133161 2014-05-21 16:39:38 -0700 Expose time-based HSTS clearing 2014-06-22 23:25:39 -0700 1 1 1 Unclassified WebKit WebKit API 528+ (Nightly build) Unspecified Unspecified ASSIGNED P2 Normal --- 1 dev+webkit dev+webkit andersca ap beidson mhock mitz sam thorton oldest_to_newest 1010850 0 dev+webkit 2014-05-21 16:39:38 -0700 Right now you can only clear all HSTS hosts on a WKContextRef. We should: - Expose the ability to clear all HSTS hosts on WKProcessPool. - Expose a time-based version of this on both WKContextRef and WKProcessPool. 1011175 1 231945 dev+webkit 2014-05-22 23:09:18 -0700 Created attachment 231945 patch 1011392 2 231945 ap 2014-05-23 15:51:19 -0700 Comment on attachment 231945 patch View in context: https://bugs.webkit.org/attachment.cgi?id=231945&action=review > Source/WebKit2/UIProcess/mac/WebContextMac.mm:554 > +#if PLATFORM(IOS) || __MAC_OS_X_VERSION_MIN_REQUIRED >= 1090 I don't think that this is the right check (will follow up in person). > Source/WebKit2/UIProcess/mac/WebContextMac.mm:557 > + _CFNetworkResetHSTSHostsSinceDate(privateBrowsingSession(), (CFDateRef)date); This is very confusing. If we are about to automagically handle sessions here, why just one? I understand that there is a precedent just above, but that seems bad too. A better API would be to pass a session from the client explicitly. 1011394 3 231945 ap 2014-05-23 15:53:58 -0700 Comment on attachment 231945 patch View in context: https://bugs.webkit.org/attachment.cgi?id=231945&action=review > Source/WebKit2/UIProcess/mac/WebContextMac.mm:64 > +extern "C" void _CFNetworkResetHSTSHostsSinceDate(CFURLStorageSessionRef session, CFDateRef date); This is a pre-existing issue, but the correct idiom is to declare functions unconditionally, even when a private header exists. This way, we'll get a build failure right away when an SPI changes, and won't have to chase subtle differences between internal and open source builds later. 1011451 4 dev+webkit 2014-05-23 18:55:06 -0700 (In reply to comment #2) > (From update of attachment 231945 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=231945&action=review > > Source/WebKit2/UIProcess/mac/WebContextMac.mm:557 > > + _CFNetworkResetHSTSHostsSinceDate(privateBrowsingSession(), (CFDateRef)date); > > This is very confusing. If we are about to automagically handle sessions here, why just one? I understand that there is a precedent just above, but that seems bad too. > > A better API would be to