@push.rocks/smartproxy/dist_ts/protocols/tls/utils/tls-utils.js

A powerful proxy package with unified route-based configuration for high traffic management. Features include SSL/TLS support, flexible routing patterns, WebSocket handling, advanced security options, and automatic ACME certificate management.

import * as plugins from '../../../plugins.js';
/**
 * TLS record types as defined in various RFCs
 */
export var TlsRecordType;
(function (TlsRecordType) {
    TlsRecordType[TlsRecordType["CHANGE_CIPHER_SPEC"] = 20] = "CHANGE_CIPHER_SPEC";
    TlsRecordType[TlsRecordType["ALERT"] = 21] = "ALERT";
    TlsRecordType[TlsRecordType["HANDSHAKE"] = 22] = "HANDSHAKE";
    TlsRecordType[TlsRecordType["APPLICATION_DATA"] = 23] = "APPLICATION_DATA";
    TlsRecordType[TlsRecordType["HEARTBEAT"] = 24] = "HEARTBEAT";
})(TlsRecordType || (TlsRecordType = {}));
/**
 * TLS handshake message types
 */
export var TlsHandshakeType;
(function (TlsHandshakeType) {
    TlsHandshakeType[TlsHandshakeType["HELLO_REQUEST"] = 0] = "HELLO_REQUEST";
    TlsHandshakeType[TlsHandshakeType["CLIENT_HELLO"] = 1] = "CLIENT_HELLO";
    TlsHandshakeType[TlsHandshakeType["SERVER_HELLO"] = 2] = "SERVER_HELLO";
    TlsHandshakeType[TlsHandshakeType["NEW_SESSION_TICKET"] = 4] = "NEW_SESSION_TICKET";
    TlsHandshakeType[TlsHandshakeType["ENCRYPTED_EXTENSIONS"] = 8] = "ENCRYPTED_EXTENSIONS";
    TlsHandshakeType[TlsHandshakeType["CERTIFICATE"] = 11] = "CERTIFICATE";
    TlsHandshakeType[TlsHandshakeType["SERVER_KEY_EXCHANGE"] = 12] = "SERVER_KEY_EXCHANGE";
    TlsHandshakeType[TlsHandshakeType["CERTIFICATE_REQUEST"] = 13] = "CERTIFICATE_REQUEST";
    TlsHandshakeType[TlsHandshakeType["SERVER_HELLO_DONE"] = 14] = "SERVER_HELLO_DONE";
    TlsHandshakeType[TlsHandshakeType["CERTIFICATE_VERIFY"] = 15] = "CERTIFICATE_VERIFY";
    TlsHandshakeType[TlsHandshakeType["CLIENT_KEY_EXCHANGE"] = 16] = "CLIENT_KEY_EXCHANGE";
    TlsHandshakeType[TlsHandshakeType["FINISHED"] = 20] = "FINISHED";
})(TlsHandshakeType || (TlsHandshakeType = {}));
/**
 * TLS extension types
 */
export var TlsExtensionType;
(function (TlsExtensionType) {
    TlsExtensionType[TlsExtensionType["SERVER_NAME"] = 0] = "SERVER_NAME";
    TlsExtensionType[TlsExtensionType["MAX_FRAGMENT_LENGTH"] = 1] = "MAX_FRAGMENT_LENGTH";
    TlsExtensionType[TlsExtensionType["CLIENT_CERTIFICATE_URL"] = 2] = "CLIENT_CERTIFICATE_URL";
    TlsExtensionType[TlsExtensionType["TRUSTED_CA_KEYS"] = 3] = "TRUSTED_CA_KEYS";
    TlsExtensionType[TlsExtensionType["TRUNCATED_HMAC"] = 4] = "TRUNCATED_HMAC";
