
+    aad.writeUInt16BE(version, 9);
+    aad.writeUInt16BE(length, 11);
+    return aad;
+}
+function createTLS12RecordCrypto(aead, key, iv) {
+    const isChaCha = aead === "chacha20-poly1305";
+    return {
+        encrypt(seqNum, contentType, plaintext) {
+            let nonce;
+            let prefix;
+            if (isChaCha) {
+                nonce = buildChaCha20Nonce(iv, seqNum);
+                prefix = Buffer.alloc(0);
+            }
+            else {
+                const explicitNonce = Buffer.alloc(8);
+                explicitNonce.writeBigUInt64BE(seqNum);
+                nonce = buildGCMNonce(iv, explicitNonce);
+                prefix = explicitNonce;
+            }
+            const aad = buildTLS12AAD(seqNum, contentType, ProtocolVersion.TLS_1_2, plaintext.length);
+            const cipher = createCipheriv(aead, key, nonce, { authTagLength: AEAD_TAG_SIZE });
+            cipher.setAAD(aad);
+            const encrypted = cipher.update(plaintext);
+            const final = cipher.final();
+            const tag = cipher.getAuthTag();
+            return Buffer.concat([prefix, encrypted, final, tag]);
+        },
+        decrypt(seqNum, contentType, ciphertext) {
+            let nonce;
+            let encData;
+            if (isChaCha) {
+                nonce = buildChaCha20Nonce(iv, seqNum);
+                encData = ciphertext;
+            }
+            else {
+                if (ciphertext.length < 8 + AEAD_TAG_SIZE)
+                    throw new TLSError("TLS 1.2 record too short for GCM");
+                const explicitNonce = ciphertext.subarray(0, 8);
+                nonce = buildGCMNonce(iv, explicitNonce);
+                encData = ciphertext.subarray(8);
+            }
+            if (encData.length < AEAD_TAG_SIZE)
+                throw new TLSError("TLS 1.2 record too short for AEAD tag");
+            const encryptedData = encData.subarray(0, encData.length - AEAD_TAG_SIZE);
+            const tag = encData.subarray(encData.length - AEAD_TAG_SIZE);
+            const plaintextLen = encryptedData.length;
+            const aad = buildTLS12AAD(seqNum, contentType, ProtocolVersion.TLS_1_2, plaintextLen);
+            const decipher = createDecipheriv(aead, key, nonce, { authTagLength: AEAD_TAG_SIZE });
+            decipher.setAAD(aad);
+            decipher.setAuthTag(tag);
+            try {
+                const decrypted = decipher.update(encryptedData);
+                const final = decipher.final();
+                return Buffer.concat([decrypted, final]);
+            }
+            catch {
+                throw new TLSError("TLS 1.2 AEAD decryption failed");
+            }
+        },
+    };
+}
+function verifyServerKeyExchange(params, serverPublicKeyObj, clientRandom, serverRandom) {
+    const sigAlg = signatureAlgorithmForScheme(params.signatureScheme);
+    if (!sigAlg)
+        throw new TLSError(`Unsupported signature scheme in ServerKeyExchange: 0x${params.signatureScheme.toString(16)}`);
+    const signedData = Buffer.concat([clientRandom, serverRandom, params.signedParams]);
+    const verifier = createVerify(sigAlg.algorithm || "SHA256");
+    verifier.update(signedData);
+    const verifyOptions = { key: serverPublicKeyObj };
+    if (sigAlg.padding !== undefined) {
+        verifyOptions.padding = sigAlg.padding;
+        verifyOptions.saltLength = sigAlg.saltLength;
+    }
+    if (!verifier.verify(verifyOptions, params.signature)) {
+        throw new TLSError("ServerKeyExchange signature verification failed");
+    }
+}
+function signatureAlgorithmForScheme(scheme) {
+    switch (scheme) {
+        case SignatureScheme.ECDSA_SECP256R1_SHA256:
+            return { algorithm: "SHA256" };
+        case SignatureScheme.ECDSA_SECP384R1_SHA384:
+            return { algorithm: "SHA384" };
+        case SignatureScheme.ECDSA_SECP521R1_SHA512:
+            return { algorithm: "SHA512" };
+        case SignatureScheme.RSA_PSS_RSAE_SHA256:
+        case SignatureScheme.RSA_PSS_PSS_SHA256:
+            return { algorithm: "SHA256", padding: 6, saltLength: 32 };
+        case SignatureScheme.RSA_PSS_RSAE_SHA384:
+        case SignatureScheme.RSA_PSS_PSS_SHA384:
+            return { algorithm: "SHA384", padding: 6, saltLength: 48 };
+        case SignatureScheme.RSA_PSS_RSAE_SHA512:
+        case SignatureScheme.RSA_PSS_PSS_SHA512:
+            return { algorithm: "SHA512", padding: 6, saltLength: 64 };
+        case SignatureScheme.RSA_PKCS1_SHA256:
+            return { algorithm: "SHA256" };
+        case SignatureScheme.RSA_PKCS1_SHA384:
+            return { algorithm: "SHA384" };
+        case SignatureScheme.RSA_PKCS1_SHA512:
+            return { algorithm: "SHA512" };
+        case SignatureScheme.RSA_PKCS1_SHA1:
+            return { algorithm: "SHA1" };
+        default:
+            return null;
+    }
+}
+export async function performTLS12Handshake(socket, ctx, handshakeMessages) {
+    const info = tls12CipherInfo(ctx.cipherSuite);
+    if (!info)
+        throw new TLSError(`Unsupported TLS 1.2 cipher suite: 0x${ctx.cipherSuite.toString(16)}`);
+    const prfAlg = info.hash;
+    let serverCertificates = [];
+    let serverPublicKeyObj = null;
+    let ecdhParams = null;
+    let gotServerHelloDone = false;
+    const allHandshakeMessages = [...handshakeMessages];
+    while (!gotServerHelloDone) {
+        const record = await readHandshakeRecord(socket);
+        if (record.type === RecordType.ALERT) {
+            const desc = record.fragment.length >= 2 ? record.fragment[1] : 0;
+            throw new TLSError(`Server alert during TLS 1.2 handshake: ${desc}`, desc);
+        }
+        if (record.type !== RecordType.HANDSHAKE) {
+            throw new TLSError(`Unexpected record type in TLS 1.2 handshake: ${record.type}`);
+        }
+        let offset = 0;
+        while (offset < record.fragment.length) {
+            if (record.fragment.length - offset < 4)
+                break;
+            const msgType = record.fragment[offset];
+            const msgLen = (record.fragment[offset + 1] << 16) | (record.fragment[offset + 2] << 8) | record.fragment[offset + 3];
+            const msgEnd = offset + 4 + msgLen;
+            if (msgEnd > record.fragment.length)
+                break;
+            const fullMsg = record.fragment.subarray(offset, msgEnd);
+            allHandshakeMessages.push(Buffer.from(fullMsg));
+            const msgBody = record.fragment.subarray(offset + 4, msgEnd);
+            switch (msgType) {
+                case HandshakeType.CERTIFICATE: {
+                    serverCertificates = parseTLS12CertificateMessage(msgBody);
+                    if (serverCertificates.length > 0) {
+                        const x509 = new X509Certificate(serverCertificates[0]);
+                        serverPublicKeyObj = x509.publicKey;
+                    }
+                    if (!ctx.insecure) {
+                        verifyCertificateChain(serverCertificates, ctx.hostname);
+                    }
+                    if (ctx.pinnedPublicKey && serverCertificates.length > 0) {
+                        verifyPinnedPublicKey(serverCertificates[0], ctx.pinnedPublicKey);
+                    }
+                    break;
+                }
+                case 12: {
+                    ecdhParams = parseServerKeyExchange(msgBody);
+                    if (!ctx.insecure && serverPublicKeyObj) {
+                        verifyServerKeyExchange(ecdhParams, serverPublicKeyObj, ctx.clientRandom, ctx.serverRandom);
+                    }
+                    break;
+                }
+                case 14: {
+                    gotServerHelloDone = true;
+                    break;
+                }
+                default:
+                    break;
+            }
+            offset = msgEnd;
+        }
+    }
+    if (!ecdhParams)
+        throw new TLSError("Server did not send ServerKeyExchange");
+    const curveName = CURVE_NIDS[ecdhParams.curveId];
+    if (!curveName)
+        throw new TLSError(`Unsupported curve in ServerKeyExchange: 0x${ecdhParams.curveId.toString(16)}`);
+    const ecdh = createECDH(curveName);
+    ecdh.generateKeys();
+    const clientPubKey = Buffer.from(ecdh.getPublicKey());
+    const preMasterSecret = Buffer.from(ecdh.computeSecret(ecdhParams.serverPublicKey));
+    const ckeBody = new BufferWriter(1 + clientPubKey.length);
+    ckeBody.writeUInt8(clientPubKey.length);
+    ckeBody.writeBytes(clientPubKey);
+    const ckeMsg = wrapHandshakeMessage(16, ckeBody.toBuffer());
+    allHandshakeMessages.push(ckeMsg);
+    const ckeRecord = writeRecord(RecordType.HANDSHAKE, ProtocolVersion.TLS_1_2, ckeMsg);
+    await socketWrite(socket, ckeRecord);
+    const seed = Buffer.concat([ctx.clientRandom, ctx.serverRandom]);
+    const masterSecret = tls12PRF(prfAlg, preMasterSecret, "master secret", seed, 48);
+    const keyBlockLen = (info.keyLen + info.ivLen) * 2;
+    const keySeed = Buffer.concat([ctx.serverRandom, ctx.clientRandom]);
+    const keyBlock = tls12PRF(prfAlg, masterSecret, "key expansion", keySeed, keyBlockLen);
+    let kbOffset = 0;
+    const clientWriteKey = keyBlock.subarray(kbOffset, kbOffset + info.keyLen);
+    kbOffset += info.keyLen;
+    const serverWriteKey = keyBlock.subarray(kbOffset, kbOffset + info.keyLen);
+    kbOffset += info.keyLen;
+    const clientWriteIV = keyBlock.subarray(kbOffset, kbOffset + info.ivLen);
+    kbOffset += info.ivLen;
+    const serverWriteIV = keyBlock.subarray(kbOffset, kbOffset + info.ivLen);
+    const ccsRecord = writeRecord(RecordType.CHANGE_CIPHER_SPEC, ProtocolVersion.TLS_1_2, Buffer.from([1]));