pass a session from the client explicitly. Fair warning, this is from a cursory reading of the relevant code, so I could be completely wrong. It looks like we only ever use two CFURLStorageSessions. The one created implicitly by CFNetwork by default or when passed a null identifier. For the private browsing session, everywhere I've found, we create the same session of <bundle identifier>.PrivateBrowsing. We don't seem to expose the CFURLStorageSessionRefs in any API and given that we only seem to create two of these sessions, it doesn't look like they really map to anything else that could be passed into an API. I'll gladly change this if I'm wrong. 1011452 5 dev+webkit 2014-05-23 18:56:17 -0700 (In reply to comment #3) > (From update of attachment 231945 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=231945&action=review > > > Source/WebKit2/UIProcess/mac/WebContextMac.mm:64 > > +extern "C" void _CFNetworkResetHSTSHostsSinceDate(CFURLStorageSessionRef session, CFDateRef date); > > This is a pre-existing issue, but the correct idiom is to declare functions unconditionally, even when a private header exists. This way, we'll get a build failure right away when an SPI changes, and won't have to chase subtle differences between internal and open source builds later. I feel like there'll be a v2 of this patch so I'll just remove the private #includes and declare these unconditionally for the next version. 1011467 6 thorton 2014-05-23 20:02:30 -0700 (In reply to comment #5) > (In reply to comment #3) > > (From update of attachment 231945 [details] [details]) > > View in context: https://bugs.webkit.org/attachment.cgi?id=231945&action=review > > > > > Source/WebKit2/UIProcess/mac/WebContextMac.mm:64 > > > +extern "C" void _CFNetworkResetHSTSHostsSinceDate(CFURLStorageSessionRef session, CFDateRef date); > > > > This is a pre-existing issue, but the correct idiom is to declare functions unconditionally, even when a private header exists. This way, we'll get a build failure right away when an SPI changes, and won't have to chase subtle differences between internal and open source builds later. > > I feel like there'll be a v2 of this patch so I'll just remove the private #includes and declare these unconditionally for the next version. No, keep the private #includes *and* declare these unconditionally. 