    TlsExtensionType[TlsExtensionType["STATUS_REQUEST"] = 5] = "STATUS_REQUEST";
    TlsExtensionType[TlsExtensionType["SUPPORTED_GROUPS"] = 10] = "SUPPORTED_GROUPS";
    TlsExtensionType[TlsExtensionType["EC_POINT_FORMATS"] = 11] = "EC_POINT_FORMATS";
    TlsExtensionType[TlsExtensionType["SIGNATURE_ALGORITHMS"] = 13] = "SIGNATURE_ALGORITHMS";
    TlsExtensionType[TlsExtensionType["APPLICATION_LAYER_PROTOCOL_NEGOTIATION"] = 16] = "APPLICATION_LAYER_PROTOCOL_NEGOTIATION";
    TlsExtensionType[TlsExtensionType["SIGNED_CERTIFICATE_TIMESTAMP"] = 18] = "SIGNED_CERTIFICATE_TIMESTAMP";
    TlsExtensionType[TlsExtensionType["PADDING"] = 21] = "PADDING";
    TlsExtensionType[TlsExtensionType["SESSION_TICKET"] = 35] = "SESSION_TICKET";
    TlsExtensionType[TlsExtensionType["PRE_SHARED_KEY"] = 41] = "PRE_SHARED_KEY";
    TlsExtensionType[TlsExtensionType["EARLY_DATA"] = 42] = "EARLY_DATA";
    TlsExtensionType[TlsExtensionType["SUPPORTED_VERSIONS"] = 43] = "SUPPORTED_VERSIONS";
    TlsExtensionType[TlsExtensionType["COOKIE"] = 44] = "COOKIE";
    TlsExtensionType[TlsExtensionType["PSK_KEY_EXCHANGE_MODES"] = 45] = "PSK_KEY_EXCHANGE_MODES";
    TlsExtensionType[TlsExtensionType["CERTIFICATE_AUTHORITIES"] = 47] = "CERTIFICATE_AUTHORITIES";
    TlsExtensionType[TlsExtensionType["POST_HANDSHAKE_AUTH"] = 49] = "POST_HANDSHAKE_AUTH";
    TlsExtensionType[TlsExtensionType["SIGNATURE_ALGORITHMS_CERT"] = 50] = "SIGNATURE_ALGORITHMS_CERT";
    TlsExtensionType[TlsExtensionType["KEY_SHARE"] = 51] = "KEY_SHARE";
})(TlsExtensionType || (TlsExtensionType = {}));
/**
 * TLS alert levels
 */
export var TlsAlertLevel;
(function (TlsAlertLevel) {
    TlsAlertLevel[TlsAlertLevel["WARNING"] = 1] = "WARNING";
    TlsAlertLevel[TlsAlertLevel["FATAL"] = 2] = "FATAL";
})(TlsAlertLevel || (TlsAlertLevel = {}));
/**
 * TLS alert description codes
 */
export var TlsAlertDescription;
(function (TlsAlertDescription) {
    TlsAlertDescription[TlsAlertDescription["CLOSE_NOTIFY"] = 0] = "CLOSE_NOTIFY";
    TlsAlertDescription[TlsAlertDescription["UNEXPECTED_MESSAGE"] = 10] = "UNEXPECTED_MESSAGE";
    TlsAlertDescription[TlsAlertDescription["BAD_RECORD_MAC"] = 20] = "BAD_RECORD_MAC";
    TlsAlertDescription[TlsAlertDescription["DECRYPTION_FAILED"] = 21] = "DECRYPTION_FAILED";
    TlsAlertDescription[TlsAlertDescription["RECORD_OVERFLOW"] = 22] = "RECORD_OVERFLOW";
    TlsAlertDescription[TlsAlertDescription["DECOMPRESSION_FAILURE"] = 30] = "DECOMPRESSION_FAILURE";
    TlsAlertDescription[TlsAlertDescription["HANDSHAKE_FAILURE"] = 40] = "HANDSHAKE_FAILURE";