+    await socketWrite(socket, ccsRecord);
+    const clientCrypto = createTLS12RecordCrypto(info.aead, clientWriteKey, clientWriteIV);
+    const transcriptForFinished = Buffer.concat(allHandshakeMessages);
+    const transcriptHash = createHash(prfAlg).update(transcriptForFinished).digest();
+    const clientVerifyData = tls12PRF(prfAlg, masterSecret, "client finished", transcriptHash, 12);
+    const finishedMsg = wrapHandshakeMessage(HandshakeType.FINISHED, clientVerifyData);
+    allHandshakeMessages.push(finishedMsg);
+    const encryptedFinished = clientCrypto.encrypt(0n, RecordType.HANDSHAKE, finishedMsg);
+    const finishedRecord = writeRecord(RecordType.APPLICATION_DATA, ProtocolVersion.TLS_1_2, encryptedFinished);
+    await socketWrite(socket, finishedRecord);
+    let serverSeq = 0n;
+    const serverCrypto = createTLS12RecordCrypto(info.aead, serverWriteKey, serverWriteIV);
+    let gotServerFinished = false;
+    while (!gotServerFinished) {
+        const record = await readHandshakeRecord(socket);
+        if (record.type === RecordType.CHANGE_CIPHER_SPEC) {
+            continue;
+        }
+        if (record.type === RecordType.ALERT) {
+            const desc = record.fragment.length >= 2 ? record.fragment[1] : 0;
+            throw new TLSError(`Server alert: ${desc}`, desc);
+        }
+        if (record.type === RecordType.APPLICATION_DATA) {
+            const plaintext = serverCrypto.decrypt(serverSeq++, RecordType.HANDSHAKE, record.fragment);
+            if (plaintext.length < 4)
+                throw new TLSError("Malformed server Finished");
+            const msgType = plaintext[0];
+            if (msgType !== HandshakeType.FINISHED)
+                throw new TLSError("Expected server Finished");
+            const serverVerifyData = plaintext.subarray(4);
+            const serverTranscriptHash = createHash(prfAlg).update(Buffer.concat(allHandshakeMessages)).digest();
+            const expectedServerVerify = tls12PRF(prfAlg, masterSecret, "server finished", serverTranscriptHash, 12);
+            if (!serverVerifyData.equals(expectedServerVerify)) {
+                throw new TLSError("Server Finished verify_data mismatch");
+            }
+            gotServerFinished = true;
+        }
+    }
+    return {
+        alpnProtocol: null,
+        cipher: tls12CipherName(ctx.cipherSuite),
+        version: "TLSv1.2",
+        clientKey: Buffer.from(clientWriteKey),
+        clientIV: Buffer.from(clientWriteIV),
+        serverKey: Buffer.from(serverWriteKey),
+        serverIV: Buffer.from(serverWriteIV),
+        aead: info.aead,
+    };
+}
+function wrapHandshakeMessage(type, body) {
+    const msg = Buffer.alloc(4 + body.length);
+    msg[0] = type;
+    msg[1] = (body.length >> 16) & 0xff;
+    msg[2] = (body.length >> 8) & 0xff;
+    msg[3] = body.length & 0xff;
+    body.copy(msg, 4);
+    return msg;
+}
+//# sourceMappingURL=tls12-handshake.js.map

package/dist/tls/stealth/tls12-handshake.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tls12-handshake.js","sourceRoot":"","sources":["../../../src/tls/stealth/tls12-handshake.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,YAAY,EAAE,eAAe,EAAE,cAAc,EAAE,gBAAgB,EAAuB,MAAM,aAAa,CAAC;AACvJ,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAE5C,OAAO,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AAC5D,OAAO,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,eAAe,EAAc,gBAAgB,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAC5H,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,UAAU,EAAE,WAAW,EAAkB,MAAM,mBAAmB,CAAC;AAI5E,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAY/D,SAAS,eAAe,CAAC,KAAa;IACpC,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,MAAM;YACT,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;QAC/G,KAAK,MAAM;YACT,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;QAC/G,KAAK,MAAM;YACT,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;QACjH,KAAK,MAAM;YACT,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;QACjH,KAAK,MAAM;YACT,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;QACtH,KAAK,MAAM;YACT,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;QACxH;YACE,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,KAAa;IACpC,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,MAAM;YACT,OAAO,uCAAuC,CAAC;QACjD,KAAK,MAAM;YACT,OAAO,uCAAuC,CAAC;QACjD,KAAK,MAAM;YACT,OAAO,yCAAyC,CAAC;QACnD,KAAK,MAAM;YACT,OAAO,yCAAyC,CAAC;QACnD,KAAK,MAAM;YACT,OAAO,6CAA6C,CAAC;QACvD,KAAK,MAAM;YACT,OAAO,+CAA+C,CAAC;QACzD;YACE,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC;AAED,SAAS,KAAK,CAAC,GAAW,EAAE,MAAc,EAAE,IAAY,EAAE,MAAc;IACtE,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACpC,IAAI,CAAC,GAAG,IAAI,CAAC;IACb,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,OAAO,MAAM,GAAG,MAAM,EAAE,CAAC;QACvB,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CACxB,UAAU,CAAC,GAAG,EAAE,MAAM,CAAC;aACpB,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;aAChC,MAAM,EAAE,CACZ,CAAC;QACF,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,CAAC;QACxD,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC;QACvC,MAAM,IAAI,MAAM,CAAC;IACnB,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,QAAQ,CAAC,GAAwB,EAAE,MAAc,EAAE,KAAa,EAAE,IAAY,EAAE,MAAc;IACrG,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC;IACjD,OAAO,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,GAA2B;IACzC,MAAM,EAAE,YAAY;IACpB,MAAM,EAAE,WAAW;IACnB,MAAM,EAAE,WAAW;CACpB,CAAC;AAWF,SAAS,sBAAsB,CAAC,IAAY;IAC1C,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,SAAS,GAAG,CAAC,CAAC,SAAS,EAAE,CAAC;IAChC,IAAI,SAAS,KAAK,CAAC;QAAE,MAAM,IAAI,QAAQ,CAAC,2CAA2C,CAAC,CAAC;IACrF,MAAM,WAAW,GAAG,CAAC,CAAC;IACtB,MAAM,OAAO,GAAG,CAAC,CAAC,UAAU,EAAE,CAAC;IAC/B,MAAM,MAAM,GAAG,CAAC,CAAC,SAAS,EAAE,CAAC;IAC7B,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IACzD,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IAE5D,MAAM,eAAe,GAAG,CAAC,CAAC,UAAU,EAAE,CAAC;IACvC,MAAM,MAAM,GAAG,CAAC,CAAC,UAAU,EAAE,CAAC;IAC9B,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAEnD,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,SAAS,EAAE,YAAY,EAAE,CAAC;AAChF,CAAC;AAED,SAAS,4BAA4B,CAAC,IAAY;IAChD,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,OAAO,GAAG,CAAC,CAAC,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,CAAC;IAC7E,MAAM,OAAO,GAAG,CAAC,CAAC,QAAQ,GAAG,OAAO,CAAC;IACrC,OAAO,CAAC,CAAC,QAAQ,GAAG,OAAO,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,CAAC,CAAC,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,CAAC;QAC7E,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;QACnD,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACvB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,sBAAsB,CAAC,KAAe,EAAE,QAAgB;IAC/D,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,QAAQ,CAAC,qCAAqC,CAAC,CAAC;IAClF,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAE,CAAC;IAC/B,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC;QAAE,MAAM,IAAI,QAAQ,CAAC,2CAA2C,QAAQ,EAAE,EAAE,gBAAgB,CAAC,eAAe,CAAC,CAAC;IAC/I,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,IAAI,GAAG,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,GAAG,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,MAAM,IAAI,QAAQ,CAAC,6CAA6C,EAAE,gBAAgB,CAAC,mBAAmB,CAAC,CAAC;IACpL,MAAM,YAAY,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7E,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9C,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,SAAS,CAAC,CAAC,GAAG,CAAC,CAAE,CAAC;QACjC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;YAAE,MAAM,IAAI,QAAQ,CAAC,wDAAwD,EAAE,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAC3I,CAAC;IACD,MAAM,OAAO,GAAG,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC;IACjD,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;QAC3C,IAAI,CAAC;YACH,OAAO,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,WAAW,KAAK,IAAI,CAAC,WAAW,CAAC;QAC/E,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC,CAAC,CAAC;IACH,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;QAC7C,IAAI,CAAC;YACH,OAAO,QAAQ,CAAC,WAAW,KAAK,IAAI,CAAC,WAAW,CAAC;QACnD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW;QAAE,MAAM,IAAI,QAAQ,CAAC,2DAA2D,EAAE,gBAAgB,CAAC,UAAU,CAAC,CAAC;AAC/I,CAAC;AAED,SAAS,WAAW,CAAC,MAAkB,EAAE,IAAY;IACnD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,GAAG,EAAE,EAAE;YACzB,IAAI,GAAG;gBAAE,MAAM,CAAC,IAAI,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;;gBACtC,OAAO,EAAE,CAAC;QACjB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,mBAAmB,CAAC,MAAkB;IAC7C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC7B,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,MAAM,MAAM,GAAG,CAAC,KAAa,EAAE,EAAE;YAC/B,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;YACxC,QAAQ,EAAE,CAAC;QACb,CAAC,CAAC;QACF,MAAM,OAAO,GAAG,CAAC,GAAU,EAAE,EAAE;YAC7B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,GAAG,IAAI,CAAC;gBACf,OAAO,EAAE,CAAC;gBACV,MAAM,CAAC,IAAI,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;YACpC,CAAC;QACH,CAAC,CAAC;QACF,MAAM,OAAO,GAAG,GAAG,EAAE;YACnB,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,GAAG,IAAI,CAAC;gBACf,OAAO,EAAE,CAAC;gBACV,MAAM,CAAC,IAAI,QAAQ,CAAC,oCAAoC,CAAC,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC,CAAC;QACF,MAAM,OAAO,GAAG,GAAG,EAAE;YACnB,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YACtC,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACxC,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC1C,CAAC,CAAC;QACF,MAAM,QAAQ,GAAG,GAAG,EAAE;YACpB,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACrC,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,GAAG,IAAI,CAAC;gBACf,OAAO,EAAE,CAAC;gBACV,IAAI,