1011494 7 ap 2014-05-23 23:40:08 -0700 Looks like the privateBrowsingSession() function that is used in both the existing function and the newly added is obsolete and broken. We have switched to using multiple private browsing sessions via session API, and these sessions have different identifiers: SessionTracker::setSession(sessionID, NetworkStorageSession::createPrivateBrowsingSession(base + '.' + String::number(sessionID.sessionID()))); We now let the client create an arbitrary number of sessions with WKSessionCreate() API, and assign these to pages with WKPageSetSession(). Most WebKit2 C APIs like WKCookieManagerDeleteAllCookiesModifiedAfterDate() don't recognize this - I believe primarily because we couldn't think of any that cared about sessions other than the main one. But these HSTS functions are clearly ones we should have thought about! I'm not 100% up to date on how we expose sessions via WebKit2 Objective-C API. Martin and Anders should know a lot more. It is also possible that clearing HSTS data from private browsing session here is unnecessary, and we should only do that for default session. 1012704 8 231945 ap 2014-05-30 17:07:20 -0700 Comment on attachment 231945 patch r- based on the above discussion. 1017486 9 dev+webkit 2014-06-22 23:25:39 -0700 (In reply to comment #7) > It is also possible that clearing HSTS data from private browsing session here is unnecessary, and we should only do that for default session. We discussed this and decided this is the case. I'll post a new patch shortly that should address everything. 231945 2014-05-22 23:09:18 -0700 2014-05-30 17:07:20 -0700 patch 133161patch.diff text/plain 6086 dev+webkit ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQyL0No YW5nZUxvZwppbmRleCA0NjgyMzdjLi43MzcyZjlkIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0 Mi9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMjYg QEAKKzIwMTQtMDUtMjIgIE1hdHQgTGlsZWsgIDxtcmxAYXBwbGUuY29tPgorCisgICAgICAgIEV4 cG9zZSB0aW1lLWJhc2VkIEhTVFMgY2xlYXJpbmcKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtp dC5vcmcvc2hvd19idWcuY2dpP2lkPTEzMzE2MQorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9E WSAoT09QUyEpLgorCisgICAgICAgIFRoZSBtb2Rlcm4gV2ViS2l0IEFQSSBuZWVkcyBhIHdheSB0 byBjbGVhciBIU1RTIGhvc3RzLiBBZGRpdGlvbmFsbHksCisgICAgICAgIHdlIHNob3VsZCB0YWtl IGFkdmFudGFnZSBvZiBDRk5ldHdvcmsgc3VwcG9ydCBmb3Igb25seSBjbGVhcmluZworICAgICAg ICBjZXJ0YWluIEhTVFMgaG9zdHMgaW4gYm90aCB0aGUgbGVnYWN5IGFuZCBtb2Rlcm4gQVBJcy4K KworICAgICAgICAqIFVJUHJvY2Vzcy9BUEkvQy9tYWMvV0tDb250ZXh0UHJpdmF0ZU1hYy5oOgor ICAgICAgICAqIFVJUHJvY2Vzcy9BUEkvQy9tYWMvV0tDb250ZXh0UHJpdmF0ZU1hYy5tbToKKyAg