    TlsAlertDescription[TlsAlertDescription["NO_CERTIFICATE"] = 41] = "NO_CERTIFICATE";
    TlsAlertDescription[TlsAlertDescription["BAD_CERTIFICATE"] = 42] = "BAD_CERTIFICATE";
    TlsAlertDescription[TlsAlertDescription["UNSUPPORTED_CERTIFICATE"] = 43] = "UNSUPPORTED_CERTIFICATE";
    TlsAlertDescription[TlsAlertDescription["CERTIFICATE_REVOKED"] = 44] = "CERTIFICATE_REVOKED";
    TlsAlertDescription[TlsAlertDescription["CERTIFICATE_EXPIRED"] = 45] = "CERTIFICATE_EXPIRED";
    TlsAlertDescription[TlsAlertDescription["CERTIFICATE_UNKNOWN"] = 46] = "CERTIFICATE_UNKNOWN";
    TlsAlertDescription[TlsAlertDescription["ILLEGAL_PARAMETER"] = 47] = "ILLEGAL_PARAMETER";
    TlsAlertDescription[TlsAlertDescription["UNKNOWN_CA"] = 48] = "UNKNOWN_CA";
    TlsAlertDescription[TlsAlertDescription["ACCESS_DENIED"] = 49] = "ACCESS_DENIED";
    TlsAlertDescription[TlsAlertDescription["DECODE_ERROR"] = 50] = "DECODE_ERROR";
    TlsAlertDescription[TlsAlertDescription["DECRYPT_ERROR"] = 51] = "DECRYPT_ERROR";
    TlsAlertDescription[TlsAlertDescription["EXPORT_RESTRICTION"] = 60] = "EXPORT_RESTRICTION";
    TlsAlertDescription[TlsAlertDescription["PROTOCOL_VERSION"] = 70] = "PROTOCOL_VERSION";
    TlsAlertDescription[TlsAlertDescription["INSUFFICIENT_SECURITY"] = 71] = "INSUFFICIENT_SECURITY";
    TlsAlertDescription[TlsAlertDescription["INTERNAL_ERROR"] = 80] = "INTERNAL_ERROR";
    TlsAlertDescription[TlsAlertDescription["INAPPROPRIATE_FALLBACK"] = 86] = "INAPPROPRIATE_FALLBACK";
    TlsAlertDescription[TlsAlertDescription["USER_CANCELED"] = 90] = "USER_CANCELED";
    TlsAlertDescription[TlsAlertDescription["NO_RENEGOTIATION"] = 100] = "NO_RENEGOTIATION";
    TlsAlertDescription[TlsAlertDescription["MISSING_EXTENSION"] = 109] = "MISSING_EXTENSION";
    TlsAlertDescription[TlsAlertDescription["UNSUPPORTED_EXTENSION"] = 110] = "UNSUPPORTED_EXTENSION";
    TlsAlertDescription[TlsAlertDescription["CERTIFICATE_REQUIRED"] = 111] = "CERTIFICATE_REQUIRED";
    TlsAlertDescription[TlsAlertDescription["UNRECOGNIZED_NAME"] = 112] = "UNRECOGNIZED_NAME";
    TlsAlertDescription[TlsAlertDescription["BAD_CERTIFICATE_STATUS_RESPONSE"] = 113] = "BAD_CERTIFICATE_STATUS_RESPONSE";
    TlsAlertDescription[TlsAlertDescription["BAD_CERTIFICATE_HASH_VALUE"] = 114] = "BAD_CERTIFICATE_HASH_VALUE";
    TlsAlertDescription[TlsAlertDescription["UNKNOWN_PSK_IDENTITY"] = 115] = "UNKNOWN_PSK_IDENTITY";
    TlsAlertDescription[TlsAlertDescription["CERTIFICATE_REQUIRED_1_3"] = 116] = "CERTIFICATE_REQUIRED_1_3";
    TlsAlertDescription[TlsAlertDescription["NO_APPLICATION_PROTOCOL"] = 120] = "NO_APPLICATION_PROTOCOL";