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC,MAAM;oBAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;gBACxF,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YACzB,CAAC;QACH,CAAC,CAAC;QACF,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC1B,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC9B,QAAQ,EAAE,CAAC;IACb,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,aAAa,GAAG,EAAE,CAAC;AAOzB,SAAS,aAAa,CAAC,UAAkB,EAAE,aAAqB;IAC9D,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC,CAAC;AACpD,CAAC;AAED,SAAS,kBAAkB,CAAC,EAAU,EAAE,MAAc;IACpD,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC9B,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC/B,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3B,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,GAAG,CAAC,CAAE,IAAI,MAAM,CAAC,CAAC,CAAE,CAAC;IAC7C,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,aAAa,CAAC,MAAc,EAAE,WAAmB,EAAE,OAAe,EAAE,MAAc;IACzF,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC7B,GAAG,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAChC,GAAG,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC;IACrB,GAAG,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;IAC9B,GAAG,CAAC,aAAa,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC9B,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,uBAAuB,CAAC,IAAmB,EAAE,GAAW,EAAE,EAAU;IAC3E,MAAM,QAAQ,GAAG,IAAI,KAAK,mBAAmB,CAAC;IAE9C,OAAO;QACL,OAAO,CAAC,MAAc,EAAE,WAAmB,EAAE,SAAiB;YAC5D,IAAI,KAAa,CAAC;YAClB,IAAI,MAAc,CAAC;YAEnB,IAAI,QAAQ,EAAE,CAAC;gBACb,KAAK,GAAG,kBAAkB,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;gBACvC,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC3B,CAAC;iBAAM,CAAC;gBACN,MAAM,aAAa,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACtC,aAAa,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;gBACvC,KAAK,GAAG,aAAa,CAAC,EAAE,EAAE,aAAa,CAAC,CAAC;gBACzC,MAAM,GAAG,aAAa,CAAC;YACzB,CAAC;YAED,MAAM,GAAG,GAAG,aAAa,CAAC,MAAM,EAAE,WAAW,EAAE,eAAe,CAAC,OAAO,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;YAC1F,MAAM,MAAM,GAAG,cAAc,CAAC,IAAsB,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;YACpG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACnB,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC3C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;YAC7B,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;YAChC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,OAAO,CAAC,MAAc,EAAE,WAAmB,EAAE,UAAkB;YAC7D,IAAI,KAAa,CAAC;YAClB,IAAI,OAAe,CAAC;YAEpB,IAAI,QAAQ,EAAE,CAAC;gBACb,KAAK,GAAG,kBAAkB,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;gBACvC,OAAO,GAAG,UAAU,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACN,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,GAAG,aAAa;oBAAE,MAAM,IAAI,QAAQ,CAAC,kCAAkC,CAAC,CAAC;gBAClG,MAAM,aAAa,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBAChD,KAAK,GAAG,aAAa,CAAC,EAAE,EAAE,aAAa,CAAC,CAAC;gBACzC,OAAO,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YACnC,CAAC;YAED,IAAI,OAAO,CAAC,MAAM,GAAG,aAAa;gBAAE,MAAM,IAAI,QAAQ,CAAC,uCAAuC,CAAC,CAAC;YAChG,MAAM,aAAa,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,EAAE,OAAO,CAAC,MAAM,GAAG,aAAa,CAAC,CAAC;YAC1E,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,GAAG,aAAa,CAAC,CAAC;YAE7D,MAAM,YAAY,GAAG,aAAa,CAAC,MAAM,CAAC;YAC1C,MAAM,GAAG,GAAG,aAAa,CAAC,MAAM,EAAE,WAAW,EAAE,eAAe,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;YAEtF,MAAM,QAAQ,GAAG,gBAAgB,CAAC,IAAsB,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;YACxG,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACrB,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;gBACjD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,EAAE,CAAC;gBAC/B,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC;YAC3C,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,IAAI,QAAQ,CAAC,gCAAgC,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,uBAAuB,CAAC,MAAmB,EAAE,kBAA4E,EAAE,YAAoB,EAAE,YAAoB;IAC5K,MAAM,MAAM,GAAG,2BAA2B,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IACnE,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,QAAQ,CAAC,wDAAwD,MAAM,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;IAE/H,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,EAAE,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC;IACpF,MAAM,QAAQ,GAAG,YAAY,CAAC,MAAM,CAAC,SAAS,IAAI,QAAQ,CAAC,CAAC;IAC5D,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAE5B,MAAM,aAAa,GAAQ,EAAE,GAAG,EAAE,kBAAkB,EAAE,CAAC;IACvD,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACjC,aAAa,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QACvC,aAAa,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;IAC/C,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;QACtD,MAAM,IAAI,QAAQ,CAAC,iDAAiD,CAAC,CAAC;IACxE,CAAC;AACH,CAAC;AAED,SAAS,2BAA2B,CAAC,MAAc;IACjD,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,eAAe,CAAC,sBAAsB;YACzC,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;QACjC,KAAK,eAAe,CAAC,sBAAsB;YACzC,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;QACjC,KAAK,eAAe,CAAC,sBAAsB;YACzC,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;QACjC,KAAK,eAAe,CAAC,mBAAmB,CAAC;QACzC,KAAK,eAAe,CAAC,kBAAkB;YACrC,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;QAC7D,KAAK,eAAe,CAAC,mBAAmB,CAAC;QACzC,KAAK,eAAe,CAAC,kBAAkB;YACrC,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;QAC7D,KAAK,eAAe,CAAC,mBAAmB,CAAC;QACzC,KAAK,eAAe,CAAC,kBAAkB;YACrC,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;QAC7D,KAAK,eAAe,CAAC,gBAAgB;YACnC,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;QACjC,KAAK,eAAe,CAAC,gBAAgB;YACnC,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;QACjC,KAAK,eAAe,CAAC,gBAAgB;YACnC,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;QACjC,KAAK,eAAe,CAAC,cAAc;YACjC,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;QAC/B;YACE,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC;AAYD,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,MAAkB,EAAE,GAA0B,EAAE,iBAA2B;IACrH,MAAM,IAAI,GAAG,eAAe,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAC9C,IAAI,CAAC,IAAI;QAAE,MAAM,IAAI,QAAQ,CAAC,uCAAuC,GAAG,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;IAErG,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC;IACzB,IAAI,kBAAkB,GAAa,EAAE,CAAC;IACtC,IAAI,kBAAkB,GAAoE,IAAI,CAAC;IAC/F,IAAI,UAAU,GAAuB,IAAI,CAAC;IAC1C,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAE/B,MAAM,oBAAoB,GAAG,CAAC,GAAG,iBAAiB,CAAC,CAAC;IAEpD,OAAO,CAAC,kBAAkB,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAEjD,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU,CAAC,KAAK,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAClE,MAAM,IAAI,QAAQ,CAAC,0CAA0C,IAAI,EAAE,EAAE,IAAI,CAAC,CAAC;QAC7E,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU,CAAC,SAAS,EAAE,CAAC;YACzC,MAAM,IAAI,QAAQ,CAAC,gDAAgD,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QACpF,CAAC;QAED,IAAI,MAAM,GAAG,CAAC,CAAC;QACf,OAAO,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;YACvC,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,MAAM,GAAG,CAAC;gBAAE,MAAM;YAC/C,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAE,CAAC;YACzC,MAAM,MAAM,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAE,IAAI,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAE,IAAI,CAAC,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC;YACzH,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,GAAG,MAAM,CAAC;YACnC,IAAI,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM;gBAAE,MAAM;YAE3C,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YACzD,oBAAoB,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;YAEhD,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;YAE7D,QAAQ,OAAO,EAAE,CAAC;gBAChB,KAAK,aAAa,CAAC,WAAW,CAAC,CAAC,CAAC;oBAC/B,kBAAkB,GAAG,4BAA4B,CAAC,OAAO,CAAC,CAAC;oBAC3D,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBAClC,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC,kBAAkB,CAAC,CAAC,CAAE,CAAC,CAAC;wBACzD,kBAAkB,GAAG,IAAI,CAAC,SAAS,CAAC;oBACtC,CAAC;oBACD,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;wBAClB,sBAAsB,CAAC,kBAAkB,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;oBAC3D,CAAC;oBACD,IAAI,GAAG,CAAC,eAAe,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBACzD,qBAAqB,CAAC,kBAAkB,CAAC,CAAC,CAAE,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC;oBACrE,CAAC;oBACD,MAAM;gBACR,CAAC;gBACD,KAAK,EAAE,CAAC,CAAC,CAAC;oBACR,UAAU,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;oBAC7C,IAAI,CAAC,GAAG,CAAC,QAAQ,IAAI,kBAAkB,EAAE,CAAC;wBACxC,uBAAuB,CAAC,UAAU,EAAE,kBAAkB,EAAE,GAAG,CAAC,YAAY,EAAE,GAAG,CAAC,YAAY,CAAC,CAAC;oBAC9F,CAAC;oBACD,MAAM;gBACR,CAAC;gBACD,KAAK,EAAE,CAAC,CAAC,CAAC;oBACR,kBAAkB,GAAG,IAAI,CAAC;oBAC1B,MAAM;gBACR,CAAC;gBACD;oBACE,MAAM;YACV,CAAC;YAED,MAAM,GAAG,MAAM,CAAC;QAClB,CAAC;IACH,CAAC;IAED,IAAI,CAAC,UAAU;QAAE,MAAM,IAAI,QAAQ,CAAC,uCAAuC,CAAC,CAAC;IAE7E,MAAM,SAAS,GAAG,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACjD,IAAI,CAAC,SAAS;QAAE,MAAM,IAAI,QAAQ,CAAC,6CAA6C,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;IAEnH,MAAM,IAAI,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACnC,IAAI,CAAC,YAAY,EAAE,CAAC;IACpB,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC;IACtD,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,CAAC;IAEpF,MAAM,OAAO,GAAG,IAAI,YAAY,CAAC,CAAC,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IAC1D,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IACxC,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,oBAAoB,CAAC,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC5D,oBAAoB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAElC,MAAM,SAAS,GAAG,WAAW,CAAC,UAAU,CAAC,SAAS,EAAE,eAAe,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACrF,MAAM,WAAW,