ICAgICAgKFdLQ29udGV4dFJlc2V0SFNUU0hvc3RzKTogUmVtb3ZlIHVubmVjZXNzYXJ5IHJldHVy bi4KKyAgICAgICAgKFdLQ29udGV4dFJlc2V0SFNUU0hvc3RzQWRkZWRBZnRlckRhdGUpOgorICAg ICAgICAqIFVJUHJvY2Vzcy9BUEkvQ29jb2EvV0tQcm9jZXNzUG9vbC5tbToKKyAgICAgICAgKC1b V0tQcm9jZXNzUG9vbCBfcmVzZXRIU1RTSG9zdHNdKToKKyAgICAgICAgKC1bV0tQcm9jZXNzUG9v bCBfcmVzZXRIU1RTSG9zdHNBZGRlZEFmdGVyRGF0ZTpdKToKKyAgICAgICAgKiBVSVByb2Nlc3Mv QVBJL0NvY29hL1dLUHJvY2Vzc1Bvb2xQcml2YXRlLmg6CisgICAgICAgICogVUlQcm9jZXNzL1dl YkNvbnRleHQuaDoKKyAgICAgICAgKiBVSVByb2Nlc3MvbWFjL1dlYkNvbnRleHRNYWMubW06Cisg ICAgICAgIChXZWJLaXQ6OldlYkNvbnRleHQ6OnJlc2V0SFNUU0hvc3RzQWRkZWRBZnRlckRhdGUp OgorCiAyMDE0LTA1LTIyICBCZW5qYW1pbiBQb3VsYWluICA8YnBvdWxhaW5AYXBwbGUuY29tPgog CiAgICAgICAgIFtpT1NdW1dLMl0gQWRkIHN1cHBvcnQgZm9yIG1pbmltYWwtdWkgdmlld3BvcnRz CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9VSVByb2Nlc3MvQVBJL0MvbWFjL1dLQ29udGV4 dFByaXZhdGVNYWMuaCBiL1NvdXJjZS9XZWJLaXQyL1VJUHJvY2Vzcy9BUEkvQy9tYWMvV0tDb250 ZXh0UHJpdmF0ZU1hYy5oCmluZGV4IDRjNmRiNGMuLjgxMjU4NDIgMTAwNjQ0Ci0tLSBhL1NvdXJj ZS9XZWJLaXQyL1VJUHJvY2Vzcy9BUEkvQy9tYWMvV0tDb250ZXh0UHJpdmF0ZU1hYy5oCisrKyBi L1NvdXJjZS9XZWJLaXQyL1VJUHJvY2Vzcy9BUEkvQy9tYWMvV0tDb250ZXh0UHJpdmF0ZU1hYy5o CkBAIC00Myw2ICs0Myw3IEBAIHR5cGVkZWYgdm9pZCAoXldLQ29udGV4dEdldEluZm9Gb3JJbnN0 YWxsZWRQbHVnSW5zQmxvY2spKFdLQXJyYXlSZWYsIFdLRXJyb3JSZWYpCiBXS19FWFBPUlQgdm9p ZCBXS0NvbnRleHRHZXRJbmZvRm9ySW5zdGFsbGVkUGx1Z0lucyhXS0NvbnRleHRSZWYgY29udGV4 dCwgV0tDb250ZXh0R2V0SW5mb0Zvckluc3RhbGxlZFBsdWdJbnNCbG9jayBibG9jayk7CiAKIFdL X0VYUE9SVCB2b2lkIFdLQ29udGV4dFJlc2V0SFNUU0hvc3RzKFdLQ29udGV4dFJlZiBjb250ZXh0 KTsKK1dLX0VYUE9SVCB2b2lkIFdLQ29udGV4dFJlc2V0SFNUU0hvc3RzQWRkZWRBZnRlckRhdGUo V0tDb250ZXh0UmVmIGNvbnRleHQsIGRvdWJsZSBkYXRlKTsKIAogV0tfRVhQT1JUIHZvaWQgV0tD b250ZXh0UmVnaXN0ZXJTY2hlbWVGb3JDdXN0b21Qcm90b2NvbChXS0NvbnRleHRSZWYgY29udGV4 dCwgV0tTdHJpbmdSZWYgc2NoZW1lKTsKIFdLX0VYUE9SVCB2b2lkIFdLQ29udGV4dFVucmVnaXN0 ZXJTY2hlbWVGb3JDdXN0b21Qcm90b2NvbChXS0NvbnRleHRSZWYgY29udGV4dCwgV0tTdHJpbmdS ZWYgc2NoZW1lKTsKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL1VJUHJvY2Vzcy9BUEkvQy9t YWMvV0tDb250ZXh0UHJpdmF0ZU1hYy5tbSBiL1NvdXJjZS9XZWJLaXQyL1VJUHJvY2Vzcy9BUEkv Qy9tYWMvV0tDb250ZXh0UHJpdmF0ZU1hYy5tbQppbmRleCA5MTQ1NTU2Li44YjE5ZjJlIDEwMDY0 NAotLS0gYS9Tb3VyY2UvV2ViS2l0Mi9VSVByb2Nlc3MvQVBJL0MvbWFjL1dLQ29udGV4dFByaXZh dGVNYWMubW0KKysrIGIvU291cmNlL1dlYktpdDIvVUlQcm9jZXNzL0FQSS9DL21hYy9XS0NvbnRl eHRQcml2YXRlTWFjLm1tCkBAIC05MSwxMCArOTEsMTMgQEAgdm9pZCBXS0NvbnRleHRHZXRJbmZv