})(TlsAlertDescription || (TlsAlertDescription = {}));
/**
 * TLS version codes (major.minor)
 */
export const TlsVersion = {
    SSL3: [0x03, 0x00],
    TLS1_0: [0x03, 0x01],
    TLS1_1: [0x03, 0x02],
    TLS1_2: [0x03, 0x03],
    TLS1_3: [0x03, 0x04],
};
/**
 * Utility functions for TLS protocol operations
 */
export class TlsUtils {
    /**
     * Checks if a buffer contains a TLS handshake record
     * @param buffer The buffer to check
     * @returns true if the buffer starts with a TLS handshake record
     */
    static isTlsHandshake(buffer) {
        return buffer.length > 0 && buffer[0] === TlsRecordType.HANDSHAKE;
    }
    /**
     * Checks if a buffer contains TLS application data
     * @param buffer The buffer to check
     * @returns true if the buffer starts with a TLS application data record
     */
    static isTlsApplicationData(buffer) {
        return buffer.length > 0 && buffer[0] === TlsRecordType.APPLICATION_DATA;
    }
    /**
     * Checks if a buffer contains a TLS alert record
     * @param buffer The buffer to check
     * @returns true if the buffer starts with a TLS alert record
     */
    static isTlsAlert(buffer) {
        return buffer.length > 0 && buffer[0] === TlsRecordType.ALERT;
    }
    /**
     * Checks if a buffer contains a TLS ClientHello message
     * @param buffer The buffer to check
     * @returns true if the buffer appears to be a ClientHello message
     */
    static isClientHello(buffer) {
        // Minimum ClientHello size (TLS record header + handshake header)
        if (buffer.length < 9) {
            return false;
        }
        // Check record type (must be TLS_HANDSHAKE_RECORD_TYPE)
        if (buffer[0] !== TlsRecordType.HANDSHAKE) {
            return false;
        }
        // Skip version and length in TLS record header (5 bytes total)
        // Check handshake type at byte 5 (must be CLIENT_HELLO)
        return buffer[5] === TlsHandshakeType.CLIENT_HELLO;
    }
    /**
     * Gets the record length from a TLS record header
     * @param buffer Buffer containing a TLS record
     * @returns The record length if the buffer is valid, -1 otherwise
     */
    static getTlsRecordLength(buffer) {
        if (buffer.length < 5) {
            return -1;
        }
        // Bytes 3-4 contain the record length (big-endian)
        return (buffer[3] << 8) + buffer[4];
    }
    /**
     * Creates a connection ID based on source/destination information
     * Used to track fragmented ClientHello messages across multiple packets
     *
