@push.rocks/smartproxy/dist_ts/tls/alerts/tls-alert.js

A powerful proxy package with unified route-based configuration for high traffic management. Features include SSL/TLS support, flexible routing patterns, WebSocket handling, advanced security options, and automatic ACME certificate management.

import * as plugins from '../../plugins.js';
import { TlsAlertLevel, TlsAlertDescription, TlsVersion } from '../utils/tls-utils.js';
/**
 * TlsAlert class for creating and sending TLS alert messages
 */
export class TlsAlert {
    // Use enum values from TlsAlertLevel
    static { this.LEVEL_WARNING = TlsAlertLevel.WARNING; }
    static { this.LEVEL_FATAL = TlsAlertLevel.FATAL; }
    // Use enum values from TlsAlertDescription
    static { this.CLOSE_NOTIFY = TlsAlertDescription.CLOSE_NOTIFY; }
    static { this.UNEXPECTED_MESSAGE = TlsAlertDescription.UNEXPECTED_MESSAGE; }
    static { this.BAD_RECORD_MAC = TlsAlertDescription.BAD_RECORD_MAC; }
    static { this.DECRYPTION_FAILED = TlsAlertDescription.DECRYPTION_FAILED; }
    static { this.RECORD_OVERFLOW = TlsAlertDescription.RECORD_OVERFLOW; }
    static { this.DECOMPRESSION_FAILURE = TlsAlertDescription.DECOMPRESSION_FAILURE; }
    static { this.HANDSHAKE_FAILURE = TlsAlertDescription.HANDSHAKE_FAILURE; }
    static { this.NO_CERTIFICATE = TlsAlertDescription.NO_CERTIFICATE; }
    static { this.BAD_CERTIFICATE = TlsAlertDescription.BAD_CERTIFICATE; }
    static { this.UNSUPPORTED_CERTIFICATE = TlsAlertDescription.UNSUPPORTED_CERTIFICATE; }
    static { this.CERTIFICATE_REVOKED = TlsAlertDescription.CERTIFICATE_REVOKED; }
    static { this.CERTIFICATE_EXPIRED = TlsAlertDescription.CERTIFICATE_EXPIRED; }
    static { this.CERTIFICATE_UNKNOWN = TlsAlertDescription.CERTIFICATE_UNKNOWN; }
    static { this.ILLEGAL_PARAMETER = TlsAlertDescription.ILLEGAL_PARAMETER; }
    static { this.UNKNOWN_CA = TlsAlertDescription.UNKNOWN_CA; }
    static { this.ACCESS_DENIED = TlsAlertDescription.ACCESS_DENIED; }
    static { this.DECODE_ERROR = TlsAlertDescription.DECODE_ERROR; }
    static { this.DECRYPT_ERROR = TlsAlertDescription.DECRYPT_ERROR; }
    static { this.EXPORT_RESTRICTION = TlsAlertDescription.EXPORT_RESTRICTION; }
    static { this.PROTOCOL_VERSION = TlsAlertDescription.PROTOCOL_VERSION; }
    static { this.INSUFFICIENT_SECURITY = TlsAlertDescription.INSUFFICIENT_SECURITY; }
    static { this.INTERNAL_ERROR = TlsAlertDescription.INTERNAL_ERROR; }
    static { this.INAPPROPRIATE_FALLBACK = TlsAlertDescription.INAPPROPRIATE_FALLBACK; }
    static { this.USER_CANCELED = TlsAlertDescription.USER_CANCELED; }
    static { this.NO_RENEGOTIATION = TlsAlertDescription.NO_RENEGOTIATION; }
    static { this.MISSING_EXTENSION = TlsAlertDescription.MISSING_EXTENSION; }
    static { this.UNSUPPORTED_EXTENSION = TlsAlertDescription.UNSUPPORTED_EXTENSION; }
    static { this.CERTIFICATE_REQUIRED = TlsAlertDescription.CERTIFICATE_REQUIRED; }