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAErC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,YAAY,EAAE,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;IACjE,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,EAAE,eAAe,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IAElF,MAAM,WAAW,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,YAAY,EAAE,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;IACpE,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,EAAE,YAAY,EAAE,eAAe,EAAE,OAAO,EAAE,WAAW,CAAC,CAAC;IAEvF,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,MAAM,cAAc,GAAG,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC3E,QAAQ,IAAI,IAAI,CAAC,MAAM,CAAC;IACxB,MAAM,cAAc,GAAG,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC3E,QAAQ,IAAI,IAAI,CAAC,MAAM,CAAC;IACxB,MAAM,aAAa,GAAG,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;IACzE,QAAQ,IAAI,IAAI,CAAC,KAAK,CAAC;IACvB,MAAM,aAAa,GAAG,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;IAEzE,MAAM,SAAS,GAAG,WAAW,CAAC,UAAU,CAAC,kBAAkB,EAAE,eAAe,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACxG,MAAM,WAAW,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAErC,MAAM,YAAY,GAAG,uBAAuB,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,EAAE,aAAa,CAAC,CAAC;IAEvF,MAAM,qBAAqB,GAAG,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAClE,MAAM,cAAc,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,MAAM,EAAE,CAAC;IACjF,MAAM,gBAAgB,GAAG,QAAQ,CAAC,MAAM,EAAE,YAAY,EAAE,iBAAiB,EAAE,cAAc,EAAE,EAAE,CAAC,CAAC;IAE/F,MAAM,WAAW,GAAG,oBAAoB,CAAC,aAAa,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;IACnF,oBAAoB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAEvC,MAAM,iBAAiB,GAAG,YAAY,CAAC,OAAO,CAAC,EAAE,EAAE,UAAU,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;IACtF,MAAM,cAAc,GAAG,WAAW,CAAC,UAAU,CAAC,gBAAgB,EAAE,eAAe,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;IAC5G,MAAM,WAAW,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAE1C,IAAI,SAAS,GAAG,EAAE,CAAC;IACnB,MAAM,YAAY,GAAG,uBAAuB,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,EAAE,aAAa,CAAC,CAAC;IACvF,IAAI,iBAAiB,GAAG,KAAK,CAAC;IAE9B,OAAO,CAAC,iBAAiB,EAAE,CAAC;QAC1B,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAEjD,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU,CAAC,kBAAkB,EAAE,CAAC;YAClD,SAAS;QACX,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU,CAAC,KAAK,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAClE,MAAM,IAAI,QAAQ,CAAC,iBAAiB,IAAI,EAAE,EAAE,IAAI,CAAC,CAAC;QACpD,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU,CAAC,gBAAgB,EAAE,CAAC;YAChD,MAAM,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,UAAU,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;YAE3F,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC;gBAAE,MAAM,IAAI,QAAQ,CAAC,2BAA2B,CAAC,CAAC;YAC1E,MAAM,OAAO,GAAG,SAAS,CAAC,CAAC,CAAE,CAAC;YAC9B,IAAI,OAAO,KAAK,aAAa,CAAC,QAAQ;gBAAE,MAAM,IAAI,QAAQ,CAAC,0BAA0B,CAAC,CAAC;YACvF,MAAM,gBAAgB,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YAE/C,MAAM,oBAAoB,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;YACrG,MAAM,oBAAoB,GAAG,QAAQ,CAAC,MAAM,EAAE,YAAY,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,EAAE,CAAC,CAAC;YACzG,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBACnD,MAAM,IAAI,QAAQ,CAAC,sCAAsC,CAAC,CAAC;YAC7D,CAAC;YACD,iBAAiB,GAAG,IAAI,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,OAAO;QACL,YAAY,EAAE,IAAI;QAClB,MAAM,EAAE,eAAe,CAAC,GAAG,CAAC,WAAW,CAAC;QACxC,OAAO,EAAE,SAAS;QAClB,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC;QACtC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC;QACpC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC;QACtC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC;QACpC,IAAI,EAAE,IAAI,CAAC,IAAI;KAChB,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAY,EAAE,IAAY;IACtD,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC1C,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IACd,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;IACpC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;IACnC,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;IAC5B,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IAClB,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/tls/types.d.ts

@@ -33,6 +33,15 @@ export interface TLSConnectOptions {
     passphrase?: string;
     pfx?: string | Buffer;
     ca?: string | Buffer | Array<string | Buffer>;
+    /** Raw ECHConfigList (RFC draft-ietf-tls-esni) for Encrypted Client Hello. */
+    echConfigList?: Buffer;
+    /**
+     * Pin the server's public key by SHA-256 hash of the SPKI (Subject Public
+     * Key Info). Format: `"sha256//base64hash"`. Accepts a single pin or an
+     * array of pins; the connection succeeds if **any** pin matches the leaf
+     * certificate. Modelled after curl's `--pinnedpubkey`.