     * @param connectionInfo Object containing connection identifiers
     * @returns A string ID for the connection
     */
    static createConnectionId(connectionInfo) {
        const { sourceIp, sourcePort, destIp, destPort } = connectionInfo;
        return `${sourceIp}:${sourcePort}-${destIp}:${destPort}`;
    }
}
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidGxzLXV0aWxzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vdHMvcHJvdG9jb2xzL3Rscy91dGlscy90bHMtdXRpbHMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLE9BQU8sTUFBTSxxQkFBcUIsQ0FBQztBQUUvQzs7R0FFRztBQUNILE1BQU0sQ0FBTixJQUFZLGFBTVg7QUFORCxXQUFZLGFBQWE7SUFDdkIsOEVBQXVCLENBQUE7SUFDdkIsb0RBQVUsQ0FBQTtJQUNWLDREQUFjLENBQUE7SUFDZCwwRUFBcUIsQ0FBQTtJQUNyQiw0REFBYyxDQUFBO0FBQ2hCLENBQUMsRUFOVyxhQUFhLEtBQWIsYUFBYSxRQU14QjtBQUVEOztHQUVHO0FBQ0gsTUFBTSxDQUFOLElBQVksZ0JBYVg7QUFiRCxXQUFZLGdCQUFnQjtJQUMxQix5RUFBaUIsQ0FBQTtJQUNqQix1RUFBZ0IsQ0FBQTtJQUNoQix1RUFBZ0IsQ0FBQTtJQUNoQixtRkFBc0IsQ0FBQTtJQUN0Qix1RkFBd0IsQ0FBQTtJQUN4QixzRUFBZ0IsQ0FBQTtJQUNoQixzRkFBd0IsQ0FBQTtJQUN4QixzRkFBd0IsQ0FBQTtJQUN4QixrRkFBc0IsQ0FBQTtJQUN0QixvRkFBdUIsQ0FBQTtJQUN2QixzRkFBd0IsQ0FBQTtJQUN4QixnRUFBYSxDQUFBO0FBQ2YsQ0FBQyxFQWJXLGdCQUFnQixLQUFoQixnQkFBZ0IsUUFhM0I7QUFFRDs7R0FFRztBQUNILE1BQU0sQ0FBTixJQUFZLGdCQXVCWDtBQXZCRCxXQUFZLGdCQUFnQjtJQUMxQixxRUFBZSxDQUFBO0lBQ2YscUZBQXVCLENBQUE7SUFDdkIsMkZBQTBCLENBQUE7SUFDMUIsNkVBQW1CLENBQUE7SUFDbkIsMkVBQWtCLENBQUE7SUFDbEIsMkVBQWtCLENBQUE7SUFDbEIsZ0ZBQXFCLENBQUE7SUFDckIsZ0ZBQXFCLENBQUE7SUFDckIsd0ZBQXlCLENBQUE7SUFDekIsNEhBQTJDLENBQUE7SUFDM0Msd0dBQWlDLENBQUE7SUFDakMsOERBQVksQ0FBQTtJQUNaLDRFQUFtQixDQUFBO0lBQ25CLDRFQUFtQixDQUFBO0lBQ25CLG9FQUFlLENBQUE7SUFDZixvRkFBdUIsQ0FBQTtJQUN2Qiw0REFBVyxDQUFBO0lBQ1gsNEZBQTJCLENBQUE7SUFDM0IsOEZBQTRCLENBQUE7SUFDNUIsc0ZBQXdCLENBQUE7SUFDeEIsa0dBQThCLENBQUE7SUFDOUIsa0VBQWMsQ0FBQTtBQUNoQixDQUFDLEVBdkJXLGdCQUFnQixLQUFoQixnQkFBZ0IsUUF1QjNCO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLENBQU4sSUFBWSxhQUdYO0FBSEQsV0FBWSxhQUFhO0lBQ3ZCLHVEQUFXLENBQUE7SUFDWCxtREFBUyxDQUFBO0FBQ1gsQ0FBQyxFQUhXLGFBQWEsS0FBYixhQUFhLFFBR3hCO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLENBQU4sSUFBWSxtQkFtQ1g7QUFuQ0QsV0FBWSxtQkFBbUI7SUFDN0IsNkVBQWdCLENBQUE7SUFDaEIsMEZBQXVCLENBQUE7SUFDdkIsa0ZBQW1CLENBQUE7SUFDbkIsd0ZBQXNCLENBQUE7SUFDdEIsb0ZBQW9CLENBQUE7SUFDcEIsZ0dBQTBCLENBQUE7SUFDMUIsd0ZBQXNCLENBQUE7SUFDdEIsa0ZBQW1CLENBQUE7SUFDbkIsb0ZBQW9CLENBQUE7SUFDcEIsb0dBQTRCLENBQUE7SUFDNUIsNEZBQXdCLENBQUE7SUFDeEIsNEZBQXdCLENBQUE7SUFDeEIsNEZBQXdCLENBQUE7SUFDeEIsd0ZBQXNCLENBQUE7SUFDdEIsMEVBQWUsQ0FBQTtJQUNmLGdGQUFrQixDQUFBO0lBQ2xCLDhFQUFpQixDQUFBO0lBQ2pCLGdGQUFrQixDQUFBO0lBQ2xCLDBGQUF1QixDQUFBO0lBQ3ZCLHNGQUFxQixDQUFBO0lBQ3JCLGdHQUEwQixDQUFBO0lBQzFCLGtGQUFtQixDQUFBO0lBQ25CLGtHQUEyQixDQUFBO0lBQzNCLGdGQUFrQixDQUFBO0lBQ2xCLHVGQUFzQixDQUFBO0lBQ3RCLHlGQUF1QixDQUFBO0lBQ3ZCLGlHQUEyQixDQUFBO0lBQzNCLCtGQUEwQixDQUFBO0lBQzFCLHlGQUF1QixDQUFBO0lBQ3ZCLHFIQUFxQyxDQUFBO0lBQ3JDLDJHQUFnQyxDQUFBO0lBQ2hDLCtGQUEwQixDQUFBO0lBQzFCLHVHQUE4QixDQUFBO0lBQzlCLHFHQUE2QixDQUFBO0FBQy9CLENBQUMsRUFuQ1csbUJBQW1CLEtBQW5CLG1CQUFtQixRQW1DOUI7QUFFRDs7R0FFRztBQUNILE1BQU0sQ0FBQyxNQUFNLFVBQVUsR0FBRztJQUN4QixJQUFJLEVBQUUsQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDO0lBQ2xCLE1BQU0sRUFBRSxDQUFDLElBQUksRUFBRSxJQUFJLENBQUM7SUFDcEIsTUFBTSxFQUFFLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQztJQUNwQixNQUFNLEVBQUUsQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDO0lBQ3BCLE1BQU0sRUFBRSxDQUFDLElBQUksRUFBRSxJQUFJLENBQUM7Q0FDckIsQ0FBQztBQUVGOztHQUVHO0FBQ0gsTUFBTSxPQUFPLFFBQVE7SUFDbkI7Ozs7T0FJRztJQUNJLE1BQU0sQ0FBQyxjQUFjLENBQUMsTUFBYztRQUN6QyxPQUFPLE1BQU0sQ0FBQyxNQUFNLEdBQUcsQ0FBQyxJQUFJLE1BQU0sQ0FBQyxDQUFDLENBQUMsS0FBSyxhQUFhLENBQUMsU0FBUyxDQUFDO0lBQ3BFLENBQUM7SUFFRDs7OztPQUlHO0lBQ0ksTUFBTSxDQUFDLG9CQUFvQixDQUFDLE1BQWM7UUFDL0MsT0FBTyxNQUFNLENBQUMsTUFBTSxHQUFHLENBQUMsSUFBSSxNQUFNLENBQUMsQ0FBQyxDQUFDLEtBQUssYUFBYSxDQUFDLGdCQUFnQixDQUFDO0lBQzNFLENBQUM7SUFFRDs7OztPQUlHO0lBQ0ksTUFBTSxDQUFDLFVBQVUsQ0FBQyxNQUFjO1FBQ3JDLE9BQU8sTUFBTSxDQUFDLE1BQU0sR0FBRyxDQUFDLElBQUksTUFBTSxDQUFDLENBQUMsQ0FBQyxLQUFLLGFBQWEsQ0FBQyxLQUFLLENBQUM7SUFDaEUsQ0FBQztJQUVEOzs7O09BSUc7SUFDSSxNQUFNLENBQUMsYUFBYSxDQUFDLE1BQWM7UUFDeEMsa0VBQWtFO1FBQ2xFLElBQUksTUFBTSxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUN0QixPQUFPLEtBQUssQ0FBQztRQUNmLENBQUM7UUFFRCx3REFBd0Q7UUFDeEQsSUFBSSxNQUFNLENBQUMsQ0FBQyxDQUFDLEtBQUssYUFBYSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQzFDLE9BQU8sS0FBSyxDQUFDO1FBQ2YsQ0FBQztRQUVELCtEQUErRDtRQUMvRCx3REFBd0Q7UUFDeEQsT0FBTyxNQUFNLENBQUMsQ0FBQyxDQUFDLEtBQUssZ0JBQWdCLENBQUMsWUFBWSxDQUFDO0lBQ3JELENBQUM7SUFFRDs7OztPQUlHO0lBQ0ksTUFBTSxDQUFDLGtCQUFrQixDQUFDLE1BQWM7UUFDN0MsSUFBSSxNQUFNLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ3RCLE9BQU8sQ0FBQyxDQUFDLENBQUM7UUFDWixDQUFDO1FBRUQsbURBQW1EO1FBQ25ELE9BQU8sQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLEdBQUcsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBQ3RDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxNQUFNLENBQUMsa0JBQWtCLENBQUMsY0FLaEM7UUFDQyxNQUFNLEVBQUUsUUFBUSxFQUFFLFVBQVUsRUFBRSxNQUFNLEVBQUUsUUFBUSxFQUFFLEdBQUcsY0FBYyxDQUFDO1FBQ2xFLE9BQU8sR0FBRyxRQUFRLElBQUksVUFBVSxJQUFJLE1BQU0sSUFBSSxRQUFRLEVBQUUsQ0FBQztJQUMzRCxDQUFDO0NBQ0YifQ==