    static { this.UNRECOGNIZED_NAME = TlsAlertDescription.UNRECOGNIZED_NAME; }
    static { this.BAD_CERTIFICATE_STATUS_RESPONSE = TlsAlertDescription.BAD_CERTIFICATE_STATUS_RESPONSE; }
    static { this.BAD_CERTIFICATE_HASH_VALUE = TlsAlertDescription.BAD_CERTIFICATE_HASH_VALUE; }
    static { this.UNKNOWN_PSK_IDENTITY = TlsAlertDescription.UNKNOWN_PSK_IDENTITY; }
    static { this.CERTIFICATE_REQUIRED_1_3 = TlsAlertDescription.CERTIFICATE_REQUIRED_1_3; }
    static { this.NO_APPLICATION_PROTOCOL = TlsAlertDescription.NO_APPLICATION_PROTOCOL; }
    /**
     * Create a TLS alert buffer with the specified level and description code
     *
     * @param level Alert level (warning or fatal)
     * @param description Alert description code
     * @param tlsVersion TLS version bytes (default is TLS 1.2: 0x0303)
     * @returns Buffer containing the TLS alert message
     */
    static create(level, description, tlsVersion = [TlsVersion.TLS1_2[0], TlsVersion.TLS1_2[1]]) {
        return Buffer.from([
            0x15, // Alert record type
            tlsVersion[0],
            tlsVersion[1], // TLS version (default to TLS 1.2: 0x0303)
            0x00,
            0x02, // Length
            level, // Alert level
            description, // Alert description
        ]);
    }
    /**
     * Create a warning-level TLS alert
     *
     * @param description Alert description code
     * @returns Buffer containing the warning-level TLS alert message
     */
    static createWarning(description) {
        return this.create(this.LEVEL_WARNING, description);
    }
    /**
     * Create a fatal-level TLS alert
     *
     * @param description Alert description code
     * @returns Buffer containing the fatal-level TLS alert message
     */
    static createFatal(description) {
        return this.create(this.LEVEL_FATAL, description);
    }
    /**
     * Send a TLS alert to a socket and optionally close the connection
     *
     * @param socket The socket to send the alert to
     * @param level Alert level (warning or fatal)
     * @param description Alert description code
     * @param closeAfterSend Whether to close the connection after sending the alert
     * @param closeDelay Milliseconds to wait before closing the connection (default: 200ms)
     * @returns Promise that resolves when the alert has been sent
     */
    static async send(socket, level, description, closeAfterSend = false, closeDelay = 200) {
        const alert = this.create(level, description);
        return new Promise((resolve, reject) => {
            try {
                // Ensure the alert is written as a single packet
                socket.cork();
                const writeSuccessful = socket.write(alert, (err) => {
                    if (err) {
                        reject(err);
                        return;
                    }
                    if (closeAfterSend) {