Rm9ySW5zdGFsbGVkUGx1Z0lucyhXS0NvbnRleHRSZWYgY29udGV4dFJlZiwgV0tDb250ZXh0R2V0 SW4KIAogdm9pZCBXS0NvbnRleHRSZXNldEhTVFNIb3N0cyhXS0NvbnRleHRSZWYgY29udGV4dCkK IHsKLSAgICByZXR1cm4gdG9JbXBsKGNvbnRleHQpLT5yZXNldEhTVFNIb3N0cygpOworICAgIHRv SW1wbChjb250ZXh0KS0+cmVzZXRIU1RTSG9zdHMoKTsKIH0KIAotCit2b2lkIFdLQ29udGV4dFJl c2V0SFNUU0hvc3RzQWRkZWRBZnRlckRhdGUoV0tDb250ZXh0UmVmIGNvbnRleHQsIGRvdWJsZSBk YXRlKQoreworICAgIHRvSW1wbChjb250ZXh0KS0+cmVzZXRIU1RTSG9zdHNBZGRlZEFmdGVyRGF0 ZShkYXRlKTsKK30KIAogdm9pZCBXS0NvbnRleHRSZWdpc3RlclNjaGVtZUZvckN1c3RvbVByb3Rv Y29sKFdLQ29udGV4dFJlZiBjb250ZXh0LCBXS1N0cmluZ1JlZiBzY2hlbWUpCiB7CmRpZmYgLS1n aXQgYS9Tb3VyY2UvV2ViS2l0Mi9VSVByb2Nlc3MvQVBJL0NvY29hL1dLUHJvY2Vzc1Bvb2wubW0g Yi9Tb3VyY2UvV2ViS2l0Mi9VSVByb2Nlc3MvQVBJL0NvY29hL1dLUHJvY2Vzc1Bvb2wubW0KaW5k ZXggOGYwMTdjZi4uNGFmZTA3MyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvVUlQcm9jZXNz L0FQSS9Db2NvYS9XS1Byb2Nlc3NQb29sLm1tCisrKyBiL1NvdXJjZS9XZWJLaXQyL1VJUHJvY2Vz cy9BUEkvQ29jb2EvV0tQcm9jZXNzUG9vbC5tbQpAQCAtMTY2LDYgKzE2NiwxNiBAQCBzdGF0aWMg V2ViS2l0OjpIVFRQQ29va2llQWNjZXB0UG9saWN5IHRvSFRUUENvb2tpZUFjY2VwdFBvbGljeShO U0hUVFBDb29raWVBY2NlcAogICAgIF9jb250ZXh0LT5zdXBwbGVtZW50PFdlYktpdDo6V2ViQ29v a2llTWFuYWdlclByb3h5PigpLT5zZXRIVFRQQ29va2llQWNjZXB0UG9saWN5KHRvSFRUUENvb2tp ZUFjY2VwdFBvbGljeShwb2xpY3kpKTsKIH0KIAorLSAodm9pZClfcmVzZXRIU1RTSG9zdHMKK3sK KyAgICBfY29udGV4dC0+cmVzZXRIU1RTSG9zdHMoKTsKK30KKworLSAodm9pZClfcmVzZXRIU1RT SG9zdHNBZGRlZEFmdGVyRGF0ZTooTlNEYXRlICopZGF0ZQoreworICAgIF9jb250ZXh0LT5yZXNl dEhTVFNIb3N0c0FkZGVkQWZ0ZXJEYXRlKGRhdGUudGltZUludGVydmFsU2luY2UxOTcwKTsKK30K KwogLSAoaWQpX29iamVjdEZvckJ1bmRsZVBhcmFtZXRlcjooTlNTdHJpbmcgKilwYXJhbWV0ZXIK IHsKICAgICByZXR1cm4gW19jb250ZXh0LT5idW5kbGVQYXJhbWV0ZXJzKCkgb2JqZWN0Rm9yS2V5 OnBhcmFtZXRlcl07CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9VSVByb2Nlc3MvQVBJL0Nv Y29hL1dLUHJvY2Vzc1Bvb2xQcml2YXRlLmggYi9Tb3VyY2UvV2ViS2l0Mi9VSVByb2Nlc3MvQVBJ L0NvY29hL1dLUHJvY2Vzc1Bvb2xQcml2YXRlLmgKaW5kZXggZGJlNTQyYS4uNjc0YzI5NCAxMDA2 NDQKLS0tIGEvU291cmNlL1dlYktpdDIvVUlQcm9jZXNzL0FQSS9Db2NvYS9XS1Byb2Nlc3NQb29s UHJpdmF0ZS5oCisrKyBiL1NvdXJjZS9XZWJLaXQyL1VJUHJvY2Vzcy9BUEkvQ29jb2EvV0tQcm9j ZXNzUG9vbFByaXZhdGUuaApAQCAtMzksNiArMzksOSBAQAogLSAodm9pZClfc2V0QWxsb3dzU3Bl Y2lmaWNIVFRQU0NlcnRpZmljYXRlOihOU0FycmF5ICopY2VydGlmaWNhdGVDaGFpbiBmb3JIb3N0 OihOU1N0cmluZyAqKWhvc3Q7CiAtICh2b2lkKV9zZXRDb29raWVBY2NlcHRQb2xpY3k6KE5TSFRU UENvb2tpZUFjY2VwdFBvbGljeSlwb2xpY3k7CiAKKy0gKHZvaWQpX3Jlc2V0SFNUU0hvc3RzOwor LSAodm9pZClfcmVzZXRIU1RTSG9zdHNBZGRlZEFmdGVyRGF0ZTooTlNEYXRlICopZGF0ZTsKKwog LSAoaWQpX29iamVjdEZvckJ1bmRsZVBhcmFtZXRlcjooTlNTdHJpbmcgKilwYXJhbWV0ZXI7CiAt ICh2b2lkKV9zZXRPYmplY3Q6KGlkIDxOU0NvcHlpbmcsIE5TU2VjdXJlQ29kaW5nPilvYmplY3Qg Zm9yQnVuZGxlUGFyYW1ldGVyOihOU1N0cmluZyAqKXBhcmFtZXRlcjsKIApkaWZmIC0tZ2l0IGEv U291cmNlL1dlYktpdDIvVUlQcm9jZXNzL1dlYkNvbnRleHQuaCBiL1NvdXJjZS9XZWJLaXQyL1VJ UHJvY2Vzcy9XZWJDb250ZXh0LmgKaW5kZXggN2RmMmI1ZS4uMzU2MzgxMiAxMDA2NDQKLS0tIGEv U291cmNlL1dlYktpdDIvVUlQcm9jZXNzL1dlYkNvbnRleHQuaAorKysgYi9Tb3VyY2UvV2ViS2l0 Mi9VSVByb2Nlc3MvV2ViQ29udGV4dC5oCkBAIC0zMjgsNiArMzI4LDcgQEAgcHVibGljOgogCiAg ICAgYm9vbCBpc1VSTEtub3duSFNUU0hvc3QoY29uc3QgU3RyaW5nJiB1cmxTdHJpbmcsIGJvb2wg cHJpdmF0ZUJyb3dzaW5nRW5hYmxlZCkgY29uc3Q7CiAgICAgdm9pZCByZXNldEhTVFNIb3N0cygp OworICAgIHZvaWQgcmVzZXRIU1RTSG9zdHNBZGRlZEFmdGVyRGF0ZShkb3VibGUpOwogCiAjaWYg RU5BQkxFKENVU1RPTV9QUk9UT0NPTFMpCiAgICAgdm9pZCByZWdpc3RlclNjaGVtZUZvckN1c3Rv bVByb3RvY29sKGNvbnN0IFN0cmluZyYpOwpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYktpdDIvVUlQ cm9jZXNzL21hYy9XZWJDb250ZXh0TWFjLm1tIGIvU291cmNlL1dlYktpdDIvVUlQcm9jZXNzL21h Yy9XZWJDb250ZXh0TWFjLm1tCmluZGV4IGE5ZWYxMmIuLjAwZWQ1ZGYgMTAwNjQ0Ci0tLSBhL1Nv dXJjZS9XZWJLaXQyL1VJUHJvY2Vzcy9tYWMvV2ViQ29udGV4dE1hYy5tbQorKysgYi9Tb3VyY2Uv V2ViS2l0Mi9VSVByb2Nlc3MvbWFjL1dlYkNvbnRleHRNYWMubW0KQEAgLTYxLDYgKzYxLDcgQEAK ICNlbHNlCiBleHRlcm4gIkMiIEJvb2xlYW4gX0NGTmV0d29ya0lzS25vd25IU1RTSG9zdFdpdGhT ZXNzaW9uKENGVVJMUmVmIHVybCwgQ0ZVUkxTdG9yYWdlU2Vzc2lvblJlZiBzZXNzaW9uKTsKIGV4 dGVybiAiQyIgdm9pZCBfQ0ZOZXR3b3JrUmVzZXRIU1RTSG9zdHNXaXRoU2Vzc2lvbihDRlVSTFN0 b3JhZ2VTZXNzaW9uUmVmIHNlc3Npb24pOworZXh0ZXJuICJDIiB2b2lkIF9DRk5ldHdvcmtSZXNl dEhTVFNIb3N0c1NpbmNlRGF0ZShDRlVSTFN0b3JhZ2VTZXNzaW9uUmVmIHNlc3Npb24sIENGRGF0 ZVJlZiBkYXRlKTsKICNlbmRpZgogCiAjZW5kaWYKQEAgLTU0OCw2ICs1NDksMTUgQEAgdm9pZCBX ZWJDb250ZXh0OjpyZXNldEhTVFNIb3N0cygpCiAjZW5kaWYKIH0KIAordm9pZCBXZWJDb250ZXh0 OjpyZXNldEhTVFNIb3N0c0FkZGVkQWZ0ZXJEYXRlKGRvdWJsZSB0aW1lU2luY2UxOTcwKQorewor I2lmIFBMQVRGT1JNKElPUykgfHwgX19NQUNfT1NfWF9WRVJTSU9OX01JTl9SRVFVSVJFRCA+PSAx MDkwCisgICAgTlNEYXRlICpkYXRlID0gW05TRGF0ZSBkYXRlV2l0aFRpbWVJbnRlcnZhbFNpbmNl MTk3MDp0aW1lU2luY2UxOTcwXTsKKyAgICBfQ0ZOZXR3b3JrUmVzZXRIU1RTSG9zdHNTaW5jZURh dGUobnVsbHB0ciwgKENGRGF0ZVJlZilkYXRlKTsKKyAgICBfQ0ZOZXR3b3JrUmVzZXRIU1RTSG9z dHNTaW5jZURhdGUocHJpdmF0ZUJyb3dzaW5nU2Vzc2lvbigpLCAoQ0ZEYXRlUmVmKWRhdGUpOwor I2VuZGlmCit9CisKIGludCBuZXR3b3JrUHJvY2Vzc0xhdGVuY3lRT1MoKQogewogICAgIHN0YXRp YyBpbnQgcW9zID0gW1tOU1VzZXJEZWZhdWx0cyBzdGFuZGFyZFVzZXJEZWZhdWx0c10gaW50ZWdl ckZvcktleTpAIldlYktpdE5ldHdvcmtQcm9jZXNzTGF0ZW5jeVFPUyJdOwo=