+     */
+    pinnedPublicKey?: string | string[];
 }
 /**
  * Metadata describing a successfully negotiated TLS connection.
@@ -48,6 +57,7 @@ export interface TLSConnectionInfo {
     alpnProtocol: string | null;
     cipher: string;
     ja3Hash?: string;
+    resumed?: boolean;
 }
 /**
  * A duplex stream representing an established TLS connection. Extends
@@ -86,5 +96,11 @@ export interface TLSOptions {
     passphrase?: string;
     pfx?: string | Buffer;
     ca?: string | Buffer | Array<string | Buffer>;
+    /**
+     * Pin the server's public key by SHA-256 hash of the SPKI (Subject Public
+     * Key Info). Format: `"sha256//base64hash"`. Accepts a single pin or an
+     * array of pins; the connection succeeds if **any** pin matches.
+     */
+    pinnedPublicKey?: string | string[];
 }
 //# sourceMappingURL=types.d.ts.map

package/dist/tls/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/tls/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AACvC,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC/D,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAEjD;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,MAAM,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACvB,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACtB,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC;CAC/C;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,SAAU,SAAQ,MAAM;IACvC,cAAc,EAAE,iBAAiB,CAAC;IAClC,UAAU,IAAI,IAAI,CAAC;CACpB;AAED;;;;GAIG;AACH,MAAM,WAAW,UAAU;IACzB,OAAO,CAAC,OAAO,EAAE,iBAAiB,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;CACnF;AAED;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,UAAU;IACzB,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACvB,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACtB,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC;CAC/C"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/tls/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AACvC,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC/D,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAEjD;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,MAAM,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACvB,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACtB,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC;IAC9C,8EAA8E;IAC9E,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB;;;;;OAKG;IACH,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CACrC;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,SAAU,SAAQ,MAAM;IACvC,cAAc,EAAE,iBAAiB,CAAC;IAClC,UAAU,IAAI,IAAI,CAAC;CACpB;AAED;;;;GAIG;AACH,MAAM,WAAW,UAAU;IACzB,OAAO,CAAC,OAAO,EAAE,iBAAiB,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;CACnF;AAED;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,UAAU;IACzB,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACvB,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACtB,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC;IAC9C;;;;OAIG;IACH,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CACrC"}

package/dist/utils/encoding.d.ts

@@ -6,10 +6,10 @@ import { Transform } from "node:stream";
  */
 export declare const supportsZstd: boolean;
 /**
- * Decompresses a response body buffer using the algorithm indicated by
- * `contentEncoding`. Supports `gzip`, `x-gzip`, `deflate`, `br` (Brotli),
- * `zstd` (when available), and `identity`. Unrecognized encodings are
- * returned as-is.
+ * Decompresses a response body buffer handling potentially multiple
+ * Content-Encoding layers (e.g. `"gzip, br"`). Layers are applied in
+ * reverse order per RFC 9110 §8.4. Throws if the number of layers
+ * exceeds {@link MAX_CONTENT_ENCODING_LAYERS}.
  *
  * @param {Buffer}            body            - Raw compressed body bytes.
  * @param {string | undefined} contentEncoding - Value of the `Content-Encoding` header.
@@ -18,8 +18,10 @@ export declare const supportsZstd: boolean;
 export declare function decompressBody(body: Buffer, contentEncoding: string | undefined): Promise<Buffer>;
 /**
  * Creates a Node.js `Transform` stream that decompresses data on-the-fly
- * using the algorithm indicated by `contentEncoding`. Returns `null` when
- * no transform is needed (unknown or `identity` encoding).
+ * using the algorithm(s) indicated by `contentEncoding`. Supports multiple
+ * comma-separated encodings (e.g. `"gzip, br"`). Returns `null` when no
+ * transform is needed. Throws if the number of encoding layers exceeds
+ * {@link MAX_CONTENT_ENCODING_LAYERS}.
  *
  * @param {string | undefined} contentEncoding - Value of the `Content-Encoding` header.
  * @returns {Transform | null} Decompressor stream, or `null` if no decompression is required.

package/dist/utils/encoding.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"encoding.d.ts","sourceRoot":"","sources":["../../src/utils/encoding.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAiB,MAAM,aAAa,CAAC;AASvD;;;;GAIG;AACH,eAAO,MAAM,YAAY,EAAE,OAAsC,CAAC;AAElE;;;;;;;;;GASG;AACH,wBAAsB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CA4BvG;AAED;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CAAC,eAAe,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS,GAAG,IAAI,CA8B5F;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,IAAI,MAAM,CAE9C;AAED;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAO5D"}
+{"version":3,"file":"encoding.d.ts","sourceRoot":"","sources":["../../src/utils/encoding.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAiB,MAAM,aAAa,CAAC;AASvD;;;;GAIG;AACH,eAAO,MAAM,YAAY,EAAE,OAAsC,CAAC;AAoDlE;;;;;;;;;GASG;AACH,wBAAsB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAWvG;AA8BD;;;;;;;;;GASG;AACH,wBAAgB,sBAAsB,CAAC,eAAe,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS,GAAG,IAAI,CAwC5F;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,IAAI,MAAM,CAE9C;AAED;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAO5D"}