                        setTimeout(() => {
                            socket.end();
                            resolve();
                        }, closeDelay);
                    }
                    else {
                        resolve();
                    }
                });
                socket.uncork();
                // If write wasn't successful immediately, wait for drain
                if (!writeSuccessful && !closeAfterSend) {
                    socket.once('drain', () => {
                        resolve();
                    });
                }
            }
            catch (err) {
                reject(err);
            }
        });
    }
    /**
     * Pre-defined TLS alert messages
     */
    static { this.alerts = {
        // Warning level alerts
        closeNotify: TlsAlert.createWarning(TlsAlert.CLOSE_NOTIFY),
        unsupportedExtension: TlsAlert.createWarning(TlsAlert.UNSUPPORTED_EXTENSION),
        certificateRequired: TlsAlert.createWarning(TlsAlert.CERTIFICATE_REQUIRED),
        unrecognizedName: TlsAlert.createWarning(TlsAlert.UNRECOGNIZED_NAME),
        noRenegotiation: TlsAlert.createWarning(TlsAlert.NO_RENEGOTIATION),
        userCanceled: TlsAlert.createWarning(TlsAlert.USER_CANCELED),
        // Warning level alerts for session resumption
        certificateExpiredWarning: TlsAlert.createWarning(TlsAlert.CERTIFICATE_EXPIRED),
        handshakeFailureWarning: TlsAlert.createWarning(TlsAlert.HANDSHAKE_FAILURE),
        insufficientSecurityWarning: TlsAlert.createWarning(TlsAlert.INSUFFICIENT_SECURITY),
        // Fatal level alerts
        unexpectedMessage: TlsAlert.createFatal(TlsAlert.UNEXPECTED_MESSAGE),
        badRecordMac: TlsAlert.createFatal(TlsAlert.BAD_RECORD_MAC),
        recordOverflow: TlsAlert.createFatal(TlsAlert.RECORD_OVERFLOW),
        handshakeFailure: TlsAlert.createFatal(TlsAlert.HANDSHAKE_FAILURE),
        badCertificate: TlsAlert.createFatal(TlsAlert.BAD_CERTIFICATE),
        certificateExpired: TlsAlert.createFatal(TlsAlert.CERTIFICATE_EXPIRED),
        certificateUnknown: TlsAlert.createFatal(TlsAlert.CERTIFICATE_UNKNOWN),
        illegalParameter: TlsAlert.createFatal(TlsAlert.ILLEGAL_PARAMETER),
        unknownCA: TlsAlert.createFatal(TlsAlert.UNKNOWN_CA),
        accessDenied: TlsAlert.createFatal(TlsAlert.ACCESS_DENIED),
        decodeError: TlsAlert.createFatal(TlsAlert.DECODE_ERROR),
        decryptError: TlsAlert.createFatal(TlsAlert.DECRYPT_ERROR),
        protocolVersion: TlsAlert.createFatal(TlsAlert.PROTOCOL_VERSION),
        insufficientSecurity: TlsAlert.createFatal(TlsAlert.INSUFFICIENT_SECURITY),
        internalError: TlsAlert.createFatal(TlsAlert.INTERNAL_ERROR),
        unrecognizedNameFatal: TlsAlert.createFatal(TlsAlert.UNRECOGNIZED_NAME),
    }; }
    /**
     * Utility method to send a warning-level unrecognized_name alert
     * Specifically designed for SNI issues to encourage the client to retry with SNI
     *
     * @param socket The socket to send the alert to
     * @returns Promise that resolves when the alert has been sent
     */
    static async sendSniRequired(socket) {
        return this.send(socket, this.LEVEL_WARNING, this.UNRECOGNIZED_NAME);
    }
    /**
     * Utility method to send a close_notify alert and close the connection
     *
     * @param socket The socket to send the alert to
     * @param closeDelay Milliseconds to wait before closing the connection (default: 200ms)
     * @returns Promise that resolves when the alert has been sent and the connection closed
     */
    static async sendCloseNotify(socket, closeDelay = 200) {
        return this.send(socket, this.LEVEL_WARNING, this.CLOSE_NOTIFY, true, closeDelay);
    }
    /**
     * Utility method to send a certificate_expired alert to force new TLS session
     *
     * @param socket The socket to send the alert to
     * @param fatal Whether to send as a fatal alert (default: false)
     * @param closeAfterSend Whether to close the connection after sending the alert (default: true)
     * @param closeDelay Milliseconds to wait before closing the connection (default: 200ms)
     * @returns Promise that resolves when the alert has been sent
     */
    static async sendCertificateExpired(socket, fatal = false, closeAfterSend = true, closeDelay = 200) {
        const level = fatal ? this.LEVEL_FATAL : this.LEVEL_WARNING;
        return this.send(socket, level, this.CERTIFICATE_EXPIRED, closeAfterSend, closeDelay);
    }
    /**
     * Send a sequence of alerts to force SNI from clients
     * This combines multiple alerts to ensure maximum browser compatibility
     *
     * @param socket The socket to send the alerts to
     * @returns Promise that resolves when all alerts have been sent
     */
    static async sendForceSniSequence(socket) {
        try {
            // Send unrecognized_name (warning)
            socket.cork();
            socket.write(this.alerts.unrecognizedName);
            socket.uncork();
            // Give the socket time to send the alert
            return new Promise((resolve) => {
                setTimeout(resolve, 50);
            });
        }
        catch (err) {
            return Promise.reject(err);
        }
    }
    /**
     * Send a fatal level alert that immediately terminates the connection
     *
     * @param socket The socket to send the alert to
     * @param description Alert description code
     * @param closeDelay Milliseconds to wait before closing the connection (default: 100ms)
     * @returns Promise that resolves when the alert has been sent and the connection closed
     */
    static async sendFatalAndClose(socket, description, closeDelay = 100) {
        return this.send(socket, this.LEVEL_FATAL, description, true, closeDelay);
    }
}
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidGxzLWFsZXJ0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vdHMvdGxzL2FsZXJ0cy90bHMtYWxlcnQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLE9BQU8sTUFBTSxrQkFBa0IsQ0FBQztBQUM1QyxPQUFPLEVBQUUsYUFBYSxFQUFFLG1CQUFtQixFQUFFLFVBQVUsRUFBRSxNQUFNLHVCQUF1QixDQUFDO0FBRXZGOztHQUVHO0FBQ0gsTUFBTSxPQUFPLFFBQVE7SUFDbkIscUNBQXFDO2FBQ3JCLGtCQUFhLEdBQUcsYUFBYSxDQUFDLE9BQU8sQ0FBQzthQUN0QyxnQkFBVyxHQUFHLGFBQWEsQ0FBQyxLQUFLLENBQUM7SUFFbEQsMkNBQTJDO2FBQzNCLGlCQUFZLEdBQUcsbUJBQW1CLENBQUMsWUFBWSxDQUFDO2FBQ2hELHVCQUFrQixHQUFHLG1CQUFtQixDQUFDLGtCQUFrQixDQUFDO2FBQzVELG1CQUFjLEdBQUcsbUJBQW1CLENBQUMsY0FBYyxDQUFDO2FBQ3BELHNCQUFpQixHQUFHLG1CQUFtQixDQUFDLGlCQUFpQixDQUFDO2FBQzFELG9CQUFlLEdBQUcsbUJBQW1CLENBQUMsZUFBZSxDQUFDO2FBQ3RELDBCQUFxQixHQUFHLG1CQUFtQixDQUFDLHFCQUFxQixDQUFDO2FBQ2xFLHNCQUFpQixHQUFHLG1CQUFtQixDQUFDLGlCQUFpQixDQUFDO2FBQzFELG1CQUFjLEdBQUcsbUJBQW1CLENBQUMsY0FBYyxDQUFDO2FBQ3BELG9CQUFlLEdBQUcsbUJBQW1CLENBQUMsZUFBZSxDQUFDO2FBQ3RELDRCQUF1QixHQUFHLG1CQUFtQixDQUFDLHVCQUF1QixDQUFDO2FBQ3RFLHdCQUFtQixHQUFHLG1CQUFtQixDQUFDLG1CQUFtQixDQUFDO2FBQzlELHdCQUFtQixHQUFHLG1CQUFtQixDQUFDLG1CQUFtQixDQUFDO2FBQzlELHdCQUFtQixHQUFHLG1CQUFtQixDQUFDLG1CQUFtQixDQUFDO2FBQzlELHNCQUFpQixHQUFHLG1CQUFtQixDQUFDLGlCQUFpQixDQUFDO2FBQzFELGVBQVUsR0FBRyxtQkFBbUIsQ0FBQyxVQUFVLENBQUM7YUFDNUMsa0JBQWEsR0FBRyxtQkFBbUIsQ0FBQyxhQUFhLENBQUM7YUFDbEQsaUJBQVksR0FBRyxtQkFBbUIsQ0FBQyxZQUFZLENBQUM7YUFDaEQsa0JBQWEsR0FBRyxtQkFBbUIsQ0FBQyxhQUFhLENBQUM7YUFDbEQsdUJBQWtCLEdBQUcsbUJBQW1CLENBQUMsa0JBQWtCLENBQUM7YUFDNUQscUJBQWdCLEdBQUcsbUJBQW1CLENBQUMsZ0JBQWdCLENBQUM7YUFDeEQsMEJBQXFCLEdBQUcsbUJBQW1CLENBQUMscUJBQXFCLENBQUM7YUFDbEUsbUJBQWMsR0FBRyxtQkFBbUIsQ0FBQyxjQUFjLENBQUM7YUFDcEQsMkJBQXNCLEdBQUcsbUJBQW1CLENBQUMsc0JBQXNCLENBQUM7YUFDcEUsa0JBQWEsR0FBRyxtQkFBbUIsQ0FBQyxhQUFhLENBQUM7YUFDbEQscUJBQWdCLEdBQUcsbUJBQW1CLENBQUMsZ0JBQWdCLENBQUM7YUFDeEQsc0JBQWlCLEdBQUcsbUJBQW1CLENBQUMsaUJBQWlCLENBQUM7YUFDMUQsMEJBQXFCLEdBQUcsbUJBQW1CLENBQUMscUJBQXFCLENBQUM7YUFDbEUseUJBQW9CLEdBQUcsbUJBQW1CLENBQUMsb0JBQW9CLENBQUM7YUFDaEUsc0JBQWlCLEdBQUcsbUJBQW1CLENBQUMsaUJBQWlCLENBQUM7YUFDMUQsb0NBQStCLEdBQUcsbUJBQW1CLENBQUMsK0JBQStCLENBQUM7YUFDdEYsK0JBQTBCLEdBQUcsbUJBQW1CLENBQUMsMEJBQTBCLENBQUM7YUFDNUUseUJBQW9CLEdBQUcsbUJBQW1CLENBQUMsb0JBQW9CLENBQUM7YUFDaEUsNkJBQXdCLEdBQUcsbUJBQW1CLENBQUMsd0JBQXdCLENBQUM7YUFDeEUsNEJBQXVCLEdBQUcsbUJBQW1CLENBQUMsdUJBQXVCLENBQUM7SUFFdEY7Ozs7Ozs7T0FPRztJQUNILE1BQU0sQ0FBQyxNQUFNLENBQ1gsS0FBYSxFQUNiLFdBQW1CLEVBQ25CLGFBQStCLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBRTNFLE9BQU8sTUFBTSxDQUFDLElBQUksQ0FBQztZQUNqQixJQUFJLEVBQUUsb0JBQW9CO1lBQzFCLFVBQVUsQ0FBQyxDQUFDLENBQUM7WUFDYixVQUFVLENBQUMsQ0FBQyxDQUFDLEVBQUUsMkNBQTJDO1lBQzFELElBQUk7WUFDSixJQUFJLEVBQUUsU0FBUztZQUNmLEtBQUssRUFBRSxjQUFjO1lBQ3JCLFdBQVcsRUFBRSxvQkFBb0I7U0FDbEMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0gsTUFBTSxDQUFDLGFBQWEsQ0FBQyxXQUFtQjtRQUN0QyxPQUFPLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGFBQWEsRUFBRSxXQUFXLENBQUMsQ0FBQztJQUN0RCxDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSCxNQUFNLENBQUMsV0FBVyxDQUFDLFdBQW1CO1FBQ3BDLE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLFdBQVcsQ0FBQyxDQUFDO0lBQ3BELENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSCxNQUFNLENBQUMsS0FBSyxDQUFDLElBQUksQ0FDZixNQUEwQixFQUMxQixLQUFhLEVBQ2IsV0FBbUIsRUFDbkIsaUJBQTBCLEtBQUssRUFDL0IsYUFBcUIsR0FBRztRQUV4QixNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssRUFBRSxXQUFXLENBQUMsQ0FBQztRQUU5QyxPQUFPLElBQUksT0FBTyxDQUFPLENBQUMsT0FBTyxFQUFFLE1BQU0sRUFBRSxFQUFFO1lBQzNDLElBQUksQ0FBQztnQkFDSCxpREFBaUQ7Z0JBQ2pELE1BQU0sQ0FBQyxJQUFJLEVBQUUsQ0FBQztnQkFDZCxNQUFNLGVBQWUsR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLEtBQUssRUFBRSxDQUFDLEdBQUcsRUFBRSxFQUFFO29CQUNsRCxJQUFJLEdBQUcsRUFBRSxDQUFDO3dCQUNSLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQzt3QkFDWixPQUFPO29CQUNULENBQUM7b0JBRUQsSUFBSSxjQUFjLEVBQUUsQ0FBQzt3QkFDbkIsVUFBVSxDQUFDLEdBQUcsRUFBRTs0QkFDZCxNQUFNLENBQUMsR0FBRyxFQUFFLENBQUM7NEJBQ2IsT0FBTyxFQUFFLENBQUM7d0JBQ1osQ0FBQyxFQUFFLFVBQVUsQ0FBQyxDQUFDO29CQUNqQixDQUFDO3lCQUFNLENBQUM7d0JBQ04sT0FBTyxFQUFFLENBQUM7b0JBQ1osQ0FBQztnQkFDSCxDQUFDLENBQUMsQ0FBQztnQkFDSCxNQUFNLENBQUMsTUFBTSxFQUFFLENBQUM7Z0JBRWhCLHlEQUF5RDtnQkFDekQsSUFBSSxDQUFDLGVBQWUsSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDO29CQUN4QyxNQUFNLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxHQUFHLEVBQUU7d0JBQ3hCLE9BQU8sRUFBRSxDQUFDO29CQUNaLENBQUMsQ0FBQyxDQUFDO2dCQUNMLENBQUM7WUFDSCxDQUFDO1lBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztnQkFDYixNQUFNLENBQUMsR0FBRyxDQUFDLENBQUM7WUFDZCxDQUFDO1FBQ0gsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQ7O09BRUc7YUFDYSxXQUFNLEdBQUc7UUFDdkIsdUJBQXVCO1FBQ3ZCLFdBQVcsRUFBRSxRQUFRLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxZQUFZLENBQUM7UUFDMUQsb0JBQW9CLEVBQUUsUUFBUSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMscUJBQXFCLENBQUM7UUFDNUUsbUJBQW1CLEVBQUUsUUFBUSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsb0JBQW9CLENBQUM7UUFDMUUsZ0JBQWdCLEVBQUUsUUFBUSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsaUJBQWlCLENBQUM7UUFDcEUsZUFBZSxFQUFFLFFBQVEsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLGdCQUFnQixDQUFDO1FBQ2xFLFlBQVksRUFBRSxRQUFRLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUM7UUFFNUQsOENBQThDO1FBQzlDLHlCQUF5QixFQUFFLFFBQVEsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLG1CQUFtQixDQUFDO1FBQy9FLHVCQUF1QixFQUFFLFFBQVEsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDO1FBQzNFLDJCQUEyQixFQUFFLFFBQVEsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLHFCQUFxQixDQUFDO1FBRW5GLHFCQUFxQjtRQUNyQixpQkFBaUIsRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxrQkFBa0IsQ0FBQztRQUNwRSxZQUFZLEVBQUUsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsY0FBYyxDQUFDO1FBQzNELGNBQWMsRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxlQUFlLENBQUM7UUFDOUQsZ0JBQWdCLEVBQUUsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsaUJBQWlCLENBQUM7UUFDbEUsY0FBYyxFQUFFLFFBQVEsQ0FBQyxXQUFXLENBQUMsUUFBUSxDQUFDLGVBQWUsQ0FBQztRQUM5RCxrQkFBa0IsRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxtQkFBbUIsQ0FBQztRQUN0RSxrQkFBa0IsRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxtQkFBbUIsQ0FBQztRQUN0RSxnQkFBZ0IsRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQztRQUNsRSxTQUFTLEVBQUUsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDO1FBQ3BELFlBQVksRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUM7UUFDMUQsV0FBVyxFQUFFLFFBQVEsQ0FBQyxXQUFXLENBQUMsUUFBUSxDQUFDLFlBQVksQ0FBQztRQUN4RCxZQUFZLEVBQUUsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDO1FBQzFELGVBQWUsRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxnQkFBZ0IsQ0FBQztRQUNoRSxvQkFBb0IsRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsQ0FBQztRQUMxRSxhQUFhLEVBQUUsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsY0FBYyxDQUFDO1FBQzVELHFCQUFxQixFQUFFLFFBQVEsQ0FBQyxXQUFXLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDO0tBQ3hFLENBQUM7SUFFRjs7Ozs7O09BTUc7SUFDSCxNQUFNLENBQUMsS0FBSyxDQUFDLGVBQWUsQ0FBQyxNQUEwQjtRQUNyRCxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLElBQUksQ0FBQyxhQUFhLEVBQUUsSUFBSSxDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDdkUsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNILE1BQU0sQ0FBQyxLQUFLLENBQUMsZUFBZSxDQUFDLE1BQTBCLEVBQUUsYUFBcUIsR0FBRztRQUMvRSxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLElBQUksQ0FBQyxhQUFhLEVBQUUsSUFBSSxDQUFDLFlBQVksRUFBRSxJQUFJLEVBQUUsVUFBVSxDQUFDLENBQUM7SUFDcEYsQ0FBQztJQUVEOzs7Ozs7OztPQVFHO0lBQ0gsTUFBTSxDQUFDLEtBQUssQ0FBQyxzQkFBc0IsQ0FDakMsTUFBMEIsRUFDMUIsUUFBaUIsS0FBSyxFQUN0QixpQkFBMEIsSUFBSSxFQUM5QixhQUFxQixHQUFHO1FBRXhCLE1BQU0sS0FBSyxHQUFHLEtBQUssQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQztRQUM1RCxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLEtBQUssRUFBRSxJQUFJLENBQUMsbUJBQW1CLEVBQUUsY0FBYyxFQUFFLFVBQVUsQ0FBQyxDQUFDO0lBQ3hGLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSCxNQUFNLENBQUMsS0FBSyxDQUFDLG9CQUFvQixDQUFDLE1BQTBCO1FBQzFELElBQUksQ0FBQztZQUNILG1DQUFtQztZQUNuQyxNQUFNLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDZCxNQUFNLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztZQUMzQyxNQUFNLENBQUMsTUFBTSxFQUFFLENBQUM7WUFFaEIseUNBQXlDO1lBQ3pDLE9BQU8sSUFBSSxPQUFPLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRTtnQkFDN0IsVUFBVSxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsQ0FBQztZQUMxQixDQUFDLENBQUMsQ0FBQztRQUNMLENBQUM7UUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO1lBQ2IsT0FBTyxPQUFPLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQzdCLENBQUM7SUFDSCxDQUFDO0lBRUQ7Ozs7Ozs7T0FPRztJQUNILE1BQU0sQ0FBQyxLQUFLLENBQUMsaUJBQWlCLENBQzVCLE1BQTBCLEVBQzFCLFdBQW1CLEVBQ25CLGFBQXFCLEdBQUc7UUFFeEIsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxJQUFJLENBQUMsV0FBVyxFQUFFLFdBQVcsRUFBRSxJQUFJLEVBQUUsVUFBVSxDQUFDLENBQUM7SUFDNUUsQ